From 34c37dbdb5360305bbcc8c66fbfd5dc62be799c8 Mon Sep 17 00:00:00 2001 From: Rob Moffat Date: Tue, 9 Dec 2025 13:31:34 +0000 Subject: [PATCH 01/14] FIx for NPE #942 --- website/src/plugin/cfi-pages/index.ts | 176 +++++++------------------- 1 file changed, 47 insertions(+), 129 deletions(-) diff --git a/website/src/plugin/cfi-pages/index.ts b/website/src/plugin/cfi-pages/index.ts index 42721333..35bf6963 100644 --- a/website/src/plugin/cfi-pages/index.ts +++ b/website/src/plugin/cfi-pages/index.ts @@ -3,90 +3,6 @@ import path from 'path'; import type { LoadContext, Plugin } from '@docusaurus/types'; import { HomePageData, Configuration, ConfigurationPageData, RepositoryPageData, CFIConfigJson, TestResultItem, TestResultType, CFIRepository, ConfigurationResult, ConfigurationResultPageData, ConfigurationResultSummary } from '../../types/cfi'; -function processOCSFResults(resultPath: string): TestResultItem[] { - if (!fs.existsSync(resultPath)) { - return []; - } - - const result = fs.readFileSync(resultPath, 'utf8'); - const parsed = JSON.parse(result) as any[]; - - console.log(`πŸ“Š Processing ${parsed.length} OCSF items from ${resultPath}`); - - return parsed - .filter(item => { - // Only include items that have CCC in compliance - return item.unmapped?.compliance?.['CCC'] && - Array.isArray(item.unmapped.compliance['CCC']) && - item.unmapped.compliance['CCC'].length > 0; - }) - .map((item, index) => { - const resource = item.resources?.[0] || {}; - - const testResult: TestResultItem = { - id: `${item.finding_info?.uid || 'unknown'}-${index}`, - test_requirements: item.unmapped.compliance['CCC'], - result: item.status_code === 'PASS' ? TestResultType.PASS : - item.status_code === 'FAIL' ? TestResultType.FAIL : TestResultType.NA, - name: item.finding_info?.title || 'Unknown Finding', - message: item.message || '', - test: item.metadata?.event_code || '', - timestamp: item.finding_info?.created_time || Date.now(), - further_info_url: item.unmapped?.related_url, - resources: [resource.name || resource.uid || 'Unknown Resource'], - // OCSF-specific fields - status_code: item.status_code || 'UNKNOWN', - status_detail: item.status_detail || '', - resource_name: resource.name || resource.uid || 'Unknown Resource', - resource_type: resource.type || 'Unknown Type', - resource_uid: resource.uid, - ccc_objects: item.unmapped.compliance['CCC'], - finding_title: item.finding_info?.title || 'Unknown Finding', - finding_uid: item.finding_info?.uid || '' - }; - - return testResult; - }); -} - -function processAllOCSFResults(resultPath: string): TestResultItem[] { - if (!fs.existsSync(resultPath)) { - return []; - } - - const result = fs.readFileSync(resultPath, 'utf8'); - const parsed = JSON.parse(result) as any[]; - - console.log(`πŸ“Š Processing ALL ${parsed.length} OCSF items from ${resultPath}`); - - return parsed.map((item, index) => { - const resource = item.resources?.[0] || {}; - - const testResult: TestResultItem = { - id: `${item.finding_info?.uid || 'unknown'}-${index}`, - test_requirements: item.unmapped?.compliance?.['CCC'] || [], - result: item.status_code === 'PASS' ? TestResultType.PASS : - item.status_code === 'FAIL' ? TestResultType.FAIL : TestResultType.NA, - name: item.finding_info?.title || 'Unknown Finding', - message: item.message || '', - test: item.metadata?.event_code || '', - timestamp: item.finding_info?.created_time || Date.now(), - further_info_url: item.unmapped?.related_url, - resources: [resource.name || resource.uid || 'Unknown Resource'], - // OCSF-specific fields - status_code: item.status_code || 'UNKNOWN', - status_detail: item.status_detail || '', - resource_name: resource.name || resource.uid || 'Unknown Resource', - resource_type: resource.type || 'Unknown Type', - resource_uid: resource.uid, - ccc_objects: item.unmapped?.compliance?.['CCC'] || [], - finding_title: item.finding_info?.title || 'Unknown Finding', - finding_uid: item.finding_info?.uid || '' - }; - - return testResult; - }); -} /** * Process all OCSF results and partition them by product, vendor, and version @@ -106,52 +22,54 @@ function partitionOCSFResultsByMetadata(resultsDir: string): Map { - // Extract metadata - const product = item.metadata?.product?.name || 'Unknown Product'; - const vendor = item.metadata?.product?.vendor_name || 'Unknown Vendor'; - const version = item.metadata?.product?.version || 'Unknown Version'; - - // Create unique key for this combination - const key = `${vendor}::${product}::${version}`; - - // Initialize partition if it doesn't exist - if (!partitionMap.has(key)) { - partitionMap.set(key, { - product, - vendor, - version, - test_results: [] - }); - } - - // Convert OCSF item to TestResultItem - const resource = item.resources?.[0] || {}; - const testResult: TestResultItem = { - id: `${item.finding_info?.uid || 'unknown'}-${index}`, - test_requirements: item.unmapped?.compliance?.['CCC'] || [], - result: item.status_code === 'PASS' ? TestResultType.PASS : - item.status_code === 'FAIL' ? TestResultType.FAIL : TestResultType.NA, - name: item.finding_info?.title || 'Unknown Finding', - message: item.message || '', - test: item.metadata?.event_code || '', - timestamp: item.finding_info?.created_time || Date.now(), - further_info_url: item.unmapped?.related_url, - resources: [resource.name || resource.uid || 'Unknown Resource'], - status_code: item.status_code || 'UNKNOWN', - status_detail: item.status_detail || '', - resource_name: resource.name || resource.uid || 'Unknown Resource', - resource_type: resource.type || 'Unknown Type', - resource_uid: resource.uid, - ccc_objects: item.unmapped?.compliance?.['CCC'] || [], - finding_title: item.finding_info?.title || 'Unknown Finding', - finding_uid: item.finding_info?.uid || '' - }; + if (parsed != null) { + console.log(`πŸ“Š Partitioning ${parsed.length} OCSF items from ${resultFile}`); + + parsed.forEach((item, index) => { + // Extract metadata + const product = item.metadata?.product?.name || 'Unknown Product'; + const vendor = item.metadata?.product?.vendor_name || 'Unknown Vendor'; + const version = item.metadata?.product?.version || 'Unknown Version'; + + // Create unique key for this combination + const key = `${vendor}::${product}::${version}`; + + // Initialize partition if it doesn't exist + if (!partitionMap.has(key)) { + partitionMap.set(key, { + product, + vendor, + version, + test_results: [] + }); + } - partitionMap.get(key)!.test_results.push(testResult); - }); + // Convert OCSF item to TestResultItem + const resource = item.resources?.[0] || {}; + const testResult: TestResultItem = { + id: `${item.finding_info?.uid || 'unknown'}-${index}`, + test_requirements: item.unmapped?.compliance?.['CCC'] || [], + result: item.status_code === 'PASS' ? TestResultType.PASS : + item.status_code === 'FAIL' ? TestResultType.FAIL : TestResultType.NA, + name: item.finding_info?.title || 'Unknown Finding', + message: item.message || '', + test: item.metadata?.event_code || '', + timestamp: item.finding_info?.created_time || Date.now(), + further_info_url: item.unmapped?.related_url, + resources: [resource.name || resource.uid || 'Unknown Resource'], + status_code: item.status_code || 'UNKNOWN', + status_detail: item.status_detail || '', + resource_name: resource.name || resource.uid || 'Unknown Resource', + resource_type: resource.type || 'Unknown Type', + resource_uid: resource.uid, + ccc_objects: item.unmapped?.compliance?.['CCC'] || [], + finding_title: item.finding_info?.title || 'Unknown Finding', + finding_uid: item.finding_info?.uid || '' + }; + + partitionMap.get(key)!.test_results.push(testResult); + }); + } } return partitionMap; From 0b9efacee29f41e032a807dac393bc45c46b98a4 Mon Sep 17 00:00:00 2001 From: Rob Moffat Date: Mon, 2 Mar 2026 14:21:24 +0000 Subject: [PATCH 02/14] Work in progress improving website --- .gitignore | 2 +- catalogs/storage/object/release-details.yaml | 33 - website/.gitignore | 6 + website/scripts/DownloadCFIArtifacts.ts | 2 +- .../cfi/ConfigurationResult/index.tsx | 60 +- .../aws-bedrock/config/aws-bedrock.json | 9 - .../results/aws-bedrock-baseline.ocsf.json | 48304 ------ .../results/aws-bedrock-combined.ocsf.json | 76 - .../results/aws-bedrock-complete.ocsf.json | 50302 ------ .../results/aws-bedrock-delta.ocsf.json | 2000 - .../aws-s3-bucket/config/aws-s3-bucket.json | 1 + .../results/aws-s3-bucket-baseline.ocsf.json | 63726 -------- .../results/aws-s3-bucket-combined.ocsf.json | 21284 ++- .../results/aws-s3-bucket-complete.ocsf.json | 84675 ---------- .../results/aws-s3-bucket-delta.ocsf.json | 20951 --- .../azure-postgresql-flexibleserver.json | 9 - ...stgresql-flexibleserver-baseline.ocsf.json | 10698 -- ...stgresql-flexibleserver-complete.ocsf.json | 11649 -- ...-postgresql-flexibleserver-delta.ocsf.json | 953 - .../config/azure-virtualnetwork.json | 9 - .../azure-virtualnetwork-baseline.ocsf.json | 11649 -- .../azure-virtualnetwork-combined.ocsf.json | 1 - .../azure-virtualnetwork-complete.ocsf.json | 11972 -- .../azure-virtualnetwork-delta.ocsf.json | 325 - .../config/gcp-cloud-storage.json | 3 + .../gcp-cloud-storage-baseline.ocsf.json | 23865 --- .../gcp-cloud-storage-complete.ocsf.json | 24333 --- .../results/gcp-cloud-storage-delta.ocsf.json | 470 - .../gcp-network/config/gcp-network.json | 9 - .../results/gcp-network-baseline.ocsf.json | 23865 --- .../results/gcp-network-complete.ocsf.json | 30816 ---- .../results/gcp-network-delta.ocsf.json | 6953 - .../config/gcp-sql-database.json | 9 - .../gcp-sql-database-baseline.ocsf.json | 23865 --- .../gcp-sql-database-complete.ocsf.json | 27939 ---- .../results/gcp-sql-database-delta.ocsf.json | 4076 - .../repository.json | 6 +- .../config/secure-aws-bucket.json | 9 - .../secure-aws-bucket-baseline.ocsf.json | 115793 ------------- .../secure-aws-bucket-combined.ocsf.json | 224 - .../secure-aws-bucket-complete.ocsf.json | 126079 --------------- .../results/secure-aws-bucket-delta.ocsf.json | 10288 -- .../config/secure-azure-storage.json | 9 - .../secure-azure-storage-baseline.ocsf.json | 11972 -- .../secure-azure-storage-combined.ocsf.json | 76 - .../secure-azure-storage-complete.ocsf.json | 14774 -- .../secure-azure-storage-delta.ocsf.json | 2804 - website/src/plugin/cfi-pages/index.ts | 527 +- website/src/types/cfi.ts | 7 + 49 files changed, 21618 insertions(+), 765849 deletions(-) delete mode 100644 catalogs/storage/object/release-details.yaml delete mode 100644 website/src/data/test-results/finos-labs-ccc-cfi-compliance/aws-bedrock/config/aws-bedrock.json delete mode 100644 website/src/data/test-results/finos-labs-ccc-cfi-compliance/aws-bedrock/results/aws-bedrock-baseline.ocsf.json delete mode 100644 website/src/data/test-results/finos-labs-ccc-cfi-compliance/aws-bedrock/results/aws-bedrock-combined.ocsf.json delete mode 100644 website/src/data/test-results/finos-labs-ccc-cfi-compliance/aws-bedrock/results/aws-bedrock-complete.ocsf.json delete mode 100644 website/src/data/test-results/finos-labs-ccc-cfi-compliance/aws-bedrock/results/aws-bedrock-delta.ocsf.json delete mode 100644 website/src/data/test-results/finos-labs-ccc-cfi-compliance/aws-s3-bucket/results/aws-s3-bucket-baseline.ocsf.json delete mode 100644 website/src/data/test-results/finos-labs-ccc-cfi-compliance/aws-s3-bucket/results/aws-s3-bucket-complete.ocsf.json delete mode 100644 website/src/data/test-results/finos-labs-ccc-cfi-compliance/aws-s3-bucket/results/aws-s3-bucket-delta.ocsf.json delete mode 100644 website/src/data/test-results/finos-labs-ccc-cfi-compliance/azure-postgresql-flexibleserver/config/azure-postgresql-flexibleserver.json delete mode 100644 website/src/data/test-results/finos-labs-ccc-cfi-compliance/azure-postgresql-flexibleserver/results/azure-postgresql-flexibleserver-baseline.ocsf.json delete mode 100644 website/src/data/test-results/finos-labs-ccc-cfi-compliance/azure-postgresql-flexibleserver/results/azure-postgresql-flexibleserver-complete.ocsf.json delete mode 100644 website/src/data/test-results/finos-labs-ccc-cfi-compliance/azure-postgresql-flexibleserver/results/azure-postgresql-flexibleserver-delta.ocsf.json delete mode 100644 website/src/data/test-results/finos-labs-ccc-cfi-compliance/azure-virtualnetwork/config/azure-virtualnetwork.json delete mode 100644 website/src/data/test-results/finos-labs-ccc-cfi-compliance/azure-virtualnetwork/results/azure-virtualnetwork-baseline.ocsf.json delete mode 100644 website/src/data/test-results/finos-labs-ccc-cfi-compliance/azure-virtualnetwork/results/azure-virtualnetwork-combined.ocsf.json delete mode 100644 website/src/data/test-results/finos-labs-ccc-cfi-compliance/azure-virtualnetwork/results/azure-virtualnetwork-complete.ocsf.json delete mode 100644 website/src/data/test-results/finos-labs-ccc-cfi-compliance/azure-virtualnetwork/results/azure-virtualnetwork-delta.ocsf.json delete mode 100644 website/src/data/test-results/finos-labs-ccc-cfi-compliance/gcp-cloud-storage/results/gcp-cloud-storage-baseline.ocsf.json delete mode 100644 website/src/data/test-results/finos-labs-ccc-cfi-compliance/gcp-cloud-storage/results/gcp-cloud-storage-complete.ocsf.json delete mode 100644 website/src/data/test-results/finos-labs-ccc-cfi-compliance/gcp-cloud-storage/results/gcp-cloud-storage-delta.ocsf.json delete mode 100644 website/src/data/test-results/finos-labs-ccc-cfi-compliance/gcp-network/config/gcp-network.json delete mode 100644 website/src/data/test-results/finos-labs-ccc-cfi-compliance/gcp-network/results/gcp-network-baseline.ocsf.json delete mode 100644 website/src/data/test-results/finos-labs-ccc-cfi-compliance/gcp-network/results/gcp-network-complete.ocsf.json delete mode 100644 website/src/data/test-results/finos-labs-ccc-cfi-compliance/gcp-network/results/gcp-network-delta.ocsf.json delete mode 100644 website/src/data/test-results/finos-labs-ccc-cfi-compliance/gcp-sql-database/config/gcp-sql-database.json delete mode 100644 website/src/data/test-results/finos-labs-ccc-cfi-compliance/gcp-sql-database/results/gcp-sql-database-baseline.ocsf.json delete mode 100644 website/src/data/test-results/finos-labs-ccc-cfi-compliance/gcp-sql-database/results/gcp-sql-database-complete.ocsf.json delete mode 100644 website/src/data/test-results/finos-labs-ccc-cfi-compliance/gcp-sql-database/results/gcp-sql-database-delta.ocsf.json delete mode 100644 website/src/data/test-results/finos-labs-ccc-cfi-compliance/secure-aws-bucket/config/secure-aws-bucket.json delete mode 100644 website/src/data/test-results/finos-labs-ccc-cfi-compliance/secure-aws-bucket/results/secure-aws-bucket-baseline.ocsf.json delete mode 100644 website/src/data/test-results/finos-labs-ccc-cfi-compliance/secure-aws-bucket/results/secure-aws-bucket-combined.ocsf.json delete mode 100644 website/src/data/test-results/finos-labs-ccc-cfi-compliance/secure-aws-bucket/results/secure-aws-bucket-complete.ocsf.json delete mode 100644 website/src/data/test-results/finos-labs-ccc-cfi-compliance/secure-aws-bucket/results/secure-aws-bucket-delta.ocsf.json delete mode 100644 website/src/data/test-results/finos-labs-ccc-cfi-compliance/secure-azure-storage/config/secure-azure-storage.json delete mode 100644 website/src/data/test-results/finos-labs-ccc-cfi-compliance/secure-azure-storage/results/secure-azure-storage-baseline.ocsf.json delete mode 100644 website/src/data/test-results/finos-labs-ccc-cfi-compliance/secure-azure-storage/results/secure-azure-storage-combined.ocsf.json delete mode 100644 website/src/data/test-results/finos-labs-ccc-cfi-compliance/secure-azure-storage/results/secure-azure-storage-complete.ocsf.json delete mode 100644 website/src/data/test-results/finos-labs-ccc-cfi-compliance/secure-azure-storage/results/secure-azure-storage-delta.ocsf.json diff --git a/.gitignore b/.gitignore index bca159a7..78825810 100644 --- a/.gitignore +++ b/.gitignore @@ -4,4 +4,4 @@ build/oscal-cli .DS_Store # Delivery Tooling delivery-toolkit/artifacts -.env/ \ No newline at end of file +.env/ diff --git a/catalogs/storage/object/release-details.yaml b/catalogs/storage/object/release-details.yaml deleted file mode 100644 index 3025746c..00000000 --- a/catalogs/storage/object/release-details.yaml +++ /dev/null @@ -1,33 +0,0 @@ -- version: "2025.10" - release-manager: - name: "Eddie Knight" - github-id: "eddie-knight" - company: "Sonatype" - quote: | - This release updates Object Storage to align with CCC.Core v2025.10 - and reflects iterative improvements and clarifications based on community - feedback. - change-log: - - Aligned with CCC.Core v2025.10 framework with more imported entries - - Updated all ID formats for consistency with the core catalog - - Added CSA CCM mappings and removed other unverified mappings - - Standardized control family descriptions - contributors: - - name: Eddie Knight - github-id: eddie-knight - company: Sonatype - - name: Rob Moffat - github-id: robmoffat - company: FINOS - - name: Sonali Mendis - github-id: smendis-scottlogic - company: Scott Logic - - name: Gabriela Georgieva - github-id: gabriellavengeo - company: ControlPlane - - name: Jennifer Power - github-id: jpower432 - company: "" - - name: Michael Lysaght - github-id: mlysaght2017 - company: Citi diff --git a/website/.gitignore b/website/.gitignore index 3404a9bc..45ddf48f 100644 --- a/website/.gitignore +++ b/website/.gitignore @@ -21,3 +21,9 @@ yarn-error.log* # CCC DEV releases (should not be committed) src/data/ccc-releases/*_DEV*.yaml + +# CCC test results (should not be committed) +src/data/test-results/*/*/results/* +src/data/test-results/*/*/config/* +static/downloads/** + diff --git a/website/scripts/DownloadCFIArtifacts.ts b/website/scripts/DownloadCFIArtifacts.ts index e5b2e06b..789ca15c 100644 --- a/website/scripts/DownloadCFIArtifacts.ts +++ b/website/scripts/DownloadCFIArtifacts.ts @@ -56,7 +56,7 @@ async function getLatestWorkflowRun(owner: string, repo: string): Promise( - `${GITHUB_API}/repos/${owner}/${repo}/actions/runs?workflow_id=cfi-build.yml&per_page=1`, + `${GITHUB_API}/repos/${owner}/${repo}/actions/runs?workflow_id=cfi-test.yml&per_page=1`, { headers } ); diff --git a/website/src/components/cfi/ConfigurationResult/index.tsx b/website/src/components/cfi/ConfigurationResult/index.tsx index 1527d67f..6d4707c8 100644 --- a/website/src/components/cfi/ConfigurationResult/index.tsx +++ b/website/src/components/cfi/ConfigurationResult/index.tsx @@ -3,7 +3,7 @@ import Layout from "@theme/Layout"; import Link from "@docusaurus/Link"; import { Card, CardContent, CardHeader, CardTitle } from "../../ui/card"; import { Table, TableBody, TableCell, TableHead, TableHeader, TableRow } from "../../ui/table"; -import { ConfigurationResultPageData, ControlCatalogSummary, ResourceSummary, TestResultItem, TestSummary, TestMappingSummary, TestMappingDetail } from "@site/src/types/cfi"; +import { ConfigurationResultPageData, ControlCatalogSummary, ResourceSummary, TestResultItem, TestSummary, TestMappingSummary, TestMappingDetail, DownloadLink } from "@site/src/types/cfi"; import { useCCCData, findAssessmentRequirements, getControlUrl } from "@site/src/utils/cccDataLookup"; // Helper function to extract catalog ID from test requirement @@ -333,6 +333,14 @@ export default function CFIConfigurationResult({ pageData }: { pageData: Configu // Generate test mapping summary data const testMappingSummary = testResultsWithCCC.length > 0 ? generateTestMappingSummary(testResultsWithCCC) : []; + // Group download links by base name (e.g., "results.ocsf.json" and "results.html" as "results") + const groupedDownloadLinks = (configurationResult.download_links || []).reduce((acc, link) => { + const baseName = link.name.replace('.ocsf.json', '').replace('.html', ''); + if (!acc[baseName]) acc[baseName] = []; + acc[baseName].push(link); + return acc; + }, {} as Record); + return (
@@ -369,8 +377,54 @@ export default function CFIConfigurationResult({ pageData }: { pageData: Configu - - {/* Test Summary */} + + {/* Download Raw Results */} + {configurationResult.download_links && configurationResult.download_links.length > 0 && ( + + + Download Raw Results +

Download the original OCSF or HTML result files used to generate this page

+ + + + + + File Name + Format + Action + + + + {Object.entries(groupedDownloadLinks).map(([baseName, links], index) => ( + + {baseName} + +
+ {links.map((link, linkIndex) => ( + + {link.type.toUpperCase()} + + ))} +
+ + +
+ {links.map((link, linkIndex) => ( + + Download {link.type.toUpperCase()} + + ))} +
+ + + ))} + +
+ + + )} + + {/* Test Summary */} Test Summary diff --git a/website/src/data/test-results/finos-labs-ccc-cfi-compliance/aws-bedrock/config/aws-bedrock.json b/website/src/data/test-results/finos-labs-ccc-cfi-compliance/aws-bedrock/config/aws-bedrock.json deleted file mode 100644 index 2f0a0349..00000000 --- a/website/src/data/test-results/finos-labs-ccc-cfi-compliance/aws-bedrock/config/aws-bedrock.json +++ /dev/null @@ -1,9 +0,0 @@ -{ - "id": "aws-bedrock", - "provider": "aws", - "service": "ai", - "name": "CCC AWS Bedrock Terraform Module", - "description": "This module creates secure AWS Bedrock resources with foundation models, inference endpoints, and advanced AI capabilities.", - "path": "remote/aws/bedrock", - "git": "https://github.com/aws-ia/terraform-aws-bedrock" -} \ No newline at end of file diff --git a/website/src/data/test-results/finos-labs-ccc-cfi-compliance/aws-bedrock/results/aws-bedrock-baseline.ocsf.json b/website/src/data/test-results/finos-labs-ccc-cfi-compliance/aws-bedrock/results/aws-bedrock-baseline.ocsf.json deleted file mode 100644 index 4a30254c..00000000 --- a/website/src/data/test-results/finos-labs-ccc-cfi-compliance/aws-bedrock/results/aws-bedrock-baseline.ocsf.json +++ /dev/null @@ -1,48304 +0,0 @@ -[ - { - "message": "IAM Access Analyzer in account 211203495394 is not enabled.", - "metadata": { - "event_code": "accessanalyzer_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "IAM Access Analyzer in account 211203495394 is not enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "identity-access", - "trust-boundaries" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-manage-external.html", - "https://aws.amazon.com/iam/access-analyzer/", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/API_CreateAnalyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-external.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/Welcome.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-internal.html" - ], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-01.04B", - "IAM-06.01AC", - "IAM-10.01B", - "IAM-10.02B", - "INQ-04.01AC", - "PSS-08.03B", - "PSS-09.01AC" - ], - "CIS-3.0": [ - "1.20" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.20" - ], - "CIS-5.0": [ - "1.19" - ], - "CIS-1.4": [ - "1.20" - ], - "CCC": [ - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN05.AR04" - ], - "ProwlerThreatScore-1.0": [ - "1.2.6" - ], - "CIS-1.5": [ - "1.20" - ], - "ISO27001-2022": [ - "A.8.3" - ], - "AWS-Account-Security-Onboarding": [ - "Enabled security services", - "Create analyzers in each active regions", - "Verify that events are present in SecurityHub aggregated view" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-2.0": [ - "1.20" - ], - "NIS2": [ - "3.2.3.e", - "11.1.1", - "11.2.1", - "11.2.2.e" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "**IAM Access Analyzer** presence and status are evaluated per account and Region. An analyzer in `ACTIVE` state indicates continuous analysis of supported resources and IAM activity to identify external, internal, and unused access.", - "title": "IAM Access Analyzer is enabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices" - ], - "uid": "prowler-aws-accessanalyzer_enabled-211203495394-ap-northeast-1-analyzer/unknown" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-northeast-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:accessanalyzer:ap-northeast-1:211203495394:analyzer/unknown", - "name": "analyzer/unknown", - "status": "NOT_AVAILABLE", - "findings": [], - "tags": [], - "type": "", - "region": "ap-northeast-1" - } - }, - "group": { - "name": "accessanalyzer" - }, - "labels": [], - "name": "analyzer/unknown", - "type": "Other", - "uid": "arn:aws:accessanalyzer:ap-northeast-1:211203495394:analyzer/unknown" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-northeast-1" - }, - "remediation": { - "desc": "Enable **IAM Access Analyzer** across all accounts and active Regions (*or organization-wide*). Operate on least privilege: continuously review findings, remove unintended access, and trim unused permissions. Use archive rules sparingly, integrate reviews into change/CI/CD workflows, and enforce separation of duties on policy changes.", - "references": [ - "https://hub.prowler.com/check/accessanalyzer_enabled" - ] - }, - "risk_details": "Without an active analyzer, visibility into unintended public, cross-account, or risky internal access is lost. Adversaries can exploit exposed S3, snapshots, KMS keys, or permissive role trusts for data exfiltration and escalation. Unused permissions persist, enlarging the attack surface. This degrades confidentiality and integrity.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "IAM Access Analyzer in account 211203495394 is not enabled.", - "metadata": { - "event_code": "accessanalyzer_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "IAM Access Analyzer in account 211203495394 is not enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "identity-access", - "trust-boundaries" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-manage-external.html", - "https://aws.amazon.com/iam/access-analyzer/", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/API_CreateAnalyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-external.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/Welcome.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-internal.html" - ], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-01.04B", - "IAM-06.01AC", - "IAM-10.01B", - "IAM-10.02B", - "INQ-04.01AC", - "PSS-08.03B", - "PSS-09.01AC" - ], - "CIS-3.0": [ - "1.20" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.20" - ], - "CIS-5.0": [ - "1.19" - ], - "CIS-1.4": [ - "1.20" - ], - "CCC": [ - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN05.AR04" - ], - "ProwlerThreatScore-1.0": [ - "1.2.6" - ], - "CIS-1.5": [ - "1.20" - ], - "ISO27001-2022": [ - "A.8.3" - ], - "AWS-Account-Security-Onboarding": [ - "Enabled security services", - "Create analyzers in each active regions", - "Verify that events are present in SecurityHub aggregated view" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-2.0": [ - "1.20" - ], - "NIS2": [ - "3.2.3.e", - "11.1.1", - "11.2.1", - "11.2.2.e" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "**IAM Access Analyzer** presence and status are evaluated per account and Region. An analyzer in `ACTIVE` state indicates continuous analysis of supported resources and IAM activity to identify external, internal, and unused access.", - "title": "IAM Access Analyzer is enabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices" - ], - "uid": "prowler-aws-accessanalyzer_enabled-211203495394-ap-northeast-2-analyzer/unknown" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-northeast-2", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:accessanalyzer:ap-northeast-2:211203495394:analyzer/unknown", - "name": "analyzer/unknown", - "status": "NOT_AVAILABLE", - "findings": [], - "tags": [], - "type": "", - "region": "ap-northeast-2" - } - }, - "group": { - "name": "accessanalyzer" - }, - "labels": [], - "name": "analyzer/unknown", - "type": "Other", - "uid": "arn:aws:accessanalyzer:ap-northeast-2:211203495394:analyzer/unknown" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-northeast-2" - }, - "remediation": { - "desc": "Enable **IAM Access Analyzer** across all accounts and active Regions (*or organization-wide*). Operate on least privilege: continuously review findings, remove unintended access, and trim unused permissions. Use archive rules sparingly, integrate reviews into change/CI/CD workflows, and enforce separation of duties on policy changes.", - "references": [ - "https://hub.prowler.com/check/accessanalyzer_enabled" - ] - }, - "risk_details": "Without an active analyzer, visibility into unintended public, cross-account, or risky internal access is lost. Adversaries can exploit exposed S3, snapshots, KMS keys, or permissive role trusts for data exfiltration and escalation. Unused permissions persist, enlarging the attack surface. This degrades confidentiality and integrity.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "IAM Access Analyzer in account 211203495394 is not enabled.", - "metadata": { - "event_code": "accessanalyzer_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "IAM Access Analyzer in account 211203495394 is not enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "identity-access", - "trust-boundaries" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-manage-external.html", - "https://aws.amazon.com/iam/access-analyzer/", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/API_CreateAnalyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-external.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/Welcome.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-internal.html" - ], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-01.04B", - "IAM-06.01AC", - "IAM-10.01B", - "IAM-10.02B", - "INQ-04.01AC", - "PSS-08.03B", - "PSS-09.01AC" - ], - "CIS-3.0": [ - "1.20" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.20" - ], - "CIS-5.0": [ - "1.19" - ], - "CIS-1.4": [ - "1.20" - ], - "CCC": [ - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN05.AR04" - ], - "ProwlerThreatScore-1.0": [ - "1.2.6" - ], - "CIS-1.5": [ - "1.20" - ], - "ISO27001-2022": [ - "A.8.3" - ], - "AWS-Account-Security-Onboarding": [ - "Enabled security services", - "Create analyzers in each active regions", - "Verify that events are present in SecurityHub aggregated view" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-2.0": [ - "1.20" - ], - "NIS2": [ - "3.2.3.e", - "11.1.1", - "11.2.1", - "11.2.2.e" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "**IAM Access Analyzer** presence and status are evaluated per account and Region. An analyzer in `ACTIVE` state indicates continuous analysis of supported resources and IAM activity to identify external, internal, and unused access.", - "title": "IAM Access Analyzer is enabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices" - ], - "uid": "prowler-aws-accessanalyzer_enabled-211203495394-ap-northeast-3-analyzer/unknown" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-northeast-3", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:accessanalyzer:ap-northeast-3:211203495394:analyzer/unknown", - "name": "analyzer/unknown", - "status": "NOT_AVAILABLE", - "findings": [], - "tags": [], - "type": "", - "region": "ap-northeast-3" - } - }, - "group": { - "name": "accessanalyzer" - }, - "labels": [], - "name": "analyzer/unknown", - "type": "Other", - "uid": "arn:aws:accessanalyzer:ap-northeast-3:211203495394:analyzer/unknown" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-northeast-3" - }, - "remediation": { - "desc": "Enable **IAM Access Analyzer** across all accounts and active Regions (*or organization-wide*). Operate on least privilege: continuously review findings, remove unintended access, and trim unused permissions. Use archive rules sparingly, integrate reviews into change/CI/CD workflows, and enforce separation of duties on policy changes.", - "references": [ - "https://hub.prowler.com/check/accessanalyzer_enabled" - ] - }, - "risk_details": "Without an active analyzer, visibility into unintended public, cross-account, or risky internal access is lost. Adversaries can exploit exposed S3, snapshots, KMS keys, or permissive role trusts for data exfiltration and escalation. Unused permissions persist, enlarging the attack surface. This degrades confidentiality and integrity.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "IAM Access Analyzer in account 211203495394 is not enabled.", - "metadata": { - "event_code": "accessanalyzer_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "IAM Access Analyzer in account 211203495394 is not enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "identity-access", - "trust-boundaries" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-manage-external.html", - "https://aws.amazon.com/iam/access-analyzer/", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/API_CreateAnalyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-external.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/Welcome.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-internal.html" - ], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-01.04B", - "IAM-06.01AC", - "IAM-10.01B", - "IAM-10.02B", - "INQ-04.01AC", - "PSS-08.03B", - "PSS-09.01AC" - ], - "CIS-3.0": [ - "1.20" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.20" - ], - "CIS-5.0": [ - "1.19" - ], - "CIS-1.4": [ - "1.20" - ], - "CCC": [ - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN05.AR04" - ], - "ProwlerThreatScore-1.0": [ - "1.2.6" - ], - "CIS-1.5": [ - "1.20" - ], - "ISO27001-2022": [ - "A.8.3" - ], - "AWS-Account-Security-Onboarding": [ - "Enabled security services", - "Create analyzers in each active regions", - "Verify that events are present in SecurityHub aggregated view" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-2.0": [ - "1.20" - ], - "NIS2": [ - "3.2.3.e", - "11.1.1", - "11.2.1", - "11.2.2.e" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "**IAM Access Analyzer** presence and status are evaluated per account and Region. An analyzer in `ACTIVE` state indicates continuous analysis of supported resources and IAM activity to identify external, internal, and unused access.", - "title": "IAM Access Analyzer is enabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices" - ], - "uid": "prowler-aws-accessanalyzer_enabled-211203495394-ap-south-1-analyzer/unknown" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-south-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:accessanalyzer:ap-south-1:211203495394:analyzer/unknown", - "name": "analyzer/unknown", - "status": "NOT_AVAILABLE", - "findings": [], - "tags": [], - "type": "", - "region": "ap-south-1" - } - }, - "group": { - "name": "accessanalyzer" - }, - "labels": [], - "name": "analyzer/unknown", - "type": "Other", - "uid": "arn:aws:accessanalyzer:ap-south-1:211203495394:analyzer/unknown" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-south-1" - }, - "remediation": { - "desc": "Enable **IAM Access Analyzer** across all accounts and active Regions (*or organization-wide*). Operate on least privilege: continuously review findings, remove unintended access, and trim unused permissions. Use archive rules sparingly, integrate reviews into change/CI/CD workflows, and enforce separation of duties on policy changes.", - "references": [ - "https://hub.prowler.com/check/accessanalyzer_enabled" - ] - }, - "risk_details": "Without an active analyzer, visibility into unintended public, cross-account, or risky internal access is lost. Adversaries can exploit exposed S3, snapshots, KMS keys, or permissive role trusts for data exfiltration and escalation. Unused permissions persist, enlarging the attack surface. This degrades confidentiality and integrity.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "IAM Access Analyzer in account 211203495394 is not enabled.", - "metadata": { - "event_code": "accessanalyzer_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "IAM Access Analyzer in account 211203495394 is not enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "identity-access", - "trust-boundaries" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-manage-external.html", - "https://aws.amazon.com/iam/access-analyzer/", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/API_CreateAnalyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-external.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/Welcome.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-internal.html" - ], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-01.04B", - "IAM-06.01AC", - "IAM-10.01B", - "IAM-10.02B", - "INQ-04.01AC", - "PSS-08.03B", - "PSS-09.01AC" - ], - "CIS-3.0": [ - "1.20" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.20" - ], - "CIS-5.0": [ - "1.19" - ], - "CIS-1.4": [ - "1.20" - ], - "CCC": [ - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN05.AR04" - ], - "ProwlerThreatScore-1.0": [ - "1.2.6" - ], - "CIS-1.5": [ - "1.20" - ], - "ISO27001-2022": [ - "A.8.3" - ], - "AWS-Account-Security-Onboarding": [ - "Enabled security services", - "Create analyzers in each active regions", - "Verify that events are present in SecurityHub aggregated view" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-2.0": [ - "1.20" - ], - "NIS2": [ - "3.2.3.e", - "11.1.1", - "11.2.1", - "11.2.2.e" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "**IAM Access Analyzer** presence and status are evaluated per account and Region. An analyzer in `ACTIVE` state indicates continuous analysis of supported resources and IAM activity to identify external, internal, and unused access.", - "title": "IAM Access Analyzer is enabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices" - ], - "uid": "prowler-aws-accessanalyzer_enabled-211203495394-ap-southeast-1-analyzer/unknown" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-southeast-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:accessanalyzer:ap-southeast-1:211203495394:analyzer/unknown", - "name": "analyzer/unknown", - "status": "NOT_AVAILABLE", - "findings": [], - "tags": [], - "type": "", - "region": "ap-southeast-1" - } - }, - "group": { - "name": "accessanalyzer" - }, - "labels": [], - "name": "analyzer/unknown", - "type": "Other", - "uid": "arn:aws:accessanalyzer:ap-southeast-1:211203495394:analyzer/unknown" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-southeast-1" - }, - "remediation": { - "desc": "Enable **IAM Access Analyzer** across all accounts and active Regions (*or organization-wide*). Operate on least privilege: continuously review findings, remove unintended access, and trim unused permissions. Use archive rules sparingly, integrate reviews into change/CI/CD workflows, and enforce separation of duties on policy changes.", - "references": [ - "https://hub.prowler.com/check/accessanalyzer_enabled" - ] - }, - "risk_details": "Without an active analyzer, visibility into unintended public, cross-account, or risky internal access is lost. Adversaries can exploit exposed S3, snapshots, KMS keys, or permissive role trusts for data exfiltration and escalation. Unused permissions persist, enlarging the attack surface. This degrades confidentiality and integrity.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "IAM Access Analyzer in account 211203495394 is not enabled.", - "metadata": { - "event_code": "accessanalyzer_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "IAM Access Analyzer in account 211203495394 is not enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "identity-access", - "trust-boundaries" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-manage-external.html", - "https://aws.amazon.com/iam/access-analyzer/", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/API_CreateAnalyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-external.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/Welcome.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-internal.html" - ], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-01.04B", - "IAM-06.01AC", - "IAM-10.01B", - "IAM-10.02B", - "INQ-04.01AC", - "PSS-08.03B", - "PSS-09.01AC" - ], - "CIS-3.0": [ - "1.20" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.20" - ], - "CIS-5.0": [ - "1.19" - ], - "CIS-1.4": [ - "1.20" - ], - "CCC": [ - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN05.AR04" - ], - "ProwlerThreatScore-1.0": [ - "1.2.6" - ], - "CIS-1.5": [ - "1.20" - ], - "ISO27001-2022": [ - "A.8.3" - ], - "AWS-Account-Security-Onboarding": [ - "Enabled security services", - "Create analyzers in each active regions", - "Verify that events are present in SecurityHub aggregated view" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-2.0": [ - "1.20" - ], - "NIS2": [ - "3.2.3.e", - "11.1.1", - "11.2.1", - "11.2.2.e" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "**IAM Access Analyzer** presence and status are evaluated per account and Region. An analyzer in `ACTIVE` state indicates continuous analysis of supported resources and IAM activity to identify external, internal, and unused access.", - "title": "IAM Access Analyzer is enabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices" - ], - "uid": "prowler-aws-accessanalyzer_enabled-211203495394-ap-southeast-2-analyzer/unknown" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-southeast-2", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:accessanalyzer:ap-southeast-2:211203495394:analyzer/unknown", - "name": "analyzer/unknown", - "status": "NOT_AVAILABLE", - "findings": [], - "tags": [], - "type": "", - "region": "ap-southeast-2" - } - }, - "group": { - "name": "accessanalyzer" - }, - "labels": [], - "name": "analyzer/unknown", - "type": "Other", - "uid": "arn:aws:accessanalyzer:ap-southeast-2:211203495394:analyzer/unknown" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-southeast-2" - }, - "remediation": { - "desc": "Enable **IAM Access Analyzer** across all accounts and active Regions (*or organization-wide*). Operate on least privilege: continuously review findings, remove unintended access, and trim unused permissions. Use archive rules sparingly, integrate reviews into change/CI/CD workflows, and enforce separation of duties on policy changes.", - "references": [ - "https://hub.prowler.com/check/accessanalyzer_enabled" - ] - }, - "risk_details": "Without an active analyzer, visibility into unintended public, cross-account, or risky internal access is lost. Adversaries can exploit exposed S3, snapshots, KMS keys, or permissive role trusts for data exfiltration and escalation. Unused permissions persist, enlarging the attack surface. This degrades confidentiality and integrity.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "IAM Access Analyzer in account 211203495394 is not enabled.", - "metadata": { - "event_code": "accessanalyzer_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "IAM Access Analyzer in account 211203495394 is not enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "identity-access", - "trust-boundaries" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-manage-external.html", - "https://aws.amazon.com/iam/access-analyzer/", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/API_CreateAnalyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-external.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/Welcome.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-internal.html" - ], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-01.04B", - "IAM-06.01AC", - "IAM-10.01B", - "IAM-10.02B", - "INQ-04.01AC", - "PSS-08.03B", - "PSS-09.01AC" - ], - "CIS-3.0": [ - "1.20" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.20" - ], - "CIS-5.0": [ - "1.19" - ], - "CIS-1.4": [ - "1.20" - ], - "CCC": [ - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN05.AR04" - ], - "ProwlerThreatScore-1.0": [ - "1.2.6" - ], - "CIS-1.5": [ - "1.20" - ], - "ISO27001-2022": [ - "A.8.3" - ], - "AWS-Account-Security-Onboarding": [ - "Enabled security services", - "Create analyzers in each active regions", - "Verify that events are present in SecurityHub aggregated view" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-2.0": [ - "1.20" - ], - "NIS2": [ - "3.2.3.e", - "11.1.1", - "11.2.1", - "11.2.2.e" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "**IAM Access Analyzer** presence and status are evaluated per account and Region. An analyzer in `ACTIVE` state indicates continuous analysis of supported resources and IAM activity to identify external, internal, and unused access.", - "title": "IAM Access Analyzer is enabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices" - ], - "uid": "prowler-aws-accessanalyzer_enabled-211203495394-ca-central-1-analyzer/unknown" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ca-central-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:accessanalyzer:ca-central-1:211203495394:analyzer/unknown", - "name": "analyzer/unknown", - "status": "NOT_AVAILABLE", - "findings": [], - "tags": [], - "type": "", - "region": "ca-central-1" - } - }, - "group": { - "name": "accessanalyzer" - }, - "labels": [], - "name": "analyzer/unknown", - "type": "Other", - "uid": "arn:aws:accessanalyzer:ca-central-1:211203495394:analyzer/unknown" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ca-central-1" - }, - "remediation": { - "desc": "Enable **IAM Access Analyzer** across all accounts and active Regions (*or organization-wide*). Operate on least privilege: continuously review findings, remove unintended access, and trim unused permissions. Use archive rules sparingly, integrate reviews into change/CI/CD workflows, and enforce separation of duties on policy changes.", - "references": [ - "https://hub.prowler.com/check/accessanalyzer_enabled" - ] - }, - "risk_details": "Without an active analyzer, visibility into unintended public, cross-account, or risky internal access is lost. Adversaries can exploit exposed S3, snapshots, KMS keys, or permissive role trusts for data exfiltration and escalation. Unused permissions persist, enlarging the attack surface. This degrades confidentiality and integrity.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "IAM Access Analyzer in account 211203495394 is not enabled.", - "metadata": { - "event_code": "accessanalyzer_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "IAM Access Analyzer in account 211203495394 is not enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "identity-access", - "trust-boundaries" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-manage-external.html", - "https://aws.amazon.com/iam/access-analyzer/", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/API_CreateAnalyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-external.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/Welcome.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-internal.html" - ], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-01.04B", - "IAM-06.01AC", - "IAM-10.01B", - "IAM-10.02B", - "INQ-04.01AC", - "PSS-08.03B", - "PSS-09.01AC" - ], - "CIS-3.0": [ - "1.20" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.20" - ], - "CIS-5.0": [ - "1.19" - ], - "CIS-1.4": [ - "1.20" - ], - "CCC": [ - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN05.AR04" - ], - "ProwlerThreatScore-1.0": [ - "1.2.6" - ], - "CIS-1.5": [ - "1.20" - ], - "ISO27001-2022": [ - "A.8.3" - ], - "AWS-Account-Security-Onboarding": [ - "Enabled security services", - "Create analyzers in each active regions", - "Verify that events are present in SecurityHub aggregated view" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-2.0": [ - "1.20" - ], - "NIS2": [ - "3.2.3.e", - "11.1.1", - "11.2.1", - "11.2.2.e" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "**IAM Access Analyzer** presence and status are evaluated per account and Region. An analyzer in `ACTIVE` state indicates continuous analysis of supported resources and IAM activity to identify external, internal, and unused access.", - "title": "IAM Access Analyzer is enabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices" - ], - "uid": "prowler-aws-accessanalyzer_enabled-211203495394-eu-central-1-analyzer/unknown" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-central-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:accessanalyzer:eu-central-1:211203495394:analyzer/unknown", - "name": "analyzer/unknown", - "status": "NOT_AVAILABLE", - "findings": [], - "tags": [], - "type": "", - "region": "eu-central-1" - } - }, - "group": { - "name": "accessanalyzer" - }, - "labels": [], - "name": "analyzer/unknown", - "type": "Other", - "uid": "arn:aws:accessanalyzer:eu-central-1:211203495394:analyzer/unknown" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-central-1" - }, - "remediation": { - "desc": "Enable **IAM Access Analyzer** across all accounts and active Regions (*or organization-wide*). Operate on least privilege: continuously review findings, remove unintended access, and trim unused permissions. Use archive rules sparingly, integrate reviews into change/CI/CD workflows, and enforce separation of duties on policy changes.", - "references": [ - "https://hub.prowler.com/check/accessanalyzer_enabled" - ] - }, - "risk_details": "Without an active analyzer, visibility into unintended public, cross-account, or risky internal access is lost. Adversaries can exploit exposed S3, snapshots, KMS keys, or permissive role trusts for data exfiltration and escalation. Unused permissions persist, enlarging the attack surface. This degrades confidentiality and integrity.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "IAM Access Analyzer in account 211203495394 is not enabled.", - "metadata": { - "event_code": "accessanalyzer_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "IAM Access Analyzer in account 211203495394 is not enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "identity-access", - "trust-boundaries" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-manage-external.html", - "https://aws.amazon.com/iam/access-analyzer/", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/API_CreateAnalyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-external.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/Welcome.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-internal.html" - ], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-01.04B", - "IAM-06.01AC", - "IAM-10.01B", - "IAM-10.02B", - "INQ-04.01AC", - "PSS-08.03B", - "PSS-09.01AC" - ], - "CIS-3.0": [ - "1.20" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.20" - ], - "CIS-5.0": [ - "1.19" - ], - "CIS-1.4": [ - "1.20" - ], - "CCC": [ - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN05.AR04" - ], - "ProwlerThreatScore-1.0": [ - "1.2.6" - ], - "CIS-1.5": [ - "1.20" - ], - "ISO27001-2022": [ - "A.8.3" - ], - "AWS-Account-Security-Onboarding": [ - "Enabled security services", - "Create analyzers in each active regions", - "Verify that events are present in SecurityHub aggregated view" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-2.0": [ - "1.20" - ], - "NIS2": [ - "3.2.3.e", - "11.1.1", - "11.2.1", - "11.2.2.e" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "**IAM Access Analyzer** presence and status are evaluated per account and Region. An analyzer in `ACTIVE` state indicates continuous analysis of supported resources and IAM activity to identify external, internal, and unused access.", - "title": "IAM Access Analyzer is enabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices" - ], - "uid": "prowler-aws-accessanalyzer_enabled-211203495394-eu-north-1-analyzer/unknown" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-north-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:accessanalyzer:eu-north-1:211203495394:analyzer/unknown", - "name": "analyzer/unknown", - "status": "NOT_AVAILABLE", - "findings": [], - "tags": [], - "type": "", - "region": "eu-north-1" - } - }, - "group": { - "name": "accessanalyzer" - }, - "labels": [], - "name": "analyzer/unknown", - "type": "Other", - "uid": "arn:aws:accessanalyzer:eu-north-1:211203495394:analyzer/unknown" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-north-1" - }, - "remediation": { - "desc": "Enable **IAM Access Analyzer** across all accounts and active Regions (*or organization-wide*). Operate on least privilege: continuously review findings, remove unintended access, and trim unused permissions. Use archive rules sparingly, integrate reviews into change/CI/CD workflows, and enforce separation of duties on policy changes.", - "references": [ - "https://hub.prowler.com/check/accessanalyzer_enabled" - ] - }, - "risk_details": "Without an active analyzer, visibility into unintended public, cross-account, or risky internal access is lost. Adversaries can exploit exposed S3, snapshots, KMS keys, or permissive role trusts for data exfiltration and escalation. Unused permissions persist, enlarging the attack surface. This degrades confidentiality and integrity.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "IAM Access Analyzer in account 211203495394 is not enabled.", - "metadata": { - "event_code": "accessanalyzer_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "IAM Access Analyzer in account 211203495394 is not enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "identity-access", - "trust-boundaries" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-manage-external.html", - "https://aws.amazon.com/iam/access-analyzer/", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/API_CreateAnalyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-external.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/Welcome.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-internal.html" - ], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-01.04B", - "IAM-06.01AC", - "IAM-10.01B", - "IAM-10.02B", - "INQ-04.01AC", - "PSS-08.03B", - "PSS-09.01AC" - ], - "CIS-3.0": [ - "1.20" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.20" - ], - "CIS-5.0": [ - "1.19" - ], - "CIS-1.4": [ - "1.20" - ], - "CCC": [ - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN05.AR04" - ], - "ProwlerThreatScore-1.0": [ - "1.2.6" - ], - "CIS-1.5": [ - "1.20" - ], - "ISO27001-2022": [ - "A.8.3" - ], - "AWS-Account-Security-Onboarding": [ - "Enabled security services", - "Create analyzers in each active regions", - "Verify that events are present in SecurityHub aggregated view" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-2.0": [ - "1.20" - ], - "NIS2": [ - "3.2.3.e", - "11.1.1", - "11.2.1", - "11.2.2.e" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "**IAM Access Analyzer** presence and status are evaluated per account and Region. An analyzer in `ACTIVE` state indicates continuous analysis of supported resources and IAM activity to identify external, internal, and unused access.", - "title": "IAM Access Analyzer is enabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices" - ], - "uid": "prowler-aws-accessanalyzer_enabled-211203495394-eu-west-1-analyzer/unknown" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:accessanalyzer:eu-west-1:211203495394:analyzer/unknown", - "name": "analyzer/unknown", - "status": "NOT_AVAILABLE", - "findings": [], - "tags": [], - "type": "", - "region": "eu-west-1" - } - }, - "group": { - "name": "accessanalyzer" - }, - "labels": [], - "name": "analyzer/unknown", - "type": "Other", - "uid": "arn:aws:accessanalyzer:eu-west-1:211203495394:analyzer/unknown" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Enable **IAM Access Analyzer** across all accounts and active Regions (*or organization-wide*). Operate on least privilege: continuously review findings, remove unintended access, and trim unused permissions. Use archive rules sparingly, integrate reviews into change/CI/CD workflows, and enforce separation of duties on policy changes.", - "references": [ - "https://hub.prowler.com/check/accessanalyzer_enabled" - ] - }, - "risk_details": "Without an active analyzer, visibility into unintended public, cross-account, or risky internal access is lost. Adversaries can exploit exposed S3, snapshots, KMS keys, or permissive role trusts for data exfiltration and escalation. Unused permissions persist, enlarging the attack surface. This degrades confidentiality and integrity.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "IAM Access Analyzer in account 211203495394 is not enabled.", - "metadata": { - "event_code": "accessanalyzer_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "IAM Access Analyzer in account 211203495394 is not enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "identity-access", - "trust-boundaries" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-manage-external.html", - "https://aws.amazon.com/iam/access-analyzer/", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/API_CreateAnalyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-external.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/Welcome.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-internal.html" - ], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-01.04B", - "IAM-06.01AC", - "IAM-10.01B", - "IAM-10.02B", - "INQ-04.01AC", - "PSS-08.03B", - "PSS-09.01AC" - ], - "CIS-3.0": [ - "1.20" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.20" - ], - "CIS-5.0": [ - "1.19" - ], - "CIS-1.4": [ - "1.20" - ], - "CCC": [ - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN05.AR04" - ], - "ProwlerThreatScore-1.0": [ - "1.2.6" - ], - "CIS-1.5": [ - "1.20" - ], - "ISO27001-2022": [ - "A.8.3" - ], - "AWS-Account-Security-Onboarding": [ - "Enabled security services", - "Create analyzers in each active regions", - "Verify that events are present in SecurityHub aggregated view" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-2.0": [ - "1.20" - ], - "NIS2": [ - "3.2.3.e", - "11.1.1", - "11.2.1", - "11.2.2.e" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "**IAM Access Analyzer** presence and status are evaluated per account and Region. An analyzer in `ACTIVE` state indicates continuous analysis of supported resources and IAM activity to identify external, internal, and unused access.", - "title": "IAM Access Analyzer is enabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices" - ], - "uid": "prowler-aws-accessanalyzer_enabled-211203495394-eu-west-2-analyzer/unknown" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-2", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:accessanalyzer:eu-west-2:211203495394:analyzer/unknown", - "name": "analyzer/unknown", - "status": "NOT_AVAILABLE", - "findings": [], - "tags": [], - "type": "", - "region": "eu-west-2" - } - }, - "group": { - "name": "accessanalyzer" - }, - "labels": [], - "name": "analyzer/unknown", - "type": "Other", - "uid": "arn:aws:accessanalyzer:eu-west-2:211203495394:analyzer/unknown" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-2" - }, - "remediation": { - "desc": "Enable **IAM Access Analyzer** across all accounts and active Regions (*or organization-wide*). Operate on least privilege: continuously review findings, remove unintended access, and trim unused permissions. Use archive rules sparingly, integrate reviews into change/CI/CD workflows, and enforce separation of duties on policy changes.", - "references": [ - "https://hub.prowler.com/check/accessanalyzer_enabled" - ] - }, - "risk_details": "Without an active analyzer, visibility into unintended public, cross-account, or risky internal access is lost. Adversaries can exploit exposed S3, snapshots, KMS keys, or permissive role trusts for data exfiltration and escalation. Unused permissions persist, enlarging the attack surface. This degrades confidentiality and integrity.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "IAM Access Analyzer in account 211203495394 is not enabled.", - "metadata": { - "event_code": "accessanalyzer_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "IAM Access Analyzer in account 211203495394 is not enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "identity-access", - "trust-boundaries" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-manage-external.html", - "https://aws.amazon.com/iam/access-analyzer/", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/API_CreateAnalyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-external.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/Welcome.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-internal.html" - ], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-01.04B", - "IAM-06.01AC", - "IAM-10.01B", - "IAM-10.02B", - "INQ-04.01AC", - "PSS-08.03B", - "PSS-09.01AC" - ], - "CIS-3.0": [ - "1.20" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.20" - ], - "CIS-5.0": [ - "1.19" - ], - "CIS-1.4": [ - "1.20" - ], - "CCC": [ - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN05.AR04" - ], - "ProwlerThreatScore-1.0": [ - "1.2.6" - ], - "CIS-1.5": [ - "1.20" - ], - "ISO27001-2022": [ - "A.8.3" - ], - "AWS-Account-Security-Onboarding": [ - "Enabled security services", - "Create analyzers in each active regions", - "Verify that events are present in SecurityHub aggregated view" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-2.0": [ - "1.20" - ], - "NIS2": [ - "3.2.3.e", - "11.1.1", - "11.2.1", - "11.2.2.e" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "**IAM Access Analyzer** presence and status are evaluated per account and Region. An analyzer in `ACTIVE` state indicates continuous analysis of supported resources and IAM activity to identify external, internal, and unused access.", - "title": "IAM Access Analyzer is enabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices" - ], - "uid": "prowler-aws-accessanalyzer_enabled-211203495394-eu-west-3-analyzer/unknown" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-3", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:accessanalyzer:eu-west-3:211203495394:analyzer/unknown", - "name": "analyzer/unknown", - "status": "NOT_AVAILABLE", - "findings": [], - "tags": [], - "type": "", - "region": "eu-west-3" - } - }, - "group": { - "name": "accessanalyzer" - }, - "labels": [], - "name": "analyzer/unknown", - "type": "Other", - "uid": "arn:aws:accessanalyzer:eu-west-3:211203495394:analyzer/unknown" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-3" - }, - "remediation": { - "desc": "Enable **IAM Access Analyzer** across all accounts and active Regions (*or organization-wide*). Operate on least privilege: continuously review findings, remove unintended access, and trim unused permissions. Use archive rules sparingly, integrate reviews into change/CI/CD workflows, and enforce separation of duties on policy changes.", - "references": [ - "https://hub.prowler.com/check/accessanalyzer_enabled" - ] - }, - "risk_details": "Without an active analyzer, visibility into unintended public, cross-account, or risky internal access is lost. Adversaries can exploit exposed S3, snapshots, KMS keys, or permissive role trusts for data exfiltration and escalation. Unused permissions persist, enlarging the attack surface. This degrades confidentiality and integrity.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "IAM Access Analyzer in account 211203495394 is not enabled.", - "metadata": { - "event_code": "accessanalyzer_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "IAM Access Analyzer in account 211203495394 is not enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "identity-access", - "trust-boundaries" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-manage-external.html", - "https://aws.amazon.com/iam/access-analyzer/", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/API_CreateAnalyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-external.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/Welcome.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-internal.html" - ], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-01.04B", - "IAM-06.01AC", - "IAM-10.01B", - "IAM-10.02B", - "INQ-04.01AC", - "PSS-08.03B", - "PSS-09.01AC" - ], - "CIS-3.0": [ - "1.20" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.20" - ], - "CIS-5.0": [ - "1.19" - ], - "CIS-1.4": [ - "1.20" - ], - "CCC": [ - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN05.AR04" - ], - "ProwlerThreatScore-1.0": [ - "1.2.6" - ], - "CIS-1.5": [ - "1.20" - ], - "ISO27001-2022": [ - "A.8.3" - ], - "AWS-Account-Security-Onboarding": [ - "Enabled security services", - "Create analyzers in each active regions", - "Verify that events are present in SecurityHub aggregated view" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-2.0": [ - "1.20" - ], - "NIS2": [ - "3.2.3.e", - "11.1.1", - "11.2.1", - "11.2.2.e" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "**IAM Access Analyzer** presence and status are evaluated per account and Region. An analyzer in `ACTIVE` state indicates continuous analysis of supported resources and IAM activity to identify external, internal, and unused access.", - "title": "IAM Access Analyzer is enabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices" - ], - "uid": "prowler-aws-accessanalyzer_enabled-211203495394-sa-east-1-analyzer/unknown" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "sa-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:accessanalyzer:sa-east-1:211203495394:analyzer/unknown", - "name": "analyzer/unknown", - "status": "NOT_AVAILABLE", - "findings": [], - "tags": [], - "type": "", - "region": "sa-east-1" - } - }, - "group": { - "name": "accessanalyzer" - }, - "labels": [], - "name": "analyzer/unknown", - "type": "Other", - "uid": "arn:aws:accessanalyzer:sa-east-1:211203495394:analyzer/unknown" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "sa-east-1" - }, - "remediation": { - "desc": "Enable **IAM Access Analyzer** across all accounts and active Regions (*or organization-wide*). Operate on least privilege: continuously review findings, remove unintended access, and trim unused permissions. Use archive rules sparingly, integrate reviews into change/CI/CD workflows, and enforce separation of duties on policy changes.", - "references": [ - "https://hub.prowler.com/check/accessanalyzer_enabled" - ] - }, - "risk_details": "Without an active analyzer, visibility into unintended public, cross-account, or risky internal access is lost. Adversaries can exploit exposed S3, snapshots, KMS keys, or permissive role trusts for data exfiltration and escalation. Unused permissions persist, enlarging the attack surface. This degrades confidentiality and integrity.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "IAM Access Analyzer in account 211203495394 is not enabled.", - "metadata": { - "event_code": "accessanalyzer_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "IAM Access Analyzer in account 211203495394 is not enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "identity-access", - "trust-boundaries" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-manage-external.html", - "https://aws.amazon.com/iam/access-analyzer/", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/API_CreateAnalyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-external.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/Welcome.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-internal.html" - ], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-01.04B", - "IAM-06.01AC", - "IAM-10.01B", - "IAM-10.02B", - "INQ-04.01AC", - "PSS-08.03B", - "PSS-09.01AC" - ], - "CIS-3.0": [ - "1.20" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.20" - ], - "CIS-5.0": [ - "1.19" - ], - "CIS-1.4": [ - "1.20" - ], - "CCC": [ - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN05.AR04" - ], - "ProwlerThreatScore-1.0": [ - "1.2.6" - ], - "CIS-1.5": [ - "1.20" - ], - "ISO27001-2022": [ - "A.8.3" - ], - "AWS-Account-Security-Onboarding": [ - "Enabled security services", - "Create analyzers in each active regions", - "Verify that events are present in SecurityHub aggregated view" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-2.0": [ - "1.20" - ], - "NIS2": [ - "3.2.3.e", - "11.1.1", - "11.2.1", - "11.2.2.e" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "**IAM Access Analyzer** presence and status are evaluated per account and Region. An analyzer in `ACTIVE` state indicates continuous analysis of supported resources and IAM activity to identify external, internal, and unused access.", - "title": "IAM Access Analyzer is enabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices" - ], - "uid": "prowler-aws-accessanalyzer_enabled-211203495394-us-east-1-analyzer/unknown" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:accessanalyzer:us-east-1:211203495394:analyzer/unknown", - "name": "analyzer/unknown", - "status": "NOT_AVAILABLE", - "findings": [], - "tags": [], - "type": "", - "region": "us-east-1" - } - }, - "group": { - "name": "accessanalyzer" - }, - "labels": [], - "name": "analyzer/unknown", - "type": "Other", - "uid": "arn:aws:accessanalyzer:us-east-1:211203495394:analyzer/unknown" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Enable **IAM Access Analyzer** across all accounts and active Regions (*or organization-wide*). Operate on least privilege: continuously review findings, remove unintended access, and trim unused permissions. Use archive rules sparingly, integrate reviews into change/CI/CD workflows, and enforce separation of duties on policy changes.", - "references": [ - "https://hub.prowler.com/check/accessanalyzer_enabled" - ] - }, - "risk_details": "Without an active analyzer, visibility into unintended public, cross-account, or risky internal access is lost. Adversaries can exploit exposed S3, snapshots, KMS keys, or permissive role trusts for data exfiltration and escalation. Unused permissions persist, enlarging the attack surface. This degrades confidentiality and integrity.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "IAM Access Analyzer in account 211203495394 is not enabled.", - "metadata": { - "event_code": "accessanalyzer_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "IAM Access Analyzer in account 211203495394 is not enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "identity-access", - "trust-boundaries" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-manage-external.html", - "https://aws.amazon.com/iam/access-analyzer/", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/API_CreateAnalyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-external.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/Welcome.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-internal.html" - ], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-01.04B", - "IAM-06.01AC", - "IAM-10.01B", - "IAM-10.02B", - "INQ-04.01AC", - "PSS-08.03B", - "PSS-09.01AC" - ], - "CIS-3.0": [ - "1.20" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.20" - ], - "CIS-5.0": [ - "1.19" - ], - "CIS-1.4": [ - "1.20" - ], - "CCC": [ - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN05.AR04" - ], - "ProwlerThreatScore-1.0": [ - "1.2.6" - ], - "CIS-1.5": [ - "1.20" - ], - "ISO27001-2022": [ - "A.8.3" - ], - "AWS-Account-Security-Onboarding": [ - "Enabled security services", - "Create analyzers in each active regions", - "Verify that events are present in SecurityHub aggregated view" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-2.0": [ - "1.20" - ], - "NIS2": [ - "3.2.3.e", - "11.1.1", - "11.2.1", - "11.2.2.e" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "**IAM Access Analyzer** presence and status are evaluated per account and Region. An analyzer in `ACTIVE` state indicates continuous analysis of supported resources and IAM activity to identify external, internal, and unused access.", - "title": "IAM Access Analyzer is enabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices" - ], - "uid": "prowler-aws-accessanalyzer_enabled-211203495394-us-east-2-analyzer/unknown" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-2", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:accessanalyzer:us-east-2:211203495394:analyzer/unknown", - "name": "analyzer/unknown", - "status": "NOT_AVAILABLE", - "findings": [], - "tags": [], - "type": "", - "region": "us-east-2" - } - }, - "group": { - "name": "accessanalyzer" - }, - "labels": [], - "name": "analyzer/unknown", - "type": "Other", - "uid": "arn:aws:accessanalyzer:us-east-2:211203495394:analyzer/unknown" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-2" - }, - "remediation": { - "desc": "Enable **IAM Access Analyzer** across all accounts and active Regions (*or organization-wide*). Operate on least privilege: continuously review findings, remove unintended access, and trim unused permissions. Use archive rules sparingly, integrate reviews into change/CI/CD workflows, and enforce separation of duties on policy changes.", - "references": [ - "https://hub.prowler.com/check/accessanalyzer_enabled" - ] - }, - "risk_details": "Without an active analyzer, visibility into unintended public, cross-account, or risky internal access is lost. Adversaries can exploit exposed S3, snapshots, KMS keys, or permissive role trusts for data exfiltration and escalation. Unused permissions persist, enlarging the attack surface. This degrades confidentiality and integrity.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "IAM Access Analyzer in account 211203495394 is not enabled.", - "metadata": { - "event_code": "accessanalyzer_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "IAM Access Analyzer in account 211203495394 is not enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "identity-access", - "trust-boundaries" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-manage-external.html", - "https://aws.amazon.com/iam/access-analyzer/", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/API_CreateAnalyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-external.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/Welcome.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-internal.html" - ], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-01.04B", - "IAM-06.01AC", - "IAM-10.01B", - "IAM-10.02B", - "INQ-04.01AC", - "PSS-08.03B", - "PSS-09.01AC" - ], - "CIS-3.0": [ - "1.20" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.20" - ], - "CIS-5.0": [ - "1.19" - ], - "CIS-1.4": [ - "1.20" - ], - "CCC": [ - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN05.AR04" - ], - "ProwlerThreatScore-1.0": [ - "1.2.6" - ], - "CIS-1.5": [ - "1.20" - ], - "ISO27001-2022": [ - "A.8.3" - ], - "AWS-Account-Security-Onboarding": [ - "Enabled security services", - "Create analyzers in each active regions", - "Verify that events are present in SecurityHub aggregated view" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-2.0": [ - "1.20" - ], - "NIS2": [ - "3.2.3.e", - "11.1.1", - "11.2.1", - "11.2.2.e" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "**IAM Access Analyzer** presence and status are evaluated per account and Region. An analyzer in `ACTIVE` state indicates continuous analysis of supported resources and IAM activity to identify external, internal, and unused access.", - "title": "IAM Access Analyzer is enabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices" - ], - "uid": "prowler-aws-accessanalyzer_enabled-211203495394-us-west-1-analyzer/unknown" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:accessanalyzer:us-west-1:211203495394:analyzer/unknown", - "name": "analyzer/unknown", - "status": "NOT_AVAILABLE", - "findings": [], - "tags": [], - "type": "", - "region": "us-west-1" - } - }, - "group": { - "name": "accessanalyzer" - }, - "labels": [], - "name": "analyzer/unknown", - "type": "Other", - "uid": "arn:aws:accessanalyzer:us-west-1:211203495394:analyzer/unknown" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-west-1" - }, - "remediation": { - "desc": "Enable **IAM Access Analyzer** across all accounts and active Regions (*or organization-wide*). Operate on least privilege: continuously review findings, remove unintended access, and trim unused permissions. Use archive rules sparingly, integrate reviews into change/CI/CD workflows, and enforce separation of duties on policy changes.", - "references": [ - "https://hub.prowler.com/check/accessanalyzer_enabled" - ] - }, - "risk_details": "Without an active analyzer, visibility into unintended public, cross-account, or risky internal access is lost. Adversaries can exploit exposed S3, snapshots, KMS keys, or permissive role trusts for data exfiltration and escalation. Unused permissions persist, enlarging the attack surface. This degrades confidentiality and integrity.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "IAM Access Analyzer in account 211203495394 is not enabled.", - "metadata": { - "event_code": "accessanalyzer_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "IAM Access Analyzer in account 211203495394 is not enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "identity-access", - "trust-boundaries" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-manage-external.html", - "https://aws.amazon.com/iam/access-analyzer/", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/API_CreateAnalyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-external.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/Welcome.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-internal.html" - ], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-01.04B", - "IAM-06.01AC", - "IAM-10.01B", - "IAM-10.02B", - "INQ-04.01AC", - "PSS-08.03B", - "PSS-09.01AC" - ], - "CIS-3.0": [ - "1.20" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.20" - ], - "CIS-5.0": [ - "1.19" - ], - "CIS-1.4": [ - "1.20" - ], - "CCC": [ - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN05.AR04" - ], - "ProwlerThreatScore-1.0": [ - "1.2.6" - ], - "CIS-1.5": [ - "1.20" - ], - "ISO27001-2022": [ - "A.8.3" - ], - "AWS-Account-Security-Onboarding": [ - "Enabled security services", - "Create analyzers in each active regions", - "Verify that events are present in SecurityHub aggregated view" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-2.0": [ - "1.20" - ], - "NIS2": [ - "3.2.3.e", - "11.1.1", - "11.2.1", - "11.2.2.e" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "**IAM Access Analyzer** presence and status are evaluated per account and Region. An analyzer in `ACTIVE` state indicates continuous analysis of supported resources and IAM activity to identify external, internal, and unused access.", - "title": "IAM Access Analyzer is enabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices" - ], - "uid": "prowler-aws-accessanalyzer_enabled-211203495394-us-west-2-analyzer/unknown" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-west-2", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:accessanalyzer:us-west-2:211203495394:analyzer/unknown", - "name": "analyzer/unknown", - "status": "NOT_AVAILABLE", - "findings": [], - "tags": [], - "type": "", - "region": "us-west-2" - } - }, - "group": { - "name": "accessanalyzer" - }, - "labels": [], - "name": "analyzer/unknown", - "type": "Other", - "uid": "arn:aws:accessanalyzer:us-west-2:211203495394:analyzer/unknown" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-west-2" - }, - "remediation": { - "desc": "Enable **IAM Access Analyzer** across all accounts and active Regions (*or organization-wide*). Operate on least privilege: continuously review findings, remove unintended access, and trim unused permissions. Use archive rules sparingly, integrate reviews into change/CI/CD workflows, and enforce separation of duties on policy changes.", - "references": [ - "https://hub.prowler.com/check/accessanalyzer_enabled" - ] - }, - "risk_details": "Without an active analyzer, visibility into unintended public, cross-account, or risky internal access is lost. Adversaries can exploit exposed S3, snapshots, KMS keys, or permissive role trusts for data exfiltration and escalation. Unused permissions persist, enlarging the attack surface. This degrades confidentiality and integrity.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Login to the AWS Console. Choose your account name on the top right of the window -> My Account -> Contact Information.", - "metadata": { - "event_code": "account_maintain_current_contact_details", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "MANUAL", - "status_detail": "Login to the AWS Console. Choose your account name on the top right of the window -> My Account -> Contact Information.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://docs.prowler.com/checks/aws/iam-policies/iam_18-maintain-contact-details#aws-console", - "https://repost.aws/knowledge-center/update-phone-number", - "https://support.stax.io/docs/accounts/update-aws-account-contact-details", - "https://maartenbruntink.nl/blog/2022/09/26/aws-account-hygiene-101-mass-updating-alternate-account-contacts/", - "https://docs.aws.amazon.com/security-ir/latest/userguide/update-account-contact-info.html", - "https://docs.aws.amazon.com/accounts/latest/reference/manage-acct-update-contact-primary.html", - "https://repost.aws/knowledge-center/add-update-billing-contact", - "https://aws.amazon.com/blogs/security/update-the-alternate-security-contact-across-your-aws-accounts-for-timely-security-notifications/", - "https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_update_contacts.html", - "https://docs.aws.amazon.com/accounts/latest/reference/manage-acct-update-contact-alternate.html" - ], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-03.01AS", - "IAM-06.06B", - "SSO-05.06B", - "SIM-01.03B", - "INQ-02.01B" - ], - "CIS-3.0": [ - "1.1" - ], - "ENS-RD2022": [ - "op.ext.7.aws.am.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2" - ], - "CIS-4.0.1": [ - "1.1" - ], - "CIS-5.0": [ - "1.1" - ], - "CIS-1.4": [ - "1.1" - ], - "CIS-1.5": [ - "1.1" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC03-BP03", - "SEC10-BP01" - ], - "ISO27001-2022": [ - "A.5.5" - ], - "AWS-Account-Security-Onboarding": [ - "Billing, emergency, security contacts" - ], - "KISA-ISMS-P-2023": [ - "2.10.2" - ], - "CIS-2.0": [ - "1.1" - ], - "NIS2": [ - "2.2.3", - "3.5.3.a", - "5.1.7.b" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "**AWS account contact information** is current for the **primary contact** and the **alternate contacts** for `security`, `billing`, and `operations`, with accurate email addresses and phone numbers.", - "title": "AWS account contact information is current", - "types": [ - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices" - ], - "uid": "prowler-aws-account_maintain_current_contact_details-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "account" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:iam::211203495394:root" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Adopt:\n- **Primary** and **alternate contacts** for `security`, `billing`, `operations`\n- Shared, monitored aliases and SMS-capable phone numbers (non-personal)\n- Centralized management across accounts with periodic reviews\n- **Least privilege** for who can modify contact data\n- Regular reachability tests and documented ownership", - "references": [ - "https://hub.prowler.com/check/account_maintain_current_contact_details" - ] - }, - "risk_details": "Outdated or single-person contacts delay **security notifications**, slow **incident response**, and complicate **account recovery**.\n\nAWS may throttle services during abuse mitigation, reducing **availability**. Missed alerts enable ongoing misuse, risking **data exfiltration** and unauthorized changes (**integrity**).", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "SECURITY, BILLING and OPERATIONS contacts not found or they are not different between each other and between ROOT contact.", - "metadata": { - "event_code": "account_maintain_different_contact_details_to_security_billing_and_operations", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "SECURITY, BILLING and OPERATIONS contacts not found or they are not different between each other and between ROOT contact.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "resilience" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/account_alternate_contact", - "https://docs.prowler.com/checks/aws/iam-policies/iam_18-maintain-contact-details#aws-console", - "https://docs.aws.amazon.com/accounts/latest/reference/manage-acct-update-contact-alternate.html", - "https://builder.aws.com/content/2qRw97fe8JFwfk2AbpJ3sYNpNvM/aws-bulk-update-alternate-contacts-across-organization", - "https://github.com/aws-samples/aws-account-alternate-contact-with-terraform", - "https://trendmicro.com/cloudoneconformity/knowledge-base/aws/IAM/account-security-alternate-contacts.html", - "https://repost.aws/articles/ARDFbpt-bvQ8iuErnqVVcCXQ/managing-aws-organization-alternate-contacts-via-csv" - ], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-04.03B", - "IAM-06.06B", - "SSO-05.06B", - "SIM-01.03B", - "INQ-02.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2" - ], - "ISO27001-2022": [ - "A.5.6" - ], - "KISA-ISMS-P-2023": [ - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "**AWS account alternate contacts** are defined for **Security**, **Billing**, and **Operations** with `name`, `email`, and `phone`. The finding evaluates that all three exist, are distinct from one another, and differ from the **primary (root) contact**.", - "title": "AWS account has distinct Security, Billing, and Operations contact details, different from each other and from the root contact", - "types": [ - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-account_maintain_different_contact_details_to_security_billing_and_operations-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "account" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:iam::211203495394:root" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Maintain distinct, monitored **Security**, **Billing**, and **Operations** alternate contacts that differ from the root contact.\n- Use team aliases and 24x7 phones\n- Review and test contact paths regularly\n- Centralize at org level for consistency\n\nApplies **operational resilience** and **separation of duties**.", - "references": [ - "https://hub.prowler.com/check/account_maintain_different_contact_details_to_security_billing_and_operations" - ] - }, - "risk_details": "Missing or shared contacts can delay response to abuse alerts, credential compromise, or billing anomalies, reducing **availability** (possible AWS traffic throttling) and raising **confidentiality** and **integrity** risk through extended exposure. If AWS cannot reach you, urgent mitigation may disrupt service.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Login to the AWS Console. Choose your account name on the top right of the window -> My Account -> Alternate Contacts -> Security Section.", - "metadata": { - "event_code": "account_security_contact_information_is_registered", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "MANUAL", - "status_detail": "Login to the AWS Console. Choose your account name on the top right of the window -> My Account -> Alternate Contacts -> Security Section.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/account_alternate_contact", - "https://docs.prowler.com/checks/aws/iam-policies/iam_19/", - "https://support.icompaas.com/support/solutions/articles/62000234161-1-2-ensure-security-contact-information-is-registered-manual-", - "https://www.plerion.com/cloud-knowledge-base/ensure-security-contact-information-is-registered", - "https://repost.aws/articles/ARDFbpt-bvQ8iuErnqVVcCXQ/managing-aws-organization-alternate-contacts-via-csv" - ], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-06.01B", - "SSO-05.06B", - "SIM-01.03B" - ], - "CIS-3.0": [ - "1.2" - ], - "ENS-RD2022": [ - "op.ext.7.aws.am.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2" - ], - "CIS-4.0.1": [ - "1.2" - ], - "PCI-4.0": [ - "A1.2.3.1" - ], - "CIS-5.0": [ - "1.2" - ], - "CIS-1.4": [ - "1.2" - ], - "AWS-Foundational-Security-Best-Practices": [ - "Account.1" - ], - "CIS-1.5": [ - "1.2" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC03-BP03", - "SEC10-BP01" - ], - "ISO27001-2022": [ - "A.5.5" - ], - "AWS-Account-Security-Onboarding": [ - "Billing, emergency, security contacts" - ], - "KISA-ISMS-P-2023": [ - "2.10.2" - ], - "CIS-2.0": [ - "1.2" - ], - "NIS2": [ - "1.1.1.a", - "1.2.3", - "2.2.1", - "3.1.2.d", - "3.5.3.a", - "5.1.7.b" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Account settings contain a **Security alternate contact** in Alternate Contacts (name, `EmailAddress`, `PhoneNumber`) for targeted AWS security notifications.", - "title": "AWS account has security alternate contact registered", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices" - ], - "uid": "prowler-aws-account_security_contact_information_is_registered-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "account" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:iam::211203495394:root" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Define and maintain a **Security alternate contact**:\n- Use a monitored alias (e.g., `security@domain`) and team phone\n- Apply to every account (prefer Org-wide automation)\n- Review after org/personnel changes and test delivery\n- Document ownership and escalation paths\nAlign with **incident response** and **least privilege** principles.", - "references": [ - "https://hub.prowler.com/check/account_security_contact_information_is_registered" - ] - }, - "risk_details": "Missing or outdated **security contact** can delay or prevent AWS advisories from reaching responders, increasing risk to:\n- Confidentiality: data exfiltration from undetected compromise\n- Integrity: unauthorized changes persist longer\n- Availability: resource abuse (e.g., cryptomining) and outages", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Login to the AWS Console as root. Choose your account name on the top right of the window -> My Account -> Configure Security Challenge Questions.", - "metadata": { - "event_code": "account_security_questions_are_registered_in_the_aws_account", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "MANUAL", - "status_detail": "Login to the AWS Console as root. Choose your account name on the top right of the window -> My Account -> Configure Security Challenge Questions.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://docs.prowler.com/checks/aws/iam-policies/iam_15", - "https://www.trendmicro.com/cloudoneconformity/knowledge-base/aws/IAM/security-challenge-questions.html" - ], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.3" - ], - "ENS-RD2022": [ - "op.ext.7.aws.am.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.3", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.3" - ], - "CIS-1.4": [ - "1.3" - ], - "CIS-1.5": [ - "1.3" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC03-BP03", - "SEC10-BP01" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.3", - "2.10.2" - ], - "CIS-2.0": [ - "1.3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "[DEPRECATED] **AWS account root** configuration may include legacy **security challenge questions** for support identity verification. This evaluates whether those questions are set on the account. *New configuration is discontinued by AWS and remaining support for this feature is time-limited.*", - "title": "[DEPRECATED] AWS root user has security challenge questions configured", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices" - ], - "uid": "prowler-aws-account_security_questions_are_registered_in_the_aws_account-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "account" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:iam::211203495394:root" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Favor stronger recovery instead of KBA:\n- Enforce **MFA for root** and minimize root use\n- Keep **alternate contacts** and root email current and protected\n- Establish a tightly controlled **break-glass role**, applying least privilege and separation of duties\n- Document and test recovery procedures; monitor root activity", - "references": [ - "https://hub.prowler.com/check/account_security_questions_are_registered_in_the_aws_account" - ] - }, - "risk_details": "Absence of these questions can limit support-assisted recovery if root credentials or MFA are lost, reducing **availability** and slowing **incident response**. Reliance on KBA also weakens **confidentiality** due to **social engineering**. Treat this as a recovery gap and adopt stronger, phishing-resistant factors.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No Backup Vault exist.", - "metadata": { - "event_code": "backup_vaults_exist", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "No Backup Vault exist.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "resilience" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://docs.aws.amazon.com/aws-backup/latest/devguide/vaults.html" - ], - "notes": "", - "compliance": { - "C5-2025": [ - "OPS-06.01B", - "OPS-07.01B", - "OPS-08.01B", - "OPS-09.02B", - "CRY-16.02B", - "DEV-11.02B", - "BCM-01.01B", - "BCM-01.02B", - "BCM-02.01B" - ], - "ENS-RD2022": [ - "mp.info.6.aws.bcku.1" - ], - "AWS-Foundational-Technical-Review": [ - "BAR-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.3", - "2.12.1" - ], - "CCC": [ - "CCC.Core.CN08.AR01", - "CCC.Core.CN14.AR02", - "CCC.Core.CN14.AR02" - ], - "ISO27001-2022": [ - "A.8.13" - ], - "KISA-ISMS-P-2023": [ - "2.9.3", - "2.12.1" - ], - "NIS2": [ - "3.6.2", - "4.1.2.f", - "4.1.2.g", - "4.2.2.b", - "4.2.2.e", - "12.1.2.c", - "12.2.2.b" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "**AWS Backup** in the account/region includes at least one **backup vault** that stores and organizes recovery points for use by backup plans and copies.", - "title": "At least one AWS Backup vault exists", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices" - ], - "uid": "prowler-aws-backup_vaults_exist-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "backup" - }, - "labels": [], - "name": "211203495394", - "type": "AwsBackupBackupVault", - "uid": "arn:aws:backup:us-east-1:211203495394:backup-vault" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Create and maintain a **backup vault** in each required region. Enforce **least privilege** access, encrypt with **KMS CMKs**, and enable **Vault Lock** to prevent tampering. Use lifecycle rules and cross-region/cross-account copies, and regularly test restores for **defense in depth**.", - "references": [ - "https://hub.prowler.com/check/backup_vaults_exist" - ] - }, - "risk_details": "Without a vault, recovery points cannot be created or retained in AWS Backup, degrading **availability** and **integrity**. Data may be irrecoverable after deletion, ransomware, or misconfiguration, and RPO/RTO targets may be missed during incidents.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Bedrock Model Invocation Logging is disabled.", - "metadata": { - "event_code": "bedrock_model_invocation_logging_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Bedrock Model Invocation Logging is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html", - "categories": [ - "logging", - "forensics-ready", - "gen-ai" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_a_1_1" - ], - "C5-2025": [ - "AM-01.01AC", - "OPS-11.02AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "SSO-05.01AC", - "PSS-04.05B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.2" - ], - "CCC": [ - "CCC.GenAI.CN01.AR01", - "CCC.GenAI.CN02.AR02", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.MLDE.CN05.AR01" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.2" - ], - "NIS2": [ - "3.2.3.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Ensure that model invocation logging is enabled for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "title": "Ensure that model invocation logging is enabled for Amazon Bedrock.", - "types": [], - "uid": "prowler-aws-bedrock_model_invocation_logging_enabled-211203495394-ap-northeast-1-model-invocation-logging" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-northeast-1", - "data": { - "details": "", - "metadata": { - "enabled": false, - "cloudwatch_log_group": null, - "s3_bucket": null - } - }, - "group": { - "name": "bedrock" - }, - "labels": [], - "name": "model-invocation-logging", - "type": "Other", - "uid": "arn:aws:bedrock:ap-northeast-1:211203495394:model-invocation-logging" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-northeast-1" - }, - "remediation": { - "desc": "Enable model invocation logging for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "references": [ - "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html#model-invocation-logging-console" - ] - }, - "risk_details": "In Amazon Bedrock, model invocation logging enables you to collect the invocation request and response data, along with metadata, for all 'Converse', 'ConverseStream', 'InvokeModel', and 'InvokeModelWithResponseStream' API calls in your AWS account. Each log entry includes important details such as the timestamp, request ID, model ID, and token usage. Invocation logs can be utilized for troubleshooting, performance enhancements, abuse detection, and security auditing. By default, model invocation logging is disabled.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Bedrock Model Invocation Logging is disabled.", - "metadata": { - "event_code": "bedrock_model_invocation_logging_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Bedrock Model Invocation Logging is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html", - "categories": [ - "logging", - "forensics-ready", - "gen-ai" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_a_1_1" - ], - "C5-2025": [ - "AM-01.01AC", - "OPS-11.02AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "SSO-05.01AC", - "PSS-04.05B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.2" - ], - "CCC": [ - "CCC.GenAI.CN01.AR01", - "CCC.GenAI.CN02.AR02", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.MLDE.CN05.AR01" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.2" - ], - "NIS2": [ - "3.2.3.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Ensure that model invocation logging is enabled for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "title": "Ensure that model invocation logging is enabled for Amazon Bedrock.", - "types": [], - "uid": "prowler-aws-bedrock_model_invocation_logging_enabled-211203495394-ap-northeast-2-model-invocation-logging" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-northeast-2", - "data": { - "details": "", - "metadata": { - "enabled": false, - "cloudwatch_log_group": null, - "s3_bucket": null - } - }, - "group": { - "name": "bedrock" - }, - "labels": [], - "name": "model-invocation-logging", - "type": "Other", - "uid": "arn:aws:bedrock:ap-northeast-2:211203495394:model-invocation-logging" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-northeast-2" - }, - "remediation": { - "desc": "Enable model invocation logging for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "references": [ - "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html#model-invocation-logging-console" - ] - }, - "risk_details": "In Amazon Bedrock, model invocation logging enables you to collect the invocation request and response data, along with metadata, for all 'Converse', 'ConverseStream', 'InvokeModel', and 'InvokeModelWithResponseStream' API calls in your AWS account. Each log entry includes important details such as the timestamp, request ID, model ID, and token usage. Invocation logs can be utilized for troubleshooting, performance enhancements, abuse detection, and security auditing. By default, model invocation logging is disabled.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Bedrock Model Invocation Logging is disabled.", - "metadata": { - "event_code": "bedrock_model_invocation_logging_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Bedrock Model Invocation Logging is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html", - "categories": [ - "logging", - "forensics-ready", - "gen-ai" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_a_1_1" - ], - "C5-2025": [ - "AM-01.01AC", - "OPS-11.02AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "SSO-05.01AC", - "PSS-04.05B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.2" - ], - "CCC": [ - "CCC.GenAI.CN01.AR01", - "CCC.GenAI.CN02.AR02", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.MLDE.CN05.AR01" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.2" - ], - "NIS2": [ - "3.2.3.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Ensure that model invocation logging is enabled for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "title": "Ensure that model invocation logging is enabled for Amazon Bedrock.", - "types": [], - "uid": "prowler-aws-bedrock_model_invocation_logging_enabled-211203495394-ap-northeast-3-model-invocation-logging" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-northeast-3", - "data": { - "details": "", - "metadata": { - "enabled": false, - "cloudwatch_log_group": null, - "s3_bucket": null - } - }, - "group": { - "name": "bedrock" - }, - "labels": [], - "name": "model-invocation-logging", - "type": "Other", - "uid": "arn:aws:bedrock:ap-northeast-3:211203495394:model-invocation-logging" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-northeast-3" - }, - "remediation": { - "desc": "Enable model invocation logging for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "references": [ - "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html#model-invocation-logging-console" - ] - }, - "risk_details": "In Amazon Bedrock, model invocation logging enables you to collect the invocation request and response data, along with metadata, for all 'Converse', 'ConverseStream', 'InvokeModel', and 'InvokeModelWithResponseStream' API calls in your AWS account. Each log entry includes important details such as the timestamp, request ID, model ID, and token usage. Invocation logs can be utilized for troubleshooting, performance enhancements, abuse detection, and security auditing. By default, model invocation logging is disabled.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Bedrock Model Invocation Logging is disabled.", - "metadata": { - "event_code": "bedrock_model_invocation_logging_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Bedrock Model Invocation Logging is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html", - "categories": [ - "logging", - "forensics-ready", - "gen-ai" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_a_1_1" - ], - "C5-2025": [ - "AM-01.01AC", - "OPS-11.02AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "SSO-05.01AC", - "PSS-04.05B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.2" - ], - "CCC": [ - "CCC.GenAI.CN01.AR01", - "CCC.GenAI.CN02.AR02", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.MLDE.CN05.AR01" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.2" - ], - "NIS2": [ - "3.2.3.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Ensure that model invocation logging is enabled for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "title": "Ensure that model invocation logging is enabled for Amazon Bedrock.", - "types": [], - "uid": "prowler-aws-bedrock_model_invocation_logging_enabled-211203495394-ap-south-1-model-invocation-logging" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-south-1", - "data": { - "details": "", - "metadata": { - "enabled": false, - "cloudwatch_log_group": null, - "s3_bucket": null - } - }, - "group": { - "name": "bedrock" - }, - "labels": [], - "name": "model-invocation-logging", - "type": "Other", - "uid": "arn:aws:bedrock:ap-south-1:211203495394:model-invocation-logging" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-south-1" - }, - "remediation": { - "desc": "Enable model invocation logging for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "references": [ - "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html#model-invocation-logging-console" - ] - }, - "risk_details": "In Amazon Bedrock, model invocation logging enables you to collect the invocation request and response data, along with metadata, for all 'Converse', 'ConverseStream', 'InvokeModel', and 'InvokeModelWithResponseStream' API calls in your AWS account. Each log entry includes important details such as the timestamp, request ID, model ID, and token usage. Invocation logs can be utilized for troubleshooting, performance enhancements, abuse detection, and security auditing. By default, model invocation logging is disabled.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Bedrock Model Invocation Logging is disabled.", - "metadata": { - "event_code": "bedrock_model_invocation_logging_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Bedrock Model Invocation Logging is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html", - "categories": [ - "logging", - "forensics-ready", - "gen-ai" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_a_1_1" - ], - "C5-2025": [ - "AM-01.01AC", - "OPS-11.02AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "SSO-05.01AC", - "PSS-04.05B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.2" - ], - "CCC": [ - "CCC.GenAI.CN01.AR01", - "CCC.GenAI.CN02.AR02", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.MLDE.CN05.AR01" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.2" - ], - "NIS2": [ - "3.2.3.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Ensure that model invocation logging is enabled for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "title": "Ensure that model invocation logging is enabled for Amazon Bedrock.", - "types": [], - "uid": "prowler-aws-bedrock_model_invocation_logging_enabled-211203495394-ap-southeast-1-model-invocation-logging" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-southeast-1", - "data": { - "details": "", - "metadata": { - "enabled": false, - "cloudwatch_log_group": null, - "s3_bucket": null - } - }, - "group": { - "name": "bedrock" - }, - "labels": [], - "name": "model-invocation-logging", - "type": "Other", - "uid": "arn:aws:bedrock:ap-southeast-1:211203495394:model-invocation-logging" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-southeast-1" - }, - "remediation": { - "desc": "Enable model invocation logging for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "references": [ - "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html#model-invocation-logging-console" - ] - }, - "risk_details": "In Amazon Bedrock, model invocation logging enables you to collect the invocation request and response data, along with metadata, for all 'Converse', 'ConverseStream', 'InvokeModel', and 'InvokeModelWithResponseStream' API calls in your AWS account. Each log entry includes important details such as the timestamp, request ID, model ID, and token usage. Invocation logs can be utilized for troubleshooting, performance enhancements, abuse detection, and security auditing. By default, model invocation logging is disabled.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Bedrock Model Invocation Logging is disabled.", - "metadata": { - "event_code": "bedrock_model_invocation_logging_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Bedrock Model Invocation Logging is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html", - "categories": [ - "logging", - "forensics-ready", - "gen-ai" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_a_1_1" - ], - "C5-2025": [ - "AM-01.01AC", - "OPS-11.02AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "SSO-05.01AC", - "PSS-04.05B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.2" - ], - "CCC": [ - "CCC.GenAI.CN01.AR01", - "CCC.GenAI.CN02.AR02", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.MLDE.CN05.AR01" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.2" - ], - "NIS2": [ - "3.2.3.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Ensure that model invocation logging is enabled for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "title": "Ensure that model invocation logging is enabled for Amazon Bedrock.", - "types": [], - "uid": "prowler-aws-bedrock_model_invocation_logging_enabled-211203495394-ap-southeast-2-model-invocation-logging" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-southeast-2", - "data": { - "details": "", - "metadata": { - "enabled": false, - "cloudwatch_log_group": null, - "s3_bucket": null - } - }, - "group": { - "name": "bedrock" - }, - "labels": [], - "name": "model-invocation-logging", - "type": "Other", - "uid": "arn:aws:bedrock:ap-southeast-2:211203495394:model-invocation-logging" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-southeast-2" - }, - "remediation": { - "desc": "Enable model invocation logging for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "references": [ - "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html#model-invocation-logging-console" - ] - }, - "risk_details": "In Amazon Bedrock, model invocation logging enables you to collect the invocation request and response data, along with metadata, for all 'Converse', 'ConverseStream', 'InvokeModel', and 'InvokeModelWithResponseStream' API calls in your AWS account. Each log entry includes important details such as the timestamp, request ID, model ID, and token usage. Invocation logs can be utilized for troubleshooting, performance enhancements, abuse detection, and security auditing. By default, model invocation logging is disabled.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Bedrock Model Invocation Logging is disabled.", - "metadata": { - "event_code": "bedrock_model_invocation_logging_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Bedrock Model Invocation Logging is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html", - "categories": [ - "logging", - "forensics-ready", - "gen-ai" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_a_1_1" - ], - "C5-2025": [ - "AM-01.01AC", - "OPS-11.02AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "SSO-05.01AC", - "PSS-04.05B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.2" - ], - "CCC": [ - "CCC.GenAI.CN01.AR01", - "CCC.GenAI.CN02.AR02", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.MLDE.CN05.AR01" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.2" - ], - "NIS2": [ - "3.2.3.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Ensure that model invocation logging is enabled for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "title": "Ensure that model invocation logging is enabled for Amazon Bedrock.", - "types": [], - "uid": "prowler-aws-bedrock_model_invocation_logging_enabled-211203495394-ca-central-1-model-invocation-logging" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ca-central-1", - "data": { - "details": "", - "metadata": { - "enabled": false, - "cloudwatch_log_group": null, - "s3_bucket": null - } - }, - "group": { - "name": "bedrock" - }, - "labels": [], - "name": "model-invocation-logging", - "type": "Other", - "uid": "arn:aws:bedrock:ca-central-1:211203495394:model-invocation-logging" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ca-central-1" - }, - "remediation": { - "desc": "Enable model invocation logging for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "references": [ - "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html#model-invocation-logging-console" - ] - }, - "risk_details": "In Amazon Bedrock, model invocation logging enables you to collect the invocation request and response data, along with metadata, for all 'Converse', 'ConverseStream', 'InvokeModel', and 'InvokeModelWithResponseStream' API calls in your AWS account. Each log entry includes important details such as the timestamp, request ID, model ID, and token usage. Invocation logs can be utilized for troubleshooting, performance enhancements, abuse detection, and security auditing. By default, model invocation logging is disabled.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Bedrock Model Invocation Logging is disabled.", - "metadata": { - "event_code": "bedrock_model_invocation_logging_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Bedrock Model Invocation Logging is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html", - "categories": [ - "logging", - "forensics-ready", - "gen-ai" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_a_1_1" - ], - "C5-2025": [ - "AM-01.01AC", - "OPS-11.02AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "SSO-05.01AC", - "PSS-04.05B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.2" - ], - "CCC": [ - "CCC.GenAI.CN01.AR01", - "CCC.GenAI.CN02.AR02", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.MLDE.CN05.AR01" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.2" - ], - "NIS2": [ - "3.2.3.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Ensure that model invocation logging is enabled for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "title": "Ensure that model invocation logging is enabled for Amazon Bedrock.", - "types": [], - "uid": "prowler-aws-bedrock_model_invocation_logging_enabled-211203495394-eu-central-1-model-invocation-logging" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-central-1", - "data": { - "details": "", - "metadata": { - "enabled": false, - "cloudwatch_log_group": null, - "s3_bucket": null - } - }, - "group": { - "name": "bedrock" - }, - "labels": [], - "name": "model-invocation-logging", - "type": "Other", - "uid": "arn:aws:bedrock:eu-central-1:211203495394:model-invocation-logging" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-central-1" - }, - "remediation": { - "desc": "Enable model invocation logging for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "references": [ - "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html#model-invocation-logging-console" - ] - }, - "risk_details": "In Amazon Bedrock, model invocation logging enables you to collect the invocation request and response data, along with metadata, for all 'Converse', 'ConverseStream', 'InvokeModel', and 'InvokeModelWithResponseStream' API calls in your AWS account. Each log entry includes important details such as the timestamp, request ID, model ID, and token usage. Invocation logs can be utilized for troubleshooting, performance enhancements, abuse detection, and security auditing. By default, model invocation logging is disabled.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Bedrock Model Invocation Logging is disabled.", - "metadata": { - "event_code": "bedrock_model_invocation_logging_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Bedrock Model Invocation Logging is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html", - "categories": [ - "logging", - "forensics-ready", - "gen-ai" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_a_1_1" - ], - "C5-2025": [ - "AM-01.01AC", - "OPS-11.02AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "SSO-05.01AC", - "PSS-04.05B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.2" - ], - "CCC": [ - "CCC.GenAI.CN01.AR01", - "CCC.GenAI.CN02.AR02", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.MLDE.CN05.AR01" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.2" - ], - "NIS2": [ - "3.2.3.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Ensure that model invocation logging is enabled for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "title": "Ensure that model invocation logging is enabled for Amazon Bedrock.", - "types": [], - "uid": "prowler-aws-bedrock_model_invocation_logging_enabled-211203495394-eu-north-1-model-invocation-logging" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-north-1", - "data": { - "details": "", - "metadata": { - "enabled": false, - "cloudwatch_log_group": null, - "s3_bucket": null - } - }, - "group": { - "name": "bedrock" - }, - "labels": [], - "name": "model-invocation-logging", - "type": "Other", - "uid": "arn:aws:bedrock:eu-north-1:211203495394:model-invocation-logging" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-north-1" - }, - "remediation": { - "desc": "Enable model invocation logging for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "references": [ - "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html#model-invocation-logging-console" - ] - }, - "risk_details": "In Amazon Bedrock, model invocation logging enables you to collect the invocation request and response data, along with metadata, for all 'Converse', 'ConverseStream', 'InvokeModel', and 'InvokeModelWithResponseStream' API calls in your AWS account. Each log entry includes important details such as the timestamp, request ID, model ID, and token usage. Invocation logs can be utilized for troubleshooting, performance enhancements, abuse detection, and security auditing. By default, model invocation logging is disabled.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Bedrock Model Invocation Logging is disabled.", - "metadata": { - "event_code": "bedrock_model_invocation_logging_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Bedrock Model Invocation Logging is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html", - "categories": [ - "logging", - "forensics-ready", - "gen-ai" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_a_1_1" - ], - "C5-2025": [ - "AM-01.01AC", - "OPS-11.02AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "SSO-05.01AC", - "PSS-04.05B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.2" - ], - "CCC": [ - "CCC.GenAI.CN01.AR01", - "CCC.GenAI.CN02.AR02", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.MLDE.CN05.AR01" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.2" - ], - "NIS2": [ - "3.2.3.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Ensure that model invocation logging is enabled for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "title": "Ensure that model invocation logging is enabled for Amazon Bedrock.", - "types": [], - "uid": "prowler-aws-bedrock_model_invocation_logging_enabled-211203495394-eu-west-1-model-invocation-logging" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "enabled": false, - "cloudwatch_log_group": null, - "s3_bucket": null - } - }, - "group": { - "name": "bedrock" - }, - "labels": [], - "name": "model-invocation-logging", - "type": "Other", - "uid": "arn:aws:bedrock:eu-west-1:211203495394:model-invocation-logging" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Enable model invocation logging for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "references": [ - "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html#model-invocation-logging-console" - ] - }, - "risk_details": "In Amazon Bedrock, model invocation logging enables you to collect the invocation request and response data, along with metadata, for all 'Converse', 'ConverseStream', 'InvokeModel', and 'InvokeModelWithResponseStream' API calls in your AWS account. Each log entry includes important details such as the timestamp, request ID, model ID, and token usage. Invocation logs can be utilized for troubleshooting, performance enhancements, abuse detection, and security auditing. By default, model invocation logging is disabled.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Bedrock Model Invocation Logging is disabled.", - "metadata": { - "event_code": "bedrock_model_invocation_logging_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Bedrock Model Invocation Logging is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html", - "categories": [ - "logging", - "forensics-ready", - "gen-ai" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_a_1_1" - ], - "C5-2025": [ - "AM-01.01AC", - "OPS-11.02AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "SSO-05.01AC", - "PSS-04.05B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.2" - ], - "CCC": [ - "CCC.GenAI.CN01.AR01", - "CCC.GenAI.CN02.AR02", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.MLDE.CN05.AR01" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.2" - ], - "NIS2": [ - "3.2.3.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Ensure that model invocation logging is enabled for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "title": "Ensure that model invocation logging is enabled for Amazon Bedrock.", - "types": [], - "uid": "prowler-aws-bedrock_model_invocation_logging_enabled-211203495394-eu-west-2-model-invocation-logging" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-2", - "data": { - "details": "", - "metadata": { - "enabled": false, - "cloudwatch_log_group": null, - "s3_bucket": null - } - }, - "group": { - "name": "bedrock" - }, - "labels": [], - "name": "model-invocation-logging", - "type": "Other", - "uid": "arn:aws:bedrock:eu-west-2:211203495394:model-invocation-logging" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-2" - }, - "remediation": { - "desc": "Enable model invocation logging for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "references": [ - "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html#model-invocation-logging-console" - ] - }, - "risk_details": "In Amazon Bedrock, model invocation logging enables you to collect the invocation request and response data, along with metadata, for all 'Converse', 'ConverseStream', 'InvokeModel', and 'InvokeModelWithResponseStream' API calls in your AWS account. Each log entry includes important details such as the timestamp, request ID, model ID, and token usage. Invocation logs can be utilized for troubleshooting, performance enhancements, abuse detection, and security auditing. By default, model invocation logging is disabled.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Bedrock Model Invocation Logging is disabled.", - "metadata": { - "event_code": "bedrock_model_invocation_logging_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Bedrock Model Invocation Logging is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html", - "categories": [ - "logging", - "forensics-ready", - "gen-ai" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_a_1_1" - ], - "C5-2025": [ - "AM-01.01AC", - "OPS-11.02AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "SSO-05.01AC", - "PSS-04.05B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.2" - ], - "CCC": [ - "CCC.GenAI.CN01.AR01", - "CCC.GenAI.CN02.AR02", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.MLDE.CN05.AR01" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.2" - ], - "NIS2": [ - "3.2.3.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Ensure that model invocation logging is enabled for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "title": "Ensure that model invocation logging is enabled for Amazon Bedrock.", - "types": [], - "uid": "prowler-aws-bedrock_model_invocation_logging_enabled-211203495394-eu-west-3-model-invocation-logging" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-3", - "data": { - "details": "", - "metadata": { - "enabled": false, - "cloudwatch_log_group": null, - "s3_bucket": null - } - }, - "group": { - "name": "bedrock" - }, - "labels": [], - "name": "model-invocation-logging", - "type": "Other", - "uid": "arn:aws:bedrock:eu-west-3:211203495394:model-invocation-logging" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-3" - }, - "remediation": { - "desc": "Enable model invocation logging for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "references": [ - "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html#model-invocation-logging-console" - ] - }, - "risk_details": "In Amazon Bedrock, model invocation logging enables you to collect the invocation request and response data, along with metadata, for all 'Converse', 'ConverseStream', 'InvokeModel', and 'InvokeModelWithResponseStream' API calls in your AWS account. Each log entry includes important details such as the timestamp, request ID, model ID, and token usage. Invocation logs can be utilized for troubleshooting, performance enhancements, abuse detection, and security auditing. By default, model invocation logging is disabled.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Bedrock Model Invocation Logging is disabled.", - "metadata": { - "event_code": "bedrock_model_invocation_logging_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Bedrock Model Invocation Logging is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html", - "categories": [ - "logging", - "forensics-ready", - "gen-ai" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_a_1_1" - ], - "C5-2025": [ - "AM-01.01AC", - "OPS-11.02AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "SSO-05.01AC", - "PSS-04.05B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.2" - ], - "CCC": [ - "CCC.GenAI.CN01.AR01", - "CCC.GenAI.CN02.AR02", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.MLDE.CN05.AR01" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.2" - ], - "NIS2": [ - "3.2.3.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Ensure that model invocation logging is enabled for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "title": "Ensure that model invocation logging is enabled for Amazon Bedrock.", - "types": [], - "uid": "prowler-aws-bedrock_model_invocation_logging_enabled-211203495394-sa-east-1-model-invocation-logging" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "sa-east-1", - "data": { - "details": "", - "metadata": { - "enabled": false, - "cloudwatch_log_group": null, - "s3_bucket": null - } - }, - "group": { - "name": "bedrock" - }, - "labels": [], - "name": "model-invocation-logging", - "type": "Other", - "uid": "arn:aws:bedrock:sa-east-1:211203495394:model-invocation-logging" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "sa-east-1" - }, - "remediation": { - "desc": "Enable model invocation logging for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "references": [ - "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html#model-invocation-logging-console" - ] - }, - "risk_details": "In Amazon Bedrock, model invocation logging enables you to collect the invocation request and response data, along with metadata, for all 'Converse', 'ConverseStream', 'InvokeModel', and 'InvokeModelWithResponseStream' API calls in your AWS account. Each log entry includes important details such as the timestamp, request ID, model ID, and token usage. Invocation logs can be utilized for troubleshooting, performance enhancements, abuse detection, and security auditing. By default, model invocation logging is disabled.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Bedrock Model Invocation Logging is disabled.", - "metadata": { - "event_code": "bedrock_model_invocation_logging_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Bedrock Model Invocation Logging is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html", - "categories": [ - "logging", - "forensics-ready", - "gen-ai" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_a_1_1" - ], - "C5-2025": [ - "AM-01.01AC", - "OPS-11.02AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "SSO-05.01AC", - "PSS-04.05B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.2" - ], - "CCC": [ - "CCC.GenAI.CN01.AR01", - "CCC.GenAI.CN02.AR02", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.MLDE.CN05.AR01" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.2" - ], - "NIS2": [ - "3.2.3.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Ensure that model invocation logging is enabled for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "title": "Ensure that model invocation logging is enabled for Amazon Bedrock.", - "types": [], - "uid": "prowler-aws-bedrock_model_invocation_logging_enabled-211203495394-us-east-1-model-invocation-logging" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "enabled": false, - "cloudwatch_log_group": null, - "s3_bucket": null - } - }, - "group": { - "name": "bedrock" - }, - "labels": [], - "name": "model-invocation-logging", - "type": "Other", - "uid": "arn:aws:bedrock:us-east-1:211203495394:model-invocation-logging" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Enable model invocation logging for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "references": [ - "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html#model-invocation-logging-console" - ] - }, - "risk_details": "In Amazon Bedrock, model invocation logging enables you to collect the invocation request and response data, along with metadata, for all 'Converse', 'ConverseStream', 'InvokeModel', and 'InvokeModelWithResponseStream' API calls in your AWS account. Each log entry includes important details such as the timestamp, request ID, model ID, and token usage. Invocation logs can be utilized for troubleshooting, performance enhancements, abuse detection, and security auditing. By default, model invocation logging is disabled.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Bedrock Model Invocation Logging is disabled.", - "metadata": { - "event_code": "bedrock_model_invocation_logging_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Bedrock Model Invocation Logging is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html", - "categories": [ - "logging", - "forensics-ready", - "gen-ai" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_a_1_1" - ], - "C5-2025": [ - "AM-01.01AC", - "OPS-11.02AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "SSO-05.01AC", - "PSS-04.05B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.2" - ], - "CCC": [ - "CCC.GenAI.CN01.AR01", - "CCC.GenAI.CN02.AR02", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.MLDE.CN05.AR01" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.2" - ], - "NIS2": [ - "3.2.3.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Ensure that model invocation logging is enabled for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "title": "Ensure that model invocation logging is enabled for Amazon Bedrock.", - "types": [], - "uid": "prowler-aws-bedrock_model_invocation_logging_enabled-211203495394-us-east-2-model-invocation-logging" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-2", - "data": { - "details": "", - "metadata": { - "enabled": false, - "cloudwatch_log_group": null, - "s3_bucket": null - } - }, - "group": { - "name": "bedrock" - }, - "labels": [], - "name": "model-invocation-logging", - "type": "Other", - "uid": "arn:aws:bedrock:us-east-2:211203495394:model-invocation-logging" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-2" - }, - "remediation": { - "desc": "Enable model invocation logging for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "references": [ - "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html#model-invocation-logging-console" - ] - }, - "risk_details": "In Amazon Bedrock, model invocation logging enables you to collect the invocation request and response data, along with metadata, for all 'Converse', 'ConverseStream', 'InvokeModel', and 'InvokeModelWithResponseStream' API calls in your AWS account. Each log entry includes important details such as the timestamp, request ID, model ID, and token usage. Invocation logs can be utilized for troubleshooting, performance enhancements, abuse detection, and security auditing. By default, model invocation logging is disabled.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Bedrock Model Invocation Logging is disabled.", - "metadata": { - "event_code": "bedrock_model_invocation_logging_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Bedrock Model Invocation Logging is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html", - "categories": [ - "logging", - "forensics-ready", - "gen-ai" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_a_1_1" - ], - "C5-2025": [ - "AM-01.01AC", - "OPS-11.02AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "SSO-05.01AC", - "PSS-04.05B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.2" - ], - "CCC": [ - "CCC.GenAI.CN01.AR01", - "CCC.GenAI.CN02.AR02", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.MLDE.CN05.AR01" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.2" - ], - "NIS2": [ - "3.2.3.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Ensure that model invocation logging is enabled for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "title": "Ensure that model invocation logging is enabled for Amazon Bedrock.", - "types": [], - "uid": "prowler-aws-bedrock_model_invocation_logging_enabled-211203495394-us-west-1-model-invocation-logging" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-west-1", - "data": { - "details": "", - "metadata": { - "enabled": false, - "cloudwatch_log_group": null, - "s3_bucket": null - } - }, - "group": { - "name": "bedrock" - }, - "labels": [], - "name": "model-invocation-logging", - "type": "Other", - "uid": "arn:aws:bedrock:us-west-1:211203495394:model-invocation-logging" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-west-1" - }, - "remediation": { - "desc": "Enable model invocation logging for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "references": [ - "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html#model-invocation-logging-console" - ] - }, - "risk_details": "In Amazon Bedrock, model invocation logging enables you to collect the invocation request and response data, along with metadata, for all 'Converse', 'ConverseStream', 'InvokeModel', and 'InvokeModelWithResponseStream' API calls in your AWS account. Each log entry includes important details such as the timestamp, request ID, model ID, and token usage. Invocation logs can be utilized for troubleshooting, performance enhancements, abuse detection, and security auditing. By default, model invocation logging is disabled.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Bedrock Model Invocation Logging is disabled.", - "metadata": { - "event_code": "bedrock_model_invocation_logging_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Bedrock Model Invocation Logging is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html", - "categories": [ - "logging", - "forensics-ready", - "gen-ai" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_a_1_1" - ], - "C5-2025": [ - "AM-01.01AC", - "OPS-11.02AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "SSO-05.01AC", - "PSS-04.05B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.2" - ], - "CCC": [ - "CCC.GenAI.CN01.AR01", - "CCC.GenAI.CN02.AR02", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.MLDE.CN05.AR01" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.2" - ], - "NIS2": [ - "3.2.3.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Ensure that model invocation logging is enabled for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "title": "Ensure that model invocation logging is enabled for Amazon Bedrock.", - "types": [], - "uid": "prowler-aws-bedrock_model_invocation_logging_enabled-211203495394-us-west-2-model-invocation-logging" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-west-2", - "data": { - "details": "", - "metadata": { - "enabled": false, - "cloudwatch_log_group": null, - "s3_bucket": null - } - }, - "group": { - "name": "bedrock" - }, - "labels": [], - "name": "model-invocation-logging", - "type": "Other", - "uid": "arn:aws:bedrock:us-west-2:211203495394:model-invocation-logging" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-west-2" - }, - "remediation": { - "desc": "Enable model invocation logging for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "references": [ - "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html#model-invocation-logging-console" - ] - }, - "risk_details": "In Amazon Bedrock, model invocation logging enables you to collect the invocation request and response data, along with metadata, for all 'Converse', 'ConverseStream', 'InvokeModel', and 'InvokeModelWithResponseStream' API calls in your AWS account. Each log entry includes important details such as the timestamp, request ID, model ID, and token usage. Invocation logs can be utilized for troubleshooting, performance enhancements, abuse detection, and security auditing. By default, model invocation logging is disabled.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled with logging were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled with logging were found.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_12", - "3_3_1", - "3_3_2", - "3_3_3", - "3_4_1", - "3_6_1", - "3_6_2", - "3_13_1", - "3_13_2", - "3_14_6", - "3_14_7" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_4" - ], - "HIPAA": [ - "164_308_a_1_ii_d", - "164_308_a_3_ii_a", - "164_308_a_6_ii", - "164_312_b", - "164_312_e_2_i" - ], - "SOC2": [ - "cc_2_1", - "cc_7_2", - "cc_a_1_1" - ], - "C5-2025": [ - "OIS-05.01B", - "OIS-05.02B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-15.03B", - "IAM-07.04B", - "DEV-08.02B", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-12.03AC" - ], - "NIST-CSF-1.1": [ - "ae_1", - "ae_3", - "ae_4", - "cm_1", - "cm_3", - "cm_6", - "cm_7", - "am_3", - "ac_6", - "ds_5", - "ma_2", - "pt_1" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-4", - "ac-2-g", - "au-2-a-d", - "au-3", - "au-6-1-3", - "au-12-a-c", - "ca-7-a-b", - "si-4-16", - "si-4-2", - "si-4-4", - "si-4-5" - ], - "CIS-3.0": [ - "3.1" - ], - "NIST-800-53-Revision-5": [ - "ac_2_4", - "ac_3_1", - "ac_3_10", - "ac_4_26", - "ac_6_9", - "au_2_b", - "au_3_1", - "au_3_a", - "au_3_b", - "au_3_c", - "au_3_d", - "au_3_e", - "au_3_f", - "au_6_3", - "au_6_4", - "au_6_6", - "au_6_9", - "au_8_b", - "au_10", - "au_12_a", - "au_12_c", - "au_12_1", - "au_12_2", - "au_12_3", - "au_12_4", - "au_14_a", - "au_14_b", - "au_14_3", - "ca_7_b", - "cm_5_1_b", - "cm_6_a", - "cm_9_b", - "ia_3_3_b", - "ma_4_1_a", - "pm_14_a_1", - "pm_14_b", - "pm_31", - "sc_7_9_b", - "si_1_1_c", - "si_3_8_b", - "si_4_2", - "si_4_17", - "si_4_20", - "si_7_8", - "si_10_1_c" - ], - "ENS-RD2022": [ - "op.acc.6.r5.aws.iam.1", - "op.exp.5.aws.ct.1", - "op.exp.8.aws.ct.1", - "op.exp.8.aws.ct.6", - "op.exp.9.aws.ct.1", - "op.mon.1.aws.ct.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "CIS-4.0.1": [ - "3.1" - ], - "PCI-4.0": [ - "10.2.1.1.22", - "10.2.1.2.19", - "10.2.1.3.19", - "10.2.1.4.19", - "10.2.1.5.19", - "10.2.1.6.19", - "10.2.1.7.19", - "10.2.1.19", - "10.2.2.19", - "10.3.1.19", - "10.6.3.24", - "5.3.4.22", - "A1.2.1.23" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "au-2", - "ca-7" - ], - "FFIEC": [ - "d2-ma-ma-b-1", - "d2-ma-ma-b-2", - "d3-dc-an-b-3", - "d3-dc-an-b-4", - "d3-dc-an-b-5", - "d3-dc-ev-b-1", - "d3-dc-ev-b-3", - "d3-pc-im-b-3", - "d3-pc-im-b-7", - "d5-dr-de-b-3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "3.2", - "3.2.3", - "3.4", - "3.4.d", - "10.1", - "10.2", - "10.2.1", - "10.2.2", - "10.2.3", - "10.2.4", - "10.2.6", - "10.2.7", - "10.3", - "10.3.1", - "10.3.2", - "10.3.3", - "10.3.4", - "10.3.5", - "10.3.6", - "10.5", - "10.5.4" - ], - "CIS-5.0": [ - "3.1" - ], - "CIS-1.4": [ - "3.1" - ], - "GxP-EU-Annex-11": [ - "1-risk-management", - "4.2-validation-documentation-change-control" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Logging.CN05.AR01", - "CCC.Core.CN08.AR01", - "CCC.Core.CN09.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR03" - ], - "GxP-21-CFR-Part-11": [ - "11.10-e", - "11.10-k", - "11.300-d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "CloudTrail.1" - ], - "CIS-1.5": [ - "3.1" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02", - "SEC04-BP03" - ], - "NIST-800-53-Revision-4": [ - "ac_2_4", - "ac_2", - "au_2", - "au_3", - "au_12", - "cm_2" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "CIS-2.0": [ - "3.1" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Ensure CloudTrail is enabled in all regions", - "title": "Ensure CloudTrail is enabled in all regions", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled-211203495394-ap-northeast-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-northeast-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:ap-northeast-1:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-northeast-1" - }, - "remediation": { - "desc": "Ensure Logging is set to ON on all regions (even if they are not being used at the moment.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrailconcepts.html#cloudtrail-concepts-management-events" - ] - }, - "risk_details": "AWS CloudTrail is a web service that records AWS API calls for your account and delivers log files to you. The recorded information includes the identity of the API caller, the time of the API call, the source IP address of the API caller, the request parameters, and the response elements returned by the AWS service.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled with logging were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled with logging were found.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_12", - "3_3_1", - "3_3_2", - "3_3_3", - "3_4_1", - "3_6_1", - "3_6_2", - "3_13_1", - "3_13_2", - "3_14_6", - "3_14_7" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_4" - ], - "HIPAA": [ - "164_308_a_1_ii_d", - "164_308_a_3_ii_a", - "164_308_a_6_ii", - "164_312_b", - "164_312_e_2_i" - ], - "SOC2": [ - "cc_2_1", - "cc_7_2", - "cc_a_1_1" - ], - "C5-2025": [ - "OIS-05.01B", - "OIS-05.02B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-15.03B", - "IAM-07.04B", - "DEV-08.02B", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-12.03AC" - ], - "NIST-CSF-1.1": [ - "ae_1", - "ae_3", - "ae_4", - "cm_1", - "cm_3", - "cm_6", - "cm_7", - "am_3", - "ac_6", - "ds_5", - "ma_2", - "pt_1" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-4", - "ac-2-g", - "au-2-a-d", - "au-3", - "au-6-1-3", - "au-12-a-c", - "ca-7-a-b", - "si-4-16", - "si-4-2", - "si-4-4", - "si-4-5" - ], - "CIS-3.0": [ - "3.1" - ], - "NIST-800-53-Revision-5": [ - "ac_2_4", - "ac_3_1", - "ac_3_10", - "ac_4_26", - "ac_6_9", - "au_2_b", - "au_3_1", - "au_3_a", - "au_3_b", - "au_3_c", - "au_3_d", - "au_3_e", - "au_3_f", - "au_6_3", - "au_6_4", - "au_6_6", - "au_6_9", - "au_8_b", - "au_10", - "au_12_a", - "au_12_c", - "au_12_1", - "au_12_2", - "au_12_3", - "au_12_4", - "au_14_a", - "au_14_b", - "au_14_3", - "ca_7_b", - "cm_5_1_b", - "cm_6_a", - "cm_9_b", - "ia_3_3_b", - "ma_4_1_a", - "pm_14_a_1", - "pm_14_b", - "pm_31", - "sc_7_9_b", - "si_1_1_c", - "si_3_8_b", - "si_4_2", - "si_4_17", - "si_4_20", - "si_7_8", - "si_10_1_c" - ], - "ENS-RD2022": [ - "op.acc.6.r5.aws.iam.1", - "op.exp.5.aws.ct.1", - "op.exp.8.aws.ct.1", - "op.exp.8.aws.ct.6", - "op.exp.9.aws.ct.1", - "op.mon.1.aws.ct.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "CIS-4.0.1": [ - "3.1" - ], - "PCI-4.0": [ - "10.2.1.1.22", - "10.2.1.2.19", - "10.2.1.3.19", - "10.2.1.4.19", - "10.2.1.5.19", - "10.2.1.6.19", - "10.2.1.7.19", - "10.2.1.19", - "10.2.2.19", - "10.3.1.19", - "10.6.3.24", - "5.3.4.22", - "A1.2.1.23" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "au-2", - "ca-7" - ], - "FFIEC": [ - "d2-ma-ma-b-1", - "d2-ma-ma-b-2", - "d3-dc-an-b-3", - "d3-dc-an-b-4", - "d3-dc-an-b-5", - "d3-dc-ev-b-1", - "d3-dc-ev-b-3", - "d3-pc-im-b-3", - "d3-pc-im-b-7", - "d5-dr-de-b-3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "3.2", - "3.2.3", - "3.4", - "3.4.d", - "10.1", - "10.2", - "10.2.1", - "10.2.2", - "10.2.3", - "10.2.4", - "10.2.6", - "10.2.7", - "10.3", - "10.3.1", - "10.3.2", - "10.3.3", - "10.3.4", - "10.3.5", - "10.3.6", - "10.5", - "10.5.4" - ], - "CIS-5.0": [ - "3.1" - ], - "CIS-1.4": [ - "3.1" - ], - "GxP-EU-Annex-11": [ - "1-risk-management", - "4.2-validation-documentation-change-control" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Logging.CN05.AR01", - "CCC.Core.CN08.AR01", - "CCC.Core.CN09.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR03" - ], - "GxP-21-CFR-Part-11": [ - "11.10-e", - "11.10-k", - "11.300-d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "CloudTrail.1" - ], - "CIS-1.5": [ - "3.1" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02", - "SEC04-BP03" - ], - "NIST-800-53-Revision-4": [ - "ac_2_4", - "ac_2", - "au_2", - "au_3", - "au_12", - "cm_2" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "CIS-2.0": [ - "3.1" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Ensure CloudTrail is enabled in all regions", - "title": "Ensure CloudTrail is enabled in all regions", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled-211203495394-ap-northeast-2-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-northeast-2", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:ap-northeast-2:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-northeast-2" - }, - "remediation": { - "desc": "Ensure Logging is set to ON on all regions (even if they are not being used at the moment.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrailconcepts.html#cloudtrail-concepts-management-events" - ] - }, - "risk_details": "AWS CloudTrail is a web service that records AWS API calls for your account and delivers log files to you. The recorded information includes the identity of the API caller, the time of the API call, the source IP address of the API caller, the request parameters, and the response elements returned by the AWS service.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled with logging were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled with logging were found.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_12", - "3_3_1", - "3_3_2", - "3_3_3", - "3_4_1", - "3_6_1", - "3_6_2", - "3_13_1", - "3_13_2", - "3_14_6", - "3_14_7" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_4" - ], - "HIPAA": [ - "164_308_a_1_ii_d", - "164_308_a_3_ii_a", - "164_308_a_6_ii", - "164_312_b", - "164_312_e_2_i" - ], - "SOC2": [ - "cc_2_1", - "cc_7_2", - "cc_a_1_1" - ], - "C5-2025": [ - "OIS-05.01B", - "OIS-05.02B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-15.03B", - "IAM-07.04B", - "DEV-08.02B", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-12.03AC" - ], - "NIST-CSF-1.1": [ - "ae_1", - "ae_3", - "ae_4", - "cm_1", - "cm_3", - "cm_6", - "cm_7", - "am_3", - "ac_6", - "ds_5", - "ma_2", - "pt_1" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-4", - "ac-2-g", - "au-2-a-d", - "au-3", - "au-6-1-3", - "au-12-a-c", - "ca-7-a-b", - "si-4-16", - "si-4-2", - "si-4-4", - "si-4-5" - ], - "CIS-3.0": [ - "3.1" - ], - "NIST-800-53-Revision-5": [ - "ac_2_4", - "ac_3_1", - "ac_3_10", - "ac_4_26", - "ac_6_9", - "au_2_b", - "au_3_1", - "au_3_a", - "au_3_b", - "au_3_c", - "au_3_d", - "au_3_e", - "au_3_f", - "au_6_3", - "au_6_4", - "au_6_6", - "au_6_9", - "au_8_b", - "au_10", - "au_12_a", - "au_12_c", - "au_12_1", - "au_12_2", - "au_12_3", - "au_12_4", - "au_14_a", - "au_14_b", - "au_14_3", - "ca_7_b", - "cm_5_1_b", - "cm_6_a", - "cm_9_b", - "ia_3_3_b", - "ma_4_1_a", - "pm_14_a_1", - "pm_14_b", - "pm_31", - "sc_7_9_b", - "si_1_1_c", - "si_3_8_b", - "si_4_2", - "si_4_17", - "si_4_20", - "si_7_8", - "si_10_1_c" - ], - "ENS-RD2022": [ - "op.acc.6.r5.aws.iam.1", - "op.exp.5.aws.ct.1", - "op.exp.8.aws.ct.1", - "op.exp.8.aws.ct.6", - "op.exp.9.aws.ct.1", - "op.mon.1.aws.ct.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "CIS-4.0.1": [ - "3.1" - ], - "PCI-4.0": [ - "10.2.1.1.22", - "10.2.1.2.19", - "10.2.1.3.19", - "10.2.1.4.19", - "10.2.1.5.19", - "10.2.1.6.19", - "10.2.1.7.19", - "10.2.1.19", - "10.2.2.19", - "10.3.1.19", - "10.6.3.24", - "5.3.4.22", - "A1.2.1.23" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "au-2", - "ca-7" - ], - "FFIEC": [ - "d2-ma-ma-b-1", - "d2-ma-ma-b-2", - "d3-dc-an-b-3", - "d3-dc-an-b-4", - "d3-dc-an-b-5", - "d3-dc-ev-b-1", - "d3-dc-ev-b-3", - "d3-pc-im-b-3", - "d3-pc-im-b-7", - "d5-dr-de-b-3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "3.2", - "3.2.3", - "3.4", - "3.4.d", - "10.1", - "10.2", - "10.2.1", - "10.2.2", - "10.2.3", - "10.2.4", - "10.2.6", - "10.2.7", - "10.3", - "10.3.1", - "10.3.2", - "10.3.3", - "10.3.4", - "10.3.5", - "10.3.6", - "10.5", - "10.5.4" - ], - "CIS-5.0": [ - "3.1" - ], - "CIS-1.4": [ - "3.1" - ], - "GxP-EU-Annex-11": [ - "1-risk-management", - "4.2-validation-documentation-change-control" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Logging.CN05.AR01", - "CCC.Core.CN08.AR01", - "CCC.Core.CN09.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR03" - ], - "GxP-21-CFR-Part-11": [ - "11.10-e", - "11.10-k", - "11.300-d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "CloudTrail.1" - ], - "CIS-1.5": [ - "3.1" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02", - "SEC04-BP03" - ], - "NIST-800-53-Revision-4": [ - "ac_2_4", - "ac_2", - "au_2", - "au_3", - "au_12", - "cm_2" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "CIS-2.0": [ - "3.1" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Ensure CloudTrail is enabled in all regions", - "title": "Ensure CloudTrail is enabled in all regions", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled-211203495394-ap-northeast-3-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-northeast-3", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:ap-northeast-3:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-northeast-3" - }, - "remediation": { - "desc": "Ensure Logging is set to ON on all regions (even if they are not being used at the moment.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrailconcepts.html#cloudtrail-concepts-management-events" - ] - }, - "risk_details": "AWS CloudTrail is a web service that records AWS API calls for your account and delivers log files to you. The recorded information includes the identity of the API caller, the time of the API call, the source IP address of the API caller, the request parameters, and the response elements returned by the AWS service.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled with logging were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled with logging were found.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_12", - "3_3_1", - "3_3_2", - "3_3_3", - "3_4_1", - "3_6_1", - "3_6_2", - "3_13_1", - "3_13_2", - "3_14_6", - "3_14_7" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_4" - ], - "HIPAA": [ - "164_308_a_1_ii_d", - "164_308_a_3_ii_a", - "164_308_a_6_ii", - "164_312_b", - "164_312_e_2_i" - ], - "SOC2": [ - "cc_2_1", - "cc_7_2", - "cc_a_1_1" - ], - "C5-2025": [ - "OIS-05.01B", - "OIS-05.02B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-15.03B", - "IAM-07.04B", - "DEV-08.02B", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-12.03AC" - ], - "NIST-CSF-1.1": [ - "ae_1", - "ae_3", - "ae_4", - "cm_1", - "cm_3", - "cm_6", - "cm_7", - "am_3", - "ac_6", - "ds_5", - "ma_2", - "pt_1" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-4", - "ac-2-g", - "au-2-a-d", - "au-3", - "au-6-1-3", - "au-12-a-c", - "ca-7-a-b", - "si-4-16", - "si-4-2", - "si-4-4", - "si-4-5" - ], - "CIS-3.0": [ - "3.1" - ], - "NIST-800-53-Revision-5": [ - "ac_2_4", - "ac_3_1", - "ac_3_10", - "ac_4_26", - "ac_6_9", - "au_2_b", - "au_3_1", - "au_3_a", - "au_3_b", - "au_3_c", - "au_3_d", - "au_3_e", - "au_3_f", - "au_6_3", - "au_6_4", - "au_6_6", - "au_6_9", - "au_8_b", - "au_10", - "au_12_a", - "au_12_c", - "au_12_1", - "au_12_2", - "au_12_3", - "au_12_4", - "au_14_a", - "au_14_b", - "au_14_3", - "ca_7_b", - "cm_5_1_b", - "cm_6_a", - "cm_9_b", - "ia_3_3_b", - "ma_4_1_a", - "pm_14_a_1", - "pm_14_b", - "pm_31", - "sc_7_9_b", - "si_1_1_c", - "si_3_8_b", - "si_4_2", - "si_4_17", - "si_4_20", - "si_7_8", - "si_10_1_c" - ], - "ENS-RD2022": [ - "op.acc.6.r5.aws.iam.1", - "op.exp.5.aws.ct.1", - "op.exp.8.aws.ct.1", - "op.exp.8.aws.ct.6", - "op.exp.9.aws.ct.1", - "op.mon.1.aws.ct.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "CIS-4.0.1": [ - "3.1" - ], - "PCI-4.0": [ - "10.2.1.1.22", - "10.2.1.2.19", - "10.2.1.3.19", - "10.2.1.4.19", - "10.2.1.5.19", - "10.2.1.6.19", - "10.2.1.7.19", - "10.2.1.19", - "10.2.2.19", - "10.3.1.19", - "10.6.3.24", - "5.3.4.22", - "A1.2.1.23" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "au-2", - "ca-7" - ], - "FFIEC": [ - "d2-ma-ma-b-1", - "d2-ma-ma-b-2", - "d3-dc-an-b-3", - "d3-dc-an-b-4", - "d3-dc-an-b-5", - "d3-dc-ev-b-1", - "d3-dc-ev-b-3", - "d3-pc-im-b-3", - "d3-pc-im-b-7", - "d5-dr-de-b-3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "3.2", - "3.2.3", - "3.4", - "3.4.d", - "10.1", - "10.2", - "10.2.1", - "10.2.2", - "10.2.3", - "10.2.4", - "10.2.6", - "10.2.7", - "10.3", - "10.3.1", - "10.3.2", - "10.3.3", - "10.3.4", - "10.3.5", - "10.3.6", - "10.5", - "10.5.4" - ], - "CIS-5.0": [ - "3.1" - ], - "CIS-1.4": [ - "3.1" - ], - "GxP-EU-Annex-11": [ - "1-risk-management", - "4.2-validation-documentation-change-control" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Logging.CN05.AR01", - "CCC.Core.CN08.AR01", - "CCC.Core.CN09.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR03" - ], - "GxP-21-CFR-Part-11": [ - "11.10-e", - "11.10-k", - "11.300-d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "CloudTrail.1" - ], - "CIS-1.5": [ - "3.1" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02", - "SEC04-BP03" - ], - "NIST-800-53-Revision-4": [ - "ac_2_4", - "ac_2", - "au_2", - "au_3", - "au_12", - "cm_2" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "CIS-2.0": [ - "3.1" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Ensure CloudTrail is enabled in all regions", - "title": "Ensure CloudTrail is enabled in all regions", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled-211203495394-ap-south-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-south-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:ap-south-1:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-south-1" - }, - "remediation": { - "desc": "Ensure Logging is set to ON on all regions (even if they are not being used at the moment.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrailconcepts.html#cloudtrail-concepts-management-events" - ] - }, - "risk_details": "AWS CloudTrail is a web service that records AWS API calls for your account and delivers log files to you. The recorded information includes the identity of the API caller, the time of the API call, the source IP address of the API caller, the request parameters, and the response elements returned by the AWS service.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled with logging were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled with logging were found.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_12", - "3_3_1", - "3_3_2", - "3_3_3", - "3_4_1", - "3_6_1", - "3_6_2", - "3_13_1", - "3_13_2", - "3_14_6", - "3_14_7" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_4" - ], - "HIPAA": [ - "164_308_a_1_ii_d", - "164_308_a_3_ii_a", - "164_308_a_6_ii", - "164_312_b", - "164_312_e_2_i" - ], - "SOC2": [ - "cc_2_1", - "cc_7_2", - "cc_a_1_1" - ], - "C5-2025": [ - "OIS-05.01B", - "OIS-05.02B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-15.03B", - "IAM-07.04B", - "DEV-08.02B", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-12.03AC" - ], - "NIST-CSF-1.1": [ - "ae_1", - "ae_3", - "ae_4", - "cm_1", - "cm_3", - "cm_6", - "cm_7", - "am_3", - "ac_6", - "ds_5", - "ma_2", - "pt_1" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-4", - "ac-2-g", - "au-2-a-d", - "au-3", - "au-6-1-3", - "au-12-a-c", - "ca-7-a-b", - "si-4-16", - "si-4-2", - "si-4-4", - "si-4-5" - ], - "CIS-3.0": [ - "3.1" - ], - "NIST-800-53-Revision-5": [ - "ac_2_4", - "ac_3_1", - "ac_3_10", - "ac_4_26", - "ac_6_9", - "au_2_b", - "au_3_1", - "au_3_a", - "au_3_b", - "au_3_c", - "au_3_d", - "au_3_e", - "au_3_f", - "au_6_3", - "au_6_4", - "au_6_6", - "au_6_9", - "au_8_b", - "au_10", - "au_12_a", - "au_12_c", - "au_12_1", - "au_12_2", - "au_12_3", - "au_12_4", - "au_14_a", - "au_14_b", - "au_14_3", - "ca_7_b", - "cm_5_1_b", - "cm_6_a", - "cm_9_b", - "ia_3_3_b", - "ma_4_1_a", - "pm_14_a_1", - "pm_14_b", - "pm_31", - "sc_7_9_b", - "si_1_1_c", - "si_3_8_b", - "si_4_2", - "si_4_17", - "si_4_20", - "si_7_8", - "si_10_1_c" - ], - "ENS-RD2022": [ - "op.acc.6.r5.aws.iam.1", - "op.exp.5.aws.ct.1", - "op.exp.8.aws.ct.1", - "op.exp.8.aws.ct.6", - "op.exp.9.aws.ct.1", - "op.mon.1.aws.ct.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "CIS-4.0.1": [ - "3.1" - ], - "PCI-4.0": [ - "10.2.1.1.22", - "10.2.1.2.19", - "10.2.1.3.19", - "10.2.1.4.19", - "10.2.1.5.19", - "10.2.1.6.19", - "10.2.1.7.19", - "10.2.1.19", - "10.2.2.19", - "10.3.1.19", - "10.6.3.24", - "5.3.4.22", - "A1.2.1.23" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "au-2", - "ca-7" - ], - "FFIEC": [ - "d2-ma-ma-b-1", - "d2-ma-ma-b-2", - "d3-dc-an-b-3", - "d3-dc-an-b-4", - "d3-dc-an-b-5", - "d3-dc-ev-b-1", - "d3-dc-ev-b-3", - "d3-pc-im-b-3", - "d3-pc-im-b-7", - "d5-dr-de-b-3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "3.2", - "3.2.3", - "3.4", - "3.4.d", - "10.1", - "10.2", - "10.2.1", - "10.2.2", - "10.2.3", - "10.2.4", - "10.2.6", - "10.2.7", - "10.3", - "10.3.1", - "10.3.2", - "10.3.3", - "10.3.4", - "10.3.5", - "10.3.6", - "10.5", - "10.5.4" - ], - "CIS-5.0": [ - "3.1" - ], - "CIS-1.4": [ - "3.1" - ], - "GxP-EU-Annex-11": [ - "1-risk-management", - "4.2-validation-documentation-change-control" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Logging.CN05.AR01", - "CCC.Core.CN08.AR01", - "CCC.Core.CN09.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR03" - ], - "GxP-21-CFR-Part-11": [ - "11.10-e", - "11.10-k", - "11.300-d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "CloudTrail.1" - ], - "CIS-1.5": [ - "3.1" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02", - "SEC04-BP03" - ], - "NIST-800-53-Revision-4": [ - "ac_2_4", - "ac_2", - "au_2", - "au_3", - "au_12", - "cm_2" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "CIS-2.0": [ - "3.1" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Ensure CloudTrail is enabled in all regions", - "title": "Ensure CloudTrail is enabled in all regions", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled-211203495394-ap-southeast-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-southeast-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:ap-southeast-1:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-southeast-1" - }, - "remediation": { - "desc": "Ensure Logging is set to ON on all regions (even if they are not being used at the moment.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrailconcepts.html#cloudtrail-concepts-management-events" - ] - }, - "risk_details": "AWS CloudTrail is a web service that records AWS API calls for your account and delivers log files to you. The recorded information includes the identity of the API caller, the time of the API call, the source IP address of the API caller, the request parameters, and the response elements returned by the AWS service.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled with logging were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled with logging were found.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_12", - "3_3_1", - "3_3_2", - "3_3_3", - "3_4_1", - "3_6_1", - "3_6_2", - "3_13_1", - "3_13_2", - "3_14_6", - "3_14_7" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_4" - ], - "HIPAA": [ - "164_308_a_1_ii_d", - "164_308_a_3_ii_a", - "164_308_a_6_ii", - "164_312_b", - "164_312_e_2_i" - ], - "SOC2": [ - "cc_2_1", - "cc_7_2", - "cc_a_1_1" - ], - "C5-2025": [ - "OIS-05.01B", - "OIS-05.02B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-15.03B", - "IAM-07.04B", - "DEV-08.02B", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-12.03AC" - ], - "NIST-CSF-1.1": [ - "ae_1", - "ae_3", - "ae_4", - "cm_1", - "cm_3", - "cm_6", - "cm_7", - "am_3", - "ac_6", - "ds_5", - "ma_2", - "pt_1" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-4", - "ac-2-g", - "au-2-a-d", - "au-3", - "au-6-1-3", - "au-12-a-c", - "ca-7-a-b", - "si-4-16", - "si-4-2", - "si-4-4", - "si-4-5" - ], - "CIS-3.0": [ - "3.1" - ], - "NIST-800-53-Revision-5": [ - "ac_2_4", - "ac_3_1", - "ac_3_10", - "ac_4_26", - "ac_6_9", - "au_2_b", - "au_3_1", - "au_3_a", - "au_3_b", - "au_3_c", - "au_3_d", - "au_3_e", - "au_3_f", - "au_6_3", - "au_6_4", - "au_6_6", - "au_6_9", - "au_8_b", - "au_10", - "au_12_a", - "au_12_c", - "au_12_1", - "au_12_2", - "au_12_3", - "au_12_4", - "au_14_a", - "au_14_b", - "au_14_3", - "ca_7_b", - "cm_5_1_b", - "cm_6_a", - "cm_9_b", - "ia_3_3_b", - "ma_4_1_a", - "pm_14_a_1", - "pm_14_b", - "pm_31", - "sc_7_9_b", - "si_1_1_c", - "si_3_8_b", - "si_4_2", - "si_4_17", - "si_4_20", - "si_7_8", - "si_10_1_c" - ], - "ENS-RD2022": [ - "op.acc.6.r5.aws.iam.1", - "op.exp.5.aws.ct.1", - "op.exp.8.aws.ct.1", - "op.exp.8.aws.ct.6", - "op.exp.9.aws.ct.1", - "op.mon.1.aws.ct.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "CIS-4.0.1": [ - "3.1" - ], - "PCI-4.0": [ - "10.2.1.1.22", - "10.2.1.2.19", - "10.2.1.3.19", - "10.2.1.4.19", - "10.2.1.5.19", - "10.2.1.6.19", - "10.2.1.7.19", - "10.2.1.19", - "10.2.2.19", - "10.3.1.19", - "10.6.3.24", - "5.3.4.22", - "A1.2.1.23" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "au-2", - "ca-7" - ], - "FFIEC": [ - "d2-ma-ma-b-1", - "d2-ma-ma-b-2", - "d3-dc-an-b-3", - "d3-dc-an-b-4", - "d3-dc-an-b-5", - "d3-dc-ev-b-1", - "d3-dc-ev-b-3", - "d3-pc-im-b-3", - "d3-pc-im-b-7", - "d5-dr-de-b-3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "3.2", - "3.2.3", - "3.4", - "3.4.d", - "10.1", - "10.2", - "10.2.1", - "10.2.2", - "10.2.3", - "10.2.4", - "10.2.6", - "10.2.7", - "10.3", - "10.3.1", - "10.3.2", - "10.3.3", - "10.3.4", - "10.3.5", - "10.3.6", - "10.5", - "10.5.4" - ], - "CIS-5.0": [ - "3.1" - ], - "CIS-1.4": [ - "3.1" - ], - "GxP-EU-Annex-11": [ - "1-risk-management", - "4.2-validation-documentation-change-control" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Logging.CN05.AR01", - "CCC.Core.CN08.AR01", - "CCC.Core.CN09.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR03" - ], - "GxP-21-CFR-Part-11": [ - "11.10-e", - "11.10-k", - "11.300-d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "CloudTrail.1" - ], - "CIS-1.5": [ - "3.1" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02", - "SEC04-BP03" - ], - "NIST-800-53-Revision-4": [ - "ac_2_4", - "ac_2", - "au_2", - "au_3", - "au_12", - "cm_2" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "CIS-2.0": [ - "3.1" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Ensure CloudTrail is enabled in all regions", - "title": "Ensure CloudTrail is enabled in all regions", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled-211203495394-ap-southeast-2-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-southeast-2", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:ap-southeast-2:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-southeast-2" - }, - "remediation": { - "desc": "Ensure Logging is set to ON on all regions (even if they are not being used at the moment.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrailconcepts.html#cloudtrail-concepts-management-events" - ] - }, - "risk_details": "AWS CloudTrail is a web service that records AWS API calls for your account and delivers log files to you. The recorded information includes the identity of the API caller, the time of the API call, the source IP address of the API caller, the request parameters, and the response elements returned by the AWS service.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled with logging were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled with logging were found.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_12", - "3_3_1", - "3_3_2", - "3_3_3", - "3_4_1", - "3_6_1", - "3_6_2", - "3_13_1", - "3_13_2", - "3_14_6", - "3_14_7" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_4" - ], - "HIPAA": [ - "164_308_a_1_ii_d", - "164_308_a_3_ii_a", - "164_308_a_6_ii", - "164_312_b", - "164_312_e_2_i" - ], - "SOC2": [ - "cc_2_1", - "cc_7_2", - "cc_a_1_1" - ], - "C5-2025": [ - "OIS-05.01B", - "OIS-05.02B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-15.03B", - "IAM-07.04B", - "DEV-08.02B", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-12.03AC" - ], - "NIST-CSF-1.1": [ - "ae_1", - "ae_3", - "ae_4", - "cm_1", - "cm_3", - "cm_6", - "cm_7", - "am_3", - "ac_6", - "ds_5", - "ma_2", - "pt_1" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-4", - "ac-2-g", - "au-2-a-d", - "au-3", - "au-6-1-3", - "au-12-a-c", - "ca-7-a-b", - "si-4-16", - "si-4-2", - "si-4-4", - "si-4-5" - ], - "CIS-3.0": [ - "3.1" - ], - "NIST-800-53-Revision-5": [ - "ac_2_4", - "ac_3_1", - "ac_3_10", - "ac_4_26", - "ac_6_9", - "au_2_b", - "au_3_1", - "au_3_a", - "au_3_b", - "au_3_c", - "au_3_d", - "au_3_e", - "au_3_f", - "au_6_3", - "au_6_4", - "au_6_6", - "au_6_9", - "au_8_b", - "au_10", - "au_12_a", - "au_12_c", - "au_12_1", - "au_12_2", - "au_12_3", - "au_12_4", - "au_14_a", - "au_14_b", - "au_14_3", - "ca_7_b", - "cm_5_1_b", - "cm_6_a", - "cm_9_b", - "ia_3_3_b", - "ma_4_1_a", - "pm_14_a_1", - "pm_14_b", - "pm_31", - "sc_7_9_b", - "si_1_1_c", - "si_3_8_b", - "si_4_2", - "si_4_17", - "si_4_20", - "si_7_8", - "si_10_1_c" - ], - "ENS-RD2022": [ - "op.acc.6.r5.aws.iam.1", - "op.exp.5.aws.ct.1", - "op.exp.8.aws.ct.1", - "op.exp.8.aws.ct.6", - "op.exp.9.aws.ct.1", - "op.mon.1.aws.ct.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "CIS-4.0.1": [ - "3.1" - ], - "PCI-4.0": [ - "10.2.1.1.22", - "10.2.1.2.19", - "10.2.1.3.19", - "10.2.1.4.19", - "10.2.1.5.19", - "10.2.1.6.19", - "10.2.1.7.19", - "10.2.1.19", - "10.2.2.19", - "10.3.1.19", - "10.6.3.24", - "5.3.4.22", - "A1.2.1.23" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "au-2", - "ca-7" - ], - "FFIEC": [ - "d2-ma-ma-b-1", - "d2-ma-ma-b-2", - "d3-dc-an-b-3", - "d3-dc-an-b-4", - "d3-dc-an-b-5", - "d3-dc-ev-b-1", - "d3-dc-ev-b-3", - "d3-pc-im-b-3", - "d3-pc-im-b-7", - "d5-dr-de-b-3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "3.2", - "3.2.3", - "3.4", - "3.4.d", - "10.1", - "10.2", - "10.2.1", - "10.2.2", - "10.2.3", - "10.2.4", - "10.2.6", - "10.2.7", - "10.3", - "10.3.1", - "10.3.2", - "10.3.3", - "10.3.4", - "10.3.5", - "10.3.6", - "10.5", - "10.5.4" - ], - "CIS-5.0": [ - "3.1" - ], - "CIS-1.4": [ - "3.1" - ], - "GxP-EU-Annex-11": [ - "1-risk-management", - "4.2-validation-documentation-change-control" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Logging.CN05.AR01", - "CCC.Core.CN08.AR01", - "CCC.Core.CN09.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR03" - ], - "GxP-21-CFR-Part-11": [ - "11.10-e", - "11.10-k", - "11.300-d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "CloudTrail.1" - ], - "CIS-1.5": [ - "3.1" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02", - "SEC04-BP03" - ], - "NIST-800-53-Revision-4": [ - "ac_2_4", - "ac_2", - "au_2", - "au_3", - "au_12", - "cm_2" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "CIS-2.0": [ - "3.1" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Ensure CloudTrail is enabled in all regions", - "title": "Ensure CloudTrail is enabled in all regions", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled-211203495394-ca-central-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ca-central-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:ca-central-1:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ca-central-1" - }, - "remediation": { - "desc": "Ensure Logging is set to ON on all regions (even if they are not being used at the moment.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrailconcepts.html#cloudtrail-concepts-management-events" - ] - }, - "risk_details": "AWS CloudTrail is a web service that records AWS API calls for your account and delivers log files to you. The recorded information includes the identity of the API caller, the time of the API call, the source IP address of the API caller, the request parameters, and the response elements returned by the AWS service.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled with logging were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled with logging were found.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_12", - "3_3_1", - "3_3_2", - "3_3_3", - "3_4_1", - "3_6_1", - "3_6_2", - "3_13_1", - "3_13_2", - "3_14_6", - "3_14_7" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_4" - ], - "HIPAA": [ - "164_308_a_1_ii_d", - "164_308_a_3_ii_a", - "164_308_a_6_ii", - "164_312_b", - "164_312_e_2_i" - ], - "SOC2": [ - "cc_2_1", - "cc_7_2", - "cc_a_1_1" - ], - "C5-2025": [ - "OIS-05.01B", - "OIS-05.02B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-15.03B", - "IAM-07.04B", - "DEV-08.02B", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-12.03AC" - ], - "NIST-CSF-1.1": [ - "ae_1", - "ae_3", - "ae_4", - "cm_1", - "cm_3", - "cm_6", - "cm_7", - "am_3", - "ac_6", - "ds_5", - "ma_2", - "pt_1" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-4", - "ac-2-g", - "au-2-a-d", - "au-3", - "au-6-1-3", - "au-12-a-c", - "ca-7-a-b", - "si-4-16", - "si-4-2", - "si-4-4", - "si-4-5" - ], - "CIS-3.0": [ - "3.1" - ], - "NIST-800-53-Revision-5": [ - "ac_2_4", - "ac_3_1", - "ac_3_10", - "ac_4_26", - "ac_6_9", - "au_2_b", - "au_3_1", - "au_3_a", - "au_3_b", - "au_3_c", - "au_3_d", - "au_3_e", - "au_3_f", - "au_6_3", - "au_6_4", - "au_6_6", - "au_6_9", - "au_8_b", - "au_10", - "au_12_a", - "au_12_c", - "au_12_1", - "au_12_2", - "au_12_3", - "au_12_4", - "au_14_a", - "au_14_b", - "au_14_3", - "ca_7_b", - "cm_5_1_b", - "cm_6_a", - "cm_9_b", - "ia_3_3_b", - "ma_4_1_a", - "pm_14_a_1", - "pm_14_b", - "pm_31", - "sc_7_9_b", - "si_1_1_c", - "si_3_8_b", - "si_4_2", - "si_4_17", - "si_4_20", - "si_7_8", - "si_10_1_c" - ], - "ENS-RD2022": [ - "op.acc.6.r5.aws.iam.1", - "op.exp.5.aws.ct.1", - "op.exp.8.aws.ct.1", - "op.exp.8.aws.ct.6", - "op.exp.9.aws.ct.1", - "op.mon.1.aws.ct.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "CIS-4.0.1": [ - "3.1" - ], - "PCI-4.0": [ - "10.2.1.1.22", - "10.2.1.2.19", - "10.2.1.3.19", - "10.2.1.4.19", - "10.2.1.5.19", - "10.2.1.6.19", - "10.2.1.7.19", - "10.2.1.19", - "10.2.2.19", - "10.3.1.19", - "10.6.3.24", - "5.3.4.22", - "A1.2.1.23" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "au-2", - "ca-7" - ], - "FFIEC": [ - "d2-ma-ma-b-1", - "d2-ma-ma-b-2", - "d3-dc-an-b-3", - "d3-dc-an-b-4", - "d3-dc-an-b-5", - "d3-dc-ev-b-1", - "d3-dc-ev-b-3", - "d3-pc-im-b-3", - "d3-pc-im-b-7", - "d5-dr-de-b-3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "3.2", - "3.2.3", - "3.4", - "3.4.d", - "10.1", - "10.2", - "10.2.1", - "10.2.2", - "10.2.3", - "10.2.4", - "10.2.6", - "10.2.7", - "10.3", - "10.3.1", - "10.3.2", - "10.3.3", - "10.3.4", - "10.3.5", - "10.3.6", - "10.5", - "10.5.4" - ], - "CIS-5.0": [ - "3.1" - ], - "CIS-1.4": [ - "3.1" - ], - "GxP-EU-Annex-11": [ - "1-risk-management", - "4.2-validation-documentation-change-control" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Logging.CN05.AR01", - "CCC.Core.CN08.AR01", - "CCC.Core.CN09.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR03" - ], - "GxP-21-CFR-Part-11": [ - "11.10-e", - "11.10-k", - "11.300-d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "CloudTrail.1" - ], - "CIS-1.5": [ - "3.1" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02", - "SEC04-BP03" - ], - "NIST-800-53-Revision-4": [ - "ac_2_4", - "ac_2", - "au_2", - "au_3", - "au_12", - "cm_2" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "CIS-2.0": [ - "3.1" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Ensure CloudTrail is enabled in all regions", - "title": "Ensure CloudTrail is enabled in all regions", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled-211203495394-eu-central-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-central-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:eu-central-1:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-central-1" - }, - "remediation": { - "desc": "Ensure Logging is set to ON on all regions (even if they are not being used at the moment.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrailconcepts.html#cloudtrail-concepts-management-events" - ] - }, - "risk_details": "AWS CloudTrail is a web service that records AWS API calls for your account and delivers log files to you. The recorded information includes the identity of the API caller, the time of the API call, the source IP address of the API caller, the request parameters, and the response elements returned by the AWS service.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled with logging were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled with logging were found.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_12", - "3_3_1", - "3_3_2", - "3_3_3", - "3_4_1", - "3_6_1", - "3_6_2", - "3_13_1", - "3_13_2", - "3_14_6", - "3_14_7" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_4" - ], - "HIPAA": [ - "164_308_a_1_ii_d", - "164_308_a_3_ii_a", - "164_308_a_6_ii", - "164_312_b", - "164_312_e_2_i" - ], - "SOC2": [ - "cc_2_1", - "cc_7_2", - "cc_a_1_1" - ], - "C5-2025": [ - "OIS-05.01B", - "OIS-05.02B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-15.03B", - "IAM-07.04B", - "DEV-08.02B", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-12.03AC" - ], - "NIST-CSF-1.1": [ - "ae_1", - "ae_3", - "ae_4", - "cm_1", - "cm_3", - "cm_6", - "cm_7", - "am_3", - "ac_6", - "ds_5", - "ma_2", - "pt_1" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-4", - "ac-2-g", - "au-2-a-d", - "au-3", - "au-6-1-3", - "au-12-a-c", - "ca-7-a-b", - "si-4-16", - "si-4-2", - "si-4-4", - "si-4-5" - ], - "CIS-3.0": [ - "3.1" - ], - "NIST-800-53-Revision-5": [ - "ac_2_4", - "ac_3_1", - "ac_3_10", - "ac_4_26", - "ac_6_9", - "au_2_b", - "au_3_1", - "au_3_a", - "au_3_b", - "au_3_c", - "au_3_d", - "au_3_e", - "au_3_f", - "au_6_3", - "au_6_4", - "au_6_6", - "au_6_9", - "au_8_b", - "au_10", - "au_12_a", - "au_12_c", - "au_12_1", - "au_12_2", - "au_12_3", - "au_12_4", - "au_14_a", - "au_14_b", - "au_14_3", - "ca_7_b", - "cm_5_1_b", - "cm_6_a", - "cm_9_b", - "ia_3_3_b", - "ma_4_1_a", - "pm_14_a_1", - "pm_14_b", - "pm_31", - "sc_7_9_b", - "si_1_1_c", - "si_3_8_b", - "si_4_2", - "si_4_17", - "si_4_20", - "si_7_8", - "si_10_1_c" - ], - "ENS-RD2022": [ - "op.acc.6.r5.aws.iam.1", - "op.exp.5.aws.ct.1", - "op.exp.8.aws.ct.1", - "op.exp.8.aws.ct.6", - "op.exp.9.aws.ct.1", - "op.mon.1.aws.ct.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "CIS-4.0.1": [ - "3.1" - ], - "PCI-4.0": [ - "10.2.1.1.22", - "10.2.1.2.19", - "10.2.1.3.19", - "10.2.1.4.19", - "10.2.1.5.19", - "10.2.1.6.19", - "10.2.1.7.19", - "10.2.1.19", - "10.2.2.19", - "10.3.1.19", - "10.6.3.24", - "5.3.4.22", - "A1.2.1.23" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "au-2", - "ca-7" - ], - "FFIEC": [ - "d2-ma-ma-b-1", - "d2-ma-ma-b-2", - "d3-dc-an-b-3", - "d3-dc-an-b-4", - "d3-dc-an-b-5", - "d3-dc-ev-b-1", - "d3-dc-ev-b-3", - "d3-pc-im-b-3", - "d3-pc-im-b-7", - "d5-dr-de-b-3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "3.2", - "3.2.3", - "3.4", - "3.4.d", - "10.1", - "10.2", - "10.2.1", - "10.2.2", - "10.2.3", - "10.2.4", - "10.2.6", - "10.2.7", - "10.3", - "10.3.1", - "10.3.2", - "10.3.3", - "10.3.4", - "10.3.5", - "10.3.6", - "10.5", - "10.5.4" - ], - "CIS-5.0": [ - "3.1" - ], - "CIS-1.4": [ - "3.1" - ], - "GxP-EU-Annex-11": [ - "1-risk-management", - "4.2-validation-documentation-change-control" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Logging.CN05.AR01", - "CCC.Core.CN08.AR01", - "CCC.Core.CN09.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR03" - ], - "GxP-21-CFR-Part-11": [ - "11.10-e", - "11.10-k", - "11.300-d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "CloudTrail.1" - ], - "CIS-1.5": [ - "3.1" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02", - "SEC04-BP03" - ], - "NIST-800-53-Revision-4": [ - "ac_2_4", - "ac_2", - "au_2", - "au_3", - "au_12", - "cm_2" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "CIS-2.0": [ - "3.1" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Ensure CloudTrail is enabled in all regions", - "title": "Ensure CloudTrail is enabled in all regions", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled-211203495394-eu-north-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-north-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:eu-north-1:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-north-1" - }, - "remediation": { - "desc": "Ensure Logging is set to ON on all regions (even if they are not being used at the moment.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrailconcepts.html#cloudtrail-concepts-management-events" - ] - }, - "risk_details": "AWS CloudTrail is a web service that records AWS API calls for your account and delivers log files to you. The recorded information includes the identity of the API caller, the time of the API call, the source IP address of the API caller, the request parameters, and the response elements returned by the AWS service.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled with logging were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled with logging were found.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_12", - "3_3_1", - "3_3_2", - "3_3_3", - "3_4_1", - "3_6_1", - "3_6_2", - "3_13_1", - "3_13_2", - "3_14_6", - "3_14_7" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_4" - ], - "HIPAA": [ - "164_308_a_1_ii_d", - "164_308_a_3_ii_a", - "164_308_a_6_ii", - "164_312_b", - "164_312_e_2_i" - ], - "SOC2": [ - "cc_2_1", - "cc_7_2", - "cc_a_1_1" - ], - "C5-2025": [ - "OIS-05.01B", - "OIS-05.02B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-15.03B", - "IAM-07.04B", - "DEV-08.02B", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-12.03AC" - ], - "NIST-CSF-1.1": [ - "ae_1", - "ae_3", - "ae_4", - "cm_1", - "cm_3", - "cm_6", - "cm_7", - "am_3", - "ac_6", - "ds_5", - "ma_2", - "pt_1" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-4", - "ac-2-g", - "au-2-a-d", - "au-3", - "au-6-1-3", - "au-12-a-c", - "ca-7-a-b", - "si-4-16", - "si-4-2", - "si-4-4", - "si-4-5" - ], - "CIS-3.0": [ - "3.1" - ], - "NIST-800-53-Revision-5": [ - "ac_2_4", - "ac_3_1", - "ac_3_10", - "ac_4_26", - "ac_6_9", - "au_2_b", - "au_3_1", - "au_3_a", - "au_3_b", - "au_3_c", - "au_3_d", - "au_3_e", - "au_3_f", - "au_6_3", - "au_6_4", - "au_6_6", - "au_6_9", - "au_8_b", - "au_10", - "au_12_a", - "au_12_c", - "au_12_1", - "au_12_2", - "au_12_3", - "au_12_4", - "au_14_a", - "au_14_b", - "au_14_3", - "ca_7_b", - "cm_5_1_b", - "cm_6_a", - "cm_9_b", - "ia_3_3_b", - "ma_4_1_a", - "pm_14_a_1", - "pm_14_b", - "pm_31", - "sc_7_9_b", - "si_1_1_c", - "si_3_8_b", - "si_4_2", - "si_4_17", - "si_4_20", - "si_7_8", - "si_10_1_c" - ], - "ENS-RD2022": [ - "op.acc.6.r5.aws.iam.1", - "op.exp.5.aws.ct.1", - "op.exp.8.aws.ct.1", - "op.exp.8.aws.ct.6", - "op.exp.9.aws.ct.1", - "op.mon.1.aws.ct.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "CIS-4.0.1": [ - "3.1" - ], - "PCI-4.0": [ - "10.2.1.1.22", - "10.2.1.2.19", - "10.2.1.3.19", - "10.2.1.4.19", - "10.2.1.5.19", - "10.2.1.6.19", - "10.2.1.7.19", - "10.2.1.19", - "10.2.2.19", - "10.3.1.19", - "10.6.3.24", - "5.3.4.22", - "A1.2.1.23" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "au-2", - "ca-7" - ], - "FFIEC": [ - "d2-ma-ma-b-1", - "d2-ma-ma-b-2", - "d3-dc-an-b-3", - "d3-dc-an-b-4", - "d3-dc-an-b-5", - "d3-dc-ev-b-1", - "d3-dc-ev-b-3", - "d3-pc-im-b-3", - "d3-pc-im-b-7", - "d5-dr-de-b-3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "3.2", - "3.2.3", - "3.4", - "3.4.d", - "10.1", - "10.2", - "10.2.1", - "10.2.2", - "10.2.3", - "10.2.4", - "10.2.6", - "10.2.7", - "10.3", - "10.3.1", - "10.3.2", - "10.3.3", - "10.3.4", - "10.3.5", - "10.3.6", - "10.5", - "10.5.4" - ], - "CIS-5.0": [ - "3.1" - ], - "CIS-1.4": [ - "3.1" - ], - "GxP-EU-Annex-11": [ - "1-risk-management", - "4.2-validation-documentation-change-control" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Logging.CN05.AR01", - "CCC.Core.CN08.AR01", - "CCC.Core.CN09.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR03" - ], - "GxP-21-CFR-Part-11": [ - "11.10-e", - "11.10-k", - "11.300-d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "CloudTrail.1" - ], - "CIS-1.5": [ - "3.1" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02", - "SEC04-BP03" - ], - "NIST-800-53-Revision-4": [ - "ac_2_4", - "ac_2", - "au_2", - "au_3", - "au_12", - "cm_2" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "CIS-2.0": [ - "3.1" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Ensure CloudTrail is enabled in all regions", - "title": "Ensure CloudTrail is enabled in all regions", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled-211203495394-eu-west-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:eu-west-1:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Ensure Logging is set to ON on all regions (even if they are not being used at the moment.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrailconcepts.html#cloudtrail-concepts-management-events" - ] - }, - "risk_details": "AWS CloudTrail is a web service that records AWS API calls for your account and delivers log files to you. The recorded information includes the identity of the API caller, the time of the API call, the source IP address of the API caller, the request parameters, and the response elements returned by the AWS service.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled with logging were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled with logging were found.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_12", - "3_3_1", - "3_3_2", - "3_3_3", - "3_4_1", - "3_6_1", - "3_6_2", - "3_13_1", - "3_13_2", - "3_14_6", - "3_14_7" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_4" - ], - "HIPAA": [ - "164_308_a_1_ii_d", - "164_308_a_3_ii_a", - "164_308_a_6_ii", - "164_312_b", - "164_312_e_2_i" - ], - "SOC2": [ - "cc_2_1", - "cc_7_2", - "cc_a_1_1" - ], - "C5-2025": [ - "OIS-05.01B", - "OIS-05.02B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-15.03B", - "IAM-07.04B", - "DEV-08.02B", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-12.03AC" - ], - "NIST-CSF-1.1": [ - "ae_1", - "ae_3", - "ae_4", - "cm_1", - "cm_3", - "cm_6", - "cm_7", - "am_3", - "ac_6", - "ds_5", - "ma_2", - "pt_1" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-4", - "ac-2-g", - "au-2-a-d", - "au-3", - "au-6-1-3", - "au-12-a-c", - "ca-7-a-b", - "si-4-16", - "si-4-2", - "si-4-4", - "si-4-5" - ], - "CIS-3.0": [ - "3.1" - ], - "NIST-800-53-Revision-5": [ - "ac_2_4", - "ac_3_1", - "ac_3_10", - "ac_4_26", - "ac_6_9", - "au_2_b", - "au_3_1", - "au_3_a", - "au_3_b", - "au_3_c", - "au_3_d", - "au_3_e", - "au_3_f", - "au_6_3", - "au_6_4", - "au_6_6", - "au_6_9", - "au_8_b", - "au_10", - "au_12_a", - "au_12_c", - "au_12_1", - "au_12_2", - "au_12_3", - "au_12_4", - "au_14_a", - "au_14_b", - "au_14_3", - "ca_7_b", - "cm_5_1_b", - "cm_6_a", - "cm_9_b", - "ia_3_3_b", - "ma_4_1_a", - "pm_14_a_1", - "pm_14_b", - "pm_31", - "sc_7_9_b", - "si_1_1_c", - "si_3_8_b", - "si_4_2", - "si_4_17", - "si_4_20", - "si_7_8", - "si_10_1_c" - ], - "ENS-RD2022": [ - "op.acc.6.r5.aws.iam.1", - "op.exp.5.aws.ct.1", - "op.exp.8.aws.ct.1", - "op.exp.8.aws.ct.6", - "op.exp.9.aws.ct.1", - "op.mon.1.aws.ct.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "CIS-4.0.1": [ - "3.1" - ], - "PCI-4.0": [ - "10.2.1.1.22", - "10.2.1.2.19", - "10.2.1.3.19", - "10.2.1.4.19", - "10.2.1.5.19", - "10.2.1.6.19", - "10.2.1.7.19", - "10.2.1.19", - "10.2.2.19", - "10.3.1.19", - "10.6.3.24", - "5.3.4.22", - "A1.2.1.23" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "au-2", - "ca-7" - ], - "FFIEC": [ - "d2-ma-ma-b-1", - "d2-ma-ma-b-2", - "d3-dc-an-b-3", - "d3-dc-an-b-4", - "d3-dc-an-b-5", - "d3-dc-ev-b-1", - "d3-dc-ev-b-3", - "d3-pc-im-b-3", - "d3-pc-im-b-7", - "d5-dr-de-b-3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "3.2", - "3.2.3", - "3.4", - "3.4.d", - "10.1", - "10.2", - "10.2.1", - "10.2.2", - "10.2.3", - "10.2.4", - "10.2.6", - "10.2.7", - "10.3", - "10.3.1", - "10.3.2", - "10.3.3", - "10.3.4", - "10.3.5", - "10.3.6", - "10.5", - "10.5.4" - ], - "CIS-5.0": [ - "3.1" - ], - "CIS-1.4": [ - "3.1" - ], - "GxP-EU-Annex-11": [ - "1-risk-management", - "4.2-validation-documentation-change-control" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Logging.CN05.AR01", - "CCC.Core.CN08.AR01", - "CCC.Core.CN09.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR03" - ], - "GxP-21-CFR-Part-11": [ - "11.10-e", - "11.10-k", - "11.300-d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "CloudTrail.1" - ], - "CIS-1.5": [ - "3.1" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02", - "SEC04-BP03" - ], - "NIST-800-53-Revision-4": [ - "ac_2_4", - "ac_2", - "au_2", - "au_3", - "au_12", - "cm_2" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "CIS-2.0": [ - "3.1" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Ensure CloudTrail is enabled in all regions", - "title": "Ensure CloudTrail is enabled in all regions", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled-211203495394-eu-west-2-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-2", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:eu-west-2:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-2" - }, - "remediation": { - "desc": "Ensure Logging is set to ON on all regions (even if they are not being used at the moment.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrailconcepts.html#cloudtrail-concepts-management-events" - ] - }, - "risk_details": "AWS CloudTrail is a web service that records AWS API calls for your account and delivers log files to you. The recorded information includes the identity of the API caller, the time of the API call, the source IP address of the API caller, the request parameters, and the response elements returned by the AWS service.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled with logging were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled with logging were found.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_12", - "3_3_1", - "3_3_2", - "3_3_3", - "3_4_1", - "3_6_1", - "3_6_2", - "3_13_1", - "3_13_2", - "3_14_6", - "3_14_7" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_4" - ], - "HIPAA": [ - "164_308_a_1_ii_d", - "164_308_a_3_ii_a", - "164_308_a_6_ii", - "164_312_b", - "164_312_e_2_i" - ], - "SOC2": [ - "cc_2_1", - "cc_7_2", - "cc_a_1_1" - ], - "C5-2025": [ - "OIS-05.01B", - "OIS-05.02B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-15.03B", - "IAM-07.04B", - "DEV-08.02B", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-12.03AC" - ], - "NIST-CSF-1.1": [ - "ae_1", - "ae_3", - "ae_4", - "cm_1", - "cm_3", - "cm_6", - "cm_7", - "am_3", - "ac_6", - "ds_5", - "ma_2", - "pt_1" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-4", - "ac-2-g", - "au-2-a-d", - "au-3", - "au-6-1-3", - "au-12-a-c", - "ca-7-a-b", - "si-4-16", - "si-4-2", - "si-4-4", - "si-4-5" - ], - "CIS-3.0": [ - "3.1" - ], - "NIST-800-53-Revision-5": [ - "ac_2_4", - "ac_3_1", - "ac_3_10", - "ac_4_26", - "ac_6_9", - "au_2_b", - "au_3_1", - "au_3_a", - "au_3_b", - "au_3_c", - "au_3_d", - "au_3_e", - "au_3_f", - "au_6_3", - "au_6_4", - "au_6_6", - "au_6_9", - "au_8_b", - "au_10", - "au_12_a", - "au_12_c", - "au_12_1", - "au_12_2", - "au_12_3", - "au_12_4", - "au_14_a", - "au_14_b", - "au_14_3", - "ca_7_b", - "cm_5_1_b", - "cm_6_a", - "cm_9_b", - "ia_3_3_b", - "ma_4_1_a", - "pm_14_a_1", - "pm_14_b", - "pm_31", - "sc_7_9_b", - "si_1_1_c", - "si_3_8_b", - "si_4_2", - "si_4_17", - "si_4_20", - "si_7_8", - "si_10_1_c" - ], - "ENS-RD2022": [ - "op.acc.6.r5.aws.iam.1", - "op.exp.5.aws.ct.1", - "op.exp.8.aws.ct.1", - "op.exp.8.aws.ct.6", - "op.exp.9.aws.ct.1", - "op.mon.1.aws.ct.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "CIS-4.0.1": [ - "3.1" - ], - "PCI-4.0": [ - "10.2.1.1.22", - "10.2.1.2.19", - "10.2.1.3.19", - "10.2.1.4.19", - "10.2.1.5.19", - "10.2.1.6.19", - "10.2.1.7.19", - "10.2.1.19", - "10.2.2.19", - "10.3.1.19", - "10.6.3.24", - "5.3.4.22", - "A1.2.1.23" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "au-2", - "ca-7" - ], - "FFIEC": [ - "d2-ma-ma-b-1", - "d2-ma-ma-b-2", - "d3-dc-an-b-3", - "d3-dc-an-b-4", - "d3-dc-an-b-5", - "d3-dc-ev-b-1", - "d3-dc-ev-b-3", - "d3-pc-im-b-3", - "d3-pc-im-b-7", - "d5-dr-de-b-3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "3.2", - "3.2.3", - "3.4", - "3.4.d", - "10.1", - "10.2", - "10.2.1", - "10.2.2", - "10.2.3", - "10.2.4", - "10.2.6", - "10.2.7", - "10.3", - "10.3.1", - "10.3.2", - "10.3.3", - "10.3.4", - "10.3.5", - "10.3.6", - "10.5", - "10.5.4" - ], - "CIS-5.0": [ - "3.1" - ], - "CIS-1.4": [ - "3.1" - ], - "GxP-EU-Annex-11": [ - "1-risk-management", - "4.2-validation-documentation-change-control" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Logging.CN05.AR01", - "CCC.Core.CN08.AR01", - "CCC.Core.CN09.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR03" - ], - "GxP-21-CFR-Part-11": [ - "11.10-e", - "11.10-k", - "11.300-d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "CloudTrail.1" - ], - "CIS-1.5": [ - "3.1" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02", - "SEC04-BP03" - ], - "NIST-800-53-Revision-4": [ - "ac_2_4", - "ac_2", - "au_2", - "au_3", - "au_12", - "cm_2" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "CIS-2.0": [ - "3.1" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Ensure CloudTrail is enabled in all regions", - "title": "Ensure CloudTrail is enabled in all regions", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled-211203495394-eu-west-3-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-3", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:eu-west-3:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-3" - }, - "remediation": { - "desc": "Ensure Logging is set to ON on all regions (even if they are not being used at the moment.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrailconcepts.html#cloudtrail-concepts-management-events" - ] - }, - "risk_details": "AWS CloudTrail is a web service that records AWS API calls for your account and delivers log files to you. The recorded information includes the identity of the API caller, the time of the API call, the source IP address of the API caller, the request parameters, and the response elements returned by the AWS service.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled with logging were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled with logging were found.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_12", - "3_3_1", - "3_3_2", - "3_3_3", - "3_4_1", - "3_6_1", - "3_6_2", - "3_13_1", - "3_13_2", - "3_14_6", - "3_14_7" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_4" - ], - "HIPAA": [ - "164_308_a_1_ii_d", - "164_308_a_3_ii_a", - "164_308_a_6_ii", - "164_312_b", - "164_312_e_2_i" - ], - "SOC2": [ - "cc_2_1", - "cc_7_2", - "cc_a_1_1" - ], - "C5-2025": [ - "OIS-05.01B", - "OIS-05.02B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-15.03B", - "IAM-07.04B", - "DEV-08.02B", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-12.03AC" - ], - "NIST-CSF-1.1": [ - "ae_1", - "ae_3", - "ae_4", - "cm_1", - "cm_3", - "cm_6", - "cm_7", - "am_3", - "ac_6", - "ds_5", - "ma_2", - "pt_1" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-4", - "ac-2-g", - "au-2-a-d", - "au-3", - "au-6-1-3", - "au-12-a-c", - "ca-7-a-b", - "si-4-16", - "si-4-2", - "si-4-4", - "si-4-5" - ], - "CIS-3.0": [ - "3.1" - ], - "NIST-800-53-Revision-5": [ - "ac_2_4", - "ac_3_1", - "ac_3_10", - "ac_4_26", - "ac_6_9", - "au_2_b", - "au_3_1", - "au_3_a", - "au_3_b", - "au_3_c", - "au_3_d", - "au_3_e", - "au_3_f", - "au_6_3", - "au_6_4", - "au_6_6", - "au_6_9", - "au_8_b", - "au_10", - "au_12_a", - "au_12_c", - "au_12_1", - "au_12_2", - "au_12_3", - "au_12_4", - "au_14_a", - "au_14_b", - "au_14_3", - "ca_7_b", - "cm_5_1_b", - "cm_6_a", - "cm_9_b", - "ia_3_3_b", - "ma_4_1_a", - "pm_14_a_1", - "pm_14_b", - "pm_31", - "sc_7_9_b", - "si_1_1_c", - "si_3_8_b", - "si_4_2", - "si_4_17", - "si_4_20", - "si_7_8", - "si_10_1_c" - ], - "ENS-RD2022": [ - "op.acc.6.r5.aws.iam.1", - "op.exp.5.aws.ct.1", - "op.exp.8.aws.ct.1", - "op.exp.8.aws.ct.6", - "op.exp.9.aws.ct.1", - "op.mon.1.aws.ct.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "CIS-4.0.1": [ - "3.1" - ], - "PCI-4.0": [ - "10.2.1.1.22", - "10.2.1.2.19", - "10.2.1.3.19", - "10.2.1.4.19", - "10.2.1.5.19", - "10.2.1.6.19", - "10.2.1.7.19", - "10.2.1.19", - "10.2.2.19", - "10.3.1.19", - "10.6.3.24", - "5.3.4.22", - "A1.2.1.23" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "au-2", - "ca-7" - ], - "FFIEC": [ - "d2-ma-ma-b-1", - "d2-ma-ma-b-2", - "d3-dc-an-b-3", - "d3-dc-an-b-4", - "d3-dc-an-b-5", - "d3-dc-ev-b-1", - "d3-dc-ev-b-3", - "d3-pc-im-b-3", - "d3-pc-im-b-7", - "d5-dr-de-b-3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "3.2", - "3.2.3", - "3.4", - "3.4.d", - "10.1", - "10.2", - "10.2.1", - "10.2.2", - "10.2.3", - "10.2.4", - "10.2.6", - "10.2.7", - "10.3", - "10.3.1", - "10.3.2", - "10.3.3", - "10.3.4", - "10.3.5", - "10.3.6", - "10.5", - "10.5.4" - ], - "CIS-5.0": [ - "3.1" - ], - "CIS-1.4": [ - "3.1" - ], - "GxP-EU-Annex-11": [ - "1-risk-management", - "4.2-validation-documentation-change-control" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Logging.CN05.AR01", - "CCC.Core.CN08.AR01", - "CCC.Core.CN09.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR03" - ], - "GxP-21-CFR-Part-11": [ - "11.10-e", - "11.10-k", - "11.300-d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "CloudTrail.1" - ], - "CIS-1.5": [ - "3.1" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02", - "SEC04-BP03" - ], - "NIST-800-53-Revision-4": [ - "ac_2_4", - "ac_2", - "au_2", - "au_3", - "au_12", - "cm_2" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "CIS-2.0": [ - "3.1" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Ensure CloudTrail is enabled in all regions", - "title": "Ensure CloudTrail is enabled in all regions", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled-211203495394-sa-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "sa-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:sa-east-1:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "sa-east-1" - }, - "remediation": { - "desc": "Ensure Logging is set to ON on all regions (even if they are not being used at the moment.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrailconcepts.html#cloudtrail-concepts-management-events" - ] - }, - "risk_details": "AWS CloudTrail is a web service that records AWS API calls for your account and delivers log files to you. The recorded information includes the identity of the API caller, the time of the API call, the source IP address of the API caller, the request parameters, and the response elements returned by the AWS service.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled with logging were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled with logging were found.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_12", - "3_3_1", - "3_3_2", - "3_3_3", - "3_4_1", - "3_6_1", - "3_6_2", - "3_13_1", - "3_13_2", - "3_14_6", - "3_14_7" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_4" - ], - "HIPAA": [ - "164_308_a_1_ii_d", - "164_308_a_3_ii_a", - "164_308_a_6_ii", - "164_312_b", - "164_312_e_2_i" - ], - "SOC2": [ - "cc_2_1", - "cc_7_2", - "cc_a_1_1" - ], - "C5-2025": [ - "OIS-05.01B", - "OIS-05.02B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-15.03B", - "IAM-07.04B", - "DEV-08.02B", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-12.03AC" - ], - "NIST-CSF-1.1": [ - "ae_1", - "ae_3", - "ae_4", - "cm_1", - "cm_3", - "cm_6", - "cm_7", - "am_3", - "ac_6", - "ds_5", - "ma_2", - "pt_1" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-4", - "ac-2-g", - "au-2-a-d", - "au-3", - "au-6-1-3", - "au-12-a-c", - "ca-7-a-b", - "si-4-16", - "si-4-2", - "si-4-4", - "si-4-5" - ], - "CIS-3.0": [ - "3.1" - ], - "NIST-800-53-Revision-5": [ - "ac_2_4", - "ac_3_1", - "ac_3_10", - "ac_4_26", - "ac_6_9", - "au_2_b", - "au_3_1", - "au_3_a", - "au_3_b", - "au_3_c", - "au_3_d", - "au_3_e", - "au_3_f", - "au_6_3", - "au_6_4", - "au_6_6", - "au_6_9", - "au_8_b", - "au_10", - "au_12_a", - "au_12_c", - "au_12_1", - "au_12_2", - "au_12_3", - "au_12_4", - "au_14_a", - "au_14_b", - "au_14_3", - "ca_7_b", - "cm_5_1_b", - "cm_6_a", - "cm_9_b", - "ia_3_3_b", - "ma_4_1_a", - "pm_14_a_1", - "pm_14_b", - "pm_31", - "sc_7_9_b", - "si_1_1_c", - "si_3_8_b", - "si_4_2", - "si_4_17", - "si_4_20", - "si_7_8", - "si_10_1_c" - ], - "ENS-RD2022": [ - "op.acc.6.r5.aws.iam.1", - "op.exp.5.aws.ct.1", - "op.exp.8.aws.ct.1", - "op.exp.8.aws.ct.6", - "op.exp.9.aws.ct.1", - "op.mon.1.aws.ct.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "CIS-4.0.1": [ - "3.1" - ], - "PCI-4.0": [ - "10.2.1.1.22", - "10.2.1.2.19", - "10.2.1.3.19", - "10.2.1.4.19", - "10.2.1.5.19", - "10.2.1.6.19", - "10.2.1.7.19", - "10.2.1.19", - "10.2.2.19", - "10.3.1.19", - "10.6.3.24", - "5.3.4.22", - "A1.2.1.23" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "au-2", - "ca-7" - ], - "FFIEC": [ - "d2-ma-ma-b-1", - "d2-ma-ma-b-2", - "d3-dc-an-b-3", - "d3-dc-an-b-4", - "d3-dc-an-b-5", - "d3-dc-ev-b-1", - "d3-dc-ev-b-3", - "d3-pc-im-b-3", - "d3-pc-im-b-7", - "d5-dr-de-b-3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "3.2", - "3.2.3", - "3.4", - "3.4.d", - "10.1", - "10.2", - "10.2.1", - "10.2.2", - "10.2.3", - "10.2.4", - "10.2.6", - "10.2.7", - "10.3", - "10.3.1", - "10.3.2", - "10.3.3", - "10.3.4", - "10.3.5", - "10.3.6", - "10.5", - "10.5.4" - ], - "CIS-5.0": [ - "3.1" - ], - "CIS-1.4": [ - "3.1" - ], - "GxP-EU-Annex-11": [ - "1-risk-management", - "4.2-validation-documentation-change-control" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Logging.CN05.AR01", - "CCC.Core.CN08.AR01", - "CCC.Core.CN09.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR03" - ], - "GxP-21-CFR-Part-11": [ - "11.10-e", - "11.10-k", - "11.300-d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "CloudTrail.1" - ], - "CIS-1.5": [ - "3.1" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02", - "SEC04-BP03" - ], - "NIST-800-53-Revision-4": [ - "ac_2_4", - "ac_2", - "au_2", - "au_3", - "au_12", - "cm_2" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "CIS-2.0": [ - "3.1" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Ensure CloudTrail is enabled in all regions", - "title": "Ensure CloudTrail is enabled in all regions", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:us-east-1:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Ensure Logging is set to ON on all regions (even if they are not being used at the moment.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrailconcepts.html#cloudtrail-concepts-management-events" - ] - }, - "risk_details": "AWS CloudTrail is a web service that records AWS API calls for your account and delivers log files to you. The recorded information includes the identity of the API caller, the time of the API call, the source IP address of the API caller, the request parameters, and the response elements returned by the AWS service.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled with logging were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled with logging were found.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_12", - "3_3_1", - "3_3_2", - "3_3_3", - "3_4_1", - "3_6_1", - "3_6_2", - "3_13_1", - "3_13_2", - "3_14_6", - "3_14_7" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_4" - ], - "HIPAA": [ - "164_308_a_1_ii_d", - "164_308_a_3_ii_a", - "164_308_a_6_ii", - "164_312_b", - "164_312_e_2_i" - ], - "SOC2": [ - "cc_2_1", - "cc_7_2", - "cc_a_1_1" - ], - "C5-2025": [ - "OIS-05.01B", - "OIS-05.02B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-15.03B", - "IAM-07.04B", - "DEV-08.02B", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-12.03AC" - ], - "NIST-CSF-1.1": [ - "ae_1", - "ae_3", - "ae_4", - "cm_1", - "cm_3", - "cm_6", - "cm_7", - "am_3", - "ac_6", - "ds_5", - "ma_2", - "pt_1" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-4", - "ac-2-g", - "au-2-a-d", - "au-3", - "au-6-1-3", - "au-12-a-c", - "ca-7-a-b", - "si-4-16", - "si-4-2", - "si-4-4", - "si-4-5" - ], - "CIS-3.0": [ - "3.1" - ], - "NIST-800-53-Revision-5": [ - "ac_2_4", - "ac_3_1", - "ac_3_10", - "ac_4_26", - "ac_6_9", - "au_2_b", - "au_3_1", - "au_3_a", - "au_3_b", - "au_3_c", - "au_3_d", - "au_3_e", - "au_3_f", - "au_6_3", - "au_6_4", - "au_6_6", - "au_6_9", - "au_8_b", - "au_10", - "au_12_a", - "au_12_c", - "au_12_1", - "au_12_2", - "au_12_3", - "au_12_4", - "au_14_a", - "au_14_b", - "au_14_3", - "ca_7_b", - "cm_5_1_b", - "cm_6_a", - "cm_9_b", - "ia_3_3_b", - "ma_4_1_a", - "pm_14_a_1", - "pm_14_b", - "pm_31", - "sc_7_9_b", - "si_1_1_c", - "si_3_8_b", - "si_4_2", - "si_4_17", - "si_4_20", - "si_7_8", - "si_10_1_c" - ], - "ENS-RD2022": [ - "op.acc.6.r5.aws.iam.1", - "op.exp.5.aws.ct.1", - "op.exp.8.aws.ct.1", - "op.exp.8.aws.ct.6", - "op.exp.9.aws.ct.1", - "op.mon.1.aws.ct.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "CIS-4.0.1": [ - "3.1" - ], - "PCI-4.0": [ - "10.2.1.1.22", - "10.2.1.2.19", - "10.2.1.3.19", - "10.2.1.4.19", - "10.2.1.5.19", - "10.2.1.6.19", - "10.2.1.7.19", - "10.2.1.19", - "10.2.2.19", - "10.3.1.19", - "10.6.3.24", - "5.3.4.22", - "A1.2.1.23" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "au-2", - "ca-7" - ], - "FFIEC": [ - "d2-ma-ma-b-1", - "d2-ma-ma-b-2", - "d3-dc-an-b-3", - "d3-dc-an-b-4", - "d3-dc-an-b-5", - "d3-dc-ev-b-1", - "d3-dc-ev-b-3", - "d3-pc-im-b-3", - "d3-pc-im-b-7", - "d5-dr-de-b-3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "3.2", - "3.2.3", - "3.4", - "3.4.d", - "10.1", - "10.2", - "10.2.1", - "10.2.2", - "10.2.3", - "10.2.4", - "10.2.6", - "10.2.7", - "10.3", - "10.3.1", - "10.3.2", - "10.3.3", - "10.3.4", - "10.3.5", - "10.3.6", - "10.5", - "10.5.4" - ], - "CIS-5.0": [ - "3.1" - ], - "CIS-1.4": [ - "3.1" - ], - "GxP-EU-Annex-11": [ - "1-risk-management", - "4.2-validation-documentation-change-control" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Logging.CN05.AR01", - "CCC.Core.CN08.AR01", - "CCC.Core.CN09.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR03" - ], - "GxP-21-CFR-Part-11": [ - "11.10-e", - "11.10-k", - "11.300-d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "CloudTrail.1" - ], - "CIS-1.5": [ - "3.1" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02", - "SEC04-BP03" - ], - "NIST-800-53-Revision-4": [ - "ac_2_4", - "ac_2", - "au_2", - "au_3", - "au_12", - "cm_2" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "CIS-2.0": [ - "3.1" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Ensure CloudTrail is enabled in all regions", - "title": "Ensure CloudTrail is enabled in all regions", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled-211203495394-us-east-2-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-2", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:us-east-2:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-2" - }, - "remediation": { - "desc": "Ensure Logging is set to ON on all regions (even if they are not being used at the moment.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrailconcepts.html#cloudtrail-concepts-management-events" - ] - }, - "risk_details": "AWS CloudTrail is a web service that records AWS API calls for your account and delivers log files to you. The recorded information includes the identity of the API caller, the time of the API call, the source IP address of the API caller, the request parameters, and the response elements returned by the AWS service.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled with logging were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled with logging were found.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_12", - "3_3_1", - "3_3_2", - "3_3_3", - "3_4_1", - "3_6_1", - "3_6_2", - "3_13_1", - "3_13_2", - "3_14_6", - "3_14_7" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_4" - ], - "HIPAA": [ - "164_308_a_1_ii_d", - "164_308_a_3_ii_a", - "164_308_a_6_ii", - "164_312_b", - "164_312_e_2_i" - ], - "SOC2": [ - "cc_2_1", - "cc_7_2", - "cc_a_1_1" - ], - "C5-2025": [ - "OIS-05.01B", - "OIS-05.02B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-15.03B", - "IAM-07.04B", - "DEV-08.02B", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-12.03AC" - ], - "NIST-CSF-1.1": [ - "ae_1", - "ae_3", - "ae_4", - "cm_1", - "cm_3", - "cm_6", - "cm_7", - "am_3", - "ac_6", - "ds_5", - "ma_2", - "pt_1" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-4", - "ac-2-g", - "au-2-a-d", - "au-3", - "au-6-1-3", - "au-12-a-c", - "ca-7-a-b", - "si-4-16", - "si-4-2", - "si-4-4", - "si-4-5" - ], - "CIS-3.0": [ - "3.1" - ], - "NIST-800-53-Revision-5": [ - "ac_2_4", - "ac_3_1", - "ac_3_10", - "ac_4_26", - "ac_6_9", - "au_2_b", - "au_3_1", - "au_3_a", - "au_3_b", - "au_3_c", - "au_3_d", - "au_3_e", - "au_3_f", - "au_6_3", - "au_6_4", - "au_6_6", - "au_6_9", - "au_8_b", - "au_10", - "au_12_a", - "au_12_c", - "au_12_1", - "au_12_2", - "au_12_3", - "au_12_4", - "au_14_a", - "au_14_b", - "au_14_3", - "ca_7_b", - "cm_5_1_b", - "cm_6_a", - "cm_9_b", - "ia_3_3_b", - "ma_4_1_a", - "pm_14_a_1", - "pm_14_b", - "pm_31", - "sc_7_9_b", - "si_1_1_c", - "si_3_8_b", - "si_4_2", - "si_4_17", - "si_4_20", - "si_7_8", - "si_10_1_c" - ], - "ENS-RD2022": [ - "op.acc.6.r5.aws.iam.1", - "op.exp.5.aws.ct.1", - "op.exp.8.aws.ct.1", - "op.exp.8.aws.ct.6", - "op.exp.9.aws.ct.1", - "op.mon.1.aws.ct.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "CIS-4.0.1": [ - "3.1" - ], - "PCI-4.0": [ - "10.2.1.1.22", - "10.2.1.2.19", - "10.2.1.3.19", - "10.2.1.4.19", - "10.2.1.5.19", - "10.2.1.6.19", - "10.2.1.7.19", - "10.2.1.19", - "10.2.2.19", - "10.3.1.19", - "10.6.3.24", - "5.3.4.22", - "A1.2.1.23" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "au-2", - "ca-7" - ], - "FFIEC": [ - "d2-ma-ma-b-1", - "d2-ma-ma-b-2", - "d3-dc-an-b-3", - "d3-dc-an-b-4", - "d3-dc-an-b-5", - "d3-dc-ev-b-1", - "d3-dc-ev-b-3", - "d3-pc-im-b-3", - "d3-pc-im-b-7", - "d5-dr-de-b-3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "3.2", - "3.2.3", - "3.4", - "3.4.d", - "10.1", - "10.2", - "10.2.1", - "10.2.2", - "10.2.3", - "10.2.4", - "10.2.6", - "10.2.7", - "10.3", - "10.3.1", - "10.3.2", - "10.3.3", - "10.3.4", - "10.3.5", - "10.3.6", - "10.5", - "10.5.4" - ], - "CIS-5.0": [ - "3.1" - ], - "CIS-1.4": [ - "3.1" - ], - "GxP-EU-Annex-11": [ - "1-risk-management", - "4.2-validation-documentation-change-control" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Logging.CN05.AR01", - "CCC.Core.CN08.AR01", - "CCC.Core.CN09.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR03" - ], - "GxP-21-CFR-Part-11": [ - "11.10-e", - "11.10-k", - "11.300-d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "CloudTrail.1" - ], - "CIS-1.5": [ - "3.1" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02", - "SEC04-BP03" - ], - "NIST-800-53-Revision-4": [ - "ac_2_4", - "ac_2", - "au_2", - "au_3", - "au_12", - "cm_2" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "CIS-2.0": [ - "3.1" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Ensure CloudTrail is enabled in all regions", - "title": "Ensure CloudTrail is enabled in all regions", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled-211203495394-us-west-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-west-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:us-west-1:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-west-1" - }, - "remediation": { - "desc": "Ensure Logging is set to ON on all regions (even if they are not being used at the moment.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrailconcepts.html#cloudtrail-concepts-management-events" - ] - }, - "risk_details": "AWS CloudTrail is a web service that records AWS API calls for your account and delivers log files to you. The recorded information includes the identity of the API caller, the time of the API call, the source IP address of the API caller, the request parameters, and the response elements returned by the AWS service.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled with logging were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled with logging were found.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_12", - "3_3_1", - "3_3_2", - "3_3_3", - "3_4_1", - "3_6_1", - "3_6_2", - "3_13_1", - "3_13_2", - "3_14_6", - "3_14_7" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_4" - ], - "HIPAA": [ - "164_308_a_1_ii_d", - "164_308_a_3_ii_a", - "164_308_a_6_ii", - "164_312_b", - "164_312_e_2_i" - ], - "SOC2": [ - "cc_2_1", - "cc_7_2", - "cc_a_1_1" - ], - "C5-2025": [ - "OIS-05.01B", - "OIS-05.02B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-15.03B", - "IAM-07.04B", - "DEV-08.02B", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-12.03AC" - ], - "NIST-CSF-1.1": [ - "ae_1", - "ae_3", - "ae_4", - "cm_1", - "cm_3", - "cm_6", - "cm_7", - "am_3", - "ac_6", - "ds_5", - "ma_2", - "pt_1" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-4", - "ac-2-g", - "au-2-a-d", - "au-3", - "au-6-1-3", - "au-12-a-c", - "ca-7-a-b", - "si-4-16", - "si-4-2", - "si-4-4", - "si-4-5" - ], - "CIS-3.0": [ - "3.1" - ], - "NIST-800-53-Revision-5": [ - "ac_2_4", - "ac_3_1", - "ac_3_10", - "ac_4_26", - "ac_6_9", - "au_2_b", - "au_3_1", - "au_3_a", - "au_3_b", - "au_3_c", - "au_3_d", - "au_3_e", - "au_3_f", - "au_6_3", - "au_6_4", - "au_6_6", - "au_6_9", - "au_8_b", - "au_10", - "au_12_a", - "au_12_c", - "au_12_1", - "au_12_2", - "au_12_3", - "au_12_4", - "au_14_a", - "au_14_b", - "au_14_3", - "ca_7_b", - "cm_5_1_b", - "cm_6_a", - "cm_9_b", - "ia_3_3_b", - "ma_4_1_a", - "pm_14_a_1", - "pm_14_b", - "pm_31", - "sc_7_9_b", - "si_1_1_c", - "si_3_8_b", - "si_4_2", - "si_4_17", - "si_4_20", - "si_7_8", - "si_10_1_c" - ], - "ENS-RD2022": [ - "op.acc.6.r5.aws.iam.1", - "op.exp.5.aws.ct.1", - "op.exp.8.aws.ct.1", - "op.exp.8.aws.ct.6", - "op.exp.9.aws.ct.1", - "op.mon.1.aws.ct.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "CIS-4.0.1": [ - "3.1" - ], - "PCI-4.0": [ - "10.2.1.1.22", - "10.2.1.2.19", - "10.2.1.3.19", - "10.2.1.4.19", - "10.2.1.5.19", - "10.2.1.6.19", - "10.2.1.7.19", - "10.2.1.19", - "10.2.2.19", - "10.3.1.19", - "10.6.3.24", - "5.3.4.22", - "A1.2.1.23" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "au-2", - "ca-7" - ], - "FFIEC": [ - "d2-ma-ma-b-1", - "d2-ma-ma-b-2", - "d3-dc-an-b-3", - "d3-dc-an-b-4", - "d3-dc-an-b-5", - "d3-dc-ev-b-1", - "d3-dc-ev-b-3", - "d3-pc-im-b-3", - "d3-pc-im-b-7", - "d5-dr-de-b-3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "3.2", - "3.2.3", - "3.4", - "3.4.d", - "10.1", - "10.2", - "10.2.1", - "10.2.2", - "10.2.3", - "10.2.4", - "10.2.6", - "10.2.7", - "10.3", - "10.3.1", - "10.3.2", - "10.3.3", - "10.3.4", - "10.3.5", - "10.3.6", - "10.5", - "10.5.4" - ], - "CIS-5.0": [ - "3.1" - ], - "CIS-1.4": [ - "3.1" - ], - "GxP-EU-Annex-11": [ - "1-risk-management", - "4.2-validation-documentation-change-control" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Logging.CN05.AR01", - "CCC.Core.CN08.AR01", - "CCC.Core.CN09.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR03" - ], - "GxP-21-CFR-Part-11": [ - "11.10-e", - "11.10-k", - "11.300-d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "CloudTrail.1" - ], - "CIS-1.5": [ - "3.1" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02", - "SEC04-BP03" - ], - "NIST-800-53-Revision-4": [ - "ac_2_4", - "ac_2", - "au_2", - "au_3", - "au_12", - "cm_2" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "CIS-2.0": [ - "3.1" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Ensure CloudTrail is enabled in all regions", - "title": "Ensure CloudTrail is enabled in all regions", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled-211203495394-us-west-2-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-west-2", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:us-west-2:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-west-2" - }, - "remediation": { - "desc": "Ensure Logging is set to ON on all regions (even if they are not being used at the moment.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrailconcepts.html#cloudtrail-concepts-management-events" - ] - }, - "risk_details": "AWS CloudTrail is a web service that records AWS API calls for your account and delivers log files to you. The recorded information includes the identity of the API caller, the time of the API call, the source IP address of the API caller, the request parameters, and the response elements returned by the AWS service.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled and logging management events were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled_logging_management_events", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled and logging management events were found.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.prowler.com/checks/aws/logging-policies/logging_14", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-05.02B", - "AM-01.01AC", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-11.02AC", - "OPS-12.01B", - "OPS-13.02B", - "OPS-13.01AC", - "OPS-13.03AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "IAM-07.04B", - "DEV-08.02B", - "SSO-05.01AC", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-04.05B", - "PSS-12.02AC", - "PSS-12.03AC" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR02" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "NIS2": [ - "3.1.2.a", - "3.2.3.c", - "3.4.2.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Ensure CloudTrail logging management events in All Regions", - "title": "Ensure CloudTrail logging management events in All Regions", - "types": [ - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled_logging_management_events-211203495394-ap-northeast-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-northeast-1", - "data": { - "details": "", - "metadata": { - "arn:aws:cloudtrail:us-east-2:211203495394:trail": { - "region": "us-east-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-1:211203495394:trail": { - "region": "us-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-2:211203495394:trail": { - "region": "us-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-1:211203495394:trail": { - "region": "eu-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-central-1:211203495394:trail": { - "region": "eu-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-east-1:211203495394:trail": { - "region": "us-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-2:211203495394:trail": { - "region": "eu-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ca-central-1:211203495394:trail": { - "region": "ca-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-north-1:211203495394:trail": { - "region": "eu-north-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-3:211203495394:trail": { - "region": "eu-west-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-3:211203495394:trail": { - "region": "ap-northeast-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-2:211203495394:trail": { - "region": "ap-northeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:sa-east-1:211203495394:trail": { - "region": "sa-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-1:211203495394:trail": { - "region": "ap-northeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-south-1:211203495394:trail": { - "region": "ap-south-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-2:211203495394:trail": { - "region": "ap-southeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-1:211203495394:trail": { - "region": "ap-southeast-1", - "data_events": [], - "tags": [] - } - } - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:ap-northeast-1:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-northeast-1" - }, - "remediation": { - "desc": "Enable CloudTrail logging management events in All Regions", - "references": [ - "https://docs.prowler.com/checks/aws/logging-policies/logging_14" - ] - }, - "risk_details": "AWS CloudTrail enables governance, compliance, operational auditing, and risk auditing of your AWS account. To meet FTR requirements, you must have management events enabled for all AWS accounts and in all regions and aggregate these logs into an Amazon Simple Storage Service (Amazon S3) bucket owned by a separate AWS account.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled and logging management events were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled_logging_management_events", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled and logging management events were found.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.prowler.com/checks/aws/logging-policies/logging_14", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-05.02B", - "AM-01.01AC", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-11.02AC", - "OPS-12.01B", - "OPS-13.02B", - "OPS-13.01AC", - "OPS-13.03AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "IAM-07.04B", - "DEV-08.02B", - "SSO-05.01AC", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-04.05B", - "PSS-12.02AC", - "PSS-12.03AC" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR02" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "NIS2": [ - "3.1.2.a", - "3.2.3.c", - "3.4.2.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Ensure CloudTrail logging management events in All Regions", - "title": "Ensure CloudTrail logging management events in All Regions", - "types": [ - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled_logging_management_events-211203495394-ap-northeast-2-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-northeast-2", - "data": { - "details": "", - "metadata": { - "arn:aws:cloudtrail:us-east-2:211203495394:trail": { - "region": "us-east-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-1:211203495394:trail": { - "region": "us-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-2:211203495394:trail": { - "region": "us-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-1:211203495394:trail": { - "region": "eu-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-central-1:211203495394:trail": { - "region": "eu-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-east-1:211203495394:trail": { - "region": "us-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-2:211203495394:trail": { - "region": "eu-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ca-central-1:211203495394:trail": { - "region": "ca-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-north-1:211203495394:trail": { - "region": "eu-north-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-3:211203495394:trail": { - "region": "eu-west-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-3:211203495394:trail": { - "region": "ap-northeast-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-2:211203495394:trail": { - "region": "ap-northeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:sa-east-1:211203495394:trail": { - "region": "sa-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-1:211203495394:trail": { - "region": "ap-northeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-south-1:211203495394:trail": { - "region": "ap-south-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-2:211203495394:trail": { - "region": "ap-southeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-1:211203495394:trail": { - "region": "ap-southeast-1", - "data_events": [], - "tags": [] - } - } - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:ap-northeast-2:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-northeast-2" - }, - "remediation": { - "desc": "Enable CloudTrail logging management events in All Regions", - "references": [ - "https://docs.prowler.com/checks/aws/logging-policies/logging_14" - ] - }, - "risk_details": "AWS CloudTrail enables governance, compliance, operational auditing, and risk auditing of your AWS account. To meet FTR requirements, you must have management events enabled for all AWS accounts and in all regions and aggregate these logs into an Amazon Simple Storage Service (Amazon S3) bucket owned by a separate AWS account.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled and logging management events were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled_logging_management_events", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled and logging management events were found.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.prowler.com/checks/aws/logging-policies/logging_14", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-05.02B", - "AM-01.01AC", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-11.02AC", - "OPS-12.01B", - "OPS-13.02B", - "OPS-13.01AC", - "OPS-13.03AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "IAM-07.04B", - "DEV-08.02B", - "SSO-05.01AC", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-04.05B", - "PSS-12.02AC", - "PSS-12.03AC" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR02" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "NIS2": [ - "3.1.2.a", - "3.2.3.c", - "3.4.2.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Ensure CloudTrail logging management events in All Regions", - "title": "Ensure CloudTrail logging management events in All Regions", - "types": [ - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled_logging_management_events-211203495394-ap-northeast-3-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-northeast-3", - "data": { - "details": "", - "metadata": { - "arn:aws:cloudtrail:us-east-2:211203495394:trail": { - "region": "us-east-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-1:211203495394:trail": { - "region": "us-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-2:211203495394:trail": { - "region": "us-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-1:211203495394:trail": { - "region": "eu-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-central-1:211203495394:trail": { - "region": "eu-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-east-1:211203495394:trail": { - "region": "us-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-2:211203495394:trail": { - "region": "eu-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ca-central-1:211203495394:trail": { - "region": "ca-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-north-1:211203495394:trail": { - "region": "eu-north-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-3:211203495394:trail": { - "region": "eu-west-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-3:211203495394:trail": { - "region": "ap-northeast-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-2:211203495394:trail": { - "region": "ap-northeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:sa-east-1:211203495394:trail": { - "region": "sa-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-1:211203495394:trail": { - "region": "ap-northeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-south-1:211203495394:trail": { - "region": "ap-south-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-2:211203495394:trail": { - "region": "ap-southeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-1:211203495394:trail": { - "region": "ap-southeast-1", - "data_events": [], - "tags": [] - } - } - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:ap-northeast-3:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-northeast-3" - }, - "remediation": { - "desc": "Enable CloudTrail logging management events in All Regions", - "references": [ - "https://docs.prowler.com/checks/aws/logging-policies/logging_14" - ] - }, - "risk_details": "AWS CloudTrail enables governance, compliance, operational auditing, and risk auditing of your AWS account. To meet FTR requirements, you must have management events enabled for all AWS accounts and in all regions and aggregate these logs into an Amazon Simple Storage Service (Amazon S3) bucket owned by a separate AWS account.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled and logging management events were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled_logging_management_events", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled and logging management events were found.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.prowler.com/checks/aws/logging-policies/logging_14", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-05.02B", - "AM-01.01AC", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-11.02AC", - "OPS-12.01B", - "OPS-13.02B", - "OPS-13.01AC", - "OPS-13.03AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "IAM-07.04B", - "DEV-08.02B", - "SSO-05.01AC", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-04.05B", - "PSS-12.02AC", - "PSS-12.03AC" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR02" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "NIS2": [ - "3.1.2.a", - "3.2.3.c", - "3.4.2.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Ensure CloudTrail logging management events in All Regions", - "title": "Ensure CloudTrail logging management events in All Regions", - "types": [ - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled_logging_management_events-211203495394-ap-south-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-south-1", - "data": { - "details": "", - "metadata": { - "arn:aws:cloudtrail:us-east-2:211203495394:trail": { - "region": "us-east-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-1:211203495394:trail": { - "region": "us-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-2:211203495394:trail": { - "region": "us-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-1:211203495394:trail": { - "region": "eu-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-central-1:211203495394:trail": { - "region": "eu-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-east-1:211203495394:trail": { - "region": "us-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-2:211203495394:trail": { - "region": "eu-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ca-central-1:211203495394:trail": { - "region": "ca-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-north-1:211203495394:trail": { - "region": "eu-north-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-3:211203495394:trail": { - "region": "eu-west-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-3:211203495394:trail": { - "region": "ap-northeast-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-2:211203495394:trail": { - "region": "ap-northeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:sa-east-1:211203495394:trail": { - "region": "sa-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-1:211203495394:trail": { - "region": "ap-northeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-south-1:211203495394:trail": { - "region": "ap-south-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-2:211203495394:trail": { - "region": "ap-southeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-1:211203495394:trail": { - "region": "ap-southeast-1", - "data_events": [], - "tags": [] - } - } - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:ap-south-1:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-south-1" - }, - "remediation": { - "desc": "Enable CloudTrail logging management events in All Regions", - "references": [ - "https://docs.prowler.com/checks/aws/logging-policies/logging_14" - ] - }, - "risk_details": "AWS CloudTrail enables governance, compliance, operational auditing, and risk auditing of your AWS account. To meet FTR requirements, you must have management events enabled for all AWS accounts and in all regions and aggregate these logs into an Amazon Simple Storage Service (Amazon S3) bucket owned by a separate AWS account.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled and logging management events were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled_logging_management_events", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled and logging management events were found.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.prowler.com/checks/aws/logging-policies/logging_14", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-05.02B", - "AM-01.01AC", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-11.02AC", - "OPS-12.01B", - "OPS-13.02B", - "OPS-13.01AC", - "OPS-13.03AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "IAM-07.04B", - "DEV-08.02B", - "SSO-05.01AC", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-04.05B", - "PSS-12.02AC", - "PSS-12.03AC" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR02" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "NIS2": [ - "3.1.2.a", - "3.2.3.c", - "3.4.2.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Ensure CloudTrail logging management events in All Regions", - "title": "Ensure CloudTrail logging management events in All Regions", - "types": [ - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled_logging_management_events-211203495394-ap-southeast-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-southeast-1", - "data": { - "details": "", - "metadata": { - "arn:aws:cloudtrail:us-east-2:211203495394:trail": { - "region": "us-east-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-1:211203495394:trail": { - "region": "us-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-2:211203495394:trail": { - "region": "us-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-1:211203495394:trail": { - "region": "eu-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-central-1:211203495394:trail": { - "region": "eu-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-east-1:211203495394:trail": { - "region": "us-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-2:211203495394:trail": { - "region": "eu-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ca-central-1:211203495394:trail": { - "region": "ca-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-north-1:211203495394:trail": { - "region": "eu-north-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-3:211203495394:trail": { - "region": "eu-west-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-3:211203495394:trail": { - "region": "ap-northeast-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-2:211203495394:trail": { - "region": "ap-northeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:sa-east-1:211203495394:trail": { - "region": "sa-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-1:211203495394:trail": { - "region": "ap-northeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-south-1:211203495394:trail": { - "region": "ap-south-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-2:211203495394:trail": { - "region": "ap-southeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-1:211203495394:trail": { - "region": "ap-southeast-1", - "data_events": [], - "tags": [] - } - } - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:ap-southeast-1:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-southeast-1" - }, - "remediation": { - "desc": "Enable CloudTrail logging management events in All Regions", - "references": [ - "https://docs.prowler.com/checks/aws/logging-policies/logging_14" - ] - }, - "risk_details": "AWS CloudTrail enables governance, compliance, operational auditing, and risk auditing of your AWS account. To meet FTR requirements, you must have management events enabled for all AWS accounts and in all regions and aggregate these logs into an Amazon Simple Storage Service (Amazon S3) bucket owned by a separate AWS account.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled and logging management events were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled_logging_management_events", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled and logging management events were found.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.prowler.com/checks/aws/logging-policies/logging_14", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-05.02B", - "AM-01.01AC", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-11.02AC", - "OPS-12.01B", - "OPS-13.02B", - "OPS-13.01AC", - "OPS-13.03AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "IAM-07.04B", - "DEV-08.02B", - "SSO-05.01AC", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-04.05B", - "PSS-12.02AC", - "PSS-12.03AC" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR02" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "NIS2": [ - "3.1.2.a", - "3.2.3.c", - "3.4.2.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Ensure CloudTrail logging management events in All Regions", - "title": "Ensure CloudTrail logging management events in All Regions", - "types": [ - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled_logging_management_events-211203495394-ap-southeast-2-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-southeast-2", - "data": { - "details": "", - "metadata": { - "arn:aws:cloudtrail:us-east-2:211203495394:trail": { - "region": "us-east-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-1:211203495394:trail": { - "region": "us-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-2:211203495394:trail": { - "region": "us-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-1:211203495394:trail": { - "region": "eu-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-central-1:211203495394:trail": { - "region": "eu-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-east-1:211203495394:trail": { - "region": "us-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-2:211203495394:trail": { - "region": "eu-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ca-central-1:211203495394:trail": { - "region": "ca-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-north-1:211203495394:trail": { - "region": "eu-north-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-3:211203495394:trail": { - "region": "eu-west-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-3:211203495394:trail": { - "region": "ap-northeast-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-2:211203495394:trail": { - "region": "ap-northeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:sa-east-1:211203495394:trail": { - "region": "sa-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-1:211203495394:trail": { - "region": "ap-northeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-south-1:211203495394:trail": { - "region": "ap-south-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-2:211203495394:trail": { - "region": "ap-southeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-1:211203495394:trail": { - "region": "ap-southeast-1", - "data_events": [], - "tags": [] - } - } - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:ap-southeast-2:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-southeast-2" - }, - "remediation": { - "desc": "Enable CloudTrail logging management events in All Regions", - "references": [ - "https://docs.prowler.com/checks/aws/logging-policies/logging_14" - ] - }, - "risk_details": "AWS CloudTrail enables governance, compliance, operational auditing, and risk auditing of your AWS account. To meet FTR requirements, you must have management events enabled for all AWS accounts and in all regions and aggregate these logs into an Amazon Simple Storage Service (Amazon S3) bucket owned by a separate AWS account.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled and logging management events were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled_logging_management_events", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled and logging management events were found.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.prowler.com/checks/aws/logging-policies/logging_14", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-05.02B", - "AM-01.01AC", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-11.02AC", - "OPS-12.01B", - "OPS-13.02B", - "OPS-13.01AC", - "OPS-13.03AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "IAM-07.04B", - "DEV-08.02B", - "SSO-05.01AC", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-04.05B", - "PSS-12.02AC", - "PSS-12.03AC" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR02" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "NIS2": [ - "3.1.2.a", - "3.2.3.c", - "3.4.2.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Ensure CloudTrail logging management events in All Regions", - "title": "Ensure CloudTrail logging management events in All Regions", - "types": [ - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled_logging_management_events-211203495394-ca-central-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ca-central-1", - "data": { - "details": "", - "metadata": { - "arn:aws:cloudtrail:us-east-2:211203495394:trail": { - "region": "us-east-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-1:211203495394:trail": { - "region": "us-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-2:211203495394:trail": { - "region": "us-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-1:211203495394:trail": { - "region": "eu-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-central-1:211203495394:trail": { - "region": "eu-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-east-1:211203495394:trail": { - "region": "us-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-2:211203495394:trail": { - "region": "eu-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ca-central-1:211203495394:trail": { - "region": "ca-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-north-1:211203495394:trail": { - "region": "eu-north-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-3:211203495394:trail": { - "region": "eu-west-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-3:211203495394:trail": { - "region": "ap-northeast-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-2:211203495394:trail": { - "region": "ap-northeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:sa-east-1:211203495394:trail": { - "region": "sa-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-1:211203495394:trail": { - "region": "ap-northeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-south-1:211203495394:trail": { - "region": "ap-south-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-2:211203495394:trail": { - "region": "ap-southeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-1:211203495394:trail": { - "region": "ap-southeast-1", - "data_events": [], - "tags": [] - } - } - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:ca-central-1:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ca-central-1" - }, - "remediation": { - "desc": "Enable CloudTrail logging management events in All Regions", - "references": [ - "https://docs.prowler.com/checks/aws/logging-policies/logging_14" - ] - }, - "risk_details": "AWS CloudTrail enables governance, compliance, operational auditing, and risk auditing of your AWS account. To meet FTR requirements, you must have management events enabled for all AWS accounts and in all regions and aggregate these logs into an Amazon Simple Storage Service (Amazon S3) bucket owned by a separate AWS account.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled and logging management events were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled_logging_management_events", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled and logging management events were found.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.prowler.com/checks/aws/logging-policies/logging_14", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-05.02B", - "AM-01.01AC", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-11.02AC", - "OPS-12.01B", - "OPS-13.02B", - "OPS-13.01AC", - "OPS-13.03AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "IAM-07.04B", - "DEV-08.02B", - "SSO-05.01AC", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-04.05B", - "PSS-12.02AC", - "PSS-12.03AC" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR02" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "NIS2": [ - "3.1.2.a", - "3.2.3.c", - "3.4.2.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Ensure CloudTrail logging management events in All Regions", - "title": "Ensure CloudTrail logging management events in All Regions", - "types": [ - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled_logging_management_events-211203495394-eu-central-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-central-1", - "data": { - "details": "", - "metadata": { - "arn:aws:cloudtrail:us-east-2:211203495394:trail": { - "region": "us-east-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-1:211203495394:trail": { - "region": "us-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-2:211203495394:trail": { - "region": "us-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-1:211203495394:trail": { - "region": "eu-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-central-1:211203495394:trail": { - "region": "eu-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-east-1:211203495394:trail": { - "region": "us-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-2:211203495394:trail": { - "region": "eu-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ca-central-1:211203495394:trail": { - "region": "ca-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-north-1:211203495394:trail": { - "region": "eu-north-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-3:211203495394:trail": { - "region": "eu-west-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-3:211203495394:trail": { - "region": "ap-northeast-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-2:211203495394:trail": { - "region": "ap-northeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:sa-east-1:211203495394:trail": { - "region": "sa-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-1:211203495394:trail": { - "region": "ap-northeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-south-1:211203495394:trail": { - "region": "ap-south-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-2:211203495394:trail": { - "region": "ap-southeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-1:211203495394:trail": { - "region": "ap-southeast-1", - "data_events": [], - "tags": [] - } - } - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:eu-central-1:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-central-1" - }, - "remediation": { - "desc": "Enable CloudTrail logging management events in All Regions", - "references": [ - "https://docs.prowler.com/checks/aws/logging-policies/logging_14" - ] - }, - "risk_details": "AWS CloudTrail enables governance, compliance, operational auditing, and risk auditing of your AWS account. To meet FTR requirements, you must have management events enabled for all AWS accounts and in all regions and aggregate these logs into an Amazon Simple Storage Service (Amazon S3) bucket owned by a separate AWS account.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled and logging management events were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled_logging_management_events", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled and logging management events were found.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.prowler.com/checks/aws/logging-policies/logging_14", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-05.02B", - "AM-01.01AC", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-11.02AC", - "OPS-12.01B", - "OPS-13.02B", - "OPS-13.01AC", - "OPS-13.03AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "IAM-07.04B", - "DEV-08.02B", - "SSO-05.01AC", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-04.05B", - "PSS-12.02AC", - "PSS-12.03AC" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR02" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "NIS2": [ - "3.1.2.a", - "3.2.3.c", - "3.4.2.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Ensure CloudTrail logging management events in All Regions", - "title": "Ensure CloudTrail logging management events in All Regions", - "types": [ - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled_logging_management_events-211203495394-eu-north-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-north-1", - "data": { - "details": "", - "metadata": { - "arn:aws:cloudtrail:us-east-2:211203495394:trail": { - "region": "us-east-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-1:211203495394:trail": { - "region": "us-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-2:211203495394:trail": { - "region": "us-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-1:211203495394:trail": { - "region": "eu-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-central-1:211203495394:trail": { - "region": "eu-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-east-1:211203495394:trail": { - "region": "us-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-2:211203495394:trail": { - "region": "eu-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ca-central-1:211203495394:trail": { - "region": "ca-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-north-1:211203495394:trail": { - "region": "eu-north-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-3:211203495394:trail": { - "region": "eu-west-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-3:211203495394:trail": { - "region": "ap-northeast-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-2:211203495394:trail": { - "region": "ap-northeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:sa-east-1:211203495394:trail": { - "region": "sa-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-1:211203495394:trail": { - "region": "ap-northeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-south-1:211203495394:trail": { - "region": "ap-south-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-2:211203495394:trail": { - "region": "ap-southeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-1:211203495394:trail": { - "region": "ap-southeast-1", - "data_events": [], - "tags": [] - } - } - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:eu-north-1:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-north-1" - }, - "remediation": { - "desc": "Enable CloudTrail logging management events in All Regions", - "references": [ - "https://docs.prowler.com/checks/aws/logging-policies/logging_14" - ] - }, - "risk_details": "AWS CloudTrail enables governance, compliance, operational auditing, and risk auditing of your AWS account. To meet FTR requirements, you must have management events enabled for all AWS accounts and in all regions and aggregate these logs into an Amazon Simple Storage Service (Amazon S3) bucket owned by a separate AWS account.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled and logging management events were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled_logging_management_events", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled and logging management events were found.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.prowler.com/checks/aws/logging-policies/logging_14", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-05.02B", - "AM-01.01AC", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-11.02AC", - "OPS-12.01B", - "OPS-13.02B", - "OPS-13.01AC", - "OPS-13.03AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "IAM-07.04B", - "DEV-08.02B", - "SSO-05.01AC", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-04.05B", - "PSS-12.02AC", - "PSS-12.03AC" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR02" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "NIS2": [ - "3.1.2.a", - "3.2.3.c", - "3.4.2.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Ensure CloudTrail logging management events in All Regions", - "title": "Ensure CloudTrail logging management events in All Regions", - "types": [ - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled_logging_management_events-211203495394-eu-west-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn:aws:cloudtrail:us-east-2:211203495394:trail": { - "region": "us-east-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-1:211203495394:trail": { - "region": "us-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-2:211203495394:trail": { - "region": "us-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-1:211203495394:trail": { - "region": "eu-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-central-1:211203495394:trail": { - "region": "eu-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-east-1:211203495394:trail": { - "region": "us-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-2:211203495394:trail": { - "region": "eu-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ca-central-1:211203495394:trail": { - "region": "ca-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-north-1:211203495394:trail": { - "region": "eu-north-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-3:211203495394:trail": { - "region": "eu-west-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-3:211203495394:trail": { - "region": "ap-northeast-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-2:211203495394:trail": { - "region": "ap-northeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:sa-east-1:211203495394:trail": { - "region": "sa-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-1:211203495394:trail": { - "region": "ap-northeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-south-1:211203495394:trail": { - "region": "ap-south-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-2:211203495394:trail": { - "region": "ap-southeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-1:211203495394:trail": { - "region": "ap-southeast-1", - "data_events": [], - "tags": [] - } - } - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:eu-west-1:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Enable CloudTrail logging management events in All Regions", - "references": [ - "https://docs.prowler.com/checks/aws/logging-policies/logging_14" - ] - }, - "risk_details": "AWS CloudTrail enables governance, compliance, operational auditing, and risk auditing of your AWS account. To meet FTR requirements, you must have management events enabled for all AWS accounts and in all regions and aggregate these logs into an Amazon Simple Storage Service (Amazon S3) bucket owned by a separate AWS account.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled and logging management events were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled_logging_management_events", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled and logging management events were found.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.prowler.com/checks/aws/logging-policies/logging_14", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-05.02B", - "AM-01.01AC", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-11.02AC", - "OPS-12.01B", - "OPS-13.02B", - "OPS-13.01AC", - "OPS-13.03AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "IAM-07.04B", - "DEV-08.02B", - "SSO-05.01AC", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-04.05B", - "PSS-12.02AC", - "PSS-12.03AC" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR02" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "NIS2": [ - "3.1.2.a", - "3.2.3.c", - "3.4.2.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Ensure CloudTrail logging management events in All Regions", - "title": "Ensure CloudTrail logging management events in All Regions", - "types": [ - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled_logging_management_events-211203495394-eu-west-2-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-2", - "data": { - "details": "", - "metadata": { - "arn:aws:cloudtrail:us-east-2:211203495394:trail": { - "region": "us-east-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-1:211203495394:trail": { - "region": "us-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-2:211203495394:trail": { - "region": "us-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-1:211203495394:trail": { - "region": "eu-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-central-1:211203495394:trail": { - "region": "eu-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-east-1:211203495394:trail": { - "region": "us-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-2:211203495394:trail": { - "region": "eu-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ca-central-1:211203495394:trail": { - "region": "ca-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-north-1:211203495394:trail": { - "region": "eu-north-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-3:211203495394:trail": { - "region": "eu-west-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-3:211203495394:trail": { - "region": "ap-northeast-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-2:211203495394:trail": { - "region": "ap-northeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:sa-east-1:211203495394:trail": { - "region": "sa-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-1:211203495394:trail": { - "region": "ap-northeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-south-1:211203495394:trail": { - "region": "ap-south-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-2:211203495394:trail": { - "region": "ap-southeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-1:211203495394:trail": { - "region": "ap-southeast-1", - "data_events": [], - "tags": [] - } - } - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:eu-west-2:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-2" - }, - "remediation": { - "desc": "Enable CloudTrail logging management events in All Regions", - "references": [ - "https://docs.prowler.com/checks/aws/logging-policies/logging_14" - ] - }, - "risk_details": "AWS CloudTrail enables governance, compliance, operational auditing, and risk auditing of your AWS account. To meet FTR requirements, you must have management events enabled for all AWS accounts and in all regions and aggregate these logs into an Amazon Simple Storage Service (Amazon S3) bucket owned by a separate AWS account.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled and logging management events were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled_logging_management_events", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled and logging management events were found.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.prowler.com/checks/aws/logging-policies/logging_14", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-05.02B", - "AM-01.01AC", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-11.02AC", - "OPS-12.01B", - "OPS-13.02B", - "OPS-13.01AC", - "OPS-13.03AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "IAM-07.04B", - "DEV-08.02B", - "SSO-05.01AC", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-04.05B", - "PSS-12.02AC", - "PSS-12.03AC" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR02" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "NIS2": [ - "3.1.2.a", - "3.2.3.c", - "3.4.2.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Ensure CloudTrail logging management events in All Regions", - "title": "Ensure CloudTrail logging management events in All Regions", - "types": [ - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled_logging_management_events-211203495394-eu-west-3-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-3", - "data": { - "details": "", - "metadata": { - "arn:aws:cloudtrail:us-east-2:211203495394:trail": { - "region": "us-east-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-1:211203495394:trail": { - "region": "us-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-2:211203495394:trail": { - "region": "us-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-1:211203495394:trail": { - "region": "eu-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-central-1:211203495394:trail": { - "region": "eu-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-east-1:211203495394:trail": { - "region": "us-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-2:211203495394:trail": { - "region": "eu-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ca-central-1:211203495394:trail": { - "region": "ca-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-north-1:211203495394:trail": { - "region": "eu-north-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-3:211203495394:trail": { - "region": "eu-west-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-3:211203495394:trail": { - "region": "ap-northeast-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-2:211203495394:trail": { - "region": "ap-northeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:sa-east-1:211203495394:trail": { - "region": "sa-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-1:211203495394:trail": { - "region": "ap-northeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-south-1:211203495394:trail": { - "region": "ap-south-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-2:211203495394:trail": { - "region": "ap-southeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-1:211203495394:trail": { - "region": "ap-southeast-1", - "data_events": [], - "tags": [] - } - } - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:eu-west-3:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-3" - }, - "remediation": { - "desc": "Enable CloudTrail logging management events in All Regions", - "references": [ - "https://docs.prowler.com/checks/aws/logging-policies/logging_14" - ] - }, - "risk_details": "AWS CloudTrail enables governance, compliance, operational auditing, and risk auditing of your AWS account. To meet FTR requirements, you must have management events enabled for all AWS accounts and in all regions and aggregate these logs into an Amazon Simple Storage Service (Amazon S3) bucket owned by a separate AWS account.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled and logging management events were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled_logging_management_events", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled and logging management events were found.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.prowler.com/checks/aws/logging-policies/logging_14", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-05.02B", - "AM-01.01AC", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-11.02AC", - "OPS-12.01B", - "OPS-13.02B", - "OPS-13.01AC", - "OPS-13.03AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "IAM-07.04B", - "DEV-08.02B", - "SSO-05.01AC", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-04.05B", - "PSS-12.02AC", - "PSS-12.03AC" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR02" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "NIS2": [ - "3.1.2.a", - "3.2.3.c", - "3.4.2.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Ensure CloudTrail logging management events in All Regions", - "title": "Ensure CloudTrail logging management events in All Regions", - "types": [ - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled_logging_management_events-211203495394-sa-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "sa-east-1", - "data": { - "details": "", - "metadata": { - "arn:aws:cloudtrail:us-east-2:211203495394:trail": { - "region": "us-east-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-1:211203495394:trail": { - "region": "us-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-2:211203495394:trail": { - "region": "us-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-1:211203495394:trail": { - "region": "eu-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-central-1:211203495394:trail": { - "region": "eu-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-east-1:211203495394:trail": { - "region": "us-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-2:211203495394:trail": { - "region": "eu-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ca-central-1:211203495394:trail": { - "region": "ca-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-north-1:211203495394:trail": { - "region": "eu-north-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-3:211203495394:trail": { - "region": "eu-west-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-3:211203495394:trail": { - "region": "ap-northeast-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-2:211203495394:trail": { - "region": "ap-northeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:sa-east-1:211203495394:trail": { - "region": "sa-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-1:211203495394:trail": { - "region": "ap-northeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-south-1:211203495394:trail": { - "region": "ap-south-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-2:211203495394:trail": { - "region": "ap-southeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-1:211203495394:trail": { - "region": "ap-southeast-1", - "data_events": [], - "tags": [] - } - } - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:sa-east-1:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "sa-east-1" - }, - "remediation": { - "desc": "Enable CloudTrail logging management events in All Regions", - "references": [ - "https://docs.prowler.com/checks/aws/logging-policies/logging_14" - ] - }, - "risk_details": "AWS CloudTrail enables governance, compliance, operational auditing, and risk auditing of your AWS account. To meet FTR requirements, you must have management events enabled for all AWS accounts and in all regions and aggregate these logs into an Amazon Simple Storage Service (Amazon S3) bucket owned by a separate AWS account.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled and logging management events were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled_logging_management_events", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled and logging management events were found.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.prowler.com/checks/aws/logging-policies/logging_14", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-05.02B", - "AM-01.01AC", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-11.02AC", - "OPS-12.01B", - "OPS-13.02B", - "OPS-13.01AC", - "OPS-13.03AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "IAM-07.04B", - "DEV-08.02B", - "SSO-05.01AC", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-04.05B", - "PSS-12.02AC", - "PSS-12.03AC" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR02" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "NIS2": [ - "3.1.2.a", - "3.2.3.c", - "3.4.2.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Ensure CloudTrail logging management events in All Regions", - "title": "Ensure CloudTrail logging management events in All Regions", - "types": [ - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled_logging_management_events-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn:aws:cloudtrail:us-east-2:211203495394:trail": { - "region": "us-east-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-1:211203495394:trail": { - "region": "us-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-2:211203495394:trail": { - "region": "us-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-1:211203495394:trail": { - "region": "eu-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-central-1:211203495394:trail": { - "region": "eu-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-east-1:211203495394:trail": { - "region": "us-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-2:211203495394:trail": { - "region": "eu-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ca-central-1:211203495394:trail": { - "region": "ca-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-north-1:211203495394:trail": { - "region": "eu-north-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-3:211203495394:trail": { - "region": "eu-west-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-3:211203495394:trail": { - "region": "ap-northeast-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-2:211203495394:trail": { - "region": "ap-northeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:sa-east-1:211203495394:trail": { - "region": "sa-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-1:211203495394:trail": { - "region": "ap-northeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-south-1:211203495394:trail": { - "region": "ap-south-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-2:211203495394:trail": { - "region": "ap-southeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-1:211203495394:trail": { - "region": "ap-southeast-1", - "data_events": [], - "tags": [] - } - } - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:us-east-1:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Enable CloudTrail logging management events in All Regions", - "references": [ - "https://docs.prowler.com/checks/aws/logging-policies/logging_14" - ] - }, - "risk_details": "AWS CloudTrail enables governance, compliance, operational auditing, and risk auditing of your AWS account. To meet FTR requirements, you must have management events enabled for all AWS accounts and in all regions and aggregate these logs into an Amazon Simple Storage Service (Amazon S3) bucket owned by a separate AWS account.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled and logging management events were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled_logging_management_events", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled and logging management events were found.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.prowler.com/checks/aws/logging-policies/logging_14", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-05.02B", - "AM-01.01AC", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-11.02AC", - "OPS-12.01B", - "OPS-13.02B", - "OPS-13.01AC", - "OPS-13.03AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "IAM-07.04B", - "DEV-08.02B", - "SSO-05.01AC", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-04.05B", - "PSS-12.02AC", - "PSS-12.03AC" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR02" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "NIS2": [ - "3.1.2.a", - "3.2.3.c", - "3.4.2.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Ensure CloudTrail logging management events in All Regions", - "title": "Ensure CloudTrail logging management events in All Regions", - "types": [ - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled_logging_management_events-211203495394-us-east-2-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-2", - "data": { - "details": "", - "metadata": { - "arn:aws:cloudtrail:us-east-2:211203495394:trail": { - "region": "us-east-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-1:211203495394:trail": { - "region": "us-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-2:211203495394:trail": { - "region": "us-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-1:211203495394:trail": { - "region": "eu-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-central-1:211203495394:trail": { - "region": "eu-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-east-1:211203495394:trail": { - "region": "us-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-2:211203495394:trail": { - "region": "eu-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ca-central-1:211203495394:trail": { - "region": "ca-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-north-1:211203495394:trail": { - "region": "eu-north-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-3:211203495394:trail": { - "region": "eu-west-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-3:211203495394:trail": { - "region": "ap-northeast-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-2:211203495394:trail": { - "region": "ap-northeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:sa-east-1:211203495394:trail": { - "region": "sa-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-1:211203495394:trail": { - "region": "ap-northeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-south-1:211203495394:trail": { - "region": "ap-south-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-2:211203495394:trail": { - "region": "ap-southeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-1:211203495394:trail": { - "region": "ap-southeast-1", - "data_events": [], - "tags": [] - } - } - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:us-east-2:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-2" - }, - "remediation": { - "desc": "Enable CloudTrail logging management events in All Regions", - "references": [ - "https://docs.prowler.com/checks/aws/logging-policies/logging_14" - ] - }, - "risk_details": "AWS CloudTrail enables governance, compliance, operational auditing, and risk auditing of your AWS account. To meet FTR requirements, you must have management events enabled for all AWS accounts and in all regions and aggregate these logs into an Amazon Simple Storage Service (Amazon S3) bucket owned by a separate AWS account.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled and logging management events were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled_logging_management_events", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled and logging management events were found.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.prowler.com/checks/aws/logging-policies/logging_14", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-05.02B", - "AM-01.01AC", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-11.02AC", - "OPS-12.01B", - "OPS-13.02B", - "OPS-13.01AC", - "OPS-13.03AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "IAM-07.04B", - "DEV-08.02B", - "SSO-05.01AC", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-04.05B", - "PSS-12.02AC", - "PSS-12.03AC" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR02" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "NIS2": [ - "3.1.2.a", - "3.2.3.c", - "3.4.2.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Ensure CloudTrail logging management events in All Regions", - "title": "Ensure CloudTrail logging management events in All Regions", - "types": [ - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled_logging_management_events-211203495394-us-west-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-west-1", - "data": { - "details": "", - "metadata": { - "arn:aws:cloudtrail:us-east-2:211203495394:trail": { - "region": "us-east-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-1:211203495394:trail": { - "region": "us-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-2:211203495394:trail": { - "region": "us-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-1:211203495394:trail": { - "region": "eu-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-central-1:211203495394:trail": { - "region": "eu-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-east-1:211203495394:trail": { - "region": "us-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-2:211203495394:trail": { - "region": "eu-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ca-central-1:211203495394:trail": { - "region": "ca-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-north-1:211203495394:trail": { - "region": "eu-north-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-3:211203495394:trail": { - "region": "eu-west-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-3:211203495394:trail": { - "region": "ap-northeast-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-2:211203495394:trail": { - "region": "ap-northeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:sa-east-1:211203495394:trail": { - "region": "sa-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-1:211203495394:trail": { - "region": "ap-northeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-south-1:211203495394:trail": { - "region": "ap-south-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-2:211203495394:trail": { - "region": "ap-southeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-1:211203495394:trail": { - "region": "ap-southeast-1", - "data_events": [], - "tags": [] - } - } - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:us-west-1:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-west-1" - }, - "remediation": { - "desc": "Enable CloudTrail logging management events in All Regions", - "references": [ - "https://docs.prowler.com/checks/aws/logging-policies/logging_14" - ] - }, - "risk_details": "AWS CloudTrail enables governance, compliance, operational auditing, and risk auditing of your AWS account. To meet FTR requirements, you must have management events enabled for all AWS accounts and in all regions and aggregate these logs into an Amazon Simple Storage Service (Amazon S3) bucket owned by a separate AWS account.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled and logging management events were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled_logging_management_events", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled and logging management events were found.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.prowler.com/checks/aws/logging-policies/logging_14", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-05.02B", - "AM-01.01AC", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-11.02AC", - "OPS-12.01B", - "OPS-13.02B", - "OPS-13.01AC", - "OPS-13.03AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "IAM-07.04B", - "DEV-08.02B", - "SSO-05.01AC", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-04.05B", - "PSS-12.02AC", - "PSS-12.03AC" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR02" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "NIS2": [ - "3.1.2.a", - "3.2.3.c", - "3.4.2.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Ensure CloudTrail logging management events in All Regions", - "title": "Ensure CloudTrail logging management events in All Regions", - "types": [ - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled_logging_management_events-211203495394-us-west-2-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-west-2", - "data": { - "details": "", - "metadata": { - "arn:aws:cloudtrail:us-east-2:211203495394:trail": { - "region": "us-east-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-1:211203495394:trail": { - "region": "us-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-2:211203495394:trail": { - "region": "us-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-1:211203495394:trail": { - "region": "eu-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-central-1:211203495394:trail": { - "region": "eu-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-east-1:211203495394:trail": { - "region": "us-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-2:211203495394:trail": { - "region": "eu-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ca-central-1:211203495394:trail": { - "region": "ca-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-north-1:211203495394:trail": { - "region": "eu-north-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-3:211203495394:trail": { - "region": "eu-west-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-3:211203495394:trail": { - "region": "ap-northeast-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-2:211203495394:trail": { - "region": "ap-northeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:sa-east-1:211203495394:trail": { - "region": "sa-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-1:211203495394:trail": { - "region": "ap-northeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-south-1:211203495394:trail": { - "region": "ap-south-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-2:211203495394:trail": { - "region": "ap-southeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-1:211203495394:trail": { - "region": "ap-southeast-1", - "data_events": [], - "tags": [] - } - } - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:us-west-2:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-west-2" - }, - "remediation": { - "desc": "Enable CloudTrail logging management events in All Regions", - "references": [ - "https://docs.prowler.com/checks/aws/logging-policies/logging_14" - ] - }, - "risk_details": "AWS CloudTrail enables governance, compliance, operational auditing, and risk auditing of your AWS account. To meet FTR requirements, you must have management events enabled for all AWS accounts and in all regions and aggregate these logs into an Amazon Simple Storage Service (Amazon S3) bucket owned by a separate AWS account.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudWatch log groups found with metric filters or alarms associated.", - "metadata": { - "event_code": "cloudwatch_changes_to_network_acls_alarm_configured", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudWatch log groups found with metric filters or alarms associated.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Logging and Monitoring", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_6_1", - "3_6_2", - "3_12_4" - ], - "HIPAA": [ - "164_308_a_6_i" - ], - "SOC2": [ - "cc_5_2", - "cc_7_2", - "cc_7_3", - "cc_7_4" - ], - "C5-2025": [ - "OIS-04.03B", - "OIS-04.01AC", - "OIS-04.02AC", - "HR-03.02AC", - "AM-09.03AC", - "OPS-11.02AC", - "OPS-13.03AC", - "OPS-26.05B", - "OPS-26.01AS", - "OPS-26.06B", - "PSS-04.01B" - ], - "NIST-CSF-1.1": [ - "ae_5", - "cm_2", - "cm_5", - "cp_4", - "ra_5" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-4", - "au-6-1-3", - "au-7-1", - "ca-7-a-b", - "ir-4-1", - "ir-4-1", - "si-4-2", - "si-4-4", - "si-4-5", - "si-4-a-b-c" - ], - "CIS-3.0": [ - "4.11" - ], - "NIST-800-53-Revision-5": [ - "au_6_1", - "au_6_5", - "au_12_3", - "au_14_a", - "au_14_b", - "ca_2_2", - "ca_7", - "ca_7_b", - "pm_14_a_1", - "pm_14_b", - "pm_31", - "sc_36_1_a", - "si_2_a", - "si_4_12", - "si_5_1", - "si_5_b" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "4.11" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "ca-7", - "ir-4" - ], - "FFIEC": [ - "d5-dr-de-b-1", - "d5-dr-de-b-3" - ], - "CIS-5.0": [ - "4.11" - ], - "CIS-1.4": [ - "4.11" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR02", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN02.AR01", - "CCC.Core.CN09.AR03", - "CCC.Core.CN04.AR01" - ], - "ProwlerThreatScore-1.0": [ - "3.3.12" - ], - "CIS-1.5": [ - "4.11" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP04" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "NIST-800-53-Revision-4": [ - "ac_2_4", - "au_6_1", - "au_6_3", - "au_7_1", - "ca_7", - "ir_4_1", - "si_4_2", - "si_4_4", - "si_4_5", - "si_4" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1496" - ], - "CIS-2.0": [ - "4.11" - ], - "NIS2": [ - "2.2.3", - "3.2.3.a", - "3.2.3.c", - "3.2.3.f", - "6.4.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Ensure a log metric filter and alarm exist for changes to Network Access Control Lists (NACL).", - "title": "Ensure a log metric filter and alarm exist for changes to Network Access Control Lists (NACL).", - "types": [ - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudwatch_changes_to_network_acls_alarm_configured-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudwatch" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudWatchAlarm", - "uid": "arn:aws:logs:us-east-1:211203495394:log-group" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "It is recommended that a metric filter and alarm be established for unauthorized requests.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html" - ] - }, - "risk_details": "Monitoring unauthorized API calls will help reveal application errors and may reduce time to detect malicious activity.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudWatch log groups found with metric filters or alarms associated.", - "metadata": { - "event_code": "cloudwatch_changes_to_network_gateways_alarm_configured", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudWatch log groups found with metric filters or alarms associated.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Logging and Monitoring", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_6_1", - "3_6_2", - "3_12_4" - ], - "HIPAA": [ - "164_308_a_6_i" - ], - "SOC2": [ - "cc_5_2", - "cc_7_2", - "cc_7_3", - "cc_7_4" - ], - "C5-2025": [ - "OIS-04.03B", - "OIS-04.01AC", - "OIS-04.02AC", - "HR-03.02AC", - "AM-09.03AC", - "OPS-11.02AC", - "OPS-13.03AC", - "OPS-26.05B", - "OPS-26.01AS", - "OPS-26.06B", - "COS-03.02B", - "PSS-04.01B" - ], - "NIST-CSF-1.1": [ - "ae_5", - "cm_2", - "cm_5", - "cp_4", - "ra_5" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-4", - "au-6-1-3", - "au-7-1", - "ca-7-a-b", - "ir-4-1", - "ir-4-1", - "si-4-2", - "si-4-4", - "si-4-5", - "si-4-a-b-c" - ], - "CIS-3.0": [ - "4.12" - ], - "NIST-800-53-Revision-5": [ - "au_6_1", - "au_6_5", - "au_12_3", - "au_14_a", - "au_14_b", - "ca_2_2", - "ca_7", - "ca_7_b", - "pm_14_a_1", - "pm_14_b", - "pm_31", - "sc_36_1_a", - "si_2_a", - "si_4_12", - "si_5_1", - "si_5_b" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "4.12" - ], - "FedRAMP-Low-Revision-4": [ - "ir-4" - ], - "FFIEC": [ - "d5-dr-de-b-1", - "d5-dr-de-b-3" - ], - "CIS-5.0": [ - "4.12" - ], - "CIS-1.4": [ - "4.12" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR02", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN02.AR01", - "CCC.Core.CN09.AR03", - "CCC.Core.CN04.AR01" - ], - "ProwlerThreatScore-1.0": [ - "3.3.13" - ], - "CIS-1.5": [ - "4.12" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP04" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "NIST-800-53-Revision-4": [ - "ac_2_4", - "au_6_1", - "au_6_3", - "au_7_1", - "ca_7", - "ir_4_1", - "si_4_2", - "si_4_4", - "si_4_5", - "si_4" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1496" - ], - "CIS-2.0": [ - "4.12" - ], - "NIS2": [ - "2.2.3", - "3.2.3.a", - "3.2.3.c", - "3.2.3.f", - "3.2.4", - "6.4.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Ensure a log metric filter and alarm exist for changes to network gateways.", - "title": "Ensure a log metric filter and alarm exist for changes to network gateways.", - "types": [ - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudwatch_changes_to_network_gateways_alarm_configured-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudwatch" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudWatchAlarm", - "uid": "arn:aws:logs:us-east-1:211203495394:log-group" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "It is recommended that a metric filter and alarm be established for unauthorized requests.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html" - ] - }, - "risk_details": "Monitoring unauthorized API calls will help reveal application errors and may reduce time to detect malicious activity.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudWatch log groups found with metric filters or alarms associated.", - "metadata": { - "event_code": "cloudwatch_changes_to_network_route_tables_alarm_configured", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudWatch log groups found with metric filters or alarms associated.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_6_1", - "3_6_2", - "3_12_4" - ], - "HIPAA": [ - "164_308_a_6_i" - ], - "SOC2": [ - "cc_5_2", - "cc_7_2", - "cc_7_3", - "cc_7_4" - ], - "C5-2025": [ - "OIS-04.03B", - "OIS-04.01AC", - "OIS-04.02AC", - "HR-03.02AC", - "AM-09.03AC", - "OPS-13.03AC", - "OPS-26.06B", - "COS-03.02B", - "PSS-04.01B" - ], - "NIST-CSF-1.1": [ - "ae_5", - "cm_2", - "cm_5", - "cp_4", - "ra_5" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-4", - "au-6-1-3", - "au-7-1", - "ca-7-a-b", - "ir-4-1", - "ir-4-1", - "si-4-2", - "si-4-4", - "si-4-5", - "si-4-a-b-c" - ], - "CIS-3.0": [ - "4.13" - ], - "NIST-800-53-Revision-5": [ - "au_6_1", - "au_6_5", - "au_12_3", - "au_14_a", - "au_14_b", - "ca_2_2", - "ca_7", - "ca_7_b", - "pm_14_a_1", - "pm_14_b", - "pm_31", - "sc_36_1_a", - "si_2_a", - "si_4_12", - "si_5_1", - "si_5_b" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "4.13" - ], - "FedRAMP-Low-Revision-4": [ - "ir-4" - ], - "FFIEC": [ - "d5-dr-de-b-1", - "d5-dr-de-b-3" - ], - "CIS-5.0": [ - "4.13" - ], - "CIS-1.4": [ - "4.13" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR02", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN02.AR01", - "CCC.Core.CN09.AR03", - "CCC.Core.CN04.AR01" - ], - "ProwlerThreatScore-1.0": [ - "3.3.14" - ], - "CIS-1.5": [ - "4.13" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP04" - ], - "NIST-800-53-Revision-4": [ - "ac_2_4", - "au_6_1", - "au_6_3", - "au_7_1", - "ca_7", - "ir_4_1", - "si_4_2", - "si_4_4", - "si_4_5", - "si_4" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1496" - ], - "CIS-2.0": [ - "4.13" - ], - "NIS2": [ - "2.2.3", - "3.2.3.a", - "3.2.3.f", - "3.2.4", - "6.4.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Real-time monitoring of API calls can be achieved by directing Cloud Trail Logs to CloudWatch Logs, or an external Security information and event management (SIEM)environment, and establishing corresponding metric filters and alarms. Routing tablesare used to route network traffic between subnets and to network gateways. It isrecommended that a metric filter and alarm be established for changes to route tables.", - "title": "Ensure route table changes are monitored", - "types": [ - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudwatch_changes_to_network_route_tables_alarm_configured-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudwatch" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudWatchAlarm", - "uid": "arn:aws:logs:us-east-1:211203495394:log-group" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "If you are using CloudTrails and CloudWatch, perform the following to setup the metric filter, alarm, SNS topic, and subscription: 1. Create a metric filter based on filter pattern provided which checks for route table changes and the taken from audit step 1. aws logs put-metric-filter --log-group-name -- filter-name `` --metric-transformations metricName= `` ,metricNamespace='CISBenchmark',metricValue=1 --filter-pattern '{($.eventSource = ec2.amazonaws.com) && (($.eventName = CreateRoute) || ($.eventName = CreateRouteTable) || ($.eventName = ReplaceRoute) || ($.eventName = ReplaceRouteTableAssociation) || ($.eventName = DeleteRouteTable) || ($.eventName = DeleteRoute) || ($.eventName = DisassociateRouteTable)) }' Note: You can choose your own metricName and metricNamespace strings. Using the same metricNamespace for all Foundations Benchmark metrics will group them together. 2. Create an SNS topic that the alarm will notify aws sns create-topic --name Note: you can execute this command once and then re-use the same topic for all monitoring alarms. 3. Create an SNS subscription to the topic created in step 2 aws sns subscribe --topic-arn --protocol - -notification-endpoint Note: you can execute this command once and then re-use the SNS subscription for all monitoring alarms. 4. Create an alarm that is associated with the CloudWatch Logs Metric Filter created in step 1 and an SNS topic created in step 2 aws cloudwatch put-metric-alarm --alarm-name `` --metric-name `` --statistic Sum --period 300 - -threshold 1 --comparison-operator GreaterThanOrEqualToThreshold -- evaluation-periods 1 --namespace 'CISBenchmark' --alarm-actions ", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html" - ] - }, - "risk_details": "CloudWatch is an AWS native service that allows you to ob serve and monitor resources and applications. CloudTrail Logs can also be sent to an external Security informationand event management (SIEM) environment for monitoring and alerting.Monitoring changes to route tables will help ensure that all VPC traffic flows through anexpected path and prevent any accidental or intentional modifications that may lead touncontrolled network traffic. An alarm should be triggered every time an AWS API call isperformed to create, replace, delete, or disassociate a Route Table.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudWatch log groups found with metric filters or alarms associated.", - "metadata": { - "event_code": "cloudwatch_changes_to_vpcs_alarm_configured", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudWatch log groups found with metric filters or alarms associated.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Logging and Monitoring", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_6_1", - "3_6_2", - "3_12_4" - ], - "HIPAA": [ - "164_308_a_6_i" - ], - "SOC2": [ - "cc_5_2", - "cc_7_2", - "cc_7_3", - "cc_7_4" - ], - "C5-2025": [ - "OIS-04.03B", - "OIS-04.01AC", - "OIS-04.02AC", - "HR-03.02AC", - "AM-09.03AC", - "OPS-11.02AC", - "OPS-13.03AC", - "OPS-26.05B", - "OPS-26.01AS", - "OPS-26.06B", - "COS-03.02B", - "PSS-04.01B" - ], - "NIST-CSF-1.1": [ - "ae_5", - "cm_2", - "cm_5", - "cp_4", - "ra_5" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-4", - "au-6-1-3", - "au-7-1", - "ca-7-a-b", - "ir-4-1", - "ir-4-1", - "si-4-2", - "si-4-4", - "si-4-5", - "si-4-a-b-c" - ], - "CIS-3.0": [ - "4.14" - ], - "NIST-800-53-Revision-5": [ - "au_6_1", - "au_6_5", - "au_12_3", - "au_14_a", - "au_14_b", - "ca_2_2", - "ca_7", - "ca_7_b", - "pm_14_a_1", - "pm_14_b", - "pm_31", - "sc_36_1_a", - "si_2_a", - "si_4_12", - "si_5_1", - "si_5_b" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "4.14" - ], - "FedRAMP-Low-Revision-4": [ - "ir-4" - ], - "FFIEC": [ - "d5-dr-de-b-1", - "d5-dr-de-b-3" - ], - "CIS-5.0": [ - "4.14" - ], - "CIS-1.4": [ - "4.14" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR02", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN02.AR01", - "CCC.Core.CN09.AR03", - "CCC.Core.CN04.AR01" - ], - "ProwlerThreatScore-1.0": [ - "3.3.15" - ], - "CIS-1.5": [ - "4.14" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP04" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "NIST-800-53-Revision-4": [ - "ac_2_4", - "au_6_1", - "au_6_3", - "au_7_1", - "ca_7", - "ir_4_1", - "si_4_2", - "si_4_4", - "si_4_5", - "si_4" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1496" - ], - "CIS-2.0": [ - "4.14" - ], - "NIS2": [ - "2.2.3", - "3.2.3.c", - "3.2.3.f", - "3.2.4", - "6.4.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Ensure a log metric filter and alarm exist for VPC changes.", - "title": "Ensure a log metric filter and alarm exist for VPC changes.", - "types": [ - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudwatch_changes_to_vpcs_alarm_configured-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudwatch" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudWatchAlarm", - "uid": "arn:aws:logs:us-east-1:211203495394:log-group" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "It is recommended that a metric filter and alarm be established for unauthorized requests.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html" - ] - }, - "risk_details": "Monitoring unauthorized API calls will help reveal application errors and may reduce time to detect malicious activity.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "CloudWatch doesn't allow cross-account sharing.", - "metadata": { - "event_code": "cloudwatch_cross_account_sharing_disabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "CloudWatch doesn't allow cross-account sharing.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/Cross-Account-Cross-Region.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-04.01AC", - "PSS-04.01B" - ], - "ENS-RD2022": [ - "op.acc.4.aws.iam.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.2", - "2.10.1", - "2.10.2" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC03-BP01" - ], - "KISA-ISMS-P-2023": [ - "2.6.2", - "2.10.1", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Check if CloudWatch has allowed cross-account sharing.", - "title": "Check if CloudWatch has allowed cross-account sharing.", - "types": [ - "Logging and Monitoring" - ], - "uid": "prowler-aws-cloudwatch_cross_account_sharing_disabled-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudwatch" - }, - "labels": [], - "name": "211203495394", - "type": "AwsAccount", - "uid": "arn:aws:iam:us-east-1:211203495394:role" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Grant usage permission on a per-resource basis to enforce least privilege and Zero Trust principles.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/Cross-Account-Cross-Region.html" - ] - }, - "risk_details": "Cross-Account access to CloudWatch could increase the risk of compromising information between accounts.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudWatch log groups found with metric filters or alarms associated.", - "metadata": { - "event_code": "cloudwatch_log_metric_filter_and_alarm_for_aws_config_configuration_changes_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudWatch log groups found with metric filters or alarms associated.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Logging and Monitoring", - "compliance": { - "SOC2": [ - "cc_5_2" - ], - "C5-2025": [ - "OIS-04.03B", - "OIS-04.01AC", - "OIS-04.02AC", - "HR-03.02AC", - "AM-01.01AC", - "AM-09.03AC", - "OPS-11.02AC", - "OPS-13.03AC", - "OPS-26.05B", - "OPS-26.01AS", - "OPS-26.06B", - "PSS-04.01B" - ], - "NIST-CSF-1.1": [ - "cm_2", - "ra_5", - "sc_4" - ], - "CIS-3.0": [ - "4.9" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "4.9" - ], - "GDPR": [ - "article_25" - ], - "CIS-5.0": [ - "4.9" - ], - "CIS-1.4": [ - "4.9" - ], - "CCC": [ - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.Core.CN04.AR01" - ], - "ProwlerThreatScore-1.0": [ - "3.3.10" - ], - "CIS-1.5": [ - "4.9" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP04" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "KISA-ISMS-P-2023": [ - "2.10.1", - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1496" - ], - "CIS-2.0": [ - "4.9" - ], - "NIS2": [ - "2.2.3", - "3.2.3.c", - "3.2.3.f", - "3.2.3.g", - "3.5.4", - "7.2.b" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Ensure a log metric filter and alarm exist for AWS Config configuration changes.", - "title": "Ensure a log metric filter and alarm exist for AWS Config configuration changes.", - "types": [ - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudwatch_log_metric_filter_and_alarm_for_aws_config_configuration_changes_enabled-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudwatch" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudWatchAlarm", - "uid": "arn:aws:logs:us-east-1:211203495394:log-group" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "It is recommended that a metric filter and alarm be established for unauthorized requests.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html" - ] - }, - "risk_details": "Monitoring unauthorized API calls will help reveal application errors and may reduce time to detect malicious activity.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudWatch log groups found with metric filters or alarms associated.", - "metadata": { - "event_code": "cloudwatch_log_metric_filter_and_alarm_for_cloudtrail_configuration_changes_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudWatch log groups found with metric filters or alarms associated.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Logging and Monitoring", - "compliance": { - "SOC2": [ - "cc_5_2" - ], - "C5-2025": [ - "OIS-04.03B", - "OIS-04.01AC", - "OIS-04.02AC", - "HR-03.02AC", - "AM-01.01AC", - "AM-09.03AC", - "OPS-11.02AC", - "OPS-13.03AC", - "OPS-26.05B", - "OPS-26.01AS", - "OPS-26.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-04.01B" - ], - "NIST-CSF-1.1": [ - "cm_2", - "ra_5", - "sc_4" - ], - "CIS-3.0": [ - "4.5" - ], - "ENS-RD2022": [ - "op.exp.8.aws.ct.2", - "op.exp.8.r1.aws.ct.2", - "op.exp.8.r1.aws.ct.3" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "4.5" - ], - "GDPR": [ - "article_25" - ], - "CIS-5.0": [ - "4.5" - ], - "CIS-1.4": [ - "4.5" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN03.AR02", - "CCC.LB.CN04.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Monitor.CN02.AR01", - "CCC.Core.CN09.AR02", - "CCC.Core.CN09.AR03", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR03" - ], - "ProwlerThreatScore-1.0": [ - "3.3.6" - ], - "CIS-1.5": [ - "4.5" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP04" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "AWS-Account-Security-Onboarding": [ - "Critical alert on cloudtrail settings changes" - ], - "KISA-ISMS-P-2023": [ - "2.10.1", - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1496" - ], - "CIS-2.0": [ - "4.5" - ], - "CISA": [ - "your-data-2" - ], - "NIS2": [ - "2.2.3", - "3.2.3.c", - "3.2.3.f", - "3.2.3.g", - "3.2.4", - "3.5.4", - "7.2.b" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Ensure a log metric filter and alarm exist for CloudTrail configuration changes.", - "title": "Ensure a log metric filter and alarm exist for CloudTrail configuration changes.", - "types": [ - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudwatch_log_metric_filter_and_alarm_for_cloudtrail_configuration_changes_enabled-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudwatch" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudWatchAlarm", - "uid": "arn:aws:logs:us-east-1:211203495394:log-group" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "It is recommended that a metric filter and alarm be established for unauthorized requests.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html" - ] - }, - "risk_details": "Monitoring unauthorized API calls will help reveal application errors and may reduce time to detect malicious activity.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudWatch log groups found with metric filters or alarms associated.", - "metadata": { - "event_code": "cloudwatch_log_metric_filter_authentication_failures", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudWatch log groups found with metric filters or alarms associated.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Logging and Monitoring", - "compliance": { - "HIPAA": [ - "164_308_a_5_ii_c", - "164_308_a_6_i", - "164_308_a_6_ii" - ], - "C5-2025": [ - "OIS-04.01AC", - "OIS-04.02AC", - "HR-03.02AC", - "AM-01.01AC", - "AM-09.03AC", - "OPS-11.02AC", - "OPS-26.05B", - "OPS-26.01AS", - "OPS-26.06B", - "IAM-03.01AC", - "PSS-04.01B" - ], - "NIST-CSF-1.1": [ - "cm_2", - "ra_5", - "sc_4" - ], - "CIS-3.0": [ - "4.6" - ], - "ENS-RD2022": [ - "op.exp.8.aws.ct.5" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "4.6" - ], - "GDPR": [ - "article_25" - ], - "CIS-5.0": [ - "4.6" - ], - "CIS-1.4": [ - "4.6" - ], - "CCC": [ - "CCC.Monitor.CN02.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR03" - ], - "ProwlerThreatScore-1.0": [ - "3.3.7" - ], - "CIS-1.5": [ - "4.6" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP04" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "AWS-Account-Security-Onboarding": [ - "Alert on rise of ConsoleLoginFailures events" - ], - "KISA-ISMS-P-2023": [ - "2.10.1", - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1496" - ], - "CIS-2.0": [ - "4.6" - ], - "NIS2": [ - "3.2.3.c", - "3.2.3.d", - "3.2.3.g", - "3.5.4", - "7.2.b" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Ensure a log metric filter and alarm exist for AWS Management Console authentication failures.", - "title": "Ensure a log metric filter and alarm exist for AWS Management Console authentication failures.", - "types": [ - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudwatch_log_metric_filter_authentication_failures-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudwatch" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudWatchAlarm", - "uid": "arn:aws:logs:us-east-1:211203495394:log-group" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "It is recommended that a metric filter and alarm be established for unauthorized requests.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html" - ] - }, - "risk_details": "Monitoring unauthorized API calls will help reveal application errors and may reduce time to detect malicious activity.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudWatch log groups found with metric filters or alarms associated.", - "metadata": { - "event_code": "cloudwatch_log_metric_filter_aws_organizations_changes", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudWatch log groups found with metric filters or alarms associated.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Logging and Monitoring", - "compliance": { - "SOC2": [ - "cc_5_2" - ], - "C5-2025": [ - "OIS-04.03B", - "OIS-04.01AC", - "OIS-04.02AC", - "HR-03.02AC", - "AM-01.01AC", - "AM-09.03AC", - "OPS-11.02AC", - "OPS-26.05B", - "OPS-26.01AS", - "OPS-26.06B", - "PSS-04.01B" - ], - "CIS-3.0": [ - "4.15" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "4.15" - ], - "CIS-5.0": [ - "4.15" - ], - "CIS-1.4": [ - "4.15" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR02" - ], - "ProwlerThreatScore-1.0": [ - "3.3.16" - ], - "CIS-1.5": [ - "4.15" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP04" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "KISA-ISMS-P-2023": [ - "2.10.1", - "2.10.2", - "2.11.3" - ], - "MITRE-ATTACK": [ - "T1496" - ], - "CIS-2.0": [ - "4.15" - ], - "NIS2": [ - "2.2.3", - "3.2.2", - "3.2.3.b", - "3.2.3.c", - "3.2.3.f", - "3.2.3.g", - "3.5.4", - "7.2.b", - "11.5.2.d" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Ensure a log metric filter and alarm exist for AWS Organizations changes.", - "title": "Ensure a log metric filter and alarm exist for AWS Organizations changes.", - "types": [ - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudwatch_log_metric_filter_aws_organizations_changes-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudwatch" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudWatchAlarm", - "uid": "arn:aws:logs:us-east-1:211203495394:log-group" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "It is recommended that a metric filter and alarm be established for unauthorized requests.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html" - ] - }, - "risk_details": "Monitoring unauthorized API calls will help reveal application errors and may reduce time to detect malicious activity.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudWatch log groups found with metric filters or alarms associated.", - "metadata": { - "event_code": "cloudwatch_log_metric_filter_disable_or_scheduled_deletion_of_kms_cmk", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudWatch log groups found with metric filters or alarms associated.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Logging and Monitoring", - "compliance": { - "C5-2025": [ - "OIS-04.02AC", - "OIS-08.02B", - "HR-03.02AC", - "AM-01.01AC", - "AM-07.02B", - "AM-09.03AC", - "OPS-11.02AC", - "OPS-26.05B", - "OPS-26.01AS", - "OPS-26.06B", - "CRY-05.02B", - "PSS-04.01B" - ], - "NIST-CSF-1.1": [ - "cm_2", - "ra_5", - "sc_4" - ], - "CIS-3.0": [ - "4.7" - ], - "ENS-RD2022": [ - "op.exp.10.aws.cmk.4", - "op.exp.10.aws.cmk.5" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "4.7" - ], - "GDPR": [ - "article_25" - ], - "CIS-5.0": [ - "4.7" - ], - "CIS-1.4": [ - "4.7" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR02", - "CCC.Core.CN04.AR01" - ], - "ProwlerThreatScore-1.0": [ - "3.3.8" - ], - "CIS-1.5": [ - "4.7" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP04" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "KISA-ISMS-P-2023": [ - "2.10.1", - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.10.1", - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1485", - "T1496" - ], - "CIS-2.0": [ - "4.7" - ], - "NIS2": [ - "3.2.3.c", - "3.2.3.g", - "3.5.4", - "7.2.b" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Ensure a log metric filter and alarm exist for disabling or scheduled deletion of customer created KMS CMKs.", - "title": "Ensure a log metric filter and alarm exist for disabling or scheduled deletion of customer created KMS CMKs.", - "types": [ - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudwatch_log_metric_filter_disable_or_scheduled_deletion_of_kms_cmk-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudwatch" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudWatchAlarm", - "uid": "arn:aws:logs:us-east-1:211203495394:log-group" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "It is recommended that a metric filter and alarm be established for unauthorized requests.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html" - ] - }, - "risk_details": "Monitoring unauthorized API calls will help reveal application errors and may reduce time to detect malicious activity.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudWatch log groups found with metric filters or alarms associated.", - "metadata": { - "event_code": "cloudwatch_log_metric_filter_for_s3_bucket_policy_changes", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudWatch log groups found with metric filters or alarms associated.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Logging and Monitoring", - "compliance": { - "SOC2": [ - "cc_5_2" - ], - "C5-2025": [ - "OIS-04.03B", - "OIS-04.01AC", - "OIS-04.02AC", - "HR-03.02AC", - "AM-01.01AC", - "AM-09.03AC", - "OPS-11.02AC", - "OPS-26.05B", - "OPS-26.01AS", - "OPS-26.06B", - "PSS-04.01B" - ], - "NIST-CSF-1.1": [ - "cm_2", - "ra_5", - "sc_4" - ], - "CIS-3.0": [ - "4.8" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "4.8" - ], - "GDPR": [ - "article_25" - ], - "CIS-5.0": [ - "4.8" - ], - "CIS-1.4": [ - "4.8" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR02", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.Core.CN04.AR01" - ], - "ProwlerThreatScore-1.0": [ - "3.3.9" - ], - "CIS-1.5": [ - "4.8" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP04" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "KISA-ISMS-P-2023": [ - "2.10.1", - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1496" - ], - "CIS-2.0": [ - "4.8" - ], - "NIS2": [ - "2.2.3", - "3.2.3.b", - "3.2.3.c", - "3.2.3.f", - "3.2.3.g", - "3.5.4", - "7.2.b" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Ensure a log metric filter and alarm exist for S3 bucket policy changes.", - "title": "Ensure a log metric filter and alarm exist for S3 bucket policy changes.", - "types": [ - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudwatch_log_metric_filter_for_s3_bucket_policy_changes-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudwatch" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudWatchAlarm", - "uid": "arn:aws:logs:us-east-1:211203495394:log-group" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "It is recommended that a metric filter and alarm be established for unauthorized requests.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html" - ] - }, - "risk_details": "Monitoring unauthorized API calls will help reveal application errors and may reduce time to detect malicious activity.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudWatch log groups found with metric filters or alarms associated.", - "metadata": { - "event_code": "cloudwatch_log_metric_filter_policy_changes", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudWatch log groups found with metric filters or alarms associated.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Logging and Monitoring", - "compliance": { - "SOC2": [ - "cc_5_2" - ], - "C5-2025": [ - "OIS-04.03B", - "OIS-04.01AC", - "OIS-04.02AC", - "HR-03.02AC", - "AM-01.01AC", - "AM-09.03AC", - "OPS-11.02AC", - "OPS-26.05B", - "OPS-26.01AS", - "OPS-26.06B", - "PSS-04.01B" - ], - "NIST-CSF-1.1": [ - "cm_2", - "ra_5", - "sc_4" - ], - "CIS-3.0": [ - "4.4" - ], - "ENS-RD2022": [ - "op.exp.8.aws.ct.5" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "4.4" - ], - "GDPR": [ - "article_25" - ], - "PCI-3.2.1": [ - "8.1", - "8.1.2" - ], - "CIS-5.0": [ - "4.4" - ], - "CIS-1.4": [ - "4.4" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.Core.CN04.AR01" - ], - "ProwlerThreatScore-1.0": [ - "3.3.5" - ], - "CIS-1.5": [ - "4.4" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP04" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "KISA-ISMS-P-2023": [ - "2.10.1", - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1496" - ], - "CIS-2.0": [ - "4.4" - ], - "NIS2": [ - "2.2.3", - "3.2.2", - "3.2.3.b", - "3.2.3.c", - "3.2.3.f", - "3.2.3.g", - "3.5.4", - "7.2.b", - "11.5.2.d" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Ensure a log metric filter and alarm exist for IAM policy changes.", - "title": "Ensure a log metric filter and alarm exist for IAM policy changes.", - "types": [ - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudwatch_log_metric_filter_policy_changes-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudwatch" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudWatchAlarm", - "uid": "arn:aws:logs:us-east-1:211203495394:log-group" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "It is recommended that a metric filter and alarm be established for unauthorized requests.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html" - ] - }, - "risk_details": "Monitoring unauthorized API calls will help reveal application errors and may reduce time to detect malicious activity.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudWatch log groups found with metric filters or alarms associated.", - "metadata": { - "event_code": "cloudwatch_log_metric_filter_root_usage", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudWatch log groups found with metric filters or alarms associated.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Logging and Monitoring", - "compliance": { - "HIPAA": [ - "164_308_a_6_i", - "164_308_a_6_ii" - ], - "C5-2025": [ - "OIS-04.01AC", - "OIS-04.02AC", - "HR-03.02AC", - "AM-01.01AC", - "AM-09.03AC", - "OPS-11.02AC", - "OPS-26.05B", - "OPS-26.01AS", - "OPS-26.06B", - "IAM-03.01B", - "IAM-03.03B", - "IAM-06.04B", - "IAM-06.05B", - "PSS-04.01B" - ], - "NIST-CSF-1.1": [ - "cm_2", - "ra_5", - "sc_4" - ], - "CIS-3.0": [ - "4.3" - ], - "ENS-RD2022": [ - "op.exp.8.aws.ct.5", - "op.exp.8.aws.cw.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "4.3" - ], - "GDPR": [ - "article_25" - ], - "PCI-3.2.1": [ - "7.2", - "7.2.1" - ], - "CIS-5.0": [ - "4.3" - ], - "CIS-1.4": [ - "4.3" - ], - "CCC": [ - "CCC.Core.CN04.AR01" - ], - "ProwlerThreatScore-1.0": [ - "3.3.4" - ], - "CIS-1.5": [ - "4.3" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP04" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "AWS-Account-Security-Onboarding": [ - "Critical alert on every root user activity" - ], - "KISA-ISMS-P-2023": [ - "2.10.1", - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1496" - ], - "CIS-2.0": [ - "4.3" - ], - "NIS2": [ - "2.3.1", - "3.2.1", - "3.2.2", - "3.2.3.c", - "3.2.3.e", - "3.2.3.g", - "3.5.4", - "7.2.b", - "9.2.c.vii" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Ensure a log metric filter and alarm exist for usage of root account.", - "title": "Ensure a log metric filter and alarm exist for usage of root account.", - "types": [ - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudwatch_log_metric_filter_root_usage-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudwatch" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudWatchAlarm", - "uid": "arn:aws:logs:us-east-1:211203495394:log-group" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "It is recommended that a metric filter and alarm be established for unauthorized requests.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html" - ] - }, - "risk_details": "Monitoring unauthorized API calls will help reveal application errors and may reduce time to detect malicious activity.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudWatch log groups found with metric filters or alarms associated.", - "metadata": { - "event_code": "cloudwatch_log_metric_filter_security_group_changes", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudWatch log groups found with metric filters or alarms associated.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Logging and Monitoring", - "compliance": { - "SOC2": [ - "cc_5_2" - ], - "C5-2025": [ - "OIS-04.03B", - "OIS-04.01AC", - "OIS-04.02AC", - "HR-03.02AC", - "AM-01.01AC", - "AM-09.03AC", - "OPS-11.02AC", - "OPS-26.05B", - "OPS-26.01AS", - "OPS-26.06B", - "PSS-04.01B" - ], - "NIST-CSF-1.1": [ - "cm_2", - "ra_5", - "sc_4" - ], - "CIS-3.0": [ - "4.10" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "4.10" - ], - "GDPR": [ - "article_25" - ], - "CIS-5.0": [ - "4.10" - ], - "CIS-1.4": [ - "4.10" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.Core.CN04.AR01" - ], - "ProwlerThreatScore-1.0": [ - "3.3.11" - ], - "CIS-1.5": [ - "4.10" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP04" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "KISA-ISMS-P-2023": [ - "2.10.1", - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1496" - ], - "CIS-2.0": [ - "4.10" - ], - "NIS2": [ - "2.2.3", - "3.2.2", - "3.2.3.b", - "3.2.3.c", - "3.2.3.f", - "3.2.3.g", - "3.5.4", - "11.5.2.d" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Ensure a log metric filter and alarm exist for security group changes.", - "title": "Ensure a log metric filter and alarm exist for security group changes.", - "types": [ - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudwatch_log_metric_filter_security_group_changes-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudwatch" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudWatchAlarm", - "uid": "arn:aws:logs:us-east-1:211203495394:log-group" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "It is recommended that a metric filter and alarm be established for unauthorized requests.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html" - ] - }, - "risk_details": "Monitoring unauthorized API calls will help reveal application errors and may reduce time to detect malicious activity.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudWatch log groups found with metric filters or alarms associated.", - "metadata": { - "event_code": "cloudwatch_log_metric_filter_sign_in_without_mfa", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudWatch log groups found with metric filters or alarms associated.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Logging and Monitoring", - "compliance": { - "C5-2025": [ - "OIS-04.01AC", - "OIS-04.02AC", - "HR-03.02AC", - "AM-01.01AC", - "AM-09.03AC", - "OPS-11.02AC", - "OPS-16.01B", - "OPS-26.05B", - "OPS-26.01AS", - "OPS-26.06B", - "IAM-03.01AC", - "IAM-09.02B", - "IAM-09.01AC", - "PSS-04.01B", - "PSS-05.01B", - "PSS-07.02B" - ], - "NIST-CSF-1.1": [ - "cm_2", - "ra_5", - "sc_4" - ], - "CIS-3.0": [ - "4.2" - ], - "ENS-RD2022": [ - "op.exp.8.aws.ct.5" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "4.2" - ], - "GDPR": [ - "article_25" - ], - "CIS-5.0": [ - "4.2" - ], - "CIS-1.4": [ - "4.2" - ], - "CCC": [ - "CCC.Core.CN04.AR01" - ], - "ProwlerThreatScore-1.0": [ - "3.3.3" - ], - "CIS-1.5": [ - "4.2" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP04" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "KISA-ISMS-P-2023": [ - "2.10.1", - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1496" - ], - "CIS-2.0": [ - "4.2" - ], - "NIS2": [ - "3.2.3.c", - "3.2.3.d", - "3.2.3.g", - "3.5.4", - "9.2.c.vii", - "11.7.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Ensure a log metric filter and alarm exist for Management Console sign-in without MFA.", - "title": "Ensure a log metric filter and alarm exist for Management Console sign-in without MFA.", - "types": [ - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudwatch_log_metric_filter_sign_in_without_mfa-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudwatch" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudWatchAlarm", - "uid": "arn:aws:logs:us-east-1:211203495394:log-group" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "It is recommended that a metric filter and alarm be established for unauthorized requests.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html" - ] - }, - "risk_details": "Monitoring unauthorized API calls will help reveal application errors and may reduce time to detect malicious activity.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudWatch log groups found with metric filters or alarms associated.", - "metadata": { - "event_code": "cloudwatch_log_metric_filter_unauthorized_api_calls", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudWatch log groups found with metric filters or alarms associated.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Logging and Monitoring", - "compliance": { - "C5-2025": [ - "OIS-04.01AC", - "OIS-04.02AC", - "HR-03.02AC", - "AM-01.01AC", - "AM-09.03AC", - "OPS-11.02AC", - "OPS-26.05B", - "OPS-26.01AS", - "OPS-26.06B", - "IAM-06.05B", - "PSS-04.01B" - ], - "NIST-CSF-1.1": [ - "cm_2", - "ra_5", - "sc_4" - ], - "CIS-3.0": [ - "4.1" - ], - "ENS-RD2022": [ - "op.exp.8.aws.ct.5" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "4.1" - ], - "GDPR": [ - "article_25" - ], - "CIS-5.0": [ - "4.1" - ], - "CIS-1.4": [ - "4.1" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.Core.CN04.AR01" - ], - "ProwlerThreatScore-1.0": [ - "3.3.2" - ], - "CIS-1.5": [ - "4.1" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP04" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "KISA-ISMS-P-2023": [ - "2.10.1", - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1496" - ], - "CIS-2.0": [ - "4.1" - ], - "NIS2": [ - "3.2.3.c", - "3.2.3.g", - "3.2.4", - "3.4.2.c", - "3.5.4" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Ensure a log metric filter and alarm exist for unauthorized API calls.", - "title": "Ensure a log metric filter and alarm exist for unauthorized API calls.", - "types": [ - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudwatch_log_metric_filter_unauthorized_api_calls-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudwatch" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudWatchAlarm", - "uid": "arn:aws:logs:us-east-1:211203495394:log-group" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "It is recommended that a metric filter and alarm be established for unauthorized requests.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html" - ] - }, - "risk_details": "Monitoring unauthorized API calls will help reveal application errors and may reduce time to detect malicious activity.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "AWS Config recorder 211203495394 is disabled.", - "metadata": { - "event_code": "config_recorder_all_regions_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "AWS Config recorder 211203495394 is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "logging", - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://repost.aws/es/questions/QUGcgeerhcTamRkwgdwh_tLQ/enable-aws-config", - "https://www.tenable.com/audits/items/CIS_Amazon_Web_Services_Foundations_v1.5.0_L2.audit:6a5136528bd329139e5969f8f1e5ffbc", - "https://aws.amazon.com/blogs/mt/aws-config-best-practices/" - ], - "notes": "", - "compliance": { - "HIPAA": [ - "164_308_a_1_ii_a" - ], - "SOC2": [ - "cc_2_1", - "cc_3_1", - "cc_3_4", - "cc_8_1" - ], - "C5-2025": [ - "OIS-05.01B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "DEV-08.02B" - ], - "NIST-CSF-1.1": [ - "cm_2", - "am_1", - "ra_5", - "sc_4", - "ip_12" - ], - "CIS-3.0": [ - "3.3" - ], - "ENS-RD2022": [ - "op.exp.1.aws.cfg.1", - "op.exp.1.aws.cfg.2", - "op.exp.3.aws.cfg.1", - "op.exp.3.r3.aws.cfg.1", - "op.mon.3.r2.aws.cfg.1", - "op.mon.3.r6.aws.cfg.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "3.3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "2.4", - "2.4.a", - "10.5", - "10.5.2", - "11.5", - "11.5.a", - "11.5.b" - ], - "CIS-5.0": [ - "3.3" - ], - "CIS-1.4": [ - "3.5" - ], - "GxP-EU-Annex-11": [ - "10-change-and-configuration-management", - "4.5-validation-development-quality", - "4.6-validation-quality-performance" - ], - "ProwlerThreatScore-1.0": [ - "3.3.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "Config.1" - ], - "CIS-1.5": [ - "3.5" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.22" - ], - "AWS-Account-Security-Onboarding": [ - "Enable continuous recording for most of the resources", - "Confirm that records are present in central aggregator" - ], - "KISA-ISMS-P-2023": [ - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1190", - "T1078", - "T1204", - "T1098", - "T1136", - "T1525", - "T1562", - "T1110", - "T1040", - "T1119", - "T1530", - "T1485", - "T1486", - "T1491", - "T1499", - "T1496", - "T1498" - ], - "CIS-2.0": [ - "3.5" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "**AWS accounts** have **AWS Config recorders** active and healthy in each Region. It identifies Regions with no recorder, a disabled recorder, or a recorder in a failure state.", - "title": "AWS Config recorder is enabled and not in failure state or disabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-config_recorder_all_regions_enabled-211203495394-ap-northeast-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-northeast-1", - "data": { - "details": "", - "metadata": { - "name": "211203495394", - "role_arn": "", - "recording": null, - "last_status": null, - "region": "ap-northeast-1" - } - }, - "group": { - "name": "config" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:config:ap-northeast-1:211203495394:recorder" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-northeast-1" - }, - "remediation": { - "desc": "Enable **AWS Config** in every Region with continuous recording and maintain healthy recorder status.", - "references": [ - "https://hub.prowler.com/check/config_recorder_all_regions_enabled" - ] - }, - "risk_details": "**Gaps in Config recording** create **blind spots**. Changes in unmonitored Regions aren't captured, weakening **integrity** and **auditability**. Adversaries can alter resources or stage assets unnoticed, enabling misconfigurations and delaying **incident response**.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "AWS Config recorder 211203495394 is disabled.", - "metadata": { - "event_code": "config_recorder_all_regions_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "AWS Config recorder 211203495394 is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "logging", - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://repost.aws/es/questions/QUGcgeerhcTamRkwgdwh_tLQ/enable-aws-config", - "https://www.tenable.com/audits/items/CIS_Amazon_Web_Services_Foundations_v1.5.0_L2.audit:6a5136528bd329139e5969f8f1e5ffbc", - "https://aws.amazon.com/blogs/mt/aws-config-best-practices/" - ], - "notes": "", - "compliance": { - "HIPAA": [ - "164_308_a_1_ii_a" - ], - "SOC2": [ - "cc_2_1", - "cc_3_1", - "cc_3_4", - "cc_8_1" - ], - "C5-2025": [ - "OIS-05.01B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "DEV-08.02B" - ], - "NIST-CSF-1.1": [ - "cm_2", - "am_1", - "ra_5", - "sc_4", - "ip_12" - ], - "CIS-3.0": [ - "3.3" - ], - "ENS-RD2022": [ - "op.exp.1.aws.cfg.1", - "op.exp.1.aws.cfg.2", - "op.exp.3.aws.cfg.1", - "op.exp.3.r3.aws.cfg.1", - "op.mon.3.r2.aws.cfg.1", - "op.mon.3.r6.aws.cfg.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "3.3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "2.4", - "2.4.a", - "10.5", - "10.5.2", - "11.5", - "11.5.a", - "11.5.b" - ], - "CIS-5.0": [ - "3.3" - ], - "CIS-1.4": [ - "3.5" - ], - "GxP-EU-Annex-11": [ - "10-change-and-configuration-management", - "4.5-validation-development-quality", - "4.6-validation-quality-performance" - ], - "ProwlerThreatScore-1.0": [ - "3.3.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "Config.1" - ], - "CIS-1.5": [ - "3.5" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.22" - ], - "AWS-Account-Security-Onboarding": [ - "Enable continuous recording for most of the resources", - "Confirm that records are present in central aggregator" - ], - "KISA-ISMS-P-2023": [ - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1190", - "T1078", - "T1204", - "T1098", - "T1136", - "T1525", - "T1562", - "T1110", - "T1040", - "T1119", - "T1530", - "T1485", - "T1486", - "T1491", - "T1499", - "T1496", - "T1498" - ], - "CIS-2.0": [ - "3.5" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "**AWS accounts** have **AWS Config recorders** active and healthy in each Region. It identifies Regions with no recorder, a disabled recorder, or a recorder in a failure state.", - "title": "AWS Config recorder is enabled and not in failure state or disabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-config_recorder_all_regions_enabled-211203495394-ap-northeast-2-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-northeast-2", - "data": { - "details": "", - "metadata": { - "name": "211203495394", - "role_arn": "", - "recording": null, - "last_status": null, - "region": "ap-northeast-2" - } - }, - "group": { - "name": "config" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:config:ap-northeast-2:211203495394:recorder" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-northeast-2" - }, - "remediation": { - "desc": "Enable **AWS Config** in every Region with continuous recording and maintain healthy recorder status.", - "references": [ - "https://hub.prowler.com/check/config_recorder_all_regions_enabled" - ] - }, - "risk_details": "**Gaps in Config recording** create **blind spots**. Changes in unmonitored Regions aren't captured, weakening **integrity** and **auditability**. Adversaries can alter resources or stage assets unnoticed, enabling misconfigurations and delaying **incident response**.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "AWS Config recorder 211203495394 is disabled.", - "metadata": { - "event_code": "config_recorder_all_regions_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "AWS Config recorder 211203495394 is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "logging", - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://repost.aws/es/questions/QUGcgeerhcTamRkwgdwh_tLQ/enable-aws-config", - "https://www.tenable.com/audits/items/CIS_Amazon_Web_Services_Foundations_v1.5.0_L2.audit:6a5136528bd329139e5969f8f1e5ffbc", - "https://aws.amazon.com/blogs/mt/aws-config-best-practices/" - ], - "notes": "", - "compliance": { - "HIPAA": [ - "164_308_a_1_ii_a" - ], - "SOC2": [ - "cc_2_1", - "cc_3_1", - "cc_3_4", - "cc_8_1" - ], - "C5-2025": [ - "OIS-05.01B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "DEV-08.02B" - ], - "NIST-CSF-1.1": [ - "cm_2", - "am_1", - "ra_5", - "sc_4", - "ip_12" - ], - "CIS-3.0": [ - "3.3" - ], - "ENS-RD2022": [ - "op.exp.1.aws.cfg.1", - "op.exp.1.aws.cfg.2", - "op.exp.3.aws.cfg.1", - "op.exp.3.r3.aws.cfg.1", - "op.mon.3.r2.aws.cfg.1", - "op.mon.3.r6.aws.cfg.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "3.3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "2.4", - "2.4.a", - "10.5", - "10.5.2", - "11.5", - "11.5.a", - "11.5.b" - ], - "CIS-5.0": [ - "3.3" - ], - "CIS-1.4": [ - "3.5" - ], - "GxP-EU-Annex-11": [ - "10-change-and-configuration-management", - "4.5-validation-development-quality", - "4.6-validation-quality-performance" - ], - "ProwlerThreatScore-1.0": [ - "3.3.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "Config.1" - ], - "CIS-1.5": [ - "3.5" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.22" - ], - "AWS-Account-Security-Onboarding": [ - "Enable continuous recording for most of the resources", - "Confirm that records are present in central aggregator" - ], - "KISA-ISMS-P-2023": [ - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1190", - "T1078", - "T1204", - "T1098", - "T1136", - "T1525", - "T1562", - "T1110", - "T1040", - "T1119", - "T1530", - "T1485", - "T1486", - "T1491", - "T1499", - "T1496", - "T1498" - ], - "CIS-2.0": [ - "3.5" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "**AWS accounts** have **AWS Config recorders** active and healthy in each Region. It identifies Regions with no recorder, a disabled recorder, or a recorder in a failure state.", - "title": "AWS Config recorder is enabled and not in failure state or disabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-config_recorder_all_regions_enabled-211203495394-ap-northeast-3-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-northeast-3", - "data": { - "details": "", - "metadata": { - "name": "211203495394", - "role_arn": "", - "recording": null, - "last_status": null, - "region": "ap-northeast-3" - } - }, - "group": { - "name": "config" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:config:ap-northeast-3:211203495394:recorder" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-northeast-3" - }, - "remediation": { - "desc": "Enable **AWS Config** in every Region with continuous recording and maintain healthy recorder status.", - "references": [ - "https://hub.prowler.com/check/config_recorder_all_regions_enabled" - ] - }, - "risk_details": "**Gaps in Config recording** create **blind spots**. Changes in unmonitored Regions aren't captured, weakening **integrity** and **auditability**. Adversaries can alter resources or stage assets unnoticed, enabling misconfigurations and delaying **incident response**.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "AWS Config recorder 211203495394 is disabled.", - "metadata": { - "event_code": "config_recorder_all_regions_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "AWS Config recorder 211203495394 is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "logging", - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://repost.aws/es/questions/QUGcgeerhcTamRkwgdwh_tLQ/enable-aws-config", - "https://www.tenable.com/audits/items/CIS_Amazon_Web_Services_Foundations_v1.5.0_L2.audit:6a5136528bd329139e5969f8f1e5ffbc", - "https://aws.amazon.com/blogs/mt/aws-config-best-practices/" - ], - "notes": "", - "compliance": { - "HIPAA": [ - "164_308_a_1_ii_a" - ], - "SOC2": [ - "cc_2_1", - "cc_3_1", - "cc_3_4", - "cc_8_1" - ], - "C5-2025": [ - "OIS-05.01B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "DEV-08.02B" - ], - "NIST-CSF-1.1": [ - "cm_2", - "am_1", - "ra_5", - "sc_4", - "ip_12" - ], - "CIS-3.0": [ - "3.3" - ], - "ENS-RD2022": [ - "op.exp.1.aws.cfg.1", - "op.exp.1.aws.cfg.2", - "op.exp.3.aws.cfg.1", - "op.exp.3.r3.aws.cfg.1", - "op.mon.3.r2.aws.cfg.1", - "op.mon.3.r6.aws.cfg.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "3.3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "2.4", - "2.4.a", - "10.5", - "10.5.2", - "11.5", - "11.5.a", - "11.5.b" - ], - "CIS-5.0": [ - "3.3" - ], - "CIS-1.4": [ - "3.5" - ], - "GxP-EU-Annex-11": [ - "10-change-and-configuration-management", - "4.5-validation-development-quality", - "4.6-validation-quality-performance" - ], - "ProwlerThreatScore-1.0": [ - "3.3.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "Config.1" - ], - "CIS-1.5": [ - "3.5" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.22" - ], - "AWS-Account-Security-Onboarding": [ - "Enable continuous recording for most of the resources", - "Confirm that records are present in central aggregator" - ], - "KISA-ISMS-P-2023": [ - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1190", - "T1078", - "T1204", - "T1098", - "T1136", - "T1525", - "T1562", - "T1110", - "T1040", - "T1119", - "T1530", - "T1485", - "T1486", - "T1491", - "T1499", - "T1496", - "T1498" - ], - "CIS-2.0": [ - "3.5" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "**AWS accounts** have **AWS Config recorders** active and healthy in each Region. It identifies Regions with no recorder, a disabled recorder, or a recorder in a failure state.", - "title": "AWS Config recorder is enabled and not in failure state or disabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-config_recorder_all_regions_enabled-211203495394-ap-south-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-south-1", - "data": { - "details": "", - "metadata": { - "name": "211203495394", - "role_arn": "", - "recording": null, - "last_status": null, - "region": "ap-south-1" - } - }, - "group": { - "name": "config" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:config:ap-south-1:211203495394:recorder" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-south-1" - }, - "remediation": { - "desc": "Enable **AWS Config** in every Region with continuous recording and maintain healthy recorder status.", - "references": [ - "https://hub.prowler.com/check/config_recorder_all_regions_enabled" - ] - }, - "risk_details": "**Gaps in Config recording** create **blind spots**. Changes in unmonitored Regions aren't captured, weakening **integrity** and **auditability**. Adversaries can alter resources or stage assets unnoticed, enabling misconfigurations and delaying **incident response**.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "AWS Config recorder 211203495394 is disabled.", - "metadata": { - "event_code": "config_recorder_all_regions_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "AWS Config recorder 211203495394 is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "logging", - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://repost.aws/es/questions/QUGcgeerhcTamRkwgdwh_tLQ/enable-aws-config", - "https://www.tenable.com/audits/items/CIS_Amazon_Web_Services_Foundations_v1.5.0_L2.audit:6a5136528bd329139e5969f8f1e5ffbc", - "https://aws.amazon.com/blogs/mt/aws-config-best-practices/" - ], - "notes": "", - "compliance": { - "HIPAA": [ - "164_308_a_1_ii_a" - ], - "SOC2": [ - "cc_2_1", - "cc_3_1", - "cc_3_4", - "cc_8_1" - ], - "C5-2025": [ - "OIS-05.01B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "DEV-08.02B" - ], - "NIST-CSF-1.1": [ - "cm_2", - "am_1", - "ra_5", - "sc_4", - "ip_12" - ], - "CIS-3.0": [ - "3.3" - ], - "ENS-RD2022": [ - "op.exp.1.aws.cfg.1", - "op.exp.1.aws.cfg.2", - "op.exp.3.aws.cfg.1", - "op.exp.3.r3.aws.cfg.1", - "op.mon.3.r2.aws.cfg.1", - "op.mon.3.r6.aws.cfg.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "3.3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "2.4", - "2.4.a", - "10.5", - "10.5.2", - "11.5", - "11.5.a", - "11.5.b" - ], - "CIS-5.0": [ - "3.3" - ], - "CIS-1.4": [ - "3.5" - ], - "GxP-EU-Annex-11": [ - "10-change-and-configuration-management", - "4.5-validation-development-quality", - "4.6-validation-quality-performance" - ], - "ProwlerThreatScore-1.0": [ - "3.3.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "Config.1" - ], - "CIS-1.5": [ - "3.5" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.22" - ], - "AWS-Account-Security-Onboarding": [ - "Enable continuous recording for most of the resources", - "Confirm that records are present in central aggregator" - ], - "KISA-ISMS-P-2023": [ - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1190", - "T1078", - "T1204", - "T1098", - "T1136", - "T1525", - "T1562", - "T1110", - "T1040", - "T1119", - "T1530", - "T1485", - "T1486", - "T1491", - "T1499", - "T1496", - "T1498" - ], - "CIS-2.0": [ - "3.5" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "**AWS accounts** have **AWS Config recorders** active and healthy in each Region. It identifies Regions with no recorder, a disabled recorder, or a recorder in a failure state.", - "title": "AWS Config recorder is enabled and not in failure state or disabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-config_recorder_all_regions_enabled-211203495394-ap-southeast-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-southeast-1", - "data": { - "details": "", - "metadata": { - "name": "211203495394", - "role_arn": "", - "recording": null, - "last_status": null, - "region": "ap-southeast-1" - } - }, - "group": { - "name": "config" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:config:ap-southeast-1:211203495394:recorder" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-southeast-1" - }, - "remediation": { - "desc": "Enable **AWS Config** in every Region with continuous recording and maintain healthy recorder status.", - "references": [ - "https://hub.prowler.com/check/config_recorder_all_regions_enabled" - ] - }, - "risk_details": "**Gaps in Config recording** create **blind spots**. Changes in unmonitored Regions aren't captured, weakening **integrity** and **auditability**. Adversaries can alter resources or stage assets unnoticed, enabling misconfigurations and delaying **incident response**.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "AWS Config recorder 211203495394 is disabled.", - "metadata": { - "event_code": "config_recorder_all_regions_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "AWS Config recorder 211203495394 is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "logging", - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://repost.aws/es/questions/QUGcgeerhcTamRkwgdwh_tLQ/enable-aws-config", - "https://www.tenable.com/audits/items/CIS_Amazon_Web_Services_Foundations_v1.5.0_L2.audit:6a5136528bd329139e5969f8f1e5ffbc", - "https://aws.amazon.com/blogs/mt/aws-config-best-practices/" - ], - "notes": "", - "compliance": { - "HIPAA": [ - "164_308_a_1_ii_a" - ], - "SOC2": [ - "cc_2_1", - "cc_3_1", - "cc_3_4", - "cc_8_1" - ], - "C5-2025": [ - "OIS-05.01B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "DEV-08.02B" - ], - "NIST-CSF-1.1": [ - "cm_2", - "am_1", - "ra_5", - "sc_4", - "ip_12" - ], - "CIS-3.0": [ - "3.3" - ], - "ENS-RD2022": [ - "op.exp.1.aws.cfg.1", - "op.exp.1.aws.cfg.2", - "op.exp.3.aws.cfg.1", - "op.exp.3.r3.aws.cfg.1", - "op.mon.3.r2.aws.cfg.1", - "op.mon.3.r6.aws.cfg.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "3.3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "2.4", - "2.4.a", - "10.5", - "10.5.2", - "11.5", - "11.5.a", - "11.5.b" - ], - "CIS-5.0": [ - "3.3" - ], - "CIS-1.4": [ - "3.5" - ], - "GxP-EU-Annex-11": [ - "10-change-and-configuration-management", - "4.5-validation-development-quality", - "4.6-validation-quality-performance" - ], - "ProwlerThreatScore-1.0": [ - "3.3.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "Config.1" - ], - "CIS-1.5": [ - "3.5" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.22" - ], - "AWS-Account-Security-Onboarding": [ - "Enable continuous recording for most of the resources", - "Confirm that records are present in central aggregator" - ], - "KISA-ISMS-P-2023": [ - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1190", - "T1078", - "T1204", - "T1098", - "T1136", - "T1525", - "T1562", - "T1110", - "T1040", - "T1119", - "T1530", - "T1485", - "T1486", - "T1491", - "T1499", - "T1496", - "T1498" - ], - "CIS-2.0": [ - "3.5" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "**AWS accounts** have **AWS Config recorders** active and healthy in each Region. It identifies Regions with no recorder, a disabled recorder, or a recorder in a failure state.", - "title": "AWS Config recorder is enabled and not in failure state or disabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-config_recorder_all_regions_enabled-211203495394-ap-southeast-2-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-southeast-2", - "data": { - "details": "", - "metadata": { - "name": "211203495394", - "role_arn": "", - "recording": null, - "last_status": null, - "region": "ap-southeast-2" - } - }, - "group": { - "name": "config" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:config:ap-southeast-2:211203495394:recorder" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-southeast-2" - }, - "remediation": { - "desc": "Enable **AWS Config** in every Region with continuous recording and maintain healthy recorder status.", - "references": [ - "https://hub.prowler.com/check/config_recorder_all_regions_enabled" - ] - }, - "risk_details": "**Gaps in Config recording** create **blind spots**. Changes in unmonitored Regions aren't captured, weakening **integrity** and **auditability**. Adversaries can alter resources or stage assets unnoticed, enabling misconfigurations and delaying **incident response**.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "AWS Config recorder 211203495394 is disabled.", - "metadata": { - "event_code": "config_recorder_all_regions_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "AWS Config recorder 211203495394 is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "logging", - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://repost.aws/es/questions/QUGcgeerhcTamRkwgdwh_tLQ/enable-aws-config", - "https://www.tenable.com/audits/items/CIS_Amazon_Web_Services_Foundations_v1.5.0_L2.audit:6a5136528bd329139e5969f8f1e5ffbc", - "https://aws.amazon.com/blogs/mt/aws-config-best-practices/" - ], - "notes": "", - "compliance": { - "HIPAA": [ - "164_308_a_1_ii_a" - ], - "SOC2": [ - "cc_2_1", - "cc_3_1", - "cc_3_4", - "cc_8_1" - ], - "C5-2025": [ - "OIS-05.01B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "DEV-08.02B" - ], - "NIST-CSF-1.1": [ - "cm_2", - "am_1", - "ra_5", - "sc_4", - "ip_12" - ], - "CIS-3.0": [ - "3.3" - ], - "ENS-RD2022": [ - "op.exp.1.aws.cfg.1", - "op.exp.1.aws.cfg.2", - "op.exp.3.aws.cfg.1", - "op.exp.3.r3.aws.cfg.1", - "op.mon.3.r2.aws.cfg.1", - "op.mon.3.r6.aws.cfg.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "3.3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "2.4", - "2.4.a", - "10.5", - "10.5.2", - "11.5", - "11.5.a", - "11.5.b" - ], - "CIS-5.0": [ - "3.3" - ], - "CIS-1.4": [ - "3.5" - ], - "GxP-EU-Annex-11": [ - "10-change-and-configuration-management", - "4.5-validation-development-quality", - "4.6-validation-quality-performance" - ], - "ProwlerThreatScore-1.0": [ - "3.3.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "Config.1" - ], - "CIS-1.5": [ - "3.5" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.22" - ], - "AWS-Account-Security-Onboarding": [ - "Enable continuous recording for most of the resources", - "Confirm that records are present in central aggregator" - ], - "KISA-ISMS-P-2023": [ - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1190", - "T1078", - "T1204", - "T1098", - "T1136", - "T1525", - "T1562", - "T1110", - "T1040", - "T1119", - "T1530", - "T1485", - "T1486", - "T1491", - "T1499", - "T1496", - "T1498" - ], - "CIS-2.0": [ - "3.5" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "**AWS accounts** have **AWS Config recorders** active and healthy in each Region. It identifies Regions with no recorder, a disabled recorder, or a recorder in a failure state.", - "title": "AWS Config recorder is enabled and not in failure state or disabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-config_recorder_all_regions_enabled-211203495394-ca-central-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ca-central-1", - "data": { - "details": "", - "metadata": { - "name": "211203495394", - "role_arn": "", - "recording": null, - "last_status": null, - "region": "ca-central-1" - } - }, - "group": { - "name": "config" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:config:ca-central-1:211203495394:recorder" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ca-central-1" - }, - "remediation": { - "desc": "Enable **AWS Config** in every Region with continuous recording and maintain healthy recorder status.", - "references": [ - "https://hub.prowler.com/check/config_recorder_all_regions_enabled" - ] - }, - "risk_details": "**Gaps in Config recording** create **blind spots**. Changes in unmonitored Regions aren't captured, weakening **integrity** and **auditability**. Adversaries can alter resources or stage assets unnoticed, enabling misconfigurations and delaying **incident response**.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "AWS Config recorder 211203495394 is disabled.", - "metadata": { - "event_code": "config_recorder_all_regions_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "AWS Config recorder 211203495394 is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "logging", - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://repost.aws/es/questions/QUGcgeerhcTamRkwgdwh_tLQ/enable-aws-config", - "https://www.tenable.com/audits/items/CIS_Amazon_Web_Services_Foundations_v1.5.0_L2.audit:6a5136528bd329139e5969f8f1e5ffbc", - "https://aws.amazon.com/blogs/mt/aws-config-best-practices/" - ], - "notes": "", - "compliance": { - "HIPAA": [ - "164_308_a_1_ii_a" - ], - "SOC2": [ - "cc_2_1", - "cc_3_1", - "cc_3_4", - "cc_8_1" - ], - "C5-2025": [ - "OIS-05.01B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "DEV-08.02B" - ], - "NIST-CSF-1.1": [ - "cm_2", - "am_1", - "ra_5", - "sc_4", - "ip_12" - ], - "CIS-3.0": [ - "3.3" - ], - "ENS-RD2022": [ - "op.exp.1.aws.cfg.1", - "op.exp.1.aws.cfg.2", - "op.exp.3.aws.cfg.1", - "op.exp.3.r3.aws.cfg.1", - "op.mon.3.r2.aws.cfg.1", - "op.mon.3.r6.aws.cfg.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "3.3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "2.4", - "2.4.a", - "10.5", - "10.5.2", - "11.5", - "11.5.a", - "11.5.b" - ], - "CIS-5.0": [ - "3.3" - ], - "CIS-1.4": [ - "3.5" - ], - "GxP-EU-Annex-11": [ - "10-change-and-configuration-management", - "4.5-validation-development-quality", - "4.6-validation-quality-performance" - ], - "ProwlerThreatScore-1.0": [ - "3.3.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "Config.1" - ], - "CIS-1.5": [ - "3.5" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.22" - ], - "AWS-Account-Security-Onboarding": [ - "Enable continuous recording for most of the resources", - "Confirm that records are present in central aggregator" - ], - "KISA-ISMS-P-2023": [ - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1190", - "T1078", - "T1204", - "T1098", - "T1136", - "T1525", - "T1562", - "T1110", - "T1040", - "T1119", - "T1530", - "T1485", - "T1486", - "T1491", - "T1499", - "T1496", - "T1498" - ], - "CIS-2.0": [ - "3.5" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "**AWS accounts** have **AWS Config recorders** active and healthy in each Region. It identifies Regions with no recorder, a disabled recorder, or a recorder in a failure state.", - "title": "AWS Config recorder is enabled and not in failure state or disabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-config_recorder_all_regions_enabled-211203495394-eu-central-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-central-1", - "data": { - "details": "", - "metadata": { - "name": "211203495394", - "role_arn": "", - "recording": null, - "last_status": null, - "region": "eu-central-1" - } - }, - "group": { - "name": "config" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:config:eu-central-1:211203495394:recorder" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-central-1" - }, - "remediation": { - "desc": "Enable **AWS Config** in every Region with continuous recording and maintain healthy recorder status.", - "references": [ - "https://hub.prowler.com/check/config_recorder_all_regions_enabled" - ] - }, - "risk_details": "**Gaps in Config recording** create **blind spots**. Changes in unmonitored Regions aren't captured, weakening **integrity** and **auditability**. Adversaries can alter resources or stage assets unnoticed, enabling misconfigurations and delaying **incident response**.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "AWS Config recorder 211203495394 is disabled.", - "metadata": { - "event_code": "config_recorder_all_regions_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "AWS Config recorder 211203495394 is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "logging", - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://repost.aws/es/questions/QUGcgeerhcTamRkwgdwh_tLQ/enable-aws-config", - "https://www.tenable.com/audits/items/CIS_Amazon_Web_Services_Foundations_v1.5.0_L2.audit:6a5136528bd329139e5969f8f1e5ffbc", - "https://aws.amazon.com/blogs/mt/aws-config-best-practices/" - ], - "notes": "", - "compliance": { - "HIPAA": [ - "164_308_a_1_ii_a" - ], - "SOC2": [ - "cc_2_1", - "cc_3_1", - "cc_3_4", - "cc_8_1" - ], - "C5-2025": [ - "OIS-05.01B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "DEV-08.02B" - ], - "NIST-CSF-1.1": [ - "cm_2", - "am_1", - "ra_5", - "sc_4", - "ip_12" - ], - "CIS-3.0": [ - "3.3" - ], - "ENS-RD2022": [ - "op.exp.1.aws.cfg.1", - "op.exp.1.aws.cfg.2", - "op.exp.3.aws.cfg.1", - "op.exp.3.r3.aws.cfg.1", - "op.mon.3.r2.aws.cfg.1", - "op.mon.3.r6.aws.cfg.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "3.3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "2.4", - "2.4.a", - "10.5", - "10.5.2", - "11.5", - "11.5.a", - "11.5.b" - ], - "CIS-5.0": [ - "3.3" - ], - "CIS-1.4": [ - "3.5" - ], - "GxP-EU-Annex-11": [ - "10-change-and-configuration-management", - "4.5-validation-development-quality", - "4.6-validation-quality-performance" - ], - "ProwlerThreatScore-1.0": [ - "3.3.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "Config.1" - ], - "CIS-1.5": [ - "3.5" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.22" - ], - "AWS-Account-Security-Onboarding": [ - "Enable continuous recording for most of the resources", - "Confirm that records are present in central aggregator" - ], - "KISA-ISMS-P-2023": [ - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1190", - "T1078", - "T1204", - "T1098", - "T1136", - "T1525", - "T1562", - "T1110", - "T1040", - "T1119", - "T1530", - "T1485", - "T1486", - "T1491", - "T1499", - "T1496", - "T1498" - ], - "CIS-2.0": [ - "3.5" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "**AWS accounts** have **AWS Config recorders** active and healthy in each Region. It identifies Regions with no recorder, a disabled recorder, or a recorder in a failure state.", - "title": "AWS Config recorder is enabled and not in failure state or disabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-config_recorder_all_regions_enabled-211203495394-eu-north-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-north-1", - "data": { - "details": "", - "metadata": { - "name": "211203495394", - "role_arn": "", - "recording": null, - "last_status": null, - "region": "eu-north-1" - } - }, - "group": { - "name": "config" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:config:eu-north-1:211203495394:recorder" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-north-1" - }, - "remediation": { - "desc": "Enable **AWS Config** in every Region with continuous recording and maintain healthy recorder status.", - "references": [ - "https://hub.prowler.com/check/config_recorder_all_regions_enabled" - ] - }, - "risk_details": "**Gaps in Config recording** create **blind spots**. Changes in unmonitored Regions aren't captured, weakening **integrity** and **auditability**. Adversaries can alter resources or stage assets unnoticed, enabling misconfigurations and delaying **incident response**.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "AWS Config recorder 211203495394 is disabled.", - "metadata": { - "event_code": "config_recorder_all_regions_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "AWS Config recorder 211203495394 is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "logging", - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://repost.aws/es/questions/QUGcgeerhcTamRkwgdwh_tLQ/enable-aws-config", - "https://www.tenable.com/audits/items/CIS_Amazon_Web_Services_Foundations_v1.5.0_L2.audit:6a5136528bd329139e5969f8f1e5ffbc", - "https://aws.amazon.com/blogs/mt/aws-config-best-practices/" - ], - "notes": "", - "compliance": { - "HIPAA": [ - "164_308_a_1_ii_a" - ], - "SOC2": [ - "cc_2_1", - "cc_3_1", - "cc_3_4", - "cc_8_1" - ], - "C5-2025": [ - "OIS-05.01B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "DEV-08.02B" - ], - "NIST-CSF-1.1": [ - "cm_2", - "am_1", - "ra_5", - "sc_4", - "ip_12" - ], - "CIS-3.0": [ - "3.3" - ], - "ENS-RD2022": [ - "op.exp.1.aws.cfg.1", - "op.exp.1.aws.cfg.2", - "op.exp.3.aws.cfg.1", - "op.exp.3.r3.aws.cfg.1", - "op.mon.3.r2.aws.cfg.1", - "op.mon.3.r6.aws.cfg.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "3.3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "2.4", - "2.4.a", - "10.5", - "10.5.2", - "11.5", - "11.5.a", - "11.5.b" - ], - "CIS-5.0": [ - "3.3" - ], - "CIS-1.4": [ - "3.5" - ], - "GxP-EU-Annex-11": [ - "10-change-and-configuration-management", - "4.5-validation-development-quality", - "4.6-validation-quality-performance" - ], - "ProwlerThreatScore-1.0": [ - "3.3.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "Config.1" - ], - "CIS-1.5": [ - "3.5" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.22" - ], - "AWS-Account-Security-Onboarding": [ - "Enable continuous recording for most of the resources", - "Confirm that records are present in central aggregator" - ], - "KISA-ISMS-P-2023": [ - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1190", - "T1078", - "T1204", - "T1098", - "T1136", - "T1525", - "T1562", - "T1110", - "T1040", - "T1119", - "T1530", - "T1485", - "T1486", - "T1491", - "T1499", - "T1496", - "T1498" - ], - "CIS-2.0": [ - "3.5" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "**AWS accounts** have **AWS Config recorders** active and healthy in each Region. It identifies Regions with no recorder, a disabled recorder, or a recorder in a failure state.", - "title": "AWS Config recorder is enabled and not in failure state or disabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-config_recorder_all_regions_enabled-211203495394-eu-west-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "name": "211203495394", - "role_arn": "", - "recording": null, - "last_status": null, - "region": "eu-west-1" - } - }, - "group": { - "name": "config" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:config:eu-west-1:211203495394:recorder" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Enable **AWS Config** in every Region with continuous recording and maintain healthy recorder status.", - "references": [ - "https://hub.prowler.com/check/config_recorder_all_regions_enabled" - ] - }, - "risk_details": "**Gaps in Config recording** create **blind spots**. Changes in unmonitored Regions aren't captured, weakening **integrity** and **auditability**. Adversaries can alter resources or stage assets unnoticed, enabling misconfigurations and delaying **incident response**.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "AWS Config recorder 211203495394 is disabled.", - "metadata": { - "event_code": "config_recorder_all_regions_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "AWS Config recorder 211203495394 is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "logging", - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://repost.aws/es/questions/QUGcgeerhcTamRkwgdwh_tLQ/enable-aws-config", - "https://www.tenable.com/audits/items/CIS_Amazon_Web_Services_Foundations_v1.5.0_L2.audit:6a5136528bd329139e5969f8f1e5ffbc", - "https://aws.amazon.com/blogs/mt/aws-config-best-practices/" - ], - "notes": "", - "compliance": { - "HIPAA": [ - "164_308_a_1_ii_a" - ], - "SOC2": [ - "cc_2_1", - "cc_3_1", - "cc_3_4", - "cc_8_1" - ], - "C5-2025": [ - "OIS-05.01B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "DEV-08.02B" - ], - "NIST-CSF-1.1": [ - "cm_2", - "am_1", - "ra_5", - "sc_4", - "ip_12" - ], - "CIS-3.0": [ - "3.3" - ], - "ENS-RD2022": [ - "op.exp.1.aws.cfg.1", - "op.exp.1.aws.cfg.2", - "op.exp.3.aws.cfg.1", - "op.exp.3.r3.aws.cfg.1", - "op.mon.3.r2.aws.cfg.1", - "op.mon.3.r6.aws.cfg.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "3.3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "2.4", - "2.4.a", - "10.5", - "10.5.2", - "11.5", - "11.5.a", - "11.5.b" - ], - "CIS-5.0": [ - "3.3" - ], - "CIS-1.4": [ - "3.5" - ], - "GxP-EU-Annex-11": [ - "10-change-and-configuration-management", - "4.5-validation-development-quality", - "4.6-validation-quality-performance" - ], - "ProwlerThreatScore-1.0": [ - "3.3.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "Config.1" - ], - "CIS-1.5": [ - "3.5" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.22" - ], - "AWS-Account-Security-Onboarding": [ - "Enable continuous recording for most of the resources", - "Confirm that records are present in central aggregator" - ], - "KISA-ISMS-P-2023": [ - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1190", - "T1078", - "T1204", - "T1098", - "T1136", - "T1525", - "T1562", - "T1110", - "T1040", - "T1119", - "T1530", - "T1485", - "T1486", - "T1491", - "T1499", - "T1496", - "T1498" - ], - "CIS-2.0": [ - "3.5" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "**AWS accounts** have **AWS Config recorders** active and healthy in each Region. It identifies Regions with no recorder, a disabled recorder, or a recorder in a failure state.", - "title": "AWS Config recorder is enabled and not in failure state or disabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-config_recorder_all_regions_enabled-211203495394-eu-west-2-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-2", - "data": { - "details": "", - "metadata": { - "name": "211203495394", - "role_arn": "", - "recording": null, - "last_status": null, - "region": "eu-west-2" - } - }, - "group": { - "name": "config" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:config:eu-west-2:211203495394:recorder" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-2" - }, - "remediation": { - "desc": "Enable **AWS Config** in every Region with continuous recording and maintain healthy recorder status.", - "references": [ - "https://hub.prowler.com/check/config_recorder_all_regions_enabled" - ] - }, - "risk_details": "**Gaps in Config recording** create **blind spots**. Changes in unmonitored Regions aren't captured, weakening **integrity** and **auditability**. Adversaries can alter resources or stage assets unnoticed, enabling misconfigurations and delaying **incident response**.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "AWS Config recorder 211203495394 is disabled.", - "metadata": { - "event_code": "config_recorder_all_regions_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "AWS Config recorder 211203495394 is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "logging", - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://repost.aws/es/questions/QUGcgeerhcTamRkwgdwh_tLQ/enable-aws-config", - "https://www.tenable.com/audits/items/CIS_Amazon_Web_Services_Foundations_v1.5.0_L2.audit:6a5136528bd329139e5969f8f1e5ffbc", - "https://aws.amazon.com/blogs/mt/aws-config-best-practices/" - ], - "notes": "", - "compliance": { - "HIPAA": [ - "164_308_a_1_ii_a" - ], - "SOC2": [ - "cc_2_1", - "cc_3_1", - "cc_3_4", - "cc_8_1" - ], - "C5-2025": [ - "OIS-05.01B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "DEV-08.02B" - ], - "NIST-CSF-1.1": [ - "cm_2", - "am_1", - "ra_5", - "sc_4", - "ip_12" - ], - "CIS-3.0": [ - "3.3" - ], - "ENS-RD2022": [ - "op.exp.1.aws.cfg.1", - "op.exp.1.aws.cfg.2", - "op.exp.3.aws.cfg.1", - "op.exp.3.r3.aws.cfg.1", - "op.mon.3.r2.aws.cfg.1", - "op.mon.3.r6.aws.cfg.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "3.3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "2.4", - "2.4.a", - "10.5", - "10.5.2", - "11.5", - "11.5.a", - "11.5.b" - ], - "CIS-5.0": [ - "3.3" - ], - "CIS-1.4": [ - "3.5" - ], - "GxP-EU-Annex-11": [ - "10-change-and-configuration-management", - "4.5-validation-development-quality", - "4.6-validation-quality-performance" - ], - "ProwlerThreatScore-1.0": [ - "3.3.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "Config.1" - ], - "CIS-1.5": [ - "3.5" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.22" - ], - "AWS-Account-Security-Onboarding": [ - "Enable continuous recording for most of the resources", - "Confirm that records are present in central aggregator" - ], - "KISA-ISMS-P-2023": [ - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1190", - "T1078", - "T1204", - "T1098", - "T1136", - "T1525", - "T1562", - "T1110", - "T1040", - "T1119", - "T1530", - "T1485", - "T1486", - "T1491", - "T1499", - "T1496", - "T1498" - ], - "CIS-2.0": [ - "3.5" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "**AWS accounts** have **AWS Config recorders** active and healthy in each Region. It identifies Regions with no recorder, a disabled recorder, or a recorder in a failure state.", - "title": "AWS Config recorder is enabled and not in failure state or disabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-config_recorder_all_regions_enabled-211203495394-eu-west-3-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-3", - "data": { - "details": "", - "metadata": { - "name": "211203495394", - "role_arn": "", - "recording": null, - "last_status": null, - "region": "eu-west-3" - } - }, - "group": { - "name": "config" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:config:eu-west-3:211203495394:recorder" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-3" - }, - "remediation": { - "desc": "Enable **AWS Config** in every Region with continuous recording and maintain healthy recorder status.", - "references": [ - "https://hub.prowler.com/check/config_recorder_all_regions_enabled" - ] - }, - "risk_details": "**Gaps in Config recording** create **blind spots**. Changes in unmonitored Regions aren't captured, weakening **integrity** and **auditability**. Adversaries can alter resources or stage assets unnoticed, enabling misconfigurations and delaying **incident response**.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "AWS Config recorder 211203495394 is disabled.", - "metadata": { - "event_code": "config_recorder_all_regions_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "AWS Config recorder 211203495394 is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "logging", - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://repost.aws/es/questions/QUGcgeerhcTamRkwgdwh_tLQ/enable-aws-config", - "https://www.tenable.com/audits/items/CIS_Amazon_Web_Services_Foundations_v1.5.0_L2.audit:6a5136528bd329139e5969f8f1e5ffbc", - "https://aws.amazon.com/blogs/mt/aws-config-best-practices/" - ], - "notes": "", - "compliance": { - "HIPAA": [ - "164_308_a_1_ii_a" - ], - "SOC2": [ - "cc_2_1", - "cc_3_1", - "cc_3_4", - "cc_8_1" - ], - "C5-2025": [ - "OIS-05.01B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "DEV-08.02B" - ], - "NIST-CSF-1.1": [ - "cm_2", - "am_1", - "ra_5", - "sc_4", - "ip_12" - ], - "CIS-3.0": [ - "3.3" - ], - "ENS-RD2022": [ - "op.exp.1.aws.cfg.1", - "op.exp.1.aws.cfg.2", - "op.exp.3.aws.cfg.1", - "op.exp.3.r3.aws.cfg.1", - "op.mon.3.r2.aws.cfg.1", - "op.mon.3.r6.aws.cfg.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "3.3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "2.4", - "2.4.a", - "10.5", - "10.5.2", - "11.5", - "11.5.a", - "11.5.b" - ], - "CIS-5.0": [ - "3.3" - ], - "CIS-1.4": [ - "3.5" - ], - "GxP-EU-Annex-11": [ - "10-change-and-configuration-management", - "4.5-validation-development-quality", - "4.6-validation-quality-performance" - ], - "ProwlerThreatScore-1.0": [ - "3.3.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "Config.1" - ], - "CIS-1.5": [ - "3.5" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.22" - ], - "AWS-Account-Security-Onboarding": [ - "Enable continuous recording for most of the resources", - "Confirm that records are present in central aggregator" - ], - "KISA-ISMS-P-2023": [ - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1190", - "T1078", - "T1204", - "T1098", - "T1136", - "T1525", - "T1562", - "T1110", - "T1040", - "T1119", - "T1530", - "T1485", - "T1486", - "T1491", - "T1499", - "T1496", - "T1498" - ], - "CIS-2.0": [ - "3.5" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "**AWS accounts** have **AWS Config recorders** active and healthy in each Region. It identifies Regions with no recorder, a disabled recorder, or a recorder in a failure state.", - "title": "AWS Config recorder is enabled and not in failure state or disabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-config_recorder_all_regions_enabled-211203495394-sa-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "sa-east-1", - "data": { - "details": "", - "metadata": { - "name": "211203495394", - "role_arn": "", - "recording": null, - "last_status": null, - "region": "sa-east-1" - } - }, - "group": { - "name": "config" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:config:sa-east-1:211203495394:recorder" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "sa-east-1" - }, - "remediation": { - "desc": "Enable **AWS Config** in every Region with continuous recording and maintain healthy recorder status.", - "references": [ - "https://hub.prowler.com/check/config_recorder_all_regions_enabled" - ] - }, - "risk_details": "**Gaps in Config recording** create **blind spots**. Changes in unmonitored Regions aren't captured, weakening **integrity** and **auditability**. Adversaries can alter resources or stage assets unnoticed, enabling misconfigurations and delaying **incident response**.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "AWS Config recorder 211203495394 is disabled.", - "metadata": { - "event_code": "config_recorder_all_regions_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "AWS Config recorder 211203495394 is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "logging", - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://repost.aws/es/questions/QUGcgeerhcTamRkwgdwh_tLQ/enable-aws-config", - "https://www.tenable.com/audits/items/CIS_Amazon_Web_Services_Foundations_v1.5.0_L2.audit:6a5136528bd329139e5969f8f1e5ffbc", - "https://aws.amazon.com/blogs/mt/aws-config-best-practices/" - ], - "notes": "", - "compliance": { - "HIPAA": [ - "164_308_a_1_ii_a" - ], - "SOC2": [ - "cc_2_1", - "cc_3_1", - "cc_3_4", - "cc_8_1" - ], - "C5-2025": [ - "OIS-05.01B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "DEV-08.02B" - ], - "NIST-CSF-1.1": [ - "cm_2", - "am_1", - "ra_5", - "sc_4", - "ip_12" - ], - "CIS-3.0": [ - "3.3" - ], - "ENS-RD2022": [ - "op.exp.1.aws.cfg.1", - "op.exp.1.aws.cfg.2", - "op.exp.3.aws.cfg.1", - "op.exp.3.r3.aws.cfg.1", - "op.mon.3.r2.aws.cfg.1", - "op.mon.3.r6.aws.cfg.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "3.3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "2.4", - "2.4.a", - "10.5", - "10.5.2", - "11.5", - "11.5.a", - "11.5.b" - ], - "CIS-5.0": [ - "3.3" - ], - "CIS-1.4": [ - "3.5" - ], - "GxP-EU-Annex-11": [ - "10-change-and-configuration-management", - "4.5-validation-development-quality", - "4.6-validation-quality-performance" - ], - "ProwlerThreatScore-1.0": [ - "3.3.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "Config.1" - ], - "CIS-1.5": [ - "3.5" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.22" - ], - "AWS-Account-Security-Onboarding": [ - "Enable continuous recording for most of the resources", - "Confirm that records are present in central aggregator" - ], - "KISA-ISMS-P-2023": [ - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1190", - "T1078", - "T1204", - "T1098", - "T1136", - "T1525", - "T1562", - "T1110", - "T1040", - "T1119", - "T1530", - "T1485", - "T1486", - "T1491", - "T1499", - "T1496", - "T1498" - ], - "CIS-2.0": [ - "3.5" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "**AWS accounts** have **AWS Config recorders** active and healthy in each Region. It identifies Regions with no recorder, a disabled recorder, or a recorder in a failure state.", - "title": "AWS Config recorder is enabled and not in failure state or disabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-config_recorder_all_regions_enabled-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "211203495394", - "role_arn": "", - "recording": null, - "last_status": null, - "region": "us-east-1" - } - }, - "group": { - "name": "config" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:config:us-east-1:211203495394:recorder" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Enable **AWS Config** in every Region with continuous recording and maintain healthy recorder status.", - "references": [ - "https://hub.prowler.com/check/config_recorder_all_regions_enabled" - ] - }, - "risk_details": "**Gaps in Config recording** create **blind spots**. Changes in unmonitored Regions aren't captured, weakening **integrity** and **auditability**. Adversaries can alter resources or stage assets unnoticed, enabling misconfigurations and delaying **incident response**.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "AWS Config recorder 211203495394 is disabled.", - "metadata": { - "event_code": "config_recorder_all_regions_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "AWS Config recorder 211203495394 is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "logging", - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://repost.aws/es/questions/QUGcgeerhcTamRkwgdwh_tLQ/enable-aws-config", - "https://www.tenable.com/audits/items/CIS_Amazon_Web_Services_Foundations_v1.5.0_L2.audit:6a5136528bd329139e5969f8f1e5ffbc", - "https://aws.amazon.com/blogs/mt/aws-config-best-practices/" - ], - "notes": "", - "compliance": { - "HIPAA": [ - "164_308_a_1_ii_a" - ], - "SOC2": [ - "cc_2_1", - "cc_3_1", - "cc_3_4", - "cc_8_1" - ], - "C5-2025": [ - "OIS-05.01B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "DEV-08.02B" - ], - "NIST-CSF-1.1": [ - "cm_2", - "am_1", - "ra_5", - "sc_4", - "ip_12" - ], - "CIS-3.0": [ - "3.3" - ], - "ENS-RD2022": [ - "op.exp.1.aws.cfg.1", - "op.exp.1.aws.cfg.2", - "op.exp.3.aws.cfg.1", - "op.exp.3.r3.aws.cfg.1", - "op.mon.3.r2.aws.cfg.1", - "op.mon.3.r6.aws.cfg.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "3.3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "2.4", - "2.4.a", - "10.5", - "10.5.2", - "11.5", - "11.5.a", - "11.5.b" - ], - "CIS-5.0": [ - "3.3" - ], - "CIS-1.4": [ - "3.5" - ], - "GxP-EU-Annex-11": [ - "10-change-and-configuration-management", - "4.5-validation-development-quality", - "4.6-validation-quality-performance" - ], - "ProwlerThreatScore-1.0": [ - "3.3.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "Config.1" - ], - "CIS-1.5": [ - "3.5" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.22" - ], - "AWS-Account-Security-Onboarding": [ - "Enable continuous recording for most of the resources", - "Confirm that records are present in central aggregator" - ], - "KISA-ISMS-P-2023": [ - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1190", - "T1078", - "T1204", - "T1098", - "T1136", - "T1525", - "T1562", - "T1110", - "T1040", - "T1119", - "T1530", - "T1485", - "T1486", - "T1491", - "T1499", - "T1496", - "T1498" - ], - "CIS-2.0": [ - "3.5" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "**AWS accounts** have **AWS Config recorders** active and healthy in each Region. It identifies Regions with no recorder, a disabled recorder, or a recorder in a failure state.", - "title": "AWS Config recorder is enabled and not in failure state or disabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-config_recorder_all_regions_enabled-211203495394-us-east-2-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-2", - "data": { - "details": "", - "metadata": { - "name": "211203495394", - "role_arn": "", - "recording": null, - "last_status": null, - "region": "us-east-2" - } - }, - "group": { - "name": "config" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:config:us-east-2:211203495394:recorder" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-2" - }, - "remediation": { - "desc": "Enable **AWS Config** in every Region with continuous recording and maintain healthy recorder status.", - "references": [ - "https://hub.prowler.com/check/config_recorder_all_regions_enabled" - ] - }, - "risk_details": "**Gaps in Config recording** create **blind spots**. Changes in unmonitored Regions aren't captured, weakening **integrity** and **auditability**. Adversaries can alter resources or stage assets unnoticed, enabling misconfigurations and delaying **incident response**.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "AWS Config recorder 211203495394 is disabled.", - "metadata": { - "event_code": "config_recorder_all_regions_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "AWS Config recorder 211203495394 is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "logging", - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://repost.aws/es/questions/QUGcgeerhcTamRkwgdwh_tLQ/enable-aws-config", - "https://www.tenable.com/audits/items/CIS_Amazon_Web_Services_Foundations_v1.5.0_L2.audit:6a5136528bd329139e5969f8f1e5ffbc", - "https://aws.amazon.com/blogs/mt/aws-config-best-practices/" - ], - "notes": "", - "compliance": { - "HIPAA": [ - "164_308_a_1_ii_a" - ], - "SOC2": [ - "cc_2_1", - "cc_3_1", - "cc_3_4", - "cc_8_1" - ], - "C5-2025": [ - "OIS-05.01B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "DEV-08.02B" - ], - "NIST-CSF-1.1": [ - "cm_2", - "am_1", - "ra_5", - "sc_4", - "ip_12" - ], - "CIS-3.0": [ - "3.3" - ], - "ENS-RD2022": [ - "op.exp.1.aws.cfg.1", - "op.exp.1.aws.cfg.2", - "op.exp.3.aws.cfg.1", - "op.exp.3.r3.aws.cfg.1", - "op.mon.3.r2.aws.cfg.1", - "op.mon.3.r6.aws.cfg.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "3.3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "2.4", - "2.4.a", - "10.5", - "10.5.2", - "11.5", - "11.5.a", - "11.5.b" - ], - "CIS-5.0": [ - "3.3" - ], - "CIS-1.4": [ - "3.5" - ], - "GxP-EU-Annex-11": [ - "10-change-and-configuration-management", - "4.5-validation-development-quality", - "4.6-validation-quality-performance" - ], - "ProwlerThreatScore-1.0": [ - "3.3.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "Config.1" - ], - "CIS-1.5": [ - "3.5" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.22" - ], - "AWS-Account-Security-Onboarding": [ - "Enable continuous recording for most of the resources", - "Confirm that records are present in central aggregator" - ], - "KISA-ISMS-P-2023": [ - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1190", - "T1078", - "T1204", - "T1098", - "T1136", - "T1525", - "T1562", - "T1110", - "T1040", - "T1119", - "T1530", - "T1485", - "T1486", - "T1491", - "T1499", - "T1496", - "T1498" - ], - "CIS-2.0": [ - "3.5" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "**AWS accounts** have **AWS Config recorders** active and healthy in each Region. It identifies Regions with no recorder, a disabled recorder, or a recorder in a failure state.", - "title": "AWS Config recorder is enabled and not in failure state or disabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-config_recorder_all_regions_enabled-211203495394-us-west-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-west-1", - "data": { - "details": "", - "metadata": { - "name": "211203495394", - "role_arn": "", - "recording": null, - "last_status": null, - "region": "us-west-1" - } - }, - "group": { - "name": "config" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:config:us-west-1:211203495394:recorder" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-west-1" - }, - "remediation": { - "desc": "Enable **AWS Config** in every Region with continuous recording and maintain healthy recorder status.", - "references": [ - "https://hub.prowler.com/check/config_recorder_all_regions_enabled" - ] - }, - "risk_details": "**Gaps in Config recording** create **blind spots**. Changes in unmonitored Regions aren't captured, weakening **integrity** and **auditability**. Adversaries can alter resources or stage assets unnoticed, enabling misconfigurations and delaying **incident response**.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "AWS Config recorder 211203495394 is disabled.", - "metadata": { - "event_code": "config_recorder_all_regions_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "AWS Config recorder 211203495394 is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "logging", - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://repost.aws/es/questions/QUGcgeerhcTamRkwgdwh_tLQ/enable-aws-config", - "https://www.tenable.com/audits/items/CIS_Amazon_Web_Services_Foundations_v1.5.0_L2.audit:6a5136528bd329139e5969f8f1e5ffbc", - "https://aws.amazon.com/blogs/mt/aws-config-best-practices/" - ], - "notes": "", - "compliance": { - "HIPAA": [ - "164_308_a_1_ii_a" - ], - "SOC2": [ - "cc_2_1", - "cc_3_1", - "cc_3_4", - "cc_8_1" - ], - "C5-2025": [ - "OIS-05.01B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "DEV-08.02B" - ], - "NIST-CSF-1.1": [ - "cm_2", - "am_1", - "ra_5", - "sc_4", - "ip_12" - ], - "CIS-3.0": [ - "3.3" - ], - "ENS-RD2022": [ - "op.exp.1.aws.cfg.1", - "op.exp.1.aws.cfg.2", - "op.exp.3.aws.cfg.1", - "op.exp.3.r3.aws.cfg.1", - "op.mon.3.r2.aws.cfg.1", - "op.mon.3.r6.aws.cfg.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "3.3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "2.4", - "2.4.a", - "10.5", - "10.5.2", - "11.5", - "11.5.a", - "11.5.b" - ], - "CIS-5.0": [ - "3.3" - ], - "CIS-1.4": [ - "3.5" - ], - "GxP-EU-Annex-11": [ - "10-change-and-configuration-management", - "4.5-validation-development-quality", - "4.6-validation-quality-performance" - ], - "ProwlerThreatScore-1.0": [ - "3.3.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "Config.1" - ], - "CIS-1.5": [ - "3.5" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.22" - ], - "AWS-Account-Security-Onboarding": [ - "Enable continuous recording for most of the resources", - "Confirm that records are present in central aggregator" - ], - "KISA-ISMS-P-2023": [ - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1190", - "T1078", - "T1204", - "T1098", - "T1136", - "T1525", - "T1562", - "T1110", - "T1040", - "T1119", - "T1530", - "T1485", - "T1486", - "T1491", - "T1499", - "T1496", - "T1498" - ], - "CIS-2.0": [ - "3.5" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "**AWS accounts** have **AWS Config recorders** active and healthy in each Region. It identifies Regions with no recorder, a disabled recorder, or a recorder in a failure state.", - "title": "AWS Config recorder is enabled and not in failure state or disabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-config_recorder_all_regions_enabled-211203495394-us-west-2-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-west-2", - "data": { - "details": "", - "metadata": { - "name": "211203495394", - "role_arn": "", - "recording": null, - "last_status": null, - "region": "us-west-2" - } - }, - "group": { - "name": "config" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:config:us-west-2:211203495394:recorder" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-west-2" - }, - "remediation": { - "desc": "Enable **AWS Config** in every Region with continuous recording and maintain healthy recorder status.", - "references": [ - "https://hub.prowler.com/check/config_recorder_all_regions_enabled" - ] - }, - "risk_details": "**Gaps in Config recording** create **blind spots**. Changes in unmonitored Regions aren't captured, weakening **integrity** and **auditability**. Adversaries can alter resources or stage assets unnoticed, enabling misconfigurations and delaying **incident response**.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default does not allow cross-account access.", - "metadata": { - "event_code": "eventbridge_bus_cross_account_access", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default does not allow cross-account access.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OPS-13.03AC", - "IAM-10.01B", - "COS-04.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "CCC": [ - "CCC.Core.CN05.AR03" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "title": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "types": [], - "uid": "prowler-aws-eventbridge_bus_cross_account_access-211203495394-ap-northeast-1-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-northeast-1", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:ap-northeast-1:211203495394:event-bus/default", - "region": "ap-northeast-1", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:ap-northeast-1:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-northeast-1" - }, - "remediation": { - "desc": "To remediate this issue, remove the unknown cross-account access for delivery of events from the AWS EventBridge event bus.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If an AWS EventBridge event bus allows unknown cross-account access for delivery of events, it can lead to unauthorized access to the event bus and its events.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default does not allow cross-account access.", - "metadata": { - "event_code": "eventbridge_bus_cross_account_access", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default does not allow cross-account access.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OPS-13.03AC", - "IAM-10.01B", - "COS-04.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "CCC": [ - "CCC.Core.CN05.AR03" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "title": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "types": [], - "uid": "prowler-aws-eventbridge_bus_cross_account_access-211203495394-ap-northeast-2-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-northeast-2", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:ap-northeast-2:211203495394:event-bus/default", - "region": "ap-northeast-2", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:ap-northeast-2:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-northeast-2" - }, - "remediation": { - "desc": "To remediate this issue, remove the unknown cross-account access for delivery of events from the AWS EventBridge event bus.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If an AWS EventBridge event bus allows unknown cross-account access for delivery of events, it can lead to unauthorized access to the event bus and its events.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default does not allow cross-account access.", - "metadata": { - "event_code": "eventbridge_bus_cross_account_access", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default does not allow cross-account access.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OPS-13.03AC", - "IAM-10.01B", - "COS-04.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "CCC": [ - "CCC.Core.CN05.AR03" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "title": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "types": [], - "uid": "prowler-aws-eventbridge_bus_cross_account_access-211203495394-ap-northeast-3-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-northeast-3", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:ap-northeast-3:211203495394:event-bus/default", - "region": "ap-northeast-3", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:ap-northeast-3:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-northeast-3" - }, - "remediation": { - "desc": "To remediate this issue, remove the unknown cross-account access for delivery of events from the AWS EventBridge event bus.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If an AWS EventBridge event bus allows unknown cross-account access for delivery of events, it can lead to unauthorized access to the event bus and its events.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default does not allow cross-account access.", - "metadata": { - "event_code": "eventbridge_bus_cross_account_access", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default does not allow cross-account access.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OPS-13.03AC", - "IAM-10.01B", - "COS-04.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "CCC": [ - "CCC.Core.CN05.AR03" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "title": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "types": [], - "uid": "prowler-aws-eventbridge_bus_cross_account_access-211203495394-ap-south-1-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-south-1", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:ap-south-1:211203495394:event-bus/default", - "region": "ap-south-1", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:ap-south-1:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-south-1" - }, - "remediation": { - "desc": "To remediate this issue, remove the unknown cross-account access for delivery of events from the AWS EventBridge event bus.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If an AWS EventBridge event bus allows unknown cross-account access for delivery of events, it can lead to unauthorized access to the event bus and its events.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default does not allow cross-account access.", - "metadata": { - "event_code": "eventbridge_bus_cross_account_access", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default does not allow cross-account access.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OPS-13.03AC", - "IAM-10.01B", - "COS-04.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "CCC": [ - "CCC.Core.CN05.AR03" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "title": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "types": [], - "uid": "prowler-aws-eventbridge_bus_cross_account_access-211203495394-ap-southeast-1-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-southeast-1", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:ap-southeast-1:211203495394:event-bus/default", - "region": "ap-southeast-1", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:ap-southeast-1:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-southeast-1" - }, - "remediation": { - "desc": "To remediate this issue, remove the unknown cross-account access for delivery of events from the AWS EventBridge event bus.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If an AWS EventBridge event bus allows unknown cross-account access for delivery of events, it can lead to unauthorized access to the event bus and its events.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default does not allow cross-account access.", - "metadata": { - "event_code": "eventbridge_bus_cross_account_access", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default does not allow cross-account access.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OPS-13.03AC", - "IAM-10.01B", - "COS-04.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "CCC": [ - "CCC.Core.CN05.AR03" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "title": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "types": [], - "uid": "prowler-aws-eventbridge_bus_cross_account_access-211203495394-ap-southeast-2-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-southeast-2", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:ap-southeast-2:211203495394:event-bus/default", - "region": "ap-southeast-2", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:ap-southeast-2:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-southeast-2" - }, - "remediation": { - "desc": "To remediate this issue, remove the unknown cross-account access for delivery of events from the AWS EventBridge event bus.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If an AWS EventBridge event bus allows unknown cross-account access for delivery of events, it can lead to unauthorized access to the event bus and its events.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default does not allow cross-account access.", - "metadata": { - "event_code": "eventbridge_bus_cross_account_access", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default does not allow cross-account access.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OPS-13.03AC", - "IAM-10.01B", - "COS-04.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "CCC": [ - "CCC.Core.CN05.AR03" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "title": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "types": [], - "uid": "prowler-aws-eventbridge_bus_cross_account_access-211203495394-ca-central-1-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ca-central-1", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:ca-central-1:211203495394:event-bus/default", - "region": "ca-central-1", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:ca-central-1:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ca-central-1" - }, - "remediation": { - "desc": "To remediate this issue, remove the unknown cross-account access for delivery of events from the AWS EventBridge event bus.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If an AWS EventBridge event bus allows unknown cross-account access for delivery of events, it can lead to unauthorized access to the event bus and its events.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default does not allow cross-account access.", - "metadata": { - "event_code": "eventbridge_bus_cross_account_access", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default does not allow cross-account access.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OPS-13.03AC", - "IAM-10.01B", - "COS-04.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "CCC": [ - "CCC.Core.CN05.AR03" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "title": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "types": [], - "uid": "prowler-aws-eventbridge_bus_cross_account_access-211203495394-eu-central-1-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-central-1", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:eu-central-1:211203495394:event-bus/default", - "region": "eu-central-1", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:eu-central-1:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-central-1" - }, - "remediation": { - "desc": "To remediate this issue, remove the unknown cross-account access for delivery of events from the AWS EventBridge event bus.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If an AWS EventBridge event bus allows unknown cross-account access for delivery of events, it can lead to unauthorized access to the event bus and its events.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default does not allow cross-account access.", - "metadata": { - "event_code": "eventbridge_bus_cross_account_access", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default does not allow cross-account access.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OPS-13.03AC", - "IAM-10.01B", - "COS-04.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "CCC": [ - "CCC.Core.CN05.AR03" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "title": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "types": [], - "uid": "prowler-aws-eventbridge_bus_cross_account_access-211203495394-eu-north-1-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-north-1", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:eu-north-1:211203495394:event-bus/default", - "region": "eu-north-1", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:eu-north-1:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-north-1" - }, - "remediation": { - "desc": "To remediate this issue, remove the unknown cross-account access for delivery of events from the AWS EventBridge event bus.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If an AWS EventBridge event bus allows unknown cross-account access for delivery of events, it can lead to unauthorized access to the event bus and its events.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default does not allow cross-account access.", - "metadata": { - "event_code": "eventbridge_bus_cross_account_access", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default does not allow cross-account access.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OPS-13.03AC", - "IAM-10.01B", - "COS-04.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "CCC": [ - "CCC.Core.CN05.AR03" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "title": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "types": [], - "uid": "prowler-aws-eventbridge_bus_cross_account_access-211203495394-eu-west-1-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:eu-west-1:211203495394:event-bus/default", - "region": "eu-west-1", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:eu-west-1:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "To remediate this issue, remove the unknown cross-account access for delivery of events from the AWS EventBridge event bus.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If an AWS EventBridge event bus allows unknown cross-account access for delivery of events, it can lead to unauthorized access to the event bus and its events.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default does not allow cross-account access.", - "metadata": { - "event_code": "eventbridge_bus_cross_account_access", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default does not allow cross-account access.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OPS-13.03AC", - "IAM-10.01B", - "COS-04.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "CCC": [ - "CCC.Core.CN05.AR03" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "title": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "types": [], - "uid": "prowler-aws-eventbridge_bus_cross_account_access-211203495394-eu-west-2-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-2", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:eu-west-2:211203495394:event-bus/default", - "region": "eu-west-2", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:eu-west-2:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-2" - }, - "remediation": { - "desc": "To remediate this issue, remove the unknown cross-account access for delivery of events from the AWS EventBridge event bus.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If an AWS EventBridge event bus allows unknown cross-account access for delivery of events, it can lead to unauthorized access to the event bus and its events.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default does not allow cross-account access.", - "metadata": { - "event_code": "eventbridge_bus_cross_account_access", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default does not allow cross-account access.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OPS-13.03AC", - "IAM-10.01B", - "COS-04.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "CCC": [ - "CCC.Core.CN05.AR03" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "title": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "types": [], - "uid": "prowler-aws-eventbridge_bus_cross_account_access-211203495394-eu-west-3-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-3", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:eu-west-3:211203495394:event-bus/default", - "region": "eu-west-3", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:eu-west-3:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-3" - }, - "remediation": { - "desc": "To remediate this issue, remove the unknown cross-account access for delivery of events from the AWS EventBridge event bus.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If an AWS EventBridge event bus allows unknown cross-account access for delivery of events, it can lead to unauthorized access to the event bus and its events.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default does not allow cross-account access.", - "metadata": { - "event_code": "eventbridge_bus_cross_account_access", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default does not allow cross-account access.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OPS-13.03AC", - "IAM-10.01B", - "COS-04.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "CCC": [ - "CCC.Core.CN05.AR03" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "title": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "types": [], - "uid": "prowler-aws-eventbridge_bus_cross_account_access-211203495394-sa-east-1-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "sa-east-1", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:sa-east-1:211203495394:event-bus/default", - "region": "sa-east-1", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:sa-east-1:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "sa-east-1" - }, - "remediation": { - "desc": "To remediate this issue, remove the unknown cross-account access for delivery of events from the AWS EventBridge event bus.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If an AWS EventBridge event bus allows unknown cross-account access for delivery of events, it can lead to unauthorized access to the event bus and its events.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default does not allow cross-account access.", - "metadata": { - "event_code": "eventbridge_bus_cross_account_access", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default does not allow cross-account access.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OPS-13.03AC", - "IAM-10.01B", - "COS-04.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "CCC": [ - "CCC.Core.CN05.AR03" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "title": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "types": [], - "uid": "prowler-aws-eventbridge_bus_cross_account_access-211203495394-us-east-1-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:us-east-1:211203495394:event-bus/default", - "region": "us-east-1", - "kms_key_id": null, - "policy": {}, - "tags": [ - { - "Key": "Preexisting", - "Value": "20251012" - } - ] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [ - "Preexisting:20251012" - ], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:us-east-1:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "To remediate this issue, remove the unknown cross-account access for delivery of events from the AWS EventBridge event bus.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If an AWS EventBridge event bus allows unknown cross-account access for delivery of events, it can lead to unauthorized access to the event bus and its events.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default does not allow cross-account access.", - "metadata": { - "event_code": "eventbridge_bus_cross_account_access", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default does not allow cross-account access.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OPS-13.03AC", - "IAM-10.01B", - "COS-04.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "CCC": [ - "CCC.Core.CN05.AR03" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "title": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "types": [], - "uid": "prowler-aws-eventbridge_bus_cross_account_access-211203495394-us-east-2-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-2", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:us-east-2:211203495394:event-bus/default", - "region": "us-east-2", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:us-east-2:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-2" - }, - "remediation": { - "desc": "To remediate this issue, remove the unknown cross-account access for delivery of events from the AWS EventBridge event bus.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If an AWS EventBridge event bus allows unknown cross-account access for delivery of events, it can lead to unauthorized access to the event bus and its events.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default does not allow cross-account access.", - "metadata": { - "event_code": "eventbridge_bus_cross_account_access", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default does not allow cross-account access.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OPS-13.03AC", - "IAM-10.01B", - "COS-04.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "CCC": [ - "CCC.Core.CN05.AR03" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "title": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "types": [], - "uid": "prowler-aws-eventbridge_bus_cross_account_access-211203495394-us-west-1-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-west-1", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:us-west-1:211203495394:event-bus/default", - "region": "us-west-1", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:us-west-1:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-west-1" - }, - "remediation": { - "desc": "To remediate this issue, remove the unknown cross-account access for delivery of events from the AWS EventBridge event bus.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If an AWS EventBridge event bus allows unknown cross-account access for delivery of events, it can lead to unauthorized access to the event bus and its events.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default does not allow cross-account access.", - "metadata": { - "event_code": "eventbridge_bus_cross_account_access", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default does not allow cross-account access.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OPS-13.03AC", - "IAM-10.01B", - "COS-04.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "CCC": [ - "CCC.Core.CN05.AR03" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "title": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "types": [], - "uid": "prowler-aws-eventbridge_bus_cross_account_access-211203495394-us-west-2-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-west-2", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:us-west-2:211203495394:event-bus/default", - "region": "us-west-2", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:us-west-2:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-west-2" - }, - "remediation": { - "desc": "To remediate this issue, remove the unknown cross-account access for delivery of events from the AWS EventBridge event bus.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If an AWS EventBridge event bus allows unknown cross-account access for delivery of events, it can lead to unauthorized access to the event bus and its events.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default is not exposed to everyone.", - "metadata": { - "event_code": "eventbridge_bus_exposed", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default is not exposed to everyone.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "KISA-ISMS-P-2023-korean": [ - "2.6.2", - "2.10.2" - ], - "ProwlerThreatScore-1.0": [ - "2.3.13" - ], - "KISA-ISMS-P-2023": [ - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Ensure that your AWS EventBridge event bus is not exposed to everyone.", - "title": "Ensure that your AWS EventBridge event bus is not exposed to everyone", - "types": [], - "uid": "prowler-aws-eventbridge_bus_exposed-211203495394-ap-northeast-1-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-northeast-1", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:ap-northeast-1:211203495394:event-bus/default", - "region": "ap-northeast-1", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:ap-northeast-1:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-northeast-1" - }, - "remediation": { - "desc": "To restrict access to your AWS EventBridge event bus, remove the permission that allows everyone to access it.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If your AWS EventBridge event bus is exposed to everyone, unauthorized users can access your event bus and potentially view or modify your events.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default is not exposed to everyone.", - "metadata": { - "event_code": "eventbridge_bus_exposed", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default is not exposed to everyone.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "KISA-ISMS-P-2023-korean": [ - "2.6.2", - "2.10.2" - ], - "ProwlerThreatScore-1.0": [ - "2.3.13" - ], - "KISA-ISMS-P-2023": [ - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Ensure that your AWS EventBridge event bus is not exposed to everyone.", - "title": "Ensure that your AWS EventBridge event bus is not exposed to everyone", - "types": [], - "uid": "prowler-aws-eventbridge_bus_exposed-211203495394-ap-northeast-2-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-northeast-2", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:ap-northeast-2:211203495394:event-bus/default", - "region": "ap-northeast-2", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:ap-northeast-2:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-northeast-2" - }, - "remediation": { - "desc": "To restrict access to your AWS EventBridge event bus, remove the permission that allows everyone to access it.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If your AWS EventBridge event bus is exposed to everyone, unauthorized users can access your event bus and potentially view or modify your events.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default is not exposed to everyone.", - "metadata": { - "event_code": "eventbridge_bus_exposed", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default is not exposed to everyone.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "KISA-ISMS-P-2023-korean": [ - "2.6.2", - "2.10.2" - ], - "ProwlerThreatScore-1.0": [ - "2.3.13" - ], - "KISA-ISMS-P-2023": [ - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Ensure that your AWS EventBridge event bus is not exposed to everyone.", - "title": "Ensure that your AWS EventBridge event bus is not exposed to everyone", - "types": [], - "uid": "prowler-aws-eventbridge_bus_exposed-211203495394-ap-northeast-3-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-northeast-3", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:ap-northeast-3:211203495394:event-bus/default", - "region": "ap-northeast-3", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:ap-northeast-3:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-northeast-3" - }, - "remediation": { - "desc": "To restrict access to your AWS EventBridge event bus, remove the permission that allows everyone to access it.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If your AWS EventBridge event bus is exposed to everyone, unauthorized users can access your event bus and potentially view or modify your events.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default is not exposed to everyone.", - "metadata": { - "event_code": "eventbridge_bus_exposed", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default is not exposed to everyone.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "KISA-ISMS-P-2023-korean": [ - "2.6.2", - "2.10.2" - ], - "ProwlerThreatScore-1.0": [ - "2.3.13" - ], - "KISA-ISMS-P-2023": [ - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Ensure that your AWS EventBridge event bus is not exposed to everyone.", - "title": "Ensure that your AWS EventBridge event bus is not exposed to everyone", - "types": [], - "uid": "prowler-aws-eventbridge_bus_exposed-211203495394-ap-south-1-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-south-1", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:ap-south-1:211203495394:event-bus/default", - "region": "ap-south-1", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:ap-south-1:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-south-1" - }, - "remediation": { - "desc": "To restrict access to your AWS EventBridge event bus, remove the permission that allows everyone to access it.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If your AWS EventBridge event bus is exposed to everyone, unauthorized users can access your event bus and potentially view or modify your events.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default is not exposed to everyone.", - "metadata": { - "event_code": "eventbridge_bus_exposed", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default is not exposed to everyone.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "KISA-ISMS-P-2023-korean": [ - "2.6.2", - "2.10.2" - ], - "ProwlerThreatScore-1.0": [ - "2.3.13" - ], - "KISA-ISMS-P-2023": [ - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Ensure that your AWS EventBridge event bus is not exposed to everyone.", - "title": "Ensure that your AWS EventBridge event bus is not exposed to everyone", - "types": [], - "uid": "prowler-aws-eventbridge_bus_exposed-211203495394-ap-southeast-1-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-southeast-1", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:ap-southeast-1:211203495394:event-bus/default", - "region": "ap-southeast-1", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:ap-southeast-1:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-southeast-1" - }, - "remediation": { - "desc": "To restrict access to your AWS EventBridge event bus, remove the permission that allows everyone to access it.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If your AWS EventBridge event bus is exposed to everyone, unauthorized users can access your event bus and potentially view or modify your events.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default is not exposed to everyone.", - "metadata": { - "event_code": "eventbridge_bus_exposed", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default is not exposed to everyone.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "KISA-ISMS-P-2023-korean": [ - "2.6.2", - "2.10.2" - ], - "ProwlerThreatScore-1.0": [ - "2.3.13" - ], - "KISA-ISMS-P-2023": [ - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Ensure that your AWS EventBridge event bus is not exposed to everyone.", - "title": "Ensure that your AWS EventBridge event bus is not exposed to everyone", - "types": [], - "uid": "prowler-aws-eventbridge_bus_exposed-211203495394-ap-southeast-2-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-southeast-2", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:ap-southeast-2:211203495394:event-bus/default", - "region": "ap-southeast-2", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:ap-southeast-2:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-southeast-2" - }, - "remediation": { - "desc": "To restrict access to your AWS EventBridge event bus, remove the permission that allows everyone to access it.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If your AWS EventBridge event bus is exposed to everyone, unauthorized users can access your event bus and potentially view or modify your events.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default is not exposed to everyone.", - "metadata": { - "event_code": "eventbridge_bus_exposed", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default is not exposed to everyone.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "KISA-ISMS-P-2023-korean": [ - "2.6.2", - "2.10.2" - ], - "ProwlerThreatScore-1.0": [ - "2.3.13" - ], - "KISA-ISMS-P-2023": [ - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Ensure that your AWS EventBridge event bus is not exposed to everyone.", - "title": "Ensure that your AWS EventBridge event bus is not exposed to everyone", - "types": [], - "uid": "prowler-aws-eventbridge_bus_exposed-211203495394-ca-central-1-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ca-central-1", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:ca-central-1:211203495394:event-bus/default", - "region": "ca-central-1", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:ca-central-1:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ca-central-1" - }, - "remediation": { - "desc": "To restrict access to your AWS EventBridge event bus, remove the permission that allows everyone to access it.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If your AWS EventBridge event bus is exposed to everyone, unauthorized users can access your event bus and potentially view or modify your events.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default is not exposed to everyone.", - "metadata": { - "event_code": "eventbridge_bus_exposed", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default is not exposed to everyone.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "KISA-ISMS-P-2023-korean": [ - "2.6.2", - "2.10.2" - ], - "ProwlerThreatScore-1.0": [ - "2.3.13" - ], - "KISA-ISMS-P-2023": [ - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Ensure that your AWS EventBridge event bus is not exposed to everyone.", - "title": "Ensure that your AWS EventBridge event bus is not exposed to everyone", - "types": [], - "uid": "prowler-aws-eventbridge_bus_exposed-211203495394-eu-central-1-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-central-1", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:eu-central-1:211203495394:event-bus/default", - "region": "eu-central-1", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:eu-central-1:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-central-1" - }, - "remediation": { - "desc": "To restrict access to your AWS EventBridge event bus, remove the permission that allows everyone to access it.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If your AWS EventBridge event bus is exposed to everyone, unauthorized users can access your event bus and potentially view or modify your events.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default is not exposed to everyone.", - "metadata": { - "event_code": "eventbridge_bus_exposed", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default is not exposed to everyone.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "KISA-ISMS-P-2023-korean": [ - "2.6.2", - "2.10.2" - ], - "ProwlerThreatScore-1.0": [ - "2.3.13" - ], - "KISA-ISMS-P-2023": [ - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Ensure that your AWS EventBridge event bus is not exposed to everyone.", - "title": "Ensure that your AWS EventBridge event bus is not exposed to everyone", - "types": [], - "uid": "prowler-aws-eventbridge_bus_exposed-211203495394-eu-north-1-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-north-1", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:eu-north-1:211203495394:event-bus/default", - "region": "eu-north-1", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:eu-north-1:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-north-1" - }, - "remediation": { - "desc": "To restrict access to your AWS EventBridge event bus, remove the permission that allows everyone to access it.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If your AWS EventBridge event bus is exposed to everyone, unauthorized users can access your event bus and potentially view or modify your events.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default is not exposed to everyone.", - "metadata": { - "event_code": "eventbridge_bus_exposed", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default is not exposed to everyone.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "KISA-ISMS-P-2023-korean": [ - "2.6.2", - "2.10.2" - ], - "ProwlerThreatScore-1.0": [ - "2.3.13" - ], - "KISA-ISMS-P-2023": [ - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Ensure that your AWS EventBridge event bus is not exposed to everyone.", - "title": "Ensure that your AWS EventBridge event bus is not exposed to everyone", - "types": [], - "uid": "prowler-aws-eventbridge_bus_exposed-211203495394-eu-west-1-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:eu-west-1:211203495394:event-bus/default", - "region": "eu-west-1", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:eu-west-1:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "To restrict access to your AWS EventBridge event bus, remove the permission that allows everyone to access it.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If your AWS EventBridge event bus is exposed to everyone, unauthorized users can access your event bus and potentially view or modify your events.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default is not exposed to everyone.", - "metadata": { - "event_code": "eventbridge_bus_exposed", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default is not exposed to everyone.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "KISA-ISMS-P-2023-korean": [ - "2.6.2", - "2.10.2" - ], - "ProwlerThreatScore-1.0": [ - "2.3.13" - ], - "KISA-ISMS-P-2023": [ - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Ensure that your AWS EventBridge event bus is not exposed to everyone.", - "title": "Ensure that your AWS EventBridge event bus is not exposed to everyone", - "types": [], - "uid": "prowler-aws-eventbridge_bus_exposed-211203495394-eu-west-2-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-2", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:eu-west-2:211203495394:event-bus/default", - "region": "eu-west-2", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:eu-west-2:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-2" - }, - "remediation": { - "desc": "To restrict access to your AWS EventBridge event bus, remove the permission that allows everyone to access it.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If your AWS EventBridge event bus is exposed to everyone, unauthorized users can access your event bus and potentially view or modify your events.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default is not exposed to everyone.", - "metadata": { - "event_code": "eventbridge_bus_exposed", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default is not exposed to everyone.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "KISA-ISMS-P-2023-korean": [ - "2.6.2", - "2.10.2" - ], - "ProwlerThreatScore-1.0": [ - "2.3.13" - ], - "KISA-ISMS-P-2023": [ - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Ensure that your AWS EventBridge event bus is not exposed to everyone.", - "title": "Ensure that your AWS EventBridge event bus is not exposed to everyone", - "types": [], - "uid": "prowler-aws-eventbridge_bus_exposed-211203495394-eu-west-3-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-3", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:eu-west-3:211203495394:event-bus/default", - "region": "eu-west-3", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:eu-west-3:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-3" - }, - "remediation": { - "desc": "To restrict access to your AWS EventBridge event bus, remove the permission that allows everyone to access it.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If your AWS EventBridge event bus is exposed to everyone, unauthorized users can access your event bus and potentially view or modify your events.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default is not exposed to everyone.", - "metadata": { - "event_code": "eventbridge_bus_exposed", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default is not exposed to everyone.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "KISA-ISMS-P-2023-korean": [ - "2.6.2", - "2.10.2" - ], - "ProwlerThreatScore-1.0": [ - "2.3.13" - ], - "KISA-ISMS-P-2023": [ - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Ensure that your AWS EventBridge event bus is not exposed to everyone.", - "title": "Ensure that your AWS EventBridge event bus is not exposed to everyone", - "types": [], - "uid": "prowler-aws-eventbridge_bus_exposed-211203495394-sa-east-1-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "sa-east-1", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:sa-east-1:211203495394:event-bus/default", - "region": "sa-east-1", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:sa-east-1:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "sa-east-1" - }, - "remediation": { - "desc": "To restrict access to your AWS EventBridge event bus, remove the permission that allows everyone to access it.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If your AWS EventBridge event bus is exposed to everyone, unauthorized users can access your event bus and potentially view or modify your events.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default is not exposed to everyone.", - "metadata": { - "event_code": "eventbridge_bus_exposed", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default is not exposed to everyone.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "KISA-ISMS-P-2023-korean": [ - "2.6.2", - "2.10.2" - ], - "ProwlerThreatScore-1.0": [ - "2.3.13" - ], - "KISA-ISMS-P-2023": [ - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Ensure that your AWS EventBridge event bus is not exposed to everyone.", - "title": "Ensure that your AWS EventBridge event bus is not exposed to everyone", - "types": [], - "uid": "prowler-aws-eventbridge_bus_exposed-211203495394-us-east-1-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:us-east-1:211203495394:event-bus/default", - "region": "us-east-1", - "kms_key_id": null, - "policy": {}, - "tags": [ - { - "Key": "Preexisting", - "Value": "20251012" - } - ] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [ - "Preexisting:20251012" - ], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:us-east-1:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "To restrict access to your AWS EventBridge event bus, remove the permission that allows everyone to access it.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If your AWS EventBridge event bus is exposed to everyone, unauthorized users can access your event bus and potentially view or modify your events.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default is not exposed to everyone.", - "metadata": { - "event_code": "eventbridge_bus_exposed", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default is not exposed to everyone.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "KISA-ISMS-P-2023-korean": [ - "2.6.2", - "2.10.2" - ], - "ProwlerThreatScore-1.0": [ - "2.3.13" - ], - "KISA-ISMS-P-2023": [ - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Ensure that your AWS EventBridge event bus is not exposed to everyone.", - "title": "Ensure that your AWS EventBridge event bus is not exposed to everyone", - "types": [], - "uid": "prowler-aws-eventbridge_bus_exposed-211203495394-us-east-2-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-2", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:us-east-2:211203495394:event-bus/default", - "region": "us-east-2", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:us-east-2:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-2" - }, - "remediation": { - "desc": "To restrict access to your AWS EventBridge event bus, remove the permission that allows everyone to access it.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If your AWS EventBridge event bus is exposed to everyone, unauthorized users can access your event bus and potentially view or modify your events.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default is not exposed to everyone.", - "metadata": { - "event_code": "eventbridge_bus_exposed", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default is not exposed to everyone.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "KISA-ISMS-P-2023-korean": [ - "2.6.2", - "2.10.2" - ], - "ProwlerThreatScore-1.0": [ - "2.3.13" - ], - "KISA-ISMS-P-2023": [ - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Ensure that your AWS EventBridge event bus is not exposed to everyone.", - "title": "Ensure that your AWS EventBridge event bus is not exposed to everyone", - "types": [], - "uid": "prowler-aws-eventbridge_bus_exposed-211203495394-us-west-1-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-west-1", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:us-west-1:211203495394:event-bus/default", - "region": "us-west-1", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:us-west-1:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-west-1" - }, - "remediation": { - "desc": "To restrict access to your AWS EventBridge event bus, remove the permission that allows everyone to access it.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If your AWS EventBridge event bus is exposed to everyone, unauthorized users can access your event bus and potentially view or modify your events.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default is not exposed to everyone.", - "metadata": { - "event_code": "eventbridge_bus_exposed", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default is not exposed to everyone.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "KISA-ISMS-P-2023-korean": [ - "2.6.2", - "2.10.2" - ], - "ProwlerThreatScore-1.0": [ - "2.3.13" - ], - "KISA-ISMS-P-2023": [ - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Ensure that your AWS EventBridge event bus is not exposed to everyone.", - "title": "Ensure that your AWS EventBridge event bus is not exposed to everyone", - "types": [], - "uid": "prowler-aws-eventbridge_bus_exposed-211203495394-us-west-2-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-west-2", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:us-west-2:211203495394:event-bus/default", - "region": "us-west-2", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:us-west-2:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-west-2" - }, - "remediation": { - "desc": "To restrict access to your AWS EventBridge event bus, remove the permission that allows everyone to access it.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If your AWS EventBridge event bus is exposed to everyone, unauthorized users can access your event bus and potentially view or modify your events.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "FMS without any compliant policy for account 211203495394.", - "metadata": { - "event_code": "fms_policy_compliant", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "FMS without any compliant policy for account 211203495394.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/waf/latest/developerguide/getting-started-fms-intro.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "SP-01.04B", - "HR-01.01B", - "IAM-01.01B", - "IAM-01.04B" - ], - "ENS-RD2022": [ - "mp.com.1.aws.nfw.2" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.1", - "2.10.2" - ], - "KISA-ISMS-P-2023": [ - "2.10.1", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "This check ensures all FMS policies inside an admin account are compliant", - "title": "Ensure that all FMS policies inside an admin account are compliant", - "types": [], - "uid": "prowler-aws-fms_policy_compliant-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "fms" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:fms:us-east-1:211203495394:policy" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Ensure FMS is enabled and all the policies are compliant across your AWS accounts", - "references": [ - "https://docs.aws.amazon.com/waf/latest/developerguide/getting-started-fms-intro.html" - ] - }, - "risk_details": "If FMS policies are not compliant, means there are resources unprotected by the policies", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Root user in the account wasn't accessed in the last 1 days.", - "metadata": { - "event_code": "iam_avoid_root_usage", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Root user in the account wasn't accessed in the last 1 days.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-03.01B", - "IAM-03.03B", - "IAM-06.02B", - "IAM-06.04B" - ], - "CIS-3.0": [ - "1.7" - ], - "ENS-RD2022": [ - "op.acc.2.aws.iam.4", - "op.acc.4.aws.iam.7" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.7" - ], - "CIS-5.0": [ - "1.6" - ], - "CIS-1.4": [ - "1.7" - ], - "CCC": [ - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN05.AR02" - ], - "ProwlerThreatScore-1.0": [ - "1.2.5" - ], - "CIS-1.5": [ - "1.7" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC02-BP01" - ], - "ISO27001-2022": [ - "A.5.15" - ], - "AWS-Account-Security-Onboarding": [ - "Block root user" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.10.2" - ], - "ISO27001-2013": [ - "A.9.2", - "A.9.4" - ], - "MITRE-ATTACK": [ - "T1078", - "T1098" - ], - "CIS-2.0": [ - "1.7" - ], - "NIS2": [ - "6.7.2.e", - "11.3.2.b", - "11.3.2.c", - "11.4.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Avoid the use of the root account", - "title": "Avoid the use of the root accounts", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_avoid_root_usage-211203495394-us-east-1-" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "user": "", - "arn": "arn:aws:iam::211203495394:root", - "user_creation_time": "2025-10-03T16:10:08Z", - "password_enabled": "true", - "password_last_used": "2025-10-15T00:42:44Z", - "password_last_changed": "2025-10-03T16:10:08Z", - "password_next_rotation": "not_supported", - "mfa_active": "true", - "access_key_1_active": "false", - "access_key_1_last_rotated": "N/A", - "access_key_1_last_used_date": "N/A", - "access_key_1_last_used_region": "N/A", - "access_key_1_last_used_service": "N/A", - "access_key_2_active": "false", - "access_key_2_last_rotated": "N/A", - "access_key_2_last_used_date": "N/A", - "access_key_2_last_used_region": "N/A", - "access_key_2_last_used_service": "N/A", - "cert_1_active": "false", - "cert_1_last_rotated": "N/A", - "cert_2_active": "false", - "cert_2_last_rotated": "N/A" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "", - "type": "AwsIamUser", - "uid": "arn:aws:iam::211203495394:root" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Follow the remediation instructions of the Ensure IAM policies are attached only to groups or roles recommendation.", - "references": [ - "http://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html" - ] - }, - "risk_details": "The root account has unrestricted access to all resources in the AWS account. It is highly recommended that the use of this account be avoided.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "AWS policy ElastiCacheServiceRolePolicy is attached but does not allow '*:*' administrative privileges.", - "metadata": { - "event_code": "iam_aws_attached_policy_no_administrative_privileges", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "AWS policy ElastiCacheServiceRolePolicy is attached but does not allow '*:*' administrative privileges.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "CAF Security Epic: IAM", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_1", - "3_1_2", - "3_1_4", - "3_1_5", - "3_1_6", - "3_1_7", - "3_4_6", - "3_13_3" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_1" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_308_a_3_i", - "164_308_a_3_ii_b", - "164_308_a_4_i", - "164_308_a_4_ii_b", - "164_308_a_4_ii_c", - "164_312_a_1" - ], - "SOC2": [ - "cc_1_3", - "cc_6_3" - ], - "C5-2025": [ - "OIS-04.03B", - "OIS-04.01AC", - "SP-01.04B", - "HR-01.01B", - "IAM-01.01B", - "IAM-01.04B" - ], - "NIST-CSF-1.1": [ - "ac_1", - "ac_4", - "pt_3" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-1", - "ac-2-f", - "ac-2-j", - "ac-3", - "ac-5-c", - "ac-6-10", - "ac-6", - "sc-2" - ], - "CIS-3.0": [ - "1.16" - ], - "NIST-800-53-Revision-5": [ - "ac_2_1", - "ac_2_6", - "ac_2_i_2", - "ac_3", - "ac_3_3", - "ac_3_3_a", - "ac_3_3_b_1", - "ac_3_3_b_2", - "ac_3_3_b_3", - "ac_3_3_b_4", - "ac_3_3_b_5", - "ac_3_3_c", - "ac_3_4", - "ac_3_4_a", - "ac_3_4_b", - "ac_3_4_c", - "ac_3_4_d", - "ac_3_4_e", - "ac_3_7", - "ac_3_8", - "ac_3_12_a", - "ac_3_13", - "ac_3_15_a", - "ac_3_15_b", - "ac_4_28", - "ac_5_b", - "ac_6", - "ac_6_2", - "ac_6_3", - "ac_6_10", - "ac_24", - "cm_5_1_a", - "cm_6_a", - "cm_9_b", - "mp_2", - "sc_23_3", - "sc_25" - ], - "ENS-RD2022": [ - "op.acc.4.aws.iam.1", - "op.acc.4.aws.iam.2", - "op.acc.4.aws.iam.9", - "op.exp.8.r4.aws.ct.8" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.16" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "ac-3" - ], - "FFIEC": [ - "d3-pc-am-b-1", - "d3-pc-am-b-16", - "d3-pc-am-b-2", - "d3-pc-am-b-3", - "d3-pc-am-b-6", - "d3-pc-im-b-7" - ], - "GDPR": [ - "article_25" - ], - "CIS-5.0": [ - "1.15" - ], - "CIS-1.4": [ - "1.16" - ], - "CCC": [ - "CCC.LB.CN05.AR01", - "CCC.Core.CN05.AR02" - ], - "GxP-21-CFR-Part-11": [ - "11.10-d", - "11.10-g" - ], - "ProwlerThreatScore-1.0": [ - "1.3.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "IAM.1" - ], - "CIS-1.5": [ - "1.16" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC03-BP02" - ], - "ISO27001-2022": [ - "A.5.18", - "A.8.2" - ], - "NIST-800-53-Revision-4": [ - "ac_2", - "ac_3", - "ac_5", - "ac_6", - "sc_2" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1078", - "T1648", - "T1098", - "T1578", - "T1550", - "T1040", - "T1580", - "T1538", - "T1619", - "T1201" - ], - "CIS-2.0": [ - "1.16" - ], - "CISA": [ - "your-systems-3", - "your-surroundings-3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Ensure IAM AWS-Managed policies that allow full \"*:*\" administrative privileges are not attached", - "title": "Ensure IAM AWS-Managed policies that allow full \"*:*\" administrative privileges are not attached", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_aws_attached_policy_no_administrative_privileges-211203495394-us-east-1-ElastiCacheServiceRolePolicy" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "ElastiCacheServiceRolePolicy", - "arn": "arn:aws:iam::aws:policy/aws-service-role/ElastiCacheServiceRolePolicy", - "entity": "ANPAIML5LIBUZBVCSF7PI", - "version_id": "v4", - "type": "AWS", - "attached": true, - "document": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "ElastiCacheManagementActions", - "Effect": "Allow", - "Action": [ - "ec2:AuthorizeSecurityGroupIngress", - "ec2:CreateNetworkInterface", - "ec2:CreateSecurityGroup", - "ec2:DeleteNetworkInterface", - "ec2:DeleteSecurityGroup", - "ec2:DescribeAvailabilityZones", - "ec2:DescribeNetworkInterfaces", - "ec2:DescribeSecurityGroups", - "ec2:DescribeSubnets", - "ec2:DescribeVpcs", - "ec2:DescribeVpcEndpoints", - "ec2:ModifyNetworkInterfaceAttribute", - "ec2:RevokeSecurityGroupIngress", - "cloudwatch:PutMetricData", - "outposts:GetOutpost", - "outposts:GetOutpostInstanceTypes", - "outposts:ListOutposts", - "outposts:ListSites" - ], - "Resource": "*" - }, - { - "Sid": "CreateDeleteVPCEndpoints", - "Effect": "Allow", - "Action": [ - "ec2:CreateVpcEndpoint", - "ec2:DeleteVpcEndpoints" - ], - "Resource": "arn:aws:ec2:*:*:vpc-endpoint/*", - "Condition": { - "StringLike": { - "ec2:VpceServiceName": "com.amazonaws.elasticache.serverless.*" - } - } - }, - { - "Sid": "TagVPCEndpointsOnCreation", - "Effect": "Allow", - "Action": [ - "ec2:CreateTags" - ], - "Resource": "arn:aws:ec2:*:*:vpc-endpoint/*", - "Condition": { - "StringEquals": { - "ec2:CreateAction": "CreateVpcEndpoint", - "aws:RequestTag/AmazonElastiCacheManaged": "true" - } - } - }, - { - "Sid": "ModifyVpcEndpoints", - "Effect": "Allow", - "Action": [ - "ec2:ModifyVpcEndpoint" - ], - "Resource": "arn:aws:ec2:*:*:vpc-endpoint/*", - "Condition": { - "StringEquals": { - "ec2:ResourceTag/AmazonElastiCacheManaged": "true" - } - } - }, - { - "Sid": "AllowAccessToElastiCacheTaggedVpcEndpoints", - "Effect": "Allow", - "Action": [ - "ec2:CreateVpcEndpoint", - "ec2:ModifyVpcEndpoint" - ], - "NotResource": "arn:aws:ec2:*:*:vpc-endpoint/*" - } - ] - }, - "tags": [] - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "ElastiCacheServiceRolePolicy", - "type": "AwsIamPolicy", - "uid": "arn:aws:iam::aws:policy/aws-service-role/ElastiCacheServiceRolePolicy" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "It is more secure to start with a minimum set of permissions and grant additional permissions as necessary, rather than starting with permissions that are too lenient and then trying to tighten them later. List policies an analyze if permissions are the least possible to conduct business activities.", - "references": [ - "http://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html" - ] - }, - "risk_details": "IAM policies are the means by which privileges are granted to users, groups, or roles. It is recommended and considered a standard security advice to grant least privilegeβ€”that is, granting only the permissions required to perform a task. Determine what users need to do and then craft policies for them that let the users perform only those tasks instead of allowing full administrative privileges. Providing full administrative privileges instead of restricting to the minimum set of permissions that the user is required to do exposes the resources to potentially unwanted actions.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "AWS policy AWSTrustedAdvisorServiceRolePolicy is attached but does not allow '*:*' administrative privileges.", - "metadata": { - "event_code": "iam_aws_attached_policy_no_administrative_privileges", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "AWS policy AWSTrustedAdvisorServiceRolePolicy is attached but does not allow '*:*' administrative privileges.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "CAF Security Epic: IAM", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_1", - "3_1_2", - "3_1_4", - "3_1_5", - "3_1_6", - "3_1_7", - "3_4_6", - "3_13_3" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_1" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_308_a_3_i", - "164_308_a_3_ii_b", - "164_308_a_4_i", - "164_308_a_4_ii_b", - "164_308_a_4_ii_c", - "164_312_a_1" - ], - "SOC2": [ - "cc_1_3", - "cc_6_3" - ], - "C5-2025": [ - "OIS-04.03B", - "OIS-04.01AC", - "SP-01.04B", - "HR-01.01B", - "IAM-01.01B", - "IAM-01.04B" - ], - "NIST-CSF-1.1": [ - "ac_1", - "ac_4", - "pt_3" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-1", - "ac-2-f", - "ac-2-j", - "ac-3", - "ac-5-c", - "ac-6-10", - "ac-6", - "sc-2" - ], - "CIS-3.0": [ - "1.16" - ], - "NIST-800-53-Revision-5": [ - "ac_2_1", - "ac_2_6", - "ac_2_i_2", - "ac_3", - "ac_3_3", - "ac_3_3_a", - "ac_3_3_b_1", - "ac_3_3_b_2", - "ac_3_3_b_3", - "ac_3_3_b_4", - "ac_3_3_b_5", - "ac_3_3_c", - "ac_3_4", - "ac_3_4_a", - "ac_3_4_b", - "ac_3_4_c", - "ac_3_4_d", - "ac_3_4_e", - "ac_3_7", - "ac_3_8", - "ac_3_12_a", - "ac_3_13", - "ac_3_15_a", - "ac_3_15_b", - "ac_4_28", - "ac_5_b", - "ac_6", - "ac_6_2", - "ac_6_3", - "ac_6_10", - "ac_24", - "cm_5_1_a", - "cm_6_a", - "cm_9_b", - "mp_2", - "sc_23_3", - "sc_25" - ], - "ENS-RD2022": [ - "op.acc.4.aws.iam.1", - "op.acc.4.aws.iam.2", - "op.acc.4.aws.iam.9", - "op.exp.8.r4.aws.ct.8" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.16" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "ac-3" - ], - "FFIEC": [ - "d3-pc-am-b-1", - "d3-pc-am-b-16", - "d3-pc-am-b-2", - "d3-pc-am-b-3", - "d3-pc-am-b-6", - "d3-pc-im-b-7" - ], - "GDPR": [ - "article_25" - ], - "CIS-5.0": [ - "1.15" - ], - "CIS-1.4": [ - "1.16" - ], - "CCC": [ - "CCC.LB.CN05.AR01", - "CCC.Core.CN05.AR02" - ], - "GxP-21-CFR-Part-11": [ - "11.10-d", - "11.10-g" - ], - "ProwlerThreatScore-1.0": [ - "1.3.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "IAM.1" - ], - "CIS-1.5": [ - "1.16" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC03-BP02" - ], - "ISO27001-2022": [ - "A.5.18", - "A.8.2" - ], - "NIST-800-53-Revision-4": [ - "ac_2", - "ac_3", - "ac_5", - "ac_6", - "sc_2" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1078", - "T1648", - "T1098", - "T1578", - "T1550", - "T1040", - "T1580", - "T1538", - "T1619", - "T1201" - ], - "CIS-2.0": [ - "1.16" - ], - "CISA": [ - "your-systems-3", - "your-surroundings-3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Ensure IAM AWS-Managed policies that allow full \"*:*\" administrative privileges are not attached", - "title": "Ensure IAM AWS-Managed policies that allow full \"*:*\" administrative privileges are not attached", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_aws_attached_policy_no_administrative_privileges-211203495394-us-east-1-AWSTrustedAdvisorServiceRolePolicy" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "AWSTrustedAdvisorServiceRolePolicy", - "arn": "arn:aws:iam::aws:policy/aws-service-role/AWSTrustedAdvisorServiceRolePolicy", - "entity": "ANPAJH4QJ2WMHBOB47BUE", - "version_id": "v14", - "type": "AWS", - "attached": true, - "document": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "TrustedAdvisorServiceRolePermissions", - "Effect": "Allow", - "Action": [ - "access-analyzer:ListAnalyzers", - "autoscaling:DescribeAccountLimits", - "autoscaling:DescribeAutoScalingGroups", - "autoscaling:DescribeLaunchConfigurations", - "ce:GetReservationPurchaseRecommendation", - "ce:GetSavingsPlansPurchaseRecommendation", - "cloudformation:DescribeAccountLimits", - "cloudformation:DescribeStacks", - "cloudformation:ListStacks", - "cloudfront:ListDistributions", - "cloudtrail:DescribeTrails", - "cloudtrail:GetTrailStatus", - "cloudtrail:GetTrail", - "cloudtrail:ListTrails", - "cloudtrail:GetEventSelectors", - "cloudwatch:GetMetricStatistics", - "cloudwatch:ListMetrics", - "dax:DescribeClusters", - "dynamodb:DescribeLimits", - "dynamodb:DescribeTable", - "dynamodb:ListTables", - "ec2:DescribeAddresses", - "ec2:DescribeReservedInstances", - "ec2:DescribeInstances", - "ec2:DescribeVpcs", - "ec2:DescribeInternetGateways", - "ec2:DescribeImages", - "ec2:DescribeNatGateways", - "ec2:DescribeVolumes", - "ec2:DescribeSecurityGroups", - "ec2:DescribeSubnets", - "ec2:DescribeRegions", - "ec2:DescribeReservedInstancesOfferings", - "ec2:DescribeRouteTables", - "ec2:DescribeSnapshots", - "ec2:DescribeVpcEndpoints", - "ec2:DescribeVpnConnections", - "ec2:DescribeVpnGateways", - "ec2:DescribeLaunchTemplateVersions", - "ec2:GetManagedPrefixListEntries", - "ecs:DescribeTaskDefinition", - "ecs:ListTaskDefinitions", - "elasticloadbalancing:DescribeAccountLimits", - "elasticloadbalancing:DescribeInstanceHealth", - "elasticloadbalancing:DescribeLoadBalancerAttributes", - "elasticloadbalancing:DescribeLoadBalancerPolicies", - "elasticloadbalancing:DescribeLoadBalancerPolicyTypes", - "elasticloadbalancing:DescribeLoadBalancers", - "elasticloadbalancing:DescribeListeners", - "elasticloadbalancing:DescribeRules", - "elasticloadbalancing:DescribeTargetGroups", - "elasticloadbalancing:DescribeTargetHealth", - "iam:GenerateCredentialReport", - "iam:GetAccountPasswordPolicy", - "iam:GetAccountSummary", - "iam:GetCredentialReport", - "iam:GetServerCertificate", - "iam:ListServerCertificates", - "iam:ListSAMLProviders", - "kinesis:DescribeLimits", - "kafka:DescribeClusterV2", - "kafka:ListClustersV2", - "kafka:ListNodes", - "network-firewall:ListFirewalls", - "network-firewall:DescribeFirewall", - "outposts:ListAssets", - "outposts:GetOutpost", - "outposts:ListOutposts", - "rds:DescribeAccountAttributes", - "rds:DescribeDBClusters", - "rds:DescribeDBEngineVersions", - "rds:DescribeDBInstances", - "rds:DescribeDBParameterGroups", - "rds:DescribeDBParameters", - "rds:DescribeDBSecurityGroups", - "rds:DescribeDBSnapshots", - "rds:DescribeDBSubnetGroups", - "rds:DescribeEngineDefaultParameters", - "rds:DescribeEvents", - "rds:DescribeOptionGroupOptions", - "rds:DescribeOptionGroups", - "rds:DescribeOrderableDBInstanceOptions", - "rds:DescribeReservedDBInstances", - "rds:DescribeReservedDBInstancesOfferings", - "rds:ListTagsForResource", - "redshift:DescribeClusters", - "redshift:DescribeReservedNodeOfferings", - "redshift:DescribeReservedNodes", - "route53:GetAccountLimit", - "route53:GetHealthCheck", - "route53:GetHostedZone", - "route53:ListHealthChecks", - "route53:ListHostedZones", - "route53:ListHostedZonesByName", - "route53:ListResourceRecordSets", - "route53resolver:ListResolverEndpoints", - "route53resolver:ListResolverEndpointIpAddresses", - "s3:GetAccountPublicAccessBlock", - "s3:GetBucketAcl", - "s3:GetBucketPolicy", - "s3:GetBucketPolicyStatus", - "s3:GetBucketLocation", - "s3:GetBucketLogging", - "s3:GetBucketVersioning", - "s3:GetBucketPublicAccessBlock", - "s3:GetLifecycleConfiguration", - "s3:ListBucket", - "s3:ListAllMyBuckets", - "ses:GetSendQuota", - "sqs:GetQueueAttributes", - "sqs:ListQueues" - ], - "Resource": "*" - } - ] - }, - "tags": [] - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "AWSTrustedAdvisorServiceRolePolicy", - "type": "AwsIamPolicy", - "uid": "arn:aws:iam::aws:policy/aws-service-role/AWSTrustedAdvisorServiceRolePolicy" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "It is more secure to start with a minimum set of permissions and grant additional permissions as necessary, rather than starting with permissions that are too lenient and then trying to tighten them later. List policies an analyze if permissions are the least possible to conduct business activities.", - "references": [ - "http://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html" - ] - }, - "risk_details": "IAM policies are the means by which privileges are granted to users, groups, or roles. It is recommended and considered a standard security advice to grant least privilegeβ€”that is, granting only the permissions required to perform a task. Determine what users need to do and then craft policies for them that let the users perform only those tasks instead of allowing full administrative privileges. Providing full administrative privileges instead of restricting to the minimum set of permissions that the user is required to do exposes the resources to potentially unwanted actions.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "AWS policy AdministratorAccess is attached and allows '*:*' administrative privileges.", - "metadata": { - "event_code": "iam_aws_attached_policy_no_administrative_privileges", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "AWS policy AdministratorAccess is attached and allows '*:*' administrative privileges.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "CAF Security Epic: IAM", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_1", - "3_1_2", - "3_1_4", - "3_1_5", - "3_1_6", - "3_1_7", - "3_4_6", - "3_13_3" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_1" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_308_a_3_i", - "164_308_a_3_ii_b", - "164_308_a_4_i", - "164_308_a_4_ii_b", - "164_308_a_4_ii_c", - "164_312_a_1" - ], - "SOC2": [ - "cc_1_3", - "cc_6_3" - ], - "C5-2025": [ - "OIS-04.03B", - "OIS-04.01AC", - "SP-01.04B", - "HR-01.01B", - "IAM-01.01B", - "IAM-01.04B" - ], - "NIST-CSF-1.1": [ - "ac_1", - "ac_4", - "pt_3" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-1", - "ac-2-f", - "ac-2-j", - "ac-3", - "ac-5-c", - "ac-6-10", - "ac-6", - "sc-2" - ], - "CIS-3.0": [ - "1.16" - ], - "NIST-800-53-Revision-5": [ - "ac_2_1", - "ac_2_6", - "ac_2_i_2", - "ac_3", - "ac_3_3", - "ac_3_3_a", - "ac_3_3_b_1", - "ac_3_3_b_2", - "ac_3_3_b_3", - "ac_3_3_b_4", - "ac_3_3_b_5", - "ac_3_3_c", - "ac_3_4", - "ac_3_4_a", - "ac_3_4_b", - "ac_3_4_c", - "ac_3_4_d", - "ac_3_4_e", - "ac_3_7", - "ac_3_8", - "ac_3_12_a", - "ac_3_13", - "ac_3_15_a", - "ac_3_15_b", - "ac_4_28", - "ac_5_b", - "ac_6", - "ac_6_2", - "ac_6_3", - "ac_6_10", - "ac_24", - "cm_5_1_a", - "cm_6_a", - "cm_9_b", - "mp_2", - "sc_23_3", - "sc_25" - ], - "ENS-RD2022": [ - "op.acc.4.aws.iam.1", - "op.acc.4.aws.iam.2", - "op.acc.4.aws.iam.9", - "op.exp.8.r4.aws.ct.8" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.16" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "ac-3" - ], - "FFIEC": [ - "d3-pc-am-b-1", - "d3-pc-am-b-16", - "d3-pc-am-b-2", - "d3-pc-am-b-3", - "d3-pc-am-b-6", - "d3-pc-im-b-7" - ], - "GDPR": [ - "article_25" - ], - "CIS-5.0": [ - "1.15" - ], - "CIS-1.4": [ - "1.16" - ], - "CCC": [ - "CCC.LB.CN05.AR01", - "CCC.Core.CN05.AR02" - ], - "GxP-21-CFR-Part-11": [ - "11.10-d", - "11.10-g" - ], - "ProwlerThreatScore-1.0": [ - "1.3.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "IAM.1" - ], - "CIS-1.5": [ - "1.16" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC03-BP02" - ], - "ISO27001-2022": [ - "A.5.18", - "A.8.2" - ], - "NIST-800-53-Revision-4": [ - "ac_2", - "ac_3", - "ac_5", - "ac_6", - "sc_2" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1078", - "T1648", - "T1098", - "T1578", - "T1550", - "T1040", - "T1580", - "T1538", - "T1619", - "T1201" - ], - "CIS-2.0": [ - "1.16" - ], - "CISA": [ - "your-systems-3", - "your-surroundings-3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Ensure IAM AWS-Managed policies that allow full \"*:*\" administrative privileges are not attached", - "title": "Ensure IAM AWS-Managed policies that allow full \"*:*\" administrative privileges are not attached", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_aws_attached_policy_no_administrative_privileges-211203495394-us-east-1-AdministratorAccess" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "AdministratorAccess", - "arn": "arn:aws:iam::aws:policy/AdministratorAccess", - "entity": "ANPAIWMBCKSKIEE64ZLYK", - "version_id": "v1", - "type": "AWS", - "attached": true, - "document": { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Action": "*", - "Resource": "*" - } - ] - }, - "tags": [] - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "AdministratorAccess", - "type": "AwsIamPolicy", - "uid": "arn:aws:iam::aws:policy/AdministratorAccess" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "It is more secure to start with a minimum set of permissions and grant additional permissions as necessary, rather than starting with permissions that are too lenient and then trying to tighten them later. List policies an analyze if permissions are the least possible to conduct business activities.", - "references": [ - "http://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html" - ] - }, - "risk_details": "IAM policies are the means by which privileges are granted to users, groups, or roles. It is recommended and considered a standard security advice to grant least privilegeβ€”that is, granting only the permissions required to perform a task. Determine what users need to do and then craft policies for them that let the users perform only those tasks instead of allowing full administrative privileges. Providing full administrative privileges instead of restricting to the minimum set of permissions that the user is required to do exposes the resources to potentially unwanted actions.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "AWS policy AWSSupportServiceRolePolicy is attached but does not allow '*:*' administrative privileges.", - "metadata": { - "event_code": "iam_aws_attached_policy_no_administrative_privileges", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "AWS policy AWSSupportServiceRolePolicy is attached but does not allow '*:*' administrative privileges.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "CAF Security Epic: IAM", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_1", - "3_1_2", - "3_1_4", - "3_1_5", - "3_1_6", - "3_1_7", - "3_4_6", - "3_13_3" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_1" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_308_a_3_i", - "164_308_a_3_ii_b", - "164_308_a_4_i", - "164_308_a_4_ii_b", - "164_308_a_4_ii_c", - "164_312_a_1" - ], - "SOC2": [ - "cc_1_3", - "cc_6_3" - ], - "C5-2025": [ - "OIS-04.03B", - "OIS-04.01AC", - "SP-01.04B", - "HR-01.01B", - "IAM-01.01B", - "IAM-01.04B" - ], - "NIST-CSF-1.1": [ - "ac_1", - "ac_4", - "pt_3" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-1", - "ac-2-f", - "ac-2-j", - "ac-3", - "ac-5-c", - "ac-6-10", - "ac-6", - "sc-2" - ], - "CIS-3.0": [ - "1.16" - ], - "NIST-800-53-Revision-5": [ - "ac_2_1", - "ac_2_6", - "ac_2_i_2", - "ac_3", - "ac_3_3", - "ac_3_3_a", - "ac_3_3_b_1", - "ac_3_3_b_2", - "ac_3_3_b_3", - "ac_3_3_b_4", - "ac_3_3_b_5", - "ac_3_3_c", - "ac_3_4", - "ac_3_4_a", - "ac_3_4_b", - "ac_3_4_c", - "ac_3_4_d", - "ac_3_4_e", - "ac_3_7", - "ac_3_8", - "ac_3_12_a", - "ac_3_13", - "ac_3_15_a", - "ac_3_15_b", - "ac_4_28", - "ac_5_b", - "ac_6", - "ac_6_2", - "ac_6_3", - "ac_6_10", - "ac_24", - "cm_5_1_a", - "cm_6_a", - "cm_9_b", - "mp_2", - "sc_23_3", - "sc_25" - ], - "ENS-RD2022": [ - "op.acc.4.aws.iam.1", - "op.acc.4.aws.iam.2", - "op.acc.4.aws.iam.9", - "op.exp.8.r4.aws.ct.8" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.16" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "ac-3" - ], - "FFIEC": [ - "d3-pc-am-b-1", - "d3-pc-am-b-16", - "d3-pc-am-b-2", - "d3-pc-am-b-3", - "d3-pc-am-b-6", - "d3-pc-im-b-7" - ], - "GDPR": [ - "article_25" - ], - "CIS-5.0": [ - "1.15" - ], - "CIS-1.4": [ - "1.16" - ], - "CCC": [ - "CCC.LB.CN05.AR01", - "CCC.Core.CN05.AR02" - ], - "GxP-21-CFR-Part-11": [ - "11.10-d", - "11.10-g" - ], - "ProwlerThreatScore-1.0": [ - "1.3.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "IAM.1" - ], - "CIS-1.5": [ - "1.16" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC03-BP02" - ], - "ISO27001-2022": [ - "A.5.18", - "A.8.2" - ], - "NIST-800-53-Revision-4": [ - "ac_2", - "ac_3", - "ac_5", - "ac_6", - "sc_2" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1078", - "T1648", - "T1098", - "T1578", - "T1550", - "T1040", - "T1580", - "T1538", - "T1619", - "T1201" - ], - "CIS-2.0": [ - "1.16" - ], - "CISA": [ - "your-systems-3", - "your-surroundings-3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Ensure IAM AWS-Managed policies that allow full \"*:*\" administrative privileges are not attached", - "title": "Ensure IAM AWS-Managed policies that allow full \"*:*\" administrative privileges are not attached", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_aws_attached_policy_no_administrative_privileges-211203495394-us-east-1-AWSSupportServiceRolePolicy" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "AWSSupportServiceRolePolicy", - "arn": "arn:aws:iam::aws:policy/aws-service-role/AWSSupportServiceRolePolicy", - "entity": "ANPAJ7W6266ELXF5MISDS", - "version_id": "v42", - "type": "AWS", - "attached": true, - "document": { - "Statement": [ - { - "Sid": "AWSSupportAPIGatewayAccess", - "Action": [ - "apigateway:GET" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:apigateway:*::/account", - "arn:aws:apigateway:*::/apis", - "arn:aws:apigateway:*::/apis/*", - "arn:aws:apigateway:*::/apis/*/authorizers", - "arn:aws:apigateway:*::/apis/*/authorizers/*", - "arn:aws:apigateway:*::/apis/*/deployments", - "arn:aws:apigateway:*::/apis/*/deployments/*", - "arn:aws:apigateway:*::/apis/*/integrations", - "arn:aws:apigateway:*::/apis/*/integrations/*", - "arn:aws:apigateway:*::/apis/*/integrations/*/integrationresponses", - "arn:aws:apigateway:*::/apis/*/integrations/*/integrationresponses/*", - "arn:aws:apigateway:*::/apis/*/models", - "arn:aws:apigateway:*::/apis/*/models/*", - "arn:aws:apigateway:*::/apis/*/routes", - "arn:aws:apigateway:*::/apis/*/routes/*", - "arn:aws:apigateway:*::/apis/*/routes/*/routeresponses", - "arn:aws:apigateway:*::/apis/*/routes/*/routeresponses/*", - "arn:aws:apigateway:*::/apis/*/stages", - "arn:aws:apigateway:*::/apis/*/stages/*", - "arn:aws:apigateway:*::/clientcertificates", - "arn:aws:apigateway:*::/clientcertificates/*", - "arn:aws:apigateway:*::/domainnames", - "arn:aws:apigateway:*::/domainnames/*", - "arn:aws:apigateway:*::/domainnames/*/apimappings", - "arn:aws:apigateway:*::/domainnames/*/apimappings/*", - "arn:aws:apigateway:*::/domainnames/*/basepathmappings", - "arn:aws:apigateway:*::/domainnames/*/basepathmappings/*", - "arn:aws:apigateway:*::/restapis", - "arn:aws:apigateway:*::/restapis/*", - "arn:aws:apigateway:*::/restapis/*/authorizers", - "arn:aws:apigateway:*::/restapis/*/authorizers/*", - "arn:aws:apigateway:*::/restapis/*/deployments", - "arn:aws:apigateway:*::/restapis/*/deployments/*", - "arn:aws:apigateway:*::/restapis/*/models", - "arn:aws:apigateway:*::/restapis/*/models/*", - "arn:aws:apigateway:*::/restapis/*/models/*/default_template", - "arn:aws:apigateway:*::/restapis/*/resources", - "arn:aws:apigateway:*::/restapis/*/resources/*", - "arn:aws:apigateway:*::/restapis/*/resources/*/methods/*/integration/responses/*", - "arn:aws:apigateway:*::/restapis/*/resources/*/methods/*/responses/*", - "arn:aws:apigateway:*::/restapis/*/stages/*/sdks/*", - "arn:aws:apigateway:*::/restapis/*/resources/*/methods/*", - "arn:aws:apigateway:*::/restapis/*/resources/*/methods/*/integration", - "arn:aws:apigateway:*::/restapis/*/stages", - "arn:aws:apigateway:*::/restapis/*/stages/*", - "arn:aws:apigateway:*::/usageplans", - "arn:aws:apigateway:*::/usageplans/*", - "arn:aws:apigateway:*::/vpclinks", - "arn:aws:apigateway:*::/vpclinks/*" - ] - }, - { - "Sid": "AWSSupportDeleteRoleAccess", - "Action": [ - "iam:DeleteRole" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:iam::*:role/aws-service-role/support.amazonaws.com/AWSServiceRoleForSupport" - ] - }, - { - "Sid": "AWSSupportActionsGroup1", - "Action": [ - "access-analyzer:getAccessPreview", - "access-analyzer:getAnalyzedResource", - "access-analyzer:getAnalyzer", - "access-analyzer:getArchiveRule", - "access-analyzer:getFinding", - "access-analyzer:getGeneratedPolicy", - "access-analyzer:listAccessPreviewFindings", - "access-analyzer:listAccessPreviews", - "access-analyzer:listAnalyzedResources", - "access-analyzer:listAnalyzers", - "access-analyzer:listArchiveRules", - "access-analyzer:listFindings", - "access-analyzer:listPolicyGenerations", - "account:getRegionOptStatus", - "account:listRegions", - "acm-pca:describeCertificateAuthority", - "acm-pca:describeCertificateAuthorityAuditReport", - "acm-pca:getCertificate", - "acm-pca:getCertificateAuthorityCertificate", - "acm-pca:getCertificateAuthorityCsr", - "acm-pca:listCertificateAuthorities", - "acm-pca:listTags", - "acm:describeCertificate", - "acm:getAccountConfiguration", - "acm:getCertificate", - "acm:listCertificates", - "acm:listTagsForCertificate", - "aiops:getInvestigationGroup", - "aiops:getInvestigationGroupPolicy", - "aiops:listInvestigationGroups", - "airflow:getEnvironment", - "airflow:listEnvironments", - "airflow:listTagsForResource", - "amplify:getApp", - "amplify:getBackendEnvironment", - "amplify:getBranch", - "amplify:getDomainAssociation", - "amplify:getJob", - "amplify:getWebhook", - "amplify:listApps", - "amplify:listBackendEnvironments", - "amplify:listBranches", - "amplify:listDomainAssociations", - "amplify:listWebhooks", - "amplifyuibuilder:exportComponents", - "amplifyuibuilder:exportThemes", - "aoss:batchGetCollection", - "aoss:batchGetEffectiveLifecyclePolicy", - "aoss:batchGetLifecyclePolicy", - "aoss:batchGetVpcEndpoint", - "aoss:getAccessPolicy", - "aoss:getAccountSettings", - "aoss:getPoliciesStats", - "aoss:getSecurityConfig", - "aoss:getSecurityPolicy", - "aoss:listAccessPolicies", - "aoss:listCollections", - "aoss:listLifecyclePolicies", - "aoss:listSecurityConfigs", - "aoss:listSecurityPolicies", - "aoss:listTagsForResource", - "aoss:listVpcEndpoints", - "appconfig:getApplication", - "appconfig:getConfigurationProfile", - "appconfig:getDeployment", - "appconfig:getDeploymentStrategy", - "appconfig:getEnvironment", - "appconfig:getExtension", - "appconfig:getExtensionAssociation", - "appconfig:listApplications", - "appconfig:listConfigurationProfiles", - "appconfig:listDeployments", - "appconfig:listDeploymentStrategies", - "appconfig:listEnvironments", - "appconfig:listExtensionAssociations", - "appconfig:listExtensions", - "appconfig:listHostedConfigurationVersions", - "appflow:describeConnectorEntity", - "appflow:describeConnectorProfiles", - "appflow:describeConnectors", - "appflow:describeFlow", - "appflow:describeFlowExecutionRecords", - "appflow:listConnectorEntities", - "appflow:listFlows", - "application-autoscaling:describeScalableTargets", - "application-autoscaling:describeScalingActivities", - "application-autoscaling:describeScalingPolicies", - "application-autoscaling:describeScheduledActions", - "application-signals:getService", - "application-signals:getServiceLevelObjective", - "application-signals:listServiceDependencies", - "application-signals:listServiceDependents", - "application-signals:listServiceLevelObjectives", - "application-signals:listServiceOperations", - "application-signals:listServices", - "applicationinsights:describeApplication", - "applicationinsights:describeComponent", - "applicationinsights:describeComponentConfiguration", - "applicationinsights:describeComponentConfigurationRecommendation", - "applicationinsights:describeLogPattern", - "applicationinsights:describeObservation", - "applicationinsights:describeProblem", - "applicationinsights:describeProblemObservations", - "applicationinsights:listApplications", - "applicationinsights:listComponents", - "applicationinsights:listConfigurationHistory", - "applicationinsights:listLogPatterns", - "applicationinsights:listLogPatternSets", - "applicationinsights:listProblems", - "appmesh:describeGatewayRoute", - "appmesh:describeMesh", - "appmesh:describeRoute", - "appmesh:describeVirtualGateway", - "appmesh:describeVirtualNode", - "appmesh:describeVirtualRouter", - "appmesh:describeVirtualService", - "appmesh:listGatewayRoutes", - "appmesh:listMeshes", - "appmesh:listRoutes", - "appmesh:listTagsForResource", - "appmesh:listVirtualGateways", - "appmesh:listVirtualNodes", - "appmesh:listVirtualRouters", - "appmesh:listVirtualServices", - "apprunner:describeAutoScalingConfiguration", - "apprunner:describeCustomDomains", - "apprunner:describeObservabilityConfiguration", - "apprunner:describeOperation", - "apprunner:describeService", - "apprunner:describeVpcConnector", - "apprunner:describeVpcIngressConnection", - "apprunner:listAutoScalingConfigurations", - "apprunner:listConnections", - "apprunner:listObservabilityConfigurations", - "apprunner:listOperations", - "apprunner:listServices", - "apprunner:listTagsForResource", - "apprunner:listVpcConnectors", - "apprunner:listVpcIngressConnections", - "appstream:describeAppBlockBuilderAppBlockAssociations", - "appstream:describeAppBlockBuilders", - "appstream:describeAppBlocks", - "appstream:describeApplicationFleetAssociations", - "appstream:describeApplications", - "appstream:describeDirectoryConfigs", - "appstream:describeEntitlements", - "appstream:describeFleets", - "appstream:describeImageBuilders", - "appstream:describeImagePermissions", - "appstream:describeImages", - "appstream:describeSessions", - "appstream:describeStacks", - "appstream:describeUsageReportSubscriptions", - "appstream:describeUsers", - "appstream:describeUserStackAssociations", - "appstream:listAssociatedFleets", - "appstream:listAssociatedStacks", - "appstream:listEntitledApplications", - "appstream:listTagsForResource", - "appsync:getApi", - "appsync:getApiAssociation", - "appsync:getApiCache", - "appsync:getChannelNamespace", - "appsync:getDataSource", - "appsync:getDomainName", - "appsync:getFunction", - "appsync:getGraphqlApi", - "appsync:getIntrospectionSchema", - "appsync:getResolver", - "appsync:getSchemaCreationStatus", - "appsync:getSourceApiAssociation", - "appsync:getType", - "appsync:listApis", - "appsync:listChannelNamespaces", - "appsync:listDataSources", - "appsync:listDomainNames", - "appsync:listFunctions", - "appsync:listGraphqlApis", - "appsync:listResolvers", - "appsync:listResolversByFunction", - "appsync:listSourceApiAssociations", - "appsync:listTypes", - "appsync:listTypesByAssociation", - "aps:describeAlertManagerDefinition", - "aps:describeRuleGroupsNamespace", - "aps:describeScraper", - "aps:describeWorkspace", - "aps:listRuleGroupsNamespaces", - "aps:listScrapers", - "aps:listWorkspaces", - "athena:batchGetNamedQuery", - "athena:batchGetQueryExecution", - "athena:getCalculationExecution", - "athena:getCalculationExecutionStatus", - "athena:getCapacityAssignmentConfiguration", - "athena:getCapacityReservation", - "athena:getDataCatalog", - "athena:getNamedQuery", - "athena:getNotebookMetadata", - "athena:getQueryExecution", - "athena:getQueryRuntimeStatistics", - "athena:getSession", - "athena:getSessionStatus", - "athena:getWorkGroup", - "athena:listApplicationDPUSizes", - "athena:listCalculationExecutions", - "athena:listCapacityReservations", - "athena:listDataCatalogs", - "athena:listEngineVersions", - "athena:listExecutors", - "athena:listNamedQueries", - "athena:listNotebookMetadata", - "athena:listNotebookSessions", - "athena:listQueryExecutions", - "athena:listSessions", - "athena:listTagsForResource", - "athena:listWorkGroups", - "auditmanager:getAccountStatus", - "auditmanager:getDelegations", - "auditmanager:listAssessmentFrameworks", - "auditmanager:listAssessmentReports", - "auditmanager:listAssessments", - "auditmanager:listControls", - "auditmanager:listKeywordsForDataSource", - "auditmanager:listNotifications", - "autoscaling-plans:describeScalingPlanResources", - "autoscaling-plans:describeScalingPlans", - "autoscaling-plans:getScalingPlanResourceForecastData", - "autoscaling:describeAccountLimits", - "autoscaling:describeAdjustmentTypes", - "autoscaling:describeAutoScalingGroups", - "autoscaling:describeAutoScalingInstances", - "autoscaling:describeAutoScalingNotificationTypes", - "autoscaling:describeInstanceRefreshes", - "autoscaling:describeLaunchConfigurations", - "autoscaling:describeLifecycleHooks", - "autoscaling:describeLifecycleHookTypes", - "autoscaling:describeLoadBalancers", - "autoscaling:describeLoadBalancerTargetGroups", - "autoscaling:describeMetricCollectionTypes", - "autoscaling:describeNotificationConfigurations", - "autoscaling:describePolicies", - "autoscaling:describeScalingActivities", - "autoscaling:describeScalingProcessTypes", - "autoscaling:describeScheduledActions", - "autoscaling:describeTags", - "autoscaling:describeTerminationPolicyTypes", - "autoscaling:describeTrafficSources", - "autoscaling:describeWarmPool", - "backup-gateway:getBandwidthRateLimitSchedule", - "backup-gateway:getGateway", - "backup-gateway:getHypervisor", - "backup-gateway:getHypervisorPropertyMappings", - "backup-gateway:getVirtualMachine", - "backup-gateway:listGateways", - "backup-gateway:listHypervisors", - "backup-gateway:listVirtualMachines", - "backup-search:listSearchJobBackups", - "backup-search:listSearchJobs", - "backup:describeBackupJob", - "backup:describeBackupVault", - "backup:describeCopyJob", - "backup:describeFramework", - "backup:describeGlobalSettings", - "backup:describeProtectedResource", - "backup:describeRecoveryPoint", - "backup:describeRegionSettings", - "backup:describeReportJob", - "backup:describeReportPlan", - "backup:describeRestoreJob", - "backup:getBackupPlan", - "backup:getBackupPlanFromJSON", - "backup:getBackupPlanFromTemplate", - "backup:getBackupSelection", - "backup:getBackupVaultAccessPolicy", - "backup:getBackupVaultNotifications", - "backup:getLegalHold", - "backup:getRecoveryPointRestoreMetadata", - "backup:getRecoveryPointIndexDetails", - "backup:getRestoreJobMetadata", - "backup:getRestoreTestingInferredMetadata", - "backup:getRestoreTestingPlan", - "backup:getRestoreTestingSelection", - "backup:getSupportedResourceTypes", - "backup:listBackupJobs", - "backup:listBackupPlans", - "backup:listBackupPlanTemplates", - "backup:listBackupPlanVersions", - "backup:listBackupSelections", - "backup:listBackupVaults", - "backup:listCopyJobs", - "backup:listFrameworks", - "backup:listIndexedRecoveryPoints", - "backup:listLegalHolds", - "backup:listProtectedResources", - "backup:listRecoveryPointsByBackupVault", - "backup:listRecoveryPointsByLegalHold", - "backup:listRecoveryPointsByResource", - "backup:listReportJobs", - "backup:listReportPlans", - "backup:listRestoreJobs", - "backup:listRestoreJobsByProtectedResource", - "backup:listRestoreTestingPlans", - "backup:listRestoreTestingSelections", - "backup:listTags", - "batch:describeComputeEnvironments", - "batch:describeJobDefinitions", - "batch:describeJobQueues", - "batch:describeJobs", - "batch:describeSchedulingPolicies", - "batch:listJobs", - "bedrock:getAgent", - "bedrock:getAgentActionGroup", - "bedrock:getAgentAlias", - "bedrock:getAgentKnowledgeBase", - "bedrock:getAgentVersion", - "bedrock:getCustomModel", - "bedrock:getDataSource", - "bedrock:getEvaluationJob", - "bedrock:getFlow", - "bedrock:getFlowAlias", - "bedrock:getFlowVersion", - "bedrock:getFoundationModel", - "bedrock:getGuardrail", - "bedrock:getImportedModel", - "bedrock:getInferenceProfile", - "bedrock:getIngestionJob", - "bedrock:getKnowledgeBase", - "bedrock:getMarketplaceModelEndpoint", - "bedrock:getModelCopyJob", - "bedrock:getModelCustomizationJob", - "bedrock:getModelImportJob", - "bedrock:getModelInvocationJob", - "bedrock:getModelInvocationLoggingConfiguration", - "bedrock:getPrompt", - "bedrock:getPromptRouter", - "bedrock:getProvisionedModelThroughput", - "bedrock:listAgentActionGroups", - "bedrock:listAgentAliases", - "bedrock:listAgentKnowledgeBases", - "bedrock:listAgents", - "bedrock:listAgentVersions", - "bedrock:listCustomModels", - "bedrock:listDataSources", - "bedrock:listEvaluationJobs", - "bedrock:listFlowAliases", - "bedrock:listFlows", - "bedrock:listFlowVersions", - "bedrock:listFoundationModels", - "bedrock:listGuardrails", - "bedrock:listImportedModels", - "bedrock:listInferenceProfiles", - "bedrock:listIngestionJobs", - "bedrock:listKnowledgeBases", - "bedrock:listMarketplaceModelEndpoints", - "bedrock:listModelCopyJobs", - "bedrock:listModelCustomizationJobs", - "bedrock:listModelImportJobs", - "bedrock:listModelInvocationJobs", - "bedrock:listPromptRouters", - "bedrock:listPrompts", - "bedrock:listProvisionedModelThroughputs", - "braket:getDevice", - "braket:getQuantumTask", - "braket:searchDevices", - "braket:searchQuantumTasks", - "budgets:viewBudget", - "ce:getCostAndUsage", - "ce:getCostAndUsageWithResources", - "ce:getCostForecast", - "ce:getDimensionValues", - "ce:getReservationCoverage", - "ce:getReservationPurchaseRecommendation", - "ce:getReservationUtilization", - "ce:getRightsizingRecommendation", - "ce:getSavingsPlansCoverage", - "ce:getSavingsPlansPurchaseRecommendation", - "ce:getSavingsPlansUtilization", - "ce:getSavingsPlansUtilizationDetails", - "ce:getTags", - "chime:describeAppInstance", - "chime:getAttendee", - "chime:getGlobalSettings", - "chime:getMediaCapturePipeline", - "chime:getMediaPipeline", - "chime:getMeeting", - "chime:getProxySession", - "chime:getSipMediaApplication", - "chime:getSipRule", - "chime:getVoiceConnector", - "chime:getVoiceConnectorGroup", - "chime:getVoiceConnectorLoggingConfiguration", - "chime:listAppInstances", - "chime:listAttendees", - "chime:listChannelBans", - "chime:listChannels", - "chime:listChannelsModeratedByAppInstanceUser", - "chime:listMediaCapturePipelines", - "chime:listMediaPipelines", - "chime:listMeetings", - "chime:listSipMediaApplications", - "chime:listSipRules", - "chime:listVoiceConnectorGroups", - "chime:listVoiceConnectors", - "cleanrooms:batchGetCollaborationAnalysisTemplate", - "cleanrooms:batchGetSchema", - "cleanrooms:getAnalysisTemplate", - "cleanrooms:getCollaboration", - "cleanrooms:getCollaborationAnalysisTemplate", - "cleanrooms:getConfiguredTable", - "cleanrooms:getConfiguredTableAssociation", - "cleanrooms:getMembership", - "cleanrooms:getSchema", - "cleanrooms:listAnalysisTemplates", - "cleanrooms:listCollaborationAnalysisTemplates", - "cleanrooms:listCollaborations", - "cleanrooms:listConfiguredTableAssociations", - "cleanrooms:listConfiguredTables", - "cleanrooms:listMembers", - "cleanrooms:listMemberships", - "cleanrooms:listSchemas", - "cloud9:describeEnvironmentMemberships", - "cloud9:describeEnvironments", - "cloud9:listEnvironments", - "clouddirectory:getDirectory", - "clouddirectory:listDirectories", - "cloudformation:batchDescribeTypeConfigurations", - "cloudformation:describeAccountLimits", - "cloudformation:describeChangeSet", - "cloudformation:describeChangeSetHooks", - "cloudformation:describePublisher", - "cloudformation:describeStackDriftDetectionStatus", - "cloudformation:describeStackEvents", - "cloudformation:describeStackInstance", - "cloudformation:describeStackResource", - "cloudformation:describeStackResourceDrifts", - "cloudformation:describeStackResources", - "cloudformation:describeStacks", - "cloudformation:describeStackSet", - "cloudformation:describeStackSetOperation", - "cloudformation:describeType", - "cloudformation:describeTypeRegistration", - "cloudformation:estimateTemplateCost", - "cloudformation:getResource", - "cloudformation:getStackPolicy", - "cloudformation:getTemplate", - "cloudformation:getTemplateSummary", - "cloudformation:listChangeSets", - "cloudformation:listExports", - "cloudformation:listImports", - "cloudformation:listResources", - "cloudformation:listStackInstances", - "cloudformation:listStackResources", - "cloudformation:listStacks", - "cloudformation:listStackSetOperationResults", - "cloudformation:listStackSetOperations", - "cloudformation:listStackSets", - "cloudformation:listTypeRegistrations", - "cloudformation:listTypes", - "cloudformation:listTypeVersions", - "cloudfront:describeFunction", - "cloudfront:describeKeyValueStore", - "cloudfront:getAnycastIpList", - "cloudfront:getCachePolicy", - "cloudfront:getCachePolicyConfig", - "cloudfront:getCloudFrontOriginAccessIdentity", - "cloudfront:getCloudFrontOriginAccessIdentityConfig", - "cloudfront:getContinuousDeploymentPolicy", - "cloudfront:getContinuousDeploymentPolicyConfig", - "cloudfront:getDistribution", - "cloudfront:getDistributionConfig", - "cloudfront:getInvalidation", - "cloudfront:getKeyGroup", - "cloudfront:getKeyGroupConfig", - "cloudfront:getMonitoringSubscription", - "cloudfront:getOriginAccessControl", - "cloudfront:getOriginAccessControlConfig", - "cloudfront:getOriginRequestPolicy", - "cloudfront:getOriginRequestPolicyConfig", - "cloudfront:getPublicKey", - "cloudfront:getPublicKeyConfig", - "cloudfront:getRealtimeLogConfig", - "cloudfront:getResponseHeadersPolicy", - "cloudfront:getResponseHeadersPolicyConfig", - "cloudfront:getStreamingDistribution", - "cloudfront:getStreamingDistributionConfig", - "cloudfront:getVpcOrigin", - "cloudfront:listAnycastIpLists", - "cloudfront:listCachePolicies", - "cloudfront:listCloudFrontOriginAccessIdentities", - "cloudfront:listConflictingAliases", - "cloudfront:listContinuousDeploymentPolicies", - "cloudfront:listDistributions", - "cloudfront:listDistributionsByAnycastIpListId", - "cloudfront:listDistributionsByCachePolicyId", - "cloudfront:listDistributionsByKeyGroup", - "cloudfront:listDistributionsByOriginRequestPolicyId", - "cloudfront:listDistributionsByRealtimeLogConfig", - "cloudfront:listDistributionsByResponseHeadersPolicyId", - "cloudfront:listDistributionsByVpcOriginId", - "cloudfront:listDistributionsByWebACLId", - "cloudfront:listFunctions", - "cloudfront:listInvalidations", - "cloudfront:listKeyGroups", - "cloudfront:listKeyValueStores", - "cloudfront:listOriginAccessControls", - "cloudfront:listOriginRequestPolicies", - "cloudfront:listPublicKeys", - "cloudfront:listRealtimeLogConfigs", - "cloudfront:listResponseHeadersPolicies", - "cloudfront:listStreamingDistributions", - "cloudfront:listVpcOrigins", - "cloudhsm:describeBackups", - "cloudhsm:describeClusters", - "cloudsearch:describeAnalysisSchemes", - "cloudsearch:describeAvailabilityOptions", - "cloudsearch:describeDomains", - "cloudsearch:describeExpressions", - "cloudsearch:describeIndexFields", - "cloudsearch:describeScalingParameters", - "cloudsearch:describeServiceAccessPolicies", - "cloudsearch:describeSuggesters", - "cloudsearch:listDomainNames", - "cloudtrail:describeTrails", - "cloudtrail:getEventSelectors", - "cloudtrail:getInsightSelectors", - "cloudtrail:getTrail", - "cloudtrail:getTrailStatus", - "cloudtrail:listPublicKeys", - "cloudtrail:listTags", - "cloudtrail:listTrails", - "cloudtrail:lookupEvents", - "cloudwatch:describeAlarmHistory", - "cloudwatch:describeAlarms", - "cloudwatch:describeAlarmsForMetric", - "cloudwatch:describeAnomalyDetectors", - "cloudwatch:describeInsightRules", - "cloudwatch:getDashboard", - "cloudwatch:getInsightRuleReport", - "cloudwatch:getMetricData", - "cloudwatch:getMetricStatistics", - "cloudwatch:getMetricStream", - "cloudWatch:getMetricWidgetImage", - "cloudwatch:listDashboards", - "cloudwatch:listManagedInsightRules", - "cloudwatch:listMetrics", - "cloudwatch:listMetricStreams", - "codeartifact:describeDomain", - "codeartifact:describePackageVersion", - "codeartifact:describeRepository", - "codeartifact:getDomainPermissionsPolicy", - "codeartifact:getRepositoryEndpoint", - "codeartifact:getRepositoryPermissionsPolicy", - "codeartifact:listDomains", - "codeartifact:listPackages", - "codeartifact:listPackageVersionAssets", - "codeartifact:listPackageVersions", - "codeartifact:listRepositories", - "codeartifact:listRepositoriesInDomain", - "codebuild:batchGetBuildBatches", - "codebuild:batchGetBuilds", - "codebuild:batchGetFleets", - "codebuild:batchGetProjects", - "codebuild:listBuildBatches", - "codebuild:listBuildBatchesForProject", - "codebuild:listBuilds", - "codebuild:listBuildsForProject", - "codebuild:listCuratedEnvironmentImages", - "codebuild:listFleets", - "codebuild:listProjects", - "codebuild:listSourceCredentials", - "codecommit:batchGetRepositories", - "codecommit:getBranch", - "codecommit:getRepository", - "codecommit:getRepositoryTriggers", - "codecommit:listBranches", - "codecommit:listRepositories", - "codeconnections:getConnection", - "codeconnections:getHost", - "codeconnections:getRepositoryLink", - "codeconnections:getRepositorySyncStatus", - "codeconnections:getResourceSyncStatus", - "codeconnections:getSyncBlockerSummary", - "codeconnections:getSyncConfiguration", - "codeconnections:listConnections", - "codeconnections:listHosts", - "codeconnections:listRepositoryLinks", - "codeconnections:listRepositorySyncDefinitions", - "codeconnections:listSyncConfigurations", - "codedeploy:batchGetApplicationRevisions", - "codedeploy:batchGetApplications", - "codedeploy:batchGetDeploymentGroups", - "codedeploy:batchGetDeploymentInstances", - "codedeploy:batchGetDeployments", - "codedeploy:batchGetDeploymentTargets", - "codedeploy:batchGetOnPremisesInstances", - "codedeploy:getApplication", - "codedeploy:getApplicationRevision", - "codedeploy:getDeployment", - "codedeploy:getDeploymentConfig", - "codedeploy:getDeploymentGroup", - "codedeploy:getDeploymentInstance", - "codedeploy:getDeploymentTarget", - "codedeploy:getOnPremisesInstance", - "codedeploy:listApplicationRevisions", - "codedeploy:listApplications", - "codedeploy:listDeploymentConfigs", - "codedeploy:listDeploymentGroups", - "codedeploy:listDeploymentInstances", - "codedeploy:listDeployments", - "codedeploy:listDeploymentTargets", - "codedeploy:listGitHubAccountTokenNames", - "codedeploy:listOnPremisesInstances", - "codepipeline:getJobDetails", - "codepipeline:getPipeline", - "codepipeline:getPipelineExecution", - "codepipeline:getPipelineState", - "codepipeline:listActionExecutions", - "codepipeline:listActionTypes", - "codepipeline:listPipelineExecutions", - "codepipeline:listPipelines", - "codepipeline:listRuleExecutions", - "codepipeline:listWebhooks", - "codestar-connections:getConnection", - "codestar-connections:getHost", - "codestar-connections:listConnections", - "codestar-connections:listHosts", - "codestar:describeProject", - "codestar:listProjects", - "codestar:listResources", - "codestar:listTeamMembers", - "codestar:listUserProfiles", - "cognito-identity:describeIdentity", - "cognito-identity:describeIdentityPool", - "cognito-identity:getIdentityPoolAnalytics", - "cognito-identity:getIdentityPoolDailyAnalytics", - "cognito-identity:getIdentityPoolRoles", - "cognito-identity:getIdentityProviderDailyAnalytics", - "cognito-identity:listIdentities", - "cognito-identity:listIdentityPools", - "cognito-identity:lookupDeveloperIdentity", - "cognito-idp:describeIdentityProvider", - "cognito-idp:describeResourceServer", - "cognito-idp:describeRiskConfiguration", - "cognito-idp:describeUserImportJob", - "cognito-idp:describeUserPool", - "cognito-idp:describeUserPoolClient", - "cognito-idp:describeUserPoolDomain", - "cognito-idp:getCSVHeader", - "cognito-idp:getGroup", - "cognito-idp:getLogDeliveryConfiguration", - "cognito-idp:getUICustomization", - "cognito-idp:getUserPoolMfaConfig", - "cognito-idp:listGroups", - "cognito-idp:listIdentityProviders", - "cognito-idp:listResourceServers", - "cognito-idp:listUserImportJobs", - "cognito-idp:listUserPoolClients", - "cognito-idp:listUserPools", - "cognito-sync:describeDataset", - "cognito-sync:describeIdentityPoolUsage", - "cognito-sync:describeIdentityUsage", - "cognito-sync:getCognitoEvents", - "cognito-sync:getIdentityPoolConfiguration", - "cognito-sync:listDatasets", - "cognito-sync:listIdentityPoolUsage", - "comprehend:describeDocumentClassificationJob", - "comprehend:describeDocumentClassifier", - "comprehend:describeDominantLanguageDetectionJob", - "comprehend:describeEndpoint", - "comprehend:describeEntitiesDetectionJob", - "comprehend:describeEntityRecognizer", - "comprehend:describeEventsDetectionJob", - "comprehend:describeFlywheel", - "comprehend:describeFlywheelIteration", - "comprehend:describeKeyPhrasesDetectionJob", - "comprehend:describePiiEntitiesDetectionJob", - "comprehend:describeSentimentDetectionJob", - "comprehend:describeTargetedSentimentDetectionJob", - "comprehend:describeTopicsDetectionJob", - "comprehend:listDocumentClassificationJobs", - "comprehend:listDocumentClassifiers", - "comprehend:listDominantLanguageDetectionJobs", - "comprehend:listEndpoints", - "comprehend:listEntitiesDetectionJobs", - "comprehend:listEntityRecognizers", - "comprehend:listEventsDetectionJobs", - "comprehend:listFlywheelIterationHistory", - "comprehend:listFlywheels", - "comprehend:listKeyPhrasesDetectionJobs", - "comprehend:listPiiEntitiesDetectionJobs", - "comprehend:listSentimentDetectionJobs", - "comprehend:listTargetedSentimentDetectionJobs", - "comprehend:listTopicsDetectionJobs", - "compute-optimizer:getAutoScalingGroupRecommendations", - "compute-optimizer:getEBSVolumeRecommendations", - "compute-optimizer:getEC2InstanceRecommendations", - "compute-optimizer:getEC2RecommendationProjectedMetrics", - "compute-optimizer:getECSServiceRecommendationProjectedMetrics", - "compute-optimizer:getECSServiceRecommendations", - "compute-optimizer:getEnrollmentStatus", - "compute-optimizer:getRecommendationSummaries", - "config:batchGetAggregateResourceConfig", - "config:batchGetResourceConfig", - "config:describeAggregateComplianceByConfigRules", - "config:describeAggregationAuthorizations", - "config:describeComplianceByConfigRule", - "config:describeComplianceByResource", - "config:describeConfigRuleEvaluationStatus", - "config:describeConfigRules", - "config:describeConfigurationAggregators", - "config:describeConfigurationAggregatorSourcesStatus", - "config:describeConfigurationRecorders", - "config:describeConfigurationRecorderStatus", - "config:describeConformancePackCompliance", - "config:describeConformancePacks", - "config:describeConformancePackStatus", - "config:describeDeliveryChannels", - "config:describeDeliveryChannelStatus", - "config:describeOrganizationConfigRules", - "config:describeOrganizationConfigRuleStatuses", - "config:describeOrganizationConformancePacks", - "config:describeOrganizationConformancePackStatuses", - "config:describePendingAggregationRequests", - "config:describeRemediationConfigurations", - "config:describeRemediationExceptions", - "config:describeRemediationExecutionStatus", - "config:describeRetentionConfigurations", - "config:getAggregateComplianceDetailsByConfigRule", - "config:getAggregateConfigRuleComplianceSummary", - "config:getAggregateDiscoveredResourceCounts", - "config:getAggregateResourceConfig", - "config:getComplianceDetailsByConfigRule", - "config:getComplianceDetailsByResource", - "config:getComplianceSummaryByConfigRule", - "config:getComplianceSummaryByResourceType", - "config:getConformancePackComplianceDetails", - "config:getConformancePackComplianceSummary", - "config:getDiscoveredResourceCounts", - "config:getOrganizationConfigRuleDetailedStatus", - "config:getOrganizationConformancePackDetailedStatus", - "config:getResourceConfigHistory", - "config:listAggregateDiscoveredResources", - "config:listDiscoveredResources", - "config:listTagsForResource", - "config:selectAggregateResourceConfig", - "config:selectResourceConfig", - "connect:describeContact", - "connect:describePhoneNumber", - "connect:describeQueue", - "connect:describeQuickConnect", - "connect:describeRoutingProfile", - "connect:describeUser", - "connect:describeUserHierarchyStructure", - "connect:getCurrentMetricData", - "connect:getMetricData", - "connect:getMetricDataV2", - "connect:listContactEvaluations", - "connect:listEvaluationForms", - "connect:listEvaluationFormVersions", - "connect:listPhoneNumbersV2", - "connect:listQueueQuickConnects", - "connect:listQueues", - "connect:listQuickConnects", - "connect:listRoutingProfileQueues", - "connect:listRoutingProfiles", - "connect:listSecurityProfiles", - "connect:listUsers", - "connect:listViews", - "connect:listViewVersions", - "connect:searchQueues", - "connect:searchRoutingProfiles", - "connect:searchUsers", - "controltower:describeAccountFactoryConfig", - "controltower:describeCoreService", - "controltower:describeGuardrail", - "controltower:describeGuardrailForTarget", - "controltower:describeManagedAccount", - "controltower:describeSingleSignOn", - "controltower:getAvailableUpdates", - "controltower:getHomeRegion", - "controltower:getLandingZone", - "controltower:getLandingZoneStatus", - "controltower:listDirectoryGroups", - "controltower:listEnabledControls", - "controltower:listGuardrailsForTarget", - "controltower:listGuardrailViolations", - "controltower:listLandingZones", - "controltower:listManagedAccounts", - "controltower:listManagedAccountsForGuardrail", - "controltower:listManagedAccountsForParent", - "controltower:listManagedOrganizationalUnits", - "controltower:listManagedOrganizationalUnitsForGuardrail", - "cost-optimization-hub:getPreferences", - "cost-optimization-hub:getRecommendation", - "cost-optimization-hub:listEnrollmentStatuses", - "cost-optimization-hub:listRecommendations", - "cost-optimization-hub:listRecommendationSummaries", - "databrew:describeDataset", - "databrew:describeJob", - "databrew:describeProject", - "databrew:describeRecipe", - "databrew:listDatasets", - "databrew:listJobRuns", - "databrew:listJobs", - "databrew:listProjects", - "databrew:listRecipes", - "databrew:listRecipeVersions", - "databrew:listTagsForResource", - "datapipeline:describeObjects", - "datapipeline:describePipelines", - "datapipeline:getPipelineDefinition", - "datapipeline:listPipelines", - "datapipeline:queryObjects", - "datasync:describeAgent", - "datasync:describeLocationAzureBlob", - "datasync:describeLocationEfs", - "datasync:describeLocationFsxLustre", - "datasync:describeLocationFsxOntap", - "datasync:describeLocationFsxOpenZfs", - "datasync:describeLocationFsxWindows", - "datasync:describeLocationHdfs", - "datasync:describeLocationNfs", - "datasync:describeLocationObjectStorage", - "datasync:describeLocationS3", - "datasync:describeLocationSmb", - "datasync:describeTask", - "datasync:describeTaskExecution", - "datasync:listAgents", - "datasync:listLocations", - "datasync:listTaskExecutions", - "datasync:listTasks", - "datazone:getAsset", - "datazone:getAssetType", - "datazone:getDataSource", - "datazone:getDataSourceRun", - "datazone:getDomain", - "datazone:getEnvironment", - "datazone:getEnvironmentBlueprint", - "datazone:getEnvironmentBlueprintConfiguration", - "datazone:getEnvironmentProfile", - "datazone:getFormType", - "datazone:getGlossary", - "datazone:getGlossaryTerm", - "datazone:getGroupProfile", - "datazone:getListing", - "datazone:getMetadataGenerationRun", - "datazone:getProject", - "datazone:getSubscription", - "datazone:getSubscriptionGrant", - "datazone:getSubscriptionRequestDetails", - "datazone:getSubscriptionTarget", - "datazone:getUserProfile", - "datazone:listAssetRevisions", - "datazone:listDataSourceRunActivities", - "datazone:listDataSourceRuns", - "datazone:listDataSources", - "datazone:listDomains", - "datazone:listEnvironmentBlueprintConfigurations", - "datazone:listEnvironmentBlueprints", - "datazone:listEnvironmentProfiles", - "datazone:listEnvironments", - "datazone:listMetadataGenerationRuns", - "datazone:listProjectMemberships", - "datazone:listProjects", - "datazone:listSubscriptionGrants", - "datazone:listSubscriptionRequests", - "datazone:listSubscriptions", - "datazone:listSubscriptionTargets", - "datazone:searchGroupProfiles", - "datazone:searchUserProfiles", - "dax:describeClusters", - "dax:describeDefaultParameters", - "dax:describeEvents", - "dax:describeParameterGroups", - "dax:describeParameters", - "dax:describeSubnetGroups", - "deadline:listAvailableMeteredProducts", - "deadline:listBudgets", - "deadline:listFarmMembers", - "deadline:listFarms", - "deadline:listFleetMembers", - "deadline:listFleets", - "deadline:listJobMembers", - "deadline:listJobs", - "deadline:listLicenseEndpoints", - "deadline:listMeteredProducts", - "deadline:listMonitors", - "deadline:listQueueEnvironments", - "deadline:listQueueFleetAssociations", - "deadline:listQueueMembers", - "deadline:listQueues", - "deadline:listStorageProfiles", - "deadline:listWorkers", - "detective:getMembers", - "detective:listGraphs", - "detective:listInvitations", - "detective:listMembers", - "devicefarm:getAccountSettings", - "devicefarm:getDevice", - "devicefarm:getDevicePool", - "devicefarm:getDevicePoolCompatibility", - "devicefarm:getJob", - "devicefarm:getProject", - "devicefarm:getRemoteAccessSession", - "devicefarm:getRun", - "devicefarm:getSuite", - "devicefarm:getTest", - "devicefarm:getTestGridProject", - "devicefarm:getTestGridSession", - "devicefarm:getUpload", - "devicefarm:listArtifacts", - "devicefarm:listDevicePools", - "devicefarm:listDevices", - "devicefarm:listJobs", - "devicefarm:listProjects", - "devicefarm:listRemoteAccessSessions", - "devicefarm:listRuns", - "devicefarm:listSamples", - "devicefarm:listSuites", - "devicefarm:listTestGridProjects", - "devicefarm:listTestGridSessionActions", - "devicefarm:listTestGridSessionArtifacts", - "devicefarm:listTestGridSessions", - "devicefarm:listTests", - "devicefarm:listUniqueProblems", - "devicefarm:listUploads", - "directconnect:describeConnectionLoa", - "directconnect:describeConnections", - "directconnect:describeConnectionsOnInterconnect", - "directconnect:describeCustomerMetadata", - "directconnect:describeDirectConnectGatewayAssociationProposals", - "directconnect:describeDirectConnectGatewayAssociations", - "directconnect:describeDirectConnectGatewayAttachments", - "directconnect:describeDirectConnectGateways", - "directconnect:describeHostedConnections", - "directconnect:describeInterconnectLoa", - "directconnect:describeInterconnects", - "directconnect:describeLags", - "directconnect:describeLoa", - "directconnect:describeLocations", - "directconnect:describeRouterConfiguration", - "directconnect:describeVirtualGateways", - "directconnect:describeVirtualInterfaces", - "directconnect:listVirtualInterfaceTestHistory", - "dlm:getLifecyclePolicies", - "dlm:getLifecyclePolicy", - "dms:describeAccountAttributes", - "dms:describeApplicableIndividualAssessments", - "dms:describeConnections", - "dms:describeEndpoints", - "dms:describeEndpointSettings", - "dms:describeEndpointTypes", - "dms:describeEventCategories", - "dms:describeEvents", - "dms:describeEventSubscriptions", - "dms:describeFleetAdvisorCollectors", - "dms:describeFleetAdvisorDatabases", - "dms:describeFleetAdvisorLsaAnalysis", - "dms:describeFleetAdvisorSchemaObjectSummary", - "dms:describeFleetAdvisorSchemas", - "dms:describeOrderableReplicationInstances", - "dms:describePendingMaintenanceActions", - "dms:describeRefreshSchemasStatus", - "dms:describeReplicationInstances", - "dms:describeReplicationInstanceTaskLogs", - "dms:describeReplicationSubnetGroups", - "dms:describeReplicationTaskAssessmentResults", - "dms:describeReplicationTaskAssessmentRuns", - "dms:describeReplicationTaskIndividualAssessments", - "dms:describeReplicationTasks", - "dms:describeSchemas", - "dms:describeTableStatistics", - "docdb-elastic:getCluster", - "docdb-elastic:getClusterSnapshot", - "docdb-elastic:listClusters", - "docdb-elastic:listClusterSnapshots", - "drs:describeJobLogItems", - "drs:describeJobs", - "drs:describeLaunchConfigurationTemplates", - "drs:describeRecoveryInstances", - "drs:describeRecoverySnapshots", - "drs:describeReplicationConfigurationTemplates", - "drs:describeSourceNetworks", - "drs:describeSourceServers", - "drs:getLaunchConfiguration", - "drs:getReplicationConfiguration", - "drs:listExtensibleSourceServers", - "drs:listLaunchActions", - "drs:listStagingAccounts", - "ds:describeClientAuthenticationSettings", - "ds:describeConditionalForwarders", - "ds:describeDirectories", - "ds:describeDomainControllers", - "ds:describeEventTopics", - "ds:describeHybridADUpdate", - "ds:describeLDAPSSettings", - "ds:describeSharedDirectories", - "ds:describeSnapshots", - "ds:describeTrusts", - "ds:getDirectoryLimits", - "ds:getSnapshotLimits", - "ds:listIpRoutes", - "ds:listSchemaExtensions", - "ds:listTagsForResource", - "dynamodb:describeBackup", - "dynamodb:describeContinuousBackups", - "dynamodb:describeContributorInsights", - "dynamodb:describeExport", - "dynamodb:describeGlobalTable", - "dynamodb:describeImport", - "dynamodb:describeKinesisStreamingDestination", - "dynamodb:describeLimits", - "dynamodb:describeStream", - "dynamodb:describeTable", - "dynamodb:describeTimeToLive", - "dynamodb:getResourcePolicy", - "dynamodb:listBackups", - "dynamodb:listContributorInsights", - "dynamodb:listExports", - "dynamodb:listGlobalTables", - "dynamodb:listImports", - "dynamodb:listStreams", - "dynamodb:listTables", - "dynamodb:listTagsOfResource", - "ec2:describeAccountAttributes", - "ec2:describeAddresses", - "ec2:describeAddressesAttribute", - "ec2:describeAddressTransfers", - "ec2:describeAggregateIdFormat", - "ec2:describeAvailabilityZones", - "ec2:describeBundleTasks", - "ec2:describeByoipCidrs", - "ec2:describeCapacityBlockOfferings", - "ec2:describeCapacityReservationFleets", - "ec2:describeCapacityReservations", - "ec2:describeCarrierGateways", - "ec2:describeClassicLinkInstances", - "ec2:describeClientVpnAuthorizationRules", - "ec2:describeClientVpnConnections", - "ec2:describeClientVpnEndpoints", - "ec2:describeClientVpnRoutes", - "ec2:describeClientVpnTargetNetworks", - "ec2:describeCoipPools", - "ec2:describeConversionTasks", - "ec2:describeCustomerGateways", - "ec2:describeDhcpOptions", - "ec2:describeEgressOnlyInternetGateways", - "ec2:describeExportImageTasks", - "ec2:describeExportTasks", - "ec2:describeFastLaunchImages", - "ec2:describeFastSnapshotRestores", - "ec2:describeFleetHistory", - "ec2:describeFleetInstances", - "ec2:describeFleets", - "ec2:describeFlowLogs", - "ec2:describeFpgaImageAttribute", - "ec2:describeFpgaImages", - "ec2:describeHostReservationOfferings", - "ec2:describeHostReservations", - "ec2:describeHosts", - "ec2:describeIamInstanceProfileAssociations", - "ec2:describeIdentityIdFormat", - "ec2:describeIdFormat", - "ec2:describeImageAttribute", - "ec2:describeImages", - "ec2:describeImportImageTasks", - "ec2:describeImportSnapshotTasks", - "ec2:describeInstanceAttribute", - "ec2:describeInstanceConnectEndpoints", - "ec2:describeInstanceCreditSpecifications", - "ec2:describeInstanceEventNotificationAttributes", - "ec2:describeInstanceEventWindows", - "ec2:describeInstances", - "ec2:describeInstanceStatus", - "ec2:describeInstanceTypeOfferings", - "ec2:describeInstanceTypes", - "ec2:describeInternetGateways", - "ec2:describeIpamByoasn", - "ec2:describeIpamExternalResourceVerificationTokens", - "ec2:describeIpamPools", - "ec2:describeIpamResourceDiscoveries", - "ec2:describeIpamResourceDiscoveryAssociations", - "ec2:describeIpams", - "ec2:describeIpamScopes", - "ec2:describeIpv6Pools", - "ec2:describeKeyPairs", - "ec2:describeLaunchTemplates", - "ec2:describeLaunchTemplateVersions", - "ec2:describeLocalGatewayRouteTables", - "ec2:describeLocalGatewayRouteTableVirtualInterfaceGroupAssociations", - "ec2:describeLocalGatewayRouteTableVpcAssociations", - "ec2:describeLocalGateways", - "ec2:describeLocalGatewayVirtualInterfaceGroups", - "ec2:describeLocalGatewayVirtualInterfaces", - "ec2:describeManagedPrefixLists", - "ec2:describeMovingAddresses", - "ec2:describeNatGateways", - "ec2:describeNetworkAcls", - "ec2:describeNetworkInsightsAccessScopeAnalyses", - "ec2:describeNetworkInsightsAccessScopes", - "ec2:describeNetworkInsightsAnalyses", - "ec2:describeNetworkInsightsPaths", - "ec2:describeNetworkInterfaceAttribute", - "ec2:describeNetworkInterfaces", - "ec2:describePlacementGroups", - "ec2:describePrefixLists", - "ec2:describePrincipalIdFormat", - "ec2:describePublicIpv4Pools", - "ec2:describeRegions", - "ec2:describeReplaceRootVolumeTasks", - "ec2:describeReservedInstances", - "ec2:describeReservedInstancesListings", - "ec2:describeReservedInstancesModifications", - "ec2:describeReservedInstancesOfferings", - "ec2:describeRouteServerEndpoints", - "ec2:describeRouteServerPeers", - "ec2:describeRouteServers", - "ec2:describeRouteTables", - "ec2:describeScheduledInstanceAvailability", - "ec2:describeScheduledInstances", - "ec2:describeSecurityGroupReferences", - "ec2:describeSecurityGroupRules", - "ec2:describeSecurityGroups", - "ec2:describeServiceLinkVirtualInterfaces", - "ec2:describeSnapshotAttribute", - "ec2:describeSnapshots", - "ec2:describeSnapshotTierStatus", - "ec2:describeSpotDatafeedSubscription", - "ec2:describeSpotFleetInstances", - "ec2:describeSpotFleetRequestHistory", - "ec2:describeSpotFleetRequests", - "ec2:describeSpotInstanceRequests", - "ec2:describeSpotPriceHistory", - "ec2:describeStaleSecurityGroups", - "ec2:describeStoreImageTasks", - "ec2:describeSubnets", - "ec2:describeTags", - "ec2:describeTrafficMirrorFilterRules", - "ec2:describeTrafficMirrorFilters", - "ec2:describeTrafficMirrorSessions", - "ec2:describeTrafficMirrorTargets", - "ec2:describeTransitGatewayAttachments", - "ec2:describeTransitGatewayConnectPeers", - "ec2:describeTransitGatewayMulticastDomains", - "ec2:describeTransitGatewayPeeringAttachments", - "ec2:describeTransitGatewayPolicyTables", - "ec2:describeTransitGatewayRouteTableAnnouncements", - "ec2:describeTransitGatewayRouteTables", - "ec2:describeTransitGateways", - "ec2:describeTransitGatewayVpcAttachments", - "ec2:describeVerifiedAccessEndpoints", - "ec2:describeVerifiedAccessGroups", - "ec2:describeVerifiedAccessInstanceLoggingConfigurations", - "ec2:describeVerifiedAccessInstances", - "ec2:describeVerifiedAccessTrustProviders", - "ec2:describeVolumeAttribute", - "ec2:describeVolumes", - "ec2:describeVolumesModifications", - "ec2:describeVolumeStatus", - "ec2:describeVpcAttribute", - "ec2:describeVpcBlockPublicAccessExclusions", - "ec2:describeVpcBlockPublicAccessOptions", - "ec2:describeVpcClassicLink", - "ec2:describeVpcClassicLinkDnsSupport", - "ec2:describeVpcEndpointAssociations", - "ec2:describeVpcEndpointConnectionNotifications", - "ec2:describeVpcEndpointConnections", - "ec2:describeVpcEndpoints", - "ec2:describeVpcEndpointServiceConfigurations", - "ec2:describeVpcEndpointServicePermissions", - "ec2:describeVpcEndpointServices", - "ec2:describeVpcPeeringConnections", - "ec2:describeVpcs", - "ec2:describeVpnConnections", - "ec2:describeVpnGateways", - "ec2:getAssociatedEnclaveCertificateIamRoles", - "ec2:getAssociatedIpv6PoolCidrs", - "ec2:getCapacityReservationUsage", - "ec2:getCoipPoolUsage", - "ec2:getConsoleOutput", - "ec2:getConsoleScreenshot", - "ec2:getDefaultCreditSpecification", - "ec2:getEbsDefaultKmsKeyId", - "ec2:getEbsEncryptionByDefault", - "ec2:getGroupsForCapacityReservation", - "ec2:getHostReservationPurchasePreview", - "ec2:getImageBlockPublicAccessState", - "ec2:getInstanceTypesFromInstanceRequirements", - "ec2:getIpamAddressHistory", - "ec2:getIpamDiscoveredAccounts", - "ec2:getIpamDiscoveredPublicAddresses", - "ec2:getIpamDiscoveredResourceCidrs", - "ec2:getIpamPoolAllocations", - "ec2:getIpamPoolCidrs", - "ec2:getIpamResourceCidrs", - "ec2:getLaunchTemplateData", - "ec2:getManagedPrefixListAssociations", - "ec2:getManagedPrefixListEntries", - "ec2:getNetworkInsightsAccessScopeContent", - "ec2:getReservedInstancesExchangeQuote", - "ec2:getRouteServerAssociations", - "ec2:getRouteServerPropagations", - "ec2:getRouteServerRoutingDatabase", - "ec2:getSerialConsoleAccessStatus", - "ec2:getSpotPlacementScores", - "ec2:getSubnetCidrReservations", - "ec2:getTransitGatewayMulticastDomainAssociations", - "ec2:getTransitGatewayPrefixListReferences", - "ec2:getVerifiedAccessEndpointPolicy", - "ec2:getVerifiedAccessGroupPolicy", - "ec2:listImagesInRecycleBin", - "ec2:listSnapshotsInRecycleBin", - "ec2:searchLocalGatewayRoutes", - "ec2:searchTransitGatewayMulticastGroups", - "ec2:searchTransitGatewayRoutes", - "ecr-public:describeImages", - "ecr-public:describeImageTags", - "ecr-public:describeRegistries", - "ecr-public:describeRepositories", - "ecr-public:getRegistryCatalogData", - "ecr-public:getRepositoryCatalogData", - "ecr-public:getRepositoryPolicy", - "ecr-public:listTagsForResource", - "ecr:batchCheckLayerAvailability", - "ecr:batchGetRepositoryScanningConfiguration", - "ecr:describeImageReplicationStatus", - "ecr:describeImages", - "ecr:describeImageScanFindings", - "ecr:describePullThroughCacheRules", - "ecr:describeRegistry", - "ecr:describeRepositories", - "ecr:getLifecyclePolicy", - "ecr:getLifecyclePolicyPreview", - "ecr:getRegistryPolicy", - "ecr:getRegistryScanningConfiguration", - "ecr:getRepositoryPolicy", - "ecr:listImages", - "ecr:listTagsForResource", - "ecs:describeCapacityProviders", - "ecs:describeClusters", - "ecs:describeContainerInstances", - "ecs:describeServiceDeployments", - "ecs:describeServiceRevisions", - "ecs:describeServices", - "ecs:describeTaskDefinition", - "ecs:describeTasks", - "ecs:describeTaskSets", - "ecs:getTaskProtection", - "ecs:listAccountSettings", - "ecs:listAttributes", - "ecs:listClusters", - "ecs:listContainerInstances", - "ecs:listServiceDeployments", - "ecs:listServices", - "ecs:listServicesByNamespace", - "ecs:listTagsForResource", - "ecs:listTaskDefinitionFamilies", - "ecs:listTaskDefinitions", - "ecs:listTasks" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Sid": "AWSSupportActionsGroup2", - "Action": [ - "eks:describeAccessEntry", - "eks:describeAddon", - "eks:describeAddonConfiguration", - "eks:describeAddonVersions", - "eks:describeCluster", - "eks:describeEksAnywhereSubscription", - "eks:describeFargateProfile", - "eks:describeIdentityProviderConfig", - "eks:describeInsight", - "eks:describeNodegroup", - "eks:describePodIdentityAssociation", - "eks:describeUpdate", - "eks:listAccessEntries", - "eks:listAccessPolicies", - "eks:listAddons", - "eks:listAssociatedAccessPolicies", - "eks:listClusters", - "eks:listEksAnywhereSubscriptions", - "eks:listFargateProfiles", - "eks:listIdentityProviderConfigs", - "eks:listInsights", - "eks:listNodegroups", - "eks:listPodIdentityAssociations", - "eks:listUpdates", - "elasticache:describeCacheClusters", - "elasticache:describeCacheEngineVersions", - "elasticache:describeCacheParameterGroups", - "elasticache:describeCacheParameters", - "elasticache:describeCacheSecurityGroups", - "elasticache:describeCacheSubnetGroups", - "elasticache:describeEngineDefaultParameters", - "elasticache:describeEvents", - "elasticache:describeGlobalReplicationGroups", - "elasticache:describeReplicationGroups", - "elasticache:describeReservedCacheNodes", - "elasticache:describeReservedCacheNodesOfferings", - "elasticache:describeServerlessCaches", - "elasticache:describeServerlessCacheSnapshots", - "elasticache:describeServiceUpdates", - "elasticache:describeSnapshots", - "elasticache:describeUpdateActions", - "elasticache:describeUserGroups", - "elasticache:describeUsers", - "elasticache:listAllowedNodeTypeModifications", - "elasticache:listTagsForResource", - "elasticbeanstalk:checkDNSAvailability", - "elasticbeanstalk:describeAccountAttributes", - "elasticbeanstalk:describeApplications", - "elasticbeanstalk:describeApplicationVersions", - "elasticbeanstalk:describeConfigurationOptions", - "elasticbeanstalk:describeEnvironmentHealth", - "elasticbeanstalk:describeEnvironmentManagedActionHistory", - "elasticbeanstalk:describeEnvironmentManagedActions", - "elasticbeanstalk:describeEnvironmentResources", - "elasticbeanstalk:describeEnvironments", - "elasticbeanstalk:describeEvents", - "elasticbeanstalk:describeInstancesHealth", - "elasticbeanstalk:describePlatformVersion", - "elasticbeanstalk:listAvailableSolutionStacks", - "elasticbeanstalk:listPlatformBranches", - "elasticbeanstalk:listPlatformVersions", - "elasticbeanstalk:validateConfigurationSettings", - "elasticfilesystem:describeAccessPoints", - "elasticfilesystem:describeBackupPolicy", - "elasticfilesystem:describeFileSystemPolicy", - "elasticfilesystem:describeFileSystems", - "elasticfilesystem:describeLifecycleConfiguration", - "elasticfilesystem:describeMountTargets", - "elasticfilesystem:describeMountTargetSecurityGroups", - "elasticfilesystem:describeReplicationConfigurations", - "elasticfilesystem:describeTags", - "elasticfilesystem:listTagsForResource", - "elasticloadbalancing:describeAccountLimits", - "elasticloadbalancing:describeInstanceHealth", - "elasticloadbalancing:describeListenerCertificates", - "elasticloadbalancing:describeListeners", - "elasticloadbalancing:describeLoadBalancerAttributes", - "elasticloadbalancing:describeLoadBalancerPolicies", - "elasticloadbalancing:describeLoadBalancerPolicyTypes", - "elasticloadbalancing:describeLoadBalancers", - "elasticloadbalancing:describeRules", - "elasticloadbalancing:describeSSLPolicies", - "elasticloadbalancing:describeTags", - "elasticloadbalancing:describeTargetGroupAttributes", - "elasticloadbalancing:describeTargetGroups", - "elasticloadbalancing:describeTargetHealth", - "elasticloadbalancing:describeTrustStoreAssociations", - "elasticloadbalancing:describeTrustStoreRevocations", - "elasticloadbalancing:describeTrustStores", - "elasticmapreduce:describeCluster", - "elasticmapreduce:describeNotebookExecution", - "elasticmapreduce:describeReleaseLabel", - "elasticmapreduce:describeSecurityConfiguration", - "elasticmapreduce:describeStep", - "elasticmapreduce:describeStudio", - "elasticmapreduce:getAutoTerminationPolicy", - "elasticmapreduce:getBlockPublicAccessConfiguration", - "elasticmapreduce:getManagedScalingPolicy", - "elasticmapreduce:getStudioSessionMapping", - "elasticmapreduce:listBootstrapActions", - "elasticmapreduce:listClusters", - "elasticmapreduce:listInstanceFleets", - "elasticmapreduce:listInstanceGroups", - "elasticmapreduce:listInstances", - "elasticmapreduce:listNotebookExecutions", - "elasticmapreduce:listReleaseLabels", - "elasticmapreduce:listSecurityConfigurations", - "elasticmapreduce:listSteps", - "elasticmapreduce:listStudios", - "elasticmapreduce:listStudioSessionMappings", - "elastictranscoder:listJobsByPipeline", - "elastictranscoder:listJobsByStatus", - "elastictranscoder:listPipelines", - "elastictranscoder:listPresets", - "elastictranscoder:readPipeline", - "elastictranscoder:readPreset", - "emr-containers:describeJobRun", - "emr-containers:describeJobTemplate", - "emr-containers:describeManagedEndpoint", - "emr-containers:describeVirtualCluster", - "emr-containers:listJobRuns", - "emr-containers:listJobTemplates", - "emr-containers:listManagedEndpoints", - "emr-containers:listVirtualClusters", - "emr-serverless:getApplication", - "emr-serverless:getJobRun", - "emr-serverless:listApplications", - "es:describeDomain", - "es:describeDomainAutoTunes", - "es:describeDomainChangeProgress", - "es:describeDomainConfig", - "es:describeDomainHealth", - "es:describeDomainNodes", - "es:describeDomains", - "es:describeDryRunProgress", - "es:describeElasticsearchDomain", - "es:describeElasticsearchDomainConfig", - "es:describeElasticsearchDomains", - "es:getDomainMaintenanceStatus", - "es:describeInboundConnections", - "es:describeInstanceTypeLimits", - "es:describeOutboundConnections", - "es:describePackages", - "es:describeReservedInstanceOfferings", - "es:describeReservedInstances", - "es:describeVpcEndpoints", - "es:getCompatibleVersions", - "es:getPackageVersionHistory", - "es:getUpgradeHistory", - "es:getUpgradeStatus", - "es:listDomainMaintenances", - "es:listDomainNames", - "es:listDomainsForPackage", - "es:listInstanceTypeDetails", - "es:listPackagesForDomain", - "es:listScheduledActions", - "es:listTags", - "es:listVersions", - "es:listVpcEndpointAccess", - "es:listVpcEndpoints", - "es:listVpcEndpointsForDomain", - "events:describeApiDestination", - "events:describeArchive", - "events:describeConnection", - "events:describeEndpoint", - "events:describeEventBus", - "events:describeEventSource", - "events:describePartnerEventSource", - "events:describeReplay", - "events:describeRule", - "events:listApiDestinations", - "events:listArchives", - "events:listConnections", - "events:listEndpoints", - "events:listEventBuses", - "events:listEventSources", - "events:listPartnerEventSourceAccounts", - "events:listPartnerEventSources", - "events:listReplays", - "events:listRuleNamesByTarget", - "events:listRules", - "events:listTargetsByRule", - "events:testEventPattern", - "evidently:getExperiment", - "evidently:getFeature", - "evidently:getLaunch", - "evidently:getProject", - "evidently:getSegment", - "evidently:listExperiments", - "evidently:listFeatures", - "evidently:listLaunches", - "evidently:listProjects", - "evidently:listSegmentReferences", - "evidently:listSegments", - "firehose:describeDeliveryStream", - "firehose:listDeliveryStreams", - "fis:getAction", - "fis:getExperiment", - "fis:getExperimentTargetAccountConfiguration", - "fis:getExperimentTemplate", - "fis:getSafetyLever", - "fis:getTargetAccountConfiguration", - "fis:listActions", - "fis:listExperimentResolvedTargets", - "fis:listExperimentTargetAccountConfigurations", - "fis:listExperiments", - "fis:listExperimentTemplates", - "fis:listTargetAccountConfigurations", - "fms:getAdminAccount", - "fms:getAdminScope", - "fms:getAppsList", - "fms:getComplianceDetail", - "fms:getNotificationChannel", - "fms:getProtocolsList", - "fms:getPolicy", - "fms:getProtectionStatus", - "fms:getResourceSet", - "fms:getThirdPartyFirewallAssociationStatus", - "fms:getViolationDetails", - "fms:listAdminAccountsForOrganization", - "fms:listAdminsManagingAccount", - "fms:listAppsLists", - "fms:listComplianceStatus", - "fms:listDiscoveredResources", - "fms:listMemberAccounts", - "fms:listProtocolsLists", - "fms:listPolicies", - "fms:listResourceSetResources", - "fms:listResourceSets", - "fms:listThirdPartyFirewallFirewallPolicies", - "forecast:describeDataset", - "forecast:describeDatasetGroup", - "forecast:describeDatasetImportJob", - "forecast:describeForecast", - "forecast:describeForecastExportJob", - "forecast:describePredictor", - "forecast:getAccuracyMetrics", - "forecast:listDatasetGroups", - "forecast:listDatasetImportJobs", - "forecast:listDatasets", - "forecast:listForecastExportJobs", - "forecast:listForecasts", - "forecast:listPredictors", - "freetier:getFreeTierUsage", - "fsx:describeBackups", - "fsx:describeDataRepositoryAssociations", - "fsx:describeDataRepositoryTasks", - "fsx:describeFileCaches", - "fsx:describeFileSystems", - "fsx:describeS3AccessPointAttachments", - "fsx:describeSnapshots", - "fsx:describeStorageVirtualMachines", - "fsx:describeVolumes", - "fsx:listTagsForResource", - "gamelift:describeAlias", - "gamelift:describeBuild", - "gamelift:describeEC2InstanceLimits", - "gamelift:describeFleetAttributes", - "gamelift:describeFleetCapacity", - "gamelift:describeFleetEvents", - "gamelift:describeFleetLocationAttributes", - "gamelift:describeFleetLocationCapacity", - "gamelift:describeFleetLocationUtilization", - "gamelift:describeFleetPortSettings", - "gamelift:describeFleetUtilization", - "gamelift:describeGameServer", - "gamelift:describeGameServerGroup", - "gamelift:describeGameSessionDetails", - "gamelift:describeGameSessionPlacement", - "gamelift:describeGameSessionQueues", - "gamelift:describeGameSessions", - "gamelift:describeInstances", - "gamelift:describeMatchmaking", - "gamelift:describeMatchmakingConfigurations", - "gamelift:describeMatchmakingRuleSets", - "gamelift:describePlayerSessions", - "gamelift:describeRuntimeConfiguration", - "gamelift:describeScalingPolicies", - "gamelift:describeScript", - "gamelift:listAliases", - "gamelift:listBuilds", - "gamelift:listFleets", - "gamelift:listGameServerGroups", - "gamelift:listGameServers", - "gamelift:listScripts", - "gamelift:resolveAlias", - "glacier:describeJob", - "glacier:describeVault", - "glacier:getDataRetrievalPolicy", - "glacier:getVaultAccessPolicy", - "glacier:getVaultLock", - "glacier:getVaultNotifications", - "glacier:listJobs", - "glacier:listTagsForVault", - "glacier:listVaults", - "globalaccelerator:describeAccelerator", - "globalaccelerator:describeAcceleratorAttributes", - "globalaccelerator:describeCrossAccountAttachment", - "globalaccelerator:describeCustomRoutingAccelerator", - "globalaccelerator:describeCustomRoutingAcceleratorAttributes", - "globalaccelerator:describeCustomRoutingEndpointGroup", - "globalaccelerator:describeCustomRoutingListener", - "globalaccelerator:describeEndpointGroup", - "globalaccelerator:describeListener", - "globalaccelerator:listAccelerators", - "globalaccelerator:listByoipCidrs", - "globalaccelerator:listCrossAccountAttachments", - "globalaccelerator:listCrossAccountResourceAccounts", - "globalaccelerator:listCrossAccountResources", - "globalaccelerator:listCustomRoutingAccelerators", - "globalaccelerator:listCustomRoutingEndpointGroups", - "globalaccelerator:listCustomRoutingListeners", - "globalaccelerator:listCustomRoutingPortMappings", - "globalaccelerator:listCustomRoutingPortMappingsByDestination", - "globalaccelerator:listEndpointGroups", - "globalaccelerator:listListeners", - "glue:batchGetBlueprints", - "glue:batchGetCrawlers", - "glue:batchGetDevEndpoints", - "glue:batchGetJobs", - "glue:batchGetPartition", - "glue:batchGetTriggers", - "glue:batchGetWorkflows", - "glue:checkSchemaVersionValidity", - "glue:batchGetTableOptimizer", - "glue:getBlueprint", - "glue:getBlueprintRun", - "glue:getBlueprintRuns", - "glue:getCatalogImportStatus", - "glue:getClassifier", - "glue:getClassifiers", - "glue:getColumnStatisticsForPartition", - "glue:getColumnStatisticsForTable", - "glue:getColumnStatisticsTaskRun", - "glue:getColumnStatisticsTaskRuns", - "glue:getCrawler", - "glue:getCrawlerMetrics", - "glue:getCrawlers", - "glue:getCustomEntityType", - "glue:getDatabase", - "glue:getDatabases", - "glue:getDataCatalogEncryptionSettings", - "glue:getDataflowGraph", - "glue:getDataQualityResult", - "glue:getDataQualityRuleRecommendationRun", - "glue:getDataQualityRuleset", - "glue:getDataQualityRulesetEvaluationRun", - "glue:getDevEndpoint", - "glue:getDevEndpoints", - "glue:getJob", - "glue:getJobBookmark", - "glue:getJobRun", - "glue:getJobRuns", - "glue:getJobs", - "glue:getMapping", - "glue:getMLTaskRun", - "glue:getMLTaskRuns", - "glue:getMLTransform", - "glue:getMLTransforms", - "glue:getPartition", - "glue:getPartitionIndexes", - "glue:getPartitions", - "glue:getRegistry", - "glue:getResourcePolicies", - "glue:getResourcePolicy", - "glue:getSchema", - "glue:getSchemaByDefinition", - "glue:getSchemaVersion", - "glue:getSchemaVersionsDiff", - "glue:getSecurityConfiguration", - "glue:getSecurityConfigurations", - "glue:getSession", - "glue:getStatement", - "glue:getTable", - "glue:getTableOptimizer", - "glue:getTables", - "glue:getTableVersions", - "glue:getTrigger", - "glue:getTriggers", - "glue:getUserDefinedFunction", - "glue:getUserDefinedFunctions", - "glue:getWorkflow", - "glue:getWorkflowRun", - "glue:getWorkflowRuns", - "glue:listColumnStatisticsTaskRuns", - "glue:listCrawlers", - "glue:listCrawls", - "glue:listDataQualityResults", - "glue:listDataQualityRuleRecommendationRuns", - "glue:listDataQualityRulesetEvaluationRuns", - "glue:listDataQualityRulesets", - "glue:listDevEndpoints", - "glue:listMLTransforms", - "glue:listRegistries", - "glue:listSchemas", - "glue:listSchemaVersions", - "glue:listSessions", - "glue:listStatements", - "glue:listTableOptimizerRuns", - "glue:listTriggers", - "glue:querySchemaVersionMetadata", - "glue:getTableVersion", - "grafana:describeWorkspace", - "grafana:describeWorkspaceAuthentication", - "grafana:listPermissions", - "grafana:listVersions", - "grafana:listWorkspaces", - "greengrass:getConnectivityInfo", - "greengrass:getCoreDefinition", - "greengrass:getCoreDefinitionVersion", - "greengrass:getDeploymentStatus", - "greengrass:getDeviceDefinition", - "greengrass:getDeviceDefinitionVersion", - "greengrass:getFunctionDefinition", - "greengrass:getFunctionDefinitionVersion", - "greengrass:getGroup", - "greengrass:getGroupCertificateAuthority", - "greengrass:getGroupVersion", - "greengrass:getLoggerDefinition", - "greengrass:getLoggerDefinitionVersion", - "greengrass:getResourceDefinitionVersion", - "greengrass:getServiceRoleForAccount", - "greengrass:getSubscriptionDefinition", - "greengrass:getSubscriptionDefinitionVersion", - "greengrass:listCoreDefinitions", - "greengrass:listCoreDefinitionVersions", - "greengrass:listDeployments", - "greengrass:listDeviceDefinitions", - "greengrass:listDeviceDefinitionVersions", - "greengrass:listFunctionDefinitions", - "greengrass:listFunctionDefinitionVersions", - "greengrass:listGroups", - "greengrass:listGroupVersions", - "greengrass:listLoggerDefinitions", - "greengrass:listLoggerDefinitionVersions", - "greengrass:listResourceDefinitions", - "greengrass:listResourceDefinitionVersions", - "greengrass:listSubscriptionDefinitions", - "greengrass:listSubscriptionDefinitionVersions", - "guardduty:describeMalwareScans", - "guardduty:describePublishingDestination", - "guardduty:getCoverageStatistics", - "guardduty:getDetector", - "guardduty:getFindings", - "guardduty:getFindingsStatistics", - "guardduty:getInvitationsCount", - "guardduty:getIPSet", - "guardduty:getMalwareScanSettings", - "guardduty:getMasterAccount", - "guardduty:getMemberDetectors", - "guardduty:getMembers", - "guardduty:getOrganizationStatistics", - "guardduty:getRemainingFreeTrialDays", - "guardduty:getThreatIntelSet", - "guardduty:listCoverage", - "guardduty:listDetectors", - "guardduty:listFindings", - "guardduty:listInvitations", - "guardduty:listIPSets", - "guardduty:listMembers", - "guardduty:listThreatIntelSets", - "health:describeAffectedAccountsForOrganization", - "health:describeAffectedEntities", - "health:describeAffectedEntitiesForOrganization", - "health:describeEntityAggregates", - "health:describeEntityAggregatesForOrganization", - "health:describeEventAggregates", - "health:describeEventDetails", - "health:describeEventDetailsForOrganization", - "health:describeEvents", - "health:describeEventsForOrganization", - "health:describeEventTypes", - "health:describeHealthServiceStatusForOrganization", - "iam:getAccessKeyLastUsed", - "iam:getAccountAuthorizationDetails", - "iam:getAccountPasswordPolicy", - "iam:getAccountSummary", - "iam:getContextKeysForCustomPolicy", - "iam:getContextKeysForPrincipalPolicy", - "iam:getCredentialReport", - "iam:getGroup", - "iam:getGroupPolicy", - "iam:getInstanceProfile", - "iam:getLoginProfile", - "iam:getMFADevice", - "iam:getOpenIDConnectProvider", - "iam:getPolicy", - "iam:getPolicyVersion", - "iam:getRole", - "iam:getRolePolicy", - "iam:getSAMLProvider", - "iam:getServerCertificate", - "iam:getServiceLinkedRoleDeletionStatus", - "iam:getSSHPublicKey", - "iam:getUser", - "iam:getUserPolicy", - "iam:listAccessKeys", - "iam:listAccountAliases", - "iam:listAttachedGroupPolicies", - "iam:listAttachedRolePolicies", - "iam:listAttachedUserPolicies", - "iam:listEntitiesForPolicy", - "iam:listGroupPolicies", - "iam:listGroups", - "iam:listGroupsForUser", - "iam:listInstanceProfiles", - "iam:listInstanceProfilesForRole", - "iam:listMFADevices", - "iam:listOpenIDConnectProviders", - "iam:listPolicies", - "iam:listPolicyVersions", - "iam:listRolePolicies", - "iam:listRoles", - "iam:listSAMLProviders", - "iam:listServerCertificates", - "iam:listServiceSpecificCredentials", - "iam:listSigningCertificates", - "iam:listSSHPublicKeys", - "iam:listUserPolicies", - "iam:listUsers", - "iam:listVirtualMFADevices", - "iam:simulateCustomPolicy", - "iam:simulatePrincipalPolicy", - "identitystore:describeGroup", - "identitystore:describeGroupMembership", - "identitystore:getGroupId", - "identitystore:getGroupMembershipId", - "identitystore:getUserId", - "identitystore:isMemberInGroups", - "identitystore:listGroupMemberships", - "identitystore:listGroupMembershipsForMember", - "identitystore:listGroups", - "imagebuilder:getComponent", - "imagebuilder:getComponentPolicy", - "imagebuilder:getContainerRecipe", - "imagebuilder:getContainerRecipePolicy", - "imagebuilder:getDistributionConfiguration", - "imagebuilder:getImage", - "imagebuilder:getImagePipeline", - "imagebuilder:getImagePolicy", - "imagebuilder:getImageRecipe", - "imagebuilder:getImageRecipePolicy", - "imagebuilder:getInfrastructureConfiguration", - "imagebuilder:getLifecycleExecution", - "imagebuilder:getLifecyclePolicy", - "imagebuilder:getWorkflow", - "imagebuilder:getWorkflowExecution", - "imagebuilder:getWorkflowStepExecution", - "imagebuilder:listComponentBuildVersions", - "imagebuilder:listComponents", - "imagebuilder:listContainerRecipes", - "imagebuilder:listDistributionConfigurations", - "imagebuilder:listImageBuildVersions", - "imagebuilder:listImagePipelineImages", - "imagebuilder:listImagePipelines", - "imagebuilder:listImageRecipes", - "imagebuilder:listImages", - "imagebuilder:listImageScanFindingAggregations", - "imagebuilder:listInfrastructureConfigurations", - "imagebuilder:listLifecycleExecutionResources", - "imagebuilder:listLifecycleExecutions", - "imagebuilder:listLifecyclePolicies", - "imagebuilder:listTagsForResource", - "imagebuilder:listWorkflowBuildVersions", - "imagebuilder:listWorkflowExecutions", - "imagebuilder:listWorkflows", - "imagebuilder:listWaitingWorkflowSteps", - "imagebuilder:listWorkflowStepExecutions", - "inspector-scan:scanSbom", - "inspector:describeAssessmentRuns", - "inspector:describeAssessmentTargets", - "inspector:describeAssessmentTemplates", - "inspector:describeCrossAccountAccessRole", - "inspector:describeResourceGroups", - "inspector:describeRulesPackages", - "inspector:getTelemetryMetadata", - "inspector:listAssessmentRunAgents", - "inspector:listAssessmentRuns", - "inspector:listAssessmentTargets", - "inspector:listAssessmentTemplates", - "inspector:listEventSubscriptions", - "inspector:listRulesPackages", - "inspector:listTagsForResource", - "inspector2:batchGetAccountStatus", - "inspector2:batchGetFreeTrialInfo", - "inspector2:describeOrganizationConfiguration", - "inspector2:getConfiguration", - "inspector2:getDelegatedAdminAccount", - "inspector2:getEc2DeepInspectionConfiguration", - "inspector2:getMember", - "inspector2:getSbomExport", - "inspector2:listCisScanConfigurations", - "inspector2:listCisScanResultsAggregatedByChecks", - "inspector2:listCisScanResultsAggregatedByTargetResource", - "inspector2:listCisScans", - "inspector2:listCoverage", - "inspector2:listDelegatedAdminAccounts", - "inspector2:listFilters", - "inspector2:listFindings", - "inspector2:listMembers", - "inspector2:listUsageTotals", - "internetmonitor:getHealthEvent", - "internetmonitor:getMonitor", - "internetmonitor:listHealthEvents", - "internetmonitor:listMonitors", - "invoicing:listInvoiceSummaries", - "iot:describeAuthorizer", - "iot:describeCACertificate", - "iot:describeCertificate", - "iot:describeDefaultAuthorizer", - "iot:describeDomainConfiguration", - "iot:describeEndpoint", - "iot:describeIndex", - "iot:describeJobExecution", - "iot:describeThing", - "iot:describeThingGroup", - "iot:describeTunnel", - "iot:getEffectivePolicies", - "iot:getIndexingConfiguration", - "iot:getLoggingOptions", - "iot:getPolicy", - "iot:getPolicyVersion", - "iot:getTopicRule", - "iot:getV2LoggingOptions", - "iot:listAttachedPolicies", - "iot:listAuthorizers", - "iot:listCACertificates", - "iot:listCertificates", - "iot:listCertificatesByCA", - "iot:listCommandExecutions", - "iot:listCommands", - "iot:listDomainConfigurations", - "iot:listJobExecutionsForJob", - "iot:listJobExecutionsForThing", - "iot:listJobs", - "iot:listNamedShadowsForThing", - "iot:listOutgoingCertificates", - "iot:listPackages", - "iot:listPackageVersions", - "iot:listPolicies", - "iot:listPolicyPrincipals", - "iot:listPolicyVersions", - "iot:listPrincipalPolicies", - "iot:listPrincipalThings", - "iot:listRoleAliases", - "iot:listTargetsForPolicy", - "iot:listThingGroups", - "iot:listThingGroupsForThing", - "iot:listThingPrincipals", - "iot:listThingRegistrationTasks", - "iot:listThings", - "iot:listThingsInThingGroup", - "iot:listThingTypes", - "iot:listTopicRules", - "iot:listTunnels", - "iot:listV2LoggingLevels", - "iotevents:describeDetector", - "iotevents:describeDetectorModel", - "iotevents:describeInput", - "iotevents:describeLoggingOptions", - "iotevents:listDetectorModels", - "iotevents:listDetectorModelVersions", - "iotevents:listDetectors", - "iotevents:listInputs", - "iotfleetwise:getCampaign", - "iotfleetwise:getDecoderManifest", - "iotfleetwise:getEncryptionConfiguration", - "iotfleetwise:getFleet", - "iotfleetwise:getLoggingOptions", - "iotfleetwise:getModelManifest", - "iotfleetwise:getRegisterAccountStatus", - "iotfleetwise:getSignalCatalog", - "iotfleetwise:getStateTemplate", - "iotfleetwise:getVehicle", - "iotfleetwise:getVehicleStatus", - "iotfleetwise:listCampaigns", - "iotfleetwise:listDecoderManifestNetworkInterfaces", - "iotfleetwise:listDecoderManifests", - "iotfleetwise:listDecoderManifestSignals", - "iotfleetwise:listFleets", - "iotfleetwise:listFleetsForVehicle", - "iotfleetwise:listModelManifestNodes", - "iotfleetwise:listModelManifests", - "iotfleetwise:listSignalCatalogNodes", - "iotfleetwise:listSignalCatalogs", - "iotfleetwise:listStateTemplates", - "iotfleetwise:listVehicles", - "iotfleetwise:listVehiclesInFleet", - "iotsitewise:describeAccessPolicy", - "iotsitewise:describeAsset", - "iotsitewise:describeAssetModel", - "iotsitewise:describeAssetProperty", - "iotsitewise:describeDashboard", - "iotsitewise:describeGateway", - "iotsitewise:describeGatewayCapabilityConfiguration", - "iotsitewise:describeLoggingOptions", - "iotsitewise:describePortal", - "iotsitewise:describeProject", - "iotsitewise:listAccessPolicies", - "iotsitewise:listAssetModels", - "iotsitewise:listAssets", - "iotsitewise:listAssociatedAssets", - "iotsitewise:listDashboards", - "iotsitewise:listGateways", - "iotsitewise:listPortals", - "iotsitewise:listProjectAssets", - "iotsitewise:listProjects", - "iottwinmaker:getComponentType", - "iottwinmaker:getEntity", - "iottwinmaker:getPricingPlan", - "iottwinmaker:getScene", - "iottwinmaker:getSyncJob", - "iottwinmaker:getWorkspace", - "iottwinmaker:listComponentTypes", - "iottwinmaker:listEntities", - "iottwinmaker:listScenes", - "iottwinmaker:listSyncJobs", - "iottwinmaker:listSyncResources", - "iottwinmaker:listWorkspaces", - "iotwireless:getDestination", - "iotwireless:getDeviceProfile", - "iotwireless:getPartnerAccount", - "iotwireless:getServiceEndpoint", - "iotwireless:getServiceProfile", - "iotwireless:getWirelessDevice", - "iotwireless:getWirelessDeviceStatistics", - "iotwireless:getWirelessGateway", - "iotwireless:getWirelessGatewayCertificate", - "iotwireless:getWirelessGatewayFirmwareInformation", - "iotwireless:getWirelessGatewayStatistics", - "iotwireless:getWirelessGatewayTask", - "iotwireless:getWirelessGatewayTaskDefinition", - "iotwireless:listDestinations", - "iotwireless:listDeviceProfiles", - "iotwireless:listPartnerAccounts", - "iotwireless:listServiceProfiles", - "iotwireless:listTagsForResource", - "iotwireless:listWirelessDevices", - "iotwireless:listWirelessGateways", - "iotwireless:listWirelessGatewayTaskDefinitions", - "ivs:getChannel", - "ivs:getRecordingConfiguration", - "ivs:getStream", - "ivs:getStreamSession", - "ivs:listChannels", - "ivs:listPlaybackKeyPairs", - "ivs:listRecordingConfigurations", - "ivs:listStreamKeys", - "ivs:listStreams", - "ivs:listStreamSessions", - "kafka:describeCluster", - "kafka:describeClusterOperation", - "kafka:describeClusterOperationV2", - "kafka:describeClusterV2", - "kafka:describeConfiguration", - "kafka:describeConfigurationRevision", - "kafka:describeReplicator", - "kafka:describeVpcConnection", - "kafka:getBootstrapBrokers", - "kafka:getClusterPolicy", - "kafka:listClientVpcConnections", - "kafka:listClusterOperations", - "kafka:listClusterOperationsV2", - "kafka:listClusters", - "kafka:listClustersV2", - "kafka:listConfigurationRevisions", - "kafka:listConfigurations", - "kafka:listNodes", - "kafka:listReplicators", - "kafka:listScramSecrets", - "kafka:listVpcConnections", - "kafkaconnect:describeConnector", - "kafkaconnect:describeCustomPlugin", - "kafkaconnect:describeWorkerConfiguration", - "kafkaconnect:listConnectors", - "kafkaconnect:listCustomPlugins", - "kafkaconnect:listWorkerConfigurations", - "kendra:describeDataSource", - "kendra:describeFaq", - "kendra:describeIndex", - "kendra:listDataSources", - "kendra:listFaqs", - "kendra:listIndices", - "kinesis:describeStream", - "kinesis:describeStreamConsumer", - "kinesis:describeStreamSummary", - "kinesis:listShards", - "kinesis:listStreamConsumers", - "kinesis:listStreams", - "kinesis:listTagsForStream", - "kinesisanalytics:describeApplication", - "kinesisanalytics:describeApplicationOperation", - "kinesisanalytics:describeApplicationSnapshot", - "kinesisanalytics:listApplicationOperations", - "kinesisanalytics:listApplications", - "kinesisanalytics:listApplicationSnapshots", - "kinesisanalytics:listApplicationVersions", - "kinesisvideo:describeImageGenerationConfiguration", - "kinesisvideo:describeNotificationConfiguration", - "kinesisvideo:describeSignalingChannel", - "kinesisvideo:describeStream", - "kinesisvideo:getDataEndpoint", - "kinesisvideo:getIceServerConfig", - "kinesisvideo:getSignalingChannelEndpoint", - "kinesisvideo:listSignalingChannels", - "kinesisvideo:listStreams", - "kms:describeKey", - "kms:getKeyPolicy", - "kms:getKeyRotationStatus", - "kms:listAliases", - "kms:listGrants", - "kms:listKeyPolicies", - "kms:listKeys", - "kms:listResourceTags", - "kms:listRetirableGrants", - "lakeformation:describeLakeFormationIdentityCenterConfiguration", - "lakeformation:describeResource", - "lakeformation:describeTransaction", - "lakeformation:getDataLakePrincipal", - "lakeformation:getDataLakeSettings", - "lakeformation:getEffectivePermissionsForPath", - "lakeformation:getLFTag", - "lakeformation:getLFTagExpression", - "lakeformation:getQueryState", - "lakeformation:getQueryStatistics", - "lakeformation:getResourceLFTags", - "lakeformation:listLFTagExpressions", - "lakeformation:listLFTags", - "lakeformation:listLakeFormationOptIns", - "lakeformation:listPermissions", - "lakeformation:listResources", - "lakeformation:searchDatabasesByLFTags", - "lakeformation:searchTablesByLFTags", - "lambda:getAccountSettings", - "lambda:getAlias", - "lambda:getCodeSigningConfig", - "lambda:getEventSourceMapping", - "lambda:getFunction", - "lambda:getFunctionCodeSigningConfig", - "lambda:getFunctionConcurrency", - "lambda:getFunctionConfiguration", - "lambda:getFunctionEventInvokeConfig", - "lambda:getFunctionRecursionConfig", - "lambda:getFunctionUrlConfig", - "lambda:getLayerVersion", - "lambda:getLayerVersionPolicy", - "lambda:getPolicy", - "lambda:getProvisionedConcurrencyConfig", - "lambda:getRuntimeManagementConfig", - "lambda:listAliases", - "lambda:listCodeSigningConfigs", - "lambda:listEventSourceMappings", - "lambda:listFunctionEventInvokeConfigs", - "lambda:listFunctions", - "lambda:listFunctionsByCodeSigningConfig", - "lambda:listFunctionUrlConfigs", - "lambda:listLayers", - "lambda:listLayerVersions", - "lambda:listProvisionedConcurrencyConfigs", - "lambda:listTags", - "lambda:listVersionsByFunction", - "launchwizard:describeProvisionedApp", - "launchwizard:describeProvisioningEvents", - "launchwizard:listDeploymentEvents", - "launchwizard:listDeployments", - "launchwizard:listProvisionedApps", - "lex:describeBot", - "lex:describeBotAlias", - "lex:describeBotLocale", - "lex:describeBotRecommendation", - "lex:describeBotVersion", - "lex:describeCustomVocabularyMetadata", - "lex:describeExport", - "lex:describeImport", - "lex:describeIntent", - "lex:describeResourcePolicy", - "lex:describeSlot", - "lex:describeSlotType", - "lex:getBot", - "lex:getBotAlias", - "lex:getBotAliases", - "lex:getBotChannelAssociation", - "lex:getBotChannelAssociations", - "lex:getBots", - "lex:getBotVersions", - "lex:getBuiltinIntent", - "lex:getBuiltinIntents", - "lex:getBuiltinSlotTypes", - "lex:getIntent", - "lex:getIntents", - "lex:getIntentVersions", - "lex:getSlotType", - "lex:getSlotTypes", - "lex:getSlotTypeVersions", - "lex:listBotAliases", - "lex:listBotLocales", - "lex:listBotRecommendations", - "lex:listBots", - "lex:listBotVersions", - "lex:listExports", - "lex:listImports", - "lex:listIntents", - "lex:listRecommendedIntents", - "lex:listSlots", - "lex:listSlotTypes", - "license-manager:getLicenseConfiguration", - "license-manager:getServiceSettings", - "license-manager:listAssociationsForLicenseConfiguration", - "license-manager:listFailuresForLicenseConfigurationOperations", - "license-manager:listLicenseConfigurations", - "license-manager:listLicenseSpecificationsForResource", - "license-manager:listResourceInventory", - "license-manager:listUsageForLicenseConfiguration", - "lightsail:getActiveNames", - "lightsail:getAlarms", - "lightsail:getAutoSnapshots", - "lightsail:getBlueprints", - "lightsail:getBucketBundles", - "lightsail:getBucketMetricData", - "lightsail:getBuckets", - "lightsail:getBundles", - "lightsail:getCertificates", - "lightsail:getContainerImages", - "lightsail:getContainerServiceDeployments", - "lightsail:getContainerServiceMetricData", - "lightsail:getContainerServicePowers", - "lightsail:getContainerServices", - "lightsail:getDisk", - "lightsail:getDisks", - "lightsail:getDiskSnapshot", - "lightsail:getDiskSnapshots", - "lightsail:getDistributionBundles", - "lightsail:getDistributionMetricData", - "lightsail:getDistributions", - "lightsail:getDomain", - "lightsail:getDomains", - "lightsail:getExportSnapshotRecords", - "lightsail:getInstance", - "lightsail:getInstanceMetricData", - "lightsail:getInstancePortStates", - "lightsail:getInstances", - "lightsail:getInstanceSnapshot", - "lightsail:getInstanceSnapshots", - "lightsail:getInstanceState", - "lightsail:getKeyPair", - "lightsail:getKeyPairs", - "lightsail:getLoadBalancer", - "lightsail:getLoadBalancerMetricData", - "lightsail:getLoadBalancers", - "lightsail:getLoadBalancerTlsCertificates", - "lightsail:getOperation", - "lightsail:getOperations", - "lightsail:getOperationsForResource", - "lightsail:getRegions", - "lightsail:getRelationalDatabase", - "lightsail:getRelationalDatabaseMetricData", - "lightsail:getRelationalDatabases", - "lightsail:getRelationalDatabaseSnapshot", - "lightsail:getRelationalDatabaseSnapshots", - "lightsail:getStaticIp", - "lightsail:getStaticIps", - "lightsail:isVpcPeered", - "logs:describeAccountPolicies", - "logs:describeDeliveries", - "logs:describeDeliveryDestinations", - "logs:describeDeliverySources", - "logs:describeDestinations", - "logs:describeExportTasks", - "logs:describeFieldIndexes", - "logs:describeIndexPolicies", - "logs:describeLogGroups", - "logs:describeLogStreams", - "logs:describeMetricFilters", - "logs:describeQueries", - "logs:describeQueryDefinitions", - "logs:describeResourcePolicies", - "logs:describeSubscriptionFilters", - "logs:getDataProtectionPolicy", - "logs:getDelivery", - "logs:getDeliveryDestination", - "logs:getDeliveryDestinationPolicy", - "logs:getDeliverySource", - "logs:getIntegration", - "logs:getLogAnomalyDetector", - "logs:getLogDelivery", - "logs:getLogGroupFields", - "logs:getTransformer", - "logs:listAnomalies", - "logs:listIntegrations", - "logs:listLogAnomalyDetectors", - "logs:listLogDeliveries", - "logs:listLogGroupsForQuery", - "logs:testMetricFilter", - "lookoutequipment:describeDataIngestionJob", - "lookoutequipment:describeDataset", - "lookoutequipment:describeInferenceScheduler", - "lookoutequipment:describeModel", - "lookoutequipment:listDataIngestionJobs", - "lookoutequipment:listDatasets", - "lookoutequipment:listInferenceExecutions", - "lookoutequipment:listInferenceSchedulers", - "lookoutequipment:listModels", - "lookoutmetrics:describeAlert", - "lookoutmetrics:describeAnomalyDetectionExecutions", - "lookoutmetrics:describeAnomalyDetector", - "lookoutmetrics:describeMetricSet", - "lookoutmetrics:getAnomalyGroup", - "lookoutmetrics:getDataQualityMetrics", - "lookoutmetrics:getFeedback", - "lookoutmetrics:getSampleData", - "lookoutmetrics:listAlerts", - "lookoutmetrics:listAnomalyDetectors", - "lookoutmetrics:listAnomalyGroupSummaries", - "lookoutmetrics:listAnomalyGroupTimeSeries", - "lookoutmetrics:listMetricSets", - "lookoutmetrics:listTagsForResource", - "m2:getApplication", - "m2:getApplicationVersion", - "m2:getBatchJobExecution", - "m2:getDataSetDetails", - "m2:getDataSetImportTask", - "m2:getDeployment", - "m2:getEnvironment", - "m2:listApplications", - "m2:listApplicationVersions", - "m2:listBatchJobDefinitions", - "m2:listBatchJobExecutions", - "m2:listDataSetImportHistory", - "m2:listDataSets", - "m2:listDeployments", - "m2:listEngineVersions", - "m2:listEnvironments", - "machinelearning:describeBatchPredictions", - "machinelearning:describeDataSources", - "machinelearning:describeEvaluations", - "machinelearning:describeMLModels", - "machinelearning:getBatchPrediction", - "machinelearning:getDataSource", - "machinelearning:getEvaluation", - "machinelearning:getMLModel", - "macie2:getClassificationExportConfiguration", - "macie2:getCustomDataIdentifier", - "macie2:getFindings", - "macie2:getFindingStatistics", - "macie2:listClassificationJobs", - "macie2:listCustomDataIdentifiers", - "macie2:listFindings", - "managedblockchain:getMember", - "managedblockchain:getNetwork", - "managedblockchain:getNode", - "managedblockchain:listMembers", - "managedblockchain:listNetworks", - "managedblockchain:listNodes", - "mediaconnect:describeFlow", - "mediaconnect:listEntitlements", - "mediaconnect:listFlows", - "mediaconvert:describeEndpoints", - "mediaconvert:getJob", - "mediaconvert:getJobTemplate", - "mediaconvert:getPreset", - "mediaconvert:getQueue", - "mediaconvert:listJobs", - "mediaconvert:listJobTemplates", - "medialive:describeChannel", - "medialive:describeInput", - "medialive:describeInputDevice", - "medialive:describeInputSecurityGroup", - "medialive:describeMultiplex", - "medialive:describeOffering", - "medialive:describeReservation", - "medialive:describeSchedule", - "medialive:getCloudWatchAlarmTemplate", - "medialive:getCloudWatchAlarmTemplateGroup", - "medialive:getEventBridgeRuleTemplate", - "medialive:getEventBridgeRuleTemplateGroup", - "medialive:getSignalMap", - "medialive:listChannels", - "medialive:listCloudWatchAlarmTemplateGroups", - "medialive:listCloudWatchAlarmTemplates", - "medialive:listEventBridgeRuleTemplateGroups", - "medialive:listEventBridgeRuleTemplates", - "medialive:listInputDevices", - "medialive:listInputs", - "medialive:listInputSecurityGroups", - "medialive:listMultiplexes", - "medialive:listOfferings", - "medialive:listReservations", - "medialive:listSignalMaps", - "mediapackage:describeChannel", - "mediapackage:describeOriginEndpoint", - "mediapackage:listChannels", - "mediapackage:listOriginEndpoints", - "mediastore:describeContainer", - "mediastore:getContainerPolicy", - "mediastore:getCorsPolicy", - "mediastore:listContainers", - "mediatailor:getPlaybackConfiguration", - "mediatailor:listPlaybackConfigurations", - "medical-imaging:getDatastore", - "medical-imaging:listDatastores", - "mgn:describeJobLogItems", - "mgn:describeJobs", - "mgn:describeLaunchConfigurationTemplates", - "mgn:describeReplicationConfigurationTemplates", - "mgn:describeSourceServers", - "mgn:describeVcenterClients", - "mgn:getLaunchConfiguration", - "mgn:getReplicationConfiguration", - "mgn:listApplications", - "mgn:listSourceServerActions", - "mgn:listTemplateActions", - "mgn:listWaves", - "mobiletargeting:getAdmChannel", - "mobiletargeting:getApnsChannel", - "mobiletargeting:getApnsSandboxChannel", - "mobiletargeting:getApnsVoipChannel", - "mobiletargeting:getApnsVoipSandboxChannel", - "mobiletargeting:getApp", - "mobiletargeting:getApplicationSettings", - "mobiletargeting:getApps", - "mobiletargeting:getBaiduChannel", - "mobiletargeting:getCampaign", - "mobiletargeting:getCampaignActivities", - "mobiletargeting:getCampaigns", - "mobiletargeting:getCampaignVersion", - "mobiletargeting:getCampaignVersions", - "mobiletargeting:getEmailChannel", - "mobiletargeting:getEndpoint", - "mobiletargeting:getEventStream", - "mobiletargeting:getExportJob", - "mobiletargeting:getExportJobs", - "mobiletargeting:getGcmChannel", - "mobiletargeting:getImportJob", - "mobiletargeting:getImportJobs", - "mobiletargeting:getJourney", - "mobiletargeting:getJourneyExecutionActivityMetrics", - "mobiletargeting:getJourneyExecutionMetrics", - "mobiletargeting:getJourneyRunExecutionActivityMetrics", - "mobiletargeting:getJourneyRunExecutionMetrics", - "mobiletargeting:getJourneyRuns", - "mobiletargeting:getSegment", - "mobiletargeting:getSegmentImportJobs", - "mobiletargeting:getSegments", - "mobiletargeting:getSegmentVersion", - "mobiletargeting:getSegmentVersions", - "mobiletargeting:getSmsChannel", - "mobiletargeting:listJourneys", - "mobiletargeting:phoneNumberValidate", - "mq:describeBroker", - "mq:describeConfiguration", - "mq:describeConfigurationRevision", - "mq:describeUser", - "mq:listBrokers", - "mq:listConfigurationRevisions", - "mq:listConfigurations", - "mq:listUsers", - "network-firewall:describeFirewall", - "network-firewall:describeFirewallPolicy", - "network-firewall:describeFlowOperation", - "network-firewall:describeLoggingConfiguration", - "network-firewall:describeResourcePolicy", - "network-firewall:describeRuleGroup", - "network-firewall:describeRuleGroupMetadata", - "network-firewall:describeTlsInspectionConfiguration", - "network-firewall:listAnalysisReports", - "network-firewall:listFirewallPolicies", - "network-firewall:listFirewalls", - "network-firewall:listFlowOperationResults", - "network-firewall:listFlowOperations", - "network-firewall:listRuleGroups", - "network-firewall:listTlsInspectionConfigurations", - "networkflowmonitor:getMonitor", - "networkflowmonitor:getScope", - "networkflowmonitor:listMonitors", - "networkflowmonitor:listScopes", - "networkmanager:describeGlobalNetworks", - "networkmanager:getConnectAttachment", - "networkmanager:getConnections", - "networkmanager:getConnectPeer", - "networkmanager:getConnectPeerAssociations", - "networkmanager:getCoreNetwork", - "networkmanager:getCoreNetworkChangeEvents", - "networkmanager:getCoreNetworkChangeSet", - "networkmanager:getCoreNetworkPolicy", - "networkmanager:getCustomerGatewayAssociations", - "networkmanager:getDevices", - "networkmanager:getDirectConnectGatewayAttachment", - "networkmanager:getLinkAssociations", - "networkmanager:getLinks", - "networkmanager:getNetworkResourceCounts", - "networkmanager:getNetworkResourceRelationships", - "networkmanager:getNetworkResources", - "networkmanager:getNetworkRoutes", - "networkmanager:getNetworkTelemetry", - "networkmanager:getResourcePolicy", - "networkmanager:getRouteAnalysis", - "networkmanager:getSites", - "networkmanager:getSiteToSiteVpnAttachment", - "networkmanager:getTransitGatewayConnectPeerAssociations", - "networkmanager:getTransitGatewayPeering", - "networkmanager:getTransitGatewayRegistrations", - "networkmanager:getTransitGatewayRouteTableAttachment", - "networkmanager:getVpcAttachment", - "networkmanager:listAttachments", - "networkmanager:listConnectPeers", - "networkmanager:listCoreNetworkPolicyVersions", - "networkmanager:listCoreNetworks", - "networkmanager:listOrganizationServiceAccessStatus", - "networkmanager:listPeerings", - "networkmanager:listTagsForResource", - "networkmonitor:getMonitor", - "networkmonitor:getProbe", - "networkmonitor:listMonitors", - "notifications-contacts:getEmailContact", - "notifications-contacts:listEmailContacts", - "notifications:getEventRule", - "notifications:getNotificationConfiguration", - "notifications:getNotificationEvent", - "notifications:listChannels", - "notifications:listEventRules", - "notifications:listNotificationConfigurations", - "notifications:listNotificationEvents", - "notifications:listNotificationHubs" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Sid": "AWSSupportActionsGroup3", - "Action": [ - "oam:getLink", - "oam:getSink", - "oam:getSinkPolicy", - "oam:listAttachedLinks", - "oam:listLinks", - "oam:listSinks", - "observabilityadmin:getTelemetryEvaluationStatus", - "observabilityadmin:getTelemetryEvaluationStatusForOrganization", - "observabilityadmin:listResourceTelemetry", - "observabilityadmin:listResourceTelemetryForOrganization", - "odb:getOciOnboardingStatus", - "odb:getOdbNetwork", - "odb:getOdbPeeringConnection", - "odb:listOdbNetworks", - "odb:listOdbPeeringConnections", - "omics:getAnnotationImportJob", - "omics:getAnnotationStore", - "omics:getReadSetImportJob", - "omics:getReadSetMetadata", - "omics:getReference", - "omics:getReferenceImportJob", - "omics:getReferenceMetadata", - "omics:getReferenceStore", - "omics:getRun", - "omics:getRunGroup", - "omics:getSequenceStore", - "omics:getVariantImportJob", - "omics:getVariantStore", - "omics:getWorkflow", - "omics:listAnnotationImportJobs", - "omics:listAnnotationStores", - "omics:listMultipartReadSetUploads", - "omics:listReadSetImportJobs", - "omics:listReadSets", - "omics:listReadSetUploadParts", - "omics:listReferenceImportJobs", - "omics:listReferences", - "omics:listReferenceStores", - "omics:listRunGroups", - "omics:listRuns", - "omics:listRunTasks", - "omics:listSequenceStores", - "omics:listVariantImportJobs", - "omics:listVariantStores", - "omics:listWorkflows", - "opsworks-cm:describeAccountAttributes", - "opsworks-cm:describeBackups", - "opsworks-cm:describeEvents", - "opsworks-cm:describeNodeAssociationStatus", - "opsworks-cm:describeServers", - "opsworks:describeAgentVersions", - "opsworks:describeApps", - "opsworks:describeCommands", - "opsworks:describeDeployments", - "opsworks:describeEcsClusters", - "opsworks:describeElasticIps", - "opsworks:describeElasticLoadBalancers", - "opsworks:describeInstances", - "opsworks:describeLayers", - "opsworks:describeLoadBasedAutoScaling", - "opsworks:describeMyUserProfile", - "opsworks:describePermissions", - "opsworks:describeRaidArrays", - "opsworks:describeRdsDbInstances", - "opsworks:describeServiceErrors", - "opsworks:describeStackProvisioningParameters", - "opsworks:describeStacks", - "opsworks:describeStackSummary", - "opsworks:describeTimeBasedAutoScaling", - "opsworks:describeUserProfiles", - "opsworks:describeVolumes", - "opsworks:getHostnameSuggestion", - "organizations:describeAccount", - "organizations:describeCreateAccountStatus", - "organizations:describeEffectivePolicy", - "organizations:describeHandshake", - "organizations:describeOrganization", - "organizations:describePolicy", - "organizations:describeResourcePolicy", - "organizations:listAccounts", - "organizations:listAWSServiceAccessForOrganization", - "organizations:listCreateAccountStatus", - "organizations:listDelegatedAdministrators", - "organizations:listDelegatedServicesForAccount", - "organizations:listHandshakesForAccount", - "organizations:listHandshakesForOrganization", - "organizations:listPoliciesForTarget", - "organizations:listTagsForResource", - "organizations:listTargetsForPolicy", - "osis:getPipeline", - "osis:getPipelineBlueprint", - "osis:getPipelineChangeProgress", - "osis:listPipelineBlueprints", - "osis:listPipelines", - "osis:validatePipeline", - "outposts:getCapacityTask", - "outposts:getCatalogItem", - "outposts:getConnection", - "outposts:getOrder", - "outposts:getOutpost", - "outposts:getOutpostInstanceTypes", - "outposts:getOutpostSupportedInstanceTypes", - "outposts:getSite", - "outposts:listAssets", - "outposts:listAssetInstances", - "outposts:listBlockingInstancesForCapacityTask", - "outposts:listCapacityTasks", - "outposts:listCatalogItems", - "outposts:listOrders", - "outposts:listOutposts", - "outposts:listSites", - "pcs:getCluster", - "pcs:getComputeNodeGroup", - "pcs:getQueue", - "pcs:listClusters", - "pcs:listComputeNodeGroups", - "pcs:listQueues", - "personalize:describeAlgorithm", - "personalize:describeBatchInferenceJob", - "personalize:describeBatchSegmentJob", - "personalize:describeCampaign", - "personalize:describeDataset", - "personalize:describeDatasetExportJob", - "personalize:describeDatasetGroup", - "personalize:describeDatasetImportJob", - "personalize:describeEventTracker", - "personalize:describeFeatureTransformation", - "personalize:describeFilter", - "personalize:describeRecipe", - "personalize:describeRecommender", - "personalize:describeSchema", - "personalize:describeSolution", - "personalize:describeSolutionVersion", - "personalize:getPersonalizedRanking", - "personalize:getRecommendations", - "personalize:getSolutionMetrics", - "personalize:listBatchInferenceJobs", - "personalize:listBatchSegmentJobs", - "personalize:listCampaigns", - "personalize:listDatasetExportJobs", - "personalize:listDatasetGroups", - "personalize:listDatasetImportJobs", - "personalize:listDatasets", - "personalize:listEventTrackers", - "personalize:listRecipes", - "personalize:listRecommenders", - "personalize:listSchemas", - "personalize:listSolutions", - "personalize:listSolutionVersions", - "pipes:describePipe", - "pipes:listPipes", - "pipes:listTagsForResource", - "polly:describeVoices", - "polly:getLexicon", - "polly:listLexicons", - "pricing:describeServices", - "pricing:getAttributeValues", - "pricing:getProducts", - "private-networks:getDeviceIdentifier", - "private-networks:getNetwork", - "private-networks:getNetworkResource", - "private-networks:listDeviceIdentifiers", - "private-networks:listNetworkResources", - "private-networks:listNetworks", - "qbusiness:getApplication", - "qbusiness:getDataSource", - "qbusiness:getIndex", - "qbusiness:getRetriever", - "qbusiness:getWebExperience", - "qbusiness:listApplications", - "qbusiness:listDataSources", - "qbusiness:listDataSourceSyncJobs", - "qbusiness:listIndices", - "qbusiness:listRetrievers", - "qbusiness:listWebExperiences", - "quicksight:describeAccountCustomization", - "quicksight:describeAccountSettings", - "quicksight:describeAccountSubscription", - "quicksight:describeAnalysis", - "quicksight:describeAnalysisPermissions", - "quicksight:describeDashboard", - "quicksight:describeDashboardPermissions", - "quicksight:describeDataSet", - "quicksight:describeDataSetPermissions", - "quicksight:describeDataSetRefreshProperties", - "quicksight:describeDataSource", - "quicksight:describeDataSourcePermissions", - "quicksight:describeFolder", - "quicksight:describeFolderPermissions", - "quicksight:describeFolderResolvedPermissions", - "quicksight:describeGroup", - "quicksight:describeGroupMembership", - "quicksight:describeIAMPolicyAssignment", - "quicksight:describeIngestion", - "quicksight:describeIpRestriction", - "quicksight:describeNamespace", - "quicksight:describeRefreshSchedule", - "quicksight:describeTemplate", - "quicksight:describeTemplateAlias", - "quicksight:describeTemplatePermissions", - "quicksight:describeTheme", - "quicksight:describeThemeAlias", - "quicksight:describeThemePermissions", - "quicksight:describeTopic", - "quicksight:describeTopicPermissions", - "quicksight:describeTopicRefresh", - "quicksight:describeTopicRefreshSchedule", - "quicksight:describeUser", - "quicksight:describeVPCConnection", - "quicksight:listAnalyses", - "quicksight:listDashboards", - "quicksight:listDashboardVersions", - "quicksight:listDataSets", - "quicksight:listDataSources", - "quicksight:listFolderMembers", - "quicksight:listFolders", - "quicksight:listGroupMemberships", - "quicksight:listGroups", - "quicksight:listIAMPolicyAssignments", - "quicksight:listIAMPolicyAssignmentsForUser", - "quicksight:listIngestions", - "quicksight:listNamespaces", - "quicksight:listRefreshSchedules", - "quicksight:listTemplateAliases", - "quicksight:listTemplates", - "quicksight:listTemplateVersions", - "quicksight:listThemeAliases", - "quicksight:listThemes", - "quicksight:listThemeVersions", - "quicksight:listTopicRefreshSchedules", - "quicksight:listTopics", - "quicksight:listUserGroups", - "quicksight:listUsers", - "quicksight:listVPCConnections", - "quicksight:searchAnalyses", - "quicksight:searchDashboards", - "quicksight:searchDataSets", - "quicksight:searchDataSources", - "quicksight:searchFolders", - "quicksight:searchGroups", - "ram:getPermission", - "ram:getResourceShareAssociations", - "ram:getResourceShareInvitations", - "ram:getResourceShares", - "ram:listPendingInvitationResources", - "ram:listPrincipals", - "ram:listResources", - "ram:listResourceSharePermissions", - "rbin:getRule", - "rbin:listRules", - "rds:describeAccountAttributes", - "rds:describeBlueGreenDeployments", - "rds:describeCertificates", - "rds:describeDBClusterEndpoints", - "rds:describeDBClusterParameterGroups", - "rds:describeDBClusterParameters", - "rds:describeDBClusters", - "rds:describeDBClusterSnapshots", - "rds:describeDBEngineVersions", - "rds:describeDBInstanceAutomatedBackups", - "rds:describeDBInstances", - "rds:describeDBLogFiles", - "rds:describeDBParameterGroups", - "rds:describeDBParameters", - "rds:describeDBSecurityGroups", - "rds:describeDBSnapshotAttributes", - "rds:describeDBSnapshots", - "rds:describeDBSubnetGroups", - "rds:describeEngineDefaultClusterParameters", - "rds:describeEngineDefaultParameters", - "rds:describeEventCategories", - "rds:describeEvents", - "rds:describeEventSubscriptions", - "rds:describeExportTasks", - "rds:describeGlobalClusters", - "rds:describeIntegrations", - "rds:describeOptionGroupOptions", - "rds:describeOptionGroups", - "rds:describeOrderableDBInstanceOptions", - "rds:describePendingMaintenanceActions", - "rds:describeReservedDBInstances", - "rds:describeReservedDBInstancesOfferings", - "rds:describeSourceRegions", - "rds:describeValidDBInstanceModifications", - "rds:listTagsForResource", - "redshift-data:describeStatement", - "redshift-data:listStatements", - "redshift-serverless:getCustomDomainAssociation", - "redshift-serverless:getEndpointAccess", - "redshift-serverless:getNamespace", - "redshift-serverless:getRecoveryPoint", - "redshift-serverless:getScheduledAction", - "redshift-serverless:getSnapshot", - "redshift-serverless:getTableRestoreStatus", - "redshift-serverless:getUsageLimit", - "redshift-serverless:getWorkgroup", - "redshift-serverless:listCustomDomainAssociations", - "redshift-serverless:listEndpointAccess", - "redshift-serverless:listNamespaces", - "redshift-serverless:listRecoveryPoints", - "redshift-serverless:listSnapshotCopyConfigurations", - "redshift-serverless:listSnapshots", - "redshift-serverless:listTableRestoreStatus", - "redshift-serverless:listUsageLimits", - "redshift-serverless:listWorkgroups", - "redshift:describeClusterDbRevisions", - "redshift:describeClusterParameterGroups", - "redshift:describeClusterParameters", - "redshift:describeClusters", - "redshift:describeClusterSecurityGroups", - "redshift:describeClusterSnapshots", - "redshift:describeClusterSubnetGroups", - "redshift:describeClusterTracks", - "redshift:describeClusterVersions", - "redshift:describeCustomDomainAssociations", - "redshift:describeDataShares", - "redshift:describeDataSharesForConsumer", - "redshift:describeDataSharesForProducer", - "redshift:describeDefaultClusterParameters", - "redshift:describeEndpointAccess", - "redshift:describeEndpointAuthorization", - "redshift:describeEventCategories", - "redshift:describeEvents", - "redshift:describeEventSubscriptions", - "redshift:describeHsmClientCertificates", - "redshift:describeHsmConfigurations", - "redshift:describeInboundIntegrations", - "redshift:describeLoggingStatus", - "redshift:describeNodeConfigurationOptions", - "redshift:describeOrderableClusterOptions", - "redshift:describeRedshiftIdcApplications", - "redshift:describeReservedNodeOfferings", - "redshift:describeReservedNodes", - "redshift:describeResize", - "redshift:describeSnapshotCopyGrants", - "redshift:describeSnapshotSchedules", - "redshift:describeStorage", - "redshift:describeTableRestoreStatus", - "redshift:describeTags", - "redshift:describeUsageLimits", - "rekognition:listCollections", - "rekognition:listFaces", - "resiliencehub:describeApp", - "resiliencehub:describeAppAssessment", - "resiliencehub:describeAppVersion", - "resiliencehub:describeAppVersionAppComponent", - "resiliencehub:describeAppVersionResource", - "resiliencehub:describeAppVersionResourcesResolutionStatus", - "resiliencehub:describeAppVersionTemplate", - "resiliencehub:describeDraftAppVersionResourcesImportStatus", - "resiliencehub:describeResiliencyPolicy", - "resiliencehub:describeResourceGroupingRecommendationTask", - "resiliencehub:listAlarmRecommendations", - "resiliencehub:listAppAssessmentComplianceDrifts", - "resiliencehub:listAppAssessmentResourceDrifts", - "resiliencehub:listAppAssessments", - "resiliencehub:listAppComponentCompliances", - "resiliencehub:listAppComponentRecommendations", - "resiliencehub:listAppInputSources", - "resiliencehub:listApps", - "resiliencehub:listAppVersionAppComponents", - "resiliencehub:listAppVersionResourceMappings", - "resiliencehub:listAppVersionResources", - "resiliencehub:listAppVersions", - "resiliencehub:listRecommendationTemplates", - "resiliencehub:listResiliencyPolicies", - "resiliencehub:listResourceGroupingRecommendations", - "resiliencehub:listSopRecommendations", - "resiliencehub:listSuggestedResiliencyPolicies", - "resiliencehub:listTestRecommendations", - "resiliencehub:listUnsupportedAppVersionResources", - "resource-explorer-2:getAccountLevelServiceConfiguration", - "resource-explorer-2:getIndex", - "resource-explorer-2:getView", - "resource-explorer-2:listIndexes", - "resource-explorer-2:listViews", - "resource-explorer-2:search", - "resource-groups:getGroup", - "resource-groups:getGroupQuery", - "resource-groups:getTags", - "resource-groups:listGroupResources", - "resource-groups:listGroups", - "resource-groups:searchResources", - "robomaker:batchDescribeSimulationJob", - "robomaker:describeDeploymentJob", - "robomaker:describeFleet", - "robomaker:describeRobot", - "robomaker:describeRobotApplication", - "robomaker:describeSimulationApplication", - "robomaker:describeSimulationJob", - "robomaker:listDeploymentJobs", - "robomaker:listFleets", - "robomaker:listRobotApplications", - "robomaker:listRobots", - "robomaker:listSimulationApplications", - "robomaker:listSimulationJobs", - "rolesanywhere:getProfile", - "rolesanywhere:getTrustAnchor", - "rolesanywhere:listProfiles", - "rolesanywhere:listTrustAnchors", - "route53-recovery-cluster:getRoutingControlState", - "route53-recovery-cluster:listRoutingControls", - "route53-recovery-control-config:describeControlPanel", - "route53-recovery-control-config:describeRoutingControl", - "route53-recovery-control-config:describeSafetyRule", - "route53-recovery-control-config:listControlPanels", - "route53-recovery-control-config:listRoutingControls", - "route53-recovery-control-config:listSafetyRules", - "route53-recovery-readiness:getCell", - "route53-recovery-readiness:getCellReadinessSummary", - "route53-recovery-readiness:getReadinessCheck", - "route53-recovery-readiness:getReadinessCheckResourceStatus", - "route53-recovery-readiness:getReadinessCheckStatus", - "route53-recovery-readiness:getRecoveryGroup", - "route53-recovery-readiness:getRecoveryGroupReadinessSummary", - "route53-recovery-readiness:listCells", - "route53-recovery-readiness:listReadinessChecks", - "route53-recovery-readiness:listRecoveryGroups", - "route53-recovery-readiness:listResourceSets", - "route53:getAccountLimit", - "route53:getChange", - "route53:getCheckerIpRanges", - "route53:getDNSSEC", - "route53:getGeoLocation", - "route53:getHealthCheck", - "route53:getHealthCheckCount", - "route53:getHealthCheckLastFailureReason", - "route53:getHealthCheckStatus", - "route53:getHostedZone", - "route53:getHostedZoneCount", - "route53:getHostedZoneLimit", - "route53:getQueryLoggingConfig", - "route53:getReusableDelegationSet", - "route53:getTrafficPolicy", - "route53:getTrafficPolicyInstance", - "route53:getTrafficPolicyInstanceCount", - "route53:listCidrBlocks", - "route53:listCidrCollections", - "route53:listCidrLocations", - "route53:listGeoLocations", - "route53:listHealthChecks", - "route53:listHostedZones", - "route53:listHostedZonesByName", - "route53:listHostedZonesByVpc", - "route53:listQueryLoggingConfigs", - "route53:listResourceRecordSets", - "route53:listReusableDelegationSets", - "route53:listTrafficPolicies", - "route53:listTrafficPolicyInstances", - "route53:listTrafficPolicyInstancesByHostedZone", - "route53:listTrafficPolicyInstancesByPolicy", - "route53:listTrafficPolicyVersions", - "route53:listVPCAssociationAuthorizations", - "route53domains:checkDomainAvailability", - "route53domains:getContactReachabilityStatus", - "route53domains:getDomainDetail", - "route53domains:getOperationDetail", - "route53domains:listDomains", - "route53domains:listOperations", - "route53domains:listPrices", - "route53domains:listTagsForDomain", - "route53domains:viewBilling", - "route53profiles:getProfile", - "route53profiles:getProfileAssociation", - "route53profiles:getProfileResourceAssociation", - "route53profiles:listProfileAssociations", - "route53profiles:listProfileResourceAssociations", - "route53profiles:listProfiles", - "route53profiles:listTagsForResource", - "route53resolver:getFirewallConfig", - "route53resolver:getFirewallDomainList", - "route53resolver:getFirewallRuleGroup", - "route53resolver:getFirewallRuleGroupAssociation", - "route53resolver:getFirewallRuleGroupPolicy", - "route53resolver:getOutpostResolver", - "route53resolver:getResolverDnssecConfig", - "route53resolver:getResolverQueryLogConfig", - "route53resolver:getResolverQueryLogConfigAssociation", - "route53resolver:getResolverQueryLogConfigPolicy", - "route53resolver:getResolverRule", - "route53resolver:getResolverRuleAssociation", - "route53resolver:getResolverRulePolicy", - "route53resolver:listFirewallConfigs", - "route53resolver:listFirewallDomainLists", - "route53resolver:listFirewallDomains", - "route53resolver:listFirewallRuleGroupAssociations", - "route53resolver:listFirewallRuleGroups", - "route53resolver:listFirewallRules", - "route53resolver:listOutpostResolvers", - "route53resolver:listResolverConfigs", - "route53resolver:listResolverDnssecConfigs", - "route53resolver:listResolverEndpointIpAddresses", - "route53resolver:listResolverEndpoints", - "route53resolver:listResolverQueryLogConfigAssociations", - "route53resolver:listResolverQueryLogConfigs", - "route53resolver:listResolverRuleAssociations", - "route53resolver:listResolverRules", - "route53resolver:listTagsForResource", - "rum:batchGetRumMetricDefinitions", - "rum:getAppMonitor", - "rum:listAppMonitors", - "rum:listRumMetricsDestinations", - "s3-outposts:listEndpoints", - "s3-outposts:listOutpostsWithS3", - "s3-outposts:listRegionalBuckets", - "s3-outposts:listSharedEndpoints", - "s3:describeJob", - "s3:describeMultiRegionAccessPointOperation", - "s3:getAccelerateConfiguration", - "s3:getAccessGrant", - "s3:getAccessGrantsInstance", - "s3:getAccessGrantsInstanceResourcePolicy", - "s3:getAccessGrantsLocation", - "s3:getAccessPoint", - "s3:getAccessPointConfigurationForObjectLambda", - "s3:getAccessPointForObjectLambda", - "s3:getAccessPointPolicy", - "s3:getAccessPointPolicyForObjectLambda", - "s3:getAccessPointPolicyStatus", - "s3:getAccessPointPolicyStatusForObjectLambda", - "s3:getAccountPublicAccessBlock", - "s3:getAnalyticsConfiguration", - "s3:getBucketAcl", - "s3:getBucketCORS", - "s3:getBucketLocation", - "s3:getBucketLogging", - "s3:getBucketNotification", - "s3:getBucketObjectLockConfiguration", - "s3:getBucketOwnershipControls", - "s3:getBucketPolicy", - "s3:getBucketPolicyStatus", - "s3:getBucketPublicAccessBlock", - "s3:getBucketRequestPayment", - "s3:getBucketVersioning", - "s3:getBucketWebsite", - "s3:getEncryptionConfiguration", - "s3:getIntelligentTieringConfiguration", - "s3:getInventoryConfiguration", - "s3:getLifecycleConfiguration", - "s3:getMetricsConfiguration", - "s3:getMultiRegionAccessPoint", - "s3:getMultiRegionAccessPointPolicy", - "s3:getMultiRegionAccessPointPolicyStatus", - "s3:getMultiRegionAccessPointRoutes", - "s3:getObjectAcl", - "s3:getObjectLegalHold", - "s3:getObjectRetention", - "s3:getReplicationConfiguration", - "s3:getStorageLensConfiguration", - "s3:listAccessGrants", - "s3:listAccessGrantsInstances", - "s3:listAccessGrantsLocations", - "s3:listAccessPoints", - "s3:listAccessPointsForObjectLambda", - "s3:listAllMyBuckets", - "s3:listBucket", - "s3:listBucketMultipartUploads", - "s3:listBucketVersions", - "s3:listJobs", - "s3:listMultipartUploadParts", - "s3:listMultiRegionAccessPoints", - "s3:listStorageLensConfigurations", - "s3express:getBucketPolicy", - "s3express:listAllMyDirectoryBuckets", - "s3tables:getNamespace", - "s3tables:getTable", - "s3tables:getTableBucket", - "s3tables:getTableBucketMaintenanceConfiguration", - "s3tables:getTableBucketPolicy", - "s3tables:getTableMaintenanceJobStatus", - "s3tables:getTableMetadataLocation", - "s3tables:getTablePolicy", - "s3tables:listNamespaces", - "s3tables:listTableBuckets", - "s3tables:listTables", - "sagemaker:describeAction", - "sagemaker:describeAlgorithm", - "sagemaker:describeApp", - "sagemaker:describeAppImageConfig", - "sagemaker:describeArtifact", - "sagemaker:describeAutoMLJob", - "sagemaker:describeCluster", - "sagemaker:describeClusterNode", - "sagemaker:describeCodeRepository", - "sagemaker:describeCompilationJob", - "sagemaker:describeContext", - "sagemaker:describeDataQualityJobDefinition", - "sagemaker:describeDevice", - "sagemaker:describeDeviceFleet", - "sagemaker:describeDomain", - "sagemaker:describeEdgeDeploymentPlan", - "sagemaker:describeEdgePackagingJob", - "sagemaker:describeEndpoint", - "sagemaker:describeEndpointConfig", - "sagemaker:describeExperiment", - "sagemaker:describeFeatureGroup", - "sagemaker:describeFeatureMetadata", - "sagemaker:describeFlowDefinition", - "sagemaker:describeHub", - "sagemaker:describeHubContent", - "sagemaker:describeHumanTaskUi", - "sagemaker:describeHyperParameterTuningJob", - "sagemaker:describeImage", - "sagemaker:describeImageVersion", - "sagemaker:describeInferenceComponent", - "sagemaker:describeInferenceExperiment", - "sagemaker:describeInferenceRecommendationsJob", - "sagemaker:describeLabelingJob", - "sagemaker:describeMlflowTrackingServer", - "sagemaker:describeModel", - "sagemaker:describeModelBiasJobDefinition", - "sagemaker:describeModelCard", - "sagemaker:describeModelCardExportJob", - "sagemaker:describeModelExplainabilityJobDefinition", - "sagemaker:describeModelPackage", - "sagemaker:describeModelPackageGroup", - "sagemaker:describeModelQualityJobDefinition", - "sagemaker:describeMonitoringSchedule", - "sagemaker:describeNotebookInstance", - "sagemaker:describeNotebookInstanceLifecycleConfig", - "sagemaker:describePipeline", - "sagemaker:describePipelineDefinitionForExecution", - "sagemaker:describePipelineExecution", - "sagemaker:describeProcessingJob", - "sagemaker:describeProject", - "sagemaker:describeSpace", - "sagemaker:describeStudioLifecycleConfig", - "sagemaker:describeSubscribedWorkteam", - "sagemaker:describeTrainingJob", - "sagemaker:describeTransformJob", - "sagemaker:describeTrial", - "sagemaker:describeTrialComponent", - "sagemaker:describeUserProfile", - "sagemaker:describeWorkforce", - "sagemaker:describeWorkteam", - "sagemaker:getDeviceFleetReport", - "sagemaker:getModelPackageGroupPolicy", - "sagemaker:getSagemakerServicecatalogPortfolioStatus", - "sagemaker:listActions", - "sagemaker:listAlgorithms", - "sagemaker:listAliases", - "sagemaker:listAppImageConfigs", - "sagemaker:listApps", - "sagemaker:listArtifacts", - "sagemaker:listAssociations", - "sagemaker:listAutoMLJobs", - "sagemaker:listCandidatesForAutoMLJob", - "sagemaker:listClusterNodes", - "sagemaker:listClusters", - "sagemaker:listCodeRepositories", - "sagemaker:listCompilationJobs", - "sagemaker:listContexts", - "sagemaker:listDataQualityJobDefinitions", - "sagemaker:listDeviceFleets", - "sagemaker:listDevices", - "sagemaker:listDomains", - "sagemaker:listEdgeDeploymentPlans", - "sagemaker:listEdgePackagingJobs", - "sagemaker:listEndpointConfigs", - "sagemaker:listEndpoints", - "sagemaker:listExperiments", - "sagemaker:listFeatureGroups", - "sagemaker:listFlowDefinitions", - "sagemaker:listHubContents", - "sagemaker:listHubContentVersions", - "sagemaker:listHubs", - "sagemaker:listHumanTaskUis", - "sagemaker:listHyperParameterTuningJobs", - "sagemaker:listImages", - "sagemaker:listImageVersions", - "sagemaker:listInferenceComponents", - "sagemaker:listInferenceExperiments", - "sagemaker:listInferenceRecommendationsJobs", - "sagemaker:listInferenceRecommendationsJobSteps", - "sagemaker:listLabelingJobs", - "sagemaker:listLabelingJobsForWorkteam", - "sagemaker:listLineageGroups", - "sagemaker:listMlflowTrackingServers", - "sagemaker:listModelBiasJobDefinitions", - "sagemaker:listModelCardExportJobs", - "sagemaker:listModelCards", - "sagemaker:listModelCardVersions", - "sagemaker:listModelExplainabilityJobDefinitions", - "sagemaker:listModelMetadata", - "sagemaker:listModelPackageGroups", - "sagemaker:listModelPackages", - "sagemaker:listModelQualityJobDefinitions", - "sagemaker:listModels", - "sagemaker:listMonitoringAlertHistory", - "sagemaker:listMonitoringAlerts", - "sagemaker:listMonitoringExecutions", - "sagemaker:listMonitoringSchedules", - "sagemaker:listNotebookInstanceLifecycleConfigs", - "sagemaker:listNotebookInstances", - "sagemaker:listPipelineExecutions", - "sagemaker:listPipelineExecutionSteps", - "sagemaker:listPipelineParametersForExecution", - "sagemaker:listPipelines", - "sagemaker:listProcessingJobs", - "sagemaker:listProjects", - "sagemaker:listSpaces", - "sagemaker:listStageDevices", - "sagemaker:listStudioLifecycleConfigs", - "sagemaker:listSubscribedWorkteams", - "sagemaker:listTags", - "sagemaker:listTrainingJobs", - "sagemaker:listTrainingJobsForHyperParameterTuningJob", - "sagemaker:listTransformJobs", - "sagemaker:listTrialComponents", - "sagemaker:listTrials", - "sagemaker:listUserProfiles", - "sagemaker:listWorkforces", - "sagemaker:listWorkteams", - "savingsplans:describeSavingsPlans", - "scheduler:getSchedule", - "scheduler:getScheduleGroup", - "scheduler:listScheduleGroups", - "scheduler:listSchedules", - "schemas:describeCodeBinding", - "schemas:describeDiscoverer", - "schemas:describeRegistry", - "schemas:describeSchema", - "schemas:getCodeBindingSource", - "schemas:getDiscoveredSchema", - "schemas:getResourcePolicy", - "schemas:listDiscoverers", - "schemas:listRegistries", - "schemas:listSchemas", - "schemas:listSchemaVersions", - "sdb:domainMetadata", - "sdb:listDomains", - "secretsmanager:describeSecret", - "secretsmanager:getResourcePolicy", - "secretsmanager:listSecrets", - "secretsmanager:listSecretVersionIds", - "securityhub:batchGetConfigurationPolicyAssociations", - "securityhub:describeOrganizationConfiguration", - "securityhub:getConfigurationPolicy", - "securityhub:getConfigurationPolicyAssociation", - "securityhub:getEnabledStandards", - "securityhub:getFindingAggregator", - "securityhub:getFindings", - "securityhub:getInsightResults", - "securityhub:getInsights", - "securityhub:getMasterAccount", - "securityhub:getMembers", - "securityhub:listConfigurationPolicies", - "securityhub:listConfigurationPolicyAssociations", - "securityhub:listEnabledProductsForImport", - "securityhub:listFindingAggregators", - "securityhub:listInvitations", - "securityhub:listMembers", - "securitylake:getDataLakeExceptionSubscription", - "securitylake:getDataLakeOrganizationConfiguration", - "securitylake:getDataLakeSources", - "securitylake:getSubscriber", - "securitylake:listDataLakeExceptions", - "securitylake:listDataLakes", - "securitylake:listLogSources", - "securitylake:listSubscribers", - "serverlessrepo:getApplication", - "serverlessrepo:getApplicationPolicy", - "serverlessrepo:getCloudFormationTemplate", - "serverlessrepo:listApplicationDependencies", - "serverlessrepo:listApplications", - "serverlessrepo:listApplicationVersions", - "servicecatalog:describeConstraint", - "servicecatalog:describePortfolio", - "servicecatalog:describeProduct", - "servicecatalog:describeProductAsAdmin", - "servicecatalog:describeProductView", - "servicecatalog:describeProvisioningArtifact", - "servicecatalog:describeProvisioningParameters", - "servicecatalog:describeRecord", - "servicecatalog:listAcceptedPortfolioShares", - "servicecatalog:listConstraintsForPortfolio", - "servicecatalog:listLaunchPaths", - "servicecatalog:listPortfolioAccess", - "servicecatalog:listPortfolios", - "servicecatalog:listPortfoliosForProduct", - "servicecatalog:listPrincipalsForPortfolio", - "servicecatalog:listProvisioningArtifacts", - "servicecatalog:listRecordHistory", - "servicecatalog:scanProvisionedProducts", - "servicecatalog:searchProducts", - "servicequotas:getAssociationForServiceQuotaTemplate", - "servicequotas:getAWSDefaultServiceQuota", - "servicequotas:getRequestedServiceQuotaChange", - "servicequotas:getServiceQuota", - "servicequotas:getServiceQuotaIncreaseRequestFromTemplate", - "servicequotas:listAWSDefaultServiceQuotas", - "servicequotas:listRequestedServiceQuotaChangeHistory", - "servicequotas:listRequestedServiceQuotaChangeHistoryByQuota", - "servicequotas:listServiceQuotaIncreaseRequestsInTemplate", - "servicequotas:listServiceQuotas", - "servicequotas:listServices", - "ses:describeActiveReceiptRuleSet", - "ses:describeConfigurationSet", - "ses:describeReceiptRule", - "ses:describeReceiptRuleSet", - "ses:getAccount", - "ses:getAccountSendingEnabled", - "ses:getAddonInstance", - "ses:getAddonSubscription", - "ses:getArchive", - "ses:getArchiveExport", - "ses:getArchiveSearch", - "ses:getBlacklistReports", - "ses:getConfigurationSet", - "ses:getConfigurationSetEventDestinations", - "ses:getContactList", - "ses:getDedicatedIp", - "ses:getDedicatedIpPool", - "ses:getDedicatedIps", - "ses:getDeliverabilityDashboardOptions", - "ses:getDeliverabilityTestReport", - "ses:getDomainDeliverabilityCampaign", - "ses:getDomainStatisticsReport", - "ses:getEmailIdentity", - "ses:getIdentityDkimAttributes", - "ses:getIdentityMailFromDomainAttributes", - "ses:getIdentityNotificationAttributes", - "ses:getIdentityPolicies", - "ses:getIdentityVerificationAttributes", - "ses:getImportJob", - "ses:getIngressPoint", - "ses:getRelay", - "ses:getRuleSet", - "ses:getTrafficPolicy", - "ses:getSendQuota", - "ses:getSendStatistics", - "ses:listConfigurationSets", - "ses:listAddonInstances", - "ses:listAddonSubscriptions", - "ses:listArchiveExports", - "ses:listArchives", - "ses:listArchiveSearches", - "ses:listContactLists", - "ses:listContacts", - "ses:listCustomVerificationEmailTemplates", - "ses:listDedicatedIpPools", - "ses:listDeliverabilityTestReports", - "ses:listDomainDeliverabilityCampaigns", - "ses:listEmailIdentities", - "ses:listEmailTemplates", - "ses:listIdentities", - "ses:listIdentityPolicies", - "ses:listImportJobs", - "ses:listIngressPoints", - "ses:listReceiptFilters", - "ses:listReceiptRuleSets", - "ses:listRelays", - "ses:listRuleSets", - "ses:listRecommendations", - "ses:listTagsForResource", - "ses:listTemplates", - "ses:listTrafficPolicies", - "ses:listVerifiedEmailAddresses", - "shield:describeAttack", - "shield:describeProtection", - "shield:describeSubscription", - "shield:listAttacks", - "shield:listProtections", - "sms-voice:getConfigurationSetEventDestinations", - "sms:getConnectors", - "sms:getReplicationJobs", - "sms:getReplicationRuns", - "sms:getServers", - "snowball:describeAddress", - "snowball:describeAddresses", - "snowball:describeJob", - "snowball:getSnowballUsage", - "snowball:listJobs", - "snowball:listServiceVersions", - "sns:checkIfPhoneNumberIsOptedOut", - "sns:getDataProtectionPolicy", - "sns:getEndpointAttributes", - "sns:getPlatformApplicationAttributes", - "sns:getSMSAttributes", - "sns:getSMSSandboxAccountStatus", - "sns:getSubscriptionAttributes", - "sns:getTopicAttributes", - "sns:listEndpointsByPlatformApplication", - "sns:listOriginationNumbers", - "sns:listPhoneNumbersOptedOut", - "sns:listPlatformApplications", - "sns:listSMSSandboxPhoneNumbers", - "sns:listSubscriptions", - "sns:listSubscriptionsByTopic", - "sns:listTopics", - "sqs:getQueueAttributes", - "sqs:getQueueUrl", - "sqs:listDeadLetterSourceQueues", - "sqs:listMessageMoveTasks", - "sqs:listQueues", - "ssm-contacts:describeEngagement", - "ssm-contacts:describePage", - "ssm-contacts:getContact", - "ssm-contacts:getContactChannel", - "ssm-contacts:getContactPolicy", - "ssm-contacts:getRotation", - "ssm-contacts:getRotationOverride", - "ssm-contacts:listContactChannels", - "ssm-contacts:listContacts", - "ssm-contacts:listEngagements", - "ssm-contacts:listPageReceipts", - "ssm-contacts:listPageResolutions", - "ssm-contacts:listPagesByContact", - "ssm-contacts:listPagesByEngagement", - "ssm-contacts:listPreviewRotationShifts", - "ssm-contacts:listRotationOverrides", - "ssm-contacts:listRotations", - "ssm-contacts:listRotationShifts", - "ssm-incidents:batchGetIncidentFindings", - "ssm-incidents:getIncidentRecord", - "ssm-incidents:getReplicationSet", - "ssm-incidents:getResourcePolicies", - "ssm-incidents:getResponsePlan", - "ssm-incidents:getTimelineEvent", - "ssm-incidents:listIncidentFindings", - "ssm-incidents:listIncidentRecords", - "ssm-incidents:listRelatedItems", - "ssm-incidents:listReplicationSets", - "ssm-incidents:listResponsePlans", - "ssm-incidents:listTimelineEvents", - "ssm-quicksetup:getConfiguration", - "ssm-quicksetup:getConfigurationManager", - "ssm-quicksetup:getServiceSettings", - "ssm-quicksetup:listConfigurationManagers", - "ssm-quicksetup:listConfigurations", - "ssm-quicksetup:listQuickSetupTypes", - "ssm-sap:getApplication", - "ssm-sap:getComponent", - "ssm-sap:getDatabase", - "ssm-sap:getOperation", - "ssm-sap:getResourcePermission", - "ssm-sap:listApplications", - "ssm-sap:listComponents", - "ssm-sap:listDatabases", - "ssm-sap:listOperations", - "ssm:describeActivations", - "ssm:describeAssociation", - "ssm:describeAssociationExecutions", - "ssm:describeAssociationExecutionTargets", - "ssm:describeAutomationExecutions", - "ssm:describeAutomationStepExecutions", - "ssm:describeAvailablePatches", - "ssm:describeDocument", - "ssm:describeDocumentPermission", - "ssm:describeEffectiveInstanceAssociations", - "ssm:describeEffectivePatchesForPatchBaseline", - "ssm:describeInstanceAssociationsStatus", - "ssm:describeInstanceInformation", - "ssm:describeInstancePatches", - "ssm:describeInstancePatchStates", - "ssm:describeInstancePatchStatesForPatchGroup", - "ssm:describeInstanceProperties", - "ssm:describeInventoryDeletions", - "ssm:describeMaintenanceWindowExecutions", - "ssm:describeMaintenanceWindowExecutionTaskInvocations", - "ssm:describeMaintenanceWindowExecutionTasks", - "ssm:describeMaintenanceWindows", - "ssm:describeMaintenanceWindowSchedule", - "ssm:describeMaintenanceWindowsForTarget", - "ssm:describeMaintenanceWindowTargets", - "ssm:describeMaintenanceWindowTasks", - "ssm:describeOpsItems", - "ssm:describeParameters", - "ssm:describePatchBaselines", - "ssm:describePatchGroups", - "ssm:describePatchGroupState", - "ssm:describePatchProperties", - "ssm:describeSessions", - "ssm:getAutomationExecution", - "ssm:getCalendarState", - "ssm:getCommandInvocation", - "ssm:getConnectionStatus", - "ssm:getDefaultPatchBaseline", - "ssm:getDeployablePatchSnapshotForInstance", - "ssm:getInventorySchema", - "ssm:getMaintenanceWindow", - "ssm:getMaintenanceWindowExecution", - "ssm:getMaintenanceWindowExecutionTask", - "ssm:getMaintenanceWindowExecutionTaskInvocation", - "ssm:getMaintenanceWindowTask", - "ssm:getOpsItem", - "ssm:getOpsMetadata", - "ssm:getOpsSummary", - "ssm:getPatchBaseline", - "ssm:getPatchBaselineForPatchGroup", - "ssm:getResourcePolicies", - "ssm:getServiceSetting", - "ssm:listAssociations", - "ssm:listAssociationVersions", - "ssm:listCommandInvocations", - "ssm:listCommands", - "ssm:listComplianceItems", - "ssm:listComplianceSummaries", - "ssm:listDocumentMetadataHistory", - "ssm:listDocuments", - "ssm:listDocumentVersions", - "ssm:listNodes", - "ssm:listNodesSummary", - "ssm:listOpsItemEvents", - "ssm:listOpsItemRelatedItems", - "ssm:listOpsMetadata", - "ssm:listResourceComplianceSummaries", - "ssm:listResourceDataSync", - "ssm:listTagsForResource", - "sso:describeApplication", - "sso:describeApplicationAssignment", - "sso:describeApplicationProvider", - "sso:describeAccountAssignmentCreationStatus", - "sso:describeAccountAssignmentDeletionStatus", - "sso:describeInstance", - "sso:describeInstanceAccessControlAttributeConfiguration", - "sso:describePermissionSet", - "sso:describePermissionSetProvisioningStatus", - "sso:describeTrustedTokenIssuer", - "sso:getApplicationAccessScope", - "sso:getApplicationAssignmentConfiguration", - "sso:getApplicationAuthenticationMethod", - "sso:getApplicationGrant", - "sso:getApplicationInstance", - "sso:getApplicationTemplate", - "sso:getInlinePolicyForPermissionSet", - "sso:getManagedApplicationInstance", - "sso:getPermissionsBoundaryForPermissionSet", - "sso:getSharedSsoConfiguration", - "sso:listApplicationAccessScopes", - "sso:listApplicationAssignments", - "sso:listApplicationAuthenticationMethods", - "sso:listApplicationGrants", - "sso:listApplicationInstances", - "sso:listApplicationProviders", - "sso:listApplications", - "sso:listApplicationTemplates", - "sso:listAccountAssignmentCreationStatus", - "sso:listAccountAssignmentDeletionStatus", - "sso:listAccountAssignments", - "sso:listAccountAssignmentsForPrincipal", - "sso:listAccountsForProvisionedPermissionSet", - "sso:listApplicationAssignmentsForPrincipal", - "sso:listCustomerManagedPolicyReferencesInPermissionSet", - "sso:listDirectoryAssociations", - "sso:listInstances", - "sso:listManagedPoliciesInPermissionSet", - "sso:listPermissionSetProvisioningStatus", - "sso:listPermissionSets", - "sso:listPermissionSetsProvisionedToAccount", - "sso:listProfileAssociations", - "sso:listTrustedTokenIssuers", - "states:describeActivity", - "states:describeExecution", - "states:describeMapRun", - "states:describeStateMachine", - "states:describeStateMachineAlias", - "states:describeStateMachineForExecution", - "states:getExecutionHistory", - "states:listActivities", - "states:listExecutions", - "states:listMapRuns", - "states:listStateMachineAliases", - "states:listStateMachines", - "states:listStateMachineVersions", - "storagegateway:describeBandwidthRateLimit", - "storagegateway:describeCache", - "storagegateway:describeCachediSCSIVolumes", - "storagegateway:describeFileSystemAssociations", - "storagegateway:describeGatewayInformation", - "storagegateway:describeMaintenanceStartTime", - "storagegateway:describeNFSFileShares", - "storagegateway:describeSMBFileShares", - "storagegateway:describeSMBSettings", - "storagegateway:describeSnapshotSchedule", - "storagegateway:describeStorediSCSIVolumes", - "storagegateway:describeTapeArchives", - "storagegateway:describeTapeRecoveryPoints", - "storagegateway:describeTapes", - "storagegateway:describeUploadBuffer", - "storagegateway:describeVTLDevices", - "storagegateway:describeWorkingStorage", - "storagegateway:listAutomaticTapeCreationPolicies", - "storagegateway:listFileShares", - "storagegateway:listFileSystemAssociations", - "storagegateway:listGateways", - "storagegateway:listLocalDisks", - "storagegateway:listTagsForResource", - "storagegateway:listTapes", - "storagegateway:listVolumeInitiators", - "storagegateway:listVolumeRecoveryPoints", - "storagegateway:listVolumes", - "sts:getCallerIdentity", - "swf:countClosedWorkflowExecutions", - "swf:countOpenWorkflowExecutions", - "swf:countPendingActivityTasks", - "swf:countPendingDecisionTasks", - "swf:describeActivityType", - "swf:describeDomain", - "swf:describeWorkflowExecution", - "swf:describeWorkflowType", - "swf:getWorkflowExecutionHistory", - "swf:listActivityTypes", - "swf:listClosedWorkflowExecutions", - "swf:listDomains", - "swf:listOpenWorkflowExecutions", - "swf:listWorkflowTypes", - "synthetics:describeCanaries", - "synthetics:describeCanariesLastRun", - "synthetics:describeRuntimeVersions", - "synthetics:getCanary", - "synthetics:getCanaryRuns", - "synthetics:getGroup", - "synthetics:listAssociatedGroups", - "synthetics:listGroupResources", - "synthetics:listGroups", - "thinclient:getDevice", - "thinclient:getEnvironment", - "thinclient:getSoftwareSet", - "thinclient:listDevices", - "thinclient:listEnvironments", - "thinclient:listSoftwareSets", - "timestream:describeAccountSettings", - "timestream:describeBatchLoadTask", - "timestream:describeDatabase", - "timestream:describeEndpoints", - "timestream:describeScheduledQuery", - "timestream:describeTable", - "timestream:listBatchLoadTasks", - "timestream:listDatabases", - "timestream:listScheduledQueries", - "timestream:listTables", - "tiros:createQuery", - "tiros:getQueryAnswer", - "tiros:getQueryExplanation", - "tnb:getSolFunctionInstance", - "tnb:getSolFunctionPackage", - "tnb:getSolNetworkInstance", - "tnb:getSolNetworkOperation", - "tnb:getSolNetworkPackage", - "tnb:listSolFunctionInstances", - "tnb:listSolFunctionPackages", - "tnb:listSolNetworkInstances", - "tnb:listSolNetworkOperations", - "tnb:listSolNetworkPackages", - "transcribe:describeLanguageModel", - "transcribe:getCallAnalyticsCategory", - "transcribe:getCallAnalyticsJob", - "transcribe:getMedicalTranscriptionJob", - "transcribe:getMedicalVocabulary", - "transcribe:getTranscriptionJob", - "transcribe:getVocabulary", - "transcribe:getVocabularyFilter", - "transcribe:listCallAnalyticsCategories", - "transcribe:listCallAnalyticsJobs", - "transcribe:listLanguageModels", - "transcribe:listMedicalTranscriptionJobs", - "transcribe:listMedicalVocabularies", - "transcribe:listTranscriptionJobs", - "transcribe:listVocabularies", - "transcribe:listVocabularyFilters", - "transfer:describeAccess", - "transfer:describeAgreement", - "transfer:describeConnector", - "transfer:describeExecution", - "transfer:describeProfile", - "transfer:describeServer", - "transfer:describeUser", - "transfer:describeWebApp", - "transfer:describeWebAppCustomization", - "transfer:describeWorkflow", - "transfer:listAccesses", - "transfer:listAgreements", - "transfer:listConnectors", - "transfer:listExecutions", - "transfer:listHostKeys", - "transfer:listProfiles", - "transfer:listServers", - "transfer:listTagsForResource", - "transfer:listUsers", - "transfer:listWebApps", - "transfer:listWorkflows", - "transfer:sendWorkflowStepState", - "trustedadvisor:getOrganizationRecommendation", - "trustedadvisor:getRecommendation", - "trustedadvisor:listChecks", - "trustedadvisor:listOrganizationRecommendationAccounts", - "trustedadvisor:listOrganizationRecommendationResources", - "trustedadvisor:listOrganizationRecommendations", - "trustedadvisor:listRecommendationResources", - "trustedadvisor:listRecommendations", - "verifiedpermissions:getIdentitySource", - "verifiedpermissions:getPolicy", - "verifiedpermissions:getPolicyStore", - "verifiedpermissions:getPolicyTemplate", - "verifiedpermissions:getSchema", - "verifiedpermissions:listIdentitySources", - "verifiedpermissions:listPolicies", - "verifiedpermissions:listPolicyStores", - "verifiedpermissions:listPolicyTemplates", - "vpc-lattice:getAccessLogSubscription", - "vpc-lattice:getAuthPolicy", - "vpc-lattice:getListener", - "vpc-lattice:getResourceConfiguration", - "vpc-lattice:getResourceGateway", - "vpc-lattice:getResourcePolicy", - "vpc-lattice:getRule", - "vpc-lattice:getService", - "vpc-lattice:getServiceNetwork", - "vpc-lattice:getServiceNetworkResourceAssociation", - "vpc-lattice:getServiceNetworkServiceAssociation", - "vpc-lattice:getServiceNetworkVpcAssociation", - "vpc-lattice:getTargetGroup", - "vpc-lattice:listAccessLogSubscriptions", - "vpc-lattice:listListeners", - "vpc-lattice:listResourceConfigurations", - "vpc-lattice:listResourceGateways", - "vpc-lattice:listRules", - "vpc-lattice:listServiceNetworks", - "vpc-lattice:listServiceNetworkResourceAssociations", - "vpc-lattice:listServiceNetworkServiceAssociations", - "vpc-lattice:listServiceNetworkVpcAssociations", - "vpc-lattice:listServices", - "vpc-lattice:listTargetGroups", - "vpc-lattice:listTargets", - "waf-regional:getByteMatchSet", - "waf-regional:getChangeTokenStatus", - "waf-regional:getGeoMatchSet", - "waf-regional:getIPSet", - "waf-regional:getLoggingConfiguration", - "waf-regional:getRateBasedRule", - "waf-regional:getRegexMatchSet", - "waf-regional:getRegexPatternSet", - "waf-regional:getRule", - "waf-regional:getRuleGroup", - "waf-regional:getSqlInjectionMatchSet", - "waf-regional:getWebACL", - "waf-regional:getWebACLForResource", - "waf-regional:listActivatedRulesInRuleGroup", - "waf-regional:listByteMatchSets", - "waf-regional:listGeoMatchSets", - "waf-regional:listIPSets", - "waf-regional:listLoggingConfigurations", - "waf-regional:listRateBasedRules", - "waf-regional:listRegexMatchSets", - "waf-regional:listRegexPatternSets", - "waf-regional:listResourcesForWebACL", - "waf-regional:listRuleGroups", - "waf-regional:listRules", - "waf-regional:listSqlInjectionMatchSets", - "waf-regional:listWebACLs", - "waf:getByteMatchSet", - "waf:getChangeTokenStatus", - "waf:getGeoMatchSet", - "waf:getIPSet", - "waf:getLoggingConfiguration", - "waf:getRateBasedRule", - "waf:getRegexMatchSet", - "waf:getRegexPatternSet", - "waf:getRule", - "waf:getRuleGroup", - "waf:getSampledRequests", - "waf:getSizeConstraintSet", - "waf:getSqlInjectionMatchSet", - "waf:getWebACL", - "waf:getXssMatchSet", - "waf:listActivatedRulesInRuleGroup", - "waf:listByteMatchSets", - "waf:listGeoMatchSets", - "waf:listIPSets", - "waf:listLoggingConfigurations", - "waf:listRateBasedRules", - "waf:listRegexMatchSets", - "waf:listRegexPatternSets", - "waf:listRuleGroups", - "waf:listRules", - "waf:listSizeConstraintSets", - "waf:listSqlInjectionMatchSets", - "waf:listWebACLs", - "waf:listXssMatchSets", - "wafv2:checkCapacity", - "wafv2:describeManagedRuleGroup", - "wafv2:getIPSet", - "wafv2:getLoggingConfiguration", - "wafv2:getPermissionPolicy", - "wafv2:getRateBasedStatementManagedKeys", - "wafv2:getRegexPatternSet", - "wafv2:getRuleGroup", - "wafv2:getSampledRequests", - "wafv2:getWebACL", - "wafv2:getWebACLForResource", - "wafv2:listAvailableManagedRuleGroups", - "wafv2:listIPSets", - "wafv2:listLoggingConfigurations", - "wafv2:listRegexPatternSets", - "wafv2:listResourcesForWebACL", - "wafv2:listRuleGroups", - "wafv2:listTagsForResource", - "wafv2:listWebACLs", - "workdocs:checkAlias", - "workdocs:describeAvailableDirectories", - "workdocs:describeInstances", - "workmail:describeGroup", - "workmail:describeOrganization", - "workmail:describeResource", - "workmail:describeUser", - "workmail:listAliases", - "workmail:listGroupMembers", - "workmail:listGroups", - "workmail:listMailboxPermissions", - "workmail:listOrganizations", - "workmail:listResourceDelegates", - "workmail:listResources", - "workmail:listUsers", - "workspaces-web:getBrowserSettings", - "workspaces-web:getIdentityProvider", - "workspaces-web:getNetworkSettings", - "workspaces-web:getPortal", - "workspaces-web:getPortalServiceProviderMetadata", - "workspaces-web:getTrustStoreCertificate", - "workspaces-web:getUserSettings", - "workspaces-web:listBrowserSettings", - "workspaces-web:listIdentityProviders", - "workspaces-web:listNetworkSettings", - "workspaces-web:listPortals", - "workspaces-web:listTagsForResource", - "workspaces-web:listTrustStoreCertificates", - "workspaces-web:listTrustStores", - "workspaces-web:listUserSettings", - "workspaces:describeAccount", - "workspaces:describeAccountModifications", - "workspaces:describeApplicationAssociations", - "workspaces:describeIpGroups", - "workspaces:describeTags", - "workspaces:describeWorkspaceAssociations", - "workspaces:describeWorkspaceBundles", - "workspaces:describeWorkspaceDirectories", - "workspaces:describeWorkspaceImages", - "workspaces:describeWorkspaces", - "workspaces:describeWorkspaceSnapshots", - "workspaces:describeWorkspacesConnectionStatus", - "workspaces:describeWorkspacesPools", - "workspaces:describeWorkspacesPoolSessions", - "xray:getEncryptionConfig", - "xray:getGroup", - "xray:getGroups", - "xray:getInsightImpactGraph", - "xray:getSamplingRules", - "xray:getSamplingStatisticSummaries", - "xray:getSamplingTargets", - "xray:getServiceGraph", - "xray:getTimeSeriesServiceStatistics", - "xray:getTraceGraph", - "xray:listResourcePolicies" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - } - ], - "Version": "2012-10-17" - }, - "tags": [] - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "AWSSupportServiceRolePolicy", - "type": "AwsIamPolicy", - "uid": "arn:aws:iam::aws:policy/aws-service-role/AWSSupportServiceRolePolicy" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "It is more secure to start with a minimum set of permissions and grant additional permissions as necessary, rather than starting with permissions that are too lenient and then trying to tighten them later. List policies an analyze if permissions are the least possible to conduct business activities.", - "references": [ - "http://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html" - ] - }, - "risk_details": "IAM policies are the means by which privileges are granted to users, groups, or roles. It is recommended and considered a standard security advice to grant least privilegeβ€”that is, granting only the permissions required to perform a task. Determine what users need to do and then craft policies for them that let the users perform only those tasks instead of allowing full administrative privileges. Providing full administrative privileges instead of restricting to the minimum set of permissions that the user is required to do exposes the resources to potentially unwanted actions.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "AWS policy AWSResourceExplorerServiceRolePolicy is attached but does not allow '*:*' administrative privileges.", - "metadata": { - "event_code": "iam_aws_attached_policy_no_administrative_privileges", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "AWS policy AWSResourceExplorerServiceRolePolicy is attached but does not allow '*:*' administrative privileges.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "CAF Security Epic: IAM", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_1", - "3_1_2", - "3_1_4", - "3_1_5", - "3_1_6", - "3_1_7", - "3_4_6", - "3_13_3" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_1" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_308_a_3_i", - "164_308_a_3_ii_b", - "164_308_a_4_i", - "164_308_a_4_ii_b", - "164_308_a_4_ii_c", - "164_312_a_1" - ], - "SOC2": [ - "cc_1_3", - "cc_6_3" - ], - "C5-2025": [ - "OIS-04.03B", - "OIS-04.01AC", - "SP-01.04B", - "HR-01.01B", - "IAM-01.01B", - "IAM-01.04B" - ], - "NIST-CSF-1.1": [ - "ac_1", - "ac_4", - "pt_3" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-1", - "ac-2-f", - "ac-2-j", - "ac-3", - "ac-5-c", - "ac-6-10", - "ac-6", - "sc-2" - ], - "CIS-3.0": [ - "1.16" - ], - "NIST-800-53-Revision-5": [ - "ac_2_1", - "ac_2_6", - "ac_2_i_2", - "ac_3", - "ac_3_3", - "ac_3_3_a", - "ac_3_3_b_1", - "ac_3_3_b_2", - "ac_3_3_b_3", - "ac_3_3_b_4", - "ac_3_3_b_5", - "ac_3_3_c", - "ac_3_4", - "ac_3_4_a", - "ac_3_4_b", - "ac_3_4_c", - "ac_3_4_d", - "ac_3_4_e", - "ac_3_7", - "ac_3_8", - "ac_3_12_a", - "ac_3_13", - "ac_3_15_a", - "ac_3_15_b", - "ac_4_28", - "ac_5_b", - "ac_6", - "ac_6_2", - "ac_6_3", - "ac_6_10", - "ac_24", - "cm_5_1_a", - "cm_6_a", - "cm_9_b", - "mp_2", - "sc_23_3", - "sc_25" - ], - "ENS-RD2022": [ - "op.acc.4.aws.iam.1", - "op.acc.4.aws.iam.2", - "op.acc.4.aws.iam.9", - "op.exp.8.r4.aws.ct.8" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.16" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "ac-3" - ], - "FFIEC": [ - "d3-pc-am-b-1", - "d3-pc-am-b-16", - "d3-pc-am-b-2", - "d3-pc-am-b-3", - "d3-pc-am-b-6", - "d3-pc-im-b-7" - ], - "GDPR": [ - "article_25" - ], - "CIS-5.0": [ - "1.15" - ], - "CIS-1.4": [ - "1.16" - ], - "CCC": [ - "CCC.LB.CN05.AR01", - "CCC.Core.CN05.AR02" - ], - "GxP-21-CFR-Part-11": [ - "11.10-d", - "11.10-g" - ], - "ProwlerThreatScore-1.0": [ - "1.3.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "IAM.1" - ], - "CIS-1.5": [ - "1.16" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC03-BP02" - ], - "ISO27001-2022": [ - "A.5.18", - "A.8.2" - ], - "NIST-800-53-Revision-4": [ - "ac_2", - "ac_3", - "ac_5", - "ac_6", - "sc_2" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1078", - "T1648", - "T1098", - "T1578", - "T1550", - "T1040", - "T1580", - "T1538", - "T1619", - "T1201" - ], - "CIS-2.0": [ - "1.16" - ], - "CISA": [ - "your-systems-3", - "your-surroundings-3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Ensure IAM AWS-Managed policies that allow full \"*:*\" administrative privileges are not attached", - "title": "Ensure IAM AWS-Managed policies that allow full \"*:*\" administrative privileges are not attached", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_aws_attached_policy_no_administrative_privileges-211203495394-us-east-1-AWSResourceExplorerServiceRolePolicy" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "AWSResourceExplorerServiceRolePolicy", - "arn": "arn:aws:iam::aws:policy/aws-service-role/AWSResourceExplorerServiceRolePolicy", - "entity": "ANPAZKAPJZG4K2H54PAUL", - "version_id": "v19", - "type": "AWS", - "attached": true, - "document": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "ResourceExplorerAccess", - "Effect": "Allow", - "Action": [ - "resource-explorer-2:UpdateIndexType", - "resource-explorer-2:CreateIndex", - "resource-explorer-2:CreateView", - "resource-explorer-2:AssociateDefaultView", - "resource-explorer-2:DeleteIndex" - ], - "Resource": "*" - }, - { - "Sid": "OrganizationsAccess", - "Effect": "Allow", - "Action": [ - "organizations:DescribeAccount", - "organizations:DescribeOrganization", - "organizations:ListAWSServiceAccessForOrganization", - "organizations:ListAccounts", - "organizations:ListDelegatedAdministrators", - "organizations:ListOrganizationalUnitsForParent", - "organizations:ListRoots" - ], - "Resource": "*" - }, - { - "Sid": "CloudTrailEventsAccess", - "Effect": "Allow", - "Action": [ - "cloudtrail:CreateServiceLinkedChannel", - "cloudtrail:GetServiceLinkedChannel" - ], - "Resource": "arn:aws:cloudtrail:*:*:channel/aws-service-channel/resource-explorer-2/*" - }, - { - "Sid": "ApiGatewayAccess", - "Effect": "Allow", - "Action": "apigateway:GET", - "Resource": [ - "arn:aws:apigateway:*::/restapis", - "arn:aws:apigateway:*::/restapis/*", - "arn:aws:apigateway:*::/restapis/*/deployments", - "arn:aws:apigateway:*::/restapis/*/resources", - "arn:aws:apigateway:*::/restapis/*/resources/*", - "arn:aws:apigateway:*::/restapis/*/resources/*/methods/*", - "arn:aws:apigateway:*::/restapis/*/stages", - "arn:aws:apigateway:*::/restapis/*/stages/*", - "arn:aws:apigateway:*::/vpclinks", - "arn:aws:apigateway:*::/apis", - "arn:aws:apigateway:*::/apis/*/routes", - "arn:aws:apigateway:*::/apis/*/stages", - "arn:aws:apigateway:*::/apis/*", - "arn:aws:apigateway:*::/apis/*/routes/*", - "arn:aws:apigateway:*::/apis/*/stages/*" - ] - }, - { - "Sid": "ResourceInventoryAccess", - "Effect": "Allow", - "Action": [ - "access-analyzer:ListAnalyzers", - "acm-pca:ListCertificateAuthorities", - "acm:ListCertificates", - "airflow:ListEnvironments", - "amplify:ListApps", - "amplify:ListBranches", - "amplify:ListDomainAssociations", - "aoss:ListCollections", - "app-integrations:ListApplications", - "app-integrations:ListEventIntegrations", - "appconfig:ListApplications", - "appconfig:ListDeploymentStrategies", - "appconfig:ListEnvironments", - "appconfig:ListExtensionAssociations", - "appflow:ListFlows", - "appmesh:ListGatewayRoutes", - "appmesh:ListMeshes", - "appmesh:ListRoutes", - "appmesh:ListVirtualGateways", - "appmesh:ListVirtualNodes", - "appmesh:ListVirtualRouters", - "appmesh:ListVirtualServices", - "apprunner:ListAutoScalingConfigurations", - "apprunner:ListConnections", - "apprunner:ListServices", - "apprunner:ListVpcConnectors", - "appstream:DescribeAppBlocks", - "appstream:DescribeApplications", - "appstream:DescribeFleets", - "appstream:DescribeImageBuilders", - "appstream:DescribeStacks", - "appsync:ListGraphqlApis", - "aps:ListRuleGroupsNamespaces", - "aps:ListWorkspaces", - "athena:ListDataCatalogs", - "athena:ListWorkGroups", - "auditmanager:GetAccountStatus", - "auditmanager:ListAssessments", - "autoscaling:DescribeAutoScalingGroups", - "backup-gateway:ListHypervisors", - "backup:ListBackupPlans", - "backup:ListBackupVaults", - "backup:ListReportPlans", - "batch:DescribeComputeEnvironments", - "batch:DescribeJobDefinitions", - "batch:DescribeJobQueues", - "batch:ListSchedulingPolicies", - "bedrock:ListAgentAliases", - "bedrock:ListAgents", - "bedrock:ListDataAutomationProjects", - "bedrock:ListFlows", - "bedrock:ListGuardrails", - "bedrock:ListInferenceProfiles", - "bedrock:ListKnowledgeBases", - "bedrock:ListPromptRouters", - "bedrock:ListPrompts", - "ce:GetAnomalyMonitors", - "ce:GetAnomalySubscriptions", - "chime:ListAppInstanceBots", - "chime:ListAppInstanceUsers", - "chime:ListAppInstances", - "chime:ListMediaInsightsPipelineConfigurations", - "chime:ListMediaPipelineKinesisVideoStreamPools", - "chime:ListMediaPipelines", - "chime:ListSipMediaApplications", - "chime:ListVoiceConnectors", - "cloud9:ListEnvironments", - "cloudformation:ListResources", - "cloudformation:ListStackSets", - "cloudformation:ListStacks", - "cloudfront:ListCachePolicies", - "cloudfront:ListCloudFrontOriginAccessIdentities", - "cloudfront:ListContinuousDeploymentPolicies", - "cloudfront:ListDistributions", - "cloudfront:ListFieldLevelEncryptionConfigs", - "cloudfront:ListFieldLevelEncryptionProfiles", - "cloudfront:ListFunctions", - "cloudfront:ListOriginAccessControls", - "cloudfront:ListOriginRequestPolicies", - "cloudfront:ListRealtimeLogConfigs", - "cloudfront:ListResponseHeadersPolicies", - "cloudtrail:ListChannels", - "cloudtrail:ListDashboards", - "cloudtrail:ListEventDataStores", - "cloudtrail:ListTrails", - "cloudwatch:DescribeAlarms", - "cloudwatch:DescribeInsightRules", - "cloudwatch:ListDashboards", - "cloudwatch:ListMetricStreams", - "codeartifact:ListDomains", - "codeartifact:ListRepositories", - "codebuild:ListProjects", - "codecommit:ListRepositories", - "codeconnections:ListConnections", - "codedeploy:ListApplications", - "codedeploy:ListDeploymentConfigs", - "codeguru-profiler:ListProfilingGroups", - "codeguru-reviewer:ListRepositoryAssociations", - "codepipeline:ListPipelines", - "codepipeline:ListWebhooks", - "codestar-connections:ListConnections", - "cognito-identity:ListIdentityPools", - "cognito-idp:ListUserPools", - "comprehend:ListDocumentClassifiers", - "comprehend:ListEntityRecognizers", - "comprehend:ListFlywheels", - "config:DescribeConfigRules", - "connect:ListEvaluationForms", - "connect:ListHoursOfOperations", - "connect:ListInstanceAttributes", - "connect:ListInstances", - "connect:ListPhoneNumbersV2", - "connect:ListPrompts", - "connect:ListQuickConnects", - "connect:ListRoutingProfileQueues", - "connect:ListRoutingProfiles", - "connect:ListRules", - "connect:ListSecurityProfiles", - "connect:ListTaskTemplates", - "connect:ListUsers", - "databrew:ListDatasets", - "databrew:ListJobs", - "databrew:ListProjects", - "databrew:ListRecipes", - "databrew:ListRulesets", - "databrew:ListSchedules", - "dataexchange:ListDataSets", - "datapipeline:ListPipelines", - "datasync:ListLocations", - "datasync:ListTasks", - "dax:DescribeClusters", - "detective:ListGraphs", - "devicefarm:ListInstanceProfiles", - "devicefarm:ListProjects", - "devicefarm:ListTestGridProjects", - "directconnect:DescribeDirectConnectGateways", - "dms:DescribeCertificates", - "dms:DescribeEndpoints", - "dms:DescribeEventSubscriptions", - "dms:DescribeReplicationInstances", - "dms:DescribeReplicationSubnetGroups", - "dms:DescribeReplicationTasks", - "ds:DescribeDirectories", - "dynamodb:ListTables", - "ec2:DescribeAddresses", - "ec2:DescribeCapacityReservationFleets", - "ec2:DescribeCapacityReservations", - "ec2:DescribeCarrierGateways", - "ec2:DescribeClientVpnEndpoints", - "ec2:DescribeCustomerGateways", - "ec2:DescribeDhcpOptions", - "ec2:DescribeEgressOnlyInternetGateways", - "ec2:DescribeFleets", - "ec2:DescribeFlowLogs", - "ec2:DescribeFpgaImages", - "ec2:DescribeHostReservations", - "ec2:DescribeHosts", - "ec2:DescribeImages", - "ec2:DescribeInstanceConnectEndpoints", - "ec2:DescribeInstanceEventWindows", - "ec2:DescribeInstances", - "ec2:DescribeInternetGateways", - "ec2:DescribeIpamPools", - "ec2:DescribeIpamResourceDiscoveries", - "ec2:DescribeIpamResourceDiscoveryAssociations", - "ec2:DescribeIpamScopes", - "ec2:DescribeIpams", - "ec2:DescribeKeyPairs", - "ec2:DescribeLaunchTemplates", - "ec2:DescribeManagedPrefixLists", - "ec2:DescribeNatGateways", - "ec2:DescribeNetworkAcls", - "ec2:DescribeNetworkInsightsAccessScopeAnalyses", - "ec2:DescribeNetworkInsightsAccessScopes", - "ec2:DescribeNetworkInsightsAnalyses", - "ec2:DescribeNetworkInsightsPaths", - "ec2:DescribeNetworkInterfaces", - "ec2:DescribePlacementGroups", - "ec2:DescribePublicIpv4Pools", - "ec2:DescribeReservedInstances", - "ec2:DescribeRouteTables", - "ec2:DescribeSecurityGroupRules", - "ec2:DescribeSecurityGroups", - "ec2:DescribeSnapshots", - "ec2:DescribeSpotFleetRequests", - "ec2:DescribeSpotInstanceRequests", - "ec2:DescribeSubnets", - "ec2:DescribeTrafficMirrorFilters", - "ec2:DescribeTrafficMirrorSessions", - "ec2:DescribeTrafficMirrorTargets", - "ec2:DescribeTransitGatewayAttachments", - "ec2:DescribeTransitGatewayConnectPeers", - "ec2:DescribeTransitGatewayMulticastDomains", - "ec2:DescribeTransitGatewayPolicyTables", - "ec2:DescribeTransitGatewayRouteTableAnnouncements", - "ec2:DescribeTransitGatewayRouteTables", - "ec2:DescribeTransitGateways", - "ec2:DescribeVerifiedAccessEndpoints", - "ec2:DescribeVerifiedAccessGroups", - "ec2:DescribeVerifiedAccessInstances", - "ec2:DescribeVerifiedAccessTrustProviders", - "ec2:DescribeVolumes", - "ec2:DescribeVpcBlockPublicAccessExclusions", - "ec2:DescribeVpcEndpointServiceConfigurations", - "ec2:DescribeVpcEndpoints", - "ec2:DescribeVpcPeeringConnections", - "ec2:DescribeVpcs", - "ec2:DescribeVpnConnections", - "ec2:DescribeVpnGateways", - "ec2:GetSubnetCidrReservations", - "ecr-public:DescribeRepositories", - "ecr:DescribeRepositories", - "ecs:DescribeCapacityProviders", - "ecs:DescribeServices", - "ecs:ListClusters", - "ecs:ListContainerInstances", - "ecs:ListServices", - "ecs:ListTaskDefinitions", - "eks:DescribeAccessEntry", - "eks:DescribeAddon", - "eks:DescribeFargateProfile", - "eks:DescribeIdentityProviderConfig", - "eks:DescribeNodegroup", - "eks:ListAccessEntries", - "eks:ListAddons", - "eks:ListClusters", - "eks:ListEksAnywhereSubscriptions", - "eks:ListFargateProfiles", - "eks:ListIdentityProviderConfigs", - "eks:ListNodegroups", - "eks:ListPodIdentityAssociations", - "elasticache:DescribeCacheClusters", - "elasticache:DescribeCacheParameterGroups", - "elasticache:DescribeCacheSubnetGroups", - "elasticache:DescribeGlobalReplicationGroups", - "elasticache:DescribeReplicationGroups", - "elasticache:DescribeReservedCacheNodes", - "elasticache:DescribeSnapshots", - "elasticache:DescribeUserGroups", - "elasticache:DescribeUsers", - "elasticbeanstalk:DescribeApplicationVersions", - "elasticbeanstalk:DescribeApplications", - "elasticbeanstalk:DescribeEnvironments", - "elasticfilesystem:DescribeAccessPoints", - "elasticfilesystem:DescribeFileSystems", - "elasticloadbalancing:DescribeListeners", - "elasticloadbalancing:DescribeLoadBalancers", - "elasticloadbalancing:DescribeRules", - "elasticloadbalancing:DescribeTargetGroups", - "elasticmapreduce:ListClusters", - "emr-containers:ListJobTemplates", - "emr-containers:ListManagedEndpoints", - "emr-containers:ListSecurityConfigurations", - "emr-containers:ListVirtualClusters", - "emr-serverless:ListApplications", - "es:ListDomainNames", - "events:ListApiDestinations", - "events:ListArchives", - "events:ListConnections", - "events:ListEndpoints", - "events:ListEventBuses", - "events:ListRules", - "evidently:ListExperiments", - "evidently:ListFeatures", - "evidently:ListLaunches", - "evidently:ListProjects", - "finspace:ListEnvironments", - "firehose:ListDeliveryStreams", - "fis:ListExperimentTemplates", - "fms:ListPolicies", - "fms:ListProtocolsLists", - "forecast:ListDatasetGroups", - "forecast:ListDatasetImportJobs", - "forecast:ListDatasets", - "forecast:ListForecastExportJobs", - "forecast:ListForecasts", - "forecast:ListPredictorBacktestExportJobs", - "forecast:ListPredictors", - "frauddetector:GetDetectors", - "frauddetector:GetEntityTypes", - "frauddetector:GetEventTypes", - "frauddetector:GetExternalModels", - "frauddetector:GetLabels", - "frauddetector:GetModels", - "frauddetector:GetOutcomes", - "frauddetector:GetVariables", - "fsx:DescribeBackups", - "fsx:DescribeFileSystems", - "gamelift:DescribeGameSessionQueues", - "gamelift:DescribeMatchmakingConfigurations", - "gamelift:DescribeMatchmakingRuleSets", - "gamelift:ListAliases", - "gamelift:ListBuilds", - "gamelift:ListLocations", - "gamelift:ListScripts", - "geo:ListMaps", - "geo:ListPlaceIndexes", - "geo:ListTrackers", - "glacier:ListVaults", - "globalaccelerator:ListAccelerators", - "globalaccelerator:ListEndpointGroups", - "globalaccelerator:ListListeners", - "glue:GetCrawlers", - "glue:GetDatabases", - "glue:GetJobs", - "glue:GetTables", - "glue:GetTriggers", - "glue:ListDataQualityRulesets", - "glue:ListMLTransforms", - "glue:ListRegistries", - "grafana:ListWorkspaces", - "greengrass:ListComponentVersions", - "greengrass:ListComponents", - "greengrass:ListConnectorDefinitions", - "greengrass:ListCoreDefinitions", - "greengrass:ListDeviceDefinitions", - "greengrass:ListFunctionDefinitions", - "greengrass:ListGroups", - "greengrass:ListLoggerDefinitions", - "greengrass:ListResourceDefinitions", - "greengrass:ListSubscriptionDefinitions", - "groundstation:ListConfigs", - "groundstation:ListDataflowEndpointGroups", - "groundstation:ListMissionProfiles", - "guardduty:ListDetectors", - "guardduty:ListFilters", - "guardduty:ListIPSets", - "guardduty:ListMalwareProtectionPlans", - "guardduty:ListPublishingDestinations", - "guardduty:ListThreatIntelSets", - "healthlake:ListFHIRDatastores", - "iam:ListGroups", - "iam:ListInstanceProfiles", - "iam:ListOpenIDConnectProviders", - "iam:ListPolicies", - "iam:ListRoles", - "iam:ListSAMLProviders", - "iam:ListServerCertificates", - "iam:ListUsers", - "iam:ListVirtualMFADevices", - "imagebuilder:ListComponentBuildVersions", - "imagebuilder:ListComponents", - "imagebuilder:ListContainerRecipes", - "imagebuilder:ListDistributionConfigurations", - "imagebuilder:ListImageBuildVersions", - "imagebuilder:ListImagePipelines", - "imagebuilder:ListImageRecipes", - "imagebuilder:ListImages", - "imagebuilder:ListInfrastructureConfigurations", - "inspector2:ListFilters", - "inspector:ListAssessmentTemplates", - "iot:ListAuthorizers", - "iot:ListBillingGroups", - "iot:ListCACertificates", - "iot:ListCertificates", - "iot:ListFleetMetrics", - "iot:ListJobTemplates", - "iot:ListMitigationActions", - "iot:ListPolicies", - "iot:ListProvisioningTemplates", - "iot:ListRoleAliases", - "iot:ListScheduledAudits", - "iot:ListSecurityProfiles", - "iot:ListThingGroups", - "iot:ListThingTypes", - "iot:ListThings", - "iot:ListTopicRuleDestinations", - "iot:ListTopicRules", - "iotanalytics:ListChannels", - "iotanalytics:ListDatasets", - "iotanalytics:ListDatastores", - "iotanalytics:ListPipelines", - "iotdeviceadvisor:ListSuiteDefinitions", - "iotevents:ListAlarmModels", - "iotevents:ListDetectorModels", - "iotevents:ListInputs", - "iotfleethub:ListApplications", - "iotfleetwise:ListDecoderManifests", - "iotfleetwise:ListModelManifests", - "iotfleetwise:ListSignalCatalogs", - "iotfleetwise:ListVehicles", - "iotsitewise:ListAccessPolicies", - "iotsitewise:ListAssetModels", - "iotsitewise:ListAssets", - "iotsitewise:ListDashboards", - "iotsitewise:ListGateways", - "iotsitewise:ListPortals", - "iotsitewise:ListProjects", - "iottwinmaker:ListComponentTypes", - "iottwinmaker:ListEntities", - "iottwinmaker:ListSyncJobs", - "iottwinmaker:ListWorkspaces", - "iotwireless:ListDestinations", - "iotwireless:ListDeviceProfiles", - "iotwireless:ListFuotaTasks", - "iotwireless:ListMulticastGroups", - "iotwireless:ListPartnerAccounts", - "iotwireless:ListServiceProfiles", - "iotwireless:ListWirelessDevices", - "iotwireless:ListWirelessGatewayTaskDefinitions", - "iotwireless:ListWirelessGateways", - "ivs:ListChannels", - "ivs:ListEncoderConfigurations", - "ivs:ListIngestConfigurations", - "ivs:ListPlaybackKeyPairs", - "ivs:ListPlaybackRestrictionPolicies", - "ivs:ListRecordingConfigurations", - "ivs:ListStorageConfigurations", - "ivs:ListStreamKeys", - "ivschat:ListLoggingConfigurations", - "ivschat:ListRooms", - "kafka:ListClusters", - "kafka:ListConfigurations", - "kendra:ListAccessControlConfigurations", - "kendra:ListDataSources", - "kendra:ListExperiences", - "kendra:ListFaqs", - "kendra:ListFeaturedResultsSets", - "kendra:ListIndices", - "kendra:ListQuerySuggestionsBlockLists", - "kendra:ListThesauri", - "kinesis:ListStreams", - "kinesisanalytics:ListApplications", - "kinesisvideo:ListSignalingChannels", - "kinesisvideo:ListStreams", - "kms:ListKeys", - "lambda:ListCodeSigningConfigs", - "lambda:ListEventSourceMappings", - "lambda:ListFunctions", - "lex:ListBotAliases", - "lex:ListBots", - "license-manager:ListDistributedGrants", - "lightsail:GetBuckets", - "lightsail:GetCertificates", - "lightsail:GetContainerServices", - "lightsail:GetDisks", - "logs:DescribeDestinations", - "logs:DescribeLogGroups", - "logs:ListTagsForResource", - "lookoutmetrics:ListAlerts", - "lookoutmetrics:ListAnomalyDetectors", - "lookoutvision:ListProjects", - "m2:ListEnvironments", - "macie2:ListAllowLists", - "macie2:ListCustomDataIdentifiers", - "macie2:ListFindingsFilters", - "managedblockchain:ListAccessors", - "mediapackage-vod:ListAssets", - "mediapackage-vod:ListPackagingConfigurations", - "mediapackage-vod:ListPackagingGroups", - "mediapackage:ListChannels", - "mediapackage:ListOriginEndpoints", - "mediastore:ListContainers", - "mediatailor:ListChannels", - "mediatailor:ListLiveSources", - "mediatailor:ListPlaybackConfigurations", - "mediatailor:ListSourceLocations", - "mediatailor:ListVodSources", - "memorydb:DescribeACLs", - "memorydb:DescribeClusters", - "memorydb:DescribeParameterGroups", - "memorydb:DescribeSnapshots", - "memorydb:DescribeSubnetGroups", - "memorydb:DescribeUsers", - "mobiletargeting:GetApps", - "mobiletargeting:GetCampaigns", - "mobiletargeting:GetSegments", - "mobiletargeting:ListTemplates", - "mq:ListBrokers", - "mq:ListConfigurations", - "network-firewall:ListFirewallPolicies", - "network-firewall:ListFirewalls", - "network-firewall:ListRuleGroups", - "networkmanager:DescribeGlobalNetworks", - "networkmanager:GetDevices", - "networkmanager:GetLinks", - "networkmanager:ListAttachments", - "networkmanager:ListCoreNetworks", - "oam:ListSinks", - "omics:ListReferenceStores", - "omics:ListRunGroups", - "omics:ListWorkflows", - "outposts:ListSites", - "organizations:DescribeResourcePolicy", - "organizations:ListPolicies", - "panorama:ListPackages", - "partnercentral:ListEngagementInvitations", - "partnercentral:ListEngagements", - "partnercentral:ListOpportunities", - "partnercentral:ListResourceSnapshotJobs", - "partnercentral:ListResourceSnapshots", - "personalize:ListDatasetGroups", - "personalize:ListDatasets", - "personalize:ListSchemas", - "personalize:ListSolutions", - "pipes:ListPipes", - "profile:ListDomains", - "profile:ListIntegrations", - "profile:ListProfileObjectTypes", - "proton:ListEnvironmentAccountConnections", - "proton:ListEnvironmentTemplates", - "proton:ListServiceTemplates", - "qldb:ListJournalKinesisStreamsForLedger", - "qldb:ListLedgers", - "quicksight:DescribeAccountSubscription", - "quicksight:ListDataSets", - "quicksight:ListDataSources", - "quicksight:ListTemplates", - "quicksight:ListThemes", - "ram:GetResourceShares", - "rds:DescribeBlueGreenDeployments", - "rds:DescribeDBClusterEndpoints", - "rds:DescribeDBClusterParameterGroups", - "rds:DescribeDBClusterSnapshots", - "rds:DescribeDBClusters", - "rds:DescribeDBEngineVersions", - "rds:DescribeDBInstanceAutomatedBackups", - "rds:DescribeDBInstances", - "rds:DescribeDBParameterGroups", - "rds:DescribeDBProxies", - "rds:DescribeDBProxyEndpoints", - "rds:DescribeDBSecurityGroups", - "rds:DescribeDBSnapshots", - "rds:DescribeDBSubnetGroups", - "rds:DescribeEventSubscriptions", - "rds:DescribeGlobalClusters", - "rds:DescribeOptionGroups", - "rds:DescribeReservedDBInstances", - "redshift:DescribeClusterParameterGroups", - "redshift:DescribeClusterSnapshots", - "redshift:DescribeClusterSubnetGroups", - "redshift:DescribeClusters", - "redshift:DescribeEventSubscriptions", - "redshift:DescribeHsmClientCertificates", - "redshift:DescribeSnapshotCopyGrants", - "redshift:DescribeSnapshotSchedules", - "redshift:DescribeUsageLimits", - "refactor-spaces:ListApplications", - "refactor-spaces:ListEnvironments", - "refactor-spaces:ListRoutes", - "refactor-spaces:ListServices", - "rekognition:DescribeProjects", - "resiliencehub:ListApps", - "resiliencehub:ListResiliencyPolicies", - "resource-explorer-2:GetIndex", - "resource-explorer-2:ListViews", - "resource-groups:ListGroups", - "route53-recovery-control-config:ListClusters", - "route53-recovery-control-config:ListControlPanels", - "route53-recovery-control-config:ListRoutingControls", - "route53-recovery-control-config:ListSafetyRules", - "route53-recovery-readiness:ListCells", - "route53-recovery-readiness:ListReadinessChecks", - "route53-recovery-readiness:ListRecoveryGroups", - "route53-recovery-readiness:ListResourceSets", - "route53:ListHealthChecks", - "route53:ListHostedZones", - "route53domains:ListDomains", - "route53resolver:ListFirewallDomainLists", - "route53resolver:ListFirewallRuleGroupAssociations", - "route53resolver:ListFirewallRuleGroups", - "route53resolver:ListResolverEndpoints", - "route53resolver:ListResolverQueryLogConfigs", - "route53resolver:ListResolverRules", - "rum:ListAppMonitors", - "s3:GetBucketLocation", - "s3:ListAccessPoints", - "s3:ListAllMyBuckets", - "s3:ListBucket", - "s3:ListMultiRegionAccessPoints", - "s3:ListStorageLensConfigurations", - "s3:ListStorageLensGroups", - "s3express:ListAllMyDirectoryBuckets", - "sagemaker:ListActions", - "sagemaker:ListAlgorithms", - "sagemaker:ListAppImageConfigs", - "sagemaker:ListApps", - "sagemaker:ListArtifacts", - "sagemaker:ListClusters", - "sagemaker:ListCodeRepositories", - "sagemaker:ListContexts", - "sagemaker:ListDomains", - "sagemaker:ListEndpointConfigs", - "sagemaker:ListEndpoints", - "sagemaker:ListExperiments", - "sagemaker:ListFeatureGroups", - "sagemaker:ListFlowDefinitions", - "sagemaker:ListHubContents", - "sagemaker:ListHubs", - "sagemaker:ListHumanTaskUis", - "sagemaker:ListImageVersions", - "sagemaker:ListImages", - "sagemaker:ListInferenceComponents", - "sagemaker:ListInferenceExperiments", - "sagemaker:ListMlflowTrackingServers", - "sagemaker:ListModelCardVersions", - "sagemaker:ListModelCards", - "sagemaker:ListModelPackageGroups", - "sagemaker:ListModelPackages", - "sagemaker:ListModels", - "sagemaker:ListMonitoringSchedules", - "sagemaker:ListNotebookInstanceLifecycleConfigs", - "sagemaker:ListNotebookInstances", - "sagemaker:ListPipelines", - "sagemaker:ListProjects", - "sagemaker:ListSpaces", - "sagemaker:ListStudioLifecycleConfigs", - "sagemaker:ListTrialComponents", - "sagemaker:ListTrials", - "sagemaker:ListUserProfiles", - "sagemaker:ListWorkforces", - "sagemaker:ListWorkteams", - "scheduler:ListScheduleGroups", - "schemas:ListDiscoverers", - "secretsmanager:ListSecrets", - "servicecatalog:ListApplications", - "servicecatalog:ListAttributeGroups", - "servicediscovery:ListServices", - "ses:ListConfigurationSets", - "ses:ListContactLists", - "ses:ListDedicatedIpPools", - "ses:ListEmailIdentities", - "shield:ListProtectionGroups", - "shield:ListProtections", - "signer:ListSigningProfiles", - "sns:ListTopics", - "sqs:ListQueues", - "ssm-incidents:ListResponsePlans", - "ssm:DescribeInstanceInformation", - "ssm:DescribeMaintenanceWindowTargets", - "ssm:DescribeMaintenanceWindowTasks", - "ssm:DescribeMaintenanceWindows", - "ssm:DescribeParameters", - "ssm:DescribeSessions", - "ssm:ListAssociations", - "ssm:ListDocuments", - "ssm:ListResourceDataSync", - "states:ListActivities", - "states:ListStateMachines", - "storagegateway:ListGateways", - "synthetics:DescribeCanaries", - "synthetics:ListGroups", - "transfer:ListAgreements", - "transfer:ListCertificates", - "transfer:ListConnectors", - "transfer:ListProfiles", - "transfer:ListServers", - "transfer:ListUsers", - "transfer:ListWorkflows", - "verifiedpermissions:ListPolicyStores", - "vpc-lattice:ListListeners", - "vpc-lattice:ListServiceNetworkServiceAssociations", - "vpc-lattice:ListServiceNetworks", - "vpc-lattice:ListServices", - "vpc-lattice:ListTargetGroups", - "wafv2:ListIPSets", - "wafv2:ListRegexPatternSets", - "wafv2:ListRuleGroups", - "wafv2:ListWebACLs", - "wisdom:ListAssistantAssociations", - "wisdom:ListAssistants", - "wisdom:ListContents", - "wisdom:ListKnowledgeBases", - "workspaces-web:ListPortals", - "workspaces:DescribeConnectionAliases", - "workspaces:DescribeWorkspaces" - ], - "Resource": "*" - }, - { - "Sid": "PermissionsForReadGetResources", - "Effect": "Allow", - "Action": [ - "cloudformation:GetResource", - "cloudfront:GetDistribution", - "cloudfront:GetDistributionConfig", - "dynamodb:DescribeContinuousBackups", - "dynamodb:DescribeContributorInsights", - "dynamodb:DescribeKinesisStreamingDestination", - "dynamodb:DescribeTable", - "dynamodb:GetResourcePolicy", - "dynamodb:ListTagsOfResource", - "ecs:ListTagsForResource", - "elasticloadbalancing:DescribeCapacityReservation", - "elasticloadbalancing:DescribeLoadBalancerAttributes", - "elasticloadbalancing:DescribeLoadBalancerPolicies", - "elasticloadbalancing:DescribeLoadBalancerPolicyTypes", - "elasticloadbalancing:DescribeTags", - "elasticloadbalancing:DescribeTargetGroupAttributes", - "elasticloadbalancing:DescribeTargetHealth", - "events:DescribeRule", - "events:ListTargetsByRule", - "iam:GetRole", - "iam:GetRolePolicy", - "iam:ListAttachedRolePolicies", - "iam:ListRolePolicies", - "kinesis:DescribeStreamSummary", - "kinesis:ListTagsForStream", - "lambda:GetEventSourceMapping", - "lambda:GetFunction", - "lambda:GetFunctionCodeSigningConfig", - "lambda:GetFunctionRecursionConfig", - "lambda:ListTags", - "logs:DescribeIndexPolicies", - "logs:GetDataProtectionPolicy", - "s3:GetAccelerateConfiguration", - "s3:GetAnalyticsConfiguration", - "s3:GetBucketCORS", - "s3:GetBucketLogging", - "s3:GetBucketMetadataTableConfiguration", - "s3:GetBucketNotification", - "s3:GetBucketObjectLockConfiguration", - "s3:GetBucketOwnershipControls", - "s3:GetBucketPublicAccessBlock", - "s3:GetBucketTagging", - "s3:GetBucketVersioning", - "s3:GetBucketWebsite", - "s3:GetEncryptionConfiguration", - "s3:GetIntelligentTieringConfiguration", - "s3:GetInventoryConfiguration", - "s3:GetLifecycleConfiguration", - "s3:GetMetricsConfiguration", - "s3:GetReplicationConfiguration", - "sns:GetDataProtectionPolicy", - "sns:GetTopicAttributes", - "sns:ListSubscriptionsByTopic", - "sns:ListTagsForResource", - "sqs:GetQueueAttributes", - "sqs:ListQueueTags" - ], - "Resource": "*" - } - ] - }, - "tags": [] - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "AWSResourceExplorerServiceRolePolicy", - "type": "AwsIamPolicy", - "uid": "arn:aws:iam::aws:policy/aws-service-role/AWSResourceExplorerServiceRolePolicy" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "It is more secure to start with a minimum set of permissions and grant additional permissions as necessary, rather than starting with permissions that are too lenient and then trying to tighten them later. List policies an analyze if permissions are the least possible to conduct business activities.", - "references": [ - "http://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html" - ] - }, - "risk_details": "IAM policies are the means by which privileges are granted to users, groups, or roles. It is recommended and considered a standard security advice to grant least privilegeβ€”that is, granting only the permissions required to perform a task. Determine what users need to do and then craft policies for them that let the users perform only those tasks instead of allowing full administrative privileges. Providing full administrative privileges instead of restricting to the minimum set of permissions that the user is required to do exposes the resources to potentially unwanted actions.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No SAML Providers found.", - "metadata": { - "event_code": "iam_check_saml_providers_sts", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "No SAML Providers found.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.21" - ], - "ENS-RD2022": [ - "op.acc.1.aws.iam.2" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.3", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.21" - ], - "CIS-5.0": [ - "1.20" - ], - "CIS-1.4": [ - "1.21" - ], - "CCC": [ - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR06" - ], - "ProwlerThreatScore-1.0": [ - "1.2.7" - ], - "CIS-1.5": [ - "1.21" - ], - "KISA-ISMS-P-2023": [ - "2.5.3", - "2.10.2" - ], - "CIS-2.0": [ - "1.21" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Check if there are SAML Providers then STS can be used", - "title": "Check if there are SAML Providers then STS can be used", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_check_saml_providers_sts-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:iam::211203495394:root" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Enable SAML provider and use temporary credentials. You can use temporary security credentials to make programmatic requests for AWS resources using the AWS CLI or AWS API (using the AWS SDKs ). The temporary credentials provide the same permissions that you have with use long-term security credentials such as IAM user credentials. In case of not having SAML provider capabilities prevent usage of long-lived credentials.", - "references": [ - "https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRoleWithSAML.html" - ] - }, - "risk_details": "Without SAML provider users with AWS CLI or AWS API access can use IAM static credentials. SAML helps users to assume role by default each time they authenticate.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Root account does not have access keys.", - "metadata": { - "event_code": "iam_no_root_access_key", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "PASS", - "status_detail": "Root account does not have access keys.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_1", - "3_1_2", - "3_1_4", - "3_1_5", - "3_1_6", - "3_1_7", - "3_4_6" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_1" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_308_a_3_i", - "164_308_a_3_ii_b", - "164_308_a_4_ii_c", - "164_312_a_2_i" - ], - "C5-2025": [ - "IAM-03.01B", - "IAM-03.03B", - "IAM-06.02B", - "IAM-10.01B", - "CRY-03.01B" - ], - "NIST-CSF-1.1": [ - "ac_1", - "ac_4", - "pt_3" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-1", - "ac-2-f", - "ac-2-j", - "ac-3", - "ac-5-c", - "ac-6-10", - "ac-6", - "ia-2" - ], - "CIS-3.0": [ - "1.4" - ], - "NIST-800-53-Revision-5": [ - "ac_2_1", - "ac_2_6", - "ac_3_3", - "ac_3_3_a", - "ac_3_3_b_1", - "ac_3_3_b_2", - "ac_3_3_b_3", - "ac_3_3_b_4", - "ac_3_3_b_5", - "ac_3_3_c", - "ac_3_4", - "ac_3_4_a", - "ac_3_4_b", - "ac_3_4_c", - "ac_3_4_d", - "ac_3_4_e", - "ac_3_7", - "ac_3_8", - "ac_3_12_a", - "ac_3_13", - "ac_3_15_a", - "ac_3_15_b", - "ac_4_28", - "ac_6", - "ac_6_2", - "ac_6_10", - "ac_24", - "cm_5_1_a", - "cm_6_a", - "cm_9_b", - "ia_2", - "ia_4_b", - "ia_4_4", - "ia_4_8", - "ia_5_8", - "mp_2", - "sc_23_3", - "sc_25" - ], - "ENS-RD2022": [ - "op.acc.4.aws.iam.7" - ], - "AWS-Foundational-Technical-Review": [ - "ARC-004" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.5", - "2.7.2", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.4" - ], - "PCI-4.0": [ - "7.2.1.17", - "7.2.2.17", - "7.2.3.8", - "8.2.1.4", - "8.2.2.6", - "8.2.4.4", - "8.2.5.4", - "8.3.11.4" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "ac-3", - "ia-2" - ], - "FFIEC": [ - "d3-pc-am-b-1", - "d3-pc-am-b-3", - "d3-pc-am-b-8" - ], - "GDPR": [ - "article_25" - ], - "CIS-5.0": [ - "1.3" - ], - "CIS-1.4": [ - "1.4" - ], - "CCC": [ - "CCC.Core.CN05.AR06" - ], - "GxP-21-CFR-Part-11": [ - "11.10-d", - "11.10-g", - "11.200" - ], - "ProwlerThreatScore-1.0": [ - "1.1.13" - ], - "AWS-Foundational-Security-Best-Practices": [ - "IAM.4" - ], - "CIS-1.5": [ - "1.4" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC01-BP02" - ], - "ISO27001-2022": [ - "A.5.15" - ], - "NIST-800-53-Revision-4": [ - "ac_2", - "ac_3", - "ac_6_10", - "ac_6" - ], - "AWS-Account-Security-Onboarding": [ - "Block root user" - ], - "KISA-ISMS-P-2023": [ - "2.5.5", - "2.7.2", - "2.10.2" - ], - "ISO27001-2013": [ - "A.9.2", - "A.9.4" - ], - "MITRE-ATTACK": [ - "T1078", - "T1550" - ], - "CIS-2.0": [ - "1.4" - ], - "CISA": [ - "your-systems-3", - "your-surroundings-3" - ], - "NIS2": [ - "9.2.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Ensure no root account access key exists", - "title": "Ensure no root account access key exists", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_no_root_access_key-211203495394-us-east-1-" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "user": "", - "arn": "arn:aws:iam::211203495394:root", - "user_creation_time": "2025-10-03T16:10:08Z", - "password_enabled": "true", - "password_last_used": "2025-10-15T00:42:44Z", - "password_last_changed": "2025-10-03T16:10:08Z", - "password_next_rotation": "not_supported", - "mfa_active": "true", - "access_key_1_active": "false", - "access_key_1_last_rotated": "N/A", - "access_key_1_last_used_date": "N/A", - "access_key_1_last_used_region": "N/A", - "access_key_1_last_used_service": "N/A", - "access_key_2_active": "false", - "access_key_2_last_rotated": "N/A", - "access_key_2_last_used_date": "N/A", - "access_key_2_last_used_region": "N/A", - "access_key_2_last_used_service": "N/A", - "cert_1_active": "false", - "cert_1_last_rotated": "N/A", - "cert_2_active": "false", - "cert_2_last_rotated": "N/A" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "", - "type": "AwsIamAccessKey", - "uid": "arn:aws:iam::211203495394:root" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Use the credential report to check the user and ensure the access_key_1_active and access_key_2_active fields are set to FALSE. If using AWS Organizations, consider enabling Centralized Root Management and removing individual root credentials.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_getting-report.html" - ] - }, - "risk_details": "The root account is the most privileged user in an AWS account. AWS Access Keys provide programmatic access to a given AWS account. It is recommended that all access keys associated with the root account be removed. Removing access keys associated with the root account limits vectors by which the account can be compromised. Removing the root access keys encourages the creation and use of role based accounts that are least privileged.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Password expiration is not set.", - "metadata": { - "event_code": "iam_password_policy_expires_passwords_within_90_days_or_less", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Password expiration is not set.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_5_5", - "3_5_6", - "3_5_7", - "3_5_8" - ], - "C5-2025": [ - "IAM-03.02B", - "IAM-08.03B", - "IAM-08.05B", - "PSS-07.01B" - ], - "ENS-RD2022": [ - "op.acc.6.aws.iam.3" - ], - "AWS-Foundational-Technical-Review": [ - "IAM-003" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.4", - "2.10.2" - ], - "PCI-4.0": [ - "8.3.6.1", - "8.6.3.2" - ], - "CCC": [ - "CCC.Core.CN05.AR02" - ], - "ProwlerThreatScore-1.0": [ - "1.1.12" - ], - "AWS-Foundational-Security-Best-Practices": [ - "IAM.7", - "IAM.10" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC03-BP06" - ], - "ISO27001-2022": [ - "A.5.15" - ], - "KISA-ISMS-P-2023": [ - "2.5.4", - "2.10.2" - ], - "ISO27001-2013": [ - "A.9.2", - "A.9.3", - "A.9.4" - ], - "MITRE-ATTACK": [ - "T1078", - "T1110" - ], - "NIS2": [ - "1.1.1.d", - "1.1.2", - "9.2.c.v", - "11.6.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Ensure IAM password policy expires passwords within 90 days or less", - "title": "Ensure IAM password policy expires passwords within 90 days or less", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_password_policy_expires_passwords_within_90_days_or_less-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "length": 8, - "symbols": false, - "numbers": false, - "uppercase": false, - "lowercase": false, - "allow_change": true, - "expiration": false, - "max_age": null, - "reuse_prevention": null, - "hard_expiry": null - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:iam:us-east-1:211203495394:password-policy" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Ensure Password expiration period (in days): is set to 90 or less.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_passwords_account-policy.html" - ] - }, - "risk_details": "Password policies are used to enforce password complexity requirements. IAM password policies can be used to ensure password are comprised of different character sets. It is recommended that the password policy require at least one uppercase letter.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "IAM password policy does not require at least one lowercase letter.", - "metadata": { - "event_code": "iam_password_policy_lowercase", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "IAM password policy does not require at least one lowercase letter.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_5_7" - ], - "HIPAA": [ - "164_308_a_5_ii_d" - ], - "C5-2025": [ - "IAM-08.03B", - "PSS-07.01B" - ], - "ENS-RD2022": [ - "op.acc.6.r1.aws.iam.1" - ], - "AWS-Foundational-Technical-Review": [ - "IAM-003" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.4", - "2.10.2" - ], - "FFIEC": [ - "d3-pc-am-b-6", - "d3-pc-am-b-7" - ], - "GDPR": [ - "article_25" - ], - "CCC": [ - "CCC.Core.CN05.AR02" - ], - "GxP-21-CFR-Part-11": [ - "11.10-d", - "11.10-g", - "11.200", - "11.300-b" - ], - "ProwlerThreatScore-1.0": [ - "1.1.8" - ], - "AWS-Foundational-Security-Best-Practices": [ - "IAM.7", - "IAM.10" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC02-BP01" - ], - "ISO27001-2022": [ - "A.5.15" - ], - "KISA-ISMS-P-2023": [ - "2.5.4", - "2.10.2" - ], - "ISO27001-2013": [ - "A.9.2", - "A.9.3", - "A.9.4" - ], - "MITRE-ATTACK": [ - "T1078", - "T1110" - ], - "CISA": [ - "your-systems-3", - "your-surroundings-4" - ], - "NIS2": [ - "9.2.c.v", - "11.6.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Ensure IAM password policy requires at least one uppercase letter", - "title": "Ensure IAM password policy require at least one lowercase letter", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_password_policy_lowercase-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "length": 8, - "symbols": false, - "numbers": false, - "uppercase": false, - "lowercase": false, - "allow_change": true, - "expiration": false, - "max_age": null, - "reuse_prevention": null, - "hard_expiry": null - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:iam:us-east-1:211203495394:password-policy" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Ensure \"Requires at least one lowercase letter\" is checked under \"Password Policy\".", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_passwords_account-policy.html" - ] - }, - "risk_details": "Password policies are used to enforce password complexity requirements. IAM password policies can be used to ensure password are comprised of different character sets. It is recommended that the password policy require at least one lowercase letter.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "IAM password policy does not require minimum length of 14 characters.", - "metadata": { - "event_code": "iam_password_policy_minimum_length_14", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "IAM password policy does not require minimum length of 14 characters.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_5_7" - ], - "HIPAA": [ - "164_308_a_5_ii_d" - ], - "C5-2025": [ - "IAM-08.03B", - "PSS-07.01B" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-1", - "ac-2-f", - "ac-2-j", - "ac-2-3", - "ac-5-c", - "ia-2", - "ia-5-1-a-d-e", - "ia-5-4" - ], - "CIS-3.0": [ - "1.8" - ], - "NIST-800-53-Revision-5": [ - "ac_2_1", - "ac_2_3_a", - "ac_2_3_b", - "ac_2_3_c", - "ac_2_3_d", - "ac_2_3", - "ac_2_d_1", - "ac_3_3", - "ac_3_3_a", - "ac_3_3_b_1", - "ac_3_3_b_2", - "ac_3_3_b_3", - "ac_3_3_b_4", - "ac_3_3_b_5", - "ac_3_3_c", - "ac_3_4", - "ac_3_4_a", - "ac_3_4_b", - "ac_3_4_c", - "ac_3_4_d", - "ac_3_4_e", - "ac_3_8", - "ac_3_12_a", - "ac_3_13", - "ac_3_15_a", - "ac_3_15_b", - "ac_4_28", - "ac_7_4", - "ac_7_4_a", - "ac_24", - "cm_5_1_a", - "cm_6_a", - "cm_9_b", - "cm_12_b", - "ia_4_d", - "ia_5", - "ia_5_b", - "ia_5_c", - "ia_5_d", - "ia_5_f", - "ia_5_h", - "ia_5_1_f", - "ia_5_1_g", - "ia_5_1_h", - "ia_5_1_h", - "ia_5_18_a", - "ia_5_18_b", - "ia_8_2_b", - "ma_4_c", - "sc_23_3" - ], - "ENS-RD2022": [ - "op.acc.6.r1.aws.iam.1" - ], - "AWS-Foundational-Technical-Review": [ - "IAM-003" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.4", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.8" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "ia-2" - ], - "FFIEC": [ - "d3-pc-am-b-6", - "d3-pc-am-b-7" - ], - "GDPR": [ - "article_25" - ], - "CIS-5.0": [ - "1.7" - ], - "CIS-1.4": [ - "1.8" - ], - "CCC": [ - "CCC.Core.CN05.AR02" - ], - "GxP-21-CFR-Part-11": [ - "11.10-d", - "11.10-g", - "11.200", - "11.300-b" - ], - "ProwlerThreatScore-1.0": [ - "1.1.4" - ], - "AWS-Foundational-Security-Best-Practices": [ - "IAM.7", - "IAM.10" - ], - "CIS-1.5": [ - "1.8" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC02-BP01" - ], - "ISO27001-2022": [ - "A.5.15" - ], - "KISA-ISMS-P-2023": [ - "2.5.4", - "2.10.2" - ], - "ISO27001-2013": [ - "A.9.2", - "A.9.3", - "A.9.4" - ], - "MITRE-ATTACK": [ - "T1078", - "T1110" - ], - "CIS-2.0": [ - "1.8" - ], - "CISA": [ - "your-systems-3", - "your-surroundings-4" - ], - "NIS2": [ - "9.2.c.v" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Ensure IAM password policy requires minimum length of 14 or greater", - "title": "Ensure IAM password policy requires minimum length of 14 or greater", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_password_policy_minimum_length_14-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "length": 8, - "symbols": false, - "numbers": false, - "uppercase": false, - "lowercase": false, - "allow_change": true, - "expiration": false, - "max_age": null, - "reuse_prevention": null, - "hard_expiry": null - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:iam:us-east-1:211203495394:password-policy" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Ensure \"Minimum password length\" is checked under \"Password Policy\".", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_passwords_account-policy.html" - ] - }, - "risk_details": "Password policies are used to enforce password complexity requirements. IAM password policies can be used to ensure password are comprised of different character sets. It is recommended that the password policy require minimum length of 14 or greater.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "IAM password policy does not require at least one number.", - "metadata": { - "event_code": "iam_password_policy_number", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "IAM password policy does not require at least one number.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_5_7" - ], - "HIPAA": [ - "164_308_a_5_ii_d" - ], - "C5-2025": [ - "IAM-08.03B", - "IAM-08.05B", - "PSS-07.01B" - ], - "ENS-RD2022": [ - "op.acc.6.r1.aws.iam.1" - ], - "AWS-Foundational-Technical-Review": [ - "IAM-003" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.4", - "2.10.2" - ], - "FFIEC": [ - "d3-pc-am-b-6", - "d3-pc-am-b-7" - ], - "GDPR": [ - "article_25" - ], - "CCC": [ - "CCC.Core.CN05.AR02" - ], - "GxP-21-CFR-Part-11": [ - "11.10-d", - "11.10-g", - "11.200", - "11.300-b" - ], - "ProwlerThreatScore-1.0": [ - "1.1.6" - ], - "AWS-Foundational-Security-Best-Practices": [ - "IAM.7", - "IAM.10" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC02-BP01" - ], - "ISO27001-2022": [ - "A.5.15" - ], - "KISA-ISMS-P-2023": [ - "2.5.4", - "2.10.2" - ], - "ISO27001-2013": [ - "A.9.2", - "A.9.3", - "A.9.4" - ], - "MITRE-ATTACK": [ - "T1078", - "T1110" - ], - "CISA": [ - "your-systems-3", - "your-surroundings-4" - ], - "NIS2": [ - "9.2.c.v" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Ensure IAM password policy require at least one number", - "title": "Ensure IAM password policy require at least one number", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_password_policy_number-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "length": 8, - "symbols": false, - "numbers": false, - "uppercase": false, - "lowercase": false, - "allow_change": true, - "expiration": false, - "max_age": null, - "reuse_prevention": null, - "hard_expiry": null - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:iam:us-east-1:211203495394:password-policy" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Ensure \"Require at least one number\" is checked under \"Password Policy\".", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_passwords_account-policy.html" - ] - }, - "risk_details": "Password policies are used to enforce password complexity requirements. IAM password policies can be used to ensure password are comprised of different character sets. It is recommended that the password policy require at least one number.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "IAM password policy reuse prevention is less than 24 or not set.", - "metadata": { - "event_code": "iam_password_policy_reuse_24", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "IAM password policy reuse prevention is less than 24 or not set.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_5_5", - "3_5_6", - "3_5_7", - "3_5_8" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_2" - ], - "HIPAA": [ - "164_308_a_4_ii_c", - "164_308_a_5_ii_d", - "164_312_d" - ], - "C5-2025": [ - "IAM-01.03B", - "IAM-03.02B", - "IAM-03.03B", - "IAM-03.01AS", - "IAM-08.03B", - "IAM-08.05B", - "IAM-08.07B", - "PSS-07.01B" - ], - "NIST-CSF-1.1": [ - "ac_1" - ], - "CIS-3.0": [ - "1.9" - ], - "ENS-RD2022": [ - "op.acc.6.r1.aws.iam.1" - ], - "AWS-Foundational-Technical-Review": [ - "IAM-003" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.4", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.9" - ], - "GDPR": [ - "article_25" - ], - "PCI-3.2.1": [ - "8.1", - "8.1.4", - "8.2", - "8.2.3", - "8.2.3.a", - "8.2.3.b", - "8.2.4", - "8.2.4.a", - "8.2.4.b", - "8.2.5", - "8.2.5.a", - "8.2.5.b" - ], - "CIS-5.0": [ - "1.8" - ], - "CIS-1.4": [ - "1.9" - ], - "CCC": [ - "CCC.Core.CN05.AR02" - ], - "ProwlerThreatScore-1.0": [ - "1.1.5" - ], - "AWS-Foundational-Security-Best-Practices": [ - "IAM.7", - "IAM.10" - ], - "CIS-1.5": [ - "1.9" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC02-BP01" - ], - "ISO27001-2022": [ - "A.5.15" - ], - "NIST-800-53-Revision-4": [ - "ac_2_1", - "ac_2", - "ia_2", - "ia_5_1", - "ia_5_4" - ], - "KISA-ISMS-P-2023": [ - "2.5.4", - "2.10.2" - ], - "ISO27001-2013": [ - "A.9.2", - "A.9.3", - "A.9.4" - ], - "MITRE-ATTACK": [ - "T1078", - "T1110" - ], - "CIS-2.0": [ - "1.9" - ], - "NIS2": [ - "9.2.c.v" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Ensure IAM password policy prevents password reuse: 24 or greater", - "title": "Ensure IAM password policy prevents password reuse: 24 or greater", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_password_policy_reuse_24-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "length": 8, - "symbols": false, - "numbers": false, - "uppercase": false, - "lowercase": false, - "allow_change": true, - "expiration": false, - "max_age": null, - "reuse_prevention": null, - "hard_expiry": null - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:iam:us-east-1:211203495394:password-policy" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Ensure \"Number of passwords to remember\" is set to 24.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_passwords_account-policy.html" - ] - }, - "risk_details": "Password policies are used to enforce password complexity requirements. IAM password policies can be used to ensure password are comprised of different character sets. It is recommended that the password policy prevents at least password reuse of 24 or greater.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "IAM password policy does not require at least one symbol.", - "metadata": { - "event_code": "iam_password_policy_symbol", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "IAM password policy does not require at least one symbol.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_5_7" - ], - "HIPAA": [ - "164_308_a_5_ii_d" - ], - "C5-2025": [ - "IAM-08.03B", - "PSS-07.01B" - ], - "ENS-RD2022": [ - "op.acc.6.r1.aws.iam.1" - ], - "AWS-Foundational-Technical-Review": [ - "IAM-003" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.4", - "2.10.2" - ], - "FFIEC": [ - "d3-pc-am-b-6", - "d3-pc-am-b-7" - ], - "GDPR": [ - "article_25" - ], - "CCC": [ - "CCC.Core.CN05.AR02" - ], - "GxP-21-CFR-Part-11": [ - "11.10-d", - "11.10-g", - "11.200", - "11.300-b" - ], - "ProwlerThreatScore-1.0": [ - "1.1.7" - ], - "AWS-Foundational-Security-Best-Practices": [ - "IAM.7", - "IAM.10" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC02-BP01" - ], - "ISO27001-2022": [ - "A.5.15" - ], - "KISA-ISMS-P-2023": [ - "2.5.4", - "2.10.2" - ], - "ISO27001-2013": [ - "A.9.2", - "A.9.3", - "A.9.4" - ], - "MITRE-ATTACK": [ - "T1078", - "T1110" - ], - "CISA": [ - "your-systems-3", - "your-surroundings-4" - ], - "NIS2": [ - "9.2.c.v" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Ensure IAM password policy require at least one symbol", - "title": "Ensure IAM password policy require at least one symbol", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_password_policy_symbol-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "length": 8, - "symbols": false, - "numbers": false, - "uppercase": false, - "lowercase": false, - "allow_change": true, - "expiration": false, - "max_age": null, - "reuse_prevention": null, - "hard_expiry": null - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:iam:us-east-1:211203495394:password-policy" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Ensure \"Require at least one non-alphanumeric character\" is checked under \"Password Policy\".", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_passwords_account-policy.html" - ] - }, - "risk_details": "Password policies are used to enforce password complexity requirements. IAM password policies can be used to ensure password are comprised of different character sets. It is recommended that the password policy require at least one non-alphanumeric character.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "IAM password policy does not require at least one uppercase letter.", - "metadata": { - "event_code": "iam_password_policy_uppercase", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "IAM password policy does not require at least one uppercase letter.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_5_7" - ], - "HIPAA": [ - "164_308_a_5_ii_d" - ], - "C5-2025": [ - "IAM-08.03B", - "IAM-08.05B", - "PSS-07.01B" - ], - "ENS-RD2022": [ - "op.acc.6.r1.aws.iam.1" - ], - "AWS-Foundational-Technical-Review": [ - "IAM-003" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.4", - "2.10.2" - ], - "FFIEC": [ - "d3-pc-am-b-6", - "d3-pc-am-b-7" - ], - "GDPR": [ - "article_25" - ], - "CCC": [ - "CCC.Core.CN05.AR02" - ], - "GxP-21-CFR-Part-11": [ - "11.10-d", - "11.10-g", - "11.200", - "11.300-b" - ], - "ProwlerThreatScore-1.0": [ - "1.1.9" - ], - "AWS-Foundational-Security-Best-Practices": [ - "IAM.7", - "IAM.10" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC02-BP01" - ], - "ISO27001-2022": [ - "A.5.15" - ], - "KISA-ISMS-P-2023": [ - "2.5.4", - "2.10.2" - ], - "ISO27001-2013": [ - "A.9.2", - "A.9.3", - "A.9.4" - ], - "MITRE-ATTACK": [ - "T1078", - "T1110" - ], - "CISA": [ - "your-systems-3", - "your-surroundings-4" - ], - "NIS2": [ - "9.2.c.v" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Ensure IAM password policy requires at least one uppercase letter", - "title": "Ensure IAM password policy requires at least one uppercase letter", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_password_policy_uppercase-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "length": 8, - "symbols": false, - "numbers": false, - "uppercase": false, - "lowercase": false, - "allow_change": true, - "expiration": false, - "max_age": null, - "reuse_prevention": null, - "hard_expiry": null - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:iam:us-east-1:211203495394:password-policy" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Ensure \"Requires at least one uppercase letter\" is checked under \"Password Policy\".", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_passwords_account-policy.html" - ] - }, - "risk_details": "Password policies are used to enforce password complexity requirements. IAM password policies can be used to ensure password are comprised of different character sets. It is recommended that the password policy require at least one uppercase letter.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User terraform-user has the policy AdministratorAccess attached.", - "metadata": { - "event_code": "iam_policy_attached_only_to_group_or_roles", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "User terraform-user has the policy AdministratorAccess attached.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "CAF Security Epic: IAM", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_4_6" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_1" - ], - "SOC2": [ - "cc_1_3" - ], - "C5-2025": [ - "IAM-01.01B", - "IAM-01.04B", - "PSS-09.01AC" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-1", - "ac-2-f", - "ac-2-j", - "ac-3", - "ac-5-c", - "sc-2" - ], - "CIS-3.0": [ - "1.15" - ], - "NIST-800-53-Revision-5": [ - "ac_2_1", - "ac_2_6", - "ac_2_i_2", - "ac_3", - "ac_3_3", - "ac_3_3_a", - "ac_3_3_b_1", - "ac_3_3_b_2", - "ac_3_3_b_3", - "ac_3_3_b_4", - "ac_3_3_b_5", - "ac_3_3_c", - "ac_3_4", - "ac_3_4_a", - "ac_3_4_b", - "ac_3_4_c", - "ac_3_4_d", - "ac_3_4_e", - "ac_3_7", - "ac_3_8", - "ac_3_12_a", - "ac_3_13", - "ac_3_15_a", - "ac_3_15_b", - "ac_4_28", - "ac_6", - "ac_6_3", - "ac_24", - "cm_5_1_a", - "cm_6_a", - "cm_9_b", - "mp_2", - "sc_23_3" - ], - "ENS-RD2022": [ - "op.exp.8.r4.aws.ct.8", - "op.exp.8.r4.aws.ct.1" - ], - "AWS-Foundational-Technical-Review": [ - "IAM-006", - "IAM-0012" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.15" - ], - "PCI-4.0": [ - "7.2.1.12", - "7.2.1.13", - "7.2.2.12", - "7.2.2.13", - "7.2.5.8", - "7.2.5.9", - "7.3.1.8", - "7.3.1.9", - "7.3.2.8", - "7.3.2.9", - "7.3.3.8", - "7.3.3.9", - "8.2.1.3", - "8.2.2.5", - "8.2.4.3", - "8.2.5.3", - "8.2.7.8", - "8.2.7.9", - "8.2.8.10", - "8.2.8.11", - "8.3.11.3", - "8.3.4.8", - "8.3.4.9" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "ac-3" - ], - "FFIEC": [ - "d3-pc-am-b-1", - "d3-pc-im-b-7" - ], - "CIS-5.0": [ - "1.14" - ], - "CIS-1.4": [ - "1.15" - ], - "CCC": [ - "CCC.LB.CN04.AR01", - "CCC.LB.CN05.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN05.AR01", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR06" - ], - "GxP-21-CFR-Part-11": [ - "11.10-d", - "11.10-g" - ], - "ProwlerThreatScore-1.0": [ - "1.2.1", - "1.2.2" - ], - "CIS-1.5": [ - "1.15" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC02-BP06" - ], - "ISO27001-2022": [ - "A.5.15" - ], - "NIST-800-53-Revision-4": [ - "ac_6" - ], - "AWS-Account-Security-Onboarding": [ - "Predefine IAM Roles" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.6", - "2.10.2" - ], - "ISO27001-2013": [ - "A.9.2", - "A.9.4" - ], - "CIS-2.0": [ - "1.15" - ], - "NIS2": [ - "1.2.1", - "2.1.2.f", - "11.2.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Ensure IAM policies are attached only to groups or roles", - "title": "Ensure IAM policies are attached only to groups or roles", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_policy_attached_only_to_group_or_roles-211203495394-us-east-1-terraform-user/AdministratorAccess" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "terraform-user", - "arn": "arn:aws:iam::211203495394:user/terraform-user", - "mfa_devices": [], - "password_last_used": null, - "console_access": false, - "attached_policies": [ - { - "PolicyName": "AdministratorAccess", - "PolicyArn": "arn:aws:iam::aws:policy/AdministratorAccess" - } - ], - "inline_policies": [], - "tags": [ - { - "Key": "CCC_INFRA_DONT_DELETE", - "Value": "True" - }, - { - "Key": "Preexisting", - "Value": "20251012" - } - ] - } - }, - "group": { - "name": "iam" - }, - "labels": [ - "CCC_INFRA_DONT_DELETE:True", - "Preexisting:20251012" - ], - "name": "terraform-user/AdministratorAccess", - "type": "AwsIamPolicy", - "uid": "arn:aws:iam::211203495394:user/terraform-user" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Remove any policy attached directly to the user. Use groups or roles instead.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html" - ] - }, - "risk_details": "By default IAM users, groups, and roles have no access to AWS resources. IAM policies are the means by which privileges are granted to users, groups, or roles. It is recommended that IAM policies be applied directly to groups and roles but not users. Assigning privileges at the group or role level reduces the complexity of access management as the number of users grow. Reducing access management complexity may in-turn reduce opportunity for a principal to inadvertently receive or retain excessive privileges.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "AWS CloudShellFullAccess policy is not attached to any IAM entity.", - "metadata": { - "event_code": "iam_policy_cloudshell_admin_not_attached", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "AWS CloudShellFullAccess policy is not attached to any IAM entity.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/config/latest/developerguide/iam-policy-blacklisted-check.html", - "categories": [ - "trustboundaries" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-02.01B", - "SP-01.04B", - "HR-01.01B", - "IAM-01.01B", - "IAM-01.04B", - "IAM-06.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.22" - ], - "PCI-4.0": [ - "7.2.1.14", - "7.2.1.15", - "7.2.1.16", - "7.2.2.14", - "7.2.2.15", - "7.2.2.16", - "7.2.3.7", - "7.2.5.10", - "7.2.5.11", - "7.2.5.12", - "7.3.1.10", - "7.3.1.11", - "7.3.1.12", - "7.3.2.10", - "7.3.2.11", - "7.3.2.12", - "7.3.3.10", - "7.3.3.11", - "7.3.3.12", - "8.2.7.10", - "8.2.7.11", - "8.2.7.12", - "8.2.8.12", - "8.2.8.13", - "8.2.8.14", - "8.3.4.10", - "8.3.4.11", - "8.3.4.12" - ], - "CIS-5.0": [ - "1.21" - ], - "ProwlerThreatScore-1.0": [ - "1.3.2" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-2.0": [ - "1.22" - ], - "NIS2": [ - "1.2.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "This control checks whether an IAM identity (user, role, or group) has the AWS managed policy AWSCloudShellFullAccess attached. The control fails if an IAM identity has the AWSCloudShellFullAccess policy attached.", - "title": "Check if IAM identities (users,groups,roles) have the AWSCloudShellFullAccess policy attached.", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_policy_cloudshell_admin_not_attached-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "Users": [], - "Groups": [], - "Roles": [] - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "211203495394", - "type": "AwsIamPolicy", - "uid": "arn:aws:iam::aws:policy/AWSCloudShellFullAccess" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Detach the AWSCloudShellFullAccess policy from the IAM identity to restrict excessive permissions and adhere to the principle of least privilege.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_manage-attach-detach.html" - ] - }, - "risk_details": "Attaching the AWSCloudShellFullAccess policy to IAM identities grants broad permissions, including internet access and file transfer capabilities, which can lead to security risks such as data exfiltration. The principle of least privilege should be followed to avoid excessive permissions.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "IAM Role TerraformRole has AdministratorAccess policy attached.", - "metadata": { - "event_code": "iam_role_administratoraccess_policy", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "IAM Role TerraformRole has AdministratorAccess policy attached.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_job-functions.html#jf_administrator", - "categories": [ - "trustboundaries" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "CAF Security Epic: IAM", - "compliance": { - "C5-2025": [ - "OIS-02.01B", - "OIS-04.03B", - "SP-01.04B", - "HR-01.01B", - "HR-04.01B", - "IAM-01.01B", - "IAM-01.04B", - "IAM-03.01B", - "IAM-06.01B", - "IAM-10.01B" - ], - "AWS-Foundational-Technical-Review": [ - "IAM-0012" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.LB.CN04.AR01", - "CCC.LB.CN05.AR01", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "NIS2": [ - "1.2.1", - "11.3.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Ensure IAM Roles do not have AdministratorAccess policy attached", - "title": "Ensure IAM Roles do not have AdministratorAccess policy attached", - "types": [], - "uid": "prowler-aws-iam_role_administratoraccess_policy-211203495394-us-east-1-TerraformRole" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "TerraformRole", - "arn": "arn:aws:iam::211203495394:role/TerraformRole", - "assume_role_policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Principal": { - "Federated": "arn:aws:iam::211203495394:oidc-provider/token.actions.githubusercontent.com" - }, - "Action": "sts:AssumeRoleWithWebIdentity", - "Condition": { - "StringEquals": { - "token.actions.githubusercontent.com:aud": "sts.amazonaws.com" - }, - "StringLike": { - "token.actions.githubusercontent.com:sub": [ - "repo:finos-labs/ccc-cfi-compliance:ref:refs/heads/*", - "repo:finos-labs/ccc-cfi-compliance:ref:refs/tags/*", - "repo:finos-labs/ccc-cfi-compliance:pull_request", - "repo:finos-labs/ccc-cfi-compliance:environment:*" - ] - } - } - } - ] - }, - "is_service_role": false, - "attached_policies": [ - { - "PolicyName": "AdministratorAccess", - "PolicyArn": "arn:aws:iam::aws:policy/AdministratorAccess" - } - ], - "inline_policies": [], - "tags": [ - { - "Key": "CCC_INFRA_DONT_DELETE", - "Value": "True" - }, - { - "Key": "Preexisting", - "Value": "20251012" - } - ] - } - }, - "group": { - "name": "iam" - }, - "labels": [ - "CCC_INFRA_DONT_DELETE:True", - "Preexisting:20251012" - ], - "name": "TerraformRole", - "type": "AwsIamRole", - "uid": "arn:aws:iam::211203495394:role/TerraformRole" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Apply the principle of least privilege. Instead of AdministratorAccess, assign only the permissions necessary for specific roles and tasks. Create custom IAM policies with minimal permissions based on the principle of least privilege.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#grant-least-privilege" - ] - }, - "risk_details": "The AWS-managed AdministratorAccess policy grants all actions for all AWS services and for all resources in the account and as such exposes the customer to a significant data leakage threat. It should be granted very conservatively. For granting access to 3rd party vendors, consider using alternative managed policies, such as ViewOnlyAccess or SecurityAudit.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "IAM Role TerraformRole does not have ReadOnlyAccess policy.", - "metadata": { - "event_code": "iam_role_cross_account_readonlyaccess_policy", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "IAM Role TerraformRole does not have ReadOnlyAccess policy.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_job-functions.html#awsmp_readonlyaccess", - "categories": [ - "trustboundaries" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "CAF Security Epic: IAM", - "compliance": { - "C5-2025": [ - "OIS-04.03B", - "IAM-01.01B", - "IAM-01.04B", - "IAM-06.02B", - "IAM-10.01B", - "PSS-09.01AC" - ], - "AWS-Foundational-Technical-Review": [ - "IAM-0012" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.6", - "2.10.2" - ], - "CCC": [ - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR06" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.6", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1078" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Ensure IAM Roles do not have ReadOnlyAccess access for external AWS accounts", - "title": "Ensure IAM Roles do not have ReadOnlyAccess access for external AWS accounts", - "types": [], - "uid": "prowler-aws-iam_role_cross_account_readonlyaccess_policy-211203495394-us-east-1-TerraformRole" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "TerraformRole", - "arn": "arn:aws:iam::211203495394:role/TerraformRole", - "assume_role_policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Principal": { - "Federated": "arn:aws:iam::211203495394:oidc-provider/token.actions.githubusercontent.com" - }, - "Action": "sts:AssumeRoleWithWebIdentity", - "Condition": { - "StringEquals": { - "token.actions.githubusercontent.com:aud": "sts.amazonaws.com" - }, - "StringLike": { - "token.actions.githubusercontent.com:sub": [ - "repo:finos-labs/ccc-cfi-compliance:ref:refs/heads/*", - "repo:finos-labs/ccc-cfi-compliance:ref:refs/tags/*", - "repo:finos-labs/ccc-cfi-compliance:pull_request", - "repo:finos-labs/ccc-cfi-compliance:environment:*" - ] - } - } - } - ] - }, - "is_service_role": false, - "attached_policies": [ - { - "PolicyName": "AdministratorAccess", - "PolicyArn": "arn:aws:iam::aws:policy/AdministratorAccess" - } - ], - "inline_policies": [], - "tags": [ - { - "Key": "CCC_INFRA_DONT_DELETE", - "Value": "True" - }, - { - "Key": "Preexisting", - "Value": "20251012" - } - ] - } - }, - "group": { - "name": "iam" - }, - "labels": [ - "CCC_INFRA_DONT_DELETE:True", - "Preexisting:20251012" - ], - "name": "TerraformRole", - "type": "AwsIamRole", - "uid": "arn:aws:iam::211203495394:role/TerraformRole" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Remove the AWS-managed ReadOnlyAccess policy from all roles that have a trust policy, including third-party cloud accounts, or remove third-party cloud accounts from the trust policy of all roles that need the ReadOnlyAccess policy.", - "references": [ - "https://docs.securestate.vmware.com/rule-docs/aws-iam-role-cross-account-readonlyaccess-policy" - ] - }, - "risk_details": "The AWS-managed ReadOnlyAccess policy is highly potent and exposes the customer to a significant data leakage threat. It should be granted very conservatively. For granting access to 3rd party vendors, consider using alternative managed policies, such as ViewOnlyAccess or SecurityAudit.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Root account has a virtual MFA instead of a hardware MFA device enabled.", - "metadata": { - "event_code": "iam_root_hardware_mfa_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "FAIL", - "status_detail": "Root account has a virtual MFA instead of a hardware MFA device enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_1", - "3_1_2", - "3_5_3" - ], - "HIPAA": [ - "164_308_a_3_ii_a", - "164_312_d" - ], - "C5-2025": [ - "OPS-16.01B", - "IAM-08.05B", - "IAM-09.02B", - "IAM-09.01AC", - "PSS-05.01B", - "PSS-07.02B" - ], - "NIST-CSF-1.1": [ - "ac_3", - "ac_7" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-1", - "ac-2-f", - "ia-2-1-2", - "ia-2-1" - ], - "CIS-3.0": [ - "1.6" - ], - "NIST-800-53-Revision-5": [ - "ac_2_1", - "ac_3_2", - "ac_3_3", - "ac_3_3_a", - "ac_3_3_b_1", - "ac_3_3_b_2", - "ac_3_3_b_3", - "ac_3_3_b_4", - "ac_3_3_b_5", - "ac_3_3_c", - "ac_3_4", - "ac_3_4_a", - "ac_3_4_b", - "ac_3_4_c", - "ac_3_4_d", - "ac_3_4_e", - "ac_3_8", - "ac_3_12_a", - "ac_3_13", - "ac_3_15_a", - "ac_3_15_b", - "ac_4_28", - "ac_7_4", - "ac_7_4_a", - "ac_24", - "cm_5_1_a", - "cm_6_a", - "cm_9_b", - "ia_2_1", - "ia_2_2", - "ia_2_6", - "ia_2_6_a", - "ia_2_8", - "sc_23_3" - ], - "ENS-RD2022": [ - "op.acc.6.r4.aws.iam.1" - ], - "AWS-Foundational-Technical-Review": [ - "ARC-003", - "IAM-001", - "IAM-0012" - ], - "AWS-Audit-Manager-Control-Tower-Guardrails": [ - "3.0.3" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.3", - "2.5.5", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.6" - ], - "PCI-4.0": [ - "8.4.1.3", - "8.4.2.3", - "8.4.3.3" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "ia-2" - ], - "FFIEC": [ - "d3-pc-am-b-15", - "d3-pc-am-b-3", - "d3-pc-am-b-6" - ], - "GDPR": [ - "article_25" - ], - "CIS-5.0": [ - "1.5" - ], - "CIS-1.4": [ - "1.6" - ], - "CCC": [ - "CCC.Core.CN03.AR01", - "CCC.Core.CN03.AR02", - "CCC.Core.CN03.AR03", - "CCC.Core.CN03.AR04", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR06" - ], - "GxP-21-CFR-Part-11": [ - "11.10-d", - "11.10-g", - "11.200" - ], - "ProwlerThreatScore-1.0": [ - "1.1.2" - ], - "AWS-Foundational-Security-Best-Practices": [ - "IAM.6" - ], - "CIS-1.5": [ - "1.6" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC01-BP02" - ], - "NIST-800-53-Revision-4": [ - "ia_2_1", - "ia_2_11" - ], - "AWS-Account-Security-Onboarding": [ - "Root user - distribution email + MFA" - ], - "KISA-ISMS-P-2023": [ - "2.5.3", - "2.5.5", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1078", - "T1098", - "T1556", - "T1550", - "T1110", - "T1040" - ], - "CIS-2.0": [ - "1.6" - ], - "CISA": [ - "your-systems-3", - "your-surroundings-2" - ], - "NIS2": [ - "11.6.1", - "11.7.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Ensure only hardware MFA is enabled for the root account", - "title": "Ensure only hardware MFA is enabled for the root account", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_root_hardware_mfa_enabled-211203495394-us-east-1-" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "user": "", - "arn": "arn:aws:iam::211203495394:root", - "user_creation_time": "2025-10-03T16:10:08Z", - "password_enabled": "true", - "password_last_used": "2025-10-15T00:42:44Z", - "password_last_changed": "2025-10-03T16:10:08Z", - "password_next_rotation": "not_supported", - "mfa_active": "true", - "access_key_1_active": "false", - "access_key_1_last_rotated": "N/A", - "access_key_1_last_used_date": "N/A", - "access_key_1_last_used_region": "N/A", - "access_key_1_last_used_service": "N/A", - "access_key_2_active": "false", - "access_key_2_last_rotated": "N/A", - "access_key_2_last_used_date": "N/A", - "access_key_2_last_used_region": "N/A", - "access_key_2_last_used_service": "N/A", - "cert_1_active": "false", - "cert_1_last_rotated": "N/A", - "cert_2_active": "false", - "cert_2_last_rotated": "N/A" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "", - "type": "AwsIamUser", - "uid": "arn:aws:iam::211203495394:mfa" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Using IAM console navigate to Dashboard and expand Activate MFA on your root account. If using AWS Organizations, consider enabling Centralized Root Management and removing individual root credentials.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_root-user.html#id_root-user_manage_mfa" - ] - }, - "risk_details": "The root account is the most privileged user in an AWS account. MFA adds an extra layer of protection on top of a user name and password. With MFA enabled when a user signs in to an AWS website they will be prompted for their user name and password as well as for an authentication code from their AWS MFA device. For Level 2 it is recommended that the root account be protected with only a hardware MFA.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "MFA is enabled for root account.", - "metadata": { - "event_code": "iam_root_mfa_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "PASS", - "status_detail": "MFA is enabled for root account.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_1", - "3_1_2", - "3_5_2", - "3_5_3" - ], - "HIPAA": [ - "164_308_a_3_ii_a", - "164_312_d" - ], - "C5-2025": [ - "OPS-16.01B", - "IAM-04.06B", - "IAM-06.09B", - "IAM-08.05B", - "IAM-09.02B", - "IAM-09.01AC", - "PSS-05.01B", - "PSS-05.02B", - "PSS-07.02B" - ], - "NIST-CSF-1.1": [ - "ac_3", - "ac_7" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-1", - "ac-2-f", - "ac-2-j", - "ia-2-1-2", - "ia-2-1" - ], - "CIS-3.0": [ - "1.5" - ], - "NIST-800-53-Revision-5": [ - "ac_2_1", - "ac_3_2", - "ac_3_3", - "ac_3_3_a", - "ac_3_3_b_1", - "ac_3_3_b_2", - "ac_3_3_b_3", - "ac_3_3_b_4", - "ac_3_3_b_5", - "ac_3_3_c", - "ac_3_4", - "ac_3_4_a", - "ac_3_4_b", - "ac_3_4_c", - "ac_3_4_d", - "ac_3_4_e", - "ac_3_8", - "ac_3_12_a", - "ac_3_13", - "ac_3_15_a", - "ac_3_15_b", - "ac_4_28", - "ac_7_4", - "ac_7_4_a", - "ac_24", - "cm_6_a", - "cm_9_b", - "ia_2_1", - "ia_2_2", - "ia_2_6", - "ia_2_6_a", - "ia_2_8", - "sc_23_3" - ], - "ENS-RD2022": [ - "op.acc.6.r2.aws.iam.1" - ], - "AWS-Foundational-Technical-Review": [ - "ARC-003", - "IAM-001", - "IAM-0012" - ], - "AWS-Audit-Manager-Control-Tower-Guardrails": [ - "3.0.1", - "3.0.2", - "3.0.3" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.3", - "2.5.5", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.5" - ], - "PCI-4.0": [ - "8.4.1.4", - "8.4.2.4", - "8.4.3.4" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "ia-2" - ], - "FFIEC": [ - "d3-pc-am-b-15", - "d3-pc-am-b-3", - "d3-pc-am-b-6" - ], - "GDPR": [ - "article_25" - ], - "CIS-5.0": [ - "1.4" - ], - "CIS-1.4": [ - "1.5" - ], - "CCC": [ - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN05.AR01", - "CCC.Core.CN03.AR01", - "CCC.Core.CN03.AR02", - "CCC.Core.CN03.AR03", - "CCC.Core.CN03.AR04", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR06" - ], - "GxP-21-CFR-Part-11": [ - "11.10-d", - "11.10-g", - "11.200" - ], - "ProwlerThreatScore-1.0": [ - "1.1.1" - ], - "CIS-1.5": [ - "1.5" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC01-BP02" - ], - "ISO27001-2022": [ - "A.5.15", - "A.5.17", - "A.8.5" - ], - "NIST-800-53-Revision-4": [ - "ac_2", - "ia_2_1", - "ia_2_11" - ], - "AWS-Account-Security-Onboarding": [ - "Root user - distribution email + MFA" - ], - "KISA-ISMS-P-2023": [ - "2.5.3", - "2.5.5", - "2.10.2" - ], - "ISO27001-2013": [ - "A.9.2", - "A.9.4" - ], - "MITRE-ATTACK": [ - "T1078", - "T1098", - "T1556", - "T1550", - "T1110", - "T1040" - ], - "CIS-2.0": [ - "1.5" - ], - "CISA": [ - "your-systems-3", - "your-surroundings-2", - "booting-up-thing-to-do-first-2" - ], - "NIS2": [ - "11.3.2.a", - "11.6.1", - "11.7.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Ensure MFA is enabled for the root account", - "title": "Ensure MFA is enabled for the root account", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_root_mfa_enabled-211203495394-us-east-1-" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "user": "", - "arn": "arn:aws:iam::211203495394:root", - "user_creation_time": "2025-10-03T16:10:08Z", - "password_enabled": "true", - "password_last_used": "2025-10-15T00:42:44Z", - "password_last_changed": "2025-10-03T16:10:08Z", - "password_next_rotation": "not_supported", - "mfa_active": "true", - "access_key_1_active": "false", - "access_key_1_last_rotated": "N/A", - "access_key_1_last_used_date": "N/A", - "access_key_1_last_used_region": "N/A", - "access_key_1_last_used_service": "N/A", - "access_key_2_active": "false", - "access_key_2_last_rotated": "N/A", - "access_key_2_last_used_date": "N/A", - "access_key_2_last_used_region": "N/A", - "access_key_2_last_used_service": "N/A", - "cert_1_active": "false", - "cert_1_last_rotated": "N/A", - "cert_2_active": "false", - "cert_2_last_rotated": "N/A" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "", - "type": "AwsIamUser", - "uid": "arn:aws:iam::211203495394:root" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Using IAM console navigate to Dashboard and expand Activate MFA on your root account. If using AWS Organizations, consider enabling Centralized Root Management and removing individual root credentials.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_root-user.html#id_root-user_manage_mfa" - ] - }, - "risk_details": "The root account is the most privileged user in an AWS account. MFA adds an extra layer of protection on top of a user name and password. With MFA enabled when a user signs in to an AWS website they will be prompted for their user name and password as well as for an authentication code from their AWS MFA device. When virtual MFA is used for root accounts it is recommended that the device used is NOT a personal device but rather a dedicated mobile device (tablet or phone) that is managed to be kept charged and secured independent of any individual personal devices. (non-personal virtual MFA) This lessens the risks of losing access to the MFA due to device loss / trade-in or if the individual owning the device is no longer employed at the company.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User does not have access keys.", - "metadata": { - "event_code": "iam_rotate_access_key_90_days", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "User does not have access keys.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "HIPAA": [ - "164_308_a_3_ii_c", - "164_308_a_4_ii_c", - "164_308_a_5_ii_d" - ], - "C5-2025": [ - "IAM-10.01B", - "CRY-03.01B", - "CRY-09.02B" - ], - "NIST-CSF-1.1": [ - "ac_1" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-1", - "ac-2-f", - "ac-2-j" - ], - "CIS-3.0": [ - "1.14" - ], - "NIST-800-53-Revision-5": [ - "ac_2_1", - "ac_3_3", - "ac_3_3_a", - "ac_3_3_b_1", - "ac_3_3_b_2", - "ac_3_3_b_3", - "ac_3_3_b_4", - "ac_3_3_b_5", - "ac_3_3_c", - "ac_3_4", - "ac_3_4_a", - "ac_3_4_b", - "ac_3_4_c", - "ac_3_4_d", - "ac_3_4_e", - "ac_3_8", - "ac_3_12_a", - "ac_3_13", - "ac_3_15_a", - "ac_3_15_b", - "ac_4_28", - "ac_24", - "cm_5_1_a", - "cm_6_a", - "cm_9_b", - "sc_23_3" - ], - "ENS-RD2022": [ - "op.acc.6.aws.iam.2", - "op.acc.6.aws.iam.3" - ], - "AWS-Foundational-Technical-Review": [ - "IAM-002", - "IAM-0012" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.14" - ], - "PCI-4.0": [ - "8.3.10.1.1", - "8.3.5.1", - "8.3.7.1", - "8.3.9.1", - "8.6.3.1" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2" - ], - "FFIEC": [ - "d3-pc-am-b-6" - ], - "GDPR": [ - "article_25" - ], - "CIS-5.0": [ - "1.13" - ], - "CIS-1.4": [ - "1.14" - ], - "CCC": [ - "CCC.ObjStor.CN05.AR02" - ], - "GxP-21-CFR-Part-11": [ - "11.10-d", - "11.10-g", - "11.200", - "11.300-b" - ], - "ProwlerThreatScore-1.0": [ - "1.1.11" - ], - "AWS-Foundational-Security-Best-Practices": [ - "IAM.3" - ], - "CIS-1.5": [ - "1.14" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC02-BP02", - "SEC02-BP05" - ], - "ISO27001-2022": [ - "A.5.15" - ], - "NIST-800-53-Revision-4": [ - "ac_2_1", - "ac_2" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.2" - ], - "ISO27001-2013": [ - "A.9.2", - "A.9.3", - "A.9.4" - ], - "MITRE-ATTACK": [ - "T1078", - "T1550", - "T1110" - ], - "CIS-2.0": [ - "1.14" - ], - "CISA": [ - "your-systems-3" - ], - "NIS2": [ - "1.1.1.d", - "1.1.2", - "2.1.4", - "2.3.1", - "3.1.3", - "6.2.4", - "9.2.c", - "9.2.c.xii", - "11.6.2.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Ensure access keys are rotated every 90 days or less", - "title": "Ensure access keys are rotated every 90 days or less", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_rotate_access_key_90_days-211203495394-us-east-1-" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "user": "", - "arn": "arn:aws:iam::211203495394:root", - "user_creation_time": "2025-10-03T16:10:08Z", - "password_enabled": "true", - "password_last_used": "2025-10-15T00:42:44Z", - "password_last_changed": "2025-10-03T16:10:08Z", - "password_next_rotation": "not_supported", - "mfa_active": "true", - "access_key_1_active": "false", - "access_key_1_last_rotated": "N/A", - "access_key_1_last_used_date": "N/A", - "access_key_1_last_used_region": "N/A", - "access_key_1_last_used_service": "N/A", - "access_key_2_active": "false", - "access_key_2_last_rotated": "N/A", - "access_key_2_last_used_date": "N/A", - "access_key_2_last_used_region": "N/A", - "access_key_2_last_used_service": "N/A", - "cert_1_active": "false", - "cert_1_last_rotated": "N/A", - "cert_2_active": "false", - "cert_2_last_rotated": "N/A" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "", - "type": "AwsIamAccessKey", - "uid": "arn:aws:iam::211203495394:root" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Use the credential report to ensure access_key_X_last_rotated is less than 90 days ago.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_getting-report.html" - ] - }, - "risk_details": "Access keys consist of an access key ID and secret access key which are used to sign programmatic requests that you make to AWS. AWS users need their own access keys to make programmatic calls to AWS from the AWS Command Line Interface (AWS CLI)- Tools for Windows PowerShell- the AWS SDKs- or direct HTTP calls using the APIs for individual AWS services. It is recommended that all access keys be regularly rotated.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User terraform-user does not have access keys older than 90 days.", - "metadata": { - "event_code": "iam_rotate_access_key_90_days", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "User terraform-user does not have access keys older than 90 days.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "HIPAA": [ - "164_308_a_3_ii_c", - "164_308_a_4_ii_c", - "164_308_a_5_ii_d" - ], - "C5-2025": [ - "IAM-10.01B", - "CRY-03.01B", - "CRY-09.02B" - ], - "NIST-CSF-1.1": [ - "ac_1" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-1", - "ac-2-f", - "ac-2-j" - ], - "CIS-3.0": [ - "1.14" - ], - "NIST-800-53-Revision-5": [ - "ac_2_1", - "ac_3_3", - "ac_3_3_a", - "ac_3_3_b_1", - "ac_3_3_b_2", - "ac_3_3_b_3", - "ac_3_3_b_4", - "ac_3_3_b_5", - "ac_3_3_c", - "ac_3_4", - "ac_3_4_a", - "ac_3_4_b", - "ac_3_4_c", - "ac_3_4_d", - "ac_3_4_e", - "ac_3_8", - "ac_3_12_a", - "ac_3_13", - "ac_3_15_a", - "ac_3_15_b", - "ac_4_28", - "ac_24", - "cm_5_1_a", - "cm_6_a", - "cm_9_b", - "sc_23_3" - ], - "ENS-RD2022": [ - "op.acc.6.aws.iam.2", - "op.acc.6.aws.iam.3" - ], - "AWS-Foundational-Technical-Review": [ - "IAM-002", - "IAM-0012" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.14" - ], - "PCI-4.0": [ - "8.3.10.1.1", - "8.3.5.1", - "8.3.7.1", - "8.3.9.1", - "8.6.3.1" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2" - ], - "FFIEC": [ - "d3-pc-am-b-6" - ], - "GDPR": [ - "article_25" - ], - "CIS-5.0": [ - "1.13" - ], - "CIS-1.4": [ - "1.14" - ], - "CCC": [ - "CCC.ObjStor.CN05.AR02" - ], - "GxP-21-CFR-Part-11": [ - "11.10-d", - "11.10-g", - "11.200", - "11.300-b" - ], - "ProwlerThreatScore-1.0": [ - "1.1.11" - ], - "AWS-Foundational-Security-Best-Practices": [ - "IAM.3" - ], - "CIS-1.5": [ - "1.14" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC02-BP02", - "SEC02-BP05" - ], - "ISO27001-2022": [ - "A.5.15" - ], - "NIST-800-53-Revision-4": [ - "ac_2_1", - "ac_2" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.2" - ], - "ISO27001-2013": [ - "A.9.2", - "A.9.3", - "A.9.4" - ], - "MITRE-ATTACK": [ - "T1078", - "T1550", - "T1110" - ], - "CIS-2.0": [ - "1.14" - ], - "CISA": [ - "your-systems-3" - ], - "NIS2": [ - "1.1.1.d", - "1.1.2", - "2.1.4", - "2.3.1", - "3.1.3", - "6.2.4", - "9.2.c", - "9.2.c.xii", - "11.6.2.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Ensure access keys are rotated every 90 days or less", - "title": "Ensure access keys are rotated every 90 days or less", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_rotate_access_key_90_days-211203495394-us-east-1-terraform-user" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "user": "terraform-user", - "arn": "arn:aws:iam::211203495394:user/terraform-user", - "user_creation_time": "2025-10-06T15:56:43Z", - "password_enabled": "false", - "password_last_used": "N/A", - "password_last_changed": "N/A", - "password_next_rotation": "N/A", - "mfa_active": "false", - "access_key_1_active": "true", - "access_key_1_last_rotated": "2025-10-06T15:57:15Z", - "access_key_1_last_used_date": "2025-10-15T11:07:00Z", - "access_key_1_last_used_region": "ap-northeast-1", - "access_key_1_last_used_service": "ec2", - "access_key_2_active": "false", - "access_key_2_last_rotated": "N/A", - "access_key_2_last_used_date": "N/A", - "access_key_2_last_used_region": "N/A", - "access_key_2_last_used_service": "N/A", - "cert_1_active": "false", - "cert_1_last_rotated": "N/A", - "cert_2_active": "false", - "cert_2_last_rotated": "N/A" - } - }, - "group": { - "name": "iam" - }, - "labels": [ - "CCC_INFRA_DONT_DELETE:True", - "Preexisting:20251012" - ], - "name": "terraform-user", - "type": "AwsIamAccessKey", - "uid": "arn:aws:iam::211203495394:user/terraform-user" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Use the credential report to ensure access_key_X_last_rotated is less than 90 days ago.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_getting-report.html" - ] - }, - "risk_details": "Access keys consist of an access key ID and secret access key which are used to sign programmatic requests that you make to AWS. AWS users need their own access keys to make programmatic calls to AWS from the AWS Command Line Interface (AWS CLI)- Tools for Windows PowerShell- the AWS SDKs- or direct HTTP calls using the APIs for individual AWS services. It is recommended that all access keys be regularly rotated.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "SecurityAudit policy is not attached to any role.", - "metadata": { - "event_code": "iam_securityaudit_role_created", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "SecurityAudit policy is not attached to any role.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-02.01B", - "OIS-02.02B", - "OIS-04.01B", - "HR-04.01B", - "IAM-01.01B", - "IAM-01.04B", - "IAM-05.02B", - "IAM-06.06B", - "DEV-15.01B", - "SIM-01.02B", - "SIM-01.03B", - "COM-02.02B", - "COM-03.02B", - "INQ-02.01B", - "PSS-09.01AC" - ], - "ENS-RD2022": [ - "op.acc.3.r2.aws.iam.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "ISO27001-2022": [ - "A.5.3" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "NIS2": [ - "1.2.4", - "2.1.1", - "2.1.2.a", - "2.1.2.e", - "2.1.2.f", - "2.2.1", - "2.3.1", - "3.1.2.c", - "3.1.3", - "6.2.2.a", - "7.2.d", - "7.2.e", - "7.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Ensure a Security Audit role has been created to conduct security audits", - "title": "Ensure a Security Audit role has been created to conduct security audits", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_securityaudit_role_created-211203495394-us-east-1-SecurityAudit" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "SecurityAudit", - "type": "AwsIamRole", - "uid": "arn:aws:iam::aws:policy/SecurityAudit" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Create an IAM role for conduct security audits with AWS.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_job-functions.html#jf_security-auditor" - ] - }, - "risk_details": "Creating an IAM role with a security audit policy provides a clear separation of duties between the security team and other teams within the organization. This helps to ensure that security-related activities are performed by authorized individuals with the appropriate expertise and access permissions.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "AWS Support Access policy is not attached to any role.", - "metadata": { - "event_code": "iam_support_role_created", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "AWS Support Access policy is not attached to any role.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "CAF Security Epic: IAM", - "compliance": { - "C5-2025": [ - "OIS-02.01B", - "OIS-02.02B", - "HR-04.01B", - "OPS-13.02B", - "OPS-13.03AC", - "OPS-17.02B", - "OPS-24.01B", - "OPS-24.02B", - "IAM-01.01B", - "IAM-01.04B", - "IAM-06.06B", - "DEV-15.01B", - "SSO-05.06B", - "SIM-01.02B", - "SIM-01.03B" - ], - "CIS-3.0": [ - "1.17" - ], - "ENS-RD2022": [ - "op.acc.3.r1.aws.iam.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2", - "2.11.1" - ], - "CIS-4.0.1": [ - "1.17" - ], - "GDPR": [ - "article_25" - ], - "CIS-5.0": [ - "1.16" - ], - "CIS-1.4": [ - "1.17" - ], - "ProwlerThreatScore-1.0": [ - "1.2.3" - ], - "CIS-1.5": [ - "1.17" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC10-BP01" - ], - "AWS-Account-Security-Onboarding": [ - "Predefine IAM Roles" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2", - "2.11.1" - ], - "CIS-2.0": [ - "1.17" - ], - "NIS2": [ - "2.1.1", - "2.1.2.a", - "2.2.1", - "3.1.2.d", - "4.3.2.a", - "5.1.7.b" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Ensure a support role has been created to manage incidents with AWS Support", - "title": "Ensure a support role has been created to manage incidents with AWS Support", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_support_role_created-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "211203495394", - "type": "AwsIamRole", - "uid": "arn:aws:iam::aws:policy/AWSSupportAccess" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Create an IAM role for managing incidents with AWS.", - "references": [ - "https://docs.aws.amazon.com/awssupport/latest/user/using-service-linked-roles-sup.html" - ] - }, - "risk_details": "AWS provides a support center that can be used for incident notification and response, as well as technical support and customer services. Create an IAM Role to allow authorized users to manage incidents with AWS Support.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User does not have access keys.", - "metadata": { - "event_code": "iam_user_accesskey_unused", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "User does not have access keys.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_1", - "3_1_2", - "3_1_4", - "3_1_5", - "3_5_6", - "3_5_7", - "3_5_8" - ], - "HIPAA": [ - "164_308_a_3_ii_b", - "164_308_a_4_ii_c", - "164_308_a_5_ii_d" - ], - "SOC2": [ - "cc_1_3" - ], - "C5-2025": [ - "IAM-03.02B", - "IAM-03.03B", - "IAM-03.01AS", - "IAM-05.04B", - "IAM-10.01B", - "CRY-03.01B" - ], - "NIST-CSF-1.1": [ - "ac_1", - "ac_4" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-1", - "ac-2-f", - "ac-2-j", - "ac-2-3", - "ac-3", - "ac-5-c", - "ac-6" - ], - "CIS-3.0": [ - "1.12" - ], - "NIST-800-53-Revision-5": [ - "ac_2_1", - "ac_2_3_a", - "ac_2_3_b", - "ac_2_3_c", - "ac_2_3_d", - "ac_2_3", - "ac_2_6", - "ac_2_g", - "ac_2_j", - "ac_3", - "ac_3_3", - "ac_3_3_a", - "ac_3_3_b_1", - "ac_3_3_b_2", - "ac_3_3_b_3", - "ac_3_3_b_4", - "ac_3_3_b_5", - "ac_3_3_c", - "ac_3_4", - "ac_3_4_a", - "ac_3_4_b", - "ac_3_4_c", - "ac_3_4_d", - "ac_3_4_e", - "ac_3_7", - "ac_3_8", - "ac_3_12_a", - "ac_3_13", - "ac_3_15_a", - "ac_3_15_b", - "ac_4_28", - "ac_6", - "ac_24", - "cm_5_1_a", - "cm_6_a", - "cm_9_b", - "mp_2", - "sc_23_3" - ], - "ENS-RD2022": [ - "op.acc.6.aws.iam.2", - "op.acc.6.aws.iam.3", - "op.acc.6.r7.aws.iam.1" - ], - "AWS-Foundational-Technical-Review": [ - "IAM-002", - "IAM-0012" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.12" - ], - "PCI-4.0": [ - "7.2.4.2", - "7.2.5.1.2", - "8.2.6.2", - "A3.4.1.10" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "ac-3" - ], - "FFIEC": [ - "d3-pc-am-b-6" - ], - "GDPR": [ - "article_25" - ], - "PCI-3.2.1": [ - "8.1", - "8.1.4" - ], - "CIS-5.0": [ - "1.11" - ], - "CIS-1.4": [ - "1.12" - ], - "GxP-21-CFR-Part-11": [ - "11.10-d", - "11.10-g", - "11.300-b" - ], - "ProwlerThreatScore-1.0": [ - "1.1.10" - ], - "AWS-Foundational-Security-Best-Practices": [ - "IAM.8", - "IAM.22", - "IAM.26" - ], - "CIS-1.5": [ - "1.12" - ], - "ISO27001-2022": [ - "A.5.15" - ], - "NIST-800-53-Revision-4": [ - "ac_2_1", - "ac_2_3", - "ac_2", - "ac_3", - "ac_6" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.2" - ], - "ISO27001-2013": [ - "A.9.2", - "A.9.3", - "A.9.4" - ], - "MITRE-ATTACK": [ - "T1078", - "T1550", - "T1110" - ], - "CIS-2.0": [ - "1.12" - ], - "CISA": [ - "your-systems-3" - ], - "NIS2": [ - "11.5.4" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Ensure unused User Access Keys are disabled", - "title": "Ensure unused User Access Keys are disabled", - "types": [ - "Software and Configuration Checks" - ], - "uid": "prowler-aws-iam_user_accesskey_unused-211203495394-us-east-1-" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "user": "", - "arn": "arn:aws:iam::211203495394:root", - "user_creation_time": "2025-10-03T16:10:08Z", - "password_enabled": "true", - "password_last_used": "2025-10-15T00:42:44Z", - "password_last_changed": "2025-10-03T16:10:08Z", - "password_next_rotation": "not_supported", - "mfa_active": "true", - "access_key_1_active": "false", - "access_key_1_last_rotated": "N/A", - "access_key_1_last_used_date": "N/A", - "access_key_1_last_used_region": "N/A", - "access_key_1_last_used_service": "N/A", - "access_key_2_active": "false", - "access_key_2_last_rotated": "N/A", - "access_key_2_last_used_date": "N/A", - "access_key_2_last_used_region": "N/A", - "access_key_2_last_used_service": "N/A", - "cert_1_active": "false", - "cert_1_last_rotated": "N/A", - "cert_2_active": "false", - "cert_2_last_rotated": "N/A" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "", - "type": "AwsIamUser", - "uid": "arn:aws:iam::211203495394:root" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Find the credentials that they were using and ensure that they are no longer operational. Ideally, you delete credentials if they are no longer needed. You can always recreate them at a later date if the need arises. At the very least, you should change the password or deactivate the access keys so that the former users no longer have access.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_finding-unused.html" - ] - }, - "risk_details": "To increase the security of your AWS account, remove IAM user credentials (that is, passwords and access keys) that are not needed. For example, when users leave your organization or no longer need AWS access.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User terraform-user does not have unused access keys for 45 days.", - "metadata": { - "event_code": "iam_user_accesskey_unused", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "User terraform-user does not have unused access keys for 45 days.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_1", - "3_1_2", - "3_1_4", - "3_1_5", - "3_5_6", - "3_5_7", - "3_5_8" - ], - "HIPAA": [ - "164_308_a_3_ii_b", - "164_308_a_4_ii_c", - "164_308_a_5_ii_d" - ], - "SOC2": [ - "cc_1_3" - ], - "C5-2025": [ - "IAM-03.02B", - "IAM-03.03B", - "IAM-03.01AS", - "IAM-05.04B", - "IAM-10.01B", - "CRY-03.01B" - ], - "NIST-CSF-1.1": [ - "ac_1", - "ac_4" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-1", - "ac-2-f", - "ac-2-j", - "ac-2-3", - "ac-3", - "ac-5-c", - "ac-6" - ], - "CIS-3.0": [ - "1.12" - ], - "NIST-800-53-Revision-5": [ - "ac_2_1", - "ac_2_3_a", - "ac_2_3_b", - "ac_2_3_c", - "ac_2_3_d", - "ac_2_3", - "ac_2_6", - "ac_2_g", - "ac_2_j", - "ac_3", - "ac_3_3", - "ac_3_3_a", - "ac_3_3_b_1", - "ac_3_3_b_2", - "ac_3_3_b_3", - "ac_3_3_b_4", - "ac_3_3_b_5", - "ac_3_3_c", - "ac_3_4", - "ac_3_4_a", - "ac_3_4_b", - "ac_3_4_c", - "ac_3_4_d", - "ac_3_4_e", - "ac_3_7", - "ac_3_8", - "ac_3_12_a", - "ac_3_13", - "ac_3_15_a", - "ac_3_15_b", - "ac_4_28", - "ac_6", - "ac_24", - "cm_5_1_a", - "cm_6_a", - "cm_9_b", - "mp_2", - "sc_23_3" - ], - "ENS-RD2022": [ - "op.acc.6.aws.iam.2", - "op.acc.6.aws.iam.3", - "op.acc.6.r7.aws.iam.1" - ], - "AWS-Foundational-Technical-Review": [ - "IAM-002", - "IAM-0012" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.12" - ], - "PCI-4.0": [ - "7.2.4.2", - "7.2.5.1.2", - "8.2.6.2", - "A3.4.1.10" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "ac-3" - ], - "FFIEC": [ - "d3-pc-am-b-6" - ], - "GDPR": [ - "article_25" - ], - "PCI-3.2.1": [ - "8.1", - "8.1.4" - ], - "CIS-5.0": [ - "1.11" - ], - "CIS-1.4": [ - "1.12" - ], - "GxP-21-CFR-Part-11": [ - "11.10-d", - "11.10-g", - "11.300-b" - ], - "ProwlerThreatScore-1.0": [ - "1.1.10" - ], - "AWS-Foundational-Security-Best-Practices": [ - "IAM.8", - "IAM.22", - "IAM.26" - ], - "CIS-1.5": [ - "1.12" - ], - "ISO27001-2022": [ - "A.5.15" - ], - "NIST-800-53-Revision-4": [ - "ac_2_1", - "ac_2_3", - "ac_2", - "ac_3", - "ac_6" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.2" - ], - "ISO27001-2013": [ - "A.9.2", - "A.9.3", - "A.9.4" - ], - "MITRE-ATTACK": [ - "T1078", - "T1550", - "T1110" - ], - "CIS-2.0": [ - "1.12" - ], - "CISA": [ - "your-systems-3" - ], - "NIS2": [ - "11.5.4" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Ensure unused User Access Keys are disabled", - "title": "Ensure unused User Access Keys are disabled", - "types": [ - "Software and Configuration Checks" - ], - "uid": "prowler-aws-iam_user_accesskey_unused-211203495394-us-east-1-terraform-user" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "user": "terraform-user", - "arn": "arn:aws:iam::211203495394:user/terraform-user", - "user_creation_time": "2025-10-06T15:56:43Z", - "password_enabled": "false", - "password_last_used": "N/A", - "password_last_changed": "N/A", - "password_next_rotation": "N/A", - "mfa_active": "false", - "access_key_1_active": "true", - "access_key_1_last_rotated": "2025-10-06T15:57:15Z", - "access_key_1_last_used_date": "2025-10-15T11:07:00Z", - "access_key_1_last_used_region": "ap-northeast-1", - "access_key_1_last_used_service": "ec2", - "access_key_2_active": "false", - "access_key_2_last_rotated": "N/A", - "access_key_2_last_used_date": "N/A", - "access_key_2_last_used_region": "N/A", - "access_key_2_last_used_service": "N/A", - "cert_1_active": "false", - "cert_1_last_rotated": "N/A", - "cert_2_active": "false", - "cert_2_last_rotated": "N/A" - } - }, - "group": { - "name": "iam" - }, - "labels": [ - "CCC_INFRA_DONT_DELETE:True", - "Preexisting:20251012" - ], - "name": "terraform-user", - "type": "AwsIamUser", - "uid": "arn:aws:iam::211203495394:user/terraform-user" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Find the credentials that they were using and ensure that they are no longer operational. Ideally, you delete credentials if they are no longer needed. You can always recreate them at a later date if the need arises. At the very least, you should change the password or deactivate the access keys so that the former users no longer have access.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_finding-unused.html" - ] - }, - "risk_details": "To increase the security of your AWS account, remove IAM user credentials (that is, passwords and access keys) that are not needed. For example, when users leave your organization or no longer need AWS access.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "IAM User terraform-user has AdministratorAccess policy attached.", - "metadata": { - "event_code": "iam_user_administrator_access_policy", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "IAM User terraform-user has AdministratorAccess policy attached.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-04.03B", - "SP-01.04B", - "HR-01.01B", - "IAM-01.01B", - "IAM-01.04B", - "IAM-10.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "PCI-4.0": [ - "7.2.1.19", - "7.2.2.19", - "7.2.5.13", - "7.3.1.13", - "7.3.2.13", - "7.3.3.13", - "8.2.7.13", - "8.2.8.15", - "8.3.4.13" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.LB.CN04.AR01", - "CCC.LB.CN05.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR04" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "This check ensures that no IAM users in your AWS account have the 'AdministratorAccess' policy attached. IAM users with this policy have unrestricted access to all AWS services and resources, which poses a significant security risk if misused.", - "title": "Ensure No IAM Users Have Administrator Access Policy", - "types": [], - "uid": "prowler-aws-iam_user_administrator_access_policy-211203495394-us-east-1-terraform-user" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "terraform-user", - "arn": "arn:aws:iam::211203495394:user/terraform-user", - "mfa_devices": [], - "password_last_used": null, - "console_access": false, - "attached_policies": [ - { - "PolicyName": "AdministratorAccess", - "PolicyArn": "arn:aws:iam::aws:policy/AdministratorAccess" - } - ], - "inline_policies": [], - "tags": [ - { - "Key": "CCC_INFRA_DONT_DELETE", - "Value": "True" - }, - { - "Key": "Preexisting", - "Value": "20251012" - } - ] - } - }, - "group": { - "name": "iam" - }, - "labels": [ - "CCC_INFRA_DONT_DELETE:True", - "Preexisting:20251012" - ], - "name": "terraform-user", - "type": "AwsIamUser", - "uid": "arn:aws:iam::211203495394:user/terraform-user" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Replace the 'AdministratorAccess' policy with more specific permissions that follow the Principle of Least Privilege. Consider implementing IAM roles such as 'IAM Master' and 'IAM Manager' to manage permissions more securely.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html" - ] - }, - "risk_details": "IAM users with administrator-level permissions can perform any action on any resource in your AWS environment. If these permissions are granted to users unnecessarily or to individuals without sufficient knowledge, it can lead to security vulnerabilities, data leaks, data loss, or unexpected charges.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User terraform-user does not have console access enabled or is unused.", - "metadata": { - "event_code": "iam_user_console_access_unused", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "User terraform-user does not have console access enabled or is unused.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_1", - "3_1_2", - "3_1_4", - "3_1_5", - "3_5_6", - "3_5_7", - "3_5_8" - ], - "HIPAA": [ - "164_308_a_3_ii_b", - "164_308_a_4_ii_c", - "164_308_a_5_ii_d" - ], - "SOC2": [ - "cc_1_3" - ], - "C5-2025": [ - "OPS-05.02AC", - "IAM-03.02B", - "IAM-03.03B", - "IAM-03.01AS", - "IAM-05.04B", - "IAM-10.01B" - ], - "NIST-CSF-1.1": [ - "ac_1", - "ac_4" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-1", - "ac-2-f", - "ac-2-j", - "ac-2-3", - "ac-3", - "ac-5-c", - "ac-6" - ], - "CIS-3.0": [ - "1.12" - ], - "NIST-800-53-Revision-5": [ - "ac_2_1", - "ac_2_3_a", - "ac_2_3_b", - "ac_2_3_c", - "ac_2_3_d", - "ac_2_3", - "ac_2_6", - "ac_2_g", - "ac_2_j", - "ac_3", - "ac_3_3", - "ac_3_3_a", - "ac_3_3_b_1", - "ac_3_3_b_2", - "ac_3_3_b_3", - "ac_3_3_b_4", - "ac_3_3_b_5", - "ac_3_3_c", - "ac_3_4", - "ac_3_4_a", - "ac_3_4_b", - "ac_3_4_c", - "ac_3_4_d", - "ac_3_4_e", - "ac_3_7", - "ac_3_8", - "ac_3_12_a", - "ac_3_13", - "ac_3_15_a", - "ac_3_15_b", - "ac_4_28", - "ac_6", - "ac_24", - "cm_5_1_a", - "cm_6_a", - "cm_9_b", - "mp_2", - "sc_23_3" - ], - "ENS-RD2022": [ - "op.acc.6.aws.iam.2", - "op.acc.6.aws.iam.3", - "op.acc.6.r7.aws.iam.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.3", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.12" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "ac-3" - ], - "FFIEC": [ - "d3-pc-am-b-6" - ], - "GDPR": [ - "article_25" - ], - "PCI-3.2.1": [ - "8.1", - "8.1.4" - ], - "CIS-5.0": [ - "1.11" - ], - "CIS-1.4": [ - "1.12" - ], - "GxP-21-CFR-Part-11": [ - "11.10-d", - "11.10-g", - "11.300-b" - ], - "ProwlerThreatScore-1.0": [ - "1.1.10" - ], - "AWS-Foundational-Security-Best-Practices": [ - "IAM.8", - "IAM.22", - "IAM.26" - ], - "CIS-1.5": [ - "1.12" - ], - "ISO27001-2022": [ - "A.5.15" - ], - "NIST-800-53-Revision-4": [ - "ac_2_1", - "ac_2_3", - "ac_2", - "ac_3", - "ac_6" - ], - "KISA-ISMS-P-2023": [ - "2.5.3", - "2.10.2" - ], - "ISO27001-2013": [ - "A.9.2", - "A.9.3", - "A.9.4" - ], - "MITRE-ATTACK": [ - "T1078", - "T1550", - "T1110" - ], - "CIS-2.0": [ - "1.12" - ], - "CISA": [ - "your-systems-3" - ], - "NIS2": [ - "11.3.2.d", - "11.5.4" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Ensure unused user console access are disabled", - "title": "Ensure unused user console access are disabled", - "types": [ - "Software and Configuration Checks" - ], - "uid": "prowler-aws-iam_user_console_access_unused-211203495394-us-east-1-terraform-user" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "terraform-user", - "arn": "arn:aws:iam::211203495394:user/terraform-user", - "mfa_devices": [], - "password_last_used": null, - "console_access": false, - "attached_policies": [ - { - "PolicyName": "AdministratorAccess", - "PolicyArn": "arn:aws:iam::aws:policy/AdministratorAccess" - } - ], - "inline_policies": [], - "tags": [ - { - "Key": "CCC_INFRA_DONT_DELETE", - "Value": "True" - }, - { - "Key": "Preexisting", - "Value": "20251012" - } - ] - } - }, - "group": { - "name": "iam" - }, - "labels": [ - "CCC_INFRA_DONT_DELETE:True", - "Preexisting:20251012" - ], - "name": "terraform-user", - "type": "AwsIamUser", - "uid": "arn:aws:iam::211203495394:user/terraform-user" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Find the credentials that they were using and ensure that they are no longer operational. Ideally, you delete credentials if they are no longer needed. You can always recreate them at a later date if the need arises. At the very least, you should change the password or deactivate the access keys so that the former users no longer have access.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_finding-unused.html" - ] - }, - "risk_details": "To increase the security of your AWS account, remove IAM user credentials (that is, passwords and access keys) that are not needed. For example, when users leave your organization or no longer need AWS access.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User terraform-user does not have any type of MFA enabled.", - "metadata": { - "event_code": "iam_user_hardware_mfa_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "User terraform-user does not have any type of MFA enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OPS-16.01B", - "IAM-08.05B", - "IAM-09.02B", - "IAM-09.01AC", - "PSS-05.01B", - "PSS-07.02B" - ], - "AWS-Foundational-Technical-Review": [ - "IAM-001", - "IAM-0012" - ], - "AWS-Audit-Manager-Control-Tower-Guardrails": [ - "3.0.1", - "3.0.2" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.3", - "2.10.2" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2" - ], - "CCC": [ - "CCC.Core.CN03.AR03", - "CCC.Core.CN03.AR04", - "CCC.Core.CN05.AR06" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC02-BP01" - ], - "ISO27001-2022": [ - "A.8.5" - ], - "KISA-ISMS-P-2023": [ - "2.5.3", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1078", - "T1098", - "T1556", - "T1550", - "T1110", - "T1040" - ], - "CISA": [ - "booting-up-thing-to-do-first-2" - ], - "NIS2": [ - "11.7.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Check if IAM users have Hardware MFA enabled.", - "title": "Check if IAM users have Hardware MFA enabled.", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_user_hardware_mfa_enabled-211203495394-us-east-1-terraform-user" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "terraform-user", - "arn": "arn:aws:iam::211203495394:user/terraform-user", - "mfa_devices": [], - "password_last_used": null, - "console_access": false, - "attached_policies": [ - { - "PolicyName": "AdministratorAccess", - "PolicyArn": "arn:aws:iam::aws:policy/AdministratorAccess" - } - ], - "inline_policies": [], - "tags": [ - { - "Key": "CCC_INFRA_DONT_DELETE", - "Value": "True" - }, - { - "Key": "Preexisting", - "Value": "20251012" - } - ] - } - }, - "group": { - "name": "iam" - }, - "labels": [ - "CCC_INFRA_DONT_DELETE:True", - "Preexisting:20251012" - ], - "name": "terraform-user", - "type": "AwsIamUser", - "uid": "arn:aws:iam::211203495394:user/terraform-user" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Enable hardware MFA device for an IAM user from the AWS Management Console, the command line, or the IAM API.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_mfa_enable_physical.html" - ] - }, - "risk_details": "Hardware MFA is preferred over virtual MFA.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User terraform-user does not have Console Password enabled.", - "metadata": { - "event_code": "iam_user_mfa_enabled_console_access", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "User terraform-user does not have Console Password enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_1", - "3_1_2", - "3_1_14", - "3_5_2", - "3_5_3" - ], - "HIPAA": [ - "164_308_a_3_ii_a", - "164_312_a_1", - "164_312_d" - ], - "C5-2025": [ - "OPS-05.02AC", - "OPS-16.01B", - "IAM-04.06B", - "IAM-06.09B", - "IAM-08.02B", - "IAM-08.05B", - "IAM-09.02B", - "IAM-09.01AC", - "IAM-10.01B", - "PSS-05.01B", - "PSS-07.01B", - "PSS-07.02B" - ], - "NIST-CSF-1.1": [ - "ac_3", - "ac_7" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-1", - "ac-2-f", - "ac-2-j", - "ia-2-1-2", - "ia-2-1" - ], - "CIS-3.0": [ - "1.10" - ], - "NIST-800-53-Revision-5": [ - "ac_2_1", - "ac_3_2", - "ac_3_3", - "ac_3_3_a", - "ac_3_3_b_1", - "ac_3_3_b_2", - "ac_3_3_b_3", - "ac_3_3_b_4", - "ac_3_3_b_5", - "ac_3_3_c", - "ac_3_4", - "ac_3_4_a", - "ac_3_4_b", - "ac_3_4_c", - "ac_3_4_d", - "ac_3_4_e", - "ac_3_8", - "ac_3_12_a", - "ac_3_13", - "ac_3_15_a", - "ac_3_15_b", - "ac_4_28", - "ac_7_4", - "ac_7_4_a", - "ac_24", - "cm_5_1_a", - "cm_6_a", - "cm_9_b", - "ia_2_1", - "ia_2_2", - "ia_2_6", - "ia_2_6_a", - "ia_2_8", - "sc_23_3" - ], - "ENS-RD2022": [ - "op.acc.6.r2.aws.iam.1", - "op.acc.6.r4.aws.iam.1", - "op.acc.6.r8.aws.iam.1" - ], - "AWS-Foundational-Technical-Review": [ - "IAM-001", - "IAM-0012" - ], - "AWS-Audit-Manager-Control-Tower-Guardrails": [ - "3.0.1", - "3.0.2", - "3.0.3" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.3", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.10" - ], - "PCI-4.0": [ - "8.4.1.1", - "8.4.1.2", - "8.4.2.1", - "8.4.2.2", - "8.4.3.1", - "8.4.3.2" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "ia-2" - ], - "FFIEC": [ - "d3-pc-am-b-15", - "d3-pc-am-b-6" - ], - "GDPR": [ - "article_25" - ], - "PCI-3.2.1": [ - "8.3", - "8.3.1", - "8.3.1.a", - "8.3.2", - "8.3.2.a", - "8.6", - "8.6.c" - ], - "CIS-5.0": [ - "1.9" - ], - "CIS-1.4": [ - "1.10" - ], - "CCC": [ - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN03.AR01", - "CCC.Core.CN03.AR02", - "CCC.Core.CN03.AR03", - "CCC.Core.CN03.AR04", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR06" - ], - "GxP-21-CFR-Part-11": [ - "11.10-d", - "11.10-g", - "11.200" - ], - "ProwlerThreatScore-1.0": [ - "1.1.3" - ], - "AWS-Foundational-Security-Best-Practices": [ - "IAM.5", - "IAM.19" - ], - "CIS-1.5": [ - "1.10" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC02-BP01" - ], - "ISO27001-2022": [ - "A.5.15", - "A.5.17", - "A.8.5" - ], - "NIST-800-53-Revision-4": [ - "ia_2_1", - "ia_2_2", - "ia_2_11" - ], - "KISA-ISMS-P-2023": [ - "2.5.3", - "2.10.2" - ], - "ISO27001-2013": [ - "A.9.2", - "A.9.3", - "A.9.4" - ], - "MITRE-ATTACK": [ - "T1078", - "T1098", - "T1556", - "T1550", - "T1110", - "T1040", - "T1538" - ], - "CIS-2.0": [ - "1.10" - ], - "CISA": [ - "your-systems-3", - "your-surroundings-2", - "booting-up-thing-to-do-first-2" - ], - "NIS2": [ - "11.1.2.c", - "11.3.2.a", - "11.4.2.c", - "11.6.1", - "11.7.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password.", - "title": "Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password.", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_user_mfa_enabled_console_access-211203495394-us-east-1-terraform-user" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "user": "terraform-user", - "arn": "arn:aws:iam::211203495394:user/terraform-user", - "user_creation_time": "2025-10-06T15:56:43Z", - "password_enabled": "false", - "password_last_used": "N/A", - "password_last_changed": "N/A", - "password_next_rotation": "N/A", - "mfa_active": "false", - "access_key_1_active": "true", - "access_key_1_last_rotated": "2025-10-06T15:57:15Z", - "access_key_1_last_used_date": "2025-10-15T11:07:00Z", - "access_key_1_last_used_region": "ap-northeast-1", - "access_key_1_last_used_service": "ec2", - "access_key_2_active": "false", - "access_key_2_last_rotated": "N/A", - "access_key_2_last_used_date": "N/A", - "access_key_2_last_used_region": "N/A", - "access_key_2_last_used_service": "N/A", - "cert_1_active": "false", - "cert_1_last_rotated": "N/A", - "cert_2_active": "false", - "cert_2_last_rotated": "N/A" - } - }, - "group": { - "name": "iam" - }, - "labels": [ - "CCC_INFRA_DONT_DELETE:True", - "Preexisting:20251012" - ], - "name": "terraform-user", - "type": "AwsIamUser", - "uid": "arn:aws:iam::211203495394:user/terraform-user" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Enable MFA for the user's account. MFA is a simple best practice that adds an extra layer of protection on top of your user name and password. Recommended to use hardware keys over virtual MFA.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_mfa_enable_virtual.html" - ] - }, - "risk_details": "Unauthorized access to this critical account if password is not secure or it is disclosed in any way.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User does not have access keys or uses the access keys configured.", - "metadata": { - "event_code": "iam_user_no_setup_initial_access_key", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "User does not have access keys or uses the access keys configured.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "CAF Security Epic: IAM", - "compliance": { - "C5-2025": [ - "OPS-05.02AC", - "IAM-10.01B", - "CRY-03.01B", - "PSS-07.01B" - ], - "CIS-3.0": [ - "1.11" - ], - "ENS-RD2022": [ - "op.acc.6.aws.iam.4" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.11" - ], - "CIS-5.0": [ - "1.1" - ], - "CIS-1.4": [ - "1.11" - ], - "CIS-1.5": [ - "1.11" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC02-BP01" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1078", - "T1550" - ], - "CIS-2.0": [ - "1.11" - ], - "NIS2": [ - "9.2.c", - "9.2.c.iii" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Do not setup access keys during initial user setup for all IAM users that have a console password", - "title": "Do not setup access keys during initial user setup for all IAM users that have a console password", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_user_no_setup_initial_access_key-211203495394-us-east-1-" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "user": "", - "arn": "arn:aws:iam::211203495394:root", - "user_creation_time": "2025-10-03T16:10:08Z", - "password_enabled": "true", - "password_last_used": "2025-10-15T00:42:44Z", - "password_last_changed": "2025-10-03T16:10:08Z", - "password_next_rotation": "not_supported", - "mfa_active": "true", - "access_key_1_active": "false", - "access_key_1_last_rotated": "N/A", - "access_key_1_last_used_date": "N/A", - "access_key_1_last_used_region": "N/A", - "access_key_1_last_used_service": "N/A", - "access_key_2_active": "false", - "access_key_2_last_rotated": "N/A", - "access_key_2_last_used_date": "N/A", - "access_key_2_last_used_region": "N/A", - "access_key_2_last_used_service": "N/A", - "cert_1_active": "false", - "cert_1_last_rotated": "N/A", - "cert_2_active": "false", - "cert_2_last_rotated": "N/A" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "", - "type": "AwsIamAccessKey", - "uid": "arn:aws:iam::211203495394:root" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "From the IAM console: generate credential report and disable not required keys.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_getting-report.html" - ] - }, - "risk_details": "AWS console defaults the checkbox for creating access keys to enabled. This results in many access keys being generated unnecessarily. In addition to unnecessary credentials, it also generates unnecessary management work in auditing and rotating these keys. Requiring that additional steps be taken by the user after their profile has been created will give a stronger indication of intent that access keys are (a) necessary for their work and (b) once the access key is established on an account that the keys may be in use somewhere in the organization.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User terraform-user does not have access keys or uses the access keys configured.", - "metadata": { - "event_code": "iam_user_no_setup_initial_access_key", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "User terraform-user does not have access keys or uses the access keys configured.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "CAF Security Epic: IAM", - "compliance": { - "C5-2025": [ - "OPS-05.02AC", - "IAM-10.01B", - "CRY-03.01B", - "PSS-07.01B" - ], - "CIS-3.0": [ - "1.11" - ], - "ENS-RD2022": [ - "op.acc.6.aws.iam.4" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.11" - ], - "CIS-5.0": [ - "1.1" - ], - "CIS-1.4": [ - "1.11" - ], - "CIS-1.5": [ - "1.11" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC02-BP01" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1078", - "T1550" - ], - "CIS-2.0": [ - "1.11" - ], - "NIS2": [ - "9.2.c", - "9.2.c.iii" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Do not setup access keys during initial user setup for all IAM users that have a console password", - "title": "Do not setup access keys during initial user setup for all IAM users that have a console password", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_user_no_setup_initial_access_key-211203495394-us-east-1-terraform-user" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "user": "terraform-user", - "arn": "arn:aws:iam::211203495394:user/terraform-user", - "user_creation_time": "2025-10-06T15:56:43Z", - "password_enabled": "false", - "password_last_used": "N/A", - "password_last_changed": "N/A", - "password_next_rotation": "N/A", - "mfa_active": "false", - "access_key_1_active": "true", - "access_key_1_last_rotated": "2025-10-06T15:57:15Z", - "access_key_1_last_used_date": "2025-10-15T11:07:00Z", - "access_key_1_last_used_region": "ap-northeast-1", - "access_key_1_last_used_service": "ec2", - "access_key_2_active": "false", - "access_key_2_last_rotated": "N/A", - "access_key_2_last_used_date": "N/A", - "access_key_2_last_used_region": "N/A", - "access_key_2_last_used_service": "N/A", - "cert_1_active": "false", - "cert_1_last_rotated": "N/A", - "cert_2_active": "false", - "cert_2_last_rotated": "N/A" - } - }, - "group": { - "name": "iam" - }, - "labels": [ - "CCC_INFRA_DONT_DELETE:True", - "Preexisting:20251012" - ], - "name": "terraform-user", - "type": "AwsIamAccessKey", - "uid": "arn:aws:iam::211203495394:user/terraform-user" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "From the IAM console: generate credential report and disable not required keys.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_getting-report.html" - ] - }, - "risk_details": "AWS console defaults the checkbox for creating access keys to enabled. This results in many access keys being generated unnecessarily. In addition to unnecessary credentials, it also generates unnecessary management work in auditing and rotating these keys. Requiring that additional steps be taken by the user after their profile has been created will give a stronger indication of intent that access keys are (a) necessary for their work and (b) once the access key is established on an account that the keys may be in use somewhere in the organization.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User does not have 2 active access keys.", - "metadata": { - "event_code": "iam_user_two_active_access_key", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "User does not have 2 active access keys.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-10.01B", - "CRY-03.01B" - ], - "CIS-3.0": [ - "1.13" - ], - "ENS-RD2022": [ - "op.acc.6.aws.iam.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.13" - ], - "CIS-5.0": [ - "1.12" - ], - "CIS-1.4": [ - "1.13" - ], - "CIS-1.5": [ - "1.13" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC02-BP01" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1078", - "T1550" - ], - "CIS-2.0": [ - "1.13" - ], - "NIS2": [ - "9.2.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Check if IAM users have two active access keys", - "title": "Check if IAM users have two active access keys", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_user_two_active_access_key-211203495394-us-east-1-" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "user": "", - "arn": "arn:aws:iam::211203495394:root", - "user_creation_time": "2025-10-03T16:10:08Z", - "password_enabled": "true", - "password_last_used": "2025-10-15T00:42:44Z", - "password_last_changed": "2025-10-03T16:10:08Z", - "password_next_rotation": "not_supported", - "mfa_active": "true", - "access_key_1_active": "false", - "access_key_1_last_rotated": "N/A", - "access_key_1_last_used_date": "N/A", - "access_key_1_last_used_region": "N/A", - "access_key_1_last_used_service": "N/A", - "access_key_2_active": "false", - "access_key_2_last_rotated": "N/A", - "access_key_2_last_used_date": "N/A", - "access_key_2_last_used_region": "N/A", - "access_key_2_last_used_service": "N/A", - "cert_1_active": "false", - "cert_1_last_rotated": "N/A", - "cert_2_active": "false", - "cert_2_last_rotated": "N/A" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "", - "type": "AwsIamUser", - "uid": "arn:aws:iam::211203495394:root" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Avoid using long lived access keys.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListAccessKeys.html" - ] - }, - "risk_details": "Access Keys could be lost or stolen. It creates a critical risk.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User terraform-user does not have 2 active access keys.", - "metadata": { - "event_code": "iam_user_two_active_access_key", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "User terraform-user does not have 2 active access keys.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-10.01B", - "CRY-03.01B" - ], - "CIS-3.0": [ - "1.13" - ], - "ENS-RD2022": [ - "op.acc.6.aws.iam.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.13" - ], - "CIS-5.0": [ - "1.12" - ], - "CIS-1.4": [ - "1.13" - ], - "CIS-1.5": [ - "1.13" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC02-BP01" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1078", - "T1550" - ], - "CIS-2.0": [ - "1.13" - ], - "NIS2": [ - "9.2.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Check if IAM users have two active access keys", - "title": "Check if IAM users have two active access keys", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_user_two_active_access_key-211203495394-us-east-1-terraform-user" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "user": "terraform-user", - "arn": "arn:aws:iam::211203495394:user/terraform-user", - "user_creation_time": "2025-10-06T15:56:43Z", - "password_enabled": "false", - "password_last_used": "N/A", - "password_last_changed": "N/A", - "password_next_rotation": "N/A", - "mfa_active": "false", - "access_key_1_active": "true", - "access_key_1_last_rotated": "2025-10-06T15:57:15Z", - "access_key_1_last_used_date": "2025-10-15T11:07:00Z", - "access_key_1_last_used_region": "ap-northeast-1", - "access_key_1_last_used_service": "ec2", - "access_key_2_active": "false", - "access_key_2_last_rotated": "N/A", - "access_key_2_last_used_date": "N/A", - "access_key_2_last_used_region": "N/A", - "access_key_2_last_used_service": "N/A", - "cert_1_active": "false", - "cert_1_last_rotated": "N/A", - "cert_2_active": "false", - "cert_2_last_rotated": "N/A" - } - }, - "group": { - "name": "iam" - }, - "labels": [ - "CCC_INFRA_DONT_DELETE:True", - "Preexisting:20251012" - ], - "name": "terraform-user", - "type": "AwsIamUser", - "uid": "arn:aws:iam::211203495394:user/terraform-user" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Avoid using long lived access keys.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListAccessKeys.html" - ] - }, - "risk_details": "Access Keys could be lost or stolen. It creates a critical risk.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User terraform-user has long lived credentials with access to other services than IAM or STS.", - "metadata": { - "event_code": "iam_user_with_temporary_credentials", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "User terraform-user has long lived credentials with access to other services than IAM or STS.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-01.01B", - "IAM-01.04B", - "IAM-03.01B", - "IAM-03.03B", - "IAM-03.01AS", - "IAM-06.01B", - "IAM-08.02B" - ], - "AWS-Foundational-Technical-Review": [ - "IAM-002", - "IAM-0012" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.3", - "2.10.2" - ], - "KISA-ISMS-P-2023": [ - "2.5.3", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Ensure users make use of temporary credentials assuming IAM roles", - "title": "Ensure users make use of temporary credentials assuming IAM roles", - "types": [ - "Infrastructure Security" - ], - "uid": "prowler-aws-iam_user_with_temporary_credentials-211203495394-us-east-1-terraform-user" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "terraform-user", - "arn": "arn:aws:iam::211203495394:user/terraform-user" - } - }, - "group": { - "name": "iam" - }, - "labels": [ - "CCC_INFRA_DONT_DELETE:True", - "Preexisting:20251012" - ], - "name": "terraform-user", - "type": "AwsIamUser", - "uid": "arn:aws:iam::211203495394:user/terraform-user" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "As a best practice, use temporary security credentials (IAM roles) instead of creating long-term credentials like access keys, and don't create AWS account root user access keys.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html" - ] - }, - "risk_details": "As a best practice, use temporary security credentials (IAM roles) instead of creating long-term credentials like access keys, and don't create AWS account root user access keys.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 1b7c736d-854c-475a-a8a5-df95b3d7a4df is not being used but it has scheduled deletion.", - "metadata": { - "event_code": "kms_cmk_are_used", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "KMS CMK 1b7c736d-854c-475a-a8a5-df95b3d7a4df is not being used but it has scheduled deletion.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "CCC": [ - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP01" - ], - "ISO27001-2022": [ - "A.8.5", - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.1", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Check if there are CMK KMS keys not used.", - "title": "Check if there are CMK KMS keys not used.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-kms_cmk_are_used-211203495394-eu-west-1-1b7c736d-854c-475a-a8a5-df95b3d7a4df" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "1b7c736d-854c-475a-a8a5-df95b3d7a4df", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/1b7c736d-854c-475a-a8a5-df95b3d7a4df", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Id": "key-default-1", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [] - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "1b7c736d-854c-475a-a8a5-df95b3d7a4df", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/1b7c736d-854c-475a-a8a5-df95b3d7a4df" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Before deleting a customer master key (CMK), you might want to know how many cipher-texts were encrypted under that key.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-determining-usage.html" - ] - }, - "risk_details": "Unused keys may increase service cost.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 1f7c04ae-50f9-4bd6-b725-433368271fbd is not being used but it has scheduled deletion.", - "metadata": { - "event_code": "kms_cmk_are_used", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "KMS CMK 1f7c04ae-50f9-4bd6-b725-433368271fbd is not being used but it has scheduled deletion.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "CCC": [ - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP01" - ], - "ISO27001-2022": [ - "A.8.5", - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.1", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Check if there are CMK KMS keys not used.", - "title": "Check if there are CMK KMS keys not used.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-kms_cmk_are_used-211203495394-eu-west-1-1f7c04ae-50f9-4bd6-b725-433368271fbd" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "1f7c04ae-50f9-4bd6-b725-433368271fbd", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/1f7c04ae-50f9-4bd6-b725-433368271fbd", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Id": "key-default-1", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [] - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "1f7c04ae-50f9-4bd6-b725-433368271fbd", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/1f7c04ae-50f9-4bd6-b725-433368271fbd" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Before deleting a customer master key (CMK), you might want to know how many cipher-texts were encrypted under that key.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-determining-usage.html" - ] - }, - "risk_details": "Unused keys may increase service cost.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 29586687-b1be-4c1b-a758-1f2878050364 is not being used but it has scheduled deletion.", - "metadata": { - "event_code": "kms_cmk_are_used", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "KMS CMK 29586687-b1be-4c1b-a758-1f2878050364 is not being used but it has scheduled deletion.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "CCC": [ - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP01" - ], - "ISO27001-2022": [ - "A.8.5", - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.1", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Check if there are CMK KMS keys not used.", - "title": "Check if there are CMK KMS keys not used.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-kms_cmk_are_used-211203495394-eu-west-1-29586687-b1be-4c1b-a758-1f2878050364" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "29586687-b1be-4c1b-a758-1f2878050364", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/29586687-b1be-4c1b-a758-1f2878050364", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "Default", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [ - { - "TagKey": "Example", - "TagValue": "ex-rds" - }, - { - "TagKey": "GithubOrg", - "TagValue": "terraform-aws-modules" - }, - { - "TagKey": "GithubRepo", - "TagValue": "terraform-aws-rds-aurora" - } - ] - } - }, - "group": { - "name": "kms" - }, - "labels": [ - "TagKey:GithubRepo", - "TagValue:terraform-aws-rds-aurora" - ], - "name": "29586687-b1be-4c1b-a758-1f2878050364", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/29586687-b1be-4c1b-a758-1f2878050364" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Before deleting a customer master key (CMK), you might want to know how many cipher-texts were encrypted under that key.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-determining-usage.html" - ] - }, - "risk_details": "Unused keys may increase service cost.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 3c96a820-bc6c-4059-9a8e-3a283bf8c4f5 is not being used but it has scheduled deletion.", - "metadata": { - "event_code": "kms_cmk_are_used", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "KMS CMK 3c96a820-bc6c-4059-9a8e-3a283bf8c4f5 is not being used but it has scheduled deletion.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "CCC": [ - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP01" - ], - "ISO27001-2022": [ - "A.8.5", - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.1", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Check if there are CMK KMS keys not used.", - "title": "Check if there are CMK KMS keys not used.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-kms_cmk_are_used-211203495394-eu-west-1-3c96a820-bc6c-4059-9a8e-3a283bf8c4f5" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "3c96a820-bc6c-4059-9a8e-3a283bf8c4f5", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/3c96a820-bc6c-4059-9a8e-3a283bf8c4f5", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Id": "key-default-1", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [] - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "3c96a820-bc6c-4059-9a8e-3a283bf8c4f5", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/3c96a820-bc6c-4059-9a8e-3a283bf8c4f5" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Before deleting a customer master key (CMK), you might want to know how many cipher-texts were encrypted under that key.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-determining-usage.html" - ] - }, - "risk_details": "Unused keys may increase service cost.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 4cac849c-0540-454c-9d3c-cd040cfab4a9 is not being used but it has scheduled deletion.", - "metadata": { - "event_code": "kms_cmk_are_used", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "KMS CMK 4cac849c-0540-454c-9d3c-cd040cfab4a9 is not being used but it has scheduled deletion.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "CCC": [ - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP01" - ], - "ISO27001-2022": [ - "A.8.5", - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.1", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Check if there are CMK KMS keys not used.", - "title": "Check if there are CMK KMS keys not used.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-kms_cmk_are_used-211203495394-eu-west-1-4cac849c-0540-454c-9d3c-cd040cfab4a9" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "4cac849c-0540-454c-9d3c-cd040cfab4a9", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/4cac849c-0540-454c-9d3c-cd040cfab4a9", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Id": "key-default-1", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [] - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "4cac849c-0540-454c-9d3c-cd040cfab4a9", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/4cac849c-0540-454c-9d3c-cd040cfab4a9" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Before deleting a customer master key (CMK), you might want to know how many cipher-texts were encrypted under that key.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-determining-usage.html" - ] - }, - "risk_details": "Unused keys may increase service cost.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 51726887-02ae-44f3-a044-7e70d96761f9 is not being used but it has scheduled deletion.", - "metadata": { - "event_code": "kms_cmk_are_used", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "KMS CMK 51726887-02ae-44f3-a044-7e70d96761f9 is not being used but it has scheduled deletion.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "CCC": [ - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP01" - ], - "ISO27001-2022": [ - "A.8.5", - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.1", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Check if there are CMK KMS keys not used.", - "title": "Check if there are CMK KMS keys not used.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-kms_cmk_are_used-211203495394-eu-west-1-51726887-02ae-44f3-a044-7e70d96761f9" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "51726887-02ae-44f3-a044-7e70d96761f9", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/51726887-02ae-44f3-a044-7e70d96761f9", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "Default", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [ - { - "TagKey": "Example", - "TagValue": "ex-rds" - }, - { - "TagKey": "GithubOrg", - "TagValue": "terraform-aws-modules" - }, - { - "TagKey": "GithubRepo", - "TagValue": "terraform-aws-rds-aurora" - } - ] - } - }, - "group": { - "name": "kms" - }, - "labels": [ - "TagKey:GithubRepo", - "TagValue:terraform-aws-rds-aurora" - ], - "name": "51726887-02ae-44f3-a044-7e70d96761f9", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/51726887-02ae-44f3-a044-7e70d96761f9" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Before deleting a customer master key (CMK), you might want to know how many cipher-texts were encrypted under that key.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-determining-usage.html" - ] - }, - "risk_details": "Unused keys may increase service cost.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 6ce7a755-4867-4c6a-966c-896a1edcc078 is not being used but it has scheduled deletion.", - "metadata": { - "event_code": "kms_cmk_are_used", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "KMS CMK 6ce7a755-4867-4c6a-966c-896a1edcc078 is not being used but it has scheduled deletion.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "CCC": [ - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP01" - ], - "ISO27001-2022": [ - "A.8.5", - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.1", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Check if there are CMK KMS keys not used.", - "title": "Check if there are CMK KMS keys not used.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-kms_cmk_are_used-211203495394-eu-west-1-6ce7a755-4867-4c6a-966c-896a1edcc078" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "6ce7a755-4867-4c6a-966c-896a1edcc078", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/6ce7a755-4867-4c6a-966c-896a1edcc078", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Id": "key-default-1", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [] - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "6ce7a755-4867-4c6a-966c-896a1edcc078", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/6ce7a755-4867-4c6a-966c-896a1edcc078" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Before deleting a customer master key (CMK), you might want to know how many cipher-texts were encrypted under that key.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-determining-usage.html" - ] - }, - "risk_details": "Unused keys may increase service cost.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 737fb7a4-e9f8-4ab4-87a8-aac87372f1c4 is not being used but it has scheduled deletion.", - "metadata": { - "event_code": "kms_cmk_are_used", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "KMS CMK 737fb7a4-e9f8-4ab4-87a8-aac87372f1c4 is not being used but it has scheduled deletion.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "CCC": [ - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP01" - ], - "ISO27001-2022": [ - "A.8.5", - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.1", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Check if there are CMK KMS keys not used.", - "title": "Check if there are CMK KMS keys not used.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-kms_cmk_are_used-211203495394-eu-west-1-737fb7a4-e9f8-4ab4-87a8-aac87372f1c4" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "737fb7a4-e9f8-4ab4-87a8-aac87372f1c4", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/737fb7a4-e9f8-4ab4-87a8-aac87372f1c4", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Id": "key-default-1", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [] - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "737fb7a4-e9f8-4ab4-87a8-aac87372f1c4", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/737fb7a4-e9f8-4ab4-87a8-aac87372f1c4" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Before deleting a customer master key (CMK), you might want to know how many cipher-texts were encrypted under that key.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-determining-usage.html" - ] - }, - "risk_details": "Unused keys may increase service cost.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 7becded9-6105-409d-9ddc-1ec9ad37781a is not being used but it has scheduled deletion.", - "metadata": { - "event_code": "kms_cmk_are_used", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "KMS CMK 7becded9-6105-409d-9ddc-1ec9ad37781a is not being used but it has scheduled deletion.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "CCC": [ - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP01" - ], - "ISO27001-2022": [ - "A.8.5", - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.1", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Check if there are CMK KMS keys not used.", - "title": "Check if there are CMK KMS keys not used.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-kms_cmk_are_used-211203495394-eu-west-1-7becded9-6105-409d-9ddc-1ec9ad37781a" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "7becded9-6105-409d-9ddc-1ec9ad37781a", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/7becded9-6105-409d-9ddc-1ec9ad37781a", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "Default", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [ - { - "TagKey": "Example", - "TagValue": "ex-rds" - }, - { - "TagKey": "GithubOrg", - "TagValue": "terraform-aws-modules" - }, - { - "TagKey": "GithubRepo", - "TagValue": "terraform-aws-rds-aurora" - } - ] - } - }, - "group": { - "name": "kms" - }, - "labels": [ - "TagKey:GithubRepo", - "TagValue:terraform-aws-rds-aurora" - ], - "name": "7becded9-6105-409d-9ddc-1ec9ad37781a", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/7becded9-6105-409d-9ddc-1ec9ad37781a" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Before deleting a customer master key (CMK), you might want to know how many cipher-texts were encrypted under that key.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-determining-usage.html" - ] - }, - "risk_details": "Unused keys may increase service cost.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 84910ea5-e87b-4175-a70d-317307443c9b is not being used but it has scheduled deletion.", - "metadata": { - "event_code": "kms_cmk_are_used", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "KMS CMK 84910ea5-e87b-4175-a70d-317307443c9b is not being used but it has scheduled deletion.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "CCC": [ - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP01" - ], - "ISO27001-2022": [ - "A.8.5", - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.1", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Check if there are CMK KMS keys not used.", - "title": "Check if there are CMK KMS keys not used.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-kms_cmk_are_used-211203495394-eu-west-1-84910ea5-e87b-4175-a70d-317307443c9b" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "84910ea5-e87b-4175-a70d-317307443c9b", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/84910ea5-e87b-4175-a70d-317307443c9b", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Id": "key-default-1", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [] - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "84910ea5-e87b-4175-a70d-317307443c9b", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/84910ea5-e87b-4175-a70d-317307443c9b" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Before deleting a customer master key (CMK), you might want to know how many cipher-texts were encrypted under that key.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-determining-usage.html" - ] - }, - "risk_details": "Unused keys may increase service cost.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 8775e1db-1bd3-430a-859e-3f4c2add845f is not being used but it has scheduled deletion.", - "metadata": { - "event_code": "kms_cmk_are_used", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "KMS CMK 8775e1db-1bd3-430a-859e-3f4c2add845f is not being used but it has scheduled deletion.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "CCC": [ - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP01" - ], - "ISO27001-2022": [ - "A.8.5", - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.1", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Check if there are CMK KMS keys not used.", - "title": "Check if there are CMK KMS keys not used.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-kms_cmk_are_used-211203495394-eu-west-1-8775e1db-1bd3-430a-859e-3f4c2add845f" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "8775e1db-1bd3-430a-859e-3f4c2add845f", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/8775e1db-1bd3-430a-859e-3f4c2add845f", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Id": "key-default-1", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [] - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "8775e1db-1bd3-430a-859e-3f4c2add845f", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/8775e1db-1bd3-430a-859e-3f4c2add845f" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Before deleting a customer master key (CMK), you might want to know how many cipher-texts were encrypted under that key.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-determining-usage.html" - ] - }, - "risk_details": "Unused keys may increase service cost.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 99ad2e00-15a1-4135-b8fb-dd5accf3652f is not being used but it has scheduled deletion.", - "metadata": { - "event_code": "kms_cmk_are_used", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "KMS CMK 99ad2e00-15a1-4135-b8fb-dd5accf3652f is not being used but it has scheduled deletion.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "CCC": [ - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP01" - ], - "ISO27001-2022": [ - "A.8.5", - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.1", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Check if there are CMK KMS keys not used.", - "title": "Check if there are CMK KMS keys not used.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-kms_cmk_are_used-211203495394-eu-west-1-99ad2e00-15a1-4135-b8fb-dd5accf3652f" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "99ad2e00-15a1-4135-b8fb-dd5accf3652f", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/99ad2e00-15a1-4135-b8fb-dd5accf3652f", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Id": "key-default-1", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [] - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "99ad2e00-15a1-4135-b8fb-dd5accf3652f", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/99ad2e00-15a1-4135-b8fb-dd5accf3652f" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Before deleting a customer master key (CMK), you might want to know how many cipher-texts were encrypted under that key.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-determining-usage.html" - ] - }, - "risk_details": "Unused keys may increase service cost.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 9df09165-d3c4-46c5-954f-a66bcb65f64f is not being used but it has scheduled deletion.", - "metadata": { - "event_code": "kms_cmk_are_used", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "KMS CMK 9df09165-d3c4-46c5-954f-a66bcb65f64f is not being used but it has scheduled deletion.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "CCC": [ - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP01" - ], - "ISO27001-2022": [ - "A.8.5", - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.1", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Check if there are CMK KMS keys not used.", - "title": "Check if there are CMK KMS keys not used.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-kms_cmk_are_used-211203495394-eu-west-1-9df09165-d3c4-46c5-954f-a66bcb65f64f" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "9df09165-d3c4-46c5-954f-a66bcb65f64f", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/9df09165-d3c4-46c5-954f-a66bcb65f64f", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Id": "key-default-1", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [] - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "9df09165-d3c4-46c5-954f-a66bcb65f64f", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/9df09165-d3c4-46c5-954f-a66bcb65f64f" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Before deleting a customer master key (CMK), you might want to know how many cipher-texts were encrypted under that key.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-determining-usage.html" - ] - }, - "risk_details": "Unused keys may increase service cost.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK b6fe9898-8d78-4d6f-aeeb-2f2083ab7552 is not being used but it has scheduled deletion.", - "metadata": { - "event_code": "kms_cmk_are_used", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "KMS CMK b6fe9898-8d78-4d6f-aeeb-2f2083ab7552 is not being used but it has scheduled deletion.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "CCC": [ - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP01" - ], - "ISO27001-2022": [ - "A.8.5", - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.1", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Check if there are CMK KMS keys not used.", - "title": "Check if there are CMK KMS keys not used.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-kms_cmk_are_used-211203495394-eu-west-1-b6fe9898-8d78-4d6f-aeeb-2f2083ab7552" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "b6fe9898-8d78-4d6f-aeeb-2f2083ab7552", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/b6fe9898-8d78-4d6f-aeeb-2f2083ab7552", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Id": "key-default-1", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [] - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "b6fe9898-8d78-4d6f-aeeb-2f2083ab7552", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/b6fe9898-8d78-4d6f-aeeb-2f2083ab7552" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Before deleting a customer master key (CMK), you might want to know how many cipher-texts were encrypted under that key.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-determining-usage.html" - ] - }, - "risk_details": "Unused keys may increase service cost.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK c28e1f44-d1bb-40d8-beef-21efdcb66bb7 is not being used but it has scheduled deletion.", - "metadata": { - "event_code": "kms_cmk_are_used", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "KMS CMK c28e1f44-d1bb-40d8-beef-21efdcb66bb7 is not being used but it has scheduled deletion.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "CCC": [ - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP01" - ], - "ISO27001-2022": [ - "A.8.5", - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.1", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Check if there are CMK KMS keys not used.", - "title": "Check if there are CMK KMS keys not used.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-kms_cmk_are_used-211203495394-eu-west-1-c28e1f44-d1bb-40d8-beef-21efdcb66bb7" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "c28e1f44-d1bb-40d8-beef-21efdcb66bb7", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/c28e1f44-d1bb-40d8-beef-21efdcb66bb7", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "Default", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [ - { - "TagKey": "Example", - "TagValue": "ex-rds" - }, - { - "TagKey": "GithubOrg", - "TagValue": "terraform-aws-modules" - }, - { - "TagKey": "GithubRepo", - "TagValue": "terraform-aws-rds-aurora" - } - ] - } - }, - "group": { - "name": "kms" - }, - "labels": [ - "TagKey:GithubRepo", - "TagValue:terraform-aws-rds-aurora" - ], - "name": "c28e1f44-d1bb-40d8-beef-21efdcb66bb7", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/c28e1f44-d1bb-40d8-beef-21efdcb66bb7" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Before deleting a customer master key (CMK), you might want to know how many cipher-texts were encrypted under that key.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-determining-usage.html" - ] - }, - "risk_details": "Unused keys may increase service cost.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK c45a036b-843a-48be-9621-57e49da9e4f6 is not being used but it has scheduled deletion.", - "metadata": { - "event_code": "kms_cmk_are_used", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "KMS CMK c45a036b-843a-48be-9621-57e49da9e4f6 is not being used but it has scheduled deletion.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "CCC": [ - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP01" - ], - "ISO27001-2022": [ - "A.8.5", - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.1", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Check if there are CMK KMS keys not used.", - "title": "Check if there are CMK KMS keys not used.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-kms_cmk_are_used-211203495394-eu-west-1-c45a036b-843a-48be-9621-57e49da9e4f6" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "c45a036b-843a-48be-9621-57e49da9e4f6", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/c45a036b-843a-48be-9621-57e49da9e4f6", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "Default", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [ - { - "TagKey": "Example", - "TagValue": "ex-rds" - }, - { - "TagKey": "GithubOrg", - "TagValue": "terraform-aws-modules" - }, - { - "TagKey": "GithubRepo", - "TagValue": "terraform-aws-rds-aurora" - } - ] - } - }, - "group": { - "name": "kms" - }, - "labels": [ - "TagKey:GithubRepo", - "TagValue:terraform-aws-rds-aurora" - ], - "name": "c45a036b-843a-48be-9621-57e49da9e4f6", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/c45a036b-843a-48be-9621-57e49da9e4f6" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Before deleting a customer master key (CMK), you might want to know how many cipher-texts were encrypted under that key.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-determining-usage.html" - ] - }, - "risk_details": "Unused keys may increase service cost.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK cdbd7090-6c87-4e56-b755-fddf82d253ef is not being used but it has scheduled deletion.", - "metadata": { - "event_code": "kms_cmk_are_used", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "KMS CMK cdbd7090-6c87-4e56-b755-fddf82d253ef is not being used but it has scheduled deletion.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "CCC": [ - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP01" - ], - "ISO27001-2022": [ - "A.8.5", - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.1", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Check if there are CMK KMS keys not used.", - "title": "Check if there are CMK KMS keys not used.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-kms_cmk_are_used-211203495394-eu-west-1-cdbd7090-6c87-4e56-b755-fddf82d253ef" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "cdbd7090-6c87-4e56-b755-fddf82d253ef", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/cdbd7090-6c87-4e56-b755-fddf82d253ef", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Id": "key-default-1", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [] - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "cdbd7090-6c87-4e56-b755-fddf82d253ef", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/cdbd7090-6c87-4e56-b755-fddf82d253ef" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Before deleting a customer master key (CMK), you might want to know how many cipher-texts were encrypted under that key.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-determining-usage.html" - ] - }, - "risk_details": "Unused keys may increase service cost.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK cf944303-41d3-401c-b296-00cbbb3d5ca4 is not being used but it has scheduled deletion.", - "metadata": { - "event_code": "kms_cmk_are_used", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "KMS CMK cf944303-41d3-401c-b296-00cbbb3d5ca4 is not being used but it has scheduled deletion.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "CCC": [ - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP01" - ], - "ISO27001-2022": [ - "A.8.5", - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.1", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Check if there are CMK KMS keys not used.", - "title": "Check if there are CMK KMS keys not used.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-kms_cmk_are_used-211203495394-eu-west-1-cf944303-41d3-401c-b296-00cbbb3d5ca4" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "cf944303-41d3-401c-b296-00cbbb3d5ca4", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/cf944303-41d3-401c-b296-00cbbb3d5ca4", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Id": "key-default-1", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [] - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "cf944303-41d3-401c-b296-00cbbb3d5ca4", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/cf944303-41d3-401c-b296-00cbbb3d5ca4" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Before deleting a customer master key (CMK), you might want to know how many cipher-texts were encrypted under that key.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-determining-usage.html" - ] - }, - "risk_details": "Unused keys may increase service cost.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 939cf539-5ce7-4c5f-a055-b2eb4fe5d9be is not being used but it has scheduled deletion.", - "metadata": { - "event_code": "kms_cmk_are_used", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "KMS CMK 939cf539-5ce7-4c5f-a055-b2eb4fe5d9be is not being used but it has scheduled deletion.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "CCC": [ - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP01" - ], - "ISO27001-2022": [ - "A.8.5", - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.1", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Check if there are CMK KMS keys not used.", - "title": "Check if there are CMK KMS keys not used.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-kms_cmk_are_used-211203495394-us-east-1-939cf539-5ce7-4c5f-a055-b2eb4fe5d9be" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "id": "939cf539-5ce7-4c5f-a055-b2eb4fe5d9be", - "arn": "arn:aws:kms:us-east-1:211203495394:key/939cf539-5ce7-4c5f-a055-b2eb4fe5d9be", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - }, - { - "Sid": "Allow CloudWatch Logs", - "Effect": "Allow", - "Principal": { - "Service": "logs.us-east-1.amazonaws.com" - }, - "Action": [ - "kms:Encrypt*", - "kms:Decrypt*", - "kms:ReEncrypt*", - "kms:GenerateDataKey*", - "kms:Describe*" - ], - "Resource": "*", - "Condition": { - "ArnLike": { - "kms:EncryptionContext:aws:logs:arn": "arn:aws:logs:us-east-1:211203495394:log-group:/aws/s3/*" - } - } - }, - { - "Sid": "Allow Key Users", - "Effect": "Allow", - "Principal": { - "AWS": [ - "arn:aws:iam::211203495394:root", - "arn:aws:iam::211203495394:user/terraform-user" - ] - }, - "Action": [ - "kms:Encrypt", - "kms:Decrypt", - "kms:ReEncrypt*", - "kms:GenerateDataKey*", - "kms:DescribeKey" - ], - "Resource": "*", - "Condition": { - "ArnLike": { - "kms:EncryptionContext:aws:logs:arn": "arn:aws:logs:us-east-1:211203495394:log-group:/aws/s3/*" - } - } - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "us-east-1", - "multi_region": false, - "tags": [ - { - "TagKey": "Environment", - "TagValue": "Production" - }, - { - "TagKey": "Owner", - "TagValue": "CFI" - }, - { - "TagKey": "managed-by", - "TagValue": "terraform" - }, - { - "TagKey": "module", - "TagValue": "secure-s3" - } - ] - } - }, - "group": { - "name": "kms" - }, - "labels": [ - "TagKey:module", - "TagValue:secure-s3" - ], - "name": "939cf539-5ce7-4c5f-a055-b2eb4fe5d9be", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:us-east-1:211203495394:key/939cf539-5ce7-4c5f-a055-b2eb4fe5d9be" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Before deleting a customer master key (CMK), you might want to know how many cipher-texts were encrypted under that key.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-determining-usage.html" - ] - }, - "risk_details": "Unused keys may increase service cost.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK a80c0553-bf44-472b-a141-674b2d47209b is not being used but it has scheduled deletion.", - "metadata": { - "event_code": "kms_cmk_are_used", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "KMS CMK a80c0553-bf44-472b-a141-674b2d47209b is not being used but it has scheduled deletion.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "CCC": [ - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP01" - ], - "ISO27001-2022": [ - "A.8.5", - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.1", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Check if there are CMK KMS keys not used.", - "title": "Check if there are CMK KMS keys not used.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-kms_cmk_are_used-211203495394-us-east-1-a80c0553-bf44-472b-a141-674b2d47209b" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "id": "a80c0553-bf44-472b-a141-674b2d47209b", - "arn": "arn:aws:kms:us-east-1:211203495394:key/a80c0553-bf44-472b-a141-674b2d47209b", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - }, - { - "Sid": "Allow CloudWatch Logs", - "Effect": "Allow", - "Principal": { - "Service": "logs.us-east-1.amazonaws.com" - }, - "Action": [ - "kms:Encrypt*", - "kms:Decrypt*", - "kms:ReEncrypt*", - "kms:GenerateDataKey*", - "kms:Describe*" - ], - "Resource": "*", - "Condition": { - "ArnLike": { - "kms:EncryptionContext:aws:logs:arn": "arn:aws:logs:us-east-1:211203495394:log-group:/aws/s3/*" - } - } - }, - { - "Sid": "Allow Key Users", - "Effect": "Allow", - "Principal": { - "AWS": [ - "arn:aws:iam::211203495394:root", - "arn:aws:iam::211203495394:user/terraform-user" - ] - }, - "Action": [ - "kms:Encrypt", - "kms:Decrypt", - "kms:ReEncrypt*", - "kms:GenerateDataKey*", - "kms:DescribeKey" - ], - "Resource": "*", - "Condition": { - "ArnLike": { - "kms:EncryptionContext:aws:logs:arn": "arn:aws:logs:us-east-1:211203495394:log-group:/aws/s3/*" - } - } - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "us-east-1", - "multi_region": false, - "tags": [ - { - "TagKey": "Environment", - "TagValue": "Production" - }, - { - "TagKey": "Owner", - "TagValue": "CFI" - }, - { - "TagKey": "managed-by", - "TagValue": "terraform" - }, - { - "TagKey": "module", - "TagValue": "secure-s3" - } - ] - } - }, - "group": { - "name": "kms" - }, - "labels": [ - "TagKey:module", - "TagValue:secure-s3" - ], - "name": "a80c0553-bf44-472b-a141-674b2d47209b", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:us-east-1:211203495394:key/a80c0553-bf44-472b-a141-674b2d47209b" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Before deleting a customer master key (CMK), you might want to know how many cipher-texts were encrypted under that key.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-determining-usage.html" - ] - }, - "risk_details": "Unused keys may increase service cost.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK bcf39cd2-6148-425c-8c08-c140ee2c5a9f is not being used but it has scheduled deletion.", - "metadata": { - "event_code": "kms_cmk_are_used", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "KMS CMK bcf39cd2-6148-425c-8c08-c140ee2c5a9f is not being used but it has scheduled deletion.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "CCC": [ - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP01" - ], - "ISO27001-2022": [ - "A.8.5", - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.1", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Check if there are CMK KMS keys not used.", - "title": "Check if there are CMK KMS keys not used.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-kms_cmk_are_used-211203495394-us-east-1-bcf39cd2-6148-425c-8c08-c140ee2c5a9f" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "id": "bcf39cd2-6148-425c-8c08-c140ee2c5a9f", - "arn": "arn:aws:kms:us-east-1:211203495394:key/bcf39cd2-6148-425c-8c08-c140ee2c5a9f", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - }, - { - "Sid": "Allow CloudWatch Logs", - "Effect": "Allow", - "Principal": { - "Service": "logs.us-east-1.amazonaws.com" - }, - "Action": [ - "kms:Encrypt*", - "kms:Decrypt*", - "kms:ReEncrypt*", - "kms:GenerateDataKey*", - "kms:Describe*" - ], - "Resource": "*", - "Condition": { - "ArnLike": { - "kms:EncryptionContext:aws:logs:arn": "arn:aws:logs:us-east-1:211203495394:log-group:/aws/s3/*" - } - } - }, - { - "Sid": "Allow Key Users", - "Effect": "Allow", - "Principal": { - "AWS": [ - "arn:aws:iam::211203495394:root", - "arn:aws:iam::211203495394:user/terraform-user" - ] - }, - "Action": [ - "kms:Encrypt", - "kms:Decrypt", - "kms:ReEncrypt*", - "kms:GenerateDataKey*", - "kms:DescribeKey" - ], - "Resource": "*", - "Condition": { - "ArnLike": { - "kms:EncryptionContext:aws:logs:arn": "arn:aws:logs:us-east-1:211203495394:log-group:/aws/s3/*" - } - } - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "us-east-1", - "multi_region": false, - "tags": [ - { - "TagKey": "Environment", - "TagValue": "Production" - }, - { - "TagKey": "Owner", - "TagValue": "CFI" - }, - { - "TagKey": "managed-by", - "TagValue": "terraform" - }, - { - "TagKey": "module", - "TagValue": "secure-s3" - } - ] - } - }, - "group": { - "name": "kms" - }, - "labels": [ - "TagKey:module", - "TagValue:secure-s3" - ], - "name": "bcf39cd2-6148-425c-8c08-c140ee2c5a9f", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:us-east-1:211203495394:key/bcf39cd2-6148-425c-8c08-c140ee2c5a9f" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Before deleting a customer master key (CMK), you might want to know how many cipher-texts were encrypted under that key.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-determining-usage.html" - ] - }, - "risk_details": "Unused keys may increase service cost.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 1b7c736d-854c-475a-a8a5-df95b3d7a4df is scheduled for deletion, revert it if it was unintentionally.", - "metadata": { - "event_code": "kms_cmk_not_deleted_unintentionally", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "FAIL", - "status_detail": "KMS CMK 1b7c736d-854c-475a-a8a5-df95b3d7a4df is scheduled for deletion, revert it if it was unintentionally.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "AM-07.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-16.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.9.2", - "2.10.1" - ], - "PCI-4.0": [ - "3.5.1.1.9", - "3.5.1.3.17", - "3.6.1.2.9", - "3.6.1.3.9", - "3.6.1.4.9", - "3.6.1.9", - "3.7.1.10", - "3.7.2.9", - "3.7.4.10", - "3.7.6.9", - "3.7.7.9", - "4.2.1.1.22" - ], - "CCC": [ - "CCC.KeyMgmt.CN01.AR01", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR02", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.ObjStor.CN05.AR04", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Foundational-Security-Best-Practices": [ - "KMS.3" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.9.2", - "2.10.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Ensure there is no customer keys scheduled for deletion.", - "title": "AWS KMS keys should not be deleted unintentionally", - "types": [ - "Data Deletion Protection" - ], - "uid": "prowler-aws-kms_cmk_not_deleted_unintentionally-211203495394-eu-west-1-1b7c736d-854c-475a-a8a5-df95b3d7a4df" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "1b7c736d-854c-475a-a8a5-df95b3d7a4df", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/1b7c736d-854c-475a-a8a5-df95b3d7a4df", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Id": "key-default-1", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [] - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "1b7c736d-854c-475a-a8a5-df95b3d7a4df", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/1b7c736d-854c-475a-a8a5-df95b3d7a4df" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Cancel the deletion before the end of the period unless you really want to delete that CMK, as it will no longer be usable.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html#deleting-keys-scheduling-key-deletion-console" - ] - }, - "risk_details": "KMS keys cannot be recovered once deleted, also, all the data under a KMS key is also permanently unrecoverable if the KMS key is deleted.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 1f7c04ae-50f9-4bd6-b725-433368271fbd is scheduled for deletion, revert it if it was unintentionally.", - "metadata": { - "event_code": "kms_cmk_not_deleted_unintentionally", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "FAIL", - "status_detail": "KMS CMK 1f7c04ae-50f9-4bd6-b725-433368271fbd is scheduled for deletion, revert it if it was unintentionally.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "AM-07.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-16.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.9.2", - "2.10.1" - ], - "PCI-4.0": [ - "3.5.1.1.9", - "3.5.1.3.17", - "3.6.1.2.9", - "3.6.1.3.9", - "3.6.1.4.9", - "3.6.1.9", - "3.7.1.10", - "3.7.2.9", - "3.7.4.10", - "3.7.6.9", - "3.7.7.9", - "4.2.1.1.22" - ], - "CCC": [ - "CCC.KeyMgmt.CN01.AR01", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR02", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.ObjStor.CN05.AR04", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Foundational-Security-Best-Practices": [ - "KMS.3" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.9.2", - "2.10.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Ensure there is no customer keys scheduled for deletion.", - "title": "AWS KMS keys should not be deleted unintentionally", - "types": [ - "Data Deletion Protection" - ], - "uid": "prowler-aws-kms_cmk_not_deleted_unintentionally-211203495394-eu-west-1-1f7c04ae-50f9-4bd6-b725-433368271fbd" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "1f7c04ae-50f9-4bd6-b725-433368271fbd", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/1f7c04ae-50f9-4bd6-b725-433368271fbd", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Id": "key-default-1", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [] - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "1f7c04ae-50f9-4bd6-b725-433368271fbd", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/1f7c04ae-50f9-4bd6-b725-433368271fbd" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Cancel the deletion before the end of the period unless you really want to delete that CMK, as it will no longer be usable.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html#deleting-keys-scheduling-key-deletion-console" - ] - }, - "risk_details": "KMS keys cannot be recovered once deleted, also, all the data under a KMS key is also permanently unrecoverable if the KMS key is deleted.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 29586687-b1be-4c1b-a758-1f2878050364 is scheduled for deletion, revert it if it was unintentionally.", - "metadata": { - "event_code": "kms_cmk_not_deleted_unintentionally", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "FAIL", - "status_detail": "KMS CMK 29586687-b1be-4c1b-a758-1f2878050364 is scheduled for deletion, revert it if it was unintentionally.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "AM-07.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-16.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.9.2", - "2.10.1" - ], - "PCI-4.0": [ - "3.5.1.1.9", - "3.5.1.3.17", - "3.6.1.2.9", - "3.6.1.3.9", - "3.6.1.4.9", - "3.6.1.9", - "3.7.1.10", - "3.7.2.9", - "3.7.4.10", - "3.7.6.9", - "3.7.7.9", - "4.2.1.1.22" - ], - "CCC": [ - "CCC.KeyMgmt.CN01.AR01", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR02", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.ObjStor.CN05.AR04", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Foundational-Security-Best-Practices": [ - "KMS.3" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.9.2", - "2.10.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Ensure there is no customer keys scheduled for deletion.", - "title": "AWS KMS keys should not be deleted unintentionally", - "types": [ - "Data Deletion Protection" - ], - "uid": "prowler-aws-kms_cmk_not_deleted_unintentionally-211203495394-eu-west-1-29586687-b1be-4c1b-a758-1f2878050364" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "29586687-b1be-4c1b-a758-1f2878050364", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/29586687-b1be-4c1b-a758-1f2878050364", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "Default", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [ - { - "TagKey": "Example", - "TagValue": "ex-rds" - }, - { - "TagKey": "GithubOrg", - "TagValue": "terraform-aws-modules" - }, - { - "TagKey": "GithubRepo", - "TagValue": "terraform-aws-rds-aurora" - } - ] - } - }, - "group": { - "name": "kms" - }, - "labels": [ - "TagKey:GithubRepo", - "TagValue:terraform-aws-rds-aurora" - ], - "name": "29586687-b1be-4c1b-a758-1f2878050364", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/29586687-b1be-4c1b-a758-1f2878050364" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Cancel the deletion before the end of the period unless you really want to delete that CMK, as it will no longer be usable.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html#deleting-keys-scheduling-key-deletion-console" - ] - }, - "risk_details": "KMS keys cannot be recovered once deleted, also, all the data under a KMS key is also permanently unrecoverable if the KMS key is deleted.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 3c96a820-bc6c-4059-9a8e-3a283bf8c4f5 is scheduled for deletion, revert it if it was unintentionally.", - "metadata": { - "event_code": "kms_cmk_not_deleted_unintentionally", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "FAIL", - "status_detail": "KMS CMK 3c96a820-bc6c-4059-9a8e-3a283bf8c4f5 is scheduled for deletion, revert it if it was unintentionally.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "AM-07.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-16.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.9.2", - "2.10.1" - ], - "PCI-4.0": [ - "3.5.1.1.9", - "3.5.1.3.17", - "3.6.1.2.9", - "3.6.1.3.9", - "3.6.1.4.9", - "3.6.1.9", - "3.7.1.10", - "3.7.2.9", - "3.7.4.10", - "3.7.6.9", - "3.7.7.9", - "4.2.1.1.22" - ], - "CCC": [ - "CCC.KeyMgmt.CN01.AR01", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR02", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.ObjStor.CN05.AR04", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Foundational-Security-Best-Practices": [ - "KMS.3" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.9.2", - "2.10.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Ensure there is no customer keys scheduled for deletion.", - "title": "AWS KMS keys should not be deleted unintentionally", - "types": [ - "Data Deletion Protection" - ], - "uid": "prowler-aws-kms_cmk_not_deleted_unintentionally-211203495394-eu-west-1-3c96a820-bc6c-4059-9a8e-3a283bf8c4f5" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "3c96a820-bc6c-4059-9a8e-3a283bf8c4f5", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/3c96a820-bc6c-4059-9a8e-3a283bf8c4f5", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Id": "key-default-1", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [] - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "3c96a820-bc6c-4059-9a8e-3a283bf8c4f5", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/3c96a820-bc6c-4059-9a8e-3a283bf8c4f5" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Cancel the deletion before the end of the period unless you really want to delete that CMK, as it will no longer be usable.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html#deleting-keys-scheduling-key-deletion-console" - ] - }, - "risk_details": "KMS keys cannot be recovered once deleted, also, all the data under a KMS key is also permanently unrecoverable if the KMS key is deleted.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 4cac849c-0540-454c-9d3c-cd040cfab4a9 is scheduled for deletion, revert it if it was unintentionally.", - "metadata": { - "event_code": "kms_cmk_not_deleted_unintentionally", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "FAIL", - "status_detail": "KMS CMK 4cac849c-0540-454c-9d3c-cd040cfab4a9 is scheduled for deletion, revert it if it was unintentionally.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "AM-07.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-16.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.9.2", - "2.10.1" - ], - "PCI-4.0": [ - "3.5.1.1.9", - "3.5.1.3.17", - "3.6.1.2.9", - "3.6.1.3.9", - "3.6.1.4.9", - "3.6.1.9", - "3.7.1.10", - "3.7.2.9", - "3.7.4.10", - "3.7.6.9", - "3.7.7.9", - "4.2.1.1.22" - ], - "CCC": [ - "CCC.KeyMgmt.CN01.AR01", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR02", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.ObjStor.CN05.AR04", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Foundational-Security-Best-Practices": [ - "KMS.3" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.9.2", - "2.10.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Ensure there is no customer keys scheduled for deletion.", - "title": "AWS KMS keys should not be deleted unintentionally", - "types": [ - "Data Deletion Protection" - ], - "uid": "prowler-aws-kms_cmk_not_deleted_unintentionally-211203495394-eu-west-1-4cac849c-0540-454c-9d3c-cd040cfab4a9" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "4cac849c-0540-454c-9d3c-cd040cfab4a9", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/4cac849c-0540-454c-9d3c-cd040cfab4a9", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Id": "key-default-1", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [] - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "4cac849c-0540-454c-9d3c-cd040cfab4a9", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/4cac849c-0540-454c-9d3c-cd040cfab4a9" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Cancel the deletion before the end of the period unless you really want to delete that CMK, as it will no longer be usable.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html#deleting-keys-scheduling-key-deletion-console" - ] - }, - "risk_details": "KMS keys cannot be recovered once deleted, also, all the data under a KMS key is also permanently unrecoverable if the KMS key is deleted.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 51726887-02ae-44f3-a044-7e70d96761f9 is scheduled for deletion, revert it if it was unintentionally.", - "metadata": { - "event_code": "kms_cmk_not_deleted_unintentionally", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "FAIL", - "status_detail": "KMS CMK 51726887-02ae-44f3-a044-7e70d96761f9 is scheduled for deletion, revert it if it was unintentionally.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "AM-07.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-16.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.9.2", - "2.10.1" - ], - "PCI-4.0": [ - "3.5.1.1.9", - "3.5.1.3.17", - "3.6.1.2.9", - "3.6.1.3.9", - "3.6.1.4.9", - "3.6.1.9", - "3.7.1.10", - "3.7.2.9", - "3.7.4.10", - "3.7.6.9", - "3.7.7.9", - "4.2.1.1.22" - ], - "CCC": [ - "CCC.KeyMgmt.CN01.AR01", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR02", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.ObjStor.CN05.AR04", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Foundational-Security-Best-Practices": [ - "KMS.3" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.9.2", - "2.10.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Ensure there is no customer keys scheduled for deletion.", - "title": "AWS KMS keys should not be deleted unintentionally", - "types": [ - "Data Deletion Protection" - ], - "uid": "prowler-aws-kms_cmk_not_deleted_unintentionally-211203495394-eu-west-1-51726887-02ae-44f3-a044-7e70d96761f9" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "51726887-02ae-44f3-a044-7e70d96761f9", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/51726887-02ae-44f3-a044-7e70d96761f9", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "Default", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [ - { - "TagKey": "Example", - "TagValue": "ex-rds" - }, - { - "TagKey": "GithubOrg", - "TagValue": "terraform-aws-modules" - }, - { - "TagKey": "GithubRepo", - "TagValue": "terraform-aws-rds-aurora" - } - ] - } - }, - "group": { - "name": "kms" - }, - "labels": [ - "TagKey:GithubRepo", - "TagValue:terraform-aws-rds-aurora" - ], - "name": "51726887-02ae-44f3-a044-7e70d96761f9", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/51726887-02ae-44f3-a044-7e70d96761f9" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Cancel the deletion before the end of the period unless you really want to delete that CMK, as it will no longer be usable.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html#deleting-keys-scheduling-key-deletion-console" - ] - }, - "risk_details": "KMS keys cannot be recovered once deleted, also, all the data under a KMS key is also permanently unrecoverable if the KMS key is deleted.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 6ce7a755-4867-4c6a-966c-896a1edcc078 is scheduled for deletion, revert it if it was unintentionally.", - "metadata": { - "event_code": "kms_cmk_not_deleted_unintentionally", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "FAIL", - "status_detail": "KMS CMK 6ce7a755-4867-4c6a-966c-896a1edcc078 is scheduled for deletion, revert it if it was unintentionally.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "AM-07.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-16.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.9.2", - "2.10.1" - ], - "PCI-4.0": [ - "3.5.1.1.9", - "3.5.1.3.17", - "3.6.1.2.9", - "3.6.1.3.9", - "3.6.1.4.9", - "3.6.1.9", - "3.7.1.10", - "3.7.2.9", - "3.7.4.10", - "3.7.6.9", - "3.7.7.9", - "4.2.1.1.22" - ], - "CCC": [ - "CCC.KeyMgmt.CN01.AR01", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR02", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.ObjStor.CN05.AR04", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Foundational-Security-Best-Practices": [ - "KMS.3" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.9.2", - "2.10.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Ensure there is no customer keys scheduled for deletion.", - "title": "AWS KMS keys should not be deleted unintentionally", - "types": [ - "Data Deletion Protection" - ], - "uid": "prowler-aws-kms_cmk_not_deleted_unintentionally-211203495394-eu-west-1-6ce7a755-4867-4c6a-966c-896a1edcc078" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "6ce7a755-4867-4c6a-966c-896a1edcc078", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/6ce7a755-4867-4c6a-966c-896a1edcc078", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Id": "key-default-1", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [] - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "6ce7a755-4867-4c6a-966c-896a1edcc078", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/6ce7a755-4867-4c6a-966c-896a1edcc078" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Cancel the deletion before the end of the period unless you really want to delete that CMK, as it will no longer be usable.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html#deleting-keys-scheduling-key-deletion-console" - ] - }, - "risk_details": "KMS keys cannot be recovered once deleted, also, all the data under a KMS key is also permanently unrecoverable if the KMS key is deleted.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 737fb7a4-e9f8-4ab4-87a8-aac87372f1c4 is scheduled for deletion, revert it if it was unintentionally.", - "metadata": { - "event_code": "kms_cmk_not_deleted_unintentionally", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "FAIL", - "status_detail": "KMS CMK 737fb7a4-e9f8-4ab4-87a8-aac87372f1c4 is scheduled for deletion, revert it if it was unintentionally.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "AM-07.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-16.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.9.2", - "2.10.1" - ], - "PCI-4.0": [ - "3.5.1.1.9", - "3.5.1.3.17", - "3.6.1.2.9", - "3.6.1.3.9", - "3.6.1.4.9", - "3.6.1.9", - "3.7.1.10", - "3.7.2.9", - "3.7.4.10", - "3.7.6.9", - "3.7.7.9", - "4.2.1.1.22" - ], - "CCC": [ - "CCC.KeyMgmt.CN01.AR01", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR02", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.ObjStor.CN05.AR04", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Foundational-Security-Best-Practices": [ - "KMS.3" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.9.2", - "2.10.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Ensure there is no customer keys scheduled for deletion.", - "title": "AWS KMS keys should not be deleted unintentionally", - "types": [ - "Data Deletion Protection" - ], - "uid": "prowler-aws-kms_cmk_not_deleted_unintentionally-211203495394-eu-west-1-737fb7a4-e9f8-4ab4-87a8-aac87372f1c4" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "737fb7a4-e9f8-4ab4-87a8-aac87372f1c4", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/737fb7a4-e9f8-4ab4-87a8-aac87372f1c4", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Id": "key-default-1", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [] - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "737fb7a4-e9f8-4ab4-87a8-aac87372f1c4", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/737fb7a4-e9f8-4ab4-87a8-aac87372f1c4" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Cancel the deletion before the end of the period unless you really want to delete that CMK, as it will no longer be usable.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html#deleting-keys-scheduling-key-deletion-console" - ] - }, - "risk_details": "KMS keys cannot be recovered once deleted, also, all the data under a KMS key is also permanently unrecoverable if the KMS key is deleted.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 7becded9-6105-409d-9ddc-1ec9ad37781a is scheduled for deletion, revert it if it was unintentionally.", - "metadata": { - "event_code": "kms_cmk_not_deleted_unintentionally", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "FAIL", - "status_detail": "KMS CMK 7becded9-6105-409d-9ddc-1ec9ad37781a is scheduled for deletion, revert it if it was unintentionally.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "AM-07.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-16.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.9.2", - "2.10.1" - ], - "PCI-4.0": [ - "3.5.1.1.9", - "3.5.1.3.17", - "3.6.1.2.9", - "3.6.1.3.9", - "3.6.1.4.9", - "3.6.1.9", - "3.7.1.10", - "3.7.2.9", - "3.7.4.10", - "3.7.6.9", - "3.7.7.9", - "4.2.1.1.22" - ], - "CCC": [ - "CCC.KeyMgmt.CN01.AR01", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR02", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.ObjStor.CN05.AR04", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Foundational-Security-Best-Practices": [ - "KMS.3" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.9.2", - "2.10.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Ensure there is no customer keys scheduled for deletion.", - "title": "AWS KMS keys should not be deleted unintentionally", - "types": [ - "Data Deletion Protection" - ], - "uid": "prowler-aws-kms_cmk_not_deleted_unintentionally-211203495394-eu-west-1-7becded9-6105-409d-9ddc-1ec9ad37781a" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "7becded9-6105-409d-9ddc-1ec9ad37781a", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/7becded9-6105-409d-9ddc-1ec9ad37781a", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "Default", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [ - { - "TagKey": "Example", - "TagValue": "ex-rds" - }, - { - "TagKey": "GithubOrg", - "TagValue": "terraform-aws-modules" - }, - { - "TagKey": "GithubRepo", - "TagValue": "terraform-aws-rds-aurora" - } - ] - } - }, - "group": { - "name": "kms" - }, - "labels": [ - "TagKey:GithubRepo", - "TagValue:terraform-aws-rds-aurora" - ], - "name": "7becded9-6105-409d-9ddc-1ec9ad37781a", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/7becded9-6105-409d-9ddc-1ec9ad37781a" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Cancel the deletion before the end of the period unless you really want to delete that CMK, as it will no longer be usable.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html#deleting-keys-scheduling-key-deletion-console" - ] - }, - "risk_details": "KMS keys cannot be recovered once deleted, also, all the data under a KMS key is also permanently unrecoverable if the KMS key is deleted.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 84910ea5-e87b-4175-a70d-317307443c9b is scheduled for deletion, revert it if it was unintentionally.", - "metadata": { - "event_code": "kms_cmk_not_deleted_unintentionally", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "FAIL", - "status_detail": "KMS CMK 84910ea5-e87b-4175-a70d-317307443c9b is scheduled for deletion, revert it if it was unintentionally.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "AM-07.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-16.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.9.2", - "2.10.1" - ], - "PCI-4.0": [ - "3.5.1.1.9", - "3.5.1.3.17", - "3.6.1.2.9", - "3.6.1.3.9", - "3.6.1.4.9", - "3.6.1.9", - "3.7.1.10", - "3.7.2.9", - "3.7.4.10", - "3.7.6.9", - "3.7.7.9", - "4.2.1.1.22" - ], - "CCC": [ - "CCC.KeyMgmt.CN01.AR01", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR02", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.ObjStor.CN05.AR04", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Foundational-Security-Best-Practices": [ - "KMS.3" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.9.2", - "2.10.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Ensure there is no customer keys scheduled for deletion.", - "title": "AWS KMS keys should not be deleted unintentionally", - "types": [ - "Data Deletion Protection" - ], - "uid": "prowler-aws-kms_cmk_not_deleted_unintentionally-211203495394-eu-west-1-84910ea5-e87b-4175-a70d-317307443c9b" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "84910ea5-e87b-4175-a70d-317307443c9b", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/84910ea5-e87b-4175-a70d-317307443c9b", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Id": "key-default-1", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [] - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "84910ea5-e87b-4175-a70d-317307443c9b", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/84910ea5-e87b-4175-a70d-317307443c9b" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Cancel the deletion before the end of the period unless you really want to delete that CMK, as it will no longer be usable.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html#deleting-keys-scheduling-key-deletion-console" - ] - }, - "risk_details": "KMS keys cannot be recovered once deleted, also, all the data under a KMS key is also permanently unrecoverable if the KMS key is deleted.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 8775e1db-1bd3-430a-859e-3f4c2add845f is scheduled for deletion, revert it if it was unintentionally.", - "metadata": { - "event_code": "kms_cmk_not_deleted_unintentionally", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "FAIL", - "status_detail": "KMS CMK 8775e1db-1bd3-430a-859e-3f4c2add845f is scheduled for deletion, revert it if it was unintentionally.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "AM-07.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-16.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.9.2", - "2.10.1" - ], - "PCI-4.0": [ - "3.5.1.1.9", - "3.5.1.3.17", - "3.6.1.2.9", - "3.6.1.3.9", - "3.6.1.4.9", - "3.6.1.9", - "3.7.1.10", - "3.7.2.9", - "3.7.4.10", - "3.7.6.9", - "3.7.7.9", - "4.2.1.1.22" - ], - "CCC": [ - "CCC.KeyMgmt.CN01.AR01", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR02", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.ObjStor.CN05.AR04", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Foundational-Security-Best-Practices": [ - "KMS.3" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.9.2", - "2.10.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Ensure there is no customer keys scheduled for deletion.", - "title": "AWS KMS keys should not be deleted unintentionally", - "types": [ - "Data Deletion Protection" - ], - "uid": "prowler-aws-kms_cmk_not_deleted_unintentionally-211203495394-eu-west-1-8775e1db-1bd3-430a-859e-3f4c2add845f" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "8775e1db-1bd3-430a-859e-3f4c2add845f", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/8775e1db-1bd3-430a-859e-3f4c2add845f", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Id": "key-default-1", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [] - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "8775e1db-1bd3-430a-859e-3f4c2add845f", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/8775e1db-1bd3-430a-859e-3f4c2add845f" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Cancel the deletion before the end of the period unless you really want to delete that CMK, as it will no longer be usable.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html#deleting-keys-scheduling-key-deletion-console" - ] - }, - "risk_details": "KMS keys cannot be recovered once deleted, also, all the data under a KMS key is also permanently unrecoverable if the KMS key is deleted.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 99ad2e00-15a1-4135-b8fb-dd5accf3652f is scheduled for deletion, revert it if it was unintentionally.", - "metadata": { - "event_code": "kms_cmk_not_deleted_unintentionally", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "FAIL", - "status_detail": "KMS CMK 99ad2e00-15a1-4135-b8fb-dd5accf3652f is scheduled for deletion, revert it if it was unintentionally.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "AM-07.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-16.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.9.2", - "2.10.1" - ], - "PCI-4.0": [ - "3.5.1.1.9", - "3.5.1.3.17", - "3.6.1.2.9", - "3.6.1.3.9", - "3.6.1.4.9", - "3.6.1.9", - "3.7.1.10", - "3.7.2.9", - "3.7.4.10", - "3.7.6.9", - "3.7.7.9", - "4.2.1.1.22" - ], - "CCC": [ - "CCC.KeyMgmt.CN01.AR01", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR02", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.ObjStor.CN05.AR04", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Foundational-Security-Best-Practices": [ - "KMS.3" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.9.2", - "2.10.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Ensure there is no customer keys scheduled for deletion.", - "title": "AWS KMS keys should not be deleted unintentionally", - "types": [ - "Data Deletion Protection" - ], - "uid": "prowler-aws-kms_cmk_not_deleted_unintentionally-211203495394-eu-west-1-99ad2e00-15a1-4135-b8fb-dd5accf3652f" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "99ad2e00-15a1-4135-b8fb-dd5accf3652f", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/99ad2e00-15a1-4135-b8fb-dd5accf3652f", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Id": "key-default-1", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [] - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "99ad2e00-15a1-4135-b8fb-dd5accf3652f", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/99ad2e00-15a1-4135-b8fb-dd5accf3652f" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Cancel the deletion before the end of the period unless you really want to delete that CMK, as it will no longer be usable.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html#deleting-keys-scheduling-key-deletion-console" - ] - }, - "risk_details": "KMS keys cannot be recovered once deleted, also, all the data under a KMS key is also permanently unrecoverable if the KMS key is deleted.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 9df09165-d3c4-46c5-954f-a66bcb65f64f is scheduled for deletion, revert it if it was unintentionally.", - "metadata": { - "event_code": "kms_cmk_not_deleted_unintentionally", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "FAIL", - "status_detail": "KMS CMK 9df09165-d3c4-46c5-954f-a66bcb65f64f is scheduled for deletion, revert it if it was unintentionally.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "AM-07.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-16.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.9.2", - "2.10.1" - ], - "PCI-4.0": [ - "3.5.1.1.9", - "3.5.1.3.17", - "3.6.1.2.9", - "3.6.1.3.9", - "3.6.1.4.9", - "3.6.1.9", - "3.7.1.10", - "3.7.2.9", - "3.7.4.10", - "3.7.6.9", - "3.7.7.9", - "4.2.1.1.22" - ], - "CCC": [ - "CCC.KeyMgmt.CN01.AR01", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR02", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.ObjStor.CN05.AR04", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Foundational-Security-Best-Practices": [ - "KMS.3" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.9.2", - "2.10.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Ensure there is no customer keys scheduled for deletion.", - "title": "AWS KMS keys should not be deleted unintentionally", - "types": [ - "Data Deletion Protection" - ], - "uid": "prowler-aws-kms_cmk_not_deleted_unintentionally-211203495394-eu-west-1-9df09165-d3c4-46c5-954f-a66bcb65f64f" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "9df09165-d3c4-46c5-954f-a66bcb65f64f", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/9df09165-d3c4-46c5-954f-a66bcb65f64f", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Id": "key-default-1", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [] - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "9df09165-d3c4-46c5-954f-a66bcb65f64f", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/9df09165-d3c4-46c5-954f-a66bcb65f64f" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Cancel the deletion before the end of the period unless you really want to delete that CMK, as it will no longer be usable.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html#deleting-keys-scheduling-key-deletion-console" - ] - }, - "risk_details": "KMS keys cannot be recovered once deleted, also, all the data under a KMS key is also permanently unrecoverable if the KMS key is deleted.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK b6fe9898-8d78-4d6f-aeeb-2f2083ab7552 is scheduled for deletion, revert it if it was unintentionally.", - "metadata": { - "event_code": "kms_cmk_not_deleted_unintentionally", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "FAIL", - "status_detail": "KMS CMK b6fe9898-8d78-4d6f-aeeb-2f2083ab7552 is scheduled for deletion, revert it if it was unintentionally.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "AM-07.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-16.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.9.2", - "2.10.1" - ], - "PCI-4.0": [ - "3.5.1.1.9", - "3.5.1.3.17", - "3.6.1.2.9", - "3.6.1.3.9", - "3.6.1.4.9", - "3.6.1.9", - "3.7.1.10", - "3.7.2.9", - "3.7.4.10", - "3.7.6.9", - "3.7.7.9", - "4.2.1.1.22" - ], - "CCC": [ - "CCC.KeyMgmt.CN01.AR01", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR02", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.ObjStor.CN05.AR04", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Foundational-Security-Best-Practices": [ - "KMS.3" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.9.2", - "2.10.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Ensure there is no customer keys scheduled for deletion.", - "title": "AWS KMS keys should not be deleted unintentionally", - "types": [ - "Data Deletion Protection" - ], - "uid": "prowler-aws-kms_cmk_not_deleted_unintentionally-211203495394-eu-west-1-b6fe9898-8d78-4d6f-aeeb-2f2083ab7552" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "b6fe9898-8d78-4d6f-aeeb-2f2083ab7552", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/b6fe9898-8d78-4d6f-aeeb-2f2083ab7552", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Id": "key-default-1", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [] - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "b6fe9898-8d78-4d6f-aeeb-2f2083ab7552", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/b6fe9898-8d78-4d6f-aeeb-2f2083ab7552" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Cancel the deletion before the end of the period unless you really want to delete that CMK, as it will no longer be usable.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html#deleting-keys-scheduling-key-deletion-console" - ] - }, - "risk_details": "KMS keys cannot be recovered once deleted, also, all the data under a KMS key is also permanently unrecoverable if the KMS key is deleted.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK c28e1f44-d1bb-40d8-beef-21efdcb66bb7 is scheduled for deletion, revert it if it was unintentionally.", - "metadata": { - "event_code": "kms_cmk_not_deleted_unintentionally", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "FAIL", - "status_detail": "KMS CMK c28e1f44-d1bb-40d8-beef-21efdcb66bb7 is scheduled for deletion, revert it if it was unintentionally.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "AM-07.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-16.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.9.2", - "2.10.1" - ], - "PCI-4.0": [ - "3.5.1.1.9", - "3.5.1.3.17", - "3.6.1.2.9", - "3.6.1.3.9", - "3.6.1.4.9", - "3.6.1.9", - "3.7.1.10", - "3.7.2.9", - "3.7.4.10", - "3.7.6.9", - "3.7.7.9", - "4.2.1.1.22" - ], - "CCC": [ - "CCC.KeyMgmt.CN01.AR01", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR02", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.ObjStor.CN05.AR04", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Foundational-Security-Best-Practices": [ - "KMS.3" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.9.2", - "2.10.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Ensure there is no customer keys scheduled for deletion.", - "title": "AWS KMS keys should not be deleted unintentionally", - "types": [ - "Data Deletion Protection" - ], - "uid": "prowler-aws-kms_cmk_not_deleted_unintentionally-211203495394-eu-west-1-c28e1f44-d1bb-40d8-beef-21efdcb66bb7" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "c28e1f44-d1bb-40d8-beef-21efdcb66bb7", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/c28e1f44-d1bb-40d8-beef-21efdcb66bb7", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "Default", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [ - { - "TagKey": "Example", - "TagValue": "ex-rds" - }, - { - "TagKey": "GithubOrg", - "TagValue": "terraform-aws-modules" - }, - { - "TagKey": "GithubRepo", - "TagValue": "terraform-aws-rds-aurora" - } - ] - } - }, - "group": { - "name": "kms" - }, - "labels": [ - "TagKey:GithubRepo", - "TagValue:terraform-aws-rds-aurora" - ], - "name": "c28e1f44-d1bb-40d8-beef-21efdcb66bb7", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/c28e1f44-d1bb-40d8-beef-21efdcb66bb7" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Cancel the deletion before the end of the period unless you really want to delete that CMK, as it will no longer be usable.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html#deleting-keys-scheduling-key-deletion-console" - ] - }, - "risk_details": "KMS keys cannot be recovered once deleted, also, all the data under a KMS key is also permanently unrecoverable if the KMS key is deleted.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK c45a036b-843a-48be-9621-57e49da9e4f6 is scheduled for deletion, revert it if it was unintentionally.", - "metadata": { - "event_code": "kms_cmk_not_deleted_unintentionally", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "FAIL", - "status_detail": "KMS CMK c45a036b-843a-48be-9621-57e49da9e4f6 is scheduled for deletion, revert it if it was unintentionally.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "AM-07.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-16.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.9.2", - "2.10.1" - ], - "PCI-4.0": [ - "3.5.1.1.9", - "3.5.1.3.17", - "3.6.1.2.9", - "3.6.1.3.9", - "3.6.1.4.9", - "3.6.1.9", - "3.7.1.10", - "3.7.2.9", - "3.7.4.10", - "3.7.6.9", - "3.7.7.9", - "4.2.1.1.22" - ], - "CCC": [ - "CCC.KeyMgmt.CN01.AR01", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR02", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.ObjStor.CN05.AR04", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Foundational-Security-Best-Practices": [ - "KMS.3" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.9.2", - "2.10.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Ensure there is no customer keys scheduled for deletion.", - "title": "AWS KMS keys should not be deleted unintentionally", - "types": [ - "Data Deletion Protection" - ], - "uid": "prowler-aws-kms_cmk_not_deleted_unintentionally-211203495394-eu-west-1-c45a036b-843a-48be-9621-57e49da9e4f6" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "c45a036b-843a-48be-9621-57e49da9e4f6", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/c45a036b-843a-48be-9621-57e49da9e4f6", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "Default", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [ - { - "TagKey": "Example", - "TagValue": "ex-rds" - }, - { - "TagKey": "GithubOrg", - "TagValue": "terraform-aws-modules" - }, - { - "TagKey": "GithubRepo", - "TagValue": "terraform-aws-rds-aurora" - } - ] - } - }, - "group": { - "name": "kms" - }, - "labels": [ - "TagKey:GithubRepo", - "TagValue:terraform-aws-rds-aurora" - ], - "name": "c45a036b-843a-48be-9621-57e49da9e4f6", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/c45a036b-843a-48be-9621-57e49da9e4f6" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Cancel the deletion before the end of the period unless you really want to delete that CMK, as it will no longer be usable.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html#deleting-keys-scheduling-key-deletion-console" - ] - }, - "risk_details": "KMS keys cannot be recovered once deleted, also, all the data under a KMS key is also permanently unrecoverable if the KMS key is deleted.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK cdbd7090-6c87-4e56-b755-fddf82d253ef is scheduled for deletion, revert it if it was unintentionally.", - "metadata": { - "event_code": "kms_cmk_not_deleted_unintentionally", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "FAIL", - "status_detail": "KMS CMK cdbd7090-6c87-4e56-b755-fddf82d253ef is scheduled for deletion, revert it if it was unintentionally.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "AM-07.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-16.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.9.2", - "2.10.1" - ], - "PCI-4.0": [ - "3.5.1.1.9", - "3.5.1.3.17", - "3.6.1.2.9", - "3.6.1.3.9", - "3.6.1.4.9", - "3.6.1.9", - "3.7.1.10", - "3.7.2.9", - "3.7.4.10", - "3.7.6.9", - "3.7.7.9", - "4.2.1.1.22" - ], - "CCC": [ - "CCC.KeyMgmt.CN01.AR01", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR02", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.ObjStor.CN05.AR04", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Foundational-Security-Best-Practices": [ - "KMS.3" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.9.2", - "2.10.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Ensure there is no customer keys scheduled for deletion.", - "title": "AWS KMS keys should not be deleted unintentionally", - "types": [ - "Data Deletion Protection" - ], - "uid": "prowler-aws-kms_cmk_not_deleted_unintentionally-211203495394-eu-west-1-cdbd7090-6c87-4e56-b755-fddf82d253ef" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "cdbd7090-6c87-4e56-b755-fddf82d253ef", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/cdbd7090-6c87-4e56-b755-fddf82d253ef", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Id": "key-default-1", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [] - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "cdbd7090-6c87-4e56-b755-fddf82d253ef", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/cdbd7090-6c87-4e56-b755-fddf82d253ef" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Cancel the deletion before the end of the period unless you really want to delete that CMK, as it will no longer be usable.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html#deleting-keys-scheduling-key-deletion-console" - ] - }, - "risk_details": "KMS keys cannot be recovered once deleted, also, all the data under a KMS key is also permanently unrecoverable if the KMS key is deleted.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK cf944303-41d3-401c-b296-00cbbb3d5ca4 is scheduled for deletion, revert it if it was unintentionally.", - "metadata": { - "event_code": "kms_cmk_not_deleted_unintentionally", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "FAIL", - "status_detail": "KMS CMK cf944303-41d3-401c-b296-00cbbb3d5ca4 is scheduled for deletion, revert it if it was unintentionally.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "AM-07.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-16.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.9.2", - "2.10.1" - ], - "PCI-4.0": [ - "3.5.1.1.9", - "3.5.1.3.17", - "3.6.1.2.9", - "3.6.1.3.9", - "3.6.1.4.9", - "3.6.1.9", - "3.7.1.10", - "3.7.2.9", - "3.7.4.10", - "3.7.6.9", - "3.7.7.9", - "4.2.1.1.22" - ], - "CCC": [ - "CCC.KeyMgmt.CN01.AR01", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR02", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.ObjStor.CN05.AR04", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Foundational-Security-Best-Practices": [ - "KMS.3" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.9.2", - "2.10.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Ensure there is no customer keys scheduled for deletion.", - "title": "AWS KMS keys should not be deleted unintentionally", - "types": [ - "Data Deletion Protection" - ], - "uid": "prowler-aws-kms_cmk_not_deleted_unintentionally-211203495394-eu-west-1-cf944303-41d3-401c-b296-00cbbb3d5ca4" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "cf944303-41d3-401c-b296-00cbbb3d5ca4", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/cf944303-41d3-401c-b296-00cbbb3d5ca4", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Id": "key-default-1", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [] - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "cf944303-41d3-401c-b296-00cbbb3d5ca4", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/cf944303-41d3-401c-b296-00cbbb3d5ca4" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Cancel the deletion before the end of the period unless you really want to delete that CMK, as it will no longer be usable.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html#deleting-keys-scheduling-key-deletion-console" - ] - }, - "risk_details": "KMS keys cannot be recovered once deleted, also, all the data under a KMS key is also permanently unrecoverable if the KMS key is deleted.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 939cf539-5ce7-4c5f-a055-b2eb4fe5d9be is scheduled for deletion, revert it if it was unintentionally.", - "metadata": { - "event_code": "kms_cmk_not_deleted_unintentionally", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "FAIL", - "status_detail": "KMS CMK 939cf539-5ce7-4c5f-a055-b2eb4fe5d9be is scheduled for deletion, revert it if it was unintentionally.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "AM-07.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-16.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.9.2", - "2.10.1" - ], - "PCI-4.0": [ - "3.5.1.1.9", - "3.5.1.3.17", - "3.6.1.2.9", - "3.6.1.3.9", - "3.6.1.4.9", - "3.6.1.9", - "3.7.1.10", - "3.7.2.9", - "3.7.4.10", - "3.7.6.9", - "3.7.7.9", - "4.2.1.1.22" - ], - "CCC": [ - "CCC.KeyMgmt.CN01.AR01", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR02", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.ObjStor.CN05.AR04", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Foundational-Security-Best-Practices": [ - "KMS.3" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.9.2", - "2.10.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Ensure there is no customer keys scheduled for deletion.", - "title": "AWS KMS keys should not be deleted unintentionally", - "types": [ - "Data Deletion Protection" - ], - "uid": "prowler-aws-kms_cmk_not_deleted_unintentionally-211203495394-us-east-1-939cf539-5ce7-4c5f-a055-b2eb4fe5d9be" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "id": "939cf539-5ce7-4c5f-a055-b2eb4fe5d9be", - "arn": "arn:aws:kms:us-east-1:211203495394:key/939cf539-5ce7-4c5f-a055-b2eb4fe5d9be", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - }, - { - "Sid": "Allow CloudWatch Logs", - "Effect": "Allow", - "Principal": { - "Service": "logs.us-east-1.amazonaws.com" - }, - "Action": [ - "kms:Encrypt*", - "kms:Decrypt*", - "kms:ReEncrypt*", - "kms:GenerateDataKey*", - "kms:Describe*" - ], - "Resource": "*", - "Condition": { - "ArnLike": { - "kms:EncryptionContext:aws:logs:arn": "arn:aws:logs:us-east-1:211203495394:log-group:/aws/s3/*" - } - } - }, - { - "Sid": "Allow Key Users", - "Effect": "Allow", - "Principal": { - "AWS": [ - "arn:aws:iam::211203495394:root", - "arn:aws:iam::211203495394:user/terraform-user" - ] - }, - "Action": [ - "kms:Encrypt", - "kms:Decrypt", - "kms:ReEncrypt*", - "kms:GenerateDataKey*", - "kms:DescribeKey" - ], - "Resource": "*", - "Condition": { - "ArnLike": { - "kms:EncryptionContext:aws:logs:arn": "arn:aws:logs:us-east-1:211203495394:log-group:/aws/s3/*" - } - } - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "us-east-1", - "multi_region": false, - "tags": [ - { - "TagKey": "Environment", - "TagValue": "Production" - }, - { - "TagKey": "Owner", - "TagValue": "CFI" - }, - { - "TagKey": "managed-by", - "TagValue": "terraform" - }, - { - "TagKey": "module", - "TagValue": "secure-s3" - } - ] - } - }, - "group": { - "name": "kms" - }, - "labels": [ - "TagKey:module", - "TagValue:secure-s3" - ], - "name": "939cf539-5ce7-4c5f-a055-b2eb4fe5d9be", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:us-east-1:211203495394:key/939cf539-5ce7-4c5f-a055-b2eb4fe5d9be" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Cancel the deletion before the end of the period unless you really want to delete that CMK, as it will no longer be usable.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html#deleting-keys-scheduling-key-deletion-console" - ] - }, - "risk_details": "KMS keys cannot be recovered once deleted, also, all the data under a KMS key is also permanently unrecoverable if the KMS key is deleted.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK a80c0553-bf44-472b-a141-674b2d47209b is scheduled for deletion, revert it if it was unintentionally.", - "metadata": { - "event_code": "kms_cmk_not_deleted_unintentionally", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "FAIL", - "status_detail": "KMS CMK a80c0553-bf44-472b-a141-674b2d47209b is scheduled for deletion, revert it if it was unintentionally.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "AM-07.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-16.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.9.2", - "2.10.1" - ], - "PCI-4.0": [ - "3.5.1.1.9", - "3.5.1.3.17", - "3.6.1.2.9", - "3.6.1.3.9", - "3.6.1.4.9", - "3.6.1.9", - "3.7.1.10", - "3.7.2.9", - "3.7.4.10", - "3.7.6.9", - "3.7.7.9", - "4.2.1.1.22" - ], - "CCC": [ - "CCC.KeyMgmt.CN01.AR01", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR02", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.ObjStor.CN05.AR04", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Foundational-Security-Best-Practices": [ - "KMS.3" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.9.2", - "2.10.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Ensure there is no customer keys scheduled for deletion.", - "title": "AWS KMS keys should not be deleted unintentionally", - "types": [ - "Data Deletion Protection" - ], - "uid": "prowler-aws-kms_cmk_not_deleted_unintentionally-211203495394-us-east-1-a80c0553-bf44-472b-a141-674b2d47209b" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "id": "a80c0553-bf44-472b-a141-674b2d47209b", - "arn": "arn:aws:kms:us-east-1:211203495394:key/a80c0553-bf44-472b-a141-674b2d47209b", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - }, - { - "Sid": "Allow CloudWatch Logs", - "Effect": "Allow", - "Principal": { - "Service": "logs.us-east-1.amazonaws.com" - }, - "Action": [ - "kms:Encrypt*", - "kms:Decrypt*", - "kms:ReEncrypt*", - "kms:GenerateDataKey*", - "kms:Describe*" - ], - "Resource": "*", - "Condition": { - "ArnLike": { - "kms:EncryptionContext:aws:logs:arn": "arn:aws:logs:us-east-1:211203495394:log-group:/aws/s3/*" - } - } - }, - { - "Sid": "Allow Key Users", - "Effect": "Allow", - "Principal": { - "AWS": [ - "arn:aws:iam::211203495394:root", - "arn:aws:iam::211203495394:user/terraform-user" - ] - }, - "Action": [ - "kms:Encrypt", - "kms:Decrypt", - "kms:ReEncrypt*", - "kms:GenerateDataKey*", - "kms:DescribeKey" - ], - "Resource": "*", - "Condition": { - "ArnLike": { - "kms:EncryptionContext:aws:logs:arn": "arn:aws:logs:us-east-1:211203495394:log-group:/aws/s3/*" - } - } - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "us-east-1", - "multi_region": false, - "tags": [ - { - "TagKey": "Environment", - "TagValue": "Production" - }, - { - "TagKey": "Owner", - "TagValue": "CFI" - }, - { - "TagKey": "managed-by", - "TagValue": "terraform" - }, - { - "TagKey": "module", - "TagValue": "secure-s3" - } - ] - } - }, - "group": { - "name": "kms" - }, - "labels": [ - "TagKey:module", - "TagValue:secure-s3" - ], - "name": "a80c0553-bf44-472b-a141-674b2d47209b", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:us-east-1:211203495394:key/a80c0553-bf44-472b-a141-674b2d47209b" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Cancel the deletion before the end of the period unless you really want to delete that CMK, as it will no longer be usable.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html#deleting-keys-scheduling-key-deletion-console" - ] - }, - "risk_details": "KMS keys cannot be recovered once deleted, also, all the data under a KMS key is also permanently unrecoverable if the KMS key is deleted.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK bcf39cd2-6148-425c-8c08-c140ee2c5a9f is scheduled for deletion, revert it if it was unintentionally.", - "metadata": { - "event_code": "kms_cmk_not_deleted_unintentionally", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "FAIL", - "status_detail": "KMS CMK bcf39cd2-6148-425c-8c08-c140ee2c5a9f is scheduled for deletion, revert it if it was unintentionally.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "AM-07.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-16.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.9.2", - "2.10.1" - ], - "PCI-4.0": [ - "3.5.1.1.9", - "3.5.1.3.17", - "3.6.1.2.9", - "3.6.1.3.9", - "3.6.1.4.9", - "3.6.1.9", - "3.7.1.10", - "3.7.2.9", - "3.7.4.10", - "3.7.6.9", - "3.7.7.9", - "4.2.1.1.22" - ], - "CCC": [ - "CCC.KeyMgmt.CN01.AR01", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR02", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.ObjStor.CN05.AR04", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Foundational-Security-Best-Practices": [ - "KMS.3" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.9.2", - "2.10.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Ensure there is no customer keys scheduled for deletion.", - "title": "AWS KMS keys should not be deleted unintentionally", - "types": [ - "Data Deletion Protection" - ], - "uid": "prowler-aws-kms_cmk_not_deleted_unintentionally-211203495394-us-east-1-bcf39cd2-6148-425c-8c08-c140ee2c5a9f" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "id": "bcf39cd2-6148-425c-8c08-c140ee2c5a9f", - "arn": "arn:aws:kms:us-east-1:211203495394:key/bcf39cd2-6148-425c-8c08-c140ee2c5a9f", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - }, - { - "Sid": "Allow CloudWatch Logs", - "Effect": "Allow", - "Principal": { - "Service": "logs.us-east-1.amazonaws.com" - }, - "Action": [ - "kms:Encrypt*", - "kms:Decrypt*", - "kms:ReEncrypt*", - "kms:GenerateDataKey*", - "kms:Describe*" - ], - "Resource": "*", - "Condition": { - "ArnLike": { - "kms:EncryptionContext:aws:logs:arn": "arn:aws:logs:us-east-1:211203495394:log-group:/aws/s3/*" - } - } - }, - { - "Sid": "Allow Key Users", - "Effect": "Allow", - "Principal": { - "AWS": [ - "arn:aws:iam::211203495394:root", - "arn:aws:iam::211203495394:user/terraform-user" - ] - }, - "Action": [ - "kms:Encrypt", - "kms:Decrypt", - "kms:ReEncrypt*", - "kms:GenerateDataKey*", - "kms:DescribeKey" - ], - "Resource": "*", - "Condition": { - "ArnLike": { - "kms:EncryptionContext:aws:logs:arn": "arn:aws:logs:us-east-1:211203495394:log-group:/aws/s3/*" - } - } - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "us-east-1", - "multi_region": false, - "tags": [ - { - "TagKey": "Environment", - "TagValue": "Production" - }, - { - "TagKey": "Owner", - "TagValue": "CFI" - }, - { - "TagKey": "managed-by", - "TagValue": "terraform" - }, - { - "TagKey": "module", - "TagValue": "secure-s3" - } - ] - } - }, - "group": { - "name": "kms" - }, - "labels": [ - "TagKey:module", - "TagValue:secure-s3" - ], - "name": "bcf39cd2-6148-425c-8c08-c140ee2c5a9f", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:us-east-1:211203495394:key/bcf39cd2-6148-425c-8c08-c140ee2c5a9f" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Cancel the deletion before the end of the period unless you really want to delete that CMK, as it will no longer be usable.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html#deleting-keys-scheduling-key-deletion-console" - ] - }, - "risk_details": "KMS keys cannot be recovered once deleted, also, all the data under a KMS key is also permanently unrecoverable if the KMS key is deleted.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "AWS Organizations is not in-use for this AWS Account.", - "metadata": { - "event_code": "organizations_account_part_of_organizations", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "AWS Organizations is not in-use for this AWS Account.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "RBI-Cyber-Security-Framework": [ - "annex_i_1_1" - ], - "ENS-RD2022": [ - "op.acc.4.aws.iam.1", - "op.acc.4.aws.iam.8" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2" - ], - "PCI-4.0": [ - "7.2.1.1", - "7.2.2.1", - "7.2.5.1", - "7.3.1.1", - "7.3.2.1", - "7.3.3.1", - "8.2.7.1", - "8.2.8.1", - "8.3.4.1" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC01-BP01", - "SEC03-BP05", - "SEC08-BP04" - ], - "ISO27001-2022": [ - "A.8.3" - ], - "KISA-ISMS-P-2023": [ - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1078", - "T1087", - "T1580", - "T1538" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Ensure that AWS Organizations service is currently in use.", - "title": "Check if account is part of an AWS Organizations", - "types": [ - "Logging and Monitoring" - ], - "uid": "prowler-aws-organizations_account_part_of_organizations-211203495394-us-east-1-unknown" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:organizations::211203495394:unknown", - "id": "unknown", - "status": "NOT_AVAILABLE", - "master_id": "", - "policies": {}, - "delegated_administrators": null - } - }, - "group": { - "name": "organizations" - }, - "labels": [], - "name": "unknown", - "type": "Other", - "uid": "arn:aws:organizations::211203495394:unknown" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Create or Join an AWS Organization", - "references": [ - "https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_org_create.html" - ] - }, - "risk_details": "The risk associated with not being part of an AWS Organizations is that it can lead to a lack of centralized management and control over the AWS accounts in an organization. This can make it difficult to enforce security policies consistently across all accounts, and can also result in increased costs due to inefficiencies in resource usage. Additionally, not being part of an AWS Organizations can make it harder to track and manage account usage and access.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "AWS Organizations is not in-use for this AWS Account.", - "metadata": { - "event_code": "organizations_opt_out_ai_services_policy", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "AWS Organizations is not in-use for this AWS Account.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_ai-opt-out_all.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "KISA-ISMS-P-2023-korean": [ - "2.10.2" - ], - "KISA-ISMS-P-2023": [ - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "This control checks whether the AWS Organizations opt-out of AI services policy is enabled and whether child-accounts are disallowed to overwrite this policy. The control fails if the policy is not enabled or if child-accounts are not disallowed to overwrite this policy.", - "title": "Ensure that AWS Organizations opt-out of AI services policy is enabled and disallow child-accounts to overwrite this policy.", - "types": [], - "uid": "prowler-aws-organizations_opt_out_ai_services_policy-211203495394-us-east-1-unknown" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:organizations::211203495394:unknown", - "id": "unknown", - "status": "NOT_AVAILABLE", - "master_id": "", - "policies": {}, - "delegated_administrators": null - } - }, - "group": { - "name": "organizations" - }, - "labels": [], - "name": "unknown", - "type": "Other", - "uid": "arn:aws:organizations::211203495394:unknown" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Artificial Intelligence (AI) services opt-out policies enable you to control whether AWS AI services can store and use your content. Enable the AWS Organizations opt-out of AI services policy and disallow child-accounts to overwrite this policy.", - "references": [ - "https://docs.aws.amazon.com/organizations/latest/userguide/disable-policy-type.html" - ] - }, - "risk_details": "By default, AWS may be using your data to train its AI models. This may include data from your AWS CloudTrail logs, AWS Config rules, and AWS GuardDuty findings. If you opt out of AI services, AWS will not use your data to train its AI models.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "AWS Organizations is not in-use for this AWS Account.", - "metadata": { - "event_code": "organizations_scp_check_deny_regions", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "AWS Organizations is not in-use for this AWS Account.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "PSS-12.02AC" - ], - "ENS-RD2022": [ - "op.acc.4.aws.iam.1", - "op.acc.4.aws.iam.8" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2" - ], - "CCC": [ - "CCC.Core.CN06.AR01", - "CCC.Core.CN06.AR02" - ], - "AWS-Account-Security-Onboarding": [ - "Block unused regions" - ], - "KISA-ISMS-P-2023": [ - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1078", - "T1535" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "As best practice, AWS Regions should be restricted and only allow the ones that are needed.", - "title": "Check if AWS Regions are restricted with SCP policies", - "types": [ - "Logging and Monitoring" - ], - "uid": "prowler-aws-organizations_scp_check_deny_regions-211203495394-us-east-1-unknown" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:organizations::211203495394:unknown", - "id": "unknown", - "status": "NOT_AVAILABLE", - "master_id": "", - "policies": {}, - "delegated_administrators": null - } - }, - "group": { - "name": "organizations" - }, - "labels": [], - "name": "unknown", - "type": "Other", - "uid": "arn:aws:organizations::211203495394:unknown" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Restrict AWS Regions using SCP policies.", - "references": [ - "https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scps_examples_general.html#example-scp-deny-region" - ] - }, - "risk_details": "The risk associated with not restricting AWS Regions with Service Control Policies (SCPs) is that it can lead to unauthorized access or use of resources in regions that are not intended for use. This can result in increased costs due to inefficiencies in resource usage and can also expose sensitive data to unauthorized access or breaches. By restricting access to AWS Regions with SCP policies, organizations can help ensure that only authorized personnel have access to the resources they need, while minimizing the risk of security breaches and compliance violations.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "AWS Organizations is not in-use for this AWS Account.", - "metadata": { - "event_code": "organizations_tags_policies_enabled_and_attached", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "AWS Organizations is not in-use for this AWS Account.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "AM-09.01B" - ], - "ENS-RD2022": [ - "op.exp.1.aws.sys.2", - "op.exp.1.aws.tag.1", - "op.exp.10.aws.tag.1", - "mp.info.6.aws.tag.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.1.3" - ], - "ISO27001-2022": [ - "A.5.13" - ], - "KISA-ISMS-P-2023": [ - "2.1.3" - ], - "NIS2": [ - "11.5.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Check if an AWS Organization has tags policies enabled and attached.", - "title": "Check if an AWS Organization has tags policies enabled and attached.", - "types": [], - "uid": "prowler-aws-organizations_tags_policies_enabled_and_attached-211203495394-us-east-1-unknown" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:organizations::211203495394:unknown", - "id": "unknown", - "status": "NOT_AVAILABLE", - "master_id": "", - "policies": {}, - "delegated_administrators": null - } - }, - "group": { - "name": "organizations" - }, - "labels": [], - "name": "unknown", - "type": "Other", - "uid": "arn:aws:organizations::211203495394:unknown" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Enable and attach AWS Organizations tags policies.", - "references": [ - "https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies.html" - ] - }, - "risk_details": "If an AWS Organization tags policies are not enabled and attached, it is not possible to enforce tags on AWS resources.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No Resource Explorer Indexes found.", - "metadata": { - "event_code": "resourceexplorer2_indexes_found", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "No Resource Explorer Indexes found.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.exp.1.aws.re.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.2" - ], - "KISA-ISMS-P-2023": [ - "2.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Resource Explorer Indexes Found", - "title": "Resource Explorer Indexes Found", - "types": [], - "uid": "prowler-aws-resourceexplorer2_indexes_found-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "resourceexplorer2" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:resource-explorer:us-east-1:211203495394:index" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Create indexes", - "references": [ - "https://docs.aws.amazon.com/resource-explorer/latest/userguide/manage-service-turn-on-region.html" - ] - }, - "risk_details": "Not having Resource Explorer indexes can result in increased complexity and overhead in managing your resources, as well as increased risk of security and compliance issues.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No SSM Incidents replication set exists.", - "metadata": { - "event_code": "ssmincidents_enabled_with_plans", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "No SSM Incidents replication set exists.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/incident-manager/latest/userguide/response-plans.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-03.02B", - "OIS-03.05B", - "OIS-03.06B", - "OIS-05.03B", - "OIS-08.01B", - "OIS-08.09B", - "OPS-13.02B", - "OPS-13.03AC", - "OPS-22.08B", - "DEV-15.01B", - "SIM-01.02AC", - "SIM-02.01B", - "SIM-03.01B", - "SIM-03.04B", - "SIM-04.01B", - "SIM-06.01B", - "BCM-01.05B" - ], - "ENS-RD2022": [ - "op.exp.9.aws.img.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2", - "2.11.1" - ], - "KISA-ISMS-P-2023": [ - "2.10.2", - "2.11.1" - ], - "NIS2": [ - "2.1.1", - "2.1.2.a", - "2.1.2.i", - "3.1.1", - "3.1.2.a", - "3.1.2.c", - "3.1.2.d", - "3.5.1", - "3.6.1", - "3.6.2", - "3.6.3", - "4.3.1", - "5.1.7.b", - "12.1.2.c", - "12.2.2.b" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Ensure SSM Incidents is enabled with response plans.", - "title": "Ensure SSM Incidents is enabled with response plans.", - "types": [], - "uid": "prowler-aws-ssmincidents_enabled_with_plans-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "ssmincidents" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:ssm-incidents:us-east-1:211203495394:replication-set" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Enable SSM Incidents and create response plans", - "references": [ - "https://docs.aws.amazon.com/incident-manager/latest/userguide/response-plans.html" - ] - }, - "risk_details": "Not having SSM Incidents enabled can increase the risk of delayed detection and response to security incidents, unauthorized access, limited visibility into incidents and vulnerabilities", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Amazon Web Services Premium Support Subscription is required to use this service.", - "metadata": { - "event_code": "trustedadvisor_errors_and_warnings", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "MANUAL", - "status_detail": "Amazon Web Services Premium Support Subscription is required to use this service.", - "status_id": 1, - "unmapped": { - "related_url": "https://aws.amazon.com/premiumsupport/technology/trusted-advisor/best-practice-checklist/", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "KISA-ISMS-P-2023-korean": [ - "2.10.1", - "2.10.2", - "2.11.3" - ], - "KISA-ISMS-P-2023": [ - "2.10.1", - "2.10.2", - "2.11.3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Check Trusted Advisor for errors and warnings.", - "title": "Check Trusted Advisor for errors and warnings.", - "types": [], - "uid": "prowler-aws-trustedadvisor_errors_and_warnings-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "trustedadvisor" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:trusted-advisor:us-east-1:211203495394:account" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Review and act upon its recommendations.", - "references": [ - "https://aws.amazon.com/premiumsupport/technology/trusted-advisor/best-practice-checklist/" - ] - }, - "risk_details": "Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Amazon Web Services Premium Support Plan isn't subscribed.", - "metadata": { - "event_code": "trustedadvisor_premium_support_plan_subscribed", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "Amazon Web Services Premium Support Plan isn't subscribed.", - "status_id": 1, - "unmapped": { - "related_url": "https://aws.amazon.com/premiumsupport/plans/", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "SSO-05.06B" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Check if a Premium support plan is subscribed.", - "title": "Check if a Premium support plan is subscribed", - "types": [], - "uid": "prowler-aws-trustedadvisor_premium_support_plan_subscribed-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "enabled": false - } - }, - "group": { - "name": "trustedadvisor" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:trusted-advisor:us-east-1:211203495394:account" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "It is recommended that you subscribe to the AWS Business Support tier or higher for all of your AWS production accounts. If you don't have premium support, you must have an action plan to handle issues which require help from AWS Support. AWS Support provides a mix of tools and technology, people, and programs designed to proactively help you optimize performance, lower costs, and innovate faster.", - "references": [ - "https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/Support/support-plan.html" - ] - }, - "risk_details": "Ensure that the appropriate support level is enabled for the necessary AWS accounts. For example, if an AWS account is being used to host production systems and environments, it is highly recommended that the minimum AWS Support Plan should be Business.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "VPC Endpoint Service vpce-svc-02e288a4c6043110f has no allowed principals.", - "metadata": { - "event_code": "vpc_endpoint_services_allowed_principals_trust_boundaries", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "VPC Endpoint Service vpce-svc-02e288a4c6043110f has no allowed principals.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "trustboundaries" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "AWS-Foundational-Technical-Review": [ - "NETSEC-002" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.10.2" - ], - "CCC": [ - "CCC.LB.CN09.AR01", - "CCC.Core.CN06.AR01", - "CCC.Core.CN06.AR02", - "CCC.Core.CN10.AR01", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP01" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.10.2" - ], - "NIS2": [ - "6.8.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Find trust boundaries in VPC endpoint services allowlisted principles.", - "title": "Find trust boundaries in VPC endpoint services allowlisted principles.", - "types": [ - "Infrastructure Security" - ], - "uid": "prowler-aws-vpc_endpoint_services_allowed_principals_trust_boundaries-211203495394-us-east-1-vpce-svc-02e288a4c6043110f" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:ec2:us-east-1:211203495394:vpc-endpoint-service/vpce-svc-02e288a4c6043110f", - "id": "vpce-svc-02e288a4c6043110f", - "service": "io.spotinst.vpce.us-east-1.privatelink-api", - "owner_id": "aws-marketplace", - "allowed_principals": [], - "region": "us-east-1", - "tags": [] - } - }, - "group": { - "name": "vpc" - }, - "labels": [], - "name": "vpce-svc-02e288a4c6043110f", - "type": "AwsEc2VpcEndpointService", - "uid": "arn:aws:ec2:us-east-1:211203495394:vpc-endpoint-service/vpce-svc-02e288a4c6043110f" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "In multi Account environments identify untrusted links. Check trust chaining and dependencies between accounts.", - "references": [ - "https://docs.aws.amazon.com/vpc/latest/privatelink/vpc-endpoints-access.html" - ] - }, - "risk_details": "Account VPC could be linked to other accounts.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "VPC Endpoint Service vpce-svc-028691921eaeee579 has no allowed principals.", - "metadata": { - "event_code": "vpc_endpoint_services_allowed_principals_trust_boundaries", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "VPC Endpoint Service vpce-svc-028691921eaeee579 has no allowed principals.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "trustboundaries" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "AWS-Foundational-Technical-Review": [ - "NETSEC-002" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.10.2" - ], - "CCC": [ - "CCC.LB.CN09.AR01", - "CCC.Core.CN06.AR01", - "CCC.Core.CN06.AR02", - "CCC.Core.CN10.AR01", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP01" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.10.2" - ], - "NIS2": [ - "6.8.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760892916, - "created_time_dt": "2025-10-19T16:55:16.855761", - "desc": "Find trust boundaries in VPC endpoint services allowlisted principles.", - "title": "Find trust boundaries in VPC endpoint services allowlisted principles.", - "types": [ - "Infrastructure Security" - ], - "uid": "prowler-aws-vpc_endpoint_services_allowed_principals_trust_boundaries-211203495394-us-west-2-vpce-svc-028691921eaeee579" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-west-2", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:ec2:us-west-2:211203495394:vpc-endpoint-service/vpce-svc-028691921eaeee579", - "id": "vpce-svc-028691921eaeee579", - "service": "io.spotinst.vpce.us-west-2.privatelink-api", - "owner_id": "aws-marketplace", - "allowed_principals": [], - "region": "us-west-2", - "tags": [] - } - }, - "group": { - "name": "vpc" - }, - "labels": [], - "name": "vpce-svc-028691921eaeee579", - "type": "AwsEc2VpcEndpointService", - "uid": "arn:aws:ec2:us-west-2:211203495394:vpc-endpoint-service/vpce-svc-028691921eaeee579" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-west-2" - }, - "remediation": { - "desc": "In multi Account environments identify untrusted links. Check trust chaining and dependencies between accounts.", - "references": [ - "https://docs.aws.amazon.com/vpc/latest/privatelink/vpc-endpoints-access.html" - ] - }, - "risk_details": "Account VPC could be linked to other accounts.", - "time": 1760892916, - "time_dt": "2025-10-19T16:55:16.855761", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - } -] diff --git a/website/src/data/test-results/finos-labs-ccc-cfi-compliance/aws-bedrock/results/aws-bedrock-combined.ocsf.json b/website/src/data/test-results/finos-labs-ccc-cfi-compliance/aws-bedrock/results/aws-bedrock-combined.ocsf.json deleted file mode 100644 index b8a0f074..00000000 --- a/website/src/data/test-results/finos-labs-ccc-cfi-compliance/aws-bedrock/results/aws-bedrock-combined.ocsf.json +++ /dev/null @@ -1,76 +0,0 @@ -[ - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1760893790, - "created_time_dt": "2025-10-19T17:09:50Z", - "desc": "Compliance test scenario: Cleanup", - "title": "Cleanup", - "types": [], - "uid": "ccc-test-487-1760893790" - }, - "message": "Cleanup", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Destructive", - "uid": "CCC-Destructive", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "arn:aws:s3:us-east-1:211203495394:storage-lens/default-account-dashboard", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "s3" - } - }, - "group": { - "name": "s3" - }, - "labels": [ - "{\"Preexisting\": \"20251012\"}" - ], - "name": "arn:aws:s3:us-east-1:211203495394:storage-lens/default-account-dashboard", - "region": "us-east-1", - "type": "s3", - "uid": "arn:aws:s3:us-east-1:211203495394:storage-lens/default-account-dashboard" - } - ], - "severity": "Informational", - "severity_id": 1, - "status": "New", - "status_code": "PASS", - "status_detail": "βœ“ a cloud api for \"{Provider}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" with parameter \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" with parameter \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ I call \"{storage}\" with \"CreateBucket\" with parameter \"test-bucket-obj-write\"\nβœ“ I refer to \"{result}\" as \"bucket\"\nβœ“ I call \"{storage}\" with \"DeleteBucket\" with parameter \"{bucket.ID}\"\nβœ“ I call \"{iamService}\" with \"DestroyUser\" with parameter \"{testUserTrusted}\"\nβœ“ I call \"{iamService}\" with \"DestroyUser\" with parameter \"{testUserUntrusted}\"", - "status_id": 1, - "time": 1760893790, - "time_dt": "2025-10-19T17:09:50Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.ObjStor.C01.TR04" - ] - } - } - } -] \ No newline at end of file diff --git a/website/src/data/test-results/finos-labs-ccc-cfi-compliance/aws-bedrock/results/aws-bedrock-complete.ocsf.json b/website/src/data/test-results/finos-labs-ccc-cfi-compliance/aws-bedrock/results/aws-bedrock-complete.ocsf.json deleted file mode 100644 index 561a6060..00000000 --- a/website/src/data/test-results/finos-labs-ccc-cfi-compliance/aws-bedrock/results/aws-bedrock-complete.ocsf.json +++ /dev/null @@ -1,50302 +0,0 @@ -[ - { - "message": "IAM Access Analyzer in account 211203495394 is not enabled.", - "metadata": { - "event_code": "accessanalyzer_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "IAM Access Analyzer in account 211203495394 is not enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "identity-access", - "trust-boundaries" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-manage-external.html", - "https://aws.amazon.com/iam/access-analyzer/", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/API_CreateAnalyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-external.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/Welcome.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-internal.html" - ], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-01.04B", - "IAM-06.01AC", - "IAM-10.01B", - "IAM-10.02B", - "INQ-04.01AC", - "PSS-08.03B", - "PSS-09.01AC" - ], - "CIS-3.0": [ - "1.20" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.20" - ], - "CIS-5.0": [ - "1.19" - ], - "CIS-1.4": [ - "1.20" - ], - "CCC": [ - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN05.AR04" - ], - "ProwlerThreatScore-1.0": [ - "1.2.6" - ], - "CIS-1.5": [ - "1.20" - ], - "ISO27001-2022": [ - "A.8.3" - ], - "AWS-Account-Security-Onboarding": [ - "Enabled security services", - "Create analyzers in each active regions", - "Verify that events are present in SecurityHub aggregated view" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-2.0": [ - "1.20" - ], - "NIS2": [ - "3.2.3.e", - "11.1.1", - "11.2.1", - "11.2.2.e" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "**IAM Access Analyzer** presence and status are evaluated per account and Region. An analyzer in `ACTIVE` state indicates continuous analysis of supported resources and IAM activity to identify external, internal, and unused access.", - "title": "IAM Access Analyzer is enabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices" - ], - "uid": "prowler-aws-accessanalyzer_enabled-211203495394-ap-northeast-1-analyzer/unknown" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-northeast-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:accessanalyzer:ap-northeast-1:211203495394:analyzer/unknown", - "name": "analyzer/unknown", - "status": "NOT_AVAILABLE", - "findings": [], - "tags": [], - "type": "", - "region": "ap-northeast-1" - } - }, - "group": { - "name": "accessanalyzer" - }, - "labels": [], - "name": "analyzer/unknown", - "type": "Other", - "uid": "arn:aws:accessanalyzer:ap-northeast-1:211203495394:analyzer/unknown" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-northeast-1" - }, - "remediation": { - "desc": "Enable **IAM Access Analyzer** across all accounts and active Regions (*or organization-wide*). Operate on least privilege: continuously review findings, remove unintended access, and trim unused permissions. Use archive rules sparingly, integrate reviews into change/CI/CD workflows, and enforce separation of duties on policy changes.", - "references": [ - "https://hub.prowler.com/check/accessanalyzer_enabled" - ] - }, - "risk_details": "Without an active analyzer, visibility into unintended public, cross-account, or risky internal access is lost. Adversaries can exploit exposed S3, snapshots, KMS keys, or permissive role trusts for data exfiltration and escalation. Unused permissions persist, enlarging the attack surface. This degrades confidentiality and integrity.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "IAM Access Analyzer in account 211203495394 is not enabled.", - "metadata": { - "event_code": "accessanalyzer_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "IAM Access Analyzer in account 211203495394 is not enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "identity-access", - "trust-boundaries" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-manage-external.html", - "https://aws.amazon.com/iam/access-analyzer/", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/API_CreateAnalyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-external.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/Welcome.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-internal.html" - ], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-01.04B", - "IAM-06.01AC", - "IAM-10.01B", - "IAM-10.02B", - "INQ-04.01AC", - "PSS-08.03B", - "PSS-09.01AC" - ], - "CIS-3.0": [ - "1.20" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.20" - ], - "CIS-5.0": [ - "1.19" - ], - "CIS-1.4": [ - "1.20" - ], - "CCC": [ - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN05.AR04" - ], - "ProwlerThreatScore-1.0": [ - "1.2.6" - ], - "CIS-1.5": [ - "1.20" - ], - "ISO27001-2022": [ - "A.8.3" - ], - "AWS-Account-Security-Onboarding": [ - "Enabled security services", - "Create analyzers in each active regions", - "Verify that events are present in SecurityHub aggregated view" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-2.0": [ - "1.20" - ], - "NIS2": [ - "3.2.3.e", - "11.1.1", - "11.2.1", - "11.2.2.e" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "**IAM Access Analyzer** presence and status are evaluated per account and Region. An analyzer in `ACTIVE` state indicates continuous analysis of supported resources and IAM activity to identify external, internal, and unused access.", - "title": "IAM Access Analyzer is enabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices" - ], - "uid": "prowler-aws-accessanalyzer_enabled-211203495394-ap-northeast-2-analyzer/unknown" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-northeast-2", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:accessanalyzer:ap-northeast-2:211203495394:analyzer/unknown", - "name": "analyzer/unknown", - "status": "NOT_AVAILABLE", - "findings": [], - "tags": [], - "type": "", - "region": "ap-northeast-2" - } - }, - "group": { - "name": "accessanalyzer" - }, - "labels": [], - "name": "analyzer/unknown", - "type": "Other", - "uid": "arn:aws:accessanalyzer:ap-northeast-2:211203495394:analyzer/unknown" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-northeast-2" - }, - "remediation": { - "desc": "Enable **IAM Access Analyzer** across all accounts and active Regions (*or organization-wide*). Operate on least privilege: continuously review findings, remove unintended access, and trim unused permissions. Use archive rules sparingly, integrate reviews into change/CI/CD workflows, and enforce separation of duties on policy changes.", - "references": [ - "https://hub.prowler.com/check/accessanalyzer_enabled" - ] - }, - "risk_details": "Without an active analyzer, visibility into unintended public, cross-account, or risky internal access is lost. Adversaries can exploit exposed S3, snapshots, KMS keys, or permissive role trusts for data exfiltration and escalation. Unused permissions persist, enlarging the attack surface. This degrades confidentiality and integrity.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "IAM Access Analyzer in account 211203495394 is not enabled.", - "metadata": { - "event_code": "accessanalyzer_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "IAM Access Analyzer in account 211203495394 is not enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "identity-access", - "trust-boundaries" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-manage-external.html", - "https://aws.amazon.com/iam/access-analyzer/", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/API_CreateAnalyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-external.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/Welcome.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-internal.html" - ], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-01.04B", - "IAM-06.01AC", - "IAM-10.01B", - "IAM-10.02B", - "INQ-04.01AC", - "PSS-08.03B", - "PSS-09.01AC" - ], - "CIS-3.0": [ - "1.20" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.20" - ], - "CIS-5.0": [ - "1.19" - ], - "CIS-1.4": [ - "1.20" - ], - "CCC": [ - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN05.AR04" - ], - "ProwlerThreatScore-1.0": [ - "1.2.6" - ], - "CIS-1.5": [ - "1.20" - ], - "ISO27001-2022": [ - "A.8.3" - ], - "AWS-Account-Security-Onboarding": [ - "Enabled security services", - "Create analyzers in each active regions", - "Verify that events are present in SecurityHub aggregated view" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-2.0": [ - "1.20" - ], - "NIS2": [ - "3.2.3.e", - "11.1.1", - "11.2.1", - "11.2.2.e" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "**IAM Access Analyzer** presence and status are evaluated per account and Region. An analyzer in `ACTIVE` state indicates continuous analysis of supported resources and IAM activity to identify external, internal, and unused access.", - "title": "IAM Access Analyzer is enabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices" - ], - "uid": "prowler-aws-accessanalyzer_enabled-211203495394-ap-northeast-3-analyzer/unknown" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-northeast-3", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:accessanalyzer:ap-northeast-3:211203495394:analyzer/unknown", - "name": "analyzer/unknown", - "status": "NOT_AVAILABLE", - "findings": [], - "tags": [], - "type": "", - "region": "ap-northeast-3" - } - }, - "group": { - "name": "accessanalyzer" - }, - "labels": [], - "name": "analyzer/unknown", - "type": "Other", - "uid": "arn:aws:accessanalyzer:ap-northeast-3:211203495394:analyzer/unknown" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-northeast-3" - }, - "remediation": { - "desc": "Enable **IAM Access Analyzer** across all accounts and active Regions (*or organization-wide*). Operate on least privilege: continuously review findings, remove unintended access, and trim unused permissions. Use archive rules sparingly, integrate reviews into change/CI/CD workflows, and enforce separation of duties on policy changes.", - "references": [ - "https://hub.prowler.com/check/accessanalyzer_enabled" - ] - }, - "risk_details": "Without an active analyzer, visibility into unintended public, cross-account, or risky internal access is lost. Adversaries can exploit exposed S3, snapshots, KMS keys, or permissive role trusts for data exfiltration and escalation. Unused permissions persist, enlarging the attack surface. This degrades confidentiality and integrity.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "IAM Access Analyzer in account 211203495394 is not enabled.", - "metadata": { - "event_code": "accessanalyzer_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "IAM Access Analyzer in account 211203495394 is not enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "identity-access", - "trust-boundaries" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-manage-external.html", - "https://aws.amazon.com/iam/access-analyzer/", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/API_CreateAnalyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-external.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/Welcome.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-internal.html" - ], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-01.04B", - "IAM-06.01AC", - "IAM-10.01B", - "IAM-10.02B", - "INQ-04.01AC", - "PSS-08.03B", - "PSS-09.01AC" - ], - "CIS-3.0": [ - "1.20" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.20" - ], - "CIS-5.0": [ - "1.19" - ], - "CIS-1.4": [ - "1.20" - ], - "CCC": [ - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN05.AR04" - ], - "ProwlerThreatScore-1.0": [ - "1.2.6" - ], - "CIS-1.5": [ - "1.20" - ], - "ISO27001-2022": [ - "A.8.3" - ], - "AWS-Account-Security-Onboarding": [ - "Enabled security services", - "Create analyzers in each active regions", - "Verify that events are present in SecurityHub aggregated view" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-2.0": [ - "1.20" - ], - "NIS2": [ - "3.2.3.e", - "11.1.1", - "11.2.1", - "11.2.2.e" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "**IAM Access Analyzer** presence and status are evaluated per account and Region. An analyzer in `ACTIVE` state indicates continuous analysis of supported resources and IAM activity to identify external, internal, and unused access.", - "title": "IAM Access Analyzer is enabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices" - ], - "uid": "prowler-aws-accessanalyzer_enabled-211203495394-ap-south-1-analyzer/unknown" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-south-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:accessanalyzer:ap-south-1:211203495394:analyzer/unknown", - "name": "analyzer/unknown", - "status": "NOT_AVAILABLE", - "findings": [], - "tags": [], - "type": "", - "region": "ap-south-1" - } - }, - "group": { - "name": "accessanalyzer" - }, - "labels": [], - "name": "analyzer/unknown", - "type": "Other", - "uid": "arn:aws:accessanalyzer:ap-south-1:211203495394:analyzer/unknown" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-south-1" - }, - "remediation": { - "desc": "Enable **IAM Access Analyzer** across all accounts and active Regions (*or organization-wide*). Operate on least privilege: continuously review findings, remove unintended access, and trim unused permissions. Use archive rules sparingly, integrate reviews into change/CI/CD workflows, and enforce separation of duties on policy changes.", - "references": [ - "https://hub.prowler.com/check/accessanalyzer_enabled" - ] - }, - "risk_details": "Without an active analyzer, visibility into unintended public, cross-account, or risky internal access is lost. Adversaries can exploit exposed S3, snapshots, KMS keys, or permissive role trusts for data exfiltration and escalation. Unused permissions persist, enlarging the attack surface. This degrades confidentiality and integrity.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "IAM Access Analyzer in account 211203495394 is not enabled.", - "metadata": { - "event_code": "accessanalyzer_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "IAM Access Analyzer in account 211203495394 is not enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "identity-access", - "trust-boundaries" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-manage-external.html", - "https://aws.amazon.com/iam/access-analyzer/", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/API_CreateAnalyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-external.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/Welcome.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-internal.html" - ], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-01.04B", - "IAM-06.01AC", - "IAM-10.01B", - "IAM-10.02B", - "INQ-04.01AC", - "PSS-08.03B", - "PSS-09.01AC" - ], - "CIS-3.0": [ - "1.20" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.20" - ], - "CIS-5.0": [ - "1.19" - ], - "CIS-1.4": [ - "1.20" - ], - "CCC": [ - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN05.AR04" - ], - "ProwlerThreatScore-1.0": [ - "1.2.6" - ], - "CIS-1.5": [ - "1.20" - ], - "ISO27001-2022": [ - "A.8.3" - ], - "AWS-Account-Security-Onboarding": [ - "Enabled security services", - "Create analyzers in each active regions", - "Verify that events are present in SecurityHub aggregated view" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-2.0": [ - "1.20" - ], - "NIS2": [ - "3.2.3.e", - "11.1.1", - "11.2.1", - "11.2.2.e" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "**IAM Access Analyzer** presence and status are evaluated per account and Region. An analyzer in `ACTIVE` state indicates continuous analysis of supported resources and IAM activity to identify external, internal, and unused access.", - "title": "IAM Access Analyzer is enabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices" - ], - "uid": "prowler-aws-accessanalyzer_enabled-211203495394-ap-southeast-1-analyzer/unknown" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-southeast-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:accessanalyzer:ap-southeast-1:211203495394:analyzer/unknown", - "name": "analyzer/unknown", - "status": "NOT_AVAILABLE", - "findings": [], - "tags": [], - "type": "", - "region": "ap-southeast-1" - } - }, - "group": { - "name": "accessanalyzer" - }, - "labels": [], - "name": "analyzer/unknown", - "type": "Other", - "uid": "arn:aws:accessanalyzer:ap-southeast-1:211203495394:analyzer/unknown" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-southeast-1" - }, - "remediation": { - "desc": "Enable **IAM Access Analyzer** across all accounts and active Regions (*or organization-wide*). Operate on least privilege: continuously review findings, remove unintended access, and trim unused permissions. Use archive rules sparingly, integrate reviews into change/CI/CD workflows, and enforce separation of duties on policy changes.", - "references": [ - "https://hub.prowler.com/check/accessanalyzer_enabled" - ] - }, - "risk_details": "Without an active analyzer, visibility into unintended public, cross-account, or risky internal access is lost. Adversaries can exploit exposed S3, snapshots, KMS keys, or permissive role trusts for data exfiltration and escalation. Unused permissions persist, enlarging the attack surface. This degrades confidentiality and integrity.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "IAM Access Analyzer in account 211203495394 is not enabled.", - "metadata": { - "event_code": "accessanalyzer_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "IAM Access Analyzer in account 211203495394 is not enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "identity-access", - "trust-boundaries" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-manage-external.html", - "https://aws.amazon.com/iam/access-analyzer/", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/API_CreateAnalyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-external.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/Welcome.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-internal.html" - ], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-01.04B", - "IAM-06.01AC", - "IAM-10.01B", - "IAM-10.02B", - "INQ-04.01AC", - "PSS-08.03B", - "PSS-09.01AC" - ], - "CIS-3.0": [ - "1.20" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.20" - ], - "CIS-5.0": [ - "1.19" - ], - "CIS-1.4": [ - "1.20" - ], - "CCC": [ - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN05.AR04" - ], - "ProwlerThreatScore-1.0": [ - "1.2.6" - ], - "CIS-1.5": [ - "1.20" - ], - "ISO27001-2022": [ - "A.8.3" - ], - "AWS-Account-Security-Onboarding": [ - "Enabled security services", - "Create analyzers in each active regions", - "Verify that events are present in SecurityHub aggregated view" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-2.0": [ - "1.20" - ], - "NIS2": [ - "3.2.3.e", - "11.1.1", - "11.2.1", - "11.2.2.e" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "**IAM Access Analyzer** presence and status are evaluated per account and Region. An analyzer in `ACTIVE` state indicates continuous analysis of supported resources and IAM activity to identify external, internal, and unused access.", - "title": "IAM Access Analyzer is enabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices" - ], - "uid": "prowler-aws-accessanalyzer_enabled-211203495394-ap-southeast-2-analyzer/unknown" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-southeast-2", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:accessanalyzer:ap-southeast-2:211203495394:analyzer/unknown", - "name": "analyzer/unknown", - "status": "NOT_AVAILABLE", - "findings": [], - "tags": [], - "type": "", - "region": "ap-southeast-2" - } - }, - "group": { - "name": "accessanalyzer" - }, - "labels": [], - "name": "analyzer/unknown", - "type": "Other", - "uid": "arn:aws:accessanalyzer:ap-southeast-2:211203495394:analyzer/unknown" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-southeast-2" - }, - "remediation": { - "desc": "Enable **IAM Access Analyzer** across all accounts and active Regions (*or organization-wide*). Operate on least privilege: continuously review findings, remove unintended access, and trim unused permissions. Use archive rules sparingly, integrate reviews into change/CI/CD workflows, and enforce separation of duties on policy changes.", - "references": [ - "https://hub.prowler.com/check/accessanalyzer_enabled" - ] - }, - "risk_details": "Without an active analyzer, visibility into unintended public, cross-account, or risky internal access is lost. Adversaries can exploit exposed S3, snapshots, KMS keys, or permissive role trusts for data exfiltration and escalation. Unused permissions persist, enlarging the attack surface. This degrades confidentiality and integrity.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "IAM Access Analyzer in account 211203495394 is not enabled.", - "metadata": { - "event_code": "accessanalyzer_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "IAM Access Analyzer in account 211203495394 is not enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "identity-access", - "trust-boundaries" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-manage-external.html", - "https://aws.amazon.com/iam/access-analyzer/", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/API_CreateAnalyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-external.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/Welcome.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-internal.html" - ], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-01.04B", - "IAM-06.01AC", - "IAM-10.01B", - "IAM-10.02B", - "INQ-04.01AC", - "PSS-08.03B", - "PSS-09.01AC" - ], - "CIS-3.0": [ - "1.20" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.20" - ], - "CIS-5.0": [ - "1.19" - ], - "CIS-1.4": [ - "1.20" - ], - "CCC": [ - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN05.AR04" - ], - "ProwlerThreatScore-1.0": [ - "1.2.6" - ], - "CIS-1.5": [ - "1.20" - ], - "ISO27001-2022": [ - "A.8.3" - ], - "AWS-Account-Security-Onboarding": [ - "Enabled security services", - "Create analyzers in each active regions", - "Verify that events are present in SecurityHub aggregated view" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-2.0": [ - "1.20" - ], - "NIS2": [ - "3.2.3.e", - "11.1.1", - "11.2.1", - "11.2.2.e" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "**IAM Access Analyzer** presence and status are evaluated per account and Region. An analyzer in `ACTIVE` state indicates continuous analysis of supported resources and IAM activity to identify external, internal, and unused access.", - "title": "IAM Access Analyzer is enabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices" - ], - "uid": "prowler-aws-accessanalyzer_enabled-211203495394-ca-central-1-analyzer/unknown" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ca-central-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:accessanalyzer:ca-central-1:211203495394:analyzer/unknown", - "name": "analyzer/unknown", - "status": "NOT_AVAILABLE", - "findings": [], - "tags": [], - "type": "", - "region": "ca-central-1" - } - }, - "group": { - "name": "accessanalyzer" - }, - "labels": [], - "name": "analyzer/unknown", - "type": "Other", - "uid": "arn:aws:accessanalyzer:ca-central-1:211203495394:analyzer/unknown" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ca-central-1" - }, - "remediation": { - "desc": "Enable **IAM Access Analyzer** across all accounts and active Regions (*or organization-wide*). Operate on least privilege: continuously review findings, remove unintended access, and trim unused permissions. Use archive rules sparingly, integrate reviews into change/CI/CD workflows, and enforce separation of duties on policy changes.", - "references": [ - "https://hub.prowler.com/check/accessanalyzer_enabled" - ] - }, - "risk_details": "Without an active analyzer, visibility into unintended public, cross-account, or risky internal access is lost. Adversaries can exploit exposed S3, snapshots, KMS keys, or permissive role trusts for data exfiltration and escalation. Unused permissions persist, enlarging the attack surface. This degrades confidentiality and integrity.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "IAM Access Analyzer in account 211203495394 is not enabled.", - "metadata": { - "event_code": "accessanalyzer_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "IAM Access Analyzer in account 211203495394 is not enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "identity-access", - "trust-boundaries" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-manage-external.html", - "https://aws.amazon.com/iam/access-analyzer/", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/API_CreateAnalyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-external.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/Welcome.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-internal.html" - ], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-01.04B", - "IAM-06.01AC", - "IAM-10.01B", - "IAM-10.02B", - "INQ-04.01AC", - "PSS-08.03B", - "PSS-09.01AC" - ], - "CIS-3.0": [ - "1.20" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.20" - ], - "CIS-5.0": [ - "1.19" - ], - "CIS-1.4": [ - "1.20" - ], - "CCC": [ - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN05.AR04" - ], - "ProwlerThreatScore-1.0": [ - "1.2.6" - ], - "CIS-1.5": [ - "1.20" - ], - "ISO27001-2022": [ - "A.8.3" - ], - "AWS-Account-Security-Onboarding": [ - "Enabled security services", - "Create analyzers in each active regions", - "Verify that events are present in SecurityHub aggregated view" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-2.0": [ - "1.20" - ], - "NIS2": [ - "3.2.3.e", - "11.1.1", - "11.2.1", - "11.2.2.e" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "**IAM Access Analyzer** presence and status are evaluated per account and Region. An analyzer in `ACTIVE` state indicates continuous analysis of supported resources and IAM activity to identify external, internal, and unused access.", - "title": "IAM Access Analyzer is enabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices" - ], - "uid": "prowler-aws-accessanalyzer_enabled-211203495394-eu-central-1-analyzer/unknown" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-central-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:accessanalyzer:eu-central-1:211203495394:analyzer/unknown", - "name": "analyzer/unknown", - "status": "NOT_AVAILABLE", - "findings": [], - "tags": [], - "type": "", - "region": "eu-central-1" - } - }, - "group": { - "name": "accessanalyzer" - }, - "labels": [], - "name": "analyzer/unknown", - "type": "Other", - "uid": "arn:aws:accessanalyzer:eu-central-1:211203495394:analyzer/unknown" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-central-1" - }, - "remediation": { - "desc": "Enable **IAM Access Analyzer** across all accounts and active Regions (*or organization-wide*). Operate on least privilege: continuously review findings, remove unintended access, and trim unused permissions. Use archive rules sparingly, integrate reviews into change/CI/CD workflows, and enforce separation of duties on policy changes.", - "references": [ - "https://hub.prowler.com/check/accessanalyzer_enabled" - ] - }, - "risk_details": "Without an active analyzer, visibility into unintended public, cross-account, or risky internal access is lost. Adversaries can exploit exposed S3, snapshots, KMS keys, or permissive role trusts for data exfiltration and escalation. Unused permissions persist, enlarging the attack surface. This degrades confidentiality and integrity.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "IAM Access Analyzer in account 211203495394 is not enabled.", - "metadata": { - "event_code": "accessanalyzer_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "IAM Access Analyzer in account 211203495394 is not enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "identity-access", - "trust-boundaries" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-manage-external.html", - "https://aws.amazon.com/iam/access-analyzer/", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/API_CreateAnalyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-external.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/Welcome.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-internal.html" - ], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-01.04B", - "IAM-06.01AC", - "IAM-10.01B", - "IAM-10.02B", - "INQ-04.01AC", - "PSS-08.03B", - "PSS-09.01AC" - ], - "CIS-3.0": [ - "1.20" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.20" - ], - "CIS-5.0": [ - "1.19" - ], - "CIS-1.4": [ - "1.20" - ], - "CCC": [ - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN05.AR04" - ], - "ProwlerThreatScore-1.0": [ - "1.2.6" - ], - "CIS-1.5": [ - "1.20" - ], - "ISO27001-2022": [ - "A.8.3" - ], - "AWS-Account-Security-Onboarding": [ - "Enabled security services", - "Create analyzers in each active regions", - "Verify that events are present in SecurityHub aggregated view" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-2.0": [ - "1.20" - ], - "NIS2": [ - "3.2.3.e", - "11.1.1", - "11.2.1", - "11.2.2.e" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "**IAM Access Analyzer** presence and status are evaluated per account and Region. An analyzer in `ACTIVE` state indicates continuous analysis of supported resources and IAM activity to identify external, internal, and unused access.", - "title": "IAM Access Analyzer is enabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices" - ], - "uid": "prowler-aws-accessanalyzer_enabled-211203495394-eu-north-1-analyzer/unknown" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-north-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:accessanalyzer:eu-north-1:211203495394:analyzer/unknown", - "name": "analyzer/unknown", - "status": "NOT_AVAILABLE", - "findings": [], - "tags": [], - "type": "", - "region": "eu-north-1" - } - }, - "group": { - "name": "accessanalyzer" - }, - "labels": [], - "name": "analyzer/unknown", - "type": "Other", - "uid": "arn:aws:accessanalyzer:eu-north-1:211203495394:analyzer/unknown" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-north-1" - }, - "remediation": { - "desc": "Enable **IAM Access Analyzer** across all accounts and active Regions (*or organization-wide*). Operate on least privilege: continuously review findings, remove unintended access, and trim unused permissions. Use archive rules sparingly, integrate reviews into change/CI/CD workflows, and enforce separation of duties on policy changes.", - "references": [ - "https://hub.prowler.com/check/accessanalyzer_enabled" - ] - }, - "risk_details": "Without an active analyzer, visibility into unintended public, cross-account, or risky internal access is lost. Adversaries can exploit exposed S3, snapshots, KMS keys, or permissive role trusts for data exfiltration and escalation. Unused permissions persist, enlarging the attack surface. This degrades confidentiality and integrity.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "IAM Access Analyzer in account 211203495394 is not enabled.", - "metadata": { - "event_code": "accessanalyzer_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "IAM Access Analyzer in account 211203495394 is not enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "identity-access", - "trust-boundaries" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-manage-external.html", - "https://aws.amazon.com/iam/access-analyzer/", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/API_CreateAnalyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-external.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/Welcome.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-internal.html" - ], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-01.04B", - "IAM-06.01AC", - "IAM-10.01B", - "IAM-10.02B", - "INQ-04.01AC", - "PSS-08.03B", - "PSS-09.01AC" - ], - "CIS-3.0": [ - "1.20" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.20" - ], - "CIS-5.0": [ - "1.19" - ], - "CIS-1.4": [ - "1.20" - ], - "CCC": [ - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN05.AR04" - ], - "ProwlerThreatScore-1.0": [ - "1.2.6" - ], - "CIS-1.5": [ - "1.20" - ], - "ISO27001-2022": [ - "A.8.3" - ], - "AWS-Account-Security-Onboarding": [ - "Enabled security services", - "Create analyzers in each active regions", - "Verify that events are present in SecurityHub aggregated view" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-2.0": [ - "1.20" - ], - "NIS2": [ - "3.2.3.e", - "11.1.1", - "11.2.1", - "11.2.2.e" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "**IAM Access Analyzer** presence and status are evaluated per account and Region. An analyzer in `ACTIVE` state indicates continuous analysis of supported resources and IAM activity to identify external, internal, and unused access.", - "title": "IAM Access Analyzer is enabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices" - ], - "uid": "prowler-aws-accessanalyzer_enabled-211203495394-eu-west-1-analyzer/unknown" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:accessanalyzer:eu-west-1:211203495394:analyzer/unknown", - "name": "analyzer/unknown", - "status": "NOT_AVAILABLE", - "findings": [], - "tags": [], - "type": "", - "region": "eu-west-1" - } - }, - "group": { - "name": "accessanalyzer" - }, - "labels": [], - "name": "analyzer/unknown", - "type": "Other", - "uid": "arn:aws:accessanalyzer:eu-west-1:211203495394:analyzer/unknown" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Enable **IAM Access Analyzer** across all accounts and active Regions (*or organization-wide*). Operate on least privilege: continuously review findings, remove unintended access, and trim unused permissions. Use archive rules sparingly, integrate reviews into change/CI/CD workflows, and enforce separation of duties on policy changes.", - "references": [ - "https://hub.prowler.com/check/accessanalyzer_enabled" - ] - }, - "risk_details": "Without an active analyzer, visibility into unintended public, cross-account, or risky internal access is lost. Adversaries can exploit exposed S3, snapshots, KMS keys, or permissive role trusts for data exfiltration and escalation. Unused permissions persist, enlarging the attack surface. This degrades confidentiality and integrity.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "IAM Access Analyzer in account 211203495394 is not enabled.", - "metadata": { - "event_code": "accessanalyzer_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "IAM Access Analyzer in account 211203495394 is not enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "identity-access", - "trust-boundaries" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-manage-external.html", - "https://aws.amazon.com/iam/access-analyzer/", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/API_CreateAnalyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-external.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/Welcome.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-internal.html" - ], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-01.04B", - "IAM-06.01AC", - "IAM-10.01B", - "IAM-10.02B", - "INQ-04.01AC", - "PSS-08.03B", - "PSS-09.01AC" - ], - "CIS-3.0": [ - "1.20" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.20" - ], - "CIS-5.0": [ - "1.19" - ], - "CIS-1.4": [ - "1.20" - ], - "CCC": [ - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN05.AR04" - ], - "ProwlerThreatScore-1.0": [ - "1.2.6" - ], - "CIS-1.5": [ - "1.20" - ], - "ISO27001-2022": [ - "A.8.3" - ], - "AWS-Account-Security-Onboarding": [ - "Enabled security services", - "Create analyzers in each active regions", - "Verify that events are present in SecurityHub aggregated view" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-2.0": [ - "1.20" - ], - "NIS2": [ - "3.2.3.e", - "11.1.1", - "11.2.1", - "11.2.2.e" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "**IAM Access Analyzer** presence and status are evaluated per account and Region. An analyzer in `ACTIVE` state indicates continuous analysis of supported resources and IAM activity to identify external, internal, and unused access.", - "title": "IAM Access Analyzer is enabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices" - ], - "uid": "prowler-aws-accessanalyzer_enabled-211203495394-eu-west-2-analyzer/unknown" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-2", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:accessanalyzer:eu-west-2:211203495394:analyzer/unknown", - "name": "analyzer/unknown", - "status": "NOT_AVAILABLE", - "findings": [], - "tags": [], - "type": "", - "region": "eu-west-2" - } - }, - "group": { - "name": "accessanalyzer" - }, - "labels": [], - "name": "analyzer/unknown", - "type": "Other", - "uid": "arn:aws:accessanalyzer:eu-west-2:211203495394:analyzer/unknown" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-2" - }, - "remediation": { - "desc": "Enable **IAM Access Analyzer** across all accounts and active Regions (*or organization-wide*). Operate on least privilege: continuously review findings, remove unintended access, and trim unused permissions. Use archive rules sparingly, integrate reviews into change/CI/CD workflows, and enforce separation of duties on policy changes.", - "references": [ - "https://hub.prowler.com/check/accessanalyzer_enabled" - ] - }, - "risk_details": "Without an active analyzer, visibility into unintended public, cross-account, or risky internal access is lost. Adversaries can exploit exposed S3, snapshots, KMS keys, or permissive role trusts for data exfiltration and escalation. Unused permissions persist, enlarging the attack surface. This degrades confidentiality and integrity.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "IAM Access Analyzer in account 211203495394 is not enabled.", - "metadata": { - "event_code": "accessanalyzer_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "IAM Access Analyzer in account 211203495394 is not enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "identity-access", - "trust-boundaries" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-manage-external.html", - "https://aws.amazon.com/iam/access-analyzer/", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/API_CreateAnalyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-external.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/Welcome.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-internal.html" - ], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-01.04B", - "IAM-06.01AC", - "IAM-10.01B", - "IAM-10.02B", - "INQ-04.01AC", - "PSS-08.03B", - "PSS-09.01AC" - ], - "CIS-3.0": [ - "1.20" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.20" - ], - "CIS-5.0": [ - "1.19" - ], - "CIS-1.4": [ - "1.20" - ], - "CCC": [ - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN05.AR04" - ], - "ProwlerThreatScore-1.0": [ - "1.2.6" - ], - "CIS-1.5": [ - "1.20" - ], - "ISO27001-2022": [ - "A.8.3" - ], - "AWS-Account-Security-Onboarding": [ - "Enabled security services", - "Create analyzers in each active regions", - "Verify that events are present in SecurityHub aggregated view" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-2.0": [ - "1.20" - ], - "NIS2": [ - "3.2.3.e", - "11.1.1", - "11.2.1", - "11.2.2.e" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "**IAM Access Analyzer** presence and status are evaluated per account and Region. An analyzer in `ACTIVE` state indicates continuous analysis of supported resources and IAM activity to identify external, internal, and unused access.", - "title": "IAM Access Analyzer is enabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices" - ], - "uid": "prowler-aws-accessanalyzer_enabled-211203495394-eu-west-3-analyzer/unknown" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-3", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:accessanalyzer:eu-west-3:211203495394:analyzer/unknown", - "name": "analyzer/unknown", - "status": "NOT_AVAILABLE", - "findings": [], - "tags": [], - "type": "", - "region": "eu-west-3" - } - }, - "group": { - "name": "accessanalyzer" - }, - "labels": [], - "name": "analyzer/unknown", - "type": "Other", - "uid": "arn:aws:accessanalyzer:eu-west-3:211203495394:analyzer/unknown" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-3" - }, - "remediation": { - "desc": "Enable **IAM Access Analyzer** across all accounts and active Regions (*or organization-wide*). Operate on least privilege: continuously review findings, remove unintended access, and trim unused permissions. Use archive rules sparingly, integrate reviews into change/CI/CD workflows, and enforce separation of duties on policy changes.", - "references": [ - "https://hub.prowler.com/check/accessanalyzer_enabled" - ] - }, - "risk_details": "Without an active analyzer, visibility into unintended public, cross-account, or risky internal access is lost. Adversaries can exploit exposed S3, snapshots, KMS keys, or permissive role trusts for data exfiltration and escalation. Unused permissions persist, enlarging the attack surface. This degrades confidentiality and integrity.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "IAM Access Analyzer in account 211203495394 is not enabled.", - "metadata": { - "event_code": "accessanalyzer_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "IAM Access Analyzer in account 211203495394 is not enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "identity-access", - "trust-boundaries" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-manage-external.html", - "https://aws.amazon.com/iam/access-analyzer/", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/API_CreateAnalyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-external.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/Welcome.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-internal.html" - ], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-01.04B", - "IAM-06.01AC", - "IAM-10.01B", - "IAM-10.02B", - "INQ-04.01AC", - "PSS-08.03B", - "PSS-09.01AC" - ], - "CIS-3.0": [ - "1.20" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.20" - ], - "CIS-5.0": [ - "1.19" - ], - "CIS-1.4": [ - "1.20" - ], - "CCC": [ - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN05.AR04" - ], - "ProwlerThreatScore-1.0": [ - "1.2.6" - ], - "CIS-1.5": [ - "1.20" - ], - "ISO27001-2022": [ - "A.8.3" - ], - "AWS-Account-Security-Onboarding": [ - "Enabled security services", - "Create analyzers in each active regions", - "Verify that events are present in SecurityHub aggregated view" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-2.0": [ - "1.20" - ], - "NIS2": [ - "3.2.3.e", - "11.1.1", - "11.2.1", - "11.2.2.e" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "**IAM Access Analyzer** presence and status are evaluated per account and Region. An analyzer in `ACTIVE` state indicates continuous analysis of supported resources and IAM activity to identify external, internal, and unused access.", - "title": "IAM Access Analyzer is enabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices" - ], - "uid": "prowler-aws-accessanalyzer_enabled-211203495394-sa-east-1-analyzer/unknown" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "sa-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:accessanalyzer:sa-east-1:211203495394:analyzer/unknown", - "name": "analyzer/unknown", - "status": "NOT_AVAILABLE", - "findings": [], - "tags": [], - "type": "", - "region": "sa-east-1" - } - }, - "group": { - "name": "accessanalyzer" - }, - "labels": [], - "name": "analyzer/unknown", - "type": "Other", - "uid": "arn:aws:accessanalyzer:sa-east-1:211203495394:analyzer/unknown" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "sa-east-1" - }, - "remediation": { - "desc": "Enable **IAM Access Analyzer** across all accounts and active Regions (*or organization-wide*). Operate on least privilege: continuously review findings, remove unintended access, and trim unused permissions. Use archive rules sparingly, integrate reviews into change/CI/CD workflows, and enforce separation of duties on policy changes.", - "references": [ - "https://hub.prowler.com/check/accessanalyzer_enabled" - ] - }, - "risk_details": "Without an active analyzer, visibility into unintended public, cross-account, or risky internal access is lost. Adversaries can exploit exposed S3, snapshots, KMS keys, or permissive role trusts for data exfiltration and escalation. Unused permissions persist, enlarging the attack surface. This degrades confidentiality and integrity.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "IAM Access Analyzer in account 211203495394 is not enabled.", - "metadata": { - "event_code": "accessanalyzer_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "IAM Access Analyzer in account 211203495394 is not enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "identity-access", - "trust-boundaries" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-manage-external.html", - "https://aws.amazon.com/iam/access-analyzer/", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/API_CreateAnalyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-external.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/Welcome.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-internal.html" - ], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-01.04B", - "IAM-06.01AC", - "IAM-10.01B", - "IAM-10.02B", - "INQ-04.01AC", - "PSS-08.03B", - "PSS-09.01AC" - ], - "CIS-3.0": [ - "1.20" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.20" - ], - "CIS-5.0": [ - "1.19" - ], - "CIS-1.4": [ - "1.20" - ], - "CCC": [ - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN05.AR04" - ], - "ProwlerThreatScore-1.0": [ - "1.2.6" - ], - "CIS-1.5": [ - "1.20" - ], - "ISO27001-2022": [ - "A.8.3" - ], - "AWS-Account-Security-Onboarding": [ - "Enabled security services", - "Create analyzers in each active regions", - "Verify that events are present in SecurityHub aggregated view" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-2.0": [ - "1.20" - ], - "NIS2": [ - "3.2.3.e", - "11.1.1", - "11.2.1", - "11.2.2.e" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "**IAM Access Analyzer** presence and status are evaluated per account and Region. An analyzer in `ACTIVE` state indicates continuous analysis of supported resources and IAM activity to identify external, internal, and unused access.", - "title": "IAM Access Analyzer is enabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices" - ], - "uid": "prowler-aws-accessanalyzer_enabled-211203495394-us-east-1-analyzer/unknown" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:accessanalyzer:us-east-1:211203495394:analyzer/unknown", - "name": "analyzer/unknown", - "status": "NOT_AVAILABLE", - "findings": [], - "tags": [], - "type": "", - "region": "us-east-1" - } - }, - "group": { - "name": "accessanalyzer" - }, - "labels": [], - "name": "analyzer/unknown", - "type": "Other", - "uid": "arn:aws:accessanalyzer:us-east-1:211203495394:analyzer/unknown" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Enable **IAM Access Analyzer** across all accounts and active Regions (*or organization-wide*). Operate on least privilege: continuously review findings, remove unintended access, and trim unused permissions. Use archive rules sparingly, integrate reviews into change/CI/CD workflows, and enforce separation of duties on policy changes.", - "references": [ - "https://hub.prowler.com/check/accessanalyzer_enabled" - ] - }, - "risk_details": "Without an active analyzer, visibility into unintended public, cross-account, or risky internal access is lost. Adversaries can exploit exposed S3, snapshots, KMS keys, or permissive role trusts for data exfiltration and escalation. Unused permissions persist, enlarging the attack surface. This degrades confidentiality and integrity.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "IAM Access Analyzer in account 211203495394 is not enabled.", - "metadata": { - "event_code": "accessanalyzer_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "IAM Access Analyzer in account 211203495394 is not enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "identity-access", - "trust-boundaries" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-manage-external.html", - "https://aws.amazon.com/iam/access-analyzer/", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/API_CreateAnalyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-external.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/Welcome.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-internal.html" - ], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-01.04B", - "IAM-06.01AC", - "IAM-10.01B", - "IAM-10.02B", - "INQ-04.01AC", - "PSS-08.03B", - "PSS-09.01AC" - ], - "CIS-3.0": [ - "1.20" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.20" - ], - "CIS-5.0": [ - "1.19" - ], - "CIS-1.4": [ - "1.20" - ], - "CCC": [ - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN05.AR04" - ], - "ProwlerThreatScore-1.0": [ - "1.2.6" - ], - "CIS-1.5": [ - "1.20" - ], - "ISO27001-2022": [ - "A.8.3" - ], - "AWS-Account-Security-Onboarding": [ - "Enabled security services", - "Create analyzers in each active regions", - "Verify that events are present in SecurityHub aggregated view" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-2.0": [ - "1.20" - ], - "NIS2": [ - "3.2.3.e", - "11.1.1", - "11.2.1", - "11.2.2.e" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "**IAM Access Analyzer** presence and status are evaluated per account and Region. An analyzer in `ACTIVE` state indicates continuous analysis of supported resources and IAM activity to identify external, internal, and unused access.", - "title": "IAM Access Analyzer is enabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices" - ], - "uid": "prowler-aws-accessanalyzer_enabled-211203495394-us-east-2-analyzer/unknown" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-2", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:accessanalyzer:us-east-2:211203495394:analyzer/unknown", - "name": "analyzer/unknown", - "status": "NOT_AVAILABLE", - "findings": [], - "tags": [], - "type": "", - "region": "us-east-2" - } - }, - "group": { - "name": "accessanalyzer" - }, - "labels": [], - "name": "analyzer/unknown", - "type": "Other", - "uid": "arn:aws:accessanalyzer:us-east-2:211203495394:analyzer/unknown" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-2" - }, - "remediation": { - "desc": "Enable **IAM Access Analyzer** across all accounts and active Regions (*or organization-wide*). Operate on least privilege: continuously review findings, remove unintended access, and trim unused permissions. Use archive rules sparingly, integrate reviews into change/CI/CD workflows, and enforce separation of duties on policy changes.", - "references": [ - "https://hub.prowler.com/check/accessanalyzer_enabled" - ] - }, - "risk_details": "Without an active analyzer, visibility into unintended public, cross-account, or risky internal access is lost. Adversaries can exploit exposed S3, snapshots, KMS keys, or permissive role trusts for data exfiltration and escalation. Unused permissions persist, enlarging the attack surface. This degrades confidentiality and integrity.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "IAM Access Analyzer in account 211203495394 is not enabled.", - "metadata": { - "event_code": "accessanalyzer_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "IAM Access Analyzer in account 211203495394 is not enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "identity-access", - "trust-boundaries" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-manage-external.html", - "https://aws.amazon.com/iam/access-analyzer/", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/API_CreateAnalyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-external.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/Welcome.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-internal.html" - ], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-01.04B", - "IAM-06.01AC", - "IAM-10.01B", - "IAM-10.02B", - "INQ-04.01AC", - "PSS-08.03B", - "PSS-09.01AC" - ], - "CIS-3.0": [ - "1.20" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.20" - ], - "CIS-5.0": [ - "1.19" - ], - "CIS-1.4": [ - "1.20" - ], - "CCC": [ - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN05.AR04" - ], - "ProwlerThreatScore-1.0": [ - "1.2.6" - ], - "CIS-1.5": [ - "1.20" - ], - "ISO27001-2022": [ - "A.8.3" - ], - "AWS-Account-Security-Onboarding": [ - "Enabled security services", - "Create analyzers in each active regions", - "Verify that events are present in SecurityHub aggregated view" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-2.0": [ - "1.20" - ], - "NIS2": [ - "3.2.3.e", - "11.1.1", - "11.2.1", - "11.2.2.e" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "**IAM Access Analyzer** presence and status are evaluated per account and Region. An analyzer in `ACTIVE` state indicates continuous analysis of supported resources and IAM activity to identify external, internal, and unused access.", - "title": "IAM Access Analyzer is enabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices" - ], - "uid": "prowler-aws-accessanalyzer_enabled-211203495394-us-west-1-analyzer/unknown" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:accessanalyzer:us-west-1:211203495394:analyzer/unknown", - "name": "analyzer/unknown", - "status": "NOT_AVAILABLE", - "findings": [], - "tags": [], - "type": "", - "region": "us-west-1" - } - }, - "group": { - "name": "accessanalyzer" - }, - "labels": [], - "name": "analyzer/unknown", - "type": "Other", - "uid": "arn:aws:accessanalyzer:us-west-1:211203495394:analyzer/unknown" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-west-1" - }, - "remediation": { - "desc": "Enable **IAM Access Analyzer** across all accounts and active Regions (*or organization-wide*). Operate on least privilege: continuously review findings, remove unintended access, and trim unused permissions. Use archive rules sparingly, integrate reviews into change/CI/CD workflows, and enforce separation of duties on policy changes.", - "references": [ - "https://hub.prowler.com/check/accessanalyzer_enabled" - ] - }, - "risk_details": "Without an active analyzer, visibility into unintended public, cross-account, or risky internal access is lost. Adversaries can exploit exposed S3, snapshots, KMS keys, or permissive role trusts for data exfiltration and escalation. Unused permissions persist, enlarging the attack surface. This degrades confidentiality and integrity.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "IAM Access Analyzer in account 211203495394 is not enabled.", - "metadata": { - "event_code": "accessanalyzer_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "IAM Access Analyzer in account 211203495394 is not enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "identity-access", - "trust-boundaries" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-manage-external.html", - "https://aws.amazon.com/iam/access-analyzer/", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/API_CreateAnalyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-external.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/Welcome.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-internal.html" - ], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-01.04B", - "IAM-06.01AC", - "IAM-10.01B", - "IAM-10.02B", - "INQ-04.01AC", - "PSS-08.03B", - "PSS-09.01AC" - ], - "CIS-3.0": [ - "1.20" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.20" - ], - "CIS-5.0": [ - "1.19" - ], - "CIS-1.4": [ - "1.20" - ], - "CCC": [ - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN05.AR04" - ], - "ProwlerThreatScore-1.0": [ - "1.2.6" - ], - "CIS-1.5": [ - "1.20" - ], - "ISO27001-2022": [ - "A.8.3" - ], - "AWS-Account-Security-Onboarding": [ - "Enabled security services", - "Create analyzers in each active regions", - "Verify that events are present in SecurityHub aggregated view" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-2.0": [ - "1.20" - ], - "NIS2": [ - "3.2.3.e", - "11.1.1", - "11.2.1", - "11.2.2.e" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "**IAM Access Analyzer** presence and status are evaluated per account and Region. An analyzer in `ACTIVE` state indicates continuous analysis of supported resources and IAM activity to identify external, internal, and unused access.", - "title": "IAM Access Analyzer is enabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices" - ], - "uid": "prowler-aws-accessanalyzer_enabled-211203495394-us-west-2-analyzer/unknown" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-west-2", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:accessanalyzer:us-west-2:211203495394:analyzer/unknown", - "name": "analyzer/unknown", - "status": "NOT_AVAILABLE", - "findings": [], - "tags": [], - "type": "", - "region": "us-west-2" - } - }, - "group": { - "name": "accessanalyzer" - }, - "labels": [], - "name": "analyzer/unknown", - "type": "Other", - "uid": "arn:aws:accessanalyzer:us-west-2:211203495394:analyzer/unknown" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-west-2" - }, - "remediation": { - "desc": "Enable **IAM Access Analyzer** across all accounts and active Regions (*or organization-wide*). Operate on least privilege: continuously review findings, remove unintended access, and trim unused permissions. Use archive rules sparingly, integrate reviews into change/CI/CD workflows, and enforce separation of duties on policy changes.", - "references": [ - "https://hub.prowler.com/check/accessanalyzer_enabled" - ] - }, - "risk_details": "Without an active analyzer, visibility into unintended public, cross-account, or risky internal access is lost. Adversaries can exploit exposed S3, snapshots, KMS keys, or permissive role trusts for data exfiltration and escalation. Unused permissions persist, enlarging the attack surface. This degrades confidentiality and integrity.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Login to the AWS Console. Choose your account name on the top right of the window -> My Account -> Contact Information.", - "metadata": { - "event_code": "account_maintain_current_contact_details", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "MANUAL", - "status_detail": "Login to the AWS Console. Choose your account name on the top right of the window -> My Account -> Contact Information.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://docs.prowler.com/checks/aws/iam-policies/iam_18-maintain-contact-details#aws-console", - "https://repost.aws/knowledge-center/update-phone-number", - "https://support.stax.io/docs/accounts/update-aws-account-contact-details", - "https://maartenbruntink.nl/blog/2022/09/26/aws-account-hygiene-101-mass-updating-alternate-account-contacts/", - "https://docs.aws.amazon.com/security-ir/latest/userguide/update-account-contact-info.html", - "https://docs.aws.amazon.com/accounts/latest/reference/manage-acct-update-contact-primary.html", - "https://repost.aws/knowledge-center/add-update-billing-contact", - "https://aws.amazon.com/blogs/security/update-the-alternate-security-contact-across-your-aws-accounts-for-timely-security-notifications/", - "https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_update_contacts.html", - "https://docs.aws.amazon.com/accounts/latest/reference/manage-acct-update-contact-alternate.html" - ], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-03.01AS", - "IAM-06.06B", - "SSO-05.06B", - "SIM-01.03B", - "INQ-02.01B" - ], - "CIS-3.0": [ - "1.1" - ], - "ENS-RD2022": [ - "op.ext.7.aws.am.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2" - ], - "CIS-4.0.1": [ - "1.1" - ], - "CIS-5.0": [ - "1.1" - ], - "CIS-1.4": [ - "1.1" - ], - "CIS-1.5": [ - "1.1" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC03-BP03", - "SEC10-BP01" - ], - "ISO27001-2022": [ - "A.5.5" - ], - "AWS-Account-Security-Onboarding": [ - "Billing, emergency, security contacts" - ], - "KISA-ISMS-P-2023": [ - "2.10.2" - ], - "CIS-2.0": [ - "1.1" - ], - "NIS2": [ - "2.2.3", - "3.5.3.a", - "5.1.7.b" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "**AWS account contact information** is current for the **primary contact** and the **alternate contacts** for `security`, `billing`, and `operations`, with accurate email addresses and phone numbers.", - "title": "AWS account contact information is current", - "types": [ - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices" - ], - "uid": "prowler-aws-account_maintain_current_contact_details-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "account" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:iam::211203495394:root" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Adopt:\n- **Primary** and **alternate contacts** for `security`, `billing`, `operations`\n- Shared, monitored aliases and SMS-capable phone numbers (non-personal)\n- Centralized management across accounts with periodic reviews\n- **Least privilege** for who can modify contact data\n- Regular reachability tests and documented ownership", - "references": [ - "https://hub.prowler.com/check/account_maintain_current_contact_details" - ] - }, - "risk_details": "Outdated or single-person contacts delay **security notifications**, slow **incident response**, and complicate **account recovery**.\n\nAWS may throttle services during abuse mitigation, reducing **availability**. Missed alerts enable ongoing misuse, risking **data exfiltration** and unauthorized changes (**integrity**).", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "SECURITY, BILLING and OPERATIONS contacts not found or they are not different between each other and between ROOT contact.", - "metadata": { - "event_code": "account_maintain_different_contact_details_to_security_billing_and_operations", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "SECURITY, BILLING and OPERATIONS contacts not found or they are not different between each other and between ROOT contact.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "resilience" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/account_alternate_contact", - "https://docs.prowler.com/checks/aws/iam-policies/iam_18-maintain-contact-details#aws-console", - "https://docs.aws.amazon.com/accounts/latest/reference/manage-acct-update-contact-alternate.html", - "https://builder.aws.com/content/2qRw97fe8JFwfk2AbpJ3sYNpNvM/aws-bulk-update-alternate-contacts-across-organization", - "https://github.com/aws-samples/aws-account-alternate-contact-with-terraform", - "https://trendmicro.com/cloudoneconformity/knowledge-base/aws/IAM/account-security-alternate-contacts.html", - "https://repost.aws/articles/ARDFbpt-bvQ8iuErnqVVcCXQ/managing-aws-organization-alternate-contacts-via-csv" - ], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-04.03B", - "IAM-06.06B", - "SSO-05.06B", - "SIM-01.03B", - "INQ-02.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2" - ], - "ISO27001-2022": [ - "A.5.6" - ], - "KISA-ISMS-P-2023": [ - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "**AWS account alternate contacts** are defined for **Security**, **Billing**, and **Operations** with `name`, `email`, and `phone`. The finding evaluates that all three exist, are distinct from one another, and differ from the **primary (root) contact**.", - "title": "AWS account has distinct Security, Billing, and Operations contact details, different from each other and from the root contact", - "types": [ - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-account_maintain_different_contact_details_to_security_billing_and_operations-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "account" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:iam::211203495394:root" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Maintain distinct, monitored **Security**, **Billing**, and **Operations** alternate contacts that differ from the root contact.\n- Use team aliases and 24x7 phones\n- Review and test contact paths regularly\n- Centralize at org level for consistency\n\nApplies **operational resilience** and **separation of duties**.", - "references": [ - "https://hub.prowler.com/check/account_maintain_different_contact_details_to_security_billing_and_operations" - ] - }, - "risk_details": "Missing or shared contacts can delay response to abuse alerts, credential compromise, or billing anomalies, reducing **availability** (possible AWS traffic throttling) and raising **confidentiality** and **integrity** risk through extended exposure. If AWS cannot reach you, urgent mitigation may disrupt service.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Login to the AWS Console. Choose your account name on the top right of the window -> My Account -> Alternate Contacts -> Security Section.", - "metadata": { - "event_code": "account_security_contact_information_is_registered", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "MANUAL", - "status_detail": "Login to the AWS Console. Choose your account name on the top right of the window -> My Account -> Alternate Contacts -> Security Section.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/account_alternate_contact", - "https://docs.prowler.com/checks/aws/iam-policies/iam_19/", - "https://support.icompaas.com/support/solutions/articles/62000234161-1-2-ensure-security-contact-information-is-registered-manual-", - "https://www.plerion.com/cloud-knowledge-base/ensure-security-contact-information-is-registered", - "https://repost.aws/articles/ARDFbpt-bvQ8iuErnqVVcCXQ/managing-aws-organization-alternate-contacts-via-csv" - ], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-06.01B", - "SSO-05.06B", - "SIM-01.03B" - ], - "CIS-3.0": [ - "1.2" - ], - "ENS-RD2022": [ - "op.ext.7.aws.am.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2" - ], - "CIS-4.0.1": [ - "1.2" - ], - "PCI-4.0": [ - "A1.2.3.1" - ], - "CIS-5.0": [ - "1.2" - ], - "CIS-1.4": [ - "1.2" - ], - "AWS-Foundational-Security-Best-Practices": [ - "Account.1" - ], - "CIS-1.5": [ - "1.2" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC03-BP03", - "SEC10-BP01" - ], - "ISO27001-2022": [ - "A.5.5" - ], - "AWS-Account-Security-Onboarding": [ - "Billing, emergency, security contacts" - ], - "KISA-ISMS-P-2023": [ - "2.10.2" - ], - "CIS-2.0": [ - "1.2" - ], - "NIS2": [ - "1.1.1.a", - "1.2.3", - "2.2.1", - "3.1.2.d", - "3.5.3.a", - "5.1.7.b" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Account settings contain a **Security alternate contact** in Alternate Contacts (name, `EmailAddress`, `PhoneNumber`) for targeted AWS security notifications.", - "title": "AWS account has security alternate contact registered", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices" - ], - "uid": "prowler-aws-account_security_contact_information_is_registered-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "account" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:iam::211203495394:root" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Define and maintain a **Security alternate contact**:\n- Use a monitored alias (e.g., `security@domain`) and team phone\n- Apply to every account (prefer Org-wide automation)\n- Review after org/personnel changes and test delivery\n- Document ownership and escalation paths\nAlign with **incident response** and **least privilege** principles.", - "references": [ - "https://hub.prowler.com/check/account_security_contact_information_is_registered" - ] - }, - "risk_details": "Missing or outdated **security contact** can delay or prevent AWS advisories from reaching responders, increasing risk to:\n- Confidentiality: data exfiltration from undetected compromise\n- Integrity: unauthorized changes persist longer\n- Availability: resource abuse (e.g., cryptomining) and outages", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Login to the AWS Console as root. Choose your account name on the top right of the window -> My Account -> Configure Security Challenge Questions.", - "metadata": { - "event_code": "account_security_questions_are_registered_in_the_aws_account", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "MANUAL", - "status_detail": "Login to the AWS Console as root. Choose your account name on the top right of the window -> My Account -> Configure Security Challenge Questions.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://docs.prowler.com/checks/aws/iam-policies/iam_15", - "https://www.trendmicro.com/cloudoneconformity/knowledge-base/aws/IAM/security-challenge-questions.html" - ], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.3" - ], - "ENS-RD2022": [ - "op.ext.7.aws.am.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.3", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.3" - ], - "CIS-1.4": [ - "1.3" - ], - "CIS-1.5": [ - "1.3" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC03-BP03", - "SEC10-BP01" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.3", - "2.10.2" - ], - "CIS-2.0": [ - "1.3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "[DEPRECATED] **AWS account root** configuration may include legacy **security challenge questions** for support identity verification. This evaluates whether those questions are set on the account. *New configuration is discontinued by AWS and remaining support for this feature is time-limited.*", - "title": "[DEPRECATED] AWS root user has security challenge questions configured", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices" - ], - "uid": "prowler-aws-account_security_questions_are_registered_in_the_aws_account-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "account" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:iam::211203495394:root" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Favor stronger recovery instead of KBA:\n- Enforce **MFA for root** and minimize root use\n- Keep **alternate contacts** and root email current and protected\n- Establish a tightly controlled **break-glass role**, applying least privilege and separation of duties\n- Document and test recovery procedures; monitor root activity", - "references": [ - "https://hub.prowler.com/check/account_security_questions_are_registered_in_the_aws_account" - ] - }, - "risk_details": "Absence of these questions can limit support-assisted recovery if root credentials or MFA are lost, reducing **availability** and slowing **incident response**. Reliance on KBA also weakens **confidentiality** due to **social engineering**. Treat this as a recovery gap and adopt stronger, phishing-resistant factors.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No Backup Vault exist.", - "metadata": { - "event_code": "backup_vaults_exist", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "No Backup Vault exist.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "resilience" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://docs.aws.amazon.com/aws-backup/latest/devguide/vaults.html" - ], - "notes": "", - "compliance": { - "C5-2025": [ - "OPS-06.01B", - "OPS-07.01B", - "OPS-08.01B", - "OPS-09.02B", - "CRY-16.02B", - "DEV-11.02B", - "BCM-01.01B", - "BCM-01.02B", - "BCM-02.01B" - ], - "ENS-RD2022": [ - "mp.info.6.aws.bcku.1" - ], - "AWS-Foundational-Technical-Review": [ - "BAR-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.3", - "2.12.1" - ], - "CCC": [ - "CCC.Core.CN08.AR01", - "CCC.Core.CN14.AR02", - "CCC.Core.CN14.AR02" - ], - "ISO27001-2022": [ - "A.8.13" - ], - "KISA-ISMS-P-2023": [ - "2.9.3", - "2.12.1" - ], - "NIS2": [ - "3.6.2", - "4.1.2.f", - "4.1.2.g", - "4.2.2.b", - "4.2.2.e", - "12.1.2.c", - "12.2.2.b" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "**AWS Backup** in the account/region includes at least one **backup vault** that stores and organizes recovery points for use by backup plans and copies.", - "title": "At least one AWS Backup vault exists", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices" - ], - "uid": "prowler-aws-backup_vaults_exist-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "backup" - }, - "labels": [], - "name": "211203495394", - "type": "AwsBackupBackupVault", - "uid": "arn:aws:backup:us-east-1:211203495394:backup-vault" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Create and maintain a **backup vault** in each required region. Enforce **least privilege** access, encrypt with **KMS CMKs**, and enable **Vault Lock** to prevent tampering. Use lifecycle rules and cross-region/cross-account copies, and regularly test restores for **defense in depth**.", - "references": [ - "https://hub.prowler.com/check/backup_vaults_exist" - ] - }, - "risk_details": "Without a vault, recovery points cannot be created or retained in AWS Backup, degrading **availability** and **integrity**. Data may be irrecoverable after deletion, ransomware, or misconfiguration, and RPO/RTO targets may be missed during incidents.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Bedrock Agent 4g5e-TerraformBedrockAgents is using guardrail arn:aws:bedrock:us-east-1:211203495394:guardrail/yk2rgwn4nj1z to protect agent sessions.", - "metadata": { - "event_code": "bedrock_agent_guardrail_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Bedrock Agent 4g5e-TerraformBedrockAgents is using guardrail arn:aws:bedrock:us-east-1:211203495394:guardrail/yk2rgwn4nj1z to protect agent sessions.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/bedrock/latest/userguide/guardrails.html", - "categories": [ - "gen-ai" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "KISA-ISMS-P-2023-korean": [ - "2.10.2" - ], - "CCC": [ - "CCC.GenAI.CN01.AR01", - "CCC.GenAI.CN02.AR02", - "CCC.GenAI.CN04.AR02", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.MLDE.CN05.AR01" - ], - "KISA-ISMS-P-2023": [ - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "This check ensures that Guardrails are enabled to protect Amazon Bedrock agent sessions. Guardrails help mitigate security risks by filtering and blocking harmful or sensitive content during interactions with AI models.", - "title": "Ensure that Guardrails are enabled for Amazon Bedrock agent sessions.", - "types": [], - "uid": "prowler-aws-bedrock_agent_guardrail_enabled-211203495394-us-east-1-LRY8BRVRA6" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "id": "LRY8BRVRA6", - "name": "4g5e-TerraformBedrockAgents", - "arn": "arn:aws:bedrock:us-east-1:211203495394:agent/LRY8BRVRA6", - "guardrail_id": "arn:aws:bedrock:us-east-1:211203495394:guardrail/yk2rgwn4nj1z", - "region": "us-east-1", - "tags": [] - } - }, - "group": { - "name": "bedrock" - }, - "labels": [], - "name": "LRY8BRVRA6", - "type": "Other", - "uid": "arn:aws:bedrock:us-east-1:211203495394:agent/LRY8BRVRA6" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Enable Guardrails for Amazon Bedrock agent sessions to protect against harmful inputs and outputs during interactions.", - "references": [ - "https://docs.aws.amazon.com/bedrock/latest/userguide/guardrails-create.html" - ] - }, - "risk_details": "Without guardrails enabled, Amazon Bedrock agent sessions are vulnerable to harmful prompts or inputs that could expose sensitive information or generate inappropriate content. This could lead to privacy violations, data leaks, or other security risks.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Bedrock Guardrail 4g5e-TerraformBedrockGuardrail is not configured to block prompt attacks.", - "metadata": { - "event_code": "bedrock_guardrail_prompt_attack_filter_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Bedrock Guardrail 4g5e-TerraformBedrockGuardrail is not configured to block prompt attacks.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/bedrock/latest/userguide/guardrails.html", - "categories": [ - "gen-ai" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Ensure that prompt attack protection is set to the highest strength to minimize the risk of prompt injection attacks.", - "compliance": { - "KISA-ISMS-P-2023-korean": [ - "2.10.2" - ], - "CCC": [ - "CCC.GenAI.CN01.AR01", - "CCC.GenAI.CN01.AR02", - "CCC.GenAI.CN02.AR01", - "CCC.GenAI.CN02.AR02", - "CCC.GenAI.CN04.AR02", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.MLDE.CN05.AR01" - ], - "KISA-ISMS-P-2023": [ - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Ensure that prompt attack filter strength is set to HIGH for Amazon Bedrock guardrails to mitigate prompt injection and bypass techniques.", - "title": "Configure Prompt Attack Filter with the highest strength for Amazon Bedrock Guardrails.", - "types": [], - "uid": "prowler-aws-bedrock_guardrail_prompt_attack_filter_enabled-211203495394-us-east-1-yk2rgwn4nj1z" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "id": "yk2rgwn4nj1z", - "name": "4g5e-TerraformBedrockGuardrail", - "arn": "arn:aws:bedrock:us-east-1:211203495394:guardrail/yk2rgwn4nj1z", - "region": "us-east-1", - "tags": [], - "sensitive_information_filter": true, - "prompt_attack_filter_strength": null - } - }, - "group": { - "name": "bedrock" - }, - "labels": [], - "name": "yk2rgwn4nj1z", - "type": "Other", - "uid": "arn:aws:bedrock:us-east-1:211203495394:guardrail/yk2rgwn4nj1z" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Set the prompt attack filter strength to HIGH for Amazon Bedrock guardrails to prevent prompt injection attacks and ensure robust protection against content manipulation.", - "references": [ - "https://docs.aws.amazon.com/bedrock/latest/userguide/prompt-injection.html" - ] - }, - "risk_details": "If prompt attack filter strength is not set to HIGH, Bedrock models may be more vulnerable to prompt injection attacks or jailbreak attempts, which could allow harmful or sensitive content to bypass filters and reach end users.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Bedrock Guardrail 4g5e-TerraformBedrockGuardrail is blocking or masking sensitive information.", - "metadata": { - "event_code": "bedrock_guardrail_sensitive_information_filter_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Bedrock Guardrail 4g5e-TerraformBedrockGuardrail is blocking or masking sensitive information.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/bedrock/latest/userguide/guardrails.html", - "categories": [ - "gen-ai" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "KISA-ISMS-P-2023-korean": [ - "2.10.2" - ], - "CCC": [ - "CCC.GenAI.CN01.AR01", - "CCC.GenAI.CN01.AR02", - "CCC.GenAI.CN02.AR01", - "CCC.GenAI.CN02.AR02", - "CCC.GenAI.CN04.AR02", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.MLDE.CN05.AR01" - ], - "KISA-ISMS-P-2023": [ - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Ensure that sensitive information filters are enabled for Amazon Bedrock guardrails to prevent the leakage of sensitive data such as personally identifiable information (PII), financial data, or confidential corporate information.", - "title": "Configure Sensitive Information Filters for Amazon Bedrock Guardrails.", - "types": [], - "uid": "prowler-aws-bedrock_guardrail_sensitive_information_filter_enabled-211203495394-us-east-1-yk2rgwn4nj1z" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "id": "yk2rgwn4nj1z", - "name": "4g5e-TerraformBedrockGuardrail", - "arn": "arn:aws:bedrock:us-east-1:211203495394:guardrail/yk2rgwn4nj1z", - "region": "us-east-1", - "tags": [], - "sensitive_information_filter": true, - "prompt_attack_filter_strength": null - } - }, - "group": { - "name": "bedrock" - }, - "labels": [], - "name": "yk2rgwn4nj1z", - "type": "Other", - "uid": "arn:aws:bedrock:us-east-1:211203495394:guardrail/yk2rgwn4nj1z" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Enable sensitive information filters for Amazon Bedrock guardrails to prevent the exposure of sensitive or confidential information.", - "references": [ - "https://docs.aws.amazon.com/bedrock/latest/userguide/guardrails-sensitive-filters.html" - ] - }, - "risk_details": "If sensitive information filters are not enabled, Bedrock models may inadvertently generate or expose confidential or sensitive information in responses, leading to data breaches, regulatory violations, or reputational damage.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Bedrock Model Invocation Logging is disabled.", - "metadata": { - "event_code": "bedrock_model_invocation_logging_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Bedrock Model Invocation Logging is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html", - "categories": [ - "logging", - "forensics-ready", - "gen-ai" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_a_1_1" - ], - "C5-2025": [ - "AM-01.01AC", - "OPS-11.02AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "SSO-05.01AC", - "PSS-04.05B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.2" - ], - "CCC": [ - "CCC.GenAI.CN01.AR01", - "CCC.GenAI.CN02.AR02", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.MLDE.CN05.AR01" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.2" - ], - "NIS2": [ - "3.2.3.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Ensure that model invocation logging is enabled for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "title": "Ensure that model invocation logging is enabled for Amazon Bedrock.", - "types": [], - "uid": "prowler-aws-bedrock_model_invocation_logging_enabled-211203495394-ap-northeast-1-model-invocation-logging" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-northeast-1", - "data": { - "details": "", - "metadata": { - "enabled": false, - "cloudwatch_log_group": null, - "s3_bucket": null - } - }, - "group": { - "name": "bedrock" - }, - "labels": [], - "name": "model-invocation-logging", - "type": "Other", - "uid": "arn:aws:bedrock:ap-northeast-1:211203495394:model-invocation-logging" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-northeast-1" - }, - "remediation": { - "desc": "Enable model invocation logging for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "references": [ - "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html#model-invocation-logging-console" - ] - }, - "risk_details": "In Amazon Bedrock, model invocation logging enables you to collect the invocation request and response data, along with metadata, for all 'Converse', 'ConverseStream', 'InvokeModel', and 'InvokeModelWithResponseStream' API calls in your AWS account. Each log entry includes important details such as the timestamp, request ID, model ID, and token usage. Invocation logs can be utilized for troubleshooting, performance enhancements, abuse detection, and security auditing. By default, model invocation logging is disabled.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Bedrock Model Invocation Logging is disabled.", - "metadata": { - "event_code": "bedrock_model_invocation_logging_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Bedrock Model Invocation Logging is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html", - "categories": [ - "logging", - "forensics-ready", - "gen-ai" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_a_1_1" - ], - "C5-2025": [ - "AM-01.01AC", - "OPS-11.02AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "SSO-05.01AC", - "PSS-04.05B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.2" - ], - "CCC": [ - "CCC.GenAI.CN01.AR01", - "CCC.GenAI.CN02.AR02", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.MLDE.CN05.AR01" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.2" - ], - "NIS2": [ - "3.2.3.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Ensure that model invocation logging is enabled for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "title": "Ensure that model invocation logging is enabled for Amazon Bedrock.", - "types": [], - "uid": "prowler-aws-bedrock_model_invocation_logging_enabled-211203495394-ap-northeast-2-model-invocation-logging" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-northeast-2", - "data": { - "details": "", - "metadata": { - "enabled": false, - "cloudwatch_log_group": null, - "s3_bucket": null - } - }, - "group": { - "name": "bedrock" - }, - "labels": [], - "name": "model-invocation-logging", - "type": "Other", - "uid": "arn:aws:bedrock:ap-northeast-2:211203495394:model-invocation-logging" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-northeast-2" - }, - "remediation": { - "desc": "Enable model invocation logging for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "references": [ - "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html#model-invocation-logging-console" - ] - }, - "risk_details": "In Amazon Bedrock, model invocation logging enables you to collect the invocation request and response data, along with metadata, for all 'Converse', 'ConverseStream', 'InvokeModel', and 'InvokeModelWithResponseStream' API calls in your AWS account. Each log entry includes important details such as the timestamp, request ID, model ID, and token usage. Invocation logs can be utilized for troubleshooting, performance enhancements, abuse detection, and security auditing. By default, model invocation logging is disabled.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Bedrock Model Invocation Logging is disabled.", - "metadata": { - "event_code": "bedrock_model_invocation_logging_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Bedrock Model Invocation Logging is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html", - "categories": [ - "logging", - "forensics-ready", - "gen-ai" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_a_1_1" - ], - "C5-2025": [ - "AM-01.01AC", - "OPS-11.02AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "SSO-05.01AC", - "PSS-04.05B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.2" - ], - "CCC": [ - "CCC.GenAI.CN01.AR01", - "CCC.GenAI.CN02.AR02", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.MLDE.CN05.AR01" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.2" - ], - "NIS2": [ - "3.2.3.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Ensure that model invocation logging is enabled for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "title": "Ensure that model invocation logging is enabled for Amazon Bedrock.", - "types": [], - "uid": "prowler-aws-bedrock_model_invocation_logging_enabled-211203495394-ap-northeast-3-model-invocation-logging" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-northeast-3", - "data": { - "details": "", - "metadata": { - "enabled": false, - "cloudwatch_log_group": null, - "s3_bucket": null - } - }, - "group": { - "name": "bedrock" - }, - "labels": [], - "name": "model-invocation-logging", - "type": "Other", - "uid": "arn:aws:bedrock:ap-northeast-3:211203495394:model-invocation-logging" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-northeast-3" - }, - "remediation": { - "desc": "Enable model invocation logging for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "references": [ - "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html#model-invocation-logging-console" - ] - }, - "risk_details": "In Amazon Bedrock, model invocation logging enables you to collect the invocation request and response data, along with metadata, for all 'Converse', 'ConverseStream', 'InvokeModel', and 'InvokeModelWithResponseStream' API calls in your AWS account. Each log entry includes important details such as the timestamp, request ID, model ID, and token usage. Invocation logs can be utilized for troubleshooting, performance enhancements, abuse detection, and security auditing. By default, model invocation logging is disabled.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Bedrock Model Invocation Logging is disabled.", - "metadata": { - "event_code": "bedrock_model_invocation_logging_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Bedrock Model Invocation Logging is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html", - "categories": [ - "logging", - "forensics-ready", - "gen-ai" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_a_1_1" - ], - "C5-2025": [ - "AM-01.01AC", - "OPS-11.02AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "SSO-05.01AC", - "PSS-04.05B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.2" - ], - "CCC": [ - "CCC.GenAI.CN01.AR01", - "CCC.GenAI.CN02.AR02", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.MLDE.CN05.AR01" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.2" - ], - "NIS2": [ - "3.2.3.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Ensure that model invocation logging is enabled for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "title": "Ensure that model invocation logging is enabled for Amazon Bedrock.", - "types": [], - "uid": "prowler-aws-bedrock_model_invocation_logging_enabled-211203495394-ap-south-1-model-invocation-logging" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-south-1", - "data": { - "details": "", - "metadata": { - "enabled": false, - "cloudwatch_log_group": null, - "s3_bucket": null - } - }, - "group": { - "name": "bedrock" - }, - "labels": [], - "name": "model-invocation-logging", - "type": "Other", - "uid": "arn:aws:bedrock:ap-south-1:211203495394:model-invocation-logging" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-south-1" - }, - "remediation": { - "desc": "Enable model invocation logging for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "references": [ - "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html#model-invocation-logging-console" - ] - }, - "risk_details": "In Amazon Bedrock, model invocation logging enables you to collect the invocation request and response data, along with metadata, for all 'Converse', 'ConverseStream', 'InvokeModel', and 'InvokeModelWithResponseStream' API calls in your AWS account. Each log entry includes important details such as the timestamp, request ID, model ID, and token usage. Invocation logs can be utilized for troubleshooting, performance enhancements, abuse detection, and security auditing. By default, model invocation logging is disabled.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Bedrock Model Invocation Logging is disabled.", - "metadata": { - "event_code": "bedrock_model_invocation_logging_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Bedrock Model Invocation Logging is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html", - "categories": [ - "logging", - "forensics-ready", - "gen-ai" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_a_1_1" - ], - "C5-2025": [ - "AM-01.01AC", - "OPS-11.02AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "SSO-05.01AC", - "PSS-04.05B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.2" - ], - "CCC": [ - "CCC.GenAI.CN01.AR01", - "CCC.GenAI.CN02.AR02", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.MLDE.CN05.AR01" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.2" - ], - "NIS2": [ - "3.2.3.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Ensure that model invocation logging is enabled for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "title": "Ensure that model invocation logging is enabled for Amazon Bedrock.", - "types": [], - "uid": "prowler-aws-bedrock_model_invocation_logging_enabled-211203495394-ap-southeast-1-model-invocation-logging" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-southeast-1", - "data": { - "details": "", - "metadata": { - "enabled": false, - "cloudwatch_log_group": null, - "s3_bucket": null - } - }, - "group": { - "name": "bedrock" - }, - "labels": [], - "name": "model-invocation-logging", - "type": "Other", - "uid": "arn:aws:bedrock:ap-southeast-1:211203495394:model-invocation-logging" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-southeast-1" - }, - "remediation": { - "desc": "Enable model invocation logging for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "references": [ - "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html#model-invocation-logging-console" - ] - }, - "risk_details": "In Amazon Bedrock, model invocation logging enables you to collect the invocation request and response data, along with metadata, for all 'Converse', 'ConverseStream', 'InvokeModel', and 'InvokeModelWithResponseStream' API calls in your AWS account. Each log entry includes important details such as the timestamp, request ID, model ID, and token usage. Invocation logs can be utilized for troubleshooting, performance enhancements, abuse detection, and security auditing. By default, model invocation logging is disabled.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Bedrock Model Invocation Logging is disabled.", - "metadata": { - "event_code": "bedrock_model_invocation_logging_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Bedrock Model Invocation Logging is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html", - "categories": [ - "logging", - "forensics-ready", - "gen-ai" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_a_1_1" - ], - "C5-2025": [ - "AM-01.01AC", - "OPS-11.02AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "SSO-05.01AC", - "PSS-04.05B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.2" - ], - "CCC": [ - "CCC.GenAI.CN01.AR01", - "CCC.GenAI.CN02.AR02", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.MLDE.CN05.AR01" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.2" - ], - "NIS2": [ - "3.2.3.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Ensure that model invocation logging is enabled for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "title": "Ensure that model invocation logging is enabled for Amazon Bedrock.", - "types": [], - "uid": "prowler-aws-bedrock_model_invocation_logging_enabled-211203495394-ap-southeast-2-model-invocation-logging" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-southeast-2", - "data": { - "details": "", - "metadata": { - "enabled": false, - "cloudwatch_log_group": null, - "s3_bucket": null - } - }, - "group": { - "name": "bedrock" - }, - "labels": [], - "name": "model-invocation-logging", - "type": "Other", - "uid": "arn:aws:bedrock:ap-southeast-2:211203495394:model-invocation-logging" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-southeast-2" - }, - "remediation": { - "desc": "Enable model invocation logging for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "references": [ - "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html#model-invocation-logging-console" - ] - }, - "risk_details": "In Amazon Bedrock, model invocation logging enables you to collect the invocation request and response data, along with metadata, for all 'Converse', 'ConverseStream', 'InvokeModel', and 'InvokeModelWithResponseStream' API calls in your AWS account. Each log entry includes important details such as the timestamp, request ID, model ID, and token usage. Invocation logs can be utilized for troubleshooting, performance enhancements, abuse detection, and security auditing. By default, model invocation logging is disabled.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Bedrock Model Invocation Logging is disabled.", - "metadata": { - "event_code": "bedrock_model_invocation_logging_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Bedrock Model Invocation Logging is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html", - "categories": [ - "logging", - "forensics-ready", - "gen-ai" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_a_1_1" - ], - "C5-2025": [ - "AM-01.01AC", - "OPS-11.02AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "SSO-05.01AC", - "PSS-04.05B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.2" - ], - "CCC": [ - "CCC.GenAI.CN01.AR01", - "CCC.GenAI.CN02.AR02", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.MLDE.CN05.AR01" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.2" - ], - "NIS2": [ - "3.2.3.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Ensure that model invocation logging is enabled for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "title": "Ensure that model invocation logging is enabled for Amazon Bedrock.", - "types": [], - "uid": "prowler-aws-bedrock_model_invocation_logging_enabled-211203495394-ca-central-1-model-invocation-logging" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ca-central-1", - "data": { - "details": "", - "metadata": { - "enabled": false, - "cloudwatch_log_group": null, - "s3_bucket": null - } - }, - "group": { - "name": "bedrock" - }, - "labels": [], - "name": "model-invocation-logging", - "type": "Other", - "uid": "arn:aws:bedrock:ca-central-1:211203495394:model-invocation-logging" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ca-central-1" - }, - "remediation": { - "desc": "Enable model invocation logging for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "references": [ - "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html#model-invocation-logging-console" - ] - }, - "risk_details": "In Amazon Bedrock, model invocation logging enables you to collect the invocation request and response data, along with metadata, for all 'Converse', 'ConverseStream', 'InvokeModel', and 'InvokeModelWithResponseStream' API calls in your AWS account. Each log entry includes important details such as the timestamp, request ID, model ID, and token usage. Invocation logs can be utilized for troubleshooting, performance enhancements, abuse detection, and security auditing. By default, model invocation logging is disabled.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Bedrock Model Invocation Logging is disabled.", - "metadata": { - "event_code": "bedrock_model_invocation_logging_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Bedrock Model Invocation Logging is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html", - "categories": [ - "logging", - "forensics-ready", - "gen-ai" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_a_1_1" - ], - "C5-2025": [ - "AM-01.01AC", - "OPS-11.02AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "SSO-05.01AC", - "PSS-04.05B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.2" - ], - "CCC": [ - "CCC.GenAI.CN01.AR01", - "CCC.GenAI.CN02.AR02", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.MLDE.CN05.AR01" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.2" - ], - "NIS2": [ - "3.2.3.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Ensure that model invocation logging is enabled for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "title": "Ensure that model invocation logging is enabled for Amazon Bedrock.", - "types": [], - "uid": "prowler-aws-bedrock_model_invocation_logging_enabled-211203495394-eu-central-1-model-invocation-logging" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-central-1", - "data": { - "details": "", - "metadata": { - "enabled": false, - "cloudwatch_log_group": null, - "s3_bucket": null - } - }, - "group": { - "name": "bedrock" - }, - "labels": [], - "name": "model-invocation-logging", - "type": "Other", - "uid": "arn:aws:bedrock:eu-central-1:211203495394:model-invocation-logging" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-central-1" - }, - "remediation": { - "desc": "Enable model invocation logging for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "references": [ - "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html#model-invocation-logging-console" - ] - }, - "risk_details": "In Amazon Bedrock, model invocation logging enables you to collect the invocation request and response data, along with metadata, for all 'Converse', 'ConverseStream', 'InvokeModel', and 'InvokeModelWithResponseStream' API calls in your AWS account. Each log entry includes important details such as the timestamp, request ID, model ID, and token usage. Invocation logs can be utilized for troubleshooting, performance enhancements, abuse detection, and security auditing. By default, model invocation logging is disabled.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Bedrock Model Invocation Logging is disabled.", - "metadata": { - "event_code": "bedrock_model_invocation_logging_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Bedrock Model Invocation Logging is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html", - "categories": [ - "logging", - "forensics-ready", - "gen-ai" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_a_1_1" - ], - "C5-2025": [ - "AM-01.01AC", - "OPS-11.02AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "SSO-05.01AC", - "PSS-04.05B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.2" - ], - "CCC": [ - "CCC.GenAI.CN01.AR01", - "CCC.GenAI.CN02.AR02", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.MLDE.CN05.AR01" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.2" - ], - "NIS2": [ - "3.2.3.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Ensure that model invocation logging is enabled for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "title": "Ensure that model invocation logging is enabled for Amazon Bedrock.", - "types": [], - "uid": "prowler-aws-bedrock_model_invocation_logging_enabled-211203495394-eu-north-1-model-invocation-logging" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-north-1", - "data": { - "details": "", - "metadata": { - "enabled": false, - "cloudwatch_log_group": null, - "s3_bucket": null - } - }, - "group": { - "name": "bedrock" - }, - "labels": [], - "name": "model-invocation-logging", - "type": "Other", - "uid": "arn:aws:bedrock:eu-north-1:211203495394:model-invocation-logging" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-north-1" - }, - "remediation": { - "desc": "Enable model invocation logging for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "references": [ - "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html#model-invocation-logging-console" - ] - }, - "risk_details": "In Amazon Bedrock, model invocation logging enables you to collect the invocation request and response data, along with metadata, for all 'Converse', 'ConverseStream', 'InvokeModel', and 'InvokeModelWithResponseStream' API calls in your AWS account. Each log entry includes important details such as the timestamp, request ID, model ID, and token usage. Invocation logs can be utilized for troubleshooting, performance enhancements, abuse detection, and security auditing. By default, model invocation logging is disabled.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Bedrock Model Invocation Logging is disabled.", - "metadata": { - "event_code": "bedrock_model_invocation_logging_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Bedrock Model Invocation Logging is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html", - "categories": [ - "logging", - "forensics-ready", - "gen-ai" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_a_1_1" - ], - "C5-2025": [ - "AM-01.01AC", - "OPS-11.02AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "SSO-05.01AC", - "PSS-04.05B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.2" - ], - "CCC": [ - "CCC.GenAI.CN01.AR01", - "CCC.GenAI.CN02.AR02", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.MLDE.CN05.AR01" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.2" - ], - "NIS2": [ - "3.2.3.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Ensure that model invocation logging is enabled for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "title": "Ensure that model invocation logging is enabled for Amazon Bedrock.", - "types": [], - "uid": "prowler-aws-bedrock_model_invocation_logging_enabled-211203495394-eu-west-1-model-invocation-logging" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "enabled": false, - "cloudwatch_log_group": null, - "s3_bucket": null - } - }, - "group": { - "name": "bedrock" - }, - "labels": [], - "name": "model-invocation-logging", - "type": "Other", - "uid": "arn:aws:bedrock:eu-west-1:211203495394:model-invocation-logging" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Enable model invocation logging for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "references": [ - "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html#model-invocation-logging-console" - ] - }, - "risk_details": "In Amazon Bedrock, model invocation logging enables you to collect the invocation request and response data, along with metadata, for all 'Converse', 'ConverseStream', 'InvokeModel', and 'InvokeModelWithResponseStream' API calls in your AWS account. Each log entry includes important details such as the timestamp, request ID, model ID, and token usage. Invocation logs can be utilized for troubleshooting, performance enhancements, abuse detection, and security auditing. By default, model invocation logging is disabled.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Bedrock Model Invocation Logging is disabled.", - "metadata": { - "event_code": "bedrock_model_invocation_logging_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Bedrock Model Invocation Logging is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html", - "categories": [ - "logging", - "forensics-ready", - "gen-ai" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_a_1_1" - ], - "C5-2025": [ - "AM-01.01AC", - "OPS-11.02AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "SSO-05.01AC", - "PSS-04.05B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.2" - ], - "CCC": [ - "CCC.GenAI.CN01.AR01", - "CCC.GenAI.CN02.AR02", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.MLDE.CN05.AR01" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.2" - ], - "NIS2": [ - "3.2.3.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Ensure that model invocation logging is enabled for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "title": "Ensure that model invocation logging is enabled for Amazon Bedrock.", - "types": [], - "uid": "prowler-aws-bedrock_model_invocation_logging_enabled-211203495394-eu-west-2-model-invocation-logging" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-2", - "data": { - "details": "", - "metadata": { - "enabled": false, - "cloudwatch_log_group": null, - "s3_bucket": null - } - }, - "group": { - "name": "bedrock" - }, - "labels": [], - "name": "model-invocation-logging", - "type": "Other", - "uid": "arn:aws:bedrock:eu-west-2:211203495394:model-invocation-logging" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-2" - }, - "remediation": { - "desc": "Enable model invocation logging for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "references": [ - "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html#model-invocation-logging-console" - ] - }, - "risk_details": "In Amazon Bedrock, model invocation logging enables you to collect the invocation request and response data, along with metadata, for all 'Converse', 'ConverseStream', 'InvokeModel', and 'InvokeModelWithResponseStream' API calls in your AWS account. Each log entry includes important details such as the timestamp, request ID, model ID, and token usage. Invocation logs can be utilized for troubleshooting, performance enhancements, abuse detection, and security auditing. By default, model invocation logging is disabled.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Bedrock Model Invocation Logging is disabled.", - "metadata": { - "event_code": "bedrock_model_invocation_logging_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Bedrock Model Invocation Logging is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html", - "categories": [ - "logging", - "forensics-ready", - "gen-ai" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_a_1_1" - ], - "C5-2025": [ - "AM-01.01AC", - "OPS-11.02AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "SSO-05.01AC", - "PSS-04.05B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.2" - ], - "CCC": [ - "CCC.GenAI.CN01.AR01", - "CCC.GenAI.CN02.AR02", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.MLDE.CN05.AR01" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.2" - ], - "NIS2": [ - "3.2.3.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Ensure that model invocation logging is enabled for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "title": "Ensure that model invocation logging is enabled for Amazon Bedrock.", - "types": [], - "uid": "prowler-aws-bedrock_model_invocation_logging_enabled-211203495394-eu-west-3-model-invocation-logging" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-3", - "data": { - "details": "", - "metadata": { - "enabled": false, - "cloudwatch_log_group": null, - "s3_bucket": null - } - }, - "group": { - "name": "bedrock" - }, - "labels": [], - "name": "model-invocation-logging", - "type": "Other", - "uid": "arn:aws:bedrock:eu-west-3:211203495394:model-invocation-logging" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-3" - }, - "remediation": { - "desc": "Enable model invocation logging for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "references": [ - "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html#model-invocation-logging-console" - ] - }, - "risk_details": "In Amazon Bedrock, model invocation logging enables you to collect the invocation request and response data, along with metadata, for all 'Converse', 'ConverseStream', 'InvokeModel', and 'InvokeModelWithResponseStream' API calls in your AWS account. Each log entry includes important details such as the timestamp, request ID, model ID, and token usage. Invocation logs can be utilized for troubleshooting, performance enhancements, abuse detection, and security auditing. By default, model invocation logging is disabled.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Bedrock Model Invocation Logging is disabled.", - "metadata": { - "event_code": "bedrock_model_invocation_logging_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Bedrock Model Invocation Logging is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html", - "categories": [ - "logging", - "forensics-ready", - "gen-ai" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_a_1_1" - ], - "C5-2025": [ - "AM-01.01AC", - "OPS-11.02AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "SSO-05.01AC", - "PSS-04.05B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.2" - ], - "CCC": [ - "CCC.GenAI.CN01.AR01", - "CCC.GenAI.CN02.AR02", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.MLDE.CN05.AR01" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.2" - ], - "NIS2": [ - "3.2.3.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Ensure that model invocation logging is enabled for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "title": "Ensure that model invocation logging is enabled for Amazon Bedrock.", - "types": [], - "uid": "prowler-aws-bedrock_model_invocation_logging_enabled-211203495394-sa-east-1-model-invocation-logging" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "sa-east-1", - "data": { - "details": "", - "metadata": { - "enabled": false, - "cloudwatch_log_group": null, - "s3_bucket": null - } - }, - "group": { - "name": "bedrock" - }, - "labels": [], - "name": "model-invocation-logging", - "type": "Other", - "uid": "arn:aws:bedrock:sa-east-1:211203495394:model-invocation-logging" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "sa-east-1" - }, - "remediation": { - "desc": "Enable model invocation logging for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "references": [ - "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html#model-invocation-logging-console" - ] - }, - "risk_details": "In Amazon Bedrock, model invocation logging enables you to collect the invocation request and response data, along with metadata, for all 'Converse', 'ConverseStream', 'InvokeModel', and 'InvokeModelWithResponseStream' API calls in your AWS account. Each log entry includes important details such as the timestamp, request ID, model ID, and token usage. Invocation logs can be utilized for troubleshooting, performance enhancements, abuse detection, and security auditing. By default, model invocation logging is disabled.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Bedrock Model Invocation Logging is disabled.", - "metadata": { - "event_code": "bedrock_model_invocation_logging_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Bedrock Model Invocation Logging is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html", - "categories": [ - "logging", - "forensics-ready", - "gen-ai" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_a_1_1" - ], - "C5-2025": [ - "AM-01.01AC", - "OPS-11.02AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "SSO-05.01AC", - "PSS-04.05B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.2" - ], - "CCC": [ - "CCC.GenAI.CN01.AR01", - "CCC.GenAI.CN02.AR02", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.MLDE.CN05.AR01" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.2" - ], - "NIS2": [ - "3.2.3.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Ensure that model invocation logging is enabled for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "title": "Ensure that model invocation logging is enabled for Amazon Bedrock.", - "types": [], - "uid": "prowler-aws-bedrock_model_invocation_logging_enabled-211203495394-us-east-1-model-invocation-logging" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "enabled": false, - "cloudwatch_log_group": null, - "s3_bucket": null - } - }, - "group": { - "name": "bedrock" - }, - "labels": [], - "name": "model-invocation-logging", - "type": "Other", - "uid": "arn:aws:bedrock:us-east-1:211203495394:model-invocation-logging" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Enable model invocation logging for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "references": [ - "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html#model-invocation-logging-console" - ] - }, - "risk_details": "In Amazon Bedrock, model invocation logging enables you to collect the invocation request and response data, along with metadata, for all 'Converse', 'ConverseStream', 'InvokeModel', and 'InvokeModelWithResponseStream' API calls in your AWS account. Each log entry includes important details such as the timestamp, request ID, model ID, and token usage. Invocation logs can be utilized for troubleshooting, performance enhancements, abuse detection, and security auditing. By default, model invocation logging is disabled.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Bedrock Model Invocation Logging is disabled.", - "metadata": { - "event_code": "bedrock_model_invocation_logging_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Bedrock Model Invocation Logging is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html", - "categories": [ - "logging", - "forensics-ready", - "gen-ai" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_a_1_1" - ], - "C5-2025": [ - "AM-01.01AC", - "OPS-11.02AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "SSO-05.01AC", - "PSS-04.05B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.2" - ], - "CCC": [ - "CCC.GenAI.CN01.AR01", - "CCC.GenAI.CN02.AR02", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.MLDE.CN05.AR01" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.2" - ], - "NIS2": [ - "3.2.3.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Ensure that model invocation logging is enabled for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "title": "Ensure that model invocation logging is enabled for Amazon Bedrock.", - "types": [], - "uid": "prowler-aws-bedrock_model_invocation_logging_enabled-211203495394-us-east-2-model-invocation-logging" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-2", - "data": { - "details": "", - "metadata": { - "enabled": false, - "cloudwatch_log_group": null, - "s3_bucket": null - } - }, - "group": { - "name": "bedrock" - }, - "labels": [], - "name": "model-invocation-logging", - "type": "Other", - "uid": "arn:aws:bedrock:us-east-2:211203495394:model-invocation-logging" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-2" - }, - "remediation": { - "desc": "Enable model invocation logging for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "references": [ - "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html#model-invocation-logging-console" - ] - }, - "risk_details": "In Amazon Bedrock, model invocation logging enables you to collect the invocation request and response data, along with metadata, for all 'Converse', 'ConverseStream', 'InvokeModel', and 'InvokeModelWithResponseStream' API calls in your AWS account. Each log entry includes important details such as the timestamp, request ID, model ID, and token usage. Invocation logs can be utilized for troubleshooting, performance enhancements, abuse detection, and security auditing. By default, model invocation logging is disabled.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Bedrock Model Invocation Logging is disabled.", - "metadata": { - "event_code": "bedrock_model_invocation_logging_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Bedrock Model Invocation Logging is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html", - "categories": [ - "logging", - "forensics-ready", - "gen-ai" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_a_1_1" - ], - "C5-2025": [ - "AM-01.01AC", - "OPS-11.02AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "SSO-05.01AC", - "PSS-04.05B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.2" - ], - "CCC": [ - "CCC.GenAI.CN01.AR01", - "CCC.GenAI.CN02.AR02", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.MLDE.CN05.AR01" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.2" - ], - "NIS2": [ - "3.2.3.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Ensure that model invocation logging is enabled for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "title": "Ensure that model invocation logging is enabled for Amazon Bedrock.", - "types": [], - "uid": "prowler-aws-bedrock_model_invocation_logging_enabled-211203495394-us-west-1-model-invocation-logging" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-west-1", - "data": { - "details": "", - "metadata": { - "enabled": false, - "cloudwatch_log_group": null, - "s3_bucket": null - } - }, - "group": { - "name": "bedrock" - }, - "labels": [], - "name": "model-invocation-logging", - "type": "Other", - "uid": "arn:aws:bedrock:us-west-1:211203495394:model-invocation-logging" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-west-1" - }, - "remediation": { - "desc": "Enable model invocation logging for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "references": [ - "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html#model-invocation-logging-console" - ] - }, - "risk_details": "In Amazon Bedrock, model invocation logging enables you to collect the invocation request and response data, along with metadata, for all 'Converse', 'ConverseStream', 'InvokeModel', and 'InvokeModelWithResponseStream' API calls in your AWS account. Each log entry includes important details such as the timestamp, request ID, model ID, and token usage. Invocation logs can be utilized for troubleshooting, performance enhancements, abuse detection, and security auditing. By default, model invocation logging is disabled.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Bedrock Model Invocation Logging is disabled.", - "metadata": { - "event_code": "bedrock_model_invocation_logging_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Bedrock Model Invocation Logging is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html", - "categories": [ - "logging", - "forensics-ready", - "gen-ai" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_a_1_1" - ], - "C5-2025": [ - "AM-01.01AC", - "OPS-11.02AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "SSO-05.01AC", - "PSS-04.05B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.2" - ], - "CCC": [ - "CCC.GenAI.CN01.AR01", - "CCC.GenAI.CN02.AR02", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.MLDE.CN05.AR01" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.2" - ], - "NIS2": [ - "3.2.3.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Ensure that model invocation logging is enabled for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "title": "Ensure that model invocation logging is enabled for Amazon Bedrock.", - "types": [], - "uid": "prowler-aws-bedrock_model_invocation_logging_enabled-211203495394-us-west-2-model-invocation-logging" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-west-2", - "data": { - "details": "", - "metadata": { - "enabled": false, - "cloudwatch_log_group": null, - "s3_bucket": null - } - }, - "group": { - "name": "bedrock" - }, - "labels": [], - "name": "model-invocation-logging", - "type": "Other", - "uid": "arn:aws:bedrock:us-west-2:211203495394:model-invocation-logging" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-west-2" - }, - "remediation": { - "desc": "Enable model invocation logging for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "references": [ - "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html#model-invocation-logging-console" - ] - }, - "risk_details": "In Amazon Bedrock, model invocation logging enables you to collect the invocation request and response data, along with metadata, for all 'Converse', 'ConverseStream', 'InvokeModel', and 'InvokeModelWithResponseStream' API calls in your AWS account. Each log entry includes important details such as the timestamp, request ID, model ID, and token usage. Invocation logs can be utilized for troubleshooting, performance enhancements, abuse detection, and security auditing. By default, model invocation logging is disabled.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled with logging were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled with logging were found.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_12", - "3_3_1", - "3_3_2", - "3_3_3", - "3_4_1", - "3_6_1", - "3_6_2", - "3_13_1", - "3_13_2", - "3_14_6", - "3_14_7" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_4" - ], - "HIPAA": [ - "164_308_a_1_ii_d", - "164_308_a_3_ii_a", - "164_308_a_6_ii", - "164_312_b", - "164_312_e_2_i" - ], - "SOC2": [ - "cc_2_1", - "cc_7_2", - "cc_a_1_1" - ], - "C5-2025": [ - "OIS-05.01B", - "OIS-05.02B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-15.03B", - "IAM-07.04B", - "DEV-08.02B", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-12.03AC" - ], - "NIST-CSF-1.1": [ - "ae_1", - "ae_3", - "ae_4", - "cm_1", - "cm_3", - "cm_6", - "cm_7", - "am_3", - "ac_6", - "ds_5", - "ma_2", - "pt_1" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-4", - "ac-2-g", - "au-2-a-d", - "au-3", - "au-6-1-3", - "au-12-a-c", - "ca-7-a-b", - "si-4-16", - "si-4-2", - "si-4-4", - "si-4-5" - ], - "CIS-3.0": [ - "3.1" - ], - "NIST-800-53-Revision-5": [ - "ac_2_4", - "ac_3_1", - "ac_3_10", - "ac_4_26", - "ac_6_9", - "au_2_b", - "au_3_1", - "au_3_a", - "au_3_b", - "au_3_c", - "au_3_d", - "au_3_e", - "au_3_f", - "au_6_3", - "au_6_4", - "au_6_6", - "au_6_9", - "au_8_b", - "au_10", - "au_12_a", - "au_12_c", - "au_12_1", - "au_12_2", - "au_12_3", - "au_12_4", - "au_14_a", - "au_14_b", - "au_14_3", - "ca_7_b", - "cm_5_1_b", - "cm_6_a", - "cm_9_b", - "ia_3_3_b", - "ma_4_1_a", - "pm_14_a_1", - "pm_14_b", - "pm_31", - "sc_7_9_b", - "si_1_1_c", - "si_3_8_b", - "si_4_2", - "si_4_17", - "si_4_20", - "si_7_8", - "si_10_1_c" - ], - "ENS-RD2022": [ - "op.acc.6.r5.aws.iam.1", - "op.exp.5.aws.ct.1", - "op.exp.8.aws.ct.1", - "op.exp.8.aws.ct.6", - "op.exp.9.aws.ct.1", - "op.mon.1.aws.ct.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "CIS-4.0.1": [ - "3.1" - ], - "PCI-4.0": [ - "10.2.1.1.22", - "10.2.1.2.19", - "10.2.1.3.19", - "10.2.1.4.19", - "10.2.1.5.19", - "10.2.1.6.19", - "10.2.1.7.19", - "10.2.1.19", - "10.2.2.19", - "10.3.1.19", - "10.6.3.24", - "5.3.4.22", - "A1.2.1.23" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "au-2", - "ca-7" - ], - "FFIEC": [ - "d2-ma-ma-b-1", - "d2-ma-ma-b-2", - "d3-dc-an-b-3", - "d3-dc-an-b-4", - "d3-dc-an-b-5", - "d3-dc-ev-b-1", - "d3-dc-ev-b-3", - "d3-pc-im-b-3", - "d3-pc-im-b-7", - "d5-dr-de-b-3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "3.2", - "3.2.3", - "3.4", - "3.4.d", - "10.1", - "10.2", - "10.2.1", - "10.2.2", - "10.2.3", - "10.2.4", - "10.2.6", - "10.2.7", - "10.3", - "10.3.1", - "10.3.2", - "10.3.3", - "10.3.4", - "10.3.5", - "10.3.6", - "10.5", - "10.5.4" - ], - "CIS-5.0": [ - "3.1" - ], - "CIS-1.4": [ - "3.1" - ], - "GxP-EU-Annex-11": [ - "1-risk-management", - "4.2-validation-documentation-change-control" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Logging.CN05.AR01", - "CCC.Core.CN08.AR01", - "CCC.Core.CN09.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR03" - ], - "GxP-21-CFR-Part-11": [ - "11.10-e", - "11.10-k", - "11.300-d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "CloudTrail.1" - ], - "CIS-1.5": [ - "3.1" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02", - "SEC04-BP03" - ], - "NIST-800-53-Revision-4": [ - "ac_2_4", - "ac_2", - "au_2", - "au_3", - "au_12", - "cm_2" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "CIS-2.0": [ - "3.1" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Ensure CloudTrail is enabled in all regions", - "title": "Ensure CloudTrail is enabled in all regions", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled-211203495394-ap-northeast-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-northeast-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:ap-northeast-1:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-northeast-1" - }, - "remediation": { - "desc": "Ensure Logging is set to ON on all regions (even if they are not being used at the moment.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrailconcepts.html#cloudtrail-concepts-management-events" - ] - }, - "risk_details": "AWS CloudTrail is a web service that records AWS API calls for your account and delivers log files to you. The recorded information includes the identity of the API caller, the time of the API call, the source IP address of the API caller, the request parameters, and the response elements returned by the AWS service.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled with logging were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled with logging were found.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_12", - "3_3_1", - "3_3_2", - "3_3_3", - "3_4_1", - "3_6_1", - "3_6_2", - "3_13_1", - "3_13_2", - "3_14_6", - "3_14_7" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_4" - ], - "HIPAA": [ - "164_308_a_1_ii_d", - "164_308_a_3_ii_a", - "164_308_a_6_ii", - "164_312_b", - "164_312_e_2_i" - ], - "SOC2": [ - "cc_2_1", - "cc_7_2", - "cc_a_1_1" - ], - "C5-2025": [ - "OIS-05.01B", - "OIS-05.02B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-15.03B", - "IAM-07.04B", - "DEV-08.02B", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-12.03AC" - ], - "NIST-CSF-1.1": [ - "ae_1", - "ae_3", - "ae_4", - "cm_1", - "cm_3", - "cm_6", - "cm_7", - "am_3", - "ac_6", - "ds_5", - "ma_2", - "pt_1" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-4", - "ac-2-g", - "au-2-a-d", - "au-3", - "au-6-1-3", - "au-12-a-c", - "ca-7-a-b", - "si-4-16", - "si-4-2", - "si-4-4", - "si-4-5" - ], - "CIS-3.0": [ - "3.1" - ], - "NIST-800-53-Revision-5": [ - "ac_2_4", - "ac_3_1", - "ac_3_10", - "ac_4_26", - "ac_6_9", - "au_2_b", - "au_3_1", - "au_3_a", - "au_3_b", - "au_3_c", - "au_3_d", - "au_3_e", - "au_3_f", - "au_6_3", - "au_6_4", - "au_6_6", - "au_6_9", - "au_8_b", - "au_10", - "au_12_a", - "au_12_c", - "au_12_1", - "au_12_2", - "au_12_3", - "au_12_4", - "au_14_a", - "au_14_b", - "au_14_3", - "ca_7_b", - "cm_5_1_b", - "cm_6_a", - "cm_9_b", - "ia_3_3_b", - "ma_4_1_a", - "pm_14_a_1", - "pm_14_b", - "pm_31", - "sc_7_9_b", - "si_1_1_c", - "si_3_8_b", - "si_4_2", - "si_4_17", - "si_4_20", - "si_7_8", - "si_10_1_c" - ], - "ENS-RD2022": [ - "op.acc.6.r5.aws.iam.1", - "op.exp.5.aws.ct.1", - "op.exp.8.aws.ct.1", - "op.exp.8.aws.ct.6", - "op.exp.9.aws.ct.1", - "op.mon.1.aws.ct.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "CIS-4.0.1": [ - "3.1" - ], - "PCI-4.0": [ - "10.2.1.1.22", - "10.2.1.2.19", - "10.2.1.3.19", - "10.2.1.4.19", - "10.2.1.5.19", - "10.2.1.6.19", - "10.2.1.7.19", - "10.2.1.19", - "10.2.2.19", - "10.3.1.19", - "10.6.3.24", - "5.3.4.22", - "A1.2.1.23" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "au-2", - "ca-7" - ], - "FFIEC": [ - "d2-ma-ma-b-1", - "d2-ma-ma-b-2", - "d3-dc-an-b-3", - "d3-dc-an-b-4", - "d3-dc-an-b-5", - "d3-dc-ev-b-1", - "d3-dc-ev-b-3", - "d3-pc-im-b-3", - "d3-pc-im-b-7", - "d5-dr-de-b-3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "3.2", - "3.2.3", - "3.4", - "3.4.d", - "10.1", - "10.2", - "10.2.1", - "10.2.2", - "10.2.3", - "10.2.4", - "10.2.6", - "10.2.7", - "10.3", - "10.3.1", - "10.3.2", - "10.3.3", - "10.3.4", - "10.3.5", - "10.3.6", - "10.5", - "10.5.4" - ], - "CIS-5.0": [ - "3.1" - ], - "CIS-1.4": [ - "3.1" - ], - "GxP-EU-Annex-11": [ - "1-risk-management", - "4.2-validation-documentation-change-control" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Logging.CN05.AR01", - "CCC.Core.CN08.AR01", - "CCC.Core.CN09.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR03" - ], - "GxP-21-CFR-Part-11": [ - "11.10-e", - "11.10-k", - "11.300-d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "CloudTrail.1" - ], - "CIS-1.5": [ - "3.1" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02", - "SEC04-BP03" - ], - "NIST-800-53-Revision-4": [ - "ac_2_4", - "ac_2", - "au_2", - "au_3", - "au_12", - "cm_2" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "CIS-2.0": [ - "3.1" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Ensure CloudTrail is enabled in all regions", - "title": "Ensure CloudTrail is enabled in all regions", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled-211203495394-ap-northeast-2-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-northeast-2", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:ap-northeast-2:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-northeast-2" - }, - "remediation": { - "desc": "Ensure Logging is set to ON on all regions (even if they are not being used at the moment.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrailconcepts.html#cloudtrail-concepts-management-events" - ] - }, - "risk_details": "AWS CloudTrail is a web service that records AWS API calls for your account and delivers log files to you. The recorded information includes the identity of the API caller, the time of the API call, the source IP address of the API caller, the request parameters, and the response elements returned by the AWS service.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled with logging were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled with logging were found.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_12", - "3_3_1", - "3_3_2", - "3_3_3", - "3_4_1", - "3_6_1", - "3_6_2", - "3_13_1", - "3_13_2", - "3_14_6", - "3_14_7" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_4" - ], - "HIPAA": [ - "164_308_a_1_ii_d", - "164_308_a_3_ii_a", - "164_308_a_6_ii", - "164_312_b", - "164_312_e_2_i" - ], - "SOC2": [ - "cc_2_1", - "cc_7_2", - "cc_a_1_1" - ], - "C5-2025": [ - "OIS-05.01B", - "OIS-05.02B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-15.03B", - "IAM-07.04B", - "DEV-08.02B", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-12.03AC" - ], - "NIST-CSF-1.1": [ - "ae_1", - "ae_3", - "ae_4", - "cm_1", - "cm_3", - "cm_6", - "cm_7", - "am_3", - "ac_6", - "ds_5", - "ma_2", - "pt_1" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-4", - "ac-2-g", - "au-2-a-d", - "au-3", - "au-6-1-3", - "au-12-a-c", - "ca-7-a-b", - "si-4-16", - "si-4-2", - "si-4-4", - "si-4-5" - ], - "CIS-3.0": [ - "3.1" - ], - "NIST-800-53-Revision-5": [ - "ac_2_4", - "ac_3_1", - "ac_3_10", - "ac_4_26", - "ac_6_9", - "au_2_b", - "au_3_1", - "au_3_a", - "au_3_b", - "au_3_c", - "au_3_d", - "au_3_e", - "au_3_f", - "au_6_3", - "au_6_4", - "au_6_6", - "au_6_9", - "au_8_b", - "au_10", - "au_12_a", - "au_12_c", - "au_12_1", - "au_12_2", - "au_12_3", - "au_12_4", - "au_14_a", - "au_14_b", - "au_14_3", - "ca_7_b", - "cm_5_1_b", - "cm_6_a", - "cm_9_b", - "ia_3_3_b", - "ma_4_1_a", - "pm_14_a_1", - "pm_14_b", - "pm_31", - "sc_7_9_b", - "si_1_1_c", - "si_3_8_b", - "si_4_2", - "si_4_17", - "si_4_20", - "si_7_8", - "si_10_1_c" - ], - "ENS-RD2022": [ - "op.acc.6.r5.aws.iam.1", - "op.exp.5.aws.ct.1", - "op.exp.8.aws.ct.1", - "op.exp.8.aws.ct.6", - "op.exp.9.aws.ct.1", - "op.mon.1.aws.ct.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "CIS-4.0.1": [ - "3.1" - ], - "PCI-4.0": [ - "10.2.1.1.22", - "10.2.1.2.19", - "10.2.1.3.19", - "10.2.1.4.19", - "10.2.1.5.19", - "10.2.1.6.19", - "10.2.1.7.19", - "10.2.1.19", - "10.2.2.19", - "10.3.1.19", - "10.6.3.24", - "5.3.4.22", - "A1.2.1.23" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "au-2", - "ca-7" - ], - "FFIEC": [ - "d2-ma-ma-b-1", - "d2-ma-ma-b-2", - "d3-dc-an-b-3", - "d3-dc-an-b-4", - "d3-dc-an-b-5", - "d3-dc-ev-b-1", - "d3-dc-ev-b-3", - "d3-pc-im-b-3", - "d3-pc-im-b-7", - "d5-dr-de-b-3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "3.2", - "3.2.3", - "3.4", - "3.4.d", - "10.1", - "10.2", - "10.2.1", - "10.2.2", - "10.2.3", - "10.2.4", - "10.2.6", - "10.2.7", - "10.3", - "10.3.1", - "10.3.2", - "10.3.3", - "10.3.4", - "10.3.5", - "10.3.6", - "10.5", - "10.5.4" - ], - "CIS-5.0": [ - "3.1" - ], - "CIS-1.4": [ - "3.1" - ], - "GxP-EU-Annex-11": [ - "1-risk-management", - "4.2-validation-documentation-change-control" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Logging.CN05.AR01", - "CCC.Core.CN08.AR01", - "CCC.Core.CN09.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR03" - ], - "GxP-21-CFR-Part-11": [ - "11.10-e", - "11.10-k", - "11.300-d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "CloudTrail.1" - ], - "CIS-1.5": [ - "3.1" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02", - "SEC04-BP03" - ], - "NIST-800-53-Revision-4": [ - "ac_2_4", - "ac_2", - "au_2", - "au_3", - "au_12", - "cm_2" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "CIS-2.0": [ - "3.1" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Ensure CloudTrail is enabled in all regions", - "title": "Ensure CloudTrail is enabled in all regions", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled-211203495394-ap-northeast-3-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-northeast-3", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:ap-northeast-3:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-northeast-3" - }, - "remediation": { - "desc": "Ensure Logging is set to ON on all regions (even if they are not being used at the moment.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrailconcepts.html#cloudtrail-concepts-management-events" - ] - }, - "risk_details": "AWS CloudTrail is a web service that records AWS API calls for your account and delivers log files to you. The recorded information includes the identity of the API caller, the time of the API call, the source IP address of the API caller, the request parameters, and the response elements returned by the AWS service.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled with logging were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled with logging were found.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_12", - "3_3_1", - "3_3_2", - "3_3_3", - "3_4_1", - "3_6_1", - "3_6_2", - "3_13_1", - "3_13_2", - "3_14_6", - "3_14_7" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_4" - ], - "HIPAA": [ - "164_308_a_1_ii_d", - "164_308_a_3_ii_a", - "164_308_a_6_ii", - "164_312_b", - "164_312_e_2_i" - ], - "SOC2": [ - "cc_2_1", - "cc_7_2", - "cc_a_1_1" - ], - "C5-2025": [ - "OIS-05.01B", - "OIS-05.02B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-15.03B", - "IAM-07.04B", - "DEV-08.02B", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-12.03AC" - ], - "NIST-CSF-1.1": [ - "ae_1", - "ae_3", - "ae_4", - "cm_1", - "cm_3", - "cm_6", - "cm_7", - "am_3", - "ac_6", - "ds_5", - "ma_2", - "pt_1" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-4", - "ac-2-g", - "au-2-a-d", - "au-3", - "au-6-1-3", - "au-12-a-c", - "ca-7-a-b", - "si-4-16", - "si-4-2", - "si-4-4", - "si-4-5" - ], - "CIS-3.0": [ - "3.1" - ], - "NIST-800-53-Revision-5": [ - "ac_2_4", - "ac_3_1", - "ac_3_10", - "ac_4_26", - "ac_6_9", - "au_2_b", - "au_3_1", - "au_3_a", - "au_3_b", - "au_3_c", - "au_3_d", - "au_3_e", - "au_3_f", - "au_6_3", - "au_6_4", - "au_6_6", - "au_6_9", - "au_8_b", - "au_10", - "au_12_a", - "au_12_c", - "au_12_1", - "au_12_2", - "au_12_3", - "au_12_4", - "au_14_a", - "au_14_b", - "au_14_3", - "ca_7_b", - "cm_5_1_b", - "cm_6_a", - "cm_9_b", - "ia_3_3_b", - "ma_4_1_a", - "pm_14_a_1", - "pm_14_b", - "pm_31", - "sc_7_9_b", - "si_1_1_c", - "si_3_8_b", - "si_4_2", - "si_4_17", - "si_4_20", - "si_7_8", - "si_10_1_c" - ], - "ENS-RD2022": [ - "op.acc.6.r5.aws.iam.1", - "op.exp.5.aws.ct.1", - "op.exp.8.aws.ct.1", - "op.exp.8.aws.ct.6", - "op.exp.9.aws.ct.1", - "op.mon.1.aws.ct.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "CIS-4.0.1": [ - "3.1" - ], - "PCI-4.0": [ - "10.2.1.1.22", - "10.2.1.2.19", - "10.2.1.3.19", - "10.2.1.4.19", - "10.2.1.5.19", - "10.2.1.6.19", - "10.2.1.7.19", - "10.2.1.19", - "10.2.2.19", - "10.3.1.19", - "10.6.3.24", - "5.3.4.22", - "A1.2.1.23" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "au-2", - "ca-7" - ], - "FFIEC": [ - "d2-ma-ma-b-1", - "d2-ma-ma-b-2", - "d3-dc-an-b-3", - "d3-dc-an-b-4", - "d3-dc-an-b-5", - "d3-dc-ev-b-1", - "d3-dc-ev-b-3", - "d3-pc-im-b-3", - "d3-pc-im-b-7", - "d5-dr-de-b-3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "3.2", - "3.2.3", - "3.4", - "3.4.d", - "10.1", - "10.2", - "10.2.1", - "10.2.2", - "10.2.3", - "10.2.4", - "10.2.6", - "10.2.7", - "10.3", - "10.3.1", - "10.3.2", - "10.3.3", - "10.3.4", - "10.3.5", - "10.3.6", - "10.5", - "10.5.4" - ], - "CIS-5.0": [ - "3.1" - ], - "CIS-1.4": [ - "3.1" - ], - "GxP-EU-Annex-11": [ - "1-risk-management", - "4.2-validation-documentation-change-control" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Logging.CN05.AR01", - "CCC.Core.CN08.AR01", - "CCC.Core.CN09.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR03" - ], - "GxP-21-CFR-Part-11": [ - "11.10-e", - "11.10-k", - "11.300-d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "CloudTrail.1" - ], - "CIS-1.5": [ - "3.1" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02", - "SEC04-BP03" - ], - "NIST-800-53-Revision-4": [ - "ac_2_4", - "ac_2", - "au_2", - "au_3", - "au_12", - "cm_2" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "CIS-2.0": [ - "3.1" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Ensure CloudTrail is enabled in all regions", - "title": "Ensure CloudTrail is enabled in all regions", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled-211203495394-ap-south-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-south-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:ap-south-1:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-south-1" - }, - "remediation": { - "desc": "Ensure Logging is set to ON on all regions (even if they are not being used at the moment.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrailconcepts.html#cloudtrail-concepts-management-events" - ] - }, - "risk_details": "AWS CloudTrail is a web service that records AWS API calls for your account and delivers log files to you. The recorded information includes the identity of the API caller, the time of the API call, the source IP address of the API caller, the request parameters, and the response elements returned by the AWS service.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled with logging were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled with logging were found.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_12", - "3_3_1", - "3_3_2", - "3_3_3", - "3_4_1", - "3_6_1", - "3_6_2", - "3_13_1", - "3_13_2", - "3_14_6", - "3_14_7" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_4" - ], - "HIPAA": [ - "164_308_a_1_ii_d", - "164_308_a_3_ii_a", - "164_308_a_6_ii", - "164_312_b", - "164_312_e_2_i" - ], - "SOC2": [ - "cc_2_1", - "cc_7_2", - "cc_a_1_1" - ], - "C5-2025": [ - "OIS-05.01B", - "OIS-05.02B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-15.03B", - "IAM-07.04B", - "DEV-08.02B", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-12.03AC" - ], - "NIST-CSF-1.1": [ - "ae_1", - "ae_3", - "ae_4", - "cm_1", - "cm_3", - "cm_6", - "cm_7", - "am_3", - "ac_6", - "ds_5", - "ma_2", - "pt_1" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-4", - "ac-2-g", - "au-2-a-d", - "au-3", - "au-6-1-3", - "au-12-a-c", - "ca-7-a-b", - "si-4-16", - "si-4-2", - "si-4-4", - "si-4-5" - ], - "CIS-3.0": [ - "3.1" - ], - "NIST-800-53-Revision-5": [ - "ac_2_4", - "ac_3_1", - "ac_3_10", - "ac_4_26", - "ac_6_9", - "au_2_b", - "au_3_1", - "au_3_a", - "au_3_b", - "au_3_c", - "au_3_d", - "au_3_e", - "au_3_f", - "au_6_3", - "au_6_4", - "au_6_6", - "au_6_9", - "au_8_b", - "au_10", - "au_12_a", - "au_12_c", - "au_12_1", - "au_12_2", - "au_12_3", - "au_12_4", - "au_14_a", - "au_14_b", - "au_14_3", - "ca_7_b", - "cm_5_1_b", - "cm_6_a", - "cm_9_b", - "ia_3_3_b", - "ma_4_1_a", - "pm_14_a_1", - "pm_14_b", - "pm_31", - "sc_7_9_b", - "si_1_1_c", - "si_3_8_b", - "si_4_2", - "si_4_17", - "si_4_20", - "si_7_8", - "si_10_1_c" - ], - "ENS-RD2022": [ - "op.acc.6.r5.aws.iam.1", - "op.exp.5.aws.ct.1", - "op.exp.8.aws.ct.1", - "op.exp.8.aws.ct.6", - "op.exp.9.aws.ct.1", - "op.mon.1.aws.ct.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "CIS-4.0.1": [ - "3.1" - ], - "PCI-4.0": [ - "10.2.1.1.22", - "10.2.1.2.19", - "10.2.1.3.19", - "10.2.1.4.19", - "10.2.1.5.19", - "10.2.1.6.19", - "10.2.1.7.19", - "10.2.1.19", - "10.2.2.19", - "10.3.1.19", - "10.6.3.24", - "5.3.4.22", - "A1.2.1.23" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "au-2", - "ca-7" - ], - "FFIEC": [ - "d2-ma-ma-b-1", - "d2-ma-ma-b-2", - "d3-dc-an-b-3", - "d3-dc-an-b-4", - "d3-dc-an-b-5", - "d3-dc-ev-b-1", - "d3-dc-ev-b-3", - "d3-pc-im-b-3", - "d3-pc-im-b-7", - "d5-dr-de-b-3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "3.2", - "3.2.3", - "3.4", - "3.4.d", - "10.1", - "10.2", - "10.2.1", - "10.2.2", - "10.2.3", - "10.2.4", - "10.2.6", - "10.2.7", - "10.3", - "10.3.1", - "10.3.2", - "10.3.3", - "10.3.4", - "10.3.5", - "10.3.6", - "10.5", - "10.5.4" - ], - "CIS-5.0": [ - "3.1" - ], - "CIS-1.4": [ - "3.1" - ], - "GxP-EU-Annex-11": [ - "1-risk-management", - "4.2-validation-documentation-change-control" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Logging.CN05.AR01", - "CCC.Core.CN08.AR01", - "CCC.Core.CN09.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR03" - ], - "GxP-21-CFR-Part-11": [ - "11.10-e", - "11.10-k", - "11.300-d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "CloudTrail.1" - ], - "CIS-1.5": [ - "3.1" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02", - "SEC04-BP03" - ], - "NIST-800-53-Revision-4": [ - "ac_2_4", - "ac_2", - "au_2", - "au_3", - "au_12", - "cm_2" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "CIS-2.0": [ - "3.1" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Ensure CloudTrail is enabled in all regions", - "title": "Ensure CloudTrail is enabled in all regions", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled-211203495394-ap-southeast-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-southeast-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:ap-southeast-1:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-southeast-1" - }, - "remediation": { - "desc": "Ensure Logging is set to ON on all regions (even if they are not being used at the moment.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrailconcepts.html#cloudtrail-concepts-management-events" - ] - }, - "risk_details": "AWS CloudTrail is a web service that records AWS API calls for your account and delivers log files to you. The recorded information includes the identity of the API caller, the time of the API call, the source IP address of the API caller, the request parameters, and the response elements returned by the AWS service.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled with logging were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled with logging were found.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_12", - "3_3_1", - "3_3_2", - "3_3_3", - "3_4_1", - "3_6_1", - "3_6_2", - "3_13_1", - "3_13_2", - "3_14_6", - "3_14_7" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_4" - ], - "HIPAA": [ - "164_308_a_1_ii_d", - "164_308_a_3_ii_a", - "164_308_a_6_ii", - "164_312_b", - "164_312_e_2_i" - ], - "SOC2": [ - "cc_2_1", - "cc_7_2", - "cc_a_1_1" - ], - "C5-2025": [ - "OIS-05.01B", - "OIS-05.02B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-15.03B", - "IAM-07.04B", - "DEV-08.02B", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-12.03AC" - ], - "NIST-CSF-1.1": [ - "ae_1", - "ae_3", - "ae_4", - "cm_1", - "cm_3", - "cm_6", - "cm_7", - "am_3", - "ac_6", - "ds_5", - "ma_2", - "pt_1" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-4", - "ac-2-g", - "au-2-a-d", - "au-3", - "au-6-1-3", - "au-12-a-c", - "ca-7-a-b", - "si-4-16", - "si-4-2", - "si-4-4", - "si-4-5" - ], - "CIS-3.0": [ - "3.1" - ], - "NIST-800-53-Revision-5": [ - "ac_2_4", - "ac_3_1", - "ac_3_10", - "ac_4_26", - "ac_6_9", - "au_2_b", - "au_3_1", - "au_3_a", - "au_3_b", - "au_3_c", - "au_3_d", - "au_3_e", - "au_3_f", - "au_6_3", - "au_6_4", - "au_6_6", - "au_6_9", - "au_8_b", - "au_10", - "au_12_a", - "au_12_c", - "au_12_1", - "au_12_2", - "au_12_3", - "au_12_4", - "au_14_a", - "au_14_b", - "au_14_3", - "ca_7_b", - "cm_5_1_b", - "cm_6_a", - "cm_9_b", - "ia_3_3_b", - "ma_4_1_a", - "pm_14_a_1", - "pm_14_b", - "pm_31", - "sc_7_9_b", - "si_1_1_c", - "si_3_8_b", - "si_4_2", - "si_4_17", - "si_4_20", - "si_7_8", - "si_10_1_c" - ], - "ENS-RD2022": [ - "op.acc.6.r5.aws.iam.1", - "op.exp.5.aws.ct.1", - "op.exp.8.aws.ct.1", - "op.exp.8.aws.ct.6", - "op.exp.9.aws.ct.1", - "op.mon.1.aws.ct.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "CIS-4.0.1": [ - "3.1" - ], - "PCI-4.0": [ - "10.2.1.1.22", - "10.2.1.2.19", - "10.2.1.3.19", - "10.2.1.4.19", - "10.2.1.5.19", - "10.2.1.6.19", - "10.2.1.7.19", - "10.2.1.19", - "10.2.2.19", - "10.3.1.19", - "10.6.3.24", - "5.3.4.22", - "A1.2.1.23" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "au-2", - "ca-7" - ], - "FFIEC": [ - "d2-ma-ma-b-1", - "d2-ma-ma-b-2", - "d3-dc-an-b-3", - "d3-dc-an-b-4", - "d3-dc-an-b-5", - "d3-dc-ev-b-1", - "d3-dc-ev-b-3", - "d3-pc-im-b-3", - "d3-pc-im-b-7", - "d5-dr-de-b-3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "3.2", - "3.2.3", - "3.4", - "3.4.d", - "10.1", - "10.2", - "10.2.1", - "10.2.2", - "10.2.3", - "10.2.4", - "10.2.6", - "10.2.7", - "10.3", - "10.3.1", - "10.3.2", - "10.3.3", - "10.3.4", - "10.3.5", - "10.3.6", - "10.5", - "10.5.4" - ], - "CIS-5.0": [ - "3.1" - ], - "CIS-1.4": [ - "3.1" - ], - "GxP-EU-Annex-11": [ - "1-risk-management", - "4.2-validation-documentation-change-control" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Logging.CN05.AR01", - "CCC.Core.CN08.AR01", - "CCC.Core.CN09.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR03" - ], - "GxP-21-CFR-Part-11": [ - "11.10-e", - "11.10-k", - "11.300-d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "CloudTrail.1" - ], - "CIS-1.5": [ - "3.1" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02", - "SEC04-BP03" - ], - "NIST-800-53-Revision-4": [ - "ac_2_4", - "ac_2", - "au_2", - "au_3", - "au_12", - "cm_2" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "CIS-2.0": [ - "3.1" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Ensure CloudTrail is enabled in all regions", - "title": "Ensure CloudTrail is enabled in all regions", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled-211203495394-ap-southeast-2-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-southeast-2", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:ap-southeast-2:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-southeast-2" - }, - "remediation": { - "desc": "Ensure Logging is set to ON on all regions (even if they are not being used at the moment.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrailconcepts.html#cloudtrail-concepts-management-events" - ] - }, - "risk_details": "AWS CloudTrail is a web service that records AWS API calls for your account and delivers log files to you. The recorded information includes the identity of the API caller, the time of the API call, the source IP address of the API caller, the request parameters, and the response elements returned by the AWS service.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled with logging were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled with logging were found.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_12", - "3_3_1", - "3_3_2", - "3_3_3", - "3_4_1", - "3_6_1", - "3_6_2", - "3_13_1", - "3_13_2", - "3_14_6", - "3_14_7" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_4" - ], - "HIPAA": [ - "164_308_a_1_ii_d", - "164_308_a_3_ii_a", - "164_308_a_6_ii", - "164_312_b", - "164_312_e_2_i" - ], - "SOC2": [ - "cc_2_1", - "cc_7_2", - "cc_a_1_1" - ], - "C5-2025": [ - "OIS-05.01B", - "OIS-05.02B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-15.03B", - "IAM-07.04B", - "DEV-08.02B", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-12.03AC" - ], - "NIST-CSF-1.1": [ - "ae_1", - "ae_3", - "ae_4", - "cm_1", - "cm_3", - "cm_6", - "cm_7", - "am_3", - "ac_6", - "ds_5", - "ma_2", - "pt_1" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-4", - "ac-2-g", - "au-2-a-d", - "au-3", - "au-6-1-3", - "au-12-a-c", - "ca-7-a-b", - "si-4-16", - "si-4-2", - "si-4-4", - "si-4-5" - ], - "CIS-3.0": [ - "3.1" - ], - "NIST-800-53-Revision-5": [ - "ac_2_4", - "ac_3_1", - "ac_3_10", - "ac_4_26", - "ac_6_9", - "au_2_b", - "au_3_1", - "au_3_a", - "au_3_b", - "au_3_c", - "au_3_d", - "au_3_e", - "au_3_f", - "au_6_3", - "au_6_4", - "au_6_6", - "au_6_9", - "au_8_b", - "au_10", - "au_12_a", - "au_12_c", - "au_12_1", - "au_12_2", - "au_12_3", - "au_12_4", - "au_14_a", - "au_14_b", - "au_14_3", - "ca_7_b", - "cm_5_1_b", - "cm_6_a", - "cm_9_b", - "ia_3_3_b", - "ma_4_1_a", - "pm_14_a_1", - "pm_14_b", - "pm_31", - "sc_7_9_b", - "si_1_1_c", - "si_3_8_b", - "si_4_2", - "si_4_17", - "si_4_20", - "si_7_8", - "si_10_1_c" - ], - "ENS-RD2022": [ - "op.acc.6.r5.aws.iam.1", - "op.exp.5.aws.ct.1", - "op.exp.8.aws.ct.1", - "op.exp.8.aws.ct.6", - "op.exp.9.aws.ct.1", - "op.mon.1.aws.ct.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "CIS-4.0.1": [ - "3.1" - ], - "PCI-4.0": [ - "10.2.1.1.22", - "10.2.1.2.19", - "10.2.1.3.19", - "10.2.1.4.19", - "10.2.1.5.19", - "10.2.1.6.19", - "10.2.1.7.19", - "10.2.1.19", - "10.2.2.19", - "10.3.1.19", - "10.6.3.24", - "5.3.4.22", - "A1.2.1.23" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "au-2", - "ca-7" - ], - "FFIEC": [ - "d2-ma-ma-b-1", - "d2-ma-ma-b-2", - "d3-dc-an-b-3", - "d3-dc-an-b-4", - "d3-dc-an-b-5", - "d3-dc-ev-b-1", - "d3-dc-ev-b-3", - "d3-pc-im-b-3", - "d3-pc-im-b-7", - "d5-dr-de-b-3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "3.2", - "3.2.3", - "3.4", - "3.4.d", - "10.1", - "10.2", - "10.2.1", - "10.2.2", - "10.2.3", - "10.2.4", - "10.2.6", - "10.2.7", - "10.3", - "10.3.1", - "10.3.2", - "10.3.3", - "10.3.4", - "10.3.5", - "10.3.6", - "10.5", - "10.5.4" - ], - "CIS-5.0": [ - "3.1" - ], - "CIS-1.4": [ - "3.1" - ], - "GxP-EU-Annex-11": [ - "1-risk-management", - "4.2-validation-documentation-change-control" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Logging.CN05.AR01", - "CCC.Core.CN08.AR01", - "CCC.Core.CN09.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR03" - ], - "GxP-21-CFR-Part-11": [ - "11.10-e", - "11.10-k", - "11.300-d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "CloudTrail.1" - ], - "CIS-1.5": [ - "3.1" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02", - "SEC04-BP03" - ], - "NIST-800-53-Revision-4": [ - "ac_2_4", - "ac_2", - "au_2", - "au_3", - "au_12", - "cm_2" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "CIS-2.0": [ - "3.1" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Ensure CloudTrail is enabled in all regions", - "title": "Ensure CloudTrail is enabled in all regions", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled-211203495394-ca-central-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ca-central-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:ca-central-1:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ca-central-1" - }, - "remediation": { - "desc": "Ensure Logging is set to ON on all regions (even if they are not being used at the moment.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrailconcepts.html#cloudtrail-concepts-management-events" - ] - }, - "risk_details": "AWS CloudTrail is a web service that records AWS API calls for your account and delivers log files to you. The recorded information includes the identity of the API caller, the time of the API call, the source IP address of the API caller, the request parameters, and the response elements returned by the AWS service.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled with logging were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled with logging were found.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_12", - "3_3_1", - "3_3_2", - "3_3_3", - "3_4_1", - "3_6_1", - "3_6_2", - "3_13_1", - "3_13_2", - "3_14_6", - "3_14_7" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_4" - ], - "HIPAA": [ - "164_308_a_1_ii_d", - "164_308_a_3_ii_a", - "164_308_a_6_ii", - "164_312_b", - "164_312_e_2_i" - ], - "SOC2": [ - "cc_2_1", - "cc_7_2", - "cc_a_1_1" - ], - "C5-2025": [ - "OIS-05.01B", - "OIS-05.02B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-15.03B", - "IAM-07.04B", - "DEV-08.02B", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-12.03AC" - ], - "NIST-CSF-1.1": [ - "ae_1", - "ae_3", - "ae_4", - "cm_1", - "cm_3", - "cm_6", - "cm_7", - "am_3", - "ac_6", - "ds_5", - "ma_2", - "pt_1" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-4", - "ac-2-g", - "au-2-a-d", - "au-3", - "au-6-1-3", - "au-12-a-c", - "ca-7-a-b", - "si-4-16", - "si-4-2", - "si-4-4", - "si-4-5" - ], - "CIS-3.0": [ - "3.1" - ], - "NIST-800-53-Revision-5": [ - "ac_2_4", - "ac_3_1", - "ac_3_10", - "ac_4_26", - "ac_6_9", - "au_2_b", - "au_3_1", - "au_3_a", - "au_3_b", - "au_3_c", - "au_3_d", - "au_3_e", - "au_3_f", - "au_6_3", - "au_6_4", - "au_6_6", - "au_6_9", - "au_8_b", - "au_10", - "au_12_a", - "au_12_c", - "au_12_1", - "au_12_2", - "au_12_3", - "au_12_4", - "au_14_a", - "au_14_b", - "au_14_3", - "ca_7_b", - "cm_5_1_b", - "cm_6_a", - "cm_9_b", - "ia_3_3_b", - "ma_4_1_a", - "pm_14_a_1", - "pm_14_b", - "pm_31", - "sc_7_9_b", - "si_1_1_c", - "si_3_8_b", - "si_4_2", - "si_4_17", - "si_4_20", - "si_7_8", - "si_10_1_c" - ], - "ENS-RD2022": [ - "op.acc.6.r5.aws.iam.1", - "op.exp.5.aws.ct.1", - "op.exp.8.aws.ct.1", - "op.exp.8.aws.ct.6", - "op.exp.9.aws.ct.1", - "op.mon.1.aws.ct.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "CIS-4.0.1": [ - "3.1" - ], - "PCI-4.0": [ - "10.2.1.1.22", - "10.2.1.2.19", - "10.2.1.3.19", - "10.2.1.4.19", - "10.2.1.5.19", - "10.2.1.6.19", - "10.2.1.7.19", - "10.2.1.19", - "10.2.2.19", - "10.3.1.19", - "10.6.3.24", - "5.3.4.22", - "A1.2.1.23" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "au-2", - "ca-7" - ], - "FFIEC": [ - "d2-ma-ma-b-1", - "d2-ma-ma-b-2", - "d3-dc-an-b-3", - "d3-dc-an-b-4", - "d3-dc-an-b-5", - "d3-dc-ev-b-1", - "d3-dc-ev-b-3", - "d3-pc-im-b-3", - "d3-pc-im-b-7", - "d5-dr-de-b-3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "3.2", - "3.2.3", - "3.4", - "3.4.d", - "10.1", - "10.2", - "10.2.1", - "10.2.2", - "10.2.3", - "10.2.4", - "10.2.6", - "10.2.7", - "10.3", - "10.3.1", - "10.3.2", - "10.3.3", - "10.3.4", - "10.3.5", - "10.3.6", - "10.5", - "10.5.4" - ], - "CIS-5.0": [ - "3.1" - ], - "CIS-1.4": [ - "3.1" - ], - "GxP-EU-Annex-11": [ - "1-risk-management", - "4.2-validation-documentation-change-control" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Logging.CN05.AR01", - "CCC.Core.CN08.AR01", - "CCC.Core.CN09.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR03" - ], - "GxP-21-CFR-Part-11": [ - "11.10-e", - "11.10-k", - "11.300-d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "CloudTrail.1" - ], - "CIS-1.5": [ - "3.1" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02", - "SEC04-BP03" - ], - "NIST-800-53-Revision-4": [ - "ac_2_4", - "ac_2", - "au_2", - "au_3", - "au_12", - "cm_2" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "CIS-2.0": [ - "3.1" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Ensure CloudTrail is enabled in all regions", - "title": "Ensure CloudTrail is enabled in all regions", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled-211203495394-eu-central-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-central-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:eu-central-1:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-central-1" - }, - "remediation": { - "desc": "Ensure Logging is set to ON on all regions (even if they are not being used at the moment.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrailconcepts.html#cloudtrail-concepts-management-events" - ] - }, - "risk_details": "AWS CloudTrail is a web service that records AWS API calls for your account and delivers log files to you. The recorded information includes the identity of the API caller, the time of the API call, the source IP address of the API caller, the request parameters, and the response elements returned by the AWS service.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled with logging were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled with logging were found.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_12", - "3_3_1", - "3_3_2", - "3_3_3", - "3_4_1", - "3_6_1", - "3_6_2", - "3_13_1", - "3_13_2", - "3_14_6", - "3_14_7" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_4" - ], - "HIPAA": [ - "164_308_a_1_ii_d", - "164_308_a_3_ii_a", - "164_308_a_6_ii", - "164_312_b", - "164_312_e_2_i" - ], - "SOC2": [ - "cc_2_1", - "cc_7_2", - "cc_a_1_1" - ], - "C5-2025": [ - "OIS-05.01B", - "OIS-05.02B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-15.03B", - "IAM-07.04B", - "DEV-08.02B", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-12.03AC" - ], - "NIST-CSF-1.1": [ - "ae_1", - "ae_3", - "ae_4", - "cm_1", - "cm_3", - "cm_6", - "cm_7", - "am_3", - "ac_6", - "ds_5", - "ma_2", - "pt_1" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-4", - "ac-2-g", - "au-2-a-d", - "au-3", - "au-6-1-3", - "au-12-a-c", - "ca-7-a-b", - "si-4-16", - "si-4-2", - "si-4-4", - "si-4-5" - ], - "CIS-3.0": [ - "3.1" - ], - "NIST-800-53-Revision-5": [ - "ac_2_4", - "ac_3_1", - "ac_3_10", - "ac_4_26", - "ac_6_9", - "au_2_b", - "au_3_1", - "au_3_a", - "au_3_b", - "au_3_c", - "au_3_d", - "au_3_e", - "au_3_f", - "au_6_3", - "au_6_4", - "au_6_6", - "au_6_9", - "au_8_b", - "au_10", - "au_12_a", - "au_12_c", - "au_12_1", - "au_12_2", - "au_12_3", - "au_12_4", - "au_14_a", - "au_14_b", - "au_14_3", - "ca_7_b", - "cm_5_1_b", - "cm_6_a", - "cm_9_b", - "ia_3_3_b", - "ma_4_1_a", - "pm_14_a_1", - "pm_14_b", - "pm_31", - "sc_7_9_b", - "si_1_1_c", - "si_3_8_b", - "si_4_2", - "si_4_17", - "si_4_20", - "si_7_8", - "si_10_1_c" - ], - "ENS-RD2022": [ - "op.acc.6.r5.aws.iam.1", - "op.exp.5.aws.ct.1", - "op.exp.8.aws.ct.1", - "op.exp.8.aws.ct.6", - "op.exp.9.aws.ct.1", - "op.mon.1.aws.ct.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "CIS-4.0.1": [ - "3.1" - ], - "PCI-4.0": [ - "10.2.1.1.22", - "10.2.1.2.19", - "10.2.1.3.19", - "10.2.1.4.19", - "10.2.1.5.19", - "10.2.1.6.19", - "10.2.1.7.19", - "10.2.1.19", - "10.2.2.19", - "10.3.1.19", - "10.6.3.24", - "5.3.4.22", - "A1.2.1.23" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "au-2", - "ca-7" - ], - "FFIEC": [ - "d2-ma-ma-b-1", - "d2-ma-ma-b-2", - "d3-dc-an-b-3", - "d3-dc-an-b-4", - "d3-dc-an-b-5", - "d3-dc-ev-b-1", - "d3-dc-ev-b-3", - "d3-pc-im-b-3", - "d3-pc-im-b-7", - "d5-dr-de-b-3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "3.2", - "3.2.3", - "3.4", - "3.4.d", - "10.1", - "10.2", - "10.2.1", - "10.2.2", - "10.2.3", - "10.2.4", - "10.2.6", - "10.2.7", - "10.3", - "10.3.1", - "10.3.2", - "10.3.3", - "10.3.4", - "10.3.5", - "10.3.6", - "10.5", - "10.5.4" - ], - "CIS-5.0": [ - "3.1" - ], - "CIS-1.4": [ - "3.1" - ], - "GxP-EU-Annex-11": [ - "1-risk-management", - "4.2-validation-documentation-change-control" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Logging.CN05.AR01", - "CCC.Core.CN08.AR01", - "CCC.Core.CN09.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR03" - ], - "GxP-21-CFR-Part-11": [ - "11.10-e", - "11.10-k", - "11.300-d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "CloudTrail.1" - ], - "CIS-1.5": [ - "3.1" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02", - "SEC04-BP03" - ], - "NIST-800-53-Revision-4": [ - "ac_2_4", - "ac_2", - "au_2", - "au_3", - "au_12", - "cm_2" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "CIS-2.0": [ - "3.1" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Ensure CloudTrail is enabled in all regions", - "title": "Ensure CloudTrail is enabled in all regions", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled-211203495394-eu-north-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-north-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:eu-north-1:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-north-1" - }, - "remediation": { - "desc": "Ensure Logging is set to ON on all regions (even if they are not being used at the moment.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrailconcepts.html#cloudtrail-concepts-management-events" - ] - }, - "risk_details": "AWS CloudTrail is a web service that records AWS API calls for your account and delivers log files to you. The recorded information includes the identity of the API caller, the time of the API call, the source IP address of the API caller, the request parameters, and the response elements returned by the AWS service.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled with logging were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled with logging were found.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_12", - "3_3_1", - "3_3_2", - "3_3_3", - "3_4_1", - "3_6_1", - "3_6_2", - "3_13_1", - "3_13_2", - "3_14_6", - "3_14_7" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_4" - ], - "HIPAA": [ - "164_308_a_1_ii_d", - "164_308_a_3_ii_a", - "164_308_a_6_ii", - "164_312_b", - "164_312_e_2_i" - ], - "SOC2": [ - "cc_2_1", - "cc_7_2", - "cc_a_1_1" - ], - "C5-2025": [ - "OIS-05.01B", - "OIS-05.02B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-15.03B", - "IAM-07.04B", - "DEV-08.02B", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-12.03AC" - ], - "NIST-CSF-1.1": [ - "ae_1", - "ae_3", - "ae_4", - "cm_1", - "cm_3", - "cm_6", - "cm_7", - "am_3", - "ac_6", - "ds_5", - "ma_2", - "pt_1" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-4", - "ac-2-g", - "au-2-a-d", - "au-3", - "au-6-1-3", - "au-12-a-c", - "ca-7-a-b", - "si-4-16", - "si-4-2", - "si-4-4", - "si-4-5" - ], - "CIS-3.0": [ - "3.1" - ], - "NIST-800-53-Revision-5": [ - "ac_2_4", - "ac_3_1", - "ac_3_10", - "ac_4_26", - "ac_6_9", - "au_2_b", - "au_3_1", - "au_3_a", - "au_3_b", - "au_3_c", - "au_3_d", - "au_3_e", - "au_3_f", - "au_6_3", - "au_6_4", - "au_6_6", - "au_6_9", - "au_8_b", - "au_10", - "au_12_a", - "au_12_c", - "au_12_1", - "au_12_2", - "au_12_3", - "au_12_4", - "au_14_a", - "au_14_b", - "au_14_3", - "ca_7_b", - "cm_5_1_b", - "cm_6_a", - "cm_9_b", - "ia_3_3_b", - "ma_4_1_a", - "pm_14_a_1", - "pm_14_b", - "pm_31", - "sc_7_9_b", - "si_1_1_c", - "si_3_8_b", - "si_4_2", - "si_4_17", - "si_4_20", - "si_7_8", - "si_10_1_c" - ], - "ENS-RD2022": [ - "op.acc.6.r5.aws.iam.1", - "op.exp.5.aws.ct.1", - "op.exp.8.aws.ct.1", - "op.exp.8.aws.ct.6", - "op.exp.9.aws.ct.1", - "op.mon.1.aws.ct.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "CIS-4.0.1": [ - "3.1" - ], - "PCI-4.0": [ - "10.2.1.1.22", - "10.2.1.2.19", - "10.2.1.3.19", - "10.2.1.4.19", - "10.2.1.5.19", - "10.2.1.6.19", - "10.2.1.7.19", - "10.2.1.19", - "10.2.2.19", - "10.3.1.19", - "10.6.3.24", - "5.3.4.22", - "A1.2.1.23" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "au-2", - "ca-7" - ], - "FFIEC": [ - "d2-ma-ma-b-1", - "d2-ma-ma-b-2", - "d3-dc-an-b-3", - "d3-dc-an-b-4", - "d3-dc-an-b-5", - "d3-dc-ev-b-1", - "d3-dc-ev-b-3", - "d3-pc-im-b-3", - "d3-pc-im-b-7", - "d5-dr-de-b-3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "3.2", - "3.2.3", - "3.4", - "3.4.d", - "10.1", - "10.2", - "10.2.1", - "10.2.2", - "10.2.3", - "10.2.4", - "10.2.6", - "10.2.7", - "10.3", - "10.3.1", - "10.3.2", - "10.3.3", - "10.3.4", - "10.3.5", - "10.3.6", - "10.5", - "10.5.4" - ], - "CIS-5.0": [ - "3.1" - ], - "CIS-1.4": [ - "3.1" - ], - "GxP-EU-Annex-11": [ - "1-risk-management", - "4.2-validation-documentation-change-control" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Logging.CN05.AR01", - "CCC.Core.CN08.AR01", - "CCC.Core.CN09.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR03" - ], - "GxP-21-CFR-Part-11": [ - "11.10-e", - "11.10-k", - "11.300-d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "CloudTrail.1" - ], - "CIS-1.5": [ - "3.1" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02", - "SEC04-BP03" - ], - "NIST-800-53-Revision-4": [ - "ac_2_4", - "ac_2", - "au_2", - "au_3", - "au_12", - "cm_2" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "CIS-2.0": [ - "3.1" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Ensure CloudTrail is enabled in all regions", - "title": "Ensure CloudTrail is enabled in all regions", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled-211203495394-eu-west-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:eu-west-1:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Ensure Logging is set to ON on all regions (even if they are not being used at the moment.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrailconcepts.html#cloudtrail-concepts-management-events" - ] - }, - "risk_details": "AWS CloudTrail is a web service that records AWS API calls for your account and delivers log files to you. The recorded information includes the identity of the API caller, the time of the API call, the source IP address of the API caller, the request parameters, and the response elements returned by the AWS service.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled with logging were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled with logging were found.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_12", - "3_3_1", - "3_3_2", - "3_3_3", - "3_4_1", - "3_6_1", - "3_6_2", - "3_13_1", - "3_13_2", - "3_14_6", - "3_14_7" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_4" - ], - "HIPAA": [ - "164_308_a_1_ii_d", - "164_308_a_3_ii_a", - "164_308_a_6_ii", - "164_312_b", - "164_312_e_2_i" - ], - "SOC2": [ - "cc_2_1", - "cc_7_2", - "cc_a_1_1" - ], - "C5-2025": [ - "OIS-05.01B", - "OIS-05.02B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-15.03B", - "IAM-07.04B", - "DEV-08.02B", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-12.03AC" - ], - "NIST-CSF-1.1": [ - "ae_1", - "ae_3", - "ae_4", - "cm_1", - "cm_3", - "cm_6", - "cm_7", - "am_3", - "ac_6", - "ds_5", - "ma_2", - "pt_1" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-4", - "ac-2-g", - "au-2-a-d", - "au-3", - "au-6-1-3", - "au-12-a-c", - "ca-7-a-b", - "si-4-16", - "si-4-2", - "si-4-4", - "si-4-5" - ], - "CIS-3.0": [ - "3.1" - ], - "NIST-800-53-Revision-5": [ - "ac_2_4", - "ac_3_1", - "ac_3_10", - "ac_4_26", - "ac_6_9", - "au_2_b", - "au_3_1", - "au_3_a", - "au_3_b", - "au_3_c", - "au_3_d", - "au_3_e", - "au_3_f", - "au_6_3", - "au_6_4", - "au_6_6", - "au_6_9", - "au_8_b", - "au_10", - "au_12_a", - "au_12_c", - "au_12_1", - "au_12_2", - "au_12_3", - "au_12_4", - "au_14_a", - "au_14_b", - "au_14_3", - "ca_7_b", - "cm_5_1_b", - "cm_6_a", - "cm_9_b", - "ia_3_3_b", - "ma_4_1_a", - "pm_14_a_1", - "pm_14_b", - "pm_31", - "sc_7_9_b", - "si_1_1_c", - "si_3_8_b", - "si_4_2", - "si_4_17", - "si_4_20", - "si_7_8", - "si_10_1_c" - ], - "ENS-RD2022": [ - "op.acc.6.r5.aws.iam.1", - "op.exp.5.aws.ct.1", - "op.exp.8.aws.ct.1", - "op.exp.8.aws.ct.6", - "op.exp.9.aws.ct.1", - "op.mon.1.aws.ct.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "CIS-4.0.1": [ - "3.1" - ], - "PCI-4.0": [ - "10.2.1.1.22", - "10.2.1.2.19", - "10.2.1.3.19", - "10.2.1.4.19", - "10.2.1.5.19", - "10.2.1.6.19", - "10.2.1.7.19", - "10.2.1.19", - "10.2.2.19", - "10.3.1.19", - "10.6.3.24", - "5.3.4.22", - "A1.2.1.23" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "au-2", - "ca-7" - ], - "FFIEC": [ - "d2-ma-ma-b-1", - "d2-ma-ma-b-2", - "d3-dc-an-b-3", - "d3-dc-an-b-4", - "d3-dc-an-b-5", - "d3-dc-ev-b-1", - "d3-dc-ev-b-3", - "d3-pc-im-b-3", - "d3-pc-im-b-7", - "d5-dr-de-b-3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "3.2", - "3.2.3", - "3.4", - "3.4.d", - "10.1", - "10.2", - "10.2.1", - "10.2.2", - "10.2.3", - "10.2.4", - "10.2.6", - "10.2.7", - "10.3", - "10.3.1", - "10.3.2", - "10.3.3", - "10.3.4", - "10.3.5", - "10.3.6", - "10.5", - "10.5.4" - ], - "CIS-5.0": [ - "3.1" - ], - "CIS-1.4": [ - "3.1" - ], - "GxP-EU-Annex-11": [ - "1-risk-management", - "4.2-validation-documentation-change-control" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Logging.CN05.AR01", - "CCC.Core.CN08.AR01", - "CCC.Core.CN09.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR03" - ], - "GxP-21-CFR-Part-11": [ - "11.10-e", - "11.10-k", - "11.300-d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "CloudTrail.1" - ], - "CIS-1.5": [ - "3.1" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02", - "SEC04-BP03" - ], - "NIST-800-53-Revision-4": [ - "ac_2_4", - "ac_2", - "au_2", - "au_3", - "au_12", - "cm_2" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "CIS-2.0": [ - "3.1" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Ensure CloudTrail is enabled in all regions", - "title": "Ensure CloudTrail is enabled in all regions", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled-211203495394-eu-west-2-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-2", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:eu-west-2:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-2" - }, - "remediation": { - "desc": "Ensure Logging is set to ON on all regions (even if they are not being used at the moment.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrailconcepts.html#cloudtrail-concepts-management-events" - ] - }, - "risk_details": "AWS CloudTrail is a web service that records AWS API calls for your account and delivers log files to you. The recorded information includes the identity of the API caller, the time of the API call, the source IP address of the API caller, the request parameters, and the response elements returned by the AWS service.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled with logging were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled with logging were found.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_12", - "3_3_1", - "3_3_2", - "3_3_3", - "3_4_1", - "3_6_1", - "3_6_2", - "3_13_1", - "3_13_2", - "3_14_6", - "3_14_7" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_4" - ], - "HIPAA": [ - "164_308_a_1_ii_d", - "164_308_a_3_ii_a", - "164_308_a_6_ii", - "164_312_b", - "164_312_e_2_i" - ], - "SOC2": [ - "cc_2_1", - "cc_7_2", - "cc_a_1_1" - ], - "C5-2025": [ - "OIS-05.01B", - "OIS-05.02B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-15.03B", - "IAM-07.04B", - "DEV-08.02B", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-12.03AC" - ], - "NIST-CSF-1.1": [ - "ae_1", - "ae_3", - "ae_4", - "cm_1", - "cm_3", - "cm_6", - "cm_7", - "am_3", - "ac_6", - "ds_5", - "ma_2", - "pt_1" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-4", - "ac-2-g", - "au-2-a-d", - "au-3", - "au-6-1-3", - "au-12-a-c", - "ca-7-a-b", - "si-4-16", - "si-4-2", - "si-4-4", - "si-4-5" - ], - "CIS-3.0": [ - "3.1" - ], - "NIST-800-53-Revision-5": [ - "ac_2_4", - "ac_3_1", - "ac_3_10", - "ac_4_26", - "ac_6_9", - "au_2_b", - "au_3_1", - "au_3_a", - "au_3_b", - "au_3_c", - "au_3_d", - "au_3_e", - "au_3_f", - "au_6_3", - "au_6_4", - "au_6_6", - "au_6_9", - "au_8_b", - "au_10", - "au_12_a", - "au_12_c", - "au_12_1", - "au_12_2", - "au_12_3", - "au_12_4", - "au_14_a", - "au_14_b", - "au_14_3", - "ca_7_b", - "cm_5_1_b", - "cm_6_a", - "cm_9_b", - "ia_3_3_b", - "ma_4_1_a", - "pm_14_a_1", - "pm_14_b", - "pm_31", - "sc_7_9_b", - "si_1_1_c", - "si_3_8_b", - "si_4_2", - "si_4_17", - "si_4_20", - "si_7_8", - "si_10_1_c" - ], - "ENS-RD2022": [ - "op.acc.6.r5.aws.iam.1", - "op.exp.5.aws.ct.1", - "op.exp.8.aws.ct.1", - "op.exp.8.aws.ct.6", - "op.exp.9.aws.ct.1", - "op.mon.1.aws.ct.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "CIS-4.0.1": [ - "3.1" - ], - "PCI-4.0": [ - "10.2.1.1.22", - "10.2.1.2.19", - "10.2.1.3.19", - "10.2.1.4.19", - "10.2.1.5.19", - "10.2.1.6.19", - "10.2.1.7.19", - "10.2.1.19", - "10.2.2.19", - "10.3.1.19", - "10.6.3.24", - "5.3.4.22", - "A1.2.1.23" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "au-2", - "ca-7" - ], - "FFIEC": [ - "d2-ma-ma-b-1", - "d2-ma-ma-b-2", - "d3-dc-an-b-3", - "d3-dc-an-b-4", - "d3-dc-an-b-5", - "d3-dc-ev-b-1", - "d3-dc-ev-b-3", - "d3-pc-im-b-3", - "d3-pc-im-b-7", - "d5-dr-de-b-3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "3.2", - "3.2.3", - "3.4", - "3.4.d", - "10.1", - "10.2", - "10.2.1", - "10.2.2", - "10.2.3", - "10.2.4", - "10.2.6", - "10.2.7", - "10.3", - "10.3.1", - "10.3.2", - "10.3.3", - "10.3.4", - "10.3.5", - "10.3.6", - "10.5", - "10.5.4" - ], - "CIS-5.0": [ - "3.1" - ], - "CIS-1.4": [ - "3.1" - ], - "GxP-EU-Annex-11": [ - "1-risk-management", - "4.2-validation-documentation-change-control" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Logging.CN05.AR01", - "CCC.Core.CN08.AR01", - "CCC.Core.CN09.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR03" - ], - "GxP-21-CFR-Part-11": [ - "11.10-e", - "11.10-k", - "11.300-d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "CloudTrail.1" - ], - "CIS-1.5": [ - "3.1" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02", - "SEC04-BP03" - ], - "NIST-800-53-Revision-4": [ - "ac_2_4", - "ac_2", - "au_2", - "au_3", - "au_12", - "cm_2" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "CIS-2.0": [ - "3.1" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Ensure CloudTrail is enabled in all regions", - "title": "Ensure CloudTrail is enabled in all regions", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled-211203495394-eu-west-3-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-3", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:eu-west-3:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-3" - }, - "remediation": { - "desc": "Ensure Logging is set to ON on all regions (even if they are not being used at the moment.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrailconcepts.html#cloudtrail-concepts-management-events" - ] - }, - "risk_details": "AWS CloudTrail is a web service that records AWS API calls for your account and delivers log files to you. The recorded information includes the identity of the API caller, the time of the API call, the source IP address of the API caller, the request parameters, and the response elements returned by the AWS service.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled with logging were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled with logging were found.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_12", - "3_3_1", - "3_3_2", - "3_3_3", - "3_4_1", - "3_6_1", - "3_6_2", - "3_13_1", - "3_13_2", - "3_14_6", - "3_14_7" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_4" - ], - "HIPAA": [ - "164_308_a_1_ii_d", - "164_308_a_3_ii_a", - "164_308_a_6_ii", - "164_312_b", - "164_312_e_2_i" - ], - "SOC2": [ - "cc_2_1", - "cc_7_2", - "cc_a_1_1" - ], - "C5-2025": [ - "OIS-05.01B", - "OIS-05.02B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-15.03B", - "IAM-07.04B", - "DEV-08.02B", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-12.03AC" - ], - "NIST-CSF-1.1": [ - "ae_1", - "ae_3", - "ae_4", - "cm_1", - "cm_3", - "cm_6", - "cm_7", - "am_3", - "ac_6", - "ds_5", - "ma_2", - "pt_1" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-4", - "ac-2-g", - "au-2-a-d", - "au-3", - "au-6-1-3", - "au-12-a-c", - "ca-7-a-b", - "si-4-16", - "si-4-2", - "si-4-4", - "si-4-5" - ], - "CIS-3.0": [ - "3.1" - ], - "NIST-800-53-Revision-5": [ - "ac_2_4", - "ac_3_1", - "ac_3_10", - "ac_4_26", - "ac_6_9", - "au_2_b", - "au_3_1", - "au_3_a", - "au_3_b", - "au_3_c", - "au_3_d", - "au_3_e", - "au_3_f", - "au_6_3", - "au_6_4", - "au_6_6", - "au_6_9", - "au_8_b", - "au_10", - "au_12_a", - "au_12_c", - "au_12_1", - "au_12_2", - "au_12_3", - "au_12_4", - "au_14_a", - "au_14_b", - "au_14_3", - "ca_7_b", - "cm_5_1_b", - "cm_6_a", - "cm_9_b", - "ia_3_3_b", - "ma_4_1_a", - "pm_14_a_1", - "pm_14_b", - "pm_31", - "sc_7_9_b", - "si_1_1_c", - "si_3_8_b", - "si_4_2", - "si_4_17", - "si_4_20", - "si_7_8", - "si_10_1_c" - ], - "ENS-RD2022": [ - "op.acc.6.r5.aws.iam.1", - "op.exp.5.aws.ct.1", - "op.exp.8.aws.ct.1", - "op.exp.8.aws.ct.6", - "op.exp.9.aws.ct.1", - "op.mon.1.aws.ct.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "CIS-4.0.1": [ - "3.1" - ], - "PCI-4.0": [ - "10.2.1.1.22", - "10.2.1.2.19", - "10.2.1.3.19", - "10.2.1.4.19", - "10.2.1.5.19", - "10.2.1.6.19", - "10.2.1.7.19", - "10.2.1.19", - "10.2.2.19", - "10.3.1.19", - "10.6.3.24", - "5.3.4.22", - "A1.2.1.23" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "au-2", - "ca-7" - ], - "FFIEC": [ - "d2-ma-ma-b-1", - "d2-ma-ma-b-2", - "d3-dc-an-b-3", - "d3-dc-an-b-4", - "d3-dc-an-b-5", - "d3-dc-ev-b-1", - "d3-dc-ev-b-3", - "d3-pc-im-b-3", - "d3-pc-im-b-7", - "d5-dr-de-b-3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "3.2", - "3.2.3", - "3.4", - "3.4.d", - "10.1", - "10.2", - "10.2.1", - "10.2.2", - "10.2.3", - "10.2.4", - "10.2.6", - "10.2.7", - "10.3", - "10.3.1", - "10.3.2", - "10.3.3", - "10.3.4", - "10.3.5", - "10.3.6", - "10.5", - "10.5.4" - ], - "CIS-5.0": [ - "3.1" - ], - "CIS-1.4": [ - "3.1" - ], - "GxP-EU-Annex-11": [ - "1-risk-management", - "4.2-validation-documentation-change-control" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Logging.CN05.AR01", - "CCC.Core.CN08.AR01", - "CCC.Core.CN09.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR03" - ], - "GxP-21-CFR-Part-11": [ - "11.10-e", - "11.10-k", - "11.300-d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "CloudTrail.1" - ], - "CIS-1.5": [ - "3.1" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02", - "SEC04-BP03" - ], - "NIST-800-53-Revision-4": [ - "ac_2_4", - "ac_2", - "au_2", - "au_3", - "au_12", - "cm_2" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "CIS-2.0": [ - "3.1" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Ensure CloudTrail is enabled in all regions", - "title": "Ensure CloudTrail is enabled in all regions", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled-211203495394-sa-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "sa-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:sa-east-1:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "sa-east-1" - }, - "remediation": { - "desc": "Ensure Logging is set to ON on all regions (even if they are not being used at the moment.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrailconcepts.html#cloudtrail-concepts-management-events" - ] - }, - "risk_details": "AWS CloudTrail is a web service that records AWS API calls for your account and delivers log files to you. The recorded information includes the identity of the API caller, the time of the API call, the source IP address of the API caller, the request parameters, and the response elements returned by the AWS service.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled with logging were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled with logging were found.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_12", - "3_3_1", - "3_3_2", - "3_3_3", - "3_4_1", - "3_6_1", - "3_6_2", - "3_13_1", - "3_13_2", - "3_14_6", - "3_14_7" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_4" - ], - "HIPAA": [ - "164_308_a_1_ii_d", - "164_308_a_3_ii_a", - "164_308_a_6_ii", - "164_312_b", - "164_312_e_2_i" - ], - "SOC2": [ - "cc_2_1", - "cc_7_2", - "cc_a_1_1" - ], - "C5-2025": [ - "OIS-05.01B", - "OIS-05.02B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-15.03B", - "IAM-07.04B", - "DEV-08.02B", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-12.03AC" - ], - "NIST-CSF-1.1": [ - "ae_1", - "ae_3", - "ae_4", - "cm_1", - "cm_3", - "cm_6", - "cm_7", - "am_3", - "ac_6", - "ds_5", - "ma_2", - "pt_1" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-4", - "ac-2-g", - "au-2-a-d", - "au-3", - "au-6-1-3", - "au-12-a-c", - "ca-7-a-b", - "si-4-16", - "si-4-2", - "si-4-4", - "si-4-5" - ], - "CIS-3.0": [ - "3.1" - ], - "NIST-800-53-Revision-5": [ - "ac_2_4", - "ac_3_1", - "ac_3_10", - "ac_4_26", - "ac_6_9", - "au_2_b", - "au_3_1", - "au_3_a", - "au_3_b", - "au_3_c", - "au_3_d", - "au_3_e", - "au_3_f", - "au_6_3", - "au_6_4", - "au_6_6", - "au_6_9", - "au_8_b", - "au_10", - "au_12_a", - "au_12_c", - "au_12_1", - "au_12_2", - "au_12_3", - "au_12_4", - "au_14_a", - "au_14_b", - "au_14_3", - "ca_7_b", - "cm_5_1_b", - "cm_6_a", - "cm_9_b", - "ia_3_3_b", - "ma_4_1_a", - "pm_14_a_1", - "pm_14_b", - "pm_31", - "sc_7_9_b", - "si_1_1_c", - "si_3_8_b", - "si_4_2", - "si_4_17", - "si_4_20", - "si_7_8", - "si_10_1_c" - ], - "ENS-RD2022": [ - "op.acc.6.r5.aws.iam.1", - "op.exp.5.aws.ct.1", - "op.exp.8.aws.ct.1", - "op.exp.8.aws.ct.6", - "op.exp.9.aws.ct.1", - "op.mon.1.aws.ct.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "CIS-4.0.1": [ - "3.1" - ], - "PCI-4.0": [ - "10.2.1.1.22", - "10.2.1.2.19", - "10.2.1.3.19", - "10.2.1.4.19", - "10.2.1.5.19", - "10.2.1.6.19", - "10.2.1.7.19", - "10.2.1.19", - "10.2.2.19", - "10.3.1.19", - "10.6.3.24", - "5.3.4.22", - "A1.2.1.23" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "au-2", - "ca-7" - ], - "FFIEC": [ - "d2-ma-ma-b-1", - "d2-ma-ma-b-2", - "d3-dc-an-b-3", - "d3-dc-an-b-4", - "d3-dc-an-b-5", - "d3-dc-ev-b-1", - "d3-dc-ev-b-3", - "d3-pc-im-b-3", - "d3-pc-im-b-7", - "d5-dr-de-b-3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "3.2", - "3.2.3", - "3.4", - "3.4.d", - "10.1", - "10.2", - "10.2.1", - "10.2.2", - "10.2.3", - "10.2.4", - "10.2.6", - "10.2.7", - "10.3", - "10.3.1", - "10.3.2", - "10.3.3", - "10.3.4", - "10.3.5", - "10.3.6", - "10.5", - "10.5.4" - ], - "CIS-5.0": [ - "3.1" - ], - "CIS-1.4": [ - "3.1" - ], - "GxP-EU-Annex-11": [ - "1-risk-management", - "4.2-validation-documentation-change-control" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Logging.CN05.AR01", - "CCC.Core.CN08.AR01", - "CCC.Core.CN09.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR03" - ], - "GxP-21-CFR-Part-11": [ - "11.10-e", - "11.10-k", - "11.300-d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "CloudTrail.1" - ], - "CIS-1.5": [ - "3.1" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02", - "SEC04-BP03" - ], - "NIST-800-53-Revision-4": [ - "ac_2_4", - "ac_2", - "au_2", - "au_3", - "au_12", - "cm_2" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "CIS-2.0": [ - "3.1" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Ensure CloudTrail is enabled in all regions", - "title": "Ensure CloudTrail is enabled in all regions", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:us-east-1:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Ensure Logging is set to ON on all regions (even if they are not being used at the moment.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrailconcepts.html#cloudtrail-concepts-management-events" - ] - }, - "risk_details": "AWS CloudTrail is a web service that records AWS API calls for your account and delivers log files to you. The recorded information includes the identity of the API caller, the time of the API call, the source IP address of the API caller, the request parameters, and the response elements returned by the AWS service.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled with logging were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled with logging were found.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_12", - "3_3_1", - "3_3_2", - "3_3_3", - "3_4_1", - "3_6_1", - "3_6_2", - "3_13_1", - "3_13_2", - "3_14_6", - "3_14_7" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_4" - ], - "HIPAA": [ - "164_308_a_1_ii_d", - "164_308_a_3_ii_a", - "164_308_a_6_ii", - "164_312_b", - "164_312_e_2_i" - ], - "SOC2": [ - "cc_2_1", - "cc_7_2", - "cc_a_1_1" - ], - "C5-2025": [ - "OIS-05.01B", - "OIS-05.02B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-15.03B", - "IAM-07.04B", - "DEV-08.02B", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-12.03AC" - ], - "NIST-CSF-1.1": [ - "ae_1", - "ae_3", - "ae_4", - "cm_1", - "cm_3", - "cm_6", - "cm_7", - "am_3", - "ac_6", - "ds_5", - "ma_2", - "pt_1" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-4", - "ac-2-g", - "au-2-a-d", - "au-3", - "au-6-1-3", - "au-12-a-c", - "ca-7-a-b", - "si-4-16", - "si-4-2", - "si-4-4", - "si-4-5" - ], - "CIS-3.0": [ - "3.1" - ], - "NIST-800-53-Revision-5": [ - "ac_2_4", - "ac_3_1", - "ac_3_10", - "ac_4_26", - "ac_6_9", - "au_2_b", - "au_3_1", - "au_3_a", - "au_3_b", - "au_3_c", - "au_3_d", - "au_3_e", - "au_3_f", - "au_6_3", - "au_6_4", - "au_6_6", - "au_6_9", - "au_8_b", - "au_10", - "au_12_a", - "au_12_c", - "au_12_1", - "au_12_2", - "au_12_3", - "au_12_4", - "au_14_a", - "au_14_b", - "au_14_3", - "ca_7_b", - "cm_5_1_b", - "cm_6_a", - "cm_9_b", - "ia_3_3_b", - "ma_4_1_a", - "pm_14_a_1", - "pm_14_b", - "pm_31", - "sc_7_9_b", - "si_1_1_c", - "si_3_8_b", - "si_4_2", - "si_4_17", - "si_4_20", - "si_7_8", - "si_10_1_c" - ], - "ENS-RD2022": [ - "op.acc.6.r5.aws.iam.1", - "op.exp.5.aws.ct.1", - "op.exp.8.aws.ct.1", - "op.exp.8.aws.ct.6", - "op.exp.9.aws.ct.1", - "op.mon.1.aws.ct.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "CIS-4.0.1": [ - "3.1" - ], - "PCI-4.0": [ - "10.2.1.1.22", - "10.2.1.2.19", - "10.2.1.3.19", - "10.2.1.4.19", - "10.2.1.5.19", - "10.2.1.6.19", - "10.2.1.7.19", - "10.2.1.19", - "10.2.2.19", - "10.3.1.19", - "10.6.3.24", - "5.3.4.22", - "A1.2.1.23" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "au-2", - "ca-7" - ], - "FFIEC": [ - "d2-ma-ma-b-1", - "d2-ma-ma-b-2", - "d3-dc-an-b-3", - "d3-dc-an-b-4", - "d3-dc-an-b-5", - "d3-dc-ev-b-1", - "d3-dc-ev-b-3", - "d3-pc-im-b-3", - "d3-pc-im-b-7", - "d5-dr-de-b-3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "3.2", - "3.2.3", - "3.4", - "3.4.d", - "10.1", - "10.2", - "10.2.1", - "10.2.2", - "10.2.3", - "10.2.4", - "10.2.6", - "10.2.7", - "10.3", - "10.3.1", - "10.3.2", - "10.3.3", - "10.3.4", - "10.3.5", - "10.3.6", - "10.5", - "10.5.4" - ], - "CIS-5.0": [ - "3.1" - ], - "CIS-1.4": [ - "3.1" - ], - "GxP-EU-Annex-11": [ - "1-risk-management", - "4.2-validation-documentation-change-control" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Logging.CN05.AR01", - "CCC.Core.CN08.AR01", - "CCC.Core.CN09.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR03" - ], - "GxP-21-CFR-Part-11": [ - "11.10-e", - "11.10-k", - "11.300-d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "CloudTrail.1" - ], - "CIS-1.5": [ - "3.1" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02", - "SEC04-BP03" - ], - "NIST-800-53-Revision-4": [ - "ac_2_4", - "ac_2", - "au_2", - "au_3", - "au_12", - "cm_2" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "CIS-2.0": [ - "3.1" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Ensure CloudTrail is enabled in all regions", - "title": "Ensure CloudTrail is enabled in all regions", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled-211203495394-us-east-2-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-2", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:us-east-2:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-2" - }, - "remediation": { - "desc": "Ensure Logging is set to ON on all regions (even if they are not being used at the moment.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrailconcepts.html#cloudtrail-concepts-management-events" - ] - }, - "risk_details": "AWS CloudTrail is a web service that records AWS API calls for your account and delivers log files to you. The recorded information includes the identity of the API caller, the time of the API call, the source IP address of the API caller, the request parameters, and the response elements returned by the AWS service.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled with logging were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled with logging were found.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_12", - "3_3_1", - "3_3_2", - "3_3_3", - "3_4_1", - "3_6_1", - "3_6_2", - "3_13_1", - "3_13_2", - "3_14_6", - "3_14_7" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_4" - ], - "HIPAA": [ - "164_308_a_1_ii_d", - "164_308_a_3_ii_a", - "164_308_a_6_ii", - "164_312_b", - "164_312_e_2_i" - ], - "SOC2": [ - "cc_2_1", - "cc_7_2", - "cc_a_1_1" - ], - "C5-2025": [ - "OIS-05.01B", - "OIS-05.02B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-15.03B", - "IAM-07.04B", - "DEV-08.02B", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-12.03AC" - ], - "NIST-CSF-1.1": [ - "ae_1", - "ae_3", - "ae_4", - "cm_1", - "cm_3", - "cm_6", - "cm_7", - "am_3", - "ac_6", - "ds_5", - "ma_2", - "pt_1" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-4", - "ac-2-g", - "au-2-a-d", - "au-3", - "au-6-1-3", - "au-12-a-c", - "ca-7-a-b", - "si-4-16", - "si-4-2", - "si-4-4", - "si-4-5" - ], - "CIS-3.0": [ - "3.1" - ], - "NIST-800-53-Revision-5": [ - "ac_2_4", - "ac_3_1", - "ac_3_10", - "ac_4_26", - "ac_6_9", - "au_2_b", - "au_3_1", - "au_3_a", - "au_3_b", - "au_3_c", - "au_3_d", - "au_3_e", - "au_3_f", - "au_6_3", - "au_6_4", - "au_6_6", - "au_6_9", - "au_8_b", - "au_10", - "au_12_a", - "au_12_c", - "au_12_1", - "au_12_2", - "au_12_3", - "au_12_4", - "au_14_a", - "au_14_b", - "au_14_3", - "ca_7_b", - "cm_5_1_b", - "cm_6_a", - "cm_9_b", - "ia_3_3_b", - "ma_4_1_a", - "pm_14_a_1", - "pm_14_b", - "pm_31", - "sc_7_9_b", - "si_1_1_c", - "si_3_8_b", - "si_4_2", - "si_4_17", - "si_4_20", - "si_7_8", - "si_10_1_c" - ], - "ENS-RD2022": [ - "op.acc.6.r5.aws.iam.1", - "op.exp.5.aws.ct.1", - "op.exp.8.aws.ct.1", - "op.exp.8.aws.ct.6", - "op.exp.9.aws.ct.1", - "op.mon.1.aws.ct.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "CIS-4.0.1": [ - "3.1" - ], - "PCI-4.0": [ - "10.2.1.1.22", - "10.2.1.2.19", - "10.2.1.3.19", - "10.2.1.4.19", - "10.2.1.5.19", - "10.2.1.6.19", - "10.2.1.7.19", - "10.2.1.19", - "10.2.2.19", - "10.3.1.19", - "10.6.3.24", - "5.3.4.22", - "A1.2.1.23" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "au-2", - "ca-7" - ], - "FFIEC": [ - "d2-ma-ma-b-1", - "d2-ma-ma-b-2", - "d3-dc-an-b-3", - "d3-dc-an-b-4", - "d3-dc-an-b-5", - "d3-dc-ev-b-1", - "d3-dc-ev-b-3", - "d3-pc-im-b-3", - "d3-pc-im-b-7", - "d5-dr-de-b-3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "3.2", - "3.2.3", - "3.4", - "3.4.d", - "10.1", - "10.2", - "10.2.1", - "10.2.2", - "10.2.3", - "10.2.4", - "10.2.6", - "10.2.7", - "10.3", - "10.3.1", - "10.3.2", - "10.3.3", - "10.3.4", - "10.3.5", - "10.3.6", - "10.5", - "10.5.4" - ], - "CIS-5.0": [ - "3.1" - ], - "CIS-1.4": [ - "3.1" - ], - "GxP-EU-Annex-11": [ - "1-risk-management", - "4.2-validation-documentation-change-control" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Logging.CN05.AR01", - "CCC.Core.CN08.AR01", - "CCC.Core.CN09.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR03" - ], - "GxP-21-CFR-Part-11": [ - "11.10-e", - "11.10-k", - "11.300-d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "CloudTrail.1" - ], - "CIS-1.5": [ - "3.1" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02", - "SEC04-BP03" - ], - "NIST-800-53-Revision-4": [ - "ac_2_4", - "ac_2", - "au_2", - "au_3", - "au_12", - "cm_2" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "CIS-2.0": [ - "3.1" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Ensure CloudTrail is enabled in all regions", - "title": "Ensure CloudTrail is enabled in all regions", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled-211203495394-us-west-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-west-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:us-west-1:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-west-1" - }, - "remediation": { - "desc": "Ensure Logging is set to ON on all regions (even if they are not being used at the moment.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrailconcepts.html#cloudtrail-concepts-management-events" - ] - }, - "risk_details": "AWS CloudTrail is a web service that records AWS API calls for your account and delivers log files to you. The recorded information includes the identity of the API caller, the time of the API call, the source IP address of the API caller, the request parameters, and the response elements returned by the AWS service.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled with logging were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled with logging were found.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_12", - "3_3_1", - "3_3_2", - "3_3_3", - "3_4_1", - "3_6_1", - "3_6_2", - "3_13_1", - "3_13_2", - "3_14_6", - "3_14_7" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_4" - ], - "HIPAA": [ - "164_308_a_1_ii_d", - "164_308_a_3_ii_a", - "164_308_a_6_ii", - "164_312_b", - "164_312_e_2_i" - ], - "SOC2": [ - "cc_2_1", - "cc_7_2", - "cc_a_1_1" - ], - "C5-2025": [ - "OIS-05.01B", - "OIS-05.02B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-15.03B", - "IAM-07.04B", - "DEV-08.02B", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-12.03AC" - ], - "NIST-CSF-1.1": [ - "ae_1", - "ae_3", - "ae_4", - "cm_1", - "cm_3", - "cm_6", - "cm_7", - "am_3", - "ac_6", - "ds_5", - "ma_2", - "pt_1" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-4", - "ac-2-g", - "au-2-a-d", - "au-3", - "au-6-1-3", - "au-12-a-c", - "ca-7-a-b", - "si-4-16", - "si-4-2", - "si-4-4", - "si-4-5" - ], - "CIS-3.0": [ - "3.1" - ], - "NIST-800-53-Revision-5": [ - "ac_2_4", - "ac_3_1", - "ac_3_10", - "ac_4_26", - "ac_6_9", - "au_2_b", - "au_3_1", - "au_3_a", - "au_3_b", - "au_3_c", - "au_3_d", - "au_3_e", - "au_3_f", - "au_6_3", - "au_6_4", - "au_6_6", - "au_6_9", - "au_8_b", - "au_10", - "au_12_a", - "au_12_c", - "au_12_1", - "au_12_2", - "au_12_3", - "au_12_4", - "au_14_a", - "au_14_b", - "au_14_3", - "ca_7_b", - "cm_5_1_b", - "cm_6_a", - "cm_9_b", - "ia_3_3_b", - "ma_4_1_a", - "pm_14_a_1", - "pm_14_b", - "pm_31", - "sc_7_9_b", - "si_1_1_c", - "si_3_8_b", - "si_4_2", - "si_4_17", - "si_4_20", - "si_7_8", - "si_10_1_c" - ], - "ENS-RD2022": [ - "op.acc.6.r5.aws.iam.1", - "op.exp.5.aws.ct.1", - "op.exp.8.aws.ct.1", - "op.exp.8.aws.ct.6", - "op.exp.9.aws.ct.1", - "op.mon.1.aws.ct.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "CIS-4.0.1": [ - "3.1" - ], - "PCI-4.0": [ - "10.2.1.1.22", - "10.2.1.2.19", - "10.2.1.3.19", - "10.2.1.4.19", - "10.2.1.5.19", - "10.2.1.6.19", - "10.2.1.7.19", - "10.2.1.19", - "10.2.2.19", - "10.3.1.19", - "10.6.3.24", - "5.3.4.22", - "A1.2.1.23" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "au-2", - "ca-7" - ], - "FFIEC": [ - "d2-ma-ma-b-1", - "d2-ma-ma-b-2", - "d3-dc-an-b-3", - "d3-dc-an-b-4", - "d3-dc-an-b-5", - "d3-dc-ev-b-1", - "d3-dc-ev-b-3", - "d3-pc-im-b-3", - "d3-pc-im-b-7", - "d5-dr-de-b-3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "3.2", - "3.2.3", - "3.4", - "3.4.d", - "10.1", - "10.2", - "10.2.1", - "10.2.2", - "10.2.3", - "10.2.4", - "10.2.6", - "10.2.7", - "10.3", - "10.3.1", - "10.3.2", - "10.3.3", - "10.3.4", - "10.3.5", - "10.3.6", - "10.5", - "10.5.4" - ], - "CIS-5.0": [ - "3.1" - ], - "CIS-1.4": [ - "3.1" - ], - "GxP-EU-Annex-11": [ - "1-risk-management", - "4.2-validation-documentation-change-control" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Logging.CN05.AR01", - "CCC.Core.CN08.AR01", - "CCC.Core.CN09.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR03" - ], - "GxP-21-CFR-Part-11": [ - "11.10-e", - "11.10-k", - "11.300-d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "CloudTrail.1" - ], - "CIS-1.5": [ - "3.1" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02", - "SEC04-BP03" - ], - "NIST-800-53-Revision-4": [ - "ac_2_4", - "ac_2", - "au_2", - "au_3", - "au_12", - "cm_2" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "CIS-2.0": [ - "3.1" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Ensure CloudTrail is enabled in all regions", - "title": "Ensure CloudTrail is enabled in all regions", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled-211203495394-us-west-2-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-west-2", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:us-west-2:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-west-2" - }, - "remediation": { - "desc": "Ensure Logging is set to ON on all regions (even if they are not being used at the moment.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrailconcepts.html#cloudtrail-concepts-management-events" - ] - }, - "risk_details": "AWS CloudTrail is a web service that records AWS API calls for your account and delivers log files to you. The recorded information includes the identity of the API caller, the time of the API call, the source IP address of the API caller, the request parameters, and the response elements returned by the AWS service.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled and logging management events were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled_logging_management_events", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled and logging management events were found.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.prowler.com/checks/aws/logging-policies/logging_14", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-05.02B", - "AM-01.01AC", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-11.02AC", - "OPS-12.01B", - "OPS-13.02B", - "OPS-13.01AC", - "OPS-13.03AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "IAM-07.04B", - "DEV-08.02B", - "SSO-05.01AC", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-04.05B", - "PSS-12.02AC", - "PSS-12.03AC" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR02" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "NIS2": [ - "3.1.2.a", - "3.2.3.c", - "3.4.2.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Ensure CloudTrail logging management events in All Regions", - "title": "Ensure CloudTrail logging management events in All Regions", - "types": [ - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled_logging_management_events-211203495394-ap-northeast-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-northeast-1", - "data": { - "details": "", - "metadata": { - "arn:aws:cloudtrail:us-east-1:211203495394:trail": { - "region": "us-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-east-2:211203495394:trail": { - "region": "us-east-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-2:211203495394:trail": { - "region": "us-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-1:211203495394:trail": { - "region": "eu-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ca-central-1:211203495394:trail": { - "region": "ca-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-central-1:211203495394:trail": { - "region": "eu-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-2:211203495394:trail": { - "region": "eu-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:sa-east-1:211203495394:trail": { - "region": "sa-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-3:211203495394:trail": { - "region": "eu-west-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-1:211203495394:trail": { - "region": "ap-northeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-1:211203495394:trail": { - "region": "ap-southeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-1:211203495394:trail": { - "region": "us-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-2:211203495394:trail": { - "region": "ap-southeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-3:211203495394:trail": { - "region": "ap-northeast-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-south-1:211203495394:trail": { - "region": "ap-south-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-north-1:211203495394:trail": { - "region": "eu-north-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-2:211203495394:trail": { - "region": "ap-northeast-2", - "data_events": [], - "tags": [] - } - } - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:ap-northeast-1:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-northeast-1" - }, - "remediation": { - "desc": "Enable CloudTrail logging management events in All Regions", - "references": [ - "https://docs.prowler.com/checks/aws/logging-policies/logging_14" - ] - }, - "risk_details": "AWS CloudTrail enables governance, compliance, operational auditing, and risk auditing of your AWS account. To meet FTR requirements, you must have management events enabled for all AWS accounts and in all regions and aggregate these logs into an Amazon Simple Storage Service (Amazon S3) bucket owned by a separate AWS account.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled and logging management events were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled_logging_management_events", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled and logging management events were found.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.prowler.com/checks/aws/logging-policies/logging_14", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-05.02B", - "AM-01.01AC", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-11.02AC", - "OPS-12.01B", - "OPS-13.02B", - "OPS-13.01AC", - "OPS-13.03AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "IAM-07.04B", - "DEV-08.02B", - "SSO-05.01AC", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-04.05B", - "PSS-12.02AC", - "PSS-12.03AC" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR02" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "NIS2": [ - "3.1.2.a", - "3.2.3.c", - "3.4.2.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Ensure CloudTrail logging management events in All Regions", - "title": "Ensure CloudTrail logging management events in All Regions", - "types": [ - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled_logging_management_events-211203495394-ap-northeast-2-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-northeast-2", - "data": { - "details": "", - "metadata": { - "arn:aws:cloudtrail:us-east-1:211203495394:trail": { - "region": "us-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-east-2:211203495394:trail": { - "region": "us-east-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-2:211203495394:trail": { - "region": "us-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-1:211203495394:trail": { - "region": "eu-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ca-central-1:211203495394:trail": { - "region": "ca-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-central-1:211203495394:trail": { - "region": "eu-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-2:211203495394:trail": { - "region": "eu-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:sa-east-1:211203495394:trail": { - "region": "sa-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-3:211203495394:trail": { - "region": "eu-west-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-1:211203495394:trail": { - "region": "ap-northeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-1:211203495394:trail": { - "region": "ap-southeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-1:211203495394:trail": { - "region": "us-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-2:211203495394:trail": { - "region": "ap-southeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-3:211203495394:trail": { - "region": "ap-northeast-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-south-1:211203495394:trail": { - "region": "ap-south-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-north-1:211203495394:trail": { - "region": "eu-north-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-2:211203495394:trail": { - "region": "ap-northeast-2", - "data_events": [], - "tags": [] - } - } - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:ap-northeast-2:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-northeast-2" - }, - "remediation": { - "desc": "Enable CloudTrail logging management events in All Regions", - "references": [ - "https://docs.prowler.com/checks/aws/logging-policies/logging_14" - ] - }, - "risk_details": "AWS CloudTrail enables governance, compliance, operational auditing, and risk auditing of your AWS account. To meet FTR requirements, you must have management events enabled for all AWS accounts and in all regions and aggregate these logs into an Amazon Simple Storage Service (Amazon S3) bucket owned by a separate AWS account.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled and logging management events were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled_logging_management_events", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled and logging management events were found.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.prowler.com/checks/aws/logging-policies/logging_14", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-05.02B", - "AM-01.01AC", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-11.02AC", - "OPS-12.01B", - "OPS-13.02B", - "OPS-13.01AC", - "OPS-13.03AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "IAM-07.04B", - "DEV-08.02B", - "SSO-05.01AC", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-04.05B", - "PSS-12.02AC", - "PSS-12.03AC" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR02" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "NIS2": [ - "3.1.2.a", - "3.2.3.c", - "3.4.2.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Ensure CloudTrail logging management events in All Regions", - "title": "Ensure CloudTrail logging management events in All Regions", - "types": [ - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled_logging_management_events-211203495394-ap-northeast-3-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-northeast-3", - "data": { - "details": "", - "metadata": { - "arn:aws:cloudtrail:us-east-1:211203495394:trail": { - "region": "us-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-east-2:211203495394:trail": { - "region": "us-east-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-2:211203495394:trail": { - "region": "us-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-1:211203495394:trail": { - "region": "eu-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ca-central-1:211203495394:trail": { - "region": "ca-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-central-1:211203495394:trail": { - "region": "eu-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-2:211203495394:trail": { - "region": "eu-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:sa-east-1:211203495394:trail": { - "region": "sa-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-3:211203495394:trail": { - "region": "eu-west-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-1:211203495394:trail": { - "region": "ap-northeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-1:211203495394:trail": { - "region": "ap-southeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-1:211203495394:trail": { - "region": "us-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-2:211203495394:trail": { - "region": "ap-southeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-3:211203495394:trail": { - "region": "ap-northeast-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-south-1:211203495394:trail": { - "region": "ap-south-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-north-1:211203495394:trail": { - "region": "eu-north-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-2:211203495394:trail": { - "region": "ap-northeast-2", - "data_events": [], - "tags": [] - } - } - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:ap-northeast-3:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-northeast-3" - }, - "remediation": { - "desc": "Enable CloudTrail logging management events in All Regions", - "references": [ - "https://docs.prowler.com/checks/aws/logging-policies/logging_14" - ] - }, - "risk_details": "AWS CloudTrail enables governance, compliance, operational auditing, and risk auditing of your AWS account. To meet FTR requirements, you must have management events enabled for all AWS accounts and in all regions and aggregate these logs into an Amazon Simple Storage Service (Amazon S3) bucket owned by a separate AWS account.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled and logging management events were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled_logging_management_events", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled and logging management events were found.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.prowler.com/checks/aws/logging-policies/logging_14", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-05.02B", - "AM-01.01AC", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-11.02AC", - "OPS-12.01B", - "OPS-13.02B", - "OPS-13.01AC", - "OPS-13.03AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "IAM-07.04B", - "DEV-08.02B", - "SSO-05.01AC", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-04.05B", - "PSS-12.02AC", - "PSS-12.03AC" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR02" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "NIS2": [ - "3.1.2.a", - "3.2.3.c", - "3.4.2.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Ensure CloudTrail logging management events in All Regions", - "title": "Ensure CloudTrail logging management events in All Regions", - "types": [ - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled_logging_management_events-211203495394-ap-south-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-south-1", - "data": { - "details": "", - "metadata": { - "arn:aws:cloudtrail:us-east-1:211203495394:trail": { - "region": "us-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-east-2:211203495394:trail": { - "region": "us-east-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-2:211203495394:trail": { - "region": "us-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-1:211203495394:trail": { - "region": "eu-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ca-central-1:211203495394:trail": { - "region": "ca-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-central-1:211203495394:trail": { - "region": "eu-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-2:211203495394:trail": { - "region": "eu-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:sa-east-1:211203495394:trail": { - "region": "sa-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-3:211203495394:trail": { - "region": "eu-west-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-1:211203495394:trail": { - "region": "ap-northeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-1:211203495394:trail": { - "region": "ap-southeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-1:211203495394:trail": { - "region": "us-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-2:211203495394:trail": { - "region": "ap-southeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-3:211203495394:trail": { - "region": "ap-northeast-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-south-1:211203495394:trail": { - "region": "ap-south-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-north-1:211203495394:trail": { - "region": "eu-north-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-2:211203495394:trail": { - "region": "ap-northeast-2", - "data_events": [], - "tags": [] - } - } - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:ap-south-1:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-south-1" - }, - "remediation": { - "desc": "Enable CloudTrail logging management events in All Regions", - "references": [ - "https://docs.prowler.com/checks/aws/logging-policies/logging_14" - ] - }, - "risk_details": "AWS CloudTrail enables governance, compliance, operational auditing, and risk auditing of your AWS account. To meet FTR requirements, you must have management events enabled for all AWS accounts and in all regions and aggregate these logs into an Amazon Simple Storage Service (Amazon S3) bucket owned by a separate AWS account.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled and logging management events were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled_logging_management_events", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled and logging management events were found.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.prowler.com/checks/aws/logging-policies/logging_14", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-05.02B", - "AM-01.01AC", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-11.02AC", - "OPS-12.01B", - "OPS-13.02B", - "OPS-13.01AC", - "OPS-13.03AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "IAM-07.04B", - "DEV-08.02B", - "SSO-05.01AC", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-04.05B", - "PSS-12.02AC", - "PSS-12.03AC" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR02" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "NIS2": [ - "3.1.2.a", - "3.2.3.c", - "3.4.2.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Ensure CloudTrail logging management events in All Regions", - "title": "Ensure CloudTrail logging management events in All Regions", - "types": [ - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled_logging_management_events-211203495394-ap-southeast-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-southeast-1", - "data": { - "details": "", - "metadata": { - "arn:aws:cloudtrail:us-east-1:211203495394:trail": { - "region": "us-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-east-2:211203495394:trail": { - "region": "us-east-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-2:211203495394:trail": { - "region": "us-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-1:211203495394:trail": { - "region": "eu-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ca-central-1:211203495394:trail": { - "region": "ca-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-central-1:211203495394:trail": { - "region": "eu-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-2:211203495394:trail": { - "region": "eu-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:sa-east-1:211203495394:trail": { - "region": "sa-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-3:211203495394:trail": { - "region": "eu-west-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-1:211203495394:trail": { - "region": "ap-northeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-1:211203495394:trail": { - "region": "ap-southeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-1:211203495394:trail": { - "region": "us-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-2:211203495394:trail": { - "region": "ap-southeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-3:211203495394:trail": { - "region": "ap-northeast-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-south-1:211203495394:trail": { - "region": "ap-south-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-north-1:211203495394:trail": { - "region": "eu-north-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-2:211203495394:trail": { - "region": "ap-northeast-2", - "data_events": [], - "tags": [] - } - } - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:ap-southeast-1:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-southeast-1" - }, - "remediation": { - "desc": "Enable CloudTrail logging management events in All Regions", - "references": [ - "https://docs.prowler.com/checks/aws/logging-policies/logging_14" - ] - }, - "risk_details": "AWS CloudTrail enables governance, compliance, operational auditing, and risk auditing of your AWS account. To meet FTR requirements, you must have management events enabled for all AWS accounts and in all regions and aggregate these logs into an Amazon Simple Storage Service (Amazon S3) bucket owned by a separate AWS account.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled and logging management events were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled_logging_management_events", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled and logging management events were found.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.prowler.com/checks/aws/logging-policies/logging_14", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-05.02B", - "AM-01.01AC", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-11.02AC", - "OPS-12.01B", - "OPS-13.02B", - "OPS-13.01AC", - "OPS-13.03AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "IAM-07.04B", - "DEV-08.02B", - "SSO-05.01AC", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-04.05B", - "PSS-12.02AC", - "PSS-12.03AC" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR02" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "NIS2": [ - "3.1.2.a", - "3.2.3.c", - "3.4.2.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Ensure CloudTrail logging management events in All Regions", - "title": "Ensure CloudTrail logging management events in All Regions", - "types": [ - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled_logging_management_events-211203495394-ap-southeast-2-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-southeast-2", - "data": { - "details": "", - "metadata": { - "arn:aws:cloudtrail:us-east-1:211203495394:trail": { - "region": "us-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-east-2:211203495394:trail": { - "region": "us-east-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-2:211203495394:trail": { - "region": "us-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-1:211203495394:trail": { - "region": "eu-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ca-central-1:211203495394:trail": { - "region": "ca-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-central-1:211203495394:trail": { - "region": "eu-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-2:211203495394:trail": { - "region": "eu-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:sa-east-1:211203495394:trail": { - "region": "sa-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-3:211203495394:trail": { - "region": "eu-west-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-1:211203495394:trail": { - "region": "ap-northeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-1:211203495394:trail": { - "region": "ap-southeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-1:211203495394:trail": { - "region": "us-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-2:211203495394:trail": { - "region": "ap-southeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-3:211203495394:trail": { - "region": "ap-northeast-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-south-1:211203495394:trail": { - "region": "ap-south-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-north-1:211203495394:trail": { - "region": "eu-north-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-2:211203495394:trail": { - "region": "ap-northeast-2", - "data_events": [], - "tags": [] - } - } - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:ap-southeast-2:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-southeast-2" - }, - "remediation": { - "desc": "Enable CloudTrail logging management events in All Regions", - "references": [ - "https://docs.prowler.com/checks/aws/logging-policies/logging_14" - ] - }, - "risk_details": "AWS CloudTrail enables governance, compliance, operational auditing, and risk auditing of your AWS account. To meet FTR requirements, you must have management events enabled for all AWS accounts and in all regions and aggregate these logs into an Amazon Simple Storage Service (Amazon S3) bucket owned by a separate AWS account.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled and logging management events were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled_logging_management_events", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled and logging management events were found.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.prowler.com/checks/aws/logging-policies/logging_14", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-05.02B", - "AM-01.01AC", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-11.02AC", - "OPS-12.01B", - "OPS-13.02B", - "OPS-13.01AC", - "OPS-13.03AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "IAM-07.04B", - "DEV-08.02B", - "SSO-05.01AC", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-04.05B", - "PSS-12.02AC", - "PSS-12.03AC" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR02" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "NIS2": [ - "3.1.2.a", - "3.2.3.c", - "3.4.2.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Ensure CloudTrail logging management events in All Regions", - "title": "Ensure CloudTrail logging management events in All Regions", - "types": [ - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled_logging_management_events-211203495394-ca-central-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ca-central-1", - "data": { - "details": "", - "metadata": { - "arn:aws:cloudtrail:us-east-1:211203495394:trail": { - "region": "us-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-east-2:211203495394:trail": { - "region": "us-east-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-2:211203495394:trail": { - "region": "us-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-1:211203495394:trail": { - "region": "eu-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ca-central-1:211203495394:trail": { - "region": "ca-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-central-1:211203495394:trail": { - "region": "eu-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-2:211203495394:trail": { - "region": "eu-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:sa-east-1:211203495394:trail": { - "region": "sa-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-3:211203495394:trail": { - "region": "eu-west-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-1:211203495394:trail": { - "region": "ap-northeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-1:211203495394:trail": { - "region": "ap-southeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-1:211203495394:trail": { - "region": "us-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-2:211203495394:trail": { - "region": "ap-southeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-3:211203495394:trail": { - "region": "ap-northeast-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-south-1:211203495394:trail": { - "region": "ap-south-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-north-1:211203495394:trail": { - "region": "eu-north-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-2:211203495394:trail": { - "region": "ap-northeast-2", - "data_events": [], - "tags": [] - } - } - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:ca-central-1:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ca-central-1" - }, - "remediation": { - "desc": "Enable CloudTrail logging management events in All Regions", - "references": [ - "https://docs.prowler.com/checks/aws/logging-policies/logging_14" - ] - }, - "risk_details": "AWS CloudTrail enables governance, compliance, operational auditing, and risk auditing of your AWS account. To meet FTR requirements, you must have management events enabled for all AWS accounts and in all regions and aggregate these logs into an Amazon Simple Storage Service (Amazon S3) bucket owned by a separate AWS account.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled and logging management events were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled_logging_management_events", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled and logging management events were found.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.prowler.com/checks/aws/logging-policies/logging_14", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-05.02B", - "AM-01.01AC", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-11.02AC", - "OPS-12.01B", - "OPS-13.02B", - "OPS-13.01AC", - "OPS-13.03AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "IAM-07.04B", - "DEV-08.02B", - "SSO-05.01AC", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-04.05B", - "PSS-12.02AC", - "PSS-12.03AC" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR02" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "NIS2": [ - "3.1.2.a", - "3.2.3.c", - "3.4.2.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Ensure CloudTrail logging management events in All Regions", - "title": "Ensure CloudTrail logging management events in All Regions", - "types": [ - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled_logging_management_events-211203495394-eu-central-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-central-1", - "data": { - "details": "", - "metadata": { - "arn:aws:cloudtrail:us-east-1:211203495394:trail": { - "region": "us-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-east-2:211203495394:trail": { - "region": "us-east-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-2:211203495394:trail": { - "region": "us-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-1:211203495394:trail": { - "region": "eu-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ca-central-1:211203495394:trail": { - "region": "ca-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-central-1:211203495394:trail": { - "region": "eu-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-2:211203495394:trail": { - "region": "eu-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:sa-east-1:211203495394:trail": { - "region": "sa-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-3:211203495394:trail": { - "region": "eu-west-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-1:211203495394:trail": { - "region": "ap-northeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-1:211203495394:trail": { - "region": "ap-southeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-1:211203495394:trail": { - "region": "us-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-2:211203495394:trail": { - "region": "ap-southeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-3:211203495394:trail": { - "region": "ap-northeast-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-south-1:211203495394:trail": { - "region": "ap-south-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-north-1:211203495394:trail": { - "region": "eu-north-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-2:211203495394:trail": { - "region": "ap-northeast-2", - "data_events": [], - "tags": [] - } - } - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:eu-central-1:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-central-1" - }, - "remediation": { - "desc": "Enable CloudTrail logging management events in All Regions", - "references": [ - "https://docs.prowler.com/checks/aws/logging-policies/logging_14" - ] - }, - "risk_details": "AWS CloudTrail enables governance, compliance, operational auditing, and risk auditing of your AWS account. To meet FTR requirements, you must have management events enabled for all AWS accounts and in all regions and aggregate these logs into an Amazon Simple Storage Service (Amazon S3) bucket owned by a separate AWS account.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled and logging management events were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled_logging_management_events", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled and logging management events were found.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.prowler.com/checks/aws/logging-policies/logging_14", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-05.02B", - "AM-01.01AC", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-11.02AC", - "OPS-12.01B", - "OPS-13.02B", - "OPS-13.01AC", - "OPS-13.03AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "IAM-07.04B", - "DEV-08.02B", - "SSO-05.01AC", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-04.05B", - "PSS-12.02AC", - "PSS-12.03AC" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR02" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "NIS2": [ - "3.1.2.a", - "3.2.3.c", - "3.4.2.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Ensure CloudTrail logging management events in All Regions", - "title": "Ensure CloudTrail logging management events in All Regions", - "types": [ - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled_logging_management_events-211203495394-eu-north-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-north-1", - "data": { - "details": "", - "metadata": { - "arn:aws:cloudtrail:us-east-1:211203495394:trail": { - "region": "us-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-east-2:211203495394:trail": { - "region": "us-east-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-2:211203495394:trail": { - "region": "us-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-1:211203495394:trail": { - "region": "eu-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ca-central-1:211203495394:trail": { - "region": "ca-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-central-1:211203495394:trail": { - "region": "eu-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-2:211203495394:trail": { - "region": "eu-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:sa-east-1:211203495394:trail": { - "region": "sa-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-3:211203495394:trail": { - "region": "eu-west-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-1:211203495394:trail": { - "region": "ap-northeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-1:211203495394:trail": { - "region": "ap-southeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-1:211203495394:trail": { - "region": "us-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-2:211203495394:trail": { - "region": "ap-southeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-3:211203495394:trail": { - "region": "ap-northeast-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-south-1:211203495394:trail": { - "region": "ap-south-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-north-1:211203495394:trail": { - "region": "eu-north-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-2:211203495394:trail": { - "region": "ap-northeast-2", - "data_events": [], - "tags": [] - } - } - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:eu-north-1:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-north-1" - }, - "remediation": { - "desc": "Enable CloudTrail logging management events in All Regions", - "references": [ - "https://docs.prowler.com/checks/aws/logging-policies/logging_14" - ] - }, - "risk_details": "AWS CloudTrail enables governance, compliance, operational auditing, and risk auditing of your AWS account. To meet FTR requirements, you must have management events enabled for all AWS accounts and in all regions and aggregate these logs into an Amazon Simple Storage Service (Amazon S3) bucket owned by a separate AWS account.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled and logging management events were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled_logging_management_events", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled and logging management events were found.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.prowler.com/checks/aws/logging-policies/logging_14", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-05.02B", - "AM-01.01AC", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-11.02AC", - "OPS-12.01B", - "OPS-13.02B", - "OPS-13.01AC", - "OPS-13.03AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "IAM-07.04B", - "DEV-08.02B", - "SSO-05.01AC", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-04.05B", - "PSS-12.02AC", - "PSS-12.03AC" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR02" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "NIS2": [ - "3.1.2.a", - "3.2.3.c", - "3.4.2.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Ensure CloudTrail logging management events in All Regions", - "title": "Ensure CloudTrail logging management events in All Regions", - "types": [ - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled_logging_management_events-211203495394-eu-west-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn:aws:cloudtrail:us-east-1:211203495394:trail": { - "region": "us-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-east-2:211203495394:trail": { - "region": "us-east-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-2:211203495394:trail": { - "region": "us-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-1:211203495394:trail": { - "region": "eu-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ca-central-1:211203495394:trail": { - "region": "ca-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-central-1:211203495394:trail": { - "region": "eu-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-2:211203495394:trail": { - "region": "eu-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:sa-east-1:211203495394:trail": { - "region": "sa-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-3:211203495394:trail": { - "region": "eu-west-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-1:211203495394:trail": { - "region": "ap-northeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-1:211203495394:trail": { - "region": "ap-southeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-1:211203495394:trail": { - "region": "us-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-2:211203495394:trail": { - "region": "ap-southeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-3:211203495394:trail": { - "region": "ap-northeast-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-south-1:211203495394:trail": { - "region": "ap-south-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-north-1:211203495394:trail": { - "region": "eu-north-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-2:211203495394:trail": { - "region": "ap-northeast-2", - "data_events": [], - "tags": [] - } - } - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:eu-west-1:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Enable CloudTrail logging management events in All Regions", - "references": [ - "https://docs.prowler.com/checks/aws/logging-policies/logging_14" - ] - }, - "risk_details": "AWS CloudTrail enables governance, compliance, operational auditing, and risk auditing of your AWS account. To meet FTR requirements, you must have management events enabled for all AWS accounts and in all regions and aggregate these logs into an Amazon Simple Storage Service (Amazon S3) bucket owned by a separate AWS account.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled and logging management events were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled_logging_management_events", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled and logging management events were found.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.prowler.com/checks/aws/logging-policies/logging_14", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-05.02B", - "AM-01.01AC", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-11.02AC", - "OPS-12.01B", - "OPS-13.02B", - "OPS-13.01AC", - "OPS-13.03AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "IAM-07.04B", - "DEV-08.02B", - "SSO-05.01AC", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-04.05B", - "PSS-12.02AC", - "PSS-12.03AC" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR02" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "NIS2": [ - "3.1.2.a", - "3.2.3.c", - "3.4.2.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Ensure CloudTrail logging management events in All Regions", - "title": "Ensure CloudTrail logging management events in All Regions", - "types": [ - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled_logging_management_events-211203495394-eu-west-2-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-2", - "data": { - "details": "", - "metadata": { - "arn:aws:cloudtrail:us-east-1:211203495394:trail": { - "region": "us-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-east-2:211203495394:trail": { - "region": "us-east-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-2:211203495394:trail": { - "region": "us-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-1:211203495394:trail": { - "region": "eu-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ca-central-1:211203495394:trail": { - "region": "ca-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-central-1:211203495394:trail": { - "region": "eu-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-2:211203495394:trail": { - "region": "eu-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:sa-east-1:211203495394:trail": { - "region": "sa-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-3:211203495394:trail": { - "region": "eu-west-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-1:211203495394:trail": { - "region": "ap-northeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-1:211203495394:trail": { - "region": "ap-southeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-1:211203495394:trail": { - "region": "us-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-2:211203495394:trail": { - "region": "ap-southeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-3:211203495394:trail": { - "region": "ap-northeast-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-south-1:211203495394:trail": { - "region": "ap-south-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-north-1:211203495394:trail": { - "region": "eu-north-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-2:211203495394:trail": { - "region": "ap-northeast-2", - "data_events": [], - "tags": [] - } - } - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:eu-west-2:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-2" - }, - "remediation": { - "desc": "Enable CloudTrail logging management events in All Regions", - "references": [ - "https://docs.prowler.com/checks/aws/logging-policies/logging_14" - ] - }, - "risk_details": "AWS CloudTrail enables governance, compliance, operational auditing, and risk auditing of your AWS account. To meet FTR requirements, you must have management events enabled for all AWS accounts and in all regions and aggregate these logs into an Amazon Simple Storage Service (Amazon S3) bucket owned by a separate AWS account.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled and logging management events were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled_logging_management_events", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled and logging management events were found.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.prowler.com/checks/aws/logging-policies/logging_14", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-05.02B", - "AM-01.01AC", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-11.02AC", - "OPS-12.01B", - "OPS-13.02B", - "OPS-13.01AC", - "OPS-13.03AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "IAM-07.04B", - "DEV-08.02B", - "SSO-05.01AC", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-04.05B", - "PSS-12.02AC", - "PSS-12.03AC" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR02" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "NIS2": [ - "3.1.2.a", - "3.2.3.c", - "3.4.2.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Ensure CloudTrail logging management events in All Regions", - "title": "Ensure CloudTrail logging management events in All Regions", - "types": [ - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled_logging_management_events-211203495394-eu-west-3-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-3", - "data": { - "details": "", - "metadata": { - "arn:aws:cloudtrail:us-east-1:211203495394:trail": { - "region": "us-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-east-2:211203495394:trail": { - "region": "us-east-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-2:211203495394:trail": { - "region": "us-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-1:211203495394:trail": { - "region": "eu-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ca-central-1:211203495394:trail": { - "region": "ca-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-central-1:211203495394:trail": { - "region": "eu-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-2:211203495394:trail": { - "region": "eu-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:sa-east-1:211203495394:trail": { - "region": "sa-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-3:211203495394:trail": { - "region": "eu-west-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-1:211203495394:trail": { - "region": "ap-northeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-1:211203495394:trail": { - "region": "ap-southeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-1:211203495394:trail": { - "region": "us-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-2:211203495394:trail": { - "region": "ap-southeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-3:211203495394:trail": { - "region": "ap-northeast-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-south-1:211203495394:trail": { - "region": "ap-south-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-north-1:211203495394:trail": { - "region": "eu-north-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-2:211203495394:trail": { - "region": "ap-northeast-2", - "data_events": [], - "tags": [] - } - } - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:eu-west-3:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-3" - }, - "remediation": { - "desc": "Enable CloudTrail logging management events in All Regions", - "references": [ - "https://docs.prowler.com/checks/aws/logging-policies/logging_14" - ] - }, - "risk_details": "AWS CloudTrail enables governance, compliance, operational auditing, and risk auditing of your AWS account. To meet FTR requirements, you must have management events enabled for all AWS accounts and in all regions and aggregate these logs into an Amazon Simple Storage Service (Amazon S3) bucket owned by a separate AWS account.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled and logging management events were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled_logging_management_events", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled and logging management events were found.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.prowler.com/checks/aws/logging-policies/logging_14", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-05.02B", - "AM-01.01AC", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-11.02AC", - "OPS-12.01B", - "OPS-13.02B", - "OPS-13.01AC", - "OPS-13.03AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "IAM-07.04B", - "DEV-08.02B", - "SSO-05.01AC", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-04.05B", - "PSS-12.02AC", - "PSS-12.03AC" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR02" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "NIS2": [ - "3.1.2.a", - "3.2.3.c", - "3.4.2.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Ensure CloudTrail logging management events in All Regions", - "title": "Ensure CloudTrail logging management events in All Regions", - "types": [ - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled_logging_management_events-211203495394-sa-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "sa-east-1", - "data": { - "details": "", - "metadata": { - "arn:aws:cloudtrail:us-east-1:211203495394:trail": { - "region": "us-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-east-2:211203495394:trail": { - "region": "us-east-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-2:211203495394:trail": { - "region": "us-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-1:211203495394:trail": { - "region": "eu-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ca-central-1:211203495394:trail": { - "region": "ca-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-central-1:211203495394:trail": { - "region": "eu-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-2:211203495394:trail": { - "region": "eu-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:sa-east-1:211203495394:trail": { - "region": "sa-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-3:211203495394:trail": { - "region": "eu-west-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-1:211203495394:trail": { - "region": "ap-northeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-1:211203495394:trail": { - "region": "ap-southeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-1:211203495394:trail": { - "region": "us-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-2:211203495394:trail": { - "region": "ap-southeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-3:211203495394:trail": { - "region": "ap-northeast-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-south-1:211203495394:trail": { - "region": "ap-south-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-north-1:211203495394:trail": { - "region": "eu-north-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-2:211203495394:trail": { - "region": "ap-northeast-2", - "data_events": [], - "tags": [] - } - } - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:sa-east-1:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "sa-east-1" - }, - "remediation": { - "desc": "Enable CloudTrail logging management events in All Regions", - "references": [ - "https://docs.prowler.com/checks/aws/logging-policies/logging_14" - ] - }, - "risk_details": "AWS CloudTrail enables governance, compliance, operational auditing, and risk auditing of your AWS account. To meet FTR requirements, you must have management events enabled for all AWS accounts and in all regions and aggregate these logs into an Amazon Simple Storage Service (Amazon S3) bucket owned by a separate AWS account.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled and logging management events were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled_logging_management_events", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled and logging management events were found.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.prowler.com/checks/aws/logging-policies/logging_14", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-05.02B", - "AM-01.01AC", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-11.02AC", - "OPS-12.01B", - "OPS-13.02B", - "OPS-13.01AC", - "OPS-13.03AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "IAM-07.04B", - "DEV-08.02B", - "SSO-05.01AC", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-04.05B", - "PSS-12.02AC", - "PSS-12.03AC" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR02" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "NIS2": [ - "3.1.2.a", - "3.2.3.c", - "3.4.2.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Ensure CloudTrail logging management events in All Regions", - "title": "Ensure CloudTrail logging management events in All Regions", - "types": [ - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled_logging_management_events-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn:aws:cloudtrail:us-east-1:211203495394:trail": { - "region": "us-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-east-2:211203495394:trail": { - "region": "us-east-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-2:211203495394:trail": { - "region": "us-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-1:211203495394:trail": { - "region": "eu-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ca-central-1:211203495394:trail": { - "region": "ca-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-central-1:211203495394:trail": { - "region": "eu-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-2:211203495394:trail": { - "region": "eu-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:sa-east-1:211203495394:trail": { - "region": "sa-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-3:211203495394:trail": { - "region": "eu-west-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-1:211203495394:trail": { - "region": "ap-northeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-1:211203495394:trail": { - "region": "ap-southeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-1:211203495394:trail": { - "region": "us-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-2:211203495394:trail": { - "region": "ap-southeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-3:211203495394:trail": { - "region": "ap-northeast-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-south-1:211203495394:trail": { - "region": "ap-south-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-north-1:211203495394:trail": { - "region": "eu-north-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-2:211203495394:trail": { - "region": "ap-northeast-2", - "data_events": [], - "tags": [] - } - } - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:us-east-1:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Enable CloudTrail logging management events in All Regions", - "references": [ - "https://docs.prowler.com/checks/aws/logging-policies/logging_14" - ] - }, - "risk_details": "AWS CloudTrail enables governance, compliance, operational auditing, and risk auditing of your AWS account. To meet FTR requirements, you must have management events enabled for all AWS accounts and in all regions and aggregate these logs into an Amazon Simple Storage Service (Amazon S3) bucket owned by a separate AWS account.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled and logging management events were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled_logging_management_events", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled and logging management events were found.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.prowler.com/checks/aws/logging-policies/logging_14", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-05.02B", - "AM-01.01AC", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-11.02AC", - "OPS-12.01B", - "OPS-13.02B", - "OPS-13.01AC", - "OPS-13.03AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "IAM-07.04B", - "DEV-08.02B", - "SSO-05.01AC", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-04.05B", - "PSS-12.02AC", - "PSS-12.03AC" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR02" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "NIS2": [ - "3.1.2.a", - "3.2.3.c", - "3.4.2.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Ensure CloudTrail logging management events in All Regions", - "title": "Ensure CloudTrail logging management events in All Regions", - "types": [ - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled_logging_management_events-211203495394-us-east-2-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-2", - "data": { - "details": "", - "metadata": { - "arn:aws:cloudtrail:us-east-1:211203495394:trail": { - "region": "us-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-east-2:211203495394:trail": { - "region": "us-east-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-2:211203495394:trail": { - "region": "us-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-1:211203495394:trail": { - "region": "eu-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ca-central-1:211203495394:trail": { - "region": "ca-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-central-1:211203495394:trail": { - "region": "eu-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-2:211203495394:trail": { - "region": "eu-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:sa-east-1:211203495394:trail": { - "region": "sa-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-3:211203495394:trail": { - "region": "eu-west-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-1:211203495394:trail": { - "region": "ap-northeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-1:211203495394:trail": { - "region": "ap-southeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-1:211203495394:trail": { - "region": "us-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-2:211203495394:trail": { - "region": "ap-southeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-3:211203495394:trail": { - "region": "ap-northeast-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-south-1:211203495394:trail": { - "region": "ap-south-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-north-1:211203495394:trail": { - "region": "eu-north-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-2:211203495394:trail": { - "region": "ap-northeast-2", - "data_events": [], - "tags": [] - } - } - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:us-east-2:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-2" - }, - "remediation": { - "desc": "Enable CloudTrail logging management events in All Regions", - "references": [ - "https://docs.prowler.com/checks/aws/logging-policies/logging_14" - ] - }, - "risk_details": "AWS CloudTrail enables governance, compliance, operational auditing, and risk auditing of your AWS account. To meet FTR requirements, you must have management events enabled for all AWS accounts and in all regions and aggregate these logs into an Amazon Simple Storage Service (Amazon S3) bucket owned by a separate AWS account.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled and logging management events were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled_logging_management_events", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled and logging management events were found.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.prowler.com/checks/aws/logging-policies/logging_14", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-05.02B", - "AM-01.01AC", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-11.02AC", - "OPS-12.01B", - "OPS-13.02B", - "OPS-13.01AC", - "OPS-13.03AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "IAM-07.04B", - "DEV-08.02B", - "SSO-05.01AC", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-04.05B", - "PSS-12.02AC", - "PSS-12.03AC" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR02" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "NIS2": [ - "3.1.2.a", - "3.2.3.c", - "3.4.2.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Ensure CloudTrail logging management events in All Regions", - "title": "Ensure CloudTrail logging management events in All Regions", - "types": [ - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled_logging_management_events-211203495394-us-west-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-west-1", - "data": { - "details": "", - "metadata": { - "arn:aws:cloudtrail:us-east-1:211203495394:trail": { - "region": "us-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-east-2:211203495394:trail": { - "region": "us-east-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-2:211203495394:trail": { - "region": "us-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-1:211203495394:trail": { - "region": "eu-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ca-central-1:211203495394:trail": { - "region": "ca-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-central-1:211203495394:trail": { - "region": "eu-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-2:211203495394:trail": { - "region": "eu-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:sa-east-1:211203495394:trail": { - "region": "sa-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-3:211203495394:trail": { - "region": "eu-west-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-1:211203495394:trail": { - "region": "ap-northeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-1:211203495394:trail": { - "region": "ap-southeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-1:211203495394:trail": { - "region": "us-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-2:211203495394:trail": { - "region": "ap-southeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-3:211203495394:trail": { - "region": "ap-northeast-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-south-1:211203495394:trail": { - "region": "ap-south-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-north-1:211203495394:trail": { - "region": "eu-north-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-2:211203495394:trail": { - "region": "ap-northeast-2", - "data_events": [], - "tags": [] - } - } - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:us-west-1:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-west-1" - }, - "remediation": { - "desc": "Enable CloudTrail logging management events in All Regions", - "references": [ - "https://docs.prowler.com/checks/aws/logging-policies/logging_14" - ] - }, - "risk_details": "AWS CloudTrail enables governance, compliance, operational auditing, and risk auditing of your AWS account. To meet FTR requirements, you must have management events enabled for all AWS accounts and in all regions and aggregate these logs into an Amazon Simple Storage Service (Amazon S3) bucket owned by a separate AWS account.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled and logging management events were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled_logging_management_events", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled and logging management events were found.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.prowler.com/checks/aws/logging-policies/logging_14", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-05.02B", - "AM-01.01AC", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-11.02AC", - "OPS-12.01B", - "OPS-13.02B", - "OPS-13.01AC", - "OPS-13.03AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "IAM-07.04B", - "DEV-08.02B", - "SSO-05.01AC", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-04.05B", - "PSS-12.02AC", - "PSS-12.03AC" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR02" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "NIS2": [ - "3.1.2.a", - "3.2.3.c", - "3.4.2.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Ensure CloudTrail logging management events in All Regions", - "title": "Ensure CloudTrail logging management events in All Regions", - "types": [ - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled_logging_management_events-211203495394-us-west-2-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-west-2", - "data": { - "details": "", - "metadata": { - "arn:aws:cloudtrail:us-east-1:211203495394:trail": { - "region": "us-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-east-2:211203495394:trail": { - "region": "us-east-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-2:211203495394:trail": { - "region": "us-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-1:211203495394:trail": { - "region": "eu-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ca-central-1:211203495394:trail": { - "region": "ca-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-central-1:211203495394:trail": { - "region": "eu-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-2:211203495394:trail": { - "region": "eu-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:sa-east-1:211203495394:trail": { - "region": "sa-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-3:211203495394:trail": { - "region": "eu-west-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-1:211203495394:trail": { - "region": "ap-northeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-1:211203495394:trail": { - "region": "ap-southeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-1:211203495394:trail": { - "region": "us-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-2:211203495394:trail": { - "region": "ap-southeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-3:211203495394:trail": { - "region": "ap-northeast-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-south-1:211203495394:trail": { - "region": "ap-south-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-north-1:211203495394:trail": { - "region": "eu-north-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-2:211203495394:trail": { - "region": "ap-northeast-2", - "data_events": [], - "tags": [] - } - } - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:us-west-2:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-west-2" - }, - "remediation": { - "desc": "Enable CloudTrail logging management events in All Regions", - "references": [ - "https://docs.prowler.com/checks/aws/logging-policies/logging_14" - ] - }, - "risk_details": "AWS CloudTrail enables governance, compliance, operational auditing, and risk auditing of your AWS account. To meet FTR requirements, you must have management events enabled for all AWS accounts and in all regions and aggregate these logs into an Amazon Simple Storage Service (Amazon S3) bucket owned by a separate AWS account.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudWatch log groups found with metric filters or alarms associated.", - "metadata": { - "event_code": "cloudwatch_changes_to_network_acls_alarm_configured", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudWatch log groups found with metric filters or alarms associated.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Logging and Monitoring", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_6_1", - "3_6_2", - "3_12_4" - ], - "HIPAA": [ - "164_308_a_6_i" - ], - "SOC2": [ - "cc_5_2", - "cc_7_2", - "cc_7_3", - "cc_7_4" - ], - "C5-2025": [ - "OIS-04.03B", - "OIS-04.01AC", - "OIS-04.02AC", - "HR-03.02AC", - "AM-09.03AC", - "OPS-11.02AC", - "OPS-13.03AC", - "OPS-26.05B", - "OPS-26.01AS", - "OPS-26.06B", - "PSS-04.01B" - ], - "NIST-CSF-1.1": [ - "ae_5", - "cm_2", - "cm_5", - "cp_4", - "ra_5" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-4", - "au-6-1-3", - "au-7-1", - "ca-7-a-b", - "ir-4-1", - "ir-4-1", - "si-4-2", - "si-4-4", - "si-4-5", - "si-4-a-b-c" - ], - "CIS-3.0": [ - "4.11" - ], - "NIST-800-53-Revision-5": [ - "au_6_1", - "au_6_5", - "au_12_3", - "au_14_a", - "au_14_b", - "ca_2_2", - "ca_7", - "ca_7_b", - "pm_14_a_1", - "pm_14_b", - "pm_31", - "sc_36_1_a", - "si_2_a", - "si_4_12", - "si_5_1", - "si_5_b" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "4.11" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "ca-7", - "ir-4" - ], - "FFIEC": [ - "d5-dr-de-b-1", - "d5-dr-de-b-3" - ], - "CIS-5.0": [ - "4.11" - ], - "CIS-1.4": [ - "4.11" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR02", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN02.AR01", - "CCC.Core.CN09.AR03", - "CCC.Core.CN04.AR01" - ], - "ProwlerThreatScore-1.0": [ - "3.3.12" - ], - "CIS-1.5": [ - "4.11" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP04" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "NIST-800-53-Revision-4": [ - "ac_2_4", - "au_6_1", - "au_6_3", - "au_7_1", - "ca_7", - "ir_4_1", - "si_4_2", - "si_4_4", - "si_4_5", - "si_4" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1496" - ], - "CIS-2.0": [ - "4.11" - ], - "NIS2": [ - "2.2.3", - "3.2.3.a", - "3.2.3.c", - "3.2.3.f", - "6.4.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Ensure a log metric filter and alarm exist for changes to Network Access Control Lists (NACL).", - "title": "Ensure a log metric filter and alarm exist for changes to Network Access Control Lists (NACL).", - "types": [ - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudwatch_changes_to_network_acls_alarm_configured-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudwatch" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudWatchAlarm", - "uid": "arn:aws:logs:us-east-1:211203495394:log-group" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "It is recommended that a metric filter and alarm be established for unauthorized requests.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html" - ] - }, - "risk_details": "Monitoring unauthorized API calls will help reveal application errors and may reduce time to detect malicious activity.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudWatch log groups found with metric filters or alarms associated.", - "metadata": { - "event_code": "cloudwatch_changes_to_network_gateways_alarm_configured", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudWatch log groups found with metric filters or alarms associated.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Logging and Monitoring", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_6_1", - "3_6_2", - "3_12_4" - ], - "HIPAA": [ - "164_308_a_6_i" - ], - "SOC2": [ - "cc_5_2", - "cc_7_2", - "cc_7_3", - "cc_7_4" - ], - "C5-2025": [ - "OIS-04.03B", - "OIS-04.01AC", - "OIS-04.02AC", - "HR-03.02AC", - "AM-09.03AC", - "OPS-11.02AC", - "OPS-13.03AC", - "OPS-26.05B", - "OPS-26.01AS", - "OPS-26.06B", - "COS-03.02B", - "PSS-04.01B" - ], - "NIST-CSF-1.1": [ - "ae_5", - "cm_2", - "cm_5", - "cp_4", - "ra_5" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-4", - "au-6-1-3", - "au-7-1", - "ca-7-a-b", - "ir-4-1", - "ir-4-1", - "si-4-2", - "si-4-4", - "si-4-5", - "si-4-a-b-c" - ], - "CIS-3.0": [ - "4.12" - ], - "NIST-800-53-Revision-5": [ - "au_6_1", - "au_6_5", - "au_12_3", - "au_14_a", - "au_14_b", - "ca_2_2", - "ca_7", - "ca_7_b", - "pm_14_a_1", - "pm_14_b", - "pm_31", - "sc_36_1_a", - "si_2_a", - "si_4_12", - "si_5_1", - "si_5_b" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "4.12" - ], - "FedRAMP-Low-Revision-4": [ - "ir-4" - ], - "FFIEC": [ - "d5-dr-de-b-1", - "d5-dr-de-b-3" - ], - "CIS-5.0": [ - "4.12" - ], - "CIS-1.4": [ - "4.12" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR02", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN02.AR01", - "CCC.Core.CN09.AR03", - "CCC.Core.CN04.AR01" - ], - "ProwlerThreatScore-1.0": [ - "3.3.13" - ], - "CIS-1.5": [ - "4.12" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP04" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "NIST-800-53-Revision-4": [ - "ac_2_4", - "au_6_1", - "au_6_3", - "au_7_1", - "ca_7", - "ir_4_1", - "si_4_2", - "si_4_4", - "si_4_5", - "si_4" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1496" - ], - "CIS-2.0": [ - "4.12" - ], - "NIS2": [ - "2.2.3", - "3.2.3.a", - "3.2.3.c", - "3.2.3.f", - "3.2.4", - "6.4.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Ensure a log metric filter and alarm exist for changes to network gateways.", - "title": "Ensure a log metric filter and alarm exist for changes to network gateways.", - "types": [ - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudwatch_changes_to_network_gateways_alarm_configured-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudwatch" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudWatchAlarm", - "uid": "arn:aws:logs:us-east-1:211203495394:log-group" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "It is recommended that a metric filter and alarm be established for unauthorized requests.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html" - ] - }, - "risk_details": "Monitoring unauthorized API calls will help reveal application errors and may reduce time to detect malicious activity.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudWatch log groups found with metric filters or alarms associated.", - "metadata": { - "event_code": "cloudwatch_changes_to_network_route_tables_alarm_configured", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudWatch log groups found with metric filters or alarms associated.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_6_1", - "3_6_2", - "3_12_4" - ], - "HIPAA": [ - "164_308_a_6_i" - ], - "SOC2": [ - "cc_5_2", - "cc_7_2", - "cc_7_3", - "cc_7_4" - ], - "C5-2025": [ - "OIS-04.03B", - "OIS-04.01AC", - "OIS-04.02AC", - "HR-03.02AC", - "AM-09.03AC", - "OPS-13.03AC", - "OPS-26.06B", - "COS-03.02B", - "PSS-04.01B" - ], - "NIST-CSF-1.1": [ - "ae_5", - "cm_2", - "cm_5", - "cp_4", - "ra_5" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-4", - "au-6-1-3", - "au-7-1", - "ca-7-a-b", - "ir-4-1", - "ir-4-1", - "si-4-2", - "si-4-4", - "si-4-5", - "si-4-a-b-c" - ], - "CIS-3.0": [ - "4.13" - ], - "NIST-800-53-Revision-5": [ - "au_6_1", - "au_6_5", - "au_12_3", - "au_14_a", - "au_14_b", - "ca_2_2", - "ca_7", - "ca_7_b", - "pm_14_a_1", - "pm_14_b", - "pm_31", - "sc_36_1_a", - "si_2_a", - "si_4_12", - "si_5_1", - "si_5_b" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "4.13" - ], - "FedRAMP-Low-Revision-4": [ - "ir-4" - ], - "FFIEC": [ - "d5-dr-de-b-1", - "d5-dr-de-b-3" - ], - "CIS-5.0": [ - "4.13" - ], - "CIS-1.4": [ - "4.13" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR02", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN02.AR01", - "CCC.Core.CN09.AR03", - "CCC.Core.CN04.AR01" - ], - "ProwlerThreatScore-1.0": [ - "3.3.14" - ], - "CIS-1.5": [ - "4.13" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP04" - ], - "NIST-800-53-Revision-4": [ - "ac_2_4", - "au_6_1", - "au_6_3", - "au_7_1", - "ca_7", - "ir_4_1", - "si_4_2", - "si_4_4", - "si_4_5", - "si_4" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1496" - ], - "CIS-2.0": [ - "4.13" - ], - "NIS2": [ - "2.2.3", - "3.2.3.a", - "3.2.3.f", - "3.2.4", - "6.4.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Real-time monitoring of API calls can be achieved by directing Cloud Trail Logs to CloudWatch Logs, or an external Security information and event management (SIEM)environment, and establishing corresponding metric filters and alarms. Routing tablesare used to route network traffic between subnets and to network gateways. It isrecommended that a metric filter and alarm be established for changes to route tables.", - "title": "Ensure route table changes are monitored", - "types": [ - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudwatch_changes_to_network_route_tables_alarm_configured-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudwatch" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudWatchAlarm", - "uid": "arn:aws:logs:us-east-1:211203495394:log-group" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "If you are using CloudTrails and CloudWatch, perform the following to setup the metric filter, alarm, SNS topic, and subscription: 1. Create a metric filter based on filter pattern provided which checks for route table changes and the taken from audit step 1. aws logs put-metric-filter --log-group-name -- filter-name `` --metric-transformations metricName= `` ,metricNamespace='CISBenchmark',metricValue=1 --filter-pattern '{($.eventSource = ec2.amazonaws.com) && (($.eventName = CreateRoute) || ($.eventName = CreateRouteTable) || ($.eventName = ReplaceRoute) || ($.eventName = ReplaceRouteTableAssociation) || ($.eventName = DeleteRouteTable) || ($.eventName = DeleteRoute) || ($.eventName = DisassociateRouteTable)) }' Note: You can choose your own metricName and metricNamespace strings. Using the same metricNamespace for all Foundations Benchmark metrics will group them together. 2. Create an SNS topic that the alarm will notify aws sns create-topic --name Note: you can execute this command once and then re-use the same topic for all monitoring alarms. 3. Create an SNS subscription to the topic created in step 2 aws sns subscribe --topic-arn --protocol - -notification-endpoint Note: you can execute this command once and then re-use the SNS subscription for all monitoring alarms. 4. Create an alarm that is associated with the CloudWatch Logs Metric Filter created in step 1 and an SNS topic created in step 2 aws cloudwatch put-metric-alarm --alarm-name `` --metric-name `` --statistic Sum --period 300 - -threshold 1 --comparison-operator GreaterThanOrEqualToThreshold -- evaluation-periods 1 --namespace 'CISBenchmark' --alarm-actions ", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html" - ] - }, - "risk_details": "CloudWatch is an AWS native service that allows you to ob serve and monitor resources and applications. CloudTrail Logs can also be sent to an external Security informationand event management (SIEM) environment for monitoring and alerting.Monitoring changes to route tables will help ensure that all VPC traffic flows through anexpected path and prevent any accidental or intentional modifications that may lead touncontrolled network traffic. An alarm should be triggered every time an AWS API call isperformed to create, replace, delete, or disassociate a Route Table.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudWatch log groups found with metric filters or alarms associated.", - "metadata": { - "event_code": "cloudwatch_changes_to_vpcs_alarm_configured", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudWatch log groups found with metric filters or alarms associated.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Logging and Monitoring", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_6_1", - "3_6_2", - "3_12_4" - ], - "HIPAA": [ - "164_308_a_6_i" - ], - "SOC2": [ - "cc_5_2", - "cc_7_2", - "cc_7_3", - "cc_7_4" - ], - "C5-2025": [ - "OIS-04.03B", - "OIS-04.01AC", - "OIS-04.02AC", - "HR-03.02AC", - "AM-09.03AC", - "OPS-11.02AC", - "OPS-13.03AC", - "OPS-26.05B", - "OPS-26.01AS", - "OPS-26.06B", - "COS-03.02B", - "PSS-04.01B" - ], - "NIST-CSF-1.1": [ - "ae_5", - "cm_2", - "cm_5", - "cp_4", - "ra_5" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-4", - "au-6-1-3", - "au-7-1", - "ca-7-a-b", - "ir-4-1", - "ir-4-1", - "si-4-2", - "si-4-4", - "si-4-5", - "si-4-a-b-c" - ], - "CIS-3.0": [ - "4.14" - ], - "NIST-800-53-Revision-5": [ - "au_6_1", - "au_6_5", - "au_12_3", - "au_14_a", - "au_14_b", - "ca_2_2", - "ca_7", - "ca_7_b", - "pm_14_a_1", - "pm_14_b", - "pm_31", - "sc_36_1_a", - "si_2_a", - "si_4_12", - "si_5_1", - "si_5_b" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "4.14" - ], - "FedRAMP-Low-Revision-4": [ - "ir-4" - ], - "FFIEC": [ - "d5-dr-de-b-1", - "d5-dr-de-b-3" - ], - "CIS-5.0": [ - "4.14" - ], - "CIS-1.4": [ - "4.14" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR02", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN02.AR01", - "CCC.Core.CN09.AR03", - "CCC.Core.CN04.AR01" - ], - "ProwlerThreatScore-1.0": [ - "3.3.15" - ], - "CIS-1.5": [ - "4.14" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP04" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "NIST-800-53-Revision-4": [ - "ac_2_4", - "au_6_1", - "au_6_3", - "au_7_1", - "ca_7", - "ir_4_1", - "si_4_2", - "si_4_4", - "si_4_5", - "si_4" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1496" - ], - "CIS-2.0": [ - "4.14" - ], - "NIS2": [ - "2.2.3", - "3.2.3.c", - "3.2.3.f", - "3.2.4", - "6.4.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Ensure a log metric filter and alarm exist for VPC changes.", - "title": "Ensure a log metric filter and alarm exist for VPC changes.", - "types": [ - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudwatch_changes_to_vpcs_alarm_configured-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudwatch" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudWatchAlarm", - "uid": "arn:aws:logs:us-east-1:211203495394:log-group" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "It is recommended that a metric filter and alarm be established for unauthorized requests.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html" - ] - }, - "risk_details": "Monitoring unauthorized API calls will help reveal application errors and may reduce time to detect malicious activity.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "CloudWatch doesn't allow cross-account sharing.", - "metadata": { - "event_code": "cloudwatch_cross_account_sharing_disabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "CloudWatch doesn't allow cross-account sharing.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/Cross-Account-Cross-Region.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-04.01AC", - "PSS-04.01B" - ], - "ENS-RD2022": [ - "op.acc.4.aws.iam.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.2", - "2.10.1", - "2.10.2" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC03-BP01" - ], - "KISA-ISMS-P-2023": [ - "2.6.2", - "2.10.1", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Check if CloudWatch has allowed cross-account sharing.", - "title": "Check if CloudWatch has allowed cross-account sharing.", - "types": [ - "Logging and Monitoring" - ], - "uid": "prowler-aws-cloudwatch_cross_account_sharing_disabled-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudwatch" - }, - "labels": [], - "name": "211203495394", - "type": "AwsAccount", - "uid": "arn:aws:iam:us-east-1:211203495394:role" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Grant usage permission on a per-resource basis to enforce least privilege and Zero Trust principles.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/Cross-Account-Cross-Region.html" - ] - }, - "risk_details": "Cross-Account access to CloudWatch could increase the risk of compromising information between accounts.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudWatch log groups found with metric filters or alarms associated.", - "metadata": { - "event_code": "cloudwatch_log_metric_filter_and_alarm_for_aws_config_configuration_changes_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudWatch log groups found with metric filters or alarms associated.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Logging and Monitoring", - "compliance": { - "SOC2": [ - "cc_5_2" - ], - "C5-2025": [ - "OIS-04.03B", - "OIS-04.01AC", - "OIS-04.02AC", - "HR-03.02AC", - "AM-01.01AC", - "AM-09.03AC", - "OPS-11.02AC", - "OPS-13.03AC", - "OPS-26.05B", - "OPS-26.01AS", - "OPS-26.06B", - "PSS-04.01B" - ], - "NIST-CSF-1.1": [ - "cm_2", - "ra_5", - "sc_4" - ], - "CIS-3.0": [ - "4.9" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "4.9" - ], - "GDPR": [ - "article_25" - ], - "CIS-5.0": [ - "4.9" - ], - "CIS-1.4": [ - "4.9" - ], - "CCC": [ - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.Core.CN04.AR01" - ], - "ProwlerThreatScore-1.0": [ - "3.3.10" - ], - "CIS-1.5": [ - "4.9" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP04" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "KISA-ISMS-P-2023": [ - "2.10.1", - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1496" - ], - "CIS-2.0": [ - "4.9" - ], - "NIS2": [ - "2.2.3", - "3.2.3.c", - "3.2.3.f", - "3.2.3.g", - "3.5.4", - "7.2.b" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Ensure a log metric filter and alarm exist for AWS Config configuration changes.", - "title": "Ensure a log metric filter and alarm exist for AWS Config configuration changes.", - "types": [ - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudwatch_log_metric_filter_and_alarm_for_aws_config_configuration_changes_enabled-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudwatch" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudWatchAlarm", - "uid": "arn:aws:logs:us-east-1:211203495394:log-group" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "It is recommended that a metric filter and alarm be established for unauthorized requests.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html" - ] - }, - "risk_details": "Monitoring unauthorized API calls will help reveal application errors and may reduce time to detect malicious activity.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudWatch log groups found with metric filters or alarms associated.", - "metadata": { - "event_code": "cloudwatch_log_metric_filter_and_alarm_for_cloudtrail_configuration_changes_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudWatch log groups found with metric filters or alarms associated.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Logging and Monitoring", - "compliance": { - "SOC2": [ - "cc_5_2" - ], - "C5-2025": [ - "OIS-04.03B", - "OIS-04.01AC", - "OIS-04.02AC", - "HR-03.02AC", - "AM-01.01AC", - "AM-09.03AC", - "OPS-11.02AC", - "OPS-13.03AC", - "OPS-26.05B", - "OPS-26.01AS", - "OPS-26.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-04.01B" - ], - "NIST-CSF-1.1": [ - "cm_2", - "ra_5", - "sc_4" - ], - "CIS-3.0": [ - "4.5" - ], - "ENS-RD2022": [ - "op.exp.8.aws.ct.2", - "op.exp.8.r1.aws.ct.2", - "op.exp.8.r1.aws.ct.3" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "4.5" - ], - "GDPR": [ - "article_25" - ], - "CIS-5.0": [ - "4.5" - ], - "CIS-1.4": [ - "4.5" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN03.AR02", - "CCC.LB.CN04.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Monitor.CN02.AR01", - "CCC.Core.CN09.AR02", - "CCC.Core.CN09.AR03", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR03" - ], - "ProwlerThreatScore-1.0": [ - "3.3.6" - ], - "CIS-1.5": [ - "4.5" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP04" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "AWS-Account-Security-Onboarding": [ - "Critical alert on cloudtrail settings changes" - ], - "KISA-ISMS-P-2023": [ - "2.10.1", - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1496" - ], - "CIS-2.0": [ - "4.5" - ], - "CISA": [ - "your-data-2" - ], - "NIS2": [ - "2.2.3", - "3.2.3.c", - "3.2.3.f", - "3.2.3.g", - "3.2.4", - "3.5.4", - "7.2.b" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Ensure a log metric filter and alarm exist for CloudTrail configuration changes.", - "title": "Ensure a log metric filter and alarm exist for CloudTrail configuration changes.", - "types": [ - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudwatch_log_metric_filter_and_alarm_for_cloudtrail_configuration_changes_enabled-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudwatch" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudWatchAlarm", - "uid": "arn:aws:logs:us-east-1:211203495394:log-group" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "It is recommended that a metric filter and alarm be established for unauthorized requests.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html" - ] - }, - "risk_details": "Monitoring unauthorized API calls will help reveal application errors and may reduce time to detect malicious activity.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudWatch log groups found with metric filters or alarms associated.", - "metadata": { - "event_code": "cloudwatch_log_metric_filter_authentication_failures", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudWatch log groups found with metric filters or alarms associated.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Logging and Monitoring", - "compliance": { - "HIPAA": [ - "164_308_a_5_ii_c", - "164_308_a_6_i", - "164_308_a_6_ii" - ], - "C5-2025": [ - "OIS-04.01AC", - "OIS-04.02AC", - "HR-03.02AC", - "AM-01.01AC", - "AM-09.03AC", - "OPS-11.02AC", - "OPS-26.05B", - "OPS-26.01AS", - "OPS-26.06B", - "IAM-03.01AC", - "PSS-04.01B" - ], - "NIST-CSF-1.1": [ - "cm_2", - "ra_5", - "sc_4" - ], - "CIS-3.0": [ - "4.6" - ], - "ENS-RD2022": [ - "op.exp.8.aws.ct.5" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "4.6" - ], - "GDPR": [ - "article_25" - ], - "CIS-5.0": [ - "4.6" - ], - "CIS-1.4": [ - "4.6" - ], - "CCC": [ - "CCC.Monitor.CN02.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR03" - ], - "ProwlerThreatScore-1.0": [ - "3.3.7" - ], - "CIS-1.5": [ - "4.6" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP04" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "AWS-Account-Security-Onboarding": [ - "Alert on rise of ConsoleLoginFailures events" - ], - "KISA-ISMS-P-2023": [ - "2.10.1", - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1496" - ], - "CIS-2.0": [ - "4.6" - ], - "NIS2": [ - "3.2.3.c", - "3.2.3.d", - "3.2.3.g", - "3.5.4", - "7.2.b" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Ensure a log metric filter and alarm exist for AWS Management Console authentication failures.", - "title": "Ensure a log metric filter and alarm exist for AWS Management Console authentication failures.", - "types": [ - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudwatch_log_metric_filter_authentication_failures-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudwatch" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudWatchAlarm", - "uid": "arn:aws:logs:us-east-1:211203495394:log-group" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "It is recommended that a metric filter and alarm be established for unauthorized requests.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html" - ] - }, - "risk_details": "Monitoring unauthorized API calls will help reveal application errors and may reduce time to detect malicious activity.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudWatch log groups found with metric filters or alarms associated.", - "metadata": { - "event_code": "cloudwatch_log_metric_filter_aws_organizations_changes", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudWatch log groups found with metric filters or alarms associated.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Logging and Monitoring", - "compliance": { - "SOC2": [ - "cc_5_2" - ], - "C5-2025": [ - "OIS-04.03B", - "OIS-04.01AC", - "OIS-04.02AC", - "HR-03.02AC", - "AM-01.01AC", - "AM-09.03AC", - "OPS-11.02AC", - "OPS-26.05B", - "OPS-26.01AS", - "OPS-26.06B", - "PSS-04.01B" - ], - "CIS-3.0": [ - "4.15" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "4.15" - ], - "CIS-5.0": [ - "4.15" - ], - "CIS-1.4": [ - "4.15" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR02" - ], - "ProwlerThreatScore-1.0": [ - "3.3.16" - ], - "CIS-1.5": [ - "4.15" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP04" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "KISA-ISMS-P-2023": [ - "2.10.1", - "2.10.2", - "2.11.3" - ], - "MITRE-ATTACK": [ - "T1496" - ], - "CIS-2.0": [ - "4.15" - ], - "NIS2": [ - "2.2.3", - "3.2.2", - "3.2.3.b", - "3.2.3.c", - "3.2.3.f", - "3.2.3.g", - "3.5.4", - "7.2.b", - "11.5.2.d" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Ensure a log metric filter and alarm exist for AWS Organizations changes.", - "title": "Ensure a log metric filter and alarm exist for AWS Organizations changes.", - "types": [ - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudwatch_log_metric_filter_aws_organizations_changes-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudwatch" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudWatchAlarm", - "uid": "arn:aws:logs:us-east-1:211203495394:log-group" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "It is recommended that a metric filter and alarm be established for unauthorized requests.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html" - ] - }, - "risk_details": "Monitoring unauthorized API calls will help reveal application errors and may reduce time to detect malicious activity.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudWatch log groups found with metric filters or alarms associated.", - "metadata": { - "event_code": "cloudwatch_log_metric_filter_disable_or_scheduled_deletion_of_kms_cmk", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudWatch log groups found with metric filters or alarms associated.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Logging and Monitoring", - "compliance": { - "C5-2025": [ - "OIS-04.02AC", - "OIS-08.02B", - "HR-03.02AC", - "AM-01.01AC", - "AM-07.02B", - "AM-09.03AC", - "OPS-11.02AC", - "OPS-26.05B", - "OPS-26.01AS", - "OPS-26.06B", - "CRY-05.02B", - "PSS-04.01B" - ], - "NIST-CSF-1.1": [ - "cm_2", - "ra_5", - "sc_4" - ], - "CIS-3.0": [ - "4.7" - ], - "ENS-RD2022": [ - "op.exp.10.aws.cmk.4", - "op.exp.10.aws.cmk.5" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "4.7" - ], - "GDPR": [ - "article_25" - ], - "CIS-5.0": [ - "4.7" - ], - "CIS-1.4": [ - "4.7" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR02", - "CCC.Core.CN04.AR01" - ], - "ProwlerThreatScore-1.0": [ - "3.3.8" - ], - "CIS-1.5": [ - "4.7" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP04" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "KISA-ISMS-P-2023": [ - "2.10.1", - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.10.1", - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1485", - "T1496" - ], - "CIS-2.0": [ - "4.7" - ], - "NIS2": [ - "3.2.3.c", - "3.2.3.g", - "3.5.4", - "7.2.b" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Ensure a log metric filter and alarm exist for disabling or scheduled deletion of customer created KMS CMKs.", - "title": "Ensure a log metric filter and alarm exist for disabling or scheduled deletion of customer created KMS CMKs.", - "types": [ - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudwatch_log_metric_filter_disable_or_scheduled_deletion_of_kms_cmk-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudwatch" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudWatchAlarm", - "uid": "arn:aws:logs:us-east-1:211203495394:log-group" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "It is recommended that a metric filter and alarm be established for unauthorized requests.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html" - ] - }, - "risk_details": "Monitoring unauthorized API calls will help reveal application errors and may reduce time to detect malicious activity.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudWatch log groups found with metric filters or alarms associated.", - "metadata": { - "event_code": "cloudwatch_log_metric_filter_for_s3_bucket_policy_changes", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudWatch log groups found with metric filters or alarms associated.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Logging and Monitoring", - "compliance": { - "SOC2": [ - "cc_5_2" - ], - "C5-2025": [ - "OIS-04.03B", - "OIS-04.01AC", - "OIS-04.02AC", - "HR-03.02AC", - "AM-01.01AC", - "AM-09.03AC", - "OPS-11.02AC", - "OPS-26.05B", - "OPS-26.01AS", - "OPS-26.06B", - "PSS-04.01B" - ], - "NIST-CSF-1.1": [ - "cm_2", - "ra_5", - "sc_4" - ], - "CIS-3.0": [ - "4.8" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "4.8" - ], - "GDPR": [ - "article_25" - ], - "CIS-5.0": [ - "4.8" - ], - "CIS-1.4": [ - "4.8" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR02", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.Core.CN04.AR01" - ], - "ProwlerThreatScore-1.0": [ - "3.3.9" - ], - "CIS-1.5": [ - "4.8" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP04" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "KISA-ISMS-P-2023": [ - "2.10.1", - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1496" - ], - "CIS-2.0": [ - "4.8" - ], - "NIS2": [ - "2.2.3", - "3.2.3.b", - "3.2.3.c", - "3.2.3.f", - "3.2.3.g", - "3.5.4", - "7.2.b" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Ensure a log metric filter and alarm exist for S3 bucket policy changes.", - "title": "Ensure a log metric filter and alarm exist for S3 bucket policy changes.", - "types": [ - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudwatch_log_metric_filter_for_s3_bucket_policy_changes-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudwatch" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudWatchAlarm", - "uid": "arn:aws:logs:us-east-1:211203495394:log-group" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "It is recommended that a metric filter and alarm be established for unauthorized requests.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html" - ] - }, - "risk_details": "Monitoring unauthorized API calls will help reveal application errors and may reduce time to detect malicious activity.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudWatch log groups found with metric filters or alarms associated.", - "metadata": { - "event_code": "cloudwatch_log_metric_filter_policy_changes", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudWatch log groups found with metric filters or alarms associated.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Logging and Monitoring", - "compliance": { - "SOC2": [ - "cc_5_2" - ], - "C5-2025": [ - "OIS-04.03B", - "OIS-04.01AC", - "OIS-04.02AC", - "HR-03.02AC", - "AM-01.01AC", - "AM-09.03AC", - "OPS-11.02AC", - "OPS-26.05B", - "OPS-26.01AS", - "OPS-26.06B", - "PSS-04.01B" - ], - "NIST-CSF-1.1": [ - "cm_2", - "ra_5", - "sc_4" - ], - "CIS-3.0": [ - "4.4" - ], - "ENS-RD2022": [ - "op.exp.8.aws.ct.5" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "4.4" - ], - "GDPR": [ - "article_25" - ], - "PCI-3.2.1": [ - "8.1", - "8.1.2" - ], - "CIS-5.0": [ - "4.4" - ], - "CIS-1.4": [ - "4.4" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.Core.CN04.AR01" - ], - "ProwlerThreatScore-1.0": [ - "3.3.5" - ], - "CIS-1.5": [ - "4.4" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP04" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "KISA-ISMS-P-2023": [ - "2.10.1", - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1496" - ], - "CIS-2.0": [ - "4.4" - ], - "NIS2": [ - "2.2.3", - "3.2.2", - "3.2.3.b", - "3.2.3.c", - "3.2.3.f", - "3.2.3.g", - "3.5.4", - "7.2.b", - "11.5.2.d" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Ensure a log metric filter and alarm exist for IAM policy changes.", - "title": "Ensure a log metric filter and alarm exist for IAM policy changes.", - "types": [ - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudwatch_log_metric_filter_policy_changes-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudwatch" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudWatchAlarm", - "uid": "arn:aws:logs:us-east-1:211203495394:log-group" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "It is recommended that a metric filter and alarm be established for unauthorized requests.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html" - ] - }, - "risk_details": "Monitoring unauthorized API calls will help reveal application errors and may reduce time to detect malicious activity.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudWatch log groups found with metric filters or alarms associated.", - "metadata": { - "event_code": "cloudwatch_log_metric_filter_root_usage", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudWatch log groups found with metric filters or alarms associated.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Logging and Monitoring", - "compliance": { - "HIPAA": [ - "164_308_a_6_i", - "164_308_a_6_ii" - ], - "C5-2025": [ - "OIS-04.01AC", - "OIS-04.02AC", - "HR-03.02AC", - "AM-01.01AC", - "AM-09.03AC", - "OPS-11.02AC", - "OPS-26.05B", - "OPS-26.01AS", - "OPS-26.06B", - "IAM-03.01B", - "IAM-03.03B", - "IAM-06.04B", - "IAM-06.05B", - "PSS-04.01B" - ], - "NIST-CSF-1.1": [ - "cm_2", - "ra_5", - "sc_4" - ], - "CIS-3.0": [ - "4.3" - ], - "ENS-RD2022": [ - "op.exp.8.aws.ct.5", - "op.exp.8.aws.cw.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "4.3" - ], - "GDPR": [ - "article_25" - ], - "PCI-3.2.1": [ - "7.2", - "7.2.1" - ], - "CIS-5.0": [ - "4.3" - ], - "CIS-1.4": [ - "4.3" - ], - "CCC": [ - "CCC.Core.CN04.AR01" - ], - "ProwlerThreatScore-1.0": [ - "3.3.4" - ], - "CIS-1.5": [ - "4.3" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP04" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "AWS-Account-Security-Onboarding": [ - "Critical alert on every root user activity" - ], - "KISA-ISMS-P-2023": [ - "2.10.1", - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1496" - ], - "CIS-2.0": [ - "4.3" - ], - "NIS2": [ - "2.3.1", - "3.2.1", - "3.2.2", - "3.2.3.c", - "3.2.3.e", - "3.2.3.g", - "3.5.4", - "7.2.b", - "9.2.c.vii" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Ensure a log metric filter and alarm exist for usage of root account.", - "title": "Ensure a log metric filter and alarm exist for usage of root account.", - "types": [ - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudwatch_log_metric_filter_root_usage-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudwatch" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudWatchAlarm", - "uid": "arn:aws:logs:us-east-1:211203495394:log-group" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "It is recommended that a metric filter and alarm be established for unauthorized requests.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html" - ] - }, - "risk_details": "Monitoring unauthorized API calls will help reveal application errors and may reduce time to detect malicious activity.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudWatch log groups found with metric filters or alarms associated.", - "metadata": { - "event_code": "cloudwatch_log_metric_filter_security_group_changes", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudWatch log groups found with metric filters or alarms associated.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Logging and Monitoring", - "compliance": { - "SOC2": [ - "cc_5_2" - ], - "C5-2025": [ - "OIS-04.03B", - "OIS-04.01AC", - "OIS-04.02AC", - "HR-03.02AC", - "AM-01.01AC", - "AM-09.03AC", - "OPS-11.02AC", - "OPS-26.05B", - "OPS-26.01AS", - "OPS-26.06B", - "PSS-04.01B" - ], - "NIST-CSF-1.1": [ - "cm_2", - "ra_5", - "sc_4" - ], - "CIS-3.0": [ - "4.10" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "4.10" - ], - "GDPR": [ - "article_25" - ], - "CIS-5.0": [ - "4.10" - ], - "CIS-1.4": [ - "4.10" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.Core.CN04.AR01" - ], - "ProwlerThreatScore-1.0": [ - "3.3.11" - ], - "CIS-1.5": [ - "4.10" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP04" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "KISA-ISMS-P-2023": [ - "2.10.1", - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1496" - ], - "CIS-2.0": [ - "4.10" - ], - "NIS2": [ - "2.2.3", - "3.2.2", - "3.2.3.b", - "3.2.3.c", - "3.2.3.f", - "3.2.3.g", - "3.5.4", - "11.5.2.d" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Ensure a log metric filter and alarm exist for security group changes.", - "title": "Ensure a log metric filter and alarm exist for security group changes.", - "types": [ - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudwatch_log_metric_filter_security_group_changes-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudwatch" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudWatchAlarm", - "uid": "arn:aws:logs:us-east-1:211203495394:log-group" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "It is recommended that a metric filter and alarm be established for unauthorized requests.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html" - ] - }, - "risk_details": "Monitoring unauthorized API calls will help reveal application errors and may reduce time to detect malicious activity.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudWatch log groups found with metric filters or alarms associated.", - "metadata": { - "event_code": "cloudwatch_log_metric_filter_sign_in_without_mfa", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudWatch log groups found with metric filters or alarms associated.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Logging and Monitoring", - "compliance": { - "C5-2025": [ - "OIS-04.01AC", - "OIS-04.02AC", - "HR-03.02AC", - "AM-01.01AC", - "AM-09.03AC", - "OPS-11.02AC", - "OPS-16.01B", - "OPS-26.05B", - "OPS-26.01AS", - "OPS-26.06B", - "IAM-03.01AC", - "IAM-09.02B", - "IAM-09.01AC", - "PSS-04.01B", - "PSS-05.01B", - "PSS-07.02B" - ], - "NIST-CSF-1.1": [ - "cm_2", - "ra_5", - "sc_4" - ], - "CIS-3.0": [ - "4.2" - ], - "ENS-RD2022": [ - "op.exp.8.aws.ct.5" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "4.2" - ], - "GDPR": [ - "article_25" - ], - "CIS-5.0": [ - "4.2" - ], - "CIS-1.4": [ - "4.2" - ], - "CCC": [ - "CCC.Core.CN04.AR01" - ], - "ProwlerThreatScore-1.0": [ - "3.3.3" - ], - "CIS-1.5": [ - "4.2" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP04" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "KISA-ISMS-P-2023": [ - "2.10.1", - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1496" - ], - "CIS-2.0": [ - "4.2" - ], - "NIS2": [ - "3.2.3.c", - "3.2.3.d", - "3.2.3.g", - "3.5.4", - "9.2.c.vii", - "11.7.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Ensure a log metric filter and alarm exist for Management Console sign-in without MFA.", - "title": "Ensure a log metric filter and alarm exist for Management Console sign-in without MFA.", - "types": [ - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudwatch_log_metric_filter_sign_in_without_mfa-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudwatch" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudWatchAlarm", - "uid": "arn:aws:logs:us-east-1:211203495394:log-group" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "It is recommended that a metric filter and alarm be established for unauthorized requests.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html" - ] - }, - "risk_details": "Monitoring unauthorized API calls will help reveal application errors and may reduce time to detect malicious activity.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudWatch log groups found with metric filters or alarms associated.", - "metadata": { - "event_code": "cloudwatch_log_metric_filter_unauthorized_api_calls", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudWatch log groups found with metric filters or alarms associated.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Logging and Monitoring", - "compliance": { - "C5-2025": [ - "OIS-04.01AC", - "OIS-04.02AC", - "HR-03.02AC", - "AM-01.01AC", - "AM-09.03AC", - "OPS-11.02AC", - "OPS-26.05B", - "OPS-26.01AS", - "OPS-26.06B", - "IAM-06.05B", - "PSS-04.01B" - ], - "NIST-CSF-1.1": [ - "cm_2", - "ra_5", - "sc_4" - ], - "CIS-3.0": [ - "4.1" - ], - "ENS-RD2022": [ - "op.exp.8.aws.ct.5" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "4.1" - ], - "GDPR": [ - "article_25" - ], - "CIS-5.0": [ - "4.1" - ], - "CIS-1.4": [ - "4.1" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.Core.CN04.AR01" - ], - "ProwlerThreatScore-1.0": [ - "3.3.2" - ], - "CIS-1.5": [ - "4.1" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP04" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "KISA-ISMS-P-2023": [ - "2.10.1", - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1496" - ], - "CIS-2.0": [ - "4.1" - ], - "NIS2": [ - "3.2.3.c", - "3.2.3.g", - "3.2.4", - "3.4.2.c", - "3.5.4" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Ensure a log metric filter and alarm exist for unauthorized API calls.", - "title": "Ensure a log metric filter and alarm exist for unauthorized API calls.", - "types": [ - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudwatch_log_metric_filter_unauthorized_api_calls-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudwatch" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudWatchAlarm", - "uid": "arn:aws:logs:us-east-1:211203495394:log-group" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "It is recommended that a metric filter and alarm be established for unauthorized requests.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html" - ] - }, - "risk_details": "Monitoring unauthorized API calls will help reveal application errors and may reduce time to detect malicious activity.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "AWS Config recorder 211203495394 is disabled.", - "metadata": { - "event_code": "config_recorder_all_regions_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "AWS Config recorder 211203495394 is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "logging", - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://repost.aws/es/questions/QUGcgeerhcTamRkwgdwh_tLQ/enable-aws-config", - "https://www.tenable.com/audits/items/CIS_Amazon_Web_Services_Foundations_v1.5.0_L2.audit:6a5136528bd329139e5969f8f1e5ffbc", - "https://aws.amazon.com/blogs/mt/aws-config-best-practices/" - ], - "notes": "", - "compliance": { - "HIPAA": [ - "164_308_a_1_ii_a" - ], - "SOC2": [ - "cc_2_1", - "cc_3_1", - "cc_3_4", - "cc_8_1" - ], - "C5-2025": [ - "OIS-05.01B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "DEV-08.02B" - ], - "NIST-CSF-1.1": [ - "cm_2", - "am_1", - "ra_5", - "sc_4", - "ip_12" - ], - "CIS-3.0": [ - "3.3" - ], - "ENS-RD2022": [ - "op.exp.1.aws.cfg.1", - "op.exp.1.aws.cfg.2", - "op.exp.3.aws.cfg.1", - "op.exp.3.r3.aws.cfg.1", - "op.mon.3.r2.aws.cfg.1", - "op.mon.3.r6.aws.cfg.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "3.3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "2.4", - "2.4.a", - "10.5", - "10.5.2", - "11.5", - "11.5.a", - "11.5.b" - ], - "CIS-5.0": [ - "3.3" - ], - "CIS-1.4": [ - "3.5" - ], - "GxP-EU-Annex-11": [ - "10-change-and-configuration-management", - "4.5-validation-development-quality", - "4.6-validation-quality-performance" - ], - "ProwlerThreatScore-1.0": [ - "3.3.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "Config.1" - ], - "CIS-1.5": [ - "3.5" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.22" - ], - "AWS-Account-Security-Onboarding": [ - "Enable continuous recording for most of the resources", - "Confirm that records are present in central aggregator" - ], - "KISA-ISMS-P-2023": [ - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1190", - "T1078", - "T1204", - "T1098", - "T1136", - "T1525", - "T1562", - "T1110", - "T1040", - "T1119", - "T1530", - "T1485", - "T1486", - "T1491", - "T1499", - "T1496", - "T1498" - ], - "CIS-2.0": [ - "3.5" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "**AWS accounts** have **AWS Config recorders** active and healthy in each Region. It identifies Regions with no recorder, a disabled recorder, or a recorder in a failure state.", - "title": "AWS Config recorder is enabled and not in failure state or disabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-config_recorder_all_regions_enabled-211203495394-ap-northeast-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-northeast-1", - "data": { - "details": "", - "metadata": { - "name": "211203495394", - "role_arn": "", - "recording": null, - "last_status": null, - "region": "ap-northeast-1" - } - }, - "group": { - "name": "config" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:config:ap-northeast-1:211203495394:recorder" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-northeast-1" - }, - "remediation": { - "desc": "Enable **AWS Config** in every Region with continuous recording and maintain healthy recorder status.", - "references": [ - "https://hub.prowler.com/check/config_recorder_all_regions_enabled" - ] - }, - "risk_details": "**Gaps in Config recording** create **blind spots**. Changes in unmonitored Regions aren't captured, weakening **integrity** and **auditability**. Adversaries can alter resources or stage assets unnoticed, enabling misconfigurations and delaying **incident response**.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "AWS Config recorder 211203495394 is disabled.", - "metadata": { - "event_code": "config_recorder_all_regions_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "AWS Config recorder 211203495394 is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "logging", - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://repost.aws/es/questions/QUGcgeerhcTamRkwgdwh_tLQ/enable-aws-config", - "https://www.tenable.com/audits/items/CIS_Amazon_Web_Services_Foundations_v1.5.0_L2.audit:6a5136528bd329139e5969f8f1e5ffbc", - "https://aws.amazon.com/blogs/mt/aws-config-best-practices/" - ], - "notes": "", - "compliance": { - "HIPAA": [ - "164_308_a_1_ii_a" - ], - "SOC2": [ - "cc_2_1", - "cc_3_1", - "cc_3_4", - "cc_8_1" - ], - "C5-2025": [ - "OIS-05.01B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "DEV-08.02B" - ], - "NIST-CSF-1.1": [ - "cm_2", - "am_1", - "ra_5", - "sc_4", - "ip_12" - ], - "CIS-3.0": [ - "3.3" - ], - "ENS-RD2022": [ - "op.exp.1.aws.cfg.1", - "op.exp.1.aws.cfg.2", - "op.exp.3.aws.cfg.1", - "op.exp.3.r3.aws.cfg.1", - "op.mon.3.r2.aws.cfg.1", - "op.mon.3.r6.aws.cfg.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "3.3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "2.4", - "2.4.a", - "10.5", - "10.5.2", - "11.5", - "11.5.a", - "11.5.b" - ], - "CIS-5.0": [ - "3.3" - ], - "CIS-1.4": [ - "3.5" - ], - "GxP-EU-Annex-11": [ - "10-change-and-configuration-management", - "4.5-validation-development-quality", - "4.6-validation-quality-performance" - ], - "ProwlerThreatScore-1.0": [ - "3.3.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "Config.1" - ], - "CIS-1.5": [ - "3.5" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.22" - ], - "AWS-Account-Security-Onboarding": [ - "Enable continuous recording for most of the resources", - "Confirm that records are present in central aggregator" - ], - "KISA-ISMS-P-2023": [ - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1190", - "T1078", - "T1204", - "T1098", - "T1136", - "T1525", - "T1562", - "T1110", - "T1040", - "T1119", - "T1530", - "T1485", - "T1486", - "T1491", - "T1499", - "T1496", - "T1498" - ], - "CIS-2.0": [ - "3.5" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "**AWS accounts** have **AWS Config recorders** active and healthy in each Region. It identifies Regions with no recorder, a disabled recorder, or a recorder in a failure state.", - "title": "AWS Config recorder is enabled and not in failure state or disabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-config_recorder_all_regions_enabled-211203495394-ap-northeast-2-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-northeast-2", - "data": { - "details": "", - "metadata": { - "name": "211203495394", - "role_arn": "", - "recording": null, - "last_status": null, - "region": "ap-northeast-2" - } - }, - "group": { - "name": "config" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:config:ap-northeast-2:211203495394:recorder" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-northeast-2" - }, - "remediation": { - "desc": "Enable **AWS Config** in every Region with continuous recording and maintain healthy recorder status.", - "references": [ - "https://hub.prowler.com/check/config_recorder_all_regions_enabled" - ] - }, - "risk_details": "**Gaps in Config recording** create **blind spots**. Changes in unmonitored Regions aren't captured, weakening **integrity** and **auditability**. Adversaries can alter resources or stage assets unnoticed, enabling misconfigurations and delaying **incident response**.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "AWS Config recorder 211203495394 is disabled.", - "metadata": { - "event_code": "config_recorder_all_regions_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "AWS Config recorder 211203495394 is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "logging", - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://repost.aws/es/questions/QUGcgeerhcTamRkwgdwh_tLQ/enable-aws-config", - "https://www.tenable.com/audits/items/CIS_Amazon_Web_Services_Foundations_v1.5.0_L2.audit:6a5136528bd329139e5969f8f1e5ffbc", - "https://aws.amazon.com/blogs/mt/aws-config-best-practices/" - ], - "notes": "", - "compliance": { - "HIPAA": [ - "164_308_a_1_ii_a" - ], - "SOC2": [ - "cc_2_1", - "cc_3_1", - "cc_3_4", - "cc_8_1" - ], - "C5-2025": [ - "OIS-05.01B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "DEV-08.02B" - ], - "NIST-CSF-1.1": [ - "cm_2", - "am_1", - "ra_5", - "sc_4", - "ip_12" - ], - "CIS-3.0": [ - "3.3" - ], - "ENS-RD2022": [ - "op.exp.1.aws.cfg.1", - "op.exp.1.aws.cfg.2", - "op.exp.3.aws.cfg.1", - "op.exp.3.r3.aws.cfg.1", - "op.mon.3.r2.aws.cfg.1", - "op.mon.3.r6.aws.cfg.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "3.3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "2.4", - "2.4.a", - "10.5", - "10.5.2", - "11.5", - "11.5.a", - "11.5.b" - ], - "CIS-5.0": [ - "3.3" - ], - "CIS-1.4": [ - "3.5" - ], - "GxP-EU-Annex-11": [ - "10-change-and-configuration-management", - "4.5-validation-development-quality", - "4.6-validation-quality-performance" - ], - "ProwlerThreatScore-1.0": [ - "3.3.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "Config.1" - ], - "CIS-1.5": [ - "3.5" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.22" - ], - "AWS-Account-Security-Onboarding": [ - "Enable continuous recording for most of the resources", - "Confirm that records are present in central aggregator" - ], - "KISA-ISMS-P-2023": [ - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1190", - "T1078", - "T1204", - "T1098", - "T1136", - "T1525", - "T1562", - "T1110", - "T1040", - "T1119", - "T1530", - "T1485", - "T1486", - "T1491", - "T1499", - "T1496", - "T1498" - ], - "CIS-2.0": [ - "3.5" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "**AWS accounts** have **AWS Config recorders** active and healthy in each Region. It identifies Regions with no recorder, a disabled recorder, or a recorder in a failure state.", - "title": "AWS Config recorder is enabled and not in failure state or disabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-config_recorder_all_regions_enabled-211203495394-ap-northeast-3-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-northeast-3", - "data": { - "details": "", - "metadata": { - "name": "211203495394", - "role_arn": "", - "recording": null, - "last_status": null, - "region": "ap-northeast-3" - } - }, - "group": { - "name": "config" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:config:ap-northeast-3:211203495394:recorder" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-northeast-3" - }, - "remediation": { - "desc": "Enable **AWS Config** in every Region with continuous recording and maintain healthy recorder status.", - "references": [ - "https://hub.prowler.com/check/config_recorder_all_regions_enabled" - ] - }, - "risk_details": "**Gaps in Config recording** create **blind spots**. Changes in unmonitored Regions aren't captured, weakening **integrity** and **auditability**. Adversaries can alter resources or stage assets unnoticed, enabling misconfigurations and delaying **incident response**.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "AWS Config recorder 211203495394 is disabled.", - "metadata": { - "event_code": "config_recorder_all_regions_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "AWS Config recorder 211203495394 is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "logging", - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://repost.aws/es/questions/QUGcgeerhcTamRkwgdwh_tLQ/enable-aws-config", - "https://www.tenable.com/audits/items/CIS_Amazon_Web_Services_Foundations_v1.5.0_L2.audit:6a5136528bd329139e5969f8f1e5ffbc", - "https://aws.amazon.com/blogs/mt/aws-config-best-practices/" - ], - "notes": "", - "compliance": { - "HIPAA": [ - "164_308_a_1_ii_a" - ], - "SOC2": [ - "cc_2_1", - "cc_3_1", - "cc_3_4", - "cc_8_1" - ], - "C5-2025": [ - "OIS-05.01B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "DEV-08.02B" - ], - "NIST-CSF-1.1": [ - "cm_2", - "am_1", - "ra_5", - "sc_4", - "ip_12" - ], - "CIS-3.0": [ - "3.3" - ], - "ENS-RD2022": [ - "op.exp.1.aws.cfg.1", - "op.exp.1.aws.cfg.2", - "op.exp.3.aws.cfg.1", - "op.exp.3.r3.aws.cfg.1", - "op.mon.3.r2.aws.cfg.1", - "op.mon.3.r6.aws.cfg.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "3.3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "2.4", - "2.4.a", - "10.5", - "10.5.2", - "11.5", - "11.5.a", - "11.5.b" - ], - "CIS-5.0": [ - "3.3" - ], - "CIS-1.4": [ - "3.5" - ], - "GxP-EU-Annex-11": [ - "10-change-and-configuration-management", - "4.5-validation-development-quality", - "4.6-validation-quality-performance" - ], - "ProwlerThreatScore-1.0": [ - "3.3.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "Config.1" - ], - "CIS-1.5": [ - "3.5" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.22" - ], - "AWS-Account-Security-Onboarding": [ - "Enable continuous recording for most of the resources", - "Confirm that records are present in central aggregator" - ], - "KISA-ISMS-P-2023": [ - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1190", - "T1078", - "T1204", - "T1098", - "T1136", - "T1525", - "T1562", - "T1110", - "T1040", - "T1119", - "T1530", - "T1485", - "T1486", - "T1491", - "T1499", - "T1496", - "T1498" - ], - "CIS-2.0": [ - "3.5" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "**AWS accounts** have **AWS Config recorders** active and healthy in each Region. It identifies Regions with no recorder, a disabled recorder, or a recorder in a failure state.", - "title": "AWS Config recorder is enabled and not in failure state or disabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-config_recorder_all_regions_enabled-211203495394-ap-south-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-south-1", - "data": { - "details": "", - "metadata": { - "name": "211203495394", - "role_arn": "", - "recording": null, - "last_status": null, - "region": "ap-south-1" - } - }, - "group": { - "name": "config" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:config:ap-south-1:211203495394:recorder" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-south-1" - }, - "remediation": { - "desc": "Enable **AWS Config** in every Region with continuous recording and maintain healthy recorder status.", - "references": [ - "https://hub.prowler.com/check/config_recorder_all_regions_enabled" - ] - }, - "risk_details": "**Gaps in Config recording** create **blind spots**. Changes in unmonitored Regions aren't captured, weakening **integrity** and **auditability**. Adversaries can alter resources or stage assets unnoticed, enabling misconfigurations and delaying **incident response**.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "AWS Config recorder 211203495394 is disabled.", - "metadata": { - "event_code": "config_recorder_all_regions_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "AWS Config recorder 211203495394 is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "logging", - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://repost.aws/es/questions/QUGcgeerhcTamRkwgdwh_tLQ/enable-aws-config", - "https://www.tenable.com/audits/items/CIS_Amazon_Web_Services_Foundations_v1.5.0_L2.audit:6a5136528bd329139e5969f8f1e5ffbc", - "https://aws.amazon.com/blogs/mt/aws-config-best-practices/" - ], - "notes": "", - "compliance": { - "HIPAA": [ - "164_308_a_1_ii_a" - ], - "SOC2": [ - "cc_2_1", - "cc_3_1", - "cc_3_4", - "cc_8_1" - ], - "C5-2025": [ - "OIS-05.01B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "DEV-08.02B" - ], - "NIST-CSF-1.1": [ - "cm_2", - "am_1", - "ra_5", - "sc_4", - "ip_12" - ], - "CIS-3.0": [ - "3.3" - ], - "ENS-RD2022": [ - "op.exp.1.aws.cfg.1", - "op.exp.1.aws.cfg.2", - "op.exp.3.aws.cfg.1", - "op.exp.3.r3.aws.cfg.1", - "op.mon.3.r2.aws.cfg.1", - "op.mon.3.r6.aws.cfg.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "3.3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "2.4", - "2.4.a", - "10.5", - "10.5.2", - "11.5", - "11.5.a", - "11.5.b" - ], - "CIS-5.0": [ - "3.3" - ], - "CIS-1.4": [ - "3.5" - ], - "GxP-EU-Annex-11": [ - "10-change-and-configuration-management", - "4.5-validation-development-quality", - "4.6-validation-quality-performance" - ], - "ProwlerThreatScore-1.0": [ - "3.3.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "Config.1" - ], - "CIS-1.5": [ - "3.5" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.22" - ], - "AWS-Account-Security-Onboarding": [ - "Enable continuous recording for most of the resources", - "Confirm that records are present in central aggregator" - ], - "KISA-ISMS-P-2023": [ - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1190", - "T1078", - "T1204", - "T1098", - "T1136", - "T1525", - "T1562", - "T1110", - "T1040", - "T1119", - "T1530", - "T1485", - "T1486", - "T1491", - "T1499", - "T1496", - "T1498" - ], - "CIS-2.0": [ - "3.5" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "**AWS accounts** have **AWS Config recorders** active and healthy in each Region. It identifies Regions with no recorder, a disabled recorder, or a recorder in a failure state.", - "title": "AWS Config recorder is enabled and not in failure state or disabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-config_recorder_all_regions_enabled-211203495394-ap-southeast-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-southeast-1", - "data": { - "details": "", - "metadata": { - "name": "211203495394", - "role_arn": "", - "recording": null, - "last_status": null, - "region": "ap-southeast-1" - } - }, - "group": { - "name": "config" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:config:ap-southeast-1:211203495394:recorder" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-southeast-1" - }, - "remediation": { - "desc": "Enable **AWS Config** in every Region with continuous recording and maintain healthy recorder status.", - "references": [ - "https://hub.prowler.com/check/config_recorder_all_regions_enabled" - ] - }, - "risk_details": "**Gaps in Config recording** create **blind spots**. Changes in unmonitored Regions aren't captured, weakening **integrity** and **auditability**. Adversaries can alter resources or stage assets unnoticed, enabling misconfigurations and delaying **incident response**.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "AWS Config recorder 211203495394 is disabled.", - "metadata": { - "event_code": "config_recorder_all_regions_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "AWS Config recorder 211203495394 is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "logging", - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://repost.aws/es/questions/QUGcgeerhcTamRkwgdwh_tLQ/enable-aws-config", - "https://www.tenable.com/audits/items/CIS_Amazon_Web_Services_Foundations_v1.5.0_L2.audit:6a5136528bd329139e5969f8f1e5ffbc", - "https://aws.amazon.com/blogs/mt/aws-config-best-practices/" - ], - "notes": "", - "compliance": { - "HIPAA": [ - "164_308_a_1_ii_a" - ], - "SOC2": [ - "cc_2_1", - "cc_3_1", - "cc_3_4", - "cc_8_1" - ], - "C5-2025": [ - "OIS-05.01B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "DEV-08.02B" - ], - "NIST-CSF-1.1": [ - "cm_2", - "am_1", - "ra_5", - "sc_4", - "ip_12" - ], - "CIS-3.0": [ - "3.3" - ], - "ENS-RD2022": [ - "op.exp.1.aws.cfg.1", - "op.exp.1.aws.cfg.2", - "op.exp.3.aws.cfg.1", - "op.exp.3.r3.aws.cfg.1", - "op.mon.3.r2.aws.cfg.1", - "op.mon.3.r6.aws.cfg.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "3.3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "2.4", - "2.4.a", - "10.5", - "10.5.2", - "11.5", - "11.5.a", - "11.5.b" - ], - "CIS-5.0": [ - "3.3" - ], - "CIS-1.4": [ - "3.5" - ], - "GxP-EU-Annex-11": [ - "10-change-and-configuration-management", - "4.5-validation-development-quality", - "4.6-validation-quality-performance" - ], - "ProwlerThreatScore-1.0": [ - "3.3.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "Config.1" - ], - "CIS-1.5": [ - "3.5" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.22" - ], - "AWS-Account-Security-Onboarding": [ - "Enable continuous recording for most of the resources", - "Confirm that records are present in central aggregator" - ], - "KISA-ISMS-P-2023": [ - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1190", - "T1078", - "T1204", - "T1098", - "T1136", - "T1525", - "T1562", - "T1110", - "T1040", - "T1119", - "T1530", - "T1485", - "T1486", - "T1491", - "T1499", - "T1496", - "T1498" - ], - "CIS-2.0": [ - "3.5" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "**AWS accounts** have **AWS Config recorders** active and healthy in each Region. It identifies Regions with no recorder, a disabled recorder, or a recorder in a failure state.", - "title": "AWS Config recorder is enabled and not in failure state or disabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-config_recorder_all_regions_enabled-211203495394-ap-southeast-2-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-southeast-2", - "data": { - "details": "", - "metadata": { - "name": "211203495394", - "role_arn": "", - "recording": null, - "last_status": null, - "region": "ap-southeast-2" - } - }, - "group": { - "name": "config" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:config:ap-southeast-2:211203495394:recorder" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-southeast-2" - }, - "remediation": { - "desc": "Enable **AWS Config** in every Region with continuous recording and maintain healthy recorder status.", - "references": [ - "https://hub.prowler.com/check/config_recorder_all_regions_enabled" - ] - }, - "risk_details": "**Gaps in Config recording** create **blind spots**. Changes in unmonitored Regions aren't captured, weakening **integrity** and **auditability**. Adversaries can alter resources or stage assets unnoticed, enabling misconfigurations and delaying **incident response**.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "AWS Config recorder 211203495394 is disabled.", - "metadata": { - "event_code": "config_recorder_all_regions_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "AWS Config recorder 211203495394 is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "logging", - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://repost.aws/es/questions/QUGcgeerhcTamRkwgdwh_tLQ/enable-aws-config", - "https://www.tenable.com/audits/items/CIS_Amazon_Web_Services_Foundations_v1.5.0_L2.audit:6a5136528bd329139e5969f8f1e5ffbc", - "https://aws.amazon.com/blogs/mt/aws-config-best-practices/" - ], - "notes": "", - "compliance": { - "HIPAA": [ - "164_308_a_1_ii_a" - ], - "SOC2": [ - "cc_2_1", - "cc_3_1", - "cc_3_4", - "cc_8_1" - ], - "C5-2025": [ - "OIS-05.01B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "DEV-08.02B" - ], - "NIST-CSF-1.1": [ - "cm_2", - "am_1", - "ra_5", - "sc_4", - "ip_12" - ], - "CIS-3.0": [ - "3.3" - ], - "ENS-RD2022": [ - "op.exp.1.aws.cfg.1", - "op.exp.1.aws.cfg.2", - "op.exp.3.aws.cfg.1", - "op.exp.3.r3.aws.cfg.1", - "op.mon.3.r2.aws.cfg.1", - "op.mon.3.r6.aws.cfg.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "3.3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "2.4", - "2.4.a", - "10.5", - "10.5.2", - "11.5", - "11.5.a", - "11.5.b" - ], - "CIS-5.0": [ - "3.3" - ], - "CIS-1.4": [ - "3.5" - ], - "GxP-EU-Annex-11": [ - "10-change-and-configuration-management", - "4.5-validation-development-quality", - "4.6-validation-quality-performance" - ], - "ProwlerThreatScore-1.0": [ - "3.3.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "Config.1" - ], - "CIS-1.5": [ - "3.5" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.22" - ], - "AWS-Account-Security-Onboarding": [ - "Enable continuous recording for most of the resources", - "Confirm that records are present in central aggregator" - ], - "KISA-ISMS-P-2023": [ - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1190", - "T1078", - "T1204", - "T1098", - "T1136", - "T1525", - "T1562", - "T1110", - "T1040", - "T1119", - "T1530", - "T1485", - "T1486", - "T1491", - "T1499", - "T1496", - "T1498" - ], - "CIS-2.0": [ - "3.5" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "**AWS accounts** have **AWS Config recorders** active and healthy in each Region. It identifies Regions with no recorder, a disabled recorder, or a recorder in a failure state.", - "title": "AWS Config recorder is enabled and not in failure state or disabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-config_recorder_all_regions_enabled-211203495394-ca-central-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ca-central-1", - "data": { - "details": "", - "metadata": { - "name": "211203495394", - "role_arn": "", - "recording": null, - "last_status": null, - "region": "ca-central-1" - } - }, - "group": { - "name": "config" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:config:ca-central-1:211203495394:recorder" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ca-central-1" - }, - "remediation": { - "desc": "Enable **AWS Config** in every Region with continuous recording and maintain healthy recorder status.", - "references": [ - "https://hub.prowler.com/check/config_recorder_all_regions_enabled" - ] - }, - "risk_details": "**Gaps in Config recording** create **blind spots**. Changes in unmonitored Regions aren't captured, weakening **integrity** and **auditability**. Adversaries can alter resources or stage assets unnoticed, enabling misconfigurations and delaying **incident response**.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "AWS Config recorder 211203495394 is disabled.", - "metadata": { - "event_code": "config_recorder_all_regions_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "AWS Config recorder 211203495394 is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "logging", - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://repost.aws/es/questions/QUGcgeerhcTamRkwgdwh_tLQ/enable-aws-config", - "https://www.tenable.com/audits/items/CIS_Amazon_Web_Services_Foundations_v1.5.0_L2.audit:6a5136528bd329139e5969f8f1e5ffbc", - "https://aws.amazon.com/blogs/mt/aws-config-best-practices/" - ], - "notes": "", - "compliance": { - "HIPAA": [ - "164_308_a_1_ii_a" - ], - "SOC2": [ - "cc_2_1", - "cc_3_1", - "cc_3_4", - "cc_8_1" - ], - "C5-2025": [ - "OIS-05.01B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "DEV-08.02B" - ], - "NIST-CSF-1.1": [ - "cm_2", - "am_1", - "ra_5", - "sc_4", - "ip_12" - ], - "CIS-3.0": [ - "3.3" - ], - "ENS-RD2022": [ - "op.exp.1.aws.cfg.1", - "op.exp.1.aws.cfg.2", - "op.exp.3.aws.cfg.1", - "op.exp.3.r3.aws.cfg.1", - "op.mon.3.r2.aws.cfg.1", - "op.mon.3.r6.aws.cfg.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "3.3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "2.4", - "2.4.a", - "10.5", - "10.5.2", - "11.5", - "11.5.a", - "11.5.b" - ], - "CIS-5.0": [ - "3.3" - ], - "CIS-1.4": [ - "3.5" - ], - "GxP-EU-Annex-11": [ - "10-change-and-configuration-management", - "4.5-validation-development-quality", - "4.6-validation-quality-performance" - ], - "ProwlerThreatScore-1.0": [ - "3.3.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "Config.1" - ], - "CIS-1.5": [ - "3.5" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.22" - ], - "AWS-Account-Security-Onboarding": [ - "Enable continuous recording for most of the resources", - "Confirm that records are present in central aggregator" - ], - "KISA-ISMS-P-2023": [ - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1190", - "T1078", - "T1204", - "T1098", - "T1136", - "T1525", - "T1562", - "T1110", - "T1040", - "T1119", - "T1530", - "T1485", - "T1486", - "T1491", - "T1499", - "T1496", - "T1498" - ], - "CIS-2.0": [ - "3.5" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "**AWS accounts** have **AWS Config recorders** active and healthy in each Region. It identifies Regions with no recorder, a disabled recorder, or a recorder in a failure state.", - "title": "AWS Config recorder is enabled and not in failure state or disabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-config_recorder_all_regions_enabled-211203495394-eu-central-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-central-1", - "data": { - "details": "", - "metadata": { - "name": "211203495394", - "role_arn": "", - "recording": null, - "last_status": null, - "region": "eu-central-1" - } - }, - "group": { - "name": "config" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:config:eu-central-1:211203495394:recorder" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-central-1" - }, - "remediation": { - "desc": "Enable **AWS Config** in every Region with continuous recording and maintain healthy recorder status.", - "references": [ - "https://hub.prowler.com/check/config_recorder_all_regions_enabled" - ] - }, - "risk_details": "**Gaps in Config recording** create **blind spots**. Changes in unmonitored Regions aren't captured, weakening **integrity** and **auditability**. Adversaries can alter resources or stage assets unnoticed, enabling misconfigurations and delaying **incident response**.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "AWS Config recorder 211203495394 is disabled.", - "metadata": { - "event_code": "config_recorder_all_regions_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "AWS Config recorder 211203495394 is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "logging", - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://repost.aws/es/questions/QUGcgeerhcTamRkwgdwh_tLQ/enable-aws-config", - "https://www.tenable.com/audits/items/CIS_Amazon_Web_Services_Foundations_v1.5.0_L2.audit:6a5136528bd329139e5969f8f1e5ffbc", - "https://aws.amazon.com/blogs/mt/aws-config-best-practices/" - ], - "notes": "", - "compliance": { - "HIPAA": [ - "164_308_a_1_ii_a" - ], - "SOC2": [ - "cc_2_1", - "cc_3_1", - "cc_3_4", - "cc_8_1" - ], - "C5-2025": [ - "OIS-05.01B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "DEV-08.02B" - ], - "NIST-CSF-1.1": [ - "cm_2", - "am_1", - "ra_5", - "sc_4", - "ip_12" - ], - "CIS-3.0": [ - "3.3" - ], - "ENS-RD2022": [ - "op.exp.1.aws.cfg.1", - "op.exp.1.aws.cfg.2", - "op.exp.3.aws.cfg.1", - "op.exp.3.r3.aws.cfg.1", - "op.mon.3.r2.aws.cfg.1", - "op.mon.3.r6.aws.cfg.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "3.3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "2.4", - "2.4.a", - "10.5", - "10.5.2", - "11.5", - "11.5.a", - "11.5.b" - ], - "CIS-5.0": [ - "3.3" - ], - "CIS-1.4": [ - "3.5" - ], - "GxP-EU-Annex-11": [ - "10-change-and-configuration-management", - "4.5-validation-development-quality", - "4.6-validation-quality-performance" - ], - "ProwlerThreatScore-1.0": [ - "3.3.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "Config.1" - ], - "CIS-1.5": [ - "3.5" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.22" - ], - "AWS-Account-Security-Onboarding": [ - "Enable continuous recording for most of the resources", - "Confirm that records are present in central aggregator" - ], - "KISA-ISMS-P-2023": [ - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1190", - "T1078", - "T1204", - "T1098", - "T1136", - "T1525", - "T1562", - "T1110", - "T1040", - "T1119", - "T1530", - "T1485", - "T1486", - "T1491", - "T1499", - "T1496", - "T1498" - ], - "CIS-2.0": [ - "3.5" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "**AWS accounts** have **AWS Config recorders** active and healthy in each Region. It identifies Regions with no recorder, a disabled recorder, or a recorder in a failure state.", - "title": "AWS Config recorder is enabled and not in failure state or disabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-config_recorder_all_regions_enabled-211203495394-eu-north-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-north-1", - "data": { - "details": "", - "metadata": { - "name": "211203495394", - "role_arn": "", - "recording": null, - "last_status": null, - "region": "eu-north-1" - } - }, - "group": { - "name": "config" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:config:eu-north-1:211203495394:recorder" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-north-1" - }, - "remediation": { - "desc": "Enable **AWS Config** in every Region with continuous recording and maintain healthy recorder status.", - "references": [ - "https://hub.prowler.com/check/config_recorder_all_regions_enabled" - ] - }, - "risk_details": "**Gaps in Config recording** create **blind spots**. Changes in unmonitored Regions aren't captured, weakening **integrity** and **auditability**. Adversaries can alter resources or stage assets unnoticed, enabling misconfigurations and delaying **incident response**.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "AWS Config recorder 211203495394 is disabled.", - "metadata": { - "event_code": "config_recorder_all_regions_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "AWS Config recorder 211203495394 is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "logging", - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://repost.aws/es/questions/QUGcgeerhcTamRkwgdwh_tLQ/enable-aws-config", - "https://www.tenable.com/audits/items/CIS_Amazon_Web_Services_Foundations_v1.5.0_L2.audit:6a5136528bd329139e5969f8f1e5ffbc", - "https://aws.amazon.com/blogs/mt/aws-config-best-practices/" - ], - "notes": "", - "compliance": { - "HIPAA": [ - "164_308_a_1_ii_a" - ], - "SOC2": [ - "cc_2_1", - "cc_3_1", - "cc_3_4", - "cc_8_1" - ], - "C5-2025": [ - "OIS-05.01B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "DEV-08.02B" - ], - "NIST-CSF-1.1": [ - "cm_2", - "am_1", - "ra_5", - "sc_4", - "ip_12" - ], - "CIS-3.0": [ - "3.3" - ], - "ENS-RD2022": [ - "op.exp.1.aws.cfg.1", - "op.exp.1.aws.cfg.2", - "op.exp.3.aws.cfg.1", - "op.exp.3.r3.aws.cfg.1", - "op.mon.3.r2.aws.cfg.1", - "op.mon.3.r6.aws.cfg.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "3.3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "2.4", - "2.4.a", - "10.5", - "10.5.2", - "11.5", - "11.5.a", - "11.5.b" - ], - "CIS-5.0": [ - "3.3" - ], - "CIS-1.4": [ - "3.5" - ], - "GxP-EU-Annex-11": [ - "10-change-and-configuration-management", - "4.5-validation-development-quality", - "4.6-validation-quality-performance" - ], - "ProwlerThreatScore-1.0": [ - "3.3.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "Config.1" - ], - "CIS-1.5": [ - "3.5" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.22" - ], - "AWS-Account-Security-Onboarding": [ - "Enable continuous recording for most of the resources", - "Confirm that records are present in central aggregator" - ], - "KISA-ISMS-P-2023": [ - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1190", - "T1078", - "T1204", - "T1098", - "T1136", - "T1525", - "T1562", - "T1110", - "T1040", - "T1119", - "T1530", - "T1485", - "T1486", - "T1491", - "T1499", - "T1496", - "T1498" - ], - "CIS-2.0": [ - "3.5" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "**AWS accounts** have **AWS Config recorders** active and healthy in each Region. It identifies Regions with no recorder, a disabled recorder, or a recorder in a failure state.", - "title": "AWS Config recorder is enabled and not in failure state or disabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-config_recorder_all_regions_enabled-211203495394-eu-west-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "name": "211203495394", - "role_arn": "", - "recording": null, - "last_status": null, - "region": "eu-west-1" - } - }, - "group": { - "name": "config" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:config:eu-west-1:211203495394:recorder" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Enable **AWS Config** in every Region with continuous recording and maintain healthy recorder status.", - "references": [ - "https://hub.prowler.com/check/config_recorder_all_regions_enabled" - ] - }, - "risk_details": "**Gaps in Config recording** create **blind spots**. Changes in unmonitored Regions aren't captured, weakening **integrity** and **auditability**. Adversaries can alter resources or stage assets unnoticed, enabling misconfigurations and delaying **incident response**.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "AWS Config recorder 211203495394 is disabled.", - "metadata": { - "event_code": "config_recorder_all_regions_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "AWS Config recorder 211203495394 is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "logging", - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://repost.aws/es/questions/QUGcgeerhcTamRkwgdwh_tLQ/enable-aws-config", - "https://www.tenable.com/audits/items/CIS_Amazon_Web_Services_Foundations_v1.5.0_L2.audit:6a5136528bd329139e5969f8f1e5ffbc", - "https://aws.amazon.com/blogs/mt/aws-config-best-practices/" - ], - "notes": "", - "compliance": { - "HIPAA": [ - "164_308_a_1_ii_a" - ], - "SOC2": [ - "cc_2_1", - "cc_3_1", - "cc_3_4", - "cc_8_1" - ], - "C5-2025": [ - "OIS-05.01B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "DEV-08.02B" - ], - "NIST-CSF-1.1": [ - "cm_2", - "am_1", - "ra_5", - "sc_4", - "ip_12" - ], - "CIS-3.0": [ - "3.3" - ], - "ENS-RD2022": [ - "op.exp.1.aws.cfg.1", - "op.exp.1.aws.cfg.2", - "op.exp.3.aws.cfg.1", - "op.exp.3.r3.aws.cfg.1", - "op.mon.3.r2.aws.cfg.1", - "op.mon.3.r6.aws.cfg.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "3.3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "2.4", - "2.4.a", - "10.5", - "10.5.2", - "11.5", - "11.5.a", - "11.5.b" - ], - "CIS-5.0": [ - "3.3" - ], - "CIS-1.4": [ - "3.5" - ], - "GxP-EU-Annex-11": [ - "10-change-and-configuration-management", - "4.5-validation-development-quality", - "4.6-validation-quality-performance" - ], - "ProwlerThreatScore-1.0": [ - "3.3.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "Config.1" - ], - "CIS-1.5": [ - "3.5" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.22" - ], - "AWS-Account-Security-Onboarding": [ - "Enable continuous recording for most of the resources", - "Confirm that records are present in central aggregator" - ], - "KISA-ISMS-P-2023": [ - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1190", - "T1078", - "T1204", - "T1098", - "T1136", - "T1525", - "T1562", - "T1110", - "T1040", - "T1119", - "T1530", - "T1485", - "T1486", - "T1491", - "T1499", - "T1496", - "T1498" - ], - "CIS-2.0": [ - "3.5" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "**AWS accounts** have **AWS Config recorders** active and healthy in each Region. It identifies Regions with no recorder, a disabled recorder, or a recorder in a failure state.", - "title": "AWS Config recorder is enabled and not in failure state or disabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-config_recorder_all_regions_enabled-211203495394-eu-west-2-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-2", - "data": { - "details": "", - "metadata": { - "name": "211203495394", - "role_arn": "", - "recording": null, - "last_status": null, - "region": "eu-west-2" - } - }, - "group": { - "name": "config" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:config:eu-west-2:211203495394:recorder" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-2" - }, - "remediation": { - "desc": "Enable **AWS Config** in every Region with continuous recording and maintain healthy recorder status.", - "references": [ - "https://hub.prowler.com/check/config_recorder_all_regions_enabled" - ] - }, - "risk_details": "**Gaps in Config recording** create **blind spots**. Changes in unmonitored Regions aren't captured, weakening **integrity** and **auditability**. Adversaries can alter resources or stage assets unnoticed, enabling misconfigurations and delaying **incident response**.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "AWS Config recorder 211203495394 is disabled.", - "metadata": { - "event_code": "config_recorder_all_regions_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "AWS Config recorder 211203495394 is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "logging", - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://repost.aws/es/questions/QUGcgeerhcTamRkwgdwh_tLQ/enable-aws-config", - "https://www.tenable.com/audits/items/CIS_Amazon_Web_Services_Foundations_v1.5.0_L2.audit:6a5136528bd329139e5969f8f1e5ffbc", - "https://aws.amazon.com/blogs/mt/aws-config-best-practices/" - ], - "notes": "", - "compliance": { - "HIPAA": [ - "164_308_a_1_ii_a" - ], - "SOC2": [ - "cc_2_1", - "cc_3_1", - "cc_3_4", - "cc_8_1" - ], - "C5-2025": [ - "OIS-05.01B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "DEV-08.02B" - ], - "NIST-CSF-1.1": [ - "cm_2", - "am_1", - "ra_5", - "sc_4", - "ip_12" - ], - "CIS-3.0": [ - "3.3" - ], - "ENS-RD2022": [ - "op.exp.1.aws.cfg.1", - "op.exp.1.aws.cfg.2", - "op.exp.3.aws.cfg.1", - "op.exp.3.r3.aws.cfg.1", - "op.mon.3.r2.aws.cfg.1", - "op.mon.3.r6.aws.cfg.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "3.3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "2.4", - "2.4.a", - "10.5", - "10.5.2", - "11.5", - "11.5.a", - "11.5.b" - ], - "CIS-5.0": [ - "3.3" - ], - "CIS-1.4": [ - "3.5" - ], - "GxP-EU-Annex-11": [ - "10-change-and-configuration-management", - "4.5-validation-development-quality", - "4.6-validation-quality-performance" - ], - "ProwlerThreatScore-1.0": [ - "3.3.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "Config.1" - ], - "CIS-1.5": [ - "3.5" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.22" - ], - "AWS-Account-Security-Onboarding": [ - "Enable continuous recording for most of the resources", - "Confirm that records are present in central aggregator" - ], - "KISA-ISMS-P-2023": [ - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1190", - "T1078", - "T1204", - "T1098", - "T1136", - "T1525", - "T1562", - "T1110", - "T1040", - "T1119", - "T1530", - "T1485", - "T1486", - "T1491", - "T1499", - "T1496", - "T1498" - ], - "CIS-2.0": [ - "3.5" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "**AWS accounts** have **AWS Config recorders** active and healthy in each Region. It identifies Regions with no recorder, a disabled recorder, or a recorder in a failure state.", - "title": "AWS Config recorder is enabled and not in failure state or disabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-config_recorder_all_regions_enabled-211203495394-eu-west-3-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-3", - "data": { - "details": "", - "metadata": { - "name": "211203495394", - "role_arn": "", - "recording": null, - "last_status": null, - "region": "eu-west-3" - } - }, - "group": { - "name": "config" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:config:eu-west-3:211203495394:recorder" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-3" - }, - "remediation": { - "desc": "Enable **AWS Config** in every Region with continuous recording and maintain healthy recorder status.", - "references": [ - "https://hub.prowler.com/check/config_recorder_all_regions_enabled" - ] - }, - "risk_details": "**Gaps in Config recording** create **blind spots**. Changes in unmonitored Regions aren't captured, weakening **integrity** and **auditability**. Adversaries can alter resources or stage assets unnoticed, enabling misconfigurations and delaying **incident response**.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "AWS Config recorder 211203495394 is disabled.", - "metadata": { - "event_code": "config_recorder_all_regions_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "AWS Config recorder 211203495394 is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "logging", - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://repost.aws/es/questions/QUGcgeerhcTamRkwgdwh_tLQ/enable-aws-config", - "https://www.tenable.com/audits/items/CIS_Amazon_Web_Services_Foundations_v1.5.0_L2.audit:6a5136528bd329139e5969f8f1e5ffbc", - "https://aws.amazon.com/blogs/mt/aws-config-best-practices/" - ], - "notes": "", - "compliance": { - "HIPAA": [ - "164_308_a_1_ii_a" - ], - "SOC2": [ - "cc_2_1", - "cc_3_1", - "cc_3_4", - "cc_8_1" - ], - "C5-2025": [ - "OIS-05.01B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "DEV-08.02B" - ], - "NIST-CSF-1.1": [ - "cm_2", - "am_1", - "ra_5", - "sc_4", - "ip_12" - ], - "CIS-3.0": [ - "3.3" - ], - "ENS-RD2022": [ - "op.exp.1.aws.cfg.1", - "op.exp.1.aws.cfg.2", - "op.exp.3.aws.cfg.1", - "op.exp.3.r3.aws.cfg.1", - "op.mon.3.r2.aws.cfg.1", - "op.mon.3.r6.aws.cfg.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "3.3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "2.4", - "2.4.a", - "10.5", - "10.5.2", - "11.5", - "11.5.a", - "11.5.b" - ], - "CIS-5.0": [ - "3.3" - ], - "CIS-1.4": [ - "3.5" - ], - "GxP-EU-Annex-11": [ - "10-change-and-configuration-management", - "4.5-validation-development-quality", - "4.6-validation-quality-performance" - ], - "ProwlerThreatScore-1.0": [ - "3.3.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "Config.1" - ], - "CIS-1.5": [ - "3.5" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.22" - ], - "AWS-Account-Security-Onboarding": [ - "Enable continuous recording for most of the resources", - "Confirm that records are present in central aggregator" - ], - "KISA-ISMS-P-2023": [ - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1190", - "T1078", - "T1204", - "T1098", - "T1136", - "T1525", - "T1562", - "T1110", - "T1040", - "T1119", - "T1530", - "T1485", - "T1486", - "T1491", - "T1499", - "T1496", - "T1498" - ], - "CIS-2.0": [ - "3.5" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "**AWS accounts** have **AWS Config recorders** active and healthy in each Region. It identifies Regions with no recorder, a disabled recorder, or a recorder in a failure state.", - "title": "AWS Config recorder is enabled and not in failure state or disabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-config_recorder_all_regions_enabled-211203495394-sa-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "sa-east-1", - "data": { - "details": "", - "metadata": { - "name": "211203495394", - "role_arn": "", - "recording": null, - "last_status": null, - "region": "sa-east-1" - } - }, - "group": { - "name": "config" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:config:sa-east-1:211203495394:recorder" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "sa-east-1" - }, - "remediation": { - "desc": "Enable **AWS Config** in every Region with continuous recording and maintain healthy recorder status.", - "references": [ - "https://hub.prowler.com/check/config_recorder_all_regions_enabled" - ] - }, - "risk_details": "**Gaps in Config recording** create **blind spots**. Changes in unmonitored Regions aren't captured, weakening **integrity** and **auditability**. Adversaries can alter resources or stage assets unnoticed, enabling misconfigurations and delaying **incident response**.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "AWS Config recorder 211203495394 is disabled.", - "metadata": { - "event_code": "config_recorder_all_regions_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "AWS Config recorder 211203495394 is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "logging", - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://repost.aws/es/questions/QUGcgeerhcTamRkwgdwh_tLQ/enable-aws-config", - "https://www.tenable.com/audits/items/CIS_Amazon_Web_Services_Foundations_v1.5.0_L2.audit:6a5136528bd329139e5969f8f1e5ffbc", - "https://aws.amazon.com/blogs/mt/aws-config-best-practices/" - ], - "notes": "", - "compliance": { - "HIPAA": [ - "164_308_a_1_ii_a" - ], - "SOC2": [ - "cc_2_1", - "cc_3_1", - "cc_3_4", - "cc_8_1" - ], - "C5-2025": [ - "OIS-05.01B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "DEV-08.02B" - ], - "NIST-CSF-1.1": [ - "cm_2", - "am_1", - "ra_5", - "sc_4", - "ip_12" - ], - "CIS-3.0": [ - "3.3" - ], - "ENS-RD2022": [ - "op.exp.1.aws.cfg.1", - "op.exp.1.aws.cfg.2", - "op.exp.3.aws.cfg.1", - "op.exp.3.r3.aws.cfg.1", - "op.mon.3.r2.aws.cfg.1", - "op.mon.3.r6.aws.cfg.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "3.3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "2.4", - "2.4.a", - "10.5", - "10.5.2", - "11.5", - "11.5.a", - "11.5.b" - ], - "CIS-5.0": [ - "3.3" - ], - "CIS-1.4": [ - "3.5" - ], - "GxP-EU-Annex-11": [ - "10-change-and-configuration-management", - "4.5-validation-development-quality", - "4.6-validation-quality-performance" - ], - "ProwlerThreatScore-1.0": [ - "3.3.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "Config.1" - ], - "CIS-1.5": [ - "3.5" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.22" - ], - "AWS-Account-Security-Onboarding": [ - "Enable continuous recording for most of the resources", - "Confirm that records are present in central aggregator" - ], - "KISA-ISMS-P-2023": [ - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1190", - "T1078", - "T1204", - "T1098", - "T1136", - "T1525", - "T1562", - "T1110", - "T1040", - "T1119", - "T1530", - "T1485", - "T1486", - "T1491", - "T1499", - "T1496", - "T1498" - ], - "CIS-2.0": [ - "3.5" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "**AWS accounts** have **AWS Config recorders** active and healthy in each Region. It identifies Regions with no recorder, a disabled recorder, or a recorder in a failure state.", - "title": "AWS Config recorder is enabled and not in failure state or disabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-config_recorder_all_regions_enabled-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "211203495394", - "role_arn": "", - "recording": null, - "last_status": null, - "region": "us-east-1" - } - }, - "group": { - "name": "config" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:config:us-east-1:211203495394:recorder" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Enable **AWS Config** in every Region with continuous recording and maintain healthy recorder status.", - "references": [ - "https://hub.prowler.com/check/config_recorder_all_regions_enabled" - ] - }, - "risk_details": "**Gaps in Config recording** create **blind spots**. Changes in unmonitored Regions aren't captured, weakening **integrity** and **auditability**. Adversaries can alter resources or stage assets unnoticed, enabling misconfigurations and delaying **incident response**.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "AWS Config recorder 211203495394 is disabled.", - "metadata": { - "event_code": "config_recorder_all_regions_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "AWS Config recorder 211203495394 is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "logging", - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://repost.aws/es/questions/QUGcgeerhcTamRkwgdwh_tLQ/enable-aws-config", - "https://www.tenable.com/audits/items/CIS_Amazon_Web_Services_Foundations_v1.5.0_L2.audit:6a5136528bd329139e5969f8f1e5ffbc", - "https://aws.amazon.com/blogs/mt/aws-config-best-practices/" - ], - "notes": "", - "compliance": { - "HIPAA": [ - "164_308_a_1_ii_a" - ], - "SOC2": [ - "cc_2_1", - "cc_3_1", - "cc_3_4", - "cc_8_1" - ], - "C5-2025": [ - "OIS-05.01B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "DEV-08.02B" - ], - "NIST-CSF-1.1": [ - "cm_2", - "am_1", - "ra_5", - "sc_4", - "ip_12" - ], - "CIS-3.0": [ - "3.3" - ], - "ENS-RD2022": [ - "op.exp.1.aws.cfg.1", - "op.exp.1.aws.cfg.2", - "op.exp.3.aws.cfg.1", - "op.exp.3.r3.aws.cfg.1", - "op.mon.3.r2.aws.cfg.1", - "op.mon.3.r6.aws.cfg.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "3.3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "2.4", - "2.4.a", - "10.5", - "10.5.2", - "11.5", - "11.5.a", - "11.5.b" - ], - "CIS-5.0": [ - "3.3" - ], - "CIS-1.4": [ - "3.5" - ], - "GxP-EU-Annex-11": [ - "10-change-and-configuration-management", - "4.5-validation-development-quality", - "4.6-validation-quality-performance" - ], - "ProwlerThreatScore-1.0": [ - "3.3.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "Config.1" - ], - "CIS-1.5": [ - "3.5" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.22" - ], - "AWS-Account-Security-Onboarding": [ - "Enable continuous recording for most of the resources", - "Confirm that records are present in central aggregator" - ], - "KISA-ISMS-P-2023": [ - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1190", - "T1078", - "T1204", - "T1098", - "T1136", - "T1525", - "T1562", - "T1110", - "T1040", - "T1119", - "T1530", - "T1485", - "T1486", - "T1491", - "T1499", - "T1496", - "T1498" - ], - "CIS-2.0": [ - "3.5" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "**AWS accounts** have **AWS Config recorders** active and healthy in each Region. It identifies Regions with no recorder, a disabled recorder, or a recorder in a failure state.", - "title": "AWS Config recorder is enabled and not in failure state or disabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-config_recorder_all_regions_enabled-211203495394-us-east-2-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-2", - "data": { - "details": "", - "metadata": { - "name": "211203495394", - "role_arn": "", - "recording": null, - "last_status": null, - "region": "us-east-2" - } - }, - "group": { - "name": "config" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:config:us-east-2:211203495394:recorder" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-2" - }, - "remediation": { - "desc": "Enable **AWS Config** in every Region with continuous recording and maintain healthy recorder status.", - "references": [ - "https://hub.prowler.com/check/config_recorder_all_regions_enabled" - ] - }, - "risk_details": "**Gaps in Config recording** create **blind spots**. Changes in unmonitored Regions aren't captured, weakening **integrity** and **auditability**. Adversaries can alter resources or stage assets unnoticed, enabling misconfigurations and delaying **incident response**.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "AWS Config recorder 211203495394 is disabled.", - "metadata": { - "event_code": "config_recorder_all_regions_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "AWS Config recorder 211203495394 is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "logging", - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://repost.aws/es/questions/QUGcgeerhcTamRkwgdwh_tLQ/enable-aws-config", - "https://www.tenable.com/audits/items/CIS_Amazon_Web_Services_Foundations_v1.5.0_L2.audit:6a5136528bd329139e5969f8f1e5ffbc", - "https://aws.amazon.com/blogs/mt/aws-config-best-practices/" - ], - "notes": "", - "compliance": { - "HIPAA": [ - "164_308_a_1_ii_a" - ], - "SOC2": [ - "cc_2_1", - "cc_3_1", - "cc_3_4", - "cc_8_1" - ], - "C5-2025": [ - "OIS-05.01B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "DEV-08.02B" - ], - "NIST-CSF-1.1": [ - "cm_2", - "am_1", - "ra_5", - "sc_4", - "ip_12" - ], - "CIS-3.0": [ - "3.3" - ], - "ENS-RD2022": [ - "op.exp.1.aws.cfg.1", - "op.exp.1.aws.cfg.2", - "op.exp.3.aws.cfg.1", - "op.exp.3.r3.aws.cfg.1", - "op.mon.3.r2.aws.cfg.1", - "op.mon.3.r6.aws.cfg.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "3.3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "2.4", - "2.4.a", - "10.5", - "10.5.2", - "11.5", - "11.5.a", - "11.5.b" - ], - "CIS-5.0": [ - "3.3" - ], - "CIS-1.4": [ - "3.5" - ], - "GxP-EU-Annex-11": [ - "10-change-and-configuration-management", - "4.5-validation-development-quality", - "4.6-validation-quality-performance" - ], - "ProwlerThreatScore-1.0": [ - "3.3.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "Config.1" - ], - "CIS-1.5": [ - "3.5" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.22" - ], - "AWS-Account-Security-Onboarding": [ - "Enable continuous recording for most of the resources", - "Confirm that records are present in central aggregator" - ], - "KISA-ISMS-P-2023": [ - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1190", - "T1078", - "T1204", - "T1098", - "T1136", - "T1525", - "T1562", - "T1110", - "T1040", - "T1119", - "T1530", - "T1485", - "T1486", - "T1491", - "T1499", - "T1496", - "T1498" - ], - "CIS-2.0": [ - "3.5" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "**AWS accounts** have **AWS Config recorders** active and healthy in each Region. It identifies Regions with no recorder, a disabled recorder, or a recorder in a failure state.", - "title": "AWS Config recorder is enabled and not in failure state or disabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-config_recorder_all_regions_enabled-211203495394-us-west-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-west-1", - "data": { - "details": "", - "metadata": { - "name": "211203495394", - "role_arn": "", - "recording": null, - "last_status": null, - "region": "us-west-1" - } - }, - "group": { - "name": "config" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:config:us-west-1:211203495394:recorder" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-west-1" - }, - "remediation": { - "desc": "Enable **AWS Config** in every Region with continuous recording and maintain healthy recorder status.", - "references": [ - "https://hub.prowler.com/check/config_recorder_all_regions_enabled" - ] - }, - "risk_details": "**Gaps in Config recording** create **blind spots**. Changes in unmonitored Regions aren't captured, weakening **integrity** and **auditability**. Adversaries can alter resources or stage assets unnoticed, enabling misconfigurations and delaying **incident response**.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "AWS Config recorder 211203495394 is disabled.", - "metadata": { - "event_code": "config_recorder_all_regions_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "AWS Config recorder 211203495394 is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "logging", - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://repost.aws/es/questions/QUGcgeerhcTamRkwgdwh_tLQ/enable-aws-config", - "https://www.tenable.com/audits/items/CIS_Amazon_Web_Services_Foundations_v1.5.0_L2.audit:6a5136528bd329139e5969f8f1e5ffbc", - "https://aws.amazon.com/blogs/mt/aws-config-best-practices/" - ], - "notes": "", - "compliance": { - "HIPAA": [ - "164_308_a_1_ii_a" - ], - "SOC2": [ - "cc_2_1", - "cc_3_1", - "cc_3_4", - "cc_8_1" - ], - "C5-2025": [ - "OIS-05.01B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "DEV-08.02B" - ], - "NIST-CSF-1.1": [ - "cm_2", - "am_1", - "ra_5", - "sc_4", - "ip_12" - ], - "CIS-3.0": [ - "3.3" - ], - "ENS-RD2022": [ - "op.exp.1.aws.cfg.1", - "op.exp.1.aws.cfg.2", - "op.exp.3.aws.cfg.1", - "op.exp.3.r3.aws.cfg.1", - "op.mon.3.r2.aws.cfg.1", - "op.mon.3.r6.aws.cfg.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "3.3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "2.4", - "2.4.a", - "10.5", - "10.5.2", - "11.5", - "11.5.a", - "11.5.b" - ], - "CIS-5.0": [ - "3.3" - ], - "CIS-1.4": [ - "3.5" - ], - "GxP-EU-Annex-11": [ - "10-change-and-configuration-management", - "4.5-validation-development-quality", - "4.6-validation-quality-performance" - ], - "ProwlerThreatScore-1.0": [ - "3.3.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "Config.1" - ], - "CIS-1.5": [ - "3.5" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.22" - ], - "AWS-Account-Security-Onboarding": [ - "Enable continuous recording for most of the resources", - "Confirm that records are present in central aggregator" - ], - "KISA-ISMS-P-2023": [ - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1190", - "T1078", - "T1204", - "T1098", - "T1136", - "T1525", - "T1562", - "T1110", - "T1040", - "T1119", - "T1530", - "T1485", - "T1486", - "T1491", - "T1499", - "T1496", - "T1498" - ], - "CIS-2.0": [ - "3.5" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "**AWS accounts** have **AWS Config recorders** active and healthy in each Region. It identifies Regions with no recorder, a disabled recorder, or a recorder in a failure state.", - "title": "AWS Config recorder is enabled and not in failure state or disabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-config_recorder_all_regions_enabled-211203495394-us-west-2-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-west-2", - "data": { - "details": "", - "metadata": { - "name": "211203495394", - "role_arn": "", - "recording": null, - "last_status": null, - "region": "us-west-2" - } - }, - "group": { - "name": "config" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:config:us-west-2:211203495394:recorder" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-west-2" - }, - "remediation": { - "desc": "Enable **AWS Config** in every Region with continuous recording and maintain healthy recorder status.", - "references": [ - "https://hub.prowler.com/check/config_recorder_all_regions_enabled" - ] - }, - "risk_details": "**Gaps in Config recording** create **blind spots**. Changes in unmonitored Regions aren't captured, weakening **integrity** and **auditability**. Adversaries can alter resources or stage assets unnoticed, enabling misconfigurations and delaying **incident response**.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default does not allow cross-account access.", - "metadata": { - "event_code": "eventbridge_bus_cross_account_access", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default does not allow cross-account access.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OPS-13.03AC", - "IAM-10.01B", - "COS-04.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "CCC": [ - "CCC.Core.CN05.AR03" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "title": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "types": [], - "uid": "prowler-aws-eventbridge_bus_cross_account_access-211203495394-ap-northeast-1-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-northeast-1", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:ap-northeast-1:211203495394:event-bus/default", - "region": "ap-northeast-1", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:ap-northeast-1:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-northeast-1" - }, - "remediation": { - "desc": "To remediate this issue, remove the unknown cross-account access for delivery of events from the AWS EventBridge event bus.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If an AWS EventBridge event bus allows unknown cross-account access for delivery of events, it can lead to unauthorized access to the event bus and its events.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default does not allow cross-account access.", - "metadata": { - "event_code": "eventbridge_bus_cross_account_access", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default does not allow cross-account access.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OPS-13.03AC", - "IAM-10.01B", - "COS-04.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "CCC": [ - "CCC.Core.CN05.AR03" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "title": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "types": [], - "uid": "prowler-aws-eventbridge_bus_cross_account_access-211203495394-ap-northeast-2-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-northeast-2", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:ap-northeast-2:211203495394:event-bus/default", - "region": "ap-northeast-2", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:ap-northeast-2:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-northeast-2" - }, - "remediation": { - "desc": "To remediate this issue, remove the unknown cross-account access for delivery of events from the AWS EventBridge event bus.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If an AWS EventBridge event bus allows unknown cross-account access for delivery of events, it can lead to unauthorized access to the event bus and its events.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default does not allow cross-account access.", - "metadata": { - "event_code": "eventbridge_bus_cross_account_access", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default does not allow cross-account access.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OPS-13.03AC", - "IAM-10.01B", - "COS-04.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "CCC": [ - "CCC.Core.CN05.AR03" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "title": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "types": [], - "uid": "prowler-aws-eventbridge_bus_cross_account_access-211203495394-ap-northeast-3-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-northeast-3", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:ap-northeast-3:211203495394:event-bus/default", - "region": "ap-northeast-3", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:ap-northeast-3:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-northeast-3" - }, - "remediation": { - "desc": "To remediate this issue, remove the unknown cross-account access for delivery of events from the AWS EventBridge event bus.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If an AWS EventBridge event bus allows unknown cross-account access for delivery of events, it can lead to unauthorized access to the event bus and its events.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default does not allow cross-account access.", - "metadata": { - "event_code": "eventbridge_bus_cross_account_access", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default does not allow cross-account access.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OPS-13.03AC", - "IAM-10.01B", - "COS-04.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "CCC": [ - "CCC.Core.CN05.AR03" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "title": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "types": [], - "uid": "prowler-aws-eventbridge_bus_cross_account_access-211203495394-ap-south-1-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-south-1", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:ap-south-1:211203495394:event-bus/default", - "region": "ap-south-1", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:ap-south-1:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-south-1" - }, - "remediation": { - "desc": "To remediate this issue, remove the unknown cross-account access for delivery of events from the AWS EventBridge event bus.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If an AWS EventBridge event bus allows unknown cross-account access for delivery of events, it can lead to unauthorized access to the event bus and its events.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default does not allow cross-account access.", - "metadata": { - "event_code": "eventbridge_bus_cross_account_access", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default does not allow cross-account access.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OPS-13.03AC", - "IAM-10.01B", - "COS-04.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "CCC": [ - "CCC.Core.CN05.AR03" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "title": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "types": [], - "uid": "prowler-aws-eventbridge_bus_cross_account_access-211203495394-ap-southeast-1-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-southeast-1", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:ap-southeast-1:211203495394:event-bus/default", - "region": "ap-southeast-1", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:ap-southeast-1:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-southeast-1" - }, - "remediation": { - "desc": "To remediate this issue, remove the unknown cross-account access for delivery of events from the AWS EventBridge event bus.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If an AWS EventBridge event bus allows unknown cross-account access for delivery of events, it can lead to unauthorized access to the event bus and its events.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default does not allow cross-account access.", - "metadata": { - "event_code": "eventbridge_bus_cross_account_access", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default does not allow cross-account access.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OPS-13.03AC", - "IAM-10.01B", - "COS-04.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "CCC": [ - "CCC.Core.CN05.AR03" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "title": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "types": [], - "uid": "prowler-aws-eventbridge_bus_cross_account_access-211203495394-ap-southeast-2-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-southeast-2", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:ap-southeast-2:211203495394:event-bus/default", - "region": "ap-southeast-2", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:ap-southeast-2:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-southeast-2" - }, - "remediation": { - "desc": "To remediate this issue, remove the unknown cross-account access for delivery of events from the AWS EventBridge event bus.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If an AWS EventBridge event bus allows unknown cross-account access for delivery of events, it can lead to unauthorized access to the event bus and its events.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default does not allow cross-account access.", - "metadata": { - "event_code": "eventbridge_bus_cross_account_access", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default does not allow cross-account access.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OPS-13.03AC", - "IAM-10.01B", - "COS-04.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "CCC": [ - "CCC.Core.CN05.AR03" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "title": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "types": [], - "uid": "prowler-aws-eventbridge_bus_cross_account_access-211203495394-ca-central-1-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ca-central-1", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:ca-central-1:211203495394:event-bus/default", - "region": "ca-central-1", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:ca-central-1:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ca-central-1" - }, - "remediation": { - "desc": "To remediate this issue, remove the unknown cross-account access for delivery of events from the AWS EventBridge event bus.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If an AWS EventBridge event bus allows unknown cross-account access for delivery of events, it can lead to unauthorized access to the event bus and its events.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default does not allow cross-account access.", - "metadata": { - "event_code": "eventbridge_bus_cross_account_access", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default does not allow cross-account access.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OPS-13.03AC", - "IAM-10.01B", - "COS-04.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "CCC": [ - "CCC.Core.CN05.AR03" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "title": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "types": [], - "uid": "prowler-aws-eventbridge_bus_cross_account_access-211203495394-eu-central-1-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-central-1", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:eu-central-1:211203495394:event-bus/default", - "region": "eu-central-1", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:eu-central-1:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-central-1" - }, - "remediation": { - "desc": "To remediate this issue, remove the unknown cross-account access for delivery of events from the AWS EventBridge event bus.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If an AWS EventBridge event bus allows unknown cross-account access for delivery of events, it can lead to unauthorized access to the event bus and its events.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default does not allow cross-account access.", - "metadata": { - "event_code": "eventbridge_bus_cross_account_access", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default does not allow cross-account access.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OPS-13.03AC", - "IAM-10.01B", - "COS-04.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "CCC": [ - "CCC.Core.CN05.AR03" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "title": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "types": [], - "uid": "prowler-aws-eventbridge_bus_cross_account_access-211203495394-eu-north-1-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-north-1", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:eu-north-1:211203495394:event-bus/default", - "region": "eu-north-1", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:eu-north-1:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-north-1" - }, - "remediation": { - "desc": "To remediate this issue, remove the unknown cross-account access for delivery of events from the AWS EventBridge event bus.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If an AWS EventBridge event bus allows unknown cross-account access for delivery of events, it can lead to unauthorized access to the event bus and its events.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default does not allow cross-account access.", - "metadata": { - "event_code": "eventbridge_bus_cross_account_access", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default does not allow cross-account access.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OPS-13.03AC", - "IAM-10.01B", - "COS-04.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "CCC": [ - "CCC.Core.CN05.AR03" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "title": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "types": [], - "uid": "prowler-aws-eventbridge_bus_cross_account_access-211203495394-eu-west-1-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:eu-west-1:211203495394:event-bus/default", - "region": "eu-west-1", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:eu-west-1:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "To remediate this issue, remove the unknown cross-account access for delivery of events from the AWS EventBridge event bus.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If an AWS EventBridge event bus allows unknown cross-account access for delivery of events, it can lead to unauthorized access to the event bus and its events.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default does not allow cross-account access.", - "metadata": { - "event_code": "eventbridge_bus_cross_account_access", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default does not allow cross-account access.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OPS-13.03AC", - "IAM-10.01B", - "COS-04.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "CCC": [ - "CCC.Core.CN05.AR03" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "title": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "types": [], - "uid": "prowler-aws-eventbridge_bus_cross_account_access-211203495394-eu-west-2-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-2", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:eu-west-2:211203495394:event-bus/default", - "region": "eu-west-2", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:eu-west-2:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-2" - }, - "remediation": { - "desc": "To remediate this issue, remove the unknown cross-account access for delivery of events from the AWS EventBridge event bus.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If an AWS EventBridge event bus allows unknown cross-account access for delivery of events, it can lead to unauthorized access to the event bus and its events.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default does not allow cross-account access.", - "metadata": { - "event_code": "eventbridge_bus_cross_account_access", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default does not allow cross-account access.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OPS-13.03AC", - "IAM-10.01B", - "COS-04.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "CCC": [ - "CCC.Core.CN05.AR03" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "title": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "types": [], - "uid": "prowler-aws-eventbridge_bus_cross_account_access-211203495394-eu-west-3-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-3", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:eu-west-3:211203495394:event-bus/default", - "region": "eu-west-3", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:eu-west-3:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-3" - }, - "remediation": { - "desc": "To remediate this issue, remove the unknown cross-account access for delivery of events from the AWS EventBridge event bus.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If an AWS EventBridge event bus allows unknown cross-account access for delivery of events, it can lead to unauthorized access to the event bus and its events.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default does not allow cross-account access.", - "metadata": { - "event_code": "eventbridge_bus_cross_account_access", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default does not allow cross-account access.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OPS-13.03AC", - "IAM-10.01B", - "COS-04.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "CCC": [ - "CCC.Core.CN05.AR03" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "title": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "types": [], - "uid": "prowler-aws-eventbridge_bus_cross_account_access-211203495394-sa-east-1-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "sa-east-1", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:sa-east-1:211203495394:event-bus/default", - "region": "sa-east-1", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:sa-east-1:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "sa-east-1" - }, - "remediation": { - "desc": "To remediate this issue, remove the unknown cross-account access for delivery of events from the AWS EventBridge event bus.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If an AWS EventBridge event bus allows unknown cross-account access for delivery of events, it can lead to unauthorized access to the event bus and its events.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default does not allow cross-account access.", - "metadata": { - "event_code": "eventbridge_bus_cross_account_access", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default does not allow cross-account access.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OPS-13.03AC", - "IAM-10.01B", - "COS-04.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "CCC": [ - "CCC.Core.CN05.AR03" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "title": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "types": [], - "uid": "prowler-aws-eventbridge_bus_cross_account_access-211203495394-us-east-1-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:us-east-1:211203495394:event-bus/default", - "region": "us-east-1", - "kms_key_id": null, - "policy": {}, - "tags": [ - { - "Key": "Preexisting", - "Value": "20251012" - } - ] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [ - "Preexisting:20251012" - ], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:us-east-1:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "To remediate this issue, remove the unknown cross-account access for delivery of events from the AWS EventBridge event bus.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If an AWS EventBridge event bus allows unknown cross-account access for delivery of events, it can lead to unauthorized access to the event bus and its events.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default does not allow cross-account access.", - "metadata": { - "event_code": "eventbridge_bus_cross_account_access", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default does not allow cross-account access.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OPS-13.03AC", - "IAM-10.01B", - "COS-04.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "CCC": [ - "CCC.Core.CN05.AR03" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "title": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "types": [], - "uid": "prowler-aws-eventbridge_bus_cross_account_access-211203495394-us-east-2-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-2", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:us-east-2:211203495394:event-bus/default", - "region": "us-east-2", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:us-east-2:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-2" - }, - "remediation": { - "desc": "To remediate this issue, remove the unknown cross-account access for delivery of events from the AWS EventBridge event bus.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If an AWS EventBridge event bus allows unknown cross-account access for delivery of events, it can lead to unauthorized access to the event bus and its events.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default does not allow cross-account access.", - "metadata": { - "event_code": "eventbridge_bus_cross_account_access", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default does not allow cross-account access.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OPS-13.03AC", - "IAM-10.01B", - "COS-04.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "CCC": [ - "CCC.Core.CN05.AR03" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "title": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "types": [], - "uid": "prowler-aws-eventbridge_bus_cross_account_access-211203495394-us-west-1-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-west-1", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:us-west-1:211203495394:event-bus/default", - "region": "us-west-1", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:us-west-1:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-west-1" - }, - "remediation": { - "desc": "To remediate this issue, remove the unknown cross-account access for delivery of events from the AWS EventBridge event bus.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If an AWS EventBridge event bus allows unknown cross-account access for delivery of events, it can lead to unauthorized access to the event bus and its events.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default does not allow cross-account access.", - "metadata": { - "event_code": "eventbridge_bus_cross_account_access", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default does not allow cross-account access.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OPS-13.03AC", - "IAM-10.01B", - "COS-04.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "CCC": [ - "CCC.Core.CN05.AR03" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "title": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "types": [], - "uid": "prowler-aws-eventbridge_bus_cross_account_access-211203495394-us-west-2-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-west-2", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:us-west-2:211203495394:event-bus/default", - "region": "us-west-2", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:us-west-2:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-west-2" - }, - "remediation": { - "desc": "To remediate this issue, remove the unknown cross-account access for delivery of events from the AWS EventBridge event bus.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If an AWS EventBridge event bus allows unknown cross-account access for delivery of events, it can lead to unauthorized access to the event bus and its events.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default is not exposed to everyone.", - "metadata": { - "event_code": "eventbridge_bus_exposed", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default is not exposed to everyone.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "KISA-ISMS-P-2023-korean": [ - "2.6.2", - "2.10.2" - ], - "ProwlerThreatScore-1.0": [ - "2.3.13" - ], - "KISA-ISMS-P-2023": [ - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Ensure that your AWS EventBridge event bus is not exposed to everyone.", - "title": "Ensure that your AWS EventBridge event bus is not exposed to everyone", - "types": [], - "uid": "prowler-aws-eventbridge_bus_exposed-211203495394-ap-northeast-1-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-northeast-1", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:ap-northeast-1:211203495394:event-bus/default", - "region": "ap-northeast-1", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:ap-northeast-1:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-northeast-1" - }, - "remediation": { - "desc": "To restrict access to your AWS EventBridge event bus, remove the permission that allows everyone to access it.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If your AWS EventBridge event bus is exposed to everyone, unauthorized users can access your event bus and potentially view or modify your events.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default is not exposed to everyone.", - "metadata": { - "event_code": "eventbridge_bus_exposed", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default is not exposed to everyone.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "KISA-ISMS-P-2023-korean": [ - "2.6.2", - "2.10.2" - ], - "ProwlerThreatScore-1.0": [ - "2.3.13" - ], - "KISA-ISMS-P-2023": [ - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Ensure that your AWS EventBridge event bus is not exposed to everyone.", - "title": "Ensure that your AWS EventBridge event bus is not exposed to everyone", - "types": [], - "uid": "prowler-aws-eventbridge_bus_exposed-211203495394-ap-northeast-2-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-northeast-2", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:ap-northeast-2:211203495394:event-bus/default", - "region": "ap-northeast-2", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:ap-northeast-2:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-northeast-2" - }, - "remediation": { - "desc": "To restrict access to your AWS EventBridge event bus, remove the permission that allows everyone to access it.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If your AWS EventBridge event bus is exposed to everyone, unauthorized users can access your event bus and potentially view or modify your events.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default is not exposed to everyone.", - "metadata": { - "event_code": "eventbridge_bus_exposed", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default is not exposed to everyone.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "KISA-ISMS-P-2023-korean": [ - "2.6.2", - "2.10.2" - ], - "ProwlerThreatScore-1.0": [ - "2.3.13" - ], - "KISA-ISMS-P-2023": [ - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Ensure that your AWS EventBridge event bus is not exposed to everyone.", - "title": "Ensure that your AWS EventBridge event bus is not exposed to everyone", - "types": [], - "uid": "prowler-aws-eventbridge_bus_exposed-211203495394-ap-northeast-3-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-northeast-3", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:ap-northeast-3:211203495394:event-bus/default", - "region": "ap-northeast-3", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:ap-northeast-3:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-northeast-3" - }, - "remediation": { - "desc": "To restrict access to your AWS EventBridge event bus, remove the permission that allows everyone to access it.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If your AWS EventBridge event bus is exposed to everyone, unauthorized users can access your event bus and potentially view or modify your events.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default is not exposed to everyone.", - "metadata": { - "event_code": "eventbridge_bus_exposed", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default is not exposed to everyone.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "KISA-ISMS-P-2023-korean": [ - "2.6.2", - "2.10.2" - ], - "ProwlerThreatScore-1.0": [ - "2.3.13" - ], - "KISA-ISMS-P-2023": [ - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Ensure that your AWS EventBridge event bus is not exposed to everyone.", - "title": "Ensure that your AWS EventBridge event bus is not exposed to everyone", - "types": [], - "uid": "prowler-aws-eventbridge_bus_exposed-211203495394-ap-south-1-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-south-1", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:ap-south-1:211203495394:event-bus/default", - "region": "ap-south-1", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:ap-south-1:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-south-1" - }, - "remediation": { - "desc": "To restrict access to your AWS EventBridge event bus, remove the permission that allows everyone to access it.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If your AWS EventBridge event bus is exposed to everyone, unauthorized users can access your event bus and potentially view or modify your events.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default is not exposed to everyone.", - "metadata": { - "event_code": "eventbridge_bus_exposed", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default is not exposed to everyone.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "KISA-ISMS-P-2023-korean": [ - "2.6.2", - "2.10.2" - ], - "ProwlerThreatScore-1.0": [ - "2.3.13" - ], - "KISA-ISMS-P-2023": [ - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Ensure that your AWS EventBridge event bus is not exposed to everyone.", - "title": "Ensure that your AWS EventBridge event bus is not exposed to everyone", - "types": [], - "uid": "prowler-aws-eventbridge_bus_exposed-211203495394-ap-southeast-1-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-southeast-1", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:ap-southeast-1:211203495394:event-bus/default", - "region": "ap-southeast-1", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:ap-southeast-1:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-southeast-1" - }, - "remediation": { - "desc": "To restrict access to your AWS EventBridge event bus, remove the permission that allows everyone to access it.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If your AWS EventBridge event bus is exposed to everyone, unauthorized users can access your event bus and potentially view or modify your events.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default is not exposed to everyone.", - "metadata": { - "event_code": "eventbridge_bus_exposed", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default is not exposed to everyone.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "KISA-ISMS-P-2023-korean": [ - "2.6.2", - "2.10.2" - ], - "ProwlerThreatScore-1.0": [ - "2.3.13" - ], - "KISA-ISMS-P-2023": [ - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Ensure that your AWS EventBridge event bus is not exposed to everyone.", - "title": "Ensure that your AWS EventBridge event bus is not exposed to everyone", - "types": [], - "uid": "prowler-aws-eventbridge_bus_exposed-211203495394-ap-southeast-2-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-southeast-2", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:ap-southeast-2:211203495394:event-bus/default", - "region": "ap-southeast-2", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:ap-southeast-2:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-southeast-2" - }, - "remediation": { - "desc": "To restrict access to your AWS EventBridge event bus, remove the permission that allows everyone to access it.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If your AWS EventBridge event bus is exposed to everyone, unauthorized users can access your event bus and potentially view or modify your events.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default is not exposed to everyone.", - "metadata": { - "event_code": "eventbridge_bus_exposed", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default is not exposed to everyone.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "KISA-ISMS-P-2023-korean": [ - "2.6.2", - "2.10.2" - ], - "ProwlerThreatScore-1.0": [ - "2.3.13" - ], - "KISA-ISMS-P-2023": [ - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Ensure that your AWS EventBridge event bus is not exposed to everyone.", - "title": "Ensure that your AWS EventBridge event bus is not exposed to everyone", - "types": [], - "uid": "prowler-aws-eventbridge_bus_exposed-211203495394-ca-central-1-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ca-central-1", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:ca-central-1:211203495394:event-bus/default", - "region": "ca-central-1", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:ca-central-1:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ca-central-1" - }, - "remediation": { - "desc": "To restrict access to your AWS EventBridge event bus, remove the permission that allows everyone to access it.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If your AWS EventBridge event bus is exposed to everyone, unauthorized users can access your event bus and potentially view or modify your events.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default is not exposed to everyone.", - "metadata": { - "event_code": "eventbridge_bus_exposed", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default is not exposed to everyone.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "KISA-ISMS-P-2023-korean": [ - "2.6.2", - "2.10.2" - ], - "ProwlerThreatScore-1.0": [ - "2.3.13" - ], - "KISA-ISMS-P-2023": [ - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Ensure that your AWS EventBridge event bus is not exposed to everyone.", - "title": "Ensure that your AWS EventBridge event bus is not exposed to everyone", - "types": [], - "uid": "prowler-aws-eventbridge_bus_exposed-211203495394-eu-central-1-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-central-1", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:eu-central-1:211203495394:event-bus/default", - "region": "eu-central-1", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:eu-central-1:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-central-1" - }, - "remediation": { - "desc": "To restrict access to your AWS EventBridge event bus, remove the permission that allows everyone to access it.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If your AWS EventBridge event bus is exposed to everyone, unauthorized users can access your event bus and potentially view or modify your events.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default is not exposed to everyone.", - "metadata": { - "event_code": "eventbridge_bus_exposed", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default is not exposed to everyone.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "KISA-ISMS-P-2023-korean": [ - "2.6.2", - "2.10.2" - ], - "ProwlerThreatScore-1.0": [ - "2.3.13" - ], - "KISA-ISMS-P-2023": [ - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Ensure that your AWS EventBridge event bus is not exposed to everyone.", - "title": "Ensure that your AWS EventBridge event bus is not exposed to everyone", - "types": [], - "uid": "prowler-aws-eventbridge_bus_exposed-211203495394-eu-north-1-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-north-1", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:eu-north-1:211203495394:event-bus/default", - "region": "eu-north-1", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:eu-north-1:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-north-1" - }, - "remediation": { - "desc": "To restrict access to your AWS EventBridge event bus, remove the permission that allows everyone to access it.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If your AWS EventBridge event bus is exposed to everyone, unauthorized users can access your event bus and potentially view or modify your events.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default is not exposed to everyone.", - "metadata": { - "event_code": "eventbridge_bus_exposed", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default is not exposed to everyone.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "KISA-ISMS-P-2023-korean": [ - "2.6.2", - "2.10.2" - ], - "ProwlerThreatScore-1.0": [ - "2.3.13" - ], - "KISA-ISMS-P-2023": [ - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Ensure that your AWS EventBridge event bus is not exposed to everyone.", - "title": "Ensure that your AWS EventBridge event bus is not exposed to everyone", - "types": [], - "uid": "prowler-aws-eventbridge_bus_exposed-211203495394-eu-west-1-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:eu-west-1:211203495394:event-bus/default", - "region": "eu-west-1", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:eu-west-1:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "To restrict access to your AWS EventBridge event bus, remove the permission that allows everyone to access it.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If your AWS EventBridge event bus is exposed to everyone, unauthorized users can access your event bus and potentially view or modify your events.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default is not exposed to everyone.", - "metadata": { - "event_code": "eventbridge_bus_exposed", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default is not exposed to everyone.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "KISA-ISMS-P-2023-korean": [ - "2.6.2", - "2.10.2" - ], - "ProwlerThreatScore-1.0": [ - "2.3.13" - ], - "KISA-ISMS-P-2023": [ - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Ensure that your AWS EventBridge event bus is not exposed to everyone.", - "title": "Ensure that your AWS EventBridge event bus is not exposed to everyone", - "types": [], - "uid": "prowler-aws-eventbridge_bus_exposed-211203495394-eu-west-2-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-2", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:eu-west-2:211203495394:event-bus/default", - "region": "eu-west-2", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:eu-west-2:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-2" - }, - "remediation": { - "desc": "To restrict access to your AWS EventBridge event bus, remove the permission that allows everyone to access it.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If your AWS EventBridge event bus is exposed to everyone, unauthorized users can access your event bus and potentially view or modify your events.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default is not exposed to everyone.", - "metadata": { - "event_code": "eventbridge_bus_exposed", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default is not exposed to everyone.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "KISA-ISMS-P-2023-korean": [ - "2.6.2", - "2.10.2" - ], - "ProwlerThreatScore-1.0": [ - "2.3.13" - ], - "KISA-ISMS-P-2023": [ - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Ensure that your AWS EventBridge event bus is not exposed to everyone.", - "title": "Ensure that your AWS EventBridge event bus is not exposed to everyone", - "types": [], - "uid": "prowler-aws-eventbridge_bus_exposed-211203495394-eu-west-3-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-3", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:eu-west-3:211203495394:event-bus/default", - "region": "eu-west-3", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:eu-west-3:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-3" - }, - "remediation": { - "desc": "To restrict access to your AWS EventBridge event bus, remove the permission that allows everyone to access it.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If your AWS EventBridge event bus is exposed to everyone, unauthorized users can access your event bus and potentially view or modify your events.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default is not exposed to everyone.", - "metadata": { - "event_code": "eventbridge_bus_exposed", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default is not exposed to everyone.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "KISA-ISMS-P-2023-korean": [ - "2.6.2", - "2.10.2" - ], - "ProwlerThreatScore-1.0": [ - "2.3.13" - ], - "KISA-ISMS-P-2023": [ - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Ensure that your AWS EventBridge event bus is not exposed to everyone.", - "title": "Ensure that your AWS EventBridge event bus is not exposed to everyone", - "types": [], - "uid": "prowler-aws-eventbridge_bus_exposed-211203495394-sa-east-1-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "sa-east-1", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:sa-east-1:211203495394:event-bus/default", - "region": "sa-east-1", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:sa-east-1:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "sa-east-1" - }, - "remediation": { - "desc": "To restrict access to your AWS EventBridge event bus, remove the permission that allows everyone to access it.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If your AWS EventBridge event bus is exposed to everyone, unauthorized users can access your event bus and potentially view or modify your events.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default is not exposed to everyone.", - "metadata": { - "event_code": "eventbridge_bus_exposed", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default is not exposed to everyone.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "KISA-ISMS-P-2023-korean": [ - "2.6.2", - "2.10.2" - ], - "ProwlerThreatScore-1.0": [ - "2.3.13" - ], - "KISA-ISMS-P-2023": [ - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Ensure that your AWS EventBridge event bus is not exposed to everyone.", - "title": "Ensure that your AWS EventBridge event bus is not exposed to everyone", - "types": [], - "uid": "prowler-aws-eventbridge_bus_exposed-211203495394-us-east-1-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:us-east-1:211203495394:event-bus/default", - "region": "us-east-1", - "kms_key_id": null, - "policy": {}, - "tags": [ - { - "Key": "Preexisting", - "Value": "20251012" - } - ] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [ - "Preexisting:20251012" - ], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:us-east-1:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "To restrict access to your AWS EventBridge event bus, remove the permission that allows everyone to access it.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If your AWS EventBridge event bus is exposed to everyone, unauthorized users can access your event bus and potentially view or modify your events.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default is not exposed to everyone.", - "metadata": { - "event_code": "eventbridge_bus_exposed", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default is not exposed to everyone.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "KISA-ISMS-P-2023-korean": [ - "2.6.2", - "2.10.2" - ], - "ProwlerThreatScore-1.0": [ - "2.3.13" - ], - "KISA-ISMS-P-2023": [ - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Ensure that your AWS EventBridge event bus is not exposed to everyone.", - "title": "Ensure that your AWS EventBridge event bus is not exposed to everyone", - "types": [], - "uid": "prowler-aws-eventbridge_bus_exposed-211203495394-us-east-2-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-2", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:us-east-2:211203495394:event-bus/default", - "region": "us-east-2", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:us-east-2:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-2" - }, - "remediation": { - "desc": "To restrict access to your AWS EventBridge event bus, remove the permission that allows everyone to access it.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If your AWS EventBridge event bus is exposed to everyone, unauthorized users can access your event bus and potentially view or modify your events.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default is not exposed to everyone.", - "metadata": { - "event_code": "eventbridge_bus_exposed", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default is not exposed to everyone.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "KISA-ISMS-P-2023-korean": [ - "2.6.2", - "2.10.2" - ], - "ProwlerThreatScore-1.0": [ - "2.3.13" - ], - "KISA-ISMS-P-2023": [ - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Ensure that your AWS EventBridge event bus is not exposed to everyone.", - "title": "Ensure that your AWS EventBridge event bus is not exposed to everyone", - "types": [], - "uid": "prowler-aws-eventbridge_bus_exposed-211203495394-us-west-1-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-west-1", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:us-west-1:211203495394:event-bus/default", - "region": "us-west-1", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:us-west-1:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-west-1" - }, - "remediation": { - "desc": "To restrict access to your AWS EventBridge event bus, remove the permission that allows everyone to access it.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If your AWS EventBridge event bus is exposed to everyone, unauthorized users can access your event bus and potentially view or modify your events.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default is not exposed to everyone.", - "metadata": { - "event_code": "eventbridge_bus_exposed", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default is not exposed to everyone.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "KISA-ISMS-P-2023-korean": [ - "2.6.2", - "2.10.2" - ], - "ProwlerThreatScore-1.0": [ - "2.3.13" - ], - "KISA-ISMS-P-2023": [ - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Ensure that your AWS EventBridge event bus is not exposed to everyone.", - "title": "Ensure that your AWS EventBridge event bus is not exposed to everyone", - "types": [], - "uid": "prowler-aws-eventbridge_bus_exposed-211203495394-us-west-2-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-west-2", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:us-west-2:211203495394:event-bus/default", - "region": "us-west-2", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:us-west-2:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-west-2" - }, - "remediation": { - "desc": "To restrict access to your AWS EventBridge event bus, remove the permission that allows everyone to access it.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If your AWS EventBridge event bus is exposed to everyone, unauthorized users can access your event bus and potentially view or modify your events.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "FMS without any compliant policy for account 211203495394.", - "metadata": { - "event_code": "fms_policy_compliant", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "FMS without any compliant policy for account 211203495394.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/waf/latest/developerguide/getting-started-fms-intro.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "SP-01.04B", - "HR-01.01B", - "IAM-01.01B", - "IAM-01.04B" - ], - "ENS-RD2022": [ - "mp.com.1.aws.nfw.2" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.1", - "2.10.2" - ], - "KISA-ISMS-P-2023": [ - "2.10.1", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "This check ensures all FMS policies inside an admin account are compliant", - "title": "Ensure that all FMS policies inside an admin account are compliant", - "types": [], - "uid": "prowler-aws-fms_policy_compliant-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "fms" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:fms:us-east-1:211203495394:policy" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Ensure FMS is enabled and all the policies are compliant across your AWS accounts", - "references": [ - "https://docs.aws.amazon.com/waf/latest/developerguide/getting-started-fms-intro.html" - ] - }, - "risk_details": "If FMS policies are not compliant, means there are resources unprotected by the policies", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Root user in the account wasn't accessed in the last 1 days.", - "metadata": { - "event_code": "iam_avoid_root_usage", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Root user in the account wasn't accessed in the last 1 days.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-03.01B", - "IAM-03.03B", - "IAM-06.02B", - "IAM-06.04B" - ], - "CIS-3.0": [ - "1.7" - ], - "ENS-RD2022": [ - "op.acc.2.aws.iam.4", - "op.acc.4.aws.iam.7" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.7" - ], - "CIS-5.0": [ - "1.6" - ], - "CIS-1.4": [ - "1.7" - ], - "CCC": [ - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN05.AR02" - ], - "ProwlerThreatScore-1.0": [ - "1.2.5" - ], - "CIS-1.5": [ - "1.7" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC02-BP01" - ], - "ISO27001-2022": [ - "A.5.15" - ], - "AWS-Account-Security-Onboarding": [ - "Block root user" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.10.2" - ], - "ISO27001-2013": [ - "A.9.2", - "A.9.4" - ], - "MITRE-ATTACK": [ - "T1078", - "T1098" - ], - "CIS-2.0": [ - "1.7" - ], - "NIS2": [ - "6.7.2.e", - "11.3.2.b", - "11.3.2.c", - "11.4.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Avoid the use of the root account", - "title": "Avoid the use of the root accounts", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_avoid_root_usage-211203495394-us-east-1-" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "user": "", - "arn": "arn:aws:iam::211203495394:root", - "user_creation_time": "2025-10-03T16:10:08Z", - "password_enabled": "true", - "password_last_used": "2025-10-15T00:42:44Z", - "password_last_changed": "2025-10-03T16:10:08Z", - "password_next_rotation": "not_supported", - "mfa_active": "true", - "access_key_1_active": "false", - "access_key_1_last_rotated": "N/A", - "access_key_1_last_used_date": "N/A", - "access_key_1_last_used_region": "N/A", - "access_key_1_last_used_service": "N/A", - "access_key_2_active": "false", - "access_key_2_last_rotated": "N/A", - "access_key_2_last_used_date": "N/A", - "access_key_2_last_used_region": "N/A", - "access_key_2_last_used_service": "N/A", - "cert_1_active": "false", - "cert_1_last_rotated": "N/A", - "cert_2_active": "false", - "cert_2_last_rotated": "N/A" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "", - "type": "AwsIamUser", - "uid": "arn:aws:iam::211203495394:root" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Follow the remediation instructions of the Ensure IAM policies are attached only to groups or roles recommendation.", - "references": [ - "http://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html" - ] - }, - "risk_details": "The root account has unrestricted access to all resources in the AWS account. It is highly recommended that the use of this account be avoided.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "AWS policy ElastiCacheServiceRolePolicy is attached but does not allow '*:*' administrative privileges.", - "metadata": { - "event_code": "iam_aws_attached_policy_no_administrative_privileges", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "AWS policy ElastiCacheServiceRolePolicy is attached but does not allow '*:*' administrative privileges.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "CAF Security Epic: IAM", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_1", - "3_1_2", - "3_1_4", - "3_1_5", - "3_1_6", - "3_1_7", - "3_4_6", - "3_13_3" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_1" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_308_a_3_i", - "164_308_a_3_ii_b", - "164_308_a_4_i", - "164_308_a_4_ii_b", - "164_308_a_4_ii_c", - "164_312_a_1" - ], - "SOC2": [ - "cc_1_3", - "cc_6_3" - ], - "C5-2025": [ - "OIS-04.03B", - "OIS-04.01AC", - "SP-01.04B", - "HR-01.01B", - "IAM-01.01B", - "IAM-01.04B" - ], - "NIST-CSF-1.1": [ - "ac_1", - "ac_4", - "pt_3" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-1", - "ac-2-f", - "ac-2-j", - "ac-3", - "ac-5-c", - "ac-6-10", - "ac-6", - "sc-2" - ], - "CIS-3.0": [ - "1.16" - ], - "NIST-800-53-Revision-5": [ - "ac_2_1", - "ac_2_6", - "ac_2_i_2", - "ac_3", - "ac_3_3", - "ac_3_3_a", - "ac_3_3_b_1", - "ac_3_3_b_2", - "ac_3_3_b_3", - "ac_3_3_b_4", - "ac_3_3_b_5", - "ac_3_3_c", - "ac_3_4", - "ac_3_4_a", - "ac_3_4_b", - "ac_3_4_c", - "ac_3_4_d", - "ac_3_4_e", - "ac_3_7", - "ac_3_8", - "ac_3_12_a", - "ac_3_13", - "ac_3_15_a", - "ac_3_15_b", - "ac_4_28", - "ac_5_b", - "ac_6", - "ac_6_2", - "ac_6_3", - "ac_6_10", - "ac_24", - "cm_5_1_a", - "cm_6_a", - "cm_9_b", - "mp_2", - "sc_23_3", - "sc_25" - ], - "ENS-RD2022": [ - "op.acc.4.aws.iam.1", - "op.acc.4.aws.iam.2", - "op.acc.4.aws.iam.9", - "op.exp.8.r4.aws.ct.8" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.16" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "ac-3" - ], - "FFIEC": [ - "d3-pc-am-b-1", - "d3-pc-am-b-16", - "d3-pc-am-b-2", - "d3-pc-am-b-3", - "d3-pc-am-b-6", - "d3-pc-im-b-7" - ], - "GDPR": [ - "article_25" - ], - "CIS-5.0": [ - "1.15" - ], - "CIS-1.4": [ - "1.16" - ], - "CCC": [ - "CCC.LB.CN05.AR01", - "CCC.Core.CN05.AR02" - ], - "GxP-21-CFR-Part-11": [ - "11.10-d", - "11.10-g" - ], - "ProwlerThreatScore-1.0": [ - "1.3.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "IAM.1" - ], - "CIS-1.5": [ - "1.16" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC03-BP02" - ], - "ISO27001-2022": [ - "A.5.18", - "A.8.2" - ], - "NIST-800-53-Revision-4": [ - "ac_2", - "ac_3", - "ac_5", - "ac_6", - "sc_2" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1078", - "T1648", - "T1098", - "T1578", - "T1550", - "T1040", - "T1580", - "T1538", - "T1619", - "T1201" - ], - "CIS-2.0": [ - "1.16" - ], - "CISA": [ - "your-systems-3", - "your-surroundings-3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Ensure IAM AWS-Managed policies that allow full \"*:*\" administrative privileges are not attached", - "title": "Ensure IAM AWS-Managed policies that allow full \"*:*\" administrative privileges are not attached", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_aws_attached_policy_no_administrative_privileges-211203495394-us-east-1-ElastiCacheServiceRolePolicy" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "ElastiCacheServiceRolePolicy", - "arn": "arn:aws:iam::aws:policy/aws-service-role/ElastiCacheServiceRolePolicy", - "entity": "ANPAIML5LIBUZBVCSF7PI", - "version_id": "v4", - "type": "AWS", - "attached": true, - "document": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "ElastiCacheManagementActions", - "Effect": "Allow", - "Action": [ - "ec2:AuthorizeSecurityGroupIngress", - "ec2:CreateNetworkInterface", - "ec2:CreateSecurityGroup", - "ec2:DeleteNetworkInterface", - "ec2:DeleteSecurityGroup", - "ec2:DescribeAvailabilityZones", - "ec2:DescribeNetworkInterfaces", - "ec2:DescribeSecurityGroups", - "ec2:DescribeSubnets", - "ec2:DescribeVpcs", - "ec2:DescribeVpcEndpoints", - "ec2:ModifyNetworkInterfaceAttribute", - "ec2:RevokeSecurityGroupIngress", - "cloudwatch:PutMetricData", - "outposts:GetOutpost", - "outposts:GetOutpostInstanceTypes", - "outposts:ListOutposts", - "outposts:ListSites" - ], - "Resource": "*" - }, - { - "Sid": "CreateDeleteVPCEndpoints", - "Effect": "Allow", - "Action": [ - "ec2:CreateVpcEndpoint", - "ec2:DeleteVpcEndpoints" - ], - "Resource": "arn:aws:ec2:*:*:vpc-endpoint/*", - "Condition": { - "StringLike": { - "ec2:VpceServiceName": "com.amazonaws.elasticache.serverless.*" - } - } - }, - { - "Sid": "TagVPCEndpointsOnCreation", - "Effect": "Allow", - "Action": [ - "ec2:CreateTags" - ], - "Resource": "arn:aws:ec2:*:*:vpc-endpoint/*", - "Condition": { - "StringEquals": { - "ec2:CreateAction": "CreateVpcEndpoint", - "aws:RequestTag/AmazonElastiCacheManaged": "true" - } - } - }, - { - "Sid": "ModifyVpcEndpoints", - "Effect": "Allow", - "Action": [ - "ec2:ModifyVpcEndpoint" - ], - "Resource": "arn:aws:ec2:*:*:vpc-endpoint/*", - "Condition": { - "StringEquals": { - "ec2:ResourceTag/AmazonElastiCacheManaged": "true" - } - } - }, - { - "Sid": "AllowAccessToElastiCacheTaggedVpcEndpoints", - "Effect": "Allow", - "Action": [ - "ec2:CreateVpcEndpoint", - "ec2:ModifyVpcEndpoint" - ], - "NotResource": "arn:aws:ec2:*:*:vpc-endpoint/*" - } - ] - }, - "tags": [] - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "ElastiCacheServiceRolePolicy", - "type": "AwsIamPolicy", - "uid": "arn:aws:iam::aws:policy/aws-service-role/ElastiCacheServiceRolePolicy" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "It is more secure to start with a minimum set of permissions and grant additional permissions as necessary, rather than starting with permissions that are too lenient and then trying to tighten them later. List policies an analyze if permissions are the least possible to conduct business activities.", - "references": [ - "http://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html" - ] - }, - "risk_details": "IAM policies are the means by which privileges are granted to users, groups, or roles. It is recommended and considered a standard security advice to grant least privilegeβ€”that is, granting only the permissions required to perform a task. Determine what users need to do and then craft policies for them that let the users perform only those tasks instead of allowing full administrative privileges. Providing full administrative privileges instead of restricting to the minimum set of permissions that the user is required to do exposes the resources to potentially unwanted actions.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "AWS policy AWSTrustedAdvisorServiceRolePolicy is attached but does not allow '*:*' administrative privileges.", - "metadata": { - "event_code": "iam_aws_attached_policy_no_administrative_privileges", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "AWS policy AWSTrustedAdvisorServiceRolePolicy is attached but does not allow '*:*' administrative privileges.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "CAF Security Epic: IAM", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_1", - "3_1_2", - "3_1_4", - "3_1_5", - "3_1_6", - "3_1_7", - "3_4_6", - "3_13_3" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_1" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_308_a_3_i", - "164_308_a_3_ii_b", - "164_308_a_4_i", - "164_308_a_4_ii_b", - "164_308_a_4_ii_c", - "164_312_a_1" - ], - "SOC2": [ - "cc_1_3", - "cc_6_3" - ], - "C5-2025": [ - "OIS-04.03B", - "OIS-04.01AC", - "SP-01.04B", - "HR-01.01B", - "IAM-01.01B", - "IAM-01.04B" - ], - "NIST-CSF-1.1": [ - "ac_1", - "ac_4", - "pt_3" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-1", - "ac-2-f", - "ac-2-j", - "ac-3", - "ac-5-c", - "ac-6-10", - "ac-6", - "sc-2" - ], - "CIS-3.0": [ - "1.16" - ], - "NIST-800-53-Revision-5": [ - "ac_2_1", - "ac_2_6", - "ac_2_i_2", - "ac_3", - "ac_3_3", - "ac_3_3_a", - "ac_3_3_b_1", - "ac_3_3_b_2", - "ac_3_3_b_3", - "ac_3_3_b_4", - "ac_3_3_b_5", - "ac_3_3_c", - "ac_3_4", - "ac_3_4_a", - "ac_3_4_b", - "ac_3_4_c", - "ac_3_4_d", - "ac_3_4_e", - "ac_3_7", - "ac_3_8", - "ac_3_12_a", - "ac_3_13", - "ac_3_15_a", - "ac_3_15_b", - "ac_4_28", - "ac_5_b", - "ac_6", - "ac_6_2", - "ac_6_3", - "ac_6_10", - "ac_24", - "cm_5_1_a", - "cm_6_a", - "cm_9_b", - "mp_2", - "sc_23_3", - "sc_25" - ], - "ENS-RD2022": [ - "op.acc.4.aws.iam.1", - "op.acc.4.aws.iam.2", - "op.acc.4.aws.iam.9", - "op.exp.8.r4.aws.ct.8" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.16" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "ac-3" - ], - "FFIEC": [ - "d3-pc-am-b-1", - "d3-pc-am-b-16", - "d3-pc-am-b-2", - "d3-pc-am-b-3", - "d3-pc-am-b-6", - "d3-pc-im-b-7" - ], - "GDPR": [ - "article_25" - ], - "CIS-5.0": [ - "1.15" - ], - "CIS-1.4": [ - "1.16" - ], - "CCC": [ - "CCC.LB.CN05.AR01", - "CCC.Core.CN05.AR02" - ], - "GxP-21-CFR-Part-11": [ - "11.10-d", - "11.10-g" - ], - "ProwlerThreatScore-1.0": [ - "1.3.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "IAM.1" - ], - "CIS-1.5": [ - "1.16" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC03-BP02" - ], - "ISO27001-2022": [ - "A.5.18", - "A.8.2" - ], - "NIST-800-53-Revision-4": [ - "ac_2", - "ac_3", - "ac_5", - "ac_6", - "sc_2" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1078", - "T1648", - "T1098", - "T1578", - "T1550", - "T1040", - "T1580", - "T1538", - "T1619", - "T1201" - ], - "CIS-2.0": [ - "1.16" - ], - "CISA": [ - "your-systems-3", - "your-surroundings-3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Ensure IAM AWS-Managed policies that allow full \"*:*\" administrative privileges are not attached", - "title": "Ensure IAM AWS-Managed policies that allow full \"*:*\" administrative privileges are not attached", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_aws_attached_policy_no_administrative_privileges-211203495394-us-east-1-AWSTrustedAdvisorServiceRolePolicy" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "AWSTrustedAdvisorServiceRolePolicy", - "arn": "arn:aws:iam::aws:policy/aws-service-role/AWSTrustedAdvisorServiceRolePolicy", - "entity": "ANPAJH4QJ2WMHBOB47BUE", - "version_id": "v14", - "type": "AWS", - "attached": true, - "document": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "TrustedAdvisorServiceRolePermissions", - "Effect": "Allow", - "Action": [ - "access-analyzer:ListAnalyzers", - "autoscaling:DescribeAccountLimits", - "autoscaling:DescribeAutoScalingGroups", - "autoscaling:DescribeLaunchConfigurations", - "ce:GetReservationPurchaseRecommendation", - "ce:GetSavingsPlansPurchaseRecommendation", - "cloudformation:DescribeAccountLimits", - "cloudformation:DescribeStacks", - "cloudformation:ListStacks", - "cloudfront:ListDistributions", - "cloudtrail:DescribeTrails", - "cloudtrail:GetTrailStatus", - "cloudtrail:GetTrail", - "cloudtrail:ListTrails", - "cloudtrail:GetEventSelectors", - "cloudwatch:GetMetricStatistics", - "cloudwatch:ListMetrics", - "dax:DescribeClusters", - "dynamodb:DescribeLimits", - "dynamodb:DescribeTable", - "dynamodb:ListTables", - "ec2:DescribeAddresses", - "ec2:DescribeReservedInstances", - "ec2:DescribeInstances", - "ec2:DescribeVpcs", - "ec2:DescribeInternetGateways", - "ec2:DescribeImages", - "ec2:DescribeNatGateways", - "ec2:DescribeVolumes", - "ec2:DescribeSecurityGroups", - "ec2:DescribeSubnets", - "ec2:DescribeRegions", - "ec2:DescribeReservedInstancesOfferings", - "ec2:DescribeRouteTables", - "ec2:DescribeSnapshots", - "ec2:DescribeVpcEndpoints", - "ec2:DescribeVpnConnections", - "ec2:DescribeVpnGateways", - "ec2:DescribeLaunchTemplateVersions", - "ec2:GetManagedPrefixListEntries", - "ecs:DescribeTaskDefinition", - "ecs:ListTaskDefinitions", - "elasticloadbalancing:DescribeAccountLimits", - "elasticloadbalancing:DescribeInstanceHealth", - "elasticloadbalancing:DescribeLoadBalancerAttributes", - "elasticloadbalancing:DescribeLoadBalancerPolicies", - "elasticloadbalancing:DescribeLoadBalancerPolicyTypes", - "elasticloadbalancing:DescribeLoadBalancers", - "elasticloadbalancing:DescribeListeners", - "elasticloadbalancing:DescribeRules", - "elasticloadbalancing:DescribeTargetGroups", - "elasticloadbalancing:DescribeTargetHealth", - "iam:GenerateCredentialReport", - "iam:GetAccountPasswordPolicy", - "iam:GetAccountSummary", - "iam:GetCredentialReport", - "iam:GetServerCertificate", - "iam:ListServerCertificates", - "iam:ListSAMLProviders", - "kinesis:DescribeLimits", - "kafka:DescribeClusterV2", - "kafka:ListClustersV2", - "kafka:ListNodes", - "network-firewall:ListFirewalls", - "network-firewall:DescribeFirewall", - "outposts:ListAssets", - "outposts:GetOutpost", - "outposts:ListOutposts", - "rds:DescribeAccountAttributes", - "rds:DescribeDBClusters", - "rds:DescribeDBEngineVersions", - "rds:DescribeDBInstances", - "rds:DescribeDBParameterGroups", - "rds:DescribeDBParameters", - "rds:DescribeDBSecurityGroups", - "rds:DescribeDBSnapshots", - "rds:DescribeDBSubnetGroups", - "rds:DescribeEngineDefaultParameters", - "rds:DescribeEvents", - "rds:DescribeOptionGroupOptions", - "rds:DescribeOptionGroups", - "rds:DescribeOrderableDBInstanceOptions", - "rds:DescribeReservedDBInstances", - "rds:DescribeReservedDBInstancesOfferings", - "rds:ListTagsForResource", - "redshift:DescribeClusters", - "redshift:DescribeReservedNodeOfferings", - "redshift:DescribeReservedNodes", - "route53:GetAccountLimit", - "route53:GetHealthCheck", - "route53:GetHostedZone", - "route53:ListHealthChecks", - "route53:ListHostedZones", - "route53:ListHostedZonesByName", - "route53:ListResourceRecordSets", - "route53resolver:ListResolverEndpoints", - "route53resolver:ListResolverEndpointIpAddresses", - "s3:GetAccountPublicAccessBlock", - "s3:GetBucketAcl", - "s3:GetBucketPolicy", - "s3:GetBucketPolicyStatus", - "s3:GetBucketLocation", - "s3:GetBucketLogging", - "s3:GetBucketVersioning", - "s3:GetBucketPublicAccessBlock", - "s3:GetLifecycleConfiguration", - "s3:ListBucket", - "s3:ListAllMyBuckets", - "ses:GetSendQuota", - "sqs:GetQueueAttributes", - "sqs:ListQueues" - ], - "Resource": "*" - } - ] - }, - "tags": [] - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "AWSTrustedAdvisorServiceRolePolicy", - "type": "AwsIamPolicy", - "uid": "arn:aws:iam::aws:policy/aws-service-role/AWSTrustedAdvisorServiceRolePolicy" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "It is more secure to start with a minimum set of permissions and grant additional permissions as necessary, rather than starting with permissions that are too lenient and then trying to tighten them later. List policies an analyze if permissions are the least possible to conduct business activities.", - "references": [ - "http://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html" - ] - }, - "risk_details": "IAM policies are the means by which privileges are granted to users, groups, or roles. It is recommended and considered a standard security advice to grant least privilegeβ€”that is, granting only the permissions required to perform a task. Determine what users need to do and then craft policies for them that let the users perform only those tasks instead of allowing full administrative privileges. Providing full administrative privileges instead of restricting to the minimum set of permissions that the user is required to do exposes the resources to potentially unwanted actions.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "AWS policy AdministratorAccess is attached and allows '*:*' administrative privileges.", - "metadata": { - "event_code": "iam_aws_attached_policy_no_administrative_privileges", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "AWS policy AdministratorAccess is attached and allows '*:*' administrative privileges.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "CAF Security Epic: IAM", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_1", - "3_1_2", - "3_1_4", - "3_1_5", - "3_1_6", - "3_1_7", - "3_4_6", - "3_13_3" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_1" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_308_a_3_i", - "164_308_a_3_ii_b", - "164_308_a_4_i", - "164_308_a_4_ii_b", - "164_308_a_4_ii_c", - "164_312_a_1" - ], - "SOC2": [ - "cc_1_3", - "cc_6_3" - ], - "C5-2025": [ - "OIS-04.03B", - "OIS-04.01AC", - "SP-01.04B", - "HR-01.01B", - "IAM-01.01B", - "IAM-01.04B" - ], - "NIST-CSF-1.1": [ - "ac_1", - "ac_4", - "pt_3" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-1", - "ac-2-f", - "ac-2-j", - "ac-3", - "ac-5-c", - "ac-6-10", - "ac-6", - "sc-2" - ], - "CIS-3.0": [ - "1.16" - ], - "NIST-800-53-Revision-5": [ - "ac_2_1", - "ac_2_6", - "ac_2_i_2", - "ac_3", - "ac_3_3", - "ac_3_3_a", - "ac_3_3_b_1", - "ac_3_3_b_2", - "ac_3_3_b_3", - "ac_3_3_b_4", - "ac_3_3_b_5", - "ac_3_3_c", - "ac_3_4", - "ac_3_4_a", - "ac_3_4_b", - "ac_3_4_c", - "ac_3_4_d", - "ac_3_4_e", - "ac_3_7", - "ac_3_8", - "ac_3_12_a", - "ac_3_13", - "ac_3_15_a", - "ac_3_15_b", - "ac_4_28", - "ac_5_b", - "ac_6", - "ac_6_2", - "ac_6_3", - "ac_6_10", - "ac_24", - "cm_5_1_a", - "cm_6_a", - "cm_9_b", - "mp_2", - "sc_23_3", - "sc_25" - ], - "ENS-RD2022": [ - "op.acc.4.aws.iam.1", - "op.acc.4.aws.iam.2", - "op.acc.4.aws.iam.9", - "op.exp.8.r4.aws.ct.8" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.16" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "ac-3" - ], - "FFIEC": [ - "d3-pc-am-b-1", - "d3-pc-am-b-16", - "d3-pc-am-b-2", - "d3-pc-am-b-3", - "d3-pc-am-b-6", - "d3-pc-im-b-7" - ], - "GDPR": [ - "article_25" - ], - "CIS-5.0": [ - "1.15" - ], - "CIS-1.4": [ - "1.16" - ], - "CCC": [ - "CCC.LB.CN05.AR01", - "CCC.Core.CN05.AR02" - ], - "GxP-21-CFR-Part-11": [ - "11.10-d", - "11.10-g" - ], - "ProwlerThreatScore-1.0": [ - "1.3.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "IAM.1" - ], - "CIS-1.5": [ - "1.16" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC03-BP02" - ], - "ISO27001-2022": [ - "A.5.18", - "A.8.2" - ], - "NIST-800-53-Revision-4": [ - "ac_2", - "ac_3", - "ac_5", - "ac_6", - "sc_2" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1078", - "T1648", - "T1098", - "T1578", - "T1550", - "T1040", - "T1580", - "T1538", - "T1619", - "T1201" - ], - "CIS-2.0": [ - "1.16" - ], - "CISA": [ - "your-systems-3", - "your-surroundings-3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Ensure IAM AWS-Managed policies that allow full \"*:*\" administrative privileges are not attached", - "title": "Ensure IAM AWS-Managed policies that allow full \"*:*\" administrative privileges are not attached", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_aws_attached_policy_no_administrative_privileges-211203495394-us-east-1-AdministratorAccess" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "AdministratorAccess", - "arn": "arn:aws:iam::aws:policy/AdministratorAccess", - "entity": "ANPAIWMBCKSKIEE64ZLYK", - "version_id": "v1", - "type": "AWS", - "attached": true, - "document": { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Action": "*", - "Resource": "*" - } - ] - }, - "tags": [] - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "AdministratorAccess", - "type": "AwsIamPolicy", - "uid": "arn:aws:iam::aws:policy/AdministratorAccess" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "It is more secure to start with a minimum set of permissions and grant additional permissions as necessary, rather than starting with permissions that are too lenient and then trying to tighten them later. List policies an analyze if permissions are the least possible to conduct business activities.", - "references": [ - "http://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html" - ] - }, - "risk_details": "IAM policies are the means by which privileges are granted to users, groups, or roles. It is recommended and considered a standard security advice to grant least privilegeβ€”that is, granting only the permissions required to perform a task. Determine what users need to do and then craft policies for them that let the users perform only those tasks instead of allowing full administrative privileges. Providing full administrative privileges instead of restricting to the minimum set of permissions that the user is required to do exposes the resources to potentially unwanted actions.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "AWS policy AWSSupportServiceRolePolicy is attached but does not allow '*:*' administrative privileges.", - "metadata": { - "event_code": "iam_aws_attached_policy_no_administrative_privileges", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "AWS policy AWSSupportServiceRolePolicy is attached but does not allow '*:*' administrative privileges.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "CAF Security Epic: IAM", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_1", - "3_1_2", - "3_1_4", - "3_1_5", - "3_1_6", - "3_1_7", - "3_4_6", - "3_13_3" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_1" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_308_a_3_i", - "164_308_a_3_ii_b", - "164_308_a_4_i", - "164_308_a_4_ii_b", - "164_308_a_4_ii_c", - "164_312_a_1" - ], - "SOC2": [ - "cc_1_3", - "cc_6_3" - ], - "C5-2025": [ - "OIS-04.03B", - "OIS-04.01AC", - "SP-01.04B", - "HR-01.01B", - "IAM-01.01B", - "IAM-01.04B" - ], - "NIST-CSF-1.1": [ - "ac_1", - "ac_4", - "pt_3" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-1", - "ac-2-f", - "ac-2-j", - "ac-3", - "ac-5-c", - "ac-6-10", - "ac-6", - "sc-2" - ], - "CIS-3.0": [ - "1.16" - ], - "NIST-800-53-Revision-5": [ - "ac_2_1", - "ac_2_6", - "ac_2_i_2", - "ac_3", - "ac_3_3", - "ac_3_3_a", - "ac_3_3_b_1", - "ac_3_3_b_2", - "ac_3_3_b_3", - "ac_3_3_b_4", - "ac_3_3_b_5", - "ac_3_3_c", - "ac_3_4", - "ac_3_4_a", - "ac_3_4_b", - "ac_3_4_c", - "ac_3_4_d", - "ac_3_4_e", - "ac_3_7", - "ac_3_8", - "ac_3_12_a", - "ac_3_13", - "ac_3_15_a", - "ac_3_15_b", - "ac_4_28", - "ac_5_b", - "ac_6", - "ac_6_2", - "ac_6_3", - "ac_6_10", - "ac_24", - "cm_5_1_a", - "cm_6_a", - "cm_9_b", - "mp_2", - "sc_23_3", - "sc_25" - ], - "ENS-RD2022": [ - "op.acc.4.aws.iam.1", - "op.acc.4.aws.iam.2", - "op.acc.4.aws.iam.9", - "op.exp.8.r4.aws.ct.8" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.16" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "ac-3" - ], - "FFIEC": [ - "d3-pc-am-b-1", - "d3-pc-am-b-16", - "d3-pc-am-b-2", - "d3-pc-am-b-3", - "d3-pc-am-b-6", - "d3-pc-im-b-7" - ], - "GDPR": [ - "article_25" - ], - "CIS-5.0": [ - "1.15" - ], - "CIS-1.4": [ - "1.16" - ], - "CCC": [ - "CCC.LB.CN05.AR01", - "CCC.Core.CN05.AR02" - ], - "GxP-21-CFR-Part-11": [ - "11.10-d", - "11.10-g" - ], - "ProwlerThreatScore-1.0": [ - "1.3.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "IAM.1" - ], - "CIS-1.5": [ - "1.16" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC03-BP02" - ], - "ISO27001-2022": [ - "A.5.18", - "A.8.2" - ], - "NIST-800-53-Revision-4": [ - "ac_2", - "ac_3", - "ac_5", - "ac_6", - "sc_2" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1078", - "T1648", - "T1098", - "T1578", - "T1550", - "T1040", - "T1580", - "T1538", - "T1619", - "T1201" - ], - "CIS-2.0": [ - "1.16" - ], - "CISA": [ - "your-systems-3", - "your-surroundings-3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Ensure IAM AWS-Managed policies that allow full \"*:*\" administrative privileges are not attached", - "title": "Ensure IAM AWS-Managed policies that allow full \"*:*\" administrative privileges are not attached", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_aws_attached_policy_no_administrative_privileges-211203495394-us-east-1-AWSSupportServiceRolePolicy" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "AWSSupportServiceRolePolicy", - "arn": "arn:aws:iam::aws:policy/aws-service-role/AWSSupportServiceRolePolicy", - "entity": "ANPAJ7W6266ELXF5MISDS", - "version_id": "v42", - "type": "AWS", - "attached": true, - "document": { - "Statement": [ - { - "Sid": "AWSSupportAPIGatewayAccess", - "Action": [ - "apigateway:GET" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:apigateway:*::/account", - "arn:aws:apigateway:*::/apis", - "arn:aws:apigateway:*::/apis/*", - "arn:aws:apigateway:*::/apis/*/authorizers", - "arn:aws:apigateway:*::/apis/*/authorizers/*", - "arn:aws:apigateway:*::/apis/*/deployments", - "arn:aws:apigateway:*::/apis/*/deployments/*", - "arn:aws:apigateway:*::/apis/*/integrations", - "arn:aws:apigateway:*::/apis/*/integrations/*", - "arn:aws:apigateway:*::/apis/*/integrations/*/integrationresponses", - "arn:aws:apigateway:*::/apis/*/integrations/*/integrationresponses/*", - "arn:aws:apigateway:*::/apis/*/models", - "arn:aws:apigateway:*::/apis/*/models/*", - "arn:aws:apigateway:*::/apis/*/routes", - "arn:aws:apigateway:*::/apis/*/routes/*", - "arn:aws:apigateway:*::/apis/*/routes/*/routeresponses", - "arn:aws:apigateway:*::/apis/*/routes/*/routeresponses/*", - "arn:aws:apigateway:*::/apis/*/stages", - "arn:aws:apigateway:*::/apis/*/stages/*", - "arn:aws:apigateway:*::/clientcertificates", - "arn:aws:apigateway:*::/clientcertificates/*", - "arn:aws:apigateway:*::/domainnames", - "arn:aws:apigateway:*::/domainnames/*", - "arn:aws:apigateway:*::/domainnames/*/apimappings", - "arn:aws:apigateway:*::/domainnames/*/apimappings/*", - "arn:aws:apigateway:*::/domainnames/*/basepathmappings", - "arn:aws:apigateway:*::/domainnames/*/basepathmappings/*", - "arn:aws:apigateway:*::/restapis", - "arn:aws:apigateway:*::/restapis/*", - "arn:aws:apigateway:*::/restapis/*/authorizers", - "arn:aws:apigateway:*::/restapis/*/authorizers/*", - "arn:aws:apigateway:*::/restapis/*/deployments", - "arn:aws:apigateway:*::/restapis/*/deployments/*", - "arn:aws:apigateway:*::/restapis/*/models", - "arn:aws:apigateway:*::/restapis/*/models/*", - "arn:aws:apigateway:*::/restapis/*/models/*/default_template", - "arn:aws:apigateway:*::/restapis/*/resources", - "arn:aws:apigateway:*::/restapis/*/resources/*", - "arn:aws:apigateway:*::/restapis/*/resources/*/methods/*/integration/responses/*", - "arn:aws:apigateway:*::/restapis/*/resources/*/methods/*/responses/*", - "arn:aws:apigateway:*::/restapis/*/stages/*/sdks/*", - "arn:aws:apigateway:*::/restapis/*/resources/*/methods/*", - "arn:aws:apigateway:*::/restapis/*/resources/*/methods/*/integration", - "arn:aws:apigateway:*::/restapis/*/stages", - "arn:aws:apigateway:*::/restapis/*/stages/*", - "arn:aws:apigateway:*::/usageplans", - "arn:aws:apigateway:*::/usageplans/*", - "arn:aws:apigateway:*::/vpclinks", - "arn:aws:apigateway:*::/vpclinks/*" - ] - }, - { - "Sid": "AWSSupportDeleteRoleAccess", - "Action": [ - "iam:DeleteRole" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:iam::*:role/aws-service-role/support.amazonaws.com/AWSServiceRoleForSupport" - ] - }, - { - "Sid": "AWSSupportActionsGroup1", - "Action": [ - "access-analyzer:getAccessPreview", - "access-analyzer:getAnalyzedResource", - "access-analyzer:getAnalyzer", - "access-analyzer:getArchiveRule", - "access-analyzer:getFinding", - "access-analyzer:getGeneratedPolicy", - "access-analyzer:listAccessPreviewFindings", - "access-analyzer:listAccessPreviews", - "access-analyzer:listAnalyzedResources", - "access-analyzer:listAnalyzers", - "access-analyzer:listArchiveRules", - "access-analyzer:listFindings", - "access-analyzer:listPolicyGenerations", - "account:getRegionOptStatus", - "account:listRegions", - "acm-pca:describeCertificateAuthority", - "acm-pca:describeCertificateAuthorityAuditReport", - "acm-pca:getCertificate", - "acm-pca:getCertificateAuthorityCertificate", - "acm-pca:getCertificateAuthorityCsr", - "acm-pca:listCertificateAuthorities", - "acm-pca:listTags", - "acm:describeCertificate", - "acm:getAccountConfiguration", - "acm:getCertificate", - "acm:listCertificates", - "acm:listTagsForCertificate", - "aiops:getInvestigationGroup", - "aiops:getInvestigationGroupPolicy", - "aiops:listInvestigationGroups", - "airflow:getEnvironment", - "airflow:listEnvironments", - "airflow:listTagsForResource", - "amplify:getApp", - "amplify:getBackendEnvironment", - "amplify:getBranch", - "amplify:getDomainAssociation", - "amplify:getJob", - "amplify:getWebhook", - "amplify:listApps", - "amplify:listBackendEnvironments", - "amplify:listBranches", - "amplify:listDomainAssociations", - "amplify:listWebhooks", - "amplifyuibuilder:exportComponents", - "amplifyuibuilder:exportThemes", - "aoss:batchGetCollection", - "aoss:batchGetEffectiveLifecyclePolicy", - "aoss:batchGetLifecyclePolicy", - "aoss:batchGetVpcEndpoint", - "aoss:getAccessPolicy", - "aoss:getAccountSettings", - "aoss:getPoliciesStats", - "aoss:getSecurityConfig", - "aoss:getSecurityPolicy", - "aoss:listAccessPolicies", - "aoss:listCollections", - "aoss:listLifecyclePolicies", - "aoss:listSecurityConfigs", - "aoss:listSecurityPolicies", - "aoss:listTagsForResource", - "aoss:listVpcEndpoints", - "appconfig:getApplication", - "appconfig:getConfigurationProfile", - "appconfig:getDeployment", - "appconfig:getDeploymentStrategy", - "appconfig:getEnvironment", - "appconfig:getExtension", - "appconfig:getExtensionAssociation", - "appconfig:listApplications", - "appconfig:listConfigurationProfiles", - "appconfig:listDeployments", - "appconfig:listDeploymentStrategies", - "appconfig:listEnvironments", - "appconfig:listExtensionAssociations", - "appconfig:listExtensions", - "appconfig:listHostedConfigurationVersions", - "appflow:describeConnectorEntity", - "appflow:describeConnectorProfiles", - "appflow:describeConnectors", - "appflow:describeFlow", - "appflow:describeFlowExecutionRecords", - "appflow:listConnectorEntities", - "appflow:listFlows", - "application-autoscaling:describeScalableTargets", - "application-autoscaling:describeScalingActivities", - "application-autoscaling:describeScalingPolicies", - "application-autoscaling:describeScheduledActions", - "application-signals:getService", - "application-signals:getServiceLevelObjective", - "application-signals:listServiceDependencies", - "application-signals:listServiceDependents", - "application-signals:listServiceLevelObjectives", - "application-signals:listServiceOperations", - "application-signals:listServices", - "applicationinsights:describeApplication", - "applicationinsights:describeComponent", - "applicationinsights:describeComponentConfiguration", - "applicationinsights:describeComponentConfigurationRecommendation", - "applicationinsights:describeLogPattern", - "applicationinsights:describeObservation", - "applicationinsights:describeProblem", - "applicationinsights:describeProblemObservations", - "applicationinsights:listApplications", - "applicationinsights:listComponents", - "applicationinsights:listConfigurationHistory", - "applicationinsights:listLogPatterns", - "applicationinsights:listLogPatternSets", - "applicationinsights:listProblems", - "appmesh:describeGatewayRoute", - "appmesh:describeMesh", - "appmesh:describeRoute", - "appmesh:describeVirtualGateway", - "appmesh:describeVirtualNode", - "appmesh:describeVirtualRouter", - "appmesh:describeVirtualService", - "appmesh:listGatewayRoutes", - "appmesh:listMeshes", - "appmesh:listRoutes", - "appmesh:listTagsForResource", - "appmesh:listVirtualGateways", - "appmesh:listVirtualNodes", - "appmesh:listVirtualRouters", - "appmesh:listVirtualServices", - "apprunner:describeAutoScalingConfiguration", - "apprunner:describeCustomDomains", - "apprunner:describeObservabilityConfiguration", - "apprunner:describeOperation", - "apprunner:describeService", - "apprunner:describeVpcConnector", - "apprunner:describeVpcIngressConnection", - "apprunner:listAutoScalingConfigurations", - "apprunner:listConnections", - "apprunner:listObservabilityConfigurations", - "apprunner:listOperations", - "apprunner:listServices", - "apprunner:listTagsForResource", - "apprunner:listVpcConnectors", - "apprunner:listVpcIngressConnections", - "appstream:describeAppBlockBuilderAppBlockAssociations", - "appstream:describeAppBlockBuilders", - "appstream:describeAppBlocks", - "appstream:describeApplicationFleetAssociations", - "appstream:describeApplications", - "appstream:describeDirectoryConfigs", - "appstream:describeEntitlements", - "appstream:describeFleets", - "appstream:describeImageBuilders", - "appstream:describeImagePermissions", - "appstream:describeImages", - "appstream:describeSessions", - "appstream:describeStacks", - "appstream:describeUsageReportSubscriptions", - "appstream:describeUsers", - "appstream:describeUserStackAssociations", - "appstream:listAssociatedFleets", - "appstream:listAssociatedStacks", - "appstream:listEntitledApplications", - "appstream:listTagsForResource", - "appsync:getApi", - "appsync:getApiAssociation", - "appsync:getApiCache", - "appsync:getChannelNamespace", - "appsync:getDataSource", - "appsync:getDomainName", - "appsync:getFunction", - "appsync:getGraphqlApi", - "appsync:getIntrospectionSchema", - "appsync:getResolver", - "appsync:getSchemaCreationStatus", - "appsync:getSourceApiAssociation", - "appsync:getType", - "appsync:listApis", - "appsync:listChannelNamespaces", - "appsync:listDataSources", - "appsync:listDomainNames", - "appsync:listFunctions", - "appsync:listGraphqlApis", - "appsync:listResolvers", - "appsync:listResolversByFunction", - "appsync:listSourceApiAssociations", - "appsync:listTypes", - "appsync:listTypesByAssociation", - "aps:describeAlertManagerDefinition", - "aps:describeRuleGroupsNamespace", - "aps:describeScraper", - "aps:describeWorkspace", - "aps:listRuleGroupsNamespaces", - "aps:listScrapers", - "aps:listWorkspaces", - "athena:batchGetNamedQuery", - "athena:batchGetQueryExecution", - "athena:getCalculationExecution", - "athena:getCalculationExecutionStatus", - "athena:getCapacityAssignmentConfiguration", - "athena:getCapacityReservation", - "athena:getDataCatalog", - "athena:getNamedQuery", - "athena:getNotebookMetadata", - "athena:getQueryExecution", - "athena:getQueryRuntimeStatistics", - "athena:getSession", - "athena:getSessionStatus", - "athena:getWorkGroup", - "athena:listApplicationDPUSizes", - "athena:listCalculationExecutions", - "athena:listCapacityReservations", - "athena:listDataCatalogs", - "athena:listEngineVersions", - "athena:listExecutors", - "athena:listNamedQueries", - "athena:listNotebookMetadata", - "athena:listNotebookSessions", - "athena:listQueryExecutions", - "athena:listSessions", - "athena:listTagsForResource", - "athena:listWorkGroups", - "auditmanager:getAccountStatus", - "auditmanager:getDelegations", - "auditmanager:listAssessmentFrameworks", - "auditmanager:listAssessmentReports", - "auditmanager:listAssessments", - "auditmanager:listControls", - "auditmanager:listKeywordsForDataSource", - "auditmanager:listNotifications", - "autoscaling-plans:describeScalingPlanResources", - "autoscaling-plans:describeScalingPlans", - "autoscaling-plans:getScalingPlanResourceForecastData", - "autoscaling:describeAccountLimits", - "autoscaling:describeAdjustmentTypes", - "autoscaling:describeAutoScalingGroups", - "autoscaling:describeAutoScalingInstances", - "autoscaling:describeAutoScalingNotificationTypes", - "autoscaling:describeInstanceRefreshes", - "autoscaling:describeLaunchConfigurations", - "autoscaling:describeLifecycleHooks", - "autoscaling:describeLifecycleHookTypes", - "autoscaling:describeLoadBalancers", - "autoscaling:describeLoadBalancerTargetGroups", - "autoscaling:describeMetricCollectionTypes", - "autoscaling:describeNotificationConfigurations", - "autoscaling:describePolicies", - "autoscaling:describeScalingActivities", - "autoscaling:describeScalingProcessTypes", - "autoscaling:describeScheduledActions", - "autoscaling:describeTags", - "autoscaling:describeTerminationPolicyTypes", - "autoscaling:describeTrafficSources", - "autoscaling:describeWarmPool", - "backup-gateway:getBandwidthRateLimitSchedule", - "backup-gateway:getGateway", - "backup-gateway:getHypervisor", - "backup-gateway:getHypervisorPropertyMappings", - "backup-gateway:getVirtualMachine", - "backup-gateway:listGateways", - "backup-gateway:listHypervisors", - "backup-gateway:listVirtualMachines", - "backup-search:listSearchJobBackups", - "backup-search:listSearchJobs", - "backup:describeBackupJob", - "backup:describeBackupVault", - "backup:describeCopyJob", - "backup:describeFramework", - "backup:describeGlobalSettings", - "backup:describeProtectedResource", - "backup:describeRecoveryPoint", - "backup:describeRegionSettings", - "backup:describeReportJob", - "backup:describeReportPlan", - "backup:describeRestoreJob", - "backup:getBackupPlan", - "backup:getBackupPlanFromJSON", - "backup:getBackupPlanFromTemplate", - "backup:getBackupSelection", - "backup:getBackupVaultAccessPolicy", - "backup:getBackupVaultNotifications", - "backup:getLegalHold", - "backup:getRecoveryPointRestoreMetadata", - "backup:getRecoveryPointIndexDetails", - "backup:getRestoreJobMetadata", - "backup:getRestoreTestingInferredMetadata", - "backup:getRestoreTestingPlan", - "backup:getRestoreTestingSelection", - "backup:getSupportedResourceTypes", - "backup:listBackupJobs", - "backup:listBackupPlans", - "backup:listBackupPlanTemplates", - "backup:listBackupPlanVersions", - "backup:listBackupSelections", - "backup:listBackupVaults", - "backup:listCopyJobs", - "backup:listFrameworks", - "backup:listIndexedRecoveryPoints", - "backup:listLegalHolds", - "backup:listProtectedResources", - "backup:listRecoveryPointsByBackupVault", - "backup:listRecoveryPointsByLegalHold", - "backup:listRecoveryPointsByResource", - "backup:listReportJobs", - "backup:listReportPlans", - "backup:listRestoreJobs", - "backup:listRestoreJobsByProtectedResource", - "backup:listRestoreTestingPlans", - "backup:listRestoreTestingSelections", - "backup:listTags", - "batch:describeComputeEnvironments", - "batch:describeJobDefinitions", - "batch:describeJobQueues", - "batch:describeJobs", - "batch:describeSchedulingPolicies", - "batch:listJobs", - "bedrock:getAgent", - "bedrock:getAgentActionGroup", - "bedrock:getAgentAlias", - "bedrock:getAgentKnowledgeBase", - "bedrock:getAgentVersion", - "bedrock:getCustomModel", - "bedrock:getDataSource", - "bedrock:getEvaluationJob", - "bedrock:getFlow", - "bedrock:getFlowAlias", - "bedrock:getFlowVersion", - "bedrock:getFoundationModel", - "bedrock:getGuardrail", - "bedrock:getImportedModel", - "bedrock:getInferenceProfile", - "bedrock:getIngestionJob", - "bedrock:getKnowledgeBase", - "bedrock:getMarketplaceModelEndpoint", - "bedrock:getModelCopyJob", - "bedrock:getModelCustomizationJob", - "bedrock:getModelImportJob", - "bedrock:getModelInvocationJob", - "bedrock:getModelInvocationLoggingConfiguration", - "bedrock:getPrompt", - "bedrock:getPromptRouter", - "bedrock:getProvisionedModelThroughput", - "bedrock:listAgentActionGroups", - "bedrock:listAgentAliases", - "bedrock:listAgentKnowledgeBases", - "bedrock:listAgents", - "bedrock:listAgentVersions", - "bedrock:listCustomModels", - "bedrock:listDataSources", - "bedrock:listEvaluationJobs", - "bedrock:listFlowAliases", - "bedrock:listFlows", - "bedrock:listFlowVersions", - "bedrock:listFoundationModels", - "bedrock:listGuardrails", - "bedrock:listImportedModels", - "bedrock:listInferenceProfiles", - "bedrock:listIngestionJobs", - "bedrock:listKnowledgeBases", - "bedrock:listMarketplaceModelEndpoints", - "bedrock:listModelCopyJobs", - "bedrock:listModelCustomizationJobs", - "bedrock:listModelImportJobs", - "bedrock:listModelInvocationJobs", - "bedrock:listPromptRouters", - "bedrock:listPrompts", - "bedrock:listProvisionedModelThroughputs", - "braket:getDevice", - "braket:getQuantumTask", - "braket:searchDevices", - "braket:searchQuantumTasks", - "budgets:viewBudget", - "ce:getCostAndUsage", - "ce:getCostAndUsageWithResources", - "ce:getCostForecast", - "ce:getDimensionValues", - "ce:getReservationCoverage", - "ce:getReservationPurchaseRecommendation", - "ce:getReservationUtilization", - "ce:getRightsizingRecommendation", - "ce:getSavingsPlansCoverage", - "ce:getSavingsPlansPurchaseRecommendation", - "ce:getSavingsPlansUtilization", - "ce:getSavingsPlansUtilizationDetails", - "ce:getTags", - "chime:describeAppInstance", - "chime:getAttendee", - "chime:getGlobalSettings", - "chime:getMediaCapturePipeline", - "chime:getMediaPipeline", - "chime:getMeeting", - "chime:getProxySession", - "chime:getSipMediaApplication", - "chime:getSipRule", - "chime:getVoiceConnector", - "chime:getVoiceConnectorGroup", - "chime:getVoiceConnectorLoggingConfiguration", - "chime:listAppInstances", - "chime:listAttendees", - "chime:listChannelBans", - "chime:listChannels", - "chime:listChannelsModeratedByAppInstanceUser", - "chime:listMediaCapturePipelines", - "chime:listMediaPipelines", - "chime:listMeetings", - "chime:listSipMediaApplications", - "chime:listSipRules", - "chime:listVoiceConnectorGroups", - "chime:listVoiceConnectors", - "cleanrooms:batchGetCollaborationAnalysisTemplate", - "cleanrooms:batchGetSchema", - "cleanrooms:getAnalysisTemplate", - "cleanrooms:getCollaboration", - "cleanrooms:getCollaborationAnalysisTemplate", - "cleanrooms:getConfiguredTable", - "cleanrooms:getConfiguredTableAssociation", - "cleanrooms:getMembership", - "cleanrooms:getSchema", - "cleanrooms:listAnalysisTemplates", - "cleanrooms:listCollaborationAnalysisTemplates", - "cleanrooms:listCollaborations", - "cleanrooms:listConfiguredTableAssociations", - "cleanrooms:listConfiguredTables", - "cleanrooms:listMembers", - "cleanrooms:listMemberships", - "cleanrooms:listSchemas", - "cloud9:describeEnvironmentMemberships", - "cloud9:describeEnvironments", - "cloud9:listEnvironments", - "clouddirectory:getDirectory", - "clouddirectory:listDirectories", - "cloudformation:batchDescribeTypeConfigurations", - "cloudformation:describeAccountLimits", - "cloudformation:describeChangeSet", - "cloudformation:describeChangeSetHooks", - "cloudformation:describePublisher", - "cloudformation:describeStackDriftDetectionStatus", - "cloudformation:describeStackEvents", - "cloudformation:describeStackInstance", - "cloudformation:describeStackResource", - "cloudformation:describeStackResourceDrifts", - "cloudformation:describeStackResources", - "cloudformation:describeStacks", - "cloudformation:describeStackSet", - "cloudformation:describeStackSetOperation", - "cloudformation:describeType", - "cloudformation:describeTypeRegistration", - "cloudformation:estimateTemplateCost", - "cloudformation:getResource", - "cloudformation:getStackPolicy", - "cloudformation:getTemplate", - "cloudformation:getTemplateSummary", - "cloudformation:listChangeSets", - "cloudformation:listExports", - "cloudformation:listImports", - "cloudformation:listResources", - "cloudformation:listStackInstances", - "cloudformation:listStackResources", - "cloudformation:listStacks", - "cloudformation:listStackSetOperationResults", - "cloudformation:listStackSetOperations", - "cloudformation:listStackSets", - "cloudformation:listTypeRegistrations", - "cloudformation:listTypes", - "cloudformation:listTypeVersions", - "cloudfront:describeFunction", - "cloudfront:describeKeyValueStore", - "cloudfront:getAnycastIpList", - "cloudfront:getCachePolicy", - "cloudfront:getCachePolicyConfig", - "cloudfront:getCloudFrontOriginAccessIdentity", - "cloudfront:getCloudFrontOriginAccessIdentityConfig", - "cloudfront:getContinuousDeploymentPolicy", - "cloudfront:getContinuousDeploymentPolicyConfig", - "cloudfront:getDistribution", - "cloudfront:getDistributionConfig", - "cloudfront:getInvalidation", - "cloudfront:getKeyGroup", - "cloudfront:getKeyGroupConfig", - "cloudfront:getMonitoringSubscription", - "cloudfront:getOriginAccessControl", - "cloudfront:getOriginAccessControlConfig", - "cloudfront:getOriginRequestPolicy", - "cloudfront:getOriginRequestPolicyConfig", - "cloudfront:getPublicKey", - "cloudfront:getPublicKeyConfig", - "cloudfront:getRealtimeLogConfig", - "cloudfront:getResponseHeadersPolicy", - "cloudfront:getResponseHeadersPolicyConfig", - "cloudfront:getStreamingDistribution", - "cloudfront:getStreamingDistributionConfig", - "cloudfront:getVpcOrigin", - "cloudfront:listAnycastIpLists", - "cloudfront:listCachePolicies", - "cloudfront:listCloudFrontOriginAccessIdentities", - "cloudfront:listConflictingAliases", - "cloudfront:listContinuousDeploymentPolicies", - "cloudfront:listDistributions", - "cloudfront:listDistributionsByAnycastIpListId", - "cloudfront:listDistributionsByCachePolicyId", - "cloudfront:listDistributionsByKeyGroup", - "cloudfront:listDistributionsByOriginRequestPolicyId", - "cloudfront:listDistributionsByRealtimeLogConfig", - "cloudfront:listDistributionsByResponseHeadersPolicyId", - "cloudfront:listDistributionsByVpcOriginId", - "cloudfront:listDistributionsByWebACLId", - "cloudfront:listFunctions", - "cloudfront:listInvalidations", - "cloudfront:listKeyGroups", - "cloudfront:listKeyValueStores", - "cloudfront:listOriginAccessControls", - "cloudfront:listOriginRequestPolicies", - "cloudfront:listPublicKeys", - "cloudfront:listRealtimeLogConfigs", - "cloudfront:listResponseHeadersPolicies", - "cloudfront:listStreamingDistributions", - "cloudfront:listVpcOrigins", - "cloudhsm:describeBackups", - "cloudhsm:describeClusters", - "cloudsearch:describeAnalysisSchemes", - "cloudsearch:describeAvailabilityOptions", - "cloudsearch:describeDomains", - "cloudsearch:describeExpressions", - "cloudsearch:describeIndexFields", - "cloudsearch:describeScalingParameters", - "cloudsearch:describeServiceAccessPolicies", - "cloudsearch:describeSuggesters", - "cloudsearch:listDomainNames", - "cloudtrail:describeTrails", - "cloudtrail:getEventSelectors", - "cloudtrail:getInsightSelectors", - "cloudtrail:getTrail", - "cloudtrail:getTrailStatus", - "cloudtrail:listPublicKeys", - "cloudtrail:listTags", - "cloudtrail:listTrails", - "cloudtrail:lookupEvents", - "cloudwatch:describeAlarmHistory", - "cloudwatch:describeAlarms", - "cloudwatch:describeAlarmsForMetric", - "cloudwatch:describeAnomalyDetectors", - "cloudwatch:describeInsightRules", - "cloudwatch:getDashboard", - "cloudwatch:getInsightRuleReport", - "cloudwatch:getMetricData", - "cloudwatch:getMetricStatistics", - "cloudwatch:getMetricStream", - "cloudWatch:getMetricWidgetImage", - "cloudwatch:listDashboards", - "cloudwatch:listManagedInsightRules", - "cloudwatch:listMetrics", - "cloudwatch:listMetricStreams", - "codeartifact:describeDomain", - "codeartifact:describePackageVersion", - "codeartifact:describeRepository", - "codeartifact:getDomainPermissionsPolicy", - "codeartifact:getRepositoryEndpoint", - "codeartifact:getRepositoryPermissionsPolicy", - "codeartifact:listDomains", - "codeartifact:listPackages", - "codeartifact:listPackageVersionAssets", - "codeartifact:listPackageVersions", - "codeartifact:listRepositories", - "codeartifact:listRepositoriesInDomain", - "codebuild:batchGetBuildBatches", - "codebuild:batchGetBuilds", - "codebuild:batchGetFleets", - "codebuild:batchGetProjects", - "codebuild:listBuildBatches", - "codebuild:listBuildBatchesForProject", - "codebuild:listBuilds", - "codebuild:listBuildsForProject", - "codebuild:listCuratedEnvironmentImages", - "codebuild:listFleets", - "codebuild:listProjects", - "codebuild:listSourceCredentials", - "codecommit:batchGetRepositories", - "codecommit:getBranch", - "codecommit:getRepository", - "codecommit:getRepositoryTriggers", - "codecommit:listBranches", - "codecommit:listRepositories", - "codeconnections:getConnection", - "codeconnections:getHost", - "codeconnections:getRepositoryLink", - "codeconnections:getRepositorySyncStatus", - "codeconnections:getResourceSyncStatus", - "codeconnections:getSyncBlockerSummary", - "codeconnections:getSyncConfiguration", - "codeconnections:listConnections", - "codeconnections:listHosts", - "codeconnections:listRepositoryLinks", - "codeconnections:listRepositorySyncDefinitions", - "codeconnections:listSyncConfigurations", - "codedeploy:batchGetApplicationRevisions", - "codedeploy:batchGetApplications", - "codedeploy:batchGetDeploymentGroups", - "codedeploy:batchGetDeploymentInstances", - "codedeploy:batchGetDeployments", - "codedeploy:batchGetDeploymentTargets", - "codedeploy:batchGetOnPremisesInstances", - "codedeploy:getApplication", - "codedeploy:getApplicationRevision", - "codedeploy:getDeployment", - "codedeploy:getDeploymentConfig", - "codedeploy:getDeploymentGroup", - "codedeploy:getDeploymentInstance", - "codedeploy:getDeploymentTarget", - "codedeploy:getOnPremisesInstance", - "codedeploy:listApplicationRevisions", - "codedeploy:listApplications", - "codedeploy:listDeploymentConfigs", - "codedeploy:listDeploymentGroups", - "codedeploy:listDeploymentInstances", - "codedeploy:listDeployments", - "codedeploy:listDeploymentTargets", - "codedeploy:listGitHubAccountTokenNames", - "codedeploy:listOnPremisesInstances", - "codepipeline:getJobDetails", - "codepipeline:getPipeline", - "codepipeline:getPipelineExecution", - "codepipeline:getPipelineState", - "codepipeline:listActionExecutions", - "codepipeline:listActionTypes", - "codepipeline:listPipelineExecutions", - "codepipeline:listPipelines", - "codepipeline:listRuleExecutions", - "codepipeline:listWebhooks", - "codestar-connections:getConnection", - "codestar-connections:getHost", - "codestar-connections:listConnections", - "codestar-connections:listHosts", - "codestar:describeProject", - "codestar:listProjects", - "codestar:listResources", - "codestar:listTeamMembers", - "codestar:listUserProfiles", - "cognito-identity:describeIdentity", - "cognito-identity:describeIdentityPool", - "cognito-identity:getIdentityPoolAnalytics", - "cognito-identity:getIdentityPoolDailyAnalytics", - "cognito-identity:getIdentityPoolRoles", - "cognito-identity:getIdentityProviderDailyAnalytics", - "cognito-identity:listIdentities", - "cognito-identity:listIdentityPools", - "cognito-identity:lookupDeveloperIdentity", - "cognito-idp:describeIdentityProvider", - "cognito-idp:describeResourceServer", - "cognito-idp:describeRiskConfiguration", - "cognito-idp:describeUserImportJob", - "cognito-idp:describeUserPool", - "cognito-idp:describeUserPoolClient", - "cognito-idp:describeUserPoolDomain", - "cognito-idp:getCSVHeader", - "cognito-idp:getGroup", - "cognito-idp:getLogDeliveryConfiguration", - "cognito-idp:getUICustomization", - "cognito-idp:getUserPoolMfaConfig", - "cognito-idp:listGroups", - "cognito-idp:listIdentityProviders", - "cognito-idp:listResourceServers", - "cognito-idp:listUserImportJobs", - "cognito-idp:listUserPoolClients", - "cognito-idp:listUserPools", - "cognito-sync:describeDataset", - "cognito-sync:describeIdentityPoolUsage", - "cognito-sync:describeIdentityUsage", - "cognito-sync:getCognitoEvents", - "cognito-sync:getIdentityPoolConfiguration", - "cognito-sync:listDatasets", - "cognito-sync:listIdentityPoolUsage", - "comprehend:describeDocumentClassificationJob", - "comprehend:describeDocumentClassifier", - "comprehend:describeDominantLanguageDetectionJob", - "comprehend:describeEndpoint", - "comprehend:describeEntitiesDetectionJob", - "comprehend:describeEntityRecognizer", - "comprehend:describeEventsDetectionJob", - "comprehend:describeFlywheel", - "comprehend:describeFlywheelIteration", - "comprehend:describeKeyPhrasesDetectionJob", - "comprehend:describePiiEntitiesDetectionJob", - "comprehend:describeSentimentDetectionJob", - "comprehend:describeTargetedSentimentDetectionJob", - "comprehend:describeTopicsDetectionJob", - "comprehend:listDocumentClassificationJobs", - "comprehend:listDocumentClassifiers", - "comprehend:listDominantLanguageDetectionJobs", - "comprehend:listEndpoints", - "comprehend:listEntitiesDetectionJobs", - "comprehend:listEntityRecognizers", - "comprehend:listEventsDetectionJobs", - "comprehend:listFlywheelIterationHistory", - "comprehend:listFlywheels", - "comprehend:listKeyPhrasesDetectionJobs", - "comprehend:listPiiEntitiesDetectionJobs", - "comprehend:listSentimentDetectionJobs", - "comprehend:listTargetedSentimentDetectionJobs", - "comprehend:listTopicsDetectionJobs", - "compute-optimizer:getAutoScalingGroupRecommendations", - "compute-optimizer:getEBSVolumeRecommendations", - "compute-optimizer:getEC2InstanceRecommendations", - "compute-optimizer:getEC2RecommendationProjectedMetrics", - "compute-optimizer:getECSServiceRecommendationProjectedMetrics", - "compute-optimizer:getECSServiceRecommendations", - "compute-optimizer:getEnrollmentStatus", - "compute-optimizer:getRecommendationSummaries", - "config:batchGetAggregateResourceConfig", - "config:batchGetResourceConfig", - "config:describeAggregateComplianceByConfigRules", - "config:describeAggregationAuthorizations", - "config:describeComplianceByConfigRule", - "config:describeComplianceByResource", - "config:describeConfigRuleEvaluationStatus", - "config:describeConfigRules", - "config:describeConfigurationAggregators", - "config:describeConfigurationAggregatorSourcesStatus", - "config:describeConfigurationRecorders", - "config:describeConfigurationRecorderStatus", - "config:describeConformancePackCompliance", - "config:describeConformancePacks", - "config:describeConformancePackStatus", - "config:describeDeliveryChannels", - "config:describeDeliveryChannelStatus", - "config:describeOrganizationConfigRules", - "config:describeOrganizationConfigRuleStatuses", - "config:describeOrganizationConformancePacks", - "config:describeOrganizationConformancePackStatuses", - "config:describePendingAggregationRequests", - "config:describeRemediationConfigurations", - "config:describeRemediationExceptions", - "config:describeRemediationExecutionStatus", - "config:describeRetentionConfigurations", - "config:getAggregateComplianceDetailsByConfigRule", - "config:getAggregateConfigRuleComplianceSummary", - "config:getAggregateDiscoveredResourceCounts", - "config:getAggregateResourceConfig", - "config:getComplianceDetailsByConfigRule", - "config:getComplianceDetailsByResource", - "config:getComplianceSummaryByConfigRule", - "config:getComplianceSummaryByResourceType", - "config:getConformancePackComplianceDetails", - "config:getConformancePackComplianceSummary", - "config:getDiscoveredResourceCounts", - "config:getOrganizationConfigRuleDetailedStatus", - "config:getOrganizationConformancePackDetailedStatus", - "config:getResourceConfigHistory", - "config:listAggregateDiscoveredResources", - "config:listDiscoveredResources", - "config:listTagsForResource", - "config:selectAggregateResourceConfig", - "config:selectResourceConfig", - "connect:describeContact", - "connect:describePhoneNumber", - "connect:describeQueue", - "connect:describeQuickConnect", - "connect:describeRoutingProfile", - "connect:describeUser", - "connect:describeUserHierarchyStructure", - "connect:getCurrentMetricData", - "connect:getMetricData", - "connect:getMetricDataV2", - "connect:listContactEvaluations", - "connect:listEvaluationForms", - "connect:listEvaluationFormVersions", - "connect:listPhoneNumbersV2", - "connect:listQueueQuickConnects", - "connect:listQueues", - "connect:listQuickConnects", - "connect:listRoutingProfileQueues", - "connect:listRoutingProfiles", - "connect:listSecurityProfiles", - "connect:listUsers", - "connect:listViews", - "connect:listViewVersions", - "connect:searchQueues", - "connect:searchRoutingProfiles", - "connect:searchUsers", - "controltower:describeAccountFactoryConfig", - "controltower:describeCoreService", - "controltower:describeGuardrail", - "controltower:describeGuardrailForTarget", - "controltower:describeManagedAccount", - "controltower:describeSingleSignOn", - "controltower:getAvailableUpdates", - "controltower:getHomeRegion", - "controltower:getLandingZone", - "controltower:getLandingZoneStatus", - "controltower:listDirectoryGroups", - "controltower:listEnabledControls", - "controltower:listGuardrailsForTarget", - "controltower:listGuardrailViolations", - "controltower:listLandingZones", - "controltower:listManagedAccounts", - "controltower:listManagedAccountsForGuardrail", - "controltower:listManagedAccountsForParent", - "controltower:listManagedOrganizationalUnits", - "controltower:listManagedOrganizationalUnitsForGuardrail", - "cost-optimization-hub:getPreferences", - "cost-optimization-hub:getRecommendation", - "cost-optimization-hub:listEnrollmentStatuses", - "cost-optimization-hub:listRecommendations", - "cost-optimization-hub:listRecommendationSummaries", - "databrew:describeDataset", - "databrew:describeJob", - "databrew:describeProject", - "databrew:describeRecipe", - "databrew:listDatasets", - "databrew:listJobRuns", - "databrew:listJobs", - "databrew:listProjects", - "databrew:listRecipes", - "databrew:listRecipeVersions", - "databrew:listTagsForResource", - "datapipeline:describeObjects", - "datapipeline:describePipelines", - "datapipeline:getPipelineDefinition", - "datapipeline:listPipelines", - "datapipeline:queryObjects", - "datasync:describeAgent", - "datasync:describeLocationAzureBlob", - "datasync:describeLocationEfs", - "datasync:describeLocationFsxLustre", - "datasync:describeLocationFsxOntap", - "datasync:describeLocationFsxOpenZfs", - "datasync:describeLocationFsxWindows", - "datasync:describeLocationHdfs", - "datasync:describeLocationNfs", - "datasync:describeLocationObjectStorage", - "datasync:describeLocationS3", - "datasync:describeLocationSmb", - "datasync:describeTask", - "datasync:describeTaskExecution", - "datasync:listAgents", - "datasync:listLocations", - "datasync:listTaskExecutions", - "datasync:listTasks", - "datazone:getAsset", - "datazone:getAssetType", - "datazone:getDataSource", - "datazone:getDataSourceRun", - "datazone:getDomain", - "datazone:getEnvironment", - "datazone:getEnvironmentBlueprint", - "datazone:getEnvironmentBlueprintConfiguration", - "datazone:getEnvironmentProfile", - "datazone:getFormType", - "datazone:getGlossary", - "datazone:getGlossaryTerm", - "datazone:getGroupProfile", - "datazone:getListing", - "datazone:getMetadataGenerationRun", - "datazone:getProject", - "datazone:getSubscription", - "datazone:getSubscriptionGrant", - "datazone:getSubscriptionRequestDetails", - "datazone:getSubscriptionTarget", - "datazone:getUserProfile", - "datazone:listAssetRevisions", - "datazone:listDataSourceRunActivities", - "datazone:listDataSourceRuns", - "datazone:listDataSources", - "datazone:listDomains", - "datazone:listEnvironmentBlueprintConfigurations", - "datazone:listEnvironmentBlueprints", - "datazone:listEnvironmentProfiles", - "datazone:listEnvironments", - "datazone:listMetadataGenerationRuns", - "datazone:listProjectMemberships", - "datazone:listProjects", - "datazone:listSubscriptionGrants", - "datazone:listSubscriptionRequests", - "datazone:listSubscriptions", - "datazone:listSubscriptionTargets", - "datazone:searchGroupProfiles", - "datazone:searchUserProfiles", - "dax:describeClusters", - "dax:describeDefaultParameters", - "dax:describeEvents", - "dax:describeParameterGroups", - "dax:describeParameters", - "dax:describeSubnetGroups", - "deadline:listAvailableMeteredProducts", - "deadline:listBudgets", - "deadline:listFarmMembers", - "deadline:listFarms", - "deadline:listFleetMembers", - "deadline:listFleets", - "deadline:listJobMembers", - "deadline:listJobs", - "deadline:listLicenseEndpoints", - "deadline:listMeteredProducts", - "deadline:listMonitors", - "deadline:listQueueEnvironments", - "deadline:listQueueFleetAssociations", - "deadline:listQueueMembers", - "deadline:listQueues", - "deadline:listStorageProfiles", - "deadline:listWorkers", - "detective:getMembers", - "detective:listGraphs", - "detective:listInvitations", - "detective:listMembers", - "devicefarm:getAccountSettings", - "devicefarm:getDevice", - "devicefarm:getDevicePool", - "devicefarm:getDevicePoolCompatibility", - "devicefarm:getJob", - "devicefarm:getProject", - "devicefarm:getRemoteAccessSession", - "devicefarm:getRun", - "devicefarm:getSuite", - "devicefarm:getTest", - "devicefarm:getTestGridProject", - "devicefarm:getTestGridSession", - "devicefarm:getUpload", - "devicefarm:listArtifacts", - "devicefarm:listDevicePools", - "devicefarm:listDevices", - "devicefarm:listJobs", - "devicefarm:listProjects", - "devicefarm:listRemoteAccessSessions", - "devicefarm:listRuns", - "devicefarm:listSamples", - "devicefarm:listSuites", - "devicefarm:listTestGridProjects", - "devicefarm:listTestGridSessionActions", - "devicefarm:listTestGridSessionArtifacts", - "devicefarm:listTestGridSessions", - "devicefarm:listTests", - "devicefarm:listUniqueProblems", - "devicefarm:listUploads", - "directconnect:describeConnectionLoa", - "directconnect:describeConnections", - "directconnect:describeConnectionsOnInterconnect", - "directconnect:describeCustomerMetadata", - "directconnect:describeDirectConnectGatewayAssociationProposals", - "directconnect:describeDirectConnectGatewayAssociations", - "directconnect:describeDirectConnectGatewayAttachments", - "directconnect:describeDirectConnectGateways", - "directconnect:describeHostedConnections", - "directconnect:describeInterconnectLoa", - "directconnect:describeInterconnects", - "directconnect:describeLags", - "directconnect:describeLoa", - "directconnect:describeLocations", - "directconnect:describeRouterConfiguration", - "directconnect:describeVirtualGateways", - "directconnect:describeVirtualInterfaces", - "directconnect:listVirtualInterfaceTestHistory", - "dlm:getLifecyclePolicies", - "dlm:getLifecyclePolicy", - "dms:describeAccountAttributes", - "dms:describeApplicableIndividualAssessments", - "dms:describeConnections", - "dms:describeEndpoints", - "dms:describeEndpointSettings", - "dms:describeEndpointTypes", - "dms:describeEventCategories", - "dms:describeEvents", - "dms:describeEventSubscriptions", - "dms:describeFleetAdvisorCollectors", - "dms:describeFleetAdvisorDatabases", - "dms:describeFleetAdvisorLsaAnalysis", - "dms:describeFleetAdvisorSchemaObjectSummary", - "dms:describeFleetAdvisorSchemas", - "dms:describeOrderableReplicationInstances", - "dms:describePendingMaintenanceActions", - "dms:describeRefreshSchemasStatus", - "dms:describeReplicationInstances", - "dms:describeReplicationInstanceTaskLogs", - "dms:describeReplicationSubnetGroups", - "dms:describeReplicationTaskAssessmentResults", - "dms:describeReplicationTaskAssessmentRuns", - "dms:describeReplicationTaskIndividualAssessments", - "dms:describeReplicationTasks", - "dms:describeSchemas", - "dms:describeTableStatistics", - "docdb-elastic:getCluster", - "docdb-elastic:getClusterSnapshot", - "docdb-elastic:listClusters", - "docdb-elastic:listClusterSnapshots", - "drs:describeJobLogItems", - "drs:describeJobs", - "drs:describeLaunchConfigurationTemplates", - "drs:describeRecoveryInstances", - "drs:describeRecoverySnapshots", - "drs:describeReplicationConfigurationTemplates", - "drs:describeSourceNetworks", - "drs:describeSourceServers", - "drs:getLaunchConfiguration", - "drs:getReplicationConfiguration", - "drs:listExtensibleSourceServers", - "drs:listLaunchActions", - "drs:listStagingAccounts", - "ds:describeClientAuthenticationSettings", - "ds:describeConditionalForwarders", - "ds:describeDirectories", - "ds:describeDomainControllers", - "ds:describeEventTopics", - "ds:describeHybridADUpdate", - "ds:describeLDAPSSettings", - "ds:describeSharedDirectories", - "ds:describeSnapshots", - "ds:describeTrusts", - "ds:getDirectoryLimits", - "ds:getSnapshotLimits", - "ds:listIpRoutes", - "ds:listSchemaExtensions", - "ds:listTagsForResource", - "dynamodb:describeBackup", - "dynamodb:describeContinuousBackups", - "dynamodb:describeContributorInsights", - "dynamodb:describeExport", - "dynamodb:describeGlobalTable", - "dynamodb:describeImport", - "dynamodb:describeKinesisStreamingDestination", - "dynamodb:describeLimits", - "dynamodb:describeStream", - "dynamodb:describeTable", - "dynamodb:describeTimeToLive", - "dynamodb:getResourcePolicy", - "dynamodb:listBackups", - "dynamodb:listContributorInsights", - "dynamodb:listExports", - "dynamodb:listGlobalTables", - "dynamodb:listImports", - "dynamodb:listStreams", - "dynamodb:listTables", - "dynamodb:listTagsOfResource", - "ec2:describeAccountAttributes", - "ec2:describeAddresses", - "ec2:describeAddressesAttribute", - "ec2:describeAddressTransfers", - "ec2:describeAggregateIdFormat", - "ec2:describeAvailabilityZones", - "ec2:describeBundleTasks", - "ec2:describeByoipCidrs", - "ec2:describeCapacityBlockOfferings", - "ec2:describeCapacityReservationFleets", - "ec2:describeCapacityReservations", - "ec2:describeCarrierGateways", - "ec2:describeClassicLinkInstances", - "ec2:describeClientVpnAuthorizationRules", - "ec2:describeClientVpnConnections", - "ec2:describeClientVpnEndpoints", - "ec2:describeClientVpnRoutes", - "ec2:describeClientVpnTargetNetworks", - "ec2:describeCoipPools", - "ec2:describeConversionTasks", - "ec2:describeCustomerGateways", - "ec2:describeDhcpOptions", - "ec2:describeEgressOnlyInternetGateways", - "ec2:describeExportImageTasks", - "ec2:describeExportTasks", - "ec2:describeFastLaunchImages", - "ec2:describeFastSnapshotRestores", - "ec2:describeFleetHistory", - "ec2:describeFleetInstances", - "ec2:describeFleets", - "ec2:describeFlowLogs", - "ec2:describeFpgaImageAttribute", - "ec2:describeFpgaImages", - "ec2:describeHostReservationOfferings", - "ec2:describeHostReservations", - "ec2:describeHosts", - "ec2:describeIamInstanceProfileAssociations", - "ec2:describeIdentityIdFormat", - "ec2:describeIdFormat", - "ec2:describeImageAttribute", - "ec2:describeImages", - "ec2:describeImportImageTasks", - "ec2:describeImportSnapshotTasks", - "ec2:describeInstanceAttribute", - "ec2:describeInstanceConnectEndpoints", - "ec2:describeInstanceCreditSpecifications", - "ec2:describeInstanceEventNotificationAttributes", - "ec2:describeInstanceEventWindows", - "ec2:describeInstances", - "ec2:describeInstanceStatus", - "ec2:describeInstanceTypeOfferings", - "ec2:describeInstanceTypes", - "ec2:describeInternetGateways", - "ec2:describeIpamByoasn", - "ec2:describeIpamExternalResourceVerificationTokens", - "ec2:describeIpamPools", - "ec2:describeIpamResourceDiscoveries", - "ec2:describeIpamResourceDiscoveryAssociations", - "ec2:describeIpams", - "ec2:describeIpamScopes", - "ec2:describeIpv6Pools", - "ec2:describeKeyPairs", - "ec2:describeLaunchTemplates", - "ec2:describeLaunchTemplateVersions", - "ec2:describeLocalGatewayRouteTables", - "ec2:describeLocalGatewayRouteTableVirtualInterfaceGroupAssociations", - "ec2:describeLocalGatewayRouteTableVpcAssociations", - "ec2:describeLocalGateways", - "ec2:describeLocalGatewayVirtualInterfaceGroups", - "ec2:describeLocalGatewayVirtualInterfaces", - "ec2:describeManagedPrefixLists", - "ec2:describeMovingAddresses", - "ec2:describeNatGateways", - "ec2:describeNetworkAcls", - "ec2:describeNetworkInsightsAccessScopeAnalyses", - "ec2:describeNetworkInsightsAccessScopes", - "ec2:describeNetworkInsightsAnalyses", - "ec2:describeNetworkInsightsPaths", - "ec2:describeNetworkInterfaceAttribute", - "ec2:describeNetworkInterfaces", - "ec2:describePlacementGroups", - "ec2:describePrefixLists", - "ec2:describePrincipalIdFormat", - "ec2:describePublicIpv4Pools", - "ec2:describeRegions", - "ec2:describeReplaceRootVolumeTasks", - "ec2:describeReservedInstances", - "ec2:describeReservedInstancesListings", - "ec2:describeReservedInstancesModifications", - "ec2:describeReservedInstancesOfferings", - "ec2:describeRouteServerEndpoints", - "ec2:describeRouteServerPeers", - "ec2:describeRouteServers", - "ec2:describeRouteTables", - "ec2:describeScheduledInstanceAvailability", - "ec2:describeScheduledInstances", - "ec2:describeSecurityGroupReferences", - "ec2:describeSecurityGroupRules", - "ec2:describeSecurityGroups", - "ec2:describeServiceLinkVirtualInterfaces", - "ec2:describeSnapshotAttribute", - "ec2:describeSnapshots", - "ec2:describeSnapshotTierStatus", - "ec2:describeSpotDatafeedSubscription", - "ec2:describeSpotFleetInstances", - "ec2:describeSpotFleetRequestHistory", - "ec2:describeSpotFleetRequests", - "ec2:describeSpotInstanceRequests", - "ec2:describeSpotPriceHistory", - "ec2:describeStaleSecurityGroups", - "ec2:describeStoreImageTasks", - "ec2:describeSubnets", - "ec2:describeTags", - "ec2:describeTrafficMirrorFilterRules", - "ec2:describeTrafficMirrorFilters", - "ec2:describeTrafficMirrorSessions", - "ec2:describeTrafficMirrorTargets", - "ec2:describeTransitGatewayAttachments", - "ec2:describeTransitGatewayConnectPeers", - "ec2:describeTransitGatewayMulticastDomains", - "ec2:describeTransitGatewayPeeringAttachments", - "ec2:describeTransitGatewayPolicyTables", - "ec2:describeTransitGatewayRouteTableAnnouncements", - "ec2:describeTransitGatewayRouteTables", - "ec2:describeTransitGateways", - "ec2:describeTransitGatewayVpcAttachments", - "ec2:describeVerifiedAccessEndpoints", - "ec2:describeVerifiedAccessGroups", - "ec2:describeVerifiedAccessInstanceLoggingConfigurations", - "ec2:describeVerifiedAccessInstances", - "ec2:describeVerifiedAccessTrustProviders", - "ec2:describeVolumeAttribute", - "ec2:describeVolumes", - "ec2:describeVolumesModifications", - "ec2:describeVolumeStatus", - "ec2:describeVpcAttribute", - "ec2:describeVpcBlockPublicAccessExclusions", - "ec2:describeVpcBlockPublicAccessOptions", - "ec2:describeVpcClassicLink", - "ec2:describeVpcClassicLinkDnsSupport", - "ec2:describeVpcEndpointAssociations", - "ec2:describeVpcEndpointConnectionNotifications", - "ec2:describeVpcEndpointConnections", - "ec2:describeVpcEndpoints", - "ec2:describeVpcEndpointServiceConfigurations", - "ec2:describeVpcEndpointServicePermissions", - "ec2:describeVpcEndpointServices", - "ec2:describeVpcPeeringConnections", - "ec2:describeVpcs", - "ec2:describeVpnConnections", - "ec2:describeVpnGateways", - "ec2:getAssociatedEnclaveCertificateIamRoles", - "ec2:getAssociatedIpv6PoolCidrs", - "ec2:getCapacityReservationUsage", - "ec2:getCoipPoolUsage", - "ec2:getConsoleOutput", - "ec2:getConsoleScreenshot", - "ec2:getDefaultCreditSpecification", - "ec2:getEbsDefaultKmsKeyId", - "ec2:getEbsEncryptionByDefault", - "ec2:getGroupsForCapacityReservation", - "ec2:getHostReservationPurchasePreview", - "ec2:getImageBlockPublicAccessState", - "ec2:getInstanceTypesFromInstanceRequirements", - "ec2:getIpamAddressHistory", - "ec2:getIpamDiscoveredAccounts", - "ec2:getIpamDiscoveredPublicAddresses", - "ec2:getIpamDiscoveredResourceCidrs", - "ec2:getIpamPoolAllocations", - "ec2:getIpamPoolCidrs", - "ec2:getIpamResourceCidrs", - "ec2:getLaunchTemplateData", - "ec2:getManagedPrefixListAssociations", - "ec2:getManagedPrefixListEntries", - "ec2:getNetworkInsightsAccessScopeContent", - "ec2:getReservedInstancesExchangeQuote", - "ec2:getRouteServerAssociations", - "ec2:getRouteServerPropagations", - "ec2:getRouteServerRoutingDatabase", - "ec2:getSerialConsoleAccessStatus", - "ec2:getSpotPlacementScores", - "ec2:getSubnetCidrReservations", - "ec2:getTransitGatewayMulticastDomainAssociations", - "ec2:getTransitGatewayPrefixListReferences", - "ec2:getVerifiedAccessEndpointPolicy", - "ec2:getVerifiedAccessGroupPolicy", - "ec2:listImagesInRecycleBin", - "ec2:listSnapshotsInRecycleBin", - "ec2:searchLocalGatewayRoutes", - "ec2:searchTransitGatewayMulticastGroups", - "ec2:searchTransitGatewayRoutes", - "ecr-public:describeImages", - "ecr-public:describeImageTags", - "ecr-public:describeRegistries", - "ecr-public:describeRepositories", - "ecr-public:getRegistryCatalogData", - "ecr-public:getRepositoryCatalogData", - "ecr-public:getRepositoryPolicy", - "ecr-public:listTagsForResource", - "ecr:batchCheckLayerAvailability", - "ecr:batchGetRepositoryScanningConfiguration", - "ecr:describeImageReplicationStatus", - "ecr:describeImages", - "ecr:describeImageScanFindings", - "ecr:describePullThroughCacheRules", - "ecr:describeRegistry", - "ecr:describeRepositories", - "ecr:getLifecyclePolicy", - "ecr:getLifecyclePolicyPreview", - "ecr:getRegistryPolicy", - "ecr:getRegistryScanningConfiguration", - "ecr:getRepositoryPolicy", - "ecr:listImages", - "ecr:listTagsForResource", - "ecs:describeCapacityProviders", - "ecs:describeClusters", - "ecs:describeContainerInstances", - "ecs:describeServiceDeployments", - "ecs:describeServiceRevisions", - "ecs:describeServices", - "ecs:describeTaskDefinition", - "ecs:describeTasks", - "ecs:describeTaskSets", - "ecs:getTaskProtection", - "ecs:listAccountSettings", - "ecs:listAttributes", - "ecs:listClusters", - "ecs:listContainerInstances", - "ecs:listServiceDeployments", - "ecs:listServices", - "ecs:listServicesByNamespace", - "ecs:listTagsForResource", - "ecs:listTaskDefinitionFamilies", - "ecs:listTaskDefinitions", - "ecs:listTasks" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Sid": "AWSSupportActionsGroup2", - "Action": [ - "eks:describeAccessEntry", - "eks:describeAddon", - "eks:describeAddonConfiguration", - "eks:describeAddonVersions", - "eks:describeCluster", - "eks:describeEksAnywhereSubscription", - "eks:describeFargateProfile", - "eks:describeIdentityProviderConfig", - "eks:describeInsight", - "eks:describeNodegroup", - "eks:describePodIdentityAssociation", - "eks:describeUpdate", - "eks:listAccessEntries", - "eks:listAccessPolicies", - "eks:listAddons", - "eks:listAssociatedAccessPolicies", - "eks:listClusters", - "eks:listEksAnywhereSubscriptions", - "eks:listFargateProfiles", - "eks:listIdentityProviderConfigs", - "eks:listInsights", - "eks:listNodegroups", - "eks:listPodIdentityAssociations", - "eks:listUpdates", - "elasticache:describeCacheClusters", - "elasticache:describeCacheEngineVersions", - "elasticache:describeCacheParameterGroups", - "elasticache:describeCacheParameters", - "elasticache:describeCacheSecurityGroups", - "elasticache:describeCacheSubnetGroups", - "elasticache:describeEngineDefaultParameters", - "elasticache:describeEvents", - "elasticache:describeGlobalReplicationGroups", - "elasticache:describeReplicationGroups", - "elasticache:describeReservedCacheNodes", - "elasticache:describeReservedCacheNodesOfferings", - "elasticache:describeServerlessCaches", - "elasticache:describeServerlessCacheSnapshots", - "elasticache:describeServiceUpdates", - "elasticache:describeSnapshots", - "elasticache:describeUpdateActions", - "elasticache:describeUserGroups", - "elasticache:describeUsers", - "elasticache:listAllowedNodeTypeModifications", - "elasticache:listTagsForResource", - "elasticbeanstalk:checkDNSAvailability", - "elasticbeanstalk:describeAccountAttributes", - "elasticbeanstalk:describeApplications", - "elasticbeanstalk:describeApplicationVersions", - "elasticbeanstalk:describeConfigurationOptions", - "elasticbeanstalk:describeEnvironmentHealth", - "elasticbeanstalk:describeEnvironmentManagedActionHistory", - "elasticbeanstalk:describeEnvironmentManagedActions", - "elasticbeanstalk:describeEnvironmentResources", - "elasticbeanstalk:describeEnvironments", - "elasticbeanstalk:describeEvents", - "elasticbeanstalk:describeInstancesHealth", - "elasticbeanstalk:describePlatformVersion", - "elasticbeanstalk:listAvailableSolutionStacks", - "elasticbeanstalk:listPlatformBranches", - "elasticbeanstalk:listPlatformVersions", - "elasticbeanstalk:validateConfigurationSettings", - "elasticfilesystem:describeAccessPoints", - "elasticfilesystem:describeBackupPolicy", - "elasticfilesystem:describeFileSystemPolicy", - "elasticfilesystem:describeFileSystems", - "elasticfilesystem:describeLifecycleConfiguration", - "elasticfilesystem:describeMountTargets", - "elasticfilesystem:describeMountTargetSecurityGroups", - "elasticfilesystem:describeReplicationConfigurations", - "elasticfilesystem:describeTags", - "elasticfilesystem:listTagsForResource", - "elasticloadbalancing:describeAccountLimits", - "elasticloadbalancing:describeInstanceHealth", - "elasticloadbalancing:describeListenerCertificates", - "elasticloadbalancing:describeListeners", - "elasticloadbalancing:describeLoadBalancerAttributes", - "elasticloadbalancing:describeLoadBalancerPolicies", - "elasticloadbalancing:describeLoadBalancerPolicyTypes", - "elasticloadbalancing:describeLoadBalancers", - "elasticloadbalancing:describeRules", - "elasticloadbalancing:describeSSLPolicies", - "elasticloadbalancing:describeTags", - "elasticloadbalancing:describeTargetGroupAttributes", - "elasticloadbalancing:describeTargetGroups", - "elasticloadbalancing:describeTargetHealth", - "elasticloadbalancing:describeTrustStoreAssociations", - "elasticloadbalancing:describeTrustStoreRevocations", - "elasticloadbalancing:describeTrustStores", - "elasticmapreduce:describeCluster", - "elasticmapreduce:describeNotebookExecution", - "elasticmapreduce:describeReleaseLabel", - "elasticmapreduce:describeSecurityConfiguration", - "elasticmapreduce:describeStep", - "elasticmapreduce:describeStudio", - "elasticmapreduce:getAutoTerminationPolicy", - "elasticmapreduce:getBlockPublicAccessConfiguration", - "elasticmapreduce:getManagedScalingPolicy", - "elasticmapreduce:getStudioSessionMapping", - "elasticmapreduce:listBootstrapActions", - "elasticmapreduce:listClusters", - "elasticmapreduce:listInstanceFleets", - "elasticmapreduce:listInstanceGroups", - "elasticmapreduce:listInstances", - "elasticmapreduce:listNotebookExecutions", - "elasticmapreduce:listReleaseLabels", - "elasticmapreduce:listSecurityConfigurations", - "elasticmapreduce:listSteps", - "elasticmapreduce:listStudios", - "elasticmapreduce:listStudioSessionMappings", - "elastictranscoder:listJobsByPipeline", - "elastictranscoder:listJobsByStatus", - "elastictranscoder:listPipelines", - "elastictranscoder:listPresets", - "elastictranscoder:readPipeline", - "elastictranscoder:readPreset", - "emr-containers:describeJobRun", - "emr-containers:describeJobTemplate", - "emr-containers:describeManagedEndpoint", - "emr-containers:describeVirtualCluster", - "emr-containers:listJobRuns", - "emr-containers:listJobTemplates", - "emr-containers:listManagedEndpoints", - "emr-containers:listVirtualClusters", - "emr-serverless:getApplication", - "emr-serverless:getJobRun", - "emr-serverless:listApplications", - "es:describeDomain", - "es:describeDomainAutoTunes", - "es:describeDomainChangeProgress", - "es:describeDomainConfig", - "es:describeDomainHealth", - "es:describeDomainNodes", - "es:describeDomains", - "es:describeDryRunProgress", - "es:describeElasticsearchDomain", - "es:describeElasticsearchDomainConfig", - "es:describeElasticsearchDomains", - "es:getDomainMaintenanceStatus", - "es:describeInboundConnections", - "es:describeInstanceTypeLimits", - "es:describeOutboundConnections", - "es:describePackages", - "es:describeReservedInstanceOfferings", - "es:describeReservedInstances", - "es:describeVpcEndpoints", - "es:getCompatibleVersions", - "es:getPackageVersionHistory", - "es:getUpgradeHistory", - "es:getUpgradeStatus", - "es:listDomainMaintenances", - "es:listDomainNames", - "es:listDomainsForPackage", - "es:listInstanceTypeDetails", - "es:listPackagesForDomain", - "es:listScheduledActions", - "es:listTags", - "es:listVersions", - "es:listVpcEndpointAccess", - "es:listVpcEndpoints", - "es:listVpcEndpointsForDomain", - "events:describeApiDestination", - "events:describeArchive", - "events:describeConnection", - "events:describeEndpoint", - "events:describeEventBus", - "events:describeEventSource", - "events:describePartnerEventSource", - "events:describeReplay", - "events:describeRule", - "events:listApiDestinations", - "events:listArchives", - "events:listConnections", - "events:listEndpoints", - "events:listEventBuses", - "events:listEventSources", - "events:listPartnerEventSourceAccounts", - "events:listPartnerEventSources", - "events:listReplays", - "events:listRuleNamesByTarget", - "events:listRules", - "events:listTargetsByRule", - "events:testEventPattern", - "evidently:getExperiment", - "evidently:getFeature", - "evidently:getLaunch", - "evidently:getProject", - "evidently:getSegment", - "evidently:listExperiments", - "evidently:listFeatures", - "evidently:listLaunches", - "evidently:listProjects", - "evidently:listSegmentReferences", - "evidently:listSegments", - "firehose:describeDeliveryStream", - "firehose:listDeliveryStreams", - "fis:getAction", - "fis:getExperiment", - "fis:getExperimentTargetAccountConfiguration", - "fis:getExperimentTemplate", - "fis:getSafetyLever", - "fis:getTargetAccountConfiguration", - "fis:listActions", - "fis:listExperimentResolvedTargets", - "fis:listExperimentTargetAccountConfigurations", - "fis:listExperiments", - "fis:listExperimentTemplates", - "fis:listTargetAccountConfigurations", - "fms:getAdminAccount", - "fms:getAdminScope", - "fms:getAppsList", - "fms:getComplianceDetail", - "fms:getNotificationChannel", - "fms:getProtocolsList", - "fms:getPolicy", - "fms:getProtectionStatus", - "fms:getResourceSet", - "fms:getThirdPartyFirewallAssociationStatus", - "fms:getViolationDetails", - "fms:listAdminAccountsForOrganization", - "fms:listAdminsManagingAccount", - "fms:listAppsLists", - "fms:listComplianceStatus", - "fms:listDiscoveredResources", - "fms:listMemberAccounts", - "fms:listProtocolsLists", - "fms:listPolicies", - "fms:listResourceSetResources", - "fms:listResourceSets", - "fms:listThirdPartyFirewallFirewallPolicies", - "forecast:describeDataset", - "forecast:describeDatasetGroup", - "forecast:describeDatasetImportJob", - "forecast:describeForecast", - "forecast:describeForecastExportJob", - "forecast:describePredictor", - "forecast:getAccuracyMetrics", - "forecast:listDatasetGroups", - "forecast:listDatasetImportJobs", - "forecast:listDatasets", - "forecast:listForecastExportJobs", - "forecast:listForecasts", - "forecast:listPredictors", - "freetier:getFreeTierUsage", - "fsx:describeBackups", - "fsx:describeDataRepositoryAssociations", - "fsx:describeDataRepositoryTasks", - "fsx:describeFileCaches", - "fsx:describeFileSystems", - "fsx:describeS3AccessPointAttachments", - "fsx:describeSnapshots", - "fsx:describeStorageVirtualMachines", - "fsx:describeVolumes", - "fsx:listTagsForResource", - "gamelift:describeAlias", - "gamelift:describeBuild", - "gamelift:describeEC2InstanceLimits", - "gamelift:describeFleetAttributes", - "gamelift:describeFleetCapacity", - "gamelift:describeFleetEvents", - "gamelift:describeFleetLocationAttributes", - "gamelift:describeFleetLocationCapacity", - "gamelift:describeFleetLocationUtilization", - "gamelift:describeFleetPortSettings", - "gamelift:describeFleetUtilization", - "gamelift:describeGameServer", - "gamelift:describeGameServerGroup", - "gamelift:describeGameSessionDetails", - "gamelift:describeGameSessionPlacement", - "gamelift:describeGameSessionQueues", - "gamelift:describeGameSessions", - "gamelift:describeInstances", - "gamelift:describeMatchmaking", - "gamelift:describeMatchmakingConfigurations", - "gamelift:describeMatchmakingRuleSets", - "gamelift:describePlayerSessions", - "gamelift:describeRuntimeConfiguration", - "gamelift:describeScalingPolicies", - "gamelift:describeScript", - "gamelift:listAliases", - "gamelift:listBuilds", - "gamelift:listFleets", - "gamelift:listGameServerGroups", - "gamelift:listGameServers", - "gamelift:listScripts", - "gamelift:resolveAlias", - "glacier:describeJob", - "glacier:describeVault", - "glacier:getDataRetrievalPolicy", - "glacier:getVaultAccessPolicy", - "glacier:getVaultLock", - "glacier:getVaultNotifications", - "glacier:listJobs", - "glacier:listTagsForVault", - "glacier:listVaults", - "globalaccelerator:describeAccelerator", - "globalaccelerator:describeAcceleratorAttributes", - "globalaccelerator:describeCrossAccountAttachment", - "globalaccelerator:describeCustomRoutingAccelerator", - "globalaccelerator:describeCustomRoutingAcceleratorAttributes", - "globalaccelerator:describeCustomRoutingEndpointGroup", - "globalaccelerator:describeCustomRoutingListener", - "globalaccelerator:describeEndpointGroup", - "globalaccelerator:describeListener", - "globalaccelerator:listAccelerators", - "globalaccelerator:listByoipCidrs", - "globalaccelerator:listCrossAccountAttachments", - "globalaccelerator:listCrossAccountResourceAccounts", - "globalaccelerator:listCrossAccountResources", - "globalaccelerator:listCustomRoutingAccelerators", - "globalaccelerator:listCustomRoutingEndpointGroups", - "globalaccelerator:listCustomRoutingListeners", - "globalaccelerator:listCustomRoutingPortMappings", - "globalaccelerator:listCustomRoutingPortMappingsByDestination", - "globalaccelerator:listEndpointGroups", - "globalaccelerator:listListeners", - "glue:batchGetBlueprints", - "glue:batchGetCrawlers", - "glue:batchGetDevEndpoints", - "glue:batchGetJobs", - "glue:batchGetPartition", - "glue:batchGetTriggers", - "glue:batchGetWorkflows", - "glue:checkSchemaVersionValidity", - "glue:batchGetTableOptimizer", - "glue:getBlueprint", - "glue:getBlueprintRun", - "glue:getBlueprintRuns", - "glue:getCatalogImportStatus", - "glue:getClassifier", - "glue:getClassifiers", - "glue:getColumnStatisticsForPartition", - "glue:getColumnStatisticsForTable", - "glue:getColumnStatisticsTaskRun", - "glue:getColumnStatisticsTaskRuns", - "glue:getCrawler", - "glue:getCrawlerMetrics", - "glue:getCrawlers", - "glue:getCustomEntityType", - "glue:getDatabase", - "glue:getDatabases", - "glue:getDataCatalogEncryptionSettings", - "glue:getDataflowGraph", - "glue:getDataQualityResult", - "glue:getDataQualityRuleRecommendationRun", - "glue:getDataQualityRuleset", - "glue:getDataQualityRulesetEvaluationRun", - "glue:getDevEndpoint", - "glue:getDevEndpoints", - "glue:getJob", - "glue:getJobBookmark", - "glue:getJobRun", - "glue:getJobRuns", - "glue:getJobs", - "glue:getMapping", - "glue:getMLTaskRun", - "glue:getMLTaskRuns", - "glue:getMLTransform", - "glue:getMLTransforms", - "glue:getPartition", - "glue:getPartitionIndexes", - "glue:getPartitions", - "glue:getRegistry", - "glue:getResourcePolicies", - "glue:getResourcePolicy", - "glue:getSchema", - "glue:getSchemaByDefinition", - "glue:getSchemaVersion", - "glue:getSchemaVersionsDiff", - "glue:getSecurityConfiguration", - "glue:getSecurityConfigurations", - "glue:getSession", - "glue:getStatement", - "glue:getTable", - "glue:getTableOptimizer", - "glue:getTables", - "glue:getTableVersions", - "glue:getTrigger", - "glue:getTriggers", - "glue:getUserDefinedFunction", - "glue:getUserDefinedFunctions", - "glue:getWorkflow", - "glue:getWorkflowRun", - "glue:getWorkflowRuns", - "glue:listColumnStatisticsTaskRuns", - "glue:listCrawlers", - "glue:listCrawls", - "glue:listDataQualityResults", - "glue:listDataQualityRuleRecommendationRuns", - "glue:listDataQualityRulesetEvaluationRuns", - "glue:listDataQualityRulesets", - "glue:listDevEndpoints", - "glue:listMLTransforms", - "glue:listRegistries", - "glue:listSchemas", - "glue:listSchemaVersions", - "glue:listSessions", - "glue:listStatements", - "glue:listTableOptimizerRuns", - "glue:listTriggers", - "glue:querySchemaVersionMetadata", - "glue:getTableVersion", - "grafana:describeWorkspace", - "grafana:describeWorkspaceAuthentication", - "grafana:listPermissions", - "grafana:listVersions", - "grafana:listWorkspaces", - "greengrass:getConnectivityInfo", - "greengrass:getCoreDefinition", - "greengrass:getCoreDefinitionVersion", - "greengrass:getDeploymentStatus", - "greengrass:getDeviceDefinition", - "greengrass:getDeviceDefinitionVersion", - "greengrass:getFunctionDefinition", - "greengrass:getFunctionDefinitionVersion", - "greengrass:getGroup", - "greengrass:getGroupCertificateAuthority", - "greengrass:getGroupVersion", - "greengrass:getLoggerDefinition", - "greengrass:getLoggerDefinitionVersion", - "greengrass:getResourceDefinitionVersion", - "greengrass:getServiceRoleForAccount", - "greengrass:getSubscriptionDefinition", - "greengrass:getSubscriptionDefinitionVersion", - "greengrass:listCoreDefinitions", - "greengrass:listCoreDefinitionVersions", - "greengrass:listDeployments", - "greengrass:listDeviceDefinitions", - "greengrass:listDeviceDefinitionVersions", - "greengrass:listFunctionDefinitions", - "greengrass:listFunctionDefinitionVersions", - "greengrass:listGroups", - "greengrass:listGroupVersions", - "greengrass:listLoggerDefinitions", - "greengrass:listLoggerDefinitionVersions", - "greengrass:listResourceDefinitions", - "greengrass:listResourceDefinitionVersions", - "greengrass:listSubscriptionDefinitions", - "greengrass:listSubscriptionDefinitionVersions", - "guardduty:describeMalwareScans", - "guardduty:describePublishingDestination", - "guardduty:getCoverageStatistics", - "guardduty:getDetector", - "guardduty:getFindings", - "guardduty:getFindingsStatistics", - "guardduty:getInvitationsCount", - "guardduty:getIPSet", - "guardduty:getMalwareScanSettings", - "guardduty:getMasterAccount", - "guardduty:getMemberDetectors", - "guardduty:getMembers", - "guardduty:getOrganizationStatistics", - "guardduty:getRemainingFreeTrialDays", - "guardduty:getThreatIntelSet", - "guardduty:listCoverage", - "guardduty:listDetectors", - "guardduty:listFindings", - "guardduty:listInvitations", - "guardduty:listIPSets", - "guardduty:listMembers", - "guardduty:listThreatIntelSets", - "health:describeAffectedAccountsForOrganization", - "health:describeAffectedEntities", - "health:describeAffectedEntitiesForOrganization", - "health:describeEntityAggregates", - "health:describeEntityAggregatesForOrganization", - "health:describeEventAggregates", - "health:describeEventDetails", - "health:describeEventDetailsForOrganization", - "health:describeEvents", - "health:describeEventsForOrganization", - "health:describeEventTypes", - "health:describeHealthServiceStatusForOrganization", - "iam:getAccessKeyLastUsed", - "iam:getAccountAuthorizationDetails", - "iam:getAccountPasswordPolicy", - "iam:getAccountSummary", - "iam:getContextKeysForCustomPolicy", - "iam:getContextKeysForPrincipalPolicy", - "iam:getCredentialReport", - "iam:getGroup", - "iam:getGroupPolicy", - "iam:getInstanceProfile", - "iam:getLoginProfile", - "iam:getMFADevice", - "iam:getOpenIDConnectProvider", - "iam:getPolicy", - "iam:getPolicyVersion", - "iam:getRole", - "iam:getRolePolicy", - "iam:getSAMLProvider", - "iam:getServerCertificate", - "iam:getServiceLinkedRoleDeletionStatus", - "iam:getSSHPublicKey", - "iam:getUser", - "iam:getUserPolicy", - "iam:listAccessKeys", - "iam:listAccountAliases", - "iam:listAttachedGroupPolicies", - "iam:listAttachedRolePolicies", - "iam:listAttachedUserPolicies", - "iam:listEntitiesForPolicy", - "iam:listGroupPolicies", - "iam:listGroups", - "iam:listGroupsForUser", - "iam:listInstanceProfiles", - "iam:listInstanceProfilesForRole", - "iam:listMFADevices", - "iam:listOpenIDConnectProviders", - "iam:listPolicies", - "iam:listPolicyVersions", - "iam:listRolePolicies", - "iam:listRoles", - "iam:listSAMLProviders", - "iam:listServerCertificates", - "iam:listServiceSpecificCredentials", - "iam:listSigningCertificates", - "iam:listSSHPublicKeys", - "iam:listUserPolicies", - "iam:listUsers", - "iam:listVirtualMFADevices", - "iam:simulateCustomPolicy", - "iam:simulatePrincipalPolicy", - "identitystore:describeGroup", - "identitystore:describeGroupMembership", - "identitystore:getGroupId", - "identitystore:getGroupMembershipId", - "identitystore:getUserId", - "identitystore:isMemberInGroups", - "identitystore:listGroupMemberships", - "identitystore:listGroupMembershipsForMember", - "identitystore:listGroups", - "imagebuilder:getComponent", - "imagebuilder:getComponentPolicy", - "imagebuilder:getContainerRecipe", - "imagebuilder:getContainerRecipePolicy", - "imagebuilder:getDistributionConfiguration", - "imagebuilder:getImage", - "imagebuilder:getImagePipeline", - "imagebuilder:getImagePolicy", - "imagebuilder:getImageRecipe", - "imagebuilder:getImageRecipePolicy", - "imagebuilder:getInfrastructureConfiguration", - "imagebuilder:getLifecycleExecution", - "imagebuilder:getLifecyclePolicy", - "imagebuilder:getWorkflow", - "imagebuilder:getWorkflowExecution", - "imagebuilder:getWorkflowStepExecution", - "imagebuilder:listComponentBuildVersions", - "imagebuilder:listComponents", - "imagebuilder:listContainerRecipes", - "imagebuilder:listDistributionConfigurations", - "imagebuilder:listImageBuildVersions", - "imagebuilder:listImagePipelineImages", - "imagebuilder:listImagePipelines", - "imagebuilder:listImageRecipes", - "imagebuilder:listImages", - "imagebuilder:listImageScanFindingAggregations", - "imagebuilder:listInfrastructureConfigurations", - "imagebuilder:listLifecycleExecutionResources", - "imagebuilder:listLifecycleExecutions", - "imagebuilder:listLifecyclePolicies", - "imagebuilder:listTagsForResource", - "imagebuilder:listWorkflowBuildVersions", - "imagebuilder:listWorkflowExecutions", - "imagebuilder:listWorkflows", - "imagebuilder:listWaitingWorkflowSteps", - "imagebuilder:listWorkflowStepExecutions", - "inspector-scan:scanSbom", - "inspector:describeAssessmentRuns", - "inspector:describeAssessmentTargets", - "inspector:describeAssessmentTemplates", - "inspector:describeCrossAccountAccessRole", - "inspector:describeResourceGroups", - "inspector:describeRulesPackages", - "inspector:getTelemetryMetadata", - "inspector:listAssessmentRunAgents", - "inspector:listAssessmentRuns", - "inspector:listAssessmentTargets", - "inspector:listAssessmentTemplates", - "inspector:listEventSubscriptions", - "inspector:listRulesPackages", - "inspector:listTagsForResource", - "inspector2:batchGetAccountStatus", - "inspector2:batchGetFreeTrialInfo", - "inspector2:describeOrganizationConfiguration", - "inspector2:getConfiguration", - "inspector2:getDelegatedAdminAccount", - "inspector2:getEc2DeepInspectionConfiguration", - "inspector2:getMember", - "inspector2:getSbomExport", - "inspector2:listCisScanConfigurations", - "inspector2:listCisScanResultsAggregatedByChecks", - "inspector2:listCisScanResultsAggregatedByTargetResource", - "inspector2:listCisScans", - "inspector2:listCoverage", - "inspector2:listDelegatedAdminAccounts", - "inspector2:listFilters", - "inspector2:listFindings", - "inspector2:listMembers", - "inspector2:listUsageTotals", - "internetmonitor:getHealthEvent", - "internetmonitor:getMonitor", - "internetmonitor:listHealthEvents", - "internetmonitor:listMonitors", - "invoicing:listInvoiceSummaries", - "iot:describeAuthorizer", - "iot:describeCACertificate", - "iot:describeCertificate", - "iot:describeDefaultAuthorizer", - "iot:describeDomainConfiguration", - "iot:describeEndpoint", - "iot:describeIndex", - "iot:describeJobExecution", - "iot:describeThing", - "iot:describeThingGroup", - "iot:describeTunnel", - "iot:getEffectivePolicies", - "iot:getIndexingConfiguration", - "iot:getLoggingOptions", - "iot:getPolicy", - "iot:getPolicyVersion", - "iot:getTopicRule", - "iot:getV2LoggingOptions", - "iot:listAttachedPolicies", - "iot:listAuthorizers", - "iot:listCACertificates", - "iot:listCertificates", - "iot:listCertificatesByCA", - "iot:listCommandExecutions", - "iot:listCommands", - "iot:listDomainConfigurations", - "iot:listJobExecutionsForJob", - "iot:listJobExecutionsForThing", - "iot:listJobs", - "iot:listNamedShadowsForThing", - "iot:listOutgoingCertificates", - "iot:listPackages", - "iot:listPackageVersions", - "iot:listPolicies", - "iot:listPolicyPrincipals", - "iot:listPolicyVersions", - "iot:listPrincipalPolicies", - "iot:listPrincipalThings", - "iot:listRoleAliases", - "iot:listTargetsForPolicy", - "iot:listThingGroups", - "iot:listThingGroupsForThing", - "iot:listThingPrincipals", - "iot:listThingRegistrationTasks", - "iot:listThings", - "iot:listThingsInThingGroup", - "iot:listThingTypes", - "iot:listTopicRules", - "iot:listTunnels", - "iot:listV2LoggingLevels", - "iotevents:describeDetector", - "iotevents:describeDetectorModel", - "iotevents:describeInput", - "iotevents:describeLoggingOptions", - "iotevents:listDetectorModels", - "iotevents:listDetectorModelVersions", - "iotevents:listDetectors", - "iotevents:listInputs", - "iotfleetwise:getCampaign", - "iotfleetwise:getDecoderManifest", - "iotfleetwise:getEncryptionConfiguration", - "iotfleetwise:getFleet", - "iotfleetwise:getLoggingOptions", - "iotfleetwise:getModelManifest", - "iotfleetwise:getRegisterAccountStatus", - "iotfleetwise:getSignalCatalog", - "iotfleetwise:getStateTemplate", - "iotfleetwise:getVehicle", - "iotfleetwise:getVehicleStatus", - "iotfleetwise:listCampaigns", - "iotfleetwise:listDecoderManifestNetworkInterfaces", - "iotfleetwise:listDecoderManifests", - "iotfleetwise:listDecoderManifestSignals", - "iotfleetwise:listFleets", - "iotfleetwise:listFleetsForVehicle", - "iotfleetwise:listModelManifestNodes", - "iotfleetwise:listModelManifests", - "iotfleetwise:listSignalCatalogNodes", - "iotfleetwise:listSignalCatalogs", - "iotfleetwise:listStateTemplates", - "iotfleetwise:listVehicles", - "iotfleetwise:listVehiclesInFleet", - "iotsitewise:describeAccessPolicy", - "iotsitewise:describeAsset", - "iotsitewise:describeAssetModel", - "iotsitewise:describeAssetProperty", - "iotsitewise:describeDashboard", - "iotsitewise:describeGateway", - "iotsitewise:describeGatewayCapabilityConfiguration", - "iotsitewise:describeLoggingOptions", - "iotsitewise:describePortal", - "iotsitewise:describeProject", - "iotsitewise:listAccessPolicies", - "iotsitewise:listAssetModels", - "iotsitewise:listAssets", - "iotsitewise:listAssociatedAssets", - "iotsitewise:listDashboards", - "iotsitewise:listGateways", - "iotsitewise:listPortals", - "iotsitewise:listProjectAssets", - "iotsitewise:listProjects", - "iottwinmaker:getComponentType", - "iottwinmaker:getEntity", - "iottwinmaker:getPricingPlan", - "iottwinmaker:getScene", - "iottwinmaker:getSyncJob", - "iottwinmaker:getWorkspace", - "iottwinmaker:listComponentTypes", - "iottwinmaker:listEntities", - "iottwinmaker:listScenes", - "iottwinmaker:listSyncJobs", - "iottwinmaker:listSyncResources", - "iottwinmaker:listWorkspaces", - "iotwireless:getDestination", - "iotwireless:getDeviceProfile", - "iotwireless:getPartnerAccount", - "iotwireless:getServiceEndpoint", - "iotwireless:getServiceProfile", - "iotwireless:getWirelessDevice", - "iotwireless:getWirelessDeviceStatistics", - "iotwireless:getWirelessGateway", - "iotwireless:getWirelessGatewayCertificate", - "iotwireless:getWirelessGatewayFirmwareInformation", - "iotwireless:getWirelessGatewayStatistics", - "iotwireless:getWirelessGatewayTask", - "iotwireless:getWirelessGatewayTaskDefinition", - "iotwireless:listDestinations", - "iotwireless:listDeviceProfiles", - "iotwireless:listPartnerAccounts", - "iotwireless:listServiceProfiles", - "iotwireless:listTagsForResource", - "iotwireless:listWirelessDevices", - "iotwireless:listWirelessGateways", - "iotwireless:listWirelessGatewayTaskDefinitions", - "ivs:getChannel", - "ivs:getRecordingConfiguration", - "ivs:getStream", - "ivs:getStreamSession", - "ivs:listChannels", - "ivs:listPlaybackKeyPairs", - "ivs:listRecordingConfigurations", - "ivs:listStreamKeys", - "ivs:listStreams", - "ivs:listStreamSessions", - "kafka:describeCluster", - "kafka:describeClusterOperation", - "kafka:describeClusterOperationV2", - "kafka:describeClusterV2", - "kafka:describeConfiguration", - "kafka:describeConfigurationRevision", - "kafka:describeReplicator", - "kafka:describeVpcConnection", - "kafka:getBootstrapBrokers", - "kafka:getClusterPolicy", - "kafka:listClientVpcConnections", - "kafka:listClusterOperations", - "kafka:listClusterOperationsV2", - "kafka:listClusters", - "kafka:listClustersV2", - "kafka:listConfigurationRevisions", - "kafka:listConfigurations", - "kafka:listNodes", - "kafka:listReplicators", - "kafka:listScramSecrets", - "kafka:listVpcConnections", - "kafkaconnect:describeConnector", - "kafkaconnect:describeCustomPlugin", - "kafkaconnect:describeWorkerConfiguration", - "kafkaconnect:listConnectors", - "kafkaconnect:listCustomPlugins", - "kafkaconnect:listWorkerConfigurations", - "kendra:describeDataSource", - "kendra:describeFaq", - "kendra:describeIndex", - "kendra:listDataSources", - "kendra:listFaqs", - "kendra:listIndices", - "kinesis:describeStream", - "kinesis:describeStreamConsumer", - "kinesis:describeStreamSummary", - "kinesis:listShards", - "kinesis:listStreamConsumers", - "kinesis:listStreams", - "kinesis:listTagsForStream", - "kinesisanalytics:describeApplication", - "kinesisanalytics:describeApplicationOperation", - "kinesisanalytics:describeApplicationSnapshot", - "kinesisanalytics:listApplicationOperations", - "kinesisanalytics:listApplications", - "kinesisanalytics:listApplicationSnapshots", - "kinesisanalytics:listApplicationVersions", - "kinesisvideo:describeImageGenerationConfiguration", - "kinesisvideo:describeNotificationConfiguration", - "kinesisvideo:describeSignalingChannel", - "kinesisvideo:describeStream", - "kinesisvideo:getDataEndpoint", - "kinesisvideo:getIceServerConfig", - "kinesisvideo:getSignalingChannelEndpoint", - "kinesisvideo:listSignalingChannels", - "kinesisvideo:listStreams", - "kms:describeKey", - "kms:getKeyPolicy", - "kms:getKeyRotationStatus", - "kms:listAliases", - "kms:listGrants", - "kms:listKeyPolicies", - "kms:listKeys", - "kms:listResourceTags", - "kms:listRetirableGrants", - "lakeformation:describeLakeFormationIdentityCenterConfiguration", - "lakeformation:describeResource", - "lakeformation:describeTransaction", - "lakeformation:getDataLakePrincipal", - "lakeformation:getDataLakeSettings", - "lakeformation:getEffectivePermissionsForPath", - "lakeformation:getLFTag", - "lakeformation:getLFTagExpression", - "lakeformation:getQueryState", - "lakeformation:getQueryStatistics", - "lakeformation:getResourceLFTags", - "lakeformation:listLFTagExpressions", - "lakeformation:listLFTags", - "lakeformation:listLakeFormationOptIns", - "lakeformation:listPermissions", - "lakeformation:listResources", - "lakeformation:searchDatabasesByLFTags", - "lakeformation:searchTablesByLFTags", - "lambda:getAccountSettings", - "lambda:getAlias", - "lambda:getCodeSigningConfig", - "lambda:getEventSourceMapping", - "lambda:getFunction", - "lambda:getFunctionCodeSigningConfig", - "lambda:getFunctionConcurrency", - "lambda:getFunctionConfiguration", - "lambda:getFunctionEventInvokeConfig", - "lambda:getFunctionRecursionConfig", - "lambda:getFunctionUrlConfig", - "lambda:getLayerVersion", - "lambda:getLayerVersionPolicy", - "lambda:getPolicy", - "lambda:getProvisionedConcurrencyConfig", - "lambda:getRuntimeManagementConfig", - "lambda:listAliases", - "lambda:listCodeSigningConfigs", - "lambda:listEventSourceMappings", - "lambda:listFunctionEventInvokeConfigs", - "lambda:listFunctions", - "lambda:listFunctionsByCodeSigningConfig", - "lambda:listFunctionUrlConfigs", - "lambda:listLayers", - "lambda:listLayerVersions", - "lambda:listProvisionedConcurrencyConfigs", - "lambda:listTags", - "lambda:listVersionsByFunction", - "launchwizard:describeProvisionedApp", - "launchwizard:describeProvisioningEvents", - "launchwizard:listDeploymentEvents", - "launchwizard:listDeployments", - "launchwizard:listProvisionedApps", - "lex:describeBot", - "lex:describeBotAlias", - "lex:describeBotLocale", - "lex:describeBotRecommendation", - "lex:describeBotVersion", - "lex:describeCustomVocabularyMetadata", - "lex:describeExport", - "lex:describeImport", - "lex:describeIntent", - "lex:describeResourcePolicy", - "lex:describeSlot", - "lex:describeSlotType", - "lex:getBot", - "lex:getBotAlias", - "lex:getBotAliases", - "lex:getBotChannelAssociation", - "lex:getBotChannelAssociations", - "lex:getBots", - "lex:getBotVersions", - "lex:getBuiltinIntent", - "lex:getBuiltinIntents", - "lex:getBuiltinSlotTypes", - "lex:getIntent", - "lex:getIntents", - "lex:getIntentVersions", - "lex:getSlotType", - "lex:getSlotTypes", - "lex:getSlotTypeVersions", - "lex:listBotAliases", - "lex:listBotLocales", - "lex:listBotRecommendations", - "lex:listBots", - "lex:listBotVersions", - "lex:listExports", - "lex:listImports", - "lex:listIntents", - "lex:listRecommendedIntents", - "lex:listSlots", - "lex:listSlotTypes", - "license-manager:getLicenseConfiguration", - "license-manager:getServiceSettings", - "license-manager:listAssociationsForLicenseConfiguration", - "license-manager:listFailuresForLicenseConfigurationOperations", - "license-manager:listLicenseConfigurations", - "license-manager:listLicenseSpecificationsForResource", - "license-manager:listResourceInventory", - "license-manager:listUsageForLicenseConfiguration", - "lightsail:getActiveNames", - "lightsail:getAlarms", - "lightsail:getAutoSnapshots", - "lightsail:getBlueprints", - "lightsail:getBucketBundles", - "lightsail:getBucketMetricData", - "lightsail:getBuckets", - "lightsail:getBundles", - "lightsail:getCertificates", - "lightsail:getContainerImages", - "lightsail:getContainerServiceDeployments", - "lightsail:getContainerServiceMetricData", - "lightsail:getContainerServicePowers", - "lightsail:getContainerServices", - "lightsail:getDisk", - "lightsail:getDisks", - "lightsail:getDiskSnapshot", - "lightsail:getDiskSnapshots", - "lightsail:getDistributionBundles", - "lightsail:getDistributionMetricData", - "lightsail:getDistributions", - "lightsail:getDomain", - "lightsail:getDomains", - "lightsail:getExportSnapshotRecords", - "lightsail:getInstance", - "lightsail:getInstanceMetricData", - "lightsail:getInstancePortStates", - "lightsail:getInstances", - "lightsail:getInstanceSnapshot", - "lightsail:getInstanceSnapshots", - "lightsail:getInstanceState", - "lightsail:getKeyPair", - "lightsail:getKeyPairs", - "lightsail:getLoadBalancer", - "lightsail:getLoadBalancerMetricData", - "lightsail:getLoadBalancers", - "lightsail:getLoadBalancerTlsCertificates", - "lightsail:getOperation", - "lightsail:getOperations", - "lightsail:getOperationsForResource", - "lightsail:getRegions", - "lightsail:getRelationalDatabase", - "lightsail:getRelationalDatabaseMetricData", - "lightsail:getRelationalDatabases", - "lightsail:getRelationalDatabaseSnapshot", - "lightsail:getRelationalDatabaseSnapshots", - "lightsail:getStaticIp", - "lightsail:getStaticIps", - "lightsail:isVpcPeered", - "logs:describeAccountPolicies", - "logs:describeDeliveries", - "logs:describeDeliveryDestinations", - "logs:describeDeliverySources", - "logs:describeDestinations", - "logs:describeExportTasks", - "logs:describeFieldIndexes", - "logs:describeIndexPolicies", - "logs:describeLogGroups", - "logs:describeLogStreams", - "logs:describeMetricFilters", - "logs:describeQueries", - "logs:describeQueryDefinitions", - "logs:describeResourcePolicies", - "logs:describeSubscriptionFilters", - "logs:getDataProtectionPolicy", - "logs:getDelivery", - "logs:getDeliveryDestination", - "logs:getDeliveryDestinationPolicy", - "logs:getDeliverySource", - "logs:getIntegration", - "logs:getLogAnomalyDetector", - "logs:getLogDelivery", - "logs:getLogGroupFields", - "logs:getTransformer", - "logs:listAnomalies", - "logs:listIntegrations", - "logs:listLogAnomalyDetectors", - "logs:listLogDeliveries", - "logs:listLogGroupsForQuery", - "logs:testMetricFilter", - "lookoutequipment:describeDataIngestionJob", - "lookoutequipment:describeDataset", - "lookoutequipment:describeInferenceScheduler", - "lookoutequipment:describeModel", - "lookoutequipment:listDataIngestionJobs", - "lookoutequipment:listDatasets", - "lookoutequipment:listInferenceExecutions", - "lookoutequipment:listInferenceSchedulers", - "lookoutequipment:listModels", - "lookoutmetrics:describeAlert", - "lookoutmetrics:describeAnomalyDetectionExecutions", - "lookoutmetrics:describeAnomalyDetector", - "lookoutmetrics:describeMetricSet", - "lookoutmetrics:getAnomalyGroup", - "lookoutmetrics:getDataQualityMetrics", - "lookoutmetrics:getFeedback", - "lookoutmetrics:getSampleData", - "lookoutmetrics:listAlerts", - "lookoutmetrics:listAnomalyDetectors", - "lookoutmetrics:listAnomalyGroupSummaries", - "lookoutmetrics:listAnomalyGroupTimeSeries", - "lookoutmetrics:listMetricSets", - "lookoutmetrics:listTagsForResource", - "m2:getApplication", - "m2:getApplicationVersion", - "m2:getBatchJobExecution", - "m2:getDataSetDetails", - "m2:getDataSetImportTask", - "m2:getDeployment", - "m2:getEnvironment", - "m2:listApplications", - "m2:listApplicationVersions", - "m2:listBatchJobDefinitions", - "m2:listBatchJobExecutions", - "m2:listDataSetImportHistory", - "m2:listDataSets", - "m2:listDeployments", - "m2:listEngineVersions", - "m2:listEnvironments", - "machinelearning:describeBatchPredictions", - "machinelearning:describeDataSources", - "machinelearning:describeEvaluations", - "machinelearning:describeMLModels", - "machinelearning:getBatchPrediction", - "machinelearning:getDataSource", - "machinelearning:getEvaluation", - "machinelearning:getMLModel", - "macie2:getClassificationExportConfiguration", - "macie2:getCustomDataIdentifier", - "macie2:getFindings", - "macie2:getFindingStatistics", - "macie2:listClassificationJobs", - "macie2:listCustomDataIdentifiers", - "macie2:listFindings", - "managedblockchain:getMember", - "managedblockchain:getNetwork", - "managedblockchain:getNode", - "managedblockchain:listMembers", - "managedblockchain:listNetworks", - "managedblockchain:listNodes", - "mediaconnect:describeFlow", - "mediaconnect:listEntitlements", - "mediaconnect:listFlows", - "mediaconvert:describeEndpoints", - "mediaconvert:getJob", - "mediaconvert:getJobTemplate", - "mediaconvert:getPreset", - "mediaconvert:getQueue", - "mediaconvert:listJobs", - "mediaconvert:listJobTemplates", - "medialive:describeChannel", - "medialive:describeInput", - "medialive:describeInputDevice", - "medialive:describeInputSecurityGroup", - "medialive:describeMultiplex", - "medialive:describeOffering", - "medialive:describeReservation", - "medialive:describeSchedule", - "medialive:getCloudWatchAlarmTemplate", - "medialive:getCloudWatchAlarmTemplateGroup", - "medialive:getEventBridgeRuleTemplate", - "medialive:getEventBridgeRuleTemplateGroup", - "medialive:getSignalMap", - "medialive:listChannels", - "medialive:listCloudWatchAlarmTemplateGroups", - "medialive:listCloudWatchAlarmTemplates", - "medialive:listEventBridgeRuleTemplateGroups", - "medialive:listEventBridgeRuleTemplates", - "medialive:listInputDevices", - "medialive:listInputs", - "medialive:listInputSecurityGroups", - "medialive:listMultiplexes", - "medialive:listOfferings", - "medialive:listReservations", - "medialive:listSignalMaps", - "mediapackage:describeChannel", - "mediapackage:describeOriginEndpoint", - "mediapackage:listChannels", - "mediapackage:listOriginEndpoints", - "mediastore:describeContainer", - "mediastore:getContainerPolicy", - "mediastore:getCorsPolicy", - "mediastore:listContainers", - "mediatailor:getPlaybackConfiguration", - "mediatailor:listPlaybackConfigurations", - "medical-imaging:getDatastore", - "medical-imaging:listDatastores", - "mgn:describeJobLogItems", - "mgn:describeJobs", - "mgn:describeLaunchConfigurationTemplates", - "mgn:describeReplicationConfigurationTemplates", - "mgn:describeSourceServers", - "mgn:describeVcenterClients", - "mgn:getLaunchConfiguration", - "mgn:getReplicationConfiguration", - "mgn:listApplications", - "mgn:listSourceServerActions", - "mgn:listTemplateActions", - "mgn:listWaves", - "mobiletargeting:getAdmChannel", - "mobiletargeting:getApnsChannel", - "mobiletargeting:getApnsSandboxChannel", - "mobiletargeting:getApnsVoipChannel", - "mobiletargeting:getApnsVoipSandboxChannel", - "mobiletargeting:getApp", - "mobiletargeting:getApplicationSettings", - "mobiletargeting:getApps", - "mobiletargeting:getBaiduChannel", - "mobiletargeting:getCampaign", - "mobiletargeting:getCampaignActivities", - "mobiletargeting:getCampaigns", - "mobiletargeting:getCampaignVersion", - "mobiletargeting:getCampaignVersions", - "mobiletargeting:getEmailChannel", - "mobiletargeting:getEndpoint", - "mobiletargeting:getEventStream", - "mobiletargeting:getExportJob", - "mobiletargeting:getExportJobs", - "mobiletargeting:getGcmChannel", - "mobiletargeting:getImportJob", - "mobiletargeting:getImportJobs", - "mobiletargeting:getJourney", - "mobiletargeting:getJourneyExecutionActivityMetrics", - "mobiletargeting:getJourneyExecutionMetrics", - "mobiletargeting:getJourneyRunExecutionActivityMetrics", - "mobiletargeting:getJourneyRunExecutionMetrics", - "mobiletargeting:getJourneyRuns", - "mobiletargeting:getSegment", - "mobiletargeting:getSegmentImportJobs", - "mobiletargeting:getSegments", - "mobiletargeting:getSegmentVersion", - "mobiletargeting:getSegmentVersions", - "mobiletargeting:getSmsChannel", - "mobiletargeting:listJourneys", - "mobiletargeting:phoneNumberValidate", - "mq:describeBroker", - "mq:describeConfiguration", - "mq:describeConfigurationRevision", - "mq:describeUser", - "mq:listBrokers", - "mq:listConfigurationRevisions", - "mq:listConfigurations", - "mq:listUsers", - "network-firewall:describeFirewall", - "network-firewall:describeFirewallPolicy", - "network-firewall:describeFlowOperation", - "network-firewall:describeLoggingConfiguration", - "network-firewall:describeResourcePolicy", - "network-firewall:describeRuleGroup", - "network-firewall:describeRuleGroupMetadata", - "network-firewall:describeTlsInspectionConfiguration", - "network-firewall:listAnalysisReports", - "network-firewall:listFirewallPolicies", - "network-firewall:listFirewalls", - "network-firewall:listFlowOperationResults", - "network-firewall:listFlowOperations", - "network-firewall:listRuleGroups", - "network-firewall:listTlsInspectionConfigurations", - "networkflowmonitor:getMonitor", - "networkflowmonitor:getScope", - "networkflowmonitor:listMonitors", - "networkflowmonitor:listScopes", - "networkmanager:describeGlobalNetworks", - "networkmanager:getConnectAttachment", - "networkmanager:getConnections", - "networkmanager:getConnectPeer", - "networkmanager:getConnectPeerAssociations", - "networkmanager:getCoreNetwork", - "networkmanager:getCoreNetworkChangeEvents", - "networkmanager:getCoreNetworkChangeSet", - "networkmanager:getCoreNetworkPolicy", - "networkmanager:getCustomerGatewayAssociations", - "networkmanager:getDevices", - "networkmanager:getDirectConnectGatewayAttachment", - "networkmanager:getLinkAssociations", - "networkmanager:getLinks", - "networkmanager:getNetworkResourceCounts", - "networkmanager:getNetworkResourceRelationships", - "networkmanager:getNetworkResources", - "networkmanager:getNetworkRoutes", - "networkmanager:getNetworkTelemetry", - "networkmanager:getResourcePolicy", - "networkmanager:getRouteAnalysis", - "networkmanager:getSites", - "networkmanager:getSiteToSiteVpnAttachment", - "networkmanager:getTransitGatewayConnectPeerAssociations", - "networkmanager:getTransitGatewayPeering", - "networkmanager:getTransitGatewayRegistrations", - "networkmanager:getTransitGatewayRouteTableAttachment", - "networkmanager:getVpcAttachment", - "networkmanager:listAttachments", - "networkmanager:listConnectPeers", - "networkmanager:listCoreNetworkPolicyVersions", - "networkmanager:listCoreNetworks", - "networkmanager:listOrganizationServiceAccessStatus", - "networkmanager:listPeerings", - "networkmanager:listTagsForResource", - "networkmonitor:getMonitor", - "networkmonitor:getProbe", - "networkmonitor:listMonitors", - "notifications-contacts:getEmailContact", - "notifications-contacts:listEmailContacts", - "notifications:getEventRule", - "notifications:getNotificationConfiguration", - "notifications:getNotificationEvent", - "notifications:listChannels", - "notifications:listEventRules", - "notifications:listNotificationConfigurations", - "notifications:listNotificationEvents", - "notifications:listNotificationHubs" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Sid": "AWSSupportActionsGroup3", - "Action": [ - "oam:getLink", - "oam:getSink", - "oam:getSinkPolicy", - "oam:listAttachedLinks", - "oam:listLinks", - "oam:listSinks", - "observabilityadmin:getTelemetryEvaluationStatus", - "observabilityadmin:getTelemetryEvaluationStatusForOrganization", - "observabilityadmin:listResourceTelemetry", - "observabilityadmin:listResourceTelemetryForOrganization", - "odb:getOciOnboardingStatus", - "odb:getOdbNetwork", - "odb:getOdbPeeringConnection", - "odb:listOdbNetworks", - "odb:listOdbPeeringConnections", - "omics:getAnnotationImportJob", - "omics:getAnnotationStore", - "omics:getReadSetImportJob", - "omics:getReadSetMetadata", - "omics:getReference", - "omics:getReferenceImportJob", - "omics:getReferenceMetadata", - "omics:getReferenceStore", - "omics:getRun", - "omics:getRunGroup", - "omics:getSequenceStore", - "omics:getVariantImportJob", - "omics:getVariantStore", - "omics:getWorkflow", - "omics:listAnnotationImportJobs", - "omics:listAnnotationStores", - "omics:listMultipartReadSetUploads", - "omics:listReadSetImportJobs", - "omics:listReadSets", - "omics:listReadSetUploadParts", - "omics:listReferenceImportJobs", - "omics:listReferences", - "omics:listReferenceStores", - "omics:listRunGroups", - "omics:listRuns", - "omics:listRunTasks", - "omics:listSequenceStores", - "omics:listVariantImportJobs", - "omics:listVariantStores", - "omics:listWorkflows", - "opsworks-cm:describeAccountAttributes", - "opsworks-cm:describeBackups", - "opsworks-cm:describeEvents", - "opsworks-cm:describeNodeAssociationStatus", - "opsworks-cm:describeServers", - "opsworks:describeAgentVersions", - "opsworks:describeApps", - "opsworks:describeCommands", - "opsworks:describeDeployments", - "opsworks:describeEcsClusters", - "opsworks:describeElasticIps", - "opsworks:describeElasticLoadBalancers", - "opsworks:describeInstances", - "opsworks:describeLayers", - "opsworks:describeLoadBasedAutoScaling", - "opsworks:describeMyUserProfile", - "opsworks:describePermissions", - "opsworks:describeRaidArrays", - "opsworks:describeRdsDbInstances", - "opsworks:describeServiceErrors", - "opsworks:describeStackProvisioningParameters", - "opsworks:describeStacks", - "opsworks:describeStackSummary", - "opsworks:describeTimeBasedAutoScaling", - "opsworks:describeUserProfiles", - "opsworks:describeVolumes", - "opsworks:getHostnameSuggestion", - "organizations:describeAccount", - "organizations:describeCreateAccountStatus", - "organizations:describeEffectivePolicy", - "organizations:describeHandshake", - "organizations:describeOrganization", - "organizations:describePolicy", - "organizations:describeResourcePolicy", - "organizations:listAccounts", - "organizations:listAWSServiceAccessForOrganization", - "organizations:listCreateAccountStatus", - "organizations:listDelegatedAdministrators", - "organizations:listDelegatedServicesForAccount", - "organizations:listHandshakesForAccount", - "organizations:listHandshakesForOrganization", - "organizations:listPoliciesForTarget", - "organizations:listTagsForResource", - "organizations:listTargetsForPolicy", - "osis:getPipeline", - "osis:getPipelineBlueprint", - "osis:getPipelineChangeProgress", - "osis:listPipelineBlueprints", - "osis:listPipelines", - "osis:validatePipeline", - "outposts:getCapacityTask", - "outposts:getCatalogItem", - "outposts:getConnection", - "outposts:getOrder", - "outposts:getOutpost", - "outposts:getOutpostInstanceTypes", - "outposts:getOutpostSupportedInstanceTypes", - "outposts:getSite", - "outposts:listAssets", - "outposts:listAssetInstances", - "outposts:listBlockingInstancesForCapacityTask", - "outposts:listCapacityTasks", - "outposts:listCatalogItems", - "outposts:listOrders", - "outposts:listOutposts", - "outposts:listSites", - "pcs:getCluster", - "pcs:getComputeNodeGroup", - "pcs:getQueue", - "pcs:listClusters", - "pcs:listComputeNodeGroups", - "pcs:listQueues", - "personalize:describeAlgorithm", - "personalize:describeBatchInferenceJob", - "personalize:describeBatchSegmentJob", - "personalize:describeCampaign", - "personalize:describeDataset", - "personalize:describeDatasetExportJob", - "personalize:describeDatasetGroup", - "personalize:describeDatasetImportJob", - "personalize:describeEventTracker", - "personalize:describeFeatureTransformation", - "personalize:describeFilter", - "personalize:describeRecipe", - "personalize:describeRecommender", - "personalize:describeSchema", - "personalize:describeSolution", - "personalize:describeSolutionVersion", - "personalize:getPersonalizedRanking", - "personalize:getRecommendations", - "personalize:getSolutionMetrics", - "personalize:listBatchInferenceJobs", - "personalize:listBatchSegmentJobs", - "personalize:listCampaigns", - "personalize:listDatasetExportJobs", - "personalize:listDatasetGroups", - "personalize:listDatasetImportJobs", - "personalize:listDatasets", - "personalize:listEventTrackers", - "personalize:listRecipes", - "personalize:listRecommenders", - "personalize:listSchemas", - "personalize:listSolutions", - "personalize:listSolutionVersions", - "pipes:describePipe", - "pipes:listPipes", - "pipes:listTagsForResource", - "polly:describeVoices", - "polly:getLexicon", - "polly:listLexicons", - "pricing:describeServices", - "pricing:getAttributeValues", - "pricing:getProducts", - "private-networks:getDeviceIdentifier", - "private-networks:getNetwork", - "private-networks:getNetworkResource", - "private-networks:listDeviceIdentifiers", - "private-networks:listNetworkResources", - "private-networks:listNetworks", - "qbusiness:getApplication", - "qbusiness:getDataSource", - "qbusiness:getIndex", - "qbusiness:getRetriever", - "qbusiness:getWebExperience", - "qbusiness:listApplications", - "qbusiness:listDataSources", - "qbusiness:listDataSourceSyncJobs", - "qbusiness:listIndices", - "qbusiness:listRetrievers", - "qbusiness:listWebExperiences", - "quicksight:describeAccountCustomization", - "quicksight:describeAccountSettings", - "quicksight:describeAccountSubscription", - "quicksight:describeAnalysis", - "quicksight:describeAnalysisPermissions", - "quicksight:describeDashboard", - "quicksight:describeDashboardPermissions", - "quicksight:describeDataSet", - "quicksight:describeDataSetPermissions", - "quicksight:describeDataSetRefreshProperties", - "quicksight:describeDataSource", - "quicksight:describeDataSourcePermissions", - "quicksight:describeFolder", - "quicksight:describeFolderPermissions", - "quicksight:describeFolderResolvedPermissions", - "quicksight:describeGroup", - "quicksight:describeGroupMembership", - "quicksight:describeIAMPolicyAssignment", - "quicksight:describeIngestion", - "quicksight:describeIpRestriction", - "quicksight:describeNamespace", - "quicksight:describeRefreshSchedule", - "quicksight:describeTemplate", - "quicksight:describeTemplateAlias", - "quicksight:describeTemplatePermissions", - "quicksight:describeTheme", - "quicksight:describeThemeAlias", - "quicksight:describeThemePermissions", - "quicksight:describeTopic", - "quicksight:describeTopicPermissions", - "quicksight:describeTopicRefresh", - "quicksight:describeTopicRefreshSchedule", - "quicksight:describeUser", - "quicksight:describeVPCConnection", - "quicksight:listAnalyses", - "quicksight:listDashboards", - "quicksight:listDashboardVersions", - "quicksight:listDataSets", - "quicksight:listDataSources", - "quicksight:listFolderMembers", - "quicksight:listFolders", - "quicksight:listGroupMemberships", - "quicksight:listGroups", - "quicksight:listIAMPolicyAssignments", - "quicksight:listIAMPolicyAssignmentsForUser", - "quicksight:listIngestions", - "quicksight:listNamespaces", - "quicksight:listRefreshSchedules", - "quicksight:listTemplateAliases", - "quicksight:listTemplates", - "quicksight:listTemplateVersions", - "quicksight:listThemeAliases", - "quicksight:listThemes", - "quicksight:listThemeVersions", - "quicksight:listTopicRefreshSchedules", - "quicksight:listTopics", - "quicksight:listUserGroups", - "quicksight:listUsers", - "quicksight:listVPCConnections", - "quicksight:searchAnalyses", - "quicksight:searchDashboards", - "quicksight:searchDataSets", - "quicksight:searchDataSources", - "quicksight:searchFolders", - "quicksight:searchGroups", - "ram:getPermission", - "ram:getResourceShareAssociations", - "ram:getResourceShareInvitations", - "ram:getResourceShares", - "ram:listPendingInvitationResources", - "ram:listPrincipals", - "ram:listResources", - "ram:listResourceSharePermissions", - "rbin:getRule", - "rbin:listRules", - "rds:describeAccountAttributes", - "rds:describeBlueGreenDeployments", - "rds:describeCertificates", - "rds:describeDBClusterEndpoints", - "rds:describeDBClusterParameterGroups", - "rds:describeDBClusterParameters", - "rds:describeDBClusters", - "rds:describeDBClusterSnapshots", - "rds:describeDBEngineVersions", - "rds:describeDBInstanceAutomatedBackups", - "rds:describeDBInstances", - "rds:describeDBLogFiles", - "rds:describeDBParameterGroups", - "rds:describeDBParameters", - "rds:describeDBSecurityGroups", - "rds:describeDBSnapshotAttributes", - "rds:describeDBSnapshots", - "rds:describeDBSubnetGroups", - "rds:describeEngineDefaultClusterParameters", - "rds:describeEngineDefaultParameters", - "rds:describeEventCategories", - "rds:describeEvents", - "rds:describeEventSubscriptions", - "rds:describeExportTasks", - "rds:describeGlobalClusters", - "rds:describeIntegrations", - "rds:describeOptionGroupOptions", - "rds:describeOptionGroups", - "rds:describeOrderableDBInstanceOptions", - "rds:describePendingMaintenanceActions", - "rds:describeReservedDBInstances", - "rds:describeReservedDBInstancesOfferings", - "rds:describeSourceRegions", - "rds:describeValidDBInstanceModifications", - "rds:listTagsForResource", - "redshift-data:describeStatement", - "redshift-data:listStatements", - "redshift-serverless:getCustomDomainAssociation", - "redshift-serverless:getEndpointAccess", - "redshift-serverless:getNamespace", - "redshift-serverless:getRecoveryPoint", - "redshift-serverless:getScheduledAction", - "redshift-serverless:getSnapshot", - "redshift-serverless:getTableRestoreStatus", - "redshift-serverless:getUsageLimit", - "redshift-serverless:getWorkgroup", - "redshift-serverless:listCustomDomainAssociations", - "redshift-serverless:listEndpointAccess", - "redshift-serverless:listNamespaces", - "redshift-serverless:listRecoveryPoints", - "redshift-serverless:listSnapshotCopyConfigurations", - "redshift-serverless:listSnapshots", - "redshift-serverless:listTableRestoreStatus", - "redshift-serverless:listUsageLimits", - "redshift-serverless:listWorkgroups", - "redshift:describeClusterDbRevisions", - "redshift:describeClusterParameterGroups", - "redshift:describeClusterParameters", - "redshift:describeClusters", - "redshift:describeClusterSecurityGroups", - "redshift:describeClusterSnapshots", - "redshift:describeClusterSubnetGroups", - "redshift:describeClusterTracks", - "redshift:describeClusterVersions", - "redshift:describeCustomDomainAssociations", - "redshift:describeDataShares", - "redshift:describeDataSharesForConsumer", - "redshift:describeDataSharesForProducer", - "redshift:describeDefaultClusterParameters", - "redshift:describeEndpointAccess", - "redshift:describeEndpointAuthorization", - "redshift:describeEventCategories", - "redshift:describeEvents", - "redshift:describeEventSubscriptions", - "redshift:describeHsmClientCertificates", - "redshift:describeHsmConfigurations", - "redshift:describeInboundIntegrations", - "redshift:describeLoggingStatus", - "redshift:describeNodeConfigurationOptions", - "redshift:describeOrderableClusterOptions", - "redshift:describeRedshiftIdcApplications", - "redshift:describeReservedNodeOfferings", - "redshift:describeReservedNodes", - "redshift:describeResize", - "redshift:describeSnapshotCopyGrants", - "redshift:describeSnapshotSchedules", - "redshift:describeStorage", - "redshift:describeTableRestoreStatus", - "redshift:describeTags", - "redshift:describeUsageLimits", - "rekognition:listCollections", - "rekognition:listFaces", - "resiliencehub:describeApp", - "resiliencehub:describeAppAssessment", - "resiliencehub:describeAppVersion", - "resiliencehub:describeAppVersionAppComponent", - "resiliencehub:describeAppVersionResource", - "resiliencehub:describeAppVersionResourcesResolutionStatus", - "resiliencehub:describeAppVersionTemplate", - "resiliencehub:describeDraftAppVersionResourcesImportStatus", - "resiliencehub:describeResiliencyPolicy", - "resiliencehub:describeResourceGroupingRecommendationTask", - "resiliencehub:listAlarmRecommendations", - "resiliencehub:listAppAssessmentComplianceDrifts", - "resiliencehub:listAppAssessmentResourceDrifts", - "resiliencehub:listAppAssessments", - "resiliencehub:listAppComponentCompliances", - "resiliencehub:listAppComponentRecommendations", - "resiliencehub:listAppInputSources", - "resiliencehub:listApps", - "resiliencehub:listAppVersionAppComponents", - "resiliencehub:listAppVersionResourceMappings", - "resiliencehub:listAppVersionResources", - "resiliencehub:listAppVersions", - "resiliencehub:listRecommendationTemplates", - "resiliencehub:listResiliencyPolicies", - "resiliencehub:listResourceGroupingRecommendations", - "resiliencehub:listSopRecommendations", - "resiliencehub:listSuggestedResiliencyPolicies", - "resiliencehub:listTestRecommendations", - "resiliencehub:listUnsupportedAppVersionResources", - "resource-explorer-2:getAccountLevelServiceConfiguration", - "resource-explorer-2:getIndex", - "resource-explorer-2:getView", - "resource-explorer-2:listIndexes", - "resource-explorer-2:listViews", - "resource-explorer-2:search", - "resource-groups:getGroup", - "resource-groups:getGroupQuery", - "resource-groups:getTags", - "resource-groups:listGroupResources", - "resource-groups:listGroups", - "resource-groups:searchResources", - "robomaker:batchDescribeSimulationJob", - "robomaker:describeDeploymentJob", - "robomaker:describeFleet", - "robomaker:describeRobot", - "robomaker:describeRobotApplication", - "robomaker:describeSimulationApplication", - "robomaker:describeSimulationJob", - "robomaker:listDeploymentJobs", - "robomaker:listFleets", - "robomaker:listRobotApplications", - "robomaker:listRobots", - "robomaker:listSimulationApplications", - "robomaker:listSimulationJobs", - "rolesanywhere:getProfile", - "rolesanywhere:getTrustAnchor", - "rolesanywhere:listProfiles", - "rolesanywhere:listTrustAnchors", - "route53-recovery-cluster:getRoutingControlState", - "route53-recovery-cluster:listRoutingControls", - "route53-recovery-control-config:describeControlPanel", - "route53-recovery-control-config:describeRoutingControl", - "route53-recovery-control-config:describeSafetyRule", - "route53-recovery-control-config:listControlPanels", - "route53-recovery-control-config:listRoutingControls", - "route53-recovery-control-config:listSafetyRules", - "route53-recovery-readiness:getCell", - "route53-recovery-readiness:getCellReadinessSummary", - "route53-recovery-readiness:getReadinessCheck", - "route53-recovery-readiness:getReadinessCheckResourceStatus", - "route53-recovery-readiness:getReadinessCheckStatus", - "route53-recovery-readiness:getRecoveryGroup", - "route53-recovery-readiness:getRecoveryGroupReadinessSummary", - "route53-recovery-readiness:listCells", - "route53-recovery-readiness:listReadinessChecks", - "route53-recovery-readiness:listRecoveryGroups", - "route53-recovery-readiness:listResourceSets", - "route53:getAccountLimit", - "route53:getChange", - "route53:getCheckerIpRanges", - "route53:getDNSSEC", - "route53:getGeoLocation", - "route53:getHealthCheck", - "route53:getHealthCheckCount", - "route53:getHealthCheckLastFailureReason", - "route53:getHealthCheckStatus", - "route53:getHostedZone", - "route53:getHostedZoneCount", - "route53:getHostedZoneLimit", - "route53:getQueryLoggingConfig", - "route53:getReusableDelegationSet", - "route53:getTrafficPolicy", - "route53:getTrafficPolicyInstance", - "route53:getTrafficPolicyInstanceCount", - "route53:listCidrBlocks", - "route53:listCidrCollections", - "route53:listCidrLocations", - "route53:listGeoLocations", - "route53:listHealthChecks", - "route53:listHostedZones", - "route53:listHostedZonesByName", - "route53:listHostedZonesByVpc", - "route53:listQueryLoggingConfigs", - "route53:listResourceRecordSets", - "route53:listReusableDelegationSets", - "route53:listTrafficPolicies", - "route53:listTrafficPolicyInstances", - "route53:listTrafficPolicyInstancesByHostedZone", - "route53:listTrafficPolicyInstancesByPolicy", - "route53:listTrafficPolicyVersions", - "route53:listVPCAssociationAuthorizations", - "route53domains:checkDomainAvailability", - "route53domains:getContactReachabilityStatus", - "route53domains:getDomainDetail", - "route53domains:getOperationDetail", - "route53domains:listDomains", - "route53domains:listOperations", - "route53domains:listPrices", - "route53domains:listTagsForDomain", - "route53domains:viewBilling", - "route53profiles:getProfile", - "route53profiles:getProfileAssociation", - "route53profiles:getProfileResourceAssociation", - "route53profiles:listProfileAssociations", - "route53profiles:listProfileResourceAssociations", - "route53profiles:listProfiles", - "route53profiles:listTagsForResource", - "route53resolver:getFirewallConfig", - "route53resolver:getFirewallDomainList", - "route53resolver:getFirewallRuleGroup", - "route53resolver:getFirewallRuleGroupAssociation", - "route53resolver:getFirewallRuleGroupPolicy", - "route53resolver:getOutpostResolver", - "route53resolver:getResolverDnssecConfig", - "route53resolver:getResolverQueryLogConfig", - "route53resolver:getResolverQueryLogConfigAssociation", - "route53resolver:getResolverQueryLogConfigPolicy", - "route53resolver:getResolverRule", - "route53resolver:getResolverRuleAssociation", - "route53resolver:getResolverRulePolicy", - "route53resolver:listFirewallConfigs", - "route53resolver:listFirewallDomainLists", - "route53resolver:listFirewallDomains", - "route53resolver:listFirewallRuleGroupAssociations", - "route53resolver:listFirewallRuleGroups", - "route53resolver:listFirewallRules", - "route53resolver:listOutpostResolvers", - "route53resolver:listResolverConfigs", - "route53resolver:listResolverDnssecConfigs", - "route53resolver:listResolverEndpointIpAddresses", - "route53resolver:listResolverEndpoints", - "route53resolver:listResolverQueryLogConfigAssociations", - "route53resolver:listResolverQueryLogConfigs", - "route53resolver:listResolverRuleAssociations", - "route53resolver:listResolverRules", - "route53resolver:listTagsForResource", - "rum:batchGetRumMetricDefinitions", - "rum:getAppMonitor", - "rum:listAppMonitors", - "rum:listRumMetricsDestinations", - "s3-outposts:listEndpoints", - "s3-outposts:listOutpostsWithS3", - "s3-outposts:listRegionalBuckets", - "s3-outposts:listSharedEndpoints", - "s3:describeJob", - "s3:describeMultiRegionAccessPointOperation", - "s3:getAccelerateConfiguration", - "s3:getAccessGrant", - "s3:getAccessGrantsInstance", - "s3:getAccessGrantsInstanceResourcePolicy", - "s3:getAccessGrantsLocation", - "s3:getAccessPoint", - "s3:getAccessPointConfigurationForObjectLambda", - "s3:getAccessPointForObjectLambda", - "s3:getAccessPointPolicy", - "s3:getAccessPointPolicyForObjectLambda", - "s3:getAccessPointPolicyStatus", - "s3:getAccessPointPolicyStatusForObjectLambda", - "s3:getAccountPublicAccessBlock", - "s3:getAnalyticsConfiguration", - "s3:getBucketAcl", - "s3:getBucketCORS", - "s3:getBucketLocation", - "s3:getBucketLogging", - "s3:getBucketNotification", - "s3:getBucketObjectLockConfiguration", - "s3:getBucketOwnershipControls", - "s3:getBucketPolicy", - "s3:getBucketPolicyStatus", - "s3:getBucketPublicAccessBlock", - "s3:getBucketRequestPayment", - "s3:getBucketVersioning", - "s3:getBucketWebsite", - "s3:getEncryptionConfiguration", - "s3:getIntelligentTieringConfiguration", - "s3:getInventoryConfiguration", - "s3:getLifecycleConfiguration", - "s3:getMetricsConfiguration", - "s3:getMultiRegionAccessPoint", - "s3:getMultiRegionAccessPointPolicy", - "s3:getMultiRegionAccessPointPolicyStatus", - "s3:getMultiRegionAccessPointRoutes", - "s3:getObjectAcl", - "s3:getObjectLegalHold", - "s3:getObjectRetention", - "s3:getReplicationConfiguration", - "s3:getStorageLensConfiguration", - "s3:listAccessGrants", - "s3:listAccessGrantsInstances", - "s3:listAccessGrantsLocations", - "s3:listAccessPoints", - "s3:listAccessPointsForObjectLambda", - "s3:listAllMyBuckets", - "s3:listBucket", - "s3:listBucketMultipartUploads", - "s3:listBucketVersions", - "s3:listJobs", - "s3:listMultipartUploadParts", - "s3:listMultiRegionAccessPoints", - "s3:listStorageLensConfigurations", - "s3express:getBucketPolicy", - "s3express:listAllMyDirectoryBuckets", - "s3tables:getNamespace", - "s3tables:getTable", - "s3tables:getTableBucket", - "s3tables:getTableBucketMaintenanceConfiguration", - "s3tables:getTableBucketPolicy", - "s3tables:getTableMaintenanceJobStatus", - "s3tables:getTableMetadataLocation", - "s3tables:getTablePolicy", - "s3tables:listNamespaces", - "s3tables:listTableBuckets", - "s3tables:listTables", - "sagemaker:describeAction", - "sagemaker:describeAlgorithm", - "sagemaker:describeApp", - "sagemaker:describeAppImageConfig", - "sagemaker:describeArtifact", - "sagemaker:describeAutoMLJob", - "sagemaker:describeCluster", - "sagemaker:describeClusterNode", - "sagemaker:describeCodeRepository", - "sagemaker:describeCompilationJob", - "sagemaker:describeContext", - "sagemaker:describeDataQualityJobDefinition", - "sagemaker:describeDevice", - "sagemaker:describeDeviceFleet", - "sagemaker:describeDomain", - "sagemaker:describeEdgeDeploymentPlan", - "sagemaker:describeEdgePackagingJob", - "sagemaker:describeEndpoint", - "sagemaker:describeEndpointConfig", - "sagemaker:describeExperiment", - "sagemaker:describeFeatureGroup", - "sagemaker:describeFeatureMetadata", - "sagemaker:describeFlowDefinition", - "sagemaker:describeHub", - "sagemaker:describeHubContent", - "sagemaker:describeHumanTaskUi", - "sagemaker:describeHyperParameterTuningJob", - "sagemaker:describeImage", - "sagemaker:describeImageVersion", - "sagemaker:describeInferenceComponent", - "sagemaker:describeInferenceExperiment", - "sagemaker:describeInferenceRecommendationsJob", - "sagemaker:describeLabelingJob", - "sagemaker:describeMlflowTrackingServer", - "sagemaker:describeModel", - "sagemaker:describeModelBiasJobDefinition", - "sagemaker:describeModelCard", - "sagemaker:describeModelCardExportJob", - "sagemaker:describeModelExplainabilityJobDefinition", - "sagemaker:describeModelPackage", - "sagemaker:describeModelPackageGroup", - "sagemaker:describeModelQualityJobDefinition", - "sagemaker:describeMonitoringSchedule", - "sagemaker:describeNotebookInstance", - "sagemaker:describeNotebookInstanceLifecycleConfig", - "sagemaker:describePipeline", - "sagemaker:describePipelineDefinitionForExecution", - "sagemaker:describePipelineExecution", - "sagemaker:describeProcessingJob", - "sagemaker:describeProject", - "sagemaker:describeSpace", - "sagemaker:describeStudioLifecycleConfig", - "sagemaker:describeSubscribedWorkteam", - "sagemaker:describeTrainingJob", - "sagemaker:describeTransformJob", - "sagemaker:describeTrial", - "sagemaker:describeTrialComponent", - "sagemaker:describeUserProfile", - "sagemaker:describeWorkforce", - "sagemaker:describeWorkteam", - "sagemaker:getDeviceFleetReport", - "sagemaker:getModelPackageGroupPolicy", - "sagemaker:getSagemakerServicecatalogPortfolioStatus", - "sagemaker:listActions", - "sagemaker:listAlgorithms", - "sagemaker:listAliases", - "sagemaker:listAppImageConfigs", - "sagemaker:listApps", - "sagemaker:listArtifacts", - "sagemaker:listAssociations", - "sagemaker:listAutoMLJobs", - "sagemaker:listCandidatesForAutoMLJob", - "sagemaker:listClusterNodes", - "sagemaker:listClusters", - "sagemaker:listCodeRepositories", - "sagemaker:listCompilationJobs", - "sagemaker:listContexts", - "sagemaker:listDataQualityJobDefinitions", - "sagemaker:listDeviceFleets", - "sagemaker:listDevices", - "sagemaker:listDomains", - "sagemaker:listEdgeDeploymentPlans", - "sagemaker:listEdgePackagingJobs", - "sagemaker:listEndpointConfigs", - "sagemaker:listEndpoints", - "sagemaker:listExperiments", - "sagemaker:listFeatureGroups", - "sagemaker:listFlowDefinitions", - "sagemaker:listHubContents", - "sagemaker:listHubContentVersions", - "sagemaker:listHubs", - "sagemaker:listHumanTaskUis", - "sagemaker:listHyperParameterTuningJobs", - "sagemaker:listImages", - "sagemaker:listImageVersions", - "sagemaker:listInferenceComponents", - "sagemaker:listInferenceExperiments", - "sagemaker:listInferenceRecommendationsJobs", - "sagemaker:listInferenceRecommendationsJobSteps", - "sagemaker:listLabelingJobs", - "sagemaker:listLabelingJobsForWorkteam", - "sagemaker:listLineageGroups", - "sagemaker:listMlflowTrackingServers", - "sagemaker:listModelBiasJobDefinitions", - "sagemaker:listModelCardExportJobs", - "sagemaker:listModelCards", - "sagemaker:listModelCardVersions", - "sagemaker:listModelExplainabilityJobDefinitions", - "sagemaker:listModelMetadata", - "sagemaker:listModelPackageGroups", - "sagemaker:listModelPackages", - "sagemaker:listModelQualityJobDefinitions", - "sagemaker:listModels", - "sagemaker:listMonitoringAlertHistory", - "sagemaker:listMonitoringAlerts", - "sagemaker:listMonitoringExecutions", - "sagemaker:listMonitoringSchedules", - "sagemaker:listNotebookInstanceLifecycleConfigs", - "sagemaker:listNotebookInstances", - "sagemaker:listPipelineExecutions", - "sagemaker:listPipelineExecutionSteps", - "sagemaker:listPipelineParametersForExecution", - "sagemaker:listPipelines", - "sagemaker:listProcessingJobs", - "sagemaker:listProjects", - "sagemaker:listSpaces", - "sagemaker:listStageDevices", - "sagemaker:listStudioLifecycleConfigs", - "sagemaker:listSubscribedWorkteams", - "sagemaker:listTags", - "sagemaker:listTrainingJobs", - "sagemaker:listTrainingJobsForHyperParameterTuningJob", - "sagemaker:listTransformJobs", - "sagemaker:listTrialComponents", - "sagemaker:listTrials", - "sagemaker:listUserProfiles", - "sagemaker:listWorkforces", - "sagemaker:listWorkteams", - "savingsplans:describeSavingsPlans", - "scheduler:getSchedule", - "scheduler:getScheduleGroup", - "scheduler:listScheduleGroups", - "scheduler:listSchedules", - "schemas:describeCodeBinding", - "schemas:describeDiscoverer", - "schemas:describeRegistry", - "schemas:describeSchema", - "schemas:getCodeBindingSource", - "schemas:getDiscoveredSchema", - "schemas:getResourcePolicy", - "schemas:listDiscoverers", - "schemas:listRegistries", - "schemas:listSchemas", - "schemas:listSchemaVersions", - "sdb:domainMetadata", - "sdb:listDomains", - "secretsmanager:describeSecret", - "secretsmanager:getResourcePolicy", - "secretsmanager:listSecrets", - "secretsmanager:listSecretVersionIds", - "securityhub:batchGetConfigurationPolicyAssociations", - "securityhub:describeOrganizationConfiguration", - "securityhub:getConfigurationPolicy", - "securityhub:getConfigurationPolicyAssociation", - "securityhub:getEnabledStandards", - "securityhub:getFindingAggregator", - "securityhub:getFindings", - "securityhub:getInsightResults", - "securityhub:getInsights", - "securityhub:getMasterAccount", - "securityhub:getMembers", - "securityhub:listConfigurationPolicies", - "securityhub:listConfigurationPolicyAssociations", - "securityhub:listEnabledProductsForImport", - "securityhub:listFindingAggregators", - "securityhub:listInvitations", - "securityhub:listMembers", - "securitylake:getDataLakeExceptionSubscription", - "securitylake:getDataLakeOrganizationConfiguration", - "securitylake:getDataLakeSources", - "securitylake:getSubscriber", - "securitylake:listDataLakeExceptions", - "securitylake:listDataLakes", - "securitylake:listLogSources", - "securitylake:listSubscribers", - "serverlessrepo:getApplication", - "serverlessrepo:getApplicationPolicy", - "serverlessrepo:getCloudFormationTemplate", - "serverlessrepo:listApplicationDependencies", - "serverlessrepo:listApplications", - "serverlessrepo:listApplicationVersions", - "servicecatalog:describeConstraint", - "servicecatalog:describePortfolio", - "servicecatalog:describeProduct", - "servicecatalog:describeProductAsAdmin", - "servicecatalog:describeProductView", - "servicecatalog:describeProvisioningArtifact", - "servicecatalog:describeProvisioningParameters", - "servicecatalog:describeRecord", - "servicecatalog:listAcceptedPortfolioShares", - "servicecatalog:listConstraintsForPortfolio", - "servicecatalog:listLaunchPaths", - "servicecatalog:listPortfolioAccess", - "servicecatalog:listPortfolios", - "servicecatalog:listPortfoliosForProduct", - "servicecatalog:listPrincipalsForPortfolio", - "servicecatalog:listProvisioningArtifacts", - "servicecatalog:listRecordHistory", - "servicecatalog:scanProvisionedProducts", - "servicecatalog:searchProducts", - "servicequotas:getAssociationForServiceQuotaTemplate", - "servicequotas:getAWSDefaultServiceQuota", - "servicequotas:getRequestedServiceQuotaChange", - "servicequotas:getServiceQuota", - "servicequotas:getServiceQuotaIncreaseRequestFromTemplate", - "servicequotas:listAWSDefaultServiceQuotas", - "servicequotas:listRequestedServiceQuotaChangeHistory", - "servicequotas:listRequestedServiceQuotaChangeHistoryByQuota", - "servicequotas:listServiceQuotaIncreaseRequestsInTemplate", - "servicequotas:listServiceQuotas", - "servicequotas:listServices", - "ses:describeActiveReceiptRuleSet", - "ses:describeConfigurationSet", - "ses:describeReceiptRule", - "ses:describeReceiptRuleSet", - "ses:getAccount", - "ses:getAccountSendingEnabled", - "ses:getAddonInstance", - "ses:getAddonSubscription", - "ses:getArchive", - "ses:getArchiveExport", - "ses:getArchiveSearch", - "ses:getBlacklistReports", - "ses:getConfigurationSet", - "ses:getConfigurationSetEventDestinations", - "ses:getContactList", - "ses:getDedicatedIp", - "ses:getDedicatedIpPool", - "ses:getDedicatedIps", - "ses:getDeliverabilityDashboardOptions", - "ses:getDeliverabilityTestReport", - "ses:getDomainDeliverabilityCampaign", - "ses:getDomainStatisticsReport", - "ses:getEmailIdentity", - "ses:getIdentityDkimAttributes", - "ses:getIdentityMailFromDomainAttributes", - "ses:getIdentityNotificationAttributes", - "ses:getIdentityPolicies", - "ses:getIdentityVerificationAttributes", - "ses:getImportJob", - "ses:getIngressPoint", - "ses:getRelay", - "ses:getRuleSet", - "ses:getTrafficPolicy", - "ses:getSendQuota", - "ses:getSendStatistics", - "ses:listConfigurationSets", - "ses:listAddonInstances", - "ses:listAddonSubscriptions", - "ses:listArchiveExports", - "ses:listArchives", - "ses:listArchiveSearches", - "ses:listContactLists", - "ses:listContacts", - "ses:listCustomVerificationEmailTemplates", - "ses:listDedicatedIpPools", - "ses:listDeliverabilityTestReports", - "ses:listDomainDeliverabilityCampaigns", - "ses:listEmailIdentities", - "ses:listEmailTemplates", - "ses:listIdentities", - "ses:listIdentityPolicies", - "ses:listImportJobs", - "ses:listIngressPoints", - "ses:listReceiptFilters", - "ses:listReceiptRuleSets", - "ses:listRelays", - "ses:listRuleSets", - "ses:listRecommendations", - "ses:listTagsForResource", - "ses:listTemplates", - "ses:listTrafficPolicies", - "ses:listVerifiedEmailAddresses", - "shield:describeAttack", - "shield:describeProtection", - "shield:describeSubscription", - "shield:listAttacks", - "shield:listProtections", - "sms-voice:getConfigurationSetEventDestinations", - "sms:getConnectors", - "sms:getReplicationJobs", - "sms:getReplicationRuns", - "sms:getServers", - "snowball:describeAddress", - "snowball:describeAddresses", - "snowball:describeJob", - "snowball:getSnowballUsage", - "snowball:listJobs", - "snowball:listServiceVersions", - "sns:checkIfPhoneNumberIsOptedOut", - "sns:getDataProtectionPolicy", - "sns:getEndpointAttributes", - "sns:getPlatformApplicationAttributes", - "sns:getSMSAttributes", - "sns:getSMSSandboxAccountStatus", - "sns:getSubscriptionAttributes", - "sns:getTopicAttributes", - "sns:listEndpointsByPlatformApplication", - "sns:listOriginationNumbers", - "sns:listPhoneNumbersOptedOut", - "sns:listPlatformApplications", - "sns:listSMSSandboxPhoneNumbers", - "sns:listSubscriptions", - "sns:listSubscriptionsByTopic", - "sns:listTopics", - "sqs:getQueueAttributes", - "sqs:getQueueUrl", - "sqs:listDeadLetterSourceQueues", - "sqs:listMessageMoveTasks", - "sqs:listQueues", - "ssm-contacts:describeEngagement", - "ssm-contacts:describePage", - "ssm-contacts:getContact", - "ssm-contacts:getContactChannel", - "ssm-contacts:getContactPolicy", - "ssm-contacts:getRotation", - "ssm-contacts:getRotationOverride", - "ssm-contacts:listContactChannels", - "ssm-contacts:listContacts", - "ssm-contacts:listEngagements", - "ssm-contacts:listPageReceipts", - "ssm-contacts:listPageResolutions", - "ssm-contacts:listPagesByContact", - "ssm-contacts:listPagesByEngagement", - "ssm-contacts:listPreviewRotationShifts", - "ssm-contacts:listRotationOverrides", - "ssm-contacts:listRotations", - "ssm-contacts:listRotationShifts", - "ssm-incidents:batchGetIncidentFindings", - "ssm-incidents:getIncidentRecord", - "ssm-incidents:getReplicationSet", - "ssm-incidents:getResourcePolicies", - "ssm-incidents:getResponsePlan", - "ssm-incidents:getTimelineEvent", - "ssm-incidents:listIncidentFindings", - "ssm-incidents:listIncidentRecords", - "ssm-incidents:listRelatedItems", - "ssm-incidents:listReplicationSets", - "ssm-incidents:listResponsePlans", - "ssm-incidents:listTimelineEvents", - "ssm-quicksetup:getConfiguration", - "ssm-quicksetup:getConfigurationManager", - "ssm-quicksetup:getServiceSettings", - "ssm-quicksetup:listConfigurationManagers", - "ssm-quicksetup:listConfigurations", - "ssm-quicksetup:listQuickSetupTypes", - "ssm-sap:getApplication", - "ssm-sap:getComponent", - "ssm-sap:getDatabase", - "ssm-sap:getOperation", - "ssm-sap:getResourcePermission", - "ssm-sap:listApplications", - "ssm-sap:listComponents", - "ssm-sap:listDatabases", - "ssm-sap:listOperations", - "ssm:describeActivations", - "ssm:describeAssociation", - "ssm:describeAssociationExecutions", - "ssm:describeAssociationExecutionTargets", - "ssm:describeAutomationExecutions", - "ssm:describeAutomationStepExecutions", - "ssm:describeAvailablePatches", - "ssm:describeDocument", - "ssm:describeDocumentPermission", - "ssm:describeEffectiveInstanceAssociations", - "ssm:describeEffectivePatchesForPatchBaseline", - "ssm:describeInstanceAssociationsStatus", - "ssm:describeInstanceInformation", - "ssm:describeInstancePatches", - "ssm:describeInstancePatchStates", - "ssm:describeInstancePatchStatesForPatchGroup", - "ssm:describeInstanceProperties", - "ssm:describeInventoryDeletions", - "ssm:describeMaintenanceWindowExecutions", - "ssm:describeMaintenanceWindowExecutionTaskInvocations", - "ssm:describeMaintenanceWindowExecutionTasks", - "ssm:describeMaintenanceWindows", - "ssm:describeMaintenanceWindowSchedule", - "ssm:describeMaintenanceWindowsForTarget", - "ssm:describeMaintenanceWindowTargets", - "ssm:describeMaintenanceWindowTasks", - "ssm:describeOpsItems", - "ssm:describeParameters", - "ssm:describePatchBaselines", - "ssm:describePatchGroups", - "ssm:describePatchGroupState", - "ssm:describePatchProperties", - "ssm:describeSessions", - "ssm:getAutomationExecution", - "ssm:getCalendarState", - "ssm:getCommandInvocation", - "ssm:getConnectionStatus", - "ssm:getDefaultPatchBaseline", - "ssm:getDeployablePatchSnapshotForInstance", - "ssm:getInventorySchema", - "ssm:getMaintenanceWindow", - "ssm:getMaintenanceWindowExecution", - "ssm:getMaintenanceWindowExecutionTask", - "ssm:getMaintenanceWindowExecutionTaskInvocation", - "ssm:getMaintenanceWindowTask", - "ssm:getOpsItem", - "ssm:getOpsMetadata", - "ssm:getOpsSummary", - "ssm:getPatchBaseline", - "ssm:getPatchBaselineForPatchGroup", - "ssm:getResourcePolicies", - "ssm:getServiceSetting", - "ssm:listAssociations", - "ssm:listAssociationVersions", - "ssm:listCommandInvocations", - "ssm:listCommands", - "ssm:listComplianceItems", - "ssm:listComplianceSummaries", - "ssm:listDocumentMetadataHistory", - "ssm:listDocuments", - "ssm:listDocumentVersions", - "ssm:listNodes", - "ssm:listNodesSummary", - "ssm:listOpsItemEvents", - "ssm:listOpsItemRelatedItems", - "ssm:listOpsMetadata", - "ssm:listResourceComplianceSummaries", - "ssm:listResourceDataSync", - "ssm:listTagsForResource", - "sso:describeApplication", - "sso:describeApplicationAssignment", - "sso:describeApplicationProvider", - "sso:describeAccountAssignmentCreationStatus", - "sso:describeAccountAssignmentDeletionStatus", - "sso:describeInstance", - "sso:describeInstanceAccessControlAttributeConfiguration", - "sso:describePermissionSet", - "sso:describePermissionSetProvisioningStatus", - "sso:describeTrustedTokenIssuer", - "sso:getApplicationAccessScope", - "sso:getApplicationAssignmentConfiguration", - "sso:getApplicationAuthenticationMethod", - "sso:getApplicationGrant", - "sso:getApplicationInstance", - "sso:getApplicationTemplate", - "sso:getInlinePolicyForPermissionSet", - "sso:getManagedApplicationInstance", - "sso:getPermissionsBoundaryForPermissionSet", - "sso:getSharedSsoConfiguration", - "sso:listApplicationAccessScopes", - "sso:listApplicationAssignments", - "sso:listApplicationAuthenticationMethods", - "sso:listApplicationGrants", - "sso:listApplicationInstances", - "sso:listApplicationProviders", - "sso:listApplications", - "sso:listApplicationTemplates", - "sso:listAccountAssignmentCreationStatus", - "sso:listAccountAssignmentDeletionStatus", - "sso:listAccountAssignments", - "sso:listAccountAssignmentsForPrincipal", - "sso:listAccountsForProvisionedPermissionSet", - "sso:listApplicationAssignmentsForPrincipal", - "sso:listCustomerManagedPolicyReferencesInPermissionSet", - "sso:listDirectoryAssociations", - "sso:listInstances", - "sso:listManagedPoliciesInPermissionSet", - "sso:listPermissionSetProvisioningStatus", - "sso:listPermissionSets", - "sso:listPermissionSetsProvisionedToAccount", - "sso:listProfileAssociations", - "sso:listTrustedTokenIssuers", - "states:describeActivity", - "states:describeExecution", - "states:describeMapRun", - "states:describeStateMachine", - "states:describeStateMachineAlias", - "states:describeStateMachineForExecution", - "states:getExecutionHistory", - "states:listActivities", - "states:listExecutions", - "states:listMapRuns", - "states:listStateMachineAliases", - "states:listStateMachines", - "states:listStateMachineVersions", - "storagegateway:describeBandwidthRateLimit", - "storagegateway:describeCache", - "storagegateway:describeCachediSCSIVolumes", - "storagegateway:describeFileSystemAssociations", - "storagegateway:describeGatewayInformation", - "storagegateway:describeMaintenanceStartTime", - "storagegateway:describeNFSFileShares", - "storagegateway:describeSMBFileShares", - "storagegateway:describeSMBSettings", - "storagegateway:describeSnapshotSchedule", - "storagegateway:describeStorediSCSIVolumes", - "storagegateway:describeTapeArchives", - "storagegateway:describeTapeRecoveryPoints", - "storagegateway:describeTapes", - "storagegateway:describeUploadBuffer", - "storagegateway:describeVTLDevices", - "storagegateway:describeWorkingStorage", - "storagegateway:listAutomaticTapeCreationPolicies", - "storagegateway:listFileShares", - "storagegateway:listFileSystemAssociations", - "storagegateway:listGateways", - "storagegateway:listLocalDisks", - "storagegateway:listTagsForResource", - "storagegateway:listTapes", - "storagegateway:listVolumeInitiators", - "storagegateway:listVolumeRecoveryPoints", - "storagegateway:listVolumes", - "sts:getCallerIdentity", - "swf:countClosedWorkflowExecutions", - "swf:countOpenWorkflowExecutions", - "swf:countPendingActivityTasks", - "swf:countPendingDecisionTasks", - "swf:describeActivityType", - "swf:describeDomain", - "swf:describeWorkflowExecution", - "swf:describeWorkflowType", - "swf:getWorkflowExecutionHistory", - "swf:listActivityTypes", - "swf:listClosedWorkflowExecutions", - "swf:listDomains", - "swf:listOpenWorkflowExecutions", - "swf:listWorkflowTypes", - "synthetics:describeCanaries", - "synthetics:describeCanariesLastRun", - "synthetics:describeRuntimeVersions", - "synthetics:getCanary", - "synthetics:getCanaryRuns", - "synthetics:getGroup", - "synthetics:listAssociatedGroups", - "synthetics:listGroupResources", - "synthetics:listGroups", - "thinclient:getDevice", - "thinclient:getEnvironment", - "thinclient:getSoftwareSet", - "thinclient:listDevices", - "thinclient:listEnvironments", - "thinclient:listSoftwareSets", - "timestream:describeAccountSettings", - "timestream:describeBatchLoadTask", - "timestream:describeDatabase", - "timestream:describeEndpoints", - "timestream:describeScheduledQuery", - "timestream:describeTable", - "timestream:listBatchLoadTasks", - "timestream:listDatabases", - "timestream:listScheduledQueries", - "timestream:listTables", - "tiros:createQuery", - "tiros:getQueryAnswer", - "tiros:getQueryExplanation", - "tnb:getSolFunctionInstance", - "tnb:getSolFunctionPackage", - "tnb:getSolNetworkInstance", - "tnb:getSolNetworkOperation", - "tnb:getSolNetworkPackage", - "tnb:listSolFunctionInstances", - "tnb:listSolFunctionPackages", - "tnb:listSolNetworkInstances", - "tnb:listSolNetworkOperations", - "tnb:listSolNetworkPackages", - "transcribe:describeLanguageModel", - "transcribe:getCallAnalyticsCategory", - "transcribe:getCallAnalyticsJob", - "transcribe:getMedicalTranscriptionJob", - "transcribe:getMedicalVocabulary", - "transcribe:getTranscriptionJob", - "transcribe:getVocabulary", - "transcribe:getVocabularyFilter", - "transcribe:listCallAnalyticsCategories", - "transcribe:listCallAnalyticsJobs", - "transcribe:listLanguageModels", - "transcribe:listMedicalTranscriptionJobs", - "transcribe:listMedicalVocabularies", - "transcribe:listTranscriptionJobs", - "transcribe:listVocabularies", - "transcribe:listVocabularyFilters", - "transfer:describeAccess", - "transfer:describeAgreement", - "transfer:describeConnector", - "transfer:describeExecution", - "transfer:describeProfile", - "transfer:describeServer", - "transfer:describeUser", - "transfer:describeWebApp", - "transfer:describeWebAppCustomization", - "transfer:describeWorkflow", - "transfer:listAccesses", - "transfer:listAgreements", - "transfer:listConnectors", - "transfer:listExecutions", - "transfer:listHostKeys", - "transfer:listProfiles", - "transfer:listServers", - "transfer:listTagsForResource", - "transfer:listUsers", - "transfer:listWebApps", - "transfer:listWorkflows", - "transfer:sendWorkflowStepState", - "trustedadvisor:getOrganizationRecommendation", - "trustedadvisor:getRecommendation", - "trustedadvisor:listChecks", - "trustedadvisor:listOrganizationRecommendationAccounts", - "trustedadvisor:listOrganizationRecommendationResources", - "trustedadvisor:listOrganizationRecommendations", - "trustedadvisor:listRecommendationResources", - "trustedadvisor:listRecommendations", - "verifiedpermissions:getIdentitySource", - "verifiedpermissions:getPolicy", - "verifiedpermissions:getPolicyStore", - "verifiedpermissions:getPolicyTemplate", - "verifiedpermissions:getSchema", - "verifiedpermissions:listIdentitySources", - "verifiedpermissions:listPolicies", - "verifiedpermissions:listPolicyStores", - "verifiedpermissions:listPolicyTemplates", - "vpc-lattice:getAccessLogSubscription", - "vpc-lattice:getAuthPolicy", - "vpc-lattice:getListener", - "vpc-lattice:getResourceConfiguration", - "vpc-lattice:getResourceGateway", - "vpc-lattice:getResourcePolicy", - "vpc-lattice:getRule", - "vpc-lattice:getService", - "vpc-lattice:getServiceNetwork", - "vpc-lattice:getServiceNetworkResourceAssociation", - "vpc-lattice:getServiceNetworkServiceAssociation", - "vpc-lattice:getServiceNetworkVpcAssociation", - "vpc-lattice:getTargetGroup", - "vpc-lattice:listAccessLogSubscriptions", - "vpc-lattice:listListeners", - "vpc-lattice:listResourceConfigurations", - "vpc-lattice:listResourceGateways", - "vpc-lattice:listRules", - "vpc-lattice:listServiceNetworks", - "vpc-lattice:listServiceNetworkResourceAssociations", - "vpc-lattice:listServiceNetworkServiceAssociations", - "vpc-lattice:listServiceNetworkVpcAssociations", - "vpc-lattice:listServices", - "vpc-lattice:listTargetGroups", - "vpc-lattice:listTargets", - "waf-regional:getByteMatchSet", - "waf-regional:getChangeTokenStatus", - "waf-regional:getGeoMatchSet", - "waf-regional:getIPSet", - "waf-regional:getLoggingConfiguration", - "waf-regional:getRateBasedRule", - "waf-regional:getRegexMatchSet", - "waf-regional:getRegexPatternSet", - "waf-regional:getRule", - "waf-regional:getRuleGroup", - "waf-regional:getSqlInjectionMatchSet", - "waf-regional:getWebACL", - "waf-regional:getWebACLForResource", - "waf-regional:listActivatedRulesInRuleGroup", - "waf-regional:listByteMatchSets", - "waf-regional:listGeoMatchSets", - "waf-regional:listIPSets", - "waf-regional:listLoggingConfigurations", - "waf-regional:listRateBasedRules", - "waf-regional:listRegexMatchSets", - "waf-regional:listRegexPatternSets", - "waf-regional:listResourcesForWebACL", - "waf-regional:listRuleGroups", - "waf-regional:listRules", - "waf-regional:listSqlInjectionMatchSets", - "waf-regional:listWebACLs", - "waf:getByteMatchSet", - "waf:getChangeTokenStatus", - "waf:getGeoMatchSet", - "waf:getIPSet", - "waf:getLoggingConfiguration", - "waf:getRateBasedRule", - "waf:getRegexMatchSet", - "waf:getRegexPatternSet", - "waf:getRule", - "waf:getRuleGroup", - "waf:getSampledRequests", - "waf:getSizeConstraintSet", - "waf:getSqlInjectionMatchSet", - "waf:getWebACL", - "waf:getXssMatchSet", - "waf:listActivatedRulesInRuleGroup", - "waf:listByteMatchSets", - "waf:listGeoMatchSets", - "waf:listIPSets", - "waf:listLoggingConfigurations", - "waf:listRateBasedRules", - "waf:listRegexMatchSets", - "waf:listRegexPatternSets", - "waf:listRuleGroups", - "waf:listRules", - "waf:listSizeConstraintSets", - "waf:listSqlInjectionMatchSets", - "waf:listWebACLs", - "waf:listXssMatchSets", - "wafv2:checkCapacity", - "wafv2:describeManagedRuleGroup", - "wafv2:getIPSet", - "wafv2:getLoggingConfiguration", - "wafv2:getPermissionPolicy", - "wafv2:getRateBasedStatementManagedKeys", - "wafv2:getRegexPatternSet", - "wafv2:getRuleGroup", - "wafv2:getSampledRequests", - "wafv2:getWebACL", - "wafv2:getWebACLForResource", - "wafv2:listAvailableManagedRuleGroups", - "wafv2:listIPSets", - "wafv2:listLoggingConfigurations", - "wafv2:listRegexPatternSets", - "wafv2:listResourcesForWebACL", - "wafv2:listRuleGroups", - "wafv2:listTagsForResource", - "wafv2:listWebACLs", - "workdocs:checkAlias", - "workdocs:describeAvailableDirectories", - "workdocs:describeInstances", - "workmail:describeGroup", - "workmail:describeOrganization", - "workmail:describeResource", - "workmail:describeUser", - "workmail:listAliases", - "workmail:listGroupMembers", - "workmail:listGroups", - "workmail:listMailboxPermissions", - "workmail:listOrganizations", - "workmail:listResourceDelegates", - "workmail:listResources", - "workmail:listUsers", - "workspaces-web:getBrowserSettings", - "workspaces-web:getIdentityProvider", - "workspaces-web:getNetworkSettings", - "workspaces-web:getPortal", - "workspaces-web:getPortalServiceProviderMetadata", - "workspaces-web:getTrustStoreCertificate", - "workspaces-web:getUserSettings", - "workspaces-web:listBrowserSettings", - "workspaces-web:listIdentityProviders", - "workspaces-web:listNetworkSettings", - "workspaces-web:listPortals", - "workspaces-web:listTagsForResource", - "workspaces-web:listTrustStoreCertificates", - "workspaces-web:listTrustStores", - "workspaces-web:listUserSettings", - "workspaces:describeAccount", - "workspaces:describeAccountModifications", - "workspaces:describeApplicationAssociations", - "workspaces:describeIpGroups", - "workspaces:describeTags", - "workspaces:describeWorkspaceAssociations", - "workspaces:describeWorkspaceBundles", - "workspaces:describeWorkspaceDirectories", - "workspaces:describeWorkspaceImages", - "workspaces:describeWorkspaces", - "workspaces:describeWorkspaceSnapshots", - "workspaces:describeWorkspacesConnectionStatus", - "workspaces:describeWorkspacesPools", - "workspaces:describeWorkspacesPoolSessions", - "xray:getEncryptionConfig", - "xray:getGroup", - "xray:getGroups", - "xray:getInsightImpactGraph", - "xray:getSamplingRules", - "xray:getSamplingStatisticSummaries", - "xray:getSamplingTargets", - "xray:getServiceGraph", - "xray:getTimeSeriesServiceStatistics", - "xray:getTraceGraph", - "xray:listResourcePolicies" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - } - ], - "Version": "2012-10-17" - }, - "tags": [] - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "AWSSupportServiceRolePolicy", - "type": "AwsIamPolicy", - "uid": "arn:aws:iam::aws:policy/aws-service-role/AWSSupportServiceRolePolicy" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "It is more secure to start with a minimum set of permissions and grant additional permissions as necessary, rather than starting with permissions that are too lenient and then trying to tighten them later. List policies an analyze if permissions are the least possible to conduct business activities.", - "references": [ - "http://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html" - ] - }, - "risk_details": "IAM policies are the means by which privileges are granted to users, groups, or roles. It is recommended and considered a standard security advice to grant least privilegeβ€”that is, granting only the permissions required to perform a task. Determine what users need to do and then craft policies for them that let the users perform only those tasks instead of allowing full administrative privileges. Providing full administrative privileges instead of restricting to the minimum set of permissions that the user is required to do exposes the resources to potentially unwanted actions.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "AWS policy AWSResourceExplorerServiceRolePolicy is attached but does not allow '*:*' administrative privileges.", - "metadata": { - "event_code": "iam_aws_attached_policy_no_administrative_privileges", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "AWS policy AWSResourceExplorerServiceRolePolicy is attached but does not allow '*:*' administrative privileges.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "CAF Security Epic: IAM", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_1", - "3_1_2", - "3_1_4", - "3_1_5", - "3_1_6", - "3_1_7", - "3_4_6", - "3_13_3" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_1" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_308_a_3_i", - "164_308_a_3_ii_b", - "164_308_a_4_i", - "164_308_a_4_ii_b", - "164_308_a_4_ii_c", - "164_312_a_1" - ], - "SOC2": [ - "cc_1_3", - "cc_6_3" - ], - "C5-2025": [ - "OIS-04.03B", - "OIS-04.01AC", - "SP-01.04B", - "HR-01.01B", - "IAM-01.01B", - "IAM-01.04B" - ], - "NIST-CSF-1.1": [ - "ac_1", - "ac_4", - "pt_3" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-1", - "ac-2-f", - "ac-2-j", - "ac-3", - "ac-5-c", - "ac-6-10", - "ac-6", - "sc-2" - ], - "CIS-3.0": [ - "1.16" - ], - "NIST-800-53-Revision-5": [ - "ac_2_1", - "ac_2_6", - "ac_2_i_2", - "ac_3", - "ac_3_3", - "ac_3_3_a", - "ac_3_3_b_1", - "ac_3_3_b_2", - "ac_3_3_b_3", - "ac_3_3_b_4", - "ac_3_3_b_5", - "ac_3_3_c", - "ac_3_4", - "ac_3_4_a", - "ac_3_4_b", - "ac_3_4_c", - "ac_3_4_d", - "ac_3_4_e", - "ac_3_7", - "ac_3_8", - "ac_3_12_a", - "ac_3_13", - "ac_3_15_a", - "ac_3_15_b", - "ac_4_28", - "ac_5_b", - "ac_6", - "ac_6_2", - "ac_6_3", - "ac_6_10", - "ac_24", - "cm_5_1_a", - "cm_6_a", - "cm_9_b", - "mp_2", - "sc_23_3", - "sc_25" - ], - "ENS-RD2022": [ - "op.acc.4.aws.iam.1", - "op.acc.4.aws.iam.2", - "op.acc.4.aws.iam.9", - "op.exp.8.r4.aws.ct.8" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.16" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "ac-3" - ], - "FFIEC": [ - "d3-pc-am-b-1", - "d3-pc-am-b-16", - "d3-pc-am-b-2", - "d3-pc-am-b-3", - "d3-pc-am-b-6", - "d3-pc-im-b-7" - ], - "GDPR": [ - "article_25" - ], - "CIS-5.0": [ - "1.15" - ], - "CIS-1.4": [ - "1.16" - ], - "CCC": [ - "CCC.LB.CN05.AR01", - "CCC.Core.CN05.AR02" - ], - "GxP-21-CFR-Part-11": [ - "11.10-d", - "11.10-g" - ], - "ProwlerThreatScore-1.0": [ - "1.3.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "IAM.1" - ], - "CIS-1.5": [ - "1.16" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC03-BP02" - ], - "ISO27001-2022": [ - "A.5.18", - "A.8.2" - ], - "NIST-800-53-Revision-4": [ - "ac_2", - "ac_3", - "ac_5", - "ac_6", - "sc_2" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1078", - "T1648", - "T1098", - "T1578", - "T1550", - "T1040", - "T1580", - "T1538", - "T1619", - "T1201" - ], - "CIS-2.0": [ - "1.16" - ], - "CISA": [ - "your-systems-3", - "your-surroundings-3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Ensure IAM AWS-Managed policies that allow full \"*:*\" administrative privileges are not attached", - "title": "Ensure IAM AWS-Managed policies that allow full \"*:*\" administrative privileges are not attached", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_aws_attached_policy_no_administrative_privileges-211203495394-us-east-1-AWSResourceExplorerServiceRolePolicy" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "AWSResourceExplorerServiceRolePolicy", - "arn": "arn:aws:iam::aws:policy/aws-service-role/AWSResourceExplorerServiceRolePolicy", - "entity": "ANPAZKAPJZG4K2H54PAUL", - "version_id": "v19", - "type": "AWS", - "attached": true, - "document": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "ResourceExplorerAccess", - "Effect": "Allow", - "Action": [ - "resource-explorer-2:UpdateIndexType", - "resource-explorer-2:CreateIndex", - "resource-explorer-2:CreateView", - "resource-explorer-2:AssociateDefaultView", - "resource-explorer-2:DeleteIndex" - ], - "Resource": "*" - }, - { - "Sid": "OrganizationsAccess", - "Effect": "Allow", - "Action": [ - "organizations:DescribeAccount", - "organizations:DescribeOrganization", - "organizations:ListAWSServiceAccessForOrganization", - "organizations:ListAccounts", - "organizations:ListDelegatedAdministrators", - "organizations:ListOrganizationalUnitsForParent", - "organizations:ListRoots" - ], - "Resource": "*" - }, - { - "Sid": "CloudTrailEventsAccess", - "Effect": "Allow", - "Action": [ - "cloudtrail:CreateServiceLinkedChannel", - "cloudtrail:GetServiceLinkedChannel" - ], - "Resource": "arn:aws:cloudtrail:*:*:channel/aws-service-channel/resource-explorer-2/*" - }, - { - "Sid": "ApiGatewayAccess", - "Effect": "Allow", - "Action": "apigateway:GET", - "Resource": [ - "arn:aws:apigateway:*::/restapis", - "arn:aws:apigateway:*::/restapis/*", - "arn:aws:apigateway:*::/restapis/*/deployments", - "arn:aws:apigateway:*::/restapis/*/resources", - "arn:aws:apigateway:*::/restapis/*/resources/*", - "arn:aws:apigateway:*::/restapis/*/resources/*/methods/*", - "arn:aws:apigateway:*::/restapis/*/stages", - "arn:aws:apigateway:*::/restapis/*/stages/*", - "arn:aws:apigateway:*::/vpclinks", - "arn:aws:apigateway:*::/apis", - "arn:aws:apigateway:*::/apis/*/routes", - "arn:aws:apigateway:*::/apis/*/stages", - "arn:aws:apigateway:*::/apis/*", - "arn:aws:apigateway:*::/apis/*/routes/*", - "arn:aws:apigateway:*::/apis/*/stages/*" - ] - }, - { - "Sid": "ResourceInventoryAccess", - "Effect": "Allow", - "Action": [ - "access-analyzer:ListAnalyzers", - "acm-pca:ListCertificateAuthorities", - "acm:ListCertificates", - "airflow:ListEnvironments", - "amplify:ListApps", - "amplify:ListBranches", - "amplify:ListDomainAssociations", - "aoss:ListCollections", - "app-integrations:ListApplications", - "app-integrations:ListEventIntegrations", - "appconfig:ListApplications", - "appconfig:ListDeploymentStrategies", - "appconfig:ListEnvironments", - "appconfig:ListExtensionAssociations", - "appflow:ListFlows", - "appmesh:ListGatewayRoutes", - "appmesh:ListMeshes", - "appmesh:ListRoutes", - "appmesh:ListVirtualGateways", - "appmesh:ListVirtualNodes", - "appmesh:ListVirtualRouters", - "appmesh:ListVirtualServices", - "apprunner:ListAutoScalingConfigurations", - "apprunner:ListConnections", - "apprunner:ListServices", - "apprunner:ListVpcConnectors", - "appstream:DescribeAppBlocks", - "appstream:DescribeApplications", - "appstream:DescribeFleets", - "appstream:DescribeImageBuilders", - "appstream:DescribeStacks", - "appsync:ListGraphqlApis", - "aps:ListRuleGroupsNamespaces", - "aps:ListWorkspaces", - "athena:ListDataCatalogs", - "athena:ListWorkGroups", - "auditmanager:GetAccountStatus", - "auditmanager:ListAssessments", - "autoscaling:DescribeAutoScalingGroups", - "backup-gateway:ListHypervisors", - "backup:ListBackupPlans", - "backup:ListBackupVaults", - "backup:ListReportPlans", - "batch:DescribeComputeEnvironments", - "batch:DescribeJobDefinitions", - "batch:DescribeJobQueues", - "batch:ListSchedulingPolicies", - "bedrock:ListAgentAliases", - "bedrock:ListAgents", - "bedrock:ListDataAutomationProjects", - "bedrock:ListFlows", - "bedrock:ListGuardrails", - "bedrock:ListInferenceProfiles", - "bedrock:ListKnowledgeBases", - "bedrock:ListPromptRouters", - "bedrock:ListPrompts", - "ce:GetAnomalyMonitors", - "ce:GetAnomalySubscriptions", - "chime:ListAppInstanceBots", - "chime:ListAppInstanceUsers", - "chime:ListAppInstances", - "chime:ListMediaInsightsPipelineConfigurations", - "chime:ListMediaPipelineKinesisVideoStreamPools", - "chime:ListMediaPipelines", - "chime:ListSipMediaApplications", - "chime:ListVoiceConnectors", - "cloud9:ListEnvironments", - "cloudformation:ListResources", - "cloudformation:ListStackSets", - "cloudformation:ListStacks", - "cloudfront:ListCachePolicies", - "cloudfront:ListCloudFrontOriginAccessIdentities", - "cloudfront:ListContinuousDeploymentPolicies", - "cloudfront:ListDistributions", - "cloudfront:ListFieldLevelEncryptionConfigs", - "cloudfront:ListFieldLevelEncryptionProfiles", - "cloudfront:ListFunctions", - "cloudfront:ListOriginAccessControls", - "cloudfront:ListOriginRequestPolicies", - "cloudfront:ListRealtimeLogConfigs", - "cloudfront:ListResponseHeadersPolicies", - "cloudtrail:ListChannels", - "cloudtrail:ListDashboards", - "cloudtrail:ListEventDataStores", - "cloudtrail:ListTrails", - "cloudwatch:DescribeAlarms", - "cloudwatch:DescribeInsightRules", - "cloudwatch:ListDashboards", - "cloudwatch:ListMetricStreams", - "codeartifact:ListDomains", - "codeartifact:ListRepositories", - "codebuild:ListProjects", - "codecommit:ListRepositories", - "codeconnections:ListConnections", - "codedeploy:ListApplications", - "codedeploy:ListDeploymentConfigs", - "codeguru-profiler:ListProfilingGroups", - "codeguru-reviewer:ListRepositoryAssociations", - "codepipeline:ListPipelines", - "codepipeline:ListWebhooks", - "codestar-connections:ListConnections", - "cognito-identity:ListIdentityPools", - "cognito-idp:ListUserPools", - "comprehend:ListDocumentClassifiers", - "comprehend:ListEntityRecognizers", - "comprehend:ListFlywheels", - "config:DescribeConfigRules", - "connect:ListEvaluationForms", - "connect:ListHoursOfOperations", - "connect:ListInstanceAttributes", - "connect:ListInstances", - "connect:ListPhoneNumbersV2", - "connect:ListPrompts", - "connect:ListQuickConnects", - "connect:ListRoutingProfileQueues", - "connect:ListRoutingProfiles", - "connect:ListRules", - "connect:ListSecurityProfiles", - "connect:ListTaskTemplates", - "connect:ListUsers", - "databrew:ListDatasets", - "databrew:ListJobs", - "databrew:ListProjects", - "databrew:ListRecipes", - "databrew:ListRulesets", - "databrew:ListSchedules", - "dataexchange:ListDataSets", - "datapipeline:ListPipelines", - "datasync:ListLocations", - "datasync:ListTasks", - "dax:DescribeClusters", - "detective:ListGraphs", - "devicefarm:ListInstanceProfiles", - "devicefarm:ListProjects", - "devicefarm:ListTestGridProjects", - "directconnect:DescribeDirectConnectGateways", - "dms:DescribeCertificates", - "dms:DescribeEndpoints", - "dms:DescribeEventSubscriptions", - "dms:DescribeReplicationInstances", - "dms:DescribeReplicationSubnetGroups", - "dms:DescribeReplicationTasks", - "ds:DescribeDirectories", - "dynamodb:ListTables", - "ec2:DescribeAddresses", - "ec2:DescribeCapacityReservationFleets", - "ec2:DescribeCapacityReservations", - "ec2:DescribeCarrierGateways", - "ec2:DescribeClientVpnEndpoints", - "ec2:DescribeCustomerGateways", - "ec2:DescribeDhcpOptions", - "ec2:DescribeEgressOnlyInternetGateways", - "ec2:DescribeFleets", - "ec2:DescribeFlowLogs", - "ec2:DescribeFpgaImages", - "ec2:DescribeHostReservations", - "ec2:DescribeHosts", - "ec2:DescribeImages", - "ec2:DescribeInstanceConnectEndpoints", - "ec2:DescribeInstanceEventWindows", - "ec2:DescribeInstances", - "ec2:DescribeInternetGateways", - "ec2:DescribeIpamPools", - "ec2:DescribeIpamResourceDiscoveries", - "ec2:DescribeIpamResourceDiscoveryAssociations", - "ec2:DescribeIpamScopes", - "ec2:DescribeIpams", - "ec2:DescribeKeyPairs", - "ec2:DescribeLaunchTemplates", - "ec2:DescribeManagedPrefixLists", - "ec2:DescribeNatGateways", - "ec2:DescribeNetworkAcls", - "ec2:DescribeNetworkInsightsAccessScopeAnalyses", - "ec2:DescribeNetworkInsightsAccessScopes", - "ec2:DescribeNetworkInsightsAnalyses", - "ec2:DescribeNetworkInsightsPaths", - "ec2:DescribeNetworkInterfaces", - "ec2:DescribePlacementGroups", - "ec2:DescribePublicIpv4Pools", - "ec2:DescribeReservedInstances", - "ec2:DescribeRouteTables", - "ec2:DescribeSecurityGroupRules", - "ec2:DescribeSecurityGroups", - "ec2:DescribeSnapshots", - "ec2:DescribeSpotFleetRequests", - "ec2:DescribeSpotInstanceRequests", - "ec2:DescribeSubnets", - "ec2:DescribeTrafficMirrorFilters", - "ec2:DescribeTrafficMirrorSessions", - "ec2:DescribeTrafficMirrorTargets", - "ec2:DescribeTransitGatewayAttachments", - "ec2:DescribeTransitGatewayConnectPeers", - "ec2:DescribeTransitGatewayMulticastDomains", - "ec2:DescribeTransitGatewayPolicyTables", - "ec2:DescribeTransitGatewayRouteTableAnnouncements", - "ec2:DescribeTransitGatewayRouteTables", - "ec2:DescribeTransitGateways", - "ec2:DescribeVerifiedAccessEndpoints", - "ec2:DescribeVerifiedAccessGroups", - "ec2:DescribeVerifiedAccessInstances", - "ec2:DescribeVerifiedAccessTrustProviders", - "ec2:DescribeVolumes", - "ec2:DescribeVpcBlockPublicAccessExclusions", - "ec2:DescribeVpcEndpointServiceConfigurations", - "ec2:DescribeVpcEndpoints", - "ec2:DescribeVpcPeeringConnections", - "ec2:DescribeVpcs", - "ec2:DescribeVpnConnections", - "ec2:DescribeVpnGateways", - "ec2:GetSubnetCidrReservations", - "ecr-public:DescribeRepositories", - "ecr:DescribeRepositories", - "ecs:DescribeCapacityProviders", - "ecs:DescribeServices", - "ecs:ListClusters", - "ecs:ListContainerInstances", - "ecs:ListServices", - "ecs:ListTaskDefinitions", - "eks:DescribeAccessEntry", - "eks:DescribeAddon", - "eks:DescribeFargateProfile", - "eks:DescribeIdentityProviderConfig", - "eks:DescribeNodegroup", - "eks:ListAccessEntries", - "eks:ListAddons", - "eks:ListClusters", - "eks:ListEksAnywhereSubscriptions", - "eks:ListFargateProfiles", - "eks:ListIdentityProviderConfigs", - "eks:ListNodegroups", - "eks:ListPodIdentityAssociations", - "elasticache:DescribeCacheClusters", - "elasticache:DescribeCacheParameterGroups", - "elasticache:DescribeCacheSubnetGroups", - "elasticache:DescribeGlobalReplicationGroups", - "elasticache:DescribeReplicationGroups", - "elasticache:DescribeReservedCacheNodes", - "elasticache:DescribeSnapshots", - "elasticache:DescribeUserGroups", - "elasticache:DescribeUsers", - "elasticbeanstalk:DescribeApplicationVersions", - "elasticbeanstalk:DescribeApplications", - "elasticbeanstalk:DescribeEnvironments", - "elasticfilesystem:DescribeAccessPoints", - "elasticfilesystem:DescribeFileSystems", - "elasticloadbalancing:DescribeListeners", - "elasticloadbalancing:DescribeLoadBalancers", - "elasticloadbalancing:DescribeRules", - "elasticloadbalancing:DescribeTargetGroups", - "elasticmapreduce:ListClusters", - "emr-containers:ListJobTemplates", - "emr-containers:ListManagedEndpoints", - "emr-containers:ListSecurityConfigurations", - "emr-containers:ListVirtualClusters", - "emr-serverless:ListApplications", - "es:ListDomainNames", - "events:ListApiDestinations", - "events:ListArchives", - "events:ListConnections", - "events:ListEndpoints", - "events:ListEventBuses", - "events:ListRules", - "evidently:ListExperiments", - "evidently:ListFeatures", - "evidently:ListLaunches", - "evidently:ListProjects", - "finspace:ListEnvironments", - "firehose:ListDeliveryStreams", - "fis:ListExperimentTemplates", - "fms:ListPolicies", - "fms:ListProtocolsLists", - "forecast:ListDatasetGroups", - "forecast:ListDatasetImportJobs", - "forecast:ListDatasets", - "forecast:ListForecastExportJobs", - "forecast:ListForecasts", - "forecast:ListPredictorBacktestExportJobs", - "forecast:ListPredictors", - "frauddetector:GetDetectors", - "frauddetector:GetEntityTypes", - "frauddetector:GetEventTypes", - "frauddetector:GetExternalModels", - "frauddetector:GetLabels", - "frauddetector:GetModels", - "frauddetector:GetOutcomes", - "frauddetector:GetVariables", - "fsx:DescribeBackups", - "fsx:DescribeFileSystems", - "gamelift:DescribeGameSessionQueues", - "gamelift:DescribeMatchmakingConfigurations", - "gamelift:DescribeMatchmakingRuleSets", - "gamelift:ListAliases", - "gamelift:ListBuilds", - "gamelift:ListLocations", - "gamelift:ListScripts", - "geo:ListMaps", - "geo:ListPlaceIndexes", - "geo:ListTrackers", - "glacier:ListVaults", - "globalaccelerator:ListAccelerators", - "globalaccelerator:ListEndpointGroups", - "globalaccelerator:ListListeners", - "glue:GetCrawlers", - "glue:GetDatabases", - "glue:GetJobs", - "glue:GetTables", - "glue:GetTriggers", - "glue:ListDataQualityRulesets", - "glue:ListMLTransforms", - "glue:ListRegistries", - "grafana:ListWorkspaces", - "greengrass:ListComponentVersions", - "greengrass:ListComponents", - "greengrass:ListConnectorDefinitions", - "greengrass:ListCoreDefinitions", - "greengrass:ListDeviceDefinitions", - "greengrass:ListFunctionDefinitions", - "greengrass:ListGroups", - "greengrass:ListLoggerDefinitions", - "greengrass:ListResourceDefinitions", - "greengrass:ListSubscriptionDefinitions", - "groundstation:ListConfigs", - "groundstation:ListDataflowEndpointGroups", - "groundstation:ListMissionProfiles", - "guardduty:ListDetectors", - "guardduty:ListFilters", - "guardduty:ListIPSets", - "guardduty:ListMalwareProtectionPlans", - "guardduty:ListPublishingDestinations", - "guardduty:ListThreatIntelSets", - "healthlake:ListFHIRDatastores", - "iam:ListGroups", - "iam:ListInstanceProfiles", - "iam:ListOpenIDConnectProviders", - "iam:ListPolicies", - "iam:ListRoles", - "iam:ListSAMLProviders", - "iam:ListServerCertificates", - "iam:ListUsers", - "iam:ListVirtualMFADevices", - "imagebuilder:ListComponentBuildVersions", - "imagebuilder:ListComponents", - "imagebuilder:ListContainerRecipes", - "imagebuilder:ListDistributionConfigurations", - "imagebuilder:ListImageBuildVersions", - "imagebuilder:ListImagePipelines", - "imagebuilder:ListImageRecipes", - "imagebuilder:ListImages", - "imagebuilder:ListInfrastructureConfigurations", - "inspector2:ListFilters", - "inspector:ListAssessmentTemplates", - "iot:ListAuthorizers", - "iot:ListBillingGroups", - "iot:ListCACertificates", - "iot:ListCertificates", - "iot:ListFleetMetrics", - "iot:ListJobTemplates", - "iot:ListMitigationActions", - "iot:ListPolicies", - "iot:ListProvisioningTemplates", - "iot:ListRoleAliases", - "iot:ListScheduledAudits", - "iot:ListSecurityProfiles", - "iot:ListThingGroups", - "iot:ListThingTypes", - "iot:ListThings", - "iot:ListTopicRuleDestinations", - "iot:ListTopicRules", - "iotanalytics:ListChannels", - "iotanalytics:ListDatasets", - "iotanalytics:ListDatastores", - "iotanalytics:ListPipelines", - "iotdeviceadvisor:ListSuiteDefinitions", - "iotevents:ListAlarmModels", - "iotevents:ListDetectorModels", - "iotevents:ListInputs", - "iotfleethub:ListApplications", - "iotfleetwise:ListDecoderManifests", - "iotfleetwise:ListModelManifests", - "iotfleetwise:ListSignalCatalogs", - "iotfleetwise:ListVehicles", - "iotsitewise:ListAccessPolicies", - "iotsitewise:ListAssetModels", - "iotsitewise:ListAssets", - "iotsitewise:ListDashboards", - "iotsitewise:ListGateways", - "iotsitewise:ListPortals", - "iotsitewise:ListProjects", - "iottwinmaker:ListComponentTypes", - "iottwinmaker:ListEntities", - "iottwinmaker:ListSyncJobs", - "iottwinmaker:ListWorkspaces", - "iotwireless:ListDestinations", - "iotwireless:ListDeviceProfiles", - "iotwireless:ListFuotaTasks", - "iotwireless:ListMulticastGroups", - "iotwireless:ListPartnerAccounts", - "iotwireless:ListServiceProfiles", - "iotwireless:ListWirelessDevices", - "iotwireless:ListWirelessGatewayTaskDefinitions", - "iotwireless:ListWirelessGateways", - "ivs:ListChannels", - "ivs:ListEncoderConfigurations", - "ivs:ListIngestConfigurations", - "ivs:ListPlaybackKeyPairs", - "ivs:ListPlaybackRestrictionPolicies", - "ivs:ListRecordingConfigurations", - "ivs:ListStorageConfigurations", - "ivs:ListStreamKeys", - "ivschat:ListLoggingConfigurations", - "ivschat:ListRooms", - "kafka:ListClusters", - "kafka:ListConfigurations", - "kendra:ListAccessControlConfigurations", - "kendra:ListDataSources", - "kendra:ListExperiences", - "kendra:ListFaqs", - "kendra:ListFeaturedResultsSets", - "kendra:ListIndices", - "kendra:ListQuerySuggestionsBlockLists", - "kendra:ListThesauri", - "kinesis:ListStreams", - "kinesisanalytics:ListApplications", - "kinesisvideo:ListSignalingChannels", - "kinesisvideo:ListStreams", - "kms:ListKeys", - "lambda:ListCodeSigningConfigs", - "lambda:ListEventSourceMappings", - "lambda:ListFunctions", - "lex:ListBotAliases", - "lex:ListBots", - "license-manager:ListDistributedGrants", - "lightsail:GetBuckets", - "lightsail:GetCertificates", - "lightsail:GetContainerServices", - "lightsail:GetDisks", - "logs:DescribeDestinations", - "logs:DescribeLogGroups", - "logs:ListTagsForResource", - "lookoutmetrics:ListAlerts", - "lookoutmetrics:ListAnomalyDetectors", - "lookoutvision:ListProjects", - "m2:ListEnvironments", - "macie2:ListAllowLists", - "macie2:ListCustomDataIdentifiers", - "macie2:ListFindingsFilters", - "managedblockchain:ListAccessors", - "mediapackage-vod:ListAssets", - "mediapackage-vod:ListPackagingConfigurations", - "mediapackage-vod:ListPackagingGroups", - "mediapackage:ListChannels", - "mediapackage:ListOriginEndpoints", - "mediastore:ListContainers", - "mediatailor:ListChannels", - "mediatailor:ListLiveSources", - "mediatailor:ListPlaybackConfigurations", - "mediatailor:ListSourceLocations", - "mediatailor:ListVodSources", - "memorydb:DescribeACLs", - "memorydb:DescribeClusters", - "memorydb:DescribeParameterGroups", - "memorydb:DescribeSnapshots", - "memorydb:DescribeSubnetGroups", - "memorydb:DescribeUsers", - "mobiletargeting:GetApps", - "mobiletargeting:GetCampaigns", - "mobiletargeting:GetSegments", - "mobiletargeting:ListTemplates", - "mq:ListBrokers", - "mq:ListConfigurations", - "network-firewall:ListFirewallPolicies", - "network-firewall:ListFirewalls", - "network-firewall:ListRuleGroups", - "networkmanager:DescribeGlobalNetworks", - "networkmanager:GetDevices", - "networkmanager:GetLinks", - "networkmanager:ListAttachments", - "networkmanager:ListCoreNetworks", - "oam:ListSinks", - "omics:ListReferenceStores", - "omics:ListRunGroups", - "omics:ListWorkflows", - "outposts:ListSites", - "organizations:DescribeResourcePolicy", - "organizations:ListPolicies", - "panorama:ListPackages", - "partnercentral:ListEngagementInvitations", - "partnercentral:ListEngagements", - "partnercentral:ListOpportunities", - "partnercentral:ListResourceSnapshotJobs", - "partnercentral:ListResourceSnapshots", - "personalize:ListDatasetGroups", - "personalize:ListDatasets", - "personalize:ListSchemas", - "personalize:ListSolutions", - "pipes:ListPipes", - "profile:ListDomains", - "profile:ListIntegrations", - "profile:ListProfileObjectTypes", - "proton:ListEnvironmentAccountConnections", - "proton:ListEnvironmentTemplates", - "proton:ListServiceTemplates", - "qldb:ListJournalKinesisStreamsForLedger", - "qldb:ListLedgers", - "quicksight:DescribeAccountSubscription", - "quicksight:ListDataSets", - "quicksight:ListDataSources", - "quicksight:ListTemplates", - "quicksight:ListThemes", - "ram:GetResourceShares", - "rds:DescribeBlueGreenDeployments", - "rds:DescribeDBClusterEndpoints", - "rds:DescribeDBClusterParameterGroups", - "rds:DescribeDBClusterSnapshots", - "rds:DescribeDBClusters", - "rds:DescribeDBEngineVersions", - "rds:DescribeDBInstanceAutomatedBackups", - "rds:DescribeDBInstances", - "rds:DescribeDBParameterGroups", - "rds:DescribeDBProxies", - "rds:DescribeDBProxyEndpoints", - "rds:DescribeDBSecurityGroups", - "rds:DescribeDBSnapshots", - "rds:DescribeDBSubnetGroups", - "rds:DescribeEventSubscriptions", - "rds:DescribeGlobalClusters", - "rds:DescribeOptionGroups", - "rds:DescribeReservedDBInstances", - "redshift:DescribeClusterParameterGroups", - "redshift:DescribeClusterSnapshots", - "redshift:DescribeClusterSubnetGroups", - "redshift:DescribeClusters", - "redshift:DescribeEventSubscriptions", - "redshift:DescribeHsmClientCertificates", - "redshift:DescribeSnapshotCopyGrants", - "redshift:DescribeSnapshotSchedules", - "redshift:DescribeUsageLimits", - "refactor-spaces:ListApplications", - "refactor-spaces:ListEnvironments", - "refactor-spaces:ListRoutes", - "refactor-spaces:ListServices", - "rekognition:DescribeProjects", - "resiliencehub:ListApps", - "resiliencehub:ListResiliencyPolicies", - "resource-explorer-2:GetIndex", - "resource-explorer-2:ListViews", - "resource-groups:ListGroups", - "route53-recovery-control-config:ListClusters", - "route53-recovery-control-config:ListControlPanels", - "route53-recovery-control-config:ListRoutingControls", - "route53-recovery-control-config:ListSafetyRules", - "route53-recovery-readiness:ListCells", - "route53-recovery-readiness:ListReadinessChecks", - "route53-recovery-readiness:ListRecoveryGroups", - "route53-recovery-readiness:ListResourceSets", - "route53:ListHealthChecks", - "route53:ListHostedZones", - "route53domains:ListDomains", - "route53resolver:ListFirewallDomainLists", - "route53resolver:ListFirewallRuleGroupAssociations", - "route53resolver:ListFirewallRuleGroups", - "route53resolver:ListResolverEndpoints", - "route53resolver:ListResolverQueryLogConfigs", - "route53resolver:ListResolverRules", - "rum:ListAppMonitors", - "s3:GetBucketLocation", - "s3:ListAccessPoints", - "s3:ListAllMyBuckets", - "s3:ListBucket", - "s3:ListMultiRegionAccessPoints", - "s3:ListStorageLensConfigurations", - "s3:ListStorageLensGroups", - "s3express:ListAllMyDirectoryBuckets", - "sagemaker:ListActions", - "sagemaker:ListAlgorithms", - "sagemaker:ListAppImageConfigs", - "sagemaker:ListApps", - "sagemaker:ListArtifacts", - "sagemaker:ListClusters", - "sagemaker:ListCodeRepositories", - "sagemaker:ListContexts", - "sagemaker:ListDomains", - "sagemaker:ListEndpointConfigs", - "sagemaker:ListEndpoints", - "sagemaker:ListExperiments", - "sagemaker:ListFeatureGroups", - "sagemaker:ListFlowDefinitions", - "sagemaker:ListHubContents", - "sagemaker:ListHubs", - "sagemaker:ListHumanTaskUis", - "sagemaker:ListImageVersions", - "sagemaker:ListImages", - "sagemaker:ListInferenceComponents", - "sagemaker:ListInferenceExperiments", - "sagemaker:ListMlflowTrackingServers", - "sagemaker:ListModelCardVersions", - "sagemaker:ListModelCards", - "sagemaker:ListModelPackageGroups", - "sagemaker:ListModelPackages", - "sagemaker:ListModels", - "sagemaker:ListMonitoringSchedules", - "sagemaker:ListNotebookInstanceLifecycleConfigs", - "sagemaker:ListNotebookInstances", - "sagemaker:ListPipelines", - "sagemaker:ListProjects", - "sagemaker:ListSpaces", - "sagemaker:ListStudioLifecycleConfigs", - "sagemaker:ListTrialComponents", - "sagemaker:ListTrials", - "sagemaker:ListUserProfiles", - "sagemaker:ListWorkforces", - "sagemaker:ListWorkteams", - "scheduler:ListScheduleGroups", - "schemas:ListDiscoverers", - "secretsmanager:ListSecrets", - "servicecatalog:ListApplications", - "servicecatalog:ListAttributeGroups", - "servicediscovery:ListServices", - "ses:ListConfigurationSets", - "ses:ListContactLists", - "ses:ListDedicatedIpPools", - "ses:ListEmailIdentities", - "shield:ListProtectionGroups", - "shield:ListProtections", - "signer:ListSigningProfiles", - "sns:ListTopics", - "sqs:ListQueues", - "ssm-incidents:ListResponsePlans", - "ssm:DescribeInstanceInformation", - "ssm:DescribeMaintenanceWindowTargets", - "ssm:DescribeMaintenanceWindowTasks", - "ssm:DescribeMaintenanceWindows", - "ssm:DescribeParameters", - "ssm:DescribeSessions", - "ssm:ListAssociations", - "ssm:ListDocuments", - "ssm:ListResourceDataSync", - "states:ListActivities", - "states:ListStateMachines", - "storagegateway:ListGateways", - "synthetics:DescribeCanaries", - "synthetics:ListGroups", - "transfer:ListAgreements", - "transfer:ListCertificates", - "transfer:ListConnectors", - "transfer:ListProfiles", - "transfer:ListServers", - "transfer:ListUsers", - "transfer:ListWorkflows", - "verifiedpermissions:ListPolicyStores", - "vpc-lattice:ListListeners", - "vpc-lattice:ListServiceNetworkServiceAssociations", - "vpc-lattice:ListServiceNetworks", - "vpc-lattice:ListServices", - "vpc-lattice:ListTargetGroups", - "wafv2:ListIPSets", - "wafv2:ListRegexPatternSets", - "wafv2:ListRuleGroups", - "wafv2:ListWebACLs", - "wisdom:ListAssistantAssociations", - "wisdom:ListAssistants", - "wisdom:ListContents", - "wisdom:ListKnowledgeBases", - "workspaces-web:ListPortals", - "workspaces:DescribeConnectionAliases", - "workspaces:DescribeWorkspaces" - ], - "Resource": "*" - }, - { - "Sid": "PermissionsForReadGetResources", - "Effect": "Allow", - "Action": [ - "cloudformation:GetResource", - "cloudfront:GetDistribution", - "cloudfront:GetDistributionConfig", - "dynamodb:DescribeContinuousBackups", - "dynamodb:DescribeContributorInsights", - "dynamodb:DescribeKinesisStreamingDestination", - "dynamodb:DescribeTable", - "dynamodb:GetResourcePolicy", - "dynamodb:ListTagsOfResource", - "ecs:ListTagsForResource", - "elasticloadbalancing:DescribeCapacityReservation", - "elasticloadbalancing:DescribeLoadBalancerAttributes", - "elasticloadbalancing:DescribeLoadBalancerPolicies", - "elasticloadbalancing:DescribeLoadBalancerPolicyTypes", - "elasticloadbalancing:DescribeTags", - "elasticloadbalancing:DescribeTargetGroupAttributes", - "elasticloadbalancing:DescribeTargetHealth", - "events:DescribeRule", - "events:ListTargetsByRule", - "iam:GetRole", - "iam:GetRolePolicy", - "iam:ListAttachedRolePolicies", - "iam:ListRolePolicies", - "kinesis:DescribeStreamSummary", - "kinesis:ListTagsForStream", - "lambda:GetEventSourceMapping", - "lambda:GetFunction", - "lambda:GetFunctionCodeSigningConfig", - "lambda:GetFunctionRecursionConfig", - "lambda:ListTags", - "logs:DescribeIndexPolicies", - "logs:GetDataProtectionPolicy", - "s3:GetAccelerateConfiguration", - "s3:GetAnalyticsConfiguration", - "s3:GetBucketCORS", - "s3:GetBucketLogging", - "s3:GetBucketMetadataTableConfiguration", - "s3:GetBucketNotification", - "s3:GetBucketObjectLockConfiguration", - "s3:GetBucketOwnershipControls", - "s3:GetBucketPublicAccessBlock", - "s3:GetBucketTagging", - "s3:GetBucketVersioning", - "s3:GetBucketWebsite", - "s3:GetEncryptionConfiguration", - "s3:GetIntelligentTieringConfiguration", - "s3:GetInventoryConfiguration", - "s3:GetLifecycleConfiguration", - "s3:GetMetricsConfiguration", - "s3:GetReplicationConfiguration", - "sns:GetDataProtectionPolicy", - "sns:GetTopicAttributes", - "sns:ListSubscriptionsByTopic", - "sns:ListTagsForResource", - "sqs:GetQueueAttributes", - "sqs:ListQueueTags" - ], - "Resource": "*" - } - ] - }, - "tags": [] - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "AWSResourceExplorerServiceRolePolicy", - "type": "AwsIamPolicy", - "uid": "arn:aws:iam::aws:policy/aws-service-role/AWSResourceExplorerServiceRolePolicy" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "It is more secure to start with a minimum set of permissions and grant additional permissions as necessary, rather than starting with permissions that are too lenient and then trying to tighten them later. List policies an analyze if permissions are the least possible to conduct business activities.", - "references": [ - "http://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html" - ] - }, - "risk_details": "IAM policies are the means by which privileges are granted to users, groups, or roles. It is recommended and considered a standard security advice to grant least privilegeβ€”that is, granting only the permissions required to perform a task. Determine what users need to do and then craft policies for them that let the users perform only those tasks instead of allowing full administrative privileges. Providing full administrative privileges instead of restricting to the minimum set of permissions that the user is required to do exposes the resources to potentially unwanted actions.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No SAML Providers found.", - "metadata": { - "event_code": "iam_check_saml_providers_sts", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "No SAML Providers found.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.21" - ], - "ENS-RD2022": [ - "op.acc.1.aws.iam.2" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.3", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.21" - ], - "CIS-5.0": [ - "1.20" - ], - "CIS-1.4": [ - "1.21" - ], - "CCC": [ - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR06" - ], - "ProwlerThreatScore-1.0": [ - "1.2.7" - ], - "CIS-1.5": [ - "1.21" - ], - "KISA-ISMS-P-2023": [ - "2.5.3", - "2.10.2" - ], - "CIS-2.0": [ - "1.21" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Check if there are SAML Providers then STS can be used", - "title": "Check if there are SAML Providers then STS can be used", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_check_saml_providers_sts-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:iam::211203495394:root" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Enable SAML provider and use temporary credentials. You can use temporary security credentials to make programmatic requests for AWS resources using the AWS CLI or AWS API (using the AWS SDKs ). The temporary credentials provide the same permissions that you have with use long-term security credentials such as IAM user credentials. In case of not having SAML provider capabilities prevent usage of long-lived credentials.", - "references": [ - "https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRoleWithSAML.html" - ] - }, - "risk_details": "Without SAML provider users with AWS CLI or AWS API access can use IAM static credentials. SAML helps users to assume role by default each time they authenticate.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Inline policy terraform-20251019170219823000000002 attached to role BedrockAgents20251019170219585900000001 does not allow privilege escalation.", - "metadata": { - "event_code": "iam_inline_policy_allows_privilege_escalation", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Inline policy terraform-20251019170219823000000002 attached to role BedrockAgents20251019170219585900000001 does not allow privilege escalation.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_3_3" - ], - "C5-2025": [ - "SP-01.04B", - "AM-09.04AC" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.LB.CN05.AR01", - "CCC.Monitor.CN05.AR01", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR04" - ], - "ProwlerThreatScore-1.0": [ - "1.3.3" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Ensure no Inline IAM policies allow actions that may lead into Privilege Escalation", - "title": "Ensure no IAM Inline policies allow actions that may lead into Privilege Escalation", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards" - ], - "uid": "prowler-aws-iam_inline_policy_allows_privilege_escalation-211203495394-us-east-1-BedrockAgents20251019170219585900000001/terraform-20251019170219823000000002" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "terraform-20251019170219823000000002", - "arn": "arn:aws:iam::211203495394:role/BedrockAgents20251019170219585900000001", - "entity": "BedrockAgents20251019170219585900000001", - "version_id": "v1", - "type": "Inline", - "attached": true, - "document": { - "Version": "2012-10-17", - "Statement": [ - { - "Action": [ - "bedrock:UseInferenceProfile", - "bedrock:InvokeModel*", - "bedrock:GetInferenceProfile" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:bedrock:us-east-1::foundation-model/anthropic.claude-v2", - "arn:aws:bedrock:us-east-1:211203495394:inference-profile/*.anthropic.claude-v2", - "arn:aws:bedrock:*::foundation-model/anthropic.claude-v2" - ] - } - ] - }, - "tags": [] - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "BedrockAgents20251019170219585900000001/terraform-20251019170219823000000002", - "type": "AwsIamPolicy", - "uid": "arn:aws:iam::211203495394:role/BedrockAgents20251019170219585900000001" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Grant usage permission on a per-resource basis and applying least privilege principle.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#grant-least-privilege" - ] - }, - "risk_details": "Users with some IAM permissions are allowed to elevate their privileges up to administrator rights.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Inline policy terraform-20251019170303948100000003 attached to role BedrockAgents20251019170219585900000001 does not allow privilege escalation.", - "metadata": { - "event_code": "iam_inline_policy_allows_privilege_escalation", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Inline policy terraform-20251019170303948100000003 attached to role BedrockAgents20251019170219585900000001 does not allow privilege escalation.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_3_3" - ], - "C5-2025": [ - "SP-01.04B", - "AM-09.04AC" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.LB.CN05.AR01", - "CCC.Monitor.CN05.AR01", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR04" - ], - "ProwlerThreatScore-1.0": [ - "1.3.3" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Ensure no Inline IAM policies allow actions that may lead into Privilege Escalation", - "title": "Ensure no IAM Inline policies allow actions that may lead into Privilege Escalation", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards" - ], - "uid": "prowler-aws-iam_inline_policy_allows_privilege_escalation-211203495394-us-east-1-BedrockAgents20251019170219585900000001/terraform-20251019170303948100000003" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "terraform-20251019170303948100000003", - "arn": "arn:aws:iam::211203495394:role/BedrockAgents20251019170219585900000001", - "entity": "BedrockAgents20251019170219585900000001", - "version_id": "v1", - "type": "Inline", - "attached": true, - "document": { - "Version": "2012-10-17", - "Statement": [ - { - "Action": [ - "bedrock:ApplyGuardrail" - ], - "Effect": "Allow", - "Resource": "arn:aws:bedrock:us-east-1:211203495394:guardrail/yk2rgwn4nj1z" - } - ] - }, - "tags": [] - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "BedrockAgents20251019170219585900000001/terraform-20251019170303948100000003", - "type": "AwsIamPolicy", - "uid": "arn:aws:iam::211203495394:role/BedrockAgents20251019170219585900000001" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Grant usage permission on a per-resource basis and applying least privilege principle.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#grant-least-privilege" - ] - }, - "risk_details": "Users with some IAM permissions are allowed to elevate their privileges up to administrator rights.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Inline policy terraform-20251019170219823000000002 attached to role BedrockAgents20251019170219585900000001 does not allow '*:*' administrative privileges.", - "metadata": { - "event_code": "iam_inline_policy_no_administrative_privileges", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Inline policy terraform-20251019170219823000000002 attached to role BedrockAgents20251019170219585900000001 does not allow '*:*' administrative privileges.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "CAF Security Epic: IAM", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_1", - "3_1_2", - "3_1_4", - "3_1_5", - "3_1_6", - "3_1_7", - "3_4_6", - "3_13_3" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_1" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_308_a_3_i", - "164_308_a_3_ii_b", - "164_308_a_4_i", - "164_308_a_4_ii_b", - "164_308_a_4_ii_c", - "164_312_a_1" - ], - "SOC2": [ - "cc_1_3", - "cc_6_3" - ], - "C5-2025": [ - "OIS-04.01AC", - "SP-01.04B", - "HR-01.01B", - "IAM-01.01B", - "IAM-01.04B" - ], - "NIST-CSF-1.1": [ - "ac_1", - "ac_4", - "pt_3" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-1", - "ac-2-f", - "ac-2-j", - "ac-3", - "ac-5-c", - "ac-6-10", - "ac-6", - "sc-2" - ], - "NIST-800-53-Revision-5": [ - "ac_2_1", - "ac_2_6", - "ac_2_i_2", - "ac_3", - "ac_3_3", - "ac_3_3_a", - "ac_3_3_b_1", - "ac_3_3_b_2", - "ac_3_3_b_3", - "ac_3_3_b_4", - "ac_3_3_b_5", - "ac_3_3_c", - "ac_3_4", - "ac_3_4_a", - "ac_3_4_b", - "ac_3_4_c", - "ac_3_4_d", - "ac_3_4_e", - "ac_3_7", - "ac_3_8", - "ac_3_12_a", - "ac_3_13", - "ac_3_15_a", - "ac_3_15_b", - "ac_4_28", - "ac_5_b", - "ac_6", - "ac_6_2", - "ac_6_3", - "ac_6_10", - "ac_24", - "cm_5_1_a", - "cm_6_a", - "cm_9_b", - "mp_2", - "sc_23_3", - "sc_25" - ], - "ENS-RD2022": [ - "op.acc.4.aws.iam.1", - "op.acc.4.aws.iam.2", - "op.acc.4.aws.iam.9", - "op.exp.8.r4.aws.ct.8" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "ac-3" - ], - "FFIEC": [ - "d3-pc-am-b-1", - "d3-pc-am-b-16", - "d3-pc-am-b-2", - "d3-pc-am-b-3", - "d3-pc-am-b-6", - "d3-pc-im-b-7" - ], - "GDPR": [ - "article_25" - ], - "CCC": [ - "CCC.LB.CN05.AR01" - ], - "GxP-21-CFR-Part-11": [ - "11.10-d", - "11.10-g" - ], - "AWS-Foundational-Security-Best-Practices": [ - "IAM.1" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC03-BP02" - ], - "ISO27001-2022": [ - "A.5.18", - "A.8.2" - ], - "NIST-800-53-Revision-4": [ - "ac_2", - "ac_3", - "ac_5", - "ac_6", - "sc_2" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1078", - "T1648", - "T1098", - "T1578", - "T1550", - "T1040", - "T1580", - "T1538", - "T1619", - "T1201" - ], - "CISA": [ - "your-systems-3", - "your-surroundings-3" - ], - "NIS2": [ - "6.7.2.e", - "11.3.2.c", - "11.4.2.b" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Ensure inline policies that allow full \"*:*\" administrative privileges are not associated to IAM identities", - "title": "Ensure IAM inline policies that allow full \"*:*\" administrative privileges are not associated to IAM identities", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_inline_policy_no_administrative_privileges-211203495394-us-east-1-BedrockAgents20251019170219585900000001/terraform-20251019170219823000000002" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "terraform-20251019170219823000000002", - "arn": "arn:aws:iam::211203495394:role/BedrockAgents20251019170219585900000001", - "entity": "BedrockAgents20251019170219585900000001", - "version_id": "v1", - "type": "Inline", - "attached": true, - "document": { - "Version": "2012-10-17", - "Statement": [ - { - "Action": [ - "bedrock:UseInferenceProfile", - "bedrock:InvokeModel*", - "bedrock:GetInferenceProfile" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:bedrock:us-east-1::foundation-model/anthropic.claude-v2", - "arn:aws:bedrock:us-east-1:211203495394:inference-profile/*.anthropic.claude-v2", - "arn:aws:bedrock:*::foundation-model/anthropic.claude-v2" - ] - } - ] - }, - "tags": [] - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "BedrockAgents20251019170219585900000001/terraform-20251019170219823000000002", - "type": "AwsIamPolicy", - "uid": "arn:aws:iam::211203495394:role/BedrockAgents20251019170219585900000001" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "It is more secure to start with a minimum set of permissions and grant additional permissions as necessary, rather than starting with permissions that are too lenient and then trying to tighten them later. List policies an analyze if permissions are the least possible to conduct business activities.", - "references": [ - "http://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html" - ] - }, - "risk_details": "IAM policies are the means by which privileges are granted to users, groups or roles. It is recommended and considered a standard security advice to grant least privilegeβ€”that is, granting only the permissions required to perform a task. Determine what users need to do and then craft policies for them that let the users perform only those tasks instead of allowing full administrative privileges. Providing full administrative privileges instead of restricting to the minimum set of permissions that the user is required to do exposes the resources to potentially unwanted actions.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Inline policy terraform-20251019170303948100000003 attached to role BedrockAgents20251019170219585900000001 does not allow '*:*' administrative privileges.", - "metadata": { - "event_code": "iam_inline_policy_no_administrative_privileges", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Inline policy terraform-20251019170303948100000003 attached to role BedrockAgents20251019170219585900000001 does not allow '*:*' administrative privileges.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "CAF Security Epic: IAM", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_1", - "3_1_2", - "3_1_4", - "3_1_5", - "3_1_6", - "3_1_7", - "3_4_6", - "3_13_3" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_1" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_308_a_3_i", - "164_308_a_3_ii_b", - "164_308_a_4_i", - "164_308_a_4_ii_b", - "164_308_a_4_ii_c", - "164_312_a_1" - ], - "SOC2": [ - "cc_1_3", - "cc_6_3" - ], - "C5-2025": [ - "OIS-04.01AC", - "SP-01.04B", - "HR-01.01B", - "IAM-01.01B", - "IAM-01.04B" - ], - "NIST-CSF-1.1": [ - "ac_1", - "ac_4", - "pt_3" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-1", - "ac-2-f", - "ac-2-j", - "ac-3", - "ac-5-c", - "ac-6-10", - "ac-6", - "sc-2" - ], - "NIST-800-53-Revision-5": [ - "ac_2_1", - "ac_2_6", - "ac_2_i_2", - "ac_3", - "ac_3_3", - "ac_3_3_a", - "ac_3_3_b_1", - "ac_3_3_b_2", - "ac_3_3_b_3", - "ac_3_3_b_4", - "ac_3_3_b_5", - "ac_3_3_c", - "ac_3_4", - "ac_3_4_a", - "ac_3_4_b", - "ac_3_4_c", - "ac_3_4_d", - "ac_3_4_e", - "ac_3_7", - "ac_3_8", - "ac_3_12_a", - "ac_3_13", - "ac_3_15_a", - "ac_3_15_b", - "ac_4_28", - "ac_5_b", - "ac_6", - "ac_6_2", - "ac_6_3", - "ac_6_10", - "ac_24", - "cm_5_1_a", - "cm_6_a", - "cm_9_b", - "mp_2", - "sc_23_3", - "sc_25" - ], - "ENS-RD2022": [ - "op.acc.4.aws.iam.1", - "op.acc.4.aws.iam.2", - "op.acc.4.aws.iam.9", - "op.exp.8.r4.aws.ct.8" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "ac-3" - ], - "FFIEC": [ - "d3-pc-am-b-1", - "d3-pc-am-b-16", - "d3-pc-am-b-2", - "d3-pc-am-b-3", - "d3-pc-am-b-6", - "d3-pc-im-b-7" - ], - "GDPR": [ - "article_25" - ], - "CCC": [ - "CCC.LB.CN05.AR01" - ], - "GxP-21-CFR-Part-11": [ - "11.10-d", - "11.10-g" - ], - "AWS-Foundational-Security-Best-Practices": [ - "IAM.1" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC03-BP02" - ], - "ISO27001-2022": [ - "A.5.18", - "A.8.2" - ], - "NIST-800-53-Revision-4": [ - "ac_2", - "ac_3", - "ac_5", - "ac_6", - "sc_2" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1078", - "T1648", - "T1098", - "T1578", - "T1550", - "T1040", - "T1580", - "T1538", - "T1619", - "T1201" - ], - "CISA": [ - "your-systems-3", - "your-surroundings-3" - ], - "NIS2": [ - "6.7.2.e", - "11.3.2.c", - "11.4.2.b" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Ensure inline policies that allow full \"*:*\" administrative privileges are not associated to IAM identities", - "title": "Ensure IAM inline policies that allow full \"*:*\" administrative privileges are not associated to IAM identities", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_inline_policy_no_administrative_privileges-211203495394-us-east-1-BedrockAgents20251019170219585900000001/terraform-20251019170303948100000003" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "terraform-20251019170303948100000003", - "arn": "arn:aws:iam::211203495394:role/BedrockAgents20251019170219585900000001", - "entity": "BedrockAgents20251019170219585900000001", - "version_id": "v1", - "type": "Inline", - "attached": true, - "document": { - "Version": "2012-10-17", - "Statement": [ - { - "Action": [ - "bedrock:ApplyGuardrail" - ], - "Effect": "Allow", - "Resource": "arn:aws:bedrock:us-east-1:211203495394:guardrail/yk2rgwn4nj1z" - } - ] - }, - "tags": [] - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "BedrockAgents20251019170219585900000001/terraform-20251019170303948100000003", - "type": "AwsIamPolicy", - "uid": "arn:aws:iam::211203495394:role/BedrockAgents20251019170219585900000001" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "It is more secure to start with a minimum set of permissions and grant additional permissions as necessary, rather than starting with permissions that are too lenient and then trying to tighten them later. List policies an analyze if permissions are the least possible to conduct business activities.", - "references": [ - "http://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html" - ] - }, - "risk_details": "IAM policies are the means by which privileges are granted to users, groups or roles. It is recommended and considered a standard security advice to grant least privilegeβ€”that is, granting only the permissions required to perform a task. Determine what users need to do and then craft policies for them that let the users perform only those tasks instead of allowing full administrative privileges. Providing full administrative privileges instead of restricting to the minimum set of permissions that the user is required to do exposes the resources to potentially unwanted actions.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Inline policy terraform-20251019170219823000000002 attached to role BedrockAgents20251019170219585900000001 does not allow 'cloudtrail:*' privileges.", - "metadata": { - "event_code": "iam_inline_policy_no_full_access_to_cloudtrail", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Inline policy terraform-20251019170219823000000002 attached to role BedrockAgents20251019170219585900000001 does not allow 'cloudtrail:*' privileges.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-10.01B", - "SIM-03.07B", - "COM-04.01AC" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.LB.CN05.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN05.AR01", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR04" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Ensure IAM inline policies that allow full \"cloudtrail:*\" privileges are not created", - "title": "Ensure IAM inline policies that allow full \"cloudtrail:*\" privileges are not created", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_inline_policy_no_full_access_to_cloudtrail-211203495394-us-east-1-BedrockAgents20251019170219585900000001/terraform-20251019170219823000000002" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "terraform-20251019170219823000000002", - "arn": "arn:aws:iam::211203495394:role/BedrockAgents20251019170219585900000001", - "entity": "BedrockAgents20251019170219585900000001", - "version_id": "v1", - "type": "Inline", - "attached": true, - "document": { - "Version": "2012-10-17", - "Statement": [ - { - "Action": [ - "bedrock:UseInferenceProfile", - "bedrock:InvokeModel*", - "bedrock:GetInferenceProfile" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:bedrock:us-east-1::foundation-model/anthropic.claude-v2", - "arn:aws:bedrock:us-east-1:211203495394:inference-profile/*.anthropic.claude-v2", - "arn:aws:bedrock:*::foundation-model/anthropic.claude-v2" - ] - } - ] - }, - "tags": [] - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "BedrockAgents20251019170219585900000001/terraform-20251019170219823000000002", - "type": "AwsIamPolicy", - "uid": "arn:aws:iam::211203495394:role/BedrockAgents20251019170219585900000001" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "It is more secure to start with a minimum set of permissions and grant additional permissions as necessary, rather than starting with permissions that are too lenient and then trying to tighten them later. List policies an analyze if permissions are the least possible to conduct business activities.", - "references": [ - "http://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html" - ] - }, - "risk_details": "CloudTrail is a critical service and IAM policies should follow least privilege model for this service in particular", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Inline policy terraform-20251019170303948100000003 attached to role BedrockAgents20251019170219585900000001 does not allow 'cloudtrail:*' privileges.", - "metadata": { - "event_code": "iam_inline_policy_no_full_access_to_cloudtrail", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Inline policy terraform-20251019170303948100000003 attached to role BedrockAgents20251019170219585900000001 does not allow 'cloudtrail:*' privileges.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-10.01B", - "SIM-03.07B", - "COM-04.01AC" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.LB.CN05.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN05.AR01", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR04" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Ensure IAM inline policies that allow full \"cloudtrail:*\" privileges are not created", - "title": "Ensure IAM inline policies that allow full \"cloudtrail:*\" privileges are not created", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_inline_policy_no_full_access_to_cloudtrail-211203495394-us-east-1-BedrockAgents20251019170219585900000001/terraform-20251019170303948100000003" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "terraform-20251019170303948100000003", - "arn": "arn:aws:iam::211203495394:role/BedrockAgents20251019170219585900000001", - "entity": "BedrockAgents20251019170219585900000001", - "version_id": "v1", - "type": "Inline", - "attached": true, - "document": { - "Version": "2012-10-17", - "Statement": [ - { - "Action": [ - "bedrock:ApplyGuardrail" - ], - "Effect": "Allow", - "Resource": "arn:aws:bedrock:us-east-1:211203495394:guardrail/yk2rgwn4nj1z" - } - ] - }, - "tags": [] - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "BedrockAgents20251019170219585900000001/terraform-20251019170303948100000003", - "type": "AwsIamPolicy", - "uid": "arn:aws:iam::211203495394:role/BedrockAgents20251019170219585900000001" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "It is more secure to start with a minimum set of permissions and grant additional permissions as necessary, rather than starting with permissions that are too lenient and then trying to tighten them later. List policies an analyze if permissions are the least possible to conduct business activities.", - "references": [ - "http://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html" - ] - }, - "risk_details": "CloudTrail is a critical service and IAM policies should follow least privilege model for this service in particular", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Inline policy terraform-20251019170219823000000002 attached to role BedrockAgents20251019170219585900000001 does not allow 'kms:*' privileges.", - "metadata": { - "event_code": "iam_inline_policy_no_full_access_to_kms", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Inline policy terraform-20251019170219823000000002 attached to role BedrockAgents20251019170219585900000001 does not allow 'kms:*' privileges.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "IAM-10.01B", - "CRY-05.02B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "PCI-4.0": [ - "3.5.1.1.8", - "3.5.1.3.16", - "3.6.1.2.8", - "3.6.1.3.8", - "3.6.1.4.8", - "3.6.1.8", - "3.7.1.9", - "3.7.2.8", - "3.7.4.9", - "3.7.6.8", - "3.7.7.8", - "4.2.1.1.21", - "7.2.1.10", - "7.2.2.10", - "7.2.3.6", - "7.2.5.6", - "7.3.1.6", - "7.3.2.6", - "7.3.3.6", - "8.2.7.6", - "8.2.8.8", - "8.3.4.6" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.KeyMgmt.CN02.AR01", - "CCC.LB.CN05.AR01", - "CCC.ObjStor.CN01.AR02", - "CCC.ObjStor.CN01.AR04", - "CCC.MLDE.CN01.AR01", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR04" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Ensure IAM inline policies that allow full \"kms:*\" privileges are not created", - "title": "Ensure IAM inline policies that allow full \"kms:*\" privileges are not created", - "types": [ - "Software and Configuration Checks" - ], - "uid": "prowler-aws-iam_inline_policy_no_full_access_to_kms-211203495394-us-east-1-BedrockAgents20251019170219585900000001/terraform-20251019170219823000000002" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "terraform-20251019170219823000000002", - "arn": "arn:aws:iam::211203495394:role/BedrockAgents20251019170219585900000001", - "entity": "BedrockAgents20251019170219585900000001", - "version_id": "v1", - "type": "Inline", - "attached": true, - "document": { - "Version": "2012-10-17", - "Statement": [ - { - "Action": [ - "bedrock:UseInferenceProfile", - "bedrock:InvokeModel*", - "bedrock:GetInferenceProfile" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:bedrock:us-east-1::foundation-model/anthropic.claude-v2", - "arn:aws:bedrock:us-east-1:211203495394:inference-profile/*.anthropic.claude-v2", - "arn:aws:bedrock:*::foundation-model/anthropic.claude-v2" - ] - } - ] - }, - "tags": [] - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "BedrockAgents20251019170219585900000001/terraform-20251019170219823000000002", - "type": "AwsIamPolicy", - "uid": "arn:aws:iam::211203495394:role/BedrockAgents20251019170219585900000001" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "It is more secure to start with a minimum set of permissions and grant additional permissions as necessary, rather than starting with permissions that are too lenient and then trying to tighten them later. List policies an analyze if permissions are the least possible to conduct business activities.", - "references": [ - "http://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html" - ] - }, - "risk_details": "KMS is a critical service and IAM policies should follow least privilege model for this service in particular", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Inline policy terraform-20251019170303948100000003 attached to role BedrockAgents20251019170219585900000001 does not allow 'kms:*' privileges.", - "metadata": { - "event_code": "iam_inline_policy_no_full_access_to_kms", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Inline policy terraform-20251019170303948100000003 attached to role BedrockAgents20251019170219585900000001 does not allow 'kms:*' privileges.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "IAM-10.01B", - "CRY-05.02B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "PCI-4.0": [ - "3.5.1.1.8", - "3.5.1.3.16", - "3.6.1.2.8", - "3.6.1.3.8", - "3.6.1.4.8", - "3.6.1.8", - "3.7.1.9", - "3.7.2.8", - "3.7.4.9", - "3.7.6.8", - "3.7.7.8", - "4.2.1.1.21", - "7.2.1.10", - "7.2.2.10", - "7.2.3.6", - "7.2.5.6", - "7.3.1.6", - "7.3.2.6", - "7.3.3.6", - "8.2.7.6", - "8.2.8.8", - "8.3.4.6" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.KeyMgmt.CN02.AR01", - "CCC.LB.CN05.AR01", - "CCC.ObjStor.CN01.AR02", - "CCC.ObjStor.CN01.AR04", - "CCC.MLDE.CN01.AR01", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR04" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Ensure IAM inline policies that allow full \"kms:*\" privileges are not created", - "title": "Ensure IAM inline policies that allow full \"kms:*\" privileges are not created", - "types": [ - "Software and Configuration Checks" - ], - "uid": "prowler-aws-iam_inline_policy_no_full_access_to_kms-211203495394-us-east-1-BedrockAgents20251019170219585900000001/terraform-20251019170303948100000003" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "terraform-20251019170303948100000003", - "arn": "arn:aws:iam::211203495394:role/BedrockAgents20251019170219585900000001", - "entity": "BedrockAgents20251019170219585900000001", - "version_id": "v1", - "type": "Inline", - "attached": true, - "document": { - "Version": "2012-10-17", - "Statement": [ - { - "Action": [ - "bedrock:ApplyGuardrail" - ], - "Effect": "Allow", - "Resource": "arn:aws:bedrock:us-east-1:211203495394:guardrail/yk2rgwn4nj1z" - } - ] - }, - "tags": [] - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "BedrockAgents20251019170219585900000001/terraform-20251019170303948100000003", - "type": "AwsIamPolicy", - "uid": "arn:aws:iam::211203495394:role/BedrockAgents20251019170219585900000001" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "It is more secure to start with a minimum set of permissions and grant additional permissions as necessary, rather than starting with permissions that are too lenient and then trying to tighten them later. List policies an analyze if permissions are the least possible to conduct business activities.", - "references": [ - "http://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html" - ] - }, - "risk_details": "KMS is a critical service and IAM policies should follow least privilege model for this service in particular", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Root account does not have access keys.", - "metadata": { - "event_code": "iam_no_root_access_key", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "PASS", - "status_detail": "Root account does not have access keys.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_1", - "3_1_2", - "3_1_4", - "3_1_5", - "3_1_6", - "3_1_7", - "3_4_6" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_1" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_308_a_3_i", - "164_308_a_3_ii_b", - "164_308_a_4_ii_c", - "164_312_a_2_i" - ], - "C5-2025": [ - "IAM-03.01B", - "IAM-03.03B", - "IAM-06.02B", - "IAM-10.01B", - "CRY-03.01B" - ], - "NIST-CSF-1.1": [ - "ac_1", - "ac_4", - "pt_3" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-1", - "ac-2-f", - "ac-2-j", - "ac-3", - "ac-5-c", - "ac-6-10", - "ac-6", - "ia-2" - ], - "CIS-3.0": [ - "1.4" - ], - "NIST-800-53-Revision-5": [ - "ac_2_1", - "ac_2_6", - "ac_3_3", - "ac_3_3_a", - "ac_3_3_b_1", - "ac_3_3_b_2", - "ac_3_3_b_3", - "ac_3_3_b_4", - "ac_3_3_b_5", - "ac_3_3_c", - "ac_3_4", - "ac_3_4_a", - "ac_3_4_b", - "ac_3_4_c", - "ac_3_4_d", - "ac_3_4_e", - "ac_3_7", - "ac_3_8", - "ac_3_12_a", - "ac_3_13", - "ac_3_15_a", - "ac_3_15_b", - "ac_4_28", - "ac_6", - "ac_6_2", - "ac_6_10", - "ac_24", - "cm_5_1_a", - "cm_6_a", - "cm_9_b", - "ia_2", - "ia_4_b", - "ia_4_4", - "ia_4_8", - "ia_5_8", - "mp_2", - "sc_23_3", - "sc_25" - ], - "ENS-RD2022": [ - "op.acc.4.aws.iam.7" - ], - "AWS-Foundational-Technical-Review": [ - "ARC-004" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.5", - "2.7.2", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.4" - ], - "PCI-4.0": [ - "7.2.1.17", - "7.2.2.17", - "7.2.3.8", - "8.2.1.4", - "8.2.2.6", - "8.2.4.4", - "8.2.5.4", - "8.3.11.4" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "ac-3", - "ia-2" - ], - "FFIEC": [ - "d3-pc-am-b-1", - "d3-pc-am-b-3", - "d3-pc-am-b-8" - ], - "GDPR": [ - "article_25" - ], - "CIS-5.0": [ - "1.3" - ], - "CIS-1.4": [ - "1.4" - ], - "CCC": [ - "CCC.Core.CN05.AR06" - ], - "GxP-21-CFR-Part-11": [ - "11.10-d", - "11.10-g", - "11.200" - ], - "ProwlerThreatScore-1.0": [ - "1.1.13" - ], - "AWS-Foundational-Security-Best-Practices": [ - "IAM.4" - ], - "CIS-1.5": [ - "1.4" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC01-BP02" - ], - "ISO27001-2022": [ - "A.5.15" - ], - "NIST-800-53-Revision-4": [ - "ac_2", - "ac_3", - "ac_6_10", - "ac_6" - ], - "AWS-Account-Security-Onboarding": [ - "Block root user" - ], - "KISA-ISMS-P-2023": [ - "2.5.5", - "2.7.2", - "2.10.2" - ], - "ISO27001-2013": [ - "A.9.2", - "A.9.4" - ], - "MITRE-ATTACK": [ - "T1078", - "T1550" - ], - "CIS-2.0": [ - "1.4" - ], - "CISA": [ - "your-systems-3", - "your-surroundings-3" - ], - "NIS2": [ - "9.2.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Ensure no root account access key exists", - "title": "Ensure no root account access key exists", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_no_root_access_key-211203495394-us-east-1-" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "user": "", - "arn": "arn:aws:iam::211203495394:root", - "user_creation_time": "2025-10-03T16:10:08Z", - "password_enabled": "true", - "password_last_used": "2025-10-15T00:42:44Z", - "password_last_changed": "2025-10-03T16:10:08Z", - "password_next_rotation": "not_supported", - "mfa_active": "true", - "access_key_1_active": "false", - "access_key_1_last_rotated": "N/A", - "access_key_1_last_used_date": "N/A", - "access_key_1_last_used_region": "N/A", - "access_key_1_last_used_service": "N/A", - "access_key_2_active": "false", - "access_key_2_last_rotated": "N/A", - "access_key_2_last_used_date": "N/A", - "access_key_2_last_used_region": "N/A", - "access_key_2_last_used_service": "N/A", - "cert_1_active": "false", - "cert_1_last_rotated": "N/A", - "cert_2_active": "false", - "cert_2_last_rotated": "N/A" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "", - "type": "AwsIamAccessKey", - "uid": "arn:aws:iam::211203495394:root" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Use the credential report to check the user and ensure the access_key_1_active and access_key_2_active fields are set to FALSE. If using AWS Organizations, consider enabling Centralized Root Management and removing individual root credentials.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_getting-report.html" - ] - }, - "risk_details": "The root account is the most privileged user in an AWS account. AWS Access Keys provide programmatic access to a given AWS account. It is recommended that all access keys associated with the root account be removed. Removing access keys associated with the root account limits vectors by which the account can be compromised. Removing the root access keys encourages the creation and use of role based accounts that are least privileged.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Password expiration is not set.", - "metadata": { - "event_code": "iam_password_policy_expires_passwords_within_90_days_or_less", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Password expiration is not set.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_5_5", - "3_5_6", - "3_5_7", - "3_5_8" - ], - "C5-2025": [ - "IAM-03.02B", - "IAM-08.03B", - "IAM-08.05B", - "PSS-07.01B" - ], - "ENS-RD2022": [ - "op.acc.6.aws.iam.3" - ], - "AWS-Foundational-Technical-Review": [ - "IAM-003" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.4", - "2.10.2" - ], - "PCI-4.0": [ - "8.3.6.1", - "8.6.3.2" - ], - "CCC": [ - "CCC.Core.CN05.AR02" - ], - "ProwlerThreatScore-1.0": [ - "1.1.12" - ], - "AWS-Foundational-Security-Best-Practices": [ - "IAM.7", - "IAM.10" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC03-BP06" - ], - "ISO27001-2022": [ - "A.5.15" - ], - "KISA-ISMS-P-2023": [ - "2.5.4", - "2.10.2" - ], - "ISO27001-2013": [ - "A.9.2", - "A.9.3", - "A.9.4" - ], - "MITRE-ATTACK": [ - "T1078", - "T1110" - ], - "NIS2": [ - "1.1.1.d", - "1.1.2", - "9.2.c.v", - "11.6.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Ensure IAM password policy expires passwords within 90 days or less", - "title": "Ensure IAM password policy expires passwords within 90 days or less", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_password_policy_expires_passwords_within_90_days_or_less-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "length": 8, - "symbols": false, - "numbers": false, - "uppercase": false, - "lowercase": false, - "allow_change": true, - "expiration": false, - "max_age": null, - "reuse_prevention": null, - "hard_expiry": null - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:iam:us-east-1:211203495394:password-policy" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Ensure Password expiration period (in days): is set to 90 or less.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_passwords_account-policy.html" - ] - }, - "risk_details": "Password policies are used to enforce password complexity requirements. IAM password policies can be used to ensure password are comprised of different character sets. It is recommended that the password policy require at least one uppercase letter.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "IAM password policy does not require at least one lowercase letter.", - "metadata": { - "event_code": "iam_password_policy_lowercase", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "IAM password policy does not require at least one lowercase letter.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_5_7" - ], - "HIPAA": [ - "164_308_a_5_ii_d" - ], - "C5-2025": [ - "IAM-08.03B", - "PSS-07.01B" - ], - "ENS-RD2022": [ - "op.acc.6.r1.aws.iam.1" - ], - "AWS-Foundational-Technical-Review": [ - "IAM-003" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.4", - "2.10.2" - ], - "FFIEC": [ - "d3-pc-am-b-6", - "d3-pc-am-b-7" - ], - "GDPR": [ - "article_25" - ], - "CCC": [ - "CCC.Core.CN05.AR02" - ], - "GxP-21-CFR-Part-11": [ - "11.10-d", - "11.10-g", - "11.200", - "11.300-b" - ], - "ProwlerThreatScore-1.0": [ - "1.1.8" - ], - "AWS-Foundational-Security-Best-Practices": [ - "IAM.7", - "IAM.10" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC02-BP01" - ], - "ISO27001-2022": [ - "A.5.15" - ], - "KISA-ISMS-P-2023": [ - "2.5.4", - "2.10.2" - ], - "ISO27001-2013": [ - "A.9.2", - "A.9.3", - "A.9.4" - ], - "MITRE-ATTACK": [ - "T1078", - "T1110" - ], - "CISA": [ - "your-systems-3", - "your-surroundings-4" - ], - "NIS2": [ - "9.2.c.v", - "11.6.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Ensure IAM password policy requires at least one uppercase letter", - "title": "Ensure IAM password policy require at least one lowercase letter", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_password_policy_lowercase-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "length": 8, - "symbols": false, - "numbers": false, - "uppercase": false, - "lowercase": false, - "allow_change": true, - "expiration": false, - "max_age": null, - "reuse_prevention": null, - "hard_expiry": null - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:iam:us-east-1:211203495394:password-policy" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Ensure \"Requires at least one lowercase letter\" is checked under \"Password Policy\".", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_passwords_account-policy.html" - ] - }, - "risk_details": "Password policies are used to enforce password complexity requirements. IAM password policies can be used to ensure password are comprised of different character sets. It is recommended that the password policy require at least one lowercase letter.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "IAM password policy does not require minimum length of 14 characters.", - "metadata": { - "event_code": "iam_password_policy_minimum_length_14", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "IAM password policy does not require minimum length of 14 characters.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_5_7" - ], - "HIPAA": [ - "164_308_a_5_ii_d" - ], - "C5-2025": [ - "IAM-08.03B", - "PSS-07.01B" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-1", - "ac-2-f", - "ac-2-j", - "ac-2-3", - "ac-5-c", - "ia-2", - "ia-5-1-a-d-e", - "ia-5-4" - ], - "CIS-3.0": [ - "1.8" - ], - "NIST-800-53-Revision-5": [ - "ac_2_1", - "ac_2_3_a", - "ac_2_3_b", - "ac_2_3_c", - "ac_2_3_d", - "ac_2_3", - "ac_2_d_1", - "ac_3_3", - "ac_3_3_a", - "ac_3_3_b_1", - "ac_3_3_b_2", - "ac_3_3_b_3", - "ac_3_3_b_4", - "ac_3_3_b_5", - "ac_3_3_c", - "ac_3_4", - "ac_3_4_a", - "ac_3_4_b", - "ac_3_4_c", - "ac_3_4_d", - "ac_3_4_e", - "ac_3_8", - "ac_3_12_a", - "ac_3_13", - "ac_3_15_a", - "ac_3_15_b", - "ac_4_28", - "ac_7_4", - "ac_7_4_a", - "ac_24", - "cm_5_1_a", - "cm_6_a", - "cm_9_b", - "cm_12_b", - "ia_4_d", - "ia_5", - "ia_5_b", - "ia_5_c", - "ia_5_d", - "ia_5_f", - "ia_5_h", - "ia_5_1_f", - "ia_5_1_g", - "ia_5_1_h", - "ia_5_1_h", - "ia_5_18_a", - "ia_5_18_b", - "ia_8_2_b", - "ma_4_c", - "sc_23_3" - ], - "ENS-RD2022": [ - "op.acc.6.r1.aws.iam.1" - ], - "AWS-Foundational-Technical-Review": [ - "IAM-003" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.4", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.8" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "ia-2" - ], - "FFIEC": [ - "d3-pc-am-b-6", - "d3-pc-am-b-7" - ], - "GDPR": [ - "article_25" - ], - "CIS-5.0": [ - "1.7" - ], - "CIS-1.4": [ - "1.8" - ], - "CCC": [ - "CCC.Core.CN05.AR02" - ], - "GxP-21-CFR-Part-11": [ - "11.10-d", - "11.10-g", - "11.200", - "11.300-b" - ], - "ProwlerThreatScore-1.0": [ - "1.1.4" - ], - "AWS-Foundational-Security-Best-Practices": [ - "IAM.7", - "IAM.10" - ], - "CIS-1.5": [ - "1.8" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC02-BP01" - ], - "ISO27001-2022": [ - "A.5.15" - ], - "KISA-ISMS-P-2023": [ - "2.5.4", - "2.10.2" - ], - "ISO27001-2013": [ - "A.9.2", - "A.9.3", - "A.9.4" - ], - "MITRE-ATTACK": [ - "T1078", - "T1110" - ], - "CIS-2.0": [ - "1.8" - ], - "CISA": [ - "your-systems-3", - "your-surroundings-4" - ], - "NIS2": [ - "9.2.c.v" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Ensure IAM password policy requires minimum length of 14 or greater", - "title": "Ensure IAM password policy requires minimum length of 14 or greater", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_password_policy_minimum_length_14-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "length": 8, - "symbols": false, - "numbers": false, - "uppercase": false, - "lowercase": false, - "allow_change": true, - "expiration": false, - "max_age": null, - "reuse_prevention": null, - "hard_expiry": null - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:iam:us-east-1:211203495394:password-policy" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Ensure \"Minimum password length\" is checked under \"Password Policy\".", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_passwords_account-policy.html" - ] - }, - "risk_details": "Password policies are used to enforce password complexity requirements. IAM password policies can be used to ensure password are comprised of different character sets. It is recommended that the password policy require minimum length of 14 or greater.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "IAM password policy does not require at least one number.", - "metadata": { - "event_code": "iam_password_policy_number", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "IAM password policy does not require at least one number.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_5_7" - ], - "HIPAA": [ - "164_308_a_5_ii_d" - ], - "C5-2025": [ - "IAM-08.03B", - "IAM-08.05B", - "PSS-07.01B" - ], - "ENS-RD2022": [ - "op.acc.6.r1.aws.iam.1" - ], - "AWS-Foundational-Technical-Review": [ - "IAM-003" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.4", - "2.10.2" - ], - "FFIEC": [ - "d3-pc-am-b-6", - "d3-pc-am-b-7" - ], - "GDPR": [ - "article_25" - ], - "CCC": [ - "CCC.Core.CN05.AR02" - ], - "GxP-21-CFR-Part-11": [ - "11.10-d", - "11.10-g", - "11.200", - "11.300-b" - ], - "ProwlerThreatScore-1.0": [ - "1.1.6" - ], - "AWS-Foundational-Security-Best-Practices": [ - "IAM.7", - "IAM.10" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC02-BP01" - ], - "ISO27001-2022": [ - "A.5.15" - ], - "KISA-ISMS-P-2023": [ - "2.5.4", - "2.10.2" - ], - "ISO27001-2013": [ - "A.9.2", - "A.9.3", - "A.9.4" - ], - "MITRE-ATTACK": [ - "T1078", - "T1110" - ], - "CISA": [ - "your-systems-3", - "your-surroundings-4" - ], - "NIS2": [ - "9.2.c.v" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Ensure IAM password policy require at least one number", - "title": "Ensure IAM password policy require at least one number", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_password_policy_number-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "length": 8, - "symbols": false, - "numbers": false, - "uppercase": false, - "lowercase": false, - "allow_change": true, - "expiration": false, - "max_age": null, - "reuse_prevention": null, - "hard_expiry": null - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:iam:us-east-1:211203495394:password-policy" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Ensure \"Require at least one number\" is checked under \"Password Policy\".", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_passwords_account-policy.html" - ] - }, - "risk_details": "Password policies are used to enforce password complexity requirements. IAM password policies can be used to ensure password are comprised of different character sets. It is recommended that the password policy require at least one number.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "IAM password policy reuse prevention is less than 24 or not set.", - "metadata": { - "event_code": "iam_password_policy_reuse_24", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "IAM password policy reuse prevention is less than 24 or not set.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_5_5", - "3_5_6", - "3_5_7", - "3_5_8" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_2" - ], - "HIPAA": [ - "164_308_a_4_ii_c", - "164_308_a_5_ii_d", - "164_312_d" - ], - "C5-2025": [ - "IAM-01.03B", - "IAM-03.02B", - "IAM-03.03B", - "IAM-03.01AS", - "IAM-08.03B", - "IAM-08.05B", - "IAM-08.07B", - "PSS-07.01B" - ], - "NIST-CSF-1.1": [ - "ac_1" - ], - "CIS-3.0": [ - "1.9" - ], - "ENS-RD2022": [ - "op.acc.6.r1.aws.iam.1" - ], - "AWS-Foundational-Technical-Review": [ - "IAM-003" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.4", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.9" - ], - "GDPR": [ - "article_25" - ], - "PCI-3.2.1": [ - "8.1", - "8.1.4", - "8.2", - "8.2.3", - "8.2.3.a", - "8.2.3.b", - "8.2.4", - "8.2.4.a", - "8.2.4.b", - "8.2.5", - "8.2.5.a", - "8.2.5.b" - ], - "CIS-5.0": [ - "1.8" - ], - "CIS-1.4": [ - "1.9" - ], - "CCC": [ - "CCC.Core.CN05.AR02" - ], - "ProwlerThreatScore-1.0": [ - "1.1.5" - ], - "AWS-Foundational-Security-Best-Practices": [ - "IAM.7", - "IAM.10" - ], - "CIS-1.5": [ - "1.9" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC02-BP01" - ], - "ISO27001-2022": [ - "A.5.15" - ], - "NIST-800-53-Revision-4": [ - "ac_2_1", - "ac_2", - "ia_2", - "ia_5_1", - "ia_5_4" - ], - "KISA-ISMS-P-2023": [ - "2.5.4", - "2.10.2" - ], - "ISO27001-2013": [ - "A.9.2", - "A.9.3", - "A.9.4" - ], - "MITRE-ATTACK": [ - "T1078", - "T1110" - ], - "CIS-2.0": [ - "1.9" - ], - "NIS2": [ - "9.2.c.v" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Ensure IAM password policy prevents password reuse: 24 or greater", - "title": "Ensure IAM password policy prevents password reuse: 24 or greater", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_password_policy_reuse_24-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "length": 8, - "symbols": false, - "numbers": false, - "uppercase": false, - "lowercase": false, - "allow_change": true, - "expiration": false, - "max_age": null, - "reuse_prevention": null, - "hard_expiry": null - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:iam:us-east-1:211203495394:password-policy" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Ensure \"Number of passwords to remember\" is set to 24.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_passwords_account-policy.html" - ] - }, - "risk_details": "Password policies are used to enforce password complexity requirements. IAM password policies can be used to ensure password are comprised of different character sets. It is recommended that the password policy prevents at least password reuse of 24 or greater.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "IAM password policy does not require at least one symbol.", - "metadata": { - "event_code": "iam_password_policy_symbol", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "IAM password policy does not require at least one symbol.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_5_7" - ], - "HIPAA": [ - "164_308_a_5_ii_d" - ], - "C5-2025": [ - "IAM-08.03B", - "PSS-07.01B" - ], - "ENS-RD2022": [ - "op.acc.6.r1.aws.iam.1" - ], - "AWS-Foundational-Technical-Review": [ - "IAM-003" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.4", - "2.10.2" - ], - "FFIEC": [ - "d3-pc-am-b-6", - "d3-pc-am-b-7" - ], - "GDPR": [ - "article_25" - ], - "CCC": [ - "CCC.Core.CN05.AR02" - ], - "GxP-21-CFR-Part-11": [ - "11.10-d", - "11.10-g", - "11.200", - "11.300-b" - ], - "ProwlerThreatScore-1.0": [ - "1.1.7" - ], - "AWS-Foundational-Security-Best-Practices": [ - "IAM.7", - "IAM.10" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC02-BP01" - ], - "ISO27001-2022": [ - "A.5.15" - ], - "KISA-ISMS-P-2023": [ - "2.5.4", - "2.10.2" - ], - "ISO27001-2013": [ - "A.9.2", - "A.9.3", - "A.9.4" - ], - "MITRE-ATTACK": [ - "T1078", - "T1110" - ], - "CISA": [ - "your-systems-3", - "your-surroundings-4" - ], - "NIS2": [ - "9.2.c.v" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Ensure IAM password policy require at least one symbol", - "title": "Ensure IAM password policy require at least one symbol", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_password_policy_symbol-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "length": 8, - "symbols": false, - "numbers": false, - "uppercase": false, - "lowercase": false, - "allow_change": true, - "expiration": false, - "max_age": null, - "reuse_prevention": null, - "hard_expiry": null - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:iam:us-east-1:211203495394:password-policy" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Ensure \"Require at least one non-alphanumeric character\" is checked under \"Password Policy\".", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_passwords_account-policy.html" - ] - }, - "risk_details": "Password policies are used to enforce password complexity requirements. IAM password policies can be used to ensure password are comprised of different character sets. It is recommended that the password policy require at least one non-alphanumeric character.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "IAM password policy does not require at least one uppercase letter.", - "metadata": { - "event_code": "iam_password_policy_uppercase", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "IAM password policy does not require at least one uppercase letter.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_5_7" - ], - "HIPAA": [ - "164_308_a_5_ii_d" - ], - "C5-2025": [ - "IAM-08.03B", - "IAM-08.05B", - "PSS-07.01B" - ], - "ENS-RD2022": [ - "op.acc.6.r1.aws.iam.1" - ], - "AWS-Foundational-Technical-Review": [ - "IAM-003" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.4", - "2.10.2" - ], - "FFIEC": [ - "d3-pc-am-b-6", - "d3-pc-am-b-7" - ], - "GDPR": [ - "article_25" - ], - "CCC": [ - "CCC.Core.CN05.AR02" - ], - "GxP-21-CFR-Part-11": [ - "11.10-d", - "11.10-g", - "11.200", - "11.300-b" - ], - "ProwlerThreatScore-1.0": [ - "1.1.9" - ], - "AWS-Foundational-Security-Best-Practices": [ - "IAM.7", - "IAM.10" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC02-BP01" - ], - "ISO27001-2022": [ - "A.5.15" - ], - "KISA-ISMS-P-2023": [ - "2.5.4", - "2.10.2" - ], - "ISO27001-2013": [ - "A.9.2", - "A.9.3", - "A.9.4" - ], - "MITRE-ATTACK": [ - "T1078", - "T1110" - ], - "CISA": [ - "your-systems-3", - "your-surroundings-4" - ], - "NIS2": [ - "9.2.c.v" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Ensure IAM password policy requires at least one uppercase letter", - "title": "Ensure IAM password policy requires at least one uppercase letter", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_password_policy_uppercase-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "length": 8, - "symbols": false, - "numbers": false, - "uppercase": false, - "lowercase": false, - "allow_change": true, - "expiration": false, - "max_age": null, - "reuse_prevention": null, - "hard_expiry": null - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:iam:us-east-1:211203495394:password-policy" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Ensure \"Requires at least one uppercase letter\" is checked under \"Password Policy\".", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_passwords_account-policy.html" - ] - }, - "risk_details": "Password policies are used to enforce password complexity requirements. IAM password policies can be used to ensure password are comprised of different character sets. It is recommended that the password policy require at least one uppercase letter.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User terraform-user has the policy AdministratorAccess attached.", - "metadata": { - "event_code": "iam_policy_attached_only_to_group_or_roles", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "User terraform-user has the policy AdministratorAccess attached.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "CAF Security Epic: IAM", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_4_6" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_1" - ], - "SOC2": [ - "cc_1_3" - ], - "C5-2025": [ - "IAM-01.01B", - "IAM-01.04B", - "PSS-09.01AC" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-1", - "ac-2-f", - "ac-2-j", - "ac-3", - "ac-5-c", - "sc-2" - ], - "CIS-3.0": [ - "1.15" - ], - "NIST-800-53-Revision-5": [ - "ac_2_1", - "ac_2_6", - "ac_2_i_2", - "ac_3", - "ac_3_3", - "ac_3_3_a", - "ac_3_3_b_1", - "ac_3_3_b_2", - "ac_3_3_b_3", - "ac_3_3_b_4", - "ac_3_3_b_5", - "ac_3_3_c", - "ac_3_4", - "ac_3_4_a", - "ac_3_4_b", - "ac_3_4_c", - "ac_3_4_d", - "ac_3_4_e", - "ac_3_7", - "ac_3_8", - "ac_3_12_a", - "ac_3_13", - "ac_3_15_a", - "ac_3_15_b", - "ac_4_28", - "ac_6", - "ac_6_3", - "ac_24", - "cm_5_1_a", - "cm_6_a", - "cm_9_b", - "mp_2", - "sc_23_3" - ], - "ENS-RD2022": [ - "op.exp.8.r4.aws.ct.8", - "op.exp.8.r4.aws.ct.1" - ], - "AWS-Foundational-Technical-Review": [ - "IAM-006", - "IAM-0012" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.15" - ], - "PCI-4.0": [ - "7.2.1.12", - "7.2.1.13", - "7.2.2.12", - "7.2.2.13", - "7.2.5.8", - "7.2.5.9", - "7.3.1.8", - "7.3.1.9", - "7.3.2.8", - "7.3.2.9", - "7.3.3.8", - "7.3.3.9", - "8.2.1.3", - "8.2.2.5", - "8.2.4.3", - "8.2.5.3", - "8.2.7.8", - "8.2.7.9", - "8.2.8.10", - "8.2.8.11", - "8.3.11.3", - "8.3.4.8", - "8.3.4.9" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "ac-3" - ], - "FFIEC": [ - "d3-pc-am-b-1", - "d3-pc-im-b-7" - ], - "CIS-5.0": [ - "1.14" - ], - "CIS-1.4": [ - "1.15" - ], - "CCC": [ - "CCC.LB.CN04.AR01", - "CCC.LB.CN05.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN05.AR01", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR06" - ], - "GxP-21-CFR-Part-11": [ - "11.10-d", - "11.10-g" - ], - "ProwlerThreatScore-1.0": [ - "1.2.1", - "1.2.2" - ], - "CIS-1.5": [ - "1.15" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC02-BP06" - ], - "ISO27001-2022": [ - "A.5.15" - ], - "NIST-800-53-Revision-4": [ - "ac_6" - ], - "AWS-Account-Security-Onboarding": [ - "Predefine IAM Roles" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.6", - "2.10.2" - ], - "ISO27001-2013": [ - "A.9.2", - "A.9.4" - ], - "CIS-2.0": [ - "1.15" - ], - "NIS2": [ - "1.2.1", - "2.1.2.f", - "11.2.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Ensure IAM policies are attached only to groups or roles", - "title": "Ensure IAM policies are attached only to groups or roles", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_policy_attached_only_to_group_or_roles-211203495394-us-east-1-terraform-user/AdministratorAccess" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "terraform-user", - "arn": "arn:aws:iam::211203495394:user/terraform-user", - "mfa_devices": [], - "password_last_used": null, - "console_access": false, - "attached_policies": [ - { - "PolicyName": "AdministratorAccess", - "PolicyArn": "arn:aws:iam::aws:policy/AdministratorAccess" - } - ], - "inline_policies": [], - "tags": [ - { - "Key": "CCC_INFRA_DONT_DELETE", - "Value": "True" - }, - { - "Key": "Preexisting", - "Value": "20251012" - } - ] - } - }, - "group": { - "name": "iam" - }, - "labels": [ - "CCC_INFRA_DONT_DELETE:True", - "Preexisting:20251012" - ], - "name": "terraform-user/AdministratorAccess", - "type": "AwsIamPolicy", - "uid": "arn:aws:iam::211203495394:user/terraform-user" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Remove any policy attached directly to the user. Use groups or roles instead.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html" - ] - }, - "risk_details": "By default IAM users, groups, and roles have no access to AWS resources. IAM policies are the means by which privileges are granted to users, groups, or roles. It is recommended that IAM policies be applied directly to groups and roles but not users. Assigning privileges at the group or role level reduces the complexity of access management as the number of users grow. Reducing access management complexity may in-turn reduce opportunity for a principal to inadvertently receive or retain excessive privileges.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "AWS CloudShellFullAccess policy is not attached to any IAM entity.", - "metadata": { - "event_code": "iam_policy_cloudshell_admin_not_attached", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "AWS CloudShellFullAccess policy is not attached to any IAM entity.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/config/latest/developerguide/iam-policy-blacklisted-check.html", - "categories": [ - "trustboundaries" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-02.01B", - "SP-01.04B", - "HR-01.01B", - "IAM-01.01B", - "IAM-01.04B", - "IAM-06.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.22" - ], - "PCI-4.0": [ - "7.2.1.14", - "7.2.1.15", - "7.2.1.16", - "7.2.2.14", - "7.2.2.15", - "7.2.2.16", - "7.2.3.7", - "7.2.5.10", - "7.2.5.11", - "7.2.5.12", - "7.3.1.10", - "7.3.1.11", - "7.3.1.12", - "7.3.2.10", - "7.3.2.11", - "7.3.2.12", - "7.3.3.10", - "7.3.3.11", - "7.3.3.12", - "8.2.7.10", - "8.2.7.11", - "8.2.7.12", - "8.2.8.12", - "8.2.8.13", - "8.2.8.14", - "8.3.4.10", - "8.3.4.11", - "8.3.4.12" - ], - "CIS-5.0": [ - "1.21" - ], - "ProwlerThreatScore-1.0": [ - "1.3.2" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-2.0": [ - "1.22" - ], - "NIS2": [ - "1.2.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "This control checks whether an IAM identity (user, role, or group) has the AWS managed policy AWSCloudShellFullAccess attached. The control fails if an IAM identity has the AWSCloudShellFullAccess policy attached.", - "title": "Check if IAM identities (users,groups,roles) have the AWSCloudShellFullAccess policy attached.", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_policy_cloudshell_admin_not_attached-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "Users": [], - "Groups": [], - "Roles": [] - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "211203495394", - "type": "AwsIamPolicy", - "uid": "arn:aws:iam::aws:policy/AWSCloudShellFullAccess" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Detach the AWSCloudShellFullAccess policy from the IAM identity to restrict excessive permissions and adhere to the principle of least privilege.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_manage-attach-detach.html" - ] - }, - "risk_details": "Attaching the AWSCloudShellFullAccess policy to IAM identities grants broad permissions, including internet access and file transfer capabilities, which can lead to security risks such as data exfiltration. The principle of least privilege should be followed to avoid excessive permissions.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "IAM Role TerraformRole has AdministratorAccess policy attached.", - "metadata": { - "event_code": "iam_role_administratoraccess_policy", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "IAM Role TerraformRole has AdministratorAccess policy attached.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_job-functions.html#jf_administrator", - "categories": [ - "trustboundaries" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "CAF Security Epic: IAM", - "compliance": { - "C5-2025": [ - "OIS-02.01B", - "OIS-04.03B", - "SP-01.04B", - "HR-01.01B", - "HR-04.01B", - "IAM-01.01B", - "IAM-01.04B", - "IAM-03.01B", - "IAM-06.01B", - "IAM-10.01B" - ], - "AWS-Foundational-Technical-Review": [ - "IAM-0012" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.LB.CN04.AR01", - "CCC.LB.CN05.AR01", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "NIS2": [ - "1.2.1", - "11.3.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Ensure IAM Roles do not have AdministratorAccess policy attached", - "title": "Ensure IAM Roles do not have AdministratorAccess policy attached", - "types": [], - "uid": "prowler-aws-iam_role_administratoraccess_policy-211203495394-us-east-1-TerraformRole" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "TerraformRole", - "arn": "arn:aws:iam::211203495394:role/TerraformRole", - "assume_role_policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Principal": { - "Federated": "arn:aws:iam::211203495394:oidc-provider/token.actions.githubusercontent.com" - }, - "Action": "sts:AssumeRoleWithWebIdentity", - "Condition": { - "StringEquals": { - "token.actions.githubusercontent.com:aud": "sts.amazonaws.com" - }, - "StringLike": { - "token.actions.githubusercontent.com:sub": [ - "repo:finos-labs/ccc-cfi-compliance:ref:refs/heads/*", - "repo:finos-labs/ccc-cfi-compliance:ref:refs/tags/*", - "repo:finos-labs/ccc-cfi-compliance:pull_request", - "repo:finos-labs/ccc-cfi-compliance:environment:*" - ] - } - } - } - ] - }, - "is_service_role": false, - "attached_policies": [ - { - "PolicyName": "AdministratorAccess", - "PolicyArn": "arn:aws:iam::aws:policy/AdministratorAccess" - } - ], - "inline_policies": [], - "tags": [ - { - "Key": "CCC_INFRA_DONT_DELETE", - "Value": "True" - }, - { - "Key": "Preexisting", - "Value": "20251012" - } - ] - } - }, - "group": { - "name": "iam" - }, - "labels": [ - "CCC_INFRA_DONT_DELETE:True", - "Preexisting:20251012" - ], - "name": "TerraformRole", - "type": "AwsIamRole", - "uid": "arn:aws:iam::211203495394:role/TerraformRole" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Apply the principle of least privilege. Instead of AdministratorAccess, assign only the permissions necessary for specific roles and tasks. Create custom IAM policies with minimal permissions based on the principle of least privilege.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#grant-least-privilege" - ] - }, - "risk_details": "The AWS-managed AdministratorAccess policy grants all actions for all AWS services and for all resources in the account and as such exposes the customer to a significant data leakage threat. It should be granted very conservatively. For granting access to 3rd party vendors, consider using alternative managed policies, such as ViewOnlyAccess or SecurityAudit.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "IAM Role TerraformRole does not have ReadOnlyAccess policy.", - "metadata": { - "event_code": "iam_role_cross_account_readonlyaccess_policy", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "IAM Role TerraformRole does not have ReadOnlyAccess policy.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_job-functions.html#awsmp_readonlyaccess", - "categories": [ - "trustboundaries" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "CAF Security Epic: IAM", - "compliance": { - "C5-2025": [ - "OIS-04.03B", - "IAM-01.01B", - "IAM-01.04B", - "IAM-06.02B", - "IAM-10.01B", - "PSS-09.01AC" - ], - "AWS-Foundational-Technical-Review": [ - "IAM-0012" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.6", - "2.10.2" - ], - "CCC": [ - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR06" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.6", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1078" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Ensure IAM Roles do not have ReadOnlyAccess access for external AWS accounts", - "title": "Ensure IAM Roles do not have ReadOnlyAccess access for external AWS accounts", - "types": [], - "uid": "prowler-aws-iam_role_cross_account_readonlyaccess_policy-211203495394-us-east-1-TerraformRole" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "TerraformRole", - "arn": "arn:aws:iam::211203495394:role/TerraformRole", - "assume_role_policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Principal": { - "Federated": "arn:aws:iam::211203495394:oidc-provider/token.actions.githubusercontent.com" - }, - "Action": "sts:AssumeRoleWithWebIdentity", - "Condition": { - "StringEquals": { - "token.actions.githubusercontent.com:aud": "sts.amazonaws.com" - }, - "StringLike": { - "token.actions.githubusercontent.com:sub": [ - "repo:finos-labs/ccc-cfi-compliance:ref:refs/heads/*", - "repo:finos-labs/ccc-cfi-compliance:ref:refs/tags/*", - "repo:finos-labs/ccc-cfi-compliance:pull_request", - "repo:finos-labs/ccc-cfi-compliance:environment:*" - ] - } - } - } - ] - }, - "is_service_role": false, - "attached_policies": [ - { - "PolicyName": "AdministratorAccess", - "PolicyArn": "arn:aws:iam::aws:policy/AdministratorAccess" - } - ], - "inline_policies": [], - "tags": [ - { - "Key": "CCC_INFRA_DONT_DELETE", - "Value": "True" - }, - { - "Key": "Preexisting", - "Value": "20251012" - } - ] - } - }, - "group": { - "name": "iam" - }, - "labels": [ - "CCC_INFRA_DONT_DELETE:True", - "Preexisting:20251012" - ], - "name": "TerraformRole", - "type": "AwsIamRole", - "uid": "arn:aws:iam::211203495394:role/TerraformRole" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Remove the AWS-managed ReadOnlyAccess policy from all roles that have a trust policy, including third-party cloud accounts, or remove third-party cloud accounts from the trust policy of all roles that need the ReadOnlyAccess policy.", - "references": [ - "https://docs.securestate.vmware.com/rule-docs/aws-iam-role-cross-account-readonlyaccess-policy" - ] - }, - "risk_details": "The AWS-managed ReadOnlyAccess policy is highly potent and exposes the customer to a significant data leakage threat. It should be granted very conservatively. For granting access to 3rd party vendors, consider using alternative managed policies, such as ViewOnlyAccess or SecurityAudit.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "IAM Service Role BedrockAgents20251019170219585900000001 prevents against a cross-service confused deputy attack.", - "metadata": { - "event_code": "iam_role_cross_service_confused_deputy_prevention", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "IAM Service Role BedrockAgents20251019170219585900000001 prevents against a cross-service confused deputy attack.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "trustboundaries" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-01.01B", - "IAM-01.04B" - ], - "ENS-RD2022": [ - "op.exp.8.r4.aws.ct.8", - "op.exp.8.r4.aws.ct.1" - ], - "AWS-Foundational-Technical-Review": [ - "IAM-0012" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.6", - "2.10.2" - ], - "CCC": [ - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR06" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC02-BP04" - ], - "AWS-Account-Security-Onboarding": [ - "Predefine IAM Roles" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.6", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1078" - ], - "NIS2": [ - "3.1.2.c", - "6.8.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Ensure IAM Service Roles prevents against a cross-service confused deputy attack", - "title": "Ensure IAM Service Roles prevents against a cross-service confused deputy attack", - "types": [], - "uid": "prowler-aws-iam_role_cross_service_confused_deputy_prevention-211203495394-us-east-1-BedrockAgents20251019170219585900000001" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "BedrockAgents20251019170219585900000001", - "arn": "arn:aws:iam::211203495394:role/BedrockAgents20251019170219585900000001", - "assume_role_policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Principal": { - "Service": "bedrock.amazonaws.com" - }, - "Action": "sts:AssumeRole", - "Condition": { - "StringEquals": { - "aws:SourceAccount": "211203495394" - }, - "ArnLike": { - "AWS:SourceArn": "arn:aws:bedrock:us-east-1:211203495394:agent/*" - } - } - } - ] - }, - "is_service_role": true, - "attached_policies": [], - "inline_policies": [ - "terraform-20251019170219823000000002", - "terraform-20251019170303948100000003" - ], - "tags": [] - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "BedrockAgents20251019170219585900000001", - "type": "AwsIamRole", - "uid": "arn:aws:iam::211203495394:role/BedrockAgents20251019170219585900000001" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "To mitigate cross-service confused deputy attacks, it's recommended to use the aws:SourceArn and aws:SourceAccount global condition context keys in your IAM role trust policies. If the role doesn't support these fields, consider implementing alternative security measures, such as defining more restrictive resource-based policies or using service-specific trust policies, to limit the role's permissions and exposure. For detailed guidance, refer to AWS's documentation on preventing cross-service confused deputy issues.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/confused-deputy.html#cross-service-confused-deputy-prevention" - ] - }, - "risk_details": "Allow attackers to gain unauthorized access to resources", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Root account has a virtual MFA instead of a hardware MFA device enabled.", - "metadata": { - "event_code": "iam_root_hardware_mfa_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "FAIL", - "status_detail": "Root account has a virtual MFA instead of a hardware MFA device enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_1", - "3_1_2", - "3_5_3" - ], - "HIPAA": [ - "164_308_a_3_ii_a", - "164_312_d" - ], - "C5-2025": [ - "OPS-16.01B", - "IAM-08.05B", - "IAM-09.02B", - "IAM-09.01AC", - "PSS-05.01B", - "PSS-07.02B" - ], - "NIST-CSF-1.1": [ - "ac_3", - "ac_7" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-1", - "ac-2-f", - "ia-2-1-2", - "ia-2-1" - ], - "CIS-3.0": [ - "1.6" - ], - "NIST-800-53-Revision-5": [ - "ac_2_1", - "ac_3_2", - "ac_3_3", - "ac_3_3_a", - "ac_3_3_b_1", - "ac_3_3_b_2", - "ac_3_3_b_3", - "ac_3_3_b_4", - "ac_3_3_b_5", - "ac_3_3_c", - "ac_3_4", - "ac_3_4_a", - "ac_3_4_b", - "ac_3_4_c", - "ac_3_4_d", - "ac_3_4_e", - "ac_3_8", - "ac_3_12_a", - "ac_3_13", - "ac_3_15_a", - "ac_3_15_b", - "ac_4_28", - "ac_7_4", - "ac_7_4_a", - "ac_24", - "cm_5_1_a", - "cm_6_a", - "cm_9_b", - "ia_2_1", - "ia_2_2", - "ia_2_6", - "ia_2_6_a", - "ia_2_8", - "sc_23_3" - ], - "ENS-RD2022": [ - "op.acc.6.r4.aws.iam.1" - ], - "AWS-Foundational-Technical-Review": [ - "ARC-003", - "IAM-001", - "IAM-0012" - ], - "AWS-Audit-Manager-Control-Tower-Guardrails": [ - "3.0.3" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.3", - "2.5.5", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.6" - ], - "PCI-4.0": [ - "8.4.1.3", - "8.4.2.3", - "8.4.3.3" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "ia-2" - ], - "FFIEC": [ - "d3-pc-am-b-15", - "d3-pc-am-b-3", - "d3-pc-am-b-6" - ], - "GDPR": [ - "article_25" - ], - "CIS-5.0": [ - "1.5" - ], - "CIS-1.4": [ - "1.6" - ], - "CCC": [ - "CCC.Core.CN03.AR01", - "CCC.Core.CN03.AR02", - "CCC.Core.CN03.AR03", - "CCC.Core.CN03.AR04", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR06" - ], - "GxP-21-CFR-Part-11": [ - "11.10-d", - "11.10-g", - "11.200" - ], - "ProwlerThreatScore-1.0": [ - "1.1.2" - ], - "AWS-Foundational-Security-Best-Practices": [ - "IAM.6" - ], - "CIS-1.5": [ - "1.6" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC01-BP02" - ], - "NIST-800-53-Revision-4": [ - "ia_2_1", - "ia_2_11" - ], - "AWS-Account-Security-Onboarding": [ - "Root user - distribution email + MFA" - ], - "KISA-ISMS-P-2023": [ - "2.5.3", - "2.5.5", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1078", - "T1098", - "T1556", - "T1550", - "T1110", - "T1040" - ], - "CIS-2.0": [ - "1.6" - ], - "CISA": [ - "your-systems-3", - "your-surroundings-2" - ], - "NIS2": [ - "11.6.1", - "11.7.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Ensure only hardware MFA is enabled for the root account", - "title": "Ensure only hardware MFA is enabled for the root account", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_root_hardware_mfa_enabled-211203495394-us-east-1-" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "user": "", - "arn": "arn:aws:iam::211203495394:root", - "user_creation_time": "2025-10-03T16:10:08Z", - "password_enabled": "true", - "password_last_used": "2025-10-15T00:42:44Z", - "password_last_changed": "2025-10-03T16:10:08Z", - "password_next_rotation": "not_supported", - "mfa_active": "true", - "access_key_1_active": "false", - "access_key_1_last_rotated": "N/A", - "access_key_1_last_used_date": "N/A", - "access_key_1_last_used_region": "N/A", - "access_key_1_last_used_service": "N/A", - "access_key_2_active": "false", - "access_key_2_last_rotated": "N/A", - "access_key_2_last_used_date": "N/A", - "access_key_2_last_used_region": "N/A", - "access_key_2_last_used_service": "N/A", - "cert_1_active": "false", - "cert_1_last_rotated": "N/A", - "cert_2_active": "false", - "cert_2_last_rotated": "N/A" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "", - "type": "AwsIamUser", - "uid": "arn:aws:iam::211203495394:mfa" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Using IAM console navigate to Dashboard and expand Activate MFA on your root account. If using AWS Organizations, consider enabling Centralized Root Management and removing individual root credentials.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_root-user.html#id_root-user_manage_mfa" - ] - }, - "risk_details": "The root account is the most privileged user in an AWS account. MFA adds an extra layer of protection on top of a user name and password. With MFA enabled when a user signs in to an AWS website they will be prompted for their user name and password as well as for an authentication code from their AWS MFA device. For Level 2 it is recommended that the root account be protected with only a hardware MFA.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "MFA is enabled for root account.", - "metadata": { - "event_code": "iam_root_mfa_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "PASS", - "status_detail": "MFA is enabled for root account.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_1", - "3_1_2", - "3_5_2", - "3_5_3" - ], - "HIPAA": [ - "164_308_a_3_ii_a", - "164_312_d" - ], - "C5-2025": [ - "OPS-16.01B", - "IAM-04.06B", - "IAM-06.09B", - "IAM-08.05B", - "IAM-09.02B", - "IAM-09.01AC", - "PSS-05.01B", - "PSS-05.02B", - "PSS-07.02B" - ], - "NIST-CSF-1.1": [ - "ac_3", - "ac_7" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-1", - "ac-2-f", - "ac-2-j", - "ia-2-1-2", - "ia-2-1" - ], - "CIS-3.0": [ - "1.5" - ], - "NIST-800-53-Revision-5": [ - "ac_2_1", - "ac_3_2", - "ac_3_3", - "ac_3_3_a", - "ac_3_3_b_1", - "ac_3_3_b_2", - "ac_3_3_b_3", - "ac_3_3_b_4", - "ac_3_3_b_5", - "ac_3_3_c", - "ac_3_4", - "ac_3_4_a", - "ac_3_4_b", - "ac_3_4_c", - "ac_3_4_d", - "ac_3_4_e", - "ac_3_8", - "ac_3_12_a", - "ac_3_13", - "ac_3_15_a", - "ac_3_15_b", - "ac_4_28", - "ac_7_4", - "ac_7_4_a", - "ac_24", - "cm_6_a", - "cm_9_b", - "ia_2_1", - "ia_2_2", - "ia_2_6", - "ia_2_6_a", - "ia_2_8", - "sc_23_3" - ], - "ENS-RD2022": [ - "op.acc.6.r2.aws.iam.1" - ], - "AWS-Foundational-Technical-Review": [ - "ARC-003", - "IAM-001", - "IAM-0012" - ], - "AWS-Audit-Manager-Control-Tower-Guardrails": [ - "3.0.1", - "3.0.2", - "3.0.3" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.3", - "2.5.5", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.5" - ], - "PCI-4.0": [ - "8.4.1.4", - "8.4.2.4", - "8.4.3.4" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "ia-2" - ], - "FFIEC": [ - "d3-pc-am-b-15", - "d3-pc-am-b-3", - "d3-pc-am-b-6" - ], - "GDPR": [ - "article_25" - ], - "CIS-5.0": [ - "1.4" - ], - "CIS-1.4": [ - "1.5" - ], - "CCC": [ - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN05.AR01", - "CCC.Core.CN03.AR01", - "CCC.Core.CN03.AR02", - "CCC.Core.CN03.AR03", - "CCC.Core.CN03.AR04", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR06" - ], - "GxP-21-CFR-Part-11": [ - "11.10-d", - "11.10-g", - "11.200" - ], - "ProwlerThreatScore-1.0": [ - "1.1.1" - ], - "CIS-1.5": [ - "1.5" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC01-BP02" - ], - "ISO27001-2022": [ - "A.5.15", - "A.5.17", - "A.8.5" - ], - "NIST-800-53-Revision-4": [ - "ac_2", - "ia_2_1", - "ia_2_11" - ], - "AWS-Account-Security-Onboarding": [ - "Root user - distribution email + MFA" - ], - "KISA-ISMS-P-2023": [ - "2.5.3", - "2.5.5", - "2.10.2" - ], - "ISO27001-2013": [ - "A.9.2", - "A.9.4" - ], - "MITRE-ATTACK": [ - "T1078", - "T1098", - "T1556", - "T1550", - "T1110", - "T1040" - ], - "CIS-2.0": [ - "1.5" - ], - "CISA": [ - "your-systems-3", - "your-surroundings-2", - "booting-up-thing-to-do-first-2" - ], - "NIS2": [ - "11.3.2.a", - "11.6.1", - "11.7.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Ensure MFA is enabled for the root account", - "title": "Ensure MFA is enabled for the root account", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_root_mfa_enabled-211203495394-us-east-1-" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "user": "", - "arn": "arn:aws:iam::211203495394:root", - "user_creation_time": "2025-10-03T16:10:08Z", - "password_enabled": "true", - "password_last_used": "2025-10-15T00:42:44Z", - "password_last_changed": "2025-10-03T16:10:08Z", - "password_next_rotation": "not_supported", - "mfa_active": "true", - "access_key_1_active": "false", - "access_key_1_last_rotated": "N/A", - "access_key_1_last_used_date": "N/A", - "access_key_1_last_used_region": "N/A", - "access_key_1_last_used_service": "N/A", - "access_key_2_active": "false", - "access_key_2_last_rotated": "N/A", - "access_key_2_last_used_date": "N/A", - "access_key_2_last_used_region": "N/A", - "access_key_2_last_used_service": "N/A", - "cert_1_active": "false", - "cert_1_last_rotated": "N/A", - "cert_2_active": "false", - "cert_2_last_rotated": "N/A" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "", - "type": "AwsIamUser", - "uid": "arn:aws:iam::211203495394:root" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Using IAM console navigate to Dashboard and expand Activate MFA on your root account. If using AWS Organizations, consider enabling Centralized Root Management and removing individual root credentials.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_root-user.html#id_root-user_manage_mfa" - ] - }, - "risk_details": "The root account is the most privileged user in an AWS account. MFA adds an extra layer of protection on top of a user name and password. With MFA enabled when a user signs in to an AWS website they will be prompted for their user name and password as well as for an authentication code from their AWS MFA device. When virtual MFA is used for root accounts it is recommended that the device used is NOT a personal device but rather a dedicated mobile device (tablet or phone) that is managed to be kept charged and secured independent of any individual personal devices. (non-personal virtual MFA) This lessens the risks of losing access to the MFA due to device loss / trade-in or if the individual owning the device is no longer employed at the company.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User does not have access keys.", - "metadata": { - "event_code": "iam_rotate_access_key_90_days", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "User does not have access keys.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "HIPAA": [ - "164_308_a_3_ii_c", - "164_308_a_4_ii_c", - "164_308_a_5_ii_d" - ], - "C5-2025": [ - "IAM-10.01B", - "CRY-03.01B", - "CRY-09.02B" - ], - "NIST-CSF-1.1": [ - "ac_1" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-1", - "ac-2-f", - "ac-2-j" - ], - "CIS-3.0": [ - "1.14" - ], - "NIST-800-53-Revision-5": [ - "ac_2_1", - "ac_3_3", - "ac_3_3_a", - "ac_3_3_b_1", - "ac_3_3_b_2", - "ac_3_3_b_3", - "ac_3_3_b_4", - "ac_3_3_b_5", - "ac_3_3_c", - "ac_3_4", - "ac_3_4_a", - "ac_3_4_b", - "ac_3_4_c", - "ac_3_4_d", - "ac_3_4_e", - "ac_3_8", - "ac_3_12_a", - "ac_3_13", - "ac_3_15_a", - "ac_3_15_b", - "ac_4_28", - "ac_24", - "cm_5_1_a", - "cm_6_a", - "cm_9_b", - "sc_23_3" - ], - "ENS-RD2022": [ - "op.acc.6.aws.iam.2", - "op.acc.6.aws.iam.3" - ], - "AWS-Foundational-Technical-Review": [ - "IAM-002", - "IAM-0012" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.14" - ], - "PCI-4.0": [ - "8.3.10.1.1", - "8.3.5.1", - "8.3.7.1", - "8.3.9.1", - "8.6.3.1" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2" - ], - "FFIEC": [ - "d3-pc-am-b-6" - ], - "GDPR": [ - "article_25" - ], - "CIS-5.0": [ - "1.13" - ], - "CIS-1.4": [ - "1.14" - ], - "CCC": [ - "CCC.ObjStor.CN05.AR02" - ], - "GxP-21-CFR-Part-11": [ - "11.10-d", - "11.10-g", - "11.200", - "11.300-b" - ], - "ProwlerThreatScore-1.0": [ - "1.1.11" - ], - "AWS-Foundational-Security-Best-Practices": [ - "IAM.3" - ], - "CIS-1.5": [ - "1.14" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC02-BP02", - "SEC02-BP05" - ], - "ISO27001-2022": [ - "A.5.15" - ], - "NIST-800-53-Revision-4": [ - "ac_2_1", - "ac_2" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.2" - ], - "ISO27001-2013": [ - "A.9.2", - "A.9.3", - "A.9.4" - ], - "MITRE-ATTACK": [ - "T1078", - "T1550", - "T1110" - ], - "CIS-2.0": [ - "1.14" - ], - "CISA": [ - "your-systems-3" - ], - "NIS2": [ - "1.1.1.d", - "1.1.2", - "2.1.4", - "2.3.1", - "3.1.3", - "6.2.4", - "9.2.c", - "9.2.c.xii", - "11.6.2.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Ensure access keys are rotated every 90 days or less", - "title": "Ensure access keys are rotated every 90 days or less", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_rotate_access_key_90_days-211203495394-us-east-1-" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "user": "", - "arn": "arn:aws:iam::211203495394:root", - "user_creation_time": "2025-10-03T16:10:08Z", - "password_enabled": "true", - "password_last_used": "2025-10-15T00:42:44Z", - "password_last_changed": "2025-10-03T16:10:08Z", - "password_next_rotation": "not_supported", - "mfa_active": "true", - "access_key_1_active": "false", - "access_key_1_last_rotated": "N/A", - "access_key_1_last_used_date": "N/A", - "access_key_1_last_used_region": "N/A", - "access_key_1_last_used_service": "N/A", - "access_key_2_active": "false", - "access_key_2_last_rotated": "N/A", - "access_key_2_last_used_date": "N/A", - "access_key_2_last_used_region": "N/A", - "access_key_2_last_used_service": "N/A", - "cert_1_active": "false", - "cert_1_last_rotated": "N/A", - "cert_2_active": "false", - "cert_2_last_rotated": "N/A" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "", - "type": "AwsIamAccessKey", - "uid": "arn:aws:iam::211203495394:root" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Use the credential report to ensure access_key_X_last_rotated is less than 90 days ago.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_getting-report.html" - ] - }, - "risk_details": "Access keys consist of an access key ID and secret access key which are used to sign programmatic requests that you make to AWS. AWS users need their own access keys to make programmatic calls to AWS from the AWS Command Line Interface (AWS CLI)- Tools for Windows PowerShell- the AWS SDKs- or direct HTTP calls using the APIs for individual AWS services. It is recommended that all access keys be regularly rotated.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User terraform-user does not have access keys older than 90 days.", - "metadata": { - "event_code": "iam_rotate_access_key_90_days", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "User terraform-user does not have access keys older than 90 days.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "HIPAA": [ - "164_308_a_3_ii_c", - "164_308_a_4_ii_c", - "164_308_a_5_ii_d" - ], - "C5-2025": [ - "IAM-10.01B", - "CRY-03.01B", - "CRY-09.02B" - ], - "NIST-CSF-1.1": [ - "ac_1" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-1", - "ac-2-f", - "ac-2-j" - ], - "CIS-3.0": [ - "1.14" - ], - "NIST-800-53-Revision-5": [ - "ac_2_1", - "ac_3_3", - "ac_3_3_a", - "ac_3_3_b_1", - "ac_3_3_b_2", - "ac_3_3_b_3", - "ac_3_3_b_4", - "ac_3_3_b_5", - "ac_3_3_c", - "ac_3_4", - "ac_3_4_a", - "ac_3_4_b", - "ac_3_4_c", - "ac_3_4_d", - "ac_3_4_e", - "ac_3_8", - "ac_3_12_a", - "ac_3_13", - "ac_3_15_a", - "ac_3_15_b", - "ac_4_28", - "ac_24", - "cm_5_1_a", - "cm_6_a", - "cm_9_b", - "sc_23_3" - ], - "ENS-RD2022": [ - "op.acc.6.aws.iam.2", - "op.acc.6.aws.iam.3" - ], - "AWS-Foundational-Technical-Review": [ - "IAM-002", - "IAM-0012" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.14" - ], - "PCI-4.0": [ - "8.3.10.1.1", - "8.3.5.1", - "8.3.7.1", - "8.3.9.1", - "8.6.3.1" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2" - ], - "FFIEC": [ - "d3-pc-am-b-6" - ], - "GDPR": [ - "article_25" - ], - "CIS-5.0": [ - "1.13" - ], - "CIS-1.4": [ - "1.14" - ], - "CCC": [ - "CCC.ObjStor.CN05.AR02" - ], - "GxP-21-CFR-Part-11": [ - "11.10-d", - "11.10-g", - "11.200", - "11.300-b" - ], - "ProwlerThreatScore-1.0": [ - "1.1.11" - ], - "AWS-Foundational-Security-Best-Practices": [ - "IAM.3" - ], - "CIS-1.5": [ - "1.14" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC02-BP02", - "SEC02-BP05" - ], - "ISO27001-2022": [ - "A.5.15" - ], - "NIST-800-53-Revision-4": [ - "ac_2_1", - "ac_2" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.2" - ], - "ISO27001-2013": [ - "A.9.2", - "A.9.3", - "A.9.4" - ], - "MITRE-ATTACK": [ - "T1078", - "T1550", - "T1110" - ], - "CIS-2.0": [ - "1.14" - ], - "CISA": [ - "your-systems-3" - ], - "NIS2": [ - "1.1.1.d", - "1.1.2", - "2.1.4", - "2.3.1", - "3.1.3", - "6.2.4", - "9.2.c", - "9.2.c.xii", - "11.6.2.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Ensure access keys are rotated every 90 days or less", - "title": "Ensure access keys are rotated every 90 days or less", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_rotate_access_key_90_days-211203495394-us-east-1-terraform-user" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "user": "terraform-user", - "arn": "arn:aws:iam::211203495394:user/terraform-user", - "user_creation_time": "2025-10-06T15:56:43Z", - "password_enabled": "false", - "password_last_used": "N/A", - "password_last_changed": "N/A", - "password_next_rotation": "N/A", - "mfa_active": "false", - "access_key_1_active": "true", - "access_key_1_last_rotated": "2025-10-06T15:57:15Z", - "access_key_1_last_used_date": "2025-10-15T11:07:00Z", - "access_key_1_last_used_region": "ap-northeast-1", - "access_key_1_last_used_service": "ec2", - "access_key_2_active": "false", - "access_key_2_last_rotated": "N/A", - "access_key_2_last_used_date": "N/A", - "access_key_2_last_used_region": "N/A", - "access_key_2_last_used_service": "N/A", - "cert_1_active": "false", - "cert_1_last_rotated": "N/A", - "cert_2_active": "false", - "cert_2_last_rotated": "N/A" - } - }, - "group": { - "name": "iam" - }, - "labels": [ - "CCC_INFRA_DONT_DELETE:True", - "Preexisting:20251012" - ], - "name": "terraform-user", - "type": "AwsIamAccessKey", - "uid": "arn:aws:iam::211203495394:user/terraform-user" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Use the credential report to ensure access_key_X_last_rotated is less than 90 days ago.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_getting-report.html" - ] - }, - "risk_details": "Access keys consist of an access key ID and secret access key which are used to sign programmatic requests that you make to AWS. AWS users need their own access keys to make programmatic calls to AWS from the AWS Command Line Interface (AWS CLI)- Tools for Windows PowerShell- the AWS SDKs- or direct HTTP calls using the APIs for individual AWS services. It is recommended that all access keys be regularly rotated.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "SecurityAudit policy is not attached to any role.", - "metadata": { - "event_code": "iam_securityaudit_role_created", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "SecurityAudit policy is not attached to any role.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-02.01B", - "OIS-02.02B", - "OIS-04.01B", - "HR-04.01B", - "IAM-01.01B", - "IAM-01.04B", - "IAM-05.02B", - "IAM-06.06B", - "DEV-15.01B", - "SIM-01.02B", - "SIM-01.03B", - "COM-02.02B", - "COM-03.02B", - "INQ-02.01B", - "PSS-09.01AC" - ], - "ENS-RD2022": [ - "op.acc.3.r2.aws.iam.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "ISO27001-2022": [ - "A.5.3" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "NIS2": [ - "1.2.4", - "2.1.1", - "2.1.2.a", - "2.1.2.e", - "2.1.2.f", - "2.2.1", - "2.3.1", - "3.1.2.c", - "3.1.3", - "6.2.2.a", - "7.2.d", - "7.2.e", - "7.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Ensure a Security Audit role has been created to conduct security audits", - "title": "Ensure a Security Audit role has been created to conduct security audits", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_securityaudit_role_created-211203495394-us-east-1-SecurityAudit" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "SecurityAudit", - "type": "AwsIamRole", - "uid": "arn:aws:iam::aws:policy/SecurityAudit" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Create an IAM role for conduct security audits with AWS.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_job-functions.html#jf_security-auditor" - ] - }, - "risk_details": "Creating an IAM role with a security audit policy provides a clear separation of duties between the security team and other teams within the organization. This helps to ensure that security-related activities are performed by authorized individuals with the appropriate expertise and access permissions.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "AWS Support Access policy is not attached to any role.", - "metadata": { - "event_code": "iam_support_role_created", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "AWS Support Access policy is not attached to any role.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "CAF Security Epic: IAM", - "compliance": { - "C5-2025": [ - "OIS-02.01B", - "OIS-02.02B", - "HR-04.01B", - "OPS-13.02B", - "OPS-13.03AC", - "OPS-17.02B", - "OPS-24.01B", - "OPS-24.02B", - "IAM-01.01B", - "IAM-01.04B", - "IAM-06.06B", - "DEV-15.01B", - "SSO-05.06B", - "SIM-01.02B", - "SIM-01.03B" - ], - "CIS-3.0": [ - "1.17" - ], - "ENS-RD2022": [ - "op.acc.3.r1.aws.iam.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2", - "2.11.1" - ], - "CIS-4.0.1": [ - "1.17" - ], - "GDPR": [ - "article_25" - ], - "CIS-5.0": [ - "1.16" - ], - "CIS-1.4": [ - "1.17" - ], - "ProwlerThreatScore-1.0": [ - "1.2.3" - ], - "CIS-1.5": [ - "1.17" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC10-BP01" - ], - "AWS-Account-Security-Onboarding": [ - "Predefine IAM Roles" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2", - "2.11.1" - ], - "CIS-2.0": [ - "1.17" - ], - "NIS2": [ - "2.1.1", - "2.1.2.a", - "2.2.1", - "3.1.2.d", - "4.3.2.a", - "5.1.7.b" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Ensure a support role has been created to manage incidents with AWS Support", - "title": "Ensure a support role has been created to manage incidents with AWS Support", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_support_role_created-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "211203495394", - "type": "AwsIamRole", - "uid": "arn:aws:iam::aws:policy/AWSSupportAccess" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Create an IAM role for managing incidents with AWS.", - "references": [ - "https://docs.aws.amazon.com/awssupport/latest/user/using-service-linked-roles-sup.html" - ] - }, - "risk_details": "AWS provides a support center that can be used for incident notification and response, as well as technical support and customer services. Create an IAM Role to allow authorized users to manage incidents with AWS Support.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User does not have access keys.", - "metadata": { - "event_code": "iam_user_accesskey_unused", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "User does not have access keys.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_1", - "3_1_2", - "3_1_4", - "3_1_5", - "3_5_6", - "3_5_7", - "3_5_8" - ], - "HIPAA": [ - "164_308_a_3_ii_b", - "164_308_a_4_ii_c", - "164_308_a_5_ii_d" - ], - "SOC2": [ - "cc_1_3" - ], - "C5-2025": [ - "IAM-03.02B", - "IAM-03.03B", - "IAM-03.01AS", - "IAM-05.04B", - "IAM-10.01B", - "CRY-03.01B" - ], - "NIST-CSF-1.1": [ - "ac_1", - "ac_4" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-1", - "ac-2-f", - "ac-2-j", - "ac-2-3", - "ac-3", - "ac-5-c", - "ac-6" - ], - "CIS-3.0": [ - "1.12" - ], - "NIST-800-53-Revision-5": [ - "ac_2_1", - "ac_2_3_a", - "ac_2_3_b", - "ac_2_3_c", - "ac_2_3_d", - "ac_2_3", - "ac_2_6", - "ac_2_g", - "ac_2_j", - "ac_3", - "ac_3_3", - "ac_3_3_a", - "ac_3_3_b_1", - "ac_3_3_b_2", - "ac_3_3_b_3", - "ac_3_3_b_4", - "ac_3_3_b_5", - "ac_3_3_c", - "ac_3_4", - "ac_3_4_a", - "ac_3_4_b", - "ac_3_4_c", - "ac_3_4_d", - "ac_3_4_e", - "ac_3_7", - "ac_3_8", - "ac_3_12_a", - "ac_3_13", - "ac_3_15_a", - "ac_3_15_b", - "ac_4_28", - "ac_6", - "ac_24", - "cm_5_1_a", - "cm_6_a", - "cm_9_b", - "mp_2", - "sc_23_3" - ], - "ENS-RD2022": [ - "op.acc.6.aws.iam.2", - "op.acc.6.aws.iam.3", - "op.acc.6.r7.aws.iam.1" - ], - "AWS-Foundational-Technical-Review": [ - "IAM-002", - "IAM-0012" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.12" - ], - "PCI-4.0": [ - "7.2.4.2", - "7.2.5.1.2", - "8.2.6.2", - "A3.4.1.10" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "ac-3" - ], - "FFIEC": [ - "d3-pc-am-b-6" - ], - "GDPR": [ - "article_25" - ], - "PCI-3.2.1": [ - "8.1", - "8.1.4" - ], - "CIS-5.0": [ - "1.11" - ], - "CIS-1.4": [ - "1.12" - ], - "GxP-21-CFR-Part-11": [ - "11.10-d", - "11.10-g", - "11.300-b" - ], - "ProwlerThreatScore-1.0": [ - "1.1.10" - ], - "AWS-Foundational-Security-Best-Practices": [ - "IAM.8", - "IAM.22", - "IAM.26" - ], - "CIS-1.5": [ - "1.12" - ], - "ISO27001-2022": [ - "A.5.15" - ], - "NIST-800-53-Revision-4": [ - "ac_2_1", - "ac_2_3", - "ac_2", - "ac_3", - "ac_6" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.2" - ], - "ISO27001-2013": [ - "A.9.2", - "A.9.3", - "A.9.4" - ], - "MITRE-ATTACK": [ - "T1078", - "T1550", - "T1110" - ], - "CIS-2.0": [ - "1.12" - ], - "CISA": [ - "your-systems-3" - ], - "NIS2": [ - "11.5.4" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Ensure unused User Access Keys are disabled", - "title": "Ensure unused User Access Keys are disabled", - "types": [ - "Software and Configuration Checks" - ], - "uid": "prowler-aws-iam_user_accesskey_unused-211203495394-us-east-1-" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "user": "", - "arn": "arn:aws:iam::211203495394:root", - "user_creation_time": "2025-10-03T16:10:08Z", - "password_enabled": "true", - "password_last_used": "2025-10-15T00:42:44Z", - "password_last_changed": "2025-10-03T16:10:08Z", - "password_next_rotation": "not_supported", - "mfa_active": "true", - "access_key_1_active": "false", - "access_key_1_last_rotated": "N/A", - "access_key_1_last_used_date": "N/A", - "access_key_1_last_used_region": "N/A", - "access_key_1_last_used_service": "N/A", - "access_key_2_active": "false", - "access_key_2_last_rotated": "N/A", - "access_key_2_last_used_date": "N/A", - "access_key_2_last_used_region": "N/A", - "access_key_2_last_used_service": "N/A", - "cert_1_active": "false", - "cert_1_last_rotated": "N/A", - "cert_2_active": "false", - "cert_2_last_rotated": "N/A" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "", - "type": "AwsIamUser", - "uid": "arn:aws:iam::211203495394:root" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Find the credentials that they were using and ensure that they are no longer operational. Ideally, you delete credentials if they are no longer needed. You can always recreate them at a later date if the need arises. At the very least, you should change the password or deactivate the access keys so that the former users no longer have access.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_finding-unused.html" - ] - }, - "risk_details": "To increase the security of your AWS account, remove IAM user credentials (that is, passwords and access keys) that are not needed. For example, when users leave your organization or no longer need AWS access.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User terraform-user does not have unused access keys for 45 days.", - "metadata": { - "event_code": "iam_user_accesskey_unused", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "User terraform-user does not have unused access keys for 45 days.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_1", - "3_1_2", - "3_1_4", - "3_1_5", - "3_5_6", - "3_5_7", - "3_5_8" - ], - "HIPAA": [ - "164_308_a_3_ii_b", - "164_308_a_4_ii_c", - "164_308_a_5_ii_d" - ], - "SOC2": [ - "cc_1_3" - ], - "C5-2025": [ - "IAM-03.02B", - "IAM-03.03B", - "IAM-03.01AS", - "IAM-05.04B", - "IAM-10.01B", - "CRY-03.01B" - ], - "NIST-CSF-1.1": [ - "ac_1", - "ac_4" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-1", - "ac-2-f", - "ac-2-j", - "ac-2-3", - "ac-3", - "ac-5-c", - "ac-6" - ], - "CIS-3.0": [ - "1.12" - ], - "NIST-800-53-Revision-5": [ - "ac_2_1", - "ac_2_3_a", - "ac_2_3_b", - "ac_2_3_c", - "ac_2_3_d", - "ac_2_3", - "ac_2_6", - "ac_2_g", - "ac_2_j", - "ac_3", - "ac_3_3", - "ac_3_3_a", - "ac_3_3_b_1", - "ac_3_3_b_2", - "ac_3_3_b_3", - "ac_3_3_b_4", - "ac_3_3_b_5", - "ac_3_3_c", - "ac_3_4", - "ac_3_4_a", - "ac_3_4_b", - "ac_3_4_c", - "ac_3_4_d", - "ac_3_4_e", - "ac_3_7", - "ac_3_8", - "ac_3_12_a", - "ac_3_13", - "ac_3_15_a", - "ac_3_15_b", - "ac_4_28", - "ac_6", - "ac_24", - "cm_5_1_a", - "cm_6_a", - "cm_9_b", - "mp_2", - "sc_23_3" - ], - "ENS-RD2022": [ - "op.acc.6.aws.iam.2", - "op.acc.6.aws.iam.3", - "op.acc.6.r7.aws.iam.1" - ], - "AWS-Foundational-Technical-Review": [ - "IAM-002", - "IAM-0012" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.12" - ], - "PCI-4.0": [ - "7.2.4.2", - "7.2.5.1.2", - "8.2.6.2", - "A3.4.1.10" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "ac-3" - ], - "FFIEC": [ - "d3-pc-am-b-6" - ], - "GDPR": [ - "article_25" - ], - "PCI-3.2.1": [ - "8.1", - "8.1.4" - ], - "CIS-5.0": [ - "1.11" - ], - "CIS-1.4": [ - "1.12" - ], - "GxP-21-CFR-Part-11": [ - "11.10-d", - "11.10-g", - "11.300-b" - ], - "ProwlerThreatScore-1.0": [ - "1.1.10" - ], - "AWS-Foundational-Security-Best-Practices": [ - "IAM.8", - "IAM.22", - "IAM.26" - ], - "CIS-1.5": [ - "1.12" - ], - "ISO27001-2022": [ - "A.5.15" - ], - "NIST-800-53-Revision-4": [ - "ac_2_1", - "ac_2_3", - "ac_2", - "ac_3", - "ac_6" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.2" - ], - "ISO27001-2013": [ - "A.9.2", - "A.9.3", - "A.9.4" - ], - "MITRE-ATTACK": [ - "T1078", - "T1550", - "T1110" - ], - "CIS-2.0": [ - "1.12" - ], - "CISA": [ - "your-systems-3" - ], - "NIS2": [ - "11.5.4" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Ensure unused User Access Keys are disabled", - "title": "Ensure unused User Access Keys are disabled", - "types": [ - "Software and Configuration Checks" - ], - "uid": "prowler-aws-iam_user_accesskey_unused-211203495394-us-east-1-terraform-user" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "user": "terraform-user", - "arn": "arn:aws:iam::211203495394:user/terraform-user", - "user_creation_time": "2025-10-06T15:56:43Z", - "password_enabled": "false", - "password_last_used": "N/A", - "password_last_changed": "N/A", - "password_next_rotation": "N/A", - "mfa_active": "false", - "access_key_1_active": "true", - "access_key_1_last_rotated": "2025-10-06T15:57:15Z", - "access_key_1_last_used_date": "2025-10-15T11:07:00Z", - "access_key_1_last_used_region": "ap-northeast-1", - "access_key_1_last_used_service": "ec2", - "access_key_2_active": "false", - "access_key_2_last_rotated": "N/A", - "access_key_2_last_used_date": "N/A", - "access_key_2_last_used_region": "N/A", - "access_key_2_last_used_service": "N/A", - "cert_1_active": "false", - "cert_1_last_rotated": "N/A", - "cert_2_active": "false", - "cert_2_last_rotated": "N/A" - } - }, - "group": { - "name": "iam" - }, - "labels": [ - "CCC_INFRA_DONT_DELETE:True", - "Preexisting:20251012" - ], - "name": "terraform-user", - "type": "AwsIamUser", - "uid": "arn:aws:iam::211203495394:user/terraform-user" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Find the credentials that they were using and ensure that they are no longer operational. Ideally, you delete credentials if they are no longer needed. You can always recreate them at a later date if the need arises. At the very least, you should change the password or deactivate the access keys so that the former users no longer have access.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_finding-unused.html" - ] - }, - "risk_details": "To increase the security of your AWS account, remove IAM user credentials (that is, passwords and access keys) that are not needed. For example, when users leave your organization or no longer need AWS access.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "IAM User terraform-user has AdministratorAccess policy attached.", - "metadata": { - "event_code": "iam_user_administrator_access_policy", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "IAM User terraform-user has AdministratorAccess policy attached.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-04.03B", - "SP-01.04B", - "HR-01.01B", - "IAM-01.01B", - "IAM-01.04B", - "IAM-10.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "PCI-4.0": [ - "7.2.1.19", - "7.2.2.19", - "7.2.5.13", - "7.3.1.13", - "7.3.2.13", - "7.3.3.13", - "8.2.7.13", - "8.2.8.15", - "8.3.4.13" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.LB.CN04.AR01", - "CCC.LB.CN05.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR04" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "This check ensures that no IAM users in your AWS account have the 'AdministratorAccess' policy attached. IAM users with this policy have unrestricted access to all AWS services and resources, which poses a significant security risk if misused.", - "title": "Ensure No IAM Users Have Administrator Access Policy", - "types": [], - "uid": "prowler-aws-iam_user_administrator_access_policy-211203495394-us-east-1-terraform-user" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "terraform-user", - "arn": "arn:aws:iam::211203495394:user/terraform-user", - "mfa_devices": [], - "password_last_used": null, - "console_access": false, - "attached_policies": [ - { - "PolicyName": "AdministratorAccess", - "PolicyArn": "arn:aws:iam::aws:policy/AdministratorAccess" - } - ], - "inline_policies": [], - "tags": [ - { - "Key": "CCC_INFRA_DONT_DELETE", - "Value": "True" - }, - { - "Key": "Preexisting", - "Value": "20251012" - } - ] - } - }, - "group": { - "name": "iam" - }, - "labels": [ - "CCC_INFRA_DONT_DELETE:True", - "Preexisting:20251012" - ], - "name": "terraform-user", - "type": "AwsIamUser", - "uid": "arn:aws:iam::211203495394:user/terraform-user" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Replace the 'AdministratorAccess' policy with more specific permissions that follow the Principle of Least Privilege. Consider implementing IAM roles such as 'IAM Master' and 'IAM Manager' to manage permissions more securely.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html" - ] - }, - "risk_details": "IAM users with administrator-level permissions can perform any action on any resource in your AWS environment. If these permissions are granted to users unnecessarily or to individuals without sufficient knowledge, it can lead to security vulnerabilities, data leaks, data loss, or unexpected charges.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User terraform-user does not have console access enabled or is unused.", - "metadata": { - "event_code": "iam_user_console_access_unused", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "User terraform-user does not have console access enabled or is unused.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_1", - "3_1_2", - "3_1_4", - "3_1_5", - "3_5_6", - "3_5_7", - "3_5_8" - ], - "HIPAA": [ - "164_308_a_3_ii_b", - "164_308_a_4_ii_c", - "164_308_a_5_ii_d" - ], - "SOC2": [ - "cc_1_3" - ], - "C5-2025": [ - "OPS-05.02AC", - "IAM-03.02B", - "IAM-03.03B", - "IAM-03.01AS", - "IAM-05.04B", - "IAM-10.01B" - ], - "NIST-CSF-1.1": [ - "ac_1", - "ac_4" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-1", - "ac-2-f", - "ac-2-j", - "ac-2-3", - "ac-3", - "ac-5-c", - "ac-6" - ], - "CIS-3.0": [ - "1.12" - ], - "NIST-800-53-Revision-5": [ - "ac_2_1", - "ac_2_3_a", - "ac_2_3_b", - "ac_2_3_c", - "ac_2_3_d", - "ac_2_3", - "ac_2_6", - "ac_2_g", - "ac_2_j", - "ac_3", - "ac_3_3", - "ac_3_3_a", - "ac_3_3_b_1", - "ac_3_3_b_2", - "ac_3_3_b_3", - "ac_3_3_b_4", - "ac_3_3_b_5", - "ac_3_3_c", - "ac_3_4", - "ac_3_4_a", - "ac_3_4_b", - "ac_3_4_c", - "ac_3_4_d", - "ac_3_4_e", - "ac_3_7", - "ac_3_8", - "ac_3_12_a", - "ac_3_13", - "ac_3_15_a", - "ac_3_15_b", - "ac_4_28", - "ac_6", - "ac_24", - "cm_5_1_a", - "cm_6_a", - "cm_9_b", - "mp_2", - "sc_23_3" - ], - "ENS-RD2022": [ - "op.acc.6.aws.iam.2", - "op.acc.6.aws.iam.3", - "op.acc.6.r7.aws.iam.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.3", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.12" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "ac-3" - ], - "FFIEC": [ - "d3-pc-am-b-6" - ], - "GDPR": [ - "article_25" - ], - "PCI-3.2.1": [ - "8.1", - "8.1.4" - ], - "CIS-5.0": [ - "1.11" - ], - "CIS-1.4": [ - "1.12" - ], - "GxP-21-CFR-Part-11": [ - "11.10-d", - "11.10-g", - "11.300-b" - ], - "ProwlerThreatScore-1.0": [ - "1.1.10" - ], - "AWS-Foundational-Security-Best-Practices": [ - "IAM.8", - "IAM.22", - "IAM.26" - ], - "CIS-1.5": [ - "1.12" - ], - "ISO27001-2022": [ - "A.5.15" - ], - "NIST-800-53-Revision-4": [ - "ac_2_1", - "ac_2_3", - "ac_2", - "ac_3", - "ac_6" - ], - "KISA-ISMS-P-2023": [ - "2.5.3", - "2.10.2" - ], - "ISO27001-2013": [ - "A.9.2", - "A.9.3", - "A.9.4" - ], - "MITRE-ATTACK": [ - "T1078", - "T1550", - "T1110" - ], - "CIS-2.0": [ - "1.12" - ], - "CISA": [ - "your-systems-3" - ], - "NIS2": [ - "11.3.2.d", - "11.5.4" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Ensure unused user console access are disabled", - "title": "Ensure unused user console access are disabled", - "types": [ - "Software and Configuration Checks" - ], - "uid": "prowler-aws-iam_user_console_access_unused-211203495394-us-east-1-terraform-user" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "terraform-user", - "arn": "arn:aws:iam::211203495394:user/terraform-user", - "mfa_devices": [], - "password_last_used": null, - "console_access": false, - "attached_policies": [ - { - "PolicyName": "AdministratorAccess", - "PolicyArn": "arn:aws:iam::aws:policy/AdministratorAccess" - } - ], - "inline_policies": [], - "tags": [ - { - "Key": "CCC_INFRA_DONT_DELETE", - "Value": "True" - }, - { - "Key": "Preexisting", - "Value": "20251012" - } - ] - } - }, - "group": { - "name": "iam" - }, - "labels": [ - "CCC_INFRA_DONT_DELETE:True", - "Preexisting:20251012" - ], - "name": "terraform-user", - "type": "AwsIamUser", - "uid": "arn:aws:iam::211203495394:user/terraform-user" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Find the credentials that they were using and ensure that they are no longer operational. Ideally, you delete credentials if they are no longer needed. You can always recreate them at a later date if the need arises. At the very least, you should change the password or deactivate the access keys so that the former users no longer have access.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_finding-unused.html" - ] - }, - "risk_details": "To increase the security of your AWS account, remove IAM user credentials (that is, passwords and access keys) that are not needed. For example, when users leave your organization or no longer need AWS access.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User terraform-user does not have any type of MFA enabled.", - "metadata": { - "event_code": "iam_user_hardware_mfa_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "User terraform-user does not have any type of MFA enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OPS-16.01B", - "IAM-08.05B", - "IAM-09.02B", - "IAM-09.01AC", - "PSS-05.01B", - "PSS-07.02B" - ], - "AWS-Foundational-Technical-Review": [ - "IAM-001", - "IAM-0012" - ], - "AWS-Audit-Manager-Control-Tower-Guardrails": [ - "3.0.1", - "3.0.2" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.3", - "2.10.2" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2" - ], - "CCC": [ - "CCC.Core.CN03.AR03", - "CCC.Core.CN03.AR04", - "CCC.Core.CN05.AR06" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC02-BP01" - ], - "ISO27001-2022": [ - "A.8.5" - ], - "KISA-ISMS-P-2023": [ - "2.5.3", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1078", - "T1098", - "T1556", - "T1550", - "T1110", - "T1040" - ], - "CISA": [ - "booting-up-thing-to-do-first-2" - ], - "NIS2": [ - "11.7.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Check if IAM users have Hardware MFA enabled.", - "title": "Check if IAM users have Hardware MFA enabled.", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_user_hardware_mfa_enabled-211203495394-us-east-1-terraform-user" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "terraform-user", - "arn": "arn:aws:iam::211203495394:user/terraform-user", - "mfa_devices": [], - "password_last_used": null, - "console_access": false, - "attached_policies": [ - { - "PolicyName": "AdministratorAccess", - "PolicyArn": "arn:aws:iam::aws:policy/AdministratorAccess" - } - ], - "inline_policies": [], - "tags": [ - { - "Key": "CCC_INFRA_DONT_DELETE", - "Value": "True" - }, - { - "Key": "Preexisting", - "Value": "20251012" - } - ] - } - }, - "group": { - "name": "iam" - }, - "labels": [ - "CCC_INFRA_DONT_DELETE:True", - "Preexisting:20251012" - ], - "name": "terraform-user", - "type": "AwsIamUser", - "uid": "arn:aws:iam::211203495394:user/terraform-user" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Enable hardware MFA device for an IAM user from the AWS Management Console, the command line, or the IAM API.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_mfa_enable_physical.html" - ] - }, - "risk_details": "Hardware MFA is preferred over virtual MFA.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User terraform-user does not have Console Password enabled.", - "metadata": { - "event_code": "iam_user_mfa_enabled_console_access", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "User terraform-user does not have Console Password enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_1", - "3_1_2", - "3_1_14", - "3_5_2", - "3_5_3" - ], - "HIPAA": [ - "164_308_a_3_ii_a", - "164_312_a_1", - "164_312_d" - ], - "C5-2025": [ - "OPS-05.02AC", - "OPS-16.01B", - "IAM-04.06B", - "IAM-06.09B", - "IAM-08.02B", - "IAM-08.05B", - "IAM-09.02B", - "IAM-09.01AC", - "IAM-10.01B", - "PSS-05.01B", - "PSS-07.01B", - "PSS-07.02B" - ], - "NIST-CSF-1.1": [ - "ac_3", - "ac_7" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-1", - "ac-2-f", - "ac-2-j", - "ia-2-1-2", - "ia-2-1" - ], - "CIS-3.0": [ - "1.10" - ], - "NIST-800-53-Revision-5": [ - "ac_2_1", - "ac_3_2", - "ac_3_3", - "ac_3_3_a", - "ac_3_3_b_1", - "ac_3_3_b_2", - "ac_3_3_b_3", - "ac_3_3_b_4", - "ac_3_3_b_5", - "ac_3_3_c", - "ac_3_4", - "ac_3_4_a", - "ac_3_4_b", - "ac_3_4_c", - "ac_3_4_d", - "ac_3_4_e", - "ac_3_8", - "ac_3_12_a", - "ac_3_13", - "ac_3_15_a", - "ac_3_15_b", - "ac_4_28", - "ac_7_4", - "ac_7_4_a", - "ac_24", - "cm_5_1_a", - "cm_6_a", - "cm_9_b", - "ia_2_1", - "ia_2_2", - "ia_2_6", - "ia_2_6_a", - "ia_2_8", - "sc_23_3" - ], - "ENS-RD2022": [ - "op.acc.6.r2.aws.iam.1", - "op.acc.6.r4.aws.iam.1", - "op.acc.6.r8.aws.iam.1" - ], - "AWS-Foundational-Technical-Review": [ - "IAM-001", - "IAM-0012" - ], - "AWS-Audit-Manager-Control-Tower-Guardrails": [ - "3.0.1", - "3.0.2", - "3.0.3" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.3", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.10" - ], - "PCI-4.0": [ - "8.4.1.1", - "8.4.1.2", - "8.4.2.1", - "8.4.2.2", - "8.4.3.1", - "8.4.3.2" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "ia-2" - ], - "FFIEC": [ - "d3-pc-am-b-15", - "d3-pc-am-b-6" - ], - "GDPR": [ - "article_25" - ], - "PCI-3.2.1": [ - "8.3", - "8.3.1", - "8.3.1.a", - "8.3.2", - "8.3.2.a", - "8.6", - "8.6.c" - ], - "CIS-5.0": [ - "1.9" - ], - "CIS-1.4": [ - "1.10" - ], - "CCC": [ - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN03.AR01", - "CCC.Core.CN03.AR02", - "CCC.Core.CN03.AR03", - "CCC.Core.CN03.AR04", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR06" - ], - "GxP-21-CFR-Part-11": [ - "11.10-d", - "11.10-g", - "11.200" - ], - "ProwlerThreatScore-1.0": [ - "1.1.3" - ], - "AWS-Foundational-Security-Best-Practices": [ - "IAM.5", - "IAM.19" - ], - "CIS-1.5": [ - "1.10" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC02-BP01" - ], - "ISO27001-2022": [ - "A.5.15", - "A.5.17", - "A.8.5" - ], - "NIST-800-53-Revision-4": [ - "ia_2_1", - "ia_2_2", - "ia_2_11" - ], - "KISA-ISMS-P-2023": [ - "2.5.3", - "2.10.2" - ], - "ISO27001-2013": [ - "A.9.2", - "A.9.3", - "A.9.4" - ], - "MITRE-ATTACK": [ - "T1078", - "T1098", - "T1556", - "T1550", - "T1110", - "T1040", - "T1538" - ], - "CIS-2.0": [ - "1.10" - ], - "CISA": [ - "your-systems-3", - "your-surroundings-2", - "booting-up-thing-to-do-first-2" - ], - "NIS2": [ - "11.1.2.c", - "11.3.2.a", - "11.4.2.c", - "11.6.1", - "11.7.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password.", - "title": "Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password.", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_user_mfa_enabled_console_access-211203495394-us-east-1-terraform-user" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "user": "terraform-user", - "arn": "arn:aws:iam::211203495394:user/terraform-user", - "user_creation_time": "2025-10-06T15:56:43Z", - "password_enabled": "false", - "password_last_used": "N/A", - "password_last_changed": "N/A", - "password_next_rotation": "N/A", - "mfa_active": "false", - "access_key_1_active": "true", - "access_key_1_last_rotated": "2025-10-06T15:57:15Z", - "access_key_1_last_used_date": "2025-10-15T11:07:00Z", - "access_key_1_last_used_region": "ap-northeast-1", - "access_key_1_last_used_service": "ec2", - "access_key_2_active": "false", - "access_key_2_last_rotated": "N/A", - "access_key_2_last_used_date": "N/A", - "access_key_2_last_used_region": "N/A", - "access_key_2_last_used_service": "N/A", - "cert_1_active": "false", - "cert_1_last_rotated": "N/A", - "cert_2_active": "false", - "cert_2_last_rotated": "N/A" - } - }, - "group": { - "name": "iam" - }, - "labels": [ - "CCC_INFRA_DONT_DELETE:True", - "Preexisting:20251012" - ], - "name": "terraform-user", - "type": "AwsIamUser", - "uid": "arn:aws:iam::211203495394:user/terraform-user" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Enable MFA for the user's account. MFA is a simple best practice that adds an extra layer of protection on top of your user name and password. Recommended to use hardware keys over virtual MFA.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_mfa_enable_virtual.html" - ] - }, - "risk_details": "Unauthorized access to this critical account if password is not secure or it is disclosed in any way.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User does not have access keys or uses the access keys configured.", - "metadata": { - "event_code": "iam_user_no_setup_initial_access_key", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "User does not have access keys or uses the access keys configured.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "CAF Security Epic: IAM", - "compliance": { - "C5-2025": [ - "OPS-05.02AC", - "IAM-10.01B", - "CRY-03.01B", - "PSS-07.01B" - ], - "CIS-3.0": [ - "1.11" - ], - "ENS-RD2022": [ - "op.acc.6.aws.iam.4" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.11" - ], - "CIS-5.0": [ - "1.1" - ], - "CIS-1.4": [ - "1.11" - ], - "CIS-1.5": [ - "1.11" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC02-BP01" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1078", - "T1550" - ], - "CIS-2.0": [ - "1.11" - ], - "NIS2": [ - "9.2.c", - "9.2.c.iii" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Do not setup access keys during initial user setup for all IAM users that have a console password", - "title": "Do not setup access keys during initial user setup for all IAM users that have a console password", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_user_no_setup_initial_access_key-211203495394-us-east-1-" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "user": "", - "arn": "arn:aws:iam::211203495394:root", - "user_creation_time": "2025-10-03T16:10:08Z", - "password_enabled": "true", - "password_last_used": "2025-10-15T00:42:44Z", - "password_last_changed": "2025-10-03T16:10:08Z", - "password_next_rotation": "not_supported", - "mfa_active": "true", - "access_key_1_active": "false", - "access_key_1_last_rotated": "N/A", - "access_key_1_last_used_date": "N/A", - "access_key_1_last_used_region": "N/A", - "access_key_1_last_used_service": "N/A", - "access_key_2_active": "false", - "access_key_2_last_rotated": "N/A", - "access_key_2_last_used_date": "N/A", - "access_key_2_last_used_region": "N/A", - "access_key_2_last_used_service": "N/A", - "cert_1_active": "false", - "cert_1_last_rotated": "N/A", - "cert_2_active": "false", - "cert_2_last_rotated": "N/A" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "", - "type": "AwsIamAccessKey", - "uid": "arn:aws:iam::211203495394:root" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "From the IAM console: generate credential report and disable not required keys.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_getting-report.html" - ] - }, - "risk_details": "AWS console defaults the checkbox for creating access keys to enabled. This results in many access keys being generated unnecessarily. In addition to unnecessary credentials, it also generates unnecessary management work in auditing and rotating these keys. Requiring that additional steps be taken by the user after their profile has been created will give a stronger indication of intent that access keys are (a) necessary for their work and (b) once the access key is established on an account that the keys may be in use somewhere in the organization.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User terraform-user does not have access keys or uses the access keys configured.", - "metadata": { - "event_code": "iam_user_no_setup_initial_access_key", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "User terraform-user does not have access keys or uses the access keys configured.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "CAF Security Epic: IAM", - "compliance": { - "C5-2025": [ - "OPS-05.02AC", - "IAM-10.01B", - "CRY-03.01B", - "PSS-07.01B" - ], - "CIS-3.0": [ - "1.11" - ], - "ENS-RD2022": [ - "op.acc.6.aws.iam.4" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.11" - ], - "CIS-5.0": [ - "1.1" - ], - "CIS-1.4": [ - "1.11" - ], - "CIS-1.5": [ - "1.11" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC02-BP01" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1078", - "T1550" - ], - "CIS-2.0": [ - "1.11" - ], - "NIS2": [ - "9.2.c", - "9.2.c.iii" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Do not setup access keys during initial user setup for all IAM users that have a console password", - "title": "Do not setup access keys during initial user setup for all IAM users that have a console password", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_user_no_setup_initial_access_key-211203495394-us-east-1-terraform-user" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "user": "terraform-user", - "arn": "arn:aws:iam::211203495394:user/terraform-user", - "user_creation_time": "2025-10-06T15:56:43Z", - "password_enabled": "false", - "password_last_used": "N/A", - "password_last_changed": "N/A", - "password_next_rotation": "N/A", - "mfa_active": "false", - "access_key_1_active": "true", - "access_key_1_last_rotated": "2025-10-06T15:57:15Z", - "access_key_1_last_used_date": "2025-10-15T11:07:00Z", - "access_key_1_last_used_region": "ap-northeast-1", - "access_key_1_last_used_service": "ec2", - "access_key_2_active": "false", - "access_key_2_last_rotated": "N/A", - "access_key_2_last_used_date": "N/A", - "access_key_2_last_used_region": "N/A", - "access_key_2_last_used_service": "N/A", - "cert_1_active": "false", - "cert_1_last_rotated": "N/A", - "cert_2_active": "false", - "cert_2_last_rotated": "N/A" - } - }, - "group": { - "name": "iam" - }, - "labels": [ - "CCC_INFRA_DONT_DELETE:True", - "Preexisting:20251012" - ], - "name": "terraform-user", - "type": "AwsIamAccessKey", - "uid": "arn:aws:iam::211203495394:user/terraform-user" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "From the IAM console: generate credential report and disable not required keys.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_getting-report.html" - ] - }, - "risk_details": "AWS console defaults the checkbox for creating access keys to enabled. This results in many access keys being generated unnecessarily. In addition to unnecessary credentials, it also generates unnecessary management work in auditing and rotating these keys. Requiring that additional steps be taken by the user after their profile has been created will give a stronger indication of intent that access keys are (a) necessary for their work and (b) once the access key is established on an account that the keys may be in use somewhere in the organization.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User does not have 2 active access keys.", - "metadata": { - "event_code": "iam_user_two_active_access_key", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "User does not have 2 active access keys.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-10.01B", - "CRY-03.01B" - ], - "CIS-3.0": [ - "1.13" - ], - "ENS-RD2022": [ - "op.acc.6.aws.iam.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.13" - ], - "CIS-5.0": [ - "1.12" - ], - "CIS-1.4": [ - "1.13" - ], - "CIS-1.5": [ - "1.13" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC02-BP01" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1078", - "T1550" - ], - "CIS-2.0": [ - "1.13" - ], - "NIS2": [ - "9.2.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Check if IAM users have two active access keys", - "title": "Check if IAM users have two active access keys", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_user_two_active_access_key-211203495394-us-east-1-" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "user": "", - "arn": "arn:aws:iam::211203495394:root", - "user_creation_time": "2025-10-03T16:10:08Z", - "password_enabled": "true", - "password_last_used": "2025-10-15T00:42:44Z", - "password_last_changed": "2025-10-03T16:10:08Z", - "password_next_rotation": "not_supported", - "mfa_active": "true", - "access_key_1_active": "false", - "access_key_1_last_rotated": "N/A", - "access_key_1_last_used_date": "N/A", - "access_key_1_last_used_region": "N/A", - "access_key_1_last_used_service": "N/A", - "access_key_2_active": "false", - "access_key_2_last_rotated": "N/A", - "access_key_2_last_used_date": "N/A", - "access_key_2_last_used_region": "N/A", - "access_key_2_last_used_service": "N/A", - "cert_1_active": "false", - "cert_1_last_rotated": "N/A", - "cert_2_active": "false", - "cert_2_last_rotated": "N/A" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "", - "type": "AwsIamUser", - "uid": "arn:aws:iam::211203495394:root" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Avoid using long lived access keys.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListAccessKeys.html" - ] - }, - "risk_details": "Access Keys could be lost or stolen. It creates a critical risk.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User terraform-user does not have 2 active access keys.", - "metadata": { - "event_code": "iam_user_two_active_access_key", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "User terraform-user does not have 2 active access keys.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-10.01B", - "CRY-03.01B" - ], - "CIS-3.0": [ - "1.13" - ], - "ENS-RD2022": [ - "op.acc.6.aws.iam.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.13" - ], - "CIS-5.0": [ - "1.12" - ], - "CIS-1.4": [ - "1.13" - ], - "CIS-1.5": [ - "1.13" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC02-BP01" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1078", - "T1550" - ], - "CIS-2.0": [ - "1.13" - ], - "NIS2": [ - "9.2.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Check if IAM users have two active access keys", - "title": "Check if IAM users have two active access keys", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_user_two_active_access_key-211203495394-us-east-1-terraform-user" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "user": "terraform-user", - "arn": "arn:aws:iam::211203495394:user/terraform-user", - "user_creation_time": "2025-10-06T15:56:43Z", - "password_enabled": "false", - "password_last_used": "N/A", - "password_last_changed": "N/A", - "password_next_rotation": "N/A", - "mfa_active": "false", - "access_key_1_active": "true", - "access_key_1_last_rotated": "2025-10-06T15:57:15Z", - "access_key_1_last_used_date": "2025-10-15T11:07:00Z", - "access_key_1_last_used_region": "ap-northeast-1", - "access_key_1_last_used_service": "ec2", - "access_key_2_active": "false", - "access_key_2_last_rotated": "N/A", - "access_key_2_last_used_date": "N/A", - "access_key_2_last_used_region": "N/A", - "access_key_2_last_used_service": "N/A", - "cert_1_active": "false", - "cert_1_last_rotated": "N/A", - "cert_2_active": "false", - "cert_2_last_rotated": "N/A" - } - }, - "group": { - "name": "iam" - }, - "labels": [ - "CCC_INFRA_DONT_DELETE:True", - "Preexisting:20251012" - ], - "name": "terraform-user", - "type": "AwsIamUser", - "uid": "arn:aws:iam::211203495394:user/terraform-user" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Avoid using long lived access keys.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListAccessKeys.html" - ] - }, - "risk_details": "Access Keys could be lost or stolen. It creates a critical risk.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User terraform-user has long lived credentials with access to other services than IAM or STS.", - "metadata": { - "event_code": "iam_user_with_temporary_credentials", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "User terraform-user has long lived credentials with access to other services than IAM or STS.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-01.01B", - "IAM-01.04B", - "IAM-03.01B", - "IAM-03.03B", - "IAM-03.01AS", - "IAM-06.01B", - "IAM-08.02B" - ], - "AWS-Foundational-Technical-Review": [ - "IAM-002", - "IAM-0012" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.3", - "2.10.2" - ], - "KISA-ISMS-P-2023": [ - "2.5.3", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Ensure users make use of temporary credentials assuming IAM roles", - "title": "Ensure users make use of temporary credentials assuming IAM roles", - "types": [ - "Infrastructure Security" - ], - "uid": "prowler-aws-iam_user_with_temporary_credentials-211203495394-us-east-1-terraform-user" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "terraform-user", - "arn": "arn:aws:iam::211203495394:user/terraform-user" - } - }, - "group": { - "name": "iam" - }, - "labels": [ - "CCC_INFRA_DONT_DELETE:True", - "Preexisting:20251012" - ], - "name": "terraform-user", - "type": "AwsIamUser", - "uid": "arn:aws:iam::211203495394:user/terraform-user" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "As a best practice, use temporary security credentials (IAM roles) instead of creating long-term credentials like access keys, and don't create AWS account root user access keys.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html" - ] - }, - "risk_details": "As a best practice, use temporary security credentials (IAM roles) instead of creating long-term credentials like access keys, and don't create AWS account root user access keys.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 1b7c736d-854c-475a-a8a5-df95b3d7a4df is not being used but it has scheduled deletion.", - "metadata": { - "event_code": "kms_cmk_are_used", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "KMS CMK 1b7c736d-854c-475a-a8a5-df95b3d7a4df is not being used but it has scheduled deletion.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "CCC": [ - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP01" - ], - "ISO27001-2022": [ - "A.8.5", - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.1", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Check if there are CMK KMS keys not used.", - "title": "Check if there are CMK KMS keys not used.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-kms_cmk_are_used-211203495394-eu-west-1-1b7c736d-854c-475a-a8a5-df95b3d7a4df" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "1b7c736d-854c-475a-a8a5-df95b3d7a4df", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/1b7c736d-854c-475a-a8a5-df95b3d7a4df", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Id": "key-default-1", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [] - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "1b7c736d-854c-475a-a8a5-df95b3d7a4df", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/1b7c736d-854c-475a-a8a5-df95b3d7a4df" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Before deleting a customer master key (CMK), you might want to know how many cipher-texts were encrypted under that key.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-determining-usage.html" - ] - }, - "risk_details": "Unused keys may increase service cost.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 1f7c04ae-50f9-4bd6-b725-433368271fbd is not being used but it has scheduled deletion.", - "metadata": { - "event_code": "kms_cmk_are_used", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "KMS CMK 1f7c04ae-50f9-4bd6-b725-433368271fbd is not being used but it has scheduled deletion.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "CCC": [ - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP01" - ], - "ISO27001-2022": [ - "A.8.5", - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.1", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Check if there are CMK KMS keys not used.", - "title": "Check if there are CMK KMS keys not used.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-kms_cmk_are_used-211203495394-eu-west-1-1f7c04ae-50f9-4bd6-b725-433368271fbd" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "1f7c04ae-50f9-4bd6-b725-433368271fbd", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/1f7c04ae-50f9-4bd6-b725-433368271fbd", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Id": "key-default-1", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [] - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "1f7c04ae-50f9-4bd6-b725-433368271fbd", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/1f7c04ae-50f9-4bd6-b725-433368271fbd" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Before deleting a customer master key (CMK), you might want to know how many cipher-texts were encrypted under that key.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-determining-usage.html" - ] - }, - "risk_details": "Unused keys may increase service cost.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 29586687-b1be-4c1b-a758-1f2878050364 is not being used but it has scheduled deletion.", - "metadata": { - "event_code": "kms_cmk_are_used", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "KMS CMK 29586687-b1be-4c1b-a758-1f2878050364 is not being used but it has scheduled deletion.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "CCC": [ - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP01" - ], - "ISO27001-2022": [ - "A.8.5", - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.1", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Check if there are CMK KMS keys not used.", - "title": "Check if there are CMK KMS keys not used.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-kms_cmk_are_used-211203495394-eu-west-1-29586687-b1be-4c1b-a758-1f2878050364" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "29586687-b1be-4c1b-a758-1f2878050364", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/29586687-b1be-4c1b-a758-1f2878050364", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "Default", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [ - { - "TagKey": "Example", - "TagValue": "ex-rds" - }, - { - "TagKey": "GithubOrg", - "TagValue": "terraform-aws-modules" - }, - { - "TagKey": "GithubRepo", - "TagValue": "terraform-aws-rds-aurora" - } - ] - } - }, - "group": { - "name": "kms" - }, - "labels": [ - "TagKey:GithubRepo", - "TagValue:terraform-aws-rds-aurora" - ], - "name": "29586687-b1be-4c1b-a758-1f2878050364", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/29586687-b1be-4c1b-a758-1f2878050364" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Before deleting a customer master key (CMK), you might want to know how many cipher-texts were encrypted under that key.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-determining-usage.html" - ] - }, - "risk_details": "Unused keys may increase service cost.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 3c96a820-bc6c-4059-9a8e-3a283bf8c4f5 is not being used but it has scheduled deletion.", - "metadata": { - "event_code": "kms_cmk_are_used", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "KMS CMK 3c96a820-bc6c-4059-9a8e-3a283bf8c4f5 is not being used but it has scheduled deletion.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "CCC": [ - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP01" - ], - "ISO27001-2022": [ - "A.8.5", - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.1", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Check if there are CMK KMS keys not used.", - "title": "Check if there are CMK KMS keys not used.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-kms_cmk_are_used-211203495394-eu-west-1-3c96a820-bc6c-4059-9a8e-3a283bf8c4f5" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "3c96a820-bc6c-4059-9a8e-3a283bf8c4f5", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/3c96a820-bc6c-4059-9a8e-3a283bf8c4f5", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Id": "key-default-1", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [] - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "3c96a820-bc6c-4059-9a8e-3a283bf8c4f5", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/3c96a820-bc6c-4059-9a8e-3a283bf8c4f5" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Before deleting a customer master key (CMK), you might want to know how many cipher-texts were encrypted under that key.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-determining-usage.html" - ] - }, - "risk_details": "Unused keys may increase service cost.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 4cac849c-0540-454c-9d3c-cd040cfab4a9 is not being used but it has scheduled deletion.", - "metadata": { - "event_code": "kms_cmk_are_used", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "KMS CMK 4cac849c-0540-454c-9d3c-cd040cfab4a9 is not being used but it has scheduled deletion.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "CCC": [ - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP01" - ], - "ISO27001-2022": [ - "A.8.5", - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.1", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Check if there are CMK KMS keys not used.", - "title": "Check if there are CMK KMS keys not used.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-kms_cmk_are_used-211203495394-eu-west-1-4cac849c-0540-454c-9d3c-cd040cfab4a9" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "4cac849c-0540-454c-9d3c-cd040cfab4a9", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/4cac849c-0540-454c-9d3c-cd040cfab4a9", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Id": "key-default-1", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [] - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "4cac849c-0540-454c-9d3c-cd040cfab4a9", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/4cac849c-0540-454c-9d3c-cd040cfab4a9" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Before deleting a customer master key (CMK), you might want to know how many cipher-texts were encrypted under that key.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-determining-usage.html" - ] - }, - "risk_details": "Unused keys may increase service cost.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 51726887-02ae-44f3-a044-7e70d96761f9 is not being used but it has scheduled deletion.", - "metadata": { - "event_code": "kms_cmk_are_used", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "KMS CMK 51726887-02ae-44f3-a044-7e70d96761f9 is not being used but it has scheduled deletion.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "CCC": [ - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP01" - ], - "ISO27001-2022": [ - "A.8.5", - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.1", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Check if there are CMK KMS keys not used.", - "title": "Check if there are CMK KMS keys not used.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-kms_cmk_are_used-211203495394-eu-west-1-51726887-02ae-44f3-a044-7e70d96761f9" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "51726887-02ae-44f3-a044-7e70d96761f9", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/51726887-02ae-44f3-a044-7e70d96761f9", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "Default", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [ - { - "TagKey": "Example", - "TagValue": "ex-rds" - }, - { - "TagKey": "GithubOrg", - "TagValue": "terraform-aws-modules" - }, - { - "TagKey": "GithubRepo", - "TagValue": "terraform-aws-rds-aurora" - } - ] - } - }, - "group": { - "name": "kms" - }, - "labels": [ - "TagKey:GithubRepo", - "TagValue:terraform-aws-rds-aurora" - ], - "name": "51726887-02ae-44f3-a044-7e70d96761f9", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/51726887-02ae-44f3-a044-7e70d96761f9" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Before deleting a customer master key (CMK), you might want to know how many cipher-texts were encrypted under that key.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-determining-usage.html" - ] - }, - "risk_details": "Unused keys may increase service cost.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 6ce7a755-4867-4c6a-966c-896a1edcc078 is not being used but it has scheduled deletion.", - "metadata": { - "event_code": "kms_cmk_are_used", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "KMS CMK 6ce7a755-4867-4c6a-966c-896a1edcc078 is not being used but it has scheduled deletion.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "CCC": [ - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP01" - ], - "ISO27001-2022": [ - "A.8.5", - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.1", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Check if there are CMK KMS keys not used.", - "title": "Check if there are CMK KMS keys not used.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-kms_cmk_are_used-211203495394-eu-west-1-6ce7a755-4867-4c6a-966c-896a1edcc078" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "6ce7a755-4867-4c6a-966c-896a1edcc078", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/6ce7a755-4867-4c6a-966c-896a1edcc078", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Id": "key-default-1", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [] - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "6ce7a755-4867-4c6a-966c-896a1edcc078", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/6ce7a755-4867-4c6a-966c-896a1edcc078" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Before deleting a customer master key (CMK), you might want to know how many cipher-texts were encrypted under that key.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-determining-usage.html" - ] - }, - "risk_details": "Unused keys may increase service cost.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 737fb7a4-e9f8-4ab4-87a8-aac87372f1c4 is not being used but it has scheduled deletion.", - "metadata": { - "event_code": "kms_cmk_are_used", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "KMS CMK 737fb7a4-e9f8-4ab4-87a8-aac87372f1c4 is not being used but it has scheduled deletion.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "CCC": [ - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP01" - ], - "ISO27001-2022": [ - "A.8.5", - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.1", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Check if there are CMK KMS keys not used.", - "title": "Check if there are CMK KMS keys not used.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-kms_cmk_are_used-211203495394-eu-west-1-737fb7a4-e9f8-4ab4-87a8-aac87372f1c4" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "737fb7a4-e9f8-4ab4-87a8-aac87372f1c4", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/737fb7a4-e9f8-4ab4-87a8-aac87372f1c4", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Id": "key-default-1", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [] - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "737fb7a4-e9f8-4ab4-87a8-aac87372f1c4", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/737fb7a4-e9f8-4ab4-87a8-aac87372f1c4" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Before deleting a customer master key (CMK), you might want to know how many cipher-texts were encrypted under that key.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-determining-usage.html" - ] - }, - "risk_details": "Unused keys may increase service cost.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 7becded9-6105-409d-9ddc-1ec9ad37781a is not being used but it has scheduled deletion.", - "metadata": { - "event_code": "kms_cmk_are_used", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "KMS CMK 7becded9-6105-409d-9ddc-1ec9ad37781a is not being used but it has scheduled deletion.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "CCC": [ - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP01" - ], - "ISO27001-2022": [ - "A.8.5", - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.1", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Check if there are CMK KMS keys not used.", - "title": "Check if there are CMK KMS keys not used.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-kms_cmk_are_used-211203495394-eu-west-1-7becded9-6105-409d-9ddc-1ec9ad37781a" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "7becded9-6105-409d-9ddc-1ec9ad37781a", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/7becded9-6105-409d-9ddc-1ec9ad37781a", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "Default", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [ - { - "TagKey": "Example", - "TagValue": "ex-rds" - }, - { - "TagKey": "GithubOrg", - "TagValue": "terraform-aws-modules" - }, - { - "TagKey": "GithubRepo", - "TagValue": "terraform-aws-rds-aurora" - } - ] - } - }, - "group": { - "name": "kms" - }, - "labels": [ - "TagKey:GithubRepo", - "TagValue:terraform-aws-rds-aurora" - ], - "name": "7becded9-6105-409d-9ddc-1ec9ad37781a", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/7becded9-6105-409d-9ddc-1ec9ad37781a" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Before deleting a customer master key (CMK), you might want to know how many cipher-texts were encrypted under that key.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-determining-usage.html" - ] - }, - "risk_details": "Unused keys may increase service cost.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 84910ea5-e87b-4175-a70d-317307443c9b is not being used but it has scheduled deletion.", - "metadata": { - "event_code": "kms_cmk_are_used", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "KMS CMK 84910ea5-e87b-4175-a70d-317307443c9b is not being used but it has scheduled deletion.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "CCC": [ - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP01" - ], - "ISO27001-2022": [ - "A.8.5", - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.1", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Check if there are CMK KMS keys not used.", - "title": "Check if there are CMK KMS keys not used.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-kms_cmk_are_used-211203495394-eu-west-1-84910ea5-e87b-4175-a70d-317307443c9b" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "84910ea5-e87b-4175-a70d-317307443c9b", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/84910ea5-e87b-4175-a70d-317307443c9b", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Id": "key-default-1", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [] - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "84910ea5-e87b-4175-a70d-317307443c9b", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/84910ea5-e87b-4175-a70d-317307443c9b" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Before deleting a customer master key (CMK), you might want to know how many cipher-texts were encrypted under that key.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-determining-usage.html" - ] - }, - "risk_details": "Unused keys may increase service cost.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 8775e1db-1bd3-430a-859e-3f4c2add845f is not being used but it has scheduled deletion.", - "metadata": { - "event_code": "kms_cmk_are_used", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "KMS CMK 8775e1db-1bd3-430a-859e-3f4c2add845f is not being used but it has scheduled deletion.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "CCC": [ - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP01" - ], - "ISO27001-2022": [ - "A.8.5", - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.1", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Check if there are CMK KMS keys not used.", - "title": "Check if there are CMK KMS keys not used.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-kms_cmk_are_used-211203495394-eu-west-1-8775e1db-1bd3-430a-859e-3f4c2add845f" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "8775e1db-1bd3-430a-859e-3f4c2add845f", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/8775e1db-1bd3-430a-859e-3f4c2add845f", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Id": "key-default-1", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [] - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "8775e1db-1bd3-430a-859e-3f4c2add845f", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/8775e1db-1bd3-430a-859e-3f4c2add845f" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Before deleting a customer master key (CMK), you might want to know how many cipher-texts were encrypted under that key.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-determining-usage.html" - ] - }, - "risk_details": "Unused keys may increase service cost.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 99ad2e00-15a1-4135-b8fb-dd5accf3652f is not being used but it has scheduled deletion.", - "metadata": { - "event_code": "kms_cmk_are_used", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "KMS CMK 99ad2e00-15a1-4135-b8fb-dd5accf3652f is not being used but it has scheduled deletion.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "CCC": [ - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP01" - ], - "ISO27001-2022": [ - "A.8.5", - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.1", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Check if there are CMK KMS keys not used.", - "title": "Check if there are CMK KMS keys not used.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-kms_cmk_are_used-211203495394-eu-west-1-99ad2e00-15a1-4135-b8fb-dd5accf3652f" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "99ad2e00-15a1-4135-b8fb-dd5accf3652f", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/99ad2e00-15a1-4135-b8fb-dd5accf3652f", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Id": "key-default-1", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [] - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "99ad2e00-15a1-4135-b8fb-dd5accf3652f", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/99ad2e00-15a1-4135-b8fb-dd5accf3652f" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Before deleting a customer master key (CMK), you might want to know how many cipher-texts were encrypted under that key.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-determining-usage.html" - ] - }, - "risk_details": "Unused keys may increase service cost.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 9df09165-d3c4-46c5-954f-a66bcb65f64f is not being used but it has scheduled deletion.", - "metadata": { - "event_code": "kms_cmk_are_used", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "KMS CMK 9df09165-d3c4-46c5-954f-a66bcb65f64f is not being used but it has scheduled deletion.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "CCC": [ - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP01" - ], - "ISO27001-2022": [ - "A.8.5", - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.1", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Check if there are CMK KMS keys not used.", - "title": "Check if there are CMK KMS keys not used.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-kms_cmk_are_used-211203495394-eu-west-1-9df09165-d3c4-46c5-954f-a66bcb65f64f" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "9df09165-d3c4-46c5-954f-a66bcb65f64f", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/9df09165-d3c4-46c5-954f-a66bcb65f64f", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Id": "key-default-1", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [] - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "9df09165-d3c4-46c5-954f-a66bcb65f64f", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/9df09165-d3c4-46c5-954f-a66bcb65f64f" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Before deleting a customer master key (CMK), you might want to know how many cipher-texts were encrypted under that key.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-determining-usage.html" - ] - }, - "risk_details": "Unused keys may increase service cost.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK b6fe9898-8d78-4d6f-aeeb-2f2083ab7552 is not being used but it has scheduled deletion.", - "metadata": { - "event_code": "kms_cmk_are_used", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "KMS CMK b6fe9898-8d78-4d6f-aeeb-2f2083ab7552 is not being used but it has scheduled deletion.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "CCC": [ - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP01" - ], - "ISO27001-2022": [ - "A.8.5", - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.1", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Check if there are CMK KMS keys not used.", - "title": "Check if there are CMK KMS keys not used.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-kms_cmk_are_used-211203495394-eu-west-1-b6fe9898-8d78-4d6f-aeeb-2f2083ab7552" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "b6fe9898-8d78-4d6f-aeeb-2f2083ab7552", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/b6fe9898-8d78-4d6f-aeeb-2f2083ab7552", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Id": "key-default-1", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [] - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "b6fe9898-8d78-4d6f-aeeb-2f2083ab7552", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/b6fe9898-8d78-4d6f-aeeb-2f2083ab7552" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Before deleting a customer master key (CMK), you might want to know how many cipher-texts were encrypted under that key.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-determining-usage.html" - ] - }, - "risk_details": "Unused keys may increase service cost.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK c28e1f44-d1bb-40d8-beef-21efdcb66bb7 is not being used but it has scheduled deletion.", - "metadata": { - "event_code": "kms_cmk_are_used", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "KMS CMK c28e1f44-d1bb-40d8-beef-21efdcb66bb7 is not being used but it has scheduled deletion.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "CCC": [ - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP01" - ], - "ISO27001-2022": [ - "A.8.5", - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.1", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Check if there are CMK KMS keys not used.", - "title": "Check if there are CMK KMS keys not used.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-kms_cmk_are_used-211203495394-eu-west-1-c28e1f44-d1bb-40d8-beef-21efdcb66bb7" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "c28e1f44-d1bb-40d8-beef-21efdcb66bb7", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/c28e1f44-d1bb-40d8-beef-21efdcb66bb7", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "Default", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [ - { - "TagKey": "Example", - "TagValue": "ex-rds" - }, - { - "TagKey": "GithubOrg", - "TagValue": "terraform-aws-modules" - }, - { - "TagKey": "GithubRepo", - "TagValue": "terraform-aws-rds-aurora" - } - ] - } - }, - "group": { - "name": "kms" - }, - "labels": [ - "TagKey:GithubRepo", - "TagValue:terraform-aws-rds-aurora" - ], - "name": "c28e1f44-d1bb-40d8-beef-21efdcb66bb7", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/c28e1f44-d1bb-40d8-beef-21efdcb66bb7" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Before deleting a customer master key (CMK), you might want to know how many cipher-texts were encrypted under that key.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-determining-usage.html" - ] - }, - "risk_details": "Unused keys may increase service cost.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK c45a036b-843a-48be-9621-57e49da9e4f6 is not being used but it has scheduled deletion.", - "metadata": { - "event_code": "kms_cmk_are_used", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "KMS CMK c45a036b-843a-48be-9621-57e49da9e4f6 is not being used but it has scheduled deletion.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "CCC": [ - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP01" - ], - "ISO27001-2022": [ - "A.8.5", - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.1", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Check if there are CMK KMS keys not used.", - "title": "Check if there are CMK KMS keys not used.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-kms_cmk_are_used-211203495394-eu-west-1-c45a036b-843a-48be-9621-57e49da9e4f6" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "c45a036b-843a-48be-9621-57e49da9e4f6", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/c45a036b-843a-48be-9621-57e49da9e4f6", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "Default", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [ - { - "TagKey": "Example", - "TagValue": "ex-rds" - }, - { - "TagKey": "GithubOrg", - "TagValue": "terraform-aws-modules" - }, - { - "TagKey": "GithubRepo", - "TagValue": "terraform-aws-rds-aurora" - } - ] - } - }, - "group": { - "name": "kms" - }, - "labels": [ - "TagKey:GithubRepo", - "TagValue:terraform-aws-rds-aurora" - ], - "name": "c45a036b-843a-48be-9621-57e49da9e4f6", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/c45a036b-843a-48be-9621-57e49da9e4f6" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Before deleting a customer master key (CMK), you might want to know how many cipher-texts were encrypted under that key.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-determining-usage.html" - ] - }, - "risk_details": "Unused keys may increase service cost.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK cdbd7090-6c87-4e56-b755-fddf82d253ef is not being used but it has scheduled deletion.", - "metadata": { - "event_code": "kms_cmk_are_used", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "KMS CMK cdbd7090-6c87-4e56-b755-fddf82d253ef is not being used but it has scheduled deletion.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "CCC": [ - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP01" - ], - "ISO27001-2022": [ - "A.8.5", - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.1", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Check if there are CMK KMS keys not used.", - "title": "Check if there are CMK KMS keys not used.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-kms_cmk_are_used-211203495394-eu-west-1-cdbd7090-6c87-4e56-b755-fddf82d253ef" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "cdbd7090-6c87-4e56-b755-fddf82d253ef", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/cdbd7090-6c87-4e56-b755-fddf82d253ef", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Id": "key-default-1", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [] - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "cdbd7090-6c87-4e56-b755-fddf82d253ef", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/cdbd7090-6c87-4e56-b755-fddf82d253ef" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Before deleting a customer master key (CMK), you might want to know how many cipher-texts were encrypted under that key.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-determining-usage.html" - ] - }, - "risk_details": "Unused keys may increase service cost.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK cf944303-41d3-401c-b296-00cbbb3d5ca4 is not being used but it has scheduled deletion.", - "metadata": { - "event_code": "kms_cmk_are_used", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "KMS CMK cf944303-41d3-401c-b296-00cbbb3d5ca4 is not being used but it has scheduled deletion.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "CCC": [ - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP01" - ], - "ISO27001-2022": [ - "A.8.5", - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.1", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Check if there are CMK KMS keys not used.", - "title": "Check if there are CMK KMS keys not used.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-kms_cmk_are_used-211203495394-eu-west-1-cf944303-41d3-401c-b296-00cbbb3d5ca4" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "cf944303-41d3-401c-b296-00cbbb3d5ca4", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/cf944303-41d3-401c-b296-00cbbb3d5ca4", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Id": "key-default-1", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [] - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "cf944303-41d3-401c-b296-00cbbb3d5ca4", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/cf944303-41d3-401c-b296-00cbbb3d5ca4" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Before deleting a customer master key (CMK), you might want to know how many cipher-texts were encrypted under that key.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-determining-usage.html" - ] - }, - "risk_details": "Unused keys may increase service cost.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 939cf539-5ce7-4c5f-a055-b2eb4fe5d9be is not being used but it has scheduled deletion.", - "metadata": { - "event_code": "kms_cmk_are_used", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "KMS CMK 939cf539-5ce7-4c5f-a055-b2eb4fe5d9be is not being used but it has scheduled deletion.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "CCC": [ - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP01" - ], - "ISO27001-2022": [ - "A.8.5", - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.1", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Check if there are CMK KMS keys not used.", - "title": "Check if there are CMK KMS keys not used.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-kms_cmk_are_used-211203495394-us-east-1-939cf539-5ce7-4c5f-a055-b2eb4fe5d9be" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "id": "939cf539-5ce7-4c5f-a055-b2eb4fe5d9be", - "arn": "arn:aws:kms:us-east-1:211203495394:key/939cf539-5ce7-4c5f-a055-b2eb4fe5d9be", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - }, - { - "Sid": "Allow CloudWatch Logs", - "Effect": "Allow", - "Principal": { - "Service": "logs.us-east-1.amazonaws.com" - }, - "Action": [ - "kms:Encrypt*", - "kms:Decrypt*", - "kms:ReEncrypt*", - "kms:GenerateDataKey*", - "kms:Describe*" - ], - "Resource": "*", - "Condition": { - "ArnLike": { - "kms:EncryptionContext:aws:logs:arn": "arn:aws:logs:us-east-1:211203495394:log-group:/aws/s3/*" - } - } - }, - { - "Sid": "Allow Key Users", - "Effect": "Allow", - "Principal": { - "AWS": [ - "arn:aws:iam::211203495394:root", - "arn:aws:iam::211203495394:user/terraform-user" - ] - }, - "Action": [ - "kms:Encrypt", - "kms:Decrypt", - "kms:ReEncrypt*", - "kms:GenerateDataKey*", - "kms:DescribeKey" - ], - "Resource": "*", - "Condition": { - "ArnLike": { - "kms:EncryptionContext:aws:logs:arn": "arn:aws:logs:us-east-1:211203495394:log-group:/aws/s3/*" - } - } - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "us-east-1", - "multi_region": false, - "tags": [ - { - "TagKey": "Environment", - "TagValue": "Production" - }, - { - "TagKey": "Owner", - "TagValue": "CFI" - }, - { - "TagKey": "managed-by", - "TagValue": "terraform" - }, - { - "TagKey": "module", - "TagValue": "secure-s3" - } - ] - } - }, - "group": { - "name": "kms" - }, - "labels": [ - "TagKey:module", - "TagValue:secure-s3" - ], - "name": "939cf539-5ce7-4c5f-a055-b2eb4fe5d9be", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:us-east-1:211203495394:key/939cf539-5ce7-4c5f-a055-b2eb4fe5d9be" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Before deleting a customer master key (CMK), you might want to know how many cipher-texts were encrypted under that key.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-determining-usage.html" - ] - }, - "risk_details": "Unused keys may increase service cost.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK a80c0553-bf44-472b-a141-674b2d47209b is not being used but it has scheduled deletion.", - "metadata": { - "event_code": "kms_cmk_are_used", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "KMS CMK a80c0553-bf44-472b-a141-674b2d47209b is not being used but it has scheduled deletion.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "CCC": [ - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP01" - ], - "ISO27001-2022": [ - "A.8.5", - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.1", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Check if there are CMK KMS keys not used.", - "title": "Check if there are CMK KMS keys not used.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-kms_cmk_are_used-211203495394-us-east-1-a80c0553-bf44-472b-a141-674b2d47209b" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "id": "a80c0553-bf44-472b-a141-674b2d47209b", - "arn": "arn:aws:kms:us-east-1:211203495394:key/a80c0553-bf44-472b-a141-674b2d47209b", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - }, - { - "Sid": "Allow CloudWatch Logs", - "Effect": "Allow", - "Principal": { - "Service": "logs.us-east-1.amazonaws.com" - }, - "Action": [ - "kms:Encrypt*", - "kms:Decrypt*", - "kms:ReEncrypt*", - "kms:GenerateDataKey*", - "kms:Describe*" - ], - "Resource": "*", - "Condition": { - "ArnLike": { - "kms:EncryptionContext:aws:logs:arn": "arn:aws:logs:us-east-1:211203495394:log-group:/aws/s3/*" - } - } - }, - { - "Sid": "Allow Key Users", - "Effect": "Allow", - "Principal": { - "AWS": [ - "arn:aws:iam::211203495394:root", - "arn:aws:iam::211203495394:user/terraform-user" - ] - }, - "Action": [ - "kms:Encrypt", - "kms:Decrypt", - "kms:ReEncrypt*", - "kms:GenerateDataKey*", - "kms:DescribeKey" - ], - "Resource": "*", - "Condition": { - "ArnLike": { - "kms:EncryptionContext:aws:logs:arn": "arn:aws:logs:us-east-1:211203495394:log-group:/aws/s3/*" - } - } - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "us-east-1", - "multi_region": false, - "tags": [ - { - "TagKey": "Environment", - "TagValue": "Production" - }, - { - "TagKey": "Owner", - "TagValue": "CFI" - }, - { - "TagKey": "managed-by", - "TagValue": "terraform" - }, - { - "TagKey": "module", - "TagValue": "secure-s3" - } - ] - } - }, - "group": { - "name": "kms" - }, - "labels": [ - "TagKey:module", - "TagValue:secure-s3" - ], - "name": "a80c0553-bf44-472b-a141-674b2d47209b", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:us-east-1:211203495394:key/a80c0553-bf44-472b-a141-674b2d47209b" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Before deleting a customer master key (CMK), you might want to know how many cipher-texts were encrypted under that key.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-determining-usage.html" - ] - }, - "risk_details": "Unused keys may increase service cost.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK bcf39cd2-6148-425c-8c08-c140ee2c5a9f is not being used but it has scheduled deletion.", - "metadata": { - "event_code": "kms_cmk_are_used", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "KMS CMK bcf39cd2-6148-425c-8c08-c140ee2c5a9f is not being used but it has scheduled deletion.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "CCC": [ - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP01" - ], - "ISO27001-2022": [ - "A.8.5", - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.1", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Check if there are CMK KMS keys not used.", - "title": "Check if there are CMK KMS keys not used.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-kms_cmk_are_used-211203495394-us-east-1-bcf39cd2-6148-425c-8c08-c140ee2c5a9f" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "id": "bcf39cd2-6148-425c-8c08-c140ee2c5a9f", - "arn": "arn:aws:kms:us-east-1:211203495394:key/bcf39cd2-6148-425c-8c08-c140ee2c5a9f", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - }, - { - "Sid": "Allow CloudWatch Logs", - "Effect": "Allow", - "Principal": { - "Service": "logs.us-east-1.amazonaws.com" - }, - "Action": [ - "kms:Encrypt*", - "kms:Decrypt*", - "kms:ReEncrypt*", - "kms:GenerateDataKey*", - "kms:Describe*" - ], - "Resource": "*", - "Condition": { - "ArnLike": { - "kms:EncryptionContext:aws:logs:arn": "arn:aws:logs:us-east-1:211203495394:log-group:/aws/s3/*" - } - } - }, - { - "Sid": "Allow Key Users", - "Effect": "Allow", - "Principal": { - "AWS": [ - "arn:aws:iam::211203495394:root", - "arn:aws:iam::211203495394:user/terraform-user" - ] - }, - "Action": [ - "kms:Encrypt", - "kms:Decrypt", - "kms:ReEncrypt*", - "kms:GenerateDataKey*", - "kms:DescribeKey" - ], - "Resource": "*", - "Condition": { - "ArnLike": { - "kms:EncryptionContext:aws:logs:arn": "arn:aws:logs:us-east-1:211203495394:log-group:/aws/s3/*" - } - } - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "us-east-1", - "multi_region": false, - "tags": [ - { - "TagKey": "Environment", - "TagValue": "Production" - }, - { - "TagKey": "Owner", - "TagValue": "CFI" - }, - { - "TagKey": "managed-by", - "TagValue": "terraform" - }, - { - "TagKey": "module", - "TagValue": "secure-s3" - } - ] - } - }, - "group": { - "name": "kms" - }, - "labels": [ - "TagKey:module", - "TagValue:secure-s3" - ], - "name": "bcf39cd2-6148-425c-8c08-c140ee2c5a9f", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:us-east-1:211203495394:key/bcf39cd2-6148-425c-8c08-c140ee2c5a9f" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Before deleting a customer master key (CMK), you might want to know how many cipher-texts were encrypted under that key.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-determining-usage.html" - ] - }, - "risk_details": "Unused keys may increase service cost.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 1b7c736d-854c-475a-a8a5-df95b3d7a4df is scheduled for deletion, revert it if it was unintentionally.", - "metadata": { - "event_code": "kms_cmk_not_deleted_unintentionally", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "FAIL", - "status_detail": "KMS CMK 1b7c736d-854c-475a-a8a5-df95b3d7a4df is scheduled for deletion, revert it if it was unintentionally.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "AM-07.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-16.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.9.2", - "2.10.1" - ], - "PCI-4.0": [ - "3.5.1.1.9", - "3.5.1.3.17", - "3.6.1.2.9", - "3.6.1.3.9", - "3.6.1.4.9", - "3.6.1.9", - "3.7.1.10", - "3.7.2.9", - "3.7.4.10", - "3.7.6.9", - "3.7.7.9", - "4.2.1.1.22" - ], - "CCC": [ - "CCC.KeyMgmt.CN01.AR01", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR02", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.ObjStor.CN05.AR04", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Foundational-Security-Best-Practices": [ - "KMS.3" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.9.2", - "2.10.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Ensure there is no customer keys scheduled for deletion.", - "title": "AWS KMS keys should not be deleted unintentionally", - "types": [ - "Data Deletion Protection" - ], - "uid": "prowler-aws-kms_cmk_not_deleted_unintentionally-211203495394-eu-west-1-1b7c736d-854c-475a-a8a5-df95b3d7a4df" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "1b7c736d-854c-475a-a8a5-df95b3d7a4df", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/1b7c736d-854c-475a-a8a5-df95b3d7a4df", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Id": "key-default-1", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [] - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "1b7c736d-854c-475a-a8a5-df95b3d7a4df", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/1b7c736d-854c-475a-a8a5-df95b3d7a4df" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Cancel the deletion before the end of the period unless you really want to delete that CMK, as it will no longer be usable.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html#deleting-keys-scheduling-key-deletion-console" - ] - }, - "risk_details": "KMS keys cannot be recovered once deleted, also, all the data under a KMS key is also permanently unrecoverable if the KMS key is deleted.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 1f7c04ae-50f9-4bd6-b725-433368271fbd is scheduled for deletion, revert it if it was unintentionally.", - "metadata": { - "event_code": "kms_cmk_not_deleted_unintentionally", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "FAIL", - "status_detail": "KMS CMK 1f7c04ae-50f9-4bd6-b725-433368271fbd is scheduled for deletion, revert it if it was unintentionally.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "AM-07.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-16.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.9.2", - "2.10.1" - ], - "PCI-4.0": [ - "3.5.1.1.9", - "3.5.1.3.17", - "3.6.1.2.9", - "3.6.1.3.9", - "3.6.1.4.9", - "3.6.1.9", - "3.7.1.10", - "3.7.2.9", - "3.7.4.10", - "3.7.6.9", - "3.7.7.9", - "4.2.1.1.22" - ], - "CCC": [ - "CCC.KeyMgmt.CN01.AR01", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR02", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.ObjStor.CN05.AR04", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Foundational-Security-Best-Practices": [ - "KMS.3" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.9.2", - "2.10.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Ensure there is no customer keys scheduled for deletion.", - "title": "AWS KMS keys should not be deleted unintentionally", - "types": [ - "Data Deletion Protection" - ], - "uid": "prowler-aws-kms_cmk_not_deleted_unintentionally-211203495394-eu-west-1-1f7c04ae-50f9-4bd6-b725-433368271fbd" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "1f7c04ae-50f9-4bd6-b725-433368271fbd", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/1f7c04ae-50f9-4bd6-b725-433368271fbd", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Id": "key-default-1", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [] - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "1f7c04ae-50f9-4bd6-b725-433368271fbd", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/1f7c04ae-50f9-4bd6-b725-433368271fbd" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Cancel the deletion before the end of the period unless you really want to delete that CMK, as it will no longer be usable.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html#deleting-keys-scheduling-key-deletion-console" - ] - }, - "risk_details": "KMS keys cannot be recovered once deleted, also, all the data under a KMS key is also permanently unrecoverable if the KMS key is deleted.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 29586687-b1be-4c1b-a758-1f2878050364 is scheduled for deletion, revert it if it was unintentionally.", - "metadata": { - "event_code": "kms_cmk_not_deleted_unintentionally", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "FAIL", - "status_detail": "KMS CMK 29586687-b1be-4c1b-a758-1f2878050364 is scheduled for deletion, revert it if it was unintentionally.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "AM-07.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-16.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.9.2", - "2.10.1" - ], - "PCI-4.0": [ - "3.5.1.1.9", - "3.5.1.3.17", - "3.6.1.2.9", - "3.6.1.3.9", - "3.6.1.4.9", - "3.6.1.9", - "3.7.1.10", - "3.7.2.9", - "3.7.4.10", - "3.7.6.9", - "3.7.7.9", - "4.2.1.1.22" - ], - "CCC": [ - "CCC.KeyMgmt.CN01.AR01", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR02", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.ObjStor.CN05.AR04", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Foundational-Security-Best-Practices": [ - "KMS.3" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.9.2", - "2.10.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Ensure there is no customer keys scheduled for deletion.", - "title": "AWS KMS keys should not be deleted unintentionally", - "types": [ - "Data Deletion Protection" - ], - "uid": "prowler-aws-kms_cmk_not_deleted_unintentionally-211203495394-eu-west-1-29586687-b1be-4c1b-a758-1f2878050364" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "29586687-b1be-4c1b-a758-1f2878050364", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/29586687-b1be-4c1b-a758-1f2878050364", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "Default", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [ - { - "TagKey": "Example", - "TagValue": "ex-rds" - }, - { - "TagKey": "GithubOrg", - "TagValue": "terraform-aws-modules" - }, - { - "TagKey": "GithubRepo", - "TagValue": "terraform-aws-rds-aurora" - } - ] - } - }, - "group": { - "name": "kms" - }, - "labels": [ - "TagKey:GithubRepo", - "TagValue:terraform-aws-rds-aurora" - ], - "name": "29586687-b1be-4c1b-a758-1f2878050364", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/29586687-b1be-4c1b-a758-1f2878050364" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Cancel the deletion before the end of the period unless you really want to delete that CMK, as it will no longer be usable.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html#deleting-keys-scheduling-key-deletion-console" - ] - }, - "risk_details": "KMS keys cannot be recovered once deleted, also, all the data under a KMS key is also permanently unrecoverable if the KMS key is deleted.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 3c96a820-bc6c-4059-9a8e-3a283bf8c4f5 is scheduled for deletion, revert it if it was unintentionally.", - "metadata": { - "event_code": "kms_cmk_not_deleted_unintentionally", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "FAIL", - "status_detail": "KMS CMK 3c96a820-bc6c-4059-9a8e-3a283bf8c4f5 is scheduled for deletion, revert it if it was unintentionally.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "AM-07.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-16.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.9.2", - "2.10.1" - ], - "PCI-4.0": [ - "3.5.1.1.9", - "3.5.1.3.17", - "3.6.1.2.9", - "3.6.1.3.9", - "3.6.1.4.9", - "3.6.1.9", - "3.7.1.10", - "3.7.2.9", - "3.7.4.10", - "3.7.6.9", - "3.7.7.9", - "4.2.1.1.22" - ], - "CCC": [ - "CCC.KeyMgmt.CN01.AR01", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR02", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.ObjStor.CN05.AR04", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Foundational-Security-Best-Practices": [ - "KMS.3" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.9.2", - "2.10.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Ensure there is no customer keys scheduled for deletion.", - "title": "AWS KMS keys should not be deleted unintentionally", - "types": [ - "Data Deletion Protection" - ], - "uid": "prowler-aws-kms_cmk_not_deleted_unintentionally-211203495394-eu-west-1-3c96a820-bc6c-4059-9a8e-3a283bf8c4f5" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "3c96a820-bc6c-4059-9a8e-3a283bf8c4f5", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/3c96a820-bc6c-4059-9a8e-3a283bf8c4f5", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Id": "key-default-1", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [] - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "3c96a820-bc6c-4059-9a8e-3a283bf8c4f5", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/3c96a820-bc6c-4059-9a8e-3a283bf8c4f5" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Cancel the deletion before the end of the period unless you really want to delete that CMK, as it will no longer be usable.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html#deleting-keys-scheduling-key-deletion-console" - ] - }, - "risk_details": "KMS keys cannot be recovered once deleted, also, all the data under a KMS key is also permanently unrecoverable if the KMS key is deleted.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 4cac849c-0540-454c-9d3c-cd040cfab4a9 is scheduled for deletion, revert it if it was unintentionally.", - "metadata": { - "event_code": "kms_cmk_not_deleted_unintentionally", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "FAIL", - "status_detail": "KMS CMK 4cac849c-0540-454c-9d3c-cd040cfab4a9 is scheduled for deletion, revert it if it was unintentionally.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "AM-07.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-16.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.9.2", - "2.10.1" - ], - "PCI-4.0": [ - "3.5.1.1.9", - "3.5.1.3.17", - "3.6.1.2.9", - "3.6.1.3.9", - "3.6.1.4.9", - "3.6.1.9", - "3.7.1.10", - "3.7.2.9", - "3.7.4.10", - "3.7.6.9", - "3.7.7.9", - "4.2.1.1.22" - ], - "CCC": [ - "CCC.KeyMgmt.CN01.AR01", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR02", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.ObjStor.CN05.AR04", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Foundational-Security-Best-Practices": [ - "KMS.3" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.9.2", - "2.10.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Ensure there is no customer keys scheduled for deletion.", - "title": "AWS KMS keys should not be deleted unintentionally", - "types": [ - "Data Deletion Protection" - ], - "uid": "prowler-aws-kms_cmk_not_deleted_unintentionally-211203495394-eu-west-1-4cac849c-0540-454c-9d3c-cd040cfab4a9" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "4cac849c-0540-454c-9d3c-cd040cfab4a9", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/4cac849c-0540-454c-9d3c-cd040cfab4a9", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Id": "key-default-1", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [] - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "4cac849c-0540-454c-9d3c-cd040cfab4a9", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/4cac849c-0540-454c-9d3c-cd040cfab4a9" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Cancel the deletion before the end of the period unless you really want to delete that CMK, as it will no longer be usable.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html#deleting-keys-scheduling-key-deletion-console" - ] - }, - "risk_details": "KMS keys cannot be recovered once deleted, also, all the data under a KMS key is also permanently unrecoverable if the KMS key is deleted.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 51726887-02ae-44f3-a044-7e70d96761f9 is scheduled for deletion, revert it if it was unintentionally.", - "metadata": { - "event_code": "kms_cmk_not_deleted_unintentionally", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "FAIL", - "status_detail": "KMS CMK 51726887-02ae-44f3-a044-7e70d96761f9 is scheduled for deletion, revert it if it was unintentionally.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "AM-07.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-16.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.9.2", - "2.10.1" - ], - "PCI-4.0": [ - "3.5.1.1.9", - "3.5.1.3.17", - "3.6.1.2.9", - "3.6.1.3.9", - "3.6.1.4.9", - "3.6.1.9", - "3.7.1.10", - "3.7.2.9", - "3.7.4.10", - "3.7.6.9", - "3.7.7.9", - "4.2.1.1.22" - ], - "CCC": [ - "CCC.KeyMgmt.CN01.AR01", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR02", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.ObjStor.CN05.AR04", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Foundational-Security-Best-Practices": [ - "KMS.3" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.9.2", - "2.10.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Ensure there is no customer keys scheduled for deletion.", - "title": "AWS KMS keys should not be deleted unintentionally", - "types": [ - "Data Deletion Protection" - ], - "uid": "prowler-aws-kms_cmk_not_deleted_unintentionally-211203495394-eu-west-1-51726887-02ae-44f3-a044-7e70d96761f9" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "51726887-02ae-44f3-a044-7e70d96761f9", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/51726887-02ae-44f3-a044-7e70d96761f9", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "Default", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [ - { - "TagKey": "Example", - "TagValue": "ex-rds" - }, - { - "TagKey": "GithubOrg", - "TagValue": "terraform-aws-modules" - }, - { - "TagKey": "GithubRepo", - "TagValue": "terraform-aws-rds-aurora" - } - ] - } - }, - "group": { - "name": "kms" - }, - "labels": [ - "TagKey:GithubRepo", - "TagValue:terraform-aws-rds-aurora" - ], - "name": "51726887-02ae-44f3-a044-7e70d96761f9", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/51726887-02ae-44f3-a044-7e70d96761f9" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Cancel the deletion before the end of the period unless you really want to delete that CMK, as it will no longer be usable.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html#deleting-keys-scheduling-key-deletion-console" - ] - }, - "risk_details": "KMS keys cannot be recovered once deleted, also, all the data under a KMS key is also permanently unrecoverable if the KMS key is deleted.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 6ce7a755-4867-4c6a-966c-896a1edcc078 is scheduled for deletion, revert it if it was unintentionally.", - "metadata": { - "event_code": "kms_cmk_not_deleted_unintentionally", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "FAIL", - "status_detail": "KMS CMK 6ce7a755-4867-4c6a-966c-896a1edcc078 is scheduled for deletion, revert it if it was unintentionally.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "AM-07.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-16.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.9.2", - "2.10.1" - ], - "PCI-4.0": [ - "3.5.1.1.9", - "3.5.1.3.17", - "3.6.1.2.9", - "3.6.1.3.9", - "3.6.1.4.9", - "3.6.1.9", - "3.7.1.10", - "3.7.2.9", - "3.7.4.10", - "3.7.6.9", - "3.7.7.9", - "4.2.1.1.22" - ], - "CCC": [ - "CCC.KeyMgmt.CN01.AR01", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR02", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.ObjStor.CN05.AR04", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Foundational-Security-Best-Practices": [ - "KMS.3" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.9.2", - "2.10.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Ensure there is no customer keys scheduled for deletion.", - "title": "AWS KMS keys should not be deleted unintentionally", - "types": [ - "Data Deletion Protection" - ], - "uid": "prowler-aws-kms_cmk_not_deleted_unintentionally-211203495394-eu-west-1-6ce7a755-4867-4c6a-966c-896a1edcc078" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "6ce7a755-4867-4c6a-966c-896a1edcc078", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/6ce7a755-4867-4c6a-966c-896a1edcc078", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Id": "key-default-1", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [] - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "6ce7a755-4867-4c6a-966c-896a1edcc078", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/6ce7a755-4867-4c6a-966c-896a1edcc078" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Cancel the deletion before the end of the period unless you really want to delete that CMK, as it will no longer be usable.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html#deleting-keys-scheduling-key-deletion-console" - ] - }, - "risk_details": "KMS keys cannot be recovered once deleted, also, all the data under a KMS key is also permanently unrecoverable if the KMS key is deleted.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 737fb7a4-e9f8-4ab4-87a8-aac87372f1c4 is scheduled for deletion, revert it if it was unintentionally.", - "metadata": { - "event_code": "kms_cmk_not_deleted_unintentionally", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "FAIL", - "status_detail": "KMS CMK 737fb7a4-e9f8-4ab4-87a8-aac87372f1c4 is scheduled for deletion, revert it if it was unintentionally.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "AM-07.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-16.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.9.2", - "2.10.1" - ], - "PCI-4.0": [ - "3.5.1.1.9", - "3.5.1.3.17", - "3.6.1.2.9", - "3.6.1.3.9", - "3.6.1.4.9", - "3.6.1.9", - "3.7.1.10", - "3.7.2.9", - "3.7.4.10", - "3.7.6.9", - "3.7.7.9", - "4.2.1.1.22" - ], - "CCC": [ - "CCC.KeyMgmt.CN01.AR01", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR02", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.ObjStor.CN05.AR04", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Foundational-Security-Best-Practices": [ - "KMS.3" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.9.2", - "2.10.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Ensure there is no customer keys scheduled for deletion.", - "title": "AWS KMS keys should not be deleted unintentionally", - "types": [ - "Data Deletion Protection" - ], - "uid": "prowler-aws-kms_cmk_not_deleted_unintentionally-211203495394-eu-west-1-737fb7a4-e9f8-4ab4-87a8-aac87372f1c4" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "737fb7a4-e9f8-4ab4-87a8-aac87372f1c4", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/737fb7a4-e9f8-4ab4-87a8-aac87372f1c4", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Id": "key-default-1", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [] - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "737fb7a4-e9f8-4ab4-87a8-aac87372f1c4", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/737fb7a4-e9f8-4ab4-87a8-aac87372f1c4" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Cancel the deletion before the end of the period unless you really want to delete that CMK, as it will no longer be usable.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html#deleting-keys-scheduling-key-deletion-console" - ] - }, - "risk_details": "KMS keys cannot be recovered once deleted, also, all the data under a KMS key is also permanently unrecoverable if the KMS key is deleted.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 7becded9-6105-409d-9ddc-1ec9ad37781a is scheduled for deletion, revert it if it was unintentionally.", - "metadata": { - "event_code": "kms_cmk_not_deleted_unintentionally", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "FAIL", - "status_detail": "KMS CMK 7becded9-6105-409d-9ddc-1ec9ad37781a is scheduled for deletion, revert it if it was unintentionally.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "AM-07.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-16.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.9.2", - "2.10.1" - ], - "PCI-4.0": [ - "3.5.1.1.9", - "3.5.1.3.17", - "3.6.1.2.9", - "3.6.1.3.9", - "3.6.1.4.9", - "3.6.1.9", - "3.7.1.10", - "3.7.2.9", - "3.7.4.10", - "3.7.6.9", - "3.7.7.9", - "4.2.1.1.22" - ], - "CCC": [ - "CCC.KeyMgmt.CN01.AR01", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR02", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.ObjStor.CN05.AR04", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Foundational-Security-Best-Practices": [ - "KMS.3" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.9.2", - "2.10.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Ensure there is no customer keys scheduled for deletion.", - "title": "AWS KMS keys should not be deleted unintentionally", - "types": [ - "Data Deletion Protection" - ], - "uid": "prowler-aws-kms_cmk_not_deleted_unintentionally-211203495394-eu-west-1-7becded9-6105-409d-9ddc-1ec9ad37781a" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "7becded9-6105-409d-9ddc-1ec9ad37781a", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/7becded9-6105-409d-9ddc-1ec9ad37781a", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "Default", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [ - { - "TagKey": "Example", - "TagValue": "ex-rds" - }, - { - "TagKey": "GithubOrg", - "TagValue": "terraform-aws-modules" - }, - { - "TagKey": "GithubRepo", - "TagValue": "terraform-aws-rds-aurora" - } - ] - } - }, - "group": { - "name": "kms" - }, - "labels": [ - "TagKey:GithubRepo", - "TagValue:terraform-aws-rds-aurora" - ], - "name": "7becded9-6105-409d-9ddc-1ec9ad37781a", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/7becded9-6105-409d-9ddc-1ec9ad37781a" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Cancel the deletion before the end of the period unless you really want to delete that CMK, as it will no longer be usable.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html#deleting-keys-scheduling-key-deletion-console" - ] - }, - "risk_details": "KMS keys cannot be recovered once deleted, also, all the data under a KMS key is also permanently unrecoverable if the KMS key is deleted.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 84910ea5-e87b-4175-a70d-317307443c9b is scheduled for deletion, revert it if it was unintentionally.", - "metadata": { - "event_code": "kms_cmk_not_deleted_unintentionally", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "FAIL", - "status_detail": "KMS CMK 84910ea5-e87b-4175-a70d-317307443c9b is scheduled for deletion, revert it if it was unintentionally.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "AM-07.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-16.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.9.2", - "2.10.1" - ], - "PCI-4.0": [ - "3.5.1.1.9", - "3.5.1.3.17", - "3.6.1.2.9", - "3.6.1.3.9", - "3.6.1.4.9", - "3.6.1.9", - "3.7.1.10", - "3.7.2.9", - "3.7.4.10", - "3.7.6.9", - "3.7.7.9", - "4.2.1.1.22" - ], - "CCC": [ - "CCC.KeyMgmt.CN01.AR01", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR02", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.ObjStor.CN05.AR04", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Foundational-Security-Best-Practices": [ - "KMS.3" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.9.2", - "2.10.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Ensure there is no customer keys scheduled for deletion.", - "title": "AWS KMS keys should not be deleted unintentionally", - "types": [ - "Data Deletion Protection" - ], - "uid": "prowler-aws-kms_cmk_not_deleted_unintentionally-211203495394-eu-west-1-84910ea5-e87b-4175-a70d-317307443c9b" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "84910ea5-e87b-4175-a70d-317307443c9b", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/84910ea5-e87b-4175-a70d-317307443c9b", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Id": "key-default-1", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [] - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "84910ea5-e87b-4175-a70d-317307443c9b", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/84910ea5-e87b-4175-a70d-317307443c9b" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Cancel the deletion before the end of the period unless you really want to delete that CMK, as it will no longer be usable.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html#deleting-keys-scheduling-key-deletion-console" - ] - }, - "risk_details": "KMS keys cannot be recovered once deleted, also, all the data under a KMS key is also permanently unrecoverable if the KMS key is deleted.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 8775e1db-1bd3-430a-859e-3f4c2add845f is scheduled for deletion, revert it if it was unintentionally.", - "metadata": { - "event_code": "kms_cmk_not_deleted_unintentionally", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "FAIL", - "status_detail": "KMS CMK 8775e1db-1bd3-430a-859e-3f4c2add845f is scheduled for deletion, revert it if it was unintentionally.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "AM-07.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-16.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.9.2", - "2.10.1" - ], - "PCI-4.0": [ - "3.5.1.1.9", - "3.5.1.3.17", - "3.6.1.2.9", - "3.6.1.3.9", - "3.6.1.4.9", - "3.6.1.9", - "3.7.1.10", - "3.7.2.9", - "3.7.4.10", - "3.7.6.9", - "3.7.7.9", - "4.2.1.1.22" - ], - "CCC": [ - "CCC.KeyMgmt.CN01.AR01", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR02", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.ObjStor.CN05.AR04", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Foundational-Security-Best-Practices": [ - "KMS.3" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.9.2", - "2.10.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Ensure there is no customer keys scheduled for deletion.", - "title": "AWS KMS keys should not be deleted unintentionally", - "types": [ - "Data Deletion Protection" - ], - "uid": "prowler-aws-kms_cmk_not_deleted_unintentionally-211203495394-eu-west-1-8775e1db-1bd3-430a-859e-3f4c2add845f" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "8775e1db-1bd3-430a-859e-3f4c2add845f", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/8775e1db-1bd3-430a-859e-3f4c2add845f", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Id": "key-default-1", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [] - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "8775e1db-1bd3-430a-859e-3f4c2add845f", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/8775e1db-1bd3-430a-859e-3f4c2add845f" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Cancel the deletion before the end of the period unless you really want to delete that CMK, as it will no longer be usable.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html#deleting-keys-scheduling-key-deletion-console" - ] - }, - "risk_details": "KMS keys cannot be recovered once deleted, also, all the data under a KMS key is also permanently unrecoverable if the KMS key is deleted.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 99ad2e00-15a1-4135-b8fb-dd5accf3652f is scheduled for deletion, revert it if it was unintentionally.", - "metadata": { - "event_code": "kms_cmk_not_deleted_unintentionally", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "FAIL", - "status_detail": "KMS CMK 99ad2e00-15a1-4135-b8fb-dd5accf3652f is scheduled for deletion, revert it if it was unintentionally.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "AM-07.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-16.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.9.2", - "2.10.1" - ], - "PCI-4.0": [ - "3.5.1.1.9", - "3.5.1.3.17", - "3.6.1.2.9", - "3.6.1.3.9", - "3.6.1.4.9", - "3.6.1.9", - "3.7.1.10", - "3.7.2.9", - "3.7.4.10", - "3.7.6.9", - "3.7.7.9", - "4.2.1.1.22" - ], - "CCC": [ - "CCC.KeyMgmt.CN01.AR01", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR02", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.ObjStor.CN05.AR04", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Foundational-Security-Best-Practices": [ - "KMS.3" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.9.2", - "2.10.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Ensure there is no customer keys scheduled for deletion.", - "title": "AWS KMS keys should not be deleted unintentionally", - "types": [ - "Data Deletion Protection" - ], - "uid": "prowler-aws-kms_cmk_not_deleted_unintentionally-211203495394-eu-west-1-99ad2e00-15a1-4135-b8fb-dd5accf3652f" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "99ad2e00-15a1-4135-b8fb-dd5accf3652f", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/99ad2e00-15a1-4135-b8fb-dd5accf3652f", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Id": "key-default-1", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [] - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "99ad2e00-15a1-4135-b8fb-dd5accf3652f", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/99ad2e00-15a1-4135-b8fb-dd5accf3652f" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Cancel the deletion before the end of the period unless you really want to delete that CMK, as it will no longer be usable.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html#deleting-keys-scheduling-key-deletion-console" - ] - }, - "risk_details": "KMS keys cannot be recovered once deleted, also, all the data under a KMS key is also permanently unrecoverable if the KMS key is deleted.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 9df09165-d3c4-46c5-954f-a66bcb65f64f is scheduled for deletion, revert it if it was unintentionally.", - "metadata": { - "event_code": "kms_cmk_not_deleted_unintentionally", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "FAIL", - "status_detail": "KMS CMK 9df09165-d3c4-46c5-954f-a66bcb65f64f is scheduled for deletion, revert it if it was unintentionally.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "AM-07.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-16.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.9.2", - "2.10.1" - ], - "PCI-4.0": [ - "3.5.1.1.9", - "3.5.1.3.17", - "3.6.1.2.9", - "3.6.1.3.9", - "3.6.1.4.9", - "3.6.1.9", - "3.7.1.10", - "3.7.2.9", - "3.7.4.10", - "3.7.6.9", - "3.7.7.9", - "4.2.1.1.22" - ], - "CCC": [ - "CCC.KeyMgmt.CN01.AR01", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR02", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.ObjStor.CN05.AR04", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Foundational-Security-Best-Practices": [ - "KMS.3" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.9.2", - "2.10.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Ensure there is no customer keys scheduled for deletion.", - "title": "AWS KMS keys should not be deleted unintentionally", - "types": [ - "Data Deletion Protection" - ], - "uid": "prowler-aws-kms_cmk_not_deleted_unintentionally-211203495394-eu-west-1-9df09165-d3c4-46c5-954f-a66bcb65f64f" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "9df09165-d3c4-46c5-954f-a66bcb65f64f", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/9df09165-d3c4-46c5-954f-a66bcb65f64f", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Id": "key-default-1", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [] - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "9df09165-d3c4-46c5-954f-a66bcb65f64f", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/9df09165-d3c4-46c5-954f-a66bcb65f64f" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Cancel the deletion before the end of the period unless you really want to delete that CMK, as it will no longer be usable.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html#deleting-keys-scheduling-key-deletion-console" - ] - }, - "risk_details": "KMS keys cannot be recovered once deleted, also, all the data under a KMS key is also permanently unrecoverable if the KMS key is deleted.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK b6fe9898-8d78-4d6f-aeeb-2f2083ab7552 is scheduled for deletion, revert it if it was unintentionally.", - "metadata": { - "event_code": "kms_cmk_not_deleted_unintentionally", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "FAIL", - "status_detail": "KMS CMK b6fe9898-8d78-4d6f-aeeb-2f2083ab7552 is scheduled for deletion, revert it if it was unintentionally.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "AM-07.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-16.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.9.2", - "2.10.1" - ], - "PCI-4.0": [ - "3.5.1.1.9", - "3.5.1.3.17", - "3.6.1.2.9", - "3.6.1.3.9", - "3.6.1.4.9", - "3.6.1.9", - "3.7.1.10", - "3.7.2.9", - "3.7.4.10", - "3.7.6.9", - "3.7.7.9", - "4.2.1.1.22" - ], - "CCC": [ - "CCC.KeyMgmt.CN01.AR01", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR02", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.ObjStor.CN05.AR04", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Foundational-Security-Best-Practices": [ - "KMS.3" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.9.2", - "2.10.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Ensure there is no customer keys scheduled for deletion.", - "title": "AWS KMS keys should not be deleted unintentionally", - "types": [ - "Data Deletion Protection" - ], - "uid": "prowler-aws-kms_cmk_not_deleted_unintentionally-211203495394-eu-west-1-b6fe9898-8d78-4d6f-aeeb-2f2083ab7552" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "b6fe9898-8d78-4d6f-aeeb-2f2083ab7552", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/b6fe9898-8d78-4d6f-aeeb-2f2083ab7552", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Id": "key-default-1", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [] - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "b6fe9898-8d78-4d6f-aeeb-2f2083ab7552", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/b6fe9898-8d78-4d6f-aeeb-2f2083ab7552" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Cancel the deletion before the end of the period unless you really want to delete that CMK, as it will no longer be usable.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html#deleting-keys-scheduling-key-deletion-console" - ] - }, - "risk_details": "KMS keys cannot be recovered once deleted, also, all the data under a KMS key is also permanently unrecoverable if the KMS key is deleted.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK c28e1f44-d1bb-40d8-beef-21efdcb66bb7 is scheduled for deletion, revert it if it was unintentionally.", - "metadata": { - "event_code": "kms_cmk_not_deleted_unintentionally", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "FAIL", - "status_detail": "KMS CMK c28e1f44-d1bb-40d8-beef-21efdcb66bb7 is scheduled for deletion, revert it if it was unintentionally.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "AM-07.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-16.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.9.2", - "2.10.1" - ], - "PCI-4.0": [ - "3.5.1.1.9", - "3.5.1.3.17", - "3.6.1.2.9", - "3.6.1.3.9", - "3.6.1.4.9", - "3.6.1.9", - "3.7.1.10", - "3.7.2.9", - "3.7.4.10", - "3.7.6.9", - "3.7.7.9", - "4.2.1.1.22" - ], - "CCC": [ - "CCC.KeyMgmt.CN01.AR01", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR02", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.ObjStor.CN05.AR04", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Foundational-Security-Best-Practices": [ - "KMS.3" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.9.2", - "2.10.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Ensure there is no customer keys scheduled for deletion.", - "title": "AWS KMS keys should not be deleted unintentionally", - "types": [ - "Data Deletion Protection" - ], - "uid": "prowler-aws-kms_cmk_not_deleted_unintentionally-211203495394-eu-west-1-c28e1f44-d1bb-40d8-beef-21efdcb66bb7" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "c28e1f44-d1bb-40d8-beef-21efdcb66bb7", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/c28e1f44-d1bb-40d8-beef-21efdcb66bb7", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "Default", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [ - { - "TagKey": "Example", - "TagValue": "ex-rds" - }, - { - "TagKey": "GithubOrg", - "TagValue": "terraform-aws-modules" - }, - { - "TagKey": "GithubRepo", - "TagValue": "terraform-aws-rds-aurora" - } - ] - } - }, - "group": { - "name": "kms" - }, - "labels": [ - "TagKey:GithubRepo", - "TagValue:terraform-aws-rds-aurora" - ], - "name": "c28e1f44-d1bb-40d8-beef-21efdcb66bb7", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/c28e1f44-d1bb-40d8-beef-21efdcb66bb7" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Cancel the deletion before the end of the period unless you really want to delete that CMK, as it will no longer be usable.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html#deleting-keys-scheduling-key-deletion-console" - ] - }, - "risk_details": "KMS keys cannot be recovered once deleted, also, all the data under a KMS key is also permanently unrecoverable if the KMS key is deleted.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK c45a036b-843a-48be-9621-57e49da9e4f6 is scheduled for deletion, revert it if it was unintentionally.", - "metadata": { - "event_code": "kms_cmk_not_deleted_unintentionally", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "FAIL", - "status_detail": "KMS CMK c45a036b-843a-48be-9621-57e49da9e4f6 is scheduled for deletion, revert it if it was unintentionally.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "AM-07.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-16.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.9.2", - "2.10.1" - ], - "PCI-4.0": [ - "3.5.1.1.9", - "3.5.1.3.17", - "3.6.1.2.9", - "3.6.1.3.9", - "3.6.1.4.9", - "3.6.1.9", - "3.7.1.10", - "3.7.2.9", - "3.7.4.10", - "3.7.6.9", - "3.7.7.9", - "4.2.1.1.22" - ], - "CCC": [ - "CCC.KeyMgmt.CN01.AR01", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR02", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.ObjStor.CN05.AR04", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Foundational-Security-Best-Practices": [ - "KMS.3" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.9.2", - "2.10.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Ensure there is no customer keys scheduled for deletion.", - "title": "AWS KMS keys should not be deleted unintentionally", - "types": [ - "Data Deletion Protection" - ], - "uid": "prowler-aws-kms_cmk_not_deleted_unintentionally-211203495394-eu-west-1-c45a036b-843a-48be-9621-57e49da9e4f6" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "c45a036b-843a-48be-9621-57e49da9e4f6", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/c45a036b-843a-48be-9621-57e49da9e4f6", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "Default", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [ - { - "TagKey": "Example", - "TagValue": "ex-rds" - }, - { - "TagKey": "GithubOrg", - "TagValue": "terraform-aws-modules" - }, - { - "TagKey": "GithubRepo", - "TagValue": "terraform-aws-rds-aurora" - } - ] - } - }, - "group": { - "name": "kms" - }, - "labels": [ - "TagKey:GithubRepo", - "TagValue:terraform-aws-rds-aurora" - ], - "name": "c45a036b-843a-48be-9621-57e49da9e4f6", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/c45a036b-843a-48be-9621-57e49da9e4f6" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Cancel the deletion before the end of the period unless you really want to delete that CMK, as it will no longer be usable.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html#deleting-keys-scheduling-key-deletion-console" - ] - }, - "risk_details": "KMS keys cannot be recovered once deleted, also, all the data under a KMS key is also permanently unrecoverable if the KMS key is deleted.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK cdbd7090-6c87-4e56-b755-fddf82d253ef is scheduled for deletion, revert it if it was unintentionally.", - "metadata": { - "event_code": "kms_cmk_not_deleted_unintentionally", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "FAIL", - "status_detail": "KMS CMK cdbd7090-6c87-4e56-b755-fddf82d253ef is scheduled for deletion, revert it if it was unintentionally.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "AM-07.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-16.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.9.2", - "2.10.1" - ], - "PCI-4.0": [ - "3.5.1.1.9", - "3.5.1.3.17", - "3.6.1.2.9", - "3.6.1.3.9", - "3.6.1.4.9", - "3.6.1.9", - "3.7.1.10", - "3.7.2.9", - "3.7.4.10", - "3.7.6.9", - "3.7.7.9", - "4.2.1.1.22" - ], - "CCC": [ - "CCC.KeyMgmt.CN01.AR01", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR02", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.ObjStor.CN05.AR04", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Foundational-Security-Best-Practices": [ - "KMS.3" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.9.2", - "2.10.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Ensure there is no customer keys scheduled for deletion.", - "title": "AWS KMS keys should not be deleted unintentionally", - "types": [ - "Data Deletion Protection" - ], - "uid": "prowler-aws-kms_cmk_not_deleted_unintentionally-211203495394-eu-west-1-cdbd7090-6c87-4e56-b755-fddf82d253ef" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "cdbd7090-6c87-4e56-b755-fddf82d253ef", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/cdbd7090-6c87-4e56-b755-fddf82d253ef", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Id": "key-default-1", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [] - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "cdbd7090-6c87-4e56-b755-fddf82d253ef", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/cdbd7090-6c87-4e56-b755-fddf82d253ef" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Cancel the deletion before the end of the period unless you really want to delete that CMK, as it will no longer be usable.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html#deleting-keys-scheduling-key-deletion-console" - ] - }, - "risk_details": "KMS keys cannot be recovered once deleted, also, all the data under a KMS key is also permanently unrecoverable if the KMS key is deleted.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK cf944303-41d3-401c-b296-00cbbb3d5ca4 is scheduled for deletion, revert it if it was unintentionally.", - "metadata": { - "event_code": "kms_cmk_not_deleted_unintentionally", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "FAIL", - "status_detail": "KMS CMK cf944303-41d3-401c-b296-00cbbb3d5ca4 is scheduled for deletion, revert it if it was unintentionally.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "AM-07.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-16.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.9.2", - "2.10.1" - ], - "PCI-4.0": [ - "3.5.1.1.9", - "3.5.1.3.17", - "3.6.1.2.9", - "3.6.1.3.9", - "3.6.1.4.9", - "3.6.1.9", - "3.7.1.10", - "3.7.2.9", - "3.7.4.10", - "3.7.6.9", - "3.7.7.9", - "4.2.1.1.22" - ], - "CCC": [ - "CCC.KeyMgmt.CN01.AR01", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR02", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.ObjStor.CN05.AR04", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Foundational-Security-Best-Practices": [ - "KMS.3" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.9.2", - "2.10.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Ensure there is no customer keys scheduled for deletion.", - "title": "AWS KMS keys should not be deleted unintentionally", - "types": [ - "Data Deletion Protection" - ], - "uid": "prowler-aws-kms_cmk_not_deleted_unintentionally-211203495394-eu-west-1-cf944303-41d3-401c-b296-00cbbb3d5ca4" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "cf944303-41d3-401c-b296-00cbbb3d5ca4", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/cf944303-41d3-401c-b296-00cbbb3d5ca4", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Id": "key-default-1", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [] - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "cf944303-41d3-401c-b296-00cbbb3d5ca4", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/cf944303-41d3-401c-b296-00cbbb3d5ca4" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Cancel the deletion before the end of the period unless you really want to delete that CMK, as it will no longer be usable.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html#deleting-keys-scheduling-key-deletion-console" - ] - }, - "risk_details": "KMS keys cannot be recovered once deleted, also, all the data under a KMS key is also permanently unrecoverable if the KMS key is deleted.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 939cf539-5ce7-4c5f-a055-b2eb4fe5d9be is scheduled for deletion, revert it if it was unintentionally.", - "metadata": { - "event_code": "kms_cmk_not_deleted_unintentionally", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "FAIL", - "status_detail": "KMS CMK 939cf539-5ce7-4c5f-a055-b2eb4fe5d9be is scheduled for deletion, revert it if it was unintentionally.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "AM-07.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-16.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.9.2", - "2.10.1" - ], - "PCI-4.0": [ - "3.5.1.1.9", - "3.5.1.3.17", - "3.6.1.2.9", - "3.6.1.3.9", - "3.6.1.4.9", - "3.6.1.9", - "3.7.1.10", - "3.7.2.9", - "3.7.4.10", - "3.7.6.9", - "3.7.7.9", - "4.2.1.1.22" - ], - "CCC": [ - "CCC.KeyMgmt.CN01.AR01", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR02", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.ObjStor.CN05.AR04", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Foundational-Security-Best-Practices": [ - "KMS.3" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.9.2", - "2.10.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Ensure there is no customer keys scheduled for deletion.", - "title": "AWS KMS keys should not be deleted unintentionally", - "types": [ - "Data Deletion Protection" - ], - "uid": "prowler-aws-kms_cmk_not_deleted_unintentionally-211203495394-us-east-1-939cf539-5ce7-4c5f-a055-b2eb4fe5d9be" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "id": "939cf539-5ce7-4c5f-a055-b2eb4fe5d9be", - "arn": "arn:aws:kms:us-east-1:211203495394:key/939cf539-5ce7-4c5f-a055-b2eb4fe5d9be", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - }, - { - "Sid": "Allow CloudWatch Logs", - "Effect": "Allow", - "Principal": { - "Service": "logs.us-east-1.amazonaws.com" - }, - "Action": [ - "kms:Encrypt*", - "kms:Decrypt*", - "kms:ReEncrypt*", - "kms:GenerateDataKey*", - "kms:Describe*" - ], - "Resource": "*", - "Condition": { - "ArnLike": { - "kms:EncryptionContext:aws:logs:arn": "arn:aws:logs:us-east-1:211203495394:log-group:/aws/s3/*" - } - } - }, - { - "Sid": "Allow Key Users", - "Effect": "Allow", - "Principal": { - "AWS": [ - "arn:aws:iam::211203495394:root", - "arn:aws:iam::211203495394:user/terraform-user" - ] - }, - "Action": [ - "kms:Encrypt", - "kms:Decrypt", - "kms:ReEncrypt*", - "kms:GenerateDataKey*", - "kms:DescribeKey" - ], - "Resource": "*", - "Condition": { - "ArnLike": { - "kms:EncryptionContext:aws:logs:arn": "arn:aws:logs:us-east-1:211203495394:log-group:/aws/s3/*" - } - } - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "us-east-1", - "multi_region": false, - "tags": [ - { - "TagKey": "Environment", - "TagValue": "Production" - }, - { - "TagKey": "Owner", - "TagValue": "CFI" - }, - { - "TagKey": "managed-by", - "TagValue": "terraform" - }, - { - "TagKey": "module", - "TagValue": "secure-s3" - } - ] - } - }, - "group": { - "name": "kms" - }, - "labels": [ - "TagKey:module", - "TagValue:secure-s3" - ], - "name": "939cf539-5ce7-4c5f-a055-b2eb4fe5d9be", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:us-east-1:211203495394:key/939cf539-5ce7-4c5f-a055-b2eb4fe5d9be" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Cancel the deletion before the end of the period unless you really want to delete that CMK, as it will no longer be usable.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html#deleting-keys-scheduling-key-deletion-console" - ] - }, - "risk_details": "KMS keys cannot be recovered once deleted, also, all the data under a KMS key is also permanently unrecoverable if the KMS key is deleted.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK a80c0553-bf44-472b-a141-674b2d47209b is scheduled for deletion, revert it if it was unintentionally.", - "metadata": { - "event_code": "kms_cmk_not_deleted_unintentionally", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "FAIL", - "status_detail": "KMS CMK a80c0553-bf44-472b-a141-674b2d47209b is scheduled for deletion, revert it if it was unintentionally.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "AM-07.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-16.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.9.2", - "2.10.1" - ], - "PCI-4.0": [ - "3.5.1.1.9", - "3.5.1.3.17", - "3.6.1.2.9", - "3.6.1.3.9", - "3.6.1.4.9", - "3.6.1.9", - "3.7.1.10", - "3.7.2.9", - "3.7.4.10", - "3.7.6.9", - "3.7.7.9", - "4.2.1.1.22" - ], - "CCC": [ - "CCC.KeyMgmt.CN01.AR01", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR02", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.ObjStor.CN05.AR04", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Foundational-Security-Best-Practices": [ - "KMS.3" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.9.2", - "2.10.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Ensure there is no customer keys scheduled for deletion.", - "title": "AWS KMS keys should not be deleted unintentionally", - "types": [ - "Data Deletion Protection" - ], - "uid": "prowler-aws-kms_cmk_not_deleted_unintentionally-211203495394-us-east-1-a80c0553-bf44-472b-a141-674b2d47209b" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "id": "a80c0553-bf44-472b-a141-674b2d47209b", - "arn": "arn:aws:kms:us-east-1:211203495394:key/a80c0553-bf44-472b-a141-674b2d47209b", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - }, - { - "Sid": "Allow CloudWatch Logs", - "Effect": "Allow", - "Principal": { - "Service": "logs.us-east-1.amazonaws.com" - }, - "Action": [ - "kms:Encrypt*", - "kms:Decrypt*", - "kms:ReEncrypt*", - "kms:GenerateDataKey*", - "kms:Describe*" - ], - "Resource": "*", - "Condition": { - "ArnLike": { - "kms:EncryptionContext:aws:logs:arn": "arn:aws:logs:us-east-1:211203495394:log-group:/aws/s3/*" - } - } - }, - { - "Sid": "Allow Key Users", - "Effect": "Allow", - "Principal": { - "AWS": [ - "arn:aws:iam::211203495394:root", - "arn:aws:iam::211203495394:user/terraform-user" - ] - }, - "Action": [ - "kms:Encrypt", - "kms:Decrypt", - "kms:ReEncrypt*", - "kms:GenerateDataKey*", - "kms:DescribeKey" - ], - "Resource": "*", - "Condition": { - "ArnLike": { - "kms:EncryptionContext:aws:logs:arn": "arn:aws:logs:us-east-1:211203495394:log-group:/aws/s3/*" - } - } - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "us-east-1", - "multi_region": false, - "tags": [ - { - "TagKey": "Environment", - "TagValue": "Production" - }, - { - "TagKey": "Owner", - "TagValue": "CFI" - }, - { - "TagKey": "managed-by", - "TagValue": "terraform" - }, - { - "TagKey": "module", - "TagValue": "secure-s3" - } - ] - } - }, - "group": { - "name": "kms" - }, - "labels": [ - "TagKey:module", - "TagValue:secure-s3" - ], - "name": "a80c0553-bf44-472b-a141-674b2d47209b", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:us-east-1:211203495394:key/a80c0553-bf44-472b-a141-674b2d47209b" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Cancel the deletion before the end of the period unless you really want to delete that CMK, as it will no longer be usable.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html#deleting-keys-scheduling-key-deletion-console" - ] - }, - "risk_details": "KMS keys cannot be recovered once deleted, also, all the data under a KMS key is also permanently unrecoverable if the KMS key is deleted.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK bcf39cd2-6148-425c-8c08-c140ee2c5a9f is scheduled for deletion, revert it if it was unintentionally.", - "metadata": { - "event_code": "kms_cmk_not_deleted_unintentionally", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "FAIL", - "status_detail": "KMS CMK bcf39cd2-6148-425c-8c08-c140ee2c5a9f is scheduled for deletion, revert it if it was unintentionally.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "AM-07.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-16.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.9.2", - "2.10.1" - ], - "PCI-4.0": [ - "3.5.1.1.9", - "3.5.1.3.17", - "3.6.1.2.9", - "3.6.1.3.9", - "3.6.1.4.9", - "3.6.1.9", - "3.7.1.10", - "3.7.2.9", - "3.7.4.10", - "3.7.6.9", - "3.7.7.9", - "4.2.1.1.22" - ], - "CCC": [ - "CCC.KeyMgmt.CN01.AR01", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR02", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.ObjStor.CN05.AR04", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Foundational-Security-Best-Practices": [ - "KMS.3" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.9.2", - "2.10.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Ensure there is no customer keys scheduled for deletion.", - "title": "AWS KMS keys should not be deleted unintentionally", - "types": [ - "Data Deletion Protection" - ], - "uid": "prowler-aws-kms_cmk_not_deleted_unintentionally-211203495394-us-east-1-bcf39cd2-6148-425c-8c08-c140ee2c5a9f" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "id": "bcf39cd2-6148-425c-8c08-c140ee2c5a9f", - "arn": "arn:aws:kms:us-east-1:211203495394:key/bcf39cd2-6148-425c-8c08-c140ee2c5a9f", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - }, - { - "Sid": "Allow CloudWatch Logs", - "Effect": "Allow", - "Principal": { - "Service": "logs.us-east-1.amazonaws.com" - }, - "Action": [ - "kms:Encrypt*", - "kms:Decrypt*", - "kms:ReEncrypt*", - "kms:GenerateDataKey*", - "kms:Describe*" - ], - "Resource": "*", - "Condition": { - "ArnLike": { - "kms:EncryptionContext:aws:logs:arn": "arn:aws:logs:us-east-1:211203495394:log-group:/aws/s3/*" - } - } - }, - { - "Sid": "Allow Key Users", - "Effect": "Allow", - "Principal": { - "AWS": [ - "arn:aws:iam::211203495394:root", - "arn:aws:iam::211203495394:user/terraform-user" - ] - }, - "Action": [ - "kms:Encrypt", - "kms:Decrypt", - "kms:ReEncrypt*", - "kms:GenerateDataKey*", - "kms:DescribeKey" - ], - "Resource": "*", - "Condition": { - "ArnLike": { - "kms:EncryptionContext:aws:logs:arn": "arn:aws:logs:us-east-1:211203495394:log-group:/aws/s3/*" - } - } - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "us-east-1", - "multi_region": false, - "tags": [ - { - "TagKey": "Environment", - "TagValue": "Production" - }, - { - "TagKey": "Owner", - "TagValue": "CFI" - }, - { - "TagKey": "managed-by", - "TagValue": "terraform" - }, - { - "TagKey": "module", - "TagValue": "secure-s3" - } - ] - } - }, - "group": { - "name": "kms" - }, - "labels": [ - "TagKey:module", - "TagValue:secure-s3" - ], - "name": "bcf39cd2-6148-425c-8c08-c140ee2c5a9f", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:us-east-1:211203495394:key/bcf39cd2-6148-425c-8c08-c140ee2c5a9f" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Cancel the deletion before the end of the period unless you really want to delete that CMK, as it will no longer be usable.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html#deleting-keys-scheduling-key-deletion-console" - ] - }, - "risk_details": "KMS keys cannot be recovered once deleted, also, all the data under a KMS key is also permanently unrecoverable if the KMS key is deleted.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "AWS Organizations is not in-use for this AWS Account.", - "metadata": { - "event_code": "organizations_account_part_of_organizations", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "AWS Organizations is not in-use for this AWS Account.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "RBI-Cyber-Security-Framework": [ - "annex_i_1_1" - ], - "ENS-RD2022": [ - "op.acc.4.aws.iam.1", - "op.acc.4.aws.iam.8" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2" - ], - "PCI-4.0": [ - "7.2.1.1", - "7.2.2.1", - "7.2.5.1", - "7.3.1.1", - "7.3.2.1", - "7.3.3.1", - "8.2.7.1", - "8.2.8.1", - "8.3.4.1" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC01-BP01", - "SEC03-BP05", - "SEC08-BP04" - ], - "ISO27001-2022": [ - "A.8.3" - ], - "KISA-ISMS-P-2023": [ - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1078", - "T1087", - "T1580", - "T1538" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Ensure that AWS Organizations service is currently in use.", - "title": "Check if account is part of an AWS Organizations", - "types": [ - "Logging and Monitoring" - ], - "uid": "prowler-aws-organizations_account_part_of_organizations-211203495394-us-east-1-unknown" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:organizations::211203495394:unknown", - "id": "unknown", - "status": "NOT_AVAILABLE", - "master_id": "", - "policies": {}, - "delegated_administrators": null - } - }, - "group": { - "name": "organizations" - }, - "labels": [], - "name": "unknown", - "type": "Other", - "uid": "arn:aws:organizations::211203495394:unknown" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Create or Join an AWS Organization", - "references": [ - "https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_org_create.html" - ] - }, - "risk_details": "The risk associated with not being part of an AWS Organizations is that it can lead to a lack of centralized management and control over the AWS accounts in an organization. This can make it difficult to enforce security policies consistently across all accounts, and can also result in increased costs due to inefficiencies in resource usage. Additionally, not being part of an AWS Organizations can make it harder to track and manage account usage and access.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "AWS Organizations is not in-use for this AWS Account.", - "metadata": { - "event_code": "organizations_opt_out_ai_services_policy", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "AWS Organizations is not in-use for this AWS Account.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_ai-opt-out_all.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "KISA-ISMS-P-2023-korean": [ - "2.10.2" - ], - "KISA-ISMS-P-2023": [ - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "This control checks whether the AWS Organizations opt-out of AI services policy is enabled and whether child-accounts are disallowed to overwrite this policy. The control fails if the policy is not enabled or if child-accounts are not disallowed to overwrite this policy.", - "title": "Ensure that AWS Organizations opt-out of AI services policy is enabled and disallow child-accounts to overwrite this policy.", - "types": [], - "uid": "prowler-aws-organizations_opt_out_ai_services_policy-211203495394-us-east-1-unknown" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:organizations::211203495394:unknown", - "id": "unknown", - "status": "NOT_AVAILABLE", - "master_id": "", - "policies": {}, - "delegated_administrators": null - } - }, - "group": { - "name": "organizations" - }, - "labels": [], - "name": "unknown", - "type": "Other", - "uid": "arn:aws:organizations::211203495394:unknown" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Artificial Intelligence (AI) services opt-out policies enable you to control whether AWS AI services can store and use your content. Enable the AWS Organizations opt-out of AI services policy and disallow child-accounts to overwrite this policy.", - "references": [ - "https://docs.aws.amazon.com/organizations/latest/userguide/disable-policy-type.html" - ] - }, - "risk_details": "By default, AWS may be using your data to train its AI models. This may include data from your AWS CloudTrail logs, AWS Config rules, and AWS GuardDuty findings. If you opt out of AI services, AWS will not use your data to train its AI models.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "AWS Organizations is not in-use for this AWS Account.", - "metadata": { - "event_code": "organizations_scp_check_deny_regions", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "AWS Organizations is not in-use for this AWS Account.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "PSS-12.02AC" - ], - "ENS-RD2022": [ - "op.acc.4.aws.iam.1", - "op.acc.4.aws.iam.8" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2" - ], - "CCC": [ - "CCC.Core.CN06.AR01", - "CCC.Core.CN06.AR02" - ], - "AWS-Account-Security-Onboarding": [ - "Block unused regions" - ], - "KISA-ISMS-P-2023": [ - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1078", - "T1535" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "As best practice, AWS Regions should be restricted and only allow the ones that are needed.", - "title": "Check if AWS Regions are restricted with SCP policies", - "types": [ - "Logging and Monitoring" - ], - "uid": "prowler-aws-organizations_scp_check_deny_regions-211203495394-us-east-1-unknown" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:organizations::211203495394:unknown", - "id": "unknown", - "status": "NOT_AVAILABLE", - "master_id": "", - "policies": {}, - "delegated_administrators": null - } - }, - "group": { - "name": "organizations" - }, - "labels": [], - "name": "unknown", - "type": "Other", - "uid": "arn:aws:organizations::211203495394:unknown" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Restrict AWS Regions using SCP policies.", - "references": [ - "https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scps_examples_general.html#example-scp-deny-region" - ] - }, - "risk_details": "The risk associated with not restricting AWS Regions with Service Control Policies (SCPs) is that it can lead to unauthorized access or use of resources in regions that are not intended for use. This can result in increased costs due to inefficiencies in resource usage and can also expose sensitive data to unauthorized access or breaches. By restricting access to AWS Regions with SCP policies, organizations can help ensure that only authorized personnel have access to the resources they need, while minimizing the risk of security breaches and compliance violations.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "AWS Organizations is not in-use for this AWS Account.", - "metadata": { - "event_code": "organizations_tags_policies_enabled_and_attached", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "AWS Organizations is not in-use for this AWS Account.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "AM-09.01B" - ], - "ENS-RD2022": [ - "op.exp.1.aws.sys.2", - "op.exp.1.aws.tag.1", - "op.exp.10.aws.tag.1", - "mp.info.6.aws.tag.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.1.3" - ], - "ISO27001-2022": [ - "A.5.13" - ], - "KISA-ISMS-P-2023": [ - "2.1.3" - ], - "NIS2": [ - "11.5.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Check if an AWS Organization has tags policies enabled and attached.", - "title": "Check if an AWS Organization has tags policies enabled and attached.", - "types": [], - "uid": "prowler-aws-organizations_tags_policies_enabled_and_attached-211203495394-us-east-1-unknown" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:organizations::211203495394:unknown", - "id": "unknown", - "status": "NOT_AVAILABLE", - "master_id": "", - "policies": {}, - "delegated_administrators": null - } - }, - "group": { - "name": "organizations" - }, - "labels": [], - "name": "unknown", - "type": "Other", - "uid": "arn:aws:organizations::211203495394:unknown" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Enable and attach AWS Organizations tags policies.", - "references": [ - "https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies.html" - ] - }, - "risk_details": "If an AWS Organization tags policies are not enabled and attached, it is not possible to enforce tags on AWS resources.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No Resource Explorer Indexes found.", - "metadata": { - "event_code": "resourceexplorer2_indexes_found", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "No Resource Explorer Indexes found.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.exp.1.aws.re.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.2" - ], - "KISA-ISMS-P-2023": [ - "2.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Resource Explorer Indexes Found", - "title": "Resource Explorer Indexes Found", - "types": [], - "uid": "prowler-aws-resourceexplorer2_indexes_found-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "resourceexplorer2" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:resource-explorer:us-east-1:211203495394:index" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Create indexes", - "references": [ - "https://docs.aws.amazon.com/resource-explorer/latest/userguide/manage-service-turn-on-region.html" - ] - }, - "risk_details": "Not having Resource Explorer indexes can result in increased complexity and overhead in managing your resources, as well as increased risk of security and compliance issues.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No SSM Incidents replication set exists.", - "metadata": { - "event_code": "ssmincidents_enabled_with_plans", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "No SSM Incidents replication set exists.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/incident-manager/latest/userguide/response-plans.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-03.02B", - "OIS-03.05B", - "OIS-03.06B", - "OIS-05.03B", - "OIS-08.01B", - "OIS-08.09B", - "OPS-13.02B", - "OPS-13.03AC", - "OPS-22.08B", - "DEV-15.01B", - "SIM-01.02AC", - "SIM-02.01B", - "SIM-03.01B", - "SIM-03.04B", - "SIM-04.01B", - "SIM-06.01B", - "BCM-01.05B" - ], - "ENS-RD2022": [ - "op.exp.9.aws.img.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2", - "2.11.1" - ], - "KISA-ISMS-P-2023": [ - "2.10.2", - "2.11.1" - ], - "NIS2": [ - "2.1.1", - "2.1.2.a", - "2.1.2.i", - "3.1.1", - "3.1.2.a", - "3.1.2.c", - "3.1.2.d", - "3.5.1", - "3.6.1", - "3.6.2", - "3.6.3", - "4.3.1", - "5.1.7.b", - "12.1.2.c", - "12.2.2.b" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Ensure SSM Incidents is enabled with response plans.", - "title": "Ensure SSM Incidents is enabled with response plans.", - "types": [], - "uid": "prowler-aws-ssmincidents_enabled_with_plans-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "ssmincidents" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:ssm-incidents:us-east-1:211203495394:replication-set" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Enable SSM Incidents and create response plans", - "references": [ - "https://docs.aws.amazon.com/incident-manager/latest/userguide/response-plans.html" - ] - }, - "risk_details": "Not having SSM Incidents enabled can increase the risk of delayed detection and response to security incidents, unauthorized access, limited visibility into incidents and vulnerabilities", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Amazon Web Services Premium Support Subscription is required to use this service.", - "metadata": { - "event_code": "trustedadvisor_errors_and_warnings", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "MANUAL", - "status_detail": "Amazon Web Services Premium Support Subscription is required to use this service.", - "status_id": 1, - "unmapped": { - "related_url": "https://aws.amazon.com/premiumsupport/technology/trusted-advisor/best-practice-checklist/", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "KISA-ISMS-P-2023-korean": [ - "2.10.1", - "2.10.2", - "2.11.3" - ], - "KISA-ISMS-P-2023": [ - "2.10.1", - "2.10.2", - "2.11.3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Check Trusted Advisor for errors and warnings.", - "title": "Check Trusted Advisor for errors and warnings.", - "types": [], - "uid": "prowler-aws-trustedadvisor_errors_and_warnings-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "trustedadvisor" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:trusted-advisor:us-east-1:211203495394:account" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Review and act upon its recommendations.", - "references": [ - "https://aws.amazon.com/premiumsupport/technology/trusted-advisor/best-practice-checklist/" - ] - }, - "risk_details": "Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Amazon Web Services Premium Support Plan isn't subscribed.", - "metadata": { - "event_code": "trustedadvisor_premium_support_plan_subscribed", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "Amazon Web Services Premium Support Plan isn't subscribed.", - "status_id": 1, - "unmapped": { - "related_url": "https://aws.amazon.com/premiumsupport/plans/", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "SSO-05.06B" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Check if a Premium support plan is subscribed.", - "title": "Check if a Premium support plan is subscribed", - "types": [], - "uid": "prowler-aws-trustedadvisor_premium_support_plan_subscribed-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "enabled": false - } - }, - "group": { - "name": "trustedadvisor" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:trusted-advisor:us-east-1:211203495394:account" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "It is recommended that you subscribe to the AWS Business Support tier or higher for all of your AWS production accounts. If you don't have premium support, you must have an action plan to handle issues which require help from AWS Support. AWS Support provides a mix of tools and technology, people, and programs designed to proactively help you optimize performance, lower costs, and innovate faster.", - "references": [ - "https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/Support/support-plan.html" - ] - }, - "risk_details": "Ensure that the appropriate support level is enabled for the necessary AWS accounts. For example, if an AWS account is being used to host production systems and environments, it is highly recommended that the minimum AWS Support Plan should be Business.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "VPC Endpoint Service vpce-svc-02e288a4c6043110f has no allowed principals.", - "metadata": { - "event_code": "vpc_endpoint_services_allowed_principals_trust_boundaries", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "VPC Endpoint Service vpce-svc-02e288a4c6043110f has no allowed principals.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "trustboundaries" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "AWS-Foundational-Technical-Review": [ - "NETSEC-002" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.10.2" - ], - "CCC": [ - "CCC.LB.CN09.AR01", - "CCC.Core.CN06.AR01", - "CCC.Core.CN06.AR02", - "CCC.Core.CN10.AR01", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP01" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.10.2" - ], - "NIS2": [ - "6.8.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Find trust boundaries in VPC endpoint services allowlisted principles.", - "title": "Find trust boundaries in VPC endpoint services allowlisted principles.", - "types": [ - "Infrastructure Security" - ], - "uid": "prowler-aws-vpc_endpoint_services_allowed_principals_trust_boundaries-211203495394-us-east-1-vpce-svc-02e288a4c6043110f" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:ec2:us-east-1:211203495394:vpc-endpoint-service/vpce-svc-02e288a4c6043110f", - "id": "vpce-svc-02e288a4c6043110f", - "service": "io.spotinst.vpce.us-east-1.privatelink-api", - "owner_id": "aws-marketplace", - "allowed_principals": [], - "region": "us-east-1", - "tags": [] - } - }, - "group": { - "name": "vpc" - }, - "labels": [], - "name": "vpce-svc-02e288a4c6043110f", - "type": "AwsEc2VpcEndpointService", - "uid": "arn:aws:ec2:us-east-1:211203495394:vpc-endpoint-service/vpce-svc-02e288a4c6043110f" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "In multi Account environments identify untrusted links. Check trust chaining and dependencies between accounts.", - "references": [ - "https://docs.aws.amazon.com/vpc/latest/privatelink/vpc-endpoints-access.html" - ] - }, - "risk_details": "Account VPC could be linked to other accounts.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "VPC Endpoint Service vpce-svc-028691921eaeee579 has no allowed principals.", - "metadata": { - "event_code": "vpc_endpoint_services_allowed_principals_trust_boundaries", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "VPC Endpoint Service vpce-svc-028691921eaeee579 has no allowed principals.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "trustboundaries" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "AWS-Foundational-Technical-Review": [ - "NETSEC-002" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.10.2" - ], - "CCC": [ - "CCC.LB.CN09.AR01", - "CCC.Core.CN06.AR01", - "CCC.Core.CN06.AR02", - "CCC.Core.CN10.AR01", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP01" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.10.2" - ], - "NIS2": [ - "6.8.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Find trust boundaries in VPC endpoint services allowlisted principles.", - "title": "Find trust boundaries in VPC endpoint services allowlisted principles.", - "types": [ - "Infrastructure Security" - ], - "uid": "prowler-aws-vpc_endpoint_services_allowed_principals_trust_boundaries-211203495394-us-west-2-vpce-svc-028691921eaeee579" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-west-2", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:ec2:us-west-2:211203495394:vpc-endpoint-service/vpce-svc-028691921eaeee579", - "id": "vpce-svc-028691921eaeee579", - "service": "io.spotinst.vpce.us-west-2.privatelink-api", - "owner_id": "aws-marketplace", - "allowed_principals": [], - "region": "us-west-2", - "tags": [] - } - }, - "group": { - "name": "vpc" - }, - "labels": [], - "name": "vpce-svc-028691921eaeee579", - "type": "AwsEc2VpcEndpointService", - "uid": "arn:aws:ec2:us-west-2:211203495394:vpc-endpoint-service/vpce-svc-028691921eaeee579" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-west-2" - }, - "remediation": { - "desc": "In multi Account environments identify untrusted links. Check trust chaining and dependencies between accounts.", - "references": [ - "https://docs.aws.amazon.com/vpc/latest/privatelink/vpc-endpoints-access.html" - ] - }, - "risk_details": "Account VPC could be linked to other accounts.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - } -] diff --git a/website/src/data/test-results/finos-labs-ccc-cfi-compliance/aws-bedrock/results/aws-bedrock-delta.ocsf.json b/website/src/data/test-results/finos-labs-ccc-cfi-compliance/aws-bedrock/results/aws-bedrock-delta.ocsf.json deleted file mode 100644 index 3614a5ef..00000000 --- a/website/src/data/test-results/finos-labs-ccc-cfi-compliance/aws-bedrock/results/aws-bedrock-delta.ocsf.json +++ /dev/null @@ -1,2000 +0,0 @@ -[ - { - "message": "Bedrock Agent 4g5e-TerraformBedrockAgents is using guardrail arn:aws:bedrock:us-east-1:211203495394:guardrail/yk2rgwn4nj1z to protect agent sessions.", - "metadata": { - "event_code": "bedrock_agent_guardrail_enabled", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Bedrock Agent 4g5e-TerraformBedrockAgents is using guardrail arn:aws:bedrock:us-east-1:211203495394:guardrail/yk2rgwn4nj1z to protect agent sessions.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/bedrock/latest/userguide/guardrails.html", - "categories": [ - "gen-ai" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "KISA-ISMS-P-2023-korean": [ - "2.10.2" - ], - "CCC": [ - "CCC.GenAI.CN01.AR01", - "CCC.GenAI.CN02.AR02", - "CCC.GenAI.CN04.AR02", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.MLDE.CN05.AR01" - ], - "KISA-ISMS-P-2023": [ - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "This check ensures that Guardrails are enabled to protect Amazon Bedrock agent sessions. Guardrails help mitigate security risks by filtering and blocking harmful or sensitive content during interactions with AI models.", - "title": "Ensure that Guardrails are enabled for Amazon Bedrock agent sessions.", - "types": [], - "uid": "prowler-aws-bedrock_agent_guardrail_enabled-211203495394-us-east-1-LRY8BRVRA6" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "id": "LRY8BRVRA6", - "name": "4g5e-TerraformBedrockAgents", - "arn": "arn:aws:bedrock:us-east-1:211203495394:agent/LRY8BRVRA6", - "guardrail_id": "arn:aws:bedrock:us-east-1:211203495394:guardrail/yk2rgwn4nj1z", - "region": "us-east-1", - "tags": [] - } - }, - "group": { - "name": "bedrock" - }, - "labels": [], - "name": "LRY8BRVRA6", - "type": "Other", - "uid": "arn:aws:bedrock:us-east-1:211203495394:agent/LRY8BRVRA6" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Enable Guardrails for Amazon Bedrock agent sessions to protect against harmful inputs and outputs during interactions.", - "references": [ - "https://docs.aws.amazon.com/bedrock/latest/userguide/guardrails-create.html" - ] - }, - "risk_details": "Without guardrails enabled, Amazon Bedrock agent sessions are vulnerable to harmful prompts or inputs that could expose sensitive information or generate inappropriate content. This could lead to privacy violations, data leaks, or other security risks.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Bedrock Guardrail 4g5e-TerraformBedrockGuardrail is not configured to block prompt attacks.", - "metadata": { - "event_code": "bedrock_guardrail_prompt_attack_filter_enabled", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Bedrock Guardrail 4g5e-TerraformBedrockGuardrail is not configured to block prompt attacks.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/bedrock/latest/userguide/guardrails.html", - "categories": [ - "gen-ai" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Ensure that prompt attack protection is set to the highest strength to minimize the risk of prompt injection attacks.", - "compliance": { - "KISA-ISMS-P-2023-korean": [ - "2.10.2" - ], - "CCC": [ - "CCC.GenAI.CN01.AR01", - "CCC.GenAI.CN01.AR02", - "CCC.GenAI.CN02.AR01", - "CCC.GenAI.CN02.AR02", - "CCC.GenAI.CN04.AR02", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.MLDE.CN05.AR01" - ], - "KISA-ISMS-P-2023": [ - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Ensure that prompt attack filter strength is set to HIGH for Amazon Bedrock guardrails to mitigate prompt injection and bypass techniques.", - "title": "Configure Prompt Attack Filter with the highest strength for Amazon Bedrock Guardrails.", - "types": [], - "uid": "prowler-aws-bedrock_guardrail_prompt_attack_filter_enabled-211203495394-us-east-1-yk2rgwn4nj1z" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "id": "yk2rgwn4nj1z", - "name": "4g5e-TerraformBedrockGuardrail", - "arn": "arn:aws:bedrock:us-east-1:211203495394:guardrail/yk2rgwn4nj1z", - "region": "us-east-1", - "tags": [], - "sensitive_information_filter": true, - "prompt_attack_filter_strength": null - } - }, - "group": { - "name": "bedrock" - }, - "labels": [], - "name": "yk2rgwn4nj1z", - "type": "Other", - "uid": "arn:aws:bedrock:us-east-1:211203495394:guardrail/yk2rgwn4nj1z" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Set the prompt attack filter strength to HIGH for Amazon Bedrock guardrails to prevent prompt injection attacks and ensure robust protection against content manipulation.", - "references": [ - "https://docs.aws.amazon.com/bedrock/latest/userguide/prompt-injection.html" - ] - }, - "risk_details": "If prompt attack filter strength is not set to HIGH, Bedrock models may be more vulnerable to prompt injection attacks or jailbreak attempts, which could allow harmful or sensitive content to bypass filters and reach end users.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Bedrock Guardrail 4g5e-TerraformBedrockGuardrail is blocking or masking sensitive information.", - "metadata": { - "event_code": "bedrock_guardrail_sensitive_information_filter_enabled", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Bedrock Guardrail 4g5e-TerraformBedrockGuardrail is blocking or masking sensitive information.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/bedrock/latest/userguide/guardrails.html", - "categories": [ - "gen-ai" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "KISA-ISMS-P-2023-korean": [ - "2.10.2" - ], - "CCC": [ - "CCC.GenAI.CN01.AR01", - "CCC.GenAI.CN01.AR02", - "CCC.GenAI.CN02.AR01", - "CCC.GenAI.CN02.AR02", - "CCC.GenAI.CN04.AR02", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.MLDE.CN05.AR01" - ], - "KISA-ISMS-P-2023": [ - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Ensure that sensitive information filters are enabled for Amazon Bedrock guardrails to prevent the leakage of sensitive data such as personally identifiable information (PII), financial data, or confidential corporate information.", - "title": "Configure Sensitive Information Filters for Amazon Bedrock Guardrails.", - "types": [], - "uid": "prowler-aws-bedrock_guardrail_sensitive_information_filter_enabled-211203495394-us-east-1-yk2rgwn4nj1z" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "id": "yk2rgwn4nj1z", - "name": "4g5e-TerraformBedrockGuardrail", - "arn": "arn:aws:bedrock:us-east-1:211203495394:guardrail/yk2rgwn4nj1z", - "region": "us-east-1", - "tags": [], - "sensitive_information_filter": true, - "prompt_attack_filter_strength": null - } - }, - "group": { - "name": "bedrock" - }, - "labels": [], - "name": "yk2rgwn4nj1z", - "type": "Other", - "uid": "arn:aws:bedrock:us-east-1:211203495394:guardrail/yk2rgwn4nj1z" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Enable sensitive information filters for Amazon Bedrock guardrails to prevent the exposure of sensitive or confidential information.", - "references": [ - "https://docs.aws.amazon.com/bedrock/latest/userguide/guardrails-sensitive-filters.html" - ] - }, - "risk_details": "If sensitive information filters are not enabled, Bedrock models may inadvertently generate or expose confidential or sensitive information in responses, leading to data breaches, regulatory violations, or reputational damage.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Inline policy terraform-20251019170219823000000002 attached to role BedrockAgents20251019170219585900000001 does not allow privilege escalation.", - "metadata": { - "event_code": "iam_inline_policy_allows_privilege_escalation", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Inline policy terraform-20251019170219823000000002 attached to role BedrockAgents20251019170219585900000001 does not allow privilege escalation.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_3_3" - ], - "C5-2025": [ - "SP-01.04B", - "AM-09.04AC" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.LB.CN05.AR01", - "CCC.Monitor.CN05.AR01", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR04" - ], - "ProwlerThreatScore-1.0": [ - "1.3.3" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Ensure no Inline IAM policies allow actions that may lead into Privilege Escalation", - "title": "Ensure no IAM Inline policies allow actions that may lead into Privilege Escalation", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards" - ], - "uid": "prowler-aws-iam_inline_policy_allows_privilege_escalation-211203495394-us-east-1-BedrockAgents20251019170219585900000001/terraform-20251019170219823000000002" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "terraform-20251019170219823000000002", - "arn": "arn:aws:iam::211203495394:role/BedrockAgents20251019170219585900000001", - "entity": "BedrockAgents20251019170219585900000001", - "version_id": "v1", - "type": "Inline", - "attached": true, - "document": { - "Version": "2012-10-17", - "Statement": [ - { - "Action": [ - "bedrock:UseInferenceProfile", - "bedrock:InvokeModel*", - "bedrock:GetInferenceProfile" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:bedrock:us-east-1::foundation-model/anthropic.claude-v2", - "arn:aws:bedrock:us-east-1:211203495394:inference-profile/*.anthropic.claude-v2", - "arn:aws:bedrock:*::foundation-model/anthropic.claude-v2" - ] - } - ] - }, - "tags": [] - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "BedrockAgents20251019170219585900000001/terraform-20251019170219823000000002", - "type": "AwsIamPolicy", - "uid": "arn:aws:iam::211203495394:role/BedrockAgents20251019170219585900000001" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Grant usage permission on a per-resource basis and applying least privilege principle.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#grant-least-privilege" - ] - }, - "risk_details": "Users with some IAM permissions are allowed to elevate their privileges up to administrator rights.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Inline policy terraform-20251019170303948100000003 attached to role BedrockAgents20251019170219585900000001 does not allow privilege escalation.", - "metadata": { - "event_code": "iam_inline_policy_allows_privilege_escalation", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Inline policy terraform-20251019170303948100000003 attached to role BedrockAgents20251019170219585900000001 does not allow privilege escalation.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_3_3" - ], - "C5-2025": [ - "SP-01.04B", - "AM-09.04AC" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.LB.CN05.AR01", - "CCC.Monitor.CN05.AR01", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR04" - ], - "ProwlerThreatScore-1.0": [ - "1.3.3" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Ensure no Inline IAM policies allow actions that may lead into Privilege Escalation", - "title": "Ensure no IAM Inline policies allow actions that may lead into Privilege Escalation", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards" - ], - "uid": "prowler-aws-iam_inline_policy_allows_privilege_escalation-211203495394-us-east-1-BedrockAgents20251019170219585900000001/terraform-20251019170303948100000003" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "terraform-20251019170303948100000003", - "arn": "arn:aws:iam::211203495394:role/BedrockAgents20251019170219585900000001", - "entity": "BedrockAgents20251019170219585900000001", - "version_id": "v1", - "type": "Inline", - "attached": true, - "document": { - "Version": "2012-10-17", - "Statement": [ - { - "Action": [ - "bedrock:ApplyGuardrail" - ], - "Effect": "Allow", - "Resource": "arn:aws:bedrock:us-east-1:211203495394:guardrail/yk2rgwn4nj1z" - } - ] - }, - "tags": [] - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "BedrockAgents20251019170219585900000001/terraform-20251019170303948100000003", - "type": "AwsIamPolicy", - "uid": "arn:aws:iam::211203495394:role/BedrockAgents20251019170219585900000001" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Grant usage permission on a per-resource basis and applying least privilege principle.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#grant-least-privilege" - ] - }, - "risk_details": "Users with some IAM permissions are allowed to elevate their privileges up to administrator rights.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Inline policy terraform-20251019170219823000000002 attached to role BedrockAgents20251019170219585900000001 does not allow '*:*' administrative privileges.", - "metadata": { - "event_code": "iam_inline_policy_no_administrative_privileges", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Inline policy terraform-20251019170219823000000002 attached to role BedrockAgents20251019170219585900000001 does not allow '*:*' administrative privileges.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "CAF Security Epic: IAM", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_1", - "3_1_2", - "3_1_4", - "3_1_5", - "3_1_6", - "3_1_7", - "3_4_6", - "3_13_3" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_1" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_308_a_3_i", - "164_308_a_3_ii_b", - "164_308_a_4_i", - "164_308_a_4_ii_b", - "164_308_a_4_ii_c", - "164_312_a_1" - ], - "SOC2": [ - "cc_1_3", - "cc_6_3" - ], - "C5-2025": [ - "OIS-04.01AC", - "SP-01.04B", - "HR-01.01B", - "IAM-01.01B", - "IAM-01.04B" - ], - "NIST-CSF-1.1": [ - "ac_1", - "ac_4", - "pt_3" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-1", - "ac-2-f", - "ac-2-j", - "ac-3", - "ac-5-c", - "ac-6-10", - "ac-6", - "sc-2" - ], - "NIST-800-53-Revision-5": [ - "ac_2_1", - "ac_2_6", - "ac_2_i_2", - "ac_3", - "ac_3_3", - "ac_3_3_a", - "ac_3_3_b_1", - "ac_3_3_b_2", - "ac_3_3_b_3", - "ac_3_3_b_4", - "ac_3_3_b_5", - "ac_3_3_c", - "ac_3_4", - "ac_3_4_a", - "ac_3_4_b", - "ac_3_4_c", - "ac_3_4_d", - "ac_3_4_e", - "ac_3_7", - "ac_3_8", - "ac_3_12_a", - "ac_3_13", - "ac_3_15_a", - "ac_3_15_b", - "ac_4_28", - "ac_5_b", - "ac_6", - "ac_6_2", - "ac_6_3", - "ac_6_10", - "ac_24", - "cm_5_1_a", - "cm_6_a", - "cm_9_b", - "mp_2", - "sc_23_3", - "sc_25" - ], - "ENS-RD2022": [ - "op.acc.4.aws.iam.1", - "op.acc.4.aws.iam.2", - "op.acc.4.aws.iam.9", - "op.exp.8.r4.aws.ct.8" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "ac-3" - ], - "FFIEC": [ - "d3-pc-am-b-1", - "d3-pc-am-b-16", - "d3-pc-am-b-2", - "d3-pc-am-b-3", - "d3-pc-am-b-6", - "d3-pc-im-b-7" - ], - "GDPR": [ - "article_25" - ], - "CCC": [ - "CCC.LB.CN05.AR01" - ], - "GxP-21-CFR-Part-11": [ - "11.10-d", - "11.10-g" - ], - "AWS-Foundational-Security-Best-Practices": [ - "IAM.1" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC03-BP02" - ], - "ISO27001-2022": [ - "A.5.18", - "A.8.2" - ], - "NIST-800-53-Revision-4": [ - "ac_2", - "ac_3", - "ac_5", - "ac_6", - "sc_2" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1078", - "T1648", - "T1098", - "T1578", - "T1550", - "T1040", - "T1580", - "T1538", - "T1619", - "T1201" - ], - "CISA": [ - "your-systems-3", - "your-surroundings-3" - ], - "NIS2": [ - "6.7.2.e", - "11.3.2.c", - "11.4.2.b" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Ensure inline policies that allow full \"*:*\" administrative privileges are not associated to IAM identities", - "title": "Ensure IAM inline policies that allow full \"*:*\" administrative privileges are not associated to IAM identities", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_inline_policy_no_administrative_privileges-211203495394-us-east-1-BedrockAgents20251019170219585900000001/terraform-20251019170219823000000002" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "terraform-20251019170219823000000002", - "arn": "arn:aws:iam::211203495394:role/BedrockAgents20251019170219585900000001", - "entity": "BedrockAgents20251019170219585900000001", - "version_id": "v1", - "type": "Inline", - "attached": true, - "document": { - "Version": "2012-10-17", - "Statement": [ - { - "Action": [ - "bedrock:UseInferenceProfile", - "bedrock:InvokeModel*", - "bedrock:GetInferenceProfile" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:bedrock:us-east-1::foundation-model/anthropic.claude-v2", - "arn:aws:bedrock:us-east-1:211203495394:inference-profile/*.anthropic.claude-v2", - "arn:aws:bedrock:*::foundation-model/anthropic.claude-v2" - ] - } - ] - }, - "tags": [] - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "BedrockAgents20251019170219585900000001/terraform-20251019170219823000000002", - "type": "AwsIamPolicy", - "uid": "arn:aws:iam::211203495394:role/BedrockAgents20251019170219585900000001" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "It is more secure to start with a minimum set of permissions and grant additional permissions as necessary, rather than starting with permissions that are too lenient and then trying to tighten them later. List policies an analyze if permissions are the least possible to conduct business activities.", - "references": [ - "http://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html" - ] - }, - "risk_details": "IAM policies are the means by which privileges are granted to users, groups or roles. It is recommended and considered a standard security advice to grant least privilegeβ€”that is, granting only the permissions required to perform a task. Determine what users need to do and then craft policies for them that let the users perform only those tasks instead of allowing full administrative privileges. Providing full administrative privileges instead of restricting to the minimum set of permissions that the user is required to do exposes the resources to potentially unwanted actions.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Inline policy terraform-20251019170303948100000003 attached to role BedrockAgents20251019170219585900000001 does not allow '*:*' administrative privileges.", - "metadata": { - "event_code": "iam_inline_policy_no_administrative_privileges", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Inline policy terraform-20251019170303948100000003 attached to role BedrockAgents20251019170219585900000001 does not allow '*:*' administrative privileges.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "CAF Security Epic: IAM", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_1", - "3_1_2", - "3_1_4", - "3_1_5", - "3_1_6", - "3_1_7", - "3_4_6", - "3_13_3" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_1" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_308_a_3_i", - "164_308_a_3_ii_b", - "164_308_a_4_i", - "164_308_a_4_ii_b", - "164_308_a_4_ii_c", - "164_312_a_1" - ], - "SOC2": [ - "cc_1_3", - "cc_6_3" - ], - "C5-2025": [ - "OIS-04.01AC", - "SP-01.04B", - "HR-01.01B", - "IAM-01.01B", - "IAM-01.04B" - ], - "NIST-CSF-1.1": [ - "ac_1", - "ac_4", - "pt_3" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-1", - "ac-2-f", - "ac-2-j", - "ac-3", - "ac-5-c", - "ac-6-10", - "ac-6", - "sc-2" - ], - "NIST-800-53-Revision-5": [ - "ac_2_1", - "ac_2_6", - "ac_2_i_2", - "ac_3", - "ac_3_3", - "ac_3_3_a", - "ac_3_3_b_1", - "ac_3_3_b_2", - "ac_3_3_b_3", - "ac_3_3_b_4", - "ac_3_3_b_5", - "ac_3_3_c", - "ac_3_4", - "ac_3_4_a", - "ac_3_4_b", - "ac_3_4_c", - "ac_3_4_d", - "ac_3_4_e", - "ac_3_7", - "ac_3_8", - "ac_3_12_a", - "ac_3_13", - "ac_3_15_a", - "ac_3_15_b", - "ac_4_28", - "ac_5_b", - "ac_6", - "ac_6_2", - "ac_6_3", - "ac_6_10", - "ac_24", - "cm_5_1_a", - "cm_6_a", - "cm_9_b", - "mp_2", - "sc_23_3", - "sc_25" - ], - "ENS-RD2022": [ - "op.acc.4.aws.iam.1", - "op.acc.4.aws.iam.2", - "op.acc.4.aws.iam.9", - "op.exp.8.r4.aws.ct.8" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "ac-3" - ], - "FFIEC": [ - "d3-pc-am-b-1", - "d3-pc-am-b-16", - "d3-pc-am-b-2", - "d3-pc-am-b-3", - "d3-pc-am-b-6", - "d3-pc-im-b-7" - ], - "GDPR": [ - "article_25" - ], - "CCC": [ - "CCC.LB.CN05.AR01" - ], - "GxP-21-CFR-Part-11": [ - "11.10-d", - "11.10-g" - ], - "AWS-Foundational-Security-Best-Practices": [ - "IAM.1" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC03-BP02" - ], - "ISO27001-2022": [ - "A.5.18", - "A.8.2" - ], - "NIST-800-53-Revision-4": [ - "ac_2", - "ac_3", - "ac_5", - "ac_6", - "sc_2" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1078", - "T1648", - "T1098", - "T1578", - "T1550", - "T1040", - "T1580", - "T1538", - "T1619", - "T1201" - ], - "CISA": [ - "your-systems-3", - "your-surroundings-3" - ], - "NIS2": [ - "6.7.2.e", - "11.3.2.c", - "11.4.2.b" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Ensure inline policies that allow full \"*:*\" administrative privileges are not associated to IAM identities", - "title": "Ensure IAM inline policies that allow full \"*:*\" administrative privileges are not associated to IAM identities", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_inline_policy_no_administrative_privileges-211203495394-us-east-1-BedrockAgents20251019170219585900000001/terraform-20251019170303948100000003" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "terraform-20251019170303948100000003", - "arn": "arn:aws:iam::211203495394:role/BedrockAgents20251019170219585900000001", - "entity": "BedrockAgents20251019170219585900000001", - "version_id": "v1", - "type": "Inline", - "attached": true, - "document": { - "Version": "2012-10-17", - "Statement": [ - { - "Action": [ - "bedrock:ApplyGuardrail" - ], - "Effect": "Allow", - "Resource": "arn:aws:bedrock:us-east-1:211203495394:guardrail/yk2rgwn4nj1z" - } - ] - }, - "tags": [] - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "BedrockAgents20251019170219585900000001/terraform-20251019170303948100000003", - "type": "AwsIamPolicy", - "uid": "arn:aws:iam::211203495394:role/BedrockAgents20251019170219585900000001" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "It is more secure to start with a minimum set of permissions and grant additional permissions as necessary, rather than starting with permissions that are too lenient and then trying to tighten them later. List policies an analyze if permissions are the least possible to conduct business activities.", - "references": [ - "http://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html" - ] - }, - "risk_details": "IAM policies are the means by which privileges are granted to users, groups or roles. It is recommended and considered a standard security advice to grant least privilegeβ€”that is, granting only the permissions required to perform a task. Determine what users need to do and then craft policies for them that let the users perform only those tasks instead of allowing full administrative privileges. Providing full administrative privileges instead of restricting to the minimum set of permissions that the user is required to do exposes the resources to potentially unwanted actions.", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Inline policy terraform-20251019170219823000000002 attached to role BedrockAgents20251019170219585900000001 does not allow 'cloudtrail:*' privileges.", - "metadata": { - "event_code": "iam_inline_policy_no_full_access_to_cloudtrail", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Inline policy terraform-20251019170219823000000002 attached to role BedrockAgents20251019170219585900000001 does not allow 'cloudtrail:*' privileges.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-10.01B", - "SIM-03.07B", - "COM-04.01AC" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.LB.CN05.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN05.AR01", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR04" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Ensure IAM inline policies that allow full \"cloudtrail:*\" privileges are not created", - "title": "Ensure IAM inline policies that allow full \"cloudtrail:*\" privileges are not created", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_inline_policy_no_full_access_to_cloudtrail-211203495394-us-east-1-BedrockAgents20251019170219585900000001/terraform-20251019170219823000000002" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "terraform-20251019170219823000000002", - "arn": "arn:aws:iam::211203495394:role/BedrockAgents20251019170219585900000001", - "entity": "BedrockAgents20251019170219585900000001", - "version_id": "v1", - "type": "Inline", - "attached": true, - "document": { - "Version": "2012-10-17", - "Statement": [ - { - "Action": [ - "bedrock:UseInferenceProfile", - "bedrock:InvokeModel*", - "bedrock:GetInferenceProfile" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:bedrock:us-east-1::foundation-model/anthropic.claude-v2", - "arn:aws:bedrock:us-east-1:211203495394:inference-profile/*.anthropic.claude-v2", - "arn:aws:bedrock:*::foundation-model/anthropic.claude-v2" - ] - } - ] - }, - "tags": [] - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "BedrockAgents20251019170219585900000001/terraform-20251019170219823000000002", - "type": "AwsIamPolicy", - "uid": "arn:aws:iam::211203495394:role/BedrockAgents20251019170219585900000001" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "It is more secure to start with a minimum set of permissions and grant additional permissions as necessary, rather than starting with permissions that are too lenient and then trying to tighten them later. List policies an analyze if permissions are the least possible to conduct business activities.", - "references": [ - "http://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html" - ] - }, - "risk_details": "CloudTrail is a critical service and IAM policies should follow least privilege model for this service in particular", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Inline policy terraform-20251019170303948100000003 attached to role BedrockAgents20251019170219585900000001 does not allow 'cloudtrail:*' privileges.", - "metadata": { - "event_code": "iam_inline_policy_no_full_access_to_cloudtrail", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Inline policy terraform-20251019170303948100000003 attached to role BedrockAgents20251019170219585900000001 does not allow 'cloudtrail:*' privileges.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-10.01B", - "SIM-03.07B", - "COM-04.01AC" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.LB.CN05.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN05.AR01", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR04" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Ensure IAM inline policies that allow full \"cloudtrail:*\" privileges are not created", - "title": "Ensure IAM inline policies that allow full \"cloudtrail:*\" privileges are not created", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_inline_policy_no_full_access_to_cloudtrail-211203495394-us-east-1-BedrockAgents20251019170219585900000001/terraform-20251019170303948100000003" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "terraform-20251019170303948100000003", - "arn": "arn:aws:iam::211203495394:role/BedrockAgents20251019170219585900000001", - "entity": "BedrockAgents20251019170219585900000001", - "version_id": "v1", - "type": "Inline", - "attached": true, - "document": { - "Version": "2012-10-17", - "Statement": [ - { - "Action": [ - "bedrock:ApplyGuardrail" - ], - "Effect": "Allow", - "Resource": "arn:aws:bedrock:us-east-1:211203495394:guardrail/yk2rgwn4nj1z" - } - ] - }, - "tags": [] - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "BedrockAgents20251019170219585900000001/terraform-20251019170303948100000003", - "type": "AwsIamPolicy", - "uid": "arn:aws:iam::211203495394:role/BedrockAgents20251019170219585900000001" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "It is more secure to start with a minimum set of permissions and grant additional permissions as necessary, rather than starting with permissions that are too lenient and then trying to tighten them later. List policies an analyze if permissions are the least possible to conduct business activities.", - "references": [ - "http://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html" - ] - }, - "risk_details": "CloudTrail is a critical service and IAM policies should follow least privilege model for this service in particular", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Inline policy terraform-20251019170219823000000002 attached to role BedrockAgents20251019170219585900000001 does not allow 'kms:*' privileges.", - "metadata": { - "event_code": "iam_inline_policy_no_full_access_to_kms", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Inline policy terraform-20251019170219823000000002 attached to role BedrockAgents20251019170219585900000001 does not allow 'kms:*' privileges.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "IAM-10.01B", - "CRY-05.02B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "PCI-4.0": [ - "3.5.1.1.8", - "3.5.1.3.16", - "3.6.1.2.8", - "3.6.1.3.8", - "3.6.1.4.8", - "3.6.1.8", - "3.7.1.9", - "3.7.2.8", - "3.7.4.9", - "3.7.6.8", - "3.7.7.8", - "4.2.1.1.21", - "7.2.1.10", - "7.2.2.10", - "7.2.3.6", - "7.2.5.6", - "7.3.1.6", - "7.3.2.6", - "7.3.3.6", - "8.2.7.6", - "8.2.8.8", - "8.3.4.6" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.KeyMgmt.CN02.AR01", - "CCC.LB.CN05.AR01", - "CCC.ObjStor.CN01.AR02", - "CCC.ObjStor.CN01.AR04", - "CCC.MLDE.CN01.AR01", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR04" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Ensure IAM inline policies that allow full \"kms:*\" privileges are not created", - "title": "Ensure IAM inline policies that allow full \"kms:*\" privileges are not created", - "types": [ - "Software and Configuration Checks" - ], - "uid": "prowler-aws-iam_inline_policy_no_full_access_to_kms-211203495394-us-east-1-BedrockAgents20251019170219585900000001/terraform-20251019170219823000000002" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "terraform-20251019170219823000000002", - "arn": "arn:aws:iam::211203495394:role/BedrockAgents20251019170219585900000001", - "entity": "BedrockAgents20251019170219585900000001", - "version_id": "v1", - "type": "Inline", - "attached": true, - "document": { - "Version": "2012-10-17", - "Statement": [ - { - "Action": [ - "bedrock:UseInferenceProfile", - "bedrock:InvokeModel*", - "bedrock:GetInferenceProfile" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:bedrock:us-east-1::foundation-model/anthropic.claude-v2", - "arn:aws:bedrock:us-east-1:211203495394:inference-profile/*.anthropic.claude-v2", - "arn:aws:bedrock:*::foundation-model/anthropic.claude-v2" - ] - } - ] - }, - "tags": [] - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "BedrockAgents20251019170219585900000001/terraform-20251019170219823000000002", - "type": "AwsIamPolicy", - "uid": "arn:aws:iam::211203495394:role/BedrockAgents20251019170219585900000001" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "It is more secure to start with a minimum set of permissions and grant additional permissions as necessary, rather than starting with permissions that are too lenient and then trying to tighten them later. List policies an analyze if permissions are the least possible to conduct business activities.", - "references": [ - "http://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html" - ] - }, - "risk_details": "KMS is a critical service and IAM policies should follow least privilege model for this service in particular", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Inline policy terraform-20251019170303948100000003 attached to role BedrockAgents20251019170219585900000001 does not allow 'kms:*' privileges.", - "metadata": { - "event_code": "iam_inline_policy_no_full_access_to_kms", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Inline policy terraform-20251019170303948100000003 attached to role BedrockAgents20251019170219585900000001 does not allow 'kms:*' privileges.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "IAM-10.01B", - "CRY-05.02B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "PCI-4.0": [ - "3.5.1.1.8", - "3.5.1.3.16", - "3.6.1.2.8", - "3.6.1.3.8", - "3.6.1.4.8", - "3.6.1.8", - "3.7.1.9", - "3.7.2.8", - "3.7.4.9", - "3.7.6.8", - "3.7.7.8", - "4.2.1.1.21", - "7.2.1.10", - "7.2.2.10", - "7.2.3.6", - "7.2.5.6", - "7.3.1.6", - "7.3.2.6", - "7.3.3.6", - "8.2.7.6", - "8.2.8.8", - "8.3.4.6" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.KeyMgmt.CN02.AR01", - "CCC.LB.CN05.AR01", - "CCC.ObjStor.CN01.AR02", - "CCC.ObjStor.CN01.AR04", - "CCC.MLDE.CN01.AR01", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR04" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Ensure IAM inline policies that allow full \"kms:*\" privileges are not created", - "title": "Ensure IAM inline policies that allow full \"kms:*\" privileges are not created", - "types": [ - "Software and Configuration Checks" - ], - "uid": "prowler-aws-iam_inline_policy_no_full_access_to_kms-211203495394-us-east-1-BedrockAgents20251019170219585900000001/terraform-20251019170303948100000003" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "terraform-20251019170303948100000003", - "arn": "arn:aws:iam::211203495394:role/BedrockAgents20251019170219585900000001", - "entity": "BedrockAgents20251019170219585900000001", - "version_id": "v1", - "type": "Inline", - "attached": true, - "document": { - "Version": "2012-10-17", - "Statement": [ - { - "Action": [ - "bedrock:ApplyGuardrail" - ], - "Effect": "Allow", - "Resource": "arn:aws:bedrock:us-east-1:211203495394:guardrail/yk2rgwn4nj1z" - } - ] - }, - "tags": [] - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "BedrockAgents20251019170219585900000001/terraform-20251019170303948100000003", - "type": "AwsIamPolicy", - "uid": "arn:aws:iam::211203495394:role/BedrockAgents20251019170219585900000001" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "It is more secure to start with a minimum set of permissions and grant additional permissions as necessary, rather than starting with permissions that are too lenient and then trying to tighten them later. List policies an analyze if permissions are the least possible to conduct business activities.", - "references": [ - "http://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html" - ] - }, - "risk_details": "KMS is a critical service and IAM policies should follow least privilege model for this service in particular", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "IAM Service Role BedrockAgents20251019170219585900000001 prevents against a cross-service confused deputy attack.", - "metadata": { - "event_code": "iam_role_cross_service_confused_deputy_prevention", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "IAM Service Role BedrockAgents20251019170219585900000001 prevents against a cross-service confused deputy attack.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "trustboundaries" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-01.01B", - "IAM-01.04B" - ], - "ENS-RD2022": [ - "op.exp.8.r4.aws.ct.8", - "op.exp.8.r4.aws.ct.1" - ], - "AWS-Foundational-Technical-Review": [ - "IAM-0012" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.6", - "2.10.2" - ], - "CCC": [ - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR06" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC02-BP04" - ], - "AWS-Account-Security-Onboarding": [ - "Predefine IAM Roles" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.6", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1078" - ], - "NIS2": [ - "3.1.2.c", - "6.8.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760893384, - "created_time_dt": "2025-10-19T17:03:04.730000", - "desc": "Ensure IAM Service Roles prevents against a cross-service confused deputy attack", - "title": "Ensure IAM Service Roles prevents against a cross-service confused deputy attack", - "types": [], - "uid": "prowler-aws-iam_role_cross_service_confused_deputy_prevention-211203495394-us-east-1-BedrockAgents20251019170219585900000001" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "BedrockAgents20251019170219585900000001", - "arn": "arn:aws:iam::211203495394:role/BedrockAgents20251019170219585900000001", - "assume_role_policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Principal": { - "Service": "bedrock.amazonaws.com" - }, - "Action": "sts:AssumeRole", - "Condition": { - "StringEquals": { - "aws:SourceAccount": "211203495394" - }, - "ArnLike": { - "AWS:SourceArn": "arn:aws:bedrock:us-east-1:211203495394:agent/*" - } - } - } - ] - }, - "is_service_role": true, - "attached_policies": [], - "inline_policies": [ - "terraform-20251019170219823000000002", - "terraform-20251019170303948100000003" - ], - "tags": [] - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "BedrockAgents20251019170219585900000001", - "type": "AwsIamRole", - "uid": "arn:aws:iam::211203495394:role/BedrockAgents20251019170219585900000001" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "To mitigate cross-service confused deputy attacks, it's recommended to use the aws:SourceArn and aws:SourceAccount global condition context keys in your IAM role trust policies. If the role doesn't support these fields, consider implementing alternative security measures, such as defining more restrictive resource-based policies or using service-specific trust policies, to limit the role's permissions and exposure. For detailed guidance, refer to AWS's documentation on preventing cross-service confused deputy issues.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/confused-deputy.html#cross-service-confused-deputy-prevention" - ] - }, - "risk_details": "Allow attackers to gain unauthorized access to resources", - "time": 1760893384, - "time_dt": "2025-10-19T17:03:04.730000", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - } -] diff --git a/website/src/data/test-results/finos-labs-ccc-cfi-compliance/aws-s3-bucket/config/aws-s3-bucket.json b/website/src/data/test-results/finos-labs-ccc-cfi-compliance/aws-s3-bucket/config/aws-s3-bucket.json index f47022d1..c77b3e18 100644 --- a/website/src/data/test-results/finos-labs-ccc-cfi-compliance/aws-s3-bucket/config/aws-s3-bucket.json +++ b/website/src/data/test-results/finos-labs-ccc-cfi-compliance/aws-s3-bucket/config/aws-s3-bucket.json @@ -5,5 +5,6 @@ "name": "CCC AWS S3 Bucket Terraform Module", "description": "This module creates secure AWS S3 buckets with encryption, versioning, lifecycle management, and advanced security features.", "path": "remote/aws/s3bucket", + "test-frameworks" : ["cfi"], "git": "https://github.com/terraform-aws-modules/terraform-aws-s3-bucket" } \ No newline at end of file diff --git a/website/src/data/test-results/finos-labs-ccc-cfi-compliance/aws-s3-bucket/results/aws-s3-bucket-baseline.ocsf.json b/website/src/data/test-results/finos-labs-ccc-cfi-compliance/aws-s3-bucket/results/aws-s3-bucket-baseline.ocsf.json deleted file mode 100644 index 40e821f0..00000000 --- a/website/src/data/test-results/finos-labs-ccc-cfi-compliance/aws-s3-bucket/results/aws-s3-bucket-baseline.ocsf.json +++ /dev/null @@ -1,63726 +0,0 @@ -[ - { - "message": "IAM Access Analyzer in account 211203495394 is not enabled.", - "metadata": { - "event_code": "accessanalyzer_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "IAM Access Analyzer in account 211203495394 is not enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "identity-access", - "trust-boundaries" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-manage-external.html", - "https://aws.amazon.com/iam/access-analyzer/", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/API_CreateAnalyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-external.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/Welcome.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-internal.html" - ], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-01.04B", - "IAM-06.01AC", - "IAM-10.01B", - "IAM-10.02B", - "INQ-04.01AC", - "PSS-08.03B", - "PSS-09.01AC" - ], - "CIS-3.0": [ - "1.20" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.20" - ], - "CIS-5.0": [ - "1.19" - ], - "CIS-1.4": [ - "1.20" - ], - "CCC": [ - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN05.AR04" - ], - "ProwlerThreatScore-1.0": [ - "1.2.6" - ], - "CIS-1.5": [ - "1.20" - ], - "ISO27001-2022": [ - "A.8.3" - ], - "AWS-Account-Security-Onboarding": [ - "Enabled security services", - "Create analyzers in each active regions", - "Verify that events are present in SecurityHub aggregated view" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-2.0": [ - "1.20" - ], - "NIS2": [ - "3.2.3.e", - "11.1.1", - "11.2.1", - "11.2.2.e" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "**IAM Access Analyzer** presence and status are evaluated per account and Region. An analyzer in `ACTIVE` state indicates continuous analysis of supported resources and IAM activity to identify external, internal, and unused access.", - "title": "IAM Access Analyzer is enabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices" - ], - "uid": "prowler-aws-accessanalyzer_enabled-211203495394-ap-northeast-1-analyzer/unknown" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-northeast-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:accessanalyzer:ap-northeast-1:211203495394:analyzer/unknown", - "name": "analyzer/unknown", - "status": "NOT_AVAILABLE", - "findings": [], - "tags": [], - "type": "", - "region": "ap-northeast-1" - } - }, - "group": { - "name": "accessanalyzer" - }, - "labels": [], - "name": "analyzer/unknown", - "type": "Other", - "uid": "arn:aws:accessanalyzer:ap-northeast-1:211203495394:analyzer/unknown" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-northeast-1" - }, - "remediation": { - "desc": "Enable **IAM Access Analyzer** across all accounts and active Regions (*or organization-wide*). Operate on least privilege: continuously review findings, remove unintended access, and trim unused permissions. Use archive rules sparingly, integrate reviews into change/CI/CD workflows, and enforce separation of duties on policy changes.", - "references": [ - "https://hub.prowler.com/check/accessanalyzer_enabled" - ] - }, - "risk_details": "Without an active analyzer, visibility into unintended public, cross-account, or risky internal access is lost. Adversaries can exploit exposed S3, snapshots, KMS keys, or permissive role trusts for data exfiltration and escalation. Unused permissions persist, enlarging the attack surface. This degrades confidentiality and integrity.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "IAM Access Analyzer in account 211203495394 is not enabled.", - "metadata": { - "event_code": "accessanalyzer_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "IAM Access Analyzer in account 211203495394 is not enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "identity-access", - "trust-boundaries" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-manage-external.html", - "https://aws.amazon.com/iam/access-analyzer/", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/API_CreateAnalyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-external.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/Welcome.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-internal.html" - ], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-01.04B", - "IAM-06.01AC", - "IAM-10.01B", - "IAM-10.02B", - "INQ-04.01AC", - "PSS-08.03B", - "PSS-09.01AC" - ], - "CIS-3.0": [ - "1.20" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.20" - ], - "CIS-5.0": [ - "1.19" - ], - "CIS-1.4": [ - "1.20" - ], - "CCC": [ - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN05.AR04" - ], - "ProwlerThreatScore-1.0": [ - "1.2.6" - ], - "CIS-1.5": [ - "1.20" - ], - "ISO27001-2022": [ - "A.8.3" - ], - "AWS-Account-Security-Onboarding": [ - "Enabled security services", - "Create analyzers in each active regions", - "Verify that events are present in SecurityHub aggregated view" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-2.0": [ - "1.20" - ], - "NIS2": [ - "3.2.3.e", - "11.1.1", - "11.2.1", - "11.2.2.e" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "**IAM Access Analyzer** presence and status are evaluated per account and Region. An analyzer in `ACTIVE` state indicates continuous analysis of supported resources and IAM activity to identify external, internal, and unused access.", - "title": "IAM Access Analyzer is enabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices" - ], - "uid": "prowler-aws-accessanalyzer_enabled-211203495394-ap-northeast-2-analyzer/unknown" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-northeast-2", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:accessanalyzer:ap-northeast-2:211203495394:analyzer/unknown", - "name": "analyzer/unknown", - "status": "NOT_AVAILABLE", - "findings": [], - "tags": [], - "type": "", - "region": "ap-northeast-2" - } - }, - "group": { - "name": "accessanalyzer" - }, - "labels": [], - "name": "analyzer/unknown", - "type": "Other", - "uid": "arn:aws:accessanalyzer:ap-northeast-2:211203495394:analyzer/unknown" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-northeast-2" - }, - "remediation": { - "desc": "Enable **IAM Access Analyzer** across all accounts and active Regions (*or organization-wide*). Operate on least privilege: continuously review findings, remove unintended access, and trim unused permissions. Use archive rules sparingly, integrate reviews into change/CI/CD workflows, and enforce separation of duties on policy changes.", - "references": [ - "https://hub.prowler.com/check/accessanalyzer_enabled" - ] - }, - "risk_details": "Without an active analyzer, visibility into unintended public, cross-account, or risky internal access is lost. Adversaries can exploit exposed S3, snapshots, KMS keys, or permissive role trusts for data exfiltration and escalation. Unused permissions persist, enlarging the attack surface. This degrades confidentiality and integrity.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "IAM Access Analyzer in account 211203495394 is not enabled.", - "metadata": { - "event_code": "accessanalyzer_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "IAM Access Analyzer in account 211203495394 is not enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "identity-access", - "trust-boundaries" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-manage-external.html", - "https://aws.amazon.com/iam/access-analyzer/", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/API_CreateAnalyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-external.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/Welcome.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-internal.html" - ], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-01.04B", - "IAM-06.01AC", - "IAM-10.01B", - "IAM-10.02B", - "INQ-04.01AC", - "PSS-08.03B", - "PSS-09.01AC" - ], - "CIS-3.0": [ - "1.20" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.20" - ], - "CIS-5.0": [ - "1.19" - ], - "CIS-1.4": [ - "1.20" - ], - "CCC": [ - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN05.AR04" - ], - "ProwlerThreatScore-1.0": [ - "1.2.6" - ], - "CIS-1.5": [ - "1.20" - ], - "ISO27001-2022": [ - "A.8.3" - ], - "AWS-Account-Security-Onboarding": [ - "Enabled security services", - "Create analyzers in each active regions", - "Verify that events are present in SecurityHub aggregated view" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-2.0": [ - "1.20" - ], - "NIS2": [ - "3.2.3.e", - "11.1.1", - "11.2.1", - "11.2.2.e" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "**IAM Access Analyzer** presence and status are evaluated per account and Region. An analyzer in `ACTIVE` state indicates continuous analysis of supported resources and IAM activity to identify external, internal, and unused access.", - "title": "IAM Access Analyzer is enabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices" - ], - "uid": "prowler-aws-accessanalyzer_enabled-211203495394-ap-northeast-3-analyzer/unknown" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-northeast-3", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:accessanalyzer:ap-northeast-3:211203495394:analyzer/unknown", - "name": "analyzer/unknown", - "status": "NOT_AVAILABLE", - "findings": [], - "tags": [], - "type": "", - "region": "ap-northeast-3" - } - }, - "group": { - "name": "accessanalyzer" - }, - "labels": [], - "name": "analyzer/unknown", - "type": "Other", - "uid": "arn:aws:accessanalyzer:ap-northeast-3:211203495394:analyzer/unknown" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-northeast-3" - }, - "remediation": { - "desc": "Enable **IAM Access Analyzer** across all accounts and active Regions (*or organization-wide*). Operate on least privilege: continuously review findings, remove unintended access, and trim unused permissions. Use archive rules sparingly, integrate reviews into change/CI/CD workflows, and enforce separation of duties on policy changes.", - "references": [ - "https://hub.prowler.com/check/accessanalyzer_enabled" - ] - }, - "risk_details": "Without an active analyzer, visibility into unintended public, cross-account, or risky internal access is lost. Adversaries can exploit exposed S3, snapshots, KMS keys, or permissive role trusts for data exfiltration and escalation. Unused permissions persist, enlarging the attack surface. This degrades confidentiality and integrity.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "IAM Access Analyzer in account 211203495394 is not enabled.", - "metadata": { - "event_code": "accessanalyzer_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "IAM Access Analyzer in account 211203495394 is not enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "identity-access", - "trust-boundaries" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-manage-external.html", - "https://aws.amazon.com/iam/access-analyzer/", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/API_CreateAnalyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-external.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/Welcome.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-internal.html" - ], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-01.04B", - "IAM-06.01AC", - "IAM-10.01B", - "IAM-10.02B", - "INQ-04.01AC", - "PSS-08.03B", - "PSS-09.01AC" - ], - "CIS-3.0": [ - "1.20" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.20" - ], - "CIS-5.0": [ - "1.19" - ], - "CIS-1.4": [ - "1.20" - ], - "CCC": [ - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN05.AR04" - ], - "ProwlerThreatScore-1.0": [ - "1.2.6" - ], - "CIS-1.5": [ - "1.20" - ], - "ISO27001-2022": [ - "A.8.3" - ], - "AWS-Account-Security-Onboarding": [ - "Enabled security services", - "Create analyzers in each active regions", - "Verify that events are present in SecurityHub aggregated view" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-2.0": [ - "1.20" - ], - "NIS2": [ - "3.2.3.e", - "11.1.1", - "11.2.1", - "11.2.2.e" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "**IAM Access Analyzer** presence and status are evaluated per account and Region. An analyzer in `ACTIVE` state indicates continuous analysis of supported resources and IAM activity to identify external, internal, and unused access.", - "title": "IAM Access Analyzer is enabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices" - ], - "uid": "prowler-aws-accessanalyzer_enabled-211203495394-ap-south-1-analyzer/unknown" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-south-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:accessanalyzer:ap-south-1:211203495394:analyzer/unknown", - "name": "analyzer/unknown", - "status": "NOT_AVAILABLE", - "findings": [], - "tags": [], - "type": "", - "region": "ap-south-1" - } - }, - "group": { - "name": "accessanalyzer" - }, - "labels": [], - "name": "analyzer/unknown", - "type": "Other", - "uid": "arn:aws:accessanalyzer:ap-south-1:211203495394:analyzer/unknown" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-south-1" - }, - "remediation": { - "desc": "Enable **IAM Access Analyzer** across all accounts and active Regions (*or organization-wide*). Operate on least privilege: continuously review findings, remove unintended access, and trim unused permissions. Use archive rules sparingly, integrate reviews into change/CI/CD workflows, and enforce separation of duties on policy changes.", - "references": [ - "https://hub.prowler.com/check/accessanalyzer_enabled" - ] - }, - "risk_details": "Without an active analyzer, visibility into unintended public, cross-account, or risky internal access is lost. Adversaries can exploit exposed S3, snapshots, KMS keys, or permissive role trusts for data exfiltration and escalation. Unused permissions persist, enlarging the attack surface. This degrades confidentiality and integrity.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "IAM Access Analyzer in account 211203495394 is not enabled.", - "metadata": { - "event_code": "accessanalyzer_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "IAM Access Analyzer in account 211203495394 is not enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "identity-access", - "trust-boundaries" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-manage-external.html", - "https://aws.amazon.com/iam/access-analyzer/", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/API_CreateAnalyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-external.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/Welcome.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-internal.html" - ], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-01.04B", - "IAM-06.01AC", - "IAM-10.01B", - "IAM-10.02B", - "INQ-04.01AC", - "PSS-08.03B", - "PSS-09.01AC" - ], - "CIS-3.0": [ - "1.20" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.20" - ], - "CIS-5.0": [ - "1.19" - ], - "CIS-1.4": [ - "1.20" - ], - "CCC": [ - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN05.AR04" - ], - "ProwlerThreatScore-1.0": [ - "1.2.6" - ], - "CIS-1.5": [ - "1.20" - ], - "ISO27001-2022": [ - "A.8.3" - ], - "AWS-Account-Security-Onboarding": [ - "Enabled security services", - "Create analyzers in each active regions", - "Verify that events are present in SecurityHub aggregated view" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-2.0": [ - "1.20" - ], - "NIS2": [ - "3.2.3.e", - "11.1.1", - "11.2.1", - "11.2.2.e" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "**IAM Access Analyzer** presence and status are evaluated per account and Region. An analyzer in `ACTIVE` state indicates continuous analysis of supported resources and IAM activity to identify external, internal, and unused access.", - "title": "IAM Access Analyzer is enabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices" - ], - "uid": "prowler-aws-accessanalyzer_enabled-211203495394-ap-southeast-1-analyzer/unknown" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-southeast-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:accessanalyzer:ap-southeast-1:211203495394:analyzer/unknown", - "name": "analyzer/unknown", - "status": "NOT_AVAILABLE", - "findings": [], - "tags": [], - "type": "", - "region": "ap-southeast-1" - } - }, - "group": { - "name": "accessanalyzer" - }, - "labels": [], - "name": "analyzer/unknown", - "type": "Other", - "uid": "arn:aws:accessanalyzer:ap-southeast-1:211203495394:analyzer/unknown" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-southeast-1" - }, - "remediation": { - "desc": "Enable **IAM Access Analyzer** across all accounts and active Regions (*or organization-wide*). Operate on least privilege: continuously review findings, remove unintended access, and trim unused permissions. Use archive rules sparingly, integrate reviews into change/CI/CD workflows, and enforce separation of duties on policy changes.", - "references": [ - "https://hub.prowler.com/check/accessanalyzer_enabled" - ] - }, - "risk_details": "Without an active analyzer, visibility into unintended public, cross-account, or risky internal access is lost. Adversaries can exploit exposed S3, snapshots, KMS keys, or permissive role trusts for data exfiltration and escalation. Unused permissions persist, enlarging the attack surface. This degrades confidentiality and integrity.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "IAM Access Analyzer in account 211203495394 is not enabled.", - "metadata": { - "event_code": "accessanalyzer_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "IAM Access Analyzer in account 211203495394 is not enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "identity-access", - "trust-boundaries" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-manage-external.html", - "https://aws.amazon.com/iam/access-analyzer/", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/API_CreateAnalyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-external.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/Welcome.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-internal.html" - ], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-01.04B", - "IAM-06.01AC", - "IAM-10.01B", - "IAM-10.02B", - "INQ-04.01AC", - "PSS-08.03B", - "PSS-09.01AC" - ], - "CIS-3.0": [ - "1.20" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.20" - ], - "CIS-5.0": [ - "1.19" - ], - "CIS-1.4": [ - "1.20" - ], - "CCC": [ - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN05.AR04" - ], - "ProwlerThreatScore-1.0": [ - "1.2.6" - ], - "CIS-1.5": [ - "1.20" - ], - "ISO27001-2022": [ - "A.8.3" - ], - "AWS-Account-Security-Onboarding": [ - "Enabled security services", - "Create analyzers in each active regions", - "Verify that events are present in SecurityHub aggregated view" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-2.0": [ - "1.20" - ], - "NIS2": [ - "3.2.3.e", - "11.1.1", - "11.2.1", - "11.2.2.e" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "**IAM Access Analyzer** presence and status are evaluated per account and Region. An analyzer in `ACTIVE` state indicates continuous analysis of supported resources and IAM activity to identify external, internal, and unused access.", - "title": "IAM Access Analyzer is enabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices" - ], - "uid": "prowler-aws-accessanalyzer_enabled-211203495394-ap-southeast-2-analyzer/unknown" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-southeast-2", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:accessanalyzer:ap-southeast-2:211203495394:analyzer/unknown", - "name": "analyzer/unknown", - "status": "NOT_AVAILABLE", - "findings": [], - "tags": [], - "type": "", - "region": "ap-southeast-2" - } - }, - "group": { - "name": "accessanalyzer" - }, - "labels": [], - "name": "analyzer/unknown", - "type": "Other", - "uid": "arn:aws:accessanalyzer:ap-southeast-2:211203495394:analyzer/unknown" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-southeast-2" - }, - "remediation": { - "desc": "Enable **IAM Access Analyzer** across all accounts and active Regions (*or organization-wide*). Operate on least privilege: continuously review findings, remove unintended access, and trim unused permissions. Use archive rules sparingly, integrate reviews into change/CI/CD workflows, and enforce separation of duties on policy changes.", - "references": [ - "https://hub.prowler.com/check/accessanalyzer_enabled" - ] - }, - "risk_details": "Without an active analyzer, visibility into unintended public, cross-account, or risky internal access is lost. Adversaries can exploit exposed S3, snapshots, KMS keys, or permissive role trusts for data exfiltration and escalation. Unused permissions persist, enlarging the attack surface. This degrades confidentiality and integrity.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "IAM Access Analyzer in account 211203495394 is not enabled.", - "metadata": { - "event_code": "accessanalyzer_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "IAM Access Analyzer in account 211203495394 is not enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "identity-access", - "trust-boundaries" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-manage-external.html", - "https://aws.amazon.com/iam/access-analyzer/", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/API_CreateAnalyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-external.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/Welcome.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-internal.html" - ], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-01.04B", - "IAM-06.01AC", - "IAM-10.01B", - "IAM-10.02B", - "INQ-04.01AC", - "PSS-08.03B", - "PSS-09.01AC" - ], - "CIS-3.0": [ - "1.20" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.20" - ], - "CIS-5.0": [ - "1.19" - ], - "CIS-1.4": [ - "1.20" - ], - "CCC": [ - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN05.AR04" - ], - "ProwlerThreatScore-1.0": [ - "1.2.6" - ], - "CIS-1.5": [ - "1.20" - ], - "ISO27001-2022": [ - "A.8.3" - ], - "AWS-Account-Security-Onboarding": [ - "Enabled security services", - "Create analyzers in each active regions", - "Verify that events are present in SecurityHub aggregated view" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-2.0": [ - "1.20" - ], - "NIS2": [ - "3.2.3.e", - "11.1.1", - "11.2.1", - "11.2.2.e" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "**IAM Access Analyzer** presence and status are evaluated per account and Region. An analyzer in `ACTIVE` state indicates continuous analysis of supported resources and IAM activity to identify external, internal, and unused access.", - "title": "IAM Access Analyzer is enabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices" - ], - "uid": "prowler-aws-accessanalyzer_enabled-211203495394-ca-central-1-analyzer/unknown" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ca-central-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:accessanalyzer:ca-central-1:211203495394:analyzer/unknown", - "name": "analyzer/unknown", - "status": "NOT_AVAILABLE", - "findings": [], - "tags": [], - "type": "", - "region": "ca-central-1" - } - }, - "group": { - "name": "accessanalyzer" - }, - "labels": [], - "name": "analyzer/unknown", - "type": "Other", - "uid": "arn:aws:accessanalyzer:ca-central-1:211203495394:analyzer/unknown" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ca-central-1" - }, - "remediation": { - "desc": "Enable **IAM Access Analyzer** across all accounts and active Regions (*or organization-wide*). Operate on least privilege: continuously review findings, remove unintended access, and trim unused permissions. Use archive rules sparingly, integrate reviews into change/CI/CD workflows, and enforce separation of duties on policy changes.", - "references": [ - "https://hub.prowler.com/check/accessanalyzer_enabled" - ] - }, - "risk_details": "Without an active analyzer, visibility into unintended public, cross-account, or risky internal access is lost. Adversaries can exploit exposed S3, snapshots, KMS keys, or permissive role trusts for data exfiltration and escalation. Unused permissions persist, enlarging the attack surface. This degrades confidentiality and integrity.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "IAM Access Analyzer in account 211203495394 is not enabled.", - "metadata": { - "event_code": "accessanalyzer_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "IAM Access Analyzer in account 211203495394 is not enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "identity-access", - "trust-boundaries" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-manage-external.html", - "https://aws.amazon.com/iam/access-analyzer/", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/API_CreateAnalyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-external.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/Welcome.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-internal.html" - ], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-01.04B", - "IAM-06.01AC", - "IAM-10.01B", - "IAM-10.02B", - "INQ-04.01AC", - "PSS-08.03B", - "PSS-09.01AC" - ], - "CIS-3.0": [ - "1.20" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.20" - ], - "CIS-5.0": [ - "1.19" - ], - "CIS-1.4": [ - "1.20" - ], - "CCC": [ - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN05.AR04" - ], - "ProwlerThreatScore-1.0": [ - "1.2.6" - ], - "CIS-1.5": [ - "1.20" - ], - "ISO27001-2022": [ - "A.8.3" - ], - "AWS-Account-Security-Onboarding": [ - "Enabled security services", - "Create analyzers in each active regions", - "Verify that events are present in SecurityHub aggregated view" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-2.0": [ - "1.20" - ], - "NIS2": [ - "3.2.3.e", - "11.1.1", - "11.2.1", - "11.2.2.e" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "**IAM Access Analyzer** presence and status are evaluated per account and Region. An analyzer in `ACTIVE` state indicates continuous analysis of supported resources and IAM activity to identify external, internal, and unused access.", - "title": "IAM Access Analyzer is enabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices" - ], - "uid": "prowler-aws-accessanalyzer_enabled-211203495394-eu-central-1-analyzer/unknown" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-central-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:accessanalyzer:eu-central-1:211203495394:analyzer/unknown", - "name": "analyzer/unknown", - "status": "NOT_AVAILABLE", - "findings": [], - "tags": [], - "type": "", - "region": "eu-central-1" - } - }, - "group": { - "name": "accessanalyzer" - }, - "labels": [], - "name": "analyzer/unknown", - "type": "Other", - "uid": "arn:aws:accessanalyzer:eu-central-1:211203495394:analyzer/unknown" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-central-1" - }, - "remediation": { - "desc": "Enable **IAM Access Analyzer** across all accounts and active Regions (*or organization-wide*). Operate on least privilege: continuously review findings, remove unintended access, and trim unused permissions. Use archive rules sparingly, integrate reviews into change/CI/CD workflows, and enforce separation of duties on policy changes.", - "references": [ - "https://hub.prowler.com/check/accessanalyzer_enabled" - ] - }, - "risk_details": "Without an active analyzer, visibility into unintended public, cross-account, or risky internal access is lost. Adversaries can exploit exposed S3, snapshots, KMS keys, or permissive role trusts for data exfiltration and escalation. Unused permissions persist, enlarging the attack surface. This degrades confidentiality and integrity.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "IAM Access Analyzer in account 211203495394 is not enabled.", - "metadata": { - "event_code": "accessanalyzer_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "IAM Access Analyzer in account 211203495394 is not enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "identity-access", - "trust-boundaries" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-manage-external.html", - "https://aws.amazon.com/iam/access-analyzer/", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/API_CreateAnalyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-external.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/Welcome.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-internal.html" - ], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-01.04B", - "IAM-06.01AC", - "IAM-10.01B", - "IAM-10.02B", - "INQ-04.01AC", - "PSS-08.03B", - "PSS-09.01AC" - ], - "CIS-3.0": [ - "1.20" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.20" - ], - "CIS-5.0": [ - "1.19" - ], - "CIS-1.4": [ - "1.20" - ], - "CCC": [ - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN05.AR04" - ], - "ProwlerThreatScore-1.0": [ - "1.2.6" - ], - "CIS-1.5": [ - "1.20" - ], - "ISO27001-2022": [ - "A.8.3" - ], - "AWS-Account-Security-Onboarding": [ - "Enabled security services", - "Create analyzers in each active regions", - "Verify that events are present in SecurityHub aggregated view" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-2.0": [ - "1.20" - ], - "NIS2": [ - "3.2.3.e", - "11.1.1", - "11.2.1", - "11.2.2.e" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "**IAM Access Analyzer** presence and status are evaluated per account and Region. An analyzer in `ACTIVE` state indicates continuous analysis of supported resources and IAM activity to identify external, internal, and unused access.", - "title": "IAM Access Analyzer is enabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices" - ], - "uid": "prowler-aws-accessanalyzer_enabled-211203495394-eu-north-1-analyzer/unknown" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-north-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:accessanalyzer:eu-north-1:211203495394:analyzer/unknown", - "name": "analyzer/unknown", - "status": "NOT_AVAILABLE", - "findings": [], - "tags": [], - "type": "", - "region": "eu-north-1" - } - }, - "group": { - "name": "accessanalyzer" - }, - "labels": [], - "name": "analyzer/unknown", - "type": "Other", - "uid": "arn:aws:accessanalyzer:eu-north-1:211203495394:analyzer/unknown" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-north-1" - }, - "remediation": { - "desc": "Enable **IAM Access Analyzer** across all accounts and active Regions (*or organization-wide*). Operate on least privilege: continuously review findings, remove unintended access, and trim unused permissions. Use archive rules sparingly, integrate reviews into change/CI/CD workflows, and enforce separation of duties on policy changes.", - "references": [ - "https://hub.prowler.com/check/accessanalyzer_enabled" - ] - }, - "risk_details": "Without an active analyzer, visibility into unintended public, cross-account, or risky internal access is lost. Adversaries can exploit exposed S3, snapshots, KMS keys, or permissive role trusts for data exfiltration and escalation. Unused permissions persist, enlarging the attack surface. This degrades confidentiality and integrity.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "IAM Access Analyzer in account 211203495394 is not enabled.", - "metadata": { - "event_code": "accessanalyzer_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "IAM Access Analyzer in account 211203495394 is not enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "identity-access", - "trust-boundaries" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-manage-external.html", - "https://aws.amazon.com/iam/access-analyzer/", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/API_CreateAnalyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-external.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/Welcome.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-internal.html" - ], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-01.04B", - "IAM-06.01AC", - "IAM-10.01B", - "IAM-10.02B", - "INQ-04.01AC", - "PSS-08.03B", - "PSS-09.01AC" - ], - "CIS-3.0": [ - "1.20" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.20" - ], - "CIS-5.0": [ - "1.19" - ], - "CIS-1.4": [ - "1.20" - ], - "CCC": [ - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN05.AR04" - ], - "ProwlerThreatScore-1.0": [ - "1.2.6" - ], - "CIS-1.5": [ - "1.20" - ], - "ISO27001-2022": [ - "A.8.3" - ], - "AWS-Account-Security-Onboarding": [ - "Enabled security services", - "Create analyzers in each active regions", - "Verify that events are present in SecurityHub aggregated view" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-2.0": [ - "1.20" - ], - "NIS2": [ - "3.2.3.e", - "11.1.1", - "11.2.1", - "11.2.2.e" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "**IAM Access Analyzer** presence and status are evaluated per account and Region. An analyzer in `ACTIVE` state indicates continuous analysis of supported resources and IAM activity to identify external, internal, and unused access.", - "title": "IAM Access Analyzer is enabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices" - ], - "uid": "prowler-aws-accessanalyzer_enabled-211203495394-eu-west-1-analyzer/unknown" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:accessanalyzer:eu-west-1:211203495394:analyzer/unknown", - "name": "analyzer/unknown", - "status": "NOT_AVAILABLE", - "findings": [], - "tags": [], - "type": "", - "region": "eu-west-1" - } - }, - "group": { - "name": "accessanalyzer" - }, - "labels": [], - "name": "analyzer/unknown", - "type": "Other", - "uid": "arn:aws:accessanalyzer:eu-west-1:211203495394:analyzer/unknown" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Enable **IAM Access Analyzer** across all accounts and active Regions (*or organization-wide*). Operate on least privilege: continuously review findings, remove unintended access, and trim unused permissions. Use archive rules sparingly, integrate reviews into change/CI/CD workflows, and enforce separation of duties on policy changes.", - "references": [ - "https://hub.prowler.com/check/accessanalyzer_enabled" - ] - }, - "risk_details": "Without an active analyzer, visibility into unintended public, cross-account, or risky internal access is lost. Adversaries can exploit exposed S3, snapshots, KMS keys, or permissive role trusts for data exfiltration and escalation. Unused permissions persist, enlarging the attack surface. This degrades confidentiality and integrity.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "IAM Access Analyzer in account 211203495394 is not enabled.", - "metadata": { - "event_code": "accessanalyzer_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "IAM Access Analyzer in account 211203495394 is not enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "identity-access", - "trust-boundaries" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-manage-external.html", - "https://aws.amazon.com/iam/access-analyzer/", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/API_CreateAnalyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-external.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/Welcome.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-internal.html" - ], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-01.04B", - "IAM-06.01AC", - "IAM-10.01B", - "IAM-10.02B", - "INQ-04.01AC", - "PSS-08.03B", - "PSS-09.01AC" - ], - "CIS-3.0": [ - "1.20" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.20" - ], - "CIS-5.0": [ - "1.19" - ], - "CIS-1.4": [ - "1.20" - ], - "CCC": [ - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN05.AR04" - ], - "ProwlerThreatScore-1.0": [ - "1.2.6" - ], - "CIS-1.5": [ - "1.20" - ], - "ISO27001-2022": [ - "A.8.3" - ], - "AWS-Account-Security-Onboarding": [ - "Enabled security services", - "Create analyzers in each active regions", - "Verify that events are present in SecurityHub aggregated view" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-2.0": [ - "1.20" - ], - "NIS2": [ - "3.2.3.e", - "11.1.1", - "11.2.1", - "11.2.2.e" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "**IAM Access Analyzer** presence and status are evaluated per account and Region. An analyzer in `ACTIVE` state indicates continuous analysis of supported resources and IAM activity to identify external, internal, and unused access.", - "title": "IAM Access Analyzer is enabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices" - ], - "uid": "prowler-aws-accessanalyzer_enabled-211203495394-eu-west-2-analyzer/unknown" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-2", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:accessanalyzer:eu-west-2:211203495394:analyzer/unknown", - "name": "analyzer/unknown", - "status": "NOT_AVAILABLE", - "findings": [], - "tags": [], - "type": "", - "region": "eu-west-2" - } - }, - "group": { - "name": "accessanalyzer" - }, - "labels": [], - "name": "analyzer/unknown", - "type": "Other", - "uid": "arn:aws:accessanalyzer:eu-west-2:211203495394:analyzer/unknown" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-2" - }, - "remediation": { - "desc": "Enable **IAM Access Analyzer** across all accounts and active Regions (*or organization-wide*). Operate on least privilege: continuously review findings, remove unintended access, and trim unused permissions. Use archive rules sparingly, integrate reviews into change/CI/CD workflows, and enforce separation of duties on policy changes.", - "references": [ - "https://hub.prowler.com/check/accessanalyzer_enabled" - ] - }, - "risk_details": "Without an active analyzer, visibility into unintended public, cross-account, or risky internal access is lost. Adversaries can exploit exposed S3, snapshots, KMS keys, or permissive role trusts for data exfiltration and escalation. Unused permissions persist, enlarging the attack surface. This degrades confidentiality and integrity.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "IAM Access Analyzer in account 211203495394 is not enabled.", - "metadata": { - "event_code": "accessanalyzer_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "IAM Access Analyzer in account 211203495394 is not enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "identity-access", - "trust-boundaries" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-manage-external.html", - "https://aws.amazon.com/iam/access-analyzer/", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/API_CreateAnalyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-external.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/Welcome.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-internal.html" - ], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-01.04B", - "IAM-06.01AC", - "IAM-10.01B", - "IAM-10.02B", - "INQ-04.01AC", - "PSS-08.03B", - "PSS-09.01AC" - ], - "CIS-3.0": [ - "1.20" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.20" - ], - "CIS-5.0": [ - "1.19" - ], - "CIS-1.4": [ - "1.20" - ], - "CCC": [ - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN05.AR04" - ], - "ProwlerThreatScore-1.0": [ - "1.2.6" - ], - "CIS-1.5": [ - "1.20" - ], - "ISO27001-2022": [ - "A.8.3" - ], - "AWS-Account-Security-Onboarding": [ - "Enabled security services", - "Create analyzers in each active regions", - "Verify that events are present in SecurityHub aggregated view" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-2.0": [ - "1.20" - ], - "NIS2": [ - "3.2.3.e", - "11.1.1", - "11.2.1", - "11.2.2.e" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "**IAM Access Analyzer** presence and status are evaluated per account and Region. An analyzer in `ACTIVE` state indicates continuous analysis of supported resources and IAM activity to identify external, internal, and unused access.", - "title": "IAM Access Analyzer is enabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices" - ], - "uid": "prowler-aws-accessanalyzer_enabled-211203495394-eu-west-3-analyzer/unknown" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-3", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:accessanalyzer:eu-west-3:211203495394:analyzer/unknown", - "name": "analyzer/unknown", - "status": "NOT_AVAILABLE", - "findings": [], - "tags": [], - "type": "", - "region": "eu-west-3" - } - }, - "group": { - "name": "accessanalyzer" - }, - "labels": [], - "name": "analyzer/unknown", - "type": "Other", - "uid": "arn:aws:accessanalyzer:eu-west-3:211203495394:analyzer/unknown" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-3" - }, - "remediation": { - "desc": "Enable **IAM Access Analyzer** across all accounts and active Regions (*or organization-wide*). Operate on least privilege: continuously review findings, remove unintended access, and trim unused permissions. Use archive rules sparingly, integrate reviews into change/CI/CD workflows, and enforce separation of duties on policy changes.", - "references": [ - "https://hub.prowler.com/check/accessanalyzer_enabled" - ] - }, - "risk_details": "Without an active analyzer, visibility into unintended public, cross-account, or risky internal access is lost. Adversaries can exploit exposed S3, snapshots, KMS keys, or permissive role trusts for data exfiltration and escalation. Unused permissions persist, enlarging the attack surface. This degrades confidentiality and integrity.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "IAM Access Analyzer in account 211203495394 is not enabled.", - "metadata": { - "event_code": "accessanalyzer_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "IAM Access Analyzer in account 211203495394 is not enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "identity-access", - "trust-boundaries" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-manage-external.html", - "https://aws.amazon.com/iam/access-analyzer/", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/API_CreateAnalyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-external.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/Welcome.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-internal.html" - ], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-01.04B", - "IAM-06.01AC", - "IAM-10.01B", - "IAM-10.02B", - "INQ-04.01AC", - "PSS-08.03B", - "PSS-09.01AC" - ], - "CIS-3.0": [ - "1.20" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.20" - ], - "CIS-5.0": [ - "1.19" - ], - "CIS-1.4": [ - "1.20" - ], - "CCC": [ - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN05.AR04" - ], - "ProwlerThreatScore-1.0": [ - "1.2.6" - ], - "CIS-1.5": [ - "1.20" - ], - "ISO27001-2022": [ - "A.8.3" - ], - "AWS-Account-Security-Onboarding": [ - "Enabled security services", - "Create analyzers in each active regions", - "Verify that events are present in SecurityHub aggregated view" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-2.0": [ - "1.20" - ], - "NIS2": [ - "3.2.3.e", - "11.1.1", - "11.2.1", - "11.2.2.e" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "**IAM Access Analyzer** presence and status are evaluated per account and Region. An analyzer in `ACTIVE` state indicates continuous analysis of supported resources and IAM activity to identify external, internal, and unused access.", - "title": "IAM Access Analyzer is enabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices" - ], - "uid": "prowler-aws-accessanalyzer_enabled-211203495394-sa-east-1-analyzer/unknown" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "sa-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:accessanalyzer:sa-east-1:211203495394:analyzer/unknown", - "name": "analyzer/unknown", - "status": "NOT_AVAILABLE", - "findings": [], - "tags": [], - "type": "", - "region": "sa-east-1" - } - }, - "group": { - "name": "accessanalyzer" - }, - "labels": [], - "name": "analyzer/unknown", - "type": "Other", - "uid": "arn:aws:accessanalyzer:sa-east-1:211203495394:analyzer/unknown" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "sa-east-1" - }, - "remediation": { - "desc": "Enable **IAM Access Analyzer** across all accounts and active Regions (*or organization-wide*). Operate on least privilege: continuously review findings, remove unintended access, and trim unused permissions. Use archive rules sparingly, integrate reviews into change/CI/CD workflows, and enforce separation of duties on policy changes.", - "references": [ - "https://hub.prowler.com/check/accessanalyzer_enabled" - ] - }, - "risk_details": "Without an active analyzer, visibility into unintended public, cross-account, or risky internal access is lost. Adversaries can exploit exposed S3, snapshots, KMS keys, or permissive role trusts for data exfiltration and escalation. Unused permissions persist, enlarging the attack surface. This degrades confidentiality and integrity.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "IAM Access Analyzer in account 211203495394 is not enabled.", - "metadata": { - "event_code": "accessanalyzer_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "IAM Access Analyzer in account 211203495394 is not enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "identity-access", - "trust-boundaries" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-manage-external.html", - "https://aws.amazon.com/iam/access-analyzer/", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/API_CreateAnalyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-external.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/Welcome.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-internal.html" - ], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-01.04B", - "IAM-06.01AC", - "IAM-10.01B", - "IAM-10.02B", - "INQ-04.01AC", - "PSS-08.03B", - "PSS-09.01AC" - ], - "CIS-3.0": [ - "1.20" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.20" - ], - "CIS-5.0": [ - "1.19" - ], - "CIS-1.4": [ - "1.20" - ], - "CCC": [ - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN05.AR04" - ], - "ProwlerThreatScore-1.0": [ - "1.2.6" - ], - "CIS-1.5": [ - "1.20" - ], - "ISO27001-2022": [ - "A.8.3" - ], - "AWS-Account-Security-Onboarding": [ - "Enabled security services", - "Create analyzers in each active regions", - "Verify that events are present in SecurityHub aggregated view" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-2.0": [ - "1.20" - ], - "NIS2": [ - "3.2.3.e", - "11.1.1", - "11.2.1", - "11.2.2.e" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "**IAM Access Analyzer** presence and status are evaluated per account and Region. An analyzer in `ACTIVE` state indicates continuous analysis of supported resources and IAM activity to identify external, internal, and unused access.", - "title": "IAM Access Analyzer is enabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices" - ], - "uid": "prowler-aws-accessanalyzer_enabled-211203495394-us-east-1-analyzer/unknown" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:accessanalyzer:us-east-1:211203495394:analyzer/unknown", - "name": "analyzer/unknown", - "status": "NOT_AVAILABLE", - "findings": [], - "tags": [], - "type": "", - "region": "us-east-1" - } - }, - "group": { - "name": "accessanalyzer" - }, - "labels": [], - "name": "analyzer/unknown", - "type": "Other", - "uid": "arn:aws:accessanalyzer:us-east-1:211203495394:analyzer/unknown" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Enable **IAM Access Analyzer** across all accounts and active Regions (*or organization-wide*). Operate on least privilege: continuously review findings, remove unintended access, and trim unused permissions. Use archive rules sparingly, integrate reviews into change/CI/CD workflows, and enforce separation of duties on policy changes.", - "references": [ - "https://hub.prowler.com/check/accessanalyzer_enabled" - ] - }, - "risk_details": "Without an active analyzer, visibility into unintended public, cross-account, or risky internal access is lost. Adversaries can exploit exposed S3, snapshots, KMS keys, or permissive role trusts for data exfiltration and escalation. Unused permissions persist, enlarging the attack surface. This degrades confidentiality and integrity.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "IAM Access Analyzer in account 211203495394 is not enabled.", - "metadata": { - "event_code": "accessanalyzer_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "IAM Access Analyzer in account 211203495394 is not enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "identity-access", - "trust-boundaries" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-manage-external.html", - "https://aws.amazon.com/iam/access-analyzer/", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/API_CreateAnalyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-external.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/Welcome.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-internal.html" - ], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-01.04B", - "IAM-06.01AC", - "IAM-10.01B", - "IAM-10.02B", - "INQ-04.01AC", - "PSS-08.03B", - "PSS-09.01AC" - ], - "CIS-3.0": [ - "1.20" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.20" - ], - "CIS-5.0": [ - "1.19" - ], - "CIS-1.4": [ - "1.20" - ], - "CCC": [ - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN05.AR04" - ], - "ProwlerThreatScore-1.0": [ - "1.2.6" - ], - "CIS-1.5": [ - "1.20" - ], - "ISO27001-2022": [ - "A.8.3" - ], - "AWS-Account-Security-Onboarding": [ - "Enabled security services", - "Create analyzers in each active regions", - "Verify that events are present in SecurityHub aggregated view" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-2.0": [ - "1.20" - ], - "NIS2": [ - "3.2.3.e", - "11.1.1", - "11.2.1", - "11.2.2.e" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "**IAM Access Analyzer** presence and status are evaluated per account and Region. An analyzer in `ACTIVE` state indicates continuous analysis of supported resources and IAM activity to identify external, internal, and unused access.", - "title": "IAM Access Analyzer is enabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices" - ], - "uid": "prowler-aws-accessanalyzer_enabled-211203495394-us-east-2-analyzer/unknown" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-2", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:accessanalyzer:us-east-2:211203495394:analyzer/unknown", - "name": "analyzer/unknown", - "status": "NOT_AVAILABLE", - "findings": [], - "tags": [], - "type": "", - "region": "us-east-2" - } - }, - "group": { - "name": "accessanalyzer" - }, - "labels": [], - "name": "analyzer/unknown", - "type": "Other", - "uid": "arn:aws:accessanalyzer:us-east-2:211203495394:analyzer/unknown" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-2" - }, - "remediation": { - "desc": "Enable **IAM Access Analyzer** across all accounts and active Regions (*or organization-wide*). Operate on least privilege: continuously review findings, remove unintended access, and trim unused permissions. Use archive rules sparingly, integrate reviews into change/CI/CD workflows, and enforce separation of duties on policy changes.", - "references": [ - "https://hub.prowler.com/check/accessanalyzer_enabled" - ] - }, - "risk_details": "Without an active analyzer, visibility into unintended public, cross-account, or risky internal access is lost. Adversaries can exploit exposed S3, snapshots, KMS keys, or permissive role trusts for data exfiltration and escalation. Unused permissions persist, enlarging the attack surface. This degrades confidentiality and integrity.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "IAM Access Analyzer in account 211203495394 is not enabled.", - "metadata": { - "event_code": "accessanalyzer_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "IAM Access Analyzer in account 211203495394 is not enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "identity-access", - "trust-boundaries" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-manage-external.html", - "https://aws.amazon.com/iam/access-analyzer/", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/API_CreateAnalyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-external.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/Welcome.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-internal.html" - ], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-01.04B", - "IAM-06.01AC", - "IAM-10.01B", - "IAM-10.02B", - "INQ-04.01AC", - "PSS-08.03B", - "PSS-09.01AC" - ], - "CIS-3.0": [ - "1.20" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.20" - ], - "CIS-5.0": [ - "1.19" - ], - "CIS-1.4": [ - "1.20" - ], - "CCC": [ - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN05.AR04" - ], - "ProwlerThreatScore-1.0": [ - "1.2.6" - ], - "CIS-1.5": [ - "1.20" - ], - "ISO27001-2022": [ - "A.8.3" - ], - "AWS-Account-Security-Onboarding": [ - "Enabled security services", - "Create analyzers in each active regions", - "Verify that events are present in SecurityHub aggregated view" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-2.0": [ - "1.20" - ], - "NIS2": [ - "3.2.3.e", - "11.1.1", - "11.2.1", - "11.2.2.e" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "**IAM Access Analyzer** presence and status are evaluated per account and Region. An analyzer in `ACTIVE` state indicates continuous analysis of supported resources and IAM activity to identify external, internal, and unused access.", - "title": "IAM Access Analyzer is enabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices" - ], - "uid": "prowler-aws-accessanalyzer_enabled-211203495394-us-west-1-analyzer/unknown" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:accessanalyzer:us-west-1:211203495394:analyzer/unknown", - "name": "analyzer/unknown", - "status": "NOT_AVAILABLE", - "findings": [], - "tags": [], - "type": "", - "region": "us-west-1" - } - }, - "group": { - "name": "accessanalyzer" - }, - "labels": [], - "name": "analyzer/unknown", - "type": "Other", - "uid": "arn:aws:accessanalyzer:us-west-1:211203495394:analyzer/unknown" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-west-1" - }, - "remediation": { - "desc": "Enable **IAM Access Analyzer** across all accounts and active Regions (*or organization-wide*). Operate on least privilege: continuously review findings, remove unintended access, and trim unused permissions. Use archive rules sparingly, integrate reviews into change/CI/CD workflows, and enforce separation of duties on policy changes.", - "references": [ - "https://hub.prowler.com/check/accessanalyzer_enabled" - ] - }, - "risk_details": "Without an active analyzer, visibility into unintended public, cross-account, or risky internal access is lost. Adversaries can exploit exposed S3, snapshots, KMS keys, or permissive role trusts for data exfiltration and escalation. Unused permissions persist, enlarging the attack surface. This degrades confidentiality and integrity.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "IAM Access Analyzer in account 211203495394 is not enabled.", - "metadata": { - "event_code": "accessanalyzer_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "IAM Access Analyzer in account 211203495394 is not enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "identity-access", - "trust-boundaries" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-manage-external.html", - "https://aws.amazon.com/iam/access-analyzer/", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/API_CreateAnalyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-external.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/Welcome.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-internal.html" - ], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-01.04B", - "IAM-06.01AC", - "IAM-10.01B", - "IAM-10.02B", - "INQ-04.01AC", - "PSS-08.03B", - "PSS-09.01AC" - ], - "CIS-3.0": [ - "1.20" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.20" - ], - "CIS-5.0": [ - "1.19" - ], - "CIS-1.4": [ - "1.20" - ], - "CCC": [ - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN05.AR04" - ], - "ProwlerThreatScore-1.0": [ - "1.2.6" - ], - "CIS-1.5": [ - "1.20" - ], - "ISO27001-2022": [ - "A.8.3" - ], - "AWS-Account-Security-Onboarding": [ - "Enabled security services", - "Create analyzers in each active regions", - "Verify that events are present in SecurityHub aggregated view" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-2.0": [ - "1.20" - ], - "NIS2": [ - "3.2.3.e", - "11.1.1", - "11.2.1", - "11.2.2.e" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "**IAM Access Analyzer** presence and status are evaluated per account and Region. An analyzer in `ACTIVE` state indicates continuous analysis of supported resources and IAM activity to identify external, internal, and unused access.", - "title": "IAM Access Analyzer is enabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices" - ], - "uid": "prowler-aws-accessanalyzer_enabled-211203495394-us-west-2-analyzer/unknown" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-west-2", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:accessanalyzer:us-west-2:211203495394:analyzer/unknown", - "name": "analyzer/unknown", - "status": "NOT_AVAILABLE", - "findings": [], - "tags": [], - "type": "", - "region": "us-west-2" - } - }, - "group": { - "name": "accessanalyzer" - }, - "labels": [], - "name": "analyzer/unknown", - "type": "Other", - "uid": "arn:aws:accessanalyzer:us-west-2:211203495394:analyzer/unknown" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-west-2" - }, - "remediation": { - "desc": "Enable **IAM Access Analyzer** across all accounts and active Regions (*or organization-wide*). Operate on least privilege: continuously review findings, remove unintended access, and trim unused permissions. Use archive rules sparingly, integrate reviews into change/CI/CD workflows, and enforce separation of duties on policy changes.", - "references": [ - "https://hub.prowler.com/check/accessanalyzer_enabled" - ] - }, - "risk_details": "Without an active analyzer, visibility into unintended public, cross-account, or risky internal access is lost. Adversaries can exploit exposed S3, snapshots, KMS keys, or permissive role trusts for data exfiltration and escalation. Unused permissions persist, enlarging the attack surface. This degrades confidentiality and integrity.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Login to the AWS Console. Choose your account name on the top right of the window -> My Account -> Contact Information.", - "metadata": { - "event_code": "account_maintain_current_contact_details", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "MANUAL", - "status_detail": "Login to the AWS Console. Choose your account name on the top right of the window -> My Account -> Contact Information.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://docs.prowler.com/checks/aws/iam-policies/iam_18-maintain-contact-details#aws-console", - "https://repost.aws/knowledge-center/update-phone-number", - "https://support.stax.io/docs/accounts/update-aws-account-contact-details", - "https://maartenbruntink.nl/blog/2022/09/26/aws-account-hygiene-101-mass-updating-alternate-account-contacts/", - "https://docs.aws.amazon.com/security-ir/latest/userguide/update-account-contact-info.html", - "https://docs.aws.amazon.com/accounts/latest/reference/manage-acct-update-contact-primary.html", - "https://repost.aws/knowledge-center/add-update-billing-contact", - "https://aws.amazon.com/blogs/security/update-the-alternate-security-contact-across-your-aws-accounts-for-timely-security-notifications/", - "https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_update_contacts.html", - "https://docs.aws.amazon.com/accounts/latest/reference/manage-acct-update-contact-alternate.html" - ], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-03.01AS", - "IAM-06.06B", - "SSO-05.06B", - "SIM-01.03B", - "INQ-02.01B" - ], - "CIS-3.0": [ - "1.1" - ], - "ENS-RD2022": [ - "op.ext.7.aws.am.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2" - ], - "CIS-4.0.1": [ - "1.1" - ], - "CIS-5.0": [ - "1.1" - ], - "CIS-1.4": [ - "1.1" - ], - "CIS-1.5": [ - "1.1" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC03-BP03", - "SEC10-BP01" - ], - "ISO27001-2022": [ - "A.5.5" - ], - "AWS-Account-Security-Onboarding": [ - "Billing, emergency, security contacts" - ], - "KISA-ISMS-P-2023": [ - "2.10.2" - ], - "CIS-2.0": [ - "1.1" - ], - "NIS2": [ - "2.2.3", - "3.5.3.a", - "5.1.7.b" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "**AWS account contact information** is current for the **primary contact** and the **alternate contacts** for `security`, `billing`, and `operations`, with accurate email addresses and phone numbers.", - "title": "AWS account contact information is current", - "types": [ - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices" - ], - "uid": "prowler-aws-account_maintain_current_contact_details-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "account" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:iam::211203495394:root" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Adopt:\n- **Primary** and **alternate contacts** for `security`, `billing`, `operations`\n- Shared, monitored aliases and SMS-capable phone numbers (non-personal)\n- Centralized management across accounts with periodic reviews\n- **Least privilege** for who can modify contact data\n- Regular reachability tests and documented ownership", - "references": [ - "https://hub.prowler.com/check/account_maintain_current_contact_details" - ] - }, - "risk_details": "Outdated or single-person contacts delay **security notifications**, slow **incident response**, and complicate **account recovery**.\n\nAWS may throttle services during abuse mitigation, reducing **availability**. Missed alerts enable ongoing misuse, risking **data exfiltration** and unauthorized changes (**integrity**).", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "SECURITY, BILLING and OPERATIONS contacts not found or they are not different between each other and between ROOT contact.", - "metadata": { - "event_code": "account_maintain_different_contact_details_to_security_billing_and_operations", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "SECURITY, BILLING and OPERATIONS contacts not found or they are not different between each other and between ROOT contact.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "resilience" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/account_alternate_contact", - "https://docs.prowler.com/checks/aws/iam-policies/iam_18-maintain-contact-details#aws-console", - "https://docs.aws.amazon.com/accounts/latest/reference/manage-acct-update-contact-alternate.html", - "https://builder.aws.com/content/2qRw97fe8JFwfk2AbpJ3sYNpNvM/aws-bulk-update-alternate-contacts-across-organization", - "https://github.com/aws-samples/aws-account-alternate-contact-with-terraform", - "https://trendmicro.com/cloudoneconformity/knowledge-base/aws/IAM/account-security-alternate-contacts.html", - "https://repost.aws/articles/ARDFbpt-bvQ8iuErnqVVcCXQ/managing-aws-organization-alternate-contacts-via-csv" - ], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-04.03B", - "IAM-06.06B", - "SSO-05.06B", - "SIM-01.03B", - "INQ-02.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2" - ], - "ISO27001-2022": [ - "A.5.6" - ], - "KISA-ISMS-P-2023": [ - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "**AWS account alternate contacts** are defined for **Security**, **Billing**, and **Operations** with `name`, `email`, and `phone`. The finding evaluates that all three exist, are distinct from one another, and differ from the **primary (root) contact**.", - "title": "AWS account has distinct Security, Billing, and Operations contact details, different from each other and from the root contact", - "types": [ - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-account_maintain_different_contact_details_to_security_billing_and_operations-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "account" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:iam::211203495394:root" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Maintain distinct, monitored **Security**, **Billing**, and **Operations** alternate contacts that differ from the root contact.\n- Use team aliases and 24x7 phones\n- Review and test contact paths regularly\n- Centralize at org level for consistency\n\nApplies **operational resilience** and **separation of duties**.", - "references": [ - "https://hub.prowler.com/check/account_maintain_different_contact_details_to_security_billing_and_operations" - ] - }, - "risk_details": "Missing or shared contacts can delay response to abuse alerts, credential compromise, or billing anomalies, reducing **availability** (possible AWS traffic throttling) and raising **confidentiality** and **integrity** risk through extended exposure. If AWS cannot reach you, urgent mitigation may disrupt service.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Login to the AWS Console. Choose your account name on the top right of the window -> My Account -> Alternate Contacts -> Security Section.", - "metadata": { - "event_code": "account_security_contact_information_is_registered", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "MANUAL", - "status_detail": "Login to the AWS Console. Choose your account name on the top right of the window -> My Account -> Alternate Contacts -> Security Section.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/account_alternate_contact", - "https://docs.prowler.com/checks/aws/iam-policies/iam_19/", - "https://support.icompaas.com/support/solutions/articles/62000234161-1-2-ensure-security-contact-information-is-registered-manual-", - "https://www.plerion.com/cloud-knowledge-base/ensure-security-contact-information-is-registered", - "https://repost.aws/articles/ARDFbpt-bvQ8iuErnqVVcCXQ/managing-aws-organization-alternate-contacts-via-csv" - ], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-06.01B", - "SSO-05.06B", - "SIM-01.03B" - ], - "CIS-3.0": [ - "1.2" - ], - "ENS-RD2022": [ - "op.ext.7.aws.am.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2" - ], - "CIS-4.0.1": [ - "1.2" - ], - "PCI-4.0": [ - "A1.2.3.1" - ], - "CIS-5.0": [ - "1.2" - ], - "CIS-1.4": [ - "1.2" - ], - "AWS-Foundational-Security-Best-Practices": [ - "Account.1" - ], - "CIS-1.5": [ - "1.2" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC03-BP03", - "SEC10-BP01" - ], - "ISO27001-2022": [ - "A.5.5" - ], - "AWS-Account-Security-Onboarding": [ - "Billing, emergency, security contacts" - ], - "KISA-ISMS-P-2023": [ - "2.10.2" - ], - "CIS-2.0": [ - "1.2" - ], - "NIS2": [ - "1.1.1.a", - "1.2.3", - "2.2.1", - "3.1.2.d", - "3.5.3.a", - "5.1.7.b" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Account settings contain a **Security alternate contact** in Alternate Contacts (name, `EmailAddress`, `PhoneNumber`) for targeted AWS security notifications.", - "title": "AWS account has security alternate contact registered", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices" - ], - "uid": "prowler-aws-account_security_contact_information_is_registered-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "account" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:iam::211203495394:root" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Define and maintain a **Security alternate contact**:\n- Use a monitored alias (e.g., `security@domain`) and team phone\n- Apply to every account (prefer Org-wide automation)\n- Review after org/personnel changes and test delivery\n- Document ownership and escalation paths\nAlign with **incident response** and **least privilege** principles.", - "references": [ - "https://hub.prowler.com/check/account_security_contact_information_is_registered" - ] - }, - "risk_details": "Missing or outdated **security contact** can delay or prevent AWS advisories from reaching responders, increasing risk to:\n- Confidentiality: data exfiltration from undetected compromise\n- Integrity: unauthorized changes persist longer\n- Availability: resource abuse (e.g., cryptomining) and outages", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Login to the AWS Console as root. Choose your account name on the top right of the window -> My Account -> Configure Security Challenge Questions.", - "metadata": { - "event_code": "account_security_questions_are_registered_in_the_aws_account", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "MANUAL", - "status_detail": "Login to the AWS Console as root. Choose your account name on the top right of the window -> My Account -> Configure Security Challenge Questions.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://docs.prowler.com/checks/aws/iam-policies/iam_15", - "https://www.trendmicro.com/cloudoneconformity/knowledge-base/aws/IAM/security-challenge-questions.html" - ], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.3" - ], - "ENS-RD2022": [ - "op.ext.7.aws.am.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.3", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.3" - ], - "CIS-1.4": [ - "1.3" - ], - "CIS-1.5": [ - "1.3" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC03-BP03", - "SEC10-BP01" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.3", - "2.10.2" - ], - "CIS-2.0": [ - "1.3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "[DEPRECATED] **AWS account root** configuration may include legacy **security challenge questions** for support identity verification. This evaluates whether those questions are set on the account. *New configuration is discontinued by AWS and remaining support for this feature is time-limited.*", - "title": "[DEPRECATED] AWS root user has security challenge questions configured", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices" - ], - "uid": "prowler-aws-account_security_questions_are_registered_in_the_aws_account-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "account" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:iam::211203495394:root" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Favor stronger recovery instead of KBA:\n- Enforce **MFA for root** and minimize root use\n- Keep **alternate contacts** and root email current and protected\n- Establish a tightly controlled **break-glass role**, applying least privilege and separation of duties\n- Document and test recovery procedures; monitor root activity", - "references": [ - "https://hub.prowler.com/check/account_security_questions_are_registered_in_the_aws_account" - ] - }, - "risk_details": "Absence of these questions can limit support-assisted recovery if root credentials or MFA are lost, reducing **availability** and slowing **incident response**. Reliance on KBA also weakens **confidentiality** due to **social engineering**. Treat this as a recovery gap and adopt stronger, phishing-resistant factors.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No Backup Vault exist.", - "metadata": { - "event_code": "backup_vaults_exist", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "No Backup Vault exist.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "resilience" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://docs.aws.amazon.com/aws-backup/latest/devguide/vaults.html" - ], - "notes": "", - "compliance": { - "C5-2025": [ - "OPS-06.01B", - "OPS-07.01B", - "OPS-08.01B", - "OPS-09.02B", - "CRY-16.02B", - "DEV-11.02B", - "BCM-01.01B", - "BCM-01.02B", - "BCM-02.01B" - ], - "ENS-RD2022": [ - "mp.info.6.aws.bcku.1" - ], - "AWS-Foundational-Technical-Review": [ - "BAR-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.3", - "2.12.1" - ], - "CCC": [ - "CCC.Core.CN08.AR01", - "CCC.Core.CN14.AR02", - "CCC.Core.CN14.AR02" - ], - "ISO27001-2022": [ - "A.8.13" - ], - "KISA-ISMS-P-2023": [ - "2.9.3", - "2.12.1" - ], - "NIS2": [ - "3.6.2", - "4.1.2.f", - "4.1.2.g", - "4.2.2.b", - "4.2.2.e", - "12.1.2.c", - "12.2.2.b" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "**AWS Backup** in the account/region includes at least one **backup vault** that stores and organizes recovery points for use by backup plans and copies.", - "title": "At least one AWS Backup vault exists", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices" - ], - "uid": "prowler-aws-backup_vaults_exist-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "backup" - }, - "labels": [], - "name": "211203495394", - "type": "AwsBackupBackupVault", - "uid": "arn:aws:backup:us-east-1:211203495394:backup-vault" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Create and maintain a **backup vault** in each required region. Enforce **least privilege** access, encrypt with **KMS CMKs**, and enable **Vault Lock** to prevent tampering. Use lifecycle rules and cross-region/cross-account copies, and regularly test restores for **defense in depth**.", - "references": [ - "https://hub.prowler.com/check/backup_vaults_exist" - ] - }, - "risk_details": "Without a vault, recovery points cannot be created or retained in AWS Backup, degrading **availability** and **integrity**. Data may be irrecoverable after deletion, ransomware, or misconfiguration, and RPO/RTO targets may be missed during incidents.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Bedrock Model Invocation Logging is disabled.", - "metadata": { - "event_code": "bedrock_model_invocation_logging_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Bedrock Model Invocation Logging is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html", - "categories": [ - "logging", - "forensics-ready", - "gen-ai" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_a_1_1" - ], - "C5-2025": [ - "AM-01.01AC", - "OPS-11.02AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "SSO-05.01AC", - "PSS-04.05B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.2" - ], - "CCC": [ - "CCC.GenAI.CN01.AR01", - "CCC.GenAI.CN02.AR02", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.MLDE.CN05.AR01" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.2" - ], - "NIS2": [ - "3.2.3.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure that model invocation logging is enabled for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "title": "Ensure that model invocation logging is enabled for Amazon Bedrock.", - "types": [], - "uid": "prowler-aws-bedrock_model_invocation_logging_enabled-211203495394-ap-northeast-1-model-invocation-logging" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-northeast-1", - "data": { - "details": "", - "metadata": { - "enabled": false, - "cloudwatch_log_group": null, - "s3_bucket": null - } - }, - "group": { - "name": "bedrock" - }, - "labels": [], - "name": "model-invocation-logging", - "type": "Other", - "uid": "arn:aws:bedrock:ap-northeast-1:211203495394:model-invocation-logging" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-northeast-1" - }, - "remediation": { - "desc": "Enable model invocation logging for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "references": [ - "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html#model-invocation-logging-console" - ] - }, - "risk_details": "In Amazon Bedrock, model invocation logging enables you to collect the invocation request and response data, along with metadata, for all 'Converse', 'ConverseStream', 'InvokeModel', and 'InvokeModelWithResponseStream' API calls in your AWS account. Each log entry includes important details such as the timestamp, request ID, model ID, and token usage. Invocation logs can be utilized for troubleshooting, performance enhancements, abuse detection, and security auditing. By default, model invocation logging is disabled.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Bedrock Model Invocation Logging is disabled.", - "metadata": { - "event_code": "bedrock_model_invocation_logging_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Bedrock Model Invocation Logging is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html", - "categories": [ - "logging", - "forensics-ready", - "gen-ai" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_a_1_1" - ], - "C5-2025": [ - "AM-01.01AC", - "OPS-11.02AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "SSO-05.01AC", - "PSS-04.05B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.2" - ], - "CCC": [ - "CCC.GenAI.CN01.AR01", - "CCC.GenAI.CN02.AR02", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.MLDE.CN05.AR01" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.2" - ], - "NIS2": [ - "3.2.3.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure that model invocation logging is enabled for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "title": "Ensure that model invocation logging is enabled for Amazon Bedrock.", - "types": [], - "uid": "prowler-aws-bedrock_model_invocation_logging_enabled-211203495394-ap-northeast-2-model-invocation-logging" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-northeast-2", - "data": { - "details": "", - "metadata": { - "enabled": false, - "cloudwatch_log_group": null, - "s3_bucket": null - } - }, - "group": { - "name": "bedrock" - }, - "labels": [], - "name": "model-invocation-logging", - "type": "Other", - "uid": "arn:aws:bedrock:ap-northeast-2:211203495394:model-invocation-logging" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-northeast-2" - }, - "remediation": { - "desc": "Enable model invocation logging for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "references": [ - "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html#model-invocation-logging-console" - ] - }, - "risk_details": "In Amazon Bedrock, model invocation logging enables you to collect the invocation request and response data, along with metadata, for all 'Converse', 'ConverseStream', 'InvokeModel', and 'InvokeModelWithResponseStream' API calls in your AWS account. Each log entry includes important details such as the timestamp, request ID, model ID, and token usage. Invocation logs can be utilized for troubleshooting, performance enhancements, abuse detection, and security auditing. By default, model invocation logging is disabled.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Bedrock Model Invocation Logging is disabled.", - "metadata": { - "event_code": "bedrock_model_invocation_logging_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Bedrock Model Invocation Logging is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html", - "categories": [ - "logging", - "forensics-ready", - "gen-ai" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_a_1_1" - ], - "C5-2025": [ - "AM-01.01AC", - "OPS-11.02AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "SSO-05.01AC", - "PSS-04.05B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.2" - ], - "CCC": [ - "CCC.GenAI.CN01.AR01", - "CCC.GenAI.CN02.AR02", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.MLDE.CN05.AR01" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.2" - ], - "NIS2": [ - "3.2.3.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure that model invocation logging is enabled for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "title": "Ensure that model invocation logging is enabled for Amazon Bedrock.", - "types": [], - "uid": "prowler-aws-bedrock_model_invocation_logging_enabled-211203495394-ap-northeast-3-model-invocation-logging" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-northeast-3", - "data": { - "details": "", - "metadata": { - "enabled": false, - "cloudwatch_log_group": null, - "s3_bucket": null - } - }, - "group": { - "name": "bedrock" - }, - "labels": [], - "name": "model-invocation-logging", - "type": "Other", - "uid": "arn:aws:bedrock:ap-northeast-3:211203495394:model-invocation-logging" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-northeast-3" - }, - "remediation": { - "desc": "Enable model invocation logging for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "references": [ - "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html#model-invocation-logging-console" - ] - }, - "risk_details": "In Amazon Bedrock, model invocation logging enables you to collect the invocation request and response data, along with metadata, for all 'Converse', 'ConverseStream', 'InvokeModel', and 'InvokeModelWithResponseStream' API calls in your AWS account. Each log entry includes important details such as the timestamp, request ID, model ID, and token usage. Invocation logs can be utilized for troubleshooting, performance enhancements, abuse detection, and security auditing. By default, model invocation logging is disabled.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Bedrock Model Invocation Logging is disabled.", - "metadata": { - "event_code": "bedrock_model_invocation_logging_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Bedrock Model Invocation Logging is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html", - "categories": [ - "logging", - "forensics-ready", - "gen-ai" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_a_1_1" - ], - "C5-2025": [ - "AM-01.01AC", - "OPS-11.02AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "SSO-05.01AC", - "PSS-04.05B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.2" - ], - "CCC": [ - "CCC.GenAI.CN01.AR01", - "CCC.GenAI.CN02.AR02", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.MLDE.CN05.AR01" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.2" - ], - "NIS2": [ - "3.2.3.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure that model invocation logging is enabled for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "title": "Ensure that model invocation logging is enabled for Amazon Bedrock.", - "types": [], - "uid": "prowler-aws-bedrock_model_invocation_logging_enabled-211203495394-ap-south-1-model-invocation-logging" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-south-1", - "data": { - "details": "", - "metadata": { - "enabled": false, - "cloudwatch_log_group": null, - "s3_bucket": null - } - }, - "group": { - "name": "bedrock" - }, - "labels": [], - "name": "model-invocation-logging", - "type": "Other", - "uid": "arn:aws:bedrock:ap-south-1:211203495394:model-invocation-logging" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-south-1" - }, - "remediation": { - "desc": "Enable model invocation logging for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "references": [ - "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html#model-invocation-logging-console" - ] - }, - "risk_details": "In Amazon Bedrock, model invocation logging enables you to collect the invocation request and response data, along with metadata, for all 'Converse', 'ConverseStream', 'InvokeModel', and 'InvokeModelWithResponseStream' API calls in your AWS account. Each log entry includes important details such as the timestamp, request ID, model ID, and token usage. Invocation logs can be utilized for troubleshooting, performance enhancements, abuse detection, and security auditing. By default, model invocation logging is disabled.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Bedrock Model Invocation Logging is disabled.", - "metadata": { - "event_code": "bedrock_model_invocation_logging_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Bedrock Model Invocation Logging is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html", - "categories": [ - "logging", - "forensics-ready", - "gen-ai" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_a_1_1" - ], - "C5-2025": [ - "AM-01.01AC", - "OPS-11.02AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "SSO-05.01AC", - "PSS-04.05B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.2" - ], - "CCC": [ - "CCC.GenAI.CN01.AR01", - "CCC.GenAI.CN02.AR02", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.MLDE.CN05.AR01" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.2" - ], - "NIS2": [ - "3.2.3.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure that model invocation logging is enabled for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "title": "Ensure that model invocation logging is enabled for Amazon Bedrock.", - "types": [], - "uid": "prowler-aws-bedrock_model_invocation_logging_enabled-211203495394-ap-southeast-1-model-invocation-logging" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-southeast-1", - "data": { - "details": "", - "metadata": { - "enabled": false, - "cloudwatch_log_group": null, - "s3_bucket": null - } - }, - "group": { - "name": "bedrock" - }, - "labels": [], - "name": "model-invocation-logging", - "type": "Other", - "uid": "arn:aws:bedrock:ap-southeast-1:211203495394:model-invocation-logging" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-southeast-1" - }, - "remediation": { - "desc": "Enable model invocation logging for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "references": [ - "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html#model-invocation-logging-console" - ] - }, - "risk_details": "In Amazon Bedrock, model invocation logging enables you to collect the invocation request and response data, along with metadata, for all 'Converse', 'ConverseStream', 'InvokeModel', and 'InvokeModelWithResponseStream' API calls in your AWS account. Each log entry includes important details such as the timestamp, request ID, model ID, and token usage. Invocation logs can be utilized for troubleshooting, performance enhancements, abuse detection, and security auditing. By default, model invocation logging is disabled.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Bedrock Model Invocation Logging is disabled.", - "metadata": { - "event_code": "bedrock_model_invocation_logging_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Bedrock Model Invocation Logging is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html", - "categories": [ - "logging", - "forensics-ready", - "gen-ai" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_a_1_1" - ], - "C5-2025": [ - "AM-01.01AC", - "OPS-11.02AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "SSO-05.01AC", - "PSS-04.05B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.2" - ], - "CCC": [ - "CCC.GenAI.CN01.AR01", - "CCC.GenAI.CN02.AR02", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.MLDE.CN05.AR01" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.2" - ], - "NIS2": [ - "3.2.3.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure that model invocation logging is enabled for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "title": "Ensure that model invocation logging is enabled for Amazon Bedrock.", - "types": [], - "uid": "prowler-aws-bedrock_model_invocation_logging_enabled-211203495394-ap-southeast-2-model-invocation-logging" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-southeast-2", - "data": { - "details": "", - "metadata": { - "enabled": false, - "cloudwatch_log_group": null, - "s3_bucket": null - } - }, - "group": { - "name": "bedrock" - }, - "labels": [], - "name": "model-invocation-logging", - "type": "Other", - "uid": "arn:aws:bedrock:ap-southeast-2:211203495394:model-invocation-logging" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-southeast-2" - }, - "remediation": { - "desc": "Enable model invocation logging for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "references": [ - "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html#model-invocation-logging-console" - ] - }, - "risk_details": "In Amazon Bedrock, model invocation logging enables you to collect the invocation request and response data, along with metadata, for all 'Converse', 'ConverseStream', 'InvokeModel', and 'InvokeModelWithResponseStream' API calls in your AWS account. Each log entry includes important details such as the timestamp, request ID, model ID, and token usage. Invocation logs can be utilized for troubleshooting, performance enhancements, abuse detection, and security auditing. By default, model invocation logging is disabled.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Bedrock Model Invocation Logging is disabled.", - "metadata": { - "event_code": "bedrock_model_invocation_logging_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Bedrock Model Invocation Logging is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html", - "categories": [ - "logging", - "forensics-ready", - "gen-ai" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_a_1_1" - ], - "C5-2025": [ - "AM-01.01AC", - "OPS-11.02AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "SSO-05.01AC", - "PSS-04.05B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.2" - ], - "CCC": [ - "CCC.GenAI.CN01.AR01", - "CCC.GenAI.CN02.AR02", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.MLDE.CN05.AR01" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.2" - ], - "NIS2": [ - "3.2.3.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure that model invocation logging is enabled for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "title": "Ensure that model invocation logging is enabled for Amazon Bedrock.", - "types": [], - "uid": "prowler-aws-bedrock_model_invocation_logging_enabled-211203495394-ca-central-1-model-invocation-logging" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ca-central-1", - "data": { - "details": "", - "metadata": { - "enabled": false, - "cloudwatch_log_group": null, - "s3_bucket": null - } - }, - "group": { - "name": "bedrock" - }, - "labels": [], - "name": "model-invocation-logging", - "type": "Other", - "uid": "arn:aws:bedrock:ca-central-1:211203495394:model-invocation-logging" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ca-central-1" - }, - "remediation": { - "desc": "Enable model invocation logging for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "references": [ - "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html#model-invocation-logging-console" - ] - }, - "risk_details": "In Amazon Bedrock, model invocation logging enables you to collect the invocation request and response data, along with metadata, for all 'Converse', 'ConverseStream', 'InvokeModel', and 'InvokeModelWithResponseStream' API calls in your AWS account. Each log entry includes important details such as the timestamp, request ID, model ID, and token usage. Invocation logs can be utilized for troubleshooting, performance enhancements, abuse detection, and security auditing. By default, model invocation logging is disabled.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Bedrock Model Invocation Logging is disabled.", - "metadata": { - "event_code": "bedrock_model_invocation_logging_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Bedrock Model Invocation Logging is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html", - "categories": [ - "logging", - "forensics-ready", - "gen-ai" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_a_1_1" - ], - "C5-2025": [ - "AM-01.01AC", - "OPS-11.02AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "SSO-05.01AC", - "PSS-04.05B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.2" - ], - "CCC": [ - "CCC.GenAI.CN01.AR01", - "CCC.GenAI.CN02.AR02", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.MLDE.CN05.AR01" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.2" - ], - "NIS2": [ - "3.2.3.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure that model invocation logging is enabled for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "title": "Ensure that model invocation logging is enabled for Amazon Bedrock.", - "types": [], - "uid": "prowler-aws-bedrock_model_invocation_logging_enabled-211203495394-eu-central-1-model-invocation-logging" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-central-1", - "data": { - "details": "", - "metadata": { - "enabled": false, - "cloudwatch_log_group": null, - "s3_bucket": null - } - }, - "group": { - "name": "bedrock" - }, - "labels": [], - "name": "model-invocation-logging", - "type": "Other", - "uid": "arn:aws:bedrock:eu-central-1:211203495394:model-invocation-logging" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-central-1" - }, - "remediation": { - "desc": "Enable model invocation logging for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "references": [ - "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html#model-invocation-logging-console" - ] - }, - "risk_details": "In Amazon Bedrock, model invocation logging enables you to collect the invocation request and response data, along with metadata, for all 'Converse', 'ConverseStream', 'InvokeModel', and 'InvokeModelWithResponseStream' API calls in your AWS account. Each log entry includes important details such as the timestamp, request ID, model ID, and token usage. Invocation logs can be utilized for troubleshooting, performance enhancements, abuse detection, and security auditing. By default, model invocation logging is disabled.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Bedrock Model Invocation Logging is disabled.", - "metadata": { - "event_code": "bedrock_model_invocation_logging_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Bedrock Model Invocation Logging is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html", - "categories": [ - "logging", - "forensics-ready", - "gen-ai" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_a_1_1" - ], - "C5-2025": [ - "AM-01.01AC", - "OPS-11.02AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "SSO-05.01AC", - "PSS-04.05B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.2" - ], - "CCC": [ - "CCC.GenAI.CN01.AR01", - "CCC.GenAI.CN02.AR02", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.MLDE.CN05.AR01" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.2" - ], - "NIS2": [ - "3.2.3.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure that model invocation logging is enabled for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "title": "Ensure that model invocation logging is enabled for Amazon Bedrock.", - "types": [], - "uid": "prowler-aws-bedrock_model_invocation_logging_enabled-211203495394-eu-north-1-model-invocation-logging" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-north-1", - "data": { - "details": "", - "metadata": { - "enabled": false, - "cloudwatch_log_group": null, - "s3_bucket": null - } - }, - "group": { - "name": "bedrock" - }, - "labels": [], - "name": "model-invocation-logging", - "type": "Other", - "uid": "arn:aws:bedrock:eu-north-1:211203495394:model-invocation-logging" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-north-1" - }, - "remediation": { - "desc": "Enable model invocation logging for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "references": [ - "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html#model-invocation-logging-console" - ] - }, - "risk_details": "In Amazon Bedrock, model invocation logging enables you to collect the invocation request and response data, along with metadata, for all 'Converse', 'ConverseStream', 'InvokeModel', and 'InvokeModelWithResponseStream' API calls in your AWS account. Each log entry includes important details such as the timestamp, request ID, model ID, and token usage. Invocation logs can be utilized for troubleshooting, performance enhancements, abuse detection, and security auditing. By default, model invocation logging is disabled.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Bedrock Model Invocation Logging is disabled.", - "metadata": { - "event_code": "bedrock_model_invocation_logging_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Bedrock Model Invocation Logging is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html", - "categories": [ - "logging", - "forensics-ready", - "gen-ai" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_a_1_1" - ], - "C5-2025": [ - "AM-01.01AC", - "OPS-11.02AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "SSO-05.01AC", - "PSS-04.05B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.2" - ], - "CCC": [ - "CCC.GenAI.CN01.AR01", - "CCC.GenAI.CN02.AR02", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.MLDE.CN05.AR01" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.2" - ], - "NIS2": [ - "3.2.3.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure that model invocation logging is enabled for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "title": "Ensure that model invocation logging is enabled for Amazon Bedrock.", - "types": [], - "uid": "prowler-aws-bedrock_model_invocation_logging_enabled-211203495394-eu-west-1-model-invocation-logging" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "enabled": false, - "cloudwatch_log_group": null, - "s3_bucket": null - } - }, - "group": { - "name": "bedrock" - }, - "labels": [], - "name": "model-invocation-logging", - "type": "Other", - "uid": "arn:aws:bedrock:eu-west-1:211203495394:model-invocation-logging" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Enable model invocation logging for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "references": [ - "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html#model-invocation-logging-console" - ] - }, - "risk_details": "In Amazon Bedrock, model invocation logging enables you to collect the invocation request and response data, along with metadata, for all 'Converse', 'ConverseStream', 'InvokeModel', and 'InvokeModelWithResponseStream' API calls in your AWS account. Each log entry includes important details such as the timestamp, request ID, model ID, and token usage. Invocation logs can be utilized for troubleshooting, performance enhancements, abuse detection, and security auditing. By default, model invocation logging is disabled.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Bedrock Model Invocation Logging is disabled.", - "metadata": { - "event_code": "bedrock_model_invocation_logging_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Bedrock Model Invocation Logging is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html", - "categories": [ - "logging", - "forensics-ready", - "gen-ai" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_a_1_1" - ], - "C5-2025": [ - "AM-01.01AC", - "OPS-11.02AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "SSO-05.01AC", - "PSS-04.05B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.2" - ], - "CCC": [ - "CCC.GenAI.CN01.AR01", - "CCC.GenAI.CN02.AR02", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.MLDE.CN05.AR01" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.2" - ], - "NIS2": [ - "3.2.3.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure that model invocation logging is enabled for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "title": "Ensure that model invocation logging is enabled for Amazon Bedrock.", - "types": [], - "uid": "prowler-aws-bedrock_model_invocation_logging_enabled-211203495394-eu-west-2-model-invocation-logging" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-2", - "data": { - "details": "", - "metadata": { - "enabled": false, - "cloudwatch_log_group": null, - "s3_bucket": null - } - }, - "group": { - "name": "bedrock" - }, - "labels": [], - "name": "model-invocation-logging", - "type": "Other", - "uid": "arn:aws:bedrock:eu-west-2:211203495394:model-invocation-logging" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-2" - }, - "remediation": { - "desc": "Enable model invocation logging for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "references": [ - "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html#model-invocation-logging-console" - ] - }, - "risk_details": "In Amazon Bedrock, model invocation logging enables you to collect the invocation request and response data, along with metadata, for all 'Converse', 'ConverseStream', 'InvokeModel', and 'InvokeModelWithResponseStream' API calls in your AWS account. Each log entry includes important details such as the timestamp, request ID, model ID, and token usage. Invocation logs can be utilized for troubleshooting, performance enhancements, abuse detection, and security auditing. By default, model invocation logging is disabled.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Bedrock Model Invocation Logging is disabled.", - "metadata": { - "event_code": "bedrock_model_invocation_logging_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Bedrock Model Invocation Logging is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html", - "categories": [ - "logging", - "forensics-ready", - "gen-ai" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_a_1_1" - ], - "C5-2025": [ - "AM-01.01AC", - "OPS-11.02AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "SSO-05.01AC", - "PSS-04.05B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.2" - ], - "CCC": [ - "CCC.GenAI.CN01.AR01", - "CCC.GenAI.CN02.AR02", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.MLDE.CN05.AR01" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.2" - ], - "NIS2": [ - "3.2.3.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure that model invocation logging is enabled for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "title": "Ensure that model invocation logging is enabled for Amazon Bedrock.", - "types": [], - "uid": "prowler-aws-bedrock_model_invocation_logging_enabled-211203495394-eu-west-3-model-invocation-logging" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-3", - "data": { - "details": "", - "metadata": { - "enabled": false, - "cloudwatch_log_group": null, - "s3_bucket": null - } - }, - "group": { - "name": "bedrock" - }, - "labels": [], - "name": "model-invocation-logging", - "type": "Other", - "uid": "arn:aws:bedrock:eu-west-3:211203495394:model-invocation-logging" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-3" - }, - "remediation": { - "desc": "Enable model invocation logging for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "references": [ - "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html#model-invocation-logging-console" - ] - }, - "risk_details": "In Amazon Bedrock, model invocation logging enables you to collect the invocation request and response data, along with metadata, for all 'Converse', 'ConverseStream', 'InvokeModel', and 'InvokeModelWithResponseStream' API calls in your AWS account. Each log entry includes important details such as the timestamp, request ID, model ID, and token usage. Invocation logs can be utilized for troubleshooting, performance enhancements, abuse detection, and security auditing. By default, model invocation logging is disabled.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Bedrock Model Invocation Logging is disabled.", - "metadata": { - "event_code": "bedrock_model_invocation_logging_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Bedrock Model Invocation Logging is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html", - "categories": [ - "logging", - "forensics-ready", - "gen-ai" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_a_1_1" - ], - "C5-2025": [ - "AM-01.01AC", - "OPS-11.02AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "SSO-05.01AC", - "PSS-04.05B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.2" - ], - "CCC": [ - "CCC.GenAI.CN01.AR01", - "CCC.GenAI.CN02.AR02", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.MLDE.CN05.AR01" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.2" - ], - "NIS2": [ - "3.2.3.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure that model invocation logging is enabled for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "title": "Ensure that model invocation logging is enabled for Amazon Bedrock.", - "types": [], - "uid": "prowler-aws-bedrock_model_invocation_logging_enabled-211203495394-sa-east-1-model-invocation-logging" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "sa-east-1", - "data": { - "details": "", - "metadata": { - "enabled": false, - "cloudwatch_log_group": null, - "s3_bucket": null - } - }, - "group": { - "name": "bedrock" - }, - "labels": [], - "name": "model-invocation-logging", - "type": "Other", - "uid": "arn:aws:bedrock:sa-east-1:211203495394:model-invocation-logging" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "sa-east-1" - }, - "remediation": { - "desc": "Enable model invocation logging for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "references": [ - "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html#model-invocation-logging-console" - ] - }, - "risk_details": "In Amazon Bedrock, model invocation logging enables you to collect the invocation request and response data, along with metadata, for all 'Converse', 'ConverseStream', 'InvokeModel', and 'InvokeModelWithResponseStream' API calls in your AWS account. Each log entry includes important details such as the timestamp, request ID, model ID, and token usage. Invocation logs can be utilized for troubleshooting, performance enhancements, abuse detection, and security auditing. By default, model invocation logging is disabled.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Bedrock Model Invocation Logging is disabled.", - "metadata": { - "event_code": "bedrock_model_invocation_logging_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Bedrock Model Invocation Logging is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html", - "categories": [ - "logging", - "forensics-ready", - "gen-ai" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_a_1_1" - ], - "C5-2025": [ - "AM-01.01AC", - "OPS-11.02AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "SSO-05.01AC", - "PSS-04.05B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.2" - ], - "CCC": [ - "CCC.GenAI.CN01.AR01", - "CCC.GenAI.CN02.AR02", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.MLDE.CN05.AR01" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.2" - ], - "NIS2": [ - "3.2.3.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure that model invocation logging is enabled for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "title": "Ensure that model invocation logging is enabled for Amazon Bedrock.", - "types": [], - "uid": "prowler-aws-bedrock_model_invocation_logging_enabled-211203495394-us-east-1-model-invocation-logging" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "enabled": false, - "cloudwatch_log_group": null, - "s3_bucket": null - } - }, - "group": { - "name": "bedrock" - }, - "labels": [], - "name": "model-invocation-logging", - "type": "Other", - "uid": "arn:aws:bedrock:us-east-1:211203495394:model-invocation-logging" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Enable model invocation logging for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "references": [ - "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html#model-invocation-logging-console" - ] - }, - "risk_details": "In Amazon Bedrock, model invocation logging enables you to collect the invocation request and response data, along with metadata, for all 'Converse', 'ConverseStream', 'InvokeModel', and 'InvokeModelWithResponseStream' API calls in your AWS account. Each log entry includes important details such as the timestamp, request ID, model ID, and token usage. Invocation logs can be utilized for troubleshooting, performance enhancements, abuse detection, and security auditing. By default, model invocation logging is disabled.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Bedrock Model Invocation Logging is disabled.", - "metadata": { - "event_code": "bedrock_model_invocation_logging_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Bedrock Model Invocation Logging is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html", - "categories": [ - "logging", - "forensics-ready", - "gen-ai" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_a_1_1" - ], - "C5-2025": [ - "AM-01.01AC", - "OPS-11.02AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "SSO-05.01AC", - "PSS-04.05B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.2" - ], - "CCC": [ - "CCC.GenAI.CN01.AR01", - "CCC.GenAI.CN02.AR02", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.MLDE.CN05.AR01" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.2" - ], - "NIS2": [ - "3.2.3.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure that model invocation logging is enabled for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "title": "Ensure that model invocation logging is enabled for Amazon Bedrock.", - "types": [], - "uid": "prowler-aws-bedrock_model_invocation_logging_enabled-211203495394-us-east-2-model-invocation-logging" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-2", - "data": { - "details": "", - "metadata": { - "enabled": false, - "cloudwatch_log_group": null, - "s3_bucket": null - } - }, - "group": { - "name": "bedrock" - }, - "labels": [], - "name": "model-invocation-logging", - "type": "Other", - "uid": "arn:aws:bedrock:us-east-2:211203495394:model-invocation-logging" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-2" - }, - "remediation": { - "desc": "Enable model invocation logging for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "references": [ - "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html#model-invocation-logging-console" - ] - }, - "risk_details": "In Amazon Bedrock, model invocation logging enables you to collect the invocation request and response data, along with metadata, for all 'Converse', 'ConverseStream', 'InvokeModel', and 'InvokeModelWithResponseStream' API calls in your AWS account. Each log entry includes important details such as the timestamp, request ID, model ID, and token usage. Invocation logs can be utilized for troubleshooting, performance enhancements, abuse detection, and security auditing. By default, model invocation logging is disabled.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Bedrock Model Invocation Logging is disabled.", - "metadata": { - "event_code": "bedrock_model_invocation_logging_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Bedrock Model Invocation Logging is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html", - "categories": [ - "logging", - "forensics-ready", - "gen-ai" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_a_1_1" - ], - "C5-2025": [ - "AM-01.01AC", - "OPS-11.02AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "SSO-05.01AC", - "PSS-04.05B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.2" - ], - "CCC": [ - "CCC.GenAI.CN01.AR01", - "CCC.GenAI.CN02.AR02", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.MLDE.CN05.AR01" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.2" - ], - "NIS2": [ - "3.2.3.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure that model invocation logging is enabled for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "title": "Ensure that model invocation logging is enabled for Amazon Bedrock.", - "types": [], - "uid": "prowler-aws-bedrock_model_invocation_logging_enabled-211203495394-us-west-1-model-invocation-logging" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-west-1", - "data": { - "details": "", - "metadata": { - "enabled": false, - "cloudwatch_log_group": null, - "s3_bucket": null - } - }, - "group": { - "name": "bedrock" - }, - "labels": [], - "name": "model-invocation-logging", - "type": "Other", - "uid": "arn:aws:bedrock:us-west-1:211203495394:model-invocation-logging" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-west-1" - }, - "remediation": { - "desc": "Enable model invocation logging for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "references": [ - "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html#model-invocation-logging-console" - ] - }, - "risk_details": "In Amazon Bedrock, model invocation logging enables you to collect the invocation request and response data, along with metadata, for all 'Converse', 'ConverseStream', 'InvokeModel', and 'InvokeModelWithResponseStream' API calls in your AWS account. Each log entry includes important details such as the timestamp, request ID, model ID, and token usage. Invocation logs can be utilized for troubleshooting, performance enhancements, abuse detection, and security auditing. By default, model invocation logging is disabled.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Bedrock Model Invocation Logging is disabled.", - "metadata": { - "event_code": "bedrock_model_invocation_logging_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Bedrock Model Invocation Logging is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html", - "categories": [ - "logging", - "forensics-ready", - "gen-ai" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_a_1_1" - ], - "C5-2025": [ - "AM-01.01AC", - "OPS-11.02AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "SSO-05.01AC", - "PSS-04.05B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.2" - ], - "CCC": [ - "CCC.GenAI.CN01.AR01", - "CCC.GenAI.CN02.AR02", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.MLDE.CN05.AR01" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.2" - ], - "NIS2": [ - "3.2.3.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure that model invocation logging is enabled for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "title": "Ensure that model invocation logging is enabled for Amazon Bedrock.", - "types": [], - "uid": "prowler-aws-bedrock_model_invocation_logging_enabled-211203495394-us-west-2-model-invocation-logging" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-west-2", - "data": { - "details": "", - "metadata": { - "enabled": false, - "cloudwatch_log_group": null, - "s3_bucket": null - } - }, - "group": { - "name": "bedrock" - }, - "labels": [], - "name": "model-invocation-logging", - "type": "Other", - "uid": "arn:aws:bedrock:us-west-2:211203495394:model-invocation-logging" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-west-2" - }, - "remediation": { - "desc": "Enable model invocation logging for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "references": [ - "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html#model-invocation-logging-console" - ] - }, - "risk_details": "In Amazon Bedrock, model invocation logging enables you to collect the invocation request and response data, along with metadata, for all 'Converse', 'ConverseStream', 'InvokeModel', and 'InvokeModelWithResponseStream' API calls in your AWS account. Each log entry includes important details such as the timestamp, request ID, model ID, and token usage. Invocation logs can be utilized for troubleshooting, performance enhancements, abuse detection, and security auditing. By default, model invocation logging is disabled.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled with logging were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled with logging were found.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_12", - "3_3_1", - "3_3_2", - "3_3_3", - "3_4_1", - "3_6_1", - "3_6_2", - "3_13_1", - "3_13_2", - "3_14_6", - "3_14_7" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_4" - ], - "HIPAA": [ - "164_308_a_1_ii_d", - "164_308_a_3_ii_a", - "164_308_a_6_ii", - "164_312_b", - "164_312_e_2_i" - ], - "SOC2": [ - "cc_2_1", - "cc_7_2", - "cc_a_1_1" - ], - "C5-2025": [ - "OIS-05.01B", - "OIS-05.02B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-15.03B", - "IAM-07.04B", - "DEV-08.02B", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-12.03AC" - ], - "NIST-CSF-1.1": [ - "ae_1", - "ae_3", - "ae_4", - "cm_1", - "cm_3", - "cm_6", - "cm_7", - "am_3", - "ac_6", - "ds_5", - "ma_2", - "pt_1" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-4", - "ac-2-g", - "au-2-a-d", - "au-3", - "au-6-1-3", - "au-12-a-c", - "ca-7-a-b", - "si-4-16", - "si-4-2", - "si-4-4", - "si-4-5" - ], - "CIS-3.0": [ - "3.1" - ], - "NIST-800-53-Revision-5": [ - "ac_2_4", - "ac_3_1", - "ac_3_10", - "ac_4_26", - "ac_6_9", - "au_2_b", - "au_3_1", - "au_3_a", - "au_3_b", - "au_3_c", - "au_3_d", - "au_3_e", - "au_3_f", - "au_6_3", - "au_6_4", - "au_6_6", - "au_6_9", - "au_8_b", - "au_10", - "au_12_a", - "au_12_c", - "au_12_1", - "au_12_2", - "au_12_3", - "au_12_4", - "au_14_a", - "au_14_b", - "au_14_3", - "ca_7_b", - "cm_5_1_b", - "cm_6_a", - "cm_9_b", - "ia_3_3_b", - "ma_4_1_a", - "pm_14_a_1", - "pm_14_b", - "pm_31", - "sc_7_9_b", - "si_1_1_c", - "si_3_8_b", - "si_4_2", - "si_4_17", - "si_4_20", - "si_7_8", - "si_10_1_c" - ], - "ENS-RD2022": [ - "op.acc.6.r5.aws.iam.1", - "op.exp.5.aws.ct.1", - "op.exp.8.aws.ct.1", - "op.exp.8.aws.ct.6", - "op.exp.9.aws.ct.1", - "op.mon.1.aws.ct.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "CIS-4.0.1": [ - "3.1" - ], - "PCI-4.0": [ - "10.2.1.1.22", - "10.2.1.2.19", - "10.2.1.3.19", - "10.2.1.4.19", - "10.2.1.5.19", - "10.2.1.6.19", - "10.2.1.7.19", - "10.2.1.19", - "10.2.2.19", - "10.3.1.19", - "10.6.3.24", - "5.3.4.22", - "A1.2.1.23" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "au-2", - "ca-7" - ], - "FFIEC": [ - "d2-ma-ma-b-1", - "d2-ma-ma-b-2", - "d3-dc-an-b-3", - "d3-dc-an-b-4", - "d3-dc-an-b-5", - "d3-dc-ev-b-1", - "d3-dc-ev-b-3", - "d3-pc-im-b-3", - "d3-pc-im-b-7", - "d5-dr-de-b-3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "3.2", - "3.2.3", - "3.4", - "3.4.d", - "10.1", - "10.2", - "10.2.1", - "10.2.2", - "10.2.3", - "10.2.4", - "10.2.6", - "10.2.7", - "10.3", - "10.3.1", - "10.3.2", - "10.3.3", - "10.3.4", - "10.3.5", - "10.3.6", - "10.5", - "10.5.4" - ], - "CIS-5.0": [ - "3.1" - ], - "CIS-1.4": [ - "3.1" - ], - "GxP-EU-Annex-11": [ - "1-risk-management", - "4.2-validation-documentation-change-control" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Logging.CN05.AR01", - "CCC.Core.CN08.AR01", - "CCC.Core.CN09.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR03" - ], - "GxP-21-CFR-Part-11": [ - "11.10-e", - "11.10-k", - "11.300-d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "CloudTrail.1" - ], - "CIS-1.5": [ - "3.1" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02", - "SEC04-BP03" - ], - "NIST-800-53-Revision-4": [ - "ac_2_4", - "ac_2", - "au_2", - "au_3", - "au_12", - "cm_2" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "CIS-2.0": [ - "3.1" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure CloudTrail is enabled in all regions", - "title": "Ensure CloudTrail is enabled in all regions", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled-211203495394-ap-northeast-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-northeast-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:ap-northeast-1:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-northeast-1" - }, - "remediation": { - "desc": "Ensure Logging is set to ON on all regions (even if they are not being used at the moment.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrailconcepts.html#cloudtrail-concepts-management-events" - ] - }, - "risk_details": "AWS CloudTrail is a web service that records AWS API calls for your account and delivers log files to you. The recorded information includes the identity of the API caller, the time of the API call, the source IP address of the API caller, the request parameters, and the response elements returned by the AWS service.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled with logging were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled with logging were found.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_12", - "3_3_1", - "3_3_2", - "3_3_3", - "3_4_1", - "3_6_1", - "3_6_2", - "3_13_1", - "3_13_2", - "3_14_6", - "3_14_7" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_4" - ], - "HIPAA": [ - "164_308_a_1_ii_d", - "164_308_a_3_ii_a", - "164_308_a_6_ii", - "164_312_b", - "164_312_e_2_i" - ], - "SOC2": [ - "cc_2_1", - "cc_7_2", - "cc_a_1_1" - ], - "C5-2025": [ - "OIS-05.01B", - "OIS-05.02B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-15.03B", - "IAM-07.04B", - "DEV-08.02B", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-12.03AC" - ], - "NIST-CSF-1.1": [ - "ae_1", - "ae_3", - "ae_4", - "cm_1", - "cm_3", - "cm_6", - "cm_7", - "am_3", - "ac_6", - "ds_5", - "ma_2", - "pt_1" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-4", - "ac-2-g", - "au-2-a-d", - "au-3", - "au-6-1-3", - "au-12-a-c", - "ca-7-a-b", - "si-4-16", - "si-4-2", - "si-4-4", - "si-4-5" - ], - "CIS-3.0": [ - "3.1" - ], - "NIST-800-53-Revision-5": [ - "ac_2_4", - "ac_3_1", - "ac_3_10", - "ac_4_26", - "ac_6_9", - "au_2_b", - "au_3_1", - "au_3_a", - "au_3_b", - "au_3_c", - "au_3_d", - "au_3_e", - "au_3_f", - "au_6_3", - "au_6_4", - "au_6_6", - "au_6_9", - "au_8_b", - "au_10", - "au_12_a", - "au_12_c", - "au_12_1", - "au_12_2", - "au_12_3", - "au_12_4", - "au_14_a", - "au_14_b", - "au_14_3", - "ca_7_b", - "cm_5_1_b", - "cm_6_a", - "cm_9_b", - "ia_3_3_b", - "ma_4_1_a", - "pm_14_a_1", - "pm_14_b", - "pm_31", - "sc_7_9_b", - "si_1_1_c", - "si_3_8_b", - "si_4_2", - "si_4_17", - "si_4_20", - "si_7_8", - "si_10_1_c" - ], - "ENS-RD2022": [ - "op.acc.6.r5.aws.iam.1", - "op.exp.5.aws.ct.1", - "op.exp.8.aws.ct.1", - "op.exp.8.aws.ct.6", - "op.exp.9.aws.ct.1", - "op.mon.1.aws.ct.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "CIS-4.0.1": [ - "3.1" - ], - "PCI-4.0": [ - "10.2.1.1.22", - "10.2.1.2.19", - "10.2.1.3.19", - "10.2.1.4.19", - "10.2.1.5.19", - "10.2.1.6.19", - "10.2.1.7.19", - "10.2.1.19", - "10.2.2.19", - "10.3.1.19", - "10.6.3.24", - "5.3.4.22", - "A1.2.1.23" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "au-2", - "ca-7" - ], - "FFIEC": [ - "d2-ma-ma-b-1", - "d2-ma-ma-b-2", - "d3-dc-an-b-3", - "d3-dc-an-b-4", - "d3-dc-an-b-5", - "d3-dc-ev-b-1", - "d3-dc-ev-b-3", - "d3-pc-im-b-3", - "d3-pc-im-b-7", - "d5-dr-de-b-3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "3.2", - "3.2.3", - "3.4", - "3.4.d", - "10.1", - "10.2", - "10.2.1", - "10.2.2", - "10.2.3", - "10.2.4", - "10.2.6", - "10.2.7", - "10.3", - "10.3.1", - "10.3.2", - "10.3.3", - "10.3.4", - "10.3.5", - "10.3.6", - "10.5", - "10.5.4" - ], - "CIS-5.0": [ - "3.1" - ], - "CIS-1.4": [ - "3.1" - ], - "GxP-EU-Annex-11": [ - "1-risk-management", - "4.2-validation-documentation-change-control" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Logging.CN05.AR01", - "CCC.Core.CN08.AR01", - "CCC.Core.CN09.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR03" - ], - "GxP-21-CFR-Part-11": [ - "11.10-e", - "11.10-k", - "11.300-d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "CloudTrail.1" - ], - "CIS-1.5": [ - "3.1" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02", - "SEC04-BP03" - ], - "NIST-800-53-Revision-4": [ - "ac_2_4", - "ac_2", - "au_2", - "au_3", - "au_12", - "cm_2" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "CIS-2.0": [ - "3.1" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure CloudTrail is enabled in all regions", - "title": "Ensure CloudTrail is enabled in all regions", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled-211203495394-ap-northeast-2-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-northeast-2", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:ap-northeast-2:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-northeast-2" - }, - "remediation": { - "desc": "Ensure Logging is set to ON on all regions (even if they are not being used at the moment.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrailconcepts.html#cloudtrail-concepts-management-events" - ] - }, - "risk_details": "AWS CloudTrail is a web service that records AWS API calls for your account and delivers log files to you. The recorded information includes the identity of the API caller, the time of the API call, the source IP address of the API caller, the request parameters, and the response elements returned by the AWS service.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled with logging were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled with logging were found.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_12", - "3_3_1", - "3_3_2", - "3_3_3", - "3_4_1", - "3_6_1", - "3_6_2", - "3_13_1", - "3_13_2", - "3_14_6", - "3_14_7" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_4" - ], - "HIPAA": [ - "164_308_a_1_ii_d", - "164_308_a_3_ii_a", - "164_308_a_6_ii", - "164_312_b", - "164_312_e_2_i" - ], - "SOC2": [ - "cc_2_1", - "cc_7_2", - "cc_a_1_1" - ], - "C5-2025": [ - "OIS-05.01B", - "OIS-05.02B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-15.03B", - "IAM-07.04B", - "DEV-08.02B", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-12.03AC" - ], - "NIST-CSF-1.1": [ - "ae_1", - "ae_3", - "ae_4", - "cm_1", - "cm_3", - "cm_6", - "cm_7", - "am_3", - "ac_6", - "ds_5", - "ma_2", - "pt_1" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-4", - "ac-2-g", - "au-2-a-d", - "au-3", - "au-6-1-3", - "au-12-a-c", - "ca-7-a-b", - "si-4-16", - "si-4-2", - "si-4-4", - "si-4-5" - ], - "CIS-3.0": [ - "3.1" - ], - "NIST-800-53-Revision-5": [ - "ac_2_4", - "ac_3_1", - "ac_3_10", - "ac_4_26", - "ac_6_9", - "au_2_b", - "au_3_1", - "au_3_a", - "au_3_b", - "au_3_c", - "au_3_d", - "au_3_e", - "au_3_f", - "au_6_3", - "au_6_4", - "au_6_6", - "au_6_9", - "au_8_b", - "au_10", - "au_12_a", - "au_12_c", - "au_12_1", - "au_12_2", - "au_12_3", - "au_12_4", - "au_14_a", - "au_14_b", - "au_14_3", - "ca_7_b", - "cm_5_1_b", - "cm_6_a", - "cm_9_b", - "ia_3_3_b", - "ma_4_1_a", - "pm_14_a_1", - "pm_14_b", - "pm_31", - "sc_7_9_b", - "si_1_1_c", - "si_3_8_b", - "si_4_2", - "si_4_17", - "si_4_20", - "si_7_8", - "si_10_1_c" - ], - "ENS-RD2022": [ - "op.acc.6.r5.aws.iam.1", - "op.exp.5.aws.ct.1", - "op.exp.8.aws.ct.1", - "op.exp.8.aws.ct.6", - "op.exp.9.aws.ct.1", - "op.mon.1.aws.ct.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "CIS-4.0.1": [ - "3.1" - ], - "PCI-4.0": [ - "10.2.1.1.22", - "10.2.1.2.19", - "10.2.1.3.19", - "10.2.1.4.19", - "10.2.1.5.19", - "10.2.1.6.19", - "10.2.1.7.19", - "10.2.1.19", - "10.2.2.19", - "10.3.1.19", - "10.6.3.24", - "5.3.4.22", - "A1.2.1.23" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "au-2", - "ca-7" - ], - "FFIEC": [ - "d2-ma-ma-b-1", - "d2-ma-ma-b-2", - "d3-dc-an-b-3", - "d3-dc-an-b-4", - "d3-dc-an-b-5", - "d3-dc-ev-b-1", - "d3-dc-ev-b-3", - "d3-pc-im-b-3", - "d3-pc-im-b-7", - "d5-dr-de-b-3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "3.2", - "3.2.3", - "3.4", - "3.4.d", - "10.1", - "10.2", - "10.2.1", - "10.2.2", - "10.2.3", - "10.2.4", - "10.2.6", - "10.2.7", - "10.3", - "10.3.1", - "10.3.2", - "10.3.3", - "10.3.4", - "10.3.5", - "10.3.6", - "10.5", - "10.5.4" - ], - "CIS-5.0": [ - "3.1" - ], - "CIS-1.4": [ - "3.1" - ], - "GxP-EU-Annex-11": [ - "1-risk-management", - "4.2-validation-documentation-change-control" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Logging.CN05.AR01", - "CCC.Core.CN08.AR01", - "CCC.Core.CN09.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR03" - ], - "GxP-21-CFR-Part-11": [ - "11.10-e", - "11.10-k", - "11.300-d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "CloudTrail.1" - ], - "CIS-1.5": [ - "3.1" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02", - "SEC04-BP03" - ], - "NIST-800-53-Revision-4": [ - "ac_2_4", - "ac_2", - "au_2", - "au_3", - "au_12", - "cm_2" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "CIS-2.0": [ - "3.1" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure CloudTrail is enabled in all regions", - "title": "Ensure CloudTrail is enabled in all regions", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled-211203495394-ap-northeast-3-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-northeast-3", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:ap-northeast-3:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-northeast-3" - }, - "remediation": { - "desc": "Ensure Logging is set to ON on all regions (even if they are not being used at the moment.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrailconcepts.html#cloudtrail-concepts-management-events" - ] - }, - "risk_details": "AWS CloudTrail is a web service that records AWS API calls for your account and delivers log files to you. The recorded information includes the identity of the API caller, the time of the API call, the source IP address of the API caller, the request parameters, and the response elements returned by the AWS service.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled with logging were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled with logging were found.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_12", - "3_3_1", - "3_3_2", - "3_3_3", - "3_4_1", - "3_6_1", - "3_6_2", - "3_13_1", - "3_13_2", - "3_14_6", - "3_14_7" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_4" - ], - "HIPAA": [ - "164_308_a_1_ii_d", - "164_308_a_3_ii_a", - "164_308_a_6_ii", - "164_312_b", - "164_312_e_2_i" - ], - "SOC2": [ - "cc_2_1", - "cc_7_2", - "cc_a_1_1" - ], - "C5-2025": [ - "OIS-05.01B", - "OIS-05.02B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-15.03B", - "IAM-07.04B", - "DEV-08.02B", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-12.03AC" - ], - "NIST-CSF-1.1": [ - "ae_1", - "ae_3", - "ae_4", - "cm_1", - "cm_3", - "cm_6", - "cm_7", - "am_3", - "ac_6", - "ds_5", - "ma_2", - "pt_1" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-4", - "ac-2-g", - "au-2-a-d", - "au-3", - "au-6-1-3", - "au-12-a-c", - "ca-7-a-b", - "si-4-16", - "si-4-2", - "si-4-4", - "si-4-5" - ], - "CIS-3.0": [ - "3.1" - ], - "NIST-800-53-Revision-5": [ - "ac_2_4", - "ac_3_1", - "ac_3_10", - "ac_4_26", - "ac_6_9", - "au_2_b", - "au_3_1", - "au_3_a", - "au_3_b", - "au_3_c", - "au_3_d", - "au_3_e", - "au_3_f", - "au_6_3", - "au_6_4", - "au_6_6", - "au_6_9", - "au_8_b", - "au_10", - "au_12_a", - "au_12_c", - "au_12_1", - "au_12_2", - "au_12_3", - "au_12_4", - "au_14_a", - "au_14_b", - "au_14_3", - "ca_7_b", - "cm_5_1_b", - "cm_6_a", - "cm_9_b", - "ia_3_3_b", - "ma_4_1_a", - "pm_14_a_1", - "pm_14_b", - "pm_31", - "sc_7_9_b", - "si_1_1_c", - "si_3_8_b", - "si_4_2", - "si_4_17", - "si_4_20", - "si_7_8", - "si_10_1_c" - ], - "ENS-RD2022": [ - "op.acc.6.r5.aws.iam.1", - "op.exp.5.aws.ct.1", - "op.exp.8.aws.ct.1", - "op.exp.8.aws.ct.6", - "op.exp.9.aws.ct.1", - "op.mon.1.aws.ct.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "CIS-4.0.1": [ - "3.1" - ], - "PCI-4.0": [ - "10.2.1.1.22", - "10.2.1.2.19", - "10.2.1.3.19", - "10.2.1.4.19", - "10.2.1.5.19", - "10.2.1.6.19", - "10.2.1.7.19", - "10.2.1.19", - "10.2.2.19", - "10.3.1.19", - "10.6.3.24", - "5.3.4.22", - "A1.2.1.23" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "au-2", - "ca-7" - ], - "FFIEC": [ - "d2-ma-ma-b-1", - "d2-ma-ma-b-2", - "d3-dc-an-b-3", - "d3-dc-an-b-4", - "d3-dc-an-b-5", - "d3-dc-ev-b-1", - "d3-dc-ev-b-3", - "d3-pc-im-b-3", - "d3-pc-im-b-7", - "d5-dr-de-b-3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "3.2", - "3.2.3", - "3.4", - "3.4.d", - "10.1", - "10.2", - "10.2.1", - "10.2.2", - "10.2.3", - "10.2.4", - "10.2.6", - "10.2.7", - "10.3", - "10.3.1", - "10.3.2", - "10.3.3", - "10.3.4", - "10.3.5", - "10.3.6", - "10.5", - "10.5.4" - ], - "CIS-5.0": [ - "3.1" - ], - "CIS-1.4": [ - "3.1" - ], - "GxP-EU-Annex-11": [ - "1-risk-management", - "4.2-validation-documentation-change-control" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Logging.CN05.AR01", - "CCC.Core.CN08.AR01", - "CCC.Core.CN09.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR03" - ], - "GxP-21-CFR-Part-11": [ - "11.10-e", - "11.10-k", - "11.300-d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "CloudTrail.1" - ], - "CIS-1.5": [ - "3.1" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02", - "SEC04-BP03" - ], - "NIST-800-53-Revision-4": [ - "ac_2_4", - "ac_2", - "au_2", - "au_3", - "au_12", - "cm_2" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "CIS-2.0": [ - "3.1" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure CloudTrail is enabled in all regions", - "title": "Ensure CloudTrail is enabled in all regions", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled-211203495394-ap-south-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-south-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:ap-south-1:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-south-1" - }, - "remediation": { - "desc": "Ensure Logging is set to ON on all regions (even if they are not being used at the moment.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrailconcepts.html#cloudtrail-concepts-management-events" - ] - }, - "risk_details": "AWS CloudTrail is a web service that records AWS API calls for your account and delivers log files to you. The recorded information includes the identity of the API caller, the time of the API call, the source IP address of the API caller, the request parameters, and the response elements returned by the AWS service.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled with logging were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled with logging were found.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_12", - "3_3_1", - "3_3_2", - "3_3_3", - "3_4_1", - "3_6_1", - "3_6_2", - "3_13_1", - "3_13_2", - "3_14_6", - "3_14_7" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_4" - ], - "HIPAA": [ - "164_308_a_1_ii_d", - "164_308_a_3_ii_a", - "164_308_a_6_ii", - "164_312_b", - "164_312_e_2_i" - ], - "SOC2": [ - "cc_2_1", - "cc_7_2", - "cc_a_1_1" - ], - "C5-2025": [ - "OIS-05.01B", - "OIS-05.02B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-15.03B", - "IAM-07.04B", - "DEV-08.02B", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-12.03AC" - ], - "NIST-CSF-1.1": [ - "ae_1", - "ae_3", - "ae_4", - "cm_1", - "cm_3", - "cm_6", - "cm_7", - "am_3", - "ac_6", - "ds_5", - "ma_2", - "pt_1" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-4", - "ac-2-g", - "au-2-a-d", - "au-3", - "au-6-1-3", - "au-12-a-c", - "ca-7-a-b", - "si-4-16", - "si-4-2", - "si-4-4", - "si-4-5" - ], - "CIS-3.0": [ - "3.1" - ], - "NIST-800-53-Revision-5": [ - "ac_2_4", - "ac_3_1", - "ac_3_10", - "ac_4_26", - "ac_6_9", - "au_2_b", - "au_3_1", - "au_3_a", - "au_3_b", - "au_3_c", - "au_3_d", - "au_3_e", - "au_3_f", - "au_6_3", - "au_6_4", - "au_6_6", - "au_6_9", - "au_8_b", - "au_10", - "au_12_a", - "au_12_c", - "au_12_1", - "au_12_2", - "au_12_3", - "au_12_4", - "au_14_a", - "au_14_b", - "au_14_3", - "ca_7_b", - "cm_5_1_b", - "cm_6_a", - "cm_9_b", - "ia_3_3_b", - "ma_4_1_a", - "pm_14_a_1", - "pm_14_b", - "pm_31", - "sc_7_9_b", - "si_1_1_c", - "si_3_8_b", - "si_4_2", - "si_4_17", - "si_4_20", - "si_7_8", - "si_10_1_c" - ], - "ENS-RD2022": [ - "op.acc.6.r5.aws.iam.1", - "op.exp.5.aws.ct.1", - "op.exp.8.aws.ct.1", - "op.exp.8.aws.ct.6", - "op.exp.9.aws.ct.1", - "op.mon.1.aws.ct.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "CIS-4.0.1": [ - "3.1" - ], - "PCI-4.0": [ - "10.2.1.1.22", - "10.2.1.2.19", - "10.2.1.3.19", - "10.2.1.4.19", - "10.2.1.5.19", - "10.2.1.6.19", - "10.2.1.7.19", - "10.2.1.19", - "10.2.2.19", - "10.3.1.19", - "10.6.3.24", - "5.3.4.22", - "A1.2.1.23" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "au-2", - "ca-7" - ], - "FFIEC": [ - "d2-ma-ma-b-1", - "d2-ma-ma-b-2", - "d3-dc-an-b-3", - "d3-dc-an-b-4", - "d3-dc-an-b-5", - "d3-dc-ev-b-1", - "d3-dc-ev-b-3", - "d3-pc-im-b-3", - "d3-pc-im-b-7", - "d5-dr-de-b-3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "3.2", - "3.2.3", - "3.4", - "3.4.d", - "10.1", - "10.2", - "10.2.1", - "10.2.2", - "10.2.3", - "10.2.4", - "10.2.6", - "10.2.7", - "10.3", - "10.3.1", - "10.3.2", - "10.3.3", - "10.3.4", - "10.3.5", - "10.3.6", - "10.5", - "10.5.4" - ], - "CIS-5.0": [ - "3.1" - ], - "CIS-1.4": [ - "3.1" - ], - "GxP-EU-Annex-11": [ - "1-risk-management", - "4.2-validation-documentation-change-control" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Logging.CN05.AR01", - "CCC.Core.CN08.AR01", - "CCC.Core.CN09.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR03" - ], - "GxP-21-CFR-Part-11": [ - "11.10-e", - "11.10-k", - "11.300-d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "CloudTrail.1" - ], - "CIS-1.5": [ - "3.1" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02", - "SEC04-BP03" - ], - "NIST-800-53-Revision-4": [ - "ac_2_4", - "ac_2", - "au_2", - "au_3", - "au_12", - "cm_2" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "CIS-2.0": [ - "3.1" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure CloudTrail is enabled in all regions", - "title": "Ensure CloudTrail is enabled in all regions", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled-211203495394-ap-southeast-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-southeast-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:ap-southeast-1:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-southeast-1" - }, - "remediation": { - "desc": "Ensure Logging is set to ON on all regions (even if they are not being used at the moment.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrailconcepts.html#cloudtrail-concepts-management-events" - ] - }, - "risk_details": "AWS CloudTrail is a web service that records AWS API calls for your account and delivers log files to you. The recorded information includes the identity of the API caller, the time of the API call, the source IP address of the API caller, the request parameters, and the response elements returned by the AWS service.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled with logging were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled with logging were found.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_12", - "3_3_1", - "3_3_2", - "3_3_3", - "3_4_1", - "3_6_1", - "3_6_2", - "3_13_1", - "3_13_2", - "3_14_6", - "3_14_7" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_4" - ], - "HIPAA": [ - "164_308_a_1_ii_d", - "164_308_a_3_ii_a", - "164_308_a_6_ii", - "164_312_b", - "164_312_e_2_i" - ], - "SOC2": [ - "cc_2_1", - "cc_7_2", - "cc_a_1_1" - ], - "C5-2025": [ - "OIS-05.01B", - "OIS-05.02B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-15.03B", - "IAM-07.04B", - "DEV-08.02B", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-12.03AC" - ], - "NIST-CSF-1.1": [ - "ae_1", - "ae_3", - "ae_4", - "cm_1", - "cm_3", - "cm_6", - "cm_7", - "am_3", - "ac_6", - "ds_5", - "ma_2", - "pt_1" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-4", - "ac-2-g", - "au-2-a-d", - "au-3", - "au-6-1-3", - "au-12-a-c", - "ca-7-a-b", - "si-4-16", - "si-4-2", - "si-4-4", - "si-4-5" - ], - "CIS-3.0": [ - "3.1" - ], - "NIST-800-53-Revision-5": [ - "ac_2_4", - "ac_3_1", - "ac_3_10", - "ac_4_26", - "ac_6_9", - "au_2_b", - "au_3_1", - "au_3_a", - "au_3_b", - "au_3_c", - "au_3_d", - "au_3_e", - "au_3_f", - "au_6_3", - "au_6_4", - "au_6_6", - "au_6_9", - "au_8_b", - "au_10", - "au_12_a", - "au_12_c", - "au_12_1", - "au_12_2", - "au_12_3", - "au_12_4", - "au_14_a", - "au_14_b", - "au_14_3", - "ca_7_b", - "cm_5_1_b", - "cm_6_a", - "cm_9_b", - "ia_3_3_b", - "ma_4_1_a", - "pm_14_a_1", - "pm_14_b", - "pm_31", - "sc_7_9_b", - "si_1_1_c", - "si_3_8_b", - "si_4_2", - "si_4_17", - "si_4_20", - "si_7_8", - "si_10_1_c" - ], - "ENS-RD2022": [ - "op.acc.6.r5.aws.iam.1", - "op.exp.5.aws.ct.1", - "op.exp.8.aws.ct.1", - "op.exp.8.aws.ct.6", - "op.exp.9.aws.ct.1", - "op.mon.1.aws.ct.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "CIS-4.0.1": [ - "3.1" - ], - "PCI-4.0": [ - "10.2.1.1.22", - "10.2.1.2.19", - "10.2.1.3.19", - "10.2.1.4.19", - "10.2.1.5.19", - "10.2.1.6.19", - "10.2.1.7.19", - "10.2.1.19", - "10.2.2.19", - "10.3.1.19", - "10.6.3.24", - "5.3.4.22", - "A1.2.1.23" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "au-2", - "ca-7" - ], - "FFIEC": [ - "d2-ma-ma-b-1", - "d2-ma-ma-b-2", - "d3-dc-an-b-3", - "d3-dc-an-b-4", - "d3-dc-an-b-5", - "d3-dc-ev-b-1", - "d3-dc-ev-b-3", - "d3-pc-im-b-3", - "d3-pc-im-b-7", - "d5-dr-de-b-3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "3.2", - "3.2.3", - "3.4", - "3.4.d", - "10.1", - "10.2", - "10.2.1", - "10.2.2", - "10.2.3", - "10.2.4", - "10.2.6", - "10.2.7", - "10.3", - "10.3.1", - "10.3.2", - "10.3.3", - "10.3.4", - "10.3.5", - "10.3.6", - "10.5", - "10.5.4" - ], - "CIS-5.0": [ - "3.1" - ], - "CIS-1.4": [ - "3.1" - ], - "GxP-EU-Annex-11": [ - "1-risk-management", - "4.2-validation-documentation-change-control" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Logging.CN05.AR01", - "CCC.Core.CN08.AR01", - "CCC.Core.CN09.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR03" - ], - "GxP-21-CFR-Part-11": [ - "11.10-e", - "11.10-k", - "11.300-d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "CloudTrail.1" - ], - "CIS-1.5": [ - "3.1" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02", - "SEC04-BP03" - ], - "NIST-800-53-Revision-4": [ - "ac_2_4", - "ac_2", - "au_2", - "au_3", - "au_12", - "cm_2" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "CIS-2.0": [ - "3.1" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure CloudTrail is enabled in all regions", - "title": "Ensure CloudTrail is enabled in all regions", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled-211203495394-ap-southeast-2-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-southeast-2", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:ap-southeast-2:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-southeast-2" - }, - "remediation": { - "desc": "Ensure Logging is set to ON on all regions (even if they are not being used at the moment.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrailconcepts.html#cloudtrail-concepts-management-events" - ] - }, - "risk_details": "AWS CloudTrail is a web service that records AWS API calls for your account and delivers log files to you. The recorded information includes the identity of the API caller, the time of the API call, the source IP address of the API caller, the request parameters, and the response elements returned by the AWS service.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled with logging were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled with logging were found.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_12", - "3_3_1", - "3_3_2", - "3_3_3", - "3_4_1", - "3_6_1", - "3_6_2", - "3_13_1", - "3_13_2", - "3_14_6", - "3_14_7" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_4" - ], - "HIPAA": [ - "164_308_a_1_ii_d", - "164_308_a_3_ii_a", - "164_308_a_6_ii", - "164_312_b", - "164_312_e_2_i" - ], - "SOC2": [ - "cc_2_1", - "cc_7_2", - "cc_a_1_1" - ], - "C5-2025": [ - "OIS-05.01B", - "OIS-05.02B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-15.03B", - "IAM-07.04B", - "DEV-08.02B", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-12.03AC" - ], - "NIST-CSF-1.1": [ - "ae_1", - "ae_3", - "ae_4", - "cm_1", - "cm_3", - "cm_6", - "cm_7", - "am_3", - "ac_6", - "ds_5", - "ma_2", - "pt_1" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-4", - "ac-2-g", - "au-2-a-d", - "au-3", - "au-6-1-3", - "au-12-a-c", - "ca-7-a-b", - "si-4-16", - "si-4-2", - "si-4-4", - "si-4-5" - ], - "CIS-3.0": [ - "3.1" - ], - "NIST-800-53-Revision-5": [ - "ac_2_4", - "ac_3_1", - "ac_3_10", - "ac_4_26", - "ac_6_9", - "au_2_b", - "au_3_1", - "au_3_a", - "au_3_b", - "au_3_c", - "au_3_d", - "au_3_e", - "au_3_f", - "au_6_3", - "au_6_4", - "au_6_6", - "au_6_9", - "au_8_b", - "au_10", - "au_12_a", - "au_12_c", - "au_12_1", - "au_12_2", - "au_12_3", - "au_12_4", - "au_14_a", - "au_14_b", - "au_14_3", - "ca_7_b", - "cm_5_1_b", - "cm_6_a", - "cm_9_b", - "ia_3_3_b", - "ma_4_1_a", - "pm_14_a_1", - "pm_14_b", - "pm_31", - "sc_7_9_b", - "si_1_1_c", - "si_3_8_b", - "si_4_2", - "si_4_17", - "si_4_20", - "si_7_8", - "si_10_1_c" - ], - "ENS-RD2022": [ - "op.acc.6.r5.aws.iam.1", - "op.exp.5.aws.ct.1", - "op.exp.8.aws.ct.1", - "op.exp.8.aws.ct.6", - "op.exp.9.aws.ct.1", - "op.mon.1.aws.ct.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "CIS-4.0.1": [ - "3.1" - ], - "PCI-4.0": [ - "10.2.1.1.22", - "10.2.1.2.19", - "10.2.1.3.19", - "10.2.1.4.19", - "10.2.1.5.19", - "10.2.1.6.19", - "10.2.1.7.19", - "10.2.1.19", - "10.2.2.19", - "10.3.1.19", - "10.6.3.24", - "5.3.4.22", - "A1.2.1.23" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "au-2", - "ca-7" - ], - "FFIEC": [ - "d2-ma-ma-b-1", - "d2-ma-ma-b-2", - "d3-dc-an-b-3", - "d3-dc-an-b-4", - "d3-dc-an-b-5", - "d3-dc-ev-b-1", - "d3-dc-ev-b-3", - "d3-pc-im-b-3", - "d3-pc-im-b-7", - "d5-dr-de-b-3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "3.2", - "3.2.3", - "3.4", - "3.4.d", - "10.1", - "10.2", - "10.2.1", - "10.2.2", - "10.2.3", - "10.2.4", - "10.2.6", - "10.2.7", - "10.3", - "10.3.1", - "10.3.2", - "10.3.3", - "10.3.4", - "10.3.5", - "10.3.6", - "10.5", - "10.5.4" - ], - "CIS-5.0": [ - "3.1" - ], - "CIS-1.4": [ - "3.1" - ], - "GxP-EU-Annex-11": [ - "1-risk-management", - "4.2-validation-documentation-change-control" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Logging.CN05.AR01", - "CCC.Core.CN08.AR01", - "CCC.Core.CN09.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR03" - ], - "GxP-21-CFR-Part-11": [ - "11.10-e", - "11.10-k", - "11.300-d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "CloudTrail.1" - ], - "CIS-1.5": [ - "3.1" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02", - "SEC04-BP03" - ], - "NIST-800-53-Revision-4": [ - "ac_2_4", - "ac_2", - "au_2", - "au_3", - "au_12", - "cm_2" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "CIS-2.0": [ - "3.1" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure CloudTrail is enabled in all regions", - "title": "Ensure CloudTrail is enabled in all regions", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled-211203495394-ca-central-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ca-central-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:ca-central-1:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ca-central-1" - }, - "remediation": { - "desc": "Ensure Logging is set to ON on all regions (even if they are not being used at the moment.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrailconcepts.html#cloudtrail-concepts-management-events" - ] - }, - "risk_details": "AWS CloudTrail is a web service that records AWS API calls for your account and delivers log files to you. The recorded information includes the identity of the API caller, the time of the API call, the source IP address of the API caller, the request parameters, and the response elements returned by the AWS service.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled with logging were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled with logging were found.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_12", - "3_3_1", - "3_3_2", - "3_3_3", - "3_4_1", - "3_6_1", - "3_6_2", - "3_13_1", - "3_13_2", - "3_14_6", - "3_14_7" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_4" - ], - "HIPAA": [ - "164_308_a_1_ii_d", - "164_308_a_3_ii_a", - "164_308_a_6_ii", - "164_312_b", - "164_312_e_2_i" - ], - "SOC2": [ - "cc_2_1", - "cc_7_2", - "cc_a_1_1" - ], - "C5-2025": [ - "OIS-05.01B", - "OIS-05.02B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-15.03B", - "IAM-07.04B", - "DEV-08.02B", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-12.03AC" - ], - "NIST-CSF-1.1": [ - "ae_1", - "ae_3", - "ae_4", - "cm_1", - "cm_3", - "cm_6", - "cm_7", - "am_3", - "ac_6", - "ds_5", - "ma_2", - "pt_1" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-4", - "ac-2-g", - "au-2-a-d", - "au-3", - "au-6-1-3", - "au-12-a-c", - "ca-7-a-b", - "si-4-16", - "si-4-2", - "si-4-4", - "si-4-5" - ], - "CIS-3.0": [ - "3.1" - ], - "NIST-800-53-Revision-5": [ - "ac_2_4", - "ac_3_1", - "ac_3_10", - "ac_4_26", - "ac_6_9", - "au_2_b", - "au_3_1", - "au_3_a", - "au_3_b", - "au_3_c", - "au_3_d", - "au_3_e", - "au_3_f", - "au_6_3", - "au_6_4", - "au_6_6", - "au_6_9", - "au_8_b", - "au_10", - "au_12_a", - "au_12_c", - "au_12_1", - "au_12_2", - "au_12_3", - "au_12_4", - "au_14_a", - "au_14_b", - "au_14_3", - "ca_7_b", - "cm_5_1_b", - "cm_6_a", - "cm_9_b", - "ia_3_3_b", - "ma_4_1_a", - "pm_14_a_1", - "pm_14_b", - "pm_31", - "sc_7_9_b", - "si_1_1_c", - "si_3_8_b", - "si_4_2", - "si_4_17", - "si_4_20", - "si_7_8", - "si_10_1_c" - ], - "ENS-RD2022": [ - "op.acc.6.r5.aws.iam.1", - "op.exp.5.aws.ct.1", - "op.exp.8.aws.ct.1", - "op.exp.8.aws.ct.6", - "op.exp.9.aws.ct.1", - "op.mon.1.aws.ct.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "CIS-4.0.1": [ - "3.1" - ], - "PCI-4.0": [ - "10.2.1.1.22", - "10.2.1.2.19", - "10.2.1.3.19", - "10.2.1.4.19", - "10.2.1.5.19", - "10.2.1.6.19", - "10.2.1.7.19", - "10.2.1.19", - "10.2.2.19", - "10.3.1.19", - "10.6.3.24", - "5.3.4.22", - "A1.2.1.23" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "au-2", - "ca-7" - ], - "FFIEC": [ - "d2-ma-ma-b-1", - "d2-ma-ma-b-2", - "d3-dc-an-b-3", - "d3-dc-an-b-4", - "d3-dc-an-b-5", - "d3-dc-ev-b-1", - "d3-dc-ev-b-3", - "d3-pc-im-b-3", - "d3-pc-im-b-7", - "d5-dr-de-b-3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "3.2", - "3.2.3", - "3.4", - "3.4.d", - "10.1", - "10.2", - "10.2.1", - "10.2.2", - "10.2.3", - "10.2.4", - "10.2.6", - "10.2.7", - "10.3", - "10.3.1", - "10.3.2", - "10.3.3", - "10.3.4", - "10.3.5", - "10.3.6", - "10.5", - "10.5.4" - ], - "CIS-5.0": [ - "3.1" - ], - "CIS-1.4": [ - "3.1" - ], - "GxP-EU-Annex-11": [ - "1-risk-management", - "4.2-validation-documentation-change-control" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Logging.CN05.AR01", - "CCC.Core.CN08.AR01", - "CCC.Core.CN09.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR03" - ], - "GxP-21-CFR-Part-11": [ - "11.10-e", - "11.10-k", - "11.300-d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "CloudTrail.1" - ], - "CIS-1.5": [ - "3.1" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02", - "SEC04-BP03" - ], - "NIST-800-53-Revision-4": [ - "ac_2_4", - "ac_2", - "au_2", - "au_3", - "au_12", - "cm_2" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "CIS-2.0": [ - "3.1" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure CloudTrail is enabled in all regions", - "title": "Ensure CloudTrail is enabled in all regions", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled-211203495394-eu-central-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-central-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:eu-central-1:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-central-1" - }, - "remediation": { - "desc": "Ensure Logging is set to ON on all regions (even if they are not being used at the moment.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrailconcepts.html#cloudtrail-concepts-management-events" - ] - }, - "risk_details": "AWS CloudTrail is a web service that records AWS API calls for your account and delivers log files to you. The recorded information includes the identity of the API caller, the time of the API call, the source IP address of the API caller, the request parameters, and the response elements returned by the AWS service.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled with logging were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled with logging were found.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_12", - "3_3_1", - "3_3_2", - "3_3_3", - "3_4_1", - "3_6_1", - "3_6_2", - "3_13_1", - "3_13_2", - "3_14_6", - "3_14_7" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_4" - ], - "HIPAA": [ - "164_308_a_1_ii_d", - "164_308_a_3_ii_a", - "164_308_a_6_ii", - "164_312_b", - "164_312_e_2_i" - ], - "SOC2": [ - "cc_2_1", - "cc_7_2", - "cc_a_1_1" - ], - "C5-2025": [ - "OIS-05.01B", - "OIS-05.02B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-15.03B", - "IAM-07.04B", - "DEV-08.02B", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-12.03AC" - ], - "NIST-CSF-1.1": [ - "ae_1", - "ae_3", - "ae_4", - "cm_1", - "cm_3", - "cm_6", - "cm_7", - "am_3", - "ac_6", - "ds_5", - "ma_2", - "pt_1" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-4", - "ac-2-g", - "au-2-a-d", - "au-3", - "au-6-1-3", - "au-12-a-c", - "ca-7-a-b", - "si-4-16", - "si-4-2", - "si-4-4", - "si-4-5" - ], - "CIS-3.0": [ - "3.1" - ], - "NIST-800-53-Revision-5": [ - "ac_2_4", - "ac_3_1", - "ac_3_10", - "ac_4_26", - "ac_6_9", - "au_2_b", - "au_3_1", - "au_3_a", - "au_3_b", - "au_3_c", - "au_3_d", - "au_3_e", - "au_3_f", - "au_6_3", - "au_6_4", - "au_6_6", - "au_6_9", - "au_8_b", - "au_10", - "au_12_a", - "au_12_c", - "au_12_1", - "au_12_2", - "au_12_3", - "au_12_4", - "au_14_a", - "au_14_b", - "au_14_3", - "ca_7_b", - "cm_5_1_b", - "cm_6_a", - "cm_9_b", - "ia_3_3_b", - "ma_4_1_a", - "pm_14_a_1", - "pm_14_b", - "pm_31", - "sc_7_9_b", - "si_1_1_c", - "si_3_8_b", - "si_4_2", - "si_4_17", - "si_4_20", - "si_7_8", - "si_10_1_c" - ], - "ENS-RD2022": [ - "op.acc.6.r5.aws.iam.1", - "op.exp.5.aws.ct.1", - "op.exp.8.aws.ct.1", - "op.exp.8.aws.ct.6", - "op.exp.9.aws.ct.1", - "op.mon.1.aws.ct.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "CIS-4.0.1": [ - "3.1" - ], - "PCI-4.0": [ - "10.2.1.1.22", - "10.2.1.2.19", - "10.2.1.3.19", - "10.2.1.4.19", - "10.2.1.5.19", - "10.2.1.6.19", - "10.2.1.7.19", - "10.2.1.19", - "10.2.2.19", - "10.3.1.19", - "10.6.3.24", - "5.3.4.22", - "A1.2.1.23" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "au-2", - "ca-7" - ], - "FFIEC": [ - "d2-ma-ma-b-1", - "d2-ma-ma-b-2", - "d3-dc-an-b-3", - "d3-dc-an-b-4", - "d3-dc-an-b-5", - "d3-dc-ev-b-1", - "d3-dc-ev-b-3", - "d3-pc-im-b-3", - "d3-pc-im-b-7", - "d5-dr-de-b-3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "3.2", - "3.2.3", - "3.4", - "3.4.d", - "10.1", - "10.2", - "10.2.1", - "10.2.2", - "10.2.3", - "10.2.4", - "10.2.6", - "10.2.7", - "10.3", - "10.3.1", - "10.3.2", - "10.3.3", - "10.3.4", - "10.3.5", - "10.3.6", - "10.5", - "10.5.4" - ], - "CIS-5.0": [ - "3.1" - ], - "CIS-1.4": [ - "3.1" - ], - "GxP-EU-Annex-11": [ - "1-risk-management", - "4.2-validation-documentation-change-control" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Logging.CN05.AR01", - "CCC.Core.CN08.AR01", - "CCC.Core.CN09.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR03" - ], - "GxP-21-CFR-Part-11": [ - "11.10-e", - "11.10-k", - "11.300-d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "CloudTrail.1" - ], - "CIS-1.5": [ - "3.1" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02", - "SEC04-BP03" - ], - "NIST-800-53-Revision-4": [ - "ac_2_4", - "ac_2", - "au_2", - "au_3", - "au_12", - "cm_2" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "CIS-2.0": [ - "3.1" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure CloudTrail is enabled in all regions", - "title": "Ensure CloudTrail is enabled in all regions", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled-211203495394-eu-north-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-north-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:eu-north-1:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-north-1" - }, - "remediation": { - "desc": "Ensure Logging is set to ON on all regions (even if they are not being used at the moment.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrailconcepts.html#cloudtrail-concepts-management-events" - ] - }, - "risk_details": "AWS CloudTrail is a web service that records AWS API calls for your account and delivers log files to you. The recorded information includes the identity of the API caller, the time of the API call, the source IP address of the API caller, the request parameters, and the response elements returned by the AWS service.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled with logging were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled with logging were found.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_12", - "3_3_1", - "3_3_2", - "3_3_3", - "3_4_1", - "3_6_1", - "3_6_2", - "3_13_1", - "3_13_2", - "3_14_6", - "3_14_7" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_4" - ], - "HIPAA": [ - "164_308_a_1_ii_d", - "164_308_a_3_ii_a", - "164_308_a_6_ii", - "164_312_b", - "164_312_e_2_i" - ], - "SOC2": [ - "cc_2_1", - "cc_7_2", - "cc_a_1_1" - ], - "C5-2025": [ - "OIS-05.01B", - "OIS-05.02B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-15.03B", - "IAM-07.04B", - "DEV-08.02B", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-12.03AC" - ], - "NIST-CSF-1.1": [ - "ae_1", - "ae_3", - "ae_4", - "cm_1", - "cm_3", - "cm_6", - "cm_7", - "am_3", - "ac_6", - "ds_5", - "ma_2", - "pt_1" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-4", - "ac-2-g", - "au-2-a-d", - "au-3", - "au-6-1-3", - "au-12-a-c", - "ca-7-a-b", - "si-4-16", - "si-4-2", - "si-4-4", - "si-4-5" - ], - "CIS-3.0": [ - "3.1" - ], - "NIST-800-53-Revision-5": [ - "ac_2_4", - "ac_3_1", - "ac_3_10", - "ac_4_26", - "ac_6_9", - "au_2_b", - "au_3_1", - "au_3_a", - "au_3_b", - "au_3_c", - "au_3_d", - "au_3_e", - "au_3_f", - "au_6_3", - "au_6_4", - "au_6_6", - "au_6_9", - "au_8_b", - "au_10", - "au_12_a", - "au_12_c", - "au_12_1", - "au_12_2", - "au_12_3", - "au_12_4", - "au_14_a", - "au_14_b", - "au_14_3", - "ca_7_b", - "cm_5_1_b", - "cm_6_a", - "cm_9_b", - "ia_3_3_b", - "ma_4_1_a", - "pm_14_a_1", - "pm_14_b", - "pm_31", - "sc_7_9_b", - "si_1_1_c", - "si_3_8_b", - "si_4_2", - "si_4_17", - "si_4_20", - "si_7_8", - "si_10_1_c" - ], - "ENS-RD2022": [ - "op.acc.6.r5.aws.iam.1", - "op.exp.5.aws.ct.1", - "op.exp.8.aws.ct.1", - "op.exp.8.aws.ct.6", - "op.exp.9.aws.ct.1", - "op.mon.1.aws.ct.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "CIS-4.0.1": [ - "3.1" - ], - "PCI-4.0": [ - "10.2.1.1.22", - "10.2.1.2.19", - "10.2.1.3.19", - "10.2.1.4.19", - "10.2.1.5.19", - "10.2.1.6.19", - "10.2.1.7.19", - "10.2.1.19", - "10.2.2.19", - "10.3.1.19", - "10.6.3.24", - "5.3.4.22", - "A1.2.1.23" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "au-2", - "ca-7" - ], - "FFIEC": [ - "d2-ma-ma-b-1", - "d2-ma-ma-b-2", - "d3-dc-an-b-3", - "d3-dc-an-b-4", - "d3-dc-an-b-5", - "d3-dc-ev-b-1", - "d3-dc-ev-b-3", - "d3-pc-im-b-3", - "d3-pc-im-b-7", - "d5-dr-de-b-3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "3.2", - "3.2.3", - "3.4", - "3.4.d", - "10.1", - "10.2", - "10.2.1", - "10.2.2", - "10.2.3", - "10.2.4", - "10.2.6", - "10.2.7", - "10.3", - "10.3.1", - "10.3.2", - "10.3.3", - "10.3.4", - "10.3.5", - "10.3.6", - "10.5", - "10.5.4" - ], - "CIS-5.0": [ - "3.1" - ], - "CIS-1.4": [ - "3.1" - ], - "GxP-EU-Annex-11": [ - "1-risk-management", - "4.2-validation-documentation-change-control" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Logging.CN05.AR01", - "CCC.Core.CN08.AR01", - "CCC.Core.CN09.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR03" - ], - "GxP-21-CFR-Part-11": [ - "11.10-e", - "11.10-k", - "11.300-d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "CloudTrail.1" - ], - "CIS-1.5": [ - "3.1" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02", - "SEC04-BP03" - ], - "NIST-800-53-Revision-4": [ - "ac_2_4", - "ac_2", - "au_2", - "au_3", - "au_12", - "cm_2" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "CIS-2.0": [ - "3.1" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure CloudTrail is enabled in all regions", - "title": "Ensure CloudTrail is enabled in all regions", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled-211203495394-eu-west-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:eu-west-1:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Ensure Logging is set to ON on all regions (even if they are not being used at the moment.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrailconcepts.html#cloudtrail-concepts-management-events" - ] - }, - "risk_details": "AWS CloudTrail is a web service that records AWS API calls for your account and delivers log files to you. The recorded information includes the identity of the API caller, the time of the API call, the source IP address of the API caller, the request parameters, and the response elements returned by the AWS service.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled with logging were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled with logging were found.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_12", - "3_3_1", - "3_3_2", - "3_3_3", - "3_4_1", - "3_6_1", - "3_6_2", - "3_13_1", - "3_13_2", - "3_14_6", - "3_14_7" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_4" - ], - "HIPAA": [ - "164_308_a_1_ii_d", - "164_308_a_3_ii_a", - "164_308_a_6_ii", - "164_312_b", - "164_312_e_2_i" - ], - "SOC2": [ - "cc_2_1", - "cc_7_2", - "cc_a_1_1" - ], - "C5-2025": [ - "OIS-05.01B", - "OIS-05.02B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-15.03B", - "IAM-07.04B", - "DEV-08.02B", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-12.03AC" - ], - "NIST-CSF-1.1": [ - "ae_1", - "ae_3", - "ae_4", - "cm_1", - "cm_3", - "cm_6", - "cm_7", - "am_3", - "ac_6", - "ds_5", - "ma_2", - "pt_1" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-4", - "ac-2-g", - "au-2-a-d", - "au-3", - "au-6-1-3", - "au-12-a-c", - "ca-7-a-b", - "si-4-16", - "si-4-2", - "si-4-4", - "si-4-5" - ], - "CIS-3.0": [ - "3.1" - ], - "NIST-800-53-Revision-5": [ - "ac_2_4", - "ac_3_1", - "ac_3_10", - "ac_4_26", - "ac_6_9", - "au_2_b", - "au_3_1", - "au_3_a", - "au_3_b", - "au_3_c", - "au_3_d", - "au_3_e", - "au_3_f", - "au_6_3", - "au_6_4", - "au_6_6", - "au_6_9", - "au_8_b", - "au_10", - "au_12_a", - "au_12_c", - "au_12_1", - "au_12_2", - "au_12_3", - "au_12_4", - "au_14_a", - "au_14_b", - "au_14_3", - "ca_7_b", - "cm_5_1_b", - "cm_6_a", - "cm_9_b", - "ia_3_3_b", - "ma_4_1_a", - "pm_14_a_1", - "pm_14_b", - "pm_31", - "sc_7_9_b", - "si_1_1_c", - "si_3_8_b", - "si_4_2", - "si_4_17", - "si_4_20", - "si_7_8", - "si_10_1_c" - ], - "ENS-RD2022": [ - "op.acc.6.r5.aws.iam.1", - "op.exp.5.aws.ct.1", - "op.exp.8.aws.ct.1", - "op.exp.8.aws.ct.6", - "op.exp.9.aws.ct.1", - "op.mon.1.aws.ct.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "CIS-4.0.1": [ - "3.1" - ], - "PCI-4.0": [ - "10.2.1.1.22", - "10.2.1.2.19", - "10.2.1.3.19", - "10.2.1.4.19", - "10.2.1.5.19", - "10.2.1.6.19", - "10.2.1.7.19", - "10.2.1.19", - "10.2.2.19", - "10.3.1.19", - "10.6.3.24", - "5.3.4.22", - "A1.2.1.23" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "au-2", - "ca-7" - ], - "FFIEC": [ - "d2-ma-ma-b-1", - "d2-ma-ma-b-2", - "d3-dc-an-b-3", - "d3-dc-an-b-4", - "d3-dc-an-b-5", - "d3-dc-ev-b-1", - "d3-dc-ev-b-3", - "d3-pc-im-b-3", - "d3-pc-im-b-7", - "d5-dr-de-b-3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "3.2", - "3.2.3", - "3.4", - "3.4.d", - "10.1", - "10.2", - "10.2.1", - "10.2.2", - "10.2.3", - "10.2.4", - "10.2.6", - "10.2.7", - "10.3", - "10.3.1", - "10.3.2", - "10.3.3", - "10.3.4", - "10.3.5", - "10.3.6", - "10.5", - "10.5.4" - ], - "CIS-5.0": [ - "3.1" - ], - "CIS-1.4": [ - "3.1" - ], - "GxP-EU-Annex-11": [ - "1-risk-management", - "4.2-validation-documentation-change-control" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Logging.CN05.AR01", - "CCC.Core.CN08.AR01", - "CCC.Core.CN09.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR03" - ], - "GxP-21-CFR-Part-11": [ - "11.10-e", - "11.10-k", - "11.300-d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "CloudTrail.1" - ], - "CIS-1.5": [ - "3.1" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02", - "SEC04-BP03" - ], - "NIST-800-53-Revision-4": [ - "ac_2_4", - "ac_2", - "au_2", - "au_3", - "au_12", - "cm_2" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "CIS-2.0": [ - "3.1" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure CloudTrail is enabled in all regions", - "title": "Ensure CloudTrail is enabled in all regions", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled-211203495394-eu-west-2-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-2", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:eu-west-2:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-2" - }, - "remediation": { - "desc": "Ensure Logging is set to ON on all regions (even if they are not being used at the moment.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrailconcepts.html#cloudtrail-concepts-management-events" - ] - }, - "risk_details": "AWS CloudTrail is a web service that records AWS API calls for your account and delivers log files to you. The recorded information includes the identity of the API caller, the time of the API call, the source IP address of the API caller, the request parameters, and the response elements returned by the AWS service.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled with logging were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled with logging were found.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_12", - "3_3_1", - "3_3_2", - "3_3_3", - "3_4_1", - "3_6_1", - "3_6_2", - "3_13_1", - "3_13_2", - "3_14_6", - "3_14_7" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_4" - ], - "HIPAA": [ - "164_308_a_1_ii_d", - "164_308_a_3_ii_a", - "164_308_a_6_ii", - "164_312_b", - "164_312_e_2_i" - ], - "SOC2": [ - "cc_2_1", - "cc_7_2", - "cc_a_1_1" - ], - "C5-2025": [ - "OIS-05.01B", - "OIS-05.02B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-15.03B", - "IAM-07.04B", - "DEV-08.02B", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-12.03AC" - ], - "NIST-CSF-1.1": [ - "ae_1", - "ae_3", - "ae_4", - "cm_1", - "cm_3", - "cm_6", - "cm_7", - "am_3", - "ac_6", - "ds_5", - "ma_2", - "pt_1" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-4", - "ac-2-g", - "au-2-a-d", - "au-3", - "au-6-1-3", - "au-12-a-c", - "ca-7-a-b", - "si-4-16", - "si-4-2", - "si-4-4", - "si-4-5" - ], - "CIS-3.0": [ - "3.1" - ], - "NIST-800-53-Revision-5": [ - "ac_2_4", - "ac_3_1", - "ac_3_10", - "ac_4_26", - "ac_6_9", - "au_2_b", - "au_3_1", - "au_3_a", - "au_3_b", - "au_3_c", - "au_3_d", - "au_3_e", - "au_3_f", - "au_6_3", - "au_6_4", - "au_6_6", - "au_6_9", - "au_8_b", - "au_10", - "au_12_a", - "au_12_c", - "au_12_1", - "au_12_2", - "au_12_3", - "au_12_4", - "au_14_a", - "au_14_b", - "au_14_3", - "ca_7_b", - "cm_5_1_b", - "cm_6_a", - "cm_9_b", - "ia_3_3_b", - "ma_4_1_a", - "pm_14_a_1", - "pm_14_b", - "pm_31", - "sc_7_9_b", - "si_1_1_c", - "si_3_8_b", - "si_4_2", - "si_4_17", - "si_4_20", - "si_7_8", - "si_10_1_c" - ], - "ENS-RD2022": [ - "op.acc.6.r5.aws.iam.1", - "op.exp.5.aws.ct.1", - "op.exp.8.aws.ct.1", - "op.exp.8.aws.ct.6", - "op.exp.9.aws.ct.1", - "op.mon.1.aws.ct.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "CIS-4.0.1": [ - "3.1" - ], - "PCI-4.0": [ - "10.2.1.1.22", - "10.2.1.2.19", - "10.2.1.3.19", - "10.2.1.4.19", - "10.2.1.5.19", - "10.2.1.6.19", - "10.2.1.7.19", - "10.2.1.19", - "10.2.2.19", - "10.3.1.19", - "10.6.3.24", - "5.3.4.22", - "A1.2.1.23" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "au-2", - "ca-7" - ], - "FFIEC": [ - "d2-ma-ma-b-1", - "d2-ma-ma-b-2", - "d3-dc-an-b-3", - "d3-dc-an-b-4", - "d3-dc-an-b-5", - "d3-dc-ev-b-1", - "d3-dc-ev-b-3", - "d3-pc-im-b-3", - "d3-pc-im-b-7", - "d5-dr-de-b-3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "3.2", - "3.2.3", - "3.4", - "3.4.d", - "10.1", - "10.2", - "10.2.1", - "10.2.2", - "10.2.3", - "10.2.4", - "10.2.6", - "10.2.7", - "10.3", - "10.3.1", - "10.3.2", - "10.3.3", - "10.3.4", - "10.3.5", - "10.3.6", - "10.5", - "10.5.4" - ], - "CIS-5.0": [ - "3.1" - ], - "CIS-1.4": [ - "3.1" - ], - "GxP-EU-Annex-11": [ - "1-risk-management", - "4.2-validation-documentation-change-control" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Logging.CN05.AR01", - "CCC.Core.CN08.AR01", - "CCC.Core.CN09.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR03" - ], - "GxP-21-CFR-Part-11": [ - "11.10-e", - "11.10-k", - "11.300-d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "CloudTrail.1" - ], - "CIS-1.5": [ - "3.1" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02", - "SEC04-BP03" - ], - "NIST-800-53-Revision-4": [ - "ac_2_4", - "ac_2", - "au_2", - "au_3", - "au_12", - "cm_2" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "CIS-2.0": [ - "3.1" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure CloudTrail is enabled in all regions", - "title": "Ensure CloudTrail is enabled in all regions", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled-211203495394-eu-west-3-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-3", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:eu-west-3:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-3" - }, - "remediation": { - "desc": "Ensure Logging is set to ON on all regions (even if they are not being used at the moment.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrailconcepts.html#cloudtrail-concepts-management-events" - ] - }, - "risk_details": "AWS CloudTrail is a web service that records AWS API calls for your account and delivers log files to you. The recorded information includes the identity of the API caller, the time of the API call, the source IP address of the API caller, the request parameters, and the response elements returned by the AWS service.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled with logging were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled with logging were found.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_12", - "3_3_1", - "3_3_2", - "3_3_3", - "3_4_1", - "3_6_1", - "3_6_2", - "3_13_1", - "3_13_2", - "3_14_6", - "3_14_7" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_4" - ], - "HIPAA": [ - "164_308_a_1_ii_d", - "164_308_a_3_ii_a", - "164_308_a_6_ii", - "164_312_b", - "164_312_e_2_i" - ], - "SOC2": [ - "cc_2_1", - "cc_7_2", - "cc_a_1_1" - ], - "C5-2025": [ - "OIS-05.01B", - "OIS-05.02B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-15.03B", - "IAM-07.04B", - "DEV-08.02B", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-12.03AC" - ], - "NIST-CSF-1.1": [ - "ae_1", - "ae_3", - "ae_4", - "cm_1", - "cm_3", - "cm_6", - "cm_7", - "am_3", - "ac_6", - "ds_5", - "ma_2", - "pt_1" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-4", - "ac-2-g", - "au-2-a-d", - "au-3", - "au-6-1-3", - "au-12-a-c", - "ca-7-a-b", - "si-4-16", - "si-4-2", - "si-4-4", - "si-4-5" - ], - "CIS-3.0": [ - "3.1" - ], - "NIST-800-53-Revision-5": [ - "ac_2_4", - "ac_3_1", - "ac_3_10", - "ac_4_26", - "ac_6_9", - "au_2_b", - "au_3_1", - "au_3_a", - "au_3_b", - "au_3_c", - "au_3_d", - "au_3_e", - "au_3_f", - "au_6_3", - "au_6_4", - "au_6_6", - "au_6_9", - "au_8_b", - "au_10", - "au_12_a", - "au_12_c", - "au_12_1", - "au_12_2", - "au_12_3", - "au_12_4", - "au_14_a", - "au_14_b", - "au_14_3", - "ca_7_b", - "cm_5_1_b", - "cm_6_a", - "cm_9_b", - "ia_3_3_b", - "ma_4_1_a", - "pm_14_a_1", - "pm_14_b", - "pm_31", - "sc_7_9_b", - "si_1_1_c", - "si_3_8_b", - "si_4_2", - "si_4_17", - "si_4_20", - "si_7_8", - "si_10_1_c" - ], - "ENS-RD2022": [ - "op.acc.6.r5.aws.iam.1", - "op.exp.5.aws.ct.1", - "op.exp.8.aws.ct.1", - "op.exp.8.aws.ct.6", - "op.exp.9.aws.ct.1", - "op.mon.1.aws.ct.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "CIS-4.0.1": [ - "3.1" - ], - "PCI-4.0": [ - "10.2.1.1.22", - "10.2.1.2.19", - "10.2.1.3.19", - "10.2.1.4.19", - "10.2.1.5.19", - "10.2.1.6.19", - "10.2.1.7.19", - "10.2.1.19", - "10.2.2.19", - "10.3.1.19", - "10.6.3.24", - "5.3.4.22", - "A1.2.1.23" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "au-2", - "ca-7" - ], - "FFIEC": [ - "d2-ma-ma-b-1", - "d2-ma-ma-b-2", - "d3-dc-an-b-3", - "d3-dc-an-b-4", - "d3-dc-an-b-5", - "d3-dc-ev-b-1", - "d3-dc-ev-b-3", - "d3-pc-im-b-3", - "d3-pc-im-b-7", - "d5-dr-de-b-3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "3.2", - "3.2.3", - "3.4", - "3.4.d", - "10.1", - "10.2", - "10.2.1", - "10.2.2", - "10.2.3", - "10.2.4", - "10.2.6", - "10.2.7", - "10.3", - "10.3.1", - "10.3.2", - "10.3.3", - "10.3.4", - "10.3.5", - "10.3.6", - "10.5", - "10.5.4" - ], - "CIS-5.0": [ - "3.1" - ], - "CIS-1.4": [ - "3.1" - ], - "GxP-EU-Annex-11": [ - "1-risk-management", - "4.2-validation-documentation-change-control" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Logging.CN05.AR01", - "CCC.Core.CN08.AR01", - "CCC.Core.CN09.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR03" - ], - "GxP-21-CFR-Part-11": [ - "11.10-e", - "11.10-k", - "11.300-d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "CloudTrail.1" - ], - "CIS-1.5": [ - "3.1" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02", - "SEC04-BP03" - ], - "NIST-800-53-Revision-4": [ - "ac_2_4", - "ac_2", - "au_2", - "au_3", - "au_12", - "cm_2" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "CIS-2.0": [ - "3.1" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure CloudTrail is enabled in all regions", - "title": "Ensure CloudTrail is enabled in all regions", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled-211203495394-sa-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "sa-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:sa-east-1:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "sa-east-1" - }, - "remediation": { - "desc": "Ensure Logging is set to ON on all regions (even if they are not being used at the moment.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrailconcepts.html#cloudtrail-concepts-management-events" - ] - }, - "risk_details": "AWS CloudTrail is a web service that records AWS API calls for your account and delivers log files to you. The recorded information includes the identity of the API caller, the time of the API call, the source IP address of the API caller, the request parameters, and the response elements returned by the AWS service.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled with logging were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled with logging were found.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_12", - "3_3_1", - "3_3_2", - "3_3_3", - "3_4_1", - "3_6_1", - "3_6_2", - "3_13_1", - "3_13_2", - "3_14_6", - "3_14_7" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_4" - ], - "HIPAA": [ - "164_308_a_1_ii_d", - "164_308_a_3_ii_a", - "164_308_a_6_ii", - "164_312_b", - "164_312_e_2_i" - ], - "SOC2": [ - "cc_2_1", - "cc_7_2", - "cc_a_1_1" - ], - "C5-2025": [ - "OIS-05.01B", - "OIS-05.02B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-15.03B", - "IAM-07.04B", - "DEV-08.02B", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-12.03AC" - ], - "NIST-CSF-1.1": [ - "ae_1", - "ae_3", - "ae_4", - "cm_1", - "cm_3", - "cm_6", - "cm_7", - "am_3", - "ac_6", - "ds_5", - "ma_2", - "pt_1" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-4", - "ac-2-g", - "au-2-a-d", - "au-3", - "au-6-1-3", - "au-12-a-c", - "ca-7-a-b", - "si-4-16", - "si-4-2", - "si-4-4", - "si-4-5" - ], - "CIS-3.0": [ - "3.1" - ], - "NIST-800-53-Revision-5": [ - "ac_2_4", - "ac_3_1", - "ac_3_10", - "ac_4_26", - "ac_6_9", - "au_2_b", - "au_3_1", - "au_3_a", - "au_3_b", - "au_3_c", - "au_3_d", - "au_3_e", - "au_3_f", - "au_6_3", - "au_6_4", - "au_6_6", - "au_6_9", - "au_8_b", - "au_10", - "au_12_a", - "au_12_c", - "au_12_1", - "au_12_2", - "au_12_3", - "au_12_4", - "au_14_a", - "au_14_b", - "au_14_3", - "ca_7_b", - "cm_5_1_b", - "cm_6_a", - "cm_9_b", - "ia_3_3_b", - "ma_4_1_a", - "pm_14_a_1", - "pm_14_b", - "pm_31", - "sc_7_9_b", - "si_1_1_c", - "si_3_8_b", - "si_4_2", - "si_4_17", - "si_4_20", - "si_7_8", - "si_10_1_c" - ], - "ENS-RD2022": [ - "op.acc.6.r5.aws.iam.1", - "op.exp.5.aws.ct.1", - "op.exp.8.aws.ct.1", - "op.exp.8.aws.ct.6", - "op.exp.9.aws.ct.1", - "op.mon.1.aws.ct.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "CIS-4.0.1": [ - "3.1" - ], - "PCI-4.0": [ - "10.2.1.1.22", - "10.2.1.2.19", - "10.2.1.3.19", - "10.2.1.4.19", - "10.2.1.5.19", - "10.2.1.6.19", - "10.2.1.7.19", - "10.2.1.19", - "10.2.2.19", - "10.3.1.19", - "10.6.3.24", - "5.3.4.22", - "A1.2.1.23" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "au-2", - "ca-7" - ], - "FFIEC": [ - "d2-ma-ma-b-1", - "d2-ma-ma-b-2", - "d3-dc-an-b-3", - "d3-dc-an-b-4", - "d3-dc-an-b-5", - "d3-dc-ev-b-1", - "d3-dc-ev-b-3", - "d3-pc-im-b-3", - "d3-pc-im-b-7", - "d5-dr-de-b-3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "3.2", - "3.2.3", - "3.4", - "3.4.d", - "10.1", - "10.2", - "10.2.1", - "10.2.2", - "10.2.3", - "10.2.4", - "10.2.6", - "10.2.7", - "10.3", - "10.3.1", - "10.3.2", - "10.3.3", - "10.3.4", - "10.3.5", - "10.3.6", - "10.5", - "10.5.4" - ], - "CIS-5.0": [ - "3.1" - ], - "CIS-1.4": [ - "3.1" - ], - "GxP-EU-Annex-11": [ - "1-risk-management", - "4.2-validation-documentation-change-control" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Logging.CN05.AR01", - "CCC.Core.CN08.AR01", - "CCC.Core.CN09.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR03" - ], - "GxP-21-CFR-Part-11": [ - "11.10-e", - "11.10-k", - "11.300-d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "CloudTrail.1" - ], - "CIS-1.5": [ - "3.1" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02", - "SEC04-BP03" - ], - "NIST-800-53-Revision-4": [ - "ac_2_4", - "ac_2", - "au_2", - "au_3", - "au_12", - "cm_2" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "CIS-2.0": [ - "3.1" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure CloudTrail is enabled in all regions", - "title": "Ensure CloudTrail is enabled in all regions", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:us-east-1:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Ensure Logging is set to ON on all regions (even if they are not being used at the moment.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrailconcepts.html#cloudtrail-concepts-management-events" - ] - }, - "risk_details": "AWS CloudTrail is a web service that records AWS API calls for your account and delivers log files to you. The recorded information includes the identity of the API caller, the time of the API call, the source IP address of the API caller, the request parameters, and the response elements returned by the AWS service.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled with logging were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled with logging were found.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_12", - "3_3_1", - "3_3_2", - "3_3_3", - "3_4_1", - "3_6_1", - "3_6_2", - "3_13_1", - "3_13_2", - "3_14_6", - "3_14_7" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_4" - ], - "HIPAA": [ - "164_308_a_1_ii_d", - "164_308_a_3_ii_a", - "164_308_a_6_ii", - "164_312_b", - "164_312_e_2_i" - ], - "SOC2": [ - "cc_2_1", - "cc_7_2", - "cc_a_1_1" - ], - "C5-2025": [ - "OIS-05.01B", - "OIS-05.02B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-15.03B", - "IAM-07.04B", - "DEV-08.02B", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-12.03AC" - ], - "NIST-CSF-1.1": [ - "ae_1", - "ae_3", - "ae_4", - "cm_1", - "cm_3", - "cm_6", - "cm_7", - "am_3", - "ac_6", - "ds_5", - "ma_2", - "pt_1" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-4", - "ac-2-g", - "au-2-a-d", - "au-3", - "au-6-1-3", - "au-12-a-c", - "ca-7-a-b", - "si-4-16", - "si-4-2", - "si-4-4", - "si-4-5" - ], - "CIS-3.0": [ - "3.1" - ], - "NIST-800-53-Revision-5": [ - "ac_2_4", - "ac_3_1", - "ac_3_10", - "ac_4_26", - "ac_6_9", - "au_2_b", - "au_3_1", - "au_3_a", - "au_3_b", - "au_3_c", - "au_3_d", - "au_3_e", - "au_3_f", - "au_6_3", - "au_6_4", - "au_6_6", - "au_6_9", - "au_8_b", - "au_10", - "au_12_a", - "au_12_c", - "au_12_1", - "au_12_2", - "au_12_3", - "au_12_4", - "au_14_a", - "au_14_b", - "au_14_3", - "ca_7_b", - "cm_5_1_b", - "cm_6_a", - "cm_9_b", - "ia_3_3_b", - "ma_4_1_a", - "pm_14_a_1", - "pm_14_b", - "pm_31", - "sc_7_9_b", - "si_1_1_c", - "si_3_8_b", - "si_4_2", - "si_4_17", - "si_4_20", - "si_7_8", - "si_10_1_c" - ], - "ENS-RD2022": [ - "op.acc.6.r5.aws.iam.1", - "op.exp.5.aws.ct.1", - "op.exp.8.aws.ct.1", - "op.exp.8.aws.ct.6", - "op.exp.9.aws.ct.1", - "op.mon.1.aws.ct.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "CIS-4.0.1": [ - "3.1" - ], - "PCI-4.0": [ - "10.2.1.1.22", - "10.2.1.2.19", - "10.2.1.3.19", - "10.2.1.4.19", - "10.2.1.5.19", - "10.2.1.6.19", - "10.2.1.7.19", - "10.2.1.19", - "10.2.2.19", - "10.3.1.19", - "10.6.3.24", - "5.3.4.22", - "A1.2.1.23" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "au-2", - "ca-7" - ], - "FFIEC": [ - "d2-ma-ma-b-1", - "d2-ma-ma-b-2", - "d3-dc-an-b-3", - "d3-dc-an-b-4", - "d3-dc-an-b-5", - "d3-dc-ev-b-1", - "d3-dc-ev-b-3", - "d3-pc-im-b-3", - "d3-pc-im-b-7", - "d5-dr-de-b-3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "3.2", - "3.2.3", - "3.4", - "3.4.d", - "10.1", - "10.2", - "10.2.1", - "10.2.2", - "10.2.3", - "10.2.4", - "10.2.6", - "10.2.7", - "10.3", - "10.3.1", - "10.3.2", - "10.3.3", - "10.3.4", - "10.3.5", - "10.3.6", - "10.5", - "10.5.4" - ], - "CIS-5.0": [ - "3.1" - ], - "CIS-1.4": [ - "3.1" - ], - "GxP-EU-Annex-11": [ - "1-risk-management", - "4.2-validation-documentation-change-control" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Logging.CN05.AR01", - "CCC.Core.CN08.AR01", - "CCC.Core.CN09.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR03" - ], - "GxP-21-CFR-Part-11": [ - "11.10-e", - "11.10-k", - "11.300-d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "CloudTrail.1" - ], - "CIS-1.5": [ - "3.1" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02", - "SEC04-BP03" - ], - "NIST-800-53-Revision-4": [ - "ac_2_4", - "ac_2", - "au_2", - "au_3", - "au_12", - "cm_2" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "CIS-2.0": [ - "3.1" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure CloudTrail is enabled in all regions", - "title": "Ensure CloudTrail is enabled in all regions", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled-211203495394-us-east-2-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-2", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:us-east-2:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-2" - }, - "remediation": { - "desc": "Ensure Logging is set to ON on all regions (even if they are not being used at the moment.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrailconcepts.html#cloudtrail-concepts-management-events" - ] - }, - "risk_details": "AWS CloudTrail is a web service that records AWS API calls for your account and delivers log files to you. The recorded information includes the identity of the API caller, the time of the API call, the source IP address of the API caller, the request parameters, and the response elements returned by the AWS service.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled with logging were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled with logging were found.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_12", - "3_3_1", - "3_3_2", - "3_3_3", - "3_4_1", - "3_6_1", - "3_6_2", - "3_13_1", - "3_13_2", - "3_14_6", - "3_14_7" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_4" - ], - "HIPAA": [ - "164_308_a_1_ii_d", - "164_308_a_3_ii_a", - "164_308_a_6_ii", - "164_312_b", - "164_312_e_2_i" - ], - "SOC2": [ - "cc_2_1", - "cc_7_2", - "cc_a_1_1" - ], - "C5-2025": [ - "OIS-05.01B", - "OIS-05.02B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-15.03B", - "IAM-07.04B", - "DEV-08.02B", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-12.03AC" - ], - "NIST-CSF-1.1": [ - "ae_1", - "ae_3", - "ae_4", - "cm_1", - "cm_3", - "cm_6", - "cm_7", - "am_3", - "ac_6", - "ds_5", - "ma_2", - "pt_1" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-4", - "ac-2-g", - "au-2-a-d", - "au-3", - "au-6-1-3", - "au-12-a-c", - "ca-7-a-b", - "si-4-16", - "si-4-2", - "si-4-4", - "si-4-5" - ], - "CIS-3.0": [ - "3.1" - ], - "NIST-800-53-Revision-5": [ - "ac_2_4", - "ac_3_1", - "ac_3_10", - "ac_4_26", - "ac_6_9", - "au_2_b", - "au_3_1", - "au_3_a", - "au_3_b", - "au_3_c", - "au_3_d", - "au_3_e", - "au_3_f", - "au_6_3", - "au_6_4", - "au_6_6", - "au_6_9", - "au_8_b", - "au_10", - "au_12_a", - "au_12_c", - "au_12_1", - "au_12_2", - "au_12_3", - "au_12_4", - "au_14_a", - "au_14_b", - "au_14_3", - "ca_7_b", - "cm_5_1_b", - "cm_6_a", - "cm_9_b", - "ia_3_3_b", - "ma_4_1_a", - "pm_14_a_1", - "pm_14_b", - "pm_31", - "sc_7_9_b", - "si_1_1_c", - "si_3_8_b", - "si_4_2", - "si_4_17", - "si_4_20", - "si_7_8", - "si_10_1_c" - ], - "ENS-RD2022": [ - "op.acc.6.r5.aws.iam.1", - "op.exp.5.aws.ct.1", - "op.exp.8.aws.ct.1", - "op.exp.8.aws.ct.6", - "op.exp.9.aws.ct.1", - "op.mon.1.aws.ct.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "CIS-4.0.1": [ - "3.1" - ], - "PCI-4.0": [ - "10.2.1.1.22", - "10.2.1.2.19", - "10.2.1.3.19", - "10.2.1.4.19", - "10.2.1.5.19", - "10.2.1.6.19", - "10.2.1.7.19", - "10.2.1.19", - "10.2.2.19", - "10.3.1.19", - "10.6.3.24", - "5.3.4.22", - "A1.2.1.23" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "au-2", - "ca-7" - ], - "FFIEC": [ - "d2-ma-ma-b-1", - "d2-ma-ma-b-2", - "d3-dc-an-b-3", - "d3-dc-an-b-4", - "d3-dc-an-b-5", - "d3-dc-ev-b-1", - "d3-dc-ev-b-3", - "d3-pc-im-b-3", - "d3-pc-im-b-7", - "d5-dr-de-b-3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "3.2", - "3.2.3", - "3.4", - "3.4.d", - "10.1", - "10.2", - "10.2.1", - "10.2.2", - "10.2.3", - "10.2.4", - "10.2.6", - "10.2.7", - "10.3", - "10.3.1", - "10.3.2", - "10.3.3", - "10.3.4", - "10.3.5", - "10.3.6", - "10.5", - "10.5.4" - ], - "CIS-5.0": [ - "3.1" - ], - "CIS-1.4": [ - "3.1" - ], - "GxP-EU-Annex-11": [ - "1-risk-management", - "4.2-validation-documentation-change-control" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Logging.CN05.AR01", - "CCC.Core.CN08.AR01", - "CCC.Core.CN09.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR03" - ], - "GxP-21-CFR-Part-11": [ - "11.10-e", - "11.10-k", - "11.300-d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "CloudTrail.1" - ], - "CIS-1.5": [ - "3.1" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02", - "SEC04-BP03" - ], - "NIST-800-53-Revision-4": [ - "ac_2_4", - "ac_2", - "au_2", - "au_3", - "au_12", - "cm_2" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "CIS-2.0": [ - "3.1" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure CloudTrail is enabled in all regions", - "title": "Ensure CloudTrail is enabled in all regions", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled-211203495394-us-west-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-west-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:us-west-1:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-west-1" - }, - "remediation": { - "desc": "Ensure Logging is set to ON on all regions (even if they are not being used at the moment.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrailconcepts.html#cloudtrail-concepts-management-events" - ] - }, - "risk_details": "AWS CloudTrail is a web service that records AWS API calls for your account and delivers log files to you. The recorded information includes the identity of the API caller, the time of the API call, the source IP address of the API caller, the request parameters, and the response elements returned by the AWS service.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled with logging were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled with logging were found.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_12", - "3_3_1", - "3_3_2", - "3_3_3", - "3_4_1", - "3_6_1", - "3_6_2", - "3_13_1", - "3_13_2", - "3_14_6", - "3_14_7" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_4" - ], - "HIPAA": [ - "164_308_a_1_ii_d", - "164_308_a_3_ii_a", - "164_308_a_6_ii", - "164_312_b", - "164_312_e_2_i" - ], - "SOC2": [ - "cc_2_1", - "cc_7_2", - "cc_a_1_1" - ], - "C5-2025": [ - "OIS-05.01B", - "OIS-05.02B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-15.03B", - "IAM-07.04B", - "DEV-08.02B", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-12.03AC" - ], - "NIST-CSF-1.1": [ - "ae_1", - "ae_3", - "ae_4", - "cm_1", - "cm_3", - "cm_6", - "cm_7", - "am_3", - "ac_6", - "ds_5", - "ma_2", - "pt_1" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-4", - "ac-2-g", - "au-2-a-d", - "au-3", - "au-6-1-3", - "au-12-a-c", - "ca-7-a-b", - "si-4-16", - "si-4-2", - "si-4-4", - "si-4-5" - ], - "CIS-3.0": [ - "3.1" - ], - "NIST-800-53-Revision-5": [ - "ac_2_4", - "ac_3_1", - "ac_3_10", - "ac_4_26", - "ac_6_9", - "au_2_b", - "au_3_1", - "au_3_a", - "au_3_b", - "au_3_c", - "au_3_d", - "au_3_e", - "au_3_f", - "au_6_3", - "au_6_4", - "au_6_6", - "au_6_9", - "au_8_b", - "au_10", - "au_12_a", - "au_12_c", - "au_12_1", - "au_12_2", - "au_12_3", - "au_12_4", - "au_14_a", - "au_14_b", - "au_14_3", - "ca_7_b", - "cm_5_1_b", - "cm_6_a", - "cm_9_b", - "ia_3_3_b", - "ma_4_1_a", - "pm_14_a_1", - "pm_14_b", - "pm_31", - "sc_7_9_b", - "si_1_1_c", - "si_3_8_b", - "si_4_2", - "si_4_17", - "si_4_20", - "si_7_8", - "si_10_1_c" - ], - "ENS-RD2022": [ - "op.acc.6.r5.aws.iam.1", - "op.exp.5.aws.ct.1", - "op.exp.8.aws.ct.1", - "op.exp.8.aws.ct.6", - "op.exp.9.aws.ct.1", - "op.mon.1.aws.ct.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "CIS-4.0.1": [ - "3.1" - ], - "PCI-4.0": [ - "10.2.1.1.22", - "10.2.1.2.19", - "10.2.1.3.19", - "10.2.1.4.19", - "10.2.1.5.19", - "10.2.1.6.19", - "10.2.1.7.19", - "10.2.1.19", - "10.2.2.19", - "10.3.1.19", - "10.6.3.24", - "5.3.4.22", - "A1.2.1.23" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "au-2", - "ca-7" - ], - "FFIEC": [ - "d2-ma-ma-b-1", - "d2-ma-ma-b-2", - "d3-dc-an-b-3", - "d3-dc-an-b-4", - "d3-dc-an-b-5", - "d3-dc-ev-b-1", - "d3-dc-ev-b-3", - "d3-pc-im-b-3", - "d3-pc-im-b-7", - "d5-dr-de-b-3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "3.2", - "3.2.3", - "3.4", - "3.4.d", - "10.1", - "10.2", - "10.2.1", - "10.2.2", - "10.2.3", - "10.2.4", - "10.2.6", - "10.2.7", - "10.3", - "10.3.1", - "10.3.2", - "10.3.3", - "10.3.4", - "10.3.5", - "10.3.6", - "10.5", - "10.5.4" - ], - "CIS-5.0": [ - "3.1" - ], - "CIS-1.4": [ - "3.1" - ], - "GxP-EU-Annex-11": [ - "1-risk-management", - "4.2-validation-documentation-change-control" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Logging.CN05.AR01", - "CCC.Core.CN08.AR01", - "CCC.Core.CN09.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR03" - ], - "GxP-21-CFR-Part-11": [ - "11.10-e", - "11.10-k", - "11.300-d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "CloudTrail.1" - ], - "CIS-1.5": [ - "3.1" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02", - "SEC04-BP03" - ], - "NIST-800-53-Revision-4": [ - "ac_2_4", - "ac_2", - "au_2", - "au_3", - "au_12", - "cm_2" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "CIS-2.0": [ - "3.1" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure CloudTrail is enabled in all regions", - "title": "Ensure CloudTrail is enabled in all regions", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled-211203495394-us-west-2-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-west-2", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:us-west-2:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-west-2" - }, - "remediation": { - "desc": "Ensure Logging is set to ON on all regions (even if they are not being used at the moment.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrailconcepts.html#cloudtrail-concepts-management-events" - ] - }, - "risk_details": "AWS CloudTrail is a web service that records AWS API calls for your account and delivers log files to you. The recorded information includes the identity of the API caller, the time of the API call, the source IP address of the API caller, the request parameters, and the response elements returned by the AWS service.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled and logging management events were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled_logging_management_events", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled and logging management events were found.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.prowler.com/checks/aws/logging-policies/logging_14", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-05.02B", - "AM-01.01AC", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-11.02AC", - "OPS-12.01B", - "OPS-13.02B", - "OPS-13.01AC", - "OPS-13.03AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "IAM-07.04B", - "DEV-08.02B", - "SSO-05.01AC", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-04.05B", - "PSS-12.02AC", - "PSS-12.03AC" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR02" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "NIS2": [ - "3.1.2.a", - "3.2.3.c", - "3.4.2.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure CloudTrail logging management events in All Regions", - "title": "Ensure CloudTrail logging management events in All Regions", - "types": [ - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled_logging_management_events-211203495394-ap-northeast-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-northeast-1", - "data": { - "details": "", - "metadata": { - "arn:aws:cloudtrail:us-east-2:211203495394:trail": { - "region": "us-east-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-2:211203495394:trail": { - "region": "us-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-1:211203495394:trail": { - "region": "eu-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-central-1:211203495394:trail": { - "region": "eu-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-north-1:211203495394:trail": { - "region": "eu-north-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-3:211203495394:trail": { - "region": "ap-northeast-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-2:211203495394:trail": { - "region": "ap-northeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-2:211203495394:trail": { - "region": "ap-southeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-1:211203495394:trail": { - "region": "ap-southeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ca-central-1:211203495394:trail": { - "region": "ca-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-1:211203495394:trail": { - "region": "ap-northeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-2:211203495394:trail": { - "region": "eu-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-south-1:211203495394:trail": { - "region": "ap-south-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-east-1:211203495394:trail": { - "region": "us-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-1:211203495394:trail": { - "region": "us-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-3:211203495394:trail": { - "region": "eu-west-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:sa-east-1:211203495394:trail": { - "region": "sa-east-1", - "data_events": [], - "tags": [] - } - } - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:ap-northeast-1:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-northeast-1" - }, - "remediation": { - "desc": "Enable CloudTrail logging management events in All Regions", - "references": [ - "https://docs.prowler.com/checks/aws/logging-policies/logging_14" - ] - }, - "risk_details": "AWS CloudTrail enables governance, compliance, operational auditing, and risk auditing of your AWS account. To meet FTR requirements, you must have management events enabled for all AWS accounts and in all regions and aggregate these logs into an Amazon Simple Storage Service (Amazon S3) bucket owned by a separate AWS account.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled and logging management events were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled_logging_management_events", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled and logging management events were found.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.prowler.com/checks/aws/logging-policies/logging_14", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-05.02B", - "AM-01.01AC", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-11.02AC", - "OPS-12.01B", - "OPS-13.02B", - "OPS-13.01AC", - "OPS-13.03AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "IAM-07.04B", - "DEV-08.02B", - "SSO-05.01AC", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-04.05B", - "PSS-12.02AC", - "PSS-12.03AC" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR02" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "NIS2": [ - "3.1.2.a", - "3.2.3.c", - "3.4.2.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure CloudTrail logging management events in All Regions", - "title": "Ensure CloudTrail logging management events in All Regions", - "types": [ - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled_logging_management_events-211203495394-ap-northeast-2-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-northeast-2", - "data": { - "details": "", - "metadata": { - "arn:aws:cloudtrail:us-east-2:211203495394:trail": { - "region": "us-east-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-2:211203495394:trail": { - "region": "us-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-1:211203495394:trail": { - "region": "eu-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-central-1:211203495394:trail": { - "region": "eu-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-north-1:211203495394:trail": { - "region": "eu-north-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-3:211203495394:trail": { - "region": "ap-northeast-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-2:211203495394:trail": { - "region": "ap-northeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-2:211203495394:trail": { - "region": "ap-southeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-1:211203495394:trail": { - "region": "ap-southeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ca-central-1:211203495394:trail": { - "region": "ca-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-1:211203495394:trail": { - "region": "ap-northeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-2:211203495394:trail": { - "region": "eu-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-south-1:211203495394:trail": { - "region": "ap-south-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-east-1:211203495394:trail": { - "region": "us-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-1:211203495394:trail": { - "region": "us-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-3:211203495394:trail": { - "region": "eu-west-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:sa-east-1:211203495394:trail": { - "region": "sa-east-1", - "data_events": [], - "tags": [] - } - } - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:ap-northeast-2:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-northeast-2" - }, - "remediation": { - "desc": "Enable CloudTrail logging management events in All Regions", - "references": [ - "https://docs.prowler.com/checks/aws/logging-policies/logging_14" - ] - }, - "risk_details": "AWS CloudTrail enables governance, compliance, operational auditing, and risk auditing of your AWS account. To meet FTR requirements, you must have management events enabled for all AWS accounts and in all regions and aggregate these logs into an Amazon Simple Storage Service (Amazon S3) bucket owned by a separate AWS account.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled and logging management events were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled_logging_management_events", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled and logging management events were found.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.prowler.com/checks/aws/logging-policies/logging_14", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-05.02B", - "AM-01.01AC", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-11.02AC", - "OPS-12.01B", - "OPS-13.02B", - "OPS-13.01AC", - "OPS-13.03AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "IAM-07.04B", - "DEV-08.02B", - "SSO-05.01AC", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-04.05B", - "PSS-12.02AC", - "PSS-12.03AC" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR02" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "NIS2": [ - "3.1.2.a", - "3.2.3.c", - "3.4.2.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure CloudTrail logging management events in All Regions", - "title": "Ensure CloudTrail logging management events in All Regions", - "types": [ - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled_logging_management_events-211203495394-ap-northeast-3-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-northeast-3", - "data": { - "details": "", - "metadata": { - "arn:aws:cloudtrail:us-east-2:211203495394:trail": { - "region": "us-east-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-2:211203495394:trail": { - "region": "us-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-1:211203495394:trail": { - "region": "eu-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-central-1:211203495394:trail": { - "region": "eu-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-north-1:211203495394:trail": { - "region": "eu-north-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-3:211203495394:trail": { - "region": "ap-northeast-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-2:211203495394:trail": { - "region": "ap-northeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-2:211203495394:trail": { - "region": "ap-southeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-1:211203495394:trail": { - "region": "ap-southeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ca-central-1:211203495394:trail": { - "region": "ca-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-1:211203495394:trail": { - "region": "ap-northeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-2:211203495394:trail": { - "region": "eu-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-south-1:211203495394:trail": { - "region": "ap-south-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-east-1:211203495394:trail": { - "region": "us-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-1:211203495394:trail": { - "region": "us-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-3:211203495394:trail": { - "region": "eu-west-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:sa-east-1:211203495394:trail": { - "region": "sa-east-1", - "data_events": [], - "tags": [] - } - } - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:ap-northeast-3:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-northeast-3" - }, - "remediation": { - "desc": "Enable CloudTrail logging management events in All Regions", - "references": [ - "https://docs.prowler.com/checks/aws/logging-policies/logging_14" - ] - }, - "risk_details": "AWS CloudTrail enables governance, compliance, operational auditing, and risk auditing of your AWS account. To meet FTR requirements, you must have management events enabled for all AWS accounts and in all regions and aggregate these logs into an Amazon Simple Storage Service (Amazon S3) bucket owned by a separate AWS account.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled and logging management events were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled_logging_management_events", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled and logging management events were found.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.prowler.com/checks/aws/logging-policies/logging_14", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-05.02B", - "AM-01.01AC", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-11.02AC", - "OPS-12.01B", - "OPS-13.02B", - "OPS-13.01AC", - "OPS-13.03AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "IAM-07.04B", - "DEV-08.02B", - "SSO-05.01AC", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-04.05B", - "PSS-12.02AC", - "PSS-12.03AC" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR02" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "NIS2": [ - "3.1.2.a", - "3.2.3.c", - "3.4.2.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure CloudTrail logging management events in All Regions", - "title": "Ensure CloudTrail logging management events in All Regions", - "types": [ - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled_logging_management_events-211203495394-ap-south-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-south-1", - "data": { - "details": "", - "metadata": { - "arn:aws:cloudtrail:us-east-2:211203495394:trail": { - "region": "us-east-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-2:211203495394:trail": { - "region": "us-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-1:211203495394:trail": { - "region": "eu-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-central-1:211203495394:trail": { - "region": "eu-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-north-1:211203495394:trail": { - "region": "eu-north-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-3:211203495394:trail": { - "region": "ap-northeast-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-2:211203495394:trail": { - "region": "ap-northeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-2:211203495394:trail": { - "region": "ap-southeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-1:211203495394:trail": { - "region": "ap-southeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ca-central-1:211203495394:trail": { - "region": "ca-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-1:211203495394:trail": { - "region": "ap-northeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-2:211203495394:trail": { - "region": "eu-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-south-1:211203495394:trail": { - "region": "ap-south-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-east-1:211203495394:trail": { - "region": "us-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-1:211203495394:trail": { - "region": "us-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-3:211203495394:trail": { - "region": "eu-west-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:sa-east-1:211203495394:trail": { - "region": "sa-east-1", - "data_events": [], - "tags": [] - } - } - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:ap-south-1:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-south-1" - }, - "remediation": { - "desc": "Enable CloudTrail logging management events in All Regions", - "references": [ - "https://docs.prowler.com/checks/aws/logging-policies/logging_14" - ] - }, - "risk_details": "AWS CloudTrail enables governance, compliance, operational auditing, and risk auditing of your AWS account. To meet FTR requirements, you must have management events enabled for all AWS accounts and in all regions and aggregate these logs into an Amazon Simple Storage Service (Amazon S3) bucket owned by a separate AWS account.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled and logging management events were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled_logging_management_events", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled and logging management events were found.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.prowler.com/checks/aws/logging-policies/logging_14", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-05.02B", - "AM-01.01AC", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-11.02AC", - "OPS-12.01B", - "OPS-13.02B", - "OPS-13.01AC", - "OPS-13.03AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "IAM-07.04B", - "DEV-08.02B", - "SSO-05.01AC", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-04.05B", - "PSS-12.02AC", - "PSS-12.03AC" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR02" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "NIS2": [ - "3.1.2.a", - "3.2.3.c", - "3.4.2.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure CloudTrail logging management events in All Regions", - "title": "Ensure CloudTrail logging management events in All Regions", - "types": [ - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled_logging_management_events-211203495394-ap-southeast-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-southeast-1", - "data": { - "details": "", - "metadata": { - "arn:aws:cloudtrail:us-east-2:211203495394:trail": { - "region": "us-east-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-2:211203495394:trail": { - "region": "us-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-1:211203495394:trail": { - "region": "eu-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-central-1:211203495394:trail": { - "region": "eu-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-north-1:211203495394:trail": { - "region": "eu-north-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-3:211203495394:trail": { - "region": "ap-northeast-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-2:211203495394:trail": { - "region": "ap-northeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-2:211203495394:trail": { - "region": "ap-southeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-1:211203495394:trail": { - "region": "ap-southeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ca-central-1:211203495394:trail": { - "region": "ca-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-1:211203495394:trail": { - "region": "ap-northeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-2:211203495394:trail": { - "region": "eu-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-south-1:211203495394:trail": { - "region": "ap-south-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-east-1:211203495394:trail": { - "region": "us-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-1:211203495394:trail": { - "region": "us-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-3:211203495394:trail": { - "region": "eu-west-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:sa-east-1:211203495394:trail": { - "region": "sa-east-1", - "data_events": [], - "tags": [] - } - } - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:ap-southeast-1:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-southeast-1" - }, - "remediation": { - "desc": "Enable CloudTrail logging management events in All Regions", - "references": [ - "https://docs.prowler.com/checks/aws/logging-policies/logging_14" - ] - }, - "risk_details": "AWS CloudTrail enables governance, compliance, operational auditing, and risk auditing of your AWS account. To meet FTR requirements, you must have management events enabled for all AWS accounts and in all regions and aggregate these logs into an Amazon Simple Storage Service (Amazon S3) bucket owned by a separate AWS account.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled and logging management events were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled_logging_management_events", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled and logging management events were found.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.prowler.com/checks/aws/logging-policies/logging_14", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-05.02B", - "AM-01.01AC", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-11.02AC", - "OPS-12.01B", - "OPS-13.02B", - "OPS-13.01AC", - "OPS-13.03AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "IAM-07.04B", - "DEV-08.02B", - "SSO-05.01AC", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-04.05B", - "PSS-12.02AC", - "PSS-12.03AC" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR02" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "NIS2": [ - "3.1.2.a", - "3.2.3.c", - "3.4.2.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure CloudTrail logging management events in All Regions", - "title": "Ensure CloudTrail logging management events in All Regions", - "types": [ - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled_logging_management_events-211203495394-ap-southeast-2-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-southeast-2", - "data": { - "details": "", - "metadata": { - "arn:aws:cloudtrail:us-east-2:211203495394:trail": { - "region": "us-east-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-2:211203495394:trail": { - "region": "us-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-1:211203495394:trail": { - "region": "eu-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-central-1:211203495394:trail": { - "region": "eu-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-north-1:211203495394:trail": { - "region": "eu-north-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-3:211203495394:trail": { - "region": "ap-northeast-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-2:211203495394:trail": { - "region": "ap-northeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-2:211203495394:trail": { - "region": "ap-southeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-1:211203495394:trail": { - "region": "ap-southeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ca-central-1:211203495394:trail": { - "region": "ca-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-1:211203495394:trail": { - "region": "ap-northeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-2:211203495394:trail": { - "region": "eu-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-south-1:211203495394:trail": { - "region": "ap-south-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-east-1:211203495394:trail": { - "region": "us-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-1:211203495394:trail": { - "region": "us-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-3:211203495394:trail": { - "region": "eu-west-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:sa-east-1:211203495394:trail": { - "region": "sa-east-1", - "data_events": [], - "tags": [] - } - } - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:ap-southeast-2:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-southeast-2" - }, - "remediation": { - "desc": "Enable CloudTrail logging management events in All Regions", - "references": [ - "https://docs.prowler.com/checks/aws/logging-policies/logging_14" - ] - }, - "risk_details": "AWS CloudTrail enables governance, compliance, operational auditing, and risk auditing of your AWS account. To meet FTR requirements, you must have management events enabled for all AWS accounts and in all regions and aggregate these logs into an Amazon Simple Storage Service (Amazon S3) bucket owned by a separate AWS account.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled and logging management events were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled_logging_management_events", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled and logging management events were found.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.prowler.com/checks/aws/logging-policies/logging_14", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-05.02B", - "AM-01.01AC", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-11.02AC", - "OPS-12.01B", - "OPS-13.02B", - "OPS-13.01AC", - "OPS-13.03AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "IAM-07.04B", - "DEV-08.02B", - "SSO-05.01AC", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-04.05B", - "PSS-12.02AC", - "PSS-12.03AC" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR02" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "NIS2": [ - "3.1.2.a", - "3.2.3.c", - "3.4.2.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure CloudTrail logging management events in All Regions", - "title": "Ensure CloudTrail logging management events in All Regions", - "types": [ - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled_logging_management_events-211203495394-ca-central-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ca-central-1", - "data": { - "details": "", - "metadata": { - "arn:aws:cloudtrail:us-east-2:211203495394:trail": { - "region": "us-east-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-2:211203495394:trail": { - "region": "us-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-1:211203495394:trail": { - "region": "eu-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-central-1:211203495394:trail": { - "region": "eu-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-north-1:211203495394:trail": { - "region": "eu-north-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-3:211203495394:trail": { - "region": "ap-northeast-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-2:211203495394:trail": { - "region": "ap-northeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-2:211203495394:trail": { - "region": "ap-southeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-1:211203495394:trail": { - "region": "ap-southeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ca-central-1:211203495394:trail": { - "region": "ca-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-1:211203495394:trail": { - "region": "ap-northeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-2:211203495394:trail": { - "region": "eu-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-south-1:211203495394:trail": { - "region": "ap-south-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-east-1:211203495394:trail": { - "region": "us-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-1:211203495394:trail": { - "region": "us-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-3:211203495394:trail": { - "region": "eu-west-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:sa-east-1:211203495394:trail": { - "region": "sa-east-1", - "data_events": [], - "tags": [] - } - } - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:ca-central-1:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ca-central-1" - }, - "remediation": { - "desc": "Enable CloudTrail logging management events in All Regions", - "references": [ - "https://docs.prowler.com/checks/aws/logging-policies/logging_14" - ] - }, - "risk_details": "AWS CloudTrail enables governance, compliance, operational auditing, and risk auditing of your AWS account. To meet FTR requirements, you must have management events enabled for all AWS accounts and in all regions and aggregate these logs into an Amazon Simple Storage Service (Amazon S3) bucket owned by a separate AWS account.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled and logging management events were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled_logging_management_events", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled and logging management events were found.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.prowler.com/checks/aws/logging-policies/logging_14", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-05.02B", - "AM-01.01AC", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-11.02AC", - "OPS-12.01B", - "OPS-13.02B", - "OPS-13.01AC", - "OPS-13.03AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "IAM-07.04B", - "DEV-08.02B", - "SSO-05.01AC", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-04.05B", - "PSS-12.02AC", - "PSS-12.03AC" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR02" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "NIS2": [ - "3.1.2.a", - "3.2.3.c", - "3.4.2.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure CloudTrail logging management events in All Regions", - "title": "Ensure CloudTrail logging management events in All Regions", - "types": [ - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled_logging_management_events-211203495394-eu-central-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-central-1", - "data": { - "details": "", - "metadata": { - "arn:aws:cloudtrail:us-east-2:211203495394:trail": { - "region": "us-east-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-2:211203495394:trail": { - "region": "us-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-1:211203495394:trail": { - "region": "eu-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-central-1:211203495394:trail": { - "region": "eu-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-north-1:211203495394:trail": { - "region": "eu-north-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-3:211203495394:trail": { - "region": "ap-northeast-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-2:211203495394:trail": { - "region": "ap-northeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-2:211203495394:trail": { - "region": "ap-southeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-1:211203495394:trail": { - "region": "ap-southeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ca-central-1:211203495394:trail": { - "region": "ca-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-1:211203495394:trail": { - "region": "ap-northeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-2:211203495394:trail": { - "region": "eu-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-south-1:211203495394:trail": { - "region": "ap-south-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-east-1:211203495394:trail": { - "region": "us-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-1:211203495394:trail": { - "region": "us-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-3:211203495394:trail": { - "region": "eu-west-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:sa-east-1:211203495394:trail": { - "region": "sa-east-1", - "data_events": [], - "tags": [] - } - } - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:eu-central-1:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-central-1" - }, - "remediation": { - "desc": "Enable CloudTrail logging management events in All Regions", - "references": [ - "https://docs.prowler.com/checks/aws/logging-policies/logging_14" - ] - }, - "risk_details": "AWS CloudTrail enables governance, compliance, operational auditing, and risk auditing of your AWS account. To meet FTR requirements, you must have management events enabled for all AWS accounts and in all regions and aggregate these logs into an Amazon Simple Storage Service (Amazon S3) bucket owned by a separate AWS account.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled and logging management events were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled_logging_management_events", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled and logging management events were found.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.prowler.com/checks/aws/logging-policies/logging_14", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-05.02B", - "AM-01.01AC", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-11.02AC", - "OPS-12.01B", - "OPS-13.02B", - "OPS-13.01AC", - "OPS-13.03AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "IAM-07.04B", - "DEV-08.02B", - "SSO-05.01AC", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-04.05B", - "PSS-12.02AC", - "PSS-12.03AC" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR02" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "NIS2": [ - "3.1.2.a", - "3.2.3.c", - "3.4.2.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure CloudTrail logging management events in All Regions", - "title": "Ensure CloudTrail logging management events in All Regions", - "types": [ - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled_logging_management_events-211203495394-eu-north-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-north-1", - "data": { - "details": "", - "metadata": { - "arn:aws:cloudtrail:us-east-2:211203495394:trail": { - "region": "us-east-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-2:211203495394:trail": { - "region": "us-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-1:211203495394:trail": { - "region": "eu-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-central-1:211203495394:trail": { - "region": "eu-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-north-1:211203495394:trail": { - "region": "eu-north-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-3:211203495394:trail": { - "region": "ap-northeast-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-2:211203495394:trail": { - "region": "ap-northeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-2:211203495394:trail": { - "region": "ap-southeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-1:211203495394:trail": { - "region": "ap-southeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ca-central-1:211203495394:trail": { - "region": "ca-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-1:211203495394:trail": { - "region": "ap-northeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-2:211203495394:trail": { - "region": "eu-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-south-1:211203495394:trail": { - "region": "ap-south-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-east-1:211203495394:trail": { - "region": "us-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-1:211203495394:trail": { - "region": "us-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-3:211203495394:trail": { - "region": "eu-west-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:sa-east-1:211203495394:trail": { - "region": "sa-east-1", - "data_events": [], - "tags": [] - } - } - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:eu-north-1:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-north-1" - }, - "remediation": { - "desc": "Enable CloudTrail logging management events in All Regions", - "references": [ - "https://docs.prowler.com/checks/aws/logging-policies/logging_14" - ] - }, - "risk_details": "AWS CloudTrail enables governance, compliance, operational auditing, and risk auditing of your AWS account. To meet FTR requirements, you must have management events enabled for all AWS accounts and in all regions and aggregate these logs into an Amazon Simple Storage Service (Amazon S3) bucket owned by a separate AWS account.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled and logging management events were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled_logging_management_events", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled and logging management events were found.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.prowler.com/checks/aws/logging-policies/logging_14", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-05.02B", - "AM-01.01AC", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-11.02AC", - "OPS-12.01B", - "OPS-13.02B", - "OPS-13.01AC", - "OPS-13.03AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "IAM-07.04B", - "DEV-08.02B", - "SSO-05.01AC", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-04.05B", - "PSS-12.02AC", - "PSS-12.03AC" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR02" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "NIS2": [ - "3.1.2.a", - "3.2.3.c", - "3.4.2.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure CloudTrail logging management events in All Regions", - "title": "Ensure CloudTrail logging management events in All Regions", - "types": [ - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled_logging_management_events-211203495394-eu-west-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn:aws:cloudtrail:us-east-2:211203495394:trail": { - "region": "us-east-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-2:211203495394:trail": { - "region": "us-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-1:211203495394:trail": { - "region": "eu-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-central-1:211203495394:trail": { - "region": "eu-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-north-1:211203495394:trail": { - "region": "eu-north-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-3:211203495394:trail": { - "region": "ap-northeast-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-2:211203495394:trail": { - "region": "ap-northeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-2:211203495394:trail": { - "region": "ap-southeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-1:211203495394:trail": { - "region": "ap-southeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ca-central-1:211203495394:trail": { - "region": "ca-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-1:211203495394:trail": { - "region": "ap-northeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-2:211203495394:trail": { - "region": "eu-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-south-1:211203495394:trail": { - "region": "ap-south-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-east-1:211203495394:trail": { - "region": "us-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-1:211203495394:trail": { - "region": "us-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-3:211203495394:trail": { - "region": "eu-west-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:sa-east-1:211203495394:trail": { - "region": "sa-east-1", - "data_events": [], - "tags": [] - } - } - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:eu-west-1:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Enable CloudTrail logging management events in All Regions", - "references": [ - "https://docs.prowler.com/checks/aws/logging-policies/logging_14" - ] - }, - "risk_details": "AWS CloudTrail enables governance, compliance, operational auditing, and risk auditing of your AWS account. To meet FTR requirements, you must have management events enabled for all AWS accounts and in all regions and aggregate these logs into an Amazon Simple Storage Service (Amazon S3) bucket owned by a separate AWS account.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled and logging management events were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled_logging_management_events", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled and logging management events were found.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.prowler.com/checks/aws/logging-policies/logging_14", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-05.02B", - "AM-01.01AC", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-11.02AC", - "OPS-12.01B", - "OPS-13.02B", - "OPS-13.01AC", - "OPS-13.03AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "IAM-07.04B", - "DEV-08.02B", - "SSO-05.01AC", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-04.05B", - "PSS-12.02AC", - "PSS-12.03AC" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR02" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "NIS2": [ - "3.1.2.a", - "3.2.3.c", - "3.4.2.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure CloudTrail logging management events in All Regions", - "title": "Ensure CloudTrail logging management events in All Regions", - "types": [ - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled_logging_management_events-211203495394-eu-west-2-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-2", - "data": { - "details": "", - "metadata": { - "arn:aws:cloudtrail:us-east-2:211203495394:trail": { - "region": "us-east-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-2:211203495394:trail": { - "region": "us-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-1:211203495394:trail": { - "region": "eu-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-central-1:211203495394:trail": { - "region": "eu-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-north-1:211203495394:trail": { - "region": "eu-north-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-3:211203495394:trail": { - "region": "ap-northeast-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-2:211203495394:trail": { - "region": "ap-northeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-2:211203495394:trail": { - "region": "ap-southeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-1:211203495394:trail": { - "region": "ap-southeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ca-central-1:211203495394:trail": { - "region": "ca-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-1:211203495394:trail": { - "region": "ap-northeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-2:211203495394:trail": { - "region": "eu-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-south-1:211203495394:trail": { - "region": "ap-south-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-east-1:211203495394:trail": { - "region": "us-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-1:211203495394:trail": { - "region": "us-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-3:211203495394:trail": { - "region": "eu-west-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:sa-east-1:211203495394:trail": { - "region": "sa-east-1", - "data_events": [], - "tags": [] - } - } - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:eu-west-2:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-2" - }, - "remediation": { - "desc": "Enable CloudTrail logging management events in All Regions", - "references": [ - "https://docs.prowler.com/checks/aws/logging-policies/logging_14" - ] - }, - "risk_details": "AWS CloudTrail enables governance, compliance, operational auditing, and risk auditing of your AWS account. To meet FTR requirements, you must have management events enabled for all AWS accounts and in all regions and aggregate these logs into an Amazon Simple Storage Service (Amazon S3) bucket owned by a separate AWS account.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled and logging management events were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled_logging_management_events", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled and logging management events were found.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.prowler.com/checks/aws/logging-policies/logging_14", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-05.02B", - "AM-01.01AC", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-11.02AC", - "OPS-12.01B", - "OPS-13.02B", - "OPS-13.01AC", - "OPS-13.03AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "IAM-07.04B", - "DEV-08.02B", - "SSO-05.01AC", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-04.05B", - "PSS-12.02AC", - "PSS-12.03AC" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR02" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "NIS2": [ - "3.1.2.a", - "3.2.3.c", - "3.4.2.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure CloudTrail logging management events in All Regions", - "title": "Ensure CloudTrail logging management events in All Regions", - "types": [ - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled_logging_management_events-211203495394-eu-west-3-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-3", - "data": { - "details": "", - "metadata": { - "arn:aws:cloudtrail:us-east-2:211203495394:trail": { - "region": "us-east-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-2:211203495394:trail": { - "region": "us-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-1:211203495394:trail": { - "region": "eu-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-central-1:211203495394:trail": { - "region": "eu-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-north-1:211203495394:trail": { - "region": "eu-north-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-3:211203495394:trail": { - "region": "ap-northeast-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-2:211203495394:trail": { - "region": "ap-northeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-2:211203495394:trail": { - "region": "ap-southeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-1:211203495394:trail": { - "region": "ap-southeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ca-central-1:211203495394:trail": { - "region": "ca-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-1:211203495394:trail": { - "region": "ap-northeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-2:211203495394:trail": { - "region": "eu-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-south-1:211203495394:trail": { - "region": "ap-south-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-east-1:211203495394:trail": { - "region": "us-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-1:211203495394:trail": { - "region": "us-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-3:211203495394:trail": { - "region": "eu-west-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:sa-east-1:211203495394:trail": { - "region": "sa-east-1", - "data_events": [], - "tags": [] - } - } - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:eu-west-3:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-3" - }, - "remediation": { - "desc": "Enable CloudTrail logging management events in All Regions", - "references": [ - "https://docs.prowler.com/checks/aws/logging-policies/logging_14" - ] - }, - "risk_details": "AWS CloudTrail enables governance, compliance, operational auditing, and risk auditing of your AWS account. To meet FTR requirements, you must have management events enabled for all AWS accounts and in all regions and aggregate these logs into an Amazon Simple Storage Service (Amazon S3) bucket owned by a separate AWS account.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled and logging management events were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled_logging_management_events", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled and logging management events were found.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.prowler.com/checks/aws/logging-policies/logging_14", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-05.02B", - "AM-01.01AC", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-11.02AC", - "OPS-12.01B", - "OPS-13.02B", - "OPS-13.01AC", - "OPS-13.03AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "IAM-07.04B", - "DEV-08.02B", - "SSO-05.01AC", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-04.05B", - "PSS-12.02AC", - "PSS-12.03AC" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR02" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "NIS2": [ - "3.1.2.a", - "3.2.3.c", - "3.4.2.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure CloudTrail logging management events in All Regions", - "title": "Ensure CloudTrail logging management events in All Regions", - "types": [ - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled_logging_management_events-211203495394-sa-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "sa-east-1", - "data": { - "details": "", - "metadata": { - "arn:aws:cloudtrail:us-east-2:211203495394:trail": { - "region": "us-east-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-2:211203495394:trail": { - "region": "us-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-1:211203495394:trail": { - "region": "eu-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-central-1:211203495394:trail": { - "region": "eu-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-north-1:211203495394:trail": { - "region": "eu-north-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-3:211203495394:trail": { - "region": "ap-northeast-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-2:211203495394:trail": { - "region": "ap-northeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-2:211203495394:trail": { - "region": "ap-southeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-1:211203495394:trail": { - "region": "ap-southeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ca-central-1:211203495394:trail": { - "region": "ca-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-1:211203495394:trail": { - "region": "ap-northeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-2:211203495394:trail": { - "region": "eu-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-south-1:211203495394:trail": { - "region": "ap-south-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-east-1:211203495394:trail": { - "region": "us-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-1:211203495394:trail": { - "region": "us-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-3:211203495394:trail": { - "region": "eu-west-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:sa-east-1:211203495394:trail": { - "region": "sa-east-1", - "data_events": [], - "tags": [] - } - } - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:sa-east-1:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "sa-east-1" - }, - "remediation": { - "desc": "Enable CloudTrail logging management events in All Regions", - "references": [ - "https://docs.prowler.com/checks/aws/logging-policies/logging_14" - ] - }, - "risk_details": "AWS CloudTrail enables governance, compliance, operational auditing, and risk auditing of your AWS account. To meet FTR requirements, you must have management events enabled for all AWS accounts and in all regions and aggregate these logs into an Amazon Simple Storage Service (Amazon S3) bucket owned by a separate AWS account.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled and logging management events were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled_logging_management_events", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled and logging management events were found.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.prowler.com/checks/aws/logging-policies/logging_14", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-05.02B", - "AM-01.01AC", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-11.02AC", - "OPS-12.01B", - "OPS-13.02B", - "OPS-13.01AC", - "OPS-13.03AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "IAM-07.04B", - "DEV-08.02B", - "SSO-05.01AC", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-04.05B", - "PSS-12.02AC", - "PSS-12.03AC" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR02" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "NIS2": [ - "3.1.2.a", - "3.2.3.c", - "3.4.2.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure CloudTrail logging management events in All Regions", - "title": "Ensure CloudTrail logging management events in All Regions", - "types": [ - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled_logging_management_events-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn:aws:cloudtrail:us-east-2:211203495394:trail": { - "region": "us-east-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-2:211203495394:trail": { - "region": "us-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-1:211203495394:trail": { - "region": "eu-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-central-1:211203495394:trail": { - "region": "eu-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-north-1:211203495394:trail": { - "region": "eu-north-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-3:211203495394:trail": { - "region": "ap-northeast-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-2:211203495394:trail": { - "region": "ap-northeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-2:211203495394:trail": { - "region": "ap-southeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-1:211203495394:trail": { - "region": "ap-southeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ca-central-1:211203495394:trail": { - "region": "ca-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-1:211203495394:trail": { - "region": "ap-northeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-2:211203495394:trail": { - "region": "eu-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-south-1:211203495394:trail": { - "region": "ap-south-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-east-1:211203495394:trail": { - "region": "us-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-1:211203495394:trail": { - "region": "us-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-3:211203495394:trail": { - "region": "eu-west-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:sa-east-1:211203495394:trail": { - "region": "sa-east-1", - "data_events": [], - "tags": [] - } - } - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:us-east-1:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Enable CloudTrail logging management events in All Regions", - "references": [ - "https://docs.prowler.com/checks/aws/logging-policies/logging_14" - ] - }, - "risk_details": "AWS CloudTrail enables governance, compliance, operational auditing, and risk auditing of your AWS account. To meet FTR requirements, you must have management events enabled for all AWS accounts and in all regions and aggregate these logs into an Amazon Simple Storage Service (Amazon S3) bucket owned by a separate AWS account.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled and logging management events were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled_logging_management_events", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled and logging management events were found.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.prowler.com/checks/aws/logging-policies/logging_14", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-05.02B", - "AM-01.01AC", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-11.02AC", - "OPS-12.01B", - "OPS-13.02B", - "OPS-13.01AC", - "OPS-13.03AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "IAM-07.04B", - "DEV-08.02B", - "SSO-05.01AC", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-04.05B", - "PSS-12.02AC", - "PSS-12.03AC" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR02" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "NIS2": [ - "3.1.2.a", - "3.2.3.c", - "3.4.2.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure CloudTrail logging management events in All Regions", - "title": "Ensure CloudTrail logging management events in All Regions", - "types": [ - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled_logging_management_events-211203495394-us-east-2-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-2", - "data": { - "details": "", - "metadata": { - "arn:aws:cloudtrail:us-east-2:211203495394:trail": { - "region": "us-east-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-2:211203495394:trail": { - "region": "us-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-1:211203495394:trail": { - "region": "eu-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-central-1:211203495394:trail": { - "region": "eu-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-north-1:211203495394:trail": { - "region": "eu-north-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-3:211203495394:trail": { - "region": "ap-northeast-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-2:211203495394:trail": { - "region": "ap-northeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-2:211203495394:trail": { - "region": "ap-southeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-1:211203495394:trail": { - "region": "ap-southeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ca-central-1:211203495394:trail": { - "region": "ca-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-1:211203495394:trail": { - "region": "ap-northeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-2:211203495394:trail": { - "region": "eu-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-south-1:211203495394:trail": { - "region": "ap-south-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-east-1:211203495394:trail": { - "region": "us-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-1:211203495394:trail": { - "region": "us-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-3:211203495394:trail": { - "region": "eu-west-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:sa-east-1:211203495394:trail": { - "region": "sa-east-1", - "data_events": [], - "tags": [] - } - } - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:us-east-2:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-2" - }, - "remediation": { - "desc": "Enable CloudTrail logging management events in All Regions", - "references": [ - "https://docs.prowler.com/checks/aws/logging-policies/logging_14" - ] - }, - "risk_details": "AWS CloudTrail enables governance, compliance, operational auditing, and risk auditing of your AWS account. To meet FTR requirements, you must have management events enabled for all AWS accounts and in all regions and aggregate these logs into an Amazon Simple Storage Service (Amazon S3) bucket owned by a separate AWS account.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled and logging management events were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled_logging_management_events", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled and logging management events were found.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.prowler.com/checks/aws/logging-policies/logging_14", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-05.02B", - "AM-01.01AC", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-11.02AC", - "OPS-12.01B", - "OPS-13.02B", - "OPS-13.01AC", - "OPS-13.03AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "IAM-07.04B", - "DEV-08.02B", - "SSO-05.01AC", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-04.05B", - "PSS-12.02AC", - "PSS-12.03AC" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR02" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "NIS2": [ - "3.1.2.a", - "3.2.3.c", - "3.4.2.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure CloudTrail logging management events in All Regions", - "title": "Ensure CloudTrail logging management events in All Regions", - "types": [ - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled_logging_management_events-211203495394-us-west-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-west-1", - "data": { - "details": "", - "metadata": { - "arn:aws:cloudtrail:us-east-2:211203495394:trail": { - "region": "us-east-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-2:211203495394:trail": { - "region": "us-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-1:211203495394:trail": { - "region": "eu-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-central-1:211203495394:trail": { - "region": "eu-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-north-1:211203495394:trail": { - "region": "eu-north-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-3:211203495394:trail": { - "region": "ap-northeast-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-2:211203495394:trail": { - "region": "ap-northeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-2:211203495394:trail": { - "region": "ap-southeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-1:211203495394:trail": { - "region": "ap-southeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ca-central-1:211203495394:trail": { - "region": "ca-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-1:211203495394:trail": { - "region": "ap-northeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-2:211203495394:trail": { - "region": "eu-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-south-1:211203495394:trail": { - "region": "ap-south-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-east-1:211203495394:trail": { - "region": "us-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-1:211203495394:trail": { - "region": "us-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-3:211203495394:trail": { - "region": "eu-west-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:sa-east-1:211203495394:trail": { - "region": "sa-east-1", - "data_events": [], - "tags": [] - } - } - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:us-west-1:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-west-1" - }, - "remediation": { - "desc": "Enable CloudTrail logging management events in All Regions", - "references": [ - "https://docs.prowler.com/checks/aws/logging-policies/logging_14" - ] - }, - "risk_details": "AWS CloudTrail enables governance, compliance, operational auditing, and risk auditing of your AWS account. To meet FTR requirements, you must have management events enabled for all AWS accounts and in all regions and aggregate these logs into an Amazon Simple Storage Service (Amazon S3) bucket owned by a separate AWS account.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled and logging management events were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled_logging_management_events", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled and logging management events were found.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.prowler.com/checks/aws/logging-policies/logging_14", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-05.02B", - "AM-01.01AC", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-11.02AC", - "OPS-12.01B", - "OPS-13.02B", - "OPS-13.01AC", - "OPS-13.03AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "IAM-07.04B", - "DEV-08.02B", - "SSO-05.01AC", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-04.05B", - "PSS-12.02AC", - "PSS-12.03AC" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR02" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "NIS2": [ - "3.1.2.a", - "3.2.3.c", - "3.4.2.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure CloudTrail logging management events in All Regions", - "title": "Ensure CloudTrail logging management events in All Regions", - "types": [ - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled_logging_management_events-211203495394-us-west-2-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-west-2", - "data": { - "details": "", - "metadata": { - "arn:aws:cloudtrail:us-east-2:211203495394:trail": { - "region": "us-east-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-2:211203495394:trail": { - "region": "us-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-1:211203495394:trail": { - "region": "eu-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-central-1:211203495394:trail": { - "region": "eu-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-north-1:211203495394:trail": { - "region": "eu-north-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-3:211203495394:trail": { - "region": "ap-northeast-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-2:211203495394:trail": { - "region": "ap-northeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-2:211203495394:trail": { - "region": "ap-southeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-1:211203495394:trail": { - "region": "ap-southeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ca-central-1:211203495394:trail": { - "region": "ca-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-1:211203495394:trail": { - "region": "ap-northeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-2:211203495394:trail": { - "region": "eu-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-south-1:211203495394:trail": { - "region": "ap-south-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-east-1:211203495394:trail": { - "region": "us-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-1:211203495394:trail": { - "region": "us-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-3:211203495394:trail": { - "region": "eu-west-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:sa-east-1:211203495394:trail": { - "region": "sa-east-1", - "data_events": [], - "tags": [] - } - } - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:us-west-2:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-west-2" - }, - "remediation": { - "desc": "Enable CloudTrail logging management events in All Regions", - "references": [ - "https://docs.prowler.com/checks/aws/logging-policies/logging_14" - ] - }, - "risk_details": "AWS CloudTrail enables governance, compliance, operational auditing, and risk auditing of your AWS account. To meet FTR requirements, you must have management events enabled for all AWS accounts and in all regions and aggregate these logs into an Amazon Simple Storage Service (Amazon S3) bucket owned by a separate AWS account.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails have a data event to record all S3 object-level API operations.", - "metadata": { - "event_code": "cloudtrail_s3_dataevents_read_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails have a data event to record all S3 object-level API operations.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_12", - "3_3_1", - "3_3_2", - "3_3_3", - "3_13_1", - "3_14_6", - "3_14_7" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_4" - ], - "HIPAA": [ - "164_308_a_1_ii_d", - "164_308_a_3_ii_a", - "164_308_a_6_ii", - "164_312_a_2_i", - "164_312_b", - "164_312_e_2_i" - ], - "SOC2": [ - "cc_2_1", - "cc_7_2" - ], - "C5-2025": [ - "AM-01.01AC", - "OPS-11.02AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "IAM-07.04B", - "SSO-05.01AC", - "SIM-03.07B", - "COM-04.01AC", - "PSS-04.05B", - "PSS-12.03AC" - ], - "NIST-CSF-1.1": [ - "ae_3", - "ae_4", - "cm_1", - "cm_3", - "cm_6", - "cm_7", - "ds_5" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-4", - "ac-2-g", - "au-2-a-d", - "au-3", - "au-6-1-3", - "au-12-a-c", - "ca-7-a-b", - "si-4-16", - "si-4-2", - "si-4-4", - "si-4-5" - ], - "CIS-3.0": [ - "3.9" - ], - "NIST-800-53-Revision-5": [ - "ac_2_4", - "ac_3_1", - "ac_3_10", - "ac_4_26", - "ac_6_9", - "au_2_b", - "au_3_a", - "au_3_b", - "au_3_c", - "au_3_d", - "au_3_e", - "au_3_f", - "au_6_3", - "au_6_4", - "au_6_6", - "au_6_9", - "au_8_b", - "au_10", - "au_12_a", - "au_12_c", - "au_12_1", - "au_12_2", - "au_12_3", - "au_12_4", - "au_14_a", - "au_14_b", - "au_14_3", - "ca_7_b", - "cm_5_1_b", - "cm_6_a", - "cm_9_b", - "ia_3_3_b", - "ma_4_1_a", - "pm_14_a_1", - "pm_14_b", - "pm_31", - "sc_7_9_b", - "si_1_1_c", - "si_3_8_b", - "si_4_2", - "si_4_17", - "si_4_20", - "si_7_8", - "si_10_1_c" - ], - "ENS-RD2022": [ - "op.exp.8.r1.aws.ct.2", - "op.exp.8.r1.aws.ct.3", - "op.exp.8.r1.aws.ct.4" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "3.9" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "au-2", - "ca-7" - ], - "FFIEC": [ - "d2-ma-ma-b-1", - "d2-ma-ma-b-2", - "d3-dc-an-b-3", - "d3-dc-an-b-4", - "d3-dc-ev-b-1", - "d5-dr-de-b-3" - ], - "GDPR": [ - "article_30" - ], - "PCI-3.2.1": [ - "10.1", - "10.2", - "10.2.1", - "10.2.2", - "10.2.3", - "10.2.4", - "10.2.6", - "10.2.7", - "10.3", - "10.3.1", - "10.3.2", - "10.3.3", - "10.3.4", - "10.3.5", - "10.3.6", - "10.5", - "10.5.4" - ], - "CIS-5.0": [ - "3.9" - ], - "CIS-1.4": [ - "3.11" - ], - "GxP-EU-Annex-11": [ - "8.2-printouts-data-changes", - "9-audit-trails", - "12.4-security-audit-trail" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.ObjStor.CN06.AR01", - "CCC.Core.CN09.AR01", - "CCC.Core.CN09.AR02", - "CCC.Core.CN09.AR03", - "CCC.Core.CN04.AR02", - "CCC.Core.CN04.AR03" - ], - "GxP-21-CFR-Part-11": [ - "11.10-e", - "11.10-k" - ], - "ProwlerThreatScore-1.0": [ - "3.1.6" - ], - "CIS-1.5": [ - "3.11" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP01" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "NIST-800-53-Revision-4": [ - "ac_2", - "au_2", - "au_3", - "au_12" - ], - "AWS-Account-Security-Onboarding": [ - "Confirm that logs are present in S3 bucket and SIEM" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CIS-2.0": [ - "3.11" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ], - "NIS2": [ - "3.2.3.c", - "3.2.3.g", - "3.4.2.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure that all your AWS CloudTrail trails are configured to log Data events in order to record S3 object-level API operations, such as GetObject, DeleteObject and PutObject, for individual S3 buckets or for all current and future S3 buckets provisioned in your AWS account.", - "title": "Check if S3 buckets have Object-level logging for read events is enabled in CloudTrail.", - "types": [ - "Logging and Monitoring" - ], - "uid": "prowler-aws-cloudtrail_s3_dataevents_read_enabled-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn:aws:cloudtrail:us-east-2:211203495394:trail": { - "region": "us-east-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-2:211203495394:trail": { - "region": "us-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-1:211203495394:trail": { - "region": "eu-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-central-1:211203495394:trail": { - "region": "eu-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-north-1:211203495394:trail": { - "region": "eu-north-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-3:211203495394:trail": { - "region": "ap-northeast-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-2:211203495394:trail": { - "region": "ap-northeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-2:211203495394:trail": { - "region": "ap-southeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-1:211203495394:trail": { - "region": "ap-southeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ca-central-1:211203495394:trail": { - "region": "ca-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-1:211203495394:trail": { - "region": "ap-northeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-2:211203495394:trail": { - "region": "eu-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-south-1:211203495394:trail": { - "region": "ap-south-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-east-1:211203495394:trail": { - "region": "us-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-1:211203495394:trail": { - "region": "us-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-3:211203495394:trail": { - "region": "eu-west-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:sa-east-1:211203495394:trail": { - "region": "sa-east-1", - "data_events": [], - "tags": [] - } - } - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:us-east-1:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Enable logs. Create an S3 lifecycle policy. Define use cases, metrics and automated responses where applicable.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/enable-cloudtrail-logging-for-s3.html" - ] - }, - "risk_details": "If logs are not enabled, monitoring of service use and threat analysis is not possible.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails have a data event to record all S3 object-level API operations.", - "metadata": { - "event_code": "cloudtrail_s3_dataevents_write_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails have a data event to record all S3 object-level API operations.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_12", - "3_3_1", - "3_3_2", - "3_3_3", - "3_13_1", - "3_14_6", - "3_14_7" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_4" - ], - "HIPAA": [ - "164_308_a_1_ii_d", - "164_308_a_3_ii_a", - "164_308_a_6_ii", - "164_312_a_2_i", - "164_312_b", - "164_312_e_2_i" - ], - "SOC2": [ - "cc_2_1", - "cc_7_2" - ], - "C5-2025": [ - "OPS-11.02AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "IAM-07.04B", - "SSO-05.01AC", - "SIM-03.07B", - "COM-04.01AC", - "PSS-04.05B", - "PSS-12.03AC" - ], - "NIST-CSF-1.1": [ - "ae_3", - "ae_4", - "cm_1", - "cm_3", - "cm_6", - "cm_7", - "ds_5" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-4", - "ac-2-g", - "au-2-a-d", - "au-3", - "au-6-1-3", - "au-12-a-c", - "ca-7-a-b", - "si-4-16", - "si-4-2", - "si-4-4", - "si-4-5" - ], - "CIS-3.0": [ - "3.8" - ], - "NIST-800-53-Revision-5": [ - "ac_2_4", - "ac_3_1", - "ac_3_10", - "ac_4_26", - "ac_6_9", - "au_2_b", - "au_3_a", - "au_3_b", - "au_3_c", - "au_3_d", - "au_3_e", - "au_3_f", - "au_6_3", - "au_6_4", - "au_6_6", - "au_6_9", - "au_8_b", - "au_10", - "au_12_a", - "au_12_c", - "au_12_1", - "au_12_2", - "au_12_3", - "au_12_4", - "au_14_a", - "au_14_b", - "au_14_3", - "ca_7_b", - "cm_5_1_b", - "cm_6_a", - "cm_9_b", - "ia_3_3_b", - "ma_4_1_a", - "pm_14_a_1", - "pm_14_b", - "pm_31", - "sc_7_9_b", - "si_1_1_c", - "si_3_8_b", - "si_4_2", - "si_4_17", - "si_4_20", - "si_7_8", - "si_10_1_c" - ], - "ENS-RD2022": [ - "op.exp.8.aws.ct.4", - "op.exp.8.r1.aws.ct.2", - "op.exp.8.r1.aws.ct.3", - "op.exp.8.r1.aws.ct.4" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "3.8" - ], - "PCI-4.0": [ - "10.2.1.1.7", - "10.2.1.2.7", - "10.2.1.3.7", - "10.2.1.4.7", - "10.2.1.5.7", - "10.2.1.6.7", - "10.2.1.7.7", - "10.2.1.7", - "10.2.2.7", - "10.3.1.7", - "10.6.3.7", - "5.3.4.7", - "A1.2.1.7" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "au-2", - "ca-7" - ], - "FFIEC": [ - "d2-ma-ma-b-1", - "d2-ma-ma-b-2", - "d3-dc-an-b-3", - "d3-dc-an-b-4", - "d3-dc-ev-b-1", - "d5-dr-de-b-3" - ], - "GDPR": [ - "article_30" - ], - "CIS-5.0": [ - "3.8" - ], - "CIS-1.4": [ - "3.10" - ], - "GxP-EU-Annex-11": [ - "8.2-printouts-data-changes", - "9-audit-trails", - "12.4-security-audit-trail" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Core.CN09.AR01", - "CCC.Core.CN09.AR02", - "CCC.Core.CN09.AR03", - "CCC.Core.CN04.AR02", - "CCC.Core.CN04.AR03" - ], - "GxP-21-CFR-Part-11": [ - "11.10-e", - "11.10-k" - ], - "ProwlerThreatScore-1.0": [ - "3.1.5" - ], - "CIS-1.5": [ - "3.10" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP01" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "NIST-800-53-Revision-4": [ - "ac_2", - "au_2", - "au_3", - "au_12" - ], - "AWS-Account-Security-Onboarding": [ - "Send S3 access logs for critical buckets to separate S3 bucket", - "Confirm that logs are present in S3 bucket and SIEM" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CIS-2.0": [ - "3.10" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ], - "NIS2": [ - "3.2.3.c", - "3.2.3.g" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure that all your AWS CloudTrail trails are configured to log Data events in order to record S3 object-level API operations, such as GetObject, DeleteObject and PutObject, for individual S3 buckets or for all current and future S3 buckets provisioned in your AWS account.", - "title": "Check if S3 buckets have Object-level logging for write events is enabled in CloudTrail.", - "types": [ - "Logging and Monitoring" - ], - "uid": "prowler-aws-cloudtrail_s3_dataevents_write_enabled-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn:aws:cloudtrail:us-east-2:211203495394:trail": { - "region": "us-east-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-2:211203495394:trail": { - "region": "us-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-1:211203495394:trail": { - "region": "eu-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-central-1:211203495394:trail": { - "region": "eu-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-north-1:211203495394:trail": { - "region": "eu-north-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-3:211203495394:trail": { - "region": "ap-northeast-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-2:211203495394:trail": { - "region": "ap-northeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-2:211203495394:trail": { - "region": "ap-southeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-1:211203495394:trail": { - "region": "ap-southeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ca-central-1:211203495394:trail": { - "region": "ca-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-1:211203495394:trail": { - "region": "ap-northeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-2:211203495394:trail": { - "region": "eu-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-south-1:211203495394:trail": { - "region": "ap-south-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-east-1:211203495394:trail": { - "region": "us-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-1:211203495394:trail": { - "region": "us-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-3:211203495394:trail": { - "region": "eu-west-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:sa-east-1:211203495394:trail": { - "region": "sa-east-1", - "data_events": [], - "tags": [] - } - } - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:us-east-1:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Enable logs. Create an S3 lifecycle policy. Define use cases, metrics and automated responses where applicable.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/enable-cloudtrail-logging-for-s3.html" - ] - }, - "risk_details": "If logs are not enabled, monitoring of service use and threat analysis is not possible.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudWatch log groups found with metric filters or alarms associated.", - "metadata": { - "event_code": "cloudwatch_changes_to_network_acls_alarm_configured", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudWatch log groups found with metric filters or alarms associated.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Logging and Monitoring", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_6_1", - "3_6_2", - "3_12_4" - ], - "HIPAA": [ - "164_308_a_6_i" - ], - "SOC2": [ - "cc_5_2", - "cc_7_2", - "cc_7_3", - "cc_7_4" - ], - "C5-2025": [ - "OIS-04.03B", - "OIS-04.01AC", - "OIS-04.02AC", - "HR-03.02AC", - "AM-09.03AC", - "OPS-11.02AC", - "OPS-13.03AC", - "OPS-26.05B", - "OPS-26.01AS", - "OPS-26.06B", - "PSS-04.01B" - ], - "NIST-CSF-1.1": [ - "ae_5", - "cm_2", - "cm_5", - "cp_4", - "ra_5" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-4", - "au-6-1-3", - "au-7-1", - "ca-7-a-b", - "ir-4-1", - "ir-4-1", - "si-4-2", - "si-4-4", - "si-4-5", - "si-4-a-b-c" - ], - "CIS-3.0": [ - "4.11" - ], - "NIST-800-53-Revision-5": [ - "au_6_1", - "au_6_5", - "au_12_3", - "au_14_a", - "au_14_b", - "ca_2_2", - "ca_7", - "ca_7_b", - "pm_14_a_1", - "pm_14_b", - "pm_31", - "sc_36_1_a", - "si_2_a", - "si_4_12", - "si_5_1", - "si_5_b" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "4.11" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "ca-7", - "ir-4" - ], - "FFIEC": [ - "d5-dr-de-b-1", - "d5-dr-de-b-3" - ], - "CIS-5.0": [ - "4.11" - ], - "CIS-1.4": [ - "4.11" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR02", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN02.AR01", - "CCC.Core.CN09.AR03", - "CCC.Core.CN04.AR01" - ], - "ProwlerThreatScore-1.0": [ - "3.3.12" - ], - "CIS-1.5": [ - "4.11" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP04" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "NIST-800-53-Revision-4": [ - "ac_2_4", - "au_6_1", - "au_6_3", - "au_7_1", - "ca_7", - "ir_4_1", - "si_4_2", - "si_4_4", - "si_4_5", - "si_4" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1496" - ], - "CIS-2.0": [ - "4.11" - ], - "NIS2": [ - "2.2.3", - "3.2.3.a", - "3.2.3.c", - "3.2.3.f", - "6.4.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure a log metric filter and alarm exist for changes to Network Access Control Lists (NACL).", - "title": "Ensure a log metric filter and alarm exist for changes to Network Access Control Lists (NACL).", - "types": [ - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudwatch_changes_to_network_acls_alarm_configured-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudwatch" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudWatchAlarm", - "uid": "arn:aws:logs:us-east-1:211203495394:log-group" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "It is recommended that a metric filter and alarm be established for unauthorized requests.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html" - ] - }, - "risk_details": "Monitoring unauthorized API calls will help reveal application errors and may reduce time to detect malicious activity.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudWatch log groups found with metric filters or alarms associated.", - "metadata": { - "event_code": "cloudwatch_changes_to_network_gateways_alarm_configured", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudWatch log groups found with metric filters or alarms associated.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Logging and Monitoring", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_6_1", - "3_6_2", - "3_12_4" - ], - "HIPAA": [ - "164_308_a_6_i" - ], - "SOC2": [ - "cc_5_2", - "cc_7_2", - "cc_7_3", - "cc_7_4" - ], - "C5-2025": [ - "OIS-04.03B", - "OIS-04.01AC", - "OIS-04.02AC", - "HR-03.02AC", - "AM-09.03AC", - "OPS-11.02AC", - "OPS-13.03AC", - "OPS-26.05B", - "OPS-26.01AS", - "OPS-26.06B", - "COS-03.02B", - "PSS-04.01B" - ], - "NIST-CSF-1.1": [ - "ae_5", - "cm_2", - "cm_5", - "cp_4", - "ra_5" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-4", - "au-6-1-3", - "au-7-1", - "ca-7-a-b", - "ir-4-1", - "ir-4-1", - "si-4-2", - "si-4-4", - "si-4-5", - "si-4-a-b-c" - ], - "CIS-3.0": [ - "4.12" - ], - "NIST-800-53-Revision-5": [ - "au_6_1", - "au_6_5", - "au_12_3", - "au_14_a", - "au_14_b", - "ca_2_2", - "ca_7", - "ca_7_b", - "pm_14_a_1", - "pm_14_b", - "pm_31", - "sc_36_1_a", - "si_2_a", - "si_4_12", - "si_5_1", - "si_5_b" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "4.12" - ], - "FedRAMP-Low-Revision-4": [ - "ir-4" - ], - "FFIEC": [ - "d5-dr-de-b-1", - "d5-dr-de-b-3" - ], - "CIS-5.0": [ - "4.12" - ], - "CIS-1.4": [ - "4.12" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR02", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN02.AR01", - "CCC.Core.CN09.AR03", - "CCC.Core.CN04.AR01" - ], - "ProwlerThreatScore-1.0": [ - "3.3.13" - ], - "CIS-1.5": [ - "4.12" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP04" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "NIST-800-53-Revision-4": [ - "ac_2_4", - "au_6_1", - "au_6_3", - "au_7_1", - "ca_7", - "ir_4_1", - "si_4_2", - "si_4_4", - "si_4_5", - "si_4" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1496" - ], - "CIS-2.0": [ - "4.12" - ], - "NIS2": [ - "2.2.3", - "3.2.3.a", - "3.2.3.c", - "3.2.3.f", - "3.2.4", - "6.4.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure a log metric filter and alarm exist for changes to network gateways.", - "title": "Ensure a log metric filter and alarm exist for changes to network gateways.", - "types": [ - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudwatch_changes_to_network_gateways_alarm_configured-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudwatch" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudWatchAlarm", - "uid": "arn:aws:logs:us-east-1:211203495394:log-group" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "It is recommended that a metric filter and alarm be established for unauthorized requests.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html" - ] - }, - "risk_details": "Monitoring unauthorized API calls will help reveal application errors and may reduce time to detect malicious activity.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudWatch log groups found with metric filters or alarms associated.", - "metadata": { - "event_code": "cloudwatch_changes_to_network_route_tables_alarm_configured", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudWatch log groups found with metric filters or alarms associated.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_6_1", - "3_6_2", - "3_12_4" - ], - "HIPAA": [ - "164_308_a_6_i" - ], - "SOC2": [ - "cc_5_2", - "cc_7_2", - "cc_7_3", - "cc_7_4" - ], - "C5-2025": [ - "OIS-04.03B", - "OIS-04.01AC", - "OIS-04.02AC", - "HR-03.02AC", - "AM-09.03AC", - "OPS-13.03AC", - "OPS-26.06B", - "COS-03.02B", - "PSS-04.01B" - ], - "NIST-CSF-1.1": [ - "ae_5", - "cm_2", - "cm_5", - "cp_4", - "ra_5" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-4", - "au-6-1-3", - "au-7-1", - "ca-7-a-b", - "ir-4-1", - "ir-4-1", - "si-4-2", - "si-4-4", - "si-4-5", - "si-4-a-b-c" - ], - "CIS-3.0": [ - "4.13" - ], - "NIST-800-53-Revision-5": [ - "au_6_1", - "au_6_5", - "au_12_3", - "au_14_a", - "au_14_b", - "ca_2_2", - "ca_7", - "ca_7_b", - "pm_14_a_1", - "pm_14_b", - "pm_31", - "sc_36_1_a", - "si_2_a", - "si_4_12", - "si_5_1", - "si_5_b" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "4.13" - ], - "FedRAMP-Low-Revision-4": [ - "ir-4" - ], - "FFIEC": [ - "d5-dr-de-b-1", - "d5-dr-de-b-3" - ], - "CIS-5.0": [ - "4.13" - ], - "CIS-1.4": [ - "4.13" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR02", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN02.AR01", - "CCC.Core.CN09.AR03", - "CCC.Core.CN04.AR01" - ], - "ProwlerThreatScore-1.0": [ - "3.3.14" - ], - "CIS-1.5": [ - "4.13" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP04" - ], - "NIST-800-53-Revision-4": [ - "ac_2_4", - "au_6_1", - "au_6_3", - "au_7_1", - "ca_7", - "ir_4_1", - "si_4_2", - "si_4_4", - "si_4_5", - "si_4" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1496" - ], - "CIS-2.0": [ - "4.13" - ], - "NIS2": [ - "2.2.3", - "3.2.3.a", - "3.2.3.f", - "3.2.4", - "6.4.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Real-time monitoring of API calls can be achieved by directing Cloud Trail Logs to CloudWatch Logs, or an external Security information and event management (SIEM)environment, and establishing corresponding metric filters and alarms. Routing tablesare used to route network traffic between subnets and to network gateways. It isrecommended that a metric filter and alarm be established for changes to route tables.", - "title": "Ensure route table changes are monitored", - "types": [ - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudwatch_changes_to_network_route_tables_alarm_configured-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudwatch" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudWatchAlarm", - "uid": "arn:aws:logs:us-east-1:211203495394:log-group" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "If you are using CloudTrails and CloudWatch, perform the following to setup the metric filter, alarm, SNS topic, and subscription: 1. Create a metric filter based on filter pattern provided which checks for route table changes and the taken from audit step 1. aws logs put-metric-filter --log-group-name -- filter-name `` --metric-transformations metricName= `` ,metricNamespace='CISBenchmark',metricValue=1 --filter-pattern '{($.eventSource = ec2.amazonaws.com) && (($.eventName = CreateRoute) || ($.eventName = CreateRouteTable) || ($.eventName = ReplaceRoute) || ($.eventName = ReplaceRouteTableAssociation) || ($.eventName = DeleteRouteTable) || ($.eventName = DeleteRoute) || ($.eventName = DisassociateRouteTable)) }' Note: You can choose your own metricName and metricNamespace strings. Using the same metricNamespace for all Foundations Benchmark metrics will group them together. 2. Create an SNS topic that the alarm will notify aws sns create-topic --name Note: you can execute this command once and then re-use the same topic for all monitoring alarms. 3. Create an SNS subscription to the topic created in step 2 aws sns subscribe --topic-arn --protocol - -notification-endpoint Note: you can execute this command once and then re-use the SNS subscription for all monitoring alarms. 4. Create an alarm that is associated with the CloudWatch Logs Metric Filter created in step 1 and an SNS topic created in step 2 aws cloudwatch put-metric-alarm --alarm-name `` --metric-name `` --statistic Sum --period 300 - -threshold 1 --comparison-operator GreaterThanOrEqualToThreshold -- evaluation-periods 1 --namespace 'CISBenchmark' --alarm-actions ", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html" - ] - }, - "risk_details": "CloudWatch is an AWS native service that allows you to ob serve and monitor resources and applications. CloudTrail Logs can also be sent to an external Security informationand event management (SIEM) environment for monitoring and alerting.Monitoring changes to route tables will help ensure that all VPC traffic flows through anexpected path and prevent any accidental or intentional modifications that may lead touncontrolled network traffic. An alarm should be triggered every time an AWS API call isperformed to create, replace, delete, or disassociate a Route Table.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudWatch log groups found with metric filters or alarms associated.", - "metadata": { - "event_code": "cloudwatch_changes_to_vpcs_alarm_configured", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudWatch log groups found with metric filters or alarms associated.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Logging and Monitoring", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_6_1", - "3_6_2", - "3_12_4" - ], - "HIPAA": [ - "164_308_a_6_i" - ], - "SOC2": [ - "cc_5_2", - "cc_7_2", - "cc_7_3", - "cc_7_4" - ], - "C5-2025": [ - "OIS-04.03B", - "OIS-04.01AC", - "OIS-04.02AC", - "HR-03.02AC", - "AM-09.03AC", - "OPS-11.02AC", - "OPS-13.03AC", - "OPS-26.05B", - "OPS-26.01AS", - "OPS-26.06B", - "COS-03.02B", - "PSS-04.01B" - ], - "NIST-CSF-1.1": [ - "ae_5", - "cm_2", - "cm_5", - "cp_4", - "ra_5" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-4", - "au-6-1-3", - "au-7-1", - "ca-7-a-b", - "ir-4-1", - "ir-4-1", - "si-4-2", - "si-4-4", - "si-4-5", - "si-4-a-b-c" - ], - "CIS-3.0": [ - "4.14" - ], - "NIST-800-53-Revision-5": [ - "au_6_1", - "au_6_5", - "au_12_3", - "au_14_a", - "au_14_b", - "ca_2_2", - "ca_7", - "ca_7_b", - "pm_14_a_1", - "pm_14_b", - "pm_31", - "sc_36_1_a", - "si_2_a", - "si_4_12", - "si_5_1", - "si_5_b" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "4.14" - ], - "FedRAMP-Low-Revision-4": [ - "ir-4" - ], - "FFIEC": [ - "d5-dr-de-b-1", - "d5-dr-de-b-3" - ], - "CIS-5.0": [ - "4.14" - ], - "CIS-1.4": [ - "4.14" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR02", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN02.AR01", - "CCC.Core.CN09.AR03", - "CCC.Core.CN04.AR01" - ], - "ProwlerThreatScore-1.0": [ - "3.3.15" - ], - "CIS-1.5": [ - "4.14" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP04" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "NIST-800-53-Revision-4": [ - "ac_2_4", - "au_6_1", - "au_6_3", - "au_7_1", - "ca_7", - "ir_4_1", - "si_4_2", - "si_4_4", - "si_4_5", - "si_4" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1496" - ], - "CIS-2.0": [ - "4.14" - ], - "NIS2": [ - "2.2.3", - "3.2.3.c", - "3.2.3.f", - "3.2.4", - "6.4.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure a log metric filter and alarm exist for VPC changes.", - "title": "Ensure a log metric filter and alarm exist for VPC changes.", - "types": [ - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudwatch_changes_to_vpcs_alarm_configured-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudwatch" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudWatchAlarm", - "uid": "arn:aws:logs:us-east-1:211203495394:log-group" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "It is recommended that a metric filter and alarm be established for unauthorized requests.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html" - ] - }, - "risk_details": "Monitoring unauthorized API calls will help reveal application errors and may reduce time to detect malicious activity.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "CloudWatch doesn't allow cross-account sharing.", - "metadata": { - "event_code": "cloudwatch_cross_account_sharing_disabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "CloudWatch doesn't allow cross-account sharing.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/Cross-Account-Cross-Region.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-04.01AC", - "PSS-04.01B" - ], - "ENS-RD2022": [ - "op.acc.4.aws.iam.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.2", - "2.10.1", - "2.10.2" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC03-BP01" - ], - "KISA-ISMS-P-2023": [ - "2.6.2", - "2.10.1", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Check if CloudWatch has allowed cross-account sharing.", - "title": "Check if CloudWatch has allowed cross-account sharing.", - "types": [ - "Logging and Monitoring" - ], - "uid": "prowler-aws-cloudwatch_cross_account_sharing_disabled-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudwatch" - }, - "labels": [], - "name": "211203495394", - "type": "AwsAccount", - "uid": "arn:aws:iam:us-east-1:211203495394:role" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Grant usage permission on a per-resource basis to enforce least privilege and Zero Trust principles.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/Cross-Account-Cross-Region.html" - ] - }, - "risk_details": "Cross-Account access to CloudWatch could increase the risk of compromising information between accounts.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Log Group /aws/rds/cluster/ex-rds/postgresql does not have AWS KMS keys associated.", - "metadata": { - "event_code": "cloudwatch_log_group_kms_encryption_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Log Group /aws/rds/cluster/ex-rds/postgresql does not have AWS KMS keys associated.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/cli/latest/reference/logs/associate-kms-key.html", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_3_8", - "3_13_11", - "3_13_16" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_1_3" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_308_a_4_ii_a", - "164_312_a_2_iv", - "164_312_e_2_ii" - ], - "SOC2": [ - "cc_7_3" - ], - "C5-2025": [ - "OIS-04.01AC", - "OIS-08.02B", - "AM-01.01AC", - "OPS-11.02AC", - "OPS-13.03B", - "OPS-14.03B", - "OPS-26.05B", - "OPS-26.01AS", - "OPS-31.01B", - "IAM-07.03B", - "CRY-01.02AC", - "CRY-05.02B", - "CRY-05.01AC", - "PSS-04.01B", - "PSS-04.04B", - "PSS-12.02B" - ], - "NIST-CSF-1.1": [ - "ds_1" - ], - "FedRamp-Moderate-Revision-4": [ - "au-9", - "sc-28" - ], - "NIST-800-53-Revision-5": [ - "au_9_3", - "cp_9_d", - "sc_8_3", - "sc_8_4", - "sc_13_a", - "sc_28_1", - "si_19_4" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "PCI-4.0": [ - "10.3.2.3", - "10.3.3.5", - "10.3.4.4", - "3.5.1.4", - "8.3.2.8", - "A1.2.1.9" - ], - "FedRAMP-Low-Revision-4": [ - "au-9" - ], - "GDPR": [ - "article_32" - ], - "PCI-3.2.1": [ - "3.4", - "3.4.1", - "3.4.1.a", - "3.4.1.c", - "3.4.a", - "3.4.b", - "3.4.d", - "8.2", - "8.2.1", - "8.2.1.a" - ], - "GxP-EU-Annex-11": [ - "7.1-data-storage-damage-protection" - ], - "CCC": [ - "CCC.Monitor.CN04.AR01", - "CCC.Core.CN09.AR03", - "CCC.Core.CN02.AR01", - "CCC.Core.CN04.AR03" - ], - "GxP-21-CFR-Part-11": [ - "11.30" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP02" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.15", - "A.8.16", - "A.8.24" - ], - "NIST-800-53-Revision-4": [ - "au_9", - "sc_28" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1040" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Check if CloudWatch log groups are protected by AWS KMS.", - "title": "Check if CloudWatch log groups are protected by AWS KMS.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-cloudwatch_log_group_kms_encryption_enabled-211203495394-eu-west-1-/aws/rds/cluster/ex-rds/postgresql" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:logs:eu-west-1:211203495394:log-group:/aws/rds/cluster/ex-rds/postgresql:*", - "name": "/aws/rds/cluster/ex-rds/postgresql", - "retention_days": 7, - "never_expire": false, - "kms_id": null, - "region": "eu-west-1", - "log_streams": {}, - "tags": [] - } - }, - "group": { - "name": "cloudwatch" - }, - "labels": [], - "name": "/aws/rds/cluster/ex-rds/postgresql", - "type": "Other", - "uid": "arn:aws:logs:eu-west-1:211203495394:log-group:/aws/rds/cluster/ex-rds/postgresql:*" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Associate KMS Key with Cloudwatch log group.", - "references": [ - "https://docs.aws.amazon.com/cli/latest/reference/logs/associate-kms-key.html" - ] - }, - "risk_details": "Using customer managed KMS to encrypt CloudWatch log group provide additional confidentiality and control over the log data.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No secrets found in /aws/rds/cluster/ex-rds/postgresql log group.", - "metadata": { - "event_code": "cloudwatch_log_group_no_secrets_in_logs", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "No secrets found in /aws/rds/cluster/ex-rds/postgresql log group.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html", - "categories": [ - "secrets" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "AM-01.01AC", - "OPS-11.01AC", - "OPS-11.02AC", - "OPS-13.03B", - "OPS-26.05B", - "OPS-26.01AS", - "PSS-04.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "CCC": [ - "CCC.GenAI.CN04.AR01" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1552" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Check if secrets exists in CloudWatch logs", - "title": "Check if secrets exists in CloudWatch logs.", - "types": [ - "Protect", - "Secure development" - ], - "uid": "prowler-aws-cloudwatch_log_group_no_secrets_in_logs-211203495394-eu-west-1-/aws/rds/cluster/ex-rds/postgresql" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:logs:eu-west-1:211203495394:log-group:/aws/rds/cluster/ex-rds/postgresql:*", - "name": "/aws/rds/cluster/ex-rds/postgresql", - "retention_days": 7, - "never_expire": false, - "kms_id": null, - "region": "eu-west-1", - "log_streams": {}, - "tags": [] - } - }, - "group": { - "name": "cloudwatch" - }, - "labels": [], - "name": "/aws/rds/cluster/ex-rds/postgresql", - "type": "Other", - "uid": "arn:aws:logs:eu-west-1:211203495394:log-group:/aws/rds/cluster/ex-rds/postgresql:*" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "It is recommended that sensitive information is not logged to CloudWatch logs. Alternatively, sensitive data may be masked using a protection policy", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/mask-sensitive-log-data.html" - ] - }, - "risk_details": "Storing sensitive data in CloudWatch logs could allow an attacker with read-only access to escalate their privileges or gain unauthorised access to systems.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Log Group /aws/rds/cluster/ex-rds/postgresql is not publicly accessible.", - "metadata": { - "event_code": "cloudwatch_log_group_not_publicly_accessible", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Log Group /aws/rds/cluster/ex-rds/postgresql is not publicly accessible.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/iam-access-control-overview-cwl.html", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "AM-01.01AC", - "PS-03.02B", - "OPS-11.02AC", - "OPS-26.05B", - "OPS-26.01AS", - "IAM-10.01B", - "COS-02.01B", - "PSS-04.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.1", - "2.10.1", - "2.10.2" - ], - "CCC": [ - "CCC.AuditLog.CN09.AR01", - "CCC.AuditLog.CN04.AR01", - "CCC.Monitor.CN04.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN09.AR02", - "CCC.Core.CN09.AR03", - "CCC.Core.CN04.AR03" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "KISA-ISMS-P-2023": [ - "2.6.1", - "2.10.1", - "2.10.2" - ], - "NIS2": [ - "3.2.3.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "This check ensures that no CloudWatch Log Groups are publicly accessible by checking for resource policies that allow access from any entity (Principal: '*'). Publicly exposed log groups pose a serious security risk as sensitive log data could be accessed by unauthorized parties.", - "title": "Ensure that CloudWatch Log Groups are not publicly accessible", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices" - ], - "uid": "prowler-aws-cloudwatch_log_group_not_publicly_accessible-211203495394-eu-west-1-/aws/rds/cluster/ex-rds/postgresql" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:logs:eu-west-1:211203495394:log-group:/aws/rds/cluster/ex-rds/postgresql:*", - "name": "/aws/rds/cluster/ex-rds/postgresql", - "retention_days": 7, - "never_expire": false, - "kms_id": null, - "region": "eu-west-1", - "log_streams": {}, - "tags": [] - } - }, - "group": { - "name": "cloudwatch" - }, - "labels": [], - "name": "/aws/rds/cluster/ex-rds/postgresql", - "type": "Other", - "uid": "arn:aws:logs:eu-west-1:211203495394:log-group:/aws/rds/cluster/ex-rds/postgresql:*" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Ensure that CloudWatch Log Groups are not publicly accessible. Review and remove any resource policies that allow public access (Principal: '*') to log groups.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/iam-access-control-overview-cwl.html" - ] - }, - "risk_details": "Publicly accessible CloudWatch Log Groups can expose sensitive information, leading to data breaches or unauthorized access. It is important to ensure that log groups are only accessible by trusted entities.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Log Group /aws/rds/cluster/ex-rds/postgresql has less than 365 days retention period (7 days).", - "metadata": { - "event_code": "cloudwatch_log_group_retention_policy_specific_days_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Log Group /aws/rds/cluster/ex-rds/postgresql has less than 365 days retention period (7 days).", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/AWS_Logs.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_3_1", - "3_6_1", - "3_6_2" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_4" - ], - "HIPAA": [ - "164_312_b" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_c_1_2" - ], - "C5-2025": [ - "AM-01.01AC", - "OPS-11.02AC", - "OPS-14.01B", - "OPS-14.02B", - "OPS-26.05B", - "OPS-26.01AS", - "PI-03.02B", - "PSS-04.01B" - ], - "FedRamp-Moderate-Revision-4": [ - "au-6-1-3", - "au-11", - "si-12" - ], - "NIST-800-53-Revision-5": [ - "ac_16_b", - "au_6_3", - "au_6_4", - "au_6_6", - "au_6_9", - "au_10", - "au_11", - "au_11_1", - "au_12_1", - "au_12_2", - "au_12_3", - "au_14_a", - "au_14_b", - "ca_7_b", - "pm_14_a_1", - "pm_14_b", - "pm_21_b", - "pm_31", - "sc_28_2", - "si_4_17", - "si_12" - ], - "ENS-RD2022": [ - "op.exp.8.r3.aws.cw.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "PCI-4.0": [ - "10.5.1.4", - "3.2.1.3", - "3.3.1.1.3", - "3.3.1.3.3", - "3.3.2.3", - "3.3.3.3", - "5.3.4.11" - ], - "FedRAMP-Low-Revision-4": [ - "au-11" - ], - "FFIEC": [ - "d2-ma-ma-b-1" - ], - "PCI-3.2.1": [ - "10.1", - "10.7", - "10.7.b", - "10.7.c" - ], - "CCC": [ - "CCC.Logging.CN02.AR01", - "CCC.Logging.CN02.AR02" - ], - "GxP-21-CFR-Part-11": [ - "11.10-c", - "11.10-e" - ], - "ProwlerThreatScore-1.0": [ - "3.2.2" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC03-BP06" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "NIST-800-53-Revision-4": [ - "au_11", - "si_12" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "NIS2": [ - "1.1.1.h", - "3.2.3.c", - "3.2.5", - "4.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Check if CloudWatch Log Groups have a retention policy of specific days.", - "title": "Check if CloudWatch Log Groups have a retention policy of specific days.", - "types": [ - "Data Retention" - ], - "uid": "prowler-aws-cloudwatch_log_group_retention_policy_specific_days_enabled-211203495394-eu-west-1-/aws/rds/cluster/ex-rds/postgresql" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:logs:eu-west-1:211203495394:log-group:/aws/rds/cluster/ex-rds/postgresql:*", - "name": "/aws/rds/cluster/ex-rds/postgresql", - "retention_days": 7, - "never_expire": false, - "kms_id": null, - "region": "eu-west-1", - "log_streams": {}, - "tags": [] - } - }, - "group": { - "name": "cloudwatch" - }, - "labels": [], - "name": "/aws/rds/cluster/ex-rds/postgresql", - "type": "AwsLogsLogGroup", - "uid": "arn:aws:logs:eu-west-1:211203495394:log-group:/aws/rds/cluster/ex-rds/postgresql:*" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Add Log Retention policy of specific days to log groups. This will persist logs and traces for a long time.", - "references": [ - "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/AWS_Logs.html" - ] - }, - "risk_details": "If log groups have a low retention policy of less than specific days, crucial logs and data can be lost.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudWatch log groups found with metric filters or alarms associated.", - "metadata": { - "event_code": "cloudwatch_log_metric_filter_and_alarm_for_aws_config_configuration_changes_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudWatch log groups found with metric filters or alarms associated.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Logging and Monitoring", - "compliance": { - "SOC2": [ - "cc_5_2" - ], - "C5-2025": [ - "OIS-04.03B", - "OIS-04.01AC", - "OIS-04.02AC", - "HR-03.02AC", - "AM-01.01AC", - "AM-09.03AC", - "OPS-11.02AC", - "OPS-13.03AC", - "OPS-26.05B", - "OPS-26.01AS", - "OPS-26.06B", - "PSS-04.01B" - ], - "NIST-CSF-1.1": [ - "cm_2", - "ra_5", - "sc_4" - ], - "CIS-3.0": [ - "4.9" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "4.9" - ], - "GDPR": [ - "article_25" - ], - "CIS-5.0": [ - "4.9" - ], - "CIS-1.4": [ - "4.9" - ], - "CCC": [ - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.Core.CN04.AR01" - ], - "ProwlerThreatScore-1.0": [ - "3.3.10" - ], - "CIS-1.5": [ - "4.9" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP04" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "KISA-ISMS-P-2023": [ - "2.10.1", - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1496" - ], - "CIS-2.0": [ - "4.9" - ], - "NIS2": [ - "2.2.3", - "3.2.3.c", - "3.2.3.f", - "3.2.3.g", - "3.5.4", - "7.2.b" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure a log metric filter and alarm exist for AWS Config configuration changes.", - "title": "Ensure a log metric filter and alarm exist for AWS Config configuration changes.", - "types": [ - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudwatch_log_metric_filter_and_alarm_for_aws_config_configuration_changes_enabled-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudwatch" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudWatchAlarm", - "uid": "arn:aws:logs:us-east-1:211203495394:log-group" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "It is recommended that a metric filter and alarm be established for unauthorized requests.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html" - ] - }, - "risk_details": "Monitoring unauthorized API calls will help reveal application errors and may reduce time to detect malicious activity.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudWatch log groups found with metric filters or alarms associated.", - "metadata": { - "event_code": "cloudwatch_log_metric_filter_and_alarm_for_cloudtrail_configuration_changes_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudWatch log groups found with metric filters or alarms associated.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Logging and Monitoring", - "compliance": { - "SOC2": [ - "cc_5_2" - ], - "C5-2025": [ - "OIS-04.03B", - "OIS-04.01AC", - "OIS-04.02AC", - "HR-03.02AC", - "AM-01.01AC", - "AM-09.03AC", - "OPS-11.02AC", - "OPS-13.03AC", - "OPS-26.05B", - "OPS-26.01AS", - "OPS-26.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-04.01B" - ], - "NIST-CSF-1.1": [ - "cm_2", - "ra_5", - "sc_4" - ], - "CIS-3.0": [ - "4.5" - ], - "ENS-RD2022": [ - "op.exp.8.aws.ct.2", - "op.exp.8.r1.aws.ct.2", - "op.exp.8.r1.aws.ct.3" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "4.5" - ], - "GDPR": [ - "article_25" - ], - "CIS-5.0": [ - "4.5" - ], - "CIS-1.4": [ - "4.5" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN03.AR02", - "CCC.LB.CN04.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Monitor.CN02.AR01", - "CCC.Core.CN09.AR02", - "CCC.Core.CN09.AR03", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR03" - ], - "ProwlerThreatScore-1.0": [ - "3.3.6" - ], - "CIS-1.5": [ - "4.5" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP04" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "AWS-Account-Security-Onboarding": [ - "Critical alert on cloudtrail settings changes" - ], - "KISA-ISMS-P-2023": [ - "2.10.1", - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1496" - ], - "CIS-2.0": [ - "4.5" - ], - "CISA": [ - "your-data-2" - ], - "NIS2": [ - "2.2.3", - "3.2.3.c", - "3.2.3.f", - "3.2.3.g", - "3.2.4", - "3.5.4", - "7.2.b" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure a log metric filter and alarm exist for CloudTrail configuration changes.", - "title": "Ensure a log metric filter and alarm exist for CloudTrail configuration changes.", - "types": [ - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudwatch_log_metric_filter_and_alarm_for_cloudtrail_configuration_changes_enabled-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudwatch" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudWatchAlarm", - "uid": "arn:aws:logs:us-east-1:211203495394:log-group" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "It is recommended that a metric filter and alarm be established for unauthorized requests.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html" - ] - }, - "risk_details": "Monitoring unauthorized API calls will help reveal application errors and may reduce time to detect malicious activity.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudWatch log groups found with metric filters or alarms associated.", - "metadata": { - "event_code": "cloudwatch_log_metric_filter_authentication_failures", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudWatch log groups found with metric filters or alarms associated.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Logging and Monitoring", - "compliance": { - "HIPAA": [ - "164_308_a_5_ii_c", - "164_308_a_6_i", - "164_308_a_6_ii" - ], - "C5-2025": [ - "OIS-04.01AC", - "OIS-04.02AC", - "HR-03.02AC", - "AM-01.01AC", - "AM-09.03AC", - "OPS-11.02AC", - "OPS-26.05B", - "OPS-26.01AS", - "OPS-26.06B", - "IAM-03.01AC", - "PSS-04.01B" - ], - "NIST-CSF-1.1": [ - "cm_2", - "ra_5", - "sc_4" - ], - "CIS-3.0": [ - "4.6" - ], - "ENS-RD2022": [ - "op.exp.8.aws.ct.5" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "4.6" - ], - "GDPR": [ - "article_25" - ], - "CIS-5.0": [ - "4.6" - ], - "CIS-1.4": [ - "4.6" - ], - "CCC": [ - "CCC.Monitor.CN02.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR03" - ], - "ProwlerThreatScore-1.0": [ - "3.3.7" - ], - "CIS-1.5": [ - "4.6" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP04" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "AWS-Account-Security-Onboarding": [ - "Alert on rise of ConsoleLoginFailures events" - ], - "KISA-ISMS-P-2023": [ - "2.10.1", - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1496" - ], - "CIS-2.0": [ - "4.6" - ], - "NIS2": [ - "3.2.3.c", - "3.2.3.d", - "3.2.3.g", - "3.5.4", - "7.2.b" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure a log metric filter and alarm exist for AWS Management Console authentication failures.", - "title": "Ensure a log metric filter and alarm exist for AWS Management Console authentication failures.", - "types": [ - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudwatch_log_metric_filter_authentication_failures-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudwatch" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudWatchAlarm", - "uid": "arn:aws:logs:us-east-1:211203495394:log-group" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "It is recommended that a metric filter and alarm be established for unauthorized requests.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html" - ] - }, - "risk_details": "Monitoring unauthorized API calls will help reveal application errors and may reduce time to detect malicious activity.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudWatch log groups found with metric filters or alarms associated.", - "metadata": { - "event_code": "cloudwatch_log_metric_filter_aws_organizations_changes", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudWatch log groups found with metric filters or alarms associated.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Logging and Monitoring", - "compliance": { - "SOC2": [ - "cc_5_2" - ], - "C5-2025": [ - "OIS-04.03B", - "OIS-04.01AC", - "OIS-04.02AC", - "HR-03.02AC", - "AM-01.01AC", - "AM-09.03AC", - "OPS-11.02AC", - "OPS-26.05B", - "OPS-26.01AS", - "OPS-26.06B", - "PSS-04.01B" - ], - "CIS-3.0": [ - "4.15" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "4.15" - ], - "CIS-5.0": [ - "4.15" - ], - "CIS-1.4": [ - "4.15" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR02" - ], - "ProwlerThreatScore-1.0": [ - "3.3.16" - ], - "CIS-1.5": [ - "4.15" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP04" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "KISA-ISMS-P-2023": [ - "2.10.1", - "2.10.2", - "2.11.3" - ], - "MITRE-ATTACK": [ - "T1496" - ], - "CIS-2.0": [ - "4.15" - ], - "NIS2": [ - "2.2.3", - "3.2.2", - "3.2.3.b", - "3.2.3.c", - "3.2.3.f", - "3.2.3.g", - "3.5.4", - "7.2.b", - "11.5.2.d" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure a log metric filter and alarm exist for AWS Organizations changes.", - "title": "Ensure a log metric filter and alarm exist for AWS Organizations changes.", - "types": [ - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudwatch_log_metric_filter_aws_organizations_changes-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudwatch" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudWatchAlarm", - "uid": "arn:aws:logs:us-east-1:211203495394:log-group" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "It is recommended that a metric filter and alarm be established for unauthorized requests.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html" - ] - }, - "risk_details": "Monitoring unauthorized API calls will help reveal application errors and may reduce time to detect malicious activity.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudWatch log groups found with metric filters or alarms associated.", - "metadata": { - "event_code": "cloudwatch_log_metric_filter_disable_or_scheduled_deletion_of_kms_cmk", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudWatch log groups found with metric filters or alarms associated.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Logging and Monitoring", - "compliance": { - "C5-2025": [ - "OIS-04.02AC", - "OIS-08.02B", - "HR-03.02AC", - "AM-01.01AC", - "AM-07.02B", - "AM-09.03AC", - "OPS-11.02AC", - "OPS-26.05B", - "OPS-26.01AS", - "OPS-26.06B", - "CRY-05.02B", - "PSS-04.01B" - ], - "NIST-CSF-1.1": [ - "cm_2", - "ra_5", - "sc_4" - ], - "CIS-3.0": [ - "4.7" - ], - "ENS-RD2022": [ - "op.exp.10.aws.cmk.4", - "op.exp.10.aws.cmk.5" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "4.7" - ], - "GDPR": [ - "article_25" - ], - "CIS-5.0": [ - "4.7" - ], - "CIS-1.4": [ - "4.7" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR02", - "CCC.Core.CN04.AR01" - ], - "ProwlerThreatScore-1.0": [ - "3.3.8" - ], - "CIS-1.5": [ - "4.7" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP04" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "KISA-ISMS-P-2023": [ - "2.10.1", - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.10.1", - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1485", - "T1496" - ], - "CIS-2.0": [ - "4.7" - ], - "NIS2": [ - "3.2.3.c", - "3.2.3.g", - "3.5.4", - "7.2.b" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure a log metric filter and alarm exist for disabling or scheduled deletion of customer created KMS CMKs.", - "title": "Ensure a log metric filter and alarm exist for disabling or scheduled deletion of customer created KMS CMKs.", - "types": [ - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudwatch_log_metric_filter_disable_or_scheduled_deletion_of_kms_cmk-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudwatch" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudWatchAlarm", - "uid": "arn:aws:logs:us-east-1:211203495394:log-group" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "It is recommended that a metric filter and alarm be established for unauthorized requests.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html" - ] - }, - "risk_details": "Monitoring unauthorized API calls will help reveal application errors and may reduce time to detect malicious activity.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudWatch log groups found with metric filters or alarms associated.", - "metadata": { - "event_code": "cloudwatch_log_metric_filter_for_s3_bucket_policy_changes", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudWatch log groups found with metric filters or alarms associated.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Logging and Monitoring", - "compliance": { - "SOC2": [ - "cc_5_2" - ], - "C5-2025": [ - "OIS-04.03B", - "OIS-04.01AC", - "OIS-04.02AC", - "HR-03.02AC", - "AM-01.01AC", - "AM-09.03AC", - "OPS-11.02AC", - "OPS-26.05B", - "OPS-26.01AS", - "OPS-26.06B", - "PSS-04.01B" - ], - "NIST-CSF-1.1": [ - "cm_2", - "ra_5", - "sc_4" - ], - "CIS-3.0": [ - "4.8" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "4.8" - ], - "GDPR": [ - "article_25" - ], - "CIS-5.0": [ - "4.8" - ], - "CIS-1.4": [ - "4.8" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR02", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.Core.CN04.AR01" - ], - "ProwlerThreatScore-1.0": [ - "3.3.9" - ], - "CIS-1.5": [ - "4.8" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP04" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "KISA-ISMS-P-2023": [ - "2.10.1", - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1496" - ], - "CIS-2.0": [ - "4.8" - ], - "NIS2": [ - "2.2.3", - "3.2.3.b", - "3.2.3.c", - "3.2.3.f", - "3.2.3.g", - "3.5.4", - "7.2.b" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure a log metric filter and alarm exist for S3 bucket policy changes.", - "title": "Ensure a log metric filter and alarm exist for S3 bucket policy changes.", - "types": [ - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudwatch_log_metric_filter_for_s3_bucket_policy_changes-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudwatch" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudWatchAlarm", - "uid": "arn:aws:logs:us-east-1:211203495394:log-group" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "It is recommended that a metric filter and alarm be established for unauthorized requests.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html" - ] - }, - "risk_details": "Monitoring unauthorized API calls will help reveal application errors and may reduce time to detect malicious activity.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudWatch log groups found with metric filters or alarms associated.", - "metadata": { - "event_code": "cloudwatch_log_metric_filter_policy_changes", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudWatch log groups found with metric filters or alarms associated.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Logging and Monitoring", - "compliance": { - "SOC2": [ - "cc_5_2" - ], - "C5-2025": [ - "OIS-04.03B", - "OIS-04.01AC", - "OIS-04.02AC", - "HR-03.02AC", - "AM-01.01AC", - "AM-09.03AC", - "OPS-11.02AC", - "OPS-26.05B", - "OPS-26.01AS", - "OPS-26.06B", - "PSS-04.01B" - ], - "NIST-CSF-1.1": [ - "cm_2", - "ra_5", - "sc_4" - ], - "CIS-3.0": [ - "4.4" - ], - "ENS-RD2022": [ - "op.exp.8.aws.ct.5" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "4.4" - ], - "GDPR": [ - "article_25" - ], - "PCI-3.2.1": [ - "8.1", - "8.1.2" - ], - "CIS-5.0": [ - "4.4" - ], - "CIS-1.4": [ - "4.4" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.Core.CN04.AR01" - ], - "ProwlerThreatScore-1.0": [ - "3.3.5" - ], - "CIS-1.5": [ - "4.4" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP04" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "KISA-ISMS-P-2023": [ - "2.10.1", - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1496" - ], - "CIS-2.0": [ - "4.4" - ], - "NIS2": [ - "2.2.3", - "3.2.2", - "3.2.3.b", - "3.2.3.c", - "3.2.3.f", - "3.2.3.g", - "3.5.4", - "7.2.b", - "11.5.2.d" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure a log metric filter and alarm exist for IAM policy changes.", - "title": "Ensure a log metric filter and alarm exist for IAM policy changes.", - "types": [ - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudwatch_log_metric_filter_policy_changes-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudwatch" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudWatchAlarm", - "uid": "arn:aws:logs:us-east-1:211203495394:log-group" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "It is recommended that a metric filter and alarm be established for unauthorized requests.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html" - ] - }, - "risk_details": "Monitoring unauthorized API calls will help reveal application errors and may reduce time to detect malicious activity.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudWatch log groups found with metric filters or alarms associated.", - "metadata": { - "event_code": "cloudwatch_log_metric_filter_root_usage", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudWatch log groups found with metric filters or alarms associated.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Logging and Monitoring", - "compliance": { - "HIPAA": [ - "164_308_a_6_i", - "164_308_a_6_ii" - ], - "C5-2025": [ - "OIS-04.01AC", - "OIS-04.02AC", - "HR-03.02AC", - "AM-01.01AC", - "AM-09.03AC", - "OPS-11.02AC", - "OPS-26.05B", - "OPS-26.01AS", - "OPS-26.06B", - "IAM-03.01B", - "IAM-03.03B", - "IAM-06.04B", - "IAM-06.05B", - "PSS-04.01B" - ], - "NIST-CSF-1.1": [ - "cm_2", - "ra_5", - "sc_4" - ], - "CIS-3.0": [ - "4.3" - ], - "ENS-RD2022": [ - "op.exp.8.aws.ct.5", - "op.exp.8.aws.cw.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "4.3" - ], - "GDPR": [ - "article_25" - ], - "PCI-3.2.1": [ - "7.2", - "7.2.1" - ], - "CIS-5.0": [ - "4.3" - ], - "CIS-1.4": [ - "4.3" - ], - "CCC": [ - "CCC.Core.CN04.AR01" - ], - "ProwlerThreatScore-1.0": [ - "3.3.4" - ], - "CIS-1.5": [ - "4.3" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP04" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "AWS-Account-Security-Onboarding": [ - "Critical alert on every root user activity" - ], - "KISA-ISMS-P-2023": [ - "2.10.1", - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1496" - ], - "CIS-2.0": [ - "4.3" - ], - "NIS2": [ - "2.3.1", - "3.2.1", - "3.2.2", - "3.2.3.c", - "3.2.3.e", - "3.2.3.g", - "3.5.4", - "7.2.b", - "9.2.c.vii" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure a log metric filter and alarm exist for usage of root account.", - "title": "Ensure a log metric filter and alarm exist for usage of root account.", - "types": [ - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudwatch_log_metric_filter_root_usage-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudwatch" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudWatchAlarm", - "uid": "arn:aws:logs:us-east-1:211203495394:log-group" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "It is recommended that a metric filter and alarm be established for unauthorized requests.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html" - ] - }, - "risk_details": "Monitoring unauthorized API calls will help reveal application errors and may reduce time to detect malicious activity.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudWatch log groups found with metric filters or alarms associated.", - "metadata": { - "event_code": "cloudwatch_log_metric_filter_security_group_changes", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudWatch log groups found with metric filters or alarms associated.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Logging and Monitoring", - "compliance": { - "SOC2": [ - "cc_5_2" - ], - "C5-2025": [ - "OIS-04.03B", - "OIS-04.01AC", - "OIS-04.02AC", - "HR-03.02AC", - "AM-01.01AC", - "AM-09.03AC", - "OPS-11.02AC", - "OPS-26.05B", - "OPS-26.01AS", - "OPS-26.06B", - "PSS-04.01B" - ], - "NIST-CSF-1.1": [ - "cm_2", - "ra_5", - "sc_4" - ], - "CIS-3.0": [ - "4.10" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "4.10" - ], - "GDPR": [ - "article_25" - ], - "CIS-5.0": [ - "4.10" - ], - "CIS-1.4": [ - "4.10" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.Core.CN04.AR01" - ], - "ProwlerThreatScore-1.0": [ - "3.3.11" - ], - "CIS-1.5": [ - "4.10" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP04" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "KISA-ISMS-P-2023": [ - "2.10.1", - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1496" - ], - "CIS-2.0": [ - "4.10" - ], - "NIS2": [ - "2.2.3", - "3.2.2", - "3.2.3.b", - "3.2.3.c", - "3.2.3.f", - "3.2.3.g", - "3.5.4", - "11.5.2.d" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure a log metric filter and alarm exist for security group changes.", - "title": "Ensure a log metric filter and alarm exist for security group changes.", - "types": [ - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudwatch_log_metric_filter_security_group_changes-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudwatch" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudWatchAlarm", - "uid": "arn:aws:logs:us-east-1:211203495394:log-group" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "It is recommended that a metric filter and alarm be established for unauthorized requests.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html" - ] - }, - "risk_details": "Monitoring unauthorized API calls will help reveal application errors and may reduce time to detect malicious activity.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudWatch log groups found with metric filters or alarms associated.", - "metadata": { - "event_code": "cloudwatch_log_metric_filter_sign_in_without_mfa", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudWatch log groups found with metric filters or alarms associated.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Logging and Monitoring", - "compliance": { - "C5-2025": [ - "OIS-04.01AC", - "OIS-04.02AC", - "HR-03.02AC", - "AM-01.01AC", - "AM-09.03AC", - "OPS-11.02AC", - "OPS-16.01B", - "OPS-26.05B", - "OPS-26.01AS", - "OPS-26.06B", - "IAM-03.01AC", - "IAM-09.02B", - "IAM-09.01AC", - "PSS-04.01B", - "PSS-05.01B", - "PSS-07.02B" - ], - "NIST-CSF-1.1": [ - "cm_2", - "ra_5", - "sc_4" - ], - "CIS-3.0": [ - "4.2" - ], - "ENS-RD2022": [ - "op.exp.8.aws.ct.5" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "4.2" - ], - "GDPR": [ - "article_25" - ], - "CIS-5.0": [ - "4.2" - ], - "CIS-1.4": [ - "4.2" - ], - "CCC": [ - "CCC.Core.CN04.AR01" - ], - "ProwlerThreatScore-1.0": [ - "3.3.3" - ], - "CIS-1.5": [ - "4.2" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP04" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "KISA-ISMS-P-2023": [ - "2.10.1", - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1496" - ], - "CIS-2.0": [ - "4.2" - ], - "NIS2": [ - "3.2.3.c", - "3.2.3.d", - "3.2.3.g", - "3.5.4", - "9.2.c.vii", - "11.7.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure a log metric filter and alarm exist for Management Console sign-in without MFA.", - "title": "Ensure a log metric filter and alarm exist for Management Console sign-in without MFA.", - "types": [ - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudwatch_log_metric_filter_sign_in_without_mfa-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudwatch" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudWatchAlarm", - "uid": "arn:aws:logs:us-east-1:211203495394:log-group" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "It is recommended that a metric filter and alarm be established for unauthorized requests.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html" - ] - }, - "risk_details": "Monitoring unauthorized API calls will help reveal application errors and may reduce time to detect malicious activity.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudWatch log groups found with metric filters or alarms associated.", - "metadata": { - "event_code": "cloudwatch_log_metric_filter_unauthorized_api_calls", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudWatch log groups found with metric filters or alarms associated.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Logging and Monitoring", - "compliance": { - "C5-2025": [ - "OIS-04.01AC", - "OIS-04.02AC", - "HR-03.02AC", - "AM-01.01AC", - "AM-09.03AC", - "OPS-11.02AC", - "OPS-26.05B", - "OPS-26.01AS", - "OPS-26.06B", - "IAM-06.05B", - "PSS-04.01B" - ], - "NIST-CSF-1.1": [ - "cm_2", - "ra_5", - "sc_4" - ], - "CIS-3.0": [ - "4.1" - ], - "ENS-RD2022": [ - "op.exp.8.aws.ct.5" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "4.1" - ], - "GDPR": [ - "article_25" - ], - "CIS-5.0": [ - "4.1" - ], - "CIS-1.4": [ - "4.1" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.Core.CN04.AR01" - ], - "ProwlerThreatScore-1.0": [ - "3.3.2" - ], - "CIS-1.5": [ - "4.1" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP04" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "KISA-ISMS-P-2023": [ - "2.10.1", - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1496" - ], - "CIS-2.0": [ - "4.1" - ], - "NIS2": [ - "3.2.3.c", - "3.2.3.g", - "3.2.4", - "3.4.2.c", - "3.5.4" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure a log metric filter and alarm exist for unauthorized API calls.", - "title": "Ensure a log metric filter and alarm exist for unauthorized API calls.", - "types": [ - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudwatch_log_metric_filter_unauthorized_api_calls-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudwatch" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudWatchAlarm", - "uid": "arn:aws:logs:us-east-1:211203495394:log-group" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "It is recommended that a metric filter and alarm be established for unauthorized requests.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html" - ] - }, - "risk_details": "Monitoring unauthorized API calls will help reveal application errors and may reduce time to detect malicious activity.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "AWS Config recorder 211203495394 is disabled.", - "metadata": { - "event_code": "config_recorder_all_regions_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "AWS Config recorder 211203495394 is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "logging", - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://repost.aws/es/questions/QUGcgeerhcTamRkwgdwh_tLQ/enable-aws-config", - "https://www.tenable.com/audits/items/CIS_Amazon_Web_Services_Foundations_v1.5.0_L2.audit:6a5136528bd329139e5969f8f1e5ffbc", - "https://aws.amazon.com/blogs/mt/aws-config-best-practices/" - ], - "notes": "", - "compliance": { - "HIPAA": [ - "164_308_a_1_ii_a" - ], - "SOC2": [ - "cc_2_1", - "cc_3_1", - "cc_3_4", - "cc_8_1" - ], - "C5-2025": [ - "OIS-05.01B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "DEV-08.02B" - ], - "NIST-CSF-1.1": [ - "cm_2", - "am_1", - "ra_5", - "sc_4", - "ip_12" - ], - "CIS-3.0": [ - "3.3" - ], - "ENS-RD2022": [ - "op.exp.1.aws.cfg.1", - "op.exp.1.aws.cfg.2", - "op.exp.3.aws.cfg.1", - "op.exp.3.r3.aws.cfg.1", - "op.mon.3.r2.aws.cfg.1", - "op.mon.3.r6.aws.cfg.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "3.3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "2.4", - "2.4.a", - "10.5", - "10.5.2", - "11.5", - "11.5.a", - "11.5.b" - ], - "CIS-5.0": [ - "3.3" - ], - "CIS-1.4": [ - "3.5" - ], - "GxP-EU-Annex-11": [ - "10-change-and-configuration-management", - "4.5-validation-development-quality", - "4.6-validation-quality-performance" - ], - "ProwlerThreatScore-1.0": [ - "3.3.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "Config.1" - ], - "CIS-1.5": [ - "3.5" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.22" - ], - "AWS-Account-Security-Onboarding": [ - "Enable continuous recording for most of the resources", - "Confirm that records are present in central aggregator" - ], - "KISA-ISMS-P-2023": [ - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1190", - "T1078", - "T1204", - "T1098", - "T1136", - "T1525", - "T1562", - "T1110", - "T1040", - "T1119", - "T1530", - "T1485", - "T1486", - "T1491", - "T1499", - "T1496", - "T1498" - ], - "CIS-2.0": [ - "3.5" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "**AWS accounts** have **AWS Config recorders** active and healthy in each Region. It identifies Regions with no recorder, a disabled recorder, or a recorder in a failure state.", - "title": "AWS Config recorder is enabled and not in failure state or disabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-config_recorder_all_regions_enabled-211203495394-ap-northeast-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-northeast-1", - "data": { - "details": "", - "metadata": { - "name": "211203495394", - "role_arn": "", - "recording": null, - "last_status": null, - "region": "ap-northeast-1" - } - }, - "group": { - "name": "config" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:config:ap-northeast-1:211203495394:recorder" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-northeast-1" - }, - "remediation": { - "desc": "Enable **AWS Config** in every Region with continuous recording and maintain healthy recorder status.", - "references": [ - "https://hub.prowler.com/check/config_recorder_all_regions_enabled" - ] - }, - "risk_details": "**Gaps in Config recording** create **blind spots**. Changes in unmonitored Regions aren't captured, weakening **integrity** and **auditability**. Adversaries can alter resources or stage assets unnoticed, enabling misconfigurations and delaying **incident response**.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "AWS Config recorder 211203495394 is disabled.", - "metadata": { - "event_code": "config_recorder_all_regions_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "AWS Config recorder 211203495394 is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "logging", - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://repost.aws/es/questions/QUGcgeerhcTamRkwgdwh_tLQ/enable-aws-config", - "https://www.tenable.com/audits/items/CIS_Amazon_Web_Services_Foundations_v1.5.0_L2.audit:6a5136528bd329139e5969f8f1e5ffbc", - "https://aws.amazon.com/blogs/mt/aws-config-best-practices/" - ], - "notes": "", - "compliance": { - "HIPAA": [ - "164_308_a_1_ii_a" - ], - "SOC2": [ - "cc_2_1", - "cc_3_1", - "cc_3_4", - "cc_8_1" - ], - "C5-2025": [ - "OIS-05.01B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "DEV-08.02B" - ], - "NIST-CSF-1.1": [ - "cm_2", - "am_1", - "ra_5", - "sc_4", - "ip_12" - ], - "CIS-3.0": [ - "3.3" - ], - "ENS-RD2022": [ - "op.exp.1.aws.cfg.1", - "op.exp.1.aws.cfg.2", - "op.exp.3.aws.cfg.1", - "op.exp.3.r3.aws.cfg.1", - "op.mon.3.r2.aws.cfg.1", - "op.mon.3.r6.aws.cfg.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "3.3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "2.4", - "2.4.a", - "10.5", - "10.5.2", - "11.5", - "11.5.a", - "11.5.b" - ], - "CIS-5.0": [ - "3.3" - ], - "CIS-1.4": [ - "3.5" - ], - "GxP-EU-Annex-11": [ - "10-change-and-configuration-management", - "4.5-validation-development-quality", - "4.6-validation-quality-performance" - ], - "ProwlerThreatScore-1.0": [ - "3.3.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "Config.1" - ], - "CIS-1.5": [ - "3.5" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.22" - ], - "AWS-Account-Security-Onboarding": [ - "Enable continuous recording for most of the resources", - "Confirm that records are present in central aggregator" - ], - "KISA-ISMS-P-2023": [ - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1190", - "T1078", - "T1204", - "T1098", - "T1136", - "T1525", - "T1562", - "T1110", - "T1040", - "T1119", - "T1530", - "T1485", - "T1486", - "T1491", - "T1499", - "T1496", - "T1498" - ], - "CIS-2.0": [ - "3.5" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "**AWS accounts** have **AWS Config recorders** active and healthy in each Region. It identifies Regions with no recorder, a disabled recorder, or a recorder in a failure state.", - "title": "AWS Config recorder is enabled and not in failure state or disabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-config_recorder_all_regions_enabled-211203495394-ap-northeast-2-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-northeast-2", - "data": { - "details": "", - "metadata": { - "name": "211203495394", - "role_arn": "", - "recording": null, - "last_status": null, - "region": "ap-northeast-2" - } - }, - "group": { - "name": "config" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:config:ap-northeast-2:211203495394:recorder" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-northeast-2" - }, - "remediation": { - "desc": "Enable **AWS Config** in every Region with continuous recording and maintain healthy recorder status.", - "references": [ - "https://hub.prowler.com/check/config_recorder_all_regions_enabled" - ] - }, - "risk_details": "**Gaps in Config recording** create **blind spots**. Changes in unmonitored Regions aren't captured, weakening **integrity** and **auditability**. Adversaries can alter resources or stage assets unnoticed, enabling misconfigurations and delaying **incident response**.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "AWS Config recorder 211203495394 is disabled.", - "metadata": { - "event_code": "config_recorder_all_regions_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "AWS Config recorder 211203495394 is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "logging", - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://repost.aws/es/questions/QUGcgeerhcTamRkwgdwh_tLQ/enable-aws-config", - "https://www.tenable.com/audits/items/CIS_Amazon_Web_Services_Foundations_v1.5.0_L2.audit:6a5136528bd329139e5969f8f1e5ffbc", - "https://aws.amazon.com/blogs/mt/aws-config-best-practices/" - ], - "notes": "", - "compliance": { - "HIPAA": [ - "164_308_a_1_ii_a" - ], - "SOC2": [ - "cc_2_1", - "cc_3_1", - "cc_3_4", - "cc_8_1" - ], - "C5-2025": [ - "OIS-05.01B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "DEV-08.02B" - ], - "NIST-CSF-1.1": [ - "cm_2", - "am_1", - "ra_5", - "sc_4", - "ip_12" - ], - "CIS-3.0": [ - "3.3" - ], - "ENS-RD2022": [ - "op.exp.1.aws.cfg.1", - "op.exp.1.aws.cfg.2", - "op.exp.3.aws.cfg.1", - "op.exp.3.r3.aws.cfg.1", - "op.mon.3.r2.aws.cfg.1", - "op.mon.3.r6.aws.cfg.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "3.3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "2.4", - "2.4.a", - "10.5", - "10.5.2", - "11.5", - "11.5.a", - "11.5.b" - ], - "CIS-5.0": [ - "3.3" - ], - "CIS-1.4": [ - "3.5" - ], - "GxP-EU-Annex-11": [ - "10-change-and-configuration-management", - "4.5-validation-development-quality", - "4.6-validation-quality-performance" - ], - "ProwlerThreatScore-1.0": [ - "3.3.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "Config.1" - ], - "CIS-1.5": [ - "3.5" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.22" - ], - "AWS-Account-Security-Onboarding": [ - "Enable continuous recording for most of the resources", - "Confirm that records are present in central aggregator" - ], - "KISA-ISMS-P-2023": [ - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1190", - "T1078", - "T1204", - "T1098", - "T1136", - "T1525", - "T1562", - "T1110", - "T1040", - "T1119", - "T1530", - "T1485", - "T1486", - "T1491", - "T1499", - "T1496", - "T1498" - ], - "CIS-2.0": [ - "3.5" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "**AWS accounts** have **AWS Config recorders** active and healthy in each Region. It identifies Regions with no recorder, a disabled recorder, or a recorder in a failure state.", - "title": "AWS Config recorder is enabled and not in failure state or disabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-config_recorder_all_regions_enabled-211203495394-ap-northeast-3-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-northeast-3", - "data": { - "details": "", - "metadata": { - "name": "211203495394", - "role_arn": "", - "recording": null, - "last_status": null, - "region": "ap-northeast-3" - } - }, - "group": { - "name": "config" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:config:ap-northeast-3:211203495394:recorder" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-northeast-3" - }, - "remediation": { - "desc": "Enable **AWS Config** in every Region with continuous recording and maintain healthy recorder status.", - "references": [ - "https://hub.prowler.com/check/config_recorder_all_regions_enabled" - ] - }, - "risk_details": "**Gaps in Config recording** create **blind spots**. Changes in unmonitored Regions aren't captured, weakening **integrity** and **auditability**. Adversaries can alter resources or stage assets unnoticed, enabling misconfigurations and delaying **incident response**.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "AWS Config recorder 211203495394 is disabled.", - "metadata": { - "event_code": "config_recorder_all_regions_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "AWS Config recorder 211203495394 is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "logging", - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://repost.aws/es/questions/QUGcgeerhcTamRkwgdwh_tLQ/enable-aws-config", - "https://www.tenable.com/audits/items/CIS_Amazon_Web_Services_Foundations_v1.5.0_L2.audit:6a5136528bd329139e5969f8f1e5ffbc", - "https://aws.amazon.com/blogs/mt/aws-config-best-practices/" - ], - "notes": "", - "compliance": { - "HIPAA": [ - "164_308_a_1_ii_a" - ], - "SOC2": [ - "cc_2_1", - "cc_3_1", - "cc_3_4", - "cc_8_1" - ], - "C5-2025": [ - "OIS-05.01B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "DEV-08.02B" - ], - "NIST-CSF-1.1": [ - "cm_2", - "am_1", - "ra_5", - "sc_4", - "ip_12" - ], - "CIS-3.0": [ - "3.3" - ], - "ENS-RD2022": [ - "op.exp.1.aws.cfg.1", - "op.exp.1.aws.cfg.2", - "op.exp.3.aws.cfg.1", - "op.exp.3.r3.aws.cfg.1", - "op.mon.3.r2.aws.cfg.1", - "op.mon.3.r6.aws.cfg.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "3.3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "2.4", - "2.4.a", - "10.5", - "10.5.2", - "11.5", - "11.5.a", - "11.5.b" - ], - "CIS-5.0": [ - "3.3" - ], - "CIS-1.4": [ - "3.5" - ], - "GxP-EU-Annex-11": [ - "10-change-and-configuration-management", - "4.5-validation-development-quality", - "4.6-validation-quality-performance" - ], - "ProwlerThreatScore-1.0": [ - "3.3.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "Config.1" - ], - "CIS-1.5": [ - "3.5" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.22" - ], - "AWS-Account-Security-Onboarding": [ - "Enable continuous recording for most of the resources", - "Confirm that records are present in central aggregator" - ], - "KISA-ISMS-P-2023": [ - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1190", - "T1078", - "T1204", - "T1098", - "T1136", - "T1525", - "T1562", - "T1110", - "T1040", - "T1119", - "T1530", - "T1485", - "T1486", - "T1491", - "T1499", - "T1496", - "T1498" - ], - "CIS-2.0": [ - "3.5" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "**AWS accounts** have **AWS Config recorders** active and healthy in each Region. It identifies Regions with no recorder, a disabled recorder, or a recorder in a failure state.", - "title": "AWS Config recorder is enabled and not in failure state or disabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-config_recorder_all_regions_enabled-211203495394-ap-south-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-south-1", - "data": { - "details": "", - "metadata": { - "name": "211203495394", - "role_arn": "", - "recording": null, - "last_status": null, - "region": "ap-south-1" - } - }, - "group": { - "name": "config" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:config:ap-south-1:211203495394:recorder" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-south-1" - }, - "remediation": { - "desc": "Enable **AWS Config** in every Region with continuous recording and maintain healthy recorder status.", - "references": [ - "https://hub.prowler.com/check/config_recorder_all_regions_enabled" - ] - }, - "risk_details": "**Gaps in Config recording** create **blind spots**. Changes in unmonitored Regions aren't captured, weakening **integrity** and **auditability**. Adversaries can alter resources or stage assets unnoticed, enabling misconfigurations and delaying **incident response**.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "AWS Config recorder 211203495394 is disabled.", - "metadata": { - "event_code": "config_recorder_all_regions_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "AWS Config recorder 211203495394 is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "logging", - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://repost.aws/es/questions/QUGcgeerhcTamRkwgdwh_tLQ/enable-aws-config", - "https://www.tenable.com/audits/items/CIS_Amazon_Web_Services_Foundations_v1.5.0_L2.audit:6a5136528bd329139e5969f8f1e5ffbc", - "https://aws.amazon.com/blogs/mt/aws-config-best-practices/" - ], - "notes": "", - "compliance": { - "HIPAA": [ - "164_308_a_1_ii_a" - ], - "SOC2": [ - "cc_2_1", - "cc_3_1", - "cc_3_4", - "cc_8_1" - ], - "C5-2025": [ - "OIS-05.01B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "DEV-08.02B" - ], - "NIST-CSF-1.1": [ - "cm_2", - "am_1", - "ra_5", - "sc_4", - "ip_12" - ], - "CIS-3.0": [ - "3.3" - ], - "ENS-RD2022": [ - "op.exp.1.aws.cfg.1", - "op.exp.1.aws.cfg.2", - "op.exp.3.aws.cfg.1", - "op.exp.3.r3.aws.cfg.1", - "op.mon.3.r2.aws.cfg.1", - "op.mon.3.r6.aws.cfg.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "3.3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "2.4", - "2.4.a", - "10.5", - "10.5.2", - "11.5", - "11.5.a", - "11.5.b" - ], - "CIS-5.0": [ - "3.3" - ], - "CIS-1.4": [ - "3.5" - ], - "GxP-EU-Annex-11": [ - "10-change-and-configuration-management", - "4.5-validation-development-quality", - "4.6-validation-quality-performance" - ], - "ProwlerThreatScore-1.0": [ - "3.3.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "Config.1" - ], - "CIS-1.5": [ - "3.5" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.22" - ], - "AWS-Account-Security-Onboarding": [ - "Enable continuous recording for most of the resources", - "Confirm that records are present in central aggregator" - ], - "KISA-ISMS-P-2023": [ - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1190", - "T1078", - "T1204", - "T1098", - "T1136", - "T1525", - "T1562", - "T1110", - "T1040", - "T1119", - "T1530", - "T1485", - "T1486", - "T1491", - "T1499", - "T1496", - "T1498" - ], - "CIS-2.0": [ - "3.5" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "**AWS accounts** have **AWS Config recorders** active and healthy in each Region. It identifies Regions with no recorder, a disabled recorder, or a recorder in a failure state.", - "title": "AWS Config recorder is enabled and not in failure state or disabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-config_recorder_all_regions_enabled-211203495394-ap-southeast-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-southeast-1", - "data": { - "details": "", - "metadata": { - "name": "211203495394", - "role_arn": "", - "recording": null, - "last_status": null, - "region": "ap-southeast-1" - } - }, - "group": { - "name": "config" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:config:ap-southeast-1:211203495394:recorder" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-southeast-1" - }, - "remediation": { - "desc": "Enable **AWS Config** in every Region with continuous recording and maintain healthy recorder status.", - "references": [ - "https://hub.prowler.com/check/config_recorder_all_regions_enabled" - ] - }, - "risk_details": "**Gaps in Config recording** create **blind spots**. Changes in unmonitored Regions aren't captured, weakening **integrity** and **auditability**. Adversaries can alter resources or stage assets unnoticed, enabling misconfigurations and delaying **incident response**.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "AWS Config recorder 211203495394 is disabled.", - "metadata": { - "event_code": "config_recorder_all_regions_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "AWS Config recorder 211203495394 is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "logging", - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://repost.aws/es/questions/QUGcgeerhcTamRkwgdwh_tLQ/enable-aws-config", - "https://www.tenable.com/audits/items/CIS_Amazon_Web_Services_Foundations_v1.5.0_L2.audit:6a5136528bd329139e5969f8f1e5ffbc", - "https://aws.amazon.com/blogs/mt/aws-config-best-practices/" - ], - "notes": "", - "compliance": { - "HIPAA": [ - "164_308_a_1_ii_a" - ], - "SOC2": [ - "cc_2_1", - "cc_3_1", - "cc_3_4", - "cc_8_1" - ], - "C5-2025": [ - "OIS-05.01B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "DEV-08.02B" - ], - "NIST-CSF-1.1": [ - "cm_2", - "am_1", - "ra_5", - "sc_4", - "ip_12" - ], - "CIS-3.0": [ - "3.3" - ], - "ENS-RD2022": [ - "op.exp.1.aws.cfg.1", - "op.exp.1.aws.cfg.2", - "op.exp.3.aws.cfg.1", - "op.exp.3.r3.aws.cfg.1", - "op.mon.3.r2.aws.cfg.1", - "op.mon.3.r6.aws.cfg.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "3.3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "2.4", - "2.4.a", - "10.5", - "10.5.2", - "11.5", - "11.5.a", - "11.5.b" - ], - "CIS-5.0": [ - "3.3" - ], - "CIS-1.4": [ - "3.5" - ], - "GxP-EU-Annex-11": [ - "10-change-and-configuration-management", - "4.5-validation-development-quality", - "4.6-validation-quality-performance" - ], - "ProwlerThreatScore-1.0": [ - "3.3.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "Config.1" - ], - "CIS-1.5": [ - "3.5" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.22" - ], - "AWS-Account-Security-Onboarding": [ - "Enable continuous recording for most of the resources", - "Confirm that records are present in central aggregator" - ], - "KISA-ISMS-P-2023": [ - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1190", - "T1078", - "T1204", - "T1098", - "T1136", - "T1525", - "T1562", - "T1110", - "T1040", - "T1119", - "T1530", - "T1485", - "T1486", - "T1491", - "T1499", - "T1496", - "T1498" - ], - "CIS-2.0": [ - "3.5" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "**AWS accounts** have **AWS Config recorders** active and healthy in each Region. It identifies Regions with no recorder, a disabled recorder, or a recorder in a failure state.", - "title": "AWS Config recorder is enabled and not in failure state or disabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-config_recorder_all_regions_enabled-211203495394-ap-southeast-2-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-southeast-2", - "data": { - "details": "", - "metadata": { - "name": "211203495394", - "role_arn": "", - "recording": null, - "last_status": null, - "region": "ap-southeast-2" - } - }, - "group": { - "name": "config" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:config:ap-southeast-2:211203495394:recorder" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-southeast-2" - }, - "remediation": { - "desc": "Enable **AWS Config** in every Region with continuous recording and maintain healthy recorder status.", - "references": [ - "https://hub.prowler.com/check/config_recorder_all_regions_enabled" - ] - }, - "risk_details": "**Gaps in Config recording** create **blind spots**. Changes in unmonitored Regions aren't captured, weakening **integrity** and **auditability**. Adversaries can alter resources or stage assets unnoticed, enabling misconfigurations and delaying **incident response**.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "AWS Config recorder 211203495394 is disabled.", - "metadata": { - "event_code": "config_recorder_all_regions_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "AWS Config recorder 211203495394 is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "logging", - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://repost.aws/es/questions/QUGcgeerhcTamRkwgdwh_tLQ/enable-aws-config", - "https://www.tenable.com/audits/items/CIS_Amazon_Web_Services_Foundations_v1.5.0_L2.audit:6a5136528bd329139e5969f8f1e5ffbc", - "https://aws.amazon.com/blogs/mt/aws-config-best-practices/" - ], - "notes": "", - "compliance": { - "HIPAA": [ - "164_308_a_1_ii_a" - ], - "SOC2": [ - "cc_2_1", - "cc_3_1", - "cc_3_4", - "cc_8_1" - ], - "C5-2025": [ - "OIS-05.01B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "DEV-08.02B" - ], - "NIST-CSF-1.1": [ - "cm_2", - "am_1", - "ra_5", - "sc_4", - "ip_12" - ], - "CIS-3.0": [ - "3.3" - ], - "ENS-RD2022": [ - "op.exp.1.aws.cfg.1", - "op.exp.1.aws.cfg.2", - "op.exp.3.aws.cfg.1", - "op.exp.3.r3.aws.cfg.1", - "op.mon.3.r2.aws.cfg.1", - "op.mon.3.r6.aws.cfg.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "3.3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "2.4", - "2.4.a", - "10.5", - "10.5.2", - "11.5", - "11.5.a", - "11.5.b" - ], - "CIS-5.0": [ - "3.3" - ], - "CIS-1.4": [ - "3.5" - ], - "GxP-EU-Annex-11": [ - "10-change-and-configuration-management", - "4.5-validation-development-quality", - "4.6-validation-quality-performance" - ], - "ProwlerThreatScore-1.0": [ - "3.3.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "Config.1" - ], - "CIS-1.5": [ - "3.5" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.22" - ], - "AWS-Account-Security-Onboarding": [ - "Enable continuous recording for most of the resources", - "Confirm that records are present in central aggregator" - ], - "KISA-ISMS-P-2023": [ - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1190", - "T1078", - "T1204", - "T1098", - "T1136", - "T1525", - "T1562", - "T1110", - "T1040", - "T1119", - "T1530", - "T1485", - "T1486", - "T1491", - "T1499", - "T1496", - "T1498" - ], - "CIS-2.0": [ - "3.5" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "**AWS accounts** have **AWS Config recorders** active and healthy in each Region. It identifies Regions with no recorder, a disabled recorder, or a recorder in a failure state.", - "title": "AWS Config recorder is enabled and not in failure state or disabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-config_recorder_all_regions_enabled-211203495394-ca-central-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ca-central-1", - "data": { - "details": "", - "metadata": { - "name": "211203495394", - "role_arn": "", - "recording": null, - "last_status": null, - "region": "ca-central-1" - } - }, - "group": { - "name": "config" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:config:ca-central-1:211203495394:recorder" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ca-central-1" - }, - "remediation": { - "desc": "Enable **AWS Config** in every Region with continuous recording and maintain healthy recorder status.", - "references": [ - "https://hub.prowler.com/check/config_recorder_all_regions_enabled" - ] - }, - "risk_details": "**Gaps in Config recording** create **blind spots**. Changes in unmonitored Regions aren't captured, weakening **integrity** and **auditability**. Adversaries can alter resources or stage assets unnoticed, enabling misconfigurations and delaying **incident response**.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "AWS Config recorder 211203495394 is disabled.", - "metadata": { - "event_code": "config_recorder_all_regions_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "AWS Config recorder 211203495394 is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "logging", - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://repost.aws/es/questions/QUGcgeerhcTamRkwgdwh_tLQ/enable-aws-config", - "https://www.tenable.com/audits/items/CIS_Amazon_Web_Services_Foundations_v1.5.0_L2.audit:6a5136528bd329139e5969f8f1e5ffbc", - "https://aws.amazon.com/blogs/mt/aws-config-best-practices/" - ], - "notes": "", - "compliance": { - "HIPAA": [ - "164_308_a_1_ii_a" - ], - "SOC2": [ - "cc_2_1", - "cc_3_1", - "cc_3_4", - "cc_8_1" - ], - "C5-2025": [ - "OIS-05.01B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "DEV-08.02B" - ], - "NIST-CSF-1.1": [ - "cm_2", - "am_1", - "ra_5", - "sc_4", - "ip_12" - ], - "CIS-3.0": [ - "3.3" - ], - "ENS-RD2022": [ - "op.exp.1.aws.cfg.1", - "op.exp.1.aws.cfg.2", - "op.exp.3.aws.cfg.1", - "op.exp.3.r3.aws.cfg.1", - "op.mon.3.r2.aws.cfg.1", - "op.mon.3.r6.aws.cfg.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "3.3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "2.4", - "2.4.a", - "10.5", - "10.5.2", - "11.5", - "11.5.a", - "11.5.b" - ], - "CIS-5.0": [ - "3.3" - ], - "CIS-1.4": [ - "3.5" - ], - "GxP-EU-Annex-11": [ - "10-change-and-configuration-management", - "4.5-validation-development-quality", - "4.6-validation-quality-performance" - ], - "ProwlerThreatScore-1.0": [ - "3.3.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "Config.1" - ], - "CIS-1.5": [ - "3.5" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.22" - ], - "AWS-Account-Security-Onboarding": [ - "Enable continuous recording for most of the resources", - "Confirm that records are present in central aggregator" - ], - "KISA-ISMS-P-2023": [ - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1190", - "T1078", - "T1204", - "T1098", - "T1136", - "T1525", - "T1562", - "T1110", - "T1040", - "T1119", - "T1530", - "T1485", - "T1486", - "T1491", - "T1499", - "T1496", - "T1498" - ], - "CIS-2.0": [ - "3.5" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "**AWS accounts** have **AWS Config recorders** active and healthy in each Region. It identifies Regions with no recorder, a disabled recorder, or a recorder in a failure state.", - "title": "AWS Config recorder is enabled and not in failure state or disabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-config_recorder_all_regions_enabled-211203495394-eu-central-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-central-1", - "data": { - "details": "", - "metadata": { - "name": "211203495394", - "role_arn": "", - "recording": null, - "last_status": null, - "region": "eu-central-1" - } - }, - "group": { - "name": "config" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:config:eu-central-1:211203495394:recorder" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-central-1" - }, - "remediation": { - "desc": "Enable **AWS Config** in every Region with continuous recording and maintain healthy recorder status.", - "references": [ - "https://hub.prowler.com/check/config_recorder_all_regions_enabled" - ] - }, - "risk_details": "**Gaps in Config recording** create **blind spots**. Changes in unmonitored Regions aren't captured, weakening **integrity** and **auditability**. Adversaries can alter resources or stage assets unnoticed, enabling misconfigurations and delaying **incident response**.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "AWS Config recorder 211203495394 is disabled.", - "metadata": { - "event_code": "config_recorder_all_regions_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "AWS Config recorder 211203495394 is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "logging", - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://repost.aws/es/questions/QUGcgeerhcTamRkwgdwh_tLQ/enable-aws-config", - "https://www.tenable.com/audits/items/CIS_Amazon_Web_Services_Foundations_v1.5.0_L2.audit:6a5136528bd329139e5969f8f1e5ffbc", - "https://aws.amazon.com/blogs/mt/aws-config-best-practices/" - ], - "notes": "", - "compliance": { - "HIPAA": [ - "164_308_a_1_ii_a" - ], - "SOC2": [ - "cc_2_1", - "cc_3_1", - "cc_3_4", - "cc_8_1" - ], - "C5-2025": [ - "OIS-05.01B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "DEV-08.02B" - ], - "NIST-CSF-1.1": [ - "cm_2", - "am_1", - "ra_5", - "sc_4", - "ip_12" - ], - "CIS-3.0": [ - "3.3" - ], - "ENS-RD2022": [ - "op.exp.1.aws.cfg.1", - "op.exp.1.aws.cfg.2", - "op.exp.3.aws.cfg.1", - "op.exp.3.r3.aws.cfg.1", - "op.mon.3.r2.aws.cfg.1", - "op.mon.3.r6.aws.cfg.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "3.3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "2.4", - "2.4.a", - "10.5", - "10.5.2", - "11.5", - "11.5.a", - "11.5.b" - ], - "CIS-5.0": [ - "3.3" - ], - "CIS-1.4": [ - "3.5" - ], - "GxP-EU-Annex-11": [ - "10-change-and-configuration-management", - "4.5-validation-development-quality", - "4.6-validation-quality-performance" - ], - "ProwlerThreatScore-1.0": [ - "3.3.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "Config.1" - ], - "CIS-1.5": [ - "3.5" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.22" - ], - "AWS-Account-Security-Onboarding": [ - "Enable continuous recording for most of the resources", - "Confirm that records are present in central aggregator" - ], - "KISA-ISMS-P-2023": [ - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1190", - "T1078", - "T1204", - "T1098", - "T1136", - "T1525", - "T1562", - "T1110", - "T1040", - "T1119", - "T1530", - "T1485", - "T1486", - "T1491", - "T1499", - "T1496", - "T1498" - ], - "CIS-2.0": [ - "3.5" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "**AWS accounts** have **AWS Config recorders** active and healthy in each Region. It identifies Regions with no recorder, a disabled recorder, or a recorder in a failure state.", - "title": "AWS Config recorder is enabled and not in failure state or disabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-config_recorder_all_regions_enabled-211203495394-eu-north-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-north-1", - "data": { - "details": "", - "metadata": { - "name": "211203495394", - "role_arn": "", - "recording": null, - "last_status": null, - "region": "eu-north-1" - } - }, - "group": { - "name": "config" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:config:eu-north-1:211203495394:recorder" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-north-1" - }, - "remediation": { - "desc": "Enable **AWS Config** in every Region with continuous recording and maintain healthy recorder status.", - "references": [ - "https://hub.prowler.com/check/config_recorder_all_regions_enabled" - ] - }, - "risk_details": "**Gaps in Config recording** create **blind spots**. Changes in unmonitored Regions aren't captured, weakening **integrity** and **auditability**. Adversaries can alter resources or stage assets unnoticed, enabling misconfigurations and delaying **incident response**.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "AWS Config recorder 211203495394 is disabled.", - "metadata": { - "event_code": "config_recorder_all_regions_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "AWS Config recorder 211203495394 is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "logging", - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://repost.aws/es/questions/QUGcgeerhcTamRkwgdwh_tLQ/enable-aws-config", - "https://www.tenable.com/audits/items/CIS_Amazon_Web_Services_Foundations_v1.5.0_L2.audit:6a5136528bd329139e5969f8f1e5ffbc", - "https://aws.amazon.com/blogs/mt/aws-config-best-practices/" - ], - "notes": "", - "compliance": { - "HIPAA": [ - "164_308_a_1_ii_a" - ], - "SOC2": [ - "cc_2_1", - "cc_3_1", - "cc_3_4", - "cc_8_1" - ], - "C5-2025": [ - "OIS-05.01B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "DEV-08.02B" - ], - "NIST-CSF-1.1": [ - "cm_2", - "am_1", - "ra_5", - "sc_4", - "ip_12" - ], - "CIS-3.0": [ - "3.3" - ], - "ENS-RD2022": [ - "op.exp.1.aws.cfg.1", - "op.exp.1.aws.cfg.2", - "op.exp.3.aws.cfg.1", - "op.exp.3.r3.aws.cfg.1", - "op.mon.3.r2.aws.cfg.1", - "op.mon.3.r6.aws.cfg.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "3.3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "2.4", - "2.4.a", - "10.5", - "10.5.2", - "11.5", - "11.5.a", - "11.5.b" - ], - "CIS-5.0": [ - "3.3" - ], - "CIS-1.4": [ - "3.5" - ], - "GxP-EU-Annex-11": [ - "10-change-and-configuration-management", - "4.5-validation-development-quality", - "4.6-validation-quality-performance" - ], - "ProwlerThreatScore-1.0": [ - "3.3.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "Config.1" - ], - "CIS-1.5": [ - "3.5" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.22" - ], - "AWS-Account-Security-Onboarding": [ - "Enable continuous recording for most of the resources", - "Confirm that records are present in central aggregator" - ], - "KISA-ISMS-P-2023": [ - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1190", - "T1078", - "T1204", - "T1098", - "T1136", - "T1525", - "T1562", - "T1110", - "T1040", - "T1119", - "T1530", - "T1485", - "T1486", - "T1491", - "T1499", - "T1496", - "T1498" - ], - "CIS-2.0": [ - "3.5" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "**AWS accounts** have **AWS Config recorders** active and healthy in each Region. It identifies Regions with no recorder, a disabled recorder, or a recorder in a failure state.", - "title": "AWS Config recorder is enabled and not in failure state or disabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-config_recorder_all_regions_enabled-211203495394-eu-west-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "name": "211203495394", - "role_arn": "", - "recording": null, - "last_status": null, - "region": "eu-west-1" - } - }, - "group": { - "name": "config" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:config:eu-west-1:211203495394:recorder" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Enable **AWS Config** in every Region with continuous recording and maintain healthy recorder status.", - "references": [ - "https://hub.prowler.com/check/config_recorder_all_regions_enabled" - ] - }, - "risk_details": "**Gaps in Config recording** create **blind spots**. Changes in unmonitored Regions aren't captured, weakening **integrity** and **auditability**. Adversaries can alter resources or stage assets unnoticed, enabling misconfigurations and delaying **incident response**.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "AWS Config recorder 211203495394 is disabled.", - "metadata": { - "event_code": "config_recorder_all_regions_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "AWS Config recorder 211203495394 is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "logging", - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://repost.aws/es/questions/QUGcgeerhcTamRkwgdwh_tLQ/enable-aws-config", - "https://www.tenable.com/audits/items/CIS_Amazon_Web_Services_Foundations_v1.5.0_L2.audit:6a5136528bd329139e5969f8f1e5ffbc", - "https://aws.amazon.com/blogs/mt/aws-config-best-practices/" - ], - "notes": "", - "compliance": { - "HIPAA": [ - "164_308_a_1_ii_a" - ], - "SOC2": [ - "cc_2_1", - "cc_3_1", - "cc_3_4", - "cc_8_1" - ], - "C5-2025": [ - "OIS-05.01B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "DEV-08.02B" - ], - "NIST-CSF-1.1": [ - "cm_2", - "am_1", - "ra_5", - "sc_4", - "ip_12" - ], - "CIS-3.0": [ - "3.3" - ], - "ENS-RD2022": [ - "op.exp.1.aws.cfg.1", - "op.exp.1.aws.cfg.2", - "op.exp.3.aws.cfg.1", - "op.exp.3.r3.aws.cfg.1", - "op.mon.3.r2.aws.cfg.1", - "op.mon.3.r6.aws.cfg.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "3.3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "2.4", - "2.4.a", - "10.5", - "10.5.2", - "11.5", - "11.5.a", - "11.5.b" - ], - "CIS-5.0": [ - "3.3" - ], - "CIS-1.4": [ - "3.5" - ], - "GxP-EU-Annex-11": [ - "10-change-and-configuration-management", - "4.5-validation-development-quality", - "4.6-validation-quality-performance" - ], - "ProwlerThreatScore-1.0": [ - "3.3.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "Config.1" - ], - "CIS-1.5": [ - "3.5" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.22" - ], - "AWS-Account-Security-Onboarding": [ - "Enable continuous recording for most of the resources", - "Confirm that records are present in central aggregator" - ], - "KISA-ISMS-P-2023": [ - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1190", - "T1078", - "T1204", - "T1098", - "T1136", - "T1525", - "T1562", - "T1110", - "T1040", - "T1119", - "T1530", - "T1485", - "T1486", - "T1491", - "T1499", - "T1496", - "T1498" - ], - "CIS-2.0": [ - "3.5" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "**AWS accounts** have **AWS Config recorders** active and healthy in each Region. It identifies Regions with no recorder, a disabled recorder, or a recorder in a failure state.", - "title": "AWS Config recorder is enabled and not in failure state or disabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-config_recorder_all_regions_enabled-211203495394-eu-west-2-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-2", - "data": { - "details": "", - "metadata": { - "name": "211203495394", - "role_arn": "", - "recording": null, - "last_status": null, - "region": "eu-west-2" - } - }, - "group": { - "name": "config" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:config:eu-west-2:211203495394:recorder" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-2" - }, - "remediation": { - "desc": "Enable **AWS Config** in every Region with continuous recording and maintain healthy recorder status.", - "references": [ - "https://hub.prowler.com/check/config_recorder_all_regions_enabled" - ] - }, - "risk_details": "**Gaps in Config recording** create **blind spots**. Changes in unmonitored Regions aren't captured, weakening **integrity** and **auditability**. Adversaries can alter resources or stage assets unnoticed, enabling misconfigurations and delaying **incident response**.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "AWS Config recorder 211203495394 is disabled.", - "metadata": { - "event_code": "config_recorder_all_regions_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "AWS Config recorder 211203495394 is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "logging", - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://repost.aws/es/questions/QUGcgeerhcTamRkwgdwh_tLQ/enable-aws-config", - "https://www.tenable.com/audits/items/CIS_Amazon_Web_Services_Foundations_v1.5.0_L2.audit:6a5136528bd329139e5969f8f1e5ffbc", - "https://aws.amazon.com/blogs/mt/aws-config-best-practices/" - ], - "notes": "", - "compliance": { - "HIPAA": [ - "164_308_a_1_ii_a" - ], - "SOC2": [ - "cc_2_1", - "cc_3_1", - "cc_3_4", - "cc_8_1" - ], - "C5-2025": [ - "OIS-05.01B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "DEV-08.02B" - ], - "NIST-CSF-1.1": [ - "cm_2", - "am_1", - "ra_5", - "sc_4", - "ip_12" - ], - "CIS-3.0": [ - "3.3" - ], - "ENS-RD2022": [ - "op.exp.1.aws.cfg.1", - "op.exp.1.aws.cfg.2", - "op.exp.3.aws.cfg.1", - "op.exp.3.r3.aws.cfg.1", - "op.mon.3.r2.aws.cfg.1", - "op.mon.3.r6.aws.cfg.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "3.3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "2.4", - "2.4.a", - "10.5", - "10.5.2", - "11.5", - "11.5.a", - "11.5.b" - ], - "CIS-5.0": [ - "3.3" - ], - "CIS-1.4": [ - "3.5" - ], - "GxP-EU-Annex-11": [ - "10-change-and-configuration-management", - "4.5-validation-development-quality", - "4.6-validation-quality-performance" - ], - "ProwlerThreatScore-1.0": [ - "3.3.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "Config.1" - ], - "CIS-1.5": [ - "3.5" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.22" - ], - "AWS-Account-Security-Onboarding": [ - "Enable continuous recording for most of the resources", - "Confirm that records are present in central aggregator" - ], - "KISA-ISMS-P-2023": [ - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1190", - "T1078", - "T1204", - "T1098", - "T1136", - "T1525", - "T1562", - "T1110", - "T1040", - "T1119", - "T1530", - "T1485", - "T1486", - "T1491", - "T1499", - "T1496", - "T1498" - ], - "CIS-2.0": [ - "3.5" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "**AWS accounts** have **AWS Config recorders** active and healthy in each Region. It identifies Regions with no recorder, a disabled recorder, or a recorder in a failure state.", - "title": "AWS Config recorder is enabled and not in failure state or disabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-config_recorder_all_regions_enabled-211203495394-eu-west-3-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-3", - "data": { - "details": "", - "metadata": { - "name": "211203495394", - "role_arn": "", - "recording": null, - "last_status": null, - "region": "eu-west-3" - } - }, - "group": { - "name": "config" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:config:eu-west-3:211203495394:recorder" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-3" - }, - "remediation": { - "desc": "Enable **AWS Config** in every Region with continuous recording and maintain healthy recorder status.", - "references": [ - "https://hub.prowler.com/check/config_recorder_all_regions_enabled" - ] - }, - "risk_details": "**Gaps in Config recording** create **blind spots**. Changes in unmonitored Regions aren't captured, weakening **integrity** and **auditability**. Adversaries can alter resources or stage assets unnoticed, enabling misconfigurations and delaying **incident response**.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "AWS Config recorder 211203495394 is disabled.", - "metadata": { - "event_code": "config_recorder_all_regions_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "AWS Config recorder 211203495394 is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "logging", - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://repost.aws/es/questions/QUGcgeerhcTamRkwgdwh_tLQ/enable-aws-config", - "https://www.tenable.com/audits/items/CIS_Amazon_Web_Services_Foundations_v1.5.0_L2.audit:6a5136528bd329139e5969f8f1e5ffbc", - "https://aws.amazon.com/blogs/mt/aws-config-best-practices/" - ], - "notes": "", - "compliance": { - "HIPAA": [ - "164_308_a_1_ii_a" - ], - "SOC2": [ - "cc_2_1", - "cc_3_1", - "cc_3_4", - "cc_8_1" - ], - "C5-2025": [ - "OIS-05.01B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "DEV-08.02B" - ], - "NIST-CSF-1.1": [ - "cm_2", - "am_1", - "ra_5", - "sc_4", - "ip_12" - ], - "CIS-3.0": [ - "3.3" - ], - "ENS-RD2022": [ - "op.exp.1.aws.cfg.1", - "op.exp.1.aws.cfg.2", - "op.exp.3.aws.cfg.1", - "op.exp.3.r3.aws.cfg.1", - "op.mon.3.r2.aws.cfg.1", - "op.mon.3.r6.aws.cfg.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "3.3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "2.4", - "2.4.a", - "10.5", - "10.5.2", - "11.5", - "11.5.a", - "11.5.b" - ], - "CIS-5.0": [ - "3.3" - ], - "CIS-1.4": [ - "3.5" - ], - "GxP-EU-Annex-11": [ - "10-change-and-configuration-management", - "4.5-validation-development-quality", - "4.6-validation-quality-performance" - ], - "ProwlerThreatScore-1.0": [ - "3.3.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "Config.1" - ], - "CIS-1.5": [ - "3.5" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.22" - ], - "AWS-Account-Security-Onboarding": [ - "Enable continuous recording for most of the resources", - "Confirm that records are present in central aggregator" - ], - "KISA-ISMS-P-2023": [ - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1190", - "T1078", - "T1204", - "T1098", - "T1136", - "T1525", - "T1562", - "T1110", - "T1040", - "T1119", - "T1530", - "T1485", - "T1486", - "T1491", - "T1499", - "T1496", - "T1498" - ], - "CIS-2.0": [ - "3.5" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "**AWS accounts** have **AWS Config recorders** active and healthy in each Region. It identifies Regions with no recorder, a disabled recorder, or a recorder in a failure state.", - "title": "AWS Config recorder is enabled and not in failure state or disabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-config_recorder_all_regions_enabled-211203495394-sa-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "sa-east-1", - "data": { - "details": "", - "metadata": { - "name": "211203495394", - "role_arn": "", - "recording": null, - "last_status": null, - "region": "sa-east-1" - } - }, - "group": { - "name": "config" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:config:sa-east-1:211203495394:recorder" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "sa-east-1" - }, - "remediation": { - "desc": "Enable **AWS Config** in every Region with continuous recording and maintain healthy recorder status.", - "references": [ - "https://hub.prowler.com/check/config_recorder_all_regions_enabled" - ] - }, - "risk_details": "**Gaps in Config recording** create **blind spots**. Changes in unmonitored Regions aren't captured, weakening **integrity** and **auditability**. Adversaries can alter resources or stage assets unnoticed, enabling misconfigurations and delaying **incident response**.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "AWS Config recorder 211203495394 is disabled.", - "metadata": { - "event_code": "config_recorder_all_regions_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "AWS Config recorder 211203495394 is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "logging", - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://repost.aws/es/questions/QUGcgeerhcTamRkwgdwh_tLQ/enable-aws-config", - "https://www.tenable.com/audits/items/CIS_Amazon_Web_Services_Foundations_v1.5.0_L2.audit:6a5136528bd329139e5969f8f1e5ffbc", - "https://aws.amazon.com/blogs/mt/aws-config-best-practices/" - ], - "notes": "", - "compliance": { - "HIPAA": [ - "164_308_a_1_ii_a" - ], - "SOC2": [ - "cc_2_1", - "cc_3_1", - "cc_3_4", - "cc_8_1" - ], - "C5-2025": [ - "OIS-05.01B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "DEV-08.02B" - ], - "NIST-CSF-1.1": [ - "cm_2", - "am_1", - "ra_5", - "sc_4", - "ip_12" - ], - "CIS-3.0": [ - "3.3" - ], - "ENS-RD2022": [ - "op.exp.1.aws.cfg.1", - "op.exp.1.aws.cfg.2", - "op.exp.3.aws.cfg.1", - "op.exp.3.r3.aws.cfg.1", - "op.mon.3.r2.aws.cfg.1", - "op.mon.3.r6.aws.cfg.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "3.3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "2.4", - "2.4.a", - "10.5", - "10.5.2", - "11.5", - "11.5.a", - "11.5.b" - ], - "CIS-5.0": [ - "3.3" - ], - "CIS-1.4": [ - "3.5" - ], - "GxP-EU-Annex-11": [ - "10-change-and-configuration-management", - "4.5-validation-development-quality", - "4.6-validation-quality-performance" - ], - "ProwlerThreatScore-1.0": [ - "3.3.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "Config.1" - ], - "CIS-1.5": [ - "3.5" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.22" - ], - "AWS-Account-Security-Onboarding": [ - "Enable continuous recording for most of the resources", - "Confirm that records are present in central aggregator" - ], - "KISA-ISMS-P-2023": [ - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1190", - "T1078", - "T1204", - "T1098", - "T1136", - "T1525", - "T1562", - "T1110", - "T1040", - "T1119", - "T1530", - "T1485", - "T1486", - "T1491", - "T1499", - "T1496", - "T1498" - ], - "CIS-2.0": [ - "3.5" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "**AWS accounts** have **AWS Config recorders** active and healthy in each Region. It identifies Regions with no recorder, a disabled recorder, or a recorder in a failure state.", - "title": "AWS Config recorder is enabled and not in failure state or disabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-config_recorder_all_regions_enabled-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "211203495394", - "role_arn": "", - "recording": null, - "last_status": null, - "region": "us-east-1" - } - }, - "group": { - "name": "config" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:config:us-east-1:211203495394:recorder" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Enable **AWS Config** in every Region with continuous recording and maintain healthy recorder status.", - "references": [ - "https://hub.prowler.com/check/config_recorder_all_regions_enabled" - ] - }, - "risk_details": "**Gaps in Config recording** create **blind spots**. Changes in unmonitored Regions aren't captured, weakening **integrity** and **auditability**. Adversaries can alter resources or stage assets unnoticed, enabling misconfigurations and delaying **incident response**.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "AWS Config recorder 211203495394 is disabled.", - "metadata": { - "event_code": "config_recorder_all_regions_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "AWS Config recorder 211203495394 is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "logging", - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://repost.aws/es/questions/QUGcgeerhcTamRkwgdwh_tLQ/enable-aws-config", - "https://www.tenable.com/audits/items/CIS_Amazon_Web_Services_Foundations_v1.5.0_L2.audit:6a5136528bd329139e5969f8f1e5ffbc", - "https://aws.amazon.com/blogs/mt/aws-config-best-practices/" - ], - "notes": "", - "compliance": { - "HIPAA": [ - "164_308_a_1_ii_a" - ], - "SOC2": [ - "cc_2_1", - "cc_3_1", - "cc_3_4", - "cc_8_1" - ], - "C5-2025": [ - "OIS-05.01B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "DEV-08.02B" - ], - "NIST-CSF-1.1": [ - "cm_2", - "am_1", - "ra_5", - "sc_4", - "ip_12" - ], - "CIS-3.0": [ - "3.3" - ], - "ENS-RD2022": [ - "op.exp.1.aws.cfg.1", - "op.exp.1.aws.cfg.2", - "op.exp.3.aws.cfg.1", - "op.exp.3.r3.aws.cfg.1", - "op.mon.3.r2.aws.cfg.1", - "op.mon.3.r6.aws.cfg.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "3.3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "2.4", - "2.4.a", - "10.5", - "10.5.2", - "11.5", - "11.5.a", - "11.5.b" - ], - "CIS-5.0": [ - "3.3" - ], - "CIS-1.4": [ - "3.5" - ], - "GxP-EU-Annex-11": [ - "10-change-and-configuration-management", - "4.5-validation-development-quality", - "4.6-validation-quality-performance" - ], - "ProwlerThreatScore-1.0": [ - "3.3.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "Config.1" - ], - "CIS-1.5": [ - "3.5" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.22" - ], - "AWS-Account-Security-Onboarding": [ - "Enable continuous recording for most of the resources", - "Confirm that records are present in central aggregator" - ], - "KISA-ISMS-P-2023": [ - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1190", - "T1078", - "T1204", - "T1098", - "T1136", - "T1525", - "T1562", - "T1110", - "T1040", - "T1119", - "T1530", - "T1485", - "T1486", - "T1491", - "T1499", - "T1496", - "T1498" - ], - "CIS-2.0": [ - "3.5" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "**AWS accounts** have **AWS Config recorders** active and healthy in each Region. It identifies Regions with no recorder, a disabled recorder, or a recorder in a failure state.", - "title": "AWS Config recorder is enabled and not in failure state or disabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-config_recorder_all_regions_enabled-211203495394-us-east-2-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-2", - "data": { - "details": "", - "metadata": { - "name": "211203495394", - "role_arn": "", - "recording": null, - "last_status": null, - "region": "us-east-2" - } - }, - "group": { - "name": "config" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:config:us-east-2:211203495394:recorder" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-2" - }, - "remediation": { - "desc": "Enable **AWS Config** in every Region with continuous recording and maintain healthy recorder status.", - "references": [ - "https://hub.prowler.com/check/config_recorder_all_regions_enabled" - ] - }, - "risk_details": "**Gaps in Config recording** create **blind spots**. Changes in unmonitored Regions aren't captured, weakening **integrity** and **auditability**. Adversaries can alter resources or stage assets unnoticed, enabling misconfigurations and delaying **incident response**.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "AWS Config recorder 211203495394 is disabled.", - "metadata": { - "event_code": "config_recorder_all_regions_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "AWS Config recorder 211203495394 is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "logging", - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://repost.aws/es/questions/QUGcgeerhcTamRkwgdwh_tLQ/enable-aws-config", - "https://www.tenable.com/audits/items/CIS_Amazon_Web_Services_Foundations_v1.5.0_L2.audit:6a5136528bd329139e5969f8f1e5ffbc", - "https://aws.amazon.com/blogs/mt/aws-config-best-practices/" - ], - "notes": "", - "compliance": { - "HIPAA": [ - "164_308_a_1_ii_a" - ], - "SOC2": [ - "cc_2_1", - "cc_3_1", - "cc_3_4", - "cc_8_1" - ], - "C5-2025": [ - "OIS-05.01B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "DEV-08.02B" - ], - "NIST-CSF-1.1": [ - "cm_2", - "am_1", - "ra_5", - "sc_4", - "ip_12" - ], - "CIS-3.0": [ - "3.3" - ], - "ENS-RD2022": [ - "op.exp.1.aws.cfg.1", - "op.exp.1.aws.cfg.2", - "op.exp.3.aws.cfg.1", - "op.exp.3.r3.aws.cfg.1", - "op.mon.3.r2.aws.cfg.1", - "op.mon.3.r6.aws.cfg.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "3.3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "2.4", - "2.4.a", - "10.5", - "10.5.2", - "11.5", - "11.5.a", - "11.5.b" - ], - "CIS-5.0": [ - "3.3" - ], - "CIS-1.4": [ - "3.5" - ], - "GxP-EU-Annex-11": [ - "10-change-and-configuration-management", - "4.5-validation-development-quality", - "4.6-validation-quality-performance" - ], - "ProwlerThreatScore-1.0": [ - "3.3.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "Config.1" - ], - "CIS-1.5": [ - "3.5" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.22" - ], - "AWS-Account-Security-Onboarding": [ - "Enable continuous recording for most of the resources", - "Confirm that records are present in central aggregator" - ], - "KISA-ISMS-P-2023": [ - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1190", - "T1078", - "T1204", - "T1098", - "T1136", - "T1525", - "T1562", - "T1110", - "T1040", - "T1119", - "T1530", - "T1485", - "T1486", - "T1491", - "T1499", - "T1496", - "T1498" - ], - "CIS-2.0": [ - "3.5" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "**AWS accounts** have **AWS Config recorders** active and healthy in each Region. It identifies Regions with no recorder, a disabled recorder, or a recorder in a failure state.", - "title": "AWS Config recorder is enabled and not in failure state or disabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-config_recorder_all_regions_enabled-211203495394-us-west-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-west-1", - "data": { - "details": "", - "metadata": { - "name": "211203495394", - "role_arn": "", - "recording": null, - "last_status": null, - "region": "us-west-1" - } - }, - "group": { - "name": "config" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:config:us-west-1:211203495394:recorder" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-west-1" - }, - "remediation": { - "desc": "Enable **AWS Config** in every Region with continuous recording and maintain healthy recorder status.", - "references": [ - "https://hub.prowler.com/check/config_recorder_all_regions_enabled" - ] - }, - "risk_details": "**Gaps in Config recording** create **blind spots**. Changes in unmonitored Regions aren't captured, weakening **integrity** and **auditability**. Adversaries can alter resources or stage assets unnoticed, enabling misconfigurations and delaying **incident response**.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "AWS Config recorder 211203495394 is disabled.", - "metadata": { - "event_code": "config_recorder_all_regions_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "AWS Config recorder 211203495394 is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "logging", - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://repost.aws/es/questions/QUGcgeerhcTamRkwgdwh_tLQ/enable-aws-config", - "https://www.tenable.com/audits/items/CIS_Amazon_Web_Services_Foundations_v1.5.0_L2.audit:6a5136528bd329139e5969f8f1e5ffbc", - "https://aws.amazon.com/blogs/mt/aws-config-best-practices/" - ], - "notes": "", - "compliance": { - "HIPAA": [ - "164_308_a_1_ii_a" - ], - "SOC2": [ - "cc_2_1", - "cc_3_1", - "cc_3_4", - "cc_8_1" - ], - "C5-2025": [ - "OIS-05.01B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "DEV-08.02B" - ], - "NIST-CSF-1.1": [ - "cm_2", - "am_1", - "ra_5", - "sc_4", - "ip_12" - ], - "CIS-3.0": [ - "3.3" - ], - "ENS-RD2022": [ - "op.exp.1.aws.cfg.1", - "op.exp.1.aws.cfg.2", - "op.exp.3.aws.cfg.1", - "op.exp.3.r3.aws.cfg.1", - "op.mon.3.r2.aws.cfg.1", - "op.mon.3.r6.aws.cfg.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "3.3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "2.4", - "2.4.a", - "10.5", - "10.5.2", - "11.5", - "11.5.a", - "11.5.b" - ], - "CIS-5.0": [ - "3.3" - ], - "CIS-1.4": [ - "3.5" - ], - "GxP-EU-Annex-11": [ - "10-change-and-configuration-management", - "4.5-validation-development-quality", - "4.6-validation-quality-performance" - ], - "ProwlerThreatScore-1.0": [ - "3.3.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "Config.1" - ], - "CIS-1.5": [ - "3.5" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.22" - ], - "AWS-Account-Security-Onboarding": [ - "Enable continuous recording for most of the resources", - "Confirm that records are present in central aggregator" - ], - "KISA-ISMS-P-2023": [ - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1190", - "T1078", - "T1204", - "T1098", - "T1136", - "T1525", - "T1562", - "T1110", - "T1040", - "T1119", - "T1530", - "T1485", - "T1486", - "T1491", - "T1499", - "T1496", - "T1498" - ], - "CIS-2.0": [ - "3.5" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "**AWS accounts** have **AWS Config recorders** active and healthy in each Region. It identifies Regions with no recorder, a disabled recorder, or a recorder in a failure state.", - "title": "AWS Config recorder is enabled and not in failure state or disabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-config_recorder_all_regions_enabled-211203495394-us-west-2-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-west-2", - "data": { - "details": "", - "metadata": { - "name": "211203495394", - "role_arn": "", - "recording": null, - "last_status": null, - "region": "us-west-2" - } - }, - "group": { - "name": "config" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:config:us-west-2:211203495394:recorder" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-west-2" - }, - "remediation": { - "desc": "Enable **AWS Config** in every Region with continuous recording and maintain healthy recorder status.", - "references": [ - "https://hub.prowler.com/check/config_recorder_all_regions_enabled" - ] - }, - "risk_details": "**Gaps in Config recording** create **blind spots**. Changes in unmonitored Regions aren't captured, weakening **integrity** and **auditability**. Adversaries can alter resources or stage assets unnoticed, enabling misconfigurations and delaying **incident response**.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Network ACL ex-rds-default has every port open to the Internet.", - "metadata": { - "event_code": "ec2_networkacl_allow_ingress_any_port", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Network ACL ex-rds-default has every port open to the Internet.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Infrastructure Security", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_1", - "3_1_2", - "3_1_3", - "3_1_14", - "3_1_20", - "3_4_1", - "3_4_7", - "3_13_1", - "3_13_2", - "3_13_5", - "3_13_6" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_1_3", - "annex_i_5_1" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_312_e_1" - ], - "SOC2": [ - "cc_6_6" - ], - "C5-2025": [ - "PI-01.01AC" - ], - "NIST-CSF-1.1": [ - "ae_1", - "ac_3", - "ac_5", - "pt_4" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-4", - "ac-17-1", - "ac-21-b", - "cm-2", - "sc-4", - "sc-7-3", - "sc-7" - ], - "CIS-3.0": [ - "5.1" - ], - "NIST-800-53-Revision-5": [ - "ac_4_21", - "ac_17_b", - "ac_17_1", - "ac_17_4_a", - "ac_17_9", - "ac_17_10", - "cm_2_a", - "cm_2_2", - "cm_6_a", - "cm_7_b", - "cm_8_6", - "cm_9_b", - "sc_7_5", - "sc_7_7", - "sc_7_11", - "sc_7_12", - "sc_7_16", - "sc_7_21", - "sc_7_24_b", - "sc_7_25", - "sc_7_26", - "sc_7_27", - "sc_7_28", - "sc_7_a", - "sc_7_c" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.1", - "2.10.2" - ], - "CIS-4.0.1": [ - "5.2" - ], - "FedRAMP-Low-Revision-4": [ - "ac-17", - "cm-2", - "sc-7" - ], - "FFIEC": [ - "d3-pc-am-b-10", - "d3-pc-im-b-1", - "d3-pc-im-b-2", - "d3-pc-im-b-6", - "d4-c-co-b-2" - ], - "CIS-5.0": [ - "5.2" - ], - "CIS-1.4": [ - "5.1" - ], - "CCC": [ - "CCC.MLDE.CN07.AR02", - "CCC.Core.CN05.AR05" - ], - "GxP-21-CFR-Part-11": [ - "11.10-d", - "11.10-g", - "11.10-k" - ], - "ProwlerThreatScore-1.0": [ - "2.1.3" - ], - "CIS-1.5": [ - "5.1" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP03" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "NIST-800-53-Revision-4": [ - "ac_4", - "cm_2", - "sc_7_3", - "sc_7" - ], - "KISA-ISMS-P-2023": [ - "2.6.1", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1199", - "T1048", - "T1499", - "T1498", - "T1046" - ], - "CIS-2.0": [ - "5.1" - ], - "CISA": [ - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure no Network ACLs allow ingress from 0.0.0.0/0 to any port.", - "title": "Ensure no Network ACLs allow ingress from 0.0.0.0/0 to any port.", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-ec2_networkacl_allow_ingress_any_port-211203495394-eu-west-1-acl-082a37cbcfccab639" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "acl-082a37cbcfccab639", - "arn": "arn:aws:ec2:eu-west-1:211203495394:network-acl/acl-082a37cbcfccab639", - "name": "ex-rds-default", - "region": "eu-west-1", - "entries": [ - { - "CidrBlock": "0.0.0.0/0", - "Egress": true, - "Protocol": "-1", - "RuleAction": "allow", - "RuleNumber": 100 - }, - { - "Egress": true, - "Ipv6CidrBlock": "::/0", - "Protocol": "-1", - "RuleAction": "allow", - "RuleNumber": 101 - }, - { - "CidrBlock": "0.0.0.0/0", - "Egress": true, - "Protocol": "-1", - "RuleAction": "deny", - "RuleNumber": 32767 - }, - { - "CidrBlock": "0.0.0.0/0", - "Egress": false, - "Protocol": "-1", - "RuleAction": "allow", - "RuleNumber": 100 - }, - { - "Egress": false, - "Ipv6CidrBlock": "::/0", - "Protocol": "-1", - "RuleAction": "allow", - "RuleNumber": 101 - }, - { - "CidrBlock": "0.0.0.0/0", - "Egress": false, - "Protocol": "-1", - "RuleAction": "deny", - "RuleNumber": 32767 - } - ], - "default": true, - "in_use": true, - "tags": [ - { - "Key": "GithubRepo", - "Value": "terraform-aws-rds-aurora" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Name", - "Value": "ex-rds-default" - }, - { - "Key": "Example", - "Value": "ex-rds" - } - ] - } - }, - "group": { - "name": "ec2" - }, - "labels": [ - "GithubRepo:terraform-aws-rds-aurora", - "GithubOrg:terraform-aws-modules", - "Name:ex-rds-default", - "Example:ex-rds" - ], - "name": "acl-082a37cbcfccab639", - "type": "AwsEc2NetworkAcl", - "uid": "arn:aws:ec2:eu-west-1:211203495394:network-acl/acl-082a37cbcfccab639" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required.", - "references": [ - "https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html" - ] - }, - "risk_details": "Even having a perimeter firewall, having network acls open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Network ACL ex-rds-default has SSH port 22 open to the Internet.", - "metadata": { - "event_code": "ec2_networkacl_allow_ingress_tcp_port_22", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Network ACL ex-rds-default has SSH port 22 open to the Internet.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_6_6" - ], - "C5-2025": [ - "PI-01.01AC" - ], - "CIS-3.0": [ - "5.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.1", - "2.6.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "5.2" - ], - "PCI-3.2.1": [ - "1.2", - "1.2.1", - "1.2.1.a", - "1.2.1.b", - "1.2.1.c", - "1.2.3", - "1.2.3.b", - "1.3", - "1.3.2" - ], - "CIS-5.0": [ - "5.2" - ], - "CIS-1.4": [ - "5.1" - ], - "CCC": [ - "CCC.MLDE.CN04.AR02", - "CCC.MLDE.CN07.AR02", - "CCC.Core.CN01.AR02", - "CCC.Core.CN05.AR05" - ], - "ProwlerThreatScore-1.0": [ - "2.1.3" - ], - "AWS-Foundational-Security-Best-Practices": [ - "EC2.21" - ], - "CIS-1.5": [ - "5.1" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP02", - "SEC05-BP03" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "KISA-ISMS-P-2023": [ - "2.6.1", - "2.6.6", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1199", - "T1048", - "T1499", - "T1498", - "T1046" - ], - "CIS-2.0": [ - "5.1" - ], - "NIS2": [ - "6.7.2.g" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure no Network ACLs allow ingress from 0.0.0.0/0 to SSH port 22", - "title": "Ensure no Network ACLs allow ingress from 0.0.0.0/0 to SSH port 22", - "types": [ - "Infrastructure Security" - ], - "uid": "prowler-aws-ec2_networkacl_allow_ingress_tcp_port_22-211203495394-eu-west-1-acl-082a37cbcfccab639" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "acl-082a37cbcfccab639", - "arn": "arn:aws:ec2:eu-west-1:211203495394:network-acl/acl-082a37cbcfccab639", - "name": "ex-rds-default", - "region": "eu-west-1", - "entries": [ - { - "CidrBlock": "0.0.0.0/0", - "Egress": true, - "Protocol": "-1", - "RuleAction": "allow", - "RuleNumber": 100 - }, - { - "Egress": true, - "Ipv6CidrBlock": "::/0", - "Protocol": "-1", - "RuleAction": "allow", - "RuleNumber": 101 - }, - { - "CidrBlock": "0.0.0.0/0", - "Egress": true, - "Protocol": "-1", - "RuleAction": "deny", - "RuleNumber": 32767 - }, - { - "CidrBlock": "0.0.0.0/0", - "Egress": false, - "Protocol": "-1", - "RuleAction": "allow", - "RuleNumber": 100 - }, - { - "Egress": false, - "Ipv6CidrBlock": "::/0", - "Protocol": "-1", - "RuleAction": "allow", - "RuleNumber": 101 - }, - { - "CidrBlock": "0.0.0.0/0", - "Egress": false, - "Protocol": "-1", - "RuleAction": "deny", - "RuleNumber": 32767 - } - ], - "default": true, - "in_use": true, - "tags": [ - { - "Key": "GithubRepo", - "Value": "terraform-aws-rds-aurora" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Name", - "Value": "ex-rds-default" - }, - { - "Key": "Example", - "Value": "ex-rds" - } - ] - } - }, - "group": { - "name": "ec2" - }, - "labels": [ - "GithubRepo:terraform-aws-rds-aurora", - "GithubOrg:terraform-aws-modules", - "Name:ex-rds-default", - "Example:ex-rds" - ], - "name": "acl-082a37cbcfccab639", - "type": "AwsEc2NetworkAcl", - "uid": "arn:aws:ec2:eu-west-1:211203495394:network-acl/acl-082a37cbcfccab639" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required.", - "references": [ - "https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html" - ] - }, - "risk_details": "Even having a perimeter firewall, having network acls open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Network ACL ex-rds-default has Microsoft RDP port 3389 open to the Internet.", - "metadata": { - "event_code": "ec2_networkacl_allow_ingress_tcp_port_3389", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Network ACL ex-rds-default has Microsoft RDP port 3389 open to the Internet.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_6_6" - ], - "C5-2025": [ - "PI-01.01AC" - ], - "CIS-3.0": [ - "5.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.1", - "2.6.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "5.2" - ], - "PCI-4.0": [ - "1.2.8.21", - "1.3.1.24", - "1.3.2.24", - "1.4.2.22", - "1.5.1.21", - "A1.1.3.21" - ], - "PCI-3.2.1": [ - "1.2", - "1.2.1", - "1.2.1.a", - "1.2.1.b", - "1.2.1.c", - "1.2.3", - "1.2.3.b", - "1.3", - "1.3.2" - ], - "CIS-5.0": [ - "5.2" - ], - "CIS-1.4": [ - "5.1" - ], - "CCC": [ - "CCC.MLDE.CN07.AR02", - "CCC.Core.CN05.AR05" - ], - "ProwlerThreatScore-1.0": [ - "2.1.3" - ], - "AWS-Foundational-Security-Best-Practices": [ - "EC2.21" - ], - "CIS-1.5": [ - "5.1" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP03" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "KISA-ISMS-P-2023": [ - "2.6.1", - "2.6.6", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1199", - "T1048", - "T1499", - "T1498", - "T1046" - ], - "CIS-2.0": [ - "5.1" - ], - "NIS2": [ - "6.7.2.g" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure no Network ACLs allow ingress from 0.0.0.0/0 to Microsoft RDP port 3389", - "title": "Ensure no Network ACLs allow ingress from 0.0.0.0/0 to Microsoft RDP port 3389", - "types": [ - "Infrastructure Security" - ], - "uid": "prowler-aws-ec2_networkacl_allow_ingress_tcp_port_3389-211203495394-eu-west-1-acl-082a37cbcfccab639" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "acl-082a37cbcfccab639", - "arn": "arn:aws:ec2:eu-west-1:211203495394:network-acl/acl-082a37cbcfccab639", - "name": "ex-rds-default", - "region": "eu-west-1", - "entries": [ - { - "CidrBlock": "0.0.0.0/0", - "Egress": true, - "Protocol": "-1", - "RuleAction": "allow", - "RuleNumber": 100 - }, - { - "Egress": true, - "Ipv6CidrBlock": "::/0", - "Protocol": "-1", - "RuleAction": "allow", - "RuleNumber": 101 - }, - { - "CidrBlock": "0.0.0.0/0", - "Egress": true, - "Protocol": "-1", - "RuleAction": "deny", - "RuleNumber": 32767 - }, - { - "CidrBlock": "0.0.0.0/0", - "Egress": false, - "Protocol": "-1", - "RuleAction": "allow", - "RuleNumber": 100 - }, - { - "Egress": false, - "Ipv6CidrBlock": "::/0", - "Protocol": "-1", - "RuleAction": "allow", - "RuleNumber": 101 - }, - { - "CidrBlock": "0.0.0.0/0", - "Egress": false, - "Protocol": "-1", - "RuleAction": "deny", - "RuleNumber": 32767 - } - ], - "default": true, - "in_use": true, - "tags": [ - { - "Key": "GithubRepo", - "Value": "terraform-aws-rds-aurora" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Name", - "Value": "ex-rds-default" - }, - { - "Key": "Example", - "Value": "ex-rds" - } - ] - } - }, - "group": { - "name": "ec2" - }, - "labels": [ - "GithubRepo:terraform-aws-rds-aurora", - "GithubOrg:terraform-aws-modules", - "Name:ex-rds-default", - "Example:ex-rds" - ], - "name": "acl-082a37cbcfccab639", - "type": "AwsEc2NetworkAcl", - "uid": "arn:aws:ec2:eu-west-1:211203495394:network-acl/acl-082a37cbcfccab639" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required.", - "references": [ - "https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html" - ] - }, - "risk_details": "Even having a perimeter firewall, having network acls open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Security group ex-rds-20251019171856241300000005 (sg-0c3aaf7337434df0c) was not created using the EC2 Launch Wizard.", - "metadata": { - "event_code": "ec2_securitygroup_from_launch_wizard", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Security group ex-rds-20251019171856241300000005 (sg-0c3aaf7337434df0c) was not created using the EC2 Launch Wizard.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.com.1.aws.sg.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP03" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "KISA-ISMS-P-2023": [ - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Security Groups created by EC2 Launch Wizard.", - "title": "Security Groups created by EC2 Launch Wizard.", - "types": [ - "Infrastructure Security" - ], - "uid": "prowler-aws-ec2_securitygroup_from_launch_wizard-211203495394-eu-west-1-sg-0c3aaf7337434df0c" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "ex-rds-20251019171856241300000005", - "metadata": { - "name": "ex-rds-20251019171856241300000005", - "region": "eu-west-1", - "arn": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-0c3aaf7337434df0c", - "id": "sg-0c3aaf7337434df0c", - "vpc_id": "vpc-0db221deba515d6c7", - "associated_sgs": [], - "network_interfaces": [], - "ingress_rules": [ - { - "IpProtocol": "tcp", - "FromPort": 5432, - "ToPort": 5432, - "UserIdGroupPairs": [], - "IpRanges": [ - { - "CidrIp": "10.0.3.0/24" - }, - { - "CidrIp": "10.0.4.0/24" - }, - { - "CidrIp": "10.0.5.0/24" - } - ], - "Ipv6Ranges": [], - "PrefixListIds": [] - } - ], - "egress_rules": [ - { - "IpProtocol": "tcp", - "FromPort": 5432, - "ToPort": 5432, - "UserIdGroupPairs": [], - "IpRanges": [ - { - "Description": "Egress to corporate printer closet", - "CidrIp": "10.33.0.0/28" - } - ], - "Ipv6Ranges": [], - "PrefixListIds": [] - } - ], - "tags": [ - { - "Key": "Name", - "Value": "ex-rds" - }, - { - "Key": "Example", - "Value": "ex-rds" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-rds-aurora" - } - ] - } - }, - "group": { - "name": "ec2" - }, - "labels": [ - "Name:ex-rds", - "Example:ex-rds", - "GithubOrg:terraform-aws-modules", - "GithubRepo:terraform-aws-rds-aurora" - ], - "name": "sg-0c3aaf7337434df0c", - "type": "AwsEc2SecurityGroup", - "uid": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-0c3aaf7337434df0c" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group.", - "references": [ - "https://docs.aws.amazon.com/eks/latest/userguide/sec-group-reqs.html" - ] - }, - "risk_details": "Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Security group default (sg-098d463ddc66b09b5) was not created using the EC2 Launch Wizard.", - "metadata": { - "event_code": "ec2_securitygroup_from_launch_wizard", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Security group default (sg-098d463ddc66b09b5) was not created using the EC2 Launch Wizard.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.com.1.aws.sg.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP03" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "KISA-ISMS-P-2023": [ - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Security Groups created by EC2 Launch Wizard.", - "title": "Security Groups created by EC2 Launch Wizard.", - "types": [ - "Infrastructure Security" - ], - "uid": "prowler-aws-ec2_securitygroup_from_launch_wizard-211203495394-eu-west-1-sg-098d463ddc66b09b5" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "default", - "metadata": { - "name": "default", - "region": "eu-west-1", - "arn": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-098d463ddc66b09b5", - "id": "sg-098d463ddc66b09b5", - "vpc_id": "vpc-0db221deba515d6c7", - "associated_sgs": [], - "network_interfaces": [], - "ingress_rules": [], - "egress_rules": [], - "tags": [ - { - "Key": "Example", - "Value": "ex-rds" - }, - { - "Key": "Name", - "Value": "ex-rds-default" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-rds-aurora" - } - ] - } - }, - "group": { - "name": "ec2" - }, - "labels": [ - "Example:ex-rds", - "Name:ex-rds-default", - "GithubOrg:terraform-aws-modules", - "GithubRepo:terraform-aws-rds-aurora" - ], - "name": "sg-098d463ddc66b09b5", - "type": "AwsEc2SecurityGroup", - "uid": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-098d463ddc66b09b5" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group.", - "references": [ - "https://docs.aws.amazon.com/eks/latest/userguide/sec-group-reqs.html" - ] - }, - "risk_details": "Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Security group ex-rds-20251019171856241300000005 (sg-0c3aaf7337434df0c) it is not being used.", - "metadata": { - "event_code": "ec2_securitygroup_not_used", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "Security group ex-rds-20251019171856241300000005 (sg-0c3aaf7337434df0c) it is not being used.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.com.1.aws.sg.3" - ], - "AWS-Foundational-Technical-Review": [ - "NETSEC-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2" - ], - "AWS-Foundational-Security-Best-Practices": [ - "EC2.22" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP03" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "KISA-ISMS-P-2023": [ - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure there are no Security Groups not being used.", - "title": "Ensure there are no Security Groups not being used.", - "types": [ - "Infrastructure Security" - ], - "uid": "prowler-aws-ec2_securitygroup_not_used-211203495394-eu-west-1-sg-0c3aaf7337434df0c" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "ex-rds-20251019171856241300000005", - "metadata": { - "name": "ex-rds-20251019171856241300000005", - "region": "eu-west-1", - "arn": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-0c3aaf7337434df0c", - "id": "sg-0c3aaf7337434df0c", - "vpc_id": "vpc-0db221deba515d6c7", - "associated_sgs": [], - "network_interfaces": [], - "ingress_rules": [ - { - "IpProtocol": "tcp", - "FromPort": 5432, - "ToPort": 5432, - "UserIdGroupPairs": [], - "IpRanges": [ - { - "CidrIp": "10.0.3.0/24" - }, - { - "CidrIp": "10.0.4.0/24" - }, - { - "CidrIp": "10.0.5.0/24" - } - ], - "Ipv6Ranges": [], - "PrefixListIds": [] - } - ], - "egress_rules": [ - { - "IpProtocol": "tcp", - "FromPort": 5432, - "ToPort": 5432, - "UserIdGroupPairs": [], - "IpRanges": [ - { - "Description": "Egress to corporate printer closet", - "CidrIp": "10.33.0.0/28" - } - ], - "Ipv6Ranges": [], - "PrefixListIds": [] - } - ], - "tags": [ - { - "Key": "Name", - "Value": "ex-rds" - }, - { - "Key": "Example", - "Value": "ex-rds" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-rds-aurora" - } - ] - } - }, - "group": { - "name": "ec2" - }, - "labels": [ - "Name:ex-rds", - "Example:ex-rds", - "GithubOrg:terraform-aws-modules", - "GithubRepo:terraform-aws-rds-aurora" - ], - "name": "sg-0c3aaf7337434df0c", - "type": "AwsEc2SecurityGroup", - "uid": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-0c3aaf7337434df0c" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "List all the security groups and then use the cli to check if they are attached to an instance.", - "references": [ - "https://aws.amazon.com/premiumsupport/knowledge-center/ec2-find-security-group-resources/" - ] - }, - "risk_details": "Having clear definition and scope for Security Groups creates a better administration environment.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Security group ex-rds-20251019171856241300000005 (sg-0c3aaf7337434df0c) has 1 inbound rules and 1 outbound rules.", - "metadata": { - "event_code": "ec2_securitygroup_with_many_ingress_egress_rules", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Security group ex-rds-20251019171856241300000005 (sg-0c3aaf7337434df0c) has 1 inbound rules and 1 outbound rules.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "AWS-Foundational-Technical-Review": [ - "NETSEC-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP03" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "KISA-ISMS-P-2023": [ - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Find security groups with more than 50 ingress or egress rules.", - "title": "Find security groups with more than 50 ingress or egress rules.", - "types": [ - "Infrastructure Security" - ], - "uid": "prowler-aws-ec2_securitygroup_with_many_ingress_egress_rules-211203495394-eu-west-1-sg-0c3aaf7337434df0c" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "ex-rds-20251019171856241300000005", - "metadata": { - "name": "ex-rds-20251019171856241300000005", - "region": "eu-west-1", - "arn": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-0c3aaf7337434df0c", - "id": "sg-0c3aaf7337434df0c", - "vpc_id": "vpc-0db221deba515d6c7", - "associated_sgs": [], - "network_interfaces": [], - "ingress_rules": [ - { - "IpProtocol": "tcp", - "FromPort": 5432, - "ToPort": 5432, - "UserIdGroupPairs": [], - "IpRanges": [ - { - "CidrIp": "10.0.3.0/24" - }, - { - "CidrIp": "10.0.4.0/24" - }, - { - "CidrIp": "10.0.5.0/24" - } - ], - "Ipv6Ranges": [], - "PrefixListIds": [] - } - ], - "egress_rules": [ - { - "IpProtocol": "tcp", - "FromPort": 5432, - "ToPort": 5432, - "UserIdGroupPairs": [], - "IpRanges": [ - { - "Description": "Egress to corporate printer closet", - "CidrIp": "10.33.0.0/28" - } - ], - "Ipv6Ranges": [], - "PrefixListIds": [] - } - ], - "tags": [ - { - "Key": "Name", - "Value": "ex-rds" - }, - { - "Key": "Example", - "Value": "ex-rds" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-rds-aurora" - } - ] - } - }, - "group": { - "name": "ec2" - }, - "labels": [ - "Name:ex-rds", - "Example:ex-rds", - "GithubOrg:terraform-aws-modules", - "GithubRepo:terraform-aws-rds-aurora" - ], - "name": "sg-0c3aaf7337434df0c", - "type": "AwsEc2SecurityGroup", - "uid": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-0c3aaf7337434df0c" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", - "references": [ - "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" - ] - }, - "risk_details": "If Security groups are not properly configured the attack surface is increased.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Security group default (sg-098d463ddc66b09b5) has 0 inbound rules and 0 outbound rules.", - "metadata": { - "event_code": "ec2_securitygroup_with_many_ingress_egress_rules", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Security group default (sg-098d463ddc66b09b5) has 0 inbound rules and 0 outbound rules.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "AWS-Foundational-Technical-Review": [ - "NETSEC-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP03" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "KISA-ISMS-P-2023": [ - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Find security groups with more than 50 ingress or egress rules.", - "title": "Find security groups with more than 50 ingress or egress rules.", - "types": [ - "Infrastructure Security" - ], - "uid": "prowler-aws-ec2_securitygroup_with_many_ingress_egress_rules-211203495394-eu-west-1-sg-098d463ddc66b09b5" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "default", - "metadata": { - "name": "default", - "region": "eu-west-1", - "arn": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-098d463ddc66b09b5", - "id": "sg-098d463ddc66b09b5", - "vpc_id": "vpc-0db221deba515d6c7", - "associated_sgs": [], - "network_interfaces": [], - "ingress_rules": [], - "egress_rules": [], - "tags": [ - { - "Key": "Example", - "Value": "ex-rds" - }, - { - "Key": "Name", - "Value": "ex-rds-default" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-rds-aurora" - } - ] - } - }, - "group": { - "name": "ec2" - }, - "labels": [ - "Example:ex-rds", - "Name:ex-rds-default", - "GithubOrg:terraform-aws-modules", - "GithubRepo:terraform-aws-rds-aurora" - ], - "name": "sg-098d463ddc66b09b5", - "type": "AwsEc2SecurityGroup", - "uid": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-098d463ddc66b09b5" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", - "references": [ - "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" - ] - }, - "risk_details": "If Security groups are not properly configured the attack surface is increased.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default does not allow cross-account access.", - "metadata": { - "event_code": "eventbridge_bus_cross_account_access", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default does not allow cross-account access.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OPS-13.03AC", - "IAM-10.01B", - "COS-04.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "CCC": [ - "CCC.Core.CN05.AR03" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "title": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "types": [], - "uid": "prowler-aws-eventbridge_bus_cross_account_access-211203495394-ap-northeast-1-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-northeast-1", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:ap-northeast-1:211203495394:event-bus/default", - "region": "ap-northeast-1", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:ap-northeast-1:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-northeast-1" - }, - "remediation": { - "desc": "To remediate this issue, remove the unknown cross-account access for delivery of events from the AWS EventBridge event bus.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If an AWS EventBridge event bus allows unknown cross-account access for delivery of events, it can lead to unauthorized access to the event bus and its events.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default does not allow cross-account access.", - "metadata": { - "event_code": "eventbridge_bus_cross_account_access", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default does not allow cross-account access.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OPS-13.03AC", - "IAM-10.01B", - "COS-04.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "CCC": [ - "CCC.Core.CN05.AR03" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "title": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "types": [], - "uid": "prowler-aws-eventbridge_bus_cross_account_access-211203495394-ap-northeast-2-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-northeast-2", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:ap-northeast-2:211203495394:event-bus/default", - "region": "ap-northeast-2", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:ap-northeast-2:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-northeast-2" - }, - "remediation": { - "desc": "To remediate this issue, remove the unknown cross-account access for delivery of events from the AWS EventBridge event bus.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If an AWS EventBridge event bus allows unknown cross-account access for delivery of events, it can lead to unauthorized access to the event bus and its events.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default does not allow cross-account access.", - "metadata": { - "event_code": "eventbridge_bus_cross_account_access", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default does not allow cross-account access.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OPS-13.03AC", - "IAM-10.01B", - "COS-04.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "CCC": [ - "CCC.Core.CN05.AR03" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "title": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "types": [], - "uid": "prowler-aws-eventbridge_bus_cross_account_access-211203495394-ap-northeast-3-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-northeast-3", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:ap-northeast-3:211203495394:event-bus/default", - "region": "ap-northeast-3", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:ap-northeast-3:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-northeast-3" - }, - "remediation": { - "desc": "To remediate this issue, remove the unknown cross-account access for delivery of events from the AWS EventBridge event bus.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If an AWS EventBridge event bus allows unknown cross-account access for delivery of events, it can lead to unauthorized access to the event bus and its events.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default does not allow cross-account access.", - "metadata": { - "event_code": "eventbridge_bus_cross_account_access", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default does not allow cross-account access.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OPS-13.03AC", - "IAM-10.01B", - "COS-04.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "CCC": [ - "CCC.Core.CN05.AR03" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "title": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "types": [], - "uid": "prowler-aws-eventbridge_bus_cross_account_access-211203495394-ap-south-1-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-south-1", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:ap-south-1:211203495394:event-bus/default", - "region": "ap-south-1", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:ap-south-1:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-south-1" - }, - "remediation": { - "desc": "To remediate this issue, remove the unknown cross-account access for delivery of events from the AWS EventBridge event bus.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If an AWS EventBridge event bus allows unknown cross-account access for delivery of events, it can lead to unauthorized access to the event bus and its events.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default does not allow cross-account access.", - "metadata": { - "event_code": "eventbridge_bus_cross_account_access", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default does not allow cross-account access.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OPS-13.03AC", - "IAM-10.01B", - "COS-04.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "CCC": [ - "CCC.Core.CN05.AR03" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "title": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "types": [], - "uid": "prowler-aws-eventbridge_bus_cross_account_access-211203495394-ap-southeast-1-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-southeast-1", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:ap-southeast-1:211203495394:event-bus/default", - "region": "ap-southeast-1", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:ap-southeast-1:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-southeast-1" - }, - "remediation": { - "desc": "To remediate this issue, remove the unknown cross-account access for delivery of events from the AWS EventBridge event bus.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If an AWS EventBridge event bus allows unknown cross-account access for delivery of events, it can lead to unauthorized access to the event bus and its events.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default does not allow cross-account access.", - "metadata": { - "event_code": "eventbridge_bus_cross_account_access", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default does not allow cross-account access.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OPS-13.03AC", - "IAM-10.01B", - "COS-04.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "CCC": [ - "CCC.Core.CN05.AR03" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "title": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "types": [], - "uid": "prowler-aws-eventbridge_bus_cross_account_access-211203495394-ap-southeast-2-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-southeast-2", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:ap-southeast-2:211203495394:event-bus/default", - "region": "ap-southeast-2", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:ap-southeast-2:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-southeast-2" - }, - "remediation": { - "desc": "To remediate this issue, remove the unknown cross-account access for delivery of events from the AWS EventBridge event bus.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If an AWS EventBridge event bus allows unknown cross-account access for delivery of events, it can lead to unauthorized access to the event bus and its events.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default does not allow cross-account access.", - "metadata": { - "event_code": "eventbridge_bus_cross_account_access", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default does not allow cross-account access.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OPS-13.03AC", - "IAM-10.01B", - "COS-04.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "CCC": [ - "CCC.Core.CN05.AR03" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "title": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "types": [], - "uid": "prowler-aws-eventbridge_bus_cross_account_access-211203495394-ca-central-1-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ca-central-1", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:ca-central-1:211203495394:event-bus/default", - "region": "ca-central-1", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:ca-central-1:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ca-central-1" - }, - "remediation": { - "desc": "To remediate this issue, remove the unknown cross-account access for delivery of events from the AWS EventBridge event bus.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If an AWS EventBridge event bus allows unknown cross-account access for delivery of events, it can lead to unauthorized access to the event bus and its events.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default does not allow cross-account access.", - "metadata": { - "event_code": "eventbridge_bus_cross_account_access", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default does not allow cross-account access.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OPS-13.03AC", - "IAM-10.01B", - "COS-04.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "CCC": [ - "CCC.Core.CN05.AR03" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "title": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "types": [], - "uid": "prowler-aws-eventbridge_bus_cross_account_access-211203495394-eu-central-1-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-central-1", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:eu-central-1:211203495394:event-bus/default", - "region": "eu-central-1", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:eu-central-1:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-central-1" - }, - "remediation": { - "desc": "To remediate this issue, remove the unknown cross-account access for delivery of events from the AWS EventBridge event bus.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If an AWS EventBridge event bus allows unknown cross-account access for delivery of events, it can lead to unauthorized access to the event bus and its events.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default does not allow cross-account access.", - "metadata": { - "event_code": "eventbridge_bus_cross_account_access", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default does not allow cross-account access.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OPS-13.03AC", - "IAM-10.01B", - "COS-04.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "CCC": [ - "CCC.Core.CN05.AR03" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "title": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "types": [], - "uid": "prowler-aws-eventbridge_bus_cross_account_access-211203495394-eu-north-1-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-north-1", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:eu-north-1:211203495394:event-bus/default", - "region": "eu-north-1", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:eu-north-1:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-north-1" - }, - "remediation": { - "desc": "To remediate this issue, remove the unknown cross-account access for delivery of events from the AWS EventBridge event bus.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If an AWS EventBridge event bus allows unknown cross-account access for delivery of events, it can lead to unauthorized access to the event bus and its events.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default does not allow cross-account access.", - "metadata": { - "event_code": "eventbridge_bus_cross_account_access", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default does not allow cross-account access.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OPS-13.03AC", - "IAM-10.01B", - "COS-04.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "CCC": [ - "CCC.Core.CN05.AR03" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "title": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "types": [], - "uid": "prowler-aws-eventbridge_bus_cross_account_access-211203495394-eu-west-1-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:eu-west-1:211203495394:event-bus/default", - "region": "eu-west-1", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:eu-west-1:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "To remediate this issue, remove the unknown cross-account access for delivery of events from the AWS EventBridge event bus.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If an AWS EventBridge event bus allows unknown cross-account access for delivery of events, it can lead to unauthorized access to the event bus and its events.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default does not allow cross-account access.", - "metadata": { - "event_code": "eventbridge_bus_cross_account_access", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default does not allow cross-account access.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OPS-13.03AC", - "IAM-10.01B", - "COS-04.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "CCC": [ - "CCC.Core.CN05.AR03" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "title": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "types": [], - "uid": "prowler-aws-eventbridge_bus_cross_account_access-211203495394-eu-west-2-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-2", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:eu-west-2:211203495394:event-bus/default", - "region": "eu-west-2", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:eu-west-2:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-2" - }, - "remediation": { - "desc": "To remediate this issue, remove the unknown cross-account access for delivery of events from the AWS EventBridge event bus.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If an AWS EventBridge event bus allows unknown cross-account access for delivery of events, it can lead to unauthorized access to the event bus and its events.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default does not allow cross-account access.", - "metadata": { - "event_code": "eventbridge_bus_cross_account_access", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default does not allow cross-account access.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OPS-13.03AC", - "IAM-10.01B", - "COS-04.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "CCC": [ - "CCC.Core.CN05.AR03" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "title": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "types": [], - "uid": "prowler-aws-eventbridge_bus_cross_account_access-211203495394-eu-west-3-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-3", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:eu-west-3:211203495394:event-bus/default", - "region": "eu-west-3", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:eu-west-3:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-3" - }, - "remediation": { - "desc": "To remediate this issue, remove the unknown cross-account access for delivery of events from the AWS EventBridge event bus.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If an AWS EventBridge event bus allows unknown cross-account access for delivery of events, it can lead to unauthorized access to the event bus and its events.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default does not allow cross-account access.", - "metadata": { - "event_code": "eventbridge_bus_cross_account_access", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default does not allow cross-account access.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OPS-13.03AC", - "IAM-10.01B", - "COS-04.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "CCC": [ - "CCC.Core.CN05.AR03" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "title": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "types": [], - "uid": "prowler-aws-eventbridge_bus_cross_account_access-211203495394-sa-east-1-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "sa-east-1", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:sa-east-1:211203495394:event-bus/default", - "region": "sa-east-1", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:sa-east-1:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "sa-east-1" - }, - "remediation": { - "desc": "To remediate this issue, remove the unknown cross-account access for delivery of events from the AWS EventBridge event bus.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If an AWS EventBridge event bus allows unknown cross-account access for delivery of events, it can lead to unauthorized access to the event bus and its events.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default does not allow cross-account access.", - "metadata": { - "event_code": "eventbridge_bus_cross_account_access", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default does not allow cross-account access.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OPS-13.03AC", - "IAM-10.01B", - "COS-04.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "CCC": [ - "CCC.Core.CN05.AR03" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "title": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "types": [], - "uid": "prowler-aws-eventbridge_bus_cross_account_access-211203495394-us-east-1-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:us-east-1:211203495394:event-bus/default", - "region": "us-east-1", - "kms_key_id": null, - "policy": {}, - "tags": [ - { - "Key": "Preexisting", - "Value": "20251012" - } - ] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [ - "Preexisting:20251012" - ], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:us-east-1:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "To remediate this issue, remove the unknown cross-account access for delivery of events from the AWS EventBridge event bus.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If an AWS EventBridge event bus allows unknown cross-account access for delivery of events, it can lead to unauthorized access to the event bus and its events.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default does not allow cross-account access.", - "metadata": { - "event_code": "eventbridge_bus_cross_account_access", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default does not allow cross-account access.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OPS-13.03AC", - "IAM-10.01B", - "COS-04.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "CCC": [ - "CCC.Core.CN05.AR03" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "title": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "types": [], - "uid": "prowler-aws-eventbridge_bus_cross_account_access-211203495394-us-east-2-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-2", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:us-east-2:211203495394:event-bus/default", - "region": "us-east-2", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:us-east-2:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-2" - }, - "remediation": { - "desc": "To remediate this issue, remove the unknown cross-account access for delivery of events from the AWS EventBridge event bus.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If an AWS EventBridge event bus allows unknown cross-account access for delivery of events, it can lead to unauthorized access to the event bus and its events.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default does not allow cross-account access.", - "metadata": { - "event_code": "eventbridge_bus_cross_account_access", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default does not allow cross-account access.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OPS-13.03AC", - "IAM-10.01B", - "COS-04.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "CCC": [ - "CCC.Core.CN05.AR03" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "title": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "types": [], - "uid": "prowler-aws-eventbridge_bus_cross_account_access-211203495394-us-west-1-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-west-1", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:us-west-1:211203495394:event-bus/default", - "region": "us-west-1", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:us-west-1:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-west-1" - }, - "remediation": { - "desc": "To remediate this issue, remove the unknown cross-account access for delivery of events from the AWS EventBridge event bus.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If an AWS EventBridge event bus allows unknown cross-account access for delivery of events, it can lead to unauthorized access to the event bus and its events.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default does not allow cross-account access.", - "metadata": { - "event_code": "eventbridge_bus_cross_account_access", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default does not allow cross-account access.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OPS-13.03AC", - "IAM-10.01B", - "COS-04.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "CCC": [ - "CCC.Core.CN05.AR03" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "title": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "types": [], - "uid": "prowler-aws-eventbridge_bus_cross_account_access-211203495394-us-west-2-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-west-2", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:us-west-2:211203495394:event-bus/default", - "region": "us-west-2", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:us-west-2:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-west-2" - }, - "remediation": { - "desc": "To remediate this issue, remove the unknown cross-account access for delivery of events from the AWS EventBridge event bus.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If an AWS EventBridge event bus allows unknown cross-account access for delivery of events, it can lead to unauthorized access to the event bus and its events.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default is not exposed to everyone.", - "metadata": { - "event_code": "eventbridge_bus_exposed", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default is not exposed to everyone.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "KISA-ISMS-P-2023-korean": [ - "2.6.2", - "2.10.2" - ], - "ProwlerThreatScore-1.0": [ - "2.3.13" - ], - "KISA-ISMS-P-2023": [ - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure that your AWS EventBridge event bus is not exposed to everyone.", - "title": "Ensure that your AWS EventBridge event bus is not exposed to everyone", - "types": [], - "uid": "prowler-aws-eventbridge_bus_exposed-211203495394-ap-northeast-1-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-northeast-1", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:ap-northeast-1:211203495394:event-bus/default", - "region": "ap-northeast-1", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:ap-northeast-1:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-northeast-1" - }, - "remediation": { - "desc": "To restrict access to your AWS EventBridge event bus, remove the permission that allows everyone to access it.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If your AWS EventBridge event bus is exposed to everyone, unauthorized users can access your event bus and potentially view or modify your events.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default is not exposed to everyone.", - "metadata": { - "event_code": "eventbridge_bus_exposed", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default is not exposed to everyone.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "KISA-ISMS-P-2023-korean": [ - "2.6.2", - "2.10.2" - ], - "ProwlerThreatScore-1.0": [ - "2.3.13" - ], - "KISA-ISMS-P-2023": [ - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure that your AWS EventBridge event bus is not exposed to everyone.", - "title": "Ensure that your AWS EventBridge event bus is not exposed to everyone", - "types": [], - "uid": "prowler-aws-eventbridge_bus_exposed-211203495394-ap-northeast-2-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-northeast-2", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:ap-northeast-2:211203495394:event-bus/default", - "region": "ap-northeast-2", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:ap-northeast-2:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-northeast-2" - }, - "remediation": { - "desc": "To restrict access to your AWS EventBridge event bus, remove the permission that allows everyone to access it.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If your AWS EventBridge event bus is exposed to everyone, unauthorized users can access your event bus and potentially view or modify your events.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default is not exposed to everyone.", - "metadata": { - "event_code": "eventbridge_bus_exposed", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default is not exposed to everyone.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "KISA-ISMS-P-2023-korean": [ - "2.6.2", - "2.10.2" - ], - "ProwlerThreatScore-1.0": [ - "2.3.13" - ], - "KISA-ISMS-P-2023": [ - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure that your AWS EventBridge event bus is not exposed to everyone.", - "title": "Ensure that your AWS EventBridge event bus is not exposed to everyone", - "types": [], - "uid": "prowler-aws-eventbridge_bus_exposed-211203495394-ap-northeast-3-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-northeast-3", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:ap-northeast-3:211203495394:event-bus/default", - "region": "ap-northeast-3", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:ap-northeast-3:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-northeast-3" - }, - "remediation": { - "desc": "To restrict access to your AWS EventBridge event bus, remove the permission that allows everyone to access it.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If your AWS EventBridge event bus is exposed to everyone, unauthorized users can access your event bus and potentially view or modify your events.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default is not exposed to everyone.", - "metadata": { - "event_code": "eventbridge_bus_exposed", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default is not exposed to everyone.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "KISA-ISMS-P-2023-korean": [ - "2.6.2", - "2.10.2" - ], - "ProwlerThreatScore-1.0": [ - "2.3.13" - ], - "KISA-ISMS-P-2023": [ - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure that your AWS EventBridge event bus is not exposed to everyone.", - "title": "Ensure that your AWS EventBridge event bus is not exposed to everyone", - "types": [], - "uid": "prowler-aws-eventbridge_bus_exposed-211203495394-ap-south-1-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-south-1", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:ap-south-1:211203495394:event-bus/default", - "region": "ap-south-1", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:ap-south-1:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-south-1" - }, - "remediation": { - "desc": "To restrict access to your AWS EventBridge event bus, remove the permission that allows everyone to access it.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If your AWS EventBridge event bus is exposed to everyone, unauthorized users can access your event bus and potentially view or modify your events.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default is not exposed to everyone.", - "metadata": { - "event_code": "eventbridge_bus_exposed", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default is not exposed to everyone.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "KISA-ISMS-P-2023-korean": [ - "2.6.2", - "2.10.2" - ], - "ProwlerThreatScore-1.0": [ - "2.3.13" - ], - "KISA-ISMS-P-2023": [ - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure that your AWS EventBridge event bus is not exposed to everyone.", - "title": "Ensure that your AWS EventBridge event bus is not exposed to everyone", - "types": [], - "uid": "prowler-aws-eventbridge_bus_exposed-211203495394-ap-southeast-1-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-southeast-1", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:ap-southeast-1:211203495394:event-bus/default", - "region": "ap-southeast-1", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:ap-southeast-1:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-southeast-1" - }, - "remediation": { - "desc": "To restrict access to your AWS EventBridge event bus, remove the permission that allows everyone to access it.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If your AWS EventBridge event bus is exposed to everyone, unauthorized users can access your event bus and potentially view or modify your events.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default is not exposed to everyone.", - "metadata": { - "event_code": "eventbridge_bus_exposed", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default is not exposed to everyone.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "KISA-ISMS-P-2023-korean": [ - "2.6.2", - "2.10.2" - ], - "ProwlerThreatScore-1.0": [ - "2.3.13" - ], - "KISA-ISMS-P-2023": [ - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure that your AWS EventBridge event bus is not exposed to everyone.", - "title": "Ensure that your AWS EventBridge event bus is not exposed to everyone", - "types": [], - "uid": "prowler-aws-eventbridge_bus_exposed-211203495394-ap-southeast-2-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-southeast-2", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:ap-southeast-2:211203495394:event-bus/default", - "region": "ap-southeast-2", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:ap-southeast-2:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-southeast-2" - }, - "remediation": { - "desc": "To restrict access to your AWS EventBridge event bus, remove the permission that allows everyone to access it.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If your AWS EventBridge event bus is exposed to everyone, unauthorized users can access your event bus and potentially view or modify your events.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default is not exposed to everyone.", - "metadata": { - "event_code": "eventbridge_bus_exposed", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default is not exposed to everyone.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "KISA-ISMS-P-2023-korean": [ - "2.6.2", - "2.10.2" - ], - "ProwlerThreatScore-1.0": [ - "2.3.13" - ], - "KISA-ISMS-P-2023": [ - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure that your AWS EventBridge event bus is not exposed to everyone.", - "title": "Ensure that your AWS EventBridge event bus is not exposed to everyone", - "types": [], - "uid": "prowler-aws-eventbridge_bus_exposed-211203495394-ca-central-1-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ca-central-1", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:ca-central-1:211203495394:event-bus/default", - "region": "ca-central-1", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:ca-central-1:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ca-central-1" - }, - "remediation": { - "desc": "To restrict access to your AWS EventBridge event bus, remove the permission that allows everyone to access it.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If your AWS EventBridge event bus is exposed to everyone, unauthorized users can access your event bus and potentially view or modify your events.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default is not exposed to everyone.", - "metadata": { - "event_code": "eventbridge_bus_exposed", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default is not exposed to everyone.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "KISA-ISMS-P-2023-korean": [ - "2.6.2", - "2.10.2" - ], - "ProwlerThreatScore-1.0": [ - "2.3.13" - ], - "KISA-ISMS-P-2023": [ - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure that your AWS EventBridge event bus is not exposed to everyone.", - "title": "Ensure that your AWS EventBridge event bus is not exposed to everyone", - "types": [], - "uid": "prowler-aws-eventbridge_bus_exposed-211203495394-eu-central-1-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-central-1", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:eu-central-1:211203495394:event-bus/default", - "region": "eu-central-1", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:eu-central-1:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-central-1" - }, - "remediation": { - "desc": "To restrict access to your AWS EventBridge event bus, remove the permission that allows everyone to access it.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If your AWS EventBridge event bus is exposed to everyone, unauthorized users can access your event bus and potentially view or modify your events.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default is not exposed to everyone.", - "metadata": { - "event_code": "eventbridge_bus_exposed", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default is not exposed to everyone.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "KISA-ISMS-P-2023-korean": [ - "2.6.2", - "2.10.2" - ], - "ProwlerThreatScore-1.0": [ - "2.3.13" - ], - "KISA-ISMS-P-2023": [ - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure that your AWS EventBridge event bus is not exposed to everyone.", - "title": "Ensure that your AWS EventBridge event bus is not exposed to everyone", - "types": [], - "uid": "prowler-aws-eventbridge_bus_exposed-211203495394-eu-north-1-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-north-1", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:eu-north-1:211203495394:event-bus/default", - "region": "eu-north-1", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:eu-north-1:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-north-1" - }, - "remediation": { - "desc": "To restrict access to your AWS EventBridge event bus, remove the permission that allows everyone to access it.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If your AWS EventBridge event bus is exposed to everyone, unauthorized users can access your event bus and potentially view or modify your events.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default is not exposed to everyone.", - "metadata": { - "event_code": "eventbridge_bus_exposed", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default is not exposed to everyone.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "KISA-ISMS-P-2023-korean": [ - "2.6.2", - "2.10.2" - ], - "ProwlerThreatScore-1.0": [ - "2.3.13" - ], - "KISA-ISMS-P-2023": [ - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure that your AWS EventBridge event bus is not exposed to everyone.", - "title": "Ensure that your AWS EventBridge event bus is not exposed to everyone", - "types": [], - "uid": "prowler-aws-eventbridge_bus_exposed-211203495394-eu-west-1-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:eu-west-1:211203495394:event-bus/default", - "region": "eu-west-1", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:eu-west-1:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "To restrict access to your AWS EventBridge event bus, remove the permission that allows everyone to access it.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If your AWS EventBridge event bus is exposed to everyone, unauthorized users can access your event bus and potentially view or modify your events.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default is not exposed to everyone.", - "metadata": { - "event_code": "eventbridge_bus_exposed", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default is not exposed to everyone.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "KISA-ISMS-P-2023-korean": [ - "2.6.2", - "2.10.2" - ], - "ProwlerThreatScore-1.0": [ - "2.3.13" - ], - "KISA-ISMS-P-2023": [ - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure that your AWS EventBridge event bus is not exposed to everyone.", - "title": "Ensure that your AWS EventBridge event bus is not exposed to everyone", - "types": [], - "uid": "prowler-aws-eventbridge_bus_exposed-211203495394-eu-west-2-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-2", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:eu-west-2:211203495394:event-bus/default", - "region": "eu-west-2", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:eu-west-2:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-2" - }, - "remediation": { - "desc": "To restrict access to your AWS EventBridge event bus, remove the permission that allows everyone to access it.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If your AWS EventBridge event bus is exposed to everyone, unauthorized users can access your event bus and potentially view or modify your events.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default is not exposed to everyone.", - "metadata": { - "event_code": "eventbridge_bus_exposed", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default is not exposed to everyone.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "KISA-ISMS-P-2023-korean": [ - "2.6.2", - "2.10.2" - ], - "ProwlerThreatScore-1.0": [ - "2.3.13" - ], - "KISA-ISMS-P-2023": [ - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure that your AWS EventBridge event bus is not exposed to everyone.", - "title": "Ensure that your AWS EventBridge event bus is not exposed to everyone", - "types": [], - "uid": "prowler-aws-eventbridge_bus_exposed-211203495394-eu-west-3-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-3", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:eu-west-3:211203495394:event-bus/default", - "region": "eu-west-3", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:eu-west-3:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-3" - }, - "remediation": { - "desc": "To restrict access to your AWS EventBridge event bus, remove the permission that allows everyone to access it.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If your AWS EventBridge event bus is exposed to everyone, unauthorized users can access your event bus and potentially view or modify your events.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default is not exposed to everyone.", - "metadata": { - "event_code": "eventbridge_bus_exposed", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default is not exposed to everyone.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "KISA-ISMS-P-2023-korean": [ - "2.6.2", - "2.10.2" - ], - "ProwlerThreatScore-1.0": [ - "2.3.13" - ], - "KISA-ISMS-P-2023": [ - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure that your AWS EventBridge event bus is not exposed to everyone.", - "title": "Ensure that your AWS EventBridge event bus is not exposed to everyone", - "types": [], - "uid": "prowler-aws-eventbridge_bus_exposed-211203495394-sa-east-1-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "sa-east-1", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:sa-east-1:211203495394:event-bus/default", - "region": "sa-east-1", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:sa-east-1:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "sa-east-1" - }, - "remediation": { - "desc": "To restrict access to your AWS EventBridge event bus, remove the permission that allows everyone to access it.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If your AWS EventBridge event bus is exposed to everyone, unauthorized users can access your event bus and potentially view or modify your events.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default is not exposed to everyone.", - "metadata": { - "event_code": "eventbridge_bus_exposed", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default is not exposed to everyone.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "KISA-ISMS-P-2023-korean": [ - "2.6.2", - "2.10.2" - ], - "ProwlerThreatScore-1.0": [ - "2.3.13" - ], - "KISA-ISMS-P-2023": [ - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure that your AWS EventBridge event bus is not exposed to everyone.", - "title": "Ensure that your AWS EventBridge event bus is not exposed to everyone", - "types": [], - "uid": "prowler-aws-eventbridge_bus_exposed-211203495394-us-east-1-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:us-east-1:211203495394:event-bus/default", - "region": "us-east-1", - "kms_key_id": null, - "policy": {}, - "tags": [ - { - "Key": "Preexisting", - "Value": "20251012" - } - ] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [ - "Preexisting:20251012" - ], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:us-east-1:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "To restrict access to your AWS EventBridge event bus, remove the permission that allows everyone to access it.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If your AWS EventBridge event bus is exposed to everyone, unauthorized users can access your event bus and potentially view or modify your events.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default is not exposed to everyone.", - "metadata": { - "event_code": "eventbridge_bus_exposed", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default is not exposed to everyone.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "KISA-ISMS-P-2023-korean": [ - "2.6.2", - "2.10.2" - ], - "ProwlerThreatScore-1.0": [ - "2.3.13" - ], - "KISA-ISMS-P-2023": [ - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure that your AWS EventBridge event bus is not exposed to everyone.", - "title": "Ensure that your AWS EventBridge event bus is not exposed to everyone", - "types": [], - "uid": "prowler-aws-eventbridge_bus_exposed-211203495394-us-east-2-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-2", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:us-east-2:211203495394:event-bus/default", - "region": "us-east-2", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:us-east-2:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-2" - }, - "remediation": { - "desc": "To restrict access to your AWS EventBridge event bus, remove the permission that allows everyone to access it.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If your AWS EventBridge event bus is exposed to everyone, unauthorized users can access your event bus and potentially view or modify your events.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default is not exposed to everyone.", - "metadata": { - "event_code": "eventbridge_bus_exposed", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default is not exposed to everyone.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "KISA-ISMS-P-2023-korean": [ - "2.6.2", - "2.10.2" - ], - "ProwlerThreatScore-1.0": [ - "2.3.13" - ], - "KISA-ISMS-P-2023": [ - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure that your AWS EventBridge event bus is not exposed to everyone.", - "title": "Ensure that your AWS EventBridge event bus is not exposed to everyone", - "types": [], - "uid": "prowler-aws-eventbridge_bus_exposed-211203495394-us-west-1-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-west-1", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:us-west-1:211203495394:event-bus/default", - "region": "us-west-1", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:us-west-1:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-west-1" - }, - "remediation": { - "desc": "To restrict access to your AWS EventBridge event bus, remove the permission that allows everyone to access it.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If your AWS EventBridge event bus is exposed to everyone, unauthorized users can access your event bus and potentially view or modify your events.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default is not exposed to everyone.", - "metadata": { - "event_code": "eventbridge_bus_exposed", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default is not exposed to everyone.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "KISA-ISMS-P-2023-korean": [ - "2.6.2", - "2.10.2" - ], - "ProwlerThreatScore-1.0": [ - "2.3.13" - ], - "KISA-ISMS-P-2023": [ - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure that your AWS EventBridge event bus is not exposed to everyone.", - "title": "Ensure that your AWS EventBridge event bus is not exposed to everyone", - "types": [], - "uid": "prowler-aws-eventbridge_bus_exposed-211203495394-us-west-2-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-west-2", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:us-west-2:211203495394:event-bus/default", - "region": "us-west-2", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:us-west-2:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-west-2" - }, - "remediation": { - "desc": "To restrict access to your AWS EventBridge event bus, remove the permission that allows everyone to access it.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If your AWS EventBridge event bus is exposed to everyone, unauthorized users can access your event bus and potentially view or modify your events.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "FMS without any compliant policy for account 211203495394.", - "metadata": { - "event_code": "fms_policy_compliant", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "FMS without any compliant policy for account 211203495394.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/waf/latest/developerguide/getting-started-fms-intro.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "SP-01.04B", - "HR-01.01B", - "IAM-01.01B", - "IAM-01.04B" - ], - "ENS-RD2022": [ - "mp.com.1.aws.nfw.2" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.1", - "2.10.2" - ], - "KISA-ISMS-P-2023": [ - "2.10.1", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "This check ensures all FMS policies inside an admin account are compliant", - "title": "Ensure that all FMS policies inside an admin account are compliant", - "types": [], - "uid": "prowler-aws-fms_policy_compliant-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "fms" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:fms:us-east-1:211203495394:policy" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Ensure FMS is enabled and all the policies are compliant across your AWS accounts", - "references": [ - "https://docs.aws.amazon.com/waf/latest/developerguide/getting-started-fms-intro.html" - ] - }, - "risk_details": "If FMS policies are not compliant, means there are resources unprotected by the policies", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Root user in the account wasn't accessed in the last 1 days.", - "metadata": { - "event_code": "iam_avoid_root_usage", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Root user in the account wasn't accessed in the last 1 days.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-03.01B", - "IAM-03.03B", - "IAM-06.02B", - "IAM-06.04B" - ], - "CIS-3.0": [ - "1.7" - ], - "ENS-RD2022": [ - "op.acc.2.aws.iam.4", - "op.acc.4.aws.iam.7" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.7" - ], - "CIS-5.0": [ - "1.6" - ], - "CIS-1.4": [ - "1.7" - ], - "CCC": [ - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN05.AR02" - ], - "ProwlerThreatScore-1.0": [ - "1.2.5" - ], - "CIS-1.5": [ - "1.7" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC02-BP01" - ], - "ISO27001-2022": [ - "A.5.15" - ], - "AWS-Account-Security-Onboarding": [ - "Block root user" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.10.2" - ], - "ISO27001-2013": [ - "A.9.2", - "A.9.4" - ], - "MITRE-ATTACK": [ - "T1078", - "T1098" - ], - "CIS-2.0": [ - "1.7" - ], - "NIS2": [ - "6.7.2.e", - "11.3.2.b", - "11.3.2.c", - "11.4.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Avoid the use of the root account", - "title": "Avoid the use of the root accounts", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_avoid_root_usage-211203495394-us-east-1-" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "user": "", - "arn": "arn:aws:iam::211203495394:root", - "user_creation_time": "2025-10-03T16:10:08Z", - "password_enabled": "true", - "password_last_used": "2025-10-15T00:42:44Z", - "password_last_changed": "2025-10-03T16:10:08Z", - "password_next_rotation": "not_supported", - "mfa_active": "true", - "access_key_1_active": "false", - "access_key_1_last_rotated": "N/A", - "access_key_1_last_used_date": "N/A", - "access_key_1_last_used_region": "N/A", - "access_key_1_last_used_service": "N/A", - "access_key_2_active": "false", - "access_key_2_last_rotated": "N/A", - "access_key_2_last_used_date": "N/A", - "access_key_2_last_used_region": "N/A", - "access_key_2_last_used_service": "N/A", - "cert_1_active": "false", - "cert_1_last_rotated": "N/A", - "cert_2_active": "false", - "cert_2_last_rotated": "N/A" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "", - "type": "AwsIamUser", - "uid": "arn:aws:iam::211203495394:root" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Follow the remediation instructions of the Ensure IAM policies are attached only to groups or roles recommendation.", - "references": [ - "http://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html" - ] - }, - "risk_details": "The root account has unrestricted access to all resources in the AWS account. It is highly recommended that the use of this account be avoided.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "AWS policy ElastiCacheServiceRolePolicy is attached but does not allow '*:*' administrative privileges.", - "metadata": { - "event_code": "iam_aws_attached_policy_no_administrative_privileges", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "AWS policy ElastiCacheServiceRolePolicy is attached but does not allow '*:*' administrative privileges.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "CAF Security Epic: IAM", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_1", - "3_1_2", - "3_1_4", - "3_1_5", - "3_1_6", - "3_1_7", - "3_4_6", - "3_13_3" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_1" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_308_a_3_i", - "164_308_a_3_ii_b", - "164_308_a_4_i", - "164_308_a_4_ii_b", - "164_308_a_4_ii_c", - "164_312_a_1" - ], - "SOC2": [ - "cc_1_3", - "cc_6_3" - ], - "C5-2025": [ - "OIS-04.03B", - "OIS-04.01AC", - "SP-01.04B", - "HR-01.01B", - "IAM-01.01B", - "IAM-01.04B" - ], - "NIST-CSF-1.1": [ - "ac_1", - "ac_4", - "pt_3" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-1", - "ac-2-f", - "ac-2-j", - "ac-3", - "ac-5-c", - "ac-6-10", - "ac-6", - "sc-2" - ], - "CIS-3.0": [ - "1.16" - ], - "NIST-800-53-Revision-5": [ - "ac_2_1", - "ac_2_6", - "ac_2_i_2", - "ac_3", - "ac_3_3", - "ac_3_3_a", - "ac_3_3_b_1", - "ac_3_3_b_2", - "ac_3_3_b_3", - "ac_3_3_b_4", - "ac_3_3_b_5", - "ac_3_3_c", - "ac_3_4", - "ac_3_4_a", - "ac_3_4_b", - "ac_3_4_c", - "ac_3_4_d", - "ac_3_4_e", - "ac_3_7", - "ac_3_8", - "ac_3_12_a", - "ac_3_13", - "ac_3_15_a", - "ac_3_15_b", - "ac_4_28", - "ac_5_b", - "ac_6", - "ac_6_2", - "ac_6_3", - "ac_6_10", - "ac_24", - "cm_5_1_a", - "cm_6_a", - "cm_9_b", - "mp_2", - "sc_23_3", - "sc_25" - ], - "ENS-RD2022": [ - "op.acc.4.aws.iam.1", - "op.acc.4.aws.iam.2", - "op.acc.4.aws.iam.9", - "op.exp.8.r4.aws.ct.8" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.16" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "ac-3" - ], - "FFIEC": [ - "d3-pc-am-b-1", - "d3-pc-am-b-16", - "d3-pc-am-b-2", - "d3-pc-am-b-3", - "d3-pc-am-b-6", - "d3-pc-im-b-7" - ], - "GDPR": [ - "article_25" - ], - "CIS-5.0": [ - "1.15" - ], - "CIS-1.4": [ - "1.16" - ], - "CCC": [ - "CCC.LB.CN05.AR01", - "CCC.Core.CN05.AR02" - ], - "GxP-21-CFR-Part-11": [ - "11.10-d", - "11.10-g" - ], - "ProwlerThreatScore-1.0": [ - "1.3.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "IAM.1" - ], - "CIS-1.5": [ - "1.16" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC03-BP02" - ], - "ISO27001-2022": [ - "A.5.18", - "A.8.2" - ], - "NIST-800-53-Revision-4": [ - "ac_2", - "ac_3", - "ac_5", - "ac_6", - "sc_2" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1078", - "T1648", - "T1098", - "T1578", - "T1550", - "T1040", - "T1580", - "T1538", - "T1619", - "T1201" - ], - "CIS-2.0": [ - "1.16" - ], - "CISA": [ - "your-systems-3", - "your-surroundings-3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure IAM AWS-Managed policies that allow full \"*:*\" administrative privileges are not attached", - "title": "Ensure IAM AWS-Managed policies that allow full \"*:*\" administrative privileges are not attached", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_aws_attached_policy_no_administrative_privileges-211203495394-us-east-1-ElastiCacheServiceRolePolicy" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "ElastiCacheServiceRolePolicy", - "arn": "arn:aws:iam::aws:policy/aws-service-role/ElastiCacheServiceRolePolicy", - "entity": "ANPAIML5LIBUZBVCSF7PI", - "version_id": "v4", - "type": "AWS", - "attached": true, - "document": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "ElastiCacheManagementActions", - "Effect": "Allow", - "Action": [ - "ec2:AuthorizeSecurityGroupIngress", - "ec2:CreateNetworkInterface", - "ec2:CreateSecurityGroup", - "ec2:DeleteNetworkInterface", - "ec2:DeleteSecurityGroup", - "ec2:DescribeAvailabilityZones", - "ec2:DescribeNetworkInterfaces", - "ec2:DescribeSecurityGroups", - "ec2:DescribeSubnets", - "ec2:DescribeVpcs", - "ec2:DescribeVpcEndpoints", - "ec2:ModifyNetworkInterfaceAttribute", - "ec2:RevokeSecurityGroupIngress", - "cloudwatch:PutMetricData", - "outposts:GetOutpost", - "outposts:GetOutpostInstanceTypes", - "outposts:ListOutposts", - "outposts:ListSites" - ], - "Resource": "*" - }, - { - "Sid": "CreateDeleteVPCEndpoints", - "Effect": "Allow", - "Action": [ - "ec2:CreateVpcEndpoint", - "ec2:DeleteVpcEndpoints" - ], - "Resource": "arn:aws:ec2:*:*:vpc-endpoint/*", - "Condition": { - "StringLike": { - "ec2:VpceServiceName": "com.amazonaws.elasticache.serverless.*" - } - } - }, - { - "Sid": "TagVPCEndpointsOnCreation", - "Effect": "Allow", - "Action": [ - "ec2:CreateTags" - ], - "Resource": "arn:aws:ec2:*:*:vpc-endpoint/*", - "Condition": { - "StringEquals": { - "ec2:CreateAction": "CreateVpcEndpoint", - "aws:RequestTag/AmazonElastiCacheManaged": "true" - } - } - }, - { - "Sid": "ModifyVpcEndpoints", - "Effect": "Allow", - "Action": [ - "ec2:ModifyVpcEndpoint" - ], - "Resource": "arn:aws:ec2:*:*:vpc-endpoint/*", - "Condition": { - "StringEquals": { - "ec2:ResourceTag/AmazonElastiCacheManaged": "true" - } - } - }, - { - "Sid": "AllowAccessToElastiCacheTaggedVpcEndpoints", - "Effect": "Allow", - "Action": [ - "ec2:CreateVpcEndpoint", - "ec2:ModifyVpcEndpoint" - ], - "NotResource": "arn:aws:ec2:*:*:vpc-endpoint/*" - } - ] - }, - "tags": [] - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "ElastiCacheServiceRolePolicy", - "type": "AwsIamPolicy", - "uid": "arn:aws:iam::aws:policy/aws-service-role/ElastiCacheServiceRolePolicy" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "It is more secure to start with a minimum set of permissions and grant additional permissions as necessary, rather than starting with permissions that are too lenient and then trying to tighten them later. List policies an analyze if permissions are the least possible to conduct business activities.", - "references": [ - "http://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html" - ] - }, - "risk_details": "IAM policies are the means by which privileges are granted to users, groups, or roles. It is recommended and considered a standard security advice to grant least privilegeβ€”that is, granting only the permissions required to perform a task. Determine what users need to do and then craft policies for them that let the users perform only those tasks instead of allowing full administrative privileges. Providing full administrative privileges instead of restricting to the minimum set of permissions that the user is required to do exposes the resources to potentially unwanted actions.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "AWS policy AWSTrustedAdvisorServiceRolePolicy is attached but does not allow '*:*' administrative privileges.", - "metadata": { - "event_code": "iam_aws_attached_policy_no_administrative_privileges", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "AWS policy AWSTrustedAdvisorServiceRolePolicy is attached but does not allow '*:*' administrative privileges.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "CAF Security Epic: IAM", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_1", - "3_1_2", - "3_1_4", - "3_1_5", - "3_1_6", - "3_1_7", - "3_4_6", - "3_13_3" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_1" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_308_a_3_i", - "164_308_a_3_ii_b", - "164_308_a_4_i", - "164_308_a_4_ii_b", - "164_308_a_4_ii_c", - "164_312_a_1" - ], - "SOC2": [ - "cc_1_3", - "cc_6_3" - ], - "C5-2025": [ - "OIS-04.03B", - "OIS-04.01AC", - "SP-01.04B", - "HR-01.01B", - "IAM-01.01B", - "IAM-01.04B" - ], - "NIST-CSF-1.1": [ - "ac_1", - "ac_4", - "pt_3" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-1", - "ac-2-f", - "ac-2-j", - "ac-3", - "ac-5-c", - "ac-6-10", - "ac-6", - "sc-2" - ], - "CIS-3.0": [ - "1.16" - ], - "NIST-800-53-Revision-5": [ - "ac_2_1", - "ac_2_6", - "ac_2_i_2", - "ac_3", - "ac_3_3", - "ac_3_3_a", - "ac_3_3_b_1", - "ac_3_3_b_2", - "ac_3_3_b_3", - "ac_3_3_b_4", - "ac_3_3_b_5", - "ac_3_3_c", - "ac_3_4", - "ac_3_4_a", - "ac_3_4_b", - "ac_3_4_c", - "ac_3_4_d", - "ac_3_4_e", - "ac_3_7", - "ac_3_8", - "ac_3_12_a", - "ac_3_13", - "ac_3_15_a", - "ac_3_15_b", - "ac_4_28", - "ac_5_b", - "ac_6", - "ac_6_2", - "ac_6_3", - "ac_6_10", - "ac_24", - "cm_5_1_a", - "cm_6_a", - "cm_9_b", - "mp_2", - "sc_23_3", - "sc_25" - ], - "ENS-RD2022": [ - "op.acc.4.aws.iam.1", - "op.acc.4.aws.iam.2", - "op.acc.4.aws.iam.9", - "op.exp.8.r4.aws.ct.8" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.16" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "ac-3" - ], - "FFIEC": [ - "d3-pc-am-b-1", - "d3-pc-am-b-16", - "d3-pc-am-b-2", - "d3-pc-am-b-3", - "d3-pc-am-b-6", - "d3-pc-im-b-7" - ], - "GDPR": [ - "article_25" - ], - "CIS-5.0": [ - "1.15" - ], - "CIS-1.4": [ - "1.16" - ], - "CCC": [ - "CCC.LB.CN05.AR01", - "CCC.Core.CN05.AR02" - ], - "GxP-21-CFR-Part-11": [ - "11.10-d", - "11.10-g" - ], - "ProwlerThreatScore-1.0": [ - "1.3.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "IAM.1" - ], - "CIS-1.5": [ - "1.16" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC03-BP02" - ], - "ISO27001-2022": [ - "A.5.18", - "A.8.2" - ], - "NIST-800-53-Revision-4": [ - "ac_2", - "ac_3", - "ac_5", - "ac_6", - "sc_2" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1078", - "T1648", - "T1098", - "T1578", - "T1550", - "T1040", - "T1580", - "T1538", - "T1619", - "T1201" - ], - "CIS-2.0": [ - "1.16" - ], - "CISA": [ - "your-systems-3", - "your-surroundings-3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure IAM AWS-Managed policies that allow full \"*:*\" administrative privileges are not attached", - "title": "Ensure IAM AWS-Managed policies that allow full \"*:*\" administrative privileges are not attached", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_aws_attached_policy_no_administrative_privileges-211203495394-us-east-1-AWSTrustedAdvisorServiceRolePolicy" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "AWSTrustedAdvisorServiceRolePolicy", - "arn": "arn:aws:iam::aws:policy/aws-service-role/AWSTrustedAdvisorServiceRolePolicy", - "entity": "ANPAJH4QJ2WMHBOB47BUE", - "version_id": "v14", - "type": "AWS", - "attached": true, - "document": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "TrustedAdvisorServiceRolePermissions", - "Effect": "Allow", - "Action": [ - "access-analyzer:ListAnalyzers", - "autoscaling:DescribeAccountLimits", - "autoscaling:DescribeAutoScalingGroups", - "autoscaling:DescribeLaunchConfigurations", - "ce:GetReservationPurchaseRecommendation", - "ce:GetSavingsPlansPurchaseRecommendation", - "cloudformation:DescribeAccountLimits", - "cloudformation:DescribeStacks", - "cloudformation:ListStacks", - "cloudfront:ListDistributions", - "cloudtrail:DescribeTrails", - "cloudtrail:GetTrailStatus", - "cloudtrail:GetTrail", - "cloudtrail:ListTrails", - "cloudtrail:GetEventSelectors", - "cloudwatch:GetMetricStatistics", - "cloudwatch:ListMetrics", - "dax:DescribeClusters", - "dynamodb:DescribeLimits", - "dynamodb:DescribeTable", - "dynamodb:ListTables", - "ec2:DescribeAddresses", - "ec2:DescribeReservedInstances", - "ec2:DescribeInstances", - "ec2:DescribeVpcs", - "ec2:DescribeInternetGateways", - "ec2:DescribeImages", - "ec2:DescribeNatGateways", - "ec2:DescribeVolumes", - "ec2:DescribeSecurityGroups", - "ec2:DescribeSubnets", - "ec2:DescribeRegions", - "ec2:DescribeReservedInstancesOfferings", - "ec2:DescribeRouteTables", - "ec2:DescribeSnapshots", - "ec2:DescribeVpcEndpoints", - "ec2:DescribeVpnConnections", - "ec2:DescribeVpnGateways", - "ec2:DescribeLaunchTemplateVersions", - "ec2:GetManagedPrefixListEntries", - "ecs:DescribeTaskDefinition", - "ecs:ListTaskDefinitions", - "elasticloadbalancing:DescribeAccountLimits", - "elasticloadbalancing:DescribeInstanceHealth", - "elasticloadbalancing:DescribeLoadBalancerAttributes", - "elasticloadbalancing:DescribeLoadBalancerPolicies", - "elasticloadbalancing:DescribeLoadBalancerPolicyTypes", - "elasticloadbalancing:DescribeLoadBalancers", - "elasticloadbalancing:DescribeListeners", - "elasticloadbalancing:DescribeRules", - "elasticloadbalancing:DescribeTargetGroups", - "elasticloadbalancing:DescribeTargetHealth", - "iam:GenerateCredentialReport", - "iam:GetAccountPasswordPolicy", - "iam:GetAccountSummary", - "iam:GetCredentialReport", - "iam:GetServerCertificate", - "iam:ListServerCertificates", - "iam:ListSAMLProviders", - "kinesis:DescribeLimits", - "kafka:DescribeClusterV2", - "kafka:ListClustersV2", - "kafka:ListNodes", - "network-firewall:ListFirewalls", - "network-firewall:DescribeFirewall", - "outposts:ListAssets", - "outposts:GetOutpost", - "outposts:ListOutposts", - "rds:DescribeAccountAttributes", - "rds:DescribeDBClusters", - "rds:DescribeDBEngineVersions", - "rds:DescribeDBInstances", - "rds:DescribeDBParameterGroups", - "rds:DescribeDBParameters", - "rds:DescribeDBSecurityGroups", - "rds:DescribeDBSnapshots", - "rds:DescribeDBSubnetGroups", - "rds:DescribeEngineDefaultParameters", - "rds:DescribeEvents", - "rds:DescribeOptionGroupOptions", - "rds:DescribeOptionGroups", - "rds:DescribeOrderableDBInstanceOptions", - "rds:DescribeReservedDBInstances", - "rds:DescribeReservedDBInstancesOfferings", - "rds:ListTagsForResource", - "redshift:DescribeClusters", - "redshift:DescribeReservedNodeOfferings", - "redshift:DescribeReservedNodes", - "route53:GetAccountLimit", - "route53:GetHealthCheck", - "route53:GetHostedZone", - "route53:ListHealthChecks", - "route53:ListHostedZones", - "route53:ListHostedZonesByName", - "route53:ListResourceRecordSets", - "route53resolver:ListResolverEndpoints", - "route53resolver:ListResolverEndpointIpAddresses", - "s3:GetAccountPublicAccessBlock", - "s3:GetBucketAcl", - "s3:GetBucketPolicy", - "s3:GetBucketPolicyStatus", - "s3:GetBucketLocation", - "s3:GetBucketLogging", - "s3:GetBucketVersioning", - "s3:GetBucketPublicAccessBlock", - "s3:GetLifecycleConfiguration", - "s3:ListBucket", - "s3:ListAllMyBuckets", - "ses:GetSendQuota", - "sqs:GetQueueAttributes", - "sqs:ListQueues" - ], - "Resource": "*" - } - ] - }, - "tags": [] - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "AWSTrustedAdvisorServiceRolePolicy", - "type": "AwsIamPolicy", - "uid": "arn:aws:iam::aws:policy/aws-service-role/AWSTrustedAdvisorServiceRolePolicy" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "It is more secure to start with a minimum set of permissions and grant additional permissions as necessary, rather than starting with permissions that are too lenient and then trying to tighten them later. List policies an analyze if permissions are the least possible to conduct business activities.", - "references": [ - "http://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html" - ] - }, - "risk_details": "IAM policies are the means by which privileges are granted to users, groups, or roles. It is recommended and considered a standard security advice to grant least privilegeβ€”that is, granting only the permissions required to perform a task. Determine what users need to do and then craft policies for them that let the users perform only those tasks instead of allowing full administrative privileges. Providing full administrative privileges instead of restricting to the minimum set of permissions that the user is required to do exposes the resources to potentially unwanted actions.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "AWS policy AdministratorAccess is attached and allows '*:*' administrative privileges.", - "metadata": { - "event_code": "iam_aws_attached_policy_no_administrative_privileges", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "AWS policy AdministratorAccess is attached and allows '*:*' administrative privileges.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "CAF Security Epic: IAM", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_1", - "3_1_2", - "3_1_4", - "3_1_5", - "3_1_6", - "3_1_7", - "3_4_6", - "3_13_3" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_1" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_308_a_3_i", - "164_308_a_3_ii_b", - "164_308_a_4_i", - "164_308_a_4_ii_b", - "164_308_a_4_ii_c", - "164_312_a_1" - ], - "SOC2": [ - "cc_1_3", - "cc_6_3" - ], - "C5-2025": [ - "OIS-04.03B", - "OIS-04.01AC", - "SP-01.04B", - "HR-01.01B", - "IAM-01.01B", - "IAM-01.04B" - ], - "NIST-CSF-1.1": [ - "ac_1", - "ac_4", - "pt_3" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-1", - "ac-2-f", - "ac-2-j", - "ac-3", - "ac-5-c", - "ac-6-10", - "ac-6", - "sc-2" - ], - "CIS-3.0": [ - "1.16" - ], - "NIST-800-53-Revision-5": [ - "ac_2_1", - "ac_2_6", - "ac_2_i_2", - "ac_3", - "ac_3_3", - "ac_3_3_a", - "ac_3_3_b_1", - "ac_3_3_b_2", - "ac_3_3_b_3", - "ac_3_3_b_4", - "ac_3_3_b_5", - "ac_3_3_c", - "ac_3_4", - "ac_3_4_a", - "ac_3_4_b", - "ac_3_4_c", - "ac_3_4_d", - "ac_3_4_e", - "ac_3_7", - "ac_3_8", - "ac_3_12_a", - "ac_3_13", - "ac_3_15_a", - "ac_3_15_b", - "ac_4_28", - "ac_5_b", - "ac_6", - "ac_6_2", - "ac_6_3", - "ac_6_10", - "ac_24", - "cm_5_1_a", - "cm_6_a", - "cm_9_b", - "mp_2", - "sc_23_3", - "sc_25" - ], - "ENS-RD2022": [ - "op.acc.4.aws.iam.1", - "op.acc.4.aws.iam.2", - "op.acc.4.aws.iam.9", - "op.exp.8.r4.aws.ct.8" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.16" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "ac-3" - ], - "FFIEC": [ - "d3-pc-am-b-1", - "d3-pc-am-b-16", - "d3-pc-am-b-2", - "d3-pc-am-b-3", - "d3-pc-am-b-6", - "d3-pc-im-b-7" - ], - "GDPR": [ - "article_25" - ], - "CIS-5.0": [ - "1.15" - ], - "CIS-1.4": [ - "1.16" - ], - "CCC": [ - "CCC.LB.CN05.AR01", - "CCC.Core.CN05.AR02" - ], - "GxP-21-CFR-Part-11": [ - "11.10-d", - "11.10-g" - ], - "ProwlerThreatScore-1.0": [ - "1.3.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "IAM.1" - ], - "CIS-1.5": [ - "1.16" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC03-BP02" - ], - "ISO27001-2022": [ - "A.5.18", - "A.8.2" - ], - "NIST-800-53-Revision-4": [ - "ac_2", - "ac_3", - "ac_5", - "ac_6", - "sc_2" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1078", - "T1648", - "T1098", - "T1578", - "T1550", - "T1040", - "T1580", - "T1538", - "T1619", - "T1201" - ], - "CIS-2.0": [ - "1.16" - ], - "CISA": [ - "your-systems-3", - "your-surroundings-3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure IAM AWS-Managed policies that allow full \"*:*\" administrative privileges are not attached", - "title": "Ensure IAM AWS-Managed policies that allow full \"*:*\" administrative privileges are not attached", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_aws_attached_policy_no_administrative_privileges-211203495394-us-east-1-AdministratorAccess" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "AdministratorAccess", - "arn": "arn:aws:iam::aws:policy/AdministratorAccess", - "entity": "ANPAIWMBCKSKIEE64ZLYK", - "version_id": "v1", - "type": "AWS", - "attached": true, - "document": { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Action": "*", - "Resource": "*" - } - ] - }, - "tags": [] - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "AdministratorAccess", - "type": "AwsIamPolicy", - "uid": "arn:aws:iam::aws:policy/AdministratorAccess" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "It is more secure to start with a minimum set of permissions and grant additional permissions as necessary, rather than starting with permissions that are too lenient and then trying to tighten them later. List policies an analyze if permissions are the least possible to conduct business activities.", - "references": [ - "http://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html" - ] - }, - "risk_details": "IAM policies are the means by which privileges are granted to users, groups, or roles. It is recommended and considered a standard security advice to grant least privilegeβ€”that is, granting only the permissions required to perform a task. Determine what users need to do and then craft policies for them that let the users perform only those tasks instead of allowing full administrative privileges. Providing full administrative privileges instead of restricting to the minimum set of permissions that the user is required to do exposes the resources to potentially unwanted actions.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "AWS policy AWSSupportServiceRolePolicy is attached but does not allow '*:*' administrative privileges.", - "metadata": { - "event_code": "iam_aws_attached_policy_no_administrative_privileges", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "AWS policy AWSSupportServiceRolePolicy is attached but does not allow '*:*' administrative privileges.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "CAF Security Epic: IAM", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_1", - "3_1_2", - "3_1_4", - "3_1_5", - "3_1_6", - "3_1_7", - "3_4_6", - "3_13_3" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_1" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_308_a_3_i", - "164_308_a_3_ii_b", - "164_308_a_4_i", - "164_308_a_4_ii_b", - "164_308_a_4_ii_c", - "164_312_a_1" - ], - "SOC2": [ - "cc_1_3", - "cc_6_3" - ], - "C5-2025": [ - "OIS-04.03B", - "OIS-04.01AC", - "SP-01.04B", - "HR-01.01B", - "IAM-01.01B", - "IAM-01.04B" - ], - "NIST-CSF-1.1": [ - "ac_1", - "ac_4", - "pt_3" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-1", - "ac-2-f", - "ac-2-j", - "ac-3", - "ac-5-c", - "ac-6-10", - "ac-6", - "sc-2" - ], - "CIS-3.0": [ - "1.16" - ], - "NIST-800-53-Revision-5": [ - "ac_2_1", - "ac_2_6", - "ac_2_i_2", - "ac_3", - "ac_3_3", - "ac_3_3_a", - "ac_3_3_b_1", - "ac_3_3_b_2", - "ac_3_3_b_3", - "ac_3_3_b_4", - "ac_3_3_b_5", - "ac_3_3_c", - "ac_3_4", - "ac_3_4_a", - "ac_3_4_b", - "ac_3_4_c", - "ac_3_4_d", - "ac_3_4_e", - "ac_3_7", - "ac_3_8", - "ac_3_12_a", - "ac_3_13", - "ac_3_15_a", - "ac_3_15_b", - "ac_4_28", - "ac_5_b", - "ac_6", - "ac_6_2", - "ac_6_3", - "ac_6_10", - "ac_24", - "cm_5_1_a", - "cm_6_a", - "cm_9_b", - "mp_2", - "sc_23_3", - "sc_25" - ], - "ENS-RD2022": [ - "op.acc.4.aws.iam.1", - "op.acc.4.aws.iam.2", - "op.acc.4.aws.iam.9", - "op.exp.8.r4.aws.ct.8" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.16" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "ac-3" - ], - "FFIEC": [ - "d3-pc-am-b-1", - "d3-pc-am-b-16", - "d3-pc-am-b-2", - "d3-pc-am-b-3", - "d3-pc-am-b-6", - "d3-pc-im-b-7" - ], - "GDPR": [ - "article_25" - ], - "CIS-5.0": [ - "1.15" - ], - "CIS-1.4": [ - "1.16" - ], - "CCC": [ - "CCC.LB.CN05.AR01", - "CCC.Core.CN05.AR02" - ], - "GxP-21-CFR-Part-11": [ - "11.10-d", - "11.10-g" - ], - "ProwlerThreatScore-1.0": [ - "1.3.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "IAM.1" - ], - "CIS-1.5": [ - "1.16" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC03-BP02" - ], - "ISO27001-2022": [ - "A.5.18", - "A.8.2" - ], - "NIST-800-53-Revision-4": [ - "ac_2", - "ac_3", - "ac_5", - "ac_6", - "sc_2" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1078", - "T1648", - "T1098", - "T1578", - "T1550", - "T1040", - "T1580", - "T1538", - "T1619", - "T1201" - ], - "CIS-2.0": [ - "1.16" - ], - "CISA": [ - "your-systems-3", - "your-surroundings-3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure IAM AWS-Managed policies that allow full \"*:*\" administrative privileges are not attached", - "title": "Ensure IAM AWS-Managed policies that allow full \"*:*\" administrative privileges are not attached", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_aws_attached_policy_no_administrative_privileges-211203495394-us-east-1-AWSSupportServiceRolePolicy" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "AWSSupportServiceRolePolicy", - "arn": "arn:aws:iam::aws:policy/aws-service-role/AWSSupportServiceRolePolicy", - "entity": "ANPAJ7W6266ELXF5MISDS", - "version_id": "v42", - "type": "AWS", - "attached": true, - "document": { - "Statement": [ - { - "Sid": "AWSSupportAPIGatewayAccess", - "Action": [ - "apigateway:GET" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:apigateway:*::/account", - "arn:aws:apigateway:*::/apis", - "arn:aws:apigateway:*::/apis/*", - "arn:aws:apigateway:*::/apis/*/authorizers", - "arn:aws:apigateway:*::/apis/*/authorizers/*", - "arn:aws:apigateway:*::/apis/*/deployments", - "arn:aws:apigateway:*::/apis/*/deployments/*", - "arn:aws:apigateway:*::/apis/*/integrations", - "arn:aws:apigateway:*::/apis/*/integrations/*", - "arn:aws:apigateway:*::/apis/*/integrations/*/integrationresponses", - "arn:aws:apigateway:*::/apis/*/integrations/*/integrationresponses/*", - "arn:aws:apigateway:*::/apis/*/models", - "arn:aws:apigateway:*::/apis/*/models/*", - "arn:aws:apigateway:*::/apis/*/routes", - "arn:aws:apigateway:*::/apis/*/routes/*", - "arn:aws:apigateway:*::/apis/*/routes/*/routeresponses", - "arn:aws:apigateway:*::/apis/*/routes/*/routeresponses/*", - "arn:aws:apigateway:*::/apis/*/stages", - "arn:aws:apigateway:*::/apis/*/stages/*", - "arn:aws:apigateway:*::/clientcertificates", - "arn:aws:apigateway:*::/clientcertificates/*", - "arn:aws:apigateway:*::/domainnames", - "arn:aws:apigateway:*::/domainnames/*", - "arn:aws:apigateway:*::/domainnames/*/apimappings", - "arn:aws:apigateway:*::/domainnames/*/apimappings/*", - "arn:aws:apigateway:*::/domainnames/*/basepathmappings", - "arn:aws:apigateway:*::/domainnames/*/basepathmappings/*", - "arn:aws:apigateway:*::/restapis", - "arn:aws:apigateway:*::/restapis/*", - "arn:aws:apigateway:*::/restapis/*/authorizers", - "arn:aws:apigateway:*::/restapis/*/authorizers/*", - "arn:aws:apigateway:*::/restapis/*/deployments", - "arn:aws:apigateway:*::/restapis/*/deployments/*", - "arn:aws:apigateway:*::/restapis/*/models", - "arn:aws:apigateway:*::/restapis/*/models/*", - "arn:aws:apigateway:*::/restapis/*/models/*/default_template", - "arn:aws:apigateway:*::/restapis/*/resources", - "arn:aws:apigateway:*::/restapis/*/resources/*", - "arn:aws:apigateway:*::/restapis/*/resources/*/methods/*/integration/responses/*", - "arn:aws:apigateway:*::/restapis/*/resources/*/methods/*/responses/*", - "arn:aws:apigateway:*::/restapis/*/stages/*/sdks/*", - "arn:aws:apigateway:*::/restapis/*/resources/*/methods/*", - "arn:aws:apigateway:*::/restapis/*/resources/*/methods/*/integration", - "arn:aws:apigateway:*::/restapis/*/stages", - "arn:aws:apigateway:*::/restapis/*/stages/*", - "arn:aws:apigateway:*::/usageplans", - "arn:aws:apigateway:*::/usageplans/*", - "arn:aws:apigateway:*::/vpclinks", - "arn:aws:apigateway:*::/vpclinks/*" - ] - }, - { - "Sid": "AWSSupportDeleteRoleAccess", - "Action": [ - "iam:DeleteRole" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:iam::*:role/aws-service-role/support.amazonaws.com/AWSServiceRoleForSupport" - ] - }, - { - "Sid": "AWSSupportActionsGroup1", - "Action": [ - "access-analyzer:getAccessPreview", - "access-analyzer:getAnalyzedResource", - "access-analyzer:getAnalyzer", - "access-analyzer:getArchiveRule", - "access-analyzer:getFinding", - "access-analyzer:getGeneratedPolicy", - "access-analyzer:listAccessPreviewFindings", - "access-analyzer:listAccessPreviews", - "access-analyzer:listAnalyzedResources", - "access-analyzer:listAnalyzers", - "access-analyzer:listArchiveRules", - "access-analyzer:listFindings", - "access-analyzer:listPolicyGenerations", - "account:getRegionOptStatus", - "account:listRegions", - "acm-pca:describeCertificateAuthority", - "acm-pca:describeCertificateAuthorityAuditReport", - "acm-pca:getCertificate", - "acm-pca:getCertificateAuthorityCertificate", - "acm-pca:getCertificateAuthorityCsr", - "acm-pca:listCertificateAuthorities", - "acm-pca:listTags", - "acm:describeCertificate", - "acm:getAccountConfiguration", - "acm:getCertificate", - "acm:listCertificates", - "acm:listTagsForCertificate", - "aiops:getInvestigationGroup", - "aiops:getInvestigationGroupPolicy", - "aiops:listInvestigationGroups", - "airflow:getEnvironment", - "airflow:listEnvironments", - "airflow:listTagsForResource", - "amplify:getApp", - "amplify:getBackendEnvironment", - "amplify:getBranch", - "amplify:getDomainAssociation", - "amplify:getJob", - "amplify:getWebhook", - "amplify:listApps", - "amplify:listBackendEnvironments", - "amplify:listBranches", - "amplify:listDomainAssociations", - "amplify:listWebhooks", - "amplifyuibuilder:exportComponents", - "amplifyuibuilder:exportThemes", - "aoss:batchGetCollection", - "aoss:batchGetEffectiveLifecyclePolicy", - "aoss:batchGetLifecyclePolicy", - "aoss:batchGetVpcEndpoint", - "aoss:getAccessPolicy", - "aoss:getAccountSettings", - "aoss:getPoliciesStats", - "aoss:getSecurityConfig", - "aoss:getSecurityPolicy", - "aoss:listAccessPolicies", - "aoss:listCollections", - "aoss:listLifecyclePolicies", - "aoss:listSecurityConfigs", - "aoss:listSecurityPolicies", - "aoss:listTagsForResource", - "aoss:listVpcEndpoints", - "appconfig:getApplication", - "appconfig:getConfigurationProfile", - "appconfig:getDeployment", - "appconfig:getDeploymentStrategy", - "appconfig:getEnvironment", - "appconfig:getExtension", - "appconfig:getExtensionAssociation", - "appconfig:listApplications", - "appconfig:listConfigurationProfiles", - "appconfig:listDeployments", - "appconfig:listDeploymentStrategies", - "appconfig:listEnvironments", - "appconfig:listExtensionAssociations", - "appconfig:listExtensions", - "appconfig:listHostedConfigurationVersions", - "appflow:describeConnectorEntity", - "appflow:describeConnectorProfiles", - "appflow:describeConnectors", - "appflow:describeFlow", - "appflow:describeFlowExecutionRecords", - "appflow:listConnectorEntities", - "appflow:listFlows", - "application-autoscaling:describeScalableTargets", - "application-autoscaling:describeScalingActivities", - "application-autoscaling:describeScalingPolicies", - "application-autoscaling:describeScheduledActions", - "application-signals:getService", - "application-signals:getServiceLevelObjective", - "application-signals:listServiceDependencies", - "application-signals:listServiceDependents", - "application-signals:listServiceLevelObjectives", - "application-signals:listServiceOperations", - "application-signals:listServices", - "applicationinsights:describeApplication", - "applicationinsights:describeComponent", - "applicationinsights:describeComponentConfiguration", - "applicationinsights:describeComponentConfigurationRecommendation", - "applicationinsights:describeLogPattern", - "applicationinsights:describeObservation", - "applicationinsights:describeProblem", - "applicationinsights:describeProblemObservations", - "applicationinsights:listApplications", - "applicationinsights:listComponents", - "applicationinsights:listConfigurationHistory", - "applicationinsights:listLogPatterns", - "applicationinsights:listLogPatternSets", - "applicationinsights:listProblems", - "appmesh:describeGatewayRoute", - "appmesh:describeMesh", - "appmesh:describeRoute", - "appmesh:describeVirtualGateway", - "appmesh:describeVirtualNode", - "appmesh:describeVirtualRouter", - "appmesh:describeVirtualService", - "appmesh:listGatewayRoutes", - "appmesh:listMeshes", - "appmesh:listRoutes", - "appmesh:listTagsForResource", - "appmesh:listVirtualGateways", - "appmesh:listVirtualNodes", - "appmesh:listVirtualRouters", - "appmesh:listVirtualServices", - "apprunner:describeAutoScalingConfiguration", - "apprunner:describeCustomDomains", - "apprunner:describeObservabilityConfiguration", - "apprunner:describeOperation", - "apprunner:describeService", - "apprunner:describeVpcConnector", - "apprunner:describeVpcIngressConnection", - "apprunner:listAutoScalingConfigurations", - "apprunner:listConnections", - "apprunner:listObservabilityConfigurations", - "apprunner:listOperations", - "apprunner:listServices", - "apprunner:listTagsForResource", - "apprunner:listVpcConnectors", - "apprunner:listVpcIngressConnections", - "appstream:describeAppBlockBuilderAppBlockAssociations", - "appstream:describeAppBlockBuilders", - "appstream:describeAppBlocks", - "appstream:describeApplicationFleetAssociations", - "appstream:describeApplications", - "appstream:describeDirectoryConfigs", - "appstream:describeEntitlements", - "appstream:describeFleets", - "appstream:describeImageBuilders", - "appstream:describeImagePermissions", - "appstream:describeImages", - "appstream:describeSessions", - "appstream:describeStacks", - "appstream:describeUsageReportSubscriptions", - "appstream:describeUsers", - "appstream:describeUserStackAssociations", - "appstream:listAssociatedFleets", - "appstream:listAssociatedStacks", - "appstream:listEntitledApplications", - "appstream:listTagsForResource", - "appsync:getApi", - "appsync:getApiAssociation", - "appsync:getApiCache", - "appsync:getChannelNamespace", - "appsync:getDataSource", - "appsync:getDomainName", - "appsync:getFunction", - "appsync:getGraphqlApi", - "appsync:getIntrospectionSchema", - "appsync:getResolver", - "appsync:getSchemaCreationStatus", - "appsync:getSourceApiAssociation", - "appsync:getType", - "appsync:listApis", - "appsync:listChannelNamespaces", - "appsync:listDataSources", - "appsync:listDomainNames", - "appsync:listFunctions", - "appsync:listGraphqlApis", - "appsync:listResolvers", - "appsync:listResolversByFunction", - "appsync:listSourceApiAssociations", - "appsync:listTypes", - "appsync:listTypesByAssociation", - "aps:describeAlertManagerDefinition", - "aps:describeRuleGroupsNamespace", - "aps:describeScraper", - "aps:describeWorkspace", - "aps:listRuleGroupsNamespaces", - "aps:listScrapers", - "aps:listWorkspaces", - "athena:batchGetNamedQuery", - "athena:batchGetQueryExecution", - "athena:getCalculationExecution", - "athena:getCalculationExecutionStatus", - "athena:getCapacityAssignmentConfiguration", - "athena:getCapacityReservation", - "athena:getDataCatalog", - "athena:getNamedQuery", - "athena:getNotebookMetadata", - "athena:getQueryExecution", - "athena:getQueryRuntimeStatistics", - "athena:getSession", - "athena:getSessionStatus", - "athena:getWorkGroup", - "athena:listApplicationDPUSizes", - "athena:listCalculationExecutions", - "athena:listCapacityReservations", - "athena:listDataCatalogs", - "athena:listEngineVersions", - "athena:listExecutors", - "athena:listNamedQueries", - "athena:listNotebookMetadata", - "athena:listNotebookSessions", - "athena:listQueryExecutions", - "athena:listSessions", - "athena:listTagsForResource", - "athena:listWorkGroups", - "auditmanager:getAccountStatus", - "auditmanager:getDelegations", - "auditmanager:listAssessmentFrameworks", - "auditmanager:listAssessmentReports", - "auditmanager:listAssessments", - "auditmanager:listControls", - "auditmanager:listKeywordsForDataSource", - "auditmanager:listNotifications", - "autoscaling-plans:describeScalingPlanResources", - "autoscaling-plans:describeScalingPlans", - "autoscaling-plans:getScalingPlanResourceForecastData", - "autoscaling:describeAccountLimits", - "autoscaling:describeAdjustmentTypes", - "autoscaling:describeAutoScalingGroups", - "autoscaling:describeAutoScalingInstances", - "autoscaling:describeAutoScalingNotificationTypes", - "autoscaling:describeInstanceRefreshes", - "autoscaling:describeLaunchConfigurations", - "autoscaling:describeLifecycleHooks", - "autoscaling:describeLifecycleHookTypes", - "autoscaling:describeLoadBalancers", - "autoscaling:describeLoadBalancerTargetGroups", - "autoscaling:describeMetricCollectionTypes", - "autoscaling:describeNotificationConfigurations", - "autoscaling:describePolicies", - "autoscaling:describeScalingActivities", - "autoscaling:describeScalingProcessTypes", - "autoscaling:describeScheduledActions", - "autoscaling:describeTags", - "autoscaling:describeTerminationPolicyTypes", - "autoscaling:describeTrafficSources", - "autoscaling:describeWarmPool", - "backup-gateway:getBandwidthRateLimitSchedule", - "backup-gateway:getGateway", - "backup-gateway:getHypervisor", - "backup-gateway:getHypervisorPropertyMappings", - "backup-gateway:getVirtualMachine", - "backup-gateway:listGateways", - "backup-gateway:listHypervisors", - "backup-gateway:listVirtualMachines", - "backup-search:listSearchJobBackups", - "backup-search:listSearchJobs", - "backup:describeBackupJob", - "backup:describeBackupVault", - "backup:describeCopyJob", - "backup:describeFramework", - "backup:describeGlobalSettings", - "backup:describeProtectedResource", - "backup:describeRecoveryPoint", - "backup:describeRegionSettings", - "backup:describeReportJob", - "backup:describeReportPlan", - "backup:describeRestoreJob", - "backup:getBackupPlan", - "backup:getBackupPlanFromJSON", - "backup:getBackupPlanFromTemplate", - "backup:getBackupSelection", - "backup:getBackupVaultAccessPolicy", - "backup:getBackupVaultNotifications", - "backup:getLegalHold", - "backup:getRecoveryPointRestoreMetadata", - "backup:getRecoveryPointIndexDetails", - "backup:getRestoreJobMetadata", - "backup:getRestoreTestingInferredMetadata", - "backup:getRestoreTestingPlan", - "backup:getRestoreTestingSelection", - "backup:getSupportedResourceTypes", - "backup:listBackupJobs", - "backup:listBackupPlans", - "backup:listBackupPlanTemplates", - "backup:listBackupPlanVersions", - "backup:listBackupSelections", - "backup:listBackupVaults", - "backup:listCopyJobs", - "backup:listFrameworks", - "backup:listIndexedRecoveryPoints", - "backup:listLegalHolds", - "backup:listProtectedResources", - "backup:listRecoveryPointsByBackupVault", - "backup:listRecoveryPointsByLegalHold", - "backup:listRecoveryPointsByResource", - "backup:listReportJobs", - "backup:listReportPlans", - "backup:listRestoreJobs", - "backup:listRestoreJobsByProtectedResource", - "backup:listRestoreTestingPlans", - "backup:listRestoreTestingSelections", - "backup:listTags", - "batch:describeComputeEnvironments", - "batch:describeJobDefinitions", - "batch:describeJobQueues", - "batch:describeJobs", - "batch:describeSchedulingPolicies", - "batch:listJobs", - "bedrock:getAgent", - "bedrock:getAgentActionGroup", - "bedrock:getAgentAlias", - "bedrock:getAgentKnowledgeBase", - "bedrock:getAgentVersion", - "bedrock:getCustomModel", - "bedrock:getDataSource", - "bedrock:getEvaluationJob", - "bedrock:getFlow", - "bedrock:getFlowAlias", - "bedrock:getFlowVersion", - "bedrock:getFoundationModel", - "bedrock:getGuardrail", - "bedrock:getImportedModel", - "bedrock:getInferenceProfile", - "bedrock:getIngestionJob", - "bedrock:getKnowledgeBase", - "bedrock:getMarketplaceModelEndpoint", - "bedrock:getModelCopyJob", - "bedrock:getModelCustomizationJob", - "bedrock:getModelImportJob", - "bedrock:getModelInvocationJob", - "bedrock:getModelInvocationLoggingConfiguration", - "bedrock:getPrompt", - "bedrock:getPromptRouter", - "bedrock:getProvisionedModelThroughput", - "bedrock:listAgentActionGroups", - "bedrock:listAgentAliases", - "bedrock:listAgentKnowledgeBases", - "bedrock:listAgents", - "bedrock:listAgentVersions", - "bedrock:listCustomModels", - "bedrock:listDataSources", - "bedrock:listEvaluationJobs", - "bedrock:listFlowAliases", - "bedrock:listFlows", - "bedrock:listFlowVersions", - "bedrock:listFoundationModels", - "bedrock:listGuardrails", - "bedrock:listImportedModels", - "bedrock:listInferenceProfiles", - "bedrock:listIngestionJobs", - "bedrock:listKnowledgeBases", - "bedrock:listMarketplaceModelEndpoints", - "bedrock:listModelCopyJobs", - "bedrock:listModelCustomizationJobs", - "bedrock:listModelImportJobs", - "bedrock:listModelInvocationJobs", - "bedrock:listPromptRouters", - "bedrock:listPrompts", - "bedrock:listProvisionedModelThroughputs", - "braket:getDevice", - "braket:getQuantumTask", - "braket:searchDevices", - "braket:searchQuantumTasks", - "budgets:viewBudget", - "ce:getCostAndUsage", - "ce:getCostAndUsageWithResources", - "ce:getCostForecast", - "ce:getDimensionValues", - "ce:getReservationCoverage", - "ce:getReservationPurchaseRecommendation", - "ce:getReservationUtilization", - "ce:getRightsizingRecommendation", - "ce:getSavingsPlansCoverage", - "ce:getSavingsPlansPurchaseRecommendation", - "ce:getSavingsPlansUtilization", - "ce:getSavingsPlansUtilizationDetails", - "ce:getTags", - "chime:describeAppInstance", - "chime:getAttendee", - "chime:getGlobalSettings", - "chime:getMediaCapturePipeline", - "chime:getMediaPipeline", - "chime:getMeeting", - "chime:getProxySession", - "chime:getSipMediaApplication", - "chime:getSipRule", - "chime:getVoiceConnector", - "chime:getVoiceConnectorGroup", - "chime:getVoiceConnectorLoggingConfiguration", - "chime:listAppInstances", - "chime:listAttendees", - "chime:listChannelBans", - "chime:listChannels", - "chime:listChannelsModeratedByAppInstanceUser", - "chime:listMediaCapturePipelines", - "chime:listMediaPipelines", - "chime:listMeetings", - "chime:listSipMediaApplications", - "chime:listSipRules", - "chime:listVoiceConnectorGroups", - "chime:listVoiceConnectors", - "cleanrooms:batchGetCollaborationAnalysisTemplate", - "cleanrooms:batchGetSchema", - "cleanrooms:getAnalysisTemplate", - "cleanrooms:getCollaboration", - "cleanrooms:getCollaborationAnalysisTemplate", - "cleanrooms:getConfiguredTable", - "cleanrooms:getConfiguredTableAssociation", - "cleanrooms:getMembership", - "cleanrooms:getSchema", - "cleanrooms:listAnalysisTemplates", - "cleanrooms:listCollaborationAnalysisTemplates", - "cleanrooms:listCollaborations", - "cleanrooms:listConfiguredTableAssociations", - "cleanrooms:listConfiguredTables", - "cleanrooms:listMembers", - "cleanrooms:listMemberships", - "cleanrooms:listSchemas", - "cloud9:describeEnvironmentMemberships", - "cloud9:describeEnvironments", - "cloud9:listEnvironments", - "clouddirectory:getDirectory", - "clouddirectory:listDirectories", - "cloudformation:batchDescribeTypeConfigurations", - "cloudformation:describeAccountLimits", - "cloudformation:describeChangeSet", - "cloudformation:describeChangeSetHooks", - "cloudformation:describePublisher", - "cloudformation:describeStackDriftDetectionStatus", - "cloudformation:describeStackEvents", - "cloudformation:describeStackInstance", - "cloudformation:describeStackResource", - "cloudformation:describeStackResourceDrifts", - "cloudformation:describeStackResources", - "cloudformation:describeStacks", - "cloudformation:describeStackSet", - "cloudformation:describeStackSetOperation", - "cloudformation:describeType", - "cloudformation:describeTypeRegistration", - "cloudformation:estimateTemplateCost", - "cloudformation:getResource", - "cloudformation:getStackPolicy", - "cloudformation:getTemplate", - "cloudformation:getTemplateSummary", - "cloudformation:listChangeSets", - "cloudformation:listExports", - "cloudformation:listImports", - "cloudformation:listResources", - "cloudformation:listStackInstances", - "cloudformation:listStackResources", - "cloudformation:listStacks", - "cloudformation:listStackSetOperationResults", - "cloudformation:listStackSetOperations", - "cloudformation:listStackSets", - "cloudformation:listTypeRegistrations", - "cloudformation:listTypes", - "cloudformation:listTypeVersions", - "cloudfront:describeFunction", - "cloudfront:describeKeyValueStore", - "cloudfront:getAnycastIpList", - "cloudfront:getCachePolicy", - "cloudfront:getCachePolicyConfig", - "cloudfront:getCloudFrontOriginAccessIdentity", - "cloudfront:getCloudFrontOriginAccessIdentityConfig", - "cloudfront:getContinuousDeploymentPolicy", - "cloudfront:getContinuousDeploymentPolicyConfig", - "cloudfront:getDistribution", - "cloudfront:getDistributionConfig", - "cloudfront:getInvalidation", - "cloudfront:getKeyGroup", - "cloudfront:getKeyGroupConfig", - "cloudfront:getMonitoringSubscription", - "cloudfront:getOriginAccessControl", - "cloudfront:getOriginAccessControlConfig", - "cloudfront:getOriginRequestPolicy", - "cloudfront:getOriginRequestPolicyConfig", - "cloudfront:getPublicKey", - "cloudfront:getPublicKeyConfig", - "cloudfront:getRealtimeLogConfig", - "cloudfront:getResponseHeadersPolicy", - "cloudfront:getResponseHeadersPolicyConfig", - "cloudfront:getStreamingDistribution", - "cloudfront:getStreamingDistributionConfig", - "cloudfront:getVpcOrigin", - "cloudfront:listAnycastIpLists", - "cloudfront:listCachePolicies", - "cloudfront:listCloudFrontOriginAccessIdentities", - "cloudfront:listConflictingAliases", - "cloudfront:listContinuousDeploymentPolicies", - "cloudfront:listDistributions", - "cloudfront:listDistributionsByAnycastIpListId", - "cloudfront:listDistributionsByCachePolicyId", - "cloudfront:listDistributionsByKeyGroup", - "cloudfront:listDistributionsByOriginRequestPolicyId", - "cloudfront:listDistributionsByRealtimeLogConfig", - "cloudfront:listDistributionsByResponseHeadersPolicyId", - "cloudfront:listDistributionsByVpcOriginId", - "cloudfront:listDistributionsByWebACLId", - "cloudfront:listFunctions", - "cloudfront:listInvalidations", - "cloudfront:listKeyGroups", - "cloudfront:listKeyValueStores", - "cloudfront:listOriginAccessControls", - "cloudfront:listOriginRequestPolicies", - "cloudfront:listPublicKeys", - "cloudfront:listRealtimeLogConfigs", - "cloudfront:listResponseHeadersPolicies", - "cloudfront:listStreamingDistributions", - "cloudfront:listVpcOrigins", - "cloudhsm:describeBackups", - "cloudhsm:describeClusters", - "cloudsearch:describeAnalysisSchemes", - "cloudsearch:describeAvailabilityOptions", - "cloudsearch:describeDomains", - "cloudsearch:describeExpressions", - "cloudsearch:describeIndexFields", - "cloudsearch:describeScalingParameters", - "cloudsearch:describeServiceAccessPolicies", - "cloudsearch:describeSuggesters", - "cloudsearch:listDomainNames", - "cloudtrail:describeTrails", - "cloudtrail:getEventSelectors", - "cloudtrail:getInsightSelectors", - "cloudtrail:getTrail", - "cloudtrail:getTrailStatus", - "cloudtrail:listPublicKeys", - "cloudtrail:listTags", - "cloudtrail:listTrails", - "cloudtrail:lookupEvents", - "cloudwatch:describeAlarmHistory", - "cloudwatch:describeAlarms", - "cloudwatch:describeAlarmsForMetric", - "cloudwatch:describeAnomalyDetectors", - "cloudwatch:describeInsightRules", - "cloudwatch:getDashboard", - "cloudwatch:getInsightRuleReport", - "cloudwatch:getMetricData", - "cloudwatch:getMetricStatistics", - "cloudwatch:getMetricStream", - "cloudWatch:getMetricWidgetImage", - "cloudwatch:listDashboards", - "cloudwatch:listManagedInsightRules", - "cloudwatch:listMetrics", - "cloudwatch:listMetricStreams", - "codeartifact:describeDomain", - "codeartifact:describePackageVersion", - "codeartifact:describeRepository", - "codeartifact:getDomainPermissionsPolicy", - "codeartifact:getRepositoryEndpoint", - "codeartifact:getRepositoryPermissionsPolicy", - "codeartifact:listDomains", - "codeartifact:listPackages", - "codeartifact:listPackageVersionAssets", - "codeartifact:listPackageVersions", - "codeartifact:listRepositories", - "codeartifact:listRepositoriesInDomain", - "codebuild:batchGetBuildBatches", - "codebuild:batchGetBuilds", - "codebuild:batchGetFleets", - "codebuild:batchGetProjects", - "codebuild:listBuildBatches", - "codebuild:listBuildBatchesForProject", - "codebuild:listBuilds", - "codebuild:listBuildsForProject", - "codebuild:listCuratedEnvironmentImages", - "codebuild:listFleets", - "codebuild:listProjects", - "codebuild:listSourceCredentials", - "codecommit:batchGetRepositories", - "codecommit:getBranch", - "codecommit:getRepository", - "codecommit:getRepositoryTriggers", - "codecommit:listBranches", - "codecommit:listRepositories", - "codeconnections:getConnection", - "codeconnections:getHost", - "codeconnections:getRepositoryLink", - "codeconnections:getRepositorySyncStatus", - "codeconnections:getResourceSyncStatus", - "codeconnections:getSyncBlockerSummary", - "codeconnections:getSyncConfiguration", - "codeconnections:listConnections", - "codeconnections:listHosts", - "codeconnections:listRepositoryLinks", - "codeconnections:listRepositorySyncDefinitions", - "codeconnections:listSyncConfigurations", - "codedeploy:batchGetApplicationRevisions", - "codedeploy:batchGetApplications", - "codedeploy:batchGetDeploymentGroups", - "codedeploy:batchGetDeploymentInstances", - "codedeploy:batchGetDeployments", - "codedeploy:batchGetDeploymentTargets", - "codedeploy:batchGetOnPremisesInstances", - "codedeploy:getApplication", - "codedeploy:getApplicationRevision", - "codedeploy:getDeployment", - "codedeploy:getDeploymentConfig", - "codedeploy:getDeploymentGroup", - "codedeploy:getDeploymentInstance", - "codedeploy:getDeploymentTarget", - "codedeploy:getOnPremisesInstance", - "codedeploy:listApplicationRevisions", - "codedeploy:listApplications", - "codedeploy:listDeploymentConfigs", - "codedeploy:listDeploymentGroups", - "codedeploy:listDeploymentInstances", - "codedeploy:listDeployments", - "codedeploy:listDeploymentTargets", - "codedeploy:listGitHubAccountTokenNames", - "codedeploy:listOnPremisesInstances", - "codepipeline:getJobDetails", - "codepipeline:getPipeline", - "codepipeline:getPipelineExecution", - "codepipeline:getPipelineState", - "codepipeline:listActionExecutions", - "codepipeline:listActionTypes", - "codepipeline:listPipelineExecutions", - "codepipeline:listPipelines", - "codepipeline:listRuleExecutions", - "codepipeline:listWebhooks", - "codestar-connections:getConnection", - "codestar-connections:getHost", - "codestar-connections:listConnections", - "codestar-connections:listHosts", - "codestar:describeProject", - "codestar:listProjects", - "codestar:listResources", - "codestar:listTeamMembers", - "codestar:listUserProfiles", - "cognito-identity:describeIdentity", - "cognito-identity:describeIdentityPool", - "cognito-identity:getIdentityPoolAnalytics", - "cognito-identity:getIdentityPoolDailyAnalytics", - "cognito-identity:getIdentityPoolRoles", - "cognito-identity:getIdentityProviderDailyAnalytics", - "cognito-identity:listIdentities", - "cognito-identity:listIdentityPools", - "cognito-identity:lookupDeveloperIdentity", - "cognito-idp:describeIdentityProvider", - "cognito-idp:describeResourceServer", - "cognito-idp:describeRiskConfiguration", - "cognito-idp:describeUserImportJob", - "cognito-idp:describeUserPool", - "cognito-idp:describeUserPoolClient", - "cognito-idp:describeUserPoolDomain", - "cognito-idp:getCSVHeader", - "cognito-idp:getGroup", - "cognito-idp:getLogDeliveryConfiguration", - "cognito-idp:getUICustomization", - "cognito-idp:getUserPoolMfaConfig", - "cognito-idp:listGroups", - "cognito-idp:listIdentityProviders", - "cognito-idp:listResourceServers", - "cognito-idp:listUserImportJobs", - "cognito-idp:listUserPoolClients", - "cognito-idp:listUserPools", - "cognito-sync:describeDataset", - "cognito-sync:describeIdentityPoolUsage", - "cognito-sync:describeIdentityUsage", - "cognito-sync:getCognitoEvents", - "cognito-sync:getIdentityPoolConfiguration", - "cognito-sync:listDatasets", - "cognito-sync:listIdentityPoolUsage", - "comprehend:describeDocumentClassificationJob", - "comprehend:describeDocumentClassifier", - "comprehend:describeDominantLanguageDetectionJob", - "comprehend:describeEndpoint", - "comprehend:describeEntitiesDetectionJob", - "comprehend:describeEntityRecognizer", - "comprehend:describeEventsDetectionJob", - "comprehend:describeFlywheel", - "comprehend:describeFlywheelIteration", - "comprehend:describeKeyPhrasesDetectionJob", - "comprehend:describePiiEntitiesDetectionJob", - "comprehend:describeSentimentDetectionJob", - "comprehend:describeTargetedSentimentDetectionJob", - "comprehend:describeTopicsDetectionJob", - "comprehend:listDocumentClassificationJobs", - "comprehend:listDocumentClassifiers", - "comprehend:listDominantLanguageDetectionJobs", - "comprehend:listEndpoints", - "comprehend:listEntitiesDetectionJobs", - "comprehend:listEntityRecognizers", - "comprehend:listEventsDetectionJobs", - "comprehend:listFlywheelIterationHistory", - "comprehend:listFlywheels", - "comprehend:listKeyPhrasesDetectionJobs", - "comprehend:listPiiEntitiesDetectionJobs", - "comprehend:listSentimentDetectionJobs", - "comprehend:listTargetedSentimentDetectionJobs", - "comprehend:listTopicsDetectionJobs", - "compute-optimizer:getAutoScalingGroupRecommendations", - "compute-optimizer:getEBSVolumeRecommendations", - "compute-optimizer:getEC2InstanceRecommendations", - "compute-optimizer:getEC2RecommendationProjectedMetrics", - "compute-optimizer:getECSServiceRecommendationProjectedMetrics", - "compute-optimizer:getECSServiceRecommendations", - "compute-optimizer:getEnrollmentStatus", - "compute-optimizer:getRecommendationSummaries", - "config:batchGetAggregateResourceConfig", - "config:batchGetResourceConfig", - "config:describeAggregateComplianceByConfigRules", - "config:describeAggregationAuthorizations", - "config:describeComplianceByConfigRule", - "config:describeComplianceByResource", - "config:describeConfigRuleEvaluationStatus", - "config:describeConfigRules", - "config:describeConfigurationAggregators", - "config:describeConfigurationAggregatorSourcesStatus", - "config:describeConfigurationRecorders", - "config:describeConfigurationRecorderStatus", - "config:describeConformancePackCompliance", - "config:describeConformancePacks", - "config:describeConformancePackStatus", - "config:describeDeliveryChannels", - "config:describeDeliveryChannelStatus", - "config:describeOrganizationConfigRules", - "config:describeOrganizationConfigRuleStatuses", - "config:describeOrganizationConformancePacks", - "config:describeOrganizationConformancePackStatuses", - "config:describePendingAggregationRequests", - "config:describeRemediationConfigurations", - "config:describeRemediationExceptions", - "config:describeRemediationExecutionStatus", - "config:describeRetentionConfigurations", - "config:getAggregateComplianceDetailsByConfigRule", - "config:getAggregateConfigRuleComplianceSummary", - "config:getAggregateDiscoveredResourceCounts", - "config:getAggregateResourceConfig", - "config:getComplianceDetailsByConfigRule", - "config:getComplianceDetailsByResource", - "config:getComplianceSummaryByConfigRule", - "config:getComplianceSummaryByResourceType", - "config:getConformancePackComplianceDetails", - "config:getConformancePackComplianceSummary", - "config:getDiscoveredResourceCounts", - "config:getOrganizationConfigRuleDetailedStatus", - "config:getOrganizationConformancePackDetailedStatus", - "config:getResourceConfigHistory", - "config:listAggregateDiscoveredResources", - "config:listDiscoveredResources", - "config:listTagsForResource", - "config:selectAggregateResourceConfig", - "config:selectResourceConfig", - "connect:describeContact", - "connect:describePhoneNumber", - "connect:describeQueue", - "connect:describeQuickConnect", - "connect:describeRoutingProfile", - "connect:describeUser", - "connect:describeUserHierarchyStructure", - "connect:getCurrentMetricData", - "connect:getMetricData", - "connect:getMetricDataV2", - "connect:listContactEvaluations", - "connect:listEvaluationForms", - "connect:listEvaluationFormVersions", - "connect:listPhoneNumbersV2", - "connect:listQueueQuickConnects", - "connect:listQueues", - "connect:listQuickConnects", - "connect:listRoutingProfileQueues", - "connect:listRoutingProfiles", - "connect:listSecurityProfiles", - "connect:listUsers", - "connect:listViews", - "connect:listViewVersions", - "connect:searchQueues", - "connect:searchRoutingProfiles", - "connect:searchUsers", - "controltower:describeAccountFactoryConfig", - "controltower:describeCoreService", - "controltower:describeGuardrail", - "controltower:describeGuardrailForTarget", - "controltower:describeManagedAccount", - "controltower:describeSingleSignOn", - "controltower:getAvailableUpdates", - "controltower:getHomeRegion", - "controltower:getLandingZone", - "controltower:getLandingZoneStatus", - "controltower:listDirectoryGroups", - "controltower:listEnabledControls", - "controltower:listGuardrailsForTarget", - "controltower:listGuardrailViolations", - "controltower:listLandingZones", - "controltower:listManagedAccounts", - "controltower:listManagedAccountsForGuardrail", - "controltower:listManagedAccountsForParent", - "controltower:listManagedOrganizationalUnits", - "controltower:listManagedOrganizationalUnitsForGuardrail", - "cost-optimization-hub:getPreferences", - "cost-optimization-hub:getRecommendation", - "cost-optimization-hub:listEnrollmentStatuses", - "cost-optimization-hub:listRecommendations", - "cost-optimization-hub:listRecommendationSummaries", - "databrew:describeDataset", - "databrew:describeJob", - "databrew:describeProject", - "databrew:describeRecipe", - "databrew:listDatasets", - "databrew:listJobRuns", - "databrew:listJobs", - "databrew:listProjects", - "databrew:listRecipes", - "databrew:listRecipeVersions", - "databrew:listTagsForResource", - "datapipeline:describeObjects", - "datapipeline:describePipelines", - "datapipeline:getPipelineDefinition", - "datapipeline:listPipelines", - "datapipeline:queryObjects", - "datasync:describeAgent", - "datasync:describeLocationAzureBlob", - "datasync:describeLocationEfs", - "datasync:describeLocationFsxLustre", - "datasync:describeLocationFsxOntap", - "datasync:describeLocationFsxOpenZfs", - "datasync:describeLocationFsxWindows", - "datasync:describeLocationHdfs", - "datasync:describeLocationNfs", - "datasync:describeLocationObjectStorage", - "datasync:describeLocationS3", - "datasync:describeLocationSmb", - "datasync:describeTask", - "datasync:describeTaskExecution", - "datasync:listAgents", - "datasync:listLocations", - "datasync:listTaskExecutions", - "datasync:listTasks", - "datazone:getAsset", - "datazone:getAssetType", - "datazone:getDataSource", - "datazone:getDataSourceRun", - "datazone:getDomain", - "datazone:getEnvironment", - "datazone:getEnvironmentBlueprint", - "datazone:getEnvironmentBlueprintConfiguration", - "datazone:getEnvironmentProfile", - "datazone:getFormType", - "datazone:getGlossary", - "datazone:getGlossaryTerm", - "datazone:getGroupProfile", - "datazone:getListing", - "datazone:getMetadataGenerationRun", - "datazone:getProject", - "datazone:getSubscription", - "datazone:getSubscriptionGrant", - "datazone:getSubscriptionRequestDetails", - "datazone:getSubscriptionTarget", - "datazone:getUserProfile", - "datazone:listAssetRevisions", - "datazone:listDataSourceRunActivities", - "datazone:listDataSourceRuns", - "datazone:listDataSources", - "datazone:listDomains", - "datazone:listEnvironmentBlueprintConfigurations", - "datazone:listEnvironmentBlueprints", - "datazone:listEnvironmentProfiles", - "datazone:listEnvironments", - "datazone:listMetadataGenerationRuns", - "datazone:listProjectMemberships", - "datazone:listProjects", - "datazone:listSubscriptionGrants", - "datazone:listSubscriptionRequests", - "datazone:listSubscriptions", - "datazone:listSubscriptionTargets", - "datazone:searchGroupProfiles", - "datazone:searchUserProfiles", - "dax:describeClusters", - "dax:describeDefaultParameters", - "dax:describeEvents", - "dax:describeParameterGroups", - "dax:describeParameters", - "dax:describeSubnetGroups", - "deadline:listAvailableMeteredProducts", - "deadline:listBudgets", - "deadline:listFarmMembers", - "deadline:listFarms", - "deadline:listFleetMembers", - "deadline:listFleets", - "deadline:listJobMembers", - "deadline:listJobs", - "deadline:listLicenseEndpoints", - "deadline:listMeteredProducts", - "deadline:listMonitors", - "deadline:listQueueEnvironments", - "deadline:listQueueFleetAssociations", - "deadline:listQueueMembers", - "deadline:listQueues", - "deadline:listStorageProfiles", - "deadline:listWorkers", - "detective:getMembers", - "detective:listGraphs", - "detective:listInvitations", - "detective:listMembers", - "devicefarm:getAccountSettings", - "devicefarm:getDevice", - "devicefarm:getDevicePool", - "devicefarm:getDevicePoolCompatibility", - "devicefarm:getJob", - "devicefarm:getProject", - "devicefarm:getRemoteAccessSession", - "devicefarm:getRun", - "devicefarm:getSuite", - "devicefarm:getTest", - "devicefarm:getTestGridProject", - "devicefarm:getTestGridSession", - "devicefarm:getUpload", - "devicefarm:listArtifacts", - "devicefarm:listDevicePools", - "devicefarm:listDevices", - "devicefarm:listJobs", - "devicefarm:listProjects", - "devicefarm:listRemoteAccessSessions", - "devicefarm:listRuns", - "devicefarm:listSamples", - "devicefarm:listSuites", - "devicefarm:listTestGridProjects", - "devicefarm:listTestGridSessionActions", - "devicefarm:listTestGridSessionArtifacts", - "devicefarm:listTestGridSessions", - "devicefarm:listTests", - "devicefarm:listUniqueProblems", - "devicefarm:listUploads", - "directconnect:describeConnectionLoa", - "directconnect:describeConnections", - "directconnect:describeConnectionsOnInterconnect", - "directconnect:describeCustomerMetadata", - "directconnect:describeDirectConnectGatewayAssociationProposals", - "directconnect:describeDirectConnectGatewayAssociations", - "directconnect:describeDirectConnectGatewayAttachments", - "directconnect:describeDirectConnectGateways", - "directconnect:describeHostedConnections", - "directconnect:describeInterconnectLoa", - "directconnect:describeInterconnects", - "directconnect:describeLags", - "directconnect:describeLoa", - "directconnect:describeLocations", - "directconnect:describeRouterConfiguration", - "directconnect:describeVirtualGateways", - "directconnect:describeVirtualInterfaces", - "directconnect:listVirtualInterfaceTestHistory", - "dlm:getLifecyclePolicies", - "dlm:getLifecyclePolicy", - "dms:describeAccountAttributes", - "dms:describeApplicableIndividualAssessments", - "dms:describeConnections", - "dms:describeEndpoints", - "dms:describeEndpointSettings", - "dms:describeEndpointTypes", - "dms:describeEventCategories", - "dms:describeEvents", - "dms:describeEventSubscriptions", - "dms:describeFleetAdvisorCollectors", - "dms:describeFleetAdvisorDatabases", - "dms:describeFleetAdvisorLsaAnalysis", - "dms:describeFleetAdvisorSchemaObjectSummary", - "dms:describeFleetAdvisorSchemas", - "dms:describeOrderableReplicationInstances", - "dms:describePendingMaintenanceActions", - "dms:describeRefreshSchemasStatus", - "dms:describeReplicationInstances", - "dms:describeReplicationInstanceTaskLogs", - "dms:describeReplicationSubnetGroups", - "dms:describeReplicationTaskAssessmentResults", - "dms:describeReplicationTaskAssessmentRuns", - "dms:describeReplicationTaskIndividualAssessments", - "dms:describeReplicationTasks", - "dms:describeSchemas", - "dms:describeTableStatistics", - "docdb-elastic:getCluster", - "docdb-elastic:getClusterSnapshot", - "docdb-elastic:listClusters", - "docdb-elastic:listClusterSnapshots", - "drs:describeJobLogItems", - "drs:describeJobs", - "drs:describeLaunchConfigurationTemplates", - "drs:describeRecoveryInstances", - "drs:describeRecoverySnapshots", - "drs:describeReplicationConfigurationTemplates", - "drs:describeSourceNetworks", - "drs:describeSourceServers", - "drs:getLaunchConfiguration", - "drs:getReplicationConfiguration", - "drs:listExtensibleSourceServers", - "drs:listLaunchActions", - "drs:listStagingAccounts", - "ds:describeClientAuthenticationSettings", - "ds:describeConditionalForwarders", - "ds:describeDirectories", - "ds:describeDomainControllers", - "ds:describeEventTopics", - "ds:describeHybridADUpdate", - "ds:describeLDAPSSettings", - "ds:describeSharedDirectories", - "ds:describeSnapshots", - "ds:describeTrusts", - "ds:getDirectoryLimits", - "ds:getSnapshotLimits", - "ds:listIpRoutes", - "ds:listSchemaExtensions", - "ds:listTagsForResource", - "dynamodb:describeBackup", - "dynamodb:describeContinuousBackups", - "dynamodb:describeContributorInsights", - "dynamodb:describeExport", - "dynamodb:describeGlobalTable", - "dynamodb:describeImport", - "dynamodb:describeKinesisStreamingDestination", - "dynamodb:describeLimits", - "dynamodb:describeStream", - "dynamodb:describeTable", - "dynamodb:describeTimeToLive", - "dynamodb:getResourcePolicy", - "dynamodb:listBackups", - "dynamodb:listContributorInsights", - "dynamodb:listExports", - "dynamodb:listGlobalTables", - "dynamodb:listImports", - "dynamodb:listStreams", - "dynamodb:listTables", - "dynamodb:listTagsOfResource", - "ec2:describeAccountAttributes", - "ec2:describeAddresses", - "ec2:describeAddressesAttribute", - "ec2:describeAddressTransfers", - "ec2:describeAggregateIdFormat", - "ec2:describeAvailabilityZones", - "ec2:describeBundleTasks", - "ec2:describeByoipCidrs", - "ec2:describeCapacityBlockOfferings", - "ec2:describeCapacityReservationFleets", - "ec2:describeCapacityReservations", - "ec2:describeCarrierGateways", - "ec2:describeClassicLinkInstances", - "ec2:describeClientVpnAuthorizationRules", - "ec2:describeClientVpnConnections", - "ec2:describeClientVpnEndpoints", - "ec2:describeClientVpnRoutes", - "ec2:describeClientVpnTargetNetworks", - "ec2:describeCoipPools", - "ec2:describeConversionTasks", - "ec2:describeCustomerGateways", - "ec2:describeDhcpOptions", - "ec2:describeEgressOnlyInternetGateways", - "ec2:describeExportImageTasks", - "ec2:describeExportTasks", - "ec2:describeFastLaunchImages", - "ec2:describeFastSnapshotRestores", - "ec2:describeFleetHistory", - "ec2:describeFleetInstances", - "ec2:describeFleets", - "ec2:describeFlowLogs", - "ec2:describeFpgaImageAttribute", - "ec2:describeFpgaImages", - "ec2:describeHostReservationOfferings", - "ec2:describeHostReservations", - "ec2:describeHosts", - "ec2:describeIamInstanceProfileAssociations", - "ec2:describeIdentityIdFormat", - "ec2:describeIdFormat", - "ec2:describeImageAttribute", - "ec2:describeImages", - "ec2:describeImportImageTasks", - "ec2:describeImportSnapshotTasks", - "ec2:describeInstanceAttribute", - "ec2:describeInstanceConnectEndpoints", - "ec2:describeInstanceCreditSpecifications", - "ec2:describeInstanceEventNotificationAttributes", - "ec2:describeInstanceEventWindows", - "ec2:describeInstances", - "ec2:describeInstanceStatus", - "ec2:describeInstanceTypeOfferings", - "ec2:describeInstanceTypes", - "ec2:describeInternetGateways", - "ec2:describeIpamByoasn", - "ec2:describeIpamExternalResourceVerificationTokens", - "ec2:describeIpamPools", - "ec2:describeIpamResourceDiscoveries", - "ec2:describeIpamResourceDiscoveryAssociations", - "ec2:describeIpams", - "ec2:describeIpamScopes", - "ec2:describeIpv6Pools", - "ec2:describeKeyPairs", - "ec2:describeLaunchTemplates", - "ec2:describeLaunchTemplateVersions", - "ec2:describeLocalGatewayRouteTables", - "ec2:describeLocalGatewayRouteTableVirtualInterfaceGroupAssociations", - "ec2:describeLocalGatewayRouteTableVpcAssociations", - "ec2:describeLocalGateways", - "ec2:describeLocalGatewayVirtualInterfaceGroups", - "ec2:describeLocalGatewayVirtualInterfaces", - "ec2:describeManagedPrefixLists", - "ec2:describeMovingAddresses", - "ec2:describeNatGateways", - "ec2:describeNetworkAcls", - "ec2:describeNetworkInsightsAccessScopeAnalyses", - "ec2:describeNetworkInsightsAccessScopes", - "ec2:describeNetworkInsightsAnalyses", - "ec2:describeNetworkInsightsPaths", - "ec2:describeNetworkInterfaceAttribute", - "ec2:describeNetworkInterfaces", - "ec2:describePlacementGroups", - "ec2:describePrefixLists", - "ec2:describePrincipalIdFormat", - "ec2:describePublicIpv4Pools", - "ec2:describeRegions", - "ec2:describeReplaceRootVolumeTasks", - "ec2:describeReservedInstances", - "ec2:describeReservedInstancesListings", - "ec2:describeReservedInstancesModifications", - "ec2:describeReservedInstancesOfferings", - "ec2:describeRouteServerEndpoints", - "ec2:describeRouteServerPeers", - "ec2:describeRouteServers", - "ec2:describeRouteTables", - "ec2:describeScheduledInstanceAvailability", - "ec2:describeScheduledInstances", - "ec2:describeSecurityGroupReferences", - "ec2:describeSecurityGroupRules", - "ec2:describeSecurityGroups", - "ec2:describeServiceLinkVirtualInterfaces", - "ec2:describeSnapshotAttribute", - "ec2:describeSnapshots", - "ec2:describeSnapshotTierStatus", - "ec2:describeSpotDatafeedSubscription", - "ec2:describeSpotFleetInstances", - "ec2:describeSpotFleetRequestHistory", - "ec2:describeSpotFleetRequests", - "ec2:describeSpotInstanceRequests", - "ec2:describeSpotPriceHistory", - "ec2:describeStaleSecurityGroups", - "ec2:describeStoreImageTasks", - "ec2:describeSubnets", - "ec2:describeTags", - "ec2:describeTrafficMirrorFilterRules", - "ec2:describeTrafficMirrorFilters", - "ec2:describeTrafficMirrorSessions", - "ec2:describeTrafficMirrorTargets", - "ec2:describeTransitGatewayAttachments", - "ec2:describeTransitGatewayConnectPeers", - "ec2:describeTransitGatewayMulticastDomains", - "ec2:describeTransitGatewayPeeringAttachments", - "ec2:describeTransitGatewayPolicyTables", - "ec2:describeTransitGatewayRouteTableAnnouncements", - "ec2:describeTransitGatewayRouteTables", - "ec2:describeTransitGateways", - "ec2:describeTransitGatewayVpcAttachments", - "ec2:describeVerifiedAccessEndpoints", - "ec2:describeVerifiedAccessGroups", - "ec2:describeVerifiedAccessInstanceLoggingConfigurations", - "ec2:describeVerifiedAccessInstances", - "ec2:describeVerifiedAccessTrustProviders", - "ec2:describeVolumeAttribute", - "ec2:describeVolumes", - "ec2:describeVolumesModifications", - "ec2:describeVolumeStatus", - "ec2:describeVpcAttribute", - "ec2:describeVpcBlockPublicAccessExclusions", - "ec2:describeVpcBlockPublicAccessOptions", - "ec2:describeVpcClassicLink", - "ec2:describeVpcClassicLinkDnsSupport", - "ec2:describeVpcEndpointAssociations", - "ec2:describeVpcEndpointConnectionNotifications", - "ec2:describeVpcEndpointConnections", - "ec2:describeVpcEndpoints", - "ec2:describeVpcEndpointServiceConfigurations", - "ec2:describeVpcEndpointServicePermissions", - "ec2:describeVpcEndpointServices", - "ec2:describeVpcPeeringConnections", - "ec2:describeVpcs", - "ec2:describeVpnConnections", - "ec2:describeVpnGateways", - "ec2:getAssociatedEnclaveCertificateIamRoles", - "ec2:getAssociatedIpv6PoolCidrs", - "ec2:getCapacityReservationUsage", - "ec2:getCoipPoolUsage", - "ec2:getConsoleOutput", - "ec2:getConsoleScreenshot", - "ec2:getDefaultCreditSpecification", - "ec2:getEbsDefaultKmsKeyId", - "ec2:getEbsEncryptionByDefault", - "ec2:getGroupsForCapacityReservation", - "ec2:getHostReservationPurchasePreview", - "ec2:getImageBlockPublicAccessState", - "ec2:getInstanceTypesFromInstanceRequirements", - "ec2:getIpamAddressHistory", - "ec2:getIpamDiscoveredAccounts", - "ec2:getIpamDiscoveredPublicAddresses", - "ec2:getIpamDiscoveredResourceCidrs", - "ec2:getIpamPoolAllocations", - "ec2:getIpamPoolCidrs", - "ec2:getIpamResourceCidrs", - "ec2:getLaunchTemplateData", - "ec2:getManagedPrefixListAssociations", - "ec2:getManagedPrefixListEntries", - "ec2:getNetworkInsightsAccessScopeContent", - "ec2:getReservedInstancesExchangeQuote", - "ec2:getRouteServerAssociations", - "ec2:getRouteServerPropagations", - "ec2:getRouteServerRoutingDatabase", - "ec2:getSerialConsoleAccessStatus", - "ec2:getSpotPlacementScores", - "ec2:getSubnetCidrReservations", - "ec2:getTransitGatewayMulticastDomainAssociations", - "ec2:getTransitGatewayPrefixListReferences", - "ec2:getVerifiedAccessEndpointPolicy", - "ec2:getVerifiedAccessGroupPolicy", - "ec2:listImagesInRecycleBin", - "ec2:listSnapshotsInRecycleBin", - "ec2:searchLocalGatewayRoutes", - "ec2:searchTransitGatewayMulticastGroups", - "ec2:searchTransitGatewayRoutes", - "ecr-public:describeImages", - "ecr-public:describeImageTags", - "ecr-public:describeRegistries", - "ecr-public:describeRepositories", - "ecr-public:getRegistryCatalogData", - "ecr-public:getRepositoryCatalogData", - "ecr-public:getRepositoryPolicy", - "ecr-public:listTagsForResource", - "ecr:batchCheckLayerAvailability", - "ecr:batchGetRepositoryScanningConfiguration", - "ecr:describeImageReplicationStatus", - "ecr:describeImages", - "ecr:describeImageScanFindings", - "ecr:describePullThroughCacheRules", - "ecr:describeRegistry", - "ecr:describeRepositories", - "ecr:getLifecyclePolicy", - "ecr:getLifecyclePolicyPreview", - "ecr:getRegistryPolicy", - "ecr:getRegistryScanningConfiguration", - "ecr:getRepositoryPolicy", - "ecr:listImages", - "ecr:listTagsForResource", - "ecs:describeCapacityProviders", - "ecs:describeClusters", - "ecs:describeContainerInstances", - "ecs:describeServiceDeployments", - "ecs:describeServiceRevisions", - "ecs:describeServices", - "ecs:describeTaskDefinition", - "ecs:describeTasks", - "ecs:describeTaskSets", - "ecs:getTaskProtection", - "ecs:listAccountSettings", - "ecs:listAttributes", - "ecs:listClusters", - "ecs:listContainerInstances", - "ecs:listServiceDeployments", - "ecs:listServices", - "ecs:listServicesByNamespace", - "ecs:listTagsForResource", - "ecs:listTaskDefinitionFamilies", - "ecs:listTaskDefinitions", - "ecs:listTasks" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Sid": "AWSSupportActionsGroup2", - "Action": [ - "eks:describeAccessEntry", - "eks:describeAddon", - "eks:describeAddonConfiguration", - "eks:describeAddonVersions", - "eks:describeCluster", - "eks:describeEksAnywhereSubscription", - "eks:describeFargateProfile", - "eks:describeIdentityProviderConfig", - "eks:describeInsight", - "eks:describeNodegroup", - "eks:describePodIdentityAssociation", - "eks:describeUpdate", - "eks:listAccessEntries", - "eks:listAccessPolicies", - "eks:listAddons", - "eks:listAssociatedAccessPolicies", - "eks:listClusters", - "eks:listEksAnywhereSubscriptions", - "eks:listFargateProfiles", - "eks:listIdentityProviderConfigs", - "eks:listInsights", - "eks:listNodegroups", - "eks:listPodIdentityAssociations", - "eks:listUpdates", - "elasticache:describeCacheClusters", - "elasticache:describeCacheEngineVersions", - "elasticache:describeCacheParameterGroups", - "elasticache:describeCacheParameters", - "elasticache:describeCacheSecurityGroups", - "elasticache:describeCacheSubnetGroups", - "elasticache:describeEngineDefaultParameters", - "elasticache:describeEvents", - "elasticache:describeGlobalReplicationGroups", - "elasticache:describeReplicationGroups", - "elasticache:describeReservedCacheNodes", - "elasticache:describeReservedCacheNodesOfferings", - "elasticache:describeServerlessCaches", - "elasticache:describeServerlessCacheSnapshots", - "elasticache:describeServiceUpdates", - "elasticache:describeSnapshots", - "elasticache:describeUpdateActions", - "elasticache:describeUserGroups", - "elasticache:describeUsers", - "elasticache:listAllowedNodeTypeModifications", - "elasticache:listTagsForResource", - "elasticbeanstalk:checkDNSAvailability", - "elasticbeanstalk:describeAccountAttributes", - "elasticbeanstalk:describeApplications", - "elasticbeanstalk:describeApplicationVersions", - "elasticbeanstalk:describeConfigurationOptions", - "elasticbeanstalk:describeEnvironmentHealth", - "elasticbeanstalk:describeEnvironmentManagedActionHistory", - "elasticbeanstalk:describeEnvironmentManagedActions", - "elasticbeanstalk:describeEnvironmentResources", - "elasticbeanstalk:describeEnvironments", - "elasticbeanstalk:describeEvents", - "elasticbeanstalk:describeInstancesHealth", - "elasticbeanstalk:describePlatformVersion", - "elasticbeanstalk:listAvailableSolutionStacks", - "elasticbeanstalk:listPlatformBranches", - "elasticbeanstalk:listPlatformVersions", - "elasticbeanstalk:validateConfigurationSettings", - "elasticfilesystem:describeAccessPoints", - "elasticfilesystem:describeBackupPolicy", - "elasticfilesystem:describeFileSystemPolicy", - "elasticfilesystem:describeFileSystems", - "elasticfilesystem:describeLifecycleConfiguration", - "elasticfilesystem:describeMountTargets", - "elasticfilesystem:describeMountTargetSecurityGroups", - "elasticfilesystem:describeReplicationConfigurations", - "elasticfilesystem:describeTags", - "elasticfilesystem:listTagsForResource", - "elasticloadbalancing:describeAccountLimits", - "elasticloadbalancing:describeInstanceHealth", - "elasticloadbalancing:describeListenerCertificates", - "elasticloadbalancing:describeListeners", - "elasticloadbalancing:describeLoadBalancerAttributes", - "elasticloadbalancing:describeLoadBalancerPolicies", - "elasticloadbalancing:describeLoadBalancerPolicyTypes", - "elasticloadbalancing:describeLoadBalancers", - "elasticloadbalancing:describeRules", - "elasticloadbalancing:describeSSLPolicies", - "elasticloadbalancing:describeTags", - "elasticloadbalancing:describeTargetGroupAttributes", - "elasticloadbalancing:describeTargetGroups", - "elasticloadbalancing:describeTargetHealth", - "elasticloadbalancing:describeTrustStoreAssociations", - "elasticloadbalancing:describeTrustStoreRevocations", - "elasticloadbalancing:describeTrustStores", - "elasticmapreduce:describeCluster", - "elasticmapreduce:describeNotebookExecution", - "elasticmapreduce:describeReleaseLabel", - "elasticmapreduce:describeSecurityConfiguration", - "elasticmapreduce:describeStep", - "elasticmapreduce:describeStudio", - "elasticmapreduce:getAutoTerminationPolicy", - "elasticmapreduce:getBlockPublicAccessConfiguration", - "elasticmapreduce:getManagedScalingPolicy", - "elasticmapreduce:getStudioSessionMapping", - "elasticmapreduce:listBootstrapActions", - "elasticmapreduce:listClusters", - "elasticmapreduce:listInstanceFleets", - "elasticmapreduce:listInstanceGroups", - "elasticmapreduce:listInstances", - "elasticmapreduce:listNotebookExecutions", - "elasticmapreduce:listReleaseLabels", - "elasticmapreduce:listSecurityConfigurations", - "elasticmapreduce:listSteps", - "elasticmapreduce:listStudios", - "elasticmapreduce:listStudioSessionMappings", - "elastictranscoder:listJobsByPipeline", - "elastictranscoder:listJobsByStatus", - "elastictranscoder:listPipelines", - "elastictranscoder:listPresets", - "elastictranscoder:readPipeline", - "elastictranscoder:readPreset", - "emr-containers:describeJobRun", - "emr-containers:describeJobTemplate", - "emr-containers:describeManagedEndpoint", - "emr-containers:describeVirtualCluster", - "emr-containers:listJobRuns", - "emr-containers:listJobTemplates", - "emr-containers:listManagedEndpoints", - "emr-containers:listVirtualClusters", - "emr-serverless:getApplication", - "emr-serverless:getJobRun", - "emr-serverless:listApplications", - "es:describeDomain", - "es:describeDomainAutoTunes", - "es:describeDomainChangeProgress", - "es:describeDomainConfig", - "es:describeDomainHealth", - "es:describeDomainNodes", - "es:describeDomains", - "es:describeDryRunProgress", - "es:describeElasticsearchDomain", - "es:describeElasticsearchDomainConfig", - "es:describeElasticsearchDomains", - "es:getDomainMaintenanceStatus", - "es:describeInboundConnections", - "es:describeInstanceTypeLimits", - "es:describeOutboundConnections", - "es:describePackages", - "es:describeReservedInstanceOfferings", - "es:describeReservedInstances", - "es:describeVpcEndpoints", - "es:getCompatibleVersions", - "es:getPackageVersionHistory", - "es:getUpgradeHistory", - "es:getUpgradeStatus", - "es:listDomainMaintenances", - "es:listDomainNames", - "es:listDomainsForPackage", - "es:listInstanceTypeDetails", - "es:listPackagesForDomain", - "es:listScheduledActions", - "es:listTags", - "es:listVersions", - "es:listVpcEndpointAccess", - "es:listVpcEndpoints", - "es:listVpcEndpointsForDomain", - "events:describeApiDestination", - "events:describeArchive", - "events:describeConnection", - "events:describeEndpoint", - "events:describeEventBus", - "events:describeEventSource", - "events:describePartnerEventSource", - "events:describeReplay", - "events:describeRule", - "events:listApiDestinations", - "events:listArchives", - "events:listConnections", - "events:listEndpoints", - "events:listEventBuses", - "events:listEventSources", - "events:listPartnerEventSourceAccounts", - "events:listPartnerEventSources", - "events:listReplays", - "events:listRuleNamesByTarget", - "events:listRules", - "events:listTargetsByRule", - "events:testEventPattern", - "evidently:getExperiment", - "evidently:getFeature", - "evidently:getLaunch", - "evidently:getProject", - "evidently:getSegment", - "evidently:listExperiments", - "evidently:listFeatures", - "evidently:listLaunches", - "evidently:listProjects", - "evidently:listSegmentReferences", - "evidently:listSegments", - "firehose:describeDeliveryStream", - "firehose:listDeliveryStreams", - "fis:getAction", - "fis:getExperiment", - "fis:getExperimentTargetAccountConfiguration", - "fis:getExperimentTemplate", - "fis:getSafetyLever", - "fis:getTargetAccountConfiguration", - "fis:listActions", - "fis:listExperimentResolvedTargets", - "fis:listExperimentTargetAccountConfigurations", - "fis:listExperiments", - "fis:listExperimentTemplates", - "fis:listTargetAccountConfigurations", - "fms:getAdminAccount", - "fms:getAdminScope", - "fms:getAppsList", - "fms:getComplianceDetail", - "fms:getNotificationChannel", - "fms:getProtocolsList", - "fms:getPolicy", - "fms:getProtectionStatus", - "fms:getResourceSet", - "fms:getThirdPartyFirewallAssociationStatus", - "fms:getViolationDetails", - "fms:listAdminAccountsForOrganization", - "fms:listAdminsManagingAccount", - "fms:listAppsLists", - "fms:listComplianceStatus", - "fms:listDiscoveredResources", - "fms:listMemberAccounts", - "fms:listProtocolsLists", - "fms:listPolicies", - "fms:listResourceSetResources", - "fms:listResourceSets", - "fms:listThirdPartyFirewallFirewallPolicies", - "forecast:describeDataset", - "forecast:describeDatasetGroup", - "forecast:describeDatasetImportJob", - "forecast:describeForecast", - "forecast:describeForecastExportJob", - "forecast:describePredictor", - "forecast:getAccuracyMetrics", - "forecast:listDatasetGroups", - "forecast:listDatasetImportJobs", - "forecast:listDatasets", - "forecast:listForecastExportJobs", - "forecast:listForecasts", - "forecast:listPredictors", - "freetier:getFreeTierUsage", - "fsx:describeBackups", - "fsx:describeDataRepositoryAssociations", - "fsx:describeDataRepositoryTasks", - "fsx:describeFileCaches", - "fsx:describeFileSystems", - "fsx:describeS3AccessPointAttachments", - "fsx:describeSnapshots", - "fsx:describeStorageVirtualMachines", - "fsx:describeVolumes", - "fsx:listTagsForResource", - "gamelift:describeAlias", - "gamelift:describeBuild", - "gamelift:describeEC2InstanceLimits", - "gamelift:describeFleetAttributes", - "gamelift:describeFleetCapacity", - "gamelift:describeFleetEvents", - "gamelift:describeFleetLocationAttributes", - "gamelift:describeFleetLocationCapacity", - "gamelift:describeFleetLocationUtilization", - "gamelift:describeFleetPortSettings", - "gamelift:describeFleetUtilization", - "gamelift:describeGameServer", - "gamelift:describeGameServerGroup", - "gamelift:describeGameSessionDetails", - "gamelift:describeGameSessionPlacement", - "gamelift:describeGameSessionQueues", - "gamelift:describeGameSessions", - "gamelift:describeInstances", - "gamelift:describeMatchmaking", - "gamelift:describeMatchmakingConfigurations", - "gamelift:describeMatchmakingRuleSets", - "gamelift:describePlayerSessions", - "gamelift:describeRuntimeConfiguration", - "gamelift:describeScalingPolicies", - "gamelift:describeScript", - "gamelift:listAliases", - "gamelift:listBuilds", - "gamelift:listFleets", - "gamelift:listGameServerGroups", - "gamelift:listGameServers", - "gamelift:listScripts", - "gamelift:resolveAlias", - "glacier:describeJob", - "glacier:describeVault", - "glacier:getDataRetrievalPolicy", - "glacier:getVaultAccessPolicy", - "glacier:getVaultLock", - "glacier:getVaultNotifications", - "glacier:listJobs", - "glacier:listTagsForVault", - "glacier:listVaults", - "globalaccelerator:describeAccelerator", - "globalaccelerator:describeAcceleratorAttributes", - "globalaccelerator:describeCrossAccountAttachment", - "globalaccelerator:describeCustomRoutingAccelerator", - "globalaccelerator:describeCustomRoutingAcceleratorAttributes", - "globalaccelerator:describeCustomRoutingEndpointGroup", - "globalaccelerator:describeCustomRoutingListener", - "globalaccelerator:describeEndpointGroup", - "globalaccelerator:describeListener", - "globalaccelerator:listAccelerators", - "globalaccelerator:listByoipCidrs", - "globalaccelerator:listCrossAccountAttachments", - "globalaccelerator:listCrossAccountResourceAccounts", - "globalaccelerator:listCrossAccountResources", - "globalaccelerator:listCustomRoutingAccelerators", - "globalaccelerator:listCustomRoutingEndpointGroups", - "globalaccelerator:listCustomRoutingListeners", - "globalaccelerator:listCustomRoutingPortMappings", - "globalaccelerator:listCustomRoutingPortMappingsByDestination", - "globalaccelerator:listEndpointGroups", - "globalaccelerator:listListeners", - "glue:batchGetBlueprints", - "glue:batchGetCrawlers", - "glue:batchGetDevEndpoints", - "glue:batchGetJobs", - "glue:batchGetPartition", - "glue:batchGetTriggers", - "glue:batchGetWorkflows", - "glue:checkSchemaVersionValidity", - "glue:batchGetTableOptimizer", - "glue:getBlueprint", - "glue:getBlueprintRun", - "glue:getBlueprintRuns", - "glue:getCatalogImportStatus", - "glue:getClassifier", - "glue:getClassifiers", - "glue:getColumnStatisticsForPartition", - "glue:getColumnStatisticsForTable", - "glue:getColumnStatisticsTaskRun", - "glue:getColumnStatisticsTaskRuns", - "glue:getCrawler", - "glue:getCrawlerMetrics", - "glue:getCrawlers", - "glue:getCustomEntityType", - "glue:getDatabase", - "glue:getDatabases", - "glue:getDataCatalogEncryptionSettings", - "glue:getDataflowGraph", - "glue:getDataQualityResult", - "glue:getDataQualityRuleRecommendationRun", - "glue:getDataQualityRuleset", - "glue:getDataQualityRulesetEvaluationRun", - "glue:getDevEndpoint", - "glue:getDevEndpoints", - "glue:getJob", - "glue:getJobBookmark", - "glue:getJobRun", - "glue:getJobRuns", - "glue:getJobs", - "glue:getMapping", - "glue:getMLTaskRun", - "glue:getMLTaskRuns", - "glue:getMLTransform", - "glue:getMLTransforms", - "glue:getPartition", - "glue:getPartitionIndexes", - "glue:getPartitions", - "glue:getRegistry", - "glue:getResourcePolicies", - "glue:getResourcePolicy", - "glue:getSchema", - "glue:getSchemaByDefinition", - "glue:getSchemaVersion", - "glue:getSchemaVersionsDiff", - "glue:getSecurityConfiguration", - "glue:getSecurityConfigurations", - "glue:getSession", - "glue:getStatement", - "glue:getTable", - "glue:getTableOptimizer", - "glue:getTables", - "glue:getTableVersions", - "glue:getTrigger", - "glue:getTriggers", - "glue:getUserDefinedFunction", - "glue:getUserDefinedFunctions", - "glue:getWorkflow", - "glue:getWorkflowRun", - "glue:getWorkflowRuns", - "glue:listColumnStatisticsTaskRuns", - "glue:listCrawlers", - "glue:listCrawls", - "glue:listDataQualityResults", - "glue:listDataQualityRuleRecommendationRuns", - "glue:listDataQualityRulesetEvaluationRuns", - "glue:listDataQualityRulesets", - "glue:listDevEndpoints", - "glue:listMLTransforms", - "glue:listRegistries", - "glue:listSchemas", - "glue:listSchemaVersions", - "glue:listSessions", - "glue:listStatements", - "glue:listTableOptimizerRuns", - "glue:listTriggers", - "glue:querySchemaVersionMetadata", - "glue:getTableVersion", - "grafana:describeWorkspace", - "grafana:describeWorkspaceAuthentication", - "grafana:listPermissions", - "grafana:listVersions", - "grafana:listWorkspaces", - "greengrass:getConnectivityInfo", - "greengrass:getCoreDefinition", - "greengrass:getCoreDefinitionVersion", - "greengrass:getDeploymentStatus", - "greengrass:getDeviceDefinition", - "greengrass:getDeviceDefinitionVersion", - "greengrass:getFunctionDefinition", - "greengrass:getFunctionDefinitionVersion", - "greengrass:getGroup", - "greengrass:getGroupCertificateAuthority", - "greengrass:getGroupVersion", - "greengrass:getLoggerDefinition", - "greengrass:getLoggerDefinitionVersion", - "greengrass:getResourceDefinitionVersion", - "greengrass:getServiceRoleForAccount", - "greengrass:getSubscriptionDefinition", - "greengrass:getSubscriptionDefinitionVersion", - "greengrass:listCoreDefinitions", - "greengrass:listCoreDefinitionVersions", - "greengrass:listDeployments", - "greengrass:listDeviceDefinitions", - "greengrass:listDeviceDefinitionVersions", - "greengrass:listFunctionDefinitions", - "greengrass:listFunctionDefinitionVersions", - "greengrass:listGroups", - "greengrass:listGroupVersions", - "greengrass:listLoggerDefinitions", - "greengrass:listLoggerDefinitionVersions", - "greengrass:listResourceDefinitions", - "greengrass:listResourceDefinitionVersions", - "greengrass:listSubscriptionDefinitions", - "greengrass:listSubscriptionDefinitionVersions", - "guardduty:describeMalwareScans", - "guardduty:describePublishingDestination", - "guardduty:getCoverageStatistics", - "guardduty:getDetector", - "guardduty:getFindings", - "guardduty:getFindingsStatistics", - "guardduty:getInvitationsCount", - "guardduty:getIPSet", - "guardduty:getMalwareScanSettings", - "guardduty:getMasterAccount", - "guardduty:getMemberDetectors", - "guardduty:getMembers", - "guardduty:getOrganizationStatistics", - "guardduty:getRemainingFreeTrialDays", - "guardduty:getThreatIntelSet", - "guardduty:listCoverage", - "guardduty:listDetectors", - "guardduty:listFindings", - "guardduty:listInvitations", - "guardduty:listIPSets", - "guardduty:listMembers", - "guardduty:listThreatIntelSets", - "health:describeAffectedAccountsForOrganization", - "health:describeAffectedEntities", - "health:describeAffectedEntitiesForOrganization", - "health:describeEntityAggregates", - "health:describeEntityAggregatesForOrganization", - "health:describeEventAggregates", - "health:describeEventDetails", - "health:describeEventDetailsForOrganization", - "health:describeEvents", - "health:describeEventsForOrganization", - "health:describeEventTypes", - "health:describeHealthServiceStatusForOrganization", - "iam:getAccessKeyLastUsed", - "iam:getAccountAuthorizationDetails", - "iam:getAccountPasswordPolicy", - "iam:getAccountSummary", - "iam:getContextKeysForCustomPolicy", - "iam:getContextKeysForPrincipalPolicy", - "iam:getCredentialReport", - "iam:getGroup", - "iam:getGroupPolicy", - "iam:getInstanceProfile", - "iam:getLoginProfile", - "iam:getMFADevice", - "iam:getOpenIDConnectProvider", - "iam:getPolicy", - "iam:getPolicyVersion", - "iam:getRole", - "iam:getRolePolicy", - "iam:getSAMLProvider", - "iam:getServerCertificate", - "iam:getServiceLinkedRoleDeletionStatus", - "iam:getSSHPublicKey", - "iam:getUser", - "iam:getUserPolicy", - "iam:listAccessKeys", - "iam:listAccountAliases", - "iam:listAttachedGroupPolicies", - "iam:listAttachedRolePolicies", - "iam:listAttachedUserPolicies", - "iam:listEntitiesForPolicy", - "iam:listGroupPolicies", - "iam:listGroups", - "iam:listGroupsForUser", - "iam:listInstanceProfiles", - "iam:listInstanceProfilesForRole", - "iam:listMFADevices", - "iam:listOpenIDConnectProviders", - "iam:listPolicies", - "iam:listPolicyVersions", - "iam:listRolePolicies", - "iam:listRoles", - "iam:listSAMLProviders", - "iam:listServerCertificates", - "iam:listServiceSpecificCredentials", - "iam:listSigningCertificates", - "iam:listSSHPublicKeys", - "iam:listUserPolicies", - "iam:listUsers", - "iam:listVirtualMFADevices", - "iam:simulateCustomPolicy", - "iam:simulatePrincipalPolicy", - "identitystore:describeGroup", - "identitystore:describeGroupMembership", - "identitystore:getGroupId", - "identitystore:getGroupMembershipId", - "identitystore:getUserId", - "identitystore:isMemberInGroups", - "identitystore:listGroupMemberships", - "identitystore:listGroupMembershipsForMember", - "identitystore:listGroups", - "imagebuilder:getComponent", - "imagebuilder:getComponentPolicy", - "imagebuilder:getContainerRecipe", - "imagebuilder:getContainerRecipePolicy", - "imagebuilder:getDistributionConfiguration", - "imagebuilder:getImage", - "imagebuilder:getImagePipeline", - "imagebuilder:getImagePolicy", - "imagebuilder:getImageRecipe", - "imagebuilder:getImageRecipePolicy", - "imagebuilder:getInfrastructureConfiguration", - "imagebuilder:getLifecycleExecution", - "imagebuilder:getLifecyclePolicy", - "imagebuilder:getWorkflow", - "imagebuilder:getWorkflowExecution", - "imagebuilder:getWorkflowStepExecution", - "imagebuilder:listComponentBuildVersions", - "imagebuilder:listComponents", - "imagebuilder:listContainerRecipes", - "imagebuilder:listDistributionConfigurations", - "imagebuilder:listImageBuildVersions", - "imagebuilder:listImagePipelineImages", - "imagebuilder:listImagePipelines", - "imagebuilder:listImageRecipes", - "imagebuilder:listImages", - "imagebuilder:listImageScanFindingAggregations", - "imagebuilder:listInfrastructureConfigurations", - "imagebuilder:listLifecycleExecutionResources", - "imagebuilder:listLifecycleExecutions", - "imagebuilder:listLifecyclePolicies", - "imagebuilder:listTagsForResource", - "imagebuilder:listWorkflowBuildVersions", - "imagebuilder:listWorkflowExecutions", - "imagebuilder:listWorkflows", - "imagebuilder:listWaitingWorkflowSteps", - "imagebuilder:listWorkflowStepExecutions", - "inspector-scan:scanSbom", - "inspector:describeAssessmentRuns", - "inspector:describeAssessmentTargets", - "inspector:describeAssessmentTemplates", - "inspector:describeCrossAccountAccessRole", - "inspector:describeResourceGroups", - "inspector:describeRulesPackages", - "inspector:getTelemetryMetadata", - "inspector:listAssessmentRunAgents", - "inspector:listAssessmentRuns", - "inspector:listAssessmentTargets", - "inspector:listAssessmentTemplates", - "inspector:listEventSubscriptions", - "inspector:listRulesPackages", - "inspector:listTagsForResource", - "inspector2:batchGetAccountStatus", - "inspector2:batchGetFreeTrialInfo", - "inspector2:describeOrganizationConfiguration", - "inspector2:getConfiguration", - "inspector2:getDelegatedAdminAccount", - "inspector2:getEc2DeepInspectionConfiguration", - "inspector2:getMember", - "inspector2:getSbomExport", - "inspector2:listCisScanConfigurations", - "inspector2:listCisScanResultsAggregatedByChecks", - "inspector2:listCisScanResultsAggregatedByTargetResource", - "inspector2:listCisScans", - "inspector2:listCoverage", - "inspector2:listDelegatedAdminAccounts", - "inspector2:listFilters", - "inspector2:listFindings", - "inspector2:listMembers", - "inspector2:listUsageTotals", - "internetmonitor:getHealthEvent", - "internetmonitor:getMonitor", - "internetmonitor:listHealthEvents", - "internetmonitor:listMonitors", - "invoicing:listInvoiceSummaries", - "iot:describeAuthorizer", - "iot:describeCACertificate", - "iot:describeCertificate", - "iot:describeDefaultAuthorizer", - "iot:describeDomainConfiguration", - "iot:describeEndpoint", - "iot:describeIndex", - "iot:describeJobExecution", - "iot:describeThing", - "iot:describeThingGroup", - "iot:describeTunnel", - "iot:getEffectivePolicies", - "iot:getIndexingConfiguration", - "iot:getLoggingOptions", - "iot:getPolicy", - "iot:getPolicyVersion", - "iot:getTopicRule", - "iot:getV2LoggingOptions", - "iot:listAttachedPolicies", - "iot:listAuthorizers", - "iot:listCACertificates", - "iot:listCertificates", - "iot:listCertificatesByCA", - "iot:listCommandExecutions", - "iot:listCommands", - "iot:listDomainConfigurations", - "iot:listJobExecutionsForJob", - "iot:listJobExecutionsForThing", - "iot:listJobs", - "iot:listNamedShadowsForThing", - "iot:listOutgoingCertificates", - "iot:listPackages", - "iot:listPackageVersions", - "iot:listPolicies", - "iot:listPolicyPrincipals", - "iot:listPolicyVersions", - "iot:listPrincipalPolicies", - "iot:listPrincipalThings", - "iot:listRoleAliases", - "iot:listTargetsForPolicy", - "iot:listThingGroups", - "iot:listThingGroupsForThing", - "iot:listThingPrincipals", - "iot:listThingRegistrationTasks", - "iot:listThings", - "iot:listThingsInThingGroup", - "iot:listThingTypes", - "iot:listTopicRules", - "iot:listTunnels", - "iot:listV2LoggingLevels", - "iotevents:describeDetector", - "iotevents:describeDetectorModel", - "iotevents:describeInput", - "iotevents:describeLoggingOptions", - "iotevents:listDetectorModels", - "iotevents:listDetectorModelVersions", - "iotevents:listDetectors", - "iotevents:listInputs", - "iotfleetwise:getCampaign", - "iotfleetwise:getDecoderManifest", - "iotfleetwise:getEncryptionConfiguration", - "iotfleetwise:getFleet", - "iotfleetwise:getLoggingOptions", - "iotfleetwise:getModelManifest", - "iotfleetwise:getRegisterAccountStatus", - "iotfleetwise:getSignalCatalog", - "iotfleetwise:getStateTemplate", - "iotfleetwise:getVehicle", - "iotfleetwise:getVehicleStatus", - "iotfleetwise:listCampaigns", - "iotfleetwise:listDecoderManifestNetworkInterfaces", - "iotfleetwise:listDecoderManifests", - "iotfleetwise:listDecoderManifestSignals", - "iotfleetwise:listFleets", - "iotfleetwise:listFleetsForVehicle", - "iotfleetwise:listModelManifestNodes", - "iotfleetwise:listModelManifests", - "iotfleetwise:listSignalCatalogNodes", - "iotfleetwise:listSignalCatalogs", - "iotfleetwise:listStateTemplates", - "iotfleetwise:listVehicles", - "iotfleetwise:listVehiclesInFleet", - "iotsitewise:describeAccessPolicy", - "iotsitewise:describeAsset", - "iotsitewise:describeAssetModel", - "iotsitewise:describeAssetProperty", - "iotsitewise:describeDashboard", - "iotsitewise:describeGateway", - "iotsitewise:describeGatewayCapabilityConfiguration", - "iotsitewise:describeLoggingOptions", - "iotsitewise:describePortal", - "iotsitewise:describeProject", - "iotsitewise:listAccessPolicies", - "iotsitewise:listAssetModels", - "iotsitewise:listAssets", - "iotsitewise:listAssociatedAssets", - "iotsitewise:listDashboards", - "iotsitewise:listGateways", - "iotsitewise:listPortals", - "iotsitewise:listProjectAssets", - "iotsitewise:listProjects", - "iottwinmaker:getComponentType", - "iottwinmaker:getEntity", - "iottwinmaker:getPricingPlan", - "iottwinmaker:getScene", - "iottwinmaker:getSyncJob", - "iottwinmaker:getWorkspace", - "iottwinmaker:listComponentTypes", - "iottwinmaker:listEntities", - "iottwinmaker:listScenes", - "iottwinmaker:listSyncJobs", - "iottwinmaker:listSyncResources", - "iottwinmaker:listWorkspaces", - "iotwireless:getDestination", - "iotwireless:getDeviceProfile", - "iotwireless:getPartnerAccount", - "iotwireless:getServiceEndpoint", - "iotwireless:getServiceProfile", - "iotwireless:getWirelessDevice", - "iotwireless:getWirelessDeviceStatistics", - "iotwireless:getWirelessGateway", - "iotwireless:getWirelessGatewayCertificate", - "iotwireless:getWirelessGatewayFirmwareInformation", - "iotwireless:getWirelessGatewayStatistics", - "iotwireless:getWirelessGatewayTask", - "iotwireless:getWirelessGatewayTaskDefinition", - "iotwireless:listDestinations", - "iotwireless:listDeviceProfiles", - "iotwireless:listPartnerAccounts", - "iotwireless:listServiceProfiles", - "iotwireless:listTagsForResource", - "iotwireless:listWirelessDevices", - "iotwireless:listWirelessGateways", - "iotwireless:listWirelessGatewayTaskDefinitions", - "ivs:getChannel", - "ivs:getRecordingConfiguration", - "ivs:getStream", - "ivs:getStreamSession", - "ivs:listChannels", - "ivs:listPlaybackKeyPairs", - "ivs:listRecordingConfigurations", - "ivs:listStreamKeys", - "ivs:listStreams", - "ivs:listStreamSessions", - "kafka:describeCluster", - "kafka:describeClusterOperation", - "kafka:describeClusterOperationV2", - "kafka:describeClusterV2", - "kafka:describeConfiguration", - "kafka:describeConfigurationRevision", - "kafka:describeReplicator", - "kafka:describeVpcConnection", - "kafka:getBootstrapBrokers", - "kafka:getClusterPolicy", - "kafka:listClientVpcConnections", - "kafka:listClusterOperations", - "kafka:listClusterOperationsV2", - "kafka:listClusters", - "kafka:listClustersV2", - "kafka:listConfigurationRevisions", - "kafka:listConfigurations", - "kafka:listNodes", - "kafka:listReplicators", - "kafka:listScramSecrets", - "kafka:listVpcConnections", - "kafkaconnect:describeConnector", - "kafkaconnect:describeCustomPlugin", - "kafkaconnect:describeWorkerConfiguration", - "kafkaconnect:listConnectors", - "kafkaconnect:listCustomPlugins", - "kafkaconnect:listWorkerConfigurations", - "kendra:describeDataSource", - "kendra:describeFaq", - "kendra:describeIndex", - "kendra:listDataSources", - "kendra:listFaqs", - "kendra:listIndices", - "kinesis:describeStream", - "kinesis:describeStreamConsumer", - "kinesis:describeStreamSummary", - "kinesis:listShards", - "kinesis:listStreamConsumers", - "kinesis:listStreams", - "kinesis:listTagsForStream", - "kinesisanalytics:describeApplication", - "kinesisanalytics:describeApplicationOperation", - "kinesisanalytics:describeApplicationSnapshot", - "kinesisanalytics:listApplicationOperations", - "kinesisanalytics:listApplications", - "kinesisanalytics:listApplicationSnapshots", - "kinesisanalytics:listApplicationVersions", - "kinesisvideo:describeImageGenerationConfiguration", - "kinesisvideo:describeNotificationConfiguration", - "kinesisvideo:describeSignalingChannel", - "kinesisvideo:describeStream", - "kinesisvideo:getDataEndpoint", - "kinesisvideo:getIceServerConfig", - "kinesisvideo:getSignalingChannelEndpoint", - "kinesisvideo:listSignalingChannels", - "kinesisvideo:listStreams", - "kms:describeKey", - "kms:getKeyPolicy", - "kms:getKeyRotationStatus", - "kms:listAliases", - "kms:listGrants", - "kms:listKeyPolicies", - "kms:listKeys", - "kms:listResourceTags", - "kms:listRetirableGrants", - "lakeformation:describeLakeFormationIdentityCenterConfiguration", - "lakeformation:describeResource", - "lakeformation:describeTransaction", - "lakeformation:getDataLakePrincipal", - "lakeformation:getDataLakeSettings", - "lakeformation:getEffectivePermissionsForPath", - "lakeformation:getLFTag", - "lakeformation:getLFTagExpression", - "lakeformation:getQueryState", - "lakeformation:getQueryStatistics", - "lakeformation:getResourceLFTags", - "lakeformation:listLFTagExpressions", - "lakeformation:listLFTags", - "lakeformation:listLakeFormationOptIns", - "lakeformation:listPermissions", - "lakeformation:listResources", - "lakeformation:searchDatabasesByLFTags", - "lakeformation:searchTablesByLFTags", - "lambda:getAccountSettings", - "lambda:getAlias", - "lambda:getCodeSigningConfig", - "lambda:getEventSourceMapping", - "lambda:getFunction", - "lambda:getFunctionCodeSigningConfig", - "lambda:getFunctionConcurrency", - "lambda:getFunctionConfiguration", - "lambda:getFunctionEventInvokeConfig", - "lambda:getFunctionRecursionConfig", - "lambda:getFunctionUrlConfig", - "lambda:getLayerVersion", - "lambda:getLayerVersionPolicy", - "lambda:getPolicy", - "lambda:getProvisionedConcurrencyConfig", - "lambda:getRuntimeManagementConfig", - "lambda:listAliases", - "lambda:listCodeSigningConfigs", - "lambda:listEventSourceMappings", - "lambda:listFunctionEventInvokeConfigs", - "lambda:listFunctions", - "lambda:listFunctionsByCodeSigningConfig", - "lambda:listFunctionUrlConfigs", - "lambda:listLayers", - "lambda:listLayerVersions", - "lambda:listProvisionedConcurrencyConfigs", - "lambda:listTags", - "lambda:listVersionsByFunction", - "launchwizard:describeProvisionedApp", - "launchwizard:describeProvisioningEvents", - "launchwizard:listDeploymentEvents", - "launchwizard:listDeployments", - "launchwizard:listProvisionedApps", - "lex:describeBot", - "lex:describeBotAlias", - "lex:describeBotLocale", - "lex:describeBotRecommendation", - "lex:describeBotVersion", - "lex:describeCustomVocabularyMetadata", - "lex:describeExport", - "lex:describeImport", - "lex:describeIntent", - "lex:describeResourcePolicy", - "lex:describeSlot", - "lex:describeSlotType", - "lex:getBot", - "lex:getBotAlias", - "lex:getBotAliases", - "lex:getBotChannelAssociation", - "lex:getBotChannelAssociations", - "lex:getBots", - "lex:getBotVersions", - "lex:getBuiltinIntent", - "lex:getBuiltinIntents", - "lex:getBuiltinSlotTypes", - "lex:getIntent", - "lex:getIntents", - "lex:getIntentVersions", - "lex:getSlotType", - "lex:getSlotTypes", - "lex:getSlotTypeVersions", - "lex:listBotAliases", - "lex:listBotLocales", - "lex:listBotRecommendations", - "lex:listBots", - "lex:listBotVersions", - "lex:listExports", - "lex:listImports", - "lex:listIntents", - "lex:listRecommendedIntents", - "lex:listSlots", - "lex:listSlotTypes", - "license-manager:getLicenseConfiguration", - "license-manager:getServiceSettings", - "license-manager:listAssociationsForLicenseConfiguration", - "license-manager:listFailuresForLicenseConfigurationOperations", - "license-manager:listLicenseConfigurations", - "license-manager:listLicenseSpecificationsForResource", - "license-manager:listResourceInventory", - "license-manager:listUsageForLicenseConfiguration", - "lightsail:getActiveNames", - "lightsail:getAlarms", - "lightsail:getAutoSnapshots", - "lightsail:getBlueprints", - "lightsail:getBucketBundles", - "lightsail:getBucketMetricData", - "lightsail:getBuckets", - "lightsail:getBundles", - "lightsail:getCertificates", - "lightsail:getContainerImages", - "lightsail:getContainerServiceDeployments", - "lightsail:getContainerServiceMetricData", - "lightsail:getContainerServicePowers", - "lightsail:getContainerServices", - "lightsail:getDisk", - "lightsail:getDisks", - "lightsail:getDiskSnapshot", - "lightsail:getDiskSnapshots", - "lightsail:getDistributionBundles", - "lightsail:getDistributionMetricData", - "lightsail:getDistributions", - "lightsail:getDomain", - "lightsail:getDomains", - "lightsail:getExportSnapshotRecords", - "lightsail:getInstance", - "lightsail:getInstanceMetricData", - "lightsail:getInstancePortStates", - "lightsail:getInstances", - "lightsail:getInstanceSnapshot", - "lightsail:getInstanceSnapshots", - "lightsail:getInstanceState", - "lightsail:getKeyPair", - "lightsail:getKeyPairs", - "lightsail:getLoadBalancer", - "lightsail:getLoadBalancerMetricData", - "lightsail:getLoadBalancers", - "lightsail:getLoadBalancerTlsCertificates", - "lightsail:getOperation", - "lightsail:getOperations", - "lightsail:getOperationsForResource", - "lightsail:getRegions", - "lightsail:getRelationalDatabase", - "lightsail:getRelationalDatabaseMetricData", - "lightsail:getRelationalDatabases", - "lightsail:getRelationalDatabaseSnapshot", - "lightsail:getRelationalDatabaseSnapshots", - "lightsail:getStaticIp", - "lightsail:getStaticIps", - "lightsail:isVpcPeered", - "logs:describeAccountPolicies", - "logs:describeDeliveries", - "logs:describeDeliveryDestinations", - "logs:describeDeliverySources", - "logs:describeDestinations", - "logs:describeExportTasks", - "logs:describeFieldIndexes", - "logs:describeIndexPolicies", - "logs:describeLogGroups", - "logs:describeLogStreams", - "logs:describeMetricFilters", - "logs:describeQueries", - "logs:describeQueryDefinitions", - "logs:describeResourcePolicies", - "logs:describeSubscriptionFilters", - "logs:getDataProtectionPolicy", - "logs:getDelivery", - "logs:getDeliveryDestination", - "logs:getDeliveryDestinationPolicy", - "logs:getDeliverySource", - "logs:getIntegration", - "logs:getLogAnomalyDetector", - "logs:getLogDelivery", - "logs:getLogGroupFields", - "logs:getTransformer", - "logs:listAnomalies", - "logs:listIntegrations", - "logs:listLogAnomalyDetectors", - "logs:listLogDeliveries", - "logs:listLogGroupsForQuery", - "logs:testMetricFilter", - "lookoutequipment:describeDataIngestionJob", - "lookoutequipment:describeDataset", - "lookoutequipment:describeInferenceScheduler", - "lookoutequipment:describeModel", - "lookoutequipment:listDataIngestionJobs", - "lookoutequipment:listDatasets", - "lookoutequipment:listInferenceExecutions", - "lookoutequipment:listInferenceSchedulers", - "lookoutequipment:listModels", - "lookoutmetrics:describeAlert", - "lookoutmetrics:describeAnomalyDetectionExecutions", - "lookoutmetrics:describeAnomalyDetector", - "lookoutmetrics:describeMetricSet", - "lookoutmetrics:getAnomalyGroup", - "lookoutmetrics:getDataQualityMetrics", - "lookoutmetrics:getFeedback", - "lookoutmetrics:getSampleData", - "lookoutmetrics:listAlerts", - "lookoutmetrics:listAnomalyDetectors", - "lookoutmetrics:listAnomalyGroupSummaries", - "lookoutmetrics:listAnomalyGroupTimeSeries", - "lookoutmetrics:listMetricSets", - "lookoutmetrics:listTagsForResource", - "m2:getApplication", - "m2:getApplicationVersion", - "m2:getBatchJobExecution", - "m2:getDataSetDetails", - "m2:getDataSetImportTask", - "m2:getDeployment", - "m2:getEnvironment", - "m2:listApplications", - "m2:listApplicationVersions", - "m2:listBatchJobDefinitions", - "m2:listBatchJobExecutions", - "m2:listDataSetImportHistory", - "m2:listDataSets", - "m2:listDeployments", - "m2:listEngineVersions", - "m2:listEnvironments", - "machinelearning:describeBatchPredictions", - "machinelearning:describeDataSources", - "machinelearning:describeEvaluations", - "machinelearning:describeMLModels", - "machinelearning:getBatchPrediction", - "machinelearning:getDataSource", - "machinelearning:getEvaluation", - "machinelearning:getMLModel", - "macie2:getClassificationExportConfiguration", - "macie2:getCustomDataIdentifier", - "macie2:getFindings", - "macie2:getFindingStatistics", - "macie2:listClassificationJobs", - "macie2:listCustomDataIdentifiers", - "macie2:listFindings", - "managedblockchain:getMember", - "managedblockchain:getNetwork", - "managedblockchain:getNode", - "managedblockchain:listMembers", - "managedblockchain:listNetworks", - "managedblockchain:listNodes", - "mediaconnect:describeFlow", - "mediaconnect:listEntitlements", - "mediaconnect:listFlows", - "mediaconvert:describeEndpoints", - "mediaconvert:getJob", - "mediaconvert:getJobTemplate", - "mediaconvert:getPreset", - "mediaconvert:getQueue", - "mediaconvert:listJobs", - "mediaconvert:listJobTemplates", - "medialive:describeChannel", - "medialive:describeInput", - "medialive:describeInputDevice", - "medialive:describeInputSecurityGroup", - "medialive:describeMultiplex", - "medialive:describeOffering", - "medialive:describeReservation", - "medialive:describeSchedule", - "medialive:getCloudWatchAlarmTemplate", - "medialive:getCloudWatchAlarmTemplateGroup", - "medialive:getEventBridgeRuleTemplate", - "medialive:getEventBridgeRuleTemplateGroup", - "medialive:getSignalMap", - "medialive:listChannels", - "medialive:listCloudWatchAlarmTemplateGroups", - "medialive:listCloudWatchAlarmTemplates", - "medialive:listEventBridgeRuleTemplateGroups", - "medialive:listEventBridgeRuleTemplates", - "medialive:listInputDevices", - "medialive:listInputs", - "medialive:listInputSecurityGroups", - "medialive:listMultiplexes", - "medialive:listOfferings", - "medialive:listReservations", - "medialive:listSignalMaps", - "mediapackage:describeChannel", - "mediapackage:describeOriginEndpoint", - "mediapackage:listChannels", - "mediapackage:listOriginEndpoints", - "mediastore:describeContainer", - "mediastore:getContainerPolicy", - "mediastore:getCorsPolicy", - "mediastore:listContainers", - "mediatailor:getPlaybackConfiguration", - "mediatailor:listPlaybackConfigurations", - "medical-imaging:getDatastore", - "medical-imaging:listDatastores", - "mgn:describeJobLogItems", - "mgn:describeJobs", - "mgn:describeLaunchConfigurationTemplates", - "mgn:describeReplicationConfigurationTemplates", - "mgn:describeSourceServers", - "mgn:describeVcenterClients", - "mgn:getLaunchConfiguration", - "mgn:getReplicationConfiguration", - "mgn:listApplications", - "mgn:listSourceServerActions", - "mgn:listTemplateActions", - "mgn:listWaves", - "mobiletargeting:getAdmChannel", - "mobiletargeting:getApnsChannel", - "mobiletargeting:getApnsSandboxChannel", - "mobiletargeting:getApnsVoipChannel", - "mobiletargeting:getApnsVoipSandboxChannel", - "mobiletargeting:getApp", - "mobiletargeting:getApplicationSettings", - "mobiletargeting:getApps", - "mobiletargeting:getBaiduChannel", - "mobiletargeting:getCampaign", - "mobiletargeting:getCampaignActivities", - "mobiletargeting:getCampaigns", - "mobiletargeting:getCampaignVersion", - "mobiletargeting:getCampaignVersions", - "mobiletargeting:getEmailChannel", - "mobiletargeting:getEndpoint", - "mobiletargeting:getEventStream", - "mobiletargeting:getExportJob", - "mobiletargeting:getExportJobs", - "mobiletargeting:getGcmChannel", - "mobiletargeting:getImportJob", - "mobiletargeting:getImportJobs", - "mobiletargeting:getJourney", - "mobiletargeting:getJourneyExecutionActivityMetrics", - "mobiletargeting:getJourneyExecutionMetrics", - "mobiletargeting:getJourneyRunExecutionActivityMetrics", - "mobiletargeting:getJourneyRunExecutionMetrics", - "mobiletargeting:getJourneyRuns", - "mobiletargeting:getSegment", - "mobiletargeting:getSegmentImportJobs", - "mobiletargeting:getSegments", - "mobiletargeting:getSegmentVersion", - "mobiletargeting:getSegmentVersions", - "mobiletargeting:getSmsChannel", - "mobiletargeting:listJourneys", - "mobiletargeting:phoneNumberValidate", - "mq:describeBroker", - "mq:describeConfiguration", - "mq:describeConfigurationRevision", - "mq:describeUser", - "mq:listBrokers", - "mq:listConfigurationRevisions", - "mq:listConfigurations", - "mq:listUsers", - "network-firewall:describeFirewall", - "network-firewall:describeFirewallPolicy", - "network-firewall:describeFlowOperation", - "network-firewall:describeLoggingConfiguration", - "network-firewall:describeResourcePolicy", - "network-firewall:describeRuleGroup", - "network-firewall:describeRuleGroupMetadata", - "network-firewall:describeTlsInspectionConfiguration", - "network-firewall:listAnalysisReports", - "network-firewall:listFirewallPolicies", - "network-firewall:listFirewalls", - "network-firewall:listFlowOperationResults", - "network-firewall:listFlowOperations", - "network-firewall:listRuleGroups", - "network-firewall:listTlsInspectionConfigurations", - "networkflowmonitor:getMonitor", - "networkflowmonitor:getScope", - "networkflowmonitor:listMonitors", - "networkflowmonitor:listScopes", - "networkmanager:describeGlobalNetworks", - "networkmanager:getConnectAttachment", - "networkmanager:getConnections", - "networkmanager:getConnectPeer", - "networkmanager:getConnectPeerAssociations", - "networkmanager:getCoreNetwork", - "networkmanager:getCoreNetworkChangeEvents", - "networkmanager:getCoreNetworkChangeSet", - "networkmanager:getCoreNetworkPolicy", - "networkmanager:getCustomerGatewayAssociations", - "networkmanager:getDevices", - "networkmanager:getDirectConnectGatewayAttachment", - "networkmanager:getLinkAssociations", - "networkmanager:getLinks", - "networkmanager:getNetworkResourceCounts", - "networkmanager:getNetworkResourceRelationships", - "networkmanager:getNetworkResources", - "networkmanager:getNetworkRoutes", - "networkmanager:getNetworkTelemetry", - "networkmanager:getResourcePolicy", - "networkmanager:getRouteAnalysis", - "networkmanager:getSites", - "networkmanager:getSiteToSiteVpnAttachment", - "networkmanager:getTransitGatewayConnectPeerAssociations", - "networkmanager:getTransitGatewayPeering", - "networkmanager:getTransitGatewayRegistrations", - "networkmanager:getTransitGatewayRouteTableAttachment", - "networkmanager:getVpcAttachment", - "networkmanager:listAttachments", - "networkmanager:listConnectPeers", - "networkmanager:listCoreNetworkPolicyVersions", - "networkmanager:listCoreNetworks", - "networkmanager:listOrganizationServiceAccessStatus", - "networkmanager:listPeerings", - "networkmanager:listTagsForResource", - "networkmonitor:getMonitor", - "networkmonitor:getProbe", - "networkmonitor:listMonitors", - "notifications-contacts:getEmailContact", - "notifications-contacts:listEmailContacts", - "notifications:getEventRule", - "notifications:getNotificationConfiguration", - "notifications:getNotificationEvent", - "notifications:listChannels", - "notifications:listEventRules", - "notifications:listNotificationConfigurations", - "notifications:listNotificationEvents", - "notifications:listNotificationHubs" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Sid": "AWSSupportActionsGroup3", - "Action": [ - "oam:getLink", - "oam:getSink", - "oam:getSinkPolicy", - "oam:listAttachedLinks", - "oam:listLinks", - "oam:listSinks", - "observabilityadmin:getTelemetryEvaluationStatus", - "observabilityadmin:getTelemetryEvaluationStatusForOrganization", - "observabilityadmin:listResourceTelemetry", - "observabilityadmin:listResourceTelemetryForOrganization", - "odb:getOciOnboardingStatus", - "odb:getOdbNetwork", - "odb:getOdbPeeringConnection", - "odb:listOdbNetworks", - "odb:listOdbPeeringConnections", - "omics:getAnnotationImportJob", - "omics:getAnnotationStore", - "omics:getReadSetImportJob", - "omics:getReadSetMetadata", - "omics:getReference", - "omics:getReferenceImportJob", - "omics:getReferenceMetadata", - "omics:getReferenceStore", - "omics:getRun", - "omics:getRunGroup", - "omics:getSequenceStore", - "omics:getVariantImportJob", - "omics:getVariantStore", - "omics:getWorkflow", - "omics:listAnnotationImportJobs", - "omics:listAnnotationStores", - "omics:listMultipartReadSetUploads", - "omics:listReadSetImportJobs", - "omics:listReadSets", - "omics:listReadSetUploadParts", - "omics:listReferenceImportJobs", - "omics:listReferences", - "omics:listReferenceStores", - "omics:listRunGroups", - "omics:listRuns", - "omics:listRunTasks", - "omics:listSequenceStores", - "omics:listVariantImportJobs", - "omics:listVariantStores", - "omics:listWorkflows", - "opsworks-cm:describeAccountAttributes", - "opsworks-cm:describeBackups", - "opsworks-cm:describeEvents", - "opsworks-cm:describeNodeAssociationStatus", - "opsworks-cm:describeServers", - "opsworks:describeAgentVersions", - "opsworks:describeApps", - "opsworks:describeCommands", - "opsworks:describeDeployments", - "opsworks:describeEcsClusters", - "opsworks:describeElasticIps", - "opsworks:describeElasticLoadBalancers", - "opsworks:describeInstances", - "opsworks:describeLayers", - "opsworks:describeLoadBasedAutoScaling", - "opsworks:describeMyUserProfile", - "opsworks:describePermissions", - "opsworks:describeRaidArrays", - "opsworks:describeRdsDbInstances", - "opsworks:describeServiceErrors", - "opsworks:describeStackProvisioningParameters", - "opsworks:describeStacks", - "opsworks:describeStackSummary", - "opsworks:describeTimeBasedAutoScaling", - "opsworks:describeUserProfiles", - "opsworks:describeVolumes", - "opsworks:getHostnameSuggestion", - "organizations:describeAccount", - "organizations:describeCreateAccountStatus", - "organizations:describeEffectivePolicy", - "organizations:describeHandshake", - "organizations:describeOrganization", - "organizations:describePolicy", - "organizations:describeResourcePolicy", - "organizations:listAccounts", - "organizations:listAWSServiceAccessForOrganization", - "organizations:listCreateAccountStatus", - "organizations:listDelegatedAdministrators", - "organizations:listDelegatedServicesForAccount", - "organizations:listHandshakesForAccount", - "organizations:listHandshakesForOrganization", - "organizations:listPoliciesForTarget", - "organizations:listTagsForResource", - "organizations:listTargetsForPolicy", - "osis:getPipeline", - "osis:getPipelineBlueprint", - "osis:getPipelineChangeProgress", - "osis:listPipelineBlueprints", - "osis:listPipelines", - "osis:validatePipeline", - "outposts:getCapacityTask", - "outposts:getCatalogItem", - "outposts:getConnection", - "outposts:getOrder", - "outposts:getOutpost", - "outposts:getOutpostInstanceTypes", - "outposts:getOutpostSupportedInstanceTypes", - "outposts:getSite", - "outposts:listAssets", - "outposts:listAssetInstances", - "outposts:listBlockingInstancesForCapacityTask", - "outposts:listCapacityTasks", - "outposts:listCatalogItems", - "outposts:listOrders", - "outposts:listOutposts", - "outposts:listSites", - "pcs:getCluster", - "pcs:getComputeNodeGroup", - "pcs:getQueue", - "pcs:listClusters", - "pcs:listComputeNodeGroups", - "pcs:listQueues", - "personalize:describeAlgorithm", - "personalize:describeBatchInferenceJob", - "personalize:describeBatchSegmentJob", - "personalize:describeCampaign", - "personalize:describeDataset", - "personalize:describeDatasetExportJob", - "personalize:describeDatasetGroup", - "personalize:describeDatasetImportJob", - "personalize:describeEventTracker", - "personalize:describeFeatureTransformation", - "personalize:describeFilter", - "personalize:describeRecipe", - "personalize:describeRecommender", - "personalize:describeSchema", - "personalize:describeSolution", - "personalize:describeSolutionVersion", - "personalize:getPersonalizedRanking", - "personalize:getRecommendations", - "personalize:getSolutionMetrics", - "personalize:listBatchInferenceJobs", - "personalize:listBatchSegmentJobs", - "personalize:listCampaigns", - "personalize:listDatasetExportJobs", - "personalize:listDatasetGroups", - "personalize:listDatasetImportJobs", - "personalize:listDatasets", - "personalize:listEventTrackers", - "personalize:listRecipes", - "personalize:listRecommenders", - "personalize:listSchemas", - "personalize:listSolutions", - "personalize:listSolutionVersions", - "pipes:describePipe", - "pipes:listPipes", - "pipes:listTagsForResource", - "polly:describeVoices", - "polly:getLexicon", - "polly:listLexicons", - "pricing:describeServices", - "pricing:getAttributeValues", - "pricing:getProducts", - "private-networks:getDeviceIdentifier", - "private-networks:getNetwork", - "private-networks:getNetworkResource", - "private-networks:listDeviceIdentifiers", - "private-networks:listNetworkResources", - "private-networks:listNetworks", - "qbusiness:getApplication", - "qbusiness:getDataSource", - "qbusiness:getIndex", - "qbusiness:getRetriever", - "qbusiness:getWebExperience", - "qbusiness:listApplications", - "qbusiness:listDataSources", - "qbusiness:listDataSourceSyncJobs", - "qbusiness:listIndices", - "qbusiness:listRetrievers", - "qbusiness:listWebExperiences", - "quicksight:describeAccountCustomization", - "quicksight:describeAccountSettings", - "quicksight:describeAccountSubscription", - "quicksight:describeAnalysis", - "quicksight:describeAnalysisPermissions", - "quicksight:describeDashboard", - "quicksight:describeDashboardPermissions", - "quicksight:describeDataSet", - "quicksight:describeDataSetPermissions", - "quicksight:describeDataSetRefreshProperties", - "quicksight:describeDataSource", - "quicksight:describeDataSourcePermissions", - "quicksight:describeFolder", - "quicksight:describeFolderPermissions", - "quicksight:describeFolderResolvedPermissions", - "quicksight:describeGroup", - "quicksight:describeGroupMembership", - "quicksight:describeIAMPolicyAssignment", - "quicksight:describeIngestion", - "quicksight:describeIpRestriction", - "quicksight:describeNamespace", - "quicksight:describeRefreshSchedule", - "quicksight:describeTemplate", - "quicksight:describeTemplateAlias", - "quicksight:describeTemplatePermissions", - "quicksight:describeTheme", - "quicksight:describeThemeAlias", - "quicksight:describeThemePermissions", - "quicksight:describeTopic", - "quicksight:describeTopicPermissions", - "quicksight:describeTopicRefresh", - "quicksight:describeTopicRefreshSchedule", - "quicksight:describeUser", - "quicksight:describeVPCConnection", - "quicksight:listAnalyses", - "quicksight:listDashboards", - "quicksight:listDashboardVersions", - "quicksight:listDataSets", - "quicksight:listDataSources", - "quicksight:listFolderMembers", - "quicksight:listFolders", - "quicksight:listGroupMemberships", - "quicksight:listGroups", - "quicksight:listIAMPolicyAssignments", - "quicksight:listIAMPolicyAssignmentsForUser", - "quicksight:listIngestions", - "quicksight:listNamespaces", - "quicksight:listRefreshSchedules", - "quicksight:listTemplateAliases", - "quicksight:listTemplates", - "quicksight:listTemplateVersions", - "quicksight:listThemeAliases", - "quicksight:listThemes", - "quicksight:listThemeVersions", - "quicksight:listTopicRefreshSchedules", - "quicksight:listTopics", - "quicksight:listUserGroups", - "quicksight:listUsers", - "quicksight:listVPCConnections", - "quicksight:searchAnalyses", - "quicksight:searchDashboards", - "quicksight:searchDataSets", - "quicksight:searchDataSources", - "quicksight:searchFolders", - "quicksight:searchGroups", - "ram:getPermission", - "ram:getResourceShareAssociations", - "ram:getResourceShareInvitations", - "ram:getResourceShares", - "ram:listPendingInvitationResources", - "ram:listPrincipals", - "ram:listResources", - "ram:listResourceSharePermissions", - "rbin:getRule", - "rbin:listRules", - "rds:describeAccountAttributes", - "rds:describeBlueGreenDeployments", - "rds:describeCertificates", - "rds:describeDBClusterEndpoints", - "rds:describeDBClusterParameterGroups", - "rds:describeDBClusterParameters", - "rds:describeDBClusters", - "rds:describeDBClusterSnapshots", - "rds:describeDBEngineVersions", - "rds:describeDBInstanceAutomatedBackups", - "rds:describeDBInstances", - "rds:describeDBLogFiles", - "rds:describeDBParameterGroups", - "rds:describeDBParameters", - "rds:describeDBSecurityGroups", - "rds:describeDBSnapshotAttributes", - "rds:describeDBSnapshots", - "rds:describeDBSubnetGroups", - "rds:describeEngineDefaultClusterParameters", - "rds:describeEngineDefaultParameters", - "rds:describeEventCategories", - "rds:describeEvents", - "rds:describeEventSubscriptions", - "rds:describeExportTasks", - "rds:describeGlobalClusters", - "rds:describeIntegrations", - "rds:describeOptionGroupOptions", - "rds:describeOptionGroups", - "rds:describeOrderableDBInstanceOptions", - "rds:describePendingMaintenanceActions", - "rds:describeReservedDBInstances", - "rds:describeReservedDBInstancesOfferings", - "rds:describeSourceRegions", - "rds:describeValidDBInstanceModifications", - "rds:listTagsForResource", - "redshift-data:describeStatement", - "redshift-data:listStatements", - "redshift-serverless:getCustomDomainAssociation", - "redshift-serverless:getEndpointAccess", - "redshift-serverless:getNamespace", - "redshift-serverless:getRecoveryPoint", - "redshift-serverless:getScheduledAction", - "redshift-serverless:getSnapshot", - "redshift-serverless:getTableRestoreStatus", - "redshift-serverless:getUsageLimit", - "redshift-serverless:getWorkgroup", - "redshift-serverless:listCustomDomainAssociations", - "redshift-serverless:listEndpointAccess", - "redshift-serverless:listNamespaces", - "redshift-serverless:listRecoveryPoints", - "redshift-serverless:listSnapshotCopyConfigurations", - "redshift-serverless:listSnapshots", - "redshift-serverless:listTableRestoreStatus", - "redshift-serverless:listUsageLimits", - "redshift-serverless:listWorkgroups", - "redshift:describeClusterDbRevisions", - "redshift:describeClusterParameterGroups", - "redshift:describeClusterParameters", - "redshift:describeClusters", - "redshift:describeClusterSecurityGroups", - "redshift:describeClusterSnapshots", - "redshift:describeClusterSubnetGroups", - "redshift:describeClusterTracks", - "redshift:describeClusterVersions", - "redshift:describeCustomDomainAssociations", - "redshift:describeDataShares", - "redshift:describeDataSharesForConsumer", - "redshift:describeDataSharesForProducer", - "redshift:describeDefaultClusterParameters", - "redshift:describeEndpointAccess", - "redshift:describeEndpointAuthorization", - "redshift:describeEventCategories", - "redshift:describeEvents", - "redshift:describeEventSubscriptions", - "redshift:describeHsmClientCertificates", - "redshift:describeHsmConfigurations", - "redshift:describeInboundIntegrations", - "redshift:describeLoggingStatus", - "redshift:describeNodeConfigurationOptions", - "redshift:describeOrderableClusterOptions", - "redshift:describeRedshiftIdcApplications", - "redshift:describeReservedNodeOfferings", - "redshift:describeReservedNodes", - "redshift:describeResize", - "redshift:describeSnapshotCopyGrants", - "redshift:describeSnapshotSchedules", - "redshift:describeStorage", - "redshift:describeTableRestoreStatus", - "redshift:describeTags", - "redshift:describeUsageLimits", - "rekognition:listCollections", - "rekognition:listFaces", - "resiliencehub:describeApp", - "resiliencehub:describeAppAssessment", - "resiliencehub:describeAppVersion", - "resiliencehub:describeAppVersionAppComponent", - "resiliencehub:describeAppVersionResource", - "resiliencehub:describeAppVersionResourcesResolutionStatus", - "resiliencehub:describeAppVersionTemplate", - "resiliencehub:describeDraftAppVersionResourcesImportStatus", - "resiliencehub:describeResiliencyPolicy", - "resiliencehub:describeResourceGroupingRecommendationTask", - "resiliencehub:listAlarmRecommendations", - "resiliencehub:listAppAssessmentComplianceDrifts", - "resiliencehub:listAppAssessmentResourceDrifts", - "resiliencehub:listAppAssessments", - "resiliencehub:listAppComponentCompliances", - "resiliencehub:listAppComponentRecommendations", - "resiliencehub:listAppInputSources", - "resiliencehub:listApps", - "resiliencehub:listAppVersionAppComponents", - "resiliencehub:listAppVersionResourceMappings", - "resiliencehub:listAppVersionResources", - "resiliencehub:listAppVersions", - "resiliencehub:listRecommendationTemplates", - "resiliencehub:listResiliencyPolicies", - "resiliencehub:listResourceGroupingRecommendations", - "resiliencehub:listSopRecommendations", - "resiliencehub:listSuggestedResiliencyPolicies", - "resiliencehub:listTestRecommendations", - "resiliencehub:listUnsupportedAppVersionResources", - "resource-explorer-2:getAccountLevelServiceConfiguration", - "resource-explorer-2:getIndex", - "resource-explorer-2:getView", - "resource-explorer-2:listIndexes", - "resource-explorer-2:listViews", - "resource-explorer-2:search", - "resource-groups:getGroup", - "resource-groups:getGroupQuery", - "resource-groups:getTags", - "resource-groups:listGroupResources", - "resource-groups:listGroups", - "resource-groups:searchResources", - "robomaker:batchDescribeSimulationJob", - "robomaker:describeDeploymentJob", - "robomaker:describeFleet", - "robomaker:describeRobot", - "robomaker:describeRobotApplication", - "robomaker:describeSimulationApplication", - "robomaker:describeSimulationJob", - "robomaker:listDeploymentJobs", - "robomaker:listFleets", - "robomaker:listRobotApplications", - "robomaker:listRobots", - "robomaker:listSimulationApplications", - "robomaker:listSimulationJobs", - "rolesanywhere:getProfile", - "rolesanywhere:getTrustAnchor", - "rolesanywhere:listProfiles", - "rolesanywhere:listTrustAnchors", - "route53-recovery-cluster:getRoutingControlState", - "route53-recovery-cluster:listRoutingControls", - "route53-recovery-control-config:describeControlPanel", - "route53-recovery-control-config:describeRoutingControl", - "route53-recovery-control-config:describeSafetyRule", - "route53-recovery-control-config:listControlPanels", - "route53-recovery-control-config:listRoutingControls", - "route53-recovery-control-config:listSafetyRules", - "route53-recovery-readiness:getCell", - "route53-recovery-readiness:getCellReadinessSummary", - "route53-recovery-readiness:getReadinessCheck", - "route53-recovery-readiness:getReadinessCheckResourceStatus", - "route53-recovery-readiness:getReadinessCheckStatus", - "route53-recovery-readiness:getRecoveryGroup", - "route53-recovery-readiness:getRecoveryGroupReadinessSummary", - "route53-recovery-readiness:listCells", - "route53-recovery-readiness:listReadinessChecks", - "route53-recovery-readiness:listRecoveryGroups", - "route53-recovery-readiness:listResourceSets", - "route53:getAccountLimit", - "route53:getChange", - "route53:getCheckerIpRanges", - "route53:getDNSSEC", - "route53:getGeoLocation", - "route53:getHealthCheck", - "route53:getHealthCheckCount", - "route53:getHealthCheckLastFailureReason", - "route53:getHealthCheckStatus", - "route53:getHostedZone", - "route53:getHostedZoneCount", - "route53:getHostedZoneLimit", - "route53:getQueryLoggingConfig", - "route53:getReusableDelegationSet", - "route53:getTrafficPolicy", - "route53:getTrafficPolicyInstance", - "route53:getTrafficPolicyInstanceCount", - "route53:listCidrBlocks", - "route53:listCidrCollections", - "route53:listCidrLocations", - "route53:listGeoLocations", - "route53:listHealthChecks", - "route53:listHostedZones", - "route53:listHostedZonesByName", - "route53:listHostedZonesByVpc", - "route53:listQueryLoggingConfigs", - "route53:listResourceRecordSets", - "route53:listReusableDelegationSets", - "route53:listTrafficPolicies", - "route53:listTrafficPolicyInstances", - "route53:listTrafficPolicyInstancesByHostedZone", - "route53:listTrafficPolicyInstancesByPolicy", - "route53:listTrafficPolicyVersions", - "route53:listVPCAssociationAuthorizations", - "route53domains:checkDomainAvailability", - "route53domains:getContactReachabilityStatus", - "route53domains:getDomainDetail", - "route53domains:getOperationDetail", - "route53domains:listDomains", - "route53domains:listOperations", - "route53domains:listPrices", - "route53domains:listTagsForDomain", - "route53domains:viewBilling", - "route53profiles:getProfile", - "route53profiles:getProfileAssociation", - "route53profiles:getProfileResourceAssociation", - "route53profiles:listProfileAssociations", - "route53profiles:listProfileResourceAssociations", - "route53profiles:listProfiles", - "route53profiles:listTagsForResource", - "route53resolver:getFirewallConfig", - "route53resolver:getFirewallDomainList", - "route53resolver:getFirewallRuleGroup", - "route53resolver:getFirewallRuleGroupAssociation", - "route53resolver:getFirewallRuleGroupPolicy", - "route53resolver:getOutpostResolver", - "route53resolver:getResolverDnssecConfig", - "route53resolver:getResolverQueryLogConfig", - "route53resolver:getResolverQueryLogConfigAssociation", - "route53resolver:getResolverQueryLogConfigPolicy", - "route53resolver:getResolverRule", - "route53resolver:getResolverRuleAssociation", - "route53resolver:getResolverRulePolicy", - "route53resolver:listFirewallConfigs", - "route53resolver:listFirewallDomainLists", - "route53resolver:listFirewallDomains", - "route53resolver:listFirewallRuleGroupAssociations", - "route53resolver:listFirewallRuleGroups", - "route53resolver:listFirewallRules", - "route53resolver:listOutpostResolvers", - "route53resolver:listResolverConfigs", - "route53resolver:listResolverDnssecConfigs", - "route53resolver:listResolverEndpointIpAddresses", - "route53resolver:listResolverEndpoints", - "route53resolver:listResolverQueryLogConfigAssociations", - "route53resolver:listResolverQueryLogConfigs", - "route53resolver:listResolverRuleAssociations", - "route53resolver:listResolverRules", - "route53resolver:listTagsForResource", - "rum:batchGetRumMetricDefinitions", - "rum:getAppMonitor", - "rum:listAppMonitors", - "rum:listRumMetricsDestinations", - "s3-outposts:listEndpoints", - "s3-outposts:listOutpostsWithS3", - "s3-outposts:listRegionalBuckets", - "s3-outposts:listSharedEndpoints", - "s3:describeJob", - "s3:describeMultiRegionAccessPointOperation", - "s3:getAccelerateConfiguration", - "s3:getAccessGrant", - "s3:getAccessGrantsInstance", - "s3:getAccessGrantsInstanceResourcePolicy", - "s3:getAccessGrantsLocation", - "s3:getAccessPoint", - "s3:getAccessPointConfigurationForObjectLambda", - "s3:getAccessPointForObjectLambda", - "s3:getAccessPointPolicy", - "s3:getAccessPointPolicyForObjectLambda", - "s3:getAccessPointPolicyStatus", - "s3:getAccessPointPolicyStatusForObjectLambda", - "s3:getAccountPublicAccessBlock", - "s3:getAnalyticsConfiguration", - "s3:getBucketAcl", - "s3:getBucketCORS", - "s3:getBucketLocation", - "s3:getBucketLogging", - "s3:getBucketNotification", - "s3:getBucketObjectLockConfiguration", - "s3:getBucketOwnershipControls", - "s3:getBucketPolicy", - "s3:getBucketPolicyStatus", - "s3:getBucketPublicAccessBlock", - "s3:getBucketRequestPayment", - "s3:getBucketVersioning", - "s3:getBucketWebsite", - "s3:getEncryptionConfiguration", - "s3:getIntelligentTieringConfiguration", - "s3:getInventoryConfiguration", - "s3:getLifecycleConfiguration", - "s3:getMetricsConfiguration", - "s3:getMultiRegionAccessPoint", - "s3:getMultiRegionAccessPointPolicy", - "s3:getMultiRegionAccessPointPolicyStatus", - "s3:getMultiRegionAccessPointRoutes", - "s3:getObjectAcl", - "s3:getObjectLegalHold", - "s3:getObjectRetention", - "s3:getReplicationConfiguration", - "s3:getStorageLensConfiguration", - "s3:listAccessGrants", - "s3:listAccessGrantsInstances", - "s3:listAccessGrantsLocations", - "s3:listAccessPoints", - "s3:listAccessPointsForObjectLambda", - "s3:listAllMyBuckets", - "s3:listBucket", - "s3:listBucketMultipartUploads", - "s3:listBucketVersions", - "s3:listJobs", - "s3:listMultipartUploadParts", - "s3:listMultiRegionAccessPoints", - "s3:listStorageLensConfigurations", - "s3express:getBucketPolicy", - "s3express:listAllMyDirectoryBuckets", - "s3tables:getNamespace", - "s3tables:getTable", - "s3tables:getTableBucket", - "s3tables:getTableBucketMaintenanceConfiguration", - "s3tables:getTableBucketPolicy", - "s3tables:getTableMaintenanceJobStatus", - "s3tables:getTableMetadataLocation", - "s3tables:getTablePolicy", - "s3tables:listNamespaces", - "s3tables:listTableBuckets", - "s3tables:listTables", - "sagemaker:describeAction", - "sagemaker:describeAlgorithm", - "sagemaker:describeApp", - "sagemaker:describeAppImageConfig", - "sagemaker:describeArtifact", - "sagemaker:describeAutoMLJob", - "sagemaker:describeCluster", - "sagemaker:describeClusterNode", - "sagemaker:describeCodeRepository", - "sagemaker:describeCompilationJob", - "sagemaker:describeContext", - "sagemaker:describeDataQualityJobDefinition", - "sagemaker:describeDevice", - "sagemaker:describeDeviceFleet", - "sagemaker:describeDomain", - "sagemaker:describeEdgeDeploymentPlan", - "sagemaker:describeEdgePackagingJob", - "sagemaker:describeEndpoint", - "sagemaker:describeEndpointConfig", - "sagemaker:describeExperiment", - "sagemaker:describeFeatureGroup", - "sagemaker:describeFeatureMetadata", - "sagemaker:describeFlowDefinition", - "sagemaker:describeHub", - "sagemaker:describeHubContent", - "sagemaker:describeHumanTaskUi", - "sagemaker:describeHyperParameterTuningJob", - "sagemaker:describeImage", - "sagemaker:describeImageVersion", - "sagemaker:describeInferenceComponent", - "sagemaker:describeInferenceExperiment", - "sagemaker:describeInferenceRecommendationsJob", - "sagemaker:describeLabelingJob", - "sagemaker:describeMlflowTrackingServer", - "sagemaker:describeModel", - "sagemaker:describeModelBiasJobDefinition", - "sagemaker:describeModelCard", - "sagemaker:describeModelCardExportJob", - "sagemaker:describeModelExplainabilityJobDefinition", - "sagemaker:describeModelPackage", - "sagemaker:describeModelPackageGroup", - "sagemaker:describeModelQualityJobDefinition", - "sagemaker:describeMonitoringSchedule", - "sagemaker:describeNotebookInstance", - "sagemaker:describeNotebookInstanceLifecycleConfig", - "sagemaker:describePipeline", - "sagemaker:describePipelineDefinitionForExecution", - "sagemaker:describePipelineExecution", - "sagemaker:describeProcessingJob", - "sagemaker:describeProject", - "sagemaker:describeSpace", - "sagemaker:describeStudioLifecycleConfig", - "sagemaker:describeSubscribedWorkteam", - "sagemaker:describeTrainingJob", - "sagemaker:describeTransformJob", - "sagemaker:describeTrial", - "sagemaker:describeTrialComponent", - "sagemaker:describeUserProfile", - "sagemaker:describeWorkforce", - "sagemaker:describeWorkteam", - "sagemaker:getDeviceFleetReport", - "sagemaker:getModelPackageGroupPolicy", - "sagemaker:getSagemakerServicecatalogPortfolioStatus", - "sagemaker:listActions", - "sagemaker:listAlgorithms", - "sagemaker:listAliases", - "sagemaker:listAppImageConfigs", - "sagemaker:listApps", - "sagemaker:listArtifacts", - "sagemaker:listAssociations", - "sagemaker:listAutoMLJobs", - "sagemaker:listCandidatesForAutoMLJob", - "sagemaker:listClusterNodes", - "sagemaker:listClusters", - "sagemaker:listCodeRepositories", - "sagemaker:listCompilationJobs", - "sagemaker:listContexts", - "sagemaker:listDataQualityJobDefinitions", - "sagemaker:listDeviceFleets", - "sagemaker:listDevices", - "sagemaker:listDomains", - "sagemaker:listEdgeDeploymentPlans", - "sagemaker:listEdgePackagingJobs", - "sagemaker:listEndpointConfigs", - "sagemaker:listEndpoints", - "sagemaker:listExperiments", - "sagemaker:listFeatureGroups", - "sagemaker:listFlowDefinitions", - "sagemaker:listHubContents", - "sagemaker:listHubContentVersions", - "sagemaker:listHubs", - "sagemaker:listHumanTaskUis", - "sagemaker:listHyperParameterTuningJobs", - "sagemaker:listImages", - "sagemaker:listImageVersions", - "sagemaker:listInferenceComponents", - "sagemaker:listInferenceExperiments", - "sagemaker:listInferenceRecommendationsJobs", - "sagemaker:listInferenceRecommendationsJobSteps", - "sagemaker:listLabelingJobs", - "sagemaker:listLabelingJobsForWorkteam", - "sagemaker:listLineageGroups", - "sagemaker:listMlflowTrackingServers", - "sagemaker:listModelBiasJobDefinitions", - "sagemaker:listModelCardExportJobs", - "sagemaker:listModelCards", - "sagemaker:listModelCardVersions", - "sagemaker:listModelExplainabilityJobDefinitions", - "sagemaker:listModelMetadata", - "sagemaker:listModelPackageGroups", - "sagemaker:listModelPackages", - "sagemaker:listModelQualityJobDefinitions", - "sagemaker:listModels", - "sagemaker:listMonitoringAlertHistory", - "sagemaker:listMonitoringAlerts", - "sagemaker:listMonitoringExecutions", - "sagemaker:listMonitoringSchedules", - "sagemaker:listNotebookInstanceLifecycleConfigs", - "sagemaker:listNotebookInstances", - "sagemaker:listPipelineExecutions", - "sagemaker:listPipelineExecutionSteps", - "sagemaker:listPipelineParametersForExecution", - "sagemaker:listPipelines", - "sagemaker:listProcessingJobs", - "sagemaker:listProjects", - "sagemaker:listSpaces", - "sagemaker:listStageDevices", - "sagemaker:listStudioLifecycleConfigs", - "sagemaker:listSubscribedWorkteams", - "sagemaker:listTags", - "sagemaker:listTrainingJobs", - "sagemaker:listTrainingJobsForHyperParameterTuningJob", - "sagemaker:listTransformJobs", - "sagemaker:listTrialComponents", - "sagemaker:listTrials", - "sagemaker:listUserProfiles", - "sagemaker:listWorkforces", - "sagemaker:listWorkteams", - "savingsplans:describeSavingsPlans", - "scheduler:getSchedule", - "scheduler:getScheduleGroup", - "scheduler:listScheduleGroups", - "scheduler:listSchedules", - "schemas:describeCodeBinding", - "schemas:describeDiscoverer", - "schemas:describeRegistry", - "schemas:describeSchema", - "schemas:getCodeBindingSource", - "schemas:getDiscoveredSchema", - "schemas:getResourcePolicy", - "schemas:listDiscoverers", - "schemas:listRegistries", - "schemas:listSchemas", - "schemas:listSchemaVersions", - "sdb:domainMetadata", - "sdb:listDomains", - "secretsmanager:describeSecret", - "secretsmanager:getResourcePolicy", - "secretsmanager:listSecrets", - "secretsmanager:listSecretVersionIds", - "securityhub:batchGetConfigurationPolicyAssociations", - "securityhub:describeOrganizationConfiguration", - "securityhub:getConfigurationPolicy", - "securityhub:getConfigurationPolicyAssociation", - "securityhub:getEnabledStandards", - "securityhub:getFindingAggregator", - "securityhub:getFindings", - "securityhub:getInsightResults", - "securityhub:getInsights", - "securityhub:getMasterAccount", - "securityhub:getMembers", - "securityhub:listConfigurationPolicies", - "securityhub:listConfigurationPolicyAssociations", - "securityhub:listEnabledProductsForImport", - "securityhub:listFindingAggregators", - "securityhub:listInvitations", - "securityhub:listMembers", - "securitylake:getDataLakeExceptionSubscription", - "securitylake:getDataLakeOrganizationConfiguration", - "securitylake:getDataLakeSources", - "securitylake:getSubscriber", - "securitylake:listDataLakeExceptions", - "securitylake:listDataLakes", - "securitylake:listLogSources", - "securitylake:listSubscribers", - "serverlessrepo:getApplication", - "serverlessrepo:getApplicationPolicy", - "serverlessrepo:getCloudFormationTemplate", - "serverlessrepo:listApplicationDependencies", - "serverlessrepo:listApplications", - "serverlessrepo:listApplicationVersions", - "servicecatalog:describeConstraint", - "servicecatalog:describePortfolio", - "servicecatalog:describeProduct", - "servicecatalog:describeProductAsAdmin", - "servicecatalog:describeProductView", - "servicecatalog:describeProvisioningArtifact", - "servicecatalog:describeProvisioningParameters", - "servicecatalog:describeRecord", - "servicecatalog:listAcceptedPortfolioShares", - "servicecatalog:listConstraintsForPortfolio", - "servicecatalog:listLaunchPaths", - "servicecatalog:listPortfolioAccess", - "servicecatalog:listPortfolios", - "servicecatalog:listPortfoliosForProduct", - "servicecatalog:listPrincipalsForPortfolio", - "servicecatalog:listProvisioningArtifacts", - "servicecatalog:listRecordHistory", - "servicecatalog:scanProvisionedProducts", - "servicecatalog:searchProducts", - "servicequotas:getAssociationForServiceQuotaTemplate", - "servicequotas:getAWSDefaultServiceQuota", - "servicequotas:getRequestedServiceQuotaChange", - "servicequotas:getServiceQuota", - "servicequotas:getServiceQuotaIncreaseRequestFromTemplate", - "servicequotas:listAWSDefaultServiceQuotas", - "servicequotas:listRequestedServiceQuotaChangeHistory", - "servicequotas:listRequestedServiceQuotaChangeHistoryByQuota", - "servicequotas:listServiceQuotaIncreaseRequestsInTemplate", - "servicequotas:listServiceQuotas", - "servicequotas:listServices", - "ses:describeActiveReceiptRuleSet", - "ses:describeConfigurationSet", - "ses:describeReceiptRule", - "ses:describeReceiptRuleSet", - "ses:getAccount", - "ses:getAccountSendingEnabled", - "ses:getAddonInstance", - "ses:getAddonSubscription", - "ses:getArchive", - "ses:getArchiveExport", - "ses:getArchiveSearch", - "ses:getBlacklistReports", - "ses:getConfigurationSet", - "ses:getConfigurationSetEventDestinations", - "ses:getContactList", - "ses:getDedicatedIp", - "ses:getDedicatedIpPool", - "ses:getDedicatedIps", - "ses:getDeliverabilityDashboardOptions", - "ses:getDeliverabilityTestReport", - "ses:getDomainDeliverabilityCampaign", - "ses:getDomainStatisticsReport", - "ses:getEmailIdentity", - "ses:getIdentityDkimAttributes", - "ses:getIdentityMailFromDomainAttributes", - "ses:getIdentityNotificationAttributes", - "ses:getIdentityPolicies", - "ses:getIdentityVerificationAttributes", - "ses:getImportJob", - "ses:getIngressPoint", - "ses:getRelay", - "ses:getRuleSet", - "ses:getTrafficPolicy", - "ses:getSendQuota", - "ses:getSendStatistics", - "ses:listConfigurationSets", - "ses:listAddonInstances", - "ses:listAddonSubscriptions", - "ses:listArchiveExports", - "ses:listArchives", - "ses:listArchiveSearches", - "ses:listContactLists", - "ses:listContacts", - "ses:listCustomVerificationEmailTemplates", - "ses:listDedicatedIpPools", - "ses:listDeliverabilityTestReports", - "ses:listDomainDeliverabilityCampaigns", - "ses:listEmailIdentities", - "ses:listEmailTemplates", - "ses:listIdentities", - "ses:listIdentityPolicies", - "ses:listImportJobs", - "ses:listIngressPoints", - "ses:listReceiptFilters", - "ses:listReceiptRuleSets", - "ses:listRelays", - "ses:listRuleSets", - "ses:listRecommendations", - "ses:listTagsForResource", - "ses:listTemplates", - "ses:listTrafficPolicies", - "ses:listVerifiedEmailAddresses", - "shield:describeAttack", - "shield:describeProtection", - "shield:describeSubscription", - "shield:listAttacks", - "shield:listProtections", - "sms-voice:getConfigurationSetEventDestinations", - "sms:getConnectors", - "sms:getReplicationJobs", - "sms:getReplicationRuns", - "sms:getServers", - "snowball:describeAddress", - "snowball:describeAddresses", - "snowball:describeJob", - "snowball:getSnowballUsage", - "snowball:listJobs", - "snowball:listServiceVersions", - "sns:checkIfPhoneNumberIsOptedOut", - "sns:getDataProtectionPolicy", - "sns:getEndpointAttributes", - "sns:getPlatformApplicationAttributes", - "sns:getSMSAttributes", - "sns:getSMSSandboxAccountStatus", - "sns:getSubscriptionAttributes", - "sns:getTopicAttributes", - "sns:listEndpointsByPlatformApplication", - "sns:listOriginationNumbers", - "sns:listPhoneNumbersOptedOut", - "sns:listPlatformApplications", - "sns:listSMSSandboxPhoneNumbers", - "sns:listSubscriptions", - "sns:listSubscriptionsByTopic", - "sns:listTopics", - "sqs:getQueueAttributes", - "sqs:getQueueUrl", - "sqs:listDeadLetterSourceQueues", - "sqs:listMessageMoveTasks", - "sqs:listQueues", - "ssm-contacts:describeEngagement", - "ssm-contacts:describePage", - "ssm-contacts:getContact", - "ssm-contacts:getContactChannel", - "ssm-contacts:getContactPolicy", - "ssm-contacts:getRotation", - "ssm-contacts:getRotationOverride", - "ssm-contacts:listContactChannels", - "ssm-contacts:listContacts", - "ssm-contacts:listEngagements", - "ssm-contacts:listPageReceipts", - "ssm-contacts:listPageResolutions", - "ssm-contacts:listPagesByContact", - "ssm-contacts:listPagesByEngagement", - "ssm-contacts:listPreviewRotationShifts", - "ssm-contacts:listRotationOverrides", - "ssm-contacts:listRotations", - "ssm-contacts:listRotationShifts", - "ssm-incidents:batchGetIncidentFindings", - "ssm-incidents:getIncidentRecord", - "ssm-incidents:getReplicationSet", - "ssm-incidents:getResourcePolicies", - "ssm-incidents:getResponsePlan", - "ssm-incidents:getTimelineEvent", - "ssm-incidents:listIncidentFindings", - "ssm-incidents:listIncidentRecords", - "ssm-incidents:listRelatedItems", - "ssm-incidents:listReplicationSets", - "ssm-incidents:listResponsePlans", - "ssm-incidents:listTimelineEvents", - "ssm-quicksetup:getConfiguration", - "ssm-quicksetup:getConfigurationManager", - "ssm-quicksetup:getServiceSettings", - "ssm-quicksetup:listConfigurationManagers", - "ssm-quicksetup:listConfigurations", - "ssm-quicksetup:listQuickSetupTypes", - "ssm-sap:getApplication", - "ssm-sap:getComponent", - "ssm-sap:getDatabase", - "ssm-sap:getOperation", - "ssm-sap:getResourcePermission", - "ssm-sap:listApplications", - "ssm-sap:listComponents", - "ssm-sap:listDatabases", - "ssm-sap:listOperations", - "ssm:describeActivations", - "ssm:describeAssociation", - "ssm:describeAssociationExecutions", - "ssm:describeAssociationExecutionTargets", - "ssm:describeAutomationExecutions", - "ssm:describeAutomationStepExecutions", - "ssm:describeAvailablePatches", - "ssm:describeDocument", - "ssm:describeDocumentPermission", - "ssm:describeEffectiveInstanceAssociations", - "ssm:describeEffectivePatchesForPatchBaseline", - "ssm:describeInstanceAssociationsStatus", - "ssm:describeInstanceInformation", - "ssm:describeInstancePatches", - "ssm:describeInstancePatchStates", - "ssm:describeInstancePatchStatesForPatchGroup", - "ssm:describeInstanceProperties", - "ssm:describeInventoryDeletions", - "ssm:describeMaintenanceWindowExecutions", - "ssm:describeMaintenanceWindowExecutionTaskInvocations", - "ssm:describeMaintenanceWindowExecutionTasks", - "ssm:describeMaintenanceWindows", - "ssm:describeMaintenanceWindowSchedule", - "ssm:describeMaintenanceWindowsForTarget", - "ssm:describeMaintenanceWindowTargets", - "ssm:describeMaintenanceWindowTasks", - "ssm:describeOpsItems", - "ssm:describeParameters", - "ssm:describePatchBaselines", - "ssm:describePatchGroups", - "ssm:describePatchGroupState", - "ssm:describePatchProperties", - "ssm:describeSessions", - "ssm:getAutomationExecution", - "ssm:getCalendarState", - "ssm:getCommandInvocation", - "ssm:getConnectionStatus", - "ssm:getDefaultPatchBaseline", - "ssm:getDeployablePatchSnapshotForInstance", - "ssm:getInventorySchema", - "ssm:getMaintenanceWindow", - "ssm:getMaintenanceWindowExecution", - "ssm:getMaintenanceWindowExecutionTask", - "ssm:getMaintenanceWindowExecutionTaskInvocation", - "ssm:getMaintenanceWindowTask", - "ssm:getOpsItem", - "ssm:getOpsMetadata", - "ssm:getOpsSummary", - "ssm:getPatchBaseline", - "ssm:getPatchBaselineForPatchGroup", - "ssm:getResourcePolicies", - "ssm:getServiceSetting", - "ssm:listAssociations", - "ssm:listAssociationVersions", - "ssm:listCommandInvocations", - "ssm:listCommands", - "ssm:listComplianceItems", - "ssm:listComplianceSummaries", - "ssm:listDocumentMetadataHistory", - "ssm:listDocuments", - "ssm:listDocumentVersions", - "ssm:listNodes", - "ssm:listNodesSummary", - "ssm:listOpsItemEvents", - "ssm:listOpsItemRelatedItems", - "ssm:listOpsMetadata", - "ssm:listResourceComplianceSummaries", - "ssm:listResourceDataSync", - "ssm:listTagsForResource", - "sso:describeApplication", - "sso:describeApplicationAssignment", - "sso:describeApplicationProvider", - "sso:describeAccountAssignmentCreationStatus", - "sso:describeAccountAssignmentDeletionStatus", - "sso:describeInstance", - "sso:describeInstanceAccessControlAttributeConfiguration", - "sso:describePermissionSet", - "sso:describePermissionSetProvisioningStatus", - "sso:describeTrustedTokenIssuer", - "sso:getApplicationAccessScope", - "sso:getApplicationAssignmentConfiguration", - "sso:getApplicationAuthenticationMethod", - "sso:getApplicationGrant", - "sso:getApplicationInstance", - "sso:getApplicationTemplate", - "sso:getInlinePolicyForPermissionSet", - "sso:getManagedApplicationInstance", - "sso:getPermissionsBoundaryForPermissionSet", - "sso:getSharedSsoConfiguration", - "sso:listApplicationAccessScopes", - "sso:listApplicationAssignments", - "sso:listApplicationAuthenticationMethods", - "sso:listApplicationGrants", - "sso:listApplicationInstances", - "sso:listApplicationProviders", - "sso:listApplications", - "sso:listApplicationTemplates", - "sso:listAccountAssignmentCreationStatus", - "sso:listAccountAssignmentDeletionStatus", - "sso:listAccountAssignments", - "sso:listAccountAssignmentsForPrincipal", - "sso:listAccountsForProvisionedPermissionSet", - "sso:listApplicationAssignmentsForPrincipal", - "sso:listCustomerManagedPolicyReferencesInPermissionSet", - "sso:listDirectoryAssociations", - "sso:listInstances", - "sso:listManagedPoliciesInPermissionSet", - "sso:listPermissionSetProvisioningStatus", - "sso:listPermissionSets", - "sso:listPermissionSetsProvisionedToAccount", - "sso:listProfileAssociations", - "sso:listTrustedTokenIssuers", - "states:describeActivity", - "states:describeExecution", - "states:describeMapRun", - "states:describeStateMachine", - "states:describeStateMachineAlias", - "states:describeStateMachineForExecution", - "states:getExecutionHistory", - "states:listActivities", - "states:listExecutions", - "states:listMapRuns", - "states:listStateMachineAliases", - "states:listStateMachines", - "states:listStateMachineVersions", - "storagegateway:describeBandwidthRateLimit", - "storagegateway:describeCache", - "storagegateway:describeCachediSCSIVolumes", - "storagegateway:describeFileSystemAssociations", - "storagegateway:describeGatewayInformation", - "storagegateway:describeMaintenanceStartTime", - "storagegateway:describeNFSFileShares", - "storagegateway:describeSMBFileShares", - "storagegateway:describeSMBSettings", - "storagegateway:describeSnapshotSchedule", - "storagegateway:describeStorediSCSIVolumes", - "storagegateway:describeTapeArchives", - "storagegateway:describeTapeRecoveryPoints", - "storagegateway:describeTapes", - "storagegateway:describeUploadBuffer", - "storagegateway:describeVTLDevices", - "storagegateway:describeWorkingStorage", - "storagegateway:listAutomaticTapeCreationPolicies", - "storagegateway:listFileShares", - "storagegateway:listFileSystemAssociations", - "storagegateway:listGateways", - "storagegateway:listLocalDisks", - "storagegateway:listTagsForResource", - "storagegateway:listTapes", - "storagegateway:listVolumeInitiators", - "storagegateway:listVolumeRecoveryPoints", - "storagegateway:listVolumes", - "sts:getCallerIdentity", - "swf:countClosedWorkflowExecutions", - "swf:countOpenWorkflowExecutions", - "swf:countPendingActivityTasks", - "swf:countPendingDecisionTasks", - "swf:describeActivityType", - "swf:describeDomain", - "swf:describeWorkflowExecution", - "swf:describeWorkflowType", - "swf:getWorkflowExecutionHistory", - "swf:listActivityTypes", - "swf:listClosedWorkflowExecutions", - "swf:listDomains", - "swf:listOpenWorkflowExecutions", - "swf:listWorkflowTypes", - "synthetics:describeCanaries", - "synthetics:describeCanariesLastRun", - "synthetics:describeRuntimeVersions", - "synthetics:getCanary", - "synthetics:getCanaryRuns", - "synthetics:getGroup", - "synthetics:listAssociatedGroups", - "synthetics:listGroupResources", - "synthetics:listGroups", - "thinclient:getDevice", - "thinclient:getEnvironment", - "thinclient:getSoftwareSet", - "thinclient:listDevices", - "thinclient:listEnvironments", - "thinclient:listSoftwareSets", - "timestream:describeAccountSettings", - "timestream:describeBatchLoadTask", - "timestream:describeDatabase", - "timestream:describeEndpoints", - "timestream:describeScheduledQuery", - "timestream:describeTable", - "timestream:listBatchLoadTasks", - "timestream:listDatabases", - "timestream:listScheduledQueries", - "timestream:listTables", - "tiros:createQuery", - "tiros:getQueryAnswer", - "tiros:getQueryExplanation", - "tnb:getSolFunctionInstance", - "tnb:getSolFunctionPackage", - "tnb:getSolNetworkInstance", - "tnb:getSolNetworkOperation", - "tnb:getSolNetworkPackage", - "tnb:listSolFunctionInstances", - "tnb:listSolFunctionPackages", - "tnb:listSolNetworkInstances", - "tnb:listSolNetworkOperations", - "tnb:listSolNetworkPackages", - "transcribe:describeLanguageModel", - "transcribe:getCallAnalyticsCategory", - "transcribe:getCallAnalyticsJob", - "transcribe:getMedicalTranscriptionJob", - "transcribe:getMedicalVocabulary", - "transcribe:getTranscriptionJob", - "transcribe:getVocabulary", - "transcribe:getVocabularyFilter", - "transcribe:listCallAnalyticsCategories", - "transcribe:listCallAnalyticsJobs", - "transcribe:listLanguageModels", - "transcribe:listMedicalTranscriptionJobs", - "transcribe:listMedicalVocabularies", - "transcribe:listTranscriptionJobs", - "transcribe:listVocabularies", - "transcribe:listVocabularyFilters", - "transfer:describeAccess", - "transfer:describeAgreement", - "transfer:describeConnector", - "transfer:describeExecution", - "transfer:describeProfile", - "transfer:describeServer", - "transfer:describeUser", - "transfer:describeWebApp", - "transfer:describeWebAppCustomization", - "transfer:describeWorkflow", - "transfer:listAccesses", - "transfer:listAgreements", - "transfer:listConnectors", - "transfer:listExecutions", - "transfer:listHostKeys", - "transfer:listProfiles", - "transfer:listServers", - "transfer:listTagsForResource", - "transfer:listUsers", - "transfer:listWebApps", - "transfer:listWorkflows", - "transfer:sendWorkflowStepState", - "trustedadvisor:getOrganizationRecommendation", - "trustedadvisor:getRecommendation", - "trustedadvisor:listChecks", - "trustedadvisor:listOrganizationRecommendationAccounts", - "trustedadvisor:listOrganizationRecommendationResources", - "trustedadvisor:listOrganizationRecommendations", - "trustedadvisor:listRecommendationResources", - "trustedadvisor:listRecommendations", - "verifiedpermissions:getIdentitySource", - "verifiedpermissions:getPolicy", - "verifiedpermissions:getPolicyStore", - "verifiedpermissions:getPolicyTemplate", - "verifiedpermissions:getSchema", - "verifiedpermissions:listIdentitySources", - "verifiedpermissions:listPolicies", - "verifiedpermissions:listPolicyStores", - "verifiedpermissions:listPolicyTemplates", - "vpc-lattice:getAccessLogSubscription", - "vpc-lattice:getAuthPolicy", - "vpc-lattice:getListener", - "vpc-lattice:getResourceConfiguration", - "vpc-lattice:getResourceGateway", - "vpc-lattice:getResourcePolicy", - "vpc-lattice:getRule", - "vpc-lattice:getService", - "vpc-lattice:getServiceNetwork", - "vpc-lattice:getServiceNetworkResourceAssociation", - "vpc-lattice:getServiceNetworkServiceAssociation", - "vpc-lattice:getServiceNetworkVpcAssociation", - "vpc-lattice:getTargetGroup", - "vpc-lattice:listAccessLogSubscriptions", - "vpc-lattice:listListeners", - "vpc-lattice:listResourceConfigurations", - "vpc-lattice:listResourceGateways", - "vpc-lattice:listRules", - "vpc-lattice:listServiceNetworks", - "vpc-lattice:listServiceNetworkResourceAssociations", - "vpc-lattice:listServiceNetworkServiceAssociations", - "vpc-lattice:listServiceNetworkVpcAssociations", - "vpc-lattice:listServices", - "vpc-lattice:listTargetGroups", - "vpc-lattice:listTargets", - "waf-regional:getByteMatchSet", - "waf-regional:getChangeTokenStatus", - "waf-regional:getGeoMatchSet", - "waf-regional:getIPSet", - "waf-regional:getLoggingConfiguration", - "waf-regional:getRateBasedRule", - "waf-regional:getRegexMatchSet", - "waf-regional:getRegexPatternSet", - "waf-regional:getRule", - "waf-regional:getRuleGroup", - "waf-regional:getSqlInjectionMatchSet", - "waf-regional:getWebACL", - "waf-regional:getWebACLForResource", - "waf-regional:listActivatedRulesInRuleGroup", - "waf-regional:listByteMatchSets", - "waf-regional:listGeoMatchSets", - "waf-regional:listIPSets", - "waf-regional:listLoggingConfigurations", - "waf-regional:listRateBasedRules", - "waf-regional:listRegexMatchSets", - "waf-regional:listRegexPatternSets", - "waf-regional:listResourcesForWebACL", - "waf-regional:listRuleGroups", - "waf-regional:listRules", - "waf-regional:listSqlInjectionMatchSets", - "waf-regional:listWebACLs", - "waf:getByteMatchSet", - "waf:getChangeTokenStatus", - "waf:getGeoMatchSet", - "waf:getIPSet", - "waf:getLoggingConfiguration", - "waf:getRateBasedRule", - "waf:getRegexMatchSet", - "waf:getRegexPatternSet", - "waf:getRule", - "waf:getRuleGroup", - "waf:getSampledRequests", - "waf:getSizeConstraintSet", - "waf:getSqlInjectionMatchSet", - "waf:getWebACL", - "waf:getXssMatchSet", - "waf:listActivatedRulesInRuleGroup", - "waf:listByteMatchSets", - "waf:listGeoMatchSets", - "waf:listIPSets", - "waf:listLoggingConfigurations", - "waf:listRateBasedRules", - "waf:listRegexMatchSets", - "waf:listRegexPatternSets", - "waf:listRuleGroups", - "waf:listRules", - "waf:listSizeConstraintSets", - "waf:listSqlInjectionMatchSets", - "waf:listWebACLs", - "waf:listXssMatchSets", - "wafv2:checkCapacity", - "wafv2:describeManagedRuleGroup", - "wafv2:getIPSet", - "wafv2:getLoggingConfiguration", - "wafv2:getPermissionPolicy", - "wafv2:getRateBasedStatementManagedKeys", - "wafv2:getRegexPatternSet", - "wafv2:getRuleGroup", - "wafv2:getSampledRequests", - "wafv2:getWebACL", - "wafv2:getWebACLForResource", - "wafv2:listAvailableManagedRuleGroups", - "wafv2:listIPSets", - "wafv2:listLoggingConfigurations", - "wafv2:listRegexPatternSets", - "wafv2:listResourcesForWebACL", - "wafv2:listRuleGroups", - "wafv2:listTagsForResource", - "wafv2:listWebACLs", - "workdocs:checkAlias", - "workdocs:describeAvailableDirectories", - "workdocs:describeInstances", - "workmail:describeGroup", - "workmail:describeOrganization", - "workmail:describeResource", - "workmail:describeUser", - "workmail:listAliases", - "workmail:listGroupMembers", - "workmail:listGroups", - "workmail:listMailboxPermissions", - "workmail:listOrganizations", - "workmail:listResourceDelegates", - "workmail:listResources", - "workmail:listUsers", - "workspaces-web:getBrowserSettings", - "workspaces-web:getIdentityProvider", - "workspaces-web:getNetworkSettings", - "workspaces-web:getPortal", - "workspaces-web:getPortalServiceProviderMetadata", - "workspaces-web:getTrustStoreCertificate", - "workspaces-web:getUserSettings", - "workspaces-web:listBrowserSettings", - "workspaces-web:listIdentityProviders", - "workspaces-web:listNetworkSettings", - "workspaces-web:listPortals", - "workspaces-web:listTagsForResource", - "workspaces-web:listTrustStoreCertificates", - "workspaces-web:listTrustStores", - "workspaces-web:listUserSettings", - "workspaces:describeAccount", - "workspaces:describeAccountModifications", - "workspaces:describeApplicationAssociations", - "workspaces:describeIpGroups", - "workspaces:describeTags", - "workspaces:describeWorkspaceAssociations", - "workspaces:describeWorkspaceBundles", - "workspaces:describeWorkspaceDirectories", - "workspaces:describeWorkspaceImages", - "workspaces:describeWorkspaces", - "workspaces:describeWorkspaceSnapshots", - "workspaces:describeWorkspacesConnectionStatus", - "workspaces:describeWorkspacesPools", - "workspaces:describeWorkspacesPoolSessions", - "xray:getEncryptionConfig", - "xray:getGroup", - "xray:getGroups", - "xray:getInsightImpactGraph", - "xray:getSamplingRules", - "xray:getSamplingStatisticSummaries", - "xray:getSamplingTargets", - "xray:getServiceGraph", - "xray:getTimeSeriesServiceStatistics", - "xray:getTraceGraph", - "xray:listResourcePolicies" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - } - ], - "Version": "2012-10-17" - }, - "tags": [] - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "AWSSupportServiceRolePolicy", - "type": "AwsIamPolicy", - "uid": "arn:aws:iam::aws:policy/aws-service-role/AWSSupportServiceRolePolicy" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "It is more secure to start with a minimum set of permissions and grant additional permissions as necessary, rather than starting with permissions that are too lenient and then trying to tighten them later. List policies an analyze if permissions are the least possible to conduct business activities.", - "references": [ - "http://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html" - ] - }, - "risk_details": "IAM policies are the means by which privileges are granted to users, groups, or roles. It is recommended and considered a standard security advice to grant least privilegeβ€”that is, granting only the permissions required to perform a task. Determine what users need to do and then craft policies for them that let the users perform only those tasks instead of allowing full administrative privileges. Providing full administrative privileges instead of restricting to the minimum set of permissions that the user is required to do exposes the resources to potentially unwanted actions.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "AWS policy AmazonRDSEnhancedMonitoringRole is attached but does not allow '*:*' administrative privileges.", - "metadata": { - "event_code": "iam_aws_attached_policy_no_administrative_privileges", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "AWS policy AmazonRDSEnhancedMonitoringRole is attached but does not allow '*:*' administrative privileges.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "CAF Security Epic: IAM", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_1", - "3_1_2", - "3_1_4", - "3_1_5", - "3_1_6", - "3_1_7", - "3_4_6", - "3_13_3" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_1" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_308_a_3_i", - "164_308_a_3_ii_b", - "164_308_a_4_i", - "164_308_a_4_ii_b", - "164_308_a_4_ii_c", - "164_312_a_1" - ], - "SOC2": [ - "cc_1_3", - "cc_6_3" - ], - "C5-2025": [ - "OIS-04.03B", - "OIS-04.01AC", - "SP-01.04B", - "HR-01.01B", - "IAM-01.01B", - "IAM-01.04B" - ], - "NIST-CSF-1.1": [ - "ac_1", - "ac_4", - "pt_3" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-1", - "ac-2-f", - "ac-2-j", - "ac-3", - "ac-5-c", - "ac-6-10", - "ac-6", - "sc-2" - ], - "CIS-3.0": [ - "1.16" - ], - "NIST-800-53-Revision-5": [ - "ac_2_1", - "ac_2_6", - "ac_2_i_2", - "ac_3", - "ac_3_3", - "ac_3_3_a", - "ac_3_3_b_1", - "ac_3_3_b_2", - "ac_3_3_b_3", - "ac_3_3_b_4", - "ac_3_3_b_5", - "ac_3_3_c", - "ac_3_4", - "ac_3_4_a", - "ac_3_4_b", - "ac_3_4_c", - "ac_3_4_d", - "ac_3_4_e", - "ac_3_7", - "ac_3_8", - "ac_3_12_a", - "ac_3_13", - "ac_3_15_a", - "ac_3_15_b", - "ac_4_28", - "ac_5_b", - "ac_6", - "ac_6_2", - "ac_6_3", - "ac_6_10", - "ac_24", - "cm_5_1_a", - "cm_6_a", - "cm_9_b", - "mp_2", - "sc_23_3", - "sc_25" - ], - "ENS-RD2022": [ - "op.acc.4.aws.iam.1", - "op.acc.4.aws.iam.2", - "op.acc.4.aws.iam.9", - "op.exp.8.r4.aws.ct.8" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.16" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "ac-3" - ], - "FFIEC": [ - "d3-pc-am-b-1", - "d3-pc-am-b-16", - "d3-pc-am-b-2", - "d3-pc-am-b-3", - "d3-pc-am-b-6", - "d3-pc-im-b-7" - ], - "GDPR": [ - "article_25" - ], - "CIS-5.0": [ - "1.15" - ], - "CIS-1.4": [ - "1.16" - ], - "CCC": [ - "CCC.LB.CN05.AR01", - "CCC.Core.CN05.AR02" - ], - "GxP-21-CFR-Part-11": [ - "11.10-d", - "11.10-g" - ], - "ProwlerThreatScore-1.0": [ - "1.3.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "IAM.1" - ], - "CIS-1.5": [ - "1.16" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC03-BP02" - ], - "ISO27001-2022": [ - "A.5.18", - "A.8.2" - ], - "NIST-800-53-Revision-4": [ - "ac_2", - "ac_3", - "ac_5", - "ac_6", - "sc_2" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1078", - "T1648", - "T1098", - "T1578", - "T1550", - "T1040", - "T1580", - "T1538", - "T1619", - "T1201" - ], - "CIS-2.0": [ - "1.16" - ], - "CISA": [ - "your-systems-3", - "your-surroundings-3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure IAM AWS-Managed policies that allow full \"*:*\" administrative privileges are not attached", - "title": "Ensure IAM AWS-Managed policies that allow full \"*:*\" administrative privileges are not attached", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_aws_attached_policy_no_administrative_privileges-211203495394-us-east-1-AmazonRDSEnhancedMonitoringRole" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "AmazonRDSEnhancedMonitoringRole", - "arn": "arn:aws:iam::aws:policy/service-role/AmazonRDSEnhancedMonitoringRole", - "entity": "ANPAJV7BS425S4PTSSVGK", - "version_id": "v1", - "type": "AWS", - "attached": true, - "document": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "EnableCreationAndManagementOfRDSCloudwatchLogGroups", - "Effect": "Allow", - "Action": [ - "logs:CreateLogGroup", - "logs:PutRetentionPolicy" - ], - "Resource": [ - "arn:aws:logs:*:*:log-group:RDS*" - ] - }, - { - "Sid": "EnableCreationAndManagementOfRDSCloudwatchLogStreams", - "Effect": "Allow", - "Action": [ - "logs:CreateLogStream", - "logs:PutLogEvents", - "logs:DescribeLogStreams", - "logs:GetLogEvents" - ], - "Resource": [ - "arn:aws:logs:*:*:log-group:RDS*:log-stream:*" - ] - } - ] - }, - "tags": [] - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "AmazonRDSEnhancedMonitoringRole", - "type": "AwsIamPolicy", - "uid": "arn:aws:iam::aws:policy/service-role/AmazonRDSEnhancedMonitoringRole" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "It is more secure to start with a minimum set of permissions and grant additional permissions as necessary, rather than starting with permissions that are too lenient and then trying to tighten them later. List policies an analyze if permissions are the least possible to conduct business activities.", - "references": [ - "http://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html" - ] - }, - "risk_details": "IAM policies are the means by which privileges are granted to users, groups, or roles. It is recommended and considered a standard security advice to grant least privilegeβ€”that is, granting only the permissions required to perform a task. Determine what users need to do and then craft policies for them that let the users perform only those tasks instead of allowing full administrative privileges. Providing full administrative privileges instead of restricting to the minimum set of permissions that the user is required to do exposes the resources to potentially unwanted actions.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "AWS policy AWSResourceExplorerServiceRolePolicy is attached but does not allow '*:*' administrative privileges.", - "metadata": { - "event_code": "iam_aws_attached_policy_no_administrative_privileges", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "AWS policy AWSResourceExplorerServiceRolePolicy is attached but does not allow '*:*' administrative privileges.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "CAF Security Epic: IAM", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_1", - "3_1_2", - "3_1_4", - "3_1_5", - "3_1_6", - "3_1_7", - "3_4_6", - "3_13_3" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_1" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_308_a_3_i", - "164_308_a_3_ii_b", - "164_308_a_4_i", - "164_308_a_4_ii_b", - "164_308_a_4_ii_c", - "164_312_a_1" - ], - "SOC2": [ - "cc_1_3", - "cc_6_3" - ], - "C5-2025": [ - "OIS-04.03B", - "OIS-04.01AC", - "SP-01.04B", - "HR-01.01B", - "IAM-01.01B", - "IAM-01.04B" - ], - "NIST-CSF-1.1": [ - "ac_1", - "ac_4", - "pt_3" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-1", - "ac-2-f", - "ac-2-j", - "ac-3", - "ac-5-c", - "ac-6-10", - "ac-6", - "sc-2" - ], - "CIS-3.0": [ - "1.16" - ], - "NIST-800-53-Revision-5": [ - "ac_2_1", - "ac_2_6", - "ac_2_i_2", - "ac_3", - "ac_3_3", - "ac_3_3_a", - "ac_3_3_b_1", - "ac_3_3_b_2", - "ac_3_3_b_3", - "ac_3_3_b_4", - "ac_3_3_b_5", - "ac_3_3_c", - "ac_3_4", - "ac_3_4_a", - "ac_3_4_b", - "ac_3_4_c", - "ac_3_4_d", - "ac_3_4_e", - "ac_3_7", - "ac_3_8", - "ac_3_12_a", - "ac_3_13", - "ac_3_15_a", - "ac_3_15_b", - "ac_4_28", - "ac_5_b", - "ac_6", - "ac_6_2", - "ac_6_3", - "ac_6_10", - "ac_24", - "cm_5_1_a", - "cm_6_a", - "cm_9_b", - "mp_2", - "sc_23_3", - "sc_25" - ], - "ENS-RD2022": [ - "op.acc.4.aws.iam.1", - "op.acc.4.aws.iam.2", - "op.acc.4.aws.iam.9", - "op.exp.8.r4.aws.ct.8" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.16" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "ac-3" - ], - "FFIEC": [ - "d3-pc-am-b-1", - "d3-pc-am-b-16", - "d3-pc-am-b-2", - "d3-pc-am-b-3", - "d3-pc-am-b-6", - "d3-pc-im-b-7" - ], - "GDPR": [ - "article_25" - ], - "CIS-5.0": [ - "1.15" - ], - "CIS-1.4": [ - "1.16" - ], - "CCC": [ - "CCC.LB.CN05.AR01", - "CCC.Core.CN05.AR02" - ], - "GxP-21-CFR-Part-11": [ - "11.10-d", - "11.10-g" - ], - "ProwlerThreatScore-1.0": [ - "1.3.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "IAM.1" - ], - "CIS-1.5": [ - "1.16" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC03-BP02" - ], - "ISO27001-2022": [ - "A.5.18", - "A.8.2" - ], - "NIST-800-53-Revision-4": [ - "ac_2", - "ac_3", - "ac_5", - "ac_6", - "sc_2" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1078", - "T1648", - "T1098", - "T1578", - "T1550", - "T1040", - "T1580", - "T1538", - "T1619", - "T1201" - ], - "CIS-2.0": [ - "1.16" - ], - "CISA": [ - "your-systems-3", - "your-surroundings-3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure IAM AWS-Managed policies that allow full \"*:*\" administrative privileges are not attached", - "title": "Ensure IAM AWS-Managed policies that allow full \"*:*\" administrative privileges are not attached", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_aws_attached_policy_no_administrative_privileges-211203495394-us-east-1-AWSResourceExplorerServiceRolePolicy" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "AWSResourceExplorerServiceRolePolicy", - "arn": "arn:aws:iam::aws:policy/aws-service-role/AWSResourceExplorerServiceRolePolicy", - "entity": "ANPAZKAPJZG4K2H54PAUL", - "version_id": "v19", - "type": "AWS", - "attached": true, - "document": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "ResourceExplorerAccess", - "Effect": "Allow", - "Action": [ - "resource-explorer-2:UpdateIndexType", - "resource-explorer-2:CreateIndex", - "resource-explorer-2:CreateView", - "resource-explorer-2:AssociateDefaultView", - "resource-explorer-2:DeleteIndex" - ], - "Resource": "*" - }, - { - "Sid": "OrganizationsAccess", - "Effect": "Allow", - "Action": [ - "organizations:DescribeAccount", - "organizations:DescribeOrganization", - "organizations:ListAWSServiceAccessForOrganization", - "organizations:ListAccounts", - "organizations:ListDelegatedAdministrators", - "organizations:ListOrganizationalUnitsForParent", - "organizations:ListRoots" - ], - "Resource": "*" - }, - { - "Sid": "CloudTrailEventsAccess", - "Effect": "Allow", - "Action": [ - "cloudtrail:CreateServiceLinkedChannel", - "cloudtrail:GetServiceLinkedChannel" - ], - "Resource": "arn:aws:cloudtrail:*:*:channel/aws-service-channel/resource-explorer-2/*" - }, - { - "Sid": "ApiGatewayAccess", - "Effect": "Allow", - "Action": "apigateway:GET", - "Resource": [ - "arn:aws:apigateway:*::/restapis", - "arn:aws:apigateway:*::/restapis/*", - "arn:aws:apigateway:*::/restapis/*/deployments", - "arn:aws:apigateway:*::/restapis/*/resources", - "arn:aws:apigateway:*::/restapis/*/resources/*", - "arn:aws:apigateway:*::/restapis/*/resources/*/methods/*", - "arn:aws:apigateway:*::/restapis/*/stages", - "arn:aws:apigateway:*::/restapis/*/stages/*", - "arn:aws:apigateway:*::/vpclinks", - "arn:aws:apigateway:*::/apis", - "arn:aws:apigateway:*::/apis/*/routes", - "arn:aws:apigateway:*::/apis/*/stages", - "arn:aws:apigateway:*::/apis/*", - "arn:aws:apigateway:*::/apis/*/routes/*", - "arn:aws:apigateway:*::/apis/*/stages/*" - ] - }, - { - "Sid": "ResourceInventoryAccess", - "Effect": "Allow", - "Action": [ - "access-analyzer:ListAnalyzers", - "acm-pca:ListCertificateAuthorities", - "acm:ListCertificates", - "airflow:ListEnvironments", - "amplify:ListApps", - "amplify:ListBranches", - "amplify:ListDomainAssociations", - "aoss:ListCollections", - "app-integrations:ListApplications", - "app-integrations:ListEventIntegrations", - "appconfig:ListApplications", - "appconfig:ListDeploymentStrategies", - "appconfig:ListEnvironments", - "appconfig:ListExtensionAssociations", - "appflow:ListFlows", - "appmesh:ListGatewayRoutes", - "appmesh:ListMeshes", - "appmesh:ListRoutes", - "appmesh:ListVirtualGateways", - "appmesh:ListVirtualNodes", - "appmesh:ListVirtualRouters", - "appmesh:ListVirtualServices", - "apprunner:ListAutoScalingConfigurations", - "apprunner:ListConnections", - "apprunner:ListServices", - "apprunner:ListVpcConnectors", - "appstream:DescribeAppBlocks", - "appstream:DescribeApplications", - "appstream:DescribeFleets", - "appstream:DescribeImageBuilders", - "appstream:DescribeStacks", - "appsync:ListGraphqlApis", - "aps:ListRuleGroupsNamespaces", - "aps:ListWorkspaces", - "athena:ListDataCatalogs", - "athena:ListWorkGroups", - "auditmanager:GetAccountStatus", - "auditmanager:ListAssessments", - "autoscaling:DescribeAutoScalingGroups", - "backup-gateway:ListHypervisors", - "backup:ListBackupPlans", - "backup:ListBackupVaults", - "backup:ListReportPlans", - "batch:DescribeComputeEnvironments", - "batch:DescribeJobDefinitions", - "batch:DescribeJobQueues", - "batch:ListSchedulingPolicies", - "bedrock:ListAgentAliases", - "bedrock:ListAgents", - "bedrock:ListDataAutomationProjects", - "bedrock:ListFlows", - "bedrock:ListGuardrails", - "bedrock:ListInferenceProfiles", - "bedrock:ListKnowledgeBases", - "bedrock:ListPromptRouters", - "bedrock:ListPrompts", - "ce:GetAnomalyMonitors", - "ce:GetAnomalySubscriptions", - "chime:ListAppInstanceBots", - "chime:ListAppInstanceUsers", - "chime:ListAppInstances", - "chime:ListMediaInsightsPipelineConfigurations", - "chime:ListMediaPipelineKinesisVideoStreamPools", - "chime:ListMediaPipelines", - "chime:ListSipMediaApplications", - "chime:ListVoiceConnectors", - "cloud9:ListEnvironments", - "cloudformation:ListResources", - "cloudformation:ListStackSets", - "cloudformation:ListStacks", - "cloudfront:ListCachePolicies", - "cloudfront:ListCloudFrontOriginAccessIdentities", - "cloudfront:ListContinuousDeploymentPolicies", - "cloudfront:ListDistributions", - "cloudfront:ListFieldLevelEncryptionConfigs", - "cloudfront:ListFieldLevelEncryptionProfiles", - "cloudfront:ListFunctions", - "cloudfront:ListOriginAccessControls", - "cloudfront:ListOriginRequestPolicies", - "cloudfront:ListRealtimeLogConfigs", - "cloudfront:ListResponseHeadersPolicies", - "cloudtrail:ListChannels", - "cloudtrail:ListDashboards", - "cloudtrail:ListEventDataStores", - "cloudtrail:ListTrails", - "cloudwatch:DescribeAlarms", - "cloudwatch:DescribeInsightRules", - "cloudwatch:ListDashboards", - "cloudwatch:ListMetricStreams", - "codeartifact:ListDomains", - "codeartifact:ListRepositories", - "codebuild:ListProjects", - "codecommit:ListRepositories", - "codeconnections:ListConnections", - "codedeploy:ListApplications", - "codedeploy:ListDeploymentConfigs", - "codeguru-profiler:ListProfilingGroups", - "codeguru-reviewer:ListRepositoryAssociations", - "codepipeline:ListPipelines", - "codepipeline:ListWebhooks", - "codestar-connections:ListConnections", - "cognito-identity:ListIdentityPools", - "cognito-idp:ListUserPools", - "comprehend:ListDocumentClassifiers", - "comprehend:ListEntityRecognizers", - "comprehend:ListFlywheels", - "config:DescribeConfigRules", - "connect:ListEvaluationForms", - "connect:ListHoursOfOperations", - "connect:ListInstanceAttributes", - "connect:ListInstances", - "connect:ListPhoneNumbersV2", - "connect:ListPrompts", - "connect:ListQuickConnects", - "connect:ListRoutingProfileQueues", - "connect:ListRoutingProfiles", - "connect:ListRules", - "connect:ListSecurityProfiles", - "connect:ListTaskTemplates", - "connect:ListUsers", - "databrew:ListDatasets", - "databrew:ListJobs", - "databrew:ListProjects", - "databrew:ListRecipes", - "databrew:ListRulesets", - "databrew:ListSchedules", - "dataexchange:ListDataSets", - "datapipeline:ListPipelines", - "datasync:ListLocations", - "datasync:ListTasks", - "dax:DescribeClusters", - "detective:ListGraphs", - "devicefarm:ListInstanceProfiles", - "devicefarm:ListProjects", - "devicefarm:ListTestGridProjects", - "directconnect:DescribeDirectConnectGateways", - "dms:DescribeCertificates", - "dms:DescribeEndpoints", - "dms:DescribeEventSubscriptions", - "dms:DescribeReplicationInstances", - "dms:DescribeReplicationSubnetGroups", - "dms:DescribeReplicationTasks", - "ds:DescribeDirectories", - "dynamodb:ListTables", - "ec2:DescribeAddresses", - "ec2:DescribeCapacityReservationFleets", - "ec2:DescribeCapacityReservations", - "ec2:DescribeCarrierGateways", - "ec2:DescribeClientVpnEndpoints", - "ec2:DescribeCustomerGateways", - "ec2:DescribeDhcpOptions", - "ec2:DescribeEgressOnlyInternetGateways", - "ec2:DescribeFleets", - "ec2:DescribeFlowLogs", - "ec2:DescribeFpgaImages", - "ec2:DescribeHostReservations", - "ec2:DescribeHosts", - "ec2:DescribeImages", - "ec2:DescribeInstanceConnectEndpoints", - "ec2:DescribeInstanceEventWindows", - "ec2:DescribeInstances", - "ec2:DescribeInternetGateways", - "ec2:DescribeIpamPools", - "ec2:DescribeIpamResourceDiscoveries", - "ec2:DescribeIpamResourceDiscoveryAssociations", - "ec2:DescribeIpamScopes", - "ec2:DescribeIpams", - "ec2:DescribeKeyPairs", - "ec2:DescribeLaunchTemplates", - "ec2:DescribeManagedPrefixLists", - "ec2:DescribeNatGateways", - "ec2:DescribeNetworkAcls", - "ec2:DescribeNetworkInsightsAccessScopeAnalyses", - "ec2:DescribeNetworkInsightsAccessScopes", - "ec2:DescribeNetworkInsightsAnalyses", - "ec2:DescribeNetworkInsightsPaths", - "ec2:DescribeNetworkInterfaces", - "ec2:DescribePlacementGroups", - "ec2:DescribePublicIpv4Pools", - "ec2:DescribeReservedInstances", - "ec2:DescribeRouteTables", - "ec2:DescribeSecurityGroupRules", - "ec2:DescribeSecurityGroups", - "ec2:DescribeSnapshots", - "ec2:DescribeSpotFleetRequests", - "ec2:DescribeSpotInstanceRequests", - "ec2:DescribeSubnets", - "ec2:DescribeTrafficMirrorFilters", - "ec2:DescribeTrafficMirrorSessions", - "ec2:DescribeTrafficMirrorTargets", - "ec2:DescribeTransitGatewayAttachments", - "ec2:DescribeTransitGatewayConnectPeers", - "ec2:DescribeTransitGatewayMulticastDomains", - "ec2:DescribeTransitGatewayPolicyTables", - "ec2:DescribeTransitGatewayRouteTableAnnouncements", - "ec2:DescribeTransitGatewayRouteTables", - "ec2:DescribeTransitGateways", - "ec2:DescribeVerifiedAccessEndpoints", - "ec2:DescribeVerifiedAccessGroups", - "ec2:DescribeVerifiedAccessInstances", - "ec2:DescribeVerifiedAccessTrustProviders", - "ec2:DescribeVolumes", - "ec2:DescribeVpcBlockPublicAccessExclusions", - "ec2:DescribeVpcEndpointServiceConfigurations", - "ec2:DescribeVpcEndpoints", - "ec2:DescribeVpcPeeringConnections", - "ec2:DescribeVpcs", - "ec2:DescribeVpnConnections", - "ec2:DescribeVpnGateways", - "ec2:GetSubnetCidrReservations", - "ecr-public:DescribeRepositories", - "ecr:DescribeRepositories", - "ecs:DescribeCapacityProviders", - "ecs:DescribeServices", - "ecs:ListClusters", - "ecs:ListContainerInstances", - "ecs:ListServices", - "ecs:ListTaskDefinitions", - "eks:DescribeAccessEntry", - "eks:DescribeAddon", - "eks:DescribeFargateProfile", - "eks:DescribeIdentityProviderConfig", - "eks:DescribeNodegroup", - "eks:ListAccessEntries", - "eks:ListAddons", - "eks:ListClusters", - "eks:ListEksAnywhereSubscriptions", - "eks:ListFargateProfiles", - "eks:ListIdentityProviderConfigs", - "eks:ListNodegroups", - "eks:ListPodIdentityAssociations", - "elasticache:DescribeCacheClusters", - "elasticache:DescribeCacheParameterGroups", - "elasticache:DescribeCacheSubnetGroups", - "elasticache:DescribeGlobalReplicationGroups", - "elasticache:DescribeReplicationGroups", - "elasticache:DescribeReservedCacheNodes", - "elasticache:DescribeSnapshots", - "elasticache:DescribeUserGroups", - "elasticache:DescribeUsers", - "elasticbeanstalk:DescribeApplicationVersions", - "elasticbeanstalk:DescribeApplications", - "elasticbeanstalk:DescribeEnvironments", - "elasticfilesystem:DescribeAccessPoints", - "elasticfilesystem:DescribeFileSystems", - "elasticloadbalancing:DescribeListeners", - "elasticloadbalancing:DescribeLoadBalancers", - "elasticloadbalancing:DescribeRules", - "elasticloadbalancing:DescribeTargetGroups", - "elasticmapreduce:ListClusters", - "emr-containers:ListJobTemplates", - "emr-containers:ListManagedEndpoints", - "emr-containers:ListSecurityConfigurations", - "emr-containers:ListVirtualClusters", - "emr-serverless:ListApplications", - "es:ListDomainNames", - "events:ListApiDestinations", - "events:ListArchives", - "events:ListConnections", - "events:ListEndpoints", - "events:ListEventBuses", - "events:ListRules", - "evidently:ListExperiments", - "evidently:ListFeatures", - "evidently:ListLaunches", - "evidently:ListProjects", - "finspace:ListEnvironments", - "firehose:ListDeliveryStreams", - "fis:ListExperimentTemplates", - "fms:ListPolicies", - "fms:ListProtocolsLists", - "forecast:ListDatasetGroups", - "forecast:ListDatasetImportJobs", - "forecast:ListDatasets", - "forecast:ListForecastExportJobs", - "forecast:ListForecasts", - "forecast:ListPredictorBacktestExportJobs", - "forecast:ListPredictors", - "frauddetector:GetDetectors", - "frauddetector:GetEntityTypes", - "frauddetector:GetEventTypes", - "frauddetector:GetExternalModels", - "frauddetector:GetLabels", - "frauddetector:GetModels", - "frauddetector:GetOutcomes", - "frauddetector:GetVariables", - "fsx:DescribeBackups", - "fsx:DescribeFileSystems", - "gamelift:DescribeGameSessionQueues", - "gamelift:DescribeMatchmakingConfigurations", - "gamelift:DescribeMatchmakingRuleSets", - "gamelift:ListAliases", - "gamelift:ListBuilds", - "gamelift:ListLocations", - "gamelift:ListScripts", - "geo:ListMaps", - "geo:ListPlaceIndexes", - "geo:ListTrackers", - "glacier:ListVaults", - "globalaccelerator:ListAccelerators", - "globalaccelerator:ListEndpointGroups", - "globalaccelerator:ListListeners", - "glue:GetCrawlers", - "glue:GetDatabases", - "glue:GetJobs", - "glue:GetTables", - "glue:GetTriggers", - "glue:ListDataQualityRulesets", - "glue:ListMLTransforms", - "glue:ListRegistries", - "grafana:ListWorkspaces", - "greengrass:ListComponentVersions", - "greengrass:ListComponents", - "greengrass:ListConnectorDefinitions", - "greengrass:ListCoreDefinitions", - "greengrass:ListDeviceDefinitions", - "greengrass:ListFunctionDefinitions", - "greengrass:ListGroups", - "greengrass:ListLoggerDefinitions", - "greengrass:ListResourceDefinitions", - "greengrass:ListSubscriptionDefinitions", - "groundstation:ListConfigs", - "groundstation:ListDataflowEndpointGroups", - "groundstation:ListMissionProfiles", - "guardduty:ListDetectors", - "guardduty:ListFilters", - "guardduty:ListIPSets", - "guardduty:ListMalwareProtectionPlans", - "guardduty:ListPublishingDestinations", - "guardduty:ListThreatIntelSets", - "healthlake:ListFHIRDatastores", - "iam:ListGroups", - "iam:ListInstanceProfiles", - "iam:ListOpenIDConnectProviders", - "iam:ListPolicies", - "iam:ListRoles", - "iam:ListSAMLProviders", - "iam:ListServerCertificates", - "iam:ListUsers", - "iam:ListVirtualMFADevices", - "imagebuilder:ListComponentBuildVersions", - "imagebuilder:ListComponents", - "imagebuilder:ListContainerRecipes", - "imagebuilder:ListDistributionConfigurations", - "imagebuilder:ListImageBuildVersions", - "imagebuilder:ListImagePipelines", - "imagebuilder:ListImageRecipes", - "imagebuilder:ListImages", - "imagebuilder:ListInfrastructureConfigurations", - "inspector2:ListFilters", - "inspector:ListAssessmentTemplates", - "iot:ListAuthorizers", - "iot:ListBillingGroups", - "iot:ListCACertificates", - "iot:ListCertificates", - "iot:ListFleetMetrics", - "iot:ListJobTemplates", - "iot:ListMitigationActions", - "iot:ListPolicies", - "iot:ListProvisioningTemplates", - "iot:ListRoleAliases", - "iot:ListScheduledAudits", - "iot:ListSecurityProfiles", - "iot:ListThingGroups", - "iot:ListThingTypes", - "iot:ListThings", - "iot:ListTopicRuleDestinations", - "iot:ListTopicRules", - "iotanalytics:ListChannels", - "iotanalytics:ListDatasets", - "iotanalytics:ListDatastores", - "iotanalytics:ListPipelines", - "iotdeviceadvisor:ListSuiteDefinitions", - "iotevents:ListAlarmModels", - "iotevents:ListDetectorModels", - "iotevents:ListInputs", - "iotfleethub:ListApplications", - "iotfleetwise:ListDecoderManifests", - "iotfleetwise:ListModelManifests", - "iotfleetwise:ListSignalCatalogs", - "iotfleetwise:ListVehicles", - "iotsitewise:ListAccessPolicies", - "iotsitewise:ListAssetModels", - "iotsitewise:ListAssets", - "iotsitewise:ListDashboards", - "iotsitewise:ListGateways", - "iotsitewise:ListPortals", - "iotsitewise:ListProjects", - "iottwinmaker:ListComponentTypes", - "iottwinmaker:ListEntities", - "iottwinmaker:ListSyncJobs", - "iottwinmaker:ListWorkspaces", - "iotwireless:ListDestinations", - "iotwireless:ListDeviceProfiles", - "iotwireless:ListFuotaTasks", - "iotwireless:ListMulticastGroups", - "iotwireless:ListPartnerAccounts", - "iotwireless:ListServiceProfiles", - "iotwireless:ListWirelessDevices", - "iotwireless:ListWirelessGatewayTaskDefinitions", - "iotwireless:ListWirelessGateways", - "ivs:ListChannels", - "ivs:ListEncoderConfigurations", - "ivs:ListIngestConfigurations", - "ivs:ListPlaybackKeyPairs", - "ivs:ListPlaybackRestrictionPolicies", - "ivs:ListRecordingConfigurations", - "ivs:ListStorageConfigurations", - "ivs:ListStreamKeys", - "ivschat:ListLoggingConfigurations", - "ivschat:ListRooms", - "kafka:ListClusters", - "kafka:ListConfigurations", - "kendra:ListAccessControlConfigurations", - "kendra:ListDataSources", - "kendra:ListExperiences", - "kendra:ListFaqs", - "kendra:ListFeaturedResultsSets", - "kendra:ListIndices", - "kendra:ListQuerySuggestionsBlockLists", - "kendra:ListThesauri", - "kinesis:ListStreams", - "kinesisanalytics:ListApplications", - "kinesisvideo:ListSignalingChannels", - "kinesisvideo:ListStreams", - "kms:ListKeys", - "lambda:ListCodeSigningConfigs", - "lambda:ListEventSourceMappings", - "lambda:ListFunctions", - "lex:ListBotAliases", - "lex:ListBots", - "license-manager:ListDistributedGrants", - "lightsail:GetBuckets", - "lightsail:GetCertificates", - "lightsail:GetContainerServices", - "lightsail:GetDisks", - "logs:DescribeDestinations", - "logs:DescribeLogGroups", - "logs:ListTagsForResource", - "lookoutmetrics:ListAlerts", - "lookoutmetrics:ListAnomalyDetectors", - "lookoutvision:ListProjects", - "m2:ListEnvironments", - "macie2:ListAllowLists", - "macie2:ListCustomDataIdentifiers", - "macie2:ListFindingsFilters", - "managedblockchain:ListAccessors", - "mediapackage-vod:ListAssets", - "mediapackage-vod:ListPackagingConfigurations", - "mediapackage-vod:ListPackagingGroups", - "mediapackage:ListChannels", - "mediapackage:ListOriginEndpoints", - "mediastore:ListContainers", - "mediatailor:ListChannels", - "mediatailor:ListLiveSources", - "mediatailor:ListPlaybackConfigurations", - "mediatailor:ListSourceLocations", - "mediatailor:ListVodSources", - "memorydb:DescribeACLs", - "memorydb:DescribeClusters", - "memorydb:DescribeParameterGroups", - "memorydb:DescribeSnapshots", - "memorydb:DescribeSubnetGroups", - "memorydb:DescribeUsers", - "mobiletargeting:GetApps", - "mobiletargeting:GetCampaigns", - "mobiletargeting:GetSegments", - "mobiletargeting:ListTemplates", - "mq:ListBrokers", - "mq:ListConfigurations", - "network-firewall:ListFirewallPolicies", - "network-firewall:ListFirewalls", - "network-firewall:ListRuleGroups", - "networkmanager:DescribeGlobalNetworks", - "networkmanager:GetDevices", - "networkmanager:GetLinks", - "networkmanager:ListAttachments", - "networkmanager:ListCoreNetworks", - "oam:ListSinks", - "omics:ListReferenceStores", - "omics:ListRunGroups", - "omics:ListWorkflows", - "outposts:ListSites", - "organizations:DescribeResourcePolicy", - "organizations:ListPolicies", - "panorama:ListPackages", - "partnercentral:ListEngagementInvitations", - "partnercentral:ListEngagements", - "partnercentral:ListOpportunities", - "partnercentral:ListResourceSnapshotJobs", - "partnercentral:ListResourceSnapshots", - "personalize:ListDatasetGroups", - "personalize:ListDatasets", - "personalize:ListSchemas", - "personalize:ListSolutions", - "pipes:ListPipes", - "profile:ListDomains", - "profile:ListIntegrations", - "profile:ListProfileObjectTypes", - "proton:ListEnvironmentAccountConnections", - "proton:ListEnvironmentTemplates", - "proton:ListServiceTemplates", - "qldb:ListJournalKinesisStreamsForLedger", - "qldb:ListLedgers", - "quicksight:DescribeAccountSubscription", - "quicksight:ListDataSets", - "quicksight:ListDataSources", - "quicksight:ListTemplates", - "quicksight:ListThemes", - "ram:GetResourceShares", - "rds:DescribeBlueGreenDeployments", - "rds:DescribeDBClusterEndpoints", - "rds:DescribeDBClusterParameterGroups", - "rds:DescribeDBClusterSnapshots", - "rds:DescribeDBClusters", - "rds:DescribeDBEngineVersions", - "rds:DescribeDBInstanceAutomatedBackups", - "rds:DescribeDBInstances", - "rds:DescribeDBParameterGroups", - "rds:DescribeDBProxies", - "rds:DescribeDBProxyEndpoints", - "rds:DescribeDBSecurityGroups", - "rds:DescribeDBSnapshots", - "rds:DescribeDBSubnetGroups", - "rds:DescribeEventSubscriptions", - "rds:DescribeGlobalClusters", - "rds:DescribeOptionGroups", - "rds:DescribeReservedDBInstances", - "redshift:DescribeClusterParameterGroups", - "redshift:DescribeClusterSnapshots", - "redshift:DescribeClusterSubnetGroups", - "redshift:DescribeClusters", - "redshift:DescribeEventSubscriptions", - "redshift:DescribeHsmClientCertificates", - "redshift:DescribeSnapshotCopyGrants", - "redshift:DescribeSnapshotSchedules", - "redshift:DescribeUsageLimits", - "refactor-spaces:ListApplications", - "refactor-spaces:ListEnvironments", - "refactor-spaces:ListRoutes", - "refactor-spaces:ListServices", - "rekognition:DescribeProjects", - "resiliencehub:ListApps", - "resiliencehub:ListResiliencyPolicies", - "resource-explorer-2:GetIndex", - "resource-explorer-2:ListViews", - "resource-groups:ListGroups", - "route53-recovery-control-config:ListClusters", - "route53-recovery-control-config:ListControlPanels", - "route53-recovery-control-config:ListRoutingControls", - "route53-recovery-control-config:ListSafetyRules", - "route53-recovery-readiness:ListCells", - "route53-recovery-readiness:ListReadinessChecks", - "route53-recovery-readiness:ListRecoveryGroups", - "route53-recovery-readiness:ListResourceSets", - "route53:ListHealthChecks", - "route53:ListHostedZones", - "route53domains:ListDomains", - "route53resolver:ListFirewallDomainLists", - "route53resolver:ListFirewallRuleGroupAssociations", - "route53resolver:ListFirewallRuleGroups", - "route53resolver:ListResolverEndpoints", - "route53resolver:ListResolverQueryLogConfigs", - "route53resolver:ListResolverRules", - "rum:ListAppMonitors", - "s3:GetBucketLocation", - "s3:ListAccessPoints", - "s3:ListAllMyBuckets", - "s3:ListBucket", - "s3:ListMultiRegionAccessPoints", - "s3:ListStorageLensConfigurations", - "s3:ListStorageLensGroups", - "s3express:ListAllMyDirectoryBuckets", - "sagemaker:ListActions", - "sagemaker:ListAlgorithms", - "sagemaker:ListAppImageConfigs", - "sagemaker:ListApps", - "sagemaker:ListArtifacts", - "sagemaker:ListClusters", - "sagemaker:ListCodeRepositories", - "sagemaker:ListContexts", - "sagemaker:ListDomains", - "sagemaker:ListEndpointConfigs", - "sagemaker:ListEndpoints", - "sagemaker:ListExperiments", - "sagemaker:ListFeatureGroups", - "sagemaker:ListFlowDefinitions", - "sagemaker:ListHubContents", - "sagemaker:ListHubs", - "sagemaker:ListHumanTaskUis", - "sagemaker:ListImageVersions", - "sagemaker:ListImages", - "sagemaker:ListInferenceComponents", - "sagemaker:ListInferenceExperiments", - "sagemaker:ListMlflowTrackingServers", - "sagemaker:ListModelCardVersions", - "sagemaker:ListModelCards", - "sagemaker:ListModelPackageGroups", - "sagemaker:ListModelPackages", - "sagemaker:ListModels", - "sagemaker:ListMonitoringSchedules", - "sagemaker:ListNotebookInstanceLifecycleConfigs", - "sagemaker:ListNotebookInstances", - "sagemaker:ListPipelines", - "sagemaker:ListProjects", - "sagemaker:ListSpaces", - "sagemaker:ListStudioLifecycleConfigs", - "sagemaker:ListTrialComponents", - "sagemaker:ListTrials", - "sagemaker:ListUserProfiles", - "sagemaker:ListWorkforces", - "sagemaker:ListWorkteams", - "scheduler:ListScheduleGroups", - "schemas:ListDiscoverers", - "secretsmanager:ListSecrets", - "servicecatalog:ListApplications", - "servicecatalog:ListAttributeGroups", - "servicediscovery:ListServices", - "ses:ListConfigurationSets", - "ses:ListContactLists", - "ses:ListDedicatedIpPools", - "ses:ListEmailIdentities", - "shield:ListProtectionGroups", - "shield:ListProtections", - "signer:ListSigningProfiles", - "sns:ListTopics", - "sqs:ListQueues", - "ssm-incidents:ListResponsePlans", - "ssm:DescribeInstanceInformation", - "ssm:DescribeMaintenanceWindowTargets", - "ssm:DescribeMaintenanceWindowTasks", - "ssm:DescribeMaintenanceWindows", - "ssm:DescribeParameters", - "ssm:DescribeSessions", - "ssm:ListAssociations", - "ssm:ListDocuments", - "ssm:ListResourceDataSync", - "states:ListActivities", - "states:ListStateMachines", - "storagegateway:ListGateways", - "synthetics:DescribeCanaries", - "synthetics:ListGroups", - "transfer:ListAgreements", - "transfer:ListCertificates", - "transfer:ListConnectors", - "transfer:ListProfiles", - "transfer:ListServers", - "transfer:ListUsers", - "transfer:ListWorkflows", - "verifiedpermissions:ListPolicyStores", - "vpc-lattice:ListListeners", - "vpc-lattice:ListServiceNetworkServiceAssociations", - "vpc-lattice:ListServiceNetworks", - "vpc-lattice:ListServices", - "vpc-lattice:ListTargetGroups", - "wafv2:ListIPSets", - "wafv2:ListRegexPatternSets", - "wafv2:ListRuleGroups", - "wafv2:ListWebACLs", - "wisdom:ListAssistantAssociations", - "wisdom:ListAssistants", - "wisdom:ListContents", - "wisdom:ListKnowledgeBases", - "workspaces-web:ListPortals", - "workspaces:DescribeConnectionAliases", - "workspaces:DescribeWorkspaces" - ], - "Resource": "*" - }, - { - "Sid": "PermissionsForReadGetResources", - "Effect": "Allow", - "Action": [ - "cloudformation:GetResource", - "cloudfront:GetDistribution", - "cloudfront:GetDistributionConfig", - "dynamodb:DescribeContinuousBackups", - "dynamodb:DescribeContributorInsights", - "dynamodb:DescribeKinesisStreamingDestination", - "dynamodb:DescribeTable", - "dynamodb:GetResourcePolicy", - "dynamodb:ListTagsOfResource", - "ecs:ListTagsForResource", - "elasticloadbalancing:DescribeCapacityReservation", - "elasticloadbalancing:DescribeLoadBalancerAttributes", - "elasticloadbalancing:DescribeLoadBalancerPolicies", - "elasticloadbalancing:DescribeLoadBalancerPolicyTypes", - "elasticloadbalancing:DescribeTags", - "elasticloadbalancing:DescribeTargetGroupAttributes", - "elasticloadbalancing:DescribeTargetHealth", - "events:DescribeRule", - "events:ListTargetsByRule", - "iam:GetRole", - "iam:GetRolePolicy", - "iam:ListAttachedRolePolicies", - "iam:ListRolePolicies", - "kinesis:DescribeStreamSummary", - "kinesis:ListTagsForStream", - "lambda:GetEventSourceMapping", - "lambda:GetFunction", - "lambda:GetFunctionCodeSigningConfig", - "lambda:GetFunctionRecursionConfig", - "lambda:ListTags", - "logs:DescribeIndexPolicies", - "logs:GetDataProtectionPolicy", - "s3:GetAccelerateConfiguration", - "s3:GetAnalyticsConfiguration", - "s3:GetBucketCORS", - "s3:GetBucketLogging", - "s3:GetBucketMetadataTableConfiguration", - "s3:GetBucketNotification", - "s3:GetBucketObjectLockConfiguration", - "s3:GetBucketOwnershipControls", - "s3:GetBucketPublicAccessBlock", - "s3:GetBucketTagging", - "s3:GetBucketVersioning", - "s3:GetBucketWebsite", - "s3:GetEncryptionConfiguration", - "s3:GetIntelligentTieringConfiguration", - "s3:GetInventoryConfiguration", - "s3:GetLifecycleConfiguration", - "s3:GetMetricsConfiguration", - "s3:GetReplicationConfiguration", - "sns:GetDataProtectionPolicy", - "sns:GetTopicAttributes", - "sns:ListSubscriptionsByTopic", - "sns:ListTagsForResource", - "sqs:GetQueueAttributes", - "sqs:ListQueueTags" - ], - "Resource": "*" - } - ] - }, - "tags": [] - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "AWSResourceExplorerServiceRolePolicy", - "type": "AwsIamPolicy", - "uid": "arn:aws:iam::aws:policy/aws-service-role/AWSResourceExplorerServiceRolePolicy" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "It is more secure to start with a minimum set of permissions and grant additional permissions as necessary, rather than starting with permissions that are too lenient and then trying to tighten them later. List policies an analyze if permissions are the least possible to conduct business activities.", - "references": [ - "http://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html" - ] - }, - "risk_details": "IAM policies are the means by which privileges are granted to users, groups, or roles. It is recommended and considered a standard security advice to grant least privilegeβ€”that is, granting only the permissions required to perform a task. Determine what users need to do and then craft policies for them that let the users perform only those tasks instead of allowing full administrative privileges. Providing full administrative privileges instead of restricting to the minimum set of permissions that the user is required to do exposes the resources to potentially unwanted actions.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No SAML Providers found.", - "metadata": { - "event_code": "iam_check_saml_providers_sts", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "No SAML Providers found.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.21" - ], - "ENS-RD2022": [ - "op.acc.1.aws.iam.2" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.3", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.21" - ], - "CIS-5.0": [ - "1.20" - ], - "CIS-1.4": [ - "1.21" - ], - "CCC": [ - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR06" - ], - "ProwlerThreatScore-1.0": [ - "1.2.7" - ], - "CIS-1.5": [ - "1.21" - ], - "KISA-ISMS-P-2023": [ - "2.5.3", - "2.10.2" - ], - "CIS-2.0": [ - "1.21" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Check if there are SAML Providers then STS can be used", - "title": "Check if there are SAML Providers then STS can be used", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_check_saml_providers_sts-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:iam::211203495394:root" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Enable SAML provider and use temporary credentials. You can use temporary security credentials to make programmatic requests for AWS resources using the AWS CLI or AWS API (using the AWS SDKs ). The temporary credentials provide the same permissions that you have with use long-term security credentials such as IAM user credentials. In case of not having SAML provider capabilities prevent usage of long-lived credentials.", - "references": [ - "https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRoleWithSAML.html" - ] - }, - "risk_details": "Without SAML provider users with AWS CLI or AWS API access can use IAM static credentials. SAML helps users to assume role by default each time they authenticate.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Inline policy CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-read attached to user test-user-trusted does not allow privilege escalation.", - "metadata": { - "event_code": "iam_inline_policy_allows_privilege_escalation", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Inline policy CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-read attached to user test-user-trusted does not allow privilege escalation.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_3_3" - ], - "C5-2025": [ - "SP-01.04B", - "AM-09.04AC" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.LB.CN05.AR01", - "CCC.Monitor.CN05.AR01", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR04" - ], - "ProwlerThreatScore-1.0": [ - "1.3.3" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure no Inline IAM policies allow actions that may lead into Privilege Escalation", - "title": "Ensure no IAM Inline policies allow actions that may lead into Privilege Escalation", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards" - ], - "uid": "prowler-aws-iam_inline_policy_allows_privilege_escalation-211203495394-us-east-1-test-user-trusted/CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-read" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-read", - "arn": "arn:aws:iam::211203495394:user/test-user-trusted", - "entity": "test-user-trusted", - "version_id": "v1", - "type": "Inline", - "attached": true, - "document": { - "Statement": [ - { - "Action": [ - "s3:GetObject", - "s3:ListBucket", - "rds:DescribeDBInstances", - "ec2:Describe*" - ], - "Effect": "Allow", - "Resource": "arn:aws:s3:us-east-1:211203495394:storage-lens/default-account-dashboard" - } - ], - "Version": "2012-10-17" - }, - "tags": [] - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "test-user-trusted/CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-read", - "type": "AwsIamPolicy", - "uid": "arn:aws:iam::211203495394:user/test-user-trusted" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Grant usage permission on a per-resource basis and applying least privilege principle.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#grant-least-privilege" - ] - }, - "risk_details": "Users with some IAM permissions are allowed to elevate their privileges up to administrator rights.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Inline policy CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-write attached to user test-user-trusted does not allow privilege escalation.", - "metadata": { - "event_code": "iam_inline_policy_allows_privilege_escalation", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Inline policy CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-write attached to user test-user-trusted does not allow privilege escalation.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_3_3" - ], - "C5-2025": [ - "SP-01.04B", - "AM-09.04AC" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.LB.CN05.AR01", - "CCC.Monitor.CN05.AR01", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR04" - ], - "ProwlerThreatScore-1.0": [ - "1.3.3" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure no Inline IAM policies allow actions that may lead into Privilege Escalation", - "title": "Ensure no IAM Inline policies allow actions that may lead into Privilege Escalation", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards" - ], - "uid": "prowler-aws-iam_inline_policy_allows_privilege_escalation-211203495394-us-east-1-test-user-trusted/CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-write" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-write", - "arn": "arn:aws:iam::211203495394:user/test-user-trusted", - "entity": "test-user-trusted", - "version_id": "v1", - "type": "Inline", - "attached": true, - "document": { - "Statement": [ - { - "Action": [ - "s3:GetObject", - "s3:PutObject", - "s3:DeleteObject", - "s3:ListBucket", - "rds:DescribeDBInstances", - "rds:ModifyDBInstance", - "ec2:Describe*" - ], - "Effect": "Allow", - "Resource": "arn:aws:s3:us-east-1:211203495394:storage-lens/default-account-dashboard" - } - ], - "Version": "2012-10-17" - }, - "tags": [] - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "test-user-trusted/CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-write", - "type": "AwsIamPolicy", - "uid": "arn:aws:iam::211203495394:user/test-user-trusted" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Grant usage permission on a per-resource basis and applying least privilege principle.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#grant-least-privilege" - ] - }, - "risk_details": "Users with some IAM permissions are allowed to elevate their privileges up to administrator rights.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Inline policy CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-read attached to user test-user-trusted does not allow '*:*' administrative privileges.", - "metadata": { - "event_code": "iam_inline_policy_no_administrative_privileges", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Inline policy CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-read attached to user test-user-trusted does not allow '*:*' administrative privileges.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "CAF Security Epic: IAM", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_1", - "3_1_2", - "3_1_4", - "3_1_5", - "3_1_6", - "3_1_7", - "3_4_6", - "3_13_3" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_1" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_308_a_3_i", - "164_308_a_3_ii_b", - "164_308_a_4_i", - "164_308_a_4_ii_b", - "164_308_a_4_ii_c", - "164_312_a_1" - ], - "SOC2": [ - "cc_1_3", - "cc_6_3" - ], - "C5-2025": [ - "OIS-04.01AC", - "SP-01.04B", - "HR-01.01B", - "IAM-01.01B", - "IAM-01.04B" - ], - "NIST-CSF-1.1": [ - "ac_1", - "ac_4", - "pt_3" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-1", - "ac-2-f", - "ac-2-j", - "ac-3", - "ac-5-c", - "ac-6-10", - "ac-6", - "sc-2" - ], - "NIST-800-53-Revision-5": [ - "ac_2_1", - "ac_2_6", - "ac_2_i_2", - "ac_3", - "ac_3_3", - "ac_3_3_a", - "ac_3_3_b_1", - "ac_3_3_b_2", - "ac_3_3_b_3", - "ac_3_3_b_4", - "ac_3_3_b_5", - "ac_3_3_c", - "ac_3_4", - "ac_3_4_a", - "ac_3_4_b", - "ac_3_4_c", - "ac_3_4_d", - "ac_3_4_e", - "ac_3_7", - "ac_3_8", - "ac_3_12_a", - "ac_3_13", - "ac_3_15_a", - "ac_3_15_b", - "ac_4_28", - "ac_5_b", - "ac_6", - "ac_6_2", - "ac_6_3", - "ac_6_10", - "ac_24", - "cm_5_1_a", - "cm_6_a", - "cm_9_b", - "mp_2", - "sc_23_3", - "sc_25" - ], - "ENS-RD2022": [ - "op.acc.4.aws.iam.1", - "op.acc.4.aws.iam.2", - "op.acc.4.aws.iam.9", - "op.exp.8.r4.aws.ct.8" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "ac-3" - ], - "FFIEC": [ - "d3-pc-am-b-1", - "d3-pc-am-b-16", - "d3-pc-am-b-2", - "d3-pc-am-b-3", - "d3-pc-am-b-6", - "d3-pc-im-b-7" - ], - "GDPR": [ - "article_25" - ], - "CCC": [ - "CCC.LB.CN05.AR01" - ], - "GxP-21-CFR-Part-11": [ - "11.10-d", - "11.10-g" - ], - "AWS-Foundational-Security-Best-Practices": [ - "IAM.1" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC03-BP02" - ], - "ISO27001-2022": [ - "A.5.18", - "A.8.2" - ], - "NIST-800-53-Revision-4": [ - "ac_2", - "ac_3", - "ac_5", - "ac_6", - "sc_2" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1078", - "T1648", - "T1098", - "T1578", - "T1550", - "T1040", - "T1580", - "T1538", - "T1619", - "T1201" - ], - "CISA": [ - "your-systems-3", - "your-surroundings-3" - ], - "NIS2": [ - "6.7.2.e", - "11.3.2.c", - "11.4.2.b" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure inline policies that allow full \"*:*\" administrative privileges are not associated to IAM identities", - "title": "Ensure IAM inline policies that allow full \"*:*\" administrative privileges are not associated to IAM identities", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_inline_policy_no_administrative_privileges-211203495394-us-east-1-test-user-trusted/CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-read" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-read", - "arn": "arn:aws:iam::211203495394:user/test-user-trusted", - "entity": "test-user-trusted", - "version_id": "v1", - "type": "Inline", - "attached": true, - "document": { - "Statement": [ - { - "Action": [ - "s3:GetObject", - "s3:ListBucket", - "rds:DescribeDBInstances", - "ec2:Describe*" - ], - "Effect": "Allow", - "Resource": "arn:aws:s3:us-east-1:211203495394:storage-lens/default-account-dashboard" - } - ], - "Version": "2012-10-17" - }, - "tags": [] - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "test-user-trusted/CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-read", - "type": "AwsIamPolicy", - "uid": "arn:aws:iam::211203495394:user/test-user-trusted" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "It is more secure to start with a minimum set of permissions and grant additional permissions as necessary, rather than starting with permissions that are too lenient and then trying to tighten them later. List policies an analyze if permissions are the least possible to conduct business activities.", - "references": [ - "http://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html" - ] - }, - "risk_details": "IAM policies are the means by which privileges are granted to users, groups or roles. It is recommended and considered a standard security advice to grant least privilegeβ€”that is, granting only the permissions required to perform a task. Determine what users need to do and then craft policies for them that let the users perform only those tasks instead of allowing full administrative privileges. Providing full administrative privileges instead of restricting to the minimum set of permissions that the user is required to do exposes the resources to potentially unwanted actions.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Inline policy CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-write attached to user test-user-trusted does not allow '*:*' administrative privileges.", - "metadata": { - "event_code": "iam_inline_policy_no_administrative_privileges", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Inline policy CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-write attached to user test-user-trusted does not allow '*:*' administrative privileges.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "CAF Security Epic: IAM", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_1", - "3_1_2", - "3_1_4", - "3_1_5", - "3_1_6", - "3_1_7", - "3_4_6", - "3_13_3" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_1" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_308_a_3_i", - "164_308_a_3_ii_b", - "164_308_a_4_i", - "164_308_a_4_ii_b", - "164_308_a_4_ii_c", - "164_312_a_1" - ], - "SOC2": [ - "cc_1_3", - "cc_6_3" - ], - "C5-2025": [ - "OIS-04.01AC", - "SP-01.04B", - "HR-01.01B", - "IAM-01.01B", - "IAM-01.04B" - ], - "NIST-CSF-1.1": [ - "ac_1", - "ac_4", - "pt_3" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-1", - "ac-2-f", - "ac-2-j", - "ac-3", - "ac-5-c", - "ac-6-10", - "ac-6", - "sc-2" - ], - "NIST-800-53-Revision-5": [ - "ac_2_1", - "ac_2_6", - "ac_2_i_2", - "ac_3", - "ac_3_3", - "ac_3_3_a", - "ac_3_3_b_1", - "ac_3_3_b_2", - "ac_3_3_b_3", - "ac_3_3_b_4", - "ac_3_3_b_5", - "ac_3_3_c", - "ac_3_4", - "ac_3_4_a", - "ac_3_4_b", - "ac_3_4_c", - "ac_3_4_d", - "ac_3_4_e", - "ac_3_7", - "ac_3_8", - "ac_3_12_a", - "ac_3_13", - "ac_3_15_a", - "ac_3_15_b", - "ac_4_28", - "ac_5_b", - "ac_6", - "ac_6_2", - "ac_6_3", - "ac_6_10", - "ac_24", - "cm_5_1_a", - "cm_6_a", - "cm_9_b", - "mp_2", - "sc_23_3", - "sc_25" - ], - "ENS-RD2022": [ - "op.acc.4.aws.iam.1", - "op.acc.4.aws.iam.2", - "op.acc.4.aws.iam.9", - "op.exp.8.r4.aws.ct.8" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "ac-3" - ], - "FFIEC": [ - "d3-pc-am-b-1", - "d3-pc-am-b-16", - "d3-pc-am-b-2", - "d3-pc-am-b-3", - "d3-pc-am-b-6", - "d3-pc-im-b-7" - ], - "GDPR": [ - "article_25" - ], - "CCC": [ - "CCC.LB.CN05.AR01" - ], - "GxP-21-CFR-Part-11": [ - "11.10-d", - "11.10-g" - ], - "AWS-Foundational-Security-Best-Practices": [ - "IAM.1" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC03-BP02" - ], - "ISO27001-2022": [ - "A.5.18", - "A.8.2" - ], - "NIST-800-53-Revision-4": [ - "ac_2", - "ac_3", - "ac_5", - "ac_6", - "sc_2" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1078", - "T1648", - "T1098", - "T1578", - "T1550", - "T1040", - "T1580", - "T1538", - "T1619", - "T1201" - ], - "CISA": [ - "your-systems-3", - "your-surroundings-3" - ], - "NIS2": [ - "6.7.2.e", - "11.3.2.c", - "11.4.2.b" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure inline policies that allow full \"*:*\" administrative privileges are not associated to IAM identities", - "title": "Ensure IAM inline policies that allow full \"*:*\" administrative privileges are not associated to IAM identities", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_inline_policy_no_administrative_privileges-211203495394-us-east-1-test-user-trusted/CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-write" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-write", - "arn": "arn:aws:iam::211203495394:user/test-user-trusted", - "entity": "test-user-trusted", - "version_id": "v1", - "type": "Inline", - "attached": true, - "document": { - "Statement": [ - { - "Action": [ - "s3:GetObject", - "s3:PutObject", - "s3:DeleteObject", - "s3:ListBucket", - "rds:DescribeDBInstances", - "rds:ModifyDBInstance", - "ec2:Describe*" - ], - "Effect": "Allow", - "Resource": "arn:aws:s3:us-east-1:211203495394:storage-lens/default-account-dashboard" - } - ], - "Version": "2012-10-17" - }, - "tags": [] - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "test-user-trusted/CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-write", - "type": "AwsIamPolicy", - "uid": "arn:aws:iam::211203495394:user/test-user-trusted" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "It is more secure to start with a minimum set of permissions and grant additional permissions as necessary, rather than starting with permissions that are too lenient and then trying to tighten them later. List policies an analyze if permissions are the least possible to conduct business activities.", - "references": [ - "http://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html" - ] - }, - "risk_details": "IAM policies are the means by which privileges are granted to users, groups or roles. It is recommended and considered a standard security advice to grant least privilegeβ€”that is, granting only the permissions required to perform a task. Determine what users need to do and then craft policies for them that let the users perform only those tasks instead of allowing full administrative privileges. Providing full administrative privileges instead of restricting to the minimum set of permissions that the user is required to do exposes the resources to potentially unwanted actions.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Inline policy CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-read attached to user test-user-trusted does not allow 'cloudtrail:*' privileges.", - "metadata": { - "event_code": "iam_inline_policy_no_full_access_to_cloudtrail", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Inline policy CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-read attached to user test-user-trusted does not allow 'cloudtrail:*' privileges.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-10.01B", - "SIM-03.07B", - "COM-04.01AC" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.LB.CN05.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN05.AR01", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR04" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure IAM inline policies that allow full \"cloudtrail:*\" privileges are not created", - "title": "Ensure IAM inline policies that allow full \"cloudtrail:*\" privileges are not created", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_inline_policy_no_full_access_to_cloudtrail-211203495394-us-east-1-test-user-trusted/CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-read" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-read", - "arn": "arn:aws:iam::211203495394:user/test-user-trusted", - "entity": "test-user-trusted", - "version_id": "v1", - "type": "Inline", - "attached": true, - "document": { - "Statement": [ - { - "Action": [ - "s3:GetObject", - "s3:ListBucket", - "rds:DescribeDBInstances", - "ec2:Describe*" - ], - "Effect": "Allow", - "Resource": "arn:aws:s3:us-east-1:211203495394:storage-lens/default-account-dashboard" - } - ], - "Version": "2012-10-17" - }, - "tags": [] - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "test-user-trusted/CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-read", - "type": "AwsIamPolicy", - "uid": "arn:aws:iam::211203495394:user/test-user-trusted" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "It is more secure to start with a minimum set of permissions and grant additional permissions as necessary, rather than starting with permissions that are too lenient and then trying to tighten them later. List policies an analyze if permissions are the least possible to conduct business activities.", - "references": [ - "http://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html" - ] - }, - "risk_details": "CloudTrail is a critical service and IAM policies should follow least privilege model for this service in particular", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Inline policy CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-write attached to user test-user-trusted does not allow 'cloudtrail:*' privileges.", - "metadata": { - "event_code": "iam_inline_policy_no_full_access_to_cloudtrail", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Inline policy CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-write attached to user test-user-trusted does not allow 'cloudtrail:*' privileges.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-10.01B", - "SIM-03.07B", - "COM-04.01AC" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.LB.CN05.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN05.AR01", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR04" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure IAM inline policies that allow full \"cloudtrail:*\" privileges are not created", - "title": "Ensure IAM inline policies that allow full \"cloudtrail:*\" privileges are not created", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_inline_policy_no_full_access_to_cloudtrail-211203495394-us-east-1-test-user-trusted/CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-write" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-write", - "arn": "arn:aws:iam::211203495394:user/test-user-trusted", - "entity": "test-user-trusted", - "version_id": "v1", - "type": "Inline", - "attached": true, - "document": { - "Statement": [ - { - "Action": [ - "s3:GetObject", - "s3:PutObject", - "s3:DeleteObject", - "s3:ListBucket", - "rds:DescribeDBInstances", - "rds:ModifyDBInstance", - "ec2:Describe*" - ], - "Effect": "Allow", - "Resource": "arn:aws:s3:us-east-1:211203495394:storage-lens/default-account-dashboard" - } - ], - "Version": "2012-10-17" - }, - "tags": [] - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "test-user-trusted/CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-write", - "type": "AwsIamPolicy", - "uid": "arn:aws:iam::211203495394:user/test-user-trusted" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "It is more secure to start with a minimum set of permissions and grant additional permissions as necessary, rather than starting with permissions that are too lenient and then trying to tighten them later. List policies an analyze if permissions are the least possible to conduct business activities.", - "references": [ - "http://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html" - ] - }, - "risk_details": "CloudTrail is a critical service and IAM policies should follow least privilege model for this service in particular", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Inline policy CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-read attached to user test-user-trusted does not allow 'kms:*' privileges.", - "metadata": { - "event_code": "iam_inline_policy_no_full_access_to_kms", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Inline policy CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-read attached to user test-user-trusted does not allow 'kms:*' privileges.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "IAM-10.01B", - "CRY-05.02B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "PCI-4.0": [ - "3.5.1.1.8", - "3.5.1.3.16", - "3.6.1.2.8", - "3.6.1.3.8", - "3.6.1.4.8", - "3.6.1.8", - "3.7.1.9", - "3.7.2.8", - "3.7.4.9", - "3.7.6.8", - "3.7.7.8", - "4.2.1.1.21", - "7.2.1.10", - "7.2.2.10", - "7.2.3.6", - "7.2.5.6", - "7.3.1.6", - "7.3.2.6", - "7.3.3.6", - "8.2.7.6", - "8.2.8.8", - "8.3.4.6" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.KeyMgmt.CN02.AR01", - "CCC.LB.CN05.AR01", - "CCC.ObjStor.CN01.AR02", - "CCC.ObjStor.CN01.AR04", - "CCC.MLDE.CN01.AR01", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR04" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure IAM inline policies that allow full \"kms:*\" privileges are not created", - "title": "Ensure IAM inline policies that allow full \"kms:*\" privileges are not created", - "types": [ - "Software and Configuration Checks" - ], - "uid": "prowler-aws-iam_inline_policy_no_full_access_to_kms-211203495394-us-east-1-test-user-trusted/CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-read" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-read", - "arn": "arn:aws:iam::211203495394:user/test-user-trusted", - "entity": "test-user-trusted", - "version_id": "v1", - "type": "Inline", - "attached": true, - "document": { - "Statement": [ - { - "Action": [ - "s3:GetObject", - "s3:ListBucket", - "rds:DescribeDBInstances", - "ec2:Describe*" - ], - "Effect": "Allow", - "Resource": "arn:aws:s3:us-east-1:211203495394:storage-lens/default-account-dashboard" - } - ], - "Version": "2012-10-17" - }, - "tags": [] - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "test-user-trusted/CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-read", - "type": "AwsIamPolicy", - "uid": "arn:aws:iam::211203495394:user/test-user-trusted" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "It is more secure to start with a minimum set of permissions and grant additional permissions as necessary, rather than starting with permissions that are too lenient and then trying to tighten them later. List policies an analyze if permissions are the least possible to conduct business activities.", - "references": [ - "http://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html" - ] - }, - "risk_details": "KMS is a critical service and IAM policies should follow least privilege model for this service in particular", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Inline policy CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-write attached to user test-user-trusted does not allow 'kms:*' privileges.", - "metadata": { - "event_code": "iam_inline_policy_no_full_access_to_kms", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Inline policy CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-write attached to user test-user-trusted does not allow 'kms:*' privileges.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "IAM-10.01B", - "CRY-05.02B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "PCI-4.0": [ - "3.5.1.1.8", - "3.5.1.3.16", - "3.6.1.2.8", - "3.6.1.3.8", - "3.6.1.4.8", - "3.6.1.8", - "3.7.1.9", - "3.7.2.8", - "3.7.4.9", - "3.7.6.8", - "3.7.7.8", - "4.2.1.1.21", - "7.2.1.10", - "7.2.2.10", - "7.2.3.6", - "7.2.5.6", - "7.3.1.6", - "7.3.2.6", - "7.3.3.6", - "8.2.7.6", - "8.2.8.8", - "8.3.4.6" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.KeyMgmt.CN02.AR01", - "CCC.LB.CN05.AR01", - "CCC.ObjStor.CN01.AR02", - "CCC.ObjStor.CN01.AR04", - "CCC.MLDE.CN01.AR01", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR04" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure IAM inline policies that allow full \"kms:*\" privileges are not created", - "title": "Ensure IAM inline policies that allow full \"kms:*\" privileges are not created", - "types": [ - "Software and Configuration Checks" - ], - "uid": "prowler-aws-iam_inline_policy_no_full_access_to_kms-211203495394-us-east-1-test-user-trusted/CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-write" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-write", - "arn": "arn:aws:iam::211203495394:user/test-user-trusted", - "entity": "test-user-trusted", - "version_id": "v1", - "type": "Inline", - "attached": true, - "document": { - "Statement": [ - { - "Action": [ - "s3:GetObject", - "s3:PutObject", - "s3:DeleteObject", - "s3:ListBucket", - "rds:DescribeDBInstances", - "rds:ModifyDBInstance", - "ec2:Describe*" - ], - "Effect": "Allow", - "Resource": "arn:aws:s3:us-east-1:211203495394:storage-lens/default-account-dashboard" - } - ], - "Version": "2012-10-17" - }, - "tags": [] - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "test-user-trusted/CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-write", - "type": "AwsIamPolicy", - "uid": "arn:aws:iam::211203495394:user/test-user-trusted" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "It is more secure to start with a minimum set of permissions and grant additional permissions as necessary, rather than starting with permissions that are too lenient and then trying to tighten them later. List policies an analyze if permissions are the least possible to conduct business activities.", - "references": [ - "http://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html" - ] - }, - "risk_details": "KMS is a critical service and IAM policies should follow least privilege model for this service in particular", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Root account does not have access keys.", - "metadata": { - "event_code": "iam_no_root_access_key", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "PASS", - "status_detail": "Root account does not have access keys.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_1", - "3_1_2", - "3_1_4", - "3_1_5", - "3_1_6", - "3_1_7", - "3_4_6" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_1" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_308_a_3_i", - "164_308_a_3_ii_b", - "164_308_a_4_ii_c", - "164_312_a_2_i" - ], - "C5-2025": [ - "IAM-03.01B", - "IAM-03.03B", - "IAM-06.02B", - "IAM-10.01B", - "CRY-03.01B" - ], - "NIST-CSF-1.1": [ - "ac_1", - "ac_4", - "pt_3" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-1", - "ac-2-f", - "ac-2-j", - "ac-3", - "ac-5-c", - "ac-6-10", - "ac-6", - "ia-2" - ], - "CIS-3.0": [ - "1.4" - ], - "NIST-800-53-Revision-5": [ - "ac_2_1", - "ac_2_6", - "ac_3_3", - "ac_3_3_a", - "ac_3_3_b_1", - "ac_3_3_b_2", - "ac_3_3_b_3", - "ac_3_3_b_4", - "ac_3_3_b_5", - "ac_3_3_c", - "ac_3_4", - "ac_3_4_a", - "ac_3_4_b", - "ac_3_4_c", - "ac_3_4_d", - "ac_3_4_e", - "ac_3_7", - "ac_3_8", - "ac_3_12_a", - "ac_3_13", - "ac_3_15_a", - "ac_3_15_b", - "ac_4_28", - "ac_6", - "ac_6_2", - "ac_6_10", - "ac_24", - "cm_5_1_a", - "cm_6_a", - "cm_9_b", - "ia_2", - "ia_4_b", - "ia_4_4", - "ia_4_8", - "ia_5_8", - "mp_2", - "sc_23_3", - "sc_25" - ], - "ENS-RD2022": [ - "op.acc.4.aws.iam.7" - ], - "AWS-Foundational-Technical-Review": [ - "ARC-004" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.5", - "2.7.2", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.4" - ], - "PCI-4.0": [ - "7.2.1.17", - "7.2.2.17", - "7.2.3.8", - "8.2.1.4", - "8.2.2.6", - "8.2.4.4", - "8.2.5.4", - "8.3.11.4" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "ac-3", - "ia-2" - ], - "FFIEC": [ - "d3-pc-am-b-1", - "d3-pc-am-b-3", - "d3-pc-am-b-8" - ], - "GDPR": [ - "article_25" - ], - "CIS-5.0": [ - "1.3" - ], - "CIS-1.4": [ - "1.4" - ], - "CCC": [ - "CCC.Core.CN05.AR06" - ], - "GxP-21-CFR-Part-11": [ - "11.10-d", - "11.10-g", - "11.200" - ], - "ProwlerThreatScore-1.0": [ - "1.1.13" - ], - "AWS-Foundational-Security-Best-Practices": [ - "IAM.4" - ], - "CIS-1.5": [ - "1.4" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC01-BP02" - ], - "ISO27001-2022": [ - "A.5.15" - ], - "NIST-800-53-Revision-4": [ - "ac_2", - "ac_3", - "ac_6_10", - "ac_6" - ], - "AWS-Account-Security-Onboarding": [ - "Block root user" - ], - "KISA-ISMS-P-2023": [ - "2.5.5", - "2.7.2", - "2.10.2" - ], - "ISO27001-2013": [ - "A.9.2", - "A.9.4" - ], - "MITRE-ATTACK": [ - "T1078", - "T1550" - ], - "CIS-2.0": [ - "1.4" - ], - "CISA": [ - "your-systems-3", - "your-surroundings-3" - ], - "NIS2": [ - "9.2.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure no root account access key exists", - "title": "Ensure no root account access key exists", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_no_root_access_key-211203495394-us-east-1-" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "user": "", - "arn": "arn:aws:iam::211203495394:root", - "user_creation_time": "2025-10-03T16:10:08Z", - "password_enabled": "true", - "password_last_used": "2025-10-15T00:42:44Z", - "password_last_changed": "2025-10-03T16:10:08Z", - "password_next_rotation": "not_supported", - "mfa_active": "true", - "access_key_1_active": "false", - "access_key_1_last_rotated": "N/A", - "access_key_1_last_used_date": "N/A", - "access_key_1_last_used_region": "N/A", - "access_key_1_last_used_service": "N/A", - "access_key_2_active": "false", - "access_key_2_last_rotated": "N/A", - "access_key_2_last_used_date": "N/A", - "access_key_2_last_used_region": "N/A", - "access_key_2_last_used_service": "N/A", - "cert_1_active": "false", - "cert_1_last_rotated": "N/A", - "cert_2_active": "false", - "cert_2_last_rotated": "N/A" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "", - "type": "AwsIamAccessKey", - "uid": "arn:aws:iam::211203495394:root" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Use the credential report to check the user and ensure the access_key_1_active and access_key_2_active fields are set to FALSE. If using AWS Organizations, consider enabling Centralized Root Management and removing individual root credentials.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_getting-report.html" - ] - }, - "risk_details": "The root account is the most privileged user in an AWS account. AWS Access Keys provide programmatic access to a given AWS account. It is recommended that all access keys associated with the root account be removed. Removing access keys associated with the root account limits vectors by which the account can be compromised. Removing the root access keys encourages the creation and use of role based accounts that are least privileged.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Password expiration is not set.", - "metadata": { - "event_code": "iam_password_policy_expires_passwords_within_90_days_or_less", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Password expiration is not set.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_5_5", - "3_5_6", - "3_5_7", - "3_5_8" - ], - "C5-2025": [ - "IAM-03.02B", - "IAM-08.03B", - "IAM-08.05B", - "PSS-07.01B" - ], - "ENS-RD2022": [ - "op.acc.6.aws.iam.3" - ], - "AWS-Foundational-Technical-Review": [ - "IAM-003" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.4", - "2.10.2" - ], - "PCI-4.0": [ - "8.3.6.1", - "8.6.3.2" - ], - "CCC": [ - "CCC.Core.CN05.AR02" - ], - "ProwlerThreatScore-1.0": [ - "1.1.12" - ], - "AWS-Foundational-Security-Best-Practices": [ - "IAM.7", - "IAM.10" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC03-BP06" - ], - "ISO27001-2022": [ - "A.5.15" - ], - "KISA-ISMS-P-2023": [ - "2.5.4", - "2.10.2" - ], - "ISO27001-2013": [ - "A.9.2", - "A.9.3", - "A.9.4" - ], - "MITRE-ATTACK": [ - "T1078", - "T1110" - ], - "NIS2": [ - "1.1.1.d", - "1.1.2", - "9.2.c.v", - "11.6.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure IAM password policy expires passwords within 90 days or less", - "title": "Ensure IAM password policy expires passwords within 90 days or less", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_password_policy_expires_passwords_within_90_days_or_less-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "length": 8, - "symbols": false, - "numbers": false, - "uppercase": false, - "lowercase": false, - "allow_change": true, - "expiration": false, - "max_age": null, - "reuse_prevention": null, - "hard_expiry": null - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:iam:us-east-1:211203495394:password-policy" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Ensure Password expiration period (in days): is set to 90 or less.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_passwords_account-policy.html" - ] - }, - "risk_details": "Password policies are used to enforce password complexity requirements. IAM password policies can be used to ensure password are comprised of different character sets. It is recommended that the password policy require at least one uppercase letter.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "IAM password policy does not require at least one lowercase letter.", - "metadata": { - "event_code": "iam_password_policy_lowercase", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "IAM password policy does not require at least one lowercase letter.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_5_7" - ], - "HIPAA": [ - "164_308_a_5_ii_d" - ], - "C5-2025": [ - "IAM-08.03B", - "PSS-07.01B" - ], - "ENS-RD2022": [ - "op.acc.6.r1.aws.iam.1" - ], - "AWS-Foundational-Technical-Review": [ - "IAM-003" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.4", - "2.10.2" - ], - "FFIEC": [ - "d3-pc-am-b-6", - "d3-pc-am-b-7" - ], - "GDPR": [ - "article_25" - ], - "CCC": [ - "CCC.Core.CN05.AR02" - ], - "GxP-21-CFR-Part-11": [ - "11.10-d", - "11.10-g", - "11.200", - "11.300-b" - ], - "ProwlerThreatScore-1.0": [ - "1.1.8" - ], - "AWS-Foundational-Security-Best-Practices": [ - "IAM.7", - "IAM.10" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC02-BP01" - ], - "ISO27001-2022": [ - "A.5.15" - ], - "KISA-ISMS-P-2023": [ - "2.5.4", - "2.10.2" - ], - "ISO27001-2013": [ - "A.9.2", - "A.9.3", - "A.9.4" - ], - "MITRE-ATTACK": [ - "T1078", - "T1110" - ], - "CISA": [ - "your-systems-3", - "your-surroundings-4" - ], - "NIS2": [ - "9.2.c.v", - "11.6.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure IAM password policy requires at least one uppercase letter", - "title": "Ensure IAM password policy require at least one lowercase letter", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_password_policy_lowercase-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "length": 8, - "symbols": false, - "numbers": false, - "uppercase": false, - "lowercase": false, - "allow_change": true, - "expiration": false, - "max_age": null, - "reuse_prevention": null, - "hard_expiry": null - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:iam:us-east-1:211203495394:password-policy" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Ensure \"Requires at least one lowercase letter\" is checked under \"Password Policy\".", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_passwords_account-policy.html" - ] - }, - "risk_details": "Password policies are used to enforce password complexity requirements. IAM password policies can be used to ensure password are comprised of different character sets. It is recommended that the password policy require at least one lowercase letter.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "IAM password policy does not require minimum length of 14 characters.", - "metadata": { - "event_code": "iam_password_policy_minimum_length_14", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "IAM password policy does not require minimum length of 14 characters.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_5_7" - ], - "HIPAA": [ - "164_308_a_5_ii_d" - ], - "C5-2025": [ - "IAM-08.03B", - "PSS-07.01B" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-1", - "ac-2-f", - "ac-2-j", - "ac-2-3", - "ac-5-c", - "ia-2", - "ia-5-1-a-d-e", - "ia-5-4" - ], - "CIS-3.0": [ - "1.8" - ], - "NIST-800-53-Revision-5": [ - "ac_2_1", - "ac_2_3_a", - "ac_2_3_b", - "ac_2_3_c", - "ac_2_3_d", - "ac_2_3", - "ac_2_d_1", - "ac_3_3", - "ac_3_3_a", - "ac_3_3_b_1", - "ac_3_3_b_2", - "ac_3_3_b_3", - "ac_3_3_b_4", - "ac_3_3_b_5", - "ac_3_3_c", - "ac_3_4", - "ac_3_4_a", - "ac_3_4_b", - "ac_3_4_c", - "ac_3_4_d", - "ac_3_4_e", - "ac_3_8", - "ac_3_12_a", - "ac_3_13", - "ac_3_15_a", - "ac_3_15_b", - "ac_4_28", - "ac_7_4", - "ac_7_4_a", - "ac_24", - "cm_5_1_a", - "cm_6_a", - "cm_9_b", - "cm_12_b", - "ia_4_d", - "ia_5", - "ia_5_b", - "ia_5_c", - "ia_5_d", - "ia_5_f", - "ia_5_h", - "ia_5_1_f", - "ia_5_1_g", - "ia_5_1_h", - "ia_5_1_h", - "ia_5_18_a", - "ia_5_18_b", - "ia_8_2_b", - "ma_4_c", - "sc_23_3" - ], - "ENS-RD2022": [ - "op.acc.6.r1.aws.iam.1" - ], - "AWS-Foundational-Technical-Review": [ - "IAM-003" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.4", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.8" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "ia-2" - ], - "FFIEC": [ - "d3-pc-am-b-6", - "d3-pc-am-b-7" - ], - "GDPR": [ - "article_25" - ], - "CIS-5.0": [ - "1.7" - ], - "CIS-1.4": [ - "1.8" - ], - "CCC": [ - "CCC.Core.CN05.AR02" - ], - "GxP-21-CFR-Part-11": [ - "11.10-d", - "11.10-g", - "11.200", - "11.300-b" - ], - "ProwlerThreatScore-1.0": [ - "1.1.4" - ], - "AWS-Foundational-Security-Best-Practices": [ - "IAM.7", - "IAM.10" - ], - "CIS-1.5": [ - "1.8" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC02-BP01" - ], - "ISO27001-2022": [ - "A.5.15" - ], - "KISA-ISMS-P-2023": [ - "2.5.4", - "2.10.2" - ], - "ISO27001-2013": [ - "A.9.2", - "A.9.3", - "A.9.4" - ], - "MITRE-ATTACK": [ - "T1078", - "T1110" - ], - "CIS-2.0": [ - "1.8" - ], - "CISA": [ - "your-systems-3", - "your-surroundings-4" - ], - "NIS2": [ - "9.2.c.v" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure IAM password policy requires minimum length of 14 or greater", - "title": "Ensure IAM password policy requires minimum length of 14 or greater", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_password_policy_minimum_length_14-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "length": 8, - "symbols": false, - "numbers": false, - "uppercase": false, - "lowercase": false, - "allow_change": true, - "expiration": false, - "max_age": null, - "reuse_prevention": null, - "hard_expiry": null - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:iam:us-east-1:211203495394:password-policy" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Ensure \"Minimum password length\" is checked under \"Password Policy\".", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_passwords_account-policy.html" - ] - }, - "risk_details": "Password policies are used to enforce password complexity requirements. IAM password policies can be used to ensure password are comprised of different character sets. It is recommended that the password policy require minimum length of 14 or greater.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "IAM password policy does not require at least one number.", - "metadata": { - "event_code": "iam_password_policy_number", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "IAM password policy does not require at least one number.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_5_7" - ], - "HIPAA": [ - "164_308_a_5_ii_d" - ], - "C5-2025": [ - "IAM-08.03B", - "IAM-08.05B", - "PSS-07.01B" - ], - "ENS-RD2022": [ - "op.acc.6.r1.aws.iam.1" - ], - "AWS-Foundational-Technical-Review": [ - "IAM-003" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.4", - "2.10.2" - ], - "FFIEC": [ - "d3-pc-am-b-6", - "d3-pc-am-b-7" - ], - "GDPR": [ - "article_25" - ], - "CCC": [ - "CCC.Core.CN05.AR02" - ], - "GxP-21-CFR-Part-11": [ - "11.10-d", - "11.10-g", - "11.200", - "11.300-b" - ], - "ProwlerThreatScore-1.0": [ - "1.1.6" - ], - "AWS-Foundational-Security-Best-Practices": [ - "IAM.7", - "IAM.10" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC02-BP01" - ], - "ISO27001-2022": [ - "A.5.15" - ], - "KISA-ISMS-P-2023": [ - "2.5.4", - "2.10.2" - ], - "ISO27001-2013": [ - "A.9.2", - "A.9.3", - "A.9.4" - ], - "MITRE-ATTACK": [ - "T1078", - "T1110" - ], - "CISA": [ - "your-systems-3", - "your-surroundings-4" - ], - "NIS2": [ - "9.2.c.v" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure IAM password policy require at least one number", - "title": "Ensure IAM password policy require at least one number", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_password_policy_number-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "length": 8, - "symbols": false, - "numbers": false, - "uppercase": false, - "lowercase": false, - "allow_change": true, - "expiration": false, - "max_age": null, - "reuse_prevention": null, - "hard_expiry": null - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:iam:us-east-1:211203495394:password-policy" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Ensure \"Require at least one number\" is checked under \"Password Policy\".", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_passwords_account-policy.html" - ] - }, - "risk_details": "Password policies are used to enforce password complexity requirements. IAM password policies can be used to ensure password are comprised of different character sets. It is recommended that the password policy require at least one number.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "IAM password policy reuse prevention is less than 24 or not set.", - "metadata": { - "event_code": "iam_password_policy_reuse_24", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "IAM password policy reuse prevention is less than 24 or not set.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_5_5", - "3_5_6", - "3_5_7", - "3_5_8" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_2" - ], - "HIPAA": [ - "164_308_a_4_ii_c", - "164_308_a_5_ii_d", - "164_312_d" - ], - "C5-2025": [ - "IAM-01.03B", - "IAM-03.02B", - "IAM-03.03B", - "IAM-03.01AS", - "IAM-08.03B", - "IAM-08.05B", - "IAM-08.07B", - "PSS-07.01B" - ], - "NIST-CSF-1.1": [ - "ac_1" - ], - "CIS-3.0": [ - "1.9" - ], - "ENS-RD2022": [ - "op.acc.6.r1.aws.iam.1" - ], - "AWS-Foundational-Technical-Review": [ - "IAM-003" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.4", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.9" - ], - "GDPR": [ - "article_25" - ], - "PCI-3.2.1": [ - "8.1", - "8.1.4", - "8.2", - "8.2.3", - "8.2.3.a", - "8.2.3.b", - "8.2.4", - "8.2.4.a", - "8.2.4.b", - "8.2.5", - "8.2.5.a", - "8.2.5.b" - ], - "CIS-5.0": [ - "1.8" - ], - "CIS-1.4": [ - "1.9" - ], - "CCC": [ - "CCC.Core.CN05.AR02" - ], - "ProwlerThreatScore-1.0": [ - "1.1.5" - ], - "AWS-Foundational-Security-Best-Practices": [ - "IAM.7", - "IAM.10" - ], - "CIS-1.5": [ - "1.9" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC02-BP01" - ], - "ISO27001-2022": [ - "A.5.15" - ], - "NIST-800-53-Revision-4": [ - "ac_2_1", - "ac_2", - "ia_2", - "ia_5_1", - "ia_5_4" - ], - "KISA-ISMS-P-2023": [ - "2.5.4", - "2.10.2" - ], - "ISO27001-2013": [ - "A.9.2", - "A.9.3", - "A.9.4" - ], - "MITRE-ATTACK": [ - "T1078", - "T1110" - ], - "CIS-2.0": [ - "1.9" - ], - "NIS2": [ - "9.2.c.v" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure IAM password policy prevents password reuse: 24 or greater", - "title": "Ensure IAM password policy prevents password reuse: 24 or greater", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_password_policy_reuse_24-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "length": 8, - "symbols": false, - "numbers": false, - "uppercase": false, - "lowercase": false, - "allow_change": true, - "expiration": false, - "max_age": null, - "reuse_prevention": null, - "hard_expiry": null - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:iam:us-east-1:211203495394:password-policy" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Ensure \"Number of passwords to remember\" is set to 24.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_passwords_account-policy.html" - ] - }, - "risk_details": "Password policies are used to enforce password complexity requirements. IAM password policies can be used to ensure password are comprised of different character sets. It is recommended that the password policy prevents at least password reuse of 24 or greater.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "IAM password policy does not require at least one symbol.", - "metadata": { - "event_code": "iam_password_policy_symbol", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "IAM password policy does not require at least one symbol.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_5_7" - ], - "HIPAA": [ - "164_308_a_5_ii_d" - ], - "C5-2025": [ - "IAM-08.03B", - "PSS-07.01B" - ], - "ENS-RD2022": [ - "op.acc.6.r1.aws.iam.1" - ], - "AWS-Foundational-Technical-Review": [ - "IAM-003" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.4", - "2.10.2" - ], - "FFIEC": [ - "d3-pc-am-b-6", - "d3-pc-am-b-7" - ], - "GDPR": [ - "article_25" - ], - "CCC": [ - "CCC.Core.CN05.AR02" - ], - "GxP-21-CFR-Part-11": [ - "11.10-d", - "11.10-g", - "11.200", - "11.300-b" - ], - "ProwlerThreatScore-1.0": [ - "1.1.7" - ], - "AWS-Foundational-Security-Best-Practices": [ - "IAM.7", - "IAM.10" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC02-BP01" - ], - "ISO27001-2022": [ - "A.5.15" - ], - "KISA-ISMS-P-2023": [ - "2.5.4", - "2.10.2" - ], - "ISO27001-2013": [ - "A.9.2", - "A.9.3", - "A.9.4" - ], - "MITRE-ATTACK": [ - "T1078", - "T1110" - ], - "CISA": [ - "your-systems-3", - "your-surroundings-4" - ], - "NIS2": [ - "9.2.c.v" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure IAM password policy require at least one symbol", - "title": "Ensure IAM password policy require at least one symbol", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_password_policy_symbol-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "length": 8, - "symbols": false, - "numbers": false, - "uppercase": false, - "lowercase": false, - "allow_change": true, - "expiration": false, - "max_age": null, - "reuse_prevention": null, - "hard_expiry": null - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:iam:us-east-1:211203495394:password-policy" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Ensure \"Require at least one non-alphanumeric character\" is checked under \"Password Policy\".", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_passwords_account-policy.html" - ] - }, - "risk_details": "Password policies are used to enforce password complexity requirements. IAM password policies can be used to ensure password are comprised of different character sets. It is recommended that the password policy require at least one non-alphanumeric character.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "IAM password policy does not require at least one uppercase letter.", - "metadata": { - "event_code": "iam_password_policy_uppercase", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "IAM password policy does not require at least one uppercase letter.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_5_7" - ], - "HIPAA": [ - "164_308_a_5_ii_d" - ], - "C5-2025": [ - "IAM-08.03B", - "IAM-08.05B", - "PSS-07.01B" - ], - "ENS-RD2022": [ - "op.acc.6.r1.aws.iam.1" - ], - "AWS-Foundational-Technical-Review": [ - "IAM-003" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.4", - "2.10.2" - ], - "FFIEC": [ - "d3-pc-am-b-6", - "d3-pc-am-b-7" - ], - "GDPR": [ - "article_25" - ], - "CCC": [ - "CCC.Core.CN05.AR02" - ], - "GxP-21-CFR-Part-11": [ - "11.10-d", - "11.10-g", - "11.200", - "11.300-b" - ], - "ProwlerThreatScore-1.0": [ - "1.1.9" - ], - "AWS-Foundational-Security-Best-Practices": [ - "IAM.7", - "IAM.10" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC02-BP01" - ], - "ISO27001-2022": [ - "A.5.15" - ], - "KISA-ISMS-P-2023": [ - "2.5.4", - "2.10.2" - ], - "ISO27001-2013": [ - "A.9.2", - "A.9.3", - "A.9.4" - ], - "MITRE-ATTACK": [ - "T1078", - "T1110" - ], - "CISA": [ - "your-systems-3", - "your-surroundings-4" - ], - "NIS2": [ - "9.2.c.v" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure IAM password policy requires at least one uppercase letter", - "title": "Ensure IAM password policy requires at least one uppercase letter", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_password_policy_uppercase-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "length": 8, - "symbols": false, - "numbers": false, - "uppercase": false, - "lowercase": false, - "allow_change": true, - "expiration": false, - "max_age": null, - "reuse_prevention": null, - "hard_expiry": null - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:iam:us-east-1:211203495394:password-policy" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Ensure \"Requires at least one uppercase letter\" is checked under \"Password Policy\".", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_passwords_account-policy.html" - ] - }, - "risk_details": "Password policies are used to enforce password complexity requirements. IAM password policies can be used to ensure password are comprised of different character sets. It is recommended that the password policy require at least one uppercase letter.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User terraform-user has the policy AdministratorAccess attached.", - "metadata": { - "event_code": "iam_policy_attached_only_to_group_or_roles", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "User terraform-user has the policy AdministratorAccess attached.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "CAF Security Epic: IAM", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_4_6" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_1" - ], - "SOC2": [ - "cc_1_3" - ], - "C5-2025": [ - "IAM-01.01B", - "IAM-01.04B", - "PSS-09.01AC" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-1", - "ac-2-f", - "ac-2-j", - "ac-3", - "ac-5-c", - "sc-2" - ], - "CIS-3.0": [ - "1.15" - ], - "NIST-800-53-Revision-5": [ - "ac_2_1", - "ac_2_6", - "ac_2_i_2", - "ac_3", - "ac_3_3", - "ac_3_3_a", - "ac_3_3_b_1", - "ac_3_3_b_2", - "ac_3_3_b_3", - "ac_3_3_b_4", - "ac_3_3_b_5", - "ac_3_3_c", - "ac_3_4", - "ac_3_4_a", - "ac_3_4_b", - "ac_3_4_c", - "ac_3_4_d", - "ac_3_4_e", - "ac_3_7", - "ac_3_8", - "ac_3_12_a", - "ac_3_13", - "ac_3_15_a", - "ac_3_15_b", - "ac_4_28", - "ac_6", - "ac_6_3", - "ac_24", - "cm_5_1_a", - "cm_6_a", - "cm_9_b", - "mp_2", - "sc_23_3" - ], - "ENS-RD2022": [ - "op.exp.8.r4.aws.ct.8", - "op.exp.8.r4.aws.ct.1" - ], - "AWS-Foundational-Technical-Review": [ - "IAM-006", - "IAM-0012" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.15" - ], - "PCI-4.0": [ - "7.2.1.12", - "7.2.1.13", - "7.2.2.12", - "7.2.2.13", - "7.2.5.8", - "7.2.5.9", - "7.3.1.8", - "7.3.1.9", - "7.3.2.8", - "7.3.2.9", - "7.3.3.8", - "7.3.3.9", - "8.2.1.3", - "8.2.2.5", - "8.2.4.3", - "8.2.5.3", - "8.2.7.8", - "8.2.7.9", - "8.2.8.10", - "8.2.8.11", - "8.3.11.3", - "8.3.4.8", - "8.3.4.9" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "ac-3" - ], - "FFIEC": [ - "d3-pc-am-b-1", - "d3-pc-im-b-7" - ], - "CIS-5.0": [ - "1.14" - ], - "CIS-1.4": [ - "1.15" - ], - "CCC": [ - "CCC.LB.CN04.AR01", - "CCC.LB.CN05.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN05.AR01", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR06" - ], - "GxP-21-CFR-Part-11": [ - "11.10-d", - "11.10-g" - ], - "ProwlerThreatScore-1.0": [ - "1.2.1", - "1.2.2" - ], - "CIS-1.5": [ - "1.15" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC02-BP06" - ], - "ISO27001-2022": [ - "A.5.15" - ], - "NIST-800-53-Revision-4": [ - "ac_6" - ], - "AWS-Account-Security-Onboarding": [ - "Predefine IAM Roles" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.6", - "2.10.2" - ], - "ISO27001-2013": [ - "A.9.2", - "A.9.4" - ], - "CIS-2.0": [ - "1.15" - ], - "NIS2": [ - "1.2.1", - "2.1.2.f", - "11.2.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure IAM policies are attached only to groups or roles", - "title": "Ensure IAM policies are attached only to groups or roles", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_policy_attached_only_to_group_or_roles-211203495394-us-east-1-terraform-user/AdministratorAccess" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "terraform-user", - "arn": "arn:aws:iam::211203495394:user/terraform-user", - "mfa_devices": [], - "password_last_used": null, - "console_access": false, - "attached_policies": [ - { - "PolicyName": "AdministratorAccess", - "PolicyArn": "arn:aws:iam::aws:policy/AdministratorAccess" - } - ], - "inline_policies": [], - "tags": [ - { - "Key": "CCC_INFRA_DONT_DELETE", - "Value": "True" - }, - { - "Key": "Preexisting", - "Value": "20251012" - } - ] - } - }, - "group": { - "name": "iam" - }, - "labels": [ - "CCC_INFRA_DONT_DELETE:True", - "Preexisting:20251012" - ], - "name": "terraform-user/AdministratorAccess", - "type": "AwsIamPolicy", - "uid": "arn:aws:iam::211203495394:user/terraform-user" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Remove any policy attached directly to the user. Use groups or roles instead.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html" - ] - }, - "risk_details": "By default IAM users, groups, and roles have no access to AWS resources. IAM policies are the means by which privileges are granted to users, groups, or roles. It is recommended that IAM policies be applied directly to groups and roles but not users. Assigning privileges at the group or role level reduces the complexity of access management as the number of users grow. Reducing access management complexity may in-turn reduce opportunity for a principal to inadvertently receive or retain excessive privileges.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User test-user-trusted has the inline policy CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-read attached.", - "metadata": { - "event_code": "iam_policy_attached_only_to_group_or_roles", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "User test-user-trusted has the inline policy CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-read attached.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "CAF Security Epic: IAM", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_4_6" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_1" - ], - "SOC2": [ - "cc_1_3" - ], - "C5-2025": [ - "IAM-01.01B", - "IAM-01.04B", - "PSS-09.01AC" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-1", - "ac-2-f", - "ac-2-j", - "ac-3", - "ac-5-c", - "sc-2" - ], - "CIS-3.0": [ - "1.15" - ], - "NIST-800-53-Revision-5": [ - "ac_2_1", - "ac_2_6", - "ac_2_i_2", - "ac_3", - "ac_3_3", - "ac_3_3_a", - "ac_3_3_b_1", - "ac_3_3_b_2", - "ac_3_3_b_3", - "ac_3_3_b_4", - "ac_3_3_b_5", - "ac_3_3_c", - "ac_3_4", - "ac_3_4_a", - "ac_3_4_b", - "ac_3_4_c", - "ac_3_4_d", - "ac_3_4_e", - "ac_3_7", - "ac_3_8", - "ac_3_12_a", - "ac_3_13", - "ac_3_15_a", - "ac_3_15_b", - "ac_4_28", - "ac_6", - "ac_6_3", - "ac_24", - "cm_5_1_a", - "cm_6_a", - "cm_9_b", - "mp_2", - "sc_23_3" - ], - "ENS-RD2022": [ - "op.exp.8.r4.aws.ct.8", - "op.exp.8.r4.aws.ct.1" - ], - "AWS-Foundational-Technical-Review": [ - "IAM-006", - "IAM-0012" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.15" - ], - "PCI-4.0": [ - "7.2.1.12", - "7.2.1.13", - "7.2.2.12", - "7.2.2.13", - "7.2.5.8", - "7.2.5.9", - "7.3.1.8", - "7.3.1.9", - "7.3.2.8", - "7.3.2.9", - "7.3.3.8", - "7.3.3.9", - "8.2.1.3", - "8.2.2.5", - "8.2.4.3", - "8.2.5.3", - "8.2.7.8", - "8.2.7.9", - "8.2.8.10", - "8.2.8.11", - "8.3.11.3", - "8.3.4.8", - "8.3.4.9" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "ac-3" - ], - "FFIEC": [ - "d3-pc-am-b-1", - "d3-pc-im-b-7" - ], - "CIS-5.0": [ - "1.14" - ], - "CIS-1.4": [ - "1.15" - ], - "CCC": [ - "CCC.LB.CN04.AR01", - "CCC.LB.CN05.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN05.AR01", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR06" - ], - "GxP-21-CFR-Part-11": [ - "11.10-d", - "11.10-g" - ], - "ProwlerThreatScore-1.0": [ - "1.2.1", - "1.2.2" - ], - "CIS-1.5": [ - "1.15" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC02-BP06" - ], - "ISO27001-2022": [ - "A.5.15" - ], - "NIST-800-53-Revision-4": [ - "ac_6" - ], - "AWS-Account-Security-Onboarding": [ - "Predefine IAM Roles" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.6", - "2.10.2" - ], - "ISO27001-2013": [ - "A.9.2", - "A.9.4" - ], - "CIS-2.0": [ - "1.15" - ], - "NIS2": [ - "1.2.1", - "2.1.2.f", - "11.2.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure IAM policies are attached only to groups or roles", - "title": "Ensure IAM policies are attached only to groups or roles", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_policy_attached_only_to_group_or_roles-211203495394-us-east-1-test-user-trusted/CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-read" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "test-user-trusted", - "arn": "arn:aws:iam::211203495394:user/test-user-trusted", - "mfa_devices": [], - "password_last_used": null, - "console_access": false, - "attached_policies": [], - "inline_policies": [ - "CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-read", - "CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-write" - ], - "tags": [ - { - "Key": "Purpose", - "Value": "CCC-Testing" - }, - { - "Key": "ManagedBy", - "Value": "CCC-CFI-Compliance-Framework" - } - ] - } - }, - "group": { - "name": "iam" - }, - "labels": [ - "Purpose:CCC-Testing", - "ManagedBy:CCC-CFI-Compliance-Framework" - ], - "name": "test-user-trusted/CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-read", - "type": "AwsIamPolicy", - "uid": "arn:aws:iam::211203495394:user/test-user-trusted" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Remove any policy attached directly to the user. Use groups or roles instead.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html" - ] - }, - "risk_details": "By default IAM users, groups, and roles have no access to AWS resources. IAM policies are the means by which privileges are granted to users, groups, or roles. It is recommended that IAM policies be applied directly to groups and roles but not users. Assigning privileges at the group or role level reduces the complexity of access management as the number of users grow. Reducing access management complexity may in-turn reduce opportunity for a principal to inadvertently receive or retain excessive privileges.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User test-user-trusted has the inline policy CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-write attached.", - "metadata": { - "event_code": "iam_policy_attached_only_to_group_or_roles", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "User test-user-trusted has the inline policy CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-write attached.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "CAF Security Epic: IAM", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_4_6" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_1" - ], - "SOC2": [ - "cc_1_3" - ], - "C5-2025": [ - "IAM-01.01B", - "IAM-01.04B", - "PSS-09.01AC" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-1", - "ac-2-f", - "ac-2-j", - "ac-3", - "ac-5-c", - "sc-2" - ], - "CIS-3.0": [ - "1.15" - ], - "NIST-800-53-Revision-5": [ - "ac_2_1", - "ac_2_6", - "ac_2_i_2", - "ac_3", - "ac_3_3", - "ac_3_3_a", - "ac_3_3_b_1", - "ac_3_3_b_2", - "ac_3_3_b_3", - "ac_3_3_b_4", - "ac_3_3_b_5", - "ac_3_3_c", - "ac_3_4", - "ac_3_4_a", - "ac_3_4_b", - "ac_3_4_c", - "ac_3_4_d", - "ac_3_4_e", - "ac_3_7", - "ac_3_8", - "ac_3_12_a", - "ac_3_13", - "ac_3_15_a", - "ac_3_15_b", - "ac_4_28", - "ac_6", - "ac_6_3", - "ac_24", - "cm_5_1_a", - "cm_6_a", - "cm_9_b", - "mp_2", - "sc_23_3" - ], - "ENS-RD2022": [ - "op.exp.8.r4.aws.ct.8", - "op.exp.8.r4.aws.ct.1" - ], - "AWS-Foundational-Technical-Review": [ - "IAM-006", - "IAM-0012" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.15" - ], - "PCI-4.0": [ - "7.2.1.12", - "7.2.1.13", - "7.2.2.12", - "7.2.2.13", - "7.2.5.8", - "7.2.5.9", - "7.3.1.8", - "7.3.1.9", - "7.3.2.8", - "7.3.2.9", - "7.3.3.8", - "7.3.3.9", - "8.2.1.3", - "8.2.2.5", - "8.2.4.3", - "8.2.5.3", - "8.2.7.8", - "8.2.7.9", - "8.2.8.10", - "8.2.8.11", - "8.3.11.3", - "8.3.4.8", - "8.3.4.9" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "ac-3" - ], - "FFIEC": [ - "d3-pc-am-b-1", - "d3-pc-im-b-7" - ], - "CIS-5.0": [ - "1.14" - ], - "CIS-1.4": [ - "1.15" - ], - "CCC": [ - "CCC.LB.CN04.AR01", - "CCC.LB.CN05.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN05.AR01", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR06" - ], - "GxP-21-CFR-Part-11": [ - "11.10-d", - "11.10-g" - ], - "ProwlerThreatScore-1.0": [ - "1.2.1", - "1.2.2" - ], - "CIS-1.5": [ - "1.15" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC02-BP06" - ], - "ISO27001-2022": [ - "A.5.15" - ], - "NIST-800-53-Revision-4": [ - "ac_6" - ], - "AWS-Account-Security-Onboarding": [ - "Predefine IAM Roles" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.6", - "2.10.2" - ], - "ISO27001-2013": [ - "A.9.2", - "A.9.4" - ], - "CIS-2.0": [ - "1.15" - ], - "NIS2": [ - "1.2.1", - "2.1.2.f", - "11.2.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure IAM policies are attached only to groups or roles", - "title": "Ensure IAM policies are attached only to groups or roles", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_policy_attached_only_to_group_or_roles-211203495394-us-east-1-test-user-trusted/CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-write" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "test-user-trusted", - "arn": "arn:aws:iam::211203495394:user/test-user-trusted", - "mfa_devices": [], - "password_last_used": null, - "console_access": false, - "attached_policies": [], - "inline_policies": [ - "CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-read", - "CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-write" - ], - "tags": [ - { - "Key": "Purpose", - "Value": "CCC-Testing" - }, - { - "Key": "ManagedBy", - "Value": "CCC-CFI-Compliance-Framework" - } - ] - } - }, - "group": { - "name": "iam" - }, - "labels": [ - "Purpose:CCC-Testing", - "ManagedBy:CCC-CFI-Compliance-Framework" - ], - "name": "test-user-trusted/CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-write", - "type": "AwsIamPolicy", - "uid": "arn:aws:iam::211203495394:user/test-user-trusted" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Remove any policy attached directly to the user. Use groups or roles instead.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html" - ] - }, - "risk_details": "By default IAM users, groups, and roles have no access to AWS resources. IAM policies are the means by which privileges are granted to users, groups, or roles. It is recommended that IAM policies be applied directly to groups and roles but not users. Assigning privileges at the group or role level reduces the complexity of access management as the number of users grow. Reducing access management complexity may in-turn reduce opportunity for a principal to inadvertently receive or retain excessive privileges.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "AWS CloudShellFullAccess policy is not attached to any IAM entity.", - "metadata": { - "event_code": "iam_policy_cloudshell_admin_not_attached", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "AWS CloudShellFullAccess policy is not attached to any IAM entity.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/config/latest/developerguide/iam-policy-blacklisted-check.html", - "categories": [ - "trustboundaries" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-02.01B", - "SP-01.04B", - "HR-01.01B", - "IAM-01.01B", - "IAM-01.04B", - "IAM-06.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.22" - ], - "PCI-4.0": [ - "7.2.1.14", - "7.2.1.15", - "7.2.1.16", - "7.2.2.14", - "7.2.2.15", - "7.2.2.16", - "7.2.3.7", - "7.2.5.10", - "7.2.5.11", - "7.2.5.12", - "7.3.1.10", - "7.3.1.11", - "7.3.1.12", - "7.3.2.10", - "7.3.2.11", - "7.3.2.12", - "7.3.3.10", - "7.3.3.11", - "7.3.3.12", - "8.2.7.10", - "8.2.7.11", - "8.2.7.12", - "8.2.8.12", - "8.2.8.13", - "8.2.8.14", - "8.3.4.10", - "8.3.4.11", - "8.3.4.12" - ], - "CIS-5.0": [ - "1.21" - ], - "ProwlerThreatScore-1.0": [ - "1.3.2" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-2.0": [ - "1.22" - ], - "NIS2": [ - "1.2.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "This control checks whether an IAM identity (user, role, or group) has the AWS managed policy AWSCloudShellFullAccess attached. The control fails if an IAM identity has the AWSCloudShellFullAccess policy attached.", - "title": "Check if IAM identities (users,groups,roles) have the AWSCloudShellFullAccess policy attached.", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_policy_cloudshell_admin_not_attached-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "Users": [], - "Groups": [], - "Roles": [] - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "211203495394", - "type": "AwsIamPolicy", - "uid": "arn:aws:iam::aws:policy/AWSCloudShellFullAccess" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Detach the AWSCloudShellFullAccess policy from the IAM identity to restrict excessive permissions and adhere to the principle of least privilege.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_manage-attach-detach.html" - ] - }, - "risk_details": "Attaching the AWSCloudShellFullAccess policy to IAM identities grants broad permissions, including internet access and file transfer capabilities, which can lead to security risks such as data exfiltration. The principle of least privilege should be followed to avoid excessive permissions.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "IAM Role TerraformRole has AdministratorAccess policy attached.", - "metadata": { - "event_code": "iam_role_administratoraccess_policy", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "IAM Role TerraformRole has AdministratorAccess policy attached.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_job-functions.html#jf_administrator", - "categories": [ - "trustboundaries" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "CAF Security Epic: IAM", - "compliance": { - "C5-2025": [ - "OIS-02.01B", - "OIS-04.03B", - "SP-01.04B", - "HR-01.01B", - "HR-04.01B", - "IAM-01.01B", - "IAM-01.04B", - "IAM-03.01B", - "IAM-06.01B", - "IAM-10.01B" - ], - "AWS-Foundational-Technical-Review": [ - "IAM-0012" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.LB.CN04.AR01", - "CCC.LB.CN05.AR01", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "NIS2": [ - "1.2.1", - "11.3.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure IAM Roles do not have AdministratorAccess policy attached", - "title": "Ensure IAM Roles do not have AdministratorAccess policy attached", - "types": [], - "uid": "prowler-aws-iam_role_administratoraccess_policy-211203495394-us-east-1-TerraformRole" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "TerraformRole", - "arn": "arn:aws:iam::211203495394:role/TerraformRole", - "assume_role_policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Principal": { - "Federated": "arn:aws:iam::211203495394:oidc-provider/token.actions.githubusercontent.com" - }, - "Action": "sts:AssumeRoleWithWebIdentity", - "Condition": { - "StringEquals": { - "token.actions.githubusercontent.com:aud": "sts.amazonaws.com" - }, - "StringLike": { - "token.actions.githubusercontent.com:sub": [ - "repo:finos-labs/ccc-cfi-compliance:ref:refs/heads/*", - "repo:finos-labs/ccc-cfi-compliance:ref:refs/tags/*", - "repo:finos-labs/ccc-cfi-compliance:pull_request", - "repo:finos-labs/ccc-cfi-compliance:environment:*" - ] - } - } - } - ] - }, - "is_service_role": false, - "attached_policies": [ - { - "PolicyName": "AdministratorAccess", - "PolicyArn": "arn:aws:iam::aws:policy/AdministratorAccess" - } - ], - "inline_policies": [], - "tags": [ - { - "Key": "CCC_INFRA_DONT_DELETE", - "Value": "True" - }, - { - "Key": "Preexisting", - "Value": "20251012" - } - ] - } - }, - "group": { - "name": "iam" - }, - "labels": [ - "CCC_INFRA_DONT_DELETE:True", - "Preexisting:20251012" - ], - "name": "TerraformRole", - "type": "AwsIamRole", - "uid": "arn:aws:iam::211203495394:role/TerraformRole" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Apply the principle of least privilege. Instead of AdministratorAccess, assign only the permissions necessary for specific roles and tasks. Create custom IAM policies with minimal permissions based on the principle of least privilege.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#grant-least-privilege" - ] - }, - "risk_details": "The AWS-managed AdministratorAccess policy grants all actions for all AWS services and for all resources in the account and as such exposes the customer to a significant data leakage threat. It should be granted very conservatively. For granting access to 3rd party vendors, consider using alternative managed policies, such as ViewOnlyAccess or SecurityAudit.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "IAM Role TerraformRole does not have ReadOnlyAccess policy.", - "metadata": { - "event_code": "iam_role_cross_account_readonlyaccess_policy", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "IAM Role TerraformRole does not have ReadOnlyAccess policy.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_job-functions.html#awsmp_readonlyaccess", - "categories": [ - "trustboundaries" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "CAF Security Epic: IAM", - "compliance": { - "C5-2025": [ - "OIS-04.03B", - "IAM-01.01B", - "IAM-01.04B", - "IAM-06.02B", - "IAM-10.01B", - "PSS-09.01AC" - ], - "AWS-Foundational-Technical-Review": [ - "IAM-0012" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.6", - "2.10.2" - ], - "CCC": [ - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR06" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.6", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1078" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure IAM Roles do not have ReadOnlyAccess access for external AWS accounts", - "title": "Ensure IAM Roles do not have ReadOnlyAccess access for external AWS accounts", - "types": [], - "uid": "prowler-aws-iam_role_cross_account_readonlyaccess_policy-211203495394-us-east-1-TerraformRole" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "TerraformRole", - "arn": "arn:aws:iam::211203495394:role/TerraformRole", - "assume_role_policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Principal": { - "Federated": "arn:aws:iam::211203495394:oidc-provider/token.actions.githubusercontent.com" - }, - "Action": "sts:AssumeRoleWithWebIdentity", - "Condition": { - "StringEquals": { - "token.actions.githubusercontent.com:aud": "sts.amazonaws.com" - }, - "StringLike": { - "token.actions.githubusercontent.com:sub": [ - "repo:finos-labs/ccc-cfi-compliance:ref:refs/heads/*", - "repo:finos-labs/ccc-cfi-compliance:ref:refs/tags/*", - "repo:finos-labs/ccc-cfi-compliance:pull_request", - "repo:finos-labs/ccc-cfi-compliance:environment:*" - ] - } - } - } - ] - }, - "is_service_role": false, - "attached_policies": [ - { - "PolicyName": "AdministratorAccess", - "PolicyArn": "arn:aws:iam::aws:policy/AdministratorAccess" - } - ], - "inline_policies": [], - "tags": [ - { - "Key": "CCC_INFRA_DONT_DELETE", - "Value": "True" - }, - { - "Key": "Preexisting", - "Value": "20251012" - } - ] - } - }, - "group": { - "name": "iam" - }, - "labels": [ - "CCC_INFRA_DONT_DELETE:True", - "Preexisting:20251012" - ], - "name": "TerraformRole", - "type": "AwsIamRole", - "uid": "arn:aws:iam::211203495394:role/TerraformRole" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Remove the AWS-managed ReadOnlyAccess policy from all roles that have a trust policy, including third-party cloud accounts, or remove third-party cloud accounts from the trust policy of all roles that need the ReadOnlyAccess policy.", - "references": [ - "https://docs.securestate.vmware.com/rule-docs/aws-iam-role-cross-account-readonlyaccess-policy" - ] - }, - "risk_details": "The AWS-managed ReadOnlyAccess policy is highly potent and exposes the customer to a significant data leakage threat. It should be granted very conservatively. For granting access to 3rd party vendors, consider using alternative managed policies, such as ViewOnlyAccess or SecurityAudit.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "IAM Service Role terraform-20251019171843685600000002 does not prevent against a cross-service confused deputy attack.", - "metadata": { - "event_code": "iam_role_cross_service_confused_deputy_prevention", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "IAM Service Role terraform-20251019171843685600000002 does not prevent against a cross-service confused deputy attack.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "trustboundaries" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-01.01B", - "IAM-01.04B" - ], - "ENS-RD2022": [ - "op.exp.8.r4.aws.ct.8", - "op.exp.8.r4.aws.ct.1" - ], - "AWS-Foundational-Technical-Review": [ - "IAM-0012" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.6", - "2.10.2" - ], - "CCC": [ - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR06" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC02-BP04" - ], - "AWS-Account-Security-Onboarding": [ - "Predefine IAM Roles" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.6", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1078" - ], - "NIS2": [ - "3.1.2.c", - "6.8.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure IAM Service Roles prevents against a cross-service confused deputy attack", - "title": "Ensure IAM Service Roles prevents against a cross-service confused deputy attack", - "types": [], - "uid": "prowler-aws-iam_role_cross_service_confused_deputy_prevention-211203495394-us-east-1-terraform-20251019171843685600000002" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "terraform-20251019171843685600000002", - "arn": "arn:aws:iam::211203495394:role/terraform-20251019171843685600000002", - "assume_role_policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Principal": { - "Service": "monitoring.rds.amazonaws.com" - }, - "Action": "sts:AssumeRole" - } - ] - }, - "is_service_role": true, - "attached_policies": [ - { - "PolicyName": "AmazonRDSEnhancedMonitoringRole", - "PolicyArn": "arn:aws:iam::aws:policy/service-role/AmazonRDSEnhancedMonitoringRole" - } - ], - "inline_policies": [], - "tags": [ - { - "Key": "GithubRepo", - "Value": "terraform-aws-rds-aurora" - }, - { - "Key": "Example", - "Value": "ex-rds" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - } - ] - } - }, - "group": { - "name": "iam" - }, - "labels": [ - "GithubRepo:terraform-aws-rds-aurora", - "Example:ex-rds", - "GithubOrg:terraform-aws-modules" - ], - "name": "terraform-20251019171843685600000002", - "type": "AwsIamRole", - "uid": "arn:aws:iam::211203495394:role/terraform-20251019171843685600000002" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "To mitigate cross-service confused deputy attacks, it's recommended to use the aws:SourceArn and aws:SourceAccount global condition context keys in your IAM role trust policies. If the role doesn't support these fields, consider implementing alternative security measures, such as defining more restrictive resource-based policies or using service-specific trust policies, to limit the role's permissions and exposure. For detailed guidance, refer to AWS's documentation on preventing cross-service confused deputy issues.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/confused-deputy.html#cross-service-confused-deputy-prevention" - ] - }, - "risk_details": "Allow attackers to gain unauthorized access to resources", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Root account has a virtual MFA instead of a hardware MFA device enabled.", - "metadata": { - "event_code": "iam_root_hardware_mfa_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "FAIL", - "status_detail": "Root account has a virtual MFA instead of a hardware MFA device enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_1", - "3_1_2", - "3_5_3" - ], - "HIPAA": [ - "164_308_a_3_ii_a", - "164_312_d" - ], - "C5-2025": [ - "OPS-16.01B", - "IAM-08.05B", - "IAM-09.02B", - "IAM-09.01AC", - "PSS-05.01B", - "PSS-07.02B" - ], - "NIST-CSF-1.1": [ - "ac_3", - "ac_7" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-1", - "ac-2-f", - "ia-2-1-2", - "ia-2-1" - ], - "CIS-3.0": [ - "1.6" - ], - "NIST-800-53-Revision-5": [ - "ac_2_1", - "ac_3_2", - "ac_3_3", - "ac_3_3_a", - "ac_3_3_b_1", - "ac_3_3_b_2", - "ac_3_3_b_3", - "ac_3_3_b_4", - "ac_3_3_b_5", - "ac_3_3_c", - "ac_3_4", - "ac_3_4_a", - "ac_3_4_b", - "ac_3_4_c", - "ac_3_4_d", - "ac_3_4_e", - "ac_3_8", - "ac_3_12_a", - "ac_3_13", - "ac_3_15_a", - "ac_3_15_b", - "ac_4_28", - "ac_7_4", - "ac_7_4_a", - "ac_24", - "cm_5_1_a", - "cm_6_a", - "cm_9_b", - "ia_2_1", - "ia_2_2", - "ia_2_6", - "ia_2_6_a", - "ia_2_8", - "sc_23_3" - ], - "ENS-RD2022": [ - "op.acc.6.r4.aws.iam.1" - ], - "AWS-Foundational-Technical-Review": [ - "ARC-003", - "IAM-001", - "IAM-0012" - ], - "AWS-Audit-Manager-Control-Tower-Guardrails": [ - "3.0.3" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.3", - "2.5.5", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.6" - ], - "PCI-4.0": [ - "8.4.1.3", - "8.4.2.3", - "8.4.3.3" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "ia-2" - ], - "FFIEC": [ - "d3-pc-am-b-15", - "d3-pc-am-b-3", - "d3-pc-am-b-6" - ], - "GDPR": [ - "article_25" - ], - "CIS-5.0": [ - "1.5" - ], - "CIS-1.4": [ - "1.6" - ], - "CCC": [ - "CCC.Core.CN03.AR01", - "CCC.Core.CN03.AR02", - "CCC.Core.CN03.AR03", - "CCC.Core.CN03.AR04", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR06" - ], - "GxP-21-CFR-Part-11": [ - "11.10-d", - "11.10-g", - "11.200" - ], - "ProwlerThreatScore-1.0": [ - "1.1.2" - ], - "AWS-Foundational-Security-Best-Practices": [ - "IAM.6" - ], - "CIS-1.5": [ - "1.6" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC01-BP02" - ], - "NIST-800-53-Revision-4": [ - "ia_2_1", - "ia_2_11" - ], - "AWS-Account-Security-Onboarding": [ - "Root user - distribution email + MFA" - ], - "KISA-ISMS-P-2023": [ - "2.5.3", - "2.5.5", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1078", - "T1098", - "T1556", - "T1550", - "T1110", - "T1040" - ], - "CIS-2.0": [ - "1.6" - ], - "CISA": [ - "your-systems-3", - "your-surroundings-2" - ], - "NIS2": [ - "11.6.1", - "11.7.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure only hardware MFA is enabled for the root account", - "title": "Ensure only hardware MFA is enabled for the root account", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_root_hardware_mfa_enabled-211203495394-us-east-1-" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "user": "", - "arn": "arn:aws:iam::211203495394:root", - "user_creation_time": "2025-10-03T16:10:08Z", - "password_enabled": "true", - "password_last_used": "2025-10-15T00:42:44Z", - "password_last_changed": "2025-10-03T16:10:08Z", - "password_next_rotation": "not_supported", - "mfa_active": "true", - "access_key_1_active": "false", - "access_key_1_last_rotated": "N/A", - "access_key_1_last_used_date": "N/A", - "access_key_1_last_used_region": "N/A", - "access_key_1_last_used_service": "N/A", - "access_key_2_active": "false", - "access_key_2_last_rotated": "N/A", - "access_key_2_last_used_date": "N/A", - "access_key_2_last_used_region": "N/A", - "access_key_2_last_used_service": "N/A", - "cert_1_active": "false", - "cert_1_last_rotated": "N/A", - "cert_2_active": "false", - "cert_2_last_rotated": "N/A" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "", - "type": "AwsIamUser", - "uid": "arn:aws:iam::211203495394:mfa" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Using IAM console navigate to Dashboard and expand Activate MFA on your root account. If using AWS Organizations, consider enabling Centralized Root Management and removing individual root credentials.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_root-user.html#id_root-user_manage_mfa" - ] - }, - "risk_details": "The root account is the most privileged user in an AWS account. MFA adds an extra layer of protection on top of a user name and password. With MFA enabled when a user signs in to an AWS website they will be prompted for their user name and password as well as for an authentication code from their AWS MFA device. For Level 2 it is recommended that the root account be protected with only a hardware MFA.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "MFA is enabled for root account.", - "metadata": { - "event_code": "iam_root_mfa_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "PASS", - "status_detail": "MFA is enabled for root account.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_1", - "3_1_2", - "3_5_2", - "3_5_3" - ], - "HIPAA": [ - "164_308_a_3_ii_a", - "164_312_d" - ], - "C5-2025": [ - "OPS-16.01B", - "IAM-04.06B", - "IAM-06.09B", - "IAM-08.05B", - "IAM-09.02B", - "IAM-09.01AC", - "PSS-05.01B", - "PSS-05.02B", - "PSS-07.02B" - ], - "NIST-CSF-1.1": [ - "ac_3", - "ac_7" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-1", - "ac-2-f", - "ac-2-j", - "ia-2-1-2", - "ia-2-1" - ], - "CIS-3.0": [ - "1.5" - ], - "NIST-800-53-Revision-5": [ - "ac_2_1", - "ac_3_2", - "ac_3_3", - "ac_3_3_a", - "ac_3_3_b_1", - "ac_3_3_b_2", - "ac_3_3_b_3", - "ac_3_3_b_4", - "ac_3_3_b_5", - "ac_3_3_c", - "ac_3_4", - "ac_3_4_a", - "ac_3_4_b", - "ac_3_4_c", - "ac_3_4_d", - "ac_3_4_e", - "ac_3_8", - "ac_3_12_a", - "ac_3_13", - "ac_3_15_a", - "ac_3_15_b", - "ac_4_28", - "ac_7_4", - "ac_7_4_a", - "ac_24", - "cm_6_a", - "cm_9_b", - "ia_2_1", - "ia_2_2", - "ia_2_6", - "ia_2_6_a", - "ia_2_8", - "sc_23_3" - ], - "ENS-RD2022": [ - "op.acc.6.r2.aws.iam.1" - ], - "AWS-Foundational-Technical-Review": [ - "ARC-003", - "IAM-001", - "IAM-0012" - ], - "AWS-Audit-Manager-Control-Tower-Guardrails": [ - "3.0.1", - "3.0.2", - "3.0.3" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.3", - "2.5.5", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.5" - ], - "PCI-4.0": [ - "8.4.1.4", - "8.4.2.4", - "8.4.3.4" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "ia-2" - ], - "FFIEC": [ - "d3-pc-am-b-15", - "d3-pc-am-b-3", - "d3-pc-am-b-6" - ], - "GDPR": [ - "article_25" - ], - "CIS-5.0": [ - "1.4" - ], - "CIS-1.4": [ - "1.5" - ], - "CCC": [ - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN05.AR01", - "CCC.Core.CN03.AR01", - "CCC.Core.CN03.AR02", - "CCC.Core.CN03.AR03", - "CCC.Core.CN03.AR04", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR06" - ], - "GxP-21-CFR-Part-11": [ - "11.10-d", - "11.10-g", - "11.200" - ], - "ProwlerThreatScore-1.0": [ - "1.1.1" - ], - "CIS-1.5": [ - "1.5" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC01-BP02" - ], - "ISO27001-2022": [ - "A.5.15", - "A.5.17", - "A.8.5" - ], - "NIST-800-53-Revision-4": [ - "ac_2", - "ia_2_1", - "ia_2_11" - ], - "AWS-Account-Security-Onboarding": [ - "Root user - distribution email + MFA" - ], - "KISA-ISMS-P-2023": [ - "2.5.3", - "2.5.5", - "2.10.2" - ], - "ISO27001-2013": [ - "A.9.2", - "A.9.4" - ], - "MITRE-ATTACK": [ - "T1078", - "T1098", - "T1556", - "T1550", - "T1110", - "T1040" - ], - "CIS-2.0": [ - "1.5" - ], - "CISA": [ - "your-systems-3", - "your-surroundings-2", - "booting-up-thing-to-do-first-2" - ], - "NIS2": [ - "11.3.2.a", - "11.6.1", - "11.7.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure MFA is enabled for the root account", - "title": "Ensure MFA is enabled for the root account", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_root_mfa_enabled-211203495394-us-east-1-" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "user": "", - "arn": "arn:aws:iam::211203495394:root", - "user_creation_time": "2025-10-03T16:10:08Z", - "password_enabled": "true", - "password_last_used": "2025-10-15T00:42:44Z", - "password_last_changed": "2025-10-03T16:10:08Z", - "password_next_rotation": "not_supported", - "mfa_active": "true", - "access_key_1_active": "false", - "access_key_1_last_rotated": "N/A", - "access_key_1_last_used_date": "N/A", - "access_key_1_last_used_region": "N/A", - "access_key_1_last_used_service": "N/A", - "access_key_2_active": "false", - "access_key_2_last_rotated": "N/A", - "access_key_2_last_used_date": "N/A", - "access_key_2_last_used_region": "N/A", - "access_key_2_last_used_service": "N/A", - "cert_1_active": "false", - "cert_1_last_rotated": "N/A", - "cert_2_active": "false", - "cert_2_last_rotated": "N/A" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "", - "type": "AwsIamUser", - "uid": "arn:aws:iam::211203495394:root" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Using IAM console navigate to Dashboard and expand Activate MFA on your root account. If using AWS Organizations, consider enabling Centralized Root Management and removing individual root credentials.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_root-user.html#id_root-user_manage_mfa" - ] - }, - "risk_details": "The root account is the most privileged user in an AWS account. MFA adds an extra layer of protection on top of a user name and password. With MFA enabled when a user signs in to an AWS website they will be prompted for their user name and password as well as for an authentication code from their AWS MFA device. When virtual MFA is used for root accounts it is recommended that the device used is NOT a personal device but rather a dedicated mobile device (tablet or phone) that is managed to be kept charged and secured independent of any individual personal devices. (non-personal virtual MFA) This lessens the risks of losing access to the MFA due to device loss / trade-in or if the individual owning the device is no longer employed at the company.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User does not have access keys.", - "metadata": { - "event_code": "iam_rotate_access_key_90_days", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "User does not have access keys.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "HIPAA": [ - "164_308_a_3_ii_c", - "164_308_a_4_ii_c", - "164_308_a_5_ii_d" - ], - "C5-2025": [ - "IAM-10.01B", - "CRY-03.01B", - "CRY-09.02B" - ], - "NIST-CSF-1.1": [ - "ac_1" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-1", - "ac-2-f", - "ac-2-j" - ], - "CIS-3.0": [ - "1.14" - ], - "NIST-800-53-Revision-5": [ - "ac_2_1", - "ac_3_3", - "ac_3_3_a", - "ac_3_3_b_1", - "ac_3_3_b_2", - "ac_3_3_b_3", - "ac_3_3_b_4", - "ac_3_3_b_5", - "ac_3_3_c", - "ac_3_4", - "ac_3_4_a", - "ac_3_4_b", - "ac_3_4_c", - "ac_3_4_d", - "ac_3_4_e", - "ac_3_8", - "ac_3_12_a", - "ac_3_13", - "ac_3_15_a", - "ac_3_15_b", - "ac_4_28", - "ac_24", - "cm_5_1_a", - "cm_6_a", - "cm_9_b", - "sc_23_3" - ], - "ENS-RD2022": [ - "op.acc.6.aws.iam.2", - "op.acc.6.aws.iam.3" - ], - "AWS-Foundational-Technical-Review": [ - "IAM-002", - "IAM-0012" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.14" - ], - "PCI-4.0": [ - "8.3.10.1.1", - "8.3.5.1", - "8.3.7.1", - "8.3.9.1", - "8.6.3.1" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2" - ], - "FFIEC": [ - "d3-pc-am-b-6" - ], - "GDPR": [ - "article_25" - ], - "CIS-5.0": [ - "1.13" - ], - "CIS-1.4": [ - "1.14" - ], - "CCC": [ - "CCC.ObjStor.CN05.AR02" - ], - "GxP-21-CFR-Part-11": [ - "11.10-d", - "11.10-g", - "11.200", - "11.300-b" - ], - "ProwlerThreatScore-1.0": [ - "1.1.11" - ], - "AWS-Foundational-Security-Best-Practices": [ - "IAM.3" - ], - "CIS-1.5": [ - "1.14" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC02-BP02", - "SEC02-BP05" - ], - "ISO27001-2022": [ - "A.5.15" - ], - "NIST-800-53-Revision-4": [ - "ac_2_1", - "ac_2" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.2" - ], - "ISO27001-2013": [ - "A.9.2", - "A.9.3", - "A.9.4" - ], - "MITRE-ATTACK": [ - "T1078", - "T1550", - "T1110" - ], - "CIS-2.0": [ - "1.14" - ], - "CISA": [ - "your-systems-3" - ], - "NIS2": [ - "1.1.1.d", - "1.1.2", - "2.1.4", - "2.3.1", - "3.1.3", - "6.2.4", - "9.2.c", - "9.2.c.xii", - "11.6.2.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure access keys are rotated every 90 days or less", - "title": "Ensure access keys are rotated every 90 days or less", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_rotate_access_key_90_days-211203495394-us-east-1-" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "user": "", - "arn": "arn:aws:iam::211203495394:root", - "user_creation_time": "2025-10-03T16:10:08Z", - "password_enabled": "true", - "password_last_used": "2025-10-15T00:42:44Z", - "password_last_changed": "2025-10-03T16:10:08Z", - "password_next_rotation": "not_supported", - "mfa_active": "true", - "access_key_1_active": "false", - "access_key_1_last_rotated": "N/A", - "access_key_1_last_used_date": "N/A", - "access_key_1_last_used_region": "N/A", - "access_key_1_last_used_service": "N/A", - "access_key_2_active": "false", - "access_key_2_last_rotated": "N/A", - "access_key_2_last_used_date": "N/A", - "access_key_2_last_used_region": "N/A", - "access_key_2_last_used_service": "N/A", - "cert_1_active": "false", - "cert_1_last_rotated": "N/A", - "cert_2_active": "false", - "cert_2_last_rotated": "N/A" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "", - "type": "AwsIamAccessKey", - "uid": "arn:aws:iam::211203495394:root" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Use the credential report to ensure access_key_X_last_rotated is less than 90 days ago.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_getting-report.html" - ] - }, - "risk_details": "Access keys consist of an access key ID and secret access key which are used to sign programmatic requests that you make to AWS. AWS users need their own access keys to make programmatic calls to AWS from the AWS Command Line Interface (AWS CLI)- Tools for Windows PowerShell- the AWS SDKs- or direct HTTP calls using the APIs for individual AWS services. It is recommended that all access keys be regularly rotated.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User terraform-user does not have access keys older than 90 days.", - "metadata": { - "event_code": "iam_rotate_access_key_90_days", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "User terraform-user does not have access keys older than 90 days.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "HIPAA": [ - "164_308_a_3_ii_c", - "164_308_a_4_ii_c", - "164_308_a_5_ii_d" - ], - "C5-2025": [ - "IAM-10.01B", - "CRY-03.01B", - "CRY-09.02B" - ], - "NIST-CSF-1.1": [ - "ac_1" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-1", - "ac-2-f", - "ac-2-j" - ], - "CIS-3.0": [ - "1.14" - ], - "NIST-800-53-Revision-5": [ - "ac_2_1", - "ac_3_3", - "ac_3_3_a", - "ac_3_3_b_1", - "ac_3_3_b_2", - "ac_3_3_b_3", - "ac_3_3_b_4", - "ac_3_3_b_5", - "ac_3_3_c", - "ac_3_4", - "ac_3_4_a", - "ac_3_4_b", - "ac_3_4_c", - "ac_3_4_d", - "ac_3_4_e", - "ac_3_8", - "ac_3_12_a", - "ac_3_13", - "ac_3_15_a", - "ac_3_15_b", - "ac_4_28", - "ac_24", - "cm_5_1_a", - "cm_6_a", - "cm_9_b", - "sc_23_3" - ], - "ENS-RD2022": [ - "op.acc.6.aws.iam.2", - "op.acc.6.aws.iam.3" - ], - "AWS-Foundational-Technical-Review": [ - "IAM-002", - "IAM-0012" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.14" - ], - "PCI-4.0": [ - "8.3.10.1.1", - "8.3.5.1", - "8.3.7.1", - "8.3.9.1", - "8.6.3.1" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2" - ], - "FFIEC": [ - "d3-pc-am-b-6" - ], - "GDPR": [ - "article_25" - ], - "CIS-5.0": [ - "1.13" - ], - "CIS-1.4": [ - "1.14" - ], - "CCC": [ - "CCC.ObjStor.CN05.AR02" - ], - "GxP-21-CFR-Part-11": [ - "11.10-d", - "11.10-g", - "11.200", - "11.300-b" - ], - "ProwlerThreatScore-1.0": [ - "1.1.11" - ], - "AWS-Foundational-Security-Best-Practices": [ - "IAM.3" - ], - "CIS-1.5": [ - "1.14" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC02-BP02", - "SEC02-BP05" - ], - "ISO27001-2022": [ - "A.5.15" - ], - "NIST-800-53-Revision-4": [ - "ac_2_1", - "ac_2" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.2" - ], - "ISO27001-2013": [ - "A.9.2", - "A.9.3", - "A.9.4" - ], - "MITRE-ATTACK": [ - "T1078", - "T1550", - "T1110" - ], - "CIS-2.0": [ - "1.14" - ], - "CISA": [ - "your-systems-3" - ], - "NIS2": [ - "1.1.1.d", - "1.1.2", - "2.1.4", - "2.3.1", - "3.1.3", - "6.2.4", - "9.2.c", - "9.2.c.xii", - "11.6.2.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure access keys are rotated every 90 days or less", - "title": "Ensure access keys are rotated every 90 days or less", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_rotate_access_key_90_days-211203495394-us-east-1-terraform-user" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "user": "terraform-user", - "arn": "arn:aws:iam::211203495394:user/terraform-user", - "user_creation_time": "2025-10-06T15:56:43Z", - "password_enabled": "false", - "password_last_used": "N/A", - "password_last_changed": "N/A", - "password_next_rotation": "N/A", - "mfa_active": "false", - "access_key_1_active": "true", - "access_key_1_last_rotated": "2025-10-06T15:57:15Z", - "access_key_1_last_used_date": "2025-10-15T11:07:00Z", - "access_key_1_last_used_region": "ap-northeast-1", - "access_key_1_last_used_service": "ec2", - "access_key_2_active": "false", - "access_key_2_last_rotated": "N/A", - "access_key_2_last_used_date": "N/A", - "access_key_2_last_used_region": "N/A", - "access_key_2_last_used_service": "N/A", - "cert_1_active": "false", - "cert_1_last_rotated": "N/A", - "cert_2_active": "false", - "cert_2_last_rotated": "N/A" - } - }, - "group": { - "name": "iam" - }, - "labels": [ - "CCC_INFRA_DONT_DELETE:True", - "Preexisting:20251012" - ], - "name": "terraform-user", - "type": "AwsIamAccessKey", - "uid": "arn:aws:iam::211203495394:user/terraform-user" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Use the credential report to ensure access_key_X_last_rotated is less than 90 days ago.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_getting-report.html" - ] - }, - "risk_details": "Access keys consist of an access key ID and secret access key which are used to sign programmatic requests that you make to AWS. AWS users need their own access keys to make programmatic calls to AWS from the AWS Command Line Interface (AWS CLI)- Tools for Windows PowerShell- the AWS SDKs- or direct HTTP calls using the APIs for individual AWS services. It is recommended that all access keys be regularly rotated.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "SecurityAudit policy is not attached to any role.", - "metadata": { - "event_code": "iam_securityaudit_role_created", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "SecurityAudit policy is not attached to any role.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-02.01B", - "OIS-02.02B", - "OIS-04.01B", - "HR-04.01B", - "IAM-01.01B", - "IAM-01.04B", - "IAM-05.02B", - "IAM-06.06B", - "DEV-15.01B", - "SIM-01.02B", - "SIM-01.03B", - "COM-02.02B", - "COM-03.02B", - "INQ-02.01B", - "PSS-09.01AC" - ], - "ENS-RD2022": [ - "op.acc.3.r2.aws.iam.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "ISO27001-2022": [ - "A.5.3" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "NIS2": [ - "1.2.4", - "2.1.1", - "2.1.2.a", - "2.1.2.e", - "2.1.2.f", - "2.2.1", - "2.3.1", - "3.1.2.c", - "3.1.3", - "6.2.2.a", - "7.2.d", - "7.2.e", - "7.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure a Security Audit role has been created to conduct security audits", - "title": "Ensure a Security Audit role has been created to conduct security audits", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_securityaudit_role_created-211203495394-us-east-1-SecurityAudit" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "SecurityAudit", - "type": "AwsIamRole", - "uid": "arn:aws:iam::aws:policy/SecurityAudit" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Create an IAM role for conduct security audits with AWS.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_job-functions.html#jf_security-auditor" - ] - }, - "risk_details": "Creating an IAM role with a security audit policy provides a clear separation of duties between the security team and other teams within the organization. This helps to ensure that security-related activities are performed by authorized individuals with the appropriate expertise and access permissions.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "AWS Support Access policy is not attached to any role.", - "metadata": { - "event_code": "iam_support_role_created", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "AWS Support Access policy is not attached to any role.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "CAF Security Epic: IAM", - "compliance": { - "C5-2025": [ - "OIS-02.01B", - "OIS-02.02B", - "HR-04.01B", - "OPS-13.02B", - "OPS-13.03AC", - "OPS-17.02B", - "OPS-24.01B", - "OPS-24.02B", - "IAM-01.01B", - "IAM-01.04B", - "IAM-06.06B", - "DEV-15.01B", - "SSO-05.06B", - "SIM-01.02B", - "SIM-01.03B" - ], - "CIS-3.0": [ - "1.17" - ], - "ENS-RD2022": [ - "op.acc.3.r1.aws.iam.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2", - "2.11.1" - ], - "CIS-4.0.1": [ - "1.17" - ], - "GDPR": [ - "article_25" - ], - "CIS-5.0": [ - "1.16" - ], - "CIS-1.4": [ - "1.17" - ], - "ProwlerThreatScore-1.0": [ - "1.2.3" - ], - "CIS-1.5": [ - "1.17" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC10-BP01" - ], - "AWS-Account-Security-Onboarding": [ - "Predefine IAM Roles" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2", - "2.11.1" - ], - "CIS-2.0": [ - "1.17" - ], - "NIS2": [ - "2.1.1", - "2.1.2.a", - "2.2.1", - "3.1.2.d", - "4.3.2.a", - "5.1.7.b" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure a support role has been created to manage incidents with AWS Support", - "title": "Ensure a support role has been created to manage incidents with AWS Support", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_support_role_created-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "211203495394", - "type": "AwsIamRole", - "uid": "arn:aws:iam::aws:policy/AWSSupportAccess" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Create an IAM role for managing incidents with AWS.", - "references": [ - "https://docs.aws.amazon.com/awssupport/latest/user/using-service-linked-roles-sup.html" - ] - }, - "risk_details": "AWS provides a support center that can be used for incident notification and response, as well as technical support and customer services. Create an IAM Role to allow authorized users to manage incidents with AWS Support.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User does not have access keys.", - "metadata": { - "event_code": "iam_user_accesskey_unused", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "User does not have access keys.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_1", - "3_1_2", - "3_1_4", - "3_1_5", - "3_5_6", - "3_5_7", - "3_5_8" - ], - "HIPAA": [ - "164_308_a_3_ii_b", - "164_308_a_4_ii_c", - "164_308_a_5_ii_d" - ], - "SOC2": [ - "cc_1_3" - ], - "C5-2025": [ - "IAM-03.02B", - "IAM-03.03B", - "IAM-03.01AS", - "IAM-05.04B", - "IAM-10.01B", - "CRY-03.01B" - ], - "NIST-CSF-1.1": [ - "ac_1", - "ac_4" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-1", - "ac-2-f", - "ac-2-j", - "ac-2-3", - "ac-3", - "ac-5-c", - "ac-6" - ], - "CIS-3.0": [ - "1.12" - ], - "NIST-800-53-Revision-5": [ - "ac_2_1", - "ac_2_3_a", - "ac_2_3_b", - "ac_2_3_c", - "ac_2_3_d", - "ac_2_3", - "ac_2_6", - "ac_2_g", - "ac_2_j", - "ac_3", - "ac_3_3", - "ac_3_3_a", - "ac_3_3_b_1", - "ac_3_3_b_2", - "ac_3_3_b_3", - "ac_3_3_b_4", - "ac_3_3_b_5", - "ac_3_3_c", - "ac_3_4", - "ac_3_4_a", - "ac_3_4_b", - "ac_3_4_c", - "ac_3_4_d", - "ac_3_4_e", - "ac_3_7", - "ac_3_8", - "ac_3_12_a", - "ac_3_13", - "ac_3_15_a", - "ac_3_15_b", - "ac_4_28", - "ac_6", - "ac_24", - "cm_5_1_a", - "cm_6_a", - "cm_9_b", - "mp_2", - "sc_23_3" - ], - "ENS-RD2022": [ - "op.acc.6.aws.iam.2", - "op.acc.6.aws.iam.3", - "op.acc.6.r7.aws.iam.1" - ], - "AWS-Foundational-Technical-Review": [ - "IAM-002", - "IAM-0012" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.12" - ], - "PCI-4.0": [ - "7.2.4.2", - "7.2.5.1.2", - "8.2.6.2", - "A3.4.1.10" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "ac-3" - ], - "FFIEC": [ - "d3-pc-am-b-6" - ], - "GDPR": [ - "article_25" - ], - "PCI-3.2.1": [ - "8.1", - "8.1.4" - ], - "CIS-5.0": [ - "1.11" - ], - "CIS-1.4": [ - "1.12" - ], - "GxP-21-CFR-Part-11": [ - "11.10-d", - "11.10-g", - "11.300-b" - ], - "ProwlerThreatScore-1.0": [ - "1.1.10" - ], - "AWS-Foundational-Security-Best-Practices": [ - "IAM.8", - "IAM.22", - "IAM.26" - ], - "CIS-1.5": [ - "1.12" - ], - "ISO27001-2022": [ - "A.5.15" - ], - "NIST-800-53-Revision-4": [ - "ac_2_1", - "ac_2_3", - "ac_2", - "ac_3", - "ac_6" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.2" - ], - "ISO27001-2013": [ - "A.9.2", - "A.9.3", - "A.9.4" - ], - "MITRE-ATTACK": [ - "T1078", - "T1550", - "T1110" - ], - "CIS-2.0": [ - "1.12" - ], - "CISA": [ - "your-systems-3" - ], - "NIS2": [ - "11.5.4" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure unused User Access Keys are disabled", - "title": "Ensure unused User Access Keys are disabled", - "types": [ - "Software and Configuration Checks" - ], - "uid": "prowler-aws-iam_user_accesskey_unused-211203495394-us-east-1-" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "user": "", - "arn": "arn:aws:iam::211203495394:root", - "user_creation_time": "2025-10-03T16:10:08Z", - "password_enabled": "true", - "password_last_used": "2025-10-15T00:42:44Z", - "password_last_changed": "2025-10-03T16:10:08Z", - "password_next_rotation": "not_supported", - "mfa_active": "true", - "access_key_1_active": "false", - "access_key_1_last_rotated": "N/A", - "access_key_1_last_used_date": "N/A", - "access_key_1_last_used_region": "N/A", - "access_key_1_last_used_service": "N/A", - "access_key_2_active": "false", - "access_key_2_last_rotated": "N/A", - "access_key_2_last_used_date": "N/A", - "access_key_2_last_used_region": "N/A", - "access_key_2_last_used_service": "N/A", - "cert_1_active": "false", - "cert_1_last_rotated": "N/A", - "cert_2_active": "false", - "cert_2_last_rotated": "N/A" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "", - "type": "AwsIamUser", - "uid": "arn:aws:iam::211203495394:root" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Find the credentials that they were using and ensure that they are no longer operational. Ideally, you delete credentials if they are no longer needed. You can always recreate them at a later date if the need arises. At the very least, you should change the password or deactivate the access keys so that the former users no longer have access.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_finding-unused.html" - ] - }, - "risk_details": "To increase the security of your AWS account, remove IAM user credentials (that is, passwords and access keys) that are not needed. For example, when users leave your organization or no longer need AWS access.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User terraform-user does not have unused access keys for 45 days.", - "metadata": { - "event_code": "iam_user_accesskey_unused", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "User terraform-user does not have unused access keys for 45 days.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_1", - "3_1_2", - "3_1_4", - "3_1_5", - "3_5_6", - "3_5_7", - "3_5_8" - ], - "HIPAA": [ - "164_308_a_3_ii_b", - "164_308_a_4_ii_c", - "164_308_a_5_ii_d" - ], - "SOC2": [ - "cc_1_3" - ], - "C5-2025": [ - "IAM-03.02B", - "IAM-03.03B", - "IAM-03.01AS", - "IAM-05.04B", - "IAM-10.01B", - "CRY-03.01B" - ], - "NIST-CSF-1.1": [ - "ac_1", - "ac_4" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-1", - "ac-2-f", - "ac-2-j", - "ac-2-3", - "ac-3", - "ac-5-c", - "ac-6" - ], - "CIS-3.0": [ - "1.12" - ], - "NIST-800-53-Revision-5": [ - "ac_2_1", - "ac_2_3_a", - "ac_2_3_b", - "ac_2_3_c", - "ac_2_3_d", - "ac_2_3", - "ac_2_6", - "ac_2_g", - "ac_2_j", - "ac_3", - "ac_3_3", - "ac_3_3_a", - "ac_3_3_b_1", - "ac_3_3_b_2", - "ac_3_3_b_3", - "ac_3_3_b_4", - "ac_3_3_b_5", - "ac_3_3_c", - "ac_3_4", - "ac_3_4_a", - "ac_3_4_b", - "ac_3_4_c", - "ac_3_4_d", - "ac_3_4_e", - "ac_3_7", - "ac_3_8", - "ac_3_12_a", - "ac_3_13", - "ac_3_15_a", - "ac_3_15_b", - "ac_4_28", - "ac_6", - "ac_24", - "cm_5_1_a", - "cm_6_a", - "cm_9_b", - "mp_2", - "sc_23_3" - ], - "ENS-RD2022": [ - "op.acc.6.aws.iam.2", - "op.acc.6.aws.iam.3", - "op.acc.6.r7.aws.iam.1" - ], - "AWS-Foundational-Technical-Review": [ - "IAM-002", - "IAM-0012" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.12" - ], - "PCI-4.0": [ - "7.2.4.2", - "7.2.5.1.2", - "8.2.6.2", - "A3.4.1.10" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "ac-3" - ], - "FFIEC": [ - "d3-pc-am-b-6" - ], - "GDPR": [ - "article_25" - ], - "PCI-3.2.1": [ - "8.1", - "8.1.4" - ], - "CIS-5.0": [ - "1.11" - ], - "CIS-1.4": [ - "1.12" - ], - "GxP-21-CFR-Part-11": [ - "11.10-d", - "11.10-g", - "11.300-b" - ], - "ProwlerThreatScore-1.0": [ - "1.1.10" - ], - "AWS-Foundational-Security-Best-Practices": [ - "IAM.8", - "IAM.22", - "IAM.26" - ], - "CIS-1.5": [ - "1.12" - ], - "ISO27001-2022": [ - "A.5.15" - ], - "NIST-800-53-Revision-4": [ - "ac_2_1", - "ac_2_3", - "ac_2", - "ac_3", - "ac_6" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.2" - ], - "ISO27001-2013": [ - "A.9.2", - "A.9.3", - "A.9.4" - ], - "MITRE-ATTACK": [ - "T1078", - "T1550", - "T1110" - ], - "CIS-2.0": [ - "1.12" - ], - "CISA": [ - "your-systems-3" - ], - "NIS2": [ - "11.5.4" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure unused User Access Keys are disabled", - "title": "Ensure unused User Access Keys are disabled", - "types": [ - "Software and Configuration Checks" - ], - "uid": "prowler-aws-iam_user_accesskey_unused-211203495394-us-east-1-terraform-user" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "user": "terraform-user", - "arn": "arn:aws:iam::211203495394:user/terraform-user", - "user_creation_time": "2025-10-06T15:56:43Z", - "password_enabled": "false", - "password_last_used": "N/A", - "password_last_changed": "N/A", - "password_next_rotation": "N/A", - "mfa_active": "false", - "access_key_1_active": "true", - "access_key_1_last_rotated": "2025-10-06T15:57:15Z", - "access_key_1_last_used_date": "2025-10-15T11:07:00Z", - "access_key_1_last_used_region": "ap-northeast-1", - "access_key_1_last_used_service": "ec2", - "access_key_2_active": "false", - "access_key_2_last_rotated": "N/A", - "access_key_2_last_used_date": "N/A", - "access_key_2_last_used_region": "N/A", - "access_key_2_last_used_service": "N/A", - "cert_1_active": "false", - "cert_1_last_rotated": "N/A", - "cert_2_active": "false", - "cert_2_last_rotated": "N/A" - } - }, - "group": { - "name": "iam" - }, - "labels": [ - "CCC_INFRA_DONT_DELETE:True", - "Preexisting:20251012" - ], - "name": "terraform-user", - "type": "AwsIamUser", - "uid": "arn:aws:iam::211203495394:user/terraform-user" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Find the credentials that they were using and ensure that they are no longer operational. Ideally, you delete credentials if they are no longer needed. You can always recreate them at a later date if the need arises. At the very least, you should change the password or deactivate the access keys so that the former users no longer have access.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_finding-unused.html" - ] - }, - "risk_details": "To increase the security of your AWS account, remove IAM user credentials (that is, passwords and access keys) that are not needed. For example, when users leave your organization or no longer need AWS access.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "IAM User terraform-user has AdministratorAccess policy attached.", - "metadata": { - "event_code": "iam_user_administrator_access_policy", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "IAM User terraform-user has AdministratorAccess policy attached.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-04.03B", - "SP-01.04B", - "HR-01.01B", - "IAM-01.01B", - "IAM-01.04B", - "IAM-10.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "PCI-4.0": [ - "7.2.1.19", - "7.2.2.19", - "7.2.5.13", - "7.3.1.13", - "7.3.2.13", - "7.3.3.13", - "8.2.7.13", - "8.2.8.15", - "8.3.4.13" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.LB.CN04.AR01", - "CCC.LB.CN05.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR04" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "This check ensures that no IAM users in your AWS account have the 'AdministratorAccess' policy attached. IAM users with this policy have unrestricted access to all AWS services and resources, which poses a significant security risk if misused.", - "title": "Ensure No IAM Users Have Administrator Access Policy", - "types": [], - "uid": "prowler-aws-iam_user_administrator_access_policy-211203495394-us-east-1-terraform-user" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "terraform-user", - "arn": "arn:aws:iam::211203495394:user/terraform-user", - "mfa_devices": [], - "password_last_used": null, - "console_access": false, - "attached_policies": [ - { - "PolicyName": "AdministratorAccess", - "PolicyArn": "arn:aws:iam::aws:policy/AdministratorAccess" - } - ], - "inline_policies": [], - "tags": [ - { - "Key": "CCC_INFRA_DONT_DELETE", - "Value": "True" - }, - { - "Key": "Preexisting", - "Value": "20251012" - } - ] - } - }, - "group": { - "name": "iam" - }, - "labels": [ - "CCC_INFRA_DONT_DELETE:True", - "Preexisting:20251012" - ], - "name": "terraform-user", - "type": "AwsIamUser", - "uid": "arn:aws:iam::211203495394:user/terraform-user" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Replace the 'AdministratorAccess' policy with more specific permissions that follow the Principle of Least Privilege. Consider implementing IAM roles such as 'IAM Master' and 'IAM Manager' to manage permissions more securely.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html" - ] - }, - "risk_details": "IAM users with administrator-level permissions can perform any action on any resource in your AWS environment. If these permissions are granted to users unnecessarily or to individuals without sufficient knowledge, it can lead to security vulnerabilities, data leaks, data loss, or unexpected charges.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "IAM User test-user-trusted does not have AdministratorAccess policy.", - "metadata": { - "event_code": "iam_user_administrator_access_policy", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "IAM User test-user-trusted does not have AdministratorAccess policy.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-04.03B", - "SP-01.04B", - "HR-01.01B", - "IAM-01.01B", - "IAM-01.04B", - "IAM-10.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "PCI-4.0": [ - "7.2.1.19", - "7.2.2.19", - "7.2.5.13", - "7.3.1.13", - "7.3.2.13", - "7.3.3.13", - "8.2.7.13", - "8.2.8.15", - "8.3.4.13" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.LB.CN04.AR01", - "CCC.LB.CN05.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR04" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "This check ensures that no IAM users in your AWS account have the 'AdministratorAccess' policy attached. IAM users with this policy have unrestricted access to all AWS services and resources, which poses a significant security risk if misused.", - "title": "Ensure No IAM Users Have Administrator Access Policy", - "types": [], - "uid": "prowler-aws-iam_user_administrator_access_policy-211203495394-us-east-1-test-user-trusted" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "test-user-trusted", - "arn": "arn:aws:iam::211203495394:user/test-user-trusted", - "mfa_devices": [], - "password_last_used": null, - "console_access": false, - "attached_policies": [], - "inline_policies": [ - "CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-read", - "CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-write" - ], - "tags": [ - { - "Key": "Purpose", - "Value": "CCC-Testing" - }, - { - "Key": "ManagedBy", - "Value": "CCC-CFI-Compliance-Framework" - } - ] - } - }, - "group": { - "name": "iam" - }, - "labels": [ - "Purpose:CCC-Testing", - "ManagedBy:CCC-CFI-Compliance-Framework" - ], - "name": "test-user-trusted", - "type": "AwsIamUser", - "uid": "arn:aws:iam::211203495394:user/test-user-trusted" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Replace the 'AdministratorAccess' policy with more specific permissions that follow the Principle of Least Privilege. Consider implementing IAM roles such as 'IAM Master' and 'IAM Manager' to manage permissions more securely.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html" - ] - }, - "risk_details": "IAM users with administrator-level permissions can perform any action on any resource in your AWS environment. If these permissions are granted to users unnecessarily or to individuals without sufficient knowledge, it can lead to security vulnerabilities, data leaks, data loss, or unexpected charges.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User terraform-user does not have console access enabled or is unused.", - "metadata": { - "event_code": "iam_user_console_access_unused", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "User terraform-user does not have console access enabled or is unused.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_1", - "3_1_2", - "3_1_4", - "3_1_5", - "3_5_6", - "3_5_7", - "3_5_8" - ], - "HIPAA": [ - "164_308_a_3_ii_b", - "164_308_a_4_ii_c", - "164_308_a_5_ii_d" - ], - "SOC2": [ - "cc_1_3" - ], - "C5-2025": [ - "OPS-05.02AC", - "IAM-03.02B", - "IAM-03.03B", - "IAM-03.01AS", - "IAM-05.04B", - "IAM-10.01B" - ], - "NIST-CSF-1.1": [ - "ac_1", - "ac_4" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-1", - "ac-2-f", - "ac-2-j", - "ac-2-3", - "ac-3", - "ac-5-c", - "ac-6" - ], - "CIS-3.0": [ - "1.12" - ], - "NIST-800-53-Revision-5": [ - "ac_2_1", - "ac_2_3_a", - "ac_2_3_b", - "ac_2_3_c", - "ac_2_3_d", - "ac_2_3", - "ac_2_6", - "ac_2_g", - "ac_2_j", - "ac_3", - "ac_3_3", - "ac_3_3_a", - "ac_3_3_b_1", - "ac_3_3_b_2", - "ac_3_3_b_3", - "ac_3_3_b_4", - "ac_3_3_b_5", - "ac_3_3_c", - "ac_3_4", - "ac_3_4_a", - "ac_3_4_b", - "ac_3_4_c", - "ac_3_4_d", - "ac_3_4_e", - "ac_3_7", - "ac_3_8", - "ac_3_12_a", - "ac_3_13", - "ac_3_15_a", - "ac_3_15_b", - "ac_4_28", - "ac_6", - "ac_24", - "cm_5_1_a", - "cm_6_a", - "cm_9_b", - "mp_2", - "sc_23_3" - ], - "ENS-RD2022": [ - "op.acc.6.aws.iam.2", - "op.acc.6.aws.iam.3", - "op.acc.6.r7.aws.iam.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.3", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.12" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "ac-3" - ], - "FFIEC": [ - "d3-pc-am-b-6" - ], - "GDPR": [ - "article_25" - ], - "PCI-3.2.1": [ - "8.1", - "8.1.4" - ], - "CIS-5.0": [ - "1.11" - ], - "CIS-1.4": [ - "1.12" - ], - "GxP-21-CFR-Part-11": [ - "11.10-d", - "11.10-g", - "11.300-b" - ], - "ProwlerThreatScore-1.0": [ - "1.1.10" - ], - "AWS-Foundational-Security-Best-Practices": [ - "IAM.8", - "IAM.22", - "IAM.26" - ], - "CIS-1.5": [ - "1.12" - ], - "ISO27001-2022": [ - "A.5.15" - ], - "NIST-800-53-Revision-4": [ - "ac_2_1", - "ac_2_3", - "ac_2", - "ac_3", - "ac_6" - ], - "KISA-ISMS-P-2023": [ - "2.5.3", - "2.10.2" - ], - "ISO27001-2013": [ - "A.9.2", - "A.9.3", - "A.9.4" - ], - "MITRE-ATTACK": [ - "T1078", - "T1550", - "T1110" - ], - "CIS-2.0": [ - "1.12" - ], - "CISA": [ - "your-systems-3" - ], - "NIS2": [ - "11.3.2.d", - "11.5.4" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure unused user console access are disabled", - "title": "Ensure unused user console access are disabled", - "types": [ - "Software and Configuration Checks" - ], - "uid": "prowler-aws-iam_user_console_access_unused-211203495394-us-east-1-terraform-user" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "terraform-user", - "arn": "arn:aws:iam::211203495394:user/terraform-user", - "mfa_devices": [], - "password_last_used": null, - "console_access": false, - "attached_policies": [ - { - "PolicyName": "AdministratorAccess", - "PolicyArn": "arn:aws:iam::aws:policy/AdministratorAccess" - } - ], - "inline_policies": [], - "tags": [ - { - "Key": "CCC_INFRA_DONT_DELETE", - "Value": "True" - }, - { - "Key": "Preexisting", - "Value": "20251012" - } - ] - } - }, - "group": { - "name": "iam" - }, - "labels": [ - "CCC_INFRA_DONT_DELETE:True", - "Preexisting:20251012" - ], - "name": "terraform-user", - "type": "AwsIamUser", - "uid": "arn:aws:iam::211203495394:user/terraform-user" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Find the credentials that they were using and ensure that they are no longer operational. Ideally, you delete credentials if they are no longer needed. You can always recreate them at a later date if the need arises. At the very least, you should change the password or deactivate the access keys so that the former users no longer have access.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_finding-unused.html" - ] - }, - "risk_details": "To increase the security of your AWS account, remove IAM user credentials (that is, passwords and access keys) that are not needed. For example, when users leave your organization or no longer need AWS access.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User test-user-trusted does not have console access enabled or is unused.", - "metadata": { - "event_code": "iam_user_console_access_unused", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "User test-user-trusted does not have console access enabled or is unused.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_1", - "3_1_2", - "3_1_4", - "3_1_5", - "3_5_6", - "3_5_7", - "3_5_8" - ], - "HIPAA": [ - "164_308_a_3_ii_b", - "164_308_a_4_ii_c", - "164_308_a_5_ii_d" - ], - "SOC2": [ - "cc_1_3" - ], - "C5-2025": [ - "OPS-05.02AC", - "IAM-03.02B", - "IAM-03.03B", - "IAM-03.01AS", - "IAM-05.04B", - "IAM-10.01B" - ], - "NIST-CSF-1.1": [ - "ac_1", - "ac_4" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-1", - "ac-2-f", - "ac-2-j", - "ac-2-3", - "ac-3", - "ac-5-c", - "ac-6" - ], - "CIS-3.0": [ - "1.12" - ], - "NIST-800-53-Revision-5": [ - "ac_2_1", - "ac_2_3_a", - "ac_2_3_b", - "ac_2_3_c", - "ac_2_3_d", - "ac_2_3", - "ac_2_6", - "ac_2_g", - "ac_2_j", - "ac_3", - "ac_3_3", - "ac_3_3_a", - "ac_3_3_b_1", - "ac_3_3_b_2", - "ac_3_3_b_3", - "ac_3_3_b_4", - "ac_3_3_b_5", - "ac_3_3_c", - "ac_3_4", - "ac_3_4_a", - "ac_3_4_b", - "ac_3_4_c", - "ac_3_4_d", - "ac_3_4_e", - "ac_3_7", - "ac_3_8", - "ac_3_12_a", - "ac_3_13", - "ac_3_15_a", - "ac_3_15_b", - "ac_4_28", - "ac_6", - "ac_24", - "cm_5_1_a", - "cm_6_a", - "cm_9_b", - "mp_2", - "sc_23_3" - ], - "ENS-RD2022": [ - "op.acc.6.aws.iam.2", - "op.acc.6.aws.iam.3", - "op.acc.6.r7.aws.iam.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.3", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.12" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "ac-3" - ], - "FFIEC": [ - "d3-pc-am-b-6" - ], - "GDPR": [ - "article_25" - ], - "PCI-3.2.1": [ - "8.1", - "8.1.4" - ], - "CIS-5.0": [ - "1.11" - ], - "CIS-1.4": [ - "1.12" - ], - "GxP-21-CFR-Part-11": [ - "11.10-d", - "11.10-g", - "11.300-b" - ], - "ProwlerThreatScore-1.0": [ - "1.1.10" - ], - "AWS-Foundational-Security-Best-Practices": [ - "IAM.8", - "IAM.22", - "IAM.26" - ], - "CIS-1.5": [ - "1.12" - ], - "ISO27001-2022": [ - "A.5.15" - ], - "NIST-800-53-Revision-4": [ - "ac_2_1", - "ac_2_3", - "ac_2", - "ac_3", - "ac_6" - ], - "KISA-ISMS-P-2023": [ - "2.5.3", - "2.10.2" - ], - "ISO27001-2013": [ - "A.9.2", - "A.9.3", - "A.9.4" - ], - "MITRE-ATTACK": [ - "T1078", - "T1550", - "T1110" - ], - "CIS-2.0": [ - "1.12" - ], - "CISA": [ - "your-systems-3" - ], - "NIS2": [ - "11.3.2.d", - "11.5.4" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure unused user console access are disabled", - "title": "Ensure unused user console access are disabled", - "types": [ - "Software and Configuration Checks" - ], - "uid": "prowler-aws-iam_user_console_access_unused-211203495394-us-east-1-test-user-trusted" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "test-user-trusted", - "arn": "arn:aws:iam::211203495394:user/test-user-trusted", - "mfa_devices": [], - "password_last_used": null, - "console_access": false, - "attached_policies": [], - "inline_policies": [ - "CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-read", - "CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-write" - ], - "tags": [ - { - "Key": "Purpose", - "Value": "CCC-Testing" - }, - { - "Key": "ManagedBy", - "Value": "CCC-CFI-Compliance-Framework" - } - ] - } - }, - "group": { - "name": "iam" - }, - "labels": [ - "Purpose:CCC-Testing", - "ManagedBy:CCC-CFI-Compliance-Framework" - ], - "name": "test-user-trusted", - "type": "AwsIamUser", - "uid": "arn:aws:iam::211203495394:user/test-user-trusted" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Find the credentials that they were using and ensure that they are no longer operational. Ideally, you delete credentials if they are no longer needed. You can always recreate them at a later date if the need arises. At the very least, you should change the password or deactivate the access keys so that the former users no longer have access.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_finding-unused.html" - ] - }, - "risk_details": "To increase the security of your AWS account, remove IAM user credentials (that is, passwords and access keys) that are not needed. For example, when users leave your organization or no longer need AWS access.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User terraform-user does not have any type of MFA enabled.", - "metadata": { - "event_code": "iam_user_hardware_mfa_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "User terraform-user does not have any type of MFA enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OPS-16.01B", - "IAM-08.05B", - "IAM-09.02B", - "IAM-09.01AC", - "PSS-05.01B", - "PSS-07.02B" - ], - "AWS-Foundational-Technical-Review": [ - "IAM-001", - "IAM-0012" - ], - "AWS-Audit-Manager-Control-Tower-Guardrails": [ - "3.0.1", - "3.0.2" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.3", - "2.10.2" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2" - ], - "CCC": [ - "CCC.Core.CN03.AR03", - "CCC.Core.CN03.AR04", - "CCC.Core.CN05.AR06" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC02-BP01" - ], - "ISO27001-2022": [ - "A.8.5" - ], - "KISA-ISMS-P-2023": [ - "2.5.3", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1078", - "T1098", - "T1556", - "T1550", - "T1110", - "T1040" - ], - "CISA": [ - "booting-up-thing-to-do-first-2" - ], - "NIS2": [ - "11.7.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Check if IAM users have Hardware MFA enabled.", - "title": "Check if IAM users have Hardware MFA enabled.", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_user_hardware_mfa_enabled-211203495394-us-east-1-terraform-user" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "terraform-user", - "arn": "arn:aws:iam::211203495394:user/terraform-user", - "mfa_devices": [], - "password_last_used": null, - "console_access": false, - "attached_policies": [ - { - "PolicyName": "AdministratorAccess", - "PolicyArn": "arn:aws:iam::aws:policy/AdministratorAccess" - } - ], - "inline_policies": [], - "tags": [ - { - "Key": "CCC_INFRA_DONT_DELETE", - "Value": "True" - }, - { - "Key": "Preexisting", - "Value": "20251012" - } - ] - } - }, - "group": { - "name": "iam" - }, - "labels": [ - "CCC_INFRA_DONT_DELETE:True", - "Preexisting:20251012" - ], - "name": "terraform-user", - "type": "AwsIamUser", - "uid": "arn:aws:iam::211203495394:user/terraform-user" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Enable hardware MFA device for an IAM user from the AWS Management Console, the command line, or the IAM API.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_mfa_enable_physical.html" - ] - }, - "risk_details": "Hardware MFA is preferred over virtual MFA.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User test-user-trusted does not have any type of MFA enabled.", - "metadata": { - "event_code": "iam_user_hardware_mfa_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "User test-user-trusted does not have any type of MFA enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OPS-16.01B", - "IAM-08.05B", - "IAM-09.02B", - "IAM-09.01AC", - "PSS-05.01B", - "PSS-07.02B" - ], - "AWS-Foundational-Technical-Review": [ - "IAM-001", - "IAM-0012" - ], - "AWS-Audit-Manager-Control-Tower-Guardrails": [ - "3.0.1", - "3.0.2" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.3", - "2.10.2" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2" - ], - "CCC": [ - "CCC.Core.CN03.AR03", - "CCC.Core.CN03.AR04", - "CCC.Core.CN05.AR06" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC02-BP01" - ], - "ISO27001-2022": [ - "A.8.5" - ], - "KISA-ISMS-P-2023": [ - "2.5.3", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1078", - "T1098", - "T1556", - "T1550", - "T1110", - "T1040" - ], - "CISA": [ - "booting-up-thing-to-do-first-2" - ], - "NIS2": [ - "11.7.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Check if IAM users have Hardware MFA enabled.", - "title": "Check if IAM users have Hardware MFA enabled.", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_user_hardware_mfa_enabled-211203495394-us-east-1-test-user-trusted" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "test-user-trusted", - "arn": "arn:aws:iam::211203495394:user/test-user-trusted", - "mfa_devices": [], - "password_last_used": null, - "console_access": false, - "attached_policies": [], - "inline_policies": [ - "CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-read", - "CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-write" - ], - "tags": [ - { - "Key": "Purpose", - "Value": "CCC-Testing" - }, - { - "Key": "ManagedBy", - "Value": "CCC-CFI-Compliance-Framework" - } - ] - } - }, - "group": { - "name": "iam" - }, - "labels": [ - "Purpose:CCC-Testing", - "ManagedBy:CCC-CFI-Compliance-Framework" - ], - "name": "test-user-trusted", - "type": "AwsIamUser", - "uid": "arn:aws:iam::211203495394:user/test-user-trusted" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Enable hardware MFA device for an IAM user from the AWS Management Console, the command line, or the IAM API.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_mfa_enable_physical.html" - ] - }, - "risk_details": "Hardware MFA is preferred over virtual MFA.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User terraform-user does not have Console Password enabled.", - "metadata": { - "event_code": "iam_user_mfa_enabled_console_access", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "User terraform-user does not have Console Password enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_1", - "3_1_2", - "3_1_14", - "3_5_2", - "3_5_3" - ], - "HIPAA": [ - "164_308_a_3_ii_a", - "164_312_a_1", - "164_312_d" - ], - "C5-2025": [ - "OPS-05.02AC", - "OPS-16.01B", - "IAM-04.06B", - "IAM-06.09B", - "IAM-08.02B", - "IAM-08.05B", - "IAM-09.02B", - "IAM-09.01AC", - "IAM-10.01B", - "PSS-05.01B", - "PSS-07.01B", - "PSS-07.02B" - ], - "NIST-CSF-1.1": [ - "ac_3", - "ac_7" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-1", - "ac-2-f", - "ac-2-j", - "ia-2-1-2", - "ia-2-1" - ], - "CIS-3.0": [ - "1.10" - ], - "NIST-800-53-Revision-5": [ - "ac_2_1", - "ac_3_2", - "ac_3_3", - "ac_3_3_a", - "ac_3_3_b_1", - "ac_3_3_b_2", - "ac_3_3_b_3", - "ac_3_3_b_4", - "ac_3_3_b_5", - "ac_3_3_c", - "ac_3_4", - "ac_3_4_a", - "ac_3_4_b", - "ac_3_4_c", - "ac_3_4_d", - "ac_3_4_e", - "ac_3_8", - "ac_3_12_a", - "ac_3_13", - "ac_3_15_a", - "ac_3_15_b", - "ac_4_28", - "ac_7_4", - "ac_7_4_a", - "ac_24", - "cm_5_1_a", - "cm_6_a", - "cm_9_b", - "ia_2_1", - "ia_2_2", - "ia_2_6", - "ia_2_6_a", - "ia_2_8", - "sc_23_3" - ], - "ENS-RD2022": [ - "op.acc.6.r2.aws.iam.1", - "op.acc.6.r4.aws.iam.1", - "op.acc.6.r8.aws.iam.1" - ], - "AWS-Foundational-Technical-Review": [ - "IAM-001", - "IAM-0012" - ], - "AWS-Audit-Manager-Control-Tower-Guardrails": [ - "3.0.1", - "3.0.2", - "3.0.3" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.3", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.10" - ], - "PCI-4.0": [ - "8.4.1.1", - "8.4.1.2", - "8.4.2.1", - "8.4.2.2", - "8.4.3.1", - "8.4.3.2" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "ia-2" - ], - "FFIEC": [ - "d3-pc-am-b-15", - "d3-pc-am-b-6" - ], - "GDPR": [ - "article_25" - ], - "PCI-3.2.1": [ - "8.3", - "8.3.1", - "8.3.1.a", - "8.3.2", - "8.3.2.a", - "8.6", - "8.6.c" - ], - "CIS-5.0": [ - "1.9" - ], - "CIS-1.4": [ - "1.10" - ], - "CCC": [ - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN03.AR01", - "CCC.Core.CN03.AR02", - "CCC.Core.CN03.AR03", - "CCC.Core.CN03.AR04", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR06" - ], - "GxP-21-CFR-Part-11": [ - "11.10-d", - "11.10-g", - "11.200" - ], - "ProwlerThreatScore-1.0": [ - "1.1.3" - ], - "AWS-Foundational-Security-Best-Practices": [ - "IAM.5", - "IAM.19" - ], - "CIS-1.5": [ - "1.10" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC02-BP01" - ], - "ISO27001-2022": [ - "A.5.15", - "A.5.17", - "A.8.5" - ], - "NIST-800-53-Revision-4": [ - "ia_2_1", - "ia_2_2", - "ia_2_11" - ], - "KISA-ISMS-P-2023": [ - "2.5.3", - "2.10.2" - ], - "ISO27001-2013": [ - "A.9.2", - "A.9.3", - "A.9.4" - ], - "MITRE-ATTACK": [ - "T1078", - "T1098", - "T1556", - "T1550", - "T1110", - "T1040", - "T1538" - ], - "CIS-2.0": [ - "1.10" - ], - "CISA": [ - "your-systems-3", - "your-surroundings-2", - "booting-up-thing-to-do-first-2" - ], - "NIS2": [ - "11.1.2.c", - "11.3.2.a", - "11.4.2.c", - "11.6.1", - "11.7.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password.", - "title": "Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password.", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_user_mfa_enabled_console_access-211203495394-us-east-1-terraform-user" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "user": "terraform-user", - "arn": "arn:aws:iam::211203495394:user/terraform-user", - "user_creation_time": "2025-10-06T15:56:43Z", - "password_enabled": "false", - "password_last_used": "N/A", - "password_last_changed": "N/A", - "password_next_rotation": "N/A", - "mfa_active": "false", - "access_key_1_active": "true", - "access_key_1_last_rotated": "2025-10-06T15:57:15Z", - "access_key_1_last_used_date": "2025-10-15T11:07:00Z", - "access_key_1_last_used_region": "ap-northeast-1", - "access_key_1_last_used_service": "ec2", - "access_key_2_active": "false", - "access_key_2_last_rotated": "N/A", - "access_key_2_last_used_date": "N/A", - "access_key_2_last_used_region": "N/A", - "access_key_2_last_used_service": "N/A", - "cert_1_active": "false", - "cert_1_last_rotated": "N/A", - "cert_2_active": "false", - "cert_2_last_rotated": "N/A" - } - }, - "group": { - "name": "iam" - }, - "labels": [ - "CCC_INFRA_DONT_DELETE:True", - "Preexisting:20251012" - ], - "name": "terraform-user", - "type": "AwsIamUser", - "uid": "arn:aws:iam::211203495394:user/terraform-user" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Enable MFA for the user's account. MFA is a simple best practice that adds an extra layer of protection on top of your user name and password. Recommended to use hardware keys over virtual MFA.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_mfa_enable_virtual.html" - ] - }, - "risk_details": "Unauthorized access to this critical account if password is not secure or it is disclosed in any way.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User does not have access keys or uses the access keys configured.", - "metadata": { - "event_code": "iam_user_no_setup_initial_access_key", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "User does not have access keys or uses the access keys configured.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "CAF Security Epic: IAM", - "compliance": { - "C5-2025": [ - "OPS-05.02AC", - "IAM-10.01B", - "CRY-03.01B", - "PSS-07.01B" - ], - "CIS-3.0": [ - "1.11" - ], - "ENS-RD2022": [ - "op.acc.6.aws.iam.4" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.11" - ], - "CIS-5.0": [ - "1.1" - ], - "CIS-1.4": [ - "1.11" - ], - "CIS-1.5": [ - "1.11" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC02-BP01" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1078", - "T1550" - ], - "CIS-2.0": [ - "1.11" - ], - "NIS2": [ - "9.2.c", - "9.2.c.iii" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Do not setup access keys during initial user setup for all IAM users that have a console password", - "title": "Do not setup access keys during initial user setup for all IAM users that have a console password", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_user_no_setup_initial_access_key-211203495394-us-east-1-" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "user": "", - "arn": "arn:aws:iam::211203495394:root", - "user_creation_time": "2025-10-03T16:10:08Z", - "password_enabled": "true", - "password_last_used": "2025-10-15T00:42:44Z", - "password_last_changed": "2025-10-03T16:10:08Z", - "password_next_rotation": "not_supported", - "mfa_active": "true", - "access_key_1_active": "false", - "access_key_1_last_rotated": "N/A", - "access_key_1_last_used_date": "N/A", - "access_key_1_last_used_region": "N/A", - "access_key_1_last_used_service": "N/A", - "access_key_2_active": "false", - "access_key_2_last_rotated": "N/A", - "access_key_2_last_used_date": "N/A", - "access_key_2_last_used_region": "N/A", - "access_key_2_last_used_service": "N/A", - "cert_1_active": "false", - "cert_1_last_rotated": "N/A", - "cert_2_active": "false", - "cert_2_last_rotated": "N/A" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "", - "type": "AwsIamAccessKey", - "uid": "arn:aws:iam::211203495394:root" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "From the IAM console: generate credential report and disable not required keys.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_getting-report.html" - ] - }, - "risk_details": "AWS console defaults the checkbox for creating access keys to enabled. This results in many access keys being generated unnecessarily. In addition to unnecessary credentials, it also generates unnecessary management work in auditing and rotating these keys. Requiring that additional steps be taken by the user after their profile has been created will give a stronger indication of intent that access keys are (a) necessary for their work and (b) once the access key is established on an account that the keys may be in use somewhere in the organization.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User terraform-user does not have access keys or uses the access keys configured.", - "metadata": { - "event_code": "iam_user_no_setup_initial_access_key", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "User terraform-user does not have access keys or uses the access keys configured.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "CAF Security Epic: IAM", - "compliance": { - "C5-2025": [ - "OPS-05.02AC", - "IAM-10.01B", - "CRY-03.01B", - "PSS-07.01B" - ], - "CIS-3.0": [ - "1.11" - ], - "ENS-RD2022": [ - "op.acc.6.aws.iam.4" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.11" - ], - "CIS-5.0": [ - "1.1" - ], - "CIS-1.4": [ - "1.11" - ], - "CIS-1.5": [ - "1.11" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC02-BP01" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1078", - "T1550" - ], - "CIS-2.0": [ - "1.11" - ], - "NIS2": [ - "9.2.c", - "9.2.c.iii" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Do not setup access keys during initial user setup for all IAM users that have a console password", - "title": "Do not setup access keys during initial user setup for all IAM users that have a console password", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_user_no_setup_initial_access_key-211203495394-us-east-1-terraform-user" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "user": "terraform-user", - "arn": "arn:aws:iam::211203495394:user/terraform-user", - "user_creation_time": "2025-10-06T15:56:43Z", - "password_enabled": "false", - "password_last_used": "N/A", - "password_last_changed": "N/A", - "password_next_rotation": "N/A", - "mfa_active": "false", - "access_key_1_active": "true", - "access_key_1_last_rotated": "2025-10-06T15:57:15Z", - "access_key_1_last_used_date": "2025-10-15T11:07:00Z", - "access_key_1_last_used_region": "ap-northeast-1", - "access_key_1_last_used_service": "ec2", - "access_key_2_active": "false", - "access_key_2_last_rotated": "N/A", - "access_key_2_last_used_date": "N/A", - "access_key_2_last_used_region": "N/A", - "access_key_2_last_used_service": "N/A", - "cert_1_active": "false", - "cert_1_last_rotated": "N/A", - "cert_2_active": "false", - "cert_2_last_rotated": "N/A" - } - }, - "group": { - "name": "iam" - }, - "labels": [ - "CCC_INFRA_DONT_DELETE:True", - "Preexisting:20251012" - ], - "name": "terraform-user", - "type": "AwsIamAccessKey", - "uid": "arn:aws:iam::211203495394:user/terraform-user" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "From the IAM console: generate credential report and disable not required keys.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_getting-report.html" - ] - }, - "risk_details": "AWS console defaults the checkbox for creating access keys to enabled. This results in many access keys being generated unnecessarily. In addition to unnecessary credentials, it also generates unnecessary management work in auditing and rotating these keys. Requiring that additional steps be taken by the user after their profile has been created will give a stronger indication of intent that access keys are (a) necessary for their work and (b) once the access key is established on an account that the keys may be in use somewhere in the organization.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User does not have 2 active access keys.", - "metadata": { - "event_code": "iam_user_two_active_access_key", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "User does not have 2 active access keys.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-10.01B", - "CRY-03.01B" - ], - "CIS-3.0": [ - "1.13" - ], - "ENS-RD2022": [ - "op.acc.6.aws.iam.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.13" - ], - "CIS-5.0": [ - "1.12" - ], - "CIS-1.4": [ - "1.13" - ], - "CIS-1.5": [ - "1.13" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC02-BP01" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1078", - "T1550" - ], - "CIS-2.0": [ - "1.13" - ], - "NIS2": [ - "9.2.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Check if IAM users have two active access keys", - "title": "Check if IAM users have two active access keys", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_user_two_active_access_key-211203495394-us-east-1-" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "user": "", - "arn": "arn:aws:iam::211203495394:root", - "user_creation_time": "2025-10-03T16:10:08Z", - "password_enabled": "true", - "password_last_used": "2025-10-15T00:42:44Z", - "password_last_changed": "2025-10-03T16:10:08Z", - "password_next_rotation": "not_supported", - "mfa_active": "true", - "access_key_1_active": "false", - "access_key_1_last_rotated": "N/A", - "access_key_1_last_used_date": "N/A", - "access_key_1_last_used_region": "N/A", - "access_key_1_last_used_service": "N/A", - "access_key_2_active": "false", - "access_key_2_last_rotated": "N/A", - "access_key_2_last_used_date": "N/A", - "access_key_2_last_used_region": "N/A", - "access_key_2_last_used_service": "N/A", - "cert_1_active": "false", - "cert_1_last_rotated": "N/A", - "cert_2_active": "false", - "cert_2_last_rotated": "N/A" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "", - "type": "AwsIamUser", - "uid": "arn:aws:iam::211203495394:root" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Avoid using long lived access keys.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListAccessKeys.html" - ] - }, - "risk_details": "Access Keys could be lost or stolen. It creates a critical risk.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User terraform-user does not have 2 active access keys.", - "metadata": { - "event_code": "iam_user_two_active_access_key", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "User terraform-user does not have 2 active access keys.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-10.01B", - "CRY-03.01B" - ], - "CIS-3.0": [ - "1.13" - ], - "ENS-RD2022": [ - "op.acc.6.aws.iam.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.13" - ], - "CIS-5.0": [ - "1.12" - ], - "CIS-1.4": [ - "1.13" - ], - "CIS-1.5": [ - "1.13" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC02-BP01" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1078", - "T1550" - ], - "CIS-2.0": [ - "1.13" - ], - "NIS2": [ - "9.2.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Check if IAM users have two active access keys", - "title": "Check if IAM users have two active access keys", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_user_two_active_access_key-211203495394-us-east-1-terraform-user" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "user": "terraform-user", - "arn": "arn:aws:iam::211203495394:user/terraform-user", - "user_creation_time": "2025-10-06T15:56:43Z", - "password_enabled": "false", - "password_last_used": "N/A", - "password_last_changed": "N/A", - "password_next_rotation": "N/A", - "mfa_active": "false", - "access_key_1_active": "true", - "access_key_1_last_rotated": "2025-10-06T15:57:15Z", - "access_key_1_last_used_date": "2025-10-15T11:07:00Z", - "access_key_1_last_used_region": "ap-northeast-1", - "access_key_1_last_used_service": "ec2", - "access_key_2_active": "false", - "access_key_2_last_rotated": "N/A", - "access_key_2_last_used_date": "N/A", - "access_key_2_last_used_region": "N/A", - "access_key_2_last_used_service": "N/A", - "cert_1_active": "false", - "cert_1_last_rotated": "N/A", - "cert_2_active": "false", - "cert_2_last_rotated": "N/A" - } - }, - "group": { - "name": "iam" - }, - "labels": [ - "CCC_INFRA_DONT_DELETE:True", - "Preexisting:20251012" - ], - "name": "terraform-user", - "type": "AwsIamUser", - "uid": "arn:aws:iam::211203495394:user/terraform-user" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Avoid using long lived access keys.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListAccessKeys.html" - ] - }, - "risk_details": "Access Keys could be lost or stolen. It creates a critical risk.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User terraform-user has long lived credentials with access to other services than IAM or STS.", - "metadata": { - "event_code": "iam_user_with_temporary_credentials", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "User terraform-user has long lived credentials with access to other services than IAM or STS.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-01.01B", - "IAM-01.04B", - "IAM-03.01B", - "IAM-03.03B", - "IAM-03.01AS", - "IAM-06.01B", - "IAM-08.02B" - ], - "AWS-Foundational-Technical-Review": [ - "IAM-002", - "IAM-0012" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.3", - "2.10.2" - ], - "KISA-ISMS-P-2023": [ - "2.5.3", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure users make use of temporary credentials assuming IAM roles", - "title": "Ensure users make use of temporary credentials assuming IAM roles", - "types": [ - "Infrastructure Security" - ], - "uid": "prowler-aws-iam_user_with_temporary_credentials-211203495394-us-east-1-terraform-user" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "terraform-user", - "arn": "arn:aws:iam::211203495394:user/terraform-user" - } - }, - "group": { - "name": "iam" - }, - "labels": [ - "CCC_INFRA_DONT_DELETE:True", - "Preexisting:20251012" - ], - "name": "terraform-user", - "type": "AwsIamUser", - "uid": "arn:aws:iam::211203495394:user/terraform-user" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "As a best practice, use temporary security credentials (IAM roles) instead of creating long-term credentials like access keys, and don't create AWS account root user access keys.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html" - ] - }, - "risk_details": "As a best practice, use temporary security credentials (IAM roles) instead of creating long-term credentials like access keys, and don't create AWS account root user access keys.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User test-user-trusted has long lived credentials with access to other services than IAM or STS.", - "metadata": { - "event_code": "iam_user_with_temporary_credentials", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "User test-user-trusted has long lived credentials with access to other services than IAM or STS.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-01.01B", - "IAM-01.04B", - "IAM-03.01B", - "IAM-03.03B", - "IAM-03.01AS", - "IAM-06.01B", - "IAM-08.02B" - ], - "AWS-Foundational-Technical-Review": [ - "IAM-002", - "IAM-0012" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.3", - "2.10.2" - ], - "KISA-ISMS-P-2023": [ - "2.5.3", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure users make use of temporary credentials assuming IAM roles", - "title": "Ensure users make use of temporary credentials assuming IAM roles", - "types": [ - "Infrastructure Security" - ], - "uid": "prowler-aws-iam_user_with_temporary_credentials-211203495394-us-east-1-test-user-trusted" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "test-user-trusted", - "arn": "arn:aws:iam::211203495394:user/test-user-trusted" - } - }, - "group": { - "name": "iam" - }, - "labels": [ - "Purpose:CCC-Testing", - "ManagedBy:CCC-CFI-Compliance-Framework" - ], - "name": "test-user-trusted", - "type": "AwsIamUser", - "uid": "arn:aws:iam::211203495394:user/test-user-trusted" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "As a best practice, use temporary security credentials (IAM roles) instead of creating long-term credentials like access keys, and don't create AWS account root user access keys.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html" - ] - }, - "risk_details": "As a best practice, use temporary security credentials (IAM roles) instead of creating long-term credentials like access keys, and don't create AWS account root user access keys.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 1b7c736d-854c-475a-a8a5-df95b3d7a4df is not being used but it has scheduled deletion.", - "metadata": { - "event_code": "kms_cmk_are_used", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "KMS CMK 1b7c736d-854c-475a-a8a5-df95b3d7a4df is not being used but it has scheduled deletion.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "CCC": [ - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP01" - ], - "ISO27001-2022": [ - "A.8.5", - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.1", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Check if there are CMK KMS keys not used.", - "title": "Check if there are CMK KMS keys not used.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-kms_cmk_are_used-211203495394-eu-west-1-1b7c736d-854c-475a-a8a5-df95b3d7a4df" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "1b7c736d-854c-475a-a8a5-df95b3d7a4df", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/1b7c736d-854c-475a-a8a5-df95b3d7a4df", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Id": "key-default-1", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [] - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "1b7c736d-854c-475a-a8a5-df95b3d7a4df", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/1b7c736d-854c-475a-a8a5-df95b3d7a4df" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Before deleting a customer master key (CMK), you might want to know how many cipher-texts were encrypted under that key.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-determining-usage.html" - ] - }, - "risk_details": "Unused keys may increase service cost.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 1f7c04ae-50f9-4bd6-b725-433368271fbd is not being used but it has scheduled deletion.", - "metadata": { - "event_code": "kms_cmk_are_used", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "KMS CMK 1f7c04ae-50f9-4bd6-b725-433368271fbd is not being used but it has scheduled deletion.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "CCC": [ - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP01" - ], - "ISO27001-2022": [ - "A.8.5", - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.1", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Check if there are CMK KMS keys not used.", - "title": "Check if there are CMK KMS keys not used.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-kms_cmk_are_used-211203495394-eu-west-1-1f7c04ae-50f9-4bd6-b725-433368271fbd" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "1f7c04ae-50f9-4bd6-b725-433368271fbd", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/1f7c04ae-50f9-4bd6-b725-433368271fbd", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Id": "key-default-1", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [] - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "1f7c04ae-50f9-4bd6-b725-433368271fbd", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/1f7c04ae-50f9-4bd6-b725-433368271fbd" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Before deleting a customer master key (CMK), you might want to know how many cipher-texts were encrypted under that key.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-determining-usage.html" - ] - }, - "risk_details": "Unused keys may increase service cost.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 29586687-b1be-4c1b-a758-1f2878050364 is not being used but it has scheduled deletion.", - "metadata": { - "event_code": "kms_cmk_are_used", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "KMS CMK 29586687-b1be-4c1b-a758-1f2878050364 is not being used but it has scheduled deletion.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "CCC": [ - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP01" - ], - "ISO27001-2022": [ - "A.8.5", - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.1", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Check if there are CMK KMS keys not used.", - "title": "Check if there are CMK KMS keys not used.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-kms_cmk_are_used-211203495394-eu-west-1-29586687-b1be-4c1b-a758-1f2878050364" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "29586687-b1be-4c1b-a758-1f2878050364", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/29586687-b1be-4c1b-a758-1f2878050364", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "Default", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [ - { - "TagKey": "Example", - "TagValue": "ex-rds" - }, - { - "TagKey": "GithubOrg", - "TagValue": "terraform-aws-modules" - }, - { - "TagKey": "GithubRepo", - "TagValue": "terraform-aws-rds-aurora" - } - ] - } - }, - "group": { - "name": "kms" - }, - "labels": [ - "TagKey:GithubRepo", - "TagValue:terraform-aws-rds-aurora" - ], - "name": "29586687-b1be-4c1b-a758-1f2878050364", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/29586687-b1be-4c1b-a758-1f2878050364" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Before deleting a customer master key (CMK), you might want to know how many cipher-texts were encrypted under that key.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-determining-usage.html" - ] - }, - "risk_details": "Unused keys may increase service cost.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 3c96a820-bc6c-4059-9a8e-3a283bf8c4f5 is not being used but it has scheduled deletion.", - "metadata": { - "event_code": "kms_cmk_are_used", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "KMS CMK 3c96a820-bc6c-4059-9a8e-3a283bf8c4f5 is not being used but it has scheduled deletion.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "CCC": [ - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP01" - ], - "ISO27001-2022": [ - "A.8.5", - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.1", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Check if there are CMK KMS keys not used.", - "title": "Check if there are CMK KMS keys not used.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-kms_cmk_are_used-211203495394-eu-west-1-3c96a820-bc6c-4059-9a8e-3a283bf8c4f5" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "3c96a820-bc6c-4059-9a8e-3a283bf8c4f5", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/3c96a820-bc6c-4059-9a8e-3a283bf8c4f5", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Id": "key-default-1", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [] - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "3c96a820-bc6c-4059-9a8e-3a283bf8c4f5", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/3c96a820-bc6c-4059-9a8e-3a283bf8c4f5" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Before deleting a customer master key (CMK), you might want to know how many cipher-texts were encrypted under that key.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-determining-usage.html" - ] - }, - "risk_details": "Unused keys may increase service cost.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 4cac849c-0540-454c-9d3c-cd040cfab4a9 is not being used but it has scheduled deletion.", - "metadata": { - "event_code": "kms_cmk_are_used", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "KMS CMK 4cac849c-0540-454c-9d3c-cd040cfab4a9 is not being used but it has scheduled deletion.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "CCC": [ - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP01" - ], - "ISO27001-2022": [ - "A.8.5", - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.1", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Check if there are CMK KMS keys not used.", - "title": "Check if there are CMK KMS keys not used.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-kms_cmk_are_used-211203495394-eu-west-1-4cac849c-0540-454c-9d3c-cd040cfab4a9" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "4cac849c-0540-454c-9d3c-cd040cfab4a9", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/4cac849c-0540-454c-9d3c-cd040cfab4a9", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Id": "key-default-1", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [] - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "4cac849c-0540-454c-9d3c-cd040cfab4a9", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/4cac849c-0540-454c-9d3c-cd040cfab4a9" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Before deleting a customer master key (CMK), you might want to know how many cipher-texts were encrypted under that key.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-determining-usage.html" - ] - }, - "risk_details": "Unused keys may increase service cost.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 51726887-02ae-44f3-a044-7e70d96761f9 is not being used but it has scheduled deletion.", - "metadata": { - "event_code": "kms_cmk_are_used", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "KMS CMK 51726887-02ae-44f3-a044-7e70d96761f9 is not being used but it has scheduled deletion.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "CCC": [ - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP01" - ], - "ISO27001-2022": [ - "A.8.5", - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.1", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Check if there are CMK KMS keys not used.", - "title": "Check if there are CMK KMS keys not used.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-kms_cmk_are_used-211203495394-eu-west-1-51726887-02ae-44f3-a044-7e70d96761f9" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "51726887-02ae-44f3-a044-7e70d96761f9", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/51726887-02ae-44f3-a044-7e70d96761f9", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "Default", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [ - { - "TagKey": "Example", - "TagValue": "ex-rds" - }, - { - "TagKey": "GithubOrg", - "TagValue": "terraform-aws-modules" - }, - { - "TagKey": "GithubRepo", - "TagValue": "terraform-aws-rds-aurora" - } - ] - } - }, - "group": { - "name": "kms" - }, - "labels": [ - "TagKey:GithubRepo", - "TagValue:terraform-aws-rds-aurora" - ], - "name": "51726887-02ae-44f3-a044-7e70d96761f9", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/51726887-02ae-44f3-a044-7e70d96761f9" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Before deleting a customer master key (CMK), you might want to know how many cipher-texts were encrypted under that key.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-determining-usage.html" - ] - }, - "risk_details": "Unused keys may increase service cost.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 6ce7a755-4867-4c6a-966c-896a1edcc078 is not being used but it has scheduled deletion.", - "metadata": { - "event_code": "kms_cmk_are_used", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "KMS CMK 6ce7a755-4867-4c6a-966c-896a1edcc078 is not being used but it has scheduled deletion.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "CCC": [ - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP01" - ], - "ISO27001-2022": [ - "A.8.5", - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.1", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Check if there are CMK KMS keys not used.", - "title": "Check if there are CMK KMS keys not used.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-kms_cmk_are_used-211203495394-eu-west-1-6ce7a755-4867-4c6a-966c-896a1edcc078" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "6ce7a755-4867-4c6a-966c-896a1edcc078", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/6ce7a755-4867-4c6a-966c-896a1edcc078", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Id": "key-default-1", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [] - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "6ce7a755-4867-4c6a-966c-896a1edcc078", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/6ce7a755-4867-4c6a-966c-896a1edcc078" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Before deleting a customer master key (CMK), you might want to know how many cipher-texts were encrypted under that key.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-determining-usage.html" - ] - }, - "risk_details": "Unused keys may increase service cost.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 737fb7a4-e9f8-4ab4-87a8-aac87372f1c4 is not being used but it has scheduled deletion.", - "metadata": { - "event_code": "kms_cmk_are_used", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "KMS CMK 737fb7a4-e9f8-4ab4-87a8-aac87372f1c4 is not being used but it has scheduled deletion.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "CCC": [ - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP01" - ], - "ISO27001-2022": [ - "A.8.5", - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.1", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Check if there are CMK KMS keys not used.", - "title": "Check if there are CMK KMS keys not used.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-kms_cmk_are_used-211203495394-eu-west-1-737fb7a4-e9f8-4ab4-87a8-aac87372f1c4" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "737fb7a4-e9f8-4ab4-87a8-aac87372f1c4", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/737fb7a4-e9f8-4ab4-87a8-aac87372f1c4", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Id": "key-default-1", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [] - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "737fb7a4-e9f8-4ab4-87a8-aac87372f1c4", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/737fb7a4-e9f8-4ab4-87a8-aac87372f1c4" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Before deleting a customer master key (CMK), you might want to know how many cipher-texts were encrypted under that key.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-determining-usage.html" - ] - }, - "risk_details": "Unused keys may increase service cost.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 7becded9-6105-409d-9ddc-1ec9ad37781a is not being used but it has scheduled deletion.", - "metadata": { - "event_code": "kms_cmk_are_used", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "KMS CMK 7becded9-6105-409d-9ddc-1ec9ad37781a is not being used but it has scheduled deletion.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "CCC": [ - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP01" - ], - "ISO27001-2022": [ - "A.8.5", - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.1", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Check if there are CMK KMS keys not used.", - "title": "Check if there are CMK KMS keys not used.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-kms_cmk_are_used-211203495394-eu-west-1-7becded9-6105-409d-9ddc-1ec9ad37781a" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "7becded9-6105-409d-9ddc-1ec9ad37781a", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/7becded9-6105-409d-9ddc-1ec9ad37781a", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "Default", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [ - { - "TagKey": "Example", - "TagValue": "ex-rds" - }, - { - "TagKey": "GithubOrg", - "TagValue": "terraform-aws-modules" - }, - { - "TagKey": "GithubRepo", - "TagValue": "terraform-aws-rds-aurora" - } - ] - } - }, - "group": { - "name": "kms" - }, - "labels": [ - "TagKey:GithubRepo", - "TagValue:terraform-aws-rds-aurora" - ], - "name": "7becded9-6105-409d-9ddc-1ec9ad37781a", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/7becded9-6105-409d-9ddc-1ec9ad37781a" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Before deleting a customer master key (CMK), you might want to know how many cipher-texts were encrypted under that key.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-determining-usage.html" - ] - }, - "risk_details": "Unused keys may increase service cost.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 84910ea5-e87b-4175-a70d-317307443c9b is not being used but it has scheduled deletion.", - "metadata": { - "event_code": "kms_cmk_are_used", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "KMS CMK 84910ea5-e87b-4175-a70d-317307443c9b is not being used but it has scheduled deletion.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "CCC": [ - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP01" - ], - "ISO27001-2022": [ - "A.8.5", - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.1", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Check if there are CMK KMS keys not used.", - "title": "Check if there are CMK KMS keys not used.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-kms_cmk_are_used-211203495394-eu-west-1-84910ea5-e87b-4175-a70d-317307443c9b" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "84910ea5-e87b-4175-a70d-317307443c9b", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/84910ea5-e87b-4175-a70d-317307443c9b", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Id": "key-default-1", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [] - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "84910ea5-e87b-4175-a70d-317307443c9b", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/84910ea5-e87b-4175-a70d-317307443c9b" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Before deleting a customer master key (CMK), you might want to know how many cipher-texts were encrypted under that key.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-determining-usage.html" - ] - }, - "risk_details": "Unused keys may increase service cost.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 8775e1db-1bd3-430a-859e-3f4c2add845f is not being used but it has scheduled deletion.", - "metadata": { - "event_code": "kms_cmk_are_used", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "KMS CMK 8775e1db-1bd3-430a-859e-3f4c2add845f is not being used but it has scheduled deletion.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "CCC": [ - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP01" - ], - "ISO27001-2022": [ - "A.8.5", - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.1", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Check if there are CMK KMS keys not used.", - "title": "Check if there are CMK KMS keys not used.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-kms_cmk_are_used-211203495394-eu-west-1-8775e1db-1bd3-430a-859e-3f4c2add845f" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "8775e1db-1bd3-430a-859e-3f4c2add845f", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/8775e1db-1bd3-430a-859e-3f4c2add845f", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Id": "key-default-1", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [] - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "8775e1db-1bd3-430a-859e-3f4c2add845f", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/8775e1db-1bd3-430a-859e-3f4c2add845f" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Before deleting a customer master key (CMK), you might want to know how many cipher-texts were encrypted under that key.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-determining-usage.html" - ] - }, - "risk_details": "Unused keys may increase service cost.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 99ad2e00-15a1-4135-b8fb-dd5accf3652f is not being used but it has scheduled deletion.", - "metadata": { - "event_code": "kms_cmk_are_used", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "KMS CMK 99ad2e00-15a1-4135-b8fb-dd5accf3652f is not being used but it has scheduled deletion.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "CCC": [ - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP01" - ], - "ISO27001-2022": [ - "A.8.5", - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.1", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Check if there are CMK KMS keys not used.", - "title": "Check if there are CMK KMS keys not used.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-kms_cmk_are_used-211203495394-eu-west-1-99ad2e00-15a1-4135-b8fb-dd5accf3652f" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "99ad2e00-15a1-4135-b8fb-dd5accf3652f", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/99ad2e00-15a1-4135-b8fb-dd5accf3652f", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Id": "key-default-1", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [] - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "99ad2e00-15a1-4135-b8fb-dd5accf3652f", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/99ad2e00-15a1-4135-b8fb-dd5accf3652f" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Before deleting a customer master key (CMK), you might want to know how many cipher-texts were encrypted under that key.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-determining-usage.html" - ] - }, - "risk_details": "Unused keys may increase service cost.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 9df09165-d3c4-46c5-954f-a66bcb65f64f is not being used but it has scheduled deletion.", - "metadata": { - "event_code": "kms_cmk_are_used", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "KMS CMK 9df09165-d3c4-46c5-954f-a66bcb65f64f is not being used but it has scheduled deletion.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "CCC": [ - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP01" - ], - "ISO27001-2022": [ - "A.8.5", - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.1", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Check if there are CMK KMS keys not used.", - "title": "Check if there are CMK KMS keys not used.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-kms_cmk_are_used-211203495394-eu-west-1-9df09165-d3c4-46c5-954f-a66bcb65f64f" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "9df09165-d3c4-46c5-954f-a66bcb65f64f", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/9df09165-d3c4-46c5-954f-a66bcb65f64f", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Id": "key-default-1", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [] - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "9df09165-d3c4-46c5-954f-a66bcb65f64f", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/9df09165-d3c4-46c5-954f-a66bcb65f64f" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Before deleting a customer master key (CMK), you might want to know how many cipher-texts were encrypted under that key.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-determining-usage.html" - ] - }, - "risk_details": "Unused keys may increase service cost.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK b6fe9898-8d78-4d6f-aeeb-2f2083ab7552 is not being used but it has scheduled deletion.", - "metadata": { - "event_code": "kms_cmk_are_used", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "KMS CMK b6fe9898-8d78-4d6f-aeeb-2f2083ab7552 is not being used but it has scheduled deletion.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "CCC": [ - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP01" - ], - "ISO27001-2022": [ - "A.8.5", - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.1", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Check if there are CMK KMS keys not used.", - "title": "Check if there are CMK KMS keys not used.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-kms_cmk_are_used-211203495394-eu-west-1-b6fe9898-8d78-4d6f-aeeb-2f2083ab7552" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "b6fe9898-8d78-4d6f-aeeb-2f2083ab7552", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/b6fe9898-8d78-4d6f-aeeb-2f2083ab7552", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Id": "key-default-1", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [] - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "b6fe9898-8d78-4d6f-aeeb-2f2083ab7552", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/b6fe9898-8d78-4d6f-aeeb-2f2083ab7552" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Before deleting a customer master key (CMK), you might want to know how many cipher-texts were encrypted under that key.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-determining-usage.html" - ] - }, - "risk_details": "Unused keys may increase service cost.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK c28e1f44-d1bb-40d8-beef-21efdcb66bb7 is not being used but it has scheduled deletion.", - "metadata": { - "event_code": "kms_cmk_are_used", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "KMS CMK c28e1f44-d1bb-40d8-beef-21efdcb66bb7 is not being used but it has scheduled deletion.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "CCC": [ - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP01" - ], - "ISO27001-2022": [ - "A.8.5", - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.1", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Check if there are CMK KMS keys not used.", - "title": "Check if there are CMK KMS keys not used.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-kms_cmk_are_used-211203495394-eu-west-1-c28e1f44-d1bb-40d8-beef-21efdcb66bb7" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "c28e1f44-d1bb-40d8-beef-21efdcb66bb7", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/c28e1f44-d1bb-40d8-beef-21efdcb66bb7", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "Default", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [ - { - "TagKey": "Example", - "TagValue": "ex-rds" - }, - { - "TagKey": "GithubOrg", - "TagValue": "terraform-aws-modules" - }, - { - "TagKey": "GithubRepo", - "TagValue": "terraform-aws-rds-aurora" - } - ] - } - }, - "group": { - "name": "kms" - }, - "labels": [ - "TagKey:GithubRepo", - "TagValue:terraform-aws-rds-aurora" - ], - "name": "c28e1f44-d1bb-40d8-beef-21efdcb66bb7", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/c28e1f44-d1bb-40d8-beef-21efdcb66bb7" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Before deleting a customer master key (CMK), you might want to know how many cipher-texts were encrypted under that key.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-determining-usage.html" - ] - }, - "risk_details": "Unused keys may increase service cost.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK c45a036b-843a-48be-9621-57e49da9e4f6 is not being used but it has scheduled deletion.", - "metadata": { - "event_code": "kms_cmk_are_used", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "KMS CMK c45a036b-843a-48be-9621-57e49da9e4f6 is not being used but it has scheduled deletion.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "CCC": [ - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP01" - ], - "ISO27001-2022": [ - "A.8.5", - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.1", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Check if there are CMK KMS keys not used.", - "title": "Check if there are CMK KMS keys not used.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-kms_cmk_are_used-211203495394-eu-west-1-c45a036b-843a-48be-9621-57e49da9e4f6" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "c45a036b-843a-48be-9621-57e49da9e4f6", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/c45a036b-843a-48be-9621-57e49da9e4f6", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "Default", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [ - { - "TagKey": "Example", - "TagValue": "ex-rds" - }, - { - "TagKey": "GithubOrg", - "TagValue": "terraform-aws-modules" - }, - { - "TagKey": "GithubRepo", - "TagValue": "terraform-aws-rds-aurora" - } - ] - } - }, - "group": { - "name": "kms" - }, - "labels": [ - "TagKey:GithubRepo", - "TagValue:terraform-aws-rds-aurora" - ], - "name": "c45a036b-843a-48be-9621-57e49da9e4f6", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/c45a036b-843a-48be-9621-57e49da9e4f6" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Before deleting a customer master key (CMK), you might want to know how many cipher-texts were encrypted under that key.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-determining-usage.html" - ] - }, - "risk_details": "Unused keys may increase service cost.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK cdbd7090-6c87-4e56-b755-fddf82d253ef is not being used but it has scheduled deletion.", - "metadata": { - "event_code": "kms_cmk_are_used", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "KMS CMK cdbd7090-6c87-4e56-b755-fddf82d253ef is not being used but it has scheduled deletion.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "CCC": [ - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP01" - ], - "ISO27001-2022": [ - "A.8.5", - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.1", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Check if there are CMK KMS keys not used.", - "title": "Check if there are CMK KMS keys not used.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-kms_cmk_are_used-211203495394-eu-west-1-cdbd7090-6c87-4e56-b755-fddf82d253ef" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "cdbd7090-6c87-4e56-b755-fddf82d253ef", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/cdbd7090-6c87-4e56-b755-fddf82d253ef", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Id": "key-default-1", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [] - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "cdbd7090-6c87-4e56-b755-fddf82d253ef", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/cdbd7090-6c87-4e56-b755-fddf82d253ef" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Before deleting a customer master key (CMK), you might want to know how many cipher-texts were encrypted under that key.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-determining-usage.html" - ] - }, - "risk_details": "Unused keys may increase service cost.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK cf944303-41d3-401c-b296-00cbbb3d5ca4 is not being used but it has scheduled deletion.", - "metadata": { - "event_code": "kms_cmk_are_used", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "KMS CMK cf944303-41d3-401c-b296-00cbbb3d5ca4 is not being used but it has scheduled deletion.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "CCC": [ - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP01" - ], - "ISO27001-2022": [ - "A.8.5", - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.1", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Check if there are CMK KMS keys not used.", - "title": "Check if there are CMK KMS keys not used.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-kms_cmk_are_used-211203495394-eu-west-1-cf944303-41d3-401c-b296-00cbbb3d5ca4" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "cf944303-41d3-401c-b296-00cbbb3d5ca4", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/cf944303-41d3-401c-b296-00cbbb3d5ca4", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Id": "key-default-1", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [] - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "cf944303-41d3-401c-b296-00cbbb3d5ca4", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/cf944303-41d3-401c-b296-00cbbb3d5ca4" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Before deleting a customer master key (CMK), you might want to know how many cipher-texts were encrypted under that key.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-determining-usage.html" - ] - }, - "risk_details": "Unused keys may increase service cost.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK db617ef7-813a-45f5-b3e3-65c57fdf56a3 is being used.", - "metadata": { - "event_code": "kms_cmk_are_used", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "KMS CMK db617ef7-813a-45f5-b3e3-65c57fdf56a3 is being used.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "CCC": [ - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP01" - ], - "ISO27001-2022": [ - "A.8.5", - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.1", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Check if there are CMK KMS keys not used.", - "title": "Check if there are CMK KMS keys not used.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-kms_cmk_are_used-211203495394-eu-west-1-db617ef7-813a-45f5-b3e3-65c57fdf56a3" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "db617ef7-813a-45f5-b3e3-65c57fdf56a3", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/db617ef7-813a-45f5-b3e3-65c57fdf56a3", - "state": "Enabled", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": true, - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "Default", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [ - { - "TagKey": "Example", - "TagValue": "ex-rds" - }, - { - "TagKey": "GithubOrg", - "TagValue": "terraform-aws-modules" - }, - { - "TagKey": "GithubRepo", - "TagValue": "terraform-aws-rds-aurora" - } - ] - } - }, - "group": { - "name": "kms" - }, - "labels": [ - "TagKey:GithubRepo", - "TagValue:terraform-aws-rds-aurora" - ], - "name": "db617ef7-813a-45f5-b3e3-65c57fdf56a3", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/db617ef7-813a-45f5-b3e3-65c57fdf56a3" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Before deleting a customer master key (CMK), you might want to know how many cipher-texts were encrypted under that key.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-determining-usage.html" - ] - }, - "risk_details": "Unused keys may increase service cost.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 939cf539-5ce7-4c5f-a055-b2eb4fe5d9be is not being used but it has scheduled deletion.", - "metadata": { - "event_code": "kms_cmk_are_used", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "KMS CMK 939cf539-5ce7-4c5f-a055-b2eb4fe5d9be is not being used but it has scheduled deletion.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "CCC": [ - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP01" - ], - "ISO27001-2022": [ - "A.8.5", - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.1", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Check if there are CMK KMS keys not used.", - "title": "Check if there are CMK KMS keys not used.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-kms_cmk_are_used-211203495394-us-east-1-939cf539-5ce7-4c5f-a055-b2eb4fe5d9be" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "id": "939cf539-5ce7-4c5f-a055-b2eb4fe5d9be", - "arn": "arn:aws:kms:us-east-1:211203495394:key/939cf539-5ce7-4c5f-a055-b2eb4fe5d9be", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - }, - { - "Sid": "Allow CloudWatch Logs", - "Effect": "Allow", - "Principal": { - "Service": "logs.us-east-1.amazonaws.com" - }, - "Action": [ - "kms:Encrypt*", - "kms:Decrypt*", - "kms:ReEncrypt*", - "kms:GenerateDataKey*", - "kms:Describe*" - ], - "Resource": "*", - "Condition": { - "ArnLike": { - "kms:EncryptionContext:aws:logs:arn": "arn:aws:logs:us-east-1:211203495394:log-group:/aws/s3/*" - } - } - }, - { - "Sid": "Allow Key Users", - "Effect": "Allow", - "Principal": { - "AWS": [ - "arn:aws:iam::211203495394:root", - "arn:aws:iam::211203495394:user/terraform-user" - ] - }, - "Action": [ - "kms:Encrypt", - "kms:Decrypt", - "kms:ReEncrypt*", - "kms:GenerateDataKey*", - "kms:DescribeKey" - ], - "Resource": "*", - "Condition": { - "ArnLike": { - "kms:EncryptionContext:aws:logs:arn": "arn:aws:logs:us-east-1:211203495394:log-group:/aws/s3/*" - } - } - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "us-east-1", - "multi_region": false, - "tags": [ - { - "TagKey": "Environment", - "TagValue": "Production" - }, - { - "TagKey": "Owner", - "TagValue": "CFI" - }, - { - "TagKey": "managed-by", - "TagValue": "terraform" - }, - { - "TagKey": "module", - "TagValue": "secure-s3" - } - ] - } - }, - "group": { - "name": "kms" - }, - "labels": [ - "TagKey:module", - "TagValue:secure-s3" - ], - "name": "939cf539-5ce7-4c5f-a055-b2eb4fe5d9be", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:us-east-1:211203495394:key/939cf539-5ce7-4c5f-a055-b2eb4fe5d9be" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Before deleting a customer master key (CMK), you might want to know how many cipher-texts were encrypted under that key.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-determining-usage.html" - ] - }, - "risk_details": "Unused keys may increase service cost.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK a80c0553-bf44-472b-a141-674b2d47209b is not being used but it has scheduled deletion.", - "metadata": { - "event_code": "kms_cmk_are_used", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "KMS CMK a80c0553-bf44-472b-a141-674b2d47209b is not being used but it has scheduled deletion.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "CCC": [ - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP01" - ], - "ISO27001-2022": [ - "A.8.5", - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.1", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Check if there are CMK KMS keys not used.", - "title": "Check if there are CMK KMS keys not used.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-kms_cmk_are_used-211203495394-us-east-1-a80c0553-bf44-472b-a141-674b2d47209b" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "id": "a80c0553-bf44-472b-a141-674b2d47209b", - "arn": "arn:aws:kms:us-east-1:211203495394:key/a80c0553-bf44-472b-a141-674b2d47209b", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - }, - { - "Sid": "Allow CloudWatch Logs", - "Effect": "Allow", - "Principal": { - "Service": "logs.us-east-1.amazonaws.com" - }, - "Action": [ - "kms:Encrypt*", - "kms:Decrypt*", - "kms:ReEncrypt*", - "kms:GenerateDataKey*", - "kms:Describe*" - ], - "Resource": "*", - "Condition": { - "ArnLike": { - "kms:EncryptionContext:aws:logs:arn": "arn:aws:logs:us-east-1:211203495394:log-group:/aws/s3/*" - } - } - }, - { - "Sid": "Allow Key Users", - "Effect": "Allow", - "Principal": { - "AWS": [ - "arn:aws:iam::211203495394:root", - "arn:aws:iam::211203495394:user/terraform-user" - ] - }, - "Action": [ - "kms:Encrypt", - "kms:Decrypt", - "kms:ReEncrypt*", - "kms:GenerateDataKey*", - "kms:DescribeKey" - ], - "Resource": "*", - "Condition": { - "ArnLike": { - "kms:EncryptionContext:aws:logs:arn": "arn:aws:logs:us-east-1:211203495394:log-group:/aws/s3/*" - } - } - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "us-east-1", - "multi_region": false, - "tags": [ - { - "TagKey": "Environment", - "TagValue": "Production" - }, - { - "TagKey": "Owner", - "TagValue": "CFI" - }, - { - "TagKey": "managed-by", - "TagValue": "terraform" - }, - { - "TagKey": "module", - "TagValue": "secure-s3" - } - ] - } - }, - "group": { - "name": "kms" - }, - "labels": [ - "TagKey:module", - "TagValue:secure-s3" - ], - "name": "a80c0553-bf44-472b-a141-674b2d47209b", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:us-east-1:211203495394:key/a80c0553-bf44-472b-a141-674b2d47209b" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Before deleting a customer master key (CMK), you might want to know how many cipher-texts were encrypted under that key.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-determining-usage.html" - ] - }, - "risk_details": "Unused keys may increase service cost.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK bcf39cd2-6148-425c-8c08-c140ee2c5a9f is not being used but it has scheduled deletion.", - "metadata": { - "event_code": "kms_cmk_are_used", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "KMS CMK bcf39cd2-6148-425c-8c08-c140ee2c5a9f is not being used but it has scheduled deletion.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "CCC": [ - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP01" - ], - "ISO27001-2022": [ - "A.8.5", - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.1", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Check if there are CMK KMS keys not used.", - "title": "Check if there are CMK KMS keys not used.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-kms_cmk_are_used-211203495394-us-east-1-bcf39cd2-6148-425c-8c08-c140ee2c5a9f" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "id": "bcf39cd2-6148-425c-8c08-c140ee2c5a9f", - "arn": "arn:aws:kms:us-east-1:211203495394:key/bcf39cd2-6148-425c-8c08-c140ee2c5a9f", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - }, - { - "Sid": "Allow CloudWatch Logs", - "Effect": "Allow", - "Principal": { - "Service": "logs.us-east-1.amazonaws.com" - }, - "Action": [ - "kms:Encrypt*", - "kms:Decrypt*", - "kms:ReEncrypt*", - "kms:GenerateDataKey*", - "kms:Describe*" - ], - "Resource": "*", - "Condition": { - "ArnLike": { - "kms:EncryptionContext:aws:logs:arn": "arn:aws:logs:us-east-1:211203495394:log-group:/aws/s3/*" - } - } - }, - { - "Sid": "Allow Key Users", - "Effect": "Allow", - "Principal": { - "AWS": [ - "arn:aws:iam::211203495394:root", - "arn:aws:iam::211203495394:user/terraform-user" - ] - }, - "Action": [ - "kms:Encrypt", - "kms:Decrypt", - "kms:ReEncrypt*", - "kms:GenerateDataKey*", - "kms:DescribeKey" - ], - "Resource": "*", - "Condition": { - "ArnLike": { - "kms:EncryptionContext:aws:logs:arn": "arn:aws:logs:us-east-1:211203495394:log-group:/aws/s3/*" - } - } - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "us-east-1", - "multi_region": false, - "tags": [ - { - "TagKey": "Environment", - "TagValue": "Production" - }, - { - "TagKey": "Owner", - "TagValue": "CFI" - }, - { - "TagKey": "managed-by", - "TagValue": "terraform" - }, - { - "TagKey": "module", - "TagValue": "secure-s3" - } - ] - } - }, - "group": { - "name": "kms" - }, - "labels": [ - "TagKey:module", - "TagValue:secure-s3" - ], - "name": "bcf39cd2-6148-425c-8c08-c140ee2c5a9f", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:us-east-1:211203495394:key/bcf39cd2-6148-425c-8c08-c140ee2c5a9f" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Before deleting a customer master key (CMK), you might want to know how many cipher-texts were encrypted under that key.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-determining-usage.html" - ] - }, - "risk_details": "Unused keys may increase service cost.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 1b7c736d-854c-475a-a8a5-df95b3d7a4df is scheduled for deletion, revert it if it was unintentionally.", - "metadata": { - "event_code": "kms_cmk_not_deleted_unintentionally", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "FAIL", - "status_detail": "KMS CMK 1b7c736d-854c-475a-a8a5-df95b3d7a4df is scheduled for deletion, revert it if it was unintentionally.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "AM-07.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-16.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.9.2", - "2.10.1" - ], - "PCI-4.0": [ - "3.5.1.1.9", - "3.5.1.3.17", - "3.6.1.2.9", - "3.6.1.3.9", - "3.6.1.4.9", - "3.6.1.9", - "3.7.1.10", - "3.7.2.9", - "3.7.4.10", - "3.7.6.9", - "3.7.7.9", - "4.2.1.1.22" - ], - "CCC": [ - "CCC.KeyMgmt.CN01.AR01", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR02", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.ObjStor.CN05.AR04", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Foundational-Security-Best-Practices": [ - "KMS.3" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.9.2", - "2.10.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure there is no customer keys scheduled for deletion.", - "title": "AWS KMS keys should not be deleted unintentionally", - "types": [ - "Data Deletion Protection" - ], - "uid": "prowler-aws-kms_cmk_not_deleted_unintentionally-211203495394-eu-west-1-1b7c736d-854c-475a-a8a5-df95b3d7a4df" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "1b7c736d-854c-475a-a8a5-df95b3d7a4df", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/1b7c736d-854c-475a-a8a5-df95b3d7a4df", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Id": "key-default-1", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [] - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "1b7c736d-854c-475a-a8a5-df95b3d7a4df", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/1b7c736d-854c-475a-a8a5-df95b3d7a4df" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Cancel the deletion before the end of the period unless you really want to delete that CMK, as it will no longer be usable.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html#deleting-keys-scheduling-key-deletion-console" - ] - }, - "risk_details": "KMS keys cannot be recovered once deleted, also, all the data under a KMS key is also permanently unrecoverable if the KMS key is deleted.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 1f7c04ae-50f9-4bd6-b725-433368271fbd is scheduled for deletion, revert it if it was unintentionally.", - "metadata": { - "event_code": "kms_cmk_not_deleted_unintentionally", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "FAIL", - "status_detail": "KMS CMK 1f7c04ae-50f9-4bd6-b725-433368271fbd is scheduled for deletion, revert it if it was unintentionally.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "AM-07.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-16.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.9.2", - "2.10.1" - ], - "PCI-4.0": [ - "3.5.1.1.9", - "3.5.1.3.17", - "3.6.1.2.9", - "3.6.1.3.9", - "3.6.1.4.9", - "3.6.1.9", - "3.7.1.10", - "3.7.2.9", - "3.7.4.10", - "3.7.6.9", - "3.7.7.9", - "4.2.1.1.22" - ], - "CCC": [ - "CCC.KeyMgmt.CN01.AR01", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR02", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.ObjStor.CN05.AR04", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Foundational-Security-Best-Practices": [ - "KMS.3" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.9.2", - "2.10.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure there is no customer keys scheduled for deletion.", - "title": "AWS KMS keys should not be deleted unintentionally", - "types": [ - "Data Deletion Protection" - ], - "uid": "prowler-aws-kms_cmk_not_deleted_unintentionally-211203495394-eu-west-1-1f7c04ae-50f9-4bd6-b725-433368271fbd" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "1f7c04ae-50f9-4bd6-b725-433368271fbd", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/1f7c04ae-50f9-4bd6-b725-433368271fbd", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Id": "key-default-1", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [] - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "1f7c04ae-50f9-4bd6-b725-433368271fbd", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/1f7c04ae-50f9-4bd6-b725-433368271fbd" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Cancel the deletion before the end of the period unless you really want to delete that CMK, as it will no longer be usable.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html#deleting-keys-scheduling-key-deletion-console" - ] - }, - "risk_details": "KMS keys cannot be recovered once deleted, also, all the data under a KMS key is also permanently unrecoverable if the KMS key is deleted.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 29586687-b1be-4c1b-a758-1f2878050364 is scheduled for deletion, revert it if it was unintentionally.", - "metadata": { - "event_code": "kms_cmk_not_deleted_unintentionally", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "FAIL", - "status_detail": "KMS CMK 29586687-b1be-4c1b-a758-1f2878050364 is scheduled for deletion, revert it if it was unintentionally.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "AM-07.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-16.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.9.2", - "2.10.1" - ], - "PCI-4.0": [ - "3.5.1.1.9", - "3.5.1.3.17", - "3.6.1.2.9", - "3.6.1.3.9", - "3.6.1.4.9", - "3.6.1.9", - "3.7.1.10", - "3.7.2.9", - "3.7.4.10", - "3.7.6.9", - "3.7.7.9", - "4.2.1.1.22" - ], - "CCC": [ - "CCC.KeyMgmt.CN01.AR01", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR02", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.ObjStor.CN05.AR04", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Foundational-Security-Best-Practices": [ - "KMS.3" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.9.2", - "2.10.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure there is no customer keys scheduled for deletion.", - "title": "AWS KMS keys should not be deleted unintentionally", - "types": [ - "Data Deletion Protection" - ], - "uid": "prowler-aws-kms_cmk_not_deleted_unintentionally-211203495394-eu-west-1-29586687-b1be-4c1b-a758-1f2878050364" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "29586687-b1be-4c1b-a758-1f2878050364", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/29586687-b1be-4c1b-a758-1f2878050364", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "Default", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [ - { - "TagKey": "Example", - "TagValue": "ex-rds" - }, - { - "TagKey": "GithubOrg", - "TagValue": "terraform-aws-modules" - }, - { - "TagKey": "GithubRepo", - "TagValue": "terraform-aws-rds-aurora" - } - ] - } - }, - "group": { - "name": "kms" - }, - "labels": [ - "TagKey:GithubRepo", - "TagValue:terraform-aws-rds-aurora" - ], - "name": "29586687-b1be-4c1b-a758-1f2878050364", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/29586687-b1be-4c1b-a758-1f2878050364" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Cancel the deletion before the end of the period unless you really want to delete that CMK, as it will no longer be usable.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html#deleting-keys-scheduling-key-deletion-console" - ] - }, - "risk_details": "KMS keys cannot be recovered once deleted, also, all the data under a KMS key is also permanently unrecoverable if the KMS key is deleted.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 3c96a820-bc6c-4059-9a8e-3a283bf8c4f5 is scheduled for deletion, revert it if it was unintentionally.", - "metadata": { - "event_code": "kms_cmk_not_deleted_unintentionally", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "FAIL", - "status_detail": "KMS CMK 3c96a820-bc6c-4059-9a8e-3a283bf8c4f5 is scheduled for deletion, revert it if it was unintentionally.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "AM-07.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-16.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.9.2", - "2.10.1" - ], - "PCI-4.0": [ - "3.5.1.1.9", - "3.5.1.3.17", - "3.6.1.2.9", - "3.6.1.3.9", - "3.6.1.4.9", - "3.6.1.9", - "3.7.1.10", - "3.7.2.9", - "3.7.4.10", - "3.7.6.9", - "3.7.7.9", - "4.2.1.1.22" - ], - "CCC": [ - "CCC.KeyMgmt.CN01.AR01", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR02", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.ObjStor.CN05.AR04", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Foundational-Security-Best-Practices": [ - "KMS.3" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.9.2", - "2.10.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure there is no customer keys scheduled for deletion.", - "title": "AWS KMS keys should not be deleted unintentionally", - "types": [ - "Data Deletion Protection" - ], - "uid": "prowler-aws-kms_cmk_not_deleted_unintentionally-211203495394-eu-west-1-3c96a820-bc6c-4059-9a8e-3a283bf8c4f5" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "3c96a820-bc6c-4059-9a8e-3a283bf8c4f5", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/3c96a820-bc6c-4059-9a8e-3a283bf8c4f5", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Id": "key-default-1", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [] - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "3c96a820-bc6c-4059-9a8e-3a283bf8c4f5", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/3c96a820-bc6c-4059-9a8e-3a283bf8c4f5" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Cancel the deletion before the end of the period unless you really want to delete that CMK, as it will no longer be usable.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html#deleting-keys-scheduling-key-deletion-console" - ] - }, - "risk_details": "KMS keys cannot be recovered once deleted, also, all the data under a KMS key is also permanently unrecoverable if the KMS key is deleted.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 4cac849c-0540-454c-9d3c-cd040cfab4a9 is scheduled for deletion, revert it if it was unintentionally.", - "metadata": { - "event_code": "kms_cmk_not_deleted_unintentionally", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "FAIL", - "status_detail": "KMS CMK 4cac849c-0540-454c-9d3c-cd040cfab4a9 is scheduled for deletion, revert it if it was unintentionally.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "AM-07.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-16.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.9.2", - "2.10.1" - ], - "PCI-4.0": [ - "3.5.1.1.9", - "3.5.1.3.17", - "3.6.1.2.9", - "3.6.1.3.9", - "3.6.1.4.9", - "3.6.1.9", - "3.7.1.10", - "3.7.2.9", - "3.7.4.10", - "3.7.6.9", - "3.7.7.9", - "4.2.1.1.22" - ], - "CCC": [ - "CCC.KeyMgmt.CN01.AR01", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR02", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.ObjStor.CN05.AR04", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Foundational-Security-Best-Practices": [ - "KMS.3" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.9.2", - "2.10.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure there is no customer keys scheduled for deletion.", - "title": "AWS KMS keys should not be deleted unintentionally", - "types": [ - "Data Deletion Protection" - ], - "uid": "prowler-aws-kms_cmk_not_deleted_unintentionally-211203495394-eu-west-1-4cac849c-0540-454c-9d3c-cd040cfab4a9" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "4cac849c-0540-454c-9d3c-cd040cfab4a9", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/4cac849c-0540-454c-9d3c-cd040cfab4a9", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Id": "key-default-1", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [] - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "4cac849c-0540-454c-9d3c-cd040cfab4a9", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/4cac849c-0540-454c-9d3c-cd040cfab4a9" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Cancel the deletion before the end of the period unless you really want to delete that CMK, as it will no longer be usable.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html#deleting-keys-scheduling-key-deletion-console" - ] - }, - "risk_details": "KMS keys cannot be recovered once deleted, also, all the data under a KMS key is also permanently unrecoverable if the KMS key is deleted.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 51726887-02ae-44f3-a044-7e70d96761f9 is scheduled for deletion, revert it if it was unintentionally.", - "metadata": { - "event_code": "kms_cmk_not_deleted_unintentionally", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "FAIL", - "status_detail": "KMS CMK 51726887-02ae-44f3-a044-7e70d96761f9 is scheduled for deletion, revert it if it was unintentionally.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "AM-07.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-16.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.9.2", - "2.10.1" - ], - "PCI-4.0": [ - "3.5.1.1.9", - "3.5.1.3.17", - "3.6.1.2.9", - "3.6.1.3.9", - "3.6.1.4.9", - "3.6.1.9", - "3.7.1.10", - "3.7.2.9", - "3.7.4.10", - "3.7.6.9", - "3.7.7.9", - "4.2.1.1.22" - ], - "CCC": [ - "CCC.KeyMgmt.CN01.AR01", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR02", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.ObjStor.CN05.AR04", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Foundational-Security-Best-Practices": [ - "KMS.3" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.9.2", - "2.10.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure there is no customer keys scheduled for deletion.", - "title": "AWS KMS keys should not be deleted unintentionally", - "types": [ - "Data Deletion Protection" - ], - "uid": "prowler-aws-kms_cmk_not_deleted_unintentionally-211203495394-eu-west-1-51726887-02ae-44f3-a044-7e70d96761f9" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "51726887-02ae-44f3-a044-7e70d96761f9", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/51726887-02ae-44f3-a044-7e70d96761f9", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "Default", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [ - { - "TagKey": "Example", - "TagValue": "ex-rds" - }, - { - "TagKey": "GithubOrg", - "TagValue": "terraform-aws-modules" - }, - { - "TagKey": "GithubRepo", - "TagValue": "terraform-aws-rds-aurora" - } - ] - } - }, - "group": { - "name": "kms" - }, - "labels": [ - "TagKey:GithubRepo", - "TagValue:terraform-aws-rds-aurora" - ], - "name": "51726887-02ae-44f3-a044-7e70d96761f9", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/51726887-02ae-44f3-a044-7e70d96761f9" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Cancel the deletion before the end of the period unless you really want to delete that CMK, as it will no longer be usable.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html#deleting-keys-scheduling-key-deletion-console" - ] - }, - "risk_details": "KMS keys cannot be recovered once deleted, also, all the data under a KMS key is also permanently unrecoverable if the KMS key is deleted.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 6ce7a755-4867-4c6a-966c-896a1edcc078 is scheduled for deletion, revert it if it was unintentionally.", - "metadata": { - "event_code": "kms_cmk_not_deleted_unintentionally", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "FAIL", - "status_detail": "KMS CMK 6ce7a755-4867-4c6a-966c-896a1edcc078 is scheduled for deletion, revert it if it was unintentionally.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "AM-07.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-16.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.9.2", - "2.10.1" - ], - "PCI-4.0": [ - "3.5.1.1.9", - "3.5.1.3.17", - "3.6.1.2.9", - "3.6.1.3.9", - "3.6.1.4.9", - "3.6.1.9", - "3.7.1.10", - "3.7.2.9", - "3.7.4.10", - "3.7.6.9", - "3.7.7.9", - "4.2.1.1.22" - ], - "CCC": [ - "CCC.KeyMgmt.CN01.AR01", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR02", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.ObjStor.CN05.AR04", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Foundational-Security-Best-Practices": [ - "KMS.3" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.9.2", - "2.10.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure there is no customer keys scheduled for deletion.", - "title": "AWS KMS keys should not be deleted unintentionally", - "types": [ - "Data Deletion Protection" - ], - "uid": "prowler-aws-kms_cmk_not_deleted_unintentionally-211203495394-eu-west-1-6ce7a755-4867-4c6a-966c-896a1edcc078" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "6ce7a755-4867-4c6a-966c-896a1edcc078", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/6ce7a755-4867-4c6a-966c-896a1edcc078", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Id": "key-default-1", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [] - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "6ce7a755-4867-4c6a-966c-896a1edcc078", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/6ce7a755-4867-4c6a-966c-896a1edcc078" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Cancel the deletion before the end of the period unless you really want to delete that CMK, as it will no longer be usable.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html#deleting-keys-scheduling-key-deletion-console" - ] - }, - "risk_details": "KMS keys cannot be recovered once deleted, also, all the data under a KMS key is also permanently unrecoverable if the KMS key is deleted.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 737fb7a4-e9f8-4ab4-87a8-aac87372f1c4 is scheduled for deletion, revert it if it was unintentionally.", - "metadata": { - "event_code": "kms_cmk_not_deleted_unintentionally", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "FAIL", - "status_detail": "KMS CMK 737fb7a4-e9f8-4ab4-87a8-aac87372f1c4 is scheduled for deletion, revert it if it was unintentionally.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "AM-07.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-16.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.9.2", - "2.10.1" - ], - "PCI-4.0": [ - "3.5.1.1.9", - "3.5.1.3.17", - "3.6.1.2.9", - "3.6.1.3.9", - "3.6.1.4.9", - "3.6.1.9", - "3.7.1.10", - "3.7.2.9", - "3.7.4.10", - "3.7.6.9", - "3.7.7.9", - "4.2.1.1.22" - ], - "CCC": [ - "CCC.KeyMgmt.CN01.AR01", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR02", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.ObjStor.CN05.AR04", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Foundational-Security-Best-Practices": [ - "KMS.3" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.9.2", - "2.10.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure there is no customer keys scheduled for deletion.", - "title": "AWS KMS keys should not be deleted unintentionally", - "types": [ - "Data Deletion Protection" - ], - "uid": "prowler-aws-kms_cmk_not_deleted_unintentionally-211203495394-eu-west-1-737fb7a4-e9f8-4ab4-87a8-aac87372f1c4" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "737fb7a4-e9f8-4ab4-87a8-aac87372f1c4", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/737fb7a4-e9f8-4ab4-87a8-aac87372f1c4", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Id": "key-default-1", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [] - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "737fb7a4-e9f8-4ab4-87a8-aac87372f1c4", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/737fb7a4-e9f8-4ab4-87a8-aac87372f1c4" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Cancel the deletion before the end of the period unless you really want to delete that CMK, as it will no longer be usable.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html#deleting-keys-scheduling-key-deletion-console" - ] - }, - "risk_details": "KMS keys cannot be recovered once deleted, also, all the data under a KMS key is also permanently unrecoverable if the KMS key is deleted.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 7becded9-6105-409d-9ddc-1ec9ad37781a is scheduled for deletion, revert it if it was unintentionally.", - "metadata": { - "event_code": "kms_cmk_not_deleted_unintentionally", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "FAIL", - "status_detail": "KMS CMK 7becded9-6105-409d-9ddc-1ec9ad37781a is scheduled for deletion, revert it if it was unintentionally.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "AM-07.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-16.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.9.2", - "2.10.1" - ], - "PCI-4.0": [ - "3.5.1.1.9", - "3.5.1.3.17", - "3.6.1.2.9", - "3.6.1.3.9", - "3.6.1.4.9", - "3.6.1.9", - "3.7.1.10", - "3.7.2.9", - "3.7.4.10", - "3.7.6.9", - "3.7.7.9", - "4.2.1.1.22" - ], - "CCC": [ - "CCC.KeyMgmt.CN01.AR01", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR02", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.ObjStor.CN05.AR04", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Foundational-Security-Best-Practices": [ - "KMS.3" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.9.2", - "2.10.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure there is no customer keys scheduled for deletion.", - "title": "AWS KMS keys should not be deleted unintentionally", - "types": [ - "Data Deletion Protection" - ], - "uid": "prowler-aws-kms_cmk_not_deleted_unintentionally-211203495394-eu-west-1-7becded9-6105-409d-9ddc-1ec9ad37781a" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "7becded9-6105-409d-9ddc-1ec9ad37781a", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/7becded9-6105-409d-9ddc-1ec9ad37781a", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "Default", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [ - { - "TagKey": "Example", - "TagValue": "ex-rds" - }, - { - "TagKey": "GithubOrg", - "TagValue": "terraform-aws-modules" - }, - { - "TagKey": "GithubRepo", - "TagValue": "terraform-aws-rds-aurora" - } - ] - } - }, - "group": { - "name": "kms" - }, - "labels": [ - "TagKey:GithubRepo", - "TagValue:terraform-aws-rds-aurora" - ], - "name": "7becded9-6105-409d-9ddc-1ec9ad37781a", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/7becded9-6105-409d-9ddc-1ec9ad37781a" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Cancel the deletion before the end of the period unless you really want to delete that CMK, as it will no longer be usable.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html#deleting-keys-scheduling-key-deletion-console" - ] - }, - "risk_details": "KMS keys cannot be recovered once deleted, also, all the data under a KMS key is also permanently unrecoverable if the KMS key is deleted.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 84910ea5-e87b-4175-a70d-317307443c9b is scheduled for deletion, revert it if it was unintentionally.", - "metadata": { - "event_code": "kms_cmk_not_deleted_unintentionally", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "FAIL", - "status_detail": "KMS CMK 84910ea5-e87b-4175-a70d-317307443c9b is scheduled for deletion, revert it if it was unintentionally.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "AM-07.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-16.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.9.2", - "2.10.1" - ], - "PCI-4.0": [ - "3.5.1.1.9", - "3.5.1.3.17", - "3.6.1.2.9", - "3.6.1.3.9", - "3.6.1.4.9", - "3.6.1.9", - "3.7.1.10", - "3.7.2.9", - "3.7.4.10", - "3.7.6.9", - "3.7.7.9", - "4.2.1.1.22" - ], - "CCC": [ - "CCC.KeyMgmt.CN01.AR01", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR02", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.ObjStor.CN05.AR04", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Foundational-Security-Best-Practices": [ - "KMS.3" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.9.2", - "2.10.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure there is no customer keys scheduled for deletion.", - "title": "AWS KMS keys should not be deleted unintentionally", - "types": [ - "Data Deletion Protection" - ], - "uid": "prowler-aws-kms_cmk_not_deleted_unintentionally-211203495394-eu-west-1-84910ea5-e87b-4175-a70d-317307443c9b" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "84910ea5-e87b-4175-a70d-317307443c9b", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/84910ea5-e87b-4175-a70d-317307443c9b", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Id": "key-default-1", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [] - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "84910ea5-e87b-4175-a70d-317307443c9b", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/84910ea5-e87b-4175-a70d-317307443c9b" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Cancel the deletion before the end of the period unless you really want to delete that CMK, as it will no longer be usable.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html#deleting-keys-scheduling-key-deletion-console" - ] - }, - "risk_details": "KMS keys cannot be recovered once deleted, also, all the data under a KMS key is also permanently unrecoverable if the KMS key is deleted.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 8775e1db-1bd3-430a-859e-3f4c2add845f is scheduled for deletion, revert it if it was unintentionally.", - "metadata": { - "event_code": "kms_cmk_not_deleted_unintentionally", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "FAIL", - "status_detail": "KMS CMK 8775e1db-1bd3-430a-859e-3f4c2add845f is scheduled for deletion, revert it if it was unintentionally.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "AM-07.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-16.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.9.2", - "2.10.1" - ], - "PCI-4.0": [ - "3.5.1.1.9", - "3.5.1.3.17", - "3.6.1.2.9", - "3.6.1.3.9", - "3.6.1.4.9", - "3.6.1.9", - "3.7.1.10", - "3.7.2.9", - "3.7.4.10", - "3.7.6.9", - "3.7.7.9", - "4.2.1.1.22" - ], - "CCC": [ - "CCC.KeyMgmt.CN01.AR01", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR02", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.ObjStor.CN05.AR04", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Foundational-Security-Best-Practices": [ - "KMS.3" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.9.2", - "2.10.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure there is no customer keys scheduled for deletion.", - "title": "AWS KMS keys should not be deleted unintentionally", - "types": [ - "Data Deletion Protection" - ], - "uid": "prowler-aws-kms_cmk_not_deleted_unintentionally-211203495394-eu-west-1-8775e1db-1bd3-430a-859e-3f4c2add845f" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "8775e1db-1bd3-430a-859e-3f4c2add845f", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/8775e1db-1bd3-430a-859e-3f4c2add845f", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Id": "key-default-1", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [] - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "8775e1db-1bd3-430a-859e-3f4c2add845f", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/8775e1db-1bd3-430a-859e-3f4c2add845f" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Cancel the deletion before the end of the period unless you really want to delete that CMK, as it will no longer be usable.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html#deleting-keys-scheduling-key-deletion-console" - ] - }, - "risk_details": "KMS keys cannot be recovered once deleted, also, all the data under a KMS key is also permanently unrecoverable if the KMS key is deleted.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 99ad2e00-15a1-4135-b8fb-dd5accf3652f is scheduled for deletion, revert it if it was unintentionally.", - "metadata": { - "event_code": "kms_cmk_not_deleted_unintentionally", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "FAIL", - "status_detail": "KMS CMK 99ad2e00-15a1-4135-b8fb-dd5accf3652f is scheduled for deletion, revert it if it was unintentionally.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "AM-07.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-16.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.9.2", - "2.10.1" - ], - "PCI-4.0": [ - "3.5.1.1.9", - "3.5.1.3.17", - "3.6.1.2.9", - "3.6.1.3.9", - "3.6.1.4.9", - "3.6.1.9", - "3.7.1.10", - "3.7.2.9", - "3.7.4.10", - "3.7.6.9", - "3.7.7.9", - "4.2.1.1.22" - ], - "CCC": [ - "CCC.KeyMgmt.CN01.AR01", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR02", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.ObjStor.CN05.AR04", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Foundational-Security-Best-Practices": [ - "KMS.3" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.9.2", - "2.10.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure there is no customer keys scheduled for deletion.", - "title": "AWS KMS keys should not be deleted unintentionally", - "types": [ - "Data Deletion Protection" - ], - "uid": "prowler-aws-kms_cmk_not_deleted_unintentionally-211203495394-eu-west-1-99ad2e00-15a1-4135-b8fb-dd5accf3652f" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "99ad2e00-15a1-4135-b8fb-dd5accf3652f", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/99ad2e00-15a1-4135-b8fb-dd5accf3652f", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Id": "key-default-1", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [] - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "99ad2e00-15a1-4135-b8fb-dd5accf3652f", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/99ad2e00-15a1-4135-b8fb-dd5accf3652f" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Cancel the deletion before the end of the period unless you really want to delete that CMK, as it will no longer be usable.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html#deleting-keys-scheduling-key-deletion-console" - ] - }, - "risk_details": "KMS keys cannot be recovered once deleted, also, all the data under a KMS key is also permanently unrecoverable if the KMS key is deleted.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 9df09165-d3c4-46c5-954f-a66bcb65f64f is scheduled for deletion, revert it if it was unintentionally.", - "metadata": { - "event_code": "kms_cmk_not_deleted_unintentionally", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "FAIL", - "status_detail": "KMS CMK 9df09165-d3c4-46c5-954f-a66bcb65f64f is scheduled for deletion, revert it if it was unintentionally.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "AM-07.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-16.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.9.2", - "2.10.1" - ], - "PCI-4.0": [ - "3.5.1.1.9", - "3.5.1.3.17", - "3.6.1.2.9", - "3.6.1.3.9", - "3.6.1.4.9", - "3.6.1.9", - "3.7.1.10", - "3.7.2.9", - "3.7.4.10", - "3.7.6.9", - "3.7.7.9", - "4.2.1.1.22" - ], - "CCC": [ - "CCC.KeyMgmt.CN01.AR01", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR02", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.ObjStor.CN05.AR04", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Foundational-Security-Best-Practices": [ - "KMS.3" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.9.2", - "2.10.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure there is no customer keys scheduled for deletion.", - "title": "AWS KMS keys should not be deleted unintentionally", - "types": [ - "Data Deletion Protection" - ], - "uid": "prowler-aws-kms_cmk_not_deleted_unintentionally-211203495394-eu-west-1-9df09165-d3c4-46c5-954f-a66bcb65f64f" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "9df09165-d3c4-46c5-954f-a66bcb65f64f", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/9df09165-d3c4-46c5-954f-a66bcb65f64f", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Id": "key-default-1", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [] - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "9df09165-d3c4-46c5-954f-a66bcb65f64f", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/9df09165-d3c4-46c5-954f-a66bcb65f64f" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Cancel the deletion before the end of the period unless you really want to delete that CMK, as it will no longer be usable.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html#deleting-keys-scheduling-key-deletion-console" - ] - }, - "risk_details": "KMS keys cannot be recovered once deleted, also, all the data under a KMS key is also permanently unrecoverable if the KMS key is deleted.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK b6fe9898-8d78-4d6f-aeeb-2f2083ab7552 is scheduled for deletion, revert it if it was unintentionally.", - "metadata": { - "event_code": "kms_cmk_not_deleted_unintentionally", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "FAIL", - "status_detail": "KMS CMK b6fe9898-8d78-4d6f-aeeb-2f2083ab7552 is scheduled for deletion, revert it if it was unintentionally.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "AM-07.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-16.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.9.2", - "2.10.1" - ], - "PCI-4.0": [ - "3.5.1.1.9", - "3.5.1.3.17", - "3.6.1.2.9", - "3.6.1.3.9", - "3.6.1.4.9", - "3.6.1.9", - "3.7.1.10", - "3.7.2.9", - "3.7.4.10", - "3.7.6.9", - "3.7.7.9", - "4.2.1.1.22" - ], - "CCC": [ - "CCC.KeyMgmt.CN01.AR01", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR02", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.ObjStor.CN05.AR04", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Foundational-Security-Best-Practices": [ - "KMS.3" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.9.2", - "2.10.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure there is no customer keys scheduled for deletion.", - "title": "AWS KMS keys should not be deleted unintentionally", - "types": [ - "Data Deletion Protection" - ], - "uid": "prowler-aws-kms_cmk_not_deleted_unintentionally-211203495394-eu-west-1-b6fe9898-8d78-4d6f-aeeb-2f2083ab7552" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "b6fe9898-8d78-4d6f-aeeb-2f2083ab7552", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/b6fe9898-8d78-4d6f-aeeb-2f2083ab7552", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Id": "key-default-1", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [] - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "b6fe9898-8d78-4d6f-aeeb-2f2083ab7552", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/b6fe9898-8d78-4d6f-aeeb-2f2083ab7552" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Cancel the deletion before the end of the period unless you really want to delete that CMK, as it will no longer be usable.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html#deleting-keys-scheduling-key-deletion-console" - ] - }, - "risk_details": "KMS keys cannot be recovered once deleted, also, all the data under a KMS key is also permanently unrecoverable if the KMS key is deleted.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK c28e1f44-d1bb-40d8-beef-21efdcb66bb7 is scheduled for deletion, revert it if it was unintentionally.", - "metadata": { - "event_code": "kms_cmk_not_deleted_unintentionally", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "FAIL", - "status_detail": "KMS CMK c28e1f44-d1bb-40d8-beef-21efdcb66bb7 is scheduled for deletion, revert it if it was unintentionally.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "AM-07.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-16.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.9.2", - "2.10.1" - ], - "PCI-4.0": [ - "3.5.1.1.9", - "3.5.1.3.17", - "3.6.1.2.9", - "3.6.1.3.9", - "3.6.1.4.9", - "3.6.1.9", - "3.7.1.10", - "3.7.2.9", - "3.7.4.10", - "3.7.6.9", - "3.7.7.9", - "4.2.1.1.22" - ], - "CCC": [ - "CCC.KeyMgmt.CN01.AR01", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR02", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.ObjStor.CN05.AR04", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Foundational-Security-Best-Practices": [ - "KMS.3" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.9.2", - "2.10.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure there is no customer keys scheduled for deletion.", - "title": "AWS KMS keys should not be deleted unintentionally", - "types": [ - "Data Deletion Protection" - ], - "uid": "prowler-aws-kms_cmk_not_deleted_unintentionally-211203495394-eu-west-1-c28e1f44-d1bb-40d8-beef-21efdcb66bb7" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "c28e1f44-d1bb-40d8-beef-21efdcb66bb7", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/c28e1f44-d1bb-40d8-beef-21efdcb66bb7", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "Default", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [ - { - "TagKey": "Example", - "TagValue": "ex-rds" - }, - { - "TagKey": "GithubOrg", - "TagValue": "terraform-aws-modules" - }, - { - "TagKey": "GithubRepo", - "TagValue": "terraform-aws-rds-aurora" - } - ] - } - }, - "group": { - "name": "kms" - }, - "labels": [ - "TagKey:GithubRepo", - "TagValue:terraform-aws-rds-aurora" - ], - "name": "c28e1f44-d1bb-40d8-beef-21efdcb66bb7", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/c28e1f44-d1bb-40d8-beef-21efdcb66bb7" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Cancel the deletion before the end of the period unless you really want to delete that CMK, as it will no longer be usable.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html#deleting-keys-scheduling-key-deletion-console" - ] - }, - "risk_details": "KMS keys cannot be recovered once deleted, also, all the data under a KMS key is also permanently unrecoverable if the KMS key is deleted.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK c45a036b-843a-48be-9621-57e49da9e4f6 is scheduled for deletion, revert it if it was unintentionally.", - "metadata": { - "event_code": "kms_cmk_not_deleted_unintentionally", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "FAIL", - "status_detail": "KMS CMK c45a036b-843a-48be-9621-57e49da9e4f6 is scheduled for deletion, revert it if it was unintentionally.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "AM-07.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-16.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.9.2", - "2.10.1" - ], - "PCI-4.0": [ - "3.5.1.1.9", - "3.5.1.3.17", - "3.6.1.2.9", - "3.6.1.3.9", - "3.6.1.4.9", - "3.6.1.9", - "3.7.1.10", - "3.7.2.9", - "3.7.4.10", - "3.7.6.9", - "3.7.7.9", - "4.2.1.1.22" - ], - "CCC": [ - "CCC.KeyMgmt.CN01.AR01", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR02", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.ObjStor.CN05.AR04", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Foundational-Security-Best-Practices": [ - "KMS.3" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.9.2", - "2.10.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure there is no customer keys scheduled for deletion.", - "title": "AWS KMS keys should not be deleted unintentionally", - "types": [ - "Data Deletion Protection" - ], - "uid": "prowler-aws-kms_cmk_not_deleted_unintentionally-211203495394-eu-west-1-c45a036b-843a-48be-9621-57e49da9e4f6" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "c45a036b-843a-48be-9621-57e49da9e4f6", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/c45a036b-843a-48be-9621-57e49da9e4f6", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "Default", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [ - { - "TagKey": "Example", - "TagValue": "ex-rds" - }, - { - "TagKey": "GithubOrg", - "TagValue": "terraform-aws-modules" - }, - { - "TagKey": "GithubRepo", - "TagValue": "terraform-aws-rds-aurora" - } - ] - } - }, - "group": { - "name": "kms" - }, - "labels": [ - "TagKey:GithubRepo", - "TagValue:terraform-aws-rds-aurora" - ], - "name": "c45a036b-843a-48be-9621-57e49da9e4f6", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/c45a036b-843a-48be-9621-57e49da9e4f6" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Cancel the deletion before the end of the period unless you really want to delete that CMK, as it will no longer be usable.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html#deleting-keys-scheduling-key-deletion-console" - ] - }, - "risk_details": "KMS keys cannot be recovered once deleted, also, all the data under a KMS key is also permanently unrecoverable if the KMS key is deleted.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK cdbd7090-6c87-4e56-b755-fddf82d253ef is scheduled for deletion, revert it if it was unintentionally.", - "metadata": { - "event_code": "kms_cmk_not_deleted_unintentionally", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "FAIL", - "status_detail": "KMS CMK cdbd7090-6c87-4e56-b755-fddf82d253ef is scheduled for deletion, revert it if it was unintentionally.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "AM-07.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-16.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.9.2", - "2.10.1" - ], - "PCI-4.0": [ - "3.5.1.1.9", - "3.5.1.3.17", - "3.6.1.2.9", - "3.6.1.3.9", - "3.6.1.4.9", - "3.6.1.9", - "3.7.1.10", - "3.7.2.9", - "3.7.4.10", - "3.7.6.9", - "3.7.7.9", - "4.2.1.1.22" - ], - "CCC": [ - "CCC.KeyMgmt.CN01.AR01", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR02", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.ObjStor.CN05.AR04", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Foundational-Security-Best-Practices": [ - "KMS.3" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.9.2", - "2.10.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure there is no customer keys scheduled for deletion.", - "title": "AWS KMS keys should not be deleted unintentionally", - "types": [ - "Data Deletion Protection" - ], - "uid": "prowler-aws-kms_cmk_not_deleted_unintentionally-211203495394-eu-west-1-cdbd7090-6c87-4e56-b755-fddf82d253ef" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "cdbd7090-6c87-4e56-b755-fddf82d253ef", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/cdbd7090-6c87-4e56-b755-fddf82d253ef", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Id": "key-default-1", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [] - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "cdbd7090-6c87-4e56-b755-fddf82d253ef", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/cdbd7090-6c87-4e56-b755-fddf82d253ef" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Cancel the deletion before the end of the period unless you really want to delete that CMK, as it will no longer be usable.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html#deleting-keys-scheduling-key-deletion-console" - ] - }, - "risk_details": "KMS keys cannot be recovered once deleted, also, all the data under a KMS key is also permanently unrecoverable if the KMS key is deleted.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK cf944303-41d3-401c-b296-00cbbb3d5ca4 is scheduled for deletion, revert it if it was unintentionally.", - "metadata": { - "event_code": "kms_cmk_not_deleted_unintentionally", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "FAIL", - "status_detail": "KMS CMK cf944303-41d3-401c-b296-00cbbb3d5ca4 is scheduled for deletion, revert it if it was unintentionally.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "AM-07.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-16.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.9.2", - "2.10.1" - ], - "PCI-4.0": [ - "3.5.1.1.9", - "3.5.1.3.17", - "3.6.1.2.9", - "3.6.1.3.9", - "3.6.1.4.9", - "3.6.1.9", - "3.7.1.10", - "3.7.2.9", - "3.7.4.10", - "3.7.6.9", - "3.7.7.9", - "4.2.1.1.22" - ], - "CCC": [ - "CCC.KeyMgmt.CN01.AR01", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR02", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.ObjStor.CN05.AR04", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Foundational-Security-Best-Practices": [ - "KMS.3" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.9.2", - "2.10.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure there is no customer keys scheduled for deletion.", - "title": "AWS KMS keys should not be deleted unintentionally", - "types": [ - "Data Deletion Protection" - ], - "uid": "prowler-aws-kms_cmk_not_deleted_unintentionally-211203495394-eu-west-1-cf944303-41d3-401c-b296-00cbbb3d5ca4" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "cf944303-41d3-401c-b296-00cbbb3d5ca4", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/cf944303-41d3-401c-b296-00cbbb3d5ca4", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Id": "key-default-1", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [] - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "cf944303-41d3-401c-b296-00cbbb3d5ca4", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/cf944303-41d3-401c-b296-00cbbb3d5ca4" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Cancel the deletion before the end of the period unless you really want to delete that CMK, as it will no longer be usable.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html#deleting-keys-scheduling-key-deletion-console" - ] - }, - "risk_details": "KMS keys cannot be recovered once deleted, also, all the data under a KMS key is also permanently unrecoverable if the KMS key is deleted.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK db617ef7-813a-45f5-b3e3-65c57fdf56a3 is not scheduled for deletion.", - "metadata": { - "event_code": "kms_cmk_not_deleted_unintentionally", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "PASS", - "status_detail": "KMS CMK db617ef7-813a-45f5-b3e3-65c57fdf56a3 is not scheduled for deletion.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "AM-07.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-16.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.9.2", - "2.10.1" - ], - "PCI-4.0": [ - "3.5.1.1.9", - "3.5.1.3.17", - "3.6.1.2.9", - "3.6.1.3.9", - "3.6.1.4.9", - "3.6.1.9", - "3.7.1.10", - "3.7.2.9", - "3.7.4.10", - "3.7.6.9", - "3.7.7.9", - "4.2.1.1.22" - ], - "CCC": [ - "CCC.KeyMgmt.CN01.AR01", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR02", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.ObjStor.CN05.AR04", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Foundational-Security-Best-Practices": [ - "KMS.3" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.9.2", - "2.10.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure there is no customer keys scheduled for deletion.", - "title": "AWS KMS keys should not be deleted unintentionally", - "types": [ - "Data Deletion Protection" - ], - "uid": "prowler-aws-kms_cmk_not_deleted_unintentionally-211203495394-eu-west-1-db617ef7-813a-45f5-b3e3-65c57fdf56a3" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "db617ef7-813a-45f5-b3e3-65c57fdf56a3", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/db617ef7-813a-45f5-b3e3-65c57fdf56a3", - "state": "Enabled", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": true, - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "Default", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [ - { - "TagKey": "Example", - "TagValue": "ex-rds" - }, - { - "TagKey": "GithubOrg", - "TagValue": "terraform-aws-modules" - }, - { - "TagKey": "GithubRepo", - "TagValue": "terraform-aws-rds-aurora" - } - ] - } - }, - "group": { - "name": "kms" - }, - "labels": [ - "TagKey:GithubRepo", - "TagValue:terraform-aws-rds-aurora" - ], - "name": "db617ef7-813a-45f5-b3e3-65c57fdf56a3", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/db617ef7-813a-45f5-b3e3-65c57fdf56a3" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Cancel the deletion before the end of the period unless you really want to delete that CMK, as it will no longer be usable.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html#deleting-keys-scheduling-key-deletion-console" - ] - }, - "risk_details": "KMS keys cannot be recovered once deleted, also, all the data under a KMS key is also permanently unrecoverable if the KMS key is deleted.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 939cf539-5ce7-4c5f-a055-b2eb4fe5d9be is scheduled for deletion, revert it if it was unintentionally.", - "metadata": { - "event_code": "kms_cmk_not_deleted_unintentionally", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "FAIL", - "status_detail": "KMS CMK 939cf539-5ce7-4c5f-a055-b2eb4fe5d9be is scheduled for deletion, revert it if it was unintentionally.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "AM-07.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-16.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.9.2", - "2.10.1" - ], - "PCI-4.0": [ - "3.5.1.1.9", - "3.5.1.3.17", - "3.6.1.2.9", - "3.6.1.3.9", - "3.6.1.4.9", - "3.6.1.9", - "3.7.1.10", - "3.7.2.9", - "3.7.4.10", - "3.7.6.9", - "3.7.7.9", - "4.2.1.1.22" - ], - "CCC": [ - "CCC.KeyMgmt.CN01.AR01", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR02", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.ObjStor.CN05.AR04", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Foundational-Security-Best-Practices": [ - "KMS.3" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.9.2", - "2.10.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure there is no customer keys scheduled for deletion.", - "title": "AWS KMS keys should not be deleted unintentionally", - "types": [ - "Data Deletion Protection" - ], - "uid": "prowler-aws-kms_cmk_not_deleted_unintentionally-211203495394-us-east-1-939cf539-5ce7-4c5f-a055-b2eb4fe5d9be" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "id": "939cf539-5ce7-4c5f-a055-b2eb4fe5d9be", - "arn": "arn:aws:kms:us-east-1:211203495394:key/939cf539-5ce7-4c5f-a055-b2eb4fe5d9be", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - }, - { - "Sid": "Allow CloudWatch Logs", - "Effect": "Allow", - "Principal": { - "Service": "logs.us-east-1.amazonaws.com" - }, - "Action": [ - "kms:Encrypt*", - "kms:Decrypt*", - "kms:ReEncrypt*", - "kms:GenerateDataKey*", - "kms:Describe*" - ], - "Resource": "*", - "Condition": { - "ArnLike": { - "kms:EncryptionContext:aws:logs:arn": "arn:aws:logs:us-east-1:211203495394:log-group:/aws/s3/*" - } - } - }, - { - "Sid": "Allow Key Users", - "Effect": "Allow", - "Principal": { - "AWS": [ - "arn:aws:iam::211203495394:root", - "arn:aws:iam::211203495394:user/terraform-user" - ] - }, - "Action": [ - "kms:Encrypt", - "kms:Decrypt", - "kms:ReEncrypt*", - "kms:GenerateDataKey*", - "kms:DescribeKey" - ], - "Resource": "*", - "Condition": { - "ArnLike": { - "kms:EncryptionContext:aws:logs:arn": "arn:aws:logs:us-east-1:211203495394:log-group:/aws/s3/*" - } - } - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "us-east-1", - "multi_region": false, - "tags": [ - { - "TagKey": "Environment", - "TagValue": "Production" - }, - { - "TagKey": "Owner", - "TagValue": "CFI" - }, - { - "TagKey": "managed-by", - "TagValue": "terraform" - }, - { - "TagKey": "module", - "TagValue": "secure-s3" - } - ] - } - }, - "group": { - "name": "kms" - }, - "labels": [ - "TagKey:module", - "TagValue:secure-s3" - ], - "name": "939cf539-5ce7-4c5f-a055-b2eb4fe5d9be", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:us-east-1:211203495394:key/939cf539-5ce7-4c5f-a055-b2eb4fe5d9be" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Cancel the deletion before the end of the period unless you really want to delete that CMK, as it will no longer be usable.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html#deleting-keys-scheduling-key-deletion-console" - ] - }, - "risk_details": "KMS keys cannot be recovered once deleted, also, all the data under a KMS key is also permanently unrecoverable if the KMS key is deleted.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK a80c0553-bf44-472b-a141-674b2d47209b is scheduled for deletion, revert it if it was unintentionally.", - "metadata": { - "event_code": "kms_cmk_not_deleted_unintentionally", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "FAIL", - "status_detail": "KMS CMK a80c0553-bf44-472b-a141-674b2d47209b is scheduled for deletion, revert it if it was unintentionally.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "AM-07.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-16.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.9.2", - "2.10.1" - ], - "PCI-4.0": [ - "3.5.1.1.9", - "3.5.1.3.17", - "3.6.1.2.9", - "3.6.1.3.9", - "3.6.1.4.9", - "3.6.1.9", - "3.7.1.10", - "3.7.2.9", - "3.7.4.10", - "3.7.6.9", - "3.7.7.9", - "4.2.1.1.22" - ], - "CCC": [ - "CCC.KeyMgmt.CN01.AR01", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR02", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.ObjStor.CN05.AR04", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Foundational-Security-Best-Practices": [ - "KMS.3" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.9.2", - "2.10.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure there is no customer keys scheduled for deletion.", - "title": "AWS KMS keys should not be deleted unintentionally", - "types": [ - "Data Deletion Protection" - ], - "uid": "prowler-aws-kms_cmk_not_deleted_unintentionally-211203495394-us-east-1-a80c0553-bf44-472b-a141-674b2d47209b" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "id": "a80c0553-bf44-472b-a141-674b2d47209b", - "arn": "arn:aws:kms:us-east-1:211203495394:key/a80c0553-bf44-472b-a141-674b2d47209b", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - }, - { - "Sid": "Allow CloudWatch Logs", - "Effect": "Allow", - "Principal": { - "Service": "logs.us-east-1.amazonaws.com" - }, - "Action": [ - "kms:Encrypt*", - "kms:Decrypt*", - "kms:ReEncrypt*", - "kms:GenerateDataKey*", - "kms:Describe*" - ], - "Resource": "*", - "Condition": { - "ArnLike": { - "kms:EncryptionContext:aws:logs:arn": "arn:aws:logs:us-east-1:211203495394:log-group:/aws/s3/*" - } - } - }, - { - "Sid": "Allow Key Users", - "Effect": "Allow", - "Principal": { - "AWS": [ - "arn:aws:iam::211203495394:root", - "arn:aws:iam::211203495394:user/terraform-user" - ] - }, - "Action": [ - "kms:Encrypt", - "kms:Decrypt", - "kms:ReEncrypt*", - "kms:GenerateDataKey*", - "kms:DescribeKey" - ], - "Resource": "*", - "Condition": { - "ArnLike": { - "kms:EncryptionContext:aws:logs:arn": "arn:aws:logs:us-east-1:211203495394:log-group:/aws/s3/*" - } - } - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "us-east-1", - "multi_region": false, - "tags": [ - { - "TagKey": "Environment", - "TagValue": "Production" - }, - { - "TagKey": "Owner", - "TagValue": "CFI" - }, - { - "TagKey": "managed-by", - "TagValue": "terraform" - }, - { - "TagKey": "module", - "TagValue": "secure-s3" - } - ] - } - }, - "group": { - "name": "kms" - }, - "labels": [ - "TagKey:module", - "TagValue:secure-s3" - ], - "name": "a80c0553-bf44-472b-a141-674b2d47209b", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:us-east-1:211203495394:key/a80c0553-bf44-472b-a141-674b2d47209b" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Cancel the deletion before the end of the period unless you really want to delete that CMK, as it will no longer be usable.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html#deleting-keys-scheduling-key-deletion-console" - ] - }, - "risk_details": "KMS keys cannot be recovered once deleted, also, all the data under a KMS key is also permanently unrecoverable if the KMS key is deleted.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK bcf39cd2-6148-425c-8c08-c140ee2c5a9f is scheduled for deletion, revert it if it was unintentionally.", - "metadata": { - "event_code": "kms_cmk_not_deleted_unintentionally", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "FAIL", - "status_detail": "KMS CMK bcf39cd2-6148-425c-8c08-c140ee2c5a9f is scheduled for deletion, revert it if it was unintentionally.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "AM-07.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-16.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.9.2", - "2.10.1" - ], - "PCI-4.0": [ - "3.5.1.1.9", - "3.5.1.3.17", - "3.6.1.2.9", - "3.6.1.3.9", - "3.6.1.4.9", - "3.6.1.9", - "3.7.1.10", - "3.7.2.9", - "3.7.4.10", - "3.7.6.9", - "3.7.7.9", - "4.2.1.1.22" - ], - "CCC": [ - "CCC.KeyMgmt.CN01.AR01", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR02", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.ObjStor.CN05.AR04", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Foundational-Security-Best-Practices": [ - "KMS.3" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.9.2", - "2.10.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure there is no customer keys scheduled for deletion.", - "title": "AWS KMS keys should not be deleted unintentionally", - "types": [ - "Data Deletion Protection" - ], - "uid": "prowler-aws-kms_cmk_not_deleted_unintentionally-211203495394-us-east-1-bcf39cd2-6148-425c-8c08-c140ee2c5a9f" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "id": "bcf39cd2-6148-425c-8c08-c140ee2c5a9f", - "arn": "arn:aws:kms:us-east-1:211203495394:key/bcf39cd2-6148-425c-8c08-c140ee2c5a9f", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - }, - { - "Sid": "Allow CloudWatch Logs", - "Effect": "Allow", - "Principal": { - "Service": "logs.us-east-1.amazonaws.com" - }, - "Action": [ - "kms:Encrypt*", - "kms:Decrypt*", - "kms:ReEncrypt*", - "kms:GenerateDataKey*", - "kms:Describe*" - ], - "Resource": "*", - "Condition": { - "ArnLike": { - "kms:EncryptionContext:aws:logs:arn": "arn:aws:logs:us-east-1:211203495394:log-group:/aws/s3/*" - } - } - }, - { - "Sid": "Allow Key Users", - "Effect": "Allow", - "Principal": { - "AWS": [ - "arn:aws:iam::211203495394:root", - "arn:aws:iam::211203495394:user/terraform-user" - ] - }, - "Action": [ - "kms:Encrypt", - "kms:Decrypt", - "kms:ReEncrypt*", - "kms:GenerateDataKey*", - "kms:DescribeKey" - ], - "Resource": "*", - "Condition": { - "ArnLike": { - "kms:EncryptionContext:aws:logs:arn": "arn:aws:logs:us-east-1:211203495394:log-group:/aws/s3/*" - } - } - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "us-east-1", - "multi_region": false, - "tags": [ - { - "TagKey": "Environment", - "TagValue": "Production" - }, - { - "TagKey": "Owner", - "TagValue": "CFI" - }, - { - "TagKey": "managed-by", - "TagValue": "terraform" - }, - { - "TagKey": "module", - "TagValue": "secure-s3" - } - ] - } - }, - "group": { - "name": "kms" - }, - "labels": [ - "TagKey:module", - "TagValue:secure-s3" - ], - "name": "bcf39cd2-6148-425c-8c08-c140ee2c5a9f", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:us-east-1:211203495394:key/bcf39cd2-6148-425c-8c08-c140ee2c5a9f" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Cancel the deletion before the end of the period unless you really want to delete that CMK, as it will no longer be usable.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html#deleting-keys-scheduling-key-deletion-console" - ] - }, - "risk_details": "KMS keys cannot be recovered once deleted, also, all the data under a KMS key is also permanently unrecoverable if the KMS key is deleted.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK db617ef7-813a-45f5-b3e3-65c57fdf56a3 is a single-region key.", - "metadata": { - "event_code": "kms_cmk_not_multi_region", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "KMS CMK db617ef7-813a-45f5-b3e3-65c57fdf56a3 is a single-region key.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html#multi-region-concepts", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Multi-region keys should be used only when absolutely necessary, such as for cross-region disaster recovery, and should be carefully managed with strict access controls.", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "CRY-03.01B", - "CRY-05.02B", - "CRY-10.01B", - "CRY-19.01B", - "PSS-12.02AC" - ], - "CCC": [ - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR04", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04", - "CCC.Core.CN11.AR05" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure that AWS KMS customer managed keys (CMKs) are not multi-region to maintain strict data control and compliance with security best practices.", - "title": "AWS KMS customer managed keys should not be multi-Region", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-kms_cmk_not_multi_region-211203495394-eu-west-1-db617ef7-813a-45f5-b3e3-65c57fdf56a3" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "db617ef7-813a-45f5-b3e3-65c57fdf56a3", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/db617ef7-813a-45f5-b3e3-65c57fdf56a3", - "state": "Enabled", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": true, - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "Default", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [ - { - "TagKey": "Example", - "TagValue": "ex-rds" - }, - { - "TagKey": "GithubOrg", - "TagValue": "terraform-aws-modules" - }, - { - "TagKey": "GithubRepo", - "TagValue": "terraform-aws-rds-aurora" - } - ] - } - }, - "group": { - "name": "kms" - }, - "labels": [ - "TagKey:GithubRepo", - "TagValue:terraform-aws-rds-aurora" - ], - "name": "db617ef7-813a-45f5-b3e3-65c57fdf56a3", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/db617ef7-813a-45f5-b3e3-65c57fdf56a3" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Identify and replace multi-region keys with single-region KMS keys to enhance security and access control.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/mrk-when-to-use.html" - ] - }, - "risk_details": "Multi-region KMS keys can increase the risk of unauthorized access and data exposure, as managing access controls and auditing across multiple regions becomes more complex. This expanded attack surface may lead to compliance violations and data breaches.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK db617ef7-813a-45f5-b3e3-65c57fdf56a3 has automatic rotation enabled.", - "metadata": { - "event_code": "kms_cmk_rotation_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "KMS CMK db617ef7-813a-45f5-b3e3-65c57fdf56a3 has automatic rotation enabled.", - "status_id": 1, - "unmapped": { - "related_url": "https://aws.amazon.com/blogs/security/how-to-get-ready-for-certificate-transparency/", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "RBI-Cyber-Security-Framework": [ - "annex_i_1_3" - ], - "HIPAA": [ - "164_312_a_2_iv" - ], - "C5-2025": [ - "OIS-08.02B", - "CRY-05.02B", - "CRY-06.01B", - "CRY-07.01B", - "CRY-09.02B", - "CRY-19.01B" - ], - "FedRamp-Moderate-Revision-4": [ - "sc-12" - ], - "CIS-3.0": [ - "3.6" - ], - "NIST-800-53-Revision-5": [ - "cm_6_a", - "cm_9_b", - "sa_9_6", - "sc_12", - "sc_12_2", - "sc_12_6" - ], - "ENS-RD2022": [ - "op.exp.10.aws.cmk.3" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "CIS-4.0.1": [ - "3.6" - ], - "PCI-4.0": [ - "3.7.4.5", - "3.7.5.2" - ], - "FedRAMP-Low-Revision-4": [ - "sc-12" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "CIS-5.0": [ - "3.6" - ], - "CIS-1.4": [ - "3.8" - ], - "CCC": [ - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN03.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04", - "CCC.Core.CN11.AR05", - "CCC.Core.CN11.AR06" - ], - "GxP-21-CFR-Part-11": [ - "11.30" - ], - "ProwlerThreatScore-1.0": [ - "3.2.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "KMS.4" - ], - "CIS-1.5": [ - "3.8" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC02-BP05" - ], - "ISO27001-2022": [ - "A.8.5", - "A.8.11", - "A.8.24" - ], - "NIST-800-53-Revision-4": [ - "sc_12" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "CIS-2.0": [ - "3.8" - ], - "CISA": [ - "your-systems-3" - ], - "NIS2": [ - "11.6.2.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure rotation for customer created KMS CMKs is enabled.", - "title": "Ensure rotation for customer created KMS CMKs is enabled.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-kms_cmk_rotation_enabled-211203495394-eu-west-1-db617ef7-813a-45f5-b3e3-65c57fdf56a3" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "db617ef7-813a-45f5-b3e3-65c57fdf56a3", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/db617ef7-813a-45f5-b3e3-65c57fdf56a3", - "state": "Enabled", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": true, - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "Default", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [ - { - "TagKey": "Example", - "TagValue": "ex-rds" - }, - { - "TagKey": "GithubOrg", - "TagValue": "terraform-aws-modules" - }, - { - "TagKey": "GithubRepo", - "TagValue": "terraform-aws-rds-aurora" - } - ] - } - }, - "group": { - "name": "kms" - }, - "labels": [ - "TagKey:GithubRepo", - "TagValue:terraform-aws-rds-aurora" - ], - "name": "db617ef7-813a-45f5-b3e3-65c57fdf56a3", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/db617ef7-813a-45f5-b3e3-65c57fdf56a3" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "For every KMS Customer Master Keys (CMKs), ensure that Rotate this key every year is enabled.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html" - ] - }, - "risk_details": "Cryptographic best practices discourage extensive reuse of encryption keys. Consequently, Customer Master Keys (CMKs) should be rotated to prevent usage of compromised keys.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS key db617ef7-813a-45f5-b3e3-65c57fdf56a3 is not exposed to Public.", - "metadata": { - "event_code": "kms_key_not_publicly_accessible", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "KMS key db617ef7-813a-45f5-b3e3-65c57fdf56a3 is not exposed to Public.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/kms/latest/developerguide/determining-access.html", - "categories": [ - "internet-exposed", - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "PS-03.02B", - "IAM-10.01B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-19.01B", - "COS-02.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "CCC": [ - "CCC.ObjStor.CN01.AR01", - "CCC.ObjStor.CN01.AR02", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04" - ], - "ProwlerThreatScore-1.0": [ - "2.2.14" - ], - "AWS-Foundational-Security-Best-Practices": [ - "KMS.5" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC03-BP07" - ], - "ISO27001-2022": [ - "A.8.1" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "NIS2": [ - "9.2.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Check exposed KMS keys", - "title": "Check exposed KMS keys", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-kms_key_not_publicly_accessible-211203495394-eu-west-1-db617ef7-813a-45f5-b3e3-65c57fdf56a3" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "db617ef7-813a-45f5-b3e3-65c57fdf56a3", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/db617ef7-813a-45f5-b3e3-65c57fdf56a3", - "state": "Enabled", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": true, - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "Default", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [ - { - "TagKey": "Example", - "TagValue": "ex-rds" - }, - { - "TagKey": "GithubOrg", - "TagValue": "terraform-aws-modules" - }, - { - "TagKey": "GithubRepo", - "TagValue": "terraform-aws-rds-aurora" - } - ] - } - }, - "group": { - "name": "kms" - }, - "labels": [ - "TagKey:GithubRepo", - "TagValue:terraform-aws-rds-aurora" - ], - "name": "db617ef7-813a-45f5-b3e3-65c57fdf56a3", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/db617ef7-813a-45f5-b3e3-65c57fdf56a3" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "To determine the full extent of who or what currently has access to a customer master key (CMK) in AWS KMS, you must examine the CMK key policy, all grants that apply to the CMK and potentially all AWS Identity and Access Management (IAM) policies. You might do this to determine the scope of potential usage of a CMK.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/determining-access.html" - ] - }, - "risk_details": "Exposed KMS Keys or wide policy permissions my leave data unprotected.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "AWS Organizations is not in-use for this AWS Account.", - "metadata": { - "event_code": "organizations_account_part_of_organizations", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "AWS Organizations is not in-use for this AWS Account.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "RBI-Cyber-Security-Framework": [ - "annex_i_1_1" - ], - "ENS-RD2022": [ - "op.acc.4.aws.iam.1", - "op.acc.4.aws.iam.8" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2" - ], - "PCI-4.0": [ - "7.2.1.1", - "7.2.2.1", - "7.2.5.1", - "7.3.1.1", - "7.3.2.1", - "7.3.3.1", - "8.2.7.1", - "8.2.8.1", - "8.3.4.1" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC01-BP01", - "SEC03-BP05", - "SEC08-BP04" - ], - "ISO27001-2022": [ - "A.8.3" - ], - "KISA-ISMS-P-2023": [ - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1078", - "T1087", - "T1580", - "T1538" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure that AWS Organizations service is currently in use.", - "title": "Check if account is part of an AWS Organizations", - "types": [ - "Logging and Monitoring" - ], - "uid": "prowler-aws-organizations_account_part_of_organizations-211203495394-us-east-1-unknown" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:organizations::211203495394:unknown", - "id": "unknown", - "status": "NOT_AVAILABLE", - "master_id": "", - "policies": {}, - "delegated_administrators": null - } - }, - "group": { - "name": "organizations" - }, - "labels": [], - "name": "unknown", - "type": "Other", - "uid": "arn:aws:organizations::211203495394:unknown" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Create or Join an AWS Organization", - "references": [ - "https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_org_create.html" - ] - }, - "risk_details": "The risk associated with not being part of an AWS Organizations is that it can lead to a lack of centralized management and control over the AWS accounts in an organization. This can make it difficult to enforce security policies consistently across all accounts, and can also result in increased costs due to inefficiencies in resource usage. Additionally, not being part of an AWS Organizations can make it harder to track and manage account usage and access.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "AWS Organizations is not in-use for this AWS Account.", - "metadata": { - "event_code": "organizations_opt_out_ai_services_policy", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "AWS Organizations is not in-use for this AWS Account.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_ai-opt-out_all.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "KISA-ISMS-P-2023-korean": [ - "2.10.2" - ], - "KISA-ISMS-P-2023": [ - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "This control checks whether the AWS Organizations opt-out of AI services policy is enabled and whether child-accounts are disallowed to overwrite this policy. The control fails if the policy is not enabled or if child-accounts are not disallowed to overwrite this policy.", - "title": "Ensure that AWS Organizations opt-out of AI services policy is enabled and disallow child-accounts to overwrite this policy.", - "types": [], - "uid": "prowler-aws-organizations_opt_out_ai_services_policy-211203495394-us-east-1-unknown" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:organizations::211203495394:unknown", - "id": "unknown", - "status": "NOT_AVAILABLE", - "master_id": "", - "policies": {}, - "delegated_administrators": null - } - }, - "group": { - "name": "organizations" - }, - "labels": [], - "name": "unknown", - "type": "Other", - "uid": "arn:aws:organizations::211203495394:unknown" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Artificial Intelligence (AI) services opt-out policies enable you to control whether AWS AI services can store and use your content. Enable the AWS Organizations opt-out of AI services policy and disallow child-accounts to overwrite this policy.", - "references": [ - "https://docs.aws.amazon.com/organizations/latest/userguide/disable-policy-type.html" - ] - }, - "risk_details": "By default, AWS may be using your data to train its AI models. This may include data from your AWS CloudTrail logs, AWS Config rules, and AWS GuardDuty findings. If you opt out of AI services, AWS will not use your data to train its AI models.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "AWS Organizations is not in-use for this AWS Account.", - "metadata": { - "event_code": "organizations_scp_check_deny_regions", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "AWS Organizations is not in-use for this AWS Account.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "PSS-12.02AC" - ], - "ENS-RD2022": [ - "op.acc.4.aws.iam.1", - "op.acc.4.aws.iam.8" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2" - ], - "CCC": [ - "CCC.Core.CN06.AR01", - "CCC.Core.CN06.AR02" - ], - "AWS-Account-Security-Onboarding": [ - "Block unused regions" - ], - "KISA-ISMS-P-2023": [ - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1078", - "T1535" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "As best practice, AWS Regions should be restricted and only allow the ones that are needed.", - "title": "Check if AWS Regions are restricted with SCP policies", - "types": [ - "Logging and Monitoring" - ], - "uid": "prowler-aws-organizations_scp_check_deny_regions-211203495394-us-east-1-unknown" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:organizations::211203495394:unknown", - "id": "unknown", - "status": "NOT_AVAILABLE", - "master_id": "", - "policies": {}, - "delegated_administrators": null - } - }, - "group": { - "name": "organizations" - }, - "labels": [], - "name": "unknown", - "type": "Other", - "uid": "arn:aws:organizations::211203495394:unknown" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Restrict AWS Regions using SCP policies.", - "references": [ - "https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scps_examples_general.html#example-scp-deny-region" - ] - }, - "risk_details": "The risk associated with not restricting AWS Regions with Service Control Policies (SCPs) is that it can lead to unauthorized access or use of resources in regions that are not intended for use. This can result in increased costs due to inefficiencies in resource usage and can also expose sensitive data to unauthorized access or breaches. By restricting access to AWS Regions with SCP policies, organizations can help ensure that only authorized personnel have access to the resources they need, while minimizing the risk of security breaches and compliance violations.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "AWS Organizations is not in-use for this AWS Account.", - "metadata": { - "event_code": "organizations_tags_policies_enabled_and_attached", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "AWS Organizations is not in-use for this AWS Account.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "AM-09.01B" - ], - "ENS-RD2022": [ - "op.exp.1.aws.sys.2", - "op.exp.1.aws.tag.1", - "op.exp.10.aws.tag.1", - "mp.info.6.aws.tag.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.1.3" - ], - "ISO27001-2022": [ - "A.5.13" - ], - "KISA-ISMS-P-2023": [ - "2.1.3" - ], - "NIS2": [ - "11.5.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Check if an AWS Organization has tags policies enabled and attached.", - "title": "Check if an AWS Organization has tags policies enabled and attached.", - "types": [], - "uid": "prowler-aws-organizations_tags_policies_enabled_and_attached-211203495394-us-east-1-unknown" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:organizations::211203495394:unknown", - "id": "unknown", - "status": "NOT_AVAILABLE", - "master_id": "", - "policies": {}, - "delegated_administrators": null - } - }, - "group": { - "name": "organizations" - }, - "labels": [], - "name": "unknown", - "type": "Other", - "uid": "arn:aws:organizations::211203495394:unknown" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Enable and attach AWS Organizations tags policies.", - "references": [ - "https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies.html" - ] - }, - "risk_details": "If an AWS Organization tags policies are not enabled and attached, it is not possible to enforce tags on AWS resources.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No Resource Explorer Indexes found.", - "metadata": { - "event_code": "resourceexplorer2_indexes_found", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "No Resource Explorer Indexes found.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.exp.1.aws.re.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.2" - ], - "KISA-ISMS-P-2023": [ - "2.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Resource Explorer Indexes Found", - "title": "Resource Explorer Indexes Found", - "types": [], - "uid": "prowler-aws-resourceexplorer2_indexes_found-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "resourceexplorer2" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:resource-explorer:us-east-1:211203495394:index" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Create indexes", - "references": [ - "https://docs.aws.amazon.com/resource-explorer/latest/userguide/manage-service-turn-on-region.html" - ] - }, - "risk_details": "Not having Resource Explorer indexes can result in increased complexity and overhead in managing your resources, as well as increased risk of security and compliance issues.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Block Public Access is not configured for the account 211203495394.", - "metadata": { - "event_code": "s3_account_level_public_access_blocks", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Block Public Access is not configured for the account 211203495394.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_1", - "3_1_2", - "3_1_3", - "3_1_14", - "3_1_20", - "3_3_8", - "3_4_6", - "3_13_2", - "3_13_5" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_1_3" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_308_a_3_i" - ], - "C5-2025": [ - "PS-03.02B", - "IAM-10.01B", - "COS-02.01B" - ], - "NIST-CSF-1.1": [ - "ac_3", - "ac_5", - "ds_5", - "ip_8", - "pt_3" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-3", - "ac-6", - "ac-17-1", - "ac-21-b", - "cm-2", - "sc-4", - "sc-7-3", - "sc-7" - ], - "CIS-3.0": [ - "2.1.4" - ], - "NIST-800-53-Revision-5": [ - "ac_2_6", - "ac_3", - "ac_3_7", - "ac_4_21", - "ac_6", - "ac_17_b", - "ac_17_1", - "ac_17_4_a", - "ac_17_9", - "ac_17_10", - "cm_6_a", - "cm_9_b", - "mp_2", - "sc_7_2", - "sc_7_3", - "sc_7_7", - "sc_7_9_a", - "sc_7_11", - "sc_7_12", - "sc_7_16", - "sc_7_20", - "sc_7_21", - "sc_7_24_b", - "sc_7_25", - "sc_7_26", - "sc_7_27", - "sc_7_28", - "sc_7_a", - "sc_7_b", - "sc_7_c", - "sc_25" - ], - "AWS-Audit-Manager-Control-Tower-Guardrails": [ - "4.1.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.1", - "2.6.2", - "2.10.2" - ], - "CIS-4.0.1": [ - "2.1.4" - ], - "PCI-4.0": [ - "1.2.8.31", - "1.2.8.32", - "1.3.1.35", - "1.3.1.36", - "1.3.2.35", - "1.3.2.36", - "1.4.2.33", - "1.4.2.34", - "1.5.1.31", - "1.5.1.32", - "10.3.2.19", - "10.3.2.20", - "3.5.1.3.24", - "3.5.1.3.25", - "A1.1.2.15", - "A1.1.2.16", - "A1.1.3.31", - "A1.1.3.32", - "A3.4.1.17", - "A3.4.1.18" - ], - "FedRAMP-Low-Revision-4": [ - "ac-3", - "ac-17", - "cm-2", - "sc-7" - ], - "FFIEC": [ - "d3-pc-im-b-1" - ], - "PCI-3.2.1": [ - "1.3", - "2.2", - "2.2.2", - "7.2", - "7.2.1" - ], - "CIS-5.0": [ - "2.1.4" - ], - "CIS-1.4": [ - "2.1.5" - ], - "CCC": [ - "CCC.Logging.CN05.AR01", - "CCC.Logging.CN05.AR02", - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN05.AR01" - ], - "GxP-21-CFR-Part-11": [ - "11.10-d", - "11.10-g" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.1" - ], - "CIS-1.5": [ - "2.1.5" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC03-BP07" - ], - "ISO27001-2022": [ - "A.8.1" - ], - "NIST-800-53-Revision-4": [ - "sc_7_3", - "sc_7" - ], - "AWS-Account-Security-Onboarding": [ - "S3 Block Public Access" - ], - "KISA-ISMS-P-2023": [ - "2.6.1", - "2.6.2", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1530" - ], - "CIS-2.0": [ - "2.1.4" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Check S3 Account Level Public Access Block.", - "title": "Check S3 Account Level Public Access Block.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_account_level_public_access_blocks-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "block_public_acls": false, - "ignore_public_acls": false, - "block_public_policy": false, - "restrict_public_buckets": false - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "211203495394", - "type": "AwsS3AccountPublicAccessBlock", - "uid": "arn:aws:s3:us-east-1:211203495394:account" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "You can enable Public Access Block at the account level to prevent the exposure of your data stored in S3.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html" - ] - }, - "risk_details": "Public access policies may be applied to sensitive data buckets.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket test-bucket-obj-untrusted has bucket ACLs disabled.", - "metadata": { - "event_code": "s3_bucket_acl_prohibited", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 Bucket test-bucket-obj-untrusted has bucket ACLs disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.2", - "2.10.2" - ], - "PCI-4.0": [ - "7.2.1.24", - "7.2.2.24", - "7.2.5.18", - "7.3.1.18", - "7.3.2.18", - "7.3.3.18", - "8.2.7.18", - "8.2.8.20", - "8.3.4.18" - ], - "CCC": [ - "CCC.ObjStor.CN02.AR02" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.12" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP02" - ], - "KISA-ISMS-P-2023": [ - "2.6.2", - "2.10.2" - ], - "CISA": [ - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Check if S3 buckets have ACLs enabled", - "title": "Check if S3 buckets have ACLs enabled", - "types": [ - "Logging and Monitoring" - ], - "uid": "prowler-aws-s3_bucket_acl_prohibited-211203495394-us-east-1-test-bucket-obj-untrusted" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::test-bucket-obj-untrusted", - "name": "test-bucket-obj-untrusted", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "us-east-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "test-bucket-obj-untrusted", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::test-bucket-obj-untrusted" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Ensure that S3 ACLs are disabled (BucketOwnerEnforced). Use IAM policies and bucket policies to manage access.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html" - ] - }, - "risk_details": "S3 ACLs are a legacy access control mechanism that predates IAM. IAM and bucket policies are currently the preferred methods.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket test-bucket-untrusted-kms has bucket ACLs disabled.", - "metadata": { - "event_code": "s3_bucket_acl_prohibited", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 Bucket test-bucket-untrusted-kms has bucket ACLs disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.2", - "2.10.2" - ], - "PCI-4.0": [ - "7.2.1.24", - "7.2.2.24", - "7.2.5.18", - "7.3.1.18", - "7.3.2.18", - "7.3.3.18", - "8.2.7.18", - "8.2.8.20", - "8.3.4.18" - ], - "CCC": [ - "CCC.ObjStor.CN02.AR02" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.12" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP02" - ], - "KISA-ISMS-P-2023": [ - "2.6.2", - "2.10.2" - ], - "CISA": [ - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Check if S3 buckets have ACLs enabled", - "title": "Check if S3 buckets have ACLs enabled", - "types": [ - "Logging and Monitoring" - ], - "uid": "prowler-aws-s3_bucket_acl_prohibited-211203495394-us-east-1-test-bucket-untrusted-kms" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::test-bucket-untrusted-kms", - "name": "test-bucket-untrusted-kms", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "us-east-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "test-bucket-untrusted-kms", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::test-bucket-untrusted-kms" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Ensure that S3 ACLs are disabled (BucketOwnerEnforced). Use IAM policies and bucket policies to manage access.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html" - ] - }, - "risk_details": "S3 ACLs are a legacy access control mechanism that predates IAM. IAM and bucket policies are currently the preferred methods.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket test-bucket-obj-untrusted does not have a bucket policy.", - "metadata": { - "event_code": "s3_bucket_cross_account_access", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 Bucket test-bucket-obj-untrusted does not have a bucket policy.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-10.01B", - "IAM-10.02B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "PCI-4.0": [ - "10.6.3.33", - "10.6.3.35", - "7.2.1.25", - "7.2.1.26", - "7.2.1.27", - "7.2.2.25", - "7.2.2.26", - "7.2.2.27", - "7.2.5.19", - "7.2.5.20", - "7.2.5.21", - "7.2.6.4", - "7.2.6.5", - "7.3.1.19", - "7.3.1.20", - "7.3.1.21", - "7.3.2.19", - "7.3.2.20", - "7.3.2.21", - "7.3.3.19", - "7.3.3.20", - "7.3.3.21", - "8.2.7.19", - "8.2.7.20", - "8.2.7.21", - "8.2.8.21", - "8.2.8.22", - "8.2.8.23", - "8.3.4.19", - "8.3.4.20", - "8.3.4.21" - ], - "CCC": [ - "CCC.AuditLog.CN05.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN10.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.6", - "S3.7" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "This check verifies that S3 bucket policies are configured in a way that limits access to the intended AWS accounts only, preventing unauthorized access by external or unintended accounts.", - "title": "Ensure that general-purpose bucket policies restrict access to other AWS accounts.", - "types": [ - "Effects/Data Exposure" - ], - "uid": "prowler-aws-s3_bucket_cross_account_access-211203495394-us-east-1-test-bucket-obj-untrusted" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::test-bucket-obj-untrusted", - "name": "test-bucket-obj-untrusted", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "us-east-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "test-bucket-obj-untrusted", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::test-bucket-obj-untrusted" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Review and update your S3 bucket policies to remove permissions that grant external AWS accounts access to critical actions and implement least privilege principles to ensure sensitive operations are restricted to trusted accounts only", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html" - ] - }, - "risk_details": "Allowing other AWS accounts to perform sensitive actions (e.g., modifying bucket policies, ACLs, or encryption settings) on your S3 buckets can lead to data exposure, unauthorized access, or misconfigurations, increasing the risk of insider threats or attacks.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket test-bucket-untrusted-kms does not have a bucket policy.", - "metadata": { - "event_code": "s3_bucket_cross_account_access", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 Bucket test-bucket-untrusted-kms does not have a bucket policy.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-10.01B", - "IAM-10.02B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "PCI-4.0": [ - "10.6.3.33", - "10.6.3.35", - "7.2.1.25", - "7.2.1.26", - "7.2.1.27", - "7.2.2.25", - "7.2.2.26", - "7.2.2.27", - "7.2.5.19", - "7.2.5.20", - "7.2.5.21", - "7.2.6.4", - "7.2.6.5", - "7.3.1.19", - "7.3.1.20", - "7.3.1.21", - "7.3.2.19", - "7.3.2.20", - "7.3.2.21", - "7.3.3.19", - "7.3.3.20", - "7.3.3.21", - "8.2.7.19", - "8.2.7.20", - "8.2.7.21", - "8.2.8.21", - "8.2.8.22", - "8.2.8.23", - "8.3.4.19", - "8.3.4.20", - "8.3.4.21" - ], - "CCC": [ - "CCC.AuditLog.CN05.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN10.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.6", - "S3.7" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "This check verifies that S3 bucket policies are configured in a way that limits access to the intended AWS accounts only, preventing unauthorized access by external or unintended accounts.", - "title": "Ensure that general-purpose bucket policies restrict access to other AWS accounts.", - "types": [ - "Effects/Data Exposure" - ], - "uid": "prowler-aws-s3_bucket_cross_account_access-211203495394-us-east-1-test-bucket-untrusted-kms" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::test-bucket-untrusted-kms", - "name": "test-bucket-untrusted-kms", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "us-east-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "test-bucket-untrusted-kms", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::test-bucket-untrusted-kms" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Review and update your S3 bucket policies to remove permissions that grant external AWS accounts access to critical actions and implement least privilege principles to ensure sensitive operations are restricted to trusted accounts only", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html" - ] - }, - "risk_details": "Allowing other AWS accounts to perform sensitive actions (e.g., modifying bucket policies, ACLs, or encryption settings) on your S3 buckets can lead to data exposure, unauthorized access, or misconfigurations, increasing the risk of insider threats or attacks.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket test-bucket-obj-untrusted does not have correct cross region replication configuration.", - "metadata": { - "event_code": "s3_bucket_cross_region_replication", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "S3 Bucket test-bucket-obj-untrusted does not have correct cross region replication configuration.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonS3/latest/userguide/replication.html", - "categories": [ - "redundancy" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.2" - ], - "PCI-3.2.1": [ - "2.2", - "3.1", - "3.1.c", - "10.5", - "10.5.3" - ], - "CCC": [ - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN05.AR02", - "CCC.Core.CN08.AR01", - "CCC.Core.CN08.AR02" - ], - "ISO27001-2022": [ - "A.8.14" - ], - "KISA-ISMS-P-2023": [ - "2.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Verifying whether S3 buckets have cross-region replication enabled, ensuring data redundancy and availability across multiple AWS regions", - "title": "Check if S3 buckets use cross region replication.", - "types": [ - "Secure access management" - ], - "uid": "prowler-aws-s3_bucket_cross_region_replication-211203495394-us-east-1-test-bucket-obj-untrusted" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::test-bucket-obj-untrusted", - "name": "test-bucket-obj-untrusted", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "us-east-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "test-bucket-obj-untrusted", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::test-bucket-obj-untrusted" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Ensure that S3 buckets have cross region replication.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/replication-walkthrough1.html" - ] - }, - "risk_details": "Without cross-region replication in S3 buckets, data is at risk of being lost or inaccessible if an entire region goes down, leading to potential service disruptions and data unavailability.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket test-bucket-untrusted-kms does not have correct cross region replication configuration.", - "metadata": { - "event_code": "s3_bucket_cross_region_replication", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "S3 Bucket test-bucket-untrusted-kms does not have correct cross region replication configuration.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonS3/latest/userguide/replication.html", - "categories": [ - "redundancy" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.2" - ], - "PCI-3.2.1": [ - "2.2", - "3.1", - "3.1.c", - "10.5", - "10.5.3" - ], - "CCC": [ - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN05.AR02", - "CCC.Core.CN08.AR01", - "CCC.Core.CN08.AR02" - ], - "ISO27001-2022": [ - "A.8.14" - ], - "KISA-ISMS-P-2023": [ - "2.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Verifying whether S3 buckets have cross-region replication enabled, ensuring data redundancy and availability across multiple AWS regions", - "title": "Check if S3 buckets use cross region replication.", - "types": [ - "Secure access management" - ], - "uid": "prowler-aws-s3_bucket_cross_region_replication-211203495394-us-east-1-test-bucket-untrusted-kms" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::test-bucket-untrusted-kms", - "name": "test-bucket-untrusted-kms", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "us-east-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "test-bucket-untrusted-kms", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::test-bucket-untrusted-kms" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Ensure that S3 buckets have cross region replication.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/replication-walkthrough1.html" - ] - }, - "risk_details": "Without cross-region replication in S3 buckets, data is at risk of being lost or inaccessible if an entire region goes down, leading to potential service disruptions and data unavailability.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket test-bucket-obj-untrusted has Server Side Encryption with AES256.", - "metadata": { - "event_code": "s3_bucket_default_encryption", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 Bucket test-bucket-obj-untrusted has Server Side Encryption with AES256.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_3_8", - "3_5_10", - "3_13_11", - "3_13_16" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_1_3" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_308_a_4_ii_a", - "164_312_a_2_iv", - "164_312_c_1", - "164_312_c_2", - "164_312_e_2_ii" - ], - "C5-2025": [ - "OPS-31.01B", - "IAM-07.03B", - "CRY-01.02AC", - "CRY-05.01AC", - "PSS-12.02B" - ], - "NIST-CSF-1.1": [ - "ds_1" - ], - "FedRamp-Moderate-Revision-4": [ - "sc-13", - "sc-28" - ], - "NIST-800-53-Revision-5": [ - "au_9_3", - "cm_6_a", - "cm_9_b", - "cp_9_d", - "cp_9_8", - "pm_11_b", - "sc_8_3", - "sc_8_4", - "sc_13_a", - "sc_16_1", - "sc_28_1", - "si_19_4" - ], - "ENS-RD2022": [ - "mp.si.2.aws.s3.1" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.1", - "2.10.2" - ], - "PCI-4.0": [ - "3.5.1.30", - "8.3.2.48" - ], - "FedRAMP-Low-Revision-4": [ - "sc-13" - ], - "FFIEC": [ - "d3-pc-am-b-12" - ], - "GDPR": [ - "article_32" - ], - "PCI-3.2.1": [ - "3.4", - "3.4.1", - "3.4.1.a", - "3.4.1.c", - "3.4.a", - "3.4.b", - "3.4.d", - "8.2", - "8.2.1", - "8.2.1.a" - ], - "CIS-1.4": [ - "2.1.1" - ], - "GxP-EU-Annex-11": [ - "7.1-data-storage-damage-protection" - ], - "CCC": [ - "CCC.Core.CN02.AR01" - ], - "GxP-21-CFR-Part-11": [ - "11.10-c", - "11.30" - ], - "CIS-1.5": [ - "2.1.1" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP03" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "NIST-800-53-Revision-4": [ - "sc_28" - ], - "KISA-ISMS-P-2023": [ - "2.7.1", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1119", - "T1530" - ], - "CISA": [ - "your-systems-3", - "your-data-1", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Check if S3 buckets have default encryption (SSE) enabled or use a bucket policy to enforce it.", - "title": "Check if S3 buckets have default encryption (SSE) enabled or use a bucket policy to enforce it.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_default_encryption-211203495394-us-east-1-test-bucket-obj-untrusted" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::test-bucket-obj-untrusted", - "name": "test-bucket-obj-untrusted", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "us-east-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "test-bucket-obj-untrusted", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::test-bucket-obj-untrusted" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Ensure that S3 buckets have encryption at rest enabled.", - "references": [ - "https://aws.amazon.com/blogs/security/how-to-prevent-uploads-of-unencrypted-objects-to-amazon-s3/" - ] - }, - "risk_details": "Amazon S3 default encryption provides a way to set the default encryption behavior for an S3 bucket. This will ensure data-at-rest is encrypted.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket test-bucket-untrusted-kms has Server Side Encryption with AES256.", - "metadata": { - "event_code": "s3_bucket_default_encryption", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 Bucket test-bucket-untrusted-kms has Server Side Encryption with AES256.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_3_8", - "3_5_10", - "3_13_11", - "3_13_16" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_1_3" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_308_a_4_ii_a", - "164_312_a_2_iv", - "164_312_c_1", - "164_312_c_2", - "164_312_e_2_ii" - ], - "C5-2025": [ - "OPS-31.01B", - "IAM-07.03B", - "CRY-01.02AC", - "CRY-05.01AC", - "PSS-12.02B" - ], - "NIST-CSF-1.1": [ - "ds_1" - ], - "FedRamp-Moderate-Revision-4": [ - "sc-13", - "sc-28" - ], - "NIST-800-53-Revision-5": [ - "au_9_3", - "cm_6_a", - "cm_9_b", - "cp_9_d", - "cp_9_8", - "pm_11_b", - "sc_8_3", - "sc_8_4", - "sc_13_a", - "sc_16_1", - "sc_28_1", - "si_19_4" - ], - "ENS-RD2022": [ - "mp.si.2.aws.s3.1" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.1", - "2.10.2" - ], - "PCI-4.0": [ - "3.5.1.30", - "8.3.2.48" - ], - "FedRAMP-Low-Revision-4": [ - "sc-13" - ], - "FFIEC": [ - "d3-pc-am-b-12" - ], - "GDPR": [ - "article_32" - ], - "PCI-3.2.1": [ - "3.4", - "3.4.1", - "3.4.1.a", - "3.4.1.c", - "3.4.a", - "3.4.b", - "3.4.d", - "8.2", - "8.2.1", - "8.2.1.a" - ], - "CIS-1.4": [ - "2.1.1" - ], - "GxP-EU-Annex-11": [ - "7.1-data-storage-damage-protection" - ], - "CCC": [ - "CCC.Core.CN02.AR01" - ], - "GxP-21-CFR-Part-11": [ - "11.10-c", - "11.30" - ], - "CIS-1.5": [ - "2.1.1" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP03" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "NIST-800-53-Revision-4": [ - "sc_28" - ], - "KISA-ISMS-P-2023": [ - "2.7.1", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1119", - "T1530" - ], - "CISA": [ - "your-systems-3", - "your-data-1", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Check if S3 buckets have default encryption (SSE) enabled or use a bucket policy to enforce it.", - "title": "Check if S3 buckets have default encryption (SSE) enabled or use a bucket policy to enforce it.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_default_encryption-211203495394-us-east-1-test-bucket-untrusted-kms" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::test-bucket-untrusted-kms", - "name": "test-bucket-untrusted-kms", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "us-east-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "test-bucket-untrusted-kms", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::test-bucket-untrusted-kms" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Ensure that S3 buckets have encryption at rest enabled.", - "references": [ - "https://aws.amazon.com/blogs/security/how-to-prevent-uploads-of-unencrypted-objects-to-amazon-s3/" - ] - }, - "risk_details": "Amazon S3 default encryption provides a way to set the default encryption behavior for an S3 bucket. This will ensure data-at-rest is encrypted.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket test-bucket-obj-untrusted does not have event notifications enabled.", - "metadata": { - "event_code": "s3_bucket_event_notifications_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "S3 Bucket test-bucket-obj-untrusted does not have event notifications enabled.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonS3/latest/userguide/notification-how-to-event-types-and-destinations.html#supported-notification-event-types", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OPS-13.01AC", - "OPS-13.03AC" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2", - "2.11.3" - ], - "PCI-4.0": [ - "11.5.2.5", - "11.6.1.5", - "12.10.5.5", - "A3.3.1.8", - "A3.5.1.8" - ], - "KISA-ISMS-P-2023": [ - "2.10.2", - "2.11.3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure whether S3 buckets have event notifications enabled.", - "title": "Check if S3 buckets have event notifications enabled.", - "types": [ - "Software and Configuration Checks/Industry and Regulatory Standards/NIST 800-53 Controls" - ], - "uid": "prowler-aws-s3_bucket_event_notifications_enabled-211203495394-us-east-1-test-bucket-obj-untrusted" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::test-bucket-obj-untrusted", - "name": "test-bucket-obj-untrusted", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "us-east-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "test-bucket-obj-untrusted", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::test-bucket-obj-untrusted" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Enable event notifications for all S3 general-purpose buckets to monitor important events such as object creation, deletion, tagging, and lifecycle events, ensuring visibility and quick action on relevant changes.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/EventNotifications.html" - ] - }, - "risk_details": "Without event notifications, important actions on S3 buckets may go unnoticed, leading to missed opportunities for timely response to critical changes, such as object creation, deletion, or updates that could impact data security and availability.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket test-bucket-untrusted-kms does not have event notifications enabled.", - "metadata": { - "event_code": "s3_bucket_event_notifications_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "S3 Bucket test-bucket-untrusted-kms does not have event notifications enabled.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonS3/latest/userguide/notification-how-to-event-types-and-destinations.html#supported-notification-event-types", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OPS-13.01AC", - "OPS-13.03AC" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2", - "2.11.3" - ], - "PCI-4.0": [ - "11.5.2.5", - "11.6.1.5", - "12.10.5.5", - "A3.3.1.8", - "A3.5.1.8" - ], - "KISA-ISMS-P-2023": [ - "2.10.2", - "2.11.3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure whether S3 buckets have event notifications enabled.", - "title": "Check if S3 buckets have event notifications enabled.", - "types": [ - "Software and Configuration Checks/Industry and Regulatory Standards/NIST 800-53 Controls" - ], - "uid": "prowler-aws-s3_bucket_event_notifications_enabled-211203495394-us-east-1-test-bucket-untrusted-kms" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::test-bucket-untrusted-kms", - "name": "test-bucket-untrusted-kms", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "us-east-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "test-bucket-untrusted-kms", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::test-bucket-untrusted-kms" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Enable event notifications for all S3 general-purpose buckets to monitor important events such as object creation, deletion, tagging, and lifecycle events, ensuring visibility and quick action on relevant changes.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/EventNotifications.html" - ] - }, - "risk_details": "Without event notifications, important actions on S3 buckets may go unnoticed, leading to missed opportunities for timely response to critical changes, such as object creation, deletion, or updates that could impact data security and availability.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Server Side Encryption is not configured with kms for S3 Bucket test-bucket-obj-untrusted.", - "metadata": { - "event_code": "s3_bucket_kms_encryption", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Server Side Encryption is not configured with kms for S3 Bucket test-bucket-obj-untrusted.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingKMSEncryption.html", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "OPS-31.01B", - "IAM-07.03B", - "CRY-01.02AC", - "CRY-05.02B", - "CRY-05.01AC", - "PSS-12.02B" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.2" - ], - "PCI-4.0": [ - "3.5.1.31", - "8.3.2.50" - ], - "PCI-3.2.1": [ - "3.4", - "3.4.1", - "3.4.1.a", - "3.4.1.c", - "3.4.a", - "3.4.b", - "3.4.d", - "8.2", - "8.2.1", - "8.2.1.a" - ], - "CCC": [ - "CCC.ObjStor.CN01.AR01", - "CCC.ObjStor.CN01.AR03", - "CCC.Core.CN02.AR01" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.17" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Check if S3 buckets have KMS encryption enabled.", - "title": "Check if S3 buckets have KMS encryption enabled.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_kms_encryption-211203495394-us-east-1-test-bucket-obj-untrusted" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::test-bucket-obj-untrusted", - "name": "test-bucket-obj-untrusted", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "us-east-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "test-bucket-obj-untrusted", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::test-bucket-obj-untrusted" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Ensure that S3 buckets have encryption at rest enabled using KMS.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingKMSEncryption.html" - ] - }, - "risk_details": "Amazon S3 KMS encryption provides a way to set the encryption behavior for an S3 bucket using a managed key. This will ensure data-at-rest is encrypted.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Server Side Encryption is not configured with kms for S3 Bucket test-bucket-untrusted-kms.", - "metadata": { - "event_code": "s3_bucket_kms_encryption", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Server Side Encryption is not configured with kms for S3 Bucket test-bucket-untrusted-kms.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingKMSEncryption.html", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "OPS-31.01B", - "IAM-07.03B", - "CRY-01.02AC", - "CRY-05.02B", - "CRY-05.01AC", - "PSS-12.02B" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.2" - ], - "PCI-4.0": [ - "3.5.1.31", - "8.3.2.50" - ], - "PCI-3.2.1": [ - "3.4", - "3.4.1", - "3.4.1.a", - "3.4.1.c", - "3.4.a", - "3.4.b", - "3.4.d", - "8.2", - "8.2.1", - "8.2.1.a" - ], - "CCC": [ - "CCC.ObjStor.CN01.AR01", - "CCC.ObjStor.CN01.AR03", - "CCC.Core.CN02.AR01" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.17" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Check if S3 buckets have KMS encryption enabled.", - "title": "Check if S3 buckets have KMS encryption enabled.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_kms_encryption-211203495394-us-east-1-test-bucket-untrusted-kms" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::test-bucket-untrusted-kms", - "name": "test-bucket-untrusted-kms", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "us-east-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "test-bucket-untrusted-kms", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::test-bucket-untrusted-kms" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Ensure that S3 buckets have encryption at rest enabled using KMS.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingKMSEncryption.html" - ] - }, - "risk_details": "Amazon S3 KMS encryption provides a way to set the encryption behavior for an S3 bucket using a managed key. This will ensure data-at-rest is encrypted.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Block Public Access is configured for the S3 Bucket test-bucket-obj-untrusted.", - "metadata": { - "event_code": "s3_bucket_level_public_access_block", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Block Public Access is configured for the S3 Bucket test-bucket-obj-untrusted.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "PS-03.02B", - "IAM-10.01B", - "COS-02.01B" - ], - "CIS-3.0": [ - "2.1.4" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.1", - "2.6.2", - "2.10.2" - ], - "CIS-4.0.1": [ - "2.1.4" - ], - "CIS-5.0": [ - "2.1.4" - ], - "CIS-1.4": [ - "2.1.5" - ], - "CCC": [ - "CCC.Logging.CN05.AR01" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.8" - ], - "CIS-1.5": [ - "2.1.5" - ], - "AWS-Account-Security-Onboarding": [ - "S3 Block Public Access" - ], - "KISA-ISMS-P-2023": [ - "2.6.1", - "2.6.2", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1530" - ], - "CIS-2.0": [ - "2.1.4" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Check S3 Bucket Level Public Access Block.", - "title": "Check S3 Bucket Level Public Access Block.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_level_public_access_block-211203495394-us-east-1-test-bucket-obj-untrusted" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::test-bucket-obj-untrusted", - "name": "test-bucket-obj-untrusted", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "us-east-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "test-bucket-obj-untrusted", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::test-bucket-obj-untrusted" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "You can enable Public Access Block at the bucket level to prevent the exposure of your data stored in S3.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html" - ] - }, - "risk_details": "Public access policies may be applied to sensitive data buckets.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Block Public Access is configured for the S3 Bucket test-bucket-untrusted-kms.", - "metadata": { - "event_code": "s3_bucket_level_public_access_block", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Block Public Access is configured for the S3 Bucket test-bucket-untrusted-kms.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "PS-03.02B", - "IAM-10.01B", - "COS-02.01B" - ], - "CIS-3.0": [ - "2.1.4" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.1", - "2.6.2", - "2.10.2" - ], - "CIS-4.0.1": [ - "2.1.4" - ], - "CIS-5.0": [ - "2.1.4" - ], - "CIS-1.4": [ - "2.1.5" - ], - "CCC": [ - "CCC.Logging.CN05.AR01" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.8" - ], - "CIS-1.5": [ - "2.1.5" - ], - "AWS-Account-Security-Onboarding": [ - "S3 Block Public Access" - ], - "KISA-ISMS-P-2023": [ - "2.6.1", - "2.6.2", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1530" - ], - "CIS-2.0": [ - "2.1.4" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Check S3 Bucket Level Public Access Block.", - "title": "Check S3 Bucket Level Public Access Block.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_level_public_access_block-211203495394-us-east-1-test-bucket-untrusted-kms" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::test-bucket-untrusted-kms", - "name": "test-bucket-untrusted-kms", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "us-east-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "test-bucket-untrusted-kms", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::test-bucket-untrusted-kms" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "You can enable Public Access Block at the bucket level to prevent the exposure of your data stored in S3.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html" - ] - }, - "risk_details": "Public access policies may be applied to sensitive data buckets.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket test-bucket-obj-untrusted does not have a lifecycle configuration enabled.", - "metadata": { - "event_code": "s3_bucket_lifecycle_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "S3 Bucket test-bucket-obj-untrusted does not have a lifecycle configuration enabled.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lifecycle-mgmt.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OPS-32.02B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.3", - "2.12.1" - ], - "PCI-4.0": [ - "10.5.1.12", - "10.5.1.13", - "3.2.1.8", - "3.2.1.9", - "3.3.1.1.8", - "3.3.1.1.9", - "3.3.1.3.8", - "3.3.1.3.9", - "3.3.2.8", - "3.3.2.9", - "3.3.3.8", - "3.3.3.9" - ], - "PCI-3.2.1": [ - "3.1", - "3.1.a", - "3.2", - "3.2.c", - "10.7", - "10.7.a" - ], - "CCC": [ - "CCC.AuditLog.CN06.AR01", - "CCC.CntrReg.CN02.AR01", - "CCC.ObjStor.CN03.AR01", - "CCC.ObjStor.CN03.AR02" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.13" - ], - "ISO27001-2022": [ - "A.8.10" - ], - "KISA-ISMS-P-2023": [ - "2.9.3", - "2.12.1" - ], - "NIS2": [ - "12.2.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Check if S3 buckets have Lifecycle configuration enabled.", - "title": "Check if S3 buckets have a Lifecycle configuration enabled", - "types": [ - "AWS Foundational Security Best Practices" - ], - "uid": "prowler-aws-s3_bucket_lifecycle_enabled-211203495394-us-east-1-test-bucket-obj-untrusted" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::test-bucket-obj-untrusted", - "name": "test-bucket-obj-untrusted", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "us-east-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "test-bucket-obj-untrusted", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::test-bucket-obj-untrusted" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Enable lifecycle policies on your S3 buckets to automatically manage the transition and expiration of data.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/how-to-set-lifecycle-configuration-intro.html" - ] - }, - "risk_details": "The risks of not having lifecycle management enabled for S3 buckets include higher storage costs, unmanaged data retention, and potential non-compliance with data policies.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket test-bucket-untrusted-kms does not have a lifecycle configuration enabled.", - "metadata": { - "event_code": "s3_bucket_lifecycle_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "S3 Bucket test-bucket-untrusted-kms does not have a lifecycle configuration enabled.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lifecycle-mgmt.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OPS-32.02B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.3", - "2.12.1" - ], - "PCI-4.0": [ - "10.5.1.12", - "10.5.1.13", - "3.2.1.8", - "3.2.1.9", - "3.3.1.1.8", - "3.3.1.1.9", - "3.3.1.3.8", - "3.3.1.3.9", - "3.3.2.8", - "3.3.2.9", - "3.3.3.8", - "3.3.3.9" - ], - "PCI-3.2.1": [ - "3.1", - "3.1.a", - "3.2", - "3.2.c", - "10.7", - "10.7.a" - ], - "CCC": [ - "CCC.AuditLog.CN06.AR01", - "CCC.CntrReg.CN02.AR01", - "CCC.ObjStor.CN03.AR01", - "CCC.ObjStor.CN03.AR02" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.13" - ], - "ISO27001-2022": [ - "A.8.10" - ], - "KISA-ISMS-P-2023": [ - "2.9.3", - "2.12.1" - ], - "NIS2": [ - "12.2.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Check if S3 buckets have Lifecycle configuration enabled.", - "title": "Check if S3 buckets have a Lifecycle configuration enabled", - "types": [ - "AWS Foundational Security Best Practices" - ], - "uid": "prowler-aws-s3_bucket_lifecycle_enabled-211203495394-us-east-1-test-bucket-untrusted-kms" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::test-bucket-untrusted-kms", - "name": "test-bucket-untrusted-kms", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "us-east-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "test-bucket-untrusted-kms", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::test-bucket-untrusted-kms" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Enable lifecycle policies on your S3 buckets to automatically manage the transition and expiration of data.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/how-to-set-lifecycle-configuration-intro.html" - ] - }, - "risk_details": "The risks of not having lifecycle management enabled for S3 buckets include higher storage costs, unmanaged data retention, and potential non-compliance with data policies.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket test-bucket-obj-untrusted has MFA Delete disabled.", - "metadata": { - "event_code": "s3_bucket_no_mfa_delete", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "S3 Bucket test-bucket-obj-untrusted has MFA Delete disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "AM-07.02B", - "OPS-16.01B", - "IAM-04.06B", - "IAM-09.02B", - "IAM-09.01AC", - "PSS-05.01B", - "PSS-07.02B" - ], - "CIS-3.0": [ - "2.1.2" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.3", - "2.10.2" - ], - "CIS-4.0.1": [ - "2.1.2" - ], - "PCI-4.0": [ - "10.3.2.22", - "3.5.1.3.27", - "8.4.1.5", - "8.4.2.5", - "8.4.3.5", - "A1.1.2.18", - "A3.4.1.20" - ], - "CIS-5.0": [ - "2.1.2" - ], - "CIS-1.4": [ - "2.1.3" - ], - "ProwlerThreatScore-1.0": [ - "2.2.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.20" - ], - "CIS-1.5": [ - "2.1.3" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP02" - ], - "KISA-ISMS-P-2023": [ - "2.5.3", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1485" - ], - "CIS-2.0": [ - "2.1.2" - ], - "NIS2": [ - "11.7.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Check if S3 bucket MFA Delete is not enabled.", - "title": "Check if S3 bucket MFA Delete is not enabled.", - "types": [ - "Logging and Monitoring" - ], - "uid": "prowler-aws-s3_bucket_no_mfa_delete-211203495394-us-east-1-test-bucket-obj-untrusted" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::test-bucket-obj-untrusted", - "name": "test-bucket-obj-untrusted", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "us-east-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "test-bucket-obj-untrusted", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::test-bucket-obj-untrusted" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Adding MFA delete to an S3 bucket, requires additional authentication when you change the version state of your bucket or you delete and object version adding another layer of security in the event your security credentials are compromised or unauthorized access is granted.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/MultiFactorAuthenticationDelete.html" - ] - }, - "risk_details": "Your security credentials are compromised or unauthorized access is granted.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket test-bucket-untrusted-kms has MFA Delete disabled.", - "metadata": { - "event_code": "s3_bucket_no_mfa_delete", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "S3 Bucket test-bucket-untrusted-kms has MFA Delete disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "AM-07.02B", - "OPS-16.01B", - "IAM-04.06B", - "IAM-09.02B", - "IAM-09.01AC", - "PSS-05.01B", - "PSS-07.02B" - ], - "CIS-3.0": [ - "2.1.2" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.3", - "2.10.2" - ], - "CIS-4.0.1": [ - "2.1.2" - ], - "PCI-4.0": [ - "10.3.2.22", - "3.5.1.3.27", - "8.4.1.5", - "8.4.2.5", - "8.4.3.5", - "A1.1.2.18", - "A3.4.1.20" - ], - "CIS-5.0": [ - "2.1.2" - ], - "CIS-1.4": [ - "2.1.3" - ], - "ProwlerThreatScore-1.0": [ - "2.2.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.20" - ], - "CIS-1.5": [ - "2.1.3" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP02" - ], - "KISA-ISMS-P-2023": [ - "2.5.3", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1485" - ], - "CIS-2.0": [ - "2.1.2" - ], - "NIS2": [ - "11.7.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Check if S3 bucket MFA Delete is not enabled.", - "title": "Check if S3 bucket MFA Delete is not enabled.", - "types": [ - "Logging and Monitoring" - ], - "uid": "prowler-aws-s3_bucket_no_mfa_delete-211203495394-us-east-1-test-bucket-untrusted-kms" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::test-bucket-untrusted-kms", - "name": "test-bucket-untrusted-kms", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "us-east-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "test-bucket-untrusted-kms", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::test-bucket-untrusted-kms" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Adding MFA delete to an S3 bucket, requires additional authentication when you change the version state of your bucket or you delete and object version adding another layer of security in the event your security credentials are compromised or unauthorized access is granted.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/MultiFactorAuthenticationDelete.html" - ] - }, - "risk_details": "Your security credentials are compromised or unauthorized access is granted.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket test-bucket-obj-untrusted has Object Lock disabled.", - "metadata": { - "event_code": "s3_bucket_object_lock", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "S3 Bucket test-bucket-obj-untrusted has Object Lock disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.3", - "2.12.1" - ], - "PCI-4.0": [ - "10.3.4.7" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN08.AR01", - "CCC.AuditLog.CN08.AR01", - "CCC.ObjStor.CN03.AR01", - "CCC.ObjStor.CN04.AR01", - "CCC.ObjStor.CN05.AR01", - "CCC.ObjStor.CN05.AR02" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.15" - ], - "KISA-ISMS-P-2023": [ - "2.9.3", - "2.12.1" - ], - "MITRE-ATTACK": [ - "T1485", - "T1486" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Check if S3 buckets have object lock enabled", - "title": "Check if S3 buckets have object lock enabled", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_object_lock-211203495394-us-east-1-test-bucket-obj-untrusted" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::test-bucket-obj-untrusted", - "name": "test-bucket-obj-untrusted", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "us-east-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "test-bucket-obj-untrusted", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::test-bucket-obj-untrusted" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Ensure that your Amazon S3 buckets have Object Lock feature enabled in order to prevent the objects they store from being deleted.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lock-overview.html" - ] - }, - "risk_details": "Store objects using a write-once-read-many (WORM) model to help you prevent objects from being deleted or overwritten for a fixed amount of time or indefinitely. That helps to prevent ransomware attacks.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket test-bucket-untrusted-kms has Object Lock disabled.", - "metadata": { - "event_code": "s3_bucket_object_lock", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "S3 Bucket test-bucket-untrusted-kms has Object Lock disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.3", - "2.12.1" - ], - "PCI-4.0": [ - "10.3.4.7" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN08.AR01", - "CCC.AuditLog.CN08.AR01", - "CCC.ObjStor.CN03.AR01", - "CCC.ObjStor.CN04.AR01", - "CCC.ObjStor.CN05.AR01", - "CCC.ObjStor.CN05.AR02" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.15" - ], - "KISA-ISMS-P-2023": [ - "2.9.3", - "2.12.1" - ], - "MITRE-ATTACK": [ - "T1485", - "T1486" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Check if S3 buckets have object lock enabled", - "title": "Check if S3 buckets have object lock enabled", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_object_lock-211203495394-us-east-1-test-bucket-untrusted-kms" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::test-bucket-untrusted-kms", - "name": "test-bucket-untrusted-kms", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "us-east-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "test-bucket-untrusted-kms", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::test-bucket-untrusted-kms" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Ensure that your Amazon S3 buckets have Object Lock feature enabled in order to prevent the objects they store from being deleted.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lock-overview.html" - ] - }, - "risk_details": "Store objects using a write-once-read-many (WORM) model to help you prevent objects from being deleted or overwritten for a fixed amount of time or indefinitely. That helps to prevent ransomware attacks.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket test-bucket-obj-untrusted has versioning disabled.", - "metadata": { - "event_code": "s3_bucket_object_versioning", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "S3 Bucket test-bucket-obj-untrusted has versioning disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_3_8" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_12" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_308_a_7_i", - "164_308_a_7_ii_a", - "164_308_a_7_ii_b", - "164_308_a_7_ii_c", - "164_312_a_2_ii", - "164_312_c_1", - "164_312_c_2" - ], - "SOC2": [ - "cc_7_4", - "cc_a_1_1", - "cc_c_1_2" - ], - "C5-2025": [ - "OPS-13.01AC", - "OPS-33.02B", - "DEV-07.01B" - ], - "NIST-CSF-1.1": [ - "be_5", - "ds_4", - "ip_4", - "ip_9", - "pt_5", - "rp_1", - "rp_1" - ], - "FedRamp-Moderate-Revision-4": [ - "au-9-2", - "cp-9-b", - "cp-10", - "sc-5", - "si-12" - ], - "NIST-800-53-Revision-5": [ - "au_9_2", - "cp_1_2", - "cp_2_5", - "cp_6_a", - "cp_6_1", - "cp_6_2", - "cp_9_a", - "cp_9_b", - "cp_9_c", - "cp_10", - "cp_10_2", - "pm_11_b", - "pm_17_b", - "sc_5_2", - "sc_16_1", - "si_1_a_2", - "si_13_5" - ], - "AWS-Audit-Manager-Control-Tower-Guardrails": [ - "5.1.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.3", - "2.12.1" - ], - "PCI-4.0": [ - "10.3.4.9" - ], - "FedRAMP-Low-Revision-4": [ - "au-9", - "cp-9", - "cp-10", - "sc-5" - ], - "FFIEC": [ - "d5-ir-pl-b-6" - ], - "PCI-3.2.1": [ - "3.1", - "3.1.c", - "10.5", - "10.5.2", - "10.5.3", - "10.5.5" - ], - "GxP-EU-Annex-11": [ - "5-data", - "7.1-data-storage-damage-protection", - "7.2-data-storage-backups", - "16-business-continuity", - "17-archiving", - "4.8-validation-data-transfer" - ], - "CCC": [ - "CCC.ObjStor.CN03.AR01", - "CCC.ObjStor.CN03.AR02", - "CCC.ObjStor.CN04.AR01", - "CCC.ObjStor.CN05.AR01", - "CCC.ObjStor.CN05.AR02", - "CCC.ObjStor.CN05.AR03", - "CCC.ObjStor.CN05.AR04" - ], - "GxP-21-CFR-Part-11": [ - "11.10-a", - "11.10-c" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.14" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP04" - ], - "ISO27001-2022": [ - "A.8.3", - "A.8.10" - ], - "NIST-800-53-Revision-4": [ - "cp_10", - "si_12" - ], - "KISA-ISMS-P-2023": [ - "2.9.3", - "2.12.1" - ], - "MITRE-ATTACK": [ - "T1485", - "T1486" - ], - "CISA": [ - "your-systems-3", - "your-data-4", - "booting-up-thing-to-do-first-1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Check if S3 buckets have object versioning enabled", - "title": "Check if S3 buckets have object versioning enabled", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_object_versioning-211203495394-us-east-1-test-bucket-obj-untrusted" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::test-bucket-obj-untrusted", - "name": "test-bucket-obj-untrusted", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "us-east-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "test-bucket-obj-untrusted", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::test-bucket-obj-untrusted" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Configure versioning using the Amazon console or API for buckets with sensitive information that is changing frequently, and backup may not be enough to capture all the changes.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/dev-retired/Versioning.html" - ] - }, - "risk_details": "With versioning, you can easily recover from both unintended user actions and application failures.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket test-bucket-untrusted-kms has versioning disabled.", - "metadata": { - "event_code": "s3_bucket_object_versioning", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "S3 Bucket test-bucket-untrusted-kms has versioning disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_3_8" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_12" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_308_a_7_i", - "164_308_a_7_ii_a", - "164_308_a_7_ii_b", - "164_308_a_7_ii_c", - "164_312_a_2_ii", - "164_312_c_1", - "164_312_c_2" - ], - "SOC2": [ - "cc_7_4", - "cc_a_1_1", - "cc_c_1_2" - ], - "C5-2025": [ - "OPS-13.01AC", - "OPS-33.02B", - "DEV-07.01B" - ], - "NIST-CSF-1.1": [ - "be_5", - "ds_4", - "ip_4", - "ip_9", - "pt_5", - "rp_1", - "rp_1" - ], - "FedRamp-Moderate-Revision-4": [ - "au-9-2", - "cp-9-b", - "cp-10", - "sc-5", - "si-12" - ], - "NIST-800-53-Revision-5": [ - "au_9_2", - "cp_1_2", - "cp_2_5", - "cp_6_a", - "cp_6_1", - "cp_6_2", - "cp_9_a", - "cp_9_b", - "cp_9_c", - "cp_10", - "cp_10_2", - "pm_11_b", - "pm_17_b", - "sc_5_2", - "sc_16_1", - "si_1_a_2", - "si_13_5" - ], - "AWS-Audit-Manager-Control-Tower-Guardrails": [ - "5.1.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.3", - "2.12.1" - ], - "PCI-4.0": [ - "10.3.4.9" - ], - "FedRAMP-Low-Revision-4": [ - "au-9", - "cp-9", - "cp-10", - "sc-5" - ], - "FFIEC": [ - "d5-ir-pl-b-6" - ], - "PCI-3.2.1": [ - "3.1", - "3.1.c", - "10.5", - "10.5.2", - "10.5.3", - "10.5.5" - ], - "GxP-EU-Annex-11": [ - "5-data", - "7.1-data-storage-damage-protection", - "7.2-data-storage-backups", - "16-business-continuity", - "17-archiving", - "4.8-validation-data-transfer" - ], - "CCC": [ - "CCC.ObjStor.CN03.AR01", - "CCC.ObjStor.CN03.AR02", - "CCC.ObjStor.CN04.AR01", - "CCC.ObjStor.CN05.AR01", - "CCC.ObjStor.CN05.AR02", - "CCC.ObjStor.CN05.AR03", - "CCC.ObjStor.CN05.AR04" - ], - "GxP-21-CFR-Part-11": [ - "11.10-a", - "11.10-c" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.14" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP04" - ], - "ISO27001-2022": [ - "A.8.3", - "A.8.10" - ], - "NIST-800-53-Revision-4": [ - "cp_10", - "si_12" - ], - "KISA-ISMS-P-2023": [ - "2.9.3", - "2.12.1" - ], - "MITRE-ATTACK": [ - "T1485", - "T1486" - ], - "CISA": [ - "your-systems-3", - "your-data-4", - "booting-up-thing-to-do-first-1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Check if S3 buckets have object versioning enabled", - "title": "Check if S3 buckets have object versioning enabled", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_object_versioning-211203495394-us-east-1-test-bucket-untrusted-kms" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::test-bucket-untrusted-kms", - "name": "test-bucket-untrusted-kms", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "us-east-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "test-bucket-untrusted-kms", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::test-bucket-untrusted-kms" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Configure versioning using the Amazon console or API for buckets with sensitive information that is changing frequently, and backup may not be enough to capture all the changes.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/dev-retired/Versioning.html" - ] - }, - "risk_details": "With versioning, you can easily recover from both unintended user actions and application failures.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket test-bucket-obj-untrusted does not have a bucket policy.", - "metadata": { - "event_code": "s3_bucket_policy_public_write_access", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 Bucket test-bucket-obj-untrusted does not have a bucket policy.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_1", - "3_1_2", - "3_1_3", - "3_3_8", - "3_4_6", - "3_13_2", - "3_13_5" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_1_3" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_308_a_3_i", - "164_312_a_1" - ], - "C5-2025": [ - "PS-03.02B", - "IAM-10.01B" - ], - "NIST-CSF-1.1": [ - "ac_3", - "ac_5", - "ds_5", - "ip_8", - "pt_3" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-3", - "ac-4", - "ac-6", - "ac-17-1", - "ac-21-b", - "cm-2", - "sc-4", - "sc-7-3", - "sc-7" - ], - "NIST-800-53-Revision-5": [ - "ac_2_6", - "ac_3", - "ac_3_7", - "ac_4_21", - "ac_6", - "ac_17_b", - "ac_17_1", - "ac_17_4_a", - "ac_17_9", - "ac_17_10", - "cm_6_a", - "cm_9_b", - "mp_2", - "sc_7_2", - "sc_7_3", - "sc_7_7", - "sc_7_9_a", - "sc_7_11", - "sc_7_12", - "sc_7_16", - "sc_7_20", - "sc_7_21", - "sc_7_24_b", - "sc_7_25", - "sc_7_26", - "sc_7_27", - "sc_7_28", - "sc_7_a", - "sc_7_b", - "sc_7_c", - "sc_25" - ], - "ENS-RD2022": [ - "op.acc.4.aws.iam.1", - "op.exp.8.r4.aws.ct.2" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "AWS-Audit-Manager-Control-Tower-Guardrails": [ - "4.1.2" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "FedRAMP-Low-Revision-4": [ - "ac-3", - "ac-17", - "cm-2", - "sc-7" - ], - "FFIEC": [ - "d3-pc-im-b-1" - ], - "PCI-3.2.1": [ - "1.2", - "1.2.1", - "1.2.1.a", - "1.2.1.b", - "1.2.1.c", - "1.3", - "1.3.1", - "1.3.2", - "1.3.4", - "1.3.6", - "7.2", - "7.2.1" - ], - "CCC": [ - "CCC.AuditLog.CN10.AR02", - "CCC.Core.CN05.AR05" - ], - "GxP-21-CFR-Part-11": [ - "11.10-c", - "11.10-d", - "11.10-g", - "11.10-k" - ], - "ProwlerThreatScore-1.0": [ - "2.2.15" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.3" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC03-BP07" - ], - "ISO27001-2022": [ - "A.8.1" - ], - "NIST-800-53-Revision-4": [ - "ac_3", - "ac_4", - "ac_6", - "ac_21", - "sc_7_3", - "sc_7" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1485", - "T1486" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Check if S3 buckets have policies which allow WRITE access.", - "title": "Check if S3 buckets have policies which allow WRITE access.", - "types": [ - "IAM" - ], - "uid": "prowler-aws-s3_bucket_policy_public_write_access-211203495394-us-east-1-test-bucket-obj-untrusted" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::test-bucket-obj-untrusted", - "name": "test-bucket-obj-untrusted", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "us-east-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "test-bucket-obj-untrusted", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::test-bucket-obj-untrusted" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Ensure proper bucket policy is in place with the least privilege principle applied.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_examples_s3_rw-bucket.html" - ] - }, - "risk_details": "Non intended users can put objects in a given bucket.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket test-bucket-untrusted-kms does not have a bucket policy.", - "metadata": { - "event_code": "s3_bucket_policy_public_write_access", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 Bucket test-bucket-untrusted-kms does not have a bucket policy.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_1", - "3_1_2", - "3_1_3", - "3_3_8", - "3_4_6", - "3_13_2", - "3_13_5" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_1_3" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_308_a_3_i", - "164_312_a_1" - ], - "C5-2025": [ - "PS-03.02B", - "IAM-10.01B" - ], - "NIST-CSF-1.1": [ - "ac_3", - "ac_5", - "ds_5", - "ip_8", - "pt_3" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-3", - "ac-4", - "ac-6", - "ac-17-1", - "ac-21-b", - "cm-2", - "sc-4", - "sc-7-3", - "sc-7" - ], - "NIST-800-53-Revision-5": [ - "ac_2_6", - "ac_3", - "ac_3_7", - "ac_4_21", - "ac_6", - "ac_17_b", - "ac_17_1", - "ac_17_4_a", - "ac_17_9", - "ac_17_10", - "cm_6_a", - "cm_9_b", - "mp_2", - "sc_7_2", - "sc_7_3", - "sc_7_7", - "sc_7_9_a", - "sc_7_11", - "sc_7_12", - "sc_7_16", - "sc_7_20", - "sc_7_21", - "sc_7_24_b", - "sc_7_25", - "sc_7_26", - "sc_7_27", - "sc_7_28", - "sc_7_a", - "sc_7_b", - "sc_7_c", - "sc_25" - ], - "ENS-RD2022": [ - "op.acc.4.aws.iam.1", - "op.exp.8.r4.aws.ct.2" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "AWS-Audit-Manager-Control-Tower-Guardrails": [ - "4.1.2" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "FedRAMP-Low-Revision-4": [ - "ac-3", - "ac-17", - "cm-2", - "sc-7" - ], - "FFIEC": [ - "d3-pc-im-b-1" - ], - "PCI-3.2.1": [ - "1.2", - "1.2.1", - "1.2.1.a", - "1.2.1.b", - "1.2.1.c", - "1.3", - "1.3.1", - "1.3.2", - "1.3.4", - "1.3.6", - "7.2", - "7.2.1" - ], - "CCC": [ - "CCC.AuditLog.CN10.AR02", - "CCC.Core.CN05.AR05" - ], - "GxP-21-CFR-Part-11": [ - "11.10-c", - "11.10-d", - "11.10-g", - "11.10-k" - ], - "ProwlerThreatScore-1.0": [ - "2.2.15" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.3" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC03-BP07" - ], - "ISO27001-2022": [ - "A.8.1" - ], - "NIST-800-53-Revision-4": [ - "ac_3", - "ac_4", - "ac_6", - "ac_21", - "sc_7_3", - "sc_7" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1485", - "T1486" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Check if S3 buckets have policies which allow WRITE access.", - "title": "Check if S3 buckets have policies which allow WRITE access.", - "types": [ - "IAM" - ], - "uid": "prowler-aws-s3_bucket_policy_public_write_access-211203495394-us-east-1-test-bucket-untrusted-kms" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::test-bucket-untrusted-kms", - "name": "test-bucket-untrusted-kms", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "us-east-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "test-bucket-untrusted-kms", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::test-bucket-untrusted-kms" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Ensure proper bucket policy is in place with the least privilege principle applied.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_examples_s3_rw-bucket.html" - ] - }, - "risk_details": "Non intended users can put objects in a given bucket.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket test-bucket-obj-untrusted is not public.", - "metadata": { - "event_code": "s3_bucket_public_access", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 Bucket test-bucket-obj-untrusted is not public.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_1", - "3_1_2", - "3_1_3", - "3_3_8", - "3_4_6", - "3_13_2", - "3_13_5" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_1_3" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_308_a_3_i", - "164_312_a_1", - "164_312_a_2_i" - ], - "SOC2": [ - "cc_6_1" - ], - "C5-2025": [ - "PS-03.02B", - "IAM-10.01B", - "COS-02.01B" - ], - "NIST-CSF-1.1": [ - "ac_3", - "ac_5", - "ds_5", - "ip_8", - "pt_3" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-3", - "ac-4", - "ac-6", - "ac-17-1", - "ac-21-b", - "cm-2", - "sc-4", - "sc-7-3", - "sc-7" - ], - "NIST-800-53-Revision-5": [ - "ac_2_6", - "ac_3", - "ac_3_7", - "ac_4_21", - "ac_6", - "ac_17_b", - "ac_17_1", - "ac_17_4_a", - "ac_17_9", - "ac_17_10", - "cm_6_a", - "cm_9_b", - "mp_2", - "sc_7_2", - "sc_7_3", - "sc_7_7", - "sc_7_9_a", - "sc_7_11", - "sc_7_12", - "sc_7_16", - "sc_7_20", - "sc_7_21", - "sc_7_24_b", - "sc_7_25", - "sc_7_26", - "sc_7_27", - "sc_7_28", - "sc_7_a", - "sc_7_b", - "sc_7_c", - "sc_25" - ], - "ENS-RD2022": [ - "op.exp.8.r4.aws.ct.2" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "AWS-Audit-Manager-Control-Tower-Guardrails": [ - "4.1.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.1", - "2.6.2", - "2.10.2" - ], - "PCI-4.0": [ - "1.2.8.33", - "1.2.8.34", - "1.3.1.37", - "1.3.1.38", - "1.3.2.37", - "1.3.2.38", - "1.4.2.35", - "1.4.2.36", - "1.5.1.33", - "1.5.1.34", - "10.3.2.21", - "10.3.2.23", - "10.3.3.23", - "10.3.4.8", - "3.5.1.3.26", - "3.5.1.3.28", - "A1.1.2.17", - "A1.1.2.19", - "A1.1.3.33", - "A1.1.3.34", - "A1.2.1.31", - "A3.4.1.19", - "A3.4.1.21" - ], - "FedRAMP-Low-Revision-4": [ - "ac-3", - "ac-17", - "cm-2", - "sc-7" - ], - "FFIEC": [ - "d3-pc-im-b-1" - ], - "CCC": [ - "CCC.AuditLog.CN09.AR01", - "CCC.AuditLog.CN10.AR02", - "CCC.Logging.CN05.AR01", - "CCC.Logging.CN05.AR02", - "CCC.ObjStor.CN02.AR02", - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05" - ], - "GxP-21-CFR-Part-11": [ - "11.10-c", - "11.10-d", - "11.10-g", - "11.10-k" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC03-BP07" - ], - "ISO27001-2022": [ - "A.8.1" - ], - "NIST-800-53-Revision-4": [ - "ac_3", - "ac_4", - "ac_6", - "ac_21", - "sc_7_3", - "sc_7" - ], - "AWS-Account-Security-Onboarding": [ - "S3 Block Public Access" - ], - "KISA-ISMS-P-2023": [ - "2.6.1", - "2.6.2", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1530" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure there are no S3 buckets open to Everyone or Any AWS user.", - "title": "Ensure there are no S3 buckets open to Everyone or Any AWS user.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_public_access-211203495394-us-east-1-test-bucket-obj-untrusted" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::test-bucket-obj-untrusted", - "name": "test-bucket-obj-untrusted", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "us-east-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "test-bucket-obj-untrusted", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::test-bucket-obj-untrusted" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "You can enable block public access settings only for access points, buckets and AWS accounts. Amazon S3 does not support block public access settings on a per-object basis. When you apply block public access settings to an account, the settings apply to all AWS Regions globally. The settings might not take effect in all Regions immediately or simultaneously, but they eventually propagate to all Regions.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html" - ] - }, - "risk_details": "Even if you enable all possible bucket ACL options available in the Amazon S3 console the ACL alone does not allow everyone to download objects from your bucket. Depending on which option you select any user could perform some actions.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket test-bucket-untrusted-kms is not public.", - "metadata": { - "event_code": "s3_bucket_public_access", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 Bucket test-bucket-untrusted-kms is not public.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_1", - "3_1_2", - "3_1_3", - "3_3_8", - "3_4_6", - "3_13_2", - "3_13_5" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_1_3" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_308_a_3_i", - "164_312_a_1", - "164_312_a_2_i" - ], - "SOC2": [ - "cc_6_1" - ], - "C5-2025": [ - "PS-03.02B", - "IAM-10.01B", - "COS-02.01B" - ], - "NIST-CSF-1.1": [ - "ac_3", - "ac_5", - "ds_5", - "ip_8", - "pt_3" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-3", - "ac-4", - "ac-6", - "ac-17-1", - "ac-21-b", - "cm-2", - "sc-4", - "sc-7-3", - "sc-7" - ], - "NIST-800-53-Revision-5": [ - "ac_2_6", - "ac_3", - "ac_3_7", - "ac_4_21", - "ac_6", - "ac_17_b", - "ac_17_1", - "ac_17_4_a", - "ac_17_9", - "ac_17_10", - "cm_6_a", - "cm_9_b", - "mp_2", - "sc_7_2", - "sc_7_3", - "sc_7_7", - "sc_7_9_a", - "sc_7_11", - "sc_7_12", - "sc_7_16", - "sc_7_20", - "sc_7_21", - "sc_7_24_b", - "sc_7_25", - "sc_7_26", - "sc_7_27", - "sc_7_28", - "sc_7_a", - "sc_7_b", - "sc_7_c", - "sc_25" - ], - "ENS-RD2022": [ - "op.exp.8.r4.aws.ct.2" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "AWS-Audit-Manager-Control-Tower-Guardrails": [ - "4.1.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.1", - "2.6.2", - "2.10.2" - ], - "PCI-4.0": [ - "1.2.8.33", - "1.2.8.34", - "1.3.1.37", - "1.3.1.38", - "1.3.2.37", - "1.3.2.38", - "1.4.2.35", - "1.4.2.36", - "1.5.1.33", - "1.5.1.34", - "10.3.2.21", - "10.3.2.23", - "10.3.3.23", - "10.3.4.8", - "3.5.1.3.26", - "3.5.1.3.28", - "A1.1.2.17", - "A1.1.2.19", - "A1.1.3.33", - "A1.1.3.34", - "A1.2.1.31", - "A3.4.1.19", - "A3.4.1.21" - ], - "FedRAMP-Low-Revision-4": [ - "ac-3", - "ac-17", - "cm-2", - "sc-7" - ], - "FFIEC": [ - "d3-pc-im-b-1" - ], - "CCC": [ - "CCC.AuditLog.CN09.AR01", - "CCC.AuditLog.CN10.AR02", - "CCC.Logging.CN05.AR01", - "CCC.Logging.CN05.AR02", - "CCC.ObjStor.CN02.AR02", - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05" - ], - "GxP-21-CFR-Part-11": [ - "11.10-c", - "11.10-d", - "11.10-g", - "11.10-k" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC03-BP07" - ], - "ISO27001-2022": [ - "A.8.1" - ], - "NIST-800-53-Revision-4": [ - "ac_3", - "ac_4", - "ac_6", - "ac_21", - "sc_7_3", - "sc_7" - ], - "AWS-Account-Security-Onboarding": [ - "S3 Block Public Access" - ], - "KISA-ISMS-P-2023": [ - "2.6.1", - "2.6.2", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1530" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure there are no S3 buckets open to Everyone or Any AWS user.", - "title": "Ensure there are no S3 buckets open to Everyone or Any AWS user.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_public_access-211203495394-us-east-1-test-bucket-untrusted-kms" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::test-bucket-untrusted-kms", - "name": "test-bucket-untrusted-kms", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "us-east-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "test-bucket-untrusted-kms", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::test-bucket-untrusted-kms" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "You can enable block public access settings only for access points, buckets and AWS accounts. Amazon S3 does not support block public access settings on a per-object basis. When you apply block public access settings to an account, the settings apply to all AWS Regions globally. The settings might not take effect in all Regions immediately or simultaneously, but they eventually propagate to all Regions.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html" - ] - }, - "risk_details": "Even if you enable all possible bucket ACL options available in the Amazon S3 console the ACL alone does not allow everyone to download objects from your bucket. Depending on which option you select any user could perform some actions.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket test-bucket-obj-untrusted is not publicly listable.", - "metadata": { - "event_code": "s3_bucket_public_list_acl", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 Bucket test-bucket-obj-untrusted is not publicly listable.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "PS-03.02B" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "AWS-Audit-Manager-Control-Tower-Guardrails": [ - "4.1.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "CCC": [ - "CCC.AuditLog.CN10.AR01", - "CCC.AuditLog.CN10.AR02", - "CCC.Logging.CN05.AR01", - "CCC.Logging.CN05.AR02", - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR05" - ], - "ProwlerThreatScore-1.0": [ - "2.2.16" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure there are no S3 buckets listable by Everyone or Any AWS customer.", - "title": "Ensure there are no S3 buckets listable by Everyone or Any AWS customer.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_public_list_acl-211203495394-us-east-1-test-bucket-obj-untrusted" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::test-bucket-obj-untrusted", - "name": "test-bucket-obj-untrusted", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "us-east-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "test-bucket-obj-untrusted", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::test-bucket-obj-untrusted" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "You can enable block public access settings only for access points, buckets and AWS accounts. Amazon S3 does not support block public access settings on a per-object basis. When you apply block public access settings to an account, the settings apply to all AWS Regions globally. The settings might not take effect in all Regions immediately or simultaneously, but they eventually propagate to all Regions.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html" - ] - }, - "risk_details": "Even if you enable all possible bucket ACL options available in the Amazon S3 console the ACL alone does not allow everyone to download objects from your bucket. Depending on which option you select any user could perform some actions.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket test-bucket-untrusted-kms is not publicly listable.", - "metadata": { - "event_code": "s3_bucket_public_list_acl", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 Bucket test-bucket-untrusted-kms is not publicly listable.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "PS-03.02B" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "AWS-Audit-Manager-Control-Tower-Guardrails": [ - "4.1.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "CCC": [ - "CCC.AuditLog.CN10.AR01", - "CCC.AuditLog.CN10.AR02", - "CCC.Logging.CN05.AR01", - "CCC.Logging.CN05.AR02", - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR05" - ], - "ProwlerThreatScore-1.0": [ - "2.2.16" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure there are no S3 buckets listable by Everyone or Any AWS customer.", - "title": "Ensure there are no S3 buckets listable by Everyone or Any AWS customer.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_public_list_acl-211203495394-us-east-1-test-bucket-untrusted-kms" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::test-bucket-untrusted-kms", - "name": "test-bucket-untrusted-kms", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "us-east-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "test-bucket-untrusted-kms", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::test-bucket-untrusted-kms" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "You can enable block public access settings only for access points, buckets and AWS accounts. Amazon S3 does not support block public access settings on a per-object basis. When you apply block public access settings to an account, the settings apply to all AWS Regions globally. The settings might not take effect in all Regions immediately or simultaneously, but they eventually propagate to all Regions.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html" - ] - }, - "risk_details": "Even if you enable all possible bucket ACL options available in the Amazon S3 console the ACL alone does not allow everyone to download objects from your bucket. Depending on which option you select any user could perform some actions.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket test-bucket-obj-untrusted is not publicly writable.", - "metadata": { - "event_code": "s3_bucket_public_write_acl", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 Bucket test-bucket-obj-untrusted is not publicly writable.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "PS-03.02B" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "PCI-4.0": [ - "1.2.8.35", - "1.3.1.39", - "1.3.2.39", - "1.4.2.37", - "1.5.1.35", - "10.3.2.24", - "3.5.1.3.29", - "A1.1.2.20", - "A1.1.3.35", - "A3.4.1.22" - ], - "PCI-3.2.1": [ - "1.2", - "1.2.1", - "1.2.1.a", - "1.2.1.b", - "1.2.1.c", - "1.3", - "1.3.1", - "1.3.2", - "1.3.4", - "1.3.6", - "7.2", - "7.2.1" - ], - "CCC": [ - "CCC.AuditLog.CN10.AR01", - "CCC.AuditLog.CN10.AR02", - "CCC.Logging.CN05.AR01", - "CCC.Logging.CN05.AR02", - "CCC.ObjStor.CN02.AR01", - "CCC.ObjStor.CN02.AR02", - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR05" - ], - "ProwlerThreatScore-1.0": [ - "2.2.17" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.3" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure there are no S3 buckets writable by Everyone or Any AWS customer.", - "title": "Ensure there are no S3 buckets writable by Everyone or Any AWS customer.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_public_write_acl-211203495394-us-east-1-test-bucket-obj-untrusted" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::test-bucket-obj-untrusted", - "name": "test-bucket-obj-untrusted", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "us-east-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "test-bucket-obj-untrusted", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::test-bucket-obj-untrusted" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "You can enable block public access settings only for access points, buckets and AWS accounts. Amazon S3 does not support block public access settings on a per-object basis. When you apply block public access settings to an account, the settings apply to all AWS Regions globally. The settings might not take effect in all Regions immediately or simultaneously, but they eventually propagate to all Regions.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html" - ] - }, - "risk_details": "Even if you enable all possible bucket ACL options available in the Amazon S3 console the ACL alone does not allow everyone to download objects from your bucket. Depending on which option you select any user could perform some actions.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket test-bucket-untrusted-kms is not publicly writable.", - "metadata": { - "event_code": "s3_bucket_public_write_acl", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 Bucket test-bucket-untrusted-kms is not publicly writable.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "PS-03.02B" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "PCI-4.0": [ - "1.2.8.35", - "1.3.1.39", - "1.3.2.39", - "1.4.2.37", - "1.5.1.35", - "10.3.2.24", - "3.5.1.3.29", - "A1.1.2.20", - "A1.1.3.35", - "A3.4.1.22" - ], - "PCI-3.2.1": [ - "1.2", - "1.2.1", - "1.2.1.a", - "1.2.1.b", - "1.2.1.c", - "1.3", - "1.3.1", - "1.3.2", - "1.3.4", - "1.3.6", - "7.2", - "7.2.1" - ], - "CCC": [ - "CCC.AuditLog.CN10.AR01", - "CCC.AuditLog.CN10.AR02", - "CCC.Logging.CN05.AR01", - "CCC.Logging.CN05.AR02", - "CCC.ObjStor.CN02.AR01", - "CCC.ObjStor.CN02.AR02", - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR05" - ], - "ProwlerThreatScore-1.0": [ - "2.2.17" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.3" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure there are no S3 buckets writable by Everyone or Any AWS customer.", - "title": "Ensure there are no S3 buckets writable by Everyone or Any AWS customer.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_public_write_acl-211203495394-us-east-1-test-bucket-untrusted-kms" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::test-bucket-untrusted-kms", - "name": "test-bucket-untrusted-kms", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "us-east-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "test-bucket-untrusted-kms", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::test-bucket-untrusted-kms" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "You can enable block public access settings only for access points, buckets and AWS accounts. Amazon S3 does not support block public access settings on a per-object basis. When you apply block public access settings to an account, the settings apply to all AWS Regions globally. The settings might not take effect in all Regions immediately or simultaneously, but they eventually propagate to all Regions.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html" - ] - }, - "risk_details": "Even if you enable all possible bucket ACL options available in the Amazon S3 console the ACL alone does not allow everyone to download objects from your bucket. Depending on which option you select any user could perform some actions.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket test-bucket-obj-untrusted does not have a bucket policy, thus it allows HTTP requests.", - "metadata": { - "event_code": "s3_bucket_secure_transport_policy", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "S3 Bucket test-bucket-obj-untrusted does not have a bucket policy, thus it allows HTTP requests.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_13", - "3_5_10", - "3_13_1", - "3_13_5", - "3_13_8", - "3_13_11", - "3_13_16" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_1_3" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_312_a_2_iv", - "164_312_c_1", - "164_312_c_2", - "164_312_e_1", - "164_312_e_2_i", - "164_312_e_2_ii" - ], - "NIST-CSF-1.1": [ - "ds_2" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-17-2", - "sc-7", - "sc-8-1", - "sc-8", - "sc-23" - ], - "CIS-3.0": [ - "2.1.1" - ], - "NIST-800-53-Revision-5": [ - "ac_4", - "ac_4_22", - "ac_17_2", - "ac_24_1", - "au_9_3", - "ca_9_b", - "cm_6_a", - "cm_9_b", - "ia_5_1_c", - "pm_11_b", - "pm_17_b", - "sc_7_4_b", - "sc_7_4_g", - "sc_7_5", - "sc_8", - "sc_8_1", - "sc_8_2", - "sc_8_3", - "sc_8_4", - "sc_8_5", - "sc_13_a", - "sc_16_1", - "sc_23", - "si_1_a_2" - ], - "ENS-RD2022": [ - "mp.com.1.aws.s3.1", - "mp.com.3.aws.s3.1" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.1", - "2.10.2" - ], - "CIS-4.0.1": [ - "2.1.1" - ], - "PCI-4.0": [ - "1.2.5.15", - "2.2.5.15", - "2.2.7.19", - "4.2.1.1.27", - "4.2.1.19", - "8.3.2.49" - ], - "FedRAMP-Low-Revision-4": [ - "ac-17", - "sc-7" - ], - "FFIEC": [ - "d3-pc-am-b-12", - "d3-pc-am-b-13", - "d3-pc-am-b-15" - ], - "GDPR": [ - "article_32" - ], - "CIS-5.0": [ - "2.1.1" - ], - "CIS-1.4": [ - "2.1.2" - ], - "CCC": [ - "CCC.Core.CN01.AR01", - "CCC.Core.CN01.AR03", - "CCC.Core.CN01.AR07", - "CCC.Core.CN01.AR08" - ], - "GxP-21-CFR-Part-11": [ - "11.10-c", - "11.30" - ], - "ProwlerThreatScore-1.0": [ - "4.1.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.5" - ], - "CIS-1.5": [ - "2.1.2" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC09-BP02" - ], - "NIST-800-53-Revision-4": [ - "ac_17_2", - "sc_7", - "sc_8_1", - "sc_8" - ], - "KISA-ISMS-P-2023": [ - "2.7.1", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1040" - ], - "CIS-2.0": [ - "2.1.1" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Check if S3 buckets have secure transport policy.", - "title": "Check if S3 buckets have secure transport policy.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_secure_transport_policy-211203495394-us-east-1-test-bucket-obj-untrusted" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::test-bucket-obj-untrusted", - "name": "test-bucket-obj-untrusted", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "us-east-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "test-bucket-obj-untrusted", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::test-bucket-obj-untrusted" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Ensure that S3 buckets have encryption in transit enabled.", - "references": [ - "https://aws.amazon.com/premiumsupport/knowledge-center/s3-bucket-policy-for-config-rule/" - ] - }, - "risk_details": "If HTTPS is not enforced on the bucket policy, communication between clients and S3 buckets can use unencrypted HTTP. As a result, sensitive information could be transmitted in clear text over the network or internet.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket test-bucket-untrusted-kms does not have a bucket policy, thus it allows HTTP requests.", - "metadata": { - "event_code": "s3_bucket_secure_transport_policy", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "S3 Bucket test-bucket-untrusted-kms does not have a bucket policy, thus it allows HTTP requests.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_13", - "3_5_10", - "3_13_1", - "3_13_5", - "3_13_8", - "3_13_11", - "3_13_16" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_1_3" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_312_a_2_iv", - "164_312_c_1", - "164_312_c_2", - "164_312_e_1", - "164_312_e_2_i", - "164_312_e_2_ii" - ], - "NIST-CSF-1.1": [ - "ds_2" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-17-2", - "sc-7", - "sc-8-1", - "sc-8", - "sc-23" - ], - "CIS-3.0": [ - "2.1.1" - ], - "NIST-800-53-Revision-5": [ - "ac_4", - "ac_4_22", - "ac_17_2", - "ac_24_1", - "au_9_3", - "ca_9_b", - "cm_6_a", - "cm_9_b", - "ia_5_1_c", - "pm_11_b", - "pm_17_b", - "sc_7_4_b", - "sc_7_4_g", - "sc_7_5", - "sc_8", - "sc_8_1", - "sc_8_2", - "sc_8_3", - "sc_8_4", - "sc_8_5", - "sc_13_a", - "sc_16_1", - "sc_23", - "si_1_a_2" - ], - "ENS-RD2022": [ - "mp.com.1.aws.s3.1", - "mp.com.3.aws.s3.1" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.1", - "2.10.2" - ], - "CIS-4.0.1": [ - "2.1.1" - ], - "PCI-4.0": [ - "1.2.5.15", - "2.2.5.15", - "2.2.7.19", - "4.2.1.1.27", - "4.2.1.19", - "8.3.2.49" - ], - "FedRAMP-Low-Revision-4": [ - "ac-17", - "sc-7" - ], - "FFIEC": [ - "d3-pc-am-b-12", - "d3-pc-am-b-13", - "d3-pc-am-b-15" - ], - "GDPR": [ - "article_32" - ], - "CIS-5.0": [ - "2.1.1" - ], - "CIS-1.4": [ - "2.1.2" - ], - "CCC": [ - "CCC.Core.CN01.AR01", - "CCC.Core.CN01.AR03", - "CCC.Core.CN01.AR07", - "CCC.Core.CN01.AR08" - ], - "GxP-21-CFR-Part-11": [ - "11.10-c", - "11.30" - ], - "ProwlerThreatScore-1.0": [ - "4.1.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.5" - ], - "CIS-1.5": [ - "2.1.2" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC09-BP02" - ], - "NIST-800-53-Revision-4": [ - "ac_17_2", - "sc_7", - "sc_8_1", - "sc_8" - ], - "KISA-ISMS-P-2023": [ - "2.7.1", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1040" - ], - "CIS-2.0": [ - "2.1.1" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Check if S3 buckets have secure transport policy.", - "title": "Check if S3 buckets have secure transport policy.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_secure_transport_policy-211203495394-us-east-1-test-bucket-untrusted-kms" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::test-bucket-untrusted-kms", - "name": "test-bucket-untrusted-kms", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "us-east-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "test-bucket-untrusted-kms", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::test-bucket-untrusted-kms" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Ensure that S3 buckets have encryption in transit enabled.", - "references": [ - "https://aws.amazon.com/premiumsupport/knowledge-center/s3-bucket-policy-for-config-rule/" - ] - }, - "risk_details": "If HTTPS is not enforced on the bucket policy, communication between clients and S3 buckets can use unencrypted HTTP. As a result, sensitive information could be transmitted in clear text over the network or internet.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket test-bucket-obj-untrusted has server access logging disabled.", - "metadata": { - "event_code": "s3_bucket_server_access_logging_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "S3 Bucket test-bucket-obj-untrusted has server access logging disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_12", - "3_3_1", - "3_3_2", - "3_3_3", - "3_6_1", - "3_6_2", - "3_13_1", - "3_14_6", - "3_14_7" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_4" - ], - "HIPAA": [ - "164_308_a_1_ii_d", - "164_308_a_3_ii_a", - "164_308_a_6_ii", - "164_312_b", - "164_312_e_2_i" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "C5-2025": [ - "AM-01.01AC", - "OPS-11.02AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "IAM-06.04B", - "IAM-07.04B", - "IAM-10.01B", - "SSO-05.01AC", - "PSS-04.05B" - ], - "NIST-CSF-1.1": [ - "ae_1", - "ae_3", - "ae_4", - "cm_1", - "cm_3", - "cm_6", - "cm_7", - "am_3", - "ac_6", - "ds_5", - "pt_1" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-4", - "ac-2-g", - "au-2-a-d", - "au-3", - "au-6-1-3", - "au-12-a-c" - ], - "NIST-800-53-Revision-5": [ - "ac_2_4", - "ac_3_1", - "ac_3_10", - "ac_4_26", - "ac_6_9", - "au_2_b", - "au_3_a", - "au_3_b", - "au_3_c", - "au_3_d", - "au_3_e", - "au_3_f", - "au_6_3", - "au_6_4", - "au_6_6", - "au_6_9", - "au_8_b", - "au_10", - "au_12_a", - "au_12_c", - "au_12_1", - "au_12_2", - "au_12_3", - "au_12_4", - "au_14_a", - "au_14_b", - "au_14_3", - "ca_7_b", - "cm_5_1_b", - "cm_6_a", - "cm_9_b", - "ia_3_3_b", - "ma_4_1_a", - "pm_14_a_1", - "pm_14_b", - "pm_31", - "sc_7_9_b", - "si_1_1_c", - "si_3_8_b", - "si_4_2", - "si_4_17", - "si_4_20", - "si_7_8", - "si_10_1_c" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.2" - ], - "PCI-4.0": [ - "10.2.1.1.30", - "10.2.1.2.27", - "10.2.1.3.27", - "10.2.1.4.27", - "10.2.1.5.27", - "10.2.1.6.27", - "10.2.1.7.27", - "10.2.1.27", - "10.2.2.27", - "10.3.1.27", - "10.6.3.34", - "5.3.4.32", - "A1.2.1.32" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "au-2" - ], - "FFIEC": [ - "d2-ma-ma-b-1", - "d2-ma-ma-b-2", - "d3-dc-an-b-3", - "d3-dc-an-b-4", - "d5-dr-de-b-3" - ], - "PCI-3.2.1": [ - "10.1", - "10.2", - "10.2.1", - "10.2.2", - "10.2.3", - "10.2.4", - "10.2.6", - "10.2.7", - "10.3", - "10.3.1", - "10.3.2", - "10.3.3", - "10.3.4", - "10.3.5", - "10.3.6", - "10.5", - "10.5.4" - ], - "CCC": [ - "CCC.AuditLog.CN04.AR01", - "CCC.ObjStor.CN06.AR01", - "CCC.Core.CN09.AR03" - ], - "GxP-21-CFR-Part-11": [ - "11.10-e", - "11.10-k" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.9" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP01" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "NIST-800-53-Revision-4": [ - "ac_2", - "au_2", - "au_3", - "au_12" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.2" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ], - "NIS2": [ - "1.1.1.h", - "3.2.3.c", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Check if S3 buckets have server access logging enabled", - "title": "Check if S3 buckets have server access logging enabled", - "types": [ - "Logging and Monitoring" - ], - "uid": "prowler-aws-s3_bucket_server_access_logging_enabled-211203495394-us-east-1-test-bucket-obj-untrusted" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::test-bucket-obj-untrusted", - "name": "test-bucket-obj-untrusted", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "us-east-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "test-bucket-obj-untrusted", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::test-bucket-obj-untrusted" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Ensure that S3 buckets have Logging enabled. CloudTrail data events can be used in place of S3 bucket logging. If that is the case, this finding can be considered a false positive.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/dev/security-best-practices.html" - ] - }, - "risk_details": "Server access logs can assist you in security and access audits, help you learn about your customer base, and understand your Amazon S3 bill.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket test-bucket-untrusted-kms has server access logging disabled.", - "metadata": { - "event_code": "s3_bucket_server_access_logging_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "S3 Bucket test-bucket-untrusted-kms has server access logging disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_12", - "3_3_1", - "3_3_2", - "3_3_3", - "3_6_1", - "3_6_2", - "3_13_1", - "3_14_6", - "3_14_7" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_4" - ], - "HIPAA": [ - "164_308_a_1_ii_d", - "164_308_a_3_ii_a", - "164_308_a_6_ii", - "164_312_b", - "164_312_e_2_i" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "C5-2025": [ - "AM-01.01AC", - "OPS-11.02AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "IAM-06.04B", - "IAM-07.04B", - "IAM-10.01B", - "SSO-05.01AC", - "PSS-04.05B" - ], - "NIST-CSF-1.1": [ - "ae_1", - "ae_3", - "ae_4", - "cm_1", - "cm_3", - "cm_6", - "cm_7", - "am_3", - "ac_6", - "ds_5", - "pt_1" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-4", - "ac-2-g", - "au-2-a-d", - "au-3", - "au-6-1-3", - "au-12-a-c" - ], - "NIST-800-53-Revision-5": [ - "ac_2_4", - "ac_3_1", - "ac_3_10", - "ac_4_26", - "ac_6_9", - "au_2_b", - "au_3_a", - "au_3_b", - "au_3_c", - "au_3_d", - "au_3_e", - "au_3_f", - "au_6_3", - "au_6_4", - "au_6_6", - "au_6_9", - "au_8_b", - "au_10", - "au_12_a", - "au_12_c", - "au_12_1", - "au_12_2", - "au_12_3", - "au_12_4", - "au_14_a", - "au_14_b", - "au_14_3", - "ca_7_b", - "cm_5_1_b", - "cm_6_a", - "cm_9_b", - "ia_3_3_b", - "ma_4_1_a", - "pm_14_a_1", - "pm_14_b", - "pm_31", - "sc_7_9_b", - "si_1_1_c", - "si_3_8_b", - "si_4_2", - "si_4_17", - "si_4_20", - "si_7_8", - "si_10_1_c" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.2" - ], - "PCI-4.0": [ - "10.2.1.1.30", - "10.2.1.2.27", - "10.2.1.3.27", - "10.2.1.4.27", - "10.2.1.5.27", - "10.2.1.6.27", - "10.2.1.7.27", - "10.2.1.27", - "10.2.2.27", - "10.3.1.27", - "10.6.3.34", - "5.3.4.32", - "A1.2.1.32" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "au-2" - ], - "FFIEC": [ - "d2-ma-ma-b-1", - "d2-ma-ma-b-2", - "d3-dc-an-b-3", - "d3-dc-an-b-4", - "d5-dr-de-b-3" - ], - "PCI-3.2.1": [ - "10.1", - "10.2", - "10.2.1", - "10.2.2", - "10.2.3", - "10.2.4", - "10.2.6", - "10.2.7", - "10.3", - "10.3.1", - "10.3.2", - "10.3.3", - "10.3.4", - "10.3.5", - "10.3.6", - "10.5", - "10.5.4" - ], - "CCC": [ - "CCC.AuditLog.CN04.AR01", - "CCC.ObjStor.CN06.AR01", - "CCC.Core.CN09.AR03" - ], - "GxP-21-CFR-Part-11": [ - "11.10-e", - "11.10-k" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.9" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP01" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "NIST-800-53-Revision-4": [ - "ac_2", - "au_2", - "au_3", - "au_12" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.2" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ], - "NIS2": [ - "1.1.1.h", - "3.2.3.c", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Check if S3 buckets have server access logging enabled", - "title": "Check if S3 buckets have server access logging enabled", - "types": [ - "Logging and Monitoring" - ], - "uid": "prowler-aws-s3_bucket_server_access_logging_enabled-211203495394-us-east-1-test-bucket-untrusted-kms" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::test-bucket-untrusted-kms", - "name": "test-bucket-untrusted-kms", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "us-east-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "test-bucket-untrusted-kms", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::test-bucket-untrusted-kms" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Ensure that S3 buckets have Logging enabled. CloudTrail data events can be used in place of S3 bucket logging. If that is the case, this finding can be considered a false positive.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/dev/security-best-practices.html" - ] - }, - "risk_details": "Server access logs can assist you in security and access audits, help you learn about your customer base, and understand your Amazon S3 bill.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 bucket test-bucket-obj-untrusted is not a known shadow resource.", - "metadata": { - "event_code": "s3_bucket_shadow_resource_vulnerability", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 bucket test-bucket-obj-untrusted is not a known shadow resource.", - "status_id": 1, - "unmapped": { - "related_url": "https://www.aquasec.com/blog/bucket-monopoly-breaching-aws-accounts-through-shadow-resources/", - "categories": [ - "trustboundaries" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "This check is based on the 'Bucket Monopoly' vulnerability disclosed by Aqua Security.", - "compliance": { - "C5-2025": [ - "OPS-25.01B" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Checks for S3 buckets with predictable names that could be hijacked by an attacker before legitimate use, leading to data leakage or other security breaches.", - "title": "Check for S3 buckets vulnerable to Shadow Resource Hijacking (Bucket Monopoly)", - "types": [ - "Effects/Data Exposure" - ], - "uid": "prowler-aws-s3_bucket_shadow_resource_vulnerability-211203495394-us-east-1-test-bucket-obj-untrusted" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::test-bucket-obj-untrusted", - "name": "test-bucket-obj-untrusted", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "us-east-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "test-bucket-obj-untrusted", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::test-bucket-obj-untrusted" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Ensure that all S3 buckets associated with your AWS account are owned by your account. Be cautious of services that create buckets with predictable names. Whenever possible, pre-create these buckets in all regions to prevent hijacking.", - "references": [ - "https://www.aquasec.com/blog/bucket-monopoly-breaching-aws-accounts-through-shadow-resources/" - ] - }, - "risk_details": "An attacker can pre-create S3 buckets with predictable names used by various AWS services. When a legitimate user's service attempts to use that bucket, it may inadvertently write sensitive data to the attacker-controlled bucket, leading to information disclosure, denial of service, or even remote code execution.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 bucket test-bucket-untrusted-kms is not a known shadow resource.", - "metadata": { - "event_code": "s3_bucket_shadow_resource_vulnerability", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 bucket test-bucket-untrusted-kms is not a known shadow resource.", - "status_id": 1, - "unmapped": { - "related_url": "https://www.aquasec.com/blog/bucket-monopoly-breaching-aws-accounts-through-shadow-resources/", - "categories": [ - "trustboundaries" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "This check is based on the 'Bucket Monopoly' vulnerability disclosed by Aqua Security.", - "compliance": { - "C5-2025": [ - "OPS-25.01B" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Checks for S3 buckets with predictable names that could be hijacked by an attacker before legitimate use, leading to data leakage or other security breaches.", - "title": "Check for S3 buckets vulnerable to Shadow Resource Hijacking (Bucket Monopoly)", - "types": [ - "Effects/Data Exposure" - ], - "uid": "prowler-aws-s3_bucket_shadow_resource_vulnerability-211203495394-us-east-1-test-bucket-untrusted-kms" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::test-bucket-untrusted-kms", - "name": "test-bucket-untrusted-kms", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "us-east-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "test-bucket-untrusted-kms", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::test-bucket-untrusted-kms" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Ensure that all S3 buckets associated with your AWS account are owned by your account. Be cautious of services that create buckets with predictable names. Whenever possible, pre-create these buckets in all regions to prevent hijacking.", - "references": [ - "https://www.aquasec.com/blog/bucket-monopoly-breaching-aws-accounts-through-shadow-resources/" - ] - }, - "risk_details": "An attacker can pre-create S3 buckets with predictable names used by various AWS services. When a legitimate user's service attempts to use that bucket, it may inadvertently write sensitive data to the attacker-controlled bucket, leading to information disclosure, denial of service, or even remote code execution.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No SSM Incidents replication set exists.", - "metadata": { - "event_code": "ssmincidents_enabled_with_plans", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "No SSM Incidents replication set exists.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/incident-manager/latest/userguide/response-plans.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-03.02B", - "OIS-03.05B", - "OIS-03.06B", - "OIS-05.03B", - "OIS-08.01B", - "OIS-08.09B", - "OPS-13.02B", - "OPS-13.03AC", - "OPS-22.08B", - "DEV-15.01B", - "SIM-01.02AC", - "SIM-02.01B", - "SIM-03.01B", - "SIM-03.04B", - "SIM-04.01B", - "SIM-06.01B", - "BCM-01.05B" - ], - "ENS-RD2022": [ - "op.exp.9.aws.img.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2", - "2.11.1" - ], - "KISA-ISMS-P-2023": [ - "2.10.2", - "2.11.1" - ], - "NIS2": [ - "2.1.1", - "2.1.2.a", - "2.1.2.i", - "3.1.1", - "3.1.2.a", - "3.1.2.c", - "3.1.2.d", - "3.5.1", - "3.6.1", - "3.6.2", - "3.6.3", - "4.3.1", - "5.1.7.b", - "12.1.2.c", - "12.2.2.b" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure SSM Incidents is enabled with response plans.", - "title": "Ensure SSM Incidents is enabled with response plans.", - "types": [], - "uid": "prowler-aws-ssmincidents_enabled_with_plans-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "ssmincidents" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:ssm-incidents:us-east-1:211203495394:replication-set" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Enable SSM Incidents and create response plans", - "references": [ - "https://docs.aws.amazon.com/incident-manager/latest/userguide/response-plans.html" - ] - }, - "risk_details": "Not having SSM Incidents enabled can increase the risk of delayed detection and response to security incidents, unauthorized access, limited visibility into incidents and vulnerabilities", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Amazon Web Services Premium Support Subscription is required to use this service.", - "metadata": { - "event_code": "trustedadvisor_errors_and_warnings", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "MANUAL", - "status_detail": "Amazon Web Services Premium Support Subscription is required to use this service.", - "status_id": 1, - "unmapped": { - "related_url": "https://aws.amazon.com/premiumsupport/technology/trusted-advisor/best-practice-checklist/", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "KISA-ISMS-P-2023-korean": [ - "2.10.1", - "2.10.2", - "2.11.3" - ], - "KISA-ISMS-P-2023": [ - "2.10.1", - "2.10.2", - "2.11.3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Check Trusted Advisor for errors and warnings.", - "title": "Check Trusted Advisor for errors and warnings.", - "types": [], - "uid": "prowler-aws-trustedadvisor_errors_and_warnings-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "trustedadvisor" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:trusted-advisor:us-east-1:211203495394:account" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Review and act upon its recommendations.", - "references": [ - "https://aws.amazon.com/premiumsupport/technology/trusted-advisor/best-practice-checklist/" - ] - }, - "risk_details": "Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Amazon Web Services Premium Support Plan isn't subscribed.", - "metadata": { - "event_code": "trustedadvisor_premium_support_plan_subscribed", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "Amazon Web Services Premium Support Plan isn't subscribed.", - "status_id": 1, - "unmapped": { - "related_url": "https://aws.amazon.com/premiumsupport/plans/", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "SSO-05.06B" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Check if a Premium support plan is subscribed.", - "title": "Check if a Premium support plan is subscribed", - "types": [], - "uid": "prowler-aws-trustedadvisor_premium_support_plan_subscribed-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "enabled": false - } - }, - "group": { - "name": "trustedadvisor" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:trusted-advisor:us-east-1:211203495394:account" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "It is recommended that you subscribe to the AWS Business Support tier or higher for all of your AWS production accounts. If you don't have premium support, you must have an action plan to handle issues which require help from AWS Support. AWS Support provides a mix of tools and technology, people, and programs designed to proactively help you optimize performance, lower costs, and innovate faster.", - "references": [ - "https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/Support/support-plan.html" - ] - }, - "risk_details": "Ensure that the appropriate support level is enabled for the necessary AWS accounts. For example, if an AWS account is being used to host production systems and environments, it is highly recommended that the minimum AWS Support Plan should be Business.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "VPCs found only in one region.", - "metadata": { - "event_code": "vpc_different_regions", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "VPCs found only in one region.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Scenario2.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS" - ], - "ENS-RD2022": [ - "mp.com.4.r1.aws.vpc.1", - "mp.com.4.r3.aws.vpc.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.2" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "KISA-ISMS-P-2023": [ - "2.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Ensure there are VPCs in more than one region", - "title": "Ensure there are VPCs in more than one region", - "types": [ - "Infrastructure Security" - ], - "uid": "prowler-aws-vpc_different_regions-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "vpc-0db221deba515d6c7": { - "arn": "arn:aws:ec2:eu-west-1:211203495394:vpc/vpc-0db221deba515d6c7", - "id": "vpc-0db221deba515d6c7", - "name": "ex-rds", - "default": false, - "in_use": false, - "cidr_block": "10.0.0.0/16", - "flow_log": false, - "region": "eu-west-1", - "subnets": [ - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-0c601df1846258b27", - "id": "subnet-0c601df1846258b27", - "name": "ex-rds-public-eu-west-1b", - "default": false, - "vpc_id": "vpc-0db221deba515d6c7", - "cidr_block": "10.0.1.0/24", - "availability_zone": "eu-west-1b", - "public": true, - "in_use": false, - "nat_gateway": false, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "Name", - "Value": "ex-rds-public-eu-west-1b" - }, - { - "Key": "Example", - "Value": "ex-rds" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-rds-aurora" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-0099cb47638dfe6cc", - "id": "subnet-0099cb47638dfe6cc", - "name": "ex-rds-db-eu-west-1c", - "default": false, - "vpc_id": "vpc-0db221deba515d6c7", - "cidr_block": "10.0.8.0/24", - "availability_zone": "eu-west-1c", - "public": false, - "in_use": false, - "nat_gateway": false, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "Example", - "Value": "ex-rds" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-rds-aurora" - }, - { - "Key": "Name", - "Value": "ex-rds-db-eu-west-1c" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-06044fff66c61bb5d", - "id": "subnet-06044fff66c61bb5d", - "name": "ex-rds-private-eu-west-1a", - "default": false, - "vpc_id": "vpc-0db221deba515d6c7", - "cidr_block": "10.0.3.0/24", - "availability_zone": "eu-west-1a", - "public": false, - "in_use": false, - "nat_gateway": false, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Example", - "Value": "ex-rds" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-rds-aurora" - }, - { - "Key": "Name", - "Value": "ex-rds-private-eu-west-1a" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-0fe7301ce3651cd65", - "id": "subnet-0fe7301ce3651cd65", - "name": "ex-rds-db-eu-west-1b", - "default": false, - "vpc_id": "vpc-0db221deba515d6c7", - "cidr_block": "10.0.7.0/24", - "availability_zone": "eu-west-1b", - "public": false, - "in_use": false, - "nat_gateway": false, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Example", - "Value": "ex-rds" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-rds-aurora" - }, - { - "Key": "Name", - "Value": "ex-rds-db-eu-west-1b" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-0460814cac0ede342", - "id": "subnet-0460814cac0ede342", - "name": "ex-rds-db-eu-west-1a", - "default": false, - "vpc_id": "vpc-0db221deba515d6c7", - "cidr_block": "10.0.6.0/24", - "availability_zone": "eu-west-1a", - "public": false, - "in_use": false, - "nat_gateway": false, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "Name", - "Value": "ex-rds-db-eu-west-1a" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Example", - "Value": "ex-rds" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-rds-aurora" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-02905869f401bc924", - "id": "subnet-02905869f401bc924", - "name": "ex-rds-private-eu-west-1b", - "default": false, - "vpc_id": "vpc-0db221deba515d6c7", - "cidr_block": "10.0.4.0/24", - "availability_zone": "eu-west-1b", - "public": false, - "in_use": false, - "nat_gateway": false, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "Name", - "Value": "ex-rds-private-eu-west-1b" - }, - { - "Key": "Example", - "Value": "ex-rds" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-rds-aurora" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-06cdd0ff5333f76e5", - "id": "subnet-06cdd0ff5333f76e5", - "name": "ex-rds-private-eu-west-1c", - "default": false, - "vpc_id": "vpc-0db221deba515d6c7", - "cidr_block": "10.0.5.0/24", - "availability_zone": "eu-west-1c", - "public": false, - "in_use": false, - "nat_gateway": false, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Example", - "Value": "ex-rds" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-rds-aurora" - }, - { - "Key": "Name", - "Value": "ex-rds-private-eu-west-1c" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-0032157e99d569ffd", - "id": "subnet-0032157e99d569ffd", - "name": "ex-rds-public-eu-west-1a", - "default": false, - "vpc_id": "vpc-0db221deba515d6c7", - "cidr_block": "10.0.0.0/24", - "availability_zone": "eu-west-1a", - "public": true, - "in_use": false, - "nat_gateway": false, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "GithubRepo", - "Value": "terraform-aws-rds-aurora" - }, - { - "Key": "Example", - "Value": "ex-rds" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Name", - "Value": "ex-rds-public-eu-west-1a" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-02cbf11ee27383148", - "id": "subnet-02cbf11ee27383148", - "name": "ex-rds-public-eu-west-1c", - "default": false, - "vpc_id": "vpc-0db221deba515d6c7", - "cidr_block": "10.0.2.0/24", - "availability_zone": "eu-west-1c", - "public": true, - "in_use": false, - "nat_gateway": false, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "GithubRepo", - "Value": "terraform-aws-rds-aurora" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Name", - "Value": "ex-rds-public-eu-west-1c" - }, - { - "Key": "Example", - "Value": "ex-rds" - } - ] - } - ], - "tags": [ - { - "Key": "Example", - "Value": "ex-rds" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-rds-aurora" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Name", - "Value": "ex-rds" - } - ] - } - } - }, - "group": { - "name": "vpc" - }, - "labels": [], - "name": "211203495394", - "type": "AwsEc2Vpc", - "uid": "arn:aws:ec2:us-east-1:211203495394:vpc" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Ensure there are VPCs in more than one region", - "references": [ - "https://docs.aws.amazon.com/vpc/latest/userguide/vpc-example-private-subnets-nat.html" - ] - }, - "risk_details": "", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "VPC Endpoint Service vpce-svc-02e288a4c6043110f has no allowed principals.", - "metadata": { - "event_code": "vpc_endpoint_services_allowed_principals_trust_boundaries", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "VPC Endpoint Service vpce-svc-02e288a4c6043110f has no allowed principals.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "trustboundaries" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "AWS-Foundational-Technical-Review": [ - "NETSEC-002" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.10.2" - ], - "CCC": [ - "CCC.LB.CN09.AR01", - "CCC.Core.CN06.AR01", - "CCC.Core.CN06.AR02", - "CCC.Core.CN10.AR01", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP01" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.10.2" - ], - "NIS2": [ - "6.8.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Find trust boundaries in VPC endpoint services allowlisted principles.", - "title": "Find trust boundaries in VPC endpoint services allowlisted principles.", - "types": [ - "Infrastructure Security" - ], - "uid": "prowler-aws-vpc_endpoint_services_allowed_principals_trust_boundaries-211203495394-us-east-1-vpce-svc-02e288a4c6043110f" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:ec2:us-east-1:211203495394:vpc-endpoint-service/vpce-svc-02e288a4c6043110f", - "id": "vpce-svc-02e288a4c6043110f", - "service": "io.spotinst.vpce.us-east-1.privatelink-api", - "owner_id": "aws-marketplace", - "allowed_principals": [], - "region": "us-east-1", - "tags": [] - } - }, - "group": { - "name": "vpc" - }, - "labels": [], - "name": "vpce-svc-02e288a4c6043110f", - "type": "AwsEc2VpcEndpointService", - "uid": "arn:aws:ec2:us-east-1:211203495394:vpc-endpoint-service/vpce-svc-02e288a4c6043110f" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "In multi Account environments identify untrusted links. Check trust chaining and dependencies between accounts.", - "references": [ - "https://docs.aws.amazon.com/vpc/latest/privatelink/vpc-endpoints-access.html" - ] - }, - "risk_details": "Account VPC could be linked to other accounts.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "VPC Endpoint Service vpce-svc-028691921eaeee579 has no allowed principals.", - "metadata": { - "event_code": "vpc_endpoint_services_allowed_principals_trust_boundaries", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "VPC Endpoint Service vpce-svc-028691921eaeee579 has no allowed principals.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "trustboundaries" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "AWS-Foundational-Technical-Review": [ - "NETSEC-002" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.10.2" - ], - "CCC": [ - "CCC.LB.CN09.AR01", - "CCC.Core.CN06.AR01", - "CCC.Core.CN06.AR02", - "CCC.Core.CN10.AR01", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP01" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.10.2" - ], - "NIS2": [ - "6.8.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760897600, - "created_time_dt": "2025-10-19T18:13:20.987480", - "desc": "Find trust boundaries in VPC endpoint services allowlisted principles.", - "title": "Find trust boundaries in VPC endpoint services allowlisted principles.", - "types": [ - "Infrastructure Security" - ], - "uid": "prowler-aws-vpc_endpoint_services_allowed_principals_trust_boundaries-211203495394-us-west-2-vpce-svc-028691921eaeee579" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-west-2", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:ec2:us-west-2:211203495394:vpc-endpoint-service/vpce-svc-028691921eaeee579", - "id": "vpce-svc-028691921eaeee579", - "service": "io.spotinst.vpce.us-west-2.privatelink-api", - "owner_id": "aws-marketplace", - "allowed_principals": [], - "region": "us-west-2", - "tags": [] - } - }, - "group": { - "name": "vpc" - }, - "labels": [], - "name": "vpce-svc-028691921eaeee579", - "type": "AwsEc2VpcEndpointService", - "uid": "arn:aws:ec2:us-west-2:211203495394:vpc-endpoint-service/vpce-svc-028691921eaeee579" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-west-2" - }, - "remediation": { - "desc": "In multi Account environments identify untrusted links. Check trust chaining and dependencies between accounts.", - "references": [ - "https://docs.aws.amazon.com/vpc/latest/privatelink/vpc-endpoints-access.html" - ] - }, - "risk_details": "Account VPC could be linked to other accounts.", - "time": 1760897600, - "time_dt": "2025-10-19T18:13:20.987480", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - } -] diff --git a/website/src/data/test-results/finos-labs-ccc-cfi-compliance/aws-s3-bucket/results/aws-s3-bucket-combined.ocsf.json b/website/src/data/test-results/finos-labs-ccc-cfi-compliance/aws-s3-bucket/results/aws-s3-bucket-combined.ocsf.json index 5fd27729..4e5922c7 100644 --- a/website/src/data/test-results/finos-labs-ccc-cfi-compliance/aws-s3-bucket/results/aws-s3-bucket-combined.ocsf.json +++ b/website/src/data/test-results/finos-labs-ccc-cfi-compliance/aws-s3-bucket/results/aws-s3-bucket-combined.ocsf.json @@ -7,25 +7,21190 @@ "class_name": "Compliance Finding", "class_uid": 2004, "finding_info": { - "created_time": 1760898494, - "created_time_dt": "2025-10-19T18:28:14Z", - "desc": "Compliance test scenario: Cleanup", - "title": "Cleanup", + "created_time": 1772107437, + "created_time_dt": "2026-02-26T12:03:57Z", + "desc": "Compliance test scenario: Service accepts TLS 1.3 encrypted traffic", + "title": "Service accepts TLS 1.3 encrypted traffic", "types": [], - "uid": "ccc-test-487-1760898494" + "uid": "ccc-test-92-1772107437" }, - "message": "Cleanup", + "message": "Service accepts TLS 1.3 encrypted traffic", "metadata": { "event_code": "ccc_compliance_test", "product": { - "name": "CCC-Destructive", - "uid": "CCC-Destructive", + "name": "CCC-Complete", + "uid": "CCC-Complete", "vendor_name": "FINOS", "version": "0.1" }, "profiles": [ - "cloud", - "datetime" + "@CCC.Core", + "@object-storage", + "@vpc", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@CCC.Core.CN01", + "@tls", + "@Behavioural", + "@PerPort" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": "https service on cloudfront-logs-flowing-porpoise.s3.us-east-1.amazonaws.com:443", + "metadata": { + "findings": [], + "name": "cloudfront-logs-flowing-porpoise.s3.us-east-1.amazonaws.com", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "cloudfront-logs-flowing-porpoise.s3.us-east-1.amazonaws.com", + "region": "us-east-1", + "type": "object-storage", + "uid": "cloudfront-logs-flowing-porpoise" + } + ], + "severity": "Informational", + "severity_id": 1, + "status": "New", + "status_code": "PASS", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ an openssl s_client request using \"tls1_3\" to \"{portNumber}\" on \"{hostName}\" protocol \"{protocol}\"\nβœ“ I refer to \"{result}\" as \"connection\"\nβœ“ \"{connection}\" state is open\nβœ“ \"{connection.State}\" is \"open\"\nβœ“ I close connection \"{connection}\"\nβœ“ \"{connection}\" state is closed", + "status_id": 1, + "time": 1772107437, + "time_dt": "2026-02-26T12:03:57Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN01.AR01" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772107437, + "created_time_dt": "2026-02-26T12:03:57Z", + "desc": "Compliance test scenario: Service rejects TLS 1.2 traffic", + "title": "Service rejects TLS 1.2 traffic", + "types": [], + "uid": "ccc-test-98-1772107437" + }, + "message": "Service rejects TLS 1.2 traffic", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@CCC.Core", + "@object-storage", + "@vpc", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@CCC.Core.CN01", + "@tls", + "@Behavioural", + "@PerPort" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": "https service on cloudfront-logs-flowing-porpoise.s3.us-east-1.amazonaws.com:443", + "metadata": { + "findings": [], + "name": "cloudfront-logs-flowing-porpoise.s3.us-east-1.amazonaws.com", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "cloudfront-logs-flowing-porpoise.s3.us-east-1.amazonaws.com", + "region": "us-east-1", + "type": "object-storage", + "uid": "cloudfront-logs-flowing-porpoise" + } + ], + "severity": "Informational", + "severity_id": 1, + "status": "New", + "status_code": "PASS", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ an openssl s_client request using \"tls1_2\" to \"{portNumber}\" on \"{hostName}\" protocol \"{protocol}\"\nβœ“ I refer to \"{result}\" as \"connection\"\nβœ“ we wait for a period of \"40\" ms\nβœ“ \"{connection.State}\" is \"closed\"", + "status_id": 1, + "time": 1772107437, + "time_dt": "2026-02-26T12:03:57Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN01.AR01" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772107437, + "created_time_dt": "2026-02-26T12:03:57Z", + "desc": "Compliance test scenario: Service rejects TLS 1.1 traffic", + "title": "Service rejects TLS 1.1 traffic", + "types": [], + "uid": "ccc-test-104-1772107437" + }, + "message": "Service rejects TLS 1.1 traffic", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@CCC.Core", + "@object-storage", + "@vpc", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@CCC.Core.CN01", + "@tls", + "@Behavioural", + "@PerPort" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": "https service on cloudfront-logs-flowing-porpoise.s3.us-east-1.amazonaws.com:443", + "metadata": { + "findings": [], + "name": "cloudfront-logs-flowing-porpoise.s3.us-east-1.amazonaws.com", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "cloudfront-logs-flowing-porpoise.s3.us-east-1.amazonaws.com", + "region": "us-east-1", + "type": "object-storage", + "uid": "cloudfront-logs-flowing-porpoise" + } + ], + "severity": "Informational", + "severity_id": 1, + "status": "New", + "status_code": "PASS", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ an openssl s_client request using \"tls1_1\" to \"{portNumber}\" on \"{hostName}\" protocol \"{protocol}\"\nβœ“ I refer to \"{result}\" as \"connection\"\nβœ“ we wait for a period of \"40\" ms\nβœ“ \"{connection.State}\" is \"closed\"", + "status_id": 1, + "time": 1772107437, + "time_dt": "2026-02-26T12:03:57Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN01.AR01" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772107437, + "created_time_dt": "2026-02-26T12:03:57Z", + "desc": "Compliance test scenario: Service rejects TLS 1.0 traffic", + "title": "Service rejects TLS 1.0 traffic", + "types": [], + "uid": "ccc-test-110-1772107437" + }, + "message": "Service rejects TLS 1.0 traffic", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@CCC.Core", + "@object-storage", + "@vpc", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@CCC.Core.CN01", + "@tls", + "@Behavioural", + "@PerPort" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": "https service on cloudfront-logs-flowing-porpoise.s3.us-east-1.amazonaws.com:443", + "metadata": { + "findings": [], + "name": "cloudfront-logs-flowing-porpoise.s3.us-east-1.amazonaws.com", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "cloudfront-logs-flowing-porpoise.s3.us-east-1.amazonaws.com", + "region": "us-east-1", + "type": "object-storage", + "uid": "cloudfront-logs-flowing-porpoise" + } + ], + "severity": "Informational", + "severity_id": 1, + "status": "New", + "status_code": "PASS", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ an openssl s_client request using \"tls1\" to \"{portNumber}\" on \"{hostName}\" protocol \"{protocol}\"\nβœ“ I refer to \"{result}\" as \"connection\"\nβœ“ we wait for a period of \"40\" ms\nβœ“ \"{connection.State}\" is \"closed\"", + "status_id": 1, + "time": 1772107437, + "time_dt": "2026-02-26T12:03:57Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN01.AR01" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772107437, + "created_time_dt": "2026-02-26T12:03:57Z", + "desc": "Compliance test scenario: Verify SSL/TLS protocol support", + "title": "Verify SSL/TLS protocol support", + "types": [], + "uid": "ccc-test-115-1772107437" + }, + "message": "Verify SSL/TLS protocol support", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@CCC.Core", + "@object-storage", + "@vpc", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@CCC.Core.CN01", + "@tls", + "@Behavioural", + "@PerPort" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": "https service on cloudfront-logs-flowing-porpoise.s3.us-east-1.amazonaws.com:443", + "metadata": { + "findings": [], + "name": "cloudfront-logs-flowing-porpoise.s3.us-east-1.amazonaws.com", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "cloudfront-logs-flowing-porpoise.s3.us-east-1.amazonaws.com", + "region": "us-east-1", + "type": "object-storage", + "uid": "cloudfront-logs-flowing-porpoise" + } + ], + "severity": "Medium", + "severity_id": 3, + "status": "New", + "status_code": "FAIL", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ \"report\" contains details of SSL Support type \"protocols\" for \"{hostName}\" on port \"{portNumber}\"\nβœ— \"{report}\" is an array of objects which doesn't contain any of - Error: unwanted row found in array: map[finding:offered id:TLS1_2]\n⊘ \"{report}\" is an array of objects with at least the following contents (skipped)", + "status_id": 1, + "time": 1772107437, + "time_dt": "2026-02-26T12:03:57Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN01.AR01" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772107442, + "created_time_dt": "2026-02-26T12:04:02Z", + "desc": "Compliance test scenario: Verify no known SSL/TLS vulnerabilities", + "title": "Verify no known SSL/TLS vulnerabilities", + "types": [], + "uid": "ccc-test-119-1772107442" + }, + "message": "Verify no known SSL/TLS vulnerabilities", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@CCC.Core", + "@object-storage", + "@vpc", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@CCC.Core.CN01", + "@tls", + "@Behavioural", + "@PerPort" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": "https service on cloudfront-logs-flowing-porpoise.s3.us-east-1.amazonaws.com:443", + "metadata": { + "findings": [], + "name": "cloudfront-logs-flowing-porpoise.s3.us-east-1.amazonaws.com", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "cloudfront-logs-flowing-porpoise.s3.us-east-1.amazonaws.com", + "region": "us-east-1", + "type": "object-storage", + "uid": "cloudfront-logs-flowing-porpoise" + } + ], + "severity": "Informational", + "severity_id": 1, + "status": "New", + "status_code": "PASS", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ \"report\" contains details of SSL Support type \"vulnerable\" for \"{hostName}\" on port \"{portNumber}\"\nβœ“ \"{report}\" is an array of objects with at least the following contents", + "status_id": 1, + "time": 1772107442, + "time_dt": "2026-02-26T12:04:02Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN01.AR01" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772107469, + "created_time_dt": "2026-02-26T12:04:29Z", + "desc": "Compliance test scenario: Verify TLS 1.3 only certificate validity", + "title": "Verify TLS 1.3 only certificate validity", + "types": [], + "uid": "ccc-test-123-1772107469" + }, + "message": "Verify TLS 1.3 only certificate validity", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@CCC.Core", + "@object-storage", + "@vpc", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@CCC.Core.CN01", + "@tls", + "@Behavioural", + "@PerPort" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": "https service on cloudfront-logs-flowing-porpoise.s3.us-east-1.amazonaws.com:443", + "metadata": { + "findings": [], + "name": "cloudfront-logs-flowing-porpoise.s3.us-east-1.amazonaws.com", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "cloudfront-logs-flowing-porpoise.s3.us-east-1.amazonaws.com", + "region": "us-east-1", + "type": "object-storage", + "uid": "cloudfront-logs-flowing-porpoise" + } + ], + "severity": "Informational", + "severity_id": 1, + "status": "New", + "status_code": "PASS", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ \"report\" contains details of SSL Support type \"server-defaults\" for \"{hostName}\" on port \"{portNumber}\"\nβœ“ \"{report}\" is an array of objects with at least the following contents", + "status_id": 1, + "time": 1772107469, + "time_dt": "2026-02-26T12:04:29Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN01.AR01" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772106721, + "created_time_dt": "2026-02-26T11:52:01Z", + "desc": "Compliance test scenario: Storage account enforces minimum TLS version", + "title": "Storage account enforces minimum TLS version", + "types": [], + "uid": "ccc-test-127-1772106721" + }, + "message": "Storage account enforces minimum TLS version", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@CCC.Core", + "@object-storage", + "@vpc", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@CCC.Core.CN01", + "@tls", + "@Policy", + "@PerService", + "@object-storage" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "cloudfront-logs-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "cloudfront-logs-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "cloudfront-logs-flowing-porpoise" + } + ], + "severity": "Informational", + "severity_id": 1, + "status": "New", + "status_code": "PASS", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I attempt policy check \"object-storage-tls-policy\" for control \"CCC.Core.CN01\" assessment requirement \"AR01\" for service \"{ServiceType}\" on resource \"{ResourceName}\" and provider \"{Provider}\"\nβœ“ \"{result}\" is true", + "status_id": 1, + "time": 1772106721, + "time_dt": "2026-02-26T11:52:01Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN01.AR01" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772106721, + "created_time_dt": "2026-02-26T11:52:01Z", + "desc": "Compliance test scenario: Load balancer enforces minimum TLS version", + "title": "Load balancer enforces minimum TLS version", + "types": [], + "uid": "ccc-test-131-1772106721" + }, + "message": "Load balancer enforces minimum TLS version", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@CCC.Core", + "@object-storage", + "@vpc", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@CCC.Core.CN01", + "@tls", + "@Policy", + "@PerService", + "@CCC.LoadBalancer" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "cloudfront-logs-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "cloudfront-logs-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "cloudfront-logs-flowing-porpoise" + } + ], + "severity": "Medium", + "severity_id": 3, + "status": "New", + "status_code": "FAIL", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ— I attempt policy check \"load-balancer-tls-policy\" for control \"CCC.Core.CN01\" assessment requirement \"AR01\" for service \"{ServiceType}\" on resource \"{ResourceName}\" and provider \"{Provider}\" - Error: policy check failed: ALB TLS 1.3 Security Policy Check: query execution failed: exit status 254\nOutput: \nAn error occurred (ValidationError) when calling the DescribeListeners operation: 'cloudfront-logs-flowing-porpoise' is not a valid load balancer ARN\n\n⊘ \"{result}\" is true (skipped)", + "status_id": 1, + "time": 1772106721, + "time_dt": "2026-02-26T11:52:01Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN01.AR01" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772106724, + "created_time_dt": "2026-02-26T11:52:04Z", + "desc": "Compliance test scenario: Object storage encryption compliance", + "title": "Object storage encryption compliance", + "types": [], + "uid": "ccc-test-386-1772106724" + }, + "message": "Object storage encryption compliance", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@CCC.Core", + "@CCC.Core.CN02", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@Policy", + "@object-storage" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "cloudfront-logs-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "cloudfront-logs-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "cloudfront-logs-flowing-porpoise" + } + ], + "severity": "Medium", + "severity_id": 3, + "status": "New", + "status_code": "FAIL", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ— I attempt policy check \"object-storage-encryption\" for control \"CCC.Core.CN02\" assessment requirement \"AR01\" for service \"{ServiceType}\" on resource \"{ResourceName}\" and provider \"{Provider}\" - Error: policy check failed: S3 Bucket Server-Side Encryption Check: \n⊘ \"{result}\" is true (skipped)", + "status_id": 1, + "time": 1772106724, + "time_dt": "2026-02-26T11:52:04Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN02.AR01 - Data Encryption at Rest" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772106725, + "created_time_dt": "2026-02-26T11:52:05Z", + "desc": "Compliance test scenario: Verify objects are encrypted at rest", + "title": "Verify objects are encrypted at rest", + "types": [], + "uid": "ccc-test-397-1772106725" + }, + "message": "Verify objects are encrypted at rest", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@CCC.Core", + "@CCC.Core.CN02", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@Behavioural", + "@object-storage" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "cloudfront-logs-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "cloudfront-logs-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "cloudfront-logs-flowing-porpoise" + } + ], + "severity": "Informational", + "severity_id": 1, + "status": "New", + "status_code": "PASS", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{storage}\" with \"CreateObject\" using arguments \"{ResourceName}\", \"test-encryption-check.txt\", and \"encryption test data\"\nβœ“ \"{result}\" is not an error\nβœ“ I refer to \"{result}\" as \"uploadResult\"\nβœ“ \"{uploadResult.Encryption}\" is not null\nβœ“ \"{uploadResult.EncryptionAlgorithm}\" is \"AES256\"\nβœ“ I attach \"{uploadResult}\" to the test output as \"Upload Result with Encryption Details\"\nβœ“ I call \"{storage}\" with \"DeleteObject\" using arguments \"{ResourceName}\" and \"test-encryption-check.txt\"", + "status_id": 1, + "time": 1772106725, + "time_dt": "2026-02-26T11:52:05Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN02.AR01 - Data Encryption at Rest" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772106726, + "created_time_dt": "2026-02-26T11:52:06Z", + "desc": "Compliance test scenario: Object storage delete protection compliance", + "title": "Object storage delete protection compliance", + "types": [], + "uid": "ccc-test-418-1772106726" + }, + "message": "Object storage delete protection compliance", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@CCC.Core", + "@CCC.Core.CN03", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@Policy", + "@object-storage" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "cloudfront-logs-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "cloudfront-logs-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "cloudfront-logs-flowing-porpoise" + } + ], + "severity": "Medium", + "severity_id": 3, + "status": "New", + "status_code": "FAIL", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ— I attempt policy check \"object-storage-delete-protection\" for control \"CCC.Core.CN03\" assessment requirement \"AR01\" for service \"{ServiceType}\" on resource \"{ResourceName}\" and provider \"{Provider}\" - Error: policy check failed: S3 Bucket MFA Delete Configuration: \n⊘ \"{result}\" is true (skipped)", + "status_id": 1, + "time": 1772106726, + "time_dt": "2026-02-26T11:52:06Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN03.AR01 - Multi-Factor Authentication for Destructive Operations" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772106727, + "created_time_dt": "2026-02-26T11:52:07Z", + "desc": "Compliance test scenario: MFA requirement for destructive operations cannot be tested automatically", + "title": "MFA requirement for destructive operations cannot be tested automatically", + "types": [], + "uid": "ccc-test-421-1772106727" + }, + "message": "MFA requirement for destructive operations cannot be tested automatically", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@CCC.Core", + "@CCC.Core.CN03", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@Behavioural", + "@object-storage" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "cloudfront-logs-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "cloudfront-logs-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "cloudfront-logs-flowing-porpoise" + } + ], + "severity": "Informational", + "severity_id": 1, + "status": "New", + "status_code": "PASS", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ no-op required", + "status_id": 1, + "time": 1772106727, + "time_dt": "2026-02-26T11:52:07Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN03.AR01 - Multi-Factor Authentication for Destructive Operations" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772106727, + "created_time_dt": "2026-02-26T11:52:07Z", + "desc": "Compliance test scenario: API modification requires credential and trust perimeter origin", + "title": "API modification requires credential and trust perimeter origin", + "types": [], + "uid": "ccc-test-437-1772106727" + }, + "message": "API modification requires credential and trust perimeter origin", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@CCC.Core", + "@CCC.Core.CN03", + "@tlp-clear", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@Policy", + "@object-storage" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "cloudfront-logs-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "cloudfront-logs-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "cloudfront-logs-flowing-porpoise" + } + ], + "severity": "Informational", + "severity_id": 1, + "status": "New", + "status_code": "PASS", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ no-op required", + "status_id": 1, + "time": 1772106727, + "time_dt": "2026-02-26T11:52:07Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN03.AR02 - API Authentication with Credentials" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772106727, + "created_time_dt": "2026-02-26T11:52:07Z", + "desc": "Compliance test scenario: UI viewing requires multi-factor authentication", + "title": "UI viewing requires multi-factor authentication", + "types": [], + "uid": "ccc-test-451-1772106727" + }, + "message": "UI viewing requires multi-factor authentication", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@CCC.Core", + "@CCC.Core.CN03", + "@tlp-amber", + "@tlp-red", + "@Policy", + "@object-storage" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "cloudfront-logs-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "cloudfront-logs-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "cloudfront-logs-flowing-porpoise" + } + ], + "severity": "Informational", + "severity_id": 1, + "status": "New", + "status_code": "PASS", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ no-op required", + "status_id": 1, + "time": 1772106727, + "time_dt": "2026-02-26T11:52:07Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN03.AR03 - MFA for UI Viewing" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772106727, + "created_time_dt": "2026-02-26T11:52:07Z", + "desc": "Compliance test scenario: API viewing requires credential and trust perimeter origin", + "title": "API viewing requires credential and trust perimeter origin", + "types": [], + "uid": "ccc-test-465-1772106727" + }, + "message": "API viewing requires credential and trust perimeter origin", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@CCC.Core", + "@CCC.Core.CN03", + "@tlp-amber", + "@tlp-red", + "@Policy", + "@object-storage" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "cloudfront-logs-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "cloudfront-logs-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "cloudfront-logs-flowing-porpoise" + } + ], + "severity": "Informational", + "severity_id": 1, + "status": "New", + "status_code": "PASS", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ no-op required", + "status_id": 1, + "time": 1772106727, + "time_dt": "2026-02-26T11:52:07Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN03.AR04 - API Authentication for Viewing" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772106727, + "created_time_dt": "2026-02-26T11:52:07Z", + "desc": "Compliance test scenario: Admin logging compliance", + "title": "Admin logging compliance", + "types": [], + "uid": "ccc-test-500-1772106727" + }, + "message": "Admin logging compliance", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@CCC.Core", + "@CCC.Core.CN04", + "@tlp-clear", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@Policy", + "@object-storage", + "@vpc" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "cloudfront-logs-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "cloudfront-logs-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "cloudfront-logs-flowing-porpoise" + } + ], + "severity": "Medium", + "severity_id": 3, + "status": "New", + "status_code": "FAIL", + "status_detail": "βœ— I attempt policy check \"admin-logging\" for control \"CCC.Core.CN04\" assessment requirement \"AR01\" for service \"{ServiceType}\" on resource \"{ResourceName}\" and provider \"{Provider}\" - Error: policy check failed: CloudTrail Management Events Configuration: unknown parameter(s) in policy query: [AWSCloudTrailName] (available: [Labels ResourceName ReportFile Provider AwsCloudTrailLogGroupName PermittedRegions Protocol ProviderServiceType Instance PortNumber CatalogTypes TagFilter UID Region PermittedAccountIds HostName ServiceType ReportTitle Props])\n⊘ \"{result}\" is true (skipped)", + "status_id": 1, + "time": 1772106727, + "time_dt": "2026-02-26T11:52:07Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN04.AR01 - Log Administrative Access Attempts" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772106727, + "created_time_dt": "2026-02-26T11:52:07Z", + "desc": "Compliance test scenario: Verify admin actions are logged with identity and timestamp", + "title": "Verify admin actions are logged with identity and timestamp", + "types": [], + "uid": "ccc-test-515-1772106727" + }, + "message": "Verify admin actions are logged with identity and timestamp", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@CCC.Core", + "@CCC.Core.CN04", + "@tlp-clear", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@Behavioural", + "@object-storage" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "cloudfront-logs-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "cloudfront-logs-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "cloudfront-logs-flowing-porpoise" + } + ], + "severity": "Medium", + "severity_id": 3, + "status": "New", + "status_code": "FAIL", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"{ServiceType}\"\nβœ“ I refer to \"{result}\" as \"theService\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"logging\"\nβœ“ I refer to \"{result}\" as \"loggingService\"\nβœ“ I call \"{theService}\" with \"UpdateResourcePolicy\"\nβœ— \"{result}\" is not an error - Error: expected {result} to not be an error, but got: failed to get bucket policy (bucket may not have a policy): operation error S3: GetBucketPolicy, https response error StatusCode: 301, RequestID: T2EA2B39PGATCSX1, HostID: BWcUN1Ona7f00fSDRmTGxDfE56K8R9aUBMHqBytOWFEpvncmIXajAZ8TpW8LfRpPY+hJSkmTfO3w5DjCVw6UiUlmLrYCvQiG, api error PermanentRedirect: The bucket you are attempting to access must be addressed using the specified endpoint. Please send all future requests to this endpoint.\n⊘ I attach \"{result}\" to the test output as \"Policy Update Result\" (skipped)\n⊘ we wait for a period of \"10000\" ms (skipped)\n⊘ I call \"{loggingService}\" with \"QueryAdminLogs\" using arguments \"{ResourceName}\" and \"{20}\" (skipped)\n⊘ \"{result}\" is not an error (skipped)\n⊘ I refer to \"{result}\" as \"adminLogs\" (skipped)\n⊘ I attach \"{adminLogs}\" to the test output as \"Admin Activity Logs\" (skipped)\n⊘ \"{adminLogs}\" is an array of objects with at least the following contents (skipped)", + "status_id": 1, + "time": 1772106727, + "time_dt": "2026-02-26T11:52:07Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN04.AR01 - Log Administrative Access Attempts" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772106727, + "created_time_dt": "2026-02-26T11:52:07Z", + "desc": "Compliance test scenario: Object storage data modification logging compliance", + "title": "Object storage data modification logging compliance", + "types": [], + "uid": "ccc-test-554-1772106727" + }, + "message": "Object storage data modification logging compliance", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@CCC.Core", + "@CCC.Core.CN04", + "@tlp-amber", + "@tlp-red", + "@Policy", + "@object-storage" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "cloudfront-logs-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "cloudfront-logs-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "cloudfront-logs-flowing-porpoise" + } + ], + "severity": "Medium", + "severity_id": 3, + "status": "New", + "status_code": "FAIL", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ— I attempt policy check \"data-write-logging\" for control \"CCC.Core.CN04\" assessment requirement \"AR02\" for service \"{ServiceType}\" on resource \"{ResourceName}\" and provider \"{Provider}\" - Error: policy check failed: CloudTrail Data Events Write Configuration: unknown parameter(s) in policy query: [AWSCloudTrailName] (available: [ReportTitle Props PortNumber Protocol ProviderServiceType CatalogTypes TagFilter ResourceName Provider AwsCloudTrailLogGroupName ServiceType UID PermittedAccountIds Region Instance PermittedRegions api HostName Labels ReportFile])\n⊘ \"{result}\" is true (skipped)", + "status_id": 1, + "time": 1772106727, + "time_dt": "2026-02-26T11:52:07Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN04.AR02 - Log Data Modification Attempts" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772106727, + "created_time_dt": "2026-02-26T11:52:07Z", + "desc": "Compliance test scenario: Verify data modifications are logged with identity and timestamp", + "title": "Verify data modifications are logged with identity and timestamp", + "types": [], + "uid": "ccc-test-574-1772106727" + }, + "message": "Verify data modifications are logged with identity and timestamp", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@CCC.Core", + "@CCC.Core.CN04", + "@tlp-amber", + "@tlp-red", + "@Behavioural", + "@object-storage" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "cloudfront-logs-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "cloudfront-logs-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "cloudfront-logs-flowing-porpoise" + } + ], + "severity": "Medium", + "severity_id": 3, + "status": "New", + "status_code": "FAIL", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"logging\"\nβœ“ I refer to \"{result}\" as \"loggingService\"\nβœ“ I call \"{storage}\" with \"CreateObject\" using arguments \"{ResourceName}\", \"test-logging-object.txt\", and \"test data for logging verification\"\nβœ“ \"{result}\" is not an error\nβœ“ I refer to \"{result}\" as \"createResult\"\nβœ“ I attach \"{createResult}\" to the test output as \"Object Create Result\"\nβœ“ I call \"{storage}\" with \"DeleteObject\" using arguments \"{ResourceName}\" and \"test-logging-object.txt\"\nβœ“ \"{result}\" is not an error\nβœ“ I refer to \"{result}\" as \"deleteResult\"\nβœ“ I attach \"{deleteResult}\" to the test output as \"Object Delete Result\"\nβœ“ we wait for a period of \"10000\" ms\nβœ“ I call \"{loggingService}\" with \"QueryDataWriteLogs\" using arguments \"{ResourceName}\" and \"{20}\"\nβœ“ \"{result}\" is not an error\nβœ“ I refer to \"{result}\" as \"dataLogs\"\nβœ“ I attach \"{dataLogs}\" to the test output as \"Data Write Logs\"\nβœ— \"{dataLogs}\" is an array of objects with at least the following contents - Error: expected row not found: map[result:Succeeded]", + "status_id": 1, + "time": 1772106727, + "time_dt": "2026-02-26T11:52:07Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN04.AR02 - Log Data Modification Attempts" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772106738, + "created_time_dt": "2026-02-26T11:52:18Z", + "desc": "Compliance test scenario: Data read logging compliance", + "title": "Data read logging compliance", + "types": [], + "uid": "ccc-test-614-1772106738" + }, + "message": "Data read logging compliance", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@CCC.Core", + "@CCC.Core.CN04", + "@tlp-red", + "@Policy", + "@object-storage", + "@vpc" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "cloudfront-logs-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "cloudfront-logs-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "cloudfront-logs-flowing-porpoise" + } + ], + "severity": "Medium", + "severity_id": 3, + "status": "New", + "status_code": "FAIL", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ— I attempt policy check \"data-read-logging\" for control \"CCC.Core.CN04\" assessment requirement \"AR03\" for service \"{ServiceType}\" on resource \"{ResourceName}\" and provider \"{Provider}\" - Error: policy check failed: CloudTrail Data Events Read Configuration: unknown parameter(s) in policy query: [AWSCloudTrailName] (available: [UID AwsCloudTrailLogGroupName PermittedAccountIds Provider Protocol TagFilter Labels ReportTitle Instance Props Region PortNumber HostName ServiceType ProviderServiceType PermittedRegions api CatalogTypes ResourceName ReportFile])\n⊘ \"{result}\" is true (skipped)", + "status_id": 1, + "time": 1772106738, + "time_dt": "2026-02-26T11:52:18Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN04.AR03 - Log Data Read Attempts" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772106738, + "created_time_dt": "2026-02-26T11:52:18Z", + "desc": "Compliance test scenario: Verify data read operations are logged with identity and timestamp", + "title": "Verify data read operations are logged with identity and timestamp", + "types": [], + "uid": "ccc-test-635-1772106738" + }, + "message": "Verify data read operations are logged with identity and timestamp", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@CCC.Core", + "@CCC.Core.CN04", + "@tlp-red", + "@Behavioural", + "@object-storage" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "cloudfront-logs-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "cloudfront-logs-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "cloudfront-logs-flowing-porpoise" + } + ], + "severity": "Medium", + "severity_id": 3, + "status": "New", + "status_code": "FAIL", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"logging\"\nβœ“ I refer to \"{result}\" as \"loggingService\"\nβœ“ I call \"{storage}\" with \"CreateObject\" using arguments \"{ResourceName}\", \"test-read-logging-object.txt\", and \"test data for read logging verification\"\nβœ“ \"{result}\" is not an error\nβœ“ I refer to \"{result}\" as \"createResult\"\nβœ“ I call \"{storage}\" with \"ReadObject\" using arguments \"{ResourceName}\" and \"test-read-logging-object.txt\"\nβœ— \"{result}\" is not an error - Error: expected {result} to not be an error, but got: failed to read object test-read-logging-object.txt from bucket cloudfront-logs-flowing-porpoise: operation error S3: GetObject, https response error StatusCode: 301, RequestID: G2KT4PY9BGXAWCZZ, HostID: xpbWZarFwEBsghY1f1jELNZZwrFrhQDSn7HshDqpBQMyhF3vKK6PoW7Ug56t0S1aIVR/lzkTLswdwCmuqWyS74zdqQkVFfO3e+3Ti8knVrQ=, api error PermanentRedirect: The bucket you are attempting to access must be addressed using the specified endpoint. Please send all future requests to this endpoint.\n⊘ I refer to \"{result}\" as \"readResult\" (skipped)\n⊘ I attach \"{readResult}\" to the test output as \"Object Read Result\" (skipped)\n⊘ I call \"{storage}\" with \"DeleteObject\" using arguments \"{ResourceName}\" and \"test-read-logging-object.txt\" (skipped)\n⊘ \"{result}\" is not an error (skipped)\n⊘ we wait for a period of \"10000\" ms (skipped)\n⊘ I call \"{loggingService}\" with \"QueryDataReadLogs\" using arguments \"{ResourceName}\" and \"{20}\" (skipped)\n⊘ \"{result}\" is not an error (skipped)\n⊘ I refer to \"{result}\" as \"readLogs\" (skipped)\n⊘ I attach \"{readLogs}\" to the test output as \"Data Read Logs\" (skipped)\n⊘ \"{readLogs}\" is an array of objects with at least the following contents (skipped)", + "status_id": 1, + "time": 1772106738, + "time_dt": "2026-02-26T11:52:18Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN04.AR03 - Log Data Read Attempts" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772106738, + "created_time_dt": "2026-02-26T11:52:18Z", + "desc": "Compliance test scenario: Service prevents data modification by user with no access", + "title": "Service prevents data modification by user with no access", + "types": [], + "uid": "ccc-test-700-1772106738" + }, + "message": "Service prevents data modification by user with no access", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@CCC.Core", + "@CCC.Core.CN05", + "@tlp-clear", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@Destructive", + "@Behavioural", + "@object-storage" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "cloudfront-logs-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "cloudfront-logs-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "cloudfront-logs-flowing-porpoise" + } + ], + "severity": "Informational", + "severity_id": 1, + "status": "New", + "status_code": "PASS", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ I call \"{iamService}\" with \"ProvisionUserWithAccess\" using arguments \"test-user-no-write-access\", \"{UID}\", and \"none\"\nβœ“ I refer to \"{result}\" as \"testUserNoAccess\"\nβœ“ I attach \"{result}\" to the test output as \"no-access-user-identity.json\"\nβœ“ I call \"{api}\" with \"GetServiceAPIWithIdentity\" using arguments \"object-storage\", \"{testUserNoAccess}\", and \"{false}\"\nβœ“ \"{result}\" is not an error\nβœ“ I refer to \"{result}\" as \"userStorage\"\nβœ“ I call \"{userStorage}\" with \"CreateObject\" using arguments \"{ResourceName}\", \"test-cn05-unauthorized-modify.txt\", and \"unauthorized data\"\nβœ“ \"{result}\" is an error\nβœ“ I attach \"{result}\" to the test output as \"no-access-create-error.txt\"", + "status_id": 1, + "time": 1772106738, + "time_dt": "2026-02-26T11:52:18Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN05.AR01 - Block Unauthorized Data Modification" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772106738, + "created_time_dt": "2026-02-26T11:52:18Z", + "desc": "Compliance test scenario: Service allows data modification by user with write access", + "title": "Service allows data modification by user with write access", + "types": [], + "uid": "ccc-test-716-1772106738" + }, + "message": "Service allows data modification by user with write access", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@CCC.Core", + "@CCC.Core.CN05", + "@tlp-clear", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@Destructive", + "@Behavioural", + "@object-storage" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "cloudfront-logs-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "cloudfront-logs-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "cloudfront-logs-flowing-porpoise" + } + ], + "severity": "Medium", + "severity_id": 3, + "status": "New", + "status_code": "FAIL", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ I call \"{iamService}\" with \"ProvisionUserWithAccess\" using arguments \"test-user-write-access\", \"{UID}\", and \"write\"\nβœ“ I refer to \"{result}\" as \"testUserWrite\"\nβœ“ I attach \"{result}\" to the test output as \"write-user-identity.json\"\nβœ“ I call \"{api}\" with \"GetServiceAPIWithIdentity\" using arguments \"object-storage\", \"{testUserWrite}\", and \"{true}\"\nβœ— \"{result}\" is not an error - Error: expected {result} to not be an error, but got: user provisioning validation failed: user permissions validation timed out after 12 attempts: credentials not ready for S3 access: operation error S3: ListBuckets, https response error StatusCode: 403, RequestID: 403BPM8MZ069CX7H, HostID: c6z4LZ+W2aaepHBK+bDOfwvDH1wzC4kKXD9JQnaUIZfaW/maE+Bb8sr3njmVXOFqGGNKcbVqEjk=, api error AccessDenied: User: arn:aws:iam::211203495394:user/test-user-write-access is not authorized to perform: s3:ListAllMyBuckets because no identity-based policy allows the s3:ListAllMyBuckets action\n⊘ I refer to \"{result}\" as \"userStorage\" (skipped)\n⊘ I call \"{userStorage}\" with \"CreateObject\" using arguments \"{ResourceName}\", \"test-cn05-authorized-modify.txt\", and \"authorized data\" (skipped)\n⊘ \"{result}\" is not an error (skipped)\n⊘ I attach \"{result}\" to the test output as \"write-create-object-result.json\" (skipped)\n⊘ I call \"{storage}\" with \"DeleteObject\" using arguments \"{ResourceName}\" and \"test-cn05-authorized-modify.txt\" (skipped)", + "status_id": 1, + "time": 1772106738, + "time_dt": "2026-02-26T11:52:18Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN05.AR01 - Block Unauthorized Data Modification" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772106809, + "created_time_dt": "2026-02-26T11:53:29Z", + "desc": "Compliance test scenario: Storage is not configured for public write access", + "title": "Storage is not configured for public write access", + "types": [], + "uid": "ccc-test-724-1772106809" + }, + "message": "Storage is not configured for public write access", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@CCC.Core", + "@CCC.Core.CN05", + "@tlp-clear", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@Policy", + "@object-storage" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "cloudfront-logs-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "cloudfront-logs-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "cloudfront-logs-flowing-porpoise" + } + ], + "severity": "Medium", + "severity_id": 3, + "status": "New", + "status_code": "FAIL", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ— I attempt policy check \"object-storage-block-public-write-access\" for control \"CCC.Core.CN05\" assessment requirement \"AR01\" for service \"{ServiceType}\" on resource \"{ResourceName}\" and provider \"{Provider}\" - Error: policy check failed: S3 Block Public Access Configuration: \n⊘ \"{result}\" is true (skipped)", + "status_id": 1, + "time": 1772106809, + "time_dt": "2026-02-26T11:53:29Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN05.AR01 - Block Unauthorized Data Modification" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772106810, + "created_time_dt": "2026-02-26T11:53:30Z", + "desc": "Compliance test scenario: Service prevents administrative action (creating a new bucket) by user with no access", + "title": "Service prevents administrative action (creating a new bucket) by user with no access", + "types": [], + "uid": "ccc-test-803-1772106810" + }, + "message": "Service prevents administrative action (creating a new bucket) by user with no access", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@CCC.Core", + "@CCC.Core.CN05", + "@tlp-clear", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@Destructive", + "@Behavioural", + "@object-storage" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "cloudfront-logs-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "cloudfront-logs-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "cloudfront-logs-flowing-porpoise" + } + ], + "severity": "Informational", + "severity_id": 1, + "status": "New", + "status_code": "PASS", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ I call \"{iamService}\" with \"ProvisionUserWithAccess\" using arguments \"test-user-no-admin-access\", \"{UID}\", and \"none\"\nβœ“ I refer to \"{result}\" as \"testUserNoAccess\"\nβœ“ I attach \"{result}\" to the test output as \"no-admin-user-identity.json\"\nβœ“ I call \"{api}\" with \"GetServiceAPIWithIdentity\" using arguments \"object-storage\", \"{testUserNoAccess}\", and \"{false}\"\nβœ“ \"{result}\" is not an error\nβœ“ I refer to \"{result}\" as \"userStorage\"\nβœ“ I call \"{userStorage}\" with \"CreateBucket\" using argument \"test-cn05-unauthorized-admin-container\"\nβœ“ \"{result}\" is an error\nβœ“ I attach \"{result}\" to the test output as \"no-admin-create-bucket-error.txt\"", + "status_id": 1, + "time": 1772106810, + "time_dt": "2026-02-26T11:53:30Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN05.AR02 - Block Unauthorized Administrative Access" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772106810, + "created_time_dt": "2026-02-26T11:53:30Z", + "desc": "Compliance test scenario: Service prevents administrative action (creating a new bucket) by user with read-only access", + "title": "Service prevents administrative action (creating a new bucket) by user with read-only access", + "types": [], + "uid": "ccc-test-818-1772106810" + }, + "message": "Service prevents administrative action (creating a new bucket) by user with read-only access", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@CCC.Core", + "@CCC.Core.CN05", + "@tlp-clear", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@Destructive", + "@Behavioural", + "@object-storage" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "cloudfront-logs-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "cloudfront-logs-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "cloudfront-logs-flowing-porpoise" + } + ], + "severity": "Informational", + "severity_id": 1, + "status": "New", + "status_code": "PASS", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ I call \"{iamService}\" with \"ProvisionUserWithAccess\" using arguments \"test-user-read-only-admin\", \"{UID}\", and \"read\"\nβœ“ I refer to \"{result}\" as \"testUserRead\"\nβœ“ I attach \"{result}\" to the test output as \"read-only-admin-user-identity.json\"\nβœ“ I call \"{api}\" with \"GetServiceAPIWithIdentity\" using arguments \"object-storage\", \"{testUserRead}\", and \"{false}\"\nβœ“ \"{result}\" is not an error\nβœ“ I refer to \"{result}\" as \"userStorage\"\nβœ“ I call \"{userStorage}\" with \"CreateBucket\" using argument \"test-cn05-read-only-create-container\"\nβœ“ \"{result}\" is an error\nβœ“ I attach \"{result}\" to the test output as \"read-only-create-bucket-error.txt\"", + "status_id": 1, + "time": 1772106810, + "time_dt": "2026-02-26T11:53:30Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN05.AR02 - Block Unauthorized Administrative Access" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772106826, + "created_time_dt": "2026-02-26T11:53:46Z", + "desc": "Compliance test scenario: Service allows administrative action (creating a new bucket) by user with admin access", + "title": "Service allows administrative action (creating a new bucket) by user with admin access", + "types": [], + "uid": "ccc-test-834-1772106826" + }, + "message": "Service allows administrative action (creating a new bucket) by user with admin access", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@CCC.Core", + "@CCC.Core.CN05", + "@tlp-clear", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@Behavioural", + "@object-storage" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "cloudfront-logs-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "cloudfront-logs-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "cloudfront-logs-flowing-porpoise" + } + ], + "severity": "Informational", + "severity_id": 1, + "status": "New", + "status_code": "PASS", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ I call \"{iamService}\" with \"ProvisionUserWithAccess\" using arguments \"test-user-admin-access\", \"{UID}\", and \"admin\"\nβœ“ I refer to \"{result}\" as \"testUserAdmin\"\nβœ“ I attach \"{result}\" to the test output as \"admin-user-identity.json\"\nβœ“ I call \"{api}\" with \"GetServiceAPIWithIdentity\" using arguments \"object-storage\", \"{testUserAdmin}\", and \"{true}\"\nβœ“ \"{result}\" is not an error\nβœ“ I refer to \"{result}\" as \"userStorage\"\nβœ“ I call \"{userStorage}\" with \"CreateBucket\" using argument \"test-cn05-authorized-admin-container\"\nβœ“ \"{result}\" is not an error\nβœ“ I attach \"{result}\" to the test output as \"admin-create-bucket-result.json\"\nβœ“ I call \"{storage}\" with \"DeleteBucket\" using argument \"test-cn05-authorized-admin-container\"", + "status_id": 1, + "time": 1772106826, + "time_dt": "2026-02-26T11:53:46Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN05.AR02 - Block Unauthorized Administrative Access" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772106842, + "created_time_dt": "2026-02-26T11:54:02Z", + "desc": "Compliance test scenario: Unauthorized administrative access is blocked", + "title": "Unauthorized administrative access is blocked", + "types": [], + "uid": "ccc-test-841-1772106842" + }, + "message": "Unauthorized administrative access is blocked", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@CCC.Core", + "@CCC.Core.CN05", + "@tlp-clear", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@Policy", + "@object-storage" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "cloudfront-logs-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "cloudfront-logs-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "cloudfront-logs-flowing-porpoise" + } + ], + "severity": "Informational", + "severity_id": 1, + "status": "New", + "status_code": "PASS", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ no-op required", + "status_id": 1, + "time": 1772106842, + "time_dt": "2026-02-26T11:54:02Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN05.AR02 - Block Unauthorized Administrative Access" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772106842, + "created_time_dt": "2026-02-26T11:54:02Z", + "desc": "Compliance test scenario: Cross-tenant access is blocked without explicit allowlist", + "title": "Cross-tenant access is blocked without explicit allowlist", + "types": [], + "uid": "ccc-test-859-1772106842" + }, + "message": "Cross-tenant access is blocked without explicit allowlist", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@CCC.Core", + "@CCC.Core.CN05", + "@tlp-clear", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@Policy", + "@object-storage" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "cloudfront-logs-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "cloudfront-logs-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "cloudfront-logs-flowing-porpoise" + } + ], + "severity": "Informational", + "severity_id": 1, + "status": "New", + "status_code": "PASS", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I attempt policy check \"object-storage-cross-tenant-block\" for control \"CCC.Core.CN05\" assessment requirement \"AR03\" for service \"{ServiceType}\" on resource \"{ResourceName}\" and provider \"{Provider}\"\nβœ“ \"{result}\" is true", + "status_id": 1, + "time": 1772106842, + "time_dt": "2026-02-26T11:54:02Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN05.AR03 - Block Cross-Tenant Access" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772106843, + "created_time_dt": "2026-02-26T11:54:03Z", + "desc": "Compliance test scenario: External unauthorized data requests are blocked", + "title": "External unauthorized data requests are blocked", + "types": [], + "uid": "ccc-test-873-1772106843" + }, + "message": "External unauthorized data requests are blocked", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@CCC.Core", + "@CCC.Core.CN05", + "@tlp-amber", + "@tlp-red", + "@Policy", + "@object-storage" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "cloudfront-logs-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "cloudfront-logs-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "cloudfront-logs-flowing-porpoise" + } + ], + "severity": "Informational", + "severity_id": 1, + "status": "New", + "status_code": "PASS", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ no-op required", + "status_id": 1, + "time": 1772106843, + "time_dt": "2026-02-26T11:54:03Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN05.AR04 - Block Unauthorized External Data Requests" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772106843, + "created_time_dt": "2026-02-26T11:54:03Z", + "desc": "Compliance test scenario: External requests do not reveal service existence", + "title": "External requests do not reveal service existence", + "types": [], + "uid": "ccc-test-886-1772106843" + }, + "message": "External requests do not reveal service existence", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@CCC.Core", + "@CCC.Core.CN05", + "@tlp-red", + "@Policy", + "@object-storage" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "cloudfront-logs-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "cloudfront-logs-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "cloudfront-logs-flowing-porpoise" + } + ], + "severity": "Informational", + "severity_id": 1, + "status": "New", + "status_code": "PASS", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ no-op required", + "status_id": 1, + "time": 1772106843, + "time_dt": "2026-02-26T11:54:03Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN05.AR05 - Hide Service Existence from External Requests" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772106843, + "created_time_dt": "2026-02-26T11:54:03Z", + "desc": "Compliance test scenario: Service prevents data read by user with no access", + "title": "Service prevents data read by user with no access", + "types": [], + "uid": "ccc-test-914-1772106843" + }, + "message": "Service prevents data read by user with no access", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@CCC.Core", + "@CCC.Core.CN05", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@Destructive", + "@Behavioural", + "@object-storage" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "cloudfront-logs-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "cloudfront-logs-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "cloudfront-logs-flowing-porpoise" + } + ], + "severity": "Informational", + "severity_id": 1, + "status": "New", + "status_code": "PASS", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ no-op required", + "status_id": 1, + "time": 1772106843, + "time_dt": "2026-02-26T11:54:03Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN05.AR06 - Block All Unauthorized Requests" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772106844, + "created_time_dt": "2026-02-26T11:54:04Z", + "desc": "Compliance test scenario: All unauthorized requests are blocked", + "title": "All unauthorized requests are blocked", + "types": [], + "uid": "ccc-test-921-1772106844" + }, + "message": "All unauthorized requests are blocked", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@CCC.Core", + "@CCC.Core.CN05", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@Policy", + "@object-storage" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "cloudfront-logs-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "cloudfront-logs-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "cloudfront-logs-flowing-porpoise" + } + ], + "severity": "Informational", + "severity_id": 1, + "status": "New", + "status_code": "PASS", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ no-op required", + "status_id": 1, + "time": 1772106844, + "time_dt": "2026-02-26T11:54:04Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN05.AR06 - Block All Unauthorized Requests" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772106844, + "created_time_dt": "2026-02-26T11:54:04Z", + "desc": "Compliance test scenario: Object storage region compliance", + "title": "Object storage region compliance", + "types": [], + "uid": "ccc-test-944-1772106844" + }, + "message": "Object storage region compliance", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@CCC.Core", + "@CCC.Core.CN06", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@Policy", + "@object-storage" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "cloudfront-logs-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "cloudfront-logs-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "cloudfront-logs-flowing-porpoise" + } + ], + "severity": "Medium", + "severity_id": 3, + "status": "New", + "status_code": "FAIL", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ— I attempt policy check \"object-storage-region\" for control \"CCC.Core.CN06\" assessment requirement \"AR01\" for service \"{ServiceType}\" on resource \"{ResourceName}\" and provider \"{Provider}\" - Error: policy check failed: S3 Bucket Region Compliance: \n⊘ \"{result}\" is true (skipped)", + "status_id": 1, + "time": 1772106844, + "time_dt": "2026-02-26T11:54:04Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN06.AR01 - Resource Location Compliance" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772106844, + "created_time_dt": "2026-02-26T11:54:04Z", + "desc": "Compliance test scenario: Child resources are in approved regions", + "title": "Child resources are in approved regions", + "types": [], + "uid": "ccc-test-965-1772106844" + }, + "message": "Child resources are in approved regions", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@CCC.Core", + "@CCC.Core.CN06", + "@tlp-clear", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@Policy", + "@object-storage" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "cloudfront-logs-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "cloudfront-logs-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "cloudfront-logs-flowing-porpoise" + } + ], + "severity": "Informational", + "severity_id": 1, + "status": "New", + "status_code": "PASS", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ no-op required", + "status_id": 1, + "time": 1772106844, + "time_dt": "2026-02-26T11:54:04Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN06.AR02 - Child Resource Location Compliance" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772106844, + "created_time_dt": "2026-02-26T11:54:04Z", + "desc": "Compliance test scenario: Enumeration activities publish events to monitored channels", + "title": "Enumeration activities publish events to monitored channels", + "types": [], + "uid": "ccc-test-981-1772106844" + }, + "message": "Enumeration activities publish events to monitored channels", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@CCC.Core", + "@CCC.Core.CN07", + "@tlp-amber", + "@tlp-red", + "@Policy", + "@object-storage" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "cloudfront-logs-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "cloudfront-logs-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "cloudfront-logs-flowing-porpoise" + } + ], + "severity": "Informational", + "severity_id": 1, + "status": "New", + "status_code": "PASS", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I attempt policy check \"enumeration-monitoring-policy\" for control \"CCC.Core.CN07\" assessment requirement \"AR01\" for service \"{ServiceType}\" on resource \"{ResourceName}\" and provider \"{Provider}\"\nβœ“ \"{result}\" is true", + "status_id": 1, + "time": 1772106844, + "time_dt": "2026-02-26T11:54:04Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN07.AR01 - Publish Enumeration Activity Events" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772106844, + "created_time_dt": "2026-02-26T11:54:04Z", + "desc": "Compliance test scenario: Enumeration activities are logged", + "title": "Enumeration activities are logged", + "types": [], + "uid": "ccc-test-997-1772106844" + }, + "message": "Enumeration activities are logged", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@CCC.Core", + "@CCC.Core.CN07", + "@tlp-clear", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@Policy", + "@object-storage" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "cloudfront-logs-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "cloudfront-logs-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "cloudfront-logs-flowing-porpoise" + } + ], + "severity": "Informational", + "severity_id": 1, + "status": "New", + "status_code": "PASS", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ no-op required", + "status_id": 1, + "time": 1772106844, + "time_dt": "2026-02-26T11:54:04Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN07.AR02 - Log Enumeration Activities" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772106844, + "created_time_dt": "2026-02-26T11:54:04Z", + "desc": "Compliance test scenario: Object storage replication compliance", + "title": "Object storage replication compliance", + "types": [], + "uid": "ccc-test-1014-1772106844" + }, + "message": "Object storage replication compliance", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@CCC.Core", + "@CCC.Core.CN08", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@Policy", + "@object-storage" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "cloudfront-logs-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "cloudfront-logs-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "cloudfront-logs-flowing-porpoise" + } + ], + "severity": "Medium", + "severity_id": 3, + "status": "New", + "status_code": "FAIL", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ— I attempt policy check \"object-storage-replication\" for control \"CCC.Core.CN08\" assessment requirement \"AR01\" for service \"{ServiceType}\" on resource \"{ResourceName}\" and provider \"{Provider}\" - Error: policy check failed: S3 Cross-Region Replication Configuration: query execution failed: exit status 254\nOutput: \nAn error occurred (ReplicationConfigurationNotFoundError) when calling the GetBucketReplication operation: The replication configuration was not found\n\n⊘ \"{result}\" is true (skipped)", + "status_id": 1, + "time": 1772106844, + "time_dt": "2026-02-26T11:54:04Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN08.AR01 - Data Replication and Redundancy" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772106845, + "created_time_dt": "2026-02-26T11:54:05Z", + "desc": "Compliance test scenario: Object storage replication status is visible", + "title": "Object storage replication status is visible", + "types": [], + "uid": "ccc-test-1031-1772106845" + }, + "message": "Object storage replication status is visible", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@CCC.Core", + "@CCC.Core.CN08", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@Policy", + "@object-storage" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "cloudfront-logs-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "cloudfront-logs-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "cloudfront-logs-flowing-porpoise" + } + ], + "severity": "Medium", + "severity_id": 3, + "status": "New", + "status_code": "FAIL", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ— I attempt policy check \"object-storage-replication-status\" for control \"CCC.Core.CN08\" assessment requirement \"AR02\" for service \"{ServiceType}\" on resource \"{ResourceName}\" and provider \"{Provider}\" - Error: policy check failed: S3 Replication Status Visibility: query execution failed: exit status 254\nOutput: \nAn error occurred (ReplicationConfigurationNotFoundError) when calling the GetBucketReplication operation: The replication configuration was not found\n\n⊘ \"{result}\" is true (skipped)", + "status_id": 1, + "time": 1772106845, + "time_dt": "2026-02-26T11:54:05Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN08.AR02 - Replication Status Visibility" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772106846, + "created_time_dt": "2026-02-26T11:54:06Z", + "desc": "Compliance test scenario: Object storage access logging compliance", + "title": "Object storage access logging compliance", + "types": [], + "uid": "ccc-test-1048-1772106846" + }, + "message": "Object storage access logging compliance", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@CCC.Core", + "@CCC.Core.CN09", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@Policy", + "@object-storage" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "cloudfront-logs-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "cloudfront-logs-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "cloudfront-logs-flowing-porpoise" + } + ], + "severity": "Medium", + "severity_id": 3, + "status": "New", + "status_code": "FAIL", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ— I attempt policy check \"object-storage-access-logging\" for control \"CCC.Core.CN09\" assessment requirement \"AR01\" for service \"{ServiceType}\" on resource \"{ResourceName}\" and provider \"{Provider}\" - Error: policy check failed: S3 Server Access Logging Configuration: \n⊘ \"{result}\" is true (skipped)", + "status_id": 1, + "time": 1772106846, + "time_dt": "2026-02-26T11:54:06Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN09.AR01 - Access Logging Separation" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772106847, + "created_time_dt": "2026-02-26T11:54:07Z", + "desc": "Compliance test scenario: Disabling logs requires disabling the resource", + "title": "Disabling logs requires disabling the resource", + "types": [], + "uid": "ccc-test-1064-1772106847" + }, + "message": "Disabling logs requires disabling the resource", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@CCC.Core", + "@CCC.Core.CN09", + "@tlp-clear", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@Policy", + "@object-storage" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "cloudfront-logs-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "cloudfront-logs-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "cloudfront-logs-flowing-porpoise" + } + ], + "severity": "Informational", + "severity_id": 1, + "status": "New", + "status_code": "PASS", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ no-op required", + "status_id": 1, + "time": 1772106847, + "time_dt": "2026-02-26T11:54:07Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN09.AR02 - Logs Cannot Be Disabled" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772106847, + "created_time_dt": "2026-02-26T11:54:07Z", + "desc": "Compliance test scenario: Redirecting logs requires halting the resource", + "title": "Redirecting logs requires halting the resource", + "types": [], + "uid": "ccc-test-1078-1772106847" + }, + "message": "Redirecting logs requires halting the resource", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@CCC.Core", + "@CCC.Core.CN09", + "@tlp-amber", + "@tlp-red", + "@Policy", + "@object-storage" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "cloudfront-logs-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "cloudfront-logs-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "cloudfront-logs-flowing-porpoise" + } + ], + "severity": "Informational", + "severity_id": 1, + "status": "New", + "status_code": "PASS", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ no-op required", + "status_id": 1, + "time": 1772106847, + "time_dt": "2026-02-26T11:54:07Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN09.AR03 - Log Redirection Requires Service Halt" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772106847, + "created_time_dt": "2026-02-26T11:54:07Z", + "desc": "Compliance test scenario: Object storage replication destination compliance", + "title": "Object storage replication destination compliance", + "types": [], + "uid": "ccc-test-1095-1772106847" + }, + "message": "Object storage replication destination compliance", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@CCC.Core", + "@CCC.Core.CN10", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@Policy", + "@object-storage" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "cloudfront-logs-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "cloudfront-logs-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "cloudfront-logs-flowing-porpoise" + } + ], + "severity": "Medium", + "severity_id": 3, + "status": "New", + "status_code": "FAIL", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ— I attempt policy check \"object-storage-replication-destination\" for control \"CCC.Core.CN10\" assessment requirement \"AR01\" for service \"{ServiceType}\" on resource \"{ResourceName}\" and provider \"{Provider}\" - Error: policy check failed: S3 Replication Destination Region Validation: query execution failed: exit status 254\nOutput: \nAn error occurred (ReplicationConfigurationNotFoundError) when calling the GetBucketReplication operation: The replication configuration was not found\n\n⊘ \"{result}\" is true (skipped)", + "status_id": 1, + "time": 1772106847, + "time_dt": "2026-02-26T11:54:07Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN10.AR01 - Replication Destination Trust" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772106849, + "created_time_dt": "2026-02-26T11:54:09Z", + "desc": "Compliance test scenario: Service prevents reading bucket with no access", + "title": "Service prevents reading bucket with no access", + "types": [], + "uid": "ccc-test-1146-1772106849" + }, + "message": "Service prevents reading bucket with no access", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@object-storage", + "@CCC.ObjStor", + "@tlp-amber", + "@tlp-red", + "@CCC.ObjStor.CN01.AR01", + "@Destructive" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "cloudfront-logs-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "cloudfront-logs-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "cloudfront-logs-flowing-porpoise" + } + ], + "severity": "Informational", + "severity_id": 1, + "status": "New", + "status_code": "PASS", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ I call \"{iamService}\" with \"ProvisionUserWithAccess\" using arguments \"test-user-no-access\", \"{UID}\", and \"none\"\nβœ“ I refer to \"{result}\" as \"testUserNoAccess\"\nβœ“ I attach \"{result}\" to the test output as \"no-access-user-identity.json\"\nβœ“ I call \"{api}\" with \"GetServiceAPIWithIdentity\" using arguments \"object-storage\", \"{testUserNoAccess}\", and \"{false}\"\nβœ“ \"{result}\" is not an error\nβœ“ I refer to \"{result}\" as \"userStorage\"\nβœ“ I call \"{userStorage}\" with \"ListObjects\" using argument \"{ResourceName}\"\nβœ“ \"{result}\" is an error\nβœ“ I attach \"{result}\" to the test output as \"no-access-list-error.txt\"", + "status_id": 1, + "time": 1772106849, + "time_dt": "2026-02-26T11:54:09Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.ObjStor.CN01.AR01" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772106849, + "created_time_dt": "2026-02-26T11:54:09Z", + "desc": "Compliance test scenario: Service allows reading bucket with read access", + "title": "Service allows reading bucket with read access", + "types": [], + "uid": "ccc-test-1162-1772106849" + }, + "message": "Service allows reading bucket with read access", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@object-storage", + "@CCC.ObjStor", + "@tlp-amber", + "@tlp-red", + "@CCC.ObjStor.CN01.AR01" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "cloudfront-logs-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "cloudfront-logs-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "cloudfront-logs-flowing-porpoise" + } + ], + "severity": "Medium", + "severity_id": 3, + "status": "New", + "status_code": "FAIL", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ I call \"{iamService}\" with \"ProvisionUserWithAccess\" using arguments \"test-user-read\", \"{UID}\", and \"read\"\nβœ“ I refer to \"{result}\" as \"testUserRead\"\nβœ“ I attach \"{result}\" to the test output as \"read-user-identity.json\"\nβœ“ I call \"{api}\" with \"GetServiceAPIWithIdentity\" using arguments \"object-storage\", \"{testUserRead}\", and \"{true}\"\nβœ— \"{result}\" is not an error - Error: expected {result} to not be an error, but got: user provisioning validation failed: user permissions validation timed out after 12 attempts: credentials not ready for S3 access: operation error S3: ListBuckets, https response error StatusCode: 403, RequestID: C742EVAET6GBHM3T, HostID: 6UadsXF/DyU3s0H1MMcxg/T9UZVpSphyKZMuYHOGPNHsM/pJ4zcDKcFAdJFc2zxIkdVbk+HB5eQz9ISAAm1eoaL0WlRgy4sG, api error AccessDenied: User: arn:aws:iam::211203495394:user/test-user-read is not authorized to perform: s3:ListAllMyBuckets because no identity-based policy allows the s3:ListAllMyBuckets action\n⊘ I attach \"{result}\" to the test output as \"read-storage-service.json\" (skipped)\n⊘ I refer to \"{result}\" as \"userStorage\" (skipped)\n⊘ I call \"{userStorage}\" with \"ListObjects\" using argument \"{ResourceName}\" (skipped)\n⊘ \"{result}\" is not an error (skipped)\n⊘ I attach \"{result}\" to the test output as \"read-list-objects-result.json\" (skipped)", + "status_id": 1, + "time": 1772106849, + "time_dt": "2026-02-26T11:54:09Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.ObjStor.CN01.AR01" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772106919, + "created_time_dt": "2026-02-26T11:55:19Z", + "desc": "Compliance test scenario: Test policy", + "title": "Test policy", + "types": [], + "uid": "ccc-test-1163-1772106919" + }, + "message": "Test policy", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@object-storage", + "@CCC.ObjStor", + "@tlp-amber", + "@tlp-red", + "@CCC.ObjStor.CN01.AR01", + "@Policy" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "cloudfront-logs-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "cloudfront-logs-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "cloudfront-logs-flowing-porpoise" + } + ], + "severity": "Informational", + "severity_id": 1, + "status": "New", + "status_code": "PASS", + "status_detail": "", + "status_id": 1, + "time": 1772106919, + "time_dt": "2026-02-26T11:55:19Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.ObjStor.CN01.AR01" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772106919, + "created_time_dt": "2026-02-26T11:55:19Z", + "desc": "Compliance test scenario: Service prevents reading object with no access", + "title": "Service prevents reading object with no access", + "types": [], + "uid": "ccc-test-1216-1772106919" + }, + "message": "Service prevents reading object with no access", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@object-storage", + "@CCC.ObjStor", + "@tlp-amber", + "@tlp-red", + "@CCC.ObjStor.CN01.AR02" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "cloudfront-logs-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "cloudfront-logs-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "cloudfront-logs-flowing-porpoise" + } + ], + "severity": "Informational", + "severity_id": 1, + "status": "New", + "status_code": "PASS", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ I call \"{storage}\" with \"CreateObject\" using arguments \"{ResourceName}\", \"test-object.txt\", and \"test content\"\nβœ“ \"{result}\" is not an error\nβœ“ I call \"{iamService}\" with \"ProvisionUserWithAccess\" using arguments \"test-user-no-access\", \"{UID}\", and \"none\"\nβœ“ I refer to \"{result}\" as \"testUserNoAccess\"\nβœ“ I attach \"{result}\" to the test output as \"no-access-user-identity.json\"\nβœ“ I call \"{api}\" with \"GetServiceAPIWithIdentity\" using arguments \"object-storage\", \"{testUserNoAccess}\", and \"{false}\"\nβœ“ \"{result}\" is not an error\nβœ“ I refer to \"{result}\" as \"userStorage\"\nβœ“ I call \"{userStorage}\" with \"ReadObject\" using arguments \"{ResourceName}\" and \"test-object.txt\"\nβœ“ \"{result}\" is an error\nβœ“ I attach \"{result}\" to the test output as \"no-access-read-object-error.txt\"", + "status_id": 1, + "time": 1772106919, + "time_dt": "2026-02-26T11:55:19Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.ObjStor.CN01.AR02" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772106920, + "created_time_dt": "2026-02-26T11:55:20Z", + "desc": "Compliance test scenario: Service allows reading object with read access", + "title": "Service allows reading object with read access", + "types": [], + "uid": "ccc-test-1235-1772106920" + }, + "message": "Service allows reading object with read access", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@object-storage", + "@CCC.ObjStor", + "@tlp-amber", + "@tlp-red", + "@CCC.ObjStor.CN01.AR02" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "cloudfront-logs-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "cloudfront-logs-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "cloudfront-logs-flowing-porpoise" + } + ], + "severity": "Medium", + "severity_id": 3, + "status": "New", + "status_code": "FAIL", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ I call \"{storage}\" with \"CreateObject\" using arguments \"{ResourceName}\", \"test-object.txt\", and \"test content\"\nβœ“ \"{result}\" is not an error\nβœ“ I call \"{iamService}\" with \"ProvisionUserWithAccess\" using arguments \"test-user-read\", \"{UID}\", and \"read\"\nβœ“ I refer to \"{result}\" as \"testUserRead\"\nβœ“ I attach \"{result}\" to the test output as \"read-user-identity.json\"\nβœ“ I call \"{api}\" with \"GetServiceAPIWithIdentity\" using arguments \"object-storage\", \"{testUserRead}\", and \"{true}\"\nβœ— \"{result}\" is not an error - Error: expected {result} to not be an error, but got: user provisioning validation failed: user permissions validation timed out after 12 attempts: credentials not ready for S3 access: operation error S3: ListBuckets, https response error StatusCode: 403, RequestID: KDK5ZSM98BKXX4XD, HostID: Vmj2/TP2porUwS+w+whllpF6nNib5KZftd0Wq63bWmsq5PDBFVo1Gp1YSs6vNAo1IV6cdIEGzPA=, api error AccessDenied: User: arn:aws:iam::211203495394:user/test-user-read is not authorized to perform: s3:ListAllMyBuckets because no identity-based policy allows the s3:ListAllMyBuckets action\n⊘ I attach \"{result}\" to the test output as \"read-storage-service.json\" (skipped)\n⊘ I refer to \"{result}\" as \"userStorage\" (skipped)\n⊘ I call \"{userStorage}\" with \"ReadObject\" using arguments \"{ResourceName}\" and \"test-object.txt\" (skipped)\n⊘ \"{result}\" is not an error (skipped)\n⊘ I attach \"{result}\" to the test output as \"read-read-object-result.json\" (skipped)\n⊘ I call \"{storage}\" with \"DeleteObject\" using arguments \"{ResourceName}\" and \"test-object.txt\" (skipped)", + "status_id": 1, + "time": 1772106920, + "time_dt": "2026-02-26T11:55:20Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.ObjStor.CN01.AR02" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772106975, + "created_time_dt": "2026-02-26T11:56:15Z", + "desc": "Compliance test scenario: Service prevents creating bucket with no access", + "title": "Service prevents creating bucket with no access", + "types": [], + "uid": "ccc-test-1286-1772106975" + }, + "message": "Service prevents creating bucket with no access", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@object-storage", + "@CCC.ObjStor", + "@tlp-clear", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@CCC.ObjStor.CN01.AR03" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "cloudfront-logs-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "cloudfront-logs-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "cloudfront-logs-flowing-porpoise" + } + ], + "severity": "Informational", + "severity_id": 1, + "status": "New", + "status_code": "PASS", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ I call \"{iamService}\" with \"ProvisionUserWithAccess\" using arguments \"test-user-no-access\", \"{UID}\", and \"none\"\nβœ“ I refer to \"{result}\" as \"testUserNoAccess\"\nβœ“ I attach \"{result}\" to the test output as \"no-access-user-identity.json\"\nβœ“ I call \"{api}\" with \"GetServiceAPIWithIdentity\" using arguments \"object-storage\", \"{testUserNoAccess}\", and \"{false}\"\nβœ“ \"{result}\" is not an error\nβœ“ I refer to \"{result}\" as \"userStorage\"\nβœ“ I call \"{userStorage}\" with \"CreateBucket\" using argument \"test-bucket-no-access\"\nβœ“ \"{result}\" is an error\nβœ“ I attach \"{result}\" to the test output as \"no-access-create-bucket-error.txt\"", + "status_id": 1, + "time": 1772106975, + "time_dt": "2026-02-26T11:56:15Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.ObjStor.CN01.AR03" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772106975, + "created_time_dt": "2026-02-26T11:56:15Z", + "desc": "Compliance test scenario: Service allows creating bucket with write access", + "title": "Service allows creating bucket with write access", + "types": [], + "uid": "ccc-test-1303-1772106975" + }, + "message": "Service allows creating bucket with write access", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@object-storage", + "@CCC.ObjStor", + "@tlp-clear", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@CCC.ObjStor.CN01.AR03" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "cloudfront-logs-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "cloudfront-logs-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "cloudfront-logs-flowing-porpoise" + } + ], + "severity": "Medium", + "severity_id": 3, + "status": "New", + "status_code": "FAIL", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ I call \"{iamService}\" with \"ProvisionUserWithAccess\" using arguments \"test-user-write\", \"{UID}\", and \"write\"\nβœ“ I refer to \"{result}\" as \"testUserWrite\"\nβœ“ I attach \"{result}\" to the test output as \"write-user-identity.json\"\nβœ“ I call \"{api}\" with \"GetServiceAPIWithIdentity\" using arguments \"object-storage\", \"{testUserWrite}\", and \"{true}\"\nβœ— \"{result}\" is not an error - Error: expected {result} to not be an error, but got: user provisioning validation failed: user permissions validation timed out after 12 attempts: credentials not ready for S3 access: operation error S3: ListBuckets, https response error StatusCode: 403, RequestID: DCXG2XY1WHMMFEQT, HostID: jsge+wBOPbVXrPI45wQ5IafiWkZwarQYrVPVzX7O/voDE0hl2FZQJBH/qvXusQfiZ4/snt89ozE=, api error AccessDenied: User: arn:aws:iam::211203495394:user/test-user-write is not authorized to perform: s3:ListAllMyBuckets because no identity-based policy allows the s3:ListAllMyBuckets action\n⊘ I attach \"{result}\" to the test output as \"write-storage-service.json\" (skipped)\n⊘ I refer to \"{result}\" as \"userStorage\" (skipped)\n⊘ I call \"{userStorage}\" with \"CreateBucket\" using argument \"test-bucket-write\" (skipped)\n⊘ \"{result}\" is not an error (skipped)\n⊘ I attach \"{result}\" to the test output as \"write-create-bucket-result.json\" (skipped)\n⊘ I call \"{storage}\" with \"DeleteBucket\" using argument \"{result.ID}\" (skipped)", + "status_id": 1, + "time": 1772106975, + "time_dt": "2026-02-26T11:56:15Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.ObjStor.CN01.AR03" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772107046, + "created_time_dt": "2026-02-26T11:57:26Z", + "desc": "Compliance test scenario: Service prevents writing object with read-only access", + "title": "Service prevents writing object with read-only access", + "types": [], + "uid": "ccc-test-1358-1772107046" + }, + "message": "Service prevents writing object with read-only access", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@object-storage", + "@CCC.ObjStor", + "@tlp-clear", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@CCC.ObjStor.CN01.AR04" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "cloudfront-logs-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "cloudfront-logs-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "cloudfront-logs-flowing-porpoise" + } + ], + "severity": "Medium", + "severity_id": 3, + "status": "New", + "status_code": "FAIL", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ \"{result}\" is not an error\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ \"{result}\" is not an error\nβœ“ I call \"{iamService}\" with \"ProvisionUserWithAccess\" using arguments \"test-user-read\", \"{UID}\", and \"read\"\nβœ“ I refer to \"{result}\" as \"testUserRead\"\nβœ“ I attach \"{result}\" to the test output as \"read-user-identity.json\"\nβœ“ I call \"{api}\" with \"GetServiceAPIWithIdentity\" using arguments \"object-storage\", \"{testUserRead}\", and \"{true}\"\nβœ— \"{result}\" is not an error - Error: expected {result} to not be an error, but got: user provisioning validation failed: user permissions validation timed out after 12 attempts: credentials not ready for S3 access: operation error S3: ListBuckets, https response error StatusCode: 403, RequestID: N1HXY4ZS9H6V4Q34, HostID: q0tAiYb2T2b6bKx9/9Yqjwdh8HsVta1hVXbYu2vVn3+1Iz+NasXDairIQUGDZ7XcjJVesia/29w=, api error AccessDenied: User: arn:aws:iam::211203495394:user/test-user-read is not authorized to perform: s3:ListAllMyBuckets because no identity-based policy allows the s3:ListAllMyBuckets action\n⊘ I refer to \"{result}\" as \"userStorage\" (skipped)\n⊘ I call \"{userStorage}\" with \"CreateObject\" using arguments \"{ResourceName}\", \"test-write-object.txt\", and \"test content\" (skipped)\n⊘ \"{result}\" is an error (skipped)\n⊘ I attach \"{result}\" to the test output as \"read-create-object-error.txt\" (skipped)", + "status_id": 1, + "time": 1772107046, + "time_dt": "2026-02-26T11:57:26Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.ObjStor.CN01.AR04" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772107101, + "created_time_dt": "2026-02-26T11:58:21Z", + "desc": "Compliance test scenario: Service allows writing object with write access", + "title": "Service allows writing object with write access", + "types": [], + "uid": "ccc-test-1377-1772107101" + }, + "message": "Service allows writing object with write access", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@object-storage", + "@CCC.ObjStor", + "@tlp-clear", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@CCC.ObjStor.CN01.AR04" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "cloudfront-logs-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "cloudfront-logs-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "cloudfront-logs-flowing-porpoise" + } + ], + "severity": "Medium", + "severity_id": 3, + "status": "New", + "status_code": "FAIL", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ \"{result}\" is not an error\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ \"{result}\" is not an error\nβœ“ I call \"{iamService}\" with \"ProvisionUserWithAccess\" using arguments \"test-user-write\", \"{UID}\", and \"write\"\nβœ“ I refer to \"{result}\" as \"testUserWrite\"\nβœ“ I attach \"{result}\" to the test output as \"write-user-identity.json\"\nβœ“ I call \"{api}\" with \"GetServiceAPIWithIdentity\" using arguments \"object-storage\", \"{testUserWrite}\", and \"{true}\"\nβœ— \"{result}\" is not an error - Error: expected {result} to not be an error, but got: user provisioning validation failed: user permissions validation timed out after 12 attempts: credentials not ready for S3 access: operation error S3: ListBuckets, https response error StatusCode: 403, RequestID: VCPQ5TJAG23B2ZPD, HostID: prJUWsxipvTaglmte3o8uJzZTSCnESkm0LJGFKeIKmUotrezVAzoyCqTJUTkqxof4ODRFKUKy7hepz2wU/lpdxn5utjcZLSKFEeVq/LTPls=, api error AccessDenied: User: arn:aws:iam::211203495394:user/test-user-write is not authorized to perform: s3:ListAllMyBuckets because no identity-based policy allows the s3:ListAllMyBuckets action\n⊘ I attach \"{result}\" to the test output as \"write-storage-service.json\" (skipped)\n⊘ I refer to \"{result}\" as \"userStorage\" (skipped)\n⊘ I call \"{userStorage}\" with \"CreateObject\" using arguments \"{ResourceName}\", \"test-write-object.txt\", and \"test content\" (skipped)\n⊘ \"{result}\" is not an error (skipped)\n⊘ I attach \"{result}\" to the test output as \"write-create-object-result.json\" (skipped)\n⊘ I call \"{storage}\" with \"DeleteObject\" using arguments \"{ResourceName}\" and \"test-write-object.txt\" (skipped)", + "status_id": 1, + "time": 1772107101, + "time_dt": "2026-02-26T11:58:21Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.ObjStor.CN01.AR04" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772107156, + "created_time_dt": "2026-02-26T11:59:16Z", + "desc": "Compliance test scenario: Service enforces uniform bucket-level access by rejecting object-level permissions", + "title": "Service enforces uniform bucket-level access by rejecting object-level permissions", + "types": [], + "uid": "ccc-test-1426-1772107156" + }, + "message": "Service enforces uniform bucket-level access by rejecting object-level permissions", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@object-storage", + "@CCC.ObjStor", + "@tlp-amber", + "@tlp-red", + "@CCC.ObjStor.CN02.AR01" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "cloudfront-logs-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "cloudfront-logs-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "cloudfront-logs-flowing-porpoise" + } + ], + "severity": "Medium", + "severity_id": 3, + "status": "New", + "status_code": "FAIL", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ I call \"{storage}\" with \"CreateObject\" using arguments \"{ResourceName}\", \"test-object.txt\", and \"test data\"\nβœ“ \"{result}\" is not an error\nβœ“ I call \"{iamService}\" with \"ProvisionUserWithAccess\" using arguments \"test-user-read\", \"{UID}\", and \"read\"\nβœ“ I refer to \"{result}\" as \"testUserRead\"\nβœ“ I attach \"{result}\" to the test output as \"read-user-identity.json\"\nβœ“ I call \"{api}\" with \"GetServiceAPIWithIdentity\" using arguments \"object-storage\", \"{testUserRead}\", and \"{true}\"\nβœ— \"{result}\" is not an error - Error: expected {result} to not be an error, but got: user provisioning validation failed: user permissions validation timed out after 12 attempts: credentials not ready for S3 access: operation error S3: ListBuckets, https response error StatusCode: 403, RequestID: B5D08GEYZE1CF7BE, HostID: BqkYqBYDDggh96etw0qlhoDuiqYe76ZkpnkQSWhQBdCERrdrCRStahN8k/NpCwwQF00zJapu68k=, api error AccessDenied: User: arn:aws:iam::211203495394:user/test-user-read is not authorized to perform: s3:ListAllMyBuckets because no identity-based policy allows the s3:ListAllMyBuckets action\n⊘ I refer to \"{result}\" as \"userStorage\" (skipped)\n⊘ I call \"{userStorage}\" with \"ReadObject\" using arguments \"{ResourceName}\" and \"test-object.txt\" (skipped)\n⊘ \"{result}\" is not an error (skipped)\n⊘ I call \"{storage}\" with \"SetObjectPermission\" using arguments \"{ResourceName}\", \"test-object.txt\", and \"none\" (skipped)\n⊘ \"{result}\" is an error (skipped)\n⊘ I attach \"{result}\" to the test output as \"set-object-permission-error.txt\" (skipped)\n⊘ I call \"{userStorage}\" with \"ReadObject\" using arguments \"{ResourceName}\" and \"test-object.txt\" (skipped)\n⊘ \"{result}\" is not an error (skipped)", + "status_id": 1, + "time": 1772107156, + "time_dt": "2026-02-26T11:59:16Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.ObjStor.CN02.AR01 - Uniform Bucket-Level Access (Consistent Allow)" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772107212, + "created_time_dt": "2026-02-26T12:00:12Z", + "desc": "Compliance test scenario: Service enforces uniform bucket-level access denial", + "title": "Service enforces uniform bucket-level access denial", + "types": [], + "uid": "ccc-test-1475-1772107212" + }, + "message": "Service enforces uniform bucket-level access denial", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@object-storage", + "@CCC.ObjStor", + "@tlp-amber", + "@tlp-red", + "@CCC.ObjStor.CN02.AR02" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "cloudfront-logs-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "cloudfront-logs-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "cloudfront-logs-flowing-porpoise" + } + ], + "severity": "Informational", + "severity_id": 1, + "status": "New", + "status_code": "PASS", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ I call \"{storage}\" with \"CreateObject\" using arguments \"{ResourceName}\", \"test-object.txt\", and \"test data\"\nβœ“ \"{result}\" is not an error\nβœ“ I call \"{iamService}\" with \"ProvisionUserWithAccess\" using arguments \"test-user-no-access\", \"{UID}\", and \"none\"\nβœ“ I refer to \"{result}\" as \"testUserNoAccess\"\nβœ“ I attach \"{result}\" to the test output as \"no-access-user-identity.json\"\nβœ“ I call \"{api}\" with \"GetServiceAPIWithIdentity\" using arguments \"object-storage\", \"{testUserNoAccess}\", and \"{false}\"\nβœ“ \"{result}\" is not an error\nβœ“ I refer to \"{result}\" as \"userStorage\"\nβœ“ I call \"{userStorage}\" with \"ReadObject\" using arguments \"{ResourceName}\" and \"test-object.txt\"\nβœ“ \"{result}\" is an error\nβœ“ I call \"{storage}\" with \"SetObjectPermission\" using arguments \"{ResourceName}\", \"test-object.txt\", and \"read\"\nβœ“ \"{result}\" is an error\nβœ“ I attach \"{result}\" to the test output as \"set-object-permission-error.txt\"\nβœ“ I call \"{userStorage}\" with \"ReadObject\" using arguments \"{ResourceName}\" and \"test-object.txt\"\nβœ“ \"{result}\" is an error", + "status_id": 1, + "time": 1772107212, + "time_dt": "2026-02-26T12:00:12Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.ObjStor.CN02.AR02 - Uniform Bucket-Level Access (Consistent Deny)" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772107212, + "created_time_dt": "2026-02-26T12:00:12Z", + "desc": "Compliance test scenario: Service supports bucket soft delete and recovery", + "title": "Service supports bucket soft delete and recovery", + "types": [], + "uid": "ccc-test-1524-1772107212" + }, + "message": "Service supports bucket soft delete and recovery", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@object-storage", + "@CCC.ObjStor", + "@tlp-amber", + "@tlp-red", + "@CCC.ObjStor.CN03.AR01" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "cloudfront-logs-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "cloudfront-logs-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "cloudfront-logs-flowing-porpoise" + } + ], + "severity": "Medium", + "severity_id": 3, + "status": "New", + "status_code": "FAIL", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{storage}\" with \"CreateBucket\" using argument \"ccc-test-soft-delete\"\nβœ“ \"{result}\" is not an error\nβœ“ I refer to \"{result}\" as \"testBucket\"\nβœ“ I attach \"{result}\" to the test output as \"created-bucket.json\"\nβœ“ I call \"{storage}\" with \"DeleteBucket\" using argument \"ccc-test-soft-delete\"\nβœ“ \"{result}\" is not an error\nβœ“ I call \"{storage}\" with \"ListDeletedBuckets\"\nβœ— \"{result}\" is not an error - Error: expected {result} to not be an error, but got: AWS S3 does not support bucket-level soft delete - bucket deletion is immediate and permanent\n⊘ I attach \"{result}\" to the test output as \"deleted-buckets.json\" (skipped)\n? \"{result}\" should have length greater than \"0\" (undefined)\n⊘ I call \"{storage}\" with \"RestoreBucket\" using argument \"ccc-test-soft-delete\" (skipped)\n⊘ \"{result}\" is not an error (skipped)\n⊘ I call \"{storage}\" with \"ListBuckets\" (skipped)\n⊘ \"{result}\" is not an error (skipped)\n⊘ I attach \"{result}\" to the test output as \"restored-buckets.json\" (skipped)\n⊘ I call \"{storage}\" with \"DeleteBucket\" using argument \"ccc-test-soft-delete\" (skipped)\n⊘ \"{result}\" is not an error (skipped)", + "status_id": 1, + "time": 1772107212, + "time_dt": "2026-02-26T12:00:12Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.ObjStor.CN03.AR01 - Bucket Soft Delete and Recovery" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772107213, + "created_time_dt": "2026-02-26T12:00:13Z", + "desc": "Compliance test scenario: Service prevents modification of locked retention policy", + "title": "Service prevents modification of locked retention policy", + "types": [], + "uid": "ccc-test-1561-1772107213" + }, + "message": "Service prevents modification of locked retention policy", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@object-storage", + "@CCC.ObjStor", + "@tlp-amber", + "@tlp-red", + "@CCC.ObjStor.CN03.AR02" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "cloudfront-logs-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "cloudfront-logs-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "cloudfront-logs-flowing-porpoise" + } + ], + "severity": "Medium", + "severity_id": 3, + "status": "New", + "status_code": "FAIL", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{storage}\" with \"GetBucketRetentionDurationDays\" using argument \"{ResourceName}\"\nβœ“ \"{result}\" is not an error\nβœ“ I refer to \"{result}\" as \"originalRetention\"\nβœ“ I attach \"{result}\" to the test output as \"original-retention-days.txt\"\nβœ— \"{result}\" should be greater than \"0\" - Error: expected {result} (0) to be greater than 0\n⊘ I call \"{storage}\" with \"SetBucketRetentionDurationDays\" using arguments \"{ResourceName}\" and \"1\" (skipped)\n⊘ \"{result}\" is an error (skipped)\n⊘ I attach \"{result}\" to the test output as \"set-retention-error.txt\" (skipped)\n⊘ I call \"{storage}\" with \"GetBucketRetentionDurationDays\" using argument \"{ResourceName}\" (skipped)\n⊘ \"{result}\" is not an error (skipped)\n? \"{result}\" should equal \"{originalRetention}\" (undefined)", + "status_id": 1, + "time": 1772107213, + "time_dt": "2026-02-26T12:00:13Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.ObjStor.CN03.AR02 - Immutable Bucket Retention Policy" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772107213, + "created_time_dt": "2026-02-26T12:00:13Z", + "desc": "Compliance test scenario: Service applies default retention policy to newly uploaded object", + "title": "Service applies default retention policy to newly uploaded object", + "types": [], + "uid": "ccc-test-1617-1772107213" + }, + "message": "Service applies default retention policy to newly uploaded object", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@object-storage", + "@CCC.ObjStor", + "@tlp-clear", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@CCC.ObjStor.CN04.AR01" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "cloudfront-logs-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "cloudfront-logs-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "cloudfront-logs-flowing-porpoise" + } + ], + "severity": "Medium", + "severity_id": 3, + "status": "New", + "status_code": "FAIL", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ I call \"{iamService}\" with \"ProvisionUserWithAccess\" using arguments \"test-user-write\", \"{UID}\", and \"write\"\nβœ“ I refer to \"{result}\" as \"testUserWrite\"\nβœ“ I attach \"{result}\" to the test output as \"write-user-identity.json\"\nβœ“ I call \"{api}\" with \"GetServiceAPIWithIdentity\" using arguments \"object-storage\", \"{testUserWrite}\", and \"{true}\"\nβœ— \"{result}\" is not an error - Error: expected {result} to not be an error, but got: user provisioning validation failed: user permissions validation timed out after 12 attempts: credentials not ready for S3 access: operation error S3: ListBuckets, https response error StatusCode: 403, RequestID: 7K0N5N0F8PCCXNMA, HostID: C6XQPzuNC2fruXPj9Ix5BNTNEHh1wPJQivQuSB35kL6NLugYWnSj30WsbulNTufl0LatAwKKBhM=, api error AccessDenied: User: arn:aws:iam::211203495394:user/test-user-write is not authorized to perform: s3:ListAllMyBuckets because no identity-based policy allows the s3:ListAllMyBuckets action\n⊘ I refer to \"{result}\" as \"userStorage\" (skipped)\n⊘ I call \"{userStorage}\" with \"CreateObject\" using arguments \"{ResourceName}\", \"test-retention-object.txt\", and \"protected data\" (skipped)\n⊘ I attach \"{result}\" to the test output as \"uploaded-object.json\" (skipped)\n⊘ I call \"{userStorage}\" with \"GetObjectRetentionDurationDays\" using arguments \"{ResourceName}\" and \"test-retention-object.txt\" (skipped)\n⊘ \"{result}\" should be greater than \"1\" (skipped)\n⊘ I call \"{storage}\" with \"DeleteObject\" using arguments \"{ResourceName}\" and \"test-retention-object.txt\" (skipped)", + "status_id": 1, + "time": 1772107213, + "time_dt": "2026-02-26T12:00:13Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.ObjStor.CN04.AR01" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772107268, + "created_time_dt": "2026-02-26T12:01:08Z", + "desc": "Compliance test scenario: Service enforces retention policy on newly created objects", + "title": "Service enforces retention policy on newly created objects", + "types": [], + "uid": "ccc-test-1629-1772107268" + }, + "message": "Service enforces retention policy on newly created objects", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@object-storage", + "@CCC.ObjStor", + "@tlp-clear", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@CCC.ObjStor.CN04.AR01" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "cloudfront-logs-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "cloudfront-logs-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "cloudfront-logs-flowing-porpoise" + } + ], + "severity": "Medium", + "severity_id": 3, + "status": "New", + "status_code": "FAIL", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ I call \"{storage}\" with \"CreateObject\" using arguments \"{ResourceName}\", \"immediate-delete-test.txt\", and \"test content\"\nβœ“ \"{result}\" is not an error\nβœ“ I call \"{storage}\" with \"DeleteObject\" using arguments \"{ResourceName}\" and \"immediate-delete-test.txt\"\nβœ— \"{result}\" is an error - Error: expected {result} to be an error, got \u003cnil\u003e\n⊘ I attach \"{result}\" to the test output as \"immediate-delete-error.txt\" (skipped)\n? \"{result}\" should contain \"retention\" (undefined)", + "status_id": 1, + "time": 1772107268, + "time_dt": "2026-02-26T12:01:08Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.ObjStor.CN04.AR01" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772107269, + "created_time_dt": "2026-02-26T12:01:09Z", + "desc": "Compliance test scenario: Service validates retention period meets minimum requirements", + "title": "Service validates retention period meets minimum requirements", + "types": [], + "uid": "ccc-test-1640-1772107269" + }, + "message": "Service validates retention period meets minimum requirements", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@object-storage", + "@CCC.ObjStor", + "@tlp-clear", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@CCC.ObjStor.CN04.AR01" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "cloudfront-logs-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "cloudfront-logs-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "cloudfront-logs-flowing-porpoise" + } + ], + "severity": "Medium", + "severity_id": 3, + "status": "New", + "status_code": "FAIL", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ I call \"{storage}\" with \"CreateObject\" using arguments \"{ResourceName}\", \"retention-period-test.txt\", and \"compliance data\"\nβœ“ I call \"{storage}\" with \"GetObjectRetentionDurationDays\" using arguments \"{ResourceName}\" and \"retention-period-test.txt\"\nβœ— \"{result}\" should be greater than \"1\" - Error: expected {result} (0) to be greater than 1\n⊘ I attach \"{result}\" to the test output as \"retention-period-days.json\" (skipped)\n⊘ I call \"{storage}\" with \"DeleteObject\" using arguments \"{ResourceName}\" and \"retention-period-test.txt\" (skipped)", + "status_id": 1, + "time": 1772107269, + "time_dt": "2026-02-26T12:01:09Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.ObjStor.CN04.AR01" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772107269, + "created_time_dt": "2026-02-26T12:01:09Z", + "desc": "Compliance test scenario: Service prevents object deletion by write user during retention period", + "title": "Service prevents object deletion by write user during retention period", + "types": [], + "uid": "ccc-test-1722-1772107269" + }, + "message": "Service prevents object deletion by write user during retention period", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@object-storage", + "@CCC.ObjStor", + "@tlp-clear", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@CCC.ObjStor.CN04.AR02" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "cloudfront-logs-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "cloudfront-logs-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "cloudfront-logs-flowing-porpoise" + } + ], + "severity": "Medium", + "severity_id": 3, + "status": "New", + "status_code": "FAIL", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ I call \"{iamService}\" with \"ProvisionUserWithAccess\" using arguments \"test-user-write\", \"{UID}\", and \"write\"\nβœ“ I refer to \"{result}\" as \"testUserWrite\"\nβœ“ I attach \"{result}\" to the test output as \"write-user-identity.json\"\nβœ“ I call \"{api}\" with \"GetServiceAPIWithIdentity\" using arguments \"object-storage\", \"{testUserWrite}\", and \"{true}\"\nβœ— \"{result}\" is not an error - Error: expected {result} to not be an error, but got: user provisioning validation failed: user permissions validation timed out after 12 attempts: credentials not ready for S3 access: operation error S3: ListBuckets, https response error StatusCode: 403, RequestID: BVXZJEAT9GQ5JP0B, HostID: XLenLNdfdH8mJP+TzLTwhlu0AiX9mJ0VmqtODsb+EH7eclGWn4EVp2w6pywCkfOlrKrAZ/K2ZAPXSEQEhNTPN8XAHqXXfP6i, api error AccessDenied: User: arn:aws:iam::211203495394:user/test-user-write is not authorized to perform: s3:ListAllMyBuckets because no identity-based policy allows the s3:ListAllMyBuckets action\n⊘ I refer to \"{result}\" as \"userStorage\" (skipped)\n⊘ I call \"{userStorage}\" with \"CreateObject\" using arguments \"{ResourceName}\", \"protected-object.txt\", and \"immutable data\" (skipped)\n⊘ \"{result}\" is not an error (skipped)\n⊘ I attach \"{result}\" to the test output as \"protected-object.json\" (skipped)\n⊘ I call \"{userStorage}\" with \"DeleteObject\" using arguments \"{ResourceName}\" and \"protected-object.txt\" (skipped)\n⊘ \"{result}\" is an error (skipped)\n⊘ I attach \"{result}\" to the test output as \"delete-protected-error.txt\" (skipped)\n? \"{result}\" should contain one of \"retention, locked, immutable, protected\" (undefined)", + "status_id": 1, + "time": 1772107269, + "time_dt": "2026-02-26T12:01:09Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.ObjStor.CN04.AR02" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772107324, + "created_time_dt": "2026-02-26T12:02:04Z", + "desc": "Compliance test scenario: Service prevents object deletion by admin user during retention period", + "title": "Service prevents object deletion by admin user during retention period", + "types": [], + "uid": "ccc-test-1734-1772107324" + }, + "message": "Service prevents object deletion by admin user during retention period", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@object-storage", + "@CCC.ObjStor", + "@tlp-clear", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@CCC.ObjStor.CN04.AR02" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "cloudfront-logs-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "cloudfront-logs-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "cloudfront-logs-flowing-porpoise" + } + ], + "severity": "Medium", + "severity_id": 3, + "status": "New", + "status_code": "FAIL", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ I call \"{storage}\" with \"CreateObject\" using arguments \"{ResourceName}\", \"admin-protected-object.txt\", and \"compliance data\"\nβœ“ \"{result}\" is not an error\nβœ“ I call \"{storage}\" with \"DeleteObject\" using arguments \"{ResourceName}\" and \"admin-protected-object.txt\"\nβœ— \"{result}\" is an error - Error: expected {result} to be an error, got \u003cnil\u003e\n⊘ I attach \"{result}\" to the test output as \"admin-delete-protected-error.txt\" (skipped)\n? \"{result}\" should contain \"retention\" (undefined)", + "status_id": 1, + "time": 1772107324, + "time_dt": "2026-02-26T12:02:04Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.ObjStor.CN04.AR02" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772107325, + "created_time_dt": "2026-02-26T12:02:05Z", + "desc": "Compliance test scenario: Service prevents object modification during retention period", + "title": "Service prevents object modification during retention period", + "types": [], + "uid": "ccc-test-1752-1772107325" + }, + "message": "Service prevents object modification during retention period", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@object-storage", + "@CCC.ObjStor", + "@tlp-clear", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@CCC.ObjStor.CN04.AR02" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "cloudfront-logs-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "cloudfront-logs-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "cloudfront-logs-flowing-porpoise" + } + ], + "severity": "Medium", + "severity_id": 3, + "status": "New", + "status_code": "FAIL", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ I call \"{iamService}\" with \"ProvisionUserWithAccess\" using arguments \"test-user-write\", \"{UID}\", and \"write\"\nβœ“ I refer to \"{result}\" as \"testUserWrite\"\nβœ“ I call \"{api}\" with \"GetServiceAPIWithIdentity\" using arguments \"object-storage\", \"{testUserWrite}\", and \"{true}\"\nβœ— \"{result}\" is not an error - Error: expected {result} to not be an error, but got: user provisioning validation failed: user permissions validation timed out after 12 attempts: credentials not ready for S3 access: operation error S3: ListBuckets, https response error StatusCode: 403, RequestID: K4FDM9FZV8EGRCXT, HostID: 6izoh9FMHbRoxH+QP79ds3tuPO1DLqUYKyVN5A5Br+0GhFdmy4iwyhuymKH3org77ywg/WLXdtA=, api error AccessDenied: User: arn:aws:iam::211203495394:user/test-user-write is not authorized to perform: s3:ListAllMyBuckets because no identity-based policy allows the s3:ListAllMyBuckets action\n⊘ I refer to \"{result}\" as \"userStorage\" (skipped)\n⊘ I call \"{userStorage}\" with \"CreateObject\" using arguments \"{ResourceName}\", \"modify-test-object.txt\", and \"original content\" (skipped)\n⊘ \"{result}\" is not an error (skipped)\n⊘ I attach \"{result}\" to the test output as \"original-object.json\" (skipped)\n⊘ I call \"{userStorage}\" with \"CreateObject\" using arguments \"{ResourceName}\", \"modify-test-object.txt\", and \"modified content\" (skipped)\n⊘ \"{result}\" is an error (skipped)\n⊘ I attach \"{result}\" to the test output as \"modify-protected-error.txt\" (skipped)\n? \"{result}\" should contain one of \"retention, locked, immutable, protected, exists\" (undefined)", + "status_id": 1, + "time": 1772107325, + "time_dt": "2026-02-26T12:02:05Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.ObjStor.CN04.AR02" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772107380, + "created_time_dt": "2026-02-26T12:03:00Z", + "desc": "Compliance test scenario: Service allows object read access during retention period", + "title": "Service allows object read access during retention period", + "types": [], + "uid": "ccc-test-1772-1772107380" + }, + "message": "Service allows object read access during retention period", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@object-storage", + "@CCC.ObjStor", + "@tlp-clear", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@CCC.ObjStor.CN04.AR02" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "cloudfront-logs-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "cloudfront-logs-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "cloudfront-logs-flowing-porpoise" + } + ], + "severity": "Medium", + "severity_id": 3, + "status": "New", + "status_code": "FAIL", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ I call \"{storage}\" with \"CreateObject\" using arguments \"{ResourceName}\", \"readable-protected-object.txt\", and \"readable data\"\nβœ“ \"{result}\" is not an error\nβœ“ I call \"{iamService}\" with \"ProvisionUserWithAccess\" using arguments \"test-user-read\", \"{UID}\", and \"read\"\nβœ“ I refer to \"{result}\" as \"testUserRead\"\nβœ“ I attach \"{result}\" to the test output as \"read-user-identity.json\"\nβœ“ I call \"{api}\" with \"GetServiceAPIWithIdentity\" using arguments \"object-storage\", \"{testUserRead}\", and \"{true}\"\nβœ— \"{result}\" is not an error - Error: expected {result} to not be an error, but got: user provisioning validation failed: user permissions validation timed out after 12 attempts: credentials not ready for S3 access: operation error S3: ListBuckets, https response error StatusCode: 403, RequestID: 557609KX1MCDKYC1, HostID: jVcAE9VL1UfdTtMKSyhG59iZJpjASeiRwA/vr+YLvfQxtuSA3t/LDz/jvweGNCfWGD8N4jzVoHs+lxYpKkHOw79xW+QC9ivFWaoaYtwBqhk=, api error AccessDenied: User: arn:aws:iam::211203495394:user/test-user-read is not authorized to perform: s3:ListAllMyBuckets because no identity-based policy allows the s3:ListAllMyBuckets action\n⊘ I refer to \"{result}\" as \"userStorage\" (skipped)\n⊘ I call \"{userStorage}\" with \"ReadObject\" using arguments \"{ResourceName}\" and \"readable-protected-object.txt\" (skipped)\n⊘ \"{result}\" is not an error (skipped)\n⊘ I refer to \"{result}\" as \"readResult\" (skipped)\n⊘ I attach \"{result}\" to the test output as \"read-protected-object.json\" (skipped)\n⊘ \"{readResult.Name}\" is \"readable-protected-object.txt\" (skipped)\n⊘ I call \"{storage}\" with \"DeleteObject\" using arguments \"{ResourceName}\" and \"readable-protected-object.txt\" (skipped)", + "status_id": 1, + "time": 1772107380, + "time_dt": "2026-02-26T12:03:00Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.ObjStor.CN04.AR02" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772107436, + "created_time_dt": "2026-02-26T12:03:56Z", + "desc": "Compliance test scenario: Objects are stored with unique version identifiers", + "title": "Objects are stored with unique version identifiers", + "types": [], + "uid": "ccc-test-1790-1772107436" + }, + "message": "Objects are stored with unique version identifiers", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@object-storage", + "@CCC.ObjStor", + "@CCC.ObjStor.CN05", + "@tlp-clear", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@Policy" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "cloudfront-logs-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "cloudfront-logs-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "cloudfront-logs-flowing-porpoise" + } + ], + "severity": "Medium", + "severity_id": 3, + "status": "New", + "status_code": "FAIL", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ— I attempt policy check \"object-storage-versioning\" for control \"CCC.ObjStor.CN05\" assessment requirement \"AR01\" for service \"{ServiceType}\" on resource \"{ResourceName}\" and provider \"{Provider}\" - Error: policy check failed: S3 Bucket Versioning Configuration: \n⊘ \"{result}\" is true (skipped)", + "status_id": 1, + "time": 1772107436, + "time_dt": "2026-02-26T12:03:56Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.ObjStor.CN05.AR01 - Versioning with Unique Identifiers" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772107437, + "created_time_dt": "2026-02-26T12:03:57Z", + "desc": "Compliance test scenario: Modified objects receive new version identifiers", + "title": "Modified objects receive new version identifiers", + "types": [], + "uid": "ccc-test-1806-1772107437" + }, + "message": "Modified objects receive new version identifiers", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@object-storage", + "@CCC.ObjStor", + "@CCC.ObjStor.CN05", + "@tlp-clear", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@Policy" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "cloudfront-logs-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "cloudfront-logs-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "cloudfront-logs-flowing-porpoise" + } + ], + "severity": "Informational", + "severity_id": 1, + "status": "New", + "status_code": "PASS", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ no-op required", + "status_id": 1, + "time": 1772107437, + "time_dt": "2026-02-26T12:03:57Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.ObjStor.CN05.AR02 - New Version ID on Modification" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772107437, + "created_time_dt": "2026-02-26T12:03:57Z", + "desc": "Compliance test scenario: Previous object versions can be recovered", + "title": "Previous object versions can be recovered", + "types": [], + "uid": "ccc-test-1822-1772107437" + }, + "message": "Previous object versions can be recovered", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@object-storage", + "@CCC.ObjStor", + "@CCC.ObjStor.CN05", + "@tlp-clear", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@Policy" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "cloudfront-logs-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "cloudfront-logs-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "cloudfront-logs-flowing-porpoise" + } + ], + "severity": "Informational", + "severity_id": 1, + "status": "New", + "status_code": "PASS", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ no-op required", + "status_id": 1, + "time": 1772107437, + "time_dt": "2026-02-26T12:03:57Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.ObjStor.CN05.AR03 - Recovery of Previous Versions" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772107437, + "created_time_dt": "2026-02-26T12:03:57Z", + "desc": "Compliance test scenario: Object versions are retained after deletion", + "title": "Object versions are retained after deletion", + "types": [], + "uid": "ccc-test-1838-1772107437" + }, + "message": "Object versions are retained after deletion", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@object-storage", + "@CCC.ObjStor", + "@CCC.ObjStor.CN05", + "@tlp-clear", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@Policy" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "cloudfront-logs-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "cloudfront-logs-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "cloudfront-logs-flowing-porpoise" + } + ], + "severity": "Informational", + "severity_id": 1, + "status": "New", + "status_code": "PASS", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ no-op required", + "status_id": 1, + "time": 1772107437, + "time_dt": "2026-02-26T12:03:57Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.ObjStor.CN05.AR04 - Retain Versions on Delete" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772107437, + "created_time_dt": "2026-02-26T12:03:57Z", + "desc": "Compliance test scenario: Access logs are stored in a separate data store", + "title": "Access logs are stored in a separate data store", + "types": [], + "uid": "ccc-test-1854-1772107437" + }, + "message": "Access logs are stored in a separate data store", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@object-storage", + "@CCC.ObjStor", + "@CCC.ObjStor.CN06", + "@tlp-amber", + "@tlp-red", + "@Policy" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "cloudfront-logs-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "cloudfront-logs-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "cloudfront-logs-flowing-porpoise" + } + ], + "severity": "Medium", + "severity_id": 3, + "status": "New", + "status_code": "FAIL", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ— I attempt policy check \"object-storage-access-logging\" for control \"CCC.ObjStor.CN06\" assessment requirement \"AR01\" for service \"{ServiceType}\" on resource \"{ResourceName}\" and provider \"{Provider}\" - Error: policy check file not found: /home/runner/work/ccc-cfi-compliance/ccc-cfi-compliance/testing/policy/CCC.ObjStor/CCC.ObjStor.CN06/AR01/object-storage-access-logging/aws.yaml\n⊘ \"{result}\" is true (skipped)", + "status_id": 1, + "time": 1772107437, + "time_dt": "2026-02-26T12:03:57Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.ObjStor.CN06.AR01 - Access Logs in Separate Data Store" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772108201, + "created_time_dt": "2026-02-26T12:16:41Z", + "desc": "Compliance test scenario: Service accepts TLS 1.3 encrypted traffic", + "title": "Service accepts TLS 1.3 encrypted traffic", + "types": [], + "uid": "ccc-test-92-1772108201" + }, + "message": "Service accepts TLS 1.3 encrypted traffic", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@CCC.Core", + "@object-storage", + "@vpc", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@CCC.Core.CN01", + "@tls", + "@Behavioural", + "@PerPort" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": "https service on logs-flowing-porpoise.s3.us-east-1.amazonaws.com:443", + "metadata": { + "findings": [], + "name": "logs-flowing-porpoise.s3.us-east-1.amazonaws.com", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "logs-flowing-porpoise.s3.us-east-1.amazonaws.com", + "region": "us-east-1", + "type": "object-storage", + "uid": "logs-flowing-porpoise" + } + ], + "severity": "Informational", + "severity_id": 1, + "status": "New", + "status_code": "PASS", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ an openssl s_client request using \"tls1_3\" to \"{portNumber}\" on \"{hostName}\" protocol \"{protocol}\"\nβœ“ I refer to \"{result}\" as \"connection\"\nβœ“ \"{connection}\" state is open\nβœ“ \"{connection.State}\" is \"open\"\nβœ“ I close connection \"{connection}\"\nβœ“ \"{connection}\" state is closed", + "status_id": 1, + "time": 1772108201, + "time_dt": "2026-02-26T12:16:41Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN01.AR01" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772108201, + "created_time_dt": "2026-02-26T12:16:41Z", + "desc": "Compliance test scenario: Service rejects TLS 1.2 traffic", + "title": "Service rejects TLS 1.2 traffic", + "types": [], + "uid": "ccc-test-98-1772108201" + }, + "message": "Service rejects TLS 1.2 traffic", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@CCC.Core", + "@object-storage", + "@vpc", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@CCC.Core.CN01", + "@tls", + "@Behavioural", + "@PerPort" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": "https service on logs-flowing-porpoise.s3.us-east-1.amazonaws.com:443", + "metadata": { + "findings": [], + "name": "logs-flowing-porpoise.s3.us-east-1.amazonaws.com", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "logs-flowing-porpoise.s3.us-east-1.amazonaws.com", + "region": "us-east-1", + "type": "object-storage", + "uid": "logs-flowing-porpoise" + } + ], + "severity": "Informational", + "severity_id": 1, + "status": "New", + "status_code": "PASS", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ an openssl s_client request using \"tls1_2\" to \"{portNumber}\" on \"{hostName}\" protocol \"{protocol}\"\nβœ“ I refer to \"{result}\" as \"connection\"\nβœ“ we wait for a period of \"40\" ms\nβœ“ \"{connection.State}\" is \"closed\"", + "status_id": 1, + "time": 1772108201, + "time_dt": "2026-02-26T12:16:41Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN01.AR01" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772108201, + "created_time_dt": "2026-02-26T12:16:41Z", + "desc": "Compliance test scenario: Service rejects TLS 1.1 traffic", + "title": "Service rejects TLS 1.1 traffic", + "types": [], + "uid": "ccc-test-104-1772108201" + }, + "message": "Service rejects TLS 1.1 traffic", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@CCC.Core", + "@object-storage", + "@vpc", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@CCC.Core.CN01", + "@tls", + "@Behavioural", + "@PerPort" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": "https service on logs-flowing-porpoise.s3.us-east-1.amazonaws.com:443", + "metadata": { + "findings": [], + "name": "logs-flowing-porpoise.s3.us-east-1.amazonaws.com", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "logs-flowing-porpoise.s3.us-east-1.amazonaws.com", + "region": "us-east-1", + "type": "object-storage", + "uid": "logs-flowing-porpoise" + } + ], + "severity": "Informational", + "severity_id": 1, + "status": "New", + "status_code": "PASS", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ an openssl s_client request using \"tls1_1\" to \"{portNumber}\" on \"{hostName}\" protocol \"{protocol}\"\nβœ“ I refer to \"{result}\" as \"connection\"\nβœ“ we wait for a period of \"40\" ms\nβœ“ \"{connection.State}\" is \"closed\"", + "status_id": 1, + "time": 1772108201, + "time_dt": "2026-02-26T12:16:41Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN01.AR01" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772108201, + "created_time_dt": "2026-02-26T12:16:41Z", + "desc": "Compliance test scenario: Service rejects TLS 1.0 traffic", + "title": "Service rejects TLS 1.0 traffic", + "types": [], + "uid": "ccc-test-110-1772108201" + }, + "message": "Service rejects TLS 1.0 traffic", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@CCC.Core", + "@object-storage", + "@vpc", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@CCC.Core.CN01", + "@tls", + "@Behavioural", + "@PerPort" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": "https service on logs-flowing-porpoise.s3.us-east-1.amazonaws.com:443", + "metadata": { + "findings": [], + "name": "logs-flowing-porpoise.s3.us-east-1.amazonaws.com", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "logs-flowing-porpoise.s3.us-east-1.amazonaws.com", + "region": "us-east-1", + "type": "object-storage", + "uid": "logs-flowing-porpoise" + } + ], + "severity": "Informational", + "severity_id": 1, + "status": "New", + "status_code": "PASS", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ an openssl s_client request using \"tls1\" to \"{portNumber}\" on \"{hostName}\" protocol \"{protocol}\"\nβœ“ I refer to \"{result}\" as \"connection\"\nβœ“ we wait for a period of \"40\" ms\nβœ“ \"{connection.State}\" is \"closed\"", + "status_id": 1, + "time": 1772108201, + "time_dt": "2026-02-26T12:16:41Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN01.AR01" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772108201, + "created_time_dt": "2026-02-26T12:16:41Z", + "desc": "Compliance test scenario: Verify SSL/TLS protocol support", + "title": "Verify SSL/TLS protocol support", + "types": [], + "uid": "ccc-test-115-1772108201" + }, + "message": "Verify SSL/TLS protocol support", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@CCC.Core", + "@object-storage", + "@vpc", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@CCC.Core.CN01", + "@tls", + "@Behavioural", + "@PerPort" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": "https service on logs-flowing-porpoise.s3.us-east-1.amazonaws.com:443", + "metadata": { + "findings": [], + "name": "logs-flowing-porpoise.s3.us-east-1.amazonaws.com", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "logs-flowing-porpoise.s3.us-east-1.amazonaws.com", + "region": "us-east-1", + "type": "object-storage", + "uid": "logs-flowing-porpoise" + } + ], + "severity": "Medium", + "severity_id": 3, + "status": "New", + "status_code": "FAIL", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ \"report\" contains details of SSL Support type \"protocols\" for \"{hostName}\" on port \"{portNumber}\"\nβœ— \"{report}\" is an array of objects which doesn't contain any of - Error: unwanted row found in array: map[finding:offered id:TLS1_2]\n⊘ \"{report}\" is an array of objects with at least the following contents (skipped)", + "status_id": 1, + "time": 1772108201, + "time_dt": "2026-02-26T12:16:41Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN01.AR01" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772108206, + "created_time_dt": "2026-02-26T12:16:46Z", + "desc": "Compliance test scenario: Verify no known SSL/TLS vulnerabilities", + "title": "Verify no known SSL/TLS vulnerabilities", + "types": [], + "uid": "ccc-test-119-1772108206" + }, + "message": "Verify no known SSL/TLS vulnerabilities", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@CCC.Core", + "@object-storage", + "@vpc", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@CCC.Core.CN01", + "@tls", + "@Behavioural", + "@PerPort" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": "https service on logs-flowing-porpoise.s3.us-east-1.amazonaws.com:443", + "metadata": { + "findings": [], + "name": "logs-flowing-porpoise.s3.us-east-1.amazonaws.com", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "logs-flowing-porpoise.s3.us-east-1.amazonaws.com", + "region": "us-east-1", + "type": "object-storage", + "uid": "logs-flowing-porpoise" + } + ], + "severity": "Informational", + "severity_id": 1, + "status": "New", + "status_code": "PASS", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ \"report\" contains details of SSL Support type \"vulnerable\" for \"{hostName}\" on port \"{portNumber}\"\nβœ“ \"{report}\" is an array of objects with at least the following contents", + "status_id": 1, + "time": 1772108206, + "time_dt": "2026-02-26T12:16:46Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN01.AR01" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772108234, + "created_time_dt": "2026-02-26T12:17:14Z", + "desc": "Compliance test scenario: Verify TLS 1.3 only certificate validity", + "title": "Verify TLS 1.3 only certificate validity", + "types": [], + "uid": "ccc-test-123-1772108234" + }, + "message": "Verify TLS 1.3 only certificate validity", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@CCC.Core", + "@object-storage", + "@vpc", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@CCC.Core.CN01", + "@tls", + "@Behavioural", + "@PerPort" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": "https service on logs-flowing-porpoise.s3.us-east-1.amazonaws.com:443", + "metadata": { + "findings": [], + "name": "logs-flowing-porpoise.s3.us-east-1.amazonaws.com", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "logs-flowing-porpoise.s3.us-east-1.amazonaws.com", + "region": "us-east-1", + "type": "object-storage", + "uid": "logs-flowing-porpoise" + } + ], + "severity": "Informational", + "severity_id": 1, + "status": "New", + "status_code": "PASS", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ \"report\" contains details of SSL Support type \"server-defaults\" for \"{hostName}\" on port \"{portNumber}\"\nβœ“ \"{report}\" is an array of objects with at least the following contents", + "status_id": 1, + "time": 1772108234, + "time_dt": "2026-02-26T12:17:14Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN01.AR01" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772107487, + "created_time_dt": "2026-02-26T12:04:47Z", + "desc": "Compliance test scenario: Storage account enforces minimum TLS version", + "title": "Storage account enforces minimum TLS version", + "types": [], + "uid": "ccc-test-127-1772107487" + }, + "message": "Storage account enforces minimum TLS version", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@CCC.Core", + "@object-storage", + "@vpc", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@CCC.Core.CN01", + "@tls", + "@Policy", + "@PerService", + "@object-storage" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "logs-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "logs-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "logs-flowing-porpoise" + } + ], + "severity": "Informational", + "severity_id": 1, + "status": "New", + "status_code": "PASS", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I attempt policy check \"object-storage-tls-policy\" for control \"CCC.Core.CN01\" assessment requirement \"AR01\" for service \"{ServiceType}\" on resource \"{ResourceName}\" and provider \"{Provider}\"\nβœ“ \"{result}\" is true", + "status_id": 1, + "time": 1772107487, + "time_dt": "2026-02-26T12:04:47Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN01.AR01" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772107487, + "created_time_dt": "2026-02-26T12:04:47Z", + "desc": "Compliance test scenario: Load balancer enforces minimum TLS version", + "title": "Load balancer enforces minimum TLS version", + "types": [], + "uid": "ccc-test-131-1772107487" + }, + "message": "Load balancer enforces minimum TLS version", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@CCC.Core", + "@object-storage", + "@vpc", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@CCC.Core.CN01", + "@tls", + "@Policy", + "@PerService", + "@CCC.LoadBalancer" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "logs-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "logs-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "logs-flowing-porpoise" + } + ], + "severity": "Medium", + "severity_id": 3, + "status": "New", + "status_code": "FAIL", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ— I attempt policy check \"load-balancer-tls-policy\" for control \"CCC.Core.CN01\" assessment requirement \"AR01\" for service \"{ServiceType}\" on resource \"{ResourceName}\" and provider \"{Provider}\" - Error: policy check failed: ALB TLS 1.3 Security Policy Check: query execution failed: exit status 254\nOutput: \nAn error occurred (ValidationError) when calling the DescribeListeners operation: 'logs-flowing-porpoise' is not a valid load balancer ARN\n\n⊘ \"{result}\" is true (skipped)", + "status_id": 1, + "time": 1772107487, + "time_dt": "2026-02-26T12:04:47Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN01.AR01" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772107488, + "created_time_dt": "2026-02-26T12:04:48Z", + "desc": "Compliance test scenario: Object storage encryption compliance", + "title": "Object storage encryption compliance", + "types": [], + "uid": "ccc-test-386-1772107488" + }, + "message": "Object storage encryption compliance", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@CCC.Core", + "@CCC.Core.CN02", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@Policy", + "@object-storage" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "logs-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "logs-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "logs-flowing-porpoise" + } + ], + "severity": "Medium", + "severity_id": 3, + "status": "New", + "status_code": "FAIL", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ— I attempt policy check \"object-storage-encryption\" for control \"CCC.Core.CN02\" assessment requirement \"AR01\" for service \"{ServiceType}\" on resource \"{ResourceName}\" and provider \"{Provider}\" - Error: policy check failed: S3 Bucket Server-Side Encryption Check: \n⊘ \"{result}\" is true (skipped)", + "status_id": 1, + "time": 1772107488, + "time_dt": "2026-02-26T12:04:48Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN02.AR01 - Data Encryption at Rest" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772107489, + "created_time_dt": "2026-02-26T12:04:49Z", + "desc": "Compliance test scenario: Verify objects are encrypted at rest", + "title": "Verify objects are encrypted at rest", + "types": [], + "uid": "ccc-test-397-1772107489" + }, + "message": "Verify objects are encrypted at rest", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@CCC.Core", + "@CCC.Core.CN02", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@Behavioural", + "@object-storage" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "logs-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "logs-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "logs-flowing-porpoise" + } + ], + "severity": "Informational", + "severity_id": 1, + "status": "New", + "status_code": "PASS", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{storage}\" with \"CreateObject\" using arguments \"{ResourceName}\", \"test-encryption-check.txt\", and \"encryption test data\"\nβœ“ \"{result}\" is not an error\nβœ“ I refer to \"{result}\" as \"uploadResult\"\nβœ“ \"{uploadResult.Encryption}\" is not null\nβœ“ \"{uploadResult.EncryptionAlgorithm}\" is \"AES256\"\nβœ“ I attach \"{uploadResult}\" to the test output as \"Upload Result with Encryption Details\"\nβœ“ I call \"{storage}\" with \"DeleteObject\" using arguments \"{ResourceName}\" and \"test-encryption-check.txt\"", + "status_id": 1, + "time": 1772107489, + "time_dt": "2026-02-26T12:04:49Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN02.AR01 - Data Encryption at Rest" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772107490, + "created_time_dt": "2026-02-26T12:04:50Z", + "desc": "Compliance test scenario: Object storage delete protection compliance", + "title": "Object storage delete protection compliance", + "types": [], + "uid": "ccc-test-418-1772107490" + }, + "message": "Object storage delete protection compliance", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@CCC.Core", + "@CCC.Core.CN03", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@Policy", + "@object-storage" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "logs-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "logs-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "logs-flowing-porpoise" + } + ], + "severity": "Medium", + "severity_id": 3, + "status": "New", + "status_code": "FAIL", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ— I attempt policy check \"object-storage-delete-protection\" for control \"CCC.Core.CN03\" assessment requirement \"AR01\" for service \"{ServiceType}\" on resource \"{ResourceName}\" and provider \"{Provider}\" - Error: policy check failed: S3 Bucket MFA Delete Configuration: \n⊘ \"{result}\" is true (skipped)", + "status_id": 1, + "time": 1772107490, + "time_dt": "2026-02-26T12:04:50Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN03.AR01 - Multi-Factor Authentication for Destructive Operations" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772107491, + "created_time_dt": "2026-02-26T12:04:51Z", + "desc": "Compliance test scenario: MFA requirement for destructive operations cannot be tested automatically", + "title": "MFA requirement for destructive operations cannot be tested automatically", + "types": [], + "uid": "ccc-test-421-1772107491" + }, + "message": "MFA requirement for destructive operations cannot be tested automatically", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@CCC.Core", + "@CCC.Core.CN03", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@Behavioural", + "@object-storage" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "logs-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "logs-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "logs-flowing-porpoise" + } + ], + "severity": "Informational", + "severity_id": 1, + "status": "New", + "status_code": "PASS", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ no-op required", + "status_id": 1, + "time": 1772107491, + "time_dt": "2026-02-26T12:04:51Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN03.AR01 - Multi-Factor Authentication for Destructive Operations" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772107491, + "created_time_dt": "2026-02-26T12:04:51Z", + "desc": "Compliance test scenario: API modification requires credential and trust perimeter origin", + "title": "API modification requires credential and trust perimeter origin", + "types": [], + "uid": "ccc-test-437-1772107491" + }, + "message": "API modification requires credential and trust perimeter origin", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@CCC.Core", + "@CCC.Core.CN03", + "@tlp-clear", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@Policy", + "@object-storage" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "logs-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "logs-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "logs-flowing-porpoise" + } + ], + "severity": "Informational", + "severity_id": 1, + "status": "New", + "status_code": "PASS", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ no-op required", + "status_id": 1, + "time": 1772107491, + "time_dt": "2026-02-26T12:04:51Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN03.AR02 - API Authentication with Credentials" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772107491, + "created_time_dt": "2026-02-26T12:04:51Z", + "desc": "Compliance test scenario: UI viewing requires multi-factor authentication", + "title": "UI viewing requires multi-factor authentication", + "types": [], + "uid": "ccc-test-451-1772107491" + }, + "message": "UI viewing requires multi-factor authentication", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@CCC.Core", + "@CCC.Core.CN03", + "@tlp-amber", + "@tlp-red", + "@Policy", + "@object-storage" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "logs-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "logs-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "logs-flowing-porpoise" + } + ], + "severity": "Informational", + "severity_id": 1, + "status": "New", + "status_code": "PASS", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ no-op required", + "status_id": 1, + "time": 1772107491, + "time_dt": "2026-02-26T12:04:51Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN03.AR03 - MFA for UI Viewing" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772107491, + "created_time_dt": "2026-02-26T12:04:51Z", + "desc": "Compliance test scenario: API viewing requires credential and trust perimeter origin", + "title": "API viewing requires credential and trust perimeter origin", + "types": [], + "uid": "ccc-test-465-1772107491" + }, + "message": "API viewing requires credential and trust perimeter origin", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@CCC.Core", + "@CCC.Core.CN03", + "@tlp-amber", + "@tlp-red", + "@Policy", + "@object-storage" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "logs-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "logs-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "logs-flowing-porpoise" + } + ], + "severity": "Informational", + "severity_id": 1, + "status": "New", + "status_code": "PASS", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ no-op required", + "status_id": 1, + "time": 1772107491, + "time_dt": "2026-02-26T12:04:51Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN03.AR04 - API Authentication for Viewing" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772107491, + "created_time_dt": "2026-02-26T12:04:51Z", + "desc": "Compliance test scenario: Admin logging compliance", + "title": "Admin logging compliance", + "types": [], + "uid": "ccc-test-500-1772107491" + }, + "message": "Admin logging compliance", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@CCC.Core", + "@CCC.Core.CN04", + "@tlp-clear", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@Policy", + "@object-storage", + "@vpc" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "logs-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "logs-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "logs-flowing-porpoise" + } + ], + "severity": "Medium", + "severity_id": 3, + "status": "New", + "status_code": "FAIL", + "status_detail": "βœ— I attempt policy check \"admin-logging\" for control \"CCC.Core.CN04\" assessment requirement \"AR01\" for service \"{ServiceType}\" on resource \"{ResourceName}\" and provider \"{Provider}\" - Error: policy check failed: CloudTrail Management Events Configuration: unknown parameter(s) in policy query: [AWSCloudTrailName] (available: [Protocol ServiceType ProviderServiceType ReportTitle Provider Region PortNumber CatalogTypes TagFilter UID PermittedAccountIds HostName ResourceName Instance Props AwsCloudTrailLogGroupName Labels ReportFile PermittedRegions])\n⊘ \"{result}\" is true (skipped)", + "status_id": 1, + "time": 1772107491, + "time_dt": "2026-02-26T12:04:51Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN04.AR01 - Log Administrative Access Attempts" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772107491, + "created_time_dt": "2026-02-26T12:04:51Z", + "desc": "Compliance test scenario: Verify admin actions are logged with identity and timestamp", + "title": "Verify admin actions are logged with identity and timestamp", + "types": [], + "uid": "ccc-test-515-1772107491" + }, + "message": "Verify admin actions are logged with identity and timestamp", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@CCC.Core", + "@CCC.Core.CN04", + "@tlp-clear", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@Behavioural", + "@object-storage" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "logs-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "logs-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "logs-flowing-porpoise" + } + ], + "severity": "Medium", + "severity_id": 3, + "status": "New", + "status_code": "FAIL", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"{ServiceType}\"\nβœ“ I refer to \"{result}\" as \"theService\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"logging\"\nβœ“ I refer to \"{result}\" as \"loggingService\"\nβœ“ I call \"{theService}\" with \"UpdateResourcePolicy\"\nβœ— \"{result}\" is not an error - Error: expected {result} to not be an error, but got: failed to get bucket policy (bucket may not have a policy): operation error S3: GetBucketPolicy, https response error StatusCode: 301, RequestID: NQP2143DV67W09B4, HostID: LOx4fHBEqJWtl19hgppA89oxehVcYOFcorK+VQ5ZYrmdFSKzHOS884Z+oLwzjfd14kzpDXiFSg+WGxK6zJWm8cTErTbR5qUYu8g+RNs8W2s=, api error PermanentRedirect: The bucket you are attempting to access must be addressed using the specified endpoint. Please send all future requests to this endpoint.\n⊘ I attach \"{result}\" to the test output as \"Policy Update Result\" (skipped)\n⊘ we wait for a period of \"10000\" ms (skipped)\n⊘ I call \"{loggingService}\" with \"QueryAdminLogs\" using arguments \"{ResourceName}\" and \"{20}\" (skipped)\n⊘ \"{result}\" is not an error (skipped)\n⊘ I refer to \"{result}\" as \"adminLogs\" (skipped)\n⊘ I attach \"{adminLogs}\" to the test output as \"Admin Activity Logs\" (skipped)\n⊘ \"{adminLogs}\" is an array of objects with at least the following contents (skipped)", + "status_id": 1, + "time": 1772107491, + "time_dt": "2026-02-26T12:04:51Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN04.AR01 - Log Administrative Access Attempts" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772107491, + "created_time_dt": "2026-02-26T12:04:51Z", + "desc": "Compliance test scenario: Object storage data modification logging compliance", + "title": "Object storage data modification logging compliance", + "types": [], + "uid": "ccc-test-554-1772107491" + }, + "message": "Object storage data modification logging compliance", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@CCC.Core", + "@CCC.Core.CN04", + "@tlp-amber", + "@tlp-red", + "@Policy", + "@object-storage" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "logs-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "logs-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "logs-flowing-porpoise" + } + ], + "severity": "Medium", + "severity_id": 3, + "status": "New", + "status_code": "FAIL", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ— I attempt policy check \"data-write-logging\" for control \"CCC.Core.CN04\" assessment requirement \"AR02\" for service \"{ServiceType}\" on resource \"{ResourceName}\" and provider \"{Provider}\" - Error: policy check failed: CloudTrail Data Events Write Configuration: unknown parameter(s) in policy query: [AWSCloudTrailName] (available: [Labels Provider PortNumber HostName Protocol ResourceName ReportTitle AwsCloudTrailLogGroupName api TagFilter UID ReportFile Region PermittedRegions PermittedAccountIds ServiceType ProviderServiceType CatalogTypes Instance Props])\n⊘ \"{result}\" is true (skipped)", + "status_id": 1, + "time": 1772107491, + "time_dt": "2026-02-26T12:04:51Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN04.AR02 - Log Data Modification Attempts" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772107491, + "created_time_dt": "2026-02-26T12:04:51Z", + "desc": "Compliance test scenario: Verify data modifications are logged with identity and timestamp", + "title": "Verify data modifications are logged with identity and timestamp", + "types": [], + "uid": "ccc-test-574-1772107491" + }, + "message": "Verify data modifications are logged with identity and timestamp", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@CCC.Core", + "@CCC.Core.CN04", + "@tlp-amber", + "@tlp-red", + "@Behavioural", + "@object-storage" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "logs-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "logs-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "logs-flowing-porpoise" + } + ], + "severity": "Medium", + "severity_id": 3, + "status": "New", + "status_code": "FAIL", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"logging\"\nβœ“ I refer to \"{result}\" as \"loggingService\"\nβœ“ I call \"{storage}\" with \"CreateObject\" using arguments \"{ResourceName}\", \"test-logging-object.txt\", and \"test data for logging verification\"\nβœ“ \"{result}\" is not an error\nβœ“ I refer to \"{result}\" as \"createResult\"\nβœ“ I attach \"{createResult}\" to the test output as \"Object Create Result\"\nβœ“ I call \"{storage}\" with \"DeleteObject\" using arguments \"{ResourceName}\" and \"test-logging-object.txt\"\nβœ“ \"{result}\" is not an error\nβœ“ I refer to \"{result}\" as \"deleteResult\"\nβœ“ I attach \"{deleteResult}\" to the test output as \"Object Delete Result\"\nβœ“ we wait for a period of \"10000\" ms\nβœ“ I call \"{loggingService}\" with \"QueryDataWriteLogs\" using arguments \"{ResourceName}\" and \"{20}\"\nβœ“ \"{result}\" is not an error\nβœ“ I refer to \"{result}\" as \"dataLogs\"\nβœ“ I attach \"{dataLogs}\" to the test output as \"Data Write Logs\"\nβœ— \"{dataLogs}\" is an array of objects with at least the following contents - Error: expected row not found: map[result:Succeeded]", + "status_id": 1, + "time": 1772107491, + "time_dt": "2026-02-26T12:04:51Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN04.AR02 - Log Data Modification Attempts" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772107502, + "created_time_dt": "2026-02-26T12:05:02Z", + "desc": "Compliance test scenario: Data read logging compliance", + "title": "Data read logging compliance", + "types": [], + "uid": "ccc-test-614-1772107502" + }, + "message": "Data read logging compliance", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@CCC.Core", + "@CCC.Core.CN04", + "@tlp-red", + "@Policy", + "@object-storage", + "@vpc" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "logs-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "logs-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "logs-flowing-porpoise" + } + ], + "severity": "Medium", + "severity_id": 3, + "status": "New", + "status_code": "FAIL", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ— I attempt policy check \"data-read-logging\" for control \"CCC.Core.CN04\" assessment requirement \"AR03\" for service \"{ServiceType}\" on resource \"{ResourceName}\" and provider \"{Provider}\" - Error: policy check failed: CloudTrail Data Events Read Configuration: unknown parameter(s) in policy query: [AWSCloudTrailName] (available: [api PortNumber Protocol CatalogTypes ReportFile TagFilter Labels UID Instance Provider Region AwsCloudTrailLogGroupName PermittedRegions HostName ServiceType ProviderServiceType ResourceName PermittedAccountIds ReportTitle Props])\n⊘ \"{result}\" is true (skipped)", + "status_id": 1, + "time": 1772107502, + "time_dt": "2026-02-26T12:05:02Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN04.AR03 - Log Data Read Attempts" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772107502, + "created_time_dt": "2026-02-26T12:05:02Z", + "desc": "Compliance test scenario: Verify data read operations are logged with identity and timestamp", + "title": "Verify data read operations are logged with identity and timestamp", + "types": [], + "uid": "ccc-test-635-1772107502" + }, + "message": "Verify data read operations are logged with identity and timestamp", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@CCC.Core", + "@CCC.Core.CN04", + "@tlp-red", + "@Behavioural", + "@object-storage" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "logs-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "logs-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "logs-flowing-porpoise" + } + ], + "severity": "Medium", + "severity_id": 3, + "status": "New", + "status_code": "FAIL", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"logging\"\nβœ“ I refer to \"{result}\" as \"loggingService\"\nβœ“ I call \"{storage}\" with \"CreateObject\" using arguments \"{ResourceName}\", \"test-read-logging-object.txt\", and \"test data for read logging verification\"\nβœ“ \"{result}\" is not an error\nβœ“ I refer to \"{result}\" as \"createResult\"\nβœ“ I call \"{storage}\" with \"ReadObject\" using arguments \"{ResourceName}\" and \"test-read-logging-object.txt\"\nβœ— \"{result}\" is not an error - Error: expected {result} to not be an error, but got: failed to read object test-read-logging-object.txt from bucket logs-flowing-porpoise: operation error S3: GetObject, https response error StatusCode: 301, RequestID: F5952TCYRTK7VDGE, HostID: tti9G0uCjCb/mXQK2Ae/NtOxSVnfePFoGw/zc5tDqQ62Xpvq2pdyI7mALJsLcxMNtrN77Zvw/j4=, api error PermanentRedirect: The bucket you are attempting to access must be addressed using the specified endpoint. Please send all future requests to this endpoint.\n⊘ I refer to \"{result}\" as \"readResult\" (skipped)\n⊘ I attach \"{readResult}\" to the test output as \"Object Read Result\" (skipped)\n⊘ I call \"{storage}\" with \"DeleteObject\" using arguments \"{ResourceName}\" and \"test-read-logging-object.txt\" (skipped)\n⊘ \"{result}\" is not an error (skipped)\n⊘ we wait for a period of \"10000\" ms (skipped)\n⊘ I call \"{loggingService}\" with \"QueryDataReadLogs\" using arguments \"{ResourceName}\" and \"{20}\" (skipped)\n⊘ \"{result}\" is not an error (skipped)\n⊘ I refer to \"{result}\" as \"readLogs\" (skipped)\n⊘ I attach \"{readLogs}\" to the test output as \"Data Read Logs\" (skipped)\n⊘ \"{readLogs}\" is an array of objects with at least the following contents (skipped)", + "status_id": 1, + "time": 1772107502, + "time_dt": "2026-02-26T12:05:02Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN04.AR03 - Log Data Read Attempts" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772107502, + "created_time_dt": "2026-02-26T12:05:02Z", + "desc": "Compliance test scenario: Service prevents data modification by user with no access", + "title": "Service prevents data modification by user with no access", + "types": [], + "uid": "ccc-test-700-1772107502" + }, + "message": "Service prevents data modification by user with no access", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@CCC.Core", + "@CCC.Core.CN05", + "@tlp-clear", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@Destructive", + "@Behavioural", + "@object-storage" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "logs-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "logs-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "logs-flowing-porpoise" + } + ], + "severity": "Informational", + "severity_id": 1, + "status": "New", + "status_code": "PASS", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ I call \"{iamService}\" with \"ProvisionUserWithAccess\" using arguments \"test-user-no-write-access\", \"{UID}\", and \"none\"\nβœ“ I refer to \"{result}\" as \"testUserNoAccess\"\nβœ“ I attach \"{result}\" to the test output as \"no-access-user-identity.json\"\nβœ“ I call \"{api}\" with \"GetServiceAPIWithIdentity\" using arguments \"object-storage\", \"{testUserNoAccess}\", and \"{false}\"\nβœ“ \"{result}\" is not an error\nβœ“ I refer to \"{result}\" as \"userStorage\"\nβœ“ I call \"{userStorage}\" with \"CreateObject\" using arguments \"{ResourceName}\", \"test-cn05-unauthorized-modify.txt\", and \"unauthorized data\"\nβœ“ \"{result}\" is an error\nβœ“ I attach \"{result}\" to the test output as \"no-access-create-error.txt\"", + "status_id": 1, + "time": 1772107502, + "time_dt": "2026-02-26T12:05:02Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN05.AR01 - Block Unauthorized Data Modification" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772107503, + "created_time_dt": "2026-02-26T12:05:03Z", + "desc": "Compliance test scenario: Service allows data modification by user with write access", + "title": "Service allows data modification by user with write access", + "types": [], + "uid": "ccc-test-716-1772107503" + }, + "message": "Service allows data modification by user with write access", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@CCC.Core", + "@CCC.Core.CN05", + "@tlp-clear", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@Destructive", + "@Behavioural", + "@object-storage" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "logs-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "logs-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "logs-flowing-porpoise" + } + ], + "severity": "Medium", + "severity_id": 3, + "status": "New", + "status_code": "FAIL", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ I call \"{iamService}\" with \"ProvisionUserWithAccess\" using arguments \"test-user-write-access\", \"{UID}\", and \"write\"\nβœ“ I refer to \"{result}\" as \"testUserWrite\"\nβœ“ I attach \"{result}\" to the test output as \"write-user-identity.json\"\nβœ“ I call \"{api}\" with \"GetServiceAPIWithIdentity\" using arguments \"object-storage\", \"{testUserWrite}\", and \"{true}\"\nβœ— \"{result}\" is not an error - Error: expected {result} to not be an error, but got: user provisioning validation failed: user permissions validation timed out after 12 attempts: credentials not ready for S3 access: operation error S3: ListBuckets, https response error StatusCode: 403, RequestID: SP6T38ZMRYGEVREP, HostID: UVrKeyJG5ABpXb25cd7lNg9l94RZDeyayxSxGZziRFWHosqY18uTEB2QWoZnSJtcqmieitiiSa/0nVwRkQyJD/lD0PdpKSDYzdzzGd00ZNo=, api error AccessDenied: User: arn:aws:iam::211203495394:user/test-user-write-access is not authorized to perform: s3:ListAllMyBuckets because no identity-based policy allows the s3:ListAllMyBuckets action\n⊘ I refer to \"{result}\" as \"userStorage\" (skipped)\n⊘ I call \"{userStorage}\" with \"CreateObject\" using arguments \"{ResourceName}\", \"test-cn05-authorized-modify.txt\", and \"authorized data\" (skipped)\n⊘ \"{result}\" is not an error (skipped)\n⊘ I attach \"{result}\" to the test output as \"write-create-object-result.json\" (skipped)\n⊘ I call \"{storage}\" with \"DeleteObject\" using arguments \"{ResourceName}\" and \"test-cn05-authorized-modify.txt\" (skipped)", + "status_id": 1, + "time": 1772107503, + "time_dt": "2026-02-26T12:05:03Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN05.AR01 - Block Unauthorized Data Modification" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772107573, + "created_time_dt": "2026-02-26T12:06:13Z", + "desc": "Compliance test scenario: Storage is not configured for public write access", + "title": "Storage is not configured for public write access", + "types": [], + "uid": "ccc-test-724-1772107573" + }, + "message": "Storage is not configured for public write access", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@CCC.Core", + "@CCC.Core.CN05", + "@tlp-clear", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@Policy", + "@object-storage" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "logs-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "logs-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "logs-flowing-porpoise" + } + ], + "severity": "Medium", + "severity_id": 3, + "status": "New", + "status_code": "FAIL", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ— I attempt policy check \"object-storage-block-public-write-access\" for control \"CCC.Core.CN05\" assessment requirement \"AR01\" for service \"{ServiceType}\" on resource \"{ResourceName}\" and provider \"{Provider}\" - Error: policy check failed: S3 Block Public Access Configuration: \n⊘ \"{result}\" is true (skipped)", + "status_id": 1, + "time": 1772107573, + "time_dt": "2026-02-26T12:06:13Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN05.AR01 - Block Unauthorized Data Modification" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772107574, + "created_time_dt": "2026-02-26T12:06:14Z", + "desc": "Compliance test scenario: Service prevents administrative action (creating a new bucket) by user with no access", + "title": "Service prevents administrative action (creating a new bucket) by user with no access", + "types": [], + "uid": "ccc-test-803-1772107574" + }, + "message": "Service prevents administrative action (creating a new bucket) by user with no access", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@CCC.Core", + "@CCC.Core.CN05", + "@tlp-clear", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@Destructive", + "@Behavioural", + "@object-storage" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "logs-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "logs-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "logs-flowing-porpoise" + } + ], + "severity": "Informational", + "severity_id": 1, + "status": "New", + "status_code": "PASS", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ I call \"{iamService}\" with \"ProvisionUserWithAccess\" using arguments \"test-user-no-admin-access\", \"{UID}\", and \"none\"\nβœ“ I refer to \"{result}\" as \"testUserNoAccess\"\nβœ“ I attach \"{result}\" to the test output as \"no-admin-user-identity.json\"\nβœ“ I call \"{api}\" with \"GetServiceAPIWithIdentity\" using arguments \"object-storage\", \"{testUserNoAccess}\", and \"{false}\"\nβœ“ \"{result}\" is not an error\nβœ“ I refer to \"{result}\" as \"userStorage\"\nβœ“ I call \"{userStorage}\" with \"CreateBucket\" using argument \"test-cn05-unauthorized-admin-container\"\nβœ“ \"{result}\" is an error\nβœ“ I attach \"{result}\" to the test output as \"no-admin-create-bucket-error.txt\"", + "status_id": 1, + "time": 1772107574, + "time_dt": "2026-02-26T12:06:14Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN05.AR02 - Block Unauthorized Administrative Access" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772107575, + "created_time_dt": "2026-02-26T12:06:15Z", + "desc": "Compliance test scenario: Service prevents administrative action (creating a new bucket) by user with read-only access", + "title": "Service prevents administrative action (creating a new bucket) by user with read-only access", + "types": [], + "uid": "ccc-test-818-1772107575" + }, + "message": "Service prevents administrative action (creating a new bucket) by user with read-only access", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@CCC.Core", + "@CCC.Core.CN05", + "@tlp-clear", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@Destructive", + "@Behavioural", + "@object-storage" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "logs-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "logs-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "logs-flowing-porpoise" + } + ], + "severity": "Informational", + "severity_id": 1, + "status": "New", + "status_code": "PASS", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ I call \"{iamService}\" with \"ProvisionUserWithAccess\" using arguments \"test-user-read-only-admin\", \"{UID}\", and \"read\"\nβœ“ I refer to \"{result}\" as \"testUserRead\"\nβœ“ I attach \"{result}\" to the test output as \"read-only-admin-user-identity.json\"\nβœ“ I call \"{api}\" with \"GetServiceAPIWithIdentity\" using arguments \"object-storage\", \"{testUserRead}\", and \"{false}\"\nβœ“ \"{result}\" is not an error\nβœ“ I refer to \"{result}\" as \"userStorage\"\nβœ“ I call \"{userStorage}\" with \"CreateBucket\" using argument \"test-cn05-read-only-create-container\"\nβœ“ \"{result}\" is an error\nβœ“ I attach \"{result}\" to the test output as \"read-only-create-bucket-error.txt\"", + "status_id": 1, + "time": 1772107575, + "time_dt": "2026-02-26T12:06:15Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN05.AR02 - Block Unauthorized Administrative Access" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772107590, + "created_time_dt": "2026-02-26T12:06:30Z", + "desc": "Compliance test scenario: Service allows administrative action (creating a new bucket) by user with admin access", + "title": "Service allows administrative action (creating a new bucket) by user with admin access", + "types": [], + "uid": "ccc-test-834-1772107590" + }, + "message": "Service allows administrative action (creating a new bucket) by user with admin access", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@CCC.Core", + "@CCC.Core.CN05", + "@tlp-clear", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@Behavioural", + "@object-storage" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "logs-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "logs-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "logs-flowing-porpoise" + } + ], + "severity": "Informational", + "severity_id": 1, + "status": "New", + "status_code": "PASS", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ I call \"{iamService}\" with \"ProvisionUserWithAccess\" using arguments \"test-user-admin-access\", \"{UID}\", and \"admin\"\nβœ“ I refer to \"{result}\" as \"testUserAdmin\"\nβœ“ I attach \"{result}\" to the test output as \"admin-user-identity.json\"\nβœ“ I call \"{api}\" with \"GetServiceAPIWithIdentity\" using arguments \"object-storage\", \"{testUserAdmin}\", and \"{true}\"\nβœ“ \"{result}\" is not an error\nβœ“ I refer to \"{result}\" as \"userStorage\"\nβœ“ I call \"{userStorage}\" with \"CreateBucket\" using argument \"test-cn05-authorized-admin-container\"\nβœ“ \"{result}\" is not an error\nβœ“ I attach \"{result}\" to the test output as \"admin-create-bucket-result.json\"\nβœ“ I call \"{storage}\" with \"DeleteBucket\" using argument \"test-cn05-authorized-admin-container\"", + "status_id": 1, + "time": 1772107590, + "time_dt": "2026-02-26T12:06:30Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN05.AR02 - Block Unauthorized Administrative Access" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772107606, + "created_time_dt": "2026-02-26T12:06:46Z", + "desc": "Compliance test scenario: Unauthorized administrative access is blocked", + "title": "Unauthorized administrative access is blocked", + "types": [], + "uid": "ccc-test-841-1772107606" + }, + "message": "Unauthorized administrative access is blocked", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@CCC.Core", + "@CCC.Core.CN05", + "@tlp-clear", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@Policy", + "@object-storage" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "logs-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "logs-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "logs-flowing-porpoise" + } + ], + "severity": "Informational", + "severity_id": 1, + "status": "New", + "status_code": "PASS", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ no-op required", + "status_id": 1, + "time": 1772107606, + "time_dt": "2026-02-26T12:06:46Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN05.AR02 - Block Unauthorized Administrative Access" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772107606, + "created_time_dt": "2026-02-26T12:06:46Z", + "desc": "Compliance test scenario: Cross-tenant access is blocked without explicit allowlist", + "title": "Cross-tenant access is blocked without explicit allowlist", + "types": [], + "uid": "ccc-test-859-1772107606" + }, + "message": "Cross-tenant access is blocked without explicit allowlist", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@CCC.Core", + "@CCC.Core.CN05", + "@tlp-clear", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@Policy", + "@object-storage" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "logs-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "logs-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "logs-flowing-porpoise" + } + ], + "severity": "Medium", + "severity_id": 3, + "status": "New", + "status_code": "FAIL", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ— I attempt policy check \"object-storage-cross-tenant-block\" for control \"CCC.Core.CN05\" assessment requirement \"AR03\" for service \"{ServiceType}\" on resource \"{ResourceName}\" and provider \"{Provider}\" - Error: policy check failed: AWS S3 Cross-Tenant Access Block: \n⊘ \"{result}\" is true (skipped)", + "status_id": 1, + "time": 1772107606, + "time_dt": "2026-02-26T12:06:46Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN05.AR03 - Block Cross-Tenant Access" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772107608, + "created_time_dt": "2026-02-26T12:06:48Z", + "desc": "Compliance test scenario: External unauthorized data requests are blocked", + "title": "External unauthorized data requests are blocked", + "types": [], + "uid": "ccc-test-873-1772107608" + }, + "message": "External unauthorized data requests are blocked", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@CCC.Core", + "@CCC.Core.CN05", + "@tlp-amber", + "@tlp-red", + "@Policy", + "@object-storage" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "logs-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "logs-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "logs-flowing-porpoise" + } + ], + "severity": "Informational", + "severity_id": 1, + "status": "New", + "status_code": "PASS", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ no-op required", + "status_id": 1, + "time": 1772107608, + "time_dt": "2026-02-26T12:06:48Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN05.AR04 - Block Unauthorized External Data Requests" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772107608, + "created_time_dt": "2026-02-26T12:06:48Z", + "desc": "Compliance test scenario: External requests do not reveal service existence", + "title": "External requests do not reveal service existence", + "types": [], + "uid": "ccc-test-886-1772107608" + }, + "message": "External requests do not reveal service existence", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@CCC.Core", + "@CCC.Core.CN05", + "@tlp-red", + "@Policy", + "@object-storage" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "logs-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "logs-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "logs-flowing-porpoise" + } + ], + "severity": "Informational", + "severity_id": 1, + "status": "New", + "status_code": "PASS", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ no-op required", + "status_id": 1, + "time": 1772107608, + "time_dt": "2026-02-26T12:06:48Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN05.AR05 - Hide Service Existence from External Requests" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772107608, + "created_time_dt": "2026-02-26T12:06:48Z", + "desc": "Compliance test scenario: Service prevents data read by user with no access", + "title": "Service prevents data read by user with no access", + "types": [], + "uid": "ccc-test-914-1772107608" + }, + "message": "Service prevents data read by user with no access", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@CCC.Core", + "@CCC.Core.CN05", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@Destructive", + "@Behavioural", + "@object-storage" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "logs-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "logs-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "logs-flowing-porpoise" + } + ], + "severity": "Informational", + "severity_id": 1, + "status": "New", + "status_code": "PASS", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ no-op required", + "status_id": 1, + "time": 1772107608, + "time_dt": "2026-02-26T12:06:48Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN05.AR06 - Block All Unauthorized Requests" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772107608, + "created_time_dt": "2026-02-26T12:06:48Z", + "desc": "Compliance test scenario: All unauthorized requests are blocked", + "title": "All unauthorized requests are blocked", + "types": [], + "uid": "ccc-test-921-1772107608" + }, + "message": "All unauthorized requests are blocked", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@CCC.Core", + "@CCC.Core.CN05", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@Policy", + "@object-storage" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "logs-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "logs-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "logs-flowing-porpoise" + } + ], + "severity": "Informational", + "severity_id": 1, + "status": "New", + "status_code": "PASS", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ no-op required", + "status_id": 1, + "time": 1772107608, + "time_dt": "2026-02-26T12:06:48Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN05.AR06 - Block All Unauthorized Requests" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772107608, + "created_time_dt": "2026-02-26T12:06:48Z", + "desc": "Compliance test scenario: Object storage region compliance", + "title": "Object storage region compliance", + "types": [], + "uid": "ccc-test-944-1772107608" + }, + "message": "Object storage region compliance", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@CCC.Core", + "@CCC.Core.CN06", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@Policy", + "@object-storage" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "logs-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "logs-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "logs-flowing-porpoise" + } + ], + "severity": "Medium", + "severity_id": 3, + "status": "New", + "status_code": "FAIL", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ— I attempt policy check \"object-storage-region\" for control \"CCC.Core.CN06\" assessment requirement \"AR01\" for service \"{ServiceType}\" on resource \"{ResourceName}\" and provider \"{Provider}\" - Error: policy check failed: S3 Bucket Region Compliance: \n⊘ \"{result}\" is true (skipped)", + "status_id": 1, + "time": 1772107608, + "time_dt": "2026-02-26T12:06:48Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN06.AR01 - Resource Location Compliance" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772107609, + "created_time_dt": "2026-02-26T12:06:49Z", + "desc": "Compliance test scenario: Child resources are in approved regions", + "title": "Child resources are in approved regions", + "types": [], + "uid": "ccc-test-965-1772107609" + }, + "message": "Child resources are in approved regions", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@CCC.Core", + "@CCC.Core.CN06", + "@tlp-clear", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@Policy", + "@object-storage" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "logs-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "logs-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "logs-flowing-porpoise" + } + ], + "severity": "Informational", + "severity_id": 1, + "status": "New", + "status_code": "PASS", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ no-op required", + "status_id": 1, + "time": 1772107609, + "time_dt": "2026-02-26T12:06:49Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN06.AR02 - Child Resource Location Compliance" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772107609, + "created_time_dt": "2026-02-26T12:06:49Z", + "desc": "Compliance test scenario: Enumeration activities publish events to monitored channels", + "title": "Enumeration activities publish events to monitored channels", + "types": [], + "uid": "ccc-test-981-1772107609" + }, + "message": "Enumeration activities publish events to monitored channels", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@CCC.Core", + "@CCC.Core.CN07", + "@tlp-amber", + "@tlp-red", + "@Policy", + "@object-storage" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "logs-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "logs-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "logs-flowing-porpoise" + } + ], + "severity": "Informational", + "severity_id": 1, + "status": "New", + "status_code": "PASS", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I attempt policy check \"enumeration-monitoring-policy\" for control \"CCC.Core.CN07\" assessment requirement \"AR01\" for service \"{ServiceType}\" on resource \"{ResourceName}\" and provider \"{Provider}\"\nβœ“ \"{result}\" is true", + "status_id": 1, + "time": 1772107609, + "time_dt": "2026-02-26T12:06:49Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN07.AR01 - Publish Enumeration Activity Events" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772107609, + "created_time_dt": "2026-02-26T12:06:49Z", + "desc": "Compliance test scenario: Enumeration activities are logged", + "title": "Enumeration activities are logged", + "types": [], + "uid": "ccc-test-997-1772107609" + }, + "message": "Enumeration activities are logged", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@CCC.Core", + "@CCC.Core.CN07", + "@tlp-clear", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@Policy", + "@object-storage" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "logs-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "logs-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "logs-flowing-porpoise" + } + ], + "severity": "Informational", + "severity_id": 1, + "status": "New", + "status_code": "PASS", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ no-op required", + "status_id": 1, + "time": 1772107609, + "time_dt": "2026-02-26T12:06:49Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN07.AR02 - Log Enumeration Activities" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772107609, + "created_time_dt": "2026-02-26T12:06:49Z", + "desc": "Compliance test scenario: Object storage replication compliance", + "title": "Object storage replication compliance", + "types": [], + "uid": "ccc-test-1014-1772107609" + }, + "message": "Object storage replication compliance", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@CCC.Core", + "@CCC.Core.CN08", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@Policy", + "@object-storage" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "logs-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "logs-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "logs-flowing-porpoise" + } + ], + "severity": "Medium", + "severity_id": 3, + "status": "New", + "status_code": "FAIL", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ— I attempt policy check \"object-storage-replication\" for control \"CCC.Core.CN08\" assessment requirement \"AR01\" for service \"{ServiceType}\" on resource \"{ResourceName}\" and provider \"{Provider}\" - Error: policy check failed: S3 Cross-Region Replication Configuration: query execution failed: exit status 254\nOutput: \nAn error occurred (ReplicationConfigurationNotFoundError) when calling the GetBucketReplication operation: The replication configuration was not found\n\n⊘ \"{result}\" is true (skipped)", + "status_id": 1, + "time": 1772107609, + "time_dt": "2026-02-26T12:06:49Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN08.AR01 - Data Replication and Redundancy" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772107610, + "created_time_dt": "2026-02-26T12:06:50Z", + "desc": "Compliance test scenario: Object storage replication status is visible", + "title": "Object storage replication status is visible", + "types": [], + "uid": "ccc-test-1031-1772107610" + }, + "message": "Object storage replication status is visible", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@CCC.Core", + "@CCC.Core.CN08", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@Policy", + "@object-storage" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "logs-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "logs-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "logs-flowing-porpoise" + } + ], + "severity": "Medium", + "severity_id": 3, + "status": "New", + "status_code": "FAIL", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ— I attempt policy check \"object-storage-replication-status\" for control \"CCC.Core.CN08\" assessment requirement \"AR02\" for service \"{ServiceType}\" on resource \"{ResourceName}\" and provider \"{Provider}\" - Error: policy check failed: S3 Replication Status Visibility: query execution failed: exit status 254\nOutput: \nAn error occurred (ReplicationConfigurationNotFoundError) when calling the GetBucketReplication operation: The replication configuration was not found\n\n⊘ \"{result}\" is true (skipped)", + "status_id": 1, + "time": 1772107610, + "time_dt": "2026-02-26T12:06:50Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN08.AR02 - Replication Status Visibility" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772107611, + "created_time_dt": "2026-02-26T12:06:51Z", + "desc": "Compliance test scenario: Object storage access logging compliance", + "title": "Object storage access logging compliance", + "types": [], + "uid": "ccc-test-1048-1772107611" + }, + "message": "Object storage access logging compliance", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@CCC.Core", + "@CCC.Core.CN09", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@Policy", + "@object-storage" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "logs-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "logs-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "logs-flowing-porpoise" + } + ], + "severity": "Medium", + "severity_id": 3, + "status": "New", + "status_code": "FAIL", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ— I attempt policy check \"object-storage-access-logging\" for control \"CCC.Core.CN09\" assessment requirement \"AR01\" for service \"{ServiceType}\" on resource \"{ResourceName}\" and provider \"{Provider}\" - Error: policy check failed: S3 Server Access Logging Configuration: \n⊘ \"{result}\" is true (skipped)", + "status_id": 1, + "time": 1772107611, + "time_dt": "2026-02-26T12:06:51Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN09.AR01 - Access Logging Separation" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772107612, + "created_time_dt": "2026-02-26T12:06:52Z", + "desc": "Compliance test scenario: Disabling logs requires disabling the resource", + "title": "Disabling logs requires disabling the resource", + "types": [], + "uid": "ccc-test-1064-1772107612" + }, + "message": "Disabling logs requires disabling the resource", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@CCC.Core", + "@CCC.Core.CN09", + "@tlp-clear", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@Policy", + "@object-storage" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "logs-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "logs-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "logs-flowing-porpoise" + } + ], + "severity": "Informational", + "severity_id": 1, + "status": "New", + "status_code": "PASS", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ no-op required", + "status_id": 1, + "time": 1772107612, + "time_dt": "2026-02-26T12:06:52Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN09.AR02 - Logs Cannot Be Disabled" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772107612, + "created_time_dt": "2026-02-26T12:06:52Z", + "desc": "Compliance test scenario: Redirecting logs requires halting the resource", + "title": "Redirecting logs requires halting the resource", + "types": [], + "uid": "ccc-test-1078-1772107612" + }, + "message": "Redirecting logs requires halting the resource", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@CCC.Core", + "@CCC.Core.CN09", + "@tlp-amber", + "@tlp-red", + "@Policy", + "@object-storage" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "logs-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "logs-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "logs-flowing-porpoise" + } + ], + "severity": "Informational", + "severity_id": 1, + "status": "New", + "status_code": "PASS", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ no-op required", + "status_id": 1, + "time": 1772107612, + "time_dt": "2026-02-26T12:06:52Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN09.AR03 - Log Redirection Requires Service Halt" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772107612, + "created_time_dt": "2026-02-26T12:06:52Z", + "desc": "Compliance test scenario: Object storage replication destination compliance", + "title": "Object storage replication destination compliance", + "types": [], + "uid": "ccc-test-1095-1772107612" + }, + "message": "Object storage replication destination compliance", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@CCC.Core", + "@CCC.Core.CN10", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@Policy", + "@object-storage" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "logs-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "logs-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "logs-flowing-porpoise" + } + ], + "severity": "Medium", + "severity_id": 3, + "status": "New", + "status_code": "FAIL", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ— I attempt policy check \"object-storage-replication-destination\" for control \"CCC.Core.CN10\" assessment requirement \"AR01\" for service \"{ServiceType}\" on resource \"{ResourceName}\" and provider \"{Provider}\" - Error: policy check failed: S3 Replication Destination Region Validation: query execution failed: exit status 254\nOutput: \nAn error occurred (ReplicationConfigurationNotFoundError) when calling the GetBucketReplication operation: The replication configuration was not found\n\n⊘ \"{result}\" is true (skipped)", + "status_id": 1, + "time": 1772107612, + "time_dt": "2026-02-26T12:06:52Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN10.AR01 - Replication Destination Trust" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772107613, + "created_time_dt": "2026-02-26T12:06:53Z", + "desc": "Compliance test scenario: Service prevents reading bucket with no access", + "title": "Service prevents reading bucket with no access", + "types": [], + "uid": "ccc-test-1146-1772107613" + }, + "message": "Service prevents reading bucket with no access", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@object-storage", + "@CCC.ObjStor", + "@tlp-amber", + "@tlp-red", + "@CCC.ObjStor.CN01.AR01", + "@Destructive" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "logs-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "logs-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "logs-flowing-porpoise" + } + ], + "severity": "Informational", + "severity_id": 1, + "status": "New", + "status_code": "PASS", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ I call \"{iamService}\" with \"ProvisionUserWithAccess\" using arguments \"test-user-no-access\", \"{UID}\", and \"none\"\nβœ“ I refer to \"{result}\" as \"testUserNoAccess\"\nβœ“ I attach \"{result}\" to the test output as \"no-access-user-identity.json\"\nβœ“ I call \"{api}\" with \"GetServiceAPIWithIdentity\" using arguments \"object-storage\", \"{testUserNoAccess}\", and \"{false}\"\nβœ“ \"{result}\" is not an error\nβœ“ I refer to \"{result}\" as \"userStorage\"\nβœ“ I call \"{userStorage}\" with \"ListObjects\" using argument \"{ResourceName}\"\nβœ“ \"{result}\" is an error\nβœ“ I attach \"{result}\" to the test output as \"no-access-list-error.txt\"", + "status_id": 1, + "time": 1772107613, + "time_dt": "2026-02-26T12:06:53Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.ObjStor.CN01.AR01" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772107613, + "created_time_dt": "2026-02-26T12:06:53Z", + "desc": "Compliance test scenario: Service allows reading bucket with read access", + "title": "Service allows reading bucket with read access", + "types": [], + "uid": "ccc-test-1162-1772107613" + }, + "message": "Service allows reading bucket with read access", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@object-storage", + "@CCC.ObjStor", + "@tlp-amber", + "@tlp-red", + "@CCC.ObjStor.CN01.AR01" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "logs-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "logs-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "logs-flowing-porpoise" + } + ], + "severity": "Medium", + "severity_id": 3, + "status": "New", + "status_code": "FAIL", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ I call \"{iamService}\" with \"ProvisionUserWithAccess\" using arguments \"test-user-read\", \"{UID}\", and \"read\"\nβœ“ I refer to \"{result}\" as \"testUserRead\"\nβœ“ I attach \"{result}\" to the test output as \"read-user-identity.json\"\nβœ“ I call \"{api}\" with \"GetServiceAPIWithIdentity\" using arguments \"object-storage\", \"{testUserRead}\", and \"{true}\"\nβœ— \"{result}\" is not an error - Error: expected {result} to not be an error, but got: user provisioning validation failed: user permissions validation timed out after 12 attempts: credentials not ready for S3 access: operation error S3: ListBuckets, https response error StatusCode: 403, RequestID: 38Y8XH29DCNHQ84Z, HostID: sLovvXSLNO6ubWLmxHFJb4VX1HviAoa2JS/hmVWd75+O1sHcallSk1FH/ywftWfJdEfqX2XWatGFCmYmxH2nMIpnSOXKLzqaPPcoKiLRWYw=, api error AccessDenied: User: arn:aws:iam::211203495394:user/test-user-read is not authorized to perform: s3:ListAllMyBuckets because no identity-based policy allows the s3:ListAllMyBuckets action\n⊘ I attach \"{result}\" to the test output as \"read-storage-service.json\" (skipped)\n⊘ I refer to \"{result}\" as \"userStorage\" (skipped)\n⊘ I call \"{userStorage}\" with \"ListObjects\" using argument \"{ResourceName}\" (skipped)\n⊘ \"{result}\" is not an error (skipped)\n⊘ I attach \"{result}\" to the test output as \"read-list-objects-result.json\" (skipped)", + "status_id": 1, + "time": 1772107613, + "time_dt": "2026-02-26T12:06:53Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.ObjStor.CN01.AR01" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772107683, + "created_time_dt": "2026-02-26T12:08:03Z", + "desc": "Compliance test scenario: Test policy", + "title": "Test policy", + "types": [], + "uid": "ccc-test-1163-1772107683" + }, + "message": "Test policy", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@object-storage", + "@CCC.ObjStor", + "@tlp-amber", + "@tlp-red", + "@CCC.ObjStor.CN01.AR01", + "@Policy" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "logs-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "logs-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "logs-flowing-porpoise" + } + ], + "severity": "Informational", + "severity_id": 1, + "status": "New", + "status_code": "PASS", + "status_detail": "", + "status_id": 1, + "time": 1772107683, + "time_dt": "2026-02-26T12:08:03Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.ObjStor.CN01.AR01" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772107683, + "created_time_dt": "2026-02-26T12:08:03Z", + "desc": "Compliance test scenario: Service prevents reading object with no access", + "title": "Service prevents reading object with no access", + "types": [], + "uid": "ccc-test-1216-1772107683" + }, + "message": "Service prevents reading object with no access", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@object-storage", + "@CCC.ObjStor", + "@tlp-amber", + "@tlp-red", + "@CCC.ObjStor.CN01.AR02" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "logs-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "logs-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "logs-flowing-porpoise" + } + ], + "severity": "Informational", + "severity_id": 1, + "status": "New", + "status_code": "PASS", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ I call \"{storage}\" with \"CreateObject\" using arguments \"{ResourceName}\", \"test-object.txt\", and \"test content\"\nβœ“ \"{result}\" is not an error\nβœ“ I call \"{iamService}\" with \"ProvisionUserWithAccess\" using arguments \"test-user-no-access\", \"{UID}\", and \"none\"\nβœ“ I refer to \"{result}\" as \"testUserNoAccess\"\nβœ“ I attach \"{result}\" to the test output as \"no-access-user-identity.json\"\nβœ“ I call \"{api}\" with \"GetServiceAPIWithIdentity\" using arguments \"object-storage\", \"{testUserNoAccess}\", and \"{false}\"\nβœ“ \"{result}\" is not an error\nβœ“ I refer to \"{result}\" as \"userStorage\"\nβœ“ I call \"{userStorage}\" with \"ReadObject\" using arguments \"{ResourceName}\" and \"test-object.txt\"\nβœ“ \"{result}\" is an error\nβœ“ I attach \"{result}\" to the test output as \"no-access-read-object-error.txt\"", + "status_id": 1, + "time": 1772107683, + "time_dt": "2026-02-26T12:08:03Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.ObjStor.CN01.AR02" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772107684, + "created_time_dt": "2026-02-26T12:08:04Z", + "desc": "Compliance test scenario: Service allows reading object with read access", + "title": "Service allows reading object with read access", + "types": [], + "uid": "ccc-test-1235-1772107684" + }, + "message": "Service allows reading object with read access", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@object-storage", + "@CCC.ObjStor", + "@tlp-amber", + "@tlp-red", + "@CCC.ObjStor.CN01.AR02" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "logs-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "logs-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "logs-flowing-porpoise" + } + ], + "severity": "Medium", + "severity_id": 3, + "status": "New", + "status_code": "FAIL", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ I call \"{storage}\" with \"CreateObject\" using arguments \"{ResourceName}\", \"test-object.txt\", and \"test content\"\nβœ“ \"{result}\" is not an error\nβœ“ I call \"{iamService}\" with \"ProvisionUserWithAccess\" using arguments \"test-user-read\", \"{UID}\", and \"read\"\nβœ“ I refer to \"{result}\" as \"testUserRead\"\nβœ“ I attach \"{result}\" to the test output as \"read-user-identity.json\"\nβœ“ I call \"{api}\" with \"GetServiceAPIWithIdentity\" using arguments \"object-storage\", \"{testUserRead}\", and \"{true}\"\nβœ— \"{result}\" is not an error - Error: expected {result} to not be an error, but got: user provisioning validation failed: user permissions validation timed out after 12 attempts: credentials not ready for S3 access: operation error S3: ListBuckets, https response error StatusCode: 403, RequestID: ZCN089CZXV01Y9MM, HostID: JFwLHtAdJh7VKaqpaNEaxALqSt20hLF7DAOLfFxmvxhf1kFAOJUpiemQnsvFE0F1CWiqSaJJ7GU=, api error AccessDenied: User: arn:aws:iam::211203495394:user/test-user-read is not authorized to perform: s3:ListAllMyBuckets because no identity-based policy allows the s3:ListAllMyBuckets action\n⊘ I attach \"{result}\" to the test output as \"read-storage-service.json\" (skipped)\n⊘ I refer to \"{result}\" as \"userStorage\" (skipped)\n⊘ I call \"{userStorage}\" with \"ReadObject\" using arguments \"{ResourceName}\" and \"test-object.txt\" (skipped)\n⊘ \"{result}\" is not an error (skipped)\n⊘ I attach \"{result}\" to the test output as \"read-read-object-result.json\" (skipped)\n⊘ I call \"{storage}\" with \"DeleteObject\" using arguments \"{ResourceName}\" and \"test-object.txt\" (skipped)", + "status_id": 1, + "time": 1772107684, + "time_dt": "2026-02-26T12:08:04Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.ObjStor.CN01.AR02" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772107739, + "created_time_dt": "2026-02-26T12:08:59Z", + "desc": "Compliance test scenario: Service prevents creating bucket with no access", + "title": "Service prevents creating bucket with no access", + "types": [], + "uid": "ccc-test-1286-1772107739" + }, + "message": "Service prevents creating bucket with no access", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@object-storage", + "@CCC.ObjStor", + "@tlp-clear", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@CCC.ObjStor.CN01.AR03" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "logs-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "logs-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "logs-flowing-porpoise" + } + ], + "severity": "Informational", + "severity_id": 1, + "status": "New", + "status_code": "PASS", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ I call \"{iamService}\" with \"ProvisionUserWithAccess\" using arguments \"test-user-no-access\", \"{UID}\", and \"none\"\nβœ“ I refer to \"{result}\" as \"testUserNoAccess\"\nβœ“ I attach \"{result}\" to the test output as \"no-access-user-identity.json\"\nβœ“ I call \"{api}\" with \"GetServiceAPIWithIdentity\" using arguments \"object-storage\", \"{testUserNoAccess}\", and \"{false}\"\nβœ“ \"{result}\" is not an error\nβœ“ I refer to \"{result}\" as \"userStorage\"\nβœ“ I call \"{userStorage}\" with \"CreateBucket\" using argument \"test-bucket-no-access\"\nβœ“ \"{result}\" is an error\nβœ“ I attach \"{result}\" to the test output as \"no-access-create-bucket-error.txt\"", + "status_id": 1, + "time": 1772107739, + "time_dt": "2026-02-26T12:08:59Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.ObjStor.CN01.AR03" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772107739, + "created_time_dt": "2026-02-26T12:08:59Z", + "desc": "Compliance test scenario: Service allows creating bucket with write access", + "title": "Service allows creating bucket with write access", + "types": [], + "uid": "ccc-test-1303-1772107739" + }, + "message": "Service allows creating bucket with write access", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@object-storage", + "@CCC.ObjStor", + "@tlp-clear", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@CCC.ObjStor.CN01.AR03" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "logs-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "logs-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "logs-flowing-porpoise" + } + ], + "severity": "Medium", + "severity_id": 3, + "status": "New", + "status_code": "FAIL", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ I call \"{iamService}\" with \"ProvisionUserWithAccess\" using arguments \"test-user-write\", \"{UID}\", and \"write\"\nβœ“ I refer to \"{result}\" as \"testUserWrite\"\nβœ“ I attach \"{result}\" to the test output as \"write-user-identity.json\"\nβœ“ I call \"{api}\" with \"GetServiceAPIWithIdentity\" using arguments \"object-storage\", \"{testUserWrite}\", and \"{true}\"\nβœ— \"{result}\" is not an error - Error: expected {result} to not be an error, but got: user provisioning validation failed: user permissions validation timed out after 12 attempts: credentials not ready for S3 access: operation error S3: ListBuckets, https response error StatusCode: 403, RequestID: 6628RNMVNRWPVKQ9, HostID: i2Vbfd5bmJ+bJ+Fc6eH4sWJOjQVxjm00/s/Y+O4CtESKOZhMS+/5RsvDi8iLaezOo/XIuJh/nnQ=, api error AccessDenied: User: arn:aws:iam::211203495394:user/test-user-write is not authorized to perform: s3:ListAllMyBuckets because no identity-based policy allows the s3:ListAllMyBuckets action\n⊘ I attach \"{result}\" to the test output as \"write-storage-service.json\" (skipped)\n⊘ I refer to \"{result}\" as \"userStorage\" (skipped)\n⊘ I call \"{userStorage}\" with \"CreateBucket\" using argument \"test-bucket-write\" (skipped)\n⊘ \"{result}\" is not an error (skipped)\n⊘ I attach \"{result}\" to the test output as \"write-create-bucket-result.json\" (skipped)\n⊘ I call \"{storage}\" with \"DeleteBucket\" using argument \"{result.ID}\" (skipped)", + "status_id": 1, + "time": 1772107739, + "time_dt": "2026-02-26T12:08:59Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.ObjStor.CN01.AR03" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772107810, + "created_time_dt": "2026-02-26T12:10:10Z", + "desc": "Compliance test scenario: Service prevents writing object with read-only access", + "title": "Service prevents writing object with read-only access", + "types": [], + "uid": "ccc-test-1358-1772107810" + }, + "message": "Service prevents writing object with read-only access", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@object-storage", + "@CCC.ObjStor", + "@tlp-clear", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@CCC.ObjStor.CN01.AR04" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "logs-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "logs-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "logs-flowing-porpoise" + } + ], + "severity": "Medium", + "severity_id": 3, + "status": "New", + "status_code": "FAIL", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ \"{result}\" is not an error\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ \"{result}\" is not an error\nβœ“ I call \"{iamService}\" with \"ProvisionUserWithAccess\" using arguments \"test-user-read\", \"{UID}\", and \"read\"\nβœ“ I refer to \"{result}\" as \"testUserRead\"\nβœ“ I attach \"{result}\" to the test output as \"read-user-identity.json\"\nβœ“ I call \"{api}\" with \"GetServiceAPIWithIdentity\" using arguments \"object-storage\", \"{testUserRead}\", and \"{true}\"\nβœ— \"{result}\" is not an error - Error: expected {result} to not be an error, but got: user provisioning validation failed: user permissions validation timed out after 12 attempts: credentials not ready for S3 access: operation error S3: ListBuckets, https response error StatusCode: 403, RequestID: FWKEPKBQGJX782JR, HostID: zRzWNq1vm9AvOnxuqgQKc2XKF29ZymxmEU6L7NqDshwfKXCNI4MKs/HPbUSyLg7gbFr1pmIGHVA=, api error AccessDenied: User: arn:aws:iam::211203495394:user/test-user-read is not authorized to perform: s3:ListAllMyBuckets because no identity-based policy allows the s3:ListAllMyBuckets action\n⊘ I refer to \"{result}\" as \"userStorage\" (skipped)\n⊘ I call \"{userStorage}\" with \"CreateObject\" using arguments \"{ResourceName}\", \"test-write-object.txt\", and \"test content\" (skipped)\n⊘ \"{result}\" is an error (skipped)\n⊘ I attach \"{result}\" to the test output as \"read-create-object-error.txt\" (skipped)", + "status_id": 1, + "time": 1772107810, + "time_dt": "2026-02-26T12:10:10Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.ObjStor.CN01.AR04" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772107865, + "created_time_dt": "2026-02-26T12:11:05Z", + "desc": "Compliance test scenario: Service allows writing object with write access", + "title": "Service allows writing object with write access", + "types": [], + "uid": "ccc-test-1377-1772107865" + }, + "message": "Service allows writing object with write access", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@object-storage", + "@CCC.ObjStor", + "@tlp-clear", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@CCC.ObjStor.CN01.AR04" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "logs-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "logs-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "logs-flowing-porpoise" + } + ], + "severity": "Medium", + "severity_id": 3, + "status": "New", + "status_code": "FAIL", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ \"{result}\" is not an error\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ \"{result}\" is not an error\nβœ“ I call \"{iamService}\" with \"ProvisionUserWithAccess\" using arguments \"test-user-write\", \"{UID}\", and \"write\"\nβœ“ I refer to \"{result}\" as \"testUserWrite\"\nβœ“ I attach \"{result}\" to the test output as \"write-user-identity.json\"\nβœ“ I call \"{api}\" with \"GetServiceAPIWithIdentity\" using arguments \"object-storage\", \"{testUserWrite}\", and \"{true}\"\nβœ— \"{result}\" is not an error - Error: expected {result} to not be an error, but got: user provisioning validation failed: user permissions validation timed out after 12 attempts: credentials not ready for S3 access: operation error S3: ListBuckets, https response error StatusCode: 403, RequestID: PD0D3DYMAQXKMQBR, HostID: bss3HB1/WAaLEpLoivvNFxBjWGWAQVI+iSfOUwbDFAPL0xjnCHpQdexZNpSUl1obtI0ucEWzlV7HjpDKjHQlHwkqKG5v8Qzz, api error AccessDenied: User: arn:aws:iam::211203495394:user/test-user-write is not authorized to perform: s3:ListAllMyBuckets because no identity-based policy allows the s3:ListAllMyBuckets action\n⊘ I attach \"{result}\" to the test output as \"write-storage-service.json\" (skipped)\n⊘ I refer to \"{result}\" as \"userStorage\" (skipped)\n⊘ I call \"{userStorage}\" with \"CreateObject\" using arguments \"{ResourceName}\", \"test-write-object.txt\", and \"test content\" (skipped)\n⊘ \"{result}\" is not an error (skipped)\n⊘ I attach \"{result}\" to the test output as \"write-create-object-result.json\" (skipped)\n⊘ I call \"{storage}\" with \"DeleteObject\" using arguments \"{ResourceName}\" and \"test-write-object.txt\" (skipped)", + "status_id": 1, + "time": 1772107865, + "time_dt": "2026-02-26T12:11:05Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.ObjStor.CN01.AR04" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772107920, + "created_time_dt": "2026-02-26T12:12:00Z", + "desc": "Compliance test scenario: Service enforces uniform bucket-level access by rejecting object-level permissions", + "title": "Service enforces uniform bucket-level access by rejecting object-level permissions", + "types": [], + "uid": "ccc-test-1426-1772107920" + }, + "message": "Service enforces uniform bucket-level access by rejecting object-level permissions", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@object-storage", + "@CCC.ObjStor", + "@tlp-amber", + "@tlp-red", + "@CCC.ObjStor.CN02.AR01" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "logs-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "logs-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "logs-flowing-porpoise" + } + ], + "severity": "Medium", + "severity_id": 3, + "status": "New", + "status_code": "FAIL", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ I call \"{storage}\" with \"CreateObject\" using arguments \"{ResourceName}\", \"test-object.txt\", and \"test data\"\nβœ“ \"{result}\" is not an error\nβœ“ I call \"{iamService}\" with \"ProvisionUserWithAccess\" using arguments \"test-user-read\", \"{UID}\", and \"read\"\nβœ“ I refer to \"{result}\" as \"testUserRead\"\nβœ“ I attach \"{result}\" to the test output as \"read-user-identity.json\"\nβœ“ I call \"{api}\" with \"GetServiceAPIWithIdentity\" using arguments \"object-storage\", \"{testUserRead}\", and \"{true}\"\nβœ— \"{result}\" is not an error - Error: expected {result} to not be an error, but got: user provisioning validation failed: user permissions validation timed out after 12 attempts: credentials not ready for S3 access: operation error S3: ListBuckets, https response error StatusCode: 403, RequestID: DG8K5ASCVK2KED37, HostID: Tg+M0/YctRRUaW6r3SHXNYD5svWK2LZ+fZ/tbGL+NNdKxXnRwV/NAIxIGs07YXWA0xeRXmdeyUw=, api error AccessDenied: User: arn:aws:iam::211203495394:user/test-user-read is not authorized to perform: s3:ListAllMyBuckets because no identity-based policy allows the s3:ListAllMyBuckets action\n⊘ I refer to \"{result}\" as \"userStorage\" (skipped)\n⊘ I call \"{userStorage}\" with \"ReadObject\" using arguments \"{ResourceName}\" and \"test-object.txt\" (skipped)\n⊘ \"{result}\" is not an error (skipped)\n⊘ I call \"{storage}\" with \"SetObjectPermission\" using arguments \"{ResourceName}\", \"test-object.txt\", and \"none\" (skipped)\n⊘ \"{result}\" is an error (skipped)\n⊘ I attach \"{result}\" to the test output as \"set-object-permission-error.txt\" (skipped)\n⊘ I call \"{userStorage}\" with \"ReadObject\" using arguments \"{ResourceName}\" and \"test-object.txt\" (skipped)\n⊘ \"{result}\" is not an error (skipped)", + "status_id": 1, + "time": 1772107920, + "time_dt": "2026-02-26T12:12:00Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.ObjStor.CN02.AR01 - Uniform Bucket-Level Access (Consistent Allow)" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772107976, + "created_time_dt": "2026-02-26T12:12:56Z", + "desc": "Compliance test scenario: Service enforces uniform bucket-level access denial", + "title": "Service enforces uniform bucket-level access denial", + "types": [], + "uid": "ccc-test-1475-1772107976" + }, + "message": "Service enforces uniform bucket-level access denial", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@object-storage", + "@CCC.ObjStor", + "@tlp-amber", + "@tlp-red", + "@CCC.ObjStor.CN02.AR02" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "logs-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "logs-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "logs-flowing-porpoise" + } + ], + "severity": "Informational", + "severity_id": 1, + "status": "New", + "status_code": "PASS", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ I call \"{storage}\" with \"CreateObject\" using arguments \"{ResourceName}\", \"test-object.txt\", and \"test data\"\nβœ“ \"{result}\" is not an error\nβœ“ I call \"{iamService}\" with \"ProvisionUserWithAccess\" using arguments \"test-user-no-access\", \"{UID}\", and \"none\"\nβœ“ I refer to \"{result}\" as \"testUserNoAccess\"\nβœ“ I attach \"{result}\" to the test output as \"no-access-user-identity.json\"\nβœ“ I call \"{api}\" with \"GetServiceAPIWithIdentity\" using arguments \"object-storage\", \"{testUserNoAccess}\", and \"{false}\"\nβœ“ \"{result}\" is not an error\nβœ“ I refer to \"{result}\" as \"userStorage\"\nβœ“ I call \"{userStorage}\" with \"ReadObject\" using arguments \"{ResourceName}\" and \"test-object.txt\"\nβœ“ \"{result}\" is an error\nβœ“ I call \"{storage}\" with \"SetObjectPermission\" using arguments \"{ResourceName}\", \"test-object.txt\", and \"read\"\nβœ“ \"{result}\" is an error\nβœ“ I attach \"{result}\" to the test output as \"set-object-permission-error.txt\"\nβœ“ I call \"{userStorage}\" with \"ReadObject\" using arguments \"{ResourceName}\" and \"test-object.txt\"\nβœ“ \"{result}\" is an error", + "status_id": 1, + "time": 1772107976, + "time_dt": "2026-02-26T12:12:56Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.ObjStor.CN02.AR02 - Uniform Bucket-Level Access (Consistent Deny)" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772107976, + "created_time_dt": "2026-02-26T12:12:56Z", + "desc": "Compliance test scenario: Service supports bucket soft delete and recovery", + "title": "Service supports bucket soft delete and recovery", + "types": [], + "uid": "ccc-test-1524-1772107976" + }, + "message": "Service supports bucket soft delete and recovery", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@object-storage", + "@CCC.ObjStor", + "@tlp-amber", + "@tlp-red", + "@CCC.ObjStor.CN03.AR01" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "logs-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "logs-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "logs-flowing-porpoise" + } + ], + "severity": "Medium", + "severity_id": 3, + "status": "New", + "status_code": "FAIL", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{storage}\" with \"CreateBucket\" using argument \"ccc-test-soft-delete\"\nβœ“ \"{result}\" is not an error\nβœ“ I refer to \"{result}\" as \"testBucket\"\nβœ“ I attach \"{result}\" to the test output as \"created-bucket.json\"\nβœ“ I call \"{storage}\" with \"DeleteBucket\" using argument \"ccc-test-soft-delete\"\nβœ“ \"{result}\" is not an error\nβœ“ I call \"{storage}\" with \"ListDeletedBuckets\"\nβœ— \"{result}\" is not an error - Error: expected {result} to not be an error, but got: AWS S3 does not support bucket-level soft delete - bucket deletion is immediate and permanent\n⊘ I attach \"{result}\" to the test output as \"deleted-buckets.json\" (skipped)\n? \"{result}\" should have length greater than \"0\" (undefined)\n⊘ I call \"{storage}\" with \"RestoreBucket\" using argument \"ccc-test-soft-delete\" (skipped)\n⊘ \"{result}\" is not an error (skipped)\n⊘ I call \"{storage}\" with \"ListBuckets\" (skipped)\n⊘ \"{result}\" is not an error (skipped)\n⊘ I attach \"{result}\" to the test output as \"restored-buckets.json\" (skipped)\n⊘ I call \"{storage}\" with \"DeleteBucket\" using argument \"ccc-test-soft-delete\" (skipped)\n⊘ \"{result}\" is not an error (skipped)", + "status_id": 1, + "time": 1772107976, + "time_dt": "2026-02-26T12:12:56Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.ObjStor.CN03.AR01 - Bucket Soft Delete and Recovery" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772107977, + "created_time_dt": "2026-02-26T12:12:57Z", + "desc": "Compliance test scenario: Service prevents modification of locked retention policy", + "title": "Service prevents modification of locked retention policy", + "types": [], + "uid": "ccc-test-1561-1772107977" + }, + "message": "Service prevents modification of locked retention policy", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@object-storage", + "@CCC.ObjStor", + "@tlp-amber", + "@tlp-red", + "@CCC.ObjStor.CN03.AR02" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "logs-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "logs-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "logs-flowing-porpoise" + } + ], + "severity": "Medium", + "severity_id": 3, + "status": "New", + "status_code": "FAIL", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{storage}\" with \"GetBucketRetentionDurationDays\" using argument \"{ResourceName}\"\nβœ“ \"{result}\" is not an error\nβœ“ I refer to \"{result}\" as \"originalRetention\"\nβœ“ I attach \"{result}\" to the test output as \"original-retention-days.txt\"\nβœ— \"{result}\" should be greater than \"0\" - Error: expected {result} (0) to be greater than 0\n⊘ I call \"{storage}\" with \"SetBucketRetentionDurationDays\" using arguments \"{ResourceName}\" and \"1\" (skipped)\n⊘ \"{result}\" is an error (skipped)\n⊘ I attach \"{result}\" to the test output as \"set-retention-error.txt\" (skipped)\n⊘ I call \"{storage}\" with \"GetBucketRetentionDurationDays\" using argument \"{ResourceName}\" (skipped)\n⊘ \"{result}\" is not an error (skipped)\n? \"{result}\" should equal \"{originalRetention}\" (undefined)", + "status_id": 1, + "time": 1772107977, + "time_dt": "2026-02-26T12:12:57Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.ObjStor.CN03.AR02 - Immutable Bucket Retention Policy" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772107977, + "created_time_dt": "2026-02-26T12:12:57Z", + "desc": "Compliance test scenario: Service applies default retention policy to newly uploaded object", + "title": "Service applies default retention policy to newly uploaded object", + "types": [], + "uid": "ccc-test-1617-1772107977" + }, + "message": "Service applies default retention policy to newly uploaded object", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@object-storage", + "@CCC.ObjStor", + "@tlp-clear", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@CCC.ObjStor.CN04.AR01" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "logs-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "logs-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "logs-flowing-porpoise" + } + ], + "severity": "Medium", + "severity_id": 3, + "status": "New", + "status_code": "FAIL", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ I call \"{iamService}\" with \"ProvisionUserWithAccess\" using arguments \"test-user-write\", \"{UID}\", and \"write\"\nβœ“ I refer to \"{result}\" as \"testUserWrite\"\nβœ“ I attach \"{result}\" to the test output as \"write-user-identity.json\"\nβœ“ I call \"{api}\" with \"GetServiceAPIWithIdentity\" using arguments \"object-storage\", \"{testUserWrite}\", and \"{true}\"\nβœ— \"{result}\" is not an error - Error: expected {result} to not be an error, but got: user provisioning validation failed: user permissions validation timed out after 12 attempts: credentials not ready for S3 access: operation error S3: ListBuckets, https response error StatusCode: 403, RequestID: 2KD79FTZR64QHHFF, HostID: er6nl9HPZVqsmD8Bwg84z5OnVoCvraCG3IZsZ/o/4kEkMSDJQHpevaT/z4bIkOO9rWzRNYLx4iyjJGdhDLbqYljQGlDJItJQ, api error AccessDenied: User: arn:aws:iam::211203495394:user/test-user-write is not authorized to perform: s3:ListAllMyBuckets because no identity-based policy allows the s3:ListAllMyBuckets action\n⊘ I refer to \"{result}\" as \"userStorage\" (skipped)\n⊘ I call \"{userStorage}\" with \"CreateObject\" using arguments \"{ResourceName}\", \"test-retention-object.txt\", and \"protected data\" (skipped)\n⊘ I attach \"{result}\" to the test output as \"uploaded-object.json\" (skipped)\n⊘ I call \"{userStorage}\" with \"GetObjectRetentionDurationDays\" using arguments \"{ResourceName}\" and \"test-retention-object.txt\" (skipped)\n⊘ \"{result}\" should be greater than \"1\" (skipped)\n⊘ I call \"{storage}\" with \"DeleteObject\" using arguments \"{ResourceName}\" and \"test-retention-object.txt\" (skipped)", + "status_id": 1, + "time": 1772107977, + "time_dt": "2026-02-26T12:12:57Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.ObjStor.CN04.AR01" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772108032, + "created_time_dt": "2026-02-26T12:13:52Z", + "desc": "Compliance test scenario: Service enforces retention policy on newly created objects", + "title": "Service enforces retention policy on newly created objects", + "types": [], + "uid": "ccc-test-1629-1772108032" + }, + "message": "Service enforces retention policy on newly created objects", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@object-storage", + "@CCC.ObjStor", + "@tlp-clear", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@CCC.ObjStor.CN04.AR01" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "logs-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "logs-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "logs-flowing-porpoise" + } + ], + "severity": "Medium", + "severity_id": 3, + "status": "New", + "status_code": "FAIL", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ I call \"{storage}\" with \"CreateObject\" using arguments \"{ResourceName}\", \"immediate-delete-test.txt\", and \"test content\"\nβœ“ \"{result}\" is not an error\nβœ“ I call \"{storage}\" with \"DeleteObject\" using arguments \"{ResourceName}\" and \"immediate-delete-test.txt\"\nβœ— \"{result}\" is an error - Error: expected {result} to be an error, got \u003cnil\u003e\n⊘ I attach \"{result}\" to the test output as \"immediate-delete-error.txt\" (skipped)\n? \"{result}\" should contain \"retention\" (undefined)", + "status_id": 1, + "time": 1772108032, + "time_dt": "2026-02-26T12:13:52Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.ObjStor.CN04.AR01" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772108033, + "created_time_dt": "2026-02-26T12:13:53Z", + "desc": "Compliance test scenario: Service validates retention period meets minimum requirements", + "title": "Service validates retention period meets minimum requirements", + "types": [], + "uid": "ccc-test-1640-1772108033" + }, + "message": "Service validates retention period meets minimum requirements", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@object-storage", + "@CCC.ObjStor", + "@tlp-clear", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@CCC.ObjStor.CN04.AR01" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "logs-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "logs-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "logs-flowing-porpoise" + } + ], + "severity": "Medium", + "severity_id": 3, + "status": "New", + "status_code": "FAIL", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ I call \"{storage}\" with \"CreateObject\" using arguments \"{ResourceName}\", \"retention-period-test.txt\", and \"compliance data\"\nβœ“ I call \"{storage}\" with \"GetObjectRetentionDurationDays\" using arguments \"{ResourceName}\" and \"retention-period-test.txt\"\nβœ— \"{result}\" should be greater than \"1\" - Error: expected {result} (0) to be greater than 1\n⊘ I attach \"{result}\" to the test output as \"retention-period-days.json\" (skipped)\n⊘ I call \"{storage}\" with \"DeleteObject\" using arguments \"{ResourceName}\" and \"retention-period-test.txt\" (skipped)", + "status_id": 1, + "time": 1772108033, + "time_dt": "2026-02-26T12:13:53Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.ObjStor.CN04.AR01" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772108033, + "created_time_dt": "2026-02-26T12:13:53Z", + "desc": "Compliance test scenario: Service prevents object deletion by write user during retention period", + "title": "Service prevents object deletion by write user during retention period", + "types": [], + "uid": "ccc-test-1722-1772108033" + }, + "message": "Service prevents object deletion by write user during retention period", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@object-storage", + "@CCC.ObjStor", + "@tlp-clear", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@CCC.ObjStor.CN04.AR02" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "logs-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "logs-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "logs-flowing-porpoise" + } + ], + "severity": "Medium", + "severity_id": 3, + "status": "New", + "status_code": "FAIL", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ I call \"{iamService}\" with \"ProvisionUserWithAccess\" using arguments \"test-user-write\", \"{UID}\", and \"write\"\nβœ“ I refer to \"{result}\" as \"testUserWrite\"\nβœ“ I attach \"{result}\" to the test output as \"write-user-identity.json\"\nβœ“ I call \"{api}\" with \"GetServiceAPIWithIdentity\" using arguments \"object-storage\", \"{testUserWrite}\", and \"{true}\"\nβœ— \"{result}\" is not an error - Error: expected {result} to not be an error, but got: user provisioning validation failed: user permissions validation timed out after 12 attempts: credentials not ready for S3 access: operation error S3: ListBuckets, https response error StatusCode: 403, RequestID: 2BJ8QEHW2DYR9YRJ, HostID: BVqua5vhu/dFwnv1/RqW8u5vbPhLGG1d/4vyGyk+BZ86/nL23aJ/6M7tLQKt+2lGZT8e63zq7U8=, api error AccessDenied: User: arn:aws:iam::211203495394:user/test-user-write is not authorized to perform: s3:ListAllMyBuckets because no identity-based policy allows the s3:ListAllMyBuckets action\n⊘ I refer to \"{result}\" as \"userStorage\" (skipped)\n⊘ I call \"{userStorage}\" with \"CreateObject\" using arguments \"{ResourceName}\", \"protected-object.txt\", and \"immutable data\" (skipped)\n⊘ \"{result}\" is not an error (skipped)\n⊘ I attach \"{result}\" to the test output as \"protected-object.json\" (skipped)\n⊘ I call \"{userStorage}\" with \"DeleteObject\" using arguments \"{ResourceName}\" and \"protected-object.txt\" (skipped)\n⊘ \"{result}\" is an error (skipped)\n⊘ I attach \"{result}\" to the test output as \"delete-protected-error.txt\" (skipped)\n? \"{result}\" should contain one of \"retention, locked, immutable, protected\" (undefined)", + "status_id": 1, + "time": 1772108033, + "time_dt": "2026-02-26T12:13:53Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.ObjStor.CN04.AR02" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772108088, + "created_time_dt": "2026-02-26T12:14:48Z", + "desc": "Compliance test scenario: Service prevents object deletion by admin user during retention period", + "title": "Service prevents object deletion by admin user during retention period", + "types": [], + "uid": "ccc-test-1734-1772108088" + }, + "message": "Service prevents object deletion by admin user during retention period", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@object-storage", + "@CCC.ObjStor", + "@tlp-clear", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@CCC.ObjStor.CN04.AR02" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "logs-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "logs-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "logs-flowing-porpoise" + } + ], + "severity": "Medium", + "severity_id": 3, + "status": "New", + "status_code": "FAIL", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ I call \"{storage}\" with \"CreateObject\" using arguments \"{ResourceName}\", \"admin-protected-object.txt\", and \"compliance data\"\nβœ“ \"{result}\" is not an error\nβœ“ I call \"{storage}\" with \"DeleteObject\" using arguments \"{ResourceName}\" and \"admin-protected-object.txt\"\nβœ— \"{result}\" is an error - Error: expected {result} to be an error, got \u003cnil\u003e\n⊘ I attach \"{result}\" to the test output as \"admin-delete-protected-error.txt\" (skipped)\n? \"{result}\" should contain \"retention\" (undefined)", + "status_id": 1, + "time": 1772108088, + "time_dt": "2026-02-26T12:14:48Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.ObjStor.CN04.AR02" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772108089, + "created_time_dt": "2026-02-26T12:14:49Z", + "desc": "Compliance test scenario: Service prevents object modification during retention period", + "title": "Service prevents object modification during retention period", + "types": [], + "uid": "ccc-test-1752-1772108089" + }, + "message": "Service prevents object modification during retention period", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@object-storage", + "@CCC.ObjStor", + "@tlp-clear", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@CCC.ObjStor.CN04.AR02" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "logs-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "logs-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "logs-flowing-porpoise" + } + ], + "severity": "Medium", + "severity_id": 3, + "status": "New", + "status_code": "FAIL", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ I call \"{iamService}\" with \"ProvisionUserWithAccess\" using arguments \"test-user-write\", \"{UID}\", and \"write\"\nβœ“ I refer to \"{result}\" as \"testUserWrite\"\nβœ“ I call \"{api}\" with \"GetServiceAPIWithIdentity\" using arguments \"object-storage\", \"{testUserWrite}\", and \"{true}\"\nβœ— \"{result}\" is not an error - Error: expected {result} to not be an error, but got: user provisioning validation failed: user permissions validation timed out after 12 attempts: credentials not ready for S3 access: operation error S3: ListBuckets, https response error StatusCode: 403, RequestID: QWHQQ4X76QCWXKEP, HostID: Q8ei3pWTFWazrK1ruunRhHOu6s2eVPtOOwVwp83c6A4XEDqdYKM2EizjHKPx3BMxpp+EJDdJb+s=, api error AccessDenied: User: arn:aws:iam::211203495394:user/test-user-write is not authorized to perform: s3:ListAllMyBuckets because no identity-based policy allows the s3:ListAllMyBuckets action\n⊘ I refer to \"{result}\" as \"userStorage\" (skipped)\n⊘ I call \"{userStorage}\" with \"CreateObject\" using arguments \"{ResourceName}\", \"modify-test-object.txt\", and \"original content\" (skipped)\n⊘ \"{result}\" is not an error (skipped)\n⊘ I attach \"{result}\" to the test output as \"original-object.json\" (skipped)\n⊘ I call \"{userStorage}\" with \"CreateObject\" using arguments \"{ResourceName}\", \"modify-test-object.txt\", and \"modified content\" (skipped)\n⊘ \"{result}\" is an error (skipped)\n⊘ I attach \"{result}\" to the test output as \"modify-protected-error.txt\" (skipped)\n? \"{result}\" should contain one of \"retention, locked, immutable, protected, exists\" (undefined)", + "status_id": 1, + "time": 1772108089, + "time_dt": "2026-02-26T12:14:49Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.ObjStor.CN04.AR02" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772108144, + "created_time_dt": "2026-02-26T12:15:44Z", + "desc": "Compliance test scenario: Service allows object read access during retention period", + "title": "Service allows object read access during retention period", + "types": [], + "uid": "ccc-test-1772-1772108144" + }, + "message": "Service allows object read access during retention period", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@object-storage", + "@CCC.ObjStor", + "@tlp-clear", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@CCC.ObjStor.CN04.AR02" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "logs-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "logs-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "logs-flowing-porpoise" + } + ], + "severity": "Medium", + "severity_id": 3, + "status": "New", + "status_code": "FAIL", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ I call \"{storage}\" with \"CreateObject\" using arguments \"{ResourceName}\", \"readable-protected-object.txt\", and \"readable data\"\nβœ“ \"{result}\" is not an error\nβœ“ I call \"{iamService}\" with \"ProvisionUserWithAccess\" using arguments \"test-user-read\", \"{UID}\", and \"read\"\nβœ“ I refer to \"{result}\" as \"testUserRead\"\nβœ“ I attach \"{result}\" to the test output as \"read-user-identity.json\"\nβœ“ I call \"{api}\" with \"GetServiceAPIWithIdentity\" using arguments \"object-storage\", \"{testUserRead}\", and \"{true}\"\nβœ— \"{result}\" is not an error - Error: expected {result} to not be an error, but got: user provisioning validation failed: user permissions validation timed out after 12 attempts: credentials not ready for S3 access: operation error S3: ListBuckets, https response error StatusCode: 403, RequestID: 56WY7QWBP08X2NT5, HostID: s11xG3k7xOrJiFwq/Cy4nTINoV3egqz7YVFdAj00sT70eaImGYlkKiO5g9zWtkWYs5nNIg2iVB86cTkOKVwIVBGcXJVdCQXW, api error AccessDenied: User: arn:aws:iam::211203495394:user/test-user-read is not authorized to perform: s3:ListAllMyBuckets because no identity-based policy allows the s3:ListAllMyBuckets action\n⊘ I refer to \"{result}\" as \"userStorage\" (skipped)\n⊘ I call \"{userStorage}\" with \"ReadObject\" using arguments \"{ResourceName}\" and \"readable-protected-object.txt\" (skipped)\n⊘ \"{result}\" is not an error (skipped)\n⊘ I refer to \"{result}\" as \"readResult\" (skipped)\n⊘ I attach \"{result}\" to the test output as \"read-protected-object.json\" (skipped)\n⊘ \"{readResult.Name}\" is \"readable-protected-object.txt\" (skipped)\n⊘ I call \"{storage}\" with \"DeleteObject\" using arguments \"{ResourceName}\" and \"readable-protected-object.txt\" (skipped)", + "status_id": 1, + "time": 1772108144, + "time_dt": "2026-02-26T12:15:44Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.ObjStor.CN04.AR02" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772108200, + "created_time_dt": "2026-02-26T12:16:40Z", + "desc": "Compliance test scenario: Objects are stored with unique version identifiers", + "title": "Objects are stored with unique version identifiers", + "types": [], + "uid": "ccc-test-1790-1772108200" + }, + "message": "Objects are stored with unique version identifiers", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@object-storage", + "@CCC.ObjStor", + "@CCC.ObjStor.CN05", + "@tlp-clear", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@Policy" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "logs-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "logs-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "logs-flowing-porpoise" + } + ], + "severity": "Medium", + "severity_id": 3, + "status": "New", + "status_code": "FAIL", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ— I attempt policy check \"object-storage-versioning\" for control \"CCC.ObjStor.CN05\" assessment requirement \"AR01\" for service \"{ServiceType}\" on resource \"{ResourceName}\" and provider \"{Provider}\" - Error: policy check failed: S3 Bucket Versioning Configuration: \n⊘ \"{result}\" is true (skipped)", + "status_id": 1, + "time": 1772108200, + "time_dt": "2026-02-26T12:16:40Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.ObjStor.CN05.AR01 - Versioning with Unique Identifiers" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772108201, + "created_time_dt": "2026-02-26T12:16:41Z", + "desc": "Compliance test scenario: Modified objects receive new version identifiers", + "title": "Modified objects receive new version identifiers", + "types": [], + "uid": "ccc-test-1806-1772108201" + }, + "message": "Modified objects receive new version identifiers", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@object-storage", + "@CCC.ObjStor", + "@CCC.ObjStor.CN05", + "@tlp-clear", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@Policy" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "logs-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "logs-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "logs-flowing-porpoise" + } + ], + "severity": "Informational", + "severity_id": 1, + "status": "New", + "status_code": "PASS", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ no-op required", + "status_id": 1, + "time": 1772108201, + "time_dt": "2026-02-26T12:16:41Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.ObjStor.CN05.AR02 - New Version ID on Modification" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772108201, + "created_time_dt": "2026-02-26T12:16:41Z", + "desc": "Compliance test scenario: Previous object versions can be recovered", + "title": "Previous object versions can be recovered", + "types": [], + "uid": "ccc-test-1822-1772108201" + }, + "message": "Previous object versions can be recovered", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@object-storage", + "@CCC.ObjStor", + "@CCC.ObjStor.CN05", + "@tlp-clear", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@Policy" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "logs-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "logs-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "logs-flowing-porpoise" + } + ], + "severity": "Informational", + "severity_id": 1, + "status": "New", + "status_code": "PASS", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ no-op required", + "status_id": 1, + "time": 1772108201, + "time_dt": "2026-02-26T12:16:41Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.ObjStor.CN05.AR03 - Recovery of Previous Versions" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772108201, + "created_time_dt": "2026-02-26T12:16:41Z", + "desc": "Compliance test scenario: Object versions are retained after deletion", + "title": "Object versions are retained after deletion", + "types": [], + "uid": "ccc-test-1838-1772108201" + }, + "message": "Object versions are retained after deletion", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@object-storage", + "@CCC.ObjStor", + "@CCC.ObjStor.CN05", + "@tlp-clear", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@Policy" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "logs-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "logs-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "logs-flowing-porpoise" + } + ], + "severity": "Informational", + "severity_id": 1, + "status": "New", + "status_code": "PASS", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ no-op required", + "status_id": 1, + "time": 1772108201, + "time_dt": "2026-02-26T12:16:41Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.ObjStor.CN05.AR04 - Retain Versions on Delete" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772108201, + "created_time_dt": "2026-02-26T12:16:41Z", + "desc": "Compliance test scenario: Access logs are stored in a separate data store", + "title": "Access logs are stored in a separate data store", + "types": [], + "uid": "ccc-test-1854-1772108201" + }, + "message": "Access logs are stored in a separate data store", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@object-storage", + "@CCC.ObjStor", + "@CCC.ObjStor.CN06", + "@tlp-amber", + "@tlp-red", + "@Policy" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "logs-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "logs-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "logs-flowing-porpoise" + } + ], + "severity": "Medium", + "severity_id": 3, + "status": "New", + "status_code": "FAIL", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ— I attempt policy check \"object-storage-access-logging\" for control \"CCC.ObjStor.CN06\" assessment requirement \"AR01\" for service \"{ServiceType}\" on resource \"{ResourceName}\" and provider \"{Provider}\" - Error: policy check file not found: /home/runner/work/ccc-cfi-compliance/ccc-cfi-compliance/testing/policy/CCC.ObjStor/CCC.ObjStor.CN06/AR01/object-storage-access-logging/aws.yaml\n⊘ \"{result}\" is true (skipped)", + "status_id": 1, + "time": 1772108201, + "time_dt": "2026-02-26T12:16:41Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.ObjStor.CN06.AR01 - Access Logs in Separate Data Store" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772108790, + "created_time_dt": "2026-02-26T12:26:30Z", + "desc": "Compliance test scenario: Service accepts TLS 1.3 encrypted traffic", + "title": "Service accepts TLS 1.3 encrypted traffic", + "types": [], + "uid": "ccc-test-92-1772108790" + }, + "message": "Service accepts TLS 1.3 encrypted traffic", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@CCC.Core", + "@object-storage", + "@vpc", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@CCC.Core.CN01", + "@tls", + "@Behavioural", + "@PerPort" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": "https service on s3-bucket-flowing-porpoise.s3.us-east-1.amazonaws.com:443", + "metadata": { + "findings": [], + "name": "s3-bucket-flowing-porpoise.s3.us-east-1.amazonaws.com", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "s3-bucket-flowing-porpoise.s3.us-east-1.amazonaws.com", + "region": "us-east-1", + "type": "object-storage", + "uid": "s3-bucket-flowing-porpoise" + } + ], + "severity": "Informational", + "severity_id": 1, + "status": "New", + "status_code": "PASS", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ an openssl s_client request using \"tls1_3\" to \"{portNumber}\" on \"{hostName}\" protocol \"{protocol}\"\nβœ“ I refer to \"{result}\" as \"connection\"\nβœ“ \"{connection}\" state is open\nβœ“ \"{connection.State}\" is \"open\"\nβœ“ I close connection \"{connection}\"\nβœ“ \"{connection}\" state is closed", + "status_id": 1, + "time": 1772108790, + "time_dt": "2026-02-26T12:26:30Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN01.AR01" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772108790, + "created_time_dt": "2026-02-26T12:26:30Z", + "desc": "Compliance test scenario: Service rejects TLS 1.2 traffic", + "title": "Service rejects TLS 1.2 traffic", + "types": [], + "uid": "ccc-test-98-1772108790" + }, + "message": "Service rejects TLS 1.2 traffic", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@CCC.Core", + "@object-storage", + "@vpc", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@CCC.Core.CN01", + "@tls", + "@Behavioural", + "@PerPort" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": "https service on s3-bucket-flowing-porpoise.s3.us-east-1.amazonaws.com:443", + "metadata": { + "findings": [], + "name": "s3-bucket-flowing-porpoise.s3.us-east-1.amazonaws.com", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "s3-bucket-flowing-porpoise.s3.us-east-1.amazonaws.com", + "region": "us-east-1", + "type": "object-storage", + "uid": "s3-bucket-flowing-porpoise" + } + ], + "severity": "Informational", + "severity_id": 1, + "status": "New", + "status_code": "PASS", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ an openssl s_client request using \"tls1_2\" to \"{portNumber}\" on \"{hostName}\" protocol \"{protocol}\"\nβœ“ I refer to \"{result}\" as \"connection\"\nβœ“ we wait for a period of \"40\" ms\nβœ“ \"{connection.State}\" is \"closed\"", + "status_id": 1, + "time": 1772108790, + "time_dt": "2026-02-26T12:26:30Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN01.AR01" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772108790, + "created_time_dt": "2026-02-26T12:26:30Z", + "desc": "Compliance test scenario: Service rejects TLS 1.1 traffic", + "title": "Service rejects TLS 1.1 traffic", + "types": [], + "uid": "ccc-test-104-1772108790" + }, + "message": "Service rejects TLS 1.1 traffic", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@CCC.Core", + "@object-storage", + "@vpc", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@CCC.Core.CN01", + "@tls", + "@Behavioural", + "@PerPort" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": "https service on s3-bucket-flowing-porpoise.s3.us-east-1.amazonaws.com:443", + "metadata": { + "findings": [], + "name": "s3-bucket-flowing-porpoise.s3.us-east-1.amazonaws.com", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "s3-bucket-flowing-porpoise.s3.us-east-1.amazonaws.com", + "region": "us-east-1", + "type": "object-storage", + "uid": "s3-bucket-flowing-porpoise" + } + ], + "severity": "Informational", + "severity_id": 1, + "status": "New", + "status_code": "PASS", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ an openssl s_client request using \"tls1_1\" to \"{portNumber}\" on \"{hostName}\" protocol \"{protocol}\"\nβœ“ I refer to \"{result}\" as \"connection\"\nβœ“ we wait for a period of \"40\" ms\nβœ“ \"{connection.State}\" is \"closed\"", + "status_id": 1, + "time": 1772108790, + "time_dt": "2026-02-26T12:26:30Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN01.AR01" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772108790, + "created_time_dt": "2026-02-26T12:26:30Z", + "desc": "Compliance test scenario: Service rejects TLS 1.0 traffic", + "title": "Service rejects TLS 1.0 traffic", + "types": [], + "uid": "ccc-test-110-1772108790" + }, + "message": "Service rejects TLS 1.0 traffic", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@CCC.Core", + "@object-storage", + "@vpc", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@CCC.Core.CN01", + "@tls", + "@Behavioural", + "@PerPort" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": "https service on s3-bucket-flowing-porpoise.s3.us-east-1.amazonaws.com:443", + "metadata": { + "findings": [], + "name": "s3-bucket-flowing-porpoise.s3.us-east-1.amazonaws.com", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "s3-bucket-flowing-porpoise.s3.us-east-1.amazonaws.com", + "region": "us-east-1", + "type": "object-storage", + "uid": "s3-bucket-flowing-porpoise" + } + ], + "severity": "Informational", + "severity_id": 1, + "status": "New", + "status_code": "PASS", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ an openssl s_client request using \"tls1\" to \"{portNumber}\" on \"{hostName}\" protocol \"{protocol}\"\nβœ“ I refer to \"{result}\" as \"connection\"\nβœ“ we wait for a period of \"40\" ms\nβœ“ \"{connection.State}\" is \"closed\"", + "status_id": 1, + "time": 1772108790, + "time_dt": "2026-02-26T12:26:30Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN01.AR01" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772108790, + "created_time_dt": "2026-02-26T12:26:30Z", + "desc": "Compliance test scenario: Verify SSL/TLS protocol support", + "title": "Verify SSL/TLS protocol support", + "types": [], + "uid": "ccc-test-115-1772108790" + }, + "message": "Verify SSL/TLS protocol support", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@CCC.Core", + "@object-storage", + "@vpc", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@CCC.Core.CN01", + "@tls", + "@Behavioural", + "@PerPort" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": "https service on s3-bucket-flowing-porpoise.s3.us-east-1.amazonaws.com:443", + "metadata": { + "findings": [], + "name": "s3-bucket-flowing-porpoise.s3.us-east-1.amazonaws.com", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "s3-bucket-flowing-porpoise.s3.us-east-1.amazonaws.com", + "region": "us-east-1", + "type": "object-storage", + "uid": "s3-bucket-flowing-porpoise" + } + ], + "severity": "Medium", + "severity_id": 3, + "status": "New", + "status_code": "FAIL", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ \"report\" contains details of SSL Support type \"protocols\" for \"{hostName}\" on port \"{portNumber}\"\nβœ— \"{report}\" is an array of objects which doesn't contain any of - Error: unwanted row found in array: map[finding:offered id:TLS1_2]\n⊘ \"{report}\" is an array of objects with at least the following contents (skipped)", + "status_id": 1, + "time": 1772108790, + "time_dt": "2026-02-26T12:26:30Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN01.AR01" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772108795, + "created_time_dt": "2026-02-26T12:26:35Z", + "desc": "Compliance test scenario: Verify no known SSL/TLS vulnerabilities", + "title": "Verify no known SSL/TLS vulnerabilities", + "types": [], + "uid": "ccc-test-119-1772108795" + }, + "message": "Verify no known SSL/TLS vulnerabilities", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@CCC.Core", + "@object-storage", + "@vpc", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@CCC.Core.CN01", + "@tls", + "@Behavioural", + "@PerPort" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": "https service on s3-bucket-flowing-porpoise.s3.us-east-1.amazonaws.com:443", + "metadata": { + "findings": [], + "name": "s3-bucket-flowing-porpoise.s3.us-east-1.amazonaws.com", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "s3-bucket-flowing-porpoise.s3.us-east-1.amazonaws.com", + "region": "us-east-1", + "type": "object-storage", + "uid": "s3-bucket-flowing-porpoise" + } + ], + "severity": "Informational", + "severity_id": 1, + "status": "New", + "status_code": "PASS", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ \"report\" contains details of SSL Support type \"vulnerable\" for \"{hostName}\" on port \"{portNumber}\"\nβœ“ \"{report}\" is an array of objects with at least the following contents", + "status_id": 1, + "time": 1772108795, + "time_dt": "2026-02-26T12:26:35Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN01.AR01" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772108823, + "created_time_dt": "2026-02-26T12:27:03Z", + "desc": "Compliance test scenario: Verify TLS 1.3 only certificate validity", + "title": "Verify TLS 1.3 only certificate validity", + "types": [], + "uid": "ccc-test-123-1772108823" + }, + "message": "Verify TLS 1.3 only certificate validity", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@CCC.Core", + "@object-storage", + "@vpc", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@CCC.Core.CN01", + "@tls", + "@Behavioural", + "@PerPort" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": "https service on s3-bucket-flowing-porpoise.s3.us-east-1.amazonaws.com:443", + "metadata": { + "findings": [], + "name": "s3-bucket-flowing-porpoise.s3.us-east-1.amazonaws.com", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "s3-bucket-flowing-porpoise.s3.us-east-1.amazonaws.com", + "region": "us-east-1", + "type": "object-storage", + "uid": "s3-bucket-flowing-porpoise" + } + ], + "severity": "Informational", + "severity_id": 1, + "status": "New", + "status_code": "PASS", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ \"report\" contains details of SSL Support type \"server-defaults\" for \"{hostName}\" on port \"{portNumber}\"\nβœ“ \"{report}\" is an array of objects with at least the following contents", + "status_id": 1, + "time": 1772108823, + "time_dt": "2026-02-26T12:27:03Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN01.AR01" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772108253, + "created_time_dt": "2026-02-26T12:17:33Z", + "desc": "Compliance test scenario: Storage account enforces minimum TLS version", + "title": "Storage account enforces minimum TLS version", + "types": [], + "uid": "ccc-test-127-1772108253" + }, + "message": "Storage account enforces minimum TLS version", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@CCC.Core", + "@object-storage", + "@vpc", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@CCC.Core.CN01", + "@tls", + "@Policy", + "@PerService", + "@object-storage" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "s3-bucket-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "s3-bucket-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "s3-bucket-flowing-porpoise" + } + ], + "severity": "Informational", + "severity_id": 1, + "status": "New", + "status_code": "PASS", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I attempt policy check \"object-storage-tls-policy\" for control \"CCC.Core.CN01\" assessment requirement \"AR01\" for service \"{ServiceType}\" on resource \"{ResourceName}\" and provider \"{Provider}\"\nβœ“ \"{result}\" is true", + "status_id": 1, + "time": 1772108253, + "time_dt": "2026-02-26T12:17:33Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN01.AR01" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772108253, + "created_time_dt": "2026-02-26T12:17:33Z", + "desc": "Compliance test scenario: Load balancer enforces minimum TLS version", + "title": "Load balancer enforces minimum TLS version", + "types": [], + "uid": "ccc-test-131-1772108253" + }, + "message": "Load balancer enforces minimum TLS version", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@CCC.Core", + "@object-storage", + "@vpc", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@CCC.Core.CN01", + "@tls", + "@Policy", + "@PerService", + "@CCC.LoadBalancer" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "s3-bucket-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "s3-bucket-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "s3-bucket-flowing-porpoise" + } + ], + "severity": "Medium", + "severity_id": 3, + "status": "New", + "status_code": "FAIL", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ— I attempt policy check \"load-balancer-tls-policy\" for control \"CCC.Core.CN01\" assessment requirement \"AR01\" for service \"{ServiceType}\" on resource \"{ResourceName}\" and provider \"{Provider}\" - Error: policy check failed: ALB TLS 1.3 Security Policy Check: query execution failed: exit status 254\nOutput: \nAn error occurred (ValidationError) when calling the DescribeListeners operation: 's3-bucket-flowing-porpoise' is not a valid load balancer ARN\n\n⊘ \"{result}\" is true (skipped)", + "status_id": 1, + "time": 1772108253, + "time_dt": "2026-02-26T12:17:33Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN01.AR01" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772108254, + "created_time_dt": "2026-02-26T12:17:34Z", + "desc": "Compliance test scenario: Object storage encryption compliance", + "title": "Object storage encryption compliance", + "types": [], + "uid": "ccc-test-386-1772108254" + }, + "message": "Object storage encryption compliance", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@CCC.Core", + "@CCC.Core.CN02", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@Policy", + "@object-storage" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "s3-bucket-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "s3-bucket-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "s3-bucket-flowing-porpoise" + } + ], + "severity": "Medium", + "severity_id": 3, + "status": "New", + "status_code": "FAIL", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ— I attempt policy check \"object-storage-encryption\" for control \"CCC.Core.CN02\" assessment requirement \"AR01\" for service \"{ServiceType}\" on resource \"{ResourceName}\" and provider \"{Provider}\" - Error: policy check failed: S3 Bucket Server-Side Encryption Check: \n⊘ \"{result}\" is true (skipped)", + "status_id": 1, + "time": 1772108254, + "time_dt": "2026-02-26T12:17:34Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN02.AR01 - Data Encryption at Rest" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772108255, + "created_time_dt": "2026-02-26T12:17:35Z", + "desc": "Compliance test scenario: Verify objects are encrypted at rest", + "title": "Verify objects are encrypted at rest", + "types": [], + "uid": "ccc-test-397-1772108255" + }, + "message": "Verify objects are encrypted at rest", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@CCC.Core", + "@CCC.Core.CN02", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@Behavioural", + "@object-storage" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "s3-bucket-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "s3-bucket-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "s3-bucket-flowing-porpoise" + } + ], + "severity": "Medium", + "severity_id": 3, + "status": "New", + "status_code": "FAIL", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{storage}\" with \"CreateObject\" using arguments \"{ResourceName}\", \"test-encryption-check.txt\", and \"encryption test data\"\nβœ— \"{result}\" is not an error - Error: expected {result} to not be an error, but got: failed to create object test-encryption-check.txt in bucket s3-bucket-flowing-porpoise: operation error S3: PutObject, https response error StatusCode: 403, RequestID: EK5W93X5SAWP8CB4, HostID: Py3LQXqA9mNkoJtLFgZRwYh5vTMQ9iPLJn+J+Y8ZTA5LFRJACSp0KN9tWBFB4pC+owAyEjyiOpw=, api error AccessDenied: User: arn:aws:sts::211203495394:assumed-role/TerraformRole/GitHubActions is not authorized to perform: s3:PutObject on resource: \"arn:aws:s3:::s3-bucket-flowing-porpoise/test-encryption-check.txt\" with an explicit deny in a resource-based policy\n⊘ I refer to \"{result}\" as \"uploadResult\" (skipped)\n⊘ \"{uploadResult.Encryption}\" is not null (skipped)\n⊘ \"{uploadResult.EncryptionAlgorithm}\" is \"AES256\" (skipped)\n⊘ I attach \"{uploadResult}\" to the test output as \"Upload Result with Encryption Details\" (skipped)\n⊘ I call \"{storage}\" with \"DeleteObject\" using arguments \"{ResourceName}\" and \"test-encryption-check.txt\" (skipped)", + "status_id": 1, + "time": 1772108255, + "time_dt": "2026-02-26T12:17:35Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN02.AR01 - Data Encryption at Rest" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772108255, + "created_time_dt": "2026-02-26T12:17:35Z", + "desc": "Compliance test scenario: Object storage delete protection compliance", + "title": "Object storage delete protection compliance", + "types": [], + "uid": "ccc-test-418-1772108255" + }, + "message": "Object storage delete protection compliance", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@CCC.Core", + "@CCC.Core.CN03", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@Policy", + "@object-storage" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "s3-bucket-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "s3-bucket-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "s3-bucket-flowing-porpoise" + } + ], + "severity": "Medium", + "severity_id": 3, + "status": "New", + "status_code": "FAIL", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ— I attempt policy check \"object-storage-delete-protection\" for control \"CCC.Core.CN03\" assessment requirement \"AR01\" for service \"{ServiceType}\" on resource \"{ResourceName}\" and provider \"{Provider}\" - Error: policy check failed: S3 Bucket MFA Delete Configuration: \n⊘ \"{result}\" is true (skipped)", + "status_id": 1, + "time": 1772108255, + "time_dt": "2026-02-26T12:17:35Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN03.AR01 - Multi-Factor Authentication for Destructive Operations" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772108256, + "created_time_dt": "2026-02-26T12:17:36Z", + "desc": "Compliance test scenario: MFA requirement for destructive operations cannot be tested automatically", + "title": "MFA requirement for destructive operations cannot be tested automatically", + "types": [], + "uid": "ccc-test-421-1772108256" + }, + "message": "MFA requirement for destructive operations cannot be tested automatically", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@CCC.Core", + "@CCC.Core.CN03", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@Behavioural", + "@object-storage" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "s3-bucket-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "s3-bucket-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "s3-bucket-flowing-porpoise" + } + ], + "severity": "Informational", + "severity_id": 1, + "status": "New", + "status_code": "PASS", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ no-op required", + "status_id": 1, + "time": 1772108256, + "time_dt": "2026-02-26T12:17:36Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN03.AR01 - Multi-Factor Authentication for Destructive Operations" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772108256, + "created_time_dt": "2026-02-26T12:17:36Z", + "desc": "Compliance test scenario: API modification requires credential and trust perimeter origin", + "title": "API modification requires credential and trust perimeter origin", + "types": [], + "uid": "ccc-test-437-1772108256" + }, + "message": "API modification requires credential and trust perimeter origin", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@CCC.Core", + "@CCC.Core.CN03", + "@tlp-clear", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@Policy", + "@object-storage" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "s3-bucket-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "s3-bucket-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "s3-bucket-flowing-porpoise" + } + ], + "severity": "Informational", + "severity_id": 1, + "status": "New", + "status_code": "PASS", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ no-op required", + "status_id": 1, + "time": 1772108256, + "time_dt": "2026-02-26T12:17:36Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN03.AR02 - API Authentication with Credentials" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772108256, + "created_time_dt": "2026-02-26T12:17:36Z", + "desc": "Compliance test scenario: UI viewing requires multi-factor authentication", + "title": "UI viewing requires multi-factor authentication", + "types": [], + "uid": "ccc-test-451-1772108256" + }, + "message": "UI viewing requires multi-factor authentication", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@CCC.Core", + "@CCC.Core.CN03", + "@tlp-amber", + "@tlp-red", + "@Policy", + "@object-storage" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "s3-bucket-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "s3-bucket-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "s3-bucket-flowing-porpoise" + } + ], + "severity": "Informational", + "severity_id": 1, + "status": "New", + "status_code": "PASS", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ no-op required", + "status_id": 1, + "time": 1772108256, + "time_dt": "2026-02-26T12:17:36Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN03.AR03 - MFA for UI Viewing" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772108256, + "created_time_dt": "2026-02-26T12:17:36Z", + "desc": "Compliance test scenario: API viewing requires credential and trust perimeter origin", + "title": "API viewing requires credential and trust perimeter origin", + "types": [], + "uid": "ccc-test-465-1772108256" + }, + "message": "API viewing requires credential and trust perimeter origin", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@CCC.Core", + "@CCC.Core.CN03", + "@tlp-amber", + "@tlp-red", + "@Policy", + "@object-storage" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "s3-bucket-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "s3-bucket-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "s3-bucket-flowing-porpoise" + } + ], + "severity": "Informational", + "severity_id": 1, + "status": "New", + "status_code": "PASS", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ no-op required", + "status_id": 1, + "time": 1772108256, + "time_dt": "2026-02-26T12:17:36Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN03.AR04 - API Authentication for Viewing" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772108256, + "created_time_dt": "2026-02-26T12:17:36Z", + "desc": "Compliance test scenario: Admin logging compliance", + "title": "Admin logging compliance", + "types": [], + "uid": "ccc-test-500-1772108256" + }, + "message": "Admin logging compliance", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@CCC.Core", + "@CCC.Core.CN04", + "@tlp-clear", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@Policy", + "@object-storage", + "@vpc" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "s3-bucket-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "s3-bucket-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "s3-bucket-flowing-porpoise" + } + ], + "severity": "Medium", + "severity_id": 3, + "status": "New", + "status_code": "FAIL", + "status_detail": "βœ— I attempt policy check \"admin-logging\" for control \"CCC.Core.CN04\" assessment requirement \"AR01\" for service \"{ServiceType}\" on resource \"{ResourceName}\" and provider \"{Provider}\" - Error: policy check failed: CloudTrail Management Events Configuration: unknown parameter(s) in policy query: [AWSCloudTrailName] (available: [HostName Protocol Labels ReportFile ReportTitle Props Region PortNumber AwsCloudTrailLogGroupName ResourceName Provider PermittedAccountIds ServiceType ProviderServiceType CatalogTypes TagFilter UID Instance PermittedRegions])\n⊘ \"{result}\" is true (skipped)", + "status_id": 1, + "time": 1772108256, + "time_dt": "2026-02-26T12:17:36Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN04.AR01 - Log Administrative Access Attempts" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772108256, + "created_time_dt": "2026-02-26T12:17:36Z", + "desc": "Compliance test scenario: Verify admin actions are logged with identity and timestamp", + "title": "Verify admin actions are logged with identity and timestamp", + "types": [], + "uid": "ccc-test-515-1772108256" + }, + "message": "Verify admin actions are logged with identity and timestamp", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@CCC.Core", + "@CCC.Core.CN04", + "@tlp-clear", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@Behavioural", + "@object-storage" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "s3-bucket-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "s3-bucket-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "s3-bucket-flowing-porpoise" + } + ], + "severity": "Medium", + "severity_id": 3, + "status": "New", + "status_code": "FAIL", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"{ServiceType}\"\nβœ“ I refer to \"{result}\" as \"theService\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"logging\"\nβœ“ I refer to \"{result}\" as \"loggingService\"\nβœ“ I call \"{theService}\" with \"UpdateResourcePolicy\"\nβœ— \"{result}\" is not an error - Error: expected {result} to not be an error, but got: failed to get bucket policy (bucket may not have a policy): operation error S3: GetBucketPolicy, https response error StatusCode: 301, RequestID: T1HT1EBR69NY4K0D, HostID: ahLxRQU+AT5VMyhXgTjZLJ0jZCcHi0PY30FVqTDB9dDFaX+AWt+fzOjzrOoHfV79uewaIap/pWw=, api error PermanentRedirect: The bucket you are attempting to access must be addressed using the specified endpoint. Please send all future requests to this endpoint.\n⊘ I attach \"{result}\" to the test output as \"Policy Update Result\" (skipped)\n⊘ we wait for a period of \"10000\" ms (skipped)\n⊘ I call \"{loggingService}\" with \"QueryAdminLogs\" using arguments \"{ResourceName}\" and \"{20}\" (skipped)\n⊘ \"{result}\" is not an error (skipped)\n⊘ I refer to \"{result}\" as \"adminLogs\" (skipped)\n⊘ I attach \"{adminLogs}\" to the test output as \"Admin Activity Logs\" (skipped)\n⊘ \"{adminLogs}\" is an array of objects with at least the following contents (skipped)", + "status_id": 1, + "time": 1772108256, + "time_dt": "2026-02-26T12:17:36Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN04.AR01 - Log Administrative Access Attempts" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772108257, + "created_time_dt": "2026-02-26T12:17:37Z", + "desc": "Compliance test scenario: Object storage data modification logging compliance", + "title": "Object storage data modification logging compliance", + "types": [], + "uid": "ccc-test-554-1772108257" + }, + "message": "Object storage data modification logging compliance", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@CCC.Core", + "@CCC.Core.CN04", + "@tlp-amber", + "@tlp-red", + "@Policy", + "@object-storage" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "s3-bucket-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "s3-bucket-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "s3-bucket-flowing-porpoise" + } + ], + "severity": "Medium", + "severity_id": 3, + "status": "New", + "status_code": "FAIL", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ— I attempt policy check \"data-write-logging\" for control \"CCC.Core.CN04\" assessment requirement \"AR02\" for service \"{ServiceType}\" on resource \"{ResourceName}\" and provider \"{Provider}\" - Error: policy check failed: CloudTrail Data Events Write Configuration: unknown parameter(s) in policy query: [AWSCloudTrailName] (available: [ReportTitle Instance PortNumber HostName CatalogTypes TagFilter Labels AwsCloudTrailLogGroupName Protocol Props Provider PermittedRegions api ServiceType UID ReportFile Region PermittedAccountIds ProviderServiceType ResourceName])\n⊘ \"{result}\" is true (skipped)", + "status_id": 1, + "time": 1772108257, + "time_dt": "2026-02-26T12:17:37Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN04.AR02 - Log Data Modification Attempts" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772108257, + "created_time_dt": "2026-02-26T12:17:37Z", + "desc": "Compliance test scenario: Verify data modifications are logged with identity and timestamp", + "title": "Verify data modifications are logged with identity and timestamp", + "types": [], + "uid": "ccc-test-574-1772108257" + }, + "message": "Verify data modifications are logged with identity and timestamp", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@CCC.Core", + "@CCC.Core.CN04", + "@tlp-amber", + "@tlp-red", + "@Behavioural", + "@object-storage" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "s3-bucket-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "s3-bucket-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "s3-bucket-flowing-porpoise" + } + ], + "severity": "Medium", + "severity_id": 3, + "status": "New", + "status_code": "FAIL", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"logging\"\nβœ“ I refer to \"{result}\" as \"loggingService\"\nβœ“ I call \"{storage}\" with \"CreateObject\" using arguments \"{ResourceName}\", \"test-logging-object.txt\", and \"test data for logging verification\"\nβœ— \"{result}\" is not an error - Error: expected {result} to not be an error, but got: failed to create object test-logging-object.txt in bucket s3-bucket-flowing-porpoise: operation error S3: PutObject, https response error StatusCode: 403, RequestID: T1HX46KJP7M2A511, HostID: YqeUgQVAiCWcNE95Y9DjYvEi1vu6mID7b1RNRcSi9DwQG0GWyRVWo+xtowI7KTnDewn5O2wqvrJmmizbn2FW7ZQuJbZh2FuW, api error AccessDenied: User: arn:aws:sts::211203495394:assumed-role/TerraformRole/GitHubActions is not authorized to perform: s3:PutObject on resource: \"arn:aws:s3:::s3-bucket-flowing-porpoise/test-logging-object.txt\" with an explicit deny in a resource-based policy\n⊘ I refer to \"{result}\" as \"createResult\" (skipped)\n⊘ I attach \"{createResult}\" to the test output as \"Object Create Result\" (skipped)\n⊘ I call \"{storage}\" with \"DeleteObject\" using arguments \"{ResourceName}\" and \"test-logging-object.txt\" (skipped)\n⊘ \"{result}\" is not an error (skipped)\n⊘ I refer to \"{result}\" as \"deleteResult\" (skipped)\n⊘ I attach \"{deleteResult}\" to the test output as \"Object Delete Result\" (skipped)\n⊘ we wait for a period of \"10000\" ms (skipped)\n⊘ I call \"{loggingService}\" with \"QueryDataWriteLogs\" using arguments \"{ResourceName}\" and \"{20}\" (skipped)\n⊘ \"{result}\" is not an error (skipped)\n⊘ I refer to \"{result}\" as \"dataLogs\" (skipped)\n⊘ I attach \"{dataLogs}\" to the test output as \"Data Write Logs\" (skipped)\n⊘ \"{dataLogs}\" is an array of objects with at least the following contents (skipped)", + "status_id": 1, + "time": 1772108257, + "time_dt": "2026-02-26T12:17:37Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN04.AR02 - Log Data Modification Attempts" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772108257, + "created_time_dt": "2026-02-26T12:17:37Z", + "desc": "Compliance test scenario: Data read logging compliance", + "title": "Data read logging compliance", + "types": [], + "uid": "ccc-test-614-1772108257" + }, + "message": "Data read logging compliance", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@CCC.Core", + "@CCC.Core.CN04", + "@tlp-red", + "@Policy", + "@object-storage", + "@vpc" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "s3-bucket-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "s3-bucket-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "s3-bucket-flowing-porpoise" + } + ], + "severity": "Medium", + "severity_id": 3, + "status": "New", + "status_code": "FAIL", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ— I attempt policy check \"data-read-logging\" for control \"CCC.Core.CN04\" assessment requirement \"AR03\" for service \"{ServiceType}\" on resource \"{ResourceName}\" and provider \"{Provider}\" - Error: policy check failed: CloudTrail Data Events Read Configuration: unknown parameter(s) in policy query: [AWSCloudTrailName] (available: [CatalogTypes TagFilter Region PortNumber Protocol ProviderServiceType ResourceName Props PermittedRegions PermittedAccountIds ServiceType UID ReportFile ReportTitle Instance AwsCloudTrailLogGroupName api HostName Labels Provider])\n⊘ \"{result}\" is true (skipped)", + "status_id": 1, + "time": 1772108257, + "time_dt": "2026-02-26T12:17:37Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN04.AR03 - Log Data Read Attempts" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772108257, + "created_time_dt": "2026-02-26T12:17:37Z", + "desc": "Compliance test scenario: Verify data read operations are logged with identity and timestamp", + "title": "Verify data read operations are logged with identity and timestamp", + "types": [], + "uid": "ccc-test-635-1772108257" + }, + "message": "Verify data read operations are logged with identity and timestamp", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@CCC.Core", + "@CCC.Core.CN04", + "@tlp-red", + "@Behavioural", + "@object-storage" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "s3-bucket-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "s3-bucket-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "s3-bucket-flowing-porpoise" + } + ], + "severity": "Medium", + "severity_id": 3, + "status": "New", + "status_code": "FAIL", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"logging\"\nβœ“ I refer to \"{result}\" as \"loggingService\"\nβœ“ I call \"{storage}\" with \"CreateObject\" using arguments \"{ResourceName}\", \"test-read-logging-object.txt\", and \"test data for read logging verification\"\nβœ— \"{result}\" is not an error - Error: expected {result} to not be an error, but got: failed to create object test-read-logging-object.txt in bucket s3-bucket-flowing-porpoise: operation error S3: PutObject, https response error StatusCode: 403, RequestID: T1HW4SGEPBGEANNZ, HostID: oQbyvrRcfCxnL43nbJ2gMw0o5CU7rQicbIvAvJ04GDQoPnFkeyQf3WshT8Kbv/XlP1nARit++494lBvLDJlldXVfzD1pgeVl, api error AccessDenied: User: arn:aws:sts::211203495394:assumed-role/TerraformRole/GitHubActions is not authorized to perform: s3:PutObject on resource: \"arn:aws:s3:::s3-bucket-flowing-porpoise/test-read-logging-object.txt\" with an explicit deny in a resource-based policy\n⊘ I refer to \"{result}\" as \"createResult\" (skipped)\n⊘ I call \"{storage}\" with \"ReadObject\" using arguments \"{ResourceName}\" and \"test-read-logging-object.txt\" (skipped)\n⊘ \"{result}\" is not an error (skipped)\n⊘ I refer to \"{result}\" as \"readResult\" (skipped)\n⊘ I attach \"{readResult}\" to the test output as \"Object Read Result\" (skipped)\n⊘ I call \"{storage}\" with \"DeleteObject\" using arguments \"{ResourceName}\" and \"test-read-logging-object.txt\" (skipped)\n⊘ \"{result}\" is not an error (skipped)\n⊘ we wait for a period of \"10000\" ms (skipped)\n⊘ I call \"{loggingService}\" with \"QueryDataReadLogs\" using arguments \"{ResourceName}\" and \"{20}\" (skipped)\n⊘ \"{result}\" is not an error (skipped)\n⊘ I refer to \"{result}\" as \"readLogs\" (skipped)\n⊘ I attach \"{readLogs}\" to the test output as \"Data Read Logs\" (skipped)\n⊘ \"{readLogs}\" is an array of objects with at least the following contents (skipped)", + "status_id": 1, + "time": 1772108257, + "time_dt": "2026-02-26T12:17:37Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN04.AR03 - Log Data Read Attempts" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772108257, + "created_time_dt": "2026-02-26T12:17:37Z", + "desc": "Compliance test scenario: Service prevents data modification by user with no access", + "title": "Service prevents data modification by user with no access", + "types": [], + "uid": "ccc-test-700-1772108257" + }, + "message": "Service prevents data modification by user with no access", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@CCC.Core", + "@CCC.Core.CN05", + "@tlp-clear", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@Destructive", + "@Behavioural", + "@object-storage" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "s3-bucket-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "s3-bucket-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "s3-bucket-flowing-porpoise" + } + ], + "severity": "Informational", + "severity_id": 1, + "status": "New", + "status_code": "PASS", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ I call \"{iamService}\" with \"ProvisionUserWithAccess\" using arguments \"test-user-no-write-access\", \"{UID}\", and \"none\"\nβœ“ I refer to \"{result}\" as \"testUserNoAccess\"\nβœ“ I attach \"{result}\" to the test output as \"no-access-user-identity.json\"\nβœ“ I call \"{api}\" with \"GetServiceAPIWithIdentity\" using arguments \"object-storage\", \"{testUserNoAccess}\", and \"{false}\"\nβœ“ \"{result}\" is not an error\nβœ“ I refer to \"{result}\" as \"userStorage\"\nβœ“ I call \"{userStorage}\" with \"CreateObject\" using arguments \"{ResourceName}\", \"test-cn05-unauthorized-modify.txt\", and \"unauthorized data\"\nβœ“ \"{result}\" is an error\nβœ“ I attach \"{result}\" to the test output as \"no-access-create-error.txt\"", + "status_id": 1, + "time": 1772108257, + "time_dt": "2026-02-26T12:17:37Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN05.AR01 - Block Unauthorized Data Modification" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772108258, + "created_time_dt": "2026-02-26T12:17:38Z", + "desc": "Compliance test scenario: Service allows data modification by user with write access", + "title": "Service allows data modification by user with write access", + "types": [], + "uid": "ccc-test-716-1772108258" + }, + "message": "Service allows data modification by user with write access", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@CCC.Core", + "@CCC.Core.CN05", + "@tlp-clear", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@Destructive", + "@Behavioural", + "@object-storage" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "s3-bucket-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "s3-bucket-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "s3-bucket-flowing-porpoise" + } + ], + "severity": "Medium", + "severity_id": 3, + "status": "New", + "status_code": "FAIL", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ I call \"{iamService}\" with \"ProvisionUserWithAccess\" using arguments \"test-user-write-access\", \"{UID}\", and \"write\"\nβœ“ I refer to \"{result}\" as \"testUserWrite\"\nβœ“ I attach \"{result}\" to the test output as \"write-user-identity.json\"\nβœ“ I call \"{api}\" with \"GetServiceAPIWithIdentity\" using arguments \"object-storage\", \"{testUserWrite}\", and \"{true}\"\nβœ— \"{result}\" is not an error - Error: expected {result} to not be an error, but got: user provisioning validation failed: user permissions validation timed out after 12 attempts: credentials not ready for S3 access: operation error S3: ListBuckets, https response error StatusCode: 403, RequestID: TB12YRP2HB8M9071, HostID: gOevlksShWlBr6RrIRtP6A3Z1r5tGfKHZ7h/llSMMMskjSMm/J9Veuhv/fkl/D7P2mBOaCQ/3W4=, api error AccessDenied: User: arn:aws:iam::211203495394:user/test-user-write-access is not authorized to perform: s3:ListAllMyBuckets because no identity-based policy allows the s3:ListAllMyBuckets action\n⊘ I refer to \"{result}\" as \"userStorage\" (skipped)\n⊘ I call \"{userStorage}\" with \"CreateObject\" using arguments \"{ResourceName}\", \"test-cn05-authorized-modify.txt\", and \"authorized data\" (skipped)\n⊘ \"{result}\" is not an error (skipped)\n⊘ I attach \"{result}\" to the test output as \"write-create-object-result.json\" (skipped)\n⊘ I call \"{storage}\" with \"DeleteObject\" using arguments \"{ResourceName}\" and \"test-cn05-authorized-modify.txt\" (skipped)", + "status_id": 1, + "time": 1772108258, + "time_dt": "2026-02-26T12:17:38Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN05.AR01 - Block Unauthorized Data Modification" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772108328, + "created_time_dt": "2026-02-26T12:18:48Z", + "desc": "Compliance test scenario: Storage is not configured for public write access", + "title": "Storage is not configured for public write access", + "types": [], + "uid": "ccc-test-724-1772108328" + }, + "message": "Storage is not configured for public write access", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@CCC.Core", + "@CCC.Core.CN05", + "@tlp-clear", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@Policy", + "@object-storage" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "s3-bucket-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "s3-bucket-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "s3-bucket-flowing-porpoise" + } + ], + "severity": "Medium", + "severity_id": 3, + "status": "New", + "status_code": "FAIL", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ— I attempt policy check \"object-storage-block-public-write-access\" for control \"CCC.Core.CN05\" assessment requirement \"AR01\" for service \"{ServiceType}\" on resource \"{ResourceName}\" and provider \"{Provider}\" - Error: policy check failed: S3 Block Public Access Configuration: \n⊘ \"{result}\" is true (skipped)", + "status_id": 1, + "time": 1772108328, + "time_dt": "2026-02-26T12:18:48Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN05.AR01 - Block Unauthorized Data Modification" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772108329, + "created_time_dt": "2026-02-26T12:18:49Z", + "desc": "Compliance test scenario: Service prevents administrative action (creating a new bucket) by user with no access", + "title": "Service prevents administrative action (creating a new bucket) by user with no access", + "types": [], + "uid": "ccc-test-803-1772108329" + }, + "message": "Service prevents administrative action (creating a new bucket) by user with no access", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@CCC.Core", + "@CCC.Core.CN05", + "@tlp-clear", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@Destructive", + "@Behavioural", + "@object-storage" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "s3-bucket-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "s3-bucket-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "s3-bucket-flowing-porpoise" + } + ], + "severity": "Informational", + "severity_id": 1, + "status": "New", + "status_code": "PASS", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ I call \"{iamService}\" with \"ProvisionUserWithAccess\" using arguments \"test-user-no-admin-access\", \"{UID}\", and \"none\"\nβœ“ I refer to \"{result}\" as \"testUserNoAccess\"\nβœ“ I attach \"{result}\" to the test output as \"no-admin-user-identity.json\"\nβœ“ I call \"{api}\" with \"GetServiceAPIWithIdentity\" using arguments \"object-storage\", \"{testUserNoAccess}\", and \"{false}\"\nβœ“ \"{result}\" is not an error\nβœ“ I refer to \"{result}\" as \"userStorage\"\nβœ“ I call \"{userStorage}\" with \"CreateBucket\" using argument \"test-cn05-unauthorized-admin-container\"\nβœ“ \"{result}\" is an error\nβœ“ I attach \"{result}\" to the test output as \"no-admin-create-bucket-error.txt\"", + "status_id": 1, + "time": 1772108329, + "time_dt": "2026-02-26T12:18:49Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN05.AR02 - Block Unauthorized Administrative Access" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772108330, + "created_time_dt": "2026-02-26T12:18:50Z", + "desc": "Compliance test scenario: Service prevents administrative action (creating a new bucket) by user with read-only access", + "title": "Service prevents administrative action (creating a new bucket) by user with read-only access", + "types": [], + "uid": "ccc-test-818-1772108330" + }, + "message": "Service prevents administrative action (creating a new bucket) by user with read-only access", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@CCC.Core", + "@CCC.Core.CN05", + "@tlp-clear", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@Destructive", + "@Behavioural", + "@object-storage" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "s3-bucket-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "s3-bucket-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "s3-bucket-flowing-porpoise" + } + ], + "severity": "Informational", + "severity_id": 1, + "status": "New", + "status_code": "PASS", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ I call \"{iamService}\" with \"ProvisionUserWithAccess\" using arguments \"test-user-read-only-admin\", \"{UID}\", and \"read\"\nβœ“ I refer to \"{result}\" as \"testUserRead\"\nβœ“ I attach \"{result}\" to the test output as \"read-only-admin-user-identity.json\"\nβœ“ I call \"{api}\" with \"GetServiceAPIWithIdentity\" using arguments \"object-storage\", \"{testUserRead}\", and \"{false}\"\nβœ“ \"{result}\" is not an error\nβœ“ I refer to \"{result}\" as \"userStorage\"\nβœ“ I call \"{userStorage}\" with \"CreateBucket\" using argument \"test-cn05-read-only-create-container\"\nβœ“ \"{result}\" is an error\nβœ“ I attach \"{result}\" to the test output as \"read-only-create-bucket-error.txt\"", + "status_id": 1, + "time": 1772108330, + "time_dt": "2026-02-26T12:18:50Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN05.AR02 - Block Unauthorized Administrative Access" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772108345, + "created_time_dt": "2026-02-26T12:19:05Z", + "desc": "Compliance test scenario: Service allows administrative action (creating a new bucket) by user with admin access", + "title": "Service allows administrative action (creating a new bucket) by user with admin access", + "types": [], + "uid": "ccc-test-834-1772108345" + }, + "message": "Service allows administrative action (creating a new bucket) by user with admin access", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@CCC.Core", + "@CCC.Core.CN05", + "@tlp-clear", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@Behavioural", + "@object-storage" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "s3-bucket-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "s3-bucket-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "s3-bucket-flowing-porpoise" + } + ], + "severity": "Informational", + "severity_id": 1, + "status": "New", + "status_code": "PASS", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ I call \"{iamService}\" with \"ProvisionUserWithAccess\" using arguments \"test-user-admin-access\", \"{UID}\", and \"admin\"\nβœ“ I refer to \"{result}\" as \"testUserAdmin\"\nβœ“ I attach \"{result}\" to the test output as \"admin-user-identity.json\"\nβœ“ I call \"{api}\" with \"GetServiceAPIWithIdentity\" using arguments \"object-storage\", \"{testUserAdmin}\", and \"{true}\"\nβœ“ \"{result}\" is not an error\nβœ“ I refer to \"{result}\" as \"userStorage\"\nβœ“ I call \"{userStorage}\" with \"CreateBucket\" using argument \"test-cn05-authorized-admin-container\"\nβœ“ \"{result}\" is not an error\nβœ“ I attach \"{result}\" to the test output as \"admin-create-bucket-result.json\"\nβœ“ I call \"{storage}\" with \"DeleteBucket\" using argument \"test-cn05-authorized-admin-container\"", + "status_id": 1, + "time": 1772108345, + "time_dt": "2026-02-26T12:19:05Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN05.AR02 - Block Unauthorized Administrative Access" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772108361, + "created_time_dt": "2026-02-26T12:19:21Z", + "desc": "Compliance test scenario: Unauthorized administrative access is blocked", + "title": "Unauthorized administrative access is blocked", + "types": [], + "uid": "ccc-test-841-1772108361" + }, + "message": "Unauthorized administrative access is blocked", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@CCC.Core", + "@CCC.Core.CN05", + "@tlp-clear", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@Policy", + "@object-storage" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "s3-bucket-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "s3-bucket-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "s3-bucket-flowing-porpoise" + } + ], + "severity": "Informational", + "severity_id": 1, + "status": "New", + "status_code": "PASS", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ no-op required", + "status_id": 1, + "time": 1772108361, + "time_dt": "2026-02-26T12:19:21Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN05.AR02 - Block Unauthorized Administrative Access" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772108361, + "created_time_dt": "2026-02-26T12:19:21Z", + "desc": "Compliance test scenario: Cross-tenant access is blocked without explicit allowlist", + "title": "Cross-tenant access is blocked without explicit allowlist", + "types": [], + "uid": "ccc-test-859-1772108361" + }, + "message": "Cross-tenant access is blocked without explicit allowlist", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@CCC.Core", + "@CCC.Core.CN05", + "@tlp-clear", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@Policy", + "@object-storage" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "s3-bucket-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "s3-bucket-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "s3-bucket-flowing-porpoise" + } + ], + "severity": "Informational", + "severity_id": 1, + "status": "New", + "status_code": "PASS", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I attempt policy check \"object-storage-cross-tenant-block\" for control \"CCC.Core.CN05\" assessment requirement \"AR03\" for service \"{ServiceType}\" on resource \"{ResourceName}\" and provider \"{Provider}\"\nβœ“ \"{result}\" is true", + "status_id": 1, + "time": 1772108361, + "time_dt": "2026-02-26T12:19:21Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN05.AR03 - Block Cross-Tenant Access" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772108363, + "created_time_dt": "2026-02-26T12:19:23Z", + "desc": "Compliance test scenario: External unauthorized data requests are blocked", + "title": "External unauthorized data requests are blocked", + "types": [], + "uid": "ccc-test-873-1772108363" + }, + "message": "External unauthorized data requests are blocked", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@CCC.Core", + "@CCC.Core.CN05", + "@tlp-amber", + "@tlp-red", + "@Policy", + "@object-storage" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "s3-bucket-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "s3-bucket-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "s3-bucket-flowing-porpoise" + } + ], + "severity": "Informational", + "severity_id": 1, + "status": "New", + "status_code": "PASS", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ no-op required", + "status_id": 1, + "time": 1772108363, + "time_dt": "2026-02-26T12:19:23Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN05.AR04 - Block Unauthorized External Data Requests" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772108363, + "created_time_dt": "2026-02-26T12:19:23Z", + "desc": "Compliance test scenario: External requests do not reveal service existence", + "title": "External requests do not reveal service existence", + "types": [], + "uid": "ccc-test-886-1772108363" + }, + "message": "External requests do not reveal service existence", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@CCC.Core", + "@CCC.Core.CN05", + "@tlp-red", + "@Policy", + "@object-storage" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "s3-bucket-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "s3-bucket-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "s3-bucket-flowing-porpoise" + } + ], + "severity": "Informational", + "severity_id": 1, + "status": "New", + "status_code": "PASS", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ no-op required", + "status_id": 1, + "time": 1772108363, + "time_dt": "2026-02-26T12:19:23Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN05.AR05 - Hide Service Existence from External Requests" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772108363, + "created_time_dt": "2026-02-26T12:19:23Z", + "desc": "Compliance test scenario: Service prevents data read by user with no access", + "title": "Service prevents data read by user with no access", + "types": [], + "uid": "ccc-test-914-1772108363" + }, + "message": "Service prevents data read by user with no access", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@CCC.Core", + "@CCC.Core.CN05", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@Destructive", + "@Behavioural", + "@object-storage" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "s3-bucket-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "s3-bucket-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "s3-bucket-flowing-porpoise" + } + ], + "severity": "Informational", + "severity_id": 1, + "status": "New", + "status_code": "PASS", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ no-op required", + "status_id": 1, + "time": 1772108363, + "time_dt": "2026-02-26T12:19:23Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN05.AR06 - Block All Unauthorized Requests" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772108363, + "created_time_dt": "2026-02-26T12:19:23Z", + "desc": "Compliance test scenario: All unauthorized requests are blocked", + "title": "All unauthorized requests are blocked", + "types": [], + "uid": "ccc-test-921-1772108363" + }, + "message": "All unauthorized requests are blocked", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@CCC.Core", + "@CCC.Core.CN05", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@Policy", + "@object-storage" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "s3-bucket-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "s3-bucket-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "s3-bucket-flowing-porpoise" + } + ], + "severity": "Informational", + "severity_id": 1, + "status": "New", + "status_code": "PASS", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ no-op required", + "status_id": 1, + "time": 1772108363, + "time_dt": "2026-02-26T12:19:23Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN05.AR06 - Block All Unauthorized Requests" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772108363, + "created_time_dt": "2026-02-26T12:19:23Z", + "desc": "Compliance test scenario: Object storage region compliance", + "title": "Object storage region compliance", + "types": [], + "uid": "ccc-test-944-1772108363" + }, + "message": "Object storage region compliance", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@CCC.Core", + "@CCC.Core.CN06", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@Policy", + "@object-storage" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "s3-bucket-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "s3-bucket-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "s3-bucket-flowing-porpoise" + } + ], + "severity": "Medium", + "severity_id": 3, + "status": "New", + "status_code": "FAIL", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ— I attempt policy check \"object-storage-region\" for control \"CCC.Core.CN06\" assessment requirement \"AR01\" for service \"{ServiceType}\" on resource \"{ResourceName}\" and provider \"{Provider}\" - Error: policy check failed: S3 Bucket Region Compliance: \n⊘ \"{result}\" is true (skipped)", + "status_id": 1, + "time": 1772108363, + "time_dt": "2026-02-26T12:19:23Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN06.AR01 - Resource Location Compliance" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772108364, + "created_time_dt": "2026-02-26T12:19:24Z", + "desc": "Compliance test scenario: Child resources are in approved regions", + "title": "Child resources are in approved regions", + "types": [], + "uid": "ccc-test-965-1772108364" + }, + "message": "Child resources are in approved regions", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@CCC.Core", + "@CCC.Core.CN06", + "@tlp-clear", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@Policy", + "@object-storage" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "s3-bucket-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "s3-bucket-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "s3-bucket-flowing-porpoise" + } + ], + "severity": "Informational", + "severity_id": 1, + "status": "New", + "status_code": "PASS", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ no-op required", + "status_id": 1, + "time": 1772108364, + "time_dt": "2026-02-26T12:19:24Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN06.AR02 - Child Resource Location Compliance" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772108364, + "created_time_dt": "2026-02-26T12:19:24Z", + "desc": "Compliance test scenario: Enumeration activities publish events to monitored channels", + "title": "Enumeration activities publish events to monitored channels", + "types": [], + "uid": "ccc-test-981-1772108364" + }, + "message": "Enumeration activities publish events to monitored channels", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@CCC.Core", + "@CCC.Core.CN07", + "@tlp-amber", + "@tlp-red", + "@Policy", + "@object-storage" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "s3-bucket-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "s3-bucket-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "s3-bucket-flowing-porpoise" + } + ], + "severity": "Informational", + "severity_id": 1, + "status": "New", + "status_code": "PASS", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I attempt policy check \"enumeration-monitoring-policy\" for control \"CCC.Core.CN07\" assessment requirement \"AR01\" for service \"{ServiceType}\" on resource \"{ResourceName}\" and provider \"{Provider}\"\nβœ“ \"{result}\" is true", + "status_id": 1, + "time": 1772108364, + "time_dt": "2026-02-26T12:19:24Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN07.AR01 - Publish Enumeration Activity Events" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772108364, + "created_time_dt": "2026-02-26T12:19:24Z", + "desc": "Compliance test scenario: Enumeration activities are logged", + "title": "Enumeration activities are logged", + "types": [], + "uid": "ccc-test-997-1772108364" + }, + "message": "Enumeration activities are logged", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@CCC.Core", + "@CCC.Core.CN07", + "@tlp-clear", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@Policy", + "@object-storage" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "s3-bucket-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "s3-bucket-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "s3-bucket-flowing-porpoise" + } + ], + "severity": "Informational", + "severity_id": 1, + "status": "New", + "status_code": "PASS", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ no-op required", + "status_id": 1, + "time": 1772108364, + "time_dt": "2026-02-26T12:19:24Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN07.AR02 - Log Enumeration Activities" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772108364, + "created_time_dt": "2026-02-26T12:19:24Z", + "desc": "Compliance test scenario: Object storage replication compliance", + "title": "Object storage replication compliance", + "types": [], + "uid": "ccc-test-1014-1772108364" + }, + "message": "Object storage replication compliance", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@CCC.Core", + "@CCC.Core.CN08", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@Policy", + "@object-storage" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "s3-bucket-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "s3-bucket-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "s3-bucket-flowing-porpoise" + } + ], + "severity": "Medium", + "severity_id": 3, + "status": "New", + "status_code": "FAIL", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ— I attempt policy check \"object-storage-replication\" for control \"CCC.Core.CN08\" assessment requirement \"AR01\" for service \"{ServiceType}\" on resource \"{ResourceName}\" and provider \"{Provider}\" - Error: policy check failed: S3 Cross-Region Replication Configuration: query execution failed: exit status 254\nOutput: \nAn error occurred (ReplicationConfigurationNotFoundError) when calling the GetBucketReplication operation: The replication configuration was not found\n\n⊘ \"{result}\" is true (skipped)", + "status_id": 1, + "time": 1772108364, + "time_dt": "2026-02-26T12:19:24Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN08.AR01 - Data Replication and Redundancy" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772108365, + "created_time_dt": "2026-02-26T12:19:25Z", + "desc": "Compliance test scenario: Object storage replication status is visible", + "title": "Object storage replication status is visible", + "types": [], + "uid": "ccc-test-1031-1772108365" + }, + "message": "Object storage replication status is visible", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@CCC.Core", + "@CCC.Core.CN08", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@Policy", + "@object-storage" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "s3-bucket-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "s3-bucket-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "s3-bucket-flowing-porpoise" + } + ], + "severity": "Medium", + "severity_id": 3, + "status": "New", + "status_code": "FAIL", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ— I attempt policy check \"object-storage-replication-status\" for control \"CCC.Core.CN08\" assessment requirement \"AR02\" for service \"{ServiceType}\" on resource \"{ResourceName}\" and provider \"{Provider}\" - Error: policy check failed: S3 Replication Status Visibility: query execution failed: exit status 254\nOutput: \nAn error occurred (ReplicationConfigurationNotFoundError) when calling the GetBucketReplication operation: The replication configuration was not found\n\n⊘ \"{result}\" is true (skipped)", + "status_id": 1, + "time": 1772108365, + "time_dt": "2026-02-26T12:19:25Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN08.AR02 - Replication Status Visibility" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772108366, + "created_time_dt": "2026-02-26T12:19:26Z", + "desc": "Compliance test scenario: Object storage access logging compliance", + "title": "Object storage access logging compliance", + "types": [], + "uid": "ccc-test-1048-1772108366" + }, + "message": "Object storage access logging compliance", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@CCC.Core", + "@CCC.Core.CN09", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@Policy", + "@object-storage" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "s3-bucket-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "s3-bucket-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "s3-bucket-flowing-porpoise" + } + ], + "severity": "Medium", + "severity_id": 3, + "status": "New", + "status_code": "FAIL", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ— I attempt policy check \"object-storage-access-logging\" for control \"CCC.Core.CN09\" assessment requirement \"AR01\" for service \"{ServiceType}\" on resource \"{ResourceName}\" and provider \"{Provider}\" - Error: policy check failed: S3 Server Access Logging Configuration: \n⊘ \"{result}\" is true (skipped)", + "status_id": 1, + "time": 1772108366, + "time_dt": "2026-02-26T12:19:26Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN09.AR01 - Access Logging Separation" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772108367, + "created_time_dt": "2026-02-26T12:19:27Z", + "desc": "Compliance test scenario: Disabling logs requires disabling the resource", + "title": "Disabling logs requires disabling the resource", + "types": [], + "uid": "ccc-test-1064-1772108367" + }, + "message": "Disabling logs requires disabling the resource", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@CCC.Core", + "@CCC.Core.CN09", + "@tlp-clear", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@Policy", + "@object-storage" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "s3-bucket-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "s3-bucket-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "s3-bucket-flowing-porpoise" + } + ], + "severity": "Informational", + "severity_id": 1, + "status": "New", + "status_code": "PASS", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ no-op required", + "status_id": 1, + "time": 1772108367, + "time_dt": "2026-02-26T12:19:27Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN09.AR02 - Logs Cannot Be Disabled" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772108367, + "created_time_dt": "2026-02-26T12:19:27Z", + "desc": "Compliance test scenario: Redirecting logs requires halting the resource", + "title": "Redirecting logs requires halting the resource", + "types": [], + "uid": "ccc-test-1078-1772108367" + }, + "message": "Redirecting logs requires halting the resource", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@CCC.Core", + "@CCC.Core.CN09", + "@tlp-amber", + "@tlp-red", + "@Policy", + "@object-storage" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "s3-bucket-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "s3-bucket-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "s3-bucket-flowing-porpoise" + } + ], + "severity": "Informational", + "severity_id": 1, + "status": "New", + "status_code": "PASS", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ no-op required", + "status_id": 1, + "time": 1772108367, + "time_dt": "2026-02-26T12:19:27Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN09.AR03 - Log Redirection Requires Service Halt" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772108367, + "created_time_dt": "2026-02-26T12:19:27Z", + "desc": "Compliance test scenario: Object storage replication destination compliance", + "title": "Object storage replication destination compliance", + "types": [], + "uid": "ccc-test-1095-1772108367" + }, + "message": "Object storage replication destination compliance", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@CCC.Core", + "@CCC.Core.CN10", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@Policy", + "@object-storage" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "s3-bucket-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "s3-bucket-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "s3-bucket-flowing-porpoise" + } + ], + "severity": "Medium", + "severity_id": 3, + "status": "New", + "status_code": "FAIL", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ— I attempt policy check \"object-storage-replication-destination\" for control \"CCC.Core.CN10\" assessment requirement \"AR01\" for service \"{ServiceType}\" on resource \"{ResourceName}\" and provider \"{Provider}\" - Error: policy check failed: S3 Replication Destination Region Validation: query execution failed: exit status 254\nOutput: \nAn error occurred (ReplicationConfigurationNotFoundError) when calling the GetBucketReplication operation: The replication configuration was not found\n\n⊘ \"{result}\" is true (skipped)", + "status_id": 1, + "time": 1772108367, + "time_dt": "2026-02-26T12:19:27Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN10.AR01 - Replication Destination Trust" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772108368, + "created_time_dt": "2026-02-26T12:19:28Z", + "desc": "Compliance test scenario: Service prevents reading bucket with no access", + "title": "Service prevents reading bucket with no access", + "types": [], + "uid": "ccc-test-1146-1772108368" + }, + "message": "Service prevents reading bucket with no access", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@object-storage", + "@CCC.ObjStor", + "@tlp-amber", + "@tlp-red", + "@CCC.ObjStor.CN01.AR01", + "@Destructive" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "s3-bucket-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "s3-bucket-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "s3-bucket-flowing-porpoise" + } + ], + "severity": "Informational", + "severity_id": 1, + "status": "New", + "status_code": "PASS", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ I call \"{iamService}\" with \"ProvisionUserWithAccess\" using arguments \"test-user-no-access\", \"{UID}\", and \"none\"\nβœ“ I refer to \"{result}\" as \"testUserNoAccess\"\nβœ“ I attach \"{result}\" to the test output as \"no-access-user-identity.json\"\nβœ“ I call \"{api}\" with \"GetServiceAPIWithIdentity\" using arguments \"object-storage\", \"{testUserNoAccess}\", and \"{false}\"\nβœ“ \"{result}\" is not an error\nβœ“ I refer to \"{result}\" as \"userStorage\"\nβœ“ I call \"{userStorage}\" with \"ListObjects\" using argument \"{ResourceName}\"\nβœ“ \"{result}\" is an error\nβœ“ I attach \"{result}\" to the test output as \"no-access-list-error.txt\"", + "status_id": 1, + "time": 1772108368, + "time_dt": "2026-02-26T12:19:28Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.ObjStor.CN01.AR01" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772108368, + "created_time_dt": "2026-02-26T12:19:28Z", + "desc": "Compliance test scenario: Service allows reading bucket with read access", + "title": "Service allows reading bucket with read access", + "types": [], + "uid": "ccc-test-1162-1772108368" + }, + "message": "Service allows reading bucket with read access", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@object-storage", + "@CCC.ObjStor", + "@tlp-amber", + "@tlp-red", + "@CCC.ObjStor.CN01.AR01" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "s3-bucket-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "s3-bucket-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "s3-bucket-flowing-porpoise" + } + ], + "severity": "Medium", + "severity_id": 3, + "status": "New", + "status_code": "FAIL", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ I call \"{iamService}\" with \"ProvisionUserWithAccess\" using arguments \"test-user-read\", \"{UID}\", and \"read\"\nβœ“ I refer to \"{result}\" as \"testUserRead\"\nβœ“ I attach \"{result}\" to the test output as \"read-user-identity.json\"\nβœ“ I call \"{api}\" with \"GetServiceAPIWithIdentity\" using arguments \"object-storage\", \"{testUserRead}\", and \"{true}\"\nβœ— \"{result}\" is not an error - Error: expected {result} to not be an error, but got: user provisioning validation failed: user permissions validation timed out after 12 attempts: credentials not ready for S3 access: operation error S3: ListBuckets, https response error StatusCode: 403, RequestID: 01KZGAAEAV2R1F8W, HostID: sMFBtqfMtjbZ5YipwnqKC6wH1SL6AZnHVYjyzPVY9pB8QIWEzvX4hPa1tppz5AtrEEeJq8YNsPk=, api error AccessDenied: User: arn:aws:iam::211203495394:user/test-user-read is not authorized to perform: s3:ListAllMyBuckets because no identity-based policy allows the s3:ListAllMyBuckets action\n⊘ I attach \"{result}\" to the test output as \"read-storage-service.json\" (skipped)\n⊘ I refer to \"{result}\" as \"userStorage\" (skipped)\n⊘ I call \"{userStorage}\" with \"ListObjects\" using argument \"{ResourceName}\" (skipped)\n⊘ \"{result}\" is not an error (skipped)\n⊘ I attach \"{result}\" to the test output as \"read-list-objects-result.json\" (skipped)", + "status_id": 1, + "time": 1772108368, + "time_dt": "2026-02-26T12:19:28Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.ObjStor.CN01.AR01" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772108439, + "created_time_dt": "2026-02-26T12:20:39Z", + "desc": "Compliance test scenario: Test policy", + "title": "Test policy", + "types": [], + "uid": "ccc-test-1163-1772108439" + }, + "message": "Test policy", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@object-storage", + "@CCC.ObjStor", + "@tlp-amber", + "@tlp-red", + "@CCC.ObjStor.CN01.AR01", + "@Policy" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "s3-bucket-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "s3-bucket-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "s3-bucket-flowing-porpoise" + } + ], + "severity": "Informational", + "severity_id": 1, + "status": "New", + "status_code": "PASS", + "status_detail": "", + "status_id": 1, + "time": 1772108439, + "time_dt": "2026-02-26T12:20:39Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.ObjStor.CN01.AR01" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772108439, + "created_time_dt": "2026-02-26T12:20:39Z", + "desc": "Compliance test scenario: Service prevents reading object with no access", + "title": "Service prevents reading object with no access", + "types": [], + "uid": "ccc-test-1216-1772108439" + }, + "message": "Service prevents reading object with no access", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@object-storage", + "@CCC.ObjStor", + "@tlp-amber", + "@tlp-red", + "@CCC.ObjStor.CN01.AR02" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "s3-bucket-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "s3-bucket-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "s3-bucket-flowing-porpoise" + } + ], + "severity": "Medium", + "severity_id": 3, + "status": "New", + "status_code": "FAIL", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ I call \"{storage}\" with \"CreateObject\" using arguments \"{ResourceName}\", \"test-object.txt\", and \"test content\"\nβœ— \"{result}\" is not an error - Error: expected {result} to not be an error, but got: failed to create object test-object.txt in bucket s3-bucket-flowing-porpoise: operation error S3: PutObject, https response error StatusCode: 403, RequestID: 01KJDC5HSRQV63A3, HostID: PxpunQofLMv6wUdQcVih6SMsIqJnorVsyuOTPppKfQcTkG78UsdZXeipavNfNqJNcQKbAtb0NnAaXsloilATIB1Kadtqb0Mp, api error AccessDenied: User: arn:aws:sts::211203495394:assumed-role/TerraformRole/GitHubActions is not authorized to perform: s3:PutObject on resource: \"arn:aws:s3:::s3-bucket-flowing-porpoise/test-object.txt\" with an explicit deny in a resource-based policy\n⊘ I call \"{iamService}\" with \"ProvisionUserWithAccess\" using arguments \"test-user-no-access\", \"{UID}\", and \"none\" (skipped)\n⊘ I refer to \"{result}\" as \"testUserNoAccess\" (skipped)\n⊘ I attach \"{result}\" to the test output as \"no-access-user-identity.json\" (skipped)\n⊘ I call \"{api}\" with \"GetServiceAPIWithIdentity\" using arguments \"object-storage\", \"{testUserNoAccess}\", and \"{false}\" (skipped)\n⊘ \"{result}\" is not an error (skipped)\n⊘ I refer to \"{result}\" as \"userStorage\" (skipped)\n⊘ I call \"{userStorage}\" with \"ReadObject\" using arguments \"{ResourceName}\" and \"test-object.txt\" (skipped)\n⊘ \"{result}\" is an error (skipped)\n⊘ I attach \"{result}\" to the test output as \"no-access-read-object-error.txt\" (skipped)", + "status_id": 1, + "time": 1772108439, + "time_dt": "2026-02-26T12:20:39Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.ObjStor.CN01.AR02" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772108439, + "created_time_dt": "2026-02-26T12:20:39Z", + "desc": "Compliance test scenario: Service allows reading object with read access", + "title": "Service allows reading object with read access", + "types": [], + "uid": "ccc-test-1235-1772108439" + }, + "message": "Service allows reading object with read access", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@object-storage", + "@CCC.ObjStor", + "@tlp-amber", + "@tlp-red", + "@CCC.ObjStor.CN01.AR02" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "s3-bucket-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "s3-bucket-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "s3-bucket-flowing-porpoise" + } + ], + "severity": "Medium", + "severity_id": 3, + "status": "New", + "status_code": "FAIL", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ I call \"{storage}\" with \"CreateObject\" using arguments \"{ResourceName}\", \"test-object.txt\", and \"test content\"\nβœ— \"{result}\" is not an error - Error: expected {result} to not be an error, but got: failed to create object test-object.txt in bucket s3-bucket-flowing-porpoise: operation error S3: PutObject, https response error StatusCode: 403, RequestID: Z2C4QB1Z0Y3V1A9S, HostID: pCiicE4wp1gF7BJ2LYsQp1supax2iKtxqzgRmD4XkNQhRHo5k4LBpvMD0TbVNZKBIdGwbDpsimlyae8Bx+f4kX0Xl0Ahroi7, api error AccessDenied: User: arn:aws:sts::211203495394:assumed-role/TerraformRole/GitHubActions is not authorized to perform: s3:PutObject on resource: \"arn:aws:s3:::s3-bucket-flowing-porpoise/test-object.txt\" with an explicit deny in a resource-based policy\n⊘ I call \"{iamService}\" with \"ProvisionUserWithAccess\" using arguments \"test-user-read\", \"{UID}\", and \"read\" (skipped)\n⊘ I refer to \"{result}\" as \"testUserRead\" (skipped)\n⊘ I attach \"{result}\" to the test output as \"read-user-identity.json\" (skipped)\n⊘ I call \"{api}\" with \"GetServiceAPIWithIdentity\" using arguments \"object-storage\", \"{testUserRead}\", and \"{true}\" (skipped)\n⊘ \"{result}\" is not an error (skipped)\n⊘ I attach \"{result}\" to the test output as \"read-storage-service.json\" (skipped)\n⊘ I refer to \"{result}\" as \"userStorage\" (skipped)\n⊘ I call \"{userStorage}\" with \"ReadObject\" using arguments \"{ResourceName}\" and \"test-object.txt\" (skipped)\n⊘ \"{result}\" is not an error (skipped)\n⊘ I attach \"{result}\" to the test output as \"read-read-object-result.json\" (skipped)\n⊘ I call \"{storage}\" with \"DeleteObject\" using arguments \"{ResourceName}\" and \"test-object.txt\" (skipped)", + "status_id": 1, + "time": 1772108439, + "time_dt": "2026-02-26T12:20:39Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.ObjStor.CN01.AR02" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772108440, + "created_time_dt": "2026-02-26T12:20:40Z", + "desc": "Compliance test scenario: Service prevents creating bucket with no access", + "title": "Service prevents creating bucket with no access", + "types": [], + "uid": "ccc-test-1286-1772108440" + }, + "message": "Service prevents creating bucket with no access", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@object-storage", + "@CCC.ObjStor", + "@tlp-clear", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@CCC.ObjStor.CN01.AR03" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "s3-bucket-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "s3-bucket-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "s3-bucket-flowing-porpoise" + } + ], + "severity": "Informational", + "severity_id": 1, + "status": "New", + "status_code": "PASS", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ I call \"{iamService}\" with \"ProvisionUserWithAccess\" using arguments \"test-user-no-access\", \"{UID}\", and \"none\"\nβœ“ I refer to \"{result}\" as \"testUserNoAccess\"\nβœ“ I attach \"{result}\" to the test output as \"no-access-user-identity.json\"\nβœ“ I call \"{api}\" with \"GetServiceAPIWithIdentity\" using arguments \"object-storage\", \"{testUserNoAccess}\", and \"{false}\"\nβœ“ \"{result}\" is not an error\nβœ“ I refer to \"{result}\" as \"userStorage\"\nβœ“ I call \"{userStorage}\" with \"CreateBucket\" using argument \"test-bucket-no-access\"\nβœ“ \"{result}\" is an error\nβœ“ I attach \"{result}\" to the test output as \"no-access-create-bucket-error.txt\"", + "status_id": 1, + "time": 1772108440, + "time_dt": "2026-02-26T12:20:40Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.ObjStor.CN01.AR03" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772108440, + "created_time_dt": "2026-02-26T12:20:40Z", + "desc": "Compliance test scenario: Service allows creating bucket with write access", + "title": "Service allows creating bucket with write access", + "types": [], + "uid": "ccc-test-1303-1772108440" + }, + "message": "Service allows creating bucket with write access", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@object-storage", + "@CCC.ObjStor", + "@tlp-clear", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@CCC.ObjStor.CN01.AR03" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "s3-bucket-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "s3-bucket-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "s3-bucket-flowing-porpoise" + } + ], + "severity": "Medium", + "severity_id": 3, + "status": "New", + "status_code": "FAIL", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ I call \"{iamService}\" with \"ProvisionUserWithAccess\" using arguments \"test-user-write\", \"{UID}\", and \"write\"\nβœ“ I refer to \"{result}\" as \"testUserWrite\"\nβœ“ I attach \"{result}\" to the test output as \"write-user-identity.json\"\nβœ“ I call \"{api}\" with \"GetServiceAPIWithIdentity\" using arguments \"object-storage\", \"{testUserWrite}\", and \"{true}\"\nβœ— \"{result}\" is not an error - Error: expected {result} to not be an error, but got: user provisioning validation failed: user permissions validation timed out after 12 attempts: credentials not ready for S3 access: operation error S3: ListBuckets, https response error StatusCode: 403, RequestID: 2YXWPJ5FQC180XBV, HostID: 4z7Zq6qtR6tKpbQXQH4UrisY7fF/NNXBCp1xIimQfGxAeFaJP/MBbbAAR1mXJsADCfCJW+bYZxI=, api error AccessDenied: User: arn:aws:iam::211203495394:user/test-user-write is not authorized to perform: s3:ListAllMyBuckets because no identity-based policy allows the s3:ListAllMyBuckets action\n⊘ I attach \"{result}\" to the test output as \"write-storage-service.json\" (skipped)\n⊘ I refer to \"{result}\" as \"userStorage\" (skipped)\n⊘ I call \"{userStorage}\" with \"CreateBucket\" using argument \"test-bucket-write\" (skipped)\n⊘ \"{result}\" is not an error (skipped)\n⊘ I attach \"{result}\" to the test output as \"write-create-bucket-result.json\" (skipped)\n⊘ I call \"{storage}\" with \"DeleteBucket\" using argument \"{result.ID}\" (skipped)", + "status_id": 1, + "time": 1772108440, + "time_dt": "2026-02-26T12:20:40Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.ObjStor.CN01.AR03" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772108510, + "created_time_dt": "2026-02-26T12:21:50Z", + "desc": "Compliance test scenario: Service prevents writing object with read-only access", + "title": "Service prevents writing object with read-only access", + "types": [], + "uid": "ccc-test-1358-1772108510" + }, + "message": "Service prevents writing object with read-only access", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@object-storage", + "@CCC.ObjStor", + "@tlp-clear", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@CCC.ObjStor.CN01.AR04" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "s3-bucket-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "s3-bucket-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "s3-bucket-flowing-porpoise" + } + ], + "severity": "Medium", + "severity_id": 3, + "status": "New", + "status_code": "FAIL", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ \"{result}\" is not an error\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ \"{result}\" is not an error\nβœ“ I call \"{iamService}\" with \"ProvisionUserWithAccess\" using arguments \"test-user-read\", \"{UID}\", and \"read\"\nβœ“ I refer to \"{result}\" as \"testUserRead\"\nβœ“ I attach \"{result}\" to the test output as \"read-user-identity.json\"\nβœ“ I call \"{api}\" with \"GetServiceAPIWithIdentity\" using arguments \"object-storage\", \"{testUserRead}\", and \"{true}\"\nβœ— \"{result}\" is not an error - Error: expected {result} to not be an error, but got: user provisioning validation failed: user permissions validation timed out after 12 attempts: credentials not ready for S3 access: operation error S3: ListBuckets, https response error StatusCode: 403, RequestID: PWMR5KSQHZ9BQW18, HostID: XO/cbI7fq0xiDAFYnvEK6CEn53xsVzFrDuuuptIoGzCvLSLN27f8VubHNqUrB2XYJFKe1/FYb+s=, api error AccessDenied: User: arn:aws:iam::211203495394:user/test-user-read is not authorized to perform: s3:ListAllMyBuckets because no identity-based policy allows the s3:ListAllMyBuckets action\n⊘ I refer to \"{result}\" as \"userStorage\" (skipped)\n⊘ I call \"{userStorage}\" with \"CreateObject\" using arguments \"{ResourceName}\", \"test-write-object.txt\", and \"test content\" (skipped)\n⊘ \"{result}\" is an error (skipped)\n⊘ I attach \"{result}\" to the test output as \"read-create-object-error.txt\" (skipped)", + "status_id": 1, + "time": 1772108510, + "time_dt": "2026-02-26T12:21:50Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.ObjStor.CN01.AR04" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772108565, + "created_time_dt": "2026-02-26T12:22:45Z", + "desc": "Compliance test scenario: Service allows writing object with write access", + "title": "Service allows writing object with write access", + "types": [], + "uid": "ccc-test-1377-1772108565" + }, + "message": "Service allows writing object with write access", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@object-storage", + "@CCC.ObjStor", + "@tlp-clear", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@CCC.ObjStor.CN01.AR04" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "s3-bucket-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "s3-bucket-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "s3-bucket-flowing-porpoise" + } + ], + "severity": "Medium", + "severity_id": 3, + "status": "New", + "status_code": "FAIL", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ \"{result}\" is not an error\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ \"{result}\" is not an error\nβœ“ I call \"{iamService}\" with \"ProvisionUserWithAccess\" using arguments \"test-user-write\", \"{UID}\", and \"write\"\nβœ“ I refer to \"{result}\" as \"testUserWrite\"\nβœ“ I attach \"{result}\" to the test output as \"write-user-identity.json\"\nβœ“ I call \"{api}\" with \"GetServiceAPIWithIdentity\" using arguments \"object-storage\", \"{testUserWrite}\", and \"{true}\"\nβœ— \"{result}\" is not an error - Error: expected {result} to not be an error, but got: user provisioning validation failed: user permissions validation timed out after 12 attempts: credentials not ready for S3 access: operation error S3: ListBuckets, https response error StatusCode: 403, RequestID: N623ZCJJX4A2T6PZ, HostID: bKNoHIkAulhO5vd8AZ24vWcq52gALKJ5oODZKVL7pA4FXEB3l0Hl91YnCHf7eMN3gq/brWyPd+k=, api error AccessDenied: User: arn:aws:iam::211203495394:user/test-user-write is not authorized to perform: s3:ListAllMyBuckets because no identity-based policy allows the s3:ListAllMyBuckets action\n⊘ I attach \"{result}\" to the test output as \"write-storage-service.json\" (skipped)\n⊘ I refer to \"{result}\" as \"userStorage\" (skipped)\n⊘ I call \"{userStorage}\" with \"CreateObject\" using arguments \"{ResourceName}\", \"test-write-object.txt\", and \"test content\" (skipped)\n⊘ \"{result}\" is not an error (skipped)\n⊘ I attach \"{result}\" to the test output as \"write-create-object-result.json\" (skipped)\n⊘ I call \"{storage}\" with \"DeleteObject\" using arguments \"{ResourceName}\" and \"test-write-object.txt\" (skipped)", + "status_id": 1, + "time": 1772108565, + "time_dt": "2026-02-26T12:22:45Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.ObjStor.CN01.AR04" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772108621, + "created_time_dt": "2026-02-26T12:23:41Z", + "desc": "Compliance test scenario: Service enforces uniform bucket-level access by rejecting object-level permissions", + "title": "Service enforces uniform bucket-level access by rejecting object-level permissions", + "types": [], + "uid": "ccc-test-1426-1772108621" + }, + "message": "Service enforces uniform bucket-level access by rejecting object-level permissions", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@object-storage", + "@CCC.ObjStor", + "@tlp-amber", + "@tlp-red", + "@CCC.ObjStor.CN02.AR01" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "s3-bucket-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "s3-bucket-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "s3-bucket-flowing-porpoise" + } + ], + "severity": "Medium", + "severity_id": 3, + "status": "New", + "status_code": "FAIL", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ I call \"{storage}\" with \"CreateObject\" using arguments \"{ResourceName}\", \"test-object.txt\", and \"test data\"\nβœ— \"{result}\" is not an error - Error: expected {result} to not be an error, but got: failed to create object test-object.txt in bucket s3-bucket-flowing-porpoise: operation error S3: PutObject, https response error StatusCode: 403, RequestID: N62E10KH4SKSPJBW, HostID: MlXj/xSkjVRTfoww6mq6uywNJu3D4zDeqZUsQ22PNFDyrrJ9FA6xRG8qh5/G6aWBwQqyPxPSjhjsKeuR+1w7oXqOfiZWpv9J, api error AccessDenied: User: arn:aws:sts::211203495394:assumed-role/TerraformRole/GitHubActions is not authorized to perform: s3:PutObject on resource: \"arn:aws:s3:::s3-bucket-flowing-porpoise/test-object.txt\" with an explicit deny in a resource-based policy\n⊘ I call \"{iamService}\" with \"ProvisionUserWithAccess\" using arguments \"test-user-read\", \"{UID}\", and \"read\" (skipped)\n⊘ I refer to \"{result}\" as \"testUserRead\" (skipped)\n⊘ I attach \"{result}\" to the test output as \"read-user-identity.json\" (skipped)\n⊘ I call \"{api}\" with \"GetServiceAPIWithIdentity\" using arguments \"object-storage\", \"{testUserRead}\", and \"{true}\" (skipped)\n⊘ \"{result}\" is not an error (skipped)\n⊘ I refer to \"{result}\" as \"userStorage\" (skipped)\n⊘ I call \"{userStorage}\" with \"ReadObject\" using arguments \"{ResourceName}\" and \"test-object.txt\" (skipped)\n⊘ \"{result}\" is not an error (skipped)\n⊘ I call \"{storage}\" with \"SetObjectPermission\" using arguments \"{ResourceName}\", \"test-object.txt\", and \"none\" (skipped)\n⊘ \"{result}\" is an error (skipped)\n⊘ I attach \"{result}\" to the test output as \"set-object-permission-error.txt\" (skipped)\n⊘ I call \"{userStorage}\" with \"ReadObject\" using arguments \"{ResourceName}\" and \"test-object.txt\" (skipped)\n⊘ \"{result}\" is not an error (skipped)", + "status_id": 1, + "time": 1772108621, + "time_dt": "2026-02-26T12:23:41Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.ObjStor.CN02.AR01 - Uniform Bucket-Level Access (Consistent Allow)" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772108621, + "created_time_dt": "2026-02-26T12:23:41Z", + "desc": "Compliance test scenario: Service enforces uniform bucket-level access denial", + "title": "Service enforces uniform bucket-level access denial", + "types": [], + "uid": "ccc-test-1475-1772108621" + }, + "message": "Service enforces uniform bucket-level access denial", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@object-storage", + "@CCC.ObjStor", + "@tlp-amber", + "@tlp-red", + "@CCC.ObjStor.CN02.AR02" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "s3-bucket-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "s3-bucket-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "s3-bucket-flowing-porpoise" + } + ], + "severity": "Medium", + "severity_id": 3, + "status": "New", + "status_code": "FAIL", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ I call \"{storage}\" with \"CreateObject\" using arguments \"{ResourceName}\", \"test-object.txt\", and \"test data\"\nβœ— \"{result}\" is not an error - Error: expected {result} to not be an error, but got: failed to create object test-object.txt in bucket s3-bucket-flowing-porpoise: operation error S3: PutObject, https response error StatusCode: 403, RequestID: N62ANVRAZSV7YP3A, HostID: lARub1cW/lmSapg4UA72KJxMB6s+verc29ympqAuZbrVJO1EfXGCaLdyCODllSAMu7V7ntXhvPk=, api error AccessDenied: User: arn:aws:sts::211203495394:assumed-role/TerraformRole/GitHubActions is not authorized to perform: s3:PutObject on resource: \"arn:aws:s3:::s3-bucket-flowing-porpoise/test-object.txt\" with an explicit deny in a resource-based policy\n⊘ I call \"{iamService}\" with \"ProvisionUserWithAccess\" using arguments \"test-user-no-access\", \"{UID}\", and \"none\" (skipped)\n⊘ I refer to \"{result}\" as \"testUserNoAccess\" (skipped)\n⊘ I attach \"{result}\" to the test output as \"no-access-user-identity.json\" (skipped)\n⊘ I call \"{api}\" with \"GetServiceAPIWithIdentity\" using arguments \"object-storage\", \"{testUserNoAccess}\", and \"{false}\" (skipped)\n⊘ \"{result}\" is not an error (skipped)\n⊘ I refer to \"{result}\" as \"userStorage\" (skipped)\n⊘ I call \"{userStorage}\" with \"ReadObject\" using arguments \"{ResourceName}\" and \"test-object.txt\" (skipped)\n⊘ \"{result}\" is an error (skipped)\n⊘ I call \"{storage}\" with \"SetObjectPermission\" using arguments \"{ResourceName}\", \"test-object.txt\", and \"read\" (skipped)\n⊘ \"{result}\" is an error (skipped)\n⊘ I attach \"{result}\" to the test output as \"set-object-permission-error.txt\" (skipped)\n⊘ I call \"{userStorage}\" with \"ReadObject\" using arguments \"{ResourceName}\" and \"test-object.txt\" (skipped)\n⊘ \"{result}\" is an error (skipped)", + "status_id": 1, + "time": 1772108621, + "time_dt": "2026-02-26T12:23:41Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.ObjStor.CN02.AR02 - Uniform Bucket-Level Access (Consistent Deny)" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772108621, + "created_time_dt": "2026-02-26T12:23:41Z", + "desc": "Compliance test scenario: Service supports bucket soft delete and recovery", + "title": "Service supports bucket soft delete and recovery", + "types": [], + "uid": "ccc-test-1524-1772108621" + }, + "message": "Service supports bucket soft delete and recovery", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@object-storage", + "@CCC.ObjStor", + "@tlp-amber", + "@tlp-red", + "@CCC.ObjStor.CN03.AR01" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "s3-bucket-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "s3-bucket-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "s3-bucket-flowing-porpoise" + } + ], + "severity": "Medium", + "severity_id": 3, + "status": "New", + "status_code": "FAIL", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{storage}\" with \"CreateBucket\" using argument \"ccc-test-soft-delete\"\nβœ“ \"{result}\" is not an error\nβœ“ I refer to \"{result}\" as \"testBucket\"\nβœ“ I attach \"{result}\" to the test output as \"created-bucket.json\"\nβœ“ I call \"{storage}\" with \"DeleteBucket\" using argument \"ccc-test-soft-delete\"\nβœ“ \"{result}\" is not an error\nβœ“ I call \"{storage}\" with \"ListDeletedBuckets\"\nβœ— \"{result}\" is not an error - Error: expected {result} to not be an error, but got: AWS S3 does not support bucket-level soft delete - bucket deletion is immediate and permanent\n⊘ I attach \"{result}\" to the test output as \"deleted-buckets.json\" (skipped)\n? \"{result}\" should have length greater than \"0\" (undefined)\n⊘ I call \"{storage}\" with \"RestoreBucket\" using argument \"ccc-test-soft-delete\" (skipped)\n⊘ \"{result}\" is not an error (skipped)\n⊘ I call \"{storage}\" with \"ListBuckets\" (skipped)\n⊘ \"{result}\" is not an error (skipped)\n⊘ I attach \"{result}\" to the test output as \"restored-buckets.json\" (skipped)\n⊘ I call \"{storage}\" with \"DeleteBucket\" using argument \"ccc-test-soft-delete\" (skipped)\n⊘ \"{result}\" is not an error (skipped)", + "status_id": 1, + "time": 1772108621, + "time_dt": "2026-02-26T12:23:41Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.ObjStor.CN03.AR01 - Bucket Soft Delete and Recovery" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772108622, + "created_time_dt": "2026-02-26T12:23:42Z", + "desc": "Compliance test scenario: Service prevents modification of locked retention policy", + "title": "Service prevents modification of locked retention policy", + "types": [], + "uid": "ccc-test-1561-1772108622" + }, + "message": "Service prevents modification of locked retention policy", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@object-storage", + "@CCC.ObjStor", + "@tlp-amber", + "@tlp-red", + "@CCC.ObjStor.CN03.AR02" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "s3-bucket-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "s3-bucket-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "s3-bucket-flowing-porpoise" + } + ], + "severity": "Medium", + "severity_id": 3, + "status": "New", + "status_code": "FAIL", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{storage}\" with \"GetBucketRetentionDurationDays\" using argument \"{ResourceName}\"\nβœ“ \"{result}\" is not an error\nβœ“ I refer to \"{result}\" as \"originalRetention\"\nβœ“ I attach \"{result}\" to the test output as \"original-retention-days.txt\"\nβœ— \"{result}\" should be greater than \"0\" - Error: expected {result} (0) to be greater than 0\n⊘ I call \"{storage}\" with \"SetBucketRetentionDurationDays\" using arguments \"{ResourceName}\" and \"1\" (skipped)\n⊘ \"{result}\" is an error (skipped)\n⊘ I attach \"{result}\" to the test output as \"set-retention-error.txt\" (skipped)\n⊘ I call \"{storage}\" with \"GetBucketRetentionDurationDays\" using argument \"{ResourceName}\" (skipped)\n⊘ \"{result}\" is not an error (skipped)\n? \"{result}\" should equal \"{originalRetention}\" (undefined)", + "status_id": 1, + "time": 1772108622, + "time_dt": "2026-02-26T12:23:42Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.ObjStor.CN03.AR02 - Immutable Bucket Retention Policy" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772108622, + "created_time_dt": "2026-02-26T12:23:42Z", + "desc": "Compliance test scenario: Service applies default retention policy to newly uploaded object", + "title": "Service applies default retention policy to newly uploaded object", + "types": [], + "uid": "ccc-test-1617-1772108622" + }, + "message": "Service applies default retention policy to newly uploaded object", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@object-storage", + "@CCC.ObjStor", + "@tlp-clear", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@CCC.ObjStor.CN04.AR01" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "s3-bucket-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "s3-bucket-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "s3-bucket-flowing-porpoise" + } + ], + "severity": "Medium", + "severity_id": 3, + "status": "New", + "status_code": "FAIL", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ I call \"{iamService}\" with \"ProvisionUserWithAccess\" using arguments \"test-user-write\", \"{UID}\", and \"write\"\nβœ“ I refer to \"{result}\" as \"testUserWrite\"\nβœ“ I attach \"{result}\" to the test output as \"write-user-identity.json\"\nβœ“ I call \"{api}\" with \"GetServiceAPIWithIdentity\" using arguments \"object-storage\", \"{testUserWrite}\", and \"{true}\"\nβœ— \"{result}\" is not an error - Error: expected {result} to not be an error, but got: user provisioning validation failed: user permissions validation timed out after 12 attempts: credentials not ready for S3 access: operation error S3: ListBuckets, https response error StatusCode: 403, RequestID: X0F025A36G2RXZN2, HostID: wX6lj1OyU+2Fld700maye043/1OlzgR/8NgJrepLwI0KPmPajaMygjrlCmnzP11RdJItHTLRj/0=, api error AccessDenied: User: arn:aws:iam::211203495394:user/test-user-write is not authorized to perform: s3:ListAllMyBuckets because no identity-based policy allows the s3:ListAllMyBuckets action\n⊘ I refer to \"{result}\" as \"userStorage\" (skipped)\n⊘ I call \"{userStorage}\" with \"CreateObject\" using arguments \"{ResourceName}\", \"test-retention-object.txt\", and \"protected data\" (skipped)\n⊘ I attach \"{result}\" to the test output as \"uploaded-object.json\" (skipped)\n⊘ I call \"{userStorage}\" with \"GetObjectRetentionDurationDays\" using arguments \"{ResourceName}\" and \"test-retention-object.txt\" (skipped)\n⊘ \"{result}\" should be greater than \"1\" (skipped)\n⊘ I call \"{storage}\" with \"DeleteObject\" using arguments \"{ResourceName}\" and \"test-retention-object.txt\" (skipped)", + "status_id": 1, + "time": 1772108622, + "time_dt": "2026-02-26T12:23:42Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.ObjStor.CN04.AR01" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772108677, + "created_time_dt": "2026-02-26T12:24:37Z", + "desc": "Compliance test scenario: Service enforces retention policy on newly created objects", + "title": "Service enforces retention policy on newly created objects", + "types": [], + "uid": "ccc-test-1629-1772108677" + }, + "message": "Service enforces retention policy on newly created objects", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@object-storage", + "@CCC.ObjStor", + "@tlp-clear", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@CCC.ObjStor.CN04.AR01" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "s3-bucket-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "s3-bucket-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "s3-bucket-flowing-porpoise" + } + ], + "severity": "Medium", + "severity_id": 3, + "status": "New", + "status_code": "FAIL", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ I call \"{storage}\" with \"CreateObject\" using arguments \"{ResourceName}\", \"immediate-delete-test.txt\", and \"test content\"\nβœ— \"{result}\" is not an error - Error: expected {result} to not be an error, but got: failed to create object immediate-delete-test.txt in bucket s3-bucket-flowing-porpoise: operation error S3: PutObject, https response error StatusCode: 403, RequestID: 35658VMN30XQK0FT, HostID: OsCFHAnLAcCzTUzpktoZ/O7XjdqHV7xohSkwt8eq/87703aOt2SRUS13+7RP7SjF4f88kdyxdrn5QTFibzkv7qB1LeTiVA1T, api error AccessDenied: User: arn:aws:sts::211203495394:assumed-role/TerraformRole/GitHubActions is not authorized to perform: s3:PutObject on resource: \"arn:aws:s3:::s3-bucket-flowing-porpoise/immediate-delete-test.txt\" with an explicit deny in a resource-based policy\n⊘ I call \"{storage}\" with \"DeleteObject\" using arguments \"{ResourceName}\" and \"immediate-delete-test.txt\" (skipped)\n⊘ \"{result}\" is an error (skipped)\n⊘ I attach \"{result}\" to the test output as \"immediate-delete-error.txt\" (skipped)\n? \"{result}\" should contain \"retention\" (undefined)", + "status_id": 1, + "time": 1772108677, + "time_dt": "2026-02-26T12:24:37Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.ObjStor.CN04.AR01" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772108678, + "created_time_dt": "2026-02-26T12:24:38Z", + "desc": "Compliance test scenario: Service validates retention period meets minimum requirements", + "title": "Service validates retention period meets minimum requirements", + "types": [], + "uid": "ccc-test-1640-1772108678" + }, + "message": "Service validates retention period meets minimum requirements", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@object-storage", + "@CCC.ObjStor", + "@tlp-clear", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@CCC.ObjStor.CN04.AR01" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "s3-bucket-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "s3-bucket-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "s3-bucket-flowing-porpoise" + } + ], + "severity": "Medium", + "severity_id": 3, + "status": "New", + "status_code": "FAIL", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ I call \"{storage}\" with \"CreateObject\" using arguments \"{ResourceName}\", \"retention-period-test.txt\", and \"compliance data\"\nβœ“ I call \"{storage}\" with \"GetObjectRetentionDurationDays\" using arguments \"{ResourceName}\" and \"retention-period-test.txt\"\nβœ— \"{result}\" should be greater than \"1\" - Error: expected {result} (0) to be greater than 1\n⊘ I attach \"{result}\" to the test output as \"retention-period-days.json\" (skipped)\n⊘ I call \"{storage}\" with \"DeleteObject\" using arguments \"{ResourceName}\" and \"retention-period-test.txt\" (skipped)", + "status_id": 1, + "time": 1772108678, + "time_dt": "2026-02-26T12:24:38Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.ObjStor.CN04.AR01" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772108678, + "created_time_dt": "2026-02-26T12:24:38Z", + "desc": "Compliance test scenario: Service prevents object deletion by write user during retention period", + "title": "Service prevents object deletion by write user during retention period", + "types": [], + "uid": "ccc-test-1722-1772108678" + }, + "message": "Service prevents object deletion by write user during retention period", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@object-storage", + "@CCC.ObjStor", + "@tlp-clear", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@CCC.ObjStor.CN04.AR02" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "s3-bucket-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "s3-bucket-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "s3-bucket-flowing-porpoise" + } + ], + "severity": "Medium", + "severity_id": 3, + "status": "New", + "status_code": "FAIL", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ I call \"{iamService}\" with \"ProvisionUserWithAccess\" using arguments \"test-user-write\", \"{UID}\", and \"write\"\nβœ“ I refer to \"{result}\" as \"testUserWrite\"\nβœ“ I attach \"{result}\" to the test output as \"write-user-identity.json\"\nβœ“ I call \"{api}\" with \"GetServiceAPIWithIdentity\" using arguments \"object-storage\", \"{testUserWrite}\", and \"{true}\"\nβœ— \"{result}\" is not an error - Error: expected {result} to not be an error, but got: user provisioning validation failed: user permissions validation timed out after 12 attempts: credentials not ready for S3 access: operation error S3: ListBuckets, https response error StatusCode: 403, RequestID: ZAF3AP2RSN4R2ZZC, HostID: xVFCusShtId0+1Kp0dOu4XPr38UORJWa5sKrheQa8m6rtgyDxBHmx54I8b/QC+ecZkbogsiEZqA1xnSHbI7bZJx/dVLv/NZ4, api error AccessDenied: User: arn:aws:iam::211203495394:user/test-user-write is not authorized to perform: s3:ListAllMyBuckets because no identity-based policy allows the s3:ListAllMyBuckets action\n⊘ I refer to \"{result}\" as \"userStorage\" (skipped)\n⊘ I call \"{userStorage}\" with \"CreateObject\" using arguments \"{ResourceName}\", \"protected-object.txt\", and \"immutable data\" (skipped)\n⊘ \"{result}\" is not an error (skipped)\n⊘ I attach \"{result}\" to the test output as \"protected-object.json\" (skipped)\n⊘ I call \"{userStorage}\" with \"DeleteObject\" using arguments \"{ResourceName}\" and \"protected-object.txt\" (skipped)\n⊘ \"{result}\" is an error (skipped)\n⊘ I attach \"{result}\" to the test output as \"delete-protected-error.txt\" (skipped)\n? \"{result}\" should contain one of \"retention, locked, immutable, protected\" (undefined)", + "status_id": 1, + "time": 1772108678, + "time_dt": "2026-02-26T12:24:38Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.ObjStor.CN04.AR02" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772108733, + "created_time_dt": "2026-02-26T12:25:33Z", + "desc": "Compliance test scenario: Service prevents object deletion by admin user during retention period", + "title": "Service prevents object deletion by admin user during retention period", + "types": [], + "uid": "ccc-test-1734-1772108733" + }, + "message": "Service prevents object deletion by admin user during retention period", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@object-storage", + "@CCC.ObjStor", + "@tlp-clear", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@CCC.ObjStor.CN04.AR02" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "s3-bucket-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "s3-bucket-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "s3-bucket-flowing-porpoise" + } + ], + "severity": "Medium", + "severity_id": 3, + "status": "New", + "status_code": "FAIL", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ I call \"{storage}\" with \"CreateObject\" using arguments \"{ResourceName}\", \"admin-protected-object.txt\", and \"compliance data\"\nβœ— \"{result}\" is not an error - Error: expected {result} to not be an error, but got: failed to create object admin-protected-object.txt in bucket s3-bucket-flowing-porpoise: operation error S3: PutObject, https response error StatusCode: 403, RequestID: CAF6SEVZH2B88MGG, HostID: ZjoRFap2mVg4nQ+1l3SduY2x/P1cpK5dx09ktw0Su7AWgA+nlQYodg4ctSgasKjyZhIFka6YT/OkDrniDSzW0w8nTzluG0oh, api error AccessDenied: User: arn:aws:sts::211203495394:assumed-role/TerraformRole/GitHubActions is not authorized to perform: s3:PutObject on resource: \"arn:aws:s3:::s3-bucket-flowing-porpoise/admin-protected-object.txt\" with an explicit deny in a resource-based policy\n⊘ I call \"{storage}\" with \"DeleteObject\" using arguments \"{ResourceName}\" and \"admin-protected-object.txt\" (skipped)\n⊘ \"{result}\" is an error (skipped)\n⊘ I attach \"{result}\" to the test output as \"admin-delete-protected-error.txt\" (skipped)\n? \"{result}\" should contain \"retention\" (undefined)", + "status_id": 1, + "time": 1772108733, + "time_dt": "2026-02-26T12:25:33Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.ObjStor.CN04.AR02" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772108734, + "created_time_dt": "2026-02-26T12:25:34Z", + "desc": "Compliance test scenario: Service prevents object modification during retention period", + "title": "Service prevents object modification during retention period", + "types": [], + "uid": "ccc-test-1752-1772108734" + }, + "message": "Service prevents object modification during retention period", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@object-storage", + "@CCC.ObjStor", + "@tlp-clear", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@CCC.ObjStor.CN04.AR02" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "s3-bucket-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "s3-bucket-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "s3-bucket-flowing-porpoise" + } + ], + "severity": "Medium", + "severity_id": 3, + "status": "New", + "status_code": "FAIL", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ I call \"{iamService}\" with \"ProvisionUserWithAccess\" using arguments \"test-user-write\", \"{UID}\", and \"write\"\nβœ“ I refer to \"{result}\" as \"testUserWrite\"\nβœ“ I call \"{api}\" with \"GetServiceAPIWithIdentity\" using arguments \"object-storage\", \"{testUserWrite}\", and \"{true}\"\nβœ— \"{result}\" is not an error - Error: expected {result} to not be an error, but got: user provisioning validation failed: user permissions validation timed out after 12 attempts: credentials not ready for S3 access: operation error S3: ListBuckets, https response error StatusCode: 403, RequestID: 6R3GHR2EW9B6PRZ1, HostID: J8ktep49UTDdPFHja+MaaEWe2f4HYOpojEvO5c8mYI+Ci5YP7Y7a/xd2VkBxNqiPxf3cK1/vKZs=, api error AccessDenied: User: arn:aws:iam::211203495394:user/test-user-write is not authorized to perform: s3:ListAllMyBuckets because no identity-based policy allows the s3:ListAllMyBuckets action\n⊘ I refer to \"{result}\" as \"userStorage\" (skipped)\n⊘ I call \"{userStorage}\" with \"CreateObject\" using arguments \"{ResourceName}\", \"modify-test-object.txt\", and \"original content\" (skipped)\n⊘ \"{result}\" is not an error (skipped)\n⊘ I attach \"{result}\" to the test output as \"original-object.json\" (skipped)\n⊘ I call \"{userStorage}\" with \"CreateObject\" using arguments \"{ResourceName}\", \"modify-test-object.txt\", and \"modified content\" (skipped)\n⊘ \"{result}\" is an error (skipped)\n⊘ I attach \"{result}\" to the test output as \"modify-protected-error.txt\" (skipped)\n? \"{result}\" should contain one of \"retention, locked, immutable, protected, exists\" (undefined)", + "status_id": 1, + "time": 1772108734, + "time_dt": "2026-02-26T12:25:34Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.ObjStor.CN04.AR02" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772108789, + "created_time_dt": "2026-02-26T12:26:29Z", + "desc": "Compliance test scenario: Service allows object read access during retention period", + "title": "Service allows object read access during retention period", + "types": [], + "uid": "ccc-test-1772-1772108789" + }, + "message": "Service allows object read access during retention period", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@object-storage", + "@CCC.ObjStor", + "@tlp-clear", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@CCC.ObjStor.CN04.AR02" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "s3-bucket-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "s3-bucket-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "s3-bucket-flowing-porpoise" + } + ], + "severity": "Medium", + "severity_id": 3, + "status": "New", + "status_code": "FAIL", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ I call \"{storage}\" with \"CreateObject\" using arguments \"{ResourceName}\", \"readable-protected-object.txt\", and \"readable data\"\nβœ— \"{result}\" is not an error - Error: expected {result} to not be an error, but got: failed to create object readable-protected-object.txt in bucket s3-bucket-flowing-porpoise: operation error S3: PutObject, https response error StatusCode: 403, RequestID: 6R3VMHXYTZC07EBA, HostID: 9r+/MohqO8NSCh3pzqBDCHDTpoy9o8Q8iDpmfD6eJIewrtNKC805TphVsUXWiuaQV0iRBI2ptJM=, api error AccessDenied: User: arn:aws:sts::211203495394:assumed-role/TerraformRole/GitHubActions is not authorized to perform: s3:PutObject on resource: \"arn:aws:s3:::s3-bucket-flowing-porpoise/readable-protected-object.txt\" with an explicit deny in a resource-based policy\n⊘ I call \"{iamService}\" with \"ProvisionUserWithAccess\" using arguments \"test-user-read\", \"{UID}\", and \"read\" (skipped)\n⊘ I refer to \"{result}\" as \"testUserRead\" (skipped)\n⊘ I attach \"{result}\" to the test output as \"read-user-identity.json\" (skipped)\n⊘ I call \"{api}\" with \"GetServiceAPIWithIdentity\" using arguments \"object-storage\", \"{testUserRead}\", and \"{true}\" (skipped)\n⊘ \"{result}\" is not an error (skipped)\n⊘ I refer to \"{result}\" as \"userStorage\" (skipped)\n⊘ I call \"{userStorage}\" with \"ReadObject\" using arguments \"{ResourceName}\" and \"readable-protected-object.txt\" (skipped)\n⊘ \"{result}\" is not an error (skipped)\n⊘ I refer to \"{result}\" as \"readResult\" (skipped)\n⊘ I attach \"{result}\" to the test output as \"read-protected-object.json\" (skipped)\n⊘ \"{readResult.Name}\" is \"readable-protected-object.txt\" (skipped)\n⊘ I call \"{storage}\" with \"DeleteObject\" using arguments \"{ResourceName}\" and \"readable-protected-object.txt\" (skipped)", + "status_id": 1, + "time": 1772108789, + "time_dt": "2026-02-26T12:26:29Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.ObjStor.CN04.AR02" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772108789, + "created_time_dt": "2026-02-26T12:26:29Z", + "desc": "Compliance test scenario: Objects are stored with unique version identifiers", + "title": "Objects are stored with unique version identifiers", + "types": [], + "uid": "ccc-test-1790-1772108789" + }, + "message": "Objects are stored with unique version identifiers", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@object-storage", + "@CCC.ObjStor", + "@CCC.ObjStor.CN05", + "@tlp-clear", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@Policy" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "s3-bucket-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "s3-bucket-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "s3-bucket-flowing-porpoise" + } + ], + "severity": "Medium", + "severity_id": 3, + "status": "New", + "status_code": "FAIL", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ— I attempt policy check \"object-storage-versioning\" for control \"CCC.ObjStor.CN05\" assessment requirement \"AR01\" for service \"{ServiceType}\" on resource \"{ResourceName}\" and provider \"{Provider}\" - Error: policy check failed: S3 Bucket Versioning Configuration: \n⊘ \"{result}\" is true (skipped)", + "status_id": 1, + "time": 1772108789, + "time_dt": "2026-02-26T12:26:29Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.ObjStor.CN05.AR01 - Versioning with Unique Identifiers" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772108790, + "created_time_dt": "2026-02-26T12:26:30Z", + "desc": "Compliance test scenario: Modified objects receive new version identifiers", + "title": "Modified objects receive new version identifiers", + "types": [], + "uid": "ccc-test-1806-1772108790" + }, + "message": "Modified objects receive new version identifiers", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@object-storage", + "@CCC.ObjStor", + "@CCC.ObjStor.CN05", + "@tlp-clear", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@Policy" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "s3-bucket-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "s3-bucket-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "s3-bucket-flowing-porpoise" + } + ], + "severity": "Informational", + "severity_id": 1, + "status": "New", + "status_code": "PASS", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ no-op required", + "status_id": 1, + "time": 1772108790, + "time_dt": "2026-02-26T12:26:30Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.ObjStor.CN05.AR02 - New Version ID on Modification" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772108790, + "created_time_dt": "2026-02-26T12:26:30Z", + "desc": "Compliance test scenario: Previous object versions can be recovered", + "title": "Previous object versions can be recovered", + "types": [], + "uid": "ccc-test-1822-1772108790" + }, + "message": "Previous object versions can be recovered", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@object-storage", + "@CCC.ObjStor", + "@CCC.ObjStor.CN05", + "@tlp-clear", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@Policy" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "s3-bucket-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "s3-bucket-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "s3-bucket-flowing-porpoise" + } + ], + "severity": "Informational", + "severity_id": 1, + "status": "New", + "status_code": "PASS", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ no-op required", + "status_id": 1, + "time": 1772108790, + "time_dt": "2026-02-26T12:26:30Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.ObjStor.CN05.AR03 - Recovery of Previous Versions" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772108790, + "created_time_dt": "2026-02-26T12:26:30Z", + "desc": "Compliance test scenario: Object versions are retained after deletion", + "title": "Object versions are retained after deletion", + "types": [], + "uid": "ccc-test-1838-1772108790" + }, + "message": "Object versions are retained after deletion", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@object-storage", + "@CCC.ObjStor", + "@CCC.ObjStor.CN05", + "@tlp-clear", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@Policy" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "s3-bucket-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "s3-bucket-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "s3-bucket-flowing-porpoise" + } + ], + "severity": "Informational", + "severity_id": 1, + "status": "New", + "status_code": "PASS", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ no-op required", + "status_id": 1, + "time": 1772108790, + "time_dt": "2026-02-26T12:26:30Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.ObjStor.CN05.AR04 - Retain Versions on Delete" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772108790, + "created_time_dt": "2026-02-26T12:26:30Z", + "desc": "Compliance test scenario: Access logs are stored in a separate data store", + "title": "Access logs are stored in a separate data store", + "types": [], + "uid": "ccc-test-1854-1772108790" + }, + "message": "Access logs are stored in a separate data store", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@object-storage", + "@CCC.ObjStor", + "@CCC.ObjStor.CN06", + "@tlp-amber", + "@tlp-red", + "@Policy" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "s3-bucket-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "s3-bucket-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "s3-bucket-flowing-porpoise" + } + ], + "severity": "Medium", + "severity_id": 3, + "status": "New", + "status_code": "FAIL", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ— I attempt policy check \"object-storage-access-logging\" for control \"CCC.ObjStor.CN06\" assessment requirement \"AR01\" for service \"{ServiceType}\" on resource \"{ResourceName}\" and provider \"{Provider}\" - Error: policy check file not found: /home/runner/work/ccc-cfi-compliance/ccc-cfi-compliance/testing/policy/CCC.ObjStor/CCC.ObjStor.CN06/AR01/object-storage-access-logging/aws.yaml\n⊘ \"{result}\" is true (skipped)", + "status_id": 1, + "time": 1772108790, + "time_dt": "2026-02-26T12:26:30Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.ObjStor.CN06.AR01 - Access Logs in Separate Data Store" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772109554, + "created_time_dt": "2026-02-26T12:39:14Z", + "desc": "Compliance test scenario: Service accepts TLS 1.3 encrypted traffic", + "title": "Service accepts TLS 1.3 encrypted traffic", + "types": [], + "uid": "ccc-test-92-1772109554" + }, + "message": "Service accepts TLS 1.3 encrypted traffic", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@CCC.Core", + "@object-storage", + "@vpc", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@CCC.Core.CN01", + "@tls", + "@Behavioural", + "@PerPort" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": "https service on simple-flowing-porpoise.s3.us-east-1.amazonaws.com:443", + "metadata": { + "findings": [], + "name": "simple-flowing-porpoise.s3.us-east-1.amazonaws.com", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "simple-flowing-porpoise.s3.us-east-1.amazonaws.com", + "region": "us-east-1", + "type": "object-storage", + "uid": "simple-flowing-porpoise" + } + ], + "severity": "Informational", + "severity_id": 1, + "status": "New", + "status_code": "PASS", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ an openssl s_client request using \"tls1_3\" to \"{portNumber}\" on \"{hostName}\" protocol \"{protocol}\"\nβœ“ I refer to \"{result}\" as \"connection\"\nβœ“ \"{connection}\" state is open\nβœ“ \"{connection.State}\" is \"open\"\nβœ“ I close connection \"{connection}\"\nβœ“ \"{connection}\" state is closed", + "status_id": 1, + "time": 1772109554, + "time_dt": "2026-02-26T12:39:14Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN01.AR01" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772109554, + "created_time_dt": "2026-02-26T12:39:14Z", + "desc": "Compliance test scenario: Service rejects TLS 1.2 traffic", + "title": "Service rejects TLS 1.2 traffic", + "types": [], + "uid": "ccc-test-98-1772109554" + }, + "message": "Service rejects TLS 1.2 traffic", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@CCC.Core", + "@object-storage", + "@vpc", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@CCC.Core.CN01", + "@tls", + "@Behavioural", + "@PerPort" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": "https service on simple-flowing-porpoise.s3.us-east-1.amazonaws.com:443", + "metadata": { + "findings": [], + "name": "simple-flowing-porpoise.s3.us-east-1.amazonaws.com", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "simple-flowing-porpoise.s3.us-east-1.amazonaws.com", + "region": "us-east-1", + "type": "object-storage", + "uid": "simple-flowing-porpoise" + } + ], + "severity": "Informational", + "severity_id": 1, + "status": "New", + "status_code": "PASS", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ an openssl s_client request using \"tls1_2\" to \"{portNumber}\" on \"{hostName}\" protocol \"{protocol}\"\nβœ“ I refer to \"{result}\" as \"connection\"\nβœ“ we wait for a period of \"40\" ms\nβœ“ \"{connection.State}\" is \"closed\"", + "status_id": 1, + "time": 1772109554, + "time_dt": "2026-02-26T12:39:14Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN01.AR01" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772109554, + "created_time_dt": "2026-02-26T12:39:14Z", + "desc": "Compliance test scenario: Service rejects TLS 1.1 traffic", + "title": "Service rejects TLS 1.1 traffic", + "types": [], + "uid": "ccc-test-104-1772109554" + }, + "message": "Service rejects TLS 1.1 traffic", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@CCC.Core", + "@object-storage", + "@vpc", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@CCC.Core.CN01", + "@tls", + "@Behavioural", + "@PerPort" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": "https service on simple-flowing-porpoise.s3.us-east-1.amazonaws.com:443", + "metadata": { + "findings": [], + "name": "simple-flowing-porpoise.s3.us-east-1.amazonaws.com", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "simple-flowing-porpoise.s3.us-east-1.amazonaws.com", + "region": "us-east-1", + "type": "object-storage", + "uid": "simple-flowing-porpoise" + } + ], + "severity": "Informational", + "severity_id": 1, + "status": "New", + "status_code": "PASS", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ an openssl s_client request using \"tls1_1\" to \"{portNumber}\" on \"{hostName}\" protocol \"{protocol}\"\nβœ“ I refer to \"{result}\" as \"connection\"\nβœ“ we wait for a period of \"40\" ms\nβœ“ \"{connection.State}\" is \"closed\"", + "status_id": 1, + "time": 1772109554, + "time_dt": "2026-02-26T12:39:14Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN01.AR01" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772109554, + "created_time_dt": "2026-02-26T12:39:14Z", + "desc": "Compliance test scenario: Service rejects TLS 1.0 traffic", + "title": "Service rejects TLS 1.0 traffic", + "types": [], + "uid": "ccc-test-110-1772109554" + }, + "message": "Service rejects TLS 1.0 traffic", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@CCC.Core", + "@object-storage", + "@vpc", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@CCC.Core.CN01", + "@tls", + "@Behavioural", + "@PerPort" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": "https service on simple-flowing-porpoise.s3.us-east-1.amazonaws.com:443", + "metadata": { + "findings": [], + "name": "simple-flowing-porpoise.s3.us-east-1.amazonaws.com", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "simple-flowing-porpoise.s3.us-east-1.amazonaws.com", + "region": "us-east-1", + "type": "object-storage", + "uid": "simple-flowing-porpoise" + } + ], + "severity": "Informational", + "severity_id": 1, + "status": "New", + "status_code": "PASS", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ an openssl s_client request using \"tls1\" to \"{portNumber}\" on \"{hostName}\" protocol \"{protocol}\"\nβœ“ I refer to \"{result}\" as \"connection\"\nβœ“ we wait for a period of \"40\" ms\nβœ“ \"{connection.State}\" is \"closed\"", + "status_id": 1, + "time": 1772109554, + "time_dt": "2026-02-26T12:39:14Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN01.AR01" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772109554, + "created_time_dt": "2026-02-26T12:39:14Z", + "desc": "Compliance test scenario: Verify SSL/TLS protocol support", + "title": "Verify SSL/TLS protocol support", + "types": [], + "uid": "ccc-test-115-1772109554" + }, + "message": "Verify SSL/TLS protocol support", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@CCC.Core", + "@object-storage", + "@vpc", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@CCC.Core.CN01", + "@tls", + "@Behavioural", + "@PerPort" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": "https service on simple-flowing-porpoise.s3.us-east-1.amazonaws.com:443", + "metadata": { + "findings": [], + "name": "simple-flowing-porpoise.s3.us-east-1.amazonaws.com", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "simple-flowing-porpoise.s3.us-east-1.amazonaws.com", + "region": "us-east-1", + "type": "object-storage", + "uid": "simple-flowing-porpoise" + } + ], + "severity": "Medium", + "severity_id": 3, + "status": "New", + "status_code": "FAIL", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ \"report\" contains details of SSL Support type \"protocols\" for \"{hostName}\" on port \"{portNumber}\"\nβœ— \"{report}\" is an array of objects which doesn't contain any of - Error: unwanted row found in array: map[finding:offered id:TLS1_2]\n⊘ \"{report}\" is an array of objects with at least the following contents (skipped)", + "status_id": 1, + "time": 1772109554, + "time_dt": "2026-02-26T12:39:14Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN01.AR01" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772109560, + "created_time_dt": "2026-02-26T12:39:20Z", + "desc": "Compliance test scenario: Verify no known SSL/TLS vulnerabilities", + "title": "Verify no known SSL/TLS vulnerabilities", + "types": [], + "uid": "ccc-test-119-1772109560" + }, + "message": "Verify no known SSL/TLS vulnerabilities", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@CCC.Core", + "@object-storage", + "@vpc", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@CCC.Core.CN01", + "@tls", + "@Behavioural", + "@PerPort" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": "https service on simple-flowing-porpoise.s3.us-east-1.amazonaws.com:443", + "metadata": { + "findings": [], + "name": "simple-flowing-porpoise.s3.us-east-1.amazonaws.com", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "simple-flowing-porpoise.s3.us-east-1.amazonaws.com", + "region": "us-east-1", + "type": "object-storage", + "uid": "simple-flowing-porpoise" + } + ], + "severity": "Informational", + "severity_id": 1, + "status": "New", + "status_code": "PASS", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ \"report\" contains details of SSL Support type \"vulnerable\" for \"{hostName}\" on port \"{portNumber}\"\nβœ“ \"{report}\" is an array of objects with at least the following contents", + "status_id": 1, + "time": 1772109560, + "time_dt": "2026-02-26T12:39:20Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN01.AR01" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772109587, + "created_time_dt": "2026-02-26T12:39:47Z", + "desc": "Compliance test scenario: Verify TLS 1.3 only certificate validity", + "title": "Verify TLS 1.3 only certificate validity", + "types": [], + "uid": "ccc-test-123-1772109587" + }, + "message": "Verify TLS 1.3 only certificate validity", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@CCC.Core", + "@object-storage", + "@vpc", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@CCC.Core.CN01", + "@tls", + "@Behavioural", + "@PerPort" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": "https service on simple-flowing-porpoise.s3.us-east-1.amazonaws.com:443", + "metadata": { + "findings": [], + "name": "simple-flowing-porpoise.s3.us-east-1.amazonaws.com", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "simple-flowing-porpoise.s3.us-east-1.amazonaws.com", + "region": "us-east-1", + "type": "object-storage", + "uid": "simple-flowing-porpoise" + } + ], + "severity": "Informational", + "severity_id": 1, + "status": "New", + "status_code": "PASS", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ \"report\" contains details of SSL Support type \"server-defaults\" for \"{hostName}\" on port \"{portNumber}\"\nβœ“ \"{report}\" is an array of objects with at least the following contents", + "status_id": 1, + "time": 1772109587, + "time_dt": "2026-02-26T12:39:47Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN01.AR01" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772108840, + "created_time_dt": "2026-02-26T12:27:20Z", + "desc": "Compliance test scenario: Storage account enforces minimum TLS version", + "title": "Storage account enforces minimum TLS version", + "types": [], + "uid": "ccc-test-127-1772108840" + }, + "message": "Storage account enforces minimum TLS version", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@CCC.Core", + "@object-storage", + "@vpc", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@CCC.Core.CN01", + "@tls", + "@Policy", + "@PerService", + "@object-storage" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "simple-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "simple-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "simple-flowing-porpoise" + } + ], + "severity": "Informational", + "severity_id": 1, + "status": "New", + "status_code": "PASS", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I attempt policy check \"object-storage-tls-policy\" for control \"CCC.Core.CN01\" assessment requirement \"AR01\" for service \"{ServiceType}\" on resource \"{ResourceName}\" and provider \"{Provider}\"\nβœ“ \"{result}\" is true", + "status_id": 1, + "time": 1772108840, + "time_dt": "2026-02-26T12:27:20Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN01.AR01" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772108840, + "created_time_dt": "2026-02-26T12:27:20Z", + "desc": "Compliance test scenario: Load balancer enforces minimum TLS version", + "title": "Load balancer enforces minimum TLS version", + "types": [], + "uid": "ccc-test-131-1772108840" + }, + "message": "Load balancer enforces minimum TLS version", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@CCC.Core", + "@object-storage", + "@vpc", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@CCC.Core.CN01", + "@tls", + "@Policy", + "@PerService", + "@CCC.LoadBalancer" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "simple-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "simple-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "simple-flowing-porpoise" + } + ], + "severity": "Medium", + "severity_id": 3, + "status": "New", + "status_code": "FAIL", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ— I attempt policy check \"load-balancer-tls-policy\" for control \"CCC.Core.CN01\" assessment requirement \"AR01\" for service \"{ServiceType}\" on resource \"{ResourceName}\" and provider \"{Provider}\" - Error: policy check failed: ALB TLS 1.3 Security Policy Check: query execution failed: exit status 254\nOutput: \nAn error occurred (ValidationError) when calling the DescribeListeners operation: 'simple-flowing-porpoise' is not a valid load balancer ARN\n\n⊘ \"{result}\" is true (skipped)", + "status_id": 1, + "time": 1772108840, + "time_dt": "2026-02-26T12:27:20Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN01.AR01" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772108841, + "created_time_dt": "2026-02-26T12:27:21Z", + "desc": "Compliance test scenario: Object storage encryption compliance", + "title": "Object storage encryption compliance", + "types": [], + "uid": "ccc-test-386-1772108841" + }, + "message": "Object storage encryption compliance", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@CCC.Core", + "@CCC.Core.CN02", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@Policy", + "@object-storage" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "simple-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "simple-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "simple-flowing-porpoise" + } + ], + "severity": "Medium", + "severity_id": 3, + "status": "New", + "status_code": "FAIL", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ— I attempt policy check \"object-storage-encryption\" for control \"CCC.Core.CN02\" assessment requirement \"AR01\" for service \"{ServiceType}\" on resource \"{ResourceName}\" and provider \"{Provider}\" - Error: policy check failed: S3 Bucket Server-Side Encryption Check: \n⊘ \"{result}\" is true (skipped)", + "status_id": 1, + "time": 1772108841, + "time_dt": "2026-02-26T12:27:21Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN02.AR01 - Data Encryption at Rest" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772108842, + "created_time_dt": "2026-02-26T12:27:22Z", + "desc": "Compliance test scenario: Verify objects are encrypted at rest", + "title": "Verify objects are encrypted at rest", + "types": [], + "uid": "ccc-test-397-1772108842" + }, + "message": "Verify objects are encrypted at rest", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@CCC.Core", + "@CCC.Core.CN02", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@Behavioural", + "@object-storage" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "simple-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "simple-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "simple-flowing-porpoise" + } + ], + "severity": "Informational", + "severity_id": 1, + "status": "New", + "status_code": "PASS", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{storage}\" with \"CreateObject\" using arguments \"{ResourceName}\", \"test-encryption-check.txt\", and \"encryption test data\"\nβœ“ \"{result}\" is not an error\nβœ“ I refer to \"{result}\" as \"uploadResult\"\nβœ“ \"{uploadResult.Encryption}\" is not null\nβœ“ \"{uploadResult.EncryptionAlgorithm}\" is \"AES256\"\nβœ“ I attach \"{uploadResult}\" to the test output as \"Upload Result with Encryption Details\"\nβœ“ I call \"{storage}\" with \"DeleteObject\" using arguments \"{ResourceName}\" and \"test-encryption-check.txt\"", + "status_id": 1, + "time": 1772108842, + "time_dt": "2026-02-26T12:27:22Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN02.AR01 - Data Encryption at Rest" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772108843, + "created_time_dt": "2026-02-26T12:27:23Z", + "desc": "Compliance test scenario: Object storage delete protection compliance", + "title": "Object storage delete protection compliance", + "types": [], + "uid": "ccc-test-418-1772108843" + }, + "message": "Object storage delete protection compliance", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@CCC.Core", + "@CCC.Core.CN03", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@Policy", + "@object-storage" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "simple-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "simple-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "simple-flowing-porpoise" + } + ], + "severity": "Medium", + "severity_id": 3, + "status": "New", + "status_code": "FAIL", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ— I attempt policy check \"object-storage-delete-protection\" for control \"CCC.Core.CN03\" assessment requirement \"AR01\" for service \"{ServiceType}\" on resource \"{ResourceName}\" and provider \"{Provider}\" - Error: policy check failed: S3 Bucket MFA Delete Configuration: \n⊘ \"{result}\" is true (skipped)", + "status_id": 1, + "time": 1772108843, + "time_dt": "2026-02-26T12:27:23Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN03.AR01 - Multi-Factor Authentication for Destructive Operations" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772108844, + "created_time_dt": "2026-02-26T12:27:24Z", + "desc": "Compliance test scenario: MFA requirement for destructive operations cannot be tested automatically", + "title": "MFA requirement for destructive operations cannot be tested automatically", + "types": [], + "uid": "ccc-test-421-1772108844" + }, + "message": "MFA requirement for destructive operations cannot be tested automatically", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@CCC.Core", + "@CCC.Core.CN03", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@Behavioural", + "@object-storage" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "simple-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "simple-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "simple-flowing-porpoise" + } + ], + "severity": "Informational", + "severity_id": 1, + "status": "New", + "status_code": "PASS", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ no-op required", + "status_id": 1, + "time": 1772108844, + "time_dt": "2026-02-26T12:27:24Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN03.AR01 - Multi-Factor Authentication for Destructive Operations" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772108844, + "created_time_dt": "2026-02-26T12:27:24Z", + "desc": "Compliance test scenario: API modification requires credential and trust perimeter origin", + "title": "API modification requires credential and trust perimeter origin", + "types": [], + "uid": "ccc-test-437-1772108844" + }, + "message": "API modification requires credential and trust perimeter origin", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@CCC.Core", + "@CCC.Core.CN03", + "@tlp-clear", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@Policy", + "@object-storage" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "simple-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "simple-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "simple-flowing-porpoise" + } + ], + "severity": "Informational", + "severity_id": 1, + "status": "New", + "status_code": "PASS", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ no-op required", + "status_id": 1, + "time": 1772108844, + "time_dt": "2026-02-26T12:27:24Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN03.AR02 - API Authentication with Credentials" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772108844, + "created_time_dt": "2026-02-26T12:27:24Z", + "desc": "Compliance test scenario: UI viewing requires multi-factor authentication", + "title": "UI viewing requires multi-factor authentication", + "types": [], + "uid": "ccc-test-451-1772108844" + }, + "message": "UI viewing requires multi-factor authentication", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@CCC.Core", + "@CCC.Core.CN03", + "@tlp-amber", + "@tlp-red", + "@Policy", + "@object-storage" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "simple-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "simple-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "simple-flowing-porpoise" + } + ], + "severity": "Informational", + "severity_id": 1, + "status": "New", + "status_code": "PASS", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ no-op required", + "status_id": 1, + "time": 1772108844, + "time_dt": "2026-02-26T12:27:24Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN03.AR03 - MFA for UI Viewing" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772108844, + "created_time_dt": "2026-02-26T12:27:24Z", + "desc": "Compliance test scenario: API viewing requires credential and trust perimeter origin", + "title": "API viewing requires credential and trust perimeter origin", + "types": [], + "uid": "ccc-test-465-1772108844" + }, + "message": "API viewing requires credential and trust perimeter origin", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@CCC.Core", + "@CCC.Core.CN03", + "@tlp-amber", + "@tlp-red", + "@Policy", + "@object-storage" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "simple-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "simple-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "simple-flowing-porpoise" + } + ], + "severity": "Informational", + "severity_id": 1, + "status": "New", + "status_code": "PASS", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ no-op required", + "status_id": 1, + "time": 1772108844, + "time_dt": "2026-02-26T12:27:24Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN03.AR04 - API Authentication for Viewing" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772108844, + "created_time_dt": "2026-02-26T12:27:24Z", + "desc": "Compliance test scenario: Admin logging compliance", + "title": "Admin logging compliance", + "types": [], + "uid": "ccc-test-500-1772108844" + }, + "message": "Admin logging compliance", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@CCC.Core", + "@CCC.Core.CN04", + "@tlp-clear", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@Policy", + "@object-storage", + "@vpc" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "simple-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "simple-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "simple-flowing-porpoise" + } + ], + "severity": "Medium", + "severity_id": 3, + "status": "New", + "status_code": "FAIL", + "status_detail": "βœ— I attempt policy check \"admin-logging\" for control \"CCC.Core.CN04\" assessment requirement \"AR01\" for service \"{ServiceType}\" on resource \"{ResourceName}\" and provider \"{Provider}\" - Error: policy check failed: CloudTrail Management Events Configuration: unknown parameter(s) in policy query: [AWSCloudTrailName] (available: [ServiceType Instance Region AwsCloudTrailLogGroupName HostName ProviderServiceType CatalogTypes Labels ResourceName PermittedAccountIds PermittedRegions TagFilter ReportTitle ReportFile Props PortNumber Protocol UID Provider])\n⊘ \"{result}\" is true (skipped)", + "status_id": 1, + "time": 1772108844, + "time_dt": "2026-02-26T12:27:24Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN04.AR01 - Log Administrative Access Attempts" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772108844, + "created_time_dt": "2026-02-26T12:27:24Z", + "desc": "Compliance test scenario: Verify admin actions are logged with identity and timestamp", + "title": "Verify admin actions are logged with identity and timestamp", + "types": [], + "uid": "ccc-test-515-1772108844" + }, + "message": "Verify admin actions are logged with identity and timestamp", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@CCC.Core", + "@CCC.Core.CN04", + "@tlp-clear", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@Behavioural", + "@object-storage" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "simple-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "simple-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "simple-flowing-porpoise" + } + ], + "severity": "Medium", + "severity_id": 3, + "status": "New", + "status_code": "FAIL", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"{ServiceType}\"\nβœ“ I refer to \"{result}\" as \"theService\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"logging\"\nβœ“ I refer to \"{result}\" as \"loggingService\"\nβœ“ I call \"{theService}\" with \"UpdateResourcePolicy\"\nβœ— \"{result}\" is not an error - Error: expected {result} to not be an error, but got: failed to get bucket policy (bucket may not have a policy): operation error S3: GetBucketPolicy, https response error StatusCode: 301, RequestID: E4ZDR6GSNH77MKV8, HostID: gU3oWaD1WxbNp5+F5S8HDIT+Em+EZD5E78WY4P2eby4o3BzOOa0i+LxxUjND6+7KBYF4T020Nto=, api error PermanentRedirect: The bucket you are attempting to access must be addressed using the specified endpoint. Please send all future requests to this endpoint.\n⊘ I attach \"{result}\" to the test output as \"Policy Update Result\" (skipped)\n⊘ we wait for a period of \"10000\" ms (skipped)\n⊘ I call \"{loggingService}\" with \"QueryAdminLogs\" using arguments \"{ResourceName}\" and \"{20}\" (skipped)\n⊘ \"{result}\" is not an error (skipped)\n⊘ I refer to \"{result}\" as \"adminLogs\" (skipped)\n⊘ I attach \"{adminLogs}\" to the test output as \"Admin Activity Logs\" (skipped)\n⊘ \"{adminLogs}\" is an array of objects with at least the following contents (skipped)", + "status_id": 1, + "time": 1772108844, + "time_dt": "2026-02-26T12:27:24Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN04.AR01 - Log Administrative Access Attempts" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772108844, + "created_time_dt": "2026-02-26T12:27:24Z", + "desc": "Compliance test scenario: Object storage data modification logging compliance", + "title": "Object storage data modification logging compliance", + "types": [], + "uid": "ccc-test-554-1772108844" + }, + "message": "Object storage data modification logging compliance", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@CCC.Core", + "@CCC.Core.CN04", + "@tlp-amber", + "@tlp-red", + "@Policy", + "@object-storage" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "simple-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "simple-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "simple-flowing-porpoise" + } + ], + "severity": "Medium", + "severity_id": 3, + "status": "New", + "status_code": "FAIL", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ— I attempt policy check \"data-write-logging\" for control \"CCC.Core.CN04\" assessment requirement \"AR02\" for service \"{ServiceType}\" on resource \"{ResourceName}\" and provider \"{Provider}\" - Error: policy check failed: CloudTrail Data Events Write Configuration: unknown parameter(s) in policy query: [AWSCloudTrailName] (available: [ProviderServiceType ReportTitle Region AwsCloudTrailLogGroupName HostName CatalogTypes UID PermittedRegions PortNumber Protocol TagFilter Labels ResourceName Provider api ServiceType ReportFile Instance Props PermittedAccountIds])\n⊘ \"{result}\" is true (skipped)", + "status_id": 1, + "time": 1772108844, + "time_dt": "2026-02-26T12:27:24Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN04.AR02 - Log Data Modification Attempts" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772108844, + "created_time_dt": "2026-02-26T12:27:24Z", + "desc": "Compliance test scenario: Verify data modifications are logged with identity and timestamp", + "title": "Verify data modifications are logged with identity and timestamp", + "types": [], + "uid": "ccc-test-574-1772108844" + }, + "message": "Verify data modifications are logged with identity and timestamp", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@CCC.Core", + "@CCC.Core.CN04", + "@tlp-amber", + "@tlp-red", + "@Behavioural", + "@object-storage" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "simple-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "simple-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "simple-flowing-porpoise" + } + ], + "severity": "Medium", + "severity_id": 3, + "status": "New", + "status_code": "FAIL", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"logging\"\nβœ“ I refer to \"{result}\" as \"loggingService\"\nβœ“ I call \"{storage}\" with \"CreateObject\" using arguments \"{ResourceName}\", \"test-logging-object.txt\", and \"test data for logging verification\"\nβœ“ \"{result}\" is not an error\nβœ“ I refer to \"{result}\" as \"createResult\"\nβœ“ I attach \"{createResult}\" to the test output as \"Object Create Result\"\nβœ“ I call \"{storage}\" with \"DeleteObject\" using arguments \"{ResourceName}\" and \"test-logging-object.txt\"\nβœ“ \"{result}\" is not an error\nβœ“ I refer to \"{result}\" as \"deleteResult\"\nβœ“ I attach \"{deleteResult}\" to the test output as \"Object Delete Result\"\nβœ“ we wait for a period of \"10000\" ms\nβœ“ I call \"{loggingService}\" with \"QueryDataWriteLogs\" using arguments \"{ResourceName}\" and \"{20}\"\nβœ“ \"{result}\" is not an error\nβœ“ I refer to \"{result}\" as \"dataLogs\"\nβœ“ I attach \"{dataLogs}\" to the test output as \"Data Write Logs\"\nβœ— \"{dataLogs}\" is an array of objects with at least the following contents - Error: expected row not found: map[result:Succeeded]", + "status_id": 1, + "time": 1772108844, + "time_dt": "2026-02-26T12:27:24Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN04.AR02 - Log Data Modification Attempts" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772108855, + "created_time_dt": "2026-02-26T12:27:35Z", + "desc": "Compliance test scenario: Data read logging compliance", + "title": "Data read logging compliance", + "types": [], + "uid": "ccc-test-614-1772108855" + }, + "message": "Data read logging compliance", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@CCC.Core", + "@CCC.Core.CN04", + "@tlp-red", + "@Policy", + "@object-storage", + "@vpc" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "simple-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "simple-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "simple-flowing-porpoise" + } + ], + "severity": "Medium", + "severity_id": 3, + "status": "New", + "status_code": "FAIL", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ— I attempt policy check \"data-read-logging\" for control \"CCC.Core.CN04\" assessment requirement \"AR03\" for service \"{ServiceType}\" on resource \"{ResourceName}\" and provider \"{Provider}\" - Error: policy check failed: CloudTrail Data Events Read Configuration: unknown parameter(s) in policy query: [AWSCloudTrailName] (available: [ProviderServiceType Props AwsCloudTrailLogGroupName PermittedAccountIds TagFilter ReportTitle Region HostName CatalogTypes Labels UID Instance PermittedRegions Protocol ServiceType ResourceName ReportFile Provider api PortNumber])\n⊘ \"{result}\" is true (skipped)", + "status_id": 1, + "time": 1772108855, + "time_dt": "2026-02-26T12:27:35Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN04.AR03 - Log Data Read Attempts" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772108855, + "created_time_dt": "2026-02-26T12:27:35Z", + "desc": "Compliance test scenario: Verify data read operations are logged with identity and timestamp", + "title": "Verify data read operations are logged with identity and timestamp", + "types": [], + "uid": "ccc-test-635-1772108855" + }, + "message": "Verify data read operations are logged with identity and timestamp", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@CCC.Core", + "@CCC.Core.CN04", + "@tlp-red", + "@Behavioural", + "@object-storage" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "simple-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "simple-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "simple-flowing-porpoise" + } + ], + "severity": "Medium", + "severity_id": 3, + "status": "New", + "status_code": "FAIL", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"logging\"\nβœ“ I refer to \"{result}\" as \"loggingService\"\nβœ“ I call \"{storage}\" with \"CreateObject\" using arguments \"{ResourceName}\", \"test-read-logging-object.txt\", and \"test data for read logging verification\"\nβœ“ \"{result}\" is not an error\nβœ“ I refer to \"{result}\" as \"createResult\"\nβœ“ I call \"{storage}\" with \"ReadObject\" using arguments \"{ResourceName}\" and \"test-read-logging-object.txt\"\nβœ— \"{result}\" is not an error - Error: expected {result} to not be an error, but got: failed to read object test-read-logging-object.txt from bucket simple-flowing-porpoise: operation error S3: GetObject, https response error StatusCode: 301, RequestID: EJZ2CY390BNVVQM5, HostID: OwmgMp9kyt0SW4HShdVPqj3g1vg2qmzdoUyVGgFkSUVIR5GKo5Lkrp/omlxbVKo7FF5ITRB11Fs=, api error PermanentRedirect: The bucket you are attempting to access must be addressed using the specified endpoint. Please send all future requests to this endpoint.\n⊘ I refer to \"{result}\" as \"readResult\" (skipped)\n⊘ I attach \"{readResult}\" to the test output as \"Object Read Result\" (skipped)\n⊘ I call \"{storage}\" with \"DeleteObject\" using arguments \"{ResourceName}\" and \"test-read-logging-object.txt\" (skipped)\n⊘ \"{result}\" is not an error (skipped)\n⊘ we wait for a period of \"10000\" ms (skipped)\n⊘ I call \"{loggingService}\" with \"QueryDataReadLogs\" using arguments \"{ResourceName}\" and \"{20}\" (skipped)\n⊘ \"{result}\" is not an error (skipped)\n⊘ I refer to \"{result}\" as \"readLogs\" (skipped)\n⊘ I attach \"{readLogs}\" to the test output as \"Data Read Logs\" (skipped)\n⊘ \"{readLogs}\" is an array of objects with at least the following contents (skipped)", + "status_id": 1, + "time": 1772108855, + "time_dt": "2026-02-26T12:27:35Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN04.AR03 - Log Data Read Attempts" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772108856, + "created_time_dt": "2026-02-26T12:27:36Z", + "desc": "Compliance test scenario: Service prevents data modification by user with no access", + "title": "Service prevents data modification by user with no access", + "types": [], + "uid": "ccc-test-700-1772108856" + }, + "message": "Service prevents data modification by user with no access", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@CCC.Core", + "@CCC.Core.CN05", + "@tlp-clear", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@Destructive", + "@Behavioural", + "@object-storage" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "simple-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "simple-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "simple-flowing-porpoise" + } + ], + "severity": "Informational", + "severity_id": 1, + "status": "New", + "status_code": "PASS", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ I call \"{iamService}\" with \"ProvisionUserWithAccess\" using arguments \"test-user-no-write-access\", \"{UID}\", and \"none\"\nβœ“ I refer to \"{result}\" as \"testUserNoAccess\"\nβœ“ I attach \"{result}\" to the test output as \"no-access-user-identity.json\"\nβœ“ I call \"{api}\" with \"GetServiceAPIWithIdentity\" using arguments \"object-storage\", \"{testUserNoAccess}\", and \"{false}\"\nβœ“ \"{result}\" is not an error\nβœ“ I refer to \"{result}\" as \"userStorage\"\nβœ“ I call \"{userStorage}\" with \"CreateObject\" using arguments \"{ResourceName}\", \"test-cn05-unauthorized-modify.txt\", and \"unauthorized data\"\nβœ“ \"{result}\" is an error\nβœ“ I attach \"{result}\" to the test output as \"no-access-create-error.txt\"", + "status_id": 1, + "time": 1772108856, + "time_dt": "2026-02-26T12:27:36Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN05.AR01 - Block Unauthorized Data Modification" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772108856, + "created_time_dt": "2026-02-26T12:27:36Z", + "desc": "Compliance test scenario: Service allows data modification by user with write access", + "title": "Service allows data modification by user with write access", + "types": [], + "uid": "ccc-test-716-1772108856" + }, + "message": "Service allows data modification by user with write access", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@CCC.Core", + "@CCC.Core.CN05", + "@tlp-clear", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@Destructive", + "@Behavioural", + "@object-storage" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "simple-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "simple-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "simple-flowing-porpoise" + } + ], + "severity": "Medium", + "severity_id": 3, + "status": "New", + "status_code": "FAIL", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ I call \"{iamService}\" with \"ProvisionUserWithAccess\" using arguments \"test-user-write-access\", \"{UID}\", and \"write\"\nβœ“ I refer to \"{result}\" as \"testUserWrite\"\nβœ“ I attach \"{result}\" to the test output as \"write-user-identity.json\"\nβœ“ I call \"{api}\" with \"GetServiceAPIWithIdentity\" using arguments \"object-storage\", \"{testUserWrite}\", and \"{true}\"\nβœ— \"{result}\" is not an error - Error: expected {result} to not be an error, but got: user provisioning validation failed: user permissions validation timed out after 12 attempts: credentials not ready for S3 access: operation error S3: ListBuckets, https response error StatusCode: 403, RequestID: H19CAV2TS9JWQKZX, HostID: G+Uhdb6H8qVBAUHztJuo49Y/f46un5iLpIEiFQmBNg0uoJtcv/sunUH/JjfpPMJn4GiMd1/Rdpc=, api error AccessDenied: User: arn:aws:iam::211203495394:user/test-user-write-access is not authorized to perform: s3:ListAllMyBuckets because no identity-based policy allows the s3:ListAllMyBuckets action\n⊘ I refer to \"{result}\" as \"userStorage\" (skipped)\n⊘ I call \"{userStorage}\" with \"CreateObject\" using arguments \"{ResourceName}\", \"test-cn05-authorized-modify.txt\", and \"authorized data\" (skipped)\n⊘ \"{result}\" is not an error (skipped)\n⊘ I attach \"{result}\" to the test output as \"write-create-object-result.json\" (skipped)\n⊘ I call \"{storage}\" with \"DeleteObject\" using arguments \"{ResourceName}\" and \"test-cn05-authorized-modify.txt\" (skipped)", + "status_id": 1, + "time": 1772108856, + "time_dt": "2026-02-26T12:27:36Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN05.AR01 - Block Unauthorized Data Modification" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772108926, + "created_time_dt": "2026-02-26T12:28:46Z", + "desc": "Compliance test scenario: Storage is not configured for public write access", + "title": "Storage is not configured for public write access", + "types": [], + "uid": "ccc-test-724-1772108926" + }, + "message": "Storage is not configured for public write access", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@CCC.Core", + "@CCC.Core.CN05", + "@tlp-clear", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@Policy", + "@object-storage" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "simple-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "simple-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "simple-flowing-porpoise" + } + ], + "severity": "Medium", + "severity_id": 3, + "status": "New", + "status_code": "FAIL", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ— I attempt policy check \"object-storage-block-public-write-access\" for control \"CCC.Core.CN05\" assessment requirement \"AR01\" for service \"{ServiceType}\" on resource \"{ResourceName}\" and provider \"{Provider}\" - Error: policy check failed: S3 Block Public Access Configuration: \n⊘ \"{result}\" is true (skipped)", + "status_id": 1, + "time": 1772108926, + "time_dt": "2026-02-26T12:28:46Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN05.AR01 - Block Unauthorized Data Modification" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772108927, + "created_time_dt": "2026-02-26T12:28:47Z", + "desc": "Compliance test scenario: Service prevents administrative action (creating a new bucket) by user with no access", + "title": "Service prevents administrative action (creating a new bucket) by user with no access", + "types": [], + "uid": "ccc-test-803-1772108927" + }, + "message": "Service prevents administrative action (creating a new bucket) by user with no access", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@CCC.Core", + "@CCC.Core.CN05", + "@tlp-clear", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@Destructive", + "@Behavioural", + "@object-storage" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "simple-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "simple-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "simple-flowing-porpoise" + } + ], + "severity": "Informational", + "severity_id": 1, + "status": "New", + "status_code": "PASS", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ I call \"{iamService}\" with \"ProvisionUserWithAccess\" using arguments \"test-user-no-admin-access\", \"{UID}\", and \"none\"\nβœ“ I refer to \"{result}\" as \"testUserNoAccess\"\nβœ“ I attach \"{result}\" to the test output as \"no-admin-user-identity.json\"\nβœ“ I call \"{api}\" with \"GetServiceAPIWithIdentity\" using arguments \"object-storage\", \"{testUserNoAccess}\", and \"{false}\"\nβœ“ \"{result}\" is not an error\nβœ“ I refer to \"{result}\" as \"userStorage\"\nβœ“ I call \"{userStorage}\" with \"CreateBucket\" using argument \"test-cn05-unauthorized-admin-container\"\nβœ“ \"{result}\" is an error\nβœ“ I attach \"{result}\" to the test output as \"no-admin-create-bucket-error.txt\"", + "status_id": 1, + "time": 1772108927, + "time_dt": "2026-02-26T12:28:47Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN05.AR02 - Block Unauthorized Administrative Access" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772108928, + "created_time_dt": "2026-02-26T12:28:48Z", + "desc": "Compliance test scenario: Service prevents administrative action (creating a new bucket) by user with read-only access", + "title": "Service prevents administrative action (creating a new bucket) by user with read-only access", + "types": [], + "uid": "ccc-test-818-1772108928" + }, + "message": "Service prevents administrative action (creating a new bucket) by user with read-only access", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@CCC.Core", + "@CCC.Core.CN05", + "@tlp-clear", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@Destructive", + "@Behavioural", + "@object-storage" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "simple-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "simple-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "simple-flowing-porpoise" + } + ], + "severity": "Informational", + "severity_id": 1, + "status": "New", + "status_code": "PASS", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ I call \"{iamService}\" with \"ProvisionUserWithAccess\" using arguments \"test-user-read-only-admin\", \"{UID}\", and \"read\"\nβœ“ I refer to \"{result}\" as \"testUserRead\"\nβœ“ I attach \"{result}\" to the test output as \"read-only-admin-user-identity.json\"\nβœ“ I call \"{api}\" with \"GetServiceAPIWithIdentity\" using arguments \"object-storage\", \"{testUserRead}\", and \"{false}\"\nβœ“ \"{result}\" is not an error\nβœ“ I refer to \"{result}\" as \"userStorage\"\nβœ“ I call \"{userStorage}\" with \"CreateBucket\" using argument \"test-cn05-read-only-create-container\"\nβœ“ \"{result}\" is an error\nβœ“ I attach \"{result}\" to the test output as \"read-only-create-bucket-error.txt\"", + "status_id": 1, + "time": 1772108928, + "time_dt": "2026-02-26T12:28:48Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN05.AR02 - Block Unauthorized Administrative Access" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772108943, + "created_time_dt": "2026-02-26T12:29:03Z", + "desc": "Compliance test scenario: Service allows administrative action (creating a new bucket) by user with admin access", + "title": "Service allows administrative action (creating a new bucket) by user with admin access", + "types": [], + "uid": "ccc-test-834-1772108943" + }, + "message": "Service allows administrative action (creating a new bucket) by user with admin access", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@CCC.Core", + "@CCC.Core.CN05", + "@tlp-clear", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@Behavioural", + "@object-storage" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "simple-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "simple-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "simple-flowing-porpoise" + } + ], + "severity": "Informational", + "severity_id": 1, + "status": "New", + "status_code": "PASS", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ I call \"{iamService}\" with \"ProvisionUserWithAccess\" using arguments \"test-user-admin-access\", \"{UID}\", and \"admin\"\nβœ“ I refer to \"{result}\" as \"testUserAdmin\"\nβœ“ I attach \"{result}\" to the test output as \"admin-user-identity.json\"\nβœ“ I call \"{api}\" with \"GetServiceAPIWithIdentity\" using arguments \"object-storage\", \"{testUserAdmin}\", and \"{true}\"\nβœ“ \"{result}\" is not an error\nβœ“ I refer to \"{result}\" as \"userStorage\"\nβœ“ I call \"{userStorage}\" with \"CreateBucket\" using argument \"test-cn05-authorized-admin-container\"\nβœ“ \"{result}\" is not an error\nβœ“ I attach \"{result}\" to the test output as \"admin-create-bucket-result.json\"\nβœ“ I call \"{storage}\" with \"DeleteBucket\" using argument \"test-cn05-authorized-admin-container\"", + "status_id": 1, + "time": 1772108943, + "time_dt": "2026-02-26T12:29:03Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN05.AR02 - Block Unauthorized Administrative Access" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772108959, + "created_time_dt": "2026-02-26T12:29:19Z", + "desc": "Compliance test scenario: Unauthorized administrative access is blocked", + "title": "Unauthorized administrative access is blocked", + "types": [], + "uid": "ccc-test-841-1772108959" + }, + "message": "Unauthorized administrative access is blocked", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@CCC.Core", + "@CCC.Core.CN05", + "@tlp-clear", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@Policy", + "@object-storage" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "simple-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "simple-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "simple-flowing-porpoise" + } + ], + "severity": "Informational", + "severity_id": 1, + "status": "New", + "status_code": "PASS", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ no-op required", + "status_id": 1, + "time": 1772108959, + "time_dt": "2026-02-26T12:29:19Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN05.AR02 - Block Unauthorized Administrative Access" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772108959, + "created_time_dt": "2026-02-26T12:29:19Z", + "desc": "Compliance test scenario: Cross-tenant access is blocked without explicit allowlist", + "title": "Cross-tenant access is blocked without explicit allowlist", + "types": [], + "uid": "ccc-test-859-1772108959" + }, + "message": "Cross-tenant access is blocked without explicit allowlist", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@CCC.Core", + "@CCC.Core.CN05", + "@tlp-clear", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@Policy", + "@object-storage" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "simple-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "simple-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "simple-flowing-porpoise" + } + ], + "severity": "Informational", + "severity_id": 1, + "status": "New", + "status_code": "PASS", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I attempt policy check \"object-storage-cross-tenant-block\" for control \"CCC.Core.CN05\" assessment requirement \"AR03\" for service \"{ServiceType}\" on resource \"{ResourceName}\" and provider \"{Provider}\"\nβœ“ \"{result}\" is true", + "status_id": 1, + "time": 1772108959, + "time_dt": "2026-02-26T12:29:19Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN05.AR03 - Block Cross-Tenant Access" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772108961, + "created_time_dt": "2026-02-26T12:29:21Z", + "desc": "Compliance test scenario: External unauthorized data requests are blocked", + "title": "External unauthorized data requests are blocked", + "types": [], + "uid": "ccc-test-873-1772108961" + }, + "message": "External unauthorized data requests are blocked", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@CCC.Core", + "@CCC.Core.CN05", + "@tlp-amber", + "@tlp-red", + "@Policy", + "@object-storage" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "simple-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "simple-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "simple-flowing-porpoise" + } + ], + "severity": "Informational", + "severity_id": 1, + "status": "New", + "status_code": "PASS", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ no-op required", + "status_id": 1, + "time": 1772108961, + "time_dt": "2026-02-26T12:29:21Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN05.AR04 - Block Unauthorized External Data Requests" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772108961, + "created_time_dt": "2026-02-26T12:29:21Z", + "desc": "Compliance test scenario: External requests do not reveal service existence", + "title": "External requests do not reveal service existence", + "types": [], + "uid": "ccc-test-886-1772108961" + }, + "message": "External requests do not reveal service existence", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@CCC.Core", + "@CCC.Core.CN05", + "@tlp-red", + "@Policy", + "@object-storage" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "simple-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "simple-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "simple-flowing-porpoise" + } + ], + "severity": "Informational", + "severity_id": 1, + "status": "New", + "status_code": "PASS", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ no-op required", + "status_id": 1, + "time": 1772108961, + "time_dt": "2026-02-26T12:29:21Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN05.AR05 - Hide Service Existence from External Requests" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772108961, + "created_time_dt": "2026-02-26T12:29:21Z", + "desc": "Compliance test scenario: Service prevents data read by user with no access", + "title": "Service prevents data read by user with no access", + "types": [], + "uid": "ccc-test-914-1772108961" + }, + "message": "Service prevents data read by user with no access", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@CCC.Core", + "@CCC.Core.CN05", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@Destructive", + "@Behavioural", + "@object-storage" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "simple-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "simple-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "simple-flowing-porpoise" + } + ], + "severity": "Informational", + "severity_id": 1, + "status": "New", + "status_code": "PASS", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ no-op required", + "status_id": 1, + "time": 1772108961, + "time_dt": "2026-02-26T12:29:21Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN05.AR06 - Block All Unauthorized Requests" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772108961, + "created_time_dt": "2026-02-26T12:29:21Z", + "desc": "Compliance test scenario: All unauthorized requests are blocked", + "title": "All unauthorized requests are blocked", + "types": [], + "uid": "ccc-test-921-1772108961" + }, + "message": "All unauthorized requests are blocked", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@CCC.Core", + "@CCC.Core.CN05", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@Policy", + "@object-storage" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "simple-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "simple-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "simple-flowing-porpoise" + } + ], + "severity": "Informational", + "severity_id": 1, + "status": "New", + "status_code": "PASS", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ no-op required", + "status_id": 1, + "time": 1772108961, + "time_dt": "2026-02-26T12:29:21Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN05.AR06 - Block All Unauthorized Requests" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772108961, + "created_time_dt": "2026-02-26T12:29:21Z", + "desc": "Compliance test scenario: Object storage region compliance", + "title": "Object storage region compliance", + "types": [], + "uid": "ccc-test-944-1772108961" + }, + "message": "Object storage region compliance", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@CCC.Core", + "@CCC.Core.CN06", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@Policy", + "@object-storage" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "simple-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "simple-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "simple-flowing-porpoise" + } + ], + "severity": "Medium", + "severity_id": 3, + "status": "New", + "status_code": "FAIL", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ— I attempt policy check \"object-storage-region\" for control \"CCC.Core.CN06\" assessment requirement \"AR01\" for service \"{ServiceType}\" on resource \"{ResourceName}\" and provider \"{Provider}\" - Error: policy check failed: S3 Bucket Region Compliance: \n⊘ \"{result}\" is true (skipped)", + "status_id": 1, + "time": 1772108961, + "time_dt": "2026-02-26T12:29:21Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN06.AR01 - Resource Location Compliance" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772108961, + "created_time_dt": "2026-02-26T12:29:21Z", + "desc": "Compliance test scenario: Child resources are in approved regions", + "title": "Child resources are in approved regions", + "types": [], + "uid": "ccc-test-965-1772108961" + }, + "message": "Child resources are in approved regions", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@CCC.Core", + "@CCC.Core.CN06", + "@tlp-clear", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@Policy", + "@object-storage" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "simple-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "simple-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "simple-flowing-porpoise" + } + ], + "severity": "Informational", + "severity_id": 1, + "status": "New", + "status_code": "PASS", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ no-op required", + "status_id": 1, + "time": 1772108961, + "time_dt": "2026-02-26T12:29:21Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN06.AR02 - Child Resource Location Compliance" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772108961, + "created_time_dt": "2026-02-26T12:29:21Z", + "desc": "Compliance test scenario: Enumeration activities publish events to monitored channels", + "title": "Enumeration activities publish events to monitored channels", + "types": [], + "uid": "ccc-test-981-1772108961" + }, + "message": "Enumeration activities publish events to monitored channels", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@CCC.Core", + "@CCC.Core.CN07", + "@tlp-amber", + "@tlp-red", + "@Policy", + "@object-storage" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "simple-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "simple-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "simple-flowing-porpoise" + } + ], + "severity": "Informational", + "severity_id": 1, + "status": "New", + "status_code": "PASS", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I attempt policy check \"enumeration-monitoring-policy\" for control \"CCC.Core.CN07\" assessment requirement \"AR01\" for service \"{ServiceType}\" on resource \"{ResourceName}\" and provider \"{Provider}\"\nβœ“ \"{result}\" is true", + "status_id": 1, + "time": 1772108961, + "time_dt": "2026-02-26T12:29:21Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN07.AR01 - Publish Enumeration Activity Events" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772108961, + "created_time_dt": "2026-02-26T12:29:21Z", + "desc": "Compliance test scenario: Enumeration activities are logged", + "title": "Enumeration activities are logged", + "types": [], + "uid": "ccc-test-997-1772108961" + }, + "message": "Enumeration activities are logged", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@CCC.Core", + "@CCC.Core.CN07", + "@tlp-clear", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@Policy", + "@object-storage" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "simple-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "simple-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "simple-flowing-porpoise" + } + ], + "severity": "Informational", + "severity_id": 1, + "status": "New", + "status_code": "PASS", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ no-op required", + "status_id": 1, + "time": 1772108961, + "time_dt": "2026-02-26T12:29:21Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN07.AR02 - Log Enumeration Activities" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772108961, + "created_time_dt": "2026-02-26T12:29:21Z", + "desc": "Compliance test scenario: Object storage replication compliance", + "title": "Object storage replication compliance", + "types": [], + "uid": "ccc-test-1014-1772108961" + }, + "message": "Object storage replication compliance", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@CCC.Core", + "@CCC.Core.CN08", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@Policy", + "@object-storage" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "simple-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "simple-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "simple-flowing-porpoise" + } + ], + "severity": "Medium", + "severity_id": 3, + "status": "New", + "status_code": "FAIL", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ— I attempt policy check \"object-storage-replication\" for control \"CCC.Core.CN08\" assessment requirement \"AR01\" for service \"{ServiceType}\" on resource \"{ResourceName}\" and provider \"{Provider}\" - Error: policy check failed: S3 Cross-Region Replication Configuration: query execution failed: exit status 254\nOutput: \nAn error occurred (ReplicationConfigurationNotFoundError) when calling the GetBucketReplication operation: The replication configuration was not found\n\n⊘ \"{result}\" is true (skipped)", + "status_id": 1, + "time": 1772108961, + "time_dt": "2026-02-26T12:29:21Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN08.AR01 - Data Replication and Redundancy" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772108963, + "created_time_dt": "2026-02-26T12:29:23Z", + "desc": "Compliance test scenario: Object storage replication status is visible", + "title": "Object storage replication status is visible", + "types": [], + "uid": "ccc-test-1031-1772108963" + }, + "message": "Object storage replication status is visible", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@CCC.Core", + "@CCC.Core.CN08", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@Policy", + "@object-storage" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "simple-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "simple-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "simple-flowing-porpoise" + } + ], + "severity": "Medium", + "severity_id": 3, + "status": "New", + "status_code": "FAIL", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ— I attempt policy check \"object-storage-replication-status\" for control \"CCC.Core.CN08\" assessment requirement \"AR02\" for service \"{ServiceType}\" on resource \"{ResourceName}\" and provider \"{Provider}\" - Error: policy check failed: S3 Replication Status Visibility: query execution failed: exit status 254\nOutput: \nAn error occurred (ReplicationConfigurationNotFoundError) when calling the GetBucketReplication operation: The replication configuration was not found\n\n⊘ \"{result}\" is true (skipped)", + "status_id": 1, + "time": 1772108963, + "time_dt": "2026-02-26T12:29:23Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN08.AR02 - Replication Status Visibility" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772108964, + "created_time_dt": "2026-02-26T12:29:24Z", + "desc": "Compliance test scenario: Object storage access logging compliance", + "title": "Object storage access logging compliance", + "types": [], + "uid": "ccc-test-1048-1772108964" + }, + "message": "Object storage access logging compliance", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@CCC.Core", + "@CCC.Core.CN09", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@Policy", + "@object-storage" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "simple-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "simple-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "simple-flowing-porpoise" + } + ], + "severity": "Medium", + "severity_id": 3, + "status": "New", + "status_code": "FAIL", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ— I attempt policy check \"object-storage-access-logging\" for control \"CCC.Core.CN09\" assessment requirement \"AR01\" for service \"{ServiceType}\" on resource \"{ResourceName}\" and provider \"{Provider}\" - Error: policy check failed: S3 Server Access Logging Configuration: \n⊘ \"{result}\" is true (skipped)", + "status_id": 1, + "time": 1772108964, + "time_dt": "2026-02-26T12:29:24Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN09.AR01 - Access Logging Separation" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772108965, + "created_time_dt": "2026-02-26T12:29:25Z", + "desc": "Compliance test scenario: Disabling logs requires disabling the resource", + "title": "Disabling logs requires disabling the resource", + "types": [], + "uid": "ccc-test-1064-1772108965" + }, + "message": "Disabling logs requires disabling the resource", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@CCC.Core", + "@CCC.Core.CN09", + "@tlp-clear", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@Policy", + "@object-storage" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "simple-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "simple-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "simple-flowing-porpoise" + } + ], + "severity": "Informational", + "severity_id": 1, + "status": "New", + "status_code": "PASS", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ no-op required", + "status_id": 1, + "time": 1772108965, + "time_dt": "2026-02-26T12:29:25Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN09.AR02 - Logs Cannot Be Disabled" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772108965, + "created_time_dt": "2026-02-26T12:29:25Z", + "desc": "Compliance test scenario: Redirecting logs requires halting the resource", + "title": "Redirecting logs requires halting the resource", + "types": [], + "uid": "ccc-test-1078-1772108965" + }, + "message": "Redirecting logs requires halting the resource", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@CCC.Core", + "@CCC.Core.CN09", + "@tlp-amber", + "@tlp-red", + "@Policy", + "@object-storage" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "simple-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "simple-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "simple-flowing-porpoise" + } + ], + "severity": "Informational", + "severity_id": 1, + "status": "New", + "status_code": "PASS", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ no-op required", + "status_id": 1, + "time": 1772108965, + "time_dt": "2026-02-26T12:29:25Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN09.AR03 - Log Redirection Requires Service Halt" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772108965, + "created_time_dt": "2026-02-26T12:29:25Z", + "desc": "Compliance test scenario: Object storage replication destination compliance", + "title": "Object storage replication destination compliance", + "types": [], + "uid": "ccc-test-1095-1772108965" + }, + "message": "Object storage replication destination compliance", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@CCC.Core", + "@CCC.Core.CN10", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@Policy", + "@object-storage" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "simple-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "simple-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "simple-flowing-porpoise" + } + ], + "severity": "Medium", + "severity_id": 3, + "status": "New", + "status_code": "FAIL", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ— I attempt policy check \"object-storage-replication-destination\" for control \"CCC.Core.CN10\" assessment requirement \"AR01\" for service \"{ServiceType}\" on resource \"{ResourceName}\" and provider \"{Provider}\" - Error: policy check failed: S3 Replication Destination Region Validation: query execution failed: exit status 254\nOutput: \nAn error occurred (ReplicationConfigurationNotFoundError) when calling the GetBucketReplication operation: The replication configuration was not found\n\n⊘ \"{result}\" is true (skipped)", + "status_id": 1, + "time": 1772108965, + "time_dt": "2026-02-26T12:29:25Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.Core.CN10.AR01 - Replication Destination Trust" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772108966, + "created_time_dt": "2026-02-26T12:29:26Z", + "desc": "Compliance test scenario: Service prevents reading bucket with no access", + "title": "Service prevents reading bucket with no access", + "types": [], + "uid": "ccc-test-1146-1772108966" + }, + "message": "Service prevents reading bucket with no access", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@object-storage", + "@CCC.ObjStor", + "@tlp-amber", + "@tlp-red", + "@CCC.ObjStor.CN01.AR01", + "@Destructive" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "simple-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "simple-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "simple-flowing-porpoise" + } + ], + "severity": "Informational", + "severity_id": 1, + "status": "New", + "status_code": "PASS", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ I call \"{iamService}\" with \"ProvisionUserWithAccess\" using arguments \"test-user-no-access\", \"{UID}\", and \"none\"\nβœ“ I refer to \"{result}\" as \"testUserNoAccess\"\nβœ“ I attach \"{result}\" to the test output as \"no-access-user-identity.json\"\nβœ“ I call \"{api}\" with \"GetServiceAPIWithIdentity\" using arguments \"object-storage\", \"{testUserNoAccess}\", and \"{false}\"\nβœ“ \"{result}\" is not an error\nβœ“ I refer to \"{result}\" as \"userStorage\"\nβœ“ I call \"{userStorage}\" with \"ListObjects\" using argument \"{ResourceName}\"\nβœ“ \"{result}\" is an error\nβœ“ I attach \"{result}\" to the test output as \"no-access-list-error.txt\"", + "status_id": 1, + "time": 1772108966, + "time_dt": "2026-02-26T12:29:26Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.ObjStor.CN01.AR01" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772108966, + "created_time_dt": "2026-02-26T12:29:26Z", + "desc": "Compliance test scenario: Service allows reading bucket with read access", + "title": "Service allows reading bucket with read access", + "types": [], + "uid": "ccc-test-1162-1772108966" + }, + "message": "Service allows reading bucket with read access", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@object-storage", + "@CCC.ObjStor", + "@tlp-amber", + "@tlp-red", + "@CCC.ObjStor.CN01.AR01" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "simple-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "simple-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "simple-flowing-porpoise" + } + ], + "severity": "Medium", + "severity_id": 3, + "status": "New", + "status_code": "FAIL", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ I call \"{iamService}\" with \"ProvisionUserWithAccess\" using arguments \"test-user-read\", \"{UID}\", and \"read\"\nβœ“ I refer to \"{result}\" as \"testUserRead\"\nβœ“ I attach \"{result}\" to the test output as \"read-user-identity.json\"\nβœ“ I call \"{api}\" with \"GetServiceAPIWithIdentity\" using arguments \"object-storage\", \"{testUserRead}\", and \"{true}\"\nβœ— \"{result}\" is not an error - Error: expected {result} to not be an error, but got: user provisioning validation failed: user permissions validation timed out after 12 attempts: credentials not ready for S3 access: operation error S3: ListBuckets, https response error StatusCode: 403, RequestID: HBKMJZZ7CV2WNTRZ, HostID: fDyXyNfcA/z/7cDJNKNXF8mlvrX2PXJ2bcJbi8koMID+sk6RvQzM8lqKOE0bY+/QiOIHmZ11qu0=, api error AccessDenied: User: arn:aws:iam::211203495394:user/test-user-read is not authorized to perform: s3:ListAllMyBuckets because no identity-based policy allows the s3:ListAllMyBuckets action\n⊘ I attach \"{result}\" to the test output as \"read-storage-service.json\" (skipped)\n⊘ I refer to \"{result}\" as \"userStorage\" (skipped)\n⊘ I call \"{userStorage}\" with \"ListObjects\" using argument \"{ResourceName}\" (skipped)\n⊘ \"{result}\" is not an error (skipped)\n⊘ I attach \"{result}\" to the test output as \"read-list-objects-result.json\" (skipped)", + "status_id": 1, + "time": 1772108966, + "time_dt": "2026-02-26T12:29:26Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.ObjStor.CN01.AR01" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772109036, + "created_time_dt": "2026-02-26T12:30:36Z", + "desc": "Compliance test scenario: Test policy", + "title": "Test policy", + "types": [], + "uid": "ccc-test-1163-1772109036" + }, + "message": "Test policy", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@object-storage", + "@CCC.ObjStor", + "@tlp-amber", + "@tlp-red", + "@CCC.ObjStor.CN01.AR01", + "@Policy" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "simple-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "simple-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "simple-flowing-porpoise" + } + ], + "severity": "Informational", + "severity_id": 1, + "status": "New", + "status_code": "PASS", + "status_detail": "", + "status_id": 1, + "time": 1772109036, + "time_dt": "2026-02-26T12:30:36Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.ObjStor.CN01.AR01" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772109036, + "created_time_dt": "2026-02-26T12:30:36Z", + "desc": "Compliance test scenario: Service prevents reading object with no access", + "title": "Service prevents reading object with no access", + "types": [], + "uid": "ccc-test-1216-1772109036" + }, + "message": "Service prevents reading object with no access", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@object-storage", + "@CCC.ObjStor", + "@tlp-amber", + "@tlp-red", + "@CCC.ObjStor.CN01.AR02" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "simple-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "simple-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "simple-flowing-porpoise" + } + ], + "severity": "Informational", + "severity_id": 1, + "status": "New", + "status_code": "PASS", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ I call \"{storage}\" with \"CreateObject\" using arguments \"{ResourceName}\", \"test-object.txt\", and \"test content\"\nβœ“ \"{result}\" is not an error\nβœ“ I call \"{iamService}\" with \"ProvisionUserWithAccess\" using arguments \"test-user-no-access\", \"{UID}\", and \"none\"\nβœ“ I refer to \"{result}\" as \"testUserNoAccess\"\nβœ“ I attach \"{result}\" to the test output as \"no-access-user-identity.json\"\nβœ“ I call \"{api}\" with \"GetServiceAPIWithIdentity\" using arguments \"object-storage\", \"{testUserNoAccess}\", and \"{false}\"\nβœ“ \"{result}\" is not an error\nβœ“ I refer to \"{result}\" as \"userStorage\"\nβœ“ I call \"{userStorage}\" with \"ReadObject\" using arguments \"{ResourceName}\" and \"test-object.txt\"\nβœ“ \"{result}\" is an error\nβœ“ I attach \"{result}\" to the test output as \"no-access-read-object-error.txt\"", + "status_id": 1, + "time": 1772109036, + "time_dt": "2026-02-26T12:30:36Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.ObjStor.CN01.AR02" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772109037, + "created_time_dt": "2026-02-26T12:30:37Z", + "desc": "Compliance test scenario: Service allows reading object with read access", + "title": "Service allows reading object with read access", + "types": [], + "uid": "ccc-test-1235-1772109037" + }, + "message": "Service allows reading object with read access", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@object-storage", + "@CCC.ObjStor", + "@tlp-amber", + "@tlp-red", + "@CCC.ObjStor.CN01.AR02" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "simple-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "simple-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "simple-flowing-porpoise" + } + ], + "severity": "Medium", + "severity_id": 3, + "status": "New", + "status_code": "FAIL", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ I call \"{storage}\" with \"CreateObject\" using arguments \"{ResourceName}\", \"test-object.txt\", and \"test content\"\nβœ“ \"{result}\" is not an error\nβœ“ I call \"{iamService}\" with \"ProvisionUserWithAccess\" using arguments \"test-user-read\", \"{UID}\", and \"read\"\nβœ“ I refer to \"{result}\" as \"testUserRead\"\nβœ“ I attach \"{result}\" to the test output as \"read-user-identity.json\"\nβœ“ I call \"{api}\" with \"GetServiceAPIWithIdentity\" using arguments \"object-storage\", \"{testUserRead}\", and \"{true}\"\nβœ— \"{result}\" is not an error - Error: expected {result} to not be an error, but got: user provisioning validation failed: user permissions validation timed out after 12 attempts: credentials not ready for S3 access: operation error S3: ListBuckets, https response error StatusCode: 403, RequestID: 2C6TRWE43XMPF0M3, HostID: YQX1AICmOVjRvL87UE4TjQAMF5EbVv67Re/+1vEX/No9Kae5hBdlrDZCsvRBsLpT/GQEKazqNQE=, api error AccessDenied: User: arn:aws:iam::211203495394:user/test-user-read is not authorized to perform: s3:ListAllMyBuckets because no identity-based policy allows the s3:ListAllMyBuckets action\n⊘ I attach \"{result}\" to the test output as \"read-storage-service.json\" (skipped)\n⊘ I refer to \"{result}\" as \"userStorage\" (skipped)\n⊘ I call \"{userStorage}\" with \"ReadObject\" using arguments \"{ResourceName}\" and \"test-object.txt\" (skipped)\n⊘ \"{result}\" is not an error (skipped)\n⊘ I attach \"{result}\" to the test output as \"read-read-object-result.json\" (skipped)\n⊘ I call \"{storage}\" with \"DeleteObject\" using arguments \"{ResourceName}\" and \"test-object.txt\" (skipped)", + "status_id": 1, + "time": 1772109037, + "time_dt": "2026-02-26T12:30:37Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.ObjStor.CN01.AR02" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772109092, + "created_time_dt": "2026-02-26T12:31:32Z", + "desc": "Compliance test scenario: Service prevents creating bucket with no access", + "title": "Service prevents creating bucket with no access", + "types": [], + "uid": "ccc-test-1286-1772109092" + }, + "message": "Service prevents creating bucket with no access", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@object-storage", + "@CCC.ObjStor", + "@tlp-clear", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@CCC.ObjStor.CN01.AR03" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "simple-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "simple-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "simple-flowing-porpoise" + } + ], + "severity": "Informational", + "severity_id": 1, + "status": "New", + "status_code": "PASS", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ I call \"{iamService}\" with \"ProvisionUserWithAccess\" using arguments \"test-user-no-access\", \"{UID}\", and \"none\"\nβœ“ I refer to \"{result}\" as \"testUserNoAccess\"\nβœ“ I attach \"{result}\" to the test output as \"no-access-user-identity.json\"\nβœ“ I call \"{api}\" with \"GetServiceAPIWithIdentity\" using arguments \"object-storage\", \"{testUserNoAccess}\", and \"{false}\"\nβœ“ \"{result}\" is not an error\nβœ“ I refer to \"{result}\" as \"userStorage\"\nβœ“ I call \"{userStorage}\" with \"CreateBucket\" using argument \"test-bucket-no-access\"\nβœ“ \"{result}\" is an error\nβœ“ I attach \"{result}\" to the test output as \"no-access-create-bucket-error.txt\"", + "status_id": 1, + "time": 1772109092, + "time_dt": "2026-02-26T12:31:32Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.ObjStor.CN01.AR03" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772109092, + "created_time_dt": "2026-02-26T12:31:32Z", + "desc": "Compliance test scenario: Service allows creating bucket with write access", + "title": "Service allows creating bucket with write access", + "types": [], + "uid": "ccc-test-1303-1772109092" + }, + "message": "Service allows creating bucket with write access", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@object-storage", + "@CCC.ObjStor", + "@tlp-clear", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@CCC.ObjStor.CN01.AR03" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "simple-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "simple-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "simple-flowing-porpoise" + } + ], + "severity": "Medium", + "severity_id": 3, + "status": "New", + "status_code": "FAIL", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ I call \"{iamService}\" with \"ProvisionUserWithAccess\" using arguments \"test-user-write\", \"{UID}\", and \"write\"\nβœ“ I refer to \"{result}\" as \"testUserWrite\"\nβœ“ I attach \"{result}\" to the test output as \"write-user-identity.json\"\nβœ“ I call \"{api}\" with \"GetServiceAPIWithIdentity\" using arguments \"object-storage\", \"{testUserWrite}\", and \"{true}\"\nβœ— \"{result}\" is not an error - Error: expected {result} to not be an error, but got: user provisioning validation failed: user permissions validation timed out after 12 attempts: credentials not ready for S3 access: operation error S3: ListBuckets, https response error StatusCode: 403, RequestID: 5HTKWB5M1NCMVWX0, HostID: dxfi0Dud0rW440uQomNVTLWNvSwV56N0CgdelVRVs00MCB+i4tHAYWZjxbs8+VsqSxxRjF7jk5g=, api error AccessDenied: User: arn:aws:iam::211203495394:user/test-user-write is not authorized to perform: s3:ListAllMyBuckets because no identity-based policy allows the s3:ListAllMyBuckets action\n⊘ I attach \"{result}\" to the test output as \"write-storage-service.json\" (skipped)\n⊘ I refer to \"{result}\" as \"userStorage\" (skipped)\n⊘ I call \"{userStorage}\" with \"CreateBucket\" using argument \"test-bucket-write\" (skipped)\n⊘ \"{result}\" is not an error (skipped)\n⊘ I attach \"{result}\" to the test output as \"write-create-bucket-result.json\" (skipped)\n⊘ I call \"{storage}\" with \"DeleteBucket\" using argument \"{result.ID}\" (skipped)", + "status_id": 1, + "time": 1772109092, + "time_dt": "2026-02-26T12:31:32Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.ObjStor.CN01.AR03" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772109163, + "created_time_dt": "2026-02-26T12:32:43Z", + "desc": "Compliance test scenario: Service prevents writing object with read-only access", + "title": "Service prevents writing object with read-only access", + "types": [], + "uid": "ccc-test-1358-1772109163" + }, + "message": "Service prevents writing object with read-only access", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@object-storage", + "@CCC.ObjStor", + "@tlp-clear", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@CCC.ObjStor.CN01.AR04" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "simple-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "simple-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "simple-flowing-porpoise" + } + ], + "severity": "Medium", + "severity_id": 3, + "status": "New", + "status_code": "FAIL", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ \"{result}\" is not an error\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ \"{result}\" is not an error\nβœ“ I call \"{iamService}\" with \"ProvisionUserWithAccess\" using arguments \"test-user-read\", \"{UID}\", and \"read\"\nβœ“ I refer to \"{result}\" as \"testUserRead\"\nβœ“ I attach \"{result}\" to the test output as \"read-user-identity.json\"\nβœ“ I call \"{api}\" with \"GetServiceAPIWithIdentity\" using arguments \"object-storage\", \"{testUserRead}\", and \"{true}\"\nβœ— \"{result}\" is not an error - Error: expected {result} to not be an error, but got: user provisioning validation failed: user permissions validation timed out after 12 attempts: credentials not ready for S3 access: operation error S3: ListBuckets, https response error StatusCode: 403, RequestID: N9H15A4WWQPMSP1S, HostID: g4QJ7t4kAXmveLTh78/+yi1deFSHpD5JoVCOUmjqcjdfU3iSMCsnVrIAzKBDgpCtiIG/gCg2lZ8Tr7Nwa8tYr8ZO9xYCq6JZ+lAkVbkASeE=, api error AccessDenied: User: arn:aws:iam::211203495394:user/test-user-read is not authorized to perform: s3:ListAllMyBuckets because no identity-based policy allows the s3:ListAllMyBuckets action\n⊘ I refer to \"{result}\" as \"userStorage\" (skipped)\n⊘ I call \"{userStorage}\" with \"CreateObject\" using arguments \"{ResourceName}\", \"test-write-object.txt\", and \"test content\" (skipped)\n⊘ \"{result}\" is an error (skipped)\n⊘ I attach \"{result}\" to the test output as \"read-create-object-error.txt\" (skipped)", + "status_id": 1, + "time": 1772109163, + "time_dt": "2026-02-26T12:32:43Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.ObjStor.CN01.AR04" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772109218, + "created_time_dt": "2026-02-26T12:33:38Z", + "desc": "Compliance test scenario: Service allows writing object with write access", + "title": "Service allows writing object with write access", + "types": [], + "uid": "ccc-test-1377-1772109218" + }, + "message": "Service allows writing object with write access", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@object-storage", + "@CCC.ObjStor", + "@tlp-clear", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@CCC.ObjStor.CN01.AR04" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "simple-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "simple-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "simple-flowing-porpoise" + } + ], + "severity": "Medium", + "severity_id": 3, + "status": "New", + "status_code": "FAIL", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ \"{result}\" is not an error\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ \"{result}\" is not an error\nβœ“ I call \"{iamService}\" with \"ProvisionUserWithAccess\" using arguments \"test-user-write\", \"{UID}\", and \"write\"\nβœ“ I refer to \"{result}\" as \"testUserWrite\"\nβœ“ I attach \"{result}\" to the test output as \"write-user-identity.json\"\nβœ“ I call \"{api}\" with \"GetServiceAPIWithIdentity\" using arguments \"object-storage\", \"{testUserWrite}\", and \"{true}\"\nβœ— \"{result}\" is not an error - Error: expected {result} to not be an error, but got: user provisioning validation failed: user permissions validation timed out after 12 attempts: credentials not ready for S3 access: operation error S3: ListBuckets, https response error StatusCode: 403, RequestID: B7596R1WG63V7E5Z, HostID: 8aZit3jmY/PGT7c1pSIfYedvNcrBEn9DIgQyokHcNsyUxmrsVngTeinPqL5WycuTAOMwjLhXzFg=, api error AccessDenied: User: arn:aws:iam::211203495394:user/test-user-write is not authorized to perform: s3:ListAllMyBuckets because no identity-based policy allows the s3:ListAllMyBuckets action\n⊘ I attach \"{result}\" to the test output as \"write-storage-service.json\" (skipped)\n⊘ I refer to \"{result}\" as \"userStorage\" (skipped)\n⊘ I call \"{userStorage}\" with \"CreateObject\" using arguments \"{ResourceName}\", \"test-write-object.txt\", and \"test content\" (skipped)\n⊘ \"{result}\" is not an error (skipped)\n⊘ I attach \"{result}\" to the test output as \"write-create-object-result.json\" (skipped)\n⊘ I call \"{storage}\" with \"DeleteObject\" using arguments \"{ResourceName}\" and \"test-write-object.txt\" (skipped)", + "status_id": 1, + "time": 1772109218, + "time_dt": "2026-02-26T12:33:38Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.ObjStor.CN01.AR04" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772109273, + "created_time_dt": "2026-02-26T12:34:33Z", + "desc": "Compliance test scenario: Service enforces uniform bucket-level access by rejecting object-level permissions", + "title": "Service enforces uniform bucket-level access by rejecting object-level permissions", + "types": [], + "uid": "ccc-test-1426-1772109273" + }, + "message": "Service enforces uniform bucket-level access by rejecting object-level permissions", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@object-storage", + "@CCC.ObjStor", + "@tlp-amber", + "@tlp-red", + "@CCC.ObjStor.CN02.AR01" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "simple-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "simple-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "simple-flowing-porpoise" + } + ], + "severity": "Medium", + "severity_id": 3, + "status": "New", + "status_code": "FAIL", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ I call \"{storage}\" with \"CreateObject\" using arguments \"{ResourceName}\", \"test-object.txt\", and \"test data\"\nβœ“ \"{result}\" is not an error\nβœ“ I call \"{iamService}\" with \"ProvisionUserWithAccess\" using arguments \"test-user-read\", \"{UID}\", and \"read\"\nβœ“ I refer to \"{result}\" as \"testUserRead\"\nβœ“ I attach \"{result}\" to the test output as \"read-user-identity.json\"\nβœ“ I call \"{api}\" with \"GetServiceAPIWithIdentity\" using arguments \"object-storage\", \"{testUserRead}\", and \"{true}\"\nβœ— \"{result}\" is not an error - Error: expected {result} to not be an error, but got: user provisioning validation failed: user permissions validation timed out after 12 attempts: credentials not ready for S3 access: operation error S3: ListBuckets, https response error StatusCode: 403, RequestID: 1CG7VKA3E0MZA77C, HostID: LQjxcEsghW9izEy4DyM2ay+eXPEzysb1hRVlNWP06AKeS3rv0BcMHkxJjvidYODkejywAWjKJRg=, api error AccessDenied: User: arn:aws:iam::211203495394:user/test-user-read is not authorized to perform: s3:ListAllMyBuckets because no identity-based policy allows the s3:ListAllMyBuckets action\n⊘ I refer to \"{result}\" as \"userStorage\" (skipped)\n⊘ I call \"{userStorage}\" with \"ReadObject\" using arguments \"{ResourceName}\" and \"test-object.txt\" (skipped)\n⊘ \"{result}\" is not an error (skipped)\n⊘ I call \"{storage}\" with \"SetObjectPermission\" using arguments \"{ResourceName}\", \"test-object.txt\", and \"none\" (skipped)\n⊘ \"{result}\" is an error (skipped)\n⊘ I attach \"{result}\" to the test output as \"set-object-permission-error.txt\" (skipped)\n⊘ I call \"{userStorage}\" with \"ReadObject\" using arguments \"{ResourceName}\" and \"test-object.txt\" (skipped)\n⊘ \"{result}\" is not an error (skipped)", + "status_id": 1, + "time": 1772109273, + "time_dt": "2026-02-26T12:34:33Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.ObjStor.CN02.AR01 - Uniform Bucket-Level Access (Consistent Allow)" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772109329, + "created_time_dt": "2026-02-26T12:35:29Z", + "desc": "Compliance test scenario: Service enforces uniform bucket-level access denial", + "title": "Service enforces uniform bucket-level access denial", + "types": [], + "uid": "ccc-test-1475-1772109329" + }, + "message": "Service enforces uniform bucket-level access denial", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@object-storage", + "@CCC.ObjStor", + "@tlp-amber", + "@tlp-red", + "@CCC.ObjStor.CN02.AR02" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "simple-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "simple-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "simple-flowing-porpoise" + } + ], + "severity": "Informational", + "severity_id": 1, + "status": "New", + "status_code": "PASS", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ I call \"{storage}\" with \"CreateObject\" using arguments \"{ResourceName}\", \"test-object.txt\", and \"test data\"\nβœ“ \"{result}\" is not an error\nβœ“ I call \"{iamService}\" with \"ProvisionUserWithAccess\" using arguments \"test-user-no-access\", \"{UID}\", and \"none\"\nβœ“ I refer to \"{result}\" as \"testUserNoAccess\"\nβœ“ I attach \"{result}\" to the test output as \"no-access-user-identity.json\"\nβœ“ I call \"{api}\" with \"GetServiceAPIWithIdentity\" using arguments \"object-storage\", \"{testUserNoAccess}\", and \"{false}\"\nβœ“ \"{result}\" is not an error\nβœ“ I refer to \"{result}\" as \"userStorage\"\nβœ“ I call \"{userStorage}\" with \"ReadObject\" using arguments \"{ResourceName}\" and \"test-object.txt\"\nβœ“ \"{result}\" is an error\nβœ“ I call \"{storage}\" with \"SetObjectPermission\" using arguments \"{ResourceName}\", \"test-object.txt\", and \"read\"\nβœ“ \"{result}\" is an error\nβœ“ I attach \"{result}\" to the test output as \"set-object-permission-error.txt\"\nβœ“ I call \"{userStorage}\" with \"ReadObject\" using arguments \"{ResourceName}\" and \"test-object.txt\"\nβœ“ \"{result}\" is an error", + "status_id": 1, + "time": 1772109329, + "time_dt": "2026-02-26T12:35:29Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.ObjStor.CN02.AR02 - Uniform Bucket-Level Access (Consistent Deny)" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772109329, + "created_time_dt": "2026-02-26T12:35:29Z", + "desc": "Compliance test scenario: Service supports bucket soft delete and recovery", + "title": "Service supports bucket soft delete and recovery", + "types": [], + "uid": "ccc-test-1524-1772109329" + }, + "message": "Service supports bucket soft delete and recovery", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@object-storage", + "@CCC.ObjStor", + "@tlp-amber", + "@tlp-red", + "@CCC.ObjStor.CN03.AR01" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "simple-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "simple-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "simple-flowing-porpoise" + } + ], + "severity": "Medium", + "severity_id": 3, + "status": "New", + "status_code": "FAIL", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{storage}\" with \"CreateBucket\" using argument \"ccc-test-soft-delete\"\nβœ“ \"{result}\" is not an error\nβœ“ I refer to \"{result}\" as \"testBucket\"\nβœ“ I attach \"{result}\" to the test output as \"created-bucket.json\"\nβœ“ I call \"{storage}\" with \"DeleteBucket\" using argument \"ccc-test-soft-delete\"\nβœ“ \"{result}\" is not an error\nβœ“ I call \"{storage}\" with \"ListDeletedBuckets\"\nβœ— \"{result}\" is not an error - Error: expected {result} to not be an error, but got: AWS S3 does not support bucket-level soft delete - bucket deletion is immediate and permanent\n⊘ I attach \"{result}\" to the test output as \"deleted-buckets.json\" (skipped)\n? \"{result}\" should have length greater than \"0\" (undefined)\n⊘ I call \"{storage}\" with \"RestoreBucket\" using argument \"ccc-test-soft-delete\" (skipped)\n⊘ \"{result}\" is not an error (skipped)\n⊘ I call \"{storage}\" with \"ListBuckets\" (skipped)\n⊘ \"{result}\" is not an error (skipped)\n⊘ I attach \"{result}\" to the test output as \"restored-buckets.json\" (skipped)\n⊘ I call \"{storage}\" with \"DeleteBucket\" using argument \"ccc-test-soft-delete\" (skipped)\n⊘ \"{result}\" is not an error (skipped)", + "status_id": 1, + "time": 1772109329, + "time_dt": "2026-02-26T12:35:29Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.ObjStor.CN03.AR01 - Bucket Soft Delete and Recovery" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772109330, + "created_time_dt": "2026-02-26T12:35:30Z", + "desc": "Compliance test scenario: Service prevents modification of locked retention policy", + "title": "Service prevents modification of locked retention policy", + "types": [], + "uid": "ccc-test-1561-1772109330" + }, + "message": "Service prevents modification of locked retention policy", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@object-storage", + "@CCC.ObjStor", + "@tlp-amber", + "@tlp-red", + "@CCC.ObjStor.CN03.AR02" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "simple-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "simple-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "simple-flowing-porpoise" + } + ], + "severity": "Medium", + "severity_id": 3, + "status": "New", + "status_code": "FAIL", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{storage}\" with \"GetBucketRetentionDurationDays\" using argument \"{ResourceName}\"\nβœ“ \"{result}\" is not an error\nβœ“ I refer to \"{result}\" as \"originalRetention\"\nβœ“ I attach \"{result}\" to the test output as \"original-retention-days.txt\"\nβœ— \"{result}\" should be greater than \"0\" - Error: expected {result} (0) to be greater than 0\n⊘ I call \"{storage}\" with \"SetBucketRetentionDurationDays\" using arguments \"{ResourceName}\" and \"1\" (skipped)\n⊘ \"{result}\" is an error (skipped)\n⊘ I attach \"{result}\" to the test output as \"set-retention-error.txt\" (skipped)\n⊘ I call \"{storage}\" with \"GetBucketRetentionDurationDays\" using argument \"{ResourceName}\" (skipped)\n⊘ \"{result}\" is not an error (skipped)\n? \"{result}\" should equal \"{originalRetention}\" (undefined)", + "status_id": 1, + "time": 1772109330, + "time_dt": "2026-02-26T12:35:30Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.ObjStor.CN03.AR02 - Immutable Bucket Retention Policy" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772109330, + "created_time_dt": "2026-02-26T12:35:30Z", + "desc": "Compliance test scenario: Service applies default retention policy to newly uploaded object", + "title": "Service applies default retention policy to newly uploaded object", + "types": [], + "uid": "ccc-test-1617-1772109330" + }, + "message": "Service applies default retention policy to newly uploaded object", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@object-storage", + "@CCC.ObjStor", + "@tlp-clear", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@CCC.ObjStor.CN04.AR01" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "simple-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "simple-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "simple-flowing-porpoise" + } + ], + "severity": "Medium", + "severity_id": 3, + "status": "New", + "status_code": "FAIL", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ I call \"{iamService}\" with \"ProvisionUserWithAccess\" using arguments \"test-user-write\", \"{UID}\", and \"write\"\nβœ“ I refer to \"{result}\" as \"testUserWrite\"\nβœ“ I attach \"{result}\" to the test output as \"write-user-identity.json\"\nβœ“ I call \"{api}\" with \"GetServiceAPIWithIdentity\" using arguments \"object-storage\", \"{testUserWrite}\", and \"{true}\"\nβœ— \"{result}\" is not an error - Error: expected {result} to not be an error, but got: user provisioning validation failed: user permissions validation timed out after 12 attempts: credentials not ready for S3 access: operation error S3: ListBuckets, https response error StatusCode: 403, RequestID: 9J71AG53NVA8653T, HostID: HGTz2EGa/EB1utlkjZZQVCsAVF2QmFJKmf7STjkT3RylVHw0OWigXE49E0oDbjC1zIEtlUe+fnI=, api error AccessDenied: User: arn:aws:iam::211203495394:user/test-user-write is not authorized to perform: s3:ListAllMyBuckets because no identity-based policy allows the s3:ListAllMyBuckets action\n⊘ I refer to \"{result}\" as \"userStorage\" (skipped)\n⊘ I call \"{userStorage}\" with \"CreateObject\" using arguments \"{ResourceName}\", \"test-retention-object.txt\", and \"protected data\" (skipped)\n⊘ I attach \"{result}\" to the test output as \"uploaded-object.json\" (skipped)\n⊘ I call \"{userStorage}\" with \"GetObjectRetentionDurationDays\" using arguments \"{ResourceName}\" and \"test-retention-object.txt\" (skipped)\n⊘ \"{result}\" should be greater than \"1\" (skipped)\n⊘ I call \"{storage}\" with \"DeleteObject\" using arguments \"{ResourceName}\" and \"test-retention-object.txt\" (skipped)", + "status_id": 1, + "time": 1772109330, + "time_dt": "2026-02-26T12:35:30Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.ObjStor.CN04.AR01" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772109385, + "created_time_dt": "2026-02-26T12:36:25Z", + "desc": "Compliance test scenario: Service enforces retention policy on newly created objects", + "title": "Service enforces retention policy on newly created objects", + "types": [], + "uid": "ccc-test-1629-1772109385" + }, + "message": "Service enforces retention policy on newly created objects", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@object-storage", + "@CCC.ObjStor", + "@tlp-clear", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@CCC.ObjStor.CN04.AR01" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "simple-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "simple-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "simple-flowing-porpoise" + } + ], + "severity": "Medium", + "severity_id": 3, + "status": "New", + "status_code": "FAIL", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ I call \"{storage}\" with \"CreateObject\" using arguments \"{ResourceName}\", \"immediate-delete-test.txt\", and \"test content\"\nβœ“ \"{result}\" is not an error\nβœ“ I call \"{storage}\" with \"DeleteObject\" using arguments \"{ResourceName}\" and \"immediate-delete-test.txt\"\nβœ— \"{result}\" is an error - Error: expected {result} to be an error, got \u003cnil\u003e\n⊘ I attach \"{result}\" to the test output as \"immediate-delete-error.txt\" (skipped)\n? \"{result}\" should contain \"retention\" (undefined)", + "status_id": 1, + "time": 1772109385, + "time_dt": "2026-02-26T12:36:25Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.ObjStor.CN04.AR01" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772109386, + "created_time_dt": "2026-02-26T12:36:26Z", + "desc": "Compliance test scenario: Service validates retention period meets minimum requirements", + "title": "Service validates retention period meets minimum requirements", + "types": [], + "uid": "ccc-test-1640-1772109386" + }, + "message": "Service validates retention period meets minimum requirements", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@object-storage", + "@CCC.ObjStor", + "@tlp-clear", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@CCC.ObjStor.CN04.AR01" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "simple-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "simple-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "simple-flowing-porpoise" + } + ], + "severity": "Medium", + "severity_id": 3, + "status": "New", + "status_code": "FAIL", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ I call \"{storage}\" with \"CreateObject\" using arguments \"{ResourceName}\", \"retention-period-test.txt\", and \"compliance data\"\nβœ“ I call \"{storage}\" with \"GetObjectRetentionDurationDays\" using arguments \"{ResourceName}\" and \"retention-period-test.txt\"\nβœ— \"{result}\" should be greater than \"1\" - Error: expected {result} (0) to be greater than 1\n⊘ I attach \"{result}\" to the test output as \"retention-period-days.json\" (skipped)\n⊘ I call \"{storage}\" with \"DeleteObject\" using arguments \"{ResourceName}\" and \"retention-period-test.txt\" (skipped)", + "status_id": 1, + "time": 1772109386, + "time_dt": "2026-02-26T12:36:26Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.ObjStor.CN04.AR01" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772109386, + "created_time_dt": "2026-02-26T12:36:26Z", + "desc": "Compliance test scenario: Service prevents object deletion by write user during retention period", + "title": "Service prevents object deletion by write user during retention period", + "types": [], + "uid": "ccc-test-1722-1772109386" + }, + "message": "Service prevents object deletion by write user during retention period", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@object-storage", + "@CCC.ObjStor", + "@tlp-clear", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@CCC.ObjStor.CN04.AR02" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "simple-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "simple-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "simple-flowing-porpoise" + } + ], + "severity": "Medium", + "severity_id": 3, + "status": "New", + "status_code": "FAIL", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ I call \"{iamService}\" with \"ProvisionUserWithAccess\" using arguments \"test-user-write\", \"{UID}\", and \"write\"\nβœ“ I refer to \"{result}\" as \"testUserWrite\"\nβœ“ I attach \"{result}\" to the test output as \"write-user-identity.json\"\nβœ“ I call \"{api}\" with \"GetServiceAPIWithIdentity\" using arguments \"object-storage\", \"{testUserWrite}\", and \"{true}\"\nβœ— \"{result}\" is not an error - Error: expected {result} to not be an error, but got: user provisioning validation failed: user permissions validation timed out after 12 attempts: credentials not ready for S3 access: operation error S3: ListBuckets, https response error StatusCode: 403, RequestID: 44CYDVSA5KZEZT4F, HostID: RokhzS6VZDT4vxZwOMOkSKHyrbR74OK7OwaWgIdNU8X66I5zX/AOw/yrP/lgUB+LVixWauMaXMc=, api error AccessDenied: User: arn:aws:iam::211203495394:user/test-user-write is not authorized to perform: s3:ListAllMyBuckets because no identity-based policy allows the s3:ListAllMyBuckets action\n⊘ I refer to \"{result}\" as \"userStorage\" (skipped)\n⊘ I call \"{userStorage}\" with \"CreateObject\" using arguments \"{ResourceName}\", \"protected-object.txt\", and \"immutable data\" (skipped)\n⊘ \"{result}\" is not an error (skipped)\n⊘ I attach \"{result}\" to the test output as \"protected-object.json\" (skipped)\n⊘ I call \"{userStorage}\" with \"DeleteObject\" using arguments \"{ResourceName}\" and \"protected-object.txt\" (skipped)\n⊘ \"{result}\" is an error (skipped)\n⊘ I attach \"{result}\" to the test output as \"delete-protected-error.txt\" (skipped)\n? \"{result}\" should contain one of \"retention, locked, immutable, protected\" (undefined)", + "status_id": 1, + "time": 1772109386, + "time_dt": "2026-02-26T12:36:26Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.ObjStor.CN04.AR02" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772109441, + "created_time_dt": "2026-02-26T12:37:21Z", + "desc": "Compliance test scenario: Service prevents object deletion by admin user during retention period", + "title": "Service prevents object deletion by admin user during retention period", + "types": [], + "uid": "ccc-test-1734-1772109441" + }, + "message": "Service prevents object deletion by admin user during retention period", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@object-storage", + "@CCC.ObjStor", + "@tlp-clear", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@CCC.ObjStor.CN04.AR02" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "simple-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "simple-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "simple-flowing-porpoise" + } + ], + "severity": "Medium", + "severity_id": 3, + "status": "New", + "status_code": "FAIL", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ I call \"{storage}\" with \"CreateObject\" using arguments \"{ResourceName}\", \"admin-protected-object.txt\", and \"compliance data\"\nβœ“ \"{result}\" is not an error\nβœ“ I call \"{storage}\" with \"DeleteObject\" using arguments \"{ResourceName}\" and \"admin-protected-object.txt\"\nβœ— \"{result}\" is an error - Error: expected {result} to be an error, got \u003cnil\u003e\n⊘ I attach \"{result}\" to the test output as \"admin-delete-protected-error.txt\" (skipped)\n? \"{result}\" should contain \"retention\" (undefined)", + "status_id": 1, + "time": 1772109441, + "time_dt": "2026-02-26T12:37:21Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.ObjStor.CN04.AR02" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772109442, + "created_time_dt": "2026-02-26T12:37:22Z", + "desc": "Compliance test scenario: Service prevents object modification during retention period", + "title": "Service prevents object modification during retention period", + "types": [], + "uid": "ccc-test-1752-1772109442" + }, + "message": "Service prevents object modification during retention period", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@object-storage", + "@CCC.ObjStor", + "@tlp-clear", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@CCC.ObjStor.CN04.AR02" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "simple-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "simple-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "simple-flowing-porpoise" + } + ], + "severity": "Medium", + "severity_id": 3, + "status": "New", + "status_code": "FAIL", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ I call \"{iamService}\" with \"ProvisionUserWithAccess\" using arguments \"test-user-write\", \"{UID}\", and \"write\"\nβœ“ I refer to \"{result}\" as \"testUserWrite\"\nβœ“ I call \"{api}\" with \"GetServiceAPIWithIdentity\" using arguments \"object-storage\", \"{testUserWrite}\", and \"{true}\"\nβœ— \"{result}\" is not an error - Error: expected {result} to not be an error, but got: user provisioning validation failed: user permissions validation timed out after 12 attempts: credentials not ready for S3 access: operation error S3: ListBuckets, https response error StatusCode: 403, RequestID: 9CJAMH1Q8NVWBMD3, HostID: tWcBHGS1O0UefeZ0TP7B34bM9r9nOgEewJz/7B7YUl++N9wDjf3q2Hpvuhu05E8V4+e2WgPifpE/ecbqlBctUcA2CQ0zEdvH, api error AccessDenied: User: arn:aws:iam::211203495394:user/test-user-write is not authorized to perform: s3:ListAllMyBuckets because no identity-based policy allows the s3:ListAllMyBuckets action\n⊘ I refer to \"{result}\" as \"userStorage\" (skipped)\n⊘ I call \"{userStorage}\" with \"CreateObject\" using arguments \"{ResourceName}\", \"modify-test-object.txt\", and \"original content\" (skipped)\n⊘ \"{result}\" is not an error (skipped)\n⊘ I attach \"{result}\" to the test output as \"original-object.json\" (skipped)\n⊘ I call \"{userStorage}\" with \"CreateObject\" using arguments \"{ResourceName}\", \"modify-test-object.txt\", and \"modified content\" (skipped)\n⊘ \"{result}\" is an error (skipped)\n⊘ I attach \"{result}\" to the test output as \"modify-protected-error.txt\" (skipped)\n? \"{result}\" should contain one of \"retention, locked, immutable, protected, exists\" (undefined)", + "status_id": 1, + "time": 1772109442, + "time_dt": "2026-02-26T12:37:22Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.ObjStor.CN04.AR02" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772109497, + "created_time_dt": "2026-02-26T12:38:17Z", + "desc": "Compliance test scenario: Service allows object read access during retention period", + "title": "Service allows object read access during retention period", + "types": [], + "uid": "ccc-test-1772-1772109497" + }, + "message": "Service allows object read access during retention period", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@object-storage", + "@CCC.ObjStor", + "@tlp-clear", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@CCC.ObjStor.CN04.AR02" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "simple-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "simple-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "simple-flowing-porpoise" + } + ], + "severity": "Medium", + "severity_id": 3, + "status": "New", + "status_code": "FAIL", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ I call \"{storage}\" with \"CreateObject\" using arguments \"{ResourceName}\", \"readable-protected-object.txt\", and \"readable data\"\nβœ“ \"{result}\" is not an error\nβœ“ I call \"{iamService}\" with \"ProvisionUserWithAccess\" using arguments \"test-user-read\", \"{UID}\", and \"read\"\nβœ“ I refer to \"{result}\" as \"testUserRead\"\nβœ“ I attach \"{result}\" to the test output as \"read-user-identity.json\"\nβœ“ I call \"{api}\" with \"GetServiceAPIWithIdentity\" using arguments \"object-storage\", \"{testUserRead}\", and \"{true}\"\nβœ— \"{result}\" is not an error - Error: expected {result} to not be an error, but got: user provisioning validation failed: user permissions validation timed out after 12 attempts: credentials not ready for S3 access: operation error S3: ListBuckets, https response error StatusCode: 403, RequestID: BE430XHE6XC874D6, HostID: v1HK61E2hR62jeTwc3MRdOPIH9z+Tn/qcdLmTwpmzyNt++uZxBSqVrwau6CB/RQOa53eiybXfV0=, api error AccessDenied: User: arn:aws:iam::211203495394:user/test-user-read is not authorized to perform: s3:ListAllMyBuckets because no identity-based policy allows the s3:ListAllMyBuckets action\n⊘ I refer to \"{result}\" as \"userStorage\" (skipped)\n⊘ I call \"{userStorage}\" with \"ReadObject\" using arguments \"{ResourceName}\" and \"readable-protected-object.txt\" (skipped)\n⊘ \"{result}\" is not an error (skipped)\n⊘ I refer to \"{result}\" as \"readResult\" (skipped)\n⊘ I attach \"{result}\" to the test output as \"read-protected-object.json\" (skipped)\n⊘ \"{readResult.Name}\" is \"readable-protected-object.txt\" (skipped)\n⊘ I call \"{storage}\" with \"DeleteObject\" using arguments \"{ResourceName}\" and \"readable-protected-object.txt\" (skipped)", + "status_id": 1, + "time": 1772109497, + "time_dt": "2026-02-26T12:38:17Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.ObjStor.CN04.AR02" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772109553, + "created_time_dt": "2026-02-26T12:39:13Z", + "desc": "Compliance test scenario: Objects are stored with unique version identifiers", + "title": "Objects are stored with unique version identifiers", + "types": [], + "uid": "ccc-test-1790-1772109553" + }, + "message": "Objects are stored with unique version identifiers", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@object-storage", + "@CCC.ObjStor", + "@CCC.ObjStor.CN05", + "@tlp-clear", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@Policy" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "simple-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "simple-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "simple-flowing-porpoise" + } + ], + "severity": "Medium", + "severity_id": 3, + "status": "New", + "status_code": "FAIL", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ— I attempt policy check \"object-storage-versioning\" for control \"CCC.ObjStor.CN05\" assessment requirement \"AR01\" for service \"{ServiceType}\" on resource \"{ResourceName}\" and provider \"{Provider}\" - Error: policy check failed: S3 Bucket Versioning Configuration: \n⊘ \"{result}\" is true (skipped)", + "status_id": 1, + "time": 1772109553, + "time_dt": "2026-02-26T12:39:13Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.ObjStor.CN05.AR01 - Versioning with Unique Identifiers" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772109554, + "created_time_dt": "2026-02-26T12:39:14Z", + "desc": "Compliance test scenario: Modified objects receive new version identifiers", + "title": "Modified objects receive new version identifiers", + "types": [], + "uid": "ccc-test-1806-1772109554" + }, + "message": "Modified objects receive new version identifiers", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@object-storage", + "@CCC.ObjStor", + "@CCC.ObjStor.CN05", + "@tlp-clear", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@Policy" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "simple-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "simple-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "simple-flowing-porpoise" + } + ], + "severity": "Informational", + "severity_id": 1, + "status": "New", + "status_code": "PASS", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ no-op required", + "status_id": 1, + "time": 1772109554, + "time_dt": "2026-02-26T12:39:14Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.ObjStor.CN05.AR02 - New Version ID on Modification" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772109554, + "created_time_dt": "2026-02-26T12:39:14Z", + "desc": "Compliance test scenario: Previous object versions can be recovered", + "title": "Previous object versions can be recovered", + "types": [], + "uid": "ccc-test-1822-1772109554" + }, + "message": "Previous object versions can be recovered", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@object-storage", + "@CCC.ObjStor", + "@CCC.ObjStor.CN05", + "@tlp-clear", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@Policy" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "simple-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "simple-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "simple-flowing-porpoise" + } + ], + "severity": "Informational", + "severity_id": 1, + "status": "New", + "status_code": "PASS", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ no-op required", + "status_id": 1, + "time": 1772109554, + "time_dt": "2026-02-26T12:39:14Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.ObjStor.CN05.AR03 - Recovery of Previous Versions" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772109554, + "created_time_dt": "2026-02-26T12:39:14Z", + "desc": "Compliance test scenario: Object versions are retained after deletion", + "title": "Object versions are retained after deletion", + "types": [], + "uid": "ccc-test-1838-1772109554" + }, + "message": "Object versions are retained after deletion", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@object-storage", + "@CCC.ObjStor", + "@CCC.ObjStor.CN05", + "@tlp-clear", + "@tlp-green", + "@tlp-amber", + "@tlp-red", + "@Policy" ], "version": "1.4.0" }, @@ -36,39 +21201,112 @@ "details": " service on :", "metadata": { "findings": [], - "name": "arn:aws:s3:us-east-1:211203495394:storage-lens/default-account-dashboard", + "name": "simple-flowing-porpoise", "region": "us-east-1", "status": "ACTIVE", "tags": [], - "type": "s3" + "type": "object-storage" } }, "group": { - "name": "s3" + "name": "object-storage" }, - "labels": [ - "{\"Preexisting\": \"20251012\"}" - ], - "name": "arn:aws:s3:us-east-1:211203495394:storage-lens/default-account-dashboard", + "name": "simple-flowing-porpoise", "region": "us-east-1", - "type": "s3", - "uid": "arn:aws:s3:us-east-1:211203495394:storage-lens/default-account-dashboard" + "type": "object-storage", + "uid": "simple-flowing-porpoise" } ], "severity": "Informational", "severity_id": 1, "status": "New", "status_code": "PASS", - "status_detail": "βœ“ a cloud api for \"{Provider}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" with parameter \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" with parameter \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ I call \"{storage}\" with \"CreateBucket\" with parameter \"test-bucket-obj-write\"\nβœ“ I refer to \"{result}\" as \"bucket\"\nβœ“ I call \"{storage}\" with \"DeleteBucket\" with parameter \"{bucket.ID}\"\nβœ“ I call \"{iamService}\" with \"DestroyUser\" with parameter \"{testUserTrusted}\"\nβœ“ I call \"{iamService}\" with \"DestroyUser\" with parameter \"{testUserUntrusted}\"", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ no-op required", + "status_id": 1, + "time": 1772109554, + "time_dt": "2026-02-26T12:39:14Z", + "type_name": "Compliance Finding: Test", + "type_uid": 200401, + "unmapped": { + "compliance": { + "CCC": [ + "CCC.ObjStor.CN05.AR04 - Retain Versions on Delete" + ] + } + } + }, + { + "activity_id": 1, + "activity_name": "Test", + "category_name": "Findings", + "category_uid": 2, + "class_name": "Compliance Finding", + "class_uid": 2004, + "finding_info": { + "created_time": 1772109554, + "created_time_dt": "2026-02-26T12:39:14Z", + "desc": "Compliance test scenario: Access logs are stored in a separate data store", + "title": "Access logs are stored in a separate data store", + "types": [], + "uid": "ccc-test-1854-1772109554" + }, + "message": "Access logs are stored in a separate data store", + "metadata": { + "event_code": "ccc_compliance_test", + "product": { + "name": "CCC-Complete", + "uid": "CCC-Complete", + "vendor_name": "FINOS", + "version": "0.1" + }, + "profiles": [ + "@PerService", + "@object-storage", + "@CCC.ObjStor", + "@CCC.ObjStor.CN06", + "@tlp-amber", + "@tlp-red", + "@Policy" + ], + "version": "1.4.0" + }, + "resources": [ + { + "cloud_partition": "aws", + "data": { + "details": " service on :", + "metadata": { + "findings": [], + "name": "simple-flowing-porpoise", + "region": "us-east-1", + "status": "ACTIVE", + "tags": [], + "type": "object-storage" + } + }, + "group": { + "name": "object-storage" + }, + "name": "simple-flowing-porpoise", + "region": "us-east-1", + "type": "object-storage", + "uid": "simple-flowing-porpoise" + } + ], + "severity": "Medium", + "severity_id": 3, + "status": "New", + "status_code": "FAIL", + "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ— I attempt policy check \"object-storage-access-logging\" for control \"CCC.ObjStor.CN06\" assessment requirement \"AR01\" for service \"{ServiceType}\" on resource \"{ResourceName}\" and provider \"{Provider}\" - Error: policy check file not found: /home/runner/work/ccc-cfi-compliance/ccc-cfi-compliance/testing/policy/CCC.ObjStor/CCC.ObjStor.CN06/AR01/object-storage-access-logging/aws.yaml\n⊘ \"{result}\" is true (skipped)", "status_id": 1, - "time": 1760898494, - "time_dt": "2025-10-19T18:28:14Z", + "time": 1772109554, + "time_dt": "2026-02-26T12:39:14Z", "type_name": "Compliance Finding: Test", "type_uid": 200401, "unmapped": { "compliance": { "CCC": [ - "CCC.ObjStor.C01.TR04" + "CCC.ObjStor.CN06.AR01 - Access Logs in Separate Data Store" ] } } diff --git a/website/src/data/test-results/finos-labs-ccc-cfi-compliance/aws-s3-bucket/results/aws-s3-bucket-complete.ocsf.json b/website/src/data/test-results/finos-labs-ccc-cfi-compliance/aws-s3-bucket/results/aws-s3-bucket-complete.ocsf.json deleted file mode 100644 index d1fa0808..00000000 --- a/website/src/data/test-results/finos-labs-ccc-cfi-compliance/aws-s3-bucket/results/aws-s3-bucket-complete.ocsf.json +++ /dev/null @@ -1,84675 +0,0 @@ -[ - { - "message": "IAM Access Analyzer in account 211203495394 is not enabled.", - "metadata": { - "event_code": "accessanalyzer_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "IAM Access Analyzer in account 211203495394 is not enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "identity-access", - "trust-boundaries" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-manage-external.html", - "https://aws.amazon.com/iam/access-analyzer/", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/API_CreateAnalyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-external.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/Welcome.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-internal.html" - ], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-01.04B", - "IAM-06.01AC", - "IAM-10.01B", - "IAM-10.02B", - "INQ-04.01AC", - "PSS-08.03B", - "PSS-09.01AC" - ], - "CIS-3.0": [ - "1.20" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.20" - ], - "CIS-5.0": [ - "1.19" - ], - "CIS-1.4": [ - "1.20" - ], - "CCC": [ - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN05.AR04" - ], - "ProwlerThreatScore-1.0": [ - "1.2.6" - ], - "CIS-1.5": [ - "1.20" - ], - "ISO27001-2022": [ - "A.8.3" - ], - "AWS-Account-Security-Onboarding": [ - "Enabled security services", - "Create analyzers in each active regions", - "Verify that events are present in SecurityHub aggregated view" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-2.0": [ - "1.20" - ], - "NIS2": [ - "3.2.3.e", - "11.1.1", - "11.2.1", - "11.2.2.e" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "**IAM Access Analyzer** presence and status are evaluated per account and Region. An analyzer in `ACTIVE` state indicates continuous analysis of supported resources and IAM activity to identify external, internal, and unused access.", - "title": "IAM Access Analyzer is enabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices" - ], - "uid": "prowler-aws-accessanalyzer_enabled-211203495394-ap-northeast-1-analyzer/unknown" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-northeast-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:accessanalyzer:ap-northeast-1:211203495394:analyzer/unknown", - "name": "analyzer/unknown", - "status": "NOT_AVAILABLE", - "findings": [], - "tags": [], - "type": "", - "region": "ap-northeast-1" - } - }, - "group": { - "name": "accessanalyzer" - }, - "labels": [], - "name": "analyzer/unknown", - "type": "Other", - "uid": "arn:aws:accessanalyzer:ap-northeast-1:211203495394:analyzer/unknown" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-northeast-1" - }, - "remediation": { - "desc": "Enable **IAM Access Analyzer** across all accounts and active Regions (*or organization-wide*). Operate on least privilege: continuously review findings, remove unintended access, and trim unused permissions. Use archive rules sparingly, integrate reviews into change/CI/CD workflows, and enforce separation of duties on policy changes.", - "references": [ - "https://hub.prowler.com/check/accessanalyzer_enabled" - ] - }, - "risk_details": "Without an active analyzer, visibility into unintended public, cross-account, or risky internal access is lost. Adversaries can exploit exposed S3, snapshots, KMS keys, or permissive role trusts for data exfiltration and escalation. Unused permissions persist, enlarging the attack surface. This degrades confidentiality and integrity.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "IAM Access Analyzer in account 211203495394 is not enabled.", - "metadata": { - "event_code": "accessanalyzer_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "IAM Access Analyzer in account 211203495394 is not enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "identity-access", - "trust-boundaries" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-manage-external.html", - "https://aws.amazon.com/iam/access-analyzer/", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/API_CreateAnalyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-external.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/Welcome.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-internal.html" - ], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-01.04B", - "IAM-06.01AC", - "IAM-10.01B", - "IAM-10.02B", - "INQ-04.01AC", - "PSS-08.03B", - "PSS-09.01AC" - ], - "CIS-3.0": [ - "1.20" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.20" - ], - "CIS-5.0": [ - "1.19" - ], - "CIS-1.4": [ - "1.20" - ], - "CCC": [ - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN05.AR04" - ], - "ProwlerThreatScore-1.0": [ - "1.2.6" - ], - "CIS-1.5": [ - "1.20" - ], - "ISO27001-2022": [ - "A.8.3" - ], - "AWS-Account-Security-Onboarding": [ - "Enabled security services", - "Create analyzers in each active regions", - "Verify that events are present in SecurityHub aggregated view" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-2.0": [ - "1.20" - ], - "NIS2": [ - "3.2.3.e", - "11.1.1", - "11.2.1", - "11.2.2.e" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "**IAM Access Analyzer** presence and status are evaluated per account and Region. An analyzer in `ACTIVE` state indicates continuous analysis of supported resources and IAM activity to identify external, internal, and unused access.", - "title": "IAM Access Analyzer is enabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices" - ], - "uid": "prowler-aws-accessanalyzer_enabled-211203495394-ap-northeast-2-analyzer/unknown" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-northeast-2", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:accessanalyzer:ap-northeast-2:211203495394:analyzer/unknown", - "name": "analyzer/unknown", - "status": "NOT_AVAILABLE", - "findings": [], - "tags": [], - "type": "", - "region": "ap-northeast-2" - } - }, - "group": { - "name": "accessanalyzer" - }, - "labels": [], - "name": "analyzer/unknown", - "type": "Other", - "uid": "arn:aws:accessanalyzer:ap-northeast-2:211203495394:analyzer/unknown" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-northeast-2" - }, - "remediation": { - "desc": "Enable **IAM Access Analyzer** across all accounts and active Regions (*or organization-wide*). Operate on least privilege: continuously review findings, remove unintended access, and trim unused permissions. Use archive rules sparingly, integrate reviews into change/CI/CD workflows, and enforce separation of duties on policy changes.", - "references": [ - "https://hub.prowler.com/check/accessanalyzer_enabled" - ] - }, - "risk_details": "Without an active analyzer, visibility into unintended public, cross-account, or risky internal access is lost. Adversaries can exploit exposed S3, snapshots, KMS keys, or permissive role trusts for data exfiltration and escalation. Unused permissions persist, enlarging the attack surface. This degrades confidentiality and integrity.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "IAM Access Analyzer in account 211203495394 is not enabled.", - "metadata": { - "event_code": "accessanalyzer_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "IAM Access Analyzer in account 211203495394 is not enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "identity-access", - "trust-boundaries" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-manage-external.html", - "https://aws.amazon.com/iam/access-analyzer/", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/API_CreateAnalyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-external.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/Welcome.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-internal.html" - ], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-01.04B", - "IAM-06.01AC", - "IAM-10.01B", - "IAM-10.02B", - "INQ-04.01AC", - "PSS-08.03B", - "PSS-09.01AC" - ], - "CIS-3.0": [ - "1.20" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.20" - ], - "CIS-5.0": [ - "1.19" - ], - "CIS-1.4": [ - "1.20" - ], - "CCC": [ - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN05.AR04" - ], - "ProwlerThreatScore-1.0": [ - "1.2.6" - ], - "CIS-1.5": [ - "1.20" - ], - "ISO27001-2022": [ - "A.8.3" - ], - "AWS-Account-Security-Onboarding": [ - "Enabled security services", - "Create analyzers in each active regions", - "Verify that events are present in SecurityHub aggregated view" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-2.0": [ - "1.20" - ], - "NIS2": [ - "3.2.3.e", - "11.1.1", - "11.2.1", - "11.2.2.e" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "**IAM Access Analyzer** presence and status are evaluated per account and Region. An analyzer in `ACTIVE` state indicates continuous analysis of supported resources and IAM activity to identify external, internal, and unused access.", - "title": "IAM Access Analyzer is enabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices" - ], - "uid": "prowler-aws-accessanalyzer_enabled-211203495394-ap-northeast-3-analyzer/unknown" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-northeast-3", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:accessanalyzer:ap-northeast-3:211203495394:analyzer/unknown", - "name": "analyzer/unknown", - "status": "NOT_AVAILABLE", - "findings": [], - "tags": [], - "type": "", - "region": "ap-northeast-3" - } - }, - "group": { - "name": "accessanalyzer" - }, - "labels": [], - "name": "analyzer/unknown", - "type": "Other", - "uid": "arn:aws:accessanalyzer:ap-northeast-3:211203495394:analyzer/unknown" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-northeast-3" - }, - "remediation": { - "desc": "Enable **IAM Access Analyzer** across all accounts and active Regions (*or organization-wide*). Operate on least privilege: continuously review findings, remove unintended access, and trim unused permissions. Use archive rules sparingly, integrate reviews into change/CI/CD workflows, and enforce separation of duties on policy changes.", - "references": [ - "https://hub.prowler.com/check/accessanalyzer_enabled" - ] - }, - "risk_details": "Without an active analyzer, visibility into unintended public, cross-account, or risky internal access is lost. Adversaries can exploit exposed S3, snapshots, KMS keys, or permissive role trusts for data exfiltration and escalation. Unused permissions persist, enlarging the attack surface. This degrades confidentiality and integrity.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "IAM Access Analyzer in account 211203495394 is not enabled.", - "metadata": { - "event_code": "accessanalyzer_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "IAM Access Analyzer in account 211203495394 is not enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "identity-access", - "trust-boundaries" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-manage-external.html", - "https://aws.amazon.com/iam/access-analyzer/", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/API_CreateAnalyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-external.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/Welcome.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-internal.html" - ], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-01.04B", - "IAM-06.01AC", - "IAM-10.01B", - "IAM-10.02B", - "INQ-04.01AC", - "PSS-08.03B", - "PSS-09.01AC" - ], - "CIS-3.0": [ - "1.20" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.20" - ], - "CIS-5.0": [ - "1.19" - ], - "CIS-1.4": [ - "1.20" - ], - "CCC": [ - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN05.AR04" - ], - "ProwlerThreatScore-1.0": [ - "1.2.6" - ], - "CIS-1.5": [ - "1.20" - ], - "ISO27001-2022": [ - "A.8.3" - ], - "AWS-Account-Security-Onboarding": [ - "Enabled security services", - "Create analyzers in each active regions", - "Verify that events are present in SecurityHub aggregated view" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-2.0": [ - "1.20" - ], - "NIS2": [ - "3.2.3.e", - "11.1.1", - "11.2.1", - "11.2.2.e" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "**IAM Access Analyzer** presence and status are evaluated per account and Region. An analyzer in `ACTIVE` state indicates continuous analysis of supported resources and IAM activity to identify external, internal, and unused access.", - "title": "IAM Access Analyzer is enabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices" - ], - "uid": "prowler-aws-accessanalyzer_enabled-211203495394-ap-south-1-analyzer/unknown" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-south-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:accessanalyzer:ap-south-1:211203495394:analyzer/unknown", - "name": "analyzer/unknown", - "status": "NOT_AVAILABLE", - "findings": [], - "tags": [], - "type": "", - "region": "ap-south-1" - } - }, - "group": { - "name": "accessanalyzer" - }, - "labels": [], - "name": "analyzer/unknown", - "type": "Other", - "uid": "arn:aws:accessanalyzer:ap-south-1:211203495394:analyzer/unknown" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-south-1" - }, - "remediation": { - "desc": "Enable **IAM Access Analyzer** across all accounts and active Regions (*or organization-wide*). Operate on least privilege: continuously review findings, remove unintended access, and trim unused permissions. Use archive rules sparingly, integrate reviews into change/CI/CD workflows, and enforce separation of duties on policy changes.", - "references": [ - "https://hub.prowler.com/check/accessanalyzer_enabled" - ] - }, - "risk_details": "Without an active analyzer, visibility into unintended public, cross-account, or risky internal access is lost. Adversaries can exploit exposed S3, snapshots, KMS keys, or permissive role trusts for data exfiltration and escalation. Unused permissions persist, enlarging the attack surface. This degrades confidentiality and integrity.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "IAM Access Analyzer in account 211203495394 is not enabled.", - "metadata": { - "event_code": "accessanalyzer_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "IAM Access Analyzer in account 211203495394 is not enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "identity-access", - "trust-boundaries" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-manage-external.html", - "https://aws.amazon.com/iam/access-analyzer/", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/API_CreateAnalyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-external.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/Welcome.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-internal.html" - ], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-01.04B", - "IAM-06.01AC", - "IAM-10.01B", - "IAM-10.02B", - "INQ-04.01AC", - "PSS-08.03B", - "PSS-09.01AC" - ], - "CIS-3.0": [ - "1.20" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.20" - ], - "CIS-5.0": [ - "1.19" - ], - "CIS-1.4": [ - "1.20" - ], - "CCC": [ - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN05.AR04" - ], - "ProwlerThreatScore-1.0": [ - "1.2.6" - ], - "CIS-1.5": [ - "1.20" - ], - "ISO27001-2022": [ - "A.8.3" - ], - "AWS-Account-Security-Onboarding": [ - "Enabled security services", - "Create analyzers in each active regions", - "Verify that events are present in SecurityHub aggregated view" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-2.0": [ - "1.20" - ], - "NIS2": [ - "3.2.3.e", - "11.1.1", - "11.2.1", - "11.2.2.e" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "**IAM Access Analyzer** presence and status are evaluated per account and Region. An analyzer in `ACTIVE` state indicates continuous analysis of supported resources and IAM activity to identify external, internal, and unused access.", - "title": "IAM Access Analyzer is enabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices" - ], - "uid": "prowler-aws-accessanalyzer_enabled-211203495394-ap-southeast-1-analyzer/unknown" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-southeast-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:accessanalyzer:ap-southeast-1:211203495394:analyzer/unknown", - "name": "analyzer/unknown", - "status": "NOT_AVAILABLE", - "findings": [], - "tags": [], - "type": "", - "region": "ap-southeast-1" - } - }, - "group": { - "name": "accessanalyzer" - }, - "labels": [], - "name": "analyzer/unknown", - "type": "Other", - "uid": "arn:aws:accessanalyzer:ap-southeast-1:211203495394:analyzer/unknown" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-southeast-1" - }, - "remediation": { - "desc": "Enable **IAM Access Analyzer** across all accounts and active Regions (*or organization-wide*). Operate on least privilege: continuously review findings, remove unintended access, and trim unused permissions. Use archive rules sparingly, integrate reviews into change/CI/CD workflows, and enforce separation of duties on policy changes.", - "references": [ - "https://hub.prowler.com/check/accessanalyzer_enabled" - ] - }, - "risk_details": "Without an active analyzer, visibility into unintended public, cross-account, or risky internal access is lost. Adversaries can exploit exposed S3, snapshots, KMS keys, or permissive role trusts for data exfiltration and escalation. Unused permissions persist, enlarging the attack surface. This degrades confidentiality and integrity.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "IAM Access Analyzer in account 211203495394 is not enabled.", - "metadata": { - "event_code": "accessanalyzer_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "IAM Access Analyzer in account 211203495394 is not enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "identity-access", - "trust-boundaries" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-manage-external.html", - "https://aws.amazon.com/iam/access-analyzer/", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/API_CreateAnalyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-external.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/Welcome.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-internal.html" - ], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-01.04B", - "IAM-06.01AC", - "IAM-10.01B", - "IAM-10.02B", - "INQ-04.01AC", - "PSS-08.03B", - "PSS-09.01AC" - ], - "CIS-3.0": [ - "1.20" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.20" - ], - "CIS-5.0": [ - "1.19" - ], - "CIS-1.4": [ - "1.20" - ], - "CCC": [ - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN05.AR04" - ], - "ProwlerThreatScore-1.0": [ - "1.2.6" - ], - "CIS-1.5": [ - "1.20" - ], - "ISO27001-2022": [ - "A.8.3" - ], - "AWS-Account-Security-Onboarding": [ - "Enabled security services", - "Create analyzers in each active regions", - "Verify that events are present in SecurityHub aggregated view" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-2.0": [ - "1.20" - ], - "NIS2": [ - "3.2.3.e", - "11.1.1", - "11.2.1", - "11.2.2.e" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "**IAM Access Analyzer** presence and status are evaluated per account and Region. An analyzer in `ACTIVE` state indicates continuous analysis of supported resources and IAM activity to identify external, internal, and unused access.", - "title": "IAM Access Analyzer is enabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices" - ], - "uid": "prowler-aws-accessanalyzer_enabled-211203495394-ap-southeast-2-analyzer/unknown" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-southeast-2", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:accessanalyzer:ap-southeast-2:211203495394:analyzer/unknown", - "name": "analyzer/unknown", - "status": "NOT_AVAILABLE", - "findings": [], - "tags": [], - "type": "", - "region": "ap-southeast-2" - } - }, - "group": { - "name": "accessanalyzer" - }, - "labels": [], - "name": "analyzer/unknown", - "type": "Other", - "uid": "arn:aws:accessanalyzer:ap-southeast-2:211203495394:analyzer/unknown" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-southeast-2" - }, - "remediation": { - "desc": "Enable **IAM Access Analyzer** across all accounts and active Regions (*or organization-wide*). Operate on least privilege: continuously review findings, remove unintended access, and trim unused permissions. Use archive rules sparingly, integrate reviews into change/CI/CD workflows, and enforce separation of duties on policy changes.", - "references": [ - "https://hub.prowler.com/check/accessanalyzer_enabled" - ] - }, - "risk_details": "Without an active analyzer, visibility into unintended public, cross-account, or risky internal access is lost. Adversaries can exploit exposed S3, snapshots, KMS keys, or permissive role trusts for data exfiltration and escalation. Unused permissions persist, enlarging the attack surface. This degrades confidentiality and integrity.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "IAM Access Analyzer in account 211203495394 is not enabled.", - "metadata": { - "event_code": "accessanalyzer_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "IAM Access Analyzer in account 211203495394 is not enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "identity-access", - "trust-boundaries" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-manage-external.html", - "https://aws.amazon.com/iam/access-analyzer/", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/API_CreateAnalyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-external.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/Welcome.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-internal.html" - ], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-01.04B", - "IAM-06.01AC", - "IAM-10.01B", - "IAM-10.02B", - "INQ-04.01AC", - "PSS-08.03B", - "PSS-09.01AC" - ], - "CIS-3.0": [ - "1.20" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.20" - ], - "CIS-5.0": [ - "1.19" - ], - "CIS-1.4": [ - "1.20" - ], - "CCC": [ - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN05.AR04" - ], - "ProwlerThreatScore-1.0": [ - "1.2.6" - ], - "CIS-1.5": [ - "1.20" - ], - "ISO27001-2022": [ - "A.8.3" - ], - "AWS-Account-Security-Onboarding": [ - "Enabled security services", - "Create analyzers in each active regions", - "Verify that events are present in SecurityHub aggregated view" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-2.0": [ - "1.20" - ], - "NIS2": [ - "3.2.3.e", - "11.1.1", - "11.2.1", - "11.2.2.e" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "**IAM Access Analyzer** presence and status are evaluated per account and Region. An analyzer in `ACTIVE` state indicates continuous analysis of supported resources and IAM activity to identify external, internal, and unused access.", - "title": "IAM Access Analyzer is enabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices" - ], - "uid": "prowler-aws-accessanalyzer_enabled-211203495394-ca-central-1-analyzer/unknown" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ca-central-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:accessanalyzer:ca-central-1:211203495394:analyzer/unknown", - "name": "analyzer/unknown", - "status": "NOT_AVAILABLE", - "findings": [], - "tags": [], - "type": "", - "region": "ca-central-1" - } - }, - "group": { - "name": "accessanalyzer" - }, - "labels": [], - "name": "analyzer/unknown", - "type": "Other", - "uid": "arn:aws:accessanalyzer:ca-central-1:211203495394:analyzer/unknown" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ca-central-1" - }, - "remediation": { - "desc": "Enable **IAM Access Analyzer** across all accounts and active Regions (*or organization-wide*). Operate on least privilege: continuously review findings, remove unintended access, and trim unused permissions. Use archive rules sparingly, integrate reviews into change/CI/CD workflows, and enforce separation of duties on policy changes.", - "references": [ - "https://hub.prowler.com/check/accessanalyzer_enabled" - ] - }, - "risk_details": "Without an active analyzer, visibility into unintended public, cross-account, or risky internal access is lost. Adversaries can exploit exposed S3, snapshots, KMS keys, or permissive role trusts for data exfiltration and escalation. Unused permissions persist, enlarging the attack surface. This degrades confidentiality and integrity.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "IAM Access Analyzer in account 211203495394 is not enabled.", - "metadata": { - "event_code": "accessanalyzer_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "IAM Access Analyzer in account 211203495394 is not enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "identity-access", - "trust-boundaries" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-manage-external.html", - "https://aws.amazon.com/iam/access-analyzer/", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/API_CreateAnalyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-external.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/Welcome.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-internal.html" - ], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-01.04B", - "IAM-06.01AC", - "IAM-10.01B", - "IAM-10.02B", - "INQ-04.01AC", - "PSS-08.03B", - "PSS-09.01AC" - ], - "CIS-3.0": [ - "1.20" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.20" - ], - "CIS-5.0": [ - "1.19" - ], - "CIS-1.4": [ - "1.20" - ], - "CCC": [ - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN05.AR04" - ], - "ProwlerThreatScore-1.0": [ - "1.2.6" - ], - "CIS-1.5": [ - "1.20" - ], - "ISO27001-2022": [ - "A.8.3" - ], - "AWS-Account-Security-Onboarding": [ - "Enabled security services", - "Create analyzers in each active regions", - "Verify that events are present in SecurityHub aggregated view" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-2.0": [ - "1.20" - ], - "NIS2": [ - "3.2.3.e", - "11.1.1", - "11.2.1", - "11.2.2.e" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "**IAM Access Analyzer** presence and status are evaluated per account and Region. An analyzer in `ACTIVE` state indicates continuous analysis of supported resources and IAM activity to identify external, internal, and unused access.", - "title": "IAM Access Analyzer is enabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices" - ], - "uid": "prowler-aws-accessanalyzer_enabled-211203495394-eu-central-1-analyzer/unknown" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-central-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:accessanalyzer:eu-central-1:211203495394:analyzer/unknown", - "name": "analyzer/unknown", - "status": "NOT_AVAILABLE", - "findings": [], - "tags": [], - "type": "", - "region": "eu-central-1" - } - }, - "group": { - "name": "accessanalyzer" - }, - "labels": [], - "name": "analyzer/unknown", - "type": "Other", - "uid": "arn:aws:accessanalyzer:eu-central-1:211203495394:analyzer/unknown" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-central-1" - }, - "remediation": { - "desc": "Enable **IAM Access Analyzer** across all accounts and active Regions (*or organization-wide*). Operate on least privilege: continuously review findings, remove unintended access, and trim unused permissions. Use archive rules sparingly, integrate reviews into change/CI/CD workflows, and enforce separation of duties on policy changes.", - "references": [ - "https://hub.prowler.com/check/accessanalyzer_enabled" - ] - }, - "risk_details": "Without an active analyzer, visibility into unintended public, cross-account, or risky internal access is lost. Adversaries can exploit exposed S3, snapshots, KMS keys, or permissive role trusts for data exfiltration and escalation. Unused permissions persist, enlarging the attack surface. This degrades confidentiality and integrity.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "IAM Access Analyzer in account 211203495394 is not enabled.", - "metadata": { - "event_code": "accessanalyzer_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "IAM Access Analyzer in account 211203495394 is not enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "identity-access", - "trust-boundaries" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-manage-external.html", - "https://aws.amazon.com/iam/access-analyzer/", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/API_CreateAnalyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-external.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/Welcome.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-internal.html" - ], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-01.04B", - "IAM-06.01AC", - "IAM-10.01B", - "IAM-10.02B", - "INQ-04.01AC", - "PSS-08.03B", - "PSS-09.01AC" - ], - "CIS-3.0": [ - "1.20" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.20" - ], - "CIS-5.0": [ - "1.19" - ], - "CIS-1.4": [ - "1.20" - ], - "CCC": [ - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN05.AR04" - ], - "ProwlerThreatScore-1.0": [ - "1.2.6" - ], - "CIS-1.5": [ - "1.20" - ], - "ISO27001-2022": [ - "A.8.3" - ], - "AWS-Account-Security-Onboarding": [ - "Enabled security services", - "Create analyzers in each active regions", - "Verify that events are present in SecurityHub aggregated view" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-2.0": [ - "1.20" - ], - "NIS2": [ - "3.2.3.e", - "11.1.1", - "11.2.1", - "11.2.2.e" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "**IAM Access Analyzer** presence and status are evaluated per account and Region. An analyzer in `ACTIVE` state indicates continuous analysis of supported resources and IAM activity to identify external, internal, and unused access.", - "title": "IAM Access Analyzer is enabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices" - ], - "uid": "prowler-aws-accessanalyzer_enabled-211203495394-eu-north-1-analyzer/unknown" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-north-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:accessanalyzer:eu-north-1:211203495394:analyzer/unknown", - "name": "analyzer/unknown", - "status": "NOT_AVAILABLE", - "findings": [], - "tags": [], - "type": "", - "region": "eu-north-1" - } - }, - "group": { - "name": "accessanalyzer" - }, - "labels": [], - "name": "analyzer/unknown", - "type": "Other", - "uid": "arn:aws:accessanalyzer:eu-north-1:211203495394:analyzer/unknown" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-north-1" - }, - "remediation": { - "desc": "Enable **IAM Access Analyzer** across all accounts and active Regions (*or organization-wide*). Operate on least privilege: continuously review findings, remove unintended access, and trim unused permissions. Use archive rules sparingly, integrate reviews into change/CI/CD workflows, and enforce separation of duties on policy changes.", - "references": [ - "https://hub.prowler.com/check/accessanalyzer_enabled" - ] - }, - "risk_details": "Without an active analyzer, visibility into unintended public, cross-account, or risky internal access is lost. Adversaries can exploit exposed S3, snapshots, KMS keys, or permissive role trusts for data exfiltration and escalation. Unused permissions persist, enlarging the attack surface. This degrades confidentiality and integrity.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "IAM Access Analyzer in account 211203495394 is not enabled.", - "metadata": { - "event_code": "accessanalyzer_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "IAM Access Analyzer in account 211203495394 is not enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "identity-access", - "trust-boundaries" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-manage-external.html", - "https://aws.amazon.com/iam/access-analyzer/", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/API_CreateAnalyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-external.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/Welcome.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-internal.html" - ], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-01.04B", - "IAM-06.01AC", - "IAM-10.01B", - "IAM-10.02B", - "INQ-04.01AC", - "PSS-08.03B", - "PSS-09.01AC" - ], - "CIS-3.0": [ - "1.20" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.20" - ], - "CIS-5.0": [ - "1.19" - ], - "CIS-1.4": [ - "1.20" - ], - "CCC": [ - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN05.AR04" - ], - "ProwlerThreatScore-1.0": [ - "1.2.6" - ], - "CIS-1.5": [ - "1.20" - ], - "ISO27001-2022": [ - "A.8.3" - ], - "AWS-Account-Security-Onboarding": [ - "Enabled security services", - "Create analyzers in each active regions", - "Verify that events are present in SecurityHub aggregated view" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-2.0": [ - "1.20" - ], - "NIS2": [ - "3.2.3.e", - "11.1.1", - "11.2.1", - "11.2.2.e" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "**IAM Access Analyzer** presence and status are evaluated per account and Region. An analyzer in `ACTIVE` state indicates continuous analysis of supported resources and IAM activity to identify external, internal, and unused access.", - "title": "IAM Access Analyzer is enabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices" - ], - "uid": "prowler-aws-accessanalyzer_enabled-211203495394-eu-west-1-analyzer/unknown" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:accessanalyzer:eu-west-1:211203495394:analyzer/unknown", - "name": "analyzer/unknown", - "status": "NOT_AVAILABLE", - "findings": [], - "tags": [], - "type": "", - "region": "eu-west-1" - } - }, - "group": { - "name": "accessanalyzer" - }, - "labels": [], - "name": "analyzer/unknown", - "type": "Other", - "uid": "arn:aws:accessanalyzer:eu-west-1:211203495394:analyzer/unknown" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Enable **IAM Access Analyzer** across all accounts and active Regions (*or organization-wide*). Operate on least privilege: continuously review findings, remove unintended access, and trim unused permissions. Use archive rules sparingly, integrate reviews into change/CI/CD workflows, and enforce separation of duties on policy changes.", - "references": [ - "https://hub.prowler.com/check/accessanalyzer_enabled" - ] - }, - "risk_details": "Without an active analyzer, visibility into unintended public, cross-account, or risky internal access is lost. Adversaries can exploit exposed S3, snapshots, KMS keys, or permissive role trusts for data exfiltration and escalation. Unused permissions persist, enlarging the attack surface. This degrades confidentiality and integrity.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "IAM Access Analyzer in account 211203495394 is not enabled.", - "metadata": { - "event_code": "accessanalyzer_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "IAM Access Analyzer in account 211203495394 is not enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "identity-access", - "trust-boundaries" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-manage-external.html", - "https://aws.amazon.com/iam/access-analyzer/", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/API_CreateAnalyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-external.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/Welcome.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-internal.html" - ], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-01.04B", - "IAM-06.01AC", - "IAM-10.01B", - "IAM-10.02B", - "INQ-04.01AC", - "PSS-08.03B", - "PSS-09.01AC" - ], - "CIS-3.0": [ - "1.20" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.20" - ], - "CIS-5.0": [ - "1.19" - ], - "CIS-1.4": [ - "1.20" - ], - "CCC": [ - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN05.AR04" - ], - "ProwlerThreatScore-1.0": [ - "1.2.6" - ], - "CIS-1.5": [ - "1.20" - ], - "ISO27001-2022": [ - "A.8.3" - ], - "AWS-Account-Security-Onboarding": [ - "Enabled security services", - "Create analyzers in each active regions", - "Verify that events are present in SecurityHub aggregated view" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-2.0": [ - "1.20" - ], - "NIS2": [ - "3.2.3.e", - "11.1.1", - "11.2.1", - "11.2.2.e" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "**IAM Access Analyzer** presence and status are evaluated per account and Region. An analyzer in `ACTIVE` state indicates continuous analysis of supported resources and IAM activity to identify external, internal, and unused access.", - "title": "IAM Access Analyzer is enabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices" - ], - "uid": "prowler-aws-accessanalyzer_enabled-211203495394-eu-west-2-analyzer/unknown" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-2", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:accessanalyzer:eu-west-2:211203495394:analyzer/unknown", - "name": "analyzer/unknown", - "status": "NOT_AVAILABLE", - "findings": [], - "tags": [], - "type": "", - "region": "eu-west-2" - } - }, - "group": { - "name": "accessanalyzer" - }, - "labels": [], - "name": "analyzer/unknown", - "type": "Other", - "uid": "arn:aws:accessanalyzer:eu-west-2:211203495394:analyzer/unknown" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-2" - }, - "remediation": { - "desc": "Enable **IAM Access Analyzer** across all accounts and active Regions (*or organization-wide*). Operate on least privilege: continuously review findings, remove unintended access, and trim unused permissions. Use archive rules sparingly, integrate reviews into change/CI/CD workflows, and enforce separation of duties on policy changes.", - "references": [ - "https://hub.prowler.com/check/accessanalyzer_enabled" - ] - }, - "risk_details": "Without an active analyzer, visibility into unintended public, cross-account, or risky internal access is lost. Adversaries can exploit exposed S3, snapshots, KMS keys, or permissive role trusts for data exfiltration and escalation. Unused permissions persist, enlarging the attack surface. This degrades confidentiality and integrity.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "IAM Access Analyzer in account 211203495394 is not enabled.", - "metadata": { - "event_code": "accessanalyzer_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "IAM Access Analyzer in account 211203495394 is not enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "identity-access", - "trust-boundaries" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-manage-external.html", - "https://aws.amazon.com/iam/access-analyzer/", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/API_CreateAnalyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-external.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/Welcome.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-internal.html" - ], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-01.04B", - "IAM-06.01AC", - "IAM-10.01B", - "IAM-10.02B", - "INQ-04.01AC", - "PSS-08.03B", - "PSS-09.01AC" - ], - "CIS-3.0": [ - "1.20" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.20" - ], - "CIS-5.0": [ - "1.19" - ], - "CIS-1.4": [ - "1.20" - ], - "CCC": [ - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN05.AR04" - ], - "ProwlerThreatScore-1.0": [ - "1.2.6" - ], - "CIS-1.5": [ - "1.20" - ], - "ISO27001-2022": [ - "A.8.3" - ], - "AWS-Account-Security-Onboarding": [ - "Enabled security services", - "Create analyzers in each active regions", - "Verify that events are present in SecurityHub aggregated view" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-2.0": [ - "1.20" - ], - "NIS2": [ - "3.2.3.e", - "11.1.1", - "11.2.1", - "11.2.2.e" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "**IAM Access Analyzer** presence and status are evaluated per account and Region. An analyzer in `ACTIVE` state indicates continuous analysis of supported resources and IAM activity to identify external, internal, and unused access.", - "title": "IAM Access Analyzer is enabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices" - ], - "uid": "prowler-aws-accessanalyzer_enabled-211203495394-eu-west-3-analyzer/unknown" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-3", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:accessanalyzer:eu-west-3:211203495394:analyzer/unknown", - "name": "analyzer/unknown", - "status": "NOT_AVAILABLE", - "findings": [], - "tags": [], - "type": "", - "region": "eu-west-3" - } - }, - "group": { - "name": "accessanalyzer" - }, - "labels": [], - "name": "analyzer/unknown", - "type": "Other", - "uid": "arn:aws:accessanalyzer:eu-west-3:211203495394:analyzer/unknown" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-3" - }, - "remediation": { - "desc": "Enable **IAM Access Analyzer** across all accounts and active Regions (*or organization-wide*). Operate on least privilege: continuously review findings, remove unintended access, and trim unused permissions. Use archive rules sparingly, integrate reviews into change/CI/CD workflows, and enforce separation of duties on policy changes.", - "references": [ - "https://hub.prowler.com/check/accessanalyzer_enabled" - ] - }, - "risk_details": "Without an active analyzer, visibility into unintended public, cross-account, or risky internal access is lost. Adversaries can exploit exposed S3, snapshots, KMS keys, or permissive role trusts for data exfiltration and escalation. Unused permissions persist, enlarging the attack surface. This degrades confidentiality and integrity.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "IAM Access Analyzer in account 211203495394 is not enabled.", - "metadata": { - "event_code": "accessanalyzer_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "IAM Access Analyzer in account 211203495394 is not enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "identity-access", - "trust-boundaries" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-manage-external.html", - "https://aws.amazon.com/iam/access-analyzer/", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/API_CreateAnalyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-external.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/Welcome.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-internal.html" - ], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-01.04B", - "IAM-06.01AC", - "IAM-10.01B", - "IAM-10.02B", - "INQ-04.01AC", - "PSS-08.03B", - "PSS-09.01AC" - ], - "CIS-3.0": [ - "1.20" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.20" - ], - "CIS-5.0": [ - "1.19" - ], - "CIS-1.4": [ - "1.20" - ], - "CCC": [ - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN05.AR04" - ], - "ProwlerThreatScore-1.0": [ - "1.2.6" - ], - "CIS-1.5": [ - "1.20" - ], - "ISO27001-2022": [ - "A.8.3" - ], - "AWS-Account-Security-Onboarding": [ - "Enabled security services", - "Create analyzers in each active regions", - "Verify that events are present in SecurityHub aggregated view" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-2.0": [ - "1.20" - ], - "NIS2": [ - "3.2.3.e", - "11.1.1", - "11.2.1", - "11.2.2.e" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "**IAM Access Analyzer** presence and status are evaluated per account and Region. An analyzer in `ACTIVE` state indicates continuous analysis of supported resources and IAM activity to identify external, internal, and unused access.", - "title": "IAM Access Analyzer is enabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices" - ], - "uid": "prowler-aws-accessanalyzer_enabled-211203495394-sa-east-1-analyzer/unknown" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "sa-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:accessanalyzer:sa-east-1:211203495394:analyzer/unknown", - "name": "analyzer/unknown", - "status": "NOT_AVAILABLE", - "findings": [], - "tags": [], - "type": "", - "region": "sa-east-1" - } - }, - "group": { - "name": "accessanalyzer" - }, - "labels": [], - "name": "analyzer/unknown", - "type": "Other", - "uid": "arn:aws:accessanalyzer:sa-east-1:211203495394:analyzer/unknown" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "sa-east-1" - }, - "remediation": { - "desc": "Enable **IAM Access Analyzer** across all accounts and active Regions (*or organization-wide*). Operate on least privilege: continuously review findings, remove unintended access, and trim unused permissions. Use archive rules sparingly, integrate reviews into change/CI/CD workflows, and enforce separation of duties on policy changes.", - "references": [ - "https://hub.prowler.com/check/accessanalyzer_enabled" - ] - }, - "risk_details": "Without an active analyzer, visibility into unintended public, cross-account, or risky internal access is lost. Adversaries can exploit exposed S3, snapshots, KMS keys, or permissive role trusts for data exfiltration and escalation. Unused permissions persist, enlarging the attack surface. This degrades confidentiality and integrity.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "IAM Access Analyzer in account 211203495394 is not enabled.", - "metadata": { - "event_code": "accessanalyzer_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "IAM Access Analyzer in account 211203495394 is not enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "identity-access", - "trust-boundaries" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-manage-external.html", - "https://aws.amazon.com/iam/access-analyzer/", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/API_CreateAnalyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-external.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/Welcome.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-internal.html" - ], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-01.04B", - "IAM-06.01AC", - "IAM-10.01B", - "IAM-10.02B", - "INQ-04.01AC", - "PSS-08.03B", - "PSS-09.01AC" - ], - "CIS-3.0": [ - "1.20" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.20" - ], - "CIS-5.0": [ - "1.19" - ], - "CIS-1.4": [ - "1.20" - ], - "CCC": [ - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN05.AR04" - ], - "ProwlerThreatScore-1.0": [ - "1.2.6" - ], - "CIS-1.5": [ - "1.20" - ], - "ISO27001-2022": [ - "A.8.3" - ], - "AWS-Account-Security-Onboarding": [ - "Enabled security services", - "Create analyzers in each active regions", - "Verify that events are present in SecurityHub aggregated view" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-2.0": [ - "1.20" - ], - "NIS2": [ - "3.2.3.e", - "11.1.1", - "11.2.1", - "11.2.2.e" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "**IAM Access Analyzer** presence and status are evaluated per account and Region. An analyzer in `ACTIVE` state indicates continuous analysis of supported resources and IAM activity to identify external, internal, and unused access.", - "title": "IAM Access Analyzer is enabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices" - ], - "uid": "prowler-aws-accessanalyzer_enabled-211203495394-us-east-1-analyzer/unknown" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:accessanalyzer:us-east-1:211203495394:analyzer/unknown", - "name": "analyzer/unknown", - "status": "NOT_AVAILABLE", - "findings": [], - "tags": [], - "type": "", - "region": "us-east-1" - } - }, - "group": { - "name": "accessanalyzer" - }, - "labels": [], - "name": "analyzer/unknown", - "type": "Other", - "uid": "arn:aws:accessanalyzer:us-east-1:211203495394:analyzer/unknown" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Enable **IAM Access Analyzer** across all accounts and active Regions (*or organization-wide*). Operate on least privilege: continuously review findings, remove unintended access, and trim unused permissions. Use archive rules sparingly, integrate reviews into change/CI/CD workflows, and enforce separation of duties on policy changes.", - "references": [ - "https://hub.prowler.com/check/accessanalyzer_enabled" - ] - }, - "risk_details": "Without an active analyzer, visibility into unintended public, cross-account, or risky internal access is lost. Adversaries can exploit exposed S3, snapshots, KMS keys, or permissive role trusts for data exfiltration and escalation. Unused permissions persist, enlarging the attack surface. This degrades confidentiality and integrity.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "IAM Access Analyzer in account 211203495394 is not enabled.", - "metadata": { - "event_code": "accessanalyzer_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "IAM Access Analyzer in account 211203495394 is not enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "identity-access", - "trust-boundaries" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-manage-external.html", - "https://aws.amazon.com/iam/access-analyzer/", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/API_CreateAnalyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-external.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/Welcome.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-internal.html" - ], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-01.04B", - "IAM-06.01AC", - "IAM-10.01B", - "IAM-10.02B", - "INQ-04.01AC", - "PSS-08.03B", - "PSS-09.01AC" - ], - "CIS-3.0": [ - "1.20" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.20" - ], - "CIS-5.0": [ - "1.19" - ], - "CIS-1.4": [ - "1.20" - ], - "CCC": [ - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN05.AR04" - ], - "ProwlerThreatScore-1.0": [ - "1.2.6" - ], - "CIS-1.5": [ - "1.20" - ], - "ISO27001-2022": [ - "A.8.3" - ], - "AWS-Account-Security-Onboarding": [ - "Enabled security services", - "Create analyzers in each active regions", - "Verify that events are present in SecurityHub aggregated view" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-2.0": [ - "1.20" - ], - "NIS2": [ - "3.2.3.e", - "11.1.1", - "11.2.1", - "11.2.2.e" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "**IAM Access Analyzer** presence and status are evaluated per account and Region. An analyzer in `ACTIVE` state indicates continuous analysis of supported resources and IAM activity to identify external, internal, and unused access.", - "title": "IAM Access Analyzer is enabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices" - ], - "uid": "prowler-aws-accessanalyzer_enabled-211203495394-us-east-2-analyzer/unknown" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-2", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:accessanalyzer:us-east-2:211203495394:analyzer/unknown", - "name": "analyzer/unknown", - "status": "NOT_AVAILABLE", - "findings": [], - "tags": [], - "type": "", - "region": "us-east-2" - } - }, - "group": { - "name": "accessanalyzer" - }, - "labels": [], - "name": "analyzer/unknown", - "type": "Other", - "uid": "arn:aws:accessanalyzer:us-east-2:211203495394:analyzer/unknown" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-2" - }, - "remediation": { - "desc": "Enable **IAM Access Analyzer** across all accounts and active Regions (*or organization-wide*). Operate on least privilege: continuously review findings, remove unintended access, and trim unused permissions. Use archive rules sparingly, integrate reviews into change/CI/CD workflows, and enforce separation of duties on policy changes.", - "references": [ - "https://hub.prowler.com/check/accessanalyzer_enabled" - ] - }, - "risk_details": "Without an active analyzer, visibility into unintended public, cross-account, or risky internal access is lost. Adversaries can exploit exposed S3, snapshots, KMS keys, or permissive role trusts for data exfiltration and escalation. Unused permissions persist, enlarging the attack surface. This degrades confidentiality and integrity.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "IAM Access Analyzer in account 211203495394 is not enabled.", - "metadata": { - "event_code": "accessanalyzer_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "IAM Access Analyzer in account 211203495394 is not enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "identity-access", - "trust-boundaries" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-manage-external.html", - "https://aws.amazon.com/iam/access-analyzer/", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/API_CreateAnalyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-external.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/Welcome.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-internal.html" - ], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-01.04B", - "IAM-06.01AC", - "IAM-10.01B", - "IAM-10.02B", - "INQ-04.01AC", - "PSS-08.03B", - "PSS-09.01AC" - ], - "CIS-3.0": [ - "1.20" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.20" - ], - "CIS-5.0": [ - "1.19" - ], - "CIS-1.4": [ - "1.20" - ], - "CCC": [ - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN05.AR04" - ], - "ProwlerThreatScore-1.0": [ - "1.2.6" - ], - "CIS-1.5": [ - "1.20" - ], - "ISO27001-2022": [ - "A.8.3" - ], - "AWS-Account-Security-Onboarding": [ - "Enabled security services", - "Create analyzers in each active regions", - "Verify that events are present in SecurityHub aggregated view" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-2.0": [ - "1.20" - ], - "NIS2": [ - "3.2.3.e", - "11.1.1", - "11.2.1", - "11.2.2.e" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "**IAM Access Analyzer** presence and status are evaluated per account and Region. An analyzer in `ACTIVE` state indicates continuous analysis of supported resources and IAM activity to identify external, internal, and unused access.", - "title": "IAM Access Analyzer is enabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices" - ], - "uid": "prowler-aws-accessanalyzer_enabled-211203495394-us-west-1-analyzer/unknown" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:accessanalyzer:us-west-1:211203495394:analyzer/unknown", - "name": "analyzer/unknown", - "status": "NOT_AVAILABLE", - "findings": [], - "tags": [], - "type": "", - "region": "us-west-1" - } - }, - "group": { - "name": "accessanalyzer" - }, - "labels": [], - "name": "analyzer/unknown", - "type": "Other", - "uid": "arn:aws:accessanalyzer:us-west-1:211203495394:analyzer/unknown" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-west-1" - }, - "remediation": { - "desc": "Enable **IAM Access Analyzer** across all accounts and active Regions (*or organization-wide*). Operate on least privilege: continuously review findings, remove unintended access, and trim unused permissions. Use archive rules sparingly, integrate reviews into change/CI/CD workflows, and enforce separation of duties on policy changes.", - "references": [ - "https://hub.prowler.com/check/accessanalyzer_enabled" - ] - }, - "risk_details": "Without an active analyzer, visibility into unintended public, cross-account, or risky internal access is lost. Adversaries can exploit exposed S3, snapshots, KMS keys, or permissive role trusts for data exfiltration and escalation. Unused permissions persist, enlarging the attack surface. This degrades confidentiality and integrity.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "IAM Access Analyzer in account 211203495394 is not enabled.", - "metadata": { - "event_code": "accessanalyzer_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "IAM Access Analyzer in account 211203495394 is not enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "identity-access", - "trust-boundaries" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-manage-external.html", - "https://aws.amazon.com/iam/access-analyzer/", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/API_CreateAnalyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-external.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/Welcome.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-internal.html" - ], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-01.04B", - "IAM-06.01AC", - "IAM-10.01B", - "IAM-10.02B", - "INQ-04.01AC", - "PSS-08.03B", - "PSS-09.01AC" - ], - "CIS-3.0": [ - "1.20" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.20" - ], - "CIS-5.0": [ - "1.19" - ], - "CIS-1.4": [ - "1.20" - ], - "CCC": [ - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN05.AR04" - ], - "ProwlerThreatScore-1.0": [ - "1.2.6" - ], - "CIS-1.5": [ - "1.20" - ], - "ISO27001-2022": [ - "A.8.3" - ], - "AWS-Account-Security-Onboarding": [ - "Enabled security services", - "Create analyzers in each active regions", - "Verify that events are present in SecurityHub aggregated view" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-2.0": [ - "1.20" - ], - "NIS2": [ - "3.2.3.e", - "11.1.1", - "11.2.1", - "11.2.2.e" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "**IAM Access Analyzer** presence and status are evaluated per account and Region. An analyzer in `ACTIVE` state indicates continuous analysis of supported resources and IAM activity to identify external, internal, and unused access.", - "title": "IAM Access Analyzer is enabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices" - ], - "uid": "prowler-aws-accessanalyzer_enabled-211203495394-us-west-2-analyzer/unknown" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-west-2", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:accessanalyzer:us-west-2:211203495394:analyzer/unknown", - "name": "analyzer/unknown", - "status": "NOT_AVAILABLE", - "findings": [], - "tags": [], - "type": "", - "region": "us-west-2" - } - }, - "group": { - "name": "accessanalyzer" - }, - "labels": [], - "name": "analyzer/unknown", - "type": "Other", - "uid": "arn:aws:accessanalyzer:us-west-2:211203495394:analyzer/unknown" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-west-2" - }, - "remediation": { - "desc": "Enable **IAM Access Analyzer** across all accounts and active Regions (*or organization-wide*). Operate on least privilege: continuously review findings, remove unintended access, and trim unused permissions. Use archive rules sparingly, integrate reviews into change/CI/CD workflows, and enforce separation of duties on policy changes.", - "references": [ - "https://hub.prowler.com/check/accessanalyzer_enabled" - ] - }, - "risk_details": "Without an active analyzer, visibility into unintended public, cross-account, or risky internal access is lost. Adversaries can exploit exposed S3, snapshots, KMS keys, or permissive role trusts for data exfiltration and escalation. Unused permissions persist, enlarging the attack surface. This degrades confidentiality and integrity.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Login to the AWS Console. Choose your account name on the top right of the window -> My Account -> Contact Information.", - "metadata": { - "event_code": "account_maintain_current_contact_details", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "MANUAL", - "status_detail": "Login to the AWS Console. Choose your account name on the top right of the window -> My Account -> Contact Information.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://docs.prowler.com/checks/aws/iam-policies/iam_18-maintain-contact-details#aws-console", - "https://repost.aws/knowledge-center/update-phone-number", - "https://support.stax.io/docs/accounts/update-aws-account-contact-details", - "https://maartenbruntink.nl/blog/2022/09/26/aws-account-hygiene-101-mass-updating-alternate-account-contacts/", - "https://docs.aws.amazon.com/security-ir/latest/userguide/update-account-contact-info.html", - "https://docs.aws.amazon.com/accounts/latest/reference/manage-acct-update-contact-primary.html", - "https://repost.aws/knowledge-center/add-update-billing-contact", - "https://aws.amazon.com/blogs/security/update-the-alternate-security-contact-across-your-aws-accounts-for-timely-security-notifications/", - "https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_update_contacts.html", - "https://docs.aws.amazon.com/accounts/latest/reference/manage-acct-update-contact-alternate.html" - ], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-03.01AS", - "IAM-06.06B", - "SSO-05.06B", - "SIM-01.03B", - "INQ-02.01B" - ], - "CIS-3.0": [ - "1.1" - ], - "ENS-RD2022": [ - "op.ext.7.aws.am.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2" - ], - "CIS-4.0.1": [ - "1.1" - ], - "CIS-5.0": [ - "1.1" - ], - "CIS-1.4": [ - "1.1" - ], - "CIS-1.5": [ - "1.1" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC03-BP03", - "SEC10-BP01" - ], - "ISO27001-2022": [ - "A.5.5" - ], - "AWS-Account-Security-Onboarding": [ - "Billing, emergency, security contacts" - ], - "KISA-ISMS-P-2023": [ - "2.10.2" - ], - "CIS-2.0": [ - "1.1" - ], - "NIS2": [ - "2.2.3", - "3.5.3.a", - "5.1.7.b" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "**AWS account contact information** is current for the **primary contact** and the **alternate contacts** for `security`, `billing`, and `operations`, with accurate email addresses and phone numbers.", - "title": "AWS account contact information is current", - "types": [ - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices" - ], - "uid": "prowler-aws-account_maintain_current_contact_details-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "account" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:iam::211203495394:root" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Adopt:\n- **Primary** and **alternate contacts** for `security`, `billing`, `operations`\n- Shared, monitored aliases and SMS-capable phone numbers (non-personal)\n- Centralized management across accounts with periodic reviews\n- **Least privilege** for who can modify contact data\n- Regular reachability tests and documented ownership", - "references": [ - "https://hub.prowler.com/check/account_maintain_current_contact_details" - ] - }, - "risk_details": "Outdated or single-person contacts delay **security notifications**, slow **incident response**, and complicate **account recovery**.\n\nAWS may throttle services during abuse mitigation, reducing **availability**. Missed alerts enable ongoing misuse, risking **data exfiltration** and unauthorized changes (**integrity**).", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "SECURITY, BILLING and OPERATIONS contacts not found or they are not different between each other and between ROOT contact.", - "metadata": { - "event_code": "account_maintain_different_contact_details_to_security_billing_and_operations", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "SECURITY, BILLING and OPERATIONS contacts not found or they are not different between each other and between ROOT contact.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "resilience" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/account_alternate_contact", - "https://docs.prowler.com/checks/aws/iam-policies/iam_18-maintain-contact-details#aws-console", - "https://docs.aws.amazon.com/accounts/latest/reference/manage-acct-update-contact-alternate.html", - "https://builder.aws.com/content/2qRw97fe8JFwfk2AbpJ3sYNpNvM/aws-bulk-update-alternate-contacts-across-organization", - "https://github.com/aws-samples/aws-account-alternate-contact-with-terraform", - "https://trendmicro.com/cloudoneconformity/knowledge-base/aws/IAM/account-security-alternate-contacts.html", - "https://repost.aws/articles/ARDFbpt-bvQ8iuErnqVVcCXQ/managing-aws-organization-alternate-contacts-via-csv" - ], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-04.03B", - "IAM-06.06B", - "SSO-05.06B", - "SIM-01.03B", - "INQ-02.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2" - ], - "ISO27001-2022": [ - "A.5.6" - ], - "KISA-ISMS-P-2023": [ - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "**AWS account alternate contacts** are defined for **Security**, **Billing**, and **Operations** with `name`, `email`, and `phone`. The finding evaluates that all three exist, are distinct from one another, and differ from the **primary (root) contact**.", - "title": "AWS account has distinct Security, Billing, and Operations contact details, different from each other and from the root contact", - "types": [ - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-account_maintain_different_contact_details_to_security_billing_and_operations-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "account" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:iam::211203495394:root" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Maintain distinct, monitored **Security**, **Billing**, and **Operations** alternate contacts that differ from the root contact.\n- Use team aliases and 24x7 phones\n- Review and test contact paths regularly\n- Centralize at org level for consistency\n\nApplies **operational resilience** and **separation of duties**.", - "references": [ - "https://hub.prowler.com/check/account_maintain_different_contact_details_to_security_billing_and_operations" - ] - }, - "risk_details": "Missing or shared contacts can delay response to abuse alerts, credential compromise, or billing anomalies, reducing **availability** (possible AWS traffic throttling) and raising **confidentiality** and **integrity** risk through extended exposure. If AWS cannot reach you, urgent mitigation may disrupt service.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Login to the AWS Console. Choose your account name on the top right of the window -> My Account -> Alternate Contacts -> Security Section.", - "metadata": { - "event_code": "account_security_contact_information_is_registered", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "MANUAL", - "status_detail": "Login to the AWS Console. Choose your account name on the top right of the window -> My Account -> Alternate Contacts -> Security Section.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/account_alternate_contact", - "https://docs.prowler.com/checks/aws/iam-policies/iam_19/", - "https://support.icompaas.com/support/solutions/articles/62000234161-1-2-ensure-security-contact-information-is-registered-manual-", - "https://www.plerion.com/cloud-knowledge-base/ensure-security-contact-information-is-registered", - "https://repost.aws/articles/ARDFbpt-bvQ8iuErnqVVcCXQ/managing-aws-organization-alternate-contacts-via-csv" - ], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-06.01B", - "SSO-05.06B", - "SIM-01.03B" - ], - "CIS-3.0": [ - "1.2" - ], - "ENS-RD2022": [ - "op.ext.7.aws.am.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2" - ], - "CIS-4.0.1": [ - "1.2" - ], - "PCI-4.0": [ - "A1.2.3.1" - ], - "CIS-5.0": [ - "1.2" - ], - "CIS-1.4": [ - "1.2" - ], - "AWS-Foundational-Security-Best-Practices": [ - "Account.1" - ], - "CIS-1.5": [ - "1.2" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC03-BP03", - "SEC10-BP01" - ], - "ISO27001-2022": [ - "A.5.5" - ], - "AWS-Account-Security-Onboarding": [ - "Billing, emergency, security contacts" - ], - "KISA-ISMS-P-2023": [ - "2.10.2" - ], - "CIS-2.0": [ - "1.2" - ], - "NIS2": [ - "1.1.1.a", - "1.2.3", - "2.2.1", - "3.1.2.d", - "3.5.3.a", - "5.1.7.b" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Account settings contain a **Security alternate contact** in Alternate Contacts (name, `EmailAddress`, `PhoneNumber`) for targeted AWS security notifications.", - "title": "AWS account has security alternate contact registered", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices" - ], - "uid": "prowler-aws-account_security_contact_information_is_registered-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "account" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:iam::211203495394:root" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Define and maintain a **Security alternate contact**:\n- Use a monitored alias (e.g., `security@domain`) and team phone\n- Apply to every account (prefer Org-wide automation)\n- Review after org/personnel changes and test delivery\n- Document ownership and escalation paths\nAlign with **incident response** and **least privilege** principles.", - "references": [ - "https://hub.prowler.com/check/account_security_contact_information_is_registered" - ] - }, - "risk_details": "Missing or outdated **security contact** can delay or prevent AWS advisories from reaching responders, increasing risk to:\n- Confidentiality: data exfiltration from undetected compromise\n- Integrity: unauthorized changes persist longer\n- Availability: resource abuse (e.g., cryptomining) and outages", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Login to the AWS Console as root. Choose your account name on the top right of the window -> My Account -> Configure Security Challenge Questions.", - "metadata": { - "event_code": "account_security_questions_are_registered_in_the_aws_account", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "MANUAL", - "status_detail": "Login to the AWS Console as root. Choose your account name on the top right of the window -> My Account -> Configure Security Challenge Questions.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://docs.prowler.com/checks/aws/iam-policies/iam_15", - "https://www.trendmicro.com/cloudoneconformity/knowledge-base/aws/IAM/security-challenge-questions.html" - ], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.3" - ], - "ENS-RD2022": [ - "op.ext.7.aws.am.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.3", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.3" - ], - "CIS-1.4": [ - "1.3" - ], - "CIS-1.5": [ - "1.3" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC03-BP03", - "SEC10-BP01" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.3", - "2.10.2" - ], - "CIS-2.0": [ - "1.3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "[DEPRECATED] **AWS account root** configuration may include legacy **security challenge questions** for support identity verification. This evaluates whether those questions are set on the account. *New configuration is discontinued by AWS and remaining support for this feature is time-limited.*", - "title": "[DEPRECATED] AWS root user has security challenge questions configured", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices" - ], - "uid": "prowler-aws-account_security_questions_are_registered_in_the_aws_account-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "account" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:iam::211203495394:root" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Favor stronger recovery instead of KBA:\n- Enforce **MFA for root** and minimize root use\n- Keep **alternate contacts** and root email current and protected\n- Establish a tightly controlled **break-glass role**, applying least privilege and separation of duties\n- Document and test recovery procedures; monitor root activity", - "references": [ - "https://hub.prowler.com/check/account_security_questions_are_registered_in_the_aws_account" - ] - }, - "risk_details": "Absence of these questions can limit support-assisted recovery if root credentials or MFA are lost, reducing **availability** and slowing **incident response**. Reliance on KBA also weakens **confidentiality** due to **social engineering**. Treat this as a recovery gap and adopt stronger, phishing-resistant factors.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No Backup Vault exist.", - "metadata": { - "event_code": "backup_vaults_exist", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "No Backup Vault exist.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "resilience" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://docs.aws.amazon.com/aws-backup/latest/devguide/vaults.html" - ], - "notes": "", - "compliance": { - "C5-2025": [ - "OPS-06.01B", - "OPS-07.01B", - "OPS-08.01B", - "OPS-09.02B", - "CRY-16.02B", - "DEV-11.02B", - "BCM-01.01B", - "BCM-01.02B", - "BCM-02.01B" - ], - "ENS-RD2022": [ - "mp.info.6.aws.bcku.1" - ], - "AWS-Foundational-Technical-Review": [ - "BAR-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.3", - "2.12.1" - ], - "CCC": [ - "CCC.Core.CN08.AR01", - "CCC.Core.CN14.AR02", - "CCC.Core.CN14.AR02" - ], - "ISO27001-2022": [ - "A.8.13" - ], - "KISA-ISMS-P-2023": [ - "2.9.3", - "2.12.1" - ], - "NIS2": [ - "3.6.2", - "4.1.2.f", - "4.1.2.g", - "4.2.2.b", - "4.2.2.e", - "12.1.2.c", - "12.2.2.b" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "**AWS Backup** in the account/region includes at least one **backup vault** that stores and organizes recovery points for use by backup plans and copies.", - "title": "At least one AWS Backup vault exists", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices" - ], - "uid": "prowler-aws-backup_vaults_exist-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "backup" - }, - "labels": [], - "name": "211203495394", - "type": "AwsBackupBackupVault", - "uid": "arn:aws:backup:us-east-1:211203495394:backup-vault" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Create and maintain a **backup vault** in each required region. Enforce **least privilege** access, encrypt with **KMS CMKs**, and enable **Vault Lock** to prevent tampering. Use lifecycle rules and cross-region/cross-account copies, and regularly test restores for **defense in depth**.", - "references": [ - "https://hub.prowler.com/check/backup_vaults_exist" - ] - }, - "risk_details": "Without a vault, recovery points cannot be created or retained in AWS Backup, degrading **availability** and **integrity**. Data may be irrecoverable after deletion, ransomware, or misconfiguration, and RPO/RTO targets may be missed during incidents.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Bedrock Model Invocation Logging is disabled.", - "metadata": { - "event_code": "bedrock_model_invocation_logging_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Bedrock Model Invocation Logging is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html", - "categories": [ - "logging", - "forensics-ready", - "gen-ai" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_a_1_1" - ], - "C5-2025": [ - "AM-01.01AC", - "OPS-11.02AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "SSO-05.01AC", - "PSS-04.05B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.2" - ], - "CCC": [ - "CCC.GenAI.CN01.AR01", - "CCC.GenAI.CN02.AR02", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.MLDE.CN05.AR01" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.2" - ], - "NIS2": [ - "3.2.3.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure that model invocation logging is enabled for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "title": "Ensure that model invocation logging is enabled for Amazon Bedrock.", - "types": [], - "uid": "prowler-aws-bedrock_model_invocation_logging_enabled-211203495394-ap-northeast-1-model-invocation-logging" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-northeast-1", - "data": { - "details": "", - "metadata": { - "enabled": false, - "cloudwatch_log_group": null, - "s3_bucket": null - } - }, - "group": { - "name": "bedrock" - }, - "labels": [], - "name": "model-invocation-logging", - "type": "Other", - "uid": "arn:aws:bedrock:ap-northeast-1:211203495394:model-invocation-logging" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-northeast-1" - }, - "remediation": { - "desc": "Enable model invocation logging for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "references": [ - "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html#model-invocation-logging-console" - ] - }, - "risk_details": "In Amazon Bedrock, model invocation logging enables you to collect the invocation request and response data, along with metadata, for all 'Converse', 'ConverseStream', 'InvokeModel', and 'InvokeModelWithResponseStream' API calls in your AWS account. Each log entry includes important details such as the timestamp, request ID, model ID, and token usage. Invocation logs can be utilized for troubleshooting, performance enhancements, abuse detection, and security auditing. By default, model invocation logging is disabled.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Bedrock Model Invocation Logging is disabled.", - "metadata": { - "event_code": "bedrock_model_invocation_logging_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Bedrock Model Invocation Logging is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html", - "categories": [ - "logging", - "forensics-ready", - "gen-ai" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_a_1_1" - ], - "C5-2025": [ - "AM-01.01AC", - "OPS-11.02AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "SSO-05.01AC", - "PSS-04.05B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.2" - ], - "CCC": [ - "CCC.GenAI.CN01.AR01", - "CCC.GenAI.CN02.AR02", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.MLDE.CN05.AR01" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.2" - ], - "NIS2": [ - "3.2.3.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure that model invocation logging is enabled for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "title": "Ensure that model invocation logging is enabled for Amazon Bedrock.", - "types": [], - "uid": "prowler-aws-bedrock_model_invocation_logging_enabled-211203495394-ap-northeast-2-model-invocation-logging" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-northeast-2", - "data": { - "details": "", - "metadata": { - "enabled": false, - "cloudwatch_log_group": null, - "s3_bucket": null - } - }, - "group": { - "name": "bedrock" - }, - "labels": [], - "name": "model-invocation-logging", - "type": "Other", - "uid": "arn:aws:bedrock:ap-northeast-2:211203495394:model-invocation-logging" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-northeast-2" - }, - "remediation": { - "desc": "Enable model invocation logging for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "references": [ - "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html#model-invocation-logging-console" - ] - }, - "risk_details": "In Amazon Bedrock, model invocation logging enables you to collect the invocation request and response data, along with metadata, for all 'Converse', 'ConverseStream', 'InvokeModel', and 'InvokeModelWithResponseStream' API calls in your AWS account. Each log entry includes important details such as the timestamp, request ID, model ID, and token usage. Invocation logs can be utilized for troubleshooting, performance enhancements, abuse detection, and security auditing. By default, model invocation logging is disabled.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Bedrock Model Invocation Logging is disabled.", - "metadata": { - "event_code": "bedrock_model_invocation_logging_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Bedrock Model Invocation Logging is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html", - "categories": [ - "logging", - "forensics-ready", - "gen-ai" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_a_1_1" - ], - "C5-2025": [ - "AM-01.01AC", - "OPS-11.02AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "SSO-05.01AC", - "PSS-04.05B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.2" - ], - "CCC": [ - "CCC.GenAI.CN01.AR01", - "CCC.GenAI.CN02.AR02", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.MLDE.CN05.AR01" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.2" - ], - "NIS2": [ - "3.2.3.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure that model invocation logging is enabled for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "title": "Ensure that model invocation logging is enabled for Amazon Bedrock.", - "types": [], - "uid": "prowler-aws-bedrock_model_invocation_logging_enabled-211203495394-ap-northeast-3-model-invocation-logging" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-northeast-3", - "data": { - "details": "", - "metadata": { - "enabled": false, - "cloudwatch_log_group": null, - "s3_bucket": null - } - }, - "group": { - "name": "bedrock" - }, - "labels": [], - "name": "model-invocation-logging", - "type": "Other", - "uid": "arn:aws:bedrock:ap-northeast-3:211203495394:model-invocation-logging" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-northeast-3" - }, - "remediation": { - "desc": "Enable model invocation logging for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "references": [ - "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html#model-invocation-logging-console" - ] - }, - "risk_details": "In Amazon Bedrock, model invocation logging enables you to collect the invocation request and response data, along with metadata, for all 'Converse', 'ConverseStream', 'InvokeModel', and 'InvokeModelWithResponseStream' API calls in your AWS account. Each log entry includes important details such as the timestamp, request ID, model ID, and token usage. Invocation logs can be utilized for troubleshooting, performance enhancements, abuse detection, and security auditing. By default, model invocation logging is disabled.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Bedrock Model Invocation Logging is disabled.", - "metadata": { - "event_code": "bedrock_model_invocation_logging_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Bedrock Model Invocation Logging is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html", - "categories": [ - "logging", - "forensics-ready", - "gen-ai" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_a_1_1" - ], - "C5-2025": [ - "AM-01.01AC", - "OPS-11.02AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "SSO-05.01AC", - "PSS-04.05B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.2" - ], - "CCC": [ - "CCC.GenAI.CN01.AR01", - "CCC.GenAI.CN02.AR02", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.MLDE.CN05.AR01" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.2" - ], - "NIS2": [ - "3.2.3.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure that model invocation logging is enabled for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "title": "Ensure that model invocation logging is enabled for Amazon Bedrock.", - "types": [], - "uid": "prowler-aws-bedrock_model_invocation_logging_enabled-211203495394-ap-south-1-model-invocation-logging" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-south-1", - "data": { - "details": "", - "metadata": { - "enabled": false, - "cloudwatch_log_group": null, - "s3_bucket": null - } - }, - "group": { - "name": "bedrock" - }, - "labels": [], - "name": "model-invocation-logging", - "type": "Other", - "uid": "arn:aws:bedrock:ap-south-1:211203495394:model-invocation-logging" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-south-1" - }, - "remediation": { - "desc": "Enable model invocation logging for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "references": [ - "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html#model-invocation-logging-console" - ] - }, - "risk_details": "In Amazon Bedrock, model invocation logging enables you to collect the invocation request and response data, along with metadata, for all 'Converse', 'ConverseStream', 'InvokeModel', and 'InvokeModelWithResponseStream' API calls in your AWS account. Each log entry includes important details such as the timestamp, request ID, model ID, and token usage. Invocation logs can be utilized for troubleshooting, performance enhancements, abuse detection, and security auditing. By default, model invocation logging is disabled.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Bedrock Model Invocation Logging is disabled.", - "metadata": { - "event_code": "bedrock_model_invocation_logging_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Bedrock Model Invocation Logging is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html", - "categories": [ - "logging", - "forensics-ready", - "gen-ai" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_a_1_1" - ], - "C5-2025": [ - "AM-01.01AC", - "OPS-11.02AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "SSO-05.01AC", - "PSS-04.05B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.2" - ], - "CCC": [ - "CCC.GenAI.CN01.AR01", - "CCC.GenAI.CN02.AR02", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.MLDE.CN05.AR01" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.2" - ], - "NIS2": [ - "3.2.3.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure that model invocation logging is enabled for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "title": "Ensure that model invocation logging is enabled for Amazon Bedrock.", - "types": [], - "uid": "prowler-aws-bedrock_model_invocation_logging_enabled-211203495394-ap-southeast-1-model-invocation-logging" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-southeast-1", - "data": { - "details": "", - "metadata": { - "enabled": false, - "cloudwatch_log_group": null, - "s3_bucket": null - } - }, - "group": { - "name": "bedrock" - }, - "labels": [], - "name": "model-invocation-logging", - "type": "Other", - "uid": "arn:aws:bedrock:ap-southeast-1:211203495394:model-invocation-logging" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-southeast-1" - }, - "remediation": { - "desc": "Enable model invocation logging for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "references": [ - "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html#model-invocation-logging-console" - ] - }, - "risk_details": "In Amazon Bedrock, model invocation logging enables you to collect the invocation request and response data, along with metadata, for all 'Converse', 'ConverseStream', 'InvokeModel', and 'InvokeModelWithResponseStream' API calls in your AWS account. Each log entry includes important details such as the timestamp, request ID, model ID, and token usage. Invocation logs can be utilized for troubleshooting, performance enhancements, abuse detection, and security auditing. By default, model invocation logging is disabled.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Bedrock Model Invocation Logging is disabled.", - "metadata": { - "event_code": "bedrock_model_invocation_logging_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Bedrock Model Invocation Logging is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html", - "categories": [ - "logging", - "forensics-ready", - "gen-ai" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_a_1_1" - ], - "C5-2025": [ - "AM-01.01AC", - "OPS-11.02AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "SSO-05.01AC", - "PSS-04.05B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.2" - ], - "CCC": [ - "CCC.GenAI.CN01.AR01", - "CCC.GenAI.CN02.AR02", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.MLDE.CN05.AR01" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.2" - ], - "NIS2": [ - "3.2.3.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure that model invocation logging is enabled for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "title": "Ensure that model invocation logging is enabled for Amazon Bedrock.", - "types": [], - "uid": "prowler-aws-bedrock_model_invocation_logging_enabled-211203495394-ap-southeast-2-model-invocation-logging" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-southeast-2", - "data": { - "details": "", - "metadata": { - "enabled": false, - "cloudwatch_log_group": null, - "s3_bucket": null - } - }, - "group": { - "name": "bedrock" - }, - "labels": [], - "name": "model-invocation-logging", - "type": "Other", - "uid": "arn:aws:bedrock:ap-southeast-2:211203495394:model-invocation-logging" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-southeast-2" - }, - "remediation": { - "desc": "Enable model invocation logging for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "references": [ - "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html#model-invocation-logging-console" - ] - }, - "risk_details": "In Amazon Bedrock, model invocation logging enables you to collect the invocation request and response data, along with metadata, for all 'Converse', 'ConverseStream', 'InvokeModel', and 'InvokeModelWithResponseStream' API calls in your AWS account. Each log entry includes important details such as the timestamp, request ID, model ID, and token usage. Invocation logs can be utilized for troubleshooting, performance enhancements, abuse detection, and security auditing. By default, model invocation logging is disabled.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Bedrock Model Invocation Logging is disabled.", - "metadata": { - "event_code": "bedrock_model_invocation_logging_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Bedrock Model Invocation Logging is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html", - "categories": [ - "logging", - "forensics-ready", - "gen-ai" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_a_1_1" - ], - "C5-2025": [ - "AM-01.01AC", - "OPS-11.02AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "SSO-05.01AC", - "PSS-04.05B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.2" - ], - "CCC": [ - "CCC.GenAI.CN01.AR01", - "CCC.GenAI.CN02.AR02", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.MLDE.CN05.AR01" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.2" - ], - "NIS2": [ - "3.2.3.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure that model invocation logging is enabled for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "title": "Ensure that model invocation logging is enabled for Amazon Bedrock.", - "types": [], - "uid": "prowler-aws-bedrock_model_invocation_logging_enabled-211203495394-ca-central-1-model-invocation-logging" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ca-central-1", - "data": { - "details": "", - "metadata": { - "enabled": false, - "cloudwatch_log_group": null, - "s3_bucket": null - } - }, - "group": { - "name": "bedrock" - }, - "labels": [], - "name": "model-invocation-logging", - "type": "Other", - "uid": "arn:aws:bedrock:ca-central-1:211203495394:model-invocation-logging" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ca-central-1" - }, - "remediation": { - "desc": "Enable model invocation logging for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "references": [ - "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html#model-invocation-logging-console" - ] - }, - "risk_details": "In Amazon Bedrock, model invocation logging enables you to collect the invocation request and response data, along with metadata, for all 'Converse', 'ConverseStream', 'InvokeModel', and 'InvokeModelWithResponseStream' API calls in your AWS account. Each log entry includes important details such as the timestamp, request ID, model ID, and token usage. Invocation logs can be utilized for troubleshooting, performance enhancements, abuse detection, and security auditing. By default, model invocation logging is disabled.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Bedrock Model Invocation Logging is disabled.", - "metadata": { - "event_code": "bedrock_model_invocation_logging_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Bedrock Model Invocation Logging is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html", - "categories": [ - "logging", - "forensics-ready", - "gen-ai" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_a_1_1" - ], - "C5-2025": [ - "AM-01.01AC", - "OPS-11.02AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "SSO-05.01AC", - "PSS-04.05B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.2" - ], - "CCC": [ - "CCC.GenAI.CN01.AR01", - "CCC.GenAI.CN02.AR02", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.MLDE.CN05.AR01" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.2" - ], - "NIS2": [ - "3.2.3.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure that model invocation logging is enabled for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "title": "Ensure that model invocation logging is enabled for Amazon Bedrock.", - "types": [], - "uid": "prowler-aws-bedrock_model_invocation_logging_enabled-211203495394-eu-central-1-model-invocation-logging" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-central-1", - "data": { - "details": "", - "metadata": { - "enabled": false, - "cloudwatch_log_group": null, - "s3_bucket": null - } - }, - "group": { - "name": "bedrock" - }, - "labels": [], - "name": "model-invocation-logging", - "type": "Other", - "uid": "arn:aws:bedrock:eu-central-1:211203495394:model-invocation-logging" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-central-1" - }, - "remediation": { - "desc": "Enable model invocation logging for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "references": [ - "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html#model-invocation-logging-console" - ] - }, - "risk_details": "In Amazon Bedrock, model invocation logging enables you to collect the invocation request and response data, along with metadata, for all 'Converse', 'ConverseStream', 'InvokeModel', and 'InvokeModelWithResponseStream' API calls in your AWS account. Each log entry includes important details such as the timestamp, request ID, model ID, and token usage. Invocation logs can be utilized for troubleshooting, performance enhancements, abuse detection, and security auditing. By default, model invocation logging is disabled.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Bedrock Model Invocation Logging is disabled.", - "metadata": { - "event_code": "bedrock_model_invocation_logging_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Bedrock Model Invocation Logging is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html", - "categories": [ - "logging", - "forensics-ready", - "gen-ai" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_a_1_1" - ], - "C5-2025": [ - "AM-01.01AC", - "OPS-11.02AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "SSO-05.01AC", - "PSS-04.05B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.2" - ], - "CCC": [ - "CCC.GenAI.CN01.AR01", - "CCC.GenAI.CN02.AR02", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.MLDE.CN05.AR01" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.2" - ], - "NIS2": [ - "3.2.3.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure that model invocation logging is enabled for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "title": "Ensure that model invocation logging is enabled for Amazon Bedrock.", - "types": [], - "uid": "prowler-aws-bedrock_model_invocation_logging_enabled-211203495394-eu-north-1-model-invocation-logging" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-north-1", - "data": { - "details": "", - "metadata": { - "enabled": false, - "cloudwatch_log_group": null, - "s3_bucket": null - } - }, - "group": { - "name": "bedrock" - }, - "labels": [], - "name": "model-invocation-logging", - "type": "Other", - "uid": "arn:aws:bedrock:eu-north-1:211203495394:model-invocation-logging" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-north-1" - }, - "remediation": { - "desc": "Enable model invocation logging for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "references": [ - "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html#model-invocation-logging-console" - ] - }, - "risk_details": "In Amazon Bedrock, model invocation logging enables you to collect the invocation request and response data, along with metadata, for all 'Converse', 'ConverseStream', 'InvokeModel', and 'InvokeModelWithResponseStream' API calls in your AWS account. Each log entry includes important details such as the timestamp, request ID, model ID, and token usage. Invocation logs can be utilized for troubleshooting, performance enhancements, abuse detection, and security auditing. By default, model invocation logging is disabled.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Bedrock Model Invocation Logging is disabled.", - "metadata": { - "event_code": "bedrock_model_invocation_logging_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Bedrock Model Invocation Logging is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html", - "categories": [ - "logging", - "forensics-ready", - "gen-ai" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_a_1_1" - ], - "C5-2025": [ - "AM-01.01AC", - "OPS-11.02AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "SSO-05.01AC", - "PSS-04.05B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.2" - ], - "CCC": [ - "CCC.GenAI.CN01.AR01", - "CCC.GenAI.CN02.AR02", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.MLDE.CN05.AR01" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.2" - ], - "NIS2": [ - "3.2.3.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure that model invocation logging is enabled for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "title": "Ensure that model invocation logging is enabled for Amazon Bedrock.", - "types": [], - "uid": "prowler-aws-bedrock_model_invocation_logging_enabled-211203495394-eu-west-1-model-invocation-logging" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "enabled": false, - "cloudwatch_log_group": null, - "s3_bucket": null - } - }, - "group": { - "name": "bedrock" - }, - "labels": [], - "name": "model-invocation-logging", - "type": "Other", - "uid": "arn:aws:bedrock:eu-west-1:211203495394:model-invocation-logging" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Enable model invocation logging for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "references": [ - "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html#model-invocation-logging-console" - ] - }, - "risk_details": "In Amazon Bedrock, model invocation logging enables you to collect the invocation request and response data, along with metadata, for all 'Converse', 'ConverseStream', 'InvokeModel', and 'InvokeModelWithResponseStream' API calls in your AWS account. Each log entry includes important details such as the timestamp, request ID, model ID, and token usage. Invocation logs can be utilized for troubleshooting, performance enhancements, abuse detection, and security auditing. By default, model invocation logging is disabled.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Bedrock Model Invocation Logging is disabled.", - "metadata": { - "event_code": "bedrock_model_invocation_logging_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Bedrock Model Invocation Logging is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html", - "categories": [ - "logging", - "forensics-ready", - "gen-ai" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_a_1_1" - ], - "C5-2025": [ - "AM-01.01AC", - "OPS-11.02AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "SSO-05.01AC", - "PSS-04.05B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.2" - ], - "CCC": [ - "CCC.GenAI.CN01.AR01", - "CCC.GenAI.CN02.AR02", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.MLDE.CN05.AR01" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.2" - ], - "NIS2": [ - "3.2.3.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure that model invocation logging is enabled for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "title": "Ensure that model invocation logging is enabled for Amazon Bedrock.", - "types": [], - "uid": "prowler-aws-bedrock_model_invocation_logging_enabled-211203495394-eu-west-2-model-invocation-logging" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-2", - "data": { - "details": "", - "metadata": { - "enabled": false, - "cloudwatch_log_group": null, - "s3_bucket": null - } - }, - "group": { - "name": "bedrock" - }, - "labels": [], - "name": "model-invocation-logging", - "type": "Other", - "uid": "arn:aws:bedrock:eu-west-2:211203495394:model-invocation-logging" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-2" - }, - "remediation": { - "desc": "Enable model invocation logging for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "references": [ - "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html#model-invocation-logging-console" - ] - }, - "risk_details": "In Amazon Bedrock, model invocation logging enables you to collect the invocation request and response data, along with metadata, for all 'Converse', 'ConverseStream', 'InvokeModel', and 'InvokeModelWithResponseStream' API calls in your AWS account. Each log entry includes important details such as the timestamp, request ID, model ID, and token usage. Invocation logs can be utilized for troubleshooting, performance enhancements, abuse detection, and security auditing. By default, model invocation logging is disabled.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Bedrock Model Invocation Logging is disabled.", - "metadata": { - "event_code": "bedrock_model_invocation_logging_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Bedrock Model Invocation Logging is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html", - "categories": [ - "logging", - "forensics-ready", - "gen-ai" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_a_1_1" - ], - "C5-2025": [ - "AM-01.01AC", - "OPS-11.02AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "SSO-05.01AC", - "PSS-04.05B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.2" - ], - "CCC": [ - "CCC.GenAI.CN01.AR01", - "CCC.GenAI.CN02.AR02", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.MLDE.CN05.AR01" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.2" - ], - "NIS2": [ - "3.2.3.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure that model invocation logging is enabled for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "title": "Ensure that model invocation logging is enabled for Amazon Bedrock.", - "types": [], - "uid": "prowler-aws-bedrock_model_invocation_logging_enabled-211203495394-eu-west-3-model-invocation-logging" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-3", - "data": { - "details": "", - "metadata": { - "enabled": false, - "cloudwatch_log_group": null, - "s3_bucket": null - } - }, - "group": { - "name": "bedrock" - }, - "labels": [], - "name": "model-invocation-logging", - "type": "Other", - "uid": "arn:aws:bedrock:eu-west-3:211203495394:model-invocation-logging" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-3" - }, - "remediation": { - "desc": "Enable model invocation logging for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "references": [ - "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html#model-invocation-logging-console" - ] - }, - "risk_details": "In Amazon Bedrock, model invocation logging enables you to collect the invocation request and response data, along with metadata, for all 'Converse', 'ConverseStream', 'InvokeModel', and 'InvokeModelWithResponseStream' API calls in your AWS account. Each log entry includes important details such as the timestamp, request ID, model ID, and token usage. Invocation logs can be utilized for troubleshooting, performance enhancements, abuse detection, and security auditing. By default, model invocation logging is disabled.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Bedrock Model Invocation Logging is disabled.", - "metadata": { - "event_code": "bedrock_model_invocation_logging_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Bedrock Model Invocation Logging is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html", - "categories": [ - "logging", - "forensics-ready", - "gen-ai" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_a_1_1" - ], - "C5-2025": [ - "AM-01.01AC", - "OPS-11.02AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "SSO-05.01AC", - "PSS-04.05B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.2" - ], - "CCC": [ - "CCC.GenAI.CN01.AR01", - "CCC.GenAI.CN02.AR02", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.MLDE.CN05.AR01" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.2" - ], - "NIS2": [ - "3.2.3.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure that model invocation logging is enabled for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "title": "Ensure that model invocation logging is enabled for Amazon Bedrock.", - "types": [], - "uid": "prowler-aws-bedrock_model_invocation_logging_enabled-211203495394-sa-east-1-model-invocation-logging" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "sa-east-1", - "data": { - "details": "", - "metadata": { - "enabled": false, - "cloudwatch_log_group": null, - "s3_bucket": null - } - }, - "group": { - "name": "bedrock" - }, - "labels": [], - "name": "model-invocation-logging", - "type": "Other", - "uid": "arn:aws:bedrock:sa-east-1:211203495394:model-invocation-logging" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "sa-east-1" - }, - "remediation": { - "desc": "Enable model invocation logging for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "references": [ - "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html#model-invocation-logging-console" - ] - }, - "risk_details": "In Amazon Bedrock, model invocation logging enables you to collect the invocation request and response data, along with metadata, for all 'Converse', 'ConverseStream', 'InvokeModel', and 'InvokeModelWithResponseStream' API calls in your AWS account. Each log entry includes important details such as the timestamp, request ID, model ID, and token usage. Invocation logs can be utilized for troubleshooting, performance enhancements, abuse detection, and security auditing. By default, model invocation logging is disabled.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Bedrock Model Invocation Logging is disabled.", - "metadata": { - "event_code": "bedrock_model_invocation_logging_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Bedrock Model Invocation Logging is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html", - "categories": [ - "logging", - "forensics-ready", - "gen-ai" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_a_1_1" - ], - "C5-2025": [ - "AM-01.01AC", - "OPS-11.02AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "SSO-05.01AC", - "PSS-04.05B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.2" - ], - "CCC": [ - "CCC.GenAI.CN01.AR01", - "CCC.GenAI.CN02.AR02", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.MLDE.CN05.AR01" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.2" - ], - "NIS2": [ - "3.2.3.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure that model invocation logging is enabled for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "title": "Ensure that model invocation logging is enabled for Amazon Bedrock.", - "types": [], - "uid": "prowler-aws-bedrock_model_invocation_logging_enabled-211203495394-us-east-1-model-invocation-logging" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "enabled": false, - "cloudwatch_log_group": null, - "s3_bucket": null - } - }, - "group": { - "name": "bedrock" - }, - "labels": [], - "name": "model-invocation-logging", - "type": "Other", - "uid": "arn:aws:bedrock:us-east-1:211203495394:model-invocation-logging" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Enable model invocation logging for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "references": [ - "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html#model-invocation-logging-console" - ] - }, - "risk_details": "In Amazon Bedrock, model invocation logging enables you to collect the invocation request and response data, along with metadata, for all 'Converse', 'ConverseStream', 'InvokeModel', and 'InvokeModelWithResponseStream' API calls in your AWS account. Each log entry includes important details such as the timestamp, request ID, model ID, and token usage. Invocation logs can be utilized for troubleshooting, performance enhancements, abuse detection, and security auditing. By default, model invocation logging is disabled.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Bedrock Model Invocation Logging is disabled.", - "metadata": { - "event_code": "bedrock_model_invocation_logging_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Bedrock Model Invocation Logging is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html", - "categories": [ - "logging", - "forensics-ready", - "gen-ai" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_a_1_1" - ], - "C5-2025": [ - "AM-01.01AC", - "OPS-11.02AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "SSO-05.01AC", - "PSS-04.05B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.2" - ], - "CCC": [ - "CCC.GenAI.CN01.AR01", - "CCC.GenAI.CN02.AR02", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.MLDE.CN05.AR01" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.2" - ], - "NIS2": [ - "3.2.3.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure that model invocation logging is enabled for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "title": "Ensure that model invocation logging is enabled for Amazon Bedrock.", - "types": [], - "uid": "prowler-aws-bedrock_model_invocation_logging_enabled-211203495394-us-east-2-model-invocation-logging" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-2", - "data": { - "details": "", - "metadata": { - "enabled": false, - "cloudwatch_log_group": null, - "s3_bucket": null - } - }, - "group": { - "name": "bedrock" - }, - "labels": [], - "name": "model-invocation-logging", - "type": "Other", - "uid": "arn:aws:bedrock:us-east-2:211203495394:model-invocation-logging" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-2" - }, - "remediation": { - "desc": "Enable model invocation logging for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "references": [ - "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html#model-invocation-logging-console" - ] - }, - "risk_details": "In Amazon Bedrock, model invocation logging enables you to collect the invocation request and response data, along with metadata, for all 'Converse', 'ConverseStream', 'InvokeModel', and 'InvokeModelWithResponseStream' API calls in your AWS account. Each log entry includes important details such as the timestamp, request ID, model ID, and token usage. Invocation logs can be utilized for troubleshooting, performance enhancements, abuse detection, and security auditing. By default, model invocation logging is disabled.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Bedrock Model Invocation Logging is disabled.", - "metadata": { - "event_code": "bedrock_model_invocation_logging_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Bedrock Model Invocation Logging is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html", - "categories": [ - "logging", - "forensics-ready", - "gen-ai" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_a_1_1" - ], - "C5-2025": [ - "AM-01.01AC", - "OPS-11.02AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "SSO-05.01AC", - "PSS-04.05B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.2" - ], - "CCC": [ - "CCC.GenAI.CN01.AR01", - "CCC.GenAI.CN02.AR02", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.MLDE.CN05.AR01" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.2" - ], - "NIS2": [ - "3.2.3.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure that model invocation logging is enabled for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "title": "Ensure that model invocation logging is enabled for Amazon Bedrock.", - "types": [], - "uid": "prowler-aws-bedrock_model_invocation_logging_enabled-211203495394-us-west-1-model-invocation-logging" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-west-1", - "data": { - "details": "", - "metadata": { - "enabled": false, - "cloudwatch_log_group": null, - "s3_bucket": null - } - }, - "group": { - "name": "bedrock" - }, - "labels": [], - "name": "model-invocation-logging", - "type": "Other", - "uid": "arn:aws:bedrock:us-west-1:211203495394:model-invocation-logging" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-west-1" - }, - "remediation": { - "desc": "Enable model invocation logging for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "references": [ - "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html#model-invocation-logging-console" - ] - }, - "risk_details": "In Amazon Bedrock, model invocation logging enables you to collect the invocation request and response data, along with metadata, for all 'Converse', 'ConverseStream', 'InvokeModel', and 'InvokeModelWithResponseStream' API calls in your AWS account. Each log entry includes important details such as the timestamp, request ID, model ID, and token usage. Invocation logs can be utilized for troubleshooting, performance enhancements, abuse detection, and security auditing. By default, model invocation logging is disabled.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Bedrock Model Invocation Logging is disabled.", - "metadata": { - "event_code": "bedrock_model_invocation_logging_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Bedrock Model Invocation Logging is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html", - "categories": [ - "logging", - "forensics-ready", - "gen-ai" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_a_1_1" - ], - "C5-2025": [ - "AM-01.01AC", - "OPS-11.02AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "SSO-05.01AC", - "PSS-04.05B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.2" - ], - "CCC": [ - "CCC.GenAI.CN01.AR01", - "CCC.GenAI.CN02.AR02", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.MLDE.CN05.AR01" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.2" - ], - "NIS2": [ - "3.2.3.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure that model invocation logging is enabled for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "title": "Ensure that model invocation logging is enabled for Amazon Bedrock.", - "types": [], - "uid": "prowler-aws-bedrock_model_invocation_logging_enabled-211203495394-us-west-2-model-invocation-logging" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-west-2", - "data": { - "details": "", - "metadata": { - "enabled": false, - "cloudwatch_log_group": null, - "s3_bucket": null - } - }, - "group": { - "name": "bedrock" - }, - "labels": [], - "name": "model-invocation-logging", - "type": "Other", - "uid": "arn:aws:bedrock:us-west-2:211203495394:model-invocation-logging" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-west-2" - }, - "remediation": { - "desc": "Enable model invocation logging for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "references": [ - "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html#model-invocation-logging-console" - ] - }, - "risk_details": "In Amazon Bedrock, model invocation logging enables you to collect the invocation request and response data, along with metadata, for all 'Converse', 'ConverseStream', 'InvokeModel', and 'InvokeModelWithResponseStream' API calls in your AWS account. Each log entry includes important details such as the timestamp, request ID, model ID, and token usage. Invocation logs can be utilized for troubleshooting, performance enhancements, abuse detection, and security auditing. By default, model invocation logging is disabled.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled with logging were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled with logging were found.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_12", - "3_3_1", - "3_3_2", - "3_3_3", - "3_4_1", - "3_6_1", - "3_6_2", - "3_13_1", - "3_13_2", - "3_14_6", - "3_14_7" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_4" - ], - "HIPAA": [ - "164_308_a_1_ii_d", - "164_308_a_3_ii_a", - "164_308_a_6_ii", - "164_312_b", - "164_312_e_2_i" - ], - "SOC2": [ - "cc_2_1", - "cc_7_2", - "cc_a_1_1" - ], - "C5-2025": [ - "OIS-05.01B", - "OIS-05.02B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-15.03B", - "IAM-07.04B", - "DEV-08.02B", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-12.03AC" - ], - "NIST-CSF-1.1": [ - "ae_1", - "ae_3", - "ae_4", - "cm_1", - "cm_3", - "cm_6", - "cm_7", - "am_3", - "ac_6", - "ds_5", - "ma_2", - "pt_1" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-4", - "ac-2-g", - "au-2-a-d", - "au-3", - "au-6-1-3", - "au-12-a-c", - "ca-7-a-b", - "si-4-16", - "si-4-2", - "si-4-4", - "si-4-5" - ], - "CIS-3.0": [ - "3.1" - ], - "NIST-800-53-Revision-5": [ - "ac_2_4", - "ac_3_1", - "ac_3_10", - "ac_4_26", - "ac_6_9", - "au_2_b", - "au_3_1", - "au_3_a", - "au_3_b", - "au_3_c", - "au_3_d", - "au_3_e", - "au_3_f", - "au_6_3", - "au_6_4", - "au_6_6", - "au_6_9", - "au_8_b", - "au_10", - "au_12_a", - "au_12_c", - "au_12_1", - "au_12_2", - "au_12_3", - "au_12_4", - "au_14_a", - "au_14_b", - "au_14_3", - "ca_7_b", - "cm_5_1_b", - "cm_6_a", - "cm_9_b", - "ia_3_3_b", - "ma_4_1_a", - "pm_14_a_1", - "pm_14_b", - "pm_31", - "sc_7_9_b", - "si_1_1_c", - "si_3_8_b", - "si_4_2", - "si_4_17", - "si_4_20", - "si_7_8", - "si_10_1_c" - ], - "ENS-RD2022": [ - "op.acc.6.r5.aws.iam.1", - "op.exp.5.aws.ct.1", - "op.exp.8.aws.ct.1", - "op.exp.8.aws.ct.6", - "op.exp.9.aws.ct.1", - "op.mon.1.aws.ct.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "CIS-4.0.1": [ - "3.1" - ], - "PCI-4.0": [ - "10.2.1.1.22", - "10.2.1.2.19", - "10.2.1.3.19", - "10.2.1.4.19", - "10.2.1.5.19", - "10.2.1.6.19", - "10.2.1.7.19", - "10.2.1.19", - "10.2.2.19", - "10.3.1.19", - "10.6.3.24", - "5.3.4.22", - "A1.2.1.23" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "au-2", - "ca-7" - ], - "FFIEC": [ - "d2-ma-ma-b-1", - "d2-ma-ma-b-2", - "d3-dc-an-b-3", - "d3-dc-an-b-4", - "d3-dc-an-b-5", - "d3-dc-ev-b-1", - "d3-dc-ev-b-3", - "d3-pc-im-b-3", - "d3-pc-im-b-7", - "d5-dr-de-b-3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "3.2", - "3.2.3", - "3.4", - "3.4.d", - "10.1", - "10.2", - "10.2.1", - "10.2.2", - "10.2.3", - "10.2.4", - "10.2.6", - "10.2.7", - "10.3", - "10.3.1", - "10.3.2", - "10.3.3", - "10.3.4", - "10.3.5", - "10.3.6", - "10.5", - "10.5.4" - ], - "CIS-5.0": [ - "3.1" - ], - "CIS-1.4": [ - "3.1" - ], - "GxP-EU-Annex-11": [ - "1-risk-management", - "4.2-validation-documentation-change-control" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Logging.CN05.AR01", - "CCC.Core.CN08.AR01", - "CCC.Core.CN09.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR03" - ], - "GxP-21-CFR-Part-11": [ - "11.10-e", - "11.10-k", - "11.300-d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "CloudTrail.1" - ], - "CIS-1.5": [ - "3.1" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02", - "SEC04-BP03" - ], - "NIST-800-53-Revision-4": [ - "ac_2_4", - "ac_2", - "au_2", - "au_3", - "au_12", - "cm_2" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "CIS-2.0": [ - "3.1" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure CloudTrail is enabled in all regions", - "title": "Ensure CloudTrail is enabled in all regions", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled-211203495394-ap-northeast-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-northeast-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:ap-northeast-1:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-northeast-1" - }, - "remediation": { - "desc": "Ensure Logging is set to ON on all regions (even if they are not being used at the moment.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrailconcepts.html#cloudtrail-concepts-management-events" - ] - }, - "risk_details": "AWS CloudTrail is a web service that records AWS API calls for your account and delivers log files to you. The recorded information includes the identity of the API caller, the time of the API call, the source IP address of the API caller, the request parameters, and the response elements returned by the AWS service.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled with logging were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled with logging were found.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_12", - "3_3_1", - "3_3_2", - "3_3_3", - "3_4_1", - "3_6_1", - "3_6_2", - "3_13_1", - "3_13_2", - "3_14_6", - "3_14_7" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_4" - ], - "HIPAA": [ - "164_308_a_1_ii_d", - "164_308_a_3_ii_a", - "164_308_a_6_ii", - "164_312_b", - "164_312_e_2_i" - ], - "SOC2": [ - "cc_2_1", - "cc_7_2", - "cc_a_1_1" - ], - "C5-2025": [ - "OIS-05.01B", - "OIS-05.02B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-15.03B", - "IAM-07.04B", - "DEV-08.02B", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-12.03AC" - ], - "NIST-CSF-1.1": [ - "ae_1", - "ae_3", - "ae_4", - "cm_1", - "cm_3", - "cm_6", - "cm_7", - "am_3", - "ac_6", - "ds_5", - "ma_2", - "pt_1" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-4", - "ac-2-g", - "au-2-a-d", - "au-3", - "au-6-1-3", - "au-12-a-c", - "ca-7-a-b", - "si-4-16", - "si-4-2", - "si-4-4", - "si-4-5" - ], - "CIS-3.0": [ - "3.1" - ], - "NIST-800-53-Revision-5": [ - "ac_2_4", - "ac_3_1", - "ac_3_10", - "ac_4_26", - "ac_6_9", - "au_2_b", - "au_3_1", - "au_3_a", - "au_3_b", - "au_3_c", - "au_3_d", - "au_3_e", - "au_3_f", - "au_6_3", - "au_6_4", - "au_6_6", - "au_6_9", - "au_8_b", - "au_10", - "au_12_a", - "au_12_c", - "au_12_1", - "au_12_2", - "au_12_3", - "au_12_4", - "au_14_a", - "au_14_b", - "au_14_3", - "ca_7_b", - "cm_5_1_b", - "cm_6_a", - "cm_9_b", - "ia_3_3_b", - "ma_4_1_a", - "pm_14_a_1", - "pm_14_b", - "pm_31", - "sc_7_9_b", - "si_1_1_c", - "si_3_8_b", - "si_4_2", - "si_4_17", - "si_4_20", - "si_7_8", - "si_10_1_c" - ], - "ENS-RD2022": [ - "op.acc.6.r5.aws.iam.1", - "op.exp.5.aws.ct.1", - "op.exp.8.aws.ct.1", - "op.exp.8.aws.ct.6", - "op.exp.9.aws.ct.1", - "op.mon.1.aws.ct.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "CIS-4.0.1": [ - "3.1" - ], - "PCI-4.0": [ - "10.2.1.1.22", - "10.2.1.2.19", - "10.2.1.3.19", - "10.2.1.4.19", - "10.2.1.5.19", - "10.2.1.6.19", - "10.2.1.7.19", - "10.2.1.19", - "10.2.2.19", - "10.3.1.19", - "10.6.3.24", - "5.3.4.22", - "A1.2.1.23" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "au-2", - "ca-7" - ], - "FFIEC": [ - "d2-ma-ma-b-1", - "d2-ma-ma-b-2", - "d3-dc-an-b-3", - "d3-dc-an-b-4", - "d3-dc-an-b-5", - "d3-dc-ev-b-1", - "d3-dc-ev-b-3", - "d3-pc-im-b-3", - "d3-pc-im-b-7", - "d5-dr-de-b-3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "3.2", - "3.2.3", - "3.4", - "3.4.d", - "10.1", - "10.2", - "10.2.1", - "10.2.2", - "10.2.3", - "10.2.4", - "10.2.6", - "10.2.7", - "10.3", - "10.3.1", - "10.3.2", - "10.3.3", - "10.3.4", - "10.3.5", - "10.3.6", - "10.5", - "10.5.4" - ], - "CIS-5.0": [ - "3.1" - ], - "CIS-1.4": [ - "3.1" - ], - "GxP-EU-Annex-11": [ - "1-risk-management", - "4.2-validation-documentation-change-control" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Logging.CN05.AR01", - "CCC.Core.CN08.AR01", - "CCC.Core.CN09.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR03" - ], - "GxP-21-CFR-Part-11": [ - "11.10-e", - "11.10-k", - "11.300-d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "CloudTrail.1" - ], - "CIS-1.5": [ - "3.1" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02", - "SEC04-BP03" - ], - "NIST-800-53-Revision-4": [ - "ac_2_4", - "ac_2", - "au_2", - "au_3", - "au_12", - "cm_2" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "CIS-2.0": [ - "3.1" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure CloudTrail is enabled in all regions", - "title": "Ensure CloudTrail is enabled in all regions", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled-211203495394-ap-northeast-2-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-northeast-2", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:ap-northeast-2:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-northeast-2" - }, - "remediation": { - "desc": "Ensure Logging is set to ON on all regions (even if they are not being used at the moment.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrailconcepts.html#cloudtrail-concepts-management-events" - ] - }, - "risk_details": "AWS CloudTrail is a web service that records AWS API calls for your account and delivers log files to you. The recorded information includes the identity of the API caller, the time of the API call, the source IP address of the API caller, the request parameters, and the response elements returned by the AWS service.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled with logging were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled with logging were found.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_12", - "3_3_1", - "3_3_2", - "3_3_3", - "3_4_1", - "3_6_1", - "3_6_2", - "3_13_1", - "3_13_2", - "3_14_6", - "3_14_7" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_4" - ], - "HIPAA": [ - "164_308_a_1_ii_d", - "164_308_a_3_ii_a", - "164_308_a_6_ii", - "164_312_b", - "164_312_e_2_i" - ], - "SOC2": [ - "cc_2_1", - "cc_7_2", - "cc_a_1_1" - ], - "C5-2025": [ - "OIS-05.01B", - "OIS-05.02B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-15.03B", - "IAM-07.04B", - "DEV-08.02B", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-12.03AC" - ], - "NIST-CSF-1.1": [ - "ae_1", - "ae_3", - "ae_4", - "cm_1", - "cm_3", - "cm_6", - "cm_7", - "am_3", - "ac_6", - "ds_5", - "ma_2", - "pt_1" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-4", - "ac-2-g", - "au-2-a-d", - "au-3", - "au-6-1-3", - "au-12-a-c", - "ca-7-a-b", - "si-4-16", - "si-4-2", - "si-4-4", - "si-4-5" - ], - "CIS-3.0": [ - "3.1" - ], - "NIST-800-53-Revision-5": [ - "ac_2_4", - "ac_3_1", - "ac_3_10", - "ac_4_26", - "ac_6_9", - "au_2_b", - "au_3_1", - "au_3_a", - "au_3_b", - "au_3_c", - "au_3_d", - "au_3_e", - "au_3_f", - "au_6_3", - "au_6_4", - "au_6_6", - "au_6_9", - "au_8_b", - "au_10", - "au_12_a", - "au_12_c", - "au_12_1", - "au_12_2", - "au_12_3", - "au_12_4", - "au_14_a", - "au_14_b", - "au_14_3", - "ca_7_b", - "cm_5_1_b", - "cm_6_a", - "cm_9_b", - "ia_3_3_b", - "ma_4_1_a", - "pm_14_a_1", - "pm_14_b", - "pm_31", - "sc_7_9_b", - "si_1_1_c", - "si_3_8_b", - "si_4_2", - "si_4_17", - "si_4_20", - "si_7_8", - "si_10_1_c" - ], - "ENS-RD2022": [ - "op.acc.6.r5.aws.iam.1", - "op.exp.5.aws.ct.1", - "op.exp.8.aws.ct.1", - "op.exp.8.aws.ct.6", - "op.exp.9.aws.ct.1", - "op.mon.1.aws.ct.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "CIS-4.0.1": [ - "3.1" - ], - "PCI-4.0": [ - "10.2.1.1.22", - "10.2.1.2.19", - "10.2.1.3.19", - "10.2.1.4.19", - "10.2.1.5.19", - "10.2.1.6.19", - "10.2.1.7.19", - "10.2.1.19", - "10.2.2.19", - "10.3.1.19", - "10.6.3.24", - "5.3.4.22", - "A1.2.1.23" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "au-2", - "ca-7" - ], - "FFIEC": [ - "d2-ma-ma-b-1", - "d2-ma-ma-b-2", - "d3-dc-an-b-3", - "d3-dc-an-b-4", - "d3-dc-an-b-5", - "d3-dc-ev-b-1", - "d3-dc-ev-b-3", - "d3-pc-im-b-3", - "d3-pc-im-b-7", - "d5-dr-de-b-3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "3.2", - "3.2.3", - "3.4", - "3.4.d", - "10.1", - "10.2", - "10.2.1", - "10.2.2", - "10.2.3", - "10.2.4", - "10.2.6", - "10.2.7", - "10.3", - "10.3.1", - "10.3.2", - "10.3.3", - "10.3.4", - "10.3.5", - "10.3.6", - "10.5", - "10.5.4" - ], - "CIS-5.0": [ - "3.1" - ], - "CIS-1.4": [ - "3.1" - ], - "GxP-EU-Annex-11": [ - "1-risk-management", - "4.2-validation-documentation-change-control" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Logging.CN05.AR01", - "CCC.Core.CN08.AR01", - "CCC.Core.CN09.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR03" - ], - "GxP-21-CFR-Part-11": [ - "11.10-e", - "11.10-k", - "11.300-d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "CloudTrail.1" - ], - "CIS-1.5": [ - "3.1" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02", - "SEC04-BP03" - ], - "NIST-800-53-Revision-4": [ - "ac_2_4", - "ac_2", - "au_2", - "au_3", - "au_12", - "cm_2" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "CIS-2.0": [ - "3.1" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure CloudTrail is enabled in all regions", - "title": "Ensure CloudTrail is enabled in all regions", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled-211203495394-ap-northeast-3-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-northeast-3", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:ap-northeast-3:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-northeast-3" - }, - "remediation": { - "desc": "Ensure Logging is set to ON on all regions (even if they are not being used at the moment.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrailconcepts.html#cloudtrail-concepts-management-events" - ] - }, - "risk_details": "AWS CloudTrail is a web service that records AWS API calls for your account and delivers log files to you. The recorded information includes the identity of the API caller, the time of the API call, the source IP address of the API caller, the request parameters, and the response elements returned by the AWS service.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled with logging were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled with logging were found.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_12", - "3_3_1", - "3_3_2", - "3_3_3", - "3_4_1", - "3_6_1", - "3_6_2", - "3_13_1", - "3_13_2", - "3_14_6", - "3_14_7" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_4" - ], - "HIPAA": [ - "164_308_a_1_ii_d", - "164_308_a_3_ii_a", - "164_308_a_6_ii", - "164_312_b", - "164_312_e_2_i" - ], - "SOC2": [ - "cc_2_1", - "cc_7_2", - "cc_a_1_1" - ], - "C5-2025": [ - "OIS-05.01B", - "OIS-05.02B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-15.03B", - "IAM-07.04B", - "DEV-08.02B", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-12.03AC" - ], - "NIST-CSF-1.1": [ - "ae_1", - "ae_3", - "ae_4", - "cm_1", - "cm_3", - "cm_6", - "cm_7", - "am_3", - "ac_6", - "ds_5", - "ma_2", - "pt_1" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-4", - "ac-2-g", - "au-2-a-d", - "au-3", - "au-6-1-3", - "au-12-a-c", - "ca-7-a-b", - "si-4-16", - "si-4-2", - "si-4-4", - "si-4-5" - ], - "CIS-3.0": [ - "3.1" - ], - "NIST-800-53-Revision-5": [ - "ac_2_4", - "ac_3_1", - "ac_3_10", - "ac_4_26", - "ac_6_9", - "au_2_b", - "au_3_1", - "au_3_a", - "au_3_b", - "au_3_c", - "au_3_d", - "au_3_e", - "au_3_f", - "au_6_3", - "au_6_4", - "au_6_6", - "au_6_9", - "au_8_b", - "au_10", - "au_12_a", - "au_12_c", - "au_12_1", - "au_12_2", - "au_12_3", - "au_12_4", - "au_14_a", - "au_14_b", - "au_14_3", - "ca_7_b", - "cm_5_1_b", - "cm_6_a", - "cm_9_b", - "ia_3_3_b", - "ma_4_1_a", - "pm_14_a_1", - "pm_14_b", - "pm_31", - "sc_7_9_b", - "si_1_1_c", - "si_3_8_b", - "si_4_2", - "si_4_17", - "si_4_20", - "si_7_8", - "si_10_1_c" - ], - "ENS-RD2022": [ - "op.acc.6.r5.aws.iam.1", - "op.exp.5.aws.ct.1", - "op.exp.8.aws.ct.1", - "op.exp.8.aws.ct.6", - "op.exp.9.aws.ct.1", - "op.mon.1.aws.ct.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "CIS-4.0.1": [ - "3.1" - ], - "PCI-4.0": [ - "10.2.1.1.22", - "10.2.1.2.19", - "10.2.1.3.19", - "10.2.1.4.19", - "10.2.1.5.19", - "10.2.1.6.19", - "10.2.1.7.19", - "10.2.1.19", - "10.2.2.19", - "10.3.1.19", - "10.6.3.24", - "5.3.4.22", - "A1.2.1.23" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "au-2", - "ca-7" - ], - "FFIEC": [ - "d2-ma-ma-b-1", - "d2-ma-ma-b-2", - "d3-dc-an-b-3", - "d3-dc-an-b-4", - "d3-dc-an-b-5", - "d3-dc-ev-b-1", - "d3-dc-ev-b-3", - "d3-pc-im-b-3", - "d3-pc-im-b-7", - "d5-dr-de-b-3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "3.2", - "3.2.3", - "3.4", - "3.4.d", - "10.1", - "10.2", - "10.2.1", - "10.2.2", - "10.2.3", - "10.2.4", - "10.2.6", - "10.2.7", - "10.3", - "10.3.1", - "10.3.2", - "10.3.3", - "10.3.4", - "10.3.5", - "10.3.6", - "10.5", - "10.5.4" - ], - "CIS-5.0": [ - "3.1" - ], - "CIS-1.4": [ - "3.1" - ], - "GxP-EU-Annex-11": [ - "1-risk-management", - "4.2-validation-documentation-change-control" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Logging.CN05.AR01", - "CCC.Core.CN08.AR01", - "CCC.Core.CN09.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR03" - ], - "GxP-21-CFR-Part-11": [ - "11.10-e", - "11.10-k", - "11.300-d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "CloudTrail.1" - ], - "CIS-1.5": [ - "3.1" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02", - "SEC04-BP03" - ], - "NIST-800-53-Revision-4": [ - "ac_2_4", - "ac_2", - "au_2", - "au_3", - "au_12", - "cm_2" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "CIS-2.0": [ - "3.1" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure CloudTrail is enabled in all regions", - "title": "Ensure CloudTrail is enabled in all regions", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled-211203495394-ap-south-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-south-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:ap-south-1:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-south-1" - }, - "remediation": { - "desc": "Ensure Logging is set to ON on all regions (even if they are not being used at the moment.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrailconcepts.html#cloudtrail-concepts-management-events" - ] - }, - "risk_details": "AWS CloudTrail is a web service that records AWS API calls for your account and delivers log files to you. The recorded information includes the identity of the API caller, the time of the API call, the source IP address of the API caller, the request parameters, and the response elements returned by the AWS service.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled with logging were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled with logging were found.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_12", - "3_3_1", - "3_3_2", - "3_3_3", - "3_4_1", - "3_6_1", - "3_6_2", - "3_13_1", - "3_13_2", - "3_14_6", - "3_14_7" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_4" - ], - "HIPAA": [ - "164_308_a_1_ii_d", - "164_308_a_3_ii_a", - "164_308_a_6_ii", - "164_312_b", - "164_312_e_2_i" - ], - "SOC2": [ - "cc_2_1", - "cc_7_2", - "cc_a_1_1" - ], - "C5-2025": [ - "OIS-05.01B", - "OIS-05.02B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-15.03B", - "IAM-07.04B", - "DEV-08.02B", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-12.03AC" - ], - "NIST-CSF-1.1": [ - "ae_1", - "ae_3", - "ae_4", - "cm_1", - "cm_3", - "cm_6", - "cm_7", - "am_3", - "ac_6", - "ds_5", - "ma_2", - "pt_1" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-4", - "ac-2-g", - "au-2-a-d", - "au-3", - "au-6-1-3", - "au-12-a-c", - "ca-7-a-b", - "si-4-16", - "si-4-2", - "si-4-4", - "si-4-5" - ], - "CIS-3.0": [ - "3.1" - ], - "NIST-800-53-Revision-5": [ - "ac_2_4", - "ac_3_1", - "ac_3_10", - "ac_4_26", - "ac_6_9", - "au_2_b", - "au_3_1", - "au_3_a", - "au_3_b", - "au_3_c", - "au_3_d", - "au_3_e", - "au_3_f", - "au_6_3", - "au_6_4", - "au_6_6", - "au_6_9", - "au_8_b", - "au_10", - "au_12_a", - "au_12_c", - "au_12_1", - "au_12_2", - "au_12_3", - "au_12_4", - "au_14_a", - "au_14_b", - "au_14_3", - "ca_7_b", - "cm_5_1_b", - "cm_6_a", - "cm_9_b", - "ia_3_3_b", - "ma_4_1_a", - "pm_14_a_1", - "pm_14_b", - "pm_31", - "sc_7_9_b", - "si_1_1_c", - "si_3_8_b", - "si_4_2", - "si_4_17", - "si_4_20", - "si_7_8", - "si_10_1_c" - ], - "ENS-RD2022": [ - "op.acc.6.r5.aws.iam.1", - "op.exp.5.aws.ct.1", - "op.exp.8.aws.ct.1", - "op.exp.8.aws.ct.6", - "op.exp.9.aws.ct.1", - "op.mon.1.aws.ct.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "CIS-4.0.1": [ - "3.1" - ], - "PCI-4.0": [ - "10.2.1.1.22", - "10.2.1.2.19", - "10.2.1.3.19", - "10.2.1.4.19", - "10.2.1.5.19", - "10.2.1.6.19", - "10.2.1.7.19", - "10.2.1.19", - "10.2.2.19", - "10.3.1.19", - "10.6.3.24", - "5.3.4.22", - "A1.2.1.23" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "au-2", - "ca-7" - ], - "FFIEC": [ - "d2-ma-ma-b-1", - "d2-ma-ma-b-2", - "d3-dc-an-b-3", - "d3-dc-an-b-4", - "d3-dc-an-b-5", - "d3-dc-ev-b-1", - "d3-dc-ev-b-3", - "d3-pc-im-b-3", - "d3-pc-im-b-7", - "d5-dr-de-b-3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "3.2", - "3.2.3", - "3.4", - "3.4.d", - "10.1", - "10.2", - "10.2.1", - "10.2.2", - "10.2.3", - "10.2.4", - "10.2.6", - "10.2.7", - "10.3", - "10.3.1", - "10.3.2", - "10.3.3", - "10.3.4", - "10.3.5", - "10.3.6", - "10.5", - "10.5.4" - ], - "CIS-5.0": [ - "3.1" - ], - "CIS-1.4": [ - "3.1" - ], - "GxP-EU-Annex-11": [ - "1-risk-management", - "4.2-validation-documentation-change-control" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Logging.CN05.AR01", - "CCC.Core.CN08.AR01", - "CCC.Core.CN09.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR03" - ], - "GxP-21-CFR-Part-11": [ - "11.10-e", - "11.10-k", - "11.300-d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "CloudTrail.1" - ], - "CIS-1.5": [ - "3.1" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02", - "SEC04-BP03" - ], - "NIST-800-53-Revision-4": [ - "ac_2_4", - "ac_2", - "au_2", - "au_3", - "au_12", - "cm_2" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "CIS-2.0": [ - "3.1" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure CloudTrail is enabled in all regions", - "title": "Ensure CloudTrail is enabled in all regions", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled-211203495394-ap-southeast-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-southeast-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:ap-southeast-1:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-southeast-1" - }, - "remediation": { - "desc": "Ensure Logging is set to ON on all regions (even if they are not being used at the moment.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrailconcepts.html#cloudtrail-concepts-management-events" - ] - }, - "risk_details": "AWS CloudTrail is a web service that records AWS API calls for your account and delivers log files to you. The recorded information includes the identity of the API caller, the time of the API call, the source IP address of the API caller, the request parameters, and the response elements returned by the AWS service.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled with logging were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled with logging were found.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_12", - "3_3_1", - "3_3_2", - "3_3_3", - "3_4_1", - "3_6_1", - "3_6_2", - "3_13_1", - "3_13_2", - "3_14_6", - "3_14_7" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_4" - ], - "HIPAA": [ - "164_308_a_1_ii_d", - "164_308_a_3_ii_a", - "164_308_a_6_ii", - "164_312_b", - "164_312_e_2_i" - ], - "SOC2": [ - "cc_2_1", - "cc_7_2", - "cc_a_1_1" - ], - "C5-2025": [ - "OIS-05.01B", - "OIS-05.02B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-15.03B", - "IAM-07.04B", - "DEV-08.02B", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-12.03AC" - ], - "NIST-CSF-1.1": [ - "ae_1", - "ae_3", - "ae_4", - "cm_1", - "cm_3", - "cm_6", - "cm_7", - "am_3", - "ac_6", - "ds_5", - "ma_2", - "pt_1" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-4", - "ac-2-g", - "au-2-a-d", - "au-3", - "au-6-1-3", - "au-12-a-c", - "ca-7-a-b", - "si-4-16", - "si-4-2", - "si-4-4", - "si-4-5" - ], - "CIS-3.0": [ - "3.1" - ], - "NIST-800-53-Revision-5": [ - "ac_2_4", - "ac_3_1", - "ac_3_10", - "ac_4_26", - "ac_6_9", - "au_2_b", - "au_3_1", - "au_3_a", - "au_3_b", - "au_3_c", - "au_3_d", - "au_3_e", - "au_3_f", - "au_6_3", - "au_6_4", - "au_6_6", - "au_6_9", - "au_8_b", - "au_10", - "au_12_a", - "au_12_c", - "au_12_1", - "au_12_2", - "au_12_3", - "au_12_4", - "au_14_a", - "au_14_b", - "au_14_3", - "ca_7_b", - "cm_5_1_b", - "cm_6_a", - "cm_9_b", - "ia_3_3_b", - "ma_4_1_a", - "pm_14_a_1", - "pm_14_b", - "pm_31", - "sc_7_9_b", - "si_1_1_c", - "si_3_8_b", - "si_4_2", - "si_4_17", - "si_4_20", - "si_7_8", - "si_10_1_c" - ], - "ENS-RD2022": [ - "op.acc.6.r5.aws.iam.1", - "op.exp.5.aws.ct.1", - "op.exp.8.aws.ct.1", - "op.exp.8.aws.ct.6", - "op.exp.9.aws.ct.1", - "op.mon.1.aws.ct.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "CIS-4.0.1": [ - "3.1" - ], - "PCI-4.0": [ - "10.2.1.1.22", - "10.2.1.2.19", - "10.2.1.3.19", - "10.2.1.4.19", - "10.2.1.5.19", - "10.2.1.6.19", - "10.2.1.7.19", - "10.2.1.19", - "10.2.2.19", - "10.3.1.19", - "10.6.3.24", - "5.3.4.22", - "A1.2.1.23" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "au-2", - "ca-7" - ], - "FFIEC": [ - "d2-ma-ma-b-1", - "d2-ma-ma-b-2", - "d3-dc-an-b-3", - "d3-dc-an-b-4", - "d3-dc-an-b-5", - "d3-dc-ev-b-1", - "d3-dc-ev-b-3", - "d3-pc-im-b-3", - "d3-pc-im-b-7", - "d5-dr-de-b-3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "3.2", - "3.2.3", - "3.4", - "3.4.d", - "10.1", - "10.2", - "10.2.1", - "10.2.2", - "10.2.3", - "10.2.4", - "10.2.6", - "10.2.7", - "10.3", - "10.3.1", - "10.3.2", - "10.3.3", - "10.3.4", - "10.3.5", - "10.3.6", - "10.5", - "10.5.4" - ], - "CIS-5.0": [ - "3.1" - ], - "CIS-1.4": [ - "3.1" - ], - "GxP-EU-Annex-11": [ - "1-risk-management", - "4.2-validation-documentation-change-control" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Logging.CN05.AR01", - "CCC.Core.CN08.AR01", - "CCC.Core.CN09.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR03" - ], - "GxP-21-CFR-Part-11": [ - "11.10-e", - "11.10-k", - "11.300-d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "CloudTrail.1" - ], - "CIS-1.5": [ - "3.1" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02", - "SEC04-BP03" - ], - "NIST-800-53-Revision-4": [ - "ac_2_4", - "ac_2", - "au_2", - "au_3", - "au_12", - "cm_2" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "CIS-2.0": [ - "3.1" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure CloudTrail is enabled in all regions", - "title": "Ensure CloudTrail is enabled in all regions", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled-211203495394-ap-southeast-2-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-southeast-2", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:ap-southeast-2:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-southeast-2" - }, - "remediation": { - "desc": "Ensure Logging is set to ON on all regions (even if they are not being used at the moment.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrailconcepts.html#cloudtrail-concepts-management-events" - ] - }, - "risk_details": "AWS CloudTrail is a web service that records AWS API calls for your account and delivers log files to you. The recorded information includes the identity of the API caller, the time of the API call, the source IP address of the API caller, the request parameters, and the response elements returned by the AWS service.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled with logging were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled with logging were found.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_12", - "3_3_1", - "3_3_2", - "3_3_3", - "3_4_1", - "3_6_1", - "3_6_2", - "3_13_1", - "3_13_2", - "3_14_6", - "3_14_7" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_4" - ], - "HIPAA": [ - "164_308_a_1_ii_d", - "164_308_a_3_ii_a", - "164_308_a_6_ii", - "164_312_b", - "164_312_e_2_i" - ], - "SOC2": [ - "cc_2_1", - "cc_7_2", - "cc_a_1_1" - ], - "C5-2025": [ - "OIS-05.01B", - "OIS-05.02B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-15.03B", - "IAM-07.04B", - "DEV-08.02B", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-12.03AC" - ], - "NIST-CSF-1.1": [ - "ae_1", - "ae_3", - "ae_4", - "cm_1", - "cm_3", - "cm_6", - "cm_7", - "am_3", - "ac_6", - "ds_5", - "ma_2", - "pt_1" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-4", - "ac-2-g", - "au-2-a-d", - "au-3", - "au-6-1-3", - "au-12-a-c", - "ca-7-a-b", - "si-4-16", - "si-4-2", - "si-4-4", - "si-4-5" - ], - "CIS-3.0": [ - "3.1" - ], - "NIST-800-53-Revision-5": [ - "ac_2_4", - "ac_3_1", - "ac_3_10", - "ac_4_26", - "ac_6_9", - "au_2_b", - "au_3_1", - "au_3_a", - "au_3_b", - "au_3_c", - "au_3_d", - "au_3_e", - "au_3_f", - "au_6_3", - "au_6_4", - "au_6_6", - "au_6_9", - "au_8_b", - "au_10", - "au_12_a", - "au_12_c", - "au_12_1", - "au_12_2", - "au_12_3", - "au_12_4", - "au_14_a", - "au_14_b", - "au_14_3", - "ca_7_b", - "cm_5_1_b", - "cm_6_a", - "cm_9_b", - "ia_3_3_b", - "ma_4_1_a", - "pm_14_a_1", - "pm_14_b", - "pm_31", - "sc_7_9_b", - "si_1_1_c", - "si_3_8_b", - "si_4_2", - "si_4_17", - "si_4_20", - "si_7_8", - "si_10_1_c" - ], - "ENS-RD2022": [ - "op.acc.6.r5.aws.iam.1", - "op.exp.5.aws.ct.1", - "op.exp.8.aws.ct.1", - "op.exp.8.aws.ct.6", - "op.exp.9.aws.ct.1", - "op.mon.1.aws.ct.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "CIS-4.0.1": [ - "3.1" - ], - "PCI-4.0": [ - "10.2.1.1.22", - "10.2.1.2.19", - "10.2.1.3.19", - "10.2.1.4.19", - "10.2.1.5.19", - "10.2.1.6.19", - "10.2.1.7.19", - "10.2.1.19", - "10.2.2.19", - "10.3.1.19", - "10.6.3.24", - "5.3.4.22", - "A1.2.1.23" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "au-2", - "ca-7" - ], - "FFIEC": [ - "d2-ma-ma-b-1", - "d2-ma-ma-b-2", - "d3-dc-an-b-3", - "d3-dc-an-b-4", - "d3-dc-an-b-5", - "d3-dc-ev-b-1", - "d3-dc-ev-b-3", - "d3-pc-im-b-3", - "d3-pc-im-b-7", - "d5-dr-de-b-3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "3.2", - "3.2.3", - "3.4", - "3.4.d", - "10.1", - "10.2", - "10.2.1", - "10.2.2", - "10.2.3", - "10.2.4", - "10.2.6", - "10.2.7", - "10.3", - "10.3.1", - "10.3.2", - "10.3.3", - "10.3.4", - "10.3.5", - "10.3.6", - "10.5", - "10.5.4" - ], - "CIS-5.0": [ - "3.1" - ], - "CIS-1.4": [ - "3.1" - ], - "GxP-EU-Annex-11": [ - "1-risk-management", - "4.2-validation-documentation-change-control" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Logging.CN05.AR01", - "CCC.Core.CN08.AR01", - "CCC.Core.CN09.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR03" - ], - "GxP-21-CFR-Part-11": [ - "11.10-e", - "11.10-k", - "11.300-d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "CloudTrail.1" - ], - "CIS-1.5": [ - "3.1" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02", - "SEC04-BP03" - ], - "NIST-800-53-Revision-4": [ - "ac_2_4", - "ac_2", - "au_2", - "au_3", - "au_12", - "cm_2" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "CIS-2.0": [ - "3.1" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure CloudTrail is enabled in all regions", - "title": "Ensure CloudTrail is enabled in all regions", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled-211203495394-ca-central-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ca-central-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:ca-central-1:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ca-central-1" - }, - "remediation": { - "desc": "Ensure Logging is set to ON on all regions (even if they are not being used at the moment.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrailconcepts.html#cloudtrail-concepts-management-events" - ] - }, - "risk_details": "AWS CloudTrail is a web service that records AWS API calls for your account and delivers log files to you. The recorded information includes the identity of the API caller, the time of the API call, the source IP address of the API caller, the request parameters, and the response elements returned by the AWS service.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled with logging were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled with logging were found.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_12", - "3_3_1", - "3_3_2", - "3_3_3", - "3_4_1", - "3_6_1", - "3_6_2", - "3_13_1", - "3_13_2", - "3_14_6", - "3_14_7" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_4" - ], - "HIPAA": [ - "164_308_a_1_ii_d", - "164_308_a_3_ii_a", - "164_308_a_6_ii", - "164_312_b", - "164_312_e_2_i" - ], - "SOC2": [ - "cc_2_1", - "cc_7_2", - "cc_a_1_1" - ], - "C5-2025": [ - "OIS-05.01B", - "OIS-05.02B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-15.03B", - "IAM-07.04B", - "DEV-08.02B", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-12.03AC" - ], - "NIST-CSF-1.1": [ - "ae_1", - "ae_3", - "ae_4", - "cm_1", - "cm_3", - "cm_6", - "cm_7", - "am_3", - "ac_6", - "ds_5", - "ma_2", - "pt_1" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-4", - "ac-2-g", - "au-2-a-d", - "au-3", - "au-6-1-3", - "au-12-a-c", - "ca-7-a-b", - "si-4-16", - "si-4-2", - "si-4-4", - "si-4-5" - ], - "CIS-3.0": [ - "3.1" - ], - "NIST-800-53-Revision-5": [ - "ac_2_4", - "ac_3_1", - "ac_3_10", - "ac_4_26", - "ac_6_9", - "au_2_b", - "au_3_1", - "au_3_a", - "au_3_b", - "au_3_c", - "au_3_d", - "au_3_e", - "au_3_f", - "au_6_3", - "au_6_4", - "au_6_6", - "au_6_9", - "au_8_b", - "au_10", - "au_12_a", - "au_12_c", - "au_12_1", - "au_12_2", - "au_12_3", - "au_12_4", - "au_14_a", - "au_14_b", - "au_14_3", - "ca_7_b", - "cm_5_1_b", - "cm_6_a", - "cm_9_b", - "ia_3_3_b", - "ma_4_1_a", - "pm_14_a_1", - "pm_14_b", - "pm_31", - "sc_7_9_b", - "si_1_1_c", - "si_3_8_b", - "si_4_2", - "si_4_17", - "si_4_20", - "si_7_8", - "si_10_1_c" - ], - "ENS-RD2022": [ - "op.acc.6.r5.aws.iam.1", - "op.exp.5.aws.ct.1", - "op.exp.8.aws.ct.1", - "op.exp.8.aws.ct.6", - "op.exp.9.aws.ct.1", - "op.mon.1.aws.ct.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "CIS-4.0.1": [ - "3.1" - ], - "PCI-4.0": [ - "10.2.1.1.22", - "10.2.1.2.19", - "10.2.1.3.19", - "10.2.1.4.19", - "10.2.1.5.19", - "10.2.1.6.19", - "10.2.1.7.19", - "10.2.1.19", - "10.2.2.19", - "10.3.1.19", - "10.6.3.24", - "5.3.4.22", - "A1.2.1.23" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "au-2", - "ca-7" - ], - "FFIEC": [ - "d2-ma-ma-b-1", - "d2-ma-ma-b-2", - "d3-dc-an-b-3", - "d3-dc-an-b-4", - "d3-dc-an-b-5", - "d3-dc-ev-b-1", - "d3-dc-ev-b-3", - "d3-pc-im-b-3", - "d3-pc-im-b-7", - "d5-dr-de-b-3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "3.2", - "3.2.3", - "3.4", - "3.4.d", - "10.1", - "10.2", - "10.2.1", - "10.2.2", - "10.2.3", - "10.2.4", - "10.2.6", - "10.2.7", - "10.3", - "10.3.1", - "10.3.2", - "10.3.3", - "10.3.4", - "10.3.5", - "10.3.6", - "10.5", - "10.5.4" - ], - "CIS-5.0": [ - "3.1" - ], - "CIS-1.4": [ - "3.1" - ], - "GxP-EU-Annex-11": [ - "1-risk-management", - "4.2-validation-documentation-change-control" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Logging.CN05.AR01", - "CCC.Core.CN08.AR01", - "CCC.Core.CN09.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR03" - ], - "GxP-21-CFR-Part-11": [ - "11.10-e", - "11.10-k", - "11.300-d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "CloudTrail.1" - ], - "CIS-1.5": [ - "3.1" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02", - "SEC04-BP03" - ], - "NIST-800-53-Revision-4": [ - "ac_2_4", - "ac_2", - "au_2", - "au_3", - "au_12", - "cm_2" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "CIS-2.0": [ - "3.1" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure CloudTrail is enabled in all regions", - "title": "Ensure CloudTrail is enabled in all regions", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled-211203495394-eu-central-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-central-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:eu-central-1:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-central-1" - }, - "remediation": { - "desc": "Ensure Logging is set to ON on all regions (even if they are not being used at the moment.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrailconcepts.html#cloudtrail-concepts-management-events" - ] - }, - "risk_details": "AWS CloudTrail is a web service that records AWS API calls for your account and delivers log files to you. The recorded information includes the identity of the API caller, the time of the API call, the source IP address of the API caller, the request parameters, and the response elements returned by the AWS service.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled with logging were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled with logging were found.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_12", - "3_3_1", - "3_3_2", - "3_3_3", - "3_4_1", - "3_6_1", - "3_6_2", - "3_13_1", - "3_13_2", - "3_14_6", - "3_14_7" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_4" - ], - "HIPAA": [ - "164_308_a_1_ii_d", - "164_308_a_3_ii_a", - "164_308_a_6_ii", - "164_312_b", - "164_312_e_2_i" - ], - "SOC2": [ - "cc_2_1", - "cc_7_2", - "cc_a_1_1" - ], - "C5-2025": [ - "OIS-05.01B", - "OIS-05.02B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-15.03B", - "IAM-07.04B", - "DEV-08.02B", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-12.03AC" - ], - "NIST-CSF-1.1": [ - "ae_1", - "ae_3", - "ae_4", - "cm_1", - "cm_3", - "cm_6", - "cm_7", - "am_3", - "ac_6", - "ds_5", - "ma_2", - "pt_1" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-4", - "ac-2-g", - "au-2-a-d", - "au-3", - "au-6-1-3", - "au-12-a-c", - "ca-7-a-b", - "si-4-16", - "si-4-2", - "si-4-4", - "si-4-5" - ], - "CIS-3.0": [ - "3.1" - ], - "NIST-800-53-Revision-5": [ - "ac_2_4", - "ac_3_1", - "ac_3_10", - "ac_4_26", - "ac_6_9", - "au_2_b", - "au_3_1", - "au_3_a", - "au_3_b", - "au_3_c", - "au_3_d", - "au_3_e", - "au_3_f", - "au_6_3", - "au_6_4", - "au_6_6", - "au_6_9", - "au_8_b", - "au_10", - "au_12_a", - "au_12_c", - "au_12_1", - "au_12_2", - "au_12_3", - "au_12_4", - "au_14_a", - "au_14_b", - "au_14_3", - "ca_7_b", - "cm_5_1_b", - "cm_6_a", - "cm_9_b", - "ia_3_3_b", - "ma_4_1_a", - "pm_14_a_1", - "pm_14_b", - "pm_31", - "sc_7_9_b", - "si_1_1_c", - "si_3_8_b", - "si_4_2", - "si_4_17", - "si_4_20", - "si_7_8", - "si_10_1_c" - ], - "ENS-RD2022": [ - "op.acc.6.r5.aws.iam.1", - "op.exp.5.aws.ct.1", - "op.exp.8.aws.ct.1", - "op.exp.8.aws.ct.6", - "op.exp.9.aws.ct.1", - "op.mon.1.aws.ct.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "CIS-4.0.1": [ - "3.1" - ], - "PCI-4.0": [ - "10.2.1.1.22", - "10.2.1.2.19", - "10.2.1.3.19", - "10.2.1.4.19", - "10.2.1.5.19", - "10.2.1.6.19", - "10.2.1.7.19", - "10.2.1.19", - "10.2.2.19", - "10.3.1.19", - "10.6.3.24", - "5.3.4.22", - "A1.2.1.23" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "au-2", - "ca-7" - ], - "FFIEC": [ - "d2-ma-ma-b-1", - "d2-ma-ma-b-2", - "d3-dc-an-b-3", - "d3-dc-an-b-4", - "d3-dc-an-b-5", - "d3-dc-ev-b-1", - "d3-dc-ev-b-3", - "d3-pc-im-b-3", - "d3-pc-im-b-7", - "d5-dr-de-b-3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "3.2", - "3.2.3", - "3.4", - "3.4.d", - "10.1", - "10.2", - "10.2.1", - "10.2.2", - "10.2.3", - "10.2.4", - "10.2.6", - "10.2.7", - "10.3", - "10.3.1", - "10.3.2", - "10.3.3", - "10.3.4", - "10.3.5", - "10.3.6", - "10.5", - "10.5.4" - ], - "CIS-5.0": [ - "3.1" - ], - "CIS-1.4": [ - "3.1" - ], - "GxP-EU-Annex-11": [ - "1-risk-management", - "4.2-validation-documentation-change-control" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Logging.CN05.AR01", - "CCC.Core.CN08.AR01", - "CCC.Core.CN09.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR03" - ], - "GxP-21-CFR-Part-11": [ - "11.10-e", - "11.10-k", - "11.300-d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "CloudTrail.1" - ], - "CIS-1.5": [ - "3.1" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02", - "SEC04-BP03" - ], - "NIST-800-53-Revision-4": [ - "ac_2_4", - "ac_2", - "au_2", - "au_3", - "au_12", - "cm_2" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "CIS-2.0": [ - "3.1" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure CloudTrail is enabled in all regions", - "title": "Ensure CloudTrail is enabled in all regions", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled-211203495394-eu-north-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-north-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:eu-north-1:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-north-1" - }, - "remediation": { - "desc": "Ensure Logging is set to ON on all regions (even if they are not being used at the moment.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrailconcepts.html#cloudtrail-concepts-management-events" - ] - }, - "risk_details": "AWS CloudTrail is a web service that records AWS API calls for your account and delivers log files to you. The recorded information includes the identity of the API caller, the time of the API call, the source IP address of the API caller, the request parameters, and the response elements returned by the AWS service.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled with logging were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled with logging were found.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_12", - "3_3_1", - "3_3_2", - "3_3_3", - "3_4_1", - "3_6_1", - "3_6_2", - "3_13_1", - "3_13_2", - "3_14_6", - "3_14_7" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_4" - ], - "HIPAA": [ - "164_308_a_1_ii_d", - "164_308_a_3_ii_a", - "164_308_a_6_ii", - "164_312_b", - "164_312_e_2_i" - ], - "SOC2": [ - "cc_2_1", - "cc_7_2", - "cc_a_1_1" - ], - "C5-2025": [ - "OIS-05.01B", - "OIS-05.02B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-15.03B", - "IAM-07.04B", - "DEV-08.02B", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-12.03AC" - ], - "NIST-CSF-1.1": [ - "ae_1", - "ae_3", - "ae_4", - "cm_1", - "cm_3", - "cm_6", - "cm_7", - "am_3", - "ac_6", - "ds_5", - "ma_2", - "pt_1" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-4", - "ac-2-g", - "au-2-a-d", - "au-3", - "au-6-1-3", - "au-12-a-c", - "ca-7-a-b", - "si-4-16", - "si-4-2", - "si-4-4", - "si-4-5" - ], - "CIS-3.0": [ - "3.1" - ], - "NIST-800-53-Revision-5": [ - "ac_2_4", - "ac_3_1", - "ac_3_10", - "ac_4_26", - "ac_6_9", - "au_2_b", - "au_3_1", - "au_3_a", - "au_3_b", - "au_3_c", - "au_3_d", - "au_3_e", - "au_3_f", - "au_6_3", - "au_6_4", - "au_6_6", - "au_6_9", - "au_8_b", - "au_10", - "au_12_a", - "au_12_c", - "au_12_1", - "au_12_2", - "au_12_3", - "au_12_4", - "au_14_a", - "au_14_b", - "au_14_3", - "ca_7_b", - "cm_5_1_b", - "cm_6_a", - "cm_9_b", - "ia_3_3_b", - "ma_4_1_a", - "pm_14_a_1", - "pm_14_b", - "pm_31", - "sc_7_9_b", - "si_1_1_c", - "si_3_8_b", - "si_4_2", - "si_4_17", - "si_4_20", - "si_7_8", - "si_10_1_c" - ], - "ENS-RD2022": [ - "op.acc.6.r5.aws.iam.1", - "op.exp.5.aws.ct.1", - "op.exp.8.aws.ct.1", - "op.exp.8.aws.ct.6", - "op.exp.9.aws.ct.1", - "op.mon.1.aws.ct.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "CIS-4.0.1": [ - "3.1" - ], - "PCI-4.0": [ - "10.2.1.1.22", - "10.2.1.2.19", - "10.2.1.3.19", - "10.2.1.4.19", - "10.2.1.5.19", - "10.2.1.6.19", - "10.2.1.7.19", - "10.2.1.19", - "10.2.2.19", - "10.3.1.19", - "10.6.3.24", - "5.3.4.22", - "A1.2.1.23" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "au-2", - "ca-7" - ], - "FFIEC": [ - "d2-ma-ma-b-1", - "d2-ma-ma-b-2", - "d3-dc-an-b-3", - "d3-dc-an-b-4", - "d3-dc-an-b-5", - "d3-dc-ev-b-1", - "d3-dc-ev-b-3", - "d3-pc-im-b-3", - "d3-pc-im-b-7", - "d5-dr-de-b-3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "3.2", - "3.2.3", - "3.4", - "3.4.d", - "10.1", - "10.2", - "10.2.1", - "10.2.2", - "10.2.3", - "10.2.4", - "10.2.6", - "10.2.7", - "10.3", - "10.3.1", - "10.3.2", - "10.3.3", - "10.3.4", - "10.3.5", - "10.3.6", - "10.5", - "10.5.4" - ], - "CIS-5.0": [ - "3.1" - ], - "CIS-1.4": [ - "3.1" - ], - "GxP-EU-Annex-11": [ - "1-risk-management", - "4.2-validation-documentation-change-control" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Logging.CN05.AR01", - "CCC.Core.CN08.AR01", - "CCC.Core.CN09.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR03" - ], - "GxP-21-CFR-Part-11": [ - "11.10-e", - "11.10-k", - "11.300-d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "CloudTrail.1" - ], - "CIS-1.5": [ - "3.1" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02", - "SEC04-BP03" - ], - "NIST-800-53-Revision-4": [ - "ac_2_4", - "ac_2", - "au_2", - "au_3", - "au_12", - "cm_2" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "CIS-2.0": [ - "3.1" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure CloudTrail is enabled in all regions", - "title": "Ensure CloudTrail is enabled in all regions", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled-211203495394-eu-west-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:eu-west-1:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Ensure Logging is set to ON on all regions (even if they are not being used at the moment.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrailconcepts.html#cloudtrail-concepts-management-events" - ] - }, - "risk_details": "AWS CloudTrail is a web service that records AWS API calls for your account and delivers log files to you. The recorded information includes the identity of the API caller, the time of the API call, the source IP address of the API caller, the request parameters, and the response elements returned by the AWS service.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled with logging were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled with logging were found.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_12", - "3_3_1", - "3_3_2", - "3_3_3", - "3_4_1", - "3_6_1", - "3_6_2", - "3_13_1", - "3_13_2", - "3_14_6", - "3_14_7" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_4" - ], - "HIPAA": [ - "164_308_a_1_ii_d", - "164_308_a_3_ii_a", - "164_308_a_6_ii", - "164_312_b", - "164_312_e_2_i" - ], - "SOC2": [ - "cc_2_1", - "cc_7_2", - "cc_a_1_1" - ], - "C5-2025": [ - "OIS-05.01B", - "OIS-05.02B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-15.03B", - "IAM-07.04B", - "DEV-08.02B", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-12.03AC" - ], - "NIST-CSF-1.1": [ - "ae_1", - "ae_3", - "ae_4", - "cm_1", - "cm_3", - "cm_6", - "cm_7", - "am_3", - "ac_6", - "ds_5", - "ma_2", - "pt_1" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-4", - "ac-2-g", - "au-2-a-d", - "au-3", - "au-6-1-3", - "au-12-a-c", - "ca-7-a-b", - "si-4-16", - "si-4-2", - "si-4-4", - "si-4-5" - ], - "CIS-3.0": [ - "3.1" - ], - "NIST-800-53-Revision-5": [ - "ac_2_4", - "ac_3_1", - "ac_3_10", - "ac_4_26", - "ac_6_9", - "au_2_b", - "au_3_1", - "au_3_a", - "au_3_b", - "au_3_c", - "au_3_d", - "au_3_e", - "au_3_f", - "au_6_3", - "au_6_4", - "au_6_6", - "au_6_9", - "au_8_b", - "au_10", - "au_12_a", - "au_12_c", - "au_12_1", - "au_12_2", - "au_12_3", - "au_12_4", - "au_14_a", - "au_14_b", - "au_14_3", - "ca_7_b", - "cm_5_1_b", - "cm_6_a", - "cm_9_b", - "ia_3_3_b", - "ma_4_1_a", - "pm_14_a_1", - "pm_14_b", - "pm_31", - "sc_7_9_b", - "si_1_1_c", - "si_3_8_b", - "si_4_2", - "si_4_17", - "si_4_20", - "si_7_8", - "si_10_1_c" - ], - "ENS-RD2022": [ - "op.acc.6.r5.aws.iam.1", - "op.exp.5.aws.ct.1", - "op.exp.8.aws.ct.1", - "op.exp.8.aws.ct.6", - "op.exp.9.aws.ct.1", - "op.mon.1.aws.ct.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "CIS-4.0.1": [ - "3.1" - ], - "PCI-4.0": [ - "10.2.1.1.22", - "10.2.1.2.19", - "10.2.1.3.19", - "10.2.1.4.19", - "10.2.1.5.19", - "10.2.1.6.19", - "10.2.1.7.19", - "10.2.1.19", - "10.2.2.19", - "10.3.1.19", - "10.6.3.24", - "5.3.4.22", - "A1.2.1.23" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "au-2", - "ca-7" - ], - "FFIEC": [ - "d2-ma-ma-b-1", - "d2-ma-ma-b-2", - "d3-dc-an-b-3", - "d3-dc-an-b-4", - "d3-dc-an-b-5", - "d3-dc-ev-b-1", - "d3-dc-ev-b-3", - "d3-pc-im-b-3", - "d3-pc-im-b-7", - "d5-dr-de-b-3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "3.2", - "3.2.3", - "3.4", - "3.4.d", - "10.1", - "10.2", - "10.2.1", - "10.2.2", - "10.2.3", - "10.2.4", - "10.2.6", - "10.2.7", - "10.3", - "10.3.1", - "10.3.2", - "10.3.3", - "10.3.4", - "10.3.5", - "10.3.6", - "10.5", - "10.5.4" - ], - "CIS-5.0": [ - "3.1" - ], - "CIS-1.4": [ - "3.1" - ], - "GxP-EU-Annex-11": [ - "1-risk-management", - "4.2-validation-documentation-change-control" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Logging.CN05.AR01", - "CCC.Core.CN08.AR01", - "CCC.Core.CN09.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR03" - ], - "GxP-21-CFR-Part-11": [ - "11.10-e", - "11.10-k", - "11.300-d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "CloudTrail.1" - ], - "CIS-1.5": [ - "3.1" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02", - "SEC04-BP03" - ], - "NIST-800-53-Revision-4": [ - "ac_2_4", - "ac_2", - "au_2", - "au_3", - "au_12", - "cm_2" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "CIS-2.0": [ - "3.1" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure CloudTrail is enabled in all regions", - "title": "Ensure CloudTrail is enabled in all regions", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled-211203495394-eu-west-2-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-2", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:eu-west-2:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-2" - }, - "remediation": { - "desc": "Ensure Logging is set to ON on all regions (even if they are not being used at the moment.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrailconcepts.html#cloudtrail-concepts-management-events" - ] - }, - "risk_details": "AWS CloudTrail is a web service that records AWS API calls for your account and delivers log files to you. The recorded information includes the identity of the API caller, the time of the API call, the source IP address of the API caller, the request parameters, and the response elements returned by the AWS service.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled with logging were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled with logging were found.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_12", - "3_3_1", - "3_3_2", - "3_3_3", - "3_4_1", - "3_6_1", - "3_6_2", - "3_13_1", - "3_13_2", - "3_14_6", - "3_14_7" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_4" - ], - "HIPAA": [ - "164_308_a_1_ii_d", - "164_308_a_3_ii_a", - "164_308_a_6_ii", - "164_312_b", - "164_312_e_2_i" - ], - "SOC2": [ - "cc_2_1", - "cc_7_2", - "cc_a_1_1" - ], - "C5-2025": [ - "OIS-05.01B", - "OIS-05.02B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-15.03B", - "IAM-07.04B", - "DEV-08.02B", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-12.03AC" - ], - "NIST-CSF-1.1": [ - "ae_1", - "ae_3", - "ae_4", - "cm_1", - "cm_3", - "cm_6", - "cm_7", - "am_3", - "ac_6", - "ds_5", - "ma_2", - "pt_1" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-4", - "ac-2-g", - "au-2-a-d", - "au-3", - "au-6-1-3", - "au-12-a-c", - "ca-7-a-b", - "si-4-16", - "si-4-2", - "si-4-4", - "si-4-5" - ], - "CIS-3.0": [ - "3.1" - ], - "NIST-800-53-Revision-5": [ - "ac_2_4", - "ac_3_1", - "ac_3_10", - "ac_4_26", - "ac_6_9", - "au_2_b", - "au_3_1", - "au_3_a", - "au_3_b", - "au_3_c", - "au_3_d", - "au_3_e", - "au_3_f", - "au_6_3", - "au_6_4", - "au_6_6", - "au_6_9", - "au_8_b", - "au_10", - "au_12_a", - "au_12_c", - "au_12_1", - "au_12_2", - "au_12_3", - "au_12_4", - "au_14_a", - "au_14_b", - "au_14_3", - "ca_7_b", - "cm_5_1_b", - "cm_6_a", - "cm_9_b", - "ia_3_3_b", - "ma_4_1_a", - "pm_14_a_1", - "pm_14_b", - "pm_31", - "sc_7_9_b", - "si_1_1_c", - "si_3_8_b", - "si_4_2", - "si_4_17", - "si_4_20", - "si_7_8", - "si_10_1_c" - ], - "ENS-RD2022": [ - "op.acc.6.r5.aws.iam.1", - "op.exp.5.aws.ct.1", - "op.exp.8.aws.ct.1", - "op.exp.8.aws.ct.6", - "op.exp.9.aws.ct.1", - "op.mon.1.aws.ct.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "CIS-4.0.1": [ - "3.1" - ], - "PCI-4.0": [ - "10.2.1.1.22", - "10.2.1.2.19", - "10.2.1.3.19", - "10.2.1.4.19", - "10.2.1.5.19", - "10.2.1.6.19", - "10.2.1.7.19", - "10.2.1.19", - "10.2.2.19", - "10.3.1.19", - "10.6.3.24", - "5.3.4.22", - "A1.2.1.23" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "au-2", - "ca-7" - ], - "FFIEC": [ - "d2-ma-ma-b-1", - "d2-ma-ma-b-2", - "d3-dc-an-b-3", - "d3-dc-an-b-4", - "d3-dc-an-b-5", - "d3-dc-ev-b-1", - "d3-dc-ev-b-3", - "d3-pc-im-b-3", - "d3-pc-im-b-7", - "d5-dr-de-b-3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "3.2", - "3.2.3", - "3.4", - "3.4.d", - "10.1", - "10.2", - "10.2.1", - "10.2.2", - "10.2.3", - "10.2.4", - "10.2.6", - "10.2.7", - "10.3", - "10.3.1", - "10.3.2", - "10.3.3", - "10.3.4", - "10.3.5", - "10.3.6", - "10.5", - "10.5.4" - ], - "CIS-5.0": [ - "3.1" - ], - "CIS-1.4": [ - "3.1" - ], - "GxP-EU-Annex-11": [ - "1-risk-management", - "4.2-validation-documentation-change-control" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Logging.CN05.AR01", - "CCC.Core.CN08.AR01", - "CCC.Core.CN09.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR03" - ], - "GxP-21-CFR-Part-11": [ - "11.10-e", - "11.10-k", - "11.300-d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "CloudTrail.1" - ], - "CIS-1.5": [ - "3.1" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02", - "SEC04-BP03" - ], - "NIST-800-53-Revision-4": [ - "ac_2_4", - "ac_2", - "au_2", - "au_3", - "au_12", - "cm_2" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "CIS-2.0": [ - "3.1" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure CloudTrail is enabled in all regions", - "title": "Ensure CloudTrail is enabled in all regions", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled-211203495394-eu-west-3-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-3", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:eu-west-3:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-3" - }, - "remediation": { - "desc": "Ensure Logging is set to ON on all regions (even if they are not being used at the moment.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrailconcepts.html#cloudtrail-concepts-management-events" - ] - }, - "risk_details": "AWS CloudTrail is a web service that records AWS API calls for your account and delivers log files to you. The recorded information includes the identity of the API caller, the time of the API call, the source IP address of the API caller, the request parameters, and the response elements returned by the AWS service.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled with logging were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled with logging were found.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_12", - "3_3_1", - "3_3_2", - "3_3_3", - "3_4_1", - "3_6_1", - "3_6_2", - "3_13_1", - "3_13_2", - "3_14_6", - "3_14_7" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_4" - ], - "HIPAA": [ - "164_308_a_1_ii_d", - "164_308_a_3_ii_a", - "164_308_a_6_ii", - "164_312_b", - "164_312_e_2_i" - ], - "SOC2": [ - "cc_2_1", - "cc_7_2", - "cc_a_1_1" - ], - "C5-2025": [ - "OIS-05.01B", - "OIS-05.02B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-15.03B", - "IAM-07.04B", - "DEV-08.02B", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-12.03AC" - ], - "NIST-CSF-1.1": [ - "ae_1", - "ae_3", - "ae_4", - "cm_1", - "cm_3", - "cm_6", - "cm_7", - "am_3", - "ac_6", - "ds_5", - "ma_2", - "pt_1" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-4", - "ac-2-g", - "au-2-a-d", - "au-3", - "au-6-1-3", - "au-12-a-c", - "ca-7-a-b", - "si-4-16", - "si-4-2", - "si-4-4", - "si-4-5" - ], - "CIS-3.0": [ - "3.1" - ], - "NIST-800-53-Revision-5": [ - "ac_2_4", - "ac_3_1", - "ac_3_10", - "ac_4_26", - "ac_6_9", - "au_2_b", - "au_3_1", - "au_3_a", - "au_3_b", - "au_3_c", - "au_3_d", - "au_3_e", - "au_3_f", - "au_6_3", - "au_6_4", - "au_6_6", - "au_6_9", - "au_8_b", - "au_10", - "au_12_a", - "au_12_c", - "au_12_1", - "au_12_2", - "au_12_3", - "au_12_4", - "au_14_a", - "au_14_b", - "au_14_3", - "ca_7_b", - "cm_5_1_b", - "cm_6_a", - "cm_9_b", - "ia_3_3_b", - "ma_4_1_a", - "pm_14_a_1", - "pm_14_b", - "pm_31", - "sc_7_9_b", - "si_1_1_c", - "si_3_8_b", - "si_4_2", - "si_4_17", - "si_4_20", - "si_7_8", - "si_10_1_c" - ], - "ENS-RD2022": [ - "op.acc.6.r5.aws.iam.1", - "op.exp.5.aws.ct.1", - "op.exp.8.aws.ct.1", - "op.exp.8.aws.ct.6", - "op.exp.9.aws.ct.1", - "op.mon.1.aws.ct.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "CIS-4.0.1": [ - "3.1" - ], - "PCI-4.0": [ - "10.2.1.1.22", - "10.2.1.2.19", - "10.2.1.3.19", - "10.2.1.4.19", - "10.2.1.5.19", - "10.2.1.6.19", - "10.2.1.7.19", - "10.2.1.19", - "10.2.2.19", - "10.3.1.19", - "10.6.3.24", - "5.3.4.22", - "A1.2.1.23" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "au-2", - "ca-7" - ], - "FFIEC": [ - "d2-ma-ma-b-1", - "d2-ma-ma-b-2", - "d3-dc-an-b-3", - "d3-dc-an-b-4", - "d3-dc-an-b-5", - "d3-dc-ev-b-1", - "d3-dc-ev-b-3", - "d3-pc-im-b-3", - "d3-pc-im-b-7", - "d5-dr-de-b-3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "3.2", - "3.2.3", - "3.4", - "3.4.d", - "10.1", - "10.2", - "10.2.1", - "10.2.2", - "10.2.3", - "10.2.4", - "10.2.6", - "10.2.7", - "10.3", - "10.3.1", - "10.3.2", - "10.3.3", - "10.3.4", - "10.3.5", - "10.3.6", - "10.5", - "10.5.4" - ], - "CIS-5.0": [ - "3.1" - ], - "CIS-1.4": [ - "3.1" - ], - "GxP-EU-Annex-11": [ - "1-risk-management", - "4.2-validation-documentation-change-control" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Logging.CN05.AR01", - "CCC.Core.CN08.AR01", - "CCC.Core.CN09.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR03" - ], - "GxP-21-CFR-Part-11": [ - "11.10-e", - "11.10-k", - "11.300-d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "CloudTrail.1" - ], - "CIS-1.5": [ - "3.1" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02", - "SEC04-BP03" - ], - "NIST-800-53-Revision-4": [ - "ac_2_4", - "ac_2", - "au_2", - "au_3", - "au_12", - "cm_2" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "CIS-2.0": [ - "3.1" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure CloudTrail is enabled in all regions", - "title": "Ensure CloudTrail is enabled in all regions", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled-211203495394-sa-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "sa-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:sa-east-1:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "sa-east-1" - }, - "remediation": { - "desc": "Ensure Logging is set to ON on all regions (even if they are not being used at the moment.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrailconcepts.html#cloudtrail-concepts-management-events" - ] - }, - "risk_details": "AWS CloudTrail is a web service that records AWS API calls for your account and delivers log files to you. The recorded information includes the identity of the API caller, the time of the API call, the source IP address of the API caller, the request parameters, and the response elements returned by the AWS service.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled with logging were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled with logging were found.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_12", - "3_3_1", - "3_3_2", - "3_3_3", - "3_4_1", - "3_6_1", - "3_6_2", - "3_13_1", - "3_13_2", - "3_14_6", - "3_14_7" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_4" - ], - "HIPAA": [ - "164_308_a_1_ii_d", - "164_308_a_3_ii_a", - "164_308_a_6_ii", - "164_312_b", - "164_312_e_2_i" - ], - "SOC2": [ - "cc_2_1", - "cc_7_2", - "cc_a_1_1" - ], - "C5-2025": [ - "OIS-05.01B", - "OIS-05.02B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-15.03B", - "IAM-07.04B", - "DEV-08.02B", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-12.03AC" - ], - "NIST-CSF-1.1": [ - "ae_1", - "ae_3", - "ae_4", - "cm_1", - "cm_3", - "cm_6", - "cm_7", - "am_3", - "ac_6", - "ds_5", - "ma_2", - "pt_1" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-4", - "ac-2-g", - "au-2-a-d", - "au-3", - "au-6-1-3", - "au-12-a-c", - "ca-7-a-b", - "si-4-16", - "si-4-2", - "si-4-4", - "si-4-5" - ], - "CIS-3.0": [ - "3.1" - ], - "NIST-800-53-Revision-5": [ - "ac_2_4", - "ac_3_1", - "ac_3_10", - "ac_4_26", - "ac_6_9", - "au_2_b", - "au_3_1", - "au_3_a", - "au_3_b", - "au_3_c", - "au_3_d", - "au_3_e", - "au_3_f", - "au_6_3", - "au_6_4", - "au_6_6", - "au_6_9", - "au_8_b", - "au_10", - "au_12_a", - "au_12_c", - "au_12_1", - "au_12_2", - "au_12_3", - "au_12_4", - "au_14_a", - "au_14_b", - "au_14_3", - "ca_7_b", - "cm_5_1_b", - "cm_6_a", - "cm_9_b", - "ia_3_3_b", - "ma_4_1_a", - "pm_14_a_1", - "pm_14_b", - "pm_31", - "sc_7_9_b", - "si_1_1_c", - "si_3_8_b", - "si_4_2", - "si_4_17", - "si_4_20", - "si_7_8", - "si_10_1_c" - ], - "ENS-RD2022": [ - "op.acc.6.r5.aws.iam.1", - "op.exp.5.aws.ct.1", - "op.exp.8.aws.ct.1", - "op.exp.8.aws.ct.6", - "op.exp.9.aws.ct.1", - "op.mon.1.aws.ct.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "CIS-4.0.1": [ - "3.1" - ], - "PCI-4.0": [ - "10.2.1.1.22", - "10.2.1.2.19", - "10.2.1.3.19", - "10.2.1.4.19", - "10.2.1.5.19", - "10.2.1.6.19", - "10.2.1.7.19", - "10.2.1.19", - "10.2.2.19", - "10.3.1.19", - "10.6.3.24", - "5.3.4.22", - "A1.2.1.23" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "au-2", - "ca-7" - ], - "FFIEC": [ - "d2-ma-ma-b-1", - "d2-ma-ma-b-2", - "d3-dc-an-b-3", - "d3-dc-an-b-4", - "d3-dc-an-b-5", - "d3-dc-ev-b-1", - "d3-dc-ev-b-3", - "d3-pc-im-b-3", - "d3-pc-im-b-7", - "d5-dr-de-b-3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "3.2", - "3.2.3", - "3.4", - "3.4.d", - "10.1", - "10.2", - "10.2.1", - "10.2.2", - "10.2.3", - "10.2.4", - "10.2.6", - "10.2.7", - "10.3", - "10.3.1", - "10.3.2", - "10.3.3", - "10.3.4", - "10.3.5", - "10.3.6", - "10.5", - "10.5.4" - ], - "CIS-5.0": [ - "3.1" - ], - "CIS-1.4": [ - "3.1" - ], - "GxP-EU-Annex-11": [ - "1-risk-management", - "4.2-validation-documentation-change-control" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Logging.CN05.AR01", - "CCC.Core.CN08.AR01", - "CCC.Core.CN09.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR03" - ], - "GxP-21-CFR-Part-11": [ - "11.10-e", - "11.10-k", - "11.300-d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "CloudTrail.1" - ], - "CIS-1.5": [ - "3.1" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02", - "SEC04-BP03" - ], - "NIST-800-53-Revision-4": [ - "ac_2_4", - "ac_2", - "au_2", - "au_3", - "au_12", - "cm_2" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "CIS-2.0": [ - "3.1" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure CloudTrail is enabled in all regions", - "title": "Ensure CloudTrail is enabled in all regions", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:us-east-1:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Ensure Logging is set to ON on all regions (even if they are not being used at the moment.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrailconcepts.html#cloudtrail-concepts-management-events" - ] - }, - "risk_details": "AWS CloudTrail is a web service that records AWS API calls for your account and delivers log files to you. The recorded information includes the identity of the API caller, the time of the API call, the source IP address of the API caller, the request parameters, and the response elements returned by the AWS service.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled with logging were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled with logging were found.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_12", - "3_3_1", - "3_3_2", - "3_3_3", - "3_4_1", - "3_6_1", - "3_6_2", - "3_13_1", - "3_13_2", - "3_14_6", - "3_14_7" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_4" - ], - "HIPAA": [ - "164_308_a_1_ii_d", - "164_308_a_3_ii_a", - "164_308_a_6_ii", - "164_312_b", - "164_312_e_2_i" - ], - "SOC2": [ - "cc_2_1", - "cc_7_2", - "cc_a_1_1" - ], - "C5-2025": [ - "OIS-05.01B", - "OIS-05.02B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-15.03B", - "IAM-07.04B", - "DEV-08.02B", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-12.03AC" - ], - "NIST-CSF-1.1": [ - "ae_1", - "ae_3", - "ae_4", - "cm_1", - "cm_3", - "cm_6", - "cm_7", - "am_3", - "ac_6", - "ds_5", - "ma_2", - "pt_1" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-4", - "ac-2-g", - "au-2-a-d", - "au-3", - "au-6-1-3", - "au-12-a-c", - "ca-7-a-b", - "si-4-16", - "si-4-2", - "si-4-4", - "si-4-5" - ], - "CIS-3.0": [ - "3.1" - ], - "NIST-800-53-Revision-5": [ - "ac_2_4", - "ac_3_1", - "ac_3_10", - "ac_4_26", - "ac_6_9", - "au_2_b", - "au_3_1", - "au_3_a", - "au_3_b", - "au_3_c", - "au_3_d", - "au_3_e", - "au_3_f", - "au_6_3", - "au_6_4", - "au_6_6", - "au_6_9", - "au_8_b", - "au_10", - "au_12_a", - "au_12_c", - "au_12_1", - "au_12_2", - "au_12_3", - "au_12_4", - "au_14_a", - "au_14_b", - "au_14_3", - "ca_7_b", - "cm_5_1_b", - "cm_6_a", - "cm_9_b", - "ia_3_3_b", - "ma_4_1_a", - "pm_14_a_1", - "pm_14_b", - "pm_31", - "sc_7_9_b", - "si_1_1_c", - "si_3_8_b", - "si_4_2", - "si_4_17", - "si_4_20", - "si_7_8", - "si_10_1_c" - ], - "ENS-RD2022": [ - "op.acc.6.r5.aws.iam.1", - "op.exp.5.aws.ct.1", - "op.exp.8.aws.ct.1", - "op.exp.8.aws.ct.6", - "op.exp.9.aws.ct.1", - "op.mon.1.aws.ct.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "CIS-4.0.1": [ - "3.1" - ], - "PCI-4.0": [ - "10.2.1.1.22", - "10.2.1.2.19", - "10.2.1.3.19", - "10.2.1.4.19", - "10.2.1.5.19", - "10.2.1.6.19", - "10.2.1.7.19", - "10.2.1.19", - "10.2.2.19", - "10.3.1.19", - "10.6.3.24", - "5.3.4.22", - "A1.2.1.23" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "au-2", - "ca-7" - ], - "FFIEC": [ - "d2-ma-ma-b-1", - "d2-ma-ma-b-2", - "d3-dc-an-b-3", - "d3-dc-an-b-4", - "d3-dc-an-b-5", - "d3-dc-ev-b-1", - "d3-dc-ev-b-3", - "d3-pc-im-b-3", - "d3-pc-im-b-7", - "d5-dr-de-b-3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "3.2", - "3.2.3", - "3.4", - "3.4.d", - "10.1", - "10.2", - "10.2.1", - "10.2.2", - "10.2.3", - "10.2.4", - "10.2.6", - "10.2.7", - "10.3", - "10.3.1", - "10.3.2", - "10.3.3", - "10.3.4", - "10.3.5", - "10.3.6", - "10.5", - "10.5.4" - ], - "CIS-5.0": [ - "3.1" - ], - "CIS-1.4": [ - "3.1" - ], - "GxP-EU-Annex-11": [ - "1-risk-management", - "4.2-validation-documentation-change-control" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Logging.CN05.AR01", - "CCC.Core.CN08.AR01", - "CCC.Core.CN09.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR03" - ], - "GxP-21-CFR-Part-11": [ - "11.10-e", - "11.10-k", - "11.300-d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "CloudTrail.1" - ], - "CIS-1.5": [ - "3.1" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02", - "SEC04-BP03" - ], - "NIST-800-53-Revision-4": [ - "ac_2_4", - "ac_2", - "au_2", - "au_3", - "au_12", - "cm_2" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "CIS-2.0": [ - "3.1" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure CloudTrail is enabled in all regions", - "title": "Ensure CloudTrail is enabled in all regions", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled-211203495394-us-east-2-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-2", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:us-east-2:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-2" - }, - "remediation": { - "desc": "Ensure Logging is set to ON on all regions (even if they are not being used at the moment.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrailconcepts.html#cloudtrail-concepts-management-events" - ] - }, - "risk_details": "AWS CloudTrail is a web service that records AWS API calls for your account and delivers log files to you. The recorded information includes the identity of the API caller, the time of the API call, the source IP address of the API caller, the request parameters, and the response elements returned by the AWS service.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled with logging were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled with logging were found.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_12", - "3_3_1", - "3_3_2", - "3_3_3", - "3_4_1", - "3_6_1", - "3_6_2", - "3_13_1", - "3_13_2", - "3_14_6", - "3_14_7" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_4" - ], - "HIPAA": [ - "164_308_a_1_ii_d", - "164_308_a_3_ii_a", - "164_308_a_6_ii", - "164_312_b", - "164_312_e_2_i" - ], - "SOC2": [ - "cc_2_1", - "cc_7_2", - "cc_a_1_1" - ], - "C5-2025": [ - "OIS-05.01B", - "OIS-05.02B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-15.03B", - "IAM-07.04B", - "DEV-08.02B", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-12.03AC" - ], - "NIST-CSF-1.1": [ - "ae_1", - "ae_3", - "ae_4", - "cm_1", - "cm_3", - "cm_6", - "cm_7", - "am_3", - "ac_6", - "ds_5", - "ma_2", - "pt_1" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-4", - "ac-2-g", - "au-2-a-d", - "au-3", - "au-6-1-3", - "au-12-a-c", - "ca-7-a-b", - "si-4-16", - "si-4-2", - "si-4-4", - "si-4-5" - ], - "CIS-3.0": [ - "3.1" - ], - "NIST-800-53-Revision-5": [ - "ac_2_4", - "ac_3_1", - "ac_3_10", - "ac_4_26", - "ac_6_9", - "au_2_b", - "au_3_1", - "au_3_a", - "au_3_b", - "au_3_c", - "au_3_d", - "au_3_e", - "au_3_f", - "au_6_3", - "au_6_4", - "au_6_6", - "au_6_9", - "au_8_b", - "au_10", - "au_12_a", - "au_12_c", - "au_12_1", - "au_12_2", - "au_12_3", - "au_12_4", - "au_14_a", - "au_14_b", - "au_14_3", - "ca_7_b", - "cm_5_1_b", - "cm_6_a", - "cm_9_b", - "ia_3_3_b", - "ma_4_1_a", - "pm_14_a_1", - "pm_14_b", - "pm_31", - "sc_7_9_b", - "si_1_1_c", - "si_3_8_b", - "si_4_2", - "si_4_17", - "si_4_20", - "si_7_8", - "si_10_1_c" - ], - "ENS-RD2022": [ - "op.acc.6.r5.aws.iam.1", - "op.exp.5.aws.ct.1", - "op.exp.8.aws.ct.1", - "op.exp.8.aws.ct.6", - "op.exp.9.aws.ct.1", - "op.mon.1.aws.ct.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "CIS-4.0.1": [ - "3.1" - ], - "PCI-4.0": [ - "10.2.1.1.22", - "10.2.1.2.19", - "10.2.1.3.19", - "10.2.1.4.19", - "10.2.1.5.19", - "10.2.1.6.19", - "10.2.1.7.19", - "10.2.1.19", - "10.2.2.19", - "10.3.1.19", - "10.6.3.24", - "5.3.4.22", - "A1.2.1.23" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "au-2", - "ca-7" - ], - "FFIEC": [ - "d2-ma-ma-b-1", - "d2-ma-ma-b-2", - "d3-dc-an-b-3", - "d3-dc-an-b-4", - "d3-dc-an-b-5", - "d3-dc-ev-b-1", - "d3-dc-ev-b-3", - "d3-pc-im-b-3", - "d3-pc-im-b-7", - "d5-dr-de-b-3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "3.2", - "3.2.3", - "3.4", - "3.4.d", - "10.1", - "10.2", - "10.2.1", - "10.2.2", - "10.2.3", - "10.2.4", - "10.2.6", - "10.2.7", - "10.3", - "10.3.1", - "10.3.2", - "10.3.3", - "10.3.4", - "10.3.5", - "10.3.6", - "10.5", - "10.5.4" - ], - "CIS-5.0": [ - "3.1" - ], - "CIS-1.4": [ - "3.1" - ], - "GxP-EU-Annex-11": [ - "1-risk-management", - "4.2-validation-documentation-change-control" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Logging.CN05.AR01", - "CCC.Core.CN08.AR01", - "CCC.Core.CN09.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR03" - ], - "GxP-21-CFR-Part-11": [ - "11.10-e", - "11.10-k", - "11.300-d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "CloudTrail.1" - ], - "CIS-1.5": [ - "3.1" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02", - "SEC04-BP03" - ], - "NIST-800-53-Revision-4": [ - "ac_2_4", - "ac_2", - "au_2", - "au_3", - "au_12", - "cm_2" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "CIS-2.0": [ - "3.1" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure CloudTrail is enabled in all regions", - "title": "Ensure CloudTrail is enabled in all regions", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled-211203495394-us-west-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-west-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:us-west-1:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-west-1" - }, - "remediation": { - "desc": "Ensure Logging is set to ON on all regions (even if they are not being used at the moment.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrailconcepts.html#cloudtrail-concepts-management-events" - ] - }, - "risk_details": "AWS CloudTrail is a web service that records AWS API calls for your account and delivers log files to you. The recorded information includes the identity of the API caller, the time of the API call, the source IP address of the API caller, the request parameters, and the response elements returned by the AWS service.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled with logging were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled with logging were found.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_12", - "3_3_1", - "3_3_2", - "3_3_3", - "3_4_1", - "3_6_1", - "3_6_2", - "3_13_1", - "3_13_2", - "3_14_6", - "3_14_7" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_4" - ], - "HIPAA": [ - "164_308_a_1_ii_d", - "164_308_a_3_ii_a", - "164_308_a_6_ii", - "164_312_b", - "164_312_e_2_i" - ], - "SOC2": [ - "cc_2_1", - "cc_7_2", - "cc_a_1_1" - ], - "C5-2025": [ - "OIS-05.01B", - "OIS-05.02B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-15.03B", - "IAM-07.04B", - "DEV-08.02B", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-12.03AC" - ], - "NIST-CSF-1.1": [ - "ae_1", - "ae_3", - "ae_4", - "cm_1", - "cm_3", - "cm_6", - "cm_7", - "am_3", - "ac_6", - "ds_5", - "ma_2", - "pt_1" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-4", - "ac-2-g", - "au-2-a-d", - "au-3", - "au-6-1-3", - "au-12-a-c", - "ca-7-a-b", - "si-4-16", - "si-4-2", - "si-4-4", - "si-4-5" - ], - "CIS-3.0": [ - "3.1" - ], - "NIST-800-53-Revision-5": [ - "ac_2_4", - "ac_3_1", - "ac_3_10", - "ac_4_26", - "ac_6_9", - "au_2_b", - "au_3_1", - "au_3_a", - "au_3_b", - "au_3_c", - "au_3_d", - "au_3_e", - "au_3_f", - "au_6_3", - "au_6_4", - "au_6_6", - "au_6_9", - "au_8_b", - "au_10", - "au_12_a", - "au_12_c", - "au_12_1", - "au_12_2", - "au_12_3", - "au_12_4", - "au_14_a", - "au_14_b", - "au_14_3", - "ca_7_b", - "cm_5_1_b", - "cm_6_a", - "cm_9_b", - "ia_3_3_b", - "ma_4_1_a", - "pm_14_a_1", - "pm_14_b", - "pm_31", - "sc_7_9_b", - "si_1_1_c", - "si_3_8_b", - "si_4_2", - "si_4_17", - "si_4_20", - "si_7_8", - "si_10_1_c" - ], - "ENS-RD2022": [ - "op.acc.6.r5.aws.iam.1", - "op.exp.5.aws.ct.1", - "op.exp.8.aws.ct.1", - "op.exp.8.aws.ct.6", - "op.exp.9.aws.ct.1", - "op.mon.1.aws.ct.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "CIS-4.0.1": [ - "3.1" - ], - "PCI-4.0": [ - "10.2.1.1.22", - "10.2.1.2.19", - "10.2.1.3.19", - "10.2.1.4.19", - "10.2.1.5.19", - "10.2.1.6.19", - "10.2.1.7.19", - "10.2.1.19", - "10.2.2.19", - "10.3.1.19", - "10.6.3.24", - "5.3.4.22", - "A1.2.1.23" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "au-2", - "ca-7" - ], - "FFIEC": [ - "d2-ma-ma-b-1", - "d2-ma-ma-b-2", - "d3-dc-an-b-3", - "d3-dc-an-b-4", - "d3-dc-an-b-5", - "d3-dc-ev-b-1", - "d3-dc-ev-b-3", - "d3-pc-im-b-3", - "d3-pc-im-b-7", - "d5-dr-de-b-3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "3.2", - "3.2.3", - "3.4", - "3.4.d", - "10.1", - "10.2", - "10.2.1", - "10.2.2", - "10.2.3", - "10.2.4", - "10.2.6", - "10.2.7", - "10.3", - "10.3.1", - "10.3.2", - "10.3.3", - "10.3.4", - "10.3.5", - "10.3.6", - "10.5", - "10.5.4" - ], - "CIS-5.0": [ - "3.1" - ], - "CIS-1.4": [ - "3.1" - ], - "GxP-EU-Annex-11": [ - "1-risk-management", - "4.2-validation-documentation-change-control" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Logging.CN05.AR01", - "CCC.Core.CN08.AR01", - "CCC.Core.CN09.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR03" - ], - "GxP-21-CFR-Part-11": [ - "11.10-e", - "11.10-k", - "11.300-d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "CloudTrail.1" - ], - "CIS-1.5": [ - "3.1" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02", - "SEC04-BP03" - ], - "NIST-800-53-Revision-4": [ - "ac_2_4", - "ac_2", - "au_2", - "au_3", - "au_12", - "cm_2" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "CIS-2.0": [ - "3.1" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure CloudTrail is enabled in all regions", - "title": "Ensure CloudTrail is enabled in all regions", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled-211203495394-us-west-2-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-west-2", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:us-west-2:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-west-2" - }, - "remediation": { - "desc": "Ensure Logging is set to ON on all regions (even if they are not being used at the moment.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrailconcepts.html#cloudtrail-concepts-management-events" - ] - }, - "risk_details": "AWS CloudTrail is a web service that records AWS API calls for your account and delivers log files to you. The recorded information includes the identity of the API caller, the time of the API call, the source IP address of the API caller, the request parameters, and the response elements returned by the AWS service.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled and logging management events were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled_logging_management_events", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled and logging management events were found.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.prowler.com/checks/aws/logging-policies/logging_14", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-05.02B", - "AM-01.01AC", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-11.02AC", - "OPS-12.01B", - "OPS-13.02B", - "OPS-13.01AC", - "OPS-13.03AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "IAM-07.04B", - "DEV-08.02B", - "SSO-05.01AC", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-04.05B", - "PSS-12.02AC", - "PSS-12.03AC" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR02" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "NIS2": [ - "3.1.2.a", - "3.2.3.c", - "3.4.2.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure CloudTrail logging management events in All Regions", - "title": "Ensure CloudTrail logging management events in All Regions", - "types": [ - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled_logging_management_events-211203495394-ap-northeast-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-northeast-1", - "data": { - "details": "", - "metadata": { - "arn:aws:cloudtrail:ca-central-1:211203495394:trail": { - "region": "ca-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-2:211203495394:trail": { - "region": "us-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-central-1:211203495394:trail": { - "region": "eu-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-2:211203495394:trail": { - "region": "eu-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-3:211203495394:trail": { - "region": "eu-west-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-north-1:211203495394:trail": { - "region": "eu-north-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-1:211203495394:trail": { - "region": "ap-northeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-2:211203495394:trail": { - "region": "ap-northeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-2:211203495394:trail": { - "region": "ap-southeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-1:211203495394:trail": { - "region": "us-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-east-2:211203495394:trail": { - "region": "us-east-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-1:211203495394:trail": { - "region": "ap-southeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-east-1:211203495394:trail": { - "region": "us-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-3:211203495394:trail": { - "region": "ap-northeast-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-south-1:211203495394:trail": { - "region": "ap-south-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-1:211203495394:trail": { - "region": "eu-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:sa-east-1:211203495394:trail": { - "region": "sa-east-1", - "data_events": [], - "tags": [] - } - } - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:ap-northeast-1:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-northeast-1" - }, - "remediation": { - "desc": "Enable CloudTrail logging management events in All Regions", - "references": [ - "https://docs.prowler.com/checks/aws/logging-policies/logging_14" - ] - }, - "risk_details": "AWS CloudTrail enables governance, compliance, operational auditing, and risk auditing of your AWS account. To meet FTR requirements, you must have management events enabled for all AWS accounts and in all regions and aggregate these logs into an Amazon Simple Storage Service (Amazon S3) bucket owned by a separate AWS account.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled and logging management events were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled_logging_management_events", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled and logging management events were found.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.prowler.com/checks/aws/logging-policies/logging_14", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-05.02B", - "AM-01.01AC", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-11.02AC", - "OPS-12.01B", - "OPS-13.02B", - "OPS-13.01AC", - "OPS-13.03AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "IAM-07.04B", - "DEV-08.02B", - "SSO-05.01AC", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-04.05B", - "PSS-12.02AC", - "PSS-12.03AC" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR02" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "NIS2": [ - "3.1.2.a", - "3.2.3.c", - "3.4.2.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure CloudTrail logging management events in All Regions", - "title": "Ensure CloudTrail logging management events in All Regions", - "types": [ - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled_logging_management_events-211203495394-ap-northeast-2-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-northeast-2", - "data": { - "details": "", - "metadata": { - "arn:aws:cloudtrail:ca-central-1:211203495394:trail": { - "region": "ca-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-2:211203495394:trail": { - "region": "us-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-central-1:211203495394:trail": { - "region": "eu-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-2:211203495394:trail": { - "region": "eu-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-3:211203495394:trail": { - "region": "eu-west-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-north-1:211203495394:trail": { - "region": "eu-north-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-1:211203495394:trail": { - "region": "ap-northeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-2:211203495394:trail": { - "region": "ap-northeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-2:211203495394:trail": { - "region": "ap-southeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-1:211203495394:trail": { - "region": "us-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-east-2:211203495394:trail": { - "region": "us-east-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-1:211203495394:trail": { - "region": "ap-southeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-east-1:211203495394:trail": { - "region": "us-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-3:211203495394:trail": { - "region": "ap-northeast-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-south-1:211203495394:trail": { - "region": "ap-south-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-1:211203495394:trail": { - "region": "eu-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:sa-east-1:211203495394:trail": { - "region": "sa-east-1", - "data_events": [], - "tags": [] - } - } - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:ap-northeast-2:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-northeast-2" - }, - "remediation": { - "desc": "Enable CloudTrail logging management events in All Regions", - "references": [ - "https://docs.prowler.com/checks/aws/logging-policies/logging_14" - ] - }, - "risk_details": "AWS CloudTrail enables governance, compliance, operational auditing, and risk auditing of your AWS account. To meet FTR requirements, you must have management events enabled for all AWS accounts and in all regions and aggregate these logs into an Amazon Simple Storage Service (Amazon S3) bucket owned by a separate AWS account.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled and logging management events were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled_logging_management_events", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled and logging management events were found.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.prowler.com/checks/aws/logging-policies/logging_14", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-05.02B", - "AM-01.01AC", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-11.02AC", - "OPS-12.01B", - "OPS-13.02B", - "OPS-13.01AC", - "OPS-13.03AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "IAM-07.04B", - "DEV-08.02B", - "SSO-05.01AC", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-04.05B", - "PSS-12.02AC", - "PSS-12.03AC" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR02" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "NIS2": [ - "3.1.2.a", - "3.2.3.c", - "3.4.2.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure CloudTrail logging management events in All Regions", - "title": "Ensure CloudTrail logging management events in All Regions", - "types": [ - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled_logging_management_events-211203495394-ap-northeast-3-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-northeast-3", - "data": { - "details": "", - "metadata": { - "arn:aws:cloudtrail:ca-central-1:211203495394:trail": { - "region": "ca-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-2:211203495394:trail": { - "region": "us-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-central-1:211203495394:trail": { - "region": "eu-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-2:211203495394:trail": { - "region": "eu-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-3:211203495394:trail": { - "region": "eu-west-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-north-1:211203495394:trail": { - "region": "eu-north-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-1:211203495394:trail": { - "region": "ap-northeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-2:211203495394:trail": { - "region": "ap-northeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-2:211203495394:trail": { - "region": "ap-southeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-1:211203495394:trail": { - "region": "us-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-east-2:211203495394:trail": { - "region": "us-east-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-1:211203495394:trail": { - "region": "ap-southeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-east-1:211203495394:trail": { - "region": "us-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-3:211203495394:trail": { - "region": "ap-northeast-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-south-1:211203495394:trail": { - "region": "ap-south-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-1:211203495394:trail": { - "region": "eu-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:sa-east-1:211203495394:trail": { - "region": "sa-east-1", - "data_events": [], - "tags": [] - } - } - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:ap-northeast-3:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-northeast-3" - }, - "remediation": { - "desc": "Enable CloudTrail logging management events in All Regions", - "references": [ - "https://docs.prowler.com/checks/aws/logging-policies/logging_14" - ] - }, - "risk_details": "AWS CloudTrail enables governance, compliance, operational auditing, and risk auditing of your AWS account. To meet FTR requirements, you must have management events enabled for all AWS accounts and in all regions and aggregate these logs into an Amazon Simple Storage Service (Amazon S3) bucket owned by a separate AWS account.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled and logging management events were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled_logging_management_events", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled and logging management events were found.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.prowler.com/checks/aws/logging-policies/logging_14", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-05.02B", - "AM-01.01AC", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-11.02AC", - "OPS-12.01B", - "OPS-13.02B", - "OPS-13.01AC", - "OPS-13.03AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "IAM-07.04B", - "DEV-08.02B", - "SSO-05.01AC", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-04.05B", - "PSS-12.02AC", - "PSS-12.03AC" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR02" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "NIS2": [ - "3.1.2.a", - "3.2.3.c", - "3.4.2.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure CloudTrail logging management events in All Regions", - "title": "Ensure CloudTrail logging management events in All Regions", - "types": [ - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled_logging_management_events-211203495394-ap-south-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-south-1", - "data": { - "details": "", - "metadata": { - "arn:aws:cloudtrail:ca-central-1:211203495394:trail": { - "region": "ca-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-2:211203495394:trail": { - "region": "us-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-central-1:211203495394:trail": { - "region": "eu-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-2:211203495394:trail": { - "region": "eu-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-3:211203495394:trail": { - "region": "eu-west-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-north-1:211203495394:trail": { - "region": "eu-north-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-1:211203495394:trail": { - "region": "ap-northeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-2:211203495394:trail": { - "region": "ap-northeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-2:211203495394:trail": { - "region": "ap-southeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-1:211203495394:trail": { - "region": "us-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-east-2:211203495394:trail": { - "region": "us-east-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-1:211203495394:trail": { - "region": "ap-southeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-east-1:211203495394:trail": { - "region": "us-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-3:211203495394:trail": { - "region": "ap-northeast-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-south-1:211203495394:trail": { - "region": "ap-south-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-1:211203495394:trail": { - "region": "eu-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:sa-east-1:211203495394:trail": { - "region": "sa-east-1", - "data_events": [], - "tags": [] - } - } - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:ap-south-1:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-south-1" - }, - "remediation": { - "desc": "Enable CloudTrail logging management events in All Regions", - "references": [ - "https://docs.prowler.com/checks/aws/logging-policies/logging_14" - ] - }, - "risk_details": "AWS CloudTrail enables governance, compliance, operational auditing, and risk auditing of your AWS account. To meet FTR requirements, you must have management events enabled for all AWS accounts and in all regions and aggregate these logs into an Amazon Simple Storage Service (Amazon S3) bucket owned by a separate AWS account.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled and logging management events were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled_logging_management_events", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled and logging management events were found.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.prowler.com/checks/aws/logging-policies/logging_14", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-05.02B", - "AM-01.01AC", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-11.02AC", - "OPS-12.01B", - "OPS-13.02B", - "OPS-13.01AC", - "OPS-13.03AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "IAM-07.04B", - "DEV-08.02B", - "SSO-05.01AC", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-04.05B", - "PSS-12.02AC", - "PSS-12.03AC" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR02" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "NIS2": [ - "3.1.2.a", - "3.2.3.c", - "3.4.2.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure CloudTrail logging management events in All Regions", - "title": "Ensure CloudTrail logging management events in All Regions", - "types": [ - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled_logging_management_events-211203495394-ap-southeast-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-southeast-1", - "data": { - "details": "", - "metadata": { - "arn:aws:cloudtrail:ca-central-1:211203495394:trail": { - "region": "ca-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-2:211203495394:trail": { - "region": "us-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-central-1:211203495394:trail": { - "region": "eu-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-2:211203495394:trail": { - "region": "eu-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-3:211203495394:trail": { - "region": "eu-west-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-north-1:211203495394:trail": { - "region": "eu-north-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-1:211203495394:trail": { - "region": "ap-northeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-2:211203495394:trail": { - "region": "ap-northeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-2:211203495394:trail": { - "region": "ap-southeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-1:211203495394:trail": { - "region": "us-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-east-2:211203495394:trail": { - "region": "us-east-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-1:211203495394:trail": { - "region": "ap-southeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-east-1:211203495394:trail": { - "region": "us-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-3:211203495394:trail": { - "region": "ap-northeast-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-south-1:211203495394:trail": { - "region": "ap-south-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-1:211203495394:trail": { - "region": "eu-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:sa-east-1:211203495394:trail": { - "region": "sa-east-1", - "data_events": [], - "tags": [] - } - } - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:ap-southeast-1:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-southeast-1" - }, - "remediation": { - "desc": "Enable CloudTrail logging management events in All Regions", - "references": [ - "https://docs.prowler.com/checks/aws/logging-policies/logging_14" - ] - }, - "risk_details": "AWS CloudTrail enables governance, compliance, operational auditing, and risk auditing of your AWS account. To meet FTR requirements, you must have management events enabled for all AWS accounts and in all regions and aggregate these logs into an Amazon Simple Storage Service (Amazon S3) bucket owned by a separate AWS account.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled and logging management events were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled_logging_management_events", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled and logging management events were found.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.prowler.com/checks/aws/logging-policies/logging_14", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-05.02B", - "AM-01.01AC", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-11.02AC", - "OPS-12.01B", - "OPS-13.02B", - "OPS-13.01AC", - "OPS-13.03AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "IAM-07.04B", - "DEV-08.02B", - "SSO-05.01AC", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-04.05B", - "PSS-12.02AC", - "PSS-12.03AC" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR02" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "NIS2": [ - "3.1.2.a", - "3.2.3.c", - "3.4.2.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure CloudTrail logging management events in All Regions", - "title": "Ensure CloudTrail logging management events in All Regions", - "types": [ - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled_logging_management_events-211203495394-ap-southeast-2-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-southeast-2", - "data": { - "details": "", - "metadata": { - "arn:aws:cloudtrail:ca-central-1:211203495394:trail": { - "region": "ca-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-2:211203495394:trail": { - "region": "us-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-central-1:211203495394:trail": { - "region": "eu-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-2:211203495394:trail": { - "region": "eu-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-3:211203495394:trail": { - "region": "eu-west-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-north-1:211203495394:trail": { - "region": "eu-north-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-1:211203495394:trail": { - "region": "ap-northeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-2:211203495394:trail": { - "region": "ap-northeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-2:211203495394:trail": { - "region": "ap-southeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-1:211203495394:trail": { - "region": "us-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-east-2:211203495394:trail": { - "region": "us-east-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-1:211203495394:trail": { - "region": "ap-southeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-east-1:211203495394:trail": { - "region": "us-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-3:211203495394:trail": { - "region": "ap-northeast-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-south-1:211203495394:trail": { - "region": "ap-south-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-1:211203495394:trail": { - "region": "eu-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:sa-east-1:211203495394:trail": { - "region": "sa-east-1", - "data_events": [], - "tags": [] - } - } - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:ap-southeast-2:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-southeast-2" - }, - "remediation": { - "desc": "Enable CloudTrail logging management events in All Regions", - "references": [ - "https://docs.prowler.com/checks/aws/logging-policies/logging_14" - ] - }, - "risk_details": "AWS CloudTrail enables governance, compliance, operational auditing, and risk auditing of your AWS account. To meet FTR requirements, you must have management events enabled for all AWS accounts and in all regions and aggregate these logs into an Amazon Simple Storage Service (Amazon S3) bucket owned by a separate AWS account.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled and logging management events were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled_logging_management_events", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled and logging management events were found.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.prowler.com/checks/aws/logging-policies/logging_14", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-05.02B", - "AM-01.01AC", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-11.02AC", - "OPS-12.01B", - "OPS-13.02B", - "OPS-13.01AC", - "OPS-13.03AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "IAM-07.04B", - "DEV-08.02B", - "SSO-05.01AC", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-04.05B", - "PSS-12.02AC", - "PSS-12.03AC" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR02" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "NIS2": [ - "3.1.2.a", - "3.2.3.c", - "3.4.2.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure CloudTrail logging management events in All Regions", - "title": "Ensure CloudTrail logging management events in All Regions", - "types": [ - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled_logging_management_events-211203495394-ca-central-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ca-central-1", - "data": { - "details": "", - "metadata": { - "arn:aws:cloudtrail:ca-central-1:211203495394:trail": { - "region": "ca-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-2:211203495394:trail": { - "region": "us-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-central-1:211203495394:trail": { - "region": "eu-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-2:211203495394:trail": { - "region": "eu-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-3:211203495394:trail": { - "region": "eu-west-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-north-1:211203495394:trail": { - "region": "eu-north-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-1:211203495394:trail": { - "region": "ap-northeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-2:211203495394:trail": { - "region": "ap-northeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-2:211203495394:trail": { - "region": "ap-southeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-1:211203495394:trail": { - "region": "us-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-east-2:211203495394:trail": { - "region": "us-east-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-1:211203495394:trail": { - "region": "ap-southeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-east-1:211203495394:trail": { - "region": "us-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-3:211203495394:trail": { - "region": "ap-northeast-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-south-1:211203495394:trail": { - "region": "ap-south-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-1:211203495394:trail": { - "region": "eu-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:sa-east-1:211203495394:trail": { - "region": "sa-east-1", - "data_events": [], - "tags": [] - } - } - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:ca-central-1:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ca-central-1" - }, - "remediation": { - "desc": "Enable CloudTrail logging management events in All Regions", - "references": [ - "https://docs.prowler.com/checks/aws/logging-policies/logging_14" - ] - }, - "risk_details": "AWS CloudTrail enables governance, compliance, operational auditing, and risk auditing of your AWS account. To meet FTR requirements, you must have management events enabled for all AWS accounts and in all regions and aggregate these logs into an Amazon Simple Storage Service (Amazon S3) bucket owned by a separate AWS account.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled and logging management events were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled_logging_management_events", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled and logging management events were found.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.prowler.com/checks/aws/logging-policies/logging_14", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-05.02B", - "AM-01.01AC", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-11.02AC", - "OPS-12.01B", - "OPS-13.02B", - "OPS-13.01AC", - "OPS-13.03AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "IAM-07.04B", - "DEV-08.02B", - "SSO-05.01AC", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-04.05B", - "PSS-12.02AC", - "PSS-12.03AC" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR02" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "NIS2": [ - "3.1.2.a", - "3.2.3.c", - "3.4.2.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure CloudTrail logging management events in All Regions", - "title": "Ensure CloudTrail logging management events in All Regions", - "types": [ - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled_logging_management_events-211203495394-eu-central-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-central-1", - "data": { - "details": "", - "metadata": { - "arn:aws:cloudtrail:ca-central-1:211203495394:trail": { - "region": "ca-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-2:211203495394:trail": { - "region": "us-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-central-1:211203495394:trail": { - "region": "eu-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-2:211203495394:trail": { - "region": "eu-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-3:211203495394:trail": { - "region": "eu-west-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-north-1:211203495394:trail": { - "region": "eu-north-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-1:211203495394:trail": { - "region": "ap-northeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-2:211203495394:trail": { - "region": "ap-northeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-2:211203495394:trail": { - "region": "ap-southeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-1:211203495394:trail": { - "region": "us-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-east-2:211203495394:trail": { - "region": "us-east-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-1:211203495394:trail": { - "region": "ap-southeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-east-1:211203495394:trail": { - "region": "us-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-3:211203495394:trail": { - "region": "ap-northeast-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-south-1:211203495394:trail": { - "region": "ap-south-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-1:211203495394:trail": { - "region": "eu-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:sa-east-1:211203495394:trail": { - "region": "sa-east-1", - "data_events": [], - "tags": [] - } - } - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:eu-central-1:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-central-1" - }, - "remediation": { - "desc": "Enable CloudTrail logging management events in All Regions", - "references": [ - "https://docs.prowler.com/checks/aws/logging-policies/logging_14" - ] - }, - "risk_details": "AWS CloudTrail enables governance, compliance, operational auditing, and risk auditing of your AWS account. To meet FTR requirements, you must have management events enabled for all AWS accounts and in all regions and aggregate these logs into an Amazon Simple Storage Service (Amazon S3) bucket owned by a separate AWS account.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled and logging management events were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled_logging_management_events", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled and logging management events were found.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.prowler.com/checks/aws/logging-policies/logging_14", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-05.02B", - "AM-01.01AC", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-11.02AC", - "OPS-12.01B", - "OPS-13.02B", - "OPS-13.01AC", - "OPS-13.03AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "IAM-07.04B", - "DEV-08.02B", - "SSO-05.01AC", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-04.05B", - "PSS-12.02AC", - "PSS-12.03AC" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR02" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "NIS2": [ - "3.1.2.a", - "3.2.3.c", - "3.4.2.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure CloudTrail logging management events in All Regions", - "title": "Ensure CloudTrail logging management events in All Regions", - "types": [ - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled_logging_management_events-211203495394-eu-north-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-north-1", - "data": { - "details": "", - "metadata": { - "arn:aws:cloudtrail:ca-central-1:211203495394:trail": { - "region": "ca-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-2:211203495394:trail": { - "region": "us-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-central-1:211203495394:trail": { - "region": "eu-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-2:211203495394:trail": { - "region": "eu-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-3:211203495394:trail": { - "region": "eu-west-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-north-1:211203495394:trail": { - "region": "eu-north-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-1:211203495394:trail": { - "region": "ap-northeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-2:211203495394:trail": { - "region": "ap-northeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-2:211203495394:trail": { - "region": "ap-southeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-1:211203495394:trail": { - "region": "us-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-east-2:211203495394:trail": { - "region": "us-east-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-1:211203495394:trail": { - "region": "ap-southeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-east-1:211203495394:trail": { - "region": "us-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-3:211203495394:trail": { - "region": "ap-northeast-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-south-1:211203495394:trail": { - "region": "ap-south-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-1:211203495394:trail": { - "region": "eu-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:sa-east-1:211203495394:trail": { - "region": "sa-east-1", - "data_events": [], - "tags": [] - } - } - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:eu-north-1:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-north-1" - }, - "remediation": { - "desc": "Enable CloudTrail logging management events in All Regions", - "references": [ - "https://docs.prowler.com/checks/aws/logging-policies/logging_14" - ] - }, - "risk_details": "AWS CloudTrail enables governance, compliance, operational auditing, and risk auditing of your AWS account. To meet FTR requirements, you must have management events enabled for all AWS accounts and in all regions and aggregate these logs into an Amazon Simple Storage Service (Amazon S3) bucket owned by a separate AWS account.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled and logging management events were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled_logging_management_events", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled and logging management events were found.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.prowler.com/checks/aws/logging-policies/logging_14", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-05.02B", - "AM-01.01AC", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-11.02AC", - "OPS-12.01B", - "OPS-13.02B", - "OPS-13.01AC", - "OPS-13.03AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "IAM-07.04B", - "DEV-08.02B", - "SSO-05.01AC", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-04.05B", - "PSS-12.02AC", - "PSS-12.03AC" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR02" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "NIS2": [ - "3.1.2.a", - "3.2.3.c", - "3.4.2.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure CloudTrail logging management events in All Regions", - "title": "Ensure CloudTrail logging management events in All Regions", - "types": [ - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled_logging_management_events-211203495394-eu-west-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn:aws:cloudtrail:ca-central-1:211203495394:trail": { - "region": "ca-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-2:211203495394:trail": { - "region": "us-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-central-1:211203495394:trail": { - "region": "eu-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-2:211203495394:trail": { - "region": "eu-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-3:211203495394:trail": { - "region": "eu-west-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-north-1:211203495394:trail": { - "region": "eu-north-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-1:211203495394:trail": { - "region": "ap-northeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-2:211203495394:trail": { - "region": "ap-northeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-2:211203495394:trail": { - "region": "ap-southeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-1:211203495394:trail": { - "region": "us-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-east-2:211203495394:trail": { - "region": "us-east-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-1:211203495394:trail": { - "region": "ap-southeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-east-1:211203495394:trail": { - "region": "us-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-3:211203495394:trail": { - "region": "ap-northeast-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-south-1:211203495394:trail": { - "region": "ap-south-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-1:211203495394:trail": { - "region": "eu-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:sa-east-1:211203495394:trail": { - "region": "sa-east-1", - "data_events": [], - "tags": [] - } - } - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:eu-west-1:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Enable CloudTrail logging management events in All Regions", - "references": [ - "https://docs.prowler.com/checks/aws/logging-policies/logging_14" - ] - }, - "risk_details": "AWS CloudTrail enables governance, compliance, operational auditing, and risk auditing of your AWS account. To meet FTR requirements, you must have management events enabled for all AWS accounts and in all regions and aggregate these logs into an Amazon Simple Storage Service (Amazon S3) bucket owned by a separate AWS account.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled and logging management events were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled_logging_management_events", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled and logging management events were found.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.prowler.com/checks/aws/logging-policies/logging_14", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-05.02B", - "AM-01.01AC", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-11.02AC", - "OPS-12.01B", - "OPS-13.02B", - "OPS-13.01AC", - "OPS-13.03AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "IAM-07.04B", - "DEV-08.02B", - "SSO-05.01AC", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-04.05B", - "PSS-12.02AC", - "PSS-12.03AC" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR02" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "NIS2": [ - "3.1.2.a", - "3.2.3.c", - "3.4.2.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure CloudTrail logging management events in All Regions", - "title": "Ensure CloudTrail logging management events in All Regions", - "types": [ - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled_logging_management_events-211203495394-eu-west-2-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-2", - "data": { - "details": "", - "metadata": { - "arn:aws:cloudtrail:ca-central-1:211203495394:trail": { - "region": "ca-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-2:211203495394:trail": { - "region": "us-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-central-1:211203495394:trail": { - "region": "eu-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-2:211203495394:trail": { - "region": "eu-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-3:211203495394:trail": { - "region": "eu-west-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-north-1:211203495394:trail": { - "region": "eu-north-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-1:211203495394:trail": { - "region": "ap-northeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-2:211203495394:trail": { - "region": "ap-northeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-2:211203495394:trail": { - "region": "ap-southeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-1:211203495394:trail": { - "region": "us-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-east-2:211203495394:trail": { - "region": "us-east-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-1:211203495394:trail": { - "region": "ap-southeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-east-1:211203495394:trail": { - "region": "us-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-3:211203495394:trail": { - "region": "ap-northeast-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-south-1:211203495394:trail": { - "region": "ap-south-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-1:211203495394:trail": { - "region": "eu-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:sa-east-1:211203495394:trail": { - "region": "sa-east-1", - "data_events": [], - "tags": [] - } - } - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:eu-west-2:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-2" - }, - "remediation": { - "desc": "Enable CloudTrail logging management events in All Regions", - "references": [ - "https://docs.prowler.com/checks/aws/logging-policies/logging_14" - ] - }, - "risk_details": "AWS CloudTrail enables governance, compliance, operational auditing, and risk auditing of your AWS account. To meet FTR requirements, you must have management events enabled for all AWS accounts and in all regions and aggregate these logs into an Amazon Simple Storage Service (Amazon S3) bucket owned by a separate AWS account.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled and logging management events were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled_logging_management_events", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled and logging management events were found.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.prowler.com/checks/aws/logging-policies/logging_14", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-05.02B", - "AM-01.01AC", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-11.02AC", - "OPS-12.01B", - "OPS-13.02B", - "OPS-13.01AC", - "OPS-13.03AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "IAM-07.04B", - "DEV-08.02B", - "SSO-05.01AC", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-04.05B", - "PSS-12.02AC", - "PSS-12.03AC" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR02" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "NIS2": [ - "3.1.2.a", - "3.2.3.c", - "3.4.2.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure CloudTrail logging management events in All Regions", - "title": "Ensure CloudTrail logging management events in All Regions", - "types": [ - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled_logging_management_events-211203495394-eu-west-3-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-3", - "data": { - "details": "", - "metadata": { - "arn:aws:cloudtrail:ca-central-1:211203495394:trail": { - "region": "ca-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-2:211203495394:trail": { - "region": "us-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-central-1:211203495394:trail": { - "region": "eu-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-2:211203495394:trail": { - "region": "eu-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-3:211203495394:trail": { - "region": "eu-west-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-north-1:211203495394:trail": { - "region": "eu-north-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-1:211203495394:trail": { - "region": "ap-northeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-2:211203495394:trail": { - "region": "ap-northeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-2:211203495394:trail": { - "region": "ap-southeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-1:211203495394:trail": { - "region": "us-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-east-2:211203495394:trail": { - "region": "us-east-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-1:211203495394:trail": { - "region": "ap-southeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-east-1:211203495394:trail": { - "region": "us-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-3:211203495394:trail": { - "region": "ap-northeast-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-south-1:211203495394:trail": { - "region": "ap-south-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-1:211203495394:trail": { - "region": "eu-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:sa-east-1:211203495394:trail": { - "region": "sa-east-1", - "data_events": [], - "tags": [] - } - } - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:eu-west-3:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-3" - }, - "remediation": { - "desc": "Enable CloudTrail logging management events in All Regions", - "references": [ - "https://docs.prowler.com/checks/aws/logging-policies/logging_14" - ] - }, - "risk_details": "AWS CloudTrail enables governance, compliance, operational auditing, and risk auditing of your AWS account. To meet FTR requirements, you must have management events enabled for all AWS accounts and in all regions and aggregate these logs into an Amazon Simple Storage Service (Amazon S3) bucket owned by a separate AWS account.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled and logging management events were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled_logging_management_events", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled and logging management events were found.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.prowler.com/checks/aws/logging-policies/logging_14", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-05.02B", - "AM-01.01AC", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-11.02AC", - "OPS-12.01B", - "OPS-13.02B", - "OPS-13.01AC", - "OPS-13.03AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "IAM-07.04B", - "DEV-08.02B", - "SSO-05.01AC", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-04.05B", - "PSS-12.02AC", - "PSS-12.03AC" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR02" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "NIS2": [ - "3.1.2.a", - "3.2.3.c", - "3.4.2.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure CloudTrail logging management events in All Regions", - "title": "Ensure CloudTrail logging management events in All Regions", - "types": [ - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled_logging_management_events-211203495394-sa-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "sa-east-1", - "data": { - "details": "", - "metadata": { - "arn:aws:cloudtrail:ca-central-1:211203495394:trail": { - "region": "ca-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-2:211203495394:trail": { - "region": "us-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-central-1:211203495394:trail": { - "region": "eu-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-2:211203495394:trail": { - "region": "eu-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-3:211203495394:trail": { - "region": "eu-west-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-north-1:211203495394:trail": { - "region": "eu-north-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-1:211203495394:trail": { - "region": "ap-northeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-2:211203495394:trail": { - "region": "ap-northeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-2:211203495394:trail": { - "region": "ap-southeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-1:211203495394:trail": { - "region": "us-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-east-2:211203495394:trail": { - "region": "us-east-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-1:211203495394:trail": { - "region": "ap-southeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-east-1:211203495394:trail": { - "region": "us-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-3:211203495394:trail": { - "region": "ap-northeast-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-south-1:211203495394:trail": { - "region": "ap-south-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-1:211203495394:trail": { - "region": "eu-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:sa-east-1:211203495394:trail": { - "region": "sa-east-1", - "data_events": [], - "tags": [] - } - } - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:sa-east-1:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "sa-east-1" - }, - "remediation": { - "desc": "Enable CloudTrail logging management events in All Regions", - "references": [ - "https://docs.prowler.com/checks/aws/logging-policies/logging_14" - ] - }, - "risk_details": "AWS CloudTrail enables governance, compliance, operational auditing, and risk auditing of your AWS account. To meet FTR requirements, you must have management events enabled for all AWS accounts and in all regions and aggregate these logs into an Amazon Simple Storage Service (Amazon S3) bucket owned by a separate AWS account.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled and logging management events were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled_logging_management_events", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled and logging management events were found.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.prowler.com/checks/aws/logging-policies/logging_14", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-05.02B", - "AM-01.01AC", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-11.02AC", - "OPS-12.01B", - "OPS-13.02B", - "OPS-13.01AC", - "OPS-13.03AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "IAM-07.04B", - "DEV-08.02B", - "SSO-05.01AC", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-04.05B", - "PSS-12.02AC", - "PSS-12.03AC" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR02" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "NIS2": [ - "3.1.2.a", - "3.2.3.c", - "3.4.2.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure CloudTrail logging management events in All Regions", - "title": "Ensure CloudTrail logging management events in All Regions", - "types": [ - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled_logging_management_events-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn:aws:cloudtrail:ca-central-1:211203495394:trail": { - "region": "ca-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-2:211203495394:trail": { - "region": "us-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-central-1:211203495394:trail": { - "region": "eu-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-2:211203495394:trail": { - "region": "eu-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-3:211203495394:trail": { - "region": "eu-west-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-north-1:211203495394:trail": { - "region": "eu-north-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-1:211203495394:trail": { - "region": "ap-northeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-2:211203495394:trail": { - "region": "ap-northeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-2:211203495394:trail": { - "region": "ap-southeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-1:211203495394:trail": { - "region": "us-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-east-2:211203495394:trail": { - "region": "us-east-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-1:211203495394:trail": { - "region": "ap-southeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-east-1:211203495394:trail": { - "region": "us-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-3:211203495394:trail": { - "region": "ap-northeast-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-south-1:211203495394:trail": { - "region": "ap-south-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-1:211203495394:trail": { - "region": "eu-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:sa-east-1:211203495394:trail": { - "region": "sa-east-1", - "data_events": [], - "tags": [] - } - } - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:us-east-1:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Enable CloudTrail logging management events in All Regions", - "references": [ - "https://docs.prowler.com/checks/aws/logging-policies/logging_14" - ] - }, - "risk_details": "AWS CloudTrail enables governance, compliance, operational auditing, and risk auditing of your AWS account. To meet FTR requirements, you must have management events enabled for all AWS accounts and in all regions and aggregate these logs into an Amazon Simple Storage Service (Amazon S3) bucket owned by a separate AWS account.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled and logging management events were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled_logging_management_events", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled and logging management events were found.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.prowler.com/checks/aws/logging-policies/logging_14", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-05.02B", - "AM-01.01AC", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-11.02AC", - "OPS-12.01B", - "OPS-13.02B", - "OPS-13.01AC", - "OPS-13.03AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "IAM-07.04B", - "DEV-08.02B", - "SSO-05.01AC", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-04.05B", - "PSS-12.02AC", - "PSS-12.03AC" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR02" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "NIS2": [ - "3.1.2.a", - "3.2.3.c", - "3.4.2.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure CloudTrail logging management events in All Regions", - "title": "Ensure CloudTrail logging management events in All Regions", - "types": [ - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled_logging_management_events-211203495394-us-east-2-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-2", - "data": { - "details": "", - "metadata": { - "arn:aws:cloudtrail:ca-central-1:211203495394:trail": { - "region": "ca-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-2:211203495394:trail": { - "region": "us-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-central-1:211203495394:trail": { - "region": "eu-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-2:211203495394:trail": { - "region": "eu-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-3:211203495394:trail": { - "region": "eu-west-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-north-1:211203495394:trail": { - "region": "eu-north-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-1:211203495394:trail": { - "region": "ap-northeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-2:211203495394:trail": { - "region": "ap-northeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-2:211203495394:trail": { - "region": "ap-southeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-1:211203495394:trail": { - "region": "us-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-east-2:211203495394:trail": { - "region": "us-east-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-1:211203495394:trail": { - "region": "ap-southeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-east-1:211203495394:trail": { - "region": "us-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-3:211203495394:trail": { - "region": "ap-northeast-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-south-1:211203495394:trail": { - "region": "ap-south-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-1:211203495394:trail": { - "region": "eu-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:sa-east-1:211203495394:trail": { - "region": "sa-east-1", - "data_events": [], - "tags": [] - } - } - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:us-east-2:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-2" - }, - "remediation": { - "desc": "Enable CloudTrail logging management events in All Regions", - "references": [ - "https://docs.prowler.com/checks/aws/logging-policies/logging_14" - ] - }, - "risk_details": "AWS CloudTrail enables governance, compliance, operational auditing, and risk auditing of your AWS account. To meet FTR requirements, you must have management events enabled for all AWS accounts and in all regions and aggregate these logs into an Amazon Simple Storage Service (Amazon S3) bucket owned by a separate AWS account.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled and logging management events were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled_logging_management_events", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled and logging management events were found.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.prowler.com/checks/aws/logging-policies/logging_14", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-05.02B", - "AM-01.01AC", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-11.02AC", - "OPS-12.01B", - "OPS-13.02B", - "OPS-13.01AC", - "OPS-13.03AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "IAM-07.04B", - "DEV-08.02B", - "SSO-05.01AC", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-04.05B", - "PSS-12.02AC", - "PSS-12.03AC" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR02" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "NIS2": [ - "3.1.2.a", - "3.2.3.c", - "3.4.2.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure CloudTrail logging management events in All Regions", - "title": "Ensure CloudTrail logging management events in All Regions", - "types": [ - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled_logging_management_events-211203495394-us-west-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-west-1", - "data": { - "details": "", - "metadata": { - "arn:aws:cloudtrail:ca-central-1:211203495394:trail": { - "region": "ca-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-2:211203495394:trail": { - "region": "us-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-central-1:211203495394:trail": { - "region": "eu-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-2:211203495394:trail": { - "region": "eu-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-3:211203495394:trail": { - "region": "eu-west-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-north-1:211203495394:trail": { - "region": "eu-north-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-1:211203495394:trail": { - "region": "ap-northeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-2:211203495394:trail": { - "region": "ap-northeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-2:211203495394:trail": { - "region": "ap-southeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-1:211203495394:trail": { - "region": "us-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-east-2:211203495394:trail": { - "region": "us-east-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-1:211203495394:trail": { - "region": "ap-southeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-east-1:211203495394:trail": { - "region": "us-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-3:211203495394:trail": { - "region": "ap-northeast-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-south-1:211203495394:trail": { - "region": "ap-south-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-1:211203495394:trail": { - "region": "eu-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:sa-east-1:211203495394:trail": { - "region": "sa-east-1", - "data_events": [], - "tags": [] - } - } - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:us-west-1:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-west-1" - }, - "remediation": { - "desc": "Enable CloudTrail logging management events in All Regions", - "references": [ - "https://docs.prowler.com/checks/aws/logging-policies/logging_14" - ] - }, - "risk_details": "AWS CloudTrail enables governance, compliance, operational auditing, and risk auditing of your AWS account. To meet FTR requirements, you must have management events enabled for all AWS accounts and in all regions and aggregate these logs into an Amazon Simple Storage Service (Amazon S3) bucket owned by a separate AWS account.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled and logging management events were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled_logging_management_events", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled and logging management events were found.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.prowler.com/checks/aws/logging-policies/logging_14", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-05.02B", - "AM-01.01AC", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-11.02AC", - "OPS-12.01B", - "OPS-13.02B", - "OPS-13.01AC", - "OPS-13.03AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "IAM-07.04B", - "DEV-08.02B", - "SSO-05.01AC", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-04.05B", - "PSS-12.02AC", - "PSS-12.03AC" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR02" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "NIS2": [ - "3.1.2.a", - "3.2.3.c", - "3.4.2.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure CloudTrail logging management events in All Regions", - "title": "Ensure CloudTrail logging management events in All Regions", - "types": [ - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled_logging_management_events-211203495394-us-west-2-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-west-2", - "data": { - "details": "", - "metadata": { - "arn:aws:cloudtrail:ca-central-1:211203495394:trail": { - "region": "ca-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-2:211203495394:trail": { - "region": "us-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-central-1:211203495394:trail": { - "region": "eu-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-2:211203495394:trail": { - "region": "eu-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-3:211203495394:trail": { - "region": "eu-west-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-north-1:211203495394:trail": { - "region": "eu-north-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-1:211203495394:trail": { - "region": "ap-northeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-2:211203495394:trail": { - "region": "ap-northeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-2:211203495394:trail": { - "region": "ap-southeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-1:211203495394:trail": { - "region": "us-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-east-2:211203495394:trail": { - "region": "us-east-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-1:211203495394:trail": { - "region": "ap-southeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-east-1:211203495394:trail": { - "region": "us-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-3:211203495394:trail": { - "region": "ap-northeast-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-south-1:211203495394:trail": { - "region": "ap-south-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-1:211203495394:trail": { - "region": "eu-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:sa-east-1:211203495394:trail": { - "region": "sa-east-1", - "data_events": [], - "tags": [] - } - } - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:us-west-2:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-west-2" - }, - "remediation": { - "desc": "Enable CloudTrail logging management events in All Regions", - "references": [ - "https://docs.prowler.com/checks/aws/logging-policies/logging_14" - ] - }, - "risk_details": "AWS CloudTrail enables governance, compliance, operational auditing, and risk auditing of your AWS account. To meet FTR requirements, you must have management events enabled for all AWS accounts and in all regions and aggregate these logs into an Amazon Simple Storage Service (Amazon S3) bucket owned by a separate AWS account.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails have a data event to record all S3 object-level API operations.", - "metadata": { - "event_code": "cloudtrail_s3_dataevents_read_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails have a data event to record all S3 object-level API operations.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_12", - "3_3_1", - "3_3_2", - "3_3_3", - "3_13_1", - "3_14_6", - "3_14_7" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_4" - ], - "HIPAA": [ - "164_308_a_1_ii_d", - "164_308_a_3_ii_a", - "164_308_a_6_ii", - "164_312_a_2_i", - "164_312_b", - "164_312_e_2_i" - ], - "SOC2": [ - "cc_2_1", - "cc_7_2" - ], - "C5-2025": [ - "AM-01.01AC", - "OPS-11.02AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "IAM-07.04B", - "SSO-05.01AC", - "SIM-03.07B", - "COM-04.01AC", - "PSS-04.05B", - "PSS-12.03AC" - ], - "NIST-CSF-1.1": [ - "ae_3", - "ae_4", - "cm_1", - "cm_3", - "cm_6", - "cm_7", - "ds_5" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-4", - "ac-2-g", - "au-2-a-d", - "au-3", - "au-6-1-3", - "au-12-a-c", - "ca-7-a-b", - "si-4-16", - "si-4-2", - "si-4-4", - "si-4-5" - ], - "CIS-3.0": [ - "3.9" - ], - "NIST-800-53-Revision-5": [ - "ac_2_4", - "ac_3_1", - "ac_3_10", - "ac_4_26", - "ac_6_9", - "au_2_b", - "au_3_a", - "au_3_b", - "au_3_c", - "au_3_d", - "au_3_e", - "au_3_f", - "au_6_3", - "au_6_4", - "au_6_6", - "au_6_9", - "au_8_b", - "au_10", - "au_12_a", - "au_12_c", - "au_12_1", - "au_12_2", - "au_12_3", - "au_12_4", - "au_14_a", - "au_14_b", - "au_14_3", - "ca_7_b", - "cm_5_1_b", - "cm_6_a", - "cm_9_b", - "ia_3_3_b", - "ma_4_1_a", - "pm_14_a_1", - "pm_14_b", - "pm_31", - "sc_7_9_b", - "si_1_1_c", - "si_3_8_b", - "si_4_2", - "si_4_17", - "si_4_20", - "si_7_8", - "si_10_1_c" - ], - "ENS-RD2022": [ - "op.exp.8.r1.aws.ct.2", - "op.exp.8.r1.aws.ct.3", - "op.exp.8.r1.aws.ct.4" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "3.9" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "au-2", - "ca-7" - ], - "FFIEC": [ - "d2-ma-ma-b-1", - "d2-ma-ma-b-2", - "d3-dc-an-b-3", - "d3-dc-an-b-4", - "d3-dc-ev-b-1", - "d5-dr-de-b-3" - ], - "GDPR": [ - "article_30" - ], - "PCI-3.2.1": [ - "10.1", - "10.2", - "10.2.1", - "10.2.2", - "10.2.3", - "10.2.4", - "10.2.6", - "10.2.7", - "10.3", - "10.3.1", - "10.3.2", - "10.3.3", - "10.3.4", - "10.3.5", - "10.3.6", - "10.5", - "10.5.4" - ], - "CIS-5.0": [ - "3.9" - ], - "CIS-1.4": [ - "3.11" - ], - "GxP-EU-Annex-11": [ - "8.2-printouts-data-changes", - "9-audit-trails", - "12.4-security-audit-trail" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.ObjStor.CN06.AR01", - "CCC.Core.CN09.AR01", - "CCC.Core.CN09.AR02", - "CCC.Core.CN09.AR03", - "CCC.Core.CN04.AR02", - "CCC.Core.CN04.AR03" - ], - "GxP-21-CFR-Part-11": [ - "11.10-e", - "11.10-k" - ], - "ProwlerThreatScore-1.0": [ - "3.1.6" - ], - "CIS-1.5": [ - "3.11" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP01" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "NIST-800-53-Revision-4": [ - "ac_2", - "au_2", - "au_3", - "au_12" - ], - "AWS-Account-Security-Onboarding": [ - "Confirm that logs are present in S3 bucket and SIEM" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CIS-2.0": [ - "3.11" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ], - "NIS2": [ - "3.2.3.c", - "3.2.3.g", - "3.4.2.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure that all your AWS CloudTrail trails are configured to log Data events in order to record S3 object-level API operations, such as GetObject, DeleteObject and PutObject, for individual S3 buckets or for all current and future S3 buckets provisioned in your AWS account.", - "title": "Check if S3 buckets have Object-level logging for read events is enabled in CloudTrail.", - "types": [ - "Logging and Monitoring" - ], - "uid": "prowler-aws-cloudtrail_s3_dataevents_read_enabled-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn:aws:cloudtrail:ca-central-1:211203495394:trail": { - "region": "ca-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-2:211203495394:trail": { - "region": "us-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-central-1:211203495394:trail": { - "region": "eu-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-2:211203495394:trail": { - "region": "eu-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-3:211203495394:trail": { - "region": "eu-west-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-north-1:211203495394:trail": { - "region": "eu-north-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-1:211203495394:trail": { - "region": "ap-northeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-2:211203495394:trail": { - "region": "ap-northeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-2:211203495394:trail": { - "region": "ap-southeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-1:211203495394:trail": { - "region": "us-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-east-2:211203495394:trail": { - "region": "us-east-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-1:211203495394:trail": { - "region": "ap-southeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-east-1:211203495394:trail": { - "region": "us-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-3:211203495394:trail": { - "region": "ap-northeast-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-south-1:211203495394:trail": { - "region": "ap-south-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-1:211203495394:trail": { - "region": "eu-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:sa-east-1:211203495394:trail": { - "region": "sa-east-1", - "data_events": [], - "tags": [] - } - } - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:us-east-1:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Enable logs. Create an S3 lifecycle policy. Define use cases, metrics and automated responses where applicable.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/enable-cloudtrail-logging-for-s3.html" - ] - }, - "risk_details": "If logs are not enabled, monitoring of service use and threat analysis is not possible.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails have a data event to record all S3 object-level API operations.", - "metadata": { - "event_code": "cloudtrail_s3_dataevents_write_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails have a data event to record all S3 object-level API operations.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_12", - "3_3_1", - "3_3_2", - "3_3_3", - "3_13_1", - "3_14_6", - "3_14_7" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_4" - ], - "HIPAA": [ - "164_308_a_1_ii_d", - "164_308_a_3_ii_a", - "164_308_a_6_ii", - "164_312_a_2_i", - "164_312_b", - "164_312_e_2_i" - ], - "SOC2": [ - "cc_2_1", - "cc_7_2" - ], - "C5-2025": [ - "OPS-11.02AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "IAM-07.04B", - "SSO-05.01AC", - "SIM-03.07B", - "COM-04.01AC", - "PSS-04.05B", - "PSS-12.03AC" - ], - "NIST-CSF-1.1": [ - "ae_3", - "ae_4", - "cm_1", - "cm_3", - "cm_6", - "cm_7", - "ds_5" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-4", - "ac-2-g", - "au-2-a-d", - "au-3", - "au-6-1-3", - "au-12-a-c", - "ca-7-a-b", - "si-4-16", - "si-4-2", - "si-4-4", - "si-4-5" - ], - "CIS-3.0": [ - "3.8" - ], - "NIST-800-53-Revision-5": [ - "ac_2_4", - "ac_3_1", - "ac_3_10", - "ac_4_26", - "ac_6_9", - "au_2_b", - "au_3_a", - "au_3_b", - "au_3_c", - "au_3_d", - "au_3_e", - "au_3_f", - "au_6_3", - "au_6_4", - "au_6_6", - "au_6_9", - "au_8_b", - "au_10", - "au_12_a", - "au_12_c", - "au_12_1", - "au_12_2", - "au_12_3", - "au_12_4", - "au_14_a", - "au_14_b", - "au_14_3", - "ca_7_b", - "cm_5_1_b", - "cm_6_a", - "cm_9_b", - "ia_3_3_b", - "ma_4_1_a", - "pm_14_a_1", - "pm_14_b", - "pm_31", - "sc_7_9_b", - "si_1_1_c", - "si_3_8_b", - "si_4_2", - "si_4_17", - "si_4_20", - "si_7_8", - "si_10_1_c" - ], - "ENS-RD2022": [ - "op.exp.8.aws.ct.4", - "op.exp.8.r1.aws.ct.2", - "op.exp.8.r1.aws.ct.3", - "op.exp.8.r1.aws.ct.4" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "3.8" - ], - "PCI-4.0": [ - "10.2.1.1.7", - "10.2.1.2.7", - "10.2.1.3.7", - "10.2.1.4.7", - "10.2.1.5.7", - "10.2.1.6.7", - "10.2.1.7.7", - "10.2.1.7", - "10.2.2.7", - "10.3.1.7", - "10.6.3.7", - "5.3.4.7", - "A1.2.1.7" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "au-2", - "ca-7" - ], - "FFIEC": [ - "d2-ma-ma-b-1", - "d2-ma-ma-b-2", - "d3-dc-an-b-3", - "d3-dc-an-b-4", - "d3-dc-ev-b-1", - "d5-dr-de-b-3" - ], - "GDPR": [ - "article_30" - ], - "CIS-5.0": [ - "3.8" - ], - "CIS-1.4": [ - "3.10" - ], - "GxP-EU-Annex-11": [ - "8.2-printouts-data-changes", - "9-audit-trails", - "12.4-security-audit-trail" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Core.CN09.AR01", - "CCC.Core.CN09.AR02", - "CCC.Core.CN09.AR03", - "CCC.Core.CN04.AR02", - "CCC.Core.CN04.AR03" - ], - "GxP-21-CFR-Part-11": [ - "11.10-e", - "11.10-k" - ], - "ProwlerThreatScore-1.0": [ - "3.1.5" - ], - "CIS-1.5": [ - "3.10" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP01" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "NIST-800-53-Revision-4": [ - "ac_2", - "au_2", - "au_3", - "au_12" - ], - "AWS-Account-Security-Onboarding": [ - "Send S3 access logs for critical buckets to separate S3 bucket", - "Confirm that logs are present in S3 bucket and SIEM" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CIS-2.0": [ - "3.10" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ], - "NIS2": [ - "3.2.3.c", - "3.2.3.g" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure that all your AWS CloudTrail trails are configured to log Data events in order to record S3 object-level API operations, such as GetObject, DeleteObject and PutObject, for individual S3 buckets or for all current and future S3 buckets provisioned in your AWS account.", - "title": "Check if S3 buckets have Object-level logging for write events is enabled in CloudTrail.", - "types": [ - "Logging and Monitoring" - ], - "uid": "prowler-aws-cloudtrail_s3_dataevents_write_enabled-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn:aws:cloudtrail:ca-central-1:211203495394:trail": { - "region": "ca-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-2:211203495394:trail": { - "region": "us-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-central-1:211203495394:trail": { - "region": "eu-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-2:211203495394:trail": { - "region": "eu-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-3:211203495394:trail": { - "region": "eu-west-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-north-1:211203495394:trail": { - "region": "eu-north-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-1:211203495394:trail": { - "region": "ap-northeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-2:211203495394:trail": { - "region": "ap-northeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-2:211203495394:trail": { - "region": "ap-southeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-1:211203495394:trail": { - "region": "us-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-east-2:211203495394:trail": { - "region": "us-east-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-1:211203495394:trail": { - "region": "ap-southeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-east-1:211203495394:trail": { - "region": "us-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-3:211203495394:trail": { - "region": "ap-northeast-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-south-1:211203495394:trail": { - "region": "ap-south-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-1:211203495394:trail": { - "region": "eu-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:sa-east-1:211203495394:trail": { - "region": "sa-east-1", - "data_events": [], - "tags": [] - } - } - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:us-east-1:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Enable logs. Create an S3 lifecycle policy. Define use cases, metrics and automated responses where applicable.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/enable-cloudtrail-logging-for-s3.html" - ] - }, - "risk_details": "If logs are not enabled, monitoring of service use and threat analysis is not possible.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudWatch log groups found with metric filters or alarms associated.", - "metadata": { - "event_code": "cloudwatch_changes_to_network_acls_alarm_configured", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudWatch log groups found with metric filters or alarms associated.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Logging and Monitoring", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_6_1", - "3_6_2", - "3_12_4" - ], - "HIPAA": [ - "164_308_a_6_i" - ], - "SOC2": [ - "cc_5_2", - "cc_7_2", - "cc_7_3", - "cc_7_4" - ], - "C5-2025": [ - "OIS-04.03B", - "OIS-04.01AC", - "OIS-04.02AC", - "HR-03.02AC", - "AM-09.03AC", - "OPS-11.02AC", - "OPS-13.03AC", - "OPS-26.05B", - "OPS-26.01AS", - "OPS-26.06B", - "PSS-04.01B" - ], - "NIST-CSF-1.1": [ - "ae_5", - "cm_2", - "cm_5", - "cp_4", - "ra_5" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-4", - "au-6-1-3", - "au-7-1", - "ca-7-a-b", - "ir-4-1", - "ir-4-1", - "si-4-2", - "si-4-4", - "si-4-5", - "si-4-a-b-c" - ], - "CIS-3.0": [ - "4.11" - ], - "NIST-800-53-Revision-5": [ - "au_6_1", - "au_6_5", - "au_12_3", - "au_14_a", - "au_14_b", - "ca_2_2", - "ca_7", - "ca_7_b", - "pm_14_a_1", - "pm_14_b", - "pm_31", - "sc_36_1_a", - "si_2_a", - "si_4_12", - "si_5_1", - "si_5_b" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "4.11" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "ca-7", - "ir-4" - ], - "FFIEC": [ - "d5-dr-de-b-1", - "d5-dr-de-b-3" - ], - "CIS-5.0": [ - "4.11" - ], - "CIS-1.4": [ - "4.11" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR02", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN02.AR01", - "CCC.Core.CN09.AR03", - "CCC.Core.CN04.AR01" - ], - "ProwlerThreatScore-1.0": [ - "3.3.12" - ], - "CIS-1.5": [ - "4.11" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP04" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "NIST-800-53-Revision-4": [ - "ac_2_4", - "au_6_1", - "au_6_3", - "au_7_1", - "ca_7", - "ir_4_1", - "si_4_2", - "si_4_4", - "si_4_5", - "si_4" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1496" - ], - "CIS-2.0": [ - "4.11" - ], - "NIS2": [ - "2.2.3", - "3.2.3.a", - "3.2.3.c", - "3.2.3.f", - "6.4.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure a log metric filter and alarm exist for changes to Network Access Control Lists (NACL).", - "title": "Ensure a log metric filter and alarm exist for changes to Network Access Control Lists (NACL).", - "types": [ - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudwatch_changes_to_network_acls_alarm_configured-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudwatch" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudWatchAlarm", - "uid": "arn:aws:logs:us-east-1:211203495394:log-group" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "It is recommended that a metric filter and alarm be established for unauthorized requests.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html" - ] - }, - "risk_details": "Monitoring unauthorized API calls will help reveal application errors and may reduce time to detect malicious activity.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudWatch log groups found with metric filters or alarms associated.", - "metadata": { - "event_code": "cloudwatch_changes_to_network_gateways_alarm_configured", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudWatch log groups found with metric filters or alarms associated.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Logging and Monitoring", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_6_1", - "3_6_2", - "3_12_4" - ], - "HIPAA": [ - "164_308_a_6_i" - ], - "SOC2": [ - "cc_5_2", - "cc_7_2", - "cc_7_3", - "cc_7_4" - ], - "C5-2025": [ - "OIS-04.03B", - "OIS-04.01AC", - "OIS-04.02AC", - "HR-03.02AC", - "AM-09.03AC", - "OPS-11.02AC", - "OPS-13.03AC", - "OPS-26.05B", - "OPS-26.01AS", - "OPS-26.06B", - "COS-03.02B", - "PSS-04.01B" - ], - "NIST-CSF-1.1": [ - "ae_5", - "cm_2", - "cm_5", - "cp_4", - "ra_5" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-4", - "au-6-1-3", - "au-7-1", - "ca-7-a-b", - "ir-4-1", - "ir-4-1", - "si-4-2", - "si-4-4", - "si-4-5", - "si-4-a-b-c" - ], - "CIS-3.0": [ - "4.12" - ], - "NIST-800-53-Revision-5": [ - "au_6_1", - "au_6_5", - "au_12_3", - "au_14_a", - "au_14_b", - "ca_2_2", - "ca_7", - "ca_7_b", - "pm_14_a_1", - "pm_14_b", - "pm_31", - "sc_36_1_a", - "si_2_a", - "si_4_12", - "si_5_1", - "si_5_b" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "4.12" - ], - "FedRAMP-Low-Revision-4": [ - "ir-4" - ], - "FFIEC": [ - "d5-dr-de-b-1", - "d5-dr-de-b-3" - ], - "CIS-5.0": [ - "4.12" - ], - "CIS-1.4": [ - "4.12" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR02", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN02.AR01", - "CCC.Core.CN09.AR03", - "CCC.Core.CN04.AR01" - ], - "ProwlerThreatScore-1.0": [ - "3.3.13" - ], - "CIS-1.5": [ - "4.12" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP04" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "NIST-800-53-Revision-4": [ - "ac_2_4", - "au_6_1", - "au_6_3", - "au_7_1", - "ca_7", - "ir_4_1", - "si_4_2", - "si_4_4", - "si_4_5", - "si_4" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1496" - ], - "CIS-2.0": [ - "4.12" - ], - "NIS2": [ - "2.2.3", - "3.2.3.a", - "3.2.3.c", - "3.2.3.f", - "3.2.4", - "6.4.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure a log metric filter and alarm exist for changes to network gateways.", - "title": "Ensure a log metric filter and alarm exist for changes to network gateways.", - "types": [ - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudwatch_changes_to_network_gateways_alarm_configured-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudwatch" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudWatchAlarm", - "uid": "arn:aws:logs:us-east-1:211203495394:log-group" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "It is recommended that a metric filter and alarm be established for unauthorized requests.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html" - ] - }, - "risk_details": "Monitoring unauthorized API calls will help reveal application errors and may reduce time to detect malicious activity.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudWatch log groups found with metric filters or alarms associated.", - "metadata": { - "event_code": "cloudwatch_changes_to_network_route_tables_alarm_configured", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudWatch log groups found with metric filters or alarms associated.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_6_1", - "3_6_2", - "3_12_4" - ], - "HIPAA": [ - "164_308_a_6_i" - ], - "SOC2": [ - "cc_5_2", - "cc_7_2", - "cc_7_3", - "cc_7_4" - ], - "C5-2025": [ - "OIS-04.03B", - "OIS-04.01AC", - "OIS-04.02AC", - "HR-03.02AC", - "AM-09.03AC", - "OPS-13.03AC", - "OPS-26.06B", - "COS-03.02B", - "PSS-04.01B" - ], - "NIST-CSF-1.1": [ - "ae_5", - "cm_2", - "cm_5", - "cp_4", - "ra_5" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-4", - "au-6-1-3", - "au-7-1", - "ca-7-a-b", - "ir-4-1", - "ir-4-1", - "si-4-2", - "si-4-4", - "si-4-5", - "si-4-a-b-c" - ], - "CIS-3.0": [ - "4.13" - ], - "NIST-800-53-Revision-5": [ - "au_6_1", - "au_6_5", - "au_12_3", - "au_14_a", - "au_14_b", - "ca_2_2", - "ca_7", - "ca_7_b", - "pm_14_a_1", - "pm_14_b", - "pm_31", - "sc_36_1_a", - "si_2_a", - "si_4_12", - "si_5_1", - "si_5_b" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "4.13" - ], - "FedRAMP-Low-Revision-4": [ - "ir-4" - ], - "FFIEC": [ - "d5-dr-de-b-1", - "d5-dr-de-b-3" - ], - "CIS-5.0": [ - "4.13" - ], - "CIS-1.4": [ - "4.13" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR02", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN02.AR01", - "CCC.Core.CN09.AR03", - "CCC.Core.CN04.AR01" - ], - "ProwlerThreatScore-1.0": [ - "3.3.14" - ], - "CIS-1.5": [ - "4.13" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP04" - ], - "NIST-800-53-Revision-4": [ - "ac_2_4", - "au_6_1", - "au_6_3", - "au_7_1", - "ca_7", - "ir_4_1", - "si_4_2", - "si_4_4", - "si_4_5", - "si_4" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1496" - ], - "CIS-2.0": [ - "4.13" - ], - "NIS2": [ - "2.2.3", - "3.2.3.a", - "3.2.3.f", - "3.2.4", - "6.4.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Real-time monitoring of API calls can be achieved by directing Cloud Trail Logs to CloudWatch Logs, or an external Security information and event management (SIEM)environment, and establishing corresponding metric filters and alarms. Routing tablesare used to route network traffic between subnets and to network gateways. It isrecommended that a metric filter and alarm be established for changes to route tables.", - "title": "Ensure route table changes are monitored", - "types": [ - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudwatch_changes_to_network_route_tables_alarm_configured-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudwatch" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudWatchAlarm", - "uid": "arn:aws:logs:us-east-1:211203495394:log-group" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "If you are using CloudTrails and CloudWatch, perform the following to setup the metric filter, alarm, SNS topic, and subscription: 1. Create a metric filter based on filter pattern provided which checks for route table changes and the taken from audit step 1. aws logs put-metric-filter --log-group-name -- filter-name `` --metric-transformations metricName= `` ,metricNamespace='CISBenchmark',metricValue=1 --filter-pattern '{($.eventSource = ec2.amazonaws.com) && (($.eventName = CreateRoute) || ($.eventName = CreateRouteTable) || ($.eventName = ReplaceRoute) || ($.eventName = ReplaceRouteTableAssociation) || ($.eventName = DeleteRouteTable) || ($.eventName = DeleteRoute) || ($.eventName = DisassociateRouteTable)) }' Note: You can choose your own metricName and metricNamespace strings. Using the same metricNamespace for all Foundations Benchmark metrics will group them together. 2. Create an SNS topic that the alarm will notify aws sns create-topic --name Note: you can execute this command once and then re-use the same topic for all monitoring alarms. 3. Create an SNS subscription to the topic created in step 2 aws sns subscribe --topic-arn --protocol - -notification-endpoint Note: you can execute this command once and then re-use the SNS subscription for all monitoring alarms. 4. Create an alarm that is associated with the CloudWatch Logs Metric Filter created in step 1 and an SNS topic created in step 2 aws cloudwatch put-metric-alarm --alarm-name `` --metric-name `` --statistic Sum --period 300 - -threshold 1 --comparison-operator GreaterThanOrEqualToThreshold -- evaluation-periods 1 --namespace 'CISBenchmark' --alarm-actions ", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html" - ] - }, - "risk_details": "CloudWatch is an AWS native service that allows you to ob serve and monitor resources and applications. CloudTrail Logs can also be sent to an external Security informationand event management (SIEM) environment for monitoring and alerting.Monitoring changes to route tables will help ensure that all VPC traffic flows through anexpected path and prevent any accidental or intentional modifications that may lead touncontrolled network traffic. An alarm should be triggered every time an AWS API call isperformed to create, replace, delete, or disassociate a Route Table.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudWatch log groups found with metric filters or alarms associated.", - "metadata": { - "event_code": "cloudwatch_changes_to_vpcs_alarm_configured", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudWatch log groups found with metric filters or alarms associated.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Logging and Monitoring", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_6_1", - "3_6_2", - "3_12_4" - ], - "HIPAA": [ - "164_308_a_6_i" - ], - "SOC2": [ - "cc_5_2", - "cc_7_2", - "cc_7_3", - "cc_7_4" - ], - "C5-2025": [ - "OIS-04.03B", - "OIS-04.01AC", - "OIS-04.02AC", - "HR-03.02AC", - "AM-09.03AC", - "OPS-11.02AC", - "OPS-13.03AC", - "OPS-26.05B", - "OPS-26.01AS", - "OPS-26.06B", - "COS-03.02B", - "PSS-04.01B" - ], - "NIST-CSF-1.1": [ - "ae_5", - "cm_2", - "cm_5", - "cp_4", - "ra_5" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-4", - "au-6-1-3", - "au-7-1", - "ca-7-a-b", - "ir-4-1", - "ir-4-1", - "si-4-2", - "si-4-4", - "si-4-5", - "si-4-a-b-c" - ], - "CIS-3.0": [ - "4.14" - ], - "NIST-800-53-Revision-5": [ - "au_6_1", - "au_6_5", - "au_12_3", - "au_14_a", - "au_14_b", - "ca_2_2", - "ca_7", - "ca_7_b", - "pm_14_a_1", - "pm_14_b", - "pm_31", - "sc_36_1_a", - "si_2_a", - "si_4_12", - "si_5_1", - "si_5_b" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "4.14" - ], - "FedRAMP-Low-Revision-4": [ - "ir-4" - ], - "FFIEC": [ - "d5-dr-de-b-1", - "d5-dr-de-b-3" - ], - "CIS-5.0": [ - "4.14" - ], - "CIS-1.4": [ - "4.14" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR02", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN02.AR01", - "CCC.Core.CN09.AR03", - "CCC.Core.CN04.AR01" - ], - "ProwlerThreatScore-1.0": [ - "3.3.15" - ], - "CIS-1.5": [ - "4.14" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP04" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "NIST-800-53-Revision-4": [ - "ac_2_4", - "au_6_1", - "au_6_3", - "au_7_1", - "ca_7", - "ir_4_1", - "si_4_2", - "si_4_4", - "si_4_5", - "si_4" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1496" - ], - "CIS-2.0": [ - "4.14" - ], - "NIS2": [ - "2.2.3", - "3.2.3.c", - "3.2.3.f", - "3.2.4", - "6.4.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure a log metric filter and alarm exist for VPC changes.", - "title": "Ensure a log metric filter and alarm exist for VPC changes.", - "types": [ - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudwatch_changes_to_vpcs_alarm_configured-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudwatch" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudWatchAlarm", - "uid": "arn:aws:logs:us-east-1:211203495394:log-group" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "It is recommended that a metric filter and alarm be established for unauthorized requests.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html" - ] - }, - "risk_details": "Monitoring unauthorized API calls will help reveal application errors and may reduce time to detect malicious activity.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "CloudWatch doesn't allow cross-account sharing.", - "metadata": { - "event_code": "cloudwatch_cross_account_sharing_disabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "CloudWatch doesn't allow cross-account sharing.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/Cross-Account-Cross-Region.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-04.01AC", - "PSS-04.01B" - ], - "ENS-RD2022": [ - "op.acc.4.aws.iam.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.2", - "2.10.1", - "2.10.2" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC03-BP01" - ], - "KISA-ISMS-P-2023": [ - "2.6.2", - "2.10.1", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Check if CloudWatch has allowed cross-account sharing.", - "title": "Check if CloudWatch has allowed cross-account sharing.", - "types": [ - "Logging and Monitoring" - ], - "uid": "prowler-aws-cloudwatch_cross_account_sharing_disabled-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudwatch" - }, - "labels": [], - "name": "211203495394", - "type": "AwsAccount", - "uid": "arn:aws:iam:us-east-1:211203495394:role" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Grant usage permission on a per-resource basis to enforce least privilege and Zero Trust principles.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/Cross-Account-Cross-Region.html" - ] - }, - "risk_details": "Cross-Account access to CloudWatch could increase the risk of compromising information between accounts.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Log Group /aws/rds/cluster/ex-rds/postgresql does not have AWS KMS keys associated.", - "metadata": { - "event_code": "cloudwatch_log_group_kms_encryption_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Log Group /aws/rds/cluster/ex-rds/postgresql does not have AWS KMS keys associated.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/cli/latest/reference/logs/associate-kms-key.html", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_3_8", - "3_13_11", - "3_13_16" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_1_3" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_308_a_4_ii_a", - "164_312_a_2_iv", - "164_312_e_2_ii" - ], - "SOC2": [ - "cc_7_3" - ], - "C5-2025": [ - "OIS-04.01AC", - "OIS-08.02B", - "AM-01.01AC", - "OPS-11.02AC", - "OPS-13.03B", - "OPS-14.03B", - "OPS-26.05B", - "OPS-26.01AS", - "OPS-31.01B", - "IAM-07.03B", - "CRY-01.02AC", - "CRY-05.02B", - "CRY-05.01AC", - "PSS-04.01B", - "PSS-04.04B", - "PSS-12.02B" - ], - "NIST-CSF-1.1": [ - "ds_1" - ], - "FedRamp-Moderate-Revision-4": [ - "au-9", - "sc-28" - ], - "NIST-800-53-Revision-5": [ - "au_9_3", - "cp_9_d", - "sc_8_3", - "sc_8_4", - "sc_13_a", - "sc_28_1", - "si_19_4" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "PCI-4.0": [ - "10.3.2.3", - "10.3.3.5", - "10.3.4.4", - "3.5.1.4", - "8.3.2.8", - "A1.2.1.9" - ], - "FedRAMP-Low-Revision-4": [ - "au-9" - ], - "GDPR": [ - "article_32" - ], - "PCI-3.2.1": [ - "3.4", - "3.4.1", - "3.4.1.a", - "3.4.1.c", - "3.4.a", - "3.4.b", - "3.4.d", - "8.2", - "8.2.1", - "8.2.1.a" - ], - "GxP-EU-Annex-11": [ - "7.1-data-storage-damage-protection" - ], - "CCC": [ - "CCC.Monitor.CN04.AR01", - "CCC.Core.CN09.AR03", - "CCC.Core.CN02.AR01", - "CCC.Core.CN04.AR03" - ], - "GxP-21-CFR-Part-11": [ - "11.30" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP02" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.15", - "A.8.16", - "A.8.24" - ], - "NIST-800-53-Revision-4": [ - "au_9", - "sc_28" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1040" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Check if CloudWatch log groups are protected by AWS KMS.", - "title": "Check if CloudWatch log groups are protected by AWS KMS.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-cloudwatch_log_group_kms_encryption_enabled-211203495394-eu-west-1-/aws/rds/cluster/ex-rds/postgresql" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:logs:eu-west-1:211203495394:log-group:/aws/rds/cluster/ex-rds/postgresql:*", - "name": "/aws/rds/cluster/ex-rds/postgresql", - "retention_days": 7, - "never_expire": false, - "kms_id": null, - "region": "eu-west-1", - "log_streams": {}, - "tags": [] - } - }, - "group": { - "name": "cloudwatch" - }, - "labels": [], - "name": "/aws/rds/cluster/ex-rds/postgresql", - "type": "Other", - "uid": "arn:aws:logs:eu-west-1:211203495394:log-group:/aws/rds/cluster/ex-rds/postgresql:*" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Associate KMS Key with Cloudwatch log group.", - "references": [ - "https://docs.aws.amazon.com/cli/latest/reference/logs/associate-kms-key.html" - ] - }, - "risk_details": "Using customer managed KMS to encrypt CloudWatch log group provide additional confidentiality and control over the log data.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No secrets found in /aws/rds/cluster/ex-rds/postgresql log group.", - "metadata": { - "event_code": "cloudwatch_log_group_no_secrets_in_logs", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "No secrets found in /aws/rds/cluster/ex-rds/postgresql log group.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html", - "categories": [ - "secrets" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "AM-01.01AC", - "OPS-11.01AC", - "OPS-11.02AC", - "OPS-13.03B", - "OPS-26.05B", - "OPS-26.01AS", - "PSS-04.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "CCC": [ - "CCC.GenAI.CN04.AR01" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1552" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Check if secrets exists in CloudWatch logs", - "title": "Check if secrets exists in CloudWatch logs.", - "types": [ - "Protect", - "Secure development" - ], - "uid": "prowler-aws-cloudwatch_log_group_no_secrets_in_logs-211203495394-eu-west-1-/aws/rds/cluster/ex-rds/postgresql" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:logs:eu-west-1:211203495394:log-group:/aws/rds/cluster/ex-rds/postgresql:*", - "name": "/aws/rds/cluster/ex-rds/postgresql", - "retention_days": 7, - "never_expire": false, - "kms_id": null, - "region": "eu-west-1", - "log_streams": {}, - "tags": [] - } - }, - "group": { - "name": "cloudwatch" - }, - "labels": [], - "name": "/aws/rds/cluster/ex-rds/postgresql", - "type": "Other", - "uid": "arn:aws:logs:eu-west-1:211203495394:log-group:/aws/rds/cluster/ex-rds/postgresql:*" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "It is recommended that sensitive information is not logged to CloudWatch logs. Alternatively, sensitive data may be masked using a protection policy", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/mask-sensitive-log-data.html" - ] - }, - "risk_details": "Storing sensitive data in CloudWatch logs could allow an attacker with read-only access to escalate their privileges or gain unauthorised access to systems.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Log Group /aws/rds/cluster/ex-rds/postgresql is not publicly accessible.", - "metadata": { - "event_code": "cloudwatch_log_group_not_publicly_accessible", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Log Group /aws/rds/cluster/ex-rds/postgresql is not publicly accessible.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/iam-access-control-overview-cwl.html", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "AM-01.01AC", - "PS-03.02B", - "OPS-11.02AC", - "OPS-26.05B", - "OPS-26.01AS", - "IAM-10.01B", - "COS-02.01B", - "PSS-04.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.1", - "2.10.1", - "2.10.2" - ], - "CCC": [ - "CCC.AuditLog.CN09.AR01", - "CCC.AuditLog.CN04.AR01", - "CCC.Monitor.CN04.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN09.AR02", - "CCC.Core.CN09.AR03", - "CCC.Core.CN04.AR03" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "KISA-ISMS-P-2023": [ - "2.6.1", - "2.10.1", - "2.10.2" - ], - "NIS2": [ - "3.2.3.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "This check ensures that no CloudWatch Log Groups are publicly accessible by checking for resource policies that allow access from any entity (Principal: '*'). Publicly exposed log groups pose a serious security risk as sensitive log data could be accessed by unauthorized parties.", - "title": "Ensure that CloudWatch Log Groups are not publicly accessible", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices" - ], - "uid": "prowler-aws-cloudwatch_log_group_not_publicly_accessible-211203495394-eu-west-1-/aws/rds/cluster/ex-rds/postgresql" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:logs:eu-west-1:211203495394:log-group:/aws/rds/cluster/ex-rds/postgresql:*", - "name": "/aws/rds/cluster/ex-rds/postgresql", - "retention_days": 7, - "never_expire": false, - "kms_id": null, - "region": "eu-west-1", - "log_streams": {}, - "tags": [] - } - }, - "group": { - "name": "cloudwatch" - }, - "labels": [], - "name": "/aws/rds/cluster/ex-rds/postgresql", - "type": "Other", - "uid": "arn:aws:logs:eu-west-1:211203495394:log-group:/aws/rds/cluster/ex-rds/postgresql:*" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Ensure that CloudWatch Log Groups are not publicly accessible. Review and remove any resource policies that allow public access (Principal: '*') to log groups.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/iam-access-control-overview-cwl.html" - ] - }, - "risk_details": "Publicly accessible CloudWatch Log Groups can expose sensitive information, leading to data breaches or unauthorized access. It is important to ensure that log groups are only accessible by trusted entities.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Log Group /aws/rds/cluster/ex-rds/postgresql has less than 365 days retention period (7 days).", - "metadata": { - "event_code": "cloudwatch_log_group_retention_policy_specific_days_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Log Group /aws/rds/cluster/ex-rds/postgresql has less than 365 days retention period (7 days).", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/AWS_Logs.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_3_1", - "3_6_1", - "3_6_2" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_4" - ], - "HIPAA": [ - "164_312_b" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_c_1_2" - ], - "C5-2025": [ - "AM-01.01AC", - "OPS-11.02AC", - "OPS-14.01B", - "OPS-14.02B", - "OPS-26.05B", - "OPS-26.01AS", - "PI-03.02B", - "PSS-04.01B" - ], - "FedRamp-Moderate-Revision-4": [ - "au-6-1-3", - "au-11", - "si-12" - ], - "NIST-800-53-Revision-5": [ - "ac_16_b", - "au_6_3", - "au_6_4", - "au_6_6", - "au_6_9", - "au_10", - "au_11", - "au_11_1", - "au_12_1", - "au_12_2", - "au_12_3", - "au_14_a", - "au_14_b", - "ca_7_b", - "pm_14_a_1", - "pm_14_b", - "pm_21_b", - "pm_31", - "sc_28_2", - "si_4_17", - "si_12" - ], - "ENS-RD2022": [ - "op.exp.8.r3.aws.cw.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "PCI-4.0": [ - "10.5.1.4", - "3.2.1.3", - "3.3.1.1.3", - "3.3.1.3.3", - "3.3.2.3", - "3.3.3.3", - "5.3.4.11" - ], - "FedRAMP-Low-Revision-4": [ - "au-11" - ], - "FFIEC": [ - "d2-ma-ma-b-1" - ], - "PCI-3.2.1": [ - "10.1", - "10.7", - "10.7.b", - "10.7.c" - ], - "CCC": [ - "CCC.Logging.CN02.AR01", - "CCC.Logging.CN02.AR02" - ], - "GxP-21-CFR-Part-11": [ - "11.10-c", - "11.10-e" - ], - "ProwlerThreatScore-1.0": [ - "3.2.2" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC03-BP06" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "NIST-800-53-Revision-4": [ - "au_11", - "si_12" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "NIS2": [ - "1.1.1.h", - "3.2.3.c", - "3.2.5", - "4.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Check if CloudWatch Log Groups have a retention policy of specific days.", - "title": "Check if CloudWatch Log Groups have a retention policy of specific days.", - "types": [ - "Data Retention" - ], - "uid": "prowler-aws-cloudwatch_log_group_retention_policy_specific_days_enabled-211203495394-eu-west-1-/aws/rds/cluster/ex-rds/postgresql" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:logs:eu-west-1:211203495394:log-group:/aws/rds/cluster/ex-rds/postgresql:*", - "name": "/aws/rds/cluster/ex-rds/postgresql", - "retention_days": 7, - "never_expire": false, - "kms_id": null, - "region": "eu-west-1", - "log_streams": {}, - "tags": [] - } - }, - "group": { - "name": "cloudwatch" - }, - "labels": [], - "name": "/aws/rds/cluster/ex-rds/postgresql", - "type": "AwsLogsLogGroup", - "uid": "arn:aws:logs:eu-west-1:211203495394:log-group:/aws/rds/cluster/ex-rds/postgresql:*" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Add Log Retention policy of specific days to log groups. This will persist logs and traces for a long time.", - "references": [ - "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/AWS_Logs.html" - ] - }, - "risk_details": "If log groups have a low retention policy of less than specific days, crucial logs and data can be lost.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudWatch log groups found with metric filters or alarms associated.", - "metadata": { - "event_code": "cloudwatch_log_metric_filter_and_alarm_for_aws_config_configuration_changes_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudWatch log groups found with metric filters or alarms associated.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Logging and Monitoring", - "compliance": { - "SOC2": [ - "cc_5_2" - ], - "C5-2025": [ - "OIS-04.03B", - "OIS-04.01AC", - "OIS-04.02AC", - "HR-03.02AC", - "AM-01.01AC", - "AM-09.03AC", - "OPS-11.02AC", - "OPS-13.03AC", - "OPS-26.05B", - "OPS-26.01AS", - "OPS-26.06B", - "PSS-04.01B" - ], - "NIST-CSF-1.1": [ - "cm_2", - "ra_5", - "sc_4" - ], - "CIS-3.0": [ - "4.9" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "4.9" - ], - "GDPR": [ - "article_25" - ], - "CIS-5.0": [ - "4.9" - ], - "CIS-1.4": [ - "4.9" - ], - "CCC": [ - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.Core.CN04.AR01" - ], - "ProwlerThreatScore-1.0": [ - "3.3.10" - ], - "CIS-1.5": [ - "4.9" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP04" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "KISA-ISMS-P-2023": [ - "2.10.1", - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1496" - ], - "CIS-2.0": [ - "4.9" - ], - "NIS2": [ - "2.2.3", - "3.2.3.c", - "3.2.3.f", - "3.2.3.g", - "3.5.4", - "7.2.b" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure a log metric filter and alarm exist for AWS Config configuration changes.", - "title": "Ensure a log metric filter and alarm exist for AWS Config configuration changes.", - "types": [ - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudwatch_log_metric_filter_and_alarm_for_aws_config_configuration_changes_enabled-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudwatch" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudWatchAlarm", - "uid": "arn:aws:logs:us-east-1:211203495394:log-group" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "It is recommended that a metric filter and alarm be established for unauthorized requests.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html" - ] - }, - "risk_details": "Monitoring unauthorized API calls will help reveal application errors and may reduce time to detect malicious activity.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudWatch log groups found with metric filters or alarms associated.", - "metadata": { - "event_code": "cloudwatch_log_metric_filter_and_alarm_for_cloudtrail_configuration_changes_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudWatch log groups found with metric filters or alarms associated.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Logging and Monitoring", - "compliance": { - "SOC2": [ - "cc_5_2" - ], - "C5-2025": [ - "OIS-04.03B", - "OIS-04.01AC", - "OIS-04.02AC", - "HR-03.02AC", - "AM-01.01AC", - "AM-09.03AC", - "OPS-11.02AC", - "OPS-13.03AC", - "OPS-26.05B", - "OPS-26.01AS", - "OPS-26.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-04.01B" - ], - "NIST-CSF-1.1": [ - "cm_2", - "ra_5", - "sc_4" - ], - "CIS-3.0": [ - "4.5" - ], - "ENS-RD2022": [ - "op.exp.8.aws.ct.2", - "op.exp.8.r1.aws.ct.2", - "op.exp.8.r1.aws.ct.3" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "4.5" - ], - "GDPR": [ - "article_25" - ], - "CIS-5.0": [ - "4.5" - ], - "CIS-1.4": [ - "4.5" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN03.AR02", - "CCC.LB.CN04.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Monitor.CN02.AR01", - "CCC.Core.CN09.AR02", - "CCC.Core.CN09.AR03", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR03" - ], - "ProwlerThreatScore-1.0": [ - "3.3.6" - ], - "CIS-1.5": [ - "4.5" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP04" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "AWS-Account-Security-Onboarding": [ - "Critical alert on cloudtrail settings changes" - ], - "KISA-ISMS-P-2023": [ - "2.10.1", - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1496" - ], - "CIS-2.0": [ - "4.5" - ], - "CISA": [ - "your-data-2" - ], - "NIS2": [ - "2.2.3", - "3.2.3.c", - "3.2.3.f", - "3.2.3.g", - "3.2.4", - "3.5.4", - "7.2.b" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure a log metric filter and alarm exist for CloudTrail configuration changes.", - "title": "Ensure a log metric filter and alarm exist for CloudTrail configuration changes.", - "types": [ - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudwatch_log_metric_filter_and_alarm_for_cloudtrail_configuration_changes_enabled-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudwatch" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudWatchAlarm", - "uid": "arn:aws:logs:us-east-1:211203495394:log-group" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "It is recommended that a metric filter and alarm be established for unauthorized requests.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html" - ] - }, - "risk_details": "Monitoring unauthorized API calls will help reveal application errors and may reduce time to detect malicious activity.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudWatch log groups found with metric filters or alarms associated.", - "metadata": { - "event_code": "cloudwatch_log_metric_filter_authentication_failures", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudWatch log groups found with metric filters or alarms associated.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Logging and Monitoring", - "compliance": { - "HIPAA": [ - "164_308_a_5_ii_c", - "164_308_a_6_i", - "164_308_a_6_ii" - ], - "C5-2025": [ - "OIS-04.01AC", - "OIS-04.02AC", - "HR-03.02AC", - "AM-01.01AC", - "AM-09.03AC", - "OPS-11.02AC", - "OPS-26.05B", - "OPS-26.01AS", - "OPS-26.06B", - "IAM-03.01AC", - "PSS-04.01B" - ], - "NIST-CSF-1.1": [ - "cm_2", - "ra_5", - "sc_4" - ], - "CIS-3.0": [ - "4.6" - ], - "ENS-RD2022": [ - "op.exp.8.aws.ct.5" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "4.6" - ], - "GDPR": [ - "article_25" - ], - "CIS-5.0": [ - "4.6" - ], - "CIS-1.4": [ - "4.6" - ], - "CCC": [ - "CCC.Monitor.CN02.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR03" - ], - "ProwlerThreatScore-1.0": [ - "3.3.7" - ], - "CIS-1.5": [ - "4.6" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP04" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "AWS-Account-Security-Onboarding": [ - "Alert on rise of ConsoleLoginFailures events" - ], - "KISA-ISMS-P-2023": [ - "2.10.1", - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1496" - ], - "CIS-2.0": [ - "4.6" - ], - "NIS2": [ - "3.2.3.c", - "3.2.3.d", - "3.2.3.g", - "3.5.4", - "7.2.b" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure a log metric filter and alarm exist for AWS Management Console authentication failures.", - "title": "Ensure a log metric filter and alarm exist for AWS Management Console authentication failures.", - "types": [ - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudwatch_log_metric_filter_authentication_failures-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudwatch" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudWatchAlarm", - "uid": "arn:aws:logs:us-east-1:211203495394:log-group" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "It is recommended that a metric filter and alarm be established for unauthorized requests.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html" - ] - }, - "risk_details": "Monitoring unauthorized API calls will help reveal application errors and may reduce time to detect malicious activity.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudWatch log groups found with metric filters or alarms associated.", - "metadata": { - "event_code": "cloudwatch_log_metric_filter_aws_organizations_changes", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudWatch log groups found with metric filters or alarms associated.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Logging and Monitoring", - "compliance": { - "SOC2": [ - "cc_5_2" - ], - "C5-2025": [ - "OIS-04.03B", - "OIS-04.01AC", - "OIS-04.02AC", - "HR-03.02AC", - "AM-01.01AC", - "AM-09.03AC", - "OPS-11.02AC", - "OPS-26.05B", - "OPS-26.01AS", - "OPS-26.06B", - "PSS-04.01B" - ], - "CIS-3.0": [ - "4.15" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "4.15" - ], - "CIS-5.0": [ - "4.15" - ], - "CIS-1.4": [ - "4.15" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR02" - ], - "ProwlerThreatScore-1.0": [ - "3.3.16" - ], - "CIS-1.5": [ - "4.15" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP04" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "KISA-ISMS-P-2023": [ - "2.10.1", - "2.10.2", - "2.11.3" - ], - "MITRE-ATTACK": [ - "T1496" - ], - "CIS-2.0": [ - "4.15" - ], - "NIS2": [ - "2.2.3", - "3.2.2", - "3.2.3.b", - "3.2.3.c", - "3.2.3.f", - "3.2.3.g", - "3.5.4", - "7.2.b", - "11.5.2.d" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure a log metric filter and alarm exist for AWS Organizations changes.", - "title": "Ensure a log metric filter and alarm exist for AWS Organizations changes.", - "types": [ - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudwatch_log_metric_filter_aws_organizations_changes-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudwatch" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudWatchAlarm", - "uid": "arn:aws:logs:us-east-1:211203495394:log-group" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "It is recommended that a metric filter and alarm be established for unauthorized requests.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html" - ] - }, - "risk_details": "Monitoring unauthorized API calls will help reveal application errors and may reduce time to detect malicious activity.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudWatch log groups found with metric filters or alarms associated.", - "metadata": { - "event_code": "cloudwatch_log_metric_filter_disable_or_scheduled_deletion_of_kms_cmk", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudWatch log groups found with metric filters or alarms associated.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Logging and Monitoring", - "compliance": { - "C5-2025": [ - "OIS-04.02AC", - "OIS-08.02B", - "HR-03.02AC", - "AM-01.01AC", - "AM-07.02B", - "AM-09.03AC", - "OPS-11.02AC", - "OPS-26.05B", - "OPS-26.01AS", - "OPS-26.06B", - "CRY-05.02B", - "PSS-04.01B" - ], - "NIST-CSF-1.1": [ - "cm_2", - "ra_5", - "sc_4" - ], - "CIS-3.0": [ - "4.7" - ], - "ENS-RD2022": [ - "op.exp.10.aws.cmk.4", - "op.exp.10.aws.cmk.5" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "4.7" - ], - "GDPR": [ - "article_25" - ], - "CIS-5.0": [ - "4.7" - ], - "CIS-1.4": [ - "4.7" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR02", - "CCC.Core.CN04.AR01" - ], - "ProwlerThreatScore-1.0": [ - "3.3.8" - ], - "CIS-1.5": [ - "4.7" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP04" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "KISA-ISMS-P-2023": [ - "2.10.1", - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.10.1", - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1485", - "T1496" - ], - "CIS-2.0": [ - "4.7" - ], - "NIS2": [ - "3.2.3.c", - "3.2.3.g", - "3.5.4", - "7.2.b" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure a log metric filter and alarm exist for disabling or scheduled deletion of customer created KMS CMKs.", - "title": "Ensure a log metric filter and alarm exist for disabling or scheduled deletion of customer created KMS CMKs.", - "types": [ - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudwatch_log_metric_filter_disable_or_scheduled_deletion_of_kms_cmk-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudwatch" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudWatchAlarm", - "uid": "arn:aws:logs:us-east-1:211203495394:log-group" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "It is recommended that a metric filter and alarm be established for unauthorized requests.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html" - ] - }, - "risk_details": "Monitoring unauthorized API calls will help reveal application errors and may reduce time to detect malicious activity.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudWatch log groups found with metric filters or alarms associated.", - "metadata": { - "event_code": "cloudwatch_log_metric_filter_for_s3_bucket_policy_changes", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudWatch log groups found with metric filters or alarms associated.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Logging and Monitoring", - "compliance": { - "SOC2": [ - "cc_5_2" - ], - "C5-2025": [ - "OIS-04.03B", - "OIS-04.01AC", - "OIS-04.02AC", - "HR-03.02AC", - "AM-01.01AC", - "AM-09.03AC", - "OPS-11.02AC", - "OPS-26.05B", - "OPS-26.01AS", - "OPS-26.06B", - "PSS-04.01B" - ], - "NIST-CSF-1.1": [ - "cm_2", - "ra_5", - "sc_4" - ], - "CIS-3.0": [ - "4.8" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "4.8" - ], - "GDPR": [ - "article_25" - ], - "CIS-5.0": [ - "4.8" - ], - "CIS-1.4": [ - "4.8" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR02", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.Core.CN04.AR01" - ], - "ProwlerThreatScore-1.0": [ - "3.3.9" - ], - "CIS-1.5": [ - "4.8" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP04" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "KISA-ISMS-P-2023": [ - "2.10.1", - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1496" - ], - "CIS-2.0": [ - "4.8" - ], - "NIS2": [ - "2.2.3", - "3.2.3.b", - "3.2.3.c", - "3.2.3.f", - "3.2.3.g", - "3.5.4", - "7.2.b" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure a log metric filter and alarm exist for S3 bucket policy changes.", - "title": "Ensure a log metric filter and alarm exist for S3 bucket policy changes.", - "types": [ - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudwatch_log_metric_filter_for_s3_bucket_policy_changes-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudwatch" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudWatchAlarm", - "uid": "arn:aws:logs:us-east-1:211203495394:log-group" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "It is recommended that a metric filter and alarm be established for unauthorized requests.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html" - ] - }, - "risk_details": "Monitoring unauthorized API calls will help reveal application errors and may reduce time to detect malicious activity.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudWatch log groups found with metric filters or alarms associated.", - "metadata": { - "event_code": "cloudwatch_log_metric_filter_policy_changes", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudWatch log groups found with metric filters or alarms associated.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Logging and Monitoring", - "compliance": { - "SOC2": [ - "cc_5_2" - ], - "C5-2025": [ - "OIS-04.03B", - "OIS-04.01AC", - "OIS-04.02AC", - "HR-03.02AC", - "AM-01.01AC", - "AM-09.03AC", - "OPS-11.02AC", - "OPS-26.05B", - "OPS-26.01AS", - "OPS-26.06B", - "PSS-04.01B" - ], - "NIST-CSF-1.1": [ - "cm_2", - "ra_5", - "sc_4" - ], - "CIS-3.0": [ - "4.4" - ], - "ENS-RD2022": [ - "op.exp.8.aws.ct.5" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "4.4" - ], - "GDPR": [ - "article_25" - ], - "PCI-3.2.1": [ - "8.1", - "8.1.2" - ], - "CIS-5.0": [ - "4.4" - ], - "CIS-1.4": [ - "4.4" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.Core.CN04.AR01" - ], - "ProwlerThreatScore-1.0": [ - "3.3.5" - ], - "CIS-1.5": [ - "4.4" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP04" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "KISA-ISMS-P-2023": [ - "2.10.1", - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1496" - ], - "CIS-2.0": [ - "4.4" - ], - "NIS2": [ - "2.2.3", - "3.2.2", - "3.2.3.b", - "3.2.3.c", - "3.2.3.f", - "3.2.3.g", - "3.5.4", - "7.2.b", - "11.5.2.d" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure a log metric filter and alarm exist for IAM policy changes.", - "title": "Ensure a log metric filter and alarm exist for IAM policy changes.", - "types": [ - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudwatch_log_metric_filter_policy_changes-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudwatch" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudWatchAlarm", - "uid": "arn:aws:logs:us-east-1:211203495394:log-group" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "It is recommended that a metric filter and alarm be established for unauthorized requests.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html" - ] - }, - "risk_details": "Monitoring unauthorized API calls will help reveal application errors and may reduce time to detect malicious activity.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudWatch log groups found with metric filters or alarms associated.", - "metadata": { - "event_code": "cloudwatch_log_metric_filter_root_usage", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudWatch log groups found with metric filters or alarms associated.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Logging and Monitoring", - "compliance": { - "HIPAA": [ - "164_308_a_6_i", - "164_308_a_6_ii" - ], - "C5-2025": [ - "OIS-04.01AC", - "OIS-04.02AC", - "HR-03.02AC", - "AM-01.01AC", - "AM-09.03AC", - "OPS-11.02AC", - "OPS-26.05B", - "OPS-26.01AS", - "OPS-26.06B", - "IAM-03.01B", - "IAM-03.03B", - "IAM-06.04B", - "IAM-06.05B", - "PSS-04.01B" - ], - "NIST-CSF-1.1": [ - "cm_2", - "ra_5", - "sc_4" - ], - "CIS-3.0": [ - "4.3" - ], - "ENS-RD2022": [ - "op.exp.8.aws.ct.5", - "op.exp.8.aws.cw.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "4.3" - ], - "GDPR": [ - "article_25" - ], - "PCI-3.2.1": [ - "7.2", - "7.2.1" - ], - "CIS-5.0": [ - "4.3" - ], - "CIS-1.4": [ - "4.3" - ], - "CCC": [ - "CCC.Core.CN04.AR01" - ], - "ProwlerThreatScore-1.0": [ - "3.3.4" - ], - "CIS-1.5": [ - "4.3" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP04" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "AWS-Account-Security-Onboarding": [ - "Critical alert on every root user activity" - ], - "KISA-ISMS-P-2023": [ - "2.10.1", - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1496" - ], - "CIS-2.0": [ - "4.3" - ], - "NIS2": [ - "2.3.1", - "3.2.1", - "3.2.2", - "3.2.3.c", - "3.2.3.e", - "3.2.3.g", - "3.5.4", - "7.2.b", - "9.2.c.vii" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure a log metric filter and alarm exist for usage of root account.", - "title": "Ensure a log metric filter and alarm exist for usage of root account.", - "types": [ - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudwatch_log_metric_filter_root_usage-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudwatch" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudWatchAlarm", - "uid": "arn:aws:logs:us-east-1:211203495394:log-group" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "It is recommended that a metric filter and alarm be established for unauthorized requests.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html" - ] - }, - "risk_details": "Monitoring unauthorized API calls will help reveal application errors and may reduce time to detect malicious activity.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudWatch log groups found with metric filters or alarms associated.", - "metadata": { - "event_code": "cloudwatch_log_metric_filter_security_group_changes", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudWatch log groups found with metric filters or alarms associated.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Logging and Monitoring", - "compliance": { - "SOC2": [ - "cc_5_2" - ], - "C5-2025": [ - "OIS-04.03B", - "OIS-04.01AC", - "OIS-04.02AC", - "HR-03.02AC", - "AM-01.01AC", - "AM-09.03AC", - "OPS-11.02AC", - "OPS-26.05B", - "OPS-26.01AS", - "OPS-26.06B", - "PSS-04.01B" - ], - "NIST-CSF-1.1": [ - "cm_2", - "ra_5", - "sc_4" - ], - "CIS-3.0": [ - "4.10" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "4.10" - ], - "GDPR": [ - "article_25" - ], - "CIS-5.0": [ - "4.10" - ], - "CIS-1.4": [ - "4.10" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.Core.CN04.AR01" - ], - "ProwlerThreatScore-1.0": [ - "3.3.11" - ], - "CIS-1.5": [ - "4.10" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP04" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "KISA-ISMS-P-2023": [ - "2.10.1", - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1496" - ], - "CIS-2.0": [ - "4.10" - ], - "NIS2": [ - "2.2.3", - "3.2.2", - "3.2.3.b", - "3.2.3.c", - "3.2.3.f", - "3.2.3.g", - "3.5.4", - "11.5.2.d" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure a log metric filter and alarm exist for security group changes.", - "title": "Ensure a log metric filter and alarm exist for security group changes.", - "types": [ - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudwatch_log_metric_filter_security_group_changes-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudwatch" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudWatchAlarm", - "uid": "arn:aws:logs:us-east-1:211203495394:log-group" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "It is recommended that a metric filter and alarm be established for unauthorized requests.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html" - ] - }, - "risk_details": "Monitoring unauthorized API calls will help reveal application errors and may reduce time to detect malicious activity.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudWatch log groups found with metric filters or alarms associated.", - "metadata": { - "event_code": "cloudwatch_log_metric_filter_sign_in_without_mfa", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudWatch log groups found with metric filters or alarms associated.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Logging and Monitoring", - "compliance": { - "C5-2025": [ - "OIS-04.01AC", - "OIS-04.02AC", - "HR-03.02AC", - "AM-01.01AC", - "AM-09.03AC", - "OPS-11.02AC", - "OPS-16.01B", - "OPS-26.05B", - "OPS-26.01AS", - "OPS-26.06B", - "IAM-03.01AC", - "IAM-09.02B", - "IAM-09.01AC", - "PSS-04.01B", - "PSS-05.01B", - "PSS-07.02B" - ], - "NIST-CSF-1.1": [ - "cm_2", - "ra_5", - "sc_4" - ], - "CIS-3.0": [ - "4.2" - ], - "ENS-RD2022": [ - "op.exp.8.aws.ct.5" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "4.2" - ], - "GDPR": [ - "article_25" - ], - "CIS-5.0": [ - "4.2" - ], - "CIS-1.4": [ - "4.2" - ], - "CCC": [ - "CCC.Core.CN04.AR01" - ], - "ProwlerThreatScore-1.0": [ - "3.3.3" - ], - "CIS-1.5": [ - "4.2" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP04" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "KISA-ISMS-P-2023": [ - "2.10.1", - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1496" - ], - "CIS-2.0": [ - "4.2" - ], - "NIS2": [ - "3.2.3.c", - "3.2.3.d", - "3.2.3.g", - "3.5.4", - "9.2.c.vii", - "11.7.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure a log metric filter and alarm exist for Management Console sign-in without MFA.", - "title": "Ensure a log metric filter and alarm exist for Management Console sign-in without MFA.", - "types": [ - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudwatch_log_metric_filter_sign_in_without_mfa-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudwatch" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudWatchAlarm", - "uid": "arn:aws:logs:us-east-1:211203495394:log-group" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "It is recommended that a metric filter and alarm be established for unauthorized requests.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html" - ] - }, - "risk_details": "Monitoring unauthorized API calls will help reveal application errors and may reduce time to detect malicious activity.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudWatch log groups found with metric filters or alarms associated.", - "metadata": { - "event_code": "cloudwatch_log_metric_filter_unauthorized_api_calls", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudWatch log groups found with metric filters or alarms associated.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Logging and Monitoring", - "compliance": { - "C5-2025": [ - "OIS-04.01AC", - "OIS-04.02AC", - "HR-03.02AC", - "AM-01.01AC", - "AM-09.03AC", - "OPS-11.02AC", - "OPS-26.05B", - "OPS-26.01AS", - "OPS-26.06B", - "IAM-06.05B", - "PSS-04.01B" - ], - "NIST-CSF-1.1": [ - "cm_2", - "ra_5", - "sc_4" - ], - "CIS-3.0": [ - "4.1" - ], - "ENS-RD2022": [ - "op.exp.8.aws.ct.5" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "4.1" - ], - "GDPR": [ - "article_25" - ], - "CIS-5.0": [ - "4.1" - ], - "CIS-1.4": [ - "4.1" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.Core.CN04.AR01" - ], - "ProwlerThreatScore-1.0": [ - "3.3.2" - ], - "CIS-1.5": [ - "4.1" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP04" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "KISA-ISMS-P-2023": [ - "2.10.1", - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1496" - ], - "CIS-2.0": [ - "4.1" - ], - "NIS2": [ - "3.2.3.c", - "3.2.3.g", - "3.2.4", - "3.4.2.c", - "3.5.4" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure a log metric filter and alarm exist for unauthorized API calls.", - "title": "Ensure a log metric filter and alarm exist for unauthorized API calls.", - "types": [ - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudwatch_log_metric_filter_unauthorized_api_calls-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudwatch" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudWatchAlarm", - "uid": "arn:aws:logs:us-east-1:211203495394:log-group" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "It is recommended that a metric filter and alarm be established for unauthorized requests.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html" - ] - }, - "risk_details": "Monitoring unauthorized API calls will help reveal application errors and may reduce time to detect malicious activity.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "AWS Config recorder 211203495394 is disabled.", - "metadata": { - "event_code": "config_recorder_all_regions_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "AWS Config recorder 211203495394 is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "logging", - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://repost.aws/es/questions/QUGcgeerhcTamRkwgdwh_tLQ/enable-aws-config", - "https://www.tenable.com/audits/items/CIS_Amazon_Web_Services_Foundations_v1.5.0_L2.audit:6a5136528bd329139e5969f8f1e5ffbc", - "https://aws.amazon.com/blogs/mt/aws-config-best-practices/" - ], - "notes": "", - "compliance": { - "HIPAA": [ - "164_308_a_1_ii_a" - ], - "SOC2": [ - "cc_2_1", - "cc_3_1", - "cc_3_4", - "cc_8_1" - ], - "C5-2025": [ - "OIS-05.01B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "DEV-08.02B" - ], - "NIST-CSF-1.1": [ - "cm_2", - "am_1", - "ra_5", - "sc_4", - "ip_12" - ], - "CIS-3.0": [ - "3.3" - ], - "ENS-RD2022": [ - "op.exp.1.aws.cfg.1", - "op.exp.1.aws.cfg.2", - "op.exp.3.aws.cfg.1", - "op.exp.3.r3.aws.cfg.1", - "op.mon.3.r2.aws.cfg.1", - "op.mon.3.r6.aws.cfg.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "3.3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "2.4", - "2.4.a", - "10.5", - "10.5.2", - "11.5", - "11.5.a", - "11.5.b" - ], - "CIS-5.0": [ - "3.3" - ], - "CIS-1.4": [ - "3.5" - ], - "GxP-EU-Annex-11": [ - "10-change-and-configuration-management", - "4.5-validation-development-quality", - "4.6-validation-quality-performance" - ], - "ProwlerThreatScore-1.0": [ - "3.3.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "Config.1" - ], - "CIS-1.5": [ - "3.5" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.22" - ], - "AWS-Account-Security-Onboarding": [ - "Enable continuous recording for most of the resources", - "Confirm that records are present in central aggregator" - ], - "KISA-ISMS-P-2023": [ - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1190", - "T1078", - "T1204", - "T1098", - "T1136", - "T1525", - "T1562", - "T1110", - "T1040", - "T1119", - "T1530", - "T1485", - "T1486", - "T1491", - "T1499", - "T1496", - "T1498" - ], - "CIS-2.0": [ - "3.5" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "**AWS accounts** have **AWS Config recorders** active and healthy in each Region. It identifies Regions with no recorder, a disabled recorder, or a recorder in a failure state.", - "title": "AWS Config recorder is enabled and not in failure state or disabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-config_recorder_all_regions_enabled-211203495394-ap-northeast-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-northeast-1", - "data": { - "details": "", - "metadata": { - "name": "211203495394", - "role_arn": "", - "recording": null, - "last_status": null, - "region": "ap-northeast-1" - } - }, - "group": { - "name": "config" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:config:ap-northeast-1:211203495394:recorder" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-northeast-1" - }, - "remediation": { - "desc": "Enable **AWS Config** in every Region with continuous recording and maintain healthy recorder status.", - "references": [ - "https://hub.prowler.com/check/config_recorder_all_regions_enabled" - ] - }, - "risk_details": "**Gaps in Config recording** create **blind spots**. Changes in unmonitored Regions aren't captured, weakening **integrity** and **auditability**. Adversaries can alter resources or stage assets unnoticed, enabling misconfigurations and delaying **incident response**.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "AWS Config recorder 211203495394 is disabled.", - "metadata": { - "event_code": "config_recorder_all_regions_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "AWS Config recorder 211203495394 is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "logging", - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://repost.aws/es/questions/QUGcgeerhcTamRkwgdwh_tLQ/enable-aws-config", - "https://www.tenable.com/audits/items/CIS_Amazon_Web_Services_Foundations_v1.5.0_L2.audit:6a5136528bd329139e5969f8f1e5ffbc", - "https://aws.amazon.com/blogs/mt/aws-config-best-practices/" - ], - "notes": "", - "compliance": { - "HIPAA": [ - "164_308_a_1_ii_a" - ], - "SOC2": [ - "cc_2_1", - "cc_3_1", - "cc_3_4", - "cc_8_1" - ], - "C5-2025": [ - "OIS-05.01B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "DEV-08.02B" - ], - "NIST-CSF-1.1": [ - "cm_2", - "am_1", - "ra_5", - "sc_4", - "ip_12" - ], - "CIS-3.0": [ - "3.3" - ], - "ENS-RD2022": [ - "op.exp.1.aws.cfg.1", - "op.exp.1.aws.cfg.2", - "op.exp.3.aws.cfg.1", - "op.exp.3.r3.aws.cfg.1", - "op.mon.3.r2.aws.cfg.1", - "op.mon.3.r6.aws.cfg.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "3.3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "2.4", - "2.4.a", - "10.5", - "10.5.2", - "11.5", - "11.5.a", - "11.5.b" - ], - "CIS-5.0": [ - "3.3" - ], - "CIS-1.4": [ - "3.5" - ], - "GxP-EU-Annex-11": [ - "10-change-and-configuration-management", - "4.5-validation-development-quality", - "4.6-validation-quality-performance" - ], - "ProwlerThreatScore-1.0": [ - "3.3.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "Config.1" - ], - "CIS-1.5": [ - "3.5" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.22" - ], - "AWS-Account-Security-Onboarding": [ - "Enable continuous recording for most of the resources", - "Confirm that records are present in central aggregator" - ], - "KISA-ISMS-P-2023": [ - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1190", - "T1078", - "T1204", - "T1098", - "T1136", - "T1525", - "T1562", - "T1110", - "T1040", - "T1119", - "T1530", - "T1485", - "T1486", - "T1491", - "T1499", - "T1496", - "T1498" - ], - "CIS-2.0": [ - "3.5" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "**AWS accounts** have **AWS Config recorders** active and healthy in each Region. It identifies Regions with no recorder, a disabled recorder, or a recorder in a failure state.", - "title": "AWS Config recorder is enabled and not in failure state or disabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-config_recorder_all_regions_enabled-211203495394-ap-northeast-2-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-northeast-2", - "data": { - "details": "", - "metadata": { - "name": "211203495394", - "role_arn": "", - "recording": null, - "last_status": null, - "region": "ap-northeast-2" - } - }, - "group": { - "name": "config" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:config:ap-northeast-2:211203495394:recorder" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-northeast-2" - }, - "remediation": { - "desc": "Enable **AWS Config** in every Region with continuous recording and maintain healthy recorder status.", - "references": [ - "https://hub.prowler.com/check/config_recorder_all_regions_enabled" - ] - }, - "risk_details": "**Gaps in Config recording** create **blind spots**. Changes in unmonitored Regions aren't captured, weakening **integrity** and **auditability**. Adversaries can alter resources or stage assets unnoticed, enabling misconfigurations and delaying **incident response**.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "AWS Config recorder 211203495394 is disabled.", - "metadata": { - "event_code": "config_recorder_all_regions_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "AWS Config recorder 211203495394 is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "logging", - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://repost.aws/es/questions/QUGcgeerhcTamRkwgdwh_tLQ/enable-aws-config", - "https://www.tenable.com/audits/items/CIS_Amazon_Web_Services_Foundations_v1.5.0_L2.audit:6a5136528bd329139e5969f8f1e5ffbc", - "https://aws.amazon.com/blogs/mt/aws-config-best-practices/" - ], - "notes": "", - "compliance": { - "HIPAA": [ - "164_308_a_1_ii_a" - ], - "SOC2": [ - "cc_2_1", - "cc_3_1", - "cc_3_4", - "cc_8_1" - ], - "C5-2025": [ - "OIS-05.01B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "DEV-08.02B" - ], - "NIST-CSF-1.1": [ - "cm_2", - "am_1", - "ra_5", - "sc_4", - "ip_12" - ], - "CIS-3.0": [ - "3.3" - ], - "ENS-RD2022": [ - "op.exp.1.aws.cfg.1", - "op.exp.1.aws.cfg.2", - "op.exp.3.aws.cfg.1", - "op.exp.3.r3.aws.cfg.1", - "op.mon.3.r2.aws.cfg.1", - "op.mon.3.r6.aws.cfg.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "3.3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "2.4", - "2.4.a", - "10.5", - "10.5.2", - "11.5", - "11.5.a", - "11.5.b" - ], - "CIS-5.0": [ - "3.3" - ], - "CIS-1.4": [ - "3.5" - ], - "GxP-EU-Annex-11": [ - "10-change-and-configuration-management", - "4.5-validation-development-quality", - "4.6-validation-quality-performance" - ], - "ProwlerThreatScore-1.0": [ - "3.3.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "Config.1" - ], - "CIS-1.5": [ - "3.5" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.22" - ], - "AWS-Account-Security-Onboarding": [ - "Enable continuous recording for most of the resources", - "Confirm that records are present in central aggregator" - ], - "KISA-ISMS-P-2023": [ - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1190", - "T1078", - "T1204", - "T1098", - "T1136", - "T1525", - "T1562", - "T1110", - "T1040", - "T1119", - "T1530", - "T1485", - "T1486", - "T1491", - "T1499", - "T1496", - "T1498" - ], - "CIS-2.0": [ - "3.5" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "**AWS accounts** have **AWS Config recorders** active and healthy in each Region. It identifies Regions with no recorder, a disabled recorder, or a recorder in a failure state.", - "title": "AWS Config recorder is enabled and not in failure state or disabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-config_recorder_all_regions_enabled-211203495394-ap-northeast-3-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-northeast-3", - "data": { - "details": "", - "metadata": { - "name": "211203495394", - "role_arn": "", - "recording": null, - "last_status": null, - "region": "ap-northeast-3" - } - }, - "group": { - "name": "config" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:config:ap-northeast-3:211203495394:recorder" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-northeast-3" - }, - "remediation": { - "desc": "Enable **AWS Config** in every Region with continuous recording and maintain healthy recorder status.", - "references": [ - "https://hub.prowler.com/check/config_recorder_all_regions_enabled" - ] - }, - "risk_details": "**Gaps in Config recording** create **blind spots**. Changes in unmonitored Regions aren't captured, weakening **integrity** and **auditability**. Adversaries can alter resources or stage assets unnoticed, enabling misconfigurations and delaying **incident response**.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "AWS Config recorder 211203495394 is disabled.", - "metadata": { - "event_code": "config_recorder_all_regions_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "AWS Config recorder 211203495394 is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "logging", - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://repost.aws/es/questions/QUGcgeerhcTamRkwgdwh_tLQ/enable-aws-config", - "https://www.tenable.com/audits/items/CIS_Amazon_Web_Services_Foundations_v1.5.0_L2.audit:6a5136528bd329139e5969f8f1e5ffbc", - "https://aws.amazon.com/blogs/mt/aws-config-best-practices/" - ], - "notes": "", - "compliance": { - "HIPAA": [ - "164_308_a_1_ii_a" - ], - "SOC2": [ - "cc_2_1", - "cc_3_1", - "cc_3_4", - "cc_8_1" - ], - "C5-2025": [ - "OIS-05.01B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "DEV-08.02B" - ], - "NIST-CSF-1.1": [ - "cm_2", - "am_1", - "ra_5", - "sc_4", - "ip_12" - ], - "CIS-3.0": [ - "3.3" - ], - "ENS-RD2022": [ - "op.exp.1.aws.cfg.1", - "op.exp.1.aws.cfg.2", - "op.exp.3.aws.cfg.1", - "op.exp.3.r3.aws.cfg.1", - "op.mon.3.r2.aws.cfg.1", - "op.mon.3.r6.aws.cfg.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "3.3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "2.4", - "2.4.a", - "10.5", - "10.5.2", - "11.5", - "11.5.a", - "11.5.b" - ], - "CIS-5.0": [ - "3.3" - ], - "CIS-1.4": [ - "3.5" - ], - "GxP-EU-Annex-11": [ - "10-change-and-configuration-management", - "4.5-validation-development-quality", - "4.6-validation-quality-performance" - ], - "ProwlerThreatScore-1.0": [ - "3.3.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "Config.1" - ], - "CIS-1.5": [ - "3.5" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.22" - ], - "AWS-Account-Security-Onboarding": [ - "Enable continuous recording for most of the resources", - "Confirm that records are present in central aggregator" - ], - "KISA-ISMS-P-2023": [ - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1190", - "T1078", - "T1204", - "T1098", - "T1136", - "T1525", - "T1562", - "T1110", - "T1040", - "T1119", - "T1530", - "T1485", - "T1486", - "T1491", - "T1499", - "T1496", - "T1498" - ], - "CIS-2.0": [ - "3.5" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "**AWS accounts** have **AWS Config recorders** active and healthy in each Region. It identifies Regions with no recorder, a disabled recorder, or a recorder in a failure state.", - "title": "AWS Config recorder is enabled and not in failure state or disabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-config_recorder_all_regions_enabled-211203495394-ap-south-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-south-1", - "data": { - "details": "", - "metadata": { - "name": "211203495394", - "role_arn": "", - "recording": null, - "last_status": null, - "region": "ap-south-1" - } - }, - "group": { - "name": "config" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:config:ap-south-1:211203495394:recorder" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-south-1" - }, - "remediation": { - "desc": "Enable **AWS Config** in every Region with continuous recording and maintain healthy recorder status.", - "references": [ - "https://hub.prowler.com/check/config_recorder_all_regions_enabled" - ] - }, - "risk_details": "**Gaps in Config recording** create **blind spots**. Changes in unmonitored Regions aren't captured, weakening **integrity** and **auditability**. Adversaries can alter resources or stage assets unnoticed, enabling misconfigurations and delaying **incident response**.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "AWS Config recorder 211203495394 is disabled.", - "metadata": { - "event_code": "config_recorder_all_regions_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "AWS Config recorder 211203495394 is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "logging", - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://repost.aws/es/questions/QUGcgeerhcTamRkwgdwh_tLQ/enable-aws-config", - "https://www.tenable.com/audits/items/CIS_Amazon_Web_Services_Foundations_v1.5.0_L2.audit:6a5136528bd329139e5969f8f1e5ffbc", - "https://aws.amazon.com/blogs/mt/aws-config-best-practices/" - ], - "notes": "", - "compliance": { - "HIPAA": [ - "164_308_a_1_ii_a" - ], - "SOC2": [ - "cc_2_1", - "cc_3_1", - "cc_3_4", - "cc_8_1" - ], - "C5-2025": [ - "OIS-05.01B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "DEV-08.02B" - ], - "NIST-CSF-1.1": [ - "cm_2", - "am_1", - "ra_5", - "sc_4", - "ip_12" - ], - "CIS-3.0": [ - "3.3" - ], - "ENS-RD2022": [ - "op.exp.1.aws.cfg.1", - "op.exp.1.aws.cfg.2", - "op.exp.3.aws.cfg.1", - "op.exp.3.r3.aws.cfg.1", - "op.mon.3.r2.aws.cfg.1", - "op.mon.3.r6.aws.cfg.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "3.3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "2.4", - "2.4.a", - "10.5", - "10.5.2", - "11.5", - "11.5.a", - "11.5.b" - ], - "CIS-5.0": [ - "3.3" - ], - "CIS-1.4": [ - "3.5" - ], - "GxP-EU-Annex-11": [ - "10-change-and-configuration-management", - "4.5-validation-development-quality", - "4.6-validation-quality-performance" - ], - "ProwlerThreatScore-1.0": [ - "3.3.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "Config.1" - ], - "CIS-1.5": [ - "3.5" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.22" - ], - "AWS-Account-Security-Onboarding": [ - "Enable continuous recording for most of the resources", - "Confirm that records are present in central aggregator" - ], - "KISA-ISMS-P-2023": [ - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1190", - "T1078", - "T1204", - "T1098", - "T1136", - "T1525", - "T1562", - "T1110", - "T1040", - "T1119", - "T1530", - "T1485", - "T1486", - "T1491", - "T1499", - "T1496", - "T1498" - ], - "CIS-2.0": [ - "3.5" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "**AWS accounts** have **AWS Config recorders** active and healthy in each Region. It identifies Regions with no recorder, a disabled recorder, or a recorder in a failure state.", - "title": "AWS Config recorder is enabled and not in failure state or disabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-config_recorder_all_regions_enabled-211203495394-ap-southeast-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-southeast-1", - "data": { - "details": "", - "metadata": { - "name": "211203495394", - "role_arn": "", - "recording": null, - "last_status": null, - "region": "ap-southeast-1" - } - }, - "group": { - "name": "config" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:config:ap-southeast-1:211203495394:recorder" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-southeast-1" - }, - "remediation": { - "desc": "Enable **AWS Config** in every Region with continuous recording and maintain healthy recorder status.", - "references": [ - "https://hub.prowler.com/check/config_recorder_all_regions_enabled" - ] - }, - "risk_details": "**Gaps in Config recording** create **blind spots**. Changes in unmonitored Regions aren't captured, weakening **integrity** and **auditability**. Adversaries can alter resources or stage assets unnoticed, enabling misconfigurations and delaying **incident response**.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "AWS Config recorder 211203495394 is disabled.", - "metadata": { - "event_code": "config_recorder_all_regions_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "AWS Config recorder 211203495394 is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "logging", - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://repost.aws/es/questions/QUGcgeerhcTamRkwgdwh_tLQ/enable-aws-config", - "https://www.tenable.com/audits/items/CIS_Amazon_Web_Services_Foundations_v1.5.0_L2.audit:6a5136528bd329139e5969f8f1e5ffbc", - "https://aws.amazon.com/blogs/mt/aws-config-best-practices/" - ], - "notes": "", - "compliance": { - "HIPAA": [ - "164_308_a_1_ii_a" - ], - "SOC2": [ - "cc_2_1", - "cc_3_1", - "cc_3_4", - "cc_8_1" - ], - "C5-2025": [ - "OIS-05.01B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "DEV-08.02B" - ], - "NIST-CSF-1.1": [ - "cm_2", - "am_1", - "ra_5", - "sc_4", - "ip_12" - ], - "CIS-3.0": [ - "3.3" - ], - "ENS-RD2022": [ - "op.exp.1.aws.cfg.1", - "op.exp.1.aws.cfg.2", - "op.exp.3.aws.cfg.1", - "op.exp.3.r3.aws.cfg.1", - "op.mon.3.r2.aws.cfg.1", - "op.mon.3.r6.aws.cfg.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "3.3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "2.4", - "2.4.a", - "10.5", - "10.5.2", - "11.5", - "11.5.a", - "11.5.b" - ], - "CIS-5.0": [ - "3.3" - ], - "CIS-1.4": [ - "3.5" - ], - "GxP-EU-Annex-11": [ - "10-change-and-configuration-management", - "4.5-validation-development-quality", - "4.6-validation-quality-performance" - ], - "ProwlerThreatScore-1.0": [ - "3.3.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "Config.1" - ], - "CIS-1.5": [ - "3.5" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.22" - ], - "AWS-Account-Security-Onboarding": [ - "Enable continuous recording for most of the resources", - "Confirm that records are present in central aggregator" - ], - "KISA-ISMS-P-2023": [ - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1190", - "T1078", - "T1204", - "T1098", - "T1136", - "T1525", - "T1562", - "T1110", - "T1040", - "T1119", - "T1530", - "T1485", - "T1486", - "T1491", - "T1499", - "T1496", - "T1498" - ], - "CIS-2.0": [ - "3.5" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "**AWS accounts** have **AWS Config recorders** active and healthy in each Region. It identifies Regions with no recorder, a disabled recorder, or a recorder in a failure state.", - "title": "AWS Config recorder is enabled and not in failure state or disabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-config_recorder_all_regions_enabled-211203495394-ap-southeast-2-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-southeast-2", - "data": { - "details": "", - "metadata": { - "name": "211203495394", - "role_arn": "", - "recording": null, - "last_status": null, - "region": "ap-southeast-2" - } - }, - "group": { - "name": "config" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:config:ap-southeast-2:211203495394:recorder" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-southeast-2" - }, - "remediation": { - "desc": "Enable **AWS Config** in every Region with continuous recording and maintain healthy recorder status.", - "references": [ - "https://hub.prowler.com/check/config_recorder_all_regions_enabled" - ] - }, - "risk_details": "**Gaps in Config recording** create **blind spots**. Changes in unmonitored Regions aren't captured, weakening **integrity** and **auditability**. Adversaries can alter resources or stage assets unnoticed, enabling misconfigurations and delaying **incident response**.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "AWS Config recorder 211203495394 is disabled.", - "metadata": { - "event_code": "config_recorder_all_regions_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "AWS Config recorder 211203495394 is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "logging", - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://repost.aws/es/questions/QUGcgeerhcTamRkwgdwh_tLQ/enable-aws-config", - "https://www.tenable.com/audits/items/CIS_Amazon_Web_Services_Foundations_v1.5.0_L2.audit:6a5136528bd329139e5969f8f1e5ffbc", - "https://aws.amazon.com/blogs/mt/aws-config-best-practices/" - ], - "notes": "", - "compliance": { - "HIPAA": [ - "164_308_a_1_ii_a" - ], - "SOC2": [ - "cc_2_1", - "cc_3_1", - "cc_3_4", - "cc_8_1" - ], - "C5-2025": [ - "OIS-05.01B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "DEV-08.02B" - ], - "NIST-CSF-1.1": [ - "cm_2", - "am_1", - "ra_5", - "sc_4", - "ip_12" - ], - "CIS-3.0": [ - "3.3" - ], - "ENS-RD2022": [ - "op.exp.1.aws.cfg.1", - "op.exp.1.aws.cfg.2", - "op.exp.3.aws.cfg.1", - "op.exp.3.r3.aws.cfg.1", - "op.mon.3.r2.aws.cfg.1", - "op.mon.3.r6.aws.cfg.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "3.3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "2.4", - "2.4.a", - "10.5", - "10.5.2", - "11.5", - "11.5.a", - "11.5.b" - ], - "CIS-5.0": [ - "3.3" - ], - "CIS-1.4": [ - "3.5" - ], - "GxP-EU-Annex-11": [ - "10-change-and-configuration-management", - "4.5-validation-development-quality", - "4.6-validation-quality-performance" - ], - "ProwlerThreatScore-1.0": [ - "3.3.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "Config.1" - ], - "CIS-1.5": [ - "3.5" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.22" - ], - "AWS-Account-Security-Onboarding": [ - "Enable continuous recording for most of the resources", - "Confirm that records are present in central aggregator" - ], - "KISA-ISMS-P-2023": [ - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1190", - "T1078", - "T1204", - "T1098", - "T1136", - "T1525", - "T1562", - "T1110", - "T1040", - "T1119", - "T1530", - "T1485", - "T1486", - "T1491", - "T1499", - "T1496", - "T1498" - ], - "CIS-2.0": [ - "3.5" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "**AWS accounts** have **AWS Config recorders** active and healthy in each Region. It identifies Regions with no recorder, a disabled recorder, or a recorder in a failure state.", - "title": "AWS Config recorder is enabled and not in failure state or disabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-config_recorder_all_regions_enabled-211203495394-ca-central-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ca-central-1", - "data": { - "details": "", - "metadata": { - "name": "211203495394", - "role_arn": "", - "recording": null, - "last_status": null, - "region": "ca-central-1" - } - }, - "group": { - "name": "config" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:config:ca-central-1:211203495394:recorder" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ca-central-1" - }, - "remediation": { - "desc": "Enable **AWS Config** in every Region with continuous recording and maintain healthy recorder status.", - "references": [ - "https://hub.prowler.com/check/config_recorder_all_regions_enabled" - ] - }, - "risk_details": "**Gaps in Config recording** create **blind spots**. Changes in unmonitored Regions aren't captured, weakening **integrity** and **auditability**. Adversaries can alter resources or stage assets unnoticed, enabling misconfigurations and delaying **incident response**.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "AWS Config recorder 211203495394 is disabled.", - "metadata": { - "event_code": "config_recorder_all_regions_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "AWS Config recorder 211203495394 is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "logging", - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://repost.aws/es/questions/QUGcgeerhcTamRkwgdwh_tLQ/enable-aws-config", - "https://www.tenable.com/audits/items/CIS_Amazon_Web_Services_Foundations_v1.5.0_L2.audit:6a5136528bd329139e5969f8f1e5ffbc", - "https://aws.amazon.com/blogs/mt/aws-config-best-practices/" - ], - "notes": "", - "compliance": { - "HIPAA": [ - "164_308_a_1_ii_a" - ], - "SOC2": [ - "cc_2_1", - "cc_3_1", - "cc_3_4", - "cc_8_1" - ], - "C5-2025": [ - "OIS-05.01B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "DEV-08.02B" - ], - "NIST-CSF-1.1": [ - "cm_2", - "am_1", - "ra_5", - "sc_4", - "ip_12" - ], - "CIS-3.0": [ - "3.3" - ], - "ENS-RD2022": [ - "op.exp.1.aws.cfg.1", - "op.exp.1.aws.cfg.2", - "op.exp.3.aws.cfg.1", - "op.exp.3.r3.aws.cfg.1", - "op.mon.3.r2.aws.cfg.1", - "op.mon.3.r6.aws.cfg.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "3.3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "2.4", - "2.4.a", - "10.5", - "10.5.2", - "11.5", - "11.5.a", - "11.5.b" - ], - "CIS-5.0": [ - "3.3" - ], - "CIS-1.4": [ - "3.5" - ], - "GxP-EU-Annex-11": [ - "10-change-and-configuration-management", - "4.5-validation-development-quality", - "4.6-validation-quality-performance" - ], - "ProwlerThreatScore-1.0": [ - "3.3.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "Config.1" - ], - "CIS-1.5": [ - "3.5" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.22" - ], - "AWS-Account-Security-Onboarding": [ - "Enable continuous recording for most of the resources", - "Confirm that records are present in central aggregator" - ], - "KISA-ISMS-P-2023": [ - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1190", - "T1078", - "T1204", - "T1098", - "T1136", - "T1525", - "T1562", - "T1110", - "T1040", - "T1119", - "T1530", - "T1485", - "T1486", - "T1491", - "T1499", - "T1496", - "T1498" - ], - "CIS-2.0": [ - "3.5" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "**AWS accounts** have **AWS Config recorders** active and healthy in each Region. It identifies Regions with no recorder, a disabled recorder, or a recorder in a failure state.", - "title": "AWS Config recorder is enabled and not in failure state or disabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-config_recorder_all_regions_enabled-211203495394-eu-central-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-central-1", - "data": { - "details": "", - "metadata": { - "name": "211203495394", - "role_arn": "", - "recording": null, - "last_status": null, - "region": "eu-central-1" - } - }, - "group": { - "name": "config" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:config:eu-central-1:211203495394:recorder" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-central-1" - }, - "remediation": { - "desc": "Enable **AWS Config** in every Region with continuous recording and maintain healthy recorder status.", - "references": [ - "https://hub.prowler.com/check/config_recorder_all_regions_enabled" - ] - }, - "risk_details": "**Gaps in Config recording** create **blind spots**. Changes in unmonitored Regions aren't captured, weakening **integrity** and **auditability**. Adversaries can alter resources or stage assets unnoticed, enabling misconfigurations and delaying **incident response**.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "AWS Config recorder 211203495394 is disabled.", - "metadata": { - "event_code": "config_recorder_all_regions_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "AWS Config recorder 211203495394 is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "logging", - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://repost.aws/es/questions/QUGcgeerhcTamRkwgdwh_tLQ/enable-aws-config", - "https://www.tenable.com/audits/items/CIS_Amazon_Web_Services_Foundations_v1.5.0_L2.audit:6a5136528bd329139e5969f8f1e5ffbc", - "https://aws.amazon.com/blogs/mt/aws-config-best-practices/" - ], - "notes": "", - "compliance": { - "HIPAA": [ - "164_308_a_1_ii_a" - ], - "SOC2": [ - "cc_2_1", - "cc_3_1", - "cc_3_4", - "cc_8_1" - ], - "C5-2025": [ - "OIS-05.01B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "DEV-08.02B" - ], - "NIST-CSF-1.1": [ - "cm_2", - "am_1", - "ra_5", - "sc_4", - "ip_12" - ], - "CIS-3.0": [ - "3.3" - ], - "ENS-RD2022": [ - "op.exp.1.aws.cfg.1", - "op.exp.1.aws.cfg.2", - "op.exp.3.aws.cfg.1", - "op.exp.3.r3.aws.cfg.1", - "op.mon.3.r2.aws.cfg.1", - "op.mon.3.r6.aws.cfg.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "3.3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "2.4", - "2.4.a", - "10.5", - "10.5.2", - "11.5", - "11.5.a", - "11.5.b" - ], - "CIS-5.0": [ - "3.3" - ], - "CIS-1.4": [ - "3.5" - ], - "GxP-EU-Annex-11": [ - "10-change-and-configuration-management", - "4.5-validation-development-quality", - "4.6-validation-quality-performance" - ], - "ProwlerThreatScore-1.0": [ - "3.3.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "Config.1" - ], - "CIS-1.5": [ - "3.5" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.22" - ], - "AWS-Account-Security-Onboarding": [ - "Enable continuous recording for most of the resources", - "Confirm that records are present in central aggregator" - ], - "KISA-ISMS-P-2023": [ - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1190", - "T1078", - "T1204", - "T1098", - "T1136", - "T1525", - "T1562", - "T1110", - "T1040", - "T1119", - "T1530", - "T1485", - "T1486", - "T1491", - "T1499", - "T1496", - "T1498" - ], - "CIS-2.0": [ - "3.5" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "**AWS accounts** have **AWS Config recorders** active and healthy in each Region. It identifies Regions with no recorder, a disabled recorder, or a recorder in a failure state.", - "title": "AWS Config recorder is enabled and not in failure state or disabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-config_recorder_all_regions_enabled-211203495394-eu-north-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-north-1", - "data": { - "details": "", - "metadata": { - "name": "211203495394", - "role_arn": "", - "recording": null, - "last_status": null, - "region": "eu-north-1" - } - }, - "group": { - "name": "config" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:config:eu-north-1:211203495394:recorder" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-north-1" - }, - "remediation": { - "desc": "Enable **AWS Config** in every Region with continuous recording and maintain healthy recorder status.", - "references": [ - "https://hub.prowler.com/check/config_recorder_all_regions_enabled" - ] - }, - "risk_details": "**Gaps in Config recording** create **blind spots**. Changes in unmonitored Regions aren't captured, weakening **integrity** and **auditability**. Adversaries can alter resources or stage assets unnoticed, enabling misconfigurations and delaying **incident response**.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "AWS Config recorder 211203495394 is disabled.", - "metadata": { - "event_code": "config_recorder_all_regions_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "AWS Config recorder 211203495394 is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "logging", - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://repost.aws/es/questions/QUGcgeerhcTamRkwgdwh_tLQ/enable-aws-config", - "https://www.tenable.com/audits/items/CIS_Amazon_Web_Services_Foundations_v1.5.0_L2.audit:6a5136528bd329139e5969f8f1e5ffbc", - "https://aws.amazon.com/blogs/mt/aws-config-best-practices/" - ], - "notes": "", - "compliance": { - "HIPAA": [ - "164_308_a_1_ii_a" - ], - "SOC2": [ - "cc_2_1", - "cc_3_1", - "cc_3_4", - "cc_8_1" - ], - "C5-2025": [ - "OIS-05.01B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "DEV-08.02B" - ], - "NIST-CSF-1.1": [ - "cm_2", - "am_1", - "ra_5", - "sc_4", - "ip_12" - ], - "CIS-3.0": [ - "3.3" - ], - "ENS-RD2022": [ - "op.exp.1.aws.cfg.1", - "op.exp.1.aws.cfg.2", - "op.exp.3.aws.cfg.1", - "op.exp.3.r3.aws.cfg.1", - "op.mon.3.r2.aws.cfg.1", - "op.mon.3.r6.aws.cfg.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "3.3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "2.4", - "2.4.a", - "10.5", - "10.5.2", - "11.5", - "11.5.a", - "11.5.b" - ], - "CIS-5.0": [ - "3.3" - ], - "CIS-1.4": [ - "3.5" - ], - "GxP-EU-Annex-11": [ - "10-change-and-configuration-management", - "4.5-validation-development-quality", - "4.6-validation-quality-performance" - ], - "ProwlerThreatScore-1.0": [ - "3.3.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "Config.1" - ], - "CIS-1.5": [ - "3.5" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.22" - ], - "AWS-Account-Security-Onboarding": [ - "Enable continuous recording for most of the resources", - "Confirm that records are present in central aggregator" - ], - "KISA-ISMS-P-2023": [ - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1190", - "T1078", - "T1204", - "T1098", - "T1136", - "T1525", - "T1562", - "T1110", - "T1040", - "T1119", - "T1530", - "T1485", - "T1486", - "T1491", - "T1499", - "T1496", - "T1498" - ], - "CIS-2.0": [ - "3.5" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "**AWS accounts** have **AWS Config recorders** active and healthy in each Region. It identifies Regions with no recorder, a disabled recorder, or a recorder in a failure state.", - "title": "AWS Config recorder is enabled and not in failure state or disabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-config_recorder_all_regions_enabled-211203495394-eu-west-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "name": "211203495394", - "role_arn": "", - "recording": null, - "last_status": null, - "region": "eu-west-1" - } - }, - "group": { - "name": "config" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:config:eu-west-1:211203495394:recorder" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Enable **AWS Config** in every Region with continuous recording and maintain healthy recorder status.", - "references": [ - "https://hub.prowler.com/check/config_recorder_all_regions_enabled" - ] - }, - "risk_details": "**Gaps in Config recording** create **blind spots**. Changes in unmonitored Regions aren't captured, weakening **integrity** and **auditability**. Adversaries can alter resources or stage assets unnoticed, enabling misconfigurations and delaying **incident response**.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "AWS Config recorder 211203495394 is disabled.", - "metadata": { - "event_code": "config_recorder_all_regions_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "AWS Config recorder 211203495394 is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "logging", - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://repost.aws/es/questions/QUGcgeerhcTamRkwgdwh_tLQ/enable-aws-config", - "https://www.tenable.com/audits/items/CIS_Amazon_Web_Services_Foundations_v1.5.0_L2.audit:6a5136528bd329139e5969f8f1e5ffbc", - "https://aws.amazon.com/blogs/mt/aws-config-best-practices/" - ], - "notes": "", - "compliance": { - "HIPAA": [ - "164_308_a_1_ii_a" - ], - "SOC2": [ - "cc_2_1", - "cc_3_1", - "cc_3_4", - "cc_8_1" - ], - "C5-2025": [ - "OIS-05.01B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "DEV-08.02B" - ], - "NIST-CSF-1.1": [ - "cm_2", - "am_1", - "ra_5", - "sc_4", - "ip_12" - ], - "CIS-3.0": [ - "3.3" - ], - "ENS-RD2022": [ - "op.exp.1.aws.cfg.1", - "op.exp.1.aws.cfg.2", - "op.exp.3.aws.cfg.1", - "op.exp.3.r3.aws.cfg.1", - "op.mon.3.r2.aws.cfg.1", - "op.mon.3.r6.aws.cfg.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "3.3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "2.4", - "2.4.a", - "10.5", - "10.5.2", - "11.5", - "11.5.a", - "11.5.b" - ], - "CIS-5.0": [ - "3.3" - ], - "CIS-1.4": [ - "3.5" - ], - "GxP-EU-Annex-11": [ - "10-change-and-configuration-management", - "4.5-validation-development-quality", - "4.6-validation-quality-performance" - ], - "ProwlerThreatScore-1.0": [ - "3.3.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "Config.1" - ], - "CIS-1.5": [ - "3.5" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.22" - ], - "AWS-Account-Security-Onboarding": [ - "Enable continuous recording for most of the resources", - "Confirm that records are present in central aggregator" - ], - "KISA-ISMS-P-2023": [ - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1190", - "T1078", - "T1204", - "T1098", - "T1136", - "T1525", - "T1562", - "T1110", - "T1040", - "T1119", - "T1530", - "T1485", - "T1486", - "T1491", - "T1499", - "T1496", - "T1498" - ], - "CIS-2.0": [ - "3.5" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "**AWS accounts** have **AWS Config recorders** active and healthy in each Region. It identifies Regions with no recorder, a disabled recorder, or a recorder in a failure state.", - "title": "AWS Config recorder is enabled and not in failure state or disabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-config_recorder_all_regions_enabled-211203495394-eu-west-2-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-2", - "data": { - "details": "", - "metadata": { - "name": "211203495394", - "role_arn": "", - "recording": null, - "last_status": null, - "region": "eu-west-2" - } - }, - "group": { - "name": "config" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:config:eu-west-2:211203495394:recorder" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-2" - }, - "remediation": { - "desc": "Enable **AWS Config** in every Region with continuous recording and maintain healthy recorder status.", - "references": [ - "https://hub.prowler.com/check/config_recorder_all_regions_enabled" - ] - }, - "risk_details": "**Gaps in Config recording** create **blind spots**. Changes in unmonitored Regions aren't captured, weakening **integrity** and **auditability**. Adversaries can alter resources or stage assets unnoticed, enabling misconfigurations and delaying **incident response**.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "AWS Config recorder 211203495394 is disabled.", - "metadata": { - "event_code": "config_recorder_all_regions_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "AWS Config recorder 211203495394 is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "logging", - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://repost.aws/es/questions/QUGcgeerhcTamRkwgdwh_tLQ/enable-aws-config", - "https://www.tenable.com/audits/items/CIS_Amazon_Web_Services_Foundations_v1.5.0_L2.audit:6a5136528bd329139e5969f8f1e5ffbc", - "https://aws.amazon.com/blogs/mt/aws-config-best-practices/" - ], - "notes": "", - "compliance": { - "HIPAA": [ - "164_308_a_1_ii_a" - ], - "SOC2": [ - "cc_2_1", - "cc_3_1", - "cc_3_4", - "cc_8_1" - ], - "C5-2025": [ - "OIS-05.01B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "DEV-08.02B" - ], - "NIST-CSF-1.1": [ - "cm_2", - "am_1", - "ra_5", - "sc_4", - "ip_12" - ], - "CIS-3.0": [ - "3.3" - ], - "ENS-RD2022": [ - "op.exp.1.aws.cfg.1", - "op.exp.1.aws.cfg.2", - "op.exp.3.aws.cfg.1", - "op.exp.3.r3.aws.cfg.1", - "op.mon.3.r2.aws.cfg.1", - "op.mon.3.r6.aws.cfg.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "3.3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "2.4", - "2.4.a", - "10.5", - "10.5.2", - "11.5", - "11.5.a", - "11.5.b" - ], - "CIS-5.0": [ - "3.3" - ], - "CIS-1.4": [ - "3.5" - ], - "GxP-EU-Annex-11": [ - "10-change-and-configuration-management", - "4.5-validation-development-quality", - "4.6-validation-quality-performance" - ], - "ProwlerThreatScore-1.0": [ - "3.3.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "Config.1" - ], - "CIS-1.5": [ - "3.5" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.22" - ], - "AWS-Account-Security-Onboarding": [ - "Enable continuous recording for most of the resources", - "Confirm that records are present in central aggregator" - ], - "KISA-ISMS-P-2023": [ - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1190", - "T1078", - "T1204", - "T1098", - "T1136", - "T1525", - "T1562", - "T1110", - "T1040", - "T1119", - "T1530", - "T1485", - "T1486", - "T1491", - "T1499", - "T1496", - "T1498" - ], - "CIS-2.0": [ - "3.5" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "**AWS accounts** have **AWS Config recorders** active and healthy in each Region. It identifies Regions with no recorder, a disabled recorder, or a recorder in a failure state.", - "title": "AWS Config recorder is enabled and not in failure state or disabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-config_recorder_all_regions_enabled-211203495394-eu-west-3-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-3", - "data": { - "details": "", - "metadata": { - "name": "211203495394", - "role_arn": "", - "recording": null, - "last_status": null, - "region": "eu-west-3" - } - }, - "group": { - "name": "config" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:config:eu-west-3:211203495394:recorder" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-3" - }, - "remediation": { - "desc": "Enable **AWS Config** in every Region with continuous recording and maintain healthy recorder status.", - "references": [ - "https://hub.prowler.com/check/config_recorder_all_regions_enabled" - ] - }, - "risk_details": "**Gaps in Config recording** create **blind spots**. Changes in unmonitored Regions aren't captured, weakening **integrity** and **auditability**. Adversaries can alter resources or stage assets unnoticed, enabling misconfigurations and delaying **incident response**.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "AWS Config recorder 211203495394 is disabled.", - "metadata": { - "event_code": "config_recorder_all_regions_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "AWS Config recorder 211203495394 is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "logging", - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://repost.aws/es/questions/QUGcgeerhcTamRkwgdwh_tLQ/enable-aws-config", - "https://www.tenable.com/audits/items/CIS_Amazon_Web_Services_Foundations_v1.5.0_L2.audit:6a5136528bd329139e5969f8f1e5ffbc", - "https://aws.amazon.com/blogs/mt/aws-config-best-practices/" - ], - "notes": "", - "compliance": { - "HIPAA": [ - "164_308_a_1_ii_a" - ], - "SOC2": [ - "cc_2_1", - "cc_3_1", - "cc_3_4", - "cc_8_1" - ], - "C5-2025": [ - "OIS-05.01B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "DEV-08.02B" - ], - "NIST-CSF-1.1": [ - "cm_2", - "am_1", - "ra_5", - "sc_4", - "ip_12" - ], - "CIS-3.0": [ - "3.3" - ], - "ENS-RD2022": [ - "op.exp.1.aws.cfg.1", - "op.exp.1.aws.cfg.2", - "op.exp.3.aws.cfg.1", - "op.exp.3.r3.aws.cfg.1", - "op.mon.3.r2.aws.cfg.1", - "op.mon.3.r6.aws.cfg.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "3.3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "2.4", - "2.4.a", - "10.5", - "10.5.2", - "11.5", - "11.5.a", - "11.5.b" - ], - "CIS-5.0": [ - "3.3" - ], - "CIS-1.4": [ - "3.5" - ], - "GxP-EU-Annex-11": [ - "10-change-and-configuration-management", - "4.5-validation-development-quality", - "4.6-validation-quality-performance" - ], - "ProwlerThreatScore-1.0": [ - "3.3.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "Config.1" - ], - "CIS-1.5": [ - "3.5" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.22" - ], - "AWS-Account-Security-Onboarding": [ - "Enable continuous recording for most of the resources", - "Confirm that records are present in central aggregator" - ], - "KISA-ISMS-P-2023": [ - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1190", - "T1078", - "T1204", - "T1098", - "T1136", - "T1525", - "T1562", - "T1110", - "T1040", - "T1119", - "T1530", - "T1485", - "T1486", - "T1491", - "T1499", - "T1496", - "T1498" - ], - "CIS-2.0": [ - "3.5" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "**AWS accounts** have **AWS Config recorders** active and healthy in each Region. It identifies Regions with no recorder, a disabled recorder, or a recorder in a failure state.", - "title": "AWS Config recorder is enabled and not in failure state or disabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-config_recorder_all_regions_enabled-211203495394-sa-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "sa-east-1", - "data": { - "details": "", - "metadata": { - "name": "211203495394", - "role_arn": "", - "recording": null, - "last_status": null, - "region": "sa-east-1" - } - }, - "group": { - "name": "config" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:config:sa-east-1:211203495394:recorder" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "sa-east-1" - }, - "remediation": { - "desc": "Enable **AWS Config** in every Region with continuous recording and maintain healthy recorder status.", - "references": [ - "https://hub.prowler.com/check/config_recorder_all_regions_enabled" - ] - }, - "risk_details": "**Gaps in Config recording** create **blind spots**. Changes in unmonitored Regions aren't captured, weakening **integrity** and **auditability**. Adversaries can alter resources or stage assets unnoticed, enabling misconfigurations and delaying **incident response**.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "AWS Config recorder 211203495394 is disabled.", - "metadata": { - "event_code": "config_recorder_all_regions_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "AWS Config recorder 211203495394 is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "logging", - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://repost.aws/es/questions/QUGcgeerhcTamRkwgdwh_tLQ/enable-aws-config", - "https://www.tenable.com/audits/items/CIS_Amazon_Web_Services_Foundations_v1.5.0_L2.audit:6a5136528bd329139e5969f8f1e5ffbc", - "https://aws.amazon.com/blogs/mt/aws-config-best-practices/" - ], - "notes": "", - "compliance": { - "HIPAA": [ - "164_308_a_1_ii_a" - ], - "SOC2": [ - "cc_2_1", - "cc_3_1", - "cc_3_4", - "cc_8_1" - ], - "C5-2025": [ - "OIS-05.01B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "DEV-08.02B" - ], - "NIST-CSF-1.1": [ - "cm_2", - "am_1", - "ra_5", - "sc_4", - "ip_12" - ], - "CIS-3.0": [ - "3.3" - ], - "ENS-RD2022": [ - "op.exp.1.aws.cfg.1", - "op.exp.1.aws.cfg.2", - "op.exp.3.aws.cfg.1", - "op.exp.3.r3.aws.cfg.1", - "op.mon.3.r2.aws.cfg.1", - "op.mon.3.r6.aws.cfg.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "3.3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "2.4", - "2.4.a", - "10.5", - "10.5.2", - "11.5", - "11.5.a", - "11.5.b" - ], - "CIS-5.0": [ - "3.3" - ], - "CIS-1.4": [ - "3.5" - ], - "GxP-EU-Annex-11": [ - "10-change-and-configuration-management", - "4.5-validation-development-quality", - "4.6-validation-quality-performance" - ], - "ProwlerThreatScore-1.0": [ - "3.3.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "Config.1" - ], - "CIS-1.5": [ - "3.5" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.22" - ], - "AWS-Account-Security-Onboarding": [ - "Enable continuous recording for most of the resources", - "Confirm that records are present in central aggregator" - ], - "KISA-ISMS-P-2023": [ - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1190", - "T1078", - "T1204", - "T1098", - "T1136", - "T1525", - "T1562", - "T1110", - "T1040", - "T1119", - "T1530", - "T1485", - "T1486", - "T1491", - "T1499", - "T1496", - "T1498" - ], - "CIS-2.0": [ - "3.5" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "**AWS accounts** have **AWS Config recorders** active and healthy in each Region. It identifies Regions with no recorder, a disabled recorder, or a recorder in a failure state.", - "title": "AWS Config recorder is enabled and not in failure state or disabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-config_recorder_all_regions_enabled-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "211203495394", - "role_arn": "", - "recording": null, - "last_status": null, - "region": "us-east-1" - } - }, - "group": { - "name": "config" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:config:us-east-1:211203495394:recorder" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Enable **AWS Config** in every Region with continuous recording and maintain healthy recorder status.", - "references": [ - "https://hub.prowler.com/check/config_recorder_all_regions_enabled" - ] - }, - "risk_details": "**Gaps in Config recording** create **blind spots**. Changes in unmonitored Regions aren't captured, weakening **integrity** and **auditability**. Adversaries can alter resources or stage assets unnoticed, enabling misconfigurations and delaying **incident response**.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "AWS Config recorder 211203495394 is disabled.", - "metadata": { - "event_code": "config_recorder_all_regions_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "AWS Config recorder 211203495394 is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "logging", - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://repost.aws/es/questions/QUGcgeerhcTamRkwgdwh_tLQ/enable-aws-config", - "https://www.tenable.com/audits/items/CIS_Amazon_Web_Services_Foundations_v1.5.0_L2.audit:6a5136528bd329139e5969f8f1e5ffbc", - "https://aws.amazon.com/blogs/mt/aws-config-best-practices/" - ], - "notes": "", - "compliance": { - "HIPAA": [ - "164_308_a_1_ii_a" - ], - "SOC2": [ - "cc_2_1", - "cc_3_1", - "cc_3_4", - "cc_8_1" - ], - "C5-2025": [ - "OIS-05.01B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "DEV-08.02B" - ], - "NIST-CSF-1.1": [ - "cm_2", - "am_1", - "ra_5", - "sc_4", - "ip_12" - ], - "CIS-3.0": [ - "3.3" - ], - "ENS-RD2022": [ - "op.exp.1.aws.cfg.1", - "op.exp.1.aws.cfg.2", - "op.exp.3.aws.cfg.1", - "op.exp.3.r3.aws.cfg.1", - "op.mon.3.r2.aws.cfg.1", - "op.mon.3.r6.aws.cfg.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "3.3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "2.4", - "2.4.a", - "10.5", - "10.5.2", - "11.5", - "11.5.a", - "11.5.b" - ], - "CIS-5.0": [ - "3.3" - ], - "CIS-1.4": [ - "3.5" - ], - "GxP-EU-Annex-11": [ - "10-change-and-configuration-management", - "4.5-validation-development-quality", - "4.6-validation-quality-performance" - ], - "ProwlerThreatScore-1.0": [ - "3.3.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "Config.1" - ], - "CIS-1.5": [ - "3.5" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.22" - ], - "AWS-Account-Security-Onboarding": [ - "Enable continuous recording for most of the resources", - "Confirm that records are present in central aggregator" - ], - "KISA-ISMS-P-2023": [ - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1190", - "T1078", - "T1204", - "T1098", - "T1136", - "T1525", - "T1562", - "T1110", - "T1040", - "T1119", - "T1530", - "T1485", - "T1486", - "T1491", - "T1499", - "T1496", - "T1498" - ], - "CIS-2.0": [ - "3.5" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "**AWS accounts** have **AWS Config recorders** active and healthy in each Region. It identifies Regions with no recorder, a disabled recorder, or a recorder in a failure state.", - "title": "AWS Config recorder is enabled and not in failure state or disabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-config_recorder_all_regions_enabled-211203495394-us-east-2-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-2", - "data": { - "details": "", - "metadata": { - "name": "211203495394", - "role_arn": "", - "recording": null, - "last_status": null, - "region": "us-east-2" - } - }, - "group": { - "name": "config" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:config:us-east-2:211203495394:recorder" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-2" - }, - "remediation": { - "desc": "Enable **AWS Config** in every Region with continuous recording and maintain healthy recorder status.", - "references": [ - "https://hub.prowler.com/check/config_recorder_all_regions_enabled" - ] - }, - "risk_details": "**Gaps in Config recording** create **blind spots**. Changes in unmonitored Regions aren't captured, weakening **integrity** and **auditability**. Adversaries can alter resources or stage assets unnoticed, enabling misconfigurations and delaying **incident response**.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "AWS Config recorder 211203495394 is disabled.", - "metadata": { - "event_code": "config_recorder_all_regions_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "AWS Config recorder 211203495394 is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "logging", - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://repost.aws/es/questions/QUGcgeerhcTamRkwgdwh_tLQ/enable-aws-config", - "https://www.tenable.com/audits/items/CIS_Amazon_Web_Services_Foundations_v1.5.0_L2.audit:6a5136528bd329139e5969f8f1e5ffbc", - "https://aws.amazon.com/blogs/mt/aws-config-best-practices/" - ], - "notes": "", - "compliance": { - "HIPAA": [ - "164_308_a_1_ii_a" - ], - "SOC2": [ - "cc_2_1", - "cc_3_1", - "cc_3_4", - "cc_8_1" - ], - "C5-2025": [ - "OIS-05.01B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "DEV-08.02B" - ], - "NIST-CSF-1.1": [ - "cm_2", - "am_1", - "ra_5", - "sc_4", - "ip_12" - ], - "CIS-3.0": [ - "3.3" - ], - "ENS-RD2022": [ - "op.exp.1.aws.cfg.1", - "op.exp.1.aws.cfg.2", - "op.exp.3.aws.cfg.1", - "op.exp.3.r3.aws.cfg.1", - "op.mon.3.r2.aws.cfg.1", - "op.mon.3.r6.aws.cfg.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "3.3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "2.4", - "2.4.a", - "10.5", - "10.5.2", - "11.5", - "11.5.a", - "11.5.b" - ], - "CIS-5.0": [ - "3.3" - ], - "CIS-1.4": [ - "3.5" - ], - "GxP-EU-Annex-11": [ - "10-change-and-configuration-management", - "4.5-validation-development-quality", - "4.6-validation-quality-performance" - ], - "ProwlerThreatScore-1.0": [ - "3.3.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "Config.1" - ], - "CIS-1.5": [ - "3.5" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.22" - ], - "AWS-Account-Security-Onboarding": [ - "Enable continuous recording for most of the resources", - "Confirm that records are present in central aggregator" - ], - "KISA-ISMS-P-2023": [ - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1190", - "T1078", - "T1204", - "T1098", - "T1136", - "T1525", - "T1562", - "T1110", - "T1040", - "T1119", - "T1530", - "T1485", - "T1486", - "T1491", - "T1499", - "T1496", - "T1498" - ], - "CIS-2.0": [ - "3.5" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "**AWS accounts** have **AWS Config recorders** active and healthy in each Region. It identifies Regions with no recorder, a disabled recorder, or a recorder in a failure state.", - "title": "AWS Config recorder is enabled and not in failure state or disabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-config_recorder_all_regions_enabled-211203495394-us-west-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-west-1", - "data": { - "details": "", - "metadata": { - "name": "211203495394", - "role_arn": "", - "recording": null, - "last_status": null, - "region": "us-west-1" - } - }, - "group": { - "name": "config" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:config:us-west-1:211203495394:recorder" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-west-1" - }, - "remediation": { - "desc": "Enable **AWS Config** in every Region with continuous recording and maintain healthy recorder status.", - "references": [ - "https://hub.prowler.com/check/config_recorder_all_regions_enabled" - ] - }, - "risk_details": "**Gaps in Config recording** create **blind spots**. Changes in unmonitored Regions aren't captured, weakening **integrity** and **auditability**. Adversaries can alter resources or stage assets unnoticed, enabling misconfigurations and delaying **incident response**.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "AWS Config recorder 211203495394 is disabled.", - "metadata": { - "event_code": "config_recorder_all_regions_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "AWS Config recorder 211203495394 is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "logging", - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://repost.aws/es/questions/QUGcgeerhcTamRkwgdwh_tLQ/enable-aws-config", - "https://www.tenable.com/audits/items/CIS_Amazon_Web_Services_Foundations_v1.5.0_L2.audit:6a5136528bd329139e5969f8f1e5ffbc", - "https://aws.amazon.com/blogs/mt/aws-config-best-practices/" - ], - "notes": "", - "compliance": { - "HIPAA": [ - "164_308_a_1_ii_a" - ], - "SOC2": [ - "cc_2_1", - "cc_3_1", - "cc_3_4", - "cc_8_1" - ], - "C5-2025": [ - "OIS-05.01B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "DEV-08.02B" - ], - "NIST-CSF-1.1": [ - "cm_2", - "am_1", - "ra_5", - "sc_4", - "ip_12" - ], - "CIS-3.0": [ - "3.3" - ], - "ENS-RD2022": [ - "op.exp.1.aws.cfg.1", - "op.exp.1.aws.cfg.2", - "op.exp.3.aws.cfg.1", - "op.exp.3.r3.aws.cfg.1", - "op.mon.3.r2.aws.cfg.1", - "op.mon.3.r6.aws.cfg.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "3.3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "2.4", - "2.4.a", - "10.5", - "10.5.2", - "11.5", - "11.5.a", - "11.5.b" - ], - "CIS-5.0": [ - "3.3" - ], - "CIS-1.4": [ - "3.5" - ], - "GxP-EU-Annex-11": [ - "10-change-and-configuration-management", - "4.5-validation-development-quality", - "4.6-validation-quality-performance" - ], - "ProwlerThreatScore-1.0": [ - "3.3.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "Config.1" - ], - "CIS-1.5": [ - "3.5" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.22" - ], - "AWS-Account-Security-Onboarding": [ - "Enable continuous recording for most of the resources", - "Confirm that records are present in central aggregator" - ], - "KISA-ISMS-P-2023": [ - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1190", - "T1078", - "T1204", - "T1098", - "T1136", - "T1525", - "T1562", - "T1110", - "T1040", - "T1119", - "T1530", - "T1485", - "T1486", - "T1491", - "T1499", - "T1496", - "T1498" - ], - "CIS-2.0": [ - "3.5" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "**AWS accounts** have **AWS Config recorders** active and healthy in each Region. It identifies Regions with no recorder, a disabled recorder, or a recorder in a failure state.", - "title": "AWS Config recorder is enabled and not in failure state or disabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-config_recorder_all_regions_enabled-211203495394-us-west-2-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-west-2", - "data": { - "details": "", - "metadata": { - "name": "211203495394", - "role_arn": "", - "recording": null, - "last_status": null, - "region": "us-west-2" - } - }, - "group": { - "name": "config" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:config:us-west-2:211203495394:recorder" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-west-2" - }, - "remediation": { - "desc": "Enable **AWS Config** in every Region with continuous recording and maintain healthy recorder status.", - "references": [ - "https://hub.prowler.com/check/config_recorder_all_regions_enabled" - ] - }, - "risk_details": "**Gaps in Config recording** create **blind spots**. Changes in unmonitored Regions aren't captured, weakening **integrity** and **auditability**. Adversaries can alter resources or stage assets unnoticed, enabling misconfigurations and delaying **incident response**.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Network ACL ex-rds-default has every port open to the Internet.", - "metadata": { - "event_code": "ec2_networkacl_allow_ingress_any_port", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Network ACL ex-rds-default has every port open to the Internet.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Infrastructure Security", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_1", - "3_1_2", - "3_1_3", - "3_1_14", - "3_1_20", - "3_4_1", - "3_4_7", - "3_13_1", - "3_13_2", - "3_13_5", - "3_13_6" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_1_3", - "annex_i_5_1" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_312_e_1" - ], - "SOC2": [ - "cc_6_6" - ], - "C5-2025": [ - "PI-01.01AC" - ], - "NIST-CSF-1.1": [ - "ae_1", - "ac_3", - "ac_5", - "pt_4" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-4", - "ac-17-1", - "ac-21-b", - "cm-2", - "sc-4", - "sc-7-3", - "sc-7" - ], - "CIS-3.0": [ - "5.1" - ], - "NIST-800-53-Revision-5": [ - "ac_4_21", - "ac_17_b", - "ac_17_1", - "ac_17_4_a", - "ac_17_9", - "ac_17_10", - "cm_2_a", - "cm_2_2", - "cm_6_a", - "cm_7_b", - "cm_8_6", - "cm_9_b", - "sc_7_5", - "sc_7_7", - "sc_7_11", - "sc_7_12", - "sc_7_16", - "sc_7_21", - "sc_7_24_b", - "sc_7_25", - "sc_7_26", - "sc_7_27", - "sc_7_28", - "sc_7_a", - "sc_7_c" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.1", - "2.10.2" - ], - "CIS-4.0.1": [ - "5.2" - ], - "FedRAMP-Low-Revision-4": [ - "ac-17", - "cm-2", - "sc-7" - ], - "FFIEC": [ - "d3-pc-am-b-10", - "d3-pc-im-b-1", - "d3-pc-im-b-2", - "d3-pc-im-b-6", - "d4-c-co-b-2" - ], - "CIS-5.0": [ - "5.2" - ], - "CIS-1.4": [ - "5.1" - ], - "CCC": [ - "CCC.MLDE.CN07.AR02", - "CCC.Core.CN05.AR05" - ], - "GxP-21-CFR-Part-11": [ - "11.10-d", - "11.10-g", - "11.10-k" - ], - "ProwlerThreatScore-1.0": [ - "2.1.3" - ], - "CIS-1.5": [ - "5.1" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP03" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "NIST-800-53-Revision-4": [ - "ac_4", - "cm_2", - "sc_7_3", - "sc_7" - ], - "KISA-ISMS-P-2023": [ - "2.6.1", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1199", - "T1048", - "T1499", - "T1498", - "T1046" - ], - "CIS-2.0": [ - "5.1" - ], - "CISA": [ - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure no Network ACLs allow ingress from 0.0.0.0/0 to any port.", - "title": "Ensure no Network ACLs allow ingress from 0.0.0.0/0 to any port.", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-ec2_networkacl_allow_ingress_any_port-211203495394-eu-west-1-acl-082a37cbcfccab639" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "acl-082a37cbcfccab639", - "arn": "arn:aws:ec2:eu-west-1:211203495394:network-acl/acl-082a37cbcfccab639", - "name": "ex-rds-default", - "region": "eu-west-1", - "entries": [ - { - "CidrBlock": "0.0.0.0/0", - "Egress": true, - "Protocol": "-1", - "RuleAction": "allow", - "RuleNumber": 100 - }, - { - "Egress": true, - "Ipv6CidrBlock": "::/0", - "Protocol": "-1", - "RuleAction": "allow", - "RuleNumber": 101 - }, - { - "CidrBlock": "0.0.0.0/0", - "Egress": true, - "Protocol": "-1", - "RuleAction": "deny", - "RuleNumber": 32767 - }, - { - "CidrBlock": "0.0.0.0/0", - "Egress": false, - "Protocol": "-1", - "RuleAction": "allow", - "RuleNumber": 100 - }, - { - "Egress": false, - "Ipv6CidrBlock": "::/0", - "Protocol": "-1", - "RuleAction": "allow", - "RuleNumber": 101 - }, - { - "CidrBlock": "0.0.0.0/0", - "Egress": false, - "Protocol": "-1", - "RuleAction": "deny", - "RuleNumber": 32767 - } - ], - "default": true, - "in_use": true, - "tags": [ - { - "Key": "GithubRepo", - "Value": "terraform-aws-rds-aurora" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Name", - "Value": "ex-rds-default" - }, - { - "Key": "Example", - "Value": "ex-rds" - } - ] - } - }, - "group": { - "name": "ec2" - }, - "labels": [ - "GithubRepo:terraform-aws-rds-aurora", - "GithubOrg:terraform-aws-modules", - "Name:ex-rds-default", - "Example:ex-rds" - ], - "name": "acl-082a37cbcfccab639", - "type": "AwsEc2NetworkAcl", - "uid": "arn:aws:ec2:eu-west-1:211203495394:network-acl/acl-082a37cbcfccab639" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required.", - "references": [ - "https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html" - ] - }, - "risk_details": "Even having a perimeter firewall, having network acls open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Network ACL ex-rds-default has SSH port 22 open to the Internet.", - "metadata": { - "event_code": "ec2_networkacl_allow_ingress_tcp_port_22", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Network ACL ex-rds-default has SSH port 22 open to the Internet.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_6_6" - ], - "C5-2025": [ - "PI-01.01AC" - ], - "CIS-3.0": [ - "5.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.1", - "2.6.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "5.2" - ], - "PCI-3.2.1": [ - "1.2", - "1.2.1", - "1.2.1.a", - "1.2.1.b", - "1.2.1.c", - "1.2.3", - "1.2.3.b", - "1.3", - "1.3.2" - ], - "CIS-5.0": [ - "5.2" - ], - "CIS-1.4": [ - "5.1" - ], - "CCC": [ - "CCC.MLDE.CN04.AR02", - "CCC.MLDE.CN07.AR02", - "CCC.Core.CN01.AR02", - "CCC.Core.CN05.AR05" - ], - "ProwlerThreatScore-1.0": [ - "2.1.3" - ], - "AWS-Foundational-Security-Best-Practices": [ - "EC2.21" - ], - "CIS-1.5": [ - "5.1" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP02", - "SEC05-BP03" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "KISA-ISMS-P-2023": [ - "2.6.1", - "2.6.6", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1199", - "T1048", - "T1499", - "T1498", - "T1046" - ], - "CIS-2.0": [ - "5.1" - ], - "NIS2": [ - "6.7.2.g" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure no Network ACLs allow ingress from 0.0.0.0/0 to SSH port 22", - "title": "Ensure no Network ACLs allow ingress from 0.0.0.0/0 to SSH port 22", - "types": [ - "Infrastructure Security" - ], - "uid": "prowler-aws-ec2_networkacl_allow_ingress_tcp_port_22-211203495394-eu-west-1-acl-082a37cbcfccab639" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "acl-082a37cbcfccab639", - "arn": "arn:aws:ec2:eu-west-1:211203495394:network-acl/acl-082a37cbcfccab639", - "name": "ex-rds-default", - "region": "eu-west-1", - "entries": [ - { - "CidrBlock": "0.0.0.0/0", - "Egress": true, - "Protocol": "-1", - "RuleAction": "allow", - "RuleNumber": 100 - }, - { - "Egress": true, - "Ipv6CidrBlock": "::/0", - "Protocol": "-1", - "RuleAction": "allow", - "RuleNumber": 101 - }, - { - "CidrBlock": "0.0.0.0/0", - "Egress": true, - "Protocol": "-1", - "RuleAction": "deny", - "RuleNumber": 32767 - }, - { - "CidrBlock": "0.0.0.0/0", - "Egress": false, - "Protocol": "-1", - "RuleAction": "allow", - "RuleNumber": 100 - }, - { - "Egress": false, - "Ipv6CidrBlock": "::/0", - "Protocol": "-1", - "RuleAction": "allow", - "RuleNumber": 101 - }, - { - "CidrBlock": "0.0.0.0/0", - "Egress": false, - "Protocol": "-1", - "RuleAction": "deny", - "RuleNumber": 32767 - } - ], - "default": true, - "in_use": true, - "tags": [ - { - "Key": "GithubRepo", - "Value": "terraform-aws-rds-aurora" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Name", - "Value": "ex-rds-default" - }, - { - "Key": "Example", - "Value": "ex-rds" - } - ] - } - }, - "group": { - "name": "ec2" - }, - "labels": [ - "GithubRepo:terraform-aws-rds-aurora", - "GithubOrg:terraform-aws-modules", - "Name:ex-rds-default", - "Example:ex-rds" - ], - "name": "acl-082a37cbcfccab639", - "type": "AwsEc2NetworkAcl", - "uid": "arn:aws:ec2:eu-west-1:211203495394:network-acl/acl-082a37cbcfccab639" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required.", - "references": [ - "https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html" - ] - }, - "risk_details": "Even having a perimeter firewall, having network acls open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Network ACL ex-rds-default has Microsoft RDP port 3389 open to the Internet.", - "metadata": { - "event_code": "ec2_networkacl_allow_ingress_tcp_port_3389", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Network ACL ex-rds-default has Microsoft RDP port 3389 open to the Internet.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_6_6" - ], - "C5-2025": [ - "PI-01.01AC" - ], - "CIS-3.0": [ - "5.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.1", - "2.6.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "5.2" - ], - "PCI-4.0": [ - "1.2.8.21", - "1.3.1.24", - "1.3.2.24", - "1.4.2.22", - "1.5.1.21", - "A1.1.3.21" - ], - "PCI-3.2.1": [ - "1.2", - "1.2.1", - "1.2.1.a", - "1.2.1.b", - "1.2.1.c", - "1.2.3", - "1.2.3.b", - "1.3", - "1.3.2" - ], - "CIS-5.0": [ - "5.2" - ], - "CIS-1.4": [ - "5.1" - ], - "CCC": [ - "CCC.MLDE.CN07.AR02", - "CCC.Core.CN05.AR05" - ], - "ProwlerThreatScore-1.0": [ - "2.1.3" - ], - "AWS-Foundational-Security-Best-Practices": [ - "EC2.21" - ], - "CIS-1.5": [ - "5.1" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP03" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "KISA-ISMS-P-2023": [ - "2.6.1", - "2.6.6", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1199", - "T1048", - "T1499", - "T1498", - "T1046" - ], - "CIS-2.0": [ - "5.1" - ], - "NIS2": [ - "6.7.2.g" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure no Network ACLs allow ingress from 0.0.0.0/0 to Microsoft RDP port 3389", - "title": "Ensure no Network ACLs allow ingress from 0.0.0.0/0 to Microsoft RDP port 3389", - "types": [ - "Infrastructure Security" - ], - "uid": "prowler-aws-ec2_networkacl_allow_ingress_tcp_port_3389-211203495394-eu-west-1-acl-082a37cbcfccab639" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "acl-082a37cbcfccab639", - "arn": "arn:aws:ec2:eu-west-1:211203495394:network-acl/acl-082a37cbcfccab639", - "name": "ex-rds-default", - "region": "eu-west-1", - "entries": [ - { - "CidrBlock": "0.0.0.0/0", - "Egress": true, - "Protocol": "-1", - "RuleAction": "allow", - "RuleNumber": 100 - }, - { - "Egress": true, - "Ipv6CidrBlock": "::/0", - "Protocol": "-1", - "RuleAction": "allow", - "RuleNumber": 101 - }, - { - "CidrBlock": "0.0.0.0/0", - "Egress": true, - "Protocol": "-1", - "RuleAction": "deny", - "RuleNumber": 32767 - }, - { - "CidrBlock": "0.0.0.0/0", - "Egress": false, - "Protocol": "-1", - "RuleAction": "allow", - "RuleNumber": 100 - }, - { - "Egress": false, - "Ipv6CidrBlock": "::/0", - "Protocol": "-1", - "RuleAction": "allow", - "RuleNumber": 101 - }, - { - "CidrBlock": "0.0.0.0/0", - "Egress": false, - "Protocol": "-1", - "RuleAction": "deny", - "RuleNumber": 32767 - } - ], - "default": true, - "in_use": true, - "tags": [ - { - "Key": "GithubRepo", - "Value": "terraform-aws-rds-aurora" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Name", - "Value": "ex-rds-default" - }, - { - "Key": "Example", - "Value": "ex-rds" - } - ] - } - }, - "group": { - "name": "ec2" - }, - "labels": [ - "GithubRepo:terraform-aws-rds-aurora", - "GithubOrg:terraform-aws-modules", - "Name:ex-rds-default", - "Example:ex-rds" - ], - "name": "acl-082a37cbcfccab639", - "type": "AwsEc2NetworkAcl", - "uid": "arn:aws:ec2:eu-west-1:211203495394:network-acl/acl-082a37cbcfccab639" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required.", - "references": [ - "https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html" - ] - }, - "risk_details": "Even having a perimeter firewall, having network acls open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Security group ex-rds-20251019171856241300000005 (sg-0c3aaf7337434df0c) was not created using the EC2 Launch Wizard.", - "metadata": { - "event_code": "ec2_securitygroup_from_launch_wizard", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Security group ex-rds-20251019171856241300000005 (sg-0c3aaf7337434df0c) was not created using the EC2 Launch Wizard.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.com.1.aws.sg.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP03" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "KISA-ISMS-P-2023": [ - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Security Groups created by EC2 Launch Wizard.", - "title": "Security Groups created by EC2 Launch Wizard.", - "types": [ - "Infrastructure Security" - ], - "uid": "prowler-aws-ec2_securitygroup_from_launch_wizard-211203495394-eu-west-1-sg-0c3aaf7337434df0c" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "ex-rds-20251019171856241300000005", - "metadata": { - "name": "ex-rds-20251019171856241300000005", - "region": "eu-west-1", - "arn": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-0c3aaf7337434df0c", - "id": "sg-0c3aaf7337434df0c", - "vpc_id": "vpc-0db221deba515d6c7", - "associated_sgs": [], - "network_interfaces": [], - "ingress_rules": [ - { - "IpProtocol": "tcp", - "FromPort": 5432, - "ToPort": 5432, - "UserIdGroupPairs": [], - "IpRanges": [ - { - "CidrIp": "10.0.3.0/24" - }, - { - "CidrIp": "10.0.4.0/24" - }, - { - "CidrIp": "10.0.5.0/24" - } - ], - "Ipv6Ranges": [], - "PrefixListIds": [] - } - ], - "egress_rules": [ - { - "IpProtocol": "tcp", - "FromPort": 5432, - "ToPort": 5432, - "UserIdGroupPairs": [], - "IpRanges": [ - { - "Description": "Egress to corporate printer closet", - "CidrIp": "10.33.0.0/28" - } - ], - "Ipv6Ranges": [], - "PrefixListIds": [] - } - ], - "tags": [ - { - "Key": "Name", - "Value": "ex-rds" - }, - { - "Key": "Example", - "Value": "ex-rds" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-rds-aurora" - } - ] - } - }, - "group": { - "name": "ec2" - }, - "labels": [ - "Name:ex-rds", - "Example:ex-rds", - "GithubOrg:terraform-aws-modules", - "GithubRepo:terraform-aws-rds-aurora" - ], - "name": "sg-0c3aaf7337434df0c", - "type": "AwsEc2SecurityGroup", - "uid": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-0c3aaf7337434df0c" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group.", - "references": [ - "https://docs.aws.amazon.com/eks/latest/userguide/sec-group-reqs.html" - ] - }, - "risk_details": "Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Security group default (sg-098d463ddc66b09b5) was not created using the EC2 Launch Wizard.", - "metadata": { - "event_code": "ec2_securitygroup_from_launch_wizard", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Security group default (sg-098d463ddc66b09b5) was not created using the EC2 Launch Wizard.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.com.1.aws.sg.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP03" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "KISA-ISMS-P-2023": [ - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Security Groups created by EC2 Launch Wizard.", - "title": "Security Groups created by EC2 Launch Wizard.", - "types": [ - "Infrastructure Security" - ], - "uid": "prowler-aws-ec2_securitygroup_from_launch_wizard-211203495394-eu-west-1-sg-098d463ddc66b09b5" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "default", - "metadata": { - "name": "default", - "region": "eu-west-1", - "arn": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-098d463ddc66b09b5", - "id": "sg-098d463ddc66b09b5", - "vpc_id": "vpc-0db221deba515d6c7", - "associated_sgs": [], - "network_interfaces": [], - "ingress_rules": [], - "egress_rules": [], - "tags": [ - { - "Key": "Example", - "Value": "ex-rds" - }, - { - "Key": "Name", - "Value": "ex-rds-default" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-rds-aurora" - } - ] - } - }, - "group": { - "name": "ec2" - }, - "labels": [ - "Example:ex-rds", - "Name:ex-rds-default", - "GithubOrg:terraform-aws-modules", - "GithubRepo:terraform-aws-rds-aurora" - ], - "name": "sg-098d463ddc66b09b5", - "type": "AwsEc2SecurityGroup", - "uid": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-098d463ddc66b09b5" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group.", - "references": [ - "https://docs.aws.amazon.com/eks/latest/userguide/sec-group-reqs.html" - ] - }, - "risk_details": "Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Security group ex-rds-20251019171856241300000005 (sg-0c3aaf7337434df0c) it is not being used.", - "metadata": { - "event_code": "ec2_securitygroup_not_used", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "Security group ex-rds-20251019171856241300000005 (sg-0c3aaf7337434df0c) it is not being used.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.com.1.aws.sg.3" - ], - "AWS-Foundational-Technical-Review": [ - "NETSEC-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2" - ], - "AWS-Foundational-Security-Best-Practices": [ - "EC2.22" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP03" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "KISA-ISMS-P-2023": [ - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure there are no Security Groups not being used.", - "title": "Ensure there are no Security Groups not being used.", - "types": [ - "Infrastructure Security" - ], - "uid": "prowler-aws-ec2_securitygroup_not_used-211203495394-eu-west-1-sg-0c3aaf7337434df0c" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "ex-rds-20251019171856241300000005", - "metadata": { - "name": "ex-rds-20251019171856241300000005", - "region": "eu-west-1", - "arn": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-0c3aaf7337434df0c", - "id": "sg-0c3aaf7337434df0c", - "vpc_id": "vpc-0db221deba515d6c7", - "associated_sgs": [], - "network_interfaces": [], - "ingress_rules": [ - { - "IpProtocol": "tcp", - "FromPort": 5432, - "ToPort": 5432, - "UserIdGroupPairs": [], - "IpRanges": [ - { - "CidrIp": "10.0.3.0/24" - }, - { - "CidrIp": "10.0.4.0/24" - }, - { - "CidrIp": "10.0.5.0/24" - } - ], - "Ipv6Ranges": [], - "PrefixListIds": [] - } - ], - "egress_rules": [ - { - "IpProtocol": "tcp", - "FromPort": 5432, - "ToPort": 5432, - "UserIdGroupPairs": [], - "IpRanges": [ - { - "Description": "Egress to corporate printer closet", - "CidrIp": "10.33.0.0/28" - } - ], - "Ipv6Ranges": [], - "PrefixListIds": [] - } - ], - "tags": [ - { - "Key": "Name", - "Value": "ex-rds" - }, - { - "Key": "Example", - "Value": "ex-rds" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-rds-aurora" - } - ] - } - }, - "group": { - "name": "ec2" - }, - "labels": [ - "Name:ex-rds", - "Example:ex-rds", - "GithubOrg:terraform-aws-modules", - "GithubRepo:terraform-aws-rds-aurora" - ], - "name": "sg-0c3aaf7337434df0c", - "type": "AwsEc2SecurityGroup", - "uid": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-0c3aaf7337434df0c" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "List all the security groups and then use the cli to check if they are attached to an instance.", - "references": [ - "https://aws.amazon.com/premiumsupport/knowledge-center/ec2-find-security-group-resources/" - ] - }, - "risk_details": "Having clear definition and scope for Security Groups creates a better administration environment.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Security group ex-rds-20251019171856241300000005 (sg-0c3aaf7337434df0c) has 1 inbound rules and 1 outbound rules.", - "metadata": { - "event_code": "ec2_securitygroup_with_many_ingress_egress_rules", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Security group ex-rds-20251019171856241300000005 (sg-0c3aaf7337434df0c) has 1 inbound rules and 1 outbound rules.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "AWS-Foundational-Technical-Review": [ - "NETSEC-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP03" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "KISA-ISMS-P-2023": [ - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Find security groups with more than 50 ingress or egress rules.", - "title": "Find security groups with more than 50 ingress or egress rules.", - "types": [ - "Infrastructure Security" - ], - "uid": "prowler-aws-ec2_securitygroup_with_many_ingress_egress_rules-211203495394-eu-west-1-sg-0c3aaf7337434df0c" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "ex-rds-20251019171856241300000005", - "metadata": { - "name": "ex-rds-20251019171856241300000005", - "region": "eu-west-1", - "arn": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-0c3aaf7337434df0c", - "id": "sg-0c3aaf7337434df0c", - "vpc_id": "vpc-0db221deba515d6c7", - "associated_sgs": [], - "network_interfaces": [], - "ingress_rules": [ - { - "IpProtocol": "tcp", - "FromPort": 5432, - "ToPort": 5432, - "UserIdGroupPairs": [], - "IpRanges": [ - { - "CidrIp": "10.0.3.0/24" - }, - { - "CidrIp": "10.0.4.0/24" - }, - { - "CidrIp": "10.0.5.0/24" - } - ], - "Ipv6Ranges": [], - "PrefixListIds": [] - } - ], - "egress_rules": [ - { - "IpProtocol": "tcp", - "FromPort": 5432, - "ToPort": 5432, - "UserIdGroupPairs": [], - "IpRanges": [ - { - "Description": "Egress to corporate printer closet", - "CidrIp": "10.33.0.0/28" - } - ], - "Ipv6Ranges": [], - "PrefixListIds": [] - } - ], - "tags": [ - { - "Key": "Name", - "Value": "ex-rds" - }, - { - "Key": "Example", - "Value": "ex-rds" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-rds-aurora" - } - ] - } - }, - "group": { - "name": "ec2" - }, - "labels": [ - "Name:ex-rds", - "Example:ex-rds", - "GithubOrg:terraform-aws-modules", - "GithubRepo:terraform-aws-rds-aurora" - ], - "name": "sg-0c3aaf7337434df0c", - "type": "AwsEc2SecurityGroup", - "uid": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-0c3aaf7337434df0c" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", - "references": [ - "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" - ] - }, - "risk_details": "If Security groups are not properly configured the attack surface is increased.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Security group default (sg-098d463ddc66b09b5) has 0 inbound rules and 0 outbound rules.", - "metadata": { - "event_code": "ec2_securitygroup_with_many_ingress_egress_rules", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Security group default (sg-098d463ddc66b09b5) has 0 inbound rules and 0 outbound rules.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "AWS-Foundational-Technical-Review": [ - "NETSEC-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP03" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "KISA-ISMS-P-2023": [ - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Find security groups with more than 50 ingress or egress rules.", - "title": "Find security groups with more than 50 ingress or egress rules.", - "types": [ - "Infrastructure Security" - ], - "uid": "prowler-aws-ec2_securitygroup_with_many_ingress_egress_rules-211203495394-eu-west-1-sg-098d463ddc66b09b5" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "default", - "metadata": { - "name": "default", - "region": "eu-west-1", - "arn": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-098d463ddc66b09b5", - "id": "sg-098d463ddc66b09b5", - "vpc_id": "vpc-0db221deba515d6c7", - "associated_sgs": [], - "network_interfaces": [], - "ingress_rules": [], - "egress_rules": [], - "tags": [ - { - "Key": "Example", - "Value": "ex-rds" - }, - { - "Key": "Name", - "Value": "ex-rds-default" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-rds-aurora" - } - ] - } - }, - "group": { - "name": "ec2" - }, - "labels": [ - "Example:ex-rds", - "Name:ex-rds-default", - "GithubOrg:terraform-aws-modules", - "GithubRepo:terraform-aws-rds-aurora" - ], - "name": "sg-098d463ddc66b09b5", - "type": "AwsEc2SecurityGroup", - "uid": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-098d463ddc66b09b5" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", - "references": [ - "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" - ] - }, - "risk_details": "If Security groups are not properly configured the attack surface is increased.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default does not allow cross-account access.", - "metadata": { - "event_code": "eventbridge_bus_cross_account_access", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default does not allow cross-account access.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OPS-13.03AC", - "IAM-10.01B", - "COS-04.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "CCC": [ - "CCC.Core.CN05.AR03" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "title": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "types": [], - "uid": "prowler-aws-eventbridge_bus_cross_account_access-211203495394-ap-northeast-1-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-northeast-1", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:ap-northeast-1:211203495394:event-bus/default", - "region": "ap-northeast-1", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:ap-northeast-1:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-northeast-1" - }, - "remediation": { - "desc": "To remediate this issue, remove the unknown cross-account access for delivery of events from the AWS EventBridge event bus.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If an AWS EventBridge event bus allows unknown cross-account access for delivery of events, it can lead to unauthorized access to the event bus and its events.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default does not allow cross-account access.", - "metadata": { - "event_code": "eventbridge_bus_cross_account_access", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default does not allow cross-account access.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OPS-13.03AC", - "IAM-10.01B", - "COS-04.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "CCC": [ - "CCC.Core.CN05.AR03" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "title": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "types": [], - "uid": "prowler-aws-eventbridge_bus_cross_account_access-211203495394-ap-northeast-2-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-northeast-2", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:ap-northeast-2:211203495394:event-bus/default", - "region": "ap-northeast-2", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:ap-northeast-2:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-northeast-2" - }, - "remediation": { - "desc": "To remediate this issue, remove the unknown cross-account access for delivery of events from the AWS EventBridge event bus.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If an AWS EventBridge event bus allows unknown cross-account access for delivery of events, it can lead to unauthorized access to the event bus and its events.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default does not allow cross-account access.", - "metadata": { - "event_code": "eventbridge_bus_cross_account_access", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default does not allow cross-account access.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OPS-13.03AC", - "IAM-10.01B", - "COS-04.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "CCC": [ - "CCC.Core.CN05.AR03" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "title": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "types": [], - "uid": "prowler-aws-eventbridge_bus_cross_account_access-211203495394-ap-northeast-3-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-northeast-3", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:ap-northeast-3:211203495394:event-bus/default", - "region": "ap-northeast-3", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:ap-northeast-3:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-northeast-3" - }, - "remediation": { - "desc": "To remediate this issue, remove the unknown cross-account access for delivery of events from the AWS EventBridge event bus.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If an AWS EventBridge event bus allows unknown cross-account access for delivery of events, it can lead to unauthorized access to the event bus and its events.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default does not allow cross-account access.", - "metadata": { - "event_code": "eventbridge_bus_cross_account_access", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default does not allow cross-account access.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OPS-13.03AC", - "IAM-10.01B", - "COS-04.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "CCC": [ - "CCC.Core.CN05.AR03" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "title": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "types": [], - "uid": "prowler-aws-eventbridge_bus_cross_account_access-211203495394-ap-south-1-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-south-1", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:ap-south-1:211203495394:event-bus/default", - "region": "ap-south-1", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:ap-south-1:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-south-1" - }, - "remediation": { - "desc": "To remediate this issue, remove the unknown cross-account access for delivery of events from the AWS EventBridge event bus.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If an AWS EventBridge event bus allows unknown cross-account access for delivery of events, it can lead to unauthorized access to the event bus and its events.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default does not allow cross-account access.", - "metadata": { - "event_code": "eventbridge_bus_cross_account_access", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default does not allow cross-account access.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OPS-13.03AC", - "IAM-10.01B", - "COS-04.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "CCC": [ - "CCC.Core.CN05.AR03" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "title": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "types": [], - "uid": "prowler-aws-eventbridge_bus_cross_account_access-211203495394-ap-southeast-1-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-southeast-1", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:ap-southeast-1:211203495394:event-bus/default", - "region": "ap-southeast-1", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:ap-southeast-1:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-southeast-1" - }, - "remediation": { - "desc": "To remediate this issue, remove the unknown cross-account access for delivery of events from the AWS EventBridge event bus.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If an AWS EventBridge event bus allows unknown cross-account access for delivery of events, it can lead to unauthorized access to the event bus and its events.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default does not allow cross-account access.", - "metadata": { - "event_code": "eventbridge_bus_cross_account_access", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default does not allow cross-account access.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OPS-13.03AC", - "IAM-10.01B", - "COS-04.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "CCC": [ - "CCC.Core.CN05.AR03" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "title": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "types": [], - "uid": "prowler-aws-eventbridge_bus_cross_account_access-211203495394-ap-southeast-2-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-southeast-2", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:ap-southeast-2:211203495394:event-bus/default", - "region": "ap-southeast-2", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:ap-southeast-2:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-southeast-2" - }, - "remediation": { - "desc": "To remediate this issue, remove the unknown cross-account access for delivery of events from the AWS EventBridge event bus.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If an AWS EventBridge event bus allows unknown cross-account access for delivery of events, it can lead to unauthorized access to the event bus and its events.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default does not allow cross-account access.", - "metadata": { - "event_code": "eventbridge_bus_cross_account_access", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default does not allow cross-account access.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OPS-13.03AC", - "IAM-10.01B", - "COS-04.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "CCC": [ - "CCC.Core.CN05.AR03" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "title": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "types": [], - "uid": "prowler-aws-eventbridge_bus_cross_account_access-211203495394-ca-central-1-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ca-central-1", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:ca-central-1:211203495394:event-bus/default", - "region": "ca-central-1", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:ca-central-1:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ca-central-1" - }, - "remediation": { - "desc": "To remediate this issue, remove the unknown cross-account access for delivery of events from the AWS EventBridge event bus.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If an AWS EventBridge event bus allows unknown cross-account access for delivery of events, it can lead to unauthorized access to the event bus and its events.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default does not allow cross-account access.", - "metadata": { - "event_code": "eventbridge_bus_cross_account_access", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default does not allow cross-account access.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OPS-13.03AC", - "IAM-10.01B", - "COS-04.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "CCC": [ - "CCC.Core.CN05.AR03" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "title": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "types": [], - "uid": "prowler-aws-eventbridge_bus_cross_account_access-211203495394-eu-central-1-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-central-1", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:eu-central-1:211203495394:event-bus/default", - "region": "eu-central-1", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:eu-central-1:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-central-1" - }, - "remediation": { - "desc": "To remediate this issue, remove the unknown cross-account access for delivery of events from the AWS EventBridge event bus.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If an AWS EventBridge event bus allows unknown cross-account access for delivery of events, it can lead to unauthorized access to the event bus and its events.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default does not allow cross-account access.", - "metadata": { - "event_code": "eventbridge_bus_cross_account_access", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default does not allow cross-account access.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OPS-13.03AC", - "IAM-10.01B", - "COS-04.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "CCC": [ - "CCC.Core.CN05.AR03" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "title": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "types": [], - "uid": "prowler-aws-eventbridge_bus_cross_account_access-211203495394-eu-north-1-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-north-1", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:eu-north-1:211203495394:event-bus/default", - "region": "eu-north-1", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:eu-north-1:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-north-1" - }, - "remediation": { - "desc": "To remediate this issue, remove the unknown cross-account access for delivery of events from the AWS EventBridge event bus.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If an AWS EventBridge event bus allows unknown cross-account access for delivery of events, it can lead to unauthorized access to the event bus and its events.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default does not allow cross-account access.", - "metadata": { - "event_code": "eventbridge_bus_cross_account_access", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default does not allow cross-account access.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OPS-13.03AC", - "IAM-10.01B", - "COS-04.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "CCC": [ - "CCC.Core.CN05.AR03" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "title": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "types": [], - "uid": "prowler-aws-eventbridge_bus_cross_account_access-211203495394-eu-west-1-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:eu-west-1:211203495394:event-bus/default", - "region": "eu-west-1", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:eu-west-1:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "To remediate this issue, remove the unknown cross-account access for delivery of events from the AWS EventBridge event bus.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If an AWS EventBridge event bus allows unknown cross-account access for delivery of events, it can lead to unauthorized access to the event bus and its events.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default does not allow cross-account access.", - "metadata": { - "event_code": "eventbridge_bus_cross_account_access", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default does not allow cross-account access.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OPS-13.03AC", - "IAM-10.01B", - "COS-04.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "CCC": [ - "CCC.Core.CN05.AR03" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "title": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "types": [], - "uid": "prowler-aws-eventbridge_bus_cross_account_access-211203495394-eu-west-2-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-2", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:eu-west-2:211203495394:event-bus/default", - "region": "eu-west-2", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:eu-west-2:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-2" - }, - "remediation": { - "desc": "To remediate this issue, remove the unknown cross-account access for delivery of events from the AWS EventBridge event bus.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If an AWS EventBridge event bus allows unknown cross-account access for delivery of events, it can lead to unauthorized access to the event bus and its events.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default does not allow cross-account access.", - "metadata": { - "event_code": "eventbridge_bus_cross_account_access", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default does not allow cross-account access.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OPS-13.03AC", - "IAM-10.01B", - "COS-04.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "CCC": [ - "CCC.Core.CN05.AR03" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "title": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "types": [], - "uid": "prowler-aws-eventbridge_bus_cross_account_access-211203495394-eu-west-3-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-3", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:eu-west-3:211203495394:event-bus/default", - "region": "eu-west-3", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:eu-west-3:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-3" - }, - "remediation": { - "desc": "To remediate this issue, remove the unknown cross-account access for delivery of events from the AWS EventBridge event bus.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If an AWS EventBridge event bus allows unknown cross-account access for delivery of events, it can lead to unauthorized access to the event bus and its events.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default does not allow cross-account access.", - "metadata": { - "event_code": "eventbridge_bus_cross_account_access", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default does not allow cross-account access.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OPS-13.03AC", - "IAM-10.01B", - "COS-04.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "CCC": [ - "CCC.Core.CN05.AR03" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "title": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "types": [], - "uid": "prowler-aws-eventbridge_bus_cross_account_access-211203495394-sa-east-1-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "sa-east-1", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:sa-east-1:211203495394:event-bus/default", - "region": "sa-east-1", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:sa-east-1:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "sa-east-1" - }, - "remediation": { - "desc": "To remediate this issue, remove the unknown cross-account access for delivery of events from the AWS EventBridge event bus.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If an AWS EventBridge event bus allows unknown cross-account access for delivery of events, it can lead to unauthorized access to the event bus and its events.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default does not allow cross-account access.", - "metadata": { - "event_code": "eventbridge_bus_cross_account_access", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default does not allow cross-account access.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OPS-13.03AC", - "IAM-10.01B", - "COS-04.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "CCC": [ - "CCC.Core.CN05.AR03" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "title": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "types": [], - "uid": "prowler-aws-eventbridge_bus_cross_account_access-211203495394-us-east-1-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:us-east-1:211203495394:event-bus/default", - "region": "us-east-1", - "kms_key_id": null, - "policy": {}, - "tags": [ - { - "Key": "Preexisting", - "Value": "20251012" - } - ] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [ - "Preexisting:20251012" - ], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:us-east-1:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "To remediate this issue, remove the unknown cross-account access for delivery of events from the AWS EventBridge event bus.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If an AWS EventBridge event bus allows unknown cross-account access for delivery of events, it can lead to unauthorized access to the event bus and its events.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default does not allow cross-account access.", - "metadata": { - "event_code": "eventbridge_bus_cross_account_access", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default does not allow cross-account access.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OPS-13.03AC", - "IAM-10.01B", - "COS-04.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "CCC": [ - "CCC.Core.CN05.AR03" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "title": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "types": [], - "uid": "prowler-aws-eventbridge_bus_cross_account_access-211203495394-us-east-2-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-2", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:us-east-2:211203495394:event-bus/default", - "region": "us-east-2", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:us-east-2:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-2" - }, - "remediation": { - "desc": "To remediate this issue, remove the unknown cross-account access for delivery of events from the AWS EventBridge event bus.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If an AWS EventBridge event bus allows unknown cross-account access for delivery of events, it can lead to unauthorized access to the event bus and its events.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default does not allow cross-account access.", - "metadata": { - "event_code": "eventbridge_bus_cross_account_access", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default does not allow cross-account access.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OPS-13.03AC", - "IAM-10.01B", - "COS-04.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "CCC": [ - "CCC.Core.CN05.AR03" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "title": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "types": [], - "uid": "prowler-aws-eventbridge_bus_cross_account_access-211203495394-us-west-1-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-west-1", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:us-west-1:211203495394:event-bus/default", - "region": "us-west-1", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:us-west-1:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-west-1" - }, - "remediation": { - "desc": "To remediate this issue, remove the unknown cross-account access for delivery of events from the AWS EventBridge event bus.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If an AWS EventBridge event bus allows unknown cross-account access for delivery of events, it can lead to unauthorized access to the event bus and its events.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default does not allow cross-account access.", - "metadata": { - "event_code": "eventbridge_bus_cross_account_access", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default does not allow cross-account access.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OPS-13.03AC", - "IAM-10.01B", - "COS-04.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "CCC": [ - "CCC.Core.CN05.AR03" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "title": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "types": [], - "uid": "prowler-aws-eventbridge_bus_cross_account_access-211203495394-us-west-2-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-west-2", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:us-west-2:211203495394:event-bus/default", - "region": "us-west-2", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:us-west-2:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-west-2" - }, - "remediation": { - "desc": "To remediate this issue, remove the unknown cross-account access for delivery of events from the AWS EventBridge event bus.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If an AWS EventBridge event bus allows unknown cross-account access for delivery of events, it can lead to unauthorized access to the event bus and its events.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default is not exposed to everyone.", - "metadata": { - "event_code": "eventbridge_bus_exposed", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default is not exposed to everyone.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "KISA-ISMS-P-2023-korean": [ - "2.6.2", - "2.10.2" - ], - "ProwlerThreatScore-1.0": [ - "2.3.13" - ], - "KISA-ISMS-P-2023": [ - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure that your AWS EventBridge event bus is not exposed to everyone.", - "title": "Ensure that your AWS EventBridge event bus is not exposed to everyone", - "types": [], - "uid": "prowler-aws-eventbridge_bus_exposed-211203495394-ap-northeast-1-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-northeast-1", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:ap-northeast-1:211203495394:event-bus/default", - "region": "ap-northeast-1", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:ap-northeast-1:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-northeast-1" - }, - "remediation": { - "desc": "To restrict access to your AWS EventBridge event bus, remove the permission that allows everyone to access it.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If your AWS EventBridge event bus is exposed to everyone, unauthorized users can access your event bus and potentially view or modify your events.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default is not exposed to everyone.", - "metadata": { - "event_code": "eventbridge_bus_exposed", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default is not exposed to everyone.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "KISA-ISMS-P-2023-korean": [ - "2.6.2", - "2.10.2" - ], - "ProwlerThreatScore-1.0": [ - "2.3.13" - ], - "KISA-ISMS-P-2023": [ - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure that your AWS EventBridge event bus is not exposed to everyone.", - "title": "Ensure that your AWS EventBridge event bus is not exposed to everyone", - "types": [], - "uid": "prowler-aws-eventbridge_bus_exposed-211203495394-ap-northeast-2-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-northeast-2", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:ap-northeast-2:211203495394:event-bus/default", - "region": "ap-northeast-2", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:ap-northeast-2:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-northeast-2" - }, - "remediation": { - "desc": "To restrict access to your AWS EventBridge event bus, remove the permission that allows everyone to access it.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If your AWS EventBridge event bus is exposed to everyone, unauthorized users can access your event bus and potentially view or modify your events.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default is not exposed to everyone.", - "metadata": { - "event_code": "eventbridge_bus_exposed", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default is not exposed to everyone.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "KISA-ISMS-P-2023-korean": [ - "2.6.2", - "2.10.2" - ], - "ProwlerThreatScore-1.0": [ - "2.3.13" - ], - "KISA-ISMS-P-2023": [ - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure that your AWS EventBridge event bus is not exposed to everyone.", - "title": "Ensure that your AWS EventBridge event bus is not exposed to everyone", - "types": [], - "uid": "prowler-aws-eventbridge_bus_exposed-211203495394-ap-northeast-3-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-northeast-3", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:ap-northeast-3:211203495394:event-bus/default", - "region": "ap-northeast-3", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:ap-northeast-3:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-northeast-3" - }, - "remediation": { - "desc": "To restrict access to your AWS EventBridge event bus, remove the permission that allows everyone to access it.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If your AWS EventBridge event bus is exposed to everyone, unauthorized users can access your event bus and potentially view or modify your events.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default is not exposed to everyone.", - "metadata": { - "event_code": "eventbridge_bus_exposed", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default is not exposed to everyone.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "KISA-ISMS-P-2023-korean": [ - "2.6.2", - "2.10.2" - ], - "ProwlerThreatScore-1.0": [ - "2.3.13" - ], - "KISA-ISMS-P-2023": [ - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure that your AWS EventBridge event bus is not exposed to everyone.", - "title": "Ensure that your AWS EventBridge event bus is not exposed to everyone", - "types": [], - "uid": "prowler-aws-eventbridge_bus_exposed-211203495394-ap-south-1-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-south-1", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:ap-south-1:211203495394:event-bus/default", - "region": "ap-south-1", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:ap-south-1:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-south-1" - }, - "remediation": { - "desc": "To restrict access to your AWS EventBridge event bus, remove the permission that allows everyone to access it.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If your AWS EventBridge event bus is exposed to everyone, unauthorized users can access your event bus and potentially view or modify your events.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default is not exposed to everyone.", - "metadata": { - "event_code": "eventbridge_bus_exposed", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default is not exposed to everyone.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "KISA-ISMS-P-2023-korean": [ - "2.6.2", - "2.10.2" - ], - "ProwlerThreatScore-1.0": [ - "2.3.13" - ], - "KISA-ISMS-P-2023": [ - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure that your AWS EventBridge event bus is not exposed to everyone.", - "title": "Ensure that your AWS EventBridge event bus is not exposed to everyone", - "types": [], - "uid": "prowler-aws-eventbridge_bus_exposed-211203495394-ap-southeast-1-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-southeast-1", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:ap-southeast-1:211203495394:event-bus/default", - "region": "ap-southeast-1", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:ap-southeast-1:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-southeast-1" - }, - "remediation": { - "desc": "To restrict access to your AWS EventBridge event bus, remove the permission that allows everyone to access it.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If your AWS EventBridge event bus is exposed to everyone, unauthorized users can access your event bus and potentially view or modify your events.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default is not exposed to everyone.", - "metadata": { - "event_code": "eventbridge_bus_exposed", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default is not exposed to everyone.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "KISA-ISMS-P-2023-korean": [ - "2.6.2", - "2.10.2" - ], - "ProwlerThreatScore-1.0": [ - "2.3.13" - ], - "KISA-ISMS-P-2023": [ - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure that your AWS EventBridge event bus is not exposed to everyone.", - "title": "Ensure that your AWS EventBridge event bus is not exposed to everyone", - "types": [], - "uid": "prowler-aws-eventbridge_bus_exposed-211203495394-ap-southeast-2-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-southeast-2", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:ap-southeast-2:211203495394:event-bus/default", - "region": "ap-southeast-2", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:ap-southeast-2:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-southeast-2" - }, - "remediation": { - "desc": "To restrict access to your AWS EventBridge event bus, remove the permission that allows everyone to access it.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If your AWS EventBridge event bus is exposed to everyone, unauthorized users can access your event bus and potentially view or modify your events.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default is not exposed to everyone.", - "metadata": { - "event_code": "eventbridge_bus_exposed", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default is not exposed to everyone.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "KISA-ISMS-P-2023-korean": [ - "2.6.2", - "2.10.2" - ], - "ProwlerThreatScore-1.0": [ - "2.3.13" - ], - "KISA-ISMS-P-2023": [ - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure that your AWS EventBridge event bus is not exposed to everyone.", - "title": "Ensure that your AWS EventBridge event bus is not exposed to everyone", - "types": [], - "uid": "prowler-aws-eventbridge_bus_exposed-211203495394-ca-central-1-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ca-central-1", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:ca-central-1:211203495394:event-bus/default", - "region": "ca-central-1", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:ca-central-1:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ca-central-1" - }, - "remediation": { - "desc": "To restrict access to your AWS EventBridge event bus, remove the permission that allows everyone to access it.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If your AWS EventBridge event bus is exposed to everyone, unauthorized users can access your event bus and potentially view or modify your events.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default is not exposed to everyone.", - "metadata": { - "event_code": "eventbridge_bus_exposed", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default is not exposed to everyone.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "KISA-ISMS-P-2023-korean": [ - "2.6.2", - "2.10.2" - ], - "ProwlerThreatScore-1.0": [ - "2.3.13" - ], - "KISA-ISMS-P-2023": [ - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure that your AWS EventBridge event bus is not exposed to everyone.", - "title": "Ensure that your AWS EventBridge event bus is not exposed to everyone", - "types": [], - "uid": "prowler-aws-eventbridge_bus_exposed-211203495394-eu-central-1-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-central-1", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:eu-central-1:211203495394:event-bus/default", - "region": "eu-central-1", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:eu-central-1:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-central-1" - }, - "remediation": { - "desc": "To restrict access to your AWS EventBridge event bus, remove the permission that allows everyone to access it.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If your AWS EventBridge event bus is exposed to everyone, unauthorized users can access your event bus and potentially view or modify your events.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default is not exposed to everyone.", - "metadata": { - "event_code": "eventbridge_bus_exposed", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default is not exposed to everyone.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "KISA-ISMS-P-2023-korean": [ - "2.6.2", - "2.10.2" - ], - "ProwlerThreatScore-1.0": [ - "2.3.13" - ], - "KISA-ISMS-P-2023": [ - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure that your AWS EventBridge event bus is not exposed to everyone.", - "title": "Ensure that your AWS EventBridge event bus is not exposed to everyone", - "types": [], - "uid": "prowler-aws-eventbridge_bus_exposed-211203495394-eu-north-1-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-north-1", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:eu-north-1:211203495394:event-bus/default", - "region": "eu-north-1", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:eu-north-1:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-north-1" - }, - "remediation": { - "desc": "To restrict access to your AWS EventBridge event bus, remove the permission that allows everyone to access it.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If your AWS EventBridge event bus is exposed to everyone, unauthorized users can access your event bus and potentially view or modify your events.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default is not exposed to everyone.", - "metadata": { - "event_code": "eventbridge_bus_exposed", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default is not exposed to everyone.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "KISA-ISMS-P-2023-korean": [ - "2.6.2", - "2.10.2" - ], - "ProwlerThreatScore-1.0": [ - "2.3.13" - ], - "KISA-ISMS-P-2023": [ - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure that your AWS EventBridge event bus is not exposed to everyone.", - "title": "Ensure that your AWS EventBridge event bus is not exposed to everyone", - "types": [], - "uid": "prowler-aws-eventbridge_bus_exposed-211203495394-eu-west-1-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:eu-west-1:211203495394:event-bus/default", - "region": "eu-west-1", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:eu-west-1:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "To restrict access to your AWS EventBridge event bus, remove the permission that allows everyone to access it.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If your AWS EventBridge event bus is exposed to everyone, unauthorized users can access your event bus and potentially view or modify your events.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default is not exposed to everyone.", - "metadata": { - "event_code": "eventbridge_bus_exposed", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default is not exposed to everyone.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "KISA-ISMS-P-2023-korean": [ - "2.6.2", - "2.10.2" - ], - "ProwlerThreatScore-1.0": [ - "2.3.13" - ], - "KISA-ISMS-P-2023": [ - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure that your AWS EventBridge event bus is not exposed to everyone.", - "title": "Ensure that your AWS EventBridge event bus is not exposed to everyone", - "types": [], - "uid": "prowler-aws-eventbridge_bus_exposed-211203495394-eu-west-2-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-2", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:eu-west-2:211203495394:event-bus/default", - "region": "eu-west-2", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:eu-west-2:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-2" - }, - "remediation": { - "desc": "To restrict access to your AWS EventBridge event bus, remove the permission that allows everyone to access it.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If your AWS EventBridge event bus is exposed to everyone, unauthorized users can access your event bus and potentially view or modify your events.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default is not exposed to everyone.", - "metadata": { - "event_code": "eventbridge_bus_exposed", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default is not exposed to everyone.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "KISA-ISMS-P-2023-korean": [ - "2.6.2", - "2.10.2" - ], - "ProwlerThreatScore-1.0": [ - "2.3.13" - ], - "KISA-ISMS-P-2023": [ - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure that your AWS EventBridge event bus is not exposed to everyone.", - "title": "Ensure that your AWS EventBridge event bus is not exposed to everyone", - "types": [], - "uid": "prowler-aws-eventbridge_bus_exposed-211203495394-eu-west-3-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-3", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:eu-west-3:211203495394:event-bus/default", - "region": "eu-west-3", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:eu-west-3:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-3" - }, - "remediation": { - "desc": "To restrict access to your AWS EventBridge event bus, remove the permission that allows everyone to access it.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If your AWS EventBridge event bus is exposed to everyone, unauthorized users can access your event bus and potentially view or modify your events.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default is not exposed to everyone.", - "metadata": { - "event_code": "eventbridge_bus_exposed", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default is not exposed to everyone.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "KISA-ISMS-P-2023-korean": [ - "2.6.2", - "2.10.2" - ], - "ProwlerThreatScore-1.0": [ - "2.3.13" - ], - "KISA-ISMS-P-2023": [ - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure that your AWS EventBridge event bus is not exposed to everyone.", - "title": "Ensure that your AWS EventBridge event bus is not exposed to everyone", - "types": [], - "uid": "prowler-aws-eventbridge_bus_exposed-211203495394-sa-east-1-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "sa-east-1", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:sa-east-1:211203495394:event-bus/default", - "region": "sa-east-1", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:sa-east-1:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "sa-east-1" - }, - "remediation": { - "desc": "To restrict access to your AWS EventBridge event bus, remove the permission that allows everyone to access it.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If your AWS EventBridge event bus is exposed to everyone, unauthorized users can access your event bus and potentially view or modify your events.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default is not exposed to everyone.", - "metadata": { - "event_code": "eventbridge_bus_exposed", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default is not exposed to everyone.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "KISA-ISMS-P-2023-korean": [ - "2.6.2", - "2.10.2" - ], - "ProwlerThreatScore-1.0": [ - "2.3.13" - ], - "KISA-ISMS-P-2023": [ - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure that your AWS EventBridge event bus is not exposed to everyone.", - "title": "Ensure that your AWS EventBridge event bus is not exposed to everyone", - "types": [], - "uid": "prowler-aws-eventbridge_bus_exposed-211203495394-us-east-1-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:us-east-1:211203495394:event-bus/default", - "region": "us-east-1", - "kms_key_id": null, - "policy": {}, - "tags": [ - { - "Key": "Preexisting", - "Value": "20251012" - } - ] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [ - "Preexisting:20251012" - ], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:us-east-1:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "To restrict access to your AWS EventBridge event bus, remove the permission that allows everyone to access it.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If your AWS EventBridge event bus is exposed to everyone, unauthorized users can access your event bus and potentially view or modify your events.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default is not exposed to everyone.", - "metadata": { - "event_code": "eventbridge_bus_exposed", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default is not exposed to everyone.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "KISA-ISMS-P-2023-korean": [ - "2.6.2", - "2.10.2" - ], - "ProwlerThreatScore-1.0": [ - "2.3.13" - ], - "KISA-ISMS-P-2023": [ - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure that your AWS EventBridge event bus is not exposed to everyone.", - "title": "Ensure that your AWS EventBridge event bus is not exposed to everyone", - "types": [], - "uid": "prowler-aws-eventbridge_bus_exposed-211203495394-us-east-2-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-2", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:us-east-2:211203495394:event-bus/default", - "region": "us-east-2", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:us-east-2:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-2" - }, - "remediation": { - "desc": "To restrict access to your AWS EventBridge event bus, remove the permission that allows everyone to access it.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If your AWS EventBridge event bus is exposed to everyone, unauthorized users can access your event bus and potentially view or modify your events.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default is not exposed to everyone.", - "metadata": { - "event_code": "eventbridge_bus_exposed", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default is not exposed to everyone.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "KISA-ISMS-P-2023-korean": [ - "2.6.2", - "2.10.2" - ], - "ProwlerThreatScore-1.0": [ - "2.3.13" - ], - "KISA-ISMS-P-2023": [ - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure that your AWS EventBridge event bus is not exposed to everyone.", - "title": "Ensure that your AWS EventBridge event bus is not exposed to everyone", - "types": [], - "uid": "prowler-aws-eventbridge_bus_exposed-211203495394-us-west-1-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-west-1", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:us-west-1:211203495394:event-bus/default", - "region": "us-west-1", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:us-west-1:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-west-1" - }, - "remediation": { - "desc": "To restrict access to your AWS EventBridge event bus, remove the permission that allows everyone to access it.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If your AWS EventBridge event bus is exposed to everyone, unauthorized users can access your event bus and potentially view or modify your events.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default is not exposed to everyone.", - "metadata": { - "event_code": "eventbridge_bus_exposed", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default is not exposed to everyone.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "KISA-ISMS-P-2023-korean": [ - "2.6.2", - "2.10.2" - ], - "ProwlerThreatScore-1.0": [ - "2.3.13" - ], - "KISA-ISMS-P-2023": [ - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure that your AWS EventBridge event bus is not exposed to everyone.", - "title": "Ensure that your AWS EventBridge event bus is not exposed to everyone", - "types": [], - "uid": "prowler-aws-eventbridge_bus_exposed-211203495394-us-west-2-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-west-2", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:us-west-2:211203495394:event-bus/default", - "region": "us-west-2", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:us-west-2:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-west-2" - }, - "remediation": { - "desc": "To restrict access to your AWS EventBridge event bus, remove the permission that allows everyone to access it.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If your AWS EventBridge event bus is exposed to everyone, unauthorized users can access your event bus and potentially view or modify your events.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "FMS without any compliant policy for account 211203495394.", - "metadata": { - "event_code": "fms_policy_compliant", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "FMS without any compliant policy for account 211203495394.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/waf/latest/developerguide/getting-started-fms-intro.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "SP-01.04B", - "HR-01.01B", - "IAM-01.01B", - "IAM-01.04B" - ], - "ENS-RD2022": [ - "mp.com.1.aws.nfw.2" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.1", - "2.10.2" - ], - "KISA-ISMS-P-2023": [ - "2.10.1", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "This check ensures all FMS policies inside an admin account are compliant", - "title": "Ensure that all FMS policies inside an admin account are compliant", - "types": [], - "uid": "prowler-aws-fms_policy_compliant-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "fms" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:fms:us-east-1:211203495394:policy" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Ensure FMS is enabled and all the policies are compliant across your AWS accounts", - "references": [ - "https://docs.aws.amazon.com/waf/latest/developerguide/getting-started-fms-intro.html" - ] - }, - "risk_details": "If FMS policies are not compliant, means there are resources unprotected by the policies", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Root user in the account wasn't accessed in the last 1 days.", - "metadata": { - "event_code": "iam_avoid_root_usage", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Root user in the account wasn't accessed in the last 1 days.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-03.01B", - "IAM-03.03B", - "IAM-06.02B", - "IAM-06.04B" - ], - "CIS-3.0": [ - "1.7" - ], - "ENS-RD2022": [ - "op.acc.2.aws.iam.4", - "op.acc.4.aws.iam.7" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.7" - ], - "CIS-5.0": [ - "1.6" - ], - "CIS-1.4": [ - "1.7" - ], - "CCC": [ - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN05.AR02" - ], - "ProwlerThreatScore-1.0": [ - "1.2.5" - ], - "CIS-1.5": [ - "1.7" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC02-BP01" - ], - "ISO27001-2022": [ - "A.5.15" - ], - "AWS-Account-Security-Onboarding": [ - "Block root user" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.10.2" - ], - "ISO27001-2013": [ - "A.9.2", - "A.9.4" - ], - "MITRE-ATTACK": [ - "T1078", - "T1098" - ], - "CIS-2.0": [ - "1.7" - ], - "NIS2": [ - "6.7.2.e", - "11.3.2.b", - "11.3.2.c", - "11.4.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Avoid the use of the root account", - "title": "Avoid the use of the root accounts", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_avoid_root_usage-211203495394-us-east-1-" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "user": "", - "arn": "arn:aws:iam::211203495394:root", - "user_creation_time": "2025-10-03T16:10:08Z", - "password_enabled": "true", - "password_last_used": "2025-10-15T00:42:44Z", - "password_last_changed": "2025-10-03T16:10:08Z", - "password_next_rotation": "not_supported", - "mfa_active": "true", - "access_key_1_active": "false", - "access_key_1_last_rotated": "N/A", - "access_key_1_last_used_date": "N/A", - "access_key_1_last_used_region": "N/A", - "access_key_1_last_used_service": "N/A", - "access_key_2_active": "false", - "access_key_2_last_rotated": "N/A", - "access_key_2_last_used_date": "N/A", - "access_key_2_last_used_region": "N/A", - "access_key_2_last_used_service": "N/A", - "cert_1_active": "false", - "cert_1_last_rotated": "N/A", - "cert_2_active": "false", - "cert_2_last_rotated": "N/A" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "", - "type": "AwsIamUser", - "uid": "arn:aws:iam::211203495394:root" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Follow the remediation instructions of the Ensure IAM policies are attached only to groups or roles recommendation.", - "references": [ - "http://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html" - ] - }, - "risk_details": "The root account has unrestricted access to all resources in the AWS account. It is highly recommended that the use of this account be avoided.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "AWS policy ElastiCacheServiceRolePolicy is attached but does not allow '*:*' administrative privileges.", - "metadata": { - "event_code": "iam_aws_attached_policy_no_administrative_privileges", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "AWS policy ElastiCacheServiceRolePolicy is attached but does not allow '*:*' administrative privileges.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "CAF Security Epic: IAM", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_1", - "3_1_2", - "3_1_4", - "3_1_5", - "3_1_6", - "3_1_7", - "3_4_6", - "3_13_3" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_1" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_308_a_3_i", - "164_308_a_3_ii_b", - "164_308_a_4_i", - "164_308_a_4_ii_b", - "164_308_a_4_ii_c", - "164_312_a_1" - ], - "SOC2": [ - "cc_1_3", - "cc_6_3" - ], - "C5-2025": [ - "OIS-04.03B", - "OIS-04.01AC", - "SP-01.04B", - "HR-01.01B", - "IAM-01.01B", - "IAM-01.04B" - ], - "NIST-CSF-1.1": [ - "ac_1", - "ac_4", - "pt_3" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-1", - "ac-2-f", - "ac-2-j", - "ac-3", - "ac-5-c", - "ac-6-10", - "ac-6", - "sc-2" - ], - "CIS-3.0": [ - "1.16" - ], - "NIST-800-53-Revision-5": [ - "ac_2_1", - "ac_2_6", - "ac_2_i_2", - "ac_3", - "ac_3_3", - "ac_3_3_a", - "ac_3_3_b_1", - "ac_3_3_b_2", - "ac_3_3_b_3", - "ac_3_3_b_4", - "ac_3_3_b_5", - "ac_3_3_c", - "ac_3_4", - "ac_3_4_a", - "ac_3_4_b", - "ac_3_4_c", - "ac_3_4_d", - "ac_3_4_e", - "ac_3_7", - "ac_3_8", - "ac_3_12_a", - "ac_3_13", - "ac_3_15_a", - "ac_3_15_b", - "ac_4_28", - "ac_5_b", - "ac_6", - "ac_6_2", - "ac_6_3", - "ac_6_10", - "ac_24", - "cm_5_1_a", - "cm_6_a", - "cm_9_b", - "mp_2", - "sc_23_3", - "sc_25" - ], - "ENS-RD2022": [ - "op.acc.4.aws.iam.1", - "op.acc.4.aws.iam.2", - "op.acc.4.aws.iam.9", - "op.exp.8.r4.aws.ct.8" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.16" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "ac-3" - ], - "FFIEC": [ - "d3-pc-am-b-1", - "d3-pc-am-b-16", - "d3-pc-am-b-2", - "d3-pc-am-b-3", - "d3-pc-am-b-6", - "d3-pc-im-b-7" - ], - "GDPR": [ - "article_25" - ], - "CIS-5.0": [ - "1.15" - ], - "CIS-1.4": [ - "1.16" - ], - "CCC": [ - "CCC.LB.CN05.AR01", - "CCC.Core.CN05.AR02" - ], - "GxP-21-CFR-Part-11": [ - "11.10-d", - "11.10-g" - ], - "ProwlerThreatScore-1.0": [ - "1.3.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "IAM.1" - ], - "CIS-1.5": [ - "1.16" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC03-BP02" - ], - "ISO27001-2022": [ - "A.5.18", - "A.8.2" - ], - "NIST-800-53-Revision-4": [ - "ac_2", - "ac_3", - "ac_5", - "ac_6", - "sc_2" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1078", - "T1648", - "T1098", - "T1578", - "T1550", - "T1040", - "T1580", - "T1538", - "T1619", - "T1201" - ], - "CIS-2.0": [ - "1.16" - ], - "CISA": [ - "your-systems-3", - "your-surroundings-3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure IAM AWS-Managed policies that allow full \"*:*\" administrative privileges are not attached", - "title": "Ensure IAM AWS-Managed policies that allow full \"*:*\" administrative privileges are not attached", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_aws_attached_policy_no_administrative_privileges-211203495394-us-east-1-ElastiCacheServiceRolePolicy" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "ElastiCacheServiceRolePolicy", - "arn": "arn:aws:iam::aws:policy/aws-service-role/ElastiCacheServiceRolePolicy", - "entity": "ANPAIML5LIBUZBVCSF7PI", - "version_id": "v4", - "type": "AWS", - "attached": true, - "document": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "ElastiCacheManagementActions", - "Effect": "Allow", - "Action": [ - "ec2:AuthorizeSecurityGroupIngress", - "ec2:CreateNetworkInterface", - "ec2:CreateSecurityGroup", - "ec2:DeleteNetworkInterface", - "ec2:DeleteSecurityGroup", - "ec2:DescribeAvailabilityZones", - "ec2:DescribeNetworkInterfaces", - "ec2:DescribeSecurityGroups", - "ec2:DescribeSubnets", - "ec2:DescribeVpcs", - "ec2:DescribeVpcEndpoints", - "ec2:ModifyNetworkInterfaceAttribute", - "ec2:RevokeSecurityGroupIngress", - "cloudwatch:PutMetricData", - "outposts:GetOutpost", - "outposts:GetOutpostInstanceTypes", - "outposts:ListOutposts", - "outposts:ListSites" - ], - "Resource": "*" - }, - { - "Sid": "CreateDeleteVPCEndpoints", - "Effect": "Allow", - "Action": [ - "ec2:CreateVpcEndpoint", - "ec2:DeleteVpcEndpoints" - ], - "Resource": "arn:aws:ec2:*:*:vpc-endpoint/*", - "Condition": { - "StringLike": { - "ec2:VpceServiceName": "com.amazonaws.elasticache.serverless.*" - } - } - }, - { - "Sid": "TagVPCEndpointsOnCreation", - "Effect": "Allow", - "Action": [ - "ec2:CreateTags" - ], - "Resource": "arn:aws:ec2:*:*:vpc-endpoint/*", - "Condition": { - "StringEquals": { - "ec2:CreateAction": "CreateVpcEndpoint", - "aws:RequestTag/AmazonElastiCacheManaged": "true" - } - } - }, - { - "Sid": "ModifyVpcEndpoints", - "Effect": "Allow", - "Action": [ - "ec2:ModifyVpcEndpoint" - ], - "Resource": "arn:aws:ec2:*:*:vpc-endpoint/*", - "Condition": { - "StringEquals": { - "ec2:ResourceTag/AmazonElastiCacheManaged": "true" - } - } - }, - { - "Sid": "AllowAccessToElastiCacheTaggedVpcEndpoints", - "Effect": "Allow", - "Action": [ - "ec2:CreateVpcEndpoint", - "ec2:ModifyVpcEndpoint" - ], - "NotResource": "arn:aws:ec2:*:*:vpc-endpoint/*" - } - ] - }, - "tags": [] - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "ElastiCacheServiceRolePolicy", - "type": "AwsIamPolicy", - "uid": "arn:aws:iam::aws:policy/aws-service-role/ElastiCacheServiceRolePolicy" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "It is more secure to start with a minimum set of permissions and grant additional permissions as necessary, rather than starting with permissions that are too lenient and then trying to tighten them later. List policies an analyze if permissions are the least possible to conduct business activities.", - "references": [ - "http://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html" - ] - }, - "risk_details": "IAM policies are the means by which privileges are granted to users, groups, or roles. It is recommended and considered a standard security advice to grant least privilegeβ€”that is, granting only the permissions required to perform a task. Determine what users need to do and then craft policies for them that let the users perform only those tasks instead of allowing full administrative privileges. Providing full administrative privileges instead of restricting to the minimum set of permissions that the user is required to do exposes the resources to potentially unwanted actions.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "AWS policy AWSTrustedAdvisorServiceRolePolicy is attached but does not allow '*:*' administrative privileges.", - "metadata": { - "event_code": "iam_aws_attached_policy_no_administrative_privileges", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "AWS policy AWSTrustedAdvisorServiceRolePolicy is attached but does not allow '*:*' administrative privileges.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "CAF Security Epic: IAM", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_1", - "3_1_2", - "3_1_4", - "3_1_5", - "3_1_6", - "3_1_7", - "3_4_6", - "3_13_3" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_1" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_308_a_3_i", - "164_308_a_3_ii_b", - "164_308_a_4_i", - "164_308_a_4_ii_b", - "164_308_a_4_ii_c", - "164_312_a_1" - ], - "SOC2": [ - "cc_1_3", - "cc_6_3" - ], - "C5-2025": [ - "OIS-04.03B", - "OIS-04.01AC", - "SP-01.04B", - "HR-01.01B", - "IAM-01.01B", - "IAM-01.04B" - ], - "NIST-CSF-1.1": [ - "ac_1", - "ac_4", - "pt_3" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-1", - "ac-2-f", - "ac-2-j", - "ac-3", - "ac-5-c", - "ac-6-10", - "ac-6", - "sc-2" - ], - "CIS-3.0": [ - "1.16" - ], - "NIST-800-53-Revision-5": [ - "ac_2_1", - "ac_2_6", - "ac_2_i_2", - "ac_3", - "ac_3_3", - "ac_3_3_a", - "ac_3_3_b_1", - "ac_3_3_b_2", - "ac_3_3_b_3", - "ac_3_3_b_4", - "ac_3_3_b_5", - "ac_3_3_c", - "ac_3_4", - "ac_3_4_a", - "ac_3_4_b", - "ac_3_4_c", - "ac_3_4_d", - "ac_3_4_e", - "ac_3_7", - "ac_3_8", - "ac_3_12_a", - "ac_3_13", - "ac_3_15_a", - "ac_3_15_b", - "ac_4_28", - "ac_5_b", - "ac_6", - "ac_6_2", - "ac_6_3", - "ac_6_10", - "ac_24", - "cm_5_1_a", - "cm_6_a", - "cm_9_b", - "mp_2", - "sc_23_3", - "sc_25" - ], - "ENS-RD2022": [ - "op.acc.4.aws.iam.1", - "op.acc.4.aws.iam.2", - "op.acc.4.aws.iam.9", - "op.exp.8.r4.aws.ct.8" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.16" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "ac-3" - ], - "FFIEC": [ - "d3-pc-am-b-1", - "d3-pc-am-b-16", - "d3-pc-am-b-2", - "d3-pc-am-b-3", - "d3-pc-am-b-6", - "d3-pc-im-b-7" - ], - "GDPR": [ - "article_25" - ], - "CIS-5.0": [ - "1.15" - ], - "CIS-1.4": [ - "1.16" - ], - "CCC": [ - "CCC.LB.CN05.AR01", - "CCC.Core.CN05.AR02" - ], - "GxP-21-CFR-Part-11": [ - "11.10-d", - "11.10-g" - ], - "ProwlerThreatScore-1.0": [ - "1.3.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "IAM.1" - ], - "CIS-1.5": [ - "1.16" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC03-BP02" - ], - "ISO27001-2022": [ - "A.5.18", - "A.8.2" - ], - "NIST-800-53-Revision-4": [ - "ac_2", - "ac_3", - "ac_5", - "ac_6", - "sc_2" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1078", - "T1648", - "T1098", - "T1578", - "T1550", - "T1040", - "T1580", - "T1538", - "T1619", - "T1201" - ], - "CIS-2.0": [ - "1.16" - ], - "CISA": [ - "your-systems-3", - "your-surroundings-3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure IAM AWS-Managed policies that allow full \"*:*\" administrative privileges are not attached", - "title": "Ensure IAM AWS-Managed policies that allow full \"*:*\" administrative privileges are not attached", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_aws_attached_policy_no_administrative_privileges-211203495394-us-east-1-AWSTrustedAdvisorServiceRolePolicy" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "AWSTrustedAdvisorServiceRolePolicy", - "arn": "arn:aws:iam::aws:policy/aws-service-role/AWSTrustedAdvisorServiceRolePolicy", - "entity": "ANPAJH4QJ2WMHBOB47BUE", - "version_id": "v14", - "type": "AWS", - "attached": true, - "document": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "TrustedAdvisorServiceRolePermissions", - "Effect": "Allow", - "Action": [ - "access-analyzer:ListAnalyzers", - "autoscaling:DescribeAccountLimits", - "autoscaling:DescribeAutoScalingGroups", - "autoscaling:DescribeLaunchConfigurations", - "ce:GetReservationPurchaseRecommendation", - "ce:GetSavingsPlansPurchaseRecommendation", - "cloudformation:DescribeAccountLimits", - "cloudformation:DescribeStacks", - "cloudformation:ListStacks", - "cloudfront:ListDistributions", - "cloudtrail:DescribeTrails", - "cloudtrail:GetTrailStatus", - "cloudtrail:GetTrail", - "cloudtrail:ListTrails", - "cloudtrail:GetEventSelectors", - "cloudwatch:GetMetricStatistics", - "cloudwatch:ListMetrics", - "dax:DescribeClusters", - "dynamodb:DescribeLimits", - "dynamodb:DescribeTable", - "dynamodb:ListTables", - "ec2:DescribeAddresses", - "ec2:DescribeReservedInstances", - "ec2:DescribeInstances", - "ec2:DescribeVpcs", - "ec2:DescribeInternetGateways", - "ec2:DescribeImages", - "ec2:DescribeNatGateways", - "ec2:DescribeVolumes", - "ec2:DescribeSecurityGroups", - "ec2:DescribeSubnets", - "ec2:DescribeRegions", - "ec2:DescribeReservedInstancesOfferings", - "ec2:DescribeRouteTables", - "ec2:DescribeSnapshots", - "ec2:DescribeVpcEndpoints", - "ec2:DescribeVpnConnections", - "ec2:DescribeVpnGateways", - "ec2:DescribeLaunchTemplateVersions", - "ec2:GetManagedPrefixListEntries", - "ecs:DescribeTaskDefinition", - "ecs:ListTaskDefinitions", - "elasticloadbalancing:DescribeAccountLimits", - "elasticloadbalancing:DescribeInstanceHealth", - "elasticloadbalancing:DescribeLoadBalancerAttributes", - "elasticloadbalancing:DescribeLoadBalancerPolicies", - "elasticloadbalancing:DescribeLoadBalancerPolicyTypes", - "elasticloadbalancing:DescribeLoadBalancers", - "elasticloadbalancing:DescribeListeners", - "elasticloadbalancing:DescribeRules", - "elasticloadbalancing:DescribeTargetGroups", - "elasticloadbalancing:DescribeTargetHealth", - "iam:GenerateCredentialReport", - "iam:GetAccountPasswordPolicy", - "iam:GetAccountSummary", - "iam:GetCredentialReport", - "iam:GetServerCertificate", - "iam:ListServerCertificates", - "iam:ListSAMLProviders", - "kinesis:DescribeLimits", - "kafka:DescribeClusterV2", - "kafka:ListClustersV2", - "kafka:ListNodes", - "network-firewall:ListFirewalls", - "network-firewall:DescribeFirewall", - "outposts:ListAssets", - "outposts:GetOutpost", - "outposts:ListOutposts", - "rds:DescribeAccountAttributes", - "rds:DescribeDBClusters", - "rds:DescribeDBEngineVersions", - "rds:DescribeDBInstances", - "rds:DescribeDBParameterGroups", - "rds:DescribeDBParameters", - "rds:DescribeDBSecurityGroups", - "rds:DescribeDBSnapshots", - "rds:DescribeDBSubnetGroups", - "rds:DescribeEngineDefaultParameters", - "rds:DescribeEvents", - "rds:DescribeOptionGroupOptions", - "rds:DescribeOptionGroups", - "rds:DescribeOrderableDBInstanceOptions", - "rds:DescribeReservedDBInstances", - "rds:DescribeReservedDBInstancesOfferings", - "rds:ListTagsForResource", - "redshift:DescribeClusters", - "redshift:DescribeReservedNodeOfferings", - "redshift:DescribeReservedNodes", - "route53:GetAccountLimit", - "route53:GetHealthCheck", - "route53:GetHostedZone", - "route53:ListHealthChecks", - "route53:ListHostedZones", - "route53:ListHostedZonesByName", - "route53:ListResourceRecordSets", - "route53resolver:ListResolverEndpoints", - "route53resolver:ListResolverEndpointIpAddresses", - "s3:GetAccountPublicAccessBlock", - "s3:GetBucketAcl", - "s3:GetBucketPolicy", - "s3:GetBucketPolicyStatus", - "s3:GetBucketLocation", - "s3:GetBucketLogging", - "s3:GetBucketVersioning", - "s3:GetBucketPublicAccessBlock", - "s3:GetLifecycleConfiguration", - "s3:ListBucket", - "s3:ListAllMyBuckets", - "ses:GetSendQuota", - "sqs:GetQueueAttributes", - "sqs:ListQueues" - ], - "Resource": "*" - } - ] - }, - "tags": [] - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "AWSTrustedAdvisorServiceRolePolicy", - "type": "AwsIamPolicy", - "uid": "arn:aws:iam::aws:policy/aws-service-role/AWSTrustedAdvisorServiceRolePolicy" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "It is more secure to start with a minimum set of permissions and grant additional permissions as necessary, rather than starting with permissions that are too lenient and then trying to tighten them later. List policies an analyze if permissions are the least possible to conduct business activities.", - "references": [ - "http://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html" - ] - }, - "risk_details": "IAM policies are the means by which privileges are granted to users, groups, or roles. It is recommended and considered a standard security advice to grant least privilegeβ€”that is, granting only the permissions required to perform a task. Determine what users need to do and then craft policies for them that let the users perform only those tasks instead of allowing full administrative privileges. Providing full administrative privileges instead of restricting to the minimum set of permissions that the user is required to do exposes the resources to potentially unwanted actions.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "AWS policy AdministratorAccess is attached and allows '*:*' administrative privileges.", - "metadata": { - "event_code": "iam_aws_attached_policy_no_administrative_privileges", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "AWS policy AdministratorAccess is attached and allows '*:*' administrative privileges.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "CAF Security Epic: IAM", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_1", - "3_1_2", - "3_1_4", - "3_1_5", - "3_1_6", - "3_1_7", - "3_4_6", - "3_13_3" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_1" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_308_a_3_i", - "164_308_a_3_ii_b", - "164_308_a_4_i", - "164_308_a_4_ii_b", - "164_308_a_4_ii_c", - "164_312_a_1" - ], - "SOC2": [ - "cc_1_3", - "cc_6_3" - ], - "C5-2025": [ - "OIS-04.03B", - "OIS-04.01AC", - "SP-01.04B", - "HR-01.01B", - "IAM-01.01B", - "IAM-01.04B" - ], - "NIST-CSF-1.1": [ - "ac_1", - "ac_4", - "pt_3" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-1", - "ac-2-f", - "ac-2-j", - "ac-3", - "ac-5-c", - "ac-6-10", - "ac-6", - "sc-2" - ], - "CIS-3.0": [ - "1.16" - ], - "NIST-800-53-Revision-5": [ - "ac_2_1", - "ac_2_6", - "ac_2_i_2", - "ac_3", - "ac_3_3", - "ac_3_3_a", - "ac_3_3_b_1", - "ac_3_3_b_2", - "ac_3_3_b_3", - "ac_3_3_b_4", - "ac_3_3_b_5", - "ac_3_3_c", - "ac_3_4", - "ac_3_4_a", - "ac_3_4_b", - "ac_3_4_c", - "ac_3_4_d", - "ac_3_4_e", - "ac_3_7", - "ac_3_8", - "ac_3_12_a", - "ac_3_13", - "ac_3_15_a", - "ac_3_15_b", - "ac_4_28", - "ac_5_b", - "ac_6", - "ac_6_2", - "ac_6_3", - "ac_6_10", - "ac_24", - "cm_5_1_a", - "cm_6_a", - "cm_9_b", - "mp_2", - "sc_23_3", - "sc_25" - ], - "ENS-RD2022": [ - "op.acc.4.aws.iam.1", - "op.acc.4.aws.iam.2", - "op.acc.4.aws.iam.9", - "op.exp.8.r4.aws.ct.8" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.16" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "ac-3" - ], - "FFIEC": [ - "d3-pc-am-b-1", - "d3-pc-am-b-16", - "d3-pc-am-b-2", - "d3-pc-am-b-3", - "d3-pc-am-b-6", - "d3-pc-im-b-7" - ], - "GDPR": [ - "article_25" - ], - "CIS-5.0": [ - "1.15" - ], - "CIS-1.4": [ - "1.16" - ], - "CCC": [ - "CCC.LB.CN05.AR01", - "CCC.Core.CN05.AR02" - ], - "GxP-21-CFR-Part-11": [ - "11.10-d", - "11.10-g" - ], - "ProwlerThreatScore-1.0": [ - "1.3.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "IAM.1" - ], - "CIS-1.5": [ - "1.16" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC03-BP02" - ], - "ISO27001-2022": [ - "A.5.18", - "A.8.2" - ], - "NIST-800-53-Revision-4": [ - "ac_2", - "ac_3", - "ac_5", - "ac_6", - "sc_2" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1078", - "T1648", - "T1098", - "T1578", - "T1550", - "T1040", - "T1580", - "T1538", - "T1619", - "T1201" - ], - "CIS-2.0": [ - "1.16" - ], - "CISA": [ - "your-systems-3", - "your-surroundings-3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure IAM AWS-Managed policies that allow full \"*:*\" administrative privileges are not attached", - "title": "Ensure IAM AWS-Managed policies that allow full \"*:*\" administrative privileges are not attached", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_aws_attached_policy_no_administrative_privileges-211203495394-us-east-1-AdministratorAccess" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "AdministratorAccess", - "arn": "arn:aws:iam::aws:policy/AdministratorAccess", - "entity": "ANPAIWMBCKSKIEE64ZLYK", - "version_id": "v1", - "type": "AWS", - "attached": true, - "document": { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Action": "*", - "Resource": "*" - } - ] - }, - "tags": [] - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "AdministratorAccess", - "type": "AwsIamPolicy", - "uid": "arn:aws:iam::aws:policy/AdministratorAccess" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "It is more secure to start with a minimum set of permissions and grant additional permissions as necessary, rather than starting with permissions that are too lenient and then trying to tighten them later. List policies an analyze if permissions are the least possible to conduct business activities.", - "references": [ - "http://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html" - ] - }, - "risk_details": "IAM policies are the means by which privileges are granted to users, groups, or roles. It is recommended and considered a standard security advice to grant least privilegeβ€”that is, granting only the permissions required to perform a task. Determine what users need to do and then craft policies for them that let the users perform only those tasks instead of allowing full administrative privileges. Providing full administrative privileges instead of restricting to the minimum set of permissions that the user is required to do exposes the resources to potentially unwanted actions.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "AWS policy AWSSupportServiceRolePolicy is attached but does not allow '*:*' administrative privileges.", - "metadata": { - "event_code": "iam_aws_attached_policy_no_administrative_privileges", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "AWS policy AWSSupportServiceRolePolicy is attached but does not allow '*:*' administrative privileges.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "CAF Security Epic: IAM", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_1", - "3_1_2", - "3_1_4", - "3_1_5", - "3_1_6", - "3_1_7", - "3_4_6", - "3_13_3" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_1" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_308_a_3_i", - "164_308_a_3_ii_b", - "164_308_a_4_i", - "164_308_a_4_ii_b", - "164_308_a_4_ii_c", - "164_312_a_1" - ], - "SOC2": [ - "cc_1_3", - "cc_6_3" - ], - "C5-2025": [ - "OIS-04.03B", - "OIS-04.01AC", - "SP-01.04B", - "HR-01.01B", - "IAM-01.01B", - "IAM-01.04B" - ], - "NIST-CSF-1.1": [ - "ac_1", - "ac_4", - "pt_3" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-1", - "ac-2-f", - "ac-2-j", - "ac-3", - "ac-5-c", - "ac-6-10", - "ac-6", - "sc-2" - ], - "CIS-3.0": [ - "1.16" - ], - "NIST-800-53-Revision-5": [ - "ac_2_1", - "ac_2_6", - "ac_2_i_2", - "ac_3", - "ac_3_3", - "ac_3_3_a", - "ac_3_3_b_1", - "ac_3_3_b_2", - "ac_3_3_b_3", - "ac_3_3_b_4", - "ac_3_3_b_5", - "ac_3_3_c", - "ac_3_4", - "ac_3_4_a", - "ac_3_4_b", - "ac_3_4_c", - "ac_3_4_d", - "ac_3_4_e", - "ac_3_7", - "ac_3_8", - "ac_3_12_a", - "ac_3_13", - "ac_3_15_a", - "ac_3_15_b", - "ac_4_28", - "ac_5_b", - "ac_6", - "ac_6_2", - "ac_6_3", - "ac_6_10", - "ac_24", - "cm_5_1_a", - "cm_6_a", - "cm_9_b", - "mp_2", - "sc_23_3", - "sc_25" - ], - "ENS-RD2022": [ - "op.acc.4.aws.iam.1", - "op.acc.4.aws.iam.2", - "op.acc.4.aws.iam.9", - "op.exp.8.r4.aws.ct.8" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.16" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "ac-3" - ], - "FFIEC": [ - "d3-pc-am-b-1", - "d3-pc-am-b-16", - "d3-pc-am-b-2", - "d3-pc-am-b-3", - "d3-pc-am-b-6", - "d3-pc-im-b-7" - ], - "GDPR": [ - "article_25" - ], - "CIS-5.0": [ - "1.15" - ], - "CIS-1.4": [ - "1.16" - ], - "CCC": [ - "CCC.LB.CN05.AR01", - "CCC.Core.CN05.AR02" - ], - "GxP-21-CFR-Part-11": [ - "11.10-d", - "11.10-g" - ], - "ProwlerThreatScore-1.0": [ - "1.3.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "IAM.1" - ], - "CIS-1.5": [ - "1.16" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC03-BP02" - ], - "ISO27001-2022": [ - "A.5.18", - "A.8.2" - ], - "NIST-800-53-Revision-4": [ - "ac_2", - "ac_3", - "ac_5", - "ac_6", - "sc_2" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1078", - "T1648", - "T1098", - "T1578", - "T1550", - "T1040", - "T1580", - "T1538", - "T1619", - "T1201" - ], - "CIS-2.0": [ - "1.16" - ], - "CISA": [ - "your-systems-3", - "your-surroundings-3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure IAM AWS-Managed policies that allow full \"*:*\" administrative privileges are not attached", - "title": "Ensure IAM AWS-Managed policies that allow full \"*:*\" administrative privileges are not attached", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_aws_attached_policy_no_administrative_privileges-211203495394-us-east-1-AWSSupportServiceRolePolicy" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "AWSSupportServiceRolePolicy", - "arn": "arn:aws:iam::aws:policy/aws-service-role/AWSSupportServiceRolePolicy", - "entity": "ANPAJ7W6266ELXF5MISDS", - "version_id": "v42", - "type": "AWS", - "attached": true, - "document": { - "Statement": [ - { - "Sid": "AWSSupportAPIGatewayAccess", - "Action": [ - "apigateway:GET" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:apigateway:*::/account", - "arn:aws:apigateway:*::/apis", - "arn:aws:apigateway:*::/apis/*", - "arn:aws:apigateway:*::/apis/*/authorizers", - "arn:aws:apigateway:*::/apis/*/authorizers/*", - "arn:aws:apigateway:*::/apis/*/deployments", - "arn:aws:apigateway:*::/apis/*/deployments/*", - "arn:aws:apigateway:*::/apis/*/integrations", - "arn:aws:apigateway:*::/apis/*/integrations/*", - "arn:aws:apigateway:*::/apis/*/integrations/*/integrationresponses", - "arn:aws:apigateway:*::/apis/*/integrations/*/integrationresponses/*", - "arn:aws:apigateway:*::/apis/*/models", - "arn:aws:apigateway:*::/apis/*/models/*", - "arn:aws:apigateway:*::/apis/*/routes", - "arn:aws:apigateway:*::/apis/*/routes/*", - "arn:aws:apigateway:*::/apis/*/routes/*/routeresponses", - "arn:aws:apigateway:*::/apis/*/routes/*/routeresponses/*", - "arn:aws:apigateway:*::/apis/*/stages", - "arn:aws:apigateway:*::/apis/*/stages/*", - "arn:aws:apigateway:*::/clientcertificates", - "arn:aws:apigateway:*::/clientcertificates/*", - "arn:aws:apigateway:*::/domainnames", - "arn:aws:apigateway:*::/domainnames/*", - "arn:aws:apigateway:*::/domainnames/*/apimappings", - "arn:aws:apigateway:*::/domainnames/*/apimappings/*", - "arn:aws:apigateway:*::/domainnames/*/basepathmappings", - "arn:aws:apigateway:*::/domainnames/*/basepathmappings/*", - "arn:aws:apigateway:*::/restapis", - "arn:aws:apigateway:*::/restapis/*", - "arn:aws:apigateway:*::/restapis/*/authorizers", - "arn:aws:apigateway:*::/restapis/*/authorizers/*", - "arn:aws:apigateway:*::/restapis/*/deployments", - "arn:aws:apigateway:*::/restapis/*/deployments/*", - "arn:aws:apigateway:*::/restapis/*/models", - "arn:aws:apigateway:*::/restapis/*/models/*", - "arn:aws:apigateway:*::/restapis/*/models/*/default_template", - "arn:aws:apigateway:*::/restapis/*/resources", - "arn:aws:apigateway:*::/restapis/*/resources/*", - "arn:aws:apigateway:*::/restapis/*/resources/*/methods/*/integration/responses/*", - "arn:aws:apigateway:*::/restapis/*/resources/*/methods/*/responses/*", - "arn:aws:apigateway:*::/restapis/*/stages/*/sdks/*", - "arn:aws:apigateway:*::/restapis/*/resources/*/methods/*", - "arn:aws:apigateway:*::/restapis/*/resources/*/methods/*/integration", - "arn:aws:apigateway:*::/restapis/*/stages", - "arn:aws:apigateway:*::/restapis/*/stages/*", - "arn:aws:apigateway:*::/usageplans", - "arn:aws:apigateway:*::/usageplans/*", - "arn:aws:apigateway:*::/vpclinks", - "arn:aws:apigateway:*::/vpclinks/*" - ] - }, - { - "Sid": "AWSSupportDeleteRoleAccess", - "Action": [ - "iam:DeleteRole" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:iam::*:role/aws-service-role/support.amazonaws.com/AWSServiceRoleForSupport" - ] - }, - { - "Sid": "AWSSupportActionsGroup1", - "Action": [ - "access-analyzer:getAccessPreview", - "access-analyzer:getAnalyzedResource", - "access-analyzer:getAnalyzer", - "access-analyzer:getArchiveRule", - "access-analyzer:getFinding", - "access-analyzer:getGeneratedPolicy", - "access-analyzer:listAccessPreviewFindings", - "access-analyzer:listAccessPreviews", - "access-analyzer:listAnalyzedResources", - "access-analyzer:listAnalyzers", - "access-analyzer:listArchiveRules", - "access-analyzer:listFindings", - "access-analyzer:listPolicyGenerations", - "account:getRegionOptStatus", - "account:listRegions", - "acm-pca:describeCertificateAuthority", - "acm-pca:describeCertificateAuthorityAuditReport", - "acm-pca:getCertificate", - "acm-pca:getCertificateAuthorityCertificate", - "acm-pca:getCertificateAuthorityCsr", - "acm-pca:listCertificateAuthorities", - "acm-pca:listTags", - "acm:describeCertificate", - "acm:getAccountConfiguration", - "acm:getCertificate", - "acm:listCertificates", - "acm:listTagsForCertificate", - "aiops:getInvestigationGroup", - "aiops:getInvestigationGroupPolicy", - "aiops:listInvestigationGroups", - "airflow:getEnvironment", - "airflow:listEnvironments", - "airflow:listTagsForResource", - "amplify:getApp", - "amplify:getBackendEnvironment", - "amplify:getBranch", - "amplify:getDomainAssociation", - "amplify:getJob", - "amplify:getWebhook", - "amplify:listApps", - "amplify:listBackendEnvironments", - "amplify:listBranches", - "amplify:listDomainAssociations", - "amplify:listWebhooks", - "amplifyuibuilder:exportComponents", - "amplifyuibuilder:exportThemes", - "aoss:batchGetCollection", - "aoss:batchGetEffectiveLifecyclePolicy", - "aoss:batchGetLifecyclePolicy", - "aoss:batchGetVpcEndpoint", - "aoss:getAccessPolicy", - "aoss:getAccountSettings", - "aoss:getPoliciesStats", - "aoss:getSecurityConfig", - "aoss:getSecurityPolicy", - "aoss:listAccessPolicies", - "aoss:listCollections", - "aoss:listLifecyclePolicies", - "aoss:listSecurityConfigs", - "aoss:listSecurityPolicies", - "aoss:listTagsForResource", - "aoss:listVpcEndpoints", - "appconfig:getApplication", - "appconfig:getConfigurationProfile", - "appconfig:getDeployment", - "appconfig:getDeploymentStrategy", - "appconfig:getEnvironment", - "appconfig:getExtension", - "appconfig:getExtensionAssociation", - "appconfig:listApplications", - "appconfig:listConfigurationProfiles", - "appconfig:listDeployments", - "appconfig:listDeploymentStrategies", - "appconfig:listEnvironments", - "appconfig:listExtensionAssociations", - "appconfig:listExtensions", - "appconfig:listHostedConfigurationVersions", - "appflow:describeConnectorEntity", - "appflow:describeConnectorProfiles", - "appflow:describeConnectors", - "appflow:describeFlow", - "appflow:describeFlowExecutionRecords", - "appflow:listConnectorEntities", - "appflow:listFlows", - "application-autoscaling:describeScalableTargets", - "application-autoscaling:describeScalingActivities", - "application-autoscaling:describeScalingPolicies", - "application-autoscaling:describeScheduledActions", - "application-signals:getService", - "application-signals:getServiceLevelObjective", - "application-signals:listServiceDependencies", - "application-signals:listServiceDependents", - "application-signals:listServiceLevelObjectives", - "application-signals:listServiceOperations", - "application-signals:listServices", - "applicationinsights:describeApplication", - "applicationinsights:describeComponent", - "applicationinsights:describeComponentConfiguration", - "applicationinsights:describeComponentConfigurationRecommendation", - "applicationinsights:describeLogPattern", - "applicationinsights:describeObservation", - "applicationinsights:describeProblem", - "applicationinsights:describeProblemObservations", - "applicationinsights:listApplications", - "applicationinsights:listComponents", - "applicationinsights:listConfigurationHistory", - "applicationinsights:listLogPatterns", - "applicationinsights:listLogPatternSets", - "applicationinsights:listProblems", - "appmesh:describeGatewayRoute", - "appmesh:describeMesh", - "appmesh:describeRoute", - "appmesh:describeVirtualGateway", - "appmesh:describeVirtualNode", - "appmesh:describeVirtualRouter", - "appmesh:describeVirtualService", - "appmesh:listGatewayRoutes", - "appmesh:listMeshes", - "appmesh:listRoutes", - "appmesh:listTagsForResource", - "appmesh:listVirtualGateways", - "appmesh:listVirtualNodes", - "appmesh:listVirtualRouters", - "appmesh:listVirtualServices", - "apprunner:describeAutoScalingConfiguration", - "apprunner:describeCustomDomains", - "apprunner:describeObservabilityConfiguration", - "apprunner:describeOperation", - "apprunner:describeService", - "apprunner:describeVpcConnector", - "apprunner:describeVpcIngressConnection", - "apprunner:listAutoScalingConfigurations", - "apprunner:listConnections", - "apprunner:listObservabilityConfigurations", - "apprunner:listOperations", - "apprunner:listServices", - "apprunner:listTagsForResource", - "apprunner:listVpcConnectors", - "apprunner:listVpcIngressConnections", - "appstream:describeAppBlockBuilderAppBlockAssociations", - "appstream:describeAppBlockBuilders", - "appstream:describeAppBlocks", - "appstream:describeApplicationFleetAssociations", - "appstream:describeApplications", - "appstream:describeDirectoryConfigs", - "appstream:describeEntitlements", - "appstream:describeFleets", - "appstream:describeImageBuilders", - "appstream:describeImagePermissions", - "appstream:describeImages", - "appstream:describeSessions", - "appstream:describeStacks", - "appstream:describeUsageReportSubscriptions", - "appstream:describeUsers", - "appstream:describeUserStackAssociations", - "appstream:listAssociatedFleets", - "appstream:listAssociatedStacks", - "appstream:listEntitledApplications", - "appstream:listTagsForResource", - "appsync:getApi", - "appsync:getApiAssociation", - "appsync:getApiCache", - "appsync:getChannelNamespace", - "appsync:getDataSource", - "appsync:getDomainName", - "appsync:getFunction", - "appsync:getGraphqlApi", - "appsync:getIntrospectionSchema", - "appsync:getResolver", - "appsync:getSchemaCreationStatus", - "appsync:getSourceApiAssociation", - "appsync:getType", - "appsync:listApis", - "appsync:listChannelNamespaces", - "appsync:listDataSources", - "appsync:listDomainNames", - "appsync:listFunctions", - "appsync:listGraphqlApis", - "appsync:listResolvers", - "appsync:listResolversByFunction", - "appsync:listSourceApiAssociations", - "appsync:listTypes", - "appsync:listTypesByAssociation", - "aps:describeAlertManagerDefinition", - "aps:describeRuleGroupsNamespace", - "aps:describeScraper", - "aps:describeWorkspace", - "aps:listRuleGroupsNamespaces", - "aps:listScrapers", - "aps:listWorkspaces", - "athena:batchGetNamedQuery", - "athena:batchGetQueryExecution", - "athena:getCalculationExecution", - "athena:getCalculationExecutionStatus", - "athena:getCapacityAssignmentConfiguration", - "athena:getCapacityReservation", - "athena:getDataCatalog", - "athena:getNamedQuery", - "athena:getNotebookMetadata", - "athena:getQueryExecution", - "athena:getQueryRuntimeStatistics", - "athena:getSession", - "athena:getSessionStatus", - "athena:getWorkGroup", - "athena:listApplicationDPUSizes", - "athena:listCalculationExecutions", - "athena:listCapacityReservations", - "athena:listDataCatalogs", - "athena:listEngineVersions", - "athena:listExecutors", - "athena:listNamedQueries", - "athena:listNotebookMetadata", - "athena:listNotebookSessions", - "athena:listQueryExecutions", - "athena:listSessions", - "athena:listTagsForResource", - "athena:listWorkGroups", - "auditmanager:getAccountStatus", - "auditmanager:getDelegations", - "auditmanager:listAssessmentFrameworks", - "auditmanager:listAssessmentReports", - "auditmanager:listAssessments", - "auditmanager:listControls", - "auditmanager:listKeywordsForDataSource", - "auditmanager:listNotifications", - "autoscaling-plans:describeScalingPlanResources", - "autoscaling-plans:describeScalingPlans", - "autoscaling-plans:getScalingPlanResourceForecastData", - "autoscaling:describeAccountLimits", - "autoscaling:describeAdjustmentTypes", - "autoscaling:describeAutoScalingGroups", - "autoscaling:describeAutoScalingInstances", - "autoscaling:describeAutoScalingNotificationTypes", - "autoscaling:describeInstanceRefreshes", - "autoscaling:describeLaunchConfigurations", - "autoscaling:describeLifecycleHooks", - "autoscaling:describeLifecycleHookTypes", - "autoscaling:describeLoadBalancers", - "autoscaling:describeLoadBalancerTargetGroups", - "autoscaling:describeMetricCollectionTypes", - "autoscaling:describeNotificationConfigurations", - "autoscaling:describePolicies", - "autoscaling:describeScalingActivities", - "autoscaling:describeScalingProcessTypes", - "autoscaling:describeScheduledActions", - "autoscaling:describeTags", - "autoscaling:describeTerminationPolicyTypes", - "autoscaling:describeTrafficSources", - "autoscaling:describeWarmPool", - "backup-gateway:getBandwidthRateLimitSchedule", - "backup-gateway:getGateway", - "backup-gateway:getHypervisor", - "backup-gateway:getHypervisorPropertyMappings", - "backup-gateway:getVirtualMachine", - "backup-gateway:listGateways", - "backup-gateway:listHypervisors", - "backup-gateway:listVirtualMachines", - "backup-search:listSearchJobBackups", - "backup-search:listSearchJobs", - "backup:describeBackupJob", - "backup:describeBackupVault", - "backup:describeCopyJob", - "backup:describeFramework", - "backup:describeGlobalSettings", - "backup:describeProtectedResource", - "backup:describeRecoveryPoint", - "backup:describeRegionSettings", - "backup:describeReportJob", - "backup:describeReportPlan", - "backup:describeRestoreJob", - "backup:getBackupPlan", - "backup:getBackupPlanFromJSON", - "backup:getBackupPlanFromTemplate", - "backup:getBackupSelection", - "backup:getBackupVaultAccessPolicy", - "backup:getBackupVaultNotifications", - "backup:getLegalHold", - "backup:getRecoveryPointRestoreMetadata", - "backup:getRecoveryPointIndexDetails", - "backup:getRestoreJobMetadata", - "backup:getRestoreTestingInferredMetadata", - "backup:getRestoreTestingPlan", - "backup:getRestoreTestingSelection", - "backup:getSupportedResourceTypes", - "backup:listBackupJobs", - "backup:listBackupPlans", - "backup:listBackupPlanTemplates", - "backup:listBackupPlanVersions", - "backup:listBackupSelections", - "backup:listBackupVaults", - "backup:listCopyJobs", - "backup:listFrameworks", - "backup:listIndexedRecoveryPoints", - "backup:listLegalHolds", - "backup:listProtectedResources", - "backup:listRecoveryPointsByBackupVault", - "backup:listRecoveryPointsByLegalHold", - "backup:listRecoveryPointsByResource", - "backup:listReportJobs", - "backup:listReportPlans", - "backup:listRestoreJobs", - "backup:listRestoreJobsByProtectedResource", - "backup:listRestoreTestingPlans", - "backup:listRestoreTestingSelections", - "backup:listTags", - "batch:describeComputeEnvironments", - "batch:describeJobDefinitions", - "batch:describeJobQueues", - "batch:describeJobs", - "batch:describeSchedulingPolicies", - "batch:listJobs", - "bedrock:getAgent", - "bedrock:getAgentActionGroup", - "bedrock:getAgentAlias", - "bedrock:getAgentKnowledgeBase", - "bedrock:getAgentVersion", - "bedrock:getCustomModel", - "bedrock:getDataSource", - "bedrock:getEvaluationJob", - "bedrock:getFlow", - "bedrock:getFlowAlias", - "bedrock:getFlowVersion", - "bedrock:getFoundationModel", - "bedrock:getGuardrail", - "bedrock:getImportedModel", - "bedrock:getInferenceProfile", - "bedrock:getIngestionJob", - "bedrock:getKnowledgeBase", - "bedrock:getMarketplaceModelEndpoint", - "bedrock:getModelCopyJob", - "bedrock:getModelCustomizationJob", - "bedrock:getModelImportJob", - "bedrock:getModelInvocationJob", - "bedrock:getModelInvocationLoggingConfiguration", - "bedrock:getPrompt", - "bedrock:getPromptRouter", - "bedrock:getProvisionedModelThroughput", - "bedrock:listAgentActionGroups", - "bedrock:listAgentAliases", - "bedrock:listAgentKnowledgeBases", - "bedrock:listAgents", - "bedrock:listAgentVersions", - "bedrock:listCustomModels", - "bedrock:listDataSources", - "bedrock:listEvaluationJobs", - "bedrock:listFlowAliases", - "bedrock:listFlows", - "bedrock:listFlowVersions", - "bedrock:listFoundationModels", - "bedrock:listGuardrails", - "bedrock:listImportedModels", - "bedrock:listInferenceProfiles", - "bedrock:listIngestionJobs", - "bedrock:listKnowledgeBases", - "bedrock:listMarketplaceModelEndpoints", - "bedrock:listModelCopyJobs", - "bedrock:listModelCustomizationJobs", - "bedrock:listModelImportJobs", - "bedrock:listModelInvocationJobs", - "bedrock:listPromptRouters", - "bedrock:listPrompts", - "bedrock:listProvisionedModelThroughputs", - "braket:getDevice", - "braket:getQuantumTask", - "braket:searchDevices", - "braket:searchQuantumTasks", - "budgets:viewBudget", - "ce:getCostAndUsage", - "ce:getCostAndUsageWithResources", - "ce:getCostForecast", - "ce:getDimensionValues", - "ce:getReservationCoverage", - "ce:getReservationPurchaseRecommendation", - "ce:getReservationUtilization", - "ce:getRightsizingRecommendation", - "ce:getSavingsPlansCoverage", - "ce:getSavingsPlansPurchaseRecommendation", - "ce:getSavingsPlansUtilization", - "ce:getSavingsPlansUtilizationDetails", - "ce:getTags", - "chime:describeAppInstance", - "chime:getAttendee", - "chime:getGlobalSettings", - "chime:getMediaCapturePipeline", - "chime:getMediaPipeline", - "chime:getMeeting", - "chime:getProxySession", - "chime:getSipMediaApplication", - "chime:getSipRule", - "chime:getVoiceConnector", - "chime:getVoiceConnectorGroup", - "chime:getVoiceConnectorLoggingConfiguration", - "chime:listAppInstances", - "chime:listAttendees", - "chime:listChannelBans", - "chime:listChannels", - "chime:listChannelsModeratedByAppInstanceUser", - "chime:listMediaCapturePipelines", - "chime:listMediaPipelines", - "chime:listMeetings", - "chime:listSipMediaApplications", - "chime:listSipRules", - "chime:listVoiceConnectorGroups", - "chime:listVoiceConnectors", - "cleanrooms:batchGetCollaborationAnalysisTemplate", - "cleanrooms:batchGetSchema", - "cleanrooms:getAnalysisTemplate", - "cleanrooms:getCollaboration", - "cleanrooms:getCollaborationAnalysisTemplate", - "cleanrooms:getConfiguredTable", - "cleanrooms:getConfiguredTableAssociation", - "cleanrooms:getMembership", - "cleanrooms:getSchema", - "cleanrooms:listAnalysisTemplates", - "cleanrooms:listCollaborationAnalysisTemplates", - "cleanrooms:listCollaborations", - "cleanrooms:listConfiguredTableAssociations", - "cleanrooms:listConfiguredTables", - "cleanrooms:listMembers", - "cleanrooms:listMemberships", - "cleanrooms:listSchemas", - "cloud9:describeEnvironmentMemberships", - "cloud9:describeEnvironments", - "cloud9:listEnvironments", - "clouddirectory:getDirectory", - "clouddirectory:listDirectories", - "cloudformation:batchDescribeTypeConfigurations", - "cloudformation:describeAccountLimits", - "cloudformation:describeChangeSet", - "cloudformation:describeChangeSetHooks", - "cloudformation:describePublisher", - "cloudformation:describeStackDriftDetectionStatus", - "cloudformation:describeStackEvents", - "cloudformation:describeStackInstance", - "cloudformation:describeStackResource", - "cloudformation:describeStackResourceDrifts", - "cloudformation:describeStackResources", - "cloudformation:describeStacks", - "cloudformation:describeStackSet", - "cloudformation:describeStackSetOperation", - "cloudformation:describeType", - "cloudformation:describeTypeRegistration", - "cloudformation:estimateTemplateCost", - "cloudformation:getResource", - "cloudformation:getStackPolicy", - "cloudformation:getTemplate", - "cloudformation:getTemplateSummary", - "cloudformation:listChangeSets", - "cloudformation:listExports", - "cloudformation:listImports", - "cloudformation:listResources", - "cloudformation:listStackInstances", - "cloudformation:listStackResources", - "cloudformation:listStacks", - "cloudformation:listStackSetOperationResults", - "cloudformation:listStackSetOperations", - "cloudformation:listStackSets", - "cloudformation:listTypeRegistrations", - "cloudformation:listTypes", - "cloudformation:listTypeVersions", - "cloudfront:describeFunction", - "cloudfront:describeKeyValueStore", - "cloudfront:getAnycastIpList", - "cloudfront:getCachePolicy", - "cloudfront:getCachePolicyConfig", - "cloudfront:getCloudFrontOriginAccessIdentity", - "cloudfront:getCloudFrontOriginAccessIdentityConfig", - "cloudfront:getContinuousDeploymentPolicy", - "cloudfront:getContinuousDeploymentPolicyConfig", - "cloudfront:getDistribution", - "cloudfront:getDistributionConfig", - "cloudfront:getInvalidation", - "cloudfront:getKeyGroup", - "cloudfront:getKeyGroupConfig", - "cloudfront:getMonitoringSubscription", - "cloudfront:getOriginAccessControl", - "cloudfront:getOriginAccessControlConfig", - "cloudfront:getOriginRequestPolicy", - "cloudfront:getOriginRequestPolicyConfig", - "cloudfront:getPublicKey", - "cloudfront:getPublicKeyConfig", - "cloudfront:getRealtimeLogConfig", - "cloudfront:getResponseHeadersPolicy", - "cloudfront:getResponseHeadersPolicyConfig", - "cloudfront:getStreamingDistribution", - "cloudfront:getStreamingDistributionConfig", - "cloudfront:getVpcOrigin", - "cloudfront:listAnycastIpLists", - "cloudfront:listCachePolicies", - "cloudfront:listCloudFrontOriginAccessIdentities", - "cloudfront:listConflictingAliases", - "cloudfront:listContinuousDeploymentPolicies", - "cloudfront:listDistributions", - "cloudfront:listDistributionsByAnycastIpListId", - "cloudfront:listDistributionsByCachePolicyId", - "cloudfront:listDistributionsByKeyGroup", - "cloudfront:listDistributionsByOriginRequestPolicyId", - "cloudfront:listDistributionsByRealtimeLogConfig", - "cloudfront:listDistributionsByResponseHeadersPolicyId", - "cloudfront:listDistributionsByVpcOriginId", - "cloudfront:listDistributionsByWebACLId", - "cloudfront:listFunctions", - "cloudfront:listInvalidations", - "cloudfront:listKeyGroups", - "cloudfront:listKeyValueStores", - "cloudfront:listOriginAccessControls", - "cloudfront:listOriginRequestPolicies", - "cloudfront:listPublicKeys", - "cloudfront:listRealtimeLogConfigs", - "cloudfront:listResponseHeadersPolicies", - "cloudfront:listStreamingDistributions", - "cloudfront:listVpcOrigins", - "cloudhsm:describeBackups", - "cloudhsm:describeClusters", - "cloudsearch:describeAnalysisSchemes", - "cloudsearch:describeAvailabilityOptions", - "cloudsearch:describeDomains", - "cloudsearch:describeExpressions", - "cloudsearch:describeIndexFields", - "cloudsearch:describeScalingParameters", - "cloudsearch:describeServiceAccessPolicies", - "cloudsearch:describeSuggesters", - "cloudsearch:listDomainNames", - "cloudtrail:describeTrails", - "cloudtrail:getEventSelectors", - "cloudtrail:getInsightSelectors", - "cloudtrail:getTrail", - "cloudtrail:getTrailStatus", - "cloudtrail:listPublicKeys", - "cloudtrail:listTags", - "cloudtrail:listTrails", - "cloudtrail:lookupEvents", - "cloudwatch:describeAlarmHistory", - "cloudwatch:describeAlarms", - "cloudwatch:describeAlarmsForMetric", - "cloudwatch:describeAnomalyDetectors", - "cloudwatch:describeInsightRules", - "cloudwatch:getDashboard", - "cloudwatch:getInsightRuleReport", - "cloudwatch:getMetricData", - "cloudwatch:getMetricStatistics", - "cloudwatch:getMetricStream", - "cloudWatch:getMetricWidgetImage", - "cloudwatch:listDashboards", - "cloudwatch:listManagedInsightRules", - "cloudwatch:listMetrics", - "cloudwatch:listMetricStreams", - "codeartifact:describeDomain", - "codeartifact:describePackageVersion", - "codeartifact:describeRepository", - "codeartifact:getDomainPermissionsPolicy", - "codeartifact:getRepositoryEndpoint", - "codeartifact:getRepositoryPermissionsPolicy", - "codeartifact:listDomains", - "codeartifact:listPackages", - "codeartifact:listPackageVersionAssets", - "codeartifact:listPackageVersions", - "codeartifact:listRepositories", - "codeartifact:listRepositoriesInDomain", - "codebuild:batchGetBuildBatches", - "codebuild:batchGetBuilds", - "codebuild:batchGetFleets", - "codebuild:batchGetProjects", - "codebuild:listBuildBatches", - "codebuild:listBuildBatchesForProject", - "codebuild:listBuilds", - "codebuild:listBuildsForProject", - "codebuild:listCuratedEnvironmentImages", - "codebuild:listFleets", - "codebuild:listProjects", - "codebuild:listSourceCredentials", - "codecommit:batchGetRepositories", - "codecommit:getBranch", - "codecommit:getRepository", - "codecommit:getRepositoryTriggers", - "codecommit:listBranches", - "codecommit:listRepositories", - "codeconnections:getConnection", - "codeconnections:getHost", - "codeconnections:getRepositoryLink", - "codeconnections:getRepositorySyncStatus", - "codeconnections:getResourceSyncStatus", - "codeconnections:getSyncBlockerSummary", - "codeconnections:getSyncConfiguration", - "codeconnections:listConnections", - "codeconnections:listHosts", - "codeconnections:listRepositoryLinks", - "codeconnections:listRepositorySyncDefinitions", - "codeconnections:listSyncConfigurations", - "codedeploy:batchGetApplicationRevisions", - "codedeploy:batchGetApplications", - "codedeploy:batchGetDeploymentGroups", - "codedeploy:batchGetDeploymentInstances", - "codedeploy:batchGetDeployments", - "codedeploy:batchGetDeploymentTargets", - "codedeploy:batchGetOnPremisesInstances", - "codedeploy:getApplication", - "codedeploy:getApplicationRevision", - "codedeploy:getDeployment", - "codedeploy:getDeploymentConfig", - "codedeploy:getDeploymentGroup", - "codedeploy:getDeploymentInstance", - "codedeploy:getDeploymentTarget", - "codedeploy:getOnPremisesInstance", - "codedeploy:listApplicationRevisions", - "codedeploy:listApplications", - "codedeploy:listDeploymentConfigs", - "codedeploy:listDeploymentGroups", - "codedeploy:listDeploymentInstances", - "codedeploy:listDeployments", - "codedeploy:listDeploymentTargets", - "codedeploy:listGitHubAccountTokenNames", - "codedeploy:listOnPremisesInstances", - "codepipeline:getJobDetails", - "codepipeline:getPipeline", - "codepipeline:getPipelineExecution", - "codepipeline:getPipelineState", - "codepipeline:listActionExecutions", - "codepipeline:listActionTypes", - "codepipeline:listPipelineExecutions", - "codepipeline:listPipelines", - "codepipeline:listRuleExecutions", - "codepipeline:listWebhooks", - "codestar-connections:getConnection", - "codestar-connections:getHost", - "codestar-connections:listConnections", - "codestar-connections:listHosts", - "codestar:describeProject", - "codestar:listProjects", - "codestar:listResources", - "codestar:listTeamMembers", - "codestar:listUserProfiles", - "cognito-identity:describeIdentity", - "cognito-identity:describeIdentityPool", - "cognito-identity:getIdentityPoolAnalytics", - "cognito-identity:getIdentityPoolDailyAnalytics", - "cognito-identity:getIdentityPoolRoles", - "cognito-identity:getIdentityProviderDailyAnalytics", - "cognito-identity:listIdentities", - "cognito-identity:listIdentityPools", - "cognito-identity:lookupDeveloperIdentity", - "cognito-idp:describeIdentityProvider", - "cognito-idp:describeResourceServer", - "cognito-idp:describeRiskConfiguration", - "cognito-idp:describeUserImportJob", - "cognito-idp:describeUserPool", - "cognito-idp:describeUserPoolClient", - "cognito-idp:describeUserPoolDomain", - "cognito-idp:getCSVHeader", - "cognito-idp:getGroup", - "cognito-idp:getLogDeliveryConfiguration", - "cognito-idp:getUICustomization", - "cognito-idp:getUserPoolMfaConfig", - "cognito-idp:listGroups", - "cognito-idp:listIdentityProviders", - "cognito-idp:listResourceServers", - "cognito-idp:listUserImportJobs", - "cognito-idp:listUserPoolClients", - "cognito-idp:listUserPools", - "cognito-sync:describeDataset", - "cognito-sync:describeIdentityPoolUsage", - "cognito-sync:describeIdentityUsage", - "cognito-sync:getCognitoEvents", - "cognito-sync:getIdentityPoolConfiguration", - "cognito-sync:listDatasets", - "cognito-sync:listIdentityPoolUsage", - "comprehend:describeDocumentClassificationJob", - "comprehend:describeDocumentClassifier", - "comprehend:describeDominantLanguageDetectionJob", - "comprehend:describeEndpoint", - "comprehend:describeEntitiesDetectionJob", - "comprehend:describeEntityRecognizer", - "comprehend:describeEventsDetectionJob", - "comprehend:describeFlywheel", - "comprehend:describeFlywheelIteration", - "comprehend:describeKeyPhrasesDetectionJob", - "comprehend:describePiiEntitiesDetectionJob", - "comprehend:describeSentimentDetectionJob", - "comprehend:describeTargetedSentimentDetectionJob", - "comprehend:describeTopicsDetectionJob", - "comprehend:listDocumentClassificationJobs", - "comprehend:listDocumentClassifiers", - "comprehend:listDominantLanguageDetectionJobs", - "comprehend:listEndpoints", - "comprehend:listEntitiesDetectionJobs", - "comprehend:listEntityRecognizers", - "comprehend:listEventsDetectionJobs", - "comprehend:listFlywheelIterationHistory", - "comprehend:listFlywheels", - "comprehend:listKeyPhrasesDetectionJobs", - "comprehend:listPiiEntitiesDetectionJobs", - "comprehend:listSentimentDetectionJobs", - "comprehend:listTargetedSentimentDetectionJobs", - "comprehend:listTopicsDetectionJobs", - "compute-optimizer:getAutoScalingGroupRecommendations", - "compute-optimizer:getEBSVolumeRecommendations", - "compute-optimizer:getEC2InstanceRecommendations", - "compute-optimizer:getEC2RecommendationProjectedMetrics", - "compute-optimizer:getECSServiceRecommendationProjectedMetrics", - "compute-optimizer:getECSServiceRecommendations", - "compute-optimizer:getEnrollmentStatus", - "compute-optimizer:getRecommendationSummaries", - "config:batchGetAggregateResourceConfig", - "config:batchGetResourceConfig", - "config:describeAggregateComplianceByConfigRules", - "config:describeAggregationAuthorizations", - "config:describeComplianceByConfigRule", - "config:describeComplianceByResource", - "config:describeConfigRuleEvaluationStatus", - "config:describeConfigRules", - "config:describeConfigurationAggregators", - "config:describeConfigurationAggregatorSourcesStatus", - "config:describeConfigurationRecorders", - "config:describeConfigurationRecorderStatus", - "config:describeConformancePackCompliance", - "config:describeConformancePacks", - "config:describeConformancePackStatus", - "config:describeDeliveryChannels", - "config:describeDeliveryChannelStatus", - "config:describeOrganizationConfigRules", - "config:describeOrganizationConfigRuleStatuses", - "config:describeOrganizationConformancePacks", - "config:describeOrganizationConformancePackStatuses", - "config:describePendingAggregationRequests", - "config:describeRemediationConfigurations", - "config:describeRemediationExceptions", - "config:describeRemediationExecutionStatus", - "config:describeRetentionConfigurations", - "config:getAggregateComplianceDetailsByConfigRule", - "config:getAggregateConfigRuleComplianceSummary", - "config:getAggregateDiscoveredResourceCounts", - "config:getAggregateResourceConfig", - "config:getComplianceDetailsByConfigRule", - "config:getComplianceDetailsByResource", - "config:getComplianceSummaryByConfigRule", - "config:getComplianceSummaryByResourceType", - "config:getConformancePackComplianceDetails", - "config:getConformancePackComplianceSummary", - "config:getDiscoveredResourceCounts", - "config:getOrganizationConfigRuleDetailedStatus", - "config:getOrganizationConformancePackDetailedStatus", - "config:getResourceConfigHistory", - "config:listAggregateDiscoveredResources", - "config:listDiscoveredResources", - "config:listTagsForResource", - "config:selectAggregateResourceConfig", - "config:selectResourceConfig", - "connect:describeContact", - "connect:describePhoneNumber", - "connect:describeQueue", - "connect:describeQuickConnect", - "connect:describeRoutingProfile", - "connect:describeUser", - "connect:describeUserHierarchyStructure", - "connect:getCurrentMetricData", - "connect:getMetricData", - "connect:getMetricDataV2", - "connect:listContactEvaluations", - "connect:listEvaluationForms", - "connect:listEvaluationFormVersions", - "connect:listPhoneNumbersV2", - "connect:listQueueQuickConnects", - "connect:listQueues", - "connect:listQuickConnects", - "connect:listRoutingProfileQueues", - "connect:listRoutingProfiles", - "connect:listSecurityProfiles", - "connect:listUsers", - "connect:listViews", - "connect:listViewVersions", - "connect:searchQueues", - "connect:searchRoutingProfiles", - "connect:searchUsers", - "controltower:describeAccountFactoryConfig", - "controltower:describeCoreService", - "controltower:describeGuardrail", - "controltower:describeGuardrailForTarget", - "controltower:describeManagedAccount", - "controltower:describeSingleSignOn", - "controltower:getAvailableUpdates", - "controltower:getHomeRegion", - "controltower:getLandingZone", - "controltower:getLandingZoneStatus", - "controltower:listDirectoryGroups", - "controltower:listEnabledControls", - "controltower:listGuardrailsForTarget", - "controltower:listGuardrailViolations", - "controltower:listLandingZones", - "controltower:listManagedAccounts", - "controltower:listManagedAccountsForGuardrail", - "controltower:listManagedAccountsForParent", - "controltower:listManagedOrganizationalUnits", - "controltower:listManagedOrganizationalUnitsForGuardrail", - "cost-optimization-hub:getPreferences", - "cost-optimization-hub:getRecommendation", - "cost-optimization-hub:listEnrollmentStatuses", - "cost-optimization-hub:listRecommendations", - "cost-optimization-hub:listRecommendationSummaries", - "databrew:describeDataset", - "databrew:describeJob", - "databrew:describeProject", - "databrew:describeRecipe", - "databrew:listDatasets", - "databrew:listJobRuns", - "databrew:listJobs", - "databrew:listProjects", - "databrew:listRecipes", - "databrew:listRecipeVersions", - "databrew:listTagsForResource", - "datapipeline:describeObjects", - "datapipeline:describePipelines", - "datapipeline:getPipelineDefinition", - "datapipeline:listPipelines", - "datapipeline:queryObjects", - "datasync:describeAgent", - "datasync:describeLocationAzureBlob", - "datasync:describeLocationEfs", - "datasync:describeLocationFsxLustre", - "datasync:describeLocationFsxOntap", - "datasync:describeLocationFsxOpenZfs", - "datasync:describeLocationFsxWindows", - "datasync:describeLocationHdfs", - "datasync:describeLocationNfs", - "datasync:describeLocationObjectStorage", - "datasync:describeLocationS3", - "datasync:describeLocationSmb", - "datasync:describeTask", - "datasync:describeTaskExecution", - "datasync:listAgents", - "datasync:listLocations", - "datasync:listTaskExecutions", - "datasync:listTasks", - "datazone:getAsset", - "datazone:getAssetType", - "datazone:getDataSource", - "datazone:getDataSourceRun", - "datazone:getDomain", - "datazone:getEnvironment", - "datazone:getEnvironmentBlueprint", - "datazone:getEnvironmentBlueprintConfiguration", - "datazone:getEnvironmentProfile", - "datazone:getFormType", - "datazone:getGlossary", - "datazone:getGlossaryTerm", - "datazone:getGroupProfile", - "datazone:getListing", - "datazone:getMetadataGenerationRun", - "datazone:getProject", - "datazone:getSubscription", - "datazone:getSubscriptionGrant", - "datazone:getSubscriptionRequestDetails", - "datazone:getSubscriptionTarget", - "datazone:getUserProfile", - "datazone:listAssetRevisions", - "datazone:listDataSourceRunActivities", - "datazone:listDataSourceRuns", - "datazone:listDataSources", - "datazone:listDomains", - "datazone:listEnvironmentBlueprintConfigurations", - "datazone:listEnvironmentBlueprints", - "datazone:listEnvironmentProfiles", - "datazone:listEnvironments", - "datazone:listMetadataGenerationRuns", - "datazone:listProjectMemberships", - "datazone:listProjects", - "datazone:listSubscriptionGrants", - "datazone:listSubscriptionRequests", - "datazone:listSubscriptions", - "datazone:listSubscriptionTargets", - "datazone:searchGroupProfiles", - "datazone:searchUserProfiles", - "dax:describeClusters", - "dax:describeDefaultParameters", - "dax:describeEvents", - "dax:describeParameterGroups", - "dax:describeParameters", - "dax:describeSubnetGroups", - "deadline:listAvailableMeteredProducts", - "deadline:listBudgets", - "deadline:listFarmMembers", - "deadline:listFarms", - "deadline:listFleetMembers", - "deadline:listFleets", - "deadline:listJobMembers", - "deadline:listJobs", - "deadline:listLicenseEndpoints", - "deadline:listMeteredProducts", - "deadline:listMonitors", - "deadline:listQueueEnvironments", - "deadline:listQueueFleetAssociations", - "deadline:listQueueMembers", - "deadline:listQueues", - "deadline:listStorageProfiles", - "deadline:listWorkers", - "detective:getMembers", - "detective:listGraphs", - "detective:listInvitations", - "detective:listMembers", - "devicefarm:getAccountSettings", - "devicefarm:getDevice", - "devicefarm:getDevicePool", - "devicefarm:getDevicePoolCompatibility", - "devicefarm:getJob", - "devicefarm:getProject", - "devicefarm:getRemoteAccessSession", - "devicefarm:getRun", - "devicefarm:getSuite", - "devicefarm:getTest", - "devicefarm:getTestGridProject", - "devicefarm:getTestGridSession", - "devicefarm:getUpload", - "devicefarm:listArtifacts", - "devicefarm:listDevicePools", - "devicefarm:listDevices", - "devicefarm:listJobs", - "devicefarm:listProjects", - "devicefarm:listRemoteAccessSessions", - "devicefarm:listRuns", - "devicefarm:listSamples", - "devicefarm:listSuites", - "devicefarm:listTestGridProjects", - "devicefarm:listTestGridSessionActions", - "devicefarm:listTestGridSessionArtifacts", - "devicefarm:listTestGridSessions", - "devicefarm:listTests", - "devicefarm:listUniqueProblems", - "devicefarm:listUploads", - "directconnect:describeConnectionLoa", - "directconnect:describeConnections", - "directconnect:describeConnectionsOnInterconnect", - "directconnect:describeCustomerMetadata", - "directconnect:describeDirectConnectGatewayAssociationProposals", - "directconnect:describeDirectConnectGatewayAssociations", - "directconnect:describeDirectConnectGatewayAttachments", - "directconnect:describeDirectConnectGateways", - "directconnect:describeHostedConnections", - "directconnect:describeInterconnectLoa", - "directconnect:describeInterconnects", - "directconnect:describeLags", - "directconnect:describeLoa", - "directconnect:describeLocations", - "directconnect:describeRouterConfiguration", - "directconnect:describeVirtualGateways", - "directconnect:describeVirtualInterfaces", - "directconnect:listVirtualInterfaceTestHistory", - "dlm:getLifecyclePolicies", - "dlm:getLifecyclePolicy", - "dms:describeAccountAttributes", - "dms:describeApplicableIndividualAssessments", - "dms:describeConnections", - "dms:describeEndpoints", - "dms:describeEndpointSettings", - "dms:describeEndpointTypes", - "dms:describeEventCategories", - "dms:describeEvents", - "dms:describeEventSubscriptions", - "dms:describeFleetAdvisorCollectors", - "dms:describeFleetAdvisorDatabases", - "dms:describeFleetAdvisorLsaAnalysis", - "dms:describeFleetAdvisorSchemaObjectSummary", - "dms:describeFleetAdvisorSchemas", - "dms:describeOrderableReplicationInstances", - "dms:describePendingMaintenanceActions", - "dms:describeRefreshSchemasStatus", - "dms:describeReplicationInstances", - "dms:describeReplicationInstanceTaskLogs", - "dms:describeReplicationSubnetGroups", - "dms:describeReplicationTaskAssessmentResults", - "dms:describeReplicationTaskAssessmentRuns", - "dms:describeReplicationTaskIndividualAssessments", - "dms:describeReplicationTasks", - "dms:describeSchemas", - "dms:describeTableStatistics", - "docdb-elastic:getCluster", - "docdb-elastic:getClusterSnapshot", - "docdb-elastic:listClusters", - "docdb-elastic:listClusterSnapshots", - "drs:describeJobLogItems", - "drs:describeJobs", - "drs:describeLaunchConfigurationTemplates", - "drs:describeRecoveryInstances", - "drs:describeRecoverySnapshots", - "drs:describeReplicationConfigurationTemplates", - "drs:describeSourceNetworks", - "drs:describeSourceServers", - "drs:getLaunchConfiguration", - "drs:getReplicationConfiguration", - "drs:listExtensibleSourceServers", - "drs:listLaunchActions", - "drs:listStagingAccounts", - "ds:describeClientAuthenticationSettings", - "ds:describeConditionalForwarders", - "ds:describeDirectories", - "ds:describeDomainControllers", - "ds:describeEventTopics", - "ds:describeHybridADUpdate", - "ds:describeLDAPSSettings", - "ds:describeSharedDirectories", - "ds:describeSnapshots", - "ds:describeTrusts", - "ds:getDirectoryLimits", - "ds:getSnapshotLimits", - "ds:listIpRoutes", - "ds:listSchemaExtensions", - "ds:listTagsForResource", - "dynamodb:describeBackup", - "dynamodb:describeContinuousBackups", - "dynamodb:describeContributorInsights", - "dynamodb:describeExport", - "dynamodb:describeGlobalTable", - "dynamodb:describeImport", - "dynamodb:describeKinesisStreamingDestination", - "dynamodb:describeLimits", - "dynamodb:describeStream", - "dynamodb:describeTable", - "dynamodb:describeTimeToLive", - "dynamodb:getResourcePolicy", - "dynamodb:listBackups", - "dynamodb:listContributorInsights", - "dynamodb:listExports", - "dynamodb:listGlobalTables", - "dynamodb:listImports", - "dynamodb:listStreams", - "dynamodb:listTables", - "dynamodb:listTagsOfResource", - "ec2:describeAccountAttributes", - "ec2:describeAddresses", - "ec2:describeAddressesAttribute", - "ec2:describeAddressTransfers", - "ec2:describeAggregateIdFormat", - "ec2:describeAvailabilityZones", - "ec2:describeBundleTasks", - "ec2:describeByoipCidrs", - "ec2:describeCapacityBlockOfferings", - "ec2:describeCapacityReservationFleets", - "ec2:describeCapacityReservations", - "ec2:describeCarrierGateways", - "ec2:describeClassicLinkInstances", - "ec2:describeClientVpnAuthorizationRules", - "ec2:describeClientVpnConnections", - "ec2:describeClientVpnEndpoints", - "ec2:describeClientVpnRoutes", - "ec2:describeClientVpnTargetNetworks", - "ec2:describeCoipPools", - "ec2:describeConversionTasks", - "ec2:describeCustomerGateways", - "ec2:describeDhcpOptions", - "ec2:describeEgressOnlyInternetGateways", - "ec2:describeExportImageTasks", - "ec2:describeExportTasks", - "ec2:describeFastLaunchImages", - "ec2:describeFastSnapshotRestores", - "ec2:describeFleetHistory", - "ec2:describeFleetInstances", - "ec2:describeFleets", - "ec2:describeFlowLogs", - "ec2:describeFpgaImageAttribute", - "ec2:describeFpgaImages", - "ec2:describeHostReservationOfferings", - "ec2:describeHostReservations", - "ec2:describeHosts", - "ec2:describeIamInstanceProfileAssociations", - "ec2:describeIdentityIdFormat", - "ec2:describeIdFormat", - "ec2:describeImageAttribute", - "ec2:describeImages", - "ec2:describeImportImageTasks", - "ec2:describeImportSnapshotTasks", - "ec2:describeInstanceAttribute", - "ec2:describeInstanceConnectEndpoints", - "ec2:describeInstanceCreditSpecifications", - "ec2:describeInstanceEventNotificationAttributes", - "ec2:describeInstanceEventWindows", - "ec2:describeInstances", - "ec2:describeInstanceStatus", - "ec2:describeInstanceTypeOfferings", - "ec2:describeInstanceTypes", - "ec2:describeInternetGateways", - "ec2:describeIpamByoasn", - "ec2:describeIpamExternalResourceVerificationTokens", - "ec2:describeIpamPools", - "ec2:describeIpamResourceDiscoveries", - "ec2:describeIpamResourceDiscoveryAssociations", - "ec2:describeIpams", - "ec2:describeIpamScopes", - "ec2:describeIpv6Pools", - "ec2:describeKeyPairs", - "ec2:describeLaunchTemplates", - "ec2:describeLaunchTemplateVersions", - "ec2:describeLocalGatewayRouteTables", - "ec2:describeLocalGatewayRouteTableVirtualInterfaceGroupAssociations", - "ec2:describeLocalGatewayRouteTableVpcAssociations", - "ec2:describeLocalGateways", - "ec2:describeLocalGatewayVirtualInterfaceGroups", - "ec2:describeLocalGatewayVirtualInterfaces", - "ec2:describeManagedPrefixLists", - "ec2:describeMovingAddresses", - "ec2:describeNatGateways", - "ec2:describeNetworkAcls", - "ec2:describeNetworkInsightsAccessScopeAnalyses", - "ec2:describeNetworkInsightsAccessScopes", - "ec2:describeNetworkInsightsAnalyses", - "ec2:describeNetworkInsightsPaths", - "ec2:describeNetworkInterfaceAttribute", - "ec2:describeNetworkInterfaces", - "ec2:describePlacementGroups", - "ec2:describePrefixLists", - "ec2:describePrincipalIdFormat", - "ec2:describePublicIpv4Pools", - "ec2:describeRegions", - "ec2:describeReplaceRootVolumeTasks", - "ec2:describeReservedInstances", - "ec2:describeReservedInstancesListings", - "ec2:describeReservedInstancesModifications", - "ec2:describeReservedInstancesOfferings", - "ec2:describeRouteServerEndpoints", - "ec2:describeRouteServerPeers", - "ec2:describeRouteServers", - "ec2:describeRouteTables", - "ec2:describeScheduledInstanceAvailability", - "ec2:describeScheduledInstances", - "ec2:describeSecurityGroupReferences", - "ec2:describeSecurityGroupRules", - "ec2:describeSecurityGroups", - "ec2:describeServiceLinkVirtualInterfaces", - "ec2:describeSnapshotAttribute", - "ec2:describeSnapshots", - "ec2:describeSnapshotTierStatus", - "ec2:describeSpotDatafeedSubscription", - "ec2:describeSpotFleetInstances", - "ec2:describeSpotFleetRequestHistory", - "ec2:describeSpotFleetRequests", - "ec2:describeSpotInstanceRequests", - "ec2:describeSpotPriceHistory", - "ec2:describeStaleSecurityGroups", - "ec2:describeStoreImageTasks", - "ec2:describeSubnets", - "ec2:describeTags", - "ec2:describeTrafficMirrorFilterRules", - "ec2:describeTrafficMirrorFilters", - "ec2:describeTrafficMirrorSessions", - "ec2:describeTrafficMirrorTargets", - "ec2:describeTransitGatewayAttachments", - "ec2:describeTransitGatewayConnectPeers", - "ec2:describeTransitGatewayMulticastDomains", - "ec2:describeTransitGatewayPeeringAttachments", - "ec2:describeTransitGatewayPolicyTables", - "ec2:describeTransitGatewayRouteTableAnnouncements", - "ec2:describeTransitGatewayRouteTables", - "ec2:describeTransitGateways", - "ec2:describeTransitGatewayVpcAttachments", - "ec2:describeVerifiedAccessEndpoints", - "ec2:describeVerifiedAccessGroups", - "ec2:describeVerifiedAccessInstanceLoggingConfigurations", - "ec2:describeVerifiedAccessInstances", - "ec2:describeVerifiedAccessTrustProviders", - "ec2:describeVolumeAttribute", - "ec2:describeVolumes", - "ec2:describeVolumesModifications", - "ec2:describeVolumeStatus", - "ec2:describeVpcAttribute", - "ec2:describeVpcBlockPublicAccessExclusions", - "ec2:describeVpcBlockPublicAccessOptions", - "ec2:describeVpcClassicLink", - "ec2:describeVpcClassicLinkDnsSupport", - "ec2:describeVpcEndpointAssociations", - "ec2:describeVpcEndpointConnectionNotifications", - "ec2:describeVpcEndpointConnections", - "ec2:describeVpcEndpoints", - "ec2:describeVpcEndpointServiceConfigurations", - "ec2:describeVpcEndpointServicePermissions", - "ec2:describeVpcEndpointServices", - "ec2:describeVpcPeeringConnections", - "ec2:describeVpcs", - "ec2:describeVpnConnections", - "ec2:describeVpnGateways", - "ec2:getAssociatedEnclaveCertificateIamRoles", - "ec2:getAssociatedIpv6PoolCidrs", - "ec2:getCapacityReservationUsage", - "ec2:getCoipPoolUsage", - "ec2:getConsoleOutput", - "ec2:getConsoleScreenshot", - "ec2:getDefaultCreditSpecification", - "ec2:getEbsDefaultKmsKeyId", - "ec2:getEbsEncryptionByDefault", - "ec2:getGroupsForCapacityReservation", - "ec2:getHostReservationPurchasePreview", - "ec2:getImageBlockPublicAccessState", - "ec2:getInstanceTypesFromInstanceRequirements", - "ec2:getIpamAddressHistory", - "ec2:getIpamDiscoveredAccounts", - "ec2:getIpamDiscoveredPublicAddresses", - "ec2:getIpamDiscoveredResourceCidrs", - "ec2:getIpamPoolAllocations", - "ec2:getIpamPoolCidrs", - "ec2:getIpamResourceCidrs", - "ec2:getLaunchTemplateData", - "ec2:getManagedPrefixListAssociations", - "ec2:getManagedPrefixListEntries", - "ec2:getNetworkInsightsAccessScopeContent", - "ec2:getReservedInstancesExchangeQuote", - "ec2:getRouteServerAssociations", - "ec2:getRouteServerPropagations", - "ec2:getRouteServerRoutingDatabase", - "ec2:getSerialConsoleAccessStatus", - "ec2:getSpotPlacementScores", - "ec2:getSubnetCidrReservations", - "ec2:getTransitGatewayMulticastDomainAssociations", - "ec2:getTransitGatewayPrefixListReferences", - "ec2:getVerifiedAccessEndpointPolicy", - "ec2:getVerifiedAccessGroupPolicy", - "ec2:listImagesInRecycleBin", - "ec2:listSnapshotsInRecycleBin", - "ec2:searchLocalGatewayRoutes", - "ec2:searchTransitGatewayMulticastGroups", - "ec2:searchTransitGatewayRoutes", - "ecr-public:describeImages", - "ecr-public:describeImageTags", - "ecr-public:describeRegistries", - "ecr-public:describeRepositories", - "ecr-public:getRegistryCatalogData", - "ecr-public:getRepositoryCatalogData", - "ecr-public:getRepositoryPolicy", - "ecr-public:listTagsForResource", - "ecr:batchCheckLayerAvailability", - "ecr:batchGetRepositoryScanningConfiguration", - "ecr:describeImageReplicationStatus", - "ecr:describeImages", - "ecr:describeImageScanFindings", - "ecr:describePullThroughCacheRules", - "ecr:describeRegistry", - "ecr:describeRepositories", - "ecr:getLifecyclePolicy", - "ecr:getLifecyclePolicyPreview", - "ecr:getRegistryPolicy", - "ecr:getRegistryScanningConfiguration", - "ecr:getRepositoryPolicy", - "ecr:listImages", - "ecr:listTagsForResource", - "ecs:describeCapacityProviders", - "ecs:describeClusters", - "ecs:describeContainerInstances", - "ecs:describeServiceDeployments", - "ecs:describeServiceRevisions", - "ecs:describeServices", - "ecs:describeTaskDefinition", - "ecs:describeTasks", - "ecs:describeTaskSets", - "ecs:getTaskProtection", - "ecs:listAccountSettings", - "ecs:listAttributes", - "ecs:listClusters", - "ecs:listContainerInstances", - "ecs:listServiceDeployments", - "ecs:listServices", - "ecs:listServicesByNamespace", - "ecs:listTagsForResource", - "ecs:listTaskDefinitionFamilies", - "ecs:listTaskDefinitions", - "ecs:listTasks" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Sid": "AWSSupportActionsGroup2", - "Action": [ - "eks:describeAccessEntry", - "eks:describeAddon", - "eks:describeAddonConfiguration", - "eks:describeAddonVersions", - "eks:describeCluster", - "eks:describeEksAnywhereSubscription", - "eks:describeFargateProfile", - "eks:describeIdentityProviderConfig", - "eks:describeInsight", - "eks:describeNodegroup", - "eks:describePodIdentityAssociation", - "eks:describeUpdate", - "eks:listAccessEntries", - "eks:listAccessPolicies", - "eks:listAddons", - "eks:listAssociatedAccessPolicies", - "eks:listClusters", - "eks:listEksAnywhereSubscriptions", - "eks:listFargateProfiles", - "eks:listIdentityProviderConfigs", - "eks:listInsights", - "eks:listNodegroups", - "eks:listPodIdentityAssociations", - "eks:listUpdates", - "elasticache:describeCacheClusters", - "elasticache:describeCacheEngineVersions", - "elasticache:describeCacheParameterGroups", - "elasticache:describeCacheParameters", - "elasticache:describeCacheSecurityGroups", - "elasticache:describeCacheSubnetGroups", - "elasticache:describeEngineDefaultParameters", - "elasticache:describeEvents", - "elasticache:describeGlobalReplicationGroups", - "elasticache:describeReplicationGroups", - "elasticache:describeReservedCacheNodes", - "elasticache:describeReservedCacheNodesOfferings", - "elasticache:describeServerlessCaches", - "elasticache:describeServerlessCacheSnapshots", - "elasticache:describeServiceUpdates", - "elasticache:describeSnapshots", - "elasticache:describeUpdateActions", - "elasticache:describeUserGroups", - "elasticache:describeUsers", - "elasticache:listAllowedNodeTypeModifications", - "elasticache:listTagsForResource", - "elasticbeanstalk:checkDNSAvailability", - "elasticbeanstalk:describeAccountAttributes", - "elasticbeanstalk:describeApplications", - "elasticbeanstalk:describeApplicationVersions", - "elasticbeanstalk:describeConfigurationOptions", - "elasticbeanstalk:describeEnvironmentHealth", - "elasticbeanstalk:describeEnvironmentManagedActionHistory", - "elasticbeanstalk:describeEnvironmentManagedActions", - "elasticbeanstalk:describeEnvironmentResources", - "elasticbeanstalk:describeEnvironments", - "elasticbeanstalk:describeEvents", - "elasticbeanstalk:describeInstancesHealth", - "elasticbeanstalk:describePlatformVersion", - "elasticbeanstalk:listAvailableSolutionStacks", - "elasticbeanstalk:listPlatformBranches", - "elasticbeanstalk:listPlatformVersions", - "elasticbeanstalk:validateConfigurationSettings", - "elasticfilesystem:describeAccessPoints", - "elasticfilesystem:describeBackupPolicy", - "elasticfilesystem:describeFileSystemPolicy", - "elasticfilesystem:describeFileSystems", - "elasticfilesystem:describeLifecycleConfiguration", - "elasticfilesystem:describeMountTargets", - "elasticfilesystem:describeMountTargetSecurityGroups", - "elasticfilesystem:describeReplicationConfigurations", - "elasticfilesystem:describeTags", - "elasticfilesystem:listTagsForResource", - "elasticloadbalancing:describeAccountLimits", - "elasticloadbalancing:describeInstanceHealth", - "elasticloadbalancing:describeListenerCertificates", - "elasticloadbalancing:describeListeners", - "elasticloadbalancing:describeLoadBalancerAttributes", - "elasticloadbalancing:describeLoadBalancerPolicies", - "elasticloadbalancing:describeLoadBalancerPolicyTypes", - "elasticloadbalancing:describeLoadBalancers", - "elasticloadbalancing:describeRules", - "elasticloadbalancing:describeSSLPolicies", - "elasticloadbalancing:describeTags", - "elasticloadbalancing:describeTargetGroupAttributes", - "elasticloadbalancing:describeTargetGroups", - "elasticloadbalancing:describeTargetHealth", - "elasticloadbalancing:describeTrustStoreAssociations", - "elasticloadbalancing:describeTrustStoreRevocations", - "elasticloadbalancing:describeTrustStores", - "elasticmapreduce:describeCluster", - "elasticmapreduce:describeNotebookExecution", - "elasticmapreduce:describeReleaseLabel", - "elasticmapreduce:describeSecurityConfiguration", - "elasticmapreduce:describeStep", - "elasticmapreduce:describeStudio", - "elasticmapreduce:getAutoTerminationPolicy", - "elasticmapreduce:getBlockPublicAccessConfiguration", - "elasticmapreduce:getManagedScalingPolicy", - "elasticmapreduce:getStudioSessionMapping", - "elasticmapreduce:listBootstrapActions", - "elasticmapreduce:listClusters", - "elasticmapreduce:listInstanceFleets", - "elasticmapreduce:listInstanceGroups", - "elasticmapreduce:listInstances", - "elasticmapreduce:listNotebookExecutions", - "elasticmapreduce:listReleaseLabels", - "elasticmapreduce:listSecurityConfigurations", - "elasticmapreduce:listSteps", - "elasticmapreduce:listStudios", - "elasticmapreduce:listStudioSessionMappings", - "elastictranscoder:listJobsByPipeline", - "elastictranscoder:listJobsByStatus", - "elastictranscoder:listPipelines", - "elastictranscoder:listPresets", - "elastictranscoder:readPipeline", - "elastictranscoder:readPreset", - "emr-containers:describeJobRun", - "emr-containers:describeJobTemplate", - "emr-containers:describeManagedEndpoint", - "emr-containers:describeVirtualCluster", - "emr-containers:listJobRuns", - "emr-containers:listJobTemplates", - "emr-containers:listManagedEndpoints", - "emr-containers:listVirtualClusters", - "emr-serverless:getApplication", - "emr-serverless:getJobRun", - "emr-serverless:listApplications", - "es:describeDomain", - "es:describeDomainAutoTunes", - "es:describeDomainChangeProgress", - "es:describeDomainConfig", - "es:describeDomainHealth", - "es:describeDomainNodes", - "es:describeDomains", - "es:describeDryRunProgress", - "es:describeElasticsearchDomain", - "es:describeElasticsearchDomainConfig", - "es:describeElasticsearchDomains", - "es:getDomainMaintenanceStatus", - "es:describeInboundConnections", - "es:describeInstanceTypeLimits", - "es:describeOutboundConnections", - "es:describePackages", - "es:describeReservedInstanceOfferings", - "es:describeReservedInstances", - "es:describeVpcEndpoints", - "es:getCompatibleVersions", - "es:getPackageVersionHistory", - "es:getUpgradeHistory", - "es:getUpgradeStatus", - "es:listDomainMaintenances", - "es:listDomainNames", - "es:listDomainsForPackage", - "es:listInstanceTypeDetails", - "es:listPackagesForDomain", - "es:listScheduledActions", - "es:listTags", - "es:listVersions", - "es:listVpcEndpointAccess", - "es:listVpcEndpoints", - "es:listVpcEndpointsForDomain", - "events:describeApiDestination", - "events:describeArchive", - "events:describeConnection", - "events:describeEndpoint", - "events:describeEventBus", - "events:describeEventSource", - "events:describePartnerEventSource", - "events:describeReplay", - "events:describeRule", - "events:listApiDestinations", - "events:listArchives", - "events:listConnections", - "events:listEndpoints", - "events:listEventBuses", - "events:listEventSources", - "events:listPartnerEventSourceAccounts", - "events:listPartnerEventSources", - "events:listReplays", - "events:listRuleNamesByTarget", - "events:listRules", - "events:listTargetsByRule", - "events:testEventPattern", - "evidently:getExperiment", - "evidently:getFeature", - "evidently:getLaunch", - "evidently:getProject", - "evidently:getSegment", - "evidently:listExperiments", - "evidently:listFeatures", - "evidently:listLaunches", - "evidently:listProjects", - "evidently:listSegmentReferences", - "evidently:listSegments", - "firehose:describeDeliveryStream", - "firehose:listDeliveryStreams", - "fis:getAction", - "fis:getExperiment", - "fis:getExperimentTargetAccountConfiguration", - "fis:getExperimentTemplate", - "fis:getSafetyLever", - "fis:getTargetAccountConfiguration", - "fis:listActions", - "fis:listExperimentResolvedTargets", - "fis:listExperimentTargetAccountConfigurations", - "fis:listExperiments", - "fis:listExperimentTemplates", - "fis:listTargetAccountConfigurations", - "fms:getAdminAccount", - "fms:getAdminScope", - "fms:getAppsList", - "fms:getComplianceDetail", - "fms:getNotificationChannel", - "fms:getProtocolsList", - "fms:getPolicy", - "fms:getProtectionStatus", - "fms:getResourceSet", - "fms:getThirdPartyFirewallAssociationStatus", - "fms:getViolationDetails", - "fms:listAdminAccountsForOrganization", - "fms:listAdminsManagingAccount", - "fms:listAppsLists", - "fms:listComplianceStatus", - "fms:listDiscoveredResources", - "fms:listMemberAccounts", - "fms:listProtocolsLists", - "fms:listPolicies", - "fms:listResourceSetResources", - "fms:listResourceSets", - "fms:listThirdPartyFirewallFirewallPolicies", - "forecast:describeDataset", - "forecast:describeDatasetGroup", - "forecast:describeDatasetImportJob", - "forecast:describeForecast", - "forecast:describeForecastExportJob", - "forecast:describePredictor", - "forecast:getAccuracyMetrics", - "forecast:listDatasetGroups", - "forecast:listDatasetImportJobs", - "forecast:listDatasets", - "forecast:listForecastExportJobs", - "forecast:listForecasts", - "forecast:listPredictors", - "freetier:getFreeTierUsage", - "fsx:describeBackups", - "fsx:describeDataRepositoryAssociations", - "fsx:describeDataRepositoryTasks", - "fsx:describeFileCaches", - "fsx:describeFileSystems", - "fsx:describeS3AccessPointAttachments", - "fsx:describeSnapshots", - "fsx:describeStorageVirtualMachines", - "fsx:describeVolumes", - "fsx:listTagsForResource", - "gamelift:describeAlias", - "gamelift:describeBuild", - "gamelift:describeEC2InstanceLimits", - "gamelift:describeFleetAttributes", - "gamelift:describeFleetCapacity", - "gamelift:describeFleetEvents", - "gamelift:describeFleetLocationAttributes", - "gamelift:describeFleetLocationCapacity", - "gamelift:describeFleetLocationUtilization", - "gamelift:describeFleetPortSettings", - "gamelift:describeFleetUtilization", - "gamelift:describeGameServer", - "gamelift:describeGameServerGroup", - "gamelift:describeGameSessionDetails", - "gamelift:describeGameSessionPlacement", - "gamelift:describeGameSessionQueues", - "gamelift:describeGameSessions", - "gamelift:describeInstances", - "gamelift:describeMatchmaking", - "gamelift:describeMatchmakingConfigurations", - "gamelift:describeMatchmakingRuleSets", - "gamelift:describePlayerSessions", - "gamelift:describeRuntimeConfiguration", - "gamelift:describeScalingPolicies", - "gamelift:describeScript", - "gamelift:listAliases", - "gamelift:listBuilds", - "gamelift:listFleets", - "gamelift:listGameServerGroups", - "gamelift:listGameServers", - "gamelift:listScripts", - "gamelift:resolveAlias", - "glacier:describeJob", - "glacier:describeVault", - "glacier:getDataRetrievalPolicy", - "glacier:getVaultAccessPolicy", - "glacier:getVaultLock", - "glacier:getVaultNotifications", - "glacier:listJobs", - "glacier:listTagsForVault", - "glacier:listVaults", - "globalaccelerator:describeAccelerator", - "globalaccelerator:describeAcceleratorAttributes", - "globalaccelerator:describeCrossAccountAttachment", - "globalaccelerator:describeCustomRoutingAccelerator", - "globalaccelerator:describeCustomRoutingAcceleratorAttributes", - "globalaccelerator:describeCustomRoutingEndpointGroup", - "globalaccelerator:describeCustomRoutingListener", - "globalaccelerator:describeEndpointGroup", - "globalaccelerator:describeListener", - "globalaccelerator:listAccelerators", - "globalaccelerator:listByoipCidrs", - "globalaccelerator:listCrossAccountAttachments", - "globalaccelerator:listCrossAccountResourceAccounts", - "globalaccelerator:listCrossAccountResources", - "globalaccelerator:listCustomRoutingAccelerators", - "globalaccelerator:listCustomRoutingEndpointGroups", - "globalaccelerator:listCustomRoutingListeners", - "globalaccelerator:listCustomRoutingPortMappings", - "globalaccelerator:listCustomRoutingPortMappingsByDestination", - "globalaccelerator:listEndpointGroups", - "globalaccelerator:listListeners", - "glue:batchGetBlueprints", - "glue:batchGetCrawlers", - "glue:batchGetDevEndpoints", - "glue:batchGetJobs", - "glue:batchGetPartition", - "glue:batchGetTriggers", - "glue:batchGetWorkflows", - "glue:checkSchemaVersionValidity", - "glue:batchGetTableOptimizer", - "glue:getBlueprint", - "glue:getBlueprintRun", - "glue:getBlueprintRuns", - "glue:getCatalogImportStatus", - "glue:getClassifier", - "glue:getClassifiers", - "glue:getColumnStatisticsForPartition", - "glue:getColumnStatisticsForTable", - "glue:getColumnStatisticsTaskRun", - "glue:getColumnStatisticsTaskRuns", - "glue:getCrawler", - "glue:getCrawlerMetrics", - "glue:getCrawlers", - "glue:getCustomEntityType", - "glue:getDatabase", - "glue:getDatabases", - "glue:getDataCatalogEncryptionSettings", - "glue:getDataflowGraph", - "glue:getDataQualityResult", - "glue:getDataQualityRuleRecommendationRun", - "glue:getDataQualityRuleset", - "glue:getDataQualityRulesetEvaluationRun", - "glue:getDevEndpoint", - "glue:getDevEndpoints", - "glue:getJob", - "glue:getJobBookmark", - "glue:getJobRun", - "glue:getJobRuns", - "glue:getJobs", - "glue:getMapping", - "glue:getMLTaskRun", - "glue:getMLTaskRuns", - "glue:getMLTransform", - "glue:getMLTransforms", - "glue:getPartition", - "glue:getPartitionIndexes", - "glue:getPartitions", - "glue:getRegistry", - "glue:getResourcePolicies", - "glue:getResourcePolicy", - "glue:getSchema", - "glue:getSchemaByDefinition", - "glue:getSchemaVersion", - "glue:getSchemaVersionsDiff", - "glue:getSecurityConfiguration", - "glue:getSecurityConfigurations", - "glue:getSession", - "glue:getStatement", - "glue:getTable", - "glue:getTableOptimizer", - "glue:getTables", - "glue:getTableVersions", - "glue:getTrigger", - "glue:getTriggers", - "glue:getUserDefinedFunction", - "glue:getUserDefinedFunctions", - "glue:getWorkflow", - "glue:getWorkflowRun", - "glue:getWorkflowRuns", - "glue:listColumnStatisticsTaskRuns", - "glue:listCrawlers", - "glue:listCrawls", - "glue:listDataQualityResults", - "glue:listDataQualityRuleRecommendationRuns", - "glue:listDataQualityRulesetEvaluationRuns", - "glue:listDataQualityRulesets", - "glue:listDevEndpoints", - "glue:listMLTransforms", - "glue:listRegistries", - "glue:listSchemas", - "glue:listSchemaVersions", - "glue:listSessions", - "glue:listStatements", - "glue:listTableOptimizerRuns", - "glue:listTriggers", - "glue:querySchemaVersionMetadata", - "glue:getTableVersion", - "grafana:describeWorkspace", - "grafana:describeWorkspaceAuthentication", - "grafana:listPermissions", - "grafana:listVersions", - "grafana:listWorkspaces", - "greengrass:getConnectivityInfo", - "greengrass:getCoreDefinition", - "greengrass:getCoreDefinitionVersion", - "greengrass:getDeploymentStatus", - "greengrass:getDeviceDefinition", - "greengrass:getDeviceDefinitionVersion", - "greengrass:getFunctionDefinition", - "greengrass:getFunctionDefinitionVersion", - "greengrass:getGroup", - "greengrass:getGroupCertificateAuthority", - "greengrass:getGroupVersion", - "greengrass:getLoggerDefinition", - "greengrass:getLoggerDefinitionVersion", - "greengrass:getResourceDefinitionVersion", - "greengrass:getServiceRoleForAccount", - "greengrass:getSubscriptionDefinition", - "greengrass:getSubscriptionDefinitionVersion", - "greengrass:listCoreDefinitions", - "greengrass:listCoreDefinitionVersions", - "greengrass:listDeployments", - "greengrass:listDeviceDefinitions", - "greengrass:listDeviceDefinitionVersions", - "greengrass:listFunctionDefinitions", - "greengrass:listFunctionDefinitionVersions", - "greengrass:listGroups", - "greengrass:listGroupVersions", - "greengrass:listLoggerDefinitions", - "greengrass:listLoggerDefinitionVersions", - "greengrass:listResourceDefinitions", - "greengrass:listResourceDefinitionVersions", - "greengrass:listSubscriptionDefinitions", - "greengrass:listSubscriptionDefinitionVersions", - "guardduty:describeMalwareScans", - "guardduty:describePublishingDestination", - "guardduty:getCoverageStatistics", - "guardduty:getDetector", - "guardduty:getFindings", - "guardduty:getFindingsStatistics", - "guardduty:getInvitationsCount", - "guardduty:getIPSet", - "guardduty:getMalwareScanSettings", - "guardduty:getMasterAccount", - "guardduty:getMemberDetectors", - "guardduty:getMembers", - "guardduty:getOrganizationStatistics", - "guardduty:getRemainingFreeTrialDays", - "guardduty:getThreatIntelSet", - "guardduty:listCoverage", - "guardduty:listDetectors", - "guardduty:listFindings", - "guardduty:listInvitations", - "guardduty:listIPSets", - "guardduty:listMembers", - "guardduty:listThreatIntelSets", - "health:describeAffectedAccountsForOrganization", - "health:describeAffectedEntities", - "health:describeAffectedEntitiesForOrganization", - "health:describeEntityAggregates", - "health:describeEntityAggregatesForOrganization", - "health:describeEventAggregates", - "health:describeEventDetails", - "health:describeEventDetailsForOrganization", - "health:describeEvents", - "health:describeEventsForOrganization", - "health:describeEventTypes", - "health:describeHealthServiceStatusForOrganization", - "iam:getAccessKeyLastUsed", - "iam:getAccountAuthorizationDetails", - "iam:getAccountPasswordPolicy", - "iam:getAccountSummary", - "iam:getContextKeysForCustomPolicy", - "iam:getContextKeysForPrincipalPolicy", - "iam:getCredentialReport", - "iam:getGroup", - "iam:getGroupPolicy", - "iam:getInstanceProfile", - "iam:getLoginProfile", - "iam:getMFADevice", - "iam:getOpenIDConnectProvider", - "iam:getPolicy", - "iam:getPolicyVersion", - "iam:getRole", - "iam:getRolePolicy", - "iam:getSAMLProvider", - "iam:getServerCertificate", - "iam:getServiceLinkedRoleDeletionStatus", - "iam:getSSHPublicKey", - "iam:getUser", - "iam:getUserPolicy", - "iam:listAccessKeys", - "iam:listAccountAliases", - "iam:listAttachedGroupPolicies", - "iam:listAttachedRolePolicies", - "iam:listAttachedUserPolicies", - "iam:listEntitiesForPolicy", - "iam:listGroupPolicies", - "iam:listGroups", - "iam:listGroupsForUser", - "iam:listInstanceProfiles", - "iam:listInstanceProfilesForRole", - "iam:listMFADevices", - "iam:listOpenIDConnectProviders", - "iam:listPolicies", - "iam:listPolicyVersions", - "iam:listRolePolicies", - "iam:listRoles", - "iam:listSAMLProviders", - "iam:listServerCertificates", - "iam:listServiceSpecificCredentials", - "iam:listSigningCertificates", - "iam:listSSHPublicKeys", - "iam:listUserPolicies", - "iam:listUsers", - "iam:listVirtualMFADevices", - "iam:simulateCustomPolicy", - "iam:simulatePrincipalPolicy", - "identitystore:describeGroup", - "identitystore:describeGroupMembership", - "identitystore:getGroupId", - "identitystore:getGroupMembershipId", - "identitystore:getUserId", - "identitystore:isMemberInGroups", - "identitystore:listGroupMemberships", - "identitystore:listGroupMembershipsForMember", - "identitystore:listGroups", - "imagebuilder:getComponent", - "imagebuilder:getComponentPolicy", - "imagebuilder:getContainerRecipe", - "imagebuilder:getContainerRecipePolicy", - "imagebuilder:getDistributionConfiguration", - "imagebuilder:getImage", - "imagebuilder:getImagePipeline", - "imagebuilder:getImagePolicy", - "imagebuilder:getImageRecipe", - "imagebuilder:getImageRecipePolicy", - "imagebuilder:getInfrastructureConfiguration", - "imagebuilder:getLifecycleExecution", - "imagebuilder:getLifecyclePolicy", - "imagebuilder:getWorkflow", - "imagebuilder:getWorkflowExecution", - "imagebuilder:getWorkflowStepExecution", - "imagebuilder:listComponentBuildVersions", - "imagebuilder:listComponents", - "imagebuilder:listContainerRecipes", - "imagebuilder:listDistributionConfigurations", - "imagebuilder:listImageBuildVersions", - "imagebuilder:listImagePipelineImages", - "imagebuilder:listImagePipelines", - "imagebuilder:listImageRecipes", - "imagebuilder:listImages", - "imagebuilder:listImageScanFindingAggregations", - "imagebuilder:listInfrastructureConfigurations", - "imagebuilder:listLifecycleExecutionResources", - "imagebuilder:listLifecycleExecutions", - "imagebuilder:listLifecyclePolicies", - "imagebuilder:listTagsForResource", - "imagebuilder:listWorkflowBuildVersions", - "imagebuilder:listWorkflowExecutions", - "imagebuilder:listWorkflows", - "imagebuilder:listWaitingWorkflowSteps", - "imagebuilder:listWorkflowStepExecutions", - "inspector-scan:scanSbom", - "inspector:describeAssessmentRuns", - "inspector:describeAssessmentTargets", - "inspector:describeAssessmentTemplates", - "inspector:describeCrossAccountAccessRole", - "inspector:describeResourceGroups", - "inspector:describeRulesPackages", - "inspector:getTelemetryMetadata", - "inspector:listAssessmentRunAgents", - "inspector:listAssessmentRuns", - "inspector:listAssessmentTargets", - "inspector:listAssessmentTemplates", - "inspector:listEventSubscriptions", - "inspector:listRulesPackages", - "inspector:listTagsForResource", - "inspector2:batchGetAccountStatus", - "inspector2:batchGetFreeTrialInfo", - "inspector2:describeOrganizationConfiguration", - "inspector2:getConfiguration", - "inspector2:getDelegatedAdminAccount", - "inspector2:getEc2DeepInspectionConfiguration", - "inspector2:getMember", - "inspector2:getSbomExport", - "inspector2:listCisScanConfigurations", - "inspector2:listCisScanResultsAggregatedByChecks", - "inspector2:listCisScanResultsAggregatedByTargetResource", - "inspector2:listCisScans", - "inspector2:listCoverage", - "inspector2:listDelegatedAdminAccounts", - "inspector2:listFilters", - "inspector2:listFindings", - "inspector2:listMembers", - "inspector2:listUsageTotals", - "internetmonitor:getHealthEvent", - "internetmonitor:getMonitor", - "internetmonitor:listHealthEvents", - "internetmonitor:listMonitors", - "invoicing:listInvoiceSummaries", - "iot:describeAuthorizer", - "iot:describeCACertificate", - "iot:describeCertificate", - "iot:describeDefaultAuthorizer", - "iot:describeDomainConfiguration", - "iot:describeEndpoint", - "iot:describeIndex", - "iot:describeJobExecution", - "iot:describeThing", - "iot:describeThingGroup", - "iot:describeTunnel", - "iot:getEffectivePolicies", - "iot:getIndexingConfiguration", - "iot:getLoggingOptions", - "iot:getPolicy", - "iot:getPolicyVersion", - "iot:getTopicRule", - "iot:getV2LoggingOptions", - "iot:listAttachedPolicies", - "iot:listAuthorizers", - "iot:listCACertificates", - "iot:listCertificates", - "iot:listCertificatesByCA", - "iot:listCommandExecutions", - "iot:listCommands", - "iot:listDomainConfigurations", - "iot:listJobExecutionsForJob", - "iot:listJobExecutionsForThing", - "iot:listJobs", - "iot:listNamedShadowsForThing", - "iot:listOutgoingCertificates", - "iot:listPackages", - "iot:listPackageVersions", - "iot:listPolicies", - "iot:listPolicyPrincipals", - "iot:listPolicyVersions", - "iot:listPrincipalPolicies", - "iot:listPrincipalThings", - "iot:listRoleAliases", - "iot:listTargetsForPolicy", - "iot:listThingGroups", - "iot:listThingGroupsForThing", - "iot:listThingPrincipals", - "iot:listThingRegistrationTasks", - "iot:listThings", - "iot:listThingsInThingGroup", - "iot:listThingTypes", - "iot:listTopicRules", - "iot:listTunnels", - "iot:listV2LoggingLevels", - "iotevents:describeDetector", - "iotevents:describeDetectorModel", - "iotevents:describeInput", - "iotevents:describeLoggingOptions", - "iotevents:listDetectorModels", - "iotevents:listDetectorModelVersions", - "iotevents:listDetectors", - "iotevents:listInputs", - "iotfleetwise:getCampaign", - "iotfleetwise:getDecoderManifest", - "iotfleetwise:getEncryptionConfiguration", - "iotfleetwise:getFleet", - "iotfleetwise:getLoggingOptions", - "iotfleetwise:getModelManifest", - "iotfleetwise:getRegisterAccountStatus", - "iotfleetwise:getSignalCatalog", - "iotfleetwise:getStateTemplate", - "iotfleetwise:getVehicle", - "iotfleetwise:getVehicleStatus", - "iotfleetwise:listCampaigns", - "iotfleetwise:listDecoderManifestNetworkInterfaces", - "iotfleetwise:listDecoderManifests", - "iotfleetwise:listDecoderManifestSignals", - "iotfleetwise:listFleets", - "iotfleetwise:listFleetsForVehicle", - "iotfleetwise:listModelManifestNodes", - "iotfleetwise:listModelManifests", - "iotfleetwise:listSignalCatalogNodes", - "iotfleetwise:listSignalCatalogs", - "iotfleetwise:listStateTemplates", - "iotfleetwise:listVehicles", - "iotfleetwise:listVehiclesInFleet", - "iotsitewise:describeAccessPolicy", - "iotsitewise:describeAsset", - "iotsitewise:describeAssetModel", - "iotsitewise:describeAssetProperty", - "iotsitewise:describeDashboard", - "iotsitewise:describeGateway", - "iotsitewise:describeGatewayCapabilityConfiguration", - "iotsitewise:describeLoggingOptions", - "iotsitewise:describePortal", - "iotsitewise:describeProject", - "iotsitewise:listAccessPolicies", - "iotsitewise:listAssetModels", - "iotsitewise:listAssets", - "iotsitewise:listAssociatedAssets", - "iotsitewise:listDashboards", - "iotsitewise:listGateways", - "iotsitewise:listPortals", - "iotsitewise:listProjectAssets", - "iotsitewise:listProjects", - "iottwinmaker:getComponentType", - "iottwinmaker:getEntity", - "iottwinmaker:getPricingPlan", - "iottwinmaker:getScene", - "iottwinmaker:getSyncJob", - "iottwinmaker:getWorkspace", - "iottwinmaker:listComponentTypes", - "iottwinmaker:listEntities", - "iottwinmaker:listScenes", - "iottwinmaker:listSyncJobs", - "iottwinmaker:listSyncResources", - "iottwinmaker:listWorkspaces", - "iotwireless:getDestination", - "iotwireless:getDeviceProfile", - "iotwireless:getPartnerAccount", - "iotwireless:getServiceEndpoint", - "iotwireless:getServiceProfile", - "iotwireless:getWirelessDevice", - "iotwireless:getWirelessDeviceStatistics", - "iotwireless:getWirelessGateway", - "iotwireless:getWirelessGatewayCertificate", - "iotwireless:getWirelessGatewayFirmwareInformation", - "iotwireless:getWirelessGatewayStatistics", - "iotwireless:getWirelessGatewayTask", - "iotwireless:getWirelessGatewayTaskDefinition", - "iotwireless:listDestinations", - "iotwireless:listDeviceProfiles", - "iotwireless:listPartnerAccounts", - "iotwireless:listServiceProfiles", - "iotwireless:listTagsForResource", - "iotwireless:listWirelessDevices", - "iotwireless:listWirelessGateways", - "iotwireless:listWirelessGatewayTaskDefinitions", - "ivs:getChannel", - "ivs:getRecordingConfiguration", - "ivs:getStream", - "ivs:getStreamSession", - "ivs:listChannels", - "ivs:listPlaybackKeyPairs", - "ivs:listRecordingConfigurations", - "ivs:listStreamKeys", - "ivs:listStreams", - "ivs:listStreamSessions", - "kafka:describeCluster", - "kafka:describeClusterOperation", - "kafka:describeClusterOperationV2", - "kafka:describeClusterV2", - "kafka:describeConfiguration", - "kafka:describeConfigurationRevision", - "kafka:describeReplicator", - "kafka:describeVpcConnection", - "kafka:getBootstrapBrokers", - "kafka:getClusterPolicy", - "kafka:listClientVpcConnections", - "kafka:listClusterOperations", - "kafka:listClusterOperationsV2", - "kafka:listClusters", - "kafka:listClustersV2", - "kafka:listConfigurationRevisions", - "kafka:listConfigurations", - "kafka:listNodes", - "kafka:listReplicators", - "kafka:listScramSecrets", - "kafka:listVpcConnections", - "kafkaconnect:describeConnector", - "kafkaconnect:describeCustomPlugin", - "kafkaconnect:describeWorkerConfiguration", - "kafkaconnect:listConnectors", - "kafkaconnect:listCustomPlugins", - "kafkaconnect:listWorkerConfigurations", - "kendra:describeDataSource", - "kendra:describeFaq", - "kendra:describeIndex", - "kendra:listDataSources", - "kendra:listFaqs", - "kendra:listIndices", - "kinesis:describeStream", - "kinesis:describeStreamConsumer", - "kinesis:describeStreamSummary", - "kinesis:listShards", - "kinesis:listStreamConsumers", - "kinesis:listStreams", - "kinesis:listTagsForStream", - "kinesisanalytics:describeApplication", - "kinesisanalytics:describeApplicationOperation", - "kinesisanalytics:describeApplicationSnapshot", - "kinesisanalytics:listApplicationOperations", - "kinesisanalytics:listApplications", - "kinesisanalytics:listApplicationSnapshots", - "kinesisanalytics:listApplicationVersions", - "kinesisvideo:describeImageGenerationConfiguration", - "kinesisvideo:describeNotificationConfiguration", - "kinesisvideo:describeSignalingChannel", - "kinesisvideo:describeStream", - "kinesisvideo:getDataEndpoint", - "kinesisvideo:getIceServerConfig", - "kinesisvideo:getSignalingChannelEndpoint", - "kinesisvideo:listSignalingChannels", - "kinesisvideo:listStreams", - "kms:describeKey", - "kms:getKeyPolicy", - "kms:getKeyRotationStatus", - "kms:listAliases", - "kms:listGrants", - "kms:listKeyPolicies", - "kms:listKeys", - "kms:listResourceTags", - "kms:listRetirableGrants", - "lakeformation:describeLakeFormationIdentityCenterConfiguration", - "lakeformation:describeResource", - "lakeformation:describeTransaction", - "lakeformation:getDataLakePrincipal", - "lakeformation:getDataLakeSettings", - "lakeformation:getEffectivePermissionsForPath", - "lakeformation:getLFTag", - "lakeformation:getLFTagExpression", - "lakeformation:getQueryState", - "lakeformation:getQueryStatistics", - "lakeformation:getResourceLFTags", - "lakeformation:listLFTagExpressions", - "lakeformation:listLFTags", - "lakeformation:listLakeFormationOptIns", - "lakeformation:listPermissions", - "lakeformation:listResources", - "lakeformation:searchDatabasesByLFTags", - "lakeformation:searchTablesByLFTags", - "lambda:getAccountSettings", - "lambda:getAlias", - "lambda:getCodeSigningConfig", - "lambda:getEventSourceMapping", - "lambda:getFunction", - "lambda:getFunctionCodeSigningConfig", - "lambda:getFunctionConcurrency", - "lambda:getFunctionConfiguration", - "lambda:getFunctionEventInvokeConfig", - "lambda:getFunctionRecursionConfig", - "lambda:getFunctionUrlConfig", - "lambda:getLayerVersion", - "lambda:getLayerVersionPolicy", - "lambda:getPolicy", - "lambda:getProvisionedConcurrencyConfig", - "lambda:getRuntimeManagementConfig", - "lambda:listAliases", - "lambda:listCodeSigningConfigs", - "lambda:listEventSourceMappings", - "lambda:listFunctionEventInvokeConfigs", - "lambda:listFunctions", - "lambda:listFunctionsByCodeSigningConfig", - "lambda:listFunctionUrlConfigs", - "lambda:listLayers", - "lambda:listLayerVersions", - "lambda:listProvisionedConcurrencyConfigs", - "lambda:listTags", - "lambda:listVersionsByFunction", - "launchwizard:describeProvisionedApp", - "launchwizard:describeProvisioningEvents", - "launchwizard:listDeploymentEvents", - "launchwizard:listDeployments", - "launchwizard:listProvisionedApps", - "lex:describeBot", - "lex:describeBotAlias", - "lex:describeBotLocale", - "lex:describeBotRecommendation", - "lex:describeBotVersion", - "lex:describeCustomVocabularyMetadata", - "lex:describeExport", - "lex:describeImport", - "lex:describeIntent", - "lex:describeResourcePolicy", - "lex:describeSlot", - "lex:describeSlotType", - "lex:getBot", - "lex:getBotAlias", - "lex:getBotAliases", - "lex:getBotChannelAssociation", - "lex:getBotChannelAssociations", - "lex:getBots", - "lex:getBotVersions", - "lex:getBuiltinIntent", - "lex:getBuiltinIntents", - "lex:getBuiltinSlotTypes", - "lex:getIntent", - "lex:getIntents", - "lex:getIntentVersions", - "lex:getSlotType", - "lex:getSlotTypes", - "lex:getSlotTypeVersions", - "lex:listBotAliases", - "lex:listBotLocales", - "lex:listBotRecommendations", - "lex:listBots", - "lex:listBotVersions", - "lex:listExports", - "lex:listImports", - "lex:listIntents", - "lex:listRecommendedIntents", - "lex:listSlots", - "lex:listSlotTypes", - "license-manager:getLicenseConfiguration", - "license-manager:getServiceSettings", - "license-manager:listAssociationsForLicenseConfiguration", - "license-manager:listFailuresForLicenseConfigurationOperations", - "license-manager:listLicenseConfigurations", - "license-manager:listLicenseSpecificationsForResource", - "license-manager:listResourceInventory", - "license-manager:listUsageForLicenseConfiguration", - "lightsail:getActiveNames", - "lightsail:getAlarms", - "lightsail:getAutoSnapshots", - "lightsail:getBlueprints", - "lightsail:getBucketBundles", - "lightsail:getBucketMetricData", - "lightsail:getBuckets", - "lightsail:getBundles", - "lightsail:getCertificates", - "lightsail:getContainerImages", - "lightsail:getContainerServiceDeployments", - "lightsail:getContainerServiceMetricData", - "lightsail:getContainerServicePowers", - "lightsail:getContainerServices", - "lightsail:getDisk", - "lightsail:getDisks", - "lightsail:getDiskSnapshot", - "lightsail:getDiskSnapshots", - "lightsail:getDistributionBundles", - "lightsail:getDistributionMetricData", - "lightsail:getDistributions", - "lightsail:getDomain", - "lightsail:getDomains", - "lightsail:getExportSnapshotRecords", - "lightsail:getInstance", - "lightsail:getInstanceMetricData", - "lightsail:getInstancePortStates", - "lightsail:getInstances", - "lightsail:getInstanceSnapshot", - "lightsail:getInstanceSnapshots", - "lightsail:getInstanceState", - "lightsail:getKeyPair", - "lightsail:getKeyPairs", - "lightsail:getLoadBalancer", - "lightsail:getLoadBalancerMetricData", - "lightsail:getLoadBalancers", - "lightsail:getLoadBalancerTlsCertificates", - "lightsail:getOperation", - "lightsail:getOperations", - "lightsail:getOperationsForResource", - "lightsail:getRegions", - "lightsail:getRelationalDatabase", - "lightsail:getRelationalDatabaseMetricData", - "lightsail:getRelationalDatabases", - "lightsail:getRelationalDatabaseSnapshot", - "lightsail:getRelationalDatabaseSnapshots", - "lightsail:getStaticIp", - "lightsail:getStaticIps", - "lightsail:isVpcPeered", - "logs:describeAccountPolicies", - "logs:describeDeliveries", - "logs:describeDeliveryDestinations", - "logs:describeDeliverySources", - "logs:describeDestinations", - "logs:describeExportTasks", - "logs:describeFieldIndexes", - "logs:describeIndexPolicies", - "logs:describeLogGroups", - "logs:describeLogStreams", - "logs:describeMetricFilters", - "logs:describeQueries", - "logs:describeQueryDefinitions", - "logs:describeResourcePolicies", - "logs:describeSubscriptionFilters", - "logs:getDataProtectionPolicy", - "logs:getDelivery", - "logs:getDeliveryDestination", - "logs:getDeliveryDestinationPolicy", - "logs:getDeliverySource", - "logs:getIntegration", - "logs:getLogAnomalyDetector", - "logs:getLogDelivery", - "logs:getLogGroupFields", - "logs:getTransformer", - "logs:listAnomalies", - "logs:listIntegrations", - "logs:listLogAnomalyDetectors", - "logs:listLogDeliveries", - "logs:listLogGroupsForQuery", - "logs:testMetricFilter", - "lookoutequipment:describeDataIngestionJob", - "lookoutequipment:describeDataset", - "lookoutequipment:describeInferenceScheduler", - "lookoutequipment:describeModel", - "lookoutequipment:listDataIngestionJobs", - "lookoutequipment:listDatasets", - "lookoutequipment:listInferenceExecutions", - "lookoutequipment:listInferenceSchedulers", - "lookoutequipment:listModels", - "lookoutmetrics:describeAlert", - "lookoutmetrics:describeAnomalyDetectionExecutions", - "lookoutmetrics:describeAnomalyDetector", - "lookoutmetrics:describeMetricSet", - "lookoutmetrics:getAnomalyGroup", - "lookoutmetrics:getDataQualityMetrics", - "lookoutmetrics:getFeedback", - "lookoutmetrics:getSampleData", - "lookoutmetrics:listAlerts", - "lookoutmetrics:listAnomalyDetectors", - "lookoutmetrics:listAnomalyGroupSummaries", - "lookoutmetrics:listAnomalyGroupTimeSeries", - "lookoutmetrics:listMetricSets", - "lookoutmetrics:listTagsForResource", - "m2:getApplication", - "m2:getApplicationVersion", - "m2:getBatchJobExecution", - "m2:getDataSetDetails", - "m2:getDataSetImportTask", - "m2:getDeployment", - "m2:getEnvironment", - "m2:listApplications", - "m2:listApplicationVersions", - "m2:listBatchJobDefinitions", - "m2:listBatchJobExecutions", - "m2:listDataSetImportHistory", - "m2:listDataSets", - "m2:listDeployments", - "m2:listEngineVersions", - "m2:listEnvironments", - "machinelearning:describeBatchPredictions", - "machinelearning:describeDataSources", - "machinelearning:describeEvaluations", - "machinelearning:describeMLModels", - "machinelearning:getBatchPrediction", - "machinelearning:getDataSource", - "machinelearning:getEvaluation", - "machinelearning:getMLModel", - "macie2:getClassificationExportConfiguration", - "macie2:getCustomDataIdentifier", - "macie2:getFindings", - "macie2:getFindingStatistics", - "macie2:listClassificationJobs", - "macie2:listCustomDataIdentifiers", - "macie2:listFindings", - "managedblockchain:getMember", - "managedblockchain:getNetwork", - "managedblockchain:getNode", - "managedblockchain:listMembers", - "managedblockchain:listNetworks", - "managedblockchain:listNodes", - "mediaconnect:describeFlow", - "mediaconnect:listEntitlements", - "mediaconnect:listFlows", - "mediaconvert:describeEndpoints", - "mediaconvert:getJob", - "mediaconvert:getJobTemplate", - "mediaconvert:getPreset", - "mediaconvert:getQueue", - "mediaconvert:listJobs", - "mediaconvert:listJobTemplates", - "medialive:describeChannel", - "medialive:describeInput", - "medialive:describeInputDevice", - "medialive:describeInputSecurityGroup", - "medialive:describeMultiplex", - "medialive:describeOffering", - "medialive:describeReservation", - "medialive:describeSchedule", - "medialive:getCloudWatchAlarmTemplate", - "medialive:getCloudWatchAlarmTemplateGroup", - "medialive:getEventBridgeRuleTemplate", - "medialive:getEventBridgeRuleTemplateGroup", - "medialive:getSignalMap", - "medialive:listChannels", - "medialive:listCloudWatchAlarmTemplateGroups", - "medialive:listCloudWatchAlarmTemplates", - "medialive:listEventBridgeRuleTemplateGroups", - "medialive:listEventBridgeRuleTemplates", - "medialive:listInputDevices", - "medialive:listInputs", - "medialive:listInputSecurityGroups", - "medialive:listMultiplexes", - "medialive:listOfferings", - "medialive:listReservations", - "medialive:listSignalMaps", - "mediapackage:describeChannel", - "mediapackage:describeOriginEndpoint", - "mediapackage:listChannels", - "mediapackage:listOriginEndpoints", - "mediastore:describeContainer", - "mediastore:getContainerPolicy", - "mediastore:getCorsPolicy", - "mediastore:listContainers", - "mediatailor:getPlaybackConfiguration", - "mediatailor:listPlaybackConfigurations", - "medical-imaging:getDatastore", - "medical-imaging:listDatastores", - "mgn:describeJobLogItems", - "mgn:describeJobs", - "mgn:describeLaunchConfigurationTemplates", - "mgn:describeReplicationConfigurationTemplates", - "mgn:describeSourceServers", - "mgn:describeVcenterClients", - "mgn:getLaunchConfiguration", - "mgn:getReplicationConfiguration", - "mgn:listApplications", - "mgn:listSourceServerActions", - "mgn:listTemplateActions", - "mgn:listWaves", - "mobiletargeting:getAdmChannel", - "mobiletargeting:getApnsChannel", - "mobiletargeting:getApnsSandboxChannel", - "mobiletargeting:getApnsVoipChannel", - "mobiletargeting:getApnsVoipSandboxChannel", - "mobiletargeting:getApp", - "mobiletargeting:getApplicationSettings", - "mobiletargeting:getApps", - "mobiletargeting:getBaiduChannel", - "mobiletargeting:getCampaign", - "mobiletargeting:getCampaignActivities", - "mobiletargeting:getCampaigns", - "mobiletargeting:getCampaignVersion", - "mobiletargeting:getCampaignVersions", - "mobiletargeting:getEmailChannel", - "mobiletargeting:getEndpoint", - "mobiletargeting:getEventStream", - "mobiletargeting:getExportJob", - "mobiletargeting:getExportJobs", - "mobiletargeting:getGcmChannel", - "mobiletargeting:getImportJob", - "mobiletargeting:getImportJobs", - "mobiletargeting:getJourney", - "mobiletargeting:getJourneyExecutionActivityMetrics", - "mobiletargeting:getJourneyExecutionMetrics", - "mobiletargeting:getJourneyRunExecutionActivityMetrics", - "mobiletargeting:getJourneyRunExecutionMetrics", - "mobiletargeting:getJourneyRuns", - "mobiletargeting:getSegment", - "mobiletargeting:getSegmentImportJobs", - "mobiletargeting:getSegments", - "mobiletargeting:getSegmentVersion", - "mobiletargeting:getSegmentVersions", - "mobiletargeting:getSmsChannel", - "mobiletargeting:listJourneys", - "mobiletargeting:phoneNumberValidate", - "mq:describeBroker", - "mq:describeConfiguration", - "mq:describeConfigurationRevision", - "mq:describeUser", - "mq:listBrokers", - "mq:listConfigurationRevisions", - "mq:listConfigurations", - "mq:listUsers", - "network-firewall:describeFirewall", - "network-firewall:describeFirewallPolicy", - "network-firewall:describeFlowOperation", - "network-firewall:describeLoggingConfiguration", - "network-firewall:describeResourcePolicy", - "network-firewall:describeRuleGroup", - "network-firewall:describeRuleGroupMetadata", - "network-firewall:describeTlsInspectionConfiguration", - "network-firewall:listAnalysisReports", - "network-firewall:listFirewallPolicies", - "network-firewall:listFirewalls", - "network-firewall:listFlowOperationResults", - "network-firewall:listFlowOperations", - "network-firewall:listRuleGroups", - "network-firewall:listTlsInspectionConfigurations", - "networkflowmonitor:getMonitor", - "networkflowmonitor:getScope", - "networkflowmonitor:listMonitors", - "networkflowmonitor:listScopes", - "networkmanager:describeGlobalNetworks", - "networkmanager:getConnectAttachment", - "networkmanager:getConnections", - "networkmanager:getConnectPeer", - "networkmanager:getConnectPeerAssociations", - "networkmanager:getCoreNetwork", - "networkmanager:getCoreNetworkChangeEvents", - "networkmanager:getCoreNetworkChangeSet", - "networkmanager:getCoreNetworkPolicy", - "networkmanager:getCustomerGatewayAssociations", - "networkmanager:getDevices", - "networkmanager:getDirectConnectGatewayAttachment", - "networkmanager:getLinkAssociations", - "networkmanager:getLinks", - "networkmanager:getNetworkResourceCounts", - "networkmanager:getNetworkResourceRelationships", - "networkmanager:getNetworkResources", - "networkmanager:getNetworkRoutes", - "networkmanager:getNetworkTelemetry", - "networkmanager:getResourcePolicy", - "networkmanager:getRouteAnalysis", - "networkmanager:getSites", - "networkmanager:getSiteToSiteVpnAttachment", - "networkmanager:getTransitGatewayConnectPeerAssociations", - "networkmanager:getTransitGatewayPeering", - "networkmanager:getTransitGatewayRegistrations", - "networkmanager:getTransitGatewayRouteTableAttachment", - "networkmanager:getVpcAttachment", - "networkmanager:listAttachments", - "networkmanager:listConnectPeers", - "networkmanager:listCoreNetworkPolicyVersions", - "networkmanager:listCoreNetworks", - "networkmanager:listOrganizationServiceAccessStatus", - "networkmanager:listPeerings", - "networkmanager:listTagsForResource", - "networkmonitor:getMonitor", - "networkmonitor:getProbe", - "networkmonitor:listMonitors", - "notifications-contacts:getEmailContact", - "notifications-contacts:listEmailContacts", - "notifications:getEventRule", - "notifications:getNotificationConfiguration", - "notifications:getNotificationEvent", - "notifications:listChannels", - "notifications:listEventRules", - "notifications:listNotificationConfigurations", - "notifications:listNotificationEvents", - "notifications:listNotificationHubs" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Sid": "AWSSupportActionsGroup3", - "Action": [ - "oam:getLink", - "oam:getSink", - "oam:getSinkPolicy", - "oam:listAttachedLinks", - "oam:listLinks", - "oam:listSinks", - "observabilityadmin:getTelemetryEvaluationStatus", - "observabilityadmin:getTelemetryEvaluationStatusForOrganization", - "observabilityadmin:listResourceTelemetry", - "observabilityadmin:listResourceTelemetryForOrganization", - "odb:getOciOnboardingStatus", - "odb:getOdbNetwork", - "odb:getOdbPeeringConnection", - "odb:listOdbNetworks", - "odb:listOdbPeeringConnections", - "omics:getAnnotationImportJob", - "omics:getAnnotationStore", - "omics:getReadSetImportJob", - "omics:getReadSetMetadata", - "omics:getReference", - "omics:getReferenceImportJob", - "omics:getReferenceMetadata", - "omics:getReferenceStore", - "omics:getRun", - "omics:getRunGroup", - "omics:getSequenceStore", - "omics:getVariantImportJob", - "omics:getVariantStore", - "omics:getWorkflow", - "omics:listAnnotationImportJobs", - "omics:listAnnotationStores", - "omics:listMultipartReadSetUploads", - "omics:listReadSetImportJobs", - "omics:listReadSets", - "omics:listReadSetUploadParts", - "omics:listReferenceImportJobs", - "omics:listReferences", - "omics:listReferenceStores", - "omics:listRunGroups", - "omics:listRuns", - "omics:listRunTasks", - "omics:listSequenceStores", - "omics:listVariantImportJobs", - "omics:listVariantStores", - "omics:listWorkflows", - "opsworks-cm:describeAccountAttributes", - "opsworks-cm:describeBackups", - "opsworks-cm:describeEvents", - "opsworks-cm:describeNodeAssociationStatus", - "opsworks-cm:describeServers", - "opsworks:describeAgentVersions", - "opsworks:describeApps", - "opsworks:describeCommands", - "opsworks:describeDeployments", - "opsworks:describeEcsClusters", - "opsworks:describeElasticIps", - "opsworks:describeElasticLoadBalancers", - "opsworks:describeInstances", - "opsworks:describeLayers", - "opsworks:describeLoadBasedAutoScaling", - "opsworks:describeMyUserProfile", - "opsworks:describePermissions", - "opsworks:describeRaidArrays", - "opsworks:describeRdsDbInstances", - "opsworks:describeServiceErrors", - "opsworks:describeStackProvisioningParameters", - "opsworks:describeStacks", - "opsworks:describeStackSummary", - "opsworks:describeTimeBasedAutoScaling", - "opsworks:describeUserProfiles", - "opsworks:describeVolumes", - "opsworks:getHostnameSuggestion", - "organizations:describeAccount", - "organizations:describeCreateAccountStatus", - "organizations:describeEffectivePolicy", - "organizations:describeHandshake", - "organizations:describeOrganization", - "organizations:describePolicy", - "organizations:describeResourcePolicy", - "organizations:listAccounts", - "organizations:listAWSServiceAccessForOrganization", - "organizations:listCreateAccountStatus", - "organizations:listDelegatedAdministrators", - "organizations:listDelegatedServicesForAccount", - "organizations:listHandshakesForAccount", - "organizations:listHandshakesForOrganization", - "organizations:listPoliciesForTarget", - "organizations:listTagsForResource", - "organizations:listTargetsForPolicy", - "osis:getPipeline", - "osis:getPipelineBlueprint", - "osis:getPipelineChangeProgress", - "osis:listPipelineBlueprints", - "osis:listPipelines", - "osis:validatePipeline", - "outposts:getCapacityTask", - "outposts:getCatalogItem", - "outposts:getConnection", - "outposts:getOrder", - "outposts:getOutpost", - "outposts:getOutpostInstanceTypes", - "outposts:getOutpostSupportedInstanceTypes", - "outposts:getSite", - "outposts:listAssets", - "outposts:listAssetInstances", - "outposts:listBlockingInstancesForCapacityTask", - "outposts:listCapacityTasks", - "outposts:listCatalogItems", - "outposts:listOrders", - "outposts:listOutposts", - "outposts:listSites", - "pcs:getCluster", - "pcs:getComputeNodeGroup", - "pcs:getQueue", - "pcs:listClusters", - "pcs:listComputeNodeGroups", - "pcs:listQueues", - "personalize:describeAlgorithm", - "personalize:describeBatchInferenceJob", - "personalize:describeBatchSegmentJob", - "personalize:describeCampaign", - "personalize:describeDataset", - "personalize:describeDatasetExportJob", - "personalize:describeDatasetGroup", - "personalize:describeDatasetImportJob", - "personalize:describeEventTracker", - "personalize:describeFeatureTransformation", - "personalize:describeFilter", - "personalize:describeRecipe", - "personalize:describeRecommender", - "personalize:describeSchema", - "personalize:describeSolution", - "personalize:describeSolutionVersion", - "personalize:getPersonalizedRanking", - "personalize:getRecommendations", - "personalize:getSolutionMetrics", - "personalize:listBatchInferenceJobs", - "personalize:listBatchSegmentJobs", - "personalize:listCampaigns", - "personalize:listDatasetExportJobs", - "personalize:listDatasetGroups", - "personalize:listDatasetImportJobs", - "personalize:listDatasets", - "personalize:listEventTrackers", - "personalize:listRecipes", - "personalize:listRecommenders", - "personalize:listSchemas", - "personalize:listSolutions", - "personalize:listSolutionVersions", - "pipes:describePipe", - "pipes:listPipes", - "pipes:listTagsForResource", - "polly:describeVoices", - "polly:getLexicon", - "polly:listLexicons", - "pricing:describeServices", - "pricing:getAttributeValues", - "pricing:getProducts", - "private-networks:getDeviceIdentifier", - "private-networks:getNetwork", - "private-networks:getNetworkResource", - "private-networks:listDeviceIdentifiers", - "private-networks:listNetworkResources", - "private-networks:listNetworks", - "qbusiness:getApplication", - "qbusiness:getDataSource", - "qbusiness:getIndex", - "qbusiness:getRetriever", - "qbusiness:getWebExperience", - "qbusiness:listApplications", - "qbusiness:listDataSources", - "qbusiness:listDataSourceSyncJobs", - "qbusiness:listIndices", - "qbusiness:listRetrievers", - "qbusiness:listWebExperiences", - "quicksight:describeAccountCustomization", - "quicksight:describeAccountSettings", - "quicksight:describeAccountSubscription", - "quicksight:describeAnalysis", - "quicksight:describeAnalysisPermissions", - "quicksight:describeDashboard", - "quicksight:describeDashboardPermissions", - "quicksight:describeDataSet", - "quicksight:describeDataSetPermissions", - "quicksight:describeDataSetRefreshProperties", - "quicksight:describeDataSource", - "quicksight:describeDataSourcePermissions", - "quicksight:describeFolder", - "quicksight:describeFolderPermissions", - "quicksight:describeFolderResolvedPermissions", - "quicksight:describeGroup", - "quicksight:describeGroupMembership", - "quicksight:describeIAMPolicyAssignment", - "quicksight:describeIngestion", - "quicksight:describeIpRestriction", - "quicksight:describeNamespace", - "quicksight:describeRefreshSchedule", - "quicksight:describeTemplate", - "quicksight:describeTemplateAlias", - "quicksight:describeTemplatePermissions", - "quicksight:describeTheme", - "quicksight:describeThemeAlias", - "quicksight:describeThemePermissions", - "quicksight:describeTopic", - "quicksight:describeTopicPermissions", - "quicksight:describeTopicRefresh", - "quicksight:describeTopicRefreshSchedule", - "quicksight:describeUser", - "quicksight:describeVPCConnection", - "quicksight:listAnalyses", - "quicksight:listDashboards", - "quicksight:listDashboardVersions", - "quicksight:listDataSets", - "quicksight:listDataSources", - "quicksight:listFolderMembers", - "quicksight:listFolders", - "quicksight:listGroupMemberships", - "quicksight:listGroups", - "quicksight:listIAMPolicyAssignments", - "quicksight:listIAMPolicyAssignmentsForUser", - "quicksight:listIngestions", - "quicksight:listNamespaces", - "quicksight:listRefreshSchedules", - "quicksight:listTemplateAliases", - "quicksight:listTemplates", - "quicksight:listTemplateVersions", - "quicksight:listThemeAliases", - "quicksight:listThemes", - "quicksight:listThemeVersions", - "quicksight:listTopicRefreshSchedules", - "quicksight:listTopics", - "quicksight:listUserGroups", - "quicksight:listUsers", - "quicksight:listVPCConnections", - "quicksight:searchAnalyses", - "quicksight:searchDashboards", - "quicksight:searchDataSets", - "quicksight:searchDataSources", - "quicksight:searchFolders", - "quicksight:searchGroups", - "ram:getPermission", - "ram:getResourceShareAssociations", - "ram:getResourceShareInvitations", - "ram:getResourceShares", - "ram:listPendingInvitationResources", - "ram:listPrincipals", - "ram:listResources", - "ram:listResourceSharePermissions", - "rbin:getRule", - "rbin:listRules", - "rds:describeAccountAttributes", - "rds:describeBlueGreenDeployments", - "rds:describeCertificates", - "rds:describeDBClusterEndpoints", - "rds:describeDBClusterParameterGroups", - "rds:describeDBClusterParameters", - "rds:describeDBClusters", - "rds:describeDBClusterSnapshots", - "rds:describeDBEngineVersions", - "rds:describeDBInstanceAutomatedBackups", - "rds:describeDBInstances", - "rds:describeDBLogFiles", - "rds:describeDBParameterGroups", - "rds:describeDBParameters", - "rds:describeDBSecurityGroups", - "rds:describeDBSnapshotAttributes", - "rds:describeDBSnapshots", - "rds:describeDBSubnetGroups", - "rds:describeEngineDefaultClusterParameters", - "rds:describeEngineDefaultParameters", - "rds:describeEventCategories", - "rds:describeEvents", - "rds:describeEventSubscriptions", - "rds:describeExportTasks", - "rds:describeGlobalClusters", - "rds:describeIntegrations", - "rds:describeOptionGroupOptions", - "rds:describeOptionGroups", - "rds:describeOrderableDBInstanceOptions", - "rds:describePendingMaintenanceActions", - "rds:describeReservedDBInstances", - "rds:describeReservedDBInstancesOfferings", - "rds:describeSourceRegions", - "rds:describeValidDBInstanceModifications", - "rds:listTagsForResource", - "redshift-data:describeStatement", - "redshift-data:listStatements", - "redshift-serverless:getCustomDomainAssociation", - "redshift-serverless:getEndpointAccess", - "redshift-serverless:getNamespace", - "redshift-serverless:getRecoveryPoint", - "redshift-serverless:getScheduledAction", - "redshift-serverless:getSnapshot", - "redshift-serverless:getTableRestoreStatus", - "redshift-serverless:getUsageLimit", - "redshift-serverless:getWorkgroup", - "redshift-serverless:listCustomDomainAssociations", - "redshift-serverless:listEndpointAccess", - "redshift-serverless:listNamespaces", - "redshift-serverless:listRecoveryPoints", - "redshift-serverless:listSnapshotCopyConfigurations", - "redshift-serverless:listSnapshots", - "redshift-serverless:listTableRestoreStatus", - "redshift-serverless:listUsageLimits", - "redshift-serverless:listWorkgroups", - "redshift:describeClusterDbRevisions", - "redshift:describeClusterParameterGroups", - "redshift:describeClusterParameters", - "redshift:describeClusters", - "redshift:describeClusterSecurityGroups", - "redshift:describeClusterSnapshots", - "redshift:describeClusterSubnetGroups", - "redshift:describeClusterTracks", - "redshift:describeClusterVersions", - "redshift:describeCustomDomainAssociations", - "redshift:describeDataShares", - "redshift:describeDataSharesForConsumer", - "redshift:describeDataSharesForProducer", - "redshift:describeDefaultClusterParameters", - "redshift:describeEndpointAccess", - "redshift:describeEndpointAuthorization", - "redshift:describeEventCategories", - "redshift:describeEvents", - "redshift:describeEventSubscriptions", - "redshift:describeHsmClientCertificates", - "redshift:describeHsmConfigurations", - "redshift:describeInboundIntegrations", - "redshift:describeLoggingStatus", - "redshift:describeNodeConfigurationOptions", - "redshift:describeOrderableClusterOptions", - "redshift:describeRedshiftIdcApplications", - "redshift:describeReservedNodeOfferings", - "redshift:describeReservedNodes", - "redshift:describeResize", - "redshift:describeSnapshotCopyGrants", - "redshift:describeSnapshotSchedules", - "redshift:describeStorage", - "redshift:describeTableRestoreStatus", - "redshift:describeTags", - "redshift:describeUsageLimits", - "rekognition:listCollections", - "rekognition:listFaces", - "resiliencehub:describeApp", - "resiliencehub:describeAppAssessment", - "resiliencehub:describeAppVersion", - "resiliencehub:describeAppVersionAppComponent", - "resiliencehub:describeAppVersionResource", - "resiliencehub:describeAppVersionResourcesResolutionStatus", - "resiliencehub:describeAppVersionTemplate", - "resiliencehub:describeDraftAppVersionResourcesImportStatus", - "resiliencehub:describeResiliencyPolicy", - "resiliencehub:describeResourceGroupingRecommendationTask", - "resiliencehub:listAlarmRecommendations", - "resiliencehub:listAppAssessmentComplianceDrifts", - "resiliencehub:listAppAssessmentResourceDrifts", - "resiliencehub:listAppAssessments", - "resiliencehub:listAppComponentCompliances", - "resiliencehub:listAppComponentRecommendations", - "resiliencehub:listAppInputSources", - "resiliencehub:listApps", - "resiliencehub:listAppVersionAppComponents", - "resiliencehub:listAppVersionResourceMappings", - "resiliencehub:listAppVersionResources", - "resiliencehub:listAppVersions", - "resiliencehub:listRecommendationTemplates", - "resiliencehub:listResiliencyPolicies", - "resiliencehub:listResourceGroupingRecommendations", - "resiliencehub:listSopRecommendations", - "resiliencehub:listSuggestedResiliencyPolicies", - "resiliencehub:listTestRecommendations", - "resiliencehub:listUnsupportedAppVersionResources", - "resource-explorer-2:getAccountLevelServiceConfiguration", - "resource-explorer-2:getIndex", - "resource-explorer-2:getView", - "resource-explorer-2:listIndexes", - "resource-explorer-2:listViews", - "resource-explorer-2:search", - "resource-groups:getGroup", - "resource-groups:getGroupQuery", - "resource-groups:getTags", - "resource-groups:listGroupResources", - "resource-groups:listGroups", - "resource-groups:searchResources", - "robomaker:batchDescribeSimulationJob", - "robomaker:describeDeploymentJob", - "robomaker:describeFleet", - "robomaker:describeRobot", - "robomaker:describeRobotApplication", - "robomaker:describeSimulationApplication", - "robomaker:describeSimulationJob", - "robomaker:listDeploymentJobs", - "robomaker:listFleets", - "robomaker:listRobotApplications", - "robomaker:listRobots", - "robomaker:listSimulationApplications", - "robomaker:listSimulationJobs", - "rolesanywhere:getProfile", - "rolesanywhere:getTrustAnchor", - "rolesanywhere:listProfiles", - "rolesanywhere:listTrustAnchors", - "route53-recovery-cluster:getRoutingControlState", - "route53-recovery-cluster:listRoutingControls", - "route53-recovery-control-config:describeControlPanel", - "route53-recovery-control-config:describeRoutingControl", - "route53-recovery-control-config:describeSafetyRule", - "route53-recovery-control-config:listControlPanels", - "route53-recovery-control-config:listRoutingControls", - "route53-recovery-control-config:listSafetyRules", - "route53-recovery-readiness:getCell", - "route53-recovery-readiness:getCellReadinessSummary", - "route53-recovery-readiness:getReadinessCheck", - "route53-recovery-readiness:getReadinessCheckResourceStatus", - "route53-recovery-readiness:getReadinessCheckStatus", - "route53-recovery-readiness:getRecoveryGroup", - "route53-recovery-readiness:getRecoveryGroupReadinessSummary", - "route53-recovery-readiness:listCells", - "route53-recovery-readiness:listReadinessChecks", - "route53-recovery-readiness:listRecoveryGroups", - "route53-recovery-readiness:listResourceSets", - "route53:getAccountLimit", - "route53:getChange", - "route53:getCheckerIpRanges", - "route53:getDNSSEC", - "route53:getGeoLocation", - "route53:getHealthCheck", - "route53:getHealthCheckCount", - "route53:getHealthCheckLastFailureReason", - "route53:getHealthCheckStatus", - "route53:getHostedZone", - "route53:getHostedZoneCount", - "route53:getHostedZoneLimit", - "route53:getQueryLoggingConfig", - "route53:getReusableDelegationSet", - "route53:getTrafficPolicy", - "route53:getTrafficPolicyInstance", - "route53:getTrafficPolicyInstanceCount", - "route53:listCidrBlocks", - "route53:listCidrCollections", - "route53:listCidrLocations", - "route53:listGeoLocations", - "route53:listHealthChecks", - "route53:listHostedZones", - "route53:listHostedZonesByName", - "route53:listHostedZonesByVpc", - "route53:listQueryLoggingConfigs", - "route53:listResourceRecordSets", - "route53:listReusableDelegationSets", - "route53:listTrafficPolicies", - "route53:listTrafficPolicyInstances", - "route53:listTrafficPolicyInstancesByHostedZone", - "route53:listTrafficPolicyInstancesByPolicy", - "route53:listTrafficPolicyVersions", - "route53:listVPCAssociationAuthorizations", - "route53domains:checkDomainAvailability", - "route53domains:getContactReachabilityStatus", - "route53domains:getDomainDetail", - "route53domains:getOperationDetail", - "route53domains:listDomains", - "route53domains:listOperations", - "route53domains:listPrices", - "route53domains:listTagsForDomain", - "route53domains:viewBilling", - "route53profiles:getProfile", - "route53profiles:getProfileAssociation", - "route53profiles:getProfileResourceAssociation", - "route53profiles:listProfileAssociations", - "route53profiles:listProfileResourceAssociations", - "route53profiles:listProfiles", - "route53profiles:listTagsForResource", - "route53resolver:getFirewallConfig", - "route53resolver:getFirewallDomainList", - "route53resolver:getFirewallRuleGroup", - "route53resolver:getFirewallRuleGroupAssociation", - "route53resolver:getFirewallRuleGroupPolicy", - "route53resolver:getOutpostResolver", - "route53resolver:getResolverDnssecConfig", - "route53resolver:getResolverQueryLogConfig", - "route53resolver:getResolverQueryLogConfigAssociation", - "route53resolver:getResolverQueryLogConfigPolicy", - "route53resolver:getResolverRule", - "route53resolver:getResolverRuleAssociation", - "route53resolver:getResolverRulePolicy", - "route53resolver:listFirewallConfigs", - "route53resolver:listFirewallDomainLists", - "route53resolver:listFirewallDomains", - "route53resolver:listFirewallRuleGroupAssociations", - "route53resolver:listFirewallRuleGroups", - "route53resolver:listFirewallRules", - "route53resolver:listOutpostResolvers", - "route53resolver:listResolverConfigs", - "route53resolver:listResolverDnssecConfigs", - "route53resolver:listResolverEndpointIpAddresses", - "route53resolver:listResolverEndpoints", - "route53resolver:listResolverQueryLogConfigAssociations", - "route53resolver:listResolverQueryLogConfigs", - "route53resolver:listResolverRuleAssociations", - "route53resolver:listResolverRules", - "route53resolver:listTagsForResource", - "rum:batchGetRumMetricDefinitions", - "rum:getAppMonitor", - "rum:listAppMonitors", - "rum:listRumMetricsDestinations", - "s3-outposts:listEndpoints", - "s3-outposts:listOutpostsWithS3", - "s3-outposts:listRegionalBuckets", - "s3-outposts:listSharedEndpoints", - "s3:describeJob", - "s3:describeMultiRegionAccessPointOperation", - "s3:getAccelerateConfiguration", - "s3:getAccessGrant", - "s3:getAccessGrantsInstance", - "s3:getAccessGrantsInstanceResourcePolicy", - "s3:getAccessGrantsLocation", - "s3:getAccessPoint", - "s3:getAccessPointConfigurationForObjectLambda", - "s3:getAccessPointForObjectLambda", - "s3:getAccessPointPolicy", - "s3:getAccessPointPolicyForObjectLambda", - "s3:getAccessPointPolicyStatus", - "s3:getAccessPointPolicyStatusForObjectLambda", - "s3:getAccountPublicAccessBlock", - "s3:getAnalyticsConfiguration", - "s3:getBucketAcl", - "s3:getBucketCORS", - "s3:getBucketLocation", - "s3:getBucketLogging", - "s3:getBucketNotification", - "s3:getBucketObjectLockConfiguration", - "s3:getBucketOwnershipControls", - "s3:getBucketPolicy", - "s3:getBucketPolicyStatus", - "s3:getBucketPublicAccessBlock", - "s3:getBucketRequestPayment", - "s3:getBucketVersioning", - "s3:getBucketWebsite", - "s3:getEncryptionConfiguration", - "s3:getIntelligentTieringConfiguration", - "s3:getInventoryConfiguration", - "s3:getLifecycleConfiguration", - "s3:getMetricsConfiguration", - "s3:getMultiRegionAccessPoint", - "s3:getMultiRegionAccessPointPolicy", - "s3:getMultiRegionAccessPointPolicyStatus", - "s3:getMultiRegionAccessPointRoutes", - "s3:getObjectAcl", - "s3:getObjectLegalHold", - "s3:getObjectRetention", - "s3:getReplicationConfiguration", - "s3:getStorageLensConfiguration", - "s3:listAccessGrants", - "s3:listAccessGrantsInstances", - "s3:listAccessGrantsLocations", - "s3:listAccessPoints", - "s3:listAccessPointsForObjectLambda", - "s3:listAllMyBuckets", - "s3:listBucket", - "s3:listBucketMultipartUploads", - "s3:listBucketVersions", - "s3:listJobs", - "s3:listMultipartUploadParts", - "s3:listMultiRegionAccessPoints", - "s3:listStorageLensConfigurations", - "s3express:getBucketPolicy", - "s3express:listAllMyDirectoryBuckets", - "s3tables:getNamespace", - "s3tables:getTable", - "s3tables:getTableBucket", - "s3tables:getTableBucketMaintenanceConfiguration", - "s3tables:getTableBucketPolicy", - "s3tables:getTableMaintenanceJobStatus", - "s3tables:getTableMetadataLocation", - "s3tables:getTablePolicy", - "s3tables:listNamespaces", - "s3tables:listTableBuckets", - "s3tables:listTables", - "sagemaker:describeAction", - "sagemaker:describeAlgorithm", - "sagemaker:describeApp", - "sagemaker:describeAppImageConfig", - "sagemaker:describeArtifact", - "sagemaker:describeAutoMLJob", - "sagemaker:describeCluster", - "sagemaker:describeClusterNode", - "sagemaker:describeCodeRepository", - "sagemaker:describeCompilationJob", - "sagemaker:describeContext", - "sagemaker:describeDataQualityJobDefinition", - "sagemaker:describeDevice", - "sagemaker:describeDeviceFleet", - "sagemaker:describeDomain", - "sagemaker:describeEdgeDeploymentPlan", - "sagemaker:describeEdgePackagingJob", - "sagemaker:describeEndpoint", - "sagemaker:describeEndpointConfig", - "sagemaker:describeExperiment", - "sagemaker:describeFeatureGroup", - "sagemaker:describeFeatureMetadata", - "sagemaker:describeFlowDefinition", - "sagemaker:describeHub", - "sagemaker:describeHubContent", - "sagemaker:describeHumanTaskUi", - "sagemaker:describeHyperParameterTuningJob", - "sagemaker:describeImage", - "sagemaker:describeImageVersion", - "sagemaker:describeInferenceComponent", - "sagemaker:describeInferenceExperiment", - "sagemaker:describeInferenceRecommendationsJob", - "sagemaker:describeLabelingJob", - "sagemaker:describeMlflowTrackingServer", - "sagemaker:describeModel", - "sagemaker:describeModelBiasJobDefinition", - "sagemaker:describeModelCard", - "sagemaker:describeModelCardExportJob", - "sagemaker:describeModelExplainabilityJobDefinition", - "sagemaker:describeModelPackage", - "sagemaker:describeModelPackageGroup", - "sagemaker:describeModelQualityJobDefinition", - "sagemaker:describeMonitoringSchedule", - "sagemaker:describeNotebookInstance", - "sagemaker:describeNotebookInstanceLifecycleConfig", - "sagemaker:describePipeline", - "sagemaker:describePipelineDefinitionForExecution", - "sagemaker:describePipelineExecution", - "sagemaker:describeProcessingJob", - "sagemaker:describeProject", - "sagemaker:describeSpace", - "sagemaker:describeStudioLifecycleConfig", - "sagemaker:describeSubscribedWorkteam", - "sagemaker:describeTrainingJob", - "sagemaker:describeTransformJob", - "sagemaker:describeTrial", - "sagemaker:describeTrialComponent", - "sagemaker:describeUserProfile", - "sagemaker:describeWorkforce", - "sagemaker:describeWorkteam", - "sagemaker:getDeviceFleetReport", - "sagemaker:getModelPackageGroupPolicy", - "sagemaker:getSagemakerServicecatalogPortfolioStatus", - "sagemaker:listActions", - "sagemaker:listAlgorithms", - "sagemaker:listAliases", - "sagemaker:listAppImageConfigs", - "sagemaker:listApps", - "sagemaker:listArtifacts", - "sagemaker:listAssociations", - "sagemaker:listAutoMLJobs", - "sagemaker:listCandidatesForAutoMLJob", - "sagemaker:listClusterNodes", - "sagemaker:listClusters", - "sagemaker:listCodeRepositories", - "sagemaker:listCompilationJobs", - "sagemaker:listContexts", - "sagemaker:listDataQualityJobDefinitions", - "sagemaker:listDeviceFleets", - "sagemaker:listDevices", - "sagemaker:listDomains", - "sagemaker:listEdgeDeploymentPlans", - "sagemaker:listEdgePackagingJobs", - "sagemaker:listEndpointConfigs", - "sagemaker:listEndpoints", - "sagemaker:listExperiments", - "sagemaker:listFeatureGroups", - "sagemaker:listFlowDefinitions", - "sagemaker:listHubContents", - "sagemaker:listHubContentVersions", - "sagemaker:listHubs", - "sagemaker:listHumanTaskUis", - "sagemaker:listHyperParameterTuningJobs", - "sagemaker:listImages", - "sagemaker:listImageVersions", - "sagemaker:listInferenceComponents", - "sagemaker:listInferenceExperiments", - "sagemaker:listInferenceRecommendationsJobs", - "sagemaker:listInferenceRecommendationsJobSteps", - "sagemaker:listLabelingJobs", - "sagemaker:listLabelingJobsForWorkteam", - "sagemaker:listLineageGroups", - "sagemaker:listMlflowTrackingServers", - "sagemaker:listModelBiasJobDefinitions", - "sagemaker:listModelCardExportJobs", - "sagemaker:listModelCards", - "sagemaker:listModelCardVersions", - "sagemaker:listModelExplainabilityJobDefinitions", - "sagemaker:listModelMetadata", - "sagemaker:listModelPackageGroups", - "sagemaker:listModelPackages", - "sagemaker:listModelQualityJobDefinitions", - "sagemaker:listModels", - "sagemaker:listMonitoringAlertHistory", - "sagemaker:listMonitoringAlerts", - "sagemaker:listMonitoringExecutions", - "sagemaker:listMonitoringSchedules", - "sagemaker:listNotebookInstanceLifecycleConfigs", - "sagemaker:listNotebookInstances", - "sagemaker:listPipelineExecutions", - "sagemaker:listPipelineExecutionSteps", - "sagemaker:listPipelineParametersForExecution", - "sagemaker:listPipelines", - "sagemaker:listProcessingJobs", - "sagemaker:listProjects", - "sagemaker:listSpaces", - "sagemaker:listStageDevices", - "sagemaker:listStudioLifecycleConfigs", - "sagemaker:listSubscribedWorkteams", - "sagemaker:listTags", - "sagemaker:listTrainingJobs", - "sagemaker:listTrainingJobsForHyperParameterTuningJob", - "sagemaker:listTransformJobs", - "sagemaker:listTrialComponents", - "sagemaker:listTrials", - "sagemaker:listUserProfiles", - "sagemaker:listWorkforces", - "sagemaker:listWorkteams", - "savingsplans:describeSavingsPlans", - "scheduler:getSchedule", - "scheduler:getScheduleGroup", - "scheduler:listScheduleGroups", - "scheduler:listSchedules", - "schemas:describeCodeBinding", - "schemas:describeDiscoverer", - "schemas:describeRegistry", - "schemas:describeSchema", - "schemas:getCodeBindingSource", - "schemas:getDiscoveredSchema", - "schemas:getResourcePolicy", - "schemas:listDiscoverers", - "schemas:listRegistries", - "schemas:listSchemas", - "schemas:listSchemaVersions", - "sdb:domainMetadata", - "sdb:listDomains", - "secretsmanager:describeSecret", - "secretsmanager:getResourcePolicy", - "secretsmanager:listSecrets", - "secretsmanager:listSecretVersionIds", - "securityhub:batchGetConfigurationPolicyAssociations", - "securityhub:describeOrganizationConfiguration", - "securityhub:getConfigurationPolicy", - "securityhub:getConfigurationPolicyAssociation", - "securityhub:getEnabledStandards", - "securityhub:getFindingAggregator", - "securityhub:getFindings", - "securityhub:getInsightResults", - "securityhub:getInsights", - "securityhub:getMasterAccount", - "securityhub:getMembers", - "securityhub:listConfigurationPolicies", - "securityhub:listConfigurationPolicyAssociations", - "securityhub:listEnabledProductsForImport", - "securityhub:listFindingAggregators", - "securityhub:listInvitations", - "securityhub:listMembers", - "securitylake:getDataLakeExceptionSubscription", - "securitylake:getDataLakeOrganizationConfiguration", - "securitylake:getDataLakeSources", - "securitylake:getSubscriber", - "securitylake:listDataLakeExceptions", - "securitylake:listDataLakes", - "securitylake:listLogSources", - "securitylake:listSubscribers", - "serverlessrepo:getApplication", - "serverlessrepo:getApplicationPolicy", - "serverlessrepo:getCloudFormationTemplate", - "serverlessrepo:listApplicationDependencies", - "serverlessrepo:listApplications", - "serverlessrepo:listApplicationVersions", - "servicecatalog:describeConstraint", - "servicecatalog:describePortfolio", - "servicecatalog:describeProduct", - "servicecatalog:describeProductAsAdmin", - "servicecatalog:describeProductView", - "servicecatalog:describeProvisioningArtifact", - "servicecatalog:describeProvisioningParameters", - "servicecatalog:describeRecord", - "servicecatalog:listAcceptedPortfolioShares", - "servicecatalog:listConstraintsForPortfolio", - "servicecatalog:listLaunchPaths", - "servicecatalog:listPortfolioAccess", - "servicecatalog:listPortfolios", - "servicecatalog:listPortfoliosForProduct", - "servicecatalog:listPrincipalsForPortfolio", - "servicecatalog:listProvisioningArtifacts", - "servicecatalog:listRecordHistory", - "servicecatalog:scanProvisionedProducts", - "servicecatalog:searchProducts", - "servicequotas:getAssociationForServiceQuotaTemplate", - "servicequotas:getAWSDefaultServiceQuota", - "servicequotas:getRequestedServiceQuotaChange", - "servicequotas:getServiceQuota", - "servicequotas:getServiceQuotaIncreaseRequestFromTemplate", - "servicequotas:listAWSDefaultServiceQuotas", - "servicequotas:listRequestedServiceQuotaChangeHistory", - "servicequotas:listRequestedServiceQuotaChangeHistoryByQuota", - "servicequotas:listServiceQuotaIncreaseRequestsInTemplate", - "servicequotas:listServiceQuotas", - "servicequotas:listServices", - "ses:describeActiveReceiptRuleSet", - "ses:describeConfigurationSet", - "ses:describeReceiptRule", - "ses:describeReceiptRuleSet", - "ses:getAccount", - "ses:getAccountSendingEnabled", - "ses:getAddonInstance", - "ses:getAddonSubscription", - "ses:getArchive", - "ses:getArchiveExport", - "ses:getArchiveSearch", - "ses:getBlacklistReports", - "ses:getConfigurationSet", - "ses:getConfigurationSetEventDestinations", - "ses:getContactList", - "ses:getDedicatedIp", - "ses:getDedicatedIpPool", - "ses:getDedicatedIps", - "ses:getDeliverabilityDashboardOptions", - "ses:getDeliverabilityTestReport", - "ses:getDomainDeliverabilityCampaign", - "ses:getDomainStatisticsReport", - "ses:getEmailIdentity", - "ses:getIdentityDkimAttributes", - "ses:getIdentityMailFromDomainAttributes", - "ses:getIdentityNotificationAttributes", - "ses:getIdentityPolicies", - "ses:getIdentityVerificationAttributes", - "ses:getImportJob", - "ses:getIngressPoint", - "ses:getRelay", - "ses:getRuleSet", - "ses:getTrafficPolicy", - "ses:getSendQuota", - "ses:getSendStatistics", - "ses:listConfigurationSets", - "ses:listAddonInstances", - "ses:listAddonSubscriptions", - "ses:listArchiveExports", - "ses:listArchives", - "ses:listArchiveSearches", - "ses:listContactLists", - "ses:listContacts", - "ses:listCustomVerificationEmailTemplates", - "ses:listDedicatedIpPools", - "ses:listDeliverabilityTestReports", - "ses:listDomainDeliverabilityCampaigns", - "ses:listEmailIdentities", - "ses:listEmailTemplates", - "ses:listIdentities", - "ses:listIdentityPolicies", - "ses:listImportJobs", - "ses:listIngressPoints", - "ses:listReceiptFilters", - "ses:listReceiptRuleSets", - "ses:listRelays", - "ses:listRuleSets", - "ses:listRecommendations", - "ses:listTagsForResource", - "ses:listTemplates", - "ses:listTrafficPolicies", - "ses:listVerifiedEmailAddresses", - "shield:describeAttack", - "shield:describeProtection", - "shield:describeSubscription", - "shield:listAttacks", - "shield:listProtections", - "sms-voice:getConfigurationSetEventDestinations", - "sms:getConnectors", - "sms:getReplicationJobs", - "sms:getReplicationRuns", - "sms:getServers", - "snowball:describeAddress", - "snowball:describeAddresses", - "snowball:describeJob", - "snowball:getSnowballUsage", - "snowball:listJobs", - "snowball:listServiceVersions", - "sns:checkIfPhoneNumberIsOptedOut", - "sns:getDataProtectionPolicy", - "sns:getEndpointAttributes", - "sns:getPlatformApplicationAttributes", - "sns:getSMSAttributes", - "sns:getSMSSandboxAccountStatus", - "sns:getSubscriptionAttributes", - "sns:getTopicAttributes", - "sns:listEndpointsByPlatformApplication", - "sns:listOriginationNumbers", - "sns:listPhoneNumbersOptedOut", - "sns:listPlatformApplications", - "sns:listSMSSandboxPhoneNumbers", - "sns:listSubscriptions", - "sns:listSubscriptionsByTopic", - "sns:listTopics", - "sqs:getQueueAttributes", - "sqs:getQueueUrl", - "sqs:listDeadLetterSourceQueues", - "sqs:listMessageMoveTasks", - "sqs:listQueues", - "ssm-contacts:describeEngagement", - "ssm-contacts:describePage", - "ssm-contacts:getContact", - "ssm-contacts:getContactChannel", - "ssm-contacts:getContactPolicy", - "ssm-contacts:getRotation", - "ssm-contacts:getRotationOverride", - "ssm-contacts:listContactChannels", - "ssm-contacts:listContacts", - "ssm-contacts:listEngagements", - "ssm-contacts:listPageReceipts", - "ssm-contacts:listPageResolutions", - "ssm-contacts:listPagesByContact", - "ssm-contacts:listPagesByEngagement", - "ssm-contacts:listPreviewRotationShifts", - "ssm-contacts:listRotationOverrides", - "ssm-contacts:listRotations", - "ssm-contacts:listRotationShifts", - "ssm-incidents:batchGetIncidentFindings", - "ssm-incidents:getIncidentRecord", - "ssm-incidents:getReplicationSet", - "ssm-incidents:getResourcePolicies", - "ssm-incidents:getResponsePlan", - "ssm-incidents:getTimelineEvent", - "ssm-incidents:listIncidentFindings", - "ssm-incidents:listIncidentRecords", - "ssm-incidents:listRelatedItems", - "ssm-incidents:listReplicationSets", - "ssm-incidents:listResponsePlans", - "ssm-incidents:listTimelineEvents", - "ssm-quicksetup:getConfiguration", - "ssm-quicksetup:getConfigurationManager", - "ssm-quicksetup:getServiceSettings", - "ssm-quicksetup:listConfigurationManagers", - "ssm-quicksetup:listConfigurations", - "ssm-quicksetup:listQuickSetupTypes", - "ssm-sap:getApplication", - "ssm-sap:getComponent", - "ssm-sap:getDatabase", - "ssm-sap:getOperation", - "ssm-sap:getResourcePermission", - "ssm-sap:listApplications", - "ssm-sap:listComponents", - "ssm-sap:listDatabases", - "ssm-sap:listOperations", - "ssm:describeActivations", - "ssm:describeAssociation", - "ssm:describeAssociationExecutions", - "ssm:describeAssociationExecutionTargets", - "ssm:describeAutomationExecutions", - "ssm:describeAutomationStepExecutions", - "ssm:describeAvailablePatches", - "ssm:describeDocument", - "ssm:describeDocumentPermission", - "ssm:describeEffectiveInstanceAssociations", - "ssm:describeEffectivePatchesForPatchBaseline", - "ssm:describeInstanceAssociationsStatus", - "ssm:describeInstanceInformation", - "ssm:describeInstancePatches", - "ssm:describeInstancePatchStates", - "ssm:describeInstancePatchStatesForPatchGroup", - "ssm:describeInstanceProperties", - "ssm:describeInventoryDeletions", - "ssm:describeMaintenanceWindowExecutions", - "ssm:describeMaintenanceWindowExecutionTaskInvocations", - "ssm:describeMaintenanceWindowExecutionTasks", - "ssm:describeMaintenanceWindows", - "ssm:describeMaintenanceWindowSchedule", - "ssm:describeMaintenanceWindowsForTarget", - "ssm:describeMaintenanceWindowTargets", - "ssm:describeMaintenanceWindowTasks", - "ssm:describeOpsItems", - "ssm:describeParameters", - "ssm:describePatchBaselines", - "ssm:describePatchGroups", - "ssm:describePatchGroupState", - "ssm:describePatchProperties", - "ssm:describeSessions", - "ssm:getAutomationExecution", - "ssm:getCalendarState", - "ssm:getCommandInvocation", - "ssm:getConnectionStatus", - "ssm:getDefaultPatchBaseline", - "ssm:getDeployablePatchSnapshotForInstance", - "ssm:getInventorySchema", - "ssm:getMaintenanceWindow", - "ssm:getMaintenanceWindowExecution", - "ssm:getMaintenanceWindowExecutionTask", - "ssm:getMaintenanceWindowExecutionTaskInvocation", - "ssm:getMaintenanceWindowTask", - "ssm:getOpsItem", - "ssm:getOpsMetadata", - "ssm:getOpsSummary", - "ssm:getPatchBaseline", - "ssm:getPatchBaselineForPatchGroup", - "ssm:getResourcePolicies", - "ssm:getServiceSetting", - "ssm:listAssociations", - "ssm:listAssociationVersions", - "ssm:listCommandInvocations", - "ssm:listCommands", - "ssm:listComplianceItems", - "ssm:listComplianceSummaries", - "ssm:listDocumentMetadataHistory", - "ssm:listDocuments", - "ssm:listDocumentVersions", - "ssm:listNodes", - "ssm:listNodesSummary", - "ssm:listOpsItemEvents", - "ssm:listOpsItemRelatedItems", - "ssm:listOpsMetadata", - "ssm:listResourceComplianceSummaries", - "ssm:listResourceDataSync", - "ssm:listTagsForResource", - "sso:describeApplication", - "sso:describeApplicationAssignment", - "sso:describeApplicationProvider", - "sso:describeAccountAssignmentCreationStatus", - "sso:describeAccountAssignmentDeletionStatus", - "sso:describeInstance", - "sso:describeInstanceAccessControlAttributeConfiguration", - "sso:describePermissionSet", - "sso:describePermissionSetProvisioningStatus", - "sso:describeTrustedTokenIssuer", - "sso:getApplicationAccessScope", - "sso:getApplicationAssignmentConfiguration", - "sso:getApplicationAuthenticationMethod", - "sso:getApplicationGrant", - "sso:getApplicationInstance", - "sso:getApplicationTemplate", - "sso:getInlinePolicyForPermissionSet", - "sso:getManagedApplicationInstance", - "sso:getPermissionsBoundaryForPermissionSet", - "sso:getSharedSsoConfiguration", - "sso:listApplicationAccessScopes", - "sso:listApplicationAssignments", - "sso:listApplicationAuthenticationMethods", - "sso:listApplicationGrants", - "sso:listApplicationInstances", - "sso:listApplicationProviders", - "sso:listApplications", - "sso:listApplicationTemplates", - "sso:listAccountAssignmentCreationStatus", - "sso:listAccountAssignmentDeletionStatus", - "sso:listAccountAssignments", - "sso:listAccountAssignmentsForPrincipal", - "sso:listAccountsForProvisionedPermissionSet", - "sso:listApplicationAssignmentsForPrincipal", - "sso:listCustomerManagedPolicyReferencesInPermissionSet", - "sso:listDirectoryAssociations", - "sso:listInstances", - "sso:listManagedPoliciesInPermissionSet", - "sso:listPermissionSetProvisioningStatus", - "sso:listPermissionSets", - "sso:listPermissionSetsProvisionedToAccount", - "sso:listProfileAssociations", - "sso:listTrustedTokenIssuers", - "states:describeActivity", - "states:describeExecution", - "states:describeMapRun", - "states:describeStateMachine", - "states:describeStateMachineAlias", - "states:describeStateMachineForExecution", - "states:getExecutionHistory", - "states:listActivities", - "states:listExecutions", - "states:listMapRuns", - "states:listStateMachineAliases", - "states:listStateMachines", - "states:listStateMachineVersions", - "storagegateway:describeBandwidthRateLimit", - "storagegateway:describeCache", - "storagegateway:describeCachediSCSIVolumes", - "storagegateway:describeFileSystemAssociations", - "storagegateway:describeGatewayInformation", - "storagegateway:describeMaintenanceStartTime", - "storagegateway:describeNFSFileShares", - "storagegateway:describeSMBFileShares", - "storagegateway:describeSMBSettings", - "storagegateway:describeSnapshotSchedule", - "storagegateway:describeStorediSCSIVolumes", - "storagegateway:describeTapeArchives", - "storagegateway:describeTapeRecoveryPoints", - "storagegateway:describeTapes", - "storagegateway:describeUploadBuffer", - "storagegateway:describeVTLDevices", - "storagegateway:describeWorkingStorage", - "storagegateway:listAutomaticTapeCreationPolicies", - "storagegateway:listFileShares", - "storagegateway:listFileSystemAssociations", - "storagegateway:listGateways", - "storagegateway:listLocalDisks", - "storagegateway:listTagsForResource", - "storagegateway:listTapes", - "storagegateway:listVolumeInitiators", - "storagegateway:listVolumeRecoveryPoints", - "storagegateway:listVolumes", - "sts:getCallerIdentity", - "swf:countClosedWorkflowExecutions", - "swf:countOpenWorkflowExecutions", - "swf:countPendingActivityTasks", - "swf:countPendingDecisionTasks", - "swf:describeActivityType", - "swf:describeDomain", - "swf:describeWorkflowExecution", - "swf:describeWorkflowType", - "swf:getWorkflowExecutionHistory", - "swf:listActivityTypes", - "swf:listClosedWorkflowExecutions", - "swf:listDomains", - "swf:listOpenWorkflowExecutions", - "swf:listWorkflowTypes", - "synthetics:describeCanaries", - "synthetics:describeCanariesLastRun", - "synthetics:describeRuntimeVersions", - "synthetics:getCanary", - "synthetics:getCanaryRuns", - "synthetics:getGroup", - "synthetics:listAssociatedGroups", - "synthetics:listGroupResources", - "synthetics:listGroups", - "thinclient:getDevice", - "thinclient:getEnvironment", - "thinclient:getSoftwareSet", - "thinclient:listDevices", - "thinclient:listEnvironments", - "thinclient:listSoftwareSets", - "timestream:describeAccountSettings", - "timestream:describeBatchLoadTask", - "timestream:describeDatabase", - "timestream:describeEndpoints", - "timestream:describeScheduledQuery", - "timestream:describeTable", - "timestream:listBatchLoadTasks", - "timestream:listDatabases", - "timestream:listScheduledQueries", - "timestream:listTables", - "tiros:createQuery", - "tiros:getQueryAnswer", - "tiros:getQueryExplanation", - "tnb:getSolFunctionInstance", - "tnb:getSolFunctionPackage", - "tnb:getSolNetworkInstance", - "tnb:getSolNetworkOperation", - "tnb:getSolNetworkPackage", - "tnb:listSolFunctionInstances", - "tnb:listSolFunctionPackages", - "tnb:listSolNetworkInstances", - "tnb:listSolNetworkOperations", - "tnb:listSolNetworkPackages", - "transcribe:describeLanguageModel", - "transcribe:getCallAnalyticsCategory", - "transcribe:getCallAnalyticsJob", - "transcribe:getMedicalTranscriptionJob", - "transcribe:getMedicalVocabulary", - "transcribe:getTranscriptionJob", - "transcribe:getVocabulary", - "transcribe:getVocabularyFilter", - "transcribe:listCallAnalyticsCategories", - "transcribe:listCallAnalyticsJobs", - "transcribe:listLanguageModels", - "transcribe:listMedicalTranscriptionJobs", - "transcribe:listMedicalVocabularies", - "transcribe:listTranscriptionJobs", - "transcribe:listVocabularies", - "transcribe:listVocabularyFilters", - "transfer:describeAccess", - "transfer:describeAgreement", - "transfer:describeConnector", - "transfer:describeExecution", - "transfer:describeProfile", - "transfer:describeServer", - "transfer:describeUser", - "transfer:describeWebApp", - "transfer:describeWebAppCustomization", - "transfer:describeWorkflow", - "transfer:listAccesses", - "transfer:listAgreements", - "transfer:listConnectors", - "transfer:listExecutions", - "transfer:listHostKeys", - "transfer:listProfiles", - "transfer:listServers", - "transfer:listTagsForResource", - "transfer:listUsers", - "transfer:listWebApps", - "transfer:listWorkflows", - "transfer:sendWorkflowStepState", - "trustedadvisor:getOrganizationRecommendation", - "trustedadvisor:getRecommendation", - "trustedadvisor:listChecks", - "trustedadvisor:listOrganizationRecommendationAccounts", - "trustedadvisor:listOrganizationRecommendationResources", - "trustedadvisor:listOrganizationRecommendations", - "trustedadvisor:listRecommendationResources", - "trustedadvisor:listRecommendations", - "verifiedpermissions:getIdentitySource", - "verifiedpermissions:getPolicy", - "verifiedpermissions:getPolicyStore", - "verifiedpermissions:getPolicyTemplate", - "verifiedpermissions:getSchema", - "verifiedpermissions:listIdentitySources", - "verifiedpermissions:listPolicies", - "verifiedpermissions:listPolicyStores", - "verifiedpermissions:listPolicyTemplates", - "vpc-lattice:getAccessLogSubscription", - "vpc-lattice:getAuthPolicy", - "vpc-lattice:getListener", - "vpc-lattice:getResourceConfiguration", - "vpc-lattice:getResourceGateway", - "vpc-lattice:getResourcePolicy", - "vpc-lattice:getRule", - "vpc-lattice:getService", - "vpc-lattice:getServiceNetwork", - "vpc-lattice:getServiceNetworkResourceAssociation", - "vpc-lattice:getServiceNetworkServiceAssociation", - "vpc-lattice:getServiceNetworkVpcAssociation", - "vpc-lattice:getTargetGroup", - "vpc-lattice:listAccessLogSubscriptions", - "vpc-lattice:listListeners", - "vpc-lattice:listResourceConfigurations", - "vpc-lattice:listResourceGateways", - "vpc-lattice:listRules", - "vpc-lattice:listServiceNetworks", - "vpc-lattice:listServiceNetworkResourceAssociations", - "vpc-lattice:listServiceNetworkServiceAssociations", - "vpc-lattice:listServiceNetworkVpcAssociations", - "vpc-lattice:listServices", - "vpc-lattice:listTargetGroups", - "vpc-lattice:listTargets", - "waf-regional:getByteMatchSet", - "waf-regional:getChangeTokenStatus", - "waf-regional:getGeoMatchSet", - "waf-regional:getIPSet", - "waf-regional:getLoggingConfiguration", - "waf-regional:getRateBasedRule", - "waf-regional:getRegexMatchSet", - "waf-regional:getRegexPatternSet", - "waf-regional:getRule", - "waf-regional:getRuleGroup", - "waf-regional:getSqlInjectionMatchSet", - "waf-regional:getWebACL", - "waf-regional:getWebACLForResource", - "waf-regional:listActivatedRulesInRuleGroup", - "waf-regional:listByteMatchSets", - "waf-regional:listGeoMatchSets", - "waf-regional:listIPSets", - "waf-regional:listLoggingConfigurations", - "waf-regional:listRateBasedRules", - "waf-regional:listRegexMatchSets", - "waf-regional:listRegexPatternSets", - "waf-regional:listResourcesForWebACL", - "waf-regional:listRuleGroups", - "waf-regional:listRules", - "waf-regional:listSqlInjectionMatchSets", - "waf-regional:listWebACLs", - "waf:getByteMatchSet", - "waf:getChangeTokenStatus", - "waf:getGeoMatchSet", - "waf:getIPSet", - "waf:getLoggingConfiguration", - "waf:getRateBasedRule", - "waf:getRegexMatchSet", - "waf:getRegexPatternSet", - "waf:getRule", - "waf:getRuleGroup", - "waf:getSampledRequests", - "waf:getSizeConstraintSet", - "waf:getSqlInjectionMatchSet", - "waf:getWebACL", - "waf:getXssMatchSet", - "waf:listActivatedRulesInRuleGroup", - "waf:listByteMatchSets", - "waf:listGeoMatchSets", - "waf:listIPSets", - "waf:listLoggingConfigurations", - "waf:listRateBasedRules", - "waf:listRegexMatchSets", - "waf:listRegexPatternSets", - "waf:listRuleGroups", - "waf:listRules", - "waf:listSizeConstraintSets", - "waf:listSqlInjectionMatchSets", - "waf:listWebACLs", - "waf:listXssMatchSets", - "wafv2:checkCapacity", - "wafv2:describeManagedRuleGroup", - "wafv2:getIPSet", - "wafv2:getLoggingConfiguration", - "wafv2:getPermissionPolicy", - "wafv2:getRateBasedStatementManagedKeys", - "wafv2:getRegexPatternSet", - "wafv2:getRuleGroup", - "wafv2:getSampledRequests", - "wafv2:getWebACL", - "wafv2:getWebACLForResource", - "wafv2:listAvailableManagedRuleGroups", - "wafv2:listIPSets", - "wafv2:listLoggingConfigurations", - "wafv2:listRegexPatternSets", - "wafv2:listResourcesForWebACL", - "wafv2:listRuleGroups", - "wafv2:listTagsForResource", - "wafv2:listWebACLs", - "workdocs:checkAlias", - "workdocs:describeAvailableDirectories", - "workdocs:describeInstances", - "workmail:describeGroup", - "workmail:describeOrganization", - "workmail:describeResource", - "workmail:describeUser", - "workmail:listAliases", - "workmail:listGroupMembers", - "workmail:listGroups", - "workmail:listMailboxPermissions", - "workmail:listOrganizations", - "workmail:listResourceDelegates", - "workmail:listResources", - "workmail:listUsers", - "workspaces-web:getBrowserSettings", - "workspaces-web:getIdentityProvider", - "workspaces-web:getNetworkSettings", - "workspaces-web:getPortal", - "workspaces-web:getPortalServiceProviderMetadata", - "workspaces-web:getTrustStoreCertificate", - "workspaces-web:getUserSettings", - "workspaces-web:listBrowserSettings", - "workspaces-web:listIdentityProviders", - "workspaces-web:listNetworkSettings", - "workspaces-web:listPortals", - "workspaces-web:listTagsForResource", - "workspaces-web:listTrustStoreCertificates", - "workspaces-web:listTrustStores", - "workspaces-web:listUserSettings", - "workspaces:describeAccount", - "workspaces:describeAccountModifications", - "workspaces:describeApplicationAssociations", - "workspaces:describeIpGroups", - "workspaces:describeTags", - "workspaces:describeWorkspaceAssociations", - "workspaces:describeWorkspaceBundles", - "workspaces:describeWorkspaceDirectories", - "workspaces:describeWorkspaceImages", - "workspaces:describeWorkspaces", - "workspaces:describeWorkspaceSnapshots", - "workspaces:describeWorkspacesConnectionStatus", - "workspaces:describeWorkspacesPools", - "workspaces:describeWorkspacesPoolSessions", - "xray:getEncryptionConfig", - "xray:getGroup", - "xray:getGroups", - "xray:getInsightImpactGraph", - "xray:getSamplingRules", - "xray:getSamplingStatisticSummaries", - "xray:getSamplingTargets", - "xray:getServiceGraph", - "xray:getTimeSeriesServiceStatistics", - "xray:getTraceGraph", - "xray:listResourcePolicies" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - } - ], - "Version": "2012-10-17" - }, - "tags": [] - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "AWSSupportServiceRolePolicy", - "type": "AwsIamPolicy", - "uid": "arn:aws:iam::aws:policy/aws-service-role/AWSSupportServiceRolePolicy" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "It is more secure to start with a minimum set of permissions and grant additional permissions as necessary, rather than starting with permissions that are too lenient and then trying to tighten them later. List policies an analyze if permissions are the least possible to conduct business activities.", - "references": [ - "http://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html" - ] - }, - "risk_details": "IAM policies are the means by which privileges are granted to users, groups, or roles. It is recommended and considered a standard security advice to grant least privilegeβ€”that is, granting only the permissions required to perform a task. Determine what users need to do and then craft policies for them that let the users perform only those tasks instead of allowing full administrative privileges. Providing full administrative privileges instead of restricting to the minimum set of permissions that the user is required to do exposes the resources to potentially unwanted actions.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "AWS policy AmazonRDSEnhancedMonitoringRole is attached but does not allow '*:*' administrative privileges.", - "metadata": { - "event_code": "iam_aws_attached_policy_no_administrative_privileges", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "AWS policy AmazonRDSEnhancedMonitoringRole is attached but does not allow '*:*' administrative privileges.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "CAF Security Epic: IAM", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_1", - "3_1_2", - "3_1_4", - "3_1_5", - "3_1_6", - "3_1_7", - "3_4_6", - "3_13_3" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_1" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_308_a_3_i", - "164_308_a_3_ii_b", - "164_308_a_4_i", - "164_308_a_4_ii_b", - "164_308_a_4_ii_c", - "164_312_a_1" - ], - "SOC2": [ - "cc_1_3", - "cc_6_3" - ], - "C5-2025": [ - "OIS-04.03B", - "OIS-04.01AC", - "SP-01.04B", - "HR-01.01B", - "IAM-01.01B", - "IAM-01.04B" - ], - "NIST-CSF-1.1": [ - "ac_1", - "ac_4", - "pt_3" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-1", - "ac-2-f", - "ac-2-j", - "ac-3", - "ac-5-c", - "ac-6-10", - "ac-6", - "sc-2" - ], - "CIS-3.0": [ - "1.16" - ], - "NIST-800-53-Revision-5": [ - "ac_2_1", - "ac_2_6", - "ac_2_i_2", - "ac_3", - "ac_3_3", - "ac_3_3_a", - "ac_3_3_b_1", - "ac_3_3_b_2", - "ac_3_3_b_3", - "ac_3_3_b_4", - "ac_3_3_b_5", - "ac_3_3_c", - "ac_3_4", - "ac_3_4_a", - "ac_3_4_b", - "ac_3_4_c", - "ac_3_4_d", - "ac_3_4_e", - "ac_3_7", - "ac_3_8", - "ac_3_12_a", - "ac_3_13", - "ac_3_15_a", - "ac_3_15_b", - "ac_4_28", - "ac_5_b", - "ac_6", - "ac_6_2", - "ac_6_3", - "ac_6_10", - "ac_24", - "cm_5_1_a", - "cm_6_a", - "cm_9_b", - "mp_2", - "sc_23_3", - "sc_25" - ], - "ENS-RD2022": [ - "op.acc.4.aws.iam.1", - "op.acc.4.aws.iam.2", - "op.acc.4.aws.iam.9", - "op.exp.8.r4.aws.ct.8" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.16" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "ac-3" - ], - "FFIEC": [ - "d3-pc-am-b-1", - "d3-pc-am-b-16", - "d3-pc-am-b-2", - "d3-pc-am-b-3", - "d3-pc-am-b-6", - "d3-pc-im-b-7" - ], - "GDPR": [ - "article_25" - ], - "CIS-5.0": [ - "1.15" - ], - "CIS-1.4": [ - "1.16" - ], - "CCC": [ - "CCC.LB.CN05.AR01", - "CCC.Core.CN05.AR02" - ], - "GxP-21-CFR-Part-11": [ - "11.10-d", - "11.10-g" - ], - "ProwlerThreatScore-1.0": [ - "1.3.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "IAM.1" - ], - "CIS-1.5": [ - "1.16" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC03-BP02" - ], - "ISO27001-2022": [ - "A.5.18", - "A.8.2" - ], - "NIST-800-53-Revision-4": [ - "ac_2", - "ac_3", - "ac_5", - "ac_6", - "sc_2" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1078", - "T1648", - "T1098", - "T1578", - "T1550", - "T1040", - "T1580", - "T1538", - "T1619", - "T1201" - ], - "CIS-2.0": [ - "1.16" - ], - "CISA": [ - "your-systems-3", - "your-surroundings-3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure IAM AWS-Managed policies that allow full \"*:*\" administrative privileges are not attached", - "title": "Ensure IAM AWS-Managed policies that allow full \"*:*\" administrative privileges are not attached", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_aws_attached_policy_no_administrative_privileges-211203495394-us-east-1-AmazonRDSEnhancedMonitoringRole" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "AmazonRDSEnhancedMonitoringRole", - "arn": "arn:aws:iam::aws:policy/service-role/AmazonRDSEnhancedMonitoringRole", - "entity": "ANPAJV7BS425S4PTSSVGK", - "version_id": "v1", - "type": "AWS", - "attached": true, - "document": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "EnableCreationAndManagementOfRDSCloudwatchLogGroups", - "Effect": "Allow", - "Action": [ - "logs:CreateLogGroup", - "logs:PutRetentionPolicy" - ], - "Resource": [ - "arn:aws:logs:*:*:log-group:RDS*" - ] - }, - { - "Sid": "EnableCreationAndManagementOfRDSCloudwatchLogStreams", - "Effect": "Allow", - "Action": [ - "logs:CreateLogStream", - "logs:PutLogEvents", - "logs:DescribeLogStreams", - "logs:GetLogEvents" - ], - "Resource": [ - "arn:aws:logs:*:*:log-group:RDS*:log-stream:*" - ] - } - ] - }, - "tags": [] - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "AmazonRDSEnhancedMonitoringRole", - "type": "AwsIamPolicy", - "uid": "arn:aws:iam::aws:policy/service-role/AmazonRDSEnhancedMonitoringRole" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "It is more secure to start with a minimum set of permissions and grant additional permissions as necessary, rather than starting with permissions that are too lenient and then trying to tighten them later. List policies an analyze if permissions are the least possible to conduct business activities.", - "references": [ - "http://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html" - ] - }, - "risk_details": "IAM policies are the means by which privileges are granted to users, groups, or roles. It is recommended and considered a standard security advice to grant least privilegeβ€”that is, granting only the permissions required to perform a task. Determine what users need to do and then craft policies for them that let the users perform only those tasks instead of allowing full administrative privileges. Providing full administrative privileges instead of restricting to the minimum set of permissions that the user is required to do exposes the resources to potentially unwanted actions.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "AWS policy AWSResourceExplorerServiceRolePolicy is attached but does not allow '*:*' administrative privileges.", - "metadata": { - "event_code": "iam_aws_attached_policy_no_administrative_privileges", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "AWS policy AWSResourceExplorerServiceRolePolicy is attached but does not allow '*:*' administrative privileges.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "CAF Security Epic: IAM", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_1", - "3_1_2", - "3_1_4", - "3_1_5", - "3_1_6", - "3_1_7", - "3_4_6", - "3_13_3" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_1" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_308_a_3_i", - "164_308_a_3_ii_b", - "164_308_a_4_i", - "164_308_a_4_ii_b", - "164_308_a_4_ii_c", - "164_312_a_1" - ], - "SOC2": [ - "cc_1_3", - "cc_6_3" - ], - "C5-2025": [ - "OIS-04.03B", - "OIS-04.01AC", - "SP-01.04B", - "HR-01.01B", - "IAM-01.01B", - "IAM-01.04B" - ], - "NIST-CSF-1.1": [ - "ac_1", - "ac_4", - "pt_3" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-1", - "ac-2-f", - "ac-2-j", - "ac-3", - "ac-5-c", - "ac-6-10", - "ac-6", - "sc-2" - ], - "CIS-3.0": [ - "1.16" - ], - "NIST-800-53-Revision-5": [ - "ac_2_1", - "ac_2_6", - "ac_2_i_2", - "ac_3", - "ac_3_3", - "ac_3_3_a", - "ac_3_3_b_1", - "ac_3_3_b_2", - "ac_3_3_b_3", - "ac_3_3_b_4", - "ac_3_3_b_5", - "ac_3_3_c", - "ac_3_4", - "ac_3_4_a", - "ac_3_4_b", - "ac_3_4_c", - "ac_3_4_d", - "ac_3_4_e", - "ac_3_7", - "ac_3_8", - "ac_3_12_a", - "ac_3_13", - "ac_3_15_a", - "ac_3_15_b", - "ac_4_28", - "ac_5_b", - "ac_6", - "ac_6_2", - "ac_6_3", - "ac_6_10", - "ac_24", - "cm_5_1_a", - "cm_6_a", - "cm_9_b", - "mp_2", - "sc_23_3", - "sc_25" - ], - "ENS-RD2022": [ - "op.acc.4.aws.iam.1", - "op.acc.4.aws.iam.2", - "op.acc.4.aws.iam.9", - "op.exp.8.r4.aws.ct.8" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.16" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "ac-3" - ], - "FFIEC": [ - "d3-pc-am-b-1", - "d3-pc-am-b-16", - "d3-pc-am-b-2", - "d3-pc-am-b-3", - "d3-pc-am-b-6", - "d3-pc-im-b-7" - ], - "GDPR": [ - "article_25" - ], - "CIS-5.0": [ - "1.15" - ], - "CIS-1.4": [ - "1.16" - ], - "CCC": [ - "CCC.LB.CN05.AR01", - "CCC.Core.CN05.AR02" - ], - "GxP-21-CFR-Part-11": [ - "11.10-d", - "11.10-g" - ], - "ProwlerThreatScore-1.0": [ - "1.3.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "IAM.1" - ], - "CIS-1.5": [ - "1.16" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC03-BP02" - ], - "ISO27001-2022": [ - "A.5.18", - "A.8.2" - ], - "NIST-800-53-Revision-4": [ - "ac_2", - "ac_3", - "ac_5", - "ac_6", - "sc_2" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1078", - "T1648", - "T1098", - "T1578", - "T1550", - "T1040", - "T1580", - "T1538", - "T1619", - "T1201" - ], - "CIS-2.0": [ - "1.16" - ], - "CISA": [ - "your-systems-3", - "your-surroundings-3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure IAM AWS-Managed policies that allow full \"*:*\" administrative privileges are not attached", - "title": "Ensure IAM AWS-Managed policies that allow full \"*:*\" administrative privileges are not attached", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_aws_attached_policy_no_administrative_privileges-211203495394-us-east-1-AWSResourceExplorerServiceRolePolicy" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "AWSResourceExplorerServiceRolePolicy", - "arn": "arn:aws:iam::aws:policy/aws-service-role/AWSResourceExplorerServiceRolePolicy", - "entity": "ANPAZKAPJZG4K2H54PAUL", - "version_id": "v19", - "type": "AWS", - "attached": true, - "document": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "ResourceExplorerAccess", - "Effect": "Allow", - "Action": [ - "resource-explorer-2:UpdateIndexType", - "resource-explorer-2:CreateIndex", - "resource-explorer-2:CreateView", - "resource-explorer-2:AssociateDefaultView", - "resource-explorer-2:DeleteIndex" - ], - "Resource": "*" - }, - { - "Sid": "OrganizationsAccess", - "Effect": "Allow", - "Action": [ - "organizations:DescribeAccount", - "organizations:DescribeOrganization", - "organizations:ListAWSServiceAccessForOrganization", - "organizations:ListAccounts", - "organizations:ListDelegatedAdministrators", - "organizations:ListOrganizationalUnitsForParent", - "organizations:ListRoots" - ], - "Resource": "*" - }, - { - "Sid": "CloudTrailEventsAccess", - "Effect": "Allow", - "Action": [ - "cloudtrail:CreateServiceLinkedChannel", - "cloudtrail:GetServiceLinkedChannel" - ], - "Resource": "arn:aws:cloudtrail:*:*:channel/aws-service-channel/resource-explorer-2/*" - }, - { - "Sid": "ApiGatewayAccess", - "Effect": "Allow", - "Action": "apigateway:GET", - "Resource": [ - "arn:aws:apigateway:*::/restapis", - "arn:aws:apigateway:*::/restapis/*", - "arn:aws:apigateway:*::/restapis/*/deployments", - "arn:aws:apigateway:*::/restapis/*/resources", - "arn:aws:apigateway:*::/restapis/*/resources/*", - "arn:aws:apigateway:*::/restapis/*/resources/*/methods/*", - "arn:aws:apigateway:*::/restapis/*/stages", - "arn:aws:apigateway:*::/restapis/*/stages/*", - "arn:aws:apigateway:*::/vpclinks", - "arn:aws:apigateway:*::/apis", - "arn:aws:apigateway:*::/apis/*/routes", - "arn:aws:apigateway:*::/apis/*/stages", - "arn:aws:apigateway:*::/apis/*", - "arn:aws:apigateway:*::/apis/*/routes/*", - "arn:aws:apigateway:*::/apis/*/stages/*" - ] - }, - { - "Sid": "ResourceInventoryAccess", - "Effect": "Allow", - "Action": [ - "access-analyzer:ListAnalyzers", - "acm-pca:ListCertificateAuthorities", - "acm:ListCertificates", - "airflow:ListEnvironments", - "amplify:ListApps", - "amplify:ListBranches", - "amplify:ListDomainAssociations", - "aoss:ListCollections", - "app-integrations:ListApplications", - "app-integrations:ListEventIntegrations", - "appconfig:ListApplications", - "appconfig:ListDeploymentStrategies", - "appconfig:ListEnvironments", - "appconfig:ListExtensionAssociations", - "appflow:ListFlows", - "appmesh:ListGatewayRoutes", - "appmesh:ListMeshes", - "appmesh:ListRoutes", - "appmesh:ListVirtualGateways", - "appmesh:ListVirtualNodes", - "appmesh:ListVirtualRouters", - "appmesh:ListVirtualServices", - "apprunner:ListAutoScalingConfigurations", - "apprunner:ListConnections", - "apprunner:ListServices", - "apprunner:ListVpcConnectors", - "appstream:DescribeAppBlocks", - "appstream:DescribeApplications", - "appstream:DescribeFleets", - "appstream:DescribeImageBuilders", - "appstream:DescribeStacks", - "appsync:ListGraphqlApis", - "aps:ListRuleGroupsNamespaces", - "aps:ListWorkspaces", - "athena:ListDataCatalogs", - "athena:ListWorkGroups", - "auditmanager:GetAccountStatus", - "auditmanager:ListAssessments", - "autoscaling:DescribeAutoScalingGroups", - "backup-gateway:ListHypervisors", - "backup:ListBackupPlans", - "backup:ListBackupVaults", - "backup:ListReportPlans", - "batch:DescribeComputeEnvironments", - "batch:DescribeJobDefinitions", - "batch:DescribeJobQueues", - "batch:ListSchedulingPolicies", - "bedrock:ListAgentAliases", - "bedrock:ListAgents", - "bedrock:ListDataAutomationProjects", - "bedrock:ListFlows", - "bedrock:ListGuardrails", - "bedrock:ListInferenceProfiles", - "bedrock:ListKnowledgeBases", - "bedrock:ListPromptRouters", - "bedrock:ListPrompts", - "ce:GetAnomalyMonitors", - "ce:GetAnomalySubscriptions", - "chime:ListAppInstanceBots", - "chime:ListAppInstanceUsers", - "chime:ListAppInstances", - "chime:ListMediaInsightsPipelineConfigurations", - "chime:ListMediaPipelineKinesisVideoStreamPools", - "chime:ListMediaPipelines", - "chime:ListSipMediaApplications", - "chime:ListVoiceConnectors", - "cloud9:ListEnvironments", - "cloudformation:ListResources", - "cloudformation:ListStackSets", - "cloudformation:ListStacks", - "cloudfront:ListCachePolicies", - "cloudfront:ListCloudFrontOriginAccessIdentities", - "cloudfront:ListContinuousDeploymentPolicies", - "cloudfront:ListDistributions", - "cloudfront:ListFieldLevelEncryptionConfigs", - "cloudfront:ListFieldLevelEncryptionProfiles", - "cloudfront:ListFunctions", - "cloudfront:ListOriginAccessControls", - "cloudfront:ListOriginRequestPolicies", - "cloudfront:ListRealtimeLogConfigs", - "cloudfront:ListResponseHeadersPolicies", - "cloudtrail:ListChannels", - "cloudtrail:ListDashboards", - "cloudtrail:ListEventDataStores", - "cloudtrail:ListTrails", - "cloudwatch:DescribeAlarms", - "cloudwatch:DescribeInsightRules", - "cloudwatch:ListDashboards", - "cloudwatch:ListMetricStreams", - "codeartifact:ListDomains", - "codeartifact:ListRepositories", - "codebuild:ListProjects", - "codecommit:ListRepositories", - "codeconnections:ListConnections", - "codedeploy:ListApplications", - "codedeploy:ListDeploymentConfigs", - "codeguru-profiler:ListProfilingGroups", - "codeguru-reviewer:ListRepositoryAssociations", - "codepipeline:ListPipelines", - "codepipeline:ListWebhooks", - "codestar-connections:ListConnections", - "cognito-identity:ListIdentityPools", - "cognito-idp:ListUserPools", - "comprehend:ListDocumentClassifiers", - "comprehend:ListEntityRecognizers", - "comprehend:ListFlywheels", - "config:DescribeConfigRules", - "connect:ListEvaluationForms", - "connect:ListHoursOfOperations", - "connect:ListInstanceAttributes", - "connect:ListInstances", - "connect:ListPhoneNumbersV2", - "connect:ListPrompts", - "connect:ListQuickConnects", - "connect:ListRoutingProfileQueues", - "connect:ListRoutingProfiles", - "connect:ListRules", - "connect:ListSecurityProfiles", - "connect:ListTaskTemplates", - "connect:ListUsers", - "databrew:ListDatasets", - "databrew:ListJobs", - "databrew:ListProjects", - "databrew:ListRecipes", - "databrew:ListRulesets", - "databrew:ListSchedules", - "dataexchange:ListDataSets", - "datapipeline:ListPipelines", - "datasync:ListLocations", - "datasync:ListTasks", - "dax:DescribeClusters", - "detective:ListGraphs", - "devicefarm:ListInstanceProfiles", - "devicefarm:ListProjects", - "devicefarm:ListTestGridProjects", - "directconnect:DescribeDirectConnectGateways", - "dms:DescribeCertificates", - "dms:DescribeEndpoints", - "dms:DescribeEventSubscriptions", - "dms:DescribeReplicationInstances", - "dms:DescribeReplicationSubnetGroups", - "dms:DescribeReplicationTasks", - "ds:DescribeDirectories", - "dynamodb:ListTables", - "ec2:DescribeAddresses", - "ec2:DescribeCapacityReservationFleets", - "ec2:DescribeCapacityReservations", - "ec2:DescribeCarrierGateways", - "ec2:DescribeClientVpnEndpoints", - "ec2:DescribeCustomerGateways", - "ec2:DescribeDhcpOptions", - "ec2:DescribeEgressOnlyInternetGateways", - "ec2:DescribeFleets", - "ec2:DescribeFlowLogs", - "ec2:DescribeFpgaImages", - "ec2:DescribeHostReservations", - "ec2:DescribeHosts", - "ec2:DescribeImages", - "ec2:DescribeInstanceConnectEndpoints", - "ec2:DescribeInstanceEventWindows", - "ec2:DescribeInstances", - "ec2:DescribeInternetGateways", - "ec2:DescribeIpamPools", - "ec2:DescribeIpamResourceDiscoveries", - "ec2:DescribeIpamResourceDiscoveryAssociations", - "ec2:DescribeIpamScopes", - "ec2:DescribeIpams", - "ec2:DescribeKeyPairs", - "ec2:DescribeLaunchTemplates", - "ec2:DescribeManagedPrefixLists", - "ec2:DescribeNatGateways", - "ec2:DescribeNetworkAcls", - "ec2:DescribeNetworkInsightsAccessScopeAnalyses", - "ec2:DescribeNetworkInsightsAccessScopes", - "ec2:DescribeNetworkInsightsAnalyses", - "ec2:DescribeNetworkInsightsPaths", - "ec2:DescribeNetworkInterfaces", - "ec2:DescribePlacementGroups", - "ec2:DescribePublicIpv4Pools", - "ec2:DescribeReservedInstances", - "ec2:DescribeRouteTables", - "ec2:DescribeSecurityGroupRules", - "ec2:DescribeSecurityGroups", - "ec2:DescribeSnapshots", - "ec2:DescribeSpotFleetRequests", - "ec2:DescribeSpotInstanceRequests", - "ec2:DescribeSubnets", - "ec2:DescribeTrafficMirrorFilters", - "ec2:DescribeTrafficMirrorSessions", - "ec2:DescribeTrafficMirrorTargets", - "ec2:DescribeTransitGatewayAttachments", - "ec2:DescribeTransitGatewayConnectPeers", - "ec2:DescribeTransitGatewayMulticastDomains", - "ec2:DescribeTransitGatewayPolicyTables", - "ec2:DescribeTransitGatewayRouteTableAnnouncements", - "ec2:DescribeTransitGatewayRouteTables", - "ec2:DescribeTransitGateways", - "ec2:DescribeVerifiedAccessEndpoints", - "ec2:DescribeVerifiedAccessGroups", - "ec2:DescribeVerifiedAccessInstances", - "ec2:DescribeVerifiedAccessTrustProviders", - "ec2:DescribeVolumes", - "ec2:DescribeVpcBlockPublicAccessExclusions", - "ec2:DescribeVpcEndpointServiceConfigurations", - "ec2:DescribeVpcEndpoints", - "ec2:DescribeVpcPeeringConnections", - "ec2:DescribeVpcs", - "ec2:DescribeVpnConnections", - "ec2:DescribeVpnGateways", - "ec2:GetSubnetCidrReservations", - "ecr-public:DescribeRepositories", - "ecr:DescribeRepositories", - "ecs:DescribeCapacityProviders", - "ecs:DescribeServices", - "ecs:ListClusters", - "ecs:ListContainerInstances", - "ecs:ListServices", - "ecs:ListTaskDefinitions", - "eks:DescribeAccessEntry", - "eks:DescribeAddon", - "eks:DescribeFargateProfile", - "eks:DescribeIdentityProviderConfig", - "eks:DescribeNodegroup", - "eks:ListAccessEntries", - "eks:ListAddons", - "eks:ListClusters", - "eks:ListEksAnywhereSubscriptions", - "eks:ListFargateProfiles", - "eks:ListIdentityProviderConfigs", - "eks:ListNodegroups", - "eks:ListPodIdentityAssociations", - "elasticache:DescribeCacheClusters", - "elasticache:DescribeCacheParameterGroups", - "elasticache:DescribeCacheSubnetGroups", - "elasticache:DescribeGlobalReplicationGroups", - "elasticache:DescribeReplicationGroups", - "elasticache:DescribeReservedCacheNodes", - "elasticache:DescribeSnapshots", - "elasticache:DescribeUserGroups", - "elasticache:DescribeUsers", - "elasticbeanstalk:DescribeApplicationVersions", - "elasticbeanstalk:DescribeApplications", - "elasticbeanstalk:DescribeEnvironments", - "elasticfilesystem:DescribeAccessPoints", - "elasticfilesystem:DescribeFileSystems", - "elasticloadbalancing:DescribeListeners", - "elasticloadbalancing:DescribeLoadBalancers", - "elasticloadbalancing:DescribeRules", - "elasticloadbalancing:DescribeTargetGroups", - "elasticmapreduce:ListClusters", - "emr-containers:ListJobTemplates", - "emr-containers:ListManagedEndpoints", - "emr-containers:ListSecurityConfigurations", - "emr-containers:ListVirtualClusters", - "emr-serverless:ListApplications", - "es:ListDomainNames", - "events:ListApiDestinations", - "events:ListArchives", - "events:ListConnections", - "events:ListEndpoints", - "events:ListEventBuses", - "events:ListRules", - "evidently:ListExperiments", - "evidently:ListFeatures", - "evidently:ListLaunches", - "evidently:ListProjects", - "finspace:ListEnvironments", - "firehose:ListDeliveryStreams", - "fis:ListExperimentTemplates", - "fms:ListPolicies", - "fms:ListProtocolsLists", - "forecast:ListDatasetGroups", - "forecast:ListDatasetImportJobs", - "forecast:ListDatasets", - "forecast:ListForecastExportJobs", - "forecast:ListForecasts", - "forecast:ListPredictorBacktestExportJobs", - "forecast:ListPredictors", - "frauddetector:GetDetectors", - "frauddetector:GetEntityTypes", - "frauddetector:GetEventTypes", - "frauddetector:GetExternalModels", - "frauddetector:GetLabels", - "frauddetector:GetModels", - "frauddetector:GetOutcomes", - "frauddetector:GetVariables", - "fsx:DescribeBackups", - "fsx:DescribeFileSystems", - "gamelift:DescribeGameSessionQueues", - "gamelift:DescribeMatchmakingConfigurations", - "gamelift:DescribeMatchmakingRuleSets", - "gamelift:ListAliases", - "gamelift:ListBuilds", - "gamelift:ListLocations", - "gamelift:ListScripts", - "geo:ListMaps", - "geo:ListPlaceIndexes", - "geo:ListTrackers", - "glacier:ListVaults", - "globalaccelerator:ListAccelerators", - "globalaccelerator:ListEndpointGroups", - "globalaccelerator:ListListeners", - "glue:GetCrawlers", - "glue:GetDatabases", - "glue:GetJobs", - "glue:GetTables", - "glue:GetTriggers", - "glue:ListDataQualityRulesets", - "glue:ListMLTransforms", - "glue:ListRegistries", - "grafana:ListWorkspaces", - "greengrass:ListComponentVersions", - "greengrass:ListComponents", - "greengrass:ListConnectorDefinitions", - "greengrass:ListCoreDefinitions", - "greengrass:ListDeviceDefinitions", - "greengrass:ListFunctionDefinitions", - "greengrass:ListGroups", - "greengrass:ListLoggerDefinitions", - "greengrass:ListResourceDefinitions", - "greengrass:ListSubscriptionDefinitions", - "groundstation:ListConfigs", - "groundstation:ListDataflowEndpointGroups", - "groundstation:ListMissionProfiles", - "guardduty:ListDetectors", - "guardduty:ListFilters", - "guardduty:ListIPSets", - "guardduty:ListMalwareProtectionPlans", - "guardduty:ListPublishingDestinations", - "guardduty:ListThreatIntelSets", - "healthlake:ListFHIRDatastores", - "iam:ListGroups", - "iam:ListInstanceProfiles", - "iam:ListOpenIDConnectProviders", - "iam:ListPolicies", - "iam:ListRoles", - "iam:ListSAMLProviders", - "iam:ListServerCertificates", - "iam:ListUsers", - "iam:ListVirtualMFADevices", - "imagebuilder:ListComponentBuildVersions", - "imagebuilder:ListComponents", - "imagebuilder:ListContainerRecipes", - "imagebuilder:ListDistributionConfigurations", - "imagebuilder:ListImageBuildVersions", - "imagebuilder:ListImagePipelines", - "imagebuilder:ListImageRecipes", - "imagebuilder:ListImages", - "imagebuilder:ListInfrastructureConfigurations", - "inspector2:ListFilters", - "inspector:ListAssessmentTemplates", - "iot:ListAuthorizers", - "iot:ListBillingGroups", - "iot:ListCACertificates", - "iot:ListCertificates", - "iot:ListFleetMetrics", - "iot:ListJobTemplates", - "iot:ListMitigationActions", - "iot:ListPolicies", - "iot:ListProvisioningTemplates", - "iot:ListRoleAliases", - "iot:ListScheduledAudits", - "iot:ListSecurityProfiles", - "iot:ListThingGroups", - "iot:ListThingTypes", - "iot:ListThings", - "iot:ListTopicRuleDestinations", - "iot:ListTopicRules", - "iotanalytics:ListChannels", - "iotanalytics:ListDatasets", - "iotanalytics:ListDatastores", - "iotanalytics:ListPipelines", - "iotdeviceadvisor:ListSuiteDefinitions", - "iotevents:ListAlarmModels", - "iotevents:ListDetectorModels", - "iotevents:ListInputs", - "iotfleethub:ListApplications", - "iotfleetwise:ListDecoderManifests", - "iotfleetwise:ListModelManifests", - "iotfleetwise:ListSignalCatalogs", - "iotfleetwise:ListVehicles", - "iotsitewise:ListAccessPolicies", - "iotsitewise:ListAssetModels", - "iotsitewise:ListAssets", - "iotsitewise:ListDashboards", - "iotsitewise:ListGateways", - "iotsitewise:ListPortals", - "iotsitewise:ListProjects", - "iottwinmaker:ListComponentTypes", - "iottwinmaker:ListEntities", - "iottwinmaker:ListSyncJobs", - "iottwinmaker:ListWorkspaces", - "iotwireless:ListDestinations", - "iotwireless:ListDeviceProfiles", - "iotwireless:ListFuotaTasks", - "iotwireless:ListMulticastGroups", - "iotwireless:ListPartnerAccounts", - "iotwireless:ListServiceProfiles", - "iotwireless:ListWirelessDevices", - "iotwireless:ListWirelessGatewayTaskDefinitions", - "iotwireless:ListWirelessGateways", - "ivs:ListChannels", - "ivs:ListEncoderConfigurations", - "ivs:ListIngestConfigurations", - "ivs:ListPlaybackKeyPairs", - "ivs:ListPlaybackRestrictionPolicies", - "ivs:ListRecordingConfigurations", - "ivs:ListStorageConfigurations", - "ivs:ListStreamKeys", - "ivschat:ListLoggingConfigurations", - "ivschat:ListRooms", - "kafka:ListClusters", - "kafka:ListConfigurations", - "kendra:ListAccessControlConfigurations", - "kendra:ListDataSources", - "kendra:ListExperiences", - "kendra:ListFaqs", - "kendra:ListFeaturedResultsSets", - "kendra:ListIndices", - "kendra:ListQuerySuggestionsBlockLists", - "kendra:ListThesauri", - "kinesis:ListStreams", - "kinesisanalytics:ListApplications", - "kinesisvideo:ListSignalingChannels", - "kinesisvideo:ListStreams", - "kms:ListKeys", - "lambda:ListCodeSigningConfigs", - "lambda:ListEventSourceMappings", - "lambda:ListFunctions", - "lex:ListBotAliases", - "lex:ListBots", - "license-manager:ListDistributedGrants", - "lightsail:GetBuckets", - "lightsail:GetCertificates", - "lightsail:GetContainerServices", - "lightsail:GetDisks", - "logs:DescribeDestinations", - "logs:DescribeLogGroups", - "logs:ListTagsForResource", - "lookoutmetrics:ListAlerts", - "lookoutmetrics:ListAnomalyDetectors", - "lookoutvision:ListProjects", - "m2:ListEnvironments", - "macie2:ListAllowLists", - "macie2:ListCustomDataIdentifiers", - "macie2:ListFindingsFilters", - "managedblockchain:ListAccessors", - "mediapackage-vod:ListAssets", - "mediapackage-vod:ListPackagingConfigurations", - "mediapackage-vod:ListPackagingGroups", - "mediapackage:ListChannels", - "mediapackage:ListOriginEndpoints", - "mediastore:ListContainers", - "mediatailor:ListChannels", - "mediatailor:ListLiveSources", - "mediatailor:ListPlaybackConfigurations", - "mediatailor:ListSourceLocations", - "mediatailor:ListVodSources", - "memorydb:DescribeACLs", - "memorydb:DescribeClusters", - "memorydb:DescribeParameterGroups", - "memorydb:DescribeSnapshots", - "memorydb:DescribeSubnetGroups", - "memorydb:DescribeUsers", - "mobiletargeting:GetApps", - "mobiletargeting:GetCampaigns", - "mobiletargeting:GetSegments", - "mobiletargeting:ListTemplates", - "mq:ListBrokers", - "mq:ListConfigurations", - "network-firewall:ListFirewallPolicies", - "network-firewall:ListFirewalls", - "network-firewall:ListRuleGroups", - "networkmanager:DescribeGlobalNetworks", - "networkmanager:GetDevices", - "networkmanager:GetLinks", - "networkmanager:ListAttachments", - "networkmanager:ListCoreNetworks", - "oam:ListSinks", - "omics:ListReferenceStores", - "omics:ListRunGroups", - "omics:ListWorkflows", - "outposts:ListSites", - "organizations:DescribeResourcePolicy", - "organizations:ListPolicies", - "panorama:ListPackages", - "partnercentral:ListEngagementInvitations", - "partnercentral:ListEngagements", - "partnercentral:ListOpportunities", - "partnercentral:ListResourceSnapshotJobs", - "partnercentral:ListResourceSnapshots", - "personalize:ListDatasetGroups", - "personalize:ListDatasets", - "personalize:ListSchemas", - "personalize:ListSolutions", - "pipes:ListPipes", - "profile:ListDomains", - "profile:ListIntegrations", - "profile:ListProfileObjectTypes", - "proton:ListEnvironmentAccountConnections", - "proton:ListEnvironmentTemplates", - "proton:ListServiceTemplates", - "qldb:ListJournalKinesisStreamsForLedger", - "qldb:ListLedgers", - "quicksight:DescribeAccountSubscription", - "quicksight:ListDataSets", - "quicksight:ListDataSources", - "quicksight:ListTemplates", - "quicksight:ListThemes", - "ram:GetResourceShares", - "rds:DescribeBlueGreenDeployments", - "rds:DescribeDBClusterEndpoints", - "rds:DescribeDBClusterParameterGroups", - "rds:DescribeDBClusterSnapshots", - "rds:DescribeDBClusters", - "rds:DescribeDBEngineVersions", - "rds:DescribeDBInstanceAutomatedBackups", - "rds:DescribeDBInstances", - "rds:DescribeDBParameterGroups", - "rds:DescribeDBProxies", - "rds:DescribeDBProxyEndpoints", - "rds:DescribeDBSecurityGroups", - "rds:DescribeDBSnapshots", - "rds:DescribeDBSubnetGroups", - "rds:DescribeEventSubscriptions", - "rds:DescribeGlobalClusters", - "rds:DescribeOptionGroups", - "rds:DescribeReservedDBInstances", - "redshift:DescribeClusterParameterGroups", - "redshift:DescribeClusterSnapshots", - "redshift:DescribeClusterSubnetGroups", - "redshift:DescribeClusters", - "redshift:DescribeEventSubscriptions", - "redshift:DescribeHsmClientCertificates", - "redshift:DescribeSnapshotCopyGrants", - "redshift:DescribeSnapshotSchedules", - "redshift:DescribeUsageLimits", - "refactor-spaces:ListApplications", - "refactor-spaces:ListEnvironments", - "refactor-spaces:ListRoutes", - "refactor-spaces:ListServices", - "rekognition:DescribeProjects", - "resiliencehub:ListApps", - "resiliencehub:ListResiliencyPolicies", - "resource-explorer-2:GetIndex", - "resource-explorer-2:ListViews", - "resource-groups:ListGroups", - "route53-recovery-control-config:ListClusters", - "route53-recovery-control-config:ListControlPanels", - "route53-recovery-control-config:ListRoutingControls", - "route53-recovery-control-config:ListSafetyRules", - "route53-recovery-readiness:ListCells", - "route53-recovery-readiness:ListReadinessChecks", - "route53-recovery-readiness:ListRecoveryGroups", - "route53-recovery-readiness:ListResourceSets", - "route53:ListHealthChecks", - "route53:ListHostedZones", - "route53domains:ListDomains", - "route53resolver:ListFirewallDomainLists", - "route53resolver:ListFirewallRuleGroupAssociations", - "route53resolver:ListFirewallRuleGroups", - "route53resolver:ListResolverEndpoints", - "route53resolver:ListResolverQueryLogConfigs", - "route53resolver:ListResolverRules", - "rum:ListAppMonitors", - "s3:GetBucketLocation", - "s3:ListAccessPoints", - "s3:ListAllMyBuckets", - "s3:ListBucket", - "s3:ListMultiRegionAccessPoints", - "s3:ListStorageLensConfigurations", - "s3:ListStorageLensGroups", - "s3express:ListAllMyDirectoryBuckets", - "sagemaker:ListActions", - "sagemaker:ListAlgorithms", - "sagemaker:ListAppImageConfigs", - "sagemaker:ListApps", - "sagemaker:ListArtifacts", - "sagemaker:ListClusters", - "sagemaker:ListCodeRepositories", - "sagemaker:ListContexts", - "sagemaker:ListDomains", - "sagemaker:ListEndpointConfigs", - "sagemaker:ListEndpoints", - "sagemaker:ListExperiments", - "sagemaker:ListFeatureGroups", - "sagemaker:ListFlowDefinitions", - "sagemaker:ListHubContents", - "sagemaker:ListHubs", - "sagemaker:ListHumanTaskUis", - "sagemaker:ListImageVersions", - "sagemaker:ListImages", - "sagemaker:ListInferenceComponents", - "sagemaker:ListInferenceExperiments", - "sagemaker:ListMlflowTrackingServers", - "sagemaker:ListModelCardVersions", - "sagemaker:ListModelCards", - "sagemaker:ListModelPackageGroups", - "sagemaker:ListModelPackages", - "sagemaker:ListModels", - "sagemaker:ListMonitoringSchedules", - "sagemaker:ListNotebookInstanceLifecycleConfigs", - "sagemaker:ListNotebookInstances", - "sagemaker:ListPipelines", - "sagemaker:ListProjects", - "sagemaker:ListSpaces", - "sagemaker:ListStudioLifecycleConfigs", - "sagemaker:ListTrialComponents", - "sagemaker:ListTrials", - "sagemaker:ListUserProfiles", - "sagemaker:ListWorkforces", - "sagemaker:ListWorkteams", - "scheduler:ListScheduleGroups", - "schemas:ListDiscoverers", - "secretsmanager:ListSecrets", - "servicecatalog:ListApplications", - "servicecatalog:ListAttributeGroups", - "servicediscovery:ListServices", - "ses:ListConfigurationSets", - "ses:ListContactLists", - "ses:ListDedicatedIpPools", - "ses:ListEmailIdentities", - "shield:ListProtectionGroups", - "shield:ListProtections", - "signer:ListSigningProfiles", - "sns:ListTopics", - "sqs:ListQueues", - "ssm-incidents:ListResponsePlans", - "ssm:DescribeInstanceInformation", - "ssm:DescribeMaintenanceWindowTargets", - "ssm:DescribeMaintenanceWindowTasks", - "ssm:DescribeMaintenanceWindows", - "ssm:DescribeParameters", - "ssm:DescribeSessions", - "ssm:ListAssociations", - "ssm:ListDocuments", - "ssm:ListResourceDataSync", - "states:ListActivities", - "states:ListStateMachines", - "storagegateway:ListGateways", - "synthetics:DescribeCanaries", - "synthetics:ListGroups", - "transfer:ListAgreements", - "transfer:ListCertificates", - "transfer:ListConnectors", - "transfer:ListProfiles", - "transfer:ListServers", - "transfer:ListUsers", - "transfer:ListWorkflows", - "verifiedpermissions:ListPolicyStores", - "vpc-lattice:ListListeners", - "vpc-lattice:ListServiceNetworkServiceAssociations", - "vpc-lattice:ListServiceNetworks", - "vpc-lattice:ListServices", - "vpc-lattice:ListTargetGroups", - "wafv2:ListIPSets", - "wafv2:ListRegexPatternSets", - "wafv2:ListRuleGroups", - "wafv2:ListWebACLs", - "wisdom:ListAssistantAssociations", - "wisdom:ListAssistants", - "wisdom:ListContents", - "wisdom:ListKnowledgeBases", - "workspaces-web:ListPortals", - "workspaces:DescribeConnectionAliases", - "workspaces:DescribeWorkspaces" - ], - "Resource": "*" - }, - { - "Sid": "PermissionsForReadGetResources", - "Effect": "Allow", - "Action": [ - "cloudformation:GetResource", - "cloudfront:GetDistribution", - "cloudfront:GetDistributionConfig", - "dynamodb:DescribeContinuousBackups", - "dynamodb:DescribeContributorInsights", - "dynamodb:DescribeKinesisStreamingDestination", - "dynamodb:DescribeTable", - "dynamodb:GetResourcePolicy", - "dynamodb:ListTagsOfResource", - "ecs:ListTagsForResource", - "elasticloadbalancing:DescribeCapacityReservation", - "elasticloadbalancing:DescribeLoadBalancerAttributes", - "elasticloadbalancing:DescribeLoadBalancerPolicies", - "elasticloadbalancing:DescribeLoadBalancerPolicyTypes", - "elasticloadbalancing:DescribeTags", - "elasticloadbalancing:DescribeTargetGroupAttributes", - "elasticloadbalancing:DescribeTargetHealth", - "events:DescribeRule", - "events:ListTargetsByRule", - "iam:GetRole", - "iam:GetRolePolicy", - "iam:ListAttachedRolePolicies", - "iam:ListRolePolicies", - "kinesis:DescribeStreamSummary", - "kinesis:ListTagsForStream", - "lambda:GetEventSourceMapping", - "lambda:GetFunction", - "lambda:GetFunctionCodeSigningConfig", - "lambda:GetFunctionRecursionConfig", - "lambda:ListTags", - "logs:DescribeIndexPolicies", - "logs:GetDataProtectionPolicy", - "s3:GetAccelerateConfiguration", - "s3:GetAnalyticsConfiguration", - "s3:GetBucketCORS", - "s3:GetBucketLogging", - "s3:GetBucketMetadataTableConfiguration", - "s3:GetBucketNotification", - "s3:GetBucketObjectLockConfiguration", - "s3:GetBucketOwnershipControls", - "s3:GetBucketPublicAccessBlock", - "s3:GetBucketTagging", - "s3:GetBucketVersioning", - "s3:GetBucketWebsite", - "s3:GetEncryptionConfiguration", - "s3:GetIntelligentTieringConfiguration", - "s3:GetInventoryConfiguration", - "s3:GetLifecycleConfiguration", - "s3:GetMetricsConfiguration", - "s3:GetReplicationConfiguration", - "sns:GetDataProtectionPolicy", - "sns:GetTopicAttributes", - "sns:ListSubscriptionsByTopic", - "sns:ListTagsForResource", - "sqs:GetQueueAttributes", - "sqs:ListQueueTags" - ], - "Resource": "*" - } - ] - }, - "tags": [] - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "AWSResourceExplorerServiceRolePolicy", - "type": "AwsIamPolicy", - "uid": "arn:aws:iam::aws:policy/aws-service-role/AWSResourceExplorerServiceRolePolicy" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "It is more secure to start with a minimum set of permissions and grant additional permissions as necessary, rather than starting with permissions that are too lenient and then trying to tighten them later. List policies an analyze if permissions are the least possible to conduct business activities.", - "references": [ - "http://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html" - ] - }, - "risk_details": "IAM policies are the means by which privileges are granted to users, groups, or roles. It is recommended and considered a standard security advice to grant least privilegeβ€”that is, granting only the permissions required to perform a task. Determine what users need to do and then craft policies for them that let the users perform only those tasks instead of allowing full administrative privileges. Providing full administrative privileges instead of restricting to the minimum set of permissions that the user is required to do exposes the resources to potentially unwanted actions.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No SAML Providers found.", - "metadata": { - "event_code": "iam_check_saml_providers_sts", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "No SAML Providers found.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.21" - ], - "ENS-RD2022": [ - "op.acc.1.aws.iam.2" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.3", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.21" - ], - "CIS-5.0": [ - "1.20" - ], - "CIS-1.4": [ - "1.21" - ], - "CCC": [ - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR06" - ], - "ProwlerThreatScore-1.0": [ - "1.2.7" - ], - "CIS-1.5": [ - "1.21" - ], - "KISA-ISMS-P-2023": [ - "2.5.3", - "2.10.2" - ], - "CIS-2.0": [ - "1.21" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Check if there are SAML Providers then STS can be used", - "title": "Check if there are SAML Providers then STS can be used", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_check_saml_providers_sts-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:iam::211203495394:root" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Enable SAML provider and use temporary credentials. You can use temporary security credentials to make programmatic requests for AWS resources using the AWS CLI or AWS API (using the AWS SDKs ). The temporary credentials provide the same permissions that you have with use long-term security credentials such as IAM user credentials. In case of not having SAML provider capabilities prevent usage of long-lived credentials.", - "references": [ - "https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRoleWithSAML.html" - ] - }, - "risk_details": "Without SAML provider users with AWS CLI or AWS API access can use IAM static credentials. SAML helps users to assume role by default each time they authenticate.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Inline policy CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-read attached to user test-user-trusted does not allow privilege escalation.", - "metadata": { - "event_code": "iam_inline_policy_allows_privilege_escalation", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Inline policy CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-read attached to user test-user-trusted does not allow privilege escalation.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_3_3" - ], - "C5-2025": [ - "SP-01.04B", - "AM-09.04AC" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.LB.CN05.AR01", - "CCC.Monitor.CN05.AR01", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR04" - ], - "ProwlerThreatScore-1.0": [ - "1.3.3" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure no Inline IAM policies allow actions that may lead into Privilege Escalation", - "title": "Ensure no IAM Inline policies allow actions that may lead into Privilege Escalation", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards" - ], - "uid": "prowler-aws-iam_inline_policy_allows_privilege_escalation-211203495394-us-east-1-test-user-trusted/CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-read" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-read", - "arn": "arn:aws:iam::211203495394:user/test-user-trusted", - "entity": "test-user-trusted", - "version_id": "v1", - "type": "Inline", - "attached": true, - "document": { - "Statement": [ - { - "Action": [ - "s3:GetObject", - "s3:ListBucket", - "rds:DescribeDBInstances", - "ec2:Describe*" - ], - "Effect": "Allow", - "Resource": "arn:aws:s3:us-east-1:211203495394:storage-lens/default-account-dashboard" - } - ], - "Version": "2012-10-17" - }, - "tags": [] - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "test-user-trusted/CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-read", - "type": "AwsIamPolicy", - "uid": "arn:aws:iam::211203495394:user/test-user-trusted" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Grant usage permission on a per-resource basis and applying least privilege principle.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#grant-least-privilege" - ] - }, - "risk_details": "Users with some IAM permissions are allowed to elevate their privileges up to administrator rights.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Inline policy CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-write attached to user test-user-trusted does not allow privilege escalation.", - "metadata": { - "event_code": "iam_inline_policy_allows_privilege_escalation", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Inline policy CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-write attached to user test-user-trusted does not allow privilege escalation.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_3_3" - ], - "C5-2025": [ - "SP-01.04B", - "AM-09.04AC" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.LB.CN05.AR01", - "CCC.Monitor.CN05.AR01", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR04" - ], - "ProwlerThreatScore-1.0": [ - "1.3.3" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure no Inline IAM policies allow actions that may lead into Privilege Escalation", - "title": "Ensure no IAM Inline policies allow actions that may lead into Privilege Escalation", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards" - ], - "uid": "prowler-aws-iam_inline_policy_allows_privilege_escalation-211203495394-us-east-1-test-user-trusted/CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-write" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-write", - "arn": "arn:aws:iam::211203495394:user/test-user-trusted", - "entity": "test-user-trusted", - "version_id": "v1", - "type": "Inline", - "attached": true, - "document": { - "Statement": [ - { - "Action": [ - "s3:GetObject", - "s3:PutObject", - "s3:DeleteObject", - "s3:ListBucket", - "rds:DescribeDBInstances", - "rds:ModifyDBInstance", - "ec2:Describe*" - ], - "Effect": "Allow", - "Resource": "arn:aws:s3:us-east-1:211203495394:storage-lens/default-account-dashboard" - } - ], - "Version": "2012-10-17" - }, - "tags": [] - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "test-user-trusted/CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-write", - "type": "AwsIamPolicy", - "uid": "arn:aws:iam::211203495394:user/test-user-trusted" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Grant usage permission on a per-resource basis and applying least privilege principle.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#grant-least-privilege" - ] - }, - "risk_details": "Users with some IAM permissions are allowed to elevate their privileges up to administrator rights.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Inline policy CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-read attached to user test-user-trusted does not allow '*:*' administrative privileges.", - "metadata": { - "event_code": "iam_inline_policy_no_administrative_privileges", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Inline policy CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-read attached to user test-user-trusted does not allow '*:*' administrative privileges.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "CAF Security Epic: IAM", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_1", - "3_1_2", - "3_1_4", - "3_1_5", - "3_1_6", - "3_1_7", - "3_4_6", - "3_13_3" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_1" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_308_a_3_i", - "164_308_a_3_ii_b", - "164_308_a_4_i", - "164_308_a_4_ii_b", - "164_308_a_4_ii_c", - "164_312_a_1" - ], - "SOC2": [ - "cc_1_3", - "cc_6_3" - ], - "C5-2025": [ - "OIS-04.01AC", - "SP-01.04B", - "HR-01.01B", - "IAM-01.01B", - "IAM-01.04B" - ], - "NIST-CSF-1.1": [ - "ac_1", - "ac_4", - "pt_3" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-1", - "ac-2-f", - "ac-2-j", - "ac-3", - "ac-5-c", - "ac-6-10", - "ac-6", - "sc-2" - ], - "NIST-800-53-Revision-5": [ - "ac_2_1", - "ac_2_6", - "ac_2_i_2", - "ac_3", - "ac_3_3", - "ac_3_3_a", - "ac_3_3_b_1", - "ac_3_3_b_2", - "ac_3_3_b_3", - "ac_3_3_b_4", - "ac_3_3_b_5", - "ac_3_3_c", - "ac_3_4", - "ac_3_4_a", - "ac_3_4_b", - "ac_3_4_c", - "ac_3_4_d", - "ac_3_4_e", - "ac_3_7", - "ac_3_8", - "ac_3_12_a", - "ac_3_13", - "ac_3_15_a", - "ac_3_15_b", - "ac_4_28", - "ac_5_b", - "ac_6", - "ac_6_2", - "ac_6_3", - "ac_6_10", - "ac_24", - "cm_5_1_a", - "cm_6_a", - "cm_9_b", - "mp_2", - "sc_23_3", - "sc_25" - ], - "ENS-RD2022": [ - "op.acc.4.aws.iam.1", - "op.acc.4.aws.iam.2", - "op.acc.4.aws.iam.9", - "op.exp.8.r4.aws.ct.8" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "ac-3" - ], - "FFIEC": [ - "d3-pc-am-b-1", - "d3-pc-am-b-16", - "d3-pc-am-b-2", - "d3-pc-am-b-3", - "d3-pc-am-b-6", - "d3-pc-im-b-7" - ], - "GDPR": [ - "article_25" - ], - "CCC": [ - "CCC.LB.CN05.AR01" - ], - "GxP-21-CFR-Part-11": [ - "11.10-d", - "11.10-g" - ], - "AWS-Foundational-Security-Best-Practices": [ - "IAM.1" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC03-BP02" - ], - "ISO27001-2022": [ - "A.5.18", - "A.8.2" - ], - "NIST-800-53-Revision-4": [ - "ac_2", - "ac_3", - "ac_5", - "ac_6", - "sc_2" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1078", - "T1648", - "T1098", - "T1578", - "T1550", - "T1040", - "T1580", - "T1538", - "T1619", - "T1201" - ], - "CISA": [ - "your-systems-3", - "your-surroundings-3" - ], - "NIS2": [ - "6.7.2.e", - "11.3.2.c", - "11.4.2.b" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure inline policies that allow full \"*:*\" administrative privileges are not associated to IAM identities", - "title": "Ensure IAM inline policies that allow full \"*:*\" administrative privileges are not associated to IAM identities", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_inline_policy_no_administrative_privileges-211203495394-us-east-1-test-user-trusted/CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-read" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-read", - "arn": "arn:aws:iam::211203495394:user/test-user-trusted", - "entity": "test-user-trusted", - "version_id": "v1", - "type": "Inline", - "attached": true, - "document": { - "Statement": [ - { - "Action": [ - "s3:GetObject", - "s3:ListBucket", - "rds:DescribeDBInstances", - "ec2:Describe*" - ], - "Effect": "Allow", - "Resource": "arn:aws:s3:us-east-1:211203495394:storage-lens/default-account-dashboard" - } - ], - "Version": "2012-10-17" - }, - "tags": [] - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "test-user-trusted/CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-read", - "type": "AwsIamPolicy", - "uid": "arn:aws:iam::211203495394:user/test-user-trusted" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "It is more secure to start with a minimum set of permissions and grant additional permissions as necessary, rather than starting with permissions that are too lenient and then trying to tighten them later. List policies an analyze if permissions are the least possible to conduct business activities.", - "references": [ - "http://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html" - ] - }, - "risk_details": "IAM policies are the means by which privileges are granted to users, groups or roles. It is recommended and considered a standard security advice to grant least privilegeβ€”that is, granting only the permissions required to perform a task. Determine what users need to do and then craft policies for them that let the users perform only those tasks instead of allowing full administrative privileges. Providing full administrative privileges instead of restricting to the minimum set of permissions that the user is required to do exposes the resources to potentially unwanted actions.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Inline policy CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-write attached to user test-user-trusted does not allow '*:*' administrative privileges.", - "metadata": { - "event_code": "iam_inline_policy_no_administrative_privileges", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Inline policy CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-write attached to user test-user-trusted does not allow '*:*' administrative privileges.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "CAF Security Epic: IAM", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_1", - "3_1_2", - "3_1_4", - "3_1_5", - "3_1_6", - "3_1_7", - "3_4_6", - "3_13_3" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_1" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_308_a_3_i", - "164_308_a_3_ii_b", - "164_308_a_4_i", - "164_308_a_4_ii_b", - "164_308_a_4_ii_c", - "164_312_a_1" - ], - "SOC2": [ - "cc_1_3", - "cc_6_3" - ], - "C5-2025": [ - "OIS-04.01AC", - "SP-01.04B", - "HR-01.01B", - "IAM-01.01B", - "IAM-01.04B" - ], - "NIST-CSF-1.1": [ - "ac_1", - "ac_4", - "pt_3" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-1", - "ac-2-f", - "ac-2-j", - "ac-3", - "ac-5-c", - "ac-6-10", - "ac-6", - "sc-2" - ], - "NIST-800-53-Revision-5": [ - "ac_2_1", - "ac_2_6", - "ac_2_i_2", - "ac_3", - "ac_3_3", - "ac_3_3_a", - "ac_3_3_b_1", - "ac_3_3_b_2", - "ac_3_3_b_3", - "ac_3_3_b_4", - "ac_3_3_b_5", - "ac_3_3_c", - "ac_3_4", - "ac_3_4_a", - "ac_3_4_b", - "ac_3_4_c", - "ac_3_4_d", - "ac_3_4_e", - "ac_3_7", - "ac_3_8", - "ac_3_12_a", - "ac_3_13", - "ac_3_15_a", - "ac_3_15_b", - "ac_4_28", - "ac_5_b", - "ac_6", - "ac_6_2", - "ac_6_3", - "ac_6_10", - "ac_24", - "cm_5_1_a", - "cm_6_a", - "cm_9_b", - "mp_2", - "sc_23_3", - "sc_25" - ], - "ENS-RD2022": [ - "op.acc.4.aws.iam.1", - "op.acc.4.aws.iam.2", - "op.acc.4.aws.iam.9", - "op.exp.8.r4.aws.ct.8" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "ac-3" - ], - "FFIEC": [ - "d3-pc-am-b-1", - "d3-pc-am-b-16", - "d3-pc-am-b-2", - "d3-pc-am-b-3", - "d3-pc-am-b-6", - "d3-pc-im-b-7" - ], - "GDPR": [ - "article_25" - ], - "CCC": [ - "CCC.LB.CN05.AR01" - ], - "GxP-21-CFR-Part-11": [ - "11.10-d", - "11.10-g" - ], - "AWS-Foundational-Security-Best-Practices": [ - "IAM.1" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC03-BP02" - ], - "ISO27001-2022": [ - "A.5.18", - "A.8.2" - ], - "NIST-800-53-Revision-4": [ - "ac_2", - "ac_3", - "ac_5", - "ac_6", - "sc_2" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1078", - "T1648", - "T1098", - "T1578", - "T1550", - "T1040", - "T1580", - "T1538", - "T1619", - "T1201" - ], - "CISA": [ - "your-systems-3", - "your-surroundings-3" - ], - "NIS2": [ - "6.7.2.e", - "11.3.2.c", - "11.4.2.b" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure inline policies that allow full \"*:*\" administrative privileges are not associated to IAM identities", - "title": "Ensure IAM inline policies that allow full \"*:*\" administrative privileges are not associated to IAM identities", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_inline_policy_no_administrative_privileges-211203495394-us-east-1-test-user-trusted/CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-write" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-write", - "arn": "arn:aws:iam::211203495394:user/test-user-trusted", - "entity": "test-user-trusted", - "version_id": "v1", - "type": "Inline", - "attached": true, - "document": { - "Statement": [ - { - "Action": [ - "s3:GetObject", - "s3:PutObject", - "s3:DeleteObject", - "s3:ListBucket", - "rds:DescribeDBInstances", - "rds:ModifyDBInstance", - "ec2:Describe*" - ], - "Effect": "Allow", - "Resource": "arn:aws:s3:us-east-1:211203495394:storage-lens/default-account-dashboard" - } - ], - "Version": "2012-10-17" - }, - "tags": [] - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "test-user-trusted/CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-write", - "type": "AwsIamPolicy", - "uid": "arn:aws:iam::211203495394:user/test-user-trusted" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "It is more secure to start with a minimum set of permissions and grant additional permissions as necessary, rather than starting with permissions that are too lenient and then trying to tighten them later. List policies an analyze if permissions are the least possible to conduct business activities.", - "references": [ - "http://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html" - ] - }, - "risk_details": "IAM policies are the means by which privileges are granted to users, groups or roles. It is recommended and considered a standard security advice to grant least privilegeβ€”that is, granting only the permissions required to perform a task. Determine what users need to do and then craft policies for them that let the users perform only those tasks instead of allowing full administrative privileges. Providing full administrative privileges instead of restricting to the minimum set of permissions that the user is required to do exposes the resources to potentially unwanted actions.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Inline policy CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-read attached to user test-user-trusted does not allow 'cloudtrail:*' privileges.", - "metadata": { - "event_code": "iam_inline_policy_no_full_access_to_cloudtrail", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Inline policy CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-read attached to user test-user-trusted does not allow 'cloudtrail:*' privileges.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-10.01B", - "SIM-03.07B", - "COM-04.01AC" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.LB.CN05.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN05.AR01", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR04" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure IAM inline policies that allow full \"cloudtrail:*\" privileges are not created", - "title": "Ensure IAM inline policies that allow full \"cloudtrail:*\" privileges are not created", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_inline_policy_no_full_access_to_cloudtrail-211203495394-us-east-1-test-user-trusted/CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-read" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-read", - "arn": "arn:aws:iam::211203495394:user/test-user-trusted", - "entity": "test-user-trusted", - "version_id": "v1", - "type": "Inline", - "attached": true, - "document": { - "Statement": [ - { - "Action": [ - "s3:GetObject", - "s3:ListBucket", - "rds:DescribeDBInstances", - "ec2:Describe*" - ], - "Effect": "Allow", - "Resource": "arn:aws:s3:us-east-1:211203495394:storage-lens/default-account-dashboard" - } - ], - "Version": "2012-10-17" - }, - "tags": [] - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "test-user-trusted/CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-read", - "type": "AwsIamPolicy", - "uid": "arn:aws:iam::211203495394:user/test-user-trusted" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "It is more secure to start with a minimum set of permissions and grant additional permissions as necessary, rather than starting with permissions that are too lenient and then trying to tighten them later. List policies an analyze if permissions are the least possible to conduct business activities.", - "references": [ - "http://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html" - ] - }, - "risk_details": "CloudTrail is a critical service and IAM policies should follow least privilege model for this service in particular", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Inline policy CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-write attached to user test-user-trusted does not allow 'cloudtrail:*' privileges.", - "metadata": { - "event_code": "iam_inline_policy_no_full_access_to_cloudtrail", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Inline policy CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-write attached to user test-user-trusted does not allow 'cloudtrail:*' privileges.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-10.01B", - "SIM-03.07B", - "COM-04.01AC" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.LB.CN05.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN05.AR01", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR04" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure IAM inline policies that allow full \"cloudtrail:*\" privileges are not created", - "title": "Ensure IAM inline policies that allow full \"cloudtrail:*\" privileges are not created", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_inline_policy_no_full_access_to_cloudtrail-211203495394-us-east-1-test-user-trusted/CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-write" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-write", - "arn": "arn:aws:iam::211203495394:user/test-user-trusted", - "entity": "test-user-trusted", - "version_id": "v1", - "type": "Inline", - "attached": true, - "document": { - "Statement": [ - { - "Action": [ - "s3:GetObject", - "s3:PutObject", - "s3:DeleteObject", - "s3:ListBucket", - "rds:DescribeDBInstances", - "rds:ModifyDBInstance", - "ec2:Describe*" - ], - "Effect": "Allow", - "Resource": "arn:aws:s3:us-east-1:211203495394:storage-lens/default-account-dashboard" - } - ], - "Version": "2012-10-17" - }, - "tags": [] - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "test-user-trusted/CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-write", - "type": "AwsIamPolicy", - "uid": "arn:aws:iam::211203495394:user/test-user-trusted" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "It is more secure to start with a minimum set of permissions and grant additional permissions as necessary, rather than starting with permissions that are too lenient and then trying to tighten them later. List policies an analyze if permissions are the least possible to conduct business activities.", - "references": [ - "http://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html" - ] - }, - "risk_details": "CloudTrail is a critical service and IAM policies should follow least privilege model for this service in particular", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Inline policy CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-read attached to user test-user-trusted does not allow 'kms:*' privileges.", - "metadata": { - "event_code": "iam_inline_policy_no_full_access_to_kms", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Inline policy CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-read attached to user test-user-trusted does not allow 'kms:*' privileges.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "IAM-10.01B", - "CRY-05.02B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "PCI-4.0": [ - "3.5.1.1.8", - "3.5.1.3.16", - "3.6.1.2.8", - "3.6.1.3.8", - "3.6.1.4.8", - "3.6.1.8", - "3.7.1.9", - "3.7.2.8", - "3.7.4.9", - "3.7.6.8", - "3.7.7.8", - "4.2.1.1.21", - "7.2.1.10", - "7.2.2.10", - "7.2.3.6", - "7.2.5.6", - "7.3.1.6", - "7.3.2.6", - "7.3.3.6", - "8.2.7.6", - "8.2.8.8", - "8.3.4.6" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.KeyMgmt.CN02.AR01", - "CCC.LB.CN05.AR01", - "CCC.ObjStor.CN01.AR02", - "CCC.ObjStor.CN01.AR04", - "CCC.MLDE.CN01.AR01", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR04" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure IAM inline policies that allow full \"kms:*\" privileges are not created", - "title": "Ensure IAM inline policies that allow full \"kms:*\" privileges are not created", - "types": [ - "Software and Configuration Checks" - ], - "uid": "prowler-aws-iam_inline_policy_no_full_access_to_kms-211203495394-us-east-1-test-user-trusted/CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-read" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-read", - "arn": "arn:aws:iam::211203495394:user/test-user-trusted", - "entity": "test-user-trusted", - "version_id": "v1", - "type": "Inline", - "attached": true, - "document": { - "Statement": [ - { - "Action": [ - "s3:GetObject", - "s3:ListBucket", - "rds:DescribeDBInstances", - "ec2:Describe*" - ], - "Effect": "Allow", - "Resource": "arn:aws:s3:us-east-1:211203495394:storage-lens/default-account-dashboard" - } - ], - "Version": "2012-10-17" - }, - "tags": [] - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "test-user-trusted/CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-read", - "type": "AwsIamPolicy", - "uid": "arn:aws:iam::211203495394:user/test-user-trusted" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "It is more secure to start with a minimum set of permissions and grant additional permissions as necessary, rather than starting with permissions that are too lenient and then trying to tighten them later. List policies an analyze if permissions are the least possible to conduct business activities.", - "references": [ - "http://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html" - ] - }, - "risk_details": "KMS is a critical service and IAM policies should follow least privilege model for this service in particular", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Inline policy CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-write attached to user test-user-trusted does not allow 'kms:*' privileges.", - "metadata": { - "event_code": "iam_inline_policy_no_full_access_to_kms", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Inline policy CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-write attached to user test-user-trusted does not allow 'kms:*' privileges.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "IAM-10.01B", - "CRY-05.02B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "PCI-4.0": [ - "3.5.1.1.8", - "3.5.1.3.16", - "3.6.1.2.8", - "3.6.1.3.8", - "3.6.1.4.8", - "3.6.1.8", - "3.7.1.9", - "3.7.2.8", - "3.7.4.9", - "3.7.6.8", - "3.7.7.8", - "4.2.1.1.21", - "7.2.1.10", - "7.2.2.10", - "7.2.3.6", - "7.2.5.6", - "7.3.1.6", - "7.3.2.6", - "7.3.3.6", - "8.2.7.6", - "8.2.8.8", - "8.3.4.6" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.KeyMgmt.CN02.AR01", - "CCC.LB.CN05.AR01", - "CCC.ObjStor.CN01.AR02", - "CCC.ObjStor.CN01.AR04", - "CCC.MLDE.CN01.AR01", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR04" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure IAM inline policies that allow full \"kms:*\" privileges are not created", - "title": "Ensure IAM inline policies that allow full \"kms:*\" privileges are not created", - "types": [ - "Software and Configuration Checks" - ], - "uid": "prowler-aws-iam_inline_policy_no_full_access_to_kms-211203495394-us-east-1-test-user-trusted/CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-write" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-write", - "arn": "arn:aws:iam::211203495394:user/test-user-trusted", - "entity": "test-user-trusted", - "version_id": "v1", - "type": "Inline", - "attached": true, - "document": { - "Statement": [ - { - "Action": [ - "s3:GetObject", - "s3:PutObject", - "s3:DeleteObject", - "s3:ListBucket", - "rds:DescribeDBInstances", - "rds:ModifyDBInstance", - "ec2:Describe*" - ], - "Effect": "Allow", - "Resource": "arn:aws:s3:us-east-1:211203495394:storage-lens/default-account-dashboard" - } - ], - "Version": "2012-10-17" - }, - "tags": [] - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "test-user-trusted/CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-write", - "type": "AwsIamPolicy", - "uid": "arn:aws:iam::211203495394:user/test-user-trusted" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "It is more secure to start with a minimum set of permissions and grant additional permissions as necessary, rather than starting with permissions that are too lenient and then trying to tighten them later. List policies an analyze if permissions are the least possible to conduct business activities.", - "references": [ - "http://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html" - ] - }, - "risk_details": "KMS is a critical service and IAM policies should follow least privilege model for this service in particular", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Root account does not have access keys.", - "metadata": { - "event_code": "iam_no_root_access_key", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "PASS", - "status_detail": "Root account does not have access keys.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_1", - "3_1_2", - "3_1_4", - "3_1_5", - "3_1_6", - "3_1_7", - "3_4_6" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_1" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_308_a_3_i", - "164_308_a_3_ii_b", - "164_308_a_4_ii_c", - "164_312_a_2_i" - ], - "C5-2025": [ - "IAM-03.01B", - "IAM-03.03B", - "IAM-06.02B", - "IAM-10.01B", - "CRY-03.01B" - ], - "NIST-CSF-1.1": [ - "ac_1", - "ac_4", - "pt_3" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-1", - "ac-2-f", - "ac-2-j", - "ac-3", - "ac-5-c", - "ac-6-10", - "ac-6", - "ia-2" - ], - "CIS-3.0": [ - "1.4" - ], - "NIST-800-53-Revision-5": [ - "ac_2_1", - "ac_2_6", - "ac_3_3", - "ac_3_3_a", - "ac_3_3_b_1", - "ac_3_3_b_2", - "ac_3_3_b_3", - "ac_3_3_b_4", - "ac_3_3_b_5", - "ac_3_3_c", - "ac_3_4", - "ac_3_4_a", - "ac_3_4_b", - "ac_3_4_c", - "ac_3_4_d", - "ac_3_4_e", - "ac_3_7", - "ac_3_8", - "ac_3_12_a", - "ac_3_13", - "ac_3_15_a", - "ac_3_15_b", - "ac_4_28", - "ac_6", - "ac_6_2", - "ac_6_10", - "ac_24", - "cm_5_1_a", - "cm_6_a", - "cm_9_b", - "ia_2", - "ia_4_b", - "ia_4_4", - "ia_4_8", - "ia_5_8", - "mp_2", - "sc_23_3", - "sc_25" - ], - "ENS-RD2022": [ - "op.acc.4.aws.iam.7" - ], - "AWS-Foundational-Technical-Review": [ - "ARC-004" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.5", - "2.7.2", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.4" - ], - "PCI-4.0": [ - "7.2.1.17", - "7.2.2.17", - "7.2.3.8", - "8.2.1.4", - "8.2.2.6", - "8.2.4.4", - "8.2.5.4", - "8.3.11.4" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "ac-3", - "ia-2" - ], - "FFIEC": [ - "d3-pc-am-b-1", - "d3-pc-am-b-3", - "d3-pc-am-b-8" - ], - "GDPR": [ - "article_25" - ], - "CIS-5.0": [ - "1.3" - ], - "CIS-1.4": [ - "1.4" - ], - "CCC": [ - "CCC.Core.CN05.AR06" - ], - "GxP-21-CFR-Part-11": [ - "11.10-d", - "11.10-g", - "11.200" - ], - "ProwlerThreatScore-1.0": [ - "1.1.13" - ], - "AWS-Foundational-Security-Best-Practices": [ - "IAM.4" - ], - "CIS-1.5": [ - "1.4" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC01-BP02" - ], - "ISO27001-2022": [ - "A.5.15" - ], - "NIST-800-53-Revision-4": [ - "ac_2", - "ac_3", - "ac_6_10", - "ac_6" - ], - "AWS-Account-Security-Onboarding": [ - "Block root user" - ], - "KISA-ISMS-P-2023": [ - "2.5.5", - "2.7.2", - "2.10.2" - ], - "ISO27001-2013": [ - "A.9.2", - "A.9.4" - ], - "MITRE-ATTACK": [ - "T1078", - "T1550" - ], - "CIS-2.0": [ - "1.4" - ], - "CISA": [ - "your-systems-3", - "your-surroundings-3" - ], - "NIS2": [ - "9.2.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure no root account access key exists", - "title": "Ensure no root account access key exists", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_no_root_access_key-211203495394-us-east-1-" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "user": "", - "arn": "arn:aws:iam::211203495394:root", - "user_creation_time": "2025-10-03T16:10:08Z", - "password_enabled": "true", - "password_last_used": "2025-10-15T00:42:44Z", - "password_last_changed": "2025-10-03T16:10:08Z", - "password_next_rotation": "not_supported", - "mfa_active": "true", - "access_key_1_active": "false", - "access_key_1_last_rotated": "N/A", - "access_key_1_last_used_date": "N/A", - "access_key_1_last_used_region": "N/A", - "access_key_1_last_used_service": "N/A", - "access_key_2_active": "false", - "access_key_2_last_rotated": "N/A", - "access_key_2_last_used_date": "N/A", - "access_key_2_last_used_region": "N/A", - "access_key_2_last_used_service": "N/A", - "cert_1_active": "false", - "cert_1_last_rotated": "N/A", - "cert_2_active": "false", - "cert_2_last_rotated": "N/A" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "", - "type": "AwsIamAccessKey", - "uid": "arn:aws:iam::211203495394:root" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Use the credential report to check the user and ensure the access_key_1_active and access_key_2_active fields are set to FALSE. If using AWS Organizations, consider enabling Centralized Root Management and removing individual root credentials.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_getting-report.html" - ] - }, - "risk_details": "The root account is the most privileged user in an AWS account. AWS Access Keys provide programmatic access to a given AWS account. It is recommended that all access keys associated with the root account be removed. Removing access keys associated with the root account limits vectors by which the account can be compromised. Removing the root access keys encourages the creation and use of role based accounts that are least privileged.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Password expiration is not set.", - "metadata": { - "event_code": "iam_password_policy_expires_passwords_within_90_days_or_less", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Password expiration is not set.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_5_5", - "3_5_6", - "3_5_7", - "3_5_8" - ], - "C5-2025": [ - "IAM-03.02B", - "IAM-08.03B", - "IAM-08.05B", - "PSS-07.01B" - ], - "ENS-RD2022": [ - "op.acc.6.aws.iam.3" - ], - "AWS-Foundational-Technical-Review": [ - "IAM-003" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.4", - "2.10.2" - ], - "PCI-4.0": [ - "8.3.6.1", - "8.6.3.2" - ], - "CCC": [ - "CCC.Core.CN05.AR02" - ], - "ProwlerThreatScore-1.0": [ - "1.1.12" - ], - "AWS-Foundational-Security-Best-Practices": [ - "IAM.7", - "IAM.10" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC03-BP06" - ], - "ISO27001-2022": [ - "A.5.15" - ], - "KISA-ISMS-P-2023": [ - "2.5.4", - "2.10.2" - ], - "ISO27001-2013": [ - "A.9.2", - "A.9.3", - "A.9.4" - ], - "MITRE-ATTACK": [ - "T1078", - "T1110" - ], - "NIS2": [ - "1.1.1.d", - "1.1.2", - "9.2.c.v", - "11.6.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure IAM password policy expires passwords within 90 days or less", - "title": "Ensure IAM password policy expires passwords within 90 days or less", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_password_policy_expires_passwords_within_90_days_or_less-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "length": 8, - "symbols": false, - "numbers": false, - "uppercase": false, - "lowercase": false, - "allow_change": true, - "expiration": false, - "max_age": null, - "reuse_prevention": null, - "hard_expiry": null - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:iam:us-east-1:211203495394:password-policy" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Ensure Password expiration period (in days): is set to 90 or less.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_passwords_account-policy.html" - ] - }, - "risk_details": "Password policies are used to enforce password complexity requirements. IAM password policies can be used to ensure password are comprised of different character sets. It is recommended that the password policy require at least one uppercase letter.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "IAM password policy does not require at least one lowercase letter.", - "metadata": { - "event_code": "iam_password_policy_lowercase", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "IAM password policy does not require at least one lowercase letter.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_5_7" - ], - "HIPAA": [ - "164_308_a_5_ii_d" - ], - "C5-2025": [ - "IAM-08.03B", - "PSS-07.01B" - ], - "ENS-RD2022": [ - "op.acc.6.r1.aws.iam.1" - ], - "AWS-Foundational-Technical-Review": [ - "IAM-003" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.4", - "2.10.2" - ], - "FFIEC": [ - "d3-pc-am-b-6", - "d3-pc-am-b-7" - ], - "GDPR": [ - "article_25" - ], - "CCC": [ - "CCC.Core.CN05.AR02" - ], - "GxP-21-CFR-Part-11": [ - "11.10-d", - "11.10-g", - "11.200", - "11.300-b" - ], - "ProwlerThreatScore-1.0": [ - "1.1.8" - ], - "AWS-Foundational-Security-Best-Practices": [ - "IAM.7", - "IAM.10" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC02-BP01" - ], - "ISO27001-2022": [ - "A.5.15" - ], - "KISA-ISMS-P-2023": [ - "2.5.4", - "2.10.2" - ], - "ISO27001-2013": [ - "A.9.2", - "A.9.3", - "A.9.4" - ], - "MITRE-ATTACK": [ - "T1078", - "T1110" - ], - "CISA": [ - "your-systems-3", - "your-surroundings-4" - ], - "NIS2": [ - "9.2.c.v", - "11.6.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure IAM password policy requires at least one uppercase letter", - "title": "Ensure IAM password policy require at least one lowercase letter", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_password_policy_lowercase-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "length": 8, - "symbols": false, - "numbers": false, - "uppercase": false, - "lowercase": false, - "allow_change": true, - "expiration": false, - "max_age": null, - "reuse_prevention": null, - "hard_expiry": null - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:iam:us-east-1:211203495394:password-policy" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Ensure \"Requires at least one lowercase letter\" is checked under \"Password Policy\".", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_passwords_account-policy.html" - ] - }, - "risk_details": "Password policies are used to enforce password complexity requirements. IAM password policies can be used to ensure password are comprised of different character sets. It is recommended that the password policy require at least one lowercase letter.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "IAM password policy does not require minimum length of 14 characters.", - "metadata": { - "event_code": "iam_password_policy_minimum_length_14", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "IAM password policy does not require minimum length of 14 characters.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_5_7" - ], - "HIPAA": [ - "164_308_a_5_ii_d" - ], - "C5-2025": [ - "IAM-08.03B", - "PSS-07.01B" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-1", - "ac-2-f", - "ac-2-j", - "ac-2-3", - "ac-5-c", - "ia-2", - "ia-5-1-a-d-e", - "ia-5-4" - ], - "CIS-3.0": [ - "1.8" - ], - "NIST-800-53-Revision-5": [ - "ac_2_1", - "ac_2_3_a", - "ac_2_3_b", - "ac_2_3_c", - "ac_2_3_d", - "ac_2_3", - "ac_2_d_1", - "ac_3_3", - "ac_3_3_a", - "ac_3_3_b_1", - "ac_3_3_b_2", - "ac_3_3_b_3", - "ac_3_3_b_4", - "ac_3_3_b_5", - "ac_3_3_c", - "ac_3_4", - "ac_3_4_a", - "ac_3_4_b", - "ac_3_4_c", - "ac_3_4_d", - "ac_3_4_e", - "ac_3_8", - "ac_3_12_a", - "ac_3_13", - "ac_3_15_a", - "ac_3_15_b", - "ac_4_28", - "ac_7_4", - "ac_7_4_a", - "ac_24", - "cm_5_1_a", - "cm_6_a", - "cm_9_b", - "cm_12_b", - "ia_4_d", - "ia_5", - "ia_5_b", - "ia_5_c", - "ia_5_d", - "ia_5_f", - "ia_5_h", - "ia_5_1_f", - "ia_5_1_g", - "ia_5_1_h", - "ia_5_1_h", - "ia_5_18_a", - "ia_5_18_b", - "ia_8_2_b", - "ma_4_c", - "sc_23_3" - ], - "ENS-RD2022": [ - "op.acc.6.r1.aws.iam.1" - ], - "AWS-Foundational-Technical-Review": [ - "IAM-003" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.4", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.8" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "ia-2" - ], - "FFIEC": [ - "d3-pc-am-b-6", - "d3-pc-am-b-7" - ], - "GDPR": [ - "article_25" - ], - "CIS-5.0": [ - "1.7" - ], - "CIS-1.4": [ - "1.8" - ], - "CCC": [ - "CCC.Core.CN05.AR02" - ], - "GxP-21-CFR-Part-11": [ - "11.10-d", - "11.10-g", - "11.200", - "11.300-b" - ], - "ProwlerThreatScore-1.0": [ - "1.1.4" - ], - "AWS-Foundational-Security-Best-Practices": [ - "IAM.7", - "IAM.10" - ], - "CIS-1.5": [ - "1.8" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC02-BP01" - ], - "ISO27001-2022": [ - "A.5.15" - ], - "KISA-ISMS-P-2023": [ - "2.5.4", - "2.10.2" - ], - "ISO27001-2013": [ - "A.9.2", - "A.9.3", - "A.9.4" - ], - "MITRE-ATTACK": [ - "T1078", - "T1110" - ], - "CIS-2.0": [ - "1.8" - ], - "CISA": [ - "your-systems-3", - "your-surroundings-4" - ], - "NIS2": [ - "9.2.c.v" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure IAM password policy requires minimum length of 14 or greater", - "title": "Ensure IAM password policy requires minimum length of 14 or greater", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_password_policy_minimum_length_14-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "length": 8, - "symbols": false, - "numbers": false, - "uppercase": false, - "lowercase": false, - "allow_change": true, - "expiration": false, - "max_age": null, - "reuse_prevention": null, - "hard_expiry": null - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:iam:us-east-1:211203495394:password-policy" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Ensure \"Minimum password length\" is checked under \"Password Policy\".", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_passwords_account-policy.html" - ] - }, - "risk_details": "Password policies are used to enforce password complexity requirements. IAM password policies can be used to ensure password are comprised of different character sets. It is recommended that the password policy require minimum length of 14 or greater.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "IAM password policy does not require at least one number.", - "metadata": { - "event_code": "iam_password_policy_number", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "IAM password policy does not require at least one number.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_5_7" - ], - "HIPAA": [ - "164_308_a_5_ii_d" - ], - "C5-2025": [ - "IAM-08.03B", - "IAM-08.05B", - "PSS-07.01B" - ], - "ENS-RD2022": [ - "op.acc.6.r1.aws.iam.1" - ], - "AWS-Foundational-Technical-Review": [ - "IAM-003" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.4", - "2.10.2" - ], - "FFIEC": [ - "d3-pc-am-b-6", - "d3-pc-am-b-7" - ], - "GDPR": [ - "article_25" - ], - "CCC": [ - "CCC.Core.CN05.AR02" - ], - "GxP-21-CFR-Part-11": [ - "11.10-d", - "11.10-g", - "11.200", - "11.300-b" - ], - "ProwlerThreatScore-1.0": [ - "1.1.6" - ], - "AWS-Foundational-Security-Best-Practices": [ - "IAM.7", - "IAM.10" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC02-BP01" - ], - "ISO27001-2022": [ - "A.5.15" - ], - "KISA-ISMS-P-2023": [ - "2.5.4", - "2.10.2" - ], - "ISO27001-2013": [ - "A.9.2", - "A.9.3", - "A.9.4" - ], - "MITRE-ATTACK": [ - "T1078", - "T1110" - ], - "CISA": [ - "your-systems-3", - "your-surroundings-4" - ], - "NIS2": [ - "9.2.c.v" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure IAM password policy require at least one number", - "title": "Ensure IAM password policy require at least one number", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_password_policy_number-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "length": 8, - "symbols": false, - "numbers": false, - "uppercase": false, - "lowercase": false, - "allow_change": true, - "expiration": false, - "max_age": null, - "reuse_prevention": null, - "hard_expiry": null - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:iam:us-east-1:211203495394:password-policy" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Ensure \"Require at least one number\" is checked under \"Password Policy\".", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_passwords_account-policy.html" - ] - }, - "risk_details": "Password policies are used to enforce password complexity requirements. IAM password policies can be used to ensure password are comprised of different character sets. It is recommended that the password policy require at least one number.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "IAM password policy reuse prevention is less than 24 or not set.", - "metadata": { - "event_code": "iam_password_policy_reuse_24", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "IAM password policy reuse prevention is less than 24 or not set.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_5_5", - "3_5_6", - "3_5_7", - "3_5_8" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_2" - ], - "HIPAA": [ - "164_308_a_4_ii_c", - "164_308_a_5_ii_d", - "164_312_d" - ], - "C5-2025": [ - "IAM-01.03B", - "IAM-03.02B", - "IAM-03.03B", - "IAM-03.01AS", - "IAM-08.03B", - "IAM-08.05B", - "IAM-08.07B", - "PSS-07.01B" - ], - "NIST-CSF-1.1": [ - "ac_1" - ], - "CIS-3.0": [ - "1.9" - ], - "ENS-RD2022": [ - "op.acc.6.r1.aws.iam.1" - ], - "AWS-Foundational-Technical-Review": [ - "IAM-003" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.4", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.9" - ], - "GDPR": [ - "article_25" - ], - "PCI-3.2.1": [ - "8.1", - "8.1.4", - "8.2", - "8.2.3", - "8.2.3.a", - "8.2.3.b", - "8.2.4", - "8.2.4.a", - "8.2.4.b", - "8.2.5", - "8.2.5.a", - "8.2.5.b" - ], - "CIS-5.0": [ - "1.8" - ], - "CIS-1.4": [ - "1.9" - ], - "CCC": [ - "CCC.Core.CN05.AR02" - ], - "ProwlerThreatScore-1.0": [ - "1.1.5" - ], - "AWS-Foundational-Security-Best-Practices": [ - "IAM.7", - "IAM.10" - ], - "CIS-1.5": [ - "1.9" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC02-BP01" - ], - "ISO27001-2022": [ - "A.5.15" - ], - "NIST-800-53-Revision-4": [ - "ac_2_1", - "ac_2", - "ia_2", - "ia_5_1", - "ia_5_4" - ], - "KISA-ISMS-P-2023": [ - "2.5.4", - "2.10.2" - ], - "ISO27001-2013": [ - "A.9.2", - "A.9.3", - "A.9.4" - ], - "MITRE-ATTACK": [ - "T1078", - "T1110" - ], - "CIS-2.0": [ - "1.9" - ], - "NIS2": [ - "9.2.c.v" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure IAM password policy prevents password reuse: 24 or greater", - "title": "Ensure IAM password policy prevents password reuse: 24 or greater", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_password_policy_reuse_24-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "length": 8, - "symbols": false, - "numbers": false, - "uppercase": false, - "lowercase": false, - "allow_change": true, - "expiration": false, - "max_age": null, - "reuse_prevention": null, - "hard_expiry": null - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:iam:us-east-1:211203495394:password-policy" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Ensure \"Number of passwords to remember\" is set to 24.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_passwords_account-policy.html" - ] - }, - "risk_details": "Password policies are used to enforce password complexity requirements. IAM password policies can be used to ensure password are comprised of different character sets. It is recommended that the password policy prevents at least password reuse of 24 or greater.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "IAM password policy does not require at least one symbol.", - "metadata": { - "event_code": "iam_password_policy_symbol", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "IAM password policy does not require at least one symbol.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_5_7" - ], - "HIPAA": [ - "164_308_a_5_ii_d" - ], - "C5-2025": [ - "IAM-08.03B", - "PSS-07.01B" - ], - "ENS-RD2022": [ - "op.acc.6.r1.aws.iam.1" - ], - "AWS-Foundational-Technical-Review": [ - "IAM-003" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.4", - "2.10.2" - ], - "FFIEC": [ - "d3-pc-am-b-6", - "d3-pc-am-b-7" - ], - "GDPR": [ - "article_25" - ], - "CCC": [ - "CCC.Core.CN05.AR02" - ], - "GxP-21-CFR-Part-11": [ - "11.10-d", - "11.10-g", - "11.200", - "11.300-b" - ], - "ProwlerThreatScore-1.0": [ - "1.1.7" - ], - "AWS-Foundational-Security-Best-Practices": [ - "IAM.7", - "IAM.10" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC02-BP01" - ], - "ISO27001-2022": [ - "A.5.15" - ], - "KISA-ISMS-P-2023": [ - "2.5.4", - "2.10.2" - ], - "ISO27001-2013": [ - "A.9.2", - "A.9.3", - "A.9.4" - ], - "MITRE-ATTACK": [ - "T1078", - "T1110" - ], - "CISA": [ - "your-systems-3", - "your-surroundings-4" - ], - "NIS2": [ - "9.2.c.v" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure IAM password policy require at least one symbol", - "title": "Ensure IAM password policy require at least one symbol", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_password_policy_symbol-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "length": 8, - "symbols": false, - "numbers": false, - "uppercase": false, - "lowercase": false, - "allow_change": true, - "expiration": false, - "max_age": null, - "reuse_prevention": null, - "hard_expiry": null - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:iam:us-east-1:211203495394:password-policy" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Ensure \"Require at least one non-alphanumeric character\" is checked under \"Password Policy\".", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_passwords_account-policy.html" - ] - }, - "risk_details": "Password policies are used to enforce password complexity requirements. IAM password policies can be used to ensure password are comprised of different character sets. It is recommended that the password policy require at least one non-alphanumeric character.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "IAM password policy does not require at least one uppercase letter.", - "metadata": { - "event_code": "iam_password_policy_uppercase", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "IAM password policy does not require at least one uppercase letter.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_5_7" - ], - "HIPAA": [ - "164_308_a_5_ii_d" - ], - "C5-2025": [ - "IAM-08.03B", - "IAM-08.05B", - "PSS-07.01B" - ], - "ENS-RD2022": [ - "op.acc.6.r1.aws.iam.1" - ], - "AWS-Foundational-Technical-Review": [ - "IAM-003" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.4", - "2.10.2" - ], - "FFIEC": [ - "d3-pc-am-b-6", - "d3-pc-am-b-7" - ], - "GDPR": [ - "article_25" - ], - "CCC": [ - "CCC.Core.CN05.AR02" - ], - "GxP-21-CFR-Part-11": [ - "11.10-d", - "11.10-g", - "11.200", - "11.300-b" - ], - "ProwlerThreatScore-1.0": [ - "1.1.9" - ], - "AWS-Foundational-Security-Best-Practices": [ - "IAM.7", - "IAM.10" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC02-BP01" - ], - "ISO27001-2022": [ - "A.5.15" - ], - "KISA-ISMS-P-2023": [ - "2.5.4", - "2.10.2" - ], - "ISO27001-2013": [ - "A.9.2", - "A.9.3", - "A.9.4" - ], - "MITRE-ATTACK": [ - "T1078", - "T1110" - ], - "CISA": [ - "your-systems-3", - "your-surroundings-4" - ], - "NIS2": [ - "9.2.c.v" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure IAM password policy requires at least one uppercase letter", - "title": "Ensure IAM password policy requires at least one uppercase letter", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_password_policy_uppercase-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "length": 8, - "symbols": false, - "numbers": false, - "uppercase": false, - "lowercase": false, - "allow_change": true, - "expiration": false, - "max_age": null, - "reuse_prevention": null, - "hard_expiry": null - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:iam:us-east-1:211203495394:password-policy" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Ensure \"Requires at least one uppercase letter\" is checked under \"Password Policy\".", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_passwords_account-policy.html" - ] - }, - "risk_details": "Password policies are used to enforce password complexity requirements. IAM password policies can be used to ensure password are comprised of different character sets. It is recommended that the password policy require at least one uppercase letter.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User terraform-user has the policy AdministratorAccess attached.", - "metadata": { - "event_code": "iam_policy_attached_only_to_group_or_roles", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "User terraform-user has the policy AdministratorAccess attached.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "CAF Security Epic: IAM", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_4_6" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_1" - ], - "SOC2": [ - "cc_1_3" - ], - "C5-2025": [ - "IAM-01.01B", - "IAM-01.04B", - "PSS-09.01AC" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-1", - "ac-2-f", - "ac-2-j", - "ac-3", - "ac-5-c", - "sc-2" - ], - "CIS-3.0": [ - "1.15" - ], - "NIST-800-53-Revision-5": [ - "ac_2_1", - "ac_2_6", - "ac_2_i_2", - "ac_3", - "ac_3_3", - "ac_3_3_a", - "ac_3_3_b_1", - "ac_3_3_b_2", - "ac_3_3_b_3", - "ac_3_3_b_4", - "ac_3_3_b_5", - "ac_3_3_c", - "ac_3_4", - "ac_3_4_a", - "ac_3_4_b", - "ac_3_4_c", - "ac_3_4_d", - "ac_3_4_e", - "ac_3_7", - "ac_3_8", - "ac_3_12_a", - "ac_3_13", - "ac_3_15_a", - "ac_3_15_b", - "ac_4_28", - "ac_6", - "ac_6_3", - "ac_24", - "cm_5_1_a", - "cm_6_a", - "cm_9_b", - "mp_2", - "sc_23_3" - ], - "ENS-RD2022": [ - "op.exp.8.r4.aws.ct.8", - "op.exp.8.r4.aws.ct.1" - ], - "AWS-Foundational-Technical-Review": [ - "IAM-006", - "IAM-0012" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.15" - ], - "PCI-4.0": [ - "7.2.1.12", - "7.2.1.13", - "7.2.2.12", - "7.2.2.13", - "7.2.5.8", - "7.2.5.9", - "7.3.1.8", - "7.3.1.9", - "7.3.2.8", - "7.3.2.9", - "7.3.3.8", - "7.3.3.9", - "8.2.1.3", - "8.2.2.5", - "8.2.4.3", - "8.2.5.3", - "8.2.7.8", - "8.2.7.9", - "8.2.8.10", - "8.2.8.11", - "8.3.11.3", - "8.3.4.8", - "8.3.4.9" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "ac-3" - ], - "FFIEC": [ - "d3-pc-am-b-1", - "d3-pc-im-b-7" - ], - "CIS-5.0": [ - "1.14" - ], - "CIS-1.4": [ - "1.15" - ], - "CCC": [ - "CCC.LB.CN04.AR01", - "CCC.LB.CN05.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN05.AR01", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR06" - ], - "GxP-21-CFR-Part-11": [ - "11.10-d", - "11.10-g" - ], - "ProwlerThreatScore-1.0": [ - "1.2.1", - "1.2.2" - ], - "CIS-1.5": [ - "1.15" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC02-BP06" - ], - "ISO27001-2022": [ - "A.5.15" - ], - "NIST-800-53-Revision-4": [ - "ac_6" - ], - "AWS-Account-Security-Onboarding": [ - "Predefine IAM Roles" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.6", - "2.10.2" - ], - "ISO27001-2013": [ - "A.9.2", - "A.9.4" - ], - "CIS-2.0": [ - "1.15" - ], - "NIS2": [ - "1.2.1", - "2.1.2.f", - "11.2.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure IAM policies are attached only to groups or roles", - "title": "Ensure IAM policies are attached only to groups or roles", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_policy_attached_only_to_group_or_roles-211203495394-us-east-1-terraform-user/AdministratorAccess" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "terraform-user", - "arn": "arn:aws:iam::211203495394:user/terraform-user", - "mfa_devices": [], - "password_last_used": null, - "console_access": false, - "attached_policies": [ - { - "PolicyName": "AdministratorAccess", - "PolicyArn": "arn:aws:iam::aws:policy/AdministratorAccess" - } - ], - "inline_policies": [], - "tags": [ - { - "Key": "CCC_INFRA_DONT_DELETE", - "Value": "True" - }, - { - "Key": "Preexisting", - "Value": "20251012" - } - ] - } - }, - "group": { - "name": "iam" - }, - "labels": [ - "CCC_INFRA_DONT_DELETE:True", - "Preexisting:20251012" - ], - "name": "terraform-user/AdministratorAccess", - "type": "AwsIamPolicy", - "uid": "arn:aws:iam::211203495394:user/terraform-user" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Remove any policy attached directly to the user. Use groups or roles instead.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html" - ] - }, - "risk_details": "By default IAM users, groups, and roles have no access to AWS resources. IAM policies are the means by which privileges are granted to users, groups, or roles. It is recommended that IAM policies be applied directly to groups and roles but not users. Assigning privileges at the group or role level reduces the complexity of access management as the number of users grow. Reducing access management complexity may in-turn reduce opportunity for a principal to inadvertently receive or retain excessive privileges.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User test-user-trusted has the inline policy CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-read attached.", - "metadata": { - "event_code": "iam_policy_attached_only_to_group_or_roles", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "User test-user-trusted has the inline policy CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-read attached.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "CAF Security Epic: IAM", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_4_6" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_1" - ], - "SOC2": [ - "cc_1_3" - ], - "C5-2025": [ - "IAM-01.01B", - "IAM-01.04B", - "PSS-09.01AC" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-1", - "ac-2-f", - "ac-2-j", - "ac-3", - "ac-5-c", - "sc-2" - ], - "CIS-3.0": [ - "1.15" - ], - "NIST-800-53-Revision-5": [ - "ac_2_1", - "ac_2_6", - "ac_2_i_2", - "ac_3", - "ac_3_3", - "ac_3_3_a", - "ac_3_3_b_1", - "ac_3_3_b_2", - "ac_3_3_b_3", - "ac_3_3_b_4", - "ac_3_3_b_5", - "ac_3_3_c", - "ac_3_4", - "ac_3_4_a", - "ac_3_4_b", - "ac_3_4_c", - "ac_3_4_d", - "ac_3_4_e", - "ac_3_7", - "ac_3_8", - "ac_3_12_a", - "ac_3_13", - "ac_3_15_a", - "ac_3_15_b", - "ac_4_28", - "ac_6", - "ac_6_3", - "ac_24", - "cm_5_1_a", - "cm_6_a", - "cm_9_b", - "mp_2", - "sc_23_3" - ], - "ENS-RD2022": [ - "op.exp.8.r4.aws.ct.8", - "op.exp.8.r4.aws.ct.1" - ], - "AWS-Foundational-Technical-Review": [ - "IAM-006", - "IAM-0012" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.15" - ], - "PCI-4.0": [ - "7.2.1.12", - "7.2.1.13", - "7.2.2.12", - "7.2.2.13", - "7.2.5.8", - "7.2.5.9", - "7.3.1.8", - "7.3.1.9", - "7.3.2.8", - "7.3.2.9", - "7.3.3.8", - "7.3.3.9", - "8.2.1.3", - "8.2.2.5", - "8.2.4.3", - "8.2.5.3", - "8.2.7.8", - "8.2.7.9", - "8.2.8.10", - "8.2.8.11", - "8.3.11.3", - "8.3.4.8", - "8.3.4.9" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "ac-3" - ], - "FFIEC": [ - "d3-pc-am-b-1", - "d3-pc-im-b-7" - ], - "CIS-5.0": [ - "1.14" - ], - "CIS-1.4": [ - "1.15" - ], - "CCC": [ - "CCC.LB.CN04.AR01", - "CCC.LB.CN05.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN05.AR01", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR06" - ], - "GxP-21-CFR-Part-11": [ - "11.10-d", - "11.10-g" - ], - "ProwlerThreatScore-1.0": [ - "1.2.1", - "1.2.2" - ], - "CIS-1.5": [ - "1.15" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC02-BP06" - ], - "ISO27001-2022": [ - "A.5.15" - ], - "NIST-800-53-Revision-4": [ - "ac_6" - ], - "AWS-Account-Security-Onboarding": [ - "Predefine IAM Roles" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.6", - "2.10.2" - ], - "ISO27001-2013": [ - "A.9.2", - "A.9.4" - ], - "CIS-2.0": [ - "1.15" - ], - "NIS2": [ - "1.2.1", - "2.1.2.f", - "11.2.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure IAM policies are attached only to groups or roles", - "title": "Ensure IAM policies are attached only to groups or roles", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_policy_attached_only_to_group_or_roles-211203495394-us-east-1-test-user-trusted/CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-read" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "test-user-trusted", - "arn": "arn:aws:iam::211203495394:user/test-user-trusted", - "mfa_devices": [], - "password_last_used": null, - "console_access": false, - "attached_policies": [], - "inline_policies": [ - "CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-read", - "CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-write" - ], - "tags": [ - { - "Key": "Purpose", - "Value": "CCC-Testing" - }, - { - "Key": "ManagedBy", - "Value": "CCC-CFI-Compliance-Framework" - } - ] - } - }, - "group": { - "name": "iam" - }, - "labels": [ - "Purpose:CCC-Testing", - "ManagedBy:CCC-CFI-Compliance-Framework" - ], - "name": "test-user-trusted/CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-read", - "type": "AwsIamPolicy", - "uid": "arn:aws:iam::211203495394:user/test-user-trusted" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Remove any policy attached directly to the user. Use groups or roles instead.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html" - ] - }, - "risk_details": "By default IAM users, groups, and roles have no access to AWS resources. IAM policies are the means by which privileges are granted to users, groups, or roles. It is recommended that IAM policies be applied directly to groups and roles but not users. Assigning privileges at the group or role level reduces the complexity of access management as the number of users grow. Reducing access management complexity may in-turn reduce opportunity for a principal to inadvertently receive or retain excessive privileges.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User test-user-trusted has the inline policy CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-write attached.", - "metadata": { - "event_code": "iam_policy_attached_only_to_group_or_roles", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "User test-user-trusted has the inline policy CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-write attached.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "CAF Security Epic: IAM", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_4_6" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_1" - ], - "SOC2": [ - "cc_1_3" - ], - "C5-2025": [ - "IAM-01.01B", - "IAM-01.04B", - "PSS-09.01AC" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-1", - "ac-2-f", - "ac-2-j", - "ac-3", - "ac-5-c", - "sc-2" - ], - "CIS-3.0": [ - "1.15" - ], - "NIST-800-53-Revision-5": [ - "ac_2_1", - "ac_2_6", - "ac_2_i_2", - "ac_3", - "ac_3_3", - "ac_3_3_a", - "ac_3_3_b_1", - "ac_3_3_b_2", - "ac_3_3_b_3", - "ac_3_3_b_4", - "ac_3_3_b_5", - "ac_3_3_c", - "ac_3_4", - "ac_3_4_a", - "ac_3_4_b", - "ac_3_4_c", - "ac_3_4_d", - "ac_3_4_e", - "ac_3_7", - "ac_3_8", - "ac_3_12_a", - "ac_3_13", - "ac_3_15_a", - "ac_3_15_b", - "ac_4_28", - "ac_6", - "ac_6_3", - "ac_24", - "cm_5_1_a", - "cm_6_a", - "cm_9_b", - "mp_2", - "sc_23_3" - ], - "ENS-RD2022": [ - "op.exp.8.r4.aws.ct.8", - "op.exp.8.r4.aws.ct.1" - ], - "AWS-Foundational-Technical-Review": [ - "IAM-006", - "IAM-0012" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.15" - ], - "PCI-4.0": [ - "7.2.1.12", - "7.2.1.13", - "7.2.2.12", - "7.2.2.13", - "7.2.5.8", - "7.2.5.9", - "7.3.1.8", - "7.3.1.9", - "7.3.2.8", - "7.3.2.9", - "7.3.3.8", - "7.3.3.9", - "8.2.1.3", - "8.2.2.5", - "8.2.4.3", - "8.2.5.3", - "8.2.7.8", - "8.2.7.9", - "8.2.8.10", - "8.2.8.11", - "8.3.11.3", - "8.3.4.8", - "8.3.4.9" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "ac-3" - ], - "FFIEC": [ - "d3-pc-am-b-1", - "d3-pc-im-b-7" - ], - "CIS-5.0": [ - "1.14" - ], - "CIS-1.4": [ - "1.15" - ], - "CCC": [ - "CCC.LB.CN04.AR01", - "CCC.LB.CN05.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN05.AR01", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR06" - ], - "GxP-21-CFR-Part-11": [ - "11.10-d", - "11.10-g" - ], - "ProwlerThreatScore-1.0": [ - "1.2.1", - "1.2.2" - ], - "CIS-1.5": [ - "1.15" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC02-BP06" - ], - "ISO27001-2022": [ - "A.5.15" - ], - "NIST-800-53-Revision-4": [ - "ac_6" - ], - "AWS-Account-Security-Onboarding": [ - "Predefine IAM Roles" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.6", - "2.10.2" - ], - "ISO27001-2013": [ - "A.9.2", - "A.9.4" - ], - "CIS-2.0": [ - "1.15" - ], - "NIS2": [ - "1.2.1", - "2.1.2.f", - "11.2.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure IAM policies are attached only to groups or roles", - "title": "Ensure IAM policies are attached only to groups or roles", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_policy_attached_only_to_group_or_roles-211203495394-us-east-1-test-user-trusted/CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-write" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "test-user-trusted", - "arn": "arn:aws:iam::211203495394:user/test-user-trusted", - "mfa_devices": [], - "password_last_used": null, - "console_access": false, - "attached_policies": [], - "inline_policies": [ - "CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-read", - "CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-write" - ], - "tags": [ - { - "Key": "Purpose", - "Value": "CCC-Testing" - }, - { - "Key": "ManagedBy", - "Value": "CCC-CFI-Compliance-Framework" - } - ] - } - }, - "group": { - "name": "iam" - }, - "labels": [ - "Purpose:CCC-Testing", - "ManagedBy:CCC-CFI-Compliance-Framework" - ], - "name": "test-user-trusted/CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-write", - "type": "AwsIamPolicy", - "uid": "arn:aws:iam::211203495394:user/test-user-trusted" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Remove any policy attached directly to the user. Use groups or roles instead.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html" - ] - }, - "risk_details": "By default IAM users, groups, and roles have no access to AWS resources. IAM policies are the means by which privileges are granted to users, groups, or roles. It is recommended that IAM policies be applied directly to groups and roles but not users. Assigning privileges at the group or role level reduces the complexity of access management as the number of users grow. Reducing access management complexity may in-turn reduce opportunity for a principal to inadvertently receive or retain excessive privileges.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "AWS CloudShellFullAccess policy is not attached to any IAM entity.", - "metadata": { - "event_code": "iam_policy_cloudshell_admin_not_attached", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "AWS CloudShellFullAccess policy is not attached to any IAM entity.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/config/latest/developerguide/iam-policy-blacklisted-check.html", - "categories": [ - "trustboundaries" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-02.01B", - "SP-01.04B", - "HR-01.01B", - "IAM-01.01B", - "IAM-01.04B", - "IAM-06.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.22" - ], - "PCI-4.0": [ - "7.2.1.14", - "7.2.1.15", - "7.2.1.16", - "7.2.2.14", - "7.2.2.15", - "7.2.2.16", - "7.2.3.7", - "7.2.5.10", - "7.2.5.11", - "7.2.5.12", - "7.3.1.10", - "7.3.1.11", - "7.3.1.12", - "7.3.2.10", - "7.3.2.11", - "7.3.2.12", - "7.3.3.10", - "7.3.3.11", - "7.3.3.12", - "8.2.7.10", - "8.2.7.11", - "8.2.7.12", - "8.2.8.12", - "8.2.8.13", - "8.2.8.14", - "8.3.4.10", - "8.3.4.11", - "8.3.4.12" - ], - "CIS-5.0": [ - "1.21" - ], - "ProwlerThreatScore-1.0": [ - "1.3.2" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-2.0": [ - "1.22" - ], - "NIS2": [ - "1.2.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "This control checks whether an IAM identity (user, role, or group) has the AWS managed policy AWSCloudShellFullAccess attached. The control fails if an IAM identity has the AWSCloudShellFullAccess policy attached.", - "title": "Check if IAM identities (users,groups,roles) have the AWSCloudShellFullAccess policy attached.", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_policy_cloudshell_admin_not_attached-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "Users": [], - "Groups": [], - "Roles": [] - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "211203495394", - "type": "AwsIamPolicy", - "uid": "arn:aws:iam::aws:policy/AWSCloudShellFullAccess" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Detach the AWSCloudShellFullAccess policy from the IAM identity to restrict excessive permissions and adhere to the principle of least privilege.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_manage-attach-detach.html" - ] - }, - "risk_details": "Attaching the AWSCloudShellFullAccess policy to IAM identities grants broad permissions, including internet access and file transfer capabilities, which can lead to security risks such as data exfiltration. The principle of least privilege should be followed to avoid excessive permissions.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "IAM Role TerraformRole has AdministratorAccess policy attached.", - "metadata": { - "event_code": "iam_role_administratoraccess_policy", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "IAM Role TerraformRole has AdministratorAccess policy attached.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_job-functions.html#jf_administrator", - "categories": [ - "trustboundaries" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "CAF Security Epic: IAM", - "compliance": { - "C5-2025": [ - "OIS-02.01B", - "OIS-04.03B", - "SP-01.04B", - "HR-01.01B", - "HR-04.01B", - "IAM-01.01B", - "IAM-01.04B", - "IAM-03.01B", - "IAM-06.01B", - "IAM-10.01B" - ], - "AWS-Foundational-Technical-Review": [ - "IAM-0012" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.LB.CN04.AR01", - "CCC.LB.CN05.AR01", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "NIS2": [ - "1.2.1", - "11.3.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure IAM Roles do not have AdministratorAccess policy attached", - "title": "Ensure IAM Roles do not have AdministratorAccess policy attached", - "types": [], - "uid": "prowler-aws-iam_role_administratoraccess_policy-211203495394-us-east-1-TerraformRole" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "TerraformRole", - "arn": "arn:aws:iam::211203495394:role/TerraformRole", - "assume_role_policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Principal": { - "Federated": "arn:aws:iam::211203495394:oidc-provider/token.actions.githubusercontent.com" - }, - "Action": "sts:AssumeRoleWithWebIdentity", - "Condition": { - "StringEquals": { - "token.actions.githubusercontent.com:aud": "sts.amazonaws.com" - }, - "StringLike": { - "token.actions.githubusercontent.com:sub": [ - "repo:finos-labs/ccc-cfi-compliance:ref:refs/heads/*", - "repo:finos-labs/ccc-cfi-compliance:ref:refs/tags/*", - "repo:finos-labs/ccc-cfi-compliance:pull_request", - "repo:finos-labs/ccc-cfi-compliance:environment:*" - ] - } - } - } - ] - }, - "is_service_role": false, - "attached_policies": [ - { - "PolicyName": "AdministratorAccess", - "PolicyArn": "arn:aws:iam::aws:policy/AdministratorAccess" - } - ], - "inline_policies": [], - "tags": [ - { - "Key": "CCC_INFRA_DONT_DELETE", - "Value": "True" - }, - { - "Key": "Preexisting", - "Value": "20251012" - } - ] - } - }, - "group": { - "name": "iam" - }, - "labels": [ - "CCC_INFRA_DONT_DELETE:True", - "Preexisting:20251012" - ], - "name": "TerraformRole", - "type": "AwsIamRole", - "uid": "arn:aws:iam::211203495394:role/TerraformRole" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Apply the principle of least privilege. Instead of AdministratorAccess, assign only the permissions necessary for specific roles and tasks. Create custom IAM policies with minimal permissions based on the principle of least privilege.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#grant-least-privilege" - ] - }, - "risk_details": "The AWS-managed AdministratorAccess policy grants all actions for all AWS services and for all resources in the account and as such exposes the customer to a significant data leakage threat. It should be granted very conservatively. For granting access to 3rd party vendors, consider using alternative managed policies, such as ViewOnlyAccess or SecurityAudit.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "IAM Role TerraformRole does not have ReadOnlyAccess policy.", - "metadata": { - "event_code": "iam_role_cross_account_readonlyaccess_policy", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "IAM Role TerraformRole does not have ReadOnlyAccess policy.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_job-functions.html#awsmp_readonlyaccess", - "categories": [ - "trustboundaries" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "CAF Security Epic: IAM", - "compliance": { - "C5-2025": [ - "OIS-04.03B", - "IAM-01.01B", - "IAM-01.04B", - "IAM-06.02B", - "IAM-10.01B", - "PSS-09.01AC" - ], - "AWS-Foundational-Technical-Review": [ - "IAM-0012" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.6", - "2.10.2" - ], - "CCC": [ - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR06" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.6", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1078" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure IAM Roles do not have ReadOnlyAccess access for external AWS accounts", - "title": "Ensure IAM Roles do not have ReadOnlyAccess access for external AWS accounts", - "types": [], - "uid": "prowler-aws-iam_role_cross_account_readonlyaccess_policy-211203495394-us-east-1-TerraformRole" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "TerraformRole", - "arn": "arn:aws:iam::211203495394:role/TerraformRole", - "assume_role_policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Principal": { - "Federated": "arn:aws:iam::211203495394:oidc-provider/token.actions.githubusercontent.com" - }, - "Action": "sts:AssumeRoleWithWebIdentity", - "Condition": { - "StringEquals": { - "token.actions.githubusercontent.com:aud": "sts.amazonaws.com" - }, - "StringLike": { - "token.actions.githubusercontent.com:sub": [ - "repo:finos-labs/ccc-cfi-compliance:ref:refs/heads/*", - "repo:finos-labs/ccc-cfi-compliance:ref:refs/tags/*", - "repo:finos-labs/ccc-cfi-compliance:pull_request", - "repo:finos-labs/ccc-cfi-compliance:environment:*" - ] - } - } - } - ] - }, - "is_service_role": false, - "attached_policies": [ - { - "PolicyName": "AdministratorAccess", - "PolicyArn": "arn:aws:iam::aws:policy/AdministratorAccess" - } - ], - "inline_policies": [], - "tags": [ - { - "Key": "CCC_INFRA_DONT_DELETE", - "Value": "True" - }, - { - "Key": "Preexisting", - "Value": "20251012" - } - ] - } - }, - "group": { - "name": "iam" - }, - "labels": [ - "CCC_INFRA_DONT_DELETE:True", - "Preexisting:20251012" - ], - "name": "TerraformRole", - "type": "AwsIamRole", - "uid": "arn:aws:iam::211203495394:role/TerraformRole" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Remove the AWS-managed ReadOnlyAccess policy from all roles that have a trust policy, including third-party cloud accounts, or remove third-party cloud accounts from the trust policy of all roles that need the ReadOnlyAccess policy.", - "references": [ - "https://docs.securestate.vmware.com/rule-docs/aws-iam-role-cross-account-readonlyaccess-policy" - ] - }, - "risk_details": "The AWS-managed ReadOnlyAccess policy is highly potent and exposes the customer to a significant data leakage threat. It should be granted very conservatively. For granting access to 3rd party vendors, consider using alternative managed policies, such as ViewOnlyAccess or SecurityAudit.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "IAM Service Role terraform-20251019171843685600000002 does not prevent against a cross-service confused deputy attack.", - "metadata": { - "event_code": "iam_role_cross_service_confused_deputy_prevention", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "IAM Service Role terraform-20251019171843685600000002 does not prevent against a cross-service confused deputy attack.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "trustboundaries" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-01.01B", - "IAM-01.04B" - ], - "ENS-RD2022": [ - "op.exp.8.r4.aws.ct.8", - "op.exp.8.r4.aws.ct.1" - ], - "AWS-Foundational-Technical-Review": [ - "IAM-0012" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.6", - "2.10.2" - ], - "CCC": [ - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR06" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC02-BP04" - ], - "AWS-Account-Security-Onboarding": [ - "Predefine IAM Roles" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.6", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1078" - ], - "NIS2": [ - "3.1.2.c", - "6.8.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure IAM Service Roles prevents against a cross-service confused deputy attack", - "title": "Ensure IAM Service Roles prevents against a cross-service confused deputy attack", - "types": [], - "uid": "prowler-aws-iam_role_cross_service_confused_deputy_prevention-211203495394-us-east-1-terraform-20251019171843685600000002" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "terraform-20251019171843685600000002", - "arn": "arn:aws:iam::211203495394:role/terraform-20251019171843685600000002", - "assume_role_policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Principal": { - "Service": "monitoring.rds.amazonaws.com" - }, - "Action": "sts:AssumeRole" - } - ] - }, - "is_service_role": true, - "attached_policies": [ - { - "PolicyName": "AmazonRDSEnhancedMonitoringRole", - "PolicyArn": "arn:aws:iam::aws:policy/service-role/AmazonRDSEnhancedMonitoringRole" - } - ], - "inline_policies": [], - "tags": [ - { - "Key": "GithubRepo", - "Value": "terraform-aws-rds-aurora" - }, - { - "Key": "Example", - "Value": "ex-rds" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - } - ] - } - }, - "group": { - "name": "iam" - }, - "labels": [ - "GithubRepo:terraform-aws-rds-aurora", - "Example:ex-rds", - "GithubOrg:terraform-aws-modules" - ], - "name": "terraform-20251019171843685600000002", - "type": "AwsIamRole", - "uid": "arn:aws:iam::211203495394:role/terraform-20251019171843685600000002" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "To mitigate cross-service confused deputy attacks, it's recommended to use the aws:SourceArn and aws:SourceAccount global condition context keys in your IAM role trust policies. If the role doesn't support these fields, consider implementing alternative security measures, such as defining more restrictive resource-based policies or using service-specific trust policies, to limit the role's permissions and exposure. For detailed guidance, refer to AWS's documentation on preventing cross-service confused deputy issues.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/confused-deputy.html#cross-service-confused-deputy-prevention" - ] - }, - "risk_details": "Allow attackers to gain unauthorized access to resources", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "IAM Service Role terraform-20251019182000328500000001 does not prevent against a cross-service confused deputy attack.", - "metadata": { - "event_code": "iam_role_cross_service_confused_deputy_prevention", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "IAM Service Role terraform-20251019182000328500000001 does not prevent against a cross-service confused deputy attack.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "trustboundaries" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-01.01B", - "IAM-01.04B" - ], - "ENS-RD2022": [ - "op.exp.8.r4.aws.ct.8", - "op.exp.8.r4.aws.ct.1" - ], - "AWS-Foundational-Technical-Review": [ - "IAM-0012" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.6", - "2.10.2" - ], - "CCC": [ - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR06" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC02-BP04" - ], - "AWS-Account-Security-Onboarding": [ - "Predefine IAM Roles" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.6", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1078" - ], - "NIS2": [ - "3.1.2.c", - "6.8.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure IAM Service Roles prevents against a cross-service confused deputy attack", - "title": "Ensure IAM Service Roles prevents against a cross-service confused deputy attack", - "types": [], - "uid": "prowler-aws-iam_role_cross_service_confused_deputy_prevention-211203495394-us-east-1-terraform-20251019182000328500000001" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "terraform-20251019182000328500000001", - "arn": "arn:aws:iam::211203495394:role/terraform-20251019182000328500000001", - "assume_role_policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "", - "Effect": "Allow", - "Principal": { - "Service": "ec2.amazonaws.com" - }, - "Action": "sts:AssumeRole" - } - ] - }, - "is_service_role": true, - "attached_policies": [], - "inline_policies": [], - "tags": [] - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "terraform-20251019182000328500000001", - "type": "AwsIamRole", - "uid": "arn:aws:iam::211203495394:role/terraform-20251019182000328500000001" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "To mitigate cross-service confused deputy attacks, it's recommended to use the aws:SourceArn and aws:SourceAccount global condition context keys in your IAM role trust policies. If the role doesn't support these fields, consider implementing alternative security measures, such as defining more restrictive resource-based policies or using service-specific trust policies, to limit the role's permissions and exposure. For detailed guidance, refer to AWS's documentation on preventing cross-service confused deputy issues.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/confused-deputy.html#cross-service-confused-deputy-prevention" - ] - }, - "risk_details": "Allow attackers to gain unauthorized access to resources", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Root account has a virtual MFA instead of a hardware MFA device enabled.", - "metadata": { - "event_code": "iam_root_hardware_mfa_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "FAIL", - "status_detail": "Root account has a virtual MFA instead of a hardware MFA device enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_1", - "3_1_2", - "3_5_3" - ], - "HIPAA": [ - "164_308_a_3_ii_a", - "164_312_d" - ], - "C5-2025": [ - "OPS-16.01B", - "IAM-08.05B", - "IAM-09.02B", - "IAM-09.01AC", - "PSS-05.01B", - "PSS-07.02B" - ], - "NIST-CSF-1.1": [ - "ac_3", - "ac_7" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-1", - "ac-2-f", - "ia-2-1-2", - "ia-2-1" - ], - "CIS-3.0": [ - "1.6" - ], - "NIST-800-53-Revision-5": [ - "ac_2_1", - "ac_3_2", - "ac_3_3", - "ac_3_3_a", - "ac_3_3_b_1", - "ac_3_3_b_2", - "ac_3_3_b_3", - "ac_3_3_b_4", - "ac_3_3_b_5", - "ac_3_3_c", - "ac_3_4", - "ac_3_4_a", - "ac_3_4_b", - "ac_3_4_c", - "ac_3_4_d", - "ac_3_4_e", - "ac_3_8", - "ac_3_12_a", - "ac_3_13", - "ac_3_15_a", - "ac_3_15_b", - "ac_4_28", - "ac_7_4", - "ac_7_4_a", - "ac_24", - "cm_5_1_a", - "cm_6_a", - "cm_9_b", - "ia_2_1", - "ia_2_2", - "ia_2_6", - "ia_2_6_a", - "ia_2_8", - "sc_23_3" - ], - "ENS-RD2022": [ - "op.acc.6.r4.aws.iam.1" - ], - "AWS-Foundational-Technical-Review": [ - "ARC-003", - "IAM-001", - "IAM-0012" - ], - "AWS-Audit-Manager-Control-Tower-Guardrails": [ - "3.0.3" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.3", - "2.5.5", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.6" - ], - "PCI-4.0": [ - "8.4.1.3", - "8.4.2.3", - "8.4.3.3" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "ia-2" - ], - "FFIEC": [ - "d3-pc-am-b-15", - "d3-pc-am-b-3", - "d3-pc-am-b-6" - ], - "GDPR": [ - "article_25" - ], - "CIS-5.0": [ - "1.5" - ], - "CIS-1.4": [ - "1.6" - ], - "CCC": [ - "CCC.Core.CN03.AR01", - "CCC.Core.CN03.AR02", - "CCC.Core.CN03.AR03", - "CCC.Core.CN03.AR04", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR06" - ], - "GxP-21-CFR-Part-11": [ - "11.10-d", - "11.10-g", - "11.200" - ], - "ProwlerThreatScore-1.0": [ - "1.1.2" - ], - "AWS-Foundational-Security-Best-Practices": [ - "IAM.6" - ], - "CIS-1.5": [ - "1.6" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC01-BP02" - ], - "NIST-800-53-Revision-4": [ - "ia_2_1", - "ia_2_11" - ], - "AWS-Account-Security-Onboarding": [ - "Root user - distribution email + MFA" - ], - "KISA-ISMS-P-2023": [ - "2.5.3", - "2.5.5", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1078", - "T1098", - "T1556", - "T1550", - "T1110", - "T1040" - ], - "CIS-2.0": [ - "1.6" - ], - "CISA": [ - "your-systems-3", - "your-surroundings-2" - ], - "NIS2": [ - "11.6.1", - "11.7.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure only hardware MFA is enabled for the root account", - "title": "Ensure only hardware MFA is enabled for the root account", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_root_hardware_mfa_enabled-211203495394-us-east-1-" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "user": "", - "arn": "arn:aws:iam::211203495394:root", - "user_creation_time": "2025-10-03T16:10:08Z", - "password_enabled": "true", - "password_last_used": "2025-10-15T00:42:44Z", - "password_last_changed": "2025-10-03T16:10:08Z", - "password_next_rotation": "not_supported", - "mfa_active": "true", - "access_key_1_active": "false", - "access_key_1_last_rotated": "N/A", - "access_key_1_last_used_date": "N/A", - "access_key_1_last_used_region": "N/A", - "access_key_1_last_used_service": "N/A", - "access_key_2_active": "false", - "access_key_2_last_rotated": "N/A", - "access_key_2_last_used_date": "N/A", - "access_key_2_last_used_region": "N/A", - "access_key_2_last_used_service": "N/A", - "cert_1_active": "false", - "cert_1_last_rotated": "N/A", - "cert_2_active": "false", - "cert_2_last_rotated": "N/A" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "", - "type": "AwsIamUser", - "uid": "arn:aws:iam::211203495394:mfa" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Using IAM console navigate to Dashboard and expand Activate MFA on your root account. If using AWS Organizations, consider enabling Centralized Root Management and removing individual root credentials.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_root-user.html#id_root-user_manage_mfa" - ] - }, - "risk_details": "The root account is the most privileged user in an AWS account. MFA adds an extra layer of protection on top of a user name and password. With MFA enabled when a user signs in to an AWS website they will be prompted for their user name and password as well as for an authentication code from their AWS MFA device. For Level 2 it is recommended that the root account be protected with only a hardware MFA.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "MFA is enabled for root account.", - "metadata": { - "event_code": "iam_root_mfa_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "PASS", - "status_detail": "MFA is enabled for root account.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_1", - "3_1_2", - "3_5_2", - "3_5_3" - ], - "HIPAA": [ - "164_308_a_3_ii_a", - "164_312_d" - ], - "C5-2025": [ - "OPS-16.01B", - "IAM-04.06B", - "IAM-06.09B", - "IAM-08.05B", - "IAM-09.02B", - "IAM-09.01AC", - "PSS-05.01B", - "PSS-05.02B", - "PSS-07.02B" - ], - "NIST-CSF-1.1": [ - "ac_3", - "ac_7" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-1", - "ac-2-f", - "ac-2-j", - "ia-2-1-2", - "ia-2-1" - ], - "CIS-3.0": [ - "1.5" - ], - "NIST-800-53-Revision-5": [ - "ac_2_1", - "ac_3_2", - "ac_3_3", - "ac_3_3_a", - "ac_3_3_b_1", - "ac_3_3_b_2", - "ac_3_3_b_3", - "ac_3_3_b_4", - "ac_3_3_b_5", - "ac_3_3_c", - "ac_3_4", - "ac_3_4_a", - "ac_3_4_b", - "ac_3_4_c", - "ac_3_4_d", - "ac_3_4_e", - "ac_3_8", - "ac_3_12_a", - "ac_3_13", - "ac_3_15_a", - "ac_3_15_b", - "ac_4_28", - "ac_7_4", - "ac_7_4_a", - "ac_24", - "cm_6_a", - "cm_9_b", - "ia_2_1", - "ia_2_2", - "ia_2_6", - "ia_2_6_a", - "ia_2_8", - "sc_23_3" - ], - "ENS-RD2022": [ - "op.acc.6.r2.aws.iam.1" - ], - "AWS-Foundational-Technical-Review": [ - "ARC-003", - "IAM-001", - "IAM-0012" - ], - "AWS-Audit-Manager-Control-Tower-Guardrails": [ - "3.0.1", - "3.0.2", - "3.0.3" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.3", - "2.5.5", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.5" - ], - "PCI-4.0": [ - "8.4.1.4", - "8.4.2.4", - "8.4.3.4" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "ia-2" - ], - "FFIEC": [ - "d3-pc-am-b-15", - "d3-pc-am-b-3", - "d3-pc-am-b-6" - ], - "GDPR": [ - "article_25" - ], - "CIS-5.0": [ - "1.4" - ], - "CIS-1.4": [ - "1.5" - ], - "CCC": [ - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN05.AR01", - "CCC.Core.CN03.AR01", - "CCC.Core.CN03.AR02", - "CCC.Core.CN03.AR03", - "CCC.Core.CN03.AR04", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR06" - ], - "GxP-21-CFR-Part-11": [ - "11.10-d", - "11.10-g", - "11.200" - ], - "ProwlerThreatScore-1.0": [ - "1.1.1" - ], - "CIS-1.5": [ - "1.5" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC01-BP02" - ], - "ISO27001-2022": [ - "A.5.15", - "A.5.17", - "A.8.5" - ], - "NIST-800-53-Revision-4": [ - "ac_2", - "ia_2_1", - "ia_2_11" - ], - "AWS-Account-Security-Onboarding": [ - "Root user - distribution email + MFA" - ], - "KISA-ISMS-P-2023": [ - "2.5.3", - "2.5.5", - "2.10.2" - ], - "ISO27001-2013": [ - "A.9.2", - "A.9.4" - ], - "MITRE-ATTACK": [ - "T1078", - "T1098", - "T1556", - "T1550", - "T1110", - "T1040" - ], - "CIS-2.0": [ - "1.5" - ], - "CISA": [ - "your-systems-3", - "your-surroundings-2", - "booting-up-thing-to-do-first-2" - ], - "NIS2": [ - "11.3.2.a", - "11.6.1", - "11.7.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure MFA is enabled for the root account", - "title": "Ensure MFA is enabled for the root account", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_root_mfa_enabled-211203495394-us-east-1-" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "user": "", - "arn": "arn:aws:iam::211203495394:root", - "user_creation_time": "2025-10-03T16:10:08Z", - "password_enabled": "true", - "password_last_used": "2025-10-15T00:42:44Z", - "password_last_changed": "2025-10-03T16:10:08Z", - "password_next_rotation": "not_supported", - "mfa_active": "true", - "access_key_1_active": "false", - "access_key_1_last_rotated": "N/A", - "access_key_1_last_used_date": "N/A", - "access_key_1_last_used_region": "N/A", - "access_key_1_last_used_service": "N/A", - "access_key_2_active": "false", - "access_key_2_last_rotated": "N/A", - "access_key_2_last_used_date": "N/A", - "access_key_2_last_used_region": "N/A", - "access_key_2_last_used_service": "N/A", - "cert_1_active": "false", - "cert_1_last_rotated": "N/A", - "cert_2_active": "false", - "cert_2_last_rotated": "N/A" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "", - "type": "AwsIamUser", - "uid": "arn:aws:iam::211203495394:root" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Using IAM console navigate to Dashboard and expand Activate MFA on your root account. If using AWS Organizations, consider enabling Centralized Root Management and removing individual root credentials.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_root-user.html#id_root-user_manage_mfa" - ] - }, - "risk_details": "The root account is the most privileged user in an AWS account. MFA adds an extra layer of protection on top of a user name and password. With MFA enabled when a user signs in to an AWS website they will be prompted for their user name and password as well as for an authentication code from their AWS MFA device. When virtual MFA is used for root accounts it is recommended that the device used is NOT a personal device but rather a dedicated mobile device (tablet or phone) that is managed to be kept charged and secured independent of any individual personal devices. (non-personal virtual MFA) This lessens the risks of losing access to the MFA due to device loss / trade-in or if the individual owning the device is no longer employed at the company.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User does not have access keys.", - "metadata": { - "event_code": "iam_rotate_access_key_90_days", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "User does not have access keys.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "HIPAA": [ - "164_308_a_3_ii_c", - "164_308_a_4_ii_c", - "164_308_a_5_ii_d" - ], - "C5-2025": [ - "IAM-10.01B", - "CRY-03.01B", - "CRY-09.02B" - ], - "NIST-CSF-1.1": [ - "ac_1" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-1", - "ac-2-f", - "ac-2-j" - ], - "CIS-3.0": [ - "1.14" - ], - "NIST-800-53-Revision-5": [ - "ac_2_1", - "ac_3_3", - "ac_3_3_a", - "ac_3_3_b_1", - "ac_3_3_b_2", - "ac_3_3_b_3", - "ac_3_3_b_4", - "ac_3_3_b_5", - "ac_3_3_c", - "ac_3_4", - "ac_3_4_a", - "ac_3_4_b", - "ac_3_4_c", - "ac_3_4_d", - "ac_3_4_e", - "ac_3_8", - "ac_3_12_a", - "ac_3_13", - "ac_3_15_a", - "ac_3_15_b", - "ac_4_28", - "ac_24", - "cm_5_1_a", - "cm_6_a", - "cm_9_b", - "sc_23_3" - ], - "ENS-RD2022": [ - "op.acc.6.aws.iam.2", - "op.acc.6.aws.iam.3" - ], - "AWS-Foundational-Technical-Review": [ - "IAM-002", - "IAM-0012" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.14" - ], - "PCI-4.0": [ - "8.3.10.1.1", - "8.3.5.1", - "8.3.7.1", - "8.3.9.1", - "8.6.3.1" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2" - ], - "FFIEC": [ - "d3-pc-am-b-6" - ], - "GDPR": [ - "article_25" - ], - "CIS-5.0": [ - "1.13" - ], - "CIS-1.4": [ - "1.14" - ], - "CCC": [ - "CCC.ObjStor.CN05.AR02" - ], - "GxP-21-CFR-Part-11": [ - "11.10-d", - "11.10-g", - "11.200", - "11.300-b" - ], - "ProwlerThreatScore-1.0": [ - "1.1.11" - ], - "AWS-Foundational-Security-Best-Practices": [ - "IAM.3" - ], - "CIS-1.5": [ - "1.14" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC02-BP02", - "SEC02-BP05" - ], - "ISO27001-2022": [ - "A.5.15" - ], - "NIST-800-53-Revision-4": [ - "ac_2_1", - "ac_2" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.2" - ], - "ISO27001-2013": [ - "A.9.2", - "A.9.3", - "A.9.4" - ], - "MITRE-ATTACK": [ - "T1078", - "T1550", - "T1110" - ], - "CIS-2.0": [ - "1.14" - ], - "CISA": [ - "your-systems-3" - ], - "NIS2": [ - "1.1.1.d", - "1.1.2", - "2.1.4", - "2.3.1", - "3.1.3", - "6.2.4", - "9.2.c", - "9.2.c.xii", - "11.6.2.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure access keys are rotated every 90 days or less", - "title": "Ensure access keys are rotated every 90 days or less", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_rotate_access_key_90_days-211203495394-us-east-1-" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "user": "", - "arn": "arn:aws:iam::211203495394:root", - "user_creation_time": "2025-10-03T16:10:08Z", - "password_enabled": "true", - "password_last_used": "2025-10-15T00:42:44Z", - "password_last_changed": "2025-10-03T16:10:08Z", - "password_next_rotation": "not_supported", - "mfa_active": "true", - "access_key_1_active": "false", - "access_key_1_last_rotated": "N/A", - "access_key_1_last_used_date": "N/A", - "access_key_1_last_used_region": "N/A", - "access_key_1_last_used_service": "N/A", - "access_key_2_active": "false", - "access_key_2_last_rotated": "N/A", - "access_key_2_last_used_date": "N/A", - "access_key_2_last_used_region": "N/A", - "access_key_2_last_used_service": "N/A", - "cert_1_active": "false", - "cert_1_last_rotated": "N/A", - "cert_2_active": "false", - "cert_2_last_rotated": "N/A" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "", - "type": "AwsIamAccessKey", - "uid": "arn:aws:iam::211203495394:root" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Use the credential report to ensure access_key_X_last_rotated is less than 90 days ago.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_getting-report.html" - ] - }, - "risk_details": "Access keys consist of an access key ID and secret access key which are used to sign programmatic requests that you make to AWS. AWS users need their own access keys to make programmatic calls to AWS from the AWS Command Line Interface (AWS CLI)- Tools for Windows PowerShell- the AWS SDKs- or direct HTTP calls using the APIs for individual AWS services. It is recommended that all access keys be regularly rotated.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User terraform-user does not have access keys older than 90 days.", - "metadata": { - "event_code": "iam_rotate_access_key_90_days", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "User terraform-user does not have access keys older than 90 days.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "HIPAA": [ - "164_308_a_3_ii_c", - "164_308_a_4_ii_c", - "164_308_a_5_ii_d" - ], - "C5-2025": [ - "IAM-10.01B", - "CRY-03.01B", - "CRY-09.02B" - ], - "NIST-CSF-1.1": [ - "ac_1" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-1", - "ac-2-f", - "ac-2-j" - ], - "CIS-3.0": [ - "1.14" - ], - "NIST-800-53-Revision-5": [ - "ac_2_1", - "ac_3_3", - "ac_3_3_a", - "ac_3_3_b_1", - "ac_3_3_b_2", - "ac_3_3_b_3", - "ac_3_3_b_4", - "ac_3_3_b_5", - "ac_3_3_c", - "ac_3_4", - "ac_3_4_a", - "ac_3_4_b", - "ac_3_4_c", - "ac_3_4_d", - "ac_3_4_e", - "ac_3_8", - "ac_3_12_a", - "ac_3_13", - "ac_3_15_a", - "ac_3_15_b", - "ac_4_28", - "ac_24", - "cm_5_1_a", - "cm_6_a", - "cm_9_b", - "sc_23_3" - ], - "ENS-RD2022": [ - "op.acc.6.aws.iam.2", - "op.acc.6.aws.iam.3" - ], - "AWS-Foundational-Technical-Review": [ - "IAM-002", - "IAM-0012" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.14" - ], - "PCI-4.0": [ - "8.3.10.1.1", - "8.3.5.1", - "8.3.7.1", - "8.3.9.1", - "8.6.3.1" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2" - ], - "FFIEC": [ - "d3-pc-am-b-6" - ], - "GDPR": [ - "article_25" - ], - "CIS-5.0": [ - "1.13" - ], - "CIS-1.4": [ - "1.14" - ], - "CCC": [ - "CCC.ObjStor.CN05.AR02" - ], - "GxP-21-CFR-Part-11": [ - "11.10-d", - "11.10-g", - "11.200", - "11.300-b" - ], - "ProwlerThreatScore-1.0": [ - "1.1.11" - ], - "AWS-Foundational-Security-Best-Practices": [ - "IAM.3" - ], - "CIS-1.5": [ - "1.14" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC02-BP02", - "SEC02-BP05" - ], - "ISO27001-2022": [ - "A.5.15" - ], - "NIST-800-53-Revision-4": [ - "ac_2_1", - "ac_2" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.2" - ], - "ISO27001-2013": [ - "A.9.2", - "A.9.3", - "A.9.4" - ], - "MITRE-ATTACK": [ - "T1078", - "T1550", - "T1110" - ], - "CIS-2.0": [ - "1.14" - ], - "CISA": [ - "your-systems-3" - ], - "NIS2": [ - "1.1.1.d", - "1.1.2", - "2.1.4", - "2.3.1", - "3.1.3", - "6.2.4", - "9.2.c", - "9.2.c.xii", - "11.6.2.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure access keys are rotated every 90 days or less", - "title": "Ensure access keys are rotated every 90 days or less", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_rotate_access_key_90_days-211203495394-us-east-1-terraform-user" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "user": "terraform-user", - "arn": "arn:aws:iam::211203495394:user/terraform-user", - "user_creation_time": "2025-10-06T15:56:43Z", - "password_enabled": "false", - "password_last_used": "N/A", - "password_last_changed": "N/A", - "password_next_rotation": "N/A", - "mfa_active": "false", - "access_key_1_active": "true", - "access_key_1_last_rotated": "2025-10-06T15:57:15Z", - "access_key_1_last_used_date": "2025-10-15T11:07:00Z", - "access_key_1_last_used_region": "ap-northeast-1", - "access_key_1_last_used_service": "ec2", - "access_key_2_active": "false", - "access_key_2_last_rotated": "N/A", - "access_key_2_last_used_date": "N/A", - "access_key_2_last_used_region": "N/A", - "access_key_2_last_used_service": "N/A", - "cert_1_active": "false", - "cert_1_last_rotated": "N/A", - "cert_2_active": "false", - "cert_2_last_rotated": "N/A" - } - }, - "group": { - "name": "iam" - }, - "labels": [ - "CCC_INFRA_DONT_DELETE:True", - "Preexisting:20251012" - ], - "name": "terraform-user", - "type": "AwsIamAccessKey", - "uid": "arn:aws:iam::211203495394:user/terraform-user" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Use the credential report to ensure access_key_X_last_rotated is less than 90 days ago.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_getting-report.html" - ] - }, - "risk_details": "Access keys consist of an access key ID and secret access key which are used to sign programmatic requests that you make to AWS. AWS users need their own access keys to make programmatic calls to AWS from the AWS Command Line Interface (AWS CLI)- Tools for Windows PowerShell- the AWS SDKs- or direct HTTP calls using the APIs for individual AWS services. It is recommended that all access keys be regularly rotated.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "SecurityAudit policy is not attached to any role.", - "metadata": { - "event_code": "iam_securityaudit_role_created", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "SecurityAudit policy is not attached to any role.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-02.01B", - "OIS-02.02B", - "OIS-04.01B", - "HR-04.01B", - "IAM-01.01B", - "IAM-01.04B", - "IAM-05.02B", - "IAM-06.06B", - "DEV-15.01B", - "SIM-01.02B", - "SIM-01.03B", - "COM-02.02B", - "COM-03.02B", - "INQ-02.01B", - "PSS-09.01AC" - ], - "ENS-RD2022": [ - "op.acc.3.r2.aws.iam.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "ISO27001-2022": [ - "A.5.3" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "NIS2": [ - "1.2.4", - "2.1.1", - "2.1.2.a", - "2.1.2.e", - "2.1.2.f", - "2.2.1", - "2.3.1", - "3.1.2.c", - "3.1.3", - "6.2.2.a", - "7.2.d", - "7.2.e", - "7.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure a Security Audit role has been created to conduct security audits", - "title": "Ensure a Security Audit role has been created to conduct security audits", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_securityaudit_role_created-211203495394-us-east-1-SecurityAudit" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "SecurityAudit", - "type": "AwsIamRole", - "uid": "arn:aws:iam::aws:policy/SecurityAudit" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Create an IAM role for conduct security audits with AWS.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_job-functions.html#jf_security-auditor" - ] - }, - "risk_details": "Creating an IAM role with a security audit policy provides a clear separation of duties between the security team and other teams within the organization. This helps to ensure that security-related activities are performed by authorized individuals with the appropriate expertise and access permissions.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "AWS Support Access policy is not attached to any role.", - "metadata": { - "event_code": "iam_support_role_created", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "AWS Support Access policy is not attached to any role.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "CAF Security Epic: IAM", - "compliance": { - "C5-2025": [ - "OIS-02.01B", - "OIS-02.02B", - "HR-04.01B", - "OPS-13.02B", - "OPS-13.03AC", - "OPS-17.02B", - "OPS-24.01B", - "OPS-24.02B", - "IAM-01.01B", - "IAM-01.04B", - "IAM-06.06B", - "DEV-15.01B", - "SSO-05.06B", - "SIM-01.02B", - "SIM-01.03B" - ], - "CIS-3.0": [ - "1.17" - ], - "ENS-RD2022": [ - "op.acc.3.r1.aws.iam.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2", - "2.11.1" - ], - "CIS-4.0.1": [ - "1.17" - ], - "GDPR": [ - "article_25" - ], - "CIS-5.0": [ - "1.16" - ], - "CIS-1.4": [ - "1.17" - ], - "ProwlerThreatScore-1.0": [ - "1.2.3" - ], - "CIS-1.5": [ - "1.17" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC10-BP01" - ], - "AWS-Account-Security-Onboarding": [ - "Predefine IAM Roles" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2", - "2.11.1" - ], - "CIS-2.0": [ - "1.17" - ], - "NIS2": [ - "2.1.1", - "2.1.2.a", - "2.2.1", - "3.1.2.d", - "4.3.2.a", - "5.1.7.b" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure a support role has been created to manage incidents with AWS Support", - "title": "Ensure a support role has been created to manage incidents with AWS Support", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_support_role_created-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "211203495394", - "type": "AwsIamRole", - "uid": "arn:aws:iam::aws:policy/AWSSupportAccess" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Create an IAM role for managing incidents with AWS.", - "references": [ - "https://docs.aws.amazon.com/awssupport/latest/user/using-service-linked-roles-sup.html" - ] - }, - "risk_details": "AWS provides a support center that can be used for incident notification and response, as well as technical support and customer services. Create an IAM Role to allow authorized users to manage incidents with AWS Support.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User does not have access keys.", - "metadata": { - "event_code": "iam_user_accesskey_unused", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "User does not have access keys.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_1", - "3_1_2", - "3_1_4", - "3_1_5", - "3_5_6", - "3_5_7", - "3_5_8" - ], - "HIPAA": [ - "164_308_a_3_ii_b", - "164_308_a_4_ii_c", - "164_308_a_5_ii_d" - ], - "SOC2": [ - "cc_1_3" - ], - "C5-2025": [ - "IAM-03.02B", - "IAM-03.03B", - "IAM-03.01AS", - "IAM-05.04B", - "IAM-10.01B", - "CRY-03.01B" - ], - "NIST-CSF-1.1": [ - "ac_1", - "ac_4" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-1", - "ac-2-f", - "ac-2-j", - "ac-2-3", - "ac-3", - "ac-5-c", - "ac-6" - ], - "CIS-3.0": [ - "1.12" - ], - "NIST-800-53-Revision-5": [ - "ac_2_1", - "ac_2_3_a", - "ac_2_3_b", - "ac_2_3_c", - "ac_2_3_d", - "ac_2_3", - "ac_2_6", - "ac_2_g", - "ac_2_j", - "ac_3", - "ac_3_3", - "ac_3_3_a", - "ac_3_3_b_1", - "ac_3_3_b_2", - "ac_3_3_b_3", - "ac_3_3_b_4", - "ac_3_3_b_5", - "ac_3_3_c", - "ac_3_4", - "ac_3_4_a", - "ac_3_4_b", - "ac_3_4_c", - "ac_3_4_d", - "ac_3_4_e", - "ac_3_7", - "ac_3_8", - "ac_3_12_a", - "ac_3_13", - "ac_3_15_a", - "ac_3_15_b", - "ac_4_28", - "ac_6", - "ac_24", - "cm_5_1_a", - "cm_6_a", - "cm_9_b", - "mp_2", - "sc_23_3" - ], - "ENS-RD2022": [ - "op.acc.6.aws.iam.2", - "op.acc.6.aws.iam.3", - "op.acc.6.r7.aws.iam.1" - ], - "AWS-Foundational-Technical-Review": [ - "IAM-002", - "IAM-0012" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.12" - ], - "PCI-4.0": [ - "7.2.4.2", - "7.2.5.1.2", - "8.2.6.2", - "A3.4.1.10" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "ac-3" - ], - "FFIEC": [ - "d3-pc-am-b-6" - ], - "GDPR": [ - "article_25" - ], - "PCI-3.2.1": [ - "8.1", - "8.1.4" - ], - "CIS-5.0": [ - "1.11" - ], - "CIS-1.4": [ - "1.12" - ], - "GxP-21-CFR-Part-11": [ - "11.10-d", - "11.10-g", - "11.300-b" - ], - "ProwlerThreatScore-1.0": [ - "1.1.10" - ], - "AWS-Foundational-Security-Best-Practices": [ - "IAM.8", - "IAM.22", - "IAM.26" - ], - "CIS-1.5": [ - "1.12" - ], - "ISO27001-2022": [ - "A.5.15" - ], - "NIST-800-53-Revision-4": [ - "ac_2_1", - "ac_2_3", - "ac_2", - "ac_3", - "ac_6" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.2" - ], - "ISO27001-2013": [ - "A.9.2", - "A.9.3", - "A.9.4" - ], - "MITRE-ATTACK": [ - "T1078", - "T1550", - "T1110" - ], - "CIS-2.0": [ - "1.12" - ], - "CISA": [ - "your-systems-3" - ], - "NIS2": [ - "11.5.4" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure unused User Access Keys are disabled", - "title": "Ensure unused User Access Keys are disabled", - "types": [ - "Software and Configuration Checks" - ], - "uid": "prowler-aws-iam_user_accesskey_unused-211203495394-us-east-1-" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "user": "", - "arn": "arn:aws:iam::211203495394:root", - "user_creation_time": "2025-10-03T16:10:08Z", - "password_enabled": "true", - "password_last_used": "2025-10-15T00:42:44Z", - "password_last_changed": "2025-10-03T16:10:08Z", - "password_next_rotation": "not_supported", - "mfa_active": "true", - "access_key_1_active": "false", - "access_key_1_last_rotated": "N/A", - "access_key_1_last_used_date": "N/A", - "access_key_1_last_used_region": "N/A", - "access_key_1_last_used_service": "N/A", - "access_key_2_active": "false", - "access_key_2_last_rotated": "N/A", - "access_key_2_last_used_date": "N/A", - "access_key_2_last_used_region": "N/A", - "access_key_2_last_used_service": "N/A", - "cert_1_active": "false", - "cert_1_last_rotated": "N/A", - "cert_2_active": "false", - "cert_2_last_rotated": "N/A" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "", - "type": "AwsIamUser", - "uid": "arn:aws:iam::211203495394:root" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Find the credentials that they were using and ensure that they are no longer operational. Ideally, you delete credentials if they are no longer needed. You can always recreate them at a later date if the need arises. At the very least, you should change the password or deactivate the access keys so that the former users no longer have access.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_finding-unused.html" - ] - }, - "risk_details": "To increase the security of your AWS account, remove IAM user credentials (that is, passwords and access keys) that are not needed. For example, when users leave your organization or no longer need AWS access.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User terraform-user does not have unused access keys for 45 days.", - "metadata": { - "event_code": "iam_user_accesskey_unused", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "User terraform-user does not have unused access keys for 45 days.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_1", - "3_1_2", - "3_1_4", - "3_1_5", - "3_5_6", - "3_5_7", - "3_5_8" - ], - "HIPAA": [ - "164_308_a_3_ii_b", - "164_308_a_4_ii_c", - "164_308_a_5_ii_d" - ], - "SOC2": [ - "cc_1_3" - ], - "C5-2025": [ - "IAM-03.02B", - "IAM-03.03B", - "IAM-03.01AS", - "IAM-05.04B", - "IAM-10.01B", - "CRY-03.01B" - ], - "NIST-CSF-1.1": [ - "ac_1", - "ac_4" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-1", - "ac-2-f", - "ac-2-j", - "ac-2-3", - "ac-3", - "ac-5-c", - "ac-6" - ], - "CIS-3.0": [ - "1.12" - ], - "NIST-800-53-Revision-5": [ - "ac_2_1", - "ac_2_3_a", - "ac_2_3_b", - "ac_2_3_c", - "ac_2_3_d", - "ac_2_3", - "ac_2_6", - "ac_2_g", - "ac_2_j", - "ac_3", - "ac_3_3", - "ac_3_3_a", - "ac_3_3_b_1", - "ac_3_3_b_2", - "ac_3_3_b_3", - "ac_3_3_b_4", - "ac_3_3_b_5", - "ac_3_3_c", - "ac_3_4", - "ac_3_4_a", - "ac_3_4_b", - "ac_3_4_c", - "ac_3_4_d", - "ac_3_4_e", - "ac_3_7", - "ac_3_8", - "ac_3_12_a", - "ac_3_13", - "ac_3_15_a", - "ac_3_15_b", - "ac_4_28", - "ac_6", - "ac_24", - "cm_5_1_a", - "cm_6_a", - "cm_9_b", - "mp_2", - "sc_23_3" - ], - "ENS-RD2022": [ - "op.acc.6.aws.iam.2", - "op.acc.6.aws.iam.3", - "op.acc.6.r7.aws.iam.1" - ], - "AWS-Foundational-Technical-Review": [ - "IAM-002", - "IAM-0012" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.12" - ], - "PCI-4.0": [ - "7.2.4.2", - "7.2.5.1.2", - "8.2.6.2", - "A3.4.1.10" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "ac-3" - ], - "FFIEC": [ - "d3-pc-am-b-6" - ], - "GDPR": [ - "article_25" - ], - "PCI-3.2.1": [ - "8.1", - "8.1.4" - ], - "CIS-5.0": [ - "1.11" - ], - "CIS-1.4": [ - "1.12" - ], - "GxP-21-CFR-Part-11": [ - "11.10-d", - "11.10-g", - "11.300-b" - ], - "ProwlerThreatScore-1.0": [ - "1.1.10" - ], - "AWS-Foundational-Security-Best-Practices": [ - "IAM.8", - "IAM.22", - "IAM.26" - ], - "CIS-1.5": [ - "1.12" - ], - "ISO27001-2022": [ - "A.5.15" - ], - "NIST-800-53-Revision-4": [ - "ac_2_1", - "ac_2_3", - "ac_2", - "ac_3", - "ac_6" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.2" - ], - "ISO27001-2013": [ - "A.9.2", - "A.9.3", - "A.9.4" - ], - "MITRE-ATTACK": [ - "T1078", - "T1550", - "T1110" - ], - "CIS-2.0": [ - "1.12" - ], - "CISA": [ - "your-systems-3" - ], - "NIS2": [ - "11.5.4" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure unused User Access Keys are disabled", - "title": "Ensure unused User Access Keys are disabled", - "types": [ - "Software and Configuration Checks" - ], - "uid": "prowler-aws-iam_user_accesskey_unused-211203495394-us-east-1-terraform-user" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "user": "terraform-user", - "arn": "arn:aws:iam::211203495394:user/terraform-user", - "user_creation_time": "2025-10-06T15:56:43Z", - "password_enabled": "false", - "password_last_used": "N/A", - "password_last_changed": "N/A", - "password_next_rotation": "N/A", - "mfa_active": "false", - "access_key_1_active": "true", - "access_key_1_last_rotated": "2025-10-06T15:57:15Z", - "access_key_1_last_used_date": "2025-10-15T11:07:00Z", - "access_key_1_last_used_region": "ap-northeast-1", - "access_key_1_last_used_service": "ec2", - "access_key_2_active": "false", - "access_key_2_last_rotated": "N/A", - "access_key_2_last_used_date": "N/A", - "access_key_2_last_used_region": "N/A", - "access_key_2_last_used_service": "N/A", - "cert_1_active": "false", - "cert_1_last_rotated": "N/A", - "cert_2_active": "false", - "cert_2_last_rotated": "N/A" - } - }, - "group": { - "name": "iam" - }, - "labels": [ - "CCC_INFRA_DONT_DELETE:True", - "Preexisting:20251012" - ], - "name": "terraform-user", - "type": "AwsIamUser", - "uid": "arn:aws:iam::211203495394:user/terraform-user" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Find the credentials that they were using and ensure that they are no longer operational. Ideally, you delete credentials if they are no longer needed. You can always recreate them at a later date if the need arises. At the very least, you should change the password or deactivate the access keys so that the former users no longer have access.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_finding-unused.html" - ] - }, - "risk_details": "To increase the security of your AWS account, remove IAM user credentials (that is, passwords and access keys) that are not needed. For example, when users leave your organization or no longer need AWS access.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "IAM User terraform-user has AdministratorAccess policy attached.", - "metadata": { - "event_code": "iam_user_administrator_access_policy", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "IAM User terraform-user has AdministratorAccess policy attached.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-04.03B", - "SP-01.04B", - "HR-01.01B", - "IAM-01.01B", - "IAM-01.04B", - "IAM-10.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "PCI-4.0": [ - "7.2.1.19", - "7.2.2.19", - "7.2.5.13", - "7.3.1.13", - "7.3.2.13", - "7.3.3.13", - "8.2.7.13", - "8.2.8.15", - "8.3.4.13" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.LB.CN04.AR01", - "CCC.LB.CN05.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR04" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "This check ensures that no IAM users in your AWS account have the 'AdministratorAccess' policy attached. IAM users with this policy have unrestricted access to all AWS services and resources, which poses a significant security risk if misused.", - "title": "Ensure No IAM Users Have Administrator Access Policy", - "types": [], - "uid": "prowler-aws-iam_user_administrator_access_policy-211203495394-us-east-1-terraform-user" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "terraform-user", - "arn": "arn:aws:iam::211203495394:user/terraform-user", - "mfa_devices": [], - "password_last_used": null, - "console_access": false, - "attached_policies": [ - { - "PolicyName": "AdministratorAccess", - "PolicyArn": "arn:aws:iam::aws:policy/AdministratorAccess" - } - ], - "inline_policies": [], - "tags": [ - { - "Key": "CCC_INFRA_DONT_DELETE", - "Value": "True" - }, - { - "Key": "Preexisting", - "Value": "20251012" - } - ] - } - }, - "group": { - "name": "iam" - }, - "labels": [ - "CCC_INFRA_DONT_DELETE:True", - "Preexisting:20251012" - ], - "name": "terraform-user", - "type": "AwsIamUser", - "uid": "arn:aws:iam::211203495394:user/terraform-user" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Replace the 'AdministratorAccess' policy with more specific permissions that follow the Principle of Least Privilege. Consider implementing IAM roles such as 'IAM Master' and 'IAM Manager' to manage permissions more securely.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html" - ] - }, - "risk_details": "IAM users with administrator-level permissions can perform any action on any resource in your AWS environment. If these permissions are granted to users unnecessarily or to individuals without sufficient knowledge, it can lead to security vulnerabilities, data leaks, data loss, or unexpected charges.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "IAM User test-user-trusted does not have AdministratorAccess policy.", - "metadata": { - "event_code": "iam_user_administrator_access_policy", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "IAM User test-user-trusted does not have AdministratorAccess policy.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-04.03B", - "SP-01.04B", - "HR-01.01B", - "IAM-01.01B", - "IAM-01.04B", - "IAM-10.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "PCI-4.0": [ - "7.2.1.19", - "7.2.2.19", - "7.2.5.13", - "7.3.1.13", - "7.3.2.13", - "7.3.3.13", - "8.2.7.13", - "8.2.8.15", - "8.3.4.13" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.LB.CN04.AR01", - "CCC.LB.CN05.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR04" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "This check ensures that no IAM users in your AWS account have the 'AdministratorAccess' policy attached. IAM users with this policy have unrestricted access to all AWS services and resources, which poses a significant security risk if misused.", - "title": "Ensure No IAM Users Have Administrator Access Policy", - "types": [], - "uid": "prowler-aws-iam_user_administrator_access_policy-211203495394-us-east-1-test-user-trusted" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "test-user-trusted", - "arn": "arn:aws:iam::211203495394:user/test-user-trusted", - "mfa_devices": [], - "password_last_used": null, - "console_access": false, - "attached_policies": [], - "inline_policies": [ - "CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-read", - "CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-write" - ], - "tags": [ - { - "Key": "Purpose", - "Value": "CCC-Testing" - }, - { - "Key": "ManagedBy", - "Value": "CCC-CFI-Compliance-Framework" - } - ] - } - }, - "group": { - "name": "iam" - }, - "labels": [ - "Purpose:CCC-Testing", - "ManagedBy:CCC-CFI-Compliance-Framework" - ], - "name": "test-user-trusted", - "type": "AwsIamUser", - "uid": "arn:aws:iam::211203495394:user/test-user-trusted" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Replace the 'AdministratorAccess' policy with more specific permissions that follow the Principle of Least Privilege. Consider implementing IAM roles such as 'IAM Master' and 'IAM Manager' to manage permissions more securely.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html" - ] - }, - "risk_details": "IAM users with administrator-level permissions can perform any action on any resource in your AWS environment. If these permissions are granted to users unnecessarily or to individuals without sufficient knowledge, it can lead to security vulnerabilities, data leaks, data loss, or unexpected charges.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User terraform-user does not have console access enabled or is unused.", - "metadata": { - "event_code": "iam_user_console_access_unused", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "User terraform-user does not have console access enabled or is unused.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_1", - "3_1_2", - "3_1_4", - "3_1_5", - "3_5_6", - "3_5_7", - "3_5_8" - ], - "HIPAA": [ - "164_308_a_3_ii_b", - "164_308_a_4_ii_c", - "164_308_a_5_ii_d" - ], - "SOC2": [ - "cc_1_3" - ], - "C5-2025": [ - "OPS-05.02AC", - "IAM-03.02B", - "IAM-03.03B", - "IAM-03.01AS", - "IAM-05.04B", - "IAM-10.01B" - ], - "NIST-CSF-1.1": [ - "ac_1", - "ac_4" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-1", - "ac-2-f", - "ac-2-j", - "ac-2-3", - "ac-3", - "ac-5-c", - "ac-6" - ], - "CIS-3.0": [ - "1.12" - ], - "NIST-800-53-Revision-5": [ - "ac_2_1", - "ac_2_3_a", - "ac_2_3_b", - "ac_2_3_c", - "ac_2_3_d", - "ac_2_3", - "ac_2_6", - "ac_2_g", - "ac_2_j", - "ac_3", - "ac_3_3", - "ac_3_3_a", - "ac_3_3_b_1", - "ac_3_3_b_2", - "ac_3_3_b_3", - "ac_3_3_b_4", - "ac_3_3_b_5", - "ac_3_3_c", - "ac_3_4", - "ac_3_4_a", - "ac_3_4_b", - "ac_3_4_c", - "ac_3_4_d", - "ac_3_4_e", - "ac_3_7", - "ac_3_8", - "ac_3_12_a", - "ac_3_13", - "ac_3_15_a", - "ac_3_15_b", - "ac_4_28", - "ac_6", - "ac_24", - "cm_5_1_a", - "cm_6_a", - "cm_9_b", - "mp_2", - "sc_23_3" - ], - "ENS-RD2022": [ - "op.acc.6.aws.iam.2", - "op.acc.6.aws.iam.3", - "op.acc.6.r7.aws.iam.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.3", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.12" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "ac-3" - ], - "FFIEC": [ - "d3-pc-am-b-6" - ], - "GDPR": [ - "article_25" - ], - "PCI-3.2.1": [ - "8.1", - "8.1.4" - ], - "CIS-5.0": [ - "1.11" - ], - "CIS-1.4": [ - "1.12" - ], - "GxP-21-CFR-Part-11": [ - "11.10-d", - "11.10-g", - "11.300-b" - ], - "ProwlerThreatScore-1.0": [ - "1.1.10" - ], - "AWS-Foundational-Security-Best-Practices": [ - "IAM.8", - "IAM.22", - "IAM.26" - ], - "CIS-1.5": [ - "1.12" - ], - "ISO27001-2022": [ - "A.5.15" - ], - "NIST-800-53-Revision-4": [ - "ac_2_1", - "ac_2_3", - "ac_2", - "ac_3", - "ac_6" - ], - "KISA-ISMS-P-2023": [ - "2.5.3", - "2.10.2" - ], - "ISO27001-2013": [ - "A.9.2", - "A.9.3", - "A.9.4" - ], - "MITRE-ATTACK": [ - "T1078", - "T1550", - "T1110" - ], - "CIS-2.0": [ - "1.12" - ], - "CISA": [ - "your-systems-3" - ], - "NIS2": [ - "11.3.2.d", - "11.5.4" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure unused user console access are disabled", - "title": "Ensure unused user console access are disabled", - "types": [ - "Software and Configuration Checks" - ], - "uid": "prowler-aws-iam_user_console_access_unused-211203495394-us-east-1-terraform-user" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "terraform-user", - "arn": "arn:aws:iam::211203495394:user/terraform-user", - "mfa_devices": [], - "password_last_used": null, - "console_access": false, - "attached_policies": [ - { - "PolicyName": "AdministratorAccess", - "PolicyArn": "arn:aws:iam::aws:policy/AdministratorAccess" - } - ], - "inline_policies": [], - "tags": [ - { - "Key": "CCC_INFRA_DONT_DELETE", - "Value": "True" - }, - { - "Key": "Preexisting", - "Value": "20251012" - } - ] - } - }, - "group": { - "name": "iam" - }, - "labels": [ - "CCC_INFRA_DONT_DELETE:True", - "Preexisting:20251012" - ], - "name": "terraform-user", - "type": "AwsIamUser", - "uid": "arn:aws:iam::211203495394:user/terraform-user" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Find the credentials that they were using and ensure that they are no longer operational. Ideally, you delete credentials if they are no longer needed. You can always recreate them at a later date if the need arises. At the very least, you should change the password or deactivate the access keys so that the former users no longer have access.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_finding-unused.html" - ] - }, - "risk_details": "To increase the security of your AWS account, remove IAM user credentials (that is, passwords and access keys) that are not needed. For example, when users leave your organization or no longer need AWS access.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User test-user-trusted does not have console access enabled or is unused.", - "metadata": { - "event_code": "iam_user_console_access_unused", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "User test-user-trusted does not have console access enabled or is unused.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_1", - "3_1_2", - "3_1_4", - "3_1_5", - "3_5_6", - "3_5_7", - "3_5_8" - ], - "HIPAA": [ - "164_308_a_3_ii_b", - "164_308_a_4_ii_c", - "164_308_a_5_ii_d" - ], - "SOC2": [ - "cc_1_3" - ], - "C5-2025": [ - "OPS-05.02AC", - "IAM-03.02B", - "IAM-03.03B", - "IAM-03.01AS", - "IAM-05.04B", - "IAM-10.01B" - ], - "NIST-CSF-1.1": [ - "ac_1", - "ac_4" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-1", - "ac-2-f", - "ac-2-j", - "ac-2-3", - "ac-3", - "ac-5-c", - "ac-6" - ], - "CIS-3.0": [ - "1.12" - ], - "NIST-800-53-Revision-5": [ - "ac_2_1", - "ac_2_3_a", - "ac_2_3_b", - "ac_2_3_c", - "ac_2_3_d", - "ac_2_3", - "ac_2_6", - "ac_2_g", - "ac_2_j", - "ac_3", - "ac_3_3", - "ac_3_3_a", - "ac_3_3_b_1", - "ac_3_3_b_2", - "ac_3_3_b_3", - "ac_3_3_b_4", - "ac_3_3_b_5", - "ac_3_3_c", - "ac_3_4", - "ac_3_4_a", - "ac_3_4_b", - "ac_3_4_c", - "ac_3_4_d", - "ac_3_4_e", - "ac_3_7", - "ac_3_8", - "ac_3_12_a", - "ac_3_13", - "ac_3_15_a", - "ac_3_15_b", - "ac_4_28", - "ac_6", - "ac_24", - "cm_5_1_a", - "cm_6_a", - "cm_9_b", - "mp_2", - "sc_23_3" - ], - "ENS-RD2022": [ - "op.acc.6.aws.iam.2", - "op.acc.6.aws.iam.3", - "op.acc.6.r7.aws.iam.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.3", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.12" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "ac-3" - ], - "FFIEC": [ - "d3-pc-am-b-6" - ], - "GDPR": [ - "article_25" - ], - "PCI-3.2.1": [ - "8.1", - "8.1.4" - ], - "CIS-5.0": [ - "1.11" - ], - "CIS-1.4": [ - "1.12" - ], - "GxP-21-CFR-Part-11": [ - "11.10-d", - "11.10-g", - "11.300-b" - ], - "ProwlerThreatScore-1.0": [ - "1.1.10" - ], - "AWS-Foundational-Security-Best-Practices": [ - "IAM.8", - "IAM.22", - "IAM.26" - ], - "CIS-1.5": [ - "1.12" - ], - "ISO27001-2022": [ - "A.5.15" - ], - "NIST-800-53-Revision-4": [ - "ac_2_1", - "ac_2_3", - "ac_2", - "ac_3", - "ac_6" - ], - "KISA-ISMS-P-2023": [ - "2.5.3", - "2.10.2" - ], - "ISO27001-2013": [ - "A.9.2", - "A.9.3", - "A.9.4" - ], - "MITRE-ATTACK": [ - "T1078", - "T1550", - "T1110" - ], - "CIS-2.0": [ - "1.12" - ], - "CISA": [ - "your-systems-3" - ], - "NIS2": [ - "11.3.2.d", - "11.5.4" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure unused user console access are disabled", - "title": "Ensure unused user console access are disabled", - "types": [ - "Software and Configuration Checks" - ], - "uid": "prowler-aws-iam_user_console_access_unused-211203495394-us-east-1-test-user-trusted" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "test-user-trusted", - "arn": "arn:aws:iam::211203495394:user/test-user-trusted", - "mfa_devices": [], - "password_last_used": null, - "console_access": false, - "attached_policies": [], - "inline_policies": [ - "CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-read", - "CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-write" - ], - "tags": [ - { - "Key": "Purpose", - "Value": "CCC-Testing" - }, - { - "Key": "ManagedBy", - "Value": "CCC-CFI-Compliance-Framework" - } - ] - } - }, - "group": { - "name": "iam" - }, - "labels": [ - "Purpose:CCC-Testing", - "ManagedBy:CCC-CFI-Compliance-Framework" - ], - "name": "test-user-trusted", - "type": "AwsIamUser", - "uid": "arn:aws:iam::211203495394:user/test-user-trusted" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Find the credentials that they were using and ensure that they are no longer operational. Ideally, you delete credentials if they are no longer needed. You can always recreate them at a later date if the need arises. At the very least, you should change the password or deactivate the access keys so that the former users no longer have access.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_finding-unused.html" - ] - }, - "risk_details": "To increase the security of your AWS account, remove IAM user credentials (that is, passwords and access keys) that are not needed. For example, when users leave your organization or no longer need AWS access.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User terraform-user does not have any type of MFA enabled.", - "metadata": { - "event_code": "iam_user_hardware_mfa_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "User terraform-user does not have any type of MFA enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OPS-16.01B", - "IAM-08.05B", - "IAM-09.02B", - "IAM-09.01AC", - "PSS-05.01B", - "PSS-07.02B" - ], - "AWS-Foundational-Technical-Review": [ - "IAM-001", - "IAM-0012" - ], - "AWS-Audit-Manager-Control-Tower-Guardrails": [ - "3.0.1", - "3.0.2" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.3", - "2.10.2" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2" - ], - "CCC": [ - "CCC.Core.CN03.AR03", - "CCC.Core.CN03.AR04", - "CCC.Core.CN05.AR06" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC02-BP01" - ], - "ISO27001-2022": [ - "A.8.5" - ], - "KISA-ISMS-P-2023": [ - "2.5.3", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1078", - "T1098", - "T1556", - "T1550", - "T1110", - "T1040" - ], - "CISA": [ - "booting-up-thing-to-do-first-2" - ], - "NIS2": [ - "11.7.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Check if IAM users have Hardware MFA enabled.", - "title": "Check if IAM users have Hardware MFA enabled.", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_user_hardware_mfa_enabled-211203495394-us-east-1-terraform-user" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "terraform-user", - "arn": "arn:aws:iam::211203495394:user/terraform-user", - "mfa_devices": [], - "password_last_used": null, - "console_access": false, - "attached_policies": [ - { - "PolicyName": "AdministratorAccess", - "PolicyArn": "arn:aws:iam::aws:policy/AdministratorAccess" - } - ], - "inline_policies": [], - "tags": [ - { - "Key": "CCC_INFRA_DONT_DELETE", - "Value": "True" - }, - { - "Key": "Preexisting", - "Value": "20251012" - } - ] - } - }, - "group": { - "name": "iam" - }, - "labels": [ - "CCC_INFRA_DONT_DELETE:True", - "Preexisting:20251012" - ], - "name": "terraform-user", - "type": "AwsIamUser", - "uid": "arn:aws:iam::211203495394:user/terraform-user" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Enable hardware MFA device for an IAM user from the AWS Management Console, the command line, or the IAM API.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_mfa_enable_physical.html" - ] - }, - "risk_details": "Hardware MFA is preferred over virtual MFA.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User test-user-trusted does not have any type of MFA enabled.", - "metadata": { - "event_code": "iam_user_hardware_mfa_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "User test-user-trusted does not have any type of MFA enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OPS-16.01B", - "IAM-08.05B", - "IAM-09.02B", - "IAM-09.01AC", - "PSS-05.01B", - "PSS-07.02B" - ], - "AWS-Foundational-Technical-Review": [ - "IAM-001", - "IAM-0012" - ], - "AWS-Audit-Manager-Control-Tower-Guardrails": [ - "3.0.1", - "3.0.2" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.3", - "2.10.2" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2" - ], - "CCC": [ - "CCC.Core.CN03.AR03", - "CCC.Core.CN03.AR04", - "CCC.Core.CN05.AR06" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC02-BP01" - ], - "ISO27001-2022": [ - "A.8.5" - ], - "KISA-ISMS-P-2023": [ - "2.5.3", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1078", - "T1098", - "T1556", - "T1550", - "T1110", - "T1040" - ], - "CISA": [ - "booting-up-thing-to-do-first-2" - ], - "NIS2": [ - "11.7.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Check if IAM users have Hardware MFA enabled.", - "title": "Check if IAM users have Hardware MFA enabled.", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_user_hardware_mfa_enabled-211203495394-us-east-1-test-user-trusted" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "test-user-trusted", - "arn": "arn:aws:iam::211203495394:user/test-user-trusted", - "mfa_devices": [], - "password_last_used": null, - "console_access": false, - "attached_policies": [], - "inline_policies": [ - "CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-read", - "CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-write" - ], - "tags": [ - { - "Key": "Purpose", - "Value": "CCC-Testing" - }, - { - "Key": "ManagedBy", - "Value": "CCC-CFI-Compliance-Framework" - } - ] - } - }, - "group": { - "name": "iam" - }, - "labels": [ - "Purpose:CCC-Testing", - "ManagedBy:CCC-CFI-Compliance-Framework" - ], - "name": "test-user-trusted", - "type": "AwsIamUser", - "uid": "arn:aws:iam::211203495394:user/test-user-trusted" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Enable hardware MFA device for an IAM user from the AWS Management Console, the command line, or the IAM API.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_mfa_enable_physical.html" - ] - }, - "risk_details": "Hardware MFA is preferred over virtual MFA.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User terraform-user does not have Console Password enabled.", - "metadata": { - "event_code": "iam_user_mfa_enabled_console_access", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "User terraform-user does not have Console Password enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_1", - "3_1_2", - "3_1_14", - "3_5_2", - "3_5_3" - ], - "HIPAA": [ - "164_308_a_3_ii_a", - "164_312_a_1", - "164_312_d" - ], - "C5-2025": [ - "OPS-05.02AC", - "OPS-16.01B", - "IAM-04.06B", - "IAM-06.09B", - "IAM-08.02B", - "IAM-08.05B", - "IAM-09.02B", - "IAM-09.01AC", - "IAM-10.01B", - "PSS-05.01B", - "PSS-07.01B", - "PSS-07.02B" - ], - "NIST-CSF-1.1": [ - "ac_3", - "ac_7" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-1", - "ac-2-f", - "ac-2-j", - "ia-2-1-2", - "ia-2-1" - ], - "CIS-3.0": [ - "1.10" - ], - "NIST-800-53-Revision-5": [ - "ac_2_1", - "ac_3_2", - "ac_3_3", - "ac_3_3_a", - "ac_3_3_b_1", - "ac_3_3_b_2", - "ac_3_3_b_3", - "ac_3_3_b_4", - "ac_3_3_b_5", - "ac_3_3_c", - "ac_3_4", - "ac_3_4_a", - "ac_3_4_b", - "ac_3_4_c", - "ac_3_4_d", - "ac_3_4_e", - "ac_3_8", - "ac_3_12_a", - "ac_3_13", - "ac_3_15_a", - "ac_3_15_b", - "ac_4_28", - "ac_7_4", - "ac_7_4_a", - "ac_24", - "cm_5_1_a", - "cm_6_a", - "cm_9_b", - "ia_2_1", - "ia_2_2", - "ia_2_6", - "ia_2_6_a", - "ia_2_8", - "sc_23_3" - ], - "ENS-RD2022": [ - "op.acc.6.r2.aws.iam.1", - "op.acc.6.r4.aws.iam.1", - "op.acc.6.r8.aws.iam.1" - ], - "AWS-Foundational-Technical-Review": [ - "IAM-001", - "IAM-0012" - ], - "AWS-Audit-Manager-Control-Tower-Guardrails": [ - "3.0.1", - "3.0.2", - "3.0.3" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.3", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.10" - ], - "PCI-4.0": [ - "8.4.1.1", - "8.4.1.2", - "8.4.2.1", - "8.4.2.2", - "8.4.3.1", - "8.4.3.2" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "ia-2" - ], - "FFIEC": [ - "d3-pc-am-b-15", - "d3-pc-am-b-6" - ], - "GDPR": [ - "article_25" - ], - "PCI-3.2.1": [ - "8.3", - "8.3.1", - "8.3.1.a", - "8.3.2", - "8.3.2.a", - "8.6", - "8.6.c" - ], - "CIS-5.0": [ - "1.9" - ], - "CIS-1.4": [ - "1.10" - ], - "CCC": [ - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN03.AR01", - "CCC.Core.CN03.AR02", - "CCC.Core.CN03.AR03", - "CCC.Core.CN03.AR04", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR06" - ], - "GxP-21-CFR-Part-11": [ - "11.10-d", - "11.10-g", - "11.200" - ], - "ProwlerThreatScore-1.0": [ - "1.1.3" - ], - "AWS-Foundational-Security-Best-Practices": [ - "IAM.5", - "IAM.19" - ], - "CIS-1.5": [ - "1.10" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC02-BP01" - ], - "ISO27001-2022": [ - "A.5.15", - "A.5.17", - "A.8.5" - ], - "NIST-800-53-Revision-4": [ - "ia_2_1", - "ia_2_2", - "ia_2_11" - ], - "KISA-ISMS-P-2023": [ - "2.5.3", - "2.10.2" - ], - "ISO27001-2013": [ - "A.9.2", - "A.9.3", - "A.9.4" - ], - "MITRE-ATTACK": [ - "T1078", - "T1098", - "T1556", - "T1550", - "T1110", - "T1040", - "T1538" - ], - "CIS-2.0": [ - "1.10" - ], - "CISA": [ - "your-systems-3", - "your-surroundings-2", - "booting-up-thing-to-do-first-2" - ], - "NIS2": [ - "11.1.2.c", - "11.3.2.a", - "11.4.2.c", - "11.6.1", - "11.7.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password.", - "title": "Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password.", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_user_mfa_enabled_console_access-211203495394-us-east-1-terraform-user" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "user": "terraform-user", - "arn": "arn:aws:iam::211203495394:user/terraform-user", - "user_creation_time": "2025-10-06T15:56:43Z", - "password_enabled": "false", - "password_last_used": "N/A", - "password_last_changed": "N/A", - "password_next_rotation": "N/A", - "mfa_active": "false", - "access_key_1_active": "true", - "access_key_1_last_rotated": "2025-10-06T15:57:15Z", - "access_key_1_last_used_date": "2025-10-15T11:07:00Z", - "access_key_1_last_used_region": "ap-northeast-1", - "access_key_1_last_used_service": "ec2", - "access_key_2_active": "false", - "access_key_2_last_rotated": "N/A", - "access_key_2_last_used_date": "N/A", - "access_key_2_last_used_region": "N/A", - "access_key_2_last_used_service": "N/A", - "cert_1_active": "false", - "cert_1_last_rotated": "N/A", - "cert_2_active": "false", - "cert_2_last_rotated": "N/A" - } - }, - "group": { - "name": "iam" - }, - "labels": [ - "CCC_INFRA_DONT_DELETE:True", - "Preexisting:20251012" - ], - "name": "terraform-user", - "type": "AwsIamUser", - "uid": "arn:aws:iam::211203495394:user/terraform-user" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Enable MFA for the user's account. MFA is a simple best practice that adds an extra layer of protection on top of your user name and password. Recommended to use hardware keys over virtual MFA.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_mfa_enable_virtual.html" - ] - }, - "risk_details": "Unauthorized access to this critical account if password is not secure or it is disclosed in any way.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User does not have access keys or uses the access keys configured.", - "metadata": { - "event_code": "iam_user_no_setup_initial_access_key", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "User does not have access keys or uses the access keys configured.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "CAF Security Epic: IAM", - "compliance": { - "C5-2025": [ - "OPS-05.02AC", - "IAM-10.01B", - "CRY-03.01B", - "PSS-07.01B" - ], - "CIS-3.0": [ - "1.11" - ], - "ENS-RD2022": [ - "op.acc.6.aws.iam.4" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.11" - ], - "CIS-5.0": [ - "1.1" - ], - "CIS-1.4": [ - "1.11" - ], - "CIS-1.5": [ - "1.11" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC02-BP01" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1078", - "T1550" - ], - "CIS-2.0": [ - "1.11" - ], - "NIS2": [ - "9.2.c", - "9.2.c.iii" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Do not setup access keys during initial user setup for all IAM users that have a console password", - "title": "Do not setup access keys during initial user setup for all IAM users that have a console password", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_user_no_setup_initial_access_key-211203495394-us-east-1-" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "user": "", - "arn": "arn:aws:iam::211203495394:root", - "user_creation_time": "2025-10-03T16:10:08Z", - "password_enabled": "true", - "password_last_used": "2025-10-15T00:42:44Z", - "password_last_changed": "2025-10-03T16:10:08Z", - "password_next_rotation": "not_supported", - "mfa_active": "true", - "access_key_1_active": "false", - "access_key_1_last_rotated": "N/A", - "access_key_1_last_used_date": "N/A", - "access_key_1_last_used_region": "N/A", - "access_key_1_last_used_service": "N/A", - "access_key_2_active": "false", - "access_key_2_last_rotated": "N/A", - "access_key_2_last_used_date": "N/A", - "access_key_2_last_used_region": "N/A", - "access_key_2_last_used_service": "N/A", - "cert_1_active": "false", - "cert_1_last_rotated": "N/A", - "cert_2_active": "false", - "cert_2_last_rotated": "N/A" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "", - "type": "AwsIamAccessKey", - "uid": "arn:aws:iam::211203495394:root" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "From the IAM console: generate credential report and disable not required keys.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_getting-report.html" - ] - }, - "risk_details": "AWS console defaults the checkbox for creating access keys to enabled. This results in many access keys being generated unnecessarily. In addition to unnecessary credentials, it also generates unnecessary management work in auditing and rotating these keys. Requiring that additional steps be taken by the user after their profile has been created will give a stronger indication of intent that access keys are (a) necessary for their work and (b) once the access key is established on an account that the keys may be in use somewhere in the organization.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User terraform-user does not have access keys or uses the access keys configured.", - "metadata": { - "event_code": "iam_user_no_setup_initial_access_key", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "User terraform-user does not have access keys or uses the access keys configured.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "CAF Security Epic: IAM", - "compliance": { - "C5-2025": [ - "OPS-05.02AC", - "IAM-10.01B", - "CRY-03.01B", - "PSS-07.01B" - ], - "CIS-3.0": [ - "1.11" - ], - "ENS-RD2022": [ - "op.acc.6.aws.iam.4" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.11" - ], - "CIS-5.0": [ - "1.1" - ], - "CIS-1.4": [ - "1.11" - ], - "CIS-1.5": [ - "1.11" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC02-BP01" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1078", - "T1550" - ], - "CIS-2.0": [ - "1.11" - ], - "NIS2": [ - "9.2.c", - "9.2.c.iii" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Do not setup access keys during initial user setup for all IAM users that have a console password", - "title": "Do not setup access keys during initial user setup for all IAM users that have a console password", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_user_no_setup_initial_access_key-211203495394-us-east-1-terraform-user" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "user": "terraform-user", - "arn": "arn:aws:iam::211203495394:user/terraform-user", - "user_creation_time": "2025-10-06T15:56:43Z", - "password_enabled": "false", - "password_last_used": "N/A", - "password_last_changed": "N/A", - "password_next_rotation": "N/A", - "mfa_active": "false", - "access_key_1_active": "true", - "access_key_1_last_rotated": "2025-10-06T15:57:15Z", - "access_key_1_last_used_date": "2025-10-15T11:07:00Z", - "access_key_1_last_used_region": "ap-northeast-1", - "access_key_1_last_used_service": "ec2", - "access_key_2_active": "false", - "access_key_2_last_rotated": "N/A", - "access_key_2_last_used_date": "N/A", - "access_key_2_last_used_region": "N/A", - "access_key_2_last_used_service": "N/A", - "cert_1_active": "false", - "cert_1_last_rotated": "N/A", - "cert_2_active": "false", - "cert_2_last_rotated": "N/A" - } - }, - "group": { - "name": "iam" - }, - "labels": [ - "CCC_INFRA_DONT_DELETE:True", - "Preexisting:20251012" - ], - "name": "terraform-user", - "type": "AwsIamAccessKey", - "uid": "arn:aws:iam::211203495394:user/terraform-user" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "From the IAM console: generate credential report and disable not required keys.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_getting-report.html" - ] - }, - "risk_details": "AWS console defaults the checkbox for creating access keys to enabled. This results in many access keys being generated unnecessarily. In addition to unnecessary credentials, it also generates unnecessary management work in auditing and rotating these keys. Requiring that additional steps be taken by the user after their profile has been created will give a stronger indication of intent that access keys are (a) necessary for their work and (b) once the access key is established on an account that the keys may be in use somewhere in the organization.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User does not have 2 active access keys.", - "metadata": { - "event_code": "iam_user_two_active_access_key", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "User does not have 2 active access keys.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-10.01B", - "CRY-03.01B" - ], - "CIS-3.0": [ - "1.13" - ], - "ENS-RD2022": [ - "op.acc.6.aws.iam.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.13" - ], - "CIS-5.0": [ - "1.12" - ], - "CIS-1.4": [ - "1.13" - ], - "CIS-1.5": [ - "1.13" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC02-BP01" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1078", - "T1550" - ], - "CIS-2.0": [ - "1.13" - ], - "NIS2": [ - "9.2.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Check if IAM users have two active access keys", - "title": "Check if IAM users have two active access keys", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_user_two_active_access_key-211203495394-us-east-1-" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "user": "", - "arn": "arn:aws:iam::211203495394:root", - "user_creation_time": "2025-10-03T16:10:08Z", - "password_enabled": "true", - "password_last_used": "2025-10-15T00:42:44Z", - "password_last_changed": "2025-10-03T16:10:08Z", - "password_next_rotation": "not_supported", - "mfa_active": "true", - "access_key_1_active": "false", - "access_key_1_last_rotated": "N/A", - "access_key_1_last_used_date": "N/A", - "access_key_1_last_used_region": "N/A", - "access_key_1_last_used_service": "N/A", - "access_key_2_active": "false", - "access_key_2_last_rotated": "N/A", - "access_key_2_last_used_date": "N/A", - "access_key_2_last_used_region": "N/A", - "access_key_2_last_used_service": "N/A", - "cert_1_active": "false", - "cert_1_last_rotated": "N/A", - "cert_2_active": "false", - "cert_2_last_rotated": "N/A" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "", - "type": "AwsIamUser", - "uid": "arn:aws:iam::211203495394:root" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Avoid using long lived access keys.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListAccessKeys.html" - ] - }, - "risk_details": "Access Keys could be lost or stolen. It creates a critical risk.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User terraform-user does not have 2 active access keys.", - "metadata": { - "event_code": "iam_user_two_active_access_key", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "User terraform-user does not have 2 active access keys.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-10.01B", - "CRY-03.01B" - ], - "CIS-3.0": [ - "1.13" - ], - "ENS-RD2022": [ - "op.acc.6.aws.iam.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.13" - ], - "CIS-5.0": [ - "1.12" - ], - "CIS-1.4": [ - "1.13" - ], - "CIS-1.5": [ - "1.13" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC02-BP01" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1078", - "T1550" - ], - "CIS-2.0": [ - "1.13" - ], - "NIS2": [ - "9.2.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Check if IAM users have two active access keys", - "title": "Check if IAM users have two active access keys", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_user_two_active_access_key-211203495394-us-east-1-terraform-user" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "user": "terraform-user", - "arn": "arn:aws:iam::211203495394:user/terraform-user", - "user_creation_time": "2025-10-06T15:56:43Z", - "password_enabled": "false", - "password_last_used": "N/A", - "password_last_changed": "N/A", - "password_next_rotation": "N/A", - "mfa_active": "false", - "access_key_1_active": "true", - "access_key_1_last_rotated": "2025-10-06T15:57:15Z", - "access_key_1_last_used_date": "2025-10-15T11:07:00Z", - "access_key_1_last_used_region": "ap-northeast-1", - "access_key_1_last_used_service": "ec2", - "access_key_2_active": "false", - "access_key_2_last_rotated": "N/A", - "access_key_2_last_used_date": "N/A", - "access_key_2_last_used_region": "N/A", - "access_key_2_last_used_service": "N/A", - "cert_1_active": "false", - "cert_1_last_rotated": "N/A", - "cert_2_active": "false", - "cert_2_last_rotated": "N/A" - } - }, - "group": { - "name": "iam" - }, - "labels": [ - "CCC_INFRA_DONT_DELETE:True", - "Preexisting:20251012" - ], - "name": "terraform-user", - "type": "AwsIamUser", - "uid": "arn:aws:iam::211203495394:user/terraform-user" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Avoid using long lived access keys.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListAccessKeys.html" - ] - }, - "risk_details": "Access Keys could be lost or stolen. It creates a critical risk.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User terraform-user has long lived credentials with access to other services than IAM or STS.", - "metadata": { - "event_code": "iam_user_with_temporary_credentials", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "User terraform-user has long lived credentials with access to other services than IAM or STS.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-01.01B", - "IAM-01.04B", - "IAM-03.01B", - "IAM-03.03B", - "IAM-03.01AS", - "IAM-06.01B", - "IAM-08.02B" - ], - "AWS-Foundational-Technical-Review": [ - "IAM-002", - "IAM-0012" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.3", - "2.10.2" - ], - "KISA-ISMS-P-2023": [ - "2.5.3", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure users make use of temporary credentials assuming IAM roles", - "title": "Ensure users make use of temporary credentials assuming IAM roles", - "types": [ - "Infrastructure Security" - ], - "uid": "prowler-aws-iam_user_with_temporary_credentials-211203495394-us-east-1-terraform-user" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "terraform-user", - "arn": "arn:aws:iam::211203495394:user/terraform-user" - } - }, - "group": { - "name": "iam" - }, - "labels": [ - "CCC_INFRA_DONT_DELETE:True", - "Preexisting:20251012" - ], - "name": "terraform-user", - "type": "AwsIamUser", - "uid": "arn:aws:iam::211203495394:user/terraform-user" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "As a best practice, use temporary security credentials (IAM roles) instead of creating long-term credentials like access keys, and don't create AWS account root user access keys.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html" - ] - }, - "risk_details": "As a best practice, use temporary security credentials (IAM roles) instead of creating long-term credentials like access keys, and don't create AWS account root user access keys.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User test-user-trusted has long lived credentials with access to other services than IAM or STS.", - "metadata": { - "event_code": "iam_user_with_temporary_credentials", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "User test-user-trusted has long lived credentials with access to other services than IAM or STS.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-01.01B", - "IAM-01.04B", - "IAM-03.01B", - "IAM-03.03B", - "IAM-03.01AS", - "IAM-06.01B", - "IAM-08.02B" - ], - "AWS-Foundational-Technical-Review": [ - "IAM-002", - "IAM-0012" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.3", - "2.10.2" - ], - "KISA-ISMS-P-2023": [ - "2.5.3", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure users make use of temporary credentials assuming IAM roles", - "title": "Ensure users make use of temporary credentials assuming IAM roles", - "types": [ - "Infrastructure Security" - ], - "uid": "prowler-aws-iam_user_with_temporary_credentials-211203495394-us-east-1-test-user-trusted" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "test-user-trusted", - "arn": "arn:aws:iam::211203495394:user/test-user-trusted" - } - }, - "group": { - "name": "iam" - }, - "labels": [ - "Purpose:CCC-Testing", - "ManagedBy:CCC-CFI-Compliance-Framework" - ], - "name": "test-user-trusted", - "type": "AwsIamUser", - "uid": "arn:aws:iam::211203495394:user/test-user-trusted" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "As a best practice, use temporary security credentials (IAM roles) instead of creating long-term credentials like access keys, and don't create AWS account root user access keys.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html" - ] - }, - "risk_details": "As a best practice, use temporary security credentials (IAM roles) instead of creating long-term credentials like access keys, and don't create AWS account root user access keys.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 1b7c736d-854c-475a-a8a5-df95b3d7a4df is not being used but it has scheduled deletion.", - "metadata": { - "event_code": "kms_cmk_are_used", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "KMS CMK 1b7c736d-854c-475a-a8a5-df95b3d7a4df is not being used but it has scheduled deletion.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "CCC": [ - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP01" - ], - "ISO27001-2022": [ - "A.8.5", - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.1", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Check if there are CMK KMS keys not used.", - "title": "Check if there are CMK KMS keys not used.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-kms_cmk_are_used-211203495394-eu-west-1-1b7c736d-854c-475a-a8a5-df95b3d7a4df" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "1b7c736d-854c-475a-a8a5-df95b3d7a4df", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/1b7c736d-854c-475a-a8a5-df95b3d7a4df", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Id": "key-default-1", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [] - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "1b7c736d-854c-475a-a8a5-df95b3d7a4df", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/1b7c736d-854c-475a-a8a5-df95b3d7a4df" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Before deleting a customer master key (CMK), you might want to know how many cipher-texts were encrypted under that key.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-determining-usage.html" - ] - }, - "risk_details": "Unused keys may increase service cost.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 1f7c04ae-50f9-4bd6-b725-433368271fbd is not being used but it has scheduled deletion.", - "metadata": { - "event_code": "kms_cmk_are_used", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "KMS CMK 1f7c04ae-50f9-4bd6-b725-433368271fbd is not being used but it has scheduled deletion.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "CCC": [ - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP01" - ], - "ISO27001-2022": [ - "A.8.5", - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.1", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Check if there are CMK KMS keys not used.", - "title": "Check if there are CMK KMS keys not used.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-kms_cmk_are_used-211203495394-eu-west-1-1f7c04ae-50f9-4bd6-b725-433368271fbd" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "1f7c04ae-50f9-4bd6-b725-433368271fbd", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/1f7c04ae-50f9-4bd6-b725-433368271fbd", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Id": "key-default-1", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [] - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "1f7c04ae-50f9-4bd6-b725-433368271fbd", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/1f7c04ae-50f9-4bd6-b725-433368271fbd" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Before deleting a customer master key (CMK), you might want to know how many cipher-texts were encrypted under that key.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-determining-usage.html" - ] - }, - "risk_details": "Unused keys may increase service cost.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 29586687-b1be-4c1b-a758-1f2878050364 is not being used but it has scheduled deletion.", - "metadata": { - "event_code": "kms_cmk_are_used", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "KMS CMK 29586687-b1be-4c1b-a758-1f2878050364 is not being used but it has scheduled deletion.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "CCC": [ - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP01" - ], - "ISO27001-2022": [ - "A.8.5", - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.1", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Check if there are CMK KMS keys not used.", - "title": "Check if there are CMK KMS keys not used.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-kms_cmk_are_used-211203495394-eu-west-1-29586687-b1be-4c1b-a758-1f2878050364" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "29586687-b1be-4c1b-a758-1f2878050364", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/29586687-b1be-4c1b-a758-1f2878050364", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "Default", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [ - { - "TagKey": "Example", - "TagValue": "ex-rds" - }, - { - "TagKey": "GithubOrg", - "TagValue": "terraform-aws-modules" - }, - { - "TagKey": "GithubRepo", - "TagValue": "terraform-aws-rds-aurora" - } - ] - } - }, - "group": { - "name": "kms" - }, - "labels": [ - "TagKey:GithubRepo", - "TagValue:terraform-aws-rds-aurora" - ], - "name": "29586687-b1be-4c1b-a758-1f2878050364", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/29586687-b1be-4c1b-a758-1f2878050364" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Before deleting a customer master key (CMK), you might want to know how many cipher-texts were encrypted under that key.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-determining-usage.html" - ] - }, - "risk_details": "Unused keys may increase service cost.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 34307c6a-e2e3-4f56-8543-fa92dd73df4f is being used.", - "metadata": { - "event_code": "kms_cmk_are_used", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "KMS CMK 34307c6a-e2e3-4f56-8543-fa92dd73df4f is being used.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "CCC": [ - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP01" - ], - "ISO27001-2022": [ - "A.8.5", - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.1", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Check if there are CMK KMS keys not used.", - "title": "Check if there are CMK KMS keys not used.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-kms_cmk_are_used-211203495394-eu-west-1-34307c6a-e2e3-4f56-8543-fa92dd73df4f" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "34307c6a-e2e3-4f56-8543-fa92dd73df4f", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/34307c6a-e2e3-4f56-8543-fa92dd73df4f", - "state": "Enabled", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Id": "key-default-1", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [] - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "34307c6a-e2e3-4f56-8543-fa92dd73df4f", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/34307c6a-e2e3-4f56-8543-fa92dd73df4f" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Before deleting a customer master key (CMK), you might want to know how many cipher-texts were encrypted under that key.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-determining-usage.html" - ] - }, - "risk_details": "Unused keys may increase service cost.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 3c96a820-bc6c-4059-9a8e-3a283bf8c4f5 is not being used but it has scheduled deletion.", - "metadata": { - "event_code": "kms_cmk_are_used", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "KMS CMK 3c96a820-bc6c-4059-9a8e-3a283bf8c4f5 is not being used but it has scheduled deletion.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "CCC": [ - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP01" - ], - "ISO27001-2022": [ - "A.8.5", - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.1", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Check if there are CMK KMS keys not used.", - "title": "Check if there are CMK KMS keys not used.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-kms_cmk_are_used-211203495394-eu-west-1-3c96a820-bc6c-4059-9a8e-3a283bf8c4f5" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "3c96a820-bc6c-4059-9a8e-3a283bf8c4f5", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/3c96a820-bc6c-4059-9a8e-3a283bf8c4f5", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Id": "key-default-1", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [] - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "3c96a820-bc6c-4059-9a8e-3a283bf8c4f5", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/3c96a820-bc6c-4059-9a8e-3a283bf8c4f5" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Before deleting a customer master key (CMK), you might want to know how many cipher-texts were encrypted under that key.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-determining-usage.html" - ] - }, - "risk_details": "Unused keys may increase service cost.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 4cac849c-0540-454c-9d3c-cd040cfab4a9 is not being used but it has scheduled deletion.", - "metadata": { - "event_code": "kms_cmk_are_used", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "KMS CMK 4cac849c-0540-454c-9d3c-cd040cfab4a9 is not being used but it has scheduled deletion.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "CCC": [ - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP01" - ], - "ISO27001-2022": [ - "A.8.5", - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.1", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Check if there are CMK KMS keys not used.", - "title": "Check if there are CMK KMS keys not used.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-kms_cmk_are_used-211203495394-eu-west-1-4cac849c-0540-454c-9d3c-cd040cfab4a9" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "4cac849c-0540-454c-9d3c-cd040cfab4a9", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/4cac849c-0540-454c-9d3c-cd040cfab4a9", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Id": "key-default-1", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [] - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "4cac849c-0540-454c-9d3c-cd040cfab4a9", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/4cac849c-0540-454c-9d3c-cd040cfab4a9" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Before deleting a customer master key (CMK), you might want to know how many cipher-texts were encrypted under that key.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-determining-usage.html" - ] - }, - "risk_details": "Unused keys may increase service cost.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 51726887-02ae-44f3-a044-7e70d96761f9 is not being used but it has scheduled deletion.", - "metadata": { - "event_code": "kms_cmk_are_used", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "KMS CMK 51726887-02ae-44f3-a044-7e70d96761f9 is not being used but it has scheduled deletion.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "CCC": [ - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP01" - ], - "ISO27001-2022": [ - "A.8.5", - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.1", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Check if there are CMK KMS keys not used.", - "title": "Check if there are CMK KMS keys not used.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-kms_cmk_are_used-211203495394-eu-west-1-51726887-02ae-44f3-a044-7e70d96761f9" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "51726887-02ae-44f3-a044-7e70d96761f9", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/51726887-02ae-44f3-a044-7e70d96761f9", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "Default", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [ - { - "TagKey": "Example", - "TagValue": "ex-rds" - }, - { - "TagKey": "GithubOrg", - "TagValue": "terraform-aws-modules" - }, - { - "TagKey": "GithubRepo", - "TagValue": "terraform-aws-rds-aurora" - } - ] - } - }, - "group": { - "name": "kms" - }, - "labels": [ - "TagKey:GithubRepo", - "TagValue:terraform-aws-rds-aurora" - ], - "name": "51726887-02ae-44f3-a044-7e70d96761f9", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/51726887-02ae-44f3-a044-7e70d96761f9" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Before deleting a customer master key (CMK), you might want to know how many cipher-texts were encrypted under that key.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-determining-usage.html" - ] - }, - "risk_details": "Unused keys may increase service cost.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 6ce7a755-4867-4c6a-966c-896a1edcc078 is not being used but it has scheduled deletion.", - "metadata": { - "event_code": "kms_cmk_are_used", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "KMS CMK 6ce7a755-4867-4c6a-966c-896a1edcc078 is not being used but it has scheduled deletion.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "CCC": [ - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP01" - ], - "ISO27001-2022": [ - "A.8.5", - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.1", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Check if there are CMK KMS keys not used.", - "title": "Check if there are CMK KMS keys not used.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-kms_cmk_are_used-211203495394-eu-west-1-6ce7a755-4867-4c6a-966c-896a1edcc078" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "6ce7a755-4867-4c6a-966c-896a1edcc078", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/6ce7a755-4867-4c6a-966c-896a1edcc078", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Id": "key-default-1", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [] - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "6ce7a755-4867-4c6a-966c-896a1edcc078", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/6ce7a755-4867-4c6a-966c-896a1edcc078" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Before deleting a customer master key (CMK), you might want to know how many cipher-texts were encrypted under that key.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-determining-usage.html" - ] - }, - "risk_details": "Unused keys may increase service cost.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 737fb7a4-e9f8-4ab4-87a8-aac87372f1c4 is not being used but it has scheduled deletion.", - "metadata": { - "event_code": "kms_cmk_are_used", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "KMS CMK 737fb7a4-e9f8-4ab4-87a8-aac87372f1c4 is not being used but it has scheduled deletion.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "CCC": [ - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP01" - ], - "ISO27001-2022": [ - "A.8.5", - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.1", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Check if there are CMK KMS keys not used.", - "title": "Check if there are CMK KMS keys not used.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-kms_cmk_are_used-211203495394-eu-west-1-737fb7a4-e9f8-4ab4-87a8-aac87372f1c4" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "737fb7a4-e9f8-4ab4-87a8-aac87372f1c4", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/737fb7a4-e9f8-4ab4-87a8-aac87372f1c4", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Id": "key-default-1", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [] - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "737fb7a4-e9f8-4ab4-87a8-aac87372f1c4", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/737fb7a4-e9f8-4ab4-87a8-aac87372f1c4" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Before deleting a customer master key (CMK), you might want to know how many cipher-texts were encrypted under that key.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-determining-usage.html" - ] - }, - "risk_details": "Unused keys may increase service cost.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 7becded9-6105-409d-9ddc-1ec9ad37781a is not being used but it has scheduled deletion.", - "metadata": { - "event_code": "kms_cmk_are_used", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "KMS CMK 7becded9-6105-409d-9ddc-1ec9ad37781a is not being used but it has scheduled deletion.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "CCC": [ - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP01" - ], - "ISO27001-2022": [ - "A.8.5", - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.1", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Check if there are CMK KMS keys not used.", - "title": "Check if there are CMK KMS keys not used.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-kms_cmk_are_used-211203495394-eu-west-1-7becded9-6105-409d-9ddc-1ec9ad37781a" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "7becded9-6105-409d-9ddc-1ec9ad37781a", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/7becded9-6105-409d-9ddc-1ec9ad37781a", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "Default", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [ - { - "TagKey": "Example", - "TagValue": "ex-rds" - }, - { - "TagKey": "GithubOrg", - "TagValue": "terraform-aws-modules" - }, - { - "TagKey": "GithubRepo", - "TagValue": "terraform-aws-rds-aurora" - } - ] - } - }, - "group": { - "name": "kms" - }, - "labels": [ - "TagKey:GithubRepo", - "TagValue:terraform-aws-rds-aurora" - ], - "name": "7becded9-6105-409d-9ddc-1ec9ad37781a", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/7becded9-6105-409d-9ddc-1ec9ad37781a" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Before deleting a customer master key (CMK), you might want to know how many cipher-texts were encrypted under that key.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-determining-usage.html" - ] - }, - "risk_details": "Unused keys may increase service cost.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 84910ea5-e87b-4175-a70d-317307443c9b is not being used but it has scheduled deletion.", - "metadata": { - "event_code": "kms_cmk_are_used", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "KMS CMK 84910ea5-e87b-4175-a70d-317307443c9b is not being used but it has scheduled deletion.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "CCC": [ - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP01" - ], - "ISO27001-2022": [ - "A.8.5", - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.1", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Check if there are CMK KMS keys not used.", - "title": "Check if there are CMK KMS keys not used.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-kms_cmk_are_used-211203495394-eu-west-1-84910ea5-e87b-4175-a70d-317307443c9b" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "84910ea5-e87b-4175-a70d-317307443c9b", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/84910ea5-e87b-4175-a70d-317307443c9b", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Id": "key-default-1", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [] - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "84910ea5-e87b-4175-a70d-317307443c9b", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/84910ea5-e87b-4175-a70d-317307443c9b" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Before deleting a customer master key (CMK), you might want to know how many cipher-texts were encrypted under that key.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-determining-usage.html" - ] - }, - "risk_details": "Unused keys may increase service cost.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 8775e1db-1bd3-430a-859e-3f4c2add845f is not being used but it has scheduled deletion.", - "metadata": { - "event_code": "kms_cmk_are_used", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "KMS CMK 8775e1db-1bd3-430a-859e-3f4c2add845f is not being used but it has scheduled deletion.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "CCC": [ - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP01" - ], - "ISO27001-2022": [ - "A.8.5", - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.1", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Check if there are CMK KMS keys not used.", - "title": "Check if there are CMK KMS keys not used.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-kms_cmk_are_used-211203495394-eu-west-1-8775e1db-1bd3-430a-859e-3f4c2add845f" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "8775e1db-1bd3-430a-859e-3f4c2add845f", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/8775e1db-1bd3-430a-859e-3f4c2add845f", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Id": "key-default-1", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [] - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "8775e1db-1bd3-430a-859e-3f4c2add845f", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/8775e1db-1bd3-430a-859e-3f4c2add845f" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Before deleting a customer master key (CMK), you might want to know how many cipher-texts were encrypted under that key.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-determining-usage.html" - ] - }, - "risk_details": "Unused keys may increase service cost.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 99ad2e00-15a1-4135-b8fb-dd5accf3652f is not being used but it has scheduled deletion.", - "metadata": { - "event_code": "kms_cmk_are_used", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "KMS CMK 99ad2e00-15a1-4135-b8fb-dd5accf3652f is not being used but it has scheduled deletion.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "CCC": [ - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP01" - ], - "ISO27001-2022": [ - "A.8.5", - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.1", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Check if there are CMK KMS keys not used.", - "title": "Check if there are CMK KMS keys not used.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-kms_cmk_are_used-211203495394-eu-west-1-99ad2e00-15a1-4135-b8fb-dd5accf3652f" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "99ad2e00-15a1-4135-b8fb-dd5accf3652f", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/99ad2e00-15a1-4135-b8fb-dd5accf3652f", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Id": "key-default-1", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [] - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "99ad2e00-15a1-4135-b8fb-dd5accf3652f", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/99ad2e00-15a1-4135-b8fb-dd5accf3652f" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Before deleting a customer master key (CMK), you might want to know how many cipher-texts were encrypted under that key.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-determining-usage.html" - ] - }, - "risk_details": "Unused keys may increase service cost.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 9df09165-d3c4-46c5-954f-a66bcb65f64f is not being used but it has scheduled deletion.", - "metadata": { - "event_code": "kms_cmk_are_used", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "KMS CMK 9df09165-d3c4-46c5-954f-a66bcb65f64f is not being used but it has scheduled deletion.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "CCC": [ - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP01" - ], - "ISO27001-2022": [ - "A.8.5", - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.1", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Check if there are CMK KMS keys not used.", - "title": "Check if there are CMK KMS keys not used.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-kms_cmk_are_used-211203495394-eu-west-1-9df09165-d3c4-46c5-954f-a66bcb65f64f" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "9df09165-d3c4-46c5-954f-a66bcb65f64f", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/9df09165-d3c4-46c5-954f-a66bcb65f64f", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Id": "key-default-1", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [] - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "9df09165-d3c4-46c5-954f-a66bcb65f64f", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/9df09165-d3c4-46c5-954f-a66bcb65f64f" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Before deleting a customer master key (CMK), you might want to know how many cipher-texts were encrypted under that key.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-determining-usage.html" - ] - }, - "risk_details": "Unused keys may increase service cost.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK b6fe9898-8d78-4d6f-aeeb-2f2083ab7552 is not being used but it has scheduled deletion.", - "metadata": { - "event_code": "kms_cmk_are_used", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "KMS CMK b6fe9898-8d78-4d6f-aeeb-2f2083ab7552 is not being used but it has scheduled deletion.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "CCC": [ - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP01" - ], - "ISO27001-2022": [ - "A.8.5", - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.1", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Check if there are CMK KMS keys not used.", - "title": "Check if there are CMK KMS keys not used.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-kms_cmk_are_used-211203495394-eu-west-1-b6fe9898-8d78-4d6f-aeeb-2f2083ab7552" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "b6fe9898-8d78-4d6f-aeeb-2f2083ab7552", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/b6fe9898-8d78-4d6f-aeeb-2f2083ab7552", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Id": "key-default-1", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [] - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "b6fe9898-8d78-4d6f-aeeb-2f2083ab7552", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/b6fe9898-8d78-4d6f-aeeb-2f2083ab7552" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Before deleting a customer master key (CMK), you might want to know how many cipher-texts were encrypted under that key.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-determining-usage.html" - ] - }, - "risk_details": "Unused keys may increase service cost.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK c28e1f44-d1bb-40d8-beef-21efdcb66bb7 is not being used but it has scheduled deletion.", - "metadata": { - "event_code": "kms_cmk_are_used", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "KMS CMK c28e1f44-d1bb-40d8-beef-21efdcb66bb7 is not being used but it has scheduled deletion.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "CCC": [ - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP01" - ], - "ISO27001-2022": [ - "A.8.5", - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.1", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Check if there are CMK KMS keys not used.", - "title": "Check if there are CMK KMS keys not used.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-kms_cmk_are_used-211203495394-eu-west-1-c28e1f44-d1bb-40d8-beef-21efdcb66bb7" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "c28e1f44-d1bb-40d8-beef-21efdcb66bb7", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/c28e1f44-d1bb-40d8-beef-21efdcb66bb7", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "Default", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [ - { - "TagKey": "Example", - "TagValue": "ex-rds" - }, - { - "TagKey": "GithubOrg", - "TagValue": "terraform-aws-modules" - }, - { - "TagKey": "GithubRepo", - "TagValue": "terraform-aws-rds-aurora" - } - ] - } - }, - "group": { - "name": "kms" - }, - "labels": [ - "TagKey:GithubRepo", - "TagValue:terraform-aws-rds-aurora" - ], - "name": "c28e1f44-d1bb-40d8-beef-21efdcb66bb7", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/c28e1f44-d1bb-40d8-beef-21efdcb66bb7" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Before deleting a customer master key (CMK), you might want to know how many cipher-texts were encrypted under that key.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-determining-usage.html" - ] - }, - "risk_details": "Unused keys may increase service cost.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK c45a036b-843a-48be-9621-57e49da9e4f6 is not being used but it has scheduled deletion.", - "metadata": { - "event_code": "kms_cmk_are_used", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "KMS CMK c45a036b-843a-48be-9621-57e49da9e4f6 is not being used but it has scheduled deletion.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "CCC": [ - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP01" - ], - "ISO27001-2022": [ - "A.8.5", - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.1", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Check if there are CMK KMS keys not used.", - "title": "Check if there are CMK KMS keys not used.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-kms_cmk_are_used-211203495394-eu-west-1-c45a036b-843a-48be-9621-57e49da9e4f6" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "c45a036b-843a-48be-9621-57e49da9e4f6", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/c45a036b-843a-48be-9621-57e49da9e4f6", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "Default", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [ - { - "TagKey": "Example", - "TagValue": "ex-rds" - }, - { - "TagKey": "GithubOrg", - "TagValue": "terraform-aws-modules" - }, - { - "TagKey": "GithubRepo", - "TagValue": "terraform-aws-rds-aurora" - } - ] - } - }, - "group": { - "name": "kms" - }, - "labels": [ - "TagKey:GithubRepo", - "TagValue:terraform-aws-rds-aurora" - ], - "name": "c45a036b-843a-48be-9621-57e49da9e4f6", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/c45a036b-843a-48be-9621-57e49da9e4f6" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Before deleting a customer master key (CMK), you might want to know how many cipher-texts were encrypted under that key.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-determining-usage.html" - ] - }, - "risk_details": "Unused keys may increase service cost.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK cdbd7090-6c87-4e56-b755-fddf82d253ef is not being used but it has scheduled deletion.", - "metadata": { - "event_code": "kms_cmk_are_used", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "KMS CMK cdbd7090-6c87-4e56-b755-fddf82d253ef is not being used but it has scheduled deletion.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "CCC": [ - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP01" - ], - "ISO27001-2022": [ - "A.8.5", - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.1", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Check if there are CMK KMS keys not used.", - "title": "Check if there are CMK KMS keys not used.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-kms_cmk_are_used-211203495394-eu-west-1-cdbd7090-6c87-4e56-b755-fddf82d253ef" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "cdbd7090-6c87-4e56-b755-fddf82d253ef", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/cdbd7090-6c87-4e56-b755-fddf82d253ef", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Id": "key-default-1", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [] - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "cdbd7090-6c87-4e56-b755-fddf82d253ef", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/cdbd7090-6c87-4e56-b755-fddf82d253ef" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Before deleting a customer master key (CMK), you might want to know how many cipher-texts were encrypted under that key.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-determining-usage.html" - ] - }, - "risk_details": "Unused keys may increase service cost.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK cf944303-41d3-401c-b296-00cbbb3d5ca4 is not being used but it has scheduled deletion.", - "metadata": { - "event_code": "kms_cmk_are_used", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "KMS CMK cf944303-41d3-401c-b296-00cbbb3d5ca4 is not being used but it has scheduled deletion.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "CCC": [ - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP01" - ], - "ISO27001-2022": [ - "A.8.5", - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.1", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Check if there are CMK KMS keys not used.", - "title": "Check if there are CMK KMS keys not used.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-kms_cmk_are_used-211203495394-eu-west-1-cf944303-41d3-401c-b296-00cbbb3d5ca4" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "cf944303-41d3-401c-b296-00cbbb3d5ca4", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/cf944303-41d3-401c-b296-00cbbb3d5ca4", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Id": "key-default-1", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [] - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "cf944303-41d3-401c-b296-00cbbb3d5ca4", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/cf944303-41d3-401c-b296-00cbbb3d5ca4" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Before deleting a customer master key (CMK), you might want to know how many cipher-texts were encrypted under that key.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-determining-usage.html" - ] - }, - "risk_details": "Unused keys may increase service cost.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK db617ef7-813a-45f5-b3e3-65c57fdf56a3 is being used.", - "metadata": { - "event_code": "kms_cmk_are_used", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "KMS CMK db617ef7-813a-45f5-b3e3-65c57fdf56a3 is being used.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "CCC": [ - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP01" - ], - "ISO27001-2022": [ - "A.8.5", - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.1", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Check if there are CMK KMS keys not used.", - "title": "Check if there are CMK KMS keys not used.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-kms_cmk_are_used-211203495394-eu-west-1-db617ef7-813a-45f5-b3e3-65c57fdf56a3" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "db617ef7-813a-45f5-b3e3-65c57fdf56a3", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/db617ef7-813a-45f5-b3e3-65c57fdf56a3", - "state": "Enabled", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": true, - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "Default", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [ - { - "TagKey": "Example", - "TagValue": "ex-rds" - }, - { - "TagKey": "GithubOrg", - "TagValue": "terraform-aws-modules" - }, - { - "TagKey": "GithubRepo", - "TagValue": "terraform-aws-rds-aurora" - } - ] - } - }, - "group": { - "name": "kms" - }, - "labels": [ - "TagKey:GithubRepo", - "TagValue:terraform-aws-rds-aurora" - ], - "name": "db617ef7-813a-45f5-b3e3-65c57fdf56a3", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/db617ef7-813a-45f5-b3e3-65c57fdf56a3" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Before deleting a customer master key (CMK), you might want to know how many cipher-texts were encrypted under that key.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-determining-usage.html" - ] - }, - "risk_details": "Unused keys may increase service cost.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 939cf539-5ce7-4c5f-a055-b2eb4fe5d9be is not being used but it has scheduled deletion.", - "metadata": { - "event_code": "kms_cmk_are_used", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "KMS CMK 939cf539-5ce7-4c5f-a055-b2eb4fe5d9be is not being used but it has scheduled deletion.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "CCC": [ - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP01" - ], - "ISO27001-2022": [ - "A.8.5", - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.1", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Check if there are CMK KMS keys not used.", - "title": "Check if there are CMK KMS keys not used.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-kms_cmk_are_used-211203495394-us-east-1-939cf539-5ce7-4c5f-a055-b2eb4fe5d9be" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "id": "939cf539-5ce7-4c5f-a055-b2eb4fe5d9be", - "arn": "arn:aws:kms:us-east-1:211203495394:key/939cf539-5ce7-4c5f-a055-b2eb4fe5d9be", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - }, - { - "Sid": "Allow CloudWatch Logs", - "Effect": "Allow", - "Principal": { - "Service": "logs.us-east-1.amazonaws.com" - }, - "Action": [ - "kms:Encrypt*", - "kms:Decrypt*", - "kms:ReEncrypt*", - "kms:GenerateDataKey*", - "kms:Describe*" - ], - "Resource": "*", - "Condition": { - "ArnLike": { - "kms:EncryptionContext:aws:logs:arn": "arn:aws:logs:us-east-1:211203495394:log-group:/aws/s3/*" - } - } - }, - { - "Sid": "Allow Key Users", - "Effect": "Allow", - "Principal": { - "AWS": [ - "arn:aws:iam::211203495394:user/terraform-user", - "arn:aws:iam::211203495394:root" - ] - }, - "Action": [ - "kms:Encrypt", - "kms:Decrypt", - "kms:ReEncrypt*", - "kms:GenerateDataKey*", - "kms:DescribeKey" - ], - "Resource": "*", - "Condition": { - "ArnLike": { - "kms:EncryptionContext:aws:logs:arn": "arn:aws:logs:us-east-1:211203495394:log-group:/aws/s3/*" - } - } - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "us-east-1", - "multi_region": false, - "tags": [ - { - "TagKey": "Environment", - "TagValue": "Production" - }, - { - "TagKey": "Owner", - "TagValue": "CFI" - }, - { - "TagKey": "managed-by", - "TagValue": "terraform" - }, - { - "TagKey": "module", - "TagValue": "secure-s3" - } - ] - } - }, - "group": { - "name": "kms" - }, - "labels": [ - "TagKey:module", - "TagValue:secure-s3" - ], - "name": "939cf539-5ce7-4c5f-a055-b2eb4fe5d9be", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:us-east-1:211203495394:key/939cf539-5ce7-4c5f-a055-b2eb4fe5d9be" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Before deleting a customer master key (CMK), you might want to know how many cipher-texts were encrypted under that key.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-determining-usage.html" - ] - }, - "risk_details": "Unused keys may increase service cost.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK a80c0553-bf44-472b-a141-674b2d47209b is not being used but it has scheduled deletion.", - "metadata": { - "event_code": "kms_cmk_are_used", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "KMS CMK a80c0553-bf44-472b-a141-674b2d47209b is not being used but it has scheduled deletion.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "CCC": [ - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP01" - ], - "ISO27001-2022": [ - "A.8.5", - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.1", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Check if there are CMK KMS keys not used.", - "title": "Check if there are CMK KMS keys not used.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-kms_cmk_are_used-211203495394-us-east-1-a80c0553-bf44-472b-a141-674b2d47209b" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "id": "a80c0553-bf44-472b-a141-674b2d47209b", - "arn": "arn:aws:kms:us-east-1:211203495394:key/a80c0553-bf44-472b-a141-674b2d47209b", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - }, - { - "Sid": "Allow CloudWatch Logs", - "Effect": "Allow", - "Principal": { - "Service": "logs.us-east-1.amazonaws.com" - }, - "Action": [ - "kms:Encrypt*", - "kms:Decrypt*", - "kms:ReEncrypt*", - "kms:GenerateDataKey*", - "kms:Describe*" - ], - "Resource": "*", - "Condition": { - "ArnLike": { - "kms:EncryptionContext:aws:logs:arn": "arn:aws:logs:us-east-1:211203495394:log-group:/aws/s3/*" - } - } - }, - { - "Sid": "Allow Key Users", - "Effect": "Allow", - "Principal": { - "AWS": [ - "arn:aws:iam::211203495394:user/terraform-user", - "arn:aws:iam::211203495394:root" - ] - }, - "Action": [ - "kms:Encrypt", - "kms:Decrypt", - "kms:ReEncrypt*", - "kms:GenerateDataKey*", - "kms:DescribeKey" - ], - "Resource": "*", - "Condition": { - "ArnLike": { - "kms:EncryptionContext:aws:logs:arn": "arn:aws:logs:us-east-1:211203495394:log-group:/aws/s3/*" - } - } - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "us-east-1", - "multi_region": false, - "tags": [ - { - "TagKey": "Environment", - "TagValue": "Production" - }, - { - "TagKey": "Owner", - "TagValue": "CFI" - }, - { - "TagKey": "managed-by", - "TagValue": "terraform" - }, - { - "TagKey": "module", - "TagValue": "secure-s3" - } - ] - } - }, - "group": { - "name": "kms" - }, - "labels": [ - "TagKey:module", - "TagValue:secure-s3" - ], - "name": "a80c0553-bf44-472b-a141-674b2d47209b", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:us-east-1:211203495394:key/a80c0553-bf44-472b-a141-674b2d47209b" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Before deleting a customer master key (CMK), you might want to know how many cipher-texts were encrypted under that key.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-determining-usage.html" - ] - }, - "risk_details": "Unused keys may increase service cost.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK bcf39cd2-6148-425c-8c08-c140ee2c5a9f is not being used but it has scheduled deletion.", - "metadata": { - "event_code": "kms_cmk_are_used", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "KMS CMK bcf39cd2-6148-425c-8c08-c140ee2c5a9f is not being used but it has scheduled deletion.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "CCC": [ - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP01" - ], - "ISO27001-2022": [ - "A.8.5", - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.1", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Check if there are CMK KMS keys not used.", - "title": "Check if there are CMK KMS keys not used.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-kms_cmk_are_used-211203495394-us-east-1-bcf39cd2-6148-425c-8c08-c140ee2c5a9f" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "id": "bcf39cd2-6148-425c-8c08-c140ee2c5a9f", - "arn": "arn:aws:kms:us-east-1:211203495394:key/bcf39cd2-6148-425c-8c08-c140ee2c5a9f", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - }, - { - "Sid": "Allow CloudWatch Logs", - "Effect": "Allow", - "Principal": { - "Service": "logs.us-east-1.amazonaws.com" - }, - "Action": [ - "kms:Encrypt*", - "kms:Decrypt*", - "kms:ReEncrypt*", - "kms:GenerateDataKey*", - "kms:Describe*" - ], - "Resource": "*", - "Condition": { - "ArnLike": { - "kms:EncryptionContext:aws:logs:arn": "arn:aws:logs:us-east-1:211203495394:log-group:/aws/s3/*" - } - } - }, - { - "Sid": "Allow Key Users", - "Effect": "Allow", - "Principal": { - "AWS": [ - "arn:aws:iam::211203495394:user/terraform-user", - "arn:aws:iam::211203495394:root" - ] - }, - "Action": [ - "kms:Encrypt", - "kms:Decrypt", - "kms:ReEncrypt*", - "kms:GenerateDataKey*", - "kms:DescribeKey" - ], - "Resource": "*", - "Condition": { - "ArnLike": { - "kms:EncryptionContext:aws:logs:arn": "arn:aws:logs:us-east-1:211203495394:log-group:/aws/s3/*" - } - } - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "us-east-1", - "multi_region": false, - "tags": [ - { - "TagKey": "Environment", - "TagValue": "Production" - }, - { - "TagKey": "Owner", - "TagValue": "CFI" - }, - { - "TagKey": "managed-by", - "TagValue": "terraform" - }, - { - "TagKey": "module", - "TagValue": "secure-s3" - } - ] - } - }, - "group": { - "name": "kms" - }, - "labels": [ - "TagKey:module", - "TagValue:secure-s3" - ], - "name": "bcf39cd2-6148-425c-8c08-c140ee2c5a9f", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:us-east-1:211203495394:key/bcf39cd2-6148-425c-8c08-c140ee2c5a9f" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Before deleting a customer master key (CMK), you might want to know how many cipher-texts were encrypted under that key.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-determining-usage.html" - ] - }, - "risk_details": "Unused keys may increase service cost.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 1b7c736d-854c-475a-a8a5-df95b3d7a4df is scheduled for deletion, revert it if it was unintentionally.", - "metadata": { - "event_code": "kms_cmk_not_deleted_unintentionally", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "FAIL", - "status_detail": "KMS CMK 1b7c736d-854c-475a-a8a5-df95b3d7a4df is scheduled for deletion, revert it if it was unintentionally.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "AM-07.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-16.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.9.2", - "2.10.1" - ], - "PCI-4.0": [ - "3.5.1.1.9", - "3.5.1.3.17", - "3.6.1.2.9", - "3.6.1.3.9", - "3.6.1.4.9", - "3.6.1.9", - "3.7.1.10", - "3.7.2.9", - "3.7.4.10", - "3.7.6.9", - "3.7.7.9", - "4.2.1.1.22" - ], - "CCC": [ - "CCC.KeyMgmt.CN01.AR01", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR02", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.ObjStor.CN05.AR04", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Foundational-Security-Best-Practices": [ - "KMS.3" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.9.2", - "2.10.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure there is no customer keys scheduled for deletion.", - "title": "AWS KMS keys should not be deleted unintentionally", - "types": [ - "Data Deletion Protection" - ], - "uid": "prowler-aws-kms_cmk_not_deleted_unintentionally-211203495394-eu-west-1-1b7c736d-854c-475a-a8a5-df95b3d7a4df" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "1b7c736d-854c-475a-a8a5-df95b3d7a4df", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/1b7c736d-854c-475a-a8a5-df95b3d7a4df", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Id": "key-default-1", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [] - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "1b7c736d-854c-475a-a8a5-df95b3d7a4df", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/1b7c736d-854c-475a-a8a5-df95b3d7a4df" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Cancel the deletion before the end of the period unless you really want to delete that CMK, as it will no longer be usable.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html#deleting-keys-scheduling-key-deletion-console" - ] - }, - "risk_details": "KMS keys cannot be recovered once deleted, also, all the data under a KMS key is also permanently unrecoverable if the KMS key is deleted.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 1f7c04ae-50f9-4bd6-b725-433368271fbd is scheduled for deletion, revert it if it was unintentionally.", - "metadata": { - "event_code": "kms_cmk_not_deleted_unintentionally", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "FAIL", - "status_detail": "KMS CMK 1f7c04ae-50f9-4bd6-b725-433368271fbd is scheduled for deletion, revert it if it was unintentionally.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "AM-07.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-16.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.9.2", - "2.10.1" - ], - "PCI-4.0": [ - "3.5.1.1.9", - "3.5.1.3.17", - "3.6.1.2.9", - "3.6.1.3.9", - "3.6.1.4.9", - "3.6.1.9", - "3.7.1.10", - "3.7.2.9", - "3.7.4.10", - "3.7.6.9", - "3.7.7.9", - "4.2.1.1.22" - ], - "CCC": [ - "CCC.KeyMgmt.CN01.AR01", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR02", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.ObjStor.CN05.AR04", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Foundational-Security-Best-Practices": [ - "KMS.3" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.9.2", - "2.10.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure there is no customer keys scheduled for deletion.", - "title": "AWS KMS keys should not be deleted unintentionally", - "types": [ - "Data Deletion Protection" - ], - "uid": "prowler-aws-kms_cmk_not_deleted_unintentionally-211203495394-eu-west-1-1f7c04ae-50f9-4bd6-b725-433368271fbd" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "1f7c04ae-50f9-4bd6-b725-433368271fbd", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/1f7c04ae-50f9-4bd6-b725-433368271fbd", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Id": "key-default-1", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [] - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "1f7c04ae-50f9-4bd6-b725-433368271fbd", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/1f7c04ae-50f9-4bd6-b725-433368271fbd" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Cancel the deletion before the end of the period unless you really want to delete that CMK, as it will no longer be usable.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html#deleting-keys-scheduling-key-deletion-console" - ] - }, - "risk_details": "KMS keys cannot be recovered once deleted, also, all the data under a KMS key is also permanently unrecoverable if the KMS key is deleted.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 29586687-b1be-4c1b-a758-1f2878050364 is scheduled for deletion, revert it if it was unintentionally.", - "metadata": { - "event_code": "kms_cmk_not_deleted_unintentionally", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "FAIL", - "status_detail": "KMS CMK 29586687-b1be-4c1b-a758-1f2878050364 is scheduled for deletion, revert it if it was unintentionally.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "AM-07.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-16.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.9.2", - "2.10.1" - ], - "PCI-4.0": [ - "3.5.1.1.9", - "3.5.1.3.17", - "3.6.1.2.9", - "3.6.1.3.9", - "3.6.1.4.9", - "3.6.1.9", - "3.7.1.10", - "3.7.2.9", - "3.7.4.10", - "3.7.6.9", - "3.7.7.9", - "4.2.1.1.22" - ], - "CCC": [ - "CCC.KeyMgmt.CN01.AR01", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR02", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.ObjStor.CN05.AR04", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Foundational-Security-Best-Practices": [ - "KMS.3" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.9.2", - "2.10.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure there is no customer keys scheduled for deletion.", - "title": "AWS KMS keys should not be deleted unintentionally", - "types": [ - "Data Deletion Protection" - ], - "uid": "prowler-aws-kms_cmk_not_deleted_unintentionally-211203495394-eu-west-1-29586687-b1be-4c1b-a758-1f2878050364" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "29586687-b1be-4c1b-a758-1f2878050364", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/29586687-b1be-4c1b-a758-1f2878050364", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "Default", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [ - { - "TagKey": "Example", - "TagValue": "ex-rds" - }, - { - "TagKey": "GithubOrg", - "TagValue": "terraform-aws-modules" - }, - { - "TagKey": "GithubRepo", - "TagValue": "terraform-aws-rds-aurora" - } - ] - } - }, - "group": { - "name": "kms" - }, - "labels": [ - "TagKey:GithubRepo", - "TagValue:terraform-aws-rds-aurora" - ], - "name": "29586687-b1be-4c1b-a758-1f2878050364", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/29586687-b1be-4c1b-a758-1f2878050364" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Cancel the deletion before the end of the period unless you really want to delete that CMK, as it will no longer be usable.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html#deleting-keys-scheduling-key-deletion-console" - ] - }, - "risk_details": "KMS keys cannot be recovered once deleted, also, all the data under a KMS key is also permanently unrecoverable if the KMS key is deleted.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 34307c6a-e2e3-4f56-8543-fa92dd73df4f is not scheduled for deletion.", - "metadata": { - "event_code": "kms_cmk_not_deleted_unintentionally", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "PASS", - "status_detail": "KMS CMK 34307c6a-e2e3-4f56-8543-fa92dd73df4f is not scheduled for deletion.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "AM-07.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-16.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.9.2", - "2.10.1" - ], - "PCI-4.0": [ - "3.5.1.1.9", - "3.5.1.3.17", - "3.6.1.2.9", - "3.6.1.3.9", - "3.6.1.4.9", - "3.6.1.9", - "3.7.1.10", - "3.7.2.9", - "3.7.4.10", - "3.7.6.9", - "3.7.7.9", - "4.2.1.1.22" - ], - "CCC": [ - "CCC.KeyMgmt.CN01.AR01", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR02", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.ObjStor.CN05.AR04", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Foundational-Security-Best-Practices": [ - "KMS.3" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.9.2", - "2.10.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure there is no customer keys scheduled for deletion.", - "title": "AWS KMS keys should not be deleted unintentionally", - "types": [ - "Data Deletion Protection" - ], - "uid": "prowler-aws-kms_cmk_not_deleted_unintentionally-211203495394-eu-west-1-34307c6a-e2e3-4f56-8543-fa92dd73df4f" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "34307c6a-e2e3-4f56-8543-fa92dd73df4f", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/34307c6a-e2e3-4f56-8543-fa92dd73df4f", - "state": "Enabled", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Id": "key-default-1", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [] - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "34307c6a-e2e3-4f56-8543-fa92dd73df4f", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/34307c6a-e2e3-4f56-8543-fa92dd73df4f" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Cancel the deletion before the end of the period unless you really want to delete that CMK, as it will no longer be usable.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html#deleting-keys-scheduling-key-deletion-console" - ] - }, - "risk_details": "KMS keys cannot be recovered once deleted, also, all the data under a KMS key is also permanently unrecoverable if the KMS key is deleted.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 3c96a820-bc6c-4059-9a8e-3a283bf8c4f5 is scheduled for deletion, revert it if it was unintentionally.", - "metadata": { - "event_code": "kms_cmk_not_deleted_unintentionally", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "FAIL", - "status_detail": "KMS CMK 3c96a820-bc6c-4059-9a8e-3a283bf8c4f5 is scheduled for deletion, revert it if it was unintentionally.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "AM-07.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-16.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.9.2", - "2.10.1" - ], - "PCI-4.0": [ - "3.5.1.1.9", - "3.5.1.3.17", - "3.6.1.2.9", - "3.6.1.3.9", - "3.6.1.4.9", - "3.6.1.9", - "3.7.1.10", - "3.7.2.9", - "3.7.4.10", - "3.7.6.9", - "3.7.7.9", - "4.2.1.1.22" - ], - "CCC": [ - "CCC.KeyMgmt.CN01.AR01", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR02", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.ObjStor.CN05.AR04", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Foundational-Security-Best-Practices": [ - "KMS.3" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.9.2", - "2.10.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure there is no customer keys scheduled for deletion.", - "title": "AWS KMS keys should not be deleted unintentionally", - "types": [ - "Data Deletion Protection" - ], - "uid": "prowler-aws-kms_cmk_not_deleted_unintentionally-211203495394-eu-west-1-3c96a820-bc6c-4059-9a8e-3a283bf8c4f5" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "3c96a820-bc6c-4059-9a8e-3a283bf8c4f5", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/3c96a820-bc6c-4059-9a8e-3a283bf8c4f5", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Id": "key-default-1", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [] - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "3c96a820-bc6c-4059-9a8e-3a283bf8c4f5", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/3c96a820-bc6c-4059-9a8e-3a283bf8c4f5" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Cancel the deletion before the end of the period unless you really want to delete that CMK, as it will no longer be usable.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html#deleting-keys-scheduling-key-deletion-console" - ] - }, - "risk_details": "KMS keys cannot be recovered once deleted, also, all the data under a KMS key is also permanently unrecoverable if the KMS key is deleted.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 4cac849c-0540-454c-9d3c-cd040cfab4a9 is scheduled for deletion, revert it if it was unintentionally.", - "metadata": { - "event_code": "kms_cmk_not_deleted_unintentionally", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "FAIL", - "status_detail": "KMS CMK 4cac849c-0540-454c-9d3c-cd040cfab4a9 is scheduled for deletion, revert it if it was unintentionally.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "AM-07.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-16.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.9.2", - "2.10.1" - ], - "PCI-4.0": [ - "3.5.1.1.9", - "3.5.1.3.17", - "3.6.1.2.9", - "3.6.1.3.9", - "3.6.1.4.9", - "3.6.1.9", - "3.7.1.10", - "3.7.2.9", - "3.7.4.10", - "3.7.6.9", - "3.7.7.9", - "4.2.1.1.22" - ], - "CCC": [ - "CCC.KeyMgmt.CN01.AR01", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR02", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.ObjStor.CN05.AR04", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Foundational-Security-Best-Practices": [ - "KMS.3" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.9.2", - "2.10.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure there is no customer keys scheduled for deletion.", - "title": "AWS KMS keys should not be deleted unintentionally", - "types": [ - "Data Deletion Protection" - ], - "uid": "prowler-aws-kms_cmk_not_deleted_unintentionally-211203495394-eu-west-1-4cac849c-0540-454c-9d3c-cd040cfab4a9" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "4cac849c-0540-454c-9d3c-cd040cfab4a9", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/4cac849c-0540-454c-9d3c-cd040cfab4a9", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Id": "key-default-1", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [] - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "4cac849c-0540-454c-9d3c-cd040cfab4a9", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/4cac849c-0540-454c-9d3c-cd040cfab4a9" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Cancel the deletion before the end of the period unless you really want to delete that CMK, as it will no longer be usable.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html#deleting-keys-scheduling-key-deletion-console" - ] - }, - "risk_details": "KMS keys cannot be recovered once deleted, also, all the data under a KMS key is also permanently unrecoverable if the KMS key is deleted.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 51726887-02ae-44f3-a044-7e70d96761f9 is scheduled for deletion, revert it if it was unintentionally.", - "metadata": { - "event_code": "kms_cmk_not_deleted_unintentionally", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "FAIL", - "status_detail": "KMS CMK 51726887-02ae-44f3-a044-7e70d96761f9 is scheduled for deletion, revert it if it was unintentionally.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "AM-07.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-16.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.9.2", - "2.10.1" - ], - "PCI-4.0": [ - "3.5.1.1.9", - "3.5.1.3.17", - "3.6.1.2.9", - "3.6.1.3.9", - "3.6.1.4.9", - "3.6.1.9", - "3.7.1.10", - "3.7.2.9", - "3.7.4.10", - "3.7.6.9", - "3.7.7.9", - "4.2.1.1.22" - ], - "CCC": [ - "CCC.KeyMgmt.CN01.AR01", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR02", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.ObjStor.CN05.AR04", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Foundational-Security-Best-Practices": [ - "KMS.3" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.9.2", - "2.10.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure there is no customer keys scheduled for deletion.", - "title": "AWS KMS keys should not be deleted unintentionally", - "types": [ - "Data Deletion Protection" - ], - "uid": "prowler-aws-kms_cmk_not_deleted_unintentionally-211203495394-eu-west-1-51726887-02ae-44f3-a044-7e70d96761f9" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "51726887-02ae-44f3-a044-7e70d96761f9", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/51726887-02ae-44f3-a044-7e70d96761f9", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "Default", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [ - { - "TagKey": "Example", - "TagValue": "ex-rds" - }, - { - "TagKey": "GithubOrg", - "TagValue": "terraform-aws-modules" - }, - { - "TagKey": "GithubRepo", - "TagValue": "terraform-aws-rds-aurora" - } - ] - } - }, - "group": { - "name": "kms" - }, - "labels": [ - "TagKey:GithubRepo", - "TagValue:terraform-aws-rds-aurora" - ], - "name": "51726887-02ae-44f3-a044-7e70d96761f9", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/51726887-02ae-44f3-a044-7e70d96761f9" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Cancel the deletion before the end of the period unless you really want to delete that CMK, as it will no longer be usable.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html#deleting-keys-scheduling-key-deletion-console" - ] - }, - "risk_details": "KMS keys cannot be recovered once deleted, also, all the data under a KMS key is also permanently unrecoverable if the KMS key is deleted.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 6ce7a755-4867-4c6a-966c-896a1edcc078 is scheduled for deletion, revert it if it was unintentionally.", - "metadata": { - "event_code": "kms_cmk_not_deleted_unintentionally", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "FAIL", - "status_detail": "KMS CMK 6ce7a755-4867-4c6a-966c-896a1edcc078 is scheduled for deletion, revert it if it was unintentionally.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "AM-07.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-16.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.9.2", - "2.10.1" - ], - "PCI-4.0": [ - "3.5.1.1.9", - "3.5.1.3.17", - "3.6.1.2.9", - "3.6.1.3.9", - "3.6.1.4.9", - "3.6.1.9", - "3.7.1.10", - "3.7.2.9", - "3.7.4.10", - "3.7.6.9", - "3.7.7.9", - "4.2.1.1.22" - ], - "CCC": [ - "CCC.KeyMgmt.CN01.AR01", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR02", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.ObjStor.CN05.AR04", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Foundational-Security-Best-Practices": [ - "KMS.3" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.9.2", - "2.10.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure there is no customer keys scheduled for deletion.", - "title": "AWS KMS keys should not be deleted unintentionally", - "types": [ - "Data Deletion Protection" - ], - "uid": "prowler-aws-kms_cmk_not_deleted_unintentionally-211203495394-eu-west-1-6ce7a755-4867-4c6a-966c-896a1edcc078" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "6ce7a755-4867-4c6a-966c-896a1edcc078", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/6ce7a755-4867-4c6a-966c-896a1edcc078", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Id": "key-default-1", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [] - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "6ce7a755-4867-4c6a-966c-896a1edcc078", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/6ce7a755-4867-4c6a-966c-896a1edcc078" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Cancel the deletion before the end of the period unless you really want to delete that CMK, as it will no longer be usable.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html#deleting-keys-scheduling-key-deletion-console" - ] - }, - "risk_details": "KMS keys cannot be recovered once deleted, also, all the data under a KMS key is also permanently unrecoverable if the KMS key is deleted.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 737fb7a4-e9f8-4ab4-87a8-aac87372f1c4 is scheduled for deletion, revert it if it was unintentionally.", - "metadata": { - "event_code": "kms_cmk_not_deleted_unintentionally", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "FAIL", - "status_detail": "KMS CMK 737fb7a4-e9f8-4ab4-87a8-aac87372f1c4 is scheduled for deletion, revert it if it was unintentionally.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "AM-07.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-16.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.9.2", - "2.10.1" - ], - "PCI-4.0": [ - "3.5.1.1.9", - "3.5.1.3.17", - "3.6.1.2.9", - "3.6.1.3.9", - "3.6.1.4.9", - "3.6.1.9", - "3.7.1.10", - "3.7.2.9", - "3.7.4.10", - "3.7.6.9", - "3.7.7.9", - "4.2.1.1.22" - ], - "CCC": [ - "CCC.KeyMgmt.CN01.AR01", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR02", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.ObjStor.CN05.AR04", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Foundational-Security-Best-Practices": [ - "KMS.3" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.9.2", - "2.10.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure there is no customer keys scheduled for deletion.", - "title": "AWS KMS keys should not be deleted unintentionally", - "types": [ - "Data Deletion Protection" - ], - "uid": "prowler-aws-kms_cmk_not_deleted_unintentionally-211203495394-eu-west-1-737fb7a4-e9f8-4ab4-87a8-aac87372f1c4" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "737fb7a4-e9f8-4ab4-87a8-aac87372f1c4", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/737fb7a4-e9f8-4ab4-87a8-aac87372f1c4", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Id": "key-default-1", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [] - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "737fb7a4-e9f8-4ab4-87a8-aac87372f1c4", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/737fb7a4-e9f8-4ab4-87a8-aac87372f1c4" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Cancel the deletion before the end of the period unless you really want to delete that CMK, as it will no longer be usable.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html#deleting-keys-scheduling-key-deletion-console" - ] - }, - "risk_details": "KMS keys cannot be recovered once deleted, also, all the data under a KMS key is also permanently unrecoverable if the KMS key is deleted.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 7becded9-6105-409d-9ddc-1ec9ad37781a is scheduled for deletion, revert it if it was unintentionally.", - "metadata": { - "event_code": "kms_cmk_not_deleted_unintentionally", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "FAIL", - "status_detail": "KMS CMK 7becded9-6105-409d-9ddc-1ec9ad37781a is scheduled for deletion, revert it if it was unintentionally.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "AM-07.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-16.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.9.2", - "2.10.1" - ], - "PCI-4.0": [ - "3.5.1.1.9", - "3.5.1.3.17", - "3.6.1.2.9", - "3.6.1.3.9", - "3.6.1.4.9", - "3.6.1.9", - "3.7.1.10", - "3.7.2.9", - "3.7.4.10", - "3.7.6.9", - "3.7.7.9", - "4.2.1.1.22" - ], - "CCC": [ - "CCC.KeyMgmt.CN01.AR01", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR02", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.ObjStor.CN05.AR04", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Foundational-Security-Best-Practices": [ - "KMS.3" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.9.2", - "2.10.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure there is no customer keys scheduled for deletion.", - "title": "AWS KMS keys should not be deleted unintentionally", - "types": [ - "Data Deletion Protection" - ], - "uid": "prowler-aws-kms_cmk_not_deleted_unintentionally-211203495394-eu-west-1-7becded9-6105-409d-9ddc-1ec9ad37781a" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "7becded9-6105-409d-9ddc-1ec9ad37781a", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/7becded9-6105-409d-9ddc-1ec9ad37781a", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "Default", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [ - { - "TagKey": "Example", - "TagValue": "ex-rds" - }, - { - "TagKey": "GithubOrg", - "TagValue": "terraform-aws-modules" - }, - { - "TagKey": "GithubRepo", - "TagValue": "terraform-aws-rds-aurora" - } - ] - } - }, - "group": { - "name": "kms" - }, - "labels": [ - "TagKey:GithubRepo", - "TagValue:terraform-aws-rds-aurora" - ], - "name": "7becded9-6105-409d-9ddc-1ec9ad37781a", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/7becded9-6105-409d-9ddc-1ec9ad37781a" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Cancel the deletion before the end of the period unless you really want to delete that CMK, as it will no longer be usable.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html#deleting-keys-scheduling-key-deletion-console" - ] - }, - "risk_details": "KMS keys cannot be recovered once deleted, also, all the data under a KMS key is also permanently unrecoverable if the KMS key is deleted.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 84910ea5-e87b-4175-a70d-317307443c9b is scheduled for deletion, revert it if it was unintentionally.", - "metadata": { - "event_code": "kms_cmk_not_deleted_unintentionally", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "FAIL", - "status_detail": "KMS CMK 84910ea5-e87b-4175-a70d-317307443c9b is scheduled for deletion, revert it if it was unintentionally.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "AM-07.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-16.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.9.2", - "2.10.1" - ], - "PCI-4.0": [ - "3.5.1.1.9", - "3.5.1.3.17", - "3.6.1.2.9", - "3.6.1.3.9", - "3.6.1.4.9", - "3.6.1.9", - "3.7.1.10", - "3.7.2.9", - "3.7.4.10", - "3.7.6.9", - "3.7.7.9", - "4.2.1.1.22" - ], - "CCC": [ - "CCC.KeyMgmt.CN01.AR01", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR02", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.ObjStor.CN05.AR04", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Foundational-Security-Best-Practices": [ - "KMS.3" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.9.2", - "2.10.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure there is no customer keys scheduled for deletion.", - "title": "AWS KMS keys should not be deleted unintentionally", - "types": [ - "Data Deletion Protection" - ], - "uid": "prowler-aws-kms_cmk_not_deleted_unintentionally-211203495394-eu-west-1-84910ea5-e87b-4175-a70d-317307443c9b" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "84910ea5-e87b-4175-a70d-317307443c9b", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/84910ea5-e87b-4175-a70d-317307443c9b", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Id": "key-default-1", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [] - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "84910ea5-e87b-4175-a70d-317307443c9b", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/84910ea5-e87b-4175-a70d-317307443c9b" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Cancel the deletion before the end of the period unless you really want to delete that CMK, as it will no longer be usable.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html#deleting-keys-scheduling-key-deletion-console" - ] - }, - "risk_details": "KMS keys cannot be recovered once deleted, also, all the data under a KMS key is also permanently unrecoverable if the KMS key is deleted.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 8775e1db-1bd3-430a-859e-3f4c2add845f is scheduled for deletion, revert it if it was unintentionally.", - "metadata": { - "event_code": "kms_cmk_not_deleted_unintentionally", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "FAIL", - "status_detail": "KMS CMK 8775e1db-1bd3-430a-859e-3f4c2add845f is scheduled for deletion, revert it if it was unintentionally.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "AM-07.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-16.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.9.2", - "2.10.1" - ], - "PCI-4.0": [ - "3.5.1.1.9", - "3.5.1.3.17", - "3.6.1.2.9", - "3.6.1.3.9", - "3.6.1.4.9", - "3.6.1.9", - "3.7.1.10", - "3.7.2.9", - "3.7.4.10", - "3.7.6.9", - "3.7.7.9", - "4.2.1.1.22" - ], - "CCC": [ - "CCC.KeyMgmt.CN01.AR01", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR02", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.ObjStor.CN05.AR04", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Foundational-Security-Best-Practices": [ - "KMS.3" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.9.2", - "2.10.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure there is no customer keys scheduled for deletion.", - "title": "AWS KMS keys should not be deleted unintentionally", - "types": [ - "Data Deletion Protection" - ], - "uid": "prowler-aws-kms_cmk_not_deleted_unintentionally-211203495394-eu-west-1-8775e1db-1bd3-430a-859e-3f4c2add845f" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "8775e1db-1bd3-430a-859e-3f4c2add845f", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/8775e1db-1bd3-430a-859e-3f4c2add845f", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Id": "key-default-1", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [] - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "8775e1db-1bd3-430a-859e-3f4c2add845f", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/8775e1db-1bd3-430a-859e-3f4c2add845f" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Cancel the deletion before the end of the period unless you really want to delete that CMK, as it will no longer be usable.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html#deleting-keys-scheduling-key-deletion-console" - ] - }, - "risk_details": "KMS keys cannot be recovered once deleted, also, all the data under a KMS key is also permanently unrecoverable if the KMS key is deleted.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 99ad2e00-15a1-4135-b8fb-dd5accf3652f is scheduled for deletion, revert it if it was unintentionally.", - "metadata": { - "event_code": "kms_cmk_not_deleted_unintentionally", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "FAIL", - "status_detail": "KMS CMK 99ad2e00-15a1-4135-b8fb-dd5accf3652f is scheduled for deletion, revert it if it was unintentionally.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "AM-07.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-16.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.9.2", - "2.10.1" - ], - "PCI-4.0": [ - "3.5.1.1.9", - "3.5.1.3.17", - "3.6.1.2.9", - "3.6.1.3.9", - "3.6.1.4.9", - "3.6.1.9", - "3.7.1.10", - "3.7.2.9", - "3.7.4.10", - "3.7.6.9", - "3.7.7.9", - "4.2.1.1.22" - ], - "CCC": [ - "CCC.KeyMgmt.CN01.AR01", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR02", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.ObjStor.CN05.AR04", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Foundational-Security-Best-Practices": [ - "KMS.3" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.9.2", - "2.10.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure there is no customer keys scheduled for deletion.", - "title": "AWS KMS keys should not be deleted unintentionally", - "types": [ - "Data Deletion Protection" - ], - "uid": "prowler-aws-kms_cmk_not_deleted_unintentionally-211203495394-eu-west-1-99ad2e00-15a1-4135-b8fb-dd5accf3652f" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "99ad2e00-15a1-4135-b8fb-dd5accf3652f", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/99ad2e00-15a1-4135-b8fb-dd5accf3652f", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Id": "key-default-1", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [] - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "99ad2e00-15a1-4135-b8fb-dd5accf3652f", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/99ad2e00-15a1-4135-b8fb-dd5accf3652f" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Cancel the deletion before the end of the period unless you really want to delete that CMK, as it will no longer be usable.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html#deleting-keys-scheduling-key-deletion-console" - ] - }, - "risk_details": "KMS keys cannot be recovered once deleted, also, all the data under a KMS key is also permanently unrecoverable if the KMS key is deleted.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 9df09165-d3c4-46c5-954f-a66bcb65f64f is scheduled for deletion, revert it if it was unintentionally.", - "metadata": { - "event_code": "kms_cmk_not_deleted_unintentionally", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "FAIL", - "status_detail": "KMS CMK 9df09165-d3c4-46c5-954f-a66bcb65f64f is scheduled for deletion, revert it if it was unintentionally.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "AM-07.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-16.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.9.2", - "2.10.1" - ], - "PCI-4.0": [ - "3.5.1.1.9", - "3.5.1.3.17", - "3.6.1.2.9", - "3.6.1.3.9", - "3.6.1.4.9", - "3.6.1.9", - "3.7.1.10", - "3.7.2.9", - "3.7.4.10", - "3.7.6.9", - "3.7.7.9", - "4.2.1.1.22" - ], - "CCC": [ - "CCC.KeyMgmt.CN01.AR01", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR02", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.ObjStor.CN05.AR04", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Foundational-Security-Best-Practices": [ - "KMS.3" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.9.2", - "2.10.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure there is no customer keys scheduled for deletion.", - "title": "AWS KMS keys should not be deleted unintentionally", - "types": [ - "Data Deletion Protection" - ], - "uid": "prowler-aws-kms_cmk_not_deleted_unintentionally-211203495394-eu-west-1-9df09165-d3c4-46c5-954f-a66bcb65f64f" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "9df09165-d3c4-46c5-954f-a66bcb65f64f", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/9df09165-d3c4-46c5-954f-a66bcb65f64f", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Id": "key-default-1", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [] - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "9df09165-d3c4-46c5-954f-a66bcb65f64f", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/9df09165-d3c4-46c5-954f-a66bcb65f64f" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Cancel the deletion before the end of the period unless you really want to delete that CMK, as it will no longer be usable.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html#deleting-keys-scheduling-key-deletion-console" - ] - }, - "risk_details": "KMS keys cannot be recovered once deleted, also, all the data under a KMS key is also permanently unrecoverable if the KMS key is deleted.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK b6fe9898-8d78-4d6f-aeeb-2f2083ab7552 is scheduled for deletion, revert it if it was unintentionally.", - "metadata": { - "event_code": "kms_cmk_not_deleted_unintentionally", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "FAIL", - "status_detail": "KMS CMK b6fe9898-8d78-4d6f-aeeb-2f2083ab7552 is scheduled for deletion, revert it if it was unintentionally.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "AM-07.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-16.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.9.2", - "2.10.1" - ], - "PCI-4.0": [ - "3.5.1.1.9", - "3.5.1.3.17", - "3.6.1.2.9", - "3.6.1.3.9", - "3.6.1.4.9", - "3.6.1.9", - "3.7.1.10", - "3.7.2.9", - "3.7.4.10", - "3.7.6.9", - "3.7.7.9", - "4.2.1.1.22" - ], - "CCC": [ - "CCC.KeyMgmt.CN01.AR01", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR02", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.ObjStor.CN05.AR04", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Foundational-Security-Best-Practices": [ - "KMS.3" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.9.2", - "2.10.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure there is no customer keys scheduled for deletion.", - "title": "AWS KMS keys should not be deleted unintentionally", - "types": [ - "Data Deletion Protection" - ], - "uid": "prowler-aws-kms_cmk_not_deleted_unintentionally-211203495394-eu-west-1-b6fe9898-8d78-4d6f-aeeb-2f2083ab7552" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "b6fe9898-8d78-4d6f-aeeb-2f2083ab7552", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/b6fe9898-8d78-4d6f-aeeb-2f2083ab7552", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Id": "key-default-1", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [] - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "b6fe9898-8d78-4d6f-aeeb-2f2083ab7552", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/b6fe9898-8d78-4d6f-aeeb-2f2083ab7552" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Cancel the deletion before the end of the period unless you really want to delete that CMK, as it will no longer be usable.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html#deleting-keys-scheduling-key-deletion-console" - ] - }, - "risk_details": "KMS keys cannot be recovered once deleted, also, all the data under a KMS key is also permanently unrecoverable if the KMS key is deleted.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK c28e1f44-d1bb-40d8-beef-21efdcb66bb7 is scheduled for deletion, revert it if it was unintentionally.", - "metadata": { - "event_code": "kms_cmk_not_deleted_unintentionally", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "FAIL", - "status_detail": "KMS CMK c28e1f44-d1bb-40d8-beef-21efdcb66bb7 is scheduled for deletion, revert it if it was unintentionally.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "AM-07.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-16.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.9.2", - "2.10.1" - ], - "PCI-4.0": [ - "3.5.1.1.9", - "3.5.1.3.17", - "3.6.1.2.9", - "3.6.1.3.9", - "3.6.1.4.9", - "3.6.1.9", - "3.7.1.10", - "3.7.2.9", - "3.7.4.10", - "3.7.6.9", - "3.7.7.9", - "4.2.1.1.22" - ], - "CCC": [ - "CCC.KeyMgmt.CN01.AR01", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR02", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.ObjStor.CN05.AR04", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Foundational-Security-Best-Practices": [ - "KMS.3" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.9.2", - "2.10.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure there is no customer keys scheduled for deletion.", - "title": "AWS KMS keys should not be deleted unintentionally", - "types": [ - "Data Deletion Protection" - ], - "uid": "prowler-aws-kms_cmk_not_deleted_unintentionally-211203495394-eu-west-1-c28e1f44-d1bb-40d8-beef-21efdcb66bb7" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "c28e1f44-d1bb-40d8-beef-21efdcb66bb7", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/c28e1f44-d1bb-40d8-beef-21efdcb66bb7", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "Default", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [ - { - "TagKey": "Example", - "TagValue": "ex-rds" - }, - { - "TagKey": "GithubOrg", - "TagValue": "terraform-aws-modules" - }, - { - "TagKey": "GithubRepo", - "TagValue": "terraform-aws-rds-aurora" - } - ] - } - }, - "group": { - "name": "kms" - }, - "labels": [ - "TagKey:GithubRepo", - "TagValue:terraform-aws-rds-aurora" - ], - "name": "c28e1f44-d1bb-40d8-beef-21efdcb66bb7", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/c28e1f44-d1bb-40d8-beef-21efdcb66bb7" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Cancel the deletion before the end of the period unless you really want to delete that CMK, as it will no longer be usable.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html#deleting-keys-scheduling-key-deletion-console" - ] - }, - "risk_details": "KMS keys cannot be recovered once deleted, also, all the data under a KMS key is also permanently unrecoverable if the KMS key is deleted.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK c45a036b-843a-48be-9621-57e49da9e4f6 is scheduled for deletion, revert it if it was unintentionally.", - "metadata": { - "event_code": "kms_cmk_not_deleted_unintentionally", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "FAIL", - "status_detail": "KMS CMK c45a036b-843a-48be-9621-57e49da9e4f6 is scheduled for deletion, revert it if it was unintentionally.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "AM-07.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-16.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.9.2", - "2.10.1" - ], - "PCI-4.0": [ - "3.5.1.1.9", - "3.5.1.3.17", - "3.6.1.2.9", - "3.6.1.3.9", - "3.6.1.4.9", - "3.6.1.9", - "3.7.1.10", - "3.7.2.9", - "3.7.4.10", - "3.7.6.9", - "3.7.7.9", - "4.2.1.1.22" - ], - "CCC": [ - "CCC.KeyMgmt.CN01.AR01", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR02", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.ObjStor.CN05.AR04", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Foundational-Security-Best-Practices": [ - "KMS.3" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.9.2", - "2.10.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure there is no customer keys scheduled for deletion.", - "title": "AWS KMS keys should not be deleted unintentionally", - "types": [ - "Data Deletion Protection" - ], - "uid": "prowler-aws-kms_cmk_not_deleted_unintentionally-211203495394-eu-west-1-c45a036b-843a-48be-9621-57e49da9e4f6" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "c45a036b-843a-48be-9621-57e49da9e4f6", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/c45a036b-843a-48be-9621-57e49da9e4f6", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "Default", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [ - { - "TagKey": "Example", - "TagValue": "ex-rds" - }, - { - "TagKey": "GithubOrg", - "TagValue": "terraform-aws-modules" - }, - { - "TagKey": "GithubRepo", - "TagValue": "terraform-aws-rds-aurora" - } - ] - } - }, - "group": { - "name": "kms" - }, - "labels": [ - "TagKey:GithubRepo", - "TagValue:terraform-aws-rds-aurora" - ], - "name": "c45a036b-843a-48be-9621-57e49da9e4f6", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/c45a036b-843a-48be-9621-57e49da9e4f6" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Cancel the deletion before the end of the period unless you really want to delete that CMK, as it will no longer be usable.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html#deleting-keys-scheduling-key-deletion-console" - ] - }, - "risk_details": "KMS keys cannot be recovered once deleted, also, all the data under a KMS key is also permanently unrecoverable if the KMS key is deleted.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK cdbd7090-6c87-4e56-b755-fddf82d253ef is scheduled for deletion, revert it if it was unintentionally.", - "metadata": { - "event_code": "kms_cmk_not_deleted_unintentionally", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "FAIL", - "status_detail": "KMS CMK cdbd7090-6c87-4e56-b755-fddf82d253ef is scheduled for deletion, revert it if it was unintentionally.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "AM-07.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-16.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.9.2", - "2.10.1" - ], - "PCI-4.0": [ - "3.5.1.1.9", - "3.5.1.3.17", - "3.6.1.2.9", - "3.6.1.3.9", - "3.6.1.4.9", - "3.6.1.9", - "3.7.1.10", - "3.7.2.9", - "3.7.4.10", - "3.7.6.9", - "3.7.7.9", - "4.2.1.1.22" - ], - "CCC": [ - "CCC.KeyMgmt.CN01.AR01", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR02", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.ObjStor.CN05.AR04", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Foundational-Security-Best-Practices": [ - "KMS.3" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.9.2", - "2.10.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure there is no customer keys scheduled for deletion.", - "title": "AWS KMS keys should not be deleted unintentionally", - "types": [ - "Data Deletion Protection" - ], - "uid": "prowler-aws-kms_cmk_not_deleted_unintentionally-211203495394-eu-west-1-cdbd7090-6c87-4e56-b755-fddf82d253ef" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "cdbd7090-6c87-4e56-b755-fddf82d253ef", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/cdbd7090-6c87-4e56-b755-fddf82d253ef", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Id": "key-default-1", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [] - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "cdbd7090-6c87-4e56-b755-fddf82d253ef", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/cdbd7090-6c87-4e56-b755-fddf82d253ef" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Cancel the deletion before the end of the period unless you really want to delete that CMK, as it will no longer be usable.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html#deleting-keys-scheduling-key-deletion-console" - ] - }, - "risk_details": "KMS keys cannot be recovered once deleted, also, all the data under a KMS key is also permanently unrecoverable if the KMS key is deleted.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK cf944303-41d3-401c-b296-00cbbb3d5ca4 is scheduled for deletion, revert it if it was unintentionally.", - "metadata": { - "event_code": "kms_cmk_not_deleted_unintentionally", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "FAIL", - "status_detail": "KMS CMK cf944303-41d3-401c-b296-00cbbb3d5ca4 is scheduled for deletion, revert it if it was unintentionally.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "AM-07.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-16.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.9.2", - "2.10.1" - ], - "PCI-4.0": [ - "3.5.1.1.9", - "3.5.1.3.17", - "3.6.1.2.9", - "3.6.1.3.9", - "3.6.1.4.9", - "3.6.1.9", - "3.7.1.10", - "3.7.2.9", - "3.7.4.10", - "3.7.6.9", - "3.7.7.9", - "4.2.1.1.22" - ], - "CCC": [ - "CCC.KeyMgmt.CN01.AR01", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR02", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.ObjStor.CN05.AR04", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Foundational-Security-Best-Practices": [ - "KMS.3" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.9.2", - "2.10.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure there is no customer keys scheduled for deletion.", - "title": "AWS KMS keys should not be deleted unintentionally", - "types": [ - "Data Deletion Protection" - ], - "uid": "prowler-aws-kms_cmk_not_deleted_unintentionally-211203495394-eu-west-1-cf944303-41d3-401c-b296-00cbbb3d5ca4" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "cf944303-41d3-401c-b296-00cbbb3d5ca4", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/cf944303-41d3-401c-b296-00cbbb3d5ca4", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Id": "key-default-1", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [] - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "cf944303-41d3-401c-b296-00cbbb3d5ca4", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/cf944303-41d3-401c-b296-00cbbb3d5ca4" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Cancel the deletion before the end of the period unless you really want to delete that CMK, as it will no longer be usable.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html#deleting-keys-scheduling-key-deletion-console" - ] - }, - "risk_details": "KMS keys cannot be recovered once deleted, also, all the data under a KMS key is also permanently unrecoverable if the KMS key is deleted.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK db617ef7-813a-45f5-b3e3-65c57fdf56a3 is not scheduled for deletion.", - "metadata": { - "event_code": "kms_cmk_not_deleted_unintentionally", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "PASS", - "status_detail": "KMS CMK db617ef7-813a-45f5-b3e3-65c57fdf56a3 is not scheduled for deletion.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "AM-07.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-16.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.9.2", - "2.10.1" - ], - "PCI-4.0": [ - "3.5.1.1.9", - "3.5.1.3.17", - "3.6.1.2.9", - "3.6.1.3.9", - "3.6.1.4.9", - "3.6.1.9", - "3.7.1.10", - "3.7.2.9", - "3.7.4.10", - "3.7.6.9", - "3.7.7.9", - "4.2.1.1.22" - ], - "CCC": [ - "CCC.KeyMgmt.CN01.AR01", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR02", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.ObjStor.CN05.AR04", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Foundational-Security-Best-Practices": [ - "KMS.3" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.9.2", - "2.10.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure there is no customer keys scheduled for deletion.", - "title": "AWS KMS keys should not be deleted unintentionally", - "types": [ - "Data Deletion Protection" - ], - "uid": "prowler-aws-kms_cmk_not_deleted_unintentionally-211203495394-eu-west-1-db617ef7-813a-45f5-b3e3-65c57fdf56a3" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "db617ef7-813a-45f5-b3e3-65c57fdf56a3", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/db617ef7-813a-45f5-b3e3-65c57fdf56a3", - "state": "Enabled", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": true, - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "Default", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [ - { - "TagKey": "Example", - "TagValue": "ex-rds" - }, - { - "TagKey": "GithubOrg", - "TagValue": "terraform-aws-modules" - }, - { - "TagKey": "GithubRepo", - "TagValue": "terraform-aws-rds-aurora" - } - ] - } - }, - "group": { - "name": "kms" - }, - "labels": [ - "TagKey:GithubRepo", - "TagValue:terraform-aws-rds-aurora" - ], - "name": "db617ef7-813a-45f5-b3e3-65c57fdf56a3", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/db617ef7-813a-45f5-b3e3-65c57fdf56a3" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Cancel the deletion before the end of the period unless you really want to delete that CMK, as it will no longer be usable.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html#deleting-keys-scheduling-key-deletion-console" - ] - }, - "risk_details": "KMS keys cannot be recovered once deleted, also, all the data under a KMS key is also permanently unrecoverable if the KMS key is deleted.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 939cf539-5ce7-4c5f-a055-b2eb4fe5d9be is scheduled for deletion, revert it if it was unintentionally.", - "metadata": { - "event_code": "kms_cmk_not_deleted_unintentionally", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "FAIL", - "status_detail": "KMS CMK 939cf539-5ce7-4c5f-a055-b2eb4fe5d9be is scheduled for deletion, revert it if it was unintentionally.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "AM-07.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-16.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.9.2", - "2.10.1" - ], - "PCI-4.0": [ - "3.5.1.1.9", - "3.5.1.3.17", - "3.6.1.2.9", - "3.6.1.3.9", - "3.6.1.4.9", - "3.6.1.9", - "3.7.1.10", - "3.7.2.9", - "3.7.4.10", - "3.7.6.9", - "3.7.7.9", - "4.2.1.1.22" - ], - "CCC": [ - "CCC.KeyMgmt.CN01.AR01", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR02", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.ObjStor.CN05.AR04", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Foundational-Security-Best-Practices": [ - "KMS.3" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.9.2", - "2.10.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure there is no customer keys scheduled for deletion.", - "title": "AWS KMS keys should not be deleted unintentionally", - "types": [ - "Data Deletion Protection" - ], - "uid": "prowler-aws-kms_cmk_not_deleted_unintentionally-211203495394-us-east-1-939cf539-5ce7-4c5f-a055-b2eb4fe5d9be" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "id": "939cf539-5ce7-4c5f-a055-b2eb4fe5d9be", - "arn": "arn:aws:kms:us-east-1:211203495394:key/939cf539-5ce7-4c5f-a055-b2eb4fe5d9be", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - }, - { - "Sid": "Allow CloudWatch Logs", - "Effect": "Allow", - "Principal": { - "Service": "logs.us-east-1.amazonaws.com" - }, - "Action": [ - "kms:Encrypt*", - "kms:Decrypt*", - "kms:ReEncrypt*", - "kms:GenerateDataKey*", - "kms:Describe*" - ], - "Resource": "*", - "Condition": { - "ArnLike": { - "kms:EncryptionContext:aws:logs:arn": "arn:aws:logs:us-east-1:211203495394:log-group:/aws/s3/*" - } - } - }, - { - "Sid": "Allow Key Users", - "Effect": "Allow", - "Principal": { - "AWS": [ - "arn:aws:iam::211203495394:user/terraform-user", - "arn:aws:iam::211203495394:root" - ] - }, - "Action": [ - "kms:Encrypt", - "kms:Decrypt", - "kms:ReEncrypt*", - "kms:GenerateDataKey*", - "kms:DescribeKey" - ], - "Resource": "*", - "Condition": { - "ArnLike": { - "kms:EncryptionContext:aws:logs:arn": "arn:aws:logs:us-east-1:211203495394:log-group:/aws/s3/*" - } - } - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "us-east-1", - "multi_region": false, - "tags": [ - { - "TagKey": "Environment", - "TagValue": "Production" - }, - { - "TagKey": "Owner", - "TagValue": "CFI" - }, - { - "TagKey": "managed-by", - "TagValue": "terraform" - }, - { - "TagKey": "module", - "TagValue": "secure-s3" - } - ] - } - }, - "group": { - "name": "kms" - }, - "labels": [ - "TagKey:module", - "TagValue:secure-s3" - ], - "name": "939cf539-5ce7-4c5f-a055-b2eb4fe5d9be", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:us-east-1:211203495394:key/939cf539-5ce7-4c5f-a055-b2eb4fe5d9be" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Cancel the deletion before the end of the period unless you really want to delete that CMK, as it will no longer be usable.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html#deleting-keys-scheduling-key-deletion-console" - ] - }, - "risk_details": "KMS keys cannot be recovered once deleted, also, all the data under a KMS key is also permanently unrecoverable if the KMS key is deleted.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK a80c0553-bf44-472b-a141-674b2d47209b is scheduled for deletion, revert it if it was unintentionally.", - "metadata": { - "event_code": "kms_cmk_not_deleted_unintentionally", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "FAIL", - "status_detail": "KMS CMK a80c0553-bf44-472b-a141-674b2d47209b is scheduled for deletion, revert it if it was unintentionally.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "AM-07.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-16.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.9.2", - "2.10.1" - ], - "PCI-4.0": [ - "3.5.1.1.9", - "3.5.1.3.17", - "3.6.1.2.9", - "3.6.1.3.9", - "3.6.1.4.9", - "3.6.1.9", - "3.7.1.10", - "3.7.2.9", - "3.7.4.10", - "3.7.6.9", - "3.7.7.9", - "4.2.1.1.22" - ], - "CCC": [ - "CCC.KeyMgmt.CN01.AR01", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR02", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.ObjStor.CN05.AR04", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Foundational-Security-Best-Practices": [ - "KMS.3" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.9.2", - "2.10.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure there is no customer keys scheduled for deletion.", - "title": "AWS KMS keys should not be deleted unintentionally", - "types": [ - "Data Deletion Protection" - ], - "uid": "prowler-aws-kms_cmk_not_deleted_unintentionally-211203495394-us-east-1-a80c0553-bf44-472b-a141-674b2d47209b" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "id": "a80c0553-bf44-472b-a141-674b2d47209b", - "arn": "arn:aws:kms:us-east-1:211203495394:key/a80c0553-bf44-472b-a141-674b2d47209b", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - }, - { - "Sid": "Allow CloudWatch Logs", - "Effect": "Allow", - "Principal": { - "Service": "logs.us-east-1.amazonaws.com" - }, - "Action": [ - "kms:Encrypt*", - "kms:Decrypt*", - "kms:ReEncrypt*", - "kms:GenerateDataKey*", - "kms:Describe*" - ], - "Resource": "*", - "Condition": { - "ArnLike": { - "kms:EncryptionContext:aws:logs:arn": "arn:aws:logs:us-east-1:211203495394:log-group:/aws/s3/*" - } - } - }, - { - "Sid": "Allow Key Users", - "Effect": "Allow", - "Principal": { - "AWS": [ - "arn:aws:iam::211203495394:user/terraform-user", - "arn:aws:iam::211203495394:root" - ] - }, - "Action": [ - "kms:Encrypt", - "kms:Decrypt", - "kms:ReEncrypt*", - "kms:GenerateDataKey*", - "kms:DescribeKey" - ], - "Resource": "*", - "Condition": { - "ArnLike": { - "kms:EncryptionContext:aws:logs:arn": "arn:aws:logs:us-east-1:211203495394:log-group:/aws/s3/*" - } - } - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "us-east-1", - "multi_region": false, - "tags": [ - { - "TagKey": "Environment", - "TagValue": "Production" - }, - { - "TagKey": "Owner", - "TagValue": "CFI" - }, - { - "TagKey": "managed-by", - "TagValue": "terraform" - }, - { - "TagKey": "module", - "TagValue": "secure-s3" - } - ] - } - }, - "group": { - "name": "kms" - }, - "labels": [ - "TagKey:module", - "TagValue:secure-s3" - ], - "name": "a80c0553-bf44-472b-a141-674b2d47209b", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:us-east-1:211203495394:key/a80c0553-bf44-472b-a141-674b2d47209b" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Cancel the deletion before the end of the period unless you really want to delete that CMK, as it will no longer be usable.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html#deleting-keys-scheduling-key-deletion-console" - ] - }, - "risk_details": "KMS keys cannot be recovered once deleted, also, all the data under a KMS key is also permanently unrecoverable if the KMS key is deleted.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK bcf39cd2-6148-425c-8c08-c140ee2c5a9f is scheduled for deletion, revert it if it was unintentionally.", - "metadata": { - "event_code": "kms_cmk_not_deleted_unintentionally", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "FAIL", - "status_detail": "KMS CMK bcf39cd2-6148-425c-8c08-c140ee2c5a9f is scheduled for deletion, revert it if it was unintentionally.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "AM-07.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-16.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.9.2", - "2.10.1" - ], - "PCI-4.0": [ - "3.5.1.1.9", - "3.5.1.3.17", - "3.6.1.2.9", - "3.6.1.3.9", - "3.6.1.4.9", - "3.6.1.9", - "3.7.1.10", - "3.7.2.9", - "3.7.4.10", - "3.7.6.9", - "3.7.7.9", - "4.2.1.1.22" - ], - "CCC": [ - "CCC.KeyMgmt.CN01.AR01", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR02", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.ObjStor.CN05.AR04", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Foundational-Security-Best-Practices": [ - "KMS.3" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.9.2", - "2.10.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure there is no customer keys scheduled for deletion.", - "title": "AWS KMS keys should not be deleted unintentionally", - "types": [ - "Data Deletion Protection" - ], - "uid": "prowler-aws-kms_cmk_not_deleted_unintentionally-211203495394-us-east-1-bcf39cd2-6148-425c-8c08-c140ee2c5a9f" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "id": "bcf39cd2-6148-425c-8c08-c140ee2c5a9f", - "arn": "arn:aws:kms:us-east-1:211203495394:key/bcf39cd2-6148-425c-8c08-c140ee2c5a9f", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - }, - { - "Sid": "Allow CloudWatch Logs", - "Effect": "Allow", - "Principal": { - "Service": "logs.us-east-1.amazonaws.com" - }, - "Action": [ - "kms:Encrypt*", - "kms:Decrypt*", - "kms:ReEncrypt*", - "kms:GenerateDataKey*", - "kms:Describe*" - ], - "Resource": "*", - "Condition": { - "ArnLike": { - "kms:EncryptionContext:aws:logs:arn": "arn:aws:logs:us-east-1:211203495394:log-group:/aws/s3/*" - } - } - }, - { - "Sid": "Allow Key Users", - "Effect": "Allow", - "Principal": { - "AWS": [ - "arn:aws:iam::211203495394:user/terraform-user", - "arn:aws:iam::211203495394:root" - ] - }, - "Action": [ - "kms:Encrypt", - "kms:Decrypt", - "kms:ReEncrypt*", - "kms:GenerateDataKey*", - "kms:DescribeKey" - ], - "Resource": "*", - "Condition": { - "ArnLike": { - "kms:EncryptionContext:aws:logs:arn": "arn:aws:logs:us-east-1:211203495394:log-group:/aws/s3/*" - } - } - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "us-east-1", - "multi_region": false, - "tags": [ - { - "TagKey": "Environment", - "TagValue": "Production" - }, - { - "TagKey": "Owner", - "TagValue": "CFI" - }, - { - "TagKey": "managed-by", - "TagValue": "terraform" - }, - { - "TagKey": "module", - "TagValue": "secure-s3" - } - ] - } - }, - "group": { - "name": "kms" - }, - "labels": [ - "TagKey:module", - "TagValue:secure-s3" - ], - "name": "bcf39cd2-6148-425c-8c08-c140ee2c5a9f", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:us-east-1:211203495394:key/bcf39cd2-6148-425c-8c08-c140ee2c5a9f" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Cancel the deletion before the end of the period unless you really want to delete that CMK, as it will no longer be usable.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html#deleting-keys-scheduling-key-deletion-console" - ] - }, - "risk_details": "KMS keys cannot be recovered once deleted, also, all the data under a KMS key is also permanently unrecoverable if the KMS key is deleted.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 34307c6a-e2e3-4f56-8543-fa92dd73df4f is a single-region key.", - "metadata": { - "event_code": "kms_cmk_not_multi_region", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "KMS CMK 34307c6a-e2e3-4f56-8543-fa92dd73df4f is a single-region key.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html#multi-region-concepts", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Multi-region keys should be used only when absolutely necessary, such as for cross-region disaster recovery, and should be carefully managed with strict access controls.", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "CRY-03.01B", - "CRY-05.02B", - "CRY-10.01B", - "CRY-19.01B", - "PSS-12.02AC" - ], - "CCC": [ - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR04", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04", - "CCC.Core.CN11.AR05" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure that AWS KMS customer managed keys (CMKs) are not multi-region to maintain strict data control and compliance with security best practices.", - "title": "AWS KMS customer managed keys should not be multi-Region", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-kms_cmk_not_multi_region-211203495394-eu-west-1-34307c6a-e2e3-4f56-8543-fa92dd73df4f" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "34307c6a-e2e3-4f56-8543-fa92dd73df4f", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/34307c6a-e2e3-4f56-8543-fa92dd73df4f", - "state": "Enabled", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Id": "key-default-1", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [] - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "34307c6a-e2e3-4f56-8543-fa92dd73df4f", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/34307c6a-e2e3-4f56-8543-fa92dd73df4f" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Identify and replace multi-region keys with single-region KMS keys to enhance security and access control.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/mrk-when-to-use.html" - ] - }, - "risk_details": "Multi-region KMS keys can increase the risk of unauthorized access and data exposure, as managing access controls and auditing across multiple regions becomes more complex. This expanded attack surface may lead to compliance violations and data breaches.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK db617ef7-813a-45f5-b3e3-65c57fdf56a3 is a single-region key.", - "metadata": { - "event_code": "kms_cmk_not_multi_region", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "KMS CMK db617ef7-813a-45f5-b3e3-65c57fdf56a3 is a single-region key.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html#multi-region-concepts", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Multi-region keys should be used only when absolutely necessary, such as for cross-region disaster recovery, and should be carefully managed with strict access controls.", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "CRY-03.01B", - "CRY-05.02B", - "CRY-10.01B", - "CRY-19.01B", - "PSS-12.02AC" - ], - "CCC": [ - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR04", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04", - "CCC.Core.CN11.AR05" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure that AWS KMS customer managed keys (CMKs) are not multi-region to maintain strict data control and compliance with security best practices.", - "title": "AWS KMS customer managed keys should not be multi-Region", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-kms_cmk_not_multi_region-211203495394-eu-west-1-db617ef7-813a-45f5-b3e3-65c57fdf56a3" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "db617ef7-813a-45f5-b3e3-65c57fdf56a3", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/db617ef7-813a-45f5-b3e3-65c57fdf56a3", - "state": "Enabled", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": true, - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "Default", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [ - { - "TagKey": "Example", - "TagValue": "ex-rds" - }, - { - "TagKey": "GithubOrg", - "TagValue": "terraform-aws-modules" - }, - { - "TagKey": "GithubRepo", - "TagValue": "terraform-aws-rds-aurora" - } - ] - } - }, - "group": { - "name": "kms" - }, - "labels": [ - "TagKey:GithubRepo", - "TagValue:terraform-aws-rds-aurora" - ], - "name": "db617ef7-813a-45f5-b3e3-65c57fdf56a3", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/db617ef7-813a-45f5-b3e3-65c57fdf56a3" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Identify and replace multi-region keys with single-region KMS keys to enhance security and access control.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/mrk-when-to-use.html" - ] - }, - "risk_details": "Multi-region KMS keys can increase the risk of unauthorized access and data exposure, as managing access controls and auditing across multiple regions becomes more complex. This expanded attack surface may lead to compliance violations and data breaches.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 34307c6a-e2e3-4f56-8543-fa92dd73df4f has automatic rotation disabled.", - "metadata": { - "event_code": "kms_cmk_rotation_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "KMS CMK 34307c6a-e2e3-4f56-8543-fa92dd73df4f has automatic rotation disabled.", - "status_id": 1, - "unmapped": { - "related_url": "https://aws.amazon.com/blogs/security/how-to-get-ready-for-certificate-transparency/", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "RBI-Cyber-Security-Framework": [ - "annex_i_1_3" - ], - "HIPAA": [ - "164_312_a_2_iv" - ], - "C5-2025": [ - "OIS-08.02B", - "CRY-05.02B", - "CRY-06.01B", - "CRY-07.01B", - "CRY-09.02B", - "CRY-19.01B" - ], - "FedRamp-Moderate-Revision-4": [ - "sc-12" - ], - "CIS-3.0": [ - "3.6" - ], - "NIST-800-53-Revision-5": [ - "cm_6_a", - "cm_9_b", - "sa_9_6", - "sc_12", - "sc_12_2", - "sc_12_6" - ], - "ENS-RD2022": [ - "op.exp.10.aws.cmk.3" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "CIS-4.0.1": [ - "3.6" - ], - "PCI-4.0": [ - "3.7.4.5", - "3.7.5.2" - ], - "FedRAMP-Low-Revision-4": [ - "sc-12" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "CIS-5.0": [ - "3.6" - ], - "CIS-1.4": [ - "3.8" - ], - "CCC": [ - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN03.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04", - "CCC.Core.CN11.AR05", - "CCC.Core.CN11.AR06" - ], - "GxP-21-CFR-Part-11": [ - "11.30" - ], - "ProwlerThreatScore-1.0": [ - "3.2.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "KMS.4" - ], - "CIS-1.5": [ - "3.8" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC02-BP05" - ], - "ISO27001-2022": [ - "A.8.5", - "A.8.11", - "A.8.24" - ], - "NIST-800-53-Revision-4": [ - "sc_12" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "CIS-2.0": [ - "3.8" - ], - "CISA": [ - "your-systems-3" - ], - "NIS2": [ - "11.6.2.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure rotation for customer created KMS CMKs is enabled.", - "title": "Ensure rotation for customer created KMS CMKs is enabled.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-kms_cmk_rotation_enabled-211203495394-eu-west-1-34307c6a-e2e3-4f56-8543-fa92dd73df4f" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "34307c6a-e2e3-4f56-8543-fa92dd73df4f", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/34307c6a-e2e3-4f56-8543-fa92dd73df4f", - "state": "Enabled", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Id": "key-default-1", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [] - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "34307c6a-e2e3-4f56-8543-fa92dd73df4f", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/34307c6a-e2e3-4f56-8543-fa92dd73df4f" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "For every KMS Customer Master Keys (CMKs), ensure that Rotate this key every year is enabled.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html" - ] - }, - "risk_details": "Cryptographic best practices discourage extensive reuse of encryption keys. Consequently, Customer Master Keys (CMKs) should be rotated to prevent usage of compromised keys.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK db617ef7-813a-45f5-b3e3-65c57fdf56a3 has automatic rotation enabled.", - "metadata": { - "event_code": "kms_cmk_rotation_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "KMS CMK db617ef7-813a-45f5-b3e3-65c57fdf56a3 has automatic rotation enabled.", - "status_id": 1, - "unmapped": { - "related_url": "https://aws.amazon.com/blogs/security/how-to-get-ready-for-certificate-transparency/", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "RBI-Cyber-Security-Framework": [ - "annex_i_1_3" - ], - "HIPAA": [ - "164_312_a_2_iv" - ], - "C5-2025": [ - "OIS-08.02B", - "CRY-05.02B", - "CRY-06.01B", - "CRY-07.01B", - "CRY-09.02B", - "CRY-19.01B" - ], - "FedRamp-Moderate-Revision-4": [ - "sc-12" - ], - "CIS-3.0": [ - "3.6" - ], - "NIST-800-53-Revision-5": [ - "cm_6_a", - "cm_9_b", - "sa_9_6", - "sc_12", - "sc_12_2", - "sc_12_6" - ], - "ENS-RD2022": [ - "op.exp.10.aws.cmk.3" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "CIS-4.0.1": [ - "3.6" - ], - "PCI-4.0": [ - "3.7.4.5", - "3.7.5.2" - ], - "FedRAMP-Low-Revision-4": [ - "sc-12" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "CIS-5.0": [ - "3.6" - ], - "CIS-1.4": [ - "3.8" - ], - "CCC": [ - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN03.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04", - "CCC.Core.CN11.AR05", - "CCC.Core.CN11.AR06" - ], - "GxP-21-CFR-Part-11": [ - "11.30" - ], - "ProwlerThreatScore-1.0": [ - "3.2.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "KMS.4" - ], - "CIS-1.5": [ - "3.8" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC02-BP05" - ], - "ISO27001-2022": [ - "A.8.5", - "A.8.11", - "A.8.24" - ], - "NIST-800-53-Revision-4": [ - "sc_12" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "CIS-2.0": [ - "3.8" - ], - "CISA": [ - "your-systems-3" - ], - "NIS2": [ - "11.6.2.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure rotation for customer created KMS CMKs is enabled.", - "title": "Ensure rotation for customer created KMS CMKs is enabled.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-kms_cmk_rotation_enabled-211203495394-eu-west-1-db617ef7-813a-45f5-b3e3-65c57fdf56a3" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "db617ef7-813a-45f5-b3e3-65c57fdf56a3", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/db617ef7-813a-45f5-b3e3-65c57fdf56a3", - "state": "Enabled", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": true, - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "Default", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [ - { - "TagKey": "Example", - "TagValue": "ex-rds" - }, - { - "TagKey": "GithubOrg", - "TagValue": "terraform-aws-modules" - }, - { - "TagKey": "GithubRepo", - "TagValue": "terraform-aws-rds-aurora" - } - ] - } - }, - "group": { - "name": "kms" - }, - "labels": [ - "TagKey:GithubRepo", - "TagValue:terraform-aws-rds-aurora" - ], - "name": "db617ef7-813a-45f5-b3e3-65c57fdf56a3", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/db617ef7-813a-45f5-b3e3-65c57fdf56a3" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "For every KMS Customer Master Keys (CMKs), ensure that Rotate this key every year is enabled.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html" - ] - }, - "risk_details": "Cryptographic best practices discourage extensive reuse of encryption keys. Consequently, Customer Master Keys (CMKs) should be rotated to prevent usage of compromised keys.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS key 34307c6a-e2e3-4f56-8543-fa92dd73df4f is not exposed to Public.", - "metadata": { - "event_code": "kms_key_not_publicly_accessible", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "KMS key 34307c6a-e2e3-4f56-8543-fa92dd73df4f is not exposed to Public.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/kms/latest/developerguide/determining-access.html", - "categories": [ - "internet-exposed", - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "PS-03.02B", - "IAM-10.01B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-19.01B", - "COS-02.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "CCC": [ - "CCC.ObjStor.CN01.AR01", - "CCC.ObjStor.CN01.AR02", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04" - ], - "ProwlerThreatScore-1.0": [ - "2.2.14" - ], - "AWS-Foundational-Security-Best-Practices": [ - "KMS.5" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC03-BP07" - ], - "ISO27001-2022": [ - "A.8.1" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "NIS2": [ - "9.2.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Check exposed KMS keys", - "title": "Check exposed KMS keys", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-kms_key_not_publicly_accessible-211203495394-eu-west-1-34307c6a-e2e3-4f56-8543-fa92dd73df4f" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "34307c6a-e2e3-4f56-8543-fa92dd73df4f", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/34307c6a-e2e3-4f56-8543-fa92dd73df4f", - "state": "Enabled", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Id": "key-default-1", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [] - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "34307c6a-e2e3-4f56-8543-fa92dd73df4f", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/34307c6a-e2e3-4f56-8543-fa92dd73df4f" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "To determine the full extent of who or what currently has access to a customer master key (CMK) in AWS KMS, you must examine the CMK key policy, all grants that apply to the CMK and potentially all AWS Identity and Access Management (IAM) policies. You might do this to determine the scope of potential usage of a CMK.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/determining-access.html" - ] - }, - "risk_details": "Exposed KMS Keys or wide policy permissions my leave data unprotected.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS key db617ef7-813a-45f5-b3e3-65c57fdf56a3 is not exposed to Public.", - "metadata": { - "event_code": "kms_key_not_publicly_accessible", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "KMS key db617ef7-813a-45f5-b3e3-65c57fdf56a3 is not exposed to Public.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/kms/latest/developerguide/determining-access.html", - "categories": [ - "internet-exposed", - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "PS-03.02B", - "IAM-10.01B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-19.01B", - "COS-02.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "CCC": [ - "CCC.ObjStor.CN01.AR01", - "CCC.ObjStor.CN01.AR02", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04" - ], - "ProwlerThreatScore-1.0": [ - "2.2.14" - ], - "AWS-Foundational-Security-Best-Practices": [ - "KMS.5" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC03-BP07" - ], - "ISO27001-2022": [ - "A.8.1" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "NIS2": [ - "9.2.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Check exposed KMS keys", - "title": "Check exposed KMS keys", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-kms_key_not_publicly_accessible-211203495394-eu-west-1-db617ef7-813a-45f5-b3e3-65c57fdf56a3" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "db617ef7-813a-45f5-b3e3-65c57fdf56a3", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/db617ef7-813a-45f5-b3e3-65c57fdf56a3", - "state": "Enabled", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": true, - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "Default", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [ - { - "TagKey": "Example", - "TagValue": "ex-rds" - }, - { - "TagKey": "GithubOrg", - "TagValue": "terraform-aws-modules" - }, - { - "TagKey": "GithubRepo", - "TagValue": "terraform-aws-rds-aurora" - } - ] - } - }, - "group": { - "name": "kms" - }, - "labels": [ - "TagKey:GithubRepo", - "TagValue:terraform-aws-rds-aurora" - ], - "name": "db617ef7-813a-45f5-b3e3-65c57fdf56a3", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/db617ef7-813a-45f5-b3e3-65c57fdf56a3" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "To determine the full extent of who or what currently has access to a customer master key (CMK) in AWS KMS, you must examine the CMK key policy, all grants that apply to the CMK and potentially all AWS Identity and Access Management (IAM) policies. You might do this to determine the scope of potential usage of a CMK.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/determining-access.html" - ] - }, - "risk_details": "Exposed KMS Keys or wide policy permissions my leave data unprotected.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "AWS Organizations is not in-use for this AWS Account.", - "metadata": { - "event_code": "organizations_account_part_of_organizations", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "AWS Organizations is not in-use for this AWS Account.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "RBI-Cyber-Security-Framework": [ - "annex_i_1_1" - ], - "ENS-RD2022": [ - "op.acc.4.aws.iam.1", - "op.acc.4.aws.iam.8" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2" - ], - "PCI-4.0": [ - "7.2.1.1", - "7.2.2.1", - "7.2.5.1", - "7.3.1.1", - "7.3.2.1", - "7.3.3.1", - "8.2.7.1", - "8.2.8.1", - "8.3.4.1" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC01-BP01", - "SEC03-BP05", - "SEC08-BP04" - ], - "ISO27001-2022": [ - "A.8.3" - ], - "KISA-ISMS-P-2023": [ - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1078", - "T1087", - "T1580", - "T1538" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure that AWS Organizations service is currently in use.", - "title": "Check if account is part of an AWS Organizations", - "types": [ - "Logging and Monitoring" - ], - "uid": "prowler-aws-organizations_account_part_of_organizations-211203495394-us-east-1-unknown" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:organizations::211203495394:unknown", - "id": "unknown", - "status": "NOT_AVAILABLE", - "master_id": "", - "policies": {}, - "delegated_administrators": null - } - }, - "group": { - "name": "organizations" - }, - "labels": [], - "name": "unknown", - "type": "Other", - "uid": "arn:aws:organizations::211203495394:unknown" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Create or Join an AWS Organization", - "references": [ - "https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_org_create.html" - ] - }, - "risk_details": "The risk associated with not being part of an AWS Organizations is that it can lead to a lack of centralized management and control over the AWS accounts in an organization. This can make it difficult to enforce security policies consistently across all accounts, and can also result in increased costs due to inefficiencies in resource usage. Additionally, not being part of an AWS Organizations can make it harder to track and manage account usage and access.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "AWS Organizations is not in-use for this AWS Account.", - "metadata": { - "event_code": "organizations_opt_out_ai_services_policy", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "AWS Organizations is not in-use for this AWS Account.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_ai-opt-out_all.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "KISA-ISMS-P-2023-korean": [ - "2.10.2" - ], - "KISA-ISMS-P-2023": [ - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "This control checks whether the AWS Organizations opt-out of AI services policy is enabled and whether child-accounts are disallowed to overwrite this policy. The control fails if the policy is not enabled or if child-accounts are not disallowed to overwrite this policy.", - "title": "Ensure that AWS Organizations opt-out of AI services policy is enabled and disallow child-accounts to overwrite this policy.", - "types": [], - "uid": "prowler-aws-organizations_opt_out_ai_services_policy-211203495394-us-east-1-unknown" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:organizations::211203495394:unknown", - "id": "unknown", - "status": "NOT_AVAILABLE", - "master_id": "", - "policies": {}, - "delegated_administrators": null - } - }, - "group": { - "name": "organizations" - }, - "labels": [], - "name": "unknown", - "type": "Other", - "uid": "arn:aws:organizations::211203495394:unknown" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Artificial Intelligence (AI) services opt-out policies enable you to control whether AWS AI services can store and use your content. Enable the AWS Organizations opt-out of AI services policy and disallow child-accounts to overwrite this policy.", - "references": [ - "https://docs.aws.amazon.com/organizations/latest/userguide/disable-policy-type.html" - ] - }, - "risk_details": "By default, AWS may be using your data to train its AI models. This may include data from your AWS CloudTrail logs, AWS Config rules, and AWS GuardDuty findings. If you opt out of AI services, AWS will not use your data to train its AI models.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "AWS Organizations is not in-use for this AWS Account.", - "metadata": { - "event_code": "organizations_scp_check_deny_regions", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "AWS Organizations is not in-use for this AWS Account.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "PSS-12.02AC" - ], - "ENS-RD2022": [ - "op.acc.4.aws.iam.1", - "op.acc.4.aws.iam.8" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2" - ], - "CCC": [ - "CCC.Core.CN06.AR01", - "CCC.Core.CN06.AR02" - ], - "AWS-Account-Security-Onboarding": [ - "Block unused regions" - ], - "KISA-ISMS-P-2023": [ - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1078", - "T1535" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "As best practice, AWS Regions should be restricted and only allow the ones that are needed.", - "title": "Check if AWS Regions are restricted with SCP policies", - "types": [ - "Logging and Monitoring" - ], - "uid": "prowler-aws-organizations_scp_check_deny_regions-211203495394-us-east-1-unknown" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:organizations::211203495394:unknown", - "id": "unknown", - "status": "NOT_AVAILABLE", - "master_id": "", - "policies": {}, - "delegated_administrators": null - } - }, - "group": { - "name": "organizations" - }, - "labels": [], - "name": "unknown", - "type": "Other", - "uid": "arn:aws:organizations::211203495394:unknown" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Restrict AWS Regions using SCP policies.", - "references": [ - "https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scps_examples_general.html#example-scp-deny-region" - ] - }, - "risk_details": "The risk associated with not restricting AWS Regions with Service Control Policies (SCPs) is that it can lead to unauthorized access or use of resources in regions that are not intended for use. This can result in increased costs due to inefficiencies in resource usage and can also expose sensitive data to unauthorized access or breaches. By restricting access to AWS Regions with SCP policies, organizations can help ensure that only authorized personnel have access to the resources they need, while minimizing the risk of security breaches and compliance violations.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "AWS Organizations is not in-use for this AWS Account.", - "metadata": { - "event_code": "organizations_tags_policies_enabled_and_attached", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "AWS Organizations is not in-use for this AWS Account.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "AM-09.01B" - ], - "ENS-RD2022": [ - "op.exp.1.aws.sys.2", - "op.exp.1.aws.tag.1", - "op.exp.10.aws.tag.1", - "mp.info.6.aws.tag.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.1.3" - ], - "ISO27001-2022": [ - "A.5.13" - ], - "KISA-ISMS-P-2023": [ - "2.1.3" - ], - "NIS2": [ - "11.5.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Check if an AWS Organization has tags policies enabled and attached.", - "title": "Check if an AWS Organization has tags policies enabled and attached.", - "types": [], - "uid": "prowler-aws-organizations_tags_policies_enabled_and_attached-211203495394-us-east-1-unknown" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:organizations::211203495394:unknown", - "id": "unknown", - "status": "NOT_AVAILABLE", - "master_id": "", - "policies": {}, - "delegated_administrators": null - } - }, - "group": { - "name": "organizations" - }, - "labels": [], - "name": "unknown", - "type": "Other", - "uid": "arn:aws:organizations::211203495394:unknown" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Enable and attach AWS Organizations tags policies.", - "references": [ - "https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies.html" - ] - }, - "risk_details": "If an AWS Organization tags policies are not enabled and attached, it is not possible to enforce tags on AWS resources.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No Resource Explorer Indexes found.", - "metadata": { - "event_code": "resourceexplorer2_indexes_found", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "No Resource Explorer Indexes found.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.exp.1.aws.re.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.2" - ], - "KISA-ISMS-P-2023": [ - "2.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Resource Explorer Indexes Found", - "title": "Resource Explorer Indexes Found", - "types": [], - "uid": "prowler-aws-resourceexplorer2_indexes_found-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "resourceexplorer2" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:resource-explorer:us-east-1:211203495394:index" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Create indexes", - "references": [ - "https://docs.aws.amazon.com/resource-explorer/latest/userguide/manage-service-turn-on-region.html" - ] - }, - "risk_details": "Not having Resource Explorer indexes can result in increased complexity and overhead in managing your resources, as well as increased risk of security and compliance issues.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Block Public Access is not configured for the account 211203495394.", - "metadata": { - "event_code": "s3_account_level_public_access_blocks", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Block Public Access is not configured for the account 211203495394.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_1", - "3_1_2", - "3_1_3", - "3_1_14", - "3_1_20", - "3_3_8", - "3_4_6", - "3_13_2", - "3_13_5" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_1_3" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_308_a_3_i" - ], - "C5-2025": [ - "PS-03.02B", - "IAM-10.01B", - "COS-02.01B" - ], - "NIST-CSF-1.1": [ - "ac_3", - "ac_5", - "ds_5", - "ip_8", - "pt_3" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-3", - "ac-6", - "ac-17-1", - "ac-21-b", - "cm-2", - "sc-4", - "sc-7-3", - "sc-7" - ], - "CIS-3.0": [ - "2.1.4" - ], - "NIST-800-53-Revision-5": [ - "ac_2_6", - "ac_3", - "ac_3_7", - "ac_4_21", - "ac_6", - "ac_17_b", - "ac_17_1", - "ac_17_4_a", - "ac_17_9", - "ac_17_10", - "cm_6_a", - "cm_9_b", - "mp_2", - "sc_7_2", - "sc_7_3", - "sc_7_7", - "sc_7_9_a", - "sc_7_11", - "sc_7_12", - "sc_7_16", - "sc_7_20", - "sc_7_21", - "sc_7_24_b", - "sc_7_25", - "sc_7_26", - "sc_7_27", - "sc_7_28", - "sc_7_a", - "sc_7_b", - "sc_7_c", - "sc_25" - ], - "AWS-Audit-Manager-Control-Tower-Guardrails": [ - "4.1.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.1", - "2.6.2", - "2.10.2" - ], - "CIS-4.0.1": [ - "2.1.4" - ], - "PCI-4.0": [ - "1.2.8.31", - "1.2.8.32", - "1.3.1.35", - "1.3.1.36", - "1.3.2.35", - "1.3.2.36", - "1.4.2.33", - "1.4.2.34", - "1.5.1.31", - "1.5.1.32", - "10.3.2.19", - "10.3.2.20", - "3.5.1.3.24", - "3.5.1.3.25", - "A1.1.2.15", - "A1.1.2.16", - "A1.1.3.31", - "A1.1.3.32", - "A3.4.1.17", - "A3.4.1.18" - ], - "FedRAMP-Low-Revision-4": [ - "ac-3", - "ac-17", - "cm-2", - "sc-7" - ], - "FFIEC": [ - "d3-pc-im-b-1" - ], - "PCI-3.2.1": [ - "1.3", - "2.2", - "2.2.2", - "7.2", - "7.2.1" - ], - "CIS-5.0": [ - "2.1.4" - ], - "CIS-1.4": [ - "2.1.5" - ], - "CCC": [ - "CCC.Logging.CN05.AR01", - "CCC.Logging.CN05.AR02", - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN05.AR01" - ], - "GxP-21-CFR-Part-11": [ - "11.10-d", - "11.10-g" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.1" - ], - "CIS-1.5": [ - "2.1.5" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC03-BP07" - ], - "ISO27001-2022": [ - "A.8.1" - ], - "NIST-800-53-Revision-4": [ - "sc_7_3", - "sc_7" - ], - "AWS-Account-Security-Onboarding": [ - "S3 Block Public Access" - ], - "KISA-ISMS-P-2023": [ - "2.6.1", - "2.6.2", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1530" - ], - "CIS-2.0": [ - "2.1.4" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Check S3 Account Level Public Access Block.", - "title": "Check S3 Account Level Public Access Block.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_account_level_public_access_blocks-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "block_public_acls": false, - "ignore_public_acls": false, - "block_public_policy": false, - "restrict_public_buckets": false - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "211203495394", - "type": "AwsS3AccountPublicAccessBlock", - "uid": "arn:aws:s3:us-east-1:211203495394:account" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "You can enable Public Access Block at the account level to prevent the exposure of your data stored in S3.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html" - ] - }, - "risk_details": "Public access policies may be applied to sensitive data buckets.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket cloudfront-logs-sure-jackal has bucket ACLs enabled.", - "metadata": { - "event_code": "s3_bucket_acl_prohibited", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "S3 Bucket cloudfront-logs-sure-jackal has bucket ACLs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.2", - "2.10.2" - ], - "PCI-4.0": [ - "7.2.1.24", - "7.2.2.24", - "7.2.5.18", - "7.3.1.18", - "7.3.2.18", - "7.3.3.18", - "8.2.7.18", - "8.2.8.20", - "8.3.4.18" - ], - "CCC": [ - "CCC.ObjStor.CN02.AR02" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.12" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP02" - ], - "KISA-ISMS-P-2023": [ - "2.6.2", - "2.10.2" - ], - "CISA": [ - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Check if S3 buckets have ACLs enabled", - "title": "Check if S3 buckets have ACLs enabled", - "types": [ - "Logging and Monitoring" - ], - "uid": "prowler-aws-s3_bucket_acl_prohibited-211203495394-eu-west-1-cloudfront-logs-sure-jackal" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::cloudfront-logs-sure-jackal", - "name": "cloudfront-logs-sure-jackal", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "awslogsdelivery+s3_us-east-1", - "ID": "c4c1ede66af53448b93c283ce9448c4ba468c9432aa01d700d3878632f77d2d0", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - }, - { - "display_name": null, - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "eu-west-1", - "logging_target_bucket": null, - "ownership": "ObjectWriter", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "cloudfront-logs-sure-jackal", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::cloudfront-logs-sure-jackal" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Ensure that S3 ACLs are disabled (BucketOwnerEnforced). Use IAM policies and bucket policies to manage access.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html" - ] - }, - "risk_details": "S3 ACLs are a legacy access control mechanism that predates IAM. IAM and bucket policies are currently the preferred methods.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket logs-sure-jackal has bucket ACLs disabled.", - "metadata": { - "event_code": "s3_bucket_acl_prohibited", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 Bucket logs-sure-jackal has bucket ACLs disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.2", - "2.10.2" - ], - "PCI-4.0": [ - "7.2.1.24", - "7.2.2.24", - "7.2.5.18", - "7.3.1.18", - "7.3.2.18", - "7.3.3.18", - "8.2.7.18", - "8.2.8.20", - "8.3.4.18" - ], - "CCC": [ - "CCC.ObjStor.CN02.AR02" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.12" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP02" - ], - "KISA-ISMS-P-2023": [ - "2.6.2", - "2.10.2" - ], - "CISA": [ - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Check if S3 buckets have ACLs enabled", - "title": "Check if S3 buckets have ACLs enabled", - "types": [ - "Logging and Monitoring" - ], - "uid": "prowler-aws-s3_bucket_acl_prohibited-211203495394-eu-west-1-logs-sure-jackal" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::logs-sure-jackal", - "name": "logs-sure-jackal", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "ELBRegionEu-West-1", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::156460612806:root" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/*" - }, - { - "Effect": "Allow", - "Principal": { - "Service": "logdelivery.elasticloadbalancing.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/*" - }, - { - "Sid": "AlbNlbLogDeliveryWrite", - "Effect": "Allow", - "Principal": { - "Service": "delivery.logs.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/*", - "Condition": { - "StringEquals": { - "s3:x-amz-acl": "bucket-owner-full-control", - "aws:ResourceOrgID": "o-123456" - } - } - }, - { - "Sid": "AlbNlbLogDeliveryAclCheck", - "Effect": "Allow", - "Principal": { - "Service": "delivery.logs.amazonaws.com" - }, - "Action": [ - "s3:ListBucket", - "s3:GetBucketAcl" - ], - "Resource": "arn:aws:s3:::logs-sure-jackal", - "Condition": { - "StringEquals": { - "aws:ResourceOrgID": "o-123456" - } - } - }, - { - "Sid": "AWSAccessLogDeliveryWrite", - "Effect": "Allow", - "Principal": { - "Service": "logging.s3.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/*", - "Condition": { - "StringEquals": { - "aws:ResourceOrgID": "o-123456" - }, - "ForAnyValue:StringEquals": { - "aws:SourceAccount": "211203495394" - }, - "ForAnyValue:ArnLike": { - "aws:SourceArn": "arn:aws:s3:::s3-bucket-sure-jackal" - } - } - }, - { - "Sid": "AWSAccessLogDeliveryAclCheck", - "Effect": "Allow", - "Principal": { - "Service": "logging.s3.amazonaws.com" - }, - "Action": "s3:GetBucketAcl", - "Resource": "arn:aws:s3:::logs-sure-jackal", - "Condition": { - "StringEquals": { - "aws:ResourceOrgID": "o-123456" - } - } - }, - { - "Sid": "AWSCloudTrailAclCheck", - "Effect": "Allow", - "Principal": { - "Service": "cloudtrail.amazonaws.com" - }, - "Action": "s3:GetBucketAcl", - "Resource": "arn:aws:s3:::logs-sure-jackal" - }, - { - "Sid": "AWSCloudTrailWrite", - "Effect": "Allow", - "Principal": { - "Service": "cloudtrail.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/AWSLogs/*", - "Condition": { - "StringEquals": { - "s3:x-amz-acl": "bucket-owner-full-control" - } - } - }, - { - "Sid": "denyOutdatedTLS", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:*", - "Resource": [ - "arn:aws:s3:::logs-sure-jackal/*", - "arn:aws:s3:::logs-sure-jackal" - ], - "Condition": { - "NumericLessThan": { - "s3:TlsVersion": "1.2" - } - } - }, - { - "Sid": "denyInsecureTransport", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:*", - "Resource": [ - "arn:aws:s3:::logs-sure-jackal/*", - "arn:aws:s3:::logs-sure-jackal" - ], - "Condition": { - "Bool": { - "aws:SecureTransport": "false" - } - } - }, - { - "Sid": "WafLogDeliveryWrite", - "Effect": "Allow", - "Principal": { - "Service": "delivery.logs.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/AWSLogs/211203495394/*", - "Condition": { - "StringEquals": { - "aws:SourceAccount": "211203495394", - "s3:x-amz-acl": "bucket-owner-full-control" - }, - "ArnLike": { - "aws:SourceArn": "arn:aws:logs:eu-west-1:211203495394:*" - } - } - }, - { - "Sid": "WafLogDeliveryAclCheck", - "Effect": "Allow", - "Principal": { - "Service": "delivery.logs.amazonaws.com" - }, - "Action": "s3:GetBucketAcl", - "Resource": "arn:aws:s3:::logs-sure-jackal", - "Condition": { - "StringEquals": { - "aws:SourceAccount": "211203495394" - }, - "ArnLike": { - "aws:SourceArn": "arn:aws:logs:eu-west-1:211203495394:*" - } - } - } - ] - }, - "encryption": "AES256", - "region": "eu-west-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "logs-sure-jackal", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::logs-sure-jackal" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Ensure that S3 ACLs are disabled (BucketOwnerEnforced). Use IAM policies and bucket policies to manage access.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html" - ] - }, - "risk_details": "S3 ACLs are a legacy access control mechanism that predates IAM. IAM and bucket policies are currently the preferred methods.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket s3-bucket-sure-jackal has bucket ACLs enabled.", - "metadata": { - "event_code": "s3_bucket_acl_prohibited", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "S3 Bucket s3-bucket-sure-jackal has bucket ACLs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.2", - "2.10.2" - ], - "PCI-4.0": [ - "7.2.1.24", - "7.2.2.24", - "7.2.5.18", - "7.3.1.18", - "7.3.2.18", - "7.3.3.18", - "8.2.7.18", - "8.2.8.20", - "8.3.4.18" - ], - "CCC": [ - "CCC.ObjStor.CN02.AR02" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.12" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP02" - ], - "KISA-ISMS-P-2023": [ - "2.6.2", - "2.10.2" - ], - "CISA": [ - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Check if S3 buckets have ACLs enabled", - "title": "Check if S3 buckets have ACLs enabled", - "types": [ - "Logging and Monitoring" - ], - "uid": "prowler-aws-s3_bucket_acl_prohibited-211203495394-eu-west-1-s3-bucket-sure-jackal" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::s3-bucket-sure-jackal", - "name": "s3-bucket-sure-jackal", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": true, - "logging": true, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": null, - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "denyOutdatedTLS", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:*", - "Resource": [ - "arn:aws:s3:::s3-bucket-sure-jackal/*", - "arn:aws:s3:::s3-bucket-sure-jackal" - ], - "Condition": { - "NumericLessThan": { - "s3:TlsVersion": "1.2" - } - } - }, - { - "Sid": "denyInsecureTransport", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:*", - "Resource": [ - "arn:aws:s3:::s3-bucket-sure-jackal/*", - "arn:aws:s3:::s3-bucket-sure-jackal" - ], - "Condition": { - "Bool": { - "aws:SecureTransport": "false" - } - } - }, - { - "Sid": "denyUnencryptedObjectUploads", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal/*", - "Condition": { - "Null": { - "s3:x-amz-server-side-encryption": "true" - } - } - }, - { - "Sid": "denySSECEncryptedObjectUploads", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal/*", - "Condition": { - "Null": { - "s3:x-amz-server-side-encryption-customer-algorithm": "false" - } - } - }, - { - "Sid": "denyIncorrectKmsKeySse", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal/*", - "Condition": { - "StringNotEquals": { - "s3:x-amz-server-side-encryption-aws-kms-key-id": "arn:aws:kms:eu-west-1:211203495394:key/34307c6a-e2e3-4f56-8543-fa92dd73df4f" - } - } - }, - { - "Sid": "denyIncorrectEncryptionHeaders", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal/*", - "Condition": { - "StringNotEquals": { - "s3:x-amz-server-side-encryption": "aws:kms" - } - } - }, - { - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:role/terraform-20251019182000328500000001" - }, - "Action": "s3:ListBucket", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal" - } - ] - }, - "encryption": "aws:kms", - "region": "eu-west-1", - "logging_target_bucket": "logs-sure-jackal", - "ownership": "BucketOwnerPreferred", - "object_lock": true, - "mfa_delete": false, - "tags": [ - { - "Key": "Owner", - "Value": "Anton" - } - ], - "lifecycle": [ - { - "id": "log", - "status": "Enabled" - }, - { - "id": "log1", - "status": "Enabled" - }, - { - "id": "log2", - "status": "Enabled" - } - ], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [ - "Owner:Anton" - ], - "name": "s3-bucket-sure-jackal", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::s3-bucket-sure-jackal" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Ensure that S3 ACLs are disabled (BucketOwnerEnforced). Use IAM policies and bucket policies to manage access.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html" - ] - }, - "risk_details": "S3 ACLs are a legacy access control mechanism that predates IAM. IAM and bucket policies are currently the preferred methods.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket simple-sure-jackal has bucket ACLs disabled.", - "metadata": { - "event_code": "s3_bucket_acl_prohibited", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 Bucket simple-sure-jackal has bucket ACLs disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.2", - "2.10.2" - ], - "PCI-4.0": [ - "7.2.1.24", - "7.2.2.24", - "7.2.5.18", - "7.3.1.18", - "7.3.2.18", - "7.3.3.18", - "8.2.7.18", - "8.2.8.20", - "8.3.4.18" - ], - "CCC": [ - "CCC.ObjStor.CN02.AR02" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.12" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP02" - ], - "KISA-ISMS-P-2023": [ - "2.6.2", - "2.10.2" - ], - "CISA": [ - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Check if S3 buckets have ACLs enabled", - "title": "Check if S3 buckets have ACLs enabled", - "types": [ - "Logging and Monitoring" - ], - "uid": "prowler-aws-s3_bucket_acl_prohibited-211203495394-eu-west-1-simple-sure-jackal" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::simple-sure-jackal", - "name": "simple-sure-jackal", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "eu-west-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "simple-sure-jackal", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::simple-sure-jackal" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Ensure that S3 ACLs are disabled (BucketOwnerEnforced). Use IAM policies and bucket policies to manage access.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html" - ] - }, - "risk_details": "S3 ACLs are a legacy access control mechanism that predates IAM. IAM and bucket policies are currently the preferred methods.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket test-bucket-obj-untrusted has bucket ACLs disabled.", - "metadata": { - "event_code": "s3_bucket_acl_prohibited", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 Bucket test-bucket-obj-untrusted has bucket ACLs disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.2", - "2.10.2" - ], - "PCI-4.0": [ - "7.2.1.24", - "7.2.2.24", - "7.2.5.18", - "7.3.1.18", - "7.3.2.18", - "7.3.3.18", - "8.2.7.18", - "8.2.8.20", - "8.3.4.18" - ], - "CCC": [ - "CCC.ObjStor.CN02.AR02" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.12" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP02" - ], - "KISA-ISMS-P-2023": [ - "2.6.2", - "2.10.2" - ], - "CISA": [ - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Check if S3 buckets have ACLs enabled", - "title": "Check if S3 buckets have ACLs enabled", - "types": [ - "Logging and Monitoring" - ], - "uid": "prowler-aws-s3_bucket_acl_prohibited-211203495394-us-east-1-test-bucket-obj-untrusted" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::test-bucket-obj-untrusted", - "name": "test-bucket-obj-untrusted", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "us-east-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "test-bucket-obj-untrusted", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::test-bucket-obj-untrusted" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Ensure that S3 ACLs are disabled (BucketOwnerEnforced). Use IAM policies and bucket policies to manage access.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html" - ] - }, - "risk_details": "S3 ACLs are a legacy access control mechanism that predates IAM. IAM and bucket policies are currently the preferred methods.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket test-bucket-untrusted-kms has bucket ACLs disabled.", - "metadata": { - "event_code": "s3_bucket_acl_prohibited", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 Bucket test-bucket-untrusted-kms has bucket ACLs disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.2", - "2.10.2" - ], - "PCI-4.0": [ - "7.2.1.24", - "7.2.2.24", - "7.2.5.18", - "7.3.1.18", - "7.3.2.18", - "7.3.3.18", - "8.2.7.18", - "8.2.8.20", - "8.3.4.18" - ], - "CCC": [ - "CCC.ObjStor.CN02.AR02" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.12" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP02" - ], - "KISA-ISMS-P-2023": [ - "2.6.2", - "2.10.2" - ], - "CISA": [ - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Check if S3 buckets have ACLs enabled", - "title": "Check if S3 buckets have ACLs enabled", - "types": [ - "Logging and Monitoring" - ], - "uid": "prowler-aws-s3_bucket_acl_prohibited-211203495394-us-east-1-test-bucket-untrusted-kms" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::test-bucket-untrusted-kms", - "name": "test-bucket-untrusted-kms", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "us-east-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "test-bucket-untrusted-kms", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::test-bucket-untrusted-kms" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Ensure that S3 ACLs are disabled (BucketOwnerEnforced). Use IAM policies and bucket policies to manage access.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html" - ] - }, - "risk_details": "S3 ACLs are a legacy access control mechanism that predates IAM. IAM and bucket policies are currently the preferred methods.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket cloudfront-logs-sure-jackal does not have a bucket policy.", - "metadata": { - "event_code": "s3_bucket_cross_account_access", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 Bucket cloudfront-logs-sure-jackal does not have a bucket policy.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-10.01B", - "IAM-10.02B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "PCI-4.0": [ - "10.6.3.33", - "10.6.3.35", - "7.2.1.25", - "7.2.1.26", - "7.2.1.27", - "7.2.2.25", - "7.2.2.26", - "7.2.2.27", - "7.2.5.19", - "7.2.5.20", - "7.2.5.21", - "7.2.6.4", - "7.2.6.5", - "7.3.1.19", - "7.3.1.20", - "7.3.1.21", - "7.3.2.19", - "7.3.2.20", - "7.3.2.21", - "7.3.3.19", - "7.3.3.20", - "7.3.3.21", - "8.2.7.19", - "8.2.7.20", - "8.2.7.21", - "8.2.8.21", - "8.2.8.22", - "8.2.8.23", - "8.3.4.19", - "8.3.4.20", - "8.3.4.21" - ], - "CCC": [ - "CCC.AuditLog.CN05.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN10.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.6", - "S3.7" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "This check verifies that S3 bucket policies are configured in a way that limits access to the intended AWS accounts only, preventing unauthorized access by external or unintended accounts.", - "title": "Ensure that general-purpose bucket policies restrict access to other AWS accounts.", - "types": [ - "Effects/Data Exposure" - ], - "uid": "prowler-aws-s3_bucket_cross_account_access-211203495394-eu-west-1-cloudfront-logs-sure-jackal" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::cloudfront-logs-sure-jackal", - "name": "cloudfront-logs-sure-jackal", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "awslogsdelivery+s3_us-east-1", - "ID": "c4c1ede66af53448b93c283ce9448c4ba468c9432aa01d700d3878632f77d2d0", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - }, - { - "display_name": null, - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "eu-west-1", - "logging_target_bucket": null, - "ownership": "ObjectWriter", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "cloudfront-logs-sure-jackal", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::cloudfront-logs-sure-jackal" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Review and update your S3 bucket policies to remove permissions that grant external AWS accounts access to critical actions and implement least privilege principles to ensure sensitive operations are restricted to trusted accounts only", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html" - ] - }, - "risk_details": "Allowing other AWS accounts to perform sensitive actions (e.g., modifying bucket policies, ACLs, or encryption settings) on your S3 buckets can lead to data exposure, unauthorized access, or misconfigurations, increasing the risk of insider threats or attacks.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket logs-sure-jackal has a bucket policy allowing cross account access.", - "metadata": { - "event_code": "s3_bucket_cross_account_access", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "S3 Bucket logs-sure-jackal has a bucket policy allowing cross account access.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-10.01B", - "IAM-10.02B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "PCI-4.0": [ - "10.6.3.33", - "10.6.3.35", - "7.2.1.25", - "7.2.1.26", - "7.2.1.27", - "7.2.2.25", - "7.2.2.26", - "7.2.2.27", - "7.2.5.19", - "7.2.5.20", - "7.2.5.21", - "7.2.6.4", - "7.2.6.5", - "7.3.1.19", - "7.3.1.20", - "7.3.1.21", - "7.3.2.19", - "7.3.2.20", - "7.3.2.21", - "7.3.3.19", - "7.3.3.20", - "7.3.3.21", - "8.2.7.19", - "8.2.7.20", - "8.2.7.21", - "8.2.8.21", - "8.2.8.22", - "8.2.8.23", - "8.3.4.19", - "8.3.4.20", - "8.3.4.21" - ], - "CCC": [ - "CCC.AuditLog.CN05.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN10.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.6", - "S3.7" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "This check verifies that S3 bucket policies are configured in a way that limits access to the intended AWS accounts only, preventing unauthorized access by external or unintended accounts.", - "title": "Ensure that general-purpose bucket policies restrict access to other AWS accounts.", - "types": [ - "Effects/Data Exposure" - ], - "uid": "prowler-aws-s3_bucket_cross_account_access-211203495394-eu-west-1-logs-sure-jackal" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::logs-sure-jackal", - "name": "logs-sure-jackal", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "ELBRegionEu-West-1", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::156460612806:root" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/*" - }, - { - "Effect": "Allow", - "Principal": { - "Service": "logdelivery.elasticloadbalancing.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/*" - }, - { - "Sid": "AlbNlbLogDeliveryWrite", - "Effect": "Allow", - "Principal": { - "Service": "delivery.logs.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/*", - "Condition": { - "StringEquals": { - "s3:x-amz-acl": "bucket-owner-full-control", - "aws:ResourceOrgID": "o-123456" - } - } - }, - { - "Sid": "AlbNlbLogDeliveryAclCheck", - "Effect": "Allow", - "Principal": { - "Service": "delivery.logs.amazonaws.com" - }, - "Action": [ - "s3:ListBucket", - "s3:GetBucketAcl" - ], - "Resource": "arn:aws:s3:::logs-sure-jackal", - "Condition": { - "StringEquals": { - "aws:ResourceOrgID": "o-123456" - } - } - }, - { - "Sid": "AWSAccessLogDeliveryWrite", - "Effect": "Allow", - "Principal": { - "Service": "logging.s3.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/*", - "Condition": { - "StringEquals": { - "aws:ResourceOrgID": "o-123456" - }, - "ForAnyValue:StringEquals": { - "aws:SourceAccount": "211203495394" - }, - "ForAnyValue:ArnLike": { - "aws:SourceArn": "arn:aws:s3:::s3-bucket-sure-jackal" - } - } - }, - { - "Sid": "AWSAccessLogDeliveryAclCheck", - "Effect": "Allow", - "Principal": { - "Service": "logging.s3.amazonaws.com" - }, - "Action": "s3:GetBucketAcl", - "Resource": "arn:aws:s3:::logs-sure-jackal", - "Condition": { - "StringEquals": { - "aws:ResourceOrgID": "o-123456" - } - } - }, - { - "Sid": "AWSCloudTrailAclCheck", - "Effect": "Allow", - "Principal": { - "Service": "cloudtrail.amazonaws.com" - }, - "Action": "s3:GetBucketAcl", - "Resource": "arn:aws:s3:::logs-sure-jackal" - }, - { - "Sid": "AWSCloudTrailWrite", - "Effect": "Allow", - "Principal": { - "Service": "cloudtrail.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/AWSLogs/*", - "Condition": { - "StringEquals": { - "s3:x-amz-acl": "bucket-owner-full-control" - } - } - }, - { - "Sid": "denyOutdatedTLS", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:*", - "Resource": [ - "arn:aws:s3:::logs-sure-jackal/*", - "arn:aws:s3:::logs-sure-jackal" - ], - "Condition": { - "NumericLessThan": { - "s3:TlsVersion": "1.2" - } - } - }, - { - "Sid": "denyInsecureTransport", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:*", - "Resource": [ - "arn:aws:s3:::logs-sure-jackal/*", - "arn:aws:s3:::logs-sure-jackal" - ], - "Condition": { - "Bool": { - "aws:SecureTransport": "false" - } - } - }, - { - "Sid": "WafLogDeliveryWrite", - "Effect": "Allow", - "Principal": { - "Service": "delivery.logs.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/AWSLogs/211203495394/*", - "Condition": { - "StringEquals": { - "aws:SourceAccount": "211203495394", - "s3:x-amz-acl": "bucket-owner-full-control" - }, - "ArnLike": { - "aws:SourceArn": "arn:aws:logs:eu-west-1:211203495394:*" - } - } - }, - { - "Sid": "WafLogDeliveryAclCheck", - "Effect": "Allow", - "Principal": { - "Service": "delivery.logs.amazonaws.com" - }, - "Action": "s3:GetBucketAcl", - "Resource": "arn:aws:s3:::logs-sure-jackal", - "Condition": { - "StringEquals": { - "aws:SourceAccount": "211203495394" - }, - "ArnLike": { - "aws:SourceArn": "arn:aws:logs:eu-west-1:211203495394:*" - } - } - } - ] - }, - "encryption": "AES256", - "region": "eu-west-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "logs-sure-jackal", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::logs-sure-jackal" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Review and update your S3 bucket policies to remove permissions that grant external AWS accounts access to critical actions and implement least privilege principles to ensure sensitive operations are restricted to trusted accounts only", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html" - ] - }, - "risk_details": "Allowing other AWS accounts to perform sensitive actions (e.g., modifying bucket policies, ACLs, or encryption settings) on your S3 buckets can lead to data exposure, unauthorized access, or misconfigurations, increasing the risk of insider threats or attacks.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket s3-bucket-sure-jackal has a bucket policy but it does not allow cross account access.", - "metadata": { - "event_code": "s3_bucket_cross_account_access", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 Bucket s3-bucket-sure-jackal has a bucket policy but it does not allow cross account access.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-10.01B", - "IAM-10.02B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "PCI-4.0": [ - "10.6.3.33", - "10.6.3.35", - "7.2.1.25", - "7.2.1.26", - "7.2.1.27", - "7.2.2.25", - "7.2.2.26", - "7.2.2.27", - "7.2.5.19", - "7.2.5.20", - "7.2.5.21", - "7.2.6.4", - "7.2.6.5", - "7.3.1.19", - "7.3.1.20", - "7.3.1.21", - "7.3.2.19", - "7.3.2.20", - "7.3.2.21", - "7.3.3.19", - "7.3.3.20", - "7.3.3.21", - "8.2.7.19", - "8.2.7.20", - "8.2.7.21", - "8.2.8.21", - "8.2.8.22", - "8.2.8.23", - "8.3.4.19", - "8.3.4.20", - "8.3.4.21" - ], - "CCC": [ - "CCC.AuditLog.CN05.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN10.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.6", - "S3.7" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "This check verifies that S3 bucket policies are configured in a way that limits access to the intended AWS accounts only, preventing unauthorized access by external or unintended accounts.", - "title": "Ensure that general-purpose bucket policies restrict access to other AWS accounts.", - "types": [ - "Effects/Data Exposure" - ], - "uid": "prowler-aws-s3_bucket_cross_account_access-211203495394-eu-west-1-s3-bucket-sure-jackal" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::s3-bucket-sure-jackal", - "name": "s3-bucket-sure-jackal", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": true, - "logging": true, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": null, - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "denyOutdatedTLS", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:*", - "Resource": [ - "arn:aws:s3:::s3-bucket-sure-jackal/*", - "arn:aws:s3:::s3-bucket-sure-jackal" - ], - "Condition": { - "NumericLessThan": { - "s3:TlsVersion": "1.2" - } - } - }, - { - "Sid": "denyInsecureTransport", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:*", - "Resource": [ - "arn:aws:s3:::s3-bucket-sure-jackal/*", - "arn:aws:s3:::s3-bucket-sure-jackal" - ], - "Condition": { - "Bool": { - "aws:SecureTransport": "false" - } - } - }, - { - "Sid": "denyUnencryptedObjectUploads", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal/*", - "Condition": { - "Null": { - "s3:x-amz-server-side-encryption": "true" - } - } - }, - { - "Sid": "denySSECEncryptedObjectUploads", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal/*", - "Condition": { - "Null": { - "s3:x-amz-server-side-encryption-customer-algorithm": "false" - } - } - }, - { - "Sid": "denyIncorrectKmsKeySse", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal/*", - "Condition": { - "StringNotEquals": { - "s3:x-amz-server-side-encryption-aws-kms-key-id": "arn:aws:kms:eu-west-1:211203495394:key/34307c6a-e2e3-4f56-8543-fa92dd73df4f" - } - } - }, - { - "Sid": "denyIncorrectEncryptionHeaders", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal/*", - "Condition": { - "StringNotEquals": { - "s3:x-amz-server-side-encryption": "aws:kms" - } - } - }, - { - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:role/terraform-20251019182000328500000001" - }, - "Action": "s3:ListBucket", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal" - } - ] - }, - "encryption": "aws:kms", - "region": "eu-west-1", - "logging_target_bucket": "logs-sure-jackal", - "ownership": "BucketOwnerPreferred", - "object_lock": true, - "mfa_delete": false, - "tags": [ - { - "Key": "Owner", - "Value": "Anton" - } - ], - "lifecycle": [ - { - "id": "log", - "status": "Enabled" - }, - { - "id": "log1", - "status": "Enabled" - }, - { - "id": "log2", - "status": "Enabled" - } - ], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [ - "Owner:Anton" - ], - "name": "s3-bucket-sure-jackal", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::s3-bucket-sure-jackal" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Review and update your S3 bucket policies to remove permissions that grant external AWS accounts access to critical actions and implement least privilege principles to ensure sensitive operations are restricted to trusted accounts only", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html" - ] - }, - "risk_details": "Allowing other AWS accounts to perform sensitive actions (e.g., modifying bucket policies, ACLs, or encryption settings) on your S3 buckets can lead to data exposure, unauthorized access, or misconfigurations, increasing the risk of insider threats or attacks.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket simple-sure-jackal does not have a bucket policy.", - "metadata": { - "event_code": "s3_bucket_cross_account_access", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 Bucket simple-sure-jackal does not have a bucket policy.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-10.01B", - "IAM-10.02B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "PCI-4.0": [ - "10.6.3.33", - "10.6.3.35", - "7.2.1.25", - "7.2.1.26", - "7.2.1.27", - "7.2.2.25", - "7.2.2.26", - "7.2.2.27", - "7.2.5.19", - "7.2.5.20", - "7.2.5.21", - "7.2.6.4", - "7.2.6.5", - "7.3.1.19", - "7.3.1.20", - "7.3.1.21", - "7.3.2.19", - "7.3.2.20", - "7.3.2.21", - "7.3.3.19", - "7.3.3.20", - "7.3.3.21", - "8.2.7.19", - "8.2.7.20", - "8.2.7.21", - "8.2.8.21", - "8.2.8.22", - "8.2.8.23", - "8.3.4.19", - "8.3.4.20", - "8.3.4.21" - ], - "CCC": [ - "CCC.AuditLog.CN05.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN10.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.6", - "S3.7" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "This check verifies that S3 bucket policies are configured in a way that limits access to the intended AWS accounts only, preventing unauthorized access by external or unintended accounts.", - "title": "Ensure that general-purpose bucket policies restrict access to other AWS accounts.", - "types": [ - "Effects/Data Exposure" - ], - "uid": "prowler-aws-s3_bucket_cross_account_access-211203495394-eu-west-1-simple-sure-jackal" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::simple-sure-jackal", - "name": "simple-sure-jackal", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "eu-west-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "simple-sure-jackal", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::simple-sure-jackal" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Review and update your S3 bucket policies to remove permissions that grant external AWS accounts access to critical actions and implement least privilege principles to ensure sensitive operations are restricted to trusted accounts only", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html" - ] - }, - "risk_details": "Allowing other AWS accounts to perform sensitive actions (e.g., modifying bucket policies, ACLs, or encryption settings) on your S3 buckets can lead to data exposure, unauthorized access, or misconfigurations, increasing the risk of insider threats or attacks.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket test-bucket-obj-untrusted does not have a bucket policy.", - "metadata": { - "event_code": "s3_bucket_cross_account_access", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 Bucket test-bucket-obj-untrusted does not have a bucket policy.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-10.01B", - "IAM-10.02B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "PCI-4.0": [ - "10.6.3.33", - "10.6.3.35", - "7.2.1.25", - "7.2.1.26", - "7.2.1.27", - "7.2.2.25", - "7.2.2.26", - "7.2.2.27", - "7.2.5.19", - "7.2.5.20", - "7.2.5.21", - "7.2.6.4", - "7.2.6.5", - "7.3.1.19", - "7.3.1.20", - "7.3.1.21", - "7.3.2.19", - "7.3.2.20", - "7.3.2.21", - "7.3.3.19", - "7.3.3.20", - "7.3.3.21", - "8.2.7.19", - "8.2.7.20", - "8.2.7.21", - "8.2.8.21", - "8.2.8.22", - "8.2.8.23", - "8.3.4.19", - "8.3.4.20", - "8.3.4.21" - ], - "CCC": [ - "CCC.AuditLog.CN05.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN10.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.6", - "S3.7" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "This check verifies that S3 bucket policies are configured in a way that limits access to the intended AWS accounts only, preventing unauthorized access by external or unintended accounts.", - "title": "Ensure that general-purpose bucket policies restrict access to other AWS accounts.", - "types": [ - "Effects/Data Exposure" - ], - "uid": "prowler-aws-s3_bucket_cross_account_access-211203495394-us-east-1-test-bucket-obj-untrusted" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::test-bucket-obj-untrusted", - "name": "test-bucket-obj-untrusted", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "us-east-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "test-bucket-obj-untrusted", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::test-bucket-obj-untrusted" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Review and update your S3 bucket policies to remove permissions that grant external AWS accounts access to critical actions and implement least privilege principles to ensure sensitive operations are restricted to trusted accounts only", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html" - ] - }, - "risk_details": "Allowing other AWS accounts to perform sensitive actions (e.g., modifying bucket policies, ACLs, or encryption settings) on your S3 buckets can lead to data exposure, unauthorized access, or misconfigurations, increasing the risk of insider threats or attacks.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket test-bucket-untrusted-kms does not have a bucket policy.", - "metadata": { - "event_code": "s3_bucket_cross_account_access", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 Bucket test-bucket-untrusted-kms does not have a bucket policy.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-10.01B", - "IAM-10.02B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "PCI-4.0": [ - "10.6.3.33", - "10.6.3.35", - "7.2.1.25", - "7.2.1.26", - "7.2.1.27", - "7.2.2.25", - "7.2.2.26", - "7.2.2.27", - "7.2.5.19", - "7.2.5.20", - "7.2.5.21", - "7.2.6.4", - "7.2.6.5", - "7.3.1.19", - "7.3.1.20", - "7.3.1.21", - "7.3.2.19", - "7.3.2.20", - "7.3.2.21", - "7.3.3.19", - "7.3.3.20", - "7.3.3.21", - "8.2.7.19", - "8.2.7.20", - "8.2.7.21", - "8.2.8.21", - "8.2.8.22", - "8.2.8.23", - "8.3.4.19", - "8.3.4.20", - "8.3.4.21" - ], - "CCC": [ - "CCC.AuditLog.CN05.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN10.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.6", - "S3.7" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "This check verifies that S3 bucket policies are configured in a way that limits access to the intended AWS accounts only, preventing unauthorized access by external or unintended accounts.", - "title": "Ensure that general-purpose bucket policies restrict access to other AWS accounts.", - "types": [ - "Effects/Data Exposure" - ], - "uid": "prowler-aws-s3_bucket_cross_account_access-211203495394-us-east-1-test-bucket-untrusted-kms" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::test-bucket-untrusted-kms", - "name": "test-bucket-untrusted-kms", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "us-east-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "test-bucket-untrusted-kms", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::test-bucket-untrusted-kms" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Review and update your S3 bucket policies to remove permissions that grant external AWS accounts access to critical actions and implement least privilege principles to ensure sensitive operations are restricted to trusted accounts only", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html" - ] - }, - "risk_details": "Allowing other AWS accounts to perform sensitive actions (e.g., modifying bucket policies, ACLs, or encryption settings) on your S3 buckets can lead to data exposure, unauthorized access, or misconfigurations, increasing the risk of insider threats or attacks.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket cloudfront-logs-sure-jackal does not have correct cross region replication configuration.", - "metadata": { - "event_code": "s3_bucket_cross_region_replication", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "S3 Bucket cloudfront-logs-sure-jackal does not have correct cross region replication configuration.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonS3/latest/userguide/replication.html", - "categories": [ - "redundancy" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.2" - ], - "PCI-3.2.1": [ - "2.2", - "3.1", - "3.1.c", - "10.5", - "10.5.3" - ], - "CCC": [ - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN05.AR02", - "CCC.Core.CN08.AR01", - "CCC.Core.CN08.AR02" - ], - "ISO27001-2022": [ - "A.8.14" - ], - "KISA-ISMS-P-2023": [ - "2.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Verifying whether S3 buckets have cross-region replication enabled, ensuring data redundancy and availability across multiple AWS regions", - "title": "Check if S3 buckets use cross region replication.", - "types": [ - "Secure access management" - ], - "uid": "prowler-aws-s3_bucket_cross_region_replication-211203495394-eu-west-1-cloudfront-logs-sure-jackal" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::cloudfront-logs-sure-jackal", - "name": "cloudfront-logs-sure-jackal", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "awslogsdelivery+s3_us-east-1", - "ID": "c4c1ede66af53448b93c283ce9448c4ba468c9432aa01d700d3878632f77d2d0", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - }, - { - "display_name": null, - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "eu-west-1", - "logging_target_bucket": null, - "ownership": "ObjectWriter", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "cloudfront-logs-sure-jackal", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::cloudfront-logs-sure-jackal" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Ensure that S3 buckets have cross region replication.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/replication-walkthrough1.html" - ] - }, - "risk_details": "Without cross-region replication in S3 buckets, data is at risk of being lost or inaccessible if an entire region goes down, leading to potential service disruptions and data unavailability.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket logs-sure-jackal does not have correct cross region replication configuration.", - "metadata": { - "event_code": "s3_bucket_cross_region_replication", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "S3 Bucket logs-sure-jackal does not have correct cross region replication configuration.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonS3/latest/userguide/replication.html", - "categories": [ - "redundancy" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.2" - ], - "PCI-3.2.1": [ - "2.2", - "3.1", - "3.1.c", - "10.5", - "10.5.3" - ], - "CCC": [ - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN05.AR02", - "CCC.Core.CN08.AR01", - "CCC.Core.CN08.AR02" - ], - "ISO27001-2022": [ - "A.8.14" - ], - "KISA-ISMS-P-2023": [ - "2.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Verifying whether S3 buckets have cross-region replication enabled, ensuring data redundancy and availability across multiple AWS regions", - "title": "Check if S3 buckets use cross region replication.", - "types": [ - "Secure access management" - ], - "uid": "prowler-aws-s3_bucket_cross_region_replication-211203495394-eu-west-1-logs-sure-jackal" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::logs-sure-jackal", - "name": "logs-sure-jackal", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "ELBRegionEu-West-1", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::156460612806:root" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/*" - }, - { - "Effect": "Allow", - "Principal": { - "Service": "logdelivery.elasticloadbalancing.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/*" - }, - { - "Sid": "AlbNlbLogDeliveryWrite", - "Effect": "Allow", - "Principal": { - "Service": "delivery.logs.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/*", - "Condition": { - "StringEquals": { - "s3:x-amz-acl": "bucket-owner-full-control", - "aws:ResourceOrgID": "o-123456" - } - } - }, - { - "Sid": "AlbNlbLogDeliveryAclCheck", - "Effect": "Allow", - "Principal": { - "Service": "delivery.logs.amazonaws.com" - }, - "Action": [ - "s3:ListBucket", - "s3:GetBucketAcl" - ], - "Resource": "arn:aws:s3:::logs-sure-jackal", - "Condition": { - "StringEquals": { - "aws:ResourceOrgID": "o-123456" - } - } - }, - { - "Sid": "AWSAccessLogDeliveryWrite", - "Effect": "Allow", - "Principal": { - "Service": "logging.s3.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/*", - "Condition": { - "StringEquals": { - "aws:ResourceOrgID": "o-123456" - }, - "ForAnyValue:StringEquals": { - "aws:SourceAccount": "211203495394" - }, - "ForAnyValue:ArnLike": { - "aws:SourceArn": "arn:aws:s3:::s3-bucket-sure-jackal" - } - } - }, - { - "Sid": "AWSAccessLogDeliveryAclCheck", - "Effect": "Allow", - "Principal": { - "Service": "logging.s3.amazonaws.com" - }, - "Action": "s3:GetBucketAcl", - "Resource": "arn:aws:s3:::logs-sure-jackal", - "Condition": { - "StringEquals": { - "aws:ResourceOrgID": "o-123456" - } - } - }, - { - "Sid": "AWSCloudTrailAclCheck", - "Effect": "Allow", - "Principal": { - "Service": "cloudtrail.amazonaws.com" - }, - "Action": "s3:GetBucketAcl", - "Resource": "arn:aws:s3:::logs-sure-jackal" - }, - { - "Sid": "AWSCloudTrailWrite", - "Effect": "Allow", - "Principal": { - "Service": "cloudtrail.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/AWSLogs/*", - "Condition": { - "StringEquals": { - "s3:x-amz-acl": "bucket-owner-full-control" - } - } - }, - { - "Sid": "denyOutdatedTLS", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:*", - "Resource": [ - "arn:aws:s3:::logs-sure-jackal/*", - "arn:aws:s3:::logs-sure-jackal" - ], - "Condition": { - "NumericLessThan": { - "s3:TlsVersion": "1.2" - } - } - }, - { - "Sid": "denyInsecureTransport", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:*", - "Resource": [ - "arn:aws:s3:::logs-sure-jackal/*", - "arn:aws:s3:::logs-sure-jackal" - ], - "Condition": { - "Bool": { - "aws:SecureTransport": "false" - } - } - }, - { - "Sid": "WafLogDeliveryWrite", - "Effect": "Allow", - "Principal": { - "Service": "delivery.logs.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/AWSLogs/211203495394/*", - "Condition": { - "StringEquals": { - "aws:SourceAccount": "211203495394", - "s3:x-amz-acl": "bucket-owner-full-control" - }, - "ArnLike": { - "aws:SourceArn": "arn:aws:logs:eu-west-1:211203495394:*" - } - } - }, - { - "Sid": "WafLogDeliveryAclCheck", - "Effect": "Allow", - "Principal": { - "Service": "delivery.logs.amazonaws.com" - }, - "Action": "s3:GetBucketAcl", - "Resource": "arn:aws:s3:::logs-sure-jackal", - "Condition": { - "StringEquals": { - "aws:SourceAccount": "211203495394" - }, - "ArnLike": { - "aws:SourceArn": "arn:aws:logs:eu-west-1:211203495394:*" - } - } - } - ] - }, - "encryption": "AES256", - "region": "eu-west-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "logs-sure-jackal", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::logs-sure-jackal" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Ensure that S3 buckets have cross region replication.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/replication-walkthrough1.html" - ] - }, - "risk_details": "Without cross-region replication in S3 buckets, data is at risk of being lost or inaccessible if an entire region goes down, leading to potential service disruptions and data unavailability.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket s3-bucket-sure-jackal does not have correct cross region replication configuration.", - "metadata": { - "event_code": "s3_bucket_cross_region_replication", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "S3 Bucket s3-bucket-sure-jackal does not have correct cross region replication configuration.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonS3/latest/userguide/replication.html", - "categories": [ - "redundancy" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.2" - ], - "PCI-3.2.1": [ - "2.2", - "3.1", - "3.1.c", - "10.5", - "10.5.3" - ], - "CCC": [ - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN05.AR02", - "CCC.Core.CN08.AR01", - "CCC.Core.CN08.AR02" - ], - "ISO27001-2022": [ - "A.8.14" - ], - "KISA-ISMS-P-2023": [ - "2.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Verifying whether S3 buckets have cross-region replication enabled, ensuring data redundancy and availability across multiple AWS regions", - "title": "Check if S3 buckets use cross region replication.", - "types": [ - "Secure access management" - ], - "uid": "prowler-aws-s3_bucket_cross_region_replication-211203495394-eu-west-1-s3-bucket-sure-jackal" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::s3-bucket-sure-jackal", - "name": "s3-bucket-sure-jackal", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": true, - "logging": true, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": null, - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "denyOutdatedTLS", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:*", - "Resource": [ - "arn:aws:s3:::s3-bucket-sure-jackal/*", - "arn:aws:s3:::s3-bucket-sure-jackal" - ], - "Condition": { - "NumericLessThan": { - "s3:TlsVersion": "1.2" - } - } - }, - { - "Sid": "denyInsecureTransport", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:*", - "Resource": [ - "arn:aws:s3:::s3-bucket-sure-jackal/*", - "arn:aws:s3:::s3-bucket-sure-jackal" - ], - "Condition": { - "Bool": { - "aws:SecureTransport": "false" - } - } - }, - { - "Sid": "denyUnencryptedObjectUploads", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal/*", - "Condition": { - "Null": { - "s3:x-amz-server-side-encryption": "true" - } - } - }, - { - "Sid": "denySSECEncryptedObjectUploads", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal/*", - "Condition": { - "Null": { - "s3:x-amz-server-side-encryption-customer-algorithm": "false" - } - } - }, - { - "Sid": "denyIncorrectKmsKeySse", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal/*", - "Condition": { - "StringNotEquals": { - "s3:x-amz-server-side-encryption-aws-kms-key-id": "arn:aws:kms:eu-west-1:211203495394:key/34307c6a-e2e3-4f56-8543-fa92dd73df4f" - } - } - }, - { - "Sid": "denyIncorrectEncryptionHeaders", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal/*", - "Condition": { - "StringNotEquals": { - "s3:x-amz-server-side-encryption": "aws:kms" - } - } - }, - { - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:role/terraform-20251019182000328500000001" - }, - "Action": "s3:ListBucket", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal" - } - ] - }, - "encryption": "aws:kms", - "region": "eu-west-1", - "logging_target_bucket": "logs-sure-jackal", - "ownership": "BucketOwnerPreferred", - "object_lock": true, - "mfa_delete": false, - "tags": [ - { - "Key": "Owner", - "Value": "Anton" - } - ], - "lifecycle": [ - { - "id": "log", - "status": "Enabled" - }, - { - "id": "log1", - "status": "Enabled" - }, - { - "id": "log2", - "status": "Enabled" - } - ], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [ - "Owner:Anton" - ], - "name": "s3-bucket-sure-jackal", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::s3-bucket-sure-jackal" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Ensure that S3 buckets have cross region replication.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/replication-walkthrough1.html" - ] - }, - "risk_details": "Without cross-region replication in S3 buckets, data is at risk of being lost or inaccessible if an entire region goes down, leading to potential service disruptions and data unavailability.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket simple-sure-jackal does not have correct cross region replication configuration.", - "metadata": { - "event_code": "s3_bucket_cross_region_replication", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "S3 Bucket simple-sure-jackal does not have correct cross region replication configuration.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonS3/latest/userguide/replication.html", - "categories": [ - "redundancy" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.2" - ], - "PCI-3.2.1": [ - "2.2", - "3.1", - "3.1.c", - "10.5", - "10.5.3" - ], - "CCC": [ - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN05.AR02", - "CCC.Core.CN08.AR01", - "CCC.Core.CN08.AR02" - ], - "ISO27001-2022": [ - "A.8.14" - ], - "KISA-ISMS-P-2023": [ - "2.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Verifying whether S3 buckets have cross-region replication enabled, ensuring data redundancy and availability across multiple AWS regions", - "title": "Check if S3 buckets use cross region replication.", - "types": [ - "Secure access management" - ], - "uid": "prowler-aws-s3_bucket_cross_region_replication-211203495394-eu-west-1-simple-sure-jackal" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::simple-sure-jackal", - "name": "simple-sure-jackal", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "eu-west-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "simple-sure-jackal", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::simple-sure-jackal" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Ensure that S3 buckets have cross region replication.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/replication-walkthrough1.html" - ] - }, - "risk_details": "Without cross-region replication in S3 buckets, data is at risk of being lost or inaccessible if an entire region goes down, leading to potential service disruptions and data unavailability.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket test-bucket-obj-untrusted does not have correct cross region replication configuration.", - "metadata": { - "event_code": "s3_bucket_cross_region_replication", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "S3 Bucket test-bucket-obj-untrusted does not have correct cross region replication configuration.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonS3/latest/userguide/replication.html", - "categories": [ - "redundancy" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.2" - ], - "PCI-3.2.1": [ - "2.2", - "3.1", - "3.1.c", - "10.5", - "10.5.3" - ], - "CCC": [ - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN05.AR02", - "CCC.Core.CN08.AR01", - "CCC.Core.CN08.AR02" - ], - "ISO27001-2022": [ - "A.8.14" - ], - "KISA-ISMS-P-2023": [ - "2.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Verifying whether S3 buckets have cross-region replication enabled, ensuring data redundancy and availability across multiple AWS regions", - "title": "Check if S3 buckets use cross region replication.", - "types": [ - "Secure access management" - ], - "uid": "prowler-aws-s3_bucket_cross_region_replication-211203495394-us-east-1-test-bucket-obj-untrusted" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::test-bucket-obj-untrusted", - "name": "test-bucket-obj-untrusted", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "us-east-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "test-bucket-obj-untrusted", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::test-bucket-obj-untrusted" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Ensure that S3 buckets have cross region replication.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/replication-walkthrough1.html" - ] - }, - "risk_details": "Without cross-region replication in S3 buckets, data is at risk of being lost or inaccessible if an entire region goes down, leading to potential service disruptions and data unavailability.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket test-bucket-untrusted-kms does not have correct cross region replication configuration.", - "metadata": { - "event_code": "s3_bucket_cross_region_replication", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "S3 Bucket test-bucket-untrusted-kms does not have correct cross region replication configuration.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonS3/latest/userguide/replication.html", - "categories": [ - "redundancy" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.2" - ], - "PCI-3.2.1": [ - "2.2", - "3.1", - "3.1.c", - "10.5", - "10.5.3" - ], - "CCC": [ - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN05.AR02", - "CCC.Core.CN08.AR01", - "CCC.Core.CN08.AR02" - ], - "ISO27001-2022": [ - "A.8.14" - ], - "KISA-ISMS-P-2023": [ - "2.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Verifying whether S3 buckets have cross-region replication enabled, ensuring data redundancy and availability across multiple AWS regions", - "title": "Check if S3 buckets use cross region replication.", - "types": [ - "Secure access management" - ], - "uid": "prowler-aws-s3_bucket_cross_region_replication-211203495394-us-east-1-test-bucket-untrusted-kms" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::test-bucket-untrusted-kms", - "name": "test-bucket-untrusted-kms", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "us-east-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "test-bucket-untrusted-kms", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::test-bucket-untrusted-kms" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Ensure that S3 buckets have cross region replication.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/replication-walkthrough1.html" - ] - }, - "risk_details": "Without cross-region replication in S3 buckets, data is at risk of being lost or inaccessible if an entire region goes down, leading to potential service disruptions and data unavailability.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket cloudfront-logs-sure-jackal has Server Side Encryption with AES256.", - "metadata": { - "event_code": "s3_bucket_default_encryption", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 Bucket cloudfront-logs-sure-jackal has Server Side Encryption with AES256.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_3_8", - "3_5_10", - "3_13_11", - "3_13_16" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_1_3" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_308_a_4_ii_a", - "164_312_a_2_iv", - "164_312_c_1", - "164_312_c_2", - "164_312_e_2_ii" - ], - "C5-2025": [ - "OPS-31.01B", - "IAM-07.03B", - "CRY-01.02AC", - "CRY-05.01AC", - "PSS-12.02B" - ], - "NIST-CSF-1.1": [ - "ds_1" - ], - "FedRamp-Moderate-Revision-4": [ - "sc-13", - "sc-28" - ], - "NIST-800-53-Revision-5": [ - "au_9_3", - "cm_6_a", - "cm_9_b", - "cp_9_d", - "cp_9_8", - "pm_11_b", - "sc_8_3", - "sc_8_4", - "sc_13_a", - "sc_16_1", - "sc_28_1", - "si_19_4" - ], - "ENS-RD2022": [ - "mp.si.2.aws.s3.1" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.1", - "2.10.2" - ], - "PCI-4.0": [ - "3.5.1.30", - "8.3.2.48" - ], - "FedRAMP-Low-Revision-4": [ - "sc-13" - ], - "FFIEC": [ - "d3-pc-am-b-12" - ], - "GDPR": [ - "article_32" - ], - "PCI-3.2.1": [ - "3.4", - "3.4.1", - "3.4.1.a", - "3.4.1.c", - "3.4.a", - "3.4.b", - "3.4.d", - "8.2", - "8.2.1", - "8.2.1.a" - ], - "CIS-1.4": [ - "2.1.1" - ], - "GxP-EU-Annex-11": [ - "7.1-data-storage-damage-protection" - ], - "CCC": [ - "CCC.Core.CN02.AR01" - ], - "GxP-21-CFR-Part-11": [ - "11.10-c", - "11.30" - ], - "CIS-1.5": [ - "2.1.1" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP03" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "NIST-800-53-Revision-4": [ - "sc_28" - ], - "KISA-ISMS-P-2023": [ - "2.7.1", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1119", - "T1530" - ], - "CISA": [ - "your-systems-3", - "your-data-1", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Check if S3 buckets have default encryption (SSE) enabled or use a bucket policy to enforce it.", - "title": "Check if S3 buckets have default encryption (SSE) enabled or use a bucket policy to enforce it.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_default_encryption-211203495394-eu-west-1-cloudfront-logs-sure-jackal" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::cloudfront-logs-sure-jackal", - "name": "cloudfront-logs-sure-jackal", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "awslogsdelivery+s3_us-east-1", - "ID": "c4c1ede66af53448b93c283ce9448c4ba468c9432aa01d700d3878632f77d2d0", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - }, - { - "display_name": null, - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "eu-west-1", - "logging_target_bucket": null, - "ownership": "ObjectWriter", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "cloudfront-logs-sure-jackal", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::cloudfront-logs-sure-jackal" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Ensure that S3 buckets have encryption at rest enabled.", - "references": [ - "https://aws.amazon.com/blogs/security/how-to-prevent-uploads-of-unencrypted-objects-to-amazon-s3/" - ] - }, - "risk_details": "Amazon S3 default encryption provides a way to set the default encryption behavior for an S3 bucket. This will ensure data-at-rest is encrypted.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket logs-sure-jackal has Server Side Encryption with AES256.", - "metadata": { - "event_code": "s3_bucket_default_encryption", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 Bucket logs-sure-jackal has Server Side Encryption with AES256.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_3_8", - "3_5_10", - "3_13_11", - "3_13_16" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_1_3" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_308_a_4_ii_a", - "164_312_a_2_iv", - "164_312_c_1", - "164_312_c_2", - "164_312_e_2_ii" - ], - "C5-2025": [ - "OPS-31.01B", - "IAM-07.03B", - "CRY-01.02AC", - "CRY-05.01AC", - "PSS-12.02B" - ], - "NIST-CSF-1.1": [ - "ds_1" - ], - "FedRamp-Moderate-Revision-4": [ - "sc-13", - "sc-28" - ], - "NIST-800-53-Revision-5": [ - "au_9_3", - "cm_6_a", - "cm_9_b", - "cp_9_d", - "cp_9_8", - "pm_11_b", - "sc_8_3", - "sc_8_4", - "sc_13_a", - "sc_16_1", - "sc_28_1", - "si_19_4" - ], - "ENS-RD2022": [ - "mp.si.2.aws.s3.1" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.1", - "2.10.2" - ], - "PCI-4.0": [ - "3.5.1.30", - "8.3.2.48" - ], - "FedRAMP-Low-Revision-4": [ - "sc-13" - ], - "FFIEC": [ - "d3-pc-am-b-12" - ], - "GDPR": [ - "article_32" - ], - "PCI-3.2.1": [ - "3.4", - "3.4.1", - "3.4.1.a", - "3.4.1.c", - "3.4.a", - "3.4.b", - "3.4.d", - "8.2", - "8.2.1", - "8.2.1.a" - ], - "CIS-1.4": [ - "2.1.1" - ], - "GxP-EU-Annex-11": [ - "7.1-data-storage-damage-protection" - ], - "CCC": [ - "CCC.Core.CN02.AR01" - ], - "GxP-21-CFR-Part-11": [ - "11.10-c", - "11.30" - ], - "CIS-1.5": [ - "2.1.1" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP03" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "NIST-800-53-Revision-4": [ - "sc_28" - ], - "KISA-ISMS-P-2023": [ - "2.7.1", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1119", - "T1530" - ], - "CISA": [ - "your-systems-3", - "your-data-1", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Check if S3 buckets have default encryption (SSE) enabled or use a bucket policy to enforce it.", - "title": "Check if S3 buckets have default encryption (SSE) enabled or use a bucket policy to enforce it.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_default_encryption-211203495394-eu-west-1-logs-sure-jackal" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::logs-sure-jackal", - "name": "logs-sure-jackal", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "ELBRegionEu-West-1", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::156460612806:root" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/*" - }, - { - "Effect": "Allow", - "Principal": { - "Service": "logdelivery.elasticloadbalancing.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/*" - }, - { - "Sid": "AlbNlbLogDeliveryWrite", - "Effect": "Allow", - "Principal": { - "Service": "delivery.logs.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/*", - "Condition": { - "StringEquals": { - "s3:x-amz-acl": "bucket-owner-full-control", - "aws:ResourceOrgID": "o-123456" - } - } - }, - { - "Sid": "AlbNlbLogDeliveryAclCheck", - "Effect": "Allow", - "Principal": { - "Service": "delivery.logs.amazonaws.com" - }, - "Action": [ - "s3:ListBucket", - "s3:GetBucketAcl" - ], - "Resource": "arn:aws:s3:::logs-sure-jackal", - "Condition": { - "StringEquals": { - "aws:ResourceOrgID": "o-123456" - } - } - }, - { - "Sid": "AWSAccessLogDeliveryWrite", - "Effect": "Allow", - "Principal": { - "Service": "logging.s3.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/*", - "Condition": { - "StringEquals": { - "aws:ResourceOrgID": "o-123456" - }, - "ForAnyValue:StringEquals": { - "aws:SourceAccount": "211203495394" - }, - "ForAnyValue:ArnLike": { - "aws:SourceArn": "arn:aws:s3:::s3-bucket-sure-jackal" - } - } - }, - { - "Sid": "AWSAccessLogDeliveryAclCheck", - "Effect": "Allow", - "Principal": { - "Service": "logging.s3.amazonaws.com" - }, - "Action": "s3:GetBucketAcl", - "Resource": "arn:aws:s3:::logs-sure-jackal", - "Condition": { - "StringEquals": { - "aws:ResourceOrgID": "o-123456" - } - } - }, - { - "Sid": "AWSCloudTrailAclCheck", - "Effect": "Allow", - "Principal": { - "Service": "cloudtrail.amazonaws.com" - }, - "Action": "s3:GetBucketAcl", - "Resource": "arn:aws:s3:::logs-sure-jackal" - }, - { - "Sid": "AWSCloudTrailWrite", - "Effect": "Allow", - "Principal": { - "Service": "cloudtrail.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/AWSLogs/*", - "Condition": { - "StringEquals": { - "s3:x-amz-acl": "bucket-owner-full-control" - } - } - }, - { - "Sid": "denyOutdatedTLS", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:*", - "Resource": [ - "arn:aws:s3:::logs-sure-jackal/*", - "arn:aws:s3:::logs-sure-jackal" - ], - "Condition": { - "NumericLessThan": { - "s3:TlsVersion": "1.2" - } - } - }, - { - "Sid": "denyInsecureTransport", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:*", - "Resource": [ - "arn:aws:s3:::logs-sure-jackal/*", - "arn:aws:s3:::logs-sure-jackal" - ], - "Condition": { - "Bool": { - "aws:SecureTransport": "false" - } - } - }, - { - "Sid": "WafLogDeliveryWrite", - "Effect": "Allow", - "Principal": { - "Service": "delivery.logs.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/AWSLogs/211203495394/*", - "Condition": { - "StringEquals": { - "aws:SourceAccount": "211203495394", - "s3:x-amz-acl": "bucket-owner-full-control" - }, - "ArnLike": { - "aws:SourceArn": "arn:aws:logs:eu-west-1:211203495394:*" - } - } - }, - { - "Sid": "WafLogDeliveryAclCheck", - "Effect": "Allow", - "Principal": { - "Service": "delivery.logs.amazonaws.com" - }, - "Action": "s3:GetBucketAcl", - "Resource": "arn:aws:s3:::logs-sure-jackal", - "Condition": { - "StringEquals": { - "aws:SourceAccount": "211203495394" - }, - "ArnLike": { - "aws:SourceArn": "arn:aws:logs:eu-west-1:211203495394:*" - } - } - } - ] - }, - "encryption": "AES256", - "region": "eu-west-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "logs-sure-jackal", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::logs-sure-jackal" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Ensure that S3 buckets have encryption at rest enabled.", - "references": [ - "https://aws.amazon.com/blogs/security/how-to-prevent-uploads-of-unencrypted-objects-to-amazon-s3/" - ] - }, - "risk_details": "Amazon S3 default encryption provides a way to set the default encryption behavior for an S3 bucket. This will ensure data-at-rest is encrypted.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket s3-bucket-sure-jackal has Server Side Encryption with aws:kms.", - "metadata": { - "event_code": "s3_bucket_default_encryption", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 Bucket s3-bucket-sure-jackal has Server Side Encryption with aws:kms.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_3_8", - "3_5_10", - "3_13_11", - "3_13_16" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_1_3" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_308_a_4_ii_a", - "164_312_a_2_iv", - "164_312_c_1", - "164_312_c_2", - "164_312_e_2_ii" - ], - "C5-2025": [ - "OPS-31.01B", - "IAM-07.03B", - "CRY-01.02AC", - "CRY-05.01AC", - "PSS-12.02B" - ], - "NIST-CSF-1.1": [ - "ds_1" - ], - "FedRamp-Moderate-Revision-4": [ - "sc-13", - "sc-28" - ], - "NIST-800-53-Revision-5": [ - "au_9_3", - "cm_6_a", - "cm_9_b", - "cp_9_d", - "cp_9_8", - "pm_11_b", - "sc_8_3", - "sc_8_4", - "sc_13_a", - "sc_16_1", - "sc_28_1", - "si_19_4" - ], - "ENS-RD2022": [ - "mp.si.2.aws.s3.1" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.1", - "2.10.2" - ], - "PCI-4.0": [ - "3.5.1.30", - "8.3.2.48" - ], - "FedRAMP-Low-Revision-4": [ - "sc-13" - ], - "FFIEC": [ - "d3-pc-am-b-12" - ], - "GDPR": [ - "article_32" - ], - "PCI-3.2.1": [ - "3.4", - "3.4.1", - "3.4.1.a", - "3.4.1.c", - "3.4.a", - "3.4.b", - "3.4.d", - "8.2", - "8.2.1", - "8.2.1.a" - ], - "CIS-1.4": [ - "2.1.1" - ], - "GxP-EU-Annex-11": [ - "7.1-data-storage-damage-protection" - ], - "CCC": [ - "CCC.Core.CN02.AR01" - ], - "GxP-21-CFR-Part-11": [ - "11.10-c", - "11.30" - ], - "CIS-1.5": [ - "2.1.1" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP03" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "NIST-800-53-Revision-4": [ - "sc_28" - ], - "KISA-ISMS-P-2023": [ - "2.7.1", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1119", - "T1530" - ], - "CISA": [ - "your-systems-3", - "your-data-1", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Check if S3 buckets have default encryption (SSE) enabled or use a bucket policy to enforce it.", - "title": "Check if S3 buckets have default encryption (SSE) enabled or use a bucket policy to enforce it.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_default_encryption-211203495394-eu-west-1-s3-bucket-sure-jackal" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::s3-bucket-sure-jackal", - "name": "s3-bucket-sure-jackal", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": true, - "logging": true, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": null, - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "denyOutdatedTLS", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:*", - "Resource": [ - "arn:aws:s3:::s3-bucket-sure-jackal/*", - "arn:aws:s3:::s3-bucket-sure-jackal" - ], - "Condition": { - "NumericLessThan": { - "s3:TlsVersion": "1.2" - } - } - }, - { - "Sid": "denyInsecureTransport", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:*", - "Resource": [ - "arn:aws:s3:::s3-bucket-sure-jackal/*", - "arn:aws:s3:::s3-bucket-sure-jackal" - ], - "Condition": { - "Bool": { - "aws:SecureTransport": "false" - } - } - }, - { - "Sid": "denyUnencryptedObjectUploads", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal/*", - "Condition": { - "Null": { - "s3:x-amz-server-side-encryption": "true" - } - } - }, - { - "Sid": "denySSECEncryptedObjectUploads", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal/*", - "Condition": { - "Null": { - "s3:x-amz-server-side-encryption-customer-algorithm": "false" - } - } - }, - { - "Sid": "denyIncorrectKmsKeySse", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal/*", - "Condition": { - "StringNotEquals": { - "s3:x-amz-server-side-encryption-aws-kms-key-id": "arn:aws:kms:eu-west-1:211203495394:key/34307c6a-e2e3-4f56-8543-fa92dd73df4f" - } - } - }, - { - "Sid": "denyIncorrectEncryptionHeaders", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal/*", - "Condition": { - "StringNotEquals": { - "s3:x-amz-server-side-encryption": "aws:kms" - } - } - }, - { - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:role/terraform-20251019182000328500000001" - }, - "Action": "s3:ListBucket", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal" - } - ] - }, - "encryption": "aws:kms", - "region": "eu-west-1", - "logging_target_bucket": "logs-sure-jackal", - "ownership": "BucketOwnerPreferred", - "object_lock": true, - "mfa_delete": false, - "tags": [ - { - "Key": "Owner", - "Value": "Anton" - } - ], - "lifecycle": [ - { - "id": "log", - "status": "Enabled" - }, - { - "id": "log1", - "status": "Enabled" - }, - { - "id": "log2", - "status": "Enabled" - } - ], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [ - "Owner:Anton" - ], - "name": "s3-bucket-sure-jackal", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::s3-bucket-sure-jackal" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Ensure that S3 buckets have encryption at rest enabled.", - "references": [ - "https://aws.amazon.com/blogs/security/how-to-prevent-uploads-of-unencrypted-objects-to-amazon-s3/" - ] - }, - "risk_details": "Amazon S3 default encryption provides a way to set the default encryption behavior for an S3 bucket. This will ensure data-at-rest is encrypted.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket simple-sure-jackal has Server Side Encryption with AES256.", - "metadata": { - "event_code": "s3_bucket_default_encryption", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 Bucket simple-sure-jackal has Server Side Encryption with AES256.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_3_8", - "3_5_10", - "3_13_11", - "3_13_16" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_1_3" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_308_a_4_ii_a", - "164_312_a_2_iv", - "164_312_c_1", - "164_312_c_2", - "164_312_e_2_ii" - ], - "C5-2025": [ - "OPS-31.01B", - "IAM-07.03B", - "CRY-01.02AC", - "CRY-05.01AC", - "PSS-12.02B" - ], - "NIST-CSF-1.1": [ - "ds_1" - ], - "FedRamp-Moderate-Revision-4": [ - "sc-13", - "sc-28" - ], - "NIST-800-53-Revision-5": [ - "au_9_3", - "cm_6_a", - "cm_9_b", - "cp_9_d", - "cp_9_8", - "pm_11_b", - "sc_8_3", - "sc_8_4", - "sc_13_a", - "sc_16_1", - "sc_28_1", - "si_19_4" - ], - "ENS-RD2022": [ - "mp.si.2.aws.s3.1" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.1", - "2.10.2" - ], - "PCI-4.0": [ - "3.5.1.30", - "8.3.2.48" - ], - "FedRAMP-Low-Revision-4": [ - "sc-13" - ], - "FFIEC": [ - "d3-pc-am-b-12" - ], - "GDPR": [ - "article_32" - ], - "PCI-3.2.1": [ - "3.4", - "3.4.1", - "3.4.1.a", - "3.4.1.c", - "3.4.a", - "3.4.b", - "3.4.d", - "8.2", - "8.2.1", - "8.2.1.a" - ], - "CIS-1.4": [ - "2.1.1" - ], - "GxP-EU-Annex-11": [ - "7.1-data-storage-damage-protection" - ], - "CCC": [ - "CCC.Core.CN02.AR01" - ], - "GxP-21-CFR-Part-11": [ - "11.10-c", - "11.30" - ], - "CIS-1.5": [ - "2.1.1" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP03" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "NIST-800-53-Revision-4": [ - "sc_28" - ], - "KISA-ISMS-P-2023": [ - "2.7.1", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1119", - "T1530" - ], - "CISA": [ - "your-systems-3", - "your-data-1", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Check if S3 buckets have default encryption (SSE) enabled or use a bucket policy to enforce it.", - "title": "Check if S3 buckets have default encryption (SSE) enabled or use a bucket policy to enforce it.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_default_encryption-211203495394-eu-west-1-simple-sure-jackal" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::simple-sure-jackal", - "name": "simple-sure-jackal", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "eu-west-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "simple-sure-jackal", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::simple-sure-jackal" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Ensure that S3 buckets have encryption at rest enabled.", - "references": [ - "https://aws.amazon.com/blogs/security/how-to-prevent-uploads-of-unencrypted-objects-to-amazon-s3/" - ] - }, - "risk_details": "Amazon S3 default encryption provides a way to set the default encryption behavior for an S3 bucket. This will ensure data-at-rest is encrypted.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket test-bucket-obj-untrusted has Server Side Encryption with AES256.", - "metadata": { - "event_code": "s3_bucket_default_encryption", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 Bucket test-bucket-obj-untrusted has Server Side Encryption with AES256.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_3_8", - "3_5_10", - "3_13_11", - "3_13_16" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_1_3" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_308_a_4_ii_a", - "164_312_a_2_iv", - "164_312_c_1", - "164_312_c_2", - "164_312_e_2_ii" - ], - "C5-2025": [ - "OPS-31.01B", - "IAM-07.03B", - "CRY-01.02AC", - "CRY-05.01AC", - "PSS-12.02B" - ], - "NIST-CSF-1.1": [ - "ds_1" - ], - "FedRamp-Moderate-Revision-4": [ - "sc-13", - "sc-28" - ], - "NIST-800-53-Revision-5": [ - "au_9_3", - "cm_6_a", - "cm_9_b", - "cp_9_d", - "cp_9_8", - "pm_11_b", - "sc_8_3", - "sc_8_4", - "sc_13_a", - "sc_16_1", - "sc_28_1", - "si_19_4" - ], - "ENS-RD2022": [ - "mp.si.2.aws.s3.1" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.1", - "2.10.2" - ], - "PCI-4.0": [ - "3.5.1.30", - "8.3.2.48" - ], - "FedRAMP-Low-Revision-4": [ - "sc-13" - ], - "FFIEC": [ - "d3-pc-am-b-12" - ], - "GDPR": [ - "article_32" - ], - "PCI-3.2.1": [ - "3.4", - "3.4.1", - "3.4.1.a", - "3.4.1.c", - "3.4.a", - "3.4.b", - "3.4.d", - "8.2", - "8.2.1", - "8.2.1.a" - ], - "CIS-1.4": [ - "2.1.1" - ], - "GxP-EU-Annex-11": [ - "7.1-data-storage-damage-protection" - ], - "CCC": [ - "CCC.Core.CN02.AR01" - ], - "GxP-21-CFR-Part-11": [ - "11.10-c", - "11.30" - ], - "CIS-1.5": [ - "2.1.1" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP03" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "NIST-800-53-Revision-4": [ - "sc_28" - ], - "KISA-ISMS-P-2023": [ - "2.7.1", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1119", - "T1530" - ], - "CISA": [ - "your-systems-3", - "your-data-1", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Check if S3 buckets have default encryption (SSE) enabled or use a bucket policy to enforce it.", - "title": "Check if S3 buckets have default encryption (SSE) enabled or use a bucket policy to enforce it.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_default_encryption-211203495394-us-east-1-test-bucket-obj-untrusted" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::test-bucket-obj-untrusted", - "name": "test-bucket-obj-untrusted", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "us-east-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "test-bucket-obj-untrusted", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::test-bucket-obj-untrusted" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Ensure that S3 buckets have encryption at rest enabled.", - "references": [ - "https://aws.amazon.com/blogs/security/how-to-prevent-uploads-of-unencrypted-objects-to-amazon-s3/" - ] - }, - "risk_details": "Amazon S3 default encryption provides a way to set the default encryption behavior for an S3 bucket. This will ensure data-at-rest is encrypted.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket test-bucket-untrusted-kms has Server Side Encryption with AES256.", - "metadata": { - "event_code": "s3_bucket_default_encryption", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 Bucket test-bucket-untrusted-kms has Server Side Encryption with AES256.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_3_8", - "3_5_10", - "3_13_11", - "3_13_16" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_1_3" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_308_a_4_ii_a", - "164_312_a_2_iv", - "164_312_c_1", - "164_312_c_2", - "164_312_e_2_ii" - ], - "C5-2025": [ - "OPS-31.01B", - "IAM-07.03B", - "CRY-01.02AC", - "CRY-05.01AC", - "PSS-12.02B" - ], - "NIST-CSF-1.1": [ - "ds_1" - ], - "FedRamp-Moderate-Revision-4": [ - "sc-13", - "sc-28" - ], - "NIST-800-53-Revision-5": [ - "au_9_3", - "cm_6_a", - "cm_9_b", - "cp_9_d", - "cp_9_8", - "pm_11_b", - "sc_8_3", - "sc_8_4", - "sc_13_a", - "sc_16_1", - "sc_28_1", - "si_19_4" - ], - "ENS-RD2022": [ - "mp.si.2.aws.s3.1" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.1", - "2.10.2" - ], - "PCI-4.0": [ - "3.5.1.30", - "8.3.2.48" - ], - "FedRAMP-Low-Revision-4": [ - "sc-13" - ], - "FFIEC": [ - "d3-pc-am-b-12" - ], - "GDPR": [ - "article_32" - ], - "PCI-3.2.1": [ - "3.4", - "3.4.1", - "3.4.1.a", - "3.4.1.c", - "3.4.a", - "3.4.b", - "3.4.d", - "8.2", - "8.2.1", - "8.2.1.a" - ], - "CIS-1.4": [ - "2.1.1" - ], - "GxP-EU-Annex-11": [ - "7.1-data-storage-damage-protection" - ], - "CCC": [ - "CCC.Core.CN02.AR01" - ], - "GxP-21-CFR-Part-11": [ - "11.10-c", - "11.30" - ], - "CIS-1.5": [ - "2.1.1" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP03" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "NIST-800-53-Revision-4": [ - "sc_28" - ], - "KISA-ISMS-P-2023": [ - "2.7.1", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1119", - "T1530" - ], - "CISA": [ - "your-systems-3", - "your-data-1", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Check if S3 buckets have default encryption (SSE) enabled or use a bucket policy to enforce it.", - "title": "Check if S3 buckets have default encryption (SSE) enabled or use a bucket policy to enforce it.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_default_encryption-211203495394-us-east-1-test-bucket-untrusted-kms" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::test-bucket-untrusted-kms", - "name": "test-bucket-untrusted-kms", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "us-east-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "test-bucket-untrusted-kms", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::test-bucket-untrusted-kms" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Ensure that S3 buckets have encryption at rest enabled.", - "references": [ - "https://aws.amazon.com/blogs/security/how-to-prevent-uploads-of-unencrypted-objects-to-amazon-s3/" - ] - }, - "risk_details": "Amazon S3 default encryption provides a way to set the default encryption behavior for an S3 bucket. This will ensure data-at-rest is encrypted.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket cloudfront-logs-sure-jackal does not have event notifications enabled.", - "metadata": { - "event_code": "s3_bucket_event_notifications_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "S3 Bucket cloudfront-logs-sure-jackal does not have event notifications enabled.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonS3/latest/userguide/notification-how-to-event-types-and-destinations.html#supported-notification-event-types", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OPS-13.01AC", - "OPS-13.03AC" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2", - "2.11.3" - ], - "PCI-4.0": [ - "11.5.2.5", - "11.6.1.5", - "12.10.5.5", - "A3.3.1.8", - "A3.5.1.8" - ], - "KISA-ISMS-P-2023": [ - "2.10.2", - "2.11.3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure whether S3 buckets have event notifications enabled.", - "title": "Check if S3 buckets have event notifications enabled.", - "types": [ - "Software and Configuration Checks/Industry and Regulatory Standards/NIST 800-53 Controls" - ], - "uid": "prowler-aws-s3_bucket_event_notifications_enabled-211203495394-eu-west-1-cloudfront-logs-sure-jackal" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::cloudfront-logs-sure-jackal", - "name": "cloudfront-logs-sure-jackal", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "awslogsdelivery+s3_us-east-1", - "ID": "c4c1ede66af53448b93c283ce9448c4ba468c9432aa01d700d3878632f77d2d0", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - }, - { - "display_name": null, - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "eu-west-1", - "logging_target_bucket": null, - "ownership": "ObjectWriter", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "cloudfront-logs-sure-jackal", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::cloudfront-logs-sure-jackal" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Enable event notifications for all S3 general-purpose buckets to monitor important events such as object creation, deletion, tagging, and lifecycle events, ensuring visibility and quick action on relevant changes.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/EventNotifications.html" - ] - }, - "risk_details": "Without event notifications, important actions on S3 buckets may go unnoticed, leading to missed opportunities for timely response to critical changes, such as object creation, deletion, or updates that could impact data security and availability.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket logs-sure-jackal does not have event notifications enabled.", - "metadata": { - "event_code": "s3_bucket_event_notifications_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "S3 Bucket logs-sure-jackal does not have event notifications enabled.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonS3/latest/userguide/notification-how-to-event-types-and-destinations.html#supported-notification-event-types", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OPS-13.01AC", - "OPS-13.03AC" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2", - "2.11.3" - ], - "PCI-4.0": [ - "11.5.2.5", - "11.6.1.5", - "12.10.5.5", - "A3.3.1.8", - "A3.5.1.8" - ], - "KISA-ISMS-P-2023": [ - "2.10.2", - "2.11.3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure whether S3 buckets have event notifications enabled.", - "title": "Check if S3 buckets have event notifications enabled.", - "types": [ - "Software and Configuration Checks/Industry and Regulatory Standards/NIST 800-53 Controls" - ], - "uid": "prowler-aws-s3_bucket_event_notifications_enabled-211203495394-eu-west-1-logs-sure-jackal" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::logs-sure-jackal", - "name": "logs-sure-jackal", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "ELBRegionEu-West-1", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::156460612806:root" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/*" - }, - { - "Effect": "Allow", - "Principal": { - "Service": "logdelivery.elasticloadbalancing.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/*" - }, - { - "Sid": "AlbNlbLogDeliveryWrite", - "Effect": "Allow", - "Principal": { - "Service": "delivery.logs.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/*", - "Condition": { - "StringEquals": { - "s3:x-amz-acl": "bucket-owner-full-control", - "aws:ResourceOrgID": "o-123456" - } - } - }, - { - "Sid": "AlbNlbLogDeliveryAclCheck", - "Effect": "Allow", - "Principal": { - "Service": "delivery.logs.amazonaws.com" - }, - "Action": [ - "s3:ListBucket", - "s3:GetBucketAcl" - ], - "Resource": "arn:aws:s3:::logs-sure-jackal", - "Condition": { - "StringEquals": { - "aws:ResourceOrgID": "o-123456" - } - } - }, - { - "Sid": "AWSAccessLogDeliveryWrite", - "Effect": "Allow", - "Principal": { - "Service": "logging.s3.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/*", - "Condition": { - "StringEquals": { - "aws:ResourceOrgID": "o-123456" - }, - "ForAnyValue:StringEquals": { - "aws:SourceAccount": "211203495394" - }, - "ForAnyValue:ArnLike": { - "aws:SourceArn": "arn:aws:s3:::s3-bucket-sure-jackal" - } - } - }, - { - "Sid": "AWSAccessLogDeliveryAclCheck", - "Effect": "Allow", - "Principal": { - "Service": "logging.s3.amazonaws.com" - }, - "Action": "s3:GetBucketAcl", - "Resource": "arn:aws:s3:::logs-sure-jackal", - "Condition": { - "StringEquals": { - "aws:ResourceOrgID": "o-123456" - } - } - }, - { - "Sid": "AWSCloudTrailAclCheck", - "Effect": "Allow", - "Principal": { - "Service": "cloudtrail.amazonaws.com" - }, - "Action": "s3:GetBucketAcl", - "Resource": "arn:aws:s3:::logs-sure-jackal" - }, - { - "Sid": "AWSCloudTrailWrite", - "Effect": "Allow", - "Principal": { - "Service": "cloudtrail.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/AWSLogs/*", - "Condition": { - "StringEquals": { - "s3:x-amz-acl": "bucket-owner-full-control" - } - } - }, - { - "Sid": "denyOutdatedTLS", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:*", - "Resource": [ - "arn:aws:s3:::logs-sure-jackal/*", - "arn:aws:s3:::logs-sure-jackal" - ], - "Condition": { - "NumericLessThan": { - "s3:TlsVersion": "1.2" - } - } - }, - { - "Sid": "denyInsecureTransport", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:*", - "Resource": [ - "arn:aws:s3:::logs-sure-jackal/*", - "arn:aws:s3:::logs-sure-jackal" - ], - "Condition": { - "Bool": { - "aws:SecureTransport": "false" - } - } - }, - { - "Sid": "WafLogDeliveryWrite", - "Effect": "Allow", - "Principal": { - "Service": "delivery.logs.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/AWSLogs/211203495394/*", - "Condition": { - "StringEquals": { - "aws:SourceAccount": "211203495394", - "s3:x-amz-acl": "bucket-owner-full-control" - }, - "ArnLike": { - "aws:SourceArn": "arn:aws:logs:eu-west-1:211203495394:*" - } - } - }, - { - "Sid": "WafLogDeliveryAclCheck", - "Effect": "Allow", - "Principal": { - "Service": "delivery.logs.amazonaws.com" - }, - "Action": "s3:GetBucketAcl", - "Resource": "arn:aws:s3:::logs-sure-jackal", - "Condition": { - "StringEquals": { - "aws:SourceAccount": "211203495394" - }, - "ArnLike": { - "aws:SourceArn": "arn:aws:logs:eu-west-1:211203495394:*" - } - } - } - ] - }, - "encryption": "AES256", - "region": "eu-west-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "logs-sure-jackal", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::logs-sure-jackal" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Enable event notifications for all S3 general-purpose buckets to monitor important events such as object creation, deletion, tagging, and lifecycle events, ensuring visibility and quick action on relevant changes.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/EventNotifications.html" - ] - }, - "risk_details": "Without event notifications, important actions on S3 buckets may go unnoticed, leading to missed opportunities for timely response to critical changes, such as object creation, deletion, or updates that could impact data security and availability.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket s3-bucket-sure-jackal does not have event notifications enabled.", - "metadata": { - "event_code": "s3_bucket_event_notifications_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "S3 Bucket s3-bucket-sure-jackal does not have event notifications enabled.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonS3/latest/userguide/notification-how-to-event-types-and-destinations.html#supported-notification-event-types", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OPS-13.01AC", - "OPS-13.03AC" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2", - "2.11.3" - ], - "PCI-4.0": [ - "11.5.2.5", - "11.6.1.5", - "12.10.5.5", - "A3.3.1.8", - "A3.5.1.8" - ], - "KISA-ISMS-P-2023": [ - "2.10.2", - "2.11.3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure whether S3 buckets have event notifications enabled.", - "title": "Check if S3 buckets have event notifications enabled.", - "types": [ - "Software and Configuration Checks/Industry and Regulatory Standards/NIST 800-53 Controls" - ], - "uid": "prowler-aws-s3_bucket_event_notifications_enabled-211203495394-eu-west-1-s3-bucket-sure-jackal" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::s3-bucket-sure-jackal", - "name": "s3-bucket-sure-jackal", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": true, - "logging": true, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": null, - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "denyOutdatedTLS", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:*", - "Resource": [ - "arn:aws:s3:::s3-bucket-sure-jackal/*", - "arn:aws:s3:::s3-bucket-sure-jackal" - ], - "Condition": { - "NumericLessThan": { - "s3:TlsVersion": "1.2" - } - } - }, - { - "Sid": "denyInsecureTransport", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:*", - "Resource": [ - "arn:aws:s3:::s3-bucket-sure-jackal/*", - "arn:aws:s3:::s3-bucket-sure-jackal" - ], - "Condition": { - "Bool": { - "aws:SecureTransport": "false" - } - } - }, - { - "Sid": "denyUnencryptedObjectUploads", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal/*", - "Condition": { - "Null": { - "s3:x-amz-server-side-encryption": "true" - } - } - }, - { - "Sid": "denySSECEncryptedObjectUploads", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal/*", - "Condition": { - "Null": { - "s3:x-amz-server-side-encryption-customer-algorithm": "false" - } - } - }, - { - "Sid": "denyIncorrectKmsKeySse", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal/*", - "Condition": { - "StringNotEquals": { - "s3:x-amz-server-side-encryption-aws-kms-key-id": "arn:aws:kms:eu-west-1:211203495394:key/34307c6a-e2e3-4f56-8543-fa92dd73df4f" - } - } - }, - { - "Sid": "denyIncorrectEncryptionHeaders", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal/*", - "Condition": { - "StringNotEquals": { - "s3:x-amz-server-side-encryption": "aws:kms" - } - } - }, - { - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:role/terraform-20251019182000328500000001" - }, - "Action": "s3:ListBucket", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal" - } - ] - }, - "encryption": "aws:kms", - "region": "eu-west-1", - "logging_target_bucket": "logs-sure-jackal", - "ownership": "BucketOwnerPreferred", - "object_lock": true, - "mfa_delete": false, - "tags": [ - { - "Key": "Owner", - "Value": "Anton" - } - ], - "lifecycle": [ - { - "id": "log", - "status": "Enabled" - }, - { - "id": "log1", - "status": "Enabled" - }, - { - "id": "log2", - "status": "Enabled" - } - ], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [ - "Owner:Anton" - ], - "name": "s3-bucket-sure-jackal", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::s3-bucket-sure-jackal" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Enable event notifications for all S3 general-purpose buckets to monitor important events such as object creation, deletion, tagging, and lifecycle events, ensuring visibility and quick action on relevant changes.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/EventNotifications.html" - ] - }, - "risk_details": "Without event notifications, important actions on S3 buckets may go unnoticed, leading to missed opportunities for timely response to critical changes, such as object creation, deletion, or updates that could impact data security and availability.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket simple-sure-jackal does not have event notifications enabled.", - "metadata": { - "event_code": "s3_bucket_event_notifications_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "S3 Bucket simple-sure-jackal does not have event notifications enabled.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonS3/latest/userguide/notification-how-to-event-types-and-destinations.html#supported-notification-event-types", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OPS-13.01AC", - "OPS-13.03AC" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2", - "2.11.3" - ], - "PCI-4.0": [ - "11.5.2.5", - "11.6.1.5", - "12.10.5.5", - "A3.3.1.8", - "A3.5.1.8" - ], - "KISA-ISMS-P-2023": [ - "2.10.2", - "2.11.3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure whether S3 buckets have event notifications enabled.", - "title": "Check if S3 buckets have event notifications enabled.", - "types": [ - "Software and Configuration Checks/Industry and Regulatory Standards/NIST 800-53 Controls" - ], - "uid": "prowler-aws-s3_bucket_event_notifications_enabled-211203495394-eu-west-1-simple-sure-jackal" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::simple-sure-jackal", - "name": "simple-sure-jackal", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "eu-west-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "simple-sure-jackal", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::simple-sure-jackal" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Enable event notifications for all S3 general-purpose buckets to monitor important events such as object creation, deletion, tagging, and lifecycle events, ensuring visibility and quick action on relevant changes.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/EventNotifications.html" - ] - }, - "risk_details": "Without event notifications, important actions on S3 buckets may go unnoticed, leading to missed opportunities for timely response to critical changes, such as object creation, deletion, or updates that could impact data security and availability.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket test-bucket-obj-untrusted does not have event notifications enabled.", - "metadata": { - "event_code": "s3_bucket_event_notifications_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "S3 Bucket test-bucket-obj-untrusted does not have event notifications enabled.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonS3/latest/userguide/notification-how-to-event-types-and-destinations.html#supported-notification-event-types", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OPS-13.01AC", - "OPS-13.03AC" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2", - "2.11.3" - ], - "PCI-4.0": [ - "11.5.2.5", - "11.6.1.5", - "12.10.5.5", - "A3.3.1.8", - "A3.5.1.8" - ], - "KISA-ISMS-P-2023": [ - "2.10.2", - "2.11.3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure whether S3 buckets have event notifications enabled.", - "title": "Check if S3 buckets have event notifications enabled.", - "types": [ - "Software and Configuration Checks/Industry and Regulatory Standards/NIST 800-53 Controls" - ], - "uid": "prowler-aws-s3_bucket_event_notifications_enabled-211203495394-us-east-1-test-bucket-obj-untrusted" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::test-bucket-obj-untrusted", - "name": "test-bucket-obj-untrusted", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "us-east-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "test-bucket-obj-untrusted", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::test-bucket-obj-untrusted" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Enable event notifications for all S3 general-purpose buckets to monitor important events such as object creation, deletion, tagging, and lifecycle events, ensuring visibility and quick action on relevant changes.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/EventNotifications.html" - ] - }, - "risk_details": "Without event notifications, important actions on S3 buckets may go unnoticed, leading to missed opportunities for timely response to critical changes, such as object creation, deletion, or updates that could impact data security and availability.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket test-bucket-untrusted-kms does not have event notifications enabled.", - "metadata": { - "event_code": "s3_bucket_event_notifications_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "S3 Bucket test-bucket-untrusted-kms does not have event notifications enabled.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonS3/latest/userguide/notification-how-to-event-types-and-destinations.html#supported-notification-event-types", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OPS-13.01AC", - "OPS-13.03AC" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2", - "2.11.3" - ], - "PCI-4.0": [ - "11.5.2.5", - "11.6.1.5", - "12.10.5.5", - "A3.3.1.8", - "A3.5.1.8" - ], - "KISA-ISMS-P-2023": [ - "2.10.2", - "2.11.3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure whether S3 buckets have event notifications enabled.", - "title": "Check if S3 buckets have event notifications enabled.", - "types": [ - "Software and Configuration Checks/Industry and Regulatory Standards/NIST 800-53 Controls" - ], - "uid": "prowler-aws-s3_bucket_event_notifications_enabled-211203495394-us-east-1-test-bucket-untrusted-kms" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::test-bucket-untrusted-kms", - "name": "test-bucket-untrusted-kms", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "us-east-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "test-bucket-untrusted-kms", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::test-bucket-untrusted-kms" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Enable event notifications for all S3 general-purpose buckets to monitor important events such as object creation, deletion, tagging, and lifecycle events, ensuring visibility and quick action on relevant changes.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/EventNotifications.html" - ] - }, - "risk_details": "Without event notifications, important actions on S3 buckets may go unnoticed, leading to missed opportunities for timely response to critical changes, such as object creation, deletion, or updates that could impact data security and availability.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Server Side Encryption is not configured with kms for S3 Bucket cloudfront-logs-sure-jackal.", - "metadata": { - "event_code": "s3_bucket_kms_encryption", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Server Side Encryption is not configured with kms for S3 Bucket cloudfront-logs-sure-jackal.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingKMSEncryption.html", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "OPS-31.01B", - "IAM-07.03B", - "CRY-01.02AC", - "CRY-05.02B", - "CRY-05.01AC", - "PSS-12.02B" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.2" - ], - "PCI-4.0": [ - "3.5.1.31", - "8.3.2.50" - ], - "PCI-3.2.1": [ - "3.4", - "3.4.1", - "3.4.1.a", - "3.4.1.c", - "3.4.a", - "3.4.b", - "3.4.d", - "8.2", - "8.2.1", - "8.2.1.a" - ], - "CCC": [ - "CCC.ObjStor.CN01.AR01", - "CCC.ObjStor.CN01.AR03", - "CCC.Core.CN02.AR01" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.17" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Check if S3 buckets have KMS encryption enabled.", - "title": "Check if S3 buckets have KMS encryption enabled.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_kms_encryption-211203495394-eu-west-1-cloudfront-logs-sure-jackal" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::cloudfront-logs-sure-jackal", - "name": "cloudfront-logs-sure-jackal", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "awslogsdelivery+s3_us-east-1", - "ID": "c4c1ede66af53448b93c283ce9448c4ba468c9432aa01d700d3878632f77d2d0", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - }, - { - "display_name": null, - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "eu-west-1", - "logging_target_bucket": null, - "ownership": "ObjectWriter", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "cloudfront-logs-sure-jackal", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::cloudfront-logs-sure-jackal" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Ensure that S3 buckets have encryption at rest enabled using KMS.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingKMSEncryption.html" - ] - }, - "risk_details": "Amazon S3 KMS encryption provides a way to set the encryption behavior for an S3 bucket using a managed key. This will ensure data-at-rest is encrypted.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Server Side Encryption is not configured with kms for S3 Bucket logs-sure-jackal.", - "metadata": { - "event_code": "s3_bucket_kms_encryption", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Server Side Encryption is not configured with kms for S3 Bucket logs-sure-jackal.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingKMSEncryption.html", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "OPS-31.01B", - "IAM-07.03B", - "CRY-01.02AC", - "CRY-05.02B", - "CRY-05.01AC", - "PSS-12.02B" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.2" - ], - "PCI-4.0": [ - "3.5.1.31", - "8.3.2.50" - ], - "PCI-3.2.1": [ - "3.4", - "3.4.1", - "3.4.1.a", - "3.4.1.c", - "3.4.a", - "3.4.b", - "3.4.d", - "8.2", - "8.2.1", - "8.2.1.a" - ], - "CCC": [ - "CCC.ObjStor.CN01.AR01", - "CCC.ObjStor.CN01.AR03", - "CCC.Core.CN02.AR01" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.17" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Check if S3 buckets have KMS encryption enabled.", - "title": "Check if S3 buckets have KMS encryption enabled.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_kms_encryption-211203495394-eu-west-1-logs-sure-jackal" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::logs-sure-jackal", - "name": "logs-sure-jackal", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "ELBRegionEu-West-1", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::156460612806:root" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/*" - }, - { - "Effect": "Allow", - "Principal": { - "Service": "logdelivery.elasticloadbalancing.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/*" - }, - { - "Sid": "AlbNlbLogDeliveryWrite", - "Effect": "Allow", - "Principal": { - "Service": "delivery.logs.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/*", - "Condition": { - "StringEquals": { - "s3:x-amz-acl": "bucket-owner-full-control", - "aws:ResourceOrgID": "o-123456" - } - } - }, - { - "Sid": "AlbNlbLogDeliveryAclCheck", - "Effect": "Allow", - "Principal": { - "Service": "delivery.logs.amazonaws.com" - }, - "Action": [ - "s3:ListBucket", - "s3:GetBucketAcl" - ], - "Resource": "arn:aws:s3:::logs-sure-jackal", - "Condition": { - "StringEquals": { - "aws:ResourceOrgID": "o-123456" - } - } - }, - { - "Sid": "AWSAccessLogDeliveryWrite", - "Effect": "Allow", - "Principal": { - "Service": "logging.s3.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/*", - "Condition": { - "StringEquals": { - "aws:ResourceOrgID": "o-123456" - }, - "ForAnyValue:StringEquals": { - "aws:SourceAccount": "211203495394" - }, - "ForAnyValue:ArnLike": { - "aws:SourceArn": "arn:aws:s3:::s3-bucket-sure-jackal" - } - } - }, - { - "Sid": "AWSAccessLogDeliveryAclCheck", - "Effect": "Allow", - "Principal": { - "Service": "logging.s3.amazonaws.com" - }, - "Action": "s3:GetBucketAcl", - "Resource": "arn:aws:s3:::logs-sure-jackal", - "Condition": { - "StringEquals": { - "aws:ResourceOrgID": "o-123456" - } - } - }, - { - "Sid": "AWSCloudTrailAclCheck", - "Effect": "Allow", - "Principal": { - "Service": "cloudtrail.amazonaws.com" - }, - "Action": "s3:GetBucketAcl", - "Resource": "arn:aws:s3:::logs-sure-jackal" - }, - { - "Sid": "AWSCloudTrailWrite", - "Effect": "Allow", - "Principal": { - "Service": "cloudtrail.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/AWSLogs/*", - "Condition": { - "StringEquals": { - "s3:x-amz-acl": "bucket-owner-full-control" - } - } - }, - { - "Sid": "denyOutdatedTLS", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:*", - "Resource": [ - "arn:aws:s3:::logs-sure-jackal/*", - "arn:aws:s3:::logs-sure-jackal" - ], - "Condition": { - "NumericLessThan": { - "s3:TlsVersion": "1.2" - } - } - }, - { - "Sid": "denyInsecureTransport", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:*", - "Resource": [ - "arn:aws:s3:::logs-sure-jackal/*", - "arn:aws:s3:::logs-sure-jackal" - ], - "Condition": { - "Bool": { - "aws:SecureTransport": "false" - } - } - }, - { - "Sid": "WafLogDeliveryWrite", - "Effect": "Allow", - "Principal": { - "Service": "delivery.logs.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/AWSLogs/211203495394/*", - "Condition": { - "StringEquals": { - "aws:SourceAccount": "211203495394", - "s3:x-amz-acl": "bucket-owner-full-control" - }, - "ArnLike": { - "aws:SourceArn": "arn:aws:logs:eu-west-1:211203495394:*" - } - } - }, - { - "Sid": "WafLogDeliveryAclCheck", - "Effect": "Allow", - "Principal": { - "Service": "delivery.logs.amazonaws.com" - }, - "Action": "s3:GetBucketAcl", - "Resource": "arn:aws:s3:::logs-sure-jackal", - "Condition": { - "StringEquals": { - "aws:SourceAccount": "211203495394" - }, - "ArnLike": { - "aws:SourceArn": "arn:aws:logs:eu-west-1:211203495394:*" - } - } - } - ] - }, - "encryption": "AES256", - "region": "eu-west-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "logs-sure-jackal", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::logs-sure-jackal" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Ensure that S3 buckets have encryption at rest enabled using KMS.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingKMSEncryption.html" - ] - }, - "risk_details": "Amazon S3 KMS encryption provides a way to set the encryption behavior for an S3 bucket using a managed key. This will ensure data-at-rest is encrypted.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket s3-bucket-sure-jackal has Server Side Encryption with aws:kms.", - "metadata": { - "event_code": "s3_bucket_kms_encryption", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 Bucket s3-bucket-sure-jackal has Server Side Encryption with aws:kms.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingKMSEncryption.html", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "OPS-31.01B", - "IAM-07.03B", - "CRY-01.02AC", - "CRY-05.02B", - "CRY-05.01AC", - "PSS-12.02B" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.2" - ], - "PCI-4.0": [ - "3.5.1.31", - "8.3.2.50" - ], - "PCI-3.2.1": [ - "3.4", - "3.4.1", - "3.4.1.a", - "3.4.1.c", - "3.4.a", - "3.4.b", - "3.4.d", - "8.2", - "8.2.1", - "8.2.1.a" - ], - "CCC": [ - "CCC.ObjStor.CN01.AR01", - "CCC.ObjStor.CN01.AR03", - "CCC.Core.CN02.AR01" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.17" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Check if S3 buckets have KMS encryption enabled.", - "title": "Check if S3 buckets have KMS encryption enabled.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_kms_encryption-211203495394-eu-west-1-s3-bucket-sure-jackal" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::s3-bucket-sure-jackal", - "name": "s3-bucket-sure-jackal", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": true, - "logging": true, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": null, - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "denyOutdatedTLS", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:*", - "Resource": [ - "arn:aws:s3:::s3-bucket-sure-jackal/*", - "arn:aws:s3:::s3-bucket-sure-jackal" - ], - "Condition": { - "NumericLessThan": { - "s3:TlsVersion": "1.2" - } - } - }, - { - "Sid": "denyInsecureTransport", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:*", - "Resource": [ - "arn:aws:s3:::s3-bucket-sure-jackal/*", - "arn:aws:s3:::s3-bucket-sure-jackal" - ], - "Condition": { - "Bool": { - "aws:SecureTransport": "false" - } - } - }, - { - "Sid": "denyUnencryptedObjectUploads", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal/*", - "Condition": { - "Null": { - "s3:x-amz-server-side-encryption": "true" - } - } - }, - { - "Sid": "denySSECEncryptedObjectUploads", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal/*", - "Condition": { - "Null": { - "s3:x-amz-server-side-encryption-customer-algorithm": "false" - } - } - }, - { - "Sid": "denyIncorrectKmsKeySse", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal/*", - "Condition": { - "StringNotEquals": { - "s3:x-amz-server-side-encryption-aws-kms-key-id": "arn:aws:kms:eu-west-1:211203495394:key/34307c6a-e2e3-4f56-8543-fa92dd73df4f" - } - } - }, - { - "Sid": "denyIncorrectEncryptionHeaders", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal/*", - "Condition": { - "StringNotEquals": { - "s3:x-amz-server-side-encryption": "aws:kms" - } - } - }, - { - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:role/terraform-20251019182000328500000001" - }, - "Action": "s3:ListBucket", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal" - } - ] - }, - "encryption": "aws:kms", - "region": "eu-west-1", - "logging_target_bucket": "logs-sure-jackal", - "ownership": "BucketOwnerPreferred", - "object_lock": true, - "mfa_delete": false, - "tags": [ - { - "Key": "Owner", - "Value": "Anton" - } - ], - "lifecycle": [ - { - "id": "log", - "status": "Enabled" - }, - { - "id": "log1", - "status": "Enabled" - }, - { - "id": "log2", - "status": "Enabled" - } - ], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [ - "Owner:Anton" - ], - "name": "s3-bucket-sure-jackal", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::s3-bucket-sure-jackal" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Ensure that S3 buckets have encryption at rest enabled using KMS.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingKMSEncryption.html" - ] - }, - "risk_details": "Amazon S3 KMS encryption provides a way to set the encryption behavior for an S3 bucket using a managed key. This will ensure data-at-rest is encrypted.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Server Side Encryption is not configured with kms for S3 Bucket simple-sure-jackal.", - "metadata": { - "event_code": "s3_bucket_kms_encryption", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Server Side Encryption is not configured with kms for S3 Bucket simple-sure-jackal.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingKMSEncryption.html", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "OPS-31.01B", - "IAM-07.03B", - "CRY-01.02AC", - "CRY-05.02B", - "CRY-05.01AC", - "PSS-12.02B" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.2" - ], - "PCI-4.0": [ - "3.5.1.31", - "8.3.2.50" - ], - "PCI-3.2.1": [ - "3.4", - "3.4.1", - "3.4.1.a", - "3.4.1.c", - "3.4.a", - "3.4.b", - "3.4.d", - "8.2", - "8.2.1", - "8.2.1.a" - ], - "CCC": [ - "CCC.ObjStor.CN01.AR01", - "CCC.ObjStor.CN01.AR03", - "CCC.Core.CN02.AR01" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.17" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Check if S3 buckets have KMS encryption enabled.", - "title": "Check if S3 buckets have KMS encryption enabled.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_kms_encryption-211203495394-eu-west-1-simple-sure-jackal" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::simple-sure-jackal", - "name": "simple-sure-jackal", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "eu-west-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "simple-sure-jackal", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::simple-sure-jackal" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Ensure that S3 buckets have encryption at rest enabled using KMS.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingKMSEncryption.html" - ] - }, - "risk_details": "Amazon S3 KMS encryption provides a way to set the encryption behavior for an S3 bucket using a managed key. This will ensure data-at-rest is encrypted.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Server Side Encryption is not configured with kms for S3 Bucket test-bucket-obj-untrusted.", - "metadata": { - "event_code": "s3_bucket_kms_encryption", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Server Side Encryption is not configured with kms for S3 Bucket test-bucket-obj-untrusted.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingKMSEncryption.html", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "OPS-31.01B", - "IAM-07.03B", - "CRY-01.02AC", - "CRY-05.02B", - "CRY-05.01AC", - "PSS-12.02B" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.2" - ], - "PCI-4.0": [ - "3.5.1.31", - "8.3.2.50" - ], - "PCI-3.2.1": [ - "3.4", - "3.4.1", - "3.4.1.a", - "3.4.1.c", - "3.4.a", - "3.4.b", - "3.4.d", - "8.2", - "8.2.1", - "8.2.1.a" - ], - "CCC": [ - "CCC.ObjStor.CN01.AR01", - "CCC.ObjStor.CN01.AR03", - "CCC.Core.CN02.AR01" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.17" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Check if S3 buckets have KMS encryption enabled.", - "title": "Check if S3 buckets have KMS encryption enabled.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_kms_encryption-211203495394-us-east-1-test-bucket-obj-untrusted" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::test-bucket-obj-untrusted", - "name": "test-bucket-obj-untrusted", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "us-east-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "test-bucket-obj-untrusted", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::test-bucket-obj-untrusted" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Ensure that S3 buckets have encryption at rest enabled using KMS.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingKMSEncryption.html" - ] - }, - "risk_details": "Amazon S3 KMS encryption provides a way to set the encryption behavior for an S3 bucket using a managed key. This will ensure data-at-rest is encrypted.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Server Side Encryption is not configured with kms for S3 Bucket test-bucket-untrusted-kms.", - "metadata": { - "event_code": "s3_bucket_kms_encryption", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Server Side Encryption is not configured with kms for S3 Bucket test-bucket-untrusted-kms.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingKMSEncryption.html", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "OPS-31.01B", - "IAM-07.03B", - "CRY-01.02AC", - "CRY-05.02B", - "CRY-05.01AC", - "PSS-12.02B" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.2" - ], - "PCI-4.0": [ - "3.5.1.31", - "8.3.2.50" - ], - "PCI-3.2.1": [ - "3.4", - "3.4.1", - "3.4.1.a", - "3.4.1.c", - "3.4.a", - "3.4.b", - "3.4.d", - "8.2", - "8.2.1", - "8.2.1.a" - ], - "CCC": [ - "CCC.ObjStor.CN01.AR01", - "CCC.ObjStor.CN01.AR03", - "CCC.Core.CN02.AR01" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.17" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Check if S3 buckets have KMS encryption enabled.", - "title": "Check if S3 buckets have KMS encryption enabled.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_kms_encryption-211203495394-us-east-1-test-bucket-untrusted-kms" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::test-bucket-untrusted-kms", - "name": "test-bucket-untrusted-kms", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "us-east-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "test-bucket-untrusted-kms", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::test-bucket-untrusted-kms" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Ensure that S3 buckets have encryption at rest enabled using KMS.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingKMSEncryption.html" - ] - }, - "risk_details": "Amazon S3 KMS encryption provides a way to set the encryption behavior for an S3 bucket using a managed key. This will ensure data-at-rest is encrypted.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Block Public Access is configured for the S3 Bucket cloudfront-logs-sure-jackal.", - "metadata": { - "event_code": "s3_bucket_level_public_access_block", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Block Public Access is configured for the S3 Bucket cloudfront-logs-sure-jackal.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "PS-03.02B", - "IAM-10.01B", - "COS-02.01B" - ], - "CIS-3.0": [ - "2.1.4" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.1", - "2.6.2", - "2.10.2" - ], - "CIS-4.0.1": [ - "2.1.4" - ], - "CIS-5.0": [ - "2.1.4" - ], - "CIS-1.4": [ - "2.1.5" - ], - "CCC": [ - "CCC.Logging.CN05.AR01" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.8" - ], - "CIS-1.5": [ - "2.1.5" - ], - "AWS-Account-Security-Onboarding": [ - "S3 Block Public Access" - ], - "KISA-ISMS-P-2023": [ - "2.6.1", - "2.6.2", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1530" - ], - "CIS-2.0": [ - "2.1.4" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Check S3 Bucket Level Public Access Block.", - "title": "Check S3 Bucket Level Public Access Block.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_level_public_access_block-211203495394-eu-west-1-cloudfront-logs-sure-jackal" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::cloudfront-logs-sure-jackal", - "name": "cloudfront-logs-sure-jackal", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "awslogsdelivery+s3_us-east-1", - "ID": "c4c1ede66af53448b93c283ce9448c4ba468c9432aa01d700d3878632f77d2d0", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - }, - { - "display_name": null, - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "eu-west-1", - "logging_target_bucket": null, - "ownership": "ObjectWriter", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "cloudfront-logs-sure-jackal", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::cloudfront-logs-sure-jackal" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "You can enable Public Access Block at the bucket level to prevent the exposure of your data stored in S3.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html" - ] - }, - "risk_details": "Public access policies may be applied to sensitive data buckets.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Block Public Access is configured for the S3 Bucket logs-sure-jackal.", - "metadata": { - "event_code": "s3_bucket_level_public_access_block", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Block Public Access is configured for the S3 Bucket logs-sure-jackal.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "PS-03.02B", - "IAM-10.01B", - "COS-02.01B" - ], - "CIS-3.0": [ - "2.1.4" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.1", - "2.6.2", - "2.10.2" - ], - "CIS-4.0.1": [ - "2.1.4" - ], - "CIS-5.0": [ - "2.1.4" - ], - "CIS-1.4": [ - "2.1.5" - ], - "CCC": [ - "CCC.Logging.CN05.AR01" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.8" - ], - "CIS-1.5": [ - "2.1.5" - ], - "AWS-Account-Security-Onboarding": [ - "S3 Block Public Access" - ], - "KISA-ISMS-P-2023": [ - "2.6.1", - "2.6.2", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1530" - ], - "CIS-2.0": [ - "2.1.4" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Check S3 Bucket Level Public Access Block.", - "title": "Check S3 Bucket Level Public Access Block.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_level_public_access_block-211203495394-eu-west-1-logs-sure-jackal" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::logs-sure-jackal", - "name": "logs-sure-jackal", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "ELBRegionEu-West-1", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::156460612806:root" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/*" - }, - { - "Effect": "Allow", - "Principal": { - "Service": "logdelivery.elasticloadbalancing.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/*" - }, - { - "Sid": "AlbNlbLogDeliveryWrite", - "Effect": "Allow", - "Principal": { - "Service": "delivery.logs.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/*", - "Condition": { - "StringEquals": { - "s3:x-amz-acl": "bucket-owner-full-control", - "aws:ResourceOrgID": "o-123456" - } - } - }, - { - "Sid": "AlbNlbLogDeliveryAclCheck", - "Effect": "Allow", - "Principal": { - "Service": "delivery.logs.amazonaws.com" - }, - "Action": [ - "s3:ListBucket", - "s3:GetBucketAcl" - ], - "Resource": "arn:aws:s3:::logs-sure-jackal", - "Condition": { - "StringEquals": { - "aws:ResourceOrgID": "o-123456" - } - } - }, - { - "Sid": "AWSAccessLogDeliveryWrite", - "Effect": "Allow", - "Principal": { - "Service": "logging.s3.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/*", - "Condition": { - "StringEquals": { - "aws:ResourceOrgID": "o-123456" - }, - "ForAnyValue:StringEquals": { - "aws:SourceAccount": "211203495394" - }, - "ForAnyValue:ArnLike": { - "aws:SourceArn": "arn:aws:s3:::s3-bucket-sure-jackal" - } - } - }, - { - "Sid": "AWSAccessLogDeliveryAclCheck", - "Effect": "Allow", - "Principal": { - "Service": "logging.s3.amazonaws.com" - }, - "Action": "s3:GetBucketAcl", - "Resource": "arn:aws:s3:::logs-sure-jackal", - "Condition": { - "StringEquals": { - "aws:ResourceOrgID": "o-123456" - } - } - }, - { - "Sid": "AWSCloudTrailAclCheck", - "Effect": "Allow", - "Principal": { - "Service": "cloudtrail.amazonaws.com" - }, - "Action": "s3:GetBucketAcl", - "Resource": "arn:aws:s3:::logs-sure-jackal" - }, - { - "Sid": "AWSCloudTrailWrite", - "Effect": "Allow", - "Principal": { - "Service": "cloudtrail.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/AWSLogs/*", - "Condition": { - "StringEquals": { - "s3:x-amz-acl": "bucket-owner-full-control" - } - } - }, - { - "Sid": "denyOutdatedTLS", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:*", - "Resource": [ - "arn:aws:s3:::logs-sure-jackal/*", - "arn:aws:s3:::logs-sure-jackal" - ], - "Condition": { - "NumericLessThan": { - "s3:TlsVersion": "1.2" - } - } - }, - { - "Sid": "denyInsecureTransport", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:*", - "Resource": [ - "arn:aws:s3:::logs-sure-jackal/*", - "arn:aws:s3:::logs-sure-jackal" - ], - "Condition": { - "Bool": { - "aws:SecureTransport": "false" - } - } - }, - { - "Sid": "WafLogDeliveryWrite", - "Effect": "Allow", - "Principal": { - "Service": "delivery.logs.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/AWSLogs/211203495394/*", - "Condition": { - "StringEquals": { - "aws:SourceAccount": "211203495394", - "s3:x-amz-acl": "bucket-owner-full-control" - }, - "ArnLike": { - "aws:SourceArn": "arn:aws:logs:eu-west-1:211203495394:*" - } - } - }, - { - "Sid": "WafLogDeliveryAclCheck", - "Effect": "Allow", - "Principal": { - "Service": "delivery.logs.amazonaws.com" - }, - "Action": "s3:GetBucketAcl", - "Resource": "arn:aws:s3:::logs-sure-jackal", - "Condition": { - "StringEquals": { - "aws:SourceAccount": "211203495394" - }, - "ArnLike": { - "aws:SourceArn": "arn:aws:logs:eu-west-1:211203495394:*" - } - } - } - ] - }, - "encryption": "AES256", - "region": "eu-west-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "logs-sure-jackal", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::logs-sure-jackal" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "You can enable Public Access Block at the bucket level to prevent the exposure of your data stored in S3.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html" - ] - }, - "risk_details": "Public access policies may be applied to sensitive data buckets.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Block Public Access is configured for the S3 Bucket s3-bucket-sure-jackal.", - "metadata": { - "event_code": "s3_bucket_level_public_access_block", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Block Public Access is configured for the S3 Bucket s3-bucket-sure-jackal.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "PS-03.02B", - "IAM-10.01B", - "COS-02.01B" - ], - "CIS-3.0": [ - "2.1.4" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.1", - "2.6.2", - "2.10.2" - ], - "CIS-4.0.1": [ - "2.1.4" - ], - "CIS-5.0": [ - "2.1.4" - ], - "CIS-1.4": [ - "2.1.5" - ], - "CCC": [ - "CCC.Logging.CN05.AR01" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.8" - ], - "CIS-1.5": [ - "2.1.5" - ], - "AWS-Account-Security-Onboarding": [ - "S3 Block Public Access" - ], - "KISA-ISMS-P-2023": [ - "2.6.1", - "2.6.2", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1530" - ], - "CIS-2.0": [ - "2.1.4" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Check S3 Bucket Level Public Access Block.", - "title": "Check S3 Bucket Level Public Access Block.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_level_public_access_block-211203495394-eu-west-1-s3-bucket-sure-jackal" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::s3-bucket-sure-jackal", - "name": "s3-bucket-sure-jackal", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": true, - "logging": true, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": null, - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "denyOutdatedTLS", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:*", - "Resource": [ - "arn:aws:s3:::s3-bucket-sure-jackal/*", - "arn:aws:s3:::s3-bucket-sure-jackal" - ], - "Condition": { - "NumericLessThan": { - "s3:TlsVersion": "1.2" - } - } - }, - { - "Sid": "denyInsecureTransport", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:*", - "Resource": [ - "arn:aws:s3:::s3-bucket-sure-jackal/*", - "arn:aws:s3:::s3-bucket-sure-jackal" - ], - "Condition": { - "Bool": { - "aws:SecureTransport": "false" - } - } - }, - { - "Sid": "denyUnencryptedObjectUploads", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal/*", - "Condition": { - "Null": { - "s3:x-amz-server-side-encryption": "true" - } - } - }, - { - "Sid": "denySSECEncryptedObjectUploads", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal/*", - "Condition": { - "Null": { - "s3:x-amz-server-side-encryption-customer-algorithm": "false" - } - } - }, - { - "Sid": "denyIncorrectKmsKeySse", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal/*", - "Condition": { - "StringNotEquals": { - "s3:x-amz-server-side-encryption-aws-kms-key-id": "arn:aws:kms:eu-west-1:211203495394:key/34307c6a-e2e3-4f56-8543-fa92dd73df4f" - } - } - }, - { - "Sid": "denyIncorrectEncryptionHeaders", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal/*", - "Condition": { - "StringNotEquals": { - "s3:x-amz-server-side-encryption": "aws:kms" - } - } - }, - { - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:role/terraform-20251019182000328500000001" - }, - "Action": "s3:ListBucket", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal" - } - ] - }, - "encryption": "aws:kms", - "region": "eu-west-1", - "logging_target_bucket": "logs-sure-jackal", - "ownership": "BucketOwnerPreferred", - "object_lock": true, - "mfa_delete": false, - "tags": [ - { - "Key": "Owner", - "Value": "Anton" - } - ], - "lifecycle": [ - { - "id": "log", - "status": "Enabled" - }, - { - "id": "log1", - "status": "Enabled" - }, - { - "id": "log2", - "status": "Enabled" - } - ], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [ - "Owner:Anton" - ], - "name": "s3-bucket-sure-jackal", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::s3-bucket-sure-jackal" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "You can enable Public Access Block at the bucket level to prevent the exposure of your data stored in S3.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html" - ] - }, - "risk_details": "Public access policies may be applied to sensitive data buckets.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Block Public Access is configured for the S3 Bucket simple-sure-jackal.", - "metadata": { - "event_code": "s3_bucket_level_public_access_block", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Block Public Access is configured for the S3 Bucket simple-sure-jackal.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "PS-03.02B", - "IAM-10.01B", - "COS-02.01B" - ], - "CIS-3.0": [ - "2.1.4" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.1", - "2.6.2", - "2.10.2" - ], - "CIS-4.0.1": [ - "2.1.4" - ], - "CIS-5.0": [ - "2.1.4" - ], - "CIS-1.4": [ - "2.1.5" - ], - "CCC": [ - "CCC.Logging.CN05.AR01" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.8" - ], - "CIS-1.5": [ - "2.1.5" - ], - "AWS-Account-Security-Onboarding": [ - "S3 Block Public Access" - ], - "KISA-ISMS-P-2023": [ - "2.6.1", - "2.6.2", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1530" - ], - "CIS-2.0": [ - "2.1.4" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Check S3 Bucket Level Public Access Block.", - "title": "Check S3 Bucket Level Public Access Block.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_level_public_access_block-211203495394-eu-west-1-simple-sure-jackal" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::simple-sure-jackal", - "name": "simple-sure-jackal", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "eu-west-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "simple-sure-jackal", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::simple-sure-jackal" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "You can enable Public Access Block at the bucket level to prevent the exposure of your data stored in S3.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html" - ] - }, - "risk_details": "Public access policies may be applied to sensitive data buckets.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Block Public Access is configured for the S3 Bucket test-bucket-obj-untrusted.", - "metadata": { - "event_code": "s3_bucket_level_public_access_block", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Block Public Access is configured for the S3 Bucket test-bucket-obj-untrusted.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "PS-03.02B", - "IAM-10.01B", - "COS-02.01B" - ], - "CIS-3.0": [ - "2.1.4" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.1", - "2.6.2", - "2.10.2" - ], - "CIS-4.0.1": [ - "2.1.4" - ], - "CIS-5.0": [ - "2.1.4" - ], - "CIS-1.4": [ - "2.1.5" - ], - "CCC": [ - "CCC.Logging.CN05.AR01" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.8" - ], - "CIS-1.5": [ - "2.1.5" - ], - "AWS-Account-Security-Onboarding": [ - "S3 Block Public Access" - ], - "KISA-ISMS-P-2023": [ - "2.6.1", - "2.6.2", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1530" - ], - "CIS-2.0": [ - "2.1.4" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Check S3 Bucket Level Public Access Block.", - "title": "Check S3 Bucket Level Public Access Block.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_level_public_access_block-211203495394-us-east-1-test-bucket-obj-untrusted" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::test-bucket-obj-untrusted", - "name": "test-bucket-obj-untrusted", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "us-east-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "test-bucket-obj-untrusted", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::test-bucket-obj-untrusted" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "You can enable Public Access Block at the bucket level to prevent the exposure of your data stored in S3.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html" - ] - }, - "risk_details": "Public access policies may be applied to sensitive data buckets.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Block Public Access is configured for the S3 Bucket test-bucket-untrusted-kms.", - "metadata": { - "event_code": "s3_bucket_level_public_access_block", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Block Public Access is configured for the S3 Bucket test-bucket-untrusted-kms.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "PS-03.02B", - "IAM-10.01B", - "COS-02.01B" - ], - "CIS-3.0": [ - "2.1.4" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.1", - "2.6.2", - "2.10.2" - ], - "CIS-4.0.1": [ - "2.1.4" - ], - "CIS-5.0": [ - "2.1.4" - ], - "CIS-1.4": [ - "2.1.5" - ], - "CCC": [ - "CCC.Logging.CN05.AR01" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.8" - ], - "CIS-1.5": [ - "2.1.5" - ], - "AWS-Account-Security-Onboarding": [ - "S3 Block Public Access" - ], - "KISA-ISMS-P-2023": [ - "2.6.1", - "2.6.2", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1530" - ], - "CIS-2.0": [ - "2.1.4" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Check S3 Bucket Level Public Access Block.", - "title": "Check S3 Bucket Level Public Access Block.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_level_public_access_block-211203495394-us-east-1-test-bucket-untrusted-kms" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::test-bucket-untrusted-kms", - "name": "test-bucket-untrusted-kms", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "us-east-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "test-bucket-untrusted-kms", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::test-bucket-untrusted-kms" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "You can enable Public Access Block at the bucket level to prevent the exposure of your data stored in S3.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html" - ] - }, - "risk_details": "Public access policies may be applied to sensitive data buckets.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket cloudfront-logs-sure-jackal does not have a lifecycle configuration enabled.", - "metadata": { - "event_code": "s3_bucket_lifecycle_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "S3 Bucket cloudfront-logs-sure-jackal does not have a lifecycle configuration enabled.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lifecycle-mgmt.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OPS-32.02B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.3", - "2.12.1" - ], - "PCI-4.0": [ - "10.5.1.12", - "10.5.1.13", - "3.2.1.8", - "3.2.1.9", - "3.3.1.1.8", - "3.3.1.1.9", - "3.3.1.3.8", - "3.3.1.3.9", - "3.3.2.8", - "3.3.2.9", - "3.3.3.8", - "3.3.3.9" - ], - "PCI-3.2.1": [ - "3.1", - "3.1.a", - "3.2", - "3.2.c", - "10.7", - "10.7.a" - ], - "CCC": [ - "CCC.AuditLog.CN06.AR01", - "CCC.CntrReg.CN02.AR01", - "CCC.ObjStor.CN03.AR01", - "CCC.ObjStor.CN03.AR02" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.13" - ], - "ISO27001-2022": [ - "A.8.10" - ], - "KISA-ISMS-P-2023": [ - "2.9.3", - "2.12.1" - ], - "NIS2": [ - "12.2.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Check if S3 buckets have Lifecycle configuration enabled.", - "title": "Check if S3 buckets have a Lifecycle configuration enabled", - "types": [ - "AWS Foundational Security Best Practices" - ], - "uid": "prowler-aws-s3_bucket_lifecycle_enabled-211203495394-eu-west-1-cloudfront-logs-sure-jackal" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::cloudfront-logs-sure-jackal", - "name": "cloudfront-logs-sure-jackal", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "awslogsdelivery+s3_us-east-1", - "ID": "c4c1ede66af53448b93c283ce9448c4ba468c9432aa01d700d3878632f77d2d0", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - }, - { - "display_name": null, - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "eu-west-1", - "logging_target_bucket": null, - "ownership": "ObjectWriter", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "cloudfront-logs-sure-jackal", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::cloudfront-logs-sure-jackal" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Enable lifecycle policies on your S3 buckets to automatically manage the transition and expiration of data.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/how-to-set-lifecycle-configuration-intro.html" - ] - }, - "risk_details": "The risks of not having lifecycle management enabled for S3 buckets include higher storage costs, unmanaged data retention, and potential non-compliance with data policies.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket logs-sure-jackal does not have a lifecycle configuration enabled.", - "metadata": { - "event_code": "s3_bucket_lifecycle_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "S3 Bucket logs-sure-jackal does not have a lifecycle configuration enabled.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lifecycle-mgmt.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OPS-32.02B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.3", - "2.12.1" - ], - "PCI-4.0": [ - "10.5.1.12", - "10.5.1.13", - "3.2.1.8", - "3.2.1.9", - "3.3.1.1.8", - "3.3.1.1.9", - "3.3.1.3.8", - "3.3.1.3.9", - "3.3.2.8", - "3.3.2.9", - "3.3.3.8", - "3.3.3.9" - ], - "PCI-3.2.1": [ - "3.1", - "3.1.a", - "3.2", - "3.2.c", - "10.7", - "10.7.a" - ], - "CCC": [ - "CCC.AuditLog.CN06.AR01", - "CCC.CntrReg.CN02.AR01", - "CCC.ObjStor.CN03.AR01", - "CCC.ObjStor.CN03.AR02" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.13" - ], - "ISO27001-2022": [ - "A.8.10" - ], - "KISA-ISMS-P-2023": [ - "2.9.3", - "2.12.1" - ], - "NIS2": [ - "12.2.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Check if S3 buckets have Lifecycle configuration enabled.", - "title": "Check if S3 buckets have a Lifecycle configuration enabled", - "types": [ - "AWS Foundational Security Best Practices" - ], - "uid": "prowler-aws-s3_bucket_lifecycle_enabled-211203495394-eu-west-1-logs-sure-jackal" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::logs-sure-jackal", - "name": "logs-sure-jackal", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "ELBRegionEu-West-1", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::156460612806:root" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/*" - }, - { - "Effect": "Allow", - "Principal": { - "Service": "logdelivery.elasticloadbalancing.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/*" - }, - { - "Sid": "AlbNlbLogDeliveryWrite", - "Effect": "Allow", - "Principal": { - "Service": "delivery.logs.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/*", - "Condition": { - "StringEquals": { - "s3:x-amz-acl": "bucket-owner-full-control", - "aws:ResourceOrgID": "o-123456" - } - } - }, - { - "Sid": "AlbNlbLogDeliveryAclCheck", - "Effect": "Allow", - "Principal": { - "Service": "delivery.logs.amazonaws.com" - }, - "Action": [ - "s3:ListBucket", - "s3:GetBucketAcl" - ], - "Resource": "arn:aws:s3:::logs-sure-jackal", - "Condition": { - "StringEquals": { - "aws:ResourceOrgID": "o-123456" - } - } - }, - { - "Sid": "AWSAccessLogDeliveryWrite", - "Effect": "Allow", - "Principal": { - "Service": "logging.s3.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/*", - "Condition": { - "StringEquals": { - "aws:ResourceOrgID": "o-123456" - }, - "ForAnyValue:StringEquals": { - "aws:SourceAccount": "211203495394" - }, - "ForAnyValue:ArnLike": { - "aws:SourceArn": "arn:aws:s3:::s3-bucket-sure-jackal" - } - } - }, - { - "Sid": "AWSAccessLogDeliveryAclCheck", - "Effect": "Allow", - "Principal": { - "Service": "logging.s3.amazonaws.com" - }, - "Action": "s3:GetBucketAcl", - "Resource": "arn:aws:s3:::logs-sure-jackal", - "Condition": { - "StringEquals": { - "aws:ResourceOrgID": "o-123456" - } - } - }, - { - "Sid": "AWSCloudTrailAclCheck", - "Effect": "Allow", - "Principal": { - "Service": "cloudtrail.amazonaws.com" - }, - "Action": "s3:GetBucketAcl", - "Resource": "arn:aws:s3:::logs-sure-jackal" - }, - { - "Sid": "AWSCloudTrailWrite", - "Effect": "Allow", - "Principal": { - "Service": "cloudtrail.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/AWSLogs/*", - "Condition": { - "StringEquals": { - "s3:x-amz-acl": "bucket-owner-full-control" - } - } - }, - { - "Sid": "denyOutdatedTLS", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:*", - "Resource": [ - "arn:aws:s3:::logs-sure-jackal/*", - "arn:aws:s3:::logs-sure-jackal" - ], - "Condition": { - "NumericLessThan": { - "s3:TlsVersion": "1.2" - } - } - }, - { - "Sid": "denyInsecureTransport", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:*", - "Resource": [ - "arn:aws:s3:::logs-sure-jackal/*", - "arn:aws:s3:::logs-sure-jackal" - ], - "Condition": { - "Bool": { - "aws:SecureTransport": "false" - } - } - }, - { - "Sid": "WafLogDeliveryWrite", - "Effect": "Allow", - "Principal": { - "Service": "delivery.logs.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/AWSLogs/211203495394/*", - "Condition": { - "StringEquals": { - "aws:SourceAccount": "211203495394", - "s3:x-amz-acl": "bucket-owner-full-control" - }, - "ArnLike": { - "aws:SourceArn": "arn:aws:logs:eu-west-1:211203495394:*" - } - } - }, - { - "Sid": "WafLogDeliveryAclCheck", - "Effect": "Allow", - "Principal": { - "Service": "delivery.logs.amazonaws.com" - }, - "Action": "s3:GetBucketAcl", - "Resource": "arn:aws:s3:::logs-sure-jackal", - "Condition": { - "StringEquals": { - "aws:SourceAccount": "211203495394" - }, - "ArnLike": { - "aws:SourceArn": "arn:aws:logs:eu-west-1:211203495394:*" - } - } - } - ] - }, - "encryption": "AES256", - "region": "eu-west-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "logs-sure-jackal", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::logs-sure-jackal" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Enable lifecycle policies on your S3 buckets to automatically manage the transition and expiration of data.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/how-to-set-lifecycle-configuration-intro.html" - ] - }, - "risk_details": "The risks of not having lifecycle management enabled for S3 buckets include higher storage costs, unmanaged data retention, and potential non-compliance with data policies.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket s3-bucket-sure-jackal has a lifecycle configuration enabled.", - "metadata": { - "event_code": "s3_bucket_lifecycle_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 Bucket s3-bucket-sure-jackal has a lifecycle configuration enabled.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lifecycle-mgmt.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OPS-32.02B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.3", - "2.12.1" - ], - "PCI-4.0": [ - "10.5.1.12", - "10.5.1.13", - "3.2.1.8", - "3.2.1.9", - "3.3.1.1.8", - "3.3.1.1.9", - "3.3.1.3.8", - "3.3.1.3.9", - "3.3.2.8", - "3.3.2.9", - "3.3.3.8", - "3.3.3.9" - ], - "PCI-3.2.1": [ - "3.1", - "3.1.a", - "3.2", - "3.2.c", - "10.7", - "10.7.a" - ], - "CCC": [ - "CCC.AuditLog.CN06.AR01", - "CCC.CntrReg.CN02.AR01", - "CCC.ObjStor.CN03.AR01", - "CCC.ObjStor.CN03.AR02" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.13" - ], - "ISO27001-2022": [ - "A.8.10" - ], - "KISA-ISMS-P-2023": [ - "2.9.3", - "2.12.1" - ], - "NIS2": [ - "12.2.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Check if S3 buckets have Lifecycle configuration enabled.", - "title": "Check if S3 buckets have a Lifecycle configuration enabled", - "types": [ - "AWS Foundational Security Best Practices" - ], - "uid": "prowler-aws-s3_bucket_lifecycle_enabled-211203495394-eu-west-1-s3-bucket-sure-jackal" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::s3-bucket-sure-jackal", - "name": "s3-bucket-sure-jackal", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": true, - "logging": true, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": null, - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "denyOutdatedTLS", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:*", - "Resource": [ - "arn:aws:s3:::s3-bucket-sure-jackal/*", - "arn:aws:s3:::s3-bucket-sure-jackal" - ], - "Condition": { - "NumericLessThan": { - "s3:TlsVersion": "1.2" - } - } - }, - { - "Sid": "denyInsecureTransport", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:*", - "Resource": [ - "arn:aws:s3:::s3-bucket-sure-jackal/*", - "arn:aws:s3:::s3-bucket-sure-jackal" - ], - "Condition": { - "Bool": { - "aws:SecureTransport": "false" - } - } - }, - { - "Sid": "denyUnencryptedObjectUploads", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal/*", - "Condition": { - "Null": { - "s3:x-amz-server-side-encryption": "true" - } - } - }, - { - "Sid": "denySSECEncryptedObjectUploads", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal/*", - "Condition": { - "Null": { - "s3:x-amz-server-side-encryption-customer-algorithm": "false" - } - } - }, - { - "Sid": "denyIncorrectKmsKeySse", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal/*", - "Condition": { - "StringNotEquals": { - "s3:x-amz-server-side-encryption-aws-kms-key-id": "arn:aws:kms:eu-west-1:211203495394:key/34307c6a-e2e3-4f56-8543-fa92dd73df4f" - } - } - }, - { - "Sid": "denyIncorrectEncryptionHeaders", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal/*", - "Condition": { - "StringNotEquals": { - "s3:x-amz-server-side-encryption": "aws:kms" - } - } - }, - { - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:role/terraform-20251019182000328500000001" - }, - "Action": "s3:ListBucket", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal" - } - ] - }, - "encryption": "aws:kms", - "region": "eu-west-1", - "logging_target_bucket": "logs-sure-jackal", - "ownership": "BucketOwnerPreferred", - "object_lock": true, - "mfa_delete": false, - "tags": [ - { - "Key": "Owner", - "Value": "Anton" - } - ], - "lifecycle": [ - { - "id": "log", - "status": "Enabled" - }, - { - "id": "log1", - "status": "Enabled" - }, - { - "id": "log2", - "status": "Enabled" - } - ], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [ - "Owner:Anton" - ], - "name": "s3-bucket-sure-jackal", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::s3-bucket-sure-jackal" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Enable lifecycle policies on your S3 buckets to automatically manage the transition and expiration of data.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/how-to-set-lifecycle-configuration-intro.html" - ] - }, - "risk_details": "The risks of not having lifecycle management enabled for S3 buckets include higher storage costs, unmanaged data retention, and potential non-compliance with data policies.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket simple-sure-jackal does not have a lifecycle configuration enabled.", - "metadata": { - "event_code": "s3_bucket_lifecycle_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "S3 Bucket simple-sure-jackal does not have a lifecycle configuration enabled.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lifecycle-mgmt.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OPS-32.02B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.3", - "2.12.1" - ], - "PCI-4.0": [ - "10.5.1.12", - "10.5.1.13", - "3.2.1.8", - "3.2.1.9", - "3.3.1.1.8", - "3.3.1.1.9", - "3.3.1.3.8", - "3.3.1.3.9", - "3.3.2.8", - "3.3.2.9", - "3.3.3.8", - "3.3.3.9" - ], - "PCI-3.2.1": [ - "3.1", - "3.1.a", - "3.2", - "3.2.c", - "10.7", - "10.7.a" - ], - "CCC": [ - "CCC.AuditLog.CN06.AR01", - "CCC.CntrReg.CN02.AR01", - "CCC.ObjStor.CN03.AR01", - "CCC.ObjStor.CN03.AR02" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.13" - ], - "ISO27001-2022": [ - "A.8.10" - ], - "KISA-ISMS-P-2023": [ - "2.9.3", - "2.12.1" - ], - "NIS2": [ - "12.2.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Check if S3 buckets have Lifecycle configuration enabled.", - "title": "Check if S3 buckets have a Lifecycle configuration enabled", - "types": [ - "AWS Foundational Security Best Practices" - ], - "uid": "prowler-aws-s3_bucket_lifecycle_enabled-211203495394-eu-west-1-simple-sure-jackal" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::simple-sure-jackal", - "name": "simple-sure-jackal", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "eu-west-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "simple-sure-jackal", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::simple-sure-jackal" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Enable lifecycle policies on your S3 buckets to automatically manage the transition and expiration of data.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/how-to-set-lifecycle-configuration-intro.html" - ] - }, - "risk_details": "The risks of not having lifecycle management enabled for S3 buckets include higher storage costs, unmanaged data retention, and potential non-compliance with data policies.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket test-bucket-obj-untrusted does not have a lifecycle configuration enabled.", - "metadata": { - "event_code": "s3_bucket_lifecycle_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "S3 Bucket test-bucket-obj-untrusted does not have a lifecycle configuration enabled.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lifecycle-mgmt.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OPS-32.02B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.3", - "2.12.1" - ], - "PCI-4.0": [ - "10.5.1.12", - "10.5.1.13", - "3.2.1.8", - "3.2.1.9", - "3.3.1.1.8", - "3.3.1.1.9", - "3.3.1.3.8", - "3.3.1.3.9", - "3.3.2.8", - "3.3.2.9", - "3.3.3.8", - "3.3.3.9" - ], - "PCI-3.2.1": [ - "3.1", - "3.1.a", - "3.2", - "3.2.c", - "10.7", - "10.7.a" - ], - "CCC": [ - "CCC.AuditLog.CN06.AR01", - "CCC.CntrReg.CN02.AR01", - "CCC.ObjStor.CN03.AR01", - "CCC.ObjStor.CN03.AR02" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.13" - ], - "ISO27001-2022": [ - "A.8.10" - ], - "KISA-ISMS-P-2023": [ - "2.9.3", - "2.12.1" - ], - "NIS2": [ - "12.2.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Check if S3 buckets have Lifecycle configuration enabled.", - "title": "Check if S3 buckets have a Lifecycle configuration enabled", - "types": [ - "AWS Foundational Security Best Practices" - ], - "uid": "prowler-aws-s3_bucket_lifecycle_enabled-211203495394-us-east-1-test-bucket-obj-untrusted" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::test-bucket-obj-untrusted", - "name": "test-bucket-obj-untrusted", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "us-east-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "test-bucket-obj-untrusted", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::test-bucket-obj-untrusted" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Enable lifecycle policies on your S3 buckets to automatically manage the transition and expiration of data.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/how-to-set-lifecycle-configuration-intro.html" - ] - }, - "risk_details": "The risks of not having lifecycle management enabled for S3 buckets include higher storage costs, unmanaged data retention, and potential non-compliance with data policies.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket test-bucket-untrusted-kms does not have a lifecycle configuration enabled.", - "metadata": { - "event_code": "s3_bucket_lifecycle_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "S3 Bucket test-bucket-untrusted-kms does not have a lifecycle configuration enabled.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lifecycle-mgmt.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OPS-32.02B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.3", - "2.12.1" - ], - "PCI-4.0": [ - "10.5.1.12", - "10.5.1.13", - "3.2.1.8", - "3.2.1.9", - "3.3.1.1.8", - "3.3.1.1.9", - "3.3.1.3.8", - "3.3.1.3.9", - "3.3.2.8", - "3.3.2.9", - "3.3.3.8", - "3.3.3.9" - ], - "PCI-3.2.1": [ - "3.1", - "3.1.a", - "3.2", - "3.2.c", - "10.7", - "10.7.a" - ], - "CCC": [ - "CCC.AuditLog.CN06.AR01", - "CCC.CntrReg.CN02.AR01", - "CCC.ObjStor.CN03.AR01", - "CCC.ObjStor.CN03.AR02" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.13" - ], - "ISO27001-2022": [ - "A.8.10" - ], - "KISA-ISMS-P-2023": [ - "2.9.3", - "2.12.1" - ], - "NIS2": [ - "12.2.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Check if S3 buckets have Lifecycle configuration enabled.", - "title": "Check if S3 buckets have a Lifecycle configuration enabled", - "types": [ - "AWS Foundational Security Best Practices" - ], - "uid": "prowler-aws-s3_bucket_lifecycle_enabled-211203495394-us-east-1-test-bucket-untrusted-kms" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::test-bucket-untrusted-kms", - "name": "test-bucket-untrusted-kms", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "us-east-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "test-bucket-untrusted-kms", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::test-bucket-untrusted-kms" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Enable lifecycle policies on your S3 buckets to automatically manage the transition and expiration of data.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/how-to-set-lifecycle-configuration-intro.html" - ] - }, - "risk_details": "The risks of not having lifecycle management enabled for S3 buckets include higher storage costs, unmanaged data retention, and potential non-compliance with data policies.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket cloudfront-logs-sure-jackal has MFA Delete disabled.", - "metadata": { - "event_code": "s3_bucket_no_mfa_delete", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "S3 Bucket cloudfront-logs-sure-jackal has MFA Delete disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "AM-07.02B", - "OPS-16.01B", - "IAM-04.06B", - "IAM-09.02B", - "IAM-09.01AC", - "PSS-05.01B", - "PSS-07.02B" - ], - "CIS-3.0": [ - "2.1.2" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.3", - "2.10.2" - ], - "CIS-4.0.1": [ - "2.1.2" - ], - "PCI-4.0": [ - "10.3.2.22", - "3.5.1.3.27", - "8.4.1.5", - "8.4.2.5", - "8.4.3.5", - "A1.1.2.18", - "A3.4.1.20" - ], - "CIS-5.0": [ - "2.1.2" - ], - "CIS-1.4": [ - "2.1.3" - ], - "ProwlerThreatScore-1.0": [ - "2.2.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.20" - ], - "CIS-1.5": [ - "2.1.3" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP02" - ], - "KISA-ISMS-P-2023": [ - "2.5.3", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1485" - ], - "CIS-2.0": [ - "2.1.2" - ], - "NIS2": [ - "11.7.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Check if S3 bucket MFA Delete is not enabled.", - "title": "Check if S3 bucket MFA Delete is not enabled.", - "types": [ - "Logging and Monitoring" - ], - "uid": "prowler-aws-s3_bucket_no_mfa_delete-211203495394-eu-west-1-cloudfront-logs-sure-jackal" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::cloudfront-logs-sure-jackal", - "name": "cloudfront-logs-sure-jackal", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "awslogsdelivery+s3_us-east-1", - "ID": "c4c1ede66af53448b93c283ce9448c4ba468c9432aa01d700d3878632f77d2d0", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - }, - { - "display_name": null, - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "eu-west-1", - "logging_target_bucket": null, - "ownership": "ObjectWriter", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "cloudfront-logs-sure-jackal", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::cloudfront-logs-sure-jackal" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Adding MFA delete to an S3 bucket, requires additional authentication when you change the version state of your bucket or you delete and object version adding another layer of security in the event your security credentials are compromised or unauthorized access is granted.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/MultiFactorAuthenticationDelete.html" - ] - }, - "risk_details": "Your security credentials are compromised or unauthorized access is granted.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket logs-sure-jackal has MFA Delete disabled.", - "metadata": { - "event_code": "s3_bucket_no_mfa_delete", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "S3 Bucket logs-sure-jackal has MFA Delete disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "AM-07.02B", - "OPS-16.01B", - "IAM-04.06B", - "IAM-09.02B", - "IAM-09.01AC", - "PSS-05.01B", - "PSS-07.02B" - ], - "CIS-3.0": [ - "2.1.2" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.3", - "2.10.2" - ], - "CIS-4.0.1": [ - "2.1.2" - ], - "PCI-4.0": [ - "10.3.2.22", - "3.5.1.3.27", - "8.4.1.5", - "8.4.2.5", - "8.4.3.5", - "A1.1.2.18", - "A3.4.1.20" - ], - "CIS-5.0": [ - "2.1.2" - ], - "CIS-1.4": [ - "2.1.3" - ], - "ProwlerThreatScore-1.0": [ - "2.2.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.20" - ], - "CIS-1.5": [ - "2.1.3" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP02" - ], - "KISA-ISMS-P-2023": [ - "2.5.3", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1485" - ], - "CIS-2.0": [ - "2.1.2" - ], - "NIS2": [ - "11.7.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Check if S3 bucket MFA Delete is not enabled.", - "title": "Check if S3 bucket MFA Delete is not enabled.", - "types": [ - "Logging and Monitoring" - ], - "uid": "prowler-aws-s3_bucket_no_mfa_delete-211203495394-eu-west-1-logs-sure-jackal" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::logs-sure-jackal", - "name": "logs-sure-jackal", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "ELBRegionEu-West-1", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::156460612806:root" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/*" - }, - { - "Effect": "Allow", - "Principal": { - "Service": "logdelivery.elasticloadbalancing.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/*" - }, - { - "Sid": "AlbNlbLogDeliveryWrite", - "Effect": "Allow", - "Principal": { - "Service": "delivery.logs.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/*", - "Condition": { - "StringEquals": { - "s3:x-amz-acl": "bucket-owner-full-control", - "aws:ResourceOrgID": "o-123456" - } - } - }, - { - "Sid": "AlbNlbLogDeliveryAclCheck", - "Effect": "Allow", - "Principal": { - "Service": "delivery.logs.amazonaws.com" - }, - "Action": [ - "s3:ListBucket", - "s3:GetBucketAcl" - ], - "Resource": "arn:aws:s3:::logs-sure-jackal", - "Condition": { - "StringEquals": { - "aws:ResourceOrgID": "o-123456" - } - } - }, - { - "Sid": "AWSAccessLogDeliveryWrite", - "Effect": "Allow", - "Principal": { - "Service": "logging.s3.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/*", - "Condition": { - "StringEquals": { - "aws:ResourceOrgID": "o-123456" - }, - "ForAnyValue:StringEquals": { - "aws:SourceAccount": "211203495394" - }, - "ForAnyValue:ArnLike": { - "aws:SourceArn": "arn:aws:s3:::s3-bucket-sure-jackal" - } - } - }, - { - "Sid": "AWSAccessLogDeliveryAclCheck", - "Effect": "Allow", - "Principal": { - "Service": "logging.s3.amazonaws.com" - }, - "Action": "s3:GetBucketAcl", - "Resource": "arn:aws:s3:::logs-sure-jackal", - "Condition": { - "StringEquals": { - "aws:ResourceOrgID": "o-123456" - } - } - }, - { - "Sid": "AWSCloudTrailAclCheck", - "Effect": "Allow", - "Principal": { - "Service": "cloudtrail.amazonaws.com" - }, - "Action": "s3:GetBucketAcl", - "Resource": "arn:aws:s3:::logs-sure-jackal" - }, - { - "Sid": "AWSCloudTrailWrite", - "Effect": "Allow", - "Principal": { - "Service": "cloudtrail.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/AWSLogs/*", - "Condition": { - "StringEquals": { - "s3:x-amz-acl": "bucket-owner-full-control" - } - } - }, - { - "Sid": "denyOutdatedTLS", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:*", - "Resource": [ - "arn:aws:s3:::logs-sure-jackal/*", - "arn:aws:s3:::logs-sure-jackal" - ], - "Condition": { - "NumericLessThan": { - "s3:TlsVersion": "1.2" - } - } - }, - { - "Sid": "denyInsecureTransport", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:*", - "Resource": [ - "arn:aws:s3:::logs-sure-jackal/*", - "arn:aws:s3:::logs-sure-jackal" - ], - "Condition": { - "Bool": { - "aws:SecureTransport": "false" - } - } - }, - { - "Sid": "WafLogDeliveryWrite", - "Effect": "Allow", - "Principal": { - "Service": "delivery.logs.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/AWSLogs/211203495394/*", - "Condition": { - "StringEquals": { - "aws:SourceAccount": "211203495394", - "s3:x-amz-acl": "bucket-owner-full-control" - }, - "ArnLike": { - "aws:SourceArn": "arn:aws:logs:eu-west-1:211203495394:*" - } - } - }, - { - "Sid": "WafLogDeliveryAclCheck", - "Effect": "Allow", - "Principal": { - "Service": "delivery.logs.amazonaws.com" - }, - "Action": "s3:GetBucketAcl", - "Resource": "arn:aws:s3:::logs-sure-jackal", - "Condition": { - "StringEquals": { - "aws:SourceAccount": "211203495394" - }, - "ArnLike": { - "aws:SourceArn": "arn:aws:logs:eu-west-1:211203495394:*" - } - } - } - ] - }, - "encryption": "AES256", - "region": "eu-west-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "logs-sure-jackal", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::logs-sure-jackal" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Adding MFA delete to an S3 bucket, requires additional authentication when you change the version state of your bucket or you delete and object version adding another layer of security in the event your security credentials are compromised or unauthorized access is granted.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/MultiFactorAuthenticationDelete.html" - ] - }, - "risk_details": "Your security credentials are compromised or unauthorized access is granted.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket s3-bucket-sure-jackal has MFA Delete disabled.", - "metadata": { - "event_code": "s3_bucket_no_mfa_delete", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "S3 Bucket s3-bucket-sure-jackal has MFA Delete disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "AM-07.02B", - "OPS-16.01B", - "IAM-04.06B", - "IAM-09.02B", - "IAM-09.01AC", - "PSS-05.01B", - "PSS-07.02B" - ], - "CIS-3.0": [ - "2.1.2" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.3", - "2.10.2" - ], - "CIS-4.0.1": [ - "2.1.2" - ], - "PCI-4.0": [ - "10.3.2.22", - "3.5.1.3.27", - "8.4.1.5", - "8.4.2.5", - "8.4.3.5", - "A1.1.2.18", - "A3.4.1.20" - ], - "CIS-5.0": [ - "2.1.2" - ], - "CIS-1.4": [ - "2.1.3" - ], - "ProwlerThreatScore-1.0": [ - "2.2.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.20" - ], - "CIS-1.5": [ - "2.1.3" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP02" - ], - "KISA-ISMS-P-2023": [ - "2.5.3", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1485" - ], - "CIS-2.0": [ - "2.1.2" - ], - "NIS2": [ - "11.7.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Check if S3 bucket MFA Delete is not enabled.", - "title": "Check if S3 bucket MFA Delete is not enabled.", - "types": [ - "Logging and Monitoring" - ], - "uid": "prowler-aws-s3_bucket_no_mfa_delete-211203495394-eu-west-1-s3-bucket-sure-jackal" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::s3-bucket-sure-jackal", - "name": "s3-bucket-sure-jackal", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": true, - "logging": true, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": null, - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "denyOutdatedTLS", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:*", - "Resource": [ - "arn:aws:s3:::s3-bucket-sure-jackal/*", - "arn:aws:s3:::s3-bucket-sure-jackal" - ], - "Condition": { - "NumericLessThan": { - "s3:TlsVersion": "1.2" - } - } - }, - { - "Sid": "denyInsecureTransport", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:*", - "Resource": [ - "arn:aws:s3:::s3-bucket-sure-jackal/*", - "arn:aws:s3:::s3-bucket-sure-jackal" - ], - "Condition": { - "Bool": { - "aws:SecureTransport": "false" - } - } - }, - { - "Sid": "denyUnencryptedObjectUploads", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal/*", - "Condition": { - "Null": { - "s3:x-amz-server-side-encryption": "true" - } - } - }, - { - "Sid": "denySSECEncryptedObjectUploads", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal/*", - "Condition": { - "Null": { - "s3:x-amz-server-side-encryption-customer-algorithm": "false" - } - } - }, - { - "Sid": "denyIncorrectKmsKeySse", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal/*", - "Condition": { - "StringNotEquals": { - "s3:x-amz-server-side-encryption-aws-kms-key-id": "arn:aws:kms:eu-west-1:211203495394:key/34307c6a-e2e3-4f56-8543-fa92dd73df4f" - } - } - }, - { - "Sid": "denyIncorrectEncryptionHeaders", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal/*", - "Condition": { - "StringNotEquals": { - "s3:x-amz-server-side-encryption": "aws:kms" - } - } - }, - { - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:role/terraform-20251019182000328500000001" - }, - "Action": "s3:ListBucket", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal" - } - ] - }, - "encryption": "aws:kms", - "region": "eu-west-1", - "logging_target_bucket": "logs-sure-jackal", - "ownership": "BucketOwnerPreferred", - "object_lock": true, - "mfa_delete": false, - "tags": [ - { - "Key": "Owner", - "Value": "Anton" - } - ], - "lifecycle": [ - { - "id": "log", - "status": "Enabled" - }, - { - "id": "log1", - "status": "Enabled" - }, - { - "id": "log2", - "status": "Enabled" - } - ], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [ - "Owner:Anton" - ], - "name": "s3-bucket-sure-jackal", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::s3-bucket-sure-jackal" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Adding MFA delete to an S3 bucket, requires additional authentication when you change the version state of your bucket or you delete and object version adding another layer of security in the event your security credentials are compromised or unauthorized access is granted.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/MultiFactorAuthenticationDelete.html" - ] - }, - "risk_details": "Your security credentials are compromised or unauthorized access is granted.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket simple-sure-jackal has MFA Delete disabled.", - "metadata": { - "event_code": "s3_bucket_no_mfa_delete", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "S3 Bucket simple-sure-jackal has MFA Delete disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "AM-07.02B", - "OPS-16.01B", - "IAM-04.06B", - "IAM-09.02B", - "IAM-09.01AC", - "PSS-05.01B", - "PSS-07.02B" - ], - "CIS-3.0": [ - "2.1.2" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.3", - "2.10.2" - ], - "CIS-4.0.1": [ - "2.1.2" - ], - "PCI-4.0": [ - "10.3.2.22", - "3.5.1.3.27", - "8.4.1.5", - "8.4.2.5", - "8.4.3.5", - "A1.1.2.18", - "A3.4.1.20" - ], - "CIS-5.0": [ - "2.1.2" - ], - "CIS-1.4": [ - "2.1.3" - ], - "ProwlerThreatScore-1.0": [ - "2.2.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.20" - ], - "CIS-1.5": [ - "2.1.3" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP02" - ], - "KISA-ISMS-P-2023": [ - "2.5.3", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1485" - ], - "CIS-2.0": [ - "2.1.2" - ], - "NIS2": [ - "11.7.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Check if S3 bucket MFA Delete is not enabled.", - "title": "Check if S3 bucket MFA Delete is not enabled.", - "types": [ - "Logging and Monitoring" - ], - "uid": "prowler-aws-s3_bucket_no_mfa_delete-211203495394-eu-west-1-simple-sure-jackal" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::simple-sure-jackal", - "name": "simple-sure-jackal", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "eu-west-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "simple-sure-jackal", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::simple-sure-jackal" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Adding MFA delete to an S3 bucket, requires additional authentication when you change the version state of your bucket or you delete and object version adding another layer of security in the event your security credentials are compromised or unauthorized access is granted.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/MultiFactorAuthenticationDelete.html" - ] - }, - "risk_details": "Your security credentials are compromised or unauthorized access is granted.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket test-bucket-obj-untrusted has MFA Delete disabled.", - "metadata": { - "event_code": "s3_bucket_no_mfa_delete", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "S3 Bucket test-bucket-obj-untrusted has MFA Delete disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "AM-07.02B", - "OPS-16.01B", - "IAM-04.06B", - "IAM-09.02B", - "IAM-09.01AC", - "PSS-05.01B", - "PSS-07.02B" - ], - "CIS-3.0": [ - "2.1.2" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.3", - "2.10.2" - ], - "CIS-4.0.1": [ - "2.1.2" - ], - "PCI-4.0": [ - "10.3.2.22", - "3.5.1.3.27", - "8.4.1.5", - "8.4.2.5", - "8.4.3.5", - "A1.1.2.18", - "A3.4.1.20" - ], - "CIS-5.0": [ - "2.1.2" - ], - "CIS-1.4": [ - "2.1.3" - ], - "ProwlerThreatScore-1.0": [ - "2.2.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.20" - ], - "CIS-1.5": [ - "2.1.3" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP02" - ], - "KISA-ISMS-P-2023": [ - "2.5.3", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1485" - ], - "CIS-2.0": [ - "2.1.2" - ], - "NIS2": [ - "11.7.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Check if S3 bucket MFA Delete is not enabled.", - "title": "Check if S3 bucket MFA Delete is not enabled.", - "types": [ - "Logging and Monitoring" - ], - "uid": "prowler-aws-s3_bucket_no_mfa_delete-211203495394-us-east-1-test-bucket-obj-untrusted" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::test-bucket-obj-untrusted", - "name": "test-bucket-obj-untrusted", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "us-east-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "test-bucket-obj-untrusted", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::test-bucket-obj-untrusted" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Adding MFA delete to an S3 bucket, requires additional authentication when you change the version state of your bucket or you delete and object version adding another layer of security in the event your security credentials are compromised or unauthorized access is granted.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/MultiFactorAuthenticationDelete.html" - ] - }, - "risk_details": "Your security credentials are compromised or unauthorized access is granted.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket test-bucket-untrusted-kms has MFA Delete disabled.", - "metadata": { - "event_code": "s3_bucket_no_mfa_delete", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "S3 Bucket test-bucket-untrusted-kms has MFA Delete disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "AM-07.02B", - "OPS-16.01B", - "IAM-04.06B", - "IAM-09.02B", - "IAM-09.01AC", - "PSS-05.01B", - "PSS-07.02B" - ], - "CIS-3.0": [ - "2.1.2" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.3", - "2.10.2" - ], - "CIS-4.0.1": [ - "2.1.2" - ], - "PCI-4.0": [ - "10.3.2.22", - "3.5.1.3.27", - "8.4.1.5", - "8.4.2.5", - "8.4.3.5", - "A1.1.2.18", - "A3.4.1.20" - ], - "CIS-5.0": [ - "2.1.2" - ], - "CIS-1.4": [ - "2.1.3" - ], - "ProwlerThreatScore-1.0": [ - "2.2.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.20" - ], - "CIS-1.5": [ - "2.1.3" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP02" - ], - "KISA-ISMS-P-2023": [ - "2.5.3", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1485" - ], - "CIS-2.0": [ - "2.1.2" - ], - "NIS2": [ - "11.7.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Check if S3 bucket MFA Delete is not enabled.", - "title": "Check if S3 bucket MFA Delete is not enabled.", - "types": [ - "Logging and Monitoring" - ], - "uid": "prowler-aws-s3_bucket_no_mfa_delete-211203495394-us-east-1-test-bucket-untrusted-kms" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::test-bucket-untrusted-kms", - "name": "test-bucket-untrusted-kms", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "us-east-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "test-bucket-untrusted-kms", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::test-bucket-untrusted-kms" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Adding MFA delete to an S3 bucket, requires additional authentication when you change the version state of your bucket or you delete and object version adding another layer of security in the event your security credentials are compromised or unauthorized access is granted.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/MultiFactorAuthenticationDelete.html" - ] - }, - "risk_details": "Your security credentials are compromised or unauthorized access is granted.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket cloudfront-logs-sure-jackal has Object Lock disabled.", - "metadata": { - "event_code": "s3_bucket_object_lock", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "S3 Bucket cloudfront-logs-sure-jackal has Object Lock disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.3", - "2.12.1" - ], - "PCI-4.0": [ - "10.3.4.7" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN08.AR01", - "CCC.AuditLog.CN08.AR01", - "CCC.ObjStor.CN03.AR01", - "CCC.ObjStor.CN04.AR01", - "CCC.ObjStor.CN05.AR01", - "CCC.ObjStor.CN05.AR02" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.15" - ], - "KISA-ISMS-P-2023": [ - "2.9.3", - "2.12.1" - ], - "MITRE-ATTACK": [ - "T1485", - "T1486" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Check if S3 buckets have object lock enabled", - "title": "Check if S3 buckets have object lock enabled", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_object_lock-211203495394-eu-west-1-cloudfront-logs-sure-jackal" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::cloudfront-logs-sure-jackal", - "name": "cloudfront-logs-sure-jackal", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "awslogsdelivery+s3_us-east-1", - "ID": "c4c1ede66af53448b93c283ce9448c4ba468c9432aa01d700d3878632f77d2d0", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - }, - { - "display_name": null, - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "eu-west-1", - "logging_target_bucket": null, - "ownership": "ObjectWriter", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "cloudfront-logs-sure-jackal", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::cloudfront-logs-sure-jackal" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Ensure that your Amazon S3 buckets have Object Lock feature enabled in order to prevent the objects they store from being deleted.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lock-overview.html" - ] - }, - "risk_details": "Store objects using a write-once-read-many (WORM) model to help you prevent objects from being deleted or overwritten for a fixed amount of time or indefinitely. That helps to prevent ransomware attacks.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket logs-sure-jackal has Object Lock disabled.", - "metadata": { - "event_code": "s3_bucket_object_lock", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "S3 Bucket logs-sure-jackal has Object Lock disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.3", - "2.12.1" - ], - "PCI-4.0": [ - "10.3.4.7" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN08.AR01", - "CCC.AuditLog.CN08.AR01", - "CCC.ObjStor.CN03.AR01", - "CCC.ObjStor.CN04.AR01", - "CCC.ObjStor.CN05.AR01", - "CCC.ObjStor.CN05.AR02" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.15" - ], - "KISA-ISMS-P-2023": [ - "2.9.3", - "2.12.1" - ], - "MITRE-ATTACK": [ - "T1485", - "T1486" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Check if S3 buckets have object lock enabled", - "title": "Check if S3 buckets have object lock enabled", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_object_lock-211203495394-eu-west-1-logs-sure-jackal" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::logs-sure-jackal", - "name": "logs-sure-jackal", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "ELBRegionEu-West-1", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::156460612806:root" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/*" - }, - { - "Effect": "Allow", - "Principal": { - "Service": "logdelivery.elasticloadbalancing.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/*" - }, - { - "Sid": "AlbNlbLogDeliveryWrite", - "Effect": "Allow", - "Principal": { - "Service": "delivery.logs.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/*", - "Condition": { - "StringEquals": { - "s3:x-amz-acl": "bucket-owner-full-control", - "aws:ResourceOrgID": "o-123456" - } - } - }, - { - "Sid": "AlbNlbLogDeliveryAclCheck", - "Effect": "Allow", - "Principal": { - "Service": "delivery.logs.amazonaws.com" - }, - "Action": [ - "s3:ListBucket", - "s3:GetBucketAcl" - ], - "Resource": "arn:aws:s3:::logs-sure-jackal", - "Condition": { - "StringEquals": { - "aws:ResourceOrgID": "o-123456" - } - } - }, - { - "Sid": "AWSAccessLogDeliveryWrite", - "Effect": "Allow", - "Principal": { - "Service": "logging.s3.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/*", - "Condition": { - "StringEquals": { - "aws:ResourceOrgID": "o-123456" - }, - "ForAnyValue:StringEquals": { - "aws:SourceAccount": "211203495394" - }, - "ForAnyValue:ArnLike": { - "aws:SourceArn": "arn:aws:s3:::s3-bucket-sure-jackal" - } - } - }, - { - "Sid": "AWSAccessLogDeliveryAclCheck", - "Effect": "Allow", - "Principal": { - "Service": "logging.s3.amazonaws.com" - }, - "Action": "s3:GetBucketAcl", - "Resource": "arn:aws:s3:::logs-sure-jackal", - "Condition": { - "StringEquals": { - "aws:ResourceOrgID": "o-123456" - } - } - }, - { - "Sid": "AWSCloudTrailAclCheck", - "Effect": "Allow", - "Principal": { - "Service": "cloudtrail.amazonaws.com" - }, - "Action": "s3:GetBucketAcl", - "Resource": "arn:aws:s3:::logs-sure-jackal" - }, - { - "Sid": "AWSCloudTrailWrite", - "Effect": "Allow", - "Principal": { - "Service": "cloudtrail.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/AWSLogs/*", - "Condition": { - "StringEquals": { - "s3:x-amz-acl": "bucket-owner-full-control" - } - } - }, - { - "Sid": "denyOutdatedTLS", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:*", - "Resource": [ - "arn:aws:s3:::logs-sure-jackal/*", - "arn:aws:s3:::logs-sure-jackal" - ], - "Condition": { - "NumericLessThan": { - "s3:TlsVersion": "1.2" - } - } - }, - { - "Sid": "denyInsecureTransport", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:*", - "Resource": [ - "arn:aws:s3:::logs-sure-jackal/*", - "arn:aws:s3:::logs-sure-jackal" - ], - "Condition": { - "Bool": { - "aws:SecureTransport": "false" - } - } - }, - { - "Sid": "WafLogDeliveryWrite", - "Effect": "Allow", - "Principal": { - "Service": "delivery.logs.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/AWSLogs/211203495394/*", - "Condition": { - "StringEquals": { - "aws:SourceAccount": "211203495394", - "s3:x-amz-acl": "bucket-owner-full-control" - }, - "ArnLike": { - "aws:SourceArn": "arn:aws:logs:eu-west-1:211203495394:*" - } - } - }, - { - "Sid": "WafLogDeliveryAclCheck", - "Effect": "Allow", - "Principal": { - "Service": "delivery.logs.amazonaws.com" - }, - "Action": "s3:GetBucketAcl", - "Resource": "arn:aws:s3:::logs-sure-jackal", - "Condition": { - "StringEquals": { - "aws:SourceAccount": "211203495394" - }, - "ArnLike": { - "aws:SourceArn": "arn:aws:logs:eu-west-1:211203495394:*" - } - } - } - ] - }, - "encryption": "AES256", - "region": "eu-west-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "logs-sure-jackal", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::logs-sure-jackal" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Ensure that your Amazon S3 buckets have Object Lock feature enabled in order to prevent the objects they store from being deleted.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lock-overview.html" - ] - }, - "risk_details": "Store objects using a write-once-read-many (WORM) model to help you prevent objects from being deleted or overwritten for a fixed amount of time or indefinitely. That helps to prevent ransomware attacks.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket s3-bucket-sure-jackal has Object Lock enabled.", - "metadata": { - "event_code": "s3_bucket_object_lock", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 Bucket s3-bucket-sure-jackal has Object Lock enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.3", - "2.12.1" - ], - "PCI-4.0": [ - "10.3.4.7" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN08.AR01", - "CCC.AuditLog.CN08.AR01", - "CCC.ObjStor.CN03.AR01", - "CCC.ObjStor.CN04.AR01", - "CCC.ObjStor.CN05.AR01", - "CCC.ObjStor.CN05.AR02" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.15" - ], - "KISA-ISMS-P-2023": [ - "2.9.3", - "2.12.1" - ], - "MITRE-ATTACK": [ - "T1485", - "T1486" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Check if S3 buckets have object lock enabled", - "title": "Check if S3 buckets have object lock enabled", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_object_lock-211203495394-eu-west-1-s3-bucket-sure-jackal" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::s3-bucket-sure-jackal", - "name": "s3-bucket-sure-jackal", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": true, - "logging": true, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": null, - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "denyOutdatedTLS", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:*", - "Resource": [ - "arn:aws:s3:::s3-bucket-sure-jackal/*", - "arn:aws:s3:::s3-bucket-sure-jackal" - ], - "Condition": { - "NumericLessThan": { - "s3:TlsVersion": "1.2" - } - } - }, - { - "Sid": "denyInsecureTransport", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:*", - "Resource": [ - "arn:aws:s3:::s3-bucket-sure-jackal/*", - "arn:aws:s3:::s3-bucket-sure-jackal" - ], - "Condition": { - "Bool": { - "aws:SecureTransport": "false" - } - } - }, - { - "Sid": "denyUnencryptedObjectUploads", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal/*", - "Condition": { - "Null": { - "s3:x-amz-server-side-encryption": "true" - } - } - }, - { - "Sid": "denySSECEncryptedObjectUploads", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal/*", - "Condition": { - "Null": { - "s3:x-amz-server-side-encryption-customer-algorithm": "false" - } - } - }, - { - "Sid": "denyIncorrectKmsKeySse", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal/*", - "Condition": { - "StringNotEquals": { - "s3:x-amz-server-side-encryption-aws-kms-key-id": "arn:aws:kms:eu-west-1:211203495394:key/34307c6a-e2e3-4f56-8543-fa92dd73df4f" - } - } - }, - { - "Sid": "denyIncorrectEncryptionHeaders", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal/*", - "Condition": { - "StringNotEquals": { - "s3:x-amz-server-side-encryption": "aws:kms" - } - } - }, - { - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:role/terraform-20251019182000328500000001" - }, - "Action": "s3:ListBucket", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal" - } - ] - }, - "encryption": "aws:kms", - "region": "eu-west-1", - "logging_target_bucket": "logs-sure-jackal", - "ownership": "BucketOwnerPreferred", - "object_lock": true, - "mfa_delete": false, - "tags": [ - { - "Key": "Owner", - "Value": "Anton" - } - ], - "lifecycle": [ - { - "id": "log", - "status": "Enabled" - }, - { - "id": "log1", - "status": "Enabled" - }, - { - "id": "log2", - "status": "Enabled" - } - ], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [ - "Owner:Anton" - ], - "name": "s3-bucket-sure-jackal", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::s3-bucket-sure-jackal" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Ensure that your Amazon S3 buckets have Object Lock feature enabled in order to prevent the objects they store from being deleted.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lock-overview.html" - ] - }, - "risk_details": "Store objects using a write-once-read-many (WORM) model to help you prevent objects from being deleted or overwritten for a fixed amount of time or indefinitely. That helps to prevent ransomware attacks.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket simple-sure-jackal has Object Lock disabled.", - "metadata": { - "event_code": "s3_bucket_object_lock", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "S3 Bucket simple-sure-jackal has Object Lock disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.3", - "2.12.1" - ], - "PCI-4.0": [ - "10.3.4.7" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN08.AR01", - "CCC.AuditLog.CN08.AR01", - "CCC.ObjStor.CN03.AR01", - "CCC.ObjStor.CN04.AR01", - "CCC.ObjStor.CN05.AR01", - "CCC.ObjStor.CN05.AR02" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.15" - ], - "KISA-ISMS-P-2023": [ - "2.9.3", - "2.12.1" - ], - "MITRE-ATTACK": [ - "T1485", - "T1486" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Check if S3 buckets have object lock enabled", - "title": "Check if S3 buckets have object lock enabled", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_object_lock-211203495394-eu-west-1-simple-sure-jackal" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::simple-sure-jackal", - "name": "simple-sure-jackal", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "eu-west-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "simple-sure-jackal", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::simple-sure-jackal" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Ensure that your Amazon S3 buckets have Object Lock feature enabled in order to prevent the objects they store from being deleted.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lock-overview.html" - ] - }, - "risk_details": "Store objects using a write-once-read-many (WORM) model to help you prevent objects from being deleted or overwritten for a fixed amount of time or indefinitely. That helps to prevent ransomware attacks.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket test-bucket-obj-untrusted has Object Lock disabled.", - "metadata": { - "event_code": "s3_bucket_object_lock", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "S3 Bucket test-bucket-obj-untrusted has Object Lock disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.3", - "2.12.1" - ], - "PCI-4.0": [ - "10.3.4.7" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN08.AR01", - "CCC.AuditLog.CN08.AR01", - "CCC.ObjStor.CN03.AR01", - "CCC.ObjStor.CN04.AR01", - "CCC.ObjStor.CN05.AR01", - "CCC.ObjStor.CN05.AR02" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.15" - ], - "KISA-ISMS-P-2023": [ - "2.9.3", - "2.12.1" - ], - "MITRE-ATTACK": [ - "T1485", - "T1486" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Check if S3 buckets have object lock enabled", - "title": "Check if S3 buckets have object lock enabled", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_object_lock-211203495394-us-east-1-test-bucket-obj-untrusted" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::test-bucket-obj-untrusted", - "name": "test-bucket-obj-untrusted", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "us-east-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "test-bucket-obj-untrusted", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::test-bucket-obj-untrusted" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Ensure that your Amazon S3 buckets have Object Lock feature enabled in order to prevent the objects they store from being deleted.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lock-overview.html" - ] - }, - "risk_details": "Store objects using a write-once-read-many (WORM) model to help you prevent objects from being deleted or overwritten for a fixed amount of time or indefinitely. That helps to prevent ransomware attacks.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket test-bucket-untrusted-kms has Object Lock disabled.", - "metadata": { - "event_code": "s3_bucket_object_lock", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "S3 Bucket test-bucket-untrusted-kms has Object Lock disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.3", - "2.12.1" - ], - "PCI-4.0": [ - "10.3.4.7" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN08.AR01", - "CCC.AuditLog.CN08.AR01", - "CCC.ObjStor.CN03.AR01", - "CCC.ObjStor.CN04.AR01", - "CCC.ObjStor.CN05.AR01", - "CCC.ObjStor.CN05.AR02" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.15" - ], - "KISA-ISMS-P-2023": [ - "2.9.3", - "2.12.1" - ], - "MITRE-ATTACK": [ - "T1485", - "T1486" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Check if S3 buckets have object lock enabled", - "title": "Check if S3 buckets have object lock enabled", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_object_lock-211203495394-us-east-1-test-bucket-untrusted-kms" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::test-bucket-untrusted-kms", - "name": "test-bucket-untrusted-kms", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "us-east-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "test-bucket-untrusted-kms", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::test-bucket-untrusted-kms" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Ensure that your Amazon S3 buckets have Object Lock feature enabled in order to prevent the objects they store from being deleted.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lock-overview.html" - ] - }, - "risk_details": "Store objects using a write-once-read-many (WORM) model to help you prevent objects from being deleted or overwritten for a fixed amount of time or indefinitely. That helps to prevent ransomware attacks.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket cloudfront-logs-sure-jackal has versioning disabled.", - "metadata": { - "event_code": "s3_bucket_object_versioning", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "S3 Bucket cloudfront-logs-sure-jackal has versioning disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_3_8" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_12" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_308_a_7_i", - "164_308_a_7_ii_a", - "164_308_a_7_ii_b", - "164_308_a_7_ii_c", - "164_312_a_2_ii", - "164_312_c_1", - "164_312_c_2" - ], - "SOC2": [ - "cc_7_4", - "cc_a_1_1", - "cc_c_1_2" - ], - "C5-2025": [ - "OPS-13.01AC", - "OPS-33.02B", - "DEV-07.01B" - ], - "NIST-CSF-1.1": [ - "be_5", - "ds_4", - "ip_4", - "ip_9", - "pt_5", - "rp_1", - "rp_1" - ], - "FedRamp-Moderate-Revision-4": [ - "au-9-2", - "cp-9-b", - "cp-10", - "sc-5", - "si-12" - ], - "NIST-800-53-Revision-5": [ - "au_9_2", - "cp_1_2", - "cp_2_5", - "cp_6_a", - "cp_6_1", - "cp_6_2", - "cp_9_a", - "cp_9_b", - "cp_9_c", - "cp_10", - "cp_10_2", - "pm_11_b", - "pm_17_b", - "sc_5_2", - "sc_16_1", - "si_1_a_2", - "si_13_5" - ], - "AWS-Audit-Manager-Control-Tower-Guardrails": [ - "5.1.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.3", - "2.12.1" - ], - "PCI-4.0": [ - "10.3.4.9" - ], - "FedRAMP-Low-Revision-4": [ - "au-9", - "cp-9", - "cp-10", - "sc-5" - ], - "FFIEC": [ - "d5-ir-pl-b-6" - ], - "PCI-3.2.1": [ - "3.1", - "3.1.c", - "10.5", - "10.5.2", - "10.5.3", - "10.5.5" - ], - "GxP-EU-Annex-11": [ - "5-data", - "7.1-data-storage-damage-protection", - "7.2-data-storage-backups", - "16-business-continuity", - "17-archiving", - "4.8-validation-data-transfer" - ], - "CCC": [ - "CCC.ObjStor.CN03.AR01", - "CCC.ObjStor.CN03.AR02", - "CCC.ObjStor.CN04.AR01", - "CCC.ObjStor.CN05.AR01", - "CCC.ObjStor.CN05.AR02", - "CCC.ObjStor.CN05.AR03", - "CCC.ObjStor.CN05.AR04" - ], - "GxP-21-CFR-Part-11": [ - "11.10-a", - "11.10-c" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.14" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP04" - ], - "ISO27001-2022": [ - "A.8.3", - "A.8.10" - ], - "NIST-800-53-Revision-4": [ - "cp_10", - "si_12" - ], - "KISA-ISMS-P-2023": [ - "2.9.3", - "2.12.1" - ], - "MITRE-ATTACK": [ - "T1485", - "T1486" - ], - "CISA": [ - "your-systems-3", - "your-data-4", - "booting-up-thing-to-do-first-1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Check if S3 buckets have object versioning enabled", - "title": "Check if S3 buckets have object versioning enabled", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_object_versioning-211203495394-eu-west-1-cloudfront-logs-sure-jackal" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::cloudfront-logs-sure-jackal", - "name": "cloudfront-logs-sure-jackal", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "awslogsdelivery+s3_us-east-1", - "ID": "c4c1ede66af53448b93c283ce9448c4ba468c9432aa01d700d3878632f77d2d0", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - }, - { - "display_name": null, - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "eu-west-1", - "logging_target_bucket": null, - "ownership": "ObjectWriter", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "cloudfront-logs-sure-jackal", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::cloudfront-logs-sure-jackal" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Configure versioning using the Amazon console or API for buckets with sensitive information that is changing frequently, and backup may not be enough to capture all the changes.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/dev-retired/Versioning.html" - ] - }, - "risk_details": "With versioning, you can easily recover from both unintended user actions and application failures.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket logs-sure-jackal has versioning disabled.", - "metadata": { - "event_code": "s3_bucket_object_versioning", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "S3 Bucket logs-sure-jackal has versioning disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_3_8" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_12" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_308_a_7_i", - "164_308_a_7_ii_a", - "164_308_a_7_ii_b", - "164_308_a_7_ii_c", - "164_312_a_2_ii", - "164_312_c_1", - "164_312_c_2" - ], - "SOC2": [ - "cc_7_4", - "cc_a_1_1", - "cc_c_1_2" - ], - "C5-2025": [ - "OPS-13.01AC", - "OPS-33.02B", - "DEV-07.01B" - ], - "NIST-CSF-1.1": [ - "be_5", - "ds_4", - "ip_4", - "ip_9", - "pt_5", - "rp_1", - "rp_1" - ], - "FedRamp-Moderate-Revision-4": [ - "au-9-2", - "cp-9-b", - "cp-10", - "sc-5", - "si-12" - ], - "NIST-800-53-Revision-5": [ - "au_9_2", - "cp_1_2", - "cp_2_5", - "cp_6_a", - "cp_6_1", - "cp_6_2", - "cp_9_a", - "cp_9_b", - "cp_9_c", - "cp_10", - "cp_10_2", - "pm_11_b", - "pm_17_b", - "sc_5_2", - "sc_16_1", - "si_1_a_2", - "si_13_5" - ], - "AWS-Audit-Manager-Control-Tower-Guardrails": [ - "5.1.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.3", - "2.12.1" - ], - "PCI-4.0": [ - "10.3.4.9" - ], - "FedRAMP-Low-Revision-4": [ - "au-9", - "cp-9", - "cp-10", - "sc-5" - ], - "FFIEC": [ - "d5-ir-pl-b-6" - ], - "PCI-3.2.1": [ - "3.1", - "3.1.c", - "10.5", - "10.5.2", - "10.5.3", - "10.5.5" - ], - "GxP-EU-Annex-11": [ - "5-data", - "7.1-data-storage-damage-protection", - "7.2-data-storage-backups", - "16-business-continuity", - "17-archiving", - "4.8-validation-data-transfer" - ], - "CCC": [ - "CCC.ObjStor.CN03.AR01", - "CCC.ObjStor.CN03.AR02", - "CCC.ObjStor.CN04.AR01", - "CCC.ObjStor.CN05.AR01", - "CCC.ObjStor.CN05.AR02", - "CCC.ObjStor.CN05.AR03", - "CCC.ObjStor.CN05.AR04" - ], - "GxP-21-CFR-Part-11": [ - "11.10-a", - "11.10-c" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.14" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP04" - ], - "ISO27001-2022": [ - "A.8.3", - "A.8.10" - ], - "NIST-800-53-Revision-4": [ - "cp_10", - "si_12" - ], - "KISA-ISMS-P-2023": [ - "2.9.3", - "2.12.1" - ], - "MITRE-ATTACK": [ - "T1485", - "T1486" - ], - "CISA": [ - "your-systems-3", - "your-data-4", - "booting-up-thing-to-do-first-1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Check if S3 buckets have object versioning enabled", - "title": "Check if S3 buckets have object versioning enabled", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_object_versioning-211203495394-eu-west-1-logs-sure-jackal" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::logs-sure-jackal", - "name": "logs-sure-jackal", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "ELBRegionEu-West-1", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::156460612806:root" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/*" - }, - { - "Effect": "Allow", - "Principal": { - "Service": "logdelivery.elasticloadbalancing.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/*" - }, - { - "Sid": "AlbNlbLogDeliveryWrite", - "Effect": "Allow", - "Principal": { - "Service": "delivery.logs.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/*", - "Condition": { - "StringEquals": { - "s3:x-amz-acl": "bucket-owner-full-control", - "aws:ResourceOrgID": "o-123456" - } - } - }, - { - "Sid": "AlbNlbLogDeliveryAclCheck", - "Effect": "Allow", - "Principal": { - "Service": "delivery.logs.amazonaws.com" - }, - "Action": [ - "s3:ListBucket", - "s3:GetBucketAcl" - ], - "Resource": "arn:aws:s3:::logs-sure-jackal", - "Condition": { - "StringEquals": { - "aws:ResourceOrgID": "o-123456" - } - } - }, - { - "Sid": "AWSAccessLogDeliveryWrite", - "Effect": "Allow", - "Principal": { - "Service": "logging.s3.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/*", - "Condition": { - "StringEquals": { - "aws:ResourceOrgID": "o-123456" - }, - "ForAnyValue:StringEquals": { - "aws:SourceAccount": "211203495394" - }, - "ForAnyValue:ArnLike": { - "aws:SourceArn": "arn:aws:s3:::s3-bucket-sure-jackal" - } - } - }, - { - "Sid": "AWSAccessLogDeliveryAclCheck", - "Effect": "Allow", - "Principal": { - "Service": "logging.s3.amazonaws.com" - }, - "Action": "s3:GetBucketAcl", - "Resource": "arn:aws:s3:::logs-sure-jackal", - "Condition": { - "StringEquals": { - "aws:ResourceOrgID": "o-123456" - } - } - }, - { - "Sid": "AWSCloudTrailAclCheck", - "Effect": "Allow", - "Principal": { - "Service": "cloudtrail.amazonaws.com" - }, - "Action": "s3:GetBucketAcl", - "Resource": "arn:aws:s3:::logs-sure-jackal" - }, - { - "Sid": "AWSCloudTrailWrite", - "Effect": "Allow", - "Principal": { - "Service": "cloudtrail.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/AWSLogs/*", - "Condition": { - "StringEquals": { - "s3:x-amz-acl": "bucket-owner-full-control" - } - } - }, - { - "Sid": "denyOutdatedTLS", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:*", - "Resource": [ - "arn:aws:s3:::logs-sure-jackal/*", - "arn:aws:s3:::logs-sure-jackal" - ], - "Condition": { - "NumericLessThan": { - "s3:TlsVersion": "1.2" - } - } - }, - { - "Sid": "denyInsecureTransport", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:*", - "Resource": [ - "arn:aws:s3:::logs-sure-jackal/*", - "arn:aws:s3:::logs-sure-jackal" - ], - "Condition": { - "Bool": { - "aws:SecureTransport": "false" - } - } - }, - { - "Sid": "WafLogDeliveryWrite", - "Effect": "Allow", - "Principal": { - "Service": "delivery.logs.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/AWSLogs/211203495394/*", - "Condition": { - "StringEquals": { - "aws:SourceAccount": "211203495394", - "s3:x-amz-acl": "bucket-owner-full-control" - }, - "ArnLike": { - "aws:SourceArn": "arn:aws:logs:eu-west-1:211203495394:*" - } - } - }, - { - "Sid": "WafLogDeliveryAclCheck", - "Effect": "Allow", - "Principal": { - "Service": "delivery.logs.amazonaws.com" - }, - "Action": "s3:GetBucketAcl", - "Resource": "arn:aws:s3:::logs-sure-jackal", - "Condition": { - "StringEquals": { - "aws:SourceAccount": "211203495394" - }, - "ArnLike": { - "aws:SourceArn": "arn:aws:logs:eu-west-1:211203495394:*" - } - } - } - ] - }, - "encryption": "AES256", - "region": "eu-west-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "logs-sure-jackal", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::logs-sure-jackal" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Configure versioning using the Amazon console or API for buckets with sensitive information that is changing frequently, and backup may not be enough to capture all the changes.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/dev-retired/Versioning.html" - ] - }, - "risk_details": "With versioning, you can easily recover from both unintended user actions and application failures.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket s3-bucket-sure-jackal has versioning enabled.", - "metadata": { - "event_code": "s3_bucket_object_versioning", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 Bucket s3-bucket-sure-jackal has versioning enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_3_8" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_12" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_308_a_7_i", - "164_308_a_7_ii_a", - "164_308_a_7_ii_b", - "164_308_a_7_ii_c", - "164_312_a_2_ii", - "164_312_c_1", - "164_312_c_2" - ], - "SOC2": [ - "cc_7_4", - "cc_a_1_1", - "cc_c_1_2" - ], - "C5-2025": [ - "OPS-13.01AC", - "OPS-33.02B", - "DEV-07.01B" - ], - "NIST-CSF-1.1": [ - "be_5", - "ds_4", - "ip_4", - "ip_9", - "pt_5", - "rp_1", - "rp_1" - ], - "FedRamp-Moderate-Revision-4": [ - "au-9-2", - "cp-9-b", - "cp-10", - "sc-5", - "si-12" - ], - "NIST-800-53-Revision-5": [ - "au_9_2", - "cp_1_2", - "cp_2_5", - "cp_6_a", - "cp_6_1", - "cp_6_2", - "cp_9_a", - "cp_9_b", - "cp_9_c", - "cp_10", - "cp_10_2", - "pm_11_b", - "pm_17_b", - "sc_5_2", - "sc_16_1", - "si_1_a_2", - "si_13_5" - ], - "AWS-Audit-Manager-Control-Tower-Guardrails": [ - "5.1.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.3", - "2.12.1" - ], - "PCI-4.0": [ - "10.3.4.9" - ], - "FedRAMP-Low-Revision-4": [ - "au-9", - "cp-9", - "cp-10", - "sc-5" - ], - "FFIEC": [ - "d5-ir-pl-b-6" - ], - "PCI-3.2.1": [ - "3.1", - "3.1.c", - "10.5", - "10.5.2", - "10.5.3", - "10.5.5" - ], - "GxP-EU-Annex-11": [ - "5-data", - "7.1-data-storage-damage-protection", - "7.2-data-storage-backups", - "16-business-continuity", - "17-archiving", - "4.8-validation-data-transfer" - ], - "CCC": [ - "CCC.ObjStor.CN03.AR01", - "CCC.ObjStor.CN03.AR02", - "CCC.ObjStor.CN04.AR01", - "CCC.ObjStor.CN05.AR01", - "CCC.ObjStor.CN05.AR02", - "CCC.ObjStor.CN05.AR03", - "CCC.ObjStor.CN05.AR04" - ], - "GxP-21-CFR-Part-11": [ - "11.10-a", - "11.10-c" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.14" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP04" - ], - "ISO27001-2022": [ - "A.8.3", - "A.8.10" - ], - "NIST-800-53-Revision-4": [ - "cp_10", - "si_12" - ], - "KISA-ISMS-P-2023": [ - "2.9.3", - "2.12.1" - ], - "MITRE-ATTACK": [ - "T1485", - "T1486" - ], - "CISA": [ - "your-systems-3", - "your-data-4", - "booting-up-thing-to-do-first-1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Check if S3 buckets have object versioning enabled", - "title": "Check if S3 buckets have object versioning enabled", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_object_versioning-211203495394-eu-west-1-s3-bucket-sure-jackal" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::s3-bucket-sure-jackal", - "name": "s3-bucket-sure-jackal", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": true, - "logging": true, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": null, - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "denyOutdatedTLS", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:*", - "Resource": [ - "arn:aws:s3:::s3-bucket-sure-jackal/*", - "arn:aws:s3:::s3-bucket-sure-jackal" - ], - "Condition": { - "NumericLessThan": { - "s3:TlsVersion": "1.2" - } - } - }, - { - "Sid": "denyInsecureTransport", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:*", - "Resource": [ - "arn:aws:s3:::s3-bucket-sure-jackal/*", - "arn:aws:s3:::s3-bucket-sure-jackal" - ], - "Condition": { - "Bool": { - "aws:SecureTransport": "false" - } - } - }, - { - "Sid": "denyUnencryptedObjectUploads", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal/*", - "Condition": { - "Null": { - "s3:x-amz-server-side-encryption": "true" - } - } - }, - { - "Sid": "denySSECEncryptedObjectUploads", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal/*", - "Condition": { - "Null": { - "s3:x-amz-server-side-encryption-customer-algorithm": "false" - } - } - }, - { - "Sid": "denyIncorrectKmsKeySse", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal/*", - "Condition": { - "StringNotEquals": { - "s3:x-amz-server-side-encryption-aws-kms-key-id": "arn:aws:kms:eu-west-1:211203495394:key/34307c6a-e2e3-4f56-8543-fa92dd73df4f" - } - } - }, - { - "Sid": "denyIncorrectEncryptionHeaders", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal/*", - "Condition": { - "StringNotEquals": { - "s3:x-amz-server-side-encryption": "aws:kms" - } - } - }, - { - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:role/terraform-20251019182000328500000001" - }, - "Action": "s3:ListBucket", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal" - } - ] - }, - "encryption": "aws:kms", - "region": "eu-west-1", - "logging_target_bucket": "logs-sure-jackal", - "ownership": "BucketOwnerPreferred", - "object_lock": true, - "mfa_delete": false, - "tags": [ - { - "Key": "Owner", - "Value": "Anton" - } - ], - "lifecycle": [ - { - "id": "log", - "status": "Enabled" - }, - { - "id": "log1", - "status": "Enabled" - }, - { - "id": "log2", - "status": "Enabled" - } - ], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [ - "Owner:Anton" - ], - "name": "s3-bucket-sure-jackal", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::s3-bucket-sure-jackal" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Configure versioning using the Amazon console or API for buckets with sensitive information that is changing frequently, and backup may not be enough to capture all the changes.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/dev-retired/Versioning.html" - ] - }, - "risk_details": "With versioning, you can easily recover from both unintended user actions and application failures.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket simple-sure-jackal has versioning disabled.", - "metadata": { - "event_code": "s3_bucket_object_versioning", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "S3 Bucket simple-sure-jackal has versioning disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_3_8" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_12" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_308_a_7_i", - "164_308_a_7_ii_a", - "164_308_a_7_ii_b", - "164_308_a_7_ii_c", - "164_312_a_2_ii", - "164_312_c_1", - "164_312_c_2" - ], - "SOC2": [ - "cc_7_4", - "cc_a_1_1", - "cc_c_1_2" - ], - "C5-2025": [ - "OPS-13.01AC", - "OPS-33.02B", - "DEV-07.01B" - ], - "NIST-CSF-1.1": [ - "be_5", - "ds_4", - "ip_4", - "ip_9", - "pt_5", - "rp_1", - "rp_1" - ], - "FedRamp-Moderate-Revision-4": [ - "au-9-2", - "cp-9-b", - "cp-10", - "sc-5", - "si-12" - ], - "NIST-800-53-Revision-5": [ - "au_9_2", - "cp_1_2", - "cp_2_5", - "cp_6_a", - "cp_6_1", - "cp_6_2", - "cp_9_a", - "cp_9_b", - "cp_9_c", - "cp_10", - "cp_10_2", - "pm_11_b", - "pm_17_b", - "sc_5_2", - "sc_16_1", - "si_1_a_2", - "si_13_5" - ], - "AWS-Audit-Manager-Control-Tower-Guardrails": [ - "5.1.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.3", - "2.12.1" - ], - "PCI-4.0": [ - "10.3.4.9" - ], - "FedRAMP-Low-Revision-4": [ - "au-9", - "cp-9", - "cp-10", - "sc-5" - ], - "FFIEC": [ - "d5-ir-pl-b-6" - ], - "PCI-3.2.1": [ - "3.1", - "3.1.c", - "10.5", - "10.5.2", - "10.5.3", - "10.5.5" - ], - "GxP-EU-Annex-11": [ - "5-data", - "7.1-data-storage-damage-protection", - "7.2-data-storage-backups", - "16-business-continuity", - "17-archiving", - "4.8-validation-data-transfer" - ], - "CCC": [ - "CCC.ObjStor.CN03.AR01", - "CCC.ObjStor.CN03.AR02", - "CCC.ObjStor.CN04.AR01", - "CCC.ObjStor.CN05.AR01", - "CCC.ObjStor.CN05.AR02", - "CCC.ObjStor.CN05.AR03", - "CCC.ObjStor.CN05.AR04" - ], - "GxP-21-CFR-Part-11": [ - "11.10-a", - "11.10-c" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.14" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP04" - ], - "ISO27001-2022": [ - "A.8.3", - "A.8.10" - ], - "NIST-800-53-Revision-4": [ - "cp_10", - "si_12" - ], - "KISA-ISMS-P-2023": [ - "2.9.3", - "2.12.1" - ], - "MITRE-ATTACK": [ - "T1485", - "T1486" - ], - "CISA": [ - "your-systems-3", - "your-data-4", - "booting-up-thing-to-do-first-1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Check if S3 buckets have object versioning enabled", - "title": "Check if S3 buckets have object versioning enabled", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_object_versioning-211203495394-eu-west-1-simple-sure-jackal" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::simple-sure-jackal", - "name": "simple-sure-jackal", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "eu-west-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "simple-sure-jackal", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::simple-sure-jackal" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Configure versioning using the Amazon console or API for buckets with sensitive information that is changing frequently, and backup may not be enough to capture all the changes.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/dev-retired/Versioning.html" - ] - }, - "risk_details": "With versioning, you can easily recover from both unintended user actions and application failures.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket test-bucket-obj-untrusted has versioning disabled.", - "metadata": { - "event_code": "s3_bucket_object_versioning", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "S3 Bucket test-bucket-obj-untrusted has versioning disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_3_8" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_12" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_308_a_7_i", - "164_308_a_7_ii_a", - "164_308_a_7_ii_b", - "164_308_a_7_ii_c", - "164_312_a_2_ii", - "164_312_c_1", - "164_312_c_2" - ], - "SOC2": [ - "cc_7_4", - "cc_a_1_1", - "cc_c_1_2" - ], - "C5-2025": [ - "OPS-13.01AC", - "OPS-33.02B", - "DEV-07.01B" - ], - "NIST-CSF-1.1": [ - "be_5", - "ds_4", - "ip_4", - "ip_9", - "pt_5", - "rp_1", - "rp_1" - ], - "FedRamp-Moderate-Revision-4": [ - "au-9-2", - "cp-9-b", - "cp-10", - "sc-5", - "si-12" - ], - "NIST-800-53-Revision-5": [ - "au_9_2", - "cp_1_2", - "cp_2_5", - "cp_6_a", - "cp_6_1", - "cp_6_2", - "cp_9_a", - "cp_9_b", - "cp_9_c", - "cp_10", - "cp_10_2", - "pm_11_b", - "pm_17_b", - "sc_5_2", - "sc_16_1", - "si_1_a_2", - "si_13_5" - ], - "AWS-Audit-Manager-Control-Tower-Guardrails": [ - "5.1.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.3", - "2.12.1" - ], - "PCI-4.0": [ - "10.3.4.9" - ], - "FedRAMP-Low-Revision-4": [ - "au-9", - "cp-9", - "cp-10", - "sc-5" - ], - "FFIEC": [ - "d5-ir-pl-b-6" - ], - "PCI-3.2.1": [ - "3.1", - "3.1.c", - "10.5", - "10.5.2", - "10.5.3", - "10.5.5" - ], - "GxP-EU-Annex-11": [ - "5-data", - "7.1-data-storage-damage-protection", - "7.2-data-storage-backups", - "16-business-continuity", - "17-archiving", - "4.8-validation-data-transfer" - ], - "CCC": [ - "CCC.ObjStor.CN03.AR01", - "CCC.ObjStor.CN03.AR02", - "CCC.ObjStor.CN04.AR01", - "CCC.ObjStor.CN05.AR01", - "CCC.ObjStor.CN05.AR02", - "CCC.ObjStor.CN05.AR03", - "CCC.ObjStor.CN05.AR04" - ], - "GxP-21-CFR-Part-11": [ - "11.10-a", - "11.10-c" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.14" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP04" - ], - "ISO27001-2022": [ - "A.8.3", - "A.8.10" - ], - "NIST-800-53-Revision-4": [ - "cp_10", - "si_12" - ], - "KISA-ISMS-P-2023": [ - "2.9.3", - "2.12.1" - ], - "MITRE-ATTACK": [ - "T1485", - "T1486" - ], - "CISA": [ - "your-systems-3", - "your-data-4", - "booting-up-thing-to-do-first-1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Check if S3 buckets have object versioning enabled", - "title": "Check if S3 buckets have object versioning enabled", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_object_versioning-211203495394-us-east-1-test-bucket-obj-untrusted" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::test-bucket-obj-untrusted", - "name": "test-bucket-obj-untrusted", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "us-east-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "test-bucket-obj-untrusted", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::test-bucket-obj-untrusted" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Configure versioning using the Amazon console or API for buckets with sensitive information that is changing frequently, and backup may not be enough to capture all the changes.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/dev-retired/Versioning.html" - ] - }, - "risk_details": "With versioning, you can easily recover from both unintended user actions and application failures.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket test-bucket-untrusted-kms has versioning disabled.", - "metadata": { - "event_code": "s3_bucket_object_versioning", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "S3 Bucket test-bucket-untrusted-kms has versioning disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_3_8" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_12" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_308_a_7_i", - "164_308_a_7_ii_a", - "164_308_a_7_ii_b", - "164_308_a_7_ii_c", - "164_312_a_2_ii", - "164_312_c_1", - "164_312_c_2" - ], - "SOC2": [ - "cc_7_4", - "cc_a_1_1", - "cc_c_1_2" - ], - "C5-2025": [ - "OPS-13.01AC", - "OPS-33.02B", - "DEV-07.01B" - ], - "NIST-CSF-1.1": [ - "be_5", - "ds_4", - "ip_4", - "ip_9", - "pt_5", - "rp_1", - "rp_1" - ], - "FedRamp-Moderate-Revision-4": [ - "au-9-2", - "cp-9-b", - "cp-10", - "sc-5", - "si-12" - ], - "NIST-800-53-Revision-5": [ - "au_9_2", - "cp_1_2", - "cp_2_5", - "cp_6_a", - "cp_6_1", - "cp_6_2", - "cp_9_a", - "cp_9_b", - "cp_9_c", - "cp_10", - "cp_10_2", - "pm_11_b", - "pm_17_b", - "sc_5_2", - "sc_16_1", - "si_1_a_2", - "si_13_5" - ], - "AWS-Audit-Manager-Control-Tower-Guardrails": [ - "5.1.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.3", - "2.12.1" - ], - "PCI-4.0": [ - "10.3.4.9" - ], - "FedRAMP-Low-Revision-4": [ - "au-9", - "cp-9", - "cp-10", - "sc-5" - ], - "FFIEC": [ - "d5-ir-pl-b-6" - ], - "PCI-3.2.1": [ - "3.1", - "3.1.c", - "10.5", - "10.5.2", - "10.5.3", - "10.5.5" - ], - "GxP-EU-Annex-11": [ - "5-data", - "7.1-data-storage-damage-protection", - "7.2-data-storage-backups", - "16-business-continuity", - "17-archiving", - "4.8-validation-data-transfer" - ], - "CCC": [ - "CCC.ObjStor.CN03.AR01", - "CCC.ObjStor.CN03.AR02", - "CCC.ObjStor.CN04.AR01", - "CCC.ObjStor.CN05.AR01", - "CCC.ObjStor.CN05.AR02", - "CCC.ObjStor.CN05.AR03", - "CCC.ObjStor.CN05.AR04" - ], - "GxP-21-CFR-Part-11": [ - "11.10-a", - "11.10-c" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.14" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP04" - ], - "ISO27001-2022": [ - "A.8.3", - "A.8.10" - ], - "NIST-800-53-Revision-4": [ - "cp_10", - "si_12" - ], - "KISA-ISMS-P-2023": [ - "2.9.3", - "2.12.1" - ], - "MITRE-ATTACK": [ - "T1485", - "T1486" - ], - "CISA": [ - "your-systems-3", - "your-data-4", - "booting-up-thing-to-do-first-1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Check if S3 buckets have object versioning enabled", - "title": "Check if S3 buckets have object versioning enabled", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_object_versioning-211203495394-us-east-1-test-bucket-untrusted-kms" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::test-bucket-untrusted-kms", - "name": "test-bucket-untrusted-kms", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "us-east-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "test-bucket-untrusted-kms", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::test-bucket-untrusted-kms" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Configure versioning using the Amazon console or API for buckets with sensitive information that is changing frequently, and backup may not be enough to capture all the changes.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/dev-retired/Versioning.html" - ] - }, - "risk_details": "With versioning, you can easily recover from both unintended user actions and application failures.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket cloudfront-logs-sure-jackal does not have a bucket policy.", - "metadata": { - "event_code": "s3_bucket_policy_public_write_access", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 Bucket cloudfront-logs-sure-jackal does not have a bucket policy.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_1", - "3_1_2", - "3_1_3", - "3_3_8", - "3_4_6", - "3_13_2", - "3_13_5" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_1_3" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_308_a_3_i", - "164_312_a_1" - ], - "C5-2025": [ - "PS-03.02B", - "IAM-10.01B" - ], - "NIST-CSF-1.1": [ - "ac_3", - "ac_5", - "ds_5", - "ip_8", - "pt_3" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-3", - "ac-4", - "ac-6", - "ac-17-1", - "ac-21-b", - "cm-2", - "sc-4", - "sc-7-3", - "sc-7" - ], - "NIST-800-53-Revision-5": [ - "ac_2_6", - "ac_3", - "ac_3_7", - "ac_4_21", - "ac_6", - "ac_17_b", - "ac_17_1", - "ac_17_4_a", - "ac_17_9", - "ac_17_10", - "cm_6_a", - "cm_9_b", - "mp_2", - "sc_7_2", - "sc_7_3", - "sc_7_7", - "sc_7_9_a", - "sc_7_11", - "sc_7_12", - "sc_7_16", - "sc_7_20", - "sc_7_21", - "sc_7_24_b", - "sc_7_25", - "sc_7_26", - "sc_7_27", - "sc_7_28", - "sc_7_a", - "sc_7_b", - "sc_7_c", - "sc_25" - ], - "ENS-RD2022": [ - "op.acc.4.aws.iam.1", - "op.exp.8.r4.aws.ct.2" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "AWS-Audit-Manager-Control-Tower-Guardrails": [ - "4.1.2" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "FedRAMP-Low-Revision-4": [ - "ac-3", - "ac-17", - "cm-2", - "sc-7" - ], - "FFIEC": [ - "d3-pc-im-b-1" - ], - "PCI-3.2.1": [ - "1.2", - "1.2.1", - "1.2.1.a", - "1.2.1.b", - "1.2.1.c", - "1.3", - "1.3.1", - "1.3.2", - "1.3.4", - "1.3.6", - "7.2", - "7.2.1" - ], - "CCC": [ - "CCC.AuditLog.CN10.AR02", - "CCC.Core.CN05.AR05" - ], - "GxP-21-CFR-Part-11": [ - "11.10-c", - "11.10-d", - "11.10-g", - "11.10-k" - ], - "ProwlerThreatScore-1.0": [ - "2.2.15" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.3" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC03-BP07" - ], - "ISO27001-2022": [ - "A.8.1" - ], - "NIST-800-53-Revision-4": [ - "ac_3", - "ac_4", - "ac_6", - "ac_21", - "sc_7_3", - "sc_7" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1485", - "T1486" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Check if S3 buckets have policies which allow WRITE access.", - "title": "Check if S3 buckets have policies which allow WRITE access.", - "types": [ - "IAM" - ], - "uid": "prowler-aws-s3_bucket_policy_public_write_access-211203495394-eu-west-1-cloudfront-logs-sure-jackal" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::cloudfront-logs-sure-jackal", - "name": "cloudfront-logs-sure-jackal", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "awslogsdelivery+s3_us-east-1", - "ID": "c4c1ede66af53448b93c283ce9448c4ba468c9432aa01d700d3878632f77d2d0", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - }, - { - "display_name": null, - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "eu-west-1", - "logging_target_bucket": null, - "ownership": "ObjectWriter", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "cloudfront-logs-sure-jackal", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::cloudfront-logs-sure-jackal" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Ensure proper bucket policy is in place with the least privilege principle applied.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_examples_s3_rw-bucket.html" - ] - }, - "risk_details": "Non intended users can put objects in a given bucket.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 public access blocked at bucket level for logs-sure-jackal.", - "metadata": { - "event_code": "s3_bucket_policy_public_write_access", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 public access blocked at bucket level for logs-sure-jackal.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_1", - "3_1_2", - "3_1_3", - "3_3_8", - "3_4_6", - "3_13_2", - "3_13_5" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_1_3" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_308_a_3_i", - "164_312_a_1" - ], - "C5-2025": [ - "PS-03.02B", - "IAM-10.01B" - ], - "NIST-CSF-1.1": [ - "ac_3", - "ac_5", - "ds_5", - "ip_8", - "pt_3" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-3", - "ac-4", - "ac-6", - "ac-17-1", - "ac-21-b", - "cm-2", - "sc-4", - "sc-7-3", - "sc-7" - ], - "NIST-800-53-Revision-5": [ - "ac_2_6", - "ac_3", - "ac_3_7", - "ac_4_21", - "ac_6", - "ac_17_b", - "ac_17_1", - "ac_17_4_a", - "ac_17_9", - "ac_17_10", - "cm_6_a", - "cm_9_b", - "mp_2", - "sc_7_2", - "sc_7_3", - "sc_7_7", - "sc_7_9_a", - "sc_7_11", - "sc_7_12", - "sc_7_16", - "sc_7_20", - "sc_7_21", - "sc_7_24_b", - "sc_7_25", - "sc_7_26", - "sc_7_27", - "sc_7_28", - "sc_7_a", - "sc_7_b", - "sc_7_c", - "sc_25" - ], - "ENS-RD2022": [ - "op.acc.4.aws.iam.1", - "op.exp.8.r4.aws.ct.2" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "AWS-Audit-Manager-Control-Tower-Guardrails": [ - "4.1.2" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "FedRAMP-Low-Revision-4": [ - "ac-3", - "ac-17", - "cm-2", - "sc-7" - ], - "FFIEC": [ - "d3-pc-im-b-1" - ], - "PCI-3.2.1": [ - "1.2", - "1.2.1", - "1.2.1.a", - "1.2.1.b", - "1.2.1.c", - "1.3", - "1.3.1", - "1.3.2", - "1.3.4", - "1.3.6", - "7.2", - "7.2.1" - ], - "CCC": [ - "CCC.AuditLog.CN10.AR02", - "CCC.Core.CN05.AR05" - ], - "GxP-21-CFR-Part-11": [ - "11.10-c", - "11.10-d", - "11.10-g", - "11.10-k" - ], - "ProwlerThreatScore-1.0": [ - "2.2.15" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.3" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC03-BP07" - ], - "ISO27001-2022": [ - "A.8.1" - ], - "NIST-800-53-Revision-4": [ - "ac_3", - "ac_4", - "ac_6", - "ac_21", - "sc_7_3", - "sc_7" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1485", - "T1486" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Check if S3 buckets have policies which allow WRITE access.", - "title": "Check if S3 buckets have policies which allow WRITE access.", - "types": [ - "IAM" - ], - "uid": "prowler-aws-s3_bucket_policy_public_write_access-211203495394-eu-west-1-logs-sure-jackal" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::logs-sure-jackal", - "name": "logs-sure-jackal", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "ELBRegionEu-West-1", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::156460612806:root" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/*" - }, - { - "Effect": "Allow", - "Principal": { - "Service": "logdelivery.elasticloadbalancing.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/*" - }, - { - "Sid": "AlbNlbLogDeliveryWrite", - "Effect": "Allow", - "Principal": { - "Service": "delivery.logs.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/*", - "Condition": { - "StringEquals": { - "s3:x-amz-acl": "bucket-owner-full-control", - "aws:ResourceOrgID": "o-123456" - } - } - }, - { - "Sid": "AlbNlbLogDeliveryAclCheck", - "Effect": "Allow", - "Principal": { - "Service": "delivery.logs.amazonaws.com" - }, - "Action": [ - "s3:ListBucket", - "s3:GetBucketAcl" - ], - "Resource": "arn:aws:s3:::logs-sure-jackal", - "Condition": { - "StringEquals": { - "aws:ResourceOrgID": "o-123456" - } - } - }, - { - "Sid": "AWSAccessLogDeliveryWrite", - "Effect": "Allow", - "Principal": { - "Service": "logging.s3.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/*", - "Condition": { - "StringEquals": { - "aws:ResourceOrgID": "o-123456" - }, - "ForAnyValue:StringEquals": { - "aws:SourceAccount": "211203495394" - }, - "ForAnyValue:ArnLike": { - "aws:SourceArn": "arn:aws:s3:::s3-bucket-sure-jackal" - } - } - }, - { - "Sid": "AWSAccessLogDeliveryAclCheck", - "Effect": "Allow", - "Principal": { - "Service": "logging.s3.amazonaws.com" - }, - "Action": "s3:GetBucketAcl", - "Resource": "arn:aws:s3:::logs-sure-jackal", - "Condition": { - "StringEquals": { - "aws:ResourceOrgID": "o-123456" - } - } - }, - { - "Sid": "AWSCloudTrailAclCheck", - "Effect": "Allow", - "Principal": { - "Service": "cloudtrail.amazonaws.com" - }, - "Action": "s3:GetBucketAcl", - "Resource": "arn:aws:s3:::logs-sure-jackal" - }, - { - "Sid": "AWSCloudTrailWrite", - "Effect": "Allow", - "Principal": { - "Service": "cloudtrail.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/AWSLogs/*", - "Condition": { - "StringEquals": { - "s3:x-amz-acl": "bucket-owner-full-control" - } - } - }, - { - "Sid": "denyOutdatedTLS", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:*", - "Resource": [ - "arn:aws:s3:::logs-sure-jackal/*", - "arn:aws:s3:::logs-sure-jackal" - ], - "Condition": { - "NumericLessThan": { - "s3:TlsVersion": "1.2" - } - } - }, - { - "Sid": "denyInsecureTransport", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:*", - "Resource": [ - "arn:aws:s3:::logs-sure-jackal/*", - "arn:aws:s3:::logs-sure-jackal" - ], - "Condition": { - "Bool": { - "aws:SecureTransport": "false" - } - } - }, - { - "Sid": "WafLogDeliveryWrite", - "Effect": "Allow", - "Principal": { - "Service": "delivery.logs.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/AWSLogs/211203495394/*", - "Condition": { - "StringEquals": { - "aws:SourceAccount": "211203495394", - "s3:x-amz-acl": "bucket-owner-full-control" - }, - "ArnLike": { - "aws:SourceArn": "arn:aws:logs:eu-west-1:211203495394:*" - } - } - }, - { - "Sid": "WafLogDeliveryAclCheck", - "Effect": "Allow", - "Principal": { - "Service": "delivery.logs.amazonaws.com" - }, - "Action": "s3:GetBucketAcl", - "Resource": "arn:aws:s3:::logs-sure-jackal", - "Condition": { - "StringEquals": { - "aws:SourceAccount": "211203495394" - }, - "ArnLike": { - "aws:SourceArn": "arn:aws:logs:eu-west-1:211203495394:*" - } - } - } - ] - }, - "encryption": "AES256", - "region": "eu-west-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "logs-sure-jackal", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::logs-sure-jackal" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Ensure proper bucket policy is in place with the least privilege principle applied.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_examples_s3_rw-bucket.html" - ] - }, - "risk_details": "Non intended users can put objects in a given bucket.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 public access blocked at bucket level for s3-bucket-sure-jackal.", - "metadata": { - "event_code": "s3_bucket_policy_public_write_access", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 public access blocked at bucket level for s3-bucket-sure-jackal.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_1", - "3_1_2", - "3_1_3", - "3_3_8", - "3_4_6", - "3_13_2", - "3_13_5" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_1_3" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_308_a_3_i", - "164_312_a_1" - ], - "C5-2025": [ - "PS-03.02B", - "IAM-10.01B" - ], - "NIST-CSF-1.1": [ - "ac_3", - "ac_5", - "ds_5", - "ip_8", - "pt_3" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-3", - "ac-4", - "ac-6", - "ac-17-1", - "ac-21-b", - "cm-2", - "sc-4", - "sc-7-3", - "sc-7" - ], - "NIST-800-53-Revision-5": [ - "ac_2_6", - "ac_3", - "ac_3_7", - "ac_4_21", - "ac_6", - "ac_17_b", - "ac_17_1", - "ac_17_4_a", - "ac_17_9", - "ac_17_10", - "cm_6_a", - "cm_9_b", - "mp_2", - "sc_7_2", - "sc_7_3", - "sc_7_7", - "sc_7_9_a", - "sc_7_11", - "sc_7_12", - "sc_7_16", - "sc_7_20", - "sc_7_21", - "sc_7_24_b", - "sc_7_25", - "sc_7_26", - "sc_7_27", - "sc_7_28", - "sc_7_a", - "sc_7_b", - "sc_7_c", - "sc_25" - ], - "ENS-RD2022": [ - "op.acc.4.aws.iam.1", - "op.exp.8.r4.aws.ct.2" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "AWS-Audit-Manager-Control-Tower-Guardrails": [ - "4.1.2" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "FedRAMP-Low-Revision-4": [ - "ac-3", - "ac-17", - "cm-2", - "sc-7" - ], - "FFIEC": [ - "d3-pc-im-b-1" - ], - "PCI-3.2.1": [ - "1.2", - "1.2.1", - "1.2.1.a", - "1.2.1.b", - "1.2.1.c", - "1.3", - "1.3.1", - "1.3.2", - "1.3.4", - "1.3.6", - "7.2", - "7.2.1" - ], - "CCC": [ - "CCC.AuditLog.CN10.AR02", - "CCC.Core.CN05.AR05" - ], - "GxP-21-CFR-Part-11": [ - "11.10-c", - "11.10-d", - "11.10-g", - "11.10-k" - ], - "ProwlerThreatScore-1.0": [ - "2.2.15" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.3" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC03-BP07" - ], - "ISO27001-2022": [ - "A.8.1" - ], - "NIST-800-53-Revision-4": [ - "ac_3", - "ac_4", - "ac_6", - "ac_21", - "sc_7_3", - "sc_7" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1485", - "T1486" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Check if S3 buckets have policies which allow WRITE access.", - "title": "Check if S3 buckets have policies which allow WRITE access.", - "types": [ - "IAM" - ], - "uid": "prowler-aws-s3_bucket_policy_public_write_access-211203495394-eu-west-1-s3-bucket-sure-jackal" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::s3-bucket-sure-jackal", - "name": "s3-bucket-sure-jackal", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": true, - "logging": true, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": null, - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "denyOutdatedTLS", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:*", - "Resource": [ - "arn:aws:s3:::s3-bucket-sure-jackal/*", - "arn:aws:s3:::s3-bucket-sure-jackal" - ], - "Condition": { - "NumericLessThan": { - "s3:TlsVersion": "1.2" - } - } - }, - { - "Sid": "denyInsecureTransport", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:*", - "Resource": [ - "arn:aws:s3:::s3-bucket-sure-jackal/*", - "arn:aws:s3:::s3-bucket-sure-jackal" - ], - "Condition": { - "Bool": { - "aws:SecureTransport": "false" - } - } - }, - { - "Sid": "denyUnencryptedObjectUploads", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal/*", - "Condition": { - "Null": { - "s3:x-amz-server-side-encryption": "true" - } - } - }, - { - "Sid": "denySSECEncryptedObjectUploads", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal/*", - "Condition": { - "Null": { - "s3:x-amz-server-side-encryption-customer-algorithm": "false" - } - } - }, - { - "Sid": "denyIncorrectKmsKeySse", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal/*", - "Condition": { - "StringNotEquals": { - "s3:x-amz-server-side-encryption-aws-kms-key-id": "arn:aws:kms:eu-west-1:211203495394:key/34307c6a-e2e3-4f56-8543-fa92dd73df4f" - } - } - }, - { - "Sid": "denyIncorrectEncryptionHeaders", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal/*", - "Condition": { - "StringNotEquals": { - "s3:x-amz-server-side-encryption": "aws:kms" - } - } - }, - { - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:role/terraform-20251019182000328500000001" - }, - "Action": "s3:ListBucket", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal" - } - ] - }, - "encryption": "aws:kms", - "region": "eu-west-1", - "logging_target_bucket": "logs-sure-jackal", - "ownership": "BucketOwnerPreferred", - "object_lock": true, - "mfa_delete": false, - "tags": [ - { - "Key": "Owner", - "Value": "Anton" - } - ], - "lifecycle": [ - { - "id": "log", - "status": "Enabled" - }, - { - "id": "log1", - "status": "Enabled" - }, - { - "id": "log2", - "status": "Enabled" - } - ], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [ - "Owner:Anton" - ], - "name": "s3-bucket-sure-jackal", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::s3-bucket-sure-jackal" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Ensure proper bucket policy is in place with the least privilege principle applied.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_examples_s3_rw-bucket.html" - ] - }, - "risk_details": "Non intended users can put objects in a given bucket.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket simple-sure-jackal does not have a bucket policy.", - "metadata": { - "event_code": "s3_bucket_policy_public_write_access", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 Bucket simple-sure-jackal does not have a bucket policy.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_1", - "3_1_2", - "3_1_3", - "3_3_8", - "3_4_6", - "3_13_2", - "3_13_5" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_1_3" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_308_a_3_i", - "164_312_a_1" - ], - "C5-2025": [ - "PS-03.02B", - "IAM-10.01B" - ], - "NIST-CSF-1.1": [ - "ac_3", - "ac_5", - "ds_5", - "ip_8", - "pt_3" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-3", - "ac-4", - "ac-6", - "ac-17-1", - "ac-21-b", - "cm-2", - "sc-4", - "sc-7-3", - "sc-7" - ], - "NIST-800-53-Revision-5": [ - "ac_2_6", - "ac_3", - "ac_3_7", - "ac_4_21", - "ac_6", - "ac_17_b", - "ac_17_1", - "ac_17_4_a", - "ac_17_9", - "ac_17_10", - "cm_6_a", - "cm_9_b", - "mp_2", - "sc_7_2", - "sc_7_3", - "sc_7_7", - "sc_7_9_a", - "sc_7_11", - "sc_7_12", - "sc_7_16", - "sc_7_20", - "sc_7_21", - "sc_7_24_b", - "sc_7_25", - "sc_7_26", - "sc_7_27", - "sc_7_28", - "sc_7_a", - "sc_7_b", - "sc_7_c", - "sc_25" - ], - "ENS-RD2022": [ - "op.acc.4.aws.iam.1", - "op.exp.8.r4.aws.ct.2" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "AWS-Audit-Manager-Control-Tower-Guardrails": [ - "4.1.2" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "FedRAMP-Low-Revision-4": [ - "ac-3", - "ac-17", - "cm-2", - "sc-7" - ], - "FFIEC": [ - "d3-pc-im-b-1" - ], - "PCI-3.2.1": [ - "1.2", - "1.2.1", - "1.2.1.a", - "1.2.1.b", - "1.2.1.c", - "1.3", - "1.3.1", - "1.3.2", - "1.3.4", - "1.3.6", - "7.2", - "7.2.1" - ], - "CCC": [ - "CCC.AuditLog.CN10.AR02", - "CCC.Core.CN05.AR05" - ], - "GxP-21-CFR-Part-11": [ - "11.10-c", - "11.10-d", - "11.10-g", - "11.10-k" - ], - "ProwlerThreatScore-1.0": [ - "2.2.15" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.3" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC03-BP07" - ], - "ISO27001-2022": [ - "A.8.1" - ], - "NIST-800-53-Revision-4": [ - "ac_3", - "ac_4", - "ac_6", - "ac_21", - "sc_7_3", - "sc_7" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1485", - "T1486" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Check if S3 buckets have policies which allow WRITE access.", - "title": "Check if S3 buckets have policies which allow WRITE access.", - "types": [ - "IAM" - ], - "uid": "prowler-aws-s3_bucket_policy_public_write_access-211203495394-eu-west-1-simple-sure-jackal" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::simple-sure-jackal", - "name": "simple-sure-jackal", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "eu-west-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "simple-sure-jackal", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::simple-sure-jackal" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Ensure proper bucket policy is in place with the least privilege principle applied.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_examples_s3_rw-bucket.html" - ] - }, - "risk_details": "Non intended users can put objects in a given bucket.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket test-bucket-obj-untrusted does not have a bucket policy.", - "metadata": { - "event_code": "s3_bucket_policy_public_write_access", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 Bucket test-bucket-obj-untrusted does not have a bucket policy.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_1", - "3_1_2", - "3_1_3", - "3_3_8", - "3_4_6", - "3_13_2", - "3_13_5" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_1_3" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_308_a_3_i", - "164_312_a_1" - ], - "C5-2025": [ - "PS-03.02B", - "IAM-10.01B" - ], - "NIST-CSF-1.1": [ - "ac_3", - "ac_5", - "ds_5", - "ip_8", - "pt_3" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-3", - "ac-4", - "ac-6", - "ac-17-1", - "ac-21-b", - "cm-2", - "sc-4", - "sc-7-3", - "sc-7" - ], - "NIST-800-53-Revision-5": [ - "ac_2_6", - "ac_3", - "ac_3_7", - "ac_4_21", - "ac_6", - "ac_17_b", - "ac_17_1", - "ac_17_4_a", - "ac_17_9", - "ac_17_10", - "cm_6_a", - "cm_9_b", - "mp_2", - "sc_7_2", - "sc_7_3", - "sc_7_7", - "sc_7_9_a", - "sc_7_11", - "sc_7_12", - "sc_7_16", - "sc_7_20", - "sc_7_21", - "sc_7_24_b", - "sc_7_25", - "sc_7_26", - "sc_7_27", - "sc_7_28", - "sc_7_a", - "sc_7_b", - "sc_7_c", - "sc_25" - ], - "ENS-RD2022": [ - "op.acc.4.aws.iam.1", - "op.exp.8.r4.aws.ct.2" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "AWS-Audit-Manager-Control-Tower-Guardrails": [ - "4.1.2" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "FedRAMP-Low-Revision-4": [ - "ac-3", - "ac-17", - "cm-2", - "sc-7" - ], - "FFIEC": [ - "d3-pc-im-b-1" - ], - "PCI-3.2.1": [ - "1.2", - "1.2.1", - "1.2.1.a", - "1.2.1.b", - "1.2.1.c", - "1.3", - "1.3.1", - "1.3.2", - "1.3.4", - "1.3.6", - "7.2", - "7.2.1" - ], - "CCC": [ - "CCC.AuditLog.CN10.AR02", - "CCC.Core.CN05.AR05" - ], - "GxP-21-CFR-Part-11": [ - "11.10-c", - "11.10-d", - "11.10-g", - "11.10-k" - ], - "ProwlerThreatScore-1.0": [ - "2.2.15" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.3" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC03-BP07" - ], - "ISO27001-2022": [ - "A.8.1" - ], - "NIST-800-53-Revision-4": [ - "ac_3", - "ac_4", - "ac_6", - "ac_21", - "sc_7_3", - "sc_7" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1485", - "T1486" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Check if S3 buckets have policies which allow WRITE access.", - "title": "Check if S3 buckets have policies which allow WRITE access.", - "types": [ - "IAM" - ], - "uid": "prowler-aws-s3_bucket_policy_public_write_access-211203495394-us-east-1-test-bucket-obj-untrusted" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::test-bucket-obj-untrusted", - "name": "test-bucket-obj-untrusted", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "us-east-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "test-bucket-obj-untrusted", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::test-bucket-obj-untrusted" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Ensure proper bucket policy is in place with the least privilege principle applied.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_examples_s3_rw-bucket.html" - ] - }, - "risk_details": "Non intended users can put objects in a given bucket.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket test-bucket-untrusted-kms does not have a bucket policy.", - "metadata": { - "event_code": "s3_bucket_policy_public_write_access", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 Bucket test-bucket-untrusted-kms does not have a bucket policy.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_1", - "3_1_2", - "3_1_3", - "3_3_8", - "3_4_6", - "3_13_2", - "3_13_5" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_1_3" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_308_a_3_i", - "164_312_a_1" - ], - "C5-2025": [ - "PS-03.02B", - "IAM-10.01B" - ], - "NIST-CSF-1.1": [ - "ac_3", - "ac_5", - "ds_5", - "ip_8", - "pt_3" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-3", - "ac-4", - "ac-6", - "ac-17-1", - "ac-21-b", - "cm-2", - "sc-4", - "sc-7-3", - "sc-7" - ], - "NIST-800-53-Revision-5": [ - "ac_2_6", - "ac_3", - "ac_3_7", - "ac_4_21", - "ac_6", - "ac_17_b", - "ac_17_1", - "ac_17_4_a", - "ac_17_9", - "ac_17_10", - "cm_6_a", - "cm_9_b", - "mp_2", - "sc_7_2", - "sc_7_3", - "sc_7_7", - "sc_7_9_a", - "sc_7_11", - "sc_7_12", - "sc_7_16", - "sc_7_20", - "sc_7_21", - "sc_7_24_b", - "sc_7_25", - "sc_7_26", - "sc_7_27", - "sc_7_28", - "sc_7_a", - "sc_7_b", - "sc_7_c", - "sc_25" - ], - "ENS-RD2022": [ - "op.acc.4.aws.iam.1", - "op.exp.8.r4.aws.ct.2" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "AWS-Audit-Manager-Control-Tower-Guardrails": [ - "4.1.2" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "FedRAMP-Low-Revision-4": [ - "ac-3", - "ac-17", - "cm-2", - "sc-7" - ], - "FFIEC": [ - "d3-pc-im-b-1" - ], - "PCI-3.2.1": [ - "1.2", - "1.2.1", - "1.2.1.a", - "1.2.1.b", - "1.2.1.c", - "1.3", - "1.3.1", - "1.3.2", - "1.3.4", - "1.3.6", - "7.2", - "7.2.1" - ], - "CCC": [ - "CCC.AuditLog.CN10.AR02", - "CCC.Core.CN05.AR05" - ], - "GxP-21-CFR-Part-11": [ - "11.10-c", - "11.10-d", - "11.10-g", - "11.10-k" - ], - "ProwlerThreatScore-1.0": [ - "2.2.15" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.3" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC03-BP07" - ], - "ISO27001-2022": [ - "A.8.1" - ], - "NIST-800-53-Revision-4": [ - "ac_3", - "ac_4", - "ac_6", - "ac_21", - "sc_7_3", - "sc_7" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1485", - "T1486" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Check if S3 buckets have policies which allow WRITE access.", - "title": "Check if S3 buckets have policies which allow WRITE access.", - "types": [ - "IAM" - ], - "uid": "prowler-aws-s3_bucket_policy_public_write_access-211203495394-us-east-1-test-bucket-untrusted-kms" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::test-bucket-untrusted-kms", - "name": "test-bucket-untrusted-kms", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "us-east-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "test-bucket-untrusted-kms", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::test-bucket-untrusted-kms" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Ensure proper bucket policy is in place with the least privilege principle applied.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_examples_s3_rw-bucket.html" - ] - }, - "risk_details": "Non intended users can put objects in a given bucket.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket cloudfront-logs-sure-jackal is not public.", - "metadata": { - "event_code": "s3_bucket_public_access", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 Bucket cloudfront-logs-sure-jackal is not public.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_1", - "3_1_2", - "3_1_3", - "3_3_8", - "3_4_6", - "3_13_2", - "3_13_5" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_1_3" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_308_a_3_i", - "164_312_a_1", - "164_312_a_2_i" - ], - "SOC2": [ - "cc_6_1" - ], - "C5-2025": [ - "PS-03.02B", - "IAM-10.01B", - "COS-02.01B" - ], - "NIST-CSF-1.1": [ - "ac_3", - "ac_5", - "ds_5", - "ip_8", - "pt_3" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-3", - "ac-4", - "ac-6", - "ac-17-1", - "ac-21-b", - "cm-2", - "sc-4", - "sc-7-3", - "sc-7" - ], - "NIST-800-53-Revision-5": [ - "ac_2_6", - "ac_3", - "ac_3_7", - "ac_4_21", - "ac_6", - "ac_17_b", - "ac_17_1", - "ac_17_4_a", - "ac_17_9", - "ac_17_10", - "cm_6_a", - "cm_9_b", - "mp_2", - "sc_7_2", - "sc_7_3", - "sc_7_7", - "sc_7_9_a", - "sc_7_11", - "sc_7_12", - "sc_7_16", - "sc_7_20", - "sc_7_21", - "sc_7_24_b", - "sc_7_25", - "sc_7_26", - "sc_7_27", - "sc_7_28", - "sc_7_a", - "sc_7_b", - "sc_7_c", - "sc_25" - ], - "ENS-RD2022": [ - "op.exp.8.r4.aws.ct.2" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "AWS-Audit-Manager-Control-Tower-Guardrails": [ - "4.1.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.1", - "2.6.2", - "2.10.2" - ], - "PCI-4.0": [ - "1.2.8.33", - "1.2.8.34", - "1.3.1.37", - "1.3.1.38", - "1.3.2.37", - "1.3.2.38", - "1.4.2.35", - "1.4.2.36", - "1.5.1.33", - "1.5.1.34", - "10.3.2.21", - "10.3.2.23", - "10.3.3.23", - "10.3.4.8", - "3.5.1.3.26", - "3.5.1.3.28", - "A1.1.2.17", - "A1.1.2.19", - "A1.1.3.33", - "A1.1.3.34", - "A1.2.1.31", - "A3.4.1.19", - "A3.4.1.21" - ], - "FedRAMP-Low-Revision-4": [ - "ac-3", - "ac-17", - "cm-2", - "sc-7" - ], - "FFIEC": [ - "d3-pc-im-b-1" - ], - "CCC": [ - "CCC.AuditLog.CN09.AR01", - "CCC.AuditLog.CN10.AR02", - "CCC.Logging.CN05.AR01", - "CCC.Logging.CN05.AR02", - "CCC.ObjStor.CN02.AR02", - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05" - ], - "GxP-21-CFR-Part-11": [ - "11.10-c", - "11.10-d", - "11.10-g", - "11.10-k" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC03-BP07" - ], - "ISO27001-2022": [ - "A.8.1" - ], - "NIST-800-53-Revision-4": [ - "ac_3", - "ac_4", - "ac_6", - "ac_21", - "sc_7_3", - "sc_7" - ], - "AWS-Account-Security-Onboarding": [ - "S3 Block Public Access" - ], - "KISA-ISMS-P-2023": [ - "2.6.1", - "2.6.2", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1530" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure there are no S3 buckets open to Everyone or Any AWS user.", - "title": "Ensure there are no S3 buckets open to Everyone or Any AWS user.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_public_access-211203495394-eu-west-1-cloudfront-logs-sure-jackal" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::cloudfront-logs-sure-jackal", - "name": "cloudfront-logs-sure-jackal", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "awslogsdelivery+s3_us-east-1", - "ID": "c4c1ede66af53448b93c283ce9448c4ba468c9432aa01d700d3878632f77d2d0", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - }, - { - "display_name": null, - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "eu-west-1", - "logging_target_bucket": null, - "ownership": "ObjectWriter", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "cloudfront-logs-sure-jackal", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::cloudfront-logs-sure-jackal" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "You can enable block public access settings only for access points, buckets and AWS accounts. Amazon S3 does not support block public access settings on a per-object basis. When you apply block public access settings to an account, the settings apply to all AWS Regions globally. The settings might not take effect in all Regions immediately or simultaneously, but they eventually propagate to all Regions.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html" - ] - }, - "risk_details": "Even if you enable all possible bucket ACL options available in the Amazon S3 console the ACL alone does not allow everyone to download objects from your bucket. Depending on which option you select any user could perform some actions.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket logs-sure-jackal is not public.", - "metadata": { - "event_code": "s3_bucket_public_access", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 Bucket logs-sure-jackal is not public.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_1", - "3_1_2", - "3_1_3", - "3_3_8", - "3_4_6", - "3_13_2", - "3_13_5" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_1_3" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_308_a_3_i", - "164_312_a_1", - "164_312_a_2_i" - ], - "SOC2": [ - "cc_6_1" - ], - "C5-2025": [ - "PS-03.02B", - "IAM-10.01B", - "COS-02.01B" - ], - "NIST-CSF-1.1": [ - "ac_3", - "ac_5", - "ds_5", - "ip_8", - "pt_3" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-3", - "ac-4", - "ac-6", - "ac-17-1", - "ac-21-b", - "cm-2", - "sc-4", - "sc-7-3", - "sc-7" - ], - "NIST-800-53-Revision-5": [ - "ac_2_6", - "ac_3", - "ac_3_7", - "ac_4_21", - "ac_6", - "ac_17_b", - "ac_17_1", - "ac_17_4_a", - "ac_17_9", - "ac_17_10", - "cm_6_a", - "cm_9_b", - "mp_2", - "sc_7_2", - "sc_7_3", - "sc_7_7", - "sc_7_9_a", - "sc_7_11", - "sc_7_12", - "sc_7_16", - "sc_7_20", - "sc_7_21", - "sc_7_24_b", - "sc_7_25", - "sc_7_26", - "sc_7_27", - "sc_7_28", - "sc_7_a", - "sc_7_b", - "sc_7_c", - "sc_25" - ], - "ENS-RD2022": [ - "op.exp.8.r4.aws.ct.2" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "AWS-Audit-Manager-Control-Tower-Guardrails": [ - "4.1.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.1", - "2.6.2", - "2.10.2" - ], - "PCI-4.0": [ - "1.2.8.33", - "1.2.8.34", - "1.3.1.37", - "1.3.1.38", - "1.3.2.37", - "1.3.2.38", - "1.4.2.35", - "1.4.2.36", - "1.5.1.33", - "1.5.1.34", - "10.3.2.21", - "10.3.2.23", - "10.3.3.23", - "10.3.4.8", - "3.5.1.3.26", - "3.5.1.3.28", - "A1.1.2.17", - "A1.1.2.19", - "A1.1.3.33", - "A1.1.3.34", - "A1.2.1.31", - "A3.4.1.19", - "A3.4.1.21" - ], - "FedRAMP-Low-Revision-4": [ - "ac-3", - "ac-17", - "cm-2", - "sc-7" - ], - "FFIEC": [ - "d3-pc-im-b-1" - ], - "CCC": [ - "CCC.AuditLog.CN09.AR01", - "CCC.AuditLog.CN10.AR02", - "CCC.Logging.CN05.AR01", - "CCC.Logging.CN05.AR02", - "CCC.ObjStor.CN02.AR02", - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05" - ], - "GxP-21-CFR-Part-11": [ - "11.10-c", - "11.10-d", - "11.10-g", - "11.10-k" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC03-BP07" - ], - "ISO27001-2022": [ - "A.8.1" - ], - "NIST-800-53-Revision-4": [ - "ac_3", - "ac_4", - "ac_6", - "ac_21", - "sc_7_3", - "sc_7" - ], - "AWS-Account-Security-Onboarding": [ - "S3 Block Public Access" - ], - "KISA-ISMS-P-2023": [ - "2.6.1", - "2.6.2", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1530" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure there are no S3 buckets open to Everyone or Any AWS user.", - "title": "Ensure there are no S3 buckets open to Everyone or Any AWS user.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_public_access-211203495394-eu-west-1-logs-sure-jackal" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::logs-sure-jackal", - "name": "logs-sure-jackal", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "ELBRegionEu-West-1", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::156460612806:root" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/*" - }, - { - "Effect": "Allow", - "Principal": { - "Service": "logdelivery.elasticloadbalancing.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/*" - }, - { - "Sid": "AlbNlbLogDeliveryWrite", - "Effect": "Allow", - "Principal": { - "Service": "delivery.logs.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/*", - "Condition": { - "StringEquals": { - "s3:x-amz-acl": "bucket-owner-full-control", - "aws:ResourceOrgID": "o-123456" - } - } - }, - { - "Sid": "AlbNlbLogDeliveryAclCheck", - "Effect": "Allow", - "Principal": { - "Service": "delivery.logs.amazonaws.com" - }, - "Action": [ - "s3:ListBucket", - "s3:GetBucketAcl" - ], - "Resource": "arn:aws:s3:::logs-sure-jackal", - "Condition": { - "StringEquals": { - "aws:ResourceOrgID": "o-123456" - } - } - }, - { - "Sid": "AWSAccessLogDeliveryWrite", - "Effect": "Allow", - "Principal": { - "Service": "logging.s3.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/*", - "Condition": { - "StringEquals": { - "aws:ResourceOrgID": "o-123456" - }, - "ForAnyValue:StringEquals": { - "aws:SourceAccount": "211203495394" - }, - "ForAnyValue:ArnLike": { - "aws:SourceArn": "arn:aws:s3:::s3-bucket-sure-jackal" - } - } - }, - { - "Sid": "AWSAccessLogDeliveryAclCheck", - "Effect": "Allow", - "Principal": { - "Service": "logging.s3.amazonaws.com" - }, - "Action": "s3:GetBucketAcl", - "Resource": "arn:aws:s3:::logs-sure-jackal", - "Condition": { - "StringEquals": { - "aws:ResourceOrgID": "o-123456" - } - } - }, - { - "Sid": "AWSCloudTrailAclCheck", - "Effect": "Allow", - "Principal": { - "Service": "cloudtrail.amazonaws.com" - }, - "Action": "s3:GetBucketAcl", - "Resource": "arn:aws:s3:::logs-sure-jackal" - }, - { - "Sid": "AWSCloudTrailWrite", - "Effect": "Allow", - "Principal": { - "Service": "cloudtrail.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/AWSLogs/*", - "Condition": { - "StringEquals": { - "s3:x-amz-acl": "bucket-owner-full-control" - } - } - }, - { - "Sid": "denyOutdatedTLS", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:*", - "Resource": [ - "arn:aws:s3:::logs-sure-jackal/*", - "arn:aws:s3:::logs-sure-jackal" - ], - "Condition": { - "NumericLessThan": { - "s3:TlsVersion": "1.2" - } - } - }, - { - "Sid": "denyInsecureTransport", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:*", - "Resource": [ - "arn:aws:s3:::logs-sure-jackal/*", - "arn:aws:s3:::logs-sure-jackal" - ], - "Condition": { - "Bool": { - "aws:SecureTransport": "false" - } - } - }, - { - "Sid": "WafLogDeliveryWrite", - "Effect": "Allow", - "Principal": { - "Service": "delivery.logs.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/AWSLogs/211203495394/*", - "Condition": { - "StringEquals": { - "aws:SourceAccount": "211203495394", - "s3:x-amz-acl": "bucket-owner-full-control" - }, - "ArnLike": { - "aws:SourceArn": "arn:aws:logs:eu-west-1:211203495394:*" - } - } - }, - { - "Sid": "WafLogDeliveryAclCheck", - "Effect": "Allow", - "Principal": { - "Service": "delivery.logs.amazonaws.com" - }, - "Action": "s3:GetBucketAcl", - "Resource": "arn:aws:s3:::logs-sure-jackal", - "Condition": { - "StringEquals": { - "aws:SourceAccount": "211203495394" - }, - "ArnLike": { - "aws:SourceArn": "arn:aws:logs:eu-west-1:211203495394:*" - } - } - } - ] - }, - "encryption": "AES256", - "region": "eu-west-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "logs-sure-jackal", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::logs-sure-jackal" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "You can enable block public access settings only for access points, buckets and AWS accounts. Amazon S3 does not support block public access settings on a per-object basis. When you apply block public access settings to an account, the settings apply to all AWS Regions globally. The settings might not take effect in all Regions immediately or simultaneously, but they eventually propagate to all Regions.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html" - ] - }, - "risk_details": "Even if you enable all possible bucket ACL options available in the Amazon S3 console the ACL alone does not allow everyone to download objects from your bucket. Depending on which option you select any user could perform some actions.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket s3-bucket-sure-jackal is not public.", - "metadata": { - "event_code": "s3_bucket_public_access", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 Bucket s3-bucket-sure-jackal is not public.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_1", - "3_1_2", - "3_1_3", - "3_3_8", - "3_4_6", - "3_13_2", - "3_13_5" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_1_3" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_308_a_3_i", - "164_312_a_1", - "164_312_a_2_i" - ], - "SOC2": [ - "cc_6_1" - ], - "C5-2025": [ - "PS-03.02B", - "IAM-10.01B", - "COS-02.01B" - ], - "NIST-CSF-1.1": [ - "ac_3", - "ac_5", - "ds_5", - "ip_8", - "pt_3" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-3", - "ac-4", - "ac-6", - "ac-17-1", - "ac-21-b", - "cm-2", - "sc-4", - "sc-7-3", - "sc-7" - ], - "NIST-800-53-Revision-5": [ - "ac_2_6", - "ac_3", - "ac_3_7", - "ac_4_21", - "ac_6", - "ac_17_b", - "ac_17_1", - "ac_17_4_a", - "ac_17_9", - "ac_17_10", - "cm_6_a", - "cm_9_b", - "mp_2", - "sc_7_2", - "sc_7_3", - "sc_7_7", - "sc_7_9_a", - "sc_7_11", - "sc_7_12", - "sc_7_16", - "sc_7_20", - "sc_7_21", - "sc_7_24_b", - "sc_7_25", - "sc_7_26", - "sc_7_27", - "sc_7_28", - "sc_7_a", - "sc_7_b", - "sc_7_c", - "sc_25" - ], - "ENS-RD2022": [ - "op.exp.8.r4.aws.ct.2" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "AWS-Audit-Manager-Control-Tower-Guardrails": [ - "4.1.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.1", - "2.6.2", - "2.10.2" - ], - "PCI-4.0": [ - "1.2.8.33", - "1.2.8.34", - "1.3.1.37", - "1.3.1.38", - "1.3.2.37", - "1.3.2.38", - "1.4.2.35", - "1.4.2.36", - "1.5.1.33", - "1.5.1.34", - "10.3.2.21", - "10.3.2.23", - "10.3.3.23", - "10.3.4.8", - "3.5.1.3.26", - "3.5.1.3.28", - "A1.1.2.17", - "A1.1.2.19", - "A1.1.3.33", - "A1.1.3.34", - "A1.2.1.31", - "A3.4.1.19", - "A3.4.1.21" - ], - "FedRAMP-Low-Revision-4": [ - "ac-3", - "ac-17", - "cm-2", - "sc-7" - ], - "FFIEC": [ - "d3-pc-im-b-1" - ], - "CCC": [ - "CCC.AuditLog.CN09.AR01", - "CCC.AuditLog.CN10.AR02", - "CCC.Logging.CN05.AR01", - "CCC.Logging.CN05.AR02", - "CCC.ObjStor.CN02.AR02", - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05" - ], - "GxP-21-CFR-Part-11": [ - "11.10-c", - "11.10-d", - "11.10-g", - "11.10-k" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC03-BP07" - ], - "ISO27001-2022": [ - "A.8.1" - ], - "NIST-800-53-Revision-4": [ - "ac_3", - "ac_4", - "ac_6", - "ac_21", - "sc_7_3", - "sc_7" - ], - "AWS-Account-Security-Onboarding": [ - "S3 Block Public Access" - ], - "KISA-ISMS-P-2023": [ - "2.6.1", - "2.6.2", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1530" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure there are no S3 buckets open to Everyone or Any AWS user.", - "title": "Ensure there are no S3 buckets open to Everyone or Any AWS user.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_public_access-211203495394-eu-west-1-s3-bucket-sure-jackal" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::s3-bucket-sure-jackal", - "name": "s3-bucket-sure-jackal", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": true, - "logging": true, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": null, - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "denyOutdatedTLS", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:*", - "Resource": [ - "arn:aws:s3:::s3-bucket-sure-jackal/*", - "arn:aws:s3:::s3-bucket-sure-jackal" - ], - "Condition": { - "NumericLessThan": { - "s3:TlsVersion": "1.2" - } - } - }, - { - "Sid": "denyInsecureTransport", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:*", - "Resource": [ - "arn:aws:s3:::s3-bucket-sure-jackal/*", - "arn:aws:s3:::s3-bucket-sure-jackal" - ], - "Condition": { - "Bool": { - "aws:SecureTransport": "false" - } - } - }, - { - "Sid": "denyUnencryptedObjectUploads", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal/*", - "Condition": { - "Null": { - "s3:x-amz-server-side-encryption": "true" - } - } - }, - { - "Sid": "denySSECEncryptedObjectUploads", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal/*", - "Condition": { - "Null": { - "s3:x-amz-server-side-encryption-customer-algorithm": "false" - } - } - }, - { - "Sid": "denyIncorrectKmsKeySse", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal/*", - "Condition": { - "StringNotEquals": { - "s3:x-amz-server-side-encryption-aws-kms-key-id": "arn:aws:kms:eu-west-1:211203495394:key/34307c6a-e2e3-4f56-8543-fa92dd73df4f" - } - } - }, - { - "Sid": "denyIncorrectEncryptionHeaders", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal/*", - "Condition": { - "StringNotEquals": { - "s3:x-amz-server-side-encryption": "aws:kms" - } - } - }, - { - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:role/terraform-20251019182000328500000001" - }, - "Action": "s3:ListBucket", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal" - } - ] - }, - "encryption": "aws:kms", - "region": "eu-west-1", - "logging_target_bucket": "logs-sure-jackal", - "ownership": "BucketOwnerPreferred", - "object_lock": true, - "mfa_delete": false, - "tags": [ - { - "Key": "Owner", - "Value": "Anton" - } - ], - "lifecycle": [ - { - "id": "log", - "status": "Enabled" - }, - { - "id": "log1", - "status": "Enabled" - }, - { - "id": "log2", - "status": "Enabled" - } - ], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [ - "Owner:Anton" - ], - "name": "s3-bucket-sure-jackal", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::s3-bucket-sure-jackal" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "You can enable block public access settings only for access points, buckets and AWS accounts. Amazon S3 does not support block public access settings on a per-object basis. When you apply block public access settings to an account, the settings apply to all AWS Regions globally. The settings might not take effect in all Regions immediately or simultaneously, but they eventually propagate to all Regions.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html" - ] - }, - "risk_details": "Even if you enable all possible bucket ACL options available in the Amazon S3 console the ACL alone does not allow everyone to download objects from your bucket. Depending on which option you select any user could perform some actions.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket simple-sure-jackal is not public.", - "metadata": { - "event_code": "s3_bucket_public_access", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 Bucket simple-sure-jackal is not public.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_1", - "3_1_2", - "3_1_3", - "3_3_8", - "3_4_6", - "3_13_2", - "3_13_5" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_1_3" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_308_a_3_i", - "164_312_a_1", - "164_312_a_2_i" - ], - "SOC2": [ - "cc_6_1" - ], - "C5-2025": [ - "PS-03.02B", - "IAM-10.01B", - "COS-02.01B" - ], - "NIST-CSF-1.1": [ - "ac_3", - "ac_5", - "ds_5", - "ip_8", - "pt_3" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-3", - "ac-4", - "ac-6", - "ac-17-1", - "ac-21-b", - "cm-2", - "sc-4", - "sc-7-3", - "sc-7" - ], - "NIST-800-53-Revision-5": [ - "ac_2_6", - "ac_3", - "ac_3_7", - "ac_4_21", - "ac_6", - "ac_17_b", - "ac_17_1", - "ac_17_4_a", - "ac_17_9", - "ac_17_10", - "cm_6_a", - "cm_9_b", - "mp_2", - "sc_7_2", - "sc_7_3", - "sc_7_7", - "sc_7_9_a", - "sc_7_11", - "sc_7_12", - "sc_7_16", - "sc_7_20", - "sc_7_21", - "sc_7_24_b", - "sc_7_25", - "sc_7_26", - "sc_7_27", - "sc_7_28", - "sc_7_a", - "sc_7_b", - "sc_7_c", - "sc_25" - ], - "ENS-RD2022": [ - "op.exp.8.r4.aws.ct.2" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "AWS-Audit-Manager-Control-Tower-Guardrails": [ - "4.1.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.1", - "2.6.2", - "2.10.2" - ], - "PCI-4.0": [ - "1.2.8.33", - "1.2.8.34", - "1.3.1.37", - "1.3.1.38", - "1.3.2.37", - "1.3.2.38", - "1.4.2.35", - "1.4.2.36", - "1.5.1.33", - "1.5.1.34", - "10.3.2.21", - "10.3.2.23", - "10.3.3.23", - "10.3.4.8", - "3.5.1.3.26", - "3.5.1.3.28", - "A1.1.2.17", - "A1.1.2.19", - "A1.1.3.33", - "A1.1.3.34", - "A1.2.1.31", - "A3.4.1.19", - "A3.4.1.21" - ], - "FedRAMP-Low-Revision-4": [ - "ac-3", - "ac-17", - "cm-2", - "sc-7" - ], - "FFIEC": [ - "d3-pc-im-b-1" - ], - "CCC": [ - "CCC.AuditLog.CN09.AR01", - "CCC.AuditLog.CN10.AR02", - "CCC.Logging.CN05.AR01", - "CCC.Logging.CN05.AR02", - "CCC.ObjStor.CN02.AR02", - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05" - ], - "GxP-21-CFR-Part-11": [ - "11.10-c", - "11.10-d", - "11.10-g", - "11.10-k" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC03-BP07" - ], - "ISO27001-2022": [ - "A.8.1" - ], - "NIST-800-53-Revision-4": [ - "ac_3", - "ac_4", - "ac_6", - "ac_21", - "sc_7_3", - "sc_7" - ], - "AWS-Account-Security-Onboarding": [ - "S3 Block Public Access" - ], - "KISA-ISMS-P-2023": [ - "2.6.1", - "2.6.2", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1530" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure there are no S3 buckets open to Everyone or Any AWS user.", - "title": "Ensure there are no S3 buckets open to Everyone or Any AWS user.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_public_access-211203495394-eu-west-1-simple-sure-jackal" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::simple-sure-jackal", - "name": "simple-sure-jackal", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "eu-west-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "simple-sure-jackal", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::simple-sure-jackal" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "You can enable block public access settings only for access points, buckets and AWS accounts. Amazon S3 does not support block public access settings on a per-object basis. When you apply block public access settings to an account, the settings apply to all AWS Regions globally. The settings might not take effect in all Regions immediately or simultaneously, but they eventually propagate to all Regions.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html" - ] - }, - "risk_details": "Even if you enable all possible bucket ACL options available in the Amazon S3 console the ACL alone does not allow everyone to download objects from your bucket. Depending on which option you select any user could perform some actions.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket test-bucket-obj-untrusted is not public.", - "metadata": { - "event_code": "s3_bucket_public_access", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 Bucket test-bucket-obj-untrusted is not public.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_1", - "3_1_2", - "3_1_3", - "3_3_8", - "3_4_6", - "3_13_2", - "3_13_5" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_1_3" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_308_a_3_i", - "164_312_a_1", - "164_312_a_2_i" - ], - "SOC2": [ - "cc_6_1" - ], - "C5-2025": [ - "PS-03.02B", - "IAM-10.01B", - "COS-02.01B" - ], - "NIST-CSF-1.1": [ - "ac_3", - "ac_5", - "ds_5", - "ip_8", - "pt_3" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-3", - "ac-4", - "ac-6", - "ac-17-1", - "ac-21-b", - "cm-2", - "sc-4", - "sc-7-3", - "sc-7" - ], - "NIST-800-53-Revision-5": [ - "ac_2_6", - "ac_3", - "ac_3_7", - "ac_4_21", - "ac_6", - "ac_17_b", - "ac_17_1", - "ac_17_4_a", - "ac_17_9", - "ac_17_10", - "cm_6_a", - "cm_9_b", - "mp_2", - "sc_7_2", - "sc_7_3", - "sc_7_7", - "sc_7_9_a", - "sc_7_11", - "sc_7_12", - "sc_7_16", - "sc_7_20", - "sc_7_21", - "sc_7_24_b", - "sc_7_25", - "sc_7_26", - "sc_7_27", - "sc_7_28", - "sc_7_a", - "sc_7_b", - "sc_7_c", - "sc_25" - ], - "ENS-RD2022": [ - "op.exp.8.r4.aws.ct.2" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "AWS-Audit-Manager-Control-Tower-Guardrails": [ - "4.1.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.1", - "2.6.2", - "2.10.2" - ], - "PCI-4.0": [ - "1.2.8.33", - "1.2.8.34", - "1.3.1.37", - "1.3.1.38", - "1.3.2.37", - "1.3.2.38", - "1.4.2.35", - "1.4.2.36", - "1.5.1.33", - "1.5.1.34", - "10.3.2.21", - "10.3.2.23", - "10.3.3.23", - "10.3.4.8", - "3.5.1.3.26", - "3.5.1.3.28", - "A1.1.2.17", - "A1.1.2.19", - "A1.1.3.33", - "A1.1.3.34", - "A1.2.1.31", - "A3.4.1.19", - "A3.4.1.21" - ], - "FedRAMP-Low-Revision-4": [ - "ac-3", - "ac-17", - "cm-2", - "sc-7" - ], - "FFIEC": [ - "d3-pc-im-b-1" - ], - "CCC": [ - "CCC.AuditLog.CN09.AR01", - "CCC.AuditLog.CN10.AR02", - "CCC.Logging.CN05.AR01", - "CCC.Logging.CN05.AR02", - "CCC.ObjStor.CN02.AR02", - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05" - ], - "GxP-21-CFR-Part-11": [ - "11.10-c", - "11.10-d", - "11.10-g", - "11.10-k" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC03-BP07" - ], - "ISO27001-2022": [ - "A.8.1" - ], - "NIST-800-53-Revision-4": [ - "ac_3", - "ac_4", - "ac_6", - "ac_21", - "sc_7_3", - "sc_7" - ], - "AWS-Account-Security-Onboarding": [ - "S3 Block Public Access" - ], - "KISA-ISMS-P-2023": [ - "2.6.1", - "2.6.2", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1530" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure there are no S3 buckets open to Everyone or Any AWS user.", - "title": "Ensure there are no S3 buckets open to Everyone or Any AWS user.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_public_access-211203495394-us-east-1-test-bucket-obj-untrusted" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::test-bucket-obj-untrusted", - "name": "test-bucket-obj-untrusted", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "us-east-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "test-bucket-obj-untrusted", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::test-bucket-obj-untrusted" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "You can enable block public access settings only for access points, buckets and AWS accounts. Amazon S3 does not support block public access settings on a per-object basis. When you apply block public access settings to an account, the settings apply to all AWS Regions globally. The settings might not take effect in all Regions immediately or simultaneously, but they eventually propagate to all Regions.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html" - ] - }, - "risk_details": "Even if you enable all possible bucket ACL options available in the Amazon S3 console the ACL alone does not allow everyone to download objects from your bucket. Depending on which option you select any user could perform some actions.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket test-bucket-untrusted-kms is not public.", - "metadata": { - "event_code": "s3_bucket_public_access", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 Bucket test-bucket-untrusted-kms is not public.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_1", - "3_1_2", - "3_1_3", - "3_3_8", - "3_4_6", - "3_13_2", - "3_13_5" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_1_3" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_308_a_3_i", - "164_312_a_1", - "164_312_a_2_i" - ], - "SOC2": [ - "cc_6_1" - ], - "C5-2025": [ - "PS-03.02B", - "IAM-10.01B", - "COS-02.01B" - ], - "NIST-CSF-1.1": [ - "ac_3", - "ac_5", - "ds_5", - "ip_8", - "pt_3" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-3", - "ac-4", - "ac-6", - "ac-17-1", - "ac-21-b", - "cm-2", - "sc-4", - "sc-7-3", - "sc-7" - ], - "NIST-800-53-Revision-5": [ - "ac_2_6", - "ac_3", - "ac_3_7", - "ac_4_21", - "ac_6", - "ac_17_b", - "ac_17_1", - "ac_17_4_a", - "ac_17_9", - "ac_17_10", - "cm_6_a", - "cm_9_b", - "mp_2", - "sc_7_2", - "sc_7_3", - "sc_7_7", - "sc_7_9_a", - "sc_7_11", - "sc_7_12", - "sc_7_16", - "sc_7_20", - "sc_7_21", - "sc_7_24_b", - "sc_7_25", - "sc_7_26", - "sc_7_27", - "sc_7_28", - "sc_7_a", - "sc_7_b", - "sc_7_c", - "sc_25" - ], - "ENS-RD2022": [ - "op.exp.8.r4.aws.ct.2" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "AWS-Audit-Manager-Control-Tower-Guardrails": [ - "4.1.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.1", - "2.6.2", - "2.10.2" - ], - "PCI-4.0": [ - "1.2.8.33", - "1.2.8.34", - "1.3.1.37", - "1.3.1.38", - "1.3.2.37", - "1.3.2.38", - "1.4.2.35", - "1.4.2.36", - "1.5.1.33", - "1.5.1.34", - "10.3.2.21", - "10.3.2.23", - "10.3.3.23", - "10.3.4.8", - "3.5.1.3.26", - "3.5.1.3.28", - "A1.1.2.17", - "A1.1.2.19", - "A1.1.3.33", - "A1.1.3.34", - "A1.2.1.31", - "A3.4.1.19", - "A3.4.1.21" - ], - "FedRAMP-Low-Revision-4": [ - "ac-3", - "ac-17", - "cm-2", - "sc-7" - ], - "FFIEC": [ - "d3-pc-im-b-1" - ], - "CCC": [ - "CCC.AuditLog.CN09.AR01", - "CCC.AuditLog.CN10.AR02", - "CCC.Logging.CN05.AR01", - "CCC.Logging.CN05.AR02", - "CCC.ObjStor.CN02.AR02", - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05" - ], - "GxP-21-CFR-Part-11": [ - "11.10-c", - "11.10-d", - "11.10-g", - "11.10-k" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC03-BP07" - ], - "ISO27001-2022": [ - "A.8.1" - ], - "NIST-800-53-Revision-4": [ - "ac_3", - "ac_4", - "ac_6", - "ac_21", - "sc_7_3", - "sc_7" - ], - "AWS-Account-Security-Onboarding": [ - "S3 Block Public Access" - ], - "KISA-ISMS-P-2023": [ - "2.6.1", - "2.6.2", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1530" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure there are no S3 buckets open to Everyone or Any AWS user.", - "title": "Ensure there are no S3 buckets open to Everyone or Any AWS user.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_public_access-211203495394-us-east-1-test-bucket-untrusted-kms" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::test-bucket-untrusted-kms", - "name": "test-bucket-untrusted-kms", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "us-east-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "test-bucket-untrusted-kms", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::test-bucket-untrusted-kms" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "You can enable block public access settings only for access points, buckets and AWS accounts. Amazon S3 does not support block public access settings on a per-object basis. When you apply block public access settings to an account, the settings apply to all AWS Regions globally. The settings might not take effect in all Regions immediately or simultaneously, but they eventually propagate to all Regions.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html" - ] - }, - "risk_details": "Even if you enable all possible bucket ACL options available in the Amazon S3 console the ACL alone does not allow everyone to download objects from your bucket. Depending on which option you select any user could perform some actions.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket cloudfront-logs-sure-jackal is not publicly listable.", - "metadata": { - "event_code": "s3_bucket_public_list_acl", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 Bucket cloudfront-logs-sure-jackal is not publicly listable.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "PS-03.02B" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "AWS-Audit-Manager-Control-Tower-Guardrails": [ - "4.1.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "CCC": [ - "CCC.AuditLog.CN10.AR01", - "CCC.AuditLog.CN10.AR02", - "CCC.Logging.CN05.AR01", - "CCC.Logging.CN05.AR02", - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR05" - ], - "ProwlerThreatScore-1.0": [ - "2.2.16" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure there are no S3 buckets listable by Everyone or Any AWS customer.", - "title": "Ensure there are no S3 buckets listable by Everyone or Any AWS customer.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_public_list_acl-211203495394-eu-west-1-cloudfront-logs-sure-jackal" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::cloudfront-logs-sure-jackal", - "name": "cloudfront-logs-sure-jackal", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "awslogsdelivery+s3_us-east-1", - "ID": "c4c1ede66af53448b93c283ce9448c4ba468c9432aa01d700d3878632f77d2d0", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - }, - { - "display_name": null, - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "eu-west-1", - "logging_target_bucket": null, - "ownership": "ObjectWriter", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "cloudfront-logs-sure-jackal", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::cloudfront-logs-sure-jackal" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "You can enable block public access settings only for access points, buckets and AWS accounts. Amazon S3 does not support block public access settings on a per-object basis. When you apply block public access settings to an account, the settings apply to all AWS Regions globally. The settings might not take effect in all Regions immediately or simultaneously, but they eventually propagate to all Regions.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html" - ] - }, - "risk_details": "Even if you enable all possible bucket ACL options available in the Amazon S3 console the ACL alone does not allow everyone to download objects from your bucket. Depending on which option you select any user could perform some actions.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket logs-sure-jackal is not publicly listable.", - "metadata": { - "event_code": "s3_bucket_public_list_acl", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 Bucket logs-sure-jackal is not publicly listable.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "PS-03.02B" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "AWS-Audit-Manager-Control-Tower-Guardrails": [ - "4.1.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "CCC": [ - "CCC.AuditLog.CN10.AR01", - "CCC.AuditLog.CN10.AR02", - "CCC.Logging.CN05.AR01", - "CCC.Logging.CN05.AR02", - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR05" - ], - "ProwlerThreatScore-1.0": [ - "2.2.16" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure there are no S3 buckets listable by Everyone or Any AWS customer.", - "title": "Ensure there are no S3 buckets listable by Everyone or Any AWS customer.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_public_list_acl-211203495394-eu-west-1-logs-sure-jackal" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::logs-sure-jackal", - "name": "logs-sure-jackal", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "ELBRegionEu-West-1", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::156460612806:root" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/*" - }, - { - "Effect": "Allow", - "Principal": { - "Service": "logdelivery.elasticloadbalancing.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/*" - }, - { - "Sid": "AlbNlbLogDeliveryWrite", - "Effect": "Allow", - "Principal": { - "Service": "delivery.logs.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/*", - "Condition": { - "StringEquals": { - "s3:x-amz-acl": "bucket-owner-full-control", - "aws:ResourceOrgID": "o-123456" - } - } - }, - { - "Sid": "AlbNlbLogDeliveryAclCheck", - "Effect": "Allow", - "Principal": { - "Service": "delivery.logs.amazonaws.com" - }, - "Action": [ - "s3:ListBucket", - "s3:GetBucketAcl" - ], - "Resource": "arn:aws:s3:::logs-sure-jackal", - "Condition": { - "StringEquals": { - "aws:ResourceOrgID": "o-123456" - } - } - }, - { - "Sid": "AWSAccessLogDeliveryWrite", - "Effect": "Allow", - "Principal": { - "Service": "logging.s3.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/*", - "Condition": { - "StringEquals": { - "aws:ResourceOrgID": "o-123456" - }, - "ForAnyValue:StringEquals": { - "aws:SourceAccount": "211203495394" - }, - "ForAnyValue:ArnLike": { - "aws:SourceArn": "arn:aws:s3:::s3-bucket-sure-jackal" - } - } - }, - { - "Sid": "AWSAccessLogDeliveryAclCheck", - "Effect": "Allow", - "Principal": { - "Service": "logging.s3.amazonaws.com" - }, - "Action": "s3:GetBucketAcl", - "Resource": "arn:aws:s3:::logs-sure-jackal", - "Condition": { - "StringEquals": { - "aws:ResourceOrgID": "o-123456" - } - } - }, - { - "Sid": "AWSCloudTrailAclCheck", - "Effect": "Allow", - "Principal": { - "Service": "cloudtrail.amazonaws.com" - }, - "Action": "s3:GetBucketAcl", - "Resource": "arn:aws:s3:::logs-sure-jackal" - }, - { - "Sid": "AWSCloudTrailWrite", - "Effect": "Allow", - "Principal": { - "Service": "cloudtrail.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/AWSLogs/*", - "Condition": { - "StringEquals": { - "s3:x-amz-acl": "bucket-owner-full-control" - } - } - }, - { - "Sid": "denyOutdatedTLS", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:*", - "Resource": [ - "arn:aws:s3:::logs-sure-jackal/*", - "arn:aws:s3:::logs-sure-jackal" - ], - "Condition": { - "NumericLessThan": { - "s3:TlsVersion": "1.2" - } - } - }, - { - "Sid": "denyInsecureTransport", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:*", - "Resource": [ - "arn:aws:s3:::logs-sure-jackal/*", - "arn:aws:s3:::logs-sure-jackal" - ], - "Condition": { - "Bool": { - "aws:SecureTransport": "false" - } - } - }, - { - "Sid": "WafLogDeliveryWrite", - "Effect": "Allow", - "Principal": { - "Service": "delivery.logs.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/AWSLogs/211203495394/*", - "Condition": { - "StringEquals": { - "aws:SourceAccount": "211203495394", - "s3:x-amz-acl": "bucket-owner-full-control" - }, - "ArnLike": { - "aws:SourceArn": "arn:aws:logs:eu-west-1:211203495394:*" - } - } - }, - { - "Sid": "WafLogDeliveryAclCheck", - "Effect": "Allow", - "Principal": { - "Service": "delivery.logs.amazonaws.com" - }, - "Action": "s3:GetBucketAcl", - "Resource": "arn:aws:s3:::logs-sure-jackal", - "Condition": { - "StringEquals": { - "aws:SourceAccount": "211203495394" - }, - "ArnLike": { - "aws:SourceArn": "arn:aws:logs:eu-west-1:211203495394:*" - } - } - } - ] - }, - "encryption": "AES256", - "region": "eu-west-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "logs-sure-jackal", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::logs-sure-jackal" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "You can enable block public access settings only for access points, buckets and AWS accounts. Amazon S3 does not support block public access settings on a per-object basis. When you apply block public access settings to an account, the settings apply to all AWS Regions globally. The settings might not take effect in all Regions immediately or simultaneously, but they eventually propagate to all Regions.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html" - ] - }, - "risk_details": "Even if you enable all possible bucket ACL options available in the Amazon S3 console the ACL alone does not allow everyone to download objects from your bucket. Depending on which option you select any user could perform some actions.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket s3-bucket-sure-jackal is not publicly listable.", - "metadata": { - "event_code": "s3_bucket_public_list_acl", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 Bucket s3-bucket-sure-jackal is not publicly listable.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "PS-03.02B" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "AWS-Audit-Manager-Control-Tower-Guardrails": [ - "4.1.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "CCC": [ - "CCC.AuditLog.CN10.AR01", - "CCC.AuditLog.CN10.AR02", - "CCC.Logging.CN05.AR01", - "CCC.Logging.CN05.AR02", - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR05" - ], - "ProwlerThreatScore-1.0": [ - "2.2.16" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure there are no S3 buckets listable by Everyone or Any AWS customer.", - "title": "Ensure there are no S3 buckets listable by Everyone or Any AWS customer.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_public_list_acl-211203495394-eu-west-1-s3-bucket-sure-jackal" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::s3-bucket-sure-jackal", - "name": "s3-bucket-sure-jackal", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": true, - "logging": true, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": null, - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "denyOutdatedTLS", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:*", - "Resource": [ - "arn:aws:s3:::s3-bucket-sure-jackal/*", - "arn:aws:s3:::s3-bucket-sure-jackal" - ], - "Condition": { - "NumericLessThan": { - "s3:TlsVersion": "1.2" - } - } - }, - { - "Sid": "denyInsecureTransport", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:*", - "Resource": [ - "arn:aws:s3:::s3-bucket-sure-jackal/*", - "arn:aws:s3:::s3-bucket-sure-jackal" - ], - "Condition": { - "Bool": { - "aws:SecureTransport": "false" - } - } - }, - { - "Sid": "denyUnencryptedObjectUploads", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal/*", - "Condition": { - "Null": { - "s3:x-amz-server-side-encryption": "true" - } - } - }, - { - "Sid": "denySSECEncryptedObjectUploads", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal/*", - "Condition": { - "Null": { - "s3:x-amz-server-side-encryption-customer-algorithm": "false" - } - } - }, - { - "Sid": "denyIncorrectKmsKeySse", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal/*", - "Condition": { - "StringNotEquals": { - "s3:x-amz-server-side-encryption-aws-kms-key-id": "arn:aws:kms:eu-west-1:211203495394:key/34307c6a-e2e3-4f56-8543-fa92dd73df4f" - } - } - }, - { - "Sid": "denyIncorrectEncryptionHeaders", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal/*", - "Condition": { - "StringNotEquals": { - "s3:x-amz-server-side-encryption": "aws:kms" - } - } - }, - { - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:role/terraform-20251019182000328500000001" - }, - "Action": "s3:ListBucket", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal" - } - ] - }, - "encryption": "aws:kms", - "region": "eu-west-1", - "logging_target_bucket": "logs-sure-jackal", - "ownership": "BucketOwnerPreferred", - "object_lock": true, - "mfa_delete": false, - "tags": [ - { - "Key": "Owner", - "Value": "Anton" - } - ], - "lifecycle": [ - { - "id": "log", - "status": "Enabled" - }, - { - "id": "log1", - "status": "Enabled" - }, - { - "id": "log2", - "status": "Enabled" - } - ], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [ - "Owner:Anton" - ], - "name": "s3-bucket-sure-jackal", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::s3-bucket-sure-jackal" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "You can enable block public access settings only for access points, buckets and AWS accounts. Amazon S3 does not support block public access settings on a per-object basis. When you apply block public access settings to an account, the settings apply to all AWS Regions globally. The settings might not take effect in all Regions immediately or simultaneously, but they eventually propagate to all Regions.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html" - ] - }, - "risk_details": "Even if you enable all possible bucket ACL options available in the Amazon S3 console the ACL alone does not allow everyone to download objects from your bucket. Depending on which option you select any user could perform some actions.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket simple-sure-jackal is not publicly listable.", - "metadata": { - "event_code": "s3_bucket_public_list_acl", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 Bucket simple-sure-jackal is not publicly listable.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "PS-03.02B" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "AWS-Audit-Manager-Control-Tower-Guardrails": [ - "4.1.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "CCC": [ - "CCC.AuditLog.CN10.AR01", - "CCC.AuditLog.CN10.AR02", - "CCC.Logging.CN05.AR01", - "CCC.Logging.CN05.AR02", - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR05" - ], - "ProwlerThreatScore-1.0": [ - "2.2.16" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure there are no S3 buckets listable by Everyone or Any AWS customer.", - "title": "Ensure there are no S3 buckets listable by Everyone or Any AWS customer.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_public_list_acl-211203495394-eu-west-1-simple-sure-jackal" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::simple-sure-jackal", - "name": "simple-sure-jackal", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "eu-west-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "simple-sure-jackal", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::simple-sure-jackal" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "You can enable block public access settings only for access points, buckets and AWS accounts. Amazon S3 does not support block public access settings on a per-object basis. When you apply block public access settings to an account, the settings apply to all AWS Regions globally. The settings might not take effect in all Regions immediately or simultaneously, but they eventually propagate to all Regions.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html" - ] - }, - "risk_details": "Even if you enable all possible bucket ACL options available in the Amazon S3 console the ACL alone does not allow everyone to download objects from your bucket. Depending on which option you select any user could perform some actions.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket test-bucket-obj-untrusted is not publicly listable.", - "metadata": { - "event_code": "s3_bucket_public_list_acl", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 Bucket test-bucket-obj-untrusted is not publicly listable.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "PS-03.02B" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "AWS-Audit-Manager-Control-Tower-Guardrails": [ - "4.1.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "CCC": [ - "CCC.AuditLog.CN10.AR01", - "CCC.AuditLog.CN10.AR02", - "CCC.Logging.CN05.AR01", - "CCC.Logging.CN05.AR02", - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR05" - ], - "ProwlerThreatScore-1.0": [ - "2.2.16" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure there are no S3 buckets listable by Everyone or Any AWS customer.", - "title": "Ensure there are no S3 buckets listable by Everyone or Any AWS customer.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_public_list_acl-211203495394-us-east-1-test-bucket-obj-untrusted" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::test-bucket-obj-untrusted", - "name": "test-bucket-obj-untrusted", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "us-east-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "test-bucket-obj-untrusted", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::test-bucket-obj-untrusted" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "You can enable block public access settings only for access points, buckets and AWS accounts. Amazon S3 does not support block public access settings on a per-object basis. When you apply block public access settings to an account, the settings apply to all AWS Regions globally. The settings might not take effect in all Regions immediately or simultaneously, but they eventually propagate to all Regions.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html" - ] - }, - "risk_details": "Even if you enable all possible bucket ACL options available in the Amazon S3 console the ACL alone does not allow everyone to download objects from your bucket. Depending on which option you select any user could perform some actions.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket test-bucket-untrusted-kms is not publicly listable.", - "metadata": { - "event_code": "s3_bucket_public_list_acl", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 Bucket test-bucket-untrusted-kms is not publicly listable.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "PS-03.02B" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "AWS-Audit-Manager-Control-Tower-Guardrails": [ - "4.1.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "CCC": [ - "CCC.AuditLog.CN10.AR01", - "CCC.AuditLog.CN10.AR02", - "CCC.Logging.CN05.AR01", - "CCC.Logging.CN05.AR02", - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR05" - ], - "ProwlerThreatScore-1.0": [ - "2.2.16" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure there are no S3 buckets listable by Everyone or Any AWS customer.", - "title": "Ensure there are no S3 buckets listable by Everyone or Any AWS customer.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_public_list_acl-211203495394-us-east-1-test-bucket-untrusted-kms" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::test-bucket-untrusted-kms", - "name": "test-bucket-untrusted-kms", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "us-east-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "test-bucket-untrusted-kms", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::test-bucket-untrusted-kms" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "You can enable block public access settings only for access points, buckets and AWS accounts. Amazon S3 does not support block public access settings on a per-object basis. When you apply block public access settings to an account, the settings apply to all AWS Regions globally. The settings might not take effect in all Regions immediately or simultaneously, but they eventually propagate to all Regions.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html" - ] - }, - "risk_details": "Even if you enable all possible bucket ACL options available in the Amazon S3 console the ACL alone does not allow everyone to download objects from your bucket. Depending on which option you select any user could perform some actions.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket cloudfront-logs-sure-jackal is not publicly writable.", - "metadata": { - "event_code": "s3_bucket_public_write_acl", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 Bucket cloudfront-logs-sure-jackal is not publicly writable.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "PS-03.02B" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "PCI-4.0": [ - "1.2.8.35", - "1.3.1.39", - "1.3.2.39", - "1.4.2.37", - "1.5.1.35", - "10.3.2.24", - "3.5.1.3.29", - "A1.1.2.20", - "A1.1.3.35", - "A3.4.1.22" - ], - "PCI-3.2.1": [ - "1.2", - "1.2.1", - "1.2.1.a", - "1.2.1.b", - "1.2.1.c", - "1.3", - "1.3.1", - "1.3.2", - "1.3.4", - "1.3.6", - "7.2", - "7.2.1" - ], - "CCC": [ - "CCC.AuditLog.CN10.AR01", - "CCC.AuditLog.CN10.AR02", - "CCC.Logging.CN05.AR01", - "CCC.Logging.CN05.AR02", - "CCC.ObjStor.CN02.AR01", - "CCC.ObjStor.CN02.AR02", - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR05" - ], - "ProwlerThreatScore-1.0": [ - "2.2.17" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.3" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure there are no S3 buckets writable by Everyone or Any AWS customer.", - "title": "Ensure there are no S3 buckets writable by Everyone or Any AWS customer.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_public_write_acl-211203495394-eu-west-1-cloudfront-logs-sure-jackal" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::cloudfront-logs-sure-jackal", - "name": "cloudfront-logs-sure-jackal", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "awslogsdelivery+s3_us-east-1", - "ID": "c4c1ede66af53448b93c283ce9448c4ba468c9432aa01d700d3878632f77d2d0", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - }, - { - "display_name": null, - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "eu-west-1", - "logging_target_bucket": null, - "ownership": "ObjectWriter", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "cloudfront-logs-sure-jackal", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::cloudfront-logs-sure-jackal" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "You can enable block public access settings only for access points, buckets and AWS accounts. Amazon S3 does not support block public access settings on a per-object basis. When you apply block public access settings to an account, the settings apply to all AWS Regions globally. The settings might not take effect in all Regions immediately or simultaneously, but they eventually propagate to all Regions.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html" - ] - }, - "risk_details": "Even if you enable all possible bucket ACL options available in the Amazon S3 console the ACL alone does not allow everyone to download objects from your bucket. Depending on which option you select any user could perform some actions.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket logs-sure-jackal is not publicly writable.", - "metadata": { - "event_code": "s3_bucket_public_write_acl", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 Bucket logs-sure-jackal is not publicly writable.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "PS-03.02B" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "PCI-4.0": [ - "1.2.8.35", - "1.3.1.39", - "1.3.2.39", - "1.4.2.37", - "1.5.1.35", - "10.3.2.24", - "3.5.1.3.29", - "A1.1.2.20", - "A1.1.3.35", - "A3.4.1.22" - ], - "PCI-3.2.1": [ - "1.2", - "1.2.1", - "1.2.1.a", - "1.2.1.b", - "1.2.1.c", - "1.3", - "1.3.1", - "1.3.2", - "1.3.4", - "1.3.6", - "7.2", - "7.2.1" - ], - "CCC": [ - "CCC.AuditLog.CN10.AR01", - "CCC.AuditLog.CN10.AR02", - "CCC.Logging.CN05.AR01", - "CCC.Logging.CN05.AR02", - "CCC.ObjStor.CN02.AR01", - "CCC.ObjStor.CN02.AR02", - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR05" - ], - "ProwlerThreatScore-1.0": [ - "2.2.17" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.3" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure there are no S3 buckets writable by Everyone or Any AWS customer.", - "title": "Ensure there are no S3 buckets writable by Everyone or Any AWS customer.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_public_write_acl-211203495394-eu-west-1-logs-sure-jackal" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::logs-sure-jackal", - "name": "logs-sure-jackal", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "ELBRegionEu-West-1", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::156460612806:root" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/*" - }, - { - "Effect": "Allow", - "Principal": { - "Service": "logdelivery.elasticloadbalancing.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/*" - }, - { - "Sid": "AlbNlbLogDeliveryWrite", - "Effect": "Allow", - "Principal": { - "Service": "delivery.logs.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/*", - "Condition": { - "StringEquals": { - "s3:x-amz-acl": "bucket-owner-full-control", - "aws:ResourceOrgID": "o-123456" - } - } - }, - { - "Sid": "AlbNlbLogDeliveryAclCheck", - "Effect": "Allow", - "Principal": { - "Service": "delivery.logs.amazonaws.com" - }, - "Action": [ - "s3:ListBucket", - "s3:GetBucketAcl" - ], - "Resource": "arn:aws:s3:::logs-sure-jackal", - "Condition": { - "StringEquals": { - "aws:ResourceOrgID": "o-123456" - } - } - }, - { - "Sid": "AWSAccessLogDeliveryWrite", - "Effect": "Allow", - "Principal": { - "Service": "logging.s3.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/*", - "Condition": { - "StringEquals": { - "aws:ResourceOrgID": "o-123456" - }, - "ForAnyValue:StringEquals": { - "aws:SourceAccount": "211203495394" - }, - "ForAnyValue:ArnLike": { - "aws:SourceArn": "arn:aws:s3:::s3-bucket-sure-jackal" - } - } - }, - { - "Sid": "AWSAccessLogDeliveryAclCheck", - "Effect": "Allow", - "Principal": { - "Service": "logging.s3.amazonaws.com" - }, - "Action": "s3:GetBucketAcl", - "Resource": "arn:aws:s3:::logs-sure-jackal", - "Condition": { - "StringEquals": { - "aws:ResourceOrgID": "o-123456" - } - } - }, - { - "Sid": "AWSCloudTrailAclCheck", - "Effect": "Allow", - "Principal": { - "Service": "cloudtrail.amazonaws.com" - }, - "Action": "s3:GetBucketAcl", - "Resource": "arn:aws:s3:::logs-sure-jackal" - }, - { - "Sid": "AWSCloudTrailWrite", - "Effect": "Allow", - "Principal": { - "Service": "cloudtrail.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/AWSLogs/*", - "Condition": { - "StringEquals": { - "s3:x-amz-acl": "bucket-owner-full-control" - } - } - }, - { - "Sid": "denyOutdatedTLS", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:*", - "Resource": [ - "arn:aws:s3:::logs-sure-jackal/*", - "arn:aws:s3:::logs-sure-jackal" - ], - "Condition": { - "NumericLessThan": { - "s3:TlsVersion": "1.2" - } - } - }, - { - "Sid": "denyInsecureTransport", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:*", - "Resource": [ - "arn:aws:s3:::logs-sure-jackal/*", - "arn:aws:s3:::logs-sure-jackal" - ], - "Condition": { - "Bool": { - "aws:SecureTransport": "false" - } - } - }, - { - "Sid": "WafLogDeliveryWrite", - "Effect": "Allow", - "Principal": { - "Service": "delivery.logs.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/AWSLogs/211203495394/*", - "Condition": { - "StringEquals": { - "aws:SourceAccount": "211203495394", - "s3:x-amz-acl": "bucket-owner-full-control" - }, - "ArnLike": { - "aws:SourceArn": "arn:aws:logs:eu-west-1:211203495394:*" - } - } - }, - { - "Sid": "WafLogDeliveryAclCheck", - "Effect": "Allow", - "Principal": { - "Service": "delivery.logs.amazonaws.com" - }, - "Action": "s3:GetBucketAcl", - "Resource": "arn:aws:s3:::logs-sure-jackal", - "Condition": { - "StringEquals": { - "aws:SourceAccount": "211203495394" - }, - "ArnLike": { - "aws:SourceArn": "arn:aws:logs:eu-west-1:211203495394:*" - } - } - } - ] - }, - "encryption": "AES256", - "region": "eu-west-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "logs-sure-jackal", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::logs-sure-jackal" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "You can enable block public access settings only for access points, buckets and AWS accounts. Amazon S3 does not support block public access settings on a per-object basis. When you apply block public access settings to an account, the settings apply to all AWS Regions globally. The settings might not take effect in all Regions immediately or simultaneously, but they eventually propagate to all Regions.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html" - ] - }, - "risk_details": "Even if you enable all possible bucket ACL options available in the Amazon S3 console the ACL alone does not allow everyone to download objects from your bucket. Depending on which option you select any user could perform some actions.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket s3-bucket-sure-jackal is not publicly writable.", - "metadata": { - "event_code": "s3_bucket_public_write_acl", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 Bucket s3-bucket-sure-jackal is not publicly writable.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "PS-03.02B" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "PCI-4.0": [ - "1.2.8.35", - "1.3.1.39", - "1.3.2.39", - "1.4.2.37", - "1.5.1.35", - "10.3.2.24", - "3.5.1.3.29", - "A1.1.2.20", - "A1.1.3.35", - "A3.4.1.22" - ], - "PCI-3.2.1": [ - "1.2", - "1.2.1", - "1.2.1.a", - "1.2.1.b", - "1.2.1.c", - "1.3", - "1.3.1", - "1.3.2", - "1.3.4", - "1.3.6", - "7.2", - "7.2.1" - ], - "CCC": [ - "CCC.AuditLog.CN10.AR01", - "CCC.AuditLog.CN10.AR02", - "CCC.Logging.CN05.AR01", - "CCC.Logging.CN05.AR02", - "CCC.ObjStor.CN02.AR01", - "CCC.ObjStor.CN02.AR02", - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR05" - ], - "ProwlerThreatScore-1.0": [ - "2.2.17" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.3" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure there are no S3 buckets writable by Everyone or Any AWS customer.", - "title": "Ensure there are no S3 buckets writable by Everyone or Any AWS customer.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_public_write_acl-211203495394-eu-west-1-s3-bucket-sure-jackal" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::s3-bucket-sure-jackal", - "name": "s3-bucket-sure-jackal", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": true, - "logging": true, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": null, - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "denyOutdatedTLS", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:*", - "Resource": [ - "arn:aws:s3:::s3-bucket-sure-jackal/*", - "arn:aws:s3:::s3-bucket-sure-jackal" - ], - "Condition": { - "NumericLessThan": { - "s3:TlsVersion": "1.2" - } - } - }, - { - "Sid": "denyInsecureTransport", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:*", - "Resource": [ - "arn:aws:s3:::s3-bucket-sure-jackal/*", - "arn:aws:s3:::s3-bucket-sure-jackal" - ], - "Condition": { - "Bool": { - "aws:SecureTransport": "false" - } - } - }, - { - "Sid": "denyUnencryptedObjectUploads", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal/*", - "Condition": { - "Null": { - "s3:x-amz-server-side-encryption": "true" - } - } - }, - { - "Sid": "denySSECEncryptedObjectUploads", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal/*", - "Condition": { - "Null": { - "s3:x-amz-server-side-encryption-customer-algorithm": "false" - } - } - }, - { - "Sid": "denyIncorrectKmsKeySse", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal/*", - "Condition": { - "StringNotEquals": { - "s3:x-amz-server-side-encryption-aws-kms-key-id": "arn:aws:kms:eu-west-1:211203495394:key/34307c6a-e2e3-4f56-8543-fa92dd73df4f" - } - } - }, - { - "Sid": "denyIncorrectEncryptionHeaders", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal/*", - "Condition": { - "StringNotEquals": { - "s3:x-amz-server-side-encryption": "aws:kms" - } - } - }, - { - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:role/terraform-20251019182000328500000001" - }, - "Action": "s3:ListBucket", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal" - } - ] - }, - "encryption": "aws:kms", - "region": "eu-west-1", - "logging_target_bucket": "logs-sure-jackal", - "ownership": "BucketOwnerPreferred", - "object_lock": true, - "mfa_delete": false, - "tags": [ - { - "Key": "Owner", - "Value": "Anton" - } - ], - "lifecycle": [ - { - "id": "log", - "status": "Enabled" - }, - { - "id": "log1", - "status": "Enabled" - }, - { - "id": "log2", - "status": "Enabled" - } - ], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [ - "Owner:Anton" - ], - "name": "s3-bucket-sure-jackal", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::s3-bucket-sure-jackal" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "You can enable block public access settings only for access points, buckets and AWS accounts. Amazon S3 does not support block public access settings on a per-object basis. When you apply block public access settings to an account, the settings apply to all AWS Regions globally. The settings might not take effect in all Regions immediately or simultaneously, but they eventually propagate to all Regions.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html" - ] - }, - "risk_details": "Even if you enable all possible bucket ACL options available in the Amazon S3 console the ACL alone does not allow everyone to download objects from your bucket. Depending on which option you select any user could perform some actions.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket simple-sure-jackal is not publicly writable.", - "metadata": { - "event_code": "s3_bucket_public_write_acl", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 Bucket simple-sure-jackal is not publicly writable.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "PS-03.02B" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "PCI-4.0": [ - "1.2.8.35", - "1.3.1.39", - "1.3.2.39", - "1.4.2.37", - "1.5.1.35", - "10.3.2.24", - "3.5.1.3.29", - "A1.1.2.20", - "A1.1.3.35", - "A3.4.1.22" - ], - "PCI-3.2.1": [ - "1.2", - "1.2.1", - "1.2.1.a", - "1.2.1.b", - "1.2.1.c", - "1.3", - "1.3.1", - "1.3.2", - "1.3.4", - "1.3.6", - "7.2", - "7.2.1" - ], - "CCC": [ - "CCC.AuditLog.CN10.AR01", - "CCC.AuditLog.CN10.AR02", - "CCC.Logging.CN05.AR01", - "CCC.Logging.CN05.AR02", - "CCC.ObjStor.CN02.AR01", - "CCC.ObjStor.CN02.AR02", - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR05" - ], - "ProwlerThreatScore-1.0": [ - "2.2.17" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.3" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure there are no S3 buckets writable by Everyone or Any AWS customer.", - "title": "Ensure there are no S3 buckets writable by Everyone or Any AWS customer.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_public_write_acl-211203495394-eu-west-1-simple-sure-jackal" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::simple-sure-jackal", - "name": "simple-sure-jackal", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "eu-west-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "simple-sure-jackal", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::simple-sure-jackal" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "You can enable block public access settings only for access points, buckets and AWS accounts. Amazon S3 does not support block public access settings on a per-object basis. When you apply block public access settings to an account, the settings apply to all AWS Regions globally. The settings might not take effect in all Regions immediately or simultaneously, but they eventually propagate to all Regions.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html" - ] - }, - "risk_details": "Even if you enable all possible bucket ACL options available in the Amazon S3 console the ACL alone does not allow everyone to download objects from your bucket. Depending on which option you select any user could perform some actions.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket test-bucket-obj-untrusted is not publicly writable.", - "metadata": { - "event_code": "s3_bucket_public_write_acl", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 Bucket test-bucket-obj-untrusted is not publicly writable.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "PS-03.02B" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "PCI-4.0": [ - "1.2.8.35", - "1.3.1.39", - "1.3.2.39", - "1.4.2.37", - "1.5.1.35", - "10.3.2.24", - "3.5.1.3.29", - "A1.1.2.20", - "A1.1.3.35", - "A3.4.1.22" - ], - "PCI-3.2.1": [ - "1.2", - "1.2.1", - "1.2.1.a", - "1.2.1.b", - "1.2.1.c", - "1.3", - "1.3.1", - "1.3.2", - "1.3.4", - "1.3.6", - "7.2", - "7.2.1" - ], - "CCC": [ - "CCC.AuditLog.CN10.AR01", - "CCC.AuditLog.CN10.AR02", - "CCC.Logging.CN05.AR01", - "CCC.Logging.CN05.AR02", - "CCC.ObjStor.CN02.AR01", - "CCC.ObjStor.CN02.AR02", - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR05" - ], - "ProwlerThreatScore-1.0": [ - "2.2.17" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.3" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure there are no S3 buckets writable by Everyone or Any AWS customer.", - "title": "Ensure there are no S3 buckets writable by Everyone or Any AWS customer.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_public_write_acl-211203495394-us-east-1-test-bucket-obj-untrusted" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::test-bucket-obj-untrusted", - "name": "test-bucket-obj-untrusted", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "us-east-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "test-bucket-obj-untrusted", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::test-bucket-obj-untrusted" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "You can enable block public access settings only for access points, buckets and AWS accounts. Amazon S3 does not support block public access settings on a per-object basis. When you apply block public access settings to an account, the settings apply to all AWS Regions globally. The settings might not take effect in all Regions immediately or simultaneously, but they eventually propagate to all Regions.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html" - ] - }, - "risk_details": "Even if you enable all possible bucket ACL options available in the Amazon S3 console the ACL alone does not allow everyone to download objects from your bucket. Depending on which option you select any user could perform some actions.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket test-bucket-untrusted-kms is not publicly writable.", - "metadata": { - "event_code": "s3_bucket_public_write_acl", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 Bucket test-bucket-untrusted-kms is not publicly writable.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "PS-03.02B" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "PCI-4.0": [ - "1.2.8.35", - "1.3.1.39", - "1.3.2.39", - "1.4.2.37", - "1.5.1.35", - "10.3.2.24", - "3.5.1.3.29", - "A1.1.2.20", - "A1.1.3.35", - "A3.4.1.22" - ], - "PCI-3.2.1": [ - "1.2", - "1.2.1", - "1.2.1.a", - "1.2.1.b", - "1.2.1.c", - "1.3", - "1.3.1", - "1.3.2", - "1.3.4", - "1.3.6", - "7.2", - "7.2.1" - ], - "CCC": [ - "CCC.AuditLog.CN10.AR01", - "CCC.AuditLog.CN10.AR02", - "CCC.Logging.CN05.AR01", - "CCC.Logging.CN05.AR02", - "CCC.ObjStor.CN02.AR01", - "CCC.ObjStor.CN02.AR02", - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR05" - ], - "ProwlerThreatScore-1.0": [ - "2.2.17" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.3" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure there are no S3 buckets writable by Everyone or Any AWS customer.", - "title": "Ensure there are no S3 buckets writable by Everyone or Any AWS customer.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_public_write_acl-211203495394-us-east-1-test-bucket-untrusted-kms" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::test-bucket-untrusted-kms", - "name": "test-bucket-untrusted-kms", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "us-east-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "test-bucket-untrusted-kms", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::test-bucket-untrusted-kms" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "You can enable block public access settings only for access points, buckets and AWS accounts. Amazon S3 does not support block public access settings on a per-object basis. When you apply block public access settings to an account, the settings apply to all AWS Regions globally. The settings might not take effect in all Regions immediately or simultaneously, but they eventually propagate to all Regions.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html" - ] - }, - "risk_details": "Even if you enable all possible bucket ACL options available in the Amazon S3 console the ACL alone does not allow everyone to download objects from your bucket. Depending on which option you select any user could perform some actions.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket cloudfront-logs-sure-jackal does not have a bucket policy, thus it allows HTTP requests.", - "metadata": { - "event_code": "s3_bucket_secure_transport_policy", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "S3 Bucket cloudfront-logs-sure-jackal does not have a bucket policy, thus it allows HTTP requests.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_13", - "3_5_10", - "3_13_1", - "3_13_5", - "3_13_8", - "3_13_11", - "3_13_16" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_1_3" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_312_a_2_iv", - "164_312_c_1", - "164_312_c_2", - "164_312_e_1", - "164_312_e_2_i", - "164_312_e_2_ii" - ], - "NIST-CSF-1.1": [ - "ds_2" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-17-2", - "sc-7", - "sc-8-1", - "sc-8", - "sc-23" - ], - "CIS-3.0": [ - "2.1.1" - ], - "NIST-800-53-Revision-5": [ - "ac_4", - "ac_4_22", - "ac_17_2", - "ac_24_1", - "au_9_3", - "ca_9_b", - "cm_6_a", - "cm_9_b", - "ia_5_1_c", - "pm_11_b", - "pm_17_b", - "sc_7_4_b", - "sc_7_4_g", - "sc_7_5", - "sc_8", - "sc_8_1", - "sc_8_2", - "sc_8_3", - "sc_8_4", - "sc_8_5", - "sc_13_a", - "sc_16_1", - "sc_23", - "si_1_a_2" - ], - "ENS-RD2022": [ - "mp.com.1.aws.s3.1", - "mp.com.3.aws.s3.1" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.1", - "2.10.2" - ], - "CIS-4.0.1": [ - "2.1.1" - ], - "PCI-4.0": [ - "1.2.5.15", - "2.2.5.15", - "2.2.7.19", - "4.2.1.1.27", - "4.2.1.19", - "8.3.2.49" - ], - "FedRAMP-Low-Revision-4": [ - "ac-17", - "sc-7" - ], - "FFIEC": [ - "d3-pc-am-b-12", - "d3-pc-am-b-13", - "d3-pc-am-b-15" - ], - "GDPR": [ - "article_32" - ], - "CIS-5.0": [ - "2.1.1" - ], - "CIS-1.4": [ - "2.1.2" - ], - "CCC": [ - "CCC.Core.CN01.AR01", - "CCC.Core.CN01.AR03", - "CCC.Core.CN01.AR07", - "CCC.Core.CN01.AR08" - ], - "GxP-21-CFR-Part-11": [ - "11.10-c", - "11.30" - ], - "ProwlerThreatScore-1.0": [ - "4.1.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.5" - ], - "CIS-1.5": [ - "2.1.2" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC09-BP02" - ], - "NIST-800-53-Revision-4": [ - "ac_17_2", - "sc_7", - "sc_8_1", - "sc_8" - ], - "KISA-ISMS-P-2023": [ - "2.7.1", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1040" - ], - "CIS-2.0": [ - "2.1.1" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Check if S3 buckets have secure transport policy.", - "title": "Check if S3 buckets have secure transport policy.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_secure_transport_policy-211203495394-eu-west-1-cloudfront-logs-sure-jackal" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::cloudfront-logs-sure-jackal", - "name": "cloudfront-logs-sure-jackal", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "awslogsdelivery+s3_us-east-1", - "ID": "c4c1ede66af53448b93c283ce9448c4ba468c9432aa01d700d3878632f77d2d0", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - }, - { - "display_name": null, - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "eu-west-1", - "logging_target_bucket": null, - "ownership": "ObjectWriter", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "cloudfront-logs-sure-jackal", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::cloudfront-logs-sure-jackal" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Ensure that S3 buckets have encryption in transit enabled.", - "references": [ - "https://aws.amazon.com/premiumsupport/knowledge-center/s3-bucket-policy-for-config-rule/" - ] - }, - "risk_details": "If HTTPS is not enforced on the bucket policy, communication between clients and S3 buckets can use unencrypted HTTP. As a result, sensitive information could be transmitted in clear text over the network or internet.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket logs-sure-jackal has a bucket policy to deny requests over insecure transport.", - "metadata": { - "event_code": "s3_bucket_secure_transport_policy", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 Bucket logs-sure-jackal has a bucket policy to deny requests over insecure transport.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_13", - "3_5_10", - "3_13_1", - "3_13_5", - "3_13_8", - "3_13_11", - "3_13_16" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_1_3" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_312_a_2_iv", - "164_312_c_1", - "164_312_c_2", - "164_312_e_1", - "164_312_e_2_i", - "164_312_e_2_ii" - ], - "NIST-CSF-1.1": [ - "ds_2" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-17-2", - "sc-7", - "sc-8-1", - "sc-8", - "sc-23" - ], - "CIS-3.0": [ - "2.1.1" - ], - "NIST-800-53-Revision-5": [ - "ac_4", - "ac_4_22", - "ac_17_2", - "ac_24_1", - "au_9_3", - "ca_9_b", - "cm_6_a", - "cm_9_b", - "ia_5_1_c", - "pm_11_b", - "pm_17_b", - "sc_7_4_b", - "sc_7_4_g", - "sc_7_5", - "sc_8", - "sc_8_1", - "sc_8_2", - "sc_8_3", - "sc_8_4", - "sc_8_5", - "sc_13_a", - "sc_16_1", - "sc_23", - "si_1_a_2" - ], - "ENS-RD2022": [ - "mp.com.1.aws.s3.1", - "mp.com.3.aws.s3.1" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.1", - "2.10.2" - ], - "CIS-4.0.1": [ - "2.1.1" - ], - "PCI-4.0": [ - "1.2.5.15", - "2.2.5.15", - "2.2.7.19", - "4.2.1.1.27", - "4.2.1.19", - "8.3.2.49" - ], - "FedRAMP-Low-Revision-4": [ - "ac-17", - "sc-7" - ], - "FFIEC": [ - "d3-pc-am-b-12", - "d3-pc-am-b-13", - "d3-pc-am-b-15" - ], - "GDPR": [ - "article_32" - ], - "CIS-5.0": [ - "2.1.1" - ], - "CIS-1.4": [ - "2.1.2" - ], - "CCC": [ - "CCC.Core.CN01.AR01", - "CCC.Core.CN01.AR03", - "CCC.Core.CN01.AR07", - "CCC.Core.CN01.AR08" - ], - "GxP-21-CFR-Part-11": [ - "11.10-c", - "11.30" - ], - "ProwlerThreatScore-1.0": [ - "4.1.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.5" - ], - "CIS-1.5": [ - "2.1.2" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC09-BP02" - ], - "NIST-800-53-Revision-4": [ - "ac_17_2", - "sc_7", - "sc_8_1", - "sc_8" - ], - "KISA-ISMS-P-2023": [ - "2.7.1", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1040" - ], - "CIS-2.0": [ - "2.1.1" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Check if S3 buckets have secure transport policy.", - "title": "Check if S3 buckets have secure transport policy.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_secure_transport_policy-211203495394-eu-west-1-logs-sure-jackal" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::logs-sure-jackal", - "name": "logs-sure-jackal", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "ELBRegionEu-West-1", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::156460612806:root" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/*" - }, - { - "Effect": "Allow", - "Principal": { - "Service": "logdelivery.elasticloadbalancing.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/*" - }, - { - "Sid": "AlbNlbLogDeliveryWrite", - "Effect": "Allow", - "Principal": { - "Service": "delivery.logs.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/*", - "Condition": { - "StringEquals": { - "s3:x-amz-acl": "bucket-owner-full-control", - "aws:ResourceOrgID": "o-123456" - } - } - }, - { - "Sid": "AlbNlbLogDeliveryAclCheck", - "Effect": "Allow", - "Principal": { - "Service": "delivery.logs.amazonaws.com" - }, - "Action": [ - "s3:ListBucket", - "s3:GetBucketAcl" - ], - "Resource": "arn:aws:s3:::logs-sure-jackal", - "Condition": { - "StringEquals": { - "aws:ResourceOrgID": "o-123456" - } - } - }, - { - "Sid": "AWSAccessLogDeliveryWrite", - "Effect": "Allow", - "Principal": { - "Service": "logging.s3.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/*", - "Condition": { - "StringEquals": { - "aws:ResourceOrgID": "o-123456" - }, - "ForAnyValue:StringEquals": { - "aws:SourceAccount": "211203495394" - }, - "ForAnyValue:ArnLike": { - "aws:SourceArn": "arn:aws:s3:::s3-bucket-sure-jackal" - } - } - }, - { - "Sid": "AWSAccessLogDeliveryAclCheck", - "Effect": "Allow", - "Principal": { - "Service": "logging.s3.amazonaws.com" - }, - "Action": "s3:GetBucketAcl", - "Resource": "arn:aws:s3:::logs-sure-jackal", - "Condition": { - "StringEquals": { - "aws:ResourceOrgID": "o-123456" - } - } - }, - { - "Sid": "AWSCloudTrailAclCheck", - "Effect": "Allow", - "Principal": { - "Service": "cloudtrail.amazonaws.com" - }, - "Action": "s3:GetBucketAcl", - "Resource": "arn:aws:s3:::logs-sure-jackal" - }, - { - "Sid": "AWSCloudTrailWrite", - "Effect": "Allow", - "Principal": { - "Service": "cloudtrail.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/AWSLogs/*", - "Condition": { - "StringEquals": { - "s3:x-amz-acl": "bucket-owner-full-control" - } - } - }, - { - "Sid": "denyOutdatedTLS", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:*", - "Resource": [ - "arn:aws:s3:::logs-sure-jackal/*", - "arn:aws:s3:::logs-sure-jackal" - ], - "Condition": { - "NumericLessThan": { - "s3:TlsVersion": "1.2" - } - } - }, - { - "Sid": "denyInsecureTransport", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:*", - "Resource": [ - "arn:aws:s3:::logs-sure-jackal/*", - "arn:aws:s3:::logs-sure-jackal" - ], - "Condition": { - "Bool": { - "aws:SecureTransport": "false" - } - } - }, - { - "Sid": "WafLogDeliveryWrite", - "Effect": "Allow", - "Principal": { - "Service": "delivery.logs.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/AWSLogs/211203495394/*", - "Condition": { - "StringEquals": { - "aws:SourceAccount": "211203495394", - "s3:x-amz-acl": "bucket-owner-full-control" - }, - "ArnLike": { - "aws:SourceArn": "arn:aws:logs:eu-west-1:211203495394:*" - } - } - }, - { - "Sid": "WafLogDeliveryAclCheck", - "Effect": "Allow", - "Principal": { - "Service": "delivery.logs.amazonaws.com" - }, - "Action": "s3:GetBucketAcl", - "Resource": "arn:aws:s3:::logs-sure-jackal", - "Condition": { - "StringEquals": { - "aws:SourceAccount": "211203495394" - }, - "ArnLike": { - "aws:SourceArn": "arn:aws:logs:eu-west-1:211203495394:*" - } - } - } - ] - }, - "encryption": "AES256", - "region": "eu-west-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "logs-sure-jackal", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::logs-sure-jackal" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Ensure that S3 buckets have encryption in transit enabled.", - "references": [ - "https://aws.amazon.com/premiumsupport/knowledge-center/s3-bucket-policy-for-config-rule/" - ] - }, - "risk_details": "If HTTPS is not enforced on the bucket policy, communication between clients and S3 buckets can use unencrypted HTTP. As a result, sensitive information could be transmitted in clear text over the network or internet.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket s3-bucket-sure-jackal has a bucket policy to deny requests over insecure transport.", - "metadata": { - "event_code": "s3_bucket_secure_transport_policy", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 Bucket s3-bucket-sure-jackal has a bucket policy to deny requests over insecure transport.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_13", - "3_5_10", - "3_13_1", - "3_13_5", - "3_13_8", - "3_13_11", - "3_13_16" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_1_3" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_312_a_2_iv", - "164_312_c_1", - "164_312_c_2", - "164_312_e_1", - "164_312_e_2_i", - "164_312_e_2_ii" - ], - "NIST-CSF-1.1": [ - "ds_2" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-17-2", - "sc-7", - "sc-8-1", - "sc-8", - "sc-23" - ], - "CIS-3.0": [ - "2.1.1" - ], - "NIST-800-53-Revision-5": [ - "ac_4", - "ac_4_22", - "ac_17_2", - "ac_24_1", - "au_9_3", - "ca_9_b", - "cm_6_a", - "cm_9_b", - "ia_5_1_c", - "pm_11_b", - "pm_17_b", - "sc_7_4_b", - "sc_7_4_g", - "sc_7_5", - "sc_8", - "sc_8_1", - "sc_8_2", - "sc_8_3", - "sc_8_4", - "sc_8_5", - "sc_13_a", - "sc_16_1", - "sc_23", - "si_1_a_2" - ], - "ENS-RD2022": [ - "mp.com.1.aws.s3.1", - "mp.com.3.aws.s3.1" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.1", - "2.10.2" - ], - "CIS-4.0.1": [ - "2.1.1" - ], - "PCI-4.0": [ - "1.2.5.15", - "2.2.5.15", - "2.2.7.19", - "4.2.1.1.27", - "4.2.1.19", - "8.3.2.49" - ], - "FedRAMP-Low-Revision-4": [ - "ac-17", - "sc-7" - ], - "FFIEC": [ - "d3-pc-am-b-12", - "d3-pc-am-b-13", - "d3-pc-am-b-15" - ], - "GDPR": [ - "article_32" - ], - "CIS-5.0": [ - "2.1.1" - ], - "CIS-1.4": [ - "2.1.2" - ], - "CCC": [ - "CCC.Core.CN01.AR01", - "CCC.Core.CN01.AR03", - "CCC.Core.CN01.AR07", - "CCC.Core.CN01.AR08" - ], - "GxP-21-CFR-Part-11": [ - "11.10-c", - "11.30" - ], - "ProwlerThreatScore-1.0": [ - "4.1.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.5" - ], - "CIS-1.5": [ - "2.1.2" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC09-BP02" - ], - "NIST-800-53-Revision-4": [ - "ac_17_2", - "sc_7", - "sc_8_1", - "sc_8" - ], - "KISA-ISMS-P-2023": [ - "2.7.1", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1040" - ], - "CIS-2.0": [ - "2.1.1" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Check if S3 buckets have secure transport policy.", - "title": "Check if S3 buckets have secure transport policy.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_secure_transport_policy-211203495394-eu-west-1-s3-bucket-sure-jackal" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::s3-bucket-sure-jackal", - "name": "s3-bucket-sure-jackal", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": true, - "logging": true, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": null, - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "denyOutdatedTLS", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:*", - "Resource": [ - "arn:aws:s3:::s3-bucket-sure-jackal/*", - "arn:aws:s3:::s3-bucket-sure-jackal" - ], - "Condition": { - "NumericLessThan": { - "s3:TlsVersion": "1.2" - } - } - }, - { - "Sid": "denyInsecureTransport", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:*", - "Resource": [ - "arn:aws:s3:::s3-bucket-sure-jackal/*", - "arn:aws:s3:::s3-bucket-sure-jackal" - ], - "Condition": { - "Bool": { - "aws:SecureTransport": "false" - } - } - }, - { - "Sid": "denyUnencryptedObjectUploads", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal/*", - "Condition": { - "Null": { - "s3:x-amz-server-side-encryption": "true" - } - } - }, - { - "Sid": "denySSECEncryptedObjectUploads", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal/*", - "Condition": { - "Null": { - "s3:x-amz-server-side-encryption-customer-algorithm": "false" - } - } - }, - { - "Sid": "denyIncorrectKmsKeySse", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal/*", - "Condition": { - "StringNotEquals": { - "s3:x-amz-server-side-encryption-aws-kms-key-id": "arn:aws:kms:eu-west-1:211203495394:key/34307c6a-e2e3-4f56-8543-fa92dd73df4f" - } - } - }, - { - "Sid": "denyIncorrectEncryptionHeaders", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal/*", - "Condition": { - "StringNotEquals": { - "s3:x-amz-server-side-encryption": "aws:kms" - } - } - }, - { - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:role/terraform-20251019182000328500000001" - }, - "Action": "s3:ListBucket", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal" - } - ] - }, - "encryption": "aws:kms", - "region": "eu-west-1", - "logging_target_bucket": "logs-sure-jackal", - "ownership": "BucketOwnerPreferred", - "object_lock": true, - "mfa_delete": false, - "tags": [ - { - "Key": "Owner", - "Value": "Anton" - } - ], - "lifecycle": [ - { - "id": "log", - "status": "Enabled" - }, - { - "id": "log1", - "status": "Enabled" - }, - { - "id": "log2", - "status": "Enabled" - } - ], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [ - "Owner:Anton" - ], - "name": "s3-bucket-sure-jackal", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::s3-bucket-sure-jackal" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Ensure that S3 buckets have encryption in transit enabled.", - "references": [ - "https://aws.amazon.com/premiumsupport/knowledge-center/s3-bucket-policy-for-config-rule/" - ] - }, - "risk_details": "If HTTPS is not enforced on the bucket policy, communication between clients and S3 buckets can use unencrypted HTTP. As a result, sensitive information could be transmitted in clear text over the network or internet.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket simple-sure-jackal does not have a bucket policy, thus it allows HTTP requests.", - "metadata": { - "event_code": "s3_bucket_secure_transport_policy", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "S3 Bucket simple-sure-jackal does not have a bucket policy, thus it allows HTTP requests.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_13", - "3_5_10", - "3_13_1", - "3_13_5", - "3_13_8", - "3_13_11", - "3_13_16" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_1_3" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_312_a_2_iv", - "164_312_c_1", - "164_312_c_2", - "164_312_e_1", - "164_312_e_2_i", - "164_312_e_2_ii" - ], - "NIST-CSF-1.1": [ - "ds_2" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-17-2", - "sc-7", - "sc-8-1", - "sc-8", - "sc-23" - ], - "CIS-3.0": [ - "2.1.1" - ], - "NIST-800-53-Revision-5": [ - "ac_4", - "ac_4_22", - "ac_17_2", - "ac_24_1", - "au_9_3", - "ca_9_b", - "cm_6_a", - "cm_9_b", - "ia_5_1_c", - "pm_11_b", - "pm_17_b", - "sc_7_4_b", - "sc_7_4_g", - "sc_7_5", - "sc_8", - "sc_8_1", - "sc_8_2", - "sc_8_3", - "sc_8_4", - "sc_8_5", - "sc_13_a", - "sc_16_1", - "sc_23", - "si_1_a_2" - ], - "ENS-RD2022": [ - "mp.com.1.aws.s3.1", - "mp.com.3.aws.s3.1" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.1", - "2.10.2" - ], - "CIS-4.0.1": [ - "2.1.1" - ], - "PCI-4.0": [ - "1.2.5.15", - "2.2.5.15", - "2.2.7.19", - "4.2.1.1.27", - "4.2.1.19", - "8.3.2.49" - ], - "FedRAMP-Low-Revision-4": [ - "ac-17", - "sc-7" - ], - "FFIEC": [ - "d3-pc-am-b-12", - "d3-pc-am-b-13", - "d3-pc-am-b-15" - ], - "GDPR": [ - "article_32" - ], - "CIS-5.0": [ - "2.1.1" - ], - "CIS-1.4": [ - "2.1.2" - ], - "CCC": [ - "CCC.Core.CN01.AR01", - "CCC.Core.CN01.AR03", - "CCC.Core.CN01.AR07", - "CCC.Core.CN01.AR08" - ], - "GxP-21-CFR-Part-11": [ - "11.10-c", - "11.30" - ], - "ProwlerThreatScore-1.0": [ - "4.1.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.5" - ], - "CIS-1.5": [ - "2.1.2" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC09-BP02" - ], - "NIST-800-53-Revision-4": [ - "ac_17_2", - "sc_7", - "sc_8_1", - "sc_8" - ], - "KISA-ISMS-P-2023": [ - "2.7.1", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1040" - ], - "CIS-2.0": [ - "2.1.1" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Check if S3 buckets have secure transport policy.", - "title": "Check if S3 buckets have secure transport policy.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_secure_transport_policy-211203495394-eu-west-1-simple-sure-jackal" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::simple-sure-jackal", - "name": "simple-sure-jackal", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "eu-west-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "simple-sure-jackal", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::simple-sure-jackal" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Ensure that S3 buckets have encryption in transit enabled.", - "references": [ - "https://aws.amazon.com/premiumsupport/knowledge-center/s3-bucket-policy-for-config-rule/" - ] - }, - "risk_details": "If HTTPS is not enforced on the bucket policy, communication between clients and S3 buckets can use unencrypted HTTP. As a result, sensitive information could be transmitted in clear text over the network or internet.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket test-bucket-obj-untrusted does not have a bucket policy, thus it allows HTTP requests.", - "metadata": { - "event_code": "s3_bucket_secure_transport_policy", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "S3 Bucket test-bucket-obj-untrusted does not have a bucket policy, thus it allows HTTP requests.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_13", - "3_5_10", - "3_13_1", - "3_13_5", - "3_13_8", - "3_13_11", - "3_13_16" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_1_3" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_312_a_2_iv", - "164_312_c_1", - "164_312_c_2", - "164_312_e_1", - "164_312_e_2_i", - "164_312_e_2_ii" - ], - "NIST-CSF-1.1": [ - "ds_2" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-17-2", - "sc-7", - "sc-8-1", - "sc-8", - "sc-23" - ], - "CIS-3.0": [ - "2.1.1" - ], - "NIST-800-53-Revision-5": [ - "ac_4", - "ac_4_22", - "ac_17_2", - "ac_24_1", - "au_9_3", - "ca_9_b", - "cm_6_a", - "cm_9_b", - "ia_5_1_c", - "pm_11_b", - "pm_17_b", - "sc_7_4_b", - "sc_7_4_g", - "sc_7_5", - "sc_8", - "sc_8_1", - "sc_8_2", - "sc_8_3", - "sc_8_4", - "sc_8_5", - "sc_13_a", - "sc_16_1", - "sc_23", - "si_1_a_2" - ], - "ENS-RD2022": [ - "mp.com.1.aws.s3.1", - "mp.com.3.aws.s3.1" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.1", - "2.10.2" - ], - "CIS-4.0.1": [ - "2.1.1" - ], - "PCI-4.0": [ - "1.2.5.15", - "2.2.5.15", - "2.2.7.19", - "4.2.1.1.27", - "4.2.1.19", - "8.3.2.49" - ], - "FedRAMP-Low-Revision-4": [ - "ac-17", - "sc-7" - ], - "FFIEC": [ - "d3-pc-am-b-12", - "d3-pc-am-b-13", - "d3-pc-am-b-15" - ], - "GDPR": [ - "article_32" - ], - "CIS-5.0": [ - "2.1.1" - ], - "CIS-1.4": [ - "2.1.2" - ], - "CCC": [ - "CCC.Core.CN01.AR01", - "CCC.Core.CN01.AR03", - "CCC.Core.CN01.AR07", - "CCC.Core.CN01.AR08" - ], - "GxP-21-CFR-Part-11": [ - "11.10-c", - "11.30" - ], - "ProwlerThreatScore-1.0": [ - "4.1.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.5" - ], - "CIS-1.5": [ - "2.1.2" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC09-BP02" - ], - "NIST-800-53-Revision-4": [ - "ac_17_2", - "sc_7", - "sc_8_1", - "sc_8" - ], - "KISA-ISMS-P-2023": [ - "2.7.1", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1040" - ], - "CIS-2.0": [ - "2.1.1" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Check if S3 buckets have secure transport policy.", - "title": "Check if S3 buckets have secure transport policy.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_secure_transport_policy-211203495394-us-east-1-test-bucket-obj-untrusted" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::test-bucket-obj-untrusted", - "name": "test-bucket-obj-untrusted", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "us-east-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "test-bucket-obj-untrusted", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::test-bucket-obj-untrusted" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Ensure that S3 buckets have encryption in transit enabled.", - "references": [ - "https://aws.amazon.com/premiumsupport/knowledge-center/s3-bucket-policy-for-config-rule/" - ] - }, - "risk_details": "If HTTPS is not enforced on the bucket policy, communication between clients and S3 buckets can use unencrypted HTTP. As a result, sensitive information could be transmitted in clear text over the network or internet.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket test-bucket-untrusted-kms does not have a bucket policy, thus it allows HTTP requests.", - "metadata": { - "event_code": "s3_bucket_secure_transport_policy", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "S3 Bucket test-bucket-untrusted-kms does not have a bucket policy, thus it allows HTTP requests.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_13", - "3_5_10", - "3_13_1", - "3_13_5", - "3_13_8", - "3_13_11", - "3_13_16" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_1_3" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_312_a_2_iv", - "164_312_c_1", - "164_312_c_2", - "164_312_e_1", - "164_312_e_2_i", - "164_312_e_2_ii" - ], - "NIST-CSF-1.1": [ - "ds_2" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-17-2", - "sc-7", - "sc-8-1", - "sc-8", - "sc-23" - ], - "CIS-3.0": [ - "2.1.1" - ], - "NIST-800-53-Revision-5": [ - "ac_4", - "ac_4_22", - "ac_17_2", - "ac_24_1", - "au_9_3", - "ca_9_b", - "cm_6_a", - "cm_9_b", - "ia_5_1_c", - "pm_11_b", - "pm_17_b", - "sc_7_4_b", - "sc_7_4_g", - "sc_7_5", - "sc_8", - "sc_8_1", - "sc_8_2", - "sc_8_3", - "sc_8_4", - "sc_8_5", - "sc_13_a", - "sc_16_1", - "sc_23", - "si_1_a_2" - ], - "ENS-RD2022": [ - "mp.com.1.aws.s3.1", - "mp.com.3.aws.s3.1" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.1", - "2.10.2" - ], - "CIS-4.0.1": [ - "2.1.1" - ], - "PCI-4.0": [ - "1.2.5.15", - "2.2.5.15", - "2.2.7.19", - "4.2.1.1.27", - "4.2.1.19", - "8.3.2.49" - ], - "FedRAMP-Low-Revision-4": [ - "ac-17", - "sc-7" - ], - "FFIEC": [ - "d3-pc-am-b-12", - "d3-pc-am-b-13", - "d3-pc-am-b-15" - ], - "GDPR": [ - "article_32" - ], - "CIS-5.0": [ - "2.1.1" - ], - "CIS-1.4": [ - "2.1.2" - ], - "CCC": [ - "CCC.Core.CN01.AR01", - "CCC.Core.CN01.AR03", - "CCC.Core.CN01.AR07", - "CCC.Core.CN01.AR08" - ], - "GxP-21-CFR-Part-11": [ - "11.10-c", - "11.30" - ], - "ProwlerThreatScore-1.0": [ - "4.1.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.5" - ], - "CIS-1.5": [ - "2.1.2" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC09-BP02" - ], - "NIST-800-53-Revision-4": [ - "ac_17_2", - "sc_7", - "sc_8_1", - "sc_8" - ], - "KISA-ISMS-P-2023": [ - "2.7.1", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1040" - ], - "CIS-2.0": [ - "2.1.1" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Check if S3 buckets have secure transport policy.", - "title": "Check if S3 buckets have secure transport policy.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_secure_transport_policy-211203495394-us-east-1-test-bucket-untrusted-kms" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::test-bucket-untrusted-kms", - "name": "test-bucket-untrusted-kms", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "us-east-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "test-bucket-untrusted-kms", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::test-bucket-untrusted-kms" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Ensure that S3 buckets have encryption in transit enabled.", - "references": [ - "https://aws.amazon.com/premiumsupport/knowledge-center/s3-bucket-policy-for-config-rule/" - ] - }, - "risk_details": "If HTTPS is not enforced on the bucket policy, communication between clients and S3 buckets can use unencrypted HTTP. As a result, sensitive information could be transmitted in clear text over the network or internet.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket cloudfront-logs-sure-jackal has server access logging disabled.", - "metadata": { - "event_code": "s3_bucket_server_access_logging_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "S3 Bucket cloudfront-logs-sure-jackal has server access logging disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_12", - "3_3_1", - "3_3_2", - "3_3_3", - "3_6_1", - "3_6_2", - "3_13_1", - "3_14_6", - "3_14_7" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_4" - ], - "HIPAA": [ - "164_308_a_1_ii_d", - "164_308_a_3_ii_a", - "164_308_a_6_ii", - "164_312_b", - "164_312_e_2_i" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "C5-2025": [ - "AM-01.01AC", - "OPS-11.02AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "IAM-06.04B", - "IAM-07.04B", - "IAM-10.01B", - "SSO-05.01AC", - "PSS-04.05B" - ], - "NIST-CSF-1.1": [ - "ae_1", - "ae_3", - "ae_4", - "cm_1", - "cm_3", - "cm_6", - "cm_7", - "am_3", - "ac_6", - "ds_5", - "pt_1" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-4", - "ac-2-g", - "au-2-a-d", - "au-3", - "au-6-1-3", - "au-12-a-c" - ], - "NIST-800-53-Revision-5": [ - "ac_2_4", - "ac_3_1", - "ac_3_10", - "ac_4_26", - "ac_6_9", - "au_2_b", - "au_3_a", - "au_3_b", - "au_3_c", - "au_3_d", - "au_3_e", - "au_3_f", - "au_6_3", - "au_6_4", - "au_6_6", - "au_6_9", - "au_8_b", - "au_10", - "au_12_a", - "au_12_c", - "au_12_1", - "au_12_2", - "au_12_3", - "au_12_4", - "au_14_a", - "au_14_b", - "au_14_3", - "ca_7_b", - "cm_5_1_b", - "cm_6_a", - "cm_9_b", - "ia_3_3_b", - "ma_4_1_a", - "pm_14_a_1", - "pm_14_b", - "pm_31", - "sc_7_9_b", - "si_1_1_c", - "si_3_8_b", - "si_4_2", - "si_4_17", - "si_4_20", - "si_7_8", - "si_10_1_c" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.2" - ], - "PCI-4.0": [ - "10.2.1.1.30", - "10.2.1.2.27", - "10.2.1.3.27", - "10.2.1.4.27", - "10.2.1.5.27", - "10.2.1.6.27", - "10.2.1.7.27", - "10.2.1.27", - "10.2.2.27", - "10.3.1.27", - "10.6.3.34", - "5.3.4.32", - "A1.2.1.32" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "au-2" - ], - "FFIEC": [ - "d2-ma-ma-b-1", - "d2-ma-ma-b-2", - "d3-dc-an-b-3", - "d3-dc-an-b-4", - "d5-dr-de-b-3" - ], - "PCI-3.2.1": [ - "10.1", - "10.2", - "10.2.1", - "10.2.2", - "10.2.3", - "10.2.4", - "10.2.6", - "10.2.7", - "10.3", - "10.3.1", - "10.3.2", - "10.3.3", - "10.3.4", - "10.3.5", - "10.3.6", - "10.5", - "10.5.4" - ], - "CCC": [ - "CCC.AuditLog.CN04.AR01", - "CCC.ObjStor.CN06.AR01", - "CCC.Core.CN09.AR03" - ], - "GxP-21-CFR-Part-11": [ - "11.10-e", - "11.10-k" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.9" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP01" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "NIST-800-53-Revision-4": [ - "ac_2", - "au_2", - "au_3", - "au_12" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.2" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ], - "NIS2": [ - "1.1.1.h", - "3.2.3.c", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Check if S3 buckets have server access logging enabled", - "title": "Check if S3 buckets have server access logging enabled", - "types": [ - "Logging and Monitoring" - ], - "uid": "prowler-aws-s3_bucket_server_access_logging_enabled-211203495394-eu-west-1-cloudfront-logs-sure-jackal" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::cloudfront-logs-sure-jackal", - "name": "cloudfront-logs-sure-jackal", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "awslogsdelivery+s3_us-east-1", - "ID": "c4c1ede66af53448b93c283ce9448c4ba468c9432aa01d700d3878632f77d2d0", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - }, - { - "display_name": null, - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "eu-west-1", - "logging_target_bucket": null, - "ownership": "ObjectWriter", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "cloudfront-logs-sure-jackal", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::cloudfront-logs-sure-jackal" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Ensure that S3 buckets have Logging enabled. CloudTrail data events can be used in place of S3 bucket logging. If that is the case, this finding can be considered a false positive.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/dev/security-best-practices.html" - ] - }, - "risk_details": "Server access logs can assist you in security and access audits, help you learn about your customer base, and understand your Amazon S3 bill.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket logs-sure-jackal has server access logging disabled.", - "metadata": { - "event_code": "s3_bucket_server_access_logging_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "S3 Bucket logs-sure-jackal has server access logging disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_12", - "3_3_1", - "3_3_2", - "3_3_3", - "3_6_1", - "3_6_2", - "3_13_1", - "3_14_6", - "3_14_7" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_4" - ], - "HIPAA": [ - "164_308_a_1_ii_d", - "164_308_a_3_ii_a", - "164_308_a_6_ii", - "164_312_b", - "164_312_e_2_i" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "C5-2025": [ - "AM-01.01AC", - "OPS-11.02AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "IAM-06.04B", - "IAM-07.04B", - "IAM-10.01B", - "SSO-05.01AC", - "PSS-04.05B" - ], - "NIST-CSF-1.1": [ - "ae_1", - "ae_3", - "ae_4", - "cm_1", - "cm_3", - "cm_6", - "cm_7", - "am_3", - "ac_6", - "ds_5", - "pt_1" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-4", - "ac-2-g", - "au-2-a-d", - "au-3", - "au-6-1-3", - "au-12-a-c" - ], - "NIST-800-53-Revision-5": [ - "ac_2_4", - "ac_3_1", - "ac_3_10", - "ac_4_26", - "ac_6_9", - "au_2_b", - "au_3_a", - "au_3_b", - "au_3_c", - "au_3_d", - "au_3_e", - "au_3_f", - "au_6_3", - "au_6_4", - "au_6_6", - "au_6_9", - "au_8_b", - "au_10", - "au_12_a", - "au_12_c", - "au_12_1", - "au_12_2", - "au_12_3", - "au_12_4", - "au_14_a", - "au_14_b", - "au_14_3", - "ca_7_b", - "cm_5_1_b", - "cm_6_a", - "cm_9_b", - "ia_3_3_b", - "ma_4_1_a", - "pm_14_a_1", - "pm_14_b", - "pm_31", - "sc_7_9_b", - "si_1_1_c", - "si_3_8_b", - "si_4_2", - "si_4_17", - "si_4_20", - "si_7_8", - "si_10_1_c" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.2" - ], - "PCI-4.0": [ - "10.2.1.1.30", - "10.2.1.2.27", - "10.2.1.3.27", - "10.2.1.4.27", - "10.2.1.5.27", - "10.2.1.6.27", - "10.2.1.7.27", - "10.2.1.27", - "10.2.2.27", - "10.3.1.27", - "10.6.3.34", - "5.3.4.32", - "A1.2.1.32" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "au-2" - ], - "FFIEC": [ - "d2-ma-ma-b-1", - "d2-ma-ma-b-2", - "d3-dc-an-b-3", - "d3-dc-an-b-4", - "d5-dr-de-b-3" - ], - "PCI-3.2.1": [ - "10.1", - "10.2", - "10.2.1", - "10.2.2", - "10.2.3", - "10.2.4", - "10.2.6", - "10.2.7", - "10.3", - "10.3.1", - "10.3.2", - "10.3.3", - "10.3.4", - "10.3.5", - "10.3.6", - "10.5", - "10.5.4" - ], - "CCC": [ - "CCC.AuditLog.CN04.AR01", - "CCC.ObjStor.CN06.AR01", - "CCC.Core.CN09.AR03" - ], - "GxP-21-CFR-Part-11": [ - "11.10-e", - "11.10-k" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.9" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP01" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "NIST-800-53-Revision-4": [ - "ac_2", - "au_2", - "au_3", - "au_12" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.2" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ], - "NIS2": [ - "1.1.1.h", - "3.2.3.c", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Check if S3 buckets have server access logging enabled", - "title": "Check if S3 buckets have server access logging enabled", - "types": [ - "Logging and Monitoring" - ], - "uid": "prowler-aws-s3_bucket_server_access_logging_enabled-211203495394-eu-west-1-logs-sure-jackal" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::logs-sure-jackal", - "name": "logs-sure-jackal", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "ELBRegionEu-West-1", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::156460612806:root" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/*" - }, - { - "Effect": "Allow", - "Principal": { - "Service": "logdelivery.elasticloadbalancing.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/*" - }, - { - "Sid": "AlbNlbLogDeliveryWrite", - "Effect": "Allow", - "Principal": { - "Service": "delivery.logs.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/*", - "Condition": { - "StringEquals": { - "s3:x-amz-acl": "bucket-owner-full-control", - "aws:ResourceOrgID": "o-123456" - } - } - }, - { - "Sid": "AlbNlbLogDeliveryAclCheck", - "Effect": "Allow", - "Principal": { - "Service": "delivery.logs.amazonaws.com" - }, - "Action": [ - "s3:ListBucket", - "s3:GetBucketAcl" - ], - "Resource": "arn:aws:s3:::logs-sure-jackal", - "Condition": { - "StringEquals": { - "aws:ResourceOrgID": "o-123456" - } - } - }, - { - "Sid": "AWSAccessLogDeliveryWrite", - "Effect": "Allow", - "Principal": { - "Service": "logging.s3.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/*", - "Condition": { - "StringEquals": { - "aws:ResourceOrgID": "o-123456" - }, - "ForAnyValue:StringEquals": { - "aws:SourceAccount": "211203495394" - }, - "ForAnyValue:ArnLike": { - "aws:SourceArn": "arn:aws:s3:::s3-bucket-sure-jackal" - } - } - }, - { - "Sid": "AWSAccessLogDeliveryAclCheck", - "Effect": "Allow", - "Principal": { - "Service": "logging.s3.amazonaws.com" - }, - "Action": "s3:GetBucketAcl", - "Resource": "arn:aws:s3:::logs-sure-jackal", - "Condition": { - "StringEquals": { - "aws:ResourceOrgID": "o-123456" - } - } - }, - { - "Sid": "AWSCloudTrailAclCheck", - "Effect": "Allow", - "Principal": { - "Service": "cloudtrail.amazonaws.com" - }, - "Action": "s3:GetBucketAcl", - "Resource": "arn:aws:s3:::logs-sure-jackal" - }, - { - "Sid": "AWSCloudTrailWrite", - "Effect": "Allow", - "Principal": { - "Service": "cloudtrail.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/AWSLogs/*", - "Condition": { - "StringEquals": { - "s3:x-amz-acl": "bucket-owner-full-control" - } - } - }, - { - "Sid": "denyOutdatedTLS", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:*", - "Resource": [ - "arn:aws:s3:::logs-sure-jackal/*", - "arn:aws:s3:::logs-sure-jackal" - ], - "Condition": { - "NumericLessThan": { - "s3:TlsVersion": "1.2" - } - } - }, - { - "Sid": "denyInsecureTransport", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:*", - "Resource": [ - "arn:aws:s3:::logs-sure-jackal/*", - "arn:aws:s3:::logs-sure-jackal" - ], - "Condition": { - "Bool": { - "aws:SecureTransport": "false" - } - } - }, - { - "Sid": "WafLogDeliveryWrite", - "Effect": "Allow", - "Principal": { - "Service": "delivery.logs.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/AWSLogs/211203495394/*", - "Condition": { - "StringEquals": { - "aws:SourceAccount": "211203495394", - "s3:x-amz-acl": "bucket-owner-full-control" - }, - "ArnLike": { - "aws:SourceArn": "arn:aws:logs:eu-west-1:211203495394:*" - } - } - }, - { - "Sid": "WafLogDeliveryAclCheck", - "Effect": "Allow", - "Principal": { - "Service": "delivery.logs.amazonaws.com" - }, - "Action": "s3:GetBucketAcl", - "Resource": "arn:aws:s3:::logs-sure-jackal", - "Condition": { - "StringEquals": { - "aws:SourceAccount": "211203495394" - }, - "ArnLike": { - "aws:SourceArn": "arn:aws:logs:eu-west-1:211203495394:*" - } - } - } - ] - }, - "encryption": "AES256", - "region": "eu-west-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "logs-sure-jackal", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::logs-sure-jackal" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Ensure that S3 buckets have Logging enabled. CloudTrail data events can be used in place of S3 bucket logging. If that is the case, this finding can be considered a false positive.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/dev/security-best-practices.html" - ] - }, - "risk_details": "Server access logs can assist you in security and access audits, help you learn about your customer base, and understand your Amazon S3 bill.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket s3-bucket-sure-jackal has server access logging enabled.", - "metadata": { - "event_code": "s3_bucket_server_access_logging_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 Bucket s3-bucket-sure-jackal has server access logging enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_12", - "3_3_1", - "3_3_2", - "3_3_3", - "3_6_1", - "3_6_2", - "3_13_1", - "3_14_6", - "3_14_7" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_4" - ], - "HIPAA": [ - "164_308_a_1_ii_d", - "164_308_a_3_ii_a", - "164_308_a_6_ii", - "164_312_b", - "164_312_e_2_i" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "C5-2025": [ - "AM-01.01AC", - "OPS-11.02AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "IAM-06.04B", - "IAM-07.04B", - "IAM-10.01B", - "SSO-05.01AC", - "PSS-04.05B" - ], - "NIST-CSF-1.1": [ - "ae_1", - "ae_3", - "ae_4", - "cm_1", - "cm_3", - "cm_6", - "cm_7", - "am_3", - "ac_6", - "ds_5", - "pt_1" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-4", - "ac-2-g", - "au-2-a-d", - "au-3", - "au-6-1-3", - "au-12-a-c" - ], - "NIST-800-53-Revision-5": [ - "ac_2_4", - "ac_3_1", - "ac_3_10", - "ac_4_26", - "ac_6_9", - "au_2_b", - "au_3_a", - "au_3_b", - "au_3_c", - "au_3_d", - "au_3_e", - "au_3_f", - "au_6_3", - "au_6_4", - "au_6_6", - "au_6_9", - "au_8_b", - "au_10", - "au_12_a", - "au_12_c", - "au_12_1", - "au_12_2", - "au_12_3", - "au_12_4", - "au_14_a", - "au_14_b", - "au_14_3", - "ca_7_b", - "cm_5_1_b", - "cm_6_a", - "cm_9_b", - "ia_3_3_b", - "ma_4_1_a", - "pm_14_a_1", - "pm_14_b", - "pm_31", - "sc_7_9_b", - "si_1_1_c", - "si_3_8_b", - "si_4_2", - "si_4_17", - "si_4_20", - "si_7_8", - "si_10_1_c" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.2" - ], - "PCI-4.0": [ - "10.2.1.1.30", - "10.2.1.2.27", - "10.2.1.3.27", - "10.2.1.4.27", - "10.2.1.5.27", - "10.2.1.6.27", - "10.2.1.7.27", - "10.2.1.27", - "10.2.2.27", - "10.3.1.27", - "10.6.3.34", - "5.3.4.32", - "A1.2.1.32" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "au-2" - ], - "FFIEC": [ - "d2-ma-ma-b-1", - "d2-ma-ma-b-2", - "d3-dc-an-b-3", - "d3-dc-an-b-4", - "d5-dr-de-b-3" - ], - "PCI-3.2.1": [ - "10.1", - "10.2", - "10.2.1", - "10.2.2", - "10.2.3", - "10.2.4", - "10.2.6", - "10.2.7", - "10.3", - "10.3.1", - "10.3.2", - "10.3.3", - "10.3.4", - "10.3.5", - "10.3.6", - "10.5", - "10.5.4" - ], - "CCC": [ - "CCC.AuditLog.CN04.AR01", - "CCC.ObjStor.CN06.AR01", - "CCC.Core.CN09.AR03" - ], - "GxP-21-CFR-Part-11": [ - "11.10-e", - "11.10-k" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.9" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP01" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "NIST-800-53-Revision-4": [ - "ac_2", - "au_2", - "au_3", - "au_12" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.2" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ], - "NIS2": [ - "1.1.1.h", - "3.2.3.c", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Check if S3 buckets have server access logging enabled", - "title": "Check if S3 buckets have server access logging enabled", - "types": [ - "Logging and Monitoring" - ], - "uid": "prowler-aws-s3_bucket_server_access_logging_enabled-211203495394-eu-west-1-s3-bucket-sure-jackal" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::s3-bucket-sure-jackal", - "name": "s3-bucket-sure-jackal", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": true, - "logging": true, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": null, - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "denyOutdatedTLS", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:*", - "Resource": [ - "arn:aws:s3:::s3-bucket-sure-jackal/*", - "arn:aws:s3:::s3-bucket-sure-jackal" - ], - "Condition": { - "NumericLessThan": { - "s3:TlsVersion": "1.2" - } - } - }, - { - "Sid": "denyInsecureTransport", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:*", - "Resource": [ - "arn:aws:s3:::s3-bucket-sure-jackal/*", - "arn:aws:s3:::s3-bucket-sure-jackal" - ], - "Condition": { - "Bool": { - "aws:SecureTransport": "false" - } - } - }, - { - "Sid": "denyUnencryptedObjectUploads", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal/*", - "Condition": { - "Null": { - "s3:x-amz-server-side-encryption": "true" - } - } - }, - { - "Sid": "denySSECEncryptedObjectUploads", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal/*", - "Condition": { - "Null": { - "s3:x-amz-server-side-encryption-customer-algorithm": "false" - } - } - }, - { - "Sid": "denyIncorrectKmsKeySse", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal/*", - "Condition": { - "StringNotEquals": { - "s3:x-amz-server-side-encryption-aws-kms-key-id": "arn:aws:kms:eu-west-1:211203495394:key/34307c6a-e2e3-4f56-8543-fa92dd73df4f" - } - } - }, - { - "Sid": "denyIncorrectEncryptionHeaders", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal/*", - "Condition": { - "StringNotEquals": { - "s3:x-amz-server-side-encryption": "aws:kms" - } - } - }, - { - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:role/terraform-20251019182000328500000001" - }, - "Action": "s3:ListBucket", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal" - } - ] - }, - "encryption": "aws:kms", - "region": "eu-west-1", - "logging_target_bucket": "logs-sure-jackal", - "ownership": "BucketOwnerPreferred", - "object_lock": true, - "mfa_delete": false, - "tags": [ - { - "Key": "Owner", - "Value": "Anton" - } - ], - "lifecycle": [ - { - "id": "log", - "status": "Enabled" - }, - { - "id": "log1", - "status": "Enabled" - }, - { - "id": "log2", - "status": "Enabled" - } - ], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [ - "Owner:Anton" - ], - "name": "s3-bucket-sure-jackal", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::s3-bucket-sure-jackal" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Ensure that S3 buckets have Logging enabled. CloudTrail data events can be used in place of S3 bucket logging. If that is the case, this finding can be considered a false positive.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/dev/security-best-practices.html" - ] - }, - "risk_details": "Server access logs can assist you in security and access audits, help you learn about your customer base, and understand your Amazon S3 bill.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket simple-sure-jackal has server access logging disabled.", - "metadata": { - "event_code": "s3_bucket_server_access_logging_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "S3 Bucket simple-sure-jackal has server access logging disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_12", - "3_3_1", - "3_3_2", - "3_3_3", - "3_6_1", - "3_6_2", - "3_13_1", - "3_14_6", - "3_14_7" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_4" - ], - "HIPAA": [ - "164_308_a_1_ii_d", - "164_308_a_3_ii_a", - "164_308_a_6_ii", - "164_312_b", - "164_312_e_2_i" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "C5-2025": [ - "AM-01.01AC", - "OPS-11.02AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "IAM-06.04B", - "IAM-07.04B", - "IAM-10.01B", - "SSO-05.01AC", - "PSS-04.05B" - ], - "NIST-CSF-1.1": [ - "ae_1", - "ae_3", - "ae_4", - "cm_1", - "cm_3", - "cm_6", - "cm_7", - "am_3", - "ac_6", - "ds_5", - "pt_1" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-4", - "ac-2-g", - "au-2-a-d", - "au-3", - "au-6-1-3", - "au-12-a-c" - ], - "NIST-800-53-Revision-5": [ - "ac_2_4", - "ac_3_1", - "ac_3_10", - "ac_4_26", - "ac_6_9", - "au_2_b", - "au_3_a", - "au_3_b", - "au_3_c", - "au_3_d", - "au_3_e", - "au_3_f", - "au_6_3", - "au_6_4", - "au_6_6", - "au_6_9", - "au_8_b", - "au_10", - "au_12_a", - "au_12_c", - "au_12_1", - "au_12_2", - "au_12_3", - "au_12_4", - "au_14_a", - "au_14_b", - "au_14_3", - "ca_7_b", - "cm_5_1_b", - "cm_6_a", - "cm_9_b", - "ia_3_3_b", - "ma_4_1_a", - "pm_14_a_1", - "pm_14_b", - "pm_31", - "sc_7_9_b", - "si_1_1_c", - "si_3_8_b", - "si_4_2", - "si_4_17", - "si_4_20", - "si_7_8", - "si_10_1_c" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.2" - ], - "PCI-4.0": [ - "10.2.1.1.30", - "10.2.1.2.27", - "10.2.1.3.27", - "10.2.1.4.27", - "10.2.1.5.27", - "10.2.1.6.27", - "10.2.1.7.27", - "10.2.1.27", - "10.2.2.27", - "10.3.1.27", - "10.6.3.34", - "5.3.4.32", - "A1.2.1.32" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "au-2" - ], - "FFIEC": [ - "d2-ma-ma-b-1", - "d2-ma-ma-b-2", - "d3-dc-an-b-3", - "d3-dc-an-b-4", - "d5-dr-de-b-3" - ], - "PCI-3.2.1": [ - "10.1", - "10.2", - "10.2.1", - "10.2.2", - "10.2.3", - "10.2.4", - "10.2.6", - "10.2.7", - "10.3", - "10.3.1", - "10.3.2", - "10.3.3", - "10.3.4", - "10.3.5", - "10.3.6", - "10.5", - "10.5.4" - ], - "CCC": [ - "CCC.AuditLog.CN04.AR01", - "CCC.ObjStor.CN06.AR01", - "CCC.Core.CN09.AR03" - ], - "GxP-21-CFR-Part-11": [ - "11.10-e", - "11.10-k" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.9" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP01" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "NIST-800-53-Revision-4": [ - "ac_2", - "au_2", - "au_3", - "au_12" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.2" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ], - "NIS2": [ - "1.1.1.h", - "3.2.3.c", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Check if S3 buckets have server access logging enabled", - "title": "Check if S3 buckets have server access logging enabled", - "types": [ - "Logging and Monitoring" - ], - "uid": "prowler-aws-s3_bucket_server_access_logging_enabled-211203495394-eu-west-1-simple-sure-jackal" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::simple-sure-jackal", - "name": "simple-sure-jackal", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "eu-west-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "simple-sure-jackal", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::simple-sure-jackal" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Ensure that S3 buckets have Logging enabled. CloudTrail data events can be used in place of S3 bucket logging. If that is the case, this finding can be considered a false positive.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/dev/security-best-practices.html" - ] - }, - "risk_details": "Server access logs can assist you in security and access audits, help you learn about your customer base, and understand your Amazon S3 bill.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket test-bucket-obj-untrusted has server access logging disabled.", - "metadata": { - "event_code": "s3_bucket_server_access_logging_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "S3 Bucket test-bucket-obj-untrusted has server access logging disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_12", - "3_3_1", - "3_3_2", - "3_3_3", - "3_6_1", - "3_6_2", - "3_13_1", - "3_14_6", - "3_14_7" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_4" - ], - "HIPAA": [ - "164_308_a_1_ii_d", - "164_308_a_3_ii_a", - "164_308_a_6_ii", - "164_312_b", - "164_312_e_2_i" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "C5-2025": [ - "AM-01.01AC", - "OPS-11.02AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "IAM-06.04B", - "IAM-07.04B", - "IAM-10.01B", - "SSO-05.01AC", - "PSS-04.05B" - ], - "NIST-CSF-1.1": [ - "ae_1", - "ae_3", - "ae_4", - "cm_1", - "cm_3", - "cm_6", - "cm_7", - "am_3", - "ac_6", - "ds_5", - "pt_1" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-4", - "ac-2-g", - "au-2-a-d", - "au-3", - "au-6-1-3", - "au-12-a-c" - ], - "NIST-800-53-Revision-5": [ - "ac_2_4", - "ac_3_1", - "ac_3_10", - "ac_4_26", - "ac_6_9", - "au_2_b", - "au_3_a", - "au_3_b", - "au_3_c", - "au_3_d", - "au_3_e", - "au_3_f", - "au_6_3", - "au_6_4", - "au_6_6", - "au_6_9", - "au_8_b", - "au_10", - "au_12_a", - "au_12_c", - "au_12_1", - "au_12_2", - "au_12_3", - "au_12_4", - "au_14_a", - "au_14_b", - "au_14_3", - "ca_7_b", - "cm_5_1_b", - "cm_6_a", - "cm_9_b", - "ia_3_3_b", - "ma_4_1_a", - "pm_14_a_1", - "pm_14_b", - "pm_31", - "sc_7_9_b", - "si_1_1_c", - "si_3_8_b", - "si_4_2", - "si_4_17", - "si_4_20", - "si_7_8", - "si_10_1_c" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.2" - ], - "PCI-4.0": [ - "10.2.1.1.30", - "10.2.1.2.27", - "10.2.1.3.27", - "10.2.1.4.27", - "10.2.1.5.27", - "10.2.1.6.27", - "10.2.1.7.27", - "10.2.1.27", - "10.2.2.27", - "10.3.1.27", - "10.6.3.34", - "5.3.4.32", - "A1.2.1.32" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "au-2" - ], - "FFIEC": [ - "d2-ma-ma-b-1", - "d2-ma-ma-b-2", - "d3-dc-an-b-3", - "d3-dc-an-b-4", - "d5-dr-de-b-3" - ], - "PCI-3.2.1": [ - "10.1", - "10.2", - "10.2.1", - "10.2.2", - "10.2.3", - "10.2.4", - "10.2.6", - "10.2.7", - "10.3", - "10.3.1", - "10.3.2", - "10.3.3", - "10.3.4", - "10.3.5", - "10.3.6", - "10.5", - "10.5.4" - ], - "CCC": [ - "CCC.AuditLog.CN04.AR01", - "CCC.ObjStor.CN06.AR01", - "CCC.Core.CN09.AR03" - ], - "GxP-21-CFR-Part-11": [ - "11.10-e", - "11.10-k" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.9" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP01" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "NIST-800-53-Revision-4": [ - "ac_2", - "au_2", - "au_3", - "au_12" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.2" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ], - "NIS2": [ - "1.1.1.h", - "3.2.3.c", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Check if S3 buckets have server access logging enabled", - "title": "Check if S3 buckets have server access logging enabled", - "types": [ - "Logging and Monitoring" - ], - "uid": "prowler-aws-s3_bucket_server_access_logging_enabled-211203495394-us-east-1-test-bucket-obj-untrusted" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::test-bucket-obj-untrusted", - "name": "test-bucket-obj-untrusted", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "us-east-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "test-bucket-obj-untrusted", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::test-bucket-obj-untrusted" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Ensure that S3 buckets have Logging enabled. CloudTrail data events can be used in place of S3 bucket logging. If that is the case, this finding can be considered a false positive.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/dev/security-best-practices.html" - ] - }, - "risk_details": "Server access logs can assist you in security and access audits, help you learn about your customer base, and understand your Amazon S3 bill.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket test-bucket-untrusted-kms has server access logging disabled.", - "metadata": { - "event_code": "s3_bucket_server_access_logging_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "S3 Bucket test-bucket-untrusted-kms has server access logging disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_12", - "3_3_1", - "3_3_2", - "3_3_3", - "3_6_1", - "3_6_2", - "3_13_1", - "3_14_6", - "3_14_7" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_4" - ], - "HIPAA": [ - "164_308_a_1_ii_d", - "164_308_a_3_ii_a", - "164_308_a_6_ii", - "164_312_b", - "164_312_e_2_i" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "C5-2025": [ - "AM-01.01AC", - "OPS-11.02AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "IAM-06.04B", - "IAM-07.04B", - "IAM-10.01B", - "SSO-05.01AC", - "PSS-04.05B" - ], - "NIST-CSF-1.1": [ - "ae_1", - "ae_3", - "ae_4", - "cm_1", - "cm_3", - "cm_6", - "cm_7", - "am_3", - "ac_6", - "ds_5", - "pt_1" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-4", - "ac-2-g", - "au-2-a-d", - "au-3", - "au-6-1-3", - "au-12-a-c" - ], - "NIST-800-53-Revision-5": [ - "ac_2_4", - "ac_3_1", - "ac_3_10", - "ac_4_26", - "ac_6_9", - "au_2_b", - "au_3_a", - "au_3_b", - "au_3_c", - "au_3_d", - "au_3_e", - "au_3_f", - "au_6_3", - "au_6_4", - "au_6_6", - "au_6_9", - "au_8_b", - "au_10", - "au_12_a", - "au_12_c", - "au_12_1", - "au_12_2", - "au_12_3", - "au_12_4", - "au_14_a", - "au_14_b", - "au_14_3", - "ca_7_b", - "cm_5_1_b", - "cm_6_a", - "cm_9_b", - "ia_3_3_b", - "ma_4_1_a", - "pm_14_a_1", - "pm_14_b", - "pm_31", - "sc_7_9_b", - "si_1_1_c", - "si_3_8_b", - "si_4_2", - "si_4_17", - "si_4_20", - "si_7_8", - "si_10_1_c" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.2" - ], - "PCI-4.0": [ - "10.2.1.1.30", - "10.2.1.2.27", - "10.2.1.3.27", - "10.2.1.4.27", - "10.2.1.5.27", - "10.2.1.6.27", - "10.2.1.7.27", - "10.2.1.27", - "10.2.2.27", - "10.3.1.27", - "10.6.3.34", - "5.3.4.32", - "A1.2.1.32" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "au-2" - ], - "FFIEC": [ - "d2-ma-ma-b-1", - "d2-ma-ma-b-2", - "d3-dc-an-b-3", - "d3-dc-an-b-4", - "d5-dr-de-b-3" - ], - "PCI-3.2.1": [ - "10.1", - "10.2", - "10.2.1", - "10.2.2", - "10.2.3", - "10.2.4", - "10.2.6", - "10.2.7", - "10.3", - "10.3.1", - "10.3.2", - "10.3.3", - "10.3.4", - "10.3.5", - "10.3.6", - "10.5", - "10.5.4" - ], - "CCC": [ - "CCC.AuditLog.CN04.AR01", - "CCC.ObjStor.CN06.AR01", - "CCC.Core.CN09.AR03" - ], - "GxP-21-CFR-Part-11": [ - "11.10-e", - "11.10-k" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.9" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP01" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "NIST-800-53-Revision-4": [ - "ac_2", - "au_2", - "au_3", - "au_12" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.2" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ], - "NIS2": [ - "1.1.1.h", - "3.2.3.c", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Check if S3 buckets have server access logging enabled", - "title": "Check if S3 buckets have server access logging enabled", - "types": [ - "Logging and Monitoring" - ], - "uid": "prowler-aws-s3_bucket_server_access_logging_enabled-211203495394-us-east-1-test-bucket-untrusted-kms" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::test-bucket-untrusted-kms", - "name": "test-bucket-untrusted-kms", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "us-east-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "test-bucket-untrusted-kms", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::test-bucket-untrusted-kms" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Ensure that S3 buckets have Logging enabled. CloudTrail data events can be used in place of S3 bucket logging. If that is the case, this finding can be considered a false positive.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/dev/security-best-practices.html" - ] - }, - "risk_details": "Server access logs can assist you in security and access audits, help you learn about your customer base, and understand your Amazon S3 bill.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 bucket cloudfront-logs-sure-jackal is not a known shadow resource.", - "metadata": { - "event_code": "s3_bucket_shadow_resource_vulnerability", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 bucket cloudfront-logs-sure-jackal is not a known shadow resource.", - "status_id": 1, - "unmapped": { - "related_url": "https://www.aquasec.com/blog/bucket-monopoly-breaching-aws-accounts-through-shadow-resources/", - "categories": [ - "trustboundaries" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "This check is based on the 'Bucket Monopoly' vulnerability disclosed by Aqua Security.", - "compliance": { - "C5-2025": [ - "OPS-25.01B" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Checks for S3 buckets with predictable names that could be hijacked by an attacker before legitimate use, leading to data leakage or other security breaches.", - "title": "Check for S3 buckets vulnerable to Shadow Resource Hijacking (Bucket Monopoly)", - "types": [ - "Effects/Data Exposure" - ], - "uid": "prowler-aws-s3_bucket_shadow_resource_vulnerability-211203495394-eu-west-1-cloudfront-logs-sure-jackal" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::cloudfront-logs-sure-jackal", - "name": "cloudfront-logs-sure-jackal", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "awslogsdelivery+s3_us-east-1", - "ID": "c4c1ede66af53448b93c283ce9448c4ba468c9432aa01d700d3878632f77d2d0", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - }, - { - "display_name": null, - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "eu-west-1", - "logging_target_bucket": null, - "ownership": "ObjectWriter", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "cloudfront-logs-sure-jackal", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::cloudfront-logs-sure-jackal" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Ensure that all S3 buckets associated with your AWS account are owned by your account. Be cautious of services that create buckets with predictable names. Whenever possible, pre-create these buckets in all regions to prevent hijacking.", - "references": [ - "https://www.aquasec.com/blog/bucket-monopoly-breaching-aws-accounts-through-shadow-resources/" - ] - }, - "risk_details": "An attacker can pre-create S3 buckets with predictable names used by various AWS services. When a legitimate user's service attempts to use that bucket, it may inadvertently write sensitive data to the attacker-controlled bucket, leading to information disclosure, denial of service, or even remote code execution.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 bucket logs-sure-jackal is not a known shadow resource.", - "metadata": { - "event_code": "s3_bucket_shadow_resource_vulnerability", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 bucket logs-sure-jackal is not a known shadow resource.", - "status_id": 1, - "unmapped": { - "related_url": "https://www.aquasec.com/blog/bucket-monopoly-breaching-aws-accounts-through-shadow-resources/", - "categories": [ - "trustboundaries" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "This check is based on the 'Bucket Monopoly' vulnerability disclosed by Aqua Security.", - "compliance": { - "C5-2025": [ - "OPS-25.01B" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Checks for S3 buckets with predictable names that could be hijacked by an attacker before legitimate use, leading to data leakage or other security breaches.", - "title": "Check for S3 buckets vulnerable to Shadow Resource Hijacking (Bucket Monopoly)", - "types": [ - "Effects/Data Exposure" - ], - "uid": "prowler-aws-s3_bucket_shadow_resource_vulnerability-211203495394-eu-west-1-logs-sure-jackal" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::logs-sure-jackal", - "name": "logs-sure-jackal", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "ELBRegionEu-West-1", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::156460612806:root" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/*" - }, - { - "Effect": "Allow", - "Principal": { - "Service": "logdelivery.elasticloadbalancing.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/*" - }, - { - "Sid": "AlbNlbLogDeliveryWrite", - "Effect": "Allow", - "Principal": { - "Service": "delivery.logs.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/*", - "Condition": { - "StringEquals": { - "s3:x-amz-acl": "bucket-owner-full-control", - "aws:ResourceOrgID": "o-123456" - } - } - }, - { - "Sid": "AlbNlbLogDeliveryAclCheck", - "Effect": "Allow", - "Principal": { - "Service": "delivery.logs.amazonaws.com" - }, - "Action": [ - "s3:ListBucket", - "s3:GetBucketAcl" - ], - "Resource": "arn:aws:s3:::logs-sure-jackal", - "Condition": { - "StringEquals": { - "aws:ResourceOrgID": "o-123456" - } - } - }, - { - "Sid": "AWSAccessLogDeliveryWrite", - "Effect": "Allow", - "Principal": { - "Service": "logging.s3.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/*", - "Condition": { - "StringEquals": { - "aws:ResourceOrgID": "o-123456" - }, - "ForAnyValue:StringEquals": { - "aws:SourceAccount": "211203495394" - }, - "ForAnyValue:ArnLike": { - "aws:SourceArn": "arn:aws:s3:::s3-bucket-sure-jackal" - } - } - }, - { - "Sid": "AWSAccessLogDeliveryAclCheck", - "Effect": "Allow", - "Principal": { - "Service": "logging.s3.amazonaws.com" - }, - "Action": "s3:GetBucketAcl", - "Resource": "arn:aws:s3:::logs-sure-jackal", - "Condition": { - "StringEquals": { - "aws:ResourceOrgID": "o-123456" - } - } - }, - { - "Sid": "AWSCloudTrailAclCheck", - "Effect": "Allow", - "Principal": { - "Service": "cloudtrail.amazonaws.com" - }, - "Action": "s3:GetBucketAcl", - "Resource": "arn:aws:s3:::logs-sure-jackal" - }, - { - "Sid": "AWSCloudTrailWrite", - "Effect": "Allow", - "Principal": { - "Service": "cloudtrail.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/AWSLogs/*", - "Condition": { - "StringEquals": { - "s3:x-amz-acl": "bucket-owner-full-control" - } - } - }, - { - "Sid": "denyOutdatedTLS", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:*", - "Resource": [ - "arn:aws:s3:::logs-sure-jackal/*", - "arn:aws:s3:::logs-sure-jackal" - ], - "Condition": { - "NumericLessThan": { - "s3:TlsVersion": "1.2" - } - } - }, - { - "Sid": "denyInsecureTransport", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:*", - "Resource": [ - "arn:aws:s3:::logs-sure-jackal/*", - "arn:aws:s3:::logs-sure-jackal" - ], - "Condition": { - "Bool": { - "aws:SecureTransport": "false" - } - } - }, - { - "Sid": "WafLogDeliveryWrite", - "Effect": "Allow", - "Principal": { - "Service": "delivery.logs.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/AWSLogs/211203495394/*", - "Condition": { - "StringEquals": { - "aws:SourceAccount": "211203495394", - "s3:x-amz-acl": "bucket-owner-full-control" - }, - "ArnLike": { - "aws:SourceArn": "arn:aws:logs:eu-west-1:211203495394:*" - } - } - }, - { - "Sid": "WafLogDeliveryAclCheck", - "Effect": "Allow", - "Principal": { - "Service": "delivery.logs.amazonaws.com" - }, - "Action": "s3:GetBucketAcl", - "Resource": "arn:aws:s3:::logs-sure-jackal", - "Condition": { - "StringEquals": { - "aws:SourceAccount": "211203495394" - }, - "ArnLike": { - "aws:SourceArn": "arn:aws:logs:eu-west-1:211203495394:*" - } - } - } - ] - }, - "encryption": "AES256", - "region": "eu-west-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "logs-sure-jackal", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::logs-sure-jackal" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Ensure that all S3 buckets associated with your AWS account are owned by your account. Be cautious of services that create buckets with predictable names. Whenever possible, pre-create these buckets in all regions to prevent hijacking.", - "references": [ - "https://www.aquasec.com/blog/bucket-monopoly-breaching-aws-accounts-through-shadow-resources/" - ] - }, - "risk_details": "An attacker can pre-create S3 buckets with predictable names used by various AWS services. When a legitimate user's service attempts to use that bucket, it may inadvertently write sensitive data to the attacker-controlled bucket, leading to information disclosure, denial of service, or even remote code execution.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 bucket s3-bucket-sure-jackal is not a known shadow resource.", - "metadata": { - "event_code": "s3_bucket_shadow_resource_vulnerability", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 bucket s3-bucket-sure-jackal is not a known shadow resource.", - "status_id": 1, - "unmapped": { - "related_url": "https://www.aquasec.com/blog/bucket-monopoly-breaching-aws-accounts-through-shadow-resources/", - "categories": [ - "trustboundaries" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "This check is based on the 'Bucket Monopoly' vulnerability disclosed by Aqua Security.", - "compliance": { - "C5-2025": [ - "OPS-25.01B" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Checks for S3 buckets with predictable names that could be hijacked by an attacker before legitimate use, leading to data leakage or other security breaches.", - "title": "Check for S3 buckets vulnerable to Shadow Resource Hijacking (Bucket Monopoly)", - "types": [ - "Effects/Data Exposure" - ], - "uid": "prowler-aws-s3_bucket_shadow_resource_vulnerability-211203495394-eu-west-1-s3-bucket-sure-jackal" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::s3-bucket-sure-jackal", - "name": "s3-bucket-sure-jackal", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": true, - "logging": true, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": null, - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "denyOutdatedTLS", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:*", - "Resource": [ - "arn:aws:s3:::s3-bucket-sure-jackal/*", - "arn:aws:s3:::s3-bucket-sure-jackal" - ], - "Condition": { - "NumericLessThan": { - "s3:TlsVersion": "1.2" - } - } - }, - { - "Sid": "denyInsecureTransport", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:*", - "Resource": [ - "arn:aws:s3:::s3-bucket-sure-jackal/*", - "arn:aws:s3:::s3-bucket-sure-jackal" - ], - "Condition": { - "Bool": { - "aws:SecureTransport": "false" - } - } - }, - { - "Sid": "denyUnencryptedObjectUploads", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal/*", - "Condition": { - "Null": { - "s3:x-amz-server-side-encryption": "true" - } - } - }, - { - "Sid": "denySSECEncryptedObjectUploads", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal/*", - "Condition": { - "Null": { - "s3:x-amz-server-side-encryption-customer-algorithm": "false" - } - } - }, - { - "Sid": "denyIncorrectKmsKeySse", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal/*", - "Condition": { - "StringNotEquals": { - "s3:x-amz-server-side-encryption-aws-kms-key-id": "arn:aws:kms:eu-west-1:211203495394:key/34307c6a-e2e3-4f56-8543-fa92dd73df4f" - } - } - }, - { - "Sid": "denyIncorrectEncryptionHeaders", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal/*", - "Condition": { - "StringNotEquals": { - "s3:x-amz-server-side-encryption": "aws:kms" - } - } - }, - { - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:role/terraform-20251019182000328500000001" - }, - "Action": "s3:ListBucket", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal" - } - ] - }, - "encryption": "aws:kms", - "region": "eu-west-1", - "logging_target_bucket": "logs-sure-jackal", - "ownership": "BucketOwnerPreferred", - "object_lock": true, - "mfa_delete": false, - "tags": [ - { - "Key": "Owner", - "Value": "Anton" - } - ], - "lifecycle": [ - { - "id": "log", - "status": "Enabled" - }, - { - "id": "log1", - "status": "Enabled" - }, - { - "id": "log2", - "status": "Enabled" - } - ], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [ - "Owner:Anton" - ], - "name": "s3-bucket-sure-jackal", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::s3-bucket-sure-jackal" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Ensure that all S3 buckets associated with your AWS account are owned by your account. Be cautious of services that create buckets with predictable names. Whenever possible, pre-create these buckets in all regions to prevent hijacking.", - "references": [ - "https://www.aquasec.com/blog/bucket-monopoly-breaching-aws-accounts-through-shadow-resources/" - ] - }, - "risk_details": "An attacker can pre-create S3 buckets with predictable names used by various AWS services. When a legitimate user's service attempts to use that bucket, it may inadvertently write sensitive data to the attacker-controlled bucket, leading to information disclosure, denial of service, or even remote code execution.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 bucket simple-sure-jackal is not a known shadow resource.", - "metadata": { - "event_code": "s3_bucket_shadow_resource_vulnerability", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 bucket simple-sure-jackal is not a known shadow resource.", - "status_id": 1, - "unmapped": { - "related_url": "https://www.aquasec.com/blog/bucket-monopoly-breaching-aws-accounts-through-shadow-resources/", - "categories": [ - "trustboundaries" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "This check is based on the 'Bucket Monopoly' vulnerability disclosed by Aqua Security.", - "compliance": { - "C5-2025": [ - "OPS-25.01B" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Checks for S3 buckets with predictable names that could be hijacked by an attacker before legitimate use, leading to data leakage or other security breaches.", - "title": "Check for S3 buckets vulnerable to Shadow Resource Hijacking (Bucket Monopoly)", - "types": [ - "Effects/Data Exposure" - ], - "uid": "prowler-aws-s3_bucket_shadow_resource_vulnerability-211203495394-eu-west-1-simple-sure-jackal" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::simple-sure-jackal", - "name": "simple-sure-jackal", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "eu-west-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "simple-sure-jackal", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::simple-sure-jackal" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Ensure that all S3 buckets associated with your AWS account are owned by your account. Be cautious of services that create buckets with predictable names. Whenever possible, pre-create these buckets in all regions to prevent hijacking.", - "references": [ - "https://www.aquasec.com/blog/bucket-monopoly-breaching-aws-accounts-through-shadow-resources/" - ] - }, - "risk_details": "An attacker can pre-create S3 buckets with predictable names used by various AWS services. When a legitimate user's service attempts to use that bucket, it may inadvertently write sensitive data to the attacker-controlled bucket, leading to information disclosure, denial of service, or even remote code execution.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 bucket test-bucket-obj-untrusted is not a known shadow resource.", - "metadata": { - "event_code": "s3_bucket_shadow_resource_vulnerability", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 bucket test-bucket-obj-untrusted is not a known shadow resource.", - "status_id": 1, - "unmapped": { - "related_url": "https://www.aquasec.com/blog/bucket-monopoly-breaching-aws-accounts-through-shadow-resources/", - "categories": [ - "trustboundaries" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "This check is based on the 'Bucket Monopoly' vulnerability disclosed by Aqua Security.", - "compliance": { - "C5-2025": [ - "OPS-25.01B" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Checks for S3 buckets with predictable names that could be hijacked by an attacker before legitimate use, leading to data leakage or other security breaches.", - "title": "Check for S3 buckets vulnerable to Shadow Resource Hijacking (Bucket Monopoly)", - "types": [ - "Effects/Data Exposure" - ], - "uid": "prowler-aws-s3_bucket_shadow_resource_vulnerability-211203495394-us-east-1-test-bucket-obj-untrusted" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::test-bucket-obj-untrusted", - "name": "test-bucket-obj-untrusted", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "us-east-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "test-bucket-obj-untrusted", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::test-bucket-obj-untrusted" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Ensure that all S3 buckets associated with your AWS account are owned by your account. Be cautious of services that create buckets with predictable names. Whenever possible, pre-create these buckets in all regions to prevent hijacking.", - "references": [ - "https://www.aquasec.com/blog/bucket-monopoly-breaching-aws-accounts-through-shadow-resources/" - ] - }, - "risk_details": "An attacker can pre-create S3 buckets with predictable names used by various AWS services. When a legitimate user's service attempts to use that bucket, it may inadvertently write sensitive data to the attacker-controlled bucket, leading to information disclosure, denial of service, or even remote code execution.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 bucket test-bucket-untrusted-kms is not a known shadow resource.", - "metadata": { - "event_code": "s3_bucket_shadow_resource_vulnerability", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 bucket test-bucket-untrusted-kms is not a known shadow resource.", - "status_id": 1, - "unmapped": { - "related_url": "https://www.aquasec.com/blog/bucket-monopoly-breaching-aws-accounts-through-shadow-resources/", - "categories": [ - "trustboundaries" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "This check is based on the 'Bucket Monopoly' vulnerability disclosed by Aqua Security.", - "compliance": { - "C5-2025": [ - "OPS-25.01B" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Checks for S3 buckets with predictable names that could be hijacked by an attacker before legitimate use, leading to data leakage or other security breaches.", - "title": "Check for S3 buckets vulnerable to Shadow Resource Hijacking (Bucket Monopoly)", - "types": [ - "Effects/Data Exposure" - ], - "uid": "prowler-aws-s3_bucket_shadow_resource_vulnerability-211203495394-us-east-1-test-bucket-untrusted-kms" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::test-bucket-untrusted-kms", - "name": "test-bucket-untrusted-kms", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "us-east-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "test-bucket-untrusted-kms", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::test-bucket-untrusted-kms" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Ensure that all S3 buckets associated with your AWS account are owned by your account. Be cautious of services that create buckets with predictable names. Whenever possible, pre-create these buckets in all regions to prevent hijacking.", - "references": [ - "https://www.aquasec.com/blog/bucket-monopoly-breaching-aws-accounts-through-shadow-resources/" - ] - }, - "risk_details": "An attacker can pre-create S3 buckets with predictable names used by various AWS services. When a legitimate user's service attempts to use that bucket, it may inadvertently write sensitive data to the attacker-controlled bucket, leading to information disclosure, denial of service, or even remote code execution.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No SSM Incidents replication set exists.", - "metadata": { - "event_code": "ssmincidents_enabled_with_plans", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "No SSM Incidents replication set exists.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/incident-manager/latest/userguide/response-plans.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-03.02B", - "OIS-03.05B", - "OIS-03.06B", - "OIS-05.03B", - "OIS-08.01B", - "OIS-08.09B", - "OPS-13.02B", - "OPS-13.03AC", - "OPS-22.08B", - "DEV-15.01B", - "SIM-01.02AC", - "SIM-02.01B", - "SIM-03.01B", - "SIM-03.04B", - "SIM-04.01B", - "SIM-06.01B", - "BCM-01.05B" - ], - "ENS-RD2022": [ - "op.exp.9.aws.img.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2", - "2.11.1" - ], - "KISA-ISMS-P-2023": [ - "2.10.2", - "2.11.1" - ], - "NIS2": [ - "2.1.1", - "2.1.2.a", - "2.1.2.i", - "3.1.1", - "3.1.2.a", - "3.1.2.c", - "3.1.2.d", - "3.5.1", - "3.6.1", - "3.6.2", - "3.6.3", - "4.3.1", - "5.1.7.b", - "12.1.2.c", - "12.2.2.b" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure SSM Incidents is enabled with response plans.", - "title": "Ensure SSM Incidents is enabled with response plans.", - "types": [], - "uid": "prowler-aws-ssmincidents_enabled_with_plans-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "ssmincidents" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:ssm-incidents:us-east-1:211203495394:replication-set" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Enable SSM Incidents and create response plans", - "references": [ - "https://docs.aws.amazon.com/incident-manager/latest/userguide/response-plans.html" - ] - }, - "risk_details": "Not having SSM Incidents enabled can increase the risk of delayed detection and response to security incidents, unauthorized access, limited visibility into incidents and vulnerabilities", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Amazon Web Services Premium Support Subscription is required to use this service.", - "metadata": { - "event_code": "trustedadvisor_errors_and_warnings", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "MANUAL", - "status_detail": "Amazon Web Services Premium Support Subscription is required to use this service.", - "status_id": 1, - "unmapped": { - "related_url": "https://aws.amazon.com/premiumsupport/technology/trusted-advisor/best-practice-checklist/", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "KISA-ISMS-P-2023-korean": [ - "2.10.1", - "2.10.2", - "2.11.3" - ], - "KISA-ISMS-P-2023": [ - "2.10.1", - "2.10.2", - "2.11.3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Check Trusted Advisor for errors and warnings.", - "title": "Check Trusted Advisor for errors and warnings.", - "types": [], - "uid": "prowler-aws-trustedadvisor_errors_and_warnings-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "trustedadvisor" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:trusted-advisor:us-east-1:211203495394:account" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Review and act upon its recommendations.", - "references": [ - "https://aws.amazon.com/premiumsupport/technology/trusted-advisor/best-practice-checklist/" - ] - }, - "risk_details": "Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Amazon Web Services Premium Support Plan isn't subscribed.", - "metadata": { - "event_code": "trustedadvisor_premium_support_plan_subscribed", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "Amazon Web Services Premium Support Plan isn't subscribed.", - "status_id": 1, - "unmapped": { - "related_url": "https://aws.amazon.com/premiumsupport/plans/", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "SSO-05.06B" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Check if a Premium support plan is subscribed.", - "title": "Check if a Premium support plan is subscribed", - "types": [], - "uid": "prowler-aws-trustedadvisor_premium_support_plan_subscribed-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "enabled": false - } - }, - "group": { - "name": "trustedadvisor" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:trusted-advisor:us-east-1:211203495394:account" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "It is recommended that you subscribe to the AWS Business Support tier or higher for all of your AWS production accounts. If you don't have premium support, you must have an action plan to handle issues which require help from AWS Support. AWS Support provides a mix of tools and technology, people, and programs designed to proactively help you optimize performance, lower costs, and innovate faster.", - "references": [ - "https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/Support/support-plan.html" - ] - }, - "risk_details": "Ensure that the appropriate support level is enabled for the necessary AWS accounts. For example, if an AWS account is being used to host production systems and environments, it is highly recommended that the minimum AWS Support Plan should be Business.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "VPCs found only in one region.", - "metadata": { - "event_code": "vpc_different_regions", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "VPCs found only in one region.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Scenario2.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS" - ], - "ENS-RD2022": [ - "mp.com.4.r1.aws.vpc.1", - "mp.com.4.r3.aws.vpc.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.2" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "KISA-ISMS-P-2023": [ - "2.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure there are VPCs in more than one region", - "title": "Ensure there are VPCs in more than one region", - "types": [ - "Infrastructure Security" - ], - "uid": "prowler-aws-vpc_different_regions-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "vpc-0db221deba515d6c7": { - "arn": "arn:aws:ec2:eu-west-1:211203495394:vpc/vpc-0db221deba515d6c7", - "id": "vpc-0db221deba515d6c7", - "name": "ex-rds", - "default": false, - "in_use": false, - "cidr_block": "10.0.0.0/16", - "flow_log": false, - "region": "eu-west-1", - "subnets": [ - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-0c601df1846258b27", - "id": "subnet-0c601df1846258b27", - "name": "ex-rds-public-eu-west-1b", - "default": false, - "vpc_id": "vpc-0db221deba515d6c7", - "cidr_block": "10.0.1.0/24", - "availability_zone": "eu-west-1b", - "public": true, - "in_use": false, - "nat_gateway": false, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "Name", - "Value": "ex-rds-public-eu-west-1b" - }, - { - "Key": "Example", - "Value": "ex-rds" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-rds-aurora" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-0099cb47638dfe6cc", - "id": "subnet-0099cb47638dfe6cc", - "name": "ex-rds-db-eu-west-1c", - "default": false, - "vpc_id": "vpc-0db221deba515d6c7", - "cidr_block": "10.0.8.0/24", - "availability_zone": "eu-west-1c", - "public": false, - "in_use": false, - "nat_gateway": false, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "Example", - "Value": "ex-rds" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-rds-aurora" - }, - { - "Key": "Name", - "Value": "ex-rds-db-eu-west-1c" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-06044fff66c61bb5d", - "id": "subnet-06044fff66c61bb5d", - "name": "ex-rds-private-eu-west-1a", - "default": false, - "vpc_id": "vpc-0db221deba515d6c7", - "cidr_block": "10.0.3.0/24", - "availability_zone": "eu-west-1a", - "public": false, - "in_use": false, - "nat_gateway": false, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Example", - "Value": "ex-rds" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-rds-aurora" - }, - { - "Key": "Name", - "Value": "ex-rds-private-eu-west-1a" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-0fe7301ce3651cd65", - "id": "subnet-0fe7301ce3651cd65", - "name": "ex-rds-db-eu-west-1b", - "default": false, - "vpc_id": "vpc-0db221deba515d6c7", - "cidr_block": "10.0.7.0/24", - "availability_zone": "eu-west-1b", - "public": false, - "in_use": false, - "nat_gateway": false, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Example", - "Value": "ex-rds" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-rds-aurora" - }, - { - "Key": "Name", - "Value": "ex-rds-db-eu-west-1b" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-0460814cac0ede342", - "id": "subnet-0460814cac0ede342", - "name": "ex-rds-db-eu-west-1a", - "default": false, - "vpc_id": "vpc-0db221deba515d6c7", - "cidr_block": "10.0.6.0/24", - "availability_zone": "eu-west-1a", - "public": false, - "in_use": false, - "nat_gateway": false, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "Name", - "Value": "ex-rds-db-eu-west-1a" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Example", - "Value": "ex-rds" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-rds-aurora" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-02905869f401bc924", - "id": "subnet-02905869f401bc924", - "name": "ex-rds-private-eu-west-1b", - "default": false, - "vpc_id": "vpc-0db221deba515d6c7", - "cidr_block": "10.0.4.0/24", - "availability_zone": "eu-west-1b", - "public": false, - "in_use": false, - "nat_gateway": false, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "Name", - "Value": "ex-rds-private-eu-west-1b" - }, - { - "Key": "Example", - "Value": "ex-rds" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-rds-aurora" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-0032157e99d569ffd", - "id": "subnet-0032157e99d569ffd", - "name": "ex-rds-public-eu-west-1a", - "default": false, - "vpc_id": "vpc-0db221deba515d6c7", - "cidr_block": "10.0.0.0/24", - "availability_zone": "eu-west-1a", - "public": true, - "in_use": false, - "nat_gateway": false, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "GithubRepo", - "Value": "terraform-aws-rds-aurora" - }, - { - "Key": "Example", - "Value": "ex-rds" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Name", - "Value": "ex-rds-public-eu-west-1a" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-06cdd0ff5333f76e5", - "id": "subnet-06cdd0ff5333f76e5", - "name": "ex-rds-private-eu-west-1c", - "default": false, - "vpc_id": "vpc-0db221deba515d6c7", - "cidr_block": "10.0.5.0/24", - "availability_zone": "eu-west-1c", - "public": false, - "in_use": false, - "nat_gateway": false, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Example", - "Value": "ex-rds" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-rds-aurora" - }, - { - "Key": "Name", - "Value": "ex-rds-private-eu-west-1c" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-02cbf11ee27383148", - "id": "subnet-02cbf11ee27383148", - "name": "ex-rds-public-eu-west-1c", - "default": false, - "vpc_id": "vpc-0db221deba515d6c7", - "cidr_block": "10.0.2.0/24", - "availability_zone": "eu-west-1c", - "public": true, - "in_use": false, - "nat_gateway": false, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "GithubRepo", - "Value": "terraform-aws-rds-aurora" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Name", - "Value": "ex-rds-public-eu-west-1c" - }, - { - "Key": "Example", - "Value": "ex-rds" - } - ] - } - ], - "tags": [ - { - "Key": "Example", - "Value": "ex-rds" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-rds-aurora" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Name", - "Value": "ex-rds" - } - ] - } - } - }, - "group": { - "name": "vpc" - }, - "labels": [], - "name": "211203495394", - "type": "AwsEc2Vpc", - "uid": "arn:aws:ec2:us-east-1:211203495394:vpc" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Ensure there are VPCs in more than one region", - "references": [ - "https://docs.aws.amazon.com/vpc/latest/userguide/vpc-example-private-subnets-nat.html" - ] - }, - "risk_details": "", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "VPC Endpoint Service vpce-svc-02e288a4c6043110f has no allowed principals.", - "metadata": { - "event_code": "vpc_endpoint_services_allowed_principals_trust_boundaries", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "VPC Endpoint Service vpce-svc-02e288a4c6043110f has no allowed principals.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "trustboundaries" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "AWS-Foundational-Technical-Review": [ - "NETSEC-002" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.10.2" - ], - "CCC": [ - "CCC.LB.CN09.AR01", - "CCC.Core.CN06.AR01", - "CCC.Core.CN06.AR02", - "CCC.Core.CN10.AR01", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP01" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.10.2" - ], - "NIS2": [ - "6.8.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Find trust boundaries in VPC endpoint services allowlisted principles.", - "title": "Find trust boundaries in VPC endpoint services allowlisted principles.", - "types": [ - "Infrastructure Security" - ], - "uid": "prowler-aws-vpc_endpoint_services_allowed_principals_trust_boundaries-211203495394-us-east-1-vpce-svc-02e288a4c6043110f" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:ec2:us-east-1:211203495394:vpc-endpoint-service/vpce-svc-02e288a4c6043110f", - "id": "vpce-svc-02e288a4c6043110f", - "service": "io.spotinst.vpce.us-east-1.privatelink-api", - "owner_id": "aws-marketplace", - "allowed_principals": [], - "region": "us-east-1", - "tags": [] - } - }, - "group": { - "name": "vpc" - }, - "labels": [], - "name": "vpce-svc-02e288a4c6043110f", - "type": "AwsEc2VpcEndpointService", - "uid": "arn:aws:ec2:us-east-1:211203495394:vpc-endpoint-service/vpce-svc-02e288a4c6043110f" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "In multi Account environments identify untrusted links. Check trust chaining and dependencies between accounts.", - "references": [ - "https://docs.aws.amazon.com/vpc/latest/privatelink/vpc-endpoints-access.html" - ] - }, - "risk_details": "Account VPC could be linked to other accounts.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "VPC Endpoint Service vpce-svc-028691921eaeee579 has no allowed principals.", - "metadata": { - "event_code": "vpc_endpoint_services_allowed_principals_trust_boundaries", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "VPC Endpoint Service vpce-svc-028691921eaeee579 has no allowed principals.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "trustboundaries" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "AWS-Foundational-Technical-Review": [ - "NETSEC-002" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.10.2" - ], - "CCC": [ - "CCC.LB.CN09.AR01", - "CCC.Core.CN06.AR01", - "CCC.Core.CN06.AR02", - "CCC.Core.CN10.AR01", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP01" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.10.2" - ], - "NIS2": [ - "6.8.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Find trust boundaries in VPC endpoint services allowlisted principles.", - "title": "Find trust boundaries in VPC endpoint services allowlisted principles.", - "types": [ - "Infrastructure Security" - ], - "uid": "prowler-aws-vpc_endpoint_services_allowed_principals_trust_boundaries-211203495394-us-west-2-vpce-svc-028691921eaeee579" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-west-2", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:ec2:us-west-2:211203495394:vpc-endpoint-service/vpce-svc-028691921eaeee579", - "id": "vpce-svc-028691921eaeee579", - "service": "io.spotinst.vpce.us-west-2.privatelink-api", - "owner_id": "aws-marketplace", - "allowed_principals": [], - "region": "us-west-2", - "tags": [] - } - }, - "group": { - "name": "vpc" - }, - "labels": [], - "name": "vpce-svc-028691921eaeee579", - "type": "AwsEc2VpcEndpointService", - "uid": "arn:aws:ec2:us-west-2:211203495394:vpc-endpoint-service/vpce-svc-028691921eaeee579" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-west-2" - }, - "remediation": { - "desc": "In multi Account environments identify untrusted links. Check trust chaining and dependencies between accounts.", - "references": [ - "https://docs.aws.amazon.com/vpc/latest/privatelink/vpc-endpoints-access.html" - ] - }, - "risk_details": "Account VPC could be linked to other accounts.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - } -] diff --git a/website/src/data/test-results/finos-labs-ccc-cfi-compliance/aws-s3-bucket/results/aws-s3-bucket-delta.ocsf.json b/website/src/data/test-results/finos-labs-ccc-cfi-compliance/aws-s3-bucket/results/aws-s3-bucket-delta.ocsf.json deleted file mode 100644 index 9b1ac577..00000000 --- a/website/src/data/test-results/finos-labs-ccc-cfi-compliance/aws-s3-bucket/results/aws-s3-bucket-delta.ocsf.json +++ /dev/null @@ -1,20951 +0,0 @@ -[ - { - "message": "IAM Service Role terraform-20251019182000328500000001 does not prevent against a cross-service confused deputy attack.", - "metadata": { - "event_code": "iam_role_cross_service_confused_deputy_prevention", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "IAM Service Role terraform-20251019182000328500000001 does not prevent against a cross-service confused deputy attack.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "trustboundaries" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-01.01B", - "IAM-01.04B" - ], - "ENS-RD2022": [ - "op.exp.8.r4.aws.ct.8", - "op.exp.8.r4.aws.ct.1" - ], - "AWS-Foundational-Technical-Review": [ - "IAM-0012" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.6", - "2.10.2" - ], - "CCC": [ - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR06" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC02-BP04" - ], - "AWS-Account-Security-Onboarding": [ - "Predefine IAM Roles" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.6", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1078" - ], - "NIS2": [ - "3.1.2.c", - "6.8.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure IAM Service Roles prevents against a cross-service confused deputy attack", - "title": "Ensure IAM Service Roles prevents against a cross-service confused deputy attack", - "types": [], - "uid": "prowler-aws-iam_role_cross_service_confused_deputy_prevention-211203495394-us-east-1-terraform-20251019182000328500000001" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "terraform-20251019182000328500000001", - "arn": "arn:aws:iam::211203495394:role/terraform-20251019182000328500000001", - "assume_role_policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "", - "Effect": "Allow", - "Principal": { - "Service": "ec2.amazonaws.com" - }, - "Action": "sts:AssumeRole" - } - ] - }, - "is_service_role": true, - "attached_policies": [], - "inline_policies": [], - "tags": [] - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "terraform-20251019182000328500000001", - "type": "AwsIamRole", - "uid": "arn:aws:iam::211203495394:role/terraform-20251019182000328500000001" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "To mitigate cross-service confused deputy attacks, it's recommended to use the aws:SourceArn and aws:SourceAccount global condition context keys in your IAM role trust policies. If the role doesn't support these fields, consider implementing alternative security measures, such as defining more restrictive resource-based policies or using service-specific trust policies, to limit the role's permissions and exposure. For detailed guidance, refer to AWS's documentation on preventing cross-service confused deputy issues.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/confused-deputy.html#cross-service-confused-deputy-prevention" - ] - }, - "risk_details": "Allow attackers to gain unauthorized access to resources", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 34307c6a-e2e3-4f56-8543-fa92dd73df4f is being used.", - "metadata": { - "event_code": "kms_cmk_are_used", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "KMS CMK 34307c6a-e2e3-4f56-8543-fa92dd73df4f is being used.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "CCC": [ - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP01" - ], - "ISO27001-2022": [ - "A.8.5", - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.1", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Check if there are CMK KMS keys not used.", - "title": "Check if there are CMK KMS keys not used.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-kms_cmk_are_used-211203495394-eu-west-1-34307c6a-e2e3-4f56-8543-fa92dd73df4f" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "34307c6a-e2e3-4f56-8543-fa92dd73df4f", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/34307c6a-e2e3-4f56-8543-fa92dd73df4f", - "state": "Enabled", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Id": "key-default-1", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [] - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "34307c6a-e2e3-4f56-8543-fa92dd73df4f", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/34307c6a-e2e3-4f56-8543-fa92dd73df4f" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Before deleting a customer master key (CMK), you might want to know how many cipher-texts were encrypted under that key.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-determining-usage.html" - ] - }, - "risk_details": "Unused keys may increase service cost.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 34307c6a-e2e3-4f56-8543-fa92dd73df4f is not scheduled for deletion.", - "metadata": { - "event_code": "kms_cmk_not_deleted_unintentionally", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "PASS", - "status_detail": "KMS CMK 34307c6a-e2e3-4f56-8543-fa92dd73df4f is not scheduled for deletion.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "AM-07.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-16.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.9.2", - "2.10.1" - ], - "PCI-4.0": [ - "3.5.1.1.9", - "3.5.1.3.17", - "3.6.1.2.9", - "3.6.1.3.9", - "3.6.1.4.9", - "3.6.1.9", - "3.7.1.10", - "3.7.2.9", - "3.7.4.10", - "3.7.6.9", - "3.7.7.9", - "4.2.1.1.22" - ], - "CCC": [ - "CCC.KeyMgmt.CN01.AR01", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR02", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.ObjStor.CN05.AR04", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Foundational-Security-Best-Practices": [ - "KMS.3" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.9.2", - "2.10.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure there is no customer keys scheduled for deletion.", - "title": "AWS KMS keys should not be deleted unintentionally", - "types": [ - "Data Deletion Protection" - ], - "uid": "prowler-aws-kms_cmk_not_deleted_unintentionally-211203495394-eu-west-1-34307c6a-e2e3-4f56-8543-fa92dd73df4f" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "34307c6a-e2e3-4f56-8543-fa92dd73df4f", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/34307c6a-e2e3-4f56-8543-fa92dd73df4f", - "state": "Enabled", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Id": "key-default-1", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [] - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "34307c6a-e2e3-4f56-8543-fa92dd73df4f", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/34307c6a-e2e3-4f56-8543-fa92dd73df4f" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Cancel the deletion before the end of the period unless you really want to delete that CMK, as it will no longer be usable.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html#deleting-keys-scheduling-key-deletion-console" - ] - }, - "risk_details": "KMS keys cannot be recovered once deleted, also, all the data under a KMS key is also permanently unrecoverable if the KMS key is deleted.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 34307c6a-e2e3-4f56-8543-fa92dd73df4f is a single-region key.", - "metadata": { - "event_code": "kms_cmk_not_multi_region", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "KMS CMK 34307c6a-e2e3-4f56-8543-fa92dd73df4f is a single-region key.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html#multi-region-concepts", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Multi-region keys should be used only when absolutely necessary, such as for cross-region disaster recovery, and should be carefully managed with strict access controls.", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "CRY-03.01B", - "CRY-05.02B", - "CRY-10.01B", - "CRY-19.01B", - "PSS-12.02AC" - ], - "CCC": [ - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR04", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04", - "CCC.Core.CN11.AR05" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure that AWS KMS customer managed keys (CMKs) are not multi-region to maintain strict data control and compliance with security best practices.", - "title": "AWS KMS customer managed keys should not be multi-Region", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-kms_cmk_not_multi_region-211203495394-eu-west-1-34307c6a-e2e3-4f56-8543-fa92dd73df4f" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "34307c6a-e2e3-4f56-8543-fa92dd73df4f", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/34307c6a-e2e3-4f56-8543-fa92dd73df4f", - "state": "Enabled", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Id": "key-default-1", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [] - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "34307c6a-e2e3-4f56-8543-fa92dd73df4f", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/34307c6a-e2e3-4f56-8543-fa92dd73df4f" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Identify and replace multi-region keys with single-region KMS keys to enhance security and access control.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/mrk-when-to-use.html" - ] - }, - "risk_details": "Multi-region KMS keys can increase the risk of unauthorized access and data exposure, as managing access controls and auditing across multiple regions becomes more complex. This expanded attack surface may lead to compliance violations and data breaches.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 34307c6a-e2e3-4f56-8543-fa92dd73df4f has automatic rotation disabled.", - "metadata": { - "event_code": "kms_cmk_rotation_enabled", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "KMS CMK 34307c6a-e2e3-4f56-8543-fa92dd73df4f has automatic rotation disabled.", - "status_id": 1, - "unmapped": { - "related_url": "https://aws.amazon.com/blogs/security/how-to-get-ready-for-certificate-transparency/", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "RBI-Cyber-Security-Framework": [ - "annex_i_1_3" - ], - "HIPAA": [ - "164_312_a_2_iv" - ], - "C5-2025": [ - "OIS-08.02B", - "CRY-05.02B", - "CRY-06.01B", - "CRY-07.01B", - "CRY-09.02B", - "CRY-19.01B" - ], - "FedRamp-Moderate-Revision-4": [ - "sc-12" - ], - "CIS-3.0": [ - "3.6" - ], - "NIST-800-53-Revision-5": [ - "cm_6_a", - "cm_9_b", - "sa_9_6", - "sc_12", - "sc_12_2", - "sc_12_6" - ], - "ENS-RD2022": [ - "op.exp.10.aws.cmk.3" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "CIS-4.0.1": [ - "3.6" - ], - "PCI-4.0": [ - "3.7.4.5", - "3.7.5.2" - ], - "FedRAMP-Low-Revision-4": [ - "sc-12" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "CIS-5.0": [ - "3.6" - ], - "CIS-1.4": [ - "3.8" - ], - "CCC": [ - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN03.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04", - "CCC.Core.CN11.AR05", - "CCC.Core.CN11.AR06" - ], - "GxP-21-CFR-Part-11": [ - "11.30" - ], - "ProwlerThreatScore-1.0": [ - "3.2.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "KMS.4" - ], - "CIS-1.5": [ - "3.8" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC02-BP05" - ], - "ISO27001-2022": [ - "A.8.5", - "A.8.11", - "A.8.24" - ], - "NIST-800-53-Revision-4": [ - "sc_12" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "CIS-2.0": [ - "3.8" - ], - "CISA": [ - "your-systems-3" - ], - "NIS2": [ - "11.6.2.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure rotation for customer created KMS CMKs is enabled.", - "title": "Ensure rotation for customer created KMS CMKs is enabled.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-kms_cmk_rotation_enabled-211203495394-eu-west-1-34307c6a-e2e3-4f56-8543-fa92dd73df4f" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "34307c6a-e2e3-4f56-8543-fa92dd73df4f", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/34307c6a-e2e3-4f56-8543-fa92dd73df4f", - "state": "Enabled", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Id": "key-default-1", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [] - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "34307c6a-e2e3-4f56-8543-fa92dd73df4f", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/34307c6a-e2e3-4f56-8543-fa92dd73df4f" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "For every KMS Customer Master Keys (CMKs), ensure that Rotate this key every year is enabled.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html" - ] - }, - "risk_details": "Cryptographic best practices discourage extensive reuse of encryption keys. Consequently, Customer Master Keys (CMKs) should be rotated to prevent usage of compromised keys.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS key 34307c6a-e2e3-4f56-8543-fa92dd73df4f is not exposed to Public.", - "metadata": { - "event_code": "kms_key_not_publicly_accessible", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "KMS key 34307c6a-e2e3-4f56-8543-fa92dd73df4f is not exposed to Public.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/kms/latest/developerguide/determining-access.html", - "categories": [ - "internet-exposed", - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "PS-03.02B", - "IAM-10.01B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-19.01B", - "COS-02.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "CCC": [ - "CCC.ObjStor.CN01.AR01", - "CCC.ObjStor.CN01.AR02", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04" - ], - "ProwlerThreatScore-1.0": [ - "2.2.14" - ], - "AWS-Foundational-Security-Best-Practices": [ - "KMS.5" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC03-BP07" - ], - "ISO27001-2022": [ - "A.8.1" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "NIS2": [ - "9.2.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Check exposed KMS keys", - "title": "Check exposed KMS keys", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-kms_key_not_publicly_accessible-211203495394-eu-west-1-34307c6a-e2e3-4f56-8543-fa92dd73df4f" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "34307c6a-e2e3-4f56-8543-fa92dd73df4f", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/34307c6a-e2e3-4f56-8543-fa92dd73df4f", - "state": "Enabled", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Id": "key-default-1", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [] - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "34307c6a-e2e3-4f56-8543-fa92dd73df4f", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/34307c6a-e2e3-4f56-8543-fa92dd73df4f" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "To determine the full extent of who or what currently has access to a customer master key (CMK) in AWS KMS, you must examine the CMK key policy, all grants that apply to the CMK and potentially all AWS Identity and Access Management (IAM) policies. You might do this to determine the scope of potential usage of a CMK.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/determining-access.html" - ] - }, - "risk_details": "Exposed KMS Keys or wide policy permissions my leave data unprotected.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket cloudfront-logs-sure-jackal has bucket ACLs enabled.", - "metadata": { - "event_code": "s3_bucket_acl_prohibited", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "S3 Bucket cloudfront-logs-sure-jackal has bucket ACLs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.2", - "2.10.2" - ], - "PCI-4.0": [ - "7.2.1.24", - "7.2.2.24", - "7.2.5.18", - "7.3.1.18", - "7.3.2.18", - "7.3.3.18", - "8.2.7.18", - "8.2.8.20", - "8.3.4.18" - ], - "CCC": [ - "CCC.ObjStor.CN02.AR02" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.12" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP02" - ], - "KISA-ISMS-P-2023": [ - "2.6.2", - "2.10.2" - ], - "CISA": [ - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Check if S3 buckets have ACLs enabled", - "title": "Check if S3 buckets have ACLs enabled", - "types": [ - "Logging and Monitoring" - ], - "uid": "prowler-aws-s3_bucket_acl_prohibited-211203495394-eu-west-1-cloudfront-logs-sure-jackal" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::cloudfront-logs-sure-jackal", - "name": "cloudfront-logs-sure-jackal", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "awslogsdelivery+s3_us-east-1", - "ID": "c4c1ede66af53448b93c283ce9448c4ba468c9432aa01d700d3878632f77d2d0", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - }, - { - "display_name": null, - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "eu-west-1", - "logging_target_bucket": null, - "ownership": "ObjectWriter", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "cloudfront-logs-sure-jackal", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::cloudfront-logs-sure-jackal" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Ensure that S3 ACLs are disabled (BucketOwnerEnforced). Use IAM policies and bucket policies to manage access.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html" - ] - }, - "risk_details": "S3 ACLs are a legacy access control mechanism that predates IAM. IAM and bucket policies are currently the preferred methods.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket logs-sure-jackal has bucket ACLs disabled.", - "metadata": { - "event_code": "s3_bucket_acl_prohibited", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 Bucket logs-sure-jackal has bucket ACLs disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.2", - "2.10.2" - ], - "PCI-4.0": [ - "7.2.1.24", - "7.2.2.24", - "7.2.5.18", - "7.3.1.18", - "7.3.2.18", - "7.3.3.18", - "8.2.7.18", - "8.2.8.20", - "8.3.4.18" - ], - "CCC": [ - "CCC.ObjStor.CN02.AR02" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.12" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP02" - ], - "KISA-ISMS-P-2023": [ - "2.6.2", - "2.10.2" - ], - "CISA": [ - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Check if S3 buckets have ACLs enabled", - "title": "Check if S3 buckets have ACLs enabled", - "types": [ - "Logging and Monitoring" - ], - "uid": "prowler-aws-s3_bucket_acl_prohibited-211203495394-eu-west-1-logs-sure-jackal" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::logs-sure-jackal", - "name": "logs-sure-jackal", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "ELBRegionEu-West-1", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::156460612806:root" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/*" - }, - { - "Effect": "Allow", - "Principal": { - "Service": "logdelivery.elasticloadbalancing.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/*" - }, - { - "Sid": "AlbNlbLogDeliveryWrite", - "Effect": "Allow", - "Principal": { - "Service": "delivery.logs.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/*", - "Condition": { - "StringEquals": { - "s3:x-amz-acl": "bucket-owner-full-control", - "aws:ResourceOrgID": "o-123456" - } - } - }, - { - "Sid": "AlbNlbLogDeliveryAclCheck", - "Effect": "Allow", - "Principal": { - "Service": "delivery.logs.amazonaws.com" - }, - "Action": [ - "s3:ListBucket", - "s3:GetBucketAcl" - ], - "Resource": "arn:aws:s3:::logs-sure-jackal", - "Condition": { - "StringEquals": { - "aws:ResourceOrgID": "o-123456" - } - } - }, - { - "Sid": "AWSAccessLogDeliveryWrite", - "Effect": "Allow", - "Principal": { - "Service": "logging.s3.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/*", - "Condition": { - "StringEquals": { - "aws:ResourceOrgID": "o-123456" - }, - "ForAnyValue:StringEquals": { - "aws:SourceAccount": "211203495394" - }, - "ForAnyValue:ArnLike": { - "aws:SourceArn": "arn:aws:s3:::s3-bucket-sure-jackal" - } - } - }, - { - "Sid": "AWSAccessLogDeliveryAclCheck", - "Effect": "Allow", - "Principal": { - "Service": "logging.s3.amazonaws.com" - }, - "Action": "s3:GetBucketAcl", - "Resource": "arn:aws:s3:::logs-sure-jackal", - "Condition": { - "StringEquals": { - "aws:ResourceOrgID": "o-123456" - } - } - }, - { - "Sid": "AWSCloudTrailAclCheck", - "Effect": "Allow", - "Principal": { - "Service": "cloudtrail.amazonaws.com" - }, - "Action": "s3:GetBucketAcl", - "Resource": "arn:aws:s3:::logs-sure-jackal" - }, - { - "Sid": "AWSCloudTrailWrite", - "Effect": "Allow", - "Principal": { - "Service": "cloudtrail.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/AWSLogs/*", - "Condition": { - "StringEquals": { - "s3:x-amz-acl": "bucket-owner-full-control" - } - } - }, - { - "Sid": "denyOutdatedTLS", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:*", - "Resource": [ - "arn:aws:s3:::logs-sure-jackal/*", - "arn:aws:s3:::logs-sure-jackal" - ], - "Condition": { - "NumericLessThan": { - "s3:TlsVersion": "1.2" - } - } - }, - { - "Sid": "denyInsecureTransport", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:*", - "Resource": [ - "arn:aws:s3:::logs-sure-jackal/*", - "arn:aws:s3:::logs-sure-jackal" - ], - "Condition": { - "Bool": { - "aws:SecureTransport": "false" - } - } - }, - { - "Sid": "WafLogDeliveryWrite", - "Effect": "Allow", - "Principal": { - "Service": "delivery.logs.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/AWSLogs/211203495394/*", - "Condition": { - "StringEquals": { - "aws:SourceAccount": "211203495394", - "s3:x-amz-acl": "bucket-owner-full-control" - }, - "ArnLike": { - "aws:SourceArn": "arn:aws:logs:eu-west-1:211203495394:*" - } - } - }, - { - "Sid": "WafLogDeliveryAclCheck", - "Effect": "Allow", - "Principal": { - "Service": "delivery.logs.amazonaws.com" - }, - "Action": "s3:GetBucketAcl", - "Resource": "arn:aws:s3:::logs-sure-jackal", - "Condition": { - "StringEquals": { - "aws:SourceAccount": "211203495394" - }, - "ArnLike": { - "aws:SourceArn": "arn:aws:logs:eu-west-1:211203495394:*" - } - } - } - ] - }, - "encryption": "AES256", - "region": "eu-west-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "logs-sure-jackal", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::logs-sure-jackal" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Ensure that S3 ACLs are disabled (BucketOwnerEnforced). Use IAM policies and bucket policies to manage access.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html" - ] - }, - "risk_details": "S3 ACLs are a legacy access control mechanism that predates IAM. IAM and bucket policies are currently the preferred methods.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket s3-bucket-sure-jackal has bucket ACLs enabled.", - "metadata": { - "event_code": "s3_bucket_acl_prohibited", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "S3 Bucket s3-bucket-sure-jackal has bucket ACLs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.2", - "2.10.2" - ], - "PCI-4.0": [ - "7.2.1.24", - "7.2.2.24", - "7.2.5.18", - "7.3.1.18", - "7.3.2.18", - "7.3.3.18", - "8.2.7.18", - "8.2.8.20", - "8.3.4.18" - ], - "CCC": [ - "CCC.ObjStor.CN02.AR02" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.12" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP02" - ], - "KISA-ISMS-P-2023": [ - "2.6.2", - "2.10.2" - ], - "CISA": [ - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Check if S3 buckets have ACLs enabled", - "title": "Check if S3 buckets have ACLs enabled", - "types": [ - "Logging and Monitoring" - ], - "uid": "prowler-aws-s3_bucket_acl_prohibited-211203495394-eu-west-1-s3-bucket-sure-jackal" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::s3-bucket-sure-jackal", - "name": "s3-bucket-sure-jackal", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": true, - "logging": true, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": null, - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "denyOutdatedTLS", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:*", - "Resource": [ - "arn:aws:s3:::s3-bucket-sure-jackal/*", - "arn:aws:s3:::s3-bucket-sure-jackal" - ], - "Condition": { - "NumericLessThan": { - "s3:TlsVersion": "1.2" - } - } - }, - { - "Sid": "denyInsecureTransport", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:*", - "Resource": [ - "arn:aws:s3:::s3-bucket-sure-jackal/*", - "arn:aws:s3:::s3-bucket-sure-jackal" - ], - "Condition": { - "Bool": { - "aws:SecureTransport": "false" - } - } - }, - { - "Sid": "denyUnencryptedObjectUploads", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal/*", - "Condition": { - "Null": { - "s3:x-amz-server-side-encryption": "true" - } - } - }, - { - "Sid": "denySSECEncryptedObjectUploads", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal/*", - "Condition": { - "Null": { - "s3:x-amz-server-side-encryption-customer-algorithm": "false" - } - } - }, - { - "Sid": "denyIncorrectKmsKeySse", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal/*", - "Condition": { - "StringNotEquals": { - "s3:x-amz-server-side-encryption-aws-kms-key-id": "arn:aws:kms:eu-west-1:211203495394:key/34307c6a-e2e3-4f56-8543-fa92dd73df4f" - } - } - }, - { - "Sid": "denyIncorrectEncryptionHeaders", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal/*", - "Condition": { - "StringNotEquals": { - "s3:x-amz-server-side-encryption": "aws:kms" - } - } - }, - { - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:role/terraform-20251019182000328500000001" - }, - "Action": "s3:ListBucket", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal" - } - ] - }, - "encryption": "aws:kms", - "region": "eu-west-1", - "logging_target_bucket": "logs-sure-jackal", - "ownership": "BucketOwnerPreferred", - "object_lock": true, - "mfa_delete": false, - "tags": [ - { - "Key": "Owner", - "Value": "Anton" - } - ], - "lifecycle": [ - { - "id": "log", - "status": "Enabled" - }, - { - "id": "log1", - "status": "Enabled" - }, - { - "id": "log2", - "status": "Enabled" - } - ], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [ - "Owner:Anton" - ], - "name": "s3-bucket-sure-jackal", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::s3-bucket-sure-jackal" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Ensure that S3 ACLs are disabled (BucketOwnerEnforced). Use IAM policies and bucket policies to manage access.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html" - ] - }, - "risk_details": "S3 ACLs are a legacy access control mechanism that predates IAM. IAM and bucket policies are currently the preferred methods.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket simple-sure-jackal has bucket ACLs disabled.", - "metadata": { - "event_code": "s3_bucket_acl_prohibited", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 Bucket simple-sure-jackal has bucket ACLs disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.2", - "2.10.2" - ], - "PCI-4.0": [ - "7.2.1.24", - "7.2.2.24", - "7.2.5.18", - "7.3.1.18", - "7.3.2.18", - "7.3.3.18", - "8.2.7.18", - "8.2.8.20", - "8.3.4.18" - ], - "CCC": [ - "CCC.ObjStor.CN02.AR02" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.12" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP02" - ], - "KISA-ISMS-P-2023": [ - "2.6.2", - "2.10.2" - ], - "CISA": [ - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Check if S3 buckets have ACLs enabled", - "title": "Check if S3 buckets have ACLs enabled", - "types": [ - "Logging and Monitoring" - ], - "uid": "prowler-aws-s3_bucket_acl_prohibited-211203495394-eu-west-1-simple-sure-jackal" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::simple-sure-jackal", - "name": "simple-sure-jackal", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "eu-west-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "simple-sure-jackal", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::simple-sure-jackal" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Ensure that S3 ACLs are disabled (BucketOwnerEnforced). Use IAM policies and bucket policies to manage access.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html" - ] - }, - "risk_details": "S3 ACLs are a legacy access control mechanism that predates IAM. IAM and bucket policies are currently the preferred methods.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket cloudfront-logs-sure-jackal does not have a bucket policy.", - "metadata": { - "event_code": "s3_bucket_cross_account_access", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 Bucket cloudfront-logs-sure-jackal does not have a bucket policy.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-10.01B", - "IAM-10.02B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "PCI-4.0": [ - "10.6.3.33", - "10.6.3.35", - "7.2.1.25", - "7.2.1.26", - "7.2.1.27", - "7.2.2.25", - "7.2.2.26", - "7.2.2.27", - "7.2.5.19", - "7.2.5.20", - "7.2.5.21", - "7.2.6.4", - "7.2.6.5", - "7.3.1.19", - "7.3.1.20", - "7.3.1.21", - "7.3.2.19", - "7.3.2.20", - "7.3.2.21", - "7.3.3.19", - "7.3.3.20", - "7.3.3.21", - "8.2.7.19", - "8.2.7.20", - "8.2.7.21", - "8.2.8.21", - "8.2.8.22", - "8.2.8.23", - "8.3.4.19", - "8.3.4.20", - "8.3.4.21" - ], - "CCC": [ - "CCC.AuditLog.CN05.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN10.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.6", - "S3.7" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "This check verifies that S3 bucket policies are configured in a way that limits access to the intended AWS accounts only, preventing unauthorized access by external or unintended accounts.", - "title": "Ensure that general-purpose bucket policies restrict access to other AWS accounts.", - "types": [ - "Effects/Data Exposure" - ], - "uid": "prowler-aws-s3_bucket_cross_account_access-211203495394-eu-west-1-cloudfront-logs-sure-jackal" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::cloudfront-logs-sure-jackal", - "name": "cloudfront-logs-sure-jackal", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "awslogsdelivery+s3_us-east-1", - "ID": "c4c1ede66af53448b93c283ce9448c4ba468c9432aa01d700d3878632f77d2d0", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - }, - { - "display_name": null, - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "eu-west-1", - "logging_target_bucket": null, - "ownership": "ObjectWriter", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "cloudfront-logs-sure-jackal", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::cloudfront-logs-sure-jackal" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Review and update your S3 bucket policies to remove permissions that grant external AWS accounts access to critical actions and implement least privilege principles to ensure sensitive operations are restricted to trusted accounts only", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html" - ] - }, - "risk_details": "Allowing other AWS accounts to perform sensitive actions (e.g., modifying bucket policies, ACLs, or encryption settings) on your S3 buckets can lead to data exposure, unauthorized access, or misconfigurations, increasing the risk of insider threats or attacks.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket logs-sure-jackal has a bucket policy allowing cross account access.", - "metadata": { - "event_code": "s3_bucket_cross_account_access", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "S3 Bucket logs-sure-jackal has a bucket policy allowing cross account access.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-10.01B", - "IAM-10.02B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "PCI-4.0": [ - "10.6.3.33", - "10.6.3.35", - "7.2.1.25", - "7.2.1.26", - "7.2.1.27", - "7.2.2.25", - "7.2.2.26", - "7.2.2.27", - "7.2.5.19", - "7.2.5.20", - "7.2.5.21", - "7.2.6.4", - "7.2.6.5", - "7.3.1.19", - "7.3.1.20", - "7.3.1.21", - "7.3.2.19", - "7.3.2.20", - "7.3.2.21", - "7.3.3.19", - "7.3.3.20", - "7.3.3.21", - "8.2.7.19", - "8.2.7.20", - "8.2.7.21", - "8.2.8.21", - "8.2.8.22", - "8.2.8.23", - "8.3.4.19", - "8.3.4.20", - "8.3.4.21" - ], - "CCC": [ - "CCC.AuditLog.CN05.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN10.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.6", - "S3.7" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "This check verifies that S3 bucket policies are configured in a way that limits access to the intended AWS accounts only, preventing unauthorized access by external or unintended accounts.", - "title": "Ensure that general-purpose bucket policies restrict access to other AWS accounts.", - "types": [ - "Effects/Data Exposure" - ], - "uid": "prowler-aws-s3_bucket_cross_account_access-211203495394-eu-west-1-logs-sure-jackal" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::logs-sure-jackal", - "name": "logs-sure-jackal", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "ELBRegionEu-West-1", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::156460612806:root" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/*" - }, - { - "Effect": "Allow", - "Principal": { - "Service": "logdelivery.elasticloadbalancing.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/*" - }, - { - "Sid": "AlbNlbLogDeliveryWrite", - "Effect": "Allow", - "Principal": { - "Service": "delivery.logs.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/*", - "Condition": { - "StringEquals": { - "s3:x-amz-acl": "bucket-owner-full-control", - "aws:ResourceOrgID": "o-123456" - } - } - }, - { - "Sid": "AlbNlbLogDeliveryAclCheck", - "Effect": "Allow", - "Principal": { - "Service": "delivery.logs.amazonaws.com" - }, - "Action": [ - "s3:ListBucket", - "s3:GetBucketAcl" - ], - "Resource": "arn:aws:s3:::logs-sure-jackal", - "Condition": { - "StringEquals": { - "aws:ResourceOrgID": "o-123456" - } - } - }, - { - "Sid": "AWSAccessLogDeliveryWrite", - "Effect": "Allow", - "Principal": { - "Service": "logging.s3.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/*", - "Condition": { - "StringEquals": { - "aws:ResourceOrgID": "o-123456" - }, - "ForAnyValue:StringEquals": { - "aws:SourceAccount": "211203495394" - }, - "ForAnyValue:ArnLike": { - "aws:SourceArn": "arn:aws:s3:::s3-bucket-sure-jackal" - } - } - }, - { - "Sid": "AWSAccessLogDeliveryAclCheck", - "Effect": "Allow", - "Principal": { - "Service": "logging.s3.amazonaws.com" - }, - "Action": "s3:GetBucketAcl", - "Resource": "arn:aws:s3:::logs-sure-jackal", - "Condition": { - "StringEquals": { - "aws:ResourceOrgID": "o-123456" - } - } - }, - { - "Sid": "AWSCloudTrailAclCheck", - "Effect": "Allow", - "Principal": { - "Service": "cloudtrail.amazonaws.com" - }, - "Action": "s3:GetBucketAcl", - "Resource": "arn:aws:s3:::logs-sure-jackal" - }, - { - "Sid": "AWSCloudTrailWrite", - "Effect": "Allow", - "Principal": { - "Service": "cloudtrail.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/AWSLogs/*", - "Condition": { - "StringEquals": { - "s3:x-amz-acl": "bucket-owner-full-control" - } - } - }, - { - "Sid": "denyOutdatedTLS", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:*", - "Resource": [ - "arn:aws:s3:::logs-sure-jackal/*", - "arn:aws:s3:::logs-sure-jackal" - ], - "Condition": { - "NumericLessThan": { - "s3:TlsVersion": "1.2" - } - } - }, - { - "Sid": "denyInsecureTransport", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:*", - "Resource": [ - "arn:aws:s3:::logs-sure-jackal/*", - "arn:aws:s3:::logs-sure-jackal" - ], - "Condition": { - "Bool": { - "aws:SecureTransport": "false" - } - } - }, - { - "Sid": "WafLogDeliveryWrite", - "Effect": "Allow", - "Principal": { - "Service": "delivery.logs.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/AWSLogs/211203495394/*", - "Condition": { - "StringEquals": { - "aws:SourceAccount": "211203495394", - "s3:x-amz-acl": "bucket-owner-full-control" - }, - "ArnLike": { - "aws:SourceArn": "arn:aws:logs:eu-west-1:211203495394:*" - } - } - }, - { - "Sid": "WafLogDeliveryAclCheck", - "Effect": "Allow", - "Principal": { - "Service": "delivery.logs.amazonaws.com" - }, - "Action": "s3:GetBucketAcl", - "Resource": "arn:aws:s3:::logs-sure-jackal", - "Condition": { - "StringEquals": { - "aws:SourceAccount": "211203495394" - }, - "ArnLike": { - "aws:SourceArn": "arn:aws:logs:eu-west-1:211203495394:*" - } - } - } - ] - }, - "encryption": "AES256", - "region": "eu-west-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "logs-sure-jackal", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::logs-sure-jackal" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Review and update your S3 bucket policies to remove permissions that grant external AWS accounts access to critical actions and implement least privilege principles to ensure sensitive operations are restricted to trusted accounts only", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html" - ] - }, - "risk_details": "Allowing other AWS accounts to perform sensitive actions (e.g., modifying bucket policies, ACLs, or encryption settings) on your S3 buckets can lead to data exposure, unauthorized access, or misconfigurations, increasing the risk of insider threats or attacks.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket s3-bucket-sure-jackal has a bucket policy but it does not allow cross account access.", - "metadata": { - "event_code": "s3_bucket_cross_account_access", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 Bucket s3-bucket-sure-jackal has a bucket policy but it does not allow cross account access.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-10.01B", - "IAM-10.02B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "PCI-4.0": [ - "10.6.3.33", - "10.6.3.35", - "7.2.1.25", - "7.2.1.26", - "7.2.1.27", - "7.2.2.25", - "7.2.2.26", - "7.2.2.27", - "7.2.5.19", - "7.2.5.20", - "7.2.5.21", - "7.2.6.4", - "7.2.6.5", - "7.3.1.19", - "7.3.1.20", - "7.3.1.21", - "7.3.2.19", - "7.3.2.20", - "7.3.2.21", - "7.3.3.19", - "7.3.3.20", - "7.3.3.21", - "8.2.7.19", - "8.2.7.20", - "8.2.7.21", - "8.2.8.21", - "8.2.8.22", - "8.2.8.23", - "8.3.4.19", - "8.3.4.20", - "8.3.4.21" - ], - "CCC": [ - "CCC.AuditLog.CN05.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN10.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.6", - "S3.7" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "This check verifies that S3 bucket policies are configured in a way that limits access to the intended AWS accounts only, preventing unauthorized access by external or unintended accounts.", - "title": "Ensure that general-purpose bucket policies restrict access to other AWS accounts.", - "types": [ - "Effects/Data Exposure" - ], - "uid": "prowler-aws-s3_bucket_cross_account_access-211203495394-eu-west-1-s3-bucket-sure-jackal" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::s3-bucket-sure-jackal", - "name": "s3-bucket-sure-jackal", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": true, - "logging": true, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": null, - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "denyOutdatedTLS", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:*", - "Resource": [ - "arn:aws:s3:::s3-bucket-sure-jackal/*", - "arn:aws:s3:::s3-bucket-sure-jackal" - ], - "Condition": { - "NumericLessThan": { - "s3:TlsVersion": "1.2" - } - } - }, - { - "Sid": "denyInsecureTransport", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:*", - "Resource": [ - "arn:aws:s3:::s3-bucket-sure-jackal/*", - "arn:aws:s3:::s3-bucket-sure-jackal" - ], - "Condition": { - "Bool": { - "aws:SecureTransport": "false" - } - } - }, - { - "Sid": "denyUnencryptedObjectUploads", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal/*", - "Condition": { - "Null": { - "s3:x-amz-server-side-encryption": "true" - } - } - }, - { - "Sid": "denySSECEncryptedObjectUploads", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal/*", - "Condition": { - "Null": { - "s3:x-amz-server-side-encryption-customer-algorithm": "false" - } - } - }, - { - "Sid": "denyIncorrectKmsKeySse", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal/*", - "Condition": { - "StringNotEquals": { - "s3:x-amz-server-side-encryption-aws-kms-key-id": "arn:aws:kms:eu-west-1:211203495394:key/34307c6a-e2e3-4f56-8543-fa92dd73df4f" - } - } - }, - { - "Sid": "denyIncorrectEncryptionHeaders", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal/*", - "Condition": { - "StringNotEquals": { - "s3:x-amz-server-side-encryption": "aws:kms" - } - } - }, - { - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:role/terraform-20251019182000328500000001" - }, - "Action": "s3:ListBucket", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal" - } - ] - }, - "encryption": "aws:kms", - "region": "eu-west-1", - "logging_target_bucket": "logs-sure-jackal", - "ownership": "BucketOwnerPreferred", - "object_lock": true, - "mfa_delete": false, - "tags": [ - { - "Key": "Owner", - "Value": "Anton" - } - ], - "lifecycle": [ - { - "id": "log", - "status": "Enabled" - }, - { - "id": "log1", - "status": "Enabled" - }, - { - "id": "log2", - "status": "Enabled" - } - ], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [ - "Owner:Anton" - ], - "name": "s3-bucket-sure-jackal", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::s3-bucket-sure-jackal" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Review and update your S3 bucket policies to remove permissions that grant external AWS accounts access to critical actions and implement least privilege principles to ensure sensitive operations are restricted to trusted accounts only", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html" - ] - }, - "risk_details": "Allowing other AWS accounts to perform sensitive actions (e.g., modifying bucket policies, ACLs, or encryption settings) on your S3 buckets can lead to data exposure, unauthorized access, or misconfigurations, increasing the risk of insider threats or attacks.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket simple-sure-jackal does not have a bucket policy.", - "metadata": { - "event_code": "s3_bucket_cross_account_access", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 Bucket simple-sure-jackal does not have a bucket policy.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-10.01B", - "IAM-10.02B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "PCI-4.0": [ - "10.6.3.33", - "10.6.3.35", - "7.2.1.25", - "7.2.1.26", - "7.2.1.27", - "7.2.2.25", - "7.2.2.26", - "7.2.2.27", - "7.2.5.19", - "7.2.5.20", - "7.2.5.21", - "7.2.6.4", - "7.2.6.5", - "7.3.1.19", - "7.3.1.20", - "7.3.1.21", - "7.3.2.19", - "7.3.2.20", - "7.3.2.21", - "7.3.3.19", - "7.3.3.20", - "7.3.3.21", - "8.2.7.19", - "8.2.7.20", - "8.2.7.21", - "8.2.8.21", - "8.2.8.22", - "8.2.8.23", - "8.3.4.19", - "8.3.4.20", - "8.3.4.21" - ], - "CCC": [ - "CCC.AuditLog.CN05.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN10.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.6", - "S3.7" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "This check verifies that S3 bucket policies are configured in a way that limits access to the intended AWS accounts only, preventing unauthorized access by external or unintended accounts.", - "title": "Ensure that general-purpose bucket policies restrict access to other AWS accounts.", - "types": [ - "Effects/Data Exposure" - ], - "uid": "prowler-aws-s3_bucket_cross_account_access-211203495394-eu-west-1-simple-sure-jackal" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::simple-sure-jackal", - "name": "simple-sure-jackal", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "eu-west-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "simple-sure-jackal", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::simple-sure-jackal" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Review and update your S3 bucket policies to remove permissions that grant external AWS accounts access to critical actions and implement least privilege principles to ensure sensitive operations are restricted to trusted accounts only", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html" - ] - }, - "risk_details": "Allowing other AWS accounts to perform sensitive actions (e.g., modifying bucket policies, ACLs, or encryption settings) on your S3 buckets can lead to data exposure, unauthorized access, or misconfigurations, increasing the risk of insider threats or attacks.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket cloudfront-logs-sure-jackal does not have correct cross region replication configuration.", - "metadata": { - "event_code": "s3_bucket_cross_region_replication", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "S3 Bucket cloudfront-logs-sure-jackal does not have correct cross region replication configuration.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonS3/latest/userguide/replication.html", - "categories": [ - "redundancy" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.2" - ], - "PCI-3.2.1": [ - "2.2", - "3.1", - "3.1.c", - "10.5", - "10.5.3" - ], - "CCC": [ - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN05.AR02", - "CCC.Core.CN08.AR01", - "CCC.Core.CN08.AR02" - ], - "ISO27001-2022": [ - "A.8.14" - ], - "KISA-ISMS-P-2023": [ - "2.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Verifying whether S3 buckets have cross-region replication enabled, ensuring data redundancy and availability across multiple AWS regions", - "title": "Check if S3 buckets use cross region replication.", - "types": [ - "Secure access management" - ], - "uid": "prowler-aws-s3_bucket_cross_region_replication-211203495394-eu-west-1-cloudfront-logs-sure-jackal" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::cloudfront-logs-sure-jackal", - "name": "cloudfront-logs-sure-jackal", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "awslogsdelivery+s3_us-east-1", - "ID": "c4c1ede66af53448b93c283ce9448c4ba468c9432aa01d700d3878632f77d2d0", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - }, - { - "display_name": null, - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "eu-west-1", - "logging_target_bucket": null, - "ownership": "ObjectWriter", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "cloudfront-logs-sure-jackal", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::cloudfront-logs-sure-jackal" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Ensure that S3 buckets have cross region replication.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/replication-walkthrough1.html" - ] - }, - "risk_details": "Without cross-region replication in S3 buckets, data is at risk of being lost or inaccessible if an entire region goes down, leading to potential service disruptions and data unavailability.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket logs-sure-jackal does not have correct cross region replication configuration.", - "metadata": { - "event_code": "s3_bucket_cross_region_replication", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "S3 Bucket logs-sure-jackal does not have correct cross region replication configuration.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonS3/latest/userguide/replication.html", - "categories": [ - "redundancy" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.2" - ], - "PCI-3.2.1": [ - "2.2", - "3.1", - "3.1.c", - "10.5", - "10.5.3" - ], - "CCC": [ - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN05.AR02", - "CCC.Core.CN08.AR01", - "CCC.Core.CN08.AR02" - ], - "ISO27001-2022": [ - "A.8.14" - ], - "KISA-ISMS-P-2023": [ - "2.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Verifying whether S3 buckets have cross-region replication enabled, ensuring data redundancy and availability across multiple AWS regions", - "title": "Check if S3 buckets use cross region replication.", - "types": [ - "Secure access management" - ], - "uid": "prowler-aws-s3_bucket_cross_region_replication-211203495394-eu-west-1-logs-sure-jackal" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::logs-sure-jackal", - "name": "logs-sure-jackal", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "ELBRegionEu-West-1", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::156460612806:root" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/*" - }, - { - "Effect": "Allow", - "Principal": { - "Service": "logdelivery.elasticloadbalancing.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/*" - }, - { - "Sid": "AlbNlbLogDeliveryWrite", - "Effect": "Allow", - "Principal": { - "Service": "delivery.logs.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/*", - "Condition": { - "StringEquals": { - "s3:x-amz-acl": "bucket-owner-full-control", - "aws:ResourceOrgID": "o-123456" - } - } - }, - { - "Sid": "AlbNlbLogDeliveryAclCheck", - "Effect": "Allow", - "Principal": { - "Service": "delivery.logs.amazonaws.com" - }, - "Action": [ - "s3:ListBucket", - "s3:GetBucketAcl" - ], - "Resource": "arn:aws:s3:::logs-sure-jackal", - "Condition": { - "StringEquals": { - "aws:ResourceOrgID": "o-123456" - } - } - }, - { - "Sid": "AWSAccessLogDeliveryWrite", - "Effect": "Allow", - "Principal": { - "Service": "logging.s3.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/*", - "Condition": { - "StringEquals": { - "aws:ResourceOrgID": "o-123456" - }, - "ForAnyValue:StringEquals": { - "aws:SourceAccount": "211203495394" - }, - "ForAnyValue:ArnLike": { - "aws:SourceArn": "arn:aws:s3:::s3-bucket-sure-jackal" - } - } - }, - { - "Sid": "AWSAccessLogDeliveryAclCheck", - "Effect": "Allow", - "Principal": { - "Service": "logging.s3.amazonaws.com" - }, - "Action": "s3:GetBucketAcl", - "Resource": "arn:aws:s3:::logs-sure-jackal", - "Condition": { - "StringEquals": { - "aws:ResourceOrgID": "o-123456" - } - } - }, - { - "Sid": "AWSCloudTrailAclCheck", - "Effect": "Allow", - "Principal": { - "Service": "cloudtrail.amazonaws.com" - }, - "Action": "s3:GetBucketAcl", - "Resource": "arn:aws:s3:::logs-sure-jackal" - }, - { - "Sid": "AWSCloudTrailWrite", - "Effect": "Allow", - "Principal": { - "Service": "cloudtrail.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/AWSLogs/*", - "Condition": { - "StringEquals": { - "s3:x-amz-acl": "bucket-owner-full-control" - } - } - }, - { - "Sid": "denyOutdatedTLS", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:*", - "Resource": [ - "arn:aws:s3:::logs-sure-jackal/*", - "arn:aws:s3:::logs-sure-jackal" - ], - "Condition": { - "NumericLessThan": { - "s3:TlsVersion": "1.2" - } - } - }, - { - "Sid": "denyInsecureTransport", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:*", - "Resource": [ - "arn:aws:s3:::logs-sure-jackal/*", - "arn:aws:s3:::logs-sure-jackal" - ], - "Condition": { - "Bool": { - "aws:SecureTransport": "false" - } - } - }, - { - "Sid": "WafLogDeliveryWrite", - "Effect": "Allow", - "Principal": { - "Service": "delivery.logs.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/AWSLogs/211203495394/*", - "Condition": { - "StringEquals": { - "aws:SourceAccount": "211203495394", - "s3:x-amz-acl": "bucket-owner-full-control" - }, - "ArnLike": { - "aws:SourceArn": "arn:aws:logs:eu-west-1:211203495394:*" - } - } - }, - { - "Sid": "WafLogDeliveryAclCheck", - "Effect": "Allow", - "Principal": { - "Service": "delivery.logs.amazonaws.com" - }, - "Action": "s3:GetBucketAcl", - "Resource": "arn:aws:s3:::logs-sure-jackal", - "Condition": { - "StringEquals": { - "aws:SourceAccount": "211203495394" - }, - "ArnLike": { - "aws:SourceArn": "arn:aws:logs:eu-west-1:211203495394:*" - } - } - } - ] - }, - "encryption": "AES256", - "region": "eu-west-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "logs-sure-jackal", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::logs-sure-jackal" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Ensure that S3 buckets have cross region replication.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/replication-walkthrough1.html" - ] - }, - "risk_details": "Without cross-region replication in S3 buckets, data is at risk of being lost or inaccessible if an entire region goes down, leading to potential service disruptions and data unavailability.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket s3-bucket-sure-jackal does not have correct cross region replication configuration.", - "metadata": { - "event_code": "s3_bucket_cross_region_replication", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "S3 Bucket s3-bucket-sure-jackal does not have correct cross region replication configuration.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonS3/latest/userguide/replication.html", - "categories": [ - "redundancy" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.2" - ], - "PCI-3.2.1": [ - "2.2", - "3.1", - "3.1.c", - "10.5", - "10.5.3" - ], - "CCC": [ - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN05.AR02", - "CCC.Core.CN08.AR01", - "CCC.Core.CN08.AR02" - ], - "ISO27001-2022": [ - "A.8.14" - ], - "KISA-ISMS-P-2023": [ - "2.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Verifying whether S3 buckets have cross-region replication enabled, ensuring data redundancy and availability across multiple AWS regions", - "title": "Check if S3 buckets use cross region replication.", - "types": [ - "Secure access management" - ], - "uid": "prowler-aws-s3_bucket_cross_region_replication-211203495394-eu-west-1-s3-bucket-sure-jackal" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::s3-bucket-sure-jackal", - "name": "s3-bucket-sure-jackal", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": true, - "logging": true, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": null, - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "denyOutdatedTLS", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:*", - "Resource": [ - "arn:aws:s3:::s3-bucket-sure-jackal/*", - "arn:aws:s3:::s3-bucket-sure-jackal" - ], - "Condition": { - "NumericLessThan": { - "s3:TlsVersion": "1.2" - } - } - }, - { - "Sid": "denyInsecureTransport", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:*", - "Resource": [ - "arn:aws:s3:::s3-bucket-sure-jackal/*", - "arn:aws:s3:::s3-bucket-sure-jackal" - ], - "Condition": { - "Bool": { - "aws:SecureTransport": "false" - } - } - }, - { - "Sid": "denyUnencryptedObjectUploads", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal/*", - "Condition": { - "Null": { - "s3:x-amz-server-side-encryption": "true" - } - } - }, - { - "Sid": "denySSECEncryptedObjectUploads", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal/*", - "Condition": { - "Null": { - "s3:x-amz-server-side-encryption-customer-algorithm": "false" - } - } - }, - { - "Sid": "denyIncorrectKmsKeySse", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal/*", - "Condition": { - "StringNotEquals": { - "s3:x-amz-server-side-encryption-aws-kms-key-id": "arn:aws:kms:eu-west-1:211203495394:key/34307c6a-e2e3-4f56-8543-fa92dd73df4f" - } - } - }, - { - "Sid": "denyIncorrectEncryptionHeaders", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal/*", - "Condition": { - "StringNotEquals": { - "s3:x-amz-server-side-encryption": "aws:kms" - } - } - }, - { - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:role/terraform-20251019182000328500000001" - }, - "Action": "s3:ListBucket", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal" - } - ] - }, - "encryption": "aws:kms", - "region": "eu-west-1", - "logging_target_bucket": "logs-sure-jackal", - "ownership": "BucketOwnerPreferred", - "object_lock": true, - "mfa_delete": false, - "tags": [ - { - "Key": "Owner", - "Value": "Anton" - } - ], - "lifecycle": [ - { - "id": "log", - "status": "Enabled" - }, - { - "id": "log1", - "status": "Enabled" - }, - { - "id": "log2", - "status": "Enabled" - } - ], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [ - "Owner:Anton" - ], - "name": "s3-bucket-sure-jackal", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::s3-bucket-sure-jackal" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Ensure that S3 buckets have cross region replication.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/replication-walkthrough1.html" - ] - }, - "risk_details": "Without cross-region replication in S3 buckets, data is at risk of being lost or inaccessible if an entire region goes down, leading to potential service disruptions and data unavailability.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket simple-sure-jackal does not have correct cross region replication configuration.", - "metadata": { - "event_code": "s3_bucket_cross_region_replication", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "S3 Bucket simple-sure-jackal does not have correct cross region replication configuration.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonS3/latest/userguide/replication.html", - "categories": [ - "redundancy" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.2" - ], - "PCI-3.2.1": [ - "2.2", - "3.1", - "3.1.c", - "10.5", - "10.5.3" - ], - "CCC": [ - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN05.AR02", - "CCC.Core.CN08.AR01", - "CCC.Core.CN08.AR02" - ], - "ISO27001-2022": [ - "A.8.14" - ], - "KISA-ISMS-P-2023": [ - "2.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Verifying whether S3 buckets have cross-region replication enabled, ensuring data redundancy and availability across multiple AWS regions", - "title": "Check if S3 buckets use cross region replication.", - "types": [ - "Secure access management" - ], - "uid": "prowler-aws-s3_bucket_cross_region_replication-211203495394-eu-west-1-simple-sure-jackal" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::simple-sure-jackal", - "name": "simple-sure-jackal", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "eu-west-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "simple-sure-jackal", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::simple-sure-jackal" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Ensure that S3 buckets have cross region replication.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/replication-walkthrough1.html" - ] - }, - "risk_details": "Without cross-region replication in S3 buckets, data is at risk of being lost or inaccessible if an entire region goes down, leading to potential service disruptions and data unavailability.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket cloudfront-logs-sure-jackal has Server Side Encryption with AES256.", - "metadata": { - "event_code": "s3_bucket_default_encryption", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 Bucket cloudfront-logs-sure-jackal has Server Side Encryption with AES256.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_3_8", - "3_5_10", - "3_13_11", - "3_13_16" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_1_3" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_308_a_4_ii_a", - "164_312_a_2_iv", - "164_312_c_1", - "164_312_c_2", - "164_312_e_2_ii" - ], - "C5-2025": [ - "OPS-31.01B", - "IAM-07.03B", - "CRY-01.02AC", - "CRY-05.01AC", - "PSS-12.02B" - ], - "NIST-CSF-1.1": [ - "ds_1" - ], - "FedRamp-Moderate-Revision-4": [ - "sc-13", - "sc-28" - ], - "NIST-800-53-Revision-5": [ - "au_9_3", - "cm_6_a", - "cm_9_b", - "cp_9_d", - "cp_9_8", - "pm_11_b", - "sc_8_3", - "sc_8_4", - "sc_13_a", - "sc_16_1", - "sc_28_1", - "si_19_4" - ], - "ENS-RD2022": [ - "mp.si.2.aws.s3.1" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.1", - "2.10.2" - ], - "PCI-4.0": [ - "3.5.1.30", - "8.3.2.48" - ], - "FedRAMP-Low-Revision-4": [ - "sc-13" - ], - "FFIEC": [ - "d3-pc-am-b-12" - ], - "GDPR": [ - "article_32" - ], - "PCI-3.2.1": [ - "3.4", - "3.4.1", - "3.4.1.a", - "3.4.1.c", - "3.4.a", - "3.4.b", - "3.4.d", - "8.2", - "8.2.1", - "8.2.1.a" - ], - "CIS-1.4": [ - "2.1.1" - ], - "GxP-EU-Annex-11": [ - "7.1-data-storage-damage-protection" - ], - "CCC": [ - "CCC.Core.CN02.AR01" - ], - "GxP-21-CFR-Part-11": [ - "11.10-c", - "11.30" - ], - "CIS-1.5": [ - "2.1.1" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP03" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "NIST-800-53-Revision-4": [ - "sc_28" - ], - "KISA-ISMS-P-2023": [ - "2.7.1", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1119", - "T1530" - ], - "CISA": [ - "your-systems-3", - "your-data-1", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Check if S3 buckets have default encryption (SSE) enabled or use a bucket policy to enforce it.", - "title": "Check if S3 buckets have default encryption (SSE) enabled or use a bucket policy to enforce it.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_default_encryption-211203495394-eu-west-1-cloudfront-logs-sure-jackal" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::cloudfront-logs-sure-jackal", - "name": "cloudfront-logs-sure-jackal", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "awslogsdelivery+s3_us-east-1", - "ID": "c4c1ede66af53448b93c283ce9448c4ba468c9432aa01d700d3878632f77d2d0", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - }, - { - "display_name": null, - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "eu-west-1", - "logging_target_bucket": null, - "ownership": "ObjectWriter", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "cloudfront-logs-sure-jackal", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::cloudfront-logs-sure-jackal" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Ensure that S3 buckets have encryption at rest enabled.", - "references": [ - "https://aws.amazon.com/blogs/security/how-to-prevent-uploads-of-unencrypted-objects-to-amazon-s3/" - ] - }, - "risk_details": "Amazon S3 default encryption provides a way to set the default encryption behavior for an S3 bucket. This will ensure data-at-rest is encrypted.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket logs-sure-jackal has Server Side Encryption with AES256.", - "metadata": { - "event_code": "s3_bucket_default_encryption", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 Bucket logs-sure-jackal has Server Side Encryption with AES256.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_3_8", - "3_5_10", - "3_13_11", - "3_13_16" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_1_3" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_308_a_4_ii_a", - "164_312_a_2_iv", - "164_312_c_1", - "164_312_c_2", - "164_312_e_2_ii" - ], - "C5-2025": [ - "OPS-31.01B", - "IAM-07.03B", - "CRY-01.02AC", - "CRY-05.01AC", - "PSS-12.02B" - ], - "NIST-CSF-1.1": [ - "ds_1" - ], - "FedRamp-Moderate-Revision-4": [ - "sc-13", - "sc-28" - ], - "NIST-800-53-Revision-5": [ - "au_9_3", - "cm_6_a", - "cm_9_b", - "cp_9_d", - "cp_9_8", - "pm_11_b", - "sc_8_3", - "sc_8_4", - "sc_13_a", - "sc_16_1", - "sc_28_1", - "si_19_4" - ], - "ENS-RD2022": [ - "mp.si.2.aws.s3.1" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.1", - "2.10.2" - ], - "PCI-4.0": [ - "3.5.1.30", - "8.3.2.48" - ], - "FedRAMP-Low-Revision-4": [ - "sc-13" - ], - "FFIEC": [ - "d3-pc-am-b-12" - ], - "GDPR": [ - "article_32" - ], - "PCI-3.2.1": [ - "3.4", - "3.4.1", - "3.4.1.a", - "3.4.1.c", - "3.4.a", - "3.4.b", - "3.4.d", - "8.2", - "8.2.1", - "8.2.1.a" - ], - "CIS-1.4": [ - "2.1.1" - ], - "GxP-EU-Annex-11": [ - "7.1-data-storage-damage-protection" - ], - "CCC": [ - "CCC.Core.CN02.AR01" - ], - "GxP-21-CFR-Part-11": [ - "11.10-c", - "11.30" - ], - "CIS-1.5": [ - "2.1.1" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP03" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "NIST-800-53-Revision-4": [ - "sc_28" - ], - "KISA-ISMS-P-2023": [ - "2.7.1", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1119", - "T1530" - ], - "CISA": [ - "your-systems-3", - "your-data-1", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Check if S3 buckets have default encryption (SSE) enabled or use a bucket policy to enforce it.", - "title": "Check if S3 buckets have default encryption (SSE) enabled or use a bucket policy to enforce it.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_default_encryption-211203495394-eu-west-1-logs-sure-jackal" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::logs-sure-jackal", - "name": "logs-sure-jackal", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "ELBRegionEu-West-1", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::156460612806:root" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/*" - }, - { - "Effect": "Allow", - "Principal": { - "Service": "logdelivery.elasticloadbalancing.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/*" - }, - { - "Sid": "AlbNlbLogDeliveryWrite", - "Effect": "Allow", - "Principal": { - "Service": "delivery.logs.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/*", - "Condition": { - "StringEquals": { - "s3:x-amz-acl": "bucket-owner-full-control", - "aws:ResourceOrgID": "o-123456" - } - } - }, - { - "Sid": "AlbNlbLogDeliveryAclCheck", - "Effect": "Allow", - "Principal": { - "Service": "delivery.logs.amazonaws.com" - }, - "Action": [ - "s3:ListBucket", - "s3:GetBucketAcl" - ], - "Resource": "arn:aws:s3:::logs-sure-jackal", - "Condition": { - "StringEquals": { - "aws:ResourceOrgID": "o-123456" - } - } - }, - { - "Sid": "AWSAccessLogDeliveryWrite", - "Effect": "Allow", - "Principal": { - "Service": "logging.s3.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/*", - "Condition": { - "StringEquals": { - "aws:ResourceOrgID": "o-123456" - }, - "ForAnyValue:StringEquals": { - "aws:SourceAccount": "211203495394" - }, - "ForAnyValue:ArnLike": { - "aws:SourceArn": "arn:aws:s3:::s3-bucket-sure-jackal" - } - } - }, - { - "Sid": "AWSAccessLogDeliveryAclCheck", - "Effect": "Allow", - "Principal": { - "Service": "logging.s3.amazonaws.com" - }, - "Action": "s3:GetBucketAcl", - "Resource": "arn:aws:s3:::logs-sure-jackal", - "Condition": { - "StringEquals": { - "aws:ResourceOrgID": "o-123456" - } - } - }, - { - "Sid": "AWSCloudTrailAclCheck", - "Effect": "Allow", - "Principal": { - "Service": "cloudtrail.amazonaws.com" - }, - "Action": "s3:GetBucketAcl", - "Resource": "arn:aws:s3:::logs-sure-jackal" - }, - { - "Sid": "AWSCloudTrailWrite", - "Effect": "Allow", - "Principal": { - "Service": "cloudtrail.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/AWSLogs/*", - "Condition": { - "StringEquals": { - "s3:x-amz-acl": "bucket-owner-full-control" - } - } - }, - { - "Sid": "denyOutdatedTLS", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:*", - "Resource": [ - "arn:aws:s3:::logs-sure-jackal/*", - "arn:aws:s3:::logs-sure-jackal" - ], - "Condition": { - "NumericLessThan": { - "s3:TlsVersion": "1.2" - } - } - }, - { - "Sid": "denyInsecureTransport", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:*", - "Resource": [ - "arn:aws:s3:::logs-sure-jackal/*", - "arn:aws:s3:::logs-sure-jackal" - ], - "Condition": { - "Bool": { - "aws:SecureTransport": "false" - } - } - }, - { - "Sid": "WafLogDeliveryWrite", - "Effect": "Allow", - "Principal": { - "Service": "delivery.logs.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/AWSLogs/211203495394/*", - "Condition": { - "StringEquals": { - "aws:SourceAccount": "211203495394", - "s3:x-amz-acl": "bucket-owner-full-control" - }, - "ArnLike": { - "aws:SourceArn": "arn:aws:logs:eu-west-1:211203495394:*" - } - } - }, - { - "Sid": "WafLogDeliveryAclCheck", - "Effect": "Allow", - "Principal": { - "Service": "delivery.logs.amazonaws.com" - }, - "Action": "s3:GetBucketAcl", - "Resource": "arn:aws:s3:::logs-sure-jackal", - "Condition": { - "StringEquals": { - "aws:SourceAccount": "211203495394" - }, - "ArnLike": { - "aws:SourceArn": "arn:aws:logs:eu-west-1:211203495394:*" - } - } - } - ] - }, - "encryption": "AES256", - "region": "eu-west-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "logs-sure-jackal", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::logs-sure-jackal" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Ensure that S3 buckets have encryption at rest enabled.", - "references": [ - "https://aws.amazon.com/blogs/security/how-to-prevent-uploads-of-unencrypted-objects-to-amazon-s3/" - ] - }, - "risk_details": "Amazon S3 default encryption provides a way to set the default encryption behavior for an S3 bucket. This will ensure data-at-rest is encrypted.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket s3-bucket-sure-jackal has Server Side Encryption with aws:kms.", - "metadata": { - "event_code": "s3_bucket_default_encryption", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 Bucket s3-bucket-sure-jackal has Server Side Encryption with aws:kms.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_3_8", - "3_5_10", - "3_13_11", - "3_13_16" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_1_3" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_308_a_4_ii_a", - "164_312_a_2_iv", - "164_312_c_1", - "164_312_c_2", - "164_312_e_2_ii" - ], - "C5-2025": [ - "OPS-31.01B", - "IAM-07.03B", - "CRY-01.02AC", - "CRY-05.01AC", - "PSS-12.02B" - ], - "NIST-CSF-1.1": [ - "ds_1" - ], - "FedRamp-Moderate-Revision-4": [ - "sc-13", - "sc-28" - ], - "NIST-800-53-Revision-5": [ - "au_9_3", - "cm_6_a", - "cm_9_b", - "cp_9_d", - "cp_9_8", - "pm_11_b", - "sc_8_3", - "sc_8_4", - "sc_13_a", - "sc_16_1", - "sc_28_1", - "si_19_4" - ], - "ENS-RD2022": [ - "mp.si.2.aws.s3.1" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.1", - "2.10.2" - ], - "PCI-4.0": [ - "3.5.1.30", - "8.3.2.48" - ], - "FedRAMP-Low-Revision-4": [ - "sc-13" - ], - "FFIEC": [ - "d3-pc-am-b-12" - ], - "GDPR": [ - "article_32" - ], - "PCI-3.2.1": [ - "3.4", - "3.4.1", - "3.4.1.a", - "3.4.1.c", - "3.4.a", - "3.4.b", - "3.4.d", - "8.2", - "8.2.1", - "8.2.1.a" - ], - "CIS-1.4": [ - "2.1.1" - ], - "GxP-EU-Annex-11": [ - "7.1-data-storage-damage-protection" - ], - "CCC": [ - "CCC.Core.CN02.AR01" - ], - "GxP-21-CFR-Part-11": [ - "11.10-c", - "11.30" - ], - "CIS-1.5": [ - "2.1.1" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP03" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "NIST-800-53-Revision-4": [ - "sc_28" - ], - "KISA-ISMS-P-2023": [ - "2.7.1", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1119", - "T1530" - ], - "CISA": [ - "your-systems-3", - "your-data-1", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Check if S3 buckets have default encryption (SSE) enabled or use a bucket policy to enforce it.", - "title": "Check if S3 buckets have default encryption (SSE) enabled or use a bucket policy to enforce it.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_default_encryption-211203495394-eu-west-1-s3-bucket-sure-jackal" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::s3-bucket-sure-jackal", - "name": "s3-bucket-sure-jackal", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": true, - "logging": true, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": null, - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "denyOutdatedTLS", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:*", - "Resource": [ - "arn:aws:s3:::s3-bucket-sure-jackal/*", - "arn:aws:s3:::s3-bucket-sure-jackal" - ], - "Condition": { - "NumericLessThan": { - "s3:TlsVersion": "1.2" - } - } - }, - { - "Sid": "denyInsecureTransport", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:*", - "Resource": [ - "arn:aws:s3:::s3-bucket-sure-jackal/*", - "arn:aws:s3:::s3-bucket-sure-jackal" - ], - "Condition": { - "Bool": { - "aws:SecureTransport": "false" - } - } - }, - { - "Sid": "denyUnencryptedObjectUploads", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal/*", - "Condition": { - "Null": { - "s3:x-amz-server-side-encryption": "true" - } - } - }, - { - "Sid": "denySSECEncryptedObjectUploads", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal/*", - "Condition": { - "Null": { - "s3:x-amz-server-side-encryption-customer-algorithm": "false" - } - } - }, - { - "Sid": "denyIncorrectKmsKeySse", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal/*", - "Condition": { - "StringNotEquals": { - "s3:x-amz-server-side-encryption-aws-kms-key-id": "arn:aws:kms:eu-west-1:211203495394:key/34307c6a-e2e3-4f56-8543-fa92dd73df4f" - } - } - }, - { - "Sid": "denyIncorrectEncryptionHeaders", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal/*", - "Condition": { - "StringNotEquals": { - "s3:x-amz-server-side-encryption": "aws:kms" - } - } - }, - { - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:role/terraform-20251019182000328500000001" - }, - "Action": "s3:ListBucket", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal" - } - ] - }, - "encryption": "aws:kms", - "region": "eu-west-1", - "logging_target_bucket": "logs-sure-jackal", - "ownership": "BucketOwnerPreferred", - "object_lock": true, - "mfa_delete": false, - "tags": [ - { - "Key": "Owner", - "Value": "Anton" - } - ], - "lifecycle": [ - { - "id": "log", - "status": "Enabled" - }, - { - "id": "log1", - "status": "Enabled" - }, - { - "id": "log2", - "status": "Enabled" - } - ], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [ - "Owner:Anton" - ], - "name": "s3-bucket-sure-jackal", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::s3-bucket-sure-jackal" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Ensure that S3 buckets have encryption at rest enabled.", - "references": [ - "https://aws.amazon.com/blogs/security/how-to-prevent-uploads-of-unencrypted-objects-to-amazon-s3/" - ] - }, - "risk_details": "Amazon S3 default encryption provides a way to set the default encryption behavior for an S3 bucket. This will ensure data-at-rest is encrypted.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket simple-sure-jackal has Server Side Encryption with AES256.", - "metadata": { - "event_code": "s3_bucket_default_encryption", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 Bucket simple-sure-jackal has Server Side Encryption with AES256.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_3_8", - "3_5_10", - "3_13_11", - "3_13_16" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_1_3" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_308_a_4_ii_a", - "164_312_a_2_iv", - "164_312_c_1", - "164_312_c_2", - "164_312_e_2_ii" - ], - "C5-2025": [ - "OPS-31.01B", - "IAM-07.03B", - "CRY-01.02AC", - "CRY-05.01AC", - "PSS-12.02B" - ], - "NIST-CSF-1.1": [ - "ds_1" - ], - "FedRamp-Moderate-Revision-4": [ - "sc-13", - "sc-28" - ], - "NIST-800-53-Revision-5": [ - "au_9_3", - "cm_6_a", - "cm_9_b", - "cp_9_d", - "cp_9_8", - "pm_11_b", - "sc_8_3", - "sc_8_4", - "sc_13_a", - "sc_16_1", - "sc_28_1", - "si_19_4" - ], - "ENS-RD2022": [ - "mp.si.2.aws.s3.1" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.1", - "2.10.2" - ], - "PCI-4.0": [ - "3.5.1.30", - "8.3.2.48" - ], - "FedRAMP-Low-Revision-4": [ - "sc-13" - ], - "FFIEC": [ - "d3-pc-am-b-12" - ], - "GDPR": [ - "article_32" - ], - "PCI-3.2.1": [ - "3.4", - "3.4.1", - "3.4.1.a", - "3.4.1.c", - "3.4.a", - "3.4.b", - "3.4.d", - "8.2", - "8.2.1", - "8.2.1.a" - ], - "CIS-1.4": [ - "2.1.1" - ], - "GxP-EU-Annex-11": [ - "7.1-data-storage-damage-protection" - ], - "CCC": [ - "CCC.Core.CN02.AR01" - ], - "GxP-21-CFR-Part-11": [ - "11.10-c", - "11.30" - ], - "CIS-1.5": [ - "2.1.1" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP03" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "NIST-800-53-Revision-4": [ - "sc_28" - ], - "KISA-ISMS-P-2023": [ - "2.7.1", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1119", - "T1530" - ], - "CISA": [ - "your-systems-3", - "your-data-1", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Check if S3 buckets have default encryption (SSE) enabled or use a bucket policy to enforce it.", - "title": "Check if S3 buckets have default encryption (SSE) enabled or use a bucket policy to enforce it.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_default_encryption-211203495394-eu-west-1-simple-sure-jackal" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::simple-sure-jackal", - "name": "simple-sure-jackal", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "eu-west-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "simple-sure-jackal", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::simple-sure-jackal" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Ensure that S3 buckets have encryption at rest enabled.", - "references": [ - "https://aws.amazon.com/blogs/security/how-to-prevent-uploads-of-unencrypted-objects-to-amazon-s3/" - ] - }, - "risk_details": "Amazon S3 default encryption provides a way to set the default encryption behavior for an S3 bucket. This will ensure data-at-rest is encrypted.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket cloudfront-logs-sure-jackal does not have event notifications enabled.", - "metadata": { - "event_code": "s3_bucket_event_notifications_enabled", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "S3 Bucket cloudfront-logs-sure-jackal does not have event notifications enabled.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonS3/latest/userguide/notification-how-to-event-types-and-destinations.html#supported-notification-event-types", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OPS-13.01AC", - "OPS-13.03AC" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2", - "2.11.3" - ], - "PCI-4.0": [ - "11.5.2.5", - "11.6.1.5", - "12.10.5.5", - "A3.3.1.8", - "A3.5.1.8" - ], - "KISA-ISMS-P-2023": [ - "2.10.2", - "2.11.3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure whether S3 buckets have event notifications enabled.", - "title": "Check if S3 buckets have event notifications enabled.", - "types": [ - "Software and Configuration Checks/Industry and Regulatory Standards/NIST 800-53 Controls" - ], - "uid": "prowler-aws-s3_bucket_event_notifications_enabled-211203495394-eu-west-1-cloudfront-logs-sure-jackal" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::cloudfront-logs-sure-jackal", - "name": "cloudfront-logs-sure-jackal", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "awslogsdelivery+s3_us-east-1", - "ID": "c4c1ede66af53448b93c283ce9448c4ba468c9432aa01d700d3878632f77d2d0", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - }, - { - "display_name": null, - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "eu-west-1", - "logging_target_bucket": null, - "ownership": "ObjectWriter", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "cloudfront-logs-sure-jackal", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::cloudfront-logs-sure-jackal" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Enable event notifications for all S3 general-purpose buckets to monitor important events such as object creation, deletion, tagging, and lifecycle events, ensuring visibility and quick action on relevant changes.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/EventNotifications.html" - ] - }, - "risk_details": "Without event notifications, important actions on S3 buckets may go unnoticed, leading to missed opportunities for timely response to critical changes, such as object creation, deletion, or updates that could impact data security and availability.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket logs-sure-jackal does not have event notifications enabled.", - "metadata": { - "event_code": "s3_bucket_event_notifications_enabled", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "S3 Bucket logs-sure-jackal does not have event notifications enabled.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonS3/latest/userguide/notification-how-to-event-types-and-destinations.html#supported-notification-event-types", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OPS-13.01AC", - "OPS-13.03AC" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2", - "2.11.3" - ], - "PCI-4.0": [ - "11.5.2.5", - "11.6.1.5", - "12.10.5.5", - "A3.3.1.8", - "A3.5.1.8" - ], - "KISA-ISMS-P-2023": [ - "2.10.2", - "2.11.3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure whether S3 buckets have event notifications enabled.", - "title": "Check if S3 buckets have event notifications enabled.", - "types": [ - "Software and Configuration Checks/Industry and Regulatory Standards/NIST 800-53 Controls" - ], - "uid": "prowler-aws-s3_bucket_event_notifications_enabled-211203495394-eu-west-1-logs-sure-jackal" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::logs-sure-jackal", - "name": "logs-sure-jackal", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "ELBRegionEu-West-1", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::156460612806:root" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/*" - }, - { - "Effect": "Allow", - "Principal": { - "Service": "logdelivery.elasticloadbalancing.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/*" - }, - { - "Sid": "AlbNlbLogDeliveryWrite", - "Effect": "Allow", - "Principal": { - "Service": "delivery.logs.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/*", - "Condition": { - "StringEquals": { - "s3:x-amz-acl": "bucket-owner-full-control", - "aws:ResourceOrgID": "o-123456" - } - } - }, - { - "Sid": "AlbNlbLogDeliveryAclCheck", - "Effect": "Allow", - "Principal": { - "Service": "delivery.logs.amazonaws.com" - }, - "Action": [ - "s3:ListBucket", - "s3:GetBucketAcl" - ], - "Resource": "arn:aws:s3:::logs-sure-jackal", - "Condition": { - "StringEquals": { - "aws:ResourceOrgID": "o-123456" - } - } - }, - { - "Sid": "AWSAccessLogDeliveryWrite", - "Effect": "Allow", - "Principal": { - "Service": "logging.s3.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/*", - "Condition": { - "StringEquals": { - "aws:ResourceOrgID": "o-123456" - }, - "ForAnyValue:StringEquals": { - "aws:SourceAccount": "211203495394" - }, - "ForAnyValue:ArnLike": { - "aws:SourceArn": "arn:aws:s3:::s3-bucket-sure-jackal" - } - } - }, - { - "Sid": "AWSAccessLogDeliveryAclCheck", - "Effect": "Allow", - "Principal": { - "Service": "logging.s3.amazonaws.com" - }, - "Action": "s3:GetBucketAcl", - "Resource": "arn:aws:s3:::logs-sure-jackal", - "Condition": { - "StringEquals": { - "aws:ResourceOrgID": "o-123456" - } - } - }, - { - "Sid": "AWSCloudTrailAclCheck", - "Effect": "Allow", - "Principal": { - "Service": "cloudtrail.amazonaws.com" - }, - "Action": "s3:GetBucketAcl", - "Resource": "arn:aws:s3:::logs-sure-jackal" - }, - { - "Sid": "AWSCloudTrailWrite", - "Effect": "Allow", - "Principal": { - "Service": "cloudtrail.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/AWSLogs/*", - "Condition": { - "StringEquals": { - "s3:x-amz-acl": "bucket-owner-full-control" - } - } - }, - { - "Sid": "denyOutdatedTLS", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:*", - "Resource": [ - "arn:aws:s3:::logs-sure-jackal/*", - "arn:aws:s3:::logs-sure-jackal" - ], - "Condition": { - "NumericLessThan": { - "s3:TlsVersion": "1.2" - } - } - }, - { - "Sid": "denyInsecureTransport", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:*", - "Resource": [ - "arn:aws:s3:::logs-sure-jackal/*", - "arn:aws:s3:::logs-sure-jackal" - ], - "Condition": { - "Bool": { - "aws:SecureTransport": "false" - } - } - }, - { - "Sid": "WafLogDeliveryWrite", - "Effect": "Allow", - "Principal": { - "Service": "delivery.logs.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/AWSLogs/211203495394/*", - "Condition": { - "StringEquals": { - "aws:SourceAccount": "211203495394", - "s3:x-amz-acl": "bucket-owner-full-control" - }, - "ArnLike": { - "aws:SourceArn": "arn:aws:logs:eu-west-1:211203495394:*" - } - } - }, - { - "Sid": "WafLogDeliveryAclCheck", - "Effect": "Allow", - "Principal": { - "Service": "delivery.logs.amazonaws.com" - }, - "Action": "s3:GetBucketAcl", - "Resource": "arn:aws:s3:::logs-sure-jackal", - "Condition": { - "StringEquals": { - "aws:SourceAccount": "211203495394" - }, - "ArnLike": { - "aws:SourceArn": "arn:aws:logs:eu-west-1:211203495394:*" - } - } - } - ] - }, - "encryption": "AES256", - "region": "eu-west-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "logs-sure-jackal", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::logs-sure-jackal" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Enable event notifications for all S3 general-purpose buckets to monitor important events such as object creation, deletion, tagging, and lifecycle events, ensuring visibility and quick action on relevant changes.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/EventNotifications.html" - ] - }, - "risk_details": "Without event notifications, important actions on S3 buckets may go unnoticed, leading to missed opportunities for timely response to critical changes, such as object creation, deletion, or updates that could impact data security and availability.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket s3-bucket-sure-jackal does not have event notifications enabled.", - "metadata": { - "event_code": "s3_bucket_event_notifications_enabled", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "S3 Bucket s3-bucket-sure-jackal does not have event notifications enabled.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonS3/latest/userguide/notification-how-to-event-types-and-destinations.html#supported-notification-event-types", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OPS-13.01AC", - "OPS-13.03AC" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2", - "2.11.3" - ], - "PCI-4.0": [ - "11.5.2.5", - "11.6.1.5", - "12.10.5.5", - "A3.3.1.8", - "A3.5.1.8" - ], - "KISA-ISMS-P-2023": [ - "2.10.2", - "2.11.3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure whether S3 buckets have event notifications enabled.", - "title": "Check if S3 buckets have event notifications enabled.", - "types": [ - "Software and Configuration Checks/Industry and Regulatory Standards/NIST 800-53 Controls" - ], - "uid": "prowler-aws-s3_bucket_event_notifications_enabled-211203495394-eu-west-1-s3-bucket-sure-jackal" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::s3-bucket-sure-jackal", - "name": "s3-bucket-sure-jackal", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": true, - "logging": true, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": null, - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "denyOutdatedTLS", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:*", - "Resource": [ - "arn:aws:s3:::s3-bucket-sure-jackal/*", - "arn:aws:s3:::s3-bucket-sure-jackal" - ], - "Condition": { - "NumericLessThan": { - "s3:TlsVersion": "1.2" - } - } - }, - { - "Sid": "denyInsecureTransport", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:*", - "Resource": [ - "arn:aws:s3:::s3-bucket-sure-jackal/*", - "arn:aws:s3:::s3-bucket-sure-jackal" - ], - "Condition": { - "Bool": { - "aws:SecureTransport": "false" - } - } - }, - { - "Sid": "denyUnencryptedObjectUploads", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal/*", - "Condition": { - "Null": { - "s3:x-amz-server-side-encryption": "true" - } - } - }, - { - "Sid": "denySSECEncryptedObjectUploads", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal/*", - "Condition": { - "Null": { - "s3:x-amz-server-side-encryption-customer-algorithm": "false" - } - } - }, - { - "Sid": "denyIncorrectKmsKeySse", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal/*", - "Condition": { - "StringNotEquals": { - "s3:x-amz-server-side-encryption-aws-kms-key-id": "arn:aws:kms:eu-west-1:211203495394:key/34307c6a-e2e3-4f56-8543-fa92dd73df4f" - } - } - }, - { - "Sid": "denyIncorrectEncryptionHeaders", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal/*", - "Condition": { - "StringNotEquals": { - "s3:x-amz-server-side-encryption": "aws:kms" - } - } - }, - { - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:role/terraform-20251019182000328500000001" - }, - "Action": "s3:ListBucket", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal" - } - ] - }, - "encryption": "aws:kms", - "region": "eu-west-1", - "logging_target_bucket": "logs-sure-jackal", - "ownership": "BucketOwnerPreferred", - "object_lock": true, - "mfa_delete": false, - "tags": [ - { - "Key": "Owner", - "Value": "Anton" - } - ], - "lifecycle": [ - { - "id": "log", - "status": "Enabled" - }, - { - "id": "log1", - "status": "Enabled" - }, - { - "id": "log2", - "status": "Enabled" - } - ], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [ - "Owner:Anton" - ], - "name": "s3-bucket-sure-jackal", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::s3-bucket-sure-jackal" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Enable event notifications for all S3 general-purpose buckets to monitor important events such as object creation, deletion, tagging, and lifecycle events, ensuring visibility and quick action on relevant changes.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/EventNotifications.html" - ] - }, - "risk_details": "Without event notifications, important actions on S3 buckets may go unnoticed, leading to missed opportunities for timely response to critical changes, such as object creation, deletion, or updates that could impact data security and availability.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket simple-sure-jackal does not have event notifications enabled.", - "metadata": { - "event_code": "s3_bucket_event_notifications_enabled", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "S3 Bucket simple-sure-jackal does not have event notifications enabled.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonS3/latest/userguide/notification-how-to-event-types-and-destinations.html#supported-notification-event-types", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OPS-13.01AC", - "OPS-13.03AC" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2", - "2.11.3" - ], - "PCI-4.0": [ - "11.5.2.5", - "11.6.1.5", - "12.10.5.5", - "A3.3.1.8", - "A3.5.1.8" - ], - "KISA-ISMS-P-2023": [ - "2.10.2", - "2.11.3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure whether S3 buckets have event notifications enabled.", - "title": "Check if S3 buckets have event notifications enabled.", - "types": [ - "Software and Configuration Checks/Industry and Regulatory Standards/NIST 800-53 Controls" - ], - "uid": "prowler-aws-s3_bucket_event_notifications_enabled-211203495394-eu-west-1-simple-sure-jackal" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::simple-sure-jackal", - "name": "simple-sure-jackal", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "eu-west-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "simple-sure-jackal", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::simple-sure-jackal" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Enable event notifications for all S3 general-purpose buckets to monitor important events such as object creation, deletion, tagging, and lifecycle events, ensuring visibility and quick action on relevant changes.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/EventNotifications.html" - ] - }, - "risk_details": "Without event notifications, important actions on S3 buckets may go unnoticed, leading to missed opportunities for timely response to critical changes, such as object creation, deletion, or updates that could impact data security and availability.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Server Side Encryption is not configured with kms for S3 Bucket cloudfront-logs-sure-jackal.", - "metadata": { - "event_code": "s3_bucket_kms_encryption", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Server Side Encryption is not configured with kms for S3 Bucket cloudfront-logs-sure-jackal.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingKMSEncryption.html", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "OPS-31.01B", - "IAM-07.03B", - "CRY-01.02AC", - "CRY-05.02B", - "CRY-05.01AC", - "PSS-12.02B" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.2" - ], - "PCI-4.0": [ - "3.5.1.31", - "8.3.2.50" - ], - "PCI-3.2.1": [ - "3.4", - "3.4.1", - "3.4.1.a", - "3.4.1.c", - "3.4.a", - "3.4.b", - "3.4.d", - "8.2", - "8.2.1", - "8.2.1.a" - ], - "CCC": [ - "CCC.ObjStor.CN01.AR01", - "CCC.ObjStor.CN01.AR03", - "CCC.Core.CN02.AR01" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.17" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Check if S3 buckets have KMS encryption enabled.", - "title": "Check if S3 buckets have KMS encryption enabled.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_kms_encryption-211203495394-eu-west-1-cloudfront-logs-sure-jackal" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::cloudfront-logs-sure-jackal", - "name": "cloudfront-logs-sure-jackal", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "awslogsdelivery+s3_us-east-1", - "ID": "c4c1ede66af53448b93c283ce9448c4ba468c9432aa01d700d3878632f77d2d0", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - }, - { - "display_name": null, - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "eu-west-1", - "logging_target_bucket": null, - "ownership": "ObjectWriter", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "cloudfront-logs-sure-jackal", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::cloudfront-logs-sure-jackal" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Ensure that S3 buckets have encryption at rest enabled using KMS.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingKMSEncryption.html" - ] - }, - "risk_details": "Amazon S3 KMS encryption provides a way to set the encryption behavior for an S3 bucket using a managed key. This will ensure data-at-rest is encrypted.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Server Side Encryption is not configured with kms for S3 Bucket logs-sure-jackal.", - "metadata": { - "event_code": "s3_bucket_kms_encryption", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Server Side Encryption is not configured with kms for S3 Bucket logs-sure-jackal.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingKMSEncryption.html", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "OPS-31.01B", - "IAM-07.03B", - "CRY-01.02AC", - "CRY-05.02B", - "CRY-05.01AC", - "PSS-12.02B" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.2" - ], - "PCI-4.0": [ - "3.5.1.31", - "8.3.2.50" - ], - "PCI-3.2.1": [ - "3.4", - "3.4.1", - "3.4.1.a", - "3.4.1.c", - "3.4.a", - "3.4.b", - "3.4.d", - "8.2", - "8.2.1", - "8.2.1.a" - ], - "CCC": [ - "CCC.ObjStor.CN01.AR01", - "CCC.ObjStor.CN01.AR03", - "CCC.Core.CN02.AR01" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.17" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Check if S3 buckets have KMS encryption enabled.", - "title": "Check if S3 buckets have KMS encryption enabled.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_kms_encryption-211203495394-eu-west-1-logs-sure-jackal" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::logs-sure-jackal", - "name": "logs-sure-jackal", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "ELBRegionEu-West-1", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::156460612806:root" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/*" - }, - { - "Effect": "Allow", - "Principal": { - "Service": "logdelivery.elasticloadbalancing.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/*" - }, - { - "Sid": "AlbNlbLogDeliveryWrite", - "Effect": "Allow", - "Principal": { - "Service": "delivery.logs.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/*", - "Condition": { - "StringEquals": { - "s3:x-amz-acl": "bucket-owner-full-control", - "aws:ResourceOrgID": "o-123456" - } - } - }, - { - "Sid": "AlbNlbLogDeliveryAclCheck", - "Effect": "Allow", - "Principal": { - "Service": "delivery.logs.amazonaws.com" - }, - "Action": [ - "s3:ListBucket", - "s3:GetBucketAcl" - ], - "Resource": "arn:aws:s3:::logs-sure-jackal", - "Condition": { - "StringEquals": { - "aws:ResourceOrgID": "o-123456" - } - } - }, - { - "Sid": "AWSAccessLogDeliveryWrite", - "Effect": "Allow", - "Principal": { - "Service": "logging.s3.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/*", - "Condition": { - "StringEquals": { - "aws:ResourceOrgID": "o-123456" - }, - "ForAnyValue:StringEquals": { - "aws:SourceAccount": "211203495394" - }, - "ForAnyValue:ArnLike": { - "aws:SourceArn": "arn:aws:s3:::s3-bucket-sure-jackal" - } - } - }, - { - "Sid": "AWSAccessLogDeliveryAclCheck", - "Effect": "Allow", - "Principal": { - "Service": "logging.s3.amazonaws.com" - }, - "Action": "s3:GetBucketAcl", - "Resource": "arn:aws:s3:::logs-sure-jackal", - "Condition": { - "StringEquals": { - "aws:ResourceOrgID": "o-123456" - } - } - }, - { - "Sid": "AWSCloudTrailAclCheck", - "Effect": "Allow", - "Principal": { - "Service": "cloudtrail.amazonaws.com" - }, - "Action": "s3:GetBucketAcl", - "Resource": "arn:aws:s3:::logs-sure-jackal" - }, - { - "Sid": "AWSCloudTrailWrite", - "Effect": "Allow", - "Principal": { - "Service": "cloudtrail.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/AWSLogs/*", - "Condition": { - "StringEquals": { - "s3:x-amz-acl": "bucket-owner-full-control" - } - } - }, - { - "Sid": "denyOutdatedTLS", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:*", - "Resource": [ - "arn:aws:s3:::logs-sure-jackal/*", - "arn:aws:s3:::logs-sure-jackal" - ], - "Condition": { - "NumericLessThan": { - "s3:TlsVersion": "1.2" - } - } - }, - { - "Sid": "denyInsecureTransport", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:*", - "Resource": [ - "arn:aws:s3:::logs-sure-jackal/*", - "arn:aws:s3:::logs-sure-jackal" - ], - "Condition": { - "Bool": { - "aws:SecureTransport": "false" - } - } - }, - { - "Sid": "WafLogDeliveryWrite", - "Effect": "Allow", - "Principal": { - "Service": "delivery.logs.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/AWSLogs/211203495394/*", - "Condition": { - "StringEquals": { - "aws:SourceAccount": "211203495394", - "s3:x-amz-acl": "bucket-owner-full-control" - }, - "ArnLike": { - "aws:SourceArn": "arn:aws:logs:eu-west-1:211203495394:*" - } - } - }, - { - "Sid": "WafLogDeliveryAclCheck", - "Effect": "Allow", - "Principal": { - "Service": "delivery.logs.amazonaws.com" - }, - "Action": "s3:GetBucketAcl", - "Resource": "arn:aws:s3:::logs-sure-jackal", - "Condition": { - "StringEquals": { - "aws:SourceAccount": "211203495394" - }, - "ArnLike": { - "aws:SourceArn": "arn:aws:logs:eu-west-1:211203495394:*" - } - } - } - ] - }, - "encryption": "AES256", - "region": "eu-west-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "logs-sure-jackal", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::logs-sure-jackal" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Ensure that S3 buckets have encryption at rest enabled using KMS.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingKMSEncryption.html" - ] - }, - "risk_details": "Amazon S3 KMS encryption provides a way to set the encryption behavior for an S3 bucket using a managed key. This will ensure data-at-rest is encrypted.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket s3-bucket-sure-jackal has Server Side Encryption with aws:kms.", - "metadata": { - "event_code": "s3_bucket_kms_encryption", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 Bucket s3-bucket-sure-jackal has Server Side Encryption with aws:kms.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingKMSEncryption.html", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "OPS-31.01B", - "IAM-07.03B", - "CRY-01.02AC", - "CRY-05.02B", - "CRY-05.01AC", - "PSS-12.02B" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.2" - ], - "PCI-4.0": [ - "3.5.1.31", - "8.3.2.50" - ], - "PCI-3.2.1": [ - "3.4", - "3.4.1", - "3.4.1.a", - "3.4.1.c", - "3.4.a", - "3.4.b", - "3.4.d", - "8.2", - "8.2.1", - "8.2.1.a" - ], - "CCC": [ - "CCC.ObjStor.CN01.AR01", - "CCC.ObjStor.CN01.AR03", - "CCC.Core.CN02.AR01" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.17" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Check if S3 buckets have KMS encryption enabled.", - "title": "Check if S3 buckets have KMS encryption enabled.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_kms_encryption-211203495394-eu-west-1-s3-bucket-sure-jackal" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::s3-bucket-sure-jackal", - "name": "s3-bucket-sure-jackal", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": true, - "logging": true, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": null, - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "denyOutdatedTLS", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:*", - "Resource": [ - "arn:aws:s3:::s3-bucket-sure-jackal/*", - "arn:aws:s3:::s3-bucket-sure-jackal" - ], - "Condition": { - "NumericLessThan": { - "s3:TlsVersion": "1.2" - } - } - }, - { - "Sid": "denyInsecureTransport", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:*", - "Resource": [ - "arn:aws:s3:::s3-bucket-sure-jackal/*", - "arn:aws:s3:::s3-bucket-sure-jackal" - ], - "Condition": { - "Bool": { - "aws:SecureTransport": "false" - } - } - }, - { - "Sid": "denyUnencryptedObjectUploads", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal/*", - "Condition": { - "Null": { - "s3:x-amz-server-side-encryption": "true" - } - } - }, - { - "Sid": "denySSECEncryptedObjectUploads", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal/*", - "Condition": { - "Null": { - "s3:x-amz-server-side-encryption-customer-algorithm": "false" - } - } - }, - { - "Sid": "denyIncorrectKmsKeySse", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal/*", - "Condition": { - "StringNotEquals": { - "s3:x-amz-server-side-encryption-aws-kms-key-id": "arn:aws:kms:eu-west-1:211203495394:key/34307c6a-e2e3-4f56-8543-fa92dd73df4f" - } - } - }, - { - "Sid": "denyIncorrectEncryptionHeaders", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal/*", - "Condition": { - "StringNotEquals": { - "s3:x-amz-server-side-encryption": "aws:kms" - } - } - }, - { - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:role/terraform-20251019182000328500000001" - }, - "Action": "s3:ListBucket", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal" - } - ] - }, - "encryption": "aws:kms", - "region": "eu-west-1", - "logging_target_bucket": "logs-sure-jackal", - "ownership": "BucketOwnerPreferred", - "object_lock": true, - "mfa_delete": false, - "tags": [ - { - "Key": "Owner", - "Value": "Anton" - } - ], - "lifecycle": [ - { - "id": "log", - "status": "Enabled" - }, - { - "id": "log1", - "status": "Enabled" - }, - { - "id": "log2", - "status": "Enabled" - } - ], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [ - "Owner:Anton" - ], - "name": "s3-bucket-sure-jackal", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::s3-bucket-sure-jackal" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Ensure that S3 buckets have encryption at rest enabled using KMS.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingKMSEncryption.html" - ] - }, - "risk_details": "Amazon S3 KMS encryption provides a way to set the encryption behavior for an S3 bucket using a managed key. This will ensure data-at-rest is encrypted.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Server Side Encryption is not configured with kms for S3 Bucket simple-sure-jackal.", - "metadata": { - "event_code": "s3_bucket_kms_encryption", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Server Side Encryption is not configured with kms for S3 Bucket simple-sure-jackal.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingKMSEncryption.html", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "OPS-31.01B", - "IAM-07.03B", - "CRY-01.02AC", - "CRY-05.02B", - "CRY-05.01AC", - "PSS-12.02B" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.2" - ], - "PCI-4.0": [ - "3.5.1.31", - "8.3.2.50" - ], - "PCI-3.2.1": [ - "3.4", - "3.4.1", - "3.4.1.a", - "3.4.1.c", - "3.4.a", - "3.4.b", - "3.4.d", - "8.2", - "8.2.1", - "8.2.1.a" - ], - "CCC": [ - "CCC.ObjStor.CN01.AR01", - "CCC.ObjStor.CN01.AR03", - "CCC.Core.CN02.AR01" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.17" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Check if S3 buckets have KMS encryption enabled.", - "title": "Check if S3 buckets have KMS encryption enabled.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_kms_encryption-211203495394-eu-west-1-simple-sure-jackal" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::simple-sure-jackal", - "name": "simple-sure-jackal", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "eu-west-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "simple-sure-jackal", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::simple-sure-jackal" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Ensure that S3 buckets have encryption at rest enabled using KMS.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingKMSEncryption.html" - ] - }, - "risk_details": "Amazon S3 KMS encryption provides a way to set the encryption behavior for an S3 bucket using a managed key. This will ensure data-at-rest is encrypted.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Block Public Access is configured for the S3 Bucket cloudfront-logs-sure-jackal.", - "metadata": { - "event_code": "s3_bucket_level_public_access_block", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Block Public Access is configured for the S3 Bucket cloudfront-logs-sure-jackal.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "PS-03.02B", - "IAM-10.01B", - "COS-02.01B" - ], - "CIS-3.0": [ - "2.1.4" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.1", - "2.6.2", - "2.10.2" - ], - "CIS-4.0.1": [ - "2.1.4" - ], - "CIS-5.0": [ - "2.1.4" - ], - "CIS-1.4": [ - "2.1.5" - ], - "CCC": [ - "CCC.Logging.CN05.AR01" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.8" - ], - "CIS-1.5": [ - "2.1.5" - ], - "AWS-Account-Security-Onboarding": [ - "S3 Block Public Access" - ], - "KISA-ISMS-P-2023": [ - "2.6.1", - "2.6.2", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1530" - ], - "CIS-2.0": [ - "2.1.4" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Check S3 Bucket Level Public Access Block.", - "title": "Check S3 Bucket Level Public Access Block.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_level_public_access_block-211203495394-eu-west-1-cloudfront-logs-sure-jackal" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::cloudfront-logs-sure-jackal", - "name": "cloudfront-logs-sure-jackal", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "awslogsdelivery+s3_us-east-1", - "ID": "c4c1ede66af53448b93c283ce9448c4ba468c9432aa01d700d3878632f77d2d0", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - }, - { - "display_name": null, - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "eu-west-1", - "logging_target_bucket": null, - "ownership": "ObjectWriter", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "cloudfront-logs-sure-jackal", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::cloudfront-logs-sure-jackal" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "You can enable Public Access Block at the bucket level to prevent the exposure of your data stored in S3.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html" - ] - }, - "risk_details": "Public access policies may be applied to sensitive data buckets.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Block Public Access is configured for the S3 Bucket logs-sure-jackal.", - "metadata": { - "event_code": "s3_bucket_level_public_access_block", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Block Public Access is configured for the S3 Bucket logs-sure-jackal.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "PS-03.02B", - "IAM-10.01B", - "COS-02.01B" - ], - "CIS-3.0": [ - "2.1.4" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.1", - "2.6.2", - "2.10.2" - ], - "CIS-4.0.1": [ - "2.1.4" - ], - "CIS-5.0": [ - "2.1.4" - ], - "CIS-1.4": [ - "2.1.5" - ], - "CCC": [ - "CCC.Logging.CN05.AR01" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.8" - ], - "CIS-1.5": [ - "2.1.5" - ], - "AWS-Account-Security-Onboarding": [ - "S3 Block Public Access" - ], - "KISA-ISMS-P-2023": [ - "2.6.1", - "2.6.2", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1530" - ], - "CIS-2.0": [ - "2.1.4" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Check S3 Bucket Level Public Access Block.", - "title": "Check S3 Bucket Level Public Access Block.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_level_public_access_block-211203495394-eu-west-1-logs-sure-jackal" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::logs-sure-jackal", - "name": "logs-sure-jackal", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "ELBRegionEu-West-1", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::156460612806:root" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/*" - }, - { - "Effect": "Allow", - "Principal": { - "Service": "logdelivery.elasticloadbalancing.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/*" - }, - { - "Sid": "AlbNlbLogDeliveryWrite", - "Effect": "Allow", - "Principal": { - "Service": "delivery.logs.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/*", - "Condition": { - "StringEquals": { - "s3:x-amz-acl": "bucket-owner-full-control", - "aws:ResourceOrgID": "o-123456" - } - } - }, - { - "Sid": "AlbNlbLogDeliveryAclCheck", - "Effect": "Allow", - "Principal": { - "Service": "delivery.logs.amazonaws.com" - }, - "Action": [ - "s3:ListBucket", - "s3:GetBucketAcl" - ], - "Resource": "arn:aws:s3:::logs-sure-jackal", - "Condition": { - "StringEquals": { - "aws:ResourceOrgID": "o-123456" - } - } - }, - { - "Sid": "AWSAccessLogDeliveryWrite", - "Effect": "Allow", - "Principal": { - "Service": "logging.s3.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/*", - "Condition": { - "StringEquals": { - "aws:ResourceOrgID": "o-123456" - }, - "ForAnyValue:StringEquals": { - "aws:SourceAccount": "211203495394" - }, - "ForAnyValue:ArnLike": { - "aws:SourceArn": "arn:aws:s3:::s3-bucket-sure-jackal" - } - } - }, - { - "Sid": "AWSAccessLogDeliveryAclCheck", - "Effect": "Allow", - "Principal": { - "Service": "logging.s3.amazonaws.com" - }, - "Action": "s3:GetBucketAcl", - "Resource": "arn:aws:s3:::logs-sure-jackal", - "Condition": { - "StringEquals": { - "aws:ResourceOrgID": "o-123456" - } - } - }, - { - "Sid": "AWSCloudTrailAclCheck", - "Effect": "Allow", - "Principal": { - "Service": "cloudtrail.amazonaws.com" - }, - "Action": "s3:GetBucketAcl", - "Resource": "arn:aws:s3:::logs-sure-jackal" - }, - { - "Sid": "AWSCloudTrailWrite", - "Effect": "Allow", - "Principal": { - "Service": "cloudtrail.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/AWSLogs/*", - "Condition": { - "StringEquals": { - "s3:x-amz-acl": "bucket-owner-full-control" - } - } - }, - { - "Sid": "denyOutdatedTLS", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:*", - "Resource": [ - "arn:aws:s3:::logs-sure-jackal/*", - "arn:aws:s3:::logs-sure-jackal" - ], - "Condition": { - "NumericLessThan": { - "s3:TlsVersion": "1.2" - } - } - }, - { - "Sid": "denyInsecureTransport", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:*", - "Resource": [ - "arn:aws:s3:::logs-sure-jackal/*", - "arn:aws:s3:::logs-sure-jackal" - ], - "Condition": { - "Bool": { - "aws:SecureTransport": "false" - } - } - }, - { - "Sid": "WafLogDeliveryWrite", - "Effect": "Allow", - "Principal": { - "Service": "delivery.logs.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/AWSLogs/211203495394/*", - "Condition": { - "StringEquals": { - "aws:SourceAccount": "211203495394", - "s3:x-amz-acl": "bucket-owner-full-control" - }, - "ArnLike": { - "aws:SourceArn": "arn:aws:logs:eu-west-1:211203495394:*" - } - } - }, - { - "Sid": "WafLogDeliveryAclCheck", - "Effect": "Allow", - "Principal": { - "Service": "delivery.logs.amazonaws.com" - }, - "Action": "s3:GetBucketAcl", - "Resource": "arn:aws:s3:::logs-sure-jackal", - "Condition": { - "StringEquals": { - "aws:SourceAccount": "211203495394" - }, - "ArnLike": { - "aws:SourceArn": "arn:aws:logs:eu-west-1:211203495394:*" - } - } - } - ] - }, - "encryption": "AES256", - "region": "eu-west-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "logs-sure-jackal", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::logs-sure-jackal" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "You can enable Public Access Block at the bucket level to prevent the exposure of your data stored in S3.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html" - ] - }, - "risk_details": "Public access policies may be applied to sensitive data buckets.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Block Public Access is configured for the S3 Bucket s3-bucket-sure-jackal.", - "metadata": { - "event_code": "s3_bucket_level_public_access_block", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Block Public Access is configured for the S3 Bucket s3-bucket-sure-jackal.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "PS-03.02B", - "IAM-10.01B", - "COS-02.01B" - ], - "CIS-3.0": [ - "2.1.4" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.1", - "2.6.2", - "2.10.2" - ], - "CIS-4.0.1": [ - "2.1.4" - ], - "CIS-5.0": [ - "2.1.4" - ], - "CIS-1.4": [ - "2.1.5" - ], - "CCC": [ - "CCC.Logging.CN05.AR01" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.8" - ], - "CIS-1.5": [ - "2.1.5" - ], - "AWS-Account-Security-Onboarding": [ - "S3 Block Public Access" - ], - "KISA-ISMS-P-2023": [ - "2.6.1", - "2.6.2", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1530" - ], - "CIS-2.0": [ - "2.1.4" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Check S3 Bucket Level Public Access Block.", - "title": "Check S3 Bucket Level Public Access Block.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_level_public_access_block-211203495394-eu-west-1-s3-bucket-sure-jackal" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::s3-bucket-sure-jackal", - "name": "s3-bucket-sure-jackal", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": true, - "logging": true, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": null, - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "denyOutdatedTLS", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:*", - "Resource": [ - "arn:aws:s3:::s3-bucket-sure-jackal/*", - "arn:aws:s3:::s3-bucket-sure-jackal" - ], - "Condition": { - "NumericLessThan": { - "s3:TlsVersion": "1.2" - } - } - }, - { - "Sid": "denyInsecureTransport", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:*", - "Resource": [ - "arn:aws:s3:::s3-bucket-sure-jackal/*", - "arn:aws:s3:::s3-bucket-sure-jackal" - ], - "Condition": { - "Bool": { - "aws:SecureTransport": "false" - } - } - }, - { - "Sid": "denyUnencryptedObjectUploads", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal/*", - "Condition": { - "Null": { - "s3:x-amz-server-side-encryption": "true" - } - } - }, - { - "Sid": "denySSECEncryptedObjectUploads", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal/*", - "Condition": { - "Null": { - "s3:x-amz-server-side-encryption-customer-algorithm": "false" - } - } - }, - { - "Sid": "denyIncorrectKmsKeySse", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal/*", - "Condition": { - "StringNotEquals": { - "s3:x-amz-server-side-encryption-aws-kms-key-id": "arn:aws:kms:eu-west-1:211203495394:key/34307c6a-e2e3-4f56-8543-fa92dd73df4f" - } - } - }, - { - "Sid": "denyIncorrectEncryptionHeaders", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal/*", - "Condition": { - "StringNotEquals": { - "s3:x-amz-server-side-encryption": "aws:kms" - } - } - }, - { - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:role/terraform-20251019182000328500000001" - }, - "Action": "s3:ListBucket", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal" - } - ] - }, - "encryption": "aws:kms", - "region": "eu-west-1", - "logging_target_bucket": "logs-sure-jackal", - "ownership": "BucketOwnerPreferred", - "object_lock": true, - "mfa_delete": false, - "tags": [ - { - "Key": "Owner", - "Value": "Anton" - } - ], - "lifecycle": [ - { - "id": "log", - "status": "Enabled" - }, - { - "id": "log1", - "status": "Enabled" - }, - { - "id": "log2", - "status": "Enabled" - } - ], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [ - "Owner:Anton" - ], - "name": "s3-bucket-sure-jackal", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::s3-bucket-sure-jackal" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "You can enable Public Access Block at the bucket level to prevent the exposure of your data stored in S3.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html" - ] - }, - "risk_details": "Public access policies may be applied to sensitive data buckets.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Block Public Access is configured for the S3 Bucket simple-sure-jackal.", - "metadata": { - "event_code": "s3_bucket_level_public_access_block", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Block Public Access is configured for the S3 Bucket simple-sure-jackal.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "PS-03.02B", - "IAM-10.01B", - "COS-02.01B" - ], - "CIS-3.0": [ - "2.1.4" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.1", - "2.6.2", - "2.10.2" - ], - "CIS-4.0.1": [ - "2.1.4" - ], - "CIS-5.0": [ - "2.1.4" - ], - "CIS-1.4": [ - "2.1.5" - ], - "CCC": [ - "CCC.Logging.CN05.AR01" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.8" - ], - "CIS-1.5": [ - "2.1.5" - ], - "AWS-Account-Security-Onboarding": [ - "S3 Block Public Access" - ], - "KISA-ISMS-P-2023": [ - "2.6.1", - "2.6.2", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1530" - ], - "CIS-2.0": [ - "2.1.4" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Check S3 Bucket Level Public Access Block.", - "title": "Check S3 Bucket Level Public Access Block.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_level_public_access_block-211203495394-eu-west-1-simple-sure-jackal" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::simple-sure-jackal", - "name": "simple-sure-jackal", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "eu-west-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "simple-sure-jackal", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::simple-sure-jackal" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "You can enable Public Access Block at the bucket level to prevent the exposure of your data stored in S3.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html" - ] - }, - "risk_details": "Public access policies may be applied to sensitive data buckets.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket cloudfront-logs-sure-jackal does not have a lifecycle configuration enabled.", - "metadata": { - "event_code": "s3_bucket_lifecycle_enabled", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "S3 Bucket cloudfront-logs-sure-jackal does not have a lifecycle configuration enabled.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lifecycle-mgmt.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OPS-32.02B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.3", - "2.12.1" - ], - "PCI-4.0": [ - "10.5.1.12", - "10.5.1.13", - "3.2.1.8", - "3.2.1.9", - "3.3.1.1.8", - "3.3.1.1.9", - "3.3.1.3.8", - "3.3.1.3.9", - "3.3.2.8", - "3.3.2.9", - "3.3.3.8", - "3.3.3.9" - ], - "PCI-3.2.1": [ - "3.1", - "3.1.a", - "3.2", - "3.2.c", - "10.7", - "10.7.a" - ], - "CCC": [ - "CCC.AuditLog.CN06.AR01", - "CCC.CntrReg.CN02.AR01", - "CCC.ObjStor.CN03.AR01", - "CCC.ObjStor.CN03.AR02" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.13" - ], - "ISO27001-2022": [ - "A.8.10" - ], - "KISA-ISMS-P-2023": [ - "2.9.3", - "2.12.1" - ], - "NIS2": [ - "12.2.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Check if S3 buckets have Lifecycle configuration enabled.", - "title": "Check if S3 buckets have a Lifecycle configuration enabled", - "types": [ - "AWS Foundational Security Best Practices" - ], - "uid": "prowler-aws-s3_bucket_lifecycle_enabled-211203495394-eu-west-1-cloudfront-logs-sure-jackal" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::cloudfront-logs-sure-jackal", - "name": "cloudfront-logs-sure-jackal", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "awslogsdelivery+s3_us-east-1", - "ID": "c4c1ede66af53448b93c283ce9448c4ba468c9432aa01d700d3878632f77d2d0", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - }, - { - "display_name": null, - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "eu-west-1", - "logging_target_bucket": null, - "ownership": "ObjectWriter", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "cloudfront-logs-sure-jackal", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::cloudfront-logs-sure-jackal" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Enable lifecycle policies on your S3 buckets to automatically manage the transition and expiration of data.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/how-to-set-lifecycle-configuration-intro.html" - ] - }, - "risk_details": "The risks of not having lifecycle management enabled for S3 buckets include higher storage costs, unmanaged data retention, and potential non-compliance with data policies.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket logs-sure-jackal does not have a lifecycle configuration enabled.", - "metadata": { - "event_code": "s3_bucket_lifecycle_enabled", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "S3 Bucket logs-sure-jackal does not have a lifecycle configuration enabled.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lifecycle-mgmt.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OPS-32.02B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.3", - "2.12.1" - ], - "PCI-4.0": [ - "10.5.1.12", - "10.5.1.13", - "3.2.1.8", - "3.2.1.9", - "3.3.1.1.8", - "3.3.1.1.9", - "3.3.1.3.8", - "3.3.1.3.9", - "3.3.2.8", - "3.3.2.9", - "3.3.3.8", - "3.3.3.9" - ], - "PCI-3.2.1": [ - "3.1", - "3.1.a", - "3.2", - "3.2.c", - "10.7", - "10.7.a" - ], - "CCC": [ - "CCC.AuditLog.CN06.AR01", - "CCC.CntrReg.CN02.AR01", - "CCC.ObjStor.CN03.AR01", - "CCC.ObjStor.CN03.AR02" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.13" - ], - "ISO27001-2022": [ - "A.8.10" - ], - "KISA-ISMS-P-2023": [ - "2.9.3", - "2.12.1" - ], - "NIS2": [ - "12.2.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Check if S3 buckets have Lifecycle configuration enabled.", - "title": "Check if S3 buckets have a Lifecycle configuration enabled", - "types": [ - "AWS Foundational Security Best Practices" - ], - "uid": "prowler-aws-s3_bucket_lifecycle_enabled-211203495394-eu-west-1-logs-sure-jackal" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::logs-sure-jackal", - "name": "logs-sure-jackal", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "ELBRegionEu-West-1", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::156460612806:root" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/*" - }, - { - "Effect": "Allow", - "Principal": { - "Service": "logdelivery.elasticloadbalancing.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/*" - }, - { - "Sid": "AlbNlbLogDeliveryWrite", - "Effect": "Allow", - "Principal": { - "Service": "delivery.logs.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/*", - "Condition": { - "StringEquals": { - "s3:x-amz-acl": "bucket-owner-full-control", - "aws:ResourceOrgID": "o-123456" - } - } - }, - { - "Sid": "AlbNlbLogDeliveryAclCheck", - "Effect": "Allow", - "Principal": { - "Service": "delivery.logs.amazonaws.com" - }, - "Action": [ - "s3:ListBucket", - "s3:GetBucketAcl" - ], - "Resource": "arn:aws:s3:::logs-sure-jackal", - "Condition": { - "StringEquals": { - "aws:ResourceOrgID": "o-123456" - } - } - }, - { - "Sid": "AWSAccessLogDeliveryWrite", - "Effect": "Allow", - "Principal": { - "Service": "logging.s3.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/*", - "Condition": { - "StringEquals": { - "aws:ResourceOrgID": "o-123456" - }, - "ForAnyValue:StringEquals": { - "aws:SourceAccount": "211203495394" - }, - "ForAnyValue:ArnLike": { - "aws:SourceArn": "arn:aws:s3:::s3-bucket-sure-jackal" - } - } - }, - { - "Sid": "AWSAccessLogDeliveryAclCheck", - "Effect": "Allow", - "Principal": { - "Service": "logging.s3.amazonaws.com" - }, - "Action": "s3:GetBucketAcl", - "Resource": "arn:aws:s3:::logs-sure-jackal", - "Condition": { - "StringEquals": { - "aws:ResourceOrgID": "o-123456" - } - } - }, - { - "Sid": "AWSCloudTrailAclCheck", - "Effect": "Allow", - "Principal": { - "Service": "cloudtrail.amazonaws.com" - }, - "Action": "s3:GetBucketAcl", - "Resource": "arn:aws:s3:::logs-sure-jackal" - }, - { - "Sid": "AWSCloudTrailWrite", - "Effect": "Allow", - "Principal": { - "Service": "cloudtrail.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/AWSLogs/*", - "Condition": { - "StringEquals": { - "s3:x-amz-acl": "bucket-owner-full-control" - } - } - }, - { - "Sid": "denyOutdatedTLS", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:*", - "Resource": [ - "arn:aws:s3:::logs-sure-jackal/*", - "arn:aws:s3:::logs-sure-jackal" - ], - "Condition": { - "NumericLessThan": { - "s3:TlsVersion": "1.2" - } - } - }, - { - "Sid": "denyInsecureTransport", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:*", - "Resource": [ - "arn:aws:s3:::logs-sure-jackal/*", - "arn:aws:s3:::logs-sure-jackal" - ], - "Condition": { - "Bool": { - "aws:SecureTransport": "false" - } - } - }, - { - "Sid": "WafLogDeliveryWrite", - "Effect": "Allow", - "Principal": { - "Service": "delivery.logs.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/AWSLogs/211203495394/*", - "Condition": { - "StringEquals": { - "aws:SourceAccount": "211203495394", - "s3:x-amz-acl": "bucket-owner-full-control" - }, - "ArnLike": { - "aws:SourceArn": "arn:aws:logs:eu-west-1:211203495394:*" - } - } - }, - { - "Sid": "WafLogDeliveryAclCheck", - "Effect": "Allow", - "Principal": { - "Service": "delivery.logs.amazonaws.com" - }, - "Action": "s3:GetBucketAcl", - "Resource": "arn:aws:s3:::logs-sure-jackal", - "Condition": { - "StringEquals": { - "aws:SourceAccount": "211203495394" - }, - "ArnLike": { - "aws:SourceArn": "arn:aws:logs:eu-west-1:211203495394:*" - } - } - } - ] - }, - "encryption": "AES256", - "region": "eu-west-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "logs-sure-jackal", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::logs-sure-jackal" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Enable lifecycle policies on your S3 buckets to automatically manage the transition and expiration of data.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/how-to-set-lifecycle-configuration-intro.html" - ] - }, - "risk_details": "The risks of not having lifecycle management enabled for S3 buckets include higher storage costs, unmanaged data retention, and potential non-compliance with data policies.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket s3-bucket-sure-jackal has a lifecycle configuration enabled.", - "metadata": { - "event_code": "s3_bucket_lifecycle_enabled", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 Bucket s3-bucket-sure-jackal has a lifecycle configuration enabled.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lifecycle-mgmt.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OPS-32.02B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.3", - "2.12.1" - ], - "PCI-4.0": [ - "10.5.1.12", - "10.5.1.13", - "3.2.1.8", - "3.2.1.9", - "3.3.1.1.8", - "3.3.1.1.9", - "3.3.1.3.8", - "3.3.1.3.9", - "3.3.2.8", - "3.3.2.9", - "3.3.3.8", - "3.3.3.9" - ], - "PCI-3.2.1": [ - "3.1", - "3.1.a", - "3.2", - "3.2.c", - "10.7", - "10.7.a" - ], - "CCC": [ - "CCC.AuditLog.CN06.AR01", - "CCC.CntrReg.CN02.AR01", - "CCC.ObjStor.CN03.AR01", - "CCC.ObjStor.CN03.AR02" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.13" - ], - "ISO27001-2022": [ - "A.8.10" - ], - "KISA-ISMS-P-2023": [ - "2.9.3", - "2.12.1" - ], - "NIS2": [ - "12.2.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Check if S3 buckets have Lifecycle configuration enabled.", - "title": "Check if S3 buckets have a Lifecycle configuration enabled", - "types": [ - "AWS Foundational Security Best Practices" - ], - "uid": "prowler-aws-s3_bucket_lifecycle_enabled-211203495394-eu-west-1-s3-bucket-sure-jackal" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::s3-bucket-sure-jackal", - "name": "s3-bucket-sure-jackal", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": true, - "logging": true, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": null, - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "denyOutdatedTLS", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:*", - "Resource": [ - "arn:aws:s3:::s3-bucket-sure-jackal/*", - "arn:aws:s3:::s3-bucket-sure-jackal" - ], - "Condition": { - "NumericLessThan": { - "s3:TlsVersion": "1.2" - } - } - }, - { - "Sid": "denyInsecureTransport", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:*", - "Resource": [ - "arn:aws:s3:::s3-bucket-sure-jackal/*", - "arn:aws:s3:::s3-bucket-sure-jackal" - ], - "Condition": { - "Bool": { - "aws:SecureTransport": "false" - } - } - }, - { - "Sid": "denyUnencryptedObjectUploads", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal/*", - "Condition": { - "Null": { - "s3:x-amz-server-side-encryption": "true" - } - } - }, - { - "Sid": "denySSECEncryptedObjectUploads", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal/*", - "Condition": { - "Null": { - "s3:x-amz-server-side-encryption-customer-algorithm": "false" - } - } - }, - { - "Sid": "denyIncorrectKmsKeySse", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal/*", - "Condition": { - "StringNotEquals": { - "s3:x-amz-server-side-encryption-aws-kms-key-id": "arn:aws:kms:eu-west-1:211203495394:key/34307c6a-e2e3-4f56-8543-fa92dd73df4f" - } - } - }, - { - "Sid": "denyIncorrectEncryptionHeaders", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal/*", - "Condition": { - "StringNotEquals": { - "s3:x-amz-server-side-encryption": "aws:kms" - } - } - }, - { - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:role/terraform-20251019182000328500000001" - }, - "Action": "s3:ListBucket", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal" - } - ] - }, - "encryption": "aws:kms", - "region": "eu-west-1", - "logging_target_bucket": "logs-sure-jackal", - "ownership": "BucketOwnerPreferred", - "object_lock": true, - "mfa_delete": false, - "tags": [ - { - "Key": "Owner", - "Value": "Anton" - } - ], - "lifecycle": [ - { - "id": "log", - "status": "Enabled" - }, - { - "id": "log1", - "status": "Enabled" - }, - { - "id": "log2", - "status": "Enabled" - } - ], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [ - "Owner:Anton" - ], - "name": "s3-bucket-sure-jackal", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::s3-bucket-sure-jackal" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Enable lifecycle policies on your S3 buckets to automatically manage the transition and expiration of data.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/how-to-set-lifecycle-configuration-intro.html" - ] - }, - "risk_details": "The risks of not having lifecycle management enabled for S3 buckets include higher storage costs, unmanaged data retention, and potential non-compliance with data policies.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket simple-sure-jackal does not have a lifecycle configuration enabled.", - "metadata": { - "event_code": "s3_bucket_lifecycle_enabled", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "S3 Bucket simple-sure-jackal does not have a lifecycle configuration enabled.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lifecycle-mgmt.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OPS-32.02B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.3", - "2.12.1" - ], - "PCI-4.0": [ - "10.5.1.12", - "10.5.1.13", - "3.2.1.8", - "3.2.1.9", - "3.3.1.1.8", - "3.3.1.1.9", - "3.3.1.3.8", - "3.3.1.3.9", - "3.3.2.8", - "3.3.2.9", - "3.3.3.8", - "3.3.3.9" - ], - "PCI-3.2.1": [ - "3.1", - "3.1.a", - "3.2", - "3.2.c", - "10.7", - "10.7.a" - ], - "CCC": [ - "CCC.AuditLog.CN06.AR01", - "CCC.CntrReg.CN02.AR01", - "CCC.ObjStor.CN03.AR01", - "CCC.ObjStor.CN03.AR02" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.13" - ], - "ISO27001-2022": [ - "A.8.10" - ], - "KISA-ISMS-P-2023": [ - "2.9.3", - "2.12.1" - ], - "NIS2": [ - "12.2.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Check if S3 buckets have Lifecycle configuration enabled.", - "title": "Check if S3 buckets have a Lifecycle configuration enabled", - "types": [ - "AWS Foundational Security Best Practices" - ], - "uid": "prowler-aws-s3_bucket_lifecycle_enabled-211203495394-eu-west-1-simple-sure-jackal" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::simple-sure-jackal", - "name": "simple-sure-jackal", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "eu-west-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "simple-sure-jackal", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::simple-sure-jackal" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Enable lifecycle policies on your S3 buckets to automatically manage the transition and expiration of data.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/how-to-set-lifecycle-configuration-intro.html" - ] - }, - "risk_details": "The risks of not having lifecycle management enabled for S3 buckets include higher storage costs, unmanaged data retention, and potential non-compliance with data policies.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket cloudfront-logs-sure-jackal has MFA Delete disabled.", - "metadata": { - "event_code": "s3_bucket_no_mfa_delete", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "S3 Bucket cloudfront-logs-sure-jackal has MFA Delete disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "AM-07.02B", - "OPS-16.01B", - "IAM-04.06B", - "IAM-09.02B", - "IAM-09.01AC", - "PSS-05.01B", - "PSS-07.02B" - ], - "CIS-3.0": [ - "2.1.2" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.3", - "2.10.2" - ], - "CIS-4.0.1": [ - "2.1.2" - ], - "PCI-4.0": [ - "10.3.2.22", - "3.5.1.3.27", - "8.4.1.5", - "8.4.2.5", - "8.4.3.5", - "A1.1.2.18", - "A3.4.1.20" - ], - "CIS-5.0": [ - "2.1.2" - ], - "CIS-1.4": [ - "2.1.3" - ], - "ProwlerThreatScore-1.0": [ - "2.2.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.20" - ], - "CIS-1.5": [ - "2.1.3" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP02" - ], - "KISA-ISMS-P-2023": [ - "2.5.3", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1485" - ], - "CIS-2.0": [ - "2.1.2" - ], - "NIS2": [ - "11.7.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Check if S3 bucket MFA Delete is not enabled.", - "title": "Check if S3 bucket MFA Delete is not enabled.", - "types": [ - "Logging and Monitoring" - ], - "uid": "prowler-aws-s3_bucket_no_mfa_delete-211203495394-eu-west-1-cloudfront-logs-sure-jackal" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::cloudfront-logs-sure-jackal", - "name": "cloudfront-logs-sure-jackal", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "awslogsdelivery+s3_us-east-1", - "ID": "c4c1ede66af53448b93c283ce9448c4ba468c9432aa01d700d3878632f77d2d0", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - }, - { - "display_name": null, - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "eu-west-1", - "logging_target_bucket": null, - "ownership": "ObjectWriter", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "cloudfront-logs-sure-jackal", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::cloudfront-logs-sure-jackal" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Adding MFA delete to an S3 bucket, requires additional authentication when you change the version state of your bucket or you delete and object version adding another layer of security in the event your security credentials are compromised or unauthorized access is granted.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/MultiFactorAuthenticationDelete.html" - ] - }, - "risk_details": "Your security credentials are compromised or unauthorized access is granted.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket logs-sure-jackal has MFA Delete disabled.", - "metadata": { - "event_code": "s3_bucket_no_mfa_delete", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "S3 Bucket logs-sure-jackal has MFA Delete disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "AM-07.02B", - "OPS-16.01B", - "IAM-04.06B", - "IAM-09.02B", - "IAM-09.01AC", - "PSS-05.01B", - "PSS-07.02B" - ], - "CIS-3.0": [ - "2.1.2" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.3", - "2.10.2" - ], - "CIS-4.0.1": [ - "2.1.2" - ], - "PCI-4.0": [ - "10.3.2.22", - "3.5.1.3.27", - "8.4.1.5", - "8.4.2.5", - "8.4.3.5", - "A1.1.2.18", - "A3.4.1.20" - ], - "CIS-5.0": [ - "2.1.2" - ], - "CIS-1.4": [ - "2.1.3" - ], - "ProwlerThreatScore-1.0": [ - "2.2.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.20" - ], - "CIS-1.5": [ - "2.1.3" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP02" - ], - "KISA-ISMS-P-2023": [ - "2.5.3", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1485" - ], - "CIS-2.0": [ - "2.1.2" - ], - "NIS2": [ - "11.7.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Check if S3 bucket MFA Delete is not enabled.", - "title": "Check if S3 bucket MFA Delete is not enabled.", - "types": [ - "Logging and Monitoring" - ], - "uid": "prowler-aws-s3_bucket_no_mfa_delete-211203495394-eu-west-1-logs-sure-jackal" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::logs-sure-jackal", - "name": "logs-sure-jackal", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "ELBRegionEu-West-1", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::156460612806:root" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/*" - }, - { - "Effect": "Allow", - "Principal": { - "Service": "logdelivery.elasticloadbalancing.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/*" - }, - { - "Sid": "AlbNlbLogDeliveryWrite", - "Effect": "Allow", - "Principal": { - "Service": "delivery.logs.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/*", - "Condition": { - "StringEquals": { - "s3:x-amz-acl": "bucket-owner-full-control", - "aws:ResourceOrgID": "o-123456" - } - } - }, - { - "Sid": "AlbNlbLogDeliveryAclCheck", - "Effect": "Allow", - "Principal": { - "Service": "delivery.logs.amazonaws.com" - }, - "Action": [ - "s3:ListBucket", - "s3:GetBucketAcl" - ], - "Resource": "arn:aws:s3:::logs-sure-jackal", - "Condition": { - "StringEquals": { - "aws:ResourceOrgID": "o-123456" - } - } - }, - { - "Sid": "AWSAccessLogDeliveryWrite", - "Effect": "Allow", - "Principal": { - "Service": "logging.s3.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/*", - "Condition": { - "StringEquals": { - "aws:ResourceOrgID": "o-123456" - }, - "ForAnyValue:StringEquals": { - "aws:SourceAccount": "211203495394" - }, - "ForAnyValue:ArnLike": { - "aws:SourceArn": "arn:aws:s3:::s3-bucket-sure-jackal" - } - } - }, - { - "Sid": "AWSAccessLogDeliveryAclCheck", - "Effect": "Allow", - "Principal": { - "Service": "logging.s3.amazonaws.com" - }, - "Action": "s3:GetBucketAcl", - "Resource": "arn:aws:s3:::logs-sure-jackal", - "Condition": { - "StringEquals": { - "aws:ResourceOrgID": "o-123456" - } - } - }, - { - "Sid": "AWSCloudTrailAclCheck", - "Effect": "Allow", - "Principal": { - "Service": "cloudtrail.amazonaws.com" - }, - "Action": "s3:GetBucketAcl", - "Resource": "arn:aws:s3:::logs-sure-jackal" - }, - { - "Sid": "AWSCloudTrailWrite", - "Effect": "Allow", - "Principal": { - "Service": "cloudtrail.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/AWSLogs/*", - "Condition": { - "StringEquals": { - "s3:x-amz-acl": "bucket-owner-full-control" - } - } - }, - { - "Sid": "denyOutdatedTLS", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:*", - "Resource": [ - "arn:aws:s3:::logs-sure-jackal/*", - "arn:aws:s3:::logs-sure-jackal" - ], - "Condition": { - "NumericLessThan": { - "s3:TlsVersion": "1.2" - } - } - }, - { - "Sid": "denyInsecureTransport", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:*", - "Resource": [ - "arn:aws:s3:::logs-sure-jackal/*", - "arn:aws:s3:::logs-sure-jackal" - ], - "Condition": { - "Bool": { - "aws:SecureTransport": "false" - } - } - }, - { - "Sid": "WafLogDeliveryWrite", - "Effect": "Allow", - "Principal": { - "Service": "delivery.logs.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/AWSLogs/211203495394/*", - "Condition": { - "StringEquals": { - "aws:SourceAccount": "211203495394", - "s3:x-amz-acl": "bucket-owner-full-control" - }, - "ArnLike": { - "aws:SourceArn": "arn:aws:logs:eu-west-1:211203495394:*" - } - } - }, - { - "Sid": "WafLogDeliveryAclCheck", - "Effect": "Allow", - "Principal": { - "Service": "delivery.logs.amazonaws.com" - }, - "Action": "s3:GetBucketAcl", - "Resource": "arn:aws:s3:::logs-sure-jackal", - "Condition": { - "StringEquals": { - "aws:SourceAccount": "211203495394" - }, - "ArnLike": { - "aws:SourceArn": "arn:aws:logs:eu-west-1:211203495394:*" - } - } - } - ] - }, - "encryption": "AES256", - "region": "eu-west-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "logs-sure-jackal", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::logs-sure-jackal" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Adding MFA delete to an S3 bucket, requires additional authentication when you change the version state of your bucket or you delete and object version adding another layer of security in the event your security credentials are compromised or unauthorized access is granted.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/MultiFactorAuthenticationDelete.html" - ] - }, - "risk_details": "Your security credentials are compromised or unauthorized access is granted.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket s3-bucket-sure-jackal has MFA Delete disabled.", - "metadata": { - "event_code": "s3_bucket_no_mfa_delete", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "S3 Bucket s3-bucket-sure-jackal has MFA Delete disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "AM-07.02B", - "OPS-16.01B", - "IAM-04.06B", - "IAM-09.02B", - "IAM-09.01AC", - "PSS-05.01B", - "PSS-07.02B" - ], - "CIS-3.0": [ - "2.1.2" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.3", - "2.10.2" - ], - "CIS-4.0.1": [ - "2.1.2" - ], - "PCI-4.0": [ - "10.3.2.22", - "3.5.1.3.27", - "8.4.1.5", - "8.4.2.5", - "8.4.3.5", - "A1.1.2.18", - "A3.4.1.20" - ], - "CIS-5.0": [ - "2.1.2" - ], - "CIS-1.4": [ - "2.1.3" - ], - "ProwlerThreatScore-1.0": [ - "2.2.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.20" - ], - "CIS-1.5": [ - "2.1.3" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP02" - ], - "KISA-ISMS-P-2023": [ - "2.5.3", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1485" - ], - "CIS-2.0": [ - "2.1.2" - ], - "NIS2": [ - "11.7.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Check if S3 bucket MFA Delete is not enabled.", - "title": "Check if S3 bucket MFA Delete is not enabled.", - "types": [ - "Logging and Monitoring" - ], - "uid": "prowler-aws-s3_bucket_no_mfa_delete-211203495394-eu-west-1-s3-bucket-sure-jackal" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::s3-bucket-sure-jackal", - "name": "s3-bucket-sure-jackal", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": true, - "logging": true, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": null, - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "denyOutdatedTLS", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:*", - "Resource": [ - "arn:aws:s3:::s3-bucket-sure-jackal/*", - "arn:aws:s3:::s3-bucket-sure-jackal" - ], - "Condition": { - "NumericLessThan": { - "s3:TlsVersion": "1.2" - } - } - }, - { - "Sid": "denyInsecureTransport", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:*", - "Resource": [ - "arn:aws:s3:::s3-bucket-sure-jackal/*", - "arn:aws:s3:::s3-bucket-sure-jackal" - ], - "Condition": { - "Bool": { - "aws:SecureTransport": "false" - } - } - }, - { - "Sid": "denyUnencryptedObjectUploads", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal/*", - "Condition": { - "Null": { - "s3:x-amz-server-side-encryption": "true" - } - } - }, - { - "Sid": "denySSECEncryptedObjectUploads", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal/*", - "Condition": { - "Null": { - "s3:x-amz-server-side-encryption-customer-algorithm": "false" - } - } - }, - { - "Sid": "denyIncorrectKmsKeySse", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal/*", - "Condition": { - "StringNotEquals": { - "s3:x-amz-server-side-encryption-aws-kms-key-id": "arn:aws:kms:eu-west-1:211203495394:key/34307c6a-e2e3-4f56-8543-fa92dd73df4f" - } - } - }, - { - "Sid": "denyIncorrectEncryptionHeaders", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal/*", - "Condition": { - "StringNotEquals": { - "s3:x-amz-server-side-encryption": "aws:kms" - } - } - }, - { - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:role/terraform-20251019182000328500000001" - }, - "Action": "s3:ListBucket", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal" - } - ] - }, - "encryption": "aws:kms", - "region": "eu-west-1", - "logging_target_bucket": "logs-sure-jackal", - "ownership": "BucketOwnerPreferred", - "object_lock": true, - "mfa_delete": false, - "tags": [ - { - "Key": "Owner", - "Value": "Anton" - } - ], - "lifecycle": [ - { - "id": "log", - "status": "Enabled" - }, - { - "id": "log1", - "status": "Enabled" - }, - { - "id": "log2", - "status": "Enabled" - } - ], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [ - "Owner:Anton" - ], - "name": "s3-bucket-sure-jackal", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::s3-bucket-sure-jackal" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Adding MFA delete to an S3 bucket, requires additional authentication when you change the version state of your bucket or you delete and object version adding another layer of security in the event your security credentials are compromised or unauthorized access is granted.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/MultiFactorAuthenticationDelete.html" - ] - }, - "risk_details": "Your security credentials are compromised or unauthorized access is granted.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket simple-sure-jackal has MFA Delete disabled.", - "metadata": { - "event_code": "s3_bucket_no_mfa_delete", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "S3 Bucket simple-sure-jackal has MFA Delete disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "AM-07.02B", - "OPS-16.01B", - "IAM-04.06B", - "IAM-09.02B", - "IAM-09.01AC", - "PSS-05.01B", - "PSS-07.02B" - ], - "CIS-3.0": [ - "2.1.2" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.3", - "2.10.2" - ], - "CIS-4.0.1": [ - "2.1.2" - ], - "PCI-4.0": [ - "10.3.2.22", - "3.5.1.3.27", - "8.4.1.5", - "8.4.2.5", - "8.4.3.5", - "A1.1.2.18", - "A3.4.1.20" - ], - "CIS-5.0": [ - "2.1.2" - ], - "CIS-1.4": [ - "2.1.3" - ], - "ProwlerThreatScore-1.0": [ - "2.2.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.20" - ], - "CIS-1.5": [ - "2.1.3" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP02" - ], - "KISA-ISMS-P-2023": [ - "2.5.3", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1485" - ], - "CIS-2.0": [ - "2.1.2" - ], - "NIS2": [ - "11.7.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Check if S3 bucket MFA Delete is not enabled.", - "title": "Check if S3 bucket MFA Delete is not enabled.", - "types": [ - "Logging and Monitoring" - ], - "uid": "prowler-aws-s3_bucket_no_mfa_delete-211203495394-eu-west-1-simple-sure-jackal" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::simple-sure-jackal", - "name": "simple-sure-jackal", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "eu-west-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "simple-sure-jackal", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::simple-sure-jackal" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Adding MFA delete to an S3 bucket, requires additional authentication when you change the version state of your bucket or you delete and object version adding another layer of security in the event your security credentials are compromised or unauthorized access is granted.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/MultiFactorAuthenticationDelete.html" - ] - }, - "risk_details": "Your security credentials are compromised or unauthorized access is granted.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket cloudfront-logs-sure-jackal has Object Lock disabled.", - "metadata": { - "event_code": "s3_bucket_object_lock", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "S3 Bucket cloudfront-logs-sure-jackal has Object Lock disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.3", - "2.12.1" - ], - "PCI-4.0": [ - "10.3.4.7" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN08.AR01", - "CCC.AuditLog.CN08.AR01", - "CCC.ObjStor.CN03.AR01", - "CCC.ObjStor.CN04.AR01", - "CCC.ObjStor.CN05.AR01", - "CCC.ObjStor.CN05.AR02" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.15" - ], - "KISA-ISMS-P-2023": [ - "2.9.3", - "2.12.1" - ], - "MITRE-ATTACK": [ - "T1485", - "T1486" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Check if S3 buckets have object lock enabled", - "title": "Check if S3 buckets have object lock enabled", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_object_lock-211203495394-eu-west-1-cloudfront-logs-sure-jackal" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::cloudfront-logs-sure-jackal", - "name": "cloudfront-logs-sure-jackal", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "awslogsdelivery+s3_us-east-1", - "ID": "c4c1ede66af53448b93c283ce9448c4ba468c9432aa01d700d3878632f77d2d0", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - }, - { - "display_name": null, - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "eu-west-1", - "logging_target_bucket": null, - "ownership": "ObjectWriter", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "cloudfront-logs-sure-jackal", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::cloudfront-logs-sure-jackal" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Ensure that your Amazon S3 buckets have Object Lock feature enabled in order to prevent the objects they store from being deleted.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lock-overview.html" - ] - }, - "risk_details": "Store objects using a write-once-read-many (WORM) model to help you prevent objects from being deleted or overwritten for a fixed amount of time or indefinitely. That helps to prevent ransomware attacks.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket logs-sure-jackal has Object Lock disabled.", - "metadata": { - "event_code": "s3_bucket_object_lock", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "S3 Bucket logs-sure-jackal has Object Lock disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.3", - "2.12.1" - ], - "PCI-4.0": [ - "10.3.4.7" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN08.AR01", - "CCC.AuditLog.CN08.AR01", - "CCC.ObjStor.CN03.AR01", - "CCC.ObjStor.CN04.AR01", - "CCC.ObjStor.CN05.AR01", - "CCC.ObjStor.CN05.AR02" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.15" - ], - "KISA-ISMS-P-2023": [ - "2.9.3", - "2.12.1" - ], - "MITRE-ATTACK": [ - "T1485", - "T1486" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Check if S3 buckets have object lock enabled", - "title": "Check if S3 buckets have object lock enabled", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_object_lock-211203495394-eu-west-1-logs-sure-jackal" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::logs-sure-jackal", - "name": "logs-sure-jackal", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "ELBRegionEu-West-1", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::156460612806:root" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/*" - }, - { - "Effect": "Allow", - "Principal": { - "Service": "logdelivery.elasticloadbalancing.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/*" - }, - { - "Sid": "AlbNlbLogDeliveryWrite", - "Effect": "Allow", - "Principal": { - "Service": "delivery.logs.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/*", - "Condition": { - "StringEquals": { - "s3:x-amz-acl": "bucket-owner-full-control", - "aws:ResourceOrgID": "o-123456" - } - } - }, - { - "Sid": "AlbNlbLogDeliveryAclCheck", - "Effect": "Allow", - "Principal": { - "Service": "delivery.logs.amazonaws.com" - }, - "Action": [ - "s3:ListBucket", - "s3:GetBucketAcl" - ], - "Resource": "arn:aws:s3:::logs-sure-jackal", - "Condition": { - "StringEquals": { - "aws:ResourceOrgID": "o-123456" - } - } - }, - { - "Sid": "AWSAccessLogDeliveryWrite", - "Effect": "Allow", - "Principal": { - "Service": "logging.s3.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/*", - "Condition": { - "StringEquals": { - "aws:ResourceOrgID": "o-123456" - }, - "ForAnyValue:StringEquals": { - "aws:SourceAccount": "211203495394" - }, - "ForAnyValue:ArnLike": { - "aws:SourceArn": "arn:aws:s3:::s3-bucket-sure-jackal" - } - } - }, - { - "Sid": "AWSAccessLogDeliveryAclCheck", - "Effect": "Allow", - "Principal": { - "Service": "logging.s3.amazonaws.com" - }, - "Action": "s3:GetBucketAcl", - "Resource": "arn:aws:s3:::logs-sure-jackal", - "Condition": { - "StringEquals": { - "aws:ResourceOrgID": "o-123456" - } - } - }, - { - "Sid": "AWSCloudTrailAclCheck", - "Effect": "Allow", - "Principal": { - "Service": "cloudtrail.amazonaws.com" - }, - "Action": "s3:GetBucketAcl", - "Resource": "arn:aws:s3:::logs-sure-jackal" - }, - { - "Sid": "AWSCloudTrailWrite", - "Effect": "Allow", - "Principal": { - "Service": "cloudtrail.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/AWSLogs/*", - "Condition": { - "StringEquals": { - "s3:x-amz-acl": "bucket-owner-full-control" - } - } - }, - { - "Sid": "denyOutdatedTLS", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:*", - "Resource": [ - "arn:aws:s3:::logs-sure-jackal/*", - "arn:aws:s3:::logs-sure-jackal" - ], - "Condition": { - "NumericLessThan": { - "s3:TlsVersion": "1.2" - } - } - }, - { - "Sid": "denyInsecureTransport", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:*", - "Resource": [ - "arn:aws:s3:::logs-sure-jackal/*", - "arn:aws:s3:::logs-sure-jackal" - ], - "Condition": { - "Bool": { - "aws:SecureTransport": "false" - } - } - }, - { - "Sid": "WafLogDeliveryWrite", - "Effect": "Allow", - "Principal": { - "Service": "delivery.logs.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/AWSLogs/211203495394/*", - "Condition": { - "StringEquals": { - "aws:SourceAccount": "211203495394", - "s3:x-amz-acl": "bucket-owner-full-control" - }, - "ArnLike": { - "aws:SourceArn": "arn:aws:logs:eu-west-1:211203495394:*" - } - } - }, - { - "Sid": "WafLogDeliveryAclCheck", - "Effect": "Allow", - "Principal": { - "Service": "delivery.logs.amazonaws.com" - }, - "Action": "s3:GetBucketAcl", - "Resource": "arn:aws:s3:::logs-sure-jackal", - "Condition": { - "StringEquals": { - "aws:SourceAccount": "211203495394" - }, - "ArnLike": { - "aws:SourceArn": "arn:aws:logs:eu-west-1:211203495394:*" - } - } - } - ] - }, - "encryption": "AES256", - "region": "eu-west-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "logs-sure-jackal", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::logs-sure-jackal" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Ensure that your Amazon S3 buckets have Object Lock feature enabled in order to prevent the objects they store from being deleted.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lock-overview.html" - ] - }, - "risk_details": "Store objects using a write-once-read-many (WORM) model to help you prevent objects from being deleted or overwritten for a fixed amount of time or indefinitely. That helps to prevent ransomware attacks.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket s3-bucket-sure-jackal has Object Lock enabled.", - "metadata": { - "event_code": "s3_bucket_object_lock", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 Bucket s3-bucket-sure-jackal has Object Lock enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.3", - "2.12.1" - ], - "PCI-4.0": [ - "10.3.4.7" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN08.AR01", - "CCC.AuditLog.CN08.AR01", - "CCC.ObjStor.CN03.AR01", - "CCC.ObjStor.CN04.AR01", - "CCC.ObjStor.CN05.AR01", - "CCC.ObjStor.CN05.AR02" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.15" - ], - "KISA-ISMS-P-2023": [ - "2.9.3", - "2.12.1" - ], - "MITRE-ATTACK": [ - "T1485", - "T1486" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Check if S3 buckets have object lock enabled", - "title": "Check if S3 buckets have object lock enabled", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_object_lock-211203495394-eu-west-1-s3-bucket-sure-jackal" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::s3-bucket-sure-jackal", - "name": "s3-bucket-sure-jackal", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": true, - "logging": true, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": null, - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "denyOutdatedTLS", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:*", - "Resource": [ - "arn:aws:s3:::s3-bucket-sure-jackal/*", - "arn:aws:s3:::s3-bucket-sure-jackal" - ], - "Condition": { - "NumericLessThan": { - "s3:TlsVersion": "1.2" - } - } - }, - { - "Sid": "denyInsecureTransport", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:*", - "Resource": [ - "arn:aws:s3:::s3-bucket-sure-jackal/*", - "arn:aws:s3:::s3-bucket-sure-jackal" - ], - "Condition": { - "Bool": { - "aws:SecureTransport": "false" - } - } - }, - { - "Sid": "denyUnencryptedObjectUploads", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal/*", - "Condition": { - "Null": { - "s3:x-amz-server-side-encryption": "true" - } - } - }, - { - "Sid": "denySSECEncryptedObjectUploads", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal/*", - "Condition": { - "Null": { - "s3:x-amz-server-side-encryption-customer-algorithm": "false" - } - } - }, - { - "Sid": "denyIncorrectKmsKeySse", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal/*", - "Condition": { - "StringNotEquals": { - "s3:x-amz-server-side-encryption-aws-kms-key-id": "arn:aws:kms:eu-west-1:211203495394:key/34307c6a-e2e3-4f56-8543-fa92dd73df4f" - } - } - }, - { - "Sid": "denyIncorrectEncryptionHeaders", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal/*", - "Condition": { - "StringNotEquals": { - "s3:x-amz-server-side-encryption": "aws:kms" - } - } - }, - { - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:role/terraform-20251019182000328500000001" - }, - "Action": "s3:ListBucket", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal" - } - ] - }, - "encryption": "aws:kms", - "region": "eu-west-1", - "logging_target_bucket": "logs-sure-jackal", - "ownership": "BucketOwnerPreferred", - "object_lock": true, - "mfa_delete": false, - "tags": [ - { - "Key": "Owner", - "Value": "Anton" - } - ], - "lifecycle": [ - { - "id": "log", - "status": "Enabled" - }, - { - "id": "log1", - "status": "Enabled" - }, - { - "id": "log2", - "status": "Enabled" - } - ], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [ - "Owner:Anton" - ], - "name": "s3-bucket-sure-jackal", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::s3-bucket-sure-jackal" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Ensure that your Amazon S3 buckets have Object Lock feature enabled in order to prevent the objects they store from being deleted.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lock-overview.html" - ] - }, - "risk_details": "Store objects using a write-once-read-many (WORM) model to help you prevent objects from being deleted or overwritten for a fixed amount of time or indefinitely. That helps to prevent ransomware attacks.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket simple-sure-jackal has Object Lock disabled.", - "metadata": { - "event_code": "s3_bucket_object_lock", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "S3 Bucket simple-sure-jackal has Object Lock disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.3", - "2.12.1" - ], - "PCI-4.0": [ - "10.3.4.7" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN08.AR01", - "CCC.AuditLog.CN08.AR01", - "CCC.ObjStor.CN03.AR01", - "CCC.ObjStor.CN04.AR01", - "CCC.ObjStor.CN05.AR01", - "CCC.ObjStor.CN05.AR02" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.15" - ], - "KISA-ISMS-P-2023": [ - "2.9.3", - "2.12.1" - ], - "MITRE-ATTACK": [ - "T1485", - "T1486" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Check if S3 buckets have object lock enabled", - "title": "Check if S3 buckets have object lock enabled", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_object_lock-211203495394-eu-west-1-simple-sure-jackal" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::simple-sure-jackal", - "name": "simple-sure-jackal", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "eu-west-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "simple-sure-jackal", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::simple-sure-jackal" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Ensure that your Amazon S3 buckets have Object Lock feature enabled in order to prevent the objects they store from being deleted.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lock-overview.html" - ] - }, - "risk_details": "Store objects using a write-once-read-many (WORM) model to help you prevent objects from being deleted or overwritten for a fixed amount of time or indefinitely. That helps to prevent ransomware attacks.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket cloudfront-logs-sure-jackal has versioning disabled.", - "metadata": { - "event_code": "s3_bucket_object_versioning", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "S3 Bucket cloudfront-logs-sure-jackal has versioning disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_3_8" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_12" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_308_a_7_i", - "164_308_a_7_ii_a", - "164_308_a_7_ii_b", - "164_308_a_7_ii_c", - "164_312_a_2_ii", - "164_312_c_1", - "164_312_c_2" - ], - "SOC2": [ - "cc_7_4", - "cc_a_1_1", - "cc_c_1_2" - ], - "C5-2025": [ - "OPS-13.01AC", - "OPS-33.02B", - "DEV-07.01B" - ], - "NIST-CSF-1.1": [ - "be_5", - "ds_4", - "ip_4", - "ip_9", - "pt_5", - "rp_1", - "rp_1" - ], - "FedRamp-Moderate-Revision-4": [ - "au-9-2", - "cp-9-b", - "cp-10", - "sc-5", - "si-12" - ], - "NIST-800-53-Revision-5": [ - "au_9_2", - "cp_1_2", - "cp_2_5", - "cp_6_a", - "cp_6_1", - "cp_6_2", - "cp_9_a", - "cp_9_b", - "cp_9_c", - "cp_10", - "cp_10_2", - "pm_11_b", - "pm_17_b", - "sc_5_2", - "sc_16_1", - "si_1_a_2", - "si_13_5" - ], - "AWS-Audit-Manager-Control-Tower-Guardrails": [ - "5.1.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.3", - "2.12.1" - ], - "PCI-4.0": [ - "10.3.4.9" - ], - "FedRAMP-Low-Revision-4": [ - "au-9", - "cp-9", - "cp-10", - "sc-5" - ], - "FFIEC": [ - "d5-ir-pl-b-6" - ], - "PCI-3.2.1": [ - "3.1", - "3.1.c", - "10.5", - "10.5.2", - "10.5.3", - "10.5.5" - ], - "GxP-EU-Annex-11": [ - "5-data", - "7.1-data-storage-damage-protection", - "7.2-data-storage-backups", - "16-business-continuity", - "17-archiving", - "4.8-validation-data-transfer" - ], - "CCC": [ - "CCC.ObjStor.CN03.AR01", - "CCC.ObjStor.CN03.AR02", - "CCC.ObjStor.CN04.AR01", - "CCC.ObjStor.CN05.AR01", - "CCC.ObjStor.CN05.AR02", - "CCC.ObjStor.CN05.AR03", - "CCC.ObjStor.CN05.AR04" - ], - "GxP-21-CFR-Part-11": [ - "11.10-a", - "11.10-c" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.14" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP04" - ], - "ISO27001-2022": [ - "A.8.3", - "A.8.10" - ], - "NIST-800-53-Revision-4": [ - "cp_10", - "si_12" - ], - "KISA-ISMS-P-2023": [ - "2.9.3", - "2.12.1" - ], - "MITRE-ATTACK": [ - "T1485", - "T1486" - ], - "CISA": [ - "your-systems-3", - "your-data-4", - "booting-up-thing-to-do-first-1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Check if S3 buckets have object versioning enabled", - "title": "Check if S3 buckets have object versioning enabled", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_object_versioning-211203495394-eu-west-1-cloudfront-logs-sure-jackal" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::cloudfront-logs-sure-jackal", - "name": "cloudfront-logs-sure-jackal", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "awslogsdelivery+s3_us-east-1", - "ID": "c4c1ede66af53448b93c283ce9448c4ba468c9432aa01d700d3878632f77d2d0", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - }, - { - "display_name": null, - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "eu-west-1", - "logging_target_bucket": null, - "ownership": "ObjectWriter", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "cloudfront-logs-sure-jackal", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::cloudfront-logs-sure-jackal" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Configure versioning using the Amazon console or API for buckets with sensitive information that is changing frequently, and backup may not be enough to capture all the changes.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/dev-retired/Versioning.html" - ] - }, - "risk_details": "With versioning, you can easily recover from both unintended user actions and application failures.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket logs-sure-jackal has versioning disabled.", - "metadata": { - "event_code": "s3_bucket_object_versioning", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "S3 Bucket logs-sure-jackal has versioning disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_3_8" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_12" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_308_a_7_i", - "164_308_a_7_ii_a", - "164_308_a_7_ii_b", - "164_308_a_7_ii_c", - "164_312_a_2_ii", - "164_312_c_1", - "164_312_c_2" - ], - "SOC2": [ - "cc_7_4", - "cc_a_1_1", - "cc_c_1_2" - ], - "C5-2025": [ - "OPS-13.01AC", - "OPS-33.02B", - "DEV-07.01B" - ], - "NIST-CSF-1.1": [ - "be_5", - "ds_4", - "ip_4", - "ip_9", - "pt_5", - "rp_1", - "rp_1" - ], - "FedRamp-Moderate-Revision-4": [ - "au-9-2", - "cp-9-b", - "cp-10", - "sc-5", - "si-12" - ], - "NIST-800-53-Revision-5": [ - "au_9_2", - "cp_1_2", - "cp_2_5", - "cp_6_a", - "cp_6_1", - "cp_6_2", - "cp_9_a", - "cp_9_b", - "cp_9_c", - "cp_10", - "cp_10_2", - "pm_11_b", - "pm_17_b", - "sc_5_2", - "sc_16_1", - "si_1_a_2", - "si_13_5" - ], - "AWS-Audit-Manager-Control-Tower-Guardrails": [ - "5.1.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.3", - "2.12.1" - ], - "PCI-4.0": [ - "10.3.4.9" - ], - "FedRAMP-Low-Revision-4": [ - "au-9", - "cp-9", - "cp-10", - "sc-5" - ], - "FFIEC": [ - "d5-ir-pl-b-6" - ], - "PCI-3.2.1": [ - "3.1", - "3.1.c", - "10.5", - "10.5.2", - "10.5.3", - "10.5.5" - ], - "GxP-EU-Annex-11": [ - "5-data", - "7.1-data-storage-damage-protection", - "7.2-data-storage-backups", - "16-business-continuity", - "17-archiving", - "4.8-validation-data-transfer" - ], - "CCC": [ - "CCC.ObjStor.CN03.AR01", - "CCC.ObjStor.CN03.AR02", - "CCC.ObjStor.CN04.AR01", - "CCC.ObjStor.CN05.AR01", - "CCC.ObjStor.CN05.AR02", - "CCC.ObjStor.CN05.AR03", - "CCC.ObjStor.CN05.AR04" - ], - "GxP-21-CFR-Part-11": [ - "11.10-a", - "11.10-c" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.14" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP04" - ], - "ISO27001-2022": [ - "A.8.3", - "A.8.10" - ], - "NIST-800-53-Revision-4": [ - "cp_10", - "si_12" - ], - "KISA-ISMS-P-2023": [ - "2.9.3", - "2.12.1" - ], - "MITRE-ATTACK": [ - "T1485", - "T1486" - ], - "CISA": [ - "your-systems-3", - "your-data-4", - "booting-up-thing-to-do-first-1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Check if S3 buckets have object versioning enabled", - "title": "Check if S3 buckets have object versioning enabled", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_object_versioning-211203495394-eu-west-1-logs-sure-jackal" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::logs-sure-jackal", - "name": "logs-sure-jackal", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "ELBRegionEu-West-1", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::156460612806:root" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/*" - }, - { - "Effect": "Allow", - "Principal": { - "Service": "logdelivery.elasticloadbalancing.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/*" - }, - { - "Sid": "AlbNlbLogDeliveryWrite", - "Effect": "Allow", - "Principal": { - "Service": "delivery.logs.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/*", - "Condition": { - "StringEquals": { - "s3:x-amz-acl": "bucket-owner-full-control", - "aws:ResourceOrgID": "o-123456" - } - } - }, - { - "Sid": "AlbNlbLogDeliveryAclCheck", - "Effect": "Allow", - "Principal": { - "Service": "delivery.logs.amazonaws.com" - }, - "Action": [ - "s3:ListBucket", - "s3:GetBucketAcl" - ], - "Resource": "arn:aws:s3:::logs-sure-jackal", - "Condition": { - "StringEquals": { - "aws:ResourceOrgID": "o-123456" - } - } - }, - { - "Sid": "AWSAccessLogDeliveryWrite", - "Effect": "Allow", - "Principal": { - "Service": "logging.s3.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/*", - "Condition": { - "StringEquals": { - "aws:ResourceOrgID": "o-123456" - }, - "ForAnyValue:StringEquals": { - "aws:SourceAccount": "211203495394" - }, - "ForAnyValue:ArnLike": { - "aws:SourceArn": "arn:aws:s3:::s3-bucket-sure-jackal" - } - } - }, - { - "Sid": "AWSAccessLogDeliveryAclCheck", - "Effect": "Allow", - "Principal": { - "Service": "logging.s3.amazonaws.com" - }, - "Action": "s3:GetBucketAcl", - "Resource": "arn:aws:s3:::logs-sure-jackal", - "Condition": { - "StringEquals": { - "aws:ResourceOrgID": "o-123456" - } - } - }, - { - "Sid": "AWSCloudTrailAclCheck", - "Effect": "Allow", - "Principal": { - "Service": "cloudtrail.amazonaws.com" - }, - "Action": "s3:GetBucketAcl", - "Resource": "arn:aws:s3:::logs-sure-jackal" - }, - { - "Sid": "AWSCloudTrailWrite", - "Effect": "Allow", - "Principal": { - "Service": "cloudtrail.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/AWSLogs/*", - "Condition": { - "StringEquals": { - "s3:x-amz-acl": "bucket-owner-full-control" - } - } - }, - { - "Sid": "denyOutdatedTLS", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:*", - "Resource": [ - "arn:aws:s3:::logs-sure-jackal/*", - "arn:aws:s3:::logs-sure-jackal" - ], - "Condition": { - "NumericLessThan": { - "s3:TlsVersion": "1.2" - } - } - }, - { - "Sid": "denyInsecureTransport", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:*", - "Resource": [ - "arn:aws:s3:::logs-sure-jackal/*", - "arn:aws:s3:::logs-sure-jackal" - ], - "Condition": { - "Bool": { - "aws:SecureTransport": "false" - } - } - }, - { - "Sid": "WafLogDeliveryWrite", - "Effect": "Allow", - "Principal": { - "Service": "delivery.logs.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/AWSLogs/211203495394/*", - "Condition": { - "StringEquals": { - "aws:SourceAccount": "211203495394", - "s3:x-amz-acl": "bucket-owner-full-control" - }, - "ArnLike": { - "aws:SourceArn": "arn:aws:logs:eu-west-1:211203495394:*" - } - } - }, - { - "Sid": "WafLogDeliveryAclCheck", - "Effect": "Allow", - "Principal": { - "Service": "delivery.logs.amazonaws.com" - }, - "Action": "s3:GetBucketAcl", - "Resource": "arn:aws:s3:::logs-sure-jackal", - "Condition": { - "StringEquals": { - "aws:SourceAccount": "211203495394" - }, - "ArnLike": { - "aws:SourceArn": "arn:aws:logs:eu-west-1:211203495394:*" - } - } - } - ] - }, - "encryption": "AES256", - "region": "eu-west-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "logs-sure-jackal", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::logs-sure-jackal" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Configure versioning using the Amazon console or API for buckets with sensitive information that is changing frequently, and backup may not be enough to capture all the changes.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/dev-retired/Versioning.html" - ] - }, - "risk_details": "With versioning, you can easily recover from both unintended user actions and application failures.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket s3-bucket-sure-jackal has versioning enabled.", - "metadata": { - "event_code": "s3_bucket_object_versioning", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 Bucket s3-bucket-sure-jackal has versioning enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_3_8" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_12" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_308_a_7_i", - "164_308_a_7_ii_a", - "164_308_a_7_ii_b", - "164_308_a_7_ii_c", - "164_312_a_2_ii", - "164_312_c_1", - "164_312_c_2" - ], - "SOC2": [ - "cc_7_4", - "cc_a_1_1", - "cc_c_1_2" - ], - "C5-2025": [ - "OPS-13.01AC", - "OPS-33.02B", - "DEV-07.01B" - ], - "NIST-CSF-1.1": [ - "be_5", - "ds_4", - "ip_4", - "ip_9", - "pt_5", - "rp_1", - "rp_1" - ], - "FedRamp-Moderate-Revision-4": [ - "au-9-2", - "cp-9-b", - "cp-10", - "sc-5", - "si-12" - ], - "NIST-800-53-Revision-5": [ - "au_9_2", - "cp_1_2", - "cp_2_5", - "cp_6_a", - "cp_6_1", - "cp_6_2", - "cp_9_a", - "cp_9_b", - "cp_9_c", - "cp_10", - "cp_10_2", - "pm_11_b", - "pm_17_b", - "sc_5_2", - "sc_16_1", - "si_1_a_2", - "si_13_5" - ], - "AWS-Audit-Manager-Control-Tower-Guardrails": [ - "5.1.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.3", - "2.12.1" - ], - "PCI-4.0": [ - "10.3.4.9" - ], - "FedRAMP-Low-Revision-4": [ - "au-9", - "cp-9", - "cp-10", - "sc-5" - ], - "FFIEC": [ - "d5-ir-pl-b-6" - ], - "PCI-3.2.1": [ - "3.1", - "3.1.c", - "10.5", - "10.5.2", - "10.5.3", - "10.5.5" - ], - "GxP-EU-Annex-11": [ - "5-data", - "7.1-data-storage-damage-protection", - "7.2-data-storage-backups", - "16-business-continuity", - "17-archiving", - "4.8-validation-data-transfer" - ], - "CCC": [ - "CCC.ObjStor.CN03.AR01", - "CCC.ObjStor.CN03.AR02", - "CCC.ObjStor.CN04.AR01", - "CCC.ObjStor.CN05.AR01", - "CCC.ObjStor.CN05.AR02", - "CCC.ObjStor.CN05.AR03", - "CCC.ObjStor.CN05.AR04" - ], - "GxP-21-CFR-Part-11": [ - "11.10-a", - "11.10-c" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.14" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP04" - ], - "ISO27001-2022": [ - "A.8.3", - "A.8.10" - ], - "NIST-800-53-Revision-4": [ - "cp_10", - "si_12" - ], - "KISA-ISMS-P-2023": [ - "2.9.3", - "2.12.1" - ], - "MITRE-ATTACK": [ - "T1485", - "T1486" - ], - "CISA": [ - "your-systems-3", - "your-data-4", - "booting-up-thing-to-do-first-1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Check if S3 buckets have object versioning enabled", - "title": "Check if S3 buckets have object versioning enabled", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_object_versioning-211203495394-eu-west-1-s3-bucket-sure-jackal" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::s3-bucket-sure-jackal", - "name": "s3-bucket-sure-jackal", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": true, - "logging": true, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": null, - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "denyOutdatedTLS", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:*", - "Resource": [ - "arn:aws:s3:::s3-bucket-sure-jackal/*", - "arn:aws:s3:::s3-bucket-sure-jackal" - ], - "Condition": { - "NumericLessThan": { - "s3:TlsVersion": "1.2" - } - } - }, - { - "Sid": "denyInsecureTransport", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:*", - "Resource": [ - "arn:aws:s3:::s3-bucket-sure-jackal/*", - "arn:aws:s3:::s3-bucket-sure-jackal" - ], - "Condition": { - "Bool": { - "aws:SecureTransport": "false" - } - } - }, - { - "Sid": "denyUnencryptedObjectUploads", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal/*", - "Condition": { - "Null": { - "s3:x-amz-server-side-encryption": "true" - } - } - }, - { - "Sid": "denySSECEncryptedObjectUploads", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal/*", - "Condition": { - "Null": { - "s3:x-amz-server-side-encryption-customer-algorithm": "false" - } - } - }, - { - "Sid": "denyIncorrectKmsKeySse", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal/*", - "Condition": { - "StringNotEquals": { - "s3:x-amz-server-side-encryption-aws-kms-key-id": "arn:aws:kms:eu-west-1:211203495394:key/34307c6a-e2e3-4f56-8543-fa92dd73df4f" - } - } - }, - { - "Sid": "denyIncorrectEncryptionHeaders", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal/*", - "Condition": { - "StringNotEquals": { - "s3:x-amz-server-side-encryption": "aws:kms" - } - } - }, - { - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:role/terraform-20251019182000328500000001" - }, - "Action": "s3:ListBucket", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal" - } - ] - }, - "encryption": "aws:kms", - "region": "eu-west-1", - "logging_target_bucket": "logs-sure-jackal", - "ownership": "BucketOwnerPreferred", - "object_lock": true, - "mfa_delete": false, - "tags": [ - { - "Key": "Owner", - "Value": "Anton" - } - ], - "lifecycle": [ - { - "id": "log", - "status": "Enabled" - }, - { - "id": "log1", - "status": "Enabled" - }, - { - "id": "log2", - "status": "Enabled" - } - ], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [ - "Owner:Anton" - ], - "name": "s3-bucket-sure-jackal", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::s3-bucket-sure-jackal" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Configure versioning using the Amazon console or API for buckets with sensitive information that is changing frequently, and backup may not be enough to capture all the changes.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/dev-retired/Versioning.html" - ] - }, - "risk_details": "With versioning, you can easily recover from both unintended user actions and application failures.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket simple-sure-jackal has versioning disabled.", - "metadata": { - "event_code": "s3_bucket_object_versioning", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "S3 Bucket simple-sure-jackal has versioning disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_3_8" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_12" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_308_a_7_i", - "164_308_a_7_ii_a", - "164_308_a_7_ii_b", - "164_308_a_7_ii_c", - "164_312_a_2_ii", - "164_312_c_1", - "164_312_c_2" - ], - "SOC2": [ - "cc_7_4", - "cc_a_1_1", - "cc_c_1_2" - ], - "C5-2025": [ - "OPS-13.01AC", - "OPS-33.02B", - "DEV-07.01B" - ], - "NIST-CSF-1.1": [ - "be_5", - "ds_4", - "ip_4", - "ip_9", - "pt_5", - "rp_1", - "rp_1" - ], - "FedRamp-Moderate-Revision-4": [ - "au-9-2", - "cp-9-b", - "cp-10", - "sc-5", - "si-12" - ], - "NIST-800-53-Revision-5": [ - "au_9_2", - "cp_1_2", - "cp_2_5", - "cp_6_a", - "cp_6_1", - "cp_6_2", - "cp_9_a", - "cp_9_b", - "cp_9_c", - "cp_10", - "cp_10_2", - "pm_11_b", - "pm_17_b", - "sc_5_2", - "sc_16_1", - "si_1_a_2", - "si_13_5" - ], - "AWS-Audit-Manager-Control-Tower-Guardrails": [ - "5.1.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.3", - "2.12.1" - ], - "PCI-4.0": [ - "10.3.4.9" - ], - "FedRAMP-Low-Revision-4": [ - "au-9", - "cp-9", - "cp-10", - "sc-5" - ], - "FFIEC": [ - "d5-ir-pl-b-6" - ], - "PCI-3.2.1": [ - "3.1", - "3.1.c", - "10.5", - "10.5.2", - "10.5.3", - "10.5.5" - ], - "GxP-EU-Annex-11": [ - "5-data", - "7.1-data-storage-damage-protection", - "7.2-data-storage-backups", - "16-business-continuity", - "17-archiving", - "4.8-validation-data-transfer" - ], - "CCC": [ - "CCC.ObjStor.CN03.AR01", - "CCC.ObjStor.CN03.AR02", - "CCC.ObjStor.CN04.AR01", - "CCC.ObjStor.CN05.AR01", - "CCC.ObjStor.CN05.AR02", - "CCC.ObjStor.CN05.AR03", - "CCC.ObjStor.CN05.AR04" - ], - "GxP-21-CFR-Part-11": [ - "11.10-a", - "11.10-c" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.14" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP04" - ], - "ISO27001-2022": [ - "A.8.3", - "A.8.10" - ], - "NIST-800-53-Revision-4": [ - "cp_10", - "si_12" - ], - "KISA-ISMS-P-2023": [ - "2.9.3", - "2.12.1" - ], - "MITRE-ATTACK": [ - "T1485", - "T1486" - ], - "CISA": [ - "your-systems-3", - "your-data-4", - "booting-up-thing-to-do-first-1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Check if S3 buckets have object versioning enabled", - "title": "Check if S3 buckets have object versioning enabled", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_object_versioning-211203495394-eu-west-1-simple-sure-jackal" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::simple-sure-jackal", - "name": "simple-sure-jackal", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "eu-west-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "simple-sure-jackal", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::simple-sure-jackal" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Configure versioning using the Amazon console or API for buckets with sensitive information that is changing frequently, and backup may not be enough to capture all the changes.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/dev-retired/Versioning.html" - ] - }, - "risk_details": "With versioning, you can easily recover from both unintended user actions and application failures.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket cloudfront-logs-sure-jackal does not have a bucket policy.", - "metadata": { - "event_code": "s3_bucket_policy_public_write_access", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 Bucket cloudfront-logs-sure-jackal does not have a bucket policy.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_1", - "3_1_2", - "3_1_3", - "3_3_8", - "3_4_6", - "3_13_2", - "3_13_5" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_1_3" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_308_a_3_i", - "164_312_a_1" - ], - "C5-2025": [ - "PS-03.02B", - "IAM-10.01B" - ], - "NIST-CSF-1.1": [ - "ac_3", - "ac_5", - "ds_5", - "ip_8", - "pt_3" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-3", - "ac-4", - "ac-6", - "ac-17-1", - "ac-21-b", - "cm-2", - "sc-4", - "sc-7-3", - "sc-7" - ], - "NIST-800-53-Revision-5": [ - "ac_2_6", - "ac_3", - "ac_3_7", - "ac_4_21", - "ac_6", - "ac_17_b", - "ac_17_1", - "ac_17_4_a", - "ac_17_9", - "ac_17_10", - "cm_6_a", - "cm_9_b", - "mp_2", - "sc_7_2", - "sc_7_3", - "sc_7_7", - "sc_7_9_a", - "sc_7_11", - "sc_7_12", - "sc_7_16", - "sc_7_20", - "sc_7_21", - "sc_7_24_b", - "sc_7_25", - "sc_7_26", - "sc_7_27", - "sc_7_28", - "sc_7_a", - "sc_7_b", - "sc_7_c", - "sc_25" - ], - "ENS-RD2022": [ - "op.acc.4.aws.iam.1", - "op.exp.8.r4.aws.ct.2" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "AWS-Audit-Manager-Control-Tower-Guardrails": [ - "4.1.2" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "FedRAMP-Low-Revision-4": [ - "ac-3", - "ac-17", - "cm-2", - "sc-7" - ], - "FFIEC": [ - "d3-pc-im-b-1" - ], - "PCI-3.2.1": [ - "1.2", - "1.2.1", - "1.2.1.a", - "1.2.1.b", - "1.2.1.c", - "1.3", - "1.3.1", - "1.3.2", - "1.3.4", - "1.3.6", - "7.2", - "7.2.1" - ], - "CCC": [ - "CCC.AuditLog.CN10.AR02", - "CCC.Core.CN05.AR05" - ], - "GxP-21-CFR-Part-11": [ - "11.10-c", - "11.10-d", - "11.10-g", - "11.10-k" - ], - "ProwlerThreatScore-1.0": [ - "2.2.15" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.3" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC03-BP07" - ], - "ISO27001-2022": [ - "A.8.1" - ], - "NIST-800-53-Revision-4": [ - "ac_3", - "ac_4", - "ac_6", - "ac_21", - "sc_7_3", - "sc_7" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1485", - "T1486" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Check if S3 buckets have policies which allow WRITE access.", - "title": "Check if S3 buckets have policies which allow WRITE access.", - "types": [ - "IAM" - ], - "uid": "prowler-aws-s3_bucket_policy_public_write_access-211203495394-eu-west-1-cloudfront-logs-sure-jackal" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::cloudfront-logs-sure-jackal", - "name": "cloudfront-logs-sure-jackal", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "awslogsdelivery+s3_us-east-1", - "ID": "c4c1ede66af53448b93c283ce9448c4ba468c9432aa01d700d3878632f77d2d0", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - }, - { - "display_name": null, - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "eu-west-1", - "logging_target_bucket": null, - "ownership": "ObjectWriter", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "cloudfront-logs-sure-jackal", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::cloudfront-logs-sure-jackal" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Ensure proper bucket policy is in place with the least privilege principle applied.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_examples_s3_rw-bucket.html" - ] - }, - "risk_details": "Non intended users can put objects in a given bucket.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 public access blocked at bucket level for logs-sure-jackal.", - "metadata": { - "event_code": "s3_bucket_policy_public_write_access", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 public access blocked at bucket level for logs-sure-jackal.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_1", - "3_1_2", - "3_1_3", - "3_3_8", - "3_4_6", - "3_13_2", - "3_13_5" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_1_3" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_308_a_3_i", - "164_312_a_1" - ], - "C5-2025": [ - "PS-03.02B", - "IAM-10.01B" - ], - "NIST-CSF-1.1": [ - "ac_3", - "ac_5", - "ds_5", - "ip_8", - "pt_3" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-3", - "ac-4", - "ac-6", - "ac-17-1", - "ac-21-b", - "cm-2", - "sc-4", - "sc-7-3", - "sc-7" - ], - "NIST-800-53-Revision-5": [ - "ac_2_6", - "ac_3", - "ac_3_7", - "ac_4_21", - "ac_6", - "ac_17_b", - "ac_17_1", - "ac_17_4_a", - "ac_17_9", - "ac_17_10", - "cm_6_a", - "cm_9_b", - "mp_2", - "sc_7_2", - "sc_7_3", - "sc_7_7", - "sc_7_9_a", - "sc_7_11", - "sc_7_12", - "sc_7_16", - "sc_7_20", - "sc_7_21", - "sc_7_24_b", - "sc_7_25", - "sc_7_26", - "sc_7_27", - "sc_7_28", - "sc_7_a", - "sc_7_b", - "sc_7_c", - "sc_25" - ], - "ENS-RD2022": [ - "op.acc.4.aws.iam.1", - "op.exp.8.r4.aws.ct.2" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "AWS-Audit-Manager-Control-Tower-Guardrails": [ - "4.1.2" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "FedRAMP-Low-Revision-4": [ - "ac-3", - "ac-17", - "cm-2", - "sc-7" - ], - "FFIEC": [ - "d3-pc-im-b-1" - ], - "PCI-3.2.1": [ - "1.2", - "1.2.1", - "1.2.1.a", - "1.2.1.b", - "1.2.1.c", - "1.3", - "1.3.1", - "1.3.2", - "1.3.4", - "1.3.6", - "7.2", - "7.2.1" - ], - "CCC": [ - "CCC.AuditLog.CN10.AR02", - "CCC.Core.CN05.AR05" - ], - "GxP-21-CFR-Part-11": [ - "11.10-c", - "11.10-d", - "11.10-g", - "11.10-k" - ], - "ProwlerThreatScore-1.0": [ - "2.2.15" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.3" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC03-BP07" - ], - "ISO27001-2022": [ - "A.8.1" - ], - "NIST-800-53-Revision-4": [ - "ac_3", - "ac_4", - "ac_6", - "ac_21", - "sc_7_3", - "sc_7" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1485", - "T1486" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Check if S3 buckets have policies which allow WRITE access.", - "title": "Check if S3 buckets have policies which allow WRITE access.", - "types": [ - "IAM" - ], - "uid": "prowler-aws-s3_bucket_policy_public_write_access-211203495394-eu-west-1-logs-sure-jackal" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::logs-sure-jackal", - "name": "logs-sure-jackal", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "ELBRegionEu-West-1", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::156460612806:root" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/*" - }, - { - "Effect": "Allow", - "Principal": { - "Service": "logdelivery.elasticloadbalancing.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/*" - }, - { - "Sid": "AlbNlbLogDeliveryWrite", - "Effect": "Allow", - "Principal": { - "Service": "delivery.logs.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/*", - "Condition": { - "StringEquals": { - "s3:x-amz-acl": "bucket-owner-full-control", - "aws:ResourceOrgID": "o-123456" - } - } - }, - { - "Sid": "AlbNlbLogDeliveryAclCheck", - "Effect": "Allow", - "Principal": { - "Service": "delivery.logs.amazonaws.com" - }, - "Action": [ - "s3:ListBucket", - "s3:GetBucketAcl" - ], - "Resource": "arn:aws:s3:::logs-sure-jackal", - "Condition": { - "StringEquals": { - "aws:ResourceOrgID": "o-123456" - } - } - }, - { - "Sid": "AWSAccessLogDeliveryWrite", - "Effect": "Allow", - "Principal": { - "Service": "logging.s3.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/*", - "Condition": { - "StringEquals": { - "aws:ResourceOrgID": "o-123456" - }, - "ForAnyValue:StringEquals": { - "aws:SourceAccount": "211203495394" - }, - "ForAnyValue:ArnLike": { - "aws:SourceArn": "arn:aws:s3:::s3-bucket-sure-jackal" - } - } - }, - { - "Sid": "AWSAccessLogDeliveryAclCheck", - "Effect": "Allow", - "Principal": { - "Service": "logging.s3.amazonaws.com" - }, - "Action": "s3:GetBucketAcl", - "Resource": "arn:aws:s3:::logs-sure-jackal", - "Condition": { - "StringEquals": { - "aws:ResourceOrgID": "o-123456" - } - } - }, - { - "Sid": "AWSCloudTrailAclCheck", - "Effect": "Allow", - "Principal": { - "Service": "cloudtrail.amazonaws.com" - }, - "Action": "s3:GetBucketAcl", - "Resource": "arn:aws:s3:::logs-sure-jackal" - }, - { - "Sid": "AWSCloudTrailWrite", - "Effect": "Allow", - "Principal": { - "Service": "cloudtrail.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/AWSLogs/*", - "Condition": { - "StringEquals": { - "s3:x-amz-acl": "bucket-owner-full-control" - } - } - }, - { - "Sid": "denyOutdatedTLS", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:*", - "Resource": [ - "arn:aws:s3:::logs-sure-jackal/*", - "arn:aws:s3:::logs-sure-jackal" - ], - "Condition": { - "NumericLessThan": { - "s3:TlsVersion": "1.2" - } - } - }, - { - "Sid": "denyInsecureTransport", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:*", - "Resource": [ - "arn:aws:s3:::logs-sure-jackal/*", - "arn:aws:s3:::logs-sure-jackal" - ], - "Condition": { - "Bool": { - "aws:SecureTransport": "false" - } - } - }, - { - "Sid": "WafLogDeliveryWrite", - "Effect": "Allow", - "Principal": { - "Service": "delivery.logs.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/AWSLogs/211203495394/*", - "Condition": { - "StringEquals": { - "aws:SourceAccount": "211203495394", - "s3:x-amz-acl": "bucket-owner-full-control" - }, - "ArnLike": { - "aws:SourceArn": "arn:aws:logs:eu-west-1:211203495394:*" - } - } - }, - { - "Sid": "WafLogDeliveryAclCheck", - "Effect": "Allow", - "Principal": { - "Service": "delivery.logs.amazonaws.com" - }, - "Action": "s3:GetBucketAcl", - "Resource": "arn:aws:s3:::logs-sure-jackal", - "Condition": { - "StringEquals": { - "aws:SourceAccount": "211203495394" - }, - "ArnLike": { - "aws:SourceArn": "arn:aws:logs:eu-west-1:211203495394:*" - } - } - } - ] - }, - "encryption": "AES256", - "region": "eu-west-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "logs-sure-jackal", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::logs-sure-jackal" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Ensure proper bucket policy is in place with the least privilege principle applied.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_examples_s3_rw-bucket.html" - ] - }, - "risk_details": "Non intended users can put objects in a given bucket.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 public access blocked at bucket level for s3-bucket-sure-jackal.", - "metadata": { - "event_code": "s3_bucket_policy_public_write_access", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 public access blocked at bucket level for s3-bucket-sure-jackal.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_1", - "3_1_2", - "3_1_3", - "3_3_8", - "3_4_6", - "3_13_2", - "3_13_5" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_1_3" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_308_a_3_i", - "164_312_a_1" - ], - "C5-2025": [ - "PS-03.02B", - "IAM-10.01B" - ], - "NIST-CSF-1.1": [ - "ac_3", - "ac_5", - "ds_5", - "ip_8", - "pt_3" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-3", - "ac-4", - "ac-6", - "ac-17-1", - "ac-21-b", - "cm-2", - "sc-4", - "sc-7-3", - "sc-7" - ], - "NIST-800-53-Revision-5": [ - "ac_2_6", - "ac_3", - "ac_3_7", - "ac_4_21", - "ac_6", - "ac_17_b", - "ac_17_1", - "ac_17_4_a", - "ac_17_9", - "ac_17_10", - "cm_6_a", - "cm_9_b", - "mp_2", - "sc_7_2", - "sc_7_3", - "sc_7_7", - "sc_7_9_a", - "sc_7_11", - "sc_7_12", - "sc_7_16", - "sc_7_20", - "sc_7_21", - "sc_7_24_b", - "sc_7_25", - "sc_7_26", - "sc_7_27", - "sc_7_28", - "sc_7_a", - "sc_7_b", - "sc_7_c", - "sc_25" - ], - "ENS-RD2022": [ - "op.acc.4.aws.iam.1", - "op.exp.8.r4.aws.ct.2" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "AWS-Audit-Manager-Control-Tower-Guardrails": [ - "4.1.2" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "FedRAMP-Low-Revision-4": [ - "ac-3", - "ac-17", - "cm-2", - "sc-7" - ], - "FFIEC": [ - "d3-pc-im-b-1" - ], - "PCI-3.2.1": [ - "1.2", - "1.2.1", - "1.2.1.a", - "1.2.1.b", - "1.2.1.c", - "1.3", - "1.3.1", - "1.3.2", - "1.3.4", - "1.3.6", - "7.2", - "7.2.1" - ], - "CCC": [ - "CCC.AuditLog.CN10.AR02", - "CCC.Core.CN05.AR05" - ], - "GxP-21-CFR-Part-11": [ - "11.10-c", - "11.10-d", - "11.10-g", - "11.10-k" - ], - "ProwlerThreatScore-1.0": [ - "2.2.15" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.3" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC03-BP07" - ], - "ISO27001-2022": [ - "A.8.1" - ], - "NIST-800-53-Revision-4": [ - "ac_3", - "ac_4", - "ac_6", - "ac_21", - "sc_7_3", - "sc_7" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1485", - "T1486" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Check if S3 buckets have policies which allow WRITE access.", - "title": "Check if S3 buckets have policies which allow WRITE access.", - "types": [ - "IAM" - ], - "uid": "prowler-aws-s3_bucket_policy_public_write_access-211203495394-eu-west-1-s3-bucket-sure-jackal" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::s3-bucket-sure-jackal", - "name": "s3-bucket-sure-jackal", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": true, - "logging": true, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": null, - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "denyOutdatedTLS", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:*", - "Resource": [ - "arn:aws:s3:::s3-bucket-sure-jackal/*", - "arn:aws:s3:::s3-bucket-sure-jackal" - ], - "Condition": { - "NumericLessThan": { - "s3:TlsVersion": "1.2" - } - } - }, - { - "Sid": "denyInsecureTransport", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:*", - "Resource": [ - "arn:aws:s3:::s3-bucket-sure-jackal/*", - "arn:aws:s3:::s3-bucket-sure-jackal" - ], - "Condition": { - "Bool": { - "aws:SecureTransport": "false" - } - } - }, - { - "Sid": "denyUnencryptedObjectUploads", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal/*", - "Condition": { - "Null": { - "s3:x-amz-server-side-encryption": "true" - } - } - }, - { - "Sid": "denySSECEncryptedObjectUploads", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal/*", - "Condition": { - "Null": { - "s3:x-amz-server-side-encryption-customer-algorithm": "false" - } - } - }, - { - "Sid": "denyIncorrectKmsKeySse", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal/*", - "Condition": { - "StringNotEquals": { - "s3:x-amz-server-side-encryption-aws-kms-key-id": "arn:aws:kms:eu-west-1:211203495394:key/34307c6a-e2e3-4f56-8543-fa92dd73df4f" - } - } - }, - { - "Sid": "denyIncorrectEncryptionHeaders", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal/*", - "Condition": { - "StringNotEquals": { - "s3:x-amz-server-side-encryption": "aws:kms" - } - } - }, - { - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:role/terraform-20251019182000328500000001" - }, - "Action": "s3:ListBucket", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal" - } - ] - }, - "encryption": "aws:kms", - "region": "eu-west-1", - "logging_target_bucket": "logs-sure-jackal", - "ownership": "BucketOwnerPreferred", - "object_lock": true, - "mfa_delete": false, - "tags": [ - { - "Key": "Owner", - "Value": "Anton" - } - ], - "lifecycle": [ - { - "id": "log", - "status": "Enabled" - }, - { - "id": "log1", - "status": "Enabled" - }, - { - "id": "log2", - "status": "Enabled" - } - ], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [ - "Owner:Anton" - ], - "name": "s3-bucket-sure-jackal", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::s3-bucket-sure-jackal" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Ensure proper bucket policy is in place with the least privilege principle applied.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_examples_s3_rw-bucket.html" - ] - }, - "risk_details": "Non intended users can put objects in a given bucket.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket simple-sure-jackal does not have a bucket policy.", - "metadata": { - "event_code": "s3_bucket_policy_public_write_access", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 Bucket simple-sure-jackal does not have a bucket policy.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_1", - "3_1_2", - "3_1_3", - "3_3_8", - "3_4_6", - "3_13_2", - "3_13_5" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_1_3" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_308_a_3_i", - "164_312_a_1" - ], - "C5-2025": [ - "PS-03.02B", - "IAM-10.01B" - ], - "NIST-CSF-1.1": [ - "ac_3", - "ac_5", - "ds_5", - "ip_8", - "pt_3" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-3", - "ac-4", - "ac-6", - "ac-17-1", - "ac-21-b", - "cm-2", - "sc-4", - "sc-7-3", - "sc-7" - ], - "NIST-800-53-Revision-5": [ - "ac_2_6", - "ac_3", - "ac_3_7", - "ac_4_21", - "ac_6", - "ac_17_b", - "ac_17_1", - "ac_17_4_a", - "ac_17_9", - "ac_17_10", - "cm_6_a", - "cm_9_b", - "mp_2", - "sc_7_2", - "sc_7_3", - "sc_7_7", - "sc_7_9_a", - "sc_7_11", - "sc_7_12", - "sc_7_16", - "sc_7_20", - "sc_7_21", - "sc_7_24_b", - "sc_7_25", - "sc_7_26", - "sc_7_27", - "sc_7_28", - "sc_7_a", - "sc_7_b", - "sc_7_c", - "sc_25" - ], - "ENS-RD2022": [ - "op.acc.4.aws.iam.1", - "op.exp.8.r4.aws.ct.2" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "AWS-Audit-Manager-Control-Tower-Guardrails": [ - "4.1.2" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "FedRAMP-Low-Revision-4": [ - "ac-3", - "ac-17", - "cm-2", - "sc-7" - ], - "FFIEC": [ - "d3-pc-im-b-1" - ], - "PCI-3.2.1": [ - "1.2", - "1.2.1", - "1.2.1.a", - "1.2.1.b", - "1.2.1.c", - "1.3", - "1.3.1", - "1.3.2", - "1.3.4", - "1.3.6", - "7.2", - "7.2.1" - ], - "CCC": [ - "CCC.AuditLog.CN10.AR02", - "CCC.Core.CN05.AR05" - ], - "GxP-21-CFR-Part-11": [ - "11.10-c", - "11.10-d", - "11.10-g", - "11.10-k" - ], - "ProwlerThreatScore-1.0": [ - "2.2.15" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.3" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC03-BP07" - ], - "ISO27001-2022": [ - "A.8.1" - ], - "NIST-800-53-Revision-4": [ - "ac_3", - "ac_4", - "ac_6", - "ac_21", - "sc_7_3", - "sc_7" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1485", - "T1486" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Check if S3 buckets have policies which allow WRITE access.", - "title": "Check if S3 buckets have policies which allow WRITE access.", - "types": [ - "IAM" - ], - "uid": "prowler-aws-s3_bucket_policy_public_write_access-211203495394-eu-west-1-simple-sure-jackal" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::simple-sure-jackal", - "name": "simple-sure-jackal", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "eu-west-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "simple-sure-jackal", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::simple-sure-jackal" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Ensure proper bucket policy is in place with the least privilege principle applied.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_examples_s3_rw-bucket.html" - ] - }, - "risk_details": "Non intended users can put objects in a given bucket.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket cloudfront-logs-sure-jackal is not public.", - "metadata": { - "event_code": "s3_bucket_public_access", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 Bucket cloudfront-logs-sure-jackal is not public.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_1", - "3_1_2", - "3_1_3", - "3_3_8", - "3_4_6", - "3_13_2", - "3_13_5" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_1_3" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_308_a_3_i", - "164_312_a_1", - "164_312_a_2_i" - ], - "SOC2": [ - "cc_6_1" - ], - "C5-2025": [ - "PS-03.02B", - "IAM-10.01B", - "COS-02.01B" - ], - "NIST-CSF-1.1": [ - "ac_3", - "ac_5", - "ds_5", - "ip_8", - "pt_3" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-3", - "ac-4", - "ac-6", - "ac-17-1", - "ac-21-b", - "cm-2", - "sc-4", - "sc-7-3", - "sc-7" - ], - "NIST-800-53-Revision-5": [ - "ac_2_6", - "ac_3", - "ac_3_7", - "ac_4_21", - "ac_6", - "ac_17_b", - "ac_17_1", - "ac_17_4_a", - "ac_17_9", - "ac_17_10", - "cm_6_a", - "cm_9_b", - "mp_2", - "sc_7_2", - "sc_7_3", - "sc_7_7", - "sc_7_9_a", - "sc_7_11", - "sc_7_12", - "sc_7_16", - "sc_7_20", - "sc_7_21", - "sc_7_24_b", - "sc_7_25", - "sc_7_26", - "sc_7_27", - "sc_7_28", - "sc_7_a", - "sc_7_b", - "sc_7_c", - "sc_25" - ], - "ENS-RD2022": [ - "op.exp.8.r4.aws.ct.2" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "AWS-Audit-Manager-Control-Tower-Guardrails": [ - "4.1.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.1", - "2.6.2", - "2.10.2" - ], - "PCI-4.0": [ - "1.2.8.33", - "1.2.8.34", - "1.3.1.37", - "1.3.1.38", - "1.3.2.37", - "1.3.2.38", - "1.4.2.35", - "1.4.2.36", - "1.5.1.33", - "1.5.1.34", - "10.3.2.21", - "10.3.2.23", - "10.3.3.23", - "10.3.4.8", - "3.5.1.3.26", - "3.5.1.3.28", - "A1.1.2.17", - "A1.1.2.19", - "A1.1.3.33", - "A1.1.3.34", - "A1.2.1.31", - "A3.4.1.19", - "A3.4.1.21" - ], - "FedRAMP-Low-Revision-4": [ - "ac-3", - "ac-17", - "cm-2", - "sc-7" - ], - "FFIEC": [ - "d3-pc-im-b-1" - ], - "CCC": [ - "CCC.AuditLog.CN09.AR01", - "CCC.AuditLog.CN10.AR02", - "CCC.Logging.CN05.AR01", - "CCC.Logging.CN05.AR02", - "CCC.ObjStor.CN02.AR02", - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05" - ], - "GxP-21-CFR-Part-11": [ - "11.10-c", - "11.10-d", - "11.10-g", - "11.10-k" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC03-BP07" - ], - "ISO27001-2022": [ - "A.8.1" - ], - "NIST-800-53-Revision-4": [ - "ac_3", - "ac_4", - "ac_6", - "ac_21", - "sc_7_3", - "sc_7" - ], - "AWS-Account-Security-Onboarding": [ - "S3 Block Public Access" - ], - "KISA-ISMS-P-2023": [ - "2.6.1", - "2.6.2", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1530" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure there are no S3 buckets open to Everyone or Any AWS user.", - "title": "Ensure there are no S3 buckets open to Everyone or Any AWS user.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_public_access-211203495394-eu-west-1-cloudfront-logs-sure-jackal" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::cloudfront-logs-sure-jackal", - "name": "cloudfront-logs-sure-jackal", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "awslogsdelivery+s3_us-east-1", - "ID": "c4c1ede66af53448b93c283ce9448c4ba468c9432aa01d700d3878632f77d2d0", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - }, - { - "display_name": null, - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "eu-west-1", - "logging_target_bucket": null, - "ownership": "ObjectWriter", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "cloudfront-logs-sure-jackal", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::cloudfront-logs-sure-jackal" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "You can enable block public access settings only for access points, buckets and AWS accounts. Amazon S3 does not support block public access settings on a per-object basis. When you apply block public access settings to an account, the settings apply to all AWS Regions globally. The settings might not take effect in all Regions immediately or simultaneously, but they eventually propagate to all Regions.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html" - ] - }, - "risk_details": "Even if you enable all possible bucket ACL options available in the Amazon S3 console the ACL alone does not allow everyone to download objects from your bucket. Depending on which option you select any user could perform some actions.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket logs-sure-jackal is not public.", - "metadata": { - "event_code": "s3_bucket_public_access", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 Bucket logs-sure-jackal is not public.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_1", - "3_1_2", - "3_1_3", - "3_3_8", - "3_4_6", - "3_13_2", - "3_13_5" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_1_3" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_308_a_3_i", - "164_312_a_1", - "164_312_a_2_i" - ], - "SOC2": [ - "cc_6_1" - ], - "C5-2025": [ - "PS-03.02B", - "IAM-10.01B", - "COS-02.01B" - ], - "NIST-CSF-1.1": [ - "ac_3", - "ac_5", - "ds_5", - "ip_8", - "pt_3" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-3", - "ac-4", - "ac-6", - "ac-17-1", - "ac-21-b", - "cm-2", - "sc-4", - "sc-7-3", - "sc-7" - ], - "NIST-800-53-Revision-5": [ - "ac_2_6", - "ac_3", - "ac_3_7", - "ac_4_21", - "ac_6", - "ac_17_b", - "ac_17_1", - "ac_17_4_a", - "ac_17_9", - "ac_17_10", - "cm_6_a", - "cm_9_b", - "mp_2", - "sc_7_2", - "sc_7_3", - "sc_7_7", - "sc_7_9_a", - "sc_7_11", - "sc_7_12", - "sc_7_16", - "sc_7_20", - "sc_7_21", - "sc_7_24_b", - "sc_7_25", - "sc_7_26", - "sc_7_27", - "sc_7_28", - "sc_7_a", - "sc_7_b", - "sc_7_c", - "sc_25" - ], - "ENS-RD2022": [ - "op.exp.8.r4.aws.ct.2" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "AWS-Audit-Manager-Control-Tower-Guardrails": [ - "4.1.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.1", - "2.6.2", - "2.10.2" - ], - "PCI-4.0": [ - "1.2.8.33", - "1.2.8.34", - "1.3.1.37", - "1.3.1.38", - "1.3.2.37", - "1.3.2.38", - "1.4.2.35", - "1.4.2.36", - "1.5.1.33", - "1.5.1.34", - "10.3.2.21", - "10.3.2.23", - "10.3.3.23", - "10.3.4.8", - "3.5.1.3.26", - "3.5.1.3.28", - "A1.1.2.17", - "A1.1.2.19", - "A1.1.3.33", - "A1.1.3.34", - "A1.2.1.31", - "A3.4.1.19", - "A3.4.1.21" - ], - "FedRAMP-Low-Revision-4": [ - "ac-3", - "ac-17", - "cm-2", - "sc-7" - ], - "FFIEC": [ - "d3-pc-im-b-1" - ], - "CCC": [ - "CCC.AuditLog.CN09.AR01", - "CCC.AuditLog.CN10.AR02", - "CCC.Logging.CN05.AR01", - "CCC.Logging.CN05.AR02", - "CCC.ObjStor.CN02.AR02", - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05" - ], - "GxP-21-CFR-Part-11": [ - "11.10-c", - "11.10-d", - "11.10-g", - "11.10-k" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC03-BP07" - ], - "ISO27001-2022": [ - "A.8.1" - ], - "NIST-800-53-Revision-4": [ - "ac_3", - "ac_4", - "ac_6", - "ac_21", - "sc_7_3", - "sc_7" - ], - "AWS-Account-Security-Onboarding": [ - "S3 Block Public Access" - ], - "KISA-ISMS-P-2023": [ - "2.6.1", - "2.6.2", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1530" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure there are no S3 buckets open to Everyone or Any AWS user.", - "title": "Ensure there are no S3 buckets open to Everyone or Any AWS user.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_public_access-211203495394-eu-west-1-logs-sure-jackal" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::logs-sure-jackal", - "name": "logs-sure-jackal", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "ELBRegionEu-West-1", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::156460612806:root" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/*" - }, - { - "Effect": "Allow", - "Principal": { - "Service": "logdelivery.elasticloadbalancing.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/*" - }, - { - "Sid": "AlbNlbLogDeliveryWrite", - "Effect": "Allow", - "Principal": { - "Service": "delivery.logs.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/*", - "Condition": { - "StringEquals": { - "s3:x-amz-acl": "bucket-owner-full-control", - "aws:ResourceOrgID": "o-123456" - } - } - }, - { - "Sid": "AlbNlbLogDeliveryAclCheck", - "Effect": "Allow", - "Principal": { - "Service": "delivery.logs.amazonaws.com" - }, - "Action": [ - "s3:ListBucket", - "s3:GetBucketAcl" - ], - "Resource": "arn:aws:s3:::logs-sure-jackal", - "Condition": { - "StringEquals": { - "aws:ResourceOrgID": "o-123456" - } - } - }, - { - "Sid": "AWSAccessLogDeliveryWrite", - "Effect": "Allow", - "Principal": { - "Service": "logging.s3.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/*", - "Condition": { - "StringEquals": { - "aws:ResourceOrgID": "o-123456" - }, - "ForAnyValue:StringEquals": { - "aws:SourceAccount": "211203495394" - }, - "ForAnyValue:ArnLike": { - "aws:SourceArn": "arn:aws:s3:::s3-bucket-sure-jackal" - } - } - }, - { - "Sid": "AWSAccessLogDeliveryAclCheck", - "Effect": "Allow", - "Principal": { - "Service": "logging.s3.amazonaws.com" - }, - "Action": "s3:GetBucketAcl", - "Resource": "arn:aws:s3:::logs-sure-jackal", - "Condition": { - "StringEquals": { - "aws:ResourceOrgID": "o-123456" - } - } - }, - { - "Sid": "AWSCloudTrailAclCheck", - "Effect": "Allow", - "Principal": { - "Service": "cloudtrail.amazonaws.com" - }, - "Action": "s3:GetBucketAcl", - "Resource": "arn:aws:s3:::logs-sure-jackal" - }, - { - "Sid": "AWSCloudTrailWrite", - "Effect": "Allow", - "Principal": { - "Service": "cloudtrail.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/AWSLogs/*", - "Condition": { - "StringEquals": { - "s3:x-amz-acl": "bucket-owner-full-control" - } - } - }, - { - "Sid": "denyOutdatedTLS", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:*", - "Resource": [ - "arn:aws:s3:::logs-sure-jackal/*", - "arn:aws:s3:::logs-sure-jackal" - ], - "Condition": { - "NumericLessThan": { - "s3:TlsVersion": "1.2" - } - } - }, - { - "Sid": "denyInsecureTransport", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:*", - "Resource": [ - "arn:aws:s3:::logs-sure-jackal/*", - "arn:aws:s3:::logs-sure-jackal" - ], - "Condition": { - "Bool": { - "aws:SecureTransport": "false" - } - } - }, - { - "Sid": "WafLogDeliveryWrite", - "Effect": "Allow", - "Principal": { - "Service": "delivery.logs.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/AWSLogs/211203495394/*", - "Condition": { - "StringEquals": { - "aws:SourceAccount": "211203495394", - "s3:x-amz-acl": "bucket-owner-full-control" - }, - "ArnLike": { - "aws:SourceArn": "arn:aws:logs:eu-west-1:211203495394:*" - } - } - }, - { - "Sid": "WafLogDeliveryAclCheck", - "Effect": "Allow", - "Principal": { - "Service": "delivery.logs.amazonaws.com" - }, - "Action": "s3:GetBucketAcl", - "Resource": "arn:aws:s3:::logs-sure-jackal", - "Condition": { - "StringEquals": { - "aws:SourceAccount": "211203495394" - }, - "ArnLike": { - "aws:SourceArn": "arn:aws:logs:eu-west-1:211203495394:*" - } - } - } - ] - }, - "encryption": "AES256", - "region": "eu-west-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "logs-sure-jackal", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::logs-sure-jackal" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "You can enable block public access settings only for access points, buckets and AWS accounts. Amazon S3 does not support block public access settings on a per-object basis. When you apply block public access settings to an account, the settings apply to all AWS Regions globally. The settings might not take effect in all Regions immediately or simultaneously, but they eventually propagate to all Regions.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html" - ] - }, - "risk_details": "Even if you enable all possible bucket ACL options available in the Amazon S3 console the ACL alone does not allow everyone to download objects from your bucket. Depending on which option you select any user could perform some actions.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket s3-bucket-sure-jackal is not public.", - "metadata": { - "event_code": "s3_bucket_public_access", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 Bucket s3-bucket-sure-jackal is not public.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_1", - "3_1_2", - "3_1_3", - "3_3_8", - "3_4_6", - "3_13_2", - "3_13_5" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_1_3" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_308_a_3_i", - "164_312_a_1", - "164_312_a_2_i" - ], - "SOC2": [ - "cc_6_1" - ], - "C5-2025": [ - "PS-03.02B", - "IAM-10.01B", - "COS-02.01B" - ], - "NIST-CSF-1.1": [ - "ac_3", - "ac_5", - "ds_5", - "ip_8", - "pt_3" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-3", - "ac-4", - "ac-6", - "ac-17-1", - "ac-21-b", - "cm-2", - "sc-4", - "sc-7-3", - "sc-7" - ], - "NIST-800-53-Revision-5": [ - "ac_2_6", - "ac_3", - "ac_3_7", - "ac_4_21", - "ac_6", - "ac_17_b", - "ac_17_1", - "ac_17_4_a", - "ac_17_9", - "ac_17_10", - "cm_6_a", - "cm_9_b", - "mp_2", - "sc_7_2", - "sc_7_3", - "sc_7_7", - "sc_7_9_a", - "sc_7_11", - "sc_7_12", - "sc_7_16", - "sc_7_20", - "sc_7_21", - "sc_7_24_b", - "sc_7_25", - "sc_7_26", - "sc_7_27", - "sc_7_28", - "sc_7_a", - "sc_7_b", - "sc_7_c", - "sc_25" - ], - "ENS-RD2022": [ - "op.exp.8.r4.aws.ct.2" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "AWS-Audit-Manager-Control-Tower-Guardrails": [ - "4.1.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.1", - "2.6.2", - "2.10.2" - ], - "PCI-4.0": [ - "1.2.8.33", - "1.2.8.34", - "1.3.1.37", - "1.3.1.38", - "1.3.2.37", - "1.3.2.38", - "1.4.2.35", - "1.4.2.36", - "1.5.1.33", - "1.5.1.34", - "10.3.2.21", - "10.3.2.23", - "10.3.3.23", - "10.3.4.8", - "3.5.1.3.26", - "3.5.1.3.28", - "A1.1.2.17", - "A1.1.2.19", - "A1.1.3.33", - "A1.1.3.34", - "A1.2.1.31", - "A3.4.1.19", - "A3.4.1.21" - ], - "FedRAMP-Low-Revision-4": [ - "ac-3", - "ac-17", - "cm-2", - "sc-7" - ], - "FFIEC": [ - "d3-pc-im-b-1" - ], - "CCC": [ - "CCC.AuditLog.CN09.AR01", - "CCC.AuditLog.CN10.AR02", - "CCC.Logging.CN05.AR01", - "CCC.Logging.CN05.AR02", - "CCC.ObjStor.CN02.AR02", - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05" - ], - "GxP-21-CFR-Part-11": [ - "11.10-c", - "11.10-d", - "11.10-g", - "11.10-k" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC03-BP07" - ], - "ISO27001-2022": [ - "A.8.1" - ], - "NIST-800-53-Revision-4": [ - "ac_3", - "ac_4", - "ac_6", - "ac_21", - "sc_7_3", - "sc_7" - ], - "AWS-Account-Security-Onboarding": [ - "S3 Block Public Access" - ], - "KISA-ISMS-P-2023": [ - "2.6.1", - "2.6.2", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1530" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure there are no S3 buckets open to Everyone or Any AWS user.", - "title": "Ensure there are no S3 buckets open to Everyone or Any AWS user.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_public_access-211203495394-eu-west-1-s3-bucket-sure-jackal" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::s3-bucket-sure-jackal", - "name": "s3-bucket-sure-jackal", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": true, - "logging": true, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": null, - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "denyOutdatedTLS", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:*", - "Resource": [ - "arn:aws:s3:::s3-bucket-sure-jackal/*", - "arn:aws:s3:::s3-bucket-sure-jackal" - ], - "Condition": { - "NumericLessThan": { - "s3:TlsVersion": "1.2" - } - } - }, - { - "Sid": "denyInsecureTransport", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:*", - "Resource": [ - "arn:aws:s3:::s3-bucket-sure-jackal/*", - "arn:aws:s3:::s3-bucket-sure-jackal" - ], - "Condition": { - "Bool": { - "aws:SecureTransport": "false" - } - } - }, - { - "Sid": "denyUnencryptedObjectUploads", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal/*", - "Condition": { - "Null": { - "s3:x-amz-server-side-encryption": "true" - } - } - }, - { - "Sid": "denySSECEncryptedObjectUploads", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal/*", - "Condition": { - "Null": { - "s3:x-amz-server-side-encryption-customer-algorithm": "false" - } - } - }, - { - "Sid": "denyIncorrectKmsKeySse", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal/*", - "Condition": { - "StringNotEquals": { - "s3:x-amz-server-side-encryption-aws-kms-key-id": "arn:aws:kms:eu-west-1:211203495394:key/34307c6a-e2e3-4f56-8543-fa92dd73df4f" - } - } - }, - { - "Sid": "denyIncorrectEncryptionHeaders", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal/*", - "Condition": { - "StringNotEquals": { - "s3:x-amz-server-side-encryption": "aws:kms" - } - } - }, - { - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:role/terraform-20251019182000328500000001" - }, - "Action": "s3:ListBucket", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal" - } - ] - }, - "encryption": "aws:kms", - "region": "eu-west-1", - "logging_target_bucket": "logs-sure-jackal", - "ownership": "BucketOwnerPreferred", - "object_lock": true, - "mfa_delete": false, - "tags": [ - { - "Key": "Owner", - "Value": "Anton" - } - ], - "lifecycle": [ - { - "id": "log", - "status": "Enabled" - }, - { - "id": "log1", - "status": "Enabled" - }, - { - "id": "log2", - "status": "Enabled" - } - ], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [ - "Owner:Anton" - ], - "name": "s3-bucket-sure-jackal", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::s3-bucket-sure-jackal" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "You can enable block public access settings only for access points, buckets and AWS accounts. Amazon S3 does not support block public access settings on a per-object basis. When you apply block public access settings to an account, the settings apply to all AWS Regions globally. The settings might not take effect in all Regions immediately or simultaneously, but they eventually propagate to all Regions.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html" - ] - }, - "risk_details": "Even if you enable all possible bucket ACL options available in the Amazon S3 console the ACL alone does not allow everyone to download objects from your bucket. Depending on which option you select any user could perform some actions.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket simple-sure-jackal is not public.", - "metadata": { - "event_code": "s3_bucket_public_access", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 Bucket simple-sure-jackal is not public.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_1", - "3_1_2", - "3_1_3", - "3_3_8", - "3_4_6", - "3_13_2", - "3_13_5" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_1_3" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_308_a_3_i", - "164_312_a_1", - "164_312_a_2_i" - ], - "SOC2": [ - "cc_6_1" - ], - "C5-2025": [ - "PS-03.02B", - "IAM-10.01B", - "COS-02.01B" - ], - "NIST-CSF-1.1": [ - "ac_3", - "ac_5", - "ds_5", - "ip_8", - "pt_3" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-3", - "ac-4", - "ac-6", - "ac-17-1", - "ac-21-b", - "cm-2", - "sc-4", - "sc-7-3", - "sc-7" - ], - "NIST-800-53-Revision-5": [ - "ac_2_6", - "ac_3", - "ac_3_7", - "ac_4_21", - "ac_6", - "ac_17_b", - "ac_17_1", - "ac_17_4_a", - "ac_17_9", - "ac_17_10", - "cm_6_a", - "cm_9_b", - "mp_2", - "sc_7_2", - "sc_7_3", - "sc_7_7", - "sc_7_9_a", - "sc_7_11", - "sc_7_12", - "sc_7_16", - "sc_7_20", - "sc_7_21", - "sc_7_24_b", - "sc_7_25", - "sc_7_26", - "sc_7_27", - "sc_7_28", - "sc_7_a", - "sc_7_b", - "sc_7_c", - "sc_25" - ], - "ENS-RD2022": [ - "op.exp.8.r4.aws.ct.2" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "AWS-Audit-Manager-Control-Tower-Guardrails": [ - "4.1.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.1", - "2.6.2", - "2.10.2" - ], - "PCI-4.0": [ - "1.2.8.33", - "1.2.8.34", - "1.3.1.37", - "1.3.1.38", - "1.3.2.37", - "1.3.2.38", - "1.4.2.35", - "1.4.2.36", - "1.5.1.33", - "1.5.1.34", - "10.3.2.21", - "10.3.2.23", - "10.3.3.23", - "10.3.4.8", - "3.5.1.3.26", - "3.5.1.3.28", - "A1.1.2.17", - "A1.1.2.19", - "A1.1.3.33", - "A1.1.3.34", - "A1.2.1.31", - "A3.4.1.19", - "A3.4.1.21" - ], - "FedRAMP-Low-Revision-4": [ - "ac-3", - "ac-17", - "cm-2", - "sc-7" - ], - "FFIEC": [ - "d3-pc-im-b-1" - ], - "CCC": [ - "CCC.AuditLog.CN09.AR01", - "CCC.AuditLog.CN10.AR02", - "CCC.Logging.CN05.AR01", - "CCC.Logging.CN05.AR02", - "CCC.ObjStor.CN02.AR02", - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05" - ], - "GxP-21-CFR-Part-11": [ - "11.10-c", - "11.10-d", - "11.10-g", - "11.10-k" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC03-BP07" - ], - "ISO27001-2022": [ - "A.8.1" - ], - "NIST-800-53-Revision-4": [ - "ac_3", - "ac_4", - "ac_6", - "ac_21", - "sc_7_3", - "sc_7" - ], - "AWS-Account-Security-Onboarding": [ - "S3 Block Public Access" - ], - "KISA-ISMS-P-2023": [ - "2.6.1", - "2.6.2", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1530" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure there are no S3 buckets open to Everyone or Any AWS user.", - "title": "Ensure there are no S3 buckets open to Everyone or Any AWS user.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_public_access-211203495394-eu-west-1-simple-sure-jackal" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::simple-sure-jackal", - "name": "simple-sure-jackal", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "eu-west-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "simple-sure-jackal", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::simple-sure-jackal" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "You can enable block public access settings only for access points, buckets and AWS accounts. Amazon S3 does not support block public access settings on a per-object basis. When you apply block public access settings to an account, the settings apply to all AWS Regions globally. The settings might not take effect in all Regions immediately or simultaneously, but they eventually propagate to all Regions.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html" - ] - }, - "risk_details": "Even if you enable all possible bucket ACL options available in the Amazon S3 console the ACL alone does not allow everyone to download objects from your bucket. Depending on which option you select any user could perform some actions.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket cloudfront-logs-sure-jackal is not publicly listable.", - "metadata": { - "event_code": "s3_bucket_public_list_acl", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 Bucket cloudfront-logs-sure-jackal is not publicly listable.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "PS-03.02B" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "AWS-Audit-Manager-Control-Tower-Guardrails": [ - "4.1.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "CCC": [ - "CCC.AuditLog.CN10.AR01", - "CCC.AuditLog.CN10.AR02", - "CCC.Logging.CN05.AR01", - "CCC.Logging.CN05.AR02", - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR05" - ], - "ProwlerThreatScore-1.0": [ - "2.2.16" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure there are no S3 buckets listable by Everyone or Any AWS customer.", - "title": "Ensure there are no S3 buckets listable by Everyone or Any AWS customer.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_public_list_acl-211203495394-eu-west-1-cloudfront-logs-sure-jackal" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::cloudfront-logs-sure-jackal", - "name": "cloudfront-logs-sure-jackal", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "awslogsdelivery+s3_us-east-1", - "ID": "c4c1ede66af53448b93c283ce9448c4ba468c9432aa01d700d3878632f77d2d0", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - }, - { - "display_name": null, - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "eu-west-1", - "logging_target_bucket": null, - "ownership": "ObjectWriter", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "cloudfront-logs-sure-jackal", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::cloudfront-logs-sure-jackal" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "You can enable block public access settings only for access points, buckets and AWS accounts. Amazon S3 does not support block public access settings on a per-object basis. When you apply block public access settings to an account, the settings apply to all AWS Regions globally. The settings might not take effect in all Regions immediately or simultaneously, but they eventually propagate to all Regions.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html" - ] - }, - "risk_details": "Even if you enable all possible bucket ACL options available in the Amazon S3 console the ACL alone does not allow everyone to download objects from your bucket. Depending on which option you select any user could perform some actions.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket logs-sure-jackal is not publicly listable.", - "metadata": { - "event_code": "s3_bucket_public_list_acl", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 Bucket logs-sure-jackal is not publicly listable.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "PS-03.02B" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "AWS-Audit-Manager-Control-Tower-Guardrails": [ - "4.1.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "CCC": [ - "CCC.AuditLog.CN10.AR01", - "CCC.AuditLog.CN10.AR02", - "CCC.Logging.CN05.AR01", - "CCC.Logging.CN05.AR02", - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR05" - ], - "ProwlerThreatScore-1.0": [ - "2.2.16" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure there are no S3 buckets listable by Everyone or Any AWS customer.", - "title": "Ensure there are no S3 buckets listable by Everyone or Any AWS customer.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_public_list_acl-211203495394-eu-west-1-logs-sure-jackal" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::logs-sure-jackal", - "name": "logs-sure-jackal", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "ELBRegionEu-West-1", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::156460612806:root" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/*" - }, - { - "Effect": "Allow", - "Principal": { - "Service": "logdelivery.elasticloadbalancing.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/*" - }, - { - "Sid": "AlbNlbLogDeliveryWrite", - "Effect": "Allow", - "Principal": { - "Service": "delivery.logs.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/*", - "Condition": { - "StringEquals": { - "s3:x-amz-acl": "bucket-owner-full-control", - "aws:ResourceOrgID": "o-123456" - } - } - }, - { - "Sid": "AlbNlbLogDeliveryAclCheck", - "Effect": "Allow", - "Principal": { - "Service": "delivery.logs.amazonaws.com" - }, - "Action": [ - "s3:ListBucket", - "s3:GetBucketAcl" - ], - "Resource": "arn:aws:s3:::logs-sure-jackal", - "Condition": { - "StringEquals": { - "aws:ResourceOrgID": "o-123456" - } - } - }, - { - "Sid": "AWSAccessLogDeliveryWrite", - "Effect": "Allow", - "Principal": { - "Service": "logging.s3.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/*", - "Condition": { - "StringEquals": { - "aws:ResourceOrgID": "o-123456" - }, - "ForAnyValue:StringEquals": { - "aws:SourceAccount": "211203495394" - }, - "ForAnyValue:ArnLike": { - "aws:SourceArn": "arn:aws:s3:::s3-bucket-sure-jackal" - } - } - }, - { - "Sid": "AWSAccessLogDeliveryAclCheck", - "Effect": "Allow", - "Principal": { - "Service": "logging.s3.amazonaws.com" - }, - "Action": "s3:GetBucketAcl", - "Resource": "arn:aws:s3:::logs-sure-jackal", - "Condition": { - "StringEquals": { - "aws:ResourceOrgID": "o-123456" - } - } - }, - { - "Sid": "AWSCloudTrailAclCheck", - "Effect": "Allow", - "Principal": { - "Service": "cloudtrail.amazonaws.com" - }, - "Action": "s3:GetBucketAcl", - "Resource": "arn:aws:s3:::logs-sure-jackal" - }, - { - "Sid": "AWSCloudTrailWrite", - "Effect": "Allow", - "Principal": { - "Service": "cloudtrail.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/AWSLogs/*", - "Condition": { - "StringEquals": { - "s3:x-amz-acl": "bucket-owner-full-control" - } - } - }, - { - "Sid": "denyOutdatedTLS", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:*", - "Resource": [ - "arn:aws:s3:::logs-sure-jackal/*", - "arn:aws:s3:::logs-sure-jackal" - ], - "Condition": { - "NumericLessThan": { - "s3:TlsVersion": "1.2" - } - } - }, - { - "Sid": "denyInsecureTransport", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:*", - "Resource": [ - "arn:aws:s3:::logs-sure-jackal/*", - "arn:aws:s3:::logs-sure-jackal" - ], - "Condition": { - "Bool": { - "aws:SecureTransport": "false" - } - } - }, - { - "Sid": "WafLogDeliveryWrite", - "Effect": "Allow", - "Principal": { - "Service": "delivery.logs.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/AWSLogs/211203495394/*", - "Condition": { - "StringEquals": { - "aws:SourceAccount": "211203495394", - "s3:x-amz-acl": "bucket-owner-full-control" - }, - "ArnLike": { - "aws:SourceArn": "arn:aws:logs:eu-west-1:211203495394:*" - } - } - }, - { - "Sid": "WafLogDeliveryAclCheck", - "Effect": "Allow", - "Principal": { - "Service": "delivery.logs.amazonaws.com" - }, - "Action": "s3:GetBucketAcl", - "Resource": "arn:aws:s3:::logs-sure-jackal", - "Condition": { - "StringEquals": { - "aws:SourceAccount": "211203495394" - }, - "ArnLike": { - "aws:SourceArn": "arn:aws:logs:eu-west-1:211203495394:*" - } - } - } - ] - }, - "encryption": "AES256", - "region": "eu-west-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "logs-sure-jackal", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::logs-sure-jackal" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "You can enable block public access settings only for access points, buckets and AWS accounts. Amazon S3 does not support block public access settings on a per-object basis. When you apply block public access settings to an account, the settings apply to all AWS Regions globally. The settings might not take effect in all Regions immediately or simultaneously, but they eventually propagate to all Regions.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html" - ] - }, - "risk_details": "Even if you enable all possible bucket ACL options available in the Amazon S3 console the ACL alone does not allow everyone to download objects from your bucket. Depending on which option you select any user could perform some actions.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket s3-bucket-sure-jackal is not publicly listable.", - "metadata": { - "event_code": "s3_bucket_public_list_acl", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 Bucket s3-bucket-sure-jackal is not publicly listable.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "PS-03.02B" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "AWS-Audit-Manager-Control-Tower-Guardrails": [ - "4.1.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "CCC": [ - "CCC.AuditLog.CN10.AR01", - "CCC.AuditLog.CN10.AR02", - "CCC.Logging.CN05.AR01", - "CCC.Logging.CN05.AR02", - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR05" - ], - "ProwlerThreatScore-1.0": [ - "2.2.16" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure there are no S3 buckets listable by Everyone or Any AWS customer.", - "title": "Ensure there are no S3 buckets listable by Everyone or Any AWS customer.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_public_list_acl-211203495394-eu-west-1-s3-bucket-sure-jackal" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::s3-bucket-sure-jackal", - "name": "s3-bucket-sure-jackal", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": true, - "logging": true, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": null, - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "denyOutdatedTLS", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:*", - "Resource": [ - "arn:aws:s3:::s3-bucket-sure-jackal/*", - "arn:aws:s3:::s3-bucket-sure-jackal" - ], - "Condition": { - "NumericLessThan": { - "s3:TlsVersion": "1.2" - } - } - }, - { - "Sid": "denyInsecureTransport", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:*", - "Resource": [ - "arn:aws:s3:::s3-bucket-sure-jackal/*", - "arn:aws:s3:::s3-bucket-sure-jackal" - ], - "Condition": { - "Bool": { - "aws:SecureTransport": "false" - } - } - }, - { - "Sid": "denyUnencryptedObjectUploads", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal/*", - "Condition": { - "Null": { - "s3:x-amz-server-side-encryption": "true" - } - } - }, - { - "Sid": "denySSECEncryptedObjectUploads", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal/*", - "Condition": { - "Null": { - "s3:x-amz-server-side-encryption-customer-algorithm": "false" - } - } - }, - { - "Sid": "denyIncorrectKmsKeySse", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal/*", - "Condition": { - "StringNotEquals": { - "s3:x-amz-server-side-encryption-aws-kms-key-id": "arn:aws:kms:eu-west-1:211203495394:key/34307c6a-e2e3-4f56-8543-fa92dd73df4f" - } - } - }, - { - "Sid": "denyIncorrectEncryptionHeaders", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal/*", - "Condition": { - "StringNotEquals": { - "s3:x-amz-server-side-encryption": "aws:kms" - } - } - }, - { - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:role/terraform-20251019182000328500000001" - }, - "Action": "s3:ListBucket", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal" - } - ] - }, - "encryption": "aws:kms", - "region": "eu-west-1", - "logging_target_bucket": "logs-sure-jackal", - "ownership": "BucketOwnerPreferred", - "object_lock": true, - "mfa_delete": false, - "tags": [ - { - "Key": "Owner", - "Value": "Anton" - } - ], - "lifecycle": [ - { - "id": "log", - "status": "Enabled" - }, - { - "id": "log1", - "status": "Enabled" - }, - { - "id": "log2", - "status": "Enabled" - } - ], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [ - "Owner:Anton" - ], - "name": "s3-bucket-sure-jackal", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::s3-bucket-sure-jackal" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "You can enable block public access settings only for access points, buckets and AWS accounts. Amazon S3 does not support block public access settings on a per-object basis. When you apply block public access settings to an account, the settings apply to all AWS Regions globally. The settings might not take effect in all Regions immediately or simultaneously, but they eventually propagate to all Regions.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html" - ] - }, - "risk_details": "Even if you enable all possible bucket ACL options available in the Amazon S3 console the ACL alone does not allow everyone to download objects from your bucket. Depending on which option you select any user could perform some actions.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket simple-sure-jackal is not publicly listable.", - "metadata": { - "event_code": "s3_bucket_public_list_acl", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 Bucket simple-sure-jackal is not publicly listable.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "PS-03.02B" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "AWS-Audit-Manager-Control-Tower-Guardrails": [ - "4.1.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "CCC": [ - "CCC.AuditLog.CN10.AR01", - "CCC.AuditLog.CN10.AR02", - "CCC.Logging.CN05.AR01", - "CCC.Logging.CN05.AR02", - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR05" - ], - "ProwlerThreatScore-1.0": [ - "2.2.16" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure there are no S3 buckets listable by Everyone or Any AWS customer.", - "title": "Ensure there are no S3 buckets listable by Everyone or Any AWS customer.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_public_list_acl-211203495394-eu-west-1-simple-sure-jackal" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::simple-sure-jackal", - "name": "simple-sure-jackal", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "eu-west-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "simple-sure-jackal", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::simple-sure-jackal" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "You can enable block public access settings only for access points, buckets and AWS accounts. Amazon S3 does not support block public access settings on a per-object basis. When you apply block public access settings to an account, the settings apply to all AWS Regions globally. The settings might not take effect in all Regions immediately or simultaneously, but they eventually propagate to all Regions.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html" - ] - }, - "risk_details": "Even if you enable all possible bucket ACL options available in the Amazon S3 console the ACL alone does not allow everyone to download objects from your bucket. Depending on which option you select any user could perform some actions.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket cloudfront-logs-sure-jackal is not publicly writable.", - "metadata": { - "event_code": "s3_bucket_public_write_acl", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 Bucket cloudfront-logs-sure-jackal is not publicly writable.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "PS-03.02B" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "PCI-4.0": [ - "1.2.8.35", - "1.3.1.39", - "1.3.2.39", - "1.4.2.37", - "1.5.1.35", - "10.3.2.24", - "3.5.1.3.29", - "A1.1.2.20", - "A1.1.3.35", - "A3.4.1.22" - ], - "PCI-3.2.1": [ - "1.2", - "1.2.1", - "1.2.1.a", - "1.2.1.b", - "1.2.1.c", - "1.3", - "1.3.1", - "1.3.2", - "1.3.4", - "1.3.6", - "7.2", - "7.2.1" - ], - "CCC": [ - "CCC.AuditLog.CN10.AR01", - "CCC.AuditLog.CN10.AR02", - "CCC.Logging.CN05.AR01", - "CCC.Logging.CN05.AR02", - "CCC.ObjStor.CN02.AR01", - "CCC.ObjStor.CN02.AR02", - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR05" - ], - "ProwlerThreatScore-1.0": [ - "2.2.17" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.3" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure there are no S3 buckets writable by Everyone or Any AWS customer.", - "title": "Ensure there are no S3 buckets writable by Everyone or Any AWS customer.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_public_write_acl-211203495394-eu-west-1-cloudfront-logs-sure-jackal" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::cloudfront-logs-sure-jackal", - "name": "cloudfront-logs-sure-jackal", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "awslogsdelivery+s3_us-east-1", - "ID": "c4c1ede66af53448b93c283ce9448c4ba468c9432aa01d700d3878632f77d2d0", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - }, - { - "display_name": null, - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "eu-west-1", - "logging_target_bucket": null, - "ownership": "ObjectWriter", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "cloudfront-logs-sure-jackal", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::cloudfront-logs-sure-jackal" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "You can enable block public access settings only for access points, buckets and AWS accounts. Amazon S3 does not support block public access settings on a per-object basis. When you apply block public access settings to an account, the settings apply to all AWS Regions globally. The settings might not take effect in all Regions immediately or simultaneously, but they eventually propagate to all Regions.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html" - ] - }, - "risk_details": "Even if you enable all possible bucket ACL options available in the Amazon S3 console the ACL alone does not allow everyone to download objects from your bucket. Depending on which option you select any user could perform some actions.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket logs-sure-jackal is not publicly writable.", - "metadata": { - "event_code": "s3_bucket_public_write_acl", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 Bucket logs-sure-jackal is not publicly writable.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "PS-03.02B" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "PCI-4.0": [ - "1.2.8.35", - "1.3.1.39", - "1.3.2.39", - "1.4.2.37", - "1.5.1.35", - "10.3.2.24", - "3.5.1.3.29", - "A1.1.2.20", - "A1.1.3.35", - "A3.4.1.22" - ], - "PCI-3.2.1": [ - "1.2", - "1.2.1", - "1.2.1.a", - "1.2.1.b", - "1.2.1.c", - "1.3", - "1.3.1", - "1.3.2", - "1.3.4", - "1.3.6", - "7.2", - "7.2.1" - ], - "CCC": [ - "CCC.AuditLog.CN10.AR01", - "CCC.AuditLog.CN10.AR02", - "CCC.Logging.CN05.AR01", - "CCC.Logging.CN05.AR02", - "CCC.ObjStor.CN02.AR01", - "CCC.ObjStor.CN02.AR02", - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR05" - ], - "ProwlerThreatScore-1.0": [ - "2.2.17" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.3" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure there are no S3 buckets writable by Everyone or Any AWS customer.", - "title": "Ensure there are no S3 buckets writable by Everyone or Any AWS customer.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_public_write_acl-211203495394-eu-west-1-logs-sure-jackal" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::logs-sure-jackal", - "name": "logs-sure-jackal", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "ELBRegionEu-West-1", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::156460612806:root" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/*" - }, - { - "Effect": "Allow", - "Principal": { - "Service": "logdelivery.elasticloadbalancing.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/*" - }, - { - "Sid": "AlbNlbLogDeliveryWrite", - "Effect": "Allow", - "Principal": { - "Service": "delivery.logs.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/*", - "Condition": { - "StringEquals": { - "s3:x-amz-acl": "bucket-owner-full-control", - "aws:ResourceOrgID": "o-123456" - } - } - }, - { - "Sid": "AlbNlbLogDeliveryAclCheck", - "Effect": "Allow", - "Principal": { - "Service": "delivery.logs.amazonaws.com" - }, - "Action": [ - "s3:ListBucket", - "s3:GetBucketAcl" - ], - "Resource": "arn:aws:s3:::logs-sure-jackal", - "Condition": { - "StringEquals": { - "aws:ResourceOrgID": "o-123456" - } - } - }, - { - "Sid": "AWSAccessLogDeliveryWrite", - "Effect": "Allow", - "Principal": { - "Service": "logging.s3.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/*", - "Condition": { - "StringEquals": { - "aws:ResourceOrgID": "o-123456" - }, - "ForAnyValue:StringEquals": { - "aws:SourceAccount": "211203495394" - }, - "ForAnyValue:ArnLike": { - "aws:SourceArn": "arn:aws:s3:::s3-bucket-sure-jackal" - } - } - }, - { - "Sid": "AWSAccessLogDeliveryAclCheck", - "Effect": "Allow", - "Principal": { - "Service": "logging.s3.amazonaws.com" - }, - "Action": "s3:GetBucketAcl", - "Resource": "arn:aws:s3:::logs-sure-jackal", - "Condition": { - "StringEquals": { - "aws:ResourceOrgID": "o-123456" - } - } - }, - { - "Sid": "AWSCloudTrailAclCheck", - "Effect": "Allow", - "Principal": { - "Service": "cloudtrail.amazonaws.com" - }, - "Action": "s3:GetBucketAcl", - "Resource": "arn:aws:s3:::logs-sure-jackal" - }, - { - "Sid": "AWSCloudTrailWrite", - "Effect": "Allow", - "Principal": { - "Service": "cloudtrail.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/AWSLogs/*", - "Condition": { - "StringEquals": { - "s3:x-amz-acl": "bucket-owner-full-control" - } - } - }, - { - "Sid": "denyOutdatedTLS", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:*", - "Resource": [ - "arn:aws:s3:::logs-sure-jackal/*", - "arn:aws:s3:::logs-sure-jackal" - ], - "Condition": { - "NumericLessThan": { - "s3:TlsVersion": "1.2" - } - } - }, - { - "Sid": "denyInsecureTransport", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:*", - "Resource": [ - "arn:aws:s3:::logs-sure-jackal/*", - "arn:aws:s3:::logs-sure-jackal" - ], - "Condition": { - "Bool": { - "aws:SecureTransport": "false" - } - } - }, - { - "Sid": "WafLogDeliveryWrite", - "Effect": "Allow", - "Principal": { - "Service": "delivery.logs.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/AWSLogs/211203495394/*", - "Condition": { - "StringEquals": { - "aws:SourceAccount": "211203495394", - "s3:x-amz-acl": "bucket-owner-full-control" - }, - "ArnLike": { - "aws:SourceArn": "arn:aws:logs:eu-west-1:211203495394:*" - } - } - }, - { - "Sid": "WafLogDeliveryAclCheck", - "Effect": "Allow", - "Principal": { - "Service": "delivery.logs.amazonaws.com" - }, - "Action": "s3:GetBucketAcl", - "Resource": "arn:aws:s3:::logs-sure-jackal", - "Condition": { - "StringEquals": { - "aws:SourceAccount": "211203495394" - }, - "ArnLike": { - "aws:SourceArn": "arn:aws:logs:eu-west-1:211203495394:*" - } - } - } - ] - }, - "encryption": "AES256", - "region": "eu-west-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "logs-sure-jackal", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::logs-sure-jackal" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "You can enable block public access settings only for access points, buckets and AWS accounts. Amazon S3 does not support block public access settings on a per-object basis. When you apply block public access settings to an account, the settings apply to all AWS Regions globally. The settings might not take effect in all Regions immediately or simultaneously, but they eventually propagate to all Regions.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html" - ] - }, - "risk_details": "Even if you enable all possible bucket ACL options available in the Amazon S3 console the ACL alone does not allow everyone to download objects from your bucket. Depending on which option you select any user could perform some actions.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket s3-bucket-sure-jackal is not publicly writable.", - "metadata": { - "event_code": "s3_bucket_public_write_acl", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 Bucket s3-bucket-sure-jackal is not publicly writable.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "PS-03.02B" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "PCI-4.0": [ - "1.2.8.35", - "1.3.1.39", - "1.3.2.39", - "1.4.2.37", - "1.5.1.35", - "10.3.2.24", - "3.5.1.3.29", - "A1.1.2.20", - "A1.1.3.35", - "A3.4.1.22" - ], - "PCI-3.2.1": [ - "1.2", - "1.2.1", - "1.2.1.a", - "1.2.1.b", - "1.2.1.c", - "1.3", - "1.3.1", - "1.3.2", - "1.3.4", - "1.3.6", - "7.2", - "7.2.1" - ], - "CCC": [ - "CCC.AuditLog.CN10.AR01", - "CCC.AuditLog.CN10.AR02", - "CCC.Logging.CN05.AR01", - "CCC.Logging.CN05.AR02", - "CCC.ObjStor.CN02.AR01", - "CCC.ObjStor.CN02.AR02", - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR05" - ], - "ProwlerThreatScore-1.0": [ - "2.2.17" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.3" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure there are no S3 buckets writable by Everyone or Any AWS customer.", - "title": "Ensure there are no S3 buckets writable by Everyone or Any AWS customer.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_public_write_acl-211203495394-eu-west-1-s3-bucket-sure-jackal" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::s3-bucket-sure-jackal", - "name": "s3-bucket-sure-jackal", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": true, - "logging": true, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": null, - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "denyOutdatedTLS", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:*", - "Resource": [ - "arn:aws:s3:::s3-bucket-sure-jackal/*", - "arn:aws:s3:::s3-bucket-sure-jackal" - ], - "Condition": { - "NumericLessThan": { - "s3:TlsVersion": "1.2" - } - } - }, - { - "Sid": "denyInsecureTransport", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:*", - "Resource": [ - "arn:aws:s3:::s3-bucket-sure-jackal/*", - "arn:aws:s3:::s3-bucket-sure-jackal" - ], - "Condition": { - "Bool": { - "aws:SecureTransport": "false" - } - } - }, - { - "Sid": "denyUnencryptedObjectUploads", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal/*", - "Condition": { - "Null": { - "s3:x-amz-server-side-encryption": "true" - } - } - }, - { - "Sid": "denySSECEncryptedObjectUploads", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal/*", - "Condition": { - "Null": { - "s3:x-amz-server-side-encryption-customer-algorithm": "false" - } - } - }, - { - "Sid": "denyIncorrectKmsKeySse", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal/*", - "Condition": { - "StringNotEquals": { - "s3:x-amz-server-side-encryption-aws-kms-key-id": "arn:aws:kms:eu-west-1:211203495394:key/34307c6a-e2e3-4f56-8543-fa92dd73df4f" - } - } - }, - { - "Sid": "denyIncorrectEncryptionHeaders", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal/*", - "Condition": { - "StringNotEquals": { - "s3:x-amz-server-side-encryption": "aws:kms" - } - } - }, - { - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:role/terraform-20251019182000328500000001" - }, - "Action": "s3:ListBucket", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal" - } - ] - }, - "encryption": "aws:kms", - "region": "eu-west-1", - "logging_target_bucket": "logs-sure-jackal", - "ownership": "BucketOwnerPreferred", - "object_lock": true, - "mfa_delete": false, - "tags": [ - { - "Key": "Owner", - "Value": "Anton" - } - ], - "lifecycle": [ - { - "id": "log", - "status": "Enabled" - }, - { - "id": "log1", - "status": "Enabled" - }, - { - "id": "log2", - "status": "Enabled" - } - ], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [ - "Owner:Anton" - ], - "name": "s3-bucket-sure-jackal", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::s3-bucket-sure-jackal" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "You can enable block public access settings only for access points, buckets and AWS accounts. Amazon S3 does not support block public access settings on a per-object basis. When you apply block public access settings to an account, the settings apply to all AWS Regions globally. The settings might not take effect in all Regions immediately or simultaneously, but they eventually propagate to all Regions.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html" - ] - }, - "risk_details": "Even if you enable all possible bucket ACL options available in the Amazon S3 console the ACL alone does not allow everyone to download objects from your bucket. Depending on which option you select any user could perform some actions.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket simple-sure-jackal is not publicly writable.", - "metadata": { - "event_code": "s3_bucket_public_write_acl", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 Bucket simple-sure-jackal is not publicly writable.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "PS-03.02B" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "PCI-4.0": [ - "1.2.8.35", - "1.3.1.39", - "1.3.2.39", - "1.4.2.37", - "1.5.1.35", - "10.3.2.24", - "3.5.1.3.29", - "A1.1.2.20", - "A1.1.3.35", - "A3.4.1.22" - ], - "PCI-3.2.1": [ - "1.2", - "1.2.1", - "1.2.1.a", - "1.2.1.b", - "1.2.1.c", - "1.3", - "1.3.1", - "1.3.2", - "1.3.4", - "1.3.6", - "7.2", - "7.2.1" - ], - "CCC": [ - "CCC.AuditLog.CN10.AR01", - "CCC.AuditLog.CN10.AR02", - "CCC.Logging.CN05.AR01", - "CCC.Logging.CN05.AR02", - "CCC.ObjStor.CN02.AR01", - "CCC.ObjStor.CN02.AR02", - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR05" - ], - "ProwlerThreatScore-1.0": [ - "2.2.17" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.3" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Ensure there are no S3 buckets writable by Everyone or Any AWS customer.", - "title": "Ensure there are no S3 buckets writable by Everyone or Any AWS customer.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_public_write_acl-211203495394-eu-west-1-simple-sure-jackal" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::simple-sure-jackal", - "name": "simple-sure-jackal", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "eu-west-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "simple-sure-jackal", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::simple-sure-jackal" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "You can enable block public access settings only for access points, buckets and AWS accounts. Amazon S3 does not support block public access settings on a per-object basis. When you apply block public access settings to an account, the settings apply to all AWS Regions globally. The settings might not take effect in all Regions immediately or simultaneously, but they eventually propagate to all Regions.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html" - ] - }, - "risk_details": "Even if you enable all possible bucket ACL options available in the Amazon S3 console the ACL alone does not allow everyone to download objects from your bucket. Depending on which option you select any user could perform some actions.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket cloudfront-logs-sure-jackal does not have a bucket policy, thus it allows HTTP requests.", - "metadata": { - "event_code": "s3_bucket_secure_transport_policy", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "S3 Bucket cloudfront-logs-sure-jackal does not have a bucket policy, thus it allows HTTP requests.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_13", - "3_5_10", - "3_13_1", - "3_13_5", - "3_13_8", - "3_13_11", - "3_13_16" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_1_3" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_312_a_2_iv", - "164_312_c_1", - "164_312_c_2", - "164_312_e_1", - "164_312_e_2_i", - "164_312_e_2_ii" - ], - "NIST-CSF-1.1": [ - "ds_2" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-17-2", - "sc-7", - "sc-8-1", - "sc-8", - "sc-23" - ], - "CIS-3.0": [ - "2.1.1" - ], - "NIST-800-53-Revision-5": [ - "ac_4", - "ac_4_22", - "ac_17_2", - "ac_24_1", - "au_9_3", - "ca_9_b", - "cm_6_a", - "cm_9_b", - "ia_5_1_c", - "pm_11_b", - "pm_17_b", - "sc_7_4_b", - "sc_7_4_g", - "sc_7_5", - "sc_8", - "sc_8_1", - "sc_8_2", - "sc_8_3", - "sc_8_4", - "sc_8_5", - "sc_13_a", - "sc_16_1", - "sc_23", - "si_1_a_2" - ], - "ENS-RD2022": [ - "mp.com.1.aws.s3.1", - "mp.com.3.aws.s3.1" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.1", - "2.10.2" - ], - "CIS-4.0.1": [ - "2.1.1" - ], - "PCI-4.0": [ - "1.2.5.15", - "2.2.5.15", - "2.2.7.19", - "4.2.1.1.27", - "4.2.1.19", - "8.3.2.49" - ], - "FedRAMP-Low-Revision-4": [ - "ac-17", - "sc-7" - ], - "FFIEC": [ - "d3-pc-am-b-12", - "d3-pc-am-b-13", - "d3-pc-am-b-15" - ], - "GDPR": [ - "article_32" - ], - "CIS-5.0": [ - "2.1.1" - ], - "CIS-1.4": [ - "2.1.2" - ], - "CCC": [ - "CCC.Core.CN01.AR01", - "CCC.Core.CN01.AR03", - "CCC.Core.CN01.AR07", - "CCC.Core.CN01.AR08" - ], - "GxP-21-CFR-Part-11": [ - "11.10-c", - "11.30" - ], - "ProwlerThreatScore-1.0": [ - "4.1.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.5" - ], - "CIS-1.5": [ - "2.1.2" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC09-BP02" - ], - "NIST-800-53-Revision-4": [ - "ac_17_2", - "sc_7", - "sc_8_1", - "sc_8" - ], - "KISA-ISMS-P-2023": [ - "2.7.1", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1040" - ], - "CIS-2.0": [ - "2.1.1" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Check if S3 buckets have secure transport policy.", - "title": "Check if S3 buckets have secure transport policy.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_secure_transport_policy-211203495394-eu-west-1-cloudfront-logs-sure-jackal" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::cloudfront-logs-sure-jackal", - "name": "cloudfront-logs-sure-jackal", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "awslogsdelivery+s3_us-east-1", - "ID": "c4c1ede66af53448b93c283ce9448c4ba468c9432aa01d700d3878632f77d2d0", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - }, - { - "display_name": null, - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "eu-west-1", - "logging_target_bucket": null, - "ownership": "ObjectWriter", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "cloudfront-logs-sure-jackal", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::cloudfront-logs-sure-jackal" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Ensure that S3 buckets have encryption in transit enabled.", - "references": [ - "https://aws.amazon.com/premiumsupport/knowledge-center/s3-bucket-policy-for-config-rule/" - ] - }, - "risk_details": "If HTTPS is not enforced on the bucket policy, communication between clients and S3 buckets can use unencrypted HTTP. As a result, sensitive information could be transmitted in clear text over the network or internet.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket logs-sure-jackal has a bucket policy to deny requests over insecure transport.", - "metadata": { - "event_code": "s3_bucket_secure_transport_policy", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 Bucket logs-sure-jackal has a bucket policy to deny requests over insecure transport.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_13", - "3_5_10", - "3_13_1", - "3_13_5", - "3_13_8", - "3_13_11", - "3_13_16" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_1_3" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_312_a_2_iv", - "164_312_c_1", - "164_312_c_2", - "164_312_e_1", - "164_312_e_2_i", - "164_312_e_2_ii" - ], - "NIST-CSF-1.1": [ - "ds_2" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-17-2", - "sc-7", - "sc-8-1", - "sc-8", - "sc-23" - ], - "CIS-3.0": [ - "2.1.1" - ], - "NIST-800-53-Revision-5": [ - "ac_4", - "ac_4_22", - "ac_17_2", - "ac_24_1", - "au_9_3", - "ca_9_b", - "cm_6_a", - "cm_9_b", - "ia_5_1_c", - "pm_11_b", - "pm_17_b", - "sc_7_4_b", - "sc_7_4_g", - "sc_7_5", - "sc_8", - "sc_8_1", - "sc_8_2", - "sc_8_3", - "sc_8_4", - "sc_8_5", - "sc_13_a", - "sc_16_1", - "sc_23", - "si_1_a_2" - ], - "ENS-RD2022": [ - "mp.com.1.aws.s3.1", - "mp.com.3.aws.s3.1" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.1", - "2.10.2" - ], - "CIS-4.0.1": [ - "2.1.1" - ], - "PCI-4.0": [ - "1.2.5.15", - "2.2.5.15", - "2.2.7.19", - "4.2.1.1.27", - "4.2.1.19", - "8.3.2.49" - ], - "FedRAMP-Low-Revision-4": [ - "ac-17", - "sc-7" - ], - "FFIEC": [ - "d3-pc-am-b-12", - "d3-pc-am-b-13", - "d3-pc-am-b-15" - ], - "GDPR": [ - "article_32" - ], - "CIS-5.0": [ - "2.1.1" - ], - "CIS-1.4": [ - "2.1.2" - ], - "CCC": [ - "CCC.Core.CN01.AR01", - "CCC.Core.CN01.AR03", - "CCC.Core.CN01.AR07", - "CCC.Core.CN01.AR08" - ], - "GxP-21-CFR-Part-11": [ - "11.10-c", - "11.30" - ], - "ProwlerThreatScore-1.0": [ - "4.1.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.5" - ], - "CIS-1.5": [ - "2.1.2" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC09-BP02" - ], - "NIST-800-53-Revision-4": [ - "ac_17_2", - "sc_7", - "sc_8_1", - "sc_8" - ], - "KISA-ISMS-P-2023": [ - "2.7.1", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1040" - ], - "CIS-2.0": [ - "2.1.1" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Check if S3 buckets have secure transport policy.", - "title": "Check if S3 buckets have secure transport policy.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_secure_transport_policy-211203495394-eu-west-1-logs-sure-jackal" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::logs-sure-jackal", - "name": "logs-sure-jackal", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "ELBRegionEu-West-1", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::156460612806:root" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/*" - }, - { - "Effect": "Allow", - "Principal": { - "Service": "logdelivery.elasticloadbalancing.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/*" - }, - { - "Sid": "AlbNlbLogDeliveryWrite", - "Effect": "Allow", - "Principal": { - "Service": "delivery.logs.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/*", - "Condition": { - "StringEquals": { - "s3:x-amz-acl": "bucket-owner-full-control", - "aws:ResourceOrgID": "o-123456" - } - } - }, - { - "Sid": "AlbNlbLogDeliveryAclCheck", - "Effect": "Allow", - "Principal": { - "Service": "delivery.logs.amazonaws.com" - }, - "Action": [ - "s3:ListBucket", - "s3:GetBucketAcl" - ], - "Resource": "arn:aws:s3:::logs-sure-jackal", - "Condition": { - "StringEquals": { - "aws:ResourceOrgID": "o-123456" - } - } - }, - { - "Sid": "AWSAccessLogDeliveryWrite", - "Effect": "Allow", - "Principal": { - "Service": "logging.s3.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/*", - "Condition": { - "StringEquals": { - "aws:ResourceOrgID": "o-123456" - }, - "ForAnyValue:StringEquals": { - "aws:SourceAccount": "211203495394" - }, - "ForAnyValue:ArnLike": { - "aws:SourceArn": "arn:aws:s3:::s3-bucket-sure-jackal" - } - } - }, - { - "Sid": "AWSAccessLogDeliveryAclCheck", - "Effect": "Allow", - "Principal": { - "Service": "logging.s3.amazonaws.com" - }, - "Action": "s3:GetBucketAcl", - "Resource": "arn:aws:s3:::logs-sure-jackal", - "Condition": { - "StringEquals": { - "aws:ResourceOrgID": "o-123456" - } - } - }, - { - "Sid": "AWSCloudTrailAclCheck", - "Effect": "Allow", - "Principal": { - "Service": "cloudtrail.amazonaws.com" - }, - "Action": "s3:GetBucketAcl", - "Resource": "arn:aws:s3:::logs-sure-jackal" - }, - { - "Sid": "AWSCloudTrailWrite", - "Effect": "Allow", - "Principal": { - "Service": "cloudtrail.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/AWSLogs/*", - "Condition": { - "StringEquals": { - "s3:x-amz-acl": "bucket-owner-full-control" - } - } - }, - { - "Sid": "denyOutdatedTLS", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:*", - "Resource": [ - "arn:aws:s3:::logs-sure-jackal/*", - "arn:aws:s3:::logs-sure-jackal" - ], - "Condition": { - "NumericLessThan": { - "s3:TlsVersion": "1.2" - } - } - }, - { - "Sid": "denyInsecureTransport", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:*", - "Resource": [ - "arn:aws:s3:::logs-sure-jackal/*", - "arn:aws:s3:::logs-sure-jackal" - ], - "Condition": { - "Bool": { - "aws:SecureTransport": "false" - } - } - }, - { - "Sid": "WafLogDeliveryWrite", - "Effect": "Allow", - "Principal": { - "Service": "delivery.logs.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/AWSLogs/211203495394/*", - "Condition": { - "StringEquals": { - "aws:SourceAccount": "211203495394", - "s3:x-amz-acl": "bucket-owner-full-control" - }, - "ArnLike": { - "aws:SourceArn": "arn:aws:logs:eu-west-1:211203495394:*" - } - } - }, - { - "Sid": "WafLogDeliveryAclCheck", - "Effect": "Allow", - "Principal": { - "Service": "delivery.logs.amazonaws.com" - }, - "Action": "s3:GetBucketAcl", - "Resource": "arn:aws:s3:::logs-sure-jackal", - "Condition": { - "StringEquals": { - "aws:SourceAccount": "211203495394" - }, - "ArnLike": { - "aws:SourceArn": "arn:aws:logs:eu-west-1:211203495394:*" - } - } - } - ] - }, - "encryption": "AES256", - "region": "eu-west-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "logs-sure-jackal", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::logs-sure-jackal" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Ensure that S3 buckets have encryption in transit enabled.", - "references": [ - "https://aws.amazon.com/premiumsupport/knowledge-center/s3-bucket-policy-for-config-rule/" - ] - }, - "risk_details": "If HTTPS is not enforced on the bucket policy, communication between clients and S3 buckets can use unencrypted HTTP. As a result, sensitive information could be transmitted in clear text over the network or internet.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket s3-bucket-sure-jackal has a bucket policy to deny requests over insecure transport.", - "metadata": { - "event_code": "s3_bucket_secure_transport_policy", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 Bucket s3-bucket-sure-jackal has a bucket policy to deny requests over insecure transport.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_13", - "3_5_10", - "3_13_1", - "3_13_5", - "3_13_8", - "3_13_11", - "3_13_16" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_1_3" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_312_a_2_iv", - "164_312_c_1", - "164_312_c_2", - "164_312_e_1", - "164_312_e_2_i", - "164_312_e_2_ii" - ], - "NIST-CSF-1.1": [ - "ds_2" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-17-2", - "sc-7", - "sc-8-1", - "sc-8", - "sc-23" - ], - "CIS-3.0": [ - "2.1.1" - ], - "NIST-800-53-Revision-5": [ - "ac_4", - "ac_4_22", - "ac_17_2", - "ac_24_1", - "au_9_3", - "ca_9_b", - "cm_6_a", - "cm_9_b", - "ia_5_1_c", - "pm_11_b", - "pm_17_b", - "sc_7_4_b", - "sc_7_4_g", - "sc_7_5", - "sc_8", - "sc_8_1", - "sc_8_2", - "sc_8_3", - "sc_8_4", - "sc_8_5", - "sc_13_a", - "sc_16_1", - "sc_23", - "si_1_a_2" - ], - "ENS-RD2022": [ - "mp.com.1.aws.s3.1", - "mp.com.3.aws.s3.1" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.1", - "2.10.2" - ], - "CIS-4.0.1": [ - "2.1.1" - ], - "PCI-4.0": [ - "1.2.5.15", - "2.2.5.15", - "2.2.7.19", - "4.2.1.1.27", - "4.2.1.19", - "8.3.2.49" - ], - "FedRAMP-Low-Revision-4": [ - "ac-17", - "sc-7" - ], - "FFIEC": [ - "d3-pc-am-b-12", - "d3-pc-am-b-13", - "d3-pc-am-b-15" - ], - "GDPR": [ - "article_32" - ], - "CIS-5.0": [ - "2.1.1" - ], - "CIS-1.4": [ - "2.1.2" - ], - "CCC": [ - "CCC.Core.CN01.AR01", - "CCC.Core.CN01.AR03", - "CCC.Core.CN01.AR07", - "CCC.Core.CN01.AR08" - ], - "GxP-21-CFR-Part-11": [ - "11.10-c", - "11.30" - ], - "ProwlerThreatScore-1.0": [ - "4.1.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.5" - ], - "CIS-1.5": [ - "2.1.2" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC09-BP02" - ], - "NIST-800-53-Revision-4": [ - "ac_17_2", - "sc_7", - "sc_8_1", - "sc_8" - ], - "KISA-ISMS-P-2023": [ - "2.7.1", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1040" - ], - "CIS-2.0": [ - "2.1.1" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Check if S3 buckets have secure transport policy.", - "title": "Check if S3 buckets have secure transport policy.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_secure_transport_policy-211203495394-eu-west-1-s3-bucket-sure-jackal" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::s3-bucket-sure-jackal", - "name": "s3-bucket-sure-jackal", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": true, - "logging": true, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": null, - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "denyOutdatedTLS", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:*", - "Resource": [ - "arn:aws:s3:::s3-bucket-sure-jackal/*", - "arn:aws:s3:::s3-bucket-sure-jackal" - ], - "Condition": { - "NumericLessThan": { - "s3:TlsVersion": "1.2" - } - } - }, - { - "Sid": "denyInsecureTransport", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:*", - "Resource": [ - "arn:aws:s3:::s3-bucket-sure-jackal/*", - "arn:aws:s3:::s3-bucket-sure-jackal" - ], - "Condition": { - "Bool": { - "aws:SecureTransport": "false" - } - } - }, - { - "Sid": "denyUnencryptedObjectUploads", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal/*", - "Condition": { - "Null": { - "s3:x-amz-server-side-encryption": "true" - } - } - }, - { - "Sid": "denySSECEncryptedObjectUploads", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal/*", - "Condition": { - "Null": { - "s3:x-amz-server-side-encryption-customer-algorithm": "false" - } - } - }, - { - "Sid": "denyIncorrectKmsKeySse", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal/*", - "Condition": { - "StringNotEquals": { - "s3:x-amz-server-side-encryption-aws-kms-key-id": "arn:aws:kms:eu-west-1:211203495394:key/34307c6a-e2e3-4f56-8543-fa92dd73df4f" - } - } - }, - { - "Sid": "denyIncorrectEncryptionHeaders", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal/*", - "Condition": { - "StringNotEquals": { - "s3:x-amz-server-side-encryption": "aws:kms" - } - } - }, - { - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:role/terraform-20251019182000328500000001" - }, - "Action": "s3:ListBucket", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal" - } - ] - }, - "encryption": "aws:kms", - "region": "eu-west-1", - "logging_target_bucket": "logs-sure-jackal", - "ownership": "BucketOwnerPreferred", - "object_lock": true, - "mfa_delete": false, - "tags": [ - { - "Key": "Owner", - "Value": "Anton" - } - ], - "lifecycle": [ - { - "id": "log", - "status": "Enabled" - }, - { - "id": "log1", - "status": "Enabled" - }, - { - "id": "log2", - "status": "Enabled" - } - ], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [ - "Owner:Anton" - ], - "name": "s3-bucket-sure-jackal", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::s3-bucket-sure-jackal" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Ensure that S3 buckets have encryption in transit enabled.", - "references": [ - "https://aws.amazon.com/premiumsupport/knowledge-center/s3-bucket-policy-for-config-rule/" - ] - }, - "risk_details": "If HTTPS is not enforced on the bucket policy, communication between clients and S3 buckets can use unencrypted HTTP. As a result, sensitive information could be transmitted in clear text over the network or internet.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket simple-sure-jackal does not have a bucket policy, thus it allows HTTP requests.", - "metadata": { - "event_code": "s3_bucket_secure_transport_policy", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "S3 Bucket simple-sure-jackal does not have a bucket policy, thus it allows HTTP requests.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_13", - "3_5_10", - "3_13_1", - "3_13_5", - "3_13_8", - "3_13_11", - "3_13_16" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_1_3" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_312_a_2_iv", - "164_312_c_1", - "164_312_c_2", - "164_312_e_1", - "164_312_e_2_i", - "164_312_e_2_ii" - ], - "NIST-CSF-1.1": [ - "ds_2" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-17-2", - "sc-7", - "sc-8-1", - "sc-8", - "sc-23" - ], - "CIS-3.0": [ - "2.1.1" - ], - "NIST-800-53-Revision-5": [ - "ac_4", - "ac_4_22", - "ac_17_2", - "ac_24_1", - "au_9_3", - "ca_9_b", - "cm_6_a", - "cm_9_b", - "ia_5_1_c", - "pm_11_b", - "pm_17_b", - "sc_7_4_b", - "sc_7_4_g", - "sc_7_5", - "sc_8", - "sc_8_1", - "sc_8_2", - "sc_8_3", - "sc_8_4", - "sc_8_5", - "sc_13_a", - "sc_16_1", - "sc_23", - "si_1_a_2" - ], - "ENS-RD2022": [ - "mp.com.1.aws.s3.1", - "mp.com.3.aws.s3.1" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.1", - "2.10.2" - ], - "CIS-4.0.1": [ - "2.1.1" - ], - "PCI-4.0": [ - "1.2.5.15", - "2.2.5.15", - "2.2.7.19", - "4.2.1.1.27", - "4.2.1.19", - "8.3.2.49" - ], - "FedRAMP-Low-Revision-4": [ - "ac-17", - "sc-7" - ], - "FFIEC": [ - "d3-pc-am-b-12", - "d3-pc-am-b-13", - "d3-pc-am-b-15" - ], - "GDPR": [ - "article_32" - ], - "CIS-5.0": [ - "2.1.1" - ], - "CIS-1.4": [ - "2.1.2" - ], - "CCC": [ - "CCC.Core.CN01.AR01", - "CCC.Core.CN01.AR03", - "CCC.Core.CN01.AR07", - "CCC.Core.CN01.AR08" - ], - "GxP-21-CFR-Part-11": [ - "11.10-c", - "11.30" - ], - "ProwlerThreatScore-1.0": [ - "4.1.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.5" - ], - "CIS-1.5": [ - "2.1.2" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC09-BP02" - ], - "NIST-800-53-Revision-4": [ - "ac_17_2", - "sc_7", - "sc_8_1", - "sc_8" - ], - "KISA-ISMS-P-2023": [ - "2.7.1", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1040" - ], - "CIS-2.0": [ - "2.1.1" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Check if S3 buckets have secure transport policy.", - "title": "Check if S3 buckets have secure transport policy.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_secure_transport_policy-211203495394-eu-west-1-simple-sure-jackal" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::simple-sure-jackal", - "name": "simple-sure-jackal", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "eu-west-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "simple-sure-jackal", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::simple-sure-jackal" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Ensure that S3 buckets have encryption in transit enabled.", - "references": [ - "https://aws.amazon.com/premiumsupport/knowledge-center/s3-bucket-policy-for-config-rule/" - ] - }, - "risk_details": "If HTTPS is not enforced on the bucket policy, communication between clients and S3 buckets can use unencrypted HTTP. As a result, sensitive information could be transmitted in clear text over the network or internet.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket cloudfront-logs-sure-jackal has server access logging disabled.", - "metadata": { - "event_code": "s3_bucket_server_access_logging_enabled", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "S3 Bucket cloudfront-logs-sure-jackal has server access logging disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_12", - "3_3_1", - "3_3_2", - "3_3_3", - "3_6_1", - "3_6_2", - "3_13_1", - "3_14_6", - "3_14_7" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_4" - ], - "HIPAA": [ - "164_308_a_1_ii_d", - "164_308_a_3_ii_a", - "164_308_a_6_ii", - "164_312_b", - "164_312_e_2_i" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "C5-2025": [ - "AM-01.01AC", - "OPS-11.02AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "IAM-06.04B", - "IAM-07.04B", - "IAM-10.01B", - "SSO-05.01AC", - "PSS-04.05B" - ], - "NIST-CSF-1.1": [ - "ae_1", - "ae_3", - "ae_4", - "cm_1", - "cm_3", - "cm_6", - "cm_7", - "am_3", - "ac_6", - "ds_5", - "pt_1" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-4", - "ac-2-g", - "au-2-a-d", - "au-3", - "au-6-1-3", - "au-12-a-c" - ], - "NIST-800-53-Revision-5": [ - "ac_2_4", - "ac_3_1", - "ac_3_10", - "ac_4_26", - "ac_6_9", - "au_2_b", - "au_3_a", - "au_3_b", - "au_3_c", - "au_3_d", - "au_3_e", - "au_3_f", - "au_6_3", - "au_6_4", - "au_6_6", - "au_6_9", - "au_8_b", - "au_10", - "au_12_a", - "au_12_c", - "au_12_1", - "au_12_2", - "au_12_3", - "au_12_4", - "au_14_a", - "au_14_b", - "au_14_3", - "ca_7_b", - "cm_5_1_b", - "cm_6_a", - "cm_9_b", - "ia_3_3_b", - "ma_4_1_a", - "pm_14_a_1", - "pm_14_b", - "pm_31", - "sc_7_9_b", - "si_1_1_c", - "si_3_8_b", - "si_4_2", - "si_4_17", - "si_4_20", - "si_7_8", - "si_10_1_c" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.2" - ], - "PCI-4.0": [ - "10.2.1.1.30", - "10.2.1.2.27", - "10.2.1.3.27", - "10.2.1.4.27", - "10.2.1.5.27", - "10.2.1.6.27", - "10.2.1.7.27", - "10.2.1.27", - "10.2.2.27", - "10.3.1.27", - "10.6.3.34", - "5.3.4.32", - "A1.2.1.32" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "au-2" - ], - "FFIEC": [ - "d2-ma-ma-b-1", - "d2-ma-ma-b-2", - "d3-dc-an-b-3", - "d3-dc-an-b-4", - "d5-dr-de-b-3" - ], - "PCI-3.2.1": [ - "10.1", - "10.2", - "10.2.1", - "10.2.2", - "10.2.3", - "10.2.4", - "10.2.6", - "10.2.7", - "10.3", - "10.3.1", - "10.3.2", - "10.3.3", - "10.3.4", - "10.3.5", - "10.3.6", - "10.5", - "10.5.4" - ], - "CCC": [ - "CCC.AuditLog.CN04.AR01", - "CCC.ObjStor.CN06.AR01", - "CCC.Core.CN09.AR03" - ], - "GxP-21-CFR-Part-11": [ - "11.10-e", - "11.10-k" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.9" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP01" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "NIST-800-53-Revision-4": [ - "ac_2", - "au_2", - "au_3", - "au_12" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.2" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ], - "NIS2": [ - "1.1.1.h", - "3.2.3.c", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Check if S3 buckets have server access logging enabled", - "title": "Check if S3 buckets have server access logging enabled", - "types": [ - "Logging and Monitoring" - ], - "uid": "prowler-aws-s3_bucket_server_access_logging_enabled-211203495394-eu-west-1-cloudfront-logs-sure-jackal" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::cloudfront-logs-sure-jackal", - "name": "cloudfront-logs-sure-jackal", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "awslogsdelivery+s3_us-east-1", - "ID": "c4c1ede66af53448b93c283ce9448c4ba468c9432aa01d700d3878632f77d2d0", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - }, - { - "display_name": null, - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "eu-west-1", - "logging_target_bucket": null, - "ownership": "ObjectWriter", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "cloudfront-logs-sure-jackal", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::cloudfront-logs-sure-jackal" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Ensure that S3 buckets have Logging enabled. CloudTrail data events can be used in place of S3 bucket logging. If that is the case, this finding can be considered a false positive.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/dev/security-best-practices.html" - ] - }, - "risk_details": "Server access logs can assist you in security and access audits, help you learn about your customer base, and understand your Amazon S3 bill.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket logs-sure-jackal has server access logging disabled.", - "metadata": { - "event_code": "s3_bucket_server_access_logging_enabled", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "S3 Bucket logs-sure-jackal has server access logging disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_12", - "3_3_1", - "3_3_2", - "3_3_3", - "3_6_1", - "3_6_2", - "3_13_1", - "3_14_6", - "3_14_7" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_4" - ], - "HIPAA": [ - "164_308_a_1_ii_d", - "164_308_a_3_ii_a", - "164_308_a_6_ii", - "164_312_b", - "164_312_e_2_i" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "C5-2025": [ - "AM-01.01AC", - "OPS-11.02AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "IAM-06.04B", - "IAM-07.04B", - "IAM-10.01B", - "SSO-05.01AC", - "PSS-04.05B" - ], - "NIST-CSF-1.1": [ - "ae_1", - "ae_3", - "ae_4", - "cm_1", - "cm_3", - "cm_6", - "cm_7", - "am_3", - "ac_6", - "ds_5", - "pt_1" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-4", - "ac-2-g", - "au-2-a-d", - "au-3", - "au-6-1-3", - "au-12-a-c" - ], - "NIST-800-53-Revision-5": [ - "ac_2_4", - "ac_3_1", - "ac_3_10", - "ac_4_26", - "ac_6_9", - "au_2_b", - "au_3_a", - "au_3_b", - "au_3_c", - "au_3_d", - "au_3_e", - "au_3_f", - "au_6_3", - "au_6_4", - "au_6_6", - "au_6_9", - "au_8_b", - "au_10", - "au_12_a", - "au_12_c", - "au_12_1", - "au_12_2", - "au_12_3", - "au_12_4", - "au_14_a", - "au_14_b", - "au_14_3", - "ca_7_b", - "cm_5_1_b", - "cm_6_a", - "cm_9_b", - "ia_3_3_b", - "ma_4_1_a", - "pm_14_a_1", - "pm_14_b", - "pm_31", - "sc_7_9_b", - "si_1_1_c", - "si_3_8_b", - "si_4_2", - "si_4_17", - "si_4_20", - "si_7_8", - "si_10_1_c" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.2" - ], - "PCI-4.0": [ - "10.2.1.1.30", - "10.2.1.2.27", - "10.2.1.3.27", - "10.2.1.4.27", - "10.2.1.5.27", - "10.2.1.6.27", - "10.2.1.7.27", - "10.2.1.27", - "10.2.2.27", - "10.3.1.27", - "10.6.3.34", - "5.3.4.32", - "A1.2.1.32" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "au-2" - ], - "FFIEC": [ - "d2-ma-ma-b-1", - "d2-ma-ma-b-2", - "d3-dc-an-b-3", - "d3-dc-an-b-4", - "d5-dr-de-b-3" - ], - "PCI-3.2.1": [ - "10.1", - "10.2", - "10.2.1", - "10.2.2", - "10.2.3", - "10.2.4", - "10.2.6", - "10.2.7", - "10.3", - "10.3.1", - "10.3.2", - "10.3.3", - "10.3.4", - "10.3.5", - "10.3.6", - "10.5", - "10.5.4" - ], - "CCC": [ - "CCC.AuditLog.CN04.AR01", - "CCC.ObjStor.CN06.AR01", - "CCC.Core.CN09.AR03" - ], - "GxP-21-CFR-Part-11": [ - "11.10-e", - "11.10-k" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.9" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP01" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "NIST-800-53-Revision-4": [ - "ac_2", - "au_2", - "au_3", - "au_12" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.2" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ], - "NIS2": [ - "1.1.1.h", - "3.2.3.c", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Check if S3 buckets have server access logging enabled", - "title": "Check if S3 buckets have server access logging enabled", - "types": [ - "Logging and Monitoring" - ], - "uid": "prowler-aws-s3_bucket_server_access_logging_enabled-211203495394-eu-west-1-logs-sure-jackal" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::logs-sure-jackal", - "name": "logs-sure-jackal", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "ELBRegionEu-West-1", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::156460612806:root" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/*" - }, - { - "Effect": "Allow", - "Principal": { - "Service": "logdelivery.elasticloadbalancing.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/*" - }, - { - "Sid": "AlbNlbLogDeliveryWrite", - "Effect": "Allow", - "Principal": { - "Service": "delivery.logs.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/*", - "Condition": { - "StringEquals": { - "s3:x-amz-acl": "bucket-owner-full-control", - "aws:ResourceOrgID": "o-123456" - } - } - }, - { - "Sid": "AlbNlbLogDeliveryAclCheck", - "Effect": "Allow", - "Principal": { - "Service": "delivery.logs.amazonaws.com" - }, - "Action": [ - "s3:ListBucket", - "s3:GetBucketAcl" - ], - "Resource": "arn:aws:s3:::logs-sure-jackal", - "Condition": { - "StringEquals": { - "aws:ResourceOrgID": "o-123456" - } - } - }, - { - "Sid": "AWSAccessLogDeliveryWrite", - "Effect": "Allow", - "Principal": { - "Service": "logging.s3.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/*", - "Condition": { - "StringEquals": { - "aws:ResourceOrgID": "o-123456" - }, - "ForAnyValue:StringEquals": { - "aws:SourceAccount": "211203495394" - }, - "ForAnyValue:ArnLike": { - "aws:SourceArn": "arn:aws:s3:::s3-bucket-sure-jackal" - } - } - }, - { - "Sid": "AWSAccessLogDeliveryAclCheck", - "Effect": "Allow", - "Principal": { - "Service": "logging.s3.amazonaws.com" - }, - "Action": "s3:GetBucketAcl", - "Resource": "arn:aws:s3:::logs-sure-jackal", - "Condition": { - "StringEquals": { - "aws:ResourceOrgID": "o-123456" - } - } - }, - { - "Sid": "AWSCloudTrailAclCheck", - "Effect": "Allow", - "Principal": { - "Service": "cloudtrail.amazonaws.com" - }, - "Action": "s3:GetBucketAcl", - "Resource": "arn:aws:s3:::logs-sure-jackal" - }, - { - "Sid": "AWSCloudTrailWrite", - "Effect": "Allow", - "Principal": { - "Service": "cloudtrail.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/AWSLogs/*", - "Condition": { - "StringEquals": { - "s3:x-amz-acl": "bucket-owner-full-control" - } - } - }, - { - "Sid": "denyOutdatedTLS", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:*", - "Resource": [ - "arn:aws:s3:::logs-sure-jackal/*", - "arn:aws:s3:::logs-sure-jackal" - ], - "Condition": { - "NumericLessThan": { - "s3:TlsVersion": "1.2" - } - } - }, - { - "Sid": "denyInsecureTransport", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:*", - "Resource": [ - "arn:aws:s3:::logs-sure-jackal/*", - "arn:aws:s3:::logs-sure-jackal" - ], - "Condition": { - "Bool": { - "aws:SecureTransport": "false" - } - } - }, - { - "Sid": "WafLogDeliveryWrite", - "Effect": "Allow", - "Principal": { - "Service": "delivery.logs.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/AWSLogs/211203495394/*", - "Condition": { - "StringEquals": { - "aws:SourceAccount": "211203495394", - "s3:x-amz-acl": "bucket-owner-full-control" - }, - "ArnLike": { - "aws:SourceArn": "arn:aws:logs:eu-west-1:211203495394:*" - } - } - }, - { - "Sid": "WafLogDeliveryAclCheck", - "Effect": "Allow", - "Principal": { - "Service": "delivery.logs.amazonaws.com" - }, - "Action": "s3:GetBucketAcl", - "Resource": "arn:aws:s3:::logs-sure-jackal", - "Condition": { - "StringEquals": { - "aws:SourceAccount": "211203495394" - }, - "ArnLike": { - "aws:SourceArn": "arn:aws:logs:eu-west-1:211203495394:*" - } - } - } - ] - }, - "encryption": "AES256", - "region": "eu-west-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "logs-sure-jackal", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::logs-sure-jackal" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Ensure that S3 buckets have Logging enabled. CloudTrail data events can be used in place of S3 bucket logging. If that is the case, this finding can be considered a false positive.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/dev/security-best-practices.html" - ] - }, - "risk_details": "Server access logs can assist you in security and access audits, help you learn about your customer base, and understand your Amazon S3 bill.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket s3-bucket-sure-jackal has server access logging enabled.", - "metadata": { - "event_code": "s3_bucket_server_access_logging_enabled", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 Bucket s3-bucket-sure-jackal has server access logging enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_12", - "3_3_1", - "3_3_2", - "3_3_3", - "3_6_1", - "3_6_2", - "3_13_1", - "3_14_6", - "3_14_7" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_4" - ], - "HIPAA": [ - "164_308_a_1_ii_d", - "164_308_a_3_ii_a", - "164_308_a_6_ii", - "164_312_b", - "164_312_e_2_i" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "C5-2025": [ - "AM-01.01AC", - "OPS-11.02AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "IAM-06.04B", - "IAM-07.04B", - "IAM-10.01B", - "SSO-05.01AC", - "PSS-04.05B" - ], - "NIST-CSF-1.1": [ - "ae_1", - "ae_3", - "ae_4", - "cm_1", - "cm_3", - "cm_6", - "cm_7", - "am_3", - "ac_6", - "ds_5", - "pt_1" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-4", - "ac-2-g", - "au-2-a-d", - "au-3", - "au-6-1-3", - "au-12-a-c" - ], - "NIST-800-53-Revision-5": [ - "ac_2_4", - "ac_3_1", - "ac_3_10", - "ac_4_26", - "ac_6_9", - "au_2_b", - "au_3_a", - "au_3_b", - "au_3_c", - "au_3_d", - "au_3_e", - "au_3_f", - "au_6_3", - "au_6_4", - "au_6_6", - "au_6_9", - "au_8_b", - "au_10", - "au_12_a", - "au_12_c", - "au_12_1", - "au_12_2", - "au_12_3", - "au_12_4", - "au_14_a", - "au_14_b", - "au_14_3", - "ca_7_b", - "cm_5_1_b", - "cm_6_a", - "cm_9_b", - "ia_3_3_b", - "ma_4_1_a", - "pm_14_a_1", - "pm_14_b", - "pm_31", - "sc_7_9_b", - "si_1_1_c", - "si_3_8_b", - "si_4_2", - "si_4_17", - "si_4_20", - "si_7_8", - "si_10_1_c" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.2" - ], - "PCI-4.0": [ - "10.2.1.1.30", - "10.2.1.2.27", - "10.2.1.3.27", - "10.2.1.4.27", - "10.2.1.5.27", - "10.2.1.6.27", - "10.2.1.7.27", - "10.2.1.27", - "10.2.2.27", - "10.3.1.27", - "10.6.3.34", - "5.3.4.32", - "A1.2.1.32" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "au-2" - ], - "FFIEC": [ - "d2-ma-ma-b-1", - "d2-ma-ma-b-2", - "d3-dc-an-b-3", - "d3-dc-an-b-4", - "d5-dr-de-b-3" - ], - "PCI-3.2.1": [ - "10.1", - "10.2", - "10.2.1", - "10.2.2", - "10.2.3", - "10.2.4", - "10.2.6", - "10.2.7", - "10.3", - "10.3.1", - "10.3.2", - "10.3.3", - "10.3.4", - "10.3.5", - "10.3.6", - "10.5", - "10.5.4" - ], - "CCC": [ - "CCC.AuditLog.CN04.AR01", - "CCC.ObjStor.CN06.AR01", - "CCC.Core.CN09.AR03" - ], - "GxP-21-CFR-Part-11": [ - "11.10-e", - "11.10-k" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.9" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP01" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "NIST-800-53-Revision-4": [ - "ac_2", - "au_2", - "au_3", - "au_12" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.2" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ], - "NIS2": [ - "1.1.1.h", - "3.2.3.c", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Check if S3 buckets have server access logging enabled", - "title": "Check if S3 buckets have server access logging enabled", - "types": [ - "Logging and Monitoring" - ], - "uid": "prowler-aws-s3_bucket_server_access_logging_enabled-211203495394-eu-west-1-s3-bucket-sure-jackal" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::s3-bucket-sure-jackal", - "name": "s3-bucket-sure-jackal", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": true, - "logging": true, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": null, - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "denyOutdatedTLS", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:*", - "Resource": [ - "arn:aws:s3:::s3-bucket-sure-jackal/*", - "arn:aws:s3:::s3-bucket-sure-jackal" - ], - "Condition": { - "NumericLessThan": { - "s3:TlsVersion": "1.2" - } - } - }, - { - "Sid": "denyInsecureTransport", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:*", - "Resource": [ - "arn:aws:s3:::s3-bucket-sure-jackal/*", - "arn:aws:s3:::s3-bucket-sure-jackal" - ], - "Condition": { - "Bool": { - "aws:SecureTransport": "false" - } - } - }, - { - "Sid": "denyUnencryptedObjectUploads", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal/*", - "Condition": { - "Null": { - "s3:x-amz-server-side-encryption": "true" - } - } - }, - { - "Sid": "denySSECEncryptedObjectUploads", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal/*", - "Condition": { - "Null": { - "s3:x-amz-server-side-encryption-customer-algorithm": "false" - } - } - }, - { - "Sid": "denyIncorrectKmsKeySse", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal/*", - "Condition": { - "StringNotEquals": { - "s3:x-amz-server-side-encryption-aws-kms-key-id": "arn:aws:kms:eu-west-1:211203495394:key/34307c6a-e2e3-4f56-8543-fa92dd73df4f" - } - } - }, - { - "Sid": "denyIncorrectEncryptionHeaders", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal/*", - "Condition": { - "StringNotEquals": { - "s3:x-amz-server-side-encryption": "aws:kms" - } - } - }, - { - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:role/terraform-20251019182000328500000001" - }, - "Action": "s3:ListBucket", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal" - } - ] - }, - "encryption": "aws:kms", - "region": "eu-west-1", - "logging_target_bucket": "logs-sure-jackal", - "ownership": "BucketOwnerPreferred", - "object_lock": true, - "mfa_delete": false, - "tags": [ - { - "Key": "Owner", - "Value": "Anton" - } - ], - "lifecycle": [ - { - "id": "log", - "status": "Enabled" - }, - { - "id": "log1", - "status": "Enabled" - }, - { - "id": "log2", - "status": "Enabled" - } - ], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [ - "Owner:Anton" - ], - "name": "s3-bucket-sure-jackal", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::s3-bucket-sure-jackal" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Ensure that S3 buckets have Logging enabled. CloudTrail data events can be used in place of S3 bucket logging. If that is the case, this finding can be considered a false positive.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/dev/security-best-practices.html" - ] - }, - "risk_details": "Server access logs can assist you in security and access audits, help you learn about your customer base, and understand your Amazon S3 bill.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket simple-sure-jackal has server access logging disabled.", - "metadata": { - "event_code": "s3_bucket_server_access_logging_enabled", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "S3 Bucket simple-sure-jackal has server access logging disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_12", - "3_3_1", - "3_3_2", - "3_3_3", - "3_6_1", - "3_6_2", - "3_13_1", - "3_14_6", - "3_14_7" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_4" - ], - "HIPAA": [ - "164_308_a_1_ii_d", - "164_308_a_3_ii_a", - "164_308_a_6_ii", - "164_312_b", - "164_312_e_2_i" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "C5-2025": [ - "AM-01.01AC", - "OPS-11.02AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "IAM-06.04B", - "IAM-07.04B", - "IAM-10.01B", - "SSO-05.01AC", - "PSS-04.05B" - ], - "NIST-CSF-1.1": [ - "ae_1", - "ae_3", - "ae_4", - "cm_1", - "cm_3", - "cm_6", - "cm_7", - "am_3", - "ac_6", - "ds_5", - "pt_1" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-4", - "ac-2-g", - "au-2-a-d", - "au-3", - "au-6-1-3", - "au-12-a-c" - ], - "NIST-800-53-Revision-5": [ - "ac_2_4", - "ac_3_1", - "ac_3_10", - "ac_4_26", - "ac_6_9", - "au_2_b", - "au_3_a", - "au_3_b", - "au_3_c", - "au_3_d", - "au_3_e", - "au_3_f", - "au_6_3", - "au_6_4", - "au_6_6", - "au_6_9", - "au_8_b", - "au_10", - "au_12_a", - "au_12_c", - "au_12_1", - "au_12_2", - "au_12_3", - "au_12_4", - "au_14_a", - "au_14_b", - "au_14_3", - "ca_7_b", - "cm_5_1_b", - "cm_6_a", - "cm_9_b", - "ia_3_3_b", - "ma_4_1_a", - "pm_14_a_1", - "pm_14_b", - "pm_31", - "sc_7_9_b", - "si_1_1_c", - "si_3_8_b", - "si_4_2", - "si_4_17", - "si_4_20", - "si_7_8", - "si_10_1_c" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.2" - ], - "PCI-4.0": [ - "10.2.1.1.30", - "10.2.1.2.27", - "10.2.1.3.27", - "10.2.1.4.27", - "10.2.1.5.27", - "10.2.1.6.27", - "10.2.1.7.27", - "10.2.1.27", - "10.2.2.27", - "10.3.1.27", - "10.6.3.34", - "5.3.4.32", - "A1.2.1.32" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "au-2" - ], - "FFIEC": [ - "d2-ma-ma-b-1", - "d2-ma-ma-b-2", - "d3-dc-an-b-3", - "d3-dc-an-b-4", - "d5-dr-de-b-3" - ], - "PCI-3.2.1": [ - "10.1", - "10.2", - "10.2.1", - "10.2.2", - "10.2.3", - "10.2.4", - "10.2.6", - "10.2.7", - "10.3", - "10.3.1", - "10.3.2", - "10.3.3", - "10.3.4", - "10.3.5", - "10.3.6", - "10.5", - "10.5.4" - ], - "CCC": [ - "CCC.AuditLog.CN04.AR01", - "CCC.ObjStor.CN06.AR01", - "CCC.Core.CN09.AR03" - ], - "GxP-21-CFR-Part-11": [ - "11.10-e", - "11.10-k" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.9" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP01" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "NIST-800-53-Revision-4": [ - "ac_2", - "au_2", - "au_3", - "au_12" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.2" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ], - "NIS2": [ - "1.1.1.h", - "3.2.3.c", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Check if S3 buckets have server access logging enabled", - "title": "Check if S3 buckets have server access logging enabled", - "types": [ - "Logging and Monitoring" - ], - "uid": "prowler-aws-s3_bucket_server_access_logging_enabled-211203495394-eu-west-1-simple-sure-jackal" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::simple-sure-jackal", - "name": "simple-sure-jackal", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "eu-west-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "simple-sure-jackal", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::simple-sure-jackal" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Ensure that S3 buckets have Logging enabled. CloudTrail data events can be used in place of S3 bucket logging. If that is the case, this finding can be considered a false positive.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/dev/security-best-practices.html" - ] - }, - "risk_details": "Server access logs can assist you in security and access audits, help you learn about your customer base, and understand your Amazon S3 bill.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 bucket cloudfront-logs-sure-jackal is not a known shadow resource.", - "metadata": { - "event_code": "s3_bucket_shadow_resource_vulnerability", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 bucket cloudfront-logs-sure-jackal is not a known shadow resource.", - "status_id": 1, - "unmapped": { - "related_url": "https://www.aquasec.com/blog/bucket-monopoly-breaching-aws-accounts-through-shadow-resources/", - "categories": [ - "trustboundaries" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "This check is based on the 'Bucket Monopoly' vulnerability disclosed by Aqua Security.", - "compliance": { - "C5-2025": [ - "OPS-25.01B" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Checks for S3 buckets with predictable names that could be hijacked by an attacker before legitimate use, leading to data leakage or other security breaches.", - "title": "Check for S3 buckets vulnerable to Shadow Resource Hijacking (Bucket Monopoly)", - "types": [ - "Effects/Data Exposure" - ], - "uid": "prowler-aws-s3_bucket_shadow_resource_vulnerability-211203495394-eu-west-1-cloudfront-logs-sure-jackal" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::cloudfront-logs-sure-jackal", - "name": "cloudfront-logs-sure-jackal", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "awslogsdelivery+s3_us-east-1", - "ID": "c4c1ede66af53448b93c283ce9448c4ba468c9432aa01d700d3878632f77d2d0", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - }, - { - "display_name": null, - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "eu-west-1", - "logging_target_bucket": null, - "ownership": "ObjectWriter", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "cloudfront-logs-sure-jackal", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::cloudfront-logs-sure-jackal" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Ensure that all S3 buckets associated with your AWS account are owned by your account. Be cautious of services that create buckets with predictable names. Whenever possible, pre-create these buckets in all regions to prevent hijacking.", - "references": [ - "https://www.aquasec.com/blog/bucket-monopoly-breaching-aws-accounts-through-shadow-resources/" - ] - }, - "risk_details": "An attacker can pre-create S3 buckets with predictable names used by various AWS services. When a legitimate user's service attempts to use that bucket, it may inadvertently write sensitive data to the attacker-controlled bucket, leading to information disclosure, denial of service, or even remote code execution.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 bucket logs-sure-jackal is not a known shadow resource.", - "metadata": { - "event_code": "s3_bucket_shadow_resource_vulnerability", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 bucket logs-sure-jackal is not a known shadow resource.", - "status_id": 1, - "unmapped": { - "related_url": "https://www.aquasec.com/blog/bucket-monopoly-breaching-aws-accounts-through-shadow-resources/", - "categories": [ - "trustboundaries" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "This check is based on the 'Bucket Monopoly' vulnerability disclosed by Aqua Security.", - "compliance": { - "C5-2025": [ - "OPS-25.01B" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Checks for S3 buckets with predictable names that could be hijacked by an attacker before legitimate use, leading to data leakage or other security breaches.", - "title": "Check for S3 buckets vulnerable to Shadow Resource Hijacking (Bucket Monopoly)", - "types": [ - "Effects/Data Exposure" - ], - "uid": "prowler-aws-s3_bucket_shadow_resource_vulnerability-211203495394-eu-west-1-logs-sure-jackal" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::logs-sure-jackal", - "name": "logs-sure-jackal", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "ELBRegionEu-West-1", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::156460612806:root" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/*" - }, - { - "Effect": "Allow", - "Principal": { - "Service": "logdelivery.elasticloadbalancing.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/*" - }, - { - "Sid": "AlbNlbLogDeliveryWrite", - "Effect": "Allow", - "Principal": { - "Service": "delivery.logs.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/*", - "Condition": { - "StringEquals": { - "s3:x-amz-acl": "bucket-owner-full-control", - "aws:ResourceOrgID": "o-123456" - } - } - }, - { - "Sid": "AlbNlbLogDeliveryAclCheck", - "Effect": "Allow", - "Principal": { - "Service": "delivery.logs.amazonaws.com" - }, - "Action": [ - "s3:ListBucket", - "s3:GetBucketAcl" - ], - "Resource": "arn:aws:s3:::logs-sure-jackal", - "Condition": { - "StringEquals": { - "aws:ResourceOrgID": "o-123456" - } - } - }, - { - "Sid": "AWSAccessLogDeliveryWrite", - "Effect": "Allow", - "Principal": { - "Service": "logging.s3.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/*", - "Condition": { - "StringEquals": { - "aws:ResourceOrgID": "o-123456" - }, - "ForAnyValue:StringEquals": { - "aws:SourceAccount": "211203495394" - }, - "ForAnyValue:ArnLike": { - "aws:SourceArn": "arn:aws:s3:::s3-bucket-sure-jackal" - } - } - }, - { - "Sid": "AWSAccessLogDeliveryAclCheck", - "Effect": "Allow", - "Principal": { - "Service": "logging.s3.amazonaws.com" - }, - "Action": "s3:GetBucketAcl", - "Resource": "arn:aws:s3:::logs-sure-jackal", - "Condition": { - "StringEquals": { - "aws:ResourceOrgID": "o-123456" - } - } - }, - { - "Sid": "AWSCloudTrailAclCheck", - "Effect": "Allow", - "Principal": { - "Service": "cloudtrail.amazonaws.com" - }, - "Action": "s3:GetBucketAcl", - "Resource": "arn:aws:s3:::logs-sure-jackal" - }, - { - "Sid": "AWSCloudTrailWrite", - "Effect": "Allow", - "Principal": { - "Service": "cloudtrail.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/AWSLogs/*", - "Condition": { - "StringEquals": { - "s3:x-amz-acl": "bucket-owner-full-control" - } - } - }, - { - "Sid": "denyOutdatedTLS", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:*", - "Resource": [ - "arn:aws:s3:::logs-sure-jackal/*", - "arn:aws:s3:::logs-sure-jackal" - ], - "Condition": { - "NumericLessThan": { - "s3:TlsVersion": "1.2" - } - } - }, - { - "Sid": "denyInsecureTransport", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:*", - "Resource": [ - "arn:aws:s3:::logs-sure-jackal/*", - "arn:aws:s3:::logs-sure-jackal" - ], - "Condition": { - "Bool": { - "aws:SecureTransport": "false" - } - } - }, - { - "Sid": "WafLogDeliveryWrite", - "Effect": "Allow", - "Principal": { - "Service": "delivery.logs.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::logs-sure-jackal/AWSLogs/211203495394/*", - "Condition": { - "StringEquals": { - "aws:SourceAccount": "211203495394", - "s3:x-amz-acl": "bucket-owner-full-control" - }, - "ArnLike": { - "aws:SourceArn": "arn:aws:logs:eu-west-1:211203495394:*" - } - } - }, - { - "Sid": "WafLogDeliveryAclCheck", - "Effect": "Allow", - "Principal": { - "Service": "delivery.logs.amazonaws.com" - }, - "Action": "s3:GetBucketAcl", - "Resource": "arn:aws:s3:::logs-sure-jackal", - "Condition": { - "StringEquals": { - "aws:SourceAccount": "211203495394" - }, - "ArnLike": { - "aws:SourceArn": "arn:aws:logs:eu-west-1:211203495394:*" - } - } - } - ] - }, - "encryption": "AES256", - "region": "eu-west-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "logs-sure-jackal", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::logs-sure-jackal" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Ensure that all S3 buckets associated with your AWS account are owned by your account. Be cautious of services that create buckets with predictable names. Whenever possible, pre-create these buckets in all regions to prevent hijacking.", - "references": [ - "https://www.aquasec.com/blog/bucket-monopoly-breaching-aws-accounts-through-shadow-resources/" - ] - }, - "risk_details": "An attacker can pre-create S3 buckets with predictable names used by various AWS services. When a legitimate user's service attempts to use that bucket, it may inadvertently write sensitive data to the attacker-controlled bucket, leading to information disclosure, denial of service, or even remote code execution.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 bucket s3-bucket-sure-jackal is not a known shadow resource.", - "metadata": { - "event_code": "s3_bucket_shadow_resource_vulnerability", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 bucket s3-bucket-sure-jackal is not a known shadow resource.", - "status_id": 1, - "unmapped": { - "related_url": "https://www.aquasec.com/blog/bucket-monopoly-breaching-aws-accounts-through-shadow-resources/", - "categories": [ - "trustboundaries" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "This check is based on the 'Bucket Monopoly' vulnerability disclosed by Aqua Security.", - "compliance": { - "C5-2025": [ - "OPS-25.01B" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Checks for S3 buckets with predictable names that could be hijacked by an attacker before legitimate use, leading to data leakage or other security breaches.", - "title": "Check for S3 buckets vulnerable to Shadow Resource Hijacking (Bucket Monopoly)", - "types": [ - "Effects/Data Exposure" - ], - "uid": "prowler-aws-s3_bucket_shadow_resource_vulnerability-211203495394-eu-west-1-s3-bucket-sure-jackal" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::s3-bucket-sure-jackal", - "name": "s3-bucket-sure-jackal", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": true, - "logging": true, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": null, - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "denyOutdatedTLS", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:*", - "Resource": [ - "arn:aws:s3:::s3-bucket-sure-jackal/*", - "arn:aws:s3:::s3-bucket-sure-jackal" - ], - "Condition": { - "NumericLessThan": { - "s3:TlsVersion": "1.2" - } - } - }, - { - "Sid": "denyInsecureTransport", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:*", - "Resource": [ - "arn:aws:s3:::s3-bucket-sure-jackal/*", - "arn:aws:s3:::s3-bucket-sure-jackal" - ], - "Condition": { - "Bool": { - "aws:SecureTransport": "false" - } - } - }, - { - "Sid": "denyUnencryptedObjectUploads", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal/*", - "Condition": { - "Null": { - "s3:x-amz-server-side-encryption": "true" - } - } - }, - { - "Sid": "denySSECEncryptedObjectUploads", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal/*", - "Condition": { - "Null": { - "s3:x-amz-server-side-encryption-customer-algorithm": "false" - } - } - }, - { - "Sid": "denyIncorrectKmsKeySse", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal/*", - "Condition": { - "StringNotEquals": { - "s3:x-amz-server-side-encryption-aws-kms-key-id": "arn:aws:kms:eu-west-1:211203495394:key/34307c6a-e2e3-4f56-8543-fa92dd73df4f" - } - } - }, - { - "Sid": "denyIncorrectEncryptionHeaders", - "Effect": "Deny", - "Principal": "*", - "Action": "s3:PutObject", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal/*", - "Condition": { - "StringNotEquals": { - "s3:x-amz-server-side-encryption": "aws:kms" - } - } - }, - { - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:role/terraform-20251019182000328500000001" - }, - "Action": "s3:ListBucket", - "Resource": "arn:aws:s3:::s3-bucket-sure-jackal" - } - ] - }, - "encryption": "aws:kms", - "region": "eu-west-1", - "logging_target_bucket": "logs-sure-jackal", - "ownership": "BucketOwnerPreferred", - "object_lock": true, - "mfa_delete": false, - "tags": [ - { - "Key": "Owner", - "Value": "Anton" - } - ], - "lifecycle": [ - { - "id": "log", - "status": "Enabled" - }, - { - "id": "log1", - "status": "Enabled" - }, - { - "id": "log2", - "status": "Enabled" - } - ], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [ - "Owner:Anton" - ], - "name": "s3-bucket-sure-jackal", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::s3-bucket-sure-jackal" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Ensure that all S3 buckets associated with your AWS account are owned by your account. Be cautious of services that create buckets with predictable names. Whenever possible, pre-create these buckets in all regions to prevent hijacking.", - "references": [ - "https://www.aquasec.com/blog/bucket-monopoly-breaching-aws-accounts-through-shadow-resources/" - ] - }, - "risk_details": "An attacker can pre-create S3 buckets with predictable names used by various AWS services. When a legitimate user's service attempts to use that bucket, it may inadvertently write sensitive data to the attacker-controlled bucket, leading to information disclosure, denial of service, or even remote code execution.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 bucket simple-sure-jackal is not a known shadow resource.", - "metadata": { - "event_code": "s3_bucket_shadow_resource_vulnerability", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 bucket simple-sure-jackal is not a known shadow resource.", - "status_id": 1, - "unmapped": { - "related_url": "https://www.aquasec.com/blog/bucket-monopoly-breaching-aws-accounts-through-shadow-resources/", - "categories": [ - "trustboundaries" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "This check is based on the 'Bucket Monopoly' vulnerability disclosed by Aqua Security.", - "compliance": { - "C5-2025": [ - "OPS-25.01B" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760898062, - "created_time_dt": "2025-10-19T18:21:02.299110", - "desc": "Checks for S3 buckets with predictable names that could be hijacked by an attacker before legitimate use, leading to data leakage or other security breaches.", - "title": "Check for S3 buckets vulnerable to Shadow Resource Hijacking (Bucket Monopoly)", - "types": [ - "Effects/Data Exposure" - ], - "uid": "prowler-aws-s3_bucket_shadow_resource_vulnerability-211203495394-eu-west-1-simple-sure-jackal" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::simple-sure-jackal", - "name": "simple-sure-jackal", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "eu-west-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "simple-sure-jackal", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::simple-sure-jackal" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Ensure that all S3 buckets associated with your AWS account are owned by your account. Be cautious of services that create buckets with predictable names. Whenever possible, pre-create these buckets in all regions to prevent hijacking.", - "references": [ - "https://www.aquasec.com/blog/bucket-monopoly-breaching-aws-accounts-through-shadow-resources/" - ] - }, - "risk_details": "An attacker can pre-create S3 buckets with predictable names used by various AWS services. When a legitimate user's service attempts to use that bucket, it may inadvertently write sensitive data to the attacker-controlled bucket, leading to information disclosure, denial of service, or even remote code execution.", - "time": 1760898062, - "time_dt": "2025-10-19T18:21:02.299110", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - } -] diff --git a/website/src/data/test-results/finos-labs-ccc-cfi-compliance/azure-postgresql-flexibleserver/config/azure-postgresql-flexibleserver.json b/website/src/data/test-results/finos-labs-ccc-cfi-compliance/azure-postgresql-flexibleserver/config/azure-postgresql-flexibleserver.json deleted file mode 100644 index 40c5f3c5..00000000 --- a/website/src/data/test-results/finos-labs-ccc-cfi-compliance/azure-postgresql-flexibleserver/config/azure-postgresql-flexibleserver.json +++ /dev/null @@ -1,9 +0,0 @@ -{ - "id": "azure-postgresql-flexibleserver", - "provider": "azure", - "service": "database", - "name": "CCC Azure PostgreSQL Flexible Server Terraform Module", - "description": "This module creates a secure Azure Database for PostgreSQL Flexible Server with encryption, networking, and monitoring capabilities.", - "path": "remote/azure/postgres", - "git": "https://github.com/Azure/terraform-azurerm-avm-res-dbforpostgresql-flexibleserver" -} \ No newline at end of file diff --git a/website/src/data/test-results/finos-labs-ccc-cfi-compliance/azure-postgresql-flexibleserver/results/azure-postgresql-flexibleserver-baseline.ocsf.json b/website/src/data/test-results/finos-labs-ccc-cfi-compliance/azure-postgresql-flexibleserver/results/azure-postgresql-flexibleserver-baseline.ocsf.json deleted file mode 100644 index 4dc0a5b9..00000000 --- a/website/src/data/test-results/finos-labs-ccc-cfi-compliance/azure-postgresql-flexibleserver/results/azure-postgresql-flexibleserver-baseline.ocsf.json +++ /dev/null @@ -1,10698 +0,0 @@ -[ - { - "message": "There are no AppInsight configured in subscription Azure subscription 1.", - "metadata": { - "event_code": "appinsights_ensure_is_configured", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "There are no AppInsight configured in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/azure-monitor/app/app-insights-overview", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Because Application Insights relies on a Log Analytics Workspace, an organization will incur additional expenses when using this service.", - "compliance": { - "ENS-RD2022": [ - "mp.s.4.r1.az.nt.2" - ], - "CIS-2.0": [ - "5.3.1" - ], - "ProwlerThreatScore-1.0": [ - "3.3.13" - ], - "CIS-2.1": [ - "5.3.1" - ], - "CIS-3.0": [ - "6.3.1" - ], - "CCC": [ - "CCC.Logging.CN01.AR01" - ], - "PCI-4.0": [ - "10.2.1.1.3", - "10.2.1.2.3", - "10.2.1.3.3", - "10.2.1.4.3", - "10.2.1.5.3", - "10.2.1.6.3", - "10.2.1.7.3", - "10.2.1.3", - "10.2.2.3", - "10.4.1.1.1", - "10.4.1.1", - "10.4.2.1", - "10.6.3.3", - "10.7.1.1", - "10.7.2.1", - "5.3.4.3", - "A1.2.1.3", - "A3.3.1.1", - "A3.5.1.1" - ], - "CIS-4.0": [ - "7.1.3.1" - ], - "NIS2": [ - "3.2.3.h", - "5.1.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760899347, - "created_time_dt": "2025-10-19T18:42:27.982879", - "desc": "Application Insights within Azure act as an Application Performance Monitoring solution providing valuable data into how well an application performs and additional information when performing incident response. The types of log data collected include application metrics, telemetry data, and application trace logging data providing organizations with detailed information about application activity and application transactions. Both data sets help organizations adopt a proactive and retroactive means to handle security and performance related metrics within their modern applications.", - "title": "Ensure Application Insights are Configured.", - "types": [], - "uid": "prowler-azure-appinsights_ensure_is_configured-3bb71587-4549-4396-8898-9e15f062e665-global-AppInsights" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "appinsights" - }, - "labels": [], - "name": "AppInsights", - "type": "Microsoft.Insights/components", - "uid": "AppInsights" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. Navigate to Application Insights 2. Under the Basics tab within the PROJECT DETAILS section, select the Subscription 3. Select the Resource group 4. Within the INSTANCE DETAILS, enter a Name 5. Select a Region 6. Next to Resource Mode, select Workspace-based 7. Within the WORKSPACE DETAILS, select the Subscription for the log analytics workspace 8. Select the appropriate Log Analytics Workspace 9. Click Next:Tags > 10. Enter the appropriate Tags as Name, Value pairs. 11. Click Next:Review+Create 12. Click Create.", - "references": [] - }, - "risk_details": "Configuring Application Insights provides additional data not found elsewhere within Azure as part of a much larger logging and monitoring program within an organization's Information Security practice. The types and contents of these logs will act as both a potential cost saving measure (application performance) and a means to potentially confirm the source of a potential incident (trace logging). Metrics and Telemetry data provide organizations with a proactive approach to cost savings by monitoring an application's performance, while the trace logging data provides necessary details in a reactive incident response scenario by helping organizations identify the potential source of an incident within their application.", - "time": 1760899347, - "time_dt": "2025-10-19T18:42:27.982879", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Defender Auto Provisioning Log Analytics Agents from subscription Azure subscription 1 is set to OFF.", - "metadata": { - "event_code": "defender_auto_provisioning_log_analytics_agent_vms_on", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Defender Auto Provisioning Log Analytics Agents from subscription Azure subscription 1 is set to OFF.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/azure/security-center/security-center-data-security", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.mon.3.r2.az.de.1", - "mp.s.4.r1.az.nt.5" - ], - "MITRE-ATTACK": [ - "T1190" - ], - "CIS-2.0": [ - "2.1.15" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1", - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "2.1.14" - ], - "CIS-3.0": [ - "3.1.1.1" - ], - "NIS2": [ - "2.1.2.h", - "3.1.2.d", - "3.2.3.c", - "3.2.3.e", - "3.2.3.g", - "3.6.2", - "6.9.2", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760899347, - "created_time_dt": "2025-10-19T18:42:27.982879", - "desc": "Ensure that Auto provisioning of 'Log Analytics agent for Azure VMs' is Set to 'On'. The Microsoft Monitoring Agent scans for various security-related configurations and events such as system updates, OS vulnerabilities, endpoint protection, and provides alerts.", - "title": "Ensure that Auto provisioning of 'Log Analytics agent for Azure VMs' is Set to 'On'", - "types": [], - "uid": "prowler-azure-defender_auto_provisioning_log_analytics_agent_vms_on-3bb71587-4549-4396-8898-9e15f062e665-global-default" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/autoProvisioningSettings/default", - "resource_name": "default", - "resource_type": "Microsoft.Security/autoProvisioningSettings", - "auto_provision": "Off" - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "default", - "type": "AzureDefenderPlan", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/autoProvisioningSettings/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "Ensure comprehensive visibility into possible security vulnerabilities, including missing updates, misconfigured operating system security settings, and active threats, allowing for timely mitigation and improved overall security posture", - "references": [ - "https://learn.microsoft.com/en-us/azure/defender-for-cloud/monitoring-components" - ] - }, - "risk_details": "Missing critical security information about your Azure VMs, such as security alerts, security recommendations, and change tracking.", - "time": 1760899347, - "time_dt": "2025-10-19T18:42:27.982879", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Container image scan is disabled in subscription Azure subscription 1.", - "metadata": { - "event_code": "defender_container_images_scan_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Container image scan is disabled in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/container-registry/container-registry-check-health", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "When using an Azure container registry, you might occasionally encounter problems. For example, you might not be able to pull a container image because of an issue with Docker in your local environment. Or, a network issue might prevent you from connecting to the registry.", - "compliance": { - "MITRE-ATTACK": [ - "T1190", - "T1525" - ], - "ISO27001-2022": [ - "A.5.19", - "A.5.21", - "A.5.25", - "A.5.28", - "A.5.29", - "A.8.7", - "A.8.9" - ], - "SOC2": [ - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CCC": [ - "CCC.CntrReg.CN01.AR01" - ], - "PCI-4.0": [ - "11.3.1.2.1", - "11.3.1.3.3", - "11.3.1.3" - ], - "NIS2": [ - "2.2.1", - "3.1.2.d", - "3.6.2", - "5.1.4.f", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760899347, - "created_time_dt": "2025-10-19T18:42:27.982879", - "desc": "Scan images being deployed to Azure (AKS) for vulnerabilities. Vulnerability scanning for images stored in Azure Container Registry is generally available in Azure Security Center. This capability is powered by Qualys, a leading provider of information security. When you push an image to Container Registry, Security Center automatically scans it, then checks for known vulnerabilities in packages or dependencies defined in the file. When the scan completes (after about 10 minutes), Security Center provides details and a security classification for each vulnerability detected, along with guidance on how to remediate issues and protect vulnerable attack surfaces.", - "title": "Ensure Image Vulnerability Scanning using Azure Defender image scanning or a third party provider", - "types": [], - "uid": "prowler-azure-defender_container_images_scan_enabled-3bb71587-4549-4396-8898-9e15f062e665-global-Containers" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/Containers", - "resource_name": "Containers", - "pricing_tier": "Free", - "free_trial_remaining_time": 2592000.0, - "extensions": {} - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "Containers", - "type": "Microsoft.Security", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/Containers" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "", - "references": [ - "https://learn.microsoft.com/en-us/azure/container-registry/scan-images-defender" - ] - }, - "risk_details": "Vulnerabilities in software packages can be exploited by hackers or malicious users to obtain unauthorized access to local cloud resources. Azure Defender and other third party products allow images to be scanned for known vulnerabilities.", - "time": 1760899347, - "time_dt": "2025-10-19T18:42:27.982879", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Defender plan Defender for App Services from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "metadata": { - "event_code": "defender_ensure_defender_for_app_services_is_on", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Defender plan Defender for App Services from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.s.4.r1.az.nt.3" - ], - "MITRE-ATTACK": [ - "T1190", - "T1059", - "T1204", - "T1552", - "T1486", - "T1499", - "T1496", - "T1087" - ], - "ISO27001-2022": [ - "A.5.19", - "A.5.21", - "A.5.25", - "A.5.28", - "A.5.29", - "A.8.7", - "A.8.9" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CIS-2.1": [ - "2.1.2" - ], - "CIS-3.0": [ - "3.1.6.1" - ], - "CIS-4.0": [ - "9.1.6.1" - ], - "NIS2": [ - "3.6.2", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760899347, - "created_time_dt": "2025-10-19T18:42:27.982879", - "desc": "Ensure That Microsoft Defender for App Services Is Set To 'On' ", - "title": "Ensure That Microsoft Defender for App Services Is Set To 'On' ", - "types": [], - "uid": "prowler-azure-defender_ensure_defender_for_app_services_is_on-3bb71587-4549-4396-8898-9e15f062e665-global-Defender plan App Services" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/AppServices", - "resource_name": "AppServices", - "pricing_tier": "Free", - "free_trial_remaining_time": 2592000.0, - "extensions": {} - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "Defender plan App Services", - "type": "AzureDefenderPlan", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/AppServices" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "By default, Microsoft Defender for Cloud is not enabled for your App Service instances. Enabling the Defender security service for App Service instances allows for advanced security defense using threat detection capabilities provided by Microsoft Security Response Center.", - "references": [] - }, - "risk_details": "Turning on Microsoft Defender for App Service enables threat detection for App Service, providing threat intelligence, anomaly detection, and behavior analytics in the Microsoft Defender for Cloud.", - "time": 1760899347, - "time_dt": "2025-10-19T18:42:27.982879", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Defender plan Defender for ARM from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "metadata": { - "event_code": "defender_ensure_defender_for_arm_is_on", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Defender plan Defender for ARM from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.s.4.r1.az.nt.3" - ], - "MITRE-ATTACK": [ - "T1190", - "T1562", - "T1486", - "T1499", - "T1087", - "T1580", - "T1538", - "T1526", - "T1069" - ], - "CIS-2.0": [ - "2.1.12" - ], - "ISO27001-2022": [ - "A.5.19", - "A.5.21", - "A.5.25", - "A.5.28", - "A.5.29", - "A.8.7", - "A.8.9" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CIS-2.1": [ - "2.1.11" - ], - "CIS-3.0": [ - "3.1.9.1" - ], - "CIS-4.0": [ - "9.1.9.1" - ], - "NIS2": [ - "3.6.2", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760899347, - "created_time_dt": "2025-10-19T18:42:27.982879", - "desc": "Ensure That Microsoft Defender for Azure Resource Manager Is Set To 'On' ", - "title": "Ensure That Microsoft Defender for Azure Resource Manager Is Set To 'On' ", - "types": [], - "uid": "prowler-azure-defender_ensure_defender_for_arm_is_on-3bb71587-4549-4396-8898-9e15f062e665-global-Defender plan ARM" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/Arm", - "resource_name": "Arm", - "pricing_tier": "Free", - "free_trial_remaining_time": 2592000.0, - "extensions": {} - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "Defender plan ARM", - "type": "AzureDefenderPlan", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/Arm" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "Enable Microsoft Defender for Azure Resource Manager", - "references": [] - }, - "risk_details": "Scanning resource requests lets you be alerted every time there is suspicious activity in order to prevent a security threat from being introduced.", - "time": 1760899347, - "time_dt": "2025-10-19T18:42:27.982879", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Defender plan Defender for Azure SQL DB Servers from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "metadata": { - "event_code": "defender_ensure_defender_for_azure_sql_databases_is_on", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Defender plan Defender for Azure SQL DB Servers from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.s.4.r1.az.nt.4" - ], - "MITRE-ATTACK": [ - "T1190", - "T1486", - "T1499" - ], - "CIS-2.0": [ - "2.1.4" - ], - "ISO27001-2022": [ - "A.5.19", - "A.5.21", - "A.5.25", - "A.5.28", - "A.5.29", - "A.8.7", - "A.8.9" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CIS-2.1": [ - "2.1.3" - ], - "CIS-3.0": [ - "3.1.7.3" - ], - "CIS-4.0": [ - "9.1.7.3" - ], - "NIS2": [ - "3.6.2", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760899347, - "created_time_dt": "2025-10-19T18:42:27.982879", - "desc": "Ensure That Microsoft Defender for Azure SQL Databases Is Set To 'On' ", - "title": "Ensure That Microsoft Defender for Azure SQL Databases Is Set To 'On' ", - "types": [], - "uid": "prowler-azure-defender_ensure_defender_for_azure_sql_databases_is_on-3bb71587-4549-4396-8898-9e15f062e665-global-SqlServers" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/SqlServers", - "resource_name": "SqlServers", - "pricing_tier": "Free", - "free_trial_remaining_time": 2592000.0, - "extensions": {} - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "SqlServers", - "type": "AzureDefenderPlan", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/SqlServers" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "By default, Microsoft Defender for Cloud is disabled for all your SQL database servers. Defender for Cloud monitors your SQL database servers for threats such as SQL injection, brute-force attacks, and privilege abuse. The security service provides action-oriented security alerts with details of the suspicious activity and guidance on how to mitigate the security threats.", - "references": [] - }, - "risk_details": "Turning on Microsoft Defender for Azure SQL Databases enables threat detection for Azure SQL database servers, providing threat intelligence, anomaly detection, and behavior analytics in the Microsoft Defender for Cloud.", - "time": 1760899347, - "time_dt": "2025-10-19T18:42:27.982879", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Defender plan Defender for Containers from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "metadata": { - "event_code": "defender_ensure_defender_for_containers_is_on", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Defender plan Defender for Containers from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.s.4.r1.az.nt.3" - ], - "MITRE-ATTACK": [ - "T1190", - "T1525", - "T1486", - "T1499" - ], - "CIS-2.0": [ - "2.1.8" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.19", - "A.5.21", - "A.5.22", - "A.5.25", - "A.5.28", - "A.5.29", - "A.8.7", - "A.8.9" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CIS-2.1": [ - "2.1.8" - ], - "CIS-3.0": [ - "3.1.4.1" - ], - "CIS-4.0": [ - "9.1.4.1" - ], - "NIS2": [ - "3.6.2", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760899347, - "created_time_dt": "2025-10-19T18:42:27.982879", - "desc": "Ensure That Microsoft Defender for Containers Is Set To 'On' ", - "title": "Ensure That Microsoft Defender for Containers Is Set To 'On' ", - "types": [], - "uid": "prowler-azure-defender_ensure_defender_for_containers_is_on-3bb71587-4549-4396-8898-9e15f062e665-global-Containers" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/Containers", - "resource_name": "Containers", - "pricing_tier": "Free", - "free_trial_remaining_time": 2592000.0, - "extensions": {} - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "Containers", - "type": "AzureDefenderPlan", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/Containers" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "By default, Microsoft Defender for Cloud is not enabled for your Azure cloud containers. Enabling the Defender security service for Azure containers allows for advanced security defense against threats, using threat detection capabilities provided by the Microsoft Security Response Center (MSRC).", - "references": [] - }, - "risk_details": "Ensure that Microsoft Defender for Cloud is enabled for all your Azure containers. Turning on the Defender for Cloud service enables threat detection for containers, providing threat intelligence, anomaly detection, and behavior analytics.", - "time": 1760899347, - "time_dt": "2025-10-19T18:42:27.982879", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Defender plan Defender for Cosmos DB from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "metadata": { - "event_code": "defender_ensure_defender_for_cosmosdb_is_on", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Defender plan Defender for Cosmos DB from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.s.4.r1.az.nt.4" - ], - "MITRE-ATTACK": [ - "T1190", - "T1486", - "T1499" - ], - "CIS-2.0": [ - "2.1.9" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.19", - "A.5.21", - "A.5.22", - "A.5.25", - "A.5.28", - "A.5.29", - "A.8.7", - "A.8.9" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CIS-2.1": [ - "2.1.6" - ], - "CIS-3.0": [ - "3.1.7.1" - ], - "CIS-4.0": [ - "9.1.7.1" - ], - "NIS2": [ - "3.6.2", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760899347, - "created_time_dt": "2025-10-19T18:42:27.982879", - "desc": "Ensure That Microsoft Defender for Cosmos DB Is Set To 'On' ", - "title": "Ensure That Microsoft Defender for Cosmos DB Is Set To 'On' ", - "types": [], - "uid": "prowler-azure-defender_ensure_defender_for_cosmosdb_is_on-3bb71587-4549-4396-8898-9e15f062e665-global-Defender plan Cosmos DB" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/CosmosDbs", - "resource_name": "CosmosDbs", - "pricing_tier": "Free", - "free_trial_remaining_time": 2592000.0, - "extensions": {} - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "Defender plan Cosmos DB", - "type": "AzureDefenderPlan", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/CosmosDbs" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "By default, Microsoft Defender for Cloud is not enabled for your App Service instances. Enabling the Defender security service for App Service instances allows for advanced security defense using threat detection capabilities provided by Microsoft Security Response Center.", - "references": [ - "Enable Microsoft Defender for Cosmos DB" - ] - }, - "risk_details": "In scanning Cosmos DB requests within a subscription, requests are compared to a heuristic list of potential security threats. These threats could be a result of a security breach within your services, thus scanning for them could prevent a potential security threat from being introduced.", - "time": 1760899347, - "time_dt": "2025-10-19T18:42:27.982879", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Defender plan Defender for Databases from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "metadata": { - "event_code": "defender_ensure_defender_for_databases_is_on", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Defender plan Defender for Databases from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.s.4.r1.az.nt.4" - ], - "MITRE-ATTACK": [ - "T1190", - "T1486", - "T1499" - ], - "CIS-2.0": [ - "2.1.3" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.19", - "A.5.21", - "A.5.22", - "A.5.25", - "A.5.28", - "A.5.29", - "A.8.7", - "A.8.9" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "NIS2": [ - "3.6.2", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760899347, - "created_time_dt": "2025-10-19T18:42:27.982879", - "desc": "Ensure That Microsoft Defender for Databases Is Set To 'On' ", - "title": "Ensure That Microsoft Defender for Databases Is Set To 'On' ", - "types": [], - "uid": "prowler-azure-defender_ensure_defender_for_databases_is_on-3bb71587-4549-4396-8898-9e15f062e665-global-SqlServers" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/SqlServers", - "resource_name": "SqlServers", - "pricing_tier": "Free", - "free_trial_remaining_time": 2592000.0, - "extensions": {} - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "SqlServers", - "type": "AzureDefenderPlan", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/SqlServers" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "Enable Microsoft Defender for Azure SQL Databases", - "references": [] - }, - "risk_details": "Enabling Microsoft Defender for Azure SQL Databases allows your organization more granular control of the infrastructure running your database software", - "time": 1760899347, - "time_dt": "2025-10-19T18:42:27.982879", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Defender plan Defender for DNS from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "metadata": { - "event_code": "defender_ensure_defender_for_dns_is_on", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Defender plan Defender for DNS from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.s.4.r1.az.nt.3" - ], - "MITRE-ATTACK": [ - "T1190", - "T1486", - "T1499" - ], - "CIS-2.0": [ - "2.1.11" - ], - "ProwlerThreatScore-1.0": [ - "3.3.21" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.19", - "A.5.21", - "A.5.22", - "A.5.25", - "A.5.28", - "A.5.29", - "A.8.7", - "A.8.9" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CIS-2.1": [ - "2.1.10" - ], - "CIS-3.0": [ - "3.1.16" - ], - "CIS-4.0": [ - "9.1.17" - ], - "NIS2": [ - "3.6.2", - "6.7.2.i", - "6.7.2.l", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760899347, - "created_time_dt": "2025-10-19T18:42:27.982879", - "desc": "Ensure That Microsoft Defender for DNS Is Set To 'On' ", - "title": "Ensure That Microsoft Defender for DNS Is Set To 'On' ", - "types": [], - "uid": "prowler-azure-defender_ensure_defender_for_dns_is_on-3bb71587-4549-4396-8898-9e15f062e665-global-Defender plan DNS" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/Dns", - "resource_name": "Dns", - "pricing_tier": "Free", - "free_trial_remaining_time": 2592000.0, - "extensions": {} - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "Defender plan DNS", - "type": "AzureDefenderPlan", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/Dns" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "By default, Microsoft Defender for Cloud is not enabled for your App Service instances. Enabling the Defender security service for App Service instances allows for advanced security defense using threat detection capabilities provided by Microsoft Security Response Center.", - "references": [] - }, - "risk_details": "DNS lookups within a subscription are scanned and compared to a dynamic list of websites that might be potential security threats. These threats could be a result of a security breach within your services, thus scanning for them could prevent a potential security threat from being introduced.", - "time": 1760899347, - "time_dt": "2025-10-19T18:42:27.982879", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Defender plan Defender for KeyVaults from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "metadata": { - "event_code": "defender_ensure_defender_for_keyvault_is_on", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Defender plan Defender for KeyVaults from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r1.az.eid.3" - ], - "MITRE-ATTACK": [ - "T1190", - "T1486", - "T1499", - "T1580" - ], - "CIS-2.0": [ - "2.1.10" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.19", - "A.5.21", - "A.5.22", - "A.5.25", - "A.5.28", - "A.5.29", - "A.8.7", - "A.8.9" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CIS-2.1": [ - "2.1.9" - ], - "CIS-3.0": [ - "3.1.8.1" - ], - "PCI-4.0": [ - "3.5.1.31", - "3.5.1.32", - "8.3.2.50", - "8.3.2.51" - ], - "CIS-4.0": [ - "9.1.8.1" - ], - "NIS2": [ - "3.6.2", - "6.9.2", - "9.2.c", - "9.2.c.iv" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760899347, - "created_time_dt": "2025-10-19T18:42:27.982879", - "desc": "Ensure That Microsoft Defender for KeyVault Is Set To 'On' ", - "title": "Ensure That Microsoft Defender for KeyVault Is Set To 'On' ", - "types": [], - "uid": "prowler-azure-defender_ensure_defender_for_keyvault_is_on-3bb71587-4549-4396-8898-9e15f062e665-global-Defender plan KeyVaults" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/KeyVaults", - "resource_name": "KeyVaults", - "pricing_tier": "Free", - "free_trial_remaining_time": 2592000.0, - "extensions": {} - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "Defender plan KeyVaults", - "type": "AzureDefenderPlan", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/KeyVaults" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "Ensure that Microsoft Defender for Cloud is enabled for Azure key vaults. Key Vault is the Azure cloud service that safeguards encryption keys and secrets like certificates, connection-based strings, and passwords.", - "references": [] - }, - "risk_details": "By default, Microsoft Defender for Cloud is disabled for Azure key vaults. Defender for Cloud detects unusual and potentially harmful attempts to access or exploit your Azure Key Vault data. This layer of protection allows you to address threats without being a security expert, and without the need to use and manage third-party security monitoring tools or services.", - "time": 1760899347, - "time_dt": "2025-10-19T18:42:27.982879", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Defender plan Defender for Open-Source Relational Databases from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "metadata": { - "event_code": "defender_ensure_defender_for_os_relational_databases_is_on", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Defender plan Defender for Open-Source Relational Databases from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.s.4.r1.az.nt.4" - ], - "MITRE-ATTACK": [ - "T1190", - "T1486", - "T1499" - ], - "CIS-2.0": [ - "2.1.6" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.19", - "A.5.21", - "A.5.22", - "A.5.25", - "A.5.28", - "A.5.29", - "A.8.7", - "A.8.9" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CIS-2.1": [ - "2.1.5" - ], - "CIS-3.0": [ - "3.1.7.2" - ], - "CIS-4.0": [ - "9.1.7.2" - ], - "NIS2": [ - "3.6.2", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760899347, - "created_time_dt": "2025-10-19T18:42:27.982879", - "desc": "Ensure That Microsoft Defender for Open-Source Relational Databases Is Set To 'On' ", - "title": "Ensure That Microsoft Defender for Open-Source Relational Databases Is Set To 'On' ", - "types": [], - "uid": "prowler-azure-defender_ensure_defender_for_os_relational_databases_is_on-3bb71587-4549-4396-8898-9e15f062e665-global-Defender plan Open-Source Relational Databases" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/OpenSourceRelationalDatabases", - "resource_name": "OpenSourceRelationalDatabases", - "pricing_tier": "Free", - "free_trial_remaining_time": 2592000.0, - "extensions": {} - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "Defender plan Open-Source Relational Databases", - "type": "AzureDefenderPlan", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/OpenSourceRelationalDatabases" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "Enabling Microsoft Defender for Open-source relational databases allows for greater defense-in-depth, with threat detection provided by the Microsoft Security Response Center (MSRC).", - "references": [] - }, - "risk_details": "Turning on Microsoft Defender for Open-source relational databases enables threat detection for Open-source relational databases, providing threat intelligence, anomaly detection, and behavior analytics in the Microsoft Defender for Cloud.", - "time": 1760899347, - "time_dt": "2025-10-19T18:42:27.982879", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Defender plan Defender for Servers from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "metadata": { - "event_code": "defender_ensure_defender_for_server_is_on", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Defender plan Defender for Servers from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.mon.3.r1.az.ev.1", - "mp.s.4.r1.az.nt.3" - ], - "MITRE-ATTACK": [ - "T1190", - "T1486", - "T1499" - ], - "CIS-2.0": [ - "2.1.1", - "2.1.2" - ], - "ProwlerThreatScore-1.0": [ - "1.1.4" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.19", - "A.5.21", - "A.5.22", - "A.5.25", - "A.5.28", - "A.5.29", - "A.8.7", - "A.8.9" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CIS-2.1": [ - "2.1.1" - ], - "CIS-3.0": [ - "2.2.8", - "3.1.3.1" - ], - "CIS-4.0": [ - "6.2.7", - "9.1.3.1" - ], - "NIS2": [ - "3.6.2", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760899347, - "created_time_dt": "2025-10-19T18:42:27.982879", - "desc": "Ensure That Microsoft Defender for Servers Is Set to 'On'", - "title": "Ensure That Microsoft Defender for Servers Is Set to 'On'", - "types": [], - "uid": "prowler-azure-defender_ensure_defender_for_server_is_on-3bb71587-4549-4396-8898-9e15f062e665-global-Defender plan Servers" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/VirtualMachines", - "resource_name": "VirtualMachines", - "pricing_tier": "Free", - "free_trial_remaining_time": 2592000.0, - "extensions": {} - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "Defender plan Servers", - "type": "AzureDefenderPlan", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/VirtualMachines" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "Enabling Microsoft Defender for Cloud standard pricing tier allows for better security assessment with threat detection provided by the Microsoft Security Response Center (MSRC), advanced security policies, adaptive application control, network threat detection, and regulatory compliance management.", - "references": [] - }, - "risk_details": "Turning on Microsoft Defender for Servers enables threat detection for Servers, providing threat intelligence, anomaly detection, and behavior analytics in the Microsoft Defender for Cloud.", - "time": 1760899347, - "time_dt": "2025-10-19T18:42:27.982879", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Defender plan Defender for SQL Server VMs from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "metadata": { - "event_code": "defender_ensure_defender_for_sql_servers_is_on", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Defender plan Defender for SQL Server VMs from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.s.4.r1.az.nt.4" - ], - "MITRE-ATTACK": [ - "T1190", - "T1486", - "T1499" - ], - "CIS-2.0": [ - "2.1.5" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.19", - "A.5.21", - "A.5.22", - "A.5.25", - "A.5.28", - "A.5.29", - "A.8.7", - "A.8.9" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CIS-2.1": [ - "2.1.4" - ], - "CIS-3.0": [ - "3.1.7.4" - ], - "CIS-4.0": [ - "9.1.7.4" - ], - "NIS2": [ - "3.6.2", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760899347, - "created_time_dt": "2025-10-19T18:42:27.982879", - "desc": "Ensure That Microsoft Defender for SQL Servers on Machines Is Set To 'On' ", - "title": "Ensure That Microsoft Defender for SQL Servers on Machines Is Set To 'On' ", - "types": [], - "uid": "prowler-azure-defender_ensure_defender_for_sql_servers_is_on-3bb71587-4549-4396-8898-9e15f062e665-global-Defender plan SQL Server VMs" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/SqlServerVirtualMachines", - "resource_name": "SqlServerVirtualMachines", - "pricing_tier": "Free", - "free_trial_remaining_time": 2592000.0, - "extensions": {} - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "Defender plan SQL Server VMs", - "type": "AzureDefenderPlan", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/SqlServerVirtualMachines" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "By default, Microsoft Defender for Cloud is disabled for the Microsoft SQL servers running on virtual machines. Defender for Cloud for SQL Server virtual machines continuously monitors your SQL database servers for threats such as SQL injection, brute-force attacks, and privilege abuse. The security service provides security alerts together with details of the suspicious activity and guidance on how to mitigate to the security threats.", - "references": [] - }, - "risk_details": "Turning on Microsoft Defender for SQL servers on machines enables threat detection for SQL servers on machines, providing threat intelligence, anomaly detection, and behavior analytics in the Microsoft Defender for Cloud.", - "time": 1760899347, - "time_dt": "2025-10-19T18:42:27.982879", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Defender plan Defender for Storage Accounts from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "metadata": { - "event_code": "defender_ensure_defender_for_storage_is_on", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Defender plan Defender for Storage Accounts from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.s.4.r1.az.nt.5" - ], - "MITRE-ATTACK": [ - "T1190", - "T1537", - "T1530", - "T1485", - "T1486", - "T1499" - ], - "CIS-2.0": [ - "2.1.7" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.19", - "A.5.21", - "A.5.22", - "A.5.25", - "A.5.28", - "A.5.29", - "A.8.7", - "A.8.9" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CIS-2.1": [ - "2.1.7" - ], - "CIS-3.0": [ - "3.1.5.1" - ], - "CIS-4.0": [ - "9.1.5.1" - ], - "NIS2": [ - "3.6.2", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760899347, - "created_time_dt": "2025-10-19T18:42:27.982879", - "desc": "Ensure That Microsoft Defender for Storage Is Set To 'On' ", - "title": "Ensure That Microsoft Defender for Storage Is Set To 'On' ", - "types": [], - "uid": "prowler-azure-defender_ensure_defender_for_storage_is_on-3bb71587-4549-4396-8898-9e15f062e665-global-Defender plan Storage Accounts" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/StorageAccounts", - "resource_name": "StorageAccounts", - "pricing_tier": "Free", - "free_trial_remaining_time": 2592000.0, - "extensions": {} - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "Defender plan Storage Accounts", - "type": "AzureDefenderPlan", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/StorageAccounts" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "By default, Microsoft Defender for Cloud is disabled for your storage accounts. Enabling the Defender security service for Azure storage accounts allows for advanced security defense using threat detection capabilities provided by the Microsoft Security Response Center (MSRC). MSRC investigates all reports of security vulnerabilities affecting Microsoft products and services, including Azure cloud services.", - "references": [] - }, - "risk_details": "Ensure that Microsoft Defender for Cloud is enabled for your Microsoft Azure storage accounts. Defender for storage accounts is an Azure-native layer of security intelligence that detects unusual and potentially harmful attempts to access or exploit your Azure cloud storage accounts.", - "time": 1760899347, - "time_dt": "2025-10-19T18:42:27.982879", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No IoT Security Solutions found in the subscription Azure subscription 1.", - "metadata": { - "event_code": "defender_ensure_iot_hub_defender_is_on", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "No IoT Security Solutions found in the subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://azure.microsoft.com/en-us/services/iot-defender/#overview", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Enabling Microsoft Defender for IoT will incur additional charges dependent on the level of usage.", - "compliance": { - "ENS-RD2022": [ - "mp.s.4.r1.az.nt.3" - ], - "MITRE-ATTACK": [ - "T1190", - "T1486", - "T1499" - ], - "CIS-2.0": [ - "2.2.1" - ], - "ISO27001-2022": [ - "A.5.19", - "A.5.21", - "A.5.25", - "A.5.28", - "A.5.29", - "A.8.7", - "A.8.9" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CIS-2.1": [ - "2.2.1" - ], - "CIS-3.0": [ - "3.2.1" - ], - "CIS-4.0": [ - "9.2.1" - ], - "NIS2": [ - "3.6.2", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760899347, - "created_time_dt": "2025-10-19T18:42:27.982879", - "desc": "Microsoft Defender for IoT acts as a central security hub for IoT devices within your organization.", - "title": "Ensure That Microsoft Defender for IoT Hub Is Set To 'On'", - "types": [], - "uid": "prowler-azure-defender_ensure_iot_hub_defender_is_on-3bb71587-4549-4396-8898-9e15f062e665-global-IoT Hub Defender" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "IoT Hub Defender", - "type": "DefenderIoT", - "uid": "IoT Hub Defender" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. Go to IoT Hub. 2. Select a IoT Hub to validate. 3. Select Overview in Defender for IoT. 4. Click on Secure your IoT solution, and complete the onboarding.", - "references": [ - "https://learn.microsoft.com/en-us/azure/defender-for-iot/device-builders/quickstart-onboard-iot-hub" - ] - }, - "risk_details": "IoT devices are very rarely patched and can be potential attack vectors for enterprise networks. Updating their network configuration to use a central security hub allows for detection of these breaches.", - "time": 1760899347, - "time_dt": "2025-10-19T18:42:27.982879", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Microsoft Defender for Cloud Apps is enabled for subscription Azure subscription 1.", - "metadata": { - "event_code": "defender_ensure_mcas_is_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Microsoft Defender for Cloud Apps is enabled for subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-in/azure/defender-for-cloud/defender-for-cloud-introduction#secure-cloud-applications", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Microsoft Defender for Cloud Apps works with Standard pricing tier Subscription. Choosing the Standard pricing tier of Microsoft Defender for Cloud incurs an additional cost per resource.", - "compliance": { - "ENS-RD2022": [ - "mp.s.4.r1.az.nt.3" - ], - "MITRE-ATTACK": [ - "T1190", - "T1486" - ], - "CIS-2.0": [ - "2.1.21" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.22" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CIS-2.1": [ - "2.1.20" - ], - "CIS-3.0": [ - "3.1.1.2" - ], - "PCI-4.0": [ - "11.5.1.1.2", - "11.5.1.2" - ], - "NIS2": [ - "3.6.2", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760899347, - "created_time_dt": "2025-10-19T18:42:27.982879", - "desc": "This integration setting enables Microsoft Defender for Cloud Apps (formerly 'Microsoft Cloud App Security' or 'MCAS' - see additional info) to communicate with Microsoft Defender for Cloud.", - "title": "Ensure that Microsoft Defender for Cloud Apps integration with Microsoft Defender for Cloud is Selected", - "types": [], - "uid": "prowler-azure-defender_ensure_mcas_is_enabled-3bb71587-4549-4396-8898-9e15f062e665-global-MCAS" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/settings/MCAS", - "resource_type": "Microsoft.Security/settings", - "kind": "DataExportSettings", - "enabled": true - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "MCAS", - "type": "DefenderSettings", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/settings/MCAS" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. From Azure Home select the Portal Menu. 2. Select Microsoft Defender for Cloud. 3. Select Environment Settings blade. 4. Select the subscription. 5. Check App Service Defender Plan to On. 6. Select Save.", - "references": [ - "https://docs.microsoft.com/en-us/rest/api/securitycenter/settings/list" - ] - }, - "risk_details": "Microsoft Defender for Cloud offers an additional layer of protection by using Azure Resource Manager events, which is considered to be the control plane for Azure. By analyzing the Azure Resource Manager records, Microsoft Defender for Cloud detects unusual or potentially harmful operations in the Azure subscription environment. Several of the preceding analytics are powered by Microsoft Defender for Cloud Apps. To benefit from these analytics, subscription must have a Cloud App Security license. Microsoft Defender for Cloud Apps works only with Standard Tier subscriptions.", - "time": 1760899347, - "time_dt": "2025-10-19T18:42:27.982879", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Microsoft Defender for Endpoint integration is enabled for subscription Azure subscription 1.", - "metadata": { - "event_code": "defender_ensure_wdatp_is_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Microsoft Defender for Endpoint integration is enabled for subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-in/azure/defender-for-cloud/integration-defender-for-endpoint?tabs=windows", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Microsoft Defender for Endpoint works with Standard pricing tier Subscription. Choosing the Standard pricing tier of Microsoft Defender for Cloud incurs an additional cost per resource.", - "compliance": { - "ENS-RD2022": [ - "op.mon.3.r3.az.de.2" - ], - "MITRE-ATTACK": [ - "T1190" - ], - "CIS-2.0": [ - "2.1.22" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CIS-2.1": [ - "2.1.21" - ], - "NIS2": [ - "3.6.2", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760899347, - "created_time_dt": "2025-10-19T18:42:27.982879", - "desc": "This integration setting enables Microsoft Defender for Endpoint (formerly 'Advanced Threat Protection' or 'ATP' or 'WDATP' - see additional info) to communicate with Microsoft Defender for Cloud.", - "title": "Ensure that Microsoft Defender for Endpoint integration with Microsoft Defender for Cloud is selected", - "types": [], - "uid": "prowler-azure-defender_ensure_wdatp_is_enabled-3bb71587-4549-4396-8898-9e15f062e665-global-WDATP" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/settings/WDATP", - "resource_type": "Microsoft.Security/settings", - "kind": "DataExportSettings", - "enabled": true - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "WDATP", - "type": "DefenderSettings", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/settings/WDATP" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "", - "references": [ - "https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/azure-server-integration?view=o365-worldwide" - ] - }, - "risk_details": "Microsoft Defender for Endpoint integration brings comprehensive Endpoint Detection and Response (EDR) capabilities within Microsoft Defender for Cloud. This integration helps to spot abnormalities, as well as detect and respond to advanced attacks on endpoints monitored by Microsoft Defender for Cloud. MDE works only with Standard Tier subscriptions.", - "time": 1760899347, - "time_dt": "2025-10-19T18:42:27.982879", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Role assignment 1b4a98ae-5221-4850-a761-4f9176407028 in subscription Azure subscription 1 does not grant User Access Administrator role.", - "metadata": { - "event_code": "iam_role_user_access_admin_restricted", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Role assignment 1b4a98ae-5221-4850-a761-4f9176407028 in subscription Azure subscription 1 does not grant User Access Administrator role.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/privileged#user-access-administrator", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.LB.CN04.AR01", - "CCC.LB.CN05.AR01", - "CCC.LB.CN09.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.MLDE.CN03.AR01", - "CCC.MLDE.CN03.AR02", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ], - "CIS-4.0": [ - "6.3.3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760899347, - "created_time_dt": "2025-10-19T18:42:27.982879", - "desc": "Checks for active assignments of the highly privileged 'User Access Administrator' role in Azure subscriptions.", - "title": "Ensure 'User Access Administrator' role is restricted", - "types": [], - "uid": "prowler-azure-iam_role_user_access_admin_restricted-3bb71587-4549-4396-8898-9e15f062e665-global-1b4a98ae-5221-4850-a761-4f9176407028" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Authorization/roleAssignments/1b4a98ae-5221-4850-a761-4f9176407028", - "name": "1b4a98ae-5221-4850-a761-4f9176407028", - "scope": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665", - "agent_id": "88c2c157-980b-416e-b77e-ec04f7f1b984", - "agent_type": "User", - "role_id": "8e3af657-a8ff-443c-a75c-2fe8c4bcb635" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "1b4a98ae-5221-4850-a761-4f9176407028", - "type": "AzureIAMRoleassignment", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Authorization/roleAssignments/1b4a98ae-5221-4850-a761-4f9176407028" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "Remove 'User Access Administrator' role assignments immediately after use to minimize security risks.", - "references": [ - "https://learn.microsoft.com/en-us/azure/role-based-access-control/elevate-access-global-admin?tabs=azure-portal%2Centra-audit-logs" - ] - }, - "risk_details": "Persistent assignment of this role can lead to privilege escalation and unauthorized access, increasing the risk of security breaches.", - "time": 1760899347, - "time_dt": "2025-10-19T18:42:27.982879", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Role assignment 083c1758-89d9-4b12-8005-48e7e359dc4f in subscription Azure subscription 1 does not grant User Access Administrator role.", - "metadata": { - "event_code": "iam_role_user_access_admin_restricted", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Role assignment 083c1758-89d9-4b12-8005-48e7e359dc4f in subscription Azure subscription 1 does not grant User Access Administrator role.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/privileged#user-access-administrator", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.LB.CN04.AR01", - "CCC.LB.CN05.AR01", - "CCC.LB.CN09.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.MLDE.CN03.AR01", - "CCC.MLDE.CN03.AR02", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ], - "CIS-4.0": [ - "6.3.3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760899347, - "created_time_dt": "2025-10-19T18:42:27.982879", - "desc": "Checks for active assignments of the highly privileged 'User Access Administrator' role in Azure subscriptions.", - "title": "Ensure 'User Access Administrator' role is restricted", - "types": [], - "uid": "prowler-azure-iam_role_user_access_admin_restricted-3bb71587-4549-4396-8898-9e15f062e665-global-083c1758-89d9-4b12-8005-48e7e359dc4f" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Authorization/roleAssignments/083c1758-89d9-4b12-8005-48e7e359dc4f", - "name": "083c1758-89d9-4b12-8005-48e7e359dc4f", - "scope": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665", - "agent_id": "88c2c157-980b-416e-b77e-ec04f7f1b984", - "agent_type": "User", - "role_id": "8e3af657-a8ff-443c-a75c-2fe8c4bcb635" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "083c1758-89d9-4b12-8005-48e7e359dc4f", - "type": "AzureIAMRoleassignment", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Authorization/roleAssignments/083c1758-89d9-4b12-8005-48e7e359dc4f" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "Remove 'User Access Administrator' role assignments immediately after use to minimize security risks.", - "references": [ - "https://learn.microsoft.com/en-us/azure/role-based-access-control/elevate-access-global-admin?tabs=azure-portal%2Centra-audit-logs" - ] - }, - "risk_details": "Persistent assignment of this role can lead to privilege escalation and unauthorized access, increasing the risk of security breaches.", - "time": 1760899347, - "time_dt": "2025-10-19T18:42:27.982879", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Role assignment 2c61de5e-5cbb-42b9-9f2a-9dd930efe3fb in subscription Azure subscription 1 does not grant User Access Administrator role.", - "metadata": { - "event_code": "iam_role_user_access_admin_restricted", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Role assignment 2c61de5e-5cbb-42b9-9f2a-9dd930efe3fb in subscription Azure subscription 1 does not grant User Access Administrator role.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/privileged#user-access-administrator", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.LB.CN04.AR01", - "CCC.LB.CN05.AR01", - "CCC.LB.CN09.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.MLDE.CN03.AR01", - "CCC.MLDE.CN03.AR02", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ], - "CIS-4.0": [ - "6.3.3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760899347, - "created_time_dt": "2025-10-19T18:42:27.982879", - "desc": "Checks for active assignments of the highly privileged 'User Access Administrator' role in Azure subscriptions.", - "title": "Ensure 'User Access Administrator' role is restricted", - "types": [], - "uid": "prowler-azure-iam_role_user_access_admin_restricted-3bb71587-4549-4396-8898-9e15f062e665-global-2c61de5e-5cbb-42b9-9f2a-9dd930efe3fb" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Authorization/roleAssignments/2c61de5e-5cbb-42b9-9f2a-9dd930efe3fb", - "name": "2c61de5e-5cbb-42b9-9f2a-9dd930efe3fb", - "scope": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665", - "agent_id": "88c2c157-980b-416e-b77e-ec04f7f1b984", - "agent_type": "User", - "role_id": "b24988ac-6180-42a0-ab88-20f7382dd24c" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "2c61de5e-5cbb-42b9-9f2a-9dd930efe3fb", - "type": "AzureIAMRoleassignment", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Authorization/roleAssignments/2c61de5e-5cbb-42b9-9f2a-9dd930efe3fb" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "Remove 'User Access Administrator' role assignments immediately after use to minimize security risks.", - "references": [ - "https://learn.microsoft.com/en-us/azure/role-based-access-control/elevate-access-global-admin?tabs=azure-portal%2Centra-audit-logs" - ] - }, - "risk_details": "Persistent assignment of this role can lead to privilege escalation and unauthorized access, increasing the risk of security breaches.", - "time": 1760899347, - "time_dt": "2025-10-19T18:42:27.982879", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Role assignment 154eadeb-e375-4263-b4bd-4a2a2237ecd2 in subscription Azure subscription 1 does not grant User Access Administrator role.", - "metadata": { - "event_code": "iam_role_user_access_admin_restricted", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Role assignment 154eadeb-e375-4263-b4bd-4a2a2237ecd2 in subscription Azure subscription 1 does not grant User Access Administrator role.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/privileged#user-access-administrator", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.LB.CN04.AR01", - "CCC.LB.CN05.AR01", - "CCC.LB.CN09.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.MLDE.CN03.AR01", - "CCC.MLDE.CN03.AR02", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ], - "CIS-4.0": [ - "6.3.3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760899347, - "created_time_dt": "2025-10-19T18:42:27.982879", - "desc": "Checks for active assignments of the highly privileged 'User Access Administrator' role in Azure subscriptions.", - "title": "Ensure 'User Access Administrator' role is restricted", - "types": [], - "uid": "prowler-azure-iam_role_user_access_admin_restricted-3bb71587-4549-4396-8898-9e15f062e665-global-154eadeb-e375-4263-b4bd-4a2a2237ecd2" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Authorization/roleAssignments/154eadeb-e375-4263-b4bd-4a2a2237ecd2", - "name": "154eadeb-e375-4263-b4bd-4a2a2237ecd2", - "scope": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665", - "agent_id": "80dfb9bd-1c99-4012-9de7-580a68334b45", - "agent_type": "ServicePrincipal", - "role_id": "8e3af657-a8ff-443c-a75c-2fe8c4bcb635" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "154eadeb-e375-4263-b4bd-4a2a2237ecd2", - "type": "AzureIAMRoleassignment", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Authorization/roleAssignments/154eadeb-e375-4263-b4bd-4a2a2237ecd2" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "Remove 'User Access Administrator' role assignments immediately after use to minimize security risks.", - "references": [ - "https://learn.microsoft.com/en-us/azure/role-based-access-control/elevate-access-global-admin?tabs=azure-portal%2Centra-audit-logs" - ] - }, - "risk_details": "Persistent assignment of this role can lead to privilege escalation and unauthorized access, increasing the risk of security breaches.", - "time": 1760899347, - "time_dt": "2025-10-19T18:42:27.982879", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There is not an alert for creating Policy Assignments in subscription Azure subscription 1.", - "metadata": { - "event_code": "monitor_alert_create_policy_assignment", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "There is not an alert for creating Policy Assignments in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://azure.microsoft.com/en-us/updates/classic-alerting-monitoring-retirement", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "By default, no monitoring alerts are created.", - "compliance": { - "ENS-RD2022": [ - "op.mon.2.r1.az.ma.1" - ], - "MITRE-ATTACK": [ - "T1496" - ], - "CIS-2.0": [ - "5.2.1" - ], - "ProwlerThreatScore-1.0": [ - "3.3.3" - ], - "ISO27001-2022": [ - "A.5.7", - "A.8.16" - ], - "SOC2": [ - "cc_2_1", - "cc_5_2", - "cc_7_3", - "cc_7_4", - "cc_8_1" - ], - "CIS-2.1": [ - "5.2.1" - ], - "CIS-3.0": [ - "6.2.1" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR02", - "CCC.KeyMgmt.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.LB.CN04.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN07.AR02" - ], - "CIS-4.0": [ - "7.1.2.1" - ], - "NIS2": [ - "2.2.3", - "3.2.1", - "3.2.2", - "3.2.3.b", - "3.2.3.f", - "3.2.4", - "3.4.1", - "3.5.4", - "4.3.2.c", - "6.4.1", - "7.2.b", - "11.3.1", - "11.5.2.d" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760899347, - "created_time_dt": "2025-10-19T18:42:27.982879", - "desc": "Create an activity log alert for the Create Policy Assignment event.", - "title": "Ensure that Activity Log Alert exists for Create Policy Assignment", - "types": [], - "uid": "prowler-azure-monitor_alert_create_policy_assignment-3bb71587-4549-4396-8898-9e15f062e665-global-Monitor" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "monitor" - }, - "labels": [], - "name": "Monitor", - "type": "Monitor", - "uid": "Monitor" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. Navigate to the Monitor blade. 2. Select Alerts. 3. Select Create. 4. Select Alert rule. 5. Under Filter by subscription, choose a subscription. 6. Under Filter by resource type, select Policy assignment (policyAssignments). 7. Under Filter by location, select All. 8. From the results, select the subscription. 9. Select Done. 10. Select the Condition tab. 11. Under Signal name, click Create policy assignment (Microsoft.Authorization/policyAssignments). 12. Select the Actions tab. 13. To use an existing action group, click elect action groups. To create a new action group, click Create action group. Fill out the appropriate details for the selection. 14. Select the Details tab. 15. Select a Resource group, provide an Alert rule name and an optional Alert rule description. 16. Click Review + create. 17. Click Create.", - "references": [ - "https://docs.microsoft.com/en-in/azure/azure-monitor/platform/alerts-activity-log" - ] - }, - "risk_details": "Monitoring for create policy assignment events gives insight into changes done in 'Azure policy - assignments' and can reduce the time it takes to detect unsolicited changes.", - "time": 1760899347, - "time_dt": "2025-10-19T18:42:27.982879", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There is not an alert for creating/updating Network Security Groups in subscription Azure subscription 1.", - "metadata": { - "event_code": "monitor_alert_create_update_nsg", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "There is not an alert for creating/updating Network Security Groups in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-in/azure/azure-monitor/platform/alerts-activity-log", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "By default, no monitoring alerts are created.", - "compliance": { - "ENS-RD2022": [ - "op.mon.2.r1.az.ma.1" - ], - "CIS-2.0": [ - "5.2.3" - ], - "ProwlerThreatScore-1.0": [ - "3.3.5" - ], - "ISO27001-2022": [ - "A.5.7", - "A.8.16" - ], - "SOC2": [ - "cc_2_1", - "cc_5_2", - "cc_7_3", - "cc_7_4", - "cc_8_1" - ], - "CIS-2.1": [ - "5.2.3" - ], - "CIS-3.0": [ - "6.2.3" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR02", - "CCC.KeyMgmt.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.LB.CN04.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN07.AR02" - ], - "PCI-4.0": [ - "10.2.1.1.8", - "10.4.2.2", - "10.4.3.1", - "10.6.3.8", - "10.7.1.3", - "10.7.2.3", - "11.5.2.2", - "11.6.1.2", - "12.10.5.2", - "A3.3.1.3", - "A3.5.1.3" - ], - "CIS-4.0": [ - "7.1.2.3" - ], - "NIS2": [ - "2.2.3", - "3.2.1", - "3.2.2", - "3.2.3.a", - "3.2.3.f", - "3.2.4", - "3.4.1", - "3.5.4", - "4.3.2.c", - "6.4.1", - "7.2.b", - "11.3.1", - "11.5.2.d" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760899347, - "created_time_dt": "2025-10-19T18:42:27.982879", - "desc": "Create an Activity Log Alert for the Create or Update Network Security Group event.", - "title": "Ensure that Activity Log Alert exists for Create or Update Network Security Group", - "types": [], - "uid": "prowler-azure-monitor_alert_create_update_nsg-3bb71587-4549-4396-8898-9e15f062e665-global-Monitor" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "monitor" - }, - "labels": [], - "name": "Monitor", - "type": "Monitor", - "uid": "Monitor" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. Navigate to the Monitor blade. 2. Select Alerts. 3. Select Create. 4. Select Alert rule. 5. Under Filter by subscription, choose a subscription. 6. Under Filter by resource type, select Network security groups. 7. Under Filter by location, select All. 8. From the results, select the subscription. 9. Select Done. 10. Select the Condition tab. 11. Under Signal name, click Create or Update Network Security Group (Microsoft.Network/networkSecurityGroups). 12. Select the Actions tab. 13. To use an existing action group, click Select action groups. To create a new action group, click Create action group. Fill out the appropriate details for the selection. 14. Select the Details tab. 15. Select a Resource group, provide an Alert rule name and an optional Alert rule description. 16. Click Review + create. 17. Click Create.", - "references": [ - "https://azure.microsoft.com/en-us/updates/classic-alerting-monitoring-retirement" - ] - }, - "risk_details": "Monitoring for Create or Update Network Security Group events gives insight into network access changes and may reduce the time it takes to detect suspicious activity.", - "time": 1760899347, - "time_dt": "2025-10-19T18:42:27.982879", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There is not an alert for creating/updating Public IP address rule in subscription Azure subscription 1.", - "metadata": { - "event_code": "monitor_alert_create_update_public_ip_address_rule", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "There is not an alert for creating/updating Public IP address rule in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-in/azure/azure-monitor/platform/alerts-activity-log", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "By default, no monitoring alerts are created.", - "compliance": { - "ENS-RD2022": [ - "op.mon.2.r1.az.ma.1" - ], - "MITRE-ATTACK": [ - "T1496" - ], - "CIS-2.0": [ - "5.2.9" - ], - "ProwlerThreatScore-1.0": [ - "3.3.11" - ], - "ISO27001-2022": [ - "A.5.7", - "A.8.1", - "A.8.16" - ], - "SOC2": [ - "cc_2_1", - "cc_5_2", - "cc_7_3", - "cc_7_4", - "cc_8_1" - ], - "CIS-2.1": [ - "5.2.9" - ], - "CIS-3.0": [ - "6.2.9" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR02", - "CCC.KeyMgmt.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.LB.CN04.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN07.AR02" - ], - "CIS-4.0": [ - "7.1.2.9" - ], - "NIS2": [ - "2.2.3", - "3.2.1", - "3.2.2", - "3.2.3.a", - "3.2.3.f", - "3.2.4", - "3.4.1", - "3.5.4", - "4.3.2.c", - "6.4.1", - "7.2.b", - "11.5.2.d" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760899347, - "created_time_dt": "2025-10-19T18:42:27.982879", - "desc": "Create an activity log alert for the Create or Update Public IP Addresses rule.", - "title": "Ensure that Activity Log Alert exists for Create or Update Public IP Address rule", - "types": [], - "uid": "prowler-azure-monitor_alert_create_update_public_ip_address_rule-3bb71587-4549-4396-8898-9e15f062e665-global-Monitor" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "monitor" - }, - "labels": [], - "name": "Monitor", - "type": "Monitor", - "uid": "Monitor" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. Navigate to the Monitor blade. 2. Select Alerts. 3. Select Create. 4. Select Alert rule. 5. Under Filter by subscription, choose a subscription. 6. Under Filter by resource type, select Public IP addresses. 7. Under Filter by location, select All. 8. From the results, select the subscription. 9. Select Done. 10. Select the Condition tab. 11. Under Signal name, click Create or Update Public Ip Address (Microsoft.Network/publicIPAddresses). 12. Select the Actions tab. 13. To use an existing action group, click Select action groups. To create a new action group, click Create action group. Fill out the appropriate details for the selection. 14. Select the Details tab. 15. Select a Resource group, provide an Alert rule name and an optional Alert rule description. 16. Click Review + create. 17. Click Create.", - "references": [ - "https://azure.microsoft.com/en-us/updates/classic-alerting-monitoring-retirement" - ] - }, - "risk_details": "Monitoring for Create or Update Public IP Address events gives insight into network access changes and may reduce the time it takes to detect suspicious activity.", - "time": 1760899347, - "time_dt": "2025-10-19T18:42:27.982879", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There is not an alert for creating/updating Security Solution in subscription Azure subscription 1.", - "metadata": { - "event_code": "monitor_alert_create_update_security_solution", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "There is not an alert for creating/updating Security Solution in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-in/azure/azure-monitor/platform/alerts-activity-log", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "By default, no monitoring alerts are created.", - "compliance": { - "ENS-RD2022": [ - "op.mon.2.r1.az.ma.1", - "op.mon.3.r6.az.ma.1" - ], - "MITRE-ATTACK": [ - "T1496" - ], - "CIS-2.0": [ - "5.2.5" - ], - "ProwlerThreatScore-1.0": [ - "3.3.7" - ], - "ISO27001-2022": [ - "A.5.7", - "A.5.16", - "A.5.22", - "A.8.16" - ], - "SOC2": [ - "cc_2_1", - "cc_5_2", - "cc_7_3", - "cc_7_4", - "cc_8_1" - ], - "CIS-2.1": [ - "5.2.5" - ], - "CIS-3.0": [ - "6.2.5" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR02", - "CCC.KeyMgmt.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.LB.CN04.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN07.AR02" - ], - "CIS-4.0": [ - "7.1.2.5" - ], - "NIS2": [ - "2.2.3", - "3.2.1", - "3.2.2", - "3.2.3.f", - "3.2.4", - "3.4.1", - "3.5.4", - "4.3.2.c", - "6.4.1", - "7.2.b", - "11.5.2.d" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760899347, - "created_time_dt": "2025-10-19T18:42:27.982879", - "desc": "Create an activity log alert for the Create or Update Security Solution event.", - "title": "Ensure that Activity Log Alert exists for Create or Update Security Solution", - "types": [], - "uid": "prowler-azure-monitor_alert_create_update_security_solution-3bb71587-4549-4396-8898-9e15f062e665-global-Monitor" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "monitor" - }, - "labels": [], - "name": "Monitor", - "type": "Monitor", - "uid": "Monitor" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. Navigate to the Monitor blade. 2. Select Alerts. 3. Select Create. 4. Select Alert rule. 5. Under Filter by subscription, choose a subscription. 6. Under Filter by resource type, select Security Solutions (securitySolutions). 7. Under Filter by location, select All. 8. From the results, select the subscription. 9. Select Done. 10. Select the Condition tab. 11. Under Signal name, click Create or Update Security Solutions (Microsoft.Security/securitySolutions). 12. Select the Actions tab. 13. To use an existing action group, click Select action groups. To create a new action group, click Create action group. Fill out the appropriate details for the selection. 14. Select the Details tab. 15. Select a Resource group, provide an Alert rule name and an optional Alert rule description. 16. Click Review + create. 17. Click Create.", - "references": [ - "https://azure.microsoft.com/en-us/updates/classic-alerting-monitoring-retirement" - ] - }, - "risk_details": "Monitoring for Create or Update Security Solution events gives insight into changes to the active security solutions and may reduce the time it takes to detect suspicious activity.", - "time": 1760899347, - "time_dt": "2025-10-19T18:42:27.982879", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There is not an alert for creating/updating SQL Server firewall rule in subscription Azure subscription 1.", - "metadata": { - "event_code": "monitor_alert_create_update_sqlserver_fr", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "There is not an alert for creating/updating SQL Server firewall rule in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-in/azure/azure-monitor/platform/alerts-activity-log", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "By default, no monitoring alerts are created.", - "compliance": { - "ENS-RD2022": [ - "op.mon.2.r1.az.ma.1" - ], - "MITRE-ATTACK": [ - "T1496" - ], - "CIS-2.0": [ - "5.2.7" - ], - "ProwlerThreatScore-1.0": [ - "3.3.9" - ], - "ISO27001-2022": [ - "A.5.7", - "A.8.16" - ], - "SOC2": [ - "cc_2_1", - "cc_5_2", - "cc_7_3", - "cc_7_4", - "cc_8_1" - ], - "CIS-2.1": [ - "5.2.7" - ], - "CIS-3.0": [ - "6.2.7" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR02", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN07.AR02" - ], - "PCI-4.0": [ - "10.2.1.1.9", - "10.2.1.1.10", - "10.2.1.1.22", - "10.2.1.2.8", - "10.2.1.2.19", - "10.2.1.3.8", - "10.2.1.3.19", - "10.2.1.4.8", - "10.2.1.4.19", - "10.2.1.5.8", - "10.2.1.5.19", - "10.2.1.6.8", - "10.2.1.6.19", - "10.2.1.7.8", - "10.2.1.7.19", - "10.2.1.8", - "10.2.1.19", - "10.2.2.8", - "10.2.2.19", - "10.3.1.8", - "10.3.1.19", - "10.4.1.1.2", - "10.4.1.2", - "10.4.2.3", - "10.6.3.9", - "10.6.3.10", - "10.6.3.24", - "10.7.1.4", - "10.7.2.4", - "5.3.4.9", - "5.3.4.22", - "A1.2.1.10", - "A1.2.1.23", - "A3.3.1.4", - "A3.5.1.4" - ], - "CIS-4.0": [ - "7.1.2.7" - ], - "NIS2": [ - "2.2.3", - "3.2.1", - "3.2.2", - "3.2.3.a", - "3.2.3.f", - "3.2.4", - "3.4.1", - "3.5.4", - "4.3.2.c", - "6.4.1", - "7.2.b", - "11.3.1", - "11.5.2.d" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760899347, - "created_time_dt": "2025-10-19T18:42:27.982879", - "desc": "Create an activity log alert for the Create or Update SQL Server Firewall Rule event.", - "title": "Ensure that Activity Log Alert exists for Create or Update SQL Server Firewall Rule", - "types": [], - "uid": "prowler-azure-monitor_alert_create_update_sqlserver_fr-3bb71587-4549-4396-8898-9e15f062e665-global-Monitor" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "monitor" - }, - "labels": [], - "name": "Monitor", - "type": "Monitor", - "uid": "Monitor" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. Navigate to the Monitor blade. 2. Select Alerts. 3. Select Create. 4. Select Alert rule. 5. Under Filter by subscription, choose a subscription. 6. Under Filter by resource type, select Server Firewall Rule (servers/firewallRules). 7. Under Filter by location, select All. 8. From the results, select the subscription. 9. Select Done. 10. Select the Condition tab. 11. Under Signal name, click Create/Update server firewall rule (Microsoft.Sql/servers/firewallRules). 12. Select the Actions tab. 13. To use an existing action group, click Select action groups. To create a new action group, click Create action group. Fill out the appropriate details for the selection. 14. Select the Details tab. 15. Select a Resource group, provide an Alert rule name and an optional Alert rule description. 16. Click Review + create. 17. Click Create.", - "references": [ - "https://azure.microsoft.com/en-us/updates/classic-alerting-monitoring-retirement" - ] - }, - "risk_details": "Monitoring for Create or Update SQL Server Firewall Rule events gives insight into network access changes and may reduce the time it takes to detect suspicious activity.", - "time": 1760899347, - "time_dt": "2025-10-19T18:42:27.982879", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There is not an alert for deleting Network Security Groups in subscription Azure subscription 1.", - "metadata": { - "event_code": "monitor_alert_delete_nsg", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "There is not an alert for deleting Network Security Groups in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-in/azure/azure-monitor/platform/alerts-activity-log", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "By default, no monitoring alerts are created.", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.2" - ], - "MITRE-ATTACK": [ - "T1485", - "T1496" - ], - "CIS-2.0": [ - "5.2.4" - ], - "ProwlerThreatScore-1.0": [ - "3.3.6" - ], - "ISO27001-2022": [ - "A.5.7", - "A.8.16" - ], - "SOC2": [ - "cc_2_1", - "cc_5_2", - "cc_7_3", - "cc_7_4", - "cc_8_1" - ], - "CIS-2.1": [ - "5.2.4" - ], - "CIS-3.0": [ - "6.2.4" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR02", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN07.AR02" - ], - "CIS-4.0": [ - "7.1.2.4" - ], - "NIS2": [ - "2.2.3", - "3.2.1", - "3.2.2", - "3.2.3.a", - "3.2.3.f", - "3.2.4", - "3.4.1", - "3.5.4", - "4.3.2.c", - "6.4.1", - "7.2.b", - "11.3.1", - "11.5.2.d" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760899347, - "created_time_dt": "2025-10-19T18:42:27.982879", - "desc": "Create an activity log alert for the Delete Network Security Group event.", - "title": "Ensure that Activity Log Alert exists for Delete Network Security Group", - "types": [], - "uid": "prowler-azure-monitor_alert_delete_nsg-3bb71587-4549-4396-8898-9e15f062e665-global-Monitor" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "monitor" - }, - "labels": [], - "name": "Monitor", - "type": "Monitor", - "uid": "Monitor" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. Navigate to the Monitor blade. 2. Select Alerts. 3. Select Create. 4. Select Alert rule. 5. Under Filter by subscription, choose a subscription. 6. Under Filter by resource type, select Network security groups. 7. Under Filter by location, select All. 8. From the results, select the subscription. 9. Select Done. 10. Select the Condition tab. 11. Under Signal name, click Delete Network Security Group (Microsoft.Network/networkSecurityGroups). 12. Select the Actions tab. 13. To use an existing action group, click Select action groups. To create a new action group, click Create action group. Fill out the appropriate details for the selection. 14. Select the Details tab. 15. Select a Resource group, provide an Alert rule name and an optional Alert rule description. 16. Click Review + create. 17. Click Create.", - "references": [ - "https://azure.microsoft.com/en-us/updates/classic-alerting-monitoring-retirement" - ] - }, - "risk_details": "Monitoring for 'Delete Network Security Group' events gives insight into network access changes and may reduce the time it takes to detect suspicious activity.", - "time": 1760899347, - "time_dt": "2025-10-19T18:42:27.982879", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There is not an alert for deleting policy assignment in subscription Azure subscription 1.", - "metadata": { - "event_code": "monitor_alert_delete_policy_assignment", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "There is not an alert for deleting policy assignment in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-in/rest/api/monitor/activitylogalerts/createorupdate", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "By default, no monitoring alerts are created.", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.2" - ], - "MITRE-ATTACK": [ - "T1485", - "T1496" - ], - "CIS-2.0": [ - "5.2.2" - ], - "ProwlerThreatScore-1.0": [ - "3.3.4" - ], - "ISO27001-2022": [ - "A.5.7", - "A.8.16" - ], - "SOC2": [ - "cc_2_1", - "cc_5_2", - "cc_7_3", - "cc_7_4", - "cc_8_1" - ], - "CIS-2.1": [ - "5.2.2" - ], - "CIS-3.0": [ - "6.2.2" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR02", - "CCC.Logging.CN07.AR01" - ], - "CIS-4.0": [ - "7.1.2.2" - ], - "NIS2": [ - "2.2.3", - "3.2.1", - "3.2.2", - "3.2.3.b", - "3.2.3.f", - "3.2.4", - "3.4.1", - "3.5.4", - "4.3.2.c", - "6.4.1", - "7.2.b", - "11.3.1", - "11.5.2.d" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760899347, - "created_time_dt": "2025-10-19T18:42:27.982879", - "desc": "Create an activity log alert for the Delete Policy Assignment event.", - "title": "Ensure that Activity Log Alert exists for Delete Policy Assignment", - "types": [], - "uid": "prowler-azure-monitor_alert_delete_policy_assignment-3bb71587-4549-4396-8898-9e15f062e665-global-Monitor" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "monitor" - }, - "labels": [], - "name": "Monitor", - "type": "Monitor", - "uid": "Monitor" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. Navigate to the Monitor blade. 2. Select Alerts. 3. Select Create. 4. Select Alert rule. 5. Under Filter by subscription, choose a subscription. 6. Under Filter by resource type, select Policy assignment (policyAssignments). 7. Under Filter by location, select All. 8. From the results, select the subscription. 9. Select Done. 10. Select the Condition tab. 11. Under Signal name, click Delete policy assignment (Microsoft.Authorization/policyAssignments). 12. Select the Actions tab. 13. To use an existing action group, click Select action groups. To create a new action group, click Create action group. Fill out the appropriate details for the selection. 14. Select the Details tab. 15. Select a Resource group, provide an Alert rule name and an optional Alert rule description. 16. Click Review + create. 17. Click Create.", - "references": [ - "https://docs.microsoft.com/en-in/azure/azure-monitor/platform/alerts-activity-log" - ] - }, - "risk_details": "Monitoring for delete policy assignment events gives insight into changes done in 'azure policy - assignments' and can reduce the time it takes to detect unsolicited changes.", - "time": 1760899347, - "time_dt": "2025-10-19T18:42:27.982879", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There is not an alert for deleting public IP address rule in subscription Azure subscription 1.", - "metadata": { - "event_code": "monitor_alert_delete_public_ip_address_rule", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "There is not an alert for deleting public IP address rule in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-in/azure/azure-monitor/platform/alerts-activity-log", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "By default, no monitoring alerts are created.", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.2" - ], - "MITRE-ATTACK": [ - "T1485", - "T1496" - ], - "CIS-2.0": [ - "5.2.10" - ], - "ProwlerThreatScore-1.0": [ - "3.3.12" - ], - "ISO27001-2022": [ - "A.5.7", - "A.8.1", - "A.8.16" - ], - "SOC2": [ - "cc_2_1", - "cc_5_2", - "cc_7_3", - "cc_7_4", - "cc_8_1" - ], - "CIS-2.1": [ - "5.2.10" - ], - "CIS-3.0": [ - "6.2.10" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR02", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN07.AR02" - ], - "CIS-4.0": [ - "7.1.2.10" - ], - "NIS2": [ - "2.2.3", - "3.2.1", - "3.2.2", - "3.2.3.a", - "3.2.3.f", - "3.2.4", - "3.4.1", - "3.5.4", - "4.3.2.c", - "6.4.1", - "7.2.b", - "11.5.2.d" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760899347, - "created_time_dt": "2025-10-19T18:42:27.982879", - "desc": "Create an activity log alert for the Delete Public IP Address rule.", - "title": "Ensure that Activity Log Alert exists for Delete Public IP Address rule", - "types": [], - "uid": "prowler-azure-monitor_alert_delete_public_ip_address_rule-3bb71587-4549-4396-8898-9e15f062e665-global-Monitor" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "monitor" - }, - "labels": [], - "name": "Monitor", - "type": "Monitor", - "uid": "Monitor" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. Navigate to the Monitor blade. 2. Select Alerts. 3. Select Create. 4. Select Alert rule. 5. Under Filter by subscription, choose a subscription. 6. Under Filter by resource type, select Public IP addresses. 7. Under Filter by location, select All. 8. From the results, select the subscription. 9. Select Done. 10. Select the Condition tab. 11. Under Signal name, click Delete Public Ip Address (Microsoft.Network/publicIPAddresses). 12. Select the Actions tab. 13. To use an existing action group, click Select action groups. To create a new action group, click Create action group. Fill out the appropriate details for the selection. 14. Select the Details tab. 15. Select a Resource group, provide an Alert rule name and an optional Alert rule description. 16. Click Review + create. 17. Click Create.", - "references": [ - "https://azure.microsoft.com/en-us/updates/classic-alerting-monitoring-retirement" - ] - }, - "risk_details": "Monitoring for Delete Public IP Address events gives insight into network access changes and may reduce the time it takes to detect suspicious activity.", - "time": 1760899347, - "time_dt": "2025-10-19T18:42:27.982879", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There is not an alert for deleting Security Solution in subscription Azure subscription 1.", - "metadata": { - "event_code": "monitor_alert_delete_security_solution", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "There is not an alert for deleting Security Solution in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-in/azure/azure-monitor/platform/alerts-activity-log", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "By default, no monitoring alerts are created.", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.2" - ], - "MITRE-ATTACK": [ - "T1485", - "T1496" - ], - "CIS-2.0": [ - "5.2.6" - ], - "ProwlerThreatScore-1.0": [ - "3.3.8" - ], - "ISO27001-2022": [ - "A.5.7", - "A.5.16", - "A.5.22", - "A.8.16" - ], - "SOC2": [ - "cc_2_1", - "cc_5_2", - "cc_7_3", - "cc_7_4", - "cc_8_1" - ], - "CIS-2.1": [ - "5.2.6" - ], - "CIS-3.0": [ - "6.2.6" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR02", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN07.AR02" - ], - "CIS-4.0": [ - "7.1.2.6" - ], - "NIS2": [ - "2.2.3", - "3.2.1", - "3.2.2", - "3.2.3.f", - "3.2.4", - "3.4.1", - "3.5.4", - "4.3.2.c", - "6.4.1", - "7.2.b", - "11.5.2.d" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760899347, - "created_time_dt": "2025-10-19T18:42:27.982879", - "desc": "Create an activity log alert for the Delete Security Solution event.", - "title": "Ensure that Activity Log Alert exists for Delete Security Solution", - "types": [], - "uid": "prowler-azure-monitor_alert_delete_security_solution-3bb71587-4549-4396-8898-9e15f062e665-global-Monitor" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "monitor" - }, - "labels": [], - "name": "Monitor", - "type": "Monitor", - "uid": "Monitor" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. Navigate to the Monitor blade. 2. Select Alerts. 3. Select Create. 4. Select Alert rule. 5. Under Filter by subscription, choose a subscription. 6. Under Filter by resource type, select Security Solutions (securitySolutions). 7. Under Filter by location, select All. 8. From the results, select the subscription. 9. Select Done. 10. Select the Condition tab. 11. Under Signal name, click Delete Security Solutions (Microsoft.Security/securitySolutions). 12. Select the Actions tab. 13. To use an existing action group, click Select action groups. To create a new action group, click Create action group. Fill out the appropriate details for the selection. 14. Select the Details tab. 15. Select a Resource group, provide an Alert rule name and an optional Alert rule description. 16. Click Review + create. 17. Click Create.curitySolutions). 7. Under Filter by location, select All. 8. From the results, select the subscription. 9. Select Done. 10. Select the Condition tab. 11. Under Signal name, click Create or Update Security Solutions (Microsoft.Security/securitySolutions). 12. Select the Actions tab. 13. To use an existing action group, click Select action groups. To create a new action group, click Create action group. Fill out the appropriate details for the selection. 14. Select the Details tab. 15. Select a Resource group, provide an Alert rule name and an optional Alert rule description. 16. Click Review + create. 17. Click Create.", - "references": [ - "https://azure.microsoft.com/en-us/updates/classic-alerting-monitoring-retirement" - ] - }, - "risk_details": "Monitoring for Delete Security Solution events gives insight into changes to the active security solutions and may reduce the time it takes to detect suspicious activity.", - "time": 1760899347, - "time_dt": "2025-10-19T18:42:27.982879", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There is not an alert for deleting SQL Server firewall rule in subscription Azure subscription 1.", - "metadata": { - "event_code": "monitor_alert_delete_sqlserver_fr", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "There is not an alert for deleting SQL Server firewall rule in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-in/azure/azure-monitor/platform/alerts-activity-log", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "By default, no monitoring alerts are created.", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.2" - ], - "MITRE-ATTACK": [ - "T1485", - "T1496" - ], - "CIS-2.0": [ - "5.2.8" - ], - "ProwlerThreatScore-1.0": [ - "3.3.10" - ], - "ISO27001-2022": [ - "A.5.7", - "A.8.16" - ], - "SOC2": [ - "cc_2_1", - "cc_5_2", - "cc_7_3", - "cc_7_4", - "cc_8_1" - ], - "CIS-2.1": [ - "5.2.8" - ], - "CIS-3.0": [ - "6.2.8" - ], - "CCC": [ - "CCC.Logging.CN07.AR01" - ], - "CIS-4.0": [ - "7.1.2.8" - ], - "NIS2": [ - "2.2.3", - "3.2.1", - "3.2.2", - "3.2.3.f", - "3.2.4", - "3.4.1", - "3.5.4", - "4.3.2.c", - "6.4.1", - "7.2.b", - "11.3.1", - "11.5.2.d" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760899347, - "created_time_dt": "2025-10-19T18:42:27.982879", - "desc": "Create an activity log alert for the 'Delete SQL Server Firewall Rule.'", - "title": "Ensure that Activity Log Alert exists for Delete SQL Server Firewall Rule", - "types": [], - "uid": "prowler-azure-monitor_alert_delete_sqlserver_fr-3bb71587-4549-4396-8898-9e15f062e665-global-Monitor" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "monitor" - }, - "labels": [], - "name": "Monitor", - "type": "Monitor", - "uid": "Monitor" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. Navigate to the Monitor blade. 2. Select Alerts. 3. Select Create. 4. Select Alert rule. 5. Under Filter by subscription, choose a subscription. 6. Under Filter by resource type, select Server Firewall Rule (servers/firewallRules). 7. Under Filter by location, select All. 8. From the results, select the subscription. 9. Select Done. 10. Select the Condition tab. 11. Under Signal name, click Delete server firewall rule (Microsoft.Sql/servers/firewallRules). 12. Select the Actions tab. 13. To use an existing action group, click Select action groups. To create a new action group, click Create action group. Fill out the appropriate details for the selection. 14. Select the Details tab. 15. Select a Resource group, provide an Alert rule name and an optional Alert rule description. 16. Click Review + create. 17. Click Create.", - "references": [ - "https://azure.microsoft.com/en-us/updates/classic-alerting-monitoring-retirement" - ] - }, - "risk_details": "Monitoring for Delete SQL Server Firewall Rule events gives insight into SQL network access changes and may reduce the time it takes to detect suspicious activity.", - "time": 1760899347, - "time_dt": "2025-10-19T18:42:27.982879", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There is no activity log alert for Service Health in subscription Azure subscription 1.", - "metadata": { - "event_code": "monitor_alert_service_health_exists", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "There is no activity log alert for Service Health in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/service-health/overview", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "By default, in your Azure subscription there will not be any activity log alerts configured for Service Health events.", - "compliance": { - "CCC": [ - "CCC.AuditLog.CN03.AR02", - "CCC.KeyMgmt.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN07.AR02" - ], - "CIS-4.0": [ - "7.1.2.11" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760899347, - "created_time_dt": "2025-10-19T18:42:27.982879", - "desc": "Ensure that an Azure activity log alert is configured to trigger when Service Health events occur within your Microsoft Azure cloud account. The alert should activate when new events match the specified conditions in the alert rule configuration.", - "title": "Ensure that an Activity Log Alert exists for Service Health", - "types": [], - "uid": "prowler-azure-monitor_alert_service_health_exists-3bb71587-4549-4396-8898-9e15f062e665-global-Monitor" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "monitor" - }, - "labels": [], - "name": "Monitor", - "type": "Monitor", - "uid": "Monitor" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "Create an activity log alert for Service Health events and configure an action group to notify appropriate personnel.", - "references": [ - "https://learn.microsoft.com/en-us/azure/service-health/alerts-activity-log-service-notifications-portal" - ] - }, - "risk_details": "Lack of monitoring for Service Health events may result in missing critical service issues, planned maintenance, security advisories, or other changes that could impact Azure services and regions in use.", - "time": 1760899347, - "time_dt": "2025-10-19T18:42:27.982879", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There are no diagnostic settings capturing appropiate categories in subscription Azure subscription 1.", - "metadata": { - "event_code": "monitor_diagnostic_setting_with_appropriate_categories", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "There are no diagnostic settings capturing appropiate categories in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/azure-monitor/essentials/diagnostic-settings", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "When the diagnostic setting is created using Azure Portal, by default no categories are selected.", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.az.md.1", - "op.mon.2.az.md.1" - ], - "CIS-2.0": [ - "5.1.2" - ], - "ProwlerThreatScore-1.0": [ - "3.3.2" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.22" - ], - "SOC2": [ - "cc_8_1" - ], - "CIS-2.1": [ - "5.1.2" - ], - "CIS-3.0": [ - "6.1.2" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR02", - "CCC.AuditLog.CN04.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.LB.CN01.AR02", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.ObjStor.CN06.AR01", - "CCC.Core.CN09.AR02", - "CCC.Core.CN09.AR03", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR02", - "CCC.Core.CN04.AR03", - "CCC.Core.CN07.AR02" - ], - "PCI-4.0": [ - "10.2.1.1.7", - "10.2.1.1.15", - "10.2.1.2.7", - "10.2.1.3.7", - "10.2.1.4.7", - "10.2.1.5.7", - "10.2.1.6.7", - "10.2.1.7.7", - "10.2.1.7", - "10.2.2.7", - "10.3.1.7", - "10.3.2.2", - "10.3.3.4", - "10.3.4.3", - "10.4.1.1.3", - "10.4.1.1.4", - "10.4.1.3", - "10.4.2.4", - "10.5.1.3", - "10.6.3.7", - "10.6.3.15", - "10.7.1.5", - "10.7.2.5", - "11.5.2.4", - "11.6.1.4", - "12.10.5.4", - "5.3.4.7", - "5.3.4.8", - "A1.2.1.7", - "A1.2.1.8", - "A3.3.1.6", - "A3.3.1.7", - "A3.5.1.6", - "A3.5.1.7" - ], - "CIS-4.0": [ - "7.1.1.2" - ], - "NIS2": [ - "2.2.3", - "3.2.1", - "3.2.2", - "3.2.3.c", - "3.2.3.f", - "3.4.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760899347, - "created_time_dt": "2025-10-19T18:42:27.982879", - "desc": "Prerequisite: A Diagnostic Setting must exist. If a Diagnostic Setting does not exist, the navigation and options within this recommendation will not be available. Please review the recommendation at the beginning of this subsection titled: 'Ensure that a 'Diagnostic Setting' exists.' The diagnostic setting should be configured to log the appropriate activities from the control/management plane.", - "title": "Ensure Diagnostic Setting captures appropriate categories", - "types": [], - "uid": "prowler-azure-monitor_diagnostic_setting_with_appropriate_categories-3bb71587-4549-4396-8898-9e15f062e665-global-Monitor" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "monitor" - }, - "labels": [], - "name": "Monitor", - "type": "Monitor", - "uid": "Monitor" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. Go to Azure Monitor 2. Click Activity log 3. Click on Export Activity Logs 4. Select the Subscription from the drop down menu 5. Click on Add diagnostic setting 6. Enter a name for your new Diagnostic Setting 7. Check the following categories: Administrative, Alert, Policy, and Security 8. Choose the destination details according to your organization's needs.", - "references": [ - "https://learn.microsoft.com/en-us/azure/storage/common/manage-storage-analytics-logs?toc=%2Fazure%2Fstorage%2Fblobs%2Ftoc.json&bc=%2Fazure%2Fstorage%2Fblobs%2Fbreadcrumb%2Ftoc.json&tabs=azure-portal" - ] - }, - "risk_details": "A diagnostic setting controls how the diagnostic log is exported. Capturing the diagnostic setting categories for appropriate control/management plane activities allows proper alerting.", - "time": 1760899347, - "time_dt": "2025-10-19T18:42:27.982879", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No diagnostic settings found in subscription Azure subscription 1.", - "metadata": { - "event_code": "monitor_diagnostic_settings_exists", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "No diagnostic settings found in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/cli/azure/monitor/diagnostic-settings?view=azure-cli-latest", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "By default, diagnostic setting is not set.", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.r5.az.ds.1", - "op.mon.2.r2.az.ma.1" - ], - "CIS-2.0": [ - "5.1.1" - ], - "ProwlerThreatScore-1.0": [ - "3.2.3" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.22" - ], - "SOC2": [ - "cc_8_1" - ], - "CIS-2.1": [ - "5.1.1" - ], - "CIS-3.0": [ - "6.1.1" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN03.AR02", - "CCC.AuditLog.CN04.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.AuditLog.CN06.AR01", - "CCC.AuditLog.CN08.AR01", - "CCC.AuditLog.CN09.AR01", - "CCC.KeyMgmt.CN01.AR01", - "CCC.LB.CN01.AR02", - "CCC.LB.CN06.AR01", - "CCC.LB.CN04.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.AuditLog.CN04.AR01", - "CCC.Logging.CN05.AR01", - "CCC.Logging.CN05.AR02", - "CCC.Logging.CN07.AR01", - "CCC.ObjStor.CN06.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN09.AR01", - "CCC.Core.CN09.AR02", - "CCC.Core.CN09.AR03", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR02", - "CCC.Core.CN04.AR03", - "CCC.Core.CN07.AR02" - ], - "CIS-4.0": [ - "7.1.1.1" - ], - "NIS2": [ - "2.2.3", - "3.2.1", - "3.2.2", - "3.2.3.b", - "3.2.3.c", - "3.2.3.f", - "3.2.3.h", - "3.4.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760899347, - "created_time_dt": "2025-10-19T18:42:27.982879", - "desc": "Enable Diagnostic settings for exporting activity logs. Diagnostic settings are available for each individual resource within a subscription. Settings should be configured for all appropriate resources for your environment.", - "title": "Ensure that a 'Diagnostic Setting' exists for Subscription Activity Logs ", - "types": [], - "uid": "prowler-azure-monitor_diagnostic_settings_exists-3bb71587-4549-4396-8898-9e15f062e665-global-Diagnostic Settings" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "monitor" - }, - "labels": [], - "name": "Diagnostic Settings", - "type": "Monitor", - "uid": "diagnostic_settings" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "To enable Diagnostic Settings on a Subscription: 1. Go to Monitor 2. Click on Activity Log 3. Click on Export Activity Logs 4. Click + Add diagnostic setting 5. Enter a Diagnostic setting name 6. Select Categories for the diagnostic settings 7. Select the appropriate Destination details (this may be Log Analytics, Storage Account, Event Hub, or Partner solution) 8. Click Save To enable Diagnostic Settings on a specific resource: 1. Go to Monitor 2. Click Diagnostic settings 3. Click on the resource that has a diagnostics status of disabled 4. Select Add Diagnostic Setting 5. Enter a Diagnostic setting name 6. Select the appropriate log, metric, and destination. (this may be Log Analytics, Storage Account, Event Hub, or Partner solution) 7. Click save Repeat these step for all resources as needed.", - "references": [ - "https://docs.microsoft.com/en-us/azure/monitoring-and-diagnostics/monitoring-overview-activity-logs#export-the-activity-log-with-a-log-profile" - ] - }, - "risk_details": "A diagnostic setting controls how a diagnostic log is exported. By default, logs are retained only for 90 days. Diagnostic settings should be defined so that logs can be exported and stored for a longer duration in order to analyze security activities within an Azure subscription.", - "time": 1760899347, - "time_dt": "2025-10-19T18:42:27.982879", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Bastion Host from subscription Azure subscription 1 does not exist", - "metadata": { - "event_code": "network_bastion_host_exists", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Bastion Host from subscription Azure subscription 1 does not exist", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/bastion/bastion-overview#sku", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "The Azure Bastion service incurs additional costs and requires a specific virtual network configuration. The Standard tier offers additional configuration options compared to the Basic tier and may incur additional costs for those added features.", - "compliance": { - "ENS-RD2022": [ - "mp.com.4.r4.az.nt.1" - ], - "CIS-2.0": [ - "7.1" - ], - "ProwlerThreatScore-1.0": [ - "2.1.5" - ], - "ISO27001-2022": [ - "A.8.14", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "CIS-2.1": [ - "7.1" - ], - "CIS-3.0": [ - "8.1" - ], - "CIS-4.0": [ - "9.4.1" - ], - "NIS2": [ - "2.3.1", - "6.7.2.b", - "6.7.2.l", - "11.1.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760899347, - "created_time_dt": "2025-10-19T18:42:27.982879", - "desc": "The Azure Bastion service allows secure remote access to Azure Virtual Machines over the Internet without exposing remote access protocol ports and services directly to the Internet. The Azure Bastion service provides this access using TLS over 443/TCP, and subscribes to hardened configurations within an organization's Azure Active Directory service.", - "title": "Ensure an Azure Bastion Host Exists", - "types": [], - "uid": "prowler-azure-network_bastion_host_exists-3bb71587-4549-4396-8898-9e15f062e665-global-Bastion Host" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "network" - }, - "labels": [], - "name": "Bastion Host", - "type": "Network", - "uid": "Bastion Host" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "From Azure Portal* 1. Click on Bastions 2. Select the Subscription 3. Select the Resource group 4. Type a Name for the new Bastion host 5. Select a Region 6. Choose Standard next to Tier 7. Use the slider to set the Instance count 8. Select the Virtual network or Create new 9. Select the Subnet named AzureBastionSubnet. Create a Subnet named AzureBastionSubnet using a /26 CIDR range if it doesn't already exist. 10. Selct the appropriate Public IP address option. 11. If Create new is selected for the Public IP address option, provide a Public IP address name. 12. If Use existing is selected for Public IP address option, select an IP address from Choose public IP address 13. Click Next: Tags > 14. Configure the appropriate Tags 15. Click Next: Advanced > 16. Select the appropriate Advanced options 17. Click Next: Review + create > 18. Click Create From Azure CLI az network bastion create --location --name --public-ip-address --resource-group --vnet-name --scale-units --sku Standard [--disable-copy- paste true|false] [--enable-ip-connect true|false] [--enable-tunneling true|false] From PowerShell Create the appropriate Virtual network settings and Public IP Address settings. $subnetName = 'AzureBastionSubnet' $subnet = New-AzVirtualNetworkSubnetConfig -Name $subnetName -AddressPrefix $virtualNet = New-AzVirtualNetwork -Name - ResourceGroupName -Location -AddressPrefix -Subnet $subnet $publicip = New-AzPublicIpAddress -ResourceGroupName - Name -Location -AllocationMethod Dynamic -Sku Standard", - "references": [ - "https://learn.microsoft.com/en-us/powershell/module/az.network/get-azbastion?view=azps-9.2.0" - ] - }, - "risk_details": "The Azure Bastion service allows organizations a more secure means of accessing Azure Virtual Machines over the Internet without assigning public IP addresses to those Virtual Machines. The Azure Bastion service provides Remote Desktop Protocol (RDP) and Secure Shell (SSH) access to Virtual Machines using TLS within a web browser, thus preventing organizations from opening up 3389/TCP and 22/TCP to the Internet on Azure Virtual Machines. Additional benefits of the Bastion service includes Multi-Factor Authentication, Conditional Access Policies, and any other hardening measures configured within Azure Active Directory using a central point of access.", - "time": 1760899347, - "time_dt": "2025-10-19T18:42:27.982879", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Network Watcher NetworkWatcher_southcentralus from subscription Azure subscription 1 has no flow logs", - "metadata": { - "event_code": "network_flow_log_captured_sent", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Network Watcher NetworkWatcher_southcentralus from subscription Azure subscription 1 has no flow logs", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/security/benchmark/azure/mcsb-logging-threat-detection#lt-4-enable-network-logging-for-security-investigation", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "The impact of configuring NSG Flow logs is primarily one of cost and configuration. If deployed, it will create storage accounts that hold minimal amounts of data on a 5-day lifecycle before feeding to Log Analytics Workspace. This will increase the amount of data stored and used by Azure Monitor.", - "compliance": { - "ENS-RD2022": [ - "op.mon.1.r1.az.nf.1", - "op.mon.3.az.nw.1", - "mp.s.4.r1.az.nt.1" - ], - "MITRE-ATTACK": [ - "T1048", - "T1499" - ], - "CIS-2.0": [ - "5.1.6" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "ISO27001-2022": [ - "A.8.14", - "A.8.15", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "5.1.5" - ], - "CIS-3.0": [ - "6.1.5" - ], - "CCC": [ - "CCC.LB.CN01.AR02", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR01", - "CCC.Core.CN09.AR03", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR02", - "CCC.Core.CN04.AR03" - ], - "CIS-4.0": [ - "7.1.1.5" - ], - "NIS2": [ - "2.1.2.h", - "2.3.1", - "3.2.3.a", - "3.2.3.d", - "3.2.3.g", - "6.7.2.b", - "6.7.2.l", - "11.1.1", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760899347, - "created_time_dt": "2025-10-19T18:42:27.982879", - "desc": "Ensure that network flow logs are captured and fed into a central log analytics workspace.", - "title": "Ensure that network flow logs are captured and fed into a central log analytics workspace.", - "types": [], - "uid": "prowler-azure-network_flow_log_captured_sent-3bb71587-4549-4396-8898-9e15f062e665-southcentralus-NetworkWatcher_southcentralus" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "southcentralus", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_southcentralus", - "name": "NetworkWatcher_southcentralus", - "location": "southcentralus", - "flow_logs": [] - } - }, - "group": { - "name": "network" - }, - "labels": [], - "name": "NetworkWatcher_southcentralus", - "type": "Network", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_southcentralus" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "southcentralus" - }, - "remediation": { - "desc": "1. Navigate to Network Watcher. 2. Select NSG flow logs. 3. Select + Create. 4. Select the desired Subscription. 5. Select + Select NSG. 6. Select a network security group. 7. Click Confirm selection. 8. Select or create a new Storage Account. 9. Input the retention in days to retain the log. 10. Click Next. 11. Under Configuration, select Version 2. 12. If rich analytics are required, select Enable Traffic Analytics, a processing interval, and a Log Analytics Workspace. 13. Select Next. 14. Optionally add Tags. 15. Select Review + create. 16. Select Create. Warning The remediation policy creates remediation deployment and names them by concatenating the subscription name and the resource group name. The MAXIMUM permitted length of a deployment name is 64 characters. Exceeding this will cause the remediation task to fail.", - "references": [ - "https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-nsg-flow-logging-portal" - ] - }, - "risk_details": "Network Flow Logs provide valuable insight into the flow of traffic around your network and feed into both Azure Monitor and Azure Sentinel (if in use), permitting the generation of visual flow diagrams to aid with analyzing for lateral movement, etc.", - "time": 1760899347, - "time_dt": "2025-10-19T18:42:27.982879", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Network Watcher NetworkWatcher_centralindia from subscription Azure subscription 1 has no flow logs", - "metadata": { - "event_code": "network_flow_log_captured_sent", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Network Watcher NetworkWatcher_centralindia from subscription Azure subscription 1 has no flow logs", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/security/benchmark/azure/mcsb-logging-threat-detection#lt-4-enable-network-logging-for-security-investigation", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "The impact of configuring NSG Flow logs is primarily one of cost and configuration. If deployed, it will create storage accounts that hold minimal amounts of data on a 5-day lifecycle before feeding to Log Analytics Workspace. This will increase the amount of data stored and used by Azure Monitor.", - "compliance": { - "ENS-RD2022": [ - "op.mon.1.r1.az.nf.1", - "op.mon.3.az.nw.1", - "mp.s.4.r1.az.nt.1" - ], - "MITRE-ATTACK": [ - "T1048", - "T1499" - ], - "CIS-2.0": [ - "5.1.6" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "ISO27001-2022": [ - "A.8.14", - "A.8.15", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "5.1.5" - ], - "CIS-3.0": [ - "6.1.5" - ], - "CCC": [ - "CCC.LB.CN01.AR02", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR01", - "CCC.Core.CN09.AR03", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR02", - "CCC.Core.CN04.AR03" - ], - "CIS-4.0": [ - "7.1.1.5" - ], - "NIS2": [ - "2.1.2.h", - "2.3.1", - "3.2.3.a", - "3.2.3.d", - "3.2.3.g", - "6.7.2.b", - "6.7.2.l", - "11.1.1", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760899347, - "created_time_dt": "2025-10-19T18:42:27.982879", - "desc": "Ensure that network flow logs are captured and fed into a central log analytics workspace.", - "title": "Ensure that network flow logs are captured and fed into a central log analytics workspace.", - "types": [], - "uid": "prowler-azure-network_flow_log_captured_sent-3bb71587-4549-4396-8898-9e15f062e665-centralindia-NetworkWatcher_centralindia" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "centralindia", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_centralindia", - "name": "NetworkWatcher_centralindia", - "location": "centralindia", - "flow_logs": [] - } - }, - "group": { - "name": "network" - }, - "labels": [], - "name": "NetworkWatcher_centralindia", - "type": "Network", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_centralindia" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "centralindia" - }, - "remediation": { - "desc": "1. Navigate to Network Watcher. 2. Select NSG flow logs. 3. Select + Create. 4. Select the desired Subscription. 5. Select + Select NSG. 6. Select a network security group. 7. Click Confirm selection. 8. Select or create a new Storage Account. 9. Input the retention in days to retain the log. 10. Click Next. 11. Under Configuration, select Version 2. 12. If rich analytics are required, select Enable Traffic Analytics, a processing interval, and a Log Analytics Workspace. 13. Select Next. 14. Optionally add Tags. 15. Select Review + create. 16. Select Create. Warning The remediation policy creates remediation deployment and names them by concatenating the subscription name and the resource group name. The MAXIMUM permitted length of a deployment name is 64 characters. Exceeding this will cause the remediation task to fail.", - "references": [ - "https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-nsg-flow-logging-portal" - ] - }, - "risk_details": "Network Flow Logs provide valuable insight into the flow of traffic around your network and feed into both Azure Monitor and Azure Sentinel (if in use), permitting the generation of visual flow diagrams to aid with analyzing for lateral movement, etc.", - "time": 1760899347, - "time_dt": "2025-10-19T18:42:27.982879", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Network Watcher NetworkWatcher_westus2 from subscription Azure subscription 1 has no flow logs", - "metadata": { - "event_code": "network_flow_log_captured_sent", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Network Watcher NetworkWatcher_westus2 from subscription Azure subscription 1 has no flow logs", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/security/benchmark/azure/mcsb-logging-threat-detection#lt-4-enable-network-logging-for-security-investigation", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "The impact of configuring NSG Flow logs is primarily one of cost and configuration. If deployed, it will create storage accounts that hold minimal amounts of data on a 5-day lifecycle before feeding to Log Analytics Workspace. This will increase the amount of data stored and used by Azure Monitor.", - "compliance": { - "ENS-RD2022": [ - "op.mon.1.r1.az.nf.1", - "op.mon.3.az.nw.1", - "mp.s.4.r1.az.nt.1" - ], - "MITRE-ATTACK": [ - "T1048", - "T1499" - ], - "CIS-2.0": [ - "5.1.6" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "ISO27001-2022": [ - "A.8.14", - "A.8.15", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "5.1.5" - ], - "CIS-3.0": [ - "6.1.5" - ], - "CCC": [ - "CCC.LB.CN01.AR02", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR01", - "CCC.Core.CN09.AR03", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR02", - "CCC.Core.CN04.AR03" - ], - "CIS-4.0": [ - "7.1.1.5" - ], - "NIS2": [ - "2.1.2.h", - "2.3.1", - "3.2.3.a", - "3.2.3.d", - "3.2.3.g", - "6.7.2.b", - "6.7.2.l", - "11.1.1", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760899347, - "created_time_dt": "2025-10-19T18:42:27.982879", - "desc": "Ensure that network flow logs are captured and fed into a central log analytics workspace.", - "title": "Ensure that network flow logs are captured and fed into a central log analytics workspace.", - "types": [], - "uid": "prowler-azure-network_flow_log_captured_sent-3bb71587-4549-4396-8898-9e15f062e665-westus2-NetworkWatcher_westus2" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "westus2", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_westus2", - "name": "NetworkWatcher_westus2", - "location": "westus2", - "flow_logs": [] - } - }, - "group": { - "name": "network" - }, - "labels": [], - "name": "NetworkWatcher_westus2", - "type": "Network", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_westus2" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "westus2" - }, - "remediation": { - "desc": "1. Navigate to Network Watcher. 2. Select NSG flow logs. 3. Select + Create. 4. Select the desired Subscription. 5. Select + Select NSG. 6. Select a network security group. 7. Click Confirm selection. 8. Select or create a new Storage Account. 9. Input the retention in days to retain the log. 10. Click Next. 11. Under Configuration, select Version 2. 12. If rich analytics are required, select Enable Traffic Analytics, a processing interval, and a Log Analytics Workspace. 13. Select Next. 14. Optionally add Tags. 15. Select Review + create. 16. Select Create. Warning The remediation policy creates remediation deployment and names them by concatenating the subscription name and the resource group name. The MAXIMUM permitted length of a deployment name is 64 characters. Exceeding this will cause the remediation task to fail.", - "references": [ - "https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-nsg-flow-logging-portal" - ] - }, - "risk_details": "Network Flow Logs provide valuable insight into the flow of traffic around your network and feed into both Azure Monitor and Azure Sentinel (if in use), permitting the generation of visual flow diagrams to aid with analyzing for lateral movement, etc.", - "time": 1760899347, - "time_dt": "2025-10-19T18:42:27.982879", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Network Watcher NetworkWatcher_southcentralus from subscription Azure subscription 1 has no flow logs", - "metadata": { - "event_code": "network_flow_log_more_than_90_days", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Network Watcher NetworkWatcher_southcentralus from subscription Azure subscription 1 has no flow logs", - "status_id": 1, - "unmapped": { - "related_url": " https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-nsg-flow-logging-overview", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "This will keep IP traffic logs for longer than 90 days. As a level 2, first determine your need to retain data, then apply your selection here. As this is data stored for longer, your monthly storage costs will increase depending on your data use.", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.r3.az.nt.1", - "op.mon.3.az.nw.1" - ], - "MITRE-ATTACK": [ - "T1499" - ], - "CIS-2.0": [ - "6.5" - ], - "ProwlerThreatScore-1.0": [ - "3.2.1" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1", - "cc_c_1_2" - ], - "CIS-2.1": [ - "6.5" - ], - "CIS-3.0": [ - "7.5" - ], - "CCC": [ - "CCC.Logging.CN02.AR01", - "CCC.Logging.CN02.AR02", - "CCC.VPC.CN04.AR01" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.29", - "10.2.1.3.29", - "10.2.1.4.29", - "10.2.1.5.29", - "10.2.1.6.29", - "10.2.1.7.29", - "10.2.1.29", - "10.2.2.29", - "10.3.1.29", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.34" - ], - "CIS-4.0": [ - "8.8", - "8.5" - ], - "NIS2": [ - "1.1.1.c", - "2.1.2.h", - "2.3.1", - "3.2.3.a", - "3.2.3.g", - "3.2.5", - "4.1.2.g", - "4.1.4", - "4.2.2.f", - "6.1.2.b", - "6.7.2.b", - "6.7.2.l", - "11.1.1", - "11.2.2.f", - "12.2.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760899347, - "created_time_dt": "2025-10-19T18:42:27.982879", - "desc": "Network Security Group Flow Logs should be enabled and the retention period set to greater than or equal to 90 days.", - "title": "Ensure that Network Security Group Flow Log retention period is 0, 90 days or greater", - "types": [], - "uid": "prowler-azure-network_flow_log_more_than_90_days-3bb71587-4549-4396-8898-9e15f062e665-southcentralus-NetworkWatcher_southcentralus" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "southcentralus", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_southcentralus", - "name": "NetworkWatcher_southcentralus", - "location": "southcentralus", - "flow_logs": [] - } - }, - "group": { - "name": "network" - }, - "labels": [], - "name": "NetworkWatcher_southcentralus", - "type": "Network", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_southcentralus" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "southcentralus" - }, - "remediation": { - "desc": "From Azure Portal 1. Go to Network Watcher 2. Select NSG flow logs blade in the Logs section 3. Select each Network Security Group from the list 4. Ensure Status is set to On 5. Ensure Retention (days) setting greater than 90 days 6. Select your storage account in the Storage account field 7. Select Save From Azure CLI Enable the NSG flow logs and set the Retention (days) to greater than or equal to 90 days. az network watcher flow-log configure --nsg --enabled true --resource-group --retention 91 --storage-account ", - "references": [ - "https://docs.microsoft.com/en-us/cli/azure/network/watcher/flow-log?view=azure-cli-latest" - ] - }, - "risk_details": "Flow logs enable capturing information about IP traffic flowing in and out of network security groups. Logs can be used to check for anomalies and give insight into suspected breaches.", - "time": 1760899347, - "time_dt": "2025-10-19T18:42:27.982879", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Network Watcher NetworkWatcher_centralindia from subscription Azure subscription 1 has no flow logs", - "metadata": { - "event_code": "network_flow_log_more_than_90_days", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Network Watcher NetworkWatcher_centralindia from subscription Azure subscription 1 has no flow logs", - "status_id": 1, - "unmapped": { - "related_url": " https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-nsg-flow-logging-overview", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "This will keep IP traffic logs for longer than 90 days. As a level 2, first determine your need to retain data, then apply your selection here. As this is data stored for longer, your monthly storage costs will increase depending on your data use.", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.r3.az.nt.1", - "op.mon.3.az.nw.1" - ], - "MITRE-ATTACK": [ - "T1499" - ], - "CIS-2.0": [ - "6.5" - ], - "ProwlerThreatScore-1.0": [ - "3.2.1" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1", - "cc_c_1_2" - ], - "CIS-2.1": [ - "6.5" - ], - "CIS-3.0": [ - "7.5" - ], - "CCC": [ - "CCC.Logging.CN02.AR01", - "CCC.Logging.CN02.AR02", - "CCC.VPC.CN04.AR01" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.29", - "10.2.1.3.29", - "10.2.1.4.29", - "10.2.1.5.29", - "10.2.1.6.29", - "10.2.1.7.29", - "10.2.1.29", - "10.2.2.29", - "10.3.1.29", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.34" - ], - "CIS-4.0": [ - "8.8", - "8.5" - ], - "NIS2": [ - "1.1.1.c", - "2.1.2.h", - "2.3.1", - "3.2.3.a", - "3.2.3.g", - "3.2.5", - "4.1.2.g", - "4.1.4", - "4.2.2.f", - "6.1.2.b", - "6.7.2.b", - "6.7.2.l", - "11.1.1", - "11.2.2.f", - "12.2.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760899347, - "created_time_dt": "2025-10-19T18:42:27.982879", - "desc": "Network Security Group Flow Logs should be enabled and the retention period set to greater than or equal to 90 days.", - "title": "Ensure that Network Security Group Flow Log retention period is 0, 90 days or greater", - "types": [], - "uid": "prowler-azure-network_flow_log_more_than_90_days-3bb71587-4549-4396-8898-9e15f062e665-centralindia-NetworkWatcher_centralindia" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "centralindia", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_centralindia", - "name": "NetworkWatcher_centralindia", - "location": "centralindia", - "flow_logs": [] - } - }, - "group": { - "name": "network" - }, - "labels": [], - "name": "NetworkWatcher_centralindia", - "type": "Network", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_centralindia" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "centralindia" - }, - "remediation": { - "desc": "From Azure Portal 1. Go to Network Watcher 2. Select NSG flow logs blade in the Logs section 3. Select each Network Security Group from the list 4. Ensure Status is set to On 5. Ensure Retention (days) setting greater than 90 days 6. Select your storage account in the Storage account field 7. Select Save From Azure CLI Enable the NSG flow logs and set the Retention (days) to greater than or equal to 90 days. az network watcher flow-log configure --nsg --enabled true --resource-group --retention 91 --storage-account ", - "references": [ - "https://docs.microsoft.com/en-us/cli/azure/network/watcher/flow-log?view=azure-cli-latest" - ] - }, - "risk_details": "Flow logs enable capturing information about IP traffic flowing in and out of network security groups. Logs can be used to check for anomalies and give insight into suspected breaches.", - "time": 1760899347, - "time_dt": "2025-10-19T18:42:27.982879", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Network Watcher NetworkWatcher_westus2 from subscription Azure subscription 1 has no flow logs", - "metadata": { - "event_code": "network_flow_log_more_than_90_days", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Network Watcher NetworkWatcher_westus2 from subscription Azure subscription 1 has no flow logs", - "status_id": 1, - "unmapped": { - "related_url": " https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-nsg-flow-logging-overview", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "This will keep IP traffic logs for longer than 90 days. As a level 2, first determine your need to retain data, then apply your selection here. As this is data stored for longer, your monthly storage costs will increase depending on your data use.", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.r3.az.nt.1", - "op.mon.3.az.nw.1" - ], - "MITRE-ATTACK": [ - "T1499" - ], - "CIS-2.0": [ - "6.5" - ], - "ProwlerThreatScore-1.0": [ - "3.2.1" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1", - "cc_c_1_2" - ], - "CIS-2.1": [ - "6.5" - ], - "CIS-3.0": [ - "7.5" - ], - "CCC": [ - "CCC.Logging.CN02.AR01", - "CCC.Logging.CN02.AR02", - "CCC.VPC.CN04.AR01" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.29", - "10.2.1.3.29", - "10.2.1.4.29", - "10.2.1.5.29", - "10.2.1.6.29", - "10.2.1.7.29", - "10.2.1.29", - "10.2.2.29", - "10.3.1.29", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.34" - ], - "CIS-4.0": [ - "8.8", - "8.5" - ], - "NIS2": [ - "1.1.1.c", - "2.1.2.h", - "2.3.1", - "3.2.3.a", - "3.2.3.g", - "3.2.5", - "4.1.2.g", - "4.1.4", - "4.2.2.f", - "6.1.2.b", - "6.7.2.b", - "6.7.2.l", - "11.1.1", - "11.2.2.f", - "12.2.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760899347, - "created_time_dt": "2025-10-19T18:42:27.982879", - "desc": "Network Security Group Flow Logs should be enabled and the retention period set to greater than or equal to 90 days.", - "title": "Ensure that Network Security Group Flow Log retention period is 0, 90 days or greater", - "types": [], - "uid": "prowler-azure-network_flow_log_more_than_90_days-3bb71587-4549-4396-8898-9e15f062e665-westus2-NetworkWatcher_westus2" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "westus2", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_westus2", - "name": "NetworkWatcher_westus2", - "location": "westus2", - "flow_logs": [] - } - }, - "group": { - "name": "network" - }, - "labels": [], - "name": "NetworkWatcher_westus2", - "type": "Network", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_westus2" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "westus2" - }, - "remediation": { - "desc": "From Azure Portal 1. Go to Network Watcher 2. Select NSG flow logs blade in the Logs section 3. Select each Network Security Group from the list 4. Ensure Status is set to On 5. Ensure Retention (days) setting greater than 90 days 6. Select your storage account in the Storage account field 7. Select Save From Azure CLI Enable the NSG flow logs and set the Retention (days) to greater than or equal to 90 days. az network watcher flow-log configure --nsg --enabled true --resource-group --retention 91 --storage-account ", - "references": [ - "https://docs.microsoft.com/en-us/cli/azure/network/watcher/flow-log?view=azure-cli-latest" - ] - }, - "risk_details": "Flow logs enable capturing information about IP traffic flowing in and out of network security groups. Logs can be used to check for anomalies and give insight into suspected breaches.", - "time": 1760899347, - "time_dt": "2025-10-19T18:42:27.982879", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Security Group nsg-lee8 from subscription Azure subscription 1 has HTTP internet access restricted.", - "metadata": { - "event_code": "network_http_internet_access_restricted", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Security Group nsg-lee8 from subscription Azure subscription 1 has HTTP internet access restricted.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/security/benchmark/azure/security-controls-v3-network-security#ns-1-establish-network-segmentation-boundaries", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.com.3.r2.az.tls.1", - "mp.com.4.r3.az.1", - "mp.com.4.r4.az.nt.1", - "mp.s.4.az.nt.1" - ], - "MITRE-ATTACK": [ - "T1199", - "T1048", - "T1499", - "T1498", - "T1046" - ], - "CIS-2.0": [ - "6.4" - ], - "ProwlerThreatScore-1.0": [ - "2.1.4" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "SOC2": [ - "cc_6_6" - ], - "CIS-2.1": [ - "6.4" - ], - "CIS-3.0": [ - "7.4" - ], - "CCC": [ - "CCC.Build.CN03.AR01", - "CCC.MLDE.CN07.AR01", - "CCC.MLDE.CN07.AR02", - "CCC.MLDE.CN08.AR01", - "CCC.MLDE.CN08.AR02", - "CCC.Core.CN06.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05" - ], - "PCI-4.0": [ - "1.2.5.5", - "1.2.8.25", - "1.3.1.28", - "1.3.2.28", - "1.4.1.6", - "1.4.2.26", - "1.4.4.6", - "1.5.1.25", - "2.2.5.5", - "2.2.7.3", - "4.2.1.1.7", - "4.2.1.3", - "8.3.2.6", - "A1.1.3.25" - ], - "CIS-4.0": [ - "8.4" - ], - "NIS2": [ - "1.1.1.c", - "1.2.1", - "2.3.1", - "6.7.2.b", - "6.7.2.l", - "11.1.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760899347, - "created_time_dt": "2025-10-19T18:42:27.982879", - "desc": "Network security groups should be periodically evaluated for port misconfigurations. Where certain ports and protocols may be exposed to the Internet, they should be evaluated for necessity and restricted wherever they are not explicitly required and narrowly configured.", - "title": "Ensure that HTTP(S) access from the Internet is evaluated and restricted", - "types": [], - "uid": "prowler-azure-network_http_internet_access_restricted-3bb71587-4549-4396-8898-9e15f062e665-westus2-nsg-lee8" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "westus2", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-lee8/providers/Microsoft.Network/networkSecurityGroups/nsg-lee8", - "name": "nsg-lee8", - "location": "westus2", - "security_rules": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-lee8/providers/Microsoft.Network/networkSecurityGroups/nsg-lee8/securityRules/nsgr-lee8", - "name": "nsgr-lee8", - "destination_port_range": "*", - "protocol": "*", - "source_address_prefix": "192.168.0.0/24", - "access": "Deny", - "direction": "Outbound" - } - ] - } - }, - "group": { - "name": "network" - }, - "labels": [], - "name": "nsg-lee8", - "type": "Network", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-lee8/providers/Microsoft.Network/networkSecurityGroups/nsg-lee8" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "westus2" - }, - "remediation": { - "desc": "Where HTTP(S) is not explicitly required and narrowly configured for resources attached to the Network Security Group, Internet-level access to your Azure resources should be restricted or eliminated. For internal access to relevant resources, configure an encrypted network tunnel such as: ExpressRoute Site-to-site VPN Point-to-site VPN", - "references": [] - }, - "risk_details": "The potential security problem with using HTTP(S) over the Internet is that attackers can use various brute force techniques to gain access to Azure resources. Once the attackers gain access, they can use the resource as a launch point for compromising other resources within the Azure tenant.", - "time": 1760899347, - "time_dt": "2025-10-19T18:42:27.982879", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Security Group nsg-lee8 from subscription Azure subscription 1 has RDP internet access restricted.", - "metadata": { - "event_code": "network_rdp_internet_access_restricted", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Security Group nsg-lee8 from subscription Azure subscription 1 has RDP internet access restricted.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/azure/security/azure-security-network-security-best-practices#disable-rdpssh-access-to-azure-virtual-machines", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.com.1.az.nw.1" - ], - "MITRE-ATTACK": [ - "T1199", - "T1048", - "T1499", - "T1498", - "T1046" - ], - "CIS-2.0": [ - "6.1" - ], - "ProwlerThreatScore-1.0": [ - "2.1.1" - ], - "ISO27001-2022": [ - "A.8.14", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "SOC2": [ - "cc_6_6" - ], - "CIS-2.1": [ - "6.1" - ], - "CIS-3.0": [ - "7.1" - ], - "CCC": [ - "CCC.Build.CN03.AR01", - "CCC.MLDE.CN07.AR01", - "CCC.MLDE.CN07.AR02", - "CCC.MLDE.CN08.AR01", - "CCC.MLDE.CN08.AR02", - "CCC.Core.CN06.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05" - ], - "CIS-4.0": [ - "8.1" - ], - "NIS2": [ - "2.3.1", - "6.7.2.b", - "6.7.2.l", - "11.1.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760899347, - "created_time_dt": "2025-10-19T18:42:27.982879", - "desc": "Network security groups should be periodically evaluated for port misconfigurations. Where certain ports and protocols may be exposed to the Internet, they should be evaluated for necessity and restricted wherever they are not explicitly required.", - "title": "Ensure that RDP access from the Internet is evaluated and restricted", - "types": [], - "uid": "prowler-azure-network_rdp_internet_access_restricted-3bb71587-4549-4396-8898-9e15f062e665-westus2-nsg-lee8" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "westus2", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-lee8/providers/Microsoft.Network/networkSecurityGroups/nsg-lee8", - "name": "nsg-lee8", - "location": "westus2", - "security_rules": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-lee8/providers/Microsoft.Network/networkSecurityGroups/nsg-lee8/securityRules/nsgr-lee8", - "name": "nsgr-lee8", - "destination_port_range": "*", - "protocol": "*", - "source_address_prefix": "192.168.0.0/24", - "access": "Deny", - "direction": "Outbound" - } - ] - } - }, - "group": { - "name": "network" - }, - "labels": [], - "name": "nsg-lee8", - "type": "Network", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-lee8/providers/Microsoft.Network/networkSecurityGroups/nsg-lee8" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "westus2" - }, - "remediation": { - "desc": "Where RDP is not explicitly required and narrowly configured for resources attached to the Network Security Group, Internet-level access to your Azure resources should be restricted or eliminated. For internal access to relevant resources, configure an encrypted network tunnel such as: ExpressRoute Site-to-site VPN Point-to-site VPN", - "references": [ - "https://docs.microsoft.com/en-us/security/benchmark/azure/security-controls-v3-network-security#ns-1-establish-network-segmentation-boundaries" - ] - }, - "risk_details": "The potential security problem with using RDP over the Internet is that attackers can use various brute force techniques to gain access to Azure Virtual Machines. Once the attackers gain access, they can use a virtual machine as a launch point for compromising other machines on an Azure Virtual Network or even attack networked devices outside of Azure.", - "time": 1760899347, - "time_dt": "2025-10-19T18:42:27.982879", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Security Group nsg-lee8 from subscription Azure subscription 1 has SSH internet access restricted.", - "metadata": { - "event_code": "network_ssh_internet_access_restricted", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Security Group nsg-lee8 from subscription Azure subscription 1 has SSH internet access restricted.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/azure/security/azure-security-network-security-best-practices#disable-rdpssh-access-to-azure-virtual-machines", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.com.1.az.nw.2" - ], - "MITRE-ATTACK": [ - "T1199", - "T1048", - "T1499", - "T1498", - "T1046" - ], - "CIS-2.0": [ - "6.2" - ], - "ProwlerThreatScore-1.0": [ - "2.1.2" - ], - "ISO27001-2022": [ - "A.8.14", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "SOC2": [ - "cc_6_6" - ], - "CIS-2.1": [ - "6.2" - ], - "CIS-3.0": [ - "7.2" - ], - "CCC": [ - "CCC.Build.CN03.AR01", - "CCC.MLDE.CN07.AR01", - "CCC.MLDE.CN07.AR02", - "CCC.MLDE.CN08.AR01", - "CCC.MLDE.CN08.AR02", - "CCC.Core.CN01.AR02", - "CCC.Core.CN06.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05" - ], - "PCI-4.0": [ - "1.2.5.17", - "1.2.8.17", - "1.2.8.18", - "1.2.8.21", - "1.2.8.41", - "1.3.1.19", - "1.3.1.21", - "1.3.1.24", - "1.3.1.45", - "1.3.2.19", - "1.3.2.21", - "1.3.2.24", - "1.3.2.45", - "1.4.1.5", - "1.4.2.18", - "1.4.2.19", - "1.4.2.22", - "1.4.2.43", - "1.4.4.5", - "1.5.1.17", - "1.5.1.18", - "1.5.1.21", - "1.5.1.40", - "2.2.5.17", - "A1.1.3.17", - "A1.1.3.18", - "A1.1.3.21", - "A1.1.3.40" - ], - "CIS-4.0": [ - "8.2" - ], - "NIS2": [ - "2.3.1", - "6.7.2.b", - "6.7.2.l", - "11.1.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760899347, - "created_time_dt": "2025-10-19T18:42:27.982879", - "desc": "Network security groups should be periodically evaluated for port misconfigurations. Where certain ports and protocols may be exposed to the Internet, they should be evaluated for necessity and restricted wherever they are not explicitly required.", - "title": "Ensure that SSH access from the Internet is evaluated and restricted", - "types": [], - "uid": "prowler-azure-network_ssh_internet_access_restricted-3bb71587-4549-4396-8898-9e15f062e665-westus2-nsg-lee8" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "westus2", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-lee8/providers/Microsoft.Network/networkSecurityGroups/nsg-lee8", - "name": "nsg-lee8", - "location": "westus2", - "security_rules": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-lee8/providers/Microsoft.Network/networkSecurityGroups/nsg-lee8/securityRules/nsgr-lee8", - "name": "nsgr-lee8", - "destination_port_range": "*", - "protocol": "*", - "source_address_prefix": "192.168.0.0/24", - "access": "Deny", - "direction": "Outbound" - } - ] - } - }, - "group": { - "name": "network" - }, - "labels": [], - "name": "nsg-lee8", - "type": "Network", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-lee8/providers/Microsoft.Network/networkSecurityGroups/nsg-lee8" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "westus2" - }, - "remediation": { - "desc": "Where SSH is not explicitly required and narrowly configured for resources attached to the Network Security Group, Internet-level access to your Azure resources should be restricted or eliminated. For internal access to relevant resources, configure an encrypted network tunnel such as: ExpressRoute Site-to-site VPN Point-to-site VPN", - "references": [ - "https://docs.microsoft.com/en-us/security/benchmark/azure/security-controls-v3-network-security#ns-1-establish-network-segmentation-boundaries" - ] - }, - "risk_details": "The potential security problem with using SSH over the Internet is that attackers can use various brute force techniques to gain access to Azure Virtual Machines. Once the attackers gain access, they can use a virtual machine as a launch point for compromising other machines on the Azure Virtual Network or even attack networked devices outside of Azure.", - "time": 1760899347, - "time_dt": "2025-10-19T18:42:27.982879", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Security Group nsg-lee8 from subscription Azure subscription 1 has UDP internet access restricted.", - "metadata": { - "event_code": "network_udp_internet_access_restricted", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Security Group nsg-lee8 from subscription Azure subscription 1 has UDP internet access restricted.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/azure/security/fundamentals/network-best-practices#secure-your-critical-azure-service-resources-to-only-your-virtual-networks", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.com.1.az.nw.3" - ], - "MITRE-ATTACK": [ - "T1199", - "T1048", - "T1499", - "T1498", - "T1046" - ], - "CIS-2.0": [ - "6.3" - ], - "ProwlerThreatScore-1.0": [ - "2.1.3" - ], - "ISO27001-2022": [ - "A.8.14", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "SOC2": [ - "cc_6_6" - ], - "CIS-2.1": [ - "6.3" - ], - "CIS-3.0": [ - "7.3" - ], - "CCC": [ - "CCC.Build.CN03.AR01", - "CCC.MLDE.CN07.AR01", - "CCC.MLDE.CN07.AR02", - "CCC.MLDE.CN08.AR01", - "CCC.MLDE.CN08.AR02", - "CCC.Core.CN06.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05" - ], - "CIS-4.0": [ - "8.3" - ], - "NIS2": [ - "2.3.1", - "6.7.2.b", - "6.7.2.l", - "11.1.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760899347, - "created_time_dt": "2025-10-19T18:42:27.982879", - "desc": "Network security groups should be periodically evaluated for port misconfigurations. Where certain ports and protocols may be exposed to the Internet, they should be evaluated for necessity and restricted wherever they are not explicitly required.", - "title": "Ensure that UDP access from the Internet is evaluated and restricted", - "types": [], - "uid": "prowler-azure-network_udp_internet_access_restricted-3bb71587-4549-4396-8898-9e15f062e665-westus2-nsg-lee8" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "westus2", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-lee8/providers/Microsoft.Network/networkSecurityGroups/nsg-lee8", - "name": "nsg-lee8", - "location": "westus2", - "security_rules": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-lee8/providers/Microsoft.Network/networkSecurityGroups/nsg-lee8/securityRules/nsgr-lee8", - "name": "nsgr-lee8", - "destination_port_range": "*", - "protocol": "*", - "source_address_prefix": "192.168.0.0/24", - "access": "Deny", - "direction": "Outbound" - } - ] - } - }, - "group": { - "name": "network" - }, - "labels": [], - "name": "nsg-lee8", - "type": "Network", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-lee8/providers/Microsoft.Network/networkSecurityGroups/nsg-lee8" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "westus2" - }, - "remediation": { - "desc": "Where UDP is not explicitly required and narrowly configured for resources attached tothe Network Security Group, Internet-level access to your Azure resources should be restricted or eliminated. For internal access to relevant resources, configure an encrypted network tunnel such as: ExpressRouteSite-to-site VPN Point-to-site VPN", - "references": [ - "https://docs.microsoft.com/en-us/azure/security/fundamentals/ddos-best-practices" - ] - }, - "risk_details": "The potential security problem with broadly exposing UDP services over the Internet is that attackers can use DDoS amplification techniques to reflect spoofed UDP traffic from Azure Virtual Machines. The most common types of these attacks use exposed DNS, NTP, SSDP, SNMP, CLDAP and other UDP-based services as amplification sources for disrupting services of other machines on the Azure Virtual Network or even attack networked devices outside of Azure.", - "time": 1760899347, - "time_dt": "2025-10-19T18:42:27.982879", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Network Watcher is not enabled for the following locations in subscription 'Azure subscription 1': germanynorth, qatarcentral, newzealandnorth, swedencentral, chilecentral, westeurope, polandcentral, spaincentral, westindia, israelcentral, norwayeast, koreacentral, uaenorth, australiasoutheast, mexicocentral, austriaeast, switzerlandwest, westcentralus, canadacentral, switzerlandnorth, jioindiawest, northeurope, eastus2, australiaeast, southindia, westus3, germanywestcentral, japaneast, ukwest, uaecentral, jioindiacentral, westus, indonesiacentral, canadaeast, brazilsoutheast, centralus, brazilsouth, southafricawest, southafricanorth, australiacentral2, norwaywest, japanwest, francesouth, koreasouth, southeastasia, uksouth, australiacentral, francecentral, eastus, northcentralus, malaysiawest, eastasia, italynorth.", - "metadata": { - "event_code": "network_watcher_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Network Watcher is not enabled for the following locations in subscription 'Azure subscription 1': germanynorth, qatarcentral, newzealandnorth, swedencentral, chilecentral, westeurope, polandcentral, spaincentral, westindia, israelcentral, norwayeast, koreacentral, uaenorth, australiasoutheast, mexicocentral, austriaeast, switzerlandwest, westcentralus, canadacentral, switzerlandnorth, jioindiawest, northeurope, eastus2, australiaeast, southindia, westus3, germanywestcentral, japaneast, ukwest, uaecentral, jioindiacentral, westus, indonesiacentral, canadaeast, brazilsoutheast, centralus, brazilsouth, southafricawest, southafricanorth, australiacentral2, norwaywest, japanwest, francesouth, koreasouth, southeastasia, uksouth, australiacentral, francecentral, eastus, northcentralus, malaysiawest, eastasia, italynorth.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-monitoring-overview", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "There are additional costs per transaction to run and store network data. For high-volume networks these charges will add up quickly.", - "compliance": { - "ENS-RD2022": [ - "op.mon.1.az.nw.1", - "op.mon.2.r2.az.ma.1", - "op.mon.3.az.nw.1", - "mp.com.1.az.nw.1", - "mp.com.1.az.nw.2", - "mp.com.1.az.nw.3", - "mp.com.3.az.nw.1" - ], - "MITRE-ATTACK": [ - "T1048", - "T1499", - "T1498", - "T1046", - "T1049" - ], - "CIS-2.0": [ - "6.6" - ], - "ProwlerThreatScore-1.0": [ - "3.3.14" - ], - "ISO27001-2022": [ - "A.8.14", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "CIS-2.1": [ - "6.6" - ], - "CIS-3.0": [ - "7.6" - ], - "CCC": [ - "CCC.LB.CN01.AR02", - "CCC.LB.CN06.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN06.AR01" - ], - "CIS-4.0": [ - "8.6" - ], - "NIS2": [ - "2.3.1", - "6.7.2.b", - "6.7.2.l", - "6.8.2.a", - "11.1.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760899347, - "created_time_dt": "2025-10-19T18:42:27.982879", - "desc": "Enable Network Watcher for Azure subscriptions.", - "title": "Ensure that Network Watcher is 'Enabled' for all locations in the Azure subscription", - "types": [], - "uid": "prowler-azure-network_watcher_enabled-3bb71587-4549-4396-8898-9e15f062e665-global-Network Watcher" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "network" - }, - "labels": [], - "name": "Network Watcher", - "type": "Network", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_*" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "Opting out of Network Watcher automatic enablement is a permanent change. Once you opt-out you cannot opt-in without contacting support.", - "references": [ - "https://learn.microsoft.com/en-us/security/benchmark/azure/security-controls-v2-logging-threat-detection#lt-3-enable-logging-for-azure-network-activities" - ] - }, - "risk_details": "Network diagnostic and visualization tools available with Network Watcher help users understand, diagnose, and gain insights to the network in Azure.", - "time": 1760899347, - "time_dt": "2025-10-19T18:42:27.982879", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Policy assigment '/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Authorization/policyAssignments/SecurityCenterBuiltIn' is configured with enforcement mode 'Default'.", - "metadata": { - "event_code": "policy_ensure_asc_enforcement_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Policy assigment '/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Authorization/policyAssignments/SecurityCenterBuiltIn' is configured with enforcement mode 'Default'.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/defender-for-cloud/security-policy-concept", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-2.0": [ - "2.1.14" - ], - "ProwlerThreatScore-1.0": [ - "3.3.17" - ], - "ISO27001-2022": [ - "A.5.1" - ], - "CIS-2.1": [ - "2.1.13" - ], - "CIS-3.0": [ - "3.1.11" - ], - "PCI-4.0": [ - "10.2.1.1.31", - "10.4.1.1.5", - "10.4.1.4", - "10.4.2.5", - "10.6.3.36", - "10.7.1.6", - "10.7.2.6", - "A3.3.1.9", - "A3.5.1.9" - ], - "CIS-4.0": [ - "9.1.11" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760899347, - "created_time_dt": "2025-10-19T18:42:27.982879", - "desc": "None of the settings offered by ASC Default policy should be set to effect Disabled.", - "title": "Ensure Any of the ASC Default Policy Settings are Not Set to 'Disabled'", - "types": [], - "uid": "prowler-azure-policy_ensure_asc_enforcement_enabled-3bb71587-4549-4396-8898-9e15f062e665-global-SecurityCenterBuiltIn" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Authorization/policyAssignments/SecurityCenterBuiltIn", - "name": "SecurityCenterBuiltIn", - "enforcement_mode": "Default" - } - }, - "group": { - "name": "policy" - }, - "labels": [], - "name": "SecurityCenterBuiltIn", - "type": "Microsoft.Authorization/policyAssignments", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Authorization/policyAssignments/SecurityCenterBuiltIn" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. From Azure Home select the Portal Menu 2. Select Policy 3. Select ASC Default for each subscription 4. Click on 'view Assignment' 5. Click on 'Edit assignment' 6. Ensure Policy Enforcement is Enabled 7. Click 'Review + Save'", - "references": [ - "https://learn.microsoft.com/en-us/azure/defender-for-cloud/implement-security-recommendations" - ] - }, - "risk_details": "A security policy defines the desired configuration of your workloads and helps ensure compliance with company or regulatory security requirements. ASC Default policy is associated with every subscription by default. ASC default policy assignment is a set of security recommendations based on best practices. Enabling recommendations in ASC default policy ensures that Azure security center provides the ability to monitor all of the supported recommendations and optionally allow automated action for a few of the supported recommendations.", - "time": 1760899347, - "time_dt": "2025-10-19T18:42:27.982879", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-e9rn from subscription Azure subscription 1 has allow public access from any Azure service disabled", - "metadata": { - "event_code": "postgresql_flexible_server_allow_access_services_disabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-e9rn from subscription Azure subscription 1 has allow public access from any Azure service disabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/azure/postgresql/concepts-firewall-rules", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.r4.az.sa.3" - ], - "CIS-2.0": [ - "4.3.7" - ], - "ProwlerThreatScore-1.0": [ - "2.2.2" - ], - "ISO27001-2022": [ - "A.8.3" - ], - "CIS-2.1": [ - "4.3.7" - ], - "CIS-3.0": [ - "5.2.5" - ], - "CCC": [ - "CCC.DataWar.CN03.AR01" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760899347, - "created_time_dt": "2025-10-19T18:42:27.982879", - "desc": "Disable access from Azure services to PostgreSQL Database Server.", - "title": "Ensure 'Allow access to Azure services' for PostgreSQL Database Server is disabled", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_allow_access_services_disabled-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-e9rn" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn", - "name": "psql-e9rn", - "resource_group": "rg-e9rn", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-e9rn", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Connection security. 4. Under Firewall rules, set Allow access to Azure services to No. 5. Click Save. From Azure CLI Use the below command to delete the AllowAllWindowsAzureIps rule for PostgreSQL Database. az postgres server firewall-rule delete --name AllowAllWindowsAzureIps -- resource-group --server-name ", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/quickstart-create-server-database-azure-cli#configure-a-server-based-firewall-rule" - ] - }, - "risk_details": "If access from Azure services is enabled, the server's firewall will accept connections from all Azure resources, including resources not in your subscription. This is usually not a desired configuration. Instead, set up firewall rules to allow access from specific network ranges or VNET rules to allow access from specific virtual networks.", - "time": 1760899347, - "time_dt": "2025-10-19T18:42:27.982879", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-rk6x from subscription Azure subscription 1 has allow public access from any Azure service disabled", - "metadata": { - "event_code": "postgresql_flexible_server_allow_access_services_disabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-rk6x from subscription Azure subscription 1 has allow public access from any Azure service disabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/azure/postgresql/concepts-firewall-rules", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.r4.az.sa.3" - ], - "CIS-2.0": [ - "4.3.7" - ], - "ProwlerThreatScore-1.0": [ - "2.2.2" - ], - "ISO27001-2022": [ - "A.8.3" - ], - "CIS-2.1": [ - "4.3.7" - ], - "CIS-3.0": [ - "5.2.5" - ], - "CCC": [ - "CCC.DataWar.CN03.AR01" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760899347, - "created_time_dt": "2025-10-19T18:42:27.982879", - "desc": "Disable access from Azure services to PostgreSQL Database Server.", - "title": "Ensure 'Allow access to Azure services' for PostgreSQL Database Server is disabled", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_allow_access_services_disabled-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-rk6x" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x", - "name": "psql-rk6x", - "resource_group": "rg-rk6x", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-rk6x", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Connection security. 4. Under Firewall rules, set Allow access to Azure services to No. 5. Click Save. From Azure CLI Use the below command to delete the AllowAllWindowsAzureIps rule for PostgreSQL Database. az postgres server firewall-rule delete --name AllowAllWindowsAzureIps -- resource-group --server-name ", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/quickstart-create-server-database-azure-cli#configure-a-server-based-firewall-rule" - ] - }, - "risk_details": "If access from Azure services is enabled, the server's firewall will accept connections from all Azure resources, including resources not in your subscription. This is usually not a desired configuration. Instead, set up firewall rules to allow access from specific network ranges or VNET rules to allow access from specific virtual networks.", - "time": 1760899347, - "time_dt": "2025-10-19T18:42:27.982879", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-rtac from subscription Azure subscription 1 has allow public access from any Azure service disabled", - "metadata": { - "event_code": "postgresql_flexible_server_allow_access_services_disabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-rtac from subscription Azure subscription 1 has allow public access from any Azure service disabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/azure/postgresql/concepts-firewall-rules", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.r4.az.sa.3" - ], - "CIS-2.0": [ - "4.3.7" - ], - "ProwlerThreatScore-1.0": [ - "2.2.2" - ], - "ISO27001-2022": [ - "A.8.3" - ], - "CIS-2.1": [ - "4.3.7" - ], - "CIS-3.0": [ - "5.2.5" - ], - "CCC": [ - "CCC.DataWar.CN03.AR01" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760899347, - "created_time_dt": "2025-10-19T18:42:27.982879", - "desc": "Disable access from Azure services to PostgreSQL Database Server.", - "title": "Ensure 'Allow access to Azure services' for PostgreSQL Database Server is disabled", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_allow_access_services_disabled-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-rtac" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac", - "name": "psql-rtac", - "resource_group": "rg-rtac", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-rtac", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Connection security. 4. Under Firewall rules, set Allow access to Azure services to No. 5. Click Save. From Azure CLI Use the below command to delete the AllowAllWindowsAzureIps rule for PostgreSQL Database. az postgres server firewall-rule delete --name AllowAllWindowsAzureIps -- resource-group --server-name ", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/quickstart-create-server-database-azure-cli#configure-a-server-based-firewall-rule" - ] - }, - "risk_details": "If access from Azure services is enabled, the server's firewall will accept connections from all Azure resources, including resources not in your subscription. This is usually not a desired configuration. Instead, set up firewall rules to allow access from specific network ranges or VNET rules to allow access from specific virtual networks.", - "time": 1760899347, - "time_dt": "2025-10-19T18:42:27.982879", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-tumw from subscription Azure subscription 1 has allow public access from any Azure service disabled", - "metadata": { - "event_code": "postgresql_flexible_server_allow_access_services_disabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-tumw from subscription Azure subscription 1 has allow public access from any Azure service disabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/azure/postgresql/concepts-firewall-rules", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.r4.az.sa.3" - ], - "CIS-2.0": [ - "4.3.7" - ], - "ProwlerThreatScore-1.0": [ - "2.2.2" - ], - "ISO27001-2022": [ - "A.8.3" - ], - "CIS-2.1": [ - "4.3.7" - ], - "CIS-3.0": [ - "5.2.5" - ], - "CCC": [ - "CCC.DataWar.CN03.AR01" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760899347, - "created_time_dt": "2025-10-19T18:42:27.982879", - "desc": "Disable access from Azure services to PostgreSQL Database Server.", - "title": "Ensure 'Allow access to Azure services' for PostgreSQL Database Server is disabled", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_allow_access_services_disabled-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-tumw" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw", - "name": "psql-tumw", - "resource_group": "rg-tumw", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-tumw", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Connection security. 4. Under Firewall rules, set Allow access to Azure services to No. 5. Click Save. From Azure CLI Use the below command to delete the AllowAllWindowsAzureIps rule for PostgreSQL Database. az postgres server firewall-rule delete --name AllowAllWindowsAzureIps -- resource-group --server-name ", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/quickstart-create-server-database-azure-cli#configure-a-server-based-firewall-rule" - ] - }, - "risk_details": "If access from Azure services is enabled, the server's firewall will accept connections from all Azure resources, including resources not in your subscription. This is usually not a desired configuration. Instead, set up firewall rules to allow access from specific network ranges or VNET rules to allow access from specific virtual networks.", - "time": 1760899347, - "time_dt": "2025-10-19T18:42:27.982879", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-e9rn from subscription Azure subscription 1 has connection_throttling disabled", - "metadata": { - "event_code": "postgresql_flexible_server_connection_throttling_on", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Flexible Postgresql server psql-e9rn from subscription Azure subscription 1 has connection_throttling disabled", - "status_id": 1, - "unmapped": { - "related_url": " https://docs.microsoft.com/en-us/rest/api/postgresql/configurations/listbyserver", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-2.0": [ - "4.3.5" - ], - "ProwlerThreatScore-1.0": [ - "3.1.2" - ], - "CIS-2.1": [ - "4.3.5" - ], - "CIS-3.0": [ - "5.2.3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760899347, - "created_time_dt": "2025-10-19T18:42:27.982879", - "desc": "Enable connection_throttling on PostgreSQL Servers.", - "title": "Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_connection_throttling_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-e9rn" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn", - "name": "psql-e9rn", - "resource_group": "rg-e9rn", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-e9rn", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for connection_throttling. 5. Click ON and save. From Azure CLI Use the below command to update connection_throttling configuration. az postgres server configuration set --resource-group -- server-name --name connection_throttling --value on From PowerShell Use the below command to update connection_throttling configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name connection_throttling -Value on", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/how-to-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling connection_throttling helps the PostgreSQL Database to Set the verbosity of logged messages. This in turn generates query and error logs with respect to concurrent connections that could lead to a successful Denial of Service (DoS) attack by exhausting connection resources. A system can also fail or be degraded by an overload of legitimate users. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760899347, - "time_dt": "2025-10-19T18:42:27.982879", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-rk6x from subscription Azure subscription 1 has connection_throttling disabled", - "metadata": { - "event_code": "postgresql_flexible_server_connection_throttling_on", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Flexible Postgresql server psql-rk6x from subscription Azure subscription 1 has connection_throttling disabled", - "status_id": 1, - "unmapped": { - "related_url": " https://docs.microsoft.com/en-us/rest/api/postgresql/configurations/listbyserver", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-2.0": [ - "4.3.5" - ], - "ProwlerThreatScore-1.0": [ - "3.1.2" - ], - "CIS-2.1": [ - "4.3.5" - ], - "CIS-3.0": [ - "5.2.3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760899347, - "created_time_dt": "2025-10-19T18:42:27.982879", - "desc": "Enable connection_throttling on PostgreSQL Servers.", - "title": "Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_connection_throttling_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-rk6x" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x", - "name": "psql-rk6x", - "resource_group": "rg-rk6x", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-rk6x", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for connection_throttling. 5. Click ON and save. From Azure CLI Use the below command to update connection_throttling configuration. az postgres server configuration set --resource-group -- server-name --name connection_throttling --value on From PowerShell Use the below command to update connection_throttling configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name connection_throttling -Value on", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/how-to-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling connection_throttling helps the PostgreSQL Database to Set the verbosity of logged messages. This in turn generates query and error logs with respect to concurrent connections that could lead to a successful Denial of Service (DoS) attack by exhausting connection resources. A system can also fail or be degraded by an overload of legitimate users. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760899347, - "time_dt": "2025-10-19T18:42:27.982879", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-rtac from subscription Azure subscription 1 has connection_throttling disabled", - "metadata": { - "event_code": "postgresql_flexible_server_connection_throttling_on", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Flexible Postgresql server psql-rtac from subscription Azure subscription 1 has connection_throttling disabled", - "status_id": 1, - "unmapped": { - "related_url": " https://docs.microsoft.com/en-us/rest/api/postgresql/configurations/listbyserver", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-2.0": [ - "4.3.5" - ], - "ProwlerThreatScore-1.0": [ - "3.1.2" - ], - "CIS-2.1": [ - "4.3.5" - ], - "CIS-3.0": [ - "5.2.3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760899347, - "created_time_dt": "2025-10-19T18:42:27.982879", - "desc": "Enable connection_throttling on PostgreSQL Servers.", - "title": "Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_connection_throttling_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-rtac" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac", - "name": "psql-rtac", - "resource_group": "rg-rtac", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-rtac", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for connection_throttling. 5. Click ON and save. From Azure CLI Use the below command to update connection_throttling configuration. az postgres server configuration set --resource-group -- server-name --name connection_throttling --value on From PowerShell Use the below command to update connection_throttling configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name connection_throttling -Value on", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/how-to-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling connection_throttling helps the PostgreSQL Database to Set the verbosity of logged messages. This in turn generates query and error logs with respect to concurrent connections that could lead to a successful Denial of Service (DoS) attack by exhausting connection resources. A system can also fail or be degraded by an overload of legitimate users. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760899347, - "time_dt": "2025-10-19T18:42:27.982879", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-tumw from subscription Azure subscription 1 has connection_throttling disabled", - "metadata": { - "event_code": "postgresql_flexible_server_connection_throttling_on", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Flexible Postgresql server psql-tumw from subscription Azure subscription 1 has connection_throttling disabled", - "status_id": 1, - "unmapped": { - "related_url": " https://docs.microsoft.com/en-us/rest/api/postgresql/configurations/listbyserver", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-2.0": [ - "4.3.5" - ], - "ProwlerThreatScore-1.0": [ - "3.1.2" - ], - "CIS-2.1": [ - "4.3.5" - ], - "CIS-3.0": [ - "5.2.3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760899347, - "created_time_dt": "2025-10-19T18:42:27.982879", - "desc": "Enable connection_throttling on PostgreSQL Servers.", - "title": "Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_connection_throttling_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-tumw" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw", - "name": "psql-tumw", - "resource_group": "rg-tumw", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-tumw", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for connection_throttling. 5. Click ON and save. From Azure CLI Use the below command to update connection_throttling configuration. az postgres server configuration set --resource-group -- server-name --name connection_throttling --value on From PowerShell Use the below command to update connection_throttling configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name connection_throttling -Value on", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/how-to-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling connection_throttling helps the PostgreSQL Database to Set the verbosity of logged messages. This in turn generates query and error logs with respect to concurrent connections that could lead to a successful Denial of Service (DoS) attack by exhausting connection resources. A system can also fail or be degraded by an overload of legitimate users. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760899347, - "time_dt": "2025-10-19T18:42:27.982879", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-e9rn from subscription Azure subscription 1 has enforce ssl enabled", - "metadata": { - "event_code": "postgresql_flexible_server_enforce_ssl_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-e9rn from subscription Azure subscription 1 has enforce ssl enabled", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/postgresql/single-server/concepts-ssl-connection-security", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": ".", - "compliance": { - "MITRE-ATTACK": [ - "T1040", - "T1530" - ], - "CIS-2.0": [ - "4.3.1" - ], - "ProwlerThreatScore-1.0": [ - "4.1.1", - "4.1.2" - ], - "SOC2": [ - "cc_6_2", - "cc_6_6" - ], - "CIS-2.1": [ - "4.3.1" - ], - "CIS-3.0": [ - "5.2.1", - "5.3.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760899347, - "created_time_dt": "2025-10-19T18:42:27.982879", - "desc": "Enable SSL connection on PostgreSQL Servers.", - "title": "Ensure 'Enforce SSL connection' is set to 'ENABLED' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_enforce_ssl_enabled-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-e9rn" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn", - "name": "psql-e9rn", - "resource_group": "rg-e9rn", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-e9rn", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com 2. Go to Azure Database for PostgreSQL server 3. For each database, click on Connection security 4. In SSL settings, click on ENABLED to enforce SSL connections 5. Click Save From Azure CLI Use the below command to enforce ssl connection for PostgreSQL Database. az postgres server update --resource-group --name --ssl-enforcement Enabled From PowerShell Update-AzPostgreSqlServer -ResourceGroupName -ServerName -SslEnforcement Enabled", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/concepts-ssl-connection-security" - ] - }, - "risk_details": "SSL connectivity helps to provide a new layer of security by connecting database server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between database server and client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and application.", - "time": 1760899347, - "time_dt": "2025-10-19T18:42:27.982879", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-rk6x from subscription Azure subscription 1 has enforce ssl enabled", - "metadata": { - "event_code": "postgresql_flexible_server_enforce_ssl_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-rk6x from subscription Azure subscription 1 has enforce ssl enabled", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/postgresql/single-server/concepts-ssl-connection-security", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": ".", - "compliance": { - "MITRE-ATTACK": [ - "T1040", - "T1530" - ], - "CIS-2.0": [ - "4.3.1" - ], - "ProwlerThreatScore-1.0": [ - "4.1.1", - "4.1.2" - ], - "SOC2": [ - "cc_6_2", - "cc_6_6" - ], - "CIS-2.1": [ - "4.3.1" - ], - "CIS-3.0": [ - "5.2.1", - "5.3.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760899347, - "created_time_dt": "2025-10-19T18:42:27.982879", - "desc": "Enable SSL connection on PostgreSQL Servers.", - "title": "Ensure 'Enforce SSL connection' is set to 'ENABLED' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_enforce_ssl_enabled-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-rk6x" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x", - "name": "psql-rk6x", - "resource_group": "rg-rk6x", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-rk6x", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com 2. Go to Azure Database for PostgreSQL server 3. For each database, click on Connection security 4. In SSL settings, click on ENABLED to enforce SSL connections 5. Click Save From Azure CLI Use the below command to enforce ssl connection for PostgreSQL Database. az postgres server update --resource-group --name --ssl-enforcement Enabled From PowerShell Update-AzPostgreSqlServer -ResourceGroupName -ServerName -SslEnforcement Enabled", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/concepts-ssl-connection-security" - ] - }, - "risk_details": "SSL connectivity helps to provide a new layer of security by connecting database server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between database server and client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and application.", - "time": 1760899347, - "time_dt": "2025-10-19T18:42:27.982879", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-rtac from subscription Azure subscription 1 has enforce ssl enabled", - "metadata": { - "event_code": "postgresql_flexible_server_enforce_ssl_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-rtac from subscription Azure subscription 1 has enforce ssl enabled", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/postgresql/single-server/concepts-ssl-connection-security", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": ".", - "compliance": { - "MITRE-ATTACK": [ - "T1040", - "T1530" - ], - "CIS-2.0": [ - "4.3.1" - ], - "ProwlerThreatScore-1.0": [ - "4.1.1", - "4.1.2" - ], - "SOC2": [ - "cc_6_2", - "cc_6_6" - ], - "CIS-2.1": [ - "4.3.1" - ], - "CIS-3.0": [ - "5.2.1", - "5.3.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760899347, - "created_time_dt": "2025-10-19T18:42:27.982879", - "desc": "Enable SSL connection on PostgreSQL Servers.", - "title": "Ensure 'Enforce SSL connection' is set to 'ENABLED' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_enforce_ssl_enabled-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-rtac" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac", - "name": "psql-rtac", - "resource_group": "rg-rtac", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-rtac", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com 2. Go to Azure Database for PostgreSQL server 3. For each database, click on Connection security 4. In SSL settings, click on ENABLED to enforce SSL connections 5. Click Save From Azure CLI Use the below command to enforce ssl connection for PostgreSQL Database. az postgres server update --resource-group --name --ssl-enforcement Enabled From PowerShell Update-AzPostgreSqlServer -ResourceGroupName -ServerName -SslEnforcement Enabled", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/concepts-ssl-connection-security" - ] - }, - "risk_details": "SSL connectivity helps to provide a new layer of security by connecting database server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between database server and client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and application.", - "time": 1760899347, - "time_dt": "2025-10-19T18:42:27.982879", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-tumw from subscription Azure subscription 1 has enforce ssl enabled", - "metadata": { - "event_code": "postgresql_flexible_server_enforce_ssl_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-tumw from subscription Azure subscription 1 has enforce ssl enabled", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/postgresql/single-server/concepts-ssl-connection-security", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": ".", - "compliance": { - "MITRE-ATTACK": [ - "T1040", - "T1530" - ], - "CIS-2.0": [ - "4.3.1" - ], - "ProwlerThreatScore-1.0": [ - "4.1.1", - "4.1.2" - ], - "SOC2": [ - "cc_6_2", - "cc_6_6" - ], - "CIS-2.1": [ - "4.3.1" - ], - "CIS-3.0": [ - "5.2.1", - "5.3.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760899347, - "created_time_dt": "2025-10-19T18:42:27.982879", - "desc": "Enable SSL connection on PostgreSQL Servers.", - "title": "Ensure 'Enforce SSL connection' is set to 'ENABLED' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_enforce_ssl_enabled-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-tumw" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw", - "name": "psql-tumw", - "resource_group": "rg-tumw", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-tumw", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com 2. Go to Azure Database for PostgreSQL server 3. For each database, click on Connection security 4. In SSL settings, click on ENABLED to enforce SSL connections 5. Click Save From Azure CLI Use the below command to enforce ssl connection for PostgreSQL Database. az postgres server update --resource-group --name --ssl-enforcement Enabled From PowerShell Update-AzPostgreSqlServer -ResourceGroupName -ServerName -SslEnforcement Enabled", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/concepts-ssl-connection-security" - ] - }, - "risk_details": "SSL connectivity helps to provide a new layer of security by connecting database server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between database server and client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and application.", - "time": 1760899347, - "time_dt": "2025-10-19T18:42:27.982879", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-e9rn from subscription Azure subscription 1 has log_checkpoints enabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_checkpoints_on", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-e9rn from subscription Azure subscription 1 has log_checkpoints enabled", - "status_id": 1, - "unmapped": { - "related_url": " https://docs.microsoft.com/en-us/rest/api/postgresql/singleserver/configurations/list-by-server", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.3" - ], - "CIS-2.0": [ - "4.3.2" - ], - "ProwlerThreatScore-1.0": [ - "3.1.1" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "4.3.2" - ], - "CIS-3.0": [ - "5.2.2" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.g", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760899347, - "created_time_dt": "2025-10-19T18:42:27.982879", - "desc": "Enable log_checkpoints on PostgreSQL Servers.", - "title": "Ensure Server Parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_checkpoints_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-e9rn" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn", - "name": "psql-e9rn", - "resource_group": "rg-e9rn", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-e9rn", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. From Azure Home select the Portal Menu. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for log_checkpoints. 5. Click ON and save. From Azure CLI Use the below command to update log_checkpoints configuration. az postgres server configuration set --resource-group -- server-name --name log_checkpoints --value on From PowerShell Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_checkpoints -Value on", - "references": [ - "https://docs.microsoft.com/en-us/azure/postgresql/howto-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling log_checkpoints helps the PostgreSQL Database to Log each checkpoint in turn generates query and error logs. However, access to transaction logs is not supported. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760899347, - "time_dt": "2025-10-19T18:42:27.982879", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-rk6x from subscription Azure subscription 1 has log_checkpoints enabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_checkpoints_on", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-rk6x from subscription Azure subscription 1 has log_checkpoints enabled", - "status_id": 1, - "unmapped": { - "related_url": " https://docs.microsoft.com/en-us/rest/api/postgresql/singleserver/configurations/list-by-server", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.3" - ], - "CIS-2.0": [ - "4.3.2" - ], - "ProwlerThreatScore-1.0": [ - "3.1.1" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "4.3.2" - ], - "CIS-3.0": [ - "5.2.2" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.g", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760899347, - "created_time_dt": "2025-10-19T18:42:27.982879", - "desc": "Enable log_checkpoints on PostgreSQL Servers.", - "title": "Ensure Server Parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_checkpoints_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-rk6x" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x", - "name": "psql-rk6x", - "resource_group": "rg-rk6x", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-rk6x", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. From Azure Home select the Portal Menu. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for log_checkpoints. 5. Click ON and save. From Azure CLI Use the below command to update log_checkpoints configuration. az postgres server configuration set --resource-group -- server-name --name log_checkpoints --value on From PowerShell Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_checkpoints -Value on", - "references": [ - "https://docs.microsoft.com/en-us/azure/postgresql/howto-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling log_checkpoints helps the PostgreSQL Database to Log each checkpoint in turn generates query and error logs. However, access to transaction logs is not supported. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760899347, - "time_dt": "2025-10-19T18:42:27.982879", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-rtac from subscription Azure subscription 1 has log_checkpoints enabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_checkpoints_on", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-rtac from subscription Azure subscription 1 has log_checkpoints enabled", - "status_id": 1, - "unmapped": { - "related_url": " https://docs.microsoft.com/en-us/rest/api/postgresql/singleserver/configurations/list-by-server", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.3" - ], - "CIS-2.0": [ - "4.3.2" - ], - "ProwlerThreatScore-1.0": [ - "3.1.1" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "4.3.2" - ], - "CIS-3.0": [ - "5.2.2" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.g", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760899347, - "created_time_dt": "2025-10-19T18:42:27.982879", - "desc": "Enable log_checkpoints on PostgreSQL Servers.", - "title": "Ensure Server Parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_checkpoints_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-rtac" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac", - "name": "psql-rtac", - "resource_group": "rg-rtac", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-rtac", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. From Azure Home select the Portal Menu. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for log_checkpoints. 5. Click ON and save. From Azure CLI Use the below command to update log_checkpoints configuration. az postgres server configuration set --resource-group -- server-name --name log_checkpoints --value on From PowerShell Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_checkpoints -Value on", - "references": [ - "https://docs.microsoft.com/en-us/azure/postgresql/howto-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling log_checkpoints helps the PostgreSQL Database to Log each checkpoint in turn generates query and error logs. However, access to transaction logs is not supported. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760899347, - "time_dt": "2025-10-19T18:42:27.982879", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-tumw from subscription Azure subscription 1 has log_checkpoints enabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_checkpoints_on", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-tumw from subscription Azure subscription 1 has log_checkpoints enabled", - "status_id": 1, - "unmapped": { - "related_url": " https://docs.microsoft.com/en-us/rest/api/postgresql/singleserver/configurations/list-by-server", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.3" - ], - "CIS-2.0": [ - "4.3.2" - ], - "ProwlerThreatScore-1.0": [ - "3.1.1" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "4.3.2" - ], - "CIS-3.0": [ - "5.2.2" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.g", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760899347, - "created_time_dt": "2025-10-19T18:42:27.982879", - "desc": "Enable log_checkpoints on PostgreSQL Servers.", - "title": "Ensure Server Parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_checkpoints_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-tumw" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw", - "name": "psql-tumw", - "resource_group": "rg-tumw", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-tumw", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. From Azure Home select the Portal Menu. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for log_checkpoints. 5. Click ON and save. From Azure CLI Use the below command to update log_checkpoints configuration. az postgres server configuration set --resource-group -- server-name --name log_checkpoints --value on From PowerShell Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_checkpoints -Value on", - "references": [ - "https://docs.microsoft.com/en-us/azure/postgresql/howto-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling log_checkpoints helps the PostgreSQL Database to Log each checkpoint in turn generates query and error logs. However, access to transaction logs is not supported. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760899347, - "time_dt": "2025-10-19T18:42:27.982879", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-e9rn from subscription Azure subscription 1 has log_connections enabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_connections_on", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-e9rn from subscription Azure subscription 1 has log_connections enabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/rest/api/postgresql/configurations/listbyserver", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.3" - ], - "CIS-2.0": [ - "4.3.3" - ], - "ProwlerThreatScore-1.0": [ - "3.1.3" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "4.3.3" - ], - "CIS-3.0": [ - "5.2.6" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.c", - "3.2.3.e", - "3.2.3.g", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760899347, - "created_time_dt": "2025-10-19T18:42:27.982879", - "desc": "Enable log_connections on PostgreSQL Servers.", - "title": "Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_connections_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-e9rn" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn", - "name": "psql-e9rn", - "resource_group": "rg-e9rn", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-e9rn", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for log_connections. 5. Click ON and save. From Azure CLI Use the below command to update log_connections configuration. az postgres server configuration set --resource-group -- server-name --name log_connections --value on From PowerShell Use the below command to update log_connections configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_connections -Value on", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/how-to-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling log_connections helps PostgreSQL Database to log attempted connection to the server, as well as successful completion of client authentication. Log data can be used to identify, troubleshoot, and repair configuration errors and suboptimal performance.", - "time": 1760899347, - "time_dt": "2025-10-19T18:42:27.982879", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-rk6x from subscription Azure subscription 1 has log_connections enabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_connections_on", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-rk6x from subscription Azure subscription 1 has log_connections enabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/rest/api/postgresql/configurations/listbyserver", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.3" - ], - "CIS-2.0": [ - "4.3.3" - ], - "ProwlerThreatScore-1.0": [ - "3.1.3" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "4.3.3" - ], - "CIS-3.0": [ - "5.2.6" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.c", - "3.2.3.e", - "3.2.3.g", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760899347, - "created_time_dt": "2025-10-19T18:42:27.982879", - "desc": "Enable log_connections on PostgreSQL Servers.", - "title": "Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_connections_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-rk6x" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x", - "name": "psql-rk6x", - "resource_group": "rg-rk6x", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-rk6x", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for log_connections. 5. Click ON and save. From Azure CLI Use the below command to update log_connections configuration. az postgres server configuration set --resource-group -- server-name --name log_connections --value on From PowerShell Use the below command to update log_connections configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_connections -Value on", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/how-to-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling log_connections helps PostgreSQL Database to log attempted connection to the server, as well as successful completion of client authentication. Log data can be used to identify, troubleshoot, and repair configuration errors and suboptimal performance.", - "time": 1760899347, - "time_dt": "2025-10-19T18:42:27.982879", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-rtac from subscription Azure subscription 1 has log_connections enabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_connections_on", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-rtac from subscription Azure subscription 1 has log_connections enabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/rest/api/postgresql/configurations/listbyserver", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.3" - ], - "CIS-2.0": [ - "4.3.3" - ], - "ProwlerThreatScore-1.0": [ - "3.1.3" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "4.3.3" - ], - "CIS-3.0": [ - "5.2.6" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.c", - "3.2.3.e", - "3.2.3.g", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760899347, - "created_time_dt": "2025-10-19T18:42:27.982879", - "desc": "Enable log_connections on PostgreSQL Servers.", - "title": "Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_connections_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-rtac" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac", - "name": "psql-rtac", - "resource_group": "rg-rtac", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-rtac", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for log_connections. 5. Click ON and save. From Azure CLI Use the below command to update log_connections configuration. az postgres server configuration set --resource-group -- server-name --name log_connections --value on From PowerShell Use the below command to update log_connections configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_connections -Value on", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/how-to-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling log_connections helps PostgreSQL Database to log attempted connection to the server, as well as successful completion of client authentication. Log data can be used to identify, troubleshoot, and repair configuration errors and suboptimal performance.", - "time": 1760899347, - "time_dt": "2025-10-19T18:42:27.982879", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-tumw from subscription Azure subscription 1 has log_connections enabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_connections_on", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-tumw from subscription Azure subscription 1 has log_connections enabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/rest/api/postgresql/configurations/listbyserver", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.3" - ], - "CIS-2.0": [ - "4.3.3" - ], - "ProwlerThreatScore-1.0": [ - "3.1.3" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "4.3.3" - ], - "CIS-3.0": [ - "5.2.6" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.c", - "3.2.3.e", - "3.2.3.g", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760899347, - "created_time_dt": "2025-10-19T18:42:27.982879", - "desc": "Enable log_connections on PostgreSQL Servers.", - "title": "Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_connections_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-tumw" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw", - "name": "psql-tumw", - "resource_group": "rg-tumw", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-tumw", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for log_connections. 5. Click ON and save. From Azure CLI Use the below command to update log_connections configuration. az postgres server configuration set --resource-group -- server-name --name log_connections --value on From PowerShell Use the below command to update log_connections configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_connections -Value on", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/how-to-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling log_connections helps PostgreSQL Database to log attempted connection to the server, as well as successful completion of client authentication. Log data can be used to identify, troubleshoot, and repair configuration errors and suboptimal performance.", - "time": 1760899347, - "time_dt": "2025-10-19T18:42:27.982879", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-e9rn from subscription Azure subscription 1 has log_disconnections enabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_disconnections_on", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-e9rn from subscription Azure subscription 1 has log_disconnections enabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/rest/api/postgresql/singleserver/configurations/list-by-server", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Enabling this setting will enable a log of all disconnections. If this is enabled for a high traffic server, the log may grow exponentially.", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.3" - ], - "CIS-2.0": [ - "4.3.4" - ], - "ProwlerThreatScore-1.0": [ - "3.1.4" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "4.3.4" - ], - "CIS-3.0": [ - "5.2.7" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.c", - "3.2.3.e", - "3.2.3.g", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760899347, - "created_time_dt": "2025-10-19T18:42:27.982879", - "desc": "Enable log_disconnections on PostgreSQL Servers.", - "title": "Ensure server parameter 'log_disconnections' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_disconnections_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-e9rn" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn", - "name": "psql-e9rn", - "resource_group": "rg-e9rn", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-e9rn", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. From Azure Home select the Portal Menu 2. Go to Azure Database for PostgreSQL servers 3. For each database, click on Server parameters 4. Search for log_disconnections. 5. Click ON and save. From Azure CLI Use the below command to update log_disconnections configuration. az postgres server configuration set --resource-group -- server-name --name log_disconnections --value on From PowerShell Use the below command to update log_disconnections configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName -- server-name --name log_disconnections --value on From PowerShell Use the below command to update log_disconnections configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName -- server-name --name log_disconnections --value on From PowerShell Use the below command to update log_disconnections configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName -- server-name --name log_disconnections --value on From PowerShell Use the below command to update log_disconnections configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName -- server-name --name log_retention_days --value <4-7> From Powershell Use the below command to update log_retention_days configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_retention_days -Value <4-7>", - "references": [ - "https://learn.microsoft.com/en-us/rest/api/postgresql/singleserver/configurations/list-by-server?view=rest-postgresql-singleserver-2017-12-01&tabs=HTTP" - ] - }, - "risk_details": "Configuring log_retention_days determines the duration in days that Azure Database for PostgreSQL retains log files. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760899347, - "time_dt": "2025-10-19T18:42:27.982879", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-rk6x from subscription Azure subscription 1 has log_retention disabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_retention_days_greater_3", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Flexible Postgresql server psql-rk6x from subscription Azure subscription 1 has log_retention disabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/azure/postgresql/howto-configure-server-parameters-using-portal", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Configuring this setting will result in logs being retained for the specified number of days. If this is configured on a high traffic server, the log may grow quickly to occupy a large amount of disk space. In this case you may want to set this to a lower number.", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.r3.az.nt.1", - "op.mon.3.az.nw.1" - ], - "CIS-2.0": [ - "4.3.6" - ], - "ProwlerThreatScore-1.0": [ - "3.2.2" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1", - "cc_c_1_2" - ], - "CIS-2.1": [ - "4.3.6" - ], - "CIS-3.0": [ - "5.2.4" - ], - "CCC": [ - "CCC.Logging.CN02.AR02" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.g", - "3.2.5", - "4.1.2.g", - "4.1.4", - "6.1.2.b", - "11.2.2.f", - "12.2.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760899347, - "created_time_dt": "2025-10-19T18:42:27.982879", - "desc": "Ensure log_retention_days on PostgreSQL Servers is set to an appropriate value.", - "title": "Ensure Server Parameter 'log_retention_days' is greater than 3 days for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_retention_days_greater_3-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-rk6x" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x", - "name": "psql-rk6x", - "resource_group": "rg-rk6x", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-rk6x", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. From Azure Home select the Portal Menu. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for log_retention_days. 5. Input a value between 4 and 7 (inclusive) and click Save. From Azure CLI Use the below command to update log_retention_days configuration. az postgres server configuration set --resource-group -- server-name --name log_retention_days --value <4-7> From Powershell Use the below command to update log_retention_days configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_retention_days -Value <4-7>", - "references": [ - "https://learn.microsoft.com/en-us/rest/api/postgresql/singleserver/configurations/list-by-server?view=rest-postgresql-singleserver-2017-12-01&tabs=HTTP" - ] - }, - "risk_details": "Configuring log_retention_days determines the duration in days that Azure Database for PostgreSQL retains log files. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760899347, - "time_dt": "2025-10-19T18:42:27.982879", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-rtac from subscription Azure subscription 1 has log_retention disabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_retention_days_greater_3", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Flexible Postgresql server psql-rtac from subscription Azure subscription 1 has log_retention disabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/azure/postgresql/howto-configure-server-parameters-using-portal", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Configuring this setting will result in logs being retained for the specified number of days. If this is configured on a high traffic server, the log may grow quickly to occupy a large amount of disk space. In this case you may want to set this to a lower number.", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.r3.az.nt.1", - "op.mon.3.az.nw.1" - ], - "CIS-2.0": [ - "4.3.6" - ], - "ProwlerThreatScore-1.0": [ - "3.2.2" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1", - "cc_c_1_2" - ], - "CIS-2.1": [ - "4.3.6" - ], - "CIS-3.0": [ - "5.2.4" - ], - "CCC": [ - "CCC.Logging.CN02.AR02" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.g", - "3.2.5", - "4.1.2.g", - "4.1.4", - "6.1.2.b", - "11.2.2.f", - "12.2.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760899347, - "created_time_dt": "2025-10-19T18:42:27.982879", - "desc": "Ensure log_retention_days on PostgreSQL Servers is set to an appropriate value.", - "title": "Ensure Server Parameter 'log_retention_days' is greater than 3 days for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_retention_days_greater_3-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-rtac" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac", - "name": "psql-rtac", - "resource_group": "rg-rtac", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-rtac", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. From Azure Home select the Portal Menu. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for log_retention_days. 5. Input a value between 4 and 7 (inclusive) and click Save. From Azure CLI Use the below command to update log_retention_days configuration. az postgres server configuration set --resource-group -- server-name --name log_retention_days --value <4-7> From Powershell Use the below command to update log_retention_days configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_retention_days -Value <4-7>", - "references": [ - "https://learn.microsoft.com/en-us/rest/api/postgresql/singleserver/configurations/list-by-server?view=rest-postgresql-singleserver-2017-12-01&tabs=HTTP" - ] - }, - "risk_details": "Configuring log_retention_days determines the duration in days that Azure Database for PostgreSQL retains log files. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760899347, - "time_dt": "2025-10-19T18:42:27.982879", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-tumw from subscription Azure subscription 1 has log_retention disabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_retention_days_greater_3", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Flexible Postgresql server psql-tumw from subscription Azure subscription 1 has log_retention disabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/azure/postgresql/howto-configure-server-parameters-using-portal", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Configuring this setting will result in logs being retained for the specified number of days. If this is configured on a high traffic server, the log may grow quickly to occupy a large amount of disk space. In this case you may want to set this to a lower number.", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.r3.az.nt.1", - "op.mon.3.az.nw.1" - ], - "CIS-2.0": [ - "4.3.6" - ], - "ProwlerThreatScore-1.0": [ - "3.2.2" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1", - "cc_c_1_2" - ], - "CIS-2.1": [ - "4.3.6" - ], - "CIS-3.0": [ - "5.2.4" - ], - "CCC": [ - "CCC.Logging.CN02.AR02" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.g", - "3.2.5", - "4.1.2.g", - "4.1.4", - "6.1.2.b", - "11.2.2.f", - "12.2.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760899347, - "created_time_dt": "2025-10-19T18:42:27.982879", - "desc": "Ensure log_retention_days on PostgreSQL Servers is set to an appropriate value.", - "title": "Ensure Server Parameter 'log_retention_days' is greater than 3 days for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_retention_days_greater_3-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-tumw" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw", - "name": "psql-tumw", - "resource_group": "rg-tumw", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-tumw", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. From Azure Home select the Portal Menu. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for log_retention_days. 5. Input a value between 4 and 7 (inclusive) and click Save. From Azure CLI Use the below command to update log_retention_days configuration. az postgres server configuration set --resource-group -- server-name --name log_retention_days --value <4-7> From Powershell Use the below command to update log_retention_days configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_retention_days -Value <4-7>", - "references": [ - "https://learn.microsoft.com/en-us/rest/api/postgresql/singleserver/configurations/list-by-server?view=rest-postgresql-singleserver-2017-12-01&tabs=HTTP" - ] - }, - "risk_details": "Configuring log_retention_days determines the duration in days that Azure Database for PostgreSQL retains log files. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760899347, - "time_dt": "2025-10-19T18:42:27.982879", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - } -] diff --git a/website/src/data/test-results/finos-labs-ccc-cfi-compliance/azure-postgresql-flexibleserver/results/azure-postgresql-flexibleserver-complete.ocsf.json b/website/src/data/test-results/finos-labs-ccc-cfi-compliance/azure-postgresql-flexibleserver/results/azure-postgresql-flexibleserver-complete.ocsf.json deleted file mode 100644 index 6c07e9fb..00000000 --- a/website/src/data/test-results/finos-labs-ccc-cfi-compliance/azure-postgresql-flexibleserver/results/azure-postgresql-flexibleserver-complete.ocsf.json +++ /dev/null @@ -1,11649 +0,0 @@ -[ - { - "message": "There are no AppInsight configured in subscription Azure subscription 1.", - "metadata": { - "event_code": "appinsights_ensure_is_configured", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "There are no AppInsight configured in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/azure-monitor/app/app-insights-overview", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Because Application Insights relies on a Log Analytics Workspace, an organization will incur additional expenses when using this service.", - "compliance": { - "ENS-RD2022": [ - "mp.s.4.r1.az.nt.2" - ], - "CIS-2.0": [ - "5.3.1" - ], - "ProwlerThreatScore-1.0": [ - "3.3.13" - ], - "CIS-2.1": [ - "5.3.1" - ], - "CIS-3.0": [ - "6.3.1" - ], - "CCC": [ - "CCC.Logging.CN01.AR01" - ], - "PCI-4.0": [ - "10.2.1.1.3", - "10.2.1.2.3", - "10.2.1.3.3", - "10.2.1.4.3", - "10.2.1.5.3", - "10.2.1.6.3", - "10.2.1.7.3", - "10.2.1.3", - "10.2.2.3", - "10.4.1.1.1", - "10.4.1.1", - "10.4.2.1", - "10.6.3.3", - "10.7.1.1", - "10.7.2.1", - "5.3.4.3", - "A1.2.1.3", - "A3.3.1.1", - "A3.5.1.1" - ], - "CIS-4.0": [ - "7.1.3.1" - ], - "NIS2": [ - "3.2.3.h", - "5.1.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900038, - "created_time_dt": "2025-10-19T18:53:58.634122", - "desc": "Application Insights within Azure act as an Application Performance Monitoring solution providing valuable data into how well an application performs and additional information when performing incident response. The types of log data collected include application metrics, telemetry data, and application trace logging data providing organizations with detailed information about application activity and application transactions. Both data sets help organizations adopt a proactive and retroactive means to handle security and performance related metrics within their modern applications.", - "title": "Ensure Application Insights are Configured.", - "types": [], - "uid": "prowler-azure-appinsights_ensure_is_configured-3bb71587-4549-4396-8898-9e15f062e665-global-AppInsights" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "appinsights" - }, - "labels": [], - "name": "AppInsights", - "type": "Microsoft.Insights/components", - "uid": "AppInsights" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. Navigate to Application Insights 2. Under the Basics tab within the PROJECT DETAILS section, select the Subscription 3. Select the Resource group 4. Within the INSTANCE DETAILS, enter a Name 5. Select a Region 6. Next to Resource Mode, select Workspace-based 7. Within the WORKSPACE DETAILS, select the Subscription for the log analytics workspace 8. Select the appropriate Log Analytics Workspace 9. Click Next:Tags > 10. Enter the appropriate Tags as Name, Value pairs. 11. Click Next:Review+Create 12. Click Create.", - "references": [] - }, - "risk_details": "Configuring Application Insights provides additional data not found elsewhere within Azure as part of a much larger logging and monitoring program within an organization's Information Security practice. The types and contents of these logs will act as both a potential cost saving measure (application performance) and a means to potentially confirm the source of a potential incident (trace logging). Metrics and Telemetry data provide organizations with a proactive approach to cost savings by monitoring an application's performance, while the trace logging data provides necessary details in a reactive incident response scenario by helping organizations identify the potential source of an incident within their application.", - "time": 1760900038, - "time_dt": "2025-10-19T18:53:58.634122", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Defender Auto Provisioning Log Analytics Agents from subscription Azure subscription 1 is set to OFF.", - "metadata": { - "event_code": "defender_auto_provisioning_log_analytics_agent_vms_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Defender Auto Provisioning Log Analytics Agents from subscription Azure subscription 1 is set to OFF.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/azure/security-center/security-center-data-security", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.mon.3.r2.az.de.1", - "mp.s.4.r1.az.nt.5" - ], - "MITRE-ATTACK": [ - "T1190" - ], - "CIS-2.0": [ - "2.1.15" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1", - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "2.1.14" - ], - "CIS-3.0": [ - "3.1.1.1" - ], - "NIS2": [ - "2.1.2.h", - "3.1.2.d", - "3.2.3.c", - "3.2.3.e", - "3.2.3.g", - "3.6.2", - "6.9.2", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900038, - "created_time_dt": "2025-10-19T18:53:58.634122", - "desc": "Ensure that Auto provisioning of 'Log Analytics agent for Azure VMs' is Set to 'On'. The Microsoft Monitoring Agent scans for various security-related configurations and events such as system updates, OS vulnerabilities, endpoint protection, and provides alerts.", - "title": "Ensure that Auto provisioning of 'Log Analytics agent for Azure VMs' is Set to 'On'", - "types": [], - "uid": "prowler-azure-defender_auto_provisioning_log_analytics_agent_vms_on-3bb71587-4549-4396-8898-9e15f062e665-global-default" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/autoProvisioningSettings/default", - "resource_name": "default", - "resource_type": "Microsoft.Security/autoProvisioningSettings", - "auto_provision": "Off" - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "default", - "type": "AzureDefenderPlan", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/autoProvisioningSettings/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "Ensure comprehensive visibility into possible security vulnerabilities, including missing updates, misconfigured operating system security settings, and active threats, allowing for timely mitigation and improved overall security posture", - "references": [ - "https://learn.microsoft.com/en-us/azure/defender-for-cloud/monitoring-components" - ] - }, - "risk_details": "Missing critical security information about your Azure VMs, such as security alerts, security recommendations, and change tracking.", - "time": 1760900038, - "time_dt": "2025-10-19T18:53:58.634122", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Container image scan is disabled in subscription Azure subscription 1.", - "metadata": { - "event_code": "defender_container_images_scan_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Container image scan is disabled in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/container-registry/container-registry-check-health", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "When using an Azure container registry, you might occasionally encounter problems. For example, you might not be able to pull a container image because of an issue with Docker in your local environment. Or, a network issue might prevent you from connecting to the registry.", - "compliance": { - "MITRE-ATTACK": [ - "T1190", - "T1525" - ], - "ISO27001-2022": [ - "A.5.19", - "A.5.21", - "A.5.25", - "A.5.28", - "A.5.29", - "A.8.7", - "A.8.9" - ], - "SOC2": [ - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CCC": [ - "CCC.CntrReg.CN01.AR01" - ], - "PCI-4.0": [ - "11.3.1.2.1", - "11.3.1.3.3", - "11.3.1.3" - ], - "NIS2": [ - "2.2.1", - "3.1.2.d", - "3.6.2", - "5.1.4.f", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900038, - "created_time_dt": "2025-10-19T18:53:58.634122", - "desc": "Scan images being deployed to Azure (AKS) for vulnerabilities. Vulnerability scanning for images stored in Azure Container Registry is generally available in Azure Security Center. This capability is powered by Qualys, a leading provider of information security. When you push an image to Container Registry, Security Center automatically scans it, then checks for known vulnerabilities in packages or dependencies defined in the file. When the scan completes (after about 10 minutes), Security Center provides details and a security classification for each vulnerability detected, along with guidance on how to remediate issues and protect vulnerable attack surfaces.", - "title": "Ensure Image Vulnerability Scanning using Azure Defender image scanning or a third party provider", - "types": [], - "uid": "prowler-azure-defender_container_images_scan_enabled-3bb71587-4549-4396-8898-9e15f062e665-global-Containers" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/Containers", - "resource_name": "Containers", - "pricing_tier": "Free", - "free_trial_remaining_time": 2592000.0, - "extensions": {} - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "Containers", - "type": "Microsoft.Security", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/Containers" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "", - "references": [ - "https://learn.microsoft.com/en-us/azure/container-registry/scan-images-defender" - ] - }, - "risk_details": "Vulnerabilities in software packages can be exploited by hackers or malicious users to obtain unauthorized access to local cloud resources. Azure Defender and other third party products allow images to be scanned for known vulnerabilities.", - "time": 1760900038, - "time_dt": "2025-10-19T18:53:58.634122", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Defender plan Defender for App Services from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "metadata": { - "event_code": "defender_ensure_defender_for_app_services_is_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Defender plan Defender for App Services from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.s.4.r1.az.nt.3" - ], - "MITRE-ATTACK": [ - "T1190", - "T1059", - "T1204", - "T1552", - "T1486", - "T1499", - "T1496", - "T1087" - ], - "ISO27001-2022": [ - "A.5.19", - "A.5.21", - "A.5.25", - "A.5.28", - "A.5.29", - "A.8.7", - "A.8.9" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CIS-2.1": [ - "2.1.2" - ], - "CIS-3.0": [ - "3.1.6.1" - ], - "CIS-4.0": [ - "9.1.6.1" - ], - "NIS2": [ - "3.6.2", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900038, - "created_time_dt": "2025-10-19T18:53:58.634122", - "desc": "Ensure That Microsoft Defender for App Services Is Set To 'On' ", - "title": "Ensure That Microsoft Defender for App Services Is Set To 'On' ", - "types": [], - "uid": "prowler-azure-defender_ensure_defender_for_app_services_is_on-3bb71587-4549-4396-8898-9e15f062e665-global-Defender plan App Services" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/AppServices", - "resource_name": "AppServices", - "pricing_tier": "Free", - "free_trial_remaining_time": 2592000.0, - "extensions": {} - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "Defender plan App Services", - "type": "AzureDefenderPlan", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/AppServices" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "By default, Microsoft Defender for Cloud is not enabled for your App Service instances. Enabling the Defender security service for App Service instances allows for advanced security defense using threat detection capabilities provided by Microsoft Security Response Center.", - "references": [] - }, - "risk_details": "Turning on Microsoft Defender for App Service enables threat detection for App Service, providing threat intelligence, anomaly detection, and behavior analytics in the Microsoft Defender for Cloud.", - "time": 1760900038, - "time_dt": "2025-10-19T18:53:58.634122", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Defender plan Defender for ARM from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "metadata": { - "event_code": "defender_ensure_defender_for_arm_is_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Defender plan Defender for ARM from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.s.4.r1.az.nt.3" - ], - "MITRE-ATTACK": [ - "T1190", - "T1562", - "T1486", - "T1499", - "T1087", - "T1580", - "T1538", - "T1526", - "T1069" - ], - "CIS-2.0": [ - "2.1.12" - ], - "ISO27001-2022": [ - "A.5.19", - "A.5.21", - "A.5.25", - "A.5.28", - "A.5.29", - "A.8.7", - "A.8.9" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CIS-2.1": [ - "2.1.11" - ], - "CIS-3.0": [ - "3.1.9.1" - ], - "CIS-4.0": [ - "9.1.9.1" - ], - "NIS2": [ - "3.6.2", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900038, - "created_time_dt": "2025-10-19T18:53:58.634122", - "desc": "Ensure That Microsoft Defender for Azure Resource Manager Is Set To 'On' ", - "title": "Ensure That Microsoft Defender for Azure Resource Manager Is Set To 'On' ", - "types": [], - "uid": "prowler-azure-defender_ensure_defender_for_arm_is_on-3bb71587-4549-4396-8898-9e15f062e665-global-Defender plan ARM" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/Arm", - "resource_name": "Arm", - "pricing_tier": "Free", - "free_trial_remaining_time": 2592000.0, - "extensions": {} - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "Defender plan ARM", - "type": "AzureDefenderPlan", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/Arm" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "Enable Microsoft Defender for Azure Resource Manager", - "references": [] - }, - "risk_details": "Scanning resource requests lets you be alerted every time there is suspicious activity in order to prevent a security threat from being introduced.", - "time": 1760900038, - "time_dt": "2025-10-19T18:53:58.634122", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Defender plan Defender for Azure SQL DB Servers from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "metadata": { - "event_code": "defender_ensure_defender_for_azure_sql_databases_is_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Defender plan Defender for Azure SQL DB Servers from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.s.4.r1.az.nt.4" - ], - "MITRE-ATTACK": [ - "T1190", - "T1486", - "T1499" - ], - "CIS-2.0": [ - "2.1.4" - ], - "ISO27001-2022": [ - "A.5.19", - "A.5.21", - "A.5.25", - "A.5.28", - "A.5.29", - "A.8.7", - "A.8.9" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CIS-2.1": [ - "2.1.3" - ], - "CIS-3.0": [ - "3.1.7.3" - ], - "CIS-4.0": [ - "9.1.7.3" - ], - "NIS2": [ - "3.6.2", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900038, - "created_time_dt": "2025-10-19T18:53:58.634122", - "desc": "Ensure That Microsoft Defender for Azure SQL Databases Is Set To 'On' ", - "title": "Ensure That Microsoft Defender for Azure SQL Databases Is Set To 'On' ", - "types": [], - "uid": "prowler-azure-defender_ensure_defender_for_azure_sql_databases_is_on-3bb71587-4549-4396-8898-9e15f062e665-global-SqlServers" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/SqlServers", - "resource_name": "SqlServers", - "pricing_tier": "Free", - "free_trial_remaining_time": 2592000.0, - "extensions": {} - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "SqlServers", - "type": "AzureDefenderPlan", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/SqlServers" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "By default, Microsoft Defender for Cloud is disabled for all your SQL database servers. Defender for Cloud monitors your SQL database servers for threats such as SQL injection, brute-force attacks, and privilege abuse. The security service provides action-oriented security alerts with details of the suspicious activity and guidance on how to mitigate the security threats.", - "references": [] - }, - "risk_details": "Turning on Microsoft Defender for Azure SQL Databases enables threat detection for Azure SQL database servers, providing threat intelligence, anomaly detection, and behavior analytics in the Microsoft Defender for Cloud.", - "time": 1760900038, - "time_dt": "2025-10-19T18:53:58.634122", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Defender plan Defender for Containers from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "metadata": { - "event_code": "defender_ensure_defender_for_containers_is_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Defender plan Defender for Containers from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.s.4.r1.az.nt.3" - ], - "MITRE-ATTACK": [ - "T1190", - "T1525", - "T1486", - "T1499" - ], - "CIS-2.0": [ - "2.1.8" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.19", - "A.5.21", - "A.5.22", - "A.5.25", - "A.5.28", - "A.5.29", - "A.8.7", - "A.8.9" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CIS-2.1": [ - "2.1.8" - ], - "CIS-3.0": [ - "3.1.4.1" - ], - "CIS-4.0": [ - "9.1.4.1" - ], - "NIS2": [ - "3.6.2", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900038, - "created_time_dt": "2025-10-19T18:53:58.634122", - "desc": "Ensure That Microsoft Defender for Containers Is Set To 'On' ", - "title": "Ensure That Microsoft Defender for Containers Is Set To 'On' ", - "types": [], - "uid": "prowler-azure-defender_ensure_defender_for_containers_is_on-3bb71587-4549-4396-8898-9e15f062e665-global-Containers" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/Containers", - "resource_name": "Containers", - "pricing_tier": "Free", - "free_trial_remaining_time": 2592000.0, - "extensions": {} - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "Containers", - "type": "AzureDefenderPlan", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/Containers" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "By default, Microsoft Defender for Cloud is not enabled for your Azure cloud containers. Enabling the Defender security service for Azure containers allows for advanced security defense against threats, using threat detection capabilities provided by the Microsoft Security Response Center (MSRC).", - "references": [] - }, - "risk_details": "Ensure that Microsoft Defender for Cloud is enabled for all your Azure containers. Turning on the Defender for Cloud service enables threat detection for containers, providing threat intelligence, anomaly detection, and behavior analytics.", - "time": 1760900038, - "time_dt": "2025-10-19T18:53:58.634122", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Defender plan Defender for Cosmos DB from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "metadata": { - "event_code": "defender_ensure_defender_for_cosmosdb_is_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Defender plan Defender for Cosmos DB from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.s.4.r1.az.nt.4" - ], - "MITRE-ATTACK": [ - "T1190", - "T1486", - "T1499" - ], - "CIS-2.0": [ - "2.1.9" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.19", - "A.5.21", - "A.5.22", - "A.5.25", - "A.5.28", - "A.5.29", - "A.8.7", - "A.8.9" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CIS-2.1": [ - "2.1.6" - ], - "CIS-3.0": [ - "3.1.7.1" - ], - "CIS-4.0": [ - "9.1.7.1" - ], - "NIS2": [ - "3.6.2", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900038, - "created_time_dt": "2025-10-19T18:53:58.634122", - "desc": "Ensure That Microsoft Defender for Cosmos DB Is Set To 'On' ", - "title": "Ensure That Microsoft Defender for Cosmos DB Is Set To 'On' ", - "types": [], - "uid": "prowler-azure-defender_ensure_defender_for_cosmosdb_is_on-3bb71587-4549-4396-8898-9e15f062e665-global-Defender plan Cosmos DB" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/CosmosDbs", - "resource_name": "CosmosDbs", - "pricing_tier": "Free", - "free_trial_remaining_time": 2592000.0, - "extensions": {} - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "Defender plan Cosmos DB", - "type": "AzureDefenderPlan", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/CosmosDbs" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "By default, Microsoft Defender for Cloud is not enabled for your App Service instances. Enabling the Defender security service for App Service instances allows for advanced security defense using threat detection capabilities provided by Microsoft Security Response Center.", - "references": [ - "Enable Microsoft Defender for Cosmos DB" - ] - }, - "risk_details": "In scanning Cosmos DB requests within a subscription, requests are compared to a heuristic list of potential security threats. These threats could be a result of a security breach within your services, thus scanning for them could prevent a potential security threat from being introduced.", - "time": 1760900038, - "time_dt": "2025-10-19T18:53:58.634122", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Defender plan Defender for Databases from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "metadata": { - "event_code": "defender_ensure_defender_for_databases_is_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Defender plan Defender for Databases from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.s.4.r1.az.nt.4" - ], - "MITRE-ATTACK": [ - "T1190", - "T1486", - "T1499" - ], - "CIS-2.0": [ - "2.1.3" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.19", - "A.5.21", - "A.5.22", - "A.5.25", - "A.5.28", - "A.5.29", - "A.8.7", - "A.8.9" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "NIS2": [ - "3.6.2", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900038, - "created_time_dt": "2025-10-19T18:53:58.634122", - "desc": "Ensure That Microsoft Defender for Databases Is Set To 'On' ", - "title": "Ensure That Microsoft Defender for Databases Is Set To 'On' ", - "types": [], - "uid": "prowler-azure-defender_ensure_defender_for_databases_is_on-3bb71587-4549-4396-8898-9e15f062e665-global-SqlServers" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/SqlServers", - "resource_name": "SqlServers", - "pricing_tier": "Free", - "free_trial_remaining_time": 2592000.0, - "extensions": {} - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "SqlServers", - "type": "AzureDefenderPlan", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/SqlServers" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "Enable Microsoft Defender for Azure SQL Databases", - "references": [] - }, - "risk_details": "Enabling Microsoft Defender for Azure SQL Databases allows your organization more granular control of the infrastructure running your database software", - "time": 1760900038, - "time_dt": "2025-10-19T18:53:58.634122", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Defender plan Defender for DNS from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "metadata": { - "event_code": "defender_ensure_defender_for_dns_is_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Defender plan Defender for DNS from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.s.4.r1.az.nt.3" - ], - "MITRE-ATTACK": [ - "T1190", - "T1486", - "T1499" - ], - "CIS-2.0": [ - "2.1.11" - ], - "ProwlerThreatScore-1.0": [ - "3.3.21" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.19", - "A.5.21", - "A.5.22", - "A.5.25", - "A.5.28", - "A.5.29", - "A.8.7", - "A.8.9" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CIS-2.1": [ - "2.1.10" - ], - "CIS-3.0": [ - "3.1.16" - ], - "CIS-4.0": [ - "9.1.17" - ], - "NIS2": [ - "3.6.2", - "6.7.2.i", - "6.7.2.l", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900038, - "created_time_dt": "2025-10-19T18:53:58.634122", - "desc": "Ensure That Microsoft Defender for DNS Is Set To 'On' ", - "title": "Ensure That Microsoft Defender for DNS Is Set To 'On' ", - "types": [], - "uid": "prowler-azure-defender_ensure_defender_for_dns_is_on-3bb71587-4549-4396-8898-9e15f062e665-global-Defender plan DNS" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/Dns", - "resource_name": "Dns", - "pricing_tier": "Free", - "free_trial_remaining_time": 2592000.0, - "extensions": {} - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "Defender plan DNS", - "type": "AzureDefenderPlan", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/Dns" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "By default, Microsoft Defender for Cloud is not enabled for your App Service instances. Enabling the Defender security service for App Service instances allows for advanced security defense using threat detection capabilities provided by Microsoft Security Response Center.", - "references": [] - }, - "risk_details": "DNS lookups within a subscription are scanned and compared to a dynamic list of websites that might be potential security threats. These threats could be a result of a security breach within your services, thus scanning for them could prevent a potential security threat from being introduced.", - "time": 1760900038, - "time_dt": "2025-10-19T18:53:58.634122", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Defender plan Defender for KeyVaults from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "metadata": { - "event_code": "defender_ensure_defender_for_keyvault_is_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Defender plan Defender for KeyVaults from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r1.az.eid.3" - ], - "MITRE-ATTACK": [ - "T1190", - "T1486", - "T1499", - "T1580" - ], - "CIS-2.0": [ - "2.1.10" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.19", - "A.5.21", - "A.5.22", - "A.5.25", - "A.5.28", - "A.5.29", - "A.8.7", - "A.8.9" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CIS-2.1": [ - "2.1.9" - ], - "CIS-3.0": [ - "3.1.8.1" - ], - "PCI-4.0": [ - "3.5.1.31", - "3.5.1.32", - "8.3.2.50", - "8.3.2.51" - ], - "CIS-4.0": [ - "9.1.8.1" - ], - "NIS2": [ - "3.6.2", - "6.9.2", - "9.2.c", - "9.2.c.iv" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900038, - "created_time_dt": "2025-10-19T18:53:58.634122", - "desc": "Ensure That Microsoft Defender for KeyVault Is Set To 'On' ", - "title": "Ensure That Microsoft Defender for KeyVault Is Set To 'On' ", - "types": [], - "uid": "prowler-azure-defender_ensure_defender_for_keyvault_is_on-3bb71587-4549-4396-8898-9e15f062e665-global-Defender plan KeyVaults" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/KeyVaults", - "resource_name": "KeyVaults", - "pricing_tier": "Free", - "free_trial_remaining_time": 2592000.0, - "extensions": {} - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "Defender plan KeyVaults", - "type": "AzureDefenderPlan", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/KeyVaults" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "Ensure that Microsoft Defender for Cloud is enabled for Azure key vaults. Key Vault is the Azure cloud service that safeguards encryption keys and secrets like certificates, connection-based strings, and passwords.", - "references": [] - }, - "risk_details": "By default, Microsoft Defender for Cloud is disabled for Azure key vaults. Defender for Cloud detects unusual and potentially harmful attempts to access or exploit your Azure Key Vault data. This layer of protection allows you to address threats without being a security expert, and without the need to use and manage third-party security monitoring tools or services.", - "time": 1760900038, - "time_dt": "2025-10-19T18:53:58.634122", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Defender plan Defender for Open-Source Relational Databases from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "metadata": { - "event_code": "defender_ensure_defender_for_os_relational_databases_is_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Defender plan Defender for Open-Source Relational Databases from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.s.4.r1.az.nt.4" - ], - "MITRE-ATTACK": [ - "T1190", - "T1486", - "T1499" - ], - "CIS-2.0": [ - "2.1.6" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.19", - "A.5.21", - "A.5.22", - "A.5.25", - "A.5.28", - "A.5.29", - "A.8.7", - "A.8.9" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CIS-2.1": [ - "2.1.5" - ], - "CIS-3.0": [ - "3.1.7.2" - ], - "CIS-4.0": [ - "9.1.7.2" - ], - "NIS2": [ - "3.6.2", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900038, - "created_time_dt": "2025-10-19T18:53:58.634122", - "desc": "Ensure That Microsoft Defender for Open-Source Relational Databases Is Set To 'On' ", - "title": "Ensure That Microsoft Defender for Open-Source Relational Databases Is Set To 'On' ", - "types": [], - "uid": "prowler-azure-defender_ensure_defender_for_os_relational_databases_is_on-3bb71587-4549-4396-8898-9e15f062e665-global-Defender plan Open-Source Relational Databases" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/OpenSourceRelationalDatabases", - "resource_name": "OpenSourceRelationalDatabases", - "pricing_tier": "Free", - "free_trial_remaining_time": 2592000.0, - "extensions": {} - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "Defender plan Open-Source Relational Databases", - "type": "AzureDefenderPlan", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/OpenSourceRelationalDatabases" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "Enabling Microsoft Defender for Open-source relational databases allows for greater defense-in-depth, with threat detection provided by the Microsoft Security Response Center (MSRC).", - "references": [] - }, - "risk_details": "Turning on Microsoft Defender for Open-source relational databases enables threat detection for Open-source relational databases, providing threat intelligence, anomaly detection, and behavior analytics in the Microsoft Defender for Cloud.", - "time": 1760900038, - "time_dt": "2025-10-19T18:53:58.634122", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Defender plan Defender for Servers from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "metadata": { - "event_code": "defender_ensure_defender_for_server_is_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Defender plan Defender for Servers from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.mon.3.r1.az.ev.1", - "mp.s.4.r1.az.nt.3" - ], - "MITRE-ATTACK": [ - "T1190", - "T1486", - "T1499" - ], - "CIS-2.0": [ - "2.1.1", - "2.1.2" - ], - "ProwlerThreatScore-1.0": [ - "1.1.4" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.19", - "A.5.21", - "A.5.22", - "A.5.25", - "A.5.28", - "A.5.29", - "A.8.7", - "A.8.9" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CIS-2.1": [ - "2.1.1" - ], - "CIS-3.0": [ - "2.2.8", - "3.1.3.1" - ], - "CIS-4.0": [ - "6.2.7", - "9.1.3.1" - ], - "NIS2": [ - "3.6.2", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900038, - "created_time_dt": "2025-10-19T18:53:58.634122", - "desc": "Ensure That Microsoft Defender for Servers Is Set to 'On'", - "title": "Ensure That Microsoft Defender for Servers Is Set to 'On'", - "types": [], - "uid": "prowler-azure-defender_ensure_defender_for_server_is_on-3bb71587-4549-4396-8898-9e15f062e665-global-Defender plan Servers" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/VirtualMachines", - "resource_name": "VirtualMachines", - "pricing_tier": "Free", - "free_trial_remaining_time": 2592000.0, - "extensions": {} - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "Defender plan Servers", - "type": "AzureDefenderPlan", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/VirtualMachines" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "Enabling Microsoft Defender for Cloud standard pricing tier allows for better security assessment with threat detection provided by the Microsoft Security Response Center (MSRC), advanced security policies, adaptive application control, network threat detection, and regulatory compliance management.", - "references": [] - }, - "risk_details": "Turning on Microsoft Defender for Servers enables threat detection for Servers, providing threat intelligence, anomaly detection, and behavior analytics in the Microsoft Defender for Cloud.", - "time": 1760900038, - "time_dt": "2025-10-19T18:53:58.634122", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Defender plan Defender for SQL Server VMs from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "metadata": { - "event_code": "defender_ensure_defender_for_sql_servers_is_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Defender plan Defender for SQL Server VMs from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.s.4.r1.az.nt.4" - ], - "MITRE-ATTACK": [ - "T1190", - "T1486", - "T1499" - ], - "CIS-2.0": [ - "2.1.5" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.19", - "A.5.21", - "A.5.22", - "A.5.25", - "A.5.28", - "A.5.29", - "A.8.7", - "A.8.9" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CIS-2.1": [ - "2.1.4" - ], - "CIS-3.0": [ - "3.1.7.4" - ], - "CIS-4.0": [ - "9.1.7.4" - ], - "NIS2": [ - "3.6.2", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900038, - "created_time_dt": "2025-10-19T18:53:58.634122", - "desc": "Ensure That Microsoft Defender for SQL Servers on Machines Is Set To 'On' ", - "title": "Ensure That Microsoft Defender for SQL Servers on Machines Is Set To 'On' ", - "types": [], - "uid": "prowler-azure-defender_ensure_defender_for_sql_servers_is_on-3bb71587-4549-4396-8898-9e15f062e665-global-Defender plan SQL Server VMs" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/SqlServerVirtualMachines", - "resource_name": "SqlServerVirtualMachines", - "pricing_tier": "Free", - "free_trial_remaining_time": 2592000.0, - "extensions": {} - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "Defender plan SQL Server VMs", - "type": "AzureDefenderPlan", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/SqlServerVirtualMachines" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "By default, Microsoft Defender for Cloud is disabled for the Microsoft SQL servers running on virtual machines. Defender for Cloud for SQL Server virtual machines continuously monitors your SQL database servers for threats such as SQL injection, brute-force attacks, and privilege abuse. The security service provides security alerts together with details of the suspicious activity and guidance on how to mitigate to the security threats.", - "references": [] - }, - "risk_details": "Turning on Microsoft Defender for SQL servers on machines enables threat detection for SQL servers on machines, providing threat intelligence, anomaly detection, and behavior analytics in the Microsoft Defender for Cloud.", - "time": 1760900038, - "time_dt": "2025-10-19T18:53:58.634122", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Defender plan Defender for Storage Accounts from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "metadata": { - "event_code": "defender_ensure_defender_for_storage_is_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Defender plan Defender for Storage Accounts from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.s.4.r1.az.nt.5" - ], - "MITRE-ATTACK": [ - "T1190", - "T1537", - "T1530", - "T1485", - "T1486", - "T1499" - ], - "CIS-2.0": [ - "2.1.7" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.19", - "A.5.21", - "A.5.22", - "A.5.25", - "A.5.28", - "A.5.29", - "A.8.7", - "A.8.9" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CIS-2.1": [ - "2.1.7" - ], - "CIS-3.0": [ - "3.1.5.1" - ], - "CIS-4.0": [ - "9.1.5.1" - ], - "NIS2": [ - "3.6.2", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900038, - "created_time_dt": "2025-10-19T18:53:58.634122", - "desc": "Ensure That Microsoft Defender for Storage Is Set To 'On' ", - "title": "Ensure That Microsoft Defender for Storage Is Set To 'On' ", - "types": [], - "uid": "prowler-azure-defender_ensure_defender_for_storage_is_on-3bb71587-4549-4396-8898-9e15f062e665-global-Defender plan Storage Accounts" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/StorageAccounts", - "resource_name": "StorageAccounts", - "pricing_tier": "Free", - "free_trial_remaining_time": 2592000.0, - "extensions": {} - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "Defender plan Storage Accounts", - "type": "AzureDefenderPlan", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/StorageAccounts" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "By default, Microsoft Defender for Cloud is disabled for your storage accounts. Enabling the Defender security service for Azure storage accounts allows for advanced security defense using threat detection capabilities provided by the Microsoft Security Response Center (MSRC). MSRC investigates all reports of security vulnerabilities affecting Microsoft products and services, including Azure cloud services.", - "references": [] - }, - "risk_details": "Ensure that Microsoft Defender for Cloud is enabled for your Microsoft Azure storage accounts. Defender for storage accounts is an Azure-native layer of security intelligence that detects unusual and potentially harmful attempts to access or exploit your Azure cloud storage accounts.", - "time": 1760900038, - "time_dt": "2025-10-19T18:53:58.634122", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No IoT Security Solutions found in the subscription Azure subscription 1.", - "metadata": { - "event_code": "defender_ensure_iot_hub_defender_is_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "No IoT Security Solutions found in the subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://azure.microsoft.com/en-us/services/iot-defender/#overview", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Enabling Microsoft Defender for IoT will incur additional charges dependent on the level of usage.", - "compliance": { - "ENS-RD2022": [ - "mp.s.4.r1.az.nt.3" - ], - "MITRE-ATTACK": [ - "T1190", - "T1486", - "T1499" - ], - "CIS-2.0": [ - "2.2.1" - ], - "ISO27001-2022": [ - "A.5.19", - "A.5.21", - "A.5.25", - "A.5.28", - "A.5.29", - "A.8.7", - "A.8.9" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CIS-2.1": [ - "2.2.1" - ], - "CIS-3.0": [ - "3.2.1" - ], - "CIS-4.0": [ - "9.2.1" - ], - "NIS2": [ - "3.6.2", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900038, - "created_time_dt": "2025-10-19T18:53:58.634122", - "desc": "Microsoft Defender for IoT acts as a central security hub for IoT devices within your organization.", - "title": "Ensure That Microsoft Defender for IoT Hub Is Set To 'On'", - "types": [], - "uid": "prowler-azure-defender_ensure_iot_hub_defender_is_on-3bb71587-4549-4396-8898-9e15f062e665-global-IoT Hub Defender" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "IoT Hub Defender", - "type": "DefenderIoT", - "uid": "IoT Hub Defender" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. Go to IoT Hub. 2. Select a IoT Hub to validate. 3. Select Overview in Defender for IoT. 4. Click on Secure your IoT solution, and complete the onboarding.", - "references": [ - "https://learn.microsoft.com/en-us/azure/defender-for-iot/device-builders/quickstart-onboard-iot-hub" - ] - }, - "risk_details": "IoT devices are very rarely patched and can be potential attack vectors for enterprise networks. Updating their network configuration to use a central security hub allows for detection of these breaches.", - "time": 1760900038, - "time_dt": "2025-10-19T18:53:58.634122", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Microsoft Defender for Cloud Apps is enabled for subscription Azure subscription 1.", - "metadata": { - "event_code": "defender_ensure_mcas_is_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Microsoft Defender for Cloud Apps is enabled for subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-in/azure/defender-for-cloud/defender-for-cloud-introduction#secure-cloud-applications", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Microsoft Defender for Cloud Apps works with Standard pricing tier Subscription. Choosing the Standard pricing tier of Microsoft Defender for Cloud incurs an additional cost per resource.", - "compliance": { - "ENS-RD2022": [ - "mp.s.4.r1.az.nt.3" - ], - "MITRE-ATTACK": [ - "T1190", - "T1486" - ], - "CIS-2.0": [ - "2.1.21" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.22" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CIS-2.1": [ - "2.1.20" - ], - "CIS-3.0": [ - "3.1.1.2" - ], - "PCI-4.0": [ - "11.5.1.1.2", - "11.5.1.2" - ], - "NIS2": [ - "3.6.2", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900038, - "created_time_dt": "2025-10-19T18:53:58.634122", - "desc": "This integration setting enables Microsoft Defender for Cloud Apps (formerly 'Microsoft Cloud App Security' or 'MCAS' - see additional info) to communicate with Microsoft Defender for Cloud.", - "title": "Ensure that Microsoft Defender for Cloud Apps integration with Microsoft Defender for Cloud is Selected", - "types": [], - "uid": "prowler-azure-defender_ensure_mcas_is_enabled-3bb71587-4549-4396-8898-9e15f062e665-global-MCAS" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/settings/MCAS", - "resource_type": "Microsoft.Security/settings", - "kind": "DataExportSettings", - "enabled": true - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "MCAS", - "type": "DefenderSettings", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/settings/MCAS" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. From Azure Home select the Portal Menu. 2. Select Microsoft Defender for Cloud. 3. Select Environment Settings blade. 4. Select the subscription. 5. Check App Service Defender Plan to On. 6. Select Save.", - "references": [ - "https://docs.microsoft.com/en-us/rest/api/securitycenter/settings/list" - ] - }, - "risk_details": "Microsoft Defender for Cloud offers an additional layer of protection by using Azure Resource Manager events, which is considered to be the control plane for Azure. By analyzing the Azure Resource Manager records, Microsoft Defender for Cloud detects unusual or potentially harmful operations in the Azure subscription environment. Several of the preceding analytics are powered by Microsoft Defender for Cloud Apps. To benefit from these analytics, subscription must have a Cloud App Security license. Microsoft Defender for Cloud Apps works only with Standard Tier subscriptions.", - "time": 1760900038, - "time_dt": "2025-10-19T18:53:58.634122", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Microsoft Defender for Endpoint integration is enabled for subscription Azure subscription 1.", - "metadata": { - "event_code": "defender_ensure_wdatp_is_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Microsoft Defender for Endpoint integration is enabled for subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-in/azure/defender-for-cloud/integration-defender-for-endpoint?tabs=windows", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Microsoft Defender for Endpoint works with Standard pricing tier Subscription. Choosing the Standard pricing tier of Microsoft Defender for Cloud incurs an additional cost per resource.", - "compliance": { - "ENS-RD2022": [ - "op.mon.3.r3.az.de.2" - ], - "MITRE-ATTACK": [ - "T1190" - ], - "CIS-2.0": [ - "2.1.22" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CIS-2.1": [ - "2.1.21" - ], - "NIS2": [ - "3.6.2", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900038, - "created_time_dt": "2025-10-19T18:53:58.634122", - "desc": "This integration setting enables Microsoft Defender for Endpoint (formerly 'Advanced Threat Protection' or 'ATP' or 'WDATP' - see additional info) to communicate with Microsoft Defender for Cloud.", - "title": "Ensure that Microsoft Defender for Endpoint integration with Microsoft Defender for Cloud is selected", - "types": [], - "uid": "prowler-azure-defender_ensure_wdatp_is_enabled-3bb71587-4549-4396-8898-9e15f062e665-global-WDATP" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/settings/WDATP", - "resource_type": "Microsoft.Security/settings", - "kind": "DataExportSettings", - "enabled": true - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "WDATP", - "type": "DefenderSettings", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/settings/WDATP" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "", - "references": [ - "https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/azure-server-integration?view=o365-worldwide" - ] - }, - "risk_details": "Microsoft Defender for Endpoint integration brings comprehensive Endpoint Detection and Response (EDR) capabilities within Microsoft Defender for Cloud. This integration helps to spot abnormalities, as well as detect and respond to advanced attacks on endpoints monitored by Microsoft Defender for Cloud. MDE works only with Standard Tier subscriptions.", - "time": 1760900038, - "time_dt": "2025-10-19T18:53:58.634122", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Role assignment 1b4a98ae-5221-4850-a761-4f9176407028 in subscription Azure subscription 1 does not grant User Access Administrator role.", - "metadata": { - "event_code": "iam_role_user_access_admin_restricted", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Role assignment 1b4a98ae-5221-4850-a761-4f9176407028 in subscription Azure subscription 1 does not grant User Access Administrator role.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/privileged#user-access-administrator", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.LB.CN04.AR01", - "CCC.LB.CN05.AR01", - "CCC.LB.CN09.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.MLDE.CN03.AR01", - "CCC.MLDE.CN03.AR02", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ], - "CIS-4.0": [ - "6.3.3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900038, - "created_time_dt": "2025-10-19T18:53:58.634122", - "desc": "Checks for active assignments of the highly privileged 'User Access Administrator' role in Azure subscriptions.", - "title": "Ensure 'User Access Administrator' role is restricted", - "types": [], - "uid": "prowler-azure-iam_role_user_access_admin_restricted-3bb71587-4549-4396-8898-9e15f062e665-global-1b4a98ae-5221-4850-a761-4f9176407028" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Authorization/roleAssignments/1b4a98ae-5221-4850-a761-4f9176407028", - "name": "1b4a98ae-5221-4850-a761-4f9176407028", - "scope": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665", - "agent_id": "88c2c157-980b-416e-b77e-ec04f7f1b984", - "agent_type": "User", - "role_id": "8e3af657-a8ff-443c-a75c-2fe8c4bcb635" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "1b4a98ae-5221-4850-a761-4f9176407028", - "type": "AzureIAMRoleassignment", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Authorization/roleAssignments/1b4a98ae-5221-4850-a761-4f9176407028" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "Remove 'User Access Administrator' role assignments immediately after use to minimize security risks.", - "references": [ - "https://learn.microsoft.com/en-us/azure/role-based-access-control/elevate-access-global-admin?tabs=azure-portal%2Centra-audit-logs" - ] - }, - "risk_details": "Persistent assignment of this role can lead to privilege escalation and unauthorized access, increasing the risk of security breaches.", - "time": 1760900038, - "time_dt": "2025-10-19T18:53:58.634122", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Role assignment 083c1758-89d9-4b12-8005-48e7e359dc4f in subscription Azure subscription 1 does not grant User Access Administrator role.", - "metadata": { - "event_code": "iam_role_user_access_admin_restricted", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Role assignment 083c1758-89d9-4b12-8005-48e7e359dc4f in subscription Azure subscription 1 does not grant User Access Administrator role.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/privileged#user-access-administrator", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.LB.CN04.AR01", - "CCC.LB.CN05.AR01", - "CCC.LB.CN09.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.MLDE.CN03.AR01", - "CCC.MLDE.CN03.AR02", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ], - "CIS-4.0": [ - "6.3.3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900038, - "created_time_dt": "2025-10-19T18:53:58.634122", - "desc": "Checks for active assignments of the highly privileged 'User Access Administrator' role in Azure subscriptions.", - "title": "Ensure 'User Access Administrator' role is restricted", - "types": [], - "uid": "prowler-azure-iam_role_user_access_admin_restricted-3bb71587-4549-4396-8898-9e15f062e665-global-083c1758-89d9-4b12-8005-48e7e359dc4f" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Authorization/roleAssignments/083c1758-89d9-4b12-8005-48e7e359dc4f", - "name": "083c1758-89d9-4b12-8005-48e7e359dc4f", - "scope": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665", - "agent_id": "88c2c157-980b-416e-b77e-ec04f7f1b984", - "agent_type": "User", - "role_id": "8e3af657-a8ff-443c-a75c-2fe8c4bcb635" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "083c1758-89d9-4b12-8005-48e7e359dc4f", - "type": "AzureIAMRoleassignment", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Authorization/roleAssignments/083c1758-89d9-4b12-8005-48e7e359dc4f" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "Remove 'User Access Administrator' role assignments immediately after use to minimize security risks.", - "references": [ - "https://learn.microsoft.com/en-us/azure/role-based-access-control/elevate-access-global-admin?tabs=azure-portal%2Centra-audit-logs" - ] - }, - "risk_details": "Persistent assignment of this role can lead to privilege escalation and unauthorized access, increasing the risk of security breaches.", - "time": 1760900038, - "time_dt": "2025-10-19T18:53:58.634122", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Role assignment 2c61de5e-5cbb-42b9-9f2a-9dd930efe3fb in subscription Azure subscription 1 does not grant User Access Administrator role.", - "metadata": { - "event_code": "iam_role_user_access_admin_restricted", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Role assignment 2c61de5e-5cbb-42b9-9f2a-9dd930efe3fb in subscription Azure subscription 1 does not grant User Access Administrator role.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/privileged#user-access-administrator", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.LB.CN04.AR01", - "CCC.LB.CN05.AR01", - "CCC.LB.CN09.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.MLDE.CN03.AR01", - "CCC.MLDE.CN03.AR02", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ], - "CIS-4.0": [ - "6.3.3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900038, - "created_time_dt": "2025-10-19T18:53:58.634122", - "desc": "Checks for active assignments of the highly privileged 'User Access Administrator' role in Azure subscriptions.", - "title": "Ensure 'User Access Administrator' role is restricted", - "types": [], - "uid": "prowler-azure-iam_role_user_access_admin_restricted-3bb71587-4549-4396-8898-9e15f062e665-global-2c61de5e-5cbb-42b9-9f2a-9dd930efe3fb" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Authorization/roleAssignments/2c61de5e-5cbb-42b9-9f2a-9dd930efe3fb", - "name": "2c61de5e-5cbb-42b9-9f2a-9dd930efe3fb", - "scope": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665", - "agent_id": "88c2c157-980b-416e-b77e-ec04f7f1b984", - "agent_type": "User", - "role_id": "b24988ac-6180-42a0-ab88-20f7382dd24c" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "2c61de5e-5cbb-42b9-9f2a-9dd930efe3fb", - "type": "AzureIAMRoleassignment", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Authorization/roleAssignments/2c61de5e-5cbb-42b9-9f2a-9dd930efe3fb" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "Remove 'User Access Administrator' role assignments immediately after use to minimize security risks.", - "references": [ - "https://learn.microsoft.com/en-us/azure/role-based-access-control/elevate-access-global-admin?tabs=azure-portal%2Centra-audit-logs" - ] - }, - "risk_details": "Persistent assignment of this role can lead to privilege escalation and unauthorized access, increasing the risk of security breaches.", - "time": 1760900038, - "time_dt": "2025-10-19T18:53:58.634122", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Role assignment 154eadeb-e375-4263-b4bd-4a2a2237ecd2 in subscription Azure subscription 1 does not grant User Access Administrator role.", - "metadata": { - "event_code": "iam_role_user_access_admin_restricted", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Role assignment 154eadeb-e375-4263-b4bd-4a2a2237ecd2 in subscription Azure subscription 1 does not grant User Access Administrator role.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/privileged#user-access-administrator", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.LB.CN04.AR01", - "CCC.LB.CN05.AR01", - "CCC.LB.CN09.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.MLDE.CN03.AR01", - "CCC.MLDE.CN03.AR02", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ], - "CIS-4.0": [ - "6.3.3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900038, - "created_time_dt": "2025-10-19T18:53:58.634122", - "desc": "Checks for active assignments of the highly privileged 'User Access Administrator' role in Azure subscriptions.", - "title": "Ensure 'User Access Administrator' role is restricted", - "types": [], - "uid": "prowler-azure-iam_role_user_access_admin_restricted-3bb71587-4549-4396-8898-9e15f062e665-global-154eadeb-e375-4263-b4bd-4a2a2237ecd2" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Authorization/roleAssignments/154eadeb-e375-4263-b4bd-4a2a2237ecd2", - "name": "154eadeb-e375-4263-b4bd-4a2a2237ecd2", - "scope": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665", - "agent_id": "80dfb9bd-1c99-4012-9de7-580a68334b45", - "agent_type": "ServicePrincipal", - "role_id": "8e3af657-a8ff-443c-a75c-2fe8c4bcb635" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "154eadeb-e375-4263-b4bd-4a2a2237ecd2", - "type": "AzureIAMRoleassignment", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Authorization/roleAssignments/154eadeb-e375-4263-b4bd-4a2a2237ecd2" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "Remove 'User Access Administrator' role assignments immediately after use to minimize security risks.", - "references": [ - "https://learn.microsoft.com/en-us/azure/role-based-access-control/elevate-access-global-admin?tabs=azure-portal%2Centra-audit-logs" - ] - }, - "risk_details": "Persistent assignment of this role can lead to privilege escalation and unauthorized access, increasing the risk of security breaches.", - "time": 1760900038, - "time_dt": "2025-10-19T18:53:58.634122", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There is not an alert for creating Policy Assignments in subscription Azure subscription 1.", - "metadata": { - "event_code": "monitor_alert_create_policy_assignment", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "There is not an alert for creating Policy Assignments in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://azure.microsoft.com/en-us/updates/classic-alerting-monitoring-retirement", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "By default, no monitoring alerts are created.", - "compliance": { - "ENS-RD2022": [ - "op.mon.2.r1.az.ma.1" - ], - "MITRE-ATTACK": [ - "T1496" - ], - "CIS-2.0": [ - "5.2.1" - ], - "ProwlerThreatScore-1.0": [ - "3.3.3" - ], - "ISO27001-2022": [ - "A.5.7", - "A.8.16" - ], - "SOC2": [ - "cc_2_1", - "cc_5_2", - "cc_7_3", - "cc_7_4", - "cc_8_1" - ], - "CIS-2.1": [ - "5.2.1" - ], - "CIS-3.0": [ - "6.2.1" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR02", - "CCC.KeyMgmt.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.LB.CN04.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN07.AR02" - ], - "CIS-4.0": [ - "7.1.2.1" - ], - "NIS2": [ - "2.2.3", - "3.2.1", - "3.2.2", - "3.2.3.b", - "3.2.3.f", - "3.2.4", - "3.4.1", - "3.5.4", - "4.3.2.c", - "6.4.1", - "7.2.b", - "11.3.1", - "11.5.2.d" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900038, - "created_time_dt": "2025-10-19T18:53:58.634122", - "desc": "Create an activity log alert for the Create Policy Assignment event.", - "title": "Ensure that Activity Log Alert exists for Create Policy Assignment", - "types": [], - "uid": "prowler-azure-monitor_alert_create_policy_assignment-3bb71587-4549-4396-8898-9e15f062e665-global-Monitor" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "monitor" - }, - "labels": [], - "name": "Monitor", - "type": "Monitor", - "uid": "Monitor" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. Navigate to the Monitor blade. 2. Select Alerts. 3. Select Create. 4. Select Alert rule. 5. Under Filter by subscription, choose a subscription. 6. Under Filter by resource type, select Policy assignment (policyAssignments). 7. Under Filter by location, select All. 8. From the results, select the subscription. 9. Select Done. 10. Select the Condition tab. 11. Under Signal name, click Create policy assignment (Microsoft.Authorization/policyAssignments). 12. Select the Actions tab. 13. To use an existing action group, click elect action groups. To create a new action group, click Create action group. Fill out the appropriate details for the selection. 14. Select the Details tab. 15. Select a Resource group, provide an Alert rule name and an optional Alert rule description. 16. Click Review + create. 17. Click Create.", - "references": [ - "https://docs.microsoft.com/en-in/azure/azure-monitor/platform/alerts-activity-log" - ] - }, - "risk_details": "Monitoring for create policy assignment events gives insight into changes done in 'Azure policy - assignments' and can reduce the time it takes to detect unsolicited changes.", - "time": 1760900038, - "time_dt": "2025-10-19T18:53:58.634122", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There is not an alert for creating/updating Network Security Groups in subscription Azure subscription 1.", - "metadata": { - "event_code": "monitor_alert_create_update_nsg", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "There is not an alert for creating/updating Network Security Groups in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-in/azure/azure-monitor/platform/alerts-activity-log", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "By default, no monitoring alerts are created.", - "compliance": { - "ENS-RD2022": [ - "op.mon.2.r1.az.ma.1" - ], - "CIS-2.0": [ - "5.2.3" - ], - "ProwlerThreatScore-1.0": [ - "3.3.5" - ], - "ISO27001-2022": [ - "A.5.7", - "A.8.16" - ], - "SOC2": [ - "cc_2_1", - "cc_5_2", - "cc_7_3", - "cc_7_4", - "cc_8_1" - ], - "CIS-2.1": [ - "5.2.3" - ], - "CIS-3.0": [ - "6.2.3" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR02", - "CCC.KeyMgmt.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.LB.CN04.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN07.AR02" - ], - "PCI-4.0": [ - "10.2.1.1.8", - "10.4.2.2", - "10.4.3.1", - "10.6.3.8", - "10.7.1.3", - "10.7.2.3", - "11.5.2.2", - "11.6.1.2", - "12.10.5.2", - "A3.3.1.3", - "A3.5.1.3" - ], - "CIS-4.0": [ - "7.1.2.3" - ], - "NIS2": [ - "2.2.3", - "3.2.1", - "3.2.2", - "3.2.3.a", - "3.2.3.f", - "3.2.4", - "3.4.1", - "3.5.4", - "4.3.2.c", - "6.4.1", - "7.2.b", - "11.3.1", - "11.5.2.d" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900038, - "created_time_dt": "2025-10-19T18:53:58.634122", - "desc": "Create an Activity Log Alert for the Create or Update Network Security Group event.", - "title": "Ensure that Activity Log Alert exists for Create or Update Network Security Group", - "types": [], - "uid": "prowler-azure-monitor_alert_create_update_nsg-3bb71587-4549-4396-8898-9e15f062e665-global-Monitor" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "monitor" - }, - "labels": [], - "name": "Monitor", - "type": "Monitor", - "uid": "Monitor" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. Navigate to the Monitor blade. 2. Select Alerts. 3. Select Create. 4. Select Alert rule. 5. Under Filter by subscription, choose a subscription. 6. Under Filter by resource type, select Network security groups. 7. Under Filter by location, select All. 8. From the results, select the subscription. 9. Select Done. 10. Select the Condition tab. 11. Under Signal name, click Create or Update Network Security Group (Microsoft.Network/networkSecurityGroups). 12. Select the Actions tab. 13. To use an existing action group, click Select action groups. To create a new action group, click Create action group. Fill out the appropriate details for the selection. 14. Select the Details tab. 15. Select a Resource group, provide an Alert rule name and an optional Alert rule description. 16. Click Review + create. 17. Click Create.", - "references": [ - "https://azure.microsoft.com/en-us/updates/classic-alerting-monitoring-retirement" - ] - }, - "risk_details": "Monitoring for Create or Update Network Security Group events gives insight into network access changes and may reduce the time it takes to detect suspicious activity.", - "time": 1760900038, - "time_dt": "2025-10-19T18:53:58.634122", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There is not an alert for creating/updating Public IP address rule in subscription Azure subscription 1.", - "metadata": { - "event_code": "monitor_alert_create_update_public_ip_address_rule", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "There is not an alert for creating/updating Public IP address rule in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-in/azure/azure-monitor/platform/alerts-activity-log", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "By default, no monitoring alerts are created.", - "compliance": { - "ENS-RD2022": [ - "op.mon.2.r1.az.ma.1" - ], - "MITRE-ATTACK": [ - "T1496" - ], - "CIS-2.0": [ - "5.2.9" - ], - "ProwlerThreatScore-1.0": [ - "3.3.11" - ], - "ISO27001-2022": [ - "A.5.7", - "A.8.1", - "A.8.16" - ], - "SOC2": [ - "cc_2_1", - "cc_5_2", - "cc_7_3", - "cc_7_4", - "cc_8_1" - ], - "CIS-2.1": [ - "5.2.9" - ], - "CIS-3.0": [ - "6.2.9" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR02", - "CCC.KeyMgmt.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.LB.CN04.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN07.AR02" - ], - "CIS-4.0": [ - "7.1.2.9" - ], - "NIS2": [ - "2.2.3", - "3.2.1", - "3.2.2", - "3.2.3.a", - "3.2.3.f", - "3.2.4", - "3.4.1", - "3.5.4", - "4.3.2.c", - "6.4.1", - "7.2.b", - "11.5.2.d" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900038, - "created_time_dt": "2025-10-19T18:53:58.634122", - "desc": "Create an activity log alert for the Create or Update Public IP Addresses rule.", - "title": "Ensure that Activity Log Alert exists for Create or Update Public IP Address rule", - "types": [], - "uid": "prowler-azure-monitor_alert_create_update_public_ip_address_rule-3bb71587-4549-4396-8898-9e15f062e665-global-Monitor" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "monitor" - }, - "labels": [], - "name": "Monitor", - "type": "Monitor", - "uid": "Monitor" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. Navigate to the Monitor blade. 2. Select Alerts. 3. Select Create. 4. Select Alert rule. 5. Under Filter by subscription, choose a subscription. 6. Under Filter by resource type, select Public IP addresses. 7. Under Filter by location, select All. 8. From the results, select the subscription. 9. Select Done. 10. Select the Condition tab. 11. Under Signal name, click Create or Update Public Ip Address (Microsoft.Network/publicIPAddresses). 12. Select the Actions tab. 13. To use an existing action group, click Select action groups. To create a new action group, click Create action group. Fill out the appropriate details for the selection. 14. Select the Details tab. 15. Select a Resource group, provide an Alert rule name and an optional Alert rule description. 16. Click Review + create. 17. Click Create.", - "references": [ - "https://azure.microsoft.com/en-us/updates/classic-alerting-monitoring-retirement" - ] - }, - "risk_details": "Monitoring for Create or Update Public IP Address events gives insight into network access changes and may reduce the time it takes to detect suspicious activity.", - "time": 1760900038, - "time_dt": "2025-10-19T18:53:58.634122", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There is not an alert for creating/updating Security Solution in subscription Azure subscription 1.", - "metadata": { - "event_code": "monitor_alert_create_update_security_solution", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "There is not an alert for creating/updating Security Solution in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-in/azure/azure-monitor/platform/alerts-activity-log", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "By default, no monitoring alerts are created.", - "compliance": { - "ENS-RD2022": [ - "op.mon.2.r1.az.ma.1", - "op.mon.3.r6.az.ma.1" - ], - "MITRE-ATTACK": [ - "T1496" - ], - "CIS-2.0": [ - "5.2.5" - ], - "ProwlerThreatScore-1.0": [ - "3.3.7" - ], - "ISO27001-2022": [ - "A.5.7", - "A.5.16", - "A.5.22", - "A.8.16" - ], - "SOC2": [ - "cc_2_1", - "cc_5_2", - "cc_7_3", - "cc_7_4", - "cc_8_1" - ], - "CIS-2.1": [ - "5.2.5" - ], - "CIS-3.0": [ - "6.2.5" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR02", - "CCC.KeyMgmt.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.LB.CN04.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN07.AR02" - ], - "CIS-4.0": [ - "7.1.2.5" - ], - "NIS2": [ - "2.2.3", - "3.2.1", - "3.2.2", - "3.2.3.f", - "3.2.4", - "3.4.1", - "3.5.4", - "4.3.2.c", - "6.4.1", - "7.2.b", - "11.5.2.d" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900038, - "created_time_dt": "2025-10-19T18:53:58.634122", - "desc": "Create an activity log alert for the Create or Update Security Solution event.", - "title": "Ensure that Activity Log Alert exists for Create or Update Security Solution", - "types": [], - "uid": "prowler-azure-monitor_alert_create_update_security_solution-3bb71587-4549-4396-8898-9e15f062e665-global-Monitor" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "monitor" - }, - "labels": [], - "name": "Monitor", - "type": "Monitor", - "uid": "Monitor" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. Navigate to the Monitor blade. 2. Select Alerts. 3. Select Create. 4. Select Alert rule. 5. Under Filter by subscription, choose a subscription. 6. Under Filter by resource type, select Security Solutions (securitySolutions). 7. Under Filter by location, select All. 8. From the results, select the subscription. 9. Select Done. 10. Select the Condition tab. 11. Under Signal name, click Create or Update Security Solutions (Microsoft.Security/securitySolutions). 12. Select the Actions tab. 13. To use an existing action group, click Select action groups. To create a new action group, click Create action group. Fill out the appropriate details for the selection. 14. Select the Details tab. 15. Select a Resource group, provide an Alert rule name and an optional Alert rule description. 16. Click Review + create. 17. Click Create.", - "references": [ - "https://azure.microsoft.com/en-us/updates/classic-alerting-monitoring-retirement" - ] - }, - "risk_details": "Monitoring for Create or Update Security Solution events gives insight into changes to the active security solutions and may reduce the time it takes to detect suspicious activity.", - "time": 1760900038, - "time_dt": "2025-10-19T18:53:58.634122", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There is not an alert for creating/updating SQL Server firewall rule in subscription Azure subscription 1.", - "metadata": { - "event_code": "monitor_alert_create_update_sqlserver_fr", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "There is not an alert for creating/updating SQL Server firewall rule in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-in/azure/azure-monitor/platform/alerts-activity-log", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "By default, no monitoring alerts are created.", - "compliance": { - "ENS-RD2022": [ - "op.mon.2.r1.az.ma.1" - ], - "MITRE-ATTACK": [ - "T1496" - ], - "CIS-2.0": [ - "5.2.7" - ], - "ProwlerThreatScore-1.0": [ - "3.3.9" - ], - "ISO27001-2022": [ - "A.5.7", - "A.8.16" - ], - "SOC2": [ - "cc_2_1", - "cc_5_2", - "cc_7_3", - "cc_7_4", - "cc_8_1" - ], - "CIS-2.1": [ - "5.2.7" - ], - "CIS-3.0": [ - "6.2.7" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR02", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN07.AR02" - ], - "PCI-4.0": [ - "10.2.1.1.9", - "10.2.1.1.10", - "10.2.1.1.22", - "10.2.1.2.8", - "10.2.1.2.19", - "10.2.1.3.8", - "10.2.1.3.19", - "10.2.1.4.8", - "10.2.1.4.19", - "10.2.1.5.8", - "10.2.1.5.19", - "10.2.1.6.8", - "10.2.1.6.19", - "10.2.1.7.8", - "10.2.1.7.19", - "10.2.1.8", - "10.2.1.19", - "10.2.2.8", - "10.2.2.19", - "10.3.1.8", - "10.3.1.19", - "10.4.1.1.2", - "10.4.1.2", - "10.4.2.3", - "10.6.3.9", - "10.6.3.10", - "10.6.3.24", - "10.7.1.4", - "10.7.2.4", - "5.3.4.9", - "5.3.4.22", - "A1.2.1.10", - "A1.2.1.23", - "A3.3.1.4", - "A3.5.1.4" - ], - "CIS-4.0": [ - "7.1.2.7" - ], - "NIS2": [ - "2.2.3", - "3.2.1", - "3.2.2", - "3.2.3.a", - "3.2.3.f", - "3.2.4", - "3.4.1", - "3.5.4", - "4.3.2.c", - "6.4.1", - "7.2.b", - "11.3.1", - "11.5.2.d" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900038, - "created_time_dt": "2025-10-19T18:53:58.634122", - "desc": "Create an activity log alert for the Create or Update SQL Server Firewall Rule event.", - "title": "Ensure that Activity Log Alert exists for Create or Update SQL Server Firewall Rule", - "types": [], - "uid": "prowler-azure-monitor_alert_create_update_sqlserver_fr-3bb71587-4549-4396-8898-9e15f062e665-global-Monitor" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "monitor" - }, - "labels": [], - "name": "Monitor", - "type": "Monitor", - "uid": "Monitor" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. Navigate to the Monitor blade. 2. Select Alerts. 3. Select Create. 4. Select Alert rule. 5. Under Filter by subscription, choose a subscription. 6. Under Filter by resource type, select Server Firewall Rule (servers/firewallRules). 7. Under Filter by location, select All. 8. From the results, select the subscription. 9. Select Done. 10. Select the Condition tab. 11. Under Signal name, click Create/Update server firewall rule (Microsoft.Sql/servers/firewallRules). 12. Select the Actions tab. 13. To use an existing action group, click Select action groups. To create a new action group, click Create action group. Fill out the appropriate details for the selection. 14. Select the Details tab. 15. Select a Resource group, provide an Alert rule name and an optional Alert rule description. 16. Click Review + create. 17. Click Create.", - "references": [ - "https://azure.microsoft.com/en-us/updates/classic-alerting-monitoring-retirement" - ] - }, - "risk_details": "Monitoring for Create or Update SQL Server Firewall Rule events gives insight into network access changes and may reduce the time it takes to detect suspicious activity.", - "time": 1760900038, - "time_dt": "2025-10-19T18:53:58.634122", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There is not an alert for deleting Network Security Groups in subscription Azure subscription 1.", - "metadata": { - "event_code": "monitor_alert_delete_nsg", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "There is not an alert for deleting Network Security Groups in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-in/azure/azure-monitor/platform/alerts-activity-log", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "By default, no monitoring alerts are created.", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.2" - ], - "MITRE-ATTACK": [ - "T1485", - "T1496" - ], - "CIS-2.0": [ - "5.2.4" - ], - "ProwlerThreatScore-1.0": [ - "3.3.6" - ], - "ISO27001-2022": [ - "A.5.7", - "A.8.16" - ], - "SOC2": [ - "cc_2_1", - "cc_5_2", - "cc_7_3", - "cc_7_4", - "cc_8_1" - ], - "CIS-2.1": [ - "5.2.4" - ], - "CIS-3.0": [ - "6.2.4" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR02", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN07.AR02" - ], - "CIS-4.0": [ - "7.1.2.4" - ], - "NIS2": [ - "2.2.3", - "3.2.1", - "3.2.2", - "3.2.3.a", - "3.2.3.f", - "3.2.4", - "3.4.1", - "3.5.4", - "4.3.2.c", - "6.4.1", - "7.2.b", - "11.3.1", - "11.5.2.d" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900038, - "created_time_dt": "2025-10-19T18:53:58.634122", - "desc": "Create an activity log alert for the Delete Network Security Group event.", - "title": "Ensure that Activity Log Alert exists for Delete Network Security Group", - "types": [], - "uid": "prowler-azure-monitor_alert_delete_nsg-3bb71587-4549-4396-8898-9e15f062e665-global-Monitor" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "monitor" - }, - "labels": [], - "name": "Monitor", - "type": "Monitor", - "uid": "Monitor" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. Navigate to the Monitor blade. 2. Select Alerts. 3. Select Create. 4. Select Alert rule. 5. Under Filter by subscription, choose a subscription. 6. Under Filter by resource type, select Network security groups. 7. Under Filter by location, select All. 8. From the results, select the subscription. 9. Select Done. 10. Select the Condition tab. 11. Under Signal name, click Delete Network Security Group (Microsoft.Network/networkSecurityGroups). 12. Select the Actions tab. 13. To use an existing action group, click Select action groups. To create a new action group, click Create action group. Fill out the appropriate details for the selection. 14. Select the Details tab. 15. Select a Resource group, provide an Alert rule name and an optional Alert rule description. 16. Click Review + create. 17. Click Create.", - "references": [ - "https://azure.microsoft.com/en-us/updates/classic-alerting-monitoring-retirement" - ] - }, - "risk_details": "Monitoring for 'Delete Network Security Group' events gives insight into network access changes and may reduce the time it takes to detect suspicious activity.", - "time": 1760900038, - "time_dt": "2025-10-19T18:53:58.634122", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There is not an alert for deleting policy assignment in subscription Azure subscription 1.", - "metadata": { - "event_code": "monitor_alert_delete_policy_assignment", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "There is not an alert for deleting policy assignment in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-in/rest/api/monitor/activitylogalerts/createorupdate", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "By default, no monitoring alerts are created.", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.2" - ], - "MITRE-ATTACK": [ - "T1485", - "T1496" - ], - "CIS-2.0": [ - "5.2.2" - ], - "ProwlerThreatScore-1.0": [ - "3.3.4" - ], - "ISO27001-2022": [ - "A.5.7", - "A.8.16" - ], - "SOC2": [ - "cc_2_1", - "cc_5_2", - "cc_7_3", - "cc_7_4", - "cc_8_1" - ], - "CIS-2.1": [ - "5.2.2" - ], - "CIS-3.0": [ - "6.2.2" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR02", - "CCC.Logging.CN07.AR01" - ], - "CIS-4.0": [ - "7.1.2.2" - ], - "NIS2": [ - "2.2.3", - "3.2.1", - "3.2.2", - "3.2.3.b", - "3.2.3.f", - "3.2.4", - "3.4.1", - "3.5.4", - "4.3.2.c", - "6.4.1", - "7.2.b", - "11.3.1", - "11.5.2.d" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900038, - "created_time_dt": "2025-10-19T18:53:58.634122", - "desc": "Create an activity log alert for the Delete Policy Assignment event.", - "title": "Ensure that Activity Log Alert exists for Delete Policy Assignment", - "types": [], - "uid": "prowler-azure-monitor_alert_delete_policy_assignment-3bb71587-4549-4396-8898-9e15f062e665-global-Monitor" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "monitor" - }, - "labels": [], - "name": "Monitor", - "type": "Monitor", - "uid": "Monitor" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. Navigate to the Monitor blade. 2. Select Alerts. 3. Select Create. 4. Select Alert rule. 5. Under Filter by subscription, choose a subscription. 6. Under Filter by resource type, select Policy assignment (policyAssignments). 7. Under Filter by location, select All. 8. From the results, select the subscription. 9. Select Done. 10. Select the Condition tab. 11. Under Signal name, click Delete policy assignment (Microsoft.Authorization/policyAssignments). 12. Select the Actions tab. 13. To use an existing action group, click Select action groups. To create a new action group, click Create action group. Fill out the appropriate details for the selection. 14. Select the Details tab. 15. Select a Resource group, provide an Alert rule name and an optional Alert rule description. 16. Click Review + create. 17. Click Create.", - "references": [ - "https://docs.microsoft.com/en-in/azure/azure-monitor/platform/alerts-activity-log" - ] - }, - "risk_details": "Monitoring for delete policy assignment events gives insight into changes done in 'azure policy - assignments' and can reduce the time it takes to detect unsolicited changes.", - "time": 1760900038, - "time_dt": "2025-10-19T18:53:58.634122", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There is not an alert for deleting public IP address rule in subscription Azure subscription 1.", - "metadata": { - "event_code": "monitor_alert_delete_public_ip_address_rule", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "There is not an alert for deleting public IP address rule in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-in/azure/azure-monitor/platform/alerts-activity-log", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "By default, no monitoring alerts are created.", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.2" - ], - "MITRE-ATTACK": [ - "T1485", - "T1496" - ], - "CIS-2.0": [ - "5.2.10" - ], - "ProwlerThreatScore-1.0": [ - "3.3.12" - ], - "ISO27001-2022": [ - "A.5.7", - "A.8.1", - "A.8.16" - ], - "SOC2": [ - "cc_2_1", - "cc_5_2", - "cc_7_3", - "cc_7_4", - "cc_8_1" - ], - "CIS-2.1": [ - "5.2.10" - ], - "CIS-3.0": [ - "6.2.10" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR02", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN07.AR02" - ], - "CIS-4.0": [ - "7.1.2.10" - ], - "NIS2": [ - "2.2.3", - "3.2.1", - "3.2.2", - "3.2.3.a", - "3.2.3.f", - "3.2.4", - "3.4.1", - "3.5.4", - "4.3.2.c", - "6.4.1", - "7.2.b", - "11.5.2.d" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900038, - "created_time_dt": "2025-10-19T18:53:58.634122", - "desc": "Create an activity log alert for the Delete Public IP Address rule.", - "title": "Ensure that Activity Log Alert exists for Delete Public IP Address rule", - "types": [], - "uid": "prowler-azure-monitor_alert_delete_public_ip_address_rule-3bb71587-4549-4396-8898-9e15f062e665-global-Monitor" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "monitor" - }, - "labels": [], - "name": "Monitor", - "type": "Monitor", - "uid": "Monitor" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. Navigate to the Monitor blade. 2. Select Alerts. 3. Select Create. 4. Select Alert rule. 5. Under Filter by subscription, choose a subscription. 6. Under Filter by resource type, select Public IP addresses. 7. Under Filter by location, select All. 8. From the results, select the subscription. 9. Select Done. 10. Select the Condition tab. 11. Under Signal name, click Delete Public Ip Address (Microsoft.Network/publicIPAddresses). 12. Select the Actions tab. 13. To use an existing action group, click Select action groups. To create a new action group, click Create action group. Fill out the appropriate details for the selection. 14. Select the Details tab. 15. Select a Resource group, provide an Alert rule name and an optional Alert rule description. 16. Click Review + create. 17. Click Create.", - "references": [ - "https://azure.microsoft.com/en-us/updates/classic-alerting-monitoring-retirement" - ] - }, - "risk_details": "Monitoring for Delete Public IP Address events gives insight into network access changes and may reduce the time it takes to detect suspicious activity.", - "time": 1760900038, - "time_dt": "2025-10-19T18:53:58.634122", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There is not an alert for deleting Security Solution in subscription Azure subscription 1.", - "metadata": { - "event_code": "monitor_alert_delete_security_solution", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "There is not an alert for deleting Security Solution in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-in/azure/azure-monitor/platform/alerts-activity-log", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "By default, no monitoring alerts are created.", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.2" - ], - "MITRE-ATTACK": [ - "T1485", - "T1496" - ], - "CIS-2.0": [ - "5.2.6" - ], - "ProwlerThreatScore-1.0": [ - "3.3.8" - ], - "ISO27001-2022": [ - "A.5.7", - "A.5.16", - "A.5.22", - "A.8.16" - ], - "SOC2": [ - "cc_2_1", - "cc_5_2", - "cc_7_3", - "cc_7_4", - "cc_8_1" - ], - "CIS-2.1": [ - "5.2.6" - ], - "CIS-3.0": [ - "6.2.6" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR02", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN07.AR02" - ], - "CIS-4.0": [ - "7.1.2.6" - ], - "NIS2": [ - "2.2.3", - "3.2.1", - "3.2.2", - "3.2.3.f", - "3.2.4", - "3.4.1", - "3.5.4", - "4.3.2.c", - "6.4.1", - "7.2.b", - "11.5.2.d" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900038, - "created_time_dt": "2025-10-19T18:53:58.634122", - "desc": "Create an activity log alert for the Delete Security Solution event.", - "title": "Ensure that Activity Log Alert exists for Delete Security Solution", - "types": [], - "uid": "prowler-azure-monitor_alert_delete_security_solution-3bb71587-4549-4396-8898-9e15f062e665-global-Monitor" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "monitor" - }, - "labels": [], - "name": "Monitor", - "type": "Monitor", - "uid": "Monitor" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. Navigate to the Monitor blade. 2. Select Alerts. 3. Select Create. 4. Select Alert rule. 5. Under Filter by subscription, choose a subscription. 6. Under Filter by resource type, select Security Solutions (securitySolutions). 7. Under Filter by location, select All. 8. From the results, select the subscription. 9. Select Done. 10. Select the Condition tab. 11. Under Signal name, click Delete Security Solutions (Microsoft.Security/securitySolutions). 12. Select the Actions tab. 13. To use an existing action group, click Select action groups. To create a new action group, click Create action group. Fill out the appropriate details for the selection. 14. Select the Details tab. 15. Select a Resource group, provide an Alert rule name and an optional Alert rule description. 16. Click Review + create. 17. Click Create.curitySolutions). 7. Under Filter by location, select All. 8. From the results, select the subscription. 9. Select Done. 10. Select the Condition tab. 11. Under Signal name, click Create or Update Security Solutions (Microsoft.Security/securitySolutions). 12. Select the Actions tab. 13. To use an existing action group, click Select action groups. To create a new action group, click Create action group. Fill out the appropriate details for the selection. 14. Select the Details tab. 15. Select a Resource group, provide an Alert rule name and an optional Alert rule description. 16. Click Review + create. 17. Click Create.", - "references": [ - "https://azure.microsoft.com/en-us/updates/classic-alerting-monitoring-retirement" - ] - }, - "risk_details": "Monitoring for Delete Security Solution events gives insight into changes to the active security solutions and may reduce the time it takes to detect suspicious activity.", - "time": 1760900038, - "time_dt": "2025-10-19T18:53:58.634122", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There is not an alert for deleting SQL Server firewall rule in subscription Azure subscription 1.", - "metadata": { - "event_code": "monitor_alert_delete_sqlserver_fr", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "There is not an alert for deleting SQL Server firewall rule in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-in/azure/azure-monitor/platform/alerts-activity-log", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "By default, no monitoring alerts are created.", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.2" - ], - "MITRE-ATTACK": [ - "T1485", - "T1496" - ], - "CIS-2.0": [ - "5.2.8" - ], - "ProwlerThreatScore-1.0": [ - "3.3.10" - ], - "ISO27001-2022": [ - "A.5.7", - "A.8.16" - ], - "SOC2": [ - "cc_2_1", - "cc_5_2", - "cc_7_3", - "cc_7_4", - "cc_8_1" - ], - "CIS-2.1": [ - "5.2.8" - ], - "CIS-3.0": [ - "6.2.8" - ], - "CCC": [ - "CCC.Logging.CN07.AR01" - ], - "CIS-4.0": [ - "7.1.2.8" - ], - "NIS2": [ - "2.2.3", - "3.2.1", - "3.2.2", - "3.2.3.f", - "3.2.4", - "3.4.1", - "3.5.4", - "4.3.2.c", - "6.4.1", - "7.2.b", - "11.3.1", - "11.5.2.d" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900038, - "created_time_dt": "2025-10-19T18:53:58.634122", - "desc": "Create an activity log alert for the 'Delete SQL Server Firewall Rule.'", - "title": "Ensure that Activity Log Alert exists for Delete SQL Server Firewall Rule", - "types": [], - "uid": "prowler-azure-monitor_alert_delete_sqlserver_fr-3bb71587-4549-4396-8898-9e15f062e665-global-Monitor" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "monitor" - }, - "labels": [], - "name": "Monitor", - "type": "Monitor", - "uid": "Monitor" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. Navigate to the Monitor blade. 2. Select Alerts. 3. Select Create. 4. Select Alert rule. 5. Under Filter by subscription, choose a subscription. 6. Under Filter by resource type, select Server Firewall Rule (servers/firewallRules). 7. Under Filter by location, select All. 8. From the results, select the subscription. 9. Select Done. 10. Select the Condition tab. 11. Under Signal name, click Delete server firewall rule (Microsoft.Sql/servers/firewallRules). 12. Select the Actions tab. 13. To use an existing action group, click Select action groups. To create a new action group, click Create action group. Fill out the appropriate details for the selection. 14. Select the Details tab. 15. Select a Resource group, provide an Alert rule name and an optional Alert rule description. 16. Click Review + create. 17. Click Create.", - "references": [ - "https://azure.microsoft.com/en-us/updates/classic-alerting-monitoring-retirement" - ] - }, - "risk_details": "Monitoring for Delete SQL Server Firewall Rule events gives insight into SQL network access changes and may reduce the time it takes to detect suspicious activity.", - "time": 1760900038, - "time_dt": "2025-10-19T18:53:58.634122", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There is no activity log alert for Service Health in subscription Azure subscription 1.", - "metadata": { - "event_code": "monitor_alert_service_health_exists", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "There is no activity log alert for Service Health in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/service-health/overview", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "By default, in your Azure subscription there will not be any activity log alerts configured for Service Health events.", - "compliance": { - "CCC": [ - "CCC.AuditLog.CN03.AR02", - "CCC.KeyMgmt.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN07.AR02" - ], - "CIS-4.0": [ - "7.1.2.11" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900038, - "created_time_dt": "2025-10-19T18:53:58.634122", - "desc": "Ensure that an Azure activity log alert is configured to trigger when Service Health events occur within your Microsoft Azure cloud account. The alert should activate when new events match the specified conditions in the alert rule configuration.", - "title": "Ensure that an Activity Log Alert exists for Service Health", - "types": [], - "uid": "prowler-azure-monitor_alert_service_health_exists-3bb71587-4549-4396-8898-9e15f062e665-global-Monitor" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "monitor" - }, - "labels": [], - "name": "Monitor", - "type": "Monitor", - "uid": "Monitor" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "Create an activity log alert for Service Health events and configure an action group to notify appropriate personnel.", - "references": [ - "https://learn.microsoft.com/en-us/azure/service-health/alerts-activity-log-service-notifications-portal" - ] - }, - "risk_details": "Lack of monitoring for Service Health events may result in missing critical service issues, planned maintenance, security advisories, or other changes that could impact Azure services and regions in use.", - "time": 1760900038, - "time_dt": "2025-10-19T18:53:58.634122", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There are no diagnostic settings capturing appropiate categories in subscription Azure subscription 1.", - "metadata": { - "event_code": "monitor_diagnostic_setting_with_appropriate_categories", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "There are no diagnostic settings capturing appropiate categories in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/azure-monitor/essentials/diagnostic-settings", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "When the diagnostic setting is created using Azure Portal, by default no categories are selected.", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.az.md.1", - "op.mon.2.az.md.1" - ], - "CIS-2.0": [ - "5.1.2" - ], - "ProwlerThreatScore-1.0": [ - "3.3.2" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.22" - ], - "SOC2": [ - "cc_8_1" - ], - "CIS-2.1": [ - "5.1.2" - ], - "CIS-3.0": [ - "6.1.2" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR02", - "CCC.AuditLog.CN04.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.LB.CN01.AR02", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.ObjStor.CN06.AR01", - "CCC.Core.CN09.AR02", - "CCC.Core.CN09.AR03", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR02", - "CCC.Core.CN04.AR03", - "CCC.Core.CN07.AR02" - ], - "PCI-4.0": [ - "10.2.1.1.7", - "10.2.1.1.15", - "10.2.1.2.7", - "10.2.1.3.7", - "10.2.1.4.7", - "10.2.1.5.7", - "10.2.1.6.7", - "10.2.1.7.7", - "10.2.1.7", - "10.2.2.7", - "10.3.1.7", - "10.3.2.2", - "10.3.3.4", - "10.3.4.3", - "10.4.1.1.3", - "10.4.1.1.4", - "10.4.1.3", - "10.4.2.4", - "10.5.1.3", - "10.6.3.7", - "10.6.3.15", - "10.7.1.5", - "10.7.2.5", - "11.5.2.4", - "11.6.1.4", - "12.10.5.4", - "5.3.4.7", - "5.3.4.8", - "A1.2.1.7", - "A1.2.1.8", - "A3.3.1.6", - "A3.3.1.7", - "A3.5.1.6", - "A3.5.1.7" - ], - "CIS-4.0": [ - "7.1.1.2" - ], - "NIS2": [ - "2.2.3", - "3.2.1", - "3.2.2", - "3.2.3.c", - "3.2.3.f", - "3.4.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900038, - "created_time_dt": "2025-10-19T18:53:58.634122", - "desc": "Prerequisite: A Diagnostic Setting must exist. If a Diagnostic Setting does not exist, the navigation and options within this recommendation will not be available. Please review the recommendation at the beginning of this subsection titled: 'Ensure that a 'Diagnostic Setting' exists.' The diagnostic setting should be configured to log the appropriate activities from the control/management plane.", - "title": "Ensure Diagnostic Setting captures appropriate categories", - "types": [], - "uid": "prowler-azure-monitor_diagnostic_setting_with_appropriate_categories-3bb71587-4549-4396-8898-9e15f062e665-global-Monitor" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "monitor" - }, - "labels": [], - "name": "Monitor", - "type": "Monitor", - "uid": "Monitor" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. Go to Azure Monitor 2. Click Activity log 3. Click on Export Activity Logs 4. Select the Subscription from the drop down menu 5. Click on Add diagnostic setting 6. Enter a name for your new Diagnostic Setting 7. Check the following categories: Administrative, Alert, Policy, and Security 8. Choose the destination details according to your organization's needs.", - "references": [ - "https://learn.microsoft.com/en-us/azure/storage/common/manage-storage-analytics-logs?toc=%2Fazure%2Fstorage%2Fblobs%2Ftoc.json&bc=%2Fazure%2Fstorage%2Fblobs%2Fbreadcrumb%2Ftoc.json&tabs=azure-portal" - ] - }, - "risk_details": "A diagnostic setting controls how the diagnostic log is exported. Capturing the diagnostic setting categories for appropriate control/management plane activities allows proper alerting.", - "time": 1760900038, - "time_dt": "2025-10-19T18:53:58.634122", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No diagnostic settings found in subscription Azure subscription 1.", - "metadata": { - "event_code": "monitor_diagnostic_settings_exists", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "No diagnostic settings found in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/cli/azure/monitor/diagnostic-settings?view=azure-cli-latest", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "By default, diagnostic setting is not set.", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.r5.az.ds.1", - "op.mon.2.r2.az.ma.1" - ], - "CIS-2.0": [ - "5.1.1" - ], - "ProwlerThreatScore-1.0": [ - "3.2.3" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.22" - ], - "SOC2": [ - "cc_8_1" - ], - "CIS-2.1": [ - "5.1.1" - ], - "CIS-3.0": [ - "6.1.1" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN03.AR02", - "CCC.AuditLog.CN04.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.AuditLog.CN06.AR01", - "CCC.AuditLog.CN08.AR01", - "CCC.AuditLog.CN09.AR01", - "CCC.KeyMgmt.CN01.AR01", - "CCC.LB.CN01.AR02", - "CCC.LB.CN06.AR01", - "CCC.LB.CN04.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.AuditLog.CN04.AR01", - "CCC.Logging.CN05.AR01", - "CCC.Logging.CN05.AR02", - "CCC.Logging.CN07.AR01", - "CCC.ObjStor.CN06.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN09.AR01", - "CCC.Core.CN09.AR02", - "CCC.Core.CN09.AR03", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR02", - "CCC.Core.CN04.AR03", - "CCC.Core.CN07.AR02" - ], - "CIS-4.0": [ - "7.1.1.1" - ], - "NIS2": [ - "2.2.3", - "3.2.1", - "3.2.2", - "3.2.3.b", - "3.2.3.c", - "3.2.3.f", - "3.2.3.h", - "3.4.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900038, - "created_time_dt": "2025-10-19T18:53:58.634122", - "desc": "Enable Diagnostic settings for exporting activity logs. Diagnostic settings are available for each individual resource within a subscription. Settings should be configured for all appropriate resources for your environment.", - "title": "Ensure that a 'Diagnostic Setting' exists for Subscription Activity Logs ", - "types": [], - "uid": "prowler-azure-monitor_diagnostic_settings_exists-3bb71587-4549-4396-8898-9e15f062e665-global-Diagnostic Settings" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "monitor" - }, - "labels": [], - "name": "Diagnostic Settings", - "type": "Monitor", - "uid": "diagnostic_settings" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "To enable Diagnostic Settings on a Subscription: 1. Go to Monitor 2. Click on Activity Log 3. Click on Export Activity Logs 4. Click + Add diagnostic setting 5. Enter a Diagnostic setting name 6. Select Categories for the diagnostic settings 7. Select the appropriate Destination details (this may be Log Analytics, Storage Account, Event Hub, or Partner solution) 8. Click Save To enable Diagnostic Settings on a specific resource: 1. Go to Monitor 2. Click Diagnostic settings 3. Click on the resource that has a diagnostics status of disabled 4. Select Add Diagnostic Setting 5. Enter a Diagnostic setting name 6. Select the appropriate log, metric, and destination. (this may be Log Analytics, Storage Account, Event Hub, or Partner solution) 7. Click save Repeat these step for all resources as needed.", - "references": [ - "https://docs.microsoft.com/en-us/azure/monitoring-and-diagnostics/monitoring-overview-activity-logs#export-the-activity-log-with-a-log-profile" - ] - }, - "risk_details": "A diagnostic setting controls how a diagnostic log is exported. By default, logs are retained only for 90 days. Diagnostic settings should be defined so that logs can be exported and stored for a longer duration in order to analyze security activities within an Azure subscription.", - "time": 1760900038, - "time_dt": "2025-10-19T18:53:58.634122", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Bastion Host from subscription Azure subscription 1 does not exist", - "metadata": { - "event_code": "network_bastion_host_exists", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Bastion Host from subscription Azure subscription 1 does not exist", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/bastion/bastion-overview#sku", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "The Azure Bastion service incurs additional costs and requires a specific virtual network configuration. The Standard tier offers additional configuration options compared to the Basic tier and may incur additional costs for those added features.", - "compliance": { - "ENS-RD2022": [ - "mp.com.4.r4.az.nt.1" - ], - "CIS-2.0": [ - "7.1" - ], - "ProwlerThreatScore-1.0": [ - "2.1.5" - ], - "ISO27001-2022": [ - "A.8.14", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "CIS-2.1": [ - "7.1" - ], - "CIS-3.0": [ - "8.1" - ], - "CIS-4.0": [ - "9.4.1" - ], - "NIS2": [ - "2.3.1", - "6.7.2.b", - "6.7.2.l", - "11.1.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900038, - "created_time_dt": "2025-10-19T18:53:58.634122", - "desc": "The Azure Bastion service allows secure remote access to Azure Virtual Machines over the Internet without exposing remote access protocol ports and services directly to the Internet. The Azure Bastion service provides this access using TLS over 443/TCP, and subscribes to hardened configurations within an organization's Azure Active Directory service.", - "title": "Ensure an Azure Bastion Host Exists", - "types": [], - "uid": "prowler-azure-network_bastion_host_exists-3bb71587-4549-4396-8898-9e15f062e665-global-Bastion Host" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "network" - }, - "labels": [], - "name": "Bastion Host", - "type": "Network", - "uid": "Bastion Host" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "From Azure Portal* 1. Click on Bastions 2. Select the Subscription 3. Select the Resource group 4. Type a Name for the new Bastion host 5. Select a Region 6. Choose Standard next to Tier 7. Use the slider to set the Instance count 8. Select the Virtual network or Create new 9. Select the Subnet named AzureBastionSubnet. Create a Subnet named AzureBastionSubnet using a /26 CIDR range if it doesn't already exist. 10. Selct the appropriate Public IP address option. 11. If Create new is selected for the Public IP address option, provide a Public IP address name. 12. If Use existing is selected for Public IP address option, select an IP address from Choose public IP address 13. Click Next: Tags > 14. Configure the appropriate Tags 15. Click Next: Advanced > 16. Select the appropriate Advanced options 17. Click Next: Review + create > 18. Click Create From Azure CLI az network bastion create --location --name --public-ip-address --resource-group --vnet-name --scale-units --sku Standard [--disable-copy- paste true|false] [--enable-ip-connect true|false] [--enable-tunneling true|false] From PowerShell Create the appropriate Virtual network settings and Public IP Address settings. $subnetName = 'AzureBastionSubnet' $subnet = New-AzVirtualNetworkSubnetConfig -Name $subnetName -AddressPrefix $virtualNet = New-AzVirtualNetwork -Name - ResourceGroupName -Location -AddressPrefix -Subnet $subnet $publicip = New-AzPublicIpAddress -ResourceGroupName - Name -Location -AllocationMethod Dynamic -Sku Standard", - "references": [ - "https://learn.microsoft.com/en-us/powershell/module/az.network/get-azbastion?view=azps-9.2.0" - ] - }, - "risk_details": "The Azure Bastion service allows organizations a more secure means of accessing Azure Virtual Machines over the Internet without assigning public IP addresses to those Virtual Machines. The Azure Bastion service provides Remote Desktop Protocol (RDP) and Secure Shell (SSH) access to Virtual Machines using TLS within a web browser, thus preventing organizations from opening up 3389/TCP and 22/TCP to the Internet on Azure Virtual Machines. Additional benefits of the Bastion service includes Multi-Factor Authentication, Conditional Access Policies, and any other hardening measures configured within Azure Active Directory using a central point of access.", - "time": 1760900038, - "time_dt": "2025-10-19T18:53:58.634122", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Network Watcher NetworkWatcher_southcentralus from subscription Azure subscription 1 has no flow logs", - "metadata": { - "event_code": "network_flow_log_captured_sent", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Network Watcher NetworkWatcher_southcentralus from subscription Azure subscription 1 has no flow logs", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/security/benchmark/azure/mcsb-logging-threat-detection#lt-4-enable-network-logging-for-security-investigation", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "The impact of configuring NSG Flow logs is primarily one of cost and configuration. If deployed, it will create storage accounts that hold minimal amounts of data on a 5-day lifecycle before feeding to Log Analytics Workspace. This will increase the amount of data stored and used by Azure Monitor.", - "compliance": { - "ENS-RD2022": [ - "op.mon.1.r1.az.nf.1", - "op.mon.3.az.nw.1", - "mp.s.4.r1.az.nt.1" - ], - "MITRE-ATTACK": [ - "T1048", - "T1499" - ], - "CIS-2.0": [ - "5.1.6" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "ISO27001-2022": [ - "A.8.14", - "A.8.15", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "5.1.5" - ], - "CIS-3.0": [ - "6.1.5" - ], - "CCC": [ - "CCC.LB.CN01.AR02", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR01", - "CCC.Core.CN09.AR03", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR02", - "CCC.Core.CN04.AR03" - ], - "CIS-4.0": [ - "7.1.1.5" - ], - "NIS2": [ - "2.1.2.h", - "2.3.1", - "3.2.3.a", - "3.2.3.d", - "3.2.3.g", - "6.7.2.b", - "6.7.2.l", - "11.1.1", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900038, - "created_time_dt": "2025-10-19T18:53:58.634122", - "desc": "Ensure that network flow logs are captured and fed into a central log analytics workspace.", - "title": "Ensure that network flow logs are captured and fed into a central log analytics workspace.", - "types": [], - "uid": "prowler-azure-network_flow_log_captured_sent-3bb71587-4549-4396-8898-9e15f062e665-southcentralus-NetworkWatcher_southcentralus" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "southcentralus", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_southcentralus", - "name": "NetworkWatcher_southcentralus", - "location": "southcentralus", - "flow_logs": [] - } - }, - "group": { - "name": "network" - }, - "labels": [], - "name": "NetworkWatcher_southcentralus", - "type": "Network", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_southcentralus" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "southcentralus" - }, - "remediation": { - "desc": "1. Navigate to Network Watcher. 2. Select NSG flow logs. 3. Select + Create. 4. Select the desired Subscription. 5. Select + Select NSG. 6. Select a network security group. 7. Click Confirm selection. 8. Select or create a new Storage Account. 9. Input the retention in days to retain the log. 10. Click Next. 11. Under Configuration, select Version 2. 12. If rich analytics are required, select Enable Traffic Analytics, a processing interval, and a Log Analytics Workspace. 13. Select Next. 14. Optionally add Tags. 15. Select Review + create. 16. Select Create. Warning The remediation policy creates remediation deployment and names them by concatenating the subscription name and the resource group name. The MAXIMUM permitted length of a deployment name is 64 characters. Exceeding this will cause the remediation task to fail.", - "references": [ - "https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-nsg-flow-logging-portal" - ] - }, - "risk_details": "Network Flow Logs provide valuable insight into the flow of traffic around your network and feed into both Azure Monitor and Azure Sentinel (if in use), permitting the generation of visual flow diagrams to aid with analyzing for lateral movement, etc.", - "time": 1760900038, - "time_dt": "2025-10-19T18:53:58.634122", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Network Watcher NetworkWatcher_centralindia from subscription Azure subscription 1 has no flow logs", - "metadata": { - "event_code": "network_flow_log_captured_sent", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Network Watcher NetworkWatcher_centralindia from subscription Azure subscription 1 has no flow logs", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/security/benchmark/azure/mcsb-logging-threat-detection#lt-4-enable-network-logging-for-security-investigation", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "The impact of configuring NSG Flow logs is primarily one of cost and configuration. If deployed, it will create storage accounts that hold minimal amounts of data on a 5-day lifecycle before feeding to Log Analytics Workspace. This will increase the amount of data stored and used by Azure Monitor.", - "compliance": { - "ENS-RD2022": [ - "op.mon.1.r1.az.nf.1", - "op.mon.3.az.nw.1", - "mp.s.4.r1.az.nt.1" - ], - "MITRE-ATTACK": [ - "T1048", - "T1499" - ], - "CIS-2.0": [ - "5.1.6" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "ISO27001-2022": [ - "A.8.14", - "A.8.15", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "5.1.5" - ], - "CIS-3.0": [ - "6.1.5" - ], - "CCC": [ - "CCC.LB.CN01.AR02", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR01", - "CCC.Core.CN09.AR03", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR02", - "CCC.Core.CN04.AR03" - ], - "CIS-4.0": [ - "7.1.1.5" - ], - "NIS2": [ - "2.1.2.h", - "2.3.1", - "3.2.3.a", - "3.2.3.d", - "3.2.3.g", - "6.7.2.b", - "6.7.2.l", - "11.1.1", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900038, - "created_time_dt": "2025-10-19T18:53:58.634122", - "desc": "Ensure that network flow logs are captured and fed into a central log analytics workspace.", - "title": "Ensure that network flow logs are captured and fed into a central log analytics workspace.", - "types": [], - "uid": "prowler-azure-network_flow_log_captured_sent-3bb71587-4549-4396-8898-9e15f062e665-centralindia-NetworkWatcher_centralindia" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "centralindia", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_centralindia", - "name": "NetworkWatcher_centralindia", - "location": "centralindia", - "flow_logs": [] - } - }, - "group": { - "name": "network" - }, - "labels": [], - "name": "NetworkWatcher_centralindia", - "type": "Network", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_centralindia" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "centralindia" - }, - "remediation": { - "desc": "1. Navigate to Network Watcher. 2. Select NSG flow logs. 3. Select + Create. 4. Select the desired Subscription. 5. Select + Select NSG. 6. Select a network security group. 7. Click Confirm selection. 8. Select or create a new Storage Account. 9. Input the retention in days to retain the log. 10. Click Next. 11. Under Configuration, select Version 2. 12. If rich analytics are required, select Enable Traffic Analytics, a processing interval, and a Log Analytics Workspace. 13. Select Next. 14. Optionally add Tags. 15. Select Review + create. 16. Select Create. Warning The remediation policy creates remediation deployment and names them by concatenating the subscription name and the resource group name. The MAXIMUM permitted length of a deployment name is 64 characters. Exceeding this will cause the remediation task to fail.", - "references": [ - "https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-nsg-flow-logging-portal" - ] - }, - "risk_details": "Network Flow Logs provide valuable insight into the flow of traffic around your network and feed into both Azure Monitor and Azure Sentinel (if in use), permitting the generation of visual flow diagrams to aid with analyzing for lateral movement, etc.", - "time": 1760900038, - "time_dt": "2025-10-19T18:53:58.634122", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Network Watcher NetworkWatcher_westus2 from subscription Azure subscription 1 has no flow logs", - "metadata": { - "event_code": "network_flow_log_captured_sent", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Network Watcher NetworkWatcher_westus2 from subscription Azure subscription 1 has no flow logs", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/security/benchmark/azure/mcsb-logging-threat-detection#lt-4-enable-network-logging-for-security-investigation", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "The impact of configuring NSG Flow logs is primarily one of cost and configuration. If deployed, it will create storage accounts that hold minimal amounts of data on a 5-day lifecycle before feeding to Log Analytics Workspace. This will increase the amount of data stored and used by Azure Monitor.", - "compliance": { - "ENS-RD2022": [ - "op.mon.1.r1.az.nf.1", - "op.mon.3.az.nw.1", - "mp.s.4.r1.az.nt.1" - ], - "MITRE-ATTACK": [ - "T1048", - "T1499" - ], - "CIS-2.0": [ - "5.1.6" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "ISO27001-2022": [ - "A.8.14", - "A.8.15", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "5.1.5" - ], - "CIS-3.0": [ - "6.1.5" - ], - "CCC": [ - "CCC.LB.CN01.AR02", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR01", - "CCC.Core.CN09.AR03", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR02", - "CCC.Core.CN04.AR03" - ], - "CIS-4.0": [ - "7.1.1.5" - ], - "NIS2": [ - "2.1.2.h", - "2.3.1", - "3.2.3.a", - "3.2.3.d", - "3.2.3.g", - "6.7.2.b", - "6.7.2.l", - "11.1.1", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900038, - "created_time_dt": "2025-10-19T18:53:58.634122", - "desc": "Ensure that network flow logs are captured and fed into a central log analytics workspace.", - "title": "Ensure that network flow logs are captured and fed into a central log analytics workspace.", - "types": [], - "uid": "prowler-azure-network_flow_log_captured_sent-3bb71587-4549-4396-8898-9e15f062e665-westus2-NetworkWatcher_westus2" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "westus2", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_westus2", - "name": "NetworkWatcher_westus2", - "location": "westus2", - "flow_logs": [] - } - }, - "group": { - "name": "network" - }, - "labels": [], - "name": "NetworkWatcher_westus2", - "type": "Network", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_westus2" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "westus2" - }, - "remediation": { - "desc": "1. Navigate to Network Watcher. 2. Select NSG flow logs. 3. Select + Create. 4. Select the desired Subscription. 5. Select + Select NSG. 6. Select a network security group. 7. Click Confirm selection. 8. Select or create a new Storage Account. 9. Input the retention in days to retain the log. 10. Click Next. 11. Under Configuration, select Version 2. 12. If rich analytics are required, select Enable Traffic Analytics, a processing interval, and a Log Analytics Workspace. 13. Select Next. 14. Optionally add Tags. 15. Select Review + create. 16. Select Create. Warning The remediation policy creates remediation deployment and names them by concatenating the subscription name and the resource group name. The MAXIMUM permitted length of a deployment name is 64 characters. Exceeding this will cause the remediation task to fail.", - "references": [ - "https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-nsg-flow-logging-portal" - ] - }, - "risk_details": "Network Flow Logs provide valuable insight into the flow of traffic around your network and feed into both Azure Monitor and Azure Sentinel (if in use), permitting the generation of visual flow diagrams to aid with analyzing for lateral movement, etc.", - "time": 1760900038, - "time_dt": "2025-10-19T18:53:58.634122", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Network Watcher NetworkWatcher_southcentralus from subscription Azure subscription 1 has no flow logs", - "metadata": { - "event_code": "network_flow_log_more_than_90_days", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Network Watcher NetworkWatcher_southcentralus from subscription Azure subscription 1 has no flow logs", - "status_id": 1, - "unmapped": { - "related_url": " https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-nsg-flow-logging-overview", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "This will keep IP traffic logs for longer than 90 days. As a level 2, first determine your need to retain data, then apply your selection here. As this is data stored for longer, your monthly storage costs will increase depending on your data use.", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.r3.az.nt.1", - "op.mon.3.az.nw.1" - ], - "MITRE-ATTACK": [ - "T1499" - ], - "CIS-2.0": [ - "6.5" - ], - "ProwlerThreatScore-1.0": [ - "3.2.1" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1", - "cc_c_1_2" - ], - "CIS-2.1": [ - "6.5" - ], - "CIS-3.0": [ - "7.5" - ], - "CCC": [ - "CCC.Logging.CN02.AR01", - "CCC.Logging.CN02.AR02", - "CCC.VPC.CN04.AR01" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.29", - "10.2.1.3.29", - "10.2.1.4.29", - "10.2.1.5.29", - "10.2.1.6.29", - "10.2.1.7.29", - "10.2.1.29", - "10.2.2.29", - "10.3.1.29", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.34" - ], - "CIS-4.0": [ - "8.8", - "8.5" - ], - "NIS2": [ - "1.1.1.c", - "2.1.2.h", - "2.3.1", - "3.2.3.a", - "3.2.3.g", - "3.2.5", - "4.1.2.g", - "4.1.4", - "4.2.2.f", - "6.1.2.b", - "6.7.2.b", - "6.7.2.l", - "11.1.1", - "11.2.2.f", - "12.2.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900038, - "created_time_dt": "2025-10-19T18:53:58.634122", - "desc": "Network Security Group Flow Logs should be enabled and the retention period set to greater than or equal to 90 days.", - "title": "Ensure that Network Security Group Flow Log retention period is 0, 90 days or greater", - "types": [], - "uid": "prowler-azure-network_flow_log_more_than_90_days-3bb71587-4549-4396-8898-9e15f062e665-southcentralus-NetworkWatcher_southcentralus" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "southcentralus", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_southcentralus", - "name": "NetworkWatcher_southcentralus", - "location": "southcentralus", - "flow_logs": [] - } - }, - "group": { - "name": "network" - }, - "labels": [], - "name": "NetworkWatcher_southcentralus", - "type": "Network", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_southcentralus" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "southcentralus" - }, - "remediation": { - "desc": "From Azure Portal 1. Go to Network Watcher 2. Select NSG flow logs blade in the Logs section 3. Select each Network Security Group from the list 4. Ensure Status is set to On 5. Ensure Retention (days) setting greater than 90 days 6. Select your storage account in the Storage account field 7. Select Save From Azure CLI Enable the NSG flow logs and set the Retention (days) to greater than or equal to 90 days. az network watcher flow-log configure --nsg --enabled true --resource-group --retention 91 --storage-account ", - "references": [ - "https://docs.microsoft.com/en-us/cli/azure/network/watcher/flow-log?view=azure-cli-latest" - ] - }, - "risk_details": "Flow logs enable capturing information about IP traffic flowing in and out of network security groups. Logs can be used to check for anomalies and give insight into suspected breaches.", - "time": 1760900038, - "time_dt": "2025-10-19T18:53:58.634122", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Network Watcher NetworkWatcher_centralindia from subscription Azure subscription 1 has no flow logs", - "metadata": { - "event_code": "network_flow_log_more_than_90_days", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Network Watcher NetworkWatcher_centralindia from subscription Azure subscription 1 has no flow logs", - "status_id": 1, - "unmapped": { - "related_url": " https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-nsg-flow-logging-overview", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "This will keep IP traffic logs for longer than 90 days. As a level 2, first determine your need to retain data, then apply your selection here. As this is data stored for longer, your monthly storage costs will increase depending on your data use.", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.r3.az.nt.1", - "op.mon.3.az.nw.1" - ], - "MITRE-ATTACK": [ - "T1499" - ], - "CIS-2.0": [ - "6.5" - ], - "ProwlerThreatScore-1.0": [ - "3.2.1" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1", - "cc_c_1_2" - ], - "CIS-2.1": [ - "6.5" - ], - "CIS-3.0": [ - "7.5" - ], - "CCC": [ - "CCC.Logging.CN02.AR01", - "CCC.Logging.CN02.AR02", - "CCC.VPC.CN04.AR01" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.29", - "10.2.1.3.29", - "10.2.1.4.29", - "10.2.1.5.29", - "10.2.1.6.29", - "10.2.1.7.29", - "10.2.1.29", - "10.2.2.29", - "10.3.1.29", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.34" - ], - "CIS-4.0": [ - "8.8", - "8.5" - ], - "NIS2": [ - "1.1.1.c", - "2.1.2.h", - "2.3.1", - "3.2.3.a", - "3.2.3.g", - "3.2.5", - "4.1.2.g", - "4.1.4", - "4.2.2.f", - "6.1.2.b", - "6.7.2.b", - "6.7.2.l", - "11.1.1", - "11.2.2.f", - "12.2.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900038, - "created_time_dt": "2025-10-19T18:53:58.634122", - "desc": "Network Security Group Flow Logs should be enabled and the retention period set to greater than or equal to 90 days.", - "title": "Ensure that Network Security Group Flow Log retention period is 0, 90 days or greater", - "types": [], - "uid": "prowler-azure-network_flow_log_more_than_90_days-3bb71587-4549-4396-8898-9e15f062e665-centralindia-NetworkWatcher_centralindia" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "centralindia", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_centralindia", - "name": "NetworkWatcher_centralindia", - "location": "centralindia", - "flow_logs": [] - } - }, - "group": { - "name": "network" - }, - "labels": [], - "name": "NetworkWatcher_centralindia", - "type": "Network", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_centralindia" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "centralindia" - }, - "remediation": { - "desc": "From Azure Portal 1. Go to Network Watcher 2. Select NSG flow logs blade in the Logs section 3. Select each Network Security Group from the list 4. Ensure Status is set to On 5. Ensure Retention (days) setting greater than 90 days 6. Select your storage account in the Storage account field 7. Select Save From Azure CLI Enable the NSG flow logs and set the Retention (days) to greater than or equal to 90 days. az network watcher flow-log configure --nsg --enabled true --resource-group --retention 91 --storage-account ", - "references": [ - "https://docs.microsoft.com/en-us/cli/azure/network/watcher/flow-log?view=azure-cli-latest" - ] - }, - "risk_details": "Flow logs enable capturing information about IP traffic flowing in and out of network security groups. Logs can be used to check for anomalies and give insight into suspected breaches.", - "time": 1760900038, - "time_dt": "2025-10-19T18:53:58.634122", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Network Watcher NetworkWatcher_westus2 from subscription Azure subscription 1 has no flow logs", - "metadata": { - "event_code": "network_flow_log_more_than_90_days", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Network Watcher NetworkWatcher_westus2 from subscription Azure subscription 1 has no flow logs", - "status_id": 1, - "unmapped": { - "related_url": " https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-nsg-flow-logging-overview", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "This will keep IP traffic logs for longer than 90 days. As a level 2, first determine your need to retain data, then apply your selection here. As this is data stored for longer, your monthly storage costs will increase depending on your data use.", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.r3.az.nt.1", - "op.mon.3.az.nw.1" - ], - "MITRE-ATTACK": [ - "T1499" - ], - "CIS-2.0": [ - "6.5" - ], - "ProwlerThreatScore-1.0": [ - "3.2.1" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1", - "cc_c_1_2" - ], - "CIS-2.1": [ - "6.5" - ], - "CIS-3.0": [ - "7.5" - ], - "CCC": [ - "CCC.Logging.CN02.AR01", - "CCC.Logging.CN02.AR02", - "CCC.VPC.CN04.AR01" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.29", - "10.2.1.3.29", - "10.2.1.4.29", - "10.2.1.5.29", - "10.2.1.6.29", - "10.2.1.7.29", - "10.2.1.29", - "10.2.2.29", - "10.3.1.29", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.34" - ], - "CIS-4.0": [ - "8.8", - "8.5" - ], - "NIS2": [ - "1.1.1.c", - "2.1.2.h", - "2.3.1", - "3.2.3.a", - "3.2.3.g", - "3.2.5", - "4.1.2.g", - "4.1.4", - "4.2.2.f", - "6.1.2.b", - "6.7.2.b", - "6.7.2.l", - "11.1.1", - "11.2.2.f", - "12.2.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900038, - "created_time_dt": "2025-10-19T18:53:58.634122", - "desc": "Network Security Group Flow Logs should be enabled and the retention period set to greater than or equal to 90 days.", - "title": "Ensure that Network Security Group Flow Log retention period is 0, 90 days or greater", - "types": [], - "uid": "prowler-azure-network_flow_log_more_than_90_days-3bb71587-4549-4396-8898-9e15f062e665-westus2-NetworkWatcher_westus2" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "westus2", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_westus2", - "name": "NetworkWatcher_westus2", - "location": "westus2", - "flow_logs": [] - } - }, - "group": { - "name": "network" - }, - "labels": [], - "name": "NetworkWatcher_westus2", - "type": "Network", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_westus2" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "westus2" - }, - "remediation": { - "desc": "From Azure Portal 1. Go to Network Watcher 2. Select NSG flow logs blade in the Logs section 3. Select each Network Security Group from the list 4. Ensure Status is set to On 5. Ensure Retention (days) setting greater than 90 days 6. Select your storage account in the Storage account field 7. Select Save From Azure CLI Enable the NSG flow logs and set the Retention (days) to greater than or equal to 90 days. az network watcher flow-log configure --nsg --enabled true --resource-group --retention 91 --storage-account ", - "references": [ - "https://docs.microsoft.com/en-us/cli/azure/network/watcher/flow-log?view=azure-cli-latest" - ] - }, - "risk_details": "Flow logs enable capturing information about IP traffic flowing in and out of network security groups. Logs can be used to check for anomalies and give insight into suspected breaches.", - "time": 1760900038, - "time_dt": "2025-10-19T18:53:58.634122", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Security Group nsg-lee8 from subscription Azure subscription 1 has HTTP internet access restricted.", - "metadata": { - "event_code": "network_http_internet_access_restricted", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Security Group nsg-lee8 from subscription Azure subscription 1 has HTTP internet access restricted.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/security/benchmark/azure/security-controls-v3-network-security#ns-1-establish-network-segmentation-boundaries", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.com.3.r2.az.tls.1", - "mp.com.4.r3.az.1", - "mp.com.4.r4.az.nt.1", - "mp.s.4.az.nt.1" - ], - "MITRE-ATTACK": [ - "T1199", - "T1048", - "T1499", - "T1498", - "T1046" - ], - "CIS-2.0": [ - "6.4" - ], - "ProwlerThreatScore-1.0": [ - "2.1.4" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "SOC2": [ - "cc_6_6" - ], - "CIS-2.1": [ - "6.4" - ], - "CIS-3.0": [ - "7.4" - ], - "CCC": [ - "CCC.Build.CN03.AR01", - "CCC.MLDE.CN07.AR01", - "CCC.MLDE.CN07.AR02", - "CCC.MLDE.CN08.AR01", - "CCC.MLDE.CN08.AR02", - "CCC.Core.CN06.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05" - ], - "PCI-4.0": [ - "1.2.5.5", - "1.2.8.25", - "1.3.1.28", - "1.3.2.28", - "1.4.1.6", - "1.4.2.26", - "1.4.4.6", - "1.5.1.25", - "2.2.5.5", - "2.2.7.3", - "4.2.1.1.7", - "4.2.1.3", - "8.3.2.6", - "A1.1.3.25" - ], - "CIS-4.0": [ - "8.4" - ], - "NIS2": [ - "1.1.1.c", - "1.2.1", - "2.3.1", - "6.7.2.b", - "6.7.2.l", - "11.1.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900038, - "created_time_dt": "2025-10-19T18:53:58.634122", - "desc": "Network security groups should be periodically evaluated for port misconfigurations. Where certain ports and protocols may be exposed to the Internet, they should be evaluated for necessity and restricted wherever they are not explicitly required and narrowly configured.", - "title": "Ensure that HTTP(S) access from the Internet is evaluated and restricted", - "types": [], - "uid": "prowler-azure-network_http_internet_access_restricted-3bb71587-4549-4396-8898-9e15f062e665-westus2-nsg-lee8" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "westus2", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-lee8/providers/Microsoft.Network/networkSecurityGroups/nsg-lee8", - "name": "nsg-lee8", - "location": "westus2", - "security_rules": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-lee8/providers/Microsoft.Network/networkSecurityGroups/nsg-lee8/securityRules/nsgr-lee8", - "name": "nsgr-lee8", - "destination_port_range": "*", - "protocol": "*", - "source_address_prefix": "192.168.0.0/24", - "access": "Deny", - "direction": "Outbound" - } - ] - } - }, - "group": { - "name": "network" - }, - "labels": [], - "name": "nsg-lee8", - "type": "Network", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-lee8/providers/Microsoft.Network/networkSecurityGroups/nsg-lee8" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "westus2" - }, - "remediation": { - "desc": "Where HTTP(S) is not explicitly required and narrowly configured for resources attached to the Network Security Group, Internet-level access to your Azure resources should be restricted or eliminated. For internal access to relevant resources, configure an encrypted network tunnel such as: ExpressRoute Site-to-site VPN Point-to-site VPN", - "references": [] - }, - "risk_details": "The potential security problem with using HTTP(S) over the Internet is that attackers can use various brute force techniques to gain access to Azure resources. Once the attackers gain access, they can use the resource as a launch point for compromising other resources within the Azure tenant.", - "time": 1760900038, - "time_dt": "2025-10-19T18:53:58.634122", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Security Group nsg-lee8 from subscription Azure subscription 1 has RDP internet access restricted.", - "metadata": { - "event_code": "network_rdp_internet_access_restricted", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Security Group nsg-lee8 from subscription Azure subscription 1 has RDP internet access restricted.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/azure/security/azure-security-network-security-best-practices#disable-rdpssh-access-to-azure-virtual-machines", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.com.1.az.nw.1" - ], - "MITRE-ATTACK": [ - "T1199", - "T1048", - "T1499", - "T1498", - "T1046" - ], - "CIS-2.0": [ - "6.1" - ], - "ProwlerThreatScore-1.0": [ - "2.1.1" - ], - "ISO27001-2022": [ - "A.8.14", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "SOC2": [ - "cc_6_6" - ], - "CIS-2.1": [ - "6.1" - ], - "CIS-3.0": [ - "7.1" - ], - "CCC": [ - "CCC.Build.CN03.AR01", - "CCC.MLDE.CN07.AR01", - "CCC.MLDE.CN07.AR02", - "CCC.MLDE.CN08.AR01", - "CCC.MLDE.CN08.AR02", - "CCC.Core.CN06.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05" - ], - "CIS-4.0": [ - "8.1" - ], - "NIS2": [ - "2.3.1", - "6.7.2.b", - "6.7.2.l", - "11.1.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900038, - "created_time_dt": "2025-10-19T18:53:58.634122", - "desc": "Network security groups should be periodically evaluated for port misconfigurations. Where certain ports and protocols may be exposed to the Internet, they should be evaluated for necessity and restricted wherever they are not explicitly required.", - "title": "Ensure that RDP access from the Internet is evaluated and restricted", - "types": [], - "uid": "prowler-azure-network_rdp_internet_access_restricted-3bb71587-4549-4396-8898-9e15f062e665-westus2-nsg-lee8" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "westus2", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-lee8/providers/Microsoft.Network/networkSecurityGroups/nsg-lee8", - "name": "nsg-lee8", - "location": "westus2", - "security_rules": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-lee8/providers/Microsoft.Network/networkSecurityGroups/nsg-lee8/securityRules/nsgr-lee8", - "name": "nsgr-lee8", - "destination_port_range": "*", - "protocol": "*", - "source_address_prefix": "192.168.0.0/24", - "access": "Deny", - "direction": "Outbound" - } - ] - } - }, - "group": { - "name": "network" - }, - "labels": [], - "name": "nsg-lee8", - "type": "Network", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-lee8/providers/Microsoft.Network/networkSecurityGroups/nsg-lee8" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "westus2" - }, - "remediation": { - "desc": "Where RDP is not explicitly required and narrowly configured for resources attached to the Network Security Group, Internet-level access to your Azure resources should be restricted or eliminated. For internal access to relevant resources, configure an encrypted network tunnel such as: ExpressRoute Site-to-site VPN Point-to-site VPN", - "references": [ - "https://docs.microsoft.com/en-us/security/benchmark/azure/security-controls-v3-network-security#ns-1-establish-network-segmentation-boundaries" - ] - }, - "risk_details": "The potential security problem with using RDP over the Internet is that attackers can use various brute force techniques to gain access to Azure Virtual Machines. Once the attackers gain access, they can use a virtual machine as a launch point for compromising other machines on an Azure Virtual Network or even attack networked devices outside of Azure.", - "time": 1760900038, - "time_dt": "2025-10-19T18:53:58.634122", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Security Group nsg-lee8 from subscription Azure subscription 1 has SSH internet access restricted.", - "metadata": { - "event_code": "network_ssh_internet_access_restricted", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Security Group nsg-lee8 from subscription Azure subscription 1 has SSH internet access restricted.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/azure/security/azure-security-network-security-best-practices#disable-rdpssh-access-to-azure-virtual-machines", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.com.1.az.nw.2" - ], - "MITRE-ATTACK": [ - "T1199", - "T1048", - "T1499", - "T1498", - "T1046" - ], - "CIS-2.0": [ - "6.2" - ], - "ProwlerThreatScore-1.0": [ - "2.1.2" - ], - "ISO27001-2022": [ - "A.8.14", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "SOC2": [ - "cc_6_6" - ], - "CIS-2.1": [ - "6.2" - ], - "CIS-3.0": [ - "7.2" - ], - "CCC": [ - "CCC.Build.CN03.AR01", - "CCC.MLDE.CN07.AR01", - "CCC.MLDE.CN07.AR02", - "CCC.MLDE.CN08.AR01", - "CCC.MLDE.CN08.AR02", - "CCC.Core.CN01.AR02", - "CCC.Core.CN06.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05" - ], - "PCI-4.0": [ - "1.2.5.17", - "1.2.8.17", - "1.2.8.18", - "1.2.8.21", - "1.2.8.41", - "1.3.1.19", - "1.3.1.21", - "1.3.1.24", - "1.3.1.45", - "1.3.2.19", - "1.3.2.21", - "1.3.2.24", - "1.3.2.45", - "1.4.1.5", - "1.4.2.18", - "1.4.2.19", - "1.4.2.22", - "1.4.2.43", - "1.4.4.5", - "1.5.1.17", - "1.5.1.18", - "1.5.1.21", - "1.5.1.40", - "2.2.5.17", - "A1.1.3.17", - "A1.1.3.18", - "A1.1.3.21", - "A1.1.3.40" - ], - "CIS-4.0": [ - "8.2" - ], - "NIS2": [ - "2.3.1", - "6.7.2.b", - "6.7.2.l", - "11.1.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900038, - "created_time_dt": "2025-10-19T18:53:58.634122", - "desc": "Network security groups should be periodically evaluated for port misconfigurations. Where certain ports and protocols may be exposed to the Internet, they should be evaluated for necessity and restricted wherever they are not explicitly required.", - "title": "Ensure that SSH access from the Internet is evaluated and restricted", - "types": [], - "uid": "prowler-azure-network_ssh_internet_access_restricted-3bb71587-4549-4396-8898-9e15f062e665-westus2-nsg-lee8" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "westus2", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-lee8/providers/Microsoft.Network/networkSecurityGroups/nsg-lee8", - "name": "nsg-lee8", - "location": "westus2", - "security_rules": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-lee8/providers/Microsoft.Network/networkSecurityGroups/nsg-lee8/securityRules/nsgr-lee8", - "name": "nsgr-lee8", - "destination_port_range": "*", - "protocol": "*", - "source_address_prefix": "192.168.0.0/24", - "access": "Deny", - "direction": "Outbound" - } - ] - } - }, - "group": { - "name": "network" - }, - "labels": [], - "name": "nsg-lee8", - "type": "Network", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-lee8/providers/Microsoft.Network/networkSecurityGroups/nsg-lee8" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "westus2" - }, - "remediation": { - "desc": "Where SSH is not explicitly required and narrowly configured for resources attached to the Network Security Group, Internet-level access to your Azure resources should be restricted or eliminated. For internal access to relevant resources, configure an encrypted network tunnel such as: ExpressRoute Site-to-site VPN Point-to-site VPN", - "references": [ - "https://docs.microsoft.com/en-us/security/benchmark/azure/security-controls-v3-network-security#ns-1-establish-network-segmentation-boundaries" - ] - }, - "risk_details": "The potential security problem with using SSH over the Internet is that attackers can use various brute force techniques to gain access to Azure Virtual Machines. Once the attackers gain access, they can use a virtual machine as a launch point for compromising other machines on the Azure Virtual Network or even attack networked devices outside of Azure.", - "time": 1760900038, - "time_dt": "2025-10-19T18:53:58.634122", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Security Group nsg-lee8 from subscription Azure subscription 1 has UDP internet access restricted.", - "metadata": { - "event_code": "network_udp_internet_access_restricted", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Security Group nsg-lee8 from subscription Azure subscription 1 has UDP internet access restricted.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/azure/security/fundamentals/network-best-practices#secure-your-critical-azure-service-resources-to-only-your-virtual-networks", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.com.1.az.nw.3" - ], - "MITRE-ATTACK": [ - "T1199", - "T1048", - "T1499", - "T1498", - "T1046" - ], - "CIS-2.0": [ - "6.3" - ], - "ProwlerThreatScore-1.0": [ - "2.1.3" - ], - "ISO27001-2022": [ - "A.8.14", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "SOC2": [ - "cc_6_6" - ], - "CIS-2.1": [ - "6.3" - ], - "CIS-3.0": [ - "7.3" - ], - "CCC": [ - "CCC.Build.CN03.AR01", - "CCC.MLDE.CN07.AR01", - "CCC.MLDE.CN07.AR02", - "CCC.MLDE.CN08.AR01", - "CCC.MLDE.CN08.AR02", - "CCC.Core.CN06.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05" - ], - "CIS-4.0": [ - "8.3" - ], - "NIS2": [ - "2.3.1", - "6.7.2.b", - "6.7.2.l", - "11.1.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900038, - "created_time_dt": "2025-10-19T18:53:58.634122", - "desc": "Network security groups should be periodically evaluated for port misconfigurations. Where certain ports and protocols may be exposed to the Internet, they should be evaluated for necessity and restricted wherever they are not explicitly required.", - "title": "Ensure that UDP access from the Internet is evaluated and restricted", - "types": [], - "uid": "prowler-azure-network_udp_internet_access_restricted-3bb71587-4549-4396-8898-9e15f062e665-westus2-nsg-lee8" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "westus2", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-lee8/providers/Microsoft.Network/networkSecurityGroups/nsg-lee8", - "name": "nsg-lee8", - "location": "westus2", - "security_rules": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-lee8/providers/Microsoft.Network/networkSecurityGroups/nsg-lee8/securityRules/nsgr-lee8", - "name": "nsgr-lee8", - "destination_port_range": "*", - "protocol": "*", - "source_address_prefix": "192.168.0.0/24", - "access": "Deny", - "direction": "Outbound" - } - ] - } - }, - "group": { - "name": "network" - }, - "labels": [], - "name": "nsg-lee8", - "type": "Network", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-lee8/providers/Microsoft.Network/networkSecurityGroups/nsg-lee8" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "westus2" - }, - "remediation": { - "desc": "Where UDP is not explicitly required and narrowly configured for resources attached tothe Network Security Group, Internet-level access to your Azure resources should be restricted or eliminated. For internal access to relevant resources, configure an encrypted network tunnel such as: ExpressRouteSite-to-site VPN Point-to-site VPN", - "references": [ - "https://docs.microsoft.com/en-us/azure/security/fundamentals/ddos-best-practices" - ] - }, - "risk_details": "The potential security problem with broadly exposing UDP services over the Internet is that attackers can use DDoS amplification techniques to reflect spoofed UDP traffic from Azure Virtual Machines. The most common types of these attacks use exposed DNS, NTP, SSDP, SNMP, CLDAP and other UDP-based services as amplification sources for disrupting services of other machines on the Azure Virtual Network or even attack networked devices outside of Azure.", - "time": 1760900038, - "time_dt": "2025-10-19T18:53:58.634122", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Network Watcher is not enabled for the following locations in subscription 'Azure subscription 1': uaenorth, australiacentral, austriaeast, southindia, jioindiacentral, germanynorth, westus, italynorth, ukwest, eastus2, brazilsouth, westus3, spaincentral, uksouth, francesouth, canadaeast, northcentralus, australiasoutheast, eastus, indonesiacentral, francecentral, westeurope, switzerlandnorth, mexicocentral, chilecentral, brazilsoutheast, jioindiawest, swedencentral, northeurope, southafricanorth, westcentralus, westindia, southeastasia, uaecentral, germanywestcentral, japanwest, canadacentral, israelcentral, centralus, newzealandnorth, southafricawest, japaneast, australiaeast, norwayeast, australiacentral2, koreacentral, norwaywest, qatarcentral, eastasia, koreasouth, polandcentral, switzerlandwest, malaysiawest.", - "metadata": { - "event_code": "network_watcher_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Network Watcher is not enabled for the following locations in subscription 'Azure subscription 1': uaenorth, australiacentral, austriaeast, southindia, jioindiacentral, germanynorth, westus, italynorth, ukwest, eastus2, brazilsouth, westus3, spaincentral, uksouth, francesouth, canadaeast, northcentralus, australiasoutheast, eastus, indonesiacentral, francecentral, westeurope, switzerlandnorth, mexicocentral, chilecentral, brazilsoutheast, jioindiawest, swedencentral, northeurope, southafricanorth, westcentralus, westindia, southeastasia, uaecentral, germanywestcentral, japanwest, canadacentral, israelcentral, centralus, newzealandnorth, southafricawest, japaneast, australiaeast, norwayeast, australiacentral2, koreacentral, norwaywest, qatarcentral, eastasia, koreasouth, polandcentral, switzerlandwest, malaysiawest.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-monitoring-overview", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "There are additional costs per transaction to run and store network data. For high-volume networks these charges will add up quickly.", - "compliance": { - "ENS-RD2022": [ - "op.mon.1.az.nw.1", - "op.mon.2.r2.az.ma.1", - "op.mon.3.az.nw.1", - "mp.com.1.az.nw.1", - "mp.com.1.az.nw.2", - "mp.com.1.az.nw.3", - "mp.com.3.az.nw.1" - ], - "MITRE-ATTACK": [ - "T1048", - "T1499", - "T1498", - "T1046", - "T1049" - ], - "CIS-2.0": [ - "6.6" - ], - "ProwlerThreatScore-1.0": [ - "3.3.14" - ], - "ISO27001-2022": [ - "A.8.14", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "CIS-2.1": [ - "6.6" - ], - "CIS-3.0": [ - "7.6" - ], - "CCC": [ - "CCC.LB.CN01.AR02", - "CCC.LB.CN06.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN06.AR01" - ], - "CIS-4.0": [ - "8.6" - ], - "NIS2": [ - "2.3.1", - "6.7.2.b", - "6.7.2.l", - "6.8.2.a", - "11.1.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900038, - "created_time_dt": "2025-10-19T18:53:58.634122", - "desc": "Enable Network Watcher for Azure subscriptions.", - "title": "Ensure that Network Watcher is 'Enabled' for all locations in the Azure subscription", - "types": [], - "uid": "prowler-azure-network_watcher_enabled-3bb71587-4549-4396-8898-9e15f062e665-global-Network Watcher" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "network" - }, - "labels": [], - "name": "Network Watcher", - "type": "Network", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_*" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "Opting out of Network Watcher automatic enablement is a permanent change. Once you opt-out you cannot opt-in without contacting support.", - "references": [ - "https://learn.microsoft.com/en-us/security/benchmark/azure/security-controls-v2-logging-threat-detection#lt-3-enable-logging-for-azure-network-activities" - ] - }, - "risk_details": "Network diagnostic and visualization tools available with Network Watcher help users understand, diagnose, and gain insights to the network in Azure.", - "time": 1760900038, - "time_dt": "2025-10-19T18:53:58.634122", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Policy assigment '/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Authorization/policyAssignments/SecurityCenterBuiltIn' is configured with enforcement mode 'Default'.", - "metadata": { - "event_code": "policy_ensure_asc_enforcement_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Policy assigment '/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Authorization/policyAssignments/SecurityCenterBuiltIn' is configured with enforcement mode 'Default'.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/defender-for-cloud/security-policy-concept", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-2.0": [ - "2.1.14" - ], - "ProwlerThreatScore-1.0": [ - "3.3.17" - ], - "ISO27001-2022": [ - "A.5.1" - ], - "CIS-2.1": [ - "2.1.13" - ], - "CIS-3.0": [ - "3.1.11" - ], - "PCI-4.0": [ - "10.2.1.1.31", - "10.4.1.1.5", - "10.4.1.4", - "10.4.2.5", - "10.6.3.36", - "10.7.1.6", - "10.7.2.6", - "A3.3.1.9", - "A3.5.1.9" - ], - "CIS-4.0": [ - "9.1.11" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900038, - "created_time_dt": "2025-10-19T18:53:58.634122", - "desc": "None of the settings offered by ASC Default policy should be set to effect Disabled.", - "title": "Ensure Any of the ASC Default Policy Settings are Not Set to 'Disabled'", - "types": [], - "uid": "prowler-azure-policy_ensure_asc_enforcement_enabled-3bb71587-4549-4396-8898-9e15f062e665-global-SecurityCenterBuiltIn" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Authorization/policyAssignments/SecurityCenterBuiltIn", - "name": "SecurityCenterBuiltIn", - "enforcement_mode": "Default" - } - }, - "group": { - "name": "policy" - }, - "labels": [], - "name": "SecurityCenterBuiltIn", - "type": "Microsoft.Authorization/policyAssignments", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Authorization/policyAssignments/SecurityCenterBuiltIn" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. From Azure Home select the Portal Menu 2. Select Policy 3. Select ASC Default for each subscription 4. Click on 'view Assignment' 5. Click on 'Edit assignment' 6. Ensure Policy Enforcement is Enabled 7. Click 'Review + Save'", - "references": [ - "https://learn.microsoft.com/en-us/azure/defender-for-cloud/implement-security-recommendations" - ] - }, - "risk_details": "A security policy defines the desired configuration of your workloads and helps ensure compliance with company or regulatory security requirements. ASC Default policy is associated with every subscription by default. ASC default policy assignment is a set of security recommendations based on best practices. Enabling recommendations in ASC default policy ensures that Azure security center provides the ability to monitor all of the supported recommendations and optionally allow automated action for a few of the supported recommendations.", - "time": 1760900038, - "time_dt": "2025-10-19T18:53:58.634122", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-e9rn from subscription Azure subscription 1 has allow public access from any Azure service disabled", - "metadata": { - "event_code": "postgresql_flexible_server_allow_access_services_disabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-e9rn from subscription Azure subscription 1 has allow public access from any Azure service disabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/azure/postgresql/concepts-firewall-rules", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.r4.az.sa.3" - ], - "CIS-2.0": [ - "4.3.7" - ], - "ProwlerThreatScore-1.0": [ - "2.2.2" - ], - "ISO27001-2022": [ - "A.8.3" - ], - "CIS-2.1": [ - "4.3.7" - ], - "CIS-3.0": [ - "5.2.5" - ], - "CCC": [ - "CCC.DataWar.CN03.AR01" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900038, - "created_time_dt": "2025-10-19T18:53:58.634122", - "desc": "Disable access from Azure services to PostgreSQL Database Server.", - "title": "Ensure 'Allow access to Azure services' for PostgreSQL Database Server is disabled", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_allow_access_services_disabled-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-e9rn" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn", - "name": "psql-e9rn", - "resource_group": "rg-e9rn", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-e9rn", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Connection security. 4. Under Firewall rules, set Allow access to Azure services to No. 5. Click Save. From Azure CLI Use the below command to delete the AllowAllWindowsAzureIps rule for PostgreSQL Database. az postgres server firewall-rule delete --name AllowAllWindowsAzureIps -- resource-group --server-name ", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/quickstart-create-server-database-azure-cli#configure-a-server-based-firewall-rule" - ] - }, - "risk_details": "If access from Azure services is enabled, the server's firewall will accept connections from all Azure resources, including resources not in your subscription. This is usually not a desired configuration. Instead, set up firewall rules to allow access from specific network ranges or VNET rules to allow access from specific virtual networks.", - "time": 1760900038, - "time_dt": "2025-10-19T18:53:58.634122", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-ireu from subscription Azure subscription 1 has allow public access from any Azure service disabled", - "metadata": { - "event_code": "postgresql_flexible_server_allow_access_services_disabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-ireu from subscription Azure subscription 1 has allow public access from any Azure service disabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/azure/postgresql/concepts-firewall-rules", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.r4.az.sa.3" - ], - "CIS-2.0": [ - "4.3.7" - ], - "ProwlerThreatScore-1.0": [ - "2.2.2" - ], - "ISO27001-2022": [ - "A.8.3" - ], - "CIS-2.1": [ - "4.3.7" - ], - "CIS-3.0": [ - "5.2.5" - ], - "CCC": [ - "CCC.DataWar.CN03.AR01" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900038, - "created_time_dt": "2025-10-19T18:53:58.634122", - "desc": "Disable access from Azure services to PostgreSQL Database Server.", - "title": "Ensure 'Allow access to Azure services' for PostgreSQL Database Server is disabled", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_allow_access_services_disabled-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-ireu" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu", - "name": "psql-ireu", - "resource_group": "rg-ireu", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-ireu", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Connection security. 4. Under Firewall rules, set Allow access to Azure services to No. 5. Click Save. From Azure CLI Use the below command to delete the AllowAllWindowsAzureIps rule for PostgreSQL Database. az postgres server firewall-rule delete --name AllowAllWindowsAzureIps -- resource-group --server-name ", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/quickstart-create-server-database-azure-cli#configure-a-server-based-firewall-rule" - ] - }, - "risk_details": "If access from Azure services is enabled, the server's firewall will accept connections from all Azure resources, including resources not in your subscription. This is usually not a desired configuration. Instead, set up firewall rules to allow access from specific network ranges or VNET rules to allow access from specific virtual networks.", - "time": 1760900038, - "time_dt": "2025-10-19T18:53:58.634122", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-rk6x from subscription Azure subscription 1 has allow public access from any Azure service disabled", - "metadata": { - "event_code": "postgresql_flexible_server_allow_access_services_disabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-rk6x from subscription Azure subscription 1 has allow public access from any Azure service disabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/azure/postgresql/concepts-firewall-rules", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.r4.az.sa.3" - ], - "CIS-2.0": [ - "4.3.7" - ], - "ProwlerThreatScore-1.0": [ - "2.2.2" - ], - "ISO27001-2022": [ - "A.8.3" - ], - "CIS-2.1": [ - "4.3.7" - ], - "CIS-3.0": [ - "5.2.5" - ], - "CCC": [ - "CCC.DataWar.CN03.AR01" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900038, - "created_time_dt": "2025-10-19T18:53:58.634122", - "desc": "Disable access from Azure services to PostgreSQL Database Server.", - "title": "Ensure 'Allow access to Azure services' for PostgreSQL Database Server is disabled", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_allow_access_services_disabled-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-rk6x" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x", - "name": "psql-rk6x", - "resource_group": "rg-rk6x", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-rk6x", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Connection security. 4. Under Firewall rules, set Allow access to Azure services to No. 5. Click Save. From Azure CLI Use the below command to delete the AllowAllWindowsAzureIps rule for PostgreSQL Database. az postgres server firewall-rule delete --name AllowAllWindowsAzureIps -- resource-group --server-name ", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/quickstart-create-server-database-azure-cli#configure-a-server-based-firewall-rule" - ] - }, - "risk_details": "If access from Azure services is enabled, the server's firewall will accept connections from all Azure resources, including resources not in your subscription. This is usually not a desired configuration. Instead, set up firewall rules to allow access from specific network ranges or VNET rules to allow access from specific virtual networks.", - "time": 1760900038, - "time_dt": "2025-10-19T18:53:58.634122", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-rtac from subscription Azure subscription 1 has allow public access from any Azure service disabled", - "metadata": { - "event_code": "postgresql_flexible_server_allow_access_services_disabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-rtac from subscription Azure subscription 1 has allow public access from any Azure service disabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/azure/postgresql/concepts-firewall-rules", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.r4.az.sa.3" - ], - "CIS-2.0": [ - "4.3.7" - ], - "ProwlerThreatScore-1.0": [ - "2.2.2" - ], - "ISO27001-2022": [ - "A.8.3" - ], - "CIS-2.1": [ - "4.3.7" - ], - "CIS-3.0": [ - "5.2.5" - ], - "CCC": [ - "CCC.DataWar.CN03.AR01" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900038, - "created_time_dt": "2025-10-19T18:53:58.634122", - "desc": "Disable access from Azure services to PostgreSQL Database Server.", - "title": "Ensure 'Allow access to Azure services' for PostgreSQL Database Server is disabled", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_allow_access_services_disabled-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-rtac" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac", - "name": "psql-rtac", - "resource_group": "rg-rtac", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-rtac", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Connection security. 4. Under Firewall rules, set Allow access to Azure services to No. 5. Click Save. From Azure CLI Use the below command to delete the AllowAllWindowsAzureIps rule for PostgreSQL Database. az postgres server firewall-rule delete --name AllowAllWindowsAzureIps -- resource-group --server-name ", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/quickstart-create-server-database-azure-cli#configure-a-server-based-firewall-rule" - ] - }, - "risk_details": "If access from Azure services is enabled, the server's firewall will accept connections from all Azure resources, including resources not in your subscription. This is usually not a desired configuration. Instead, set up firewall rules to allow access from specific network ranges or VNET rules to allow access from specific virtual networks.", - "time": 1760900038, - "time_dt": "2025-10-19T18:53:58.634122", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-tumw from subscription Azure subscription 1 has allow public access from any Azure service disabled", - "metadata": { - "event_code": "postgresql_flexible_server_allow_access_services_disabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-tumw from subscription Azure subscription 1 has allow public access from any Azure service disabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/azure/postgresql/concepts-firewall-rules", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.r4.az.sa.3" - ], - "CIS-2.0": [ - "4.3.7" - ], - "ProwlerThreatScore-1.0": [ - "2.2.2" - ], - "ISO27001-2022": [ - "A.8.3" - ], - "CIS-2.1": [ - "4.3.7" - ], - "CIS-3.0": [ - "5.2.5" - ], - "CCC": [ - "CCC.DataWar.CN03.AR01" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900038, - "created_time_dt": "2025-10-19T18:53:58.634122", - "desc": "Disable access from Azure services to PostgreSQL Database Server.", - "title": "Ensure 'Allow access to Azure services' for PostgreSQL Database Server is disabled", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_allow_access_services_disabled-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-tumw" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw", - "name": "psql-tumw", - "resource_group": "rg-tumw", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-tumw", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Connection security. 4. Under Firewall rules, set Allow access to Azure services to No. 5. Click Save. From Azure CLI Use the below command to delete the AllowAllWindowsAzureIps rule for PostgreSQL Database. az postgres server firewall-rule delete --name AllowAllWindowsAzureIps -- resource-group --server-name ", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/quickstart-create-server-database-azure-cli#configure-a-server-based-firewall-rule" - ] - }, - "risk_details": "If access from Azure services is enabled, the server's firewall will accept connections from all Azure resources, including resources not in your subscription. This is usually not a desired configuration. Instead, set up firewall rules to allow access from specific network ranges or VNET rules to allow access from specific virtual networks.", - "time": 1760900038, - "time_dt": "2025-10-19T18:53:58.634122", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-e9rn from subscription Azure subscription 1 has connection_throttling disabled", - "metadata": { - "event_code": "postgresql_flexible_server_connection_throttling_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Flexible Postgresql server psql-e9rn from subscription Azure subscription 1 has connection_throttling disabled", - "status_id": 1, - "unmapped": { - "related_url": " https://docs.microsoft.com/en-us/rest/api/postgresql/configurations/listbyserver", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-2.0": [ - "4.3.5" - ], - "ProwlerThreatScore-1.0": [ - "3.1.2" - ], - "CIS-2.1": [ - "4.3.5" - ], - "CIS-3.0": [ - "5.2.3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900038, - "created_time_dt": "2025-10-19T18:53:58.634122", - "desc": "Enable connection_throttling on PostgreSQL Servers.", - "title": "Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_connection_throttling_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-e9rn" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn", - "name": "psql-e9rn", - "resource_group": "rg-e9rn", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-e9rn", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for connection_throttling. 5. Click ON and save. From Azure CLI Use the below command to update connection_throttling configuration. az postgres server configuration set --resource-group -- server-name --name connection_throttling --value on From PowerShell Use the below command to update connection_throttling configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name connection_throttling -Value on", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/how-to-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling connection_throttling helps the PostgreSQL Database to Set the verbosity of logged messages. This in turn generates query and error logs with respect to concurrent connections that could lead to a successful Denial of Service (DoS) attack by exhausting connection resources. A system can also fail or be degraded by an overload of legitimate users. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760900038, - "time_dt": "2025-10-19T18:53:58.634122", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-ireu from subscription Azure subscription 1 has connection_throttling disabled", - "metadata": { - "event_code": "postgresql_flexible_server_connection_throttling_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Flexible Postgresql server psql-ireu from subscription Azure subscription 1 has connection_throttling disabled", - "status_id": 1, - "unmapped": { - "related_url": " https://docs.microsoft.com/en-us/rest/api/postgresql/configurations/listbyserver", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-2.0": [ - "4.3.5" - ], - "ProwlerThreatScore-1.0": [ - "3.1.2" - ], - "CIS-2.1": [ - "4.3.5" - ], - "CIS-3.0": [ - "5.2.3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900038, - "created_time_dt": "2025-10-19T18:53:58.634122", - "desc": "Enable connection_throttling on PostgreSQL Servers.", - "title": "Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_connection_throttling_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-ireu" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu", - "name": "psql-ireu", - "resource_group": "rg-ireu", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-ireu", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for connection_throttling. 5. Click ON and save. From Azure CLI Use the below command to update connection_throttling configuration. az postgres server configuration set --resource-group -- server-name --name connection_throttling --value on From PowerShell Use the below command to update connection_throttling configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name connection_throttling -Value on", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/how-to-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling connection_throttling helps the PostgreSQL Database to Set the verbosity of logged messages. This in turn generates query and error logs with respect to concurrent connections that could lead to a successful Denial of Service (DoS) attack by exhausting connection resources. A system can also fail or be degraded by an overload of legitimate users. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760900038, - "time_dt": "2025-10-19T18:53:58.634122", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-rk6x from subscription Azure subscription 1 has connection_throttling disabled", - "metadata": { - "event_code": "postgresql_flexible_server_connection_throttling_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Flexible Postgresql server psql-rk6x from subscription Azure subscription 1 has connection_throttling disabled", - "status_id": 1, - "unmapped": { - "related_url": " https://docs.microsoft.com/en-us/rest/api/postgresql/configurations/listbyserver", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-2.0": [ - "4.3.5" - ], - "ProwlerThreatScore-1.0": [ - "3.1.2" - ], - "CIS-2.1": [ - "4.3.5" - ], - "CIS-3.0": [ - "5.2.3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900038, - "created_time_dt": "2025-10-19T18:53:58.634122", - "desc": "Enable connection_throttling on PostgreSQL Servers.", - "title": "Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_connection_throttling_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-rk6x" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x", - "name": "psql-rk6x", - "resource_group": "rg-rk6x", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-rk6x", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for connection_throttling. 5. Click ON and save. From Azure CLI Use the below command to update connection_throttling configuration. az postgres server configuration set --resource-group -- server-name --name connection_throttling --value on From PowerShell Use the below command to update connection_throttling configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name connection_throttling -Value on", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/how-to-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling connection_throttling helps the PostgreSQL Database to Set the verbosity of logged messages. This in turn generates query and error logs with respect to concurrent connections that could lead to a successful Denial of Service (DoS) attack by exhausting connection resources. A system can also fail or be degraded by an overload of legitimate users. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760900038, - "time_dt": "2025-10-19T18:53:58.634122", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-rtac from subscription Azure subscription 1 has connection_throttling disabled", - "metadata": { - "event_code": "postgresql_flexible_server_connection_throttling_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Flexible Postgresql server psql-rtac from subscription Azure subscription 1 has connection_throttling disabled", - "status_id": 1, - "unmapped": { - "related_url": " https://docs.microsoft.com/en-us/rest/api/postgresql/configurations/listbyserver", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-2.0": [ - "4.3.5" - ], - "ProwlerThreatScore-1.0": [ - "3.1.2" - ], - "CIS-2.1": [ - "4.3.5" - ], - "CIS-3.0": [ - "5.2.3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900038, - "created_time_dt": "2025-10-19T18:53:58.634122", - "desc": "Enable connection_throttling on PostgreSQL Servers.", - "title": "Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_connection_throttling_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-rtac" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac", - "name": "psql-rtac", - "resource_group": "rg-rtac", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-rtac", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for connection_throttling. 5. Click ON and save. From Azure CLI Use the below command to update connection_throttling configuration. az postgres server configuration set --resource-group -- server-name --name connection_throttling --value on From PowerShell Use the below command to update connection_throttling configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name connection_throttling -Value on", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/how-to-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling connection_throttling helps the PostgreSQL Database to Set the verbosity of logged messages. This in turn generates query and error logs with respect to concurrent connections that could lead to a successful Denial of Service (DoS) attack by exhausting connection resources. A system can also fail or be degraded by an overload of legitimate users. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760900038, - "time_dt": "2025-10-19T18:53:58.634122", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-tumw from subscription Azure subscription 1 has connection_throttling disabled", - "metadata": { - "event_code": "postgresql_flexible_server_connection_throttling_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Flexible Postgresql server psql-tumw from subscription Azure subscription 1 has connection_throttling disabled", - "status_id": 1, - "unmapped": { - "related_url": " https://docs.microsoft.com/en-us/rest/api/postgresql/configurations/listbyserver", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-2.0": [ - "4.3.5" - ], - "ProwlerThreatScore-1.0": [ - "3.1.2" - ], - "CIS-2.1": [ - "4.3.5" - ], - "CIS-3.0": [ - "5.2.3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900038, - "created_time_dt": "2025-10-19T18:53:58.634122", - "desc": "Enable connection_throttling on PostgreSQL Servers.", - "title": "Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_connection_throttling_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-tumw" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw", - "name": "psql-tumw", - "resource_group": "rg-tumw", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-tumw", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for connection_throttling. 5. Click ON and save. From Azure CLI Use the below command to update connection_throttling configuration. az postgres server configuration set --resource-group -- server-name --name connection_throttling --value on From PowerShell Use the below command to update connection_throttling configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name connection_throttling -Value on", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/how-to-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling connection_throttling helps the PostgreSQL Database to Set the verbosity of logged messages. This in turn generates query and error logs with respect to concurrent connections that could lead to a successful Denial of Service (DoS) attack by exhausting connection resources. A system can also fail or be degraded by an overload of legitimate users. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760900038, - "time_dt": "2025-10-19T18:53:58.634122", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-e9rn from subscription Azure subscription 1 has enforce ssl enabled", - "metadata": { - "event_code": "postgresql_flexible_server_enforce_ssl_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-e9rn from subscription Azure subscription 1 has enforce ssl enabled", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/postgresql/single-server/concepts-ssl-connection-security", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": ".", - "compliance": { - "MITRE-ATTACK": [ - "T1040", - "T1530" - ], - "CIS-2.0": [ - "4.3.1" - ], - "ProwlerThreatScore-1.0": [ - "4.1.1", - "4.1.2" - ], - "SOC2": [ - "cc_6_2", - "cc_6_6" - ], - "CIS-2.1": [ - "4.3.1" - ], - "CIS-3.0": [ - "5.2.1", - "5.3.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900038, - "created_time_dt": "2025-10-19T18:53:58.634122", - "desc": "Enable SSL connection on PostgreSQL Servers.", - "title": "Ensure 'Enforce SSL connection' is set to 'ENABLED' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_enforce_ssl_enabled-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-e9rn" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn", - "name": "psql-e9rn", - "resource_group": "rg-e9rn", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-e9rn", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com 2. Go to Azure Database for PostgreSQL server 3. For each database, click on Connection security 4. In SSL settings, click on ENABLED to enforce SSL connections 5. Click Save From Azure CLI Use the below command to enforce ssl connection for PostgreSQL Database. az postgres server update --resource-group --name --ssl-enforcement Enabled From PowerShell Update-AzPostgreSqlServer -ResourceGroupName -ServerName -SslEnforcement Enabled", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/concepts-ssl-connection-security" - ] - }, - "risk_details": "SSL connectivity helps to provide a new layer of security by connecting database server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between database server and client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and application.", - "time": 1760900038, - "time_dt": "2025-10-19T18:53:58.634122", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-ireu from subscription Azure subscription 1 has enforce ssl enabled", - "metadata": { - "event_code": "postgresql_flexible_server_enforce_ssl_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-ireu from subscription Azure subscription 1 has enforce ssl enabled", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/postgresql/single-server/concepts-ssl-connection-security", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": ".", - "compliance": { - "MITRE-ATTACK": [ - "T1040", - "T1530" - ], - "CIS-2.0": [ - "4.3.1" - ], - "ProwlerThreatScore-1.0": [ - "4.1.1", - "4.1.2" - ], - "SOC2": [ - "cc_6_2", - "cc_6_6" - ], - "CIS-2.1": [ - "4.3.1" - ], - "CIS-3.0": [ - "5.2.1", - "5.3.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900038, - "created_time_dt": "2025-10-19T18:53:58.634122", - "desc": "Enable SSL connection on PostgreSQL Servers.", - "title": "Ensure 'Enforce SSL connection' is set to 'ENABLED' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_enforce_ssl_enabled-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-ireu" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu", - "name": "psql-ireu", - "resource_group": "rg-ireu", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-ireu", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com 2. Go to Azure Database for PostgreSQL server 3. For each database, click on Connection security 4. In SSL settings, click on ENABLED to enforce SSL connections 5. Click Save From Azure CLI Use the below command to enforce ssl connection for PostgreSQL Database. az postgres server update --resource-group --name --ssl-enforcement Enabled From PowerShell Update-AzPostgreSqlServer -ResourceGroupName -ServerName -SslEnforcement Enabled", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/concepts-ssl-connection-security" - ] - }, - "risk_details": "SSL connectivity helps to provide a new layer of security by connecting database server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between database server and client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and application.", - "time": 1760900038, - "time_dt": "2025-10-19T18:53:58.634122", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-rk6x from subscription Azure subscription 1 has enforce ssl enabled", - "metadata": { - "event_code": "postgresql_flexible_server_enforce_ssl_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-rk6x from subscription Azure subscription 1 has enforce ssl enabled", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/postgresql/single-server/concepts-ssl-connection-security", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": ".", - "compliance": { - "MITRE-ATTACK": [ - "T1040", - "T1530" - ], - "CIS-2.0": [ - "4.3.1" - ], - "ProwlerThreatScore-1.0": [ - "4.1.1", - "4.1.2" - ], - "SOC2": [ - "cc_6_2", - "cc_6_6" - ], - "CIS-2.1": [ - "4.3.1" - ], - "CIS-3.0": [ - "5.2.1", - "5.3.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900038, - "created_time_dt": "2025-10-19T18:53:58.634122", - "desc": "Enable SSL connection on PostgreSQL Servers.", - "title": "Ensure 'Enforce SSL connection' is set to 'ENABLED' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_enforce_ssl_enabled-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-rk6x" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x", - "name": "psql-rk6x", - "resource_group": "rg-rk6x", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-rk6x", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com 2. Go to Azure Database for PostgreSQL server 3. For each database, click on Connection security 4. In SSL settings, click on ENABLED to enforce SSL connections 5. Click Save From Azure CLI Use the below command to enforce ssl connection for PostgreSQL Database. az postgres server update --resource-group --name --ssl-enforcement Enabled From PowerShell Update-AzPostgreSqlServer -ResourceGroupName -ServerName -SslEnforcement Enabled", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/concepts-ssl-connection-security" - ] - }, - "risk_details": "SSL connectivity helps to provide a new layer of security by connecting database server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between database server and client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and application.", - "time": 1760900038, - "time_dt": "2025-10-19T18:53:58.634122", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-rtac from subscription Azure subscription 1 has enforce ssl enabled", - "metadata": { - "event_code": "postgresql_flexible_server_enforce_ssl_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-rtac from subscription Azure subscription 1 has enforce ssl enabled", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/postgresql/single-server/concepts-ssl-connection-security", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": ".", - "compliance": { - "MITRE-ATTACK": [ - "T1040", - "T1530" - ], - "CIS-2.0": [ - "4.3.1" - ], - "ProwlerThreatScore-1.0": [ - "4.1.1", - "4.1.2" - ], - "SOC2": [ - "cc_6_2", - "cc_6_6" - ], - "CIS-2.1": [ - "4.3.1" - ], - "CIS-3.0": [ - "5.2.1", - "5.3.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900038, - "created_time_dt": "2025-10-19T18:53:58.634122", - "desc": "Enable SSL connection on PostgreSQL Servers.", - "title": "Ensure 'Enforce SSL connection' is set to 'ENABLED' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_enforce_ssl_enabled-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-rtac" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac", - "name": "psql-rtac", - "resource_group": "rg-rtac", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-rtac", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com 2. Go to Azure Database for PostgreSQL server 3. For each database, click on Connection security 4. In SSL settings, click on ENABLED to enforce SSL connections 5. Click Save From Azure CLI Use the below command to enforce ssl connection for PostgreSQL Database. az postgres server update --resource-group --name --ssl-enforcement Enabled From PowerShell Update-AzPostgreSqlServer -ResourceGroupName -ServerName -SslEnforcement Enabled", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/concepts-ssl-connection-security" - ] - }, - "risk_details": "SSL connectivity helps to provide a new layer of security by connecting database server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between database server and client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and application.", - "time": 1760900038, - "time_dt": "2025-10-19T18:53:58.634122", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-tumw from subscription Azure subscription 1 has enforce ssl enabled", - "metadata": { - "event_code": "postgresql_flexible_server_enforce_ssl_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-tumw from subscription Azure subscription 1 has enforce ssl enabled", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/postgresql/single-server/concepts-ssl-connection-security", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": ".", - "compliance": { - "MITRE-ATTACK": [ - "T1040", - "T1530" - ], - "CIS-2.0": [ - "4.3.1" - ], - "ProwlerThreatScore-1.0": [ - "4.1.1", - "4.1.2" - ], - "SOC2": [ - "cc_6_2", - "cc_6_6" - ], - "CIS-2.1": [ - "4.3.1" - ], - "CIS-3.0": [ - "5.2.1", - "5.3.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900038, - "created_time_dt": "2025-10-19T18:53:58.634122", - "desc": "Enable SSL connection on PostgreSQL Servers.", - "title": "Ensure 'Enforce SSL connection' is set to 'ENABLED' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_enforce_ssl_enabled-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-tumw" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw", - "name": "psql-tumw", - "resource_group": "rg-tumw", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-tumw", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com 2. Go to Azure Database for PostgreSQL server 3. For each database, click on Connection security 4. In SSL settings, click on ENABLED to enforce SSL connections 5. Click Save From Azure CLI Use the below command to enforce ssl connection for PostgreSQL Database. az postgres server update --resource-group --name --ssl-enforcement Enabled From PowerShell Update-AzPostgreSqlServer -ResourceGroupName -ServerName -SslEnforcement Enabled", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/concepts-ssl-connection-security" - ] - }, - "risk_details": "SSL connectivity helps to provide a new layer of security by connecting database server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between database server and client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and application.", - "time": 1760900038, - "time_dt": "2025-10-19T18:53:58.634122", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-e9rn from subscription Azure subscription 1 has log_checkpoints enabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_checkpoints_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-e9rn from subscription Azure subscription 1 has log_checkpoints enabled", - "status_id": 1, - "unmapped": { - "related_url": " https://docs.microsoft.com/en-us/rest/api/postgresql/singleserver/configurations/list-by-server", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.3" - ], - "CIS-2.0": [ - "4.3.2" - ], - "ProwlerThreatScore-1.0": [ - "3.1.1" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "4.3.2" - ], - "CIS-3.0": [ - "5.2.2" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.g", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900038, - "created_time_dt": "2025-10-19T18:53:58.634122", - "desc": "Enable log_checkpoints on PostgreSQL Servers.", - "title": "Ensure Server Parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_checkpoints_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-e9rn" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn", - "name": "psql-e9rn", - "resource_group": "rg-e9rn", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-e9rn", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. From Azure Home select the Portal Menu. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for log_checkpoints. 5. Click ON and save. From Azure CLI Use the below command to update log_checkpoints configuration. az postgres server configuration set --resource-group -- server-name --name log_checkpoints --value on From PowerShell Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_checkpoints -Value on", - "references": [ - "https://docs.microsoft.com/en-us/azure/postgresql/howto-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling log_checkpoints helps the PostgreSQL Database to Log each checkpoint in turn generates query and error logs. However, access to transaction logs is not supported. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760900038, - "time_dt": "2025-10-19T18:53:58.634122", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-ireu from subscription Azure subscription 1 has log_checkpoints enabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_checkpoints_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-ireu from subscription Azure subscription 1 has log_checkpoints enabled", - "status_id": 1, - "unmapped": { - "related_url": " https://docs.microsoft.com/en-us/rest/api/postgresql/singleserver/configurations/list-by-server", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.3" - ], - "CIS-2.0": [ - "4.3.2" - ], - "ProwlerThreatScore-1.0": [ - "3.1.1" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "4.3.2" - ], - "CIS-3.0": [ - "5.2.2" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.g", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900038, - "created_time_dt": "2025-10-19T18:53:58.634122", - "desc": "Enable log_checkpoints on PostgreSQL Servers.", - "title": "Ensure Server Parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_checkpoints_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-ireu" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu", - "name": "psql-ireu", - "resource_group": "rg-ireu", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-ireu", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. From Azure Home select the Portal Menu. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for log_checkpoints. 5. Click ON and save. From Azure CLI Use the below command to update log_checkpoints configuration. az postgres server configuration set --resource-group -- server-name --name log_checkpoints --value on From PowerShell Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_checkpoints -Value on", - "references": [ - "https://docs.microsoft.com/en-us/azure/postgresql/howto-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling log_checkpoints helps the PostgreSQL Database to Log each checkpoint in turn generates query and error logs. However, access to transaction logs is not supported. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760900038, - "time_dt": "2025-10-19T18:53:58.634122", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-rk6x from subscription Azure subscription 1 has log_checkpoints enabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_checkpoints_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-rk6x from subscription Azure subscription 1 has log_checkpoints enabled", - "status_id": 1, - "unmapped": { - "related_url": " https://docs.microsoft.com/en-us/rest/api/postgresql/singleserver/configurations/list-by-server", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.3" - ], - "CIS-2.0": [ - "4.3.2" - ], - "ProwlerThreatScore-1.0": [ - "3.1.1" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "4.3.2" - ], - "CIS-3.0": [ - "5.2.2" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.g", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900038, - "created_time_dt": "2025-10-19T18:53:58.634122", - "desc": "Enable log_checkpoints on PostgreSQL Servers.", - "title": "Ensure Server Parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_checkpoints_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-rk6x" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x", - "name": "psql-rk6x", - "resource_group": "rg-rk6x", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-rk6x", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. From Azure Home select the Portal Menu. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for log_checkpoints. 5. Click ON and save. From Azure CLI Use the below command to update log_checkpoints configuration. az postgres server configuration set --resource-group -- server-name --name log_checkpoints --value on From PowerShell Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_checkpoints -Value on", - "references": [ - "https://docs.microsoft.com/en-us/azure/postgresql/howto-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling log_checkpoints helps the PostgreSQL Database to Log each checkpoint in turn generates query and error logs. However, access to transaction logs is not supported. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760900038, - "time_dt": "2025-10-19T18:53:58.634122", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-rtac from subscription Azure subscription 1 has log_checkpoints enabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_checkpoints_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-rtac from subscription Azure subscription 1 has log_checkpoints enabled", - "status_id": 1, - "unmapped": { - "related_url": " https://docs.microsoft.com/en-us/rest/api/postgresql/singleserver/configurations/list-by-server", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.3" - ], - "CIS-2.0": [ - "4.3.2" - ], - "ProwlerThreatScore-1.0": [ - "3.1.1" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "4.3.2" - ], - "CIS-3.0": [ - "5.2.2" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.g", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900038, - "created_time_dt": "2025-10-19T18:53:58.634122", - "desc": "Enable log_checkpoints on PostgreSQL Servers.", - "title": "Ensure Server Parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_checkpoints_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-rtac" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac", - "name": "psql-rtac", - "resource_group": "rg-rtac", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-rtac", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. From Azure Home select the Portal Menu. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for log_checkpoints. 5. Click ON and save. From Azure CLI Use the below command to update log_checkpoints configuration. az postgres server configuration set --resource-group -- server-name --name log_checkpoints --value on From PowerShell Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_checkpoints -Value on", - "references": [ - "https://docs.microsoft.com/en-us/azure/postgresql/howto-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling log_checkpoints helps the PostgreSQL Database to Log each checkpoint in turn generates query and error logs. However, access to transaction logs is not supported. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760900038, - "time_dt": "2025-10-19T18:53:58.634122", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-tumw from subscription Azure subscription 1 has log_checkpoints enabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_checkpoints_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-tumw from subscription Azure subscription 1 has log_checkpoints enabled", - "status_id": 1, - "unmapped": { - "related_url": " https://docs.microsoft.com/en-us/rest/api/postgresql/singleserver/configurations/list-by-server", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.3" - ], - "CIS-2.0": [ - "4.3.2" - ], - "ProwlerThreatScore-1.0": [ - "3.1.1" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "4.3.2" - ], - "CIS-3.0": [ - "5.2.2" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.g", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900038, - "created_time_dt": "2025-10-19T18:53:58.634122", - "desc": "Enable log_checkpoints on PostgreSQL Servers.", - "title": "Ensure Server Parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_checkpoints_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-tumw" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw", - "name": "psql-tumw", - "resource_group": "rg-tumw", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-tumw", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. From Azure Home select the Portal Menu. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for log_checkpoints. 5. Click ON and save. From Azure CLI Use the below command to update log_checkpoints configuration. az postgres server configuration set --resource-group -- server-name --name log_checkpoints --value on From PowerShell Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_checkpoints -Value on", - "references": [ - "https://docs.microsoft.com/en-us/azure/postgresql/howto-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling log_checkpoints helps the PostgreSQL Database to Log each checkpoint in turn generates query and error logs. However, access to transaction logs is not supported. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760900038, - "time_dt": "2025-10-19T18:53:58.634122", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-e9rn from subscription Azure subscription 1 has log_connections enabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_connections_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-e9rn from subscription Azure subscription 1 has log_connections enabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/rest/api/postgresql/configurations/listbyserver", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.3" - ], - "CIS-2.0": [ - "4.3.3" - ], - "ProwlerThreatScore-1.0": [ - "3.1.3" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "4.3.3" - ], - "CIS-3.0": [ - "5.2.6" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.c", - "3.2.3.e", - "3.2.3.g", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900038, - "created_time_dt": "2025-10-19T18:53:58.634122", - "desc": "Enable log_connections on PostgreSQL Servers.", - "title": "Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_connections_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-e9rn" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn", - "name": "psql-e9rn", - "resource_group": "rg-e9rn", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-e9rn", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for log_connections. 5. Click ON and save. From Azure CLI Use the below command to update log_connections configuration. az postgres server configuration set --resource-group -- server-name --name log_connections --value on From PowerShell Use the below command to update log_connections configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_connections -Value on", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/how-to-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling log_connections helps PostgreSQL Database to log attempted connection to the server, as well as successful completion of client authentication. Log data can be used to identify, troubleshoot, and repair configuration errors and suboptimal performance.", - "time": 1760900038, - "time_dt": "2025-10-19T18:53:58.634122", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-ireu from subscription Azure subscription 1 has log_connections enabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_connections_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-ireu from subscription Azure subscription 1 has log_connections enabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/rest/api/postgresql/configurations/listbyserver", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.3" - ], - "CIS-2.0": [ - "4.3.3" - ], - "ProwlerThreatScore-1.0": [ - "3.1.3" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "4.3.3" - ], - "CIS-3.0": [ - "5.2.6" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.c", - "3.2.3.e", - "3.2.3.g", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900038, - "created_time_dt": "2025-10-19T18:53:58.634122", - "desc": "Enable log_connections on PostgreSQL Servers.", - "title": "Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_connections_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-ireu" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu", - "name": "psql-ireu", - "resource_group": "rg-ireu", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-ireu", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for log_connections. 5. Click ON and save. From Azure CLI Use the below command to update log_connections configuration. az postgres server configuration set --resource-group -- server-name --name log_connections --value on From PowerShell Use the below command to update log_connections configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_connections -Value on", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/how-to-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling log_connections helps PostgreSQL Database to log attempted connection to the server, as well as successful completion of client authentication. Log data can be used to identify, troubleshoot, and repair configuration errors and suboptimal performance.", - "time": 1760900038, - "time_dt": "2025-10-19T18:53:58.634122", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-rk6x from subscription Azure subscription 1 has log_connections enabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_connections_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-rk6x from subscription Azure subscription 1 has log_connections enabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/rest/api/postgresql/configurations/listbyserver", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.3" - ], - "CIS-2.0": [ - "4.3.3" - ], - "ProwlerThreatScore-1.0": [ - "3.1.3" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "4.3.3" - ], - "CIS-3.0": [ - "5.2.6" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.c", - "3.2.3.e", - "3.2.3.g", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900038, - "created_time_dt": "2025-10-19T18:53:58.634122", - "desc": "Enable log_connections on PostgreSQL Servers.", - "title": "Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_connections_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-rk6x" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x", - "name": "psql-rk6x", - "resource_group": "rg-rk6x", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-rk6x", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for log_connections. 5. Click ON and save. From Azure CLI Use the below command to update log_connections configuration. az postgres server configuration set --resource-group -- server-name --name log_connections --value on From PowerShell Use the below command to update log_connections configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_connections -Value on", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/how-to-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling log_connections helps PostgreSQL Database to log attempted connection to the server, as well as successful completion of client authentication. Log data can be used to identify, troubleshoot, and repair configuration errors and suboptimal performance.", - "time": 1760900038, - "time_dt": "2025-10-19T18:53:58.634122", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-rtac from subscription Azure subscription 1 has log_connections enabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_connections_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-rtac from subscription Azure subscription 1 has log_connections enabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/rest/api/postgresql/configurations/listbyserver", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.3" - ], - "CIS-2.0": [ - "4.3.3" - ], - "ProwlerThreatScore-1.0": [ - "3.1.3" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "4.3.3" - ], - "CIS-3.0": [ - "5.2.6" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.c", - "3.2.3.e", - "3.2.3.g", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900038, - "created_time_dt": "2025-10-19T18:53:58.634122", - "desc": "Enable log_connections on PostgreSQL Servers.", - "title": "Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_connections_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-rtac" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac", - "name": "psql-rtac", - "resource_group": "rg-rtac", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-rtac", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for log_connections. 5. Click ON and save. From Azure CLI Use the below command to update log_connections configuration. az postgres server configuration set --resource-group -- server-name --name log_connections --value on From PowerShell Use the below command to update log_connections configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_connections -Value on", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/how-to-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling log_connections helps PostgreSQL Database to log attempted connection to the server, as well as successful completion of client authentication. Log data can be used to identify, troubleshoot, and repair configuration errors and suboptimal performance.", - "time": 1760900038, - "time_dt": "2025-10-19T18:53:58.634122", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-tumw from subscription Azure subscription 1 has log_connections enabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_connections_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-tumw from subscription Azure subscription 1 has log_connections enabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/rest/api/postgresql/configurations/listbyserver", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.3" - ], - "CIS-2.0": [ - "4.3.3" - ], - "ProwlerThreatScore-1.0": [ - "3.1.3" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "4.3.3" - ], - "CIS-3.0": [ - "5.2.6" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.c", - "3.2.3.e", - "3.2.3.g", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900038, - "created_time_dt": "2025-10-19T18:53:58.634122", - "desc": "Enable log_connections on PostgreSQL Servers.", - "title": "Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_connections_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-tumw" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw", - "name": "psql-tumw", - "resource_group": "rg-tumw", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-tumw", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for log_connections. 5. Click ON and save. From Azure CLI Use the below command to update log_connections configuration. az postgres server configuration set --resource-group -- server-name --name log_connections --value on From PowerShell Use the below command to update log_connections configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_connections -Value on", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/how-to-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling log_connections helps PostgreSQL Database to log attempted connection to the server, as well as successful completion of client authentication. Log data can be used to identify, troubleshoot, and repair configuration errors and suboptimal performance.", - "time": 1760900038, - "time_dt": "2025-10-19T18:53:58.634122", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-e9rn from subscription Azure subscription 1 has log_disconnections enabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_disconnections_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-e9rn from subscription Azure subscription 1 has log_disconnections enabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/rest/api/postgresql/singleserver/configurations/list-by-server", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Enabling this setting will enable a log of all disconnections. If this is enabled for a high traffic server, the log may grow exponentially.", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.3" - ], - "CIS-2.0": [ - "4.3.4" - ], - "ProwlerThreatScore-1.0": [ - "3.1.4" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "4.3.4" - ], - "CIS-3.0": [ - "5.2.7" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.c", - "3.2.3.e", - "3.2.3.g", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900038, - "created_time_dt": "2025-10-19T18:53:58.634122", - "desc": "Enable log_disconnections on PostgreSQL Servers.", - "title": "Ensure server parameter 'log_disconnections' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_disconnections_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-e9rn" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn", - "name": "psql-e9rn", - "resource_group": "rg-e9rn", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-e9rn", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. From Azure Home select the Portal Menu 2. Go to Azure Database for PostgreSQL servers 3. For each database, click on Server parameters 4. Search for log_disconnections. 5. Click ON and save. From Azure CLI Use the below command to update log_disconnections configuration. az postgres server configuration set --resource-group -- server-name --name log_disconnections --value on From PowerShell Use the below command to update log_disconnections configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName -- server-name --name log_disconnections --value on From PowerShell Use the below command to update log_disconnections configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName -- server-name --name log_disconnections --value on From PowerShell Use the below command to update log_disconnections configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName -- server-name --name log_disconnections --value on From PowerShell Use the below command to update log_disconnections configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName -- server-name --name log_disconnections --value on From PowerShell Use the below command to update log_disconnections configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName -- server-name --name log_retention_days --value <4-7> From Powershell Use the below command to update log_retention_days configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_retention_days -Value <4-7>", - "references": [ - "https://learn.microsoft.com/en-us/rest/api/postgresql/singleserver/configurations/list-by-server?view=rest-postgresql-singleserver-2017-12-01&tabs=HTTP" - ] - }, - "risk_details": "Configuring log_retention_days determines the duration in days that Azure Database for PostgreSQL retains log files. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760900038, - "time_dt": "2025-10-19T18:53:58.634122", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-ireu from subscription Azure subscription 1 has log_retention disabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_retention_days_greater_3", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Flexible Postgresql server psql-ireu from subscription Azure subscription 1 has log_retention disabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/azure/postgresql/howto-configure-server-parameters-using-portal", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Configuring this setting will result in logs being retained for the specified number of days. If this is configured on a high traffic server, the log may grow quickly to occupy a large amount of disk space. In this case you may want to set this to a lower number.", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.r3.az.nt.1", - "op.mon.3.az.nw.1" - ], - "CIS-2.0": [ - "4.3.6" - ], - "ProwlerThreatScore-1.0": [ - "3.2.2" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1", - "cc_c_1_2" - ], - "CIS-2.1": [ - "4.3.6" - ], - "CIS-3.0": [ - "5.2.4" - ], - "CCC": [ - "CCC.Logging.CN02.AR02" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.g", - "3.2.5", - "4.1.2.g", - "4.1.4", - "6.1.2.b", - "11.2.2.f", - "12.2.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900038, - "created_time_dt": "2025-10-19T18:53:58.634122", - "desc": "Ensure log_retention_days on PostgreSQL Servers is set to an appropriate value.", - "title": "Ensure Server Parameter 'log_retention_days' is greater than 3 days for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_retention_days_greater_3-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-ireu" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu", - "name": "psql-ireu", - "resource_group": "rg-ireu", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-ireu", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. From Azure Home select the Portal Menu. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for log_retention_days. 5. Input a value between 4 and 7 (inclusive) and click Save. From Azure CLI Use the below command to update log_retention_days configuration. az postgres server configuration set --resource-group -- server-name --name log_retention_days --value <4-7> From Powershell Use the below command to update log_retention_days configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_retention_days -Value <4-7>", - "references": [ - "https://learn.microsoft.com/en-us/rest/api/postgresql/singleserver/configurations/list-by-server?view=rest-postgresql-singleserver-2017-12-01&tabs=HTTP" - ] - }, - "risk_details": "Configuring log_retention_days determines the duration in days that Azure Database for PostgreSQL retains log files. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760900038, - "time_dt": "2025-10-19T18:53:58.634122", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-rk6x from subscription Azure subscription 1 has log_retention disabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_retention_days_greater_3", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Flexible Postgresql server psql-rk6x from subscription Azure subscription 1 has log_retention disabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/azure/postgresql/howto-configure-server-parameters-using-portal", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Configuring this setting will result in logs being retained for the specified number of days. If this is configured on a high traffic server, the log may grow quickly to occupy a large amount of disk space. In this case you may want to set this to a lower number.", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.r3.az.nt.1", - "op.mon.3.az.nw.1" - ], - "CIS-2.0": [ - "4.3.6" - ], - "ProwlerThreatScore-1.0": [ - "3.2.2" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1", - "cc_c_1_2" - ], - "CIS-2.1": [ - "4.3.6" - ], - "CIS-3.0": [ - "5.2.4" - ], - "CCC": [ - "CCC.Logging.CN02.AR02" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.g", - "3.2.5", - "4.1.2.g", - "4.1.4", - "6.1.2.b", - "11.2.2.f", - "12.2.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900038, - "created_time_dt": "2025-10-19T18:53:58.634122", - "desc": "Ensure log_retention_days on PostgreSQL Servers is set to an appropriate value.", - "title": "Ensure Server Parameter 'log_retention_days' is greater than 3 days for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_retention_days_greater_3-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-rk6x" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x", - "name": "psql-rk6x", - "resource_group": "rg-rk6x", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-rk6x", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. From Azure Home select the Portal Menu. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for log_retention_days. 5. Input a value between 4 and 7 (inclusive) and click Save. From Azure CLI Use the below command to update log_retention_days configuration. az postgres server configuration set --resource-group -- server-name --name log_retention_days --value <4-7> From Powershell Use the below command to update log_retention_days configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_retention_days -Value <4-7>", - "references": [ - "https://learn.microsoft.com/en-us/rest/api/postgresql/singleserver/configurations/list-by-server?view=rest-postgresql-singleserver-2017-12-01&tabs=HTTP" - ] - }, - "risk_details": "Configuring log_retention_days determines the duration in days that Azure Database for PostgreSQL retains log files. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760900038, - "time_dt": "2025-10-19T18:53:58.634122", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-rtac from subscription Azure subscription 1 has log_retention disabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_retention_days_greater_3", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Flexible Postgresql server psql-rtac from subscription Azure subscription 1 has log_retention disabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/azure/postgresql/howto-configure-server-parameters-using-portal", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Configuring this setting will result in logs being retained for the specified number of days. If this is configured on a high traffic server, the log may grow quickly to occupy a large amount of disk space. In this case you may want to set this to a lower number.", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.r3.az.nt.1", - "op.mon.3.az.nw.1" - ], - "CIS-2.0": [ - "4.3.6" - ], - "ProwlerThreatScore-1.0": [ - "3.2.2" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1", - "cc_c_1_2" - ], - "CIS-2.1": [ - "4.3.6" - ], - "CIS-3.0": [ - "5.2.4" - ], - "CCC": [ - "CCC.Logging.CN02.AR02" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.g", - "3.2.5", - "4.1.2.g", - "4.1.4", - "6.1.2.b", - "11.2.2.f", - "12.2.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900038, - "created_time_dt": "2025-10-19T18:53:58.634122", - "desc": "Ensure log_retention_days on PostgreSQL Servers is set to an appropriate value.", - "title": "Ensure Server Parameter 'log_retention_days' is greater than 3 days for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_retention_days_greater_3-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-rtac" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac", - "name": "psql-rtac", - "resource_group": "rg-rtac", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-rtac", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. From Azure Home select the Portal Menu. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for log_retention_days. 5. Input a value between 4 and 7 (inclusive) and click Save. From Azure CLI Use the below command to update log_retention_days configuration. az postgres server configuration set --resource-group -- server-name --name log_retention_days --value <4-7> From Powershell Use the below command to update log_retention_days configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_retention_days -Value <4-7>", - "references": [ - "https://learn.microsoft.com/en-us/rest/api/postgresql/singleserver/configurations/list-by-server?view=rest-postgresql-singleserver-2017-12-01&tabs=HTTP" - ] - }, - "risk_details": "Configuring log_retention_days determines the duration in days that Azure Database for PostgreSQL retains log files. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760900038, - "time_dt": "2025-10-19T18:53:58.634122", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-tumw from subscription Azure subscription 1 has log_retention disabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_retention_days_greater_3", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Flexible Postgresql server psql-tumw from subscription Azure subscription 1 has log_retention disabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/azure/postgresql/howto-configure-server-parameters-using-portal", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Configuring this setting will result in logs being retained for the specified number of days. If this is configured on a high traffic server, the log may grow quickly to occupy a large amount of disk space. In this case you may want to set this to a lower number.", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.r3.az.nt.1", - "op.mon.3.az.nw.1" - ], - "CIS-2.0": [ - "4.3.6" - ], - "ProwlerThreatScore-1.0": [ - "3.2.2" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1", - "cc_c_1_2" - ], - "CIS-2.1": [ - "4.3.6" - ], - "CIS-3.0": [ - "5.2.4" - ], - "CCC": [ - "CCC.Logging.CN02.AR02" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.g", - "3.2.5", - "4.1.2.g", - "4.1.4", - "6.1.2.b", - "11.2.2.f", - "12.2.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900038, - "created_time_dt": "2025-10-19T18:53:58.634122", - "desc": "Ensure log_retention_days on PostgreSQL Servers is set to an appropriate value.", - "title": "Ensure Server Parameter 'log_retention_days' is greater than 3 days for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_retention_days_greater_3-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-tumw" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw", - "name": "psql-tumw", - "resource_group": "rg-tumw", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-tumw", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. From Azure Home select the Portal Menu. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for log_retention_days. 5. Input a value between 4 and 7 (inclusive) and click Save. From Azure CLI Use the below command to update log_retention_days configuration. az postgres server configuration set --resource-group -- server-name --name log_retention_days --value <4-7> From Powershell Use the below command to update log_retention_days configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_retention_days -Value <4-7>", - "references": [ - "https://learn.microsoft.com/en-us/rest/api/postgresql/singleserver/configurations/list-by-server?view=rest-postgresql-singleserver-2017-12-01&tabs=HTTP" - ] - }, - "risk_details": "Configuring log_retention_days determines the duration in days that Azure Database for PostgreSQL retains log files. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760900038, - "time_dt": "2025-10-19T18:53:58.634122", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - } -] diff --git a/website/src/data/test-results/finos-labs-ccc-cfi-compliance/azure-postgresql-flexibleserver/results/azure-postgresql-flexibleserver-delta.ocsf.json b/website/src/data/test-results/finos-labs-ccc-cfi-compliance/azure-postgresql-flexibleserver/results/azure-postgresql-flexibleserver-delta.ocsf.json deleted file mode 100644 index e5a12674..00000000 --- a/website/src/data/test-results/finos-labs-ccc-cfi-compliance/azure-postgresql-flexibleserver/results/azure-postgresql-flexibleserver-delta.ocsf.json +++ /dev/null @@ -1,953 +0,0 @@ -[ - { - "message": "Flexible Postgresql server psql-ireu from subscription Azure subscription 1 has allow public access from any Azure service disabled", - "metadata": { - "event_code": "postgresql_flexible_server_allow_access_services_disabled", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-ireu from subscription Azure subscription 1 has allow public access from any Azure service disabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/azure/postgresql/concepts-firewall-rules", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.r4.az.sa.3" - ], - "CIS-2.0": [ - "4.3.7" - ], - "ProwlerThreatScore-1.0": [ - "2.2.2" - ], - "ISO27001-2022": [ - "A.8.3" - ], - "CIS-2.1": [ - "4.3.7" - ], - "CIS-3.0": [ - "5.2.5" - ], - "CCC": [ - "CCC.DataWar.CN03.AR01" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900038, - "created_time_dt": "2025-10-19T18:53:58.634122", - "desc": "Disable access from Azure services to PostgreSQL Database Server.", - "title": "Ensure 'Allow access to Azure services' for PostgreSQL Database Server is disabled", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_allow_access_services_disabled-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-ireu" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu", - "name": "psql-ireu", - "resource_group": "rg-ireu", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-ireu", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Connection security. 4. Under Firewall rules, set Allow access to Azure services to No. 5. Click Save. From Azure CLI Use the below command to delete the AllowAllWindowsAzureIps rule for PostgreSQL Database. az postgres server firewall-rule delete --name AllowAllWindowsAzureIps -- resource-group --server-name ", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/quickstart-create-server-database-azure-cli#configure-a-server-based-firewall-rule" - ] - }, - "risk_details": "If access from Azure services is enabled, the server's firewall will accept connections from all Azure resources, including resources not in your subscription. This is usually not a desired configuration. Instead, set up firewall rules to allow access from specific network ranges or VNET rules to allow access from specific virtual networks.", - "time": 1760900038, - "time_dt": "2025-10-19T18:53:58.634122", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-ireu from subscription Azure subscription 1 has connection_throttling disabled", - "metadata": { - "event_code": "postgresql_flexible_server_connection_throttling_on", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Flexible Postgresql server psql-ireu from subscription Azure subscription 1 has connection_throttling disabled", - "status_id": 1, - "unmapped": { - "related_url": " https://docs.microsoft.com/en-us/rest/api/postgresql/configurations/listbyserver", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-2.0": [ - "4.3.5" - ], - "ProwlerThreatScore-1.0": [ - "3.1.2" - ], - "CIS-2.1": [ - "4.3.5" - ], - "CIS-3.0": [ - "5.2.3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900038, - "created_time_dt": "2025-10-19T18:53:58.634122", - "desc": "Enable connection_throttling on PostgreSQL Servers.", - "title": "Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_connection_throttling_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-ireu" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu", - "name": "psql-ireu", - "resource_group": "rg-ireu", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-ireu", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for connection_throttling. 5. Click ON and save. From Azure CLI Use the below command to update connection_throttling configuration. az postgres server configuration set --resource-group -- server-name --name connection_throttling --value on From PowerShell Use the below command to update connection_throttling configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name connection_throttling -Value on", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/how-to-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling connection_throttling helps the PostgreSQL Database to Set the verbosity of logged messages. This in turn generates query and error logs with respect to concurrent connections that could lead to a successful Denial of Service (DoS) attack by exhausting connection resources. A system can also fail or be degraded by an overload of legitimate users. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760900038, - "time_dt": "2025-10-19T18:53:58.634122", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-ireu from subscription Azure subscription 1 has enforce ssl enabled", - "metadata": { - "event_code": "postgresql_flexible_server_enforce_ssl_enabled", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-ireu from subscription Azure subscription 1 has enforce ssl enabled", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/postgresql/single-server/concepts-ssl-connection-security", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": ".", - "compliance": { - "MITRE-ATTACK": [ - "T1040", - "T1530" - ], - "CIS-2.0": [ - "4.3.1" - ], - "ProwlerThreatScore-1.0": [ - "4.1.1", - "4.1.2" - ], - "SOC2": [ - "cc_6_2", - "cc_6_6" - ], - "CIS-2.1": [ - "4.3.1" - ], - "CIS-3.0": [ - "5.2.1", - "5.3.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900038, - "created_time_dt": "2025-10-19T18:53:58.634122", - "desc": "Enable SSL connection on PostgreSQL Servers.", - "title": "Ensure 'Enforce SSL connection' is set to 'ENABLED' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_enforce_ssl_enabled-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-ireu" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu", - "name": "psql-ireu", - "resource_group": "rg-ireu", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-ireu", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com 2. Go to Azure Database for PostgreSQL server 3. For each database, click on Connection security 4. In SSL settings, click on ENABLED to enforce SSL connections 5. Click Save From Azure CLI Use the below command to enforce ssl connection for PostgreSQL Database. az postgres server update --resource-group --name --ssl-enforcement Enabled From PowerShell Update-AzPostgreSqlServer -ResourceGroupName -ServerName -SslEnforcement Enabled", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/concepts-ssl-connection-security" - ] - }, - "risk_details": "SSL connectivity helps to provide a new layer of security by connecting database server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between database server and client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and application.", - "time": 1760900038, - "time_dt": "2025-10-19T18:53:58.634122", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-ireu from subscription Azure subscription 1 has log_checkpoints enabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_checkpoints_on", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-ireu from subscription Azure subscription 1 has log_checkpoints enabled", - "status_id": 1, - "unmapped": { - "related_url": " https://docs.microsoft.com/en-us/rest/api/postgresql/singleserver/configurations/list-by-server", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.3" - ], - "CIS-2.0": [ - "4.3.2" - ], - "ProwlerThreatScore-1.0": [ - "3.1.1" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "4.3.2" - ], - "CIS-3.0": [ - "5.2.2" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.g", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900038, - "created_time_dt": "2025-10-19T18:53:58.634122", - "desc": "Enable log_checkpoints on PostgreSQL Servers.", - "title": "Ensure Server Parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_checkpoints_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-ireu" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu", - "name": "psql-ireu", - "resource_group": "rg-ireu", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-ireu", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. From Azure Home select the Portal Menu. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for log_checkpoints. 5. Click ON and save. From Azure CLI Use the below command to update log_checkpoints configuration. az postgres server configuration set --resource-group -- server-name --name log_checkpoints --value on From PowerShell Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_checkpoints -Value on", - "references": [ - "https://docs.microsoft.com/en-us/azure/postgresql/howto-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling log_checkpoints helps the PostgreSQL Database to Log each checkpoint in turn generates query and error logs. However, access to transaction logs is not supported. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760900038, - "time_dt": "2025-10-19T18:53:58.634122", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-ireu from subscription Azure subscription 1 has log_connections enabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_connections_on", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-ireu from subscription Azure subscription 1 has log_connections enabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/rest/api/postgresql/configurations/listbyserver", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.3" - ], - "CIS-2.0": [ - "4.3.3" - ], - "ProwlerThreatScore-1.0": [ - "3.1.3" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "4.3.3" - ], - "CIS-3.0": [ - "5.2.6" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.c", - "3.2.3.e", - "3.2.3.g", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900038, - "created_time_dt": "2025-10-19T18:53:58.634122", - "desc": "Enable log_connections on PostgreSQL Servers.", - "title": "Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_connections_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-ireu" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu", - "name": "psql-ireu", - "resource_group": "rg-ireu", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-ireu", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for log_connections. 5. Click ON and save. From Azure CLI Use the below command to update log_connections configuration. az postgres server configuration set --resource-group -- server-name --name log_connections --value on From PowerShell Use the below command to update log_connections configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_connections -Value on", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/how-to-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling log_connections helps PostgreSQL Database to log attempted connection to the server, as well as successful completion of client authentication. Log data can be used to identify, troubleshoot, and repair configuration errors and suboptimal performance.", - "time": 1760900038, - "time_dt": "2025-10-19T18:53:58.634122", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-ireu from subscription Azure subscription 1 has log_disconnections enabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_disconnections_on", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-ireu from subscription Azure subscription 1 has log_disconnections enabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/rest/api/postgresql/singleserver/configurations/list-by-server", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Enabling this setting will enable a log of all disconnections. If this is enabled for a high traffic server, the log may grow exponentially.", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.3" - ], - "CIS-2.0": [ - "4.3.4" - ], - "ProwlerThreatScore-1.0": [ - "3.1.4" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "4.3.4" - ], - "CIS-3.0": [ - "5.2.7" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.c", - "3.2.3.e", - "3.2.3.g", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900038, - "created_time_dt": "2025-10-19T18:53:58.634122", - "desc": "Enable log_disconnections on PostgreSQL Servers.", - "title": "Ensure server parameter 'log_disconnections' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_disconnections_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-ireu" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu", - "name": "psql-ireu", - "resource_group": "rg-ireu", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-ireu", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. From Azure Home select the Portal Menu 2. Go to Azure Database for PostgreSQL servers 3. For each database, click on Server parameters 4. Search for log_disconnections. 5. Click ON and save. From Azure CLI Use the below command to update log_disconnections configuration. az postgres server configuration set --resource-group -- server-name --name log_disconnections --value on From PowerShell Use the below command to update log_disconnections configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName -- server-name --name log_retention_days --value <4-7> From Powershell Use the below command to update log_retention_days configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_retention_days -Value <4-7>", - "references": [ - "https://learn.microsoft.com/en-us/rest/api/postgresql/singleserver/configurations/list-by-server?view=rest-postgresql-singleserver-2017-12-01&tabs=HTTP" - ] - }, - "risk_details": "Configuring log_retention_days determines the duration in days that Azure Database for PostgreSQL retains log files. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760900038, - "time_dt": "2025-10-19T18:53:58.634122", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - } -] diff --git a/website/src/data/test-results/finos-labs-ccc-cfi-compliance/azure-virtualnetwork/config/azure-virtualnetwork.json b/website/src/data/test-results/finos-labs-ccc-cfi-compliance/azure-virtualnetwork/config/azure-virtualnetwork.json deleted file mode 100644 index 1b99c40c..00000000 --- a/website/src/data/test-results/finos-labs-ccc-cfi-compliance/azure-virtualnetwork/config/azure-virtualnetwork.json +++ /dev/null @@ -1,9 +0,0 @@ -{ - "id": "azure-virtualnetwork", - "provider": "azure", - "service": "networking", - "name": "CCC Azure Virtual Network Terraform Module", - "description": "This module creates a secure Azure Virtual Network with subnets, network security groups, and advanced networking capabilities.", - "path": "remote/azure/virtualnetwork", - "git": "https://github.com/Azure/terraform-azurerm-avm-res-network-virtualnetwork" -} \ No newline at end of file diff --git a/website/src/data/test-results/finos-labs-ccc-cfi-compliance/azure-virtualnetwork/results/azure-virtualnetwork-baseline.ocsf.json b/website/src/data/test-results/finos-labs-ccc-cfi-compliance/azure-virtualnetwork/results/azure-virtualnetwork-baseline.ocsf.json deleted file mode 100644 index ee657e4c..00000000 --- a/website/src/data/test-results/finos-labs-ccc-cfi-compliance/azure-virtualnetwork/results/azure-virtualnetwork-baseline.ocsf.json +++ /dev/null @@ -1,11649 +0,0 @@ -[ - { - "message": "There are no AppInsight configured in subscription Azure subscription 1.", - "metadata": { - "event_code": "appinsights_ensure_is_configured", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "There are no AppInsight configured in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/azure-monitor/app/app-insights-overview", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Because Application Insights relies on a Log Analytics Workspace, an organization will incur additional expenses when using this service.", - "compliance": { - "ENS-RD2022": [ - "mp.s.4.r1.az.nt.2" - ], - "CIS-2.0": [ - "5.3.1" - ], - "ProwlerThreatScore-1.0": [ - "3.3.13" - ], - "CIS-2.1": [ - "5.3.1" - ], - "CIS-3.0": [ - "6.3.1" - ], - "CCC": [ - "CCC.Logging.CN01.AR01" - ], - "PCI-4.0": [ - "10.2.1.1.3", - "10.2.1.2.3", - "10.2.1.3.3", - "10.2.1.4.3", - "10.2.1.5.3", - "10.2.1.6.3", - "10.2.1.7.3", - "10.2.1.3", - "10.2.2.3", - "10.4.1.1.1", - "10.4.1.1", - "10.4.2.1", - "10.6.3.3", - "10.7.1.1", - "10.7.2.1", - "5.3.4.3", - "A1.2.1.3", - "A3.3.1.1", - "A3.5.1.1" - ], - "CIS-4.0": [ - "7.1.3.1" - ], - "NIS2": [ - "3.2.3.h", - "5.1.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900353, - "created_time_dt": "2025-10-19T18:59:13.053300", - "desc": "Application Insights within Azure act as an Application Performance Monitoring solution providing valuable data into how well an application performs and additional information when performing incident response. The types of log data collected include application metrics, telemetry data, and application trace logging data providing organizations with detailed information about application activity and application transactions. Both data sets help organizations adopt a proactive and retroactive means to handle security and performance related metrics within their modern applications.", - "title": "Ensure Application Insights are Configured.", - "types": [], - "uid": "prowler-azure-appinsights_ensure_is_configured-3bb71587-4549-4396-8898-9e15f062e665-global-AppInsights" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "appinsights" - }, - "labels": [], - "name": "AppInsights", - "type": "Microsoft.Insights/components", - "uid": "AppInsights" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. Navigate to Application Insights 2. Under the Basics tab within the PROJECT DETAILS section, select the Subscription 3. Select the Resource group 4. Within the INSTANCE DETAILS, enter a Name 5. Select a Region 6. Next to Resource Mode, select Workspace-based 7. Within the WORKSPACE DETAILS, select the Subscription for the log analytics workspace 8. Select the appropriate Log Analytics Workspace 9. Click Next:Tags > 10. Enter the appropriate Tags as Name, Value pairs. 11. Click Next:Review+Create 12. Click Create.", - "references": [] - }, - "risk_details": "Configuring Application Insights provides additional data not found elsewhere within Azure as part of a much larger logging and monitoring program within an organization's Information Security practice. The types and contents of these logs will act as both a potential cost saving measure (application performance) and a means to potentially confirm the source of a potential incident (trace logging). Metrics and Telemetry data provide organizations with a proactive approach to cost savings by monitoring an application's performance, while the trace logging data provides necessary details in a reactive incident response scenario by helping organizations identify the potential source of an incident within their application.", - "time": 1760900353, - "time_dt": "2025-10-19T18:59:13.053300", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Defender Auto Provisioning Log Analytics Agents from subscription Azure subscription 1 is set to OFF.", - "metadata": { - "event_code": "defender_auto_provisioning_log_analytics_agent_vms_on", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Defender Auto Provisioning Log Analytics Agents from subscription Azure subscription 1 is set to OFF.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/azure/security-center/security-center-data-security", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.mon.3.r2.az.de.1", - "mp.s.4.r1.az.nt.5" - ], - "MITRE-ATTACK": [ - "T1190" - ], - "CIS-2.0": [ - "2.1.15" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1", - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "2.1.14" - ], - "CIS-3.0": [ - "3.1.1.1" - ], - "NIS2": [ - "2.1.2.h", - "3.1.2.d", - "3.2.3.c", - "3.2.3.e", - "3.2.3.g", - "3.6.2", - "6.9.2", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900353, - "created_time_dt": "2025-10-19T18:59:13.053300", - "desc": "Ensure that Auto provisioning of 'Log Analytics agent for Azure VMs' is Set to 'On'. The Microsoft Monitoring Agent scans for various security-related configurations and events such as system updates, OS vulnerabilities, endpoint protection, and provides alerts.", - "title": "Ensure that Auto provisioning of 'Log Analytics agent for Azure VMs' is Set to 'On'", - "types": [], - "uid": "prowler-azure-defender_auto_provisioning_log_analytics_agent_vms_on-3bb71587-4549-4396-8898-9e15f062e665-global-default" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/autoProvisioningSettings/default", - "resource_name": "default", - "resource_type": "Microsoft.Security/autoProvisioningSettings", - "auto_provision": "Off" - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "default", - "type": "AzureDefenderPlan", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/autoProvisioningSettings/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "Ensure comprehensive visibility into possible security vulnerabilities, including missing updates, misconfigured operating system security settings, and active threats, allowing for timely mitigation and improved overall security posture", - "references": [ - "https://learn.microsoft.com/en-us/azure/defender-for-cloud/monitoring-components" - ] - }, - "risk_details": "Missing critical security information about your Azure VMs, such as security alerts, security recommendations, and change tracking.", - "time": 1760900353, - "time_dt": "2025-10-19T18:59:13.053300", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Container image scan is disabled in subscription Azure subscription 1.", - "metadata": { - "event_code": "defender_container_images_scan_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Container image scan is disabled in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/container-registry/container-registry-check-health", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "When using an Azure container registry, you might occasionally encounter problems. For example, you might not be able to pull a container image because of an issue with Docker in your local environment. Or, a network issue might prevent you from connecting to the registry.", - "compliance": { - "MITRE-ATTACK": [ - "T1190", - "T1525" - ], - "ISO27001-2022": [ - "A.5.19", - "A.5.21", - "A.5.25", - "A.5.28", - "A.5.29", - "A.8.7", - "A.8.9" - ], - "SOC2": [ - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CCC": [ - "CCC.CntrReg.CN01.AR01" - ], - "PCI-4.0": [ - "11.3.1.2.1", - "11.3.1.3.3", - "11.3.1.3" - ], - "NIS2": [ - "2.2.1", - "3.1.2.d", - "3.6.2", - "5.1.4.f", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900353, - "created_time_dt": "2025-10-19T18:59:13.053300", - "desc": "Scan images being deployed to Azure (AKS) for vulnerabilities. Vulnerability scanning for images stored in Azure Container Registry is generally available in Azure Security Center. This capability is powered by Qualys, a leading provider of information security. When you push an image to Container Registry, Security Center automatically scans it, then checks for known vulnerabilities in packages or dependencies defined in the file. When the scan completes (after about 10 minutes), Security Center provides details and a security classification for each vulnerability detected, along with guidance on how to remediate issues and protect vulnerable attack surfaces.", - "title": "Ensure Image Vulnerability Scanning using Azure Defender image scanning or a third party provider", - "types": [], - "uid": "prowler-azure-defender_container_images_scan_enabled-3bb71587-4549-4396-8898-9e15f062e665-global-Containers" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/Containers", - "resource_name": "Containers", - "pricing_tier": "Free", - "free_trial_remaining_time": 2592000.0, - "extensions": {} - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "Containers", - "type": "Microsoft.Security", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/Containers" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "", - "references": [ - "https://learn.microsoft.com/en-us/azure/container-registry/scan-images-defender" - ] - }, - "risk_details": "Vulnerabilities in software packages can be exploited by hackers or malicious users to obtain unauthorized access to local cloud resources. Azure Defender and other third party products allow images to be scanned for known vulnerabilities.", - "time": 1760900353, - "time_dt": "2025-10-19T18:59:13.053300", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Defender plan Defender for App Services from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "metadata": { - "event_code": "defender_ensure_defender_for_app_services_is_on", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Defender plan Defender for App Services from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.s.4.r1.az.nt.3" - ], - "MITRE-ATTACK": [ - "T1190", - "T1059", - "T1204", - "T1552", - "T1486", - "T1499", - "T1496", - "T1087" - ], - "ISO27001-2022": [ - "A.5.19", - "A.5.21", - "A.5.25", - "A.5.28", - "A.5.29", - "A.8.7", - "A.8.9" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CIS-2.1": [ - "2.1.2" - ], - "CIS-3.0": [ - "3.1.6.1" - ], - "CIS-4.0": [ - "9.1.6.1" - ], - "NIS2": [ - "3.6.2", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900353, - "created_time_dt": "2025-10-19T18:59:13.053300", - "desc": "Ensure That Microsoft Defender for App Services Is Set To 'On' ", - "title": "Ensure That Microsoft Defender for App Services Is Set To 'On' ", - "types": [], - "uid": "prowler-azure-defender_ensure_defender_for_app_services_is_on-3bb71587-4549-4396-8898-9e15f062e665-global-Defender plan App Services" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/AppServices", - "resource_name": "AppServices", - "pricing_tier": "Free", - "free_trial_remaining_time": 2592000.0, - "extensions": {} - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "Defender plan App Services", - "type": "AzureDefenderPlan", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/AppServices" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "By default, Microsoft Defender for Cloud is not enabled for your App Service instances. Enabling the Defender security service for App Service instances allows for advanced security defense using threat detection capabilities provided by Microsoft Security Response Center.", - "references": [] - }, - "risk_details": "Turning on Microsoft Defender for App Service enables threat detection for App Service, providing threat intelligence, anomaly detection, and behavior analytics in the Microsoft Defender for Cloud.", - "time": 1760900353, - "time_dt": "2025-10-19T18:59:13.053300", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Defender plan Defender for ARM from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "metadata": { - "event_code": "defender_ensure_defender_for_arm_is_on", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Defender plan Defender for ARM from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.s.4.r1.az.nt.3" - ], - "MITRE-ATTACK": [ - "T1190", - "T1562", - "T1486", - "T1499", - "T1087", - "T1580", - "T1538", - "T1526", - "T1069" - ], - "CIS-2.0": [ - "2.1.12" - ], - "ISO27001-2022": [ - "A.5.19", - "A.5.21", - "A.5.25", - "A.5.28", - "A.5.29", - "A.8.7", - "A.8.9" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CIS-2.1": [ - "2.1.11" - ], - "CIS-3.0": [ - "3.1.9.1" - ], - "CIS-4.0": [ - "9.1.9.1" - ], - "NIS2": [ - "3.6.2", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900353, - "created_time_dt": "2025-10-19T18:59:13.053300", - "desc": "Ensure That Microsoft Defender for Azure Resource Manager Is Set To 'On' ", - "title": "Ensure That Microsoft Defender for Azure Resource Manager Is Set To 'On' ", - "types": [], - "uid": "prowler-azure-defender_ensure_defender_for_arm_is_on-3bb71587-4549-4396-8898-9e15f062e665-global-Defender plan ARM" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/Arm", - "resource_name": "Arm", - "pricing_tier": "Free", - "free_trial_remaining_time": 2592000.0, - "extensions": {} - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "Defender plan ARM", - "type": "AzureDefenderPlan", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/Arm" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "Enable Microsoft Defender for Azure Resource Manager", - "references": [] - }, - "risk_details": "Scanning resource requests lets you be alerted every time there is suspicious activity in order to prevent a security threat from being introduced.", - "time": 1760900353, - "time_dt": "2025-10-19T18:59:13.053300", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Defender plan Defender for Azure SQL DB Servers from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "metadata": { - "event_code": "defender_ensure_defender_for_azure_sql_databases_is_on", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Defender plan Defender for Azure SQL DB Servers from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.s.4.r1.az.nt.4" - ], - "MITRE-ATTACK": [ - "T1190", - "T1486", - "T1499" - ], - "CIS-2.0": [ - "2.1.4" - ], - "ISO27001-2022": [ - "A.5.19", - "A.5.21", - "A.5.25", - "A.5.28", - "A.5.29", - "A.8.7", - "A.8.9" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CIS-2.1": [ - "2.1.3" - ], - "CIS-3.0": [ - "3.1.7.3" - ], - "CIS-4.0": [ - "9.1.7.3" - ], - "NIS2": [ - "3.6.2", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900353, - "created_time_dt": "2025-10-19T18:59:13.053300", - "desc": "Ensure That Microsoft Defender for Azure SQL Databases Is Set To 'On' ", - "title": "Ensure That Microsoft Defender for Azure SQL Databases Is Set To 'On' ", - "types": [], - "uid": "prowler-azure-defender_ensure_defender_for_azure_sql_databases_is_on-3bb71587-4549-4396-8898-9e15f062e665-global-SqlServers" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/SqlServers", - "resource_name": "SqlServers", - "pricing_tier": "Free", - "free_trial_remaining_time": 2592000.0, - "extensions": {} - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "SqlServers", - "type": "AzureDefenderPlan", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/SqlServers" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "By default, Microsoft Defender for Cloud is disabled for all your SQL database servers. Defender for Cloud monitors your SQL database servers for threats such as SQL injection, brute-force attacks, and privilege abuse. The security service provides action-oriented security alerts with details of the suspicious activity and guidance on how to mitigate the security threats.", - "references": [] - }, - "risk_details": "Turning on Microsoft Defender for Azure SQL Databases enables threat detection for Azure SQL database servers, providing threat intelligence, anomaly detection, and behavior analytics in the Microsoft Defender for Cloud.", - "time": 1760900353, - "time_dt": "2025-10-19T18:59:13.053300", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Defender plan Defender for Containers from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "metadata": { - "event_code": "defender_ensure_defender_for_containers_is_on", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Defender plan Defender for Containers from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.s.4.r1.az.nt.3" - ], - "MITRE-ATTACK": [ - "T1190", - "T1525", - "T1486", - "T1499" - ], - "CIS-2.0": [ - "2.1.8" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.19", - "A.5.21", - "A.5.22", - "A.5.25", - "A.5.28", - "A.5.29", - "A.8.7", - "A.8.9" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CIS-2.1": [ - "2.1.8" - ], - "CIS-3.0": [ - "3.1.4.1" - ], - "CIS-4.0": [ - "9.1.4.1" - ], - "NIS2": [ - "3.6.2", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900353, - "created_time_dt": "2025-10-19T18:59:13.053300", - "desc": "Ensure That Microsoft Defender for Containers Is Set To 'On' ", - "title": "Ensure That Microsoft Defender for Containers Is Set To 'On' ", - "types": [], - "uid": "prowler-azure-defender_ensure_defender_for_containers_is_on-3bb71587-4549-4396-8898-9e15f062e665-global-Containers" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/Containers", - "resource_name": "Containers", - "pricing_tier": "Free", - "free_trial_remaining_time": 2592000.0, - "extensions": {} - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "Containers", - "type": "AzureDefenderPlan", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/Containers" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "By default, Microsoft Defender for Cloud is not enabled for your Azure cloud containers. Enabling the Defender security service for Azure containers allows for advanced security defense against threats, using threat detection capabilities provided by the Microsoft Security Response Center (MSRC).", - "references": [] - }, - "risk_details": "Ensure that Microsoft Defender for Cloud is enabled for all your Azure containers. Turning on the Defender for Cloud service enables threat detection for containers, providing threat intelligence, anomaly detection, and behavior analytics.", - "time": 1760900353, - "time_dt": "2025-10-19T18:59:13.053300", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Defender plan Defender for Cosmos DB from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "metadata": { - "event_code": "defender_ensure_defender_for_cosmosdb_is_on", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Defender plan Defender for Cosmos DB from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.s.4.r1.az.nt.4" - ], - "MITRE-ATTACK": [ - "T1190", - "T1486", - "T1499" - ], - "CIS-2.0": [ - "2.1.9" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.19", - "A.5.21", - "A.5.22", - "A.5.25", - "A.5.28", - "A.5.29", - "A.8.7", - "A.8.9" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CIS-2.1": [ - "2.1.6" - ], - "CIS-3.0": [ - "3.1.7.1" - ], - "CIS-4.0": [ - "9.1.7.1" - ], - "NIS2": [ - "3.6.2", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900353, - "created_time_dt": "2025-10-19T18:59:13.053300", - "desc": "Ensure That Microsoft Defender for Cosmos DB Is Set To 'On' ", - "title": "Ensure That Microsoft Defender for Cosmos DB Is Set To 'On' ", - "types": [], - "uid": "prowler-azure-defender_ensure_defender_for_cosmosdb_is_on-3bb71587-4549-4396-8898-9e15f062e665-global-Defender plan Cosmos DB" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/CosmosDbs", - "resource_name": "CosmosDbs", - "pricing_tier": "Free", - "free_trial_remaining_time": 2592000.0, - "extensions": {} - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "Defender plan Cosmos DB", - "type": "AzureDefenderPlan", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/CosmosDbs" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "By default, Microsoft Defender for Cloud is not enabled for your App Service instances. Enabling the Defender security service for App Service instances allows for advanced security defense using threat detection capabilities provided by Microsoft Security Response Center.", - "references": [ - "Enable Microsoft Defender for Cosmos DB" - ] - }, - "risk_details": "In scanning Cosmos DB requests within a subscription, requests are compared to a heuristic list of potential security threats. These threats could be a result of a security breach within your services, thus scanning for them could prevent a potential security threat from being introduced.", - "time": 1760900353, - "time_dt": "2025-10-19T18:59:13.053300", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Defender plan Defender for Databases from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "metadata": { - "event_code": "defender_ensure_defender_for_databases_is_on", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Defender plan Defender for Databases from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.s.4.r1.az.nt.4" - ], - "MITRE-ATTACK": [ - "T1190", - "T1486", - "T1499" - ], - "CIS-2.0": [ - "2.1.3" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.19", - "A.5.21", - "A.5.22", - "A.5.25", - "A.5.28", - "A.5.29", - "A.8.7", - "A.8.9" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "NIS2": [ - "3.6.2", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900353, - "created_time_dt": "2025-10-19T18:59:13.053300", - "desc": "Ensure That Microsoft Defender for Databases Is Set To 'On' ", - "title": "Ensure That Microsoft Defender for Databases Is Set To 'On' ", - "types": [], - "uid": "prowler-azure-defender_ensure_defender_for_databases_is_on-3bb71587-4549-4396-8898-9e15f062e665-global-SqlServers" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/SqlServers", - "resource_name": "SqlServers", - "pricing_tier": "Free", - "free_trial_remaining_time": 2592000.0, - "extensions": {} - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "SqlServers", - "type": "AzureDefenderPlan", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/SqlServers" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "Enable Microsoft Defender for Azure SQL Databases", - "references": [] - }, - "risk_details": "Enabling Microsoft Defender for Azure SQL Databases allows your organization more granular control of the infrastructure running your database software", - "time": 1760900353, - "time_dt": "2025-10-19T18:59:13.053300", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Defender plan Defender for DNS from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "metadata": { - "event_code": "defender_ensure_defender_for_dns_is_on", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Defender plan Defender for DNS from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.s.4.r1.az.nt.3" - ], - "MITRE-ATTACK": [ - "T1190", - "T1486", - "T1499" - ], - "CIS-2.0": [ - "2.1.11" - ], - "ProwlerThreatScore-1.0": [ - "3.3.21" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.19", - "A.5.21", - "A.5.22", - "A.5.25", - "A.5.28", - "A.5.29", - "A.8.7", - "A.8.9" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CIS-2.1": [ - "2.1.10" - ], - "CIS-3.0": [ - "3.1.16" - ], - "CIS-4.0": [ - "9.1.17" - ], - "NIS2": [ - "3.6.2", - "6.7.2.i", - "6.7.2.l", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900353, - "created_time_dt": "2025-10-19T18:59:13.053300", - "desc": "Ensure That Microsoft Defender for DNS Is Set To 'On' ", - "title": "Ensure That Microsoft Defender for DNS Is Set To 'On' ", - "types": [], - "uid": "prowler-azure-defender_ensure_defender_for_dns_is_on-3bb71587-4549-4396-8898-9e15f062e665-global-Defender plan DNS" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/Dns", - "resource_name": "Dns", - "pricing_tier": "Free", - "free_trial_remaining_time": 2592000.0, - "extensions": {} - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "Defender plan DNS", - "type": "AzureDefenderPlan", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/Dns" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "By default, Microsoft Defender for Cloud is not enabled for your App Service instances. Enabling the Defender security service for App Service instances allows for advanced security defense using threat detection capabilities provided by Microsoft Security Response Center.", - "references": [] - }, - "risk_details": "DNS lookups within a subscription are scanned and compared to a dynamic list of websites that might be potential security threats. These threats could be a result of a security breach within your services, thus scanning for them could prevent a potential security threat from being introduced.", - "time": 1760900353, - "time_dt": "2025-10-19T18:59:13.053300", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Defender plan Defender for KeyVaults from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "metadata": { - "event_code": "defender_ensure_defender_for_keyvault_is_on", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Defender plan Defender for KeyVaults from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r1.az.eid.3" - ], - "MITRE-ATTACK": [ - "T1190", - "T1486", - "T1499", - "T1580" - ], - "CIS-2.0": [ - "2.1.10" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.19", - "A.5.21", - "A.5.22", - "A.5.25", - "A.5.28", - "A.5.29", - "A.8.7", - "A.8.9" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CIS-2.1": [ - "2.1.9" - ], - "CIS-3.0": [ - "3.1.8.1" - ], - "PCI-4.0": [ - "3.5.1.31", - "3.5.1.32", - "8.3.2.50", - "8.3.2.51" - ], - "CIS-4.0": [ - "9.1.8.1" - ], - "NIS2": [ - "3.6.2", - "6.9.2", - "9.2.c", - "9.2.c.iv" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900353, - "created_time_dt": "2025-10-19T18:59:13.053300", - "desc": "Ensure That Microsoft Defender for KeyVault Is Set To 'On' ", - "title": "Ensure That Microsoft Defender for KeyVault Is Set To 'On' ", - "types": [], - "uid": "prowler-azure-defender_ensure_defender_for_keyvault_is_on-3bb71587-4549-4396-8898-9e15f062e665-global-Defender plan KeyVaults" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/KeyVaults", - "resource_name": "KeyVaults", - "pricing_tier": "Free", - "free_trial_remaining_time": 2592000.0, - "extensions": {} - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "Defender plan KeyVaults", - "type": "AzureDefenderPlan", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/KeyVaults" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "Ensure that Microsoft Defender for Cloud is enabled for Azure key vaults. Key Vault is the Azure cloud service that safeguards encryption keys and secrets like certificates, connection-based strings, and passwords.", - "references": [] - }, - "risk_details": "By default, Microsoft Defender for Cloud is disabled for Azure key vaults. Defender for Cloud detects unusual and potentially harmful attempts to access or exploit your Azure Key Vault data. This layer of protection allows you to address threats without being a security expert, and without the need to use and manage third-party security monitoring tools or services.", - "time": 1760900353, - "time_dt": "2025-10-19T18:59:13.053300", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Defender plan Defender for Open-Source Relational Databases from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "metadata": { - "event_code": "defender_ensure_defender_for_os_relational_databases_is_on", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Defender plan Defender for Open-Source Relational Databases from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.s.4.r1.az.nt.4" - ], - "MITRE-ATTACK": [ - "T1190", - "T1486", - "T1499" - ], - "CIS-2.0": [ - "2.1.6" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.19", - "A.5.21", - "A.5.22", - "A.5.25", - "A.5.28", - "A.5.29", - "A.8.7", - "A.8.9" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CIS-2.1": [ - "2.1.5" - ], - "CIS-3.0": [ - "3.1.7.2" - ], - "CIS-4.0": [ - "9.1.7.2" - ], - "NIS2": [ - "3.6.2", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900353, - "created_time_dt": "2025-10-19T18:59:13.053300", - "desc": "Ensure That Microsoft Defender for Open-Source Relational Databases Is Set To 'On' ", - "title": "Ensure That Microsoft Defender for Open-Source Relational Databases Is Set To 'On' ", - "types": [], - "uid": "prowler-azure-defender_ensure_defender_for_os_relational_databases_is_on-3bb71587-4549-4396-8898-9e15f062e665-global-Defender plan Open-Source Relational Databases" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/OpenSourceRelationalDatabases", - "resource_name": "OpenSourceRelationalDatabases", - "pricing_tier": "Free", - "free_trial_remaining_time": 2592000.0, - "extensions": {} - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "Defender plan Open-Source Relational Databases", - "type": "AzureDefenderPlan", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/OpenSourceRelationalDatabases" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "Enabling Microsoft Defender for Open-source relational databases allows for greater defense-in-depth, with threat detection provided by the Microsoft Security Response Center (MSRC).", - "references": [] - }, - "risk_details": "Turning on Microsoft Defender for Open-source relational databases enables threat detection for Open-source relational databases, providing threat intelligence, anomaly detection, and behavior analytics in the Microsoft Defender for Cloud.", - "time": 1760900353, - "time_dt": "2025-10-19T18:59:13.053300", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Defender plan Defender for Servers from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "metadata": { - "event_code": "defender_ensure_defender_for_server_is_on", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Defender plan Defender for Servers from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.mon.3.r1.az.ev.1", - "mp.s.4.r1.az.nt.3" - ], - "MITRE-ATTACK": [ - "T1190", - "T1486", - "T1499" - ], - "CIS-2.0": [ - "2.1.1", - "2.1.2" - ], - "ProwlerThreatScore-1.0": [ - "1.1.4" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.19", - "A.5.21", - "A.5.22", - "A.5.25", - "A.5.28", - "A.5.29", - "A.8.7", - "A.8.9" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CIS-2.1": [ - "2.1.1" - ], - "CIS-3.0": [ - "2.2.8", - "3.1.3.1" - ], - "CIS-4.0": [ - "6.2.7", - "9.1.3.1" - ], - "NIS2": [ - "3.6.2", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900353, - "created_time_dt": "2025-10-19T18:59:13.053300", - "desc": "Ensure That Microsoft Defender for Servers Is Set to 'On'", - "title": "Ensure That Microsoft Defender for Servers Is Set to 'On'", - "types": [], - "uid": "prowler-azure-defender_ensure_defender_for_server_is_on-3bb71587-4549-4396-8898-9e15f062e665-global-Defender plan Servers" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/VirtualMachines", - "resource_name": "VirtualMachines", - "pricing_tier": "Free", - "free_trial_remaining_time": 2592000.0, - "extensions": {} - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "Defender plan Servers", - "type": "AzureDefenderPlan", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/VirtualMachines" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "Enabling Microsoft Defender for Cloud standard pricing tier allows for better security assessment with threat detection provided by the Microsoft Security Response Center (MSRC), advanced security policies, adaptive application control, network threat detection, and regulatory compliance management.", - "references": [] - }, - "risk_details": "Turning on Microsoft Defender for Servers enables threat detection for Servers, providing threat intelligence, anomaly detection, and behavior analytics in the Microsoft Defender for Cloud.", - "time": 1760900353, - "time_dt": "2025-10-19T18:59:13.053300", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Defender plan Defender for SQL Server VMs from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "metadata": { - "event_code": "defender_ensure_defender_for_sql_servers_is_on", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Defender plan Defender for SQL Server VMs from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.s.4.r1.az.nt.4" - ], - "MITRE-ATTACK": [ - "T1190", - "T1486", - "T1499" - ], - "CIS-2.0": [ - "2.1.5" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.19", - "A.5.21", - "A.5.22", - "A.5.25", - "A.5.28", - "A.5.29", - "A.8.7", - "A.8.9" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CIS-2.1": [ - "2.1.4" - ], - "CIS-3.0": [ - "3.1.7.4" - ], - "CIS-4.0": [ - "9.1.7.4" - ], - "NIS2": [ - "3.6.2", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900353, - "created_time_dt": "2025-10-19T18:59:13.053300", - "desc": "Ensure That Microsoft Defender for SQL Servers on Machines Is Set To 'On' ", - "title": "Ensure That Microsoft Defender for SQL Servers on Machines Is Set To 'On' ", - "types": [], - "uid": "prowler-azure-defender_ensure_defender_for_sql_servers_is_on-3bb71587-4549-4396-8898-9e15f062e665-global-Defender plan SQL Server VMs" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/SqlServerVirtualMachines", - "resource_name": "SqlServerVirtualMachines", - "pricing_tier": "Free", - "free_trial_remaining_time": 2592000.0, - "extensions": {} - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "Defender plan SQL Server VMs", - "type": "AzureDefenderPlan", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/SqlServerVirtualMachines" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "By default, Microsoft Defender for Cloud is disabled for the Microsoft SQL servers running on virtual machines. Defender for Cloud for SQL Server virtual machines continuously monitors your SQL database servers for threats such as SQL injection, brute-force attacks, and privilege abuse. The security service provides security alerts together with details of the suspicious activity and guidance on how to mitigate to the security threats.", - "references": [] - }, - "risk_details": "Turning on Microsoft Defender for SQL servers on machines enables threat detection for SQL servers on machines, providing threat intelligence, anomaly detection, and behavior analytics in the Microsoft Defender for Cloud.", - "time": 1760900353, - "time_dt": "2025-10-19T18:59:13.053300", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Defender plan Defender for Storage Accounts from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "metadata": { - "event_code": "defender_ensure_defender_for_storage_is_on", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Defender plan Defender for Storage Accounts from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.s.4.r1.az.nt.5" - ], - "MITRE-ATTACK": [ - "T1190", - "T1537", - "T1530", - "T1485", - "T1486", - "T1499" - ], - "CIS-2.0": [ - "2.1.7" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.19", - "A.5.21", - "A.5.22", - "A.5.25", - "A.5.28", - "A.5.29", - "A.8.7", - "A.8.9" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CIS-2.1": [ - "2.1.7" - ], - "CIS-3.0": [ - "3.1.5.1" - ], - "CIS-4.0": [ - "9.1.5.1" - ], - "NIS2": [ - "3.6.2", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900353, - "created_time_dt": "2025-10-19T18:59:13.053300", - "desc": "Ensure That Microsoft Defender for Storage Is Set To 'On' ", - "title": "Ensure That Microsoft Defender for Storage Is Set To 'On' ", - "types": [], - "uid": "prowler-azure-defender_ensure_defender_for_storage_is_on-3bb71587-4549-4396-8898-9e15f062e665-global-Defender plan Storage Accounts" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/StorageAccounts", - "resource_name": "StorageAccounts", - "pricing_tier": "Free", - "free_trial_remaining_time": 2592000.0, - "extensions": {} - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "Defender plan Storage Accounts", - "type": "AzureDefenderPlan", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/StorageAccounts" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "By default, Microsoft Defender for Cloud is disabled for your storage accounts. Enabling the Defender security service for Azure storage accounts allows for advanced security defense using threat detection capabilities provided by the Microsoft Security Response Center (MSRC). MSRC investigates all reports of security vulnerabilities affecting Microsoft products and services, including Azure cloud services.", - "references": [] - }, - "risk_details": "Ensure that Microsoft Defender for Cloud is enabled for your Microsoft Azure storage accounts. Defender for storage accounts is an Azure-native layer of security intelligence that detects unusual and potentially harmful attempts to access or exploit your Azure cloud storage accounts.", - "time": 1760900353, - "time_dt": "2025-10-19T18:59:13.053300", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No IoT Security Solutions found in the subscription Azure subscription 1.", - "metadata": { - "event_code": "defender_ensure_iot_hub_defender_is_on", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "No IoT Security Solutions found in the subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://azure.microsoft.com/en-us/services/iot-defender/#overview", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Enabling Microsoft Defender for IoT will incur additional charges dependent on the level of usage.", - "compliance": { - "ENS-RD2022": [ - "mp.s.4.r1.az.nt.3" - ], - "MITRE-ATTACK": [ - "T1190", - "T1486", - "T1499" - ], - "CIS-2.0": [ - "2.2.1" - ], - "ISO27001-2022": [ - "A.5.19", - "A.5.21", - "A.5.25", - "A.5.28", - "A.5.29", - "A.8.7", - "A.8.9" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CIS-2.1": [ - "2.2.1" - ], - "CIS-3.0": [ - "3.2.1" - ], - "CIS-4.0": [ - "9.2.1" - ], - "NIS2": [ - "3.6.2", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900353, - "created_time_dt": "2025-10-19T18:59:13.053300", - "desc": "Microsoft Defender for IoT acts as a central security hub for IoT devices within your organization.", - "title": "Ensure That Microsoft Defender for IoT Hub Is Set To 'On'", - "types": [], - "uid": "prowler-azure-defender_ensure_iot_hub_defender_is_on-3bb71587-4549-4396-8898-9e15f062e665-global-IoT Hub Defender" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "IoT Hub Defender", - "type": "DefenderIoT", - "uid": "IoT Hub Defender" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. Go to IoT Hub. 2. Select a IoT Hub to validate. 3. Select Overview in Defender for IoT. 4. Click on Secure your IoT solution, and complete the onboarding.", - "references": [ - "https://learn.microsoft.com/en-us/azure/defender-for-iot/device-builders/quickstart-onboard-iot-hub" - ] - }, - "risk_details": "IoT devices are very rarely patched and can be potential attack vectors for enterprise networks. Updating their network configuration to use a central security hub allows for detection of these breaches.", - "time": 1760900353, - "time_dt": "2025-10-19T18:59:13.053300", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Microsoft Defender for Cloud Apps is enabled for subscription Azure subscription 1.", - "metadata": { - "event_code": "defender_ensure_mcas_is_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Microsoft Defender for Cloud Apps is enabled for subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-in/azure/defender-for-cloud/defender-for-cloud-introduction#secure-cloud-applications", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Microsoft Defender for Cloud Apps works with Standard pricing tier Subscription. Choosing the Standard pricing tier of Microsoft Defender for Cloud incurs an additional cost per resource.", - "compliance": { - "ENS-RD2022": [ - "mp.s.4.r1.az.nt.3" - ], - "MITRE-ATTACK": [ - "T1190", - "T1486" - ], - "CIS-2.0": [ - "2.1.21" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.22" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CIS-2.1": [ - "2.1.20" - ], - "CIS-3.0": [ - "3.1.1.2" - ], - "PCI-4.0": [ - "11.5.1.1.2", - "11.5.1.2" - ], - "NIS2": [ - "3.6.2", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900353, - "created_time_dt": "2025-10-19T18:59:13.053300", - "desc": "This integration setting enables Microsoft Defender for Cloud Apps (formerly 'Microsoft Cloud App Security' or 'MCAS' - see additional info) to communicate with Microsoft Defender for Cloud.", - "title": "Ensure that Microsoft Defender for Cloud Apps integration with Microsoft Defender for Cloud is Selected", - "types": [], - "uid": "prowler-azure-defender_ensure_mcas_is_enabled-3bb71587-4549-4396-8898-9e15f062e665-global-MCAS" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/settings/MCAS", - "resource_type": "Microsoft.Security/settings", - "kind": "DataExportSettings", - "enabled": true - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "MCAS", - "type": "DefenderSettings", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/settings/MCAS" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. From Azure Home select the Portal Menu. 2. Select Microsoft Defender for Cloud. 3. Select Environment Settings blade. 4. Select the subscription. 5. Check App Service Defender Plan to On. 6. Select Save.", - "references": [ - "https://docs.microsoft.com/en-us/rest/api/securitycenter/settings/list" - ] - }, - "risk_details": "Microsoft Defender for Cloud offers an additional layer of protection by using Azure Resource Manager events, which is considered to be the control plane for Azure. By analyzing the Azure Resource Manager records, Microsoft Defender for Cloud detects unusual or potentially harmful operations in the Azure subscription environment. Several of the preceding analytics are powered by Microsoft Defender for Cloud Apps. To benefit from these analytics, subscription must have a Cloud App Security license. Microsoft Defender for Cloud Apps works only with Standard Tier subscriptions.", - "time": 1760900353, - "time_dt": "2025-10-19T18:59:13.053300", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Microsoft Defender for Endpoint integration is enabled for subscription Azure subscription 1.", - "metadata": { - "event_code": "defender_ensure_wdatp_is_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Microsoft Defender for Endpoint integration is enabled for subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-in/azure/defender-for-cloud/integration-defender-for-endpoint?tabs=windows", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Microsoft Defender for Endpoint works with Standard pricing tier Subscription. Choosing the Standard pricing tier of Microsoft Defender for Cloud incurs an additional cost per resource.", - "compliance": { - "ENS-RD2022": [ - "op.mon.3.r3.az.de.2" - ], - "MITRE-ATTACK": [ - "T1190" - ], - "CIS-2.0": [ - "2.1.22" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CIS-2.1": [ - "2.1.21" - ], - "NIS2": [ - "3.6.2", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900353, - "created_time_dt": "2025-10-19T18:59:13.053300", - "desc": "This integration setting enables Microsoft Defender for Endpoint (formerly 'Advanced Threat Protection' or 'ATP' or 'WDATP' - see additional info) to communicate with Microsoft Defender for Cloud.", - "title": "Ensure that Microsoft Defender for Endpoint integration with Microsoft Defender for Cloud is selected", - "types": [], - "uid": "prowler-azure-defender_ensure_wdatp_is_enabled-3bb71587-4549-4396-8898-9e15f062e665-global-WDATP" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/settings/WDATP", - "resource_type": "Microsoft.Security/settings", - "kind": "DataExportSettings", - "enabled": true - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "WDATP", - "type": "DefenderSettings", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/settings/WDATP" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "", - "references": [ - "https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/azure-server-integration?view=o365-worldwide" - ] - }, - "risk_details": "Microsoft Defender for Endpoint integration brings comprehensive Endpoint Detection and Response (EDR) capabilities within Microsoft Defender for Cloud. This integration helps to spot abnormalities, as well as detect and respond to advanced attacks on endpoints monitored by Microsoft Defender for Cloud. MDE works only with Standard Tier subscriptions.", - "time": 1760900353, - "time_dt": "2025-10-19T18:59:13.053300", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Role assignment 1b4a98ae-5221-4850-a761-4f9176407028 in subscription Azure subscription 1 does not grant User Access Administrator role.", - "metadata": { - "event_code": "iam_role_user_access_admin_restricted", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Role assignment 1b4a98ae-5221-4850-a761-4f9176407028 in subscription Azure subscription 1 does not grant User Access Administrator role.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/privileged#user-access-administrator", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.LB.CN04.AR01", - "CCC.LB.CN05.AR01", - "CCC.LB.CN09.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.MLDE.CN03.AR01", - "CCC.MLDE.CN03.AR02", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ], - "CIS-4.0": [ - "6.3.3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900353, - "created_time_dt": "2025-10-19T18:59:13.053300", - "desc": "Checks for active assignments of the highly privileged 'User Access Administrator' role in Azure subscriptions.", - "title": "Ensure 'User Access Administrator' role is restricted", - "types": [], - "uid": "prowler-azure-iam_role_user_access_admin_restricted-3bb71587-4549-4396-8898-9e15f062e665-global-1b4a98ae-5221-4850-a761-4f9176407028" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Authorization/roleAssignments/1b4a98ae-5221-4850-a761-4f9176407028", - "name": "1b4a98ae-5221-4850-a761-4f9176407028", - "scope": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665", - "agent_id": "88c2c157-980b-416e-b77e-ec04f7f1b984", - "agent_type": "User", - "role_id": "8e3af657-a8ff-443c-a75c-2fe8c4bcb635" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "1b4a98ae-5221-4850-a761-4f9176407028", - "type": "AzureIAMRoleassignment", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Authorization/roleAssignments/1b4a98ae-5221-4850-a761-4f9176407028" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "Remove 'User Access Administrator' role assignments immediately after use to minimize security risks.", - "references": [ - "https://learn.microsoft.com/en-us/azure/role-based-access-control/elevate-access-global-admin?tabs=azure-portal%2Centra-audit-logs" - ] - }, - "risk_details": "Persistent assignment of this role can lead to privilege escalation and unauthorized access, increasing the risk of security breaches.", - "time": 1760900353, - "time_dt": "2025-10-19T18:59:13.053300", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Role assignment 083c1758-89d9-4b12-8005-48e7e359dc4f in subscription Azure subscription 1 does not grant User Access Administrator role.", - "metadata": { - "event_code": "iam_role_user_access_admin_restricted", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Role assignment 083c1758-89d9-4b12-8005-48e7e359dc4f in subscription Azure subscription 1 does not grant User Access Administrator role.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/privileged#user-access-administrator", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.LB.CN04.AR01", - "CCC.LB.CN05.AR01", - "CCC.LB.CN09.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.MLDE.CN03.AR01", - "CCC.MLDE.CN03.AR02", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ], - "CIS-4.0": [ - "6.3.3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900353, - "created_time_dt": "2025-10-19T18:59:13.053300", - "desc": "Checks for active assignments of the highly privileged 'User Access Administrator' role in Azure subscriptions.", - "title": "Ensure 'User Access Administrator' role is restricted", - "types": [], - "uid": "prowler-azure-iam_role_user_access_admin_restricted-3bb71587-4549-4396-8898-9e15f062e665-global-083c1758-89d9-4b12-8005-48e7e359dc4f" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Authorization/roleAssignments/083c1758-89d9-4b12-8005-48e7e359dc4f", - "name": "083c1758-89d9-4b12-8005-48e7e359dc4f", - "scope": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665", - "agent_id": "88c2c157-980b-416e-b77e-ec04f7f1b984", - "agent_type": "User", - "role_id": "8e3af657-a8ff-443c-a75c-2fe8c4bcb635" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "083c1758-89d9-4b12-8005-48e7e359dc4f", - "type": "AzureIAMRoleassignment", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Authorization/roleAssignments/083c1758-89d9-4b12-8005-48e7e359dc4f" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "Remove 'User Access Administrator' role assignments immediately after use to minimize security risks.", - "references": [ - "https://learn.microsoft.com/en-us/azure/role-based-access-control/elevate-access-global-admin?tabs=azure-portal%2Centra-audit-logs" - ] - }, - "risk_details": "Persistent assignment of this role can lead to privilege escalation and unauthorized access, increasing the risk of security breaches.", - "time": 1760900353, - "time_dt": "2025-10-19T18:59:13.053300", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Role assignment 2c61de5e-5cbb-42b9-9f2a-9dd930efe3fb in subscription Azure subscription 1 does not grant User Access Administrator role.", - "metadata": { - "event_code": "iam_role_user_access_admin_restricted", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Role assignment 2c61de5e-5cbb-42b9-9f2a-9dd930efe3fb in subscription Azure subscription 1 does not grant User Access Administrator role.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/privileged#user-access-administrator", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.LB.CN04.AR01", - "CCC.LB.CN05.AR01", - "CCC.LB.CN09.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.MLDE.CN03.AR01", - "CCC.MLDE.CN03.AR02", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ], - "CIS-4.0": [ - "6.3.3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900353, - "created_time_dt": "2025-10-19T18:59:13.053300", - "desc": "Checks for active assignments of the highly privileged 'User Access Administrator' role in Azure subscriptions.", - "title": "Ensure 'User Access Administrator' role is restricted", - "types": [], - "uid": "prowler-azure-iam_role_user_access_admin_restricted-3bb71587-4549-4396-8898-9e15f062e665-global-2c61de5e-5cbb-42b9-9f2a-9dd930efe3fb" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Authorization/roleAssignments/2c61de5e-5cbb-42b9-9f2a-9dd930efe3fb", - "name": "2c61de5e-5cbb-42b9-9f2a-9dd930efe3fb", - "scope": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665", - "agent_id": "88c2c157-980b-416e-b77e-ec04f7f1b984", - "agent_type": "User", - "role_id": "b24988ac-6180-42a0-ab88-20f7382dd24c" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "2c61de5e-5cbb-42b9-9f2a-9dd930efe3fb", - "type": "AzureIAMRoleassignment", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Authorization/roleAssignments/2c61de5e-5cbb-42b9-9f2a-9dd930efe3fb" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "Remove 'User Access Administrator' role assignments immediately after use to minimize security risks.", - "references": [ - "https://learn.microsoft.com/en-us/azure/role-based-access-control/elevate-access-global-admin?tabs=azure-portal%2Centra-audit-logs" - ] - }, - "risk_details": "Persistent assignment of this role can lead to privilege escalation and unauthorized access, increasing the risk of security breaches.", - "time": 1760900353, - "time_dt": "2025-10-19T18:59:13.053300", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Role assignment 154eadeb-e375-4263-b4bd-4a2a2237ecd2 in subscription Azure subscription 1 does not grant User Access Administrator role.", - "metadata": { - "event_code": "iam_role_user_access_admin_restricted", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Role assignment 154eadeb-e375-4263-b4bd-4a2a2237ecd2 in subscription Azure subscription 1 does not grant User Access Administrator role.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/privileged#user-access-administrator", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.LB.CN04.AR01", - "CCC.LB.CN05.AR01", - "CCC.LB.CN09.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.MLDE.CN03.AR01", - "CCC.MLDE.CN03.AR02", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ], - "CIS-4.0": [ - "6.3.3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900353, - "created_time_dt": "2025-10-19T18:59:13.053300", - "desc": "Checks for active assignments of the highly privileged 'User Access Administrator' role in Azure subscriptions.", - "title": "Ensure 'User Access Administrator' role is restricted", - "types": [], - "uid": "prowler-azure-iam_role_user_access_admin_restricted-3bb71587-4549-4396-8898-9e15f062e665-global-154eadeb-e375-4263-b4bd-4a2a2237ecd2" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Authorization/roleAssignments/154eadeb-e375-4263-b4bd-4a2a2237ecd2", - "name": "154eadeb-e375-4263-b4bd-4a2a2237ecd2", - "scope": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665", - "agent_id": "80dfb9bd-1c99-4012-9de7-580a68334b45", - "agent_type": "ServicePrincipal", - "role_id": "8e3af657-a8ff-443c-a75c-2fe8c4bcb635" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "154eadeb-e375-4263-b4bd-4a2a2237ecd2", - "type": "AzureIAMRoleassignment", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Authorization/roleAssignments/154eadeb-e375-4263-b4bd-4a2a2237ecd2" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "Remove 'User Access Administrator' role assignments immediately after use to minimize security risks.", - "references": [ - "https://learn.microsoft.com/en-us/azure/role-based-access-control/elevate-access-global-admin?tabs=azure-portal%2Centra-audit-logs" - ] - }, - "risk_details": "Persistent assignment of this role can lead to privilege escalation and unauthorized access, increasing the risk of security breaches.", - "time": 1760900353, - "time_dt": "2025-10-19T18:59:13.053300", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There is not an alert for creating Policy Assignments in subscription Azure subscription 1.", - "metadata": { - "event_code": "monitor_alert_create_policy_assignment", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "There is not an alert for creating Policy Assignments in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://azure.microsoft.com/en-us/updates/classic-alerting-monitoring-retirement", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "By default, no monitoring alerts are created.", - "compliance": { - "ENS-RD2022": [ - "op.mon.2.r1.az.ma.1" - ], - "MITRE-ATTACK": [ - "T1496" - ], - "CIS-2.0": [ - "5.2.1" - ], - "ProwlerThreatScore-1.0": [ - "3.3.3" - ], - "ISO27001-2022": [ - "A.5.7", - "A.8.16" - ], - "SOC2": [ - "cc_2_1", - "cc_5_2", - "cc_7_3", - "cc_7_4", - "cc_8_1" - ], - "CIS-2.1": [ - "5.2.1" - ], - "CIS-3.0": [ - "6.2.1" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR02", - "CCC.KeyMgmt.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.LB.CN04.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN07.AR02" - ], - "CIS-4.0": [ - "7.1.2.1" - ], - "NIS2": [ - "2.2.3", - "3.2.1", - "3.2.2", - "3.2.3.b", - "3.2.3.f", - "3.2.4", - "3.4.1", - "3.5.4", - "4.3.2.c", - "6.4.1", - "7.2.b", - "11.3.1", - "11.5.2.d" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900353, - "created_time_dt": "2025-10-19T18:59:13.053300", - "desc": "Create an activity log alert for the Create Policy Assignment event.", - "title": "Ensure that Activity Log Alert exists for Create Policy Assignment", - "types": [], - "uid": "prowler-azure-monitor_alert_create_policy_assignment-3bb71587-4549-4396-8898-9e15f062e665-global-Monitor" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "monitor" - }, - "labels": [], - "name": "Monitor", - "type": "Monitor", - "uid": "Monitor" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. Navigate to the Monitor blade. 2. Select Alerts. 3. Select Create. 4. Select Alert rule. 5. Under Filter by subscription, choose a subscription. 6. Under Filter by resource type, select Policy assignment (policyAssignments). 7. Under Filter by location, select All. 8. From the results, select the subscription. 9. Select Done. 10. Select the Condition tab. 11. Under Signal name, click Create policy assignment (Microsoft.Authorization/policyAssignments). 12. Select the Actions tab. 13. To use an existing action group, click elect action groups. To create a new action group, click Create action group. Fill out the appropriate details for the selection. 14. Select the Details tab. 15. Select a Resource group, provide an Alert rule name and an optional Alert rule description. 16. Click Review + create. 17. Click Create.", - "references": [ - "https://docs.microsoft.com/en-in/azure/azure-monitor/platform/alerts-activity-log" - ] - }, - "risk_details": "Monitoring for create policy assignment events gives insight into changes done in 'Azure policy - assignments' and can reduce the time it takes to detect unsolicited changes.", - "time": 1760900353, - "time_dt": "2025-10-19T18:59:13.053300", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There is not an alert for creating/updating Network Security Groups in subscription Azure subscription 1.", - "metadata": { - "event_code": "monitor_alert_create_update_nsg", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "There is not an alert for creating/updating Network Security Groups in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-in/azure/azure-monitor/platform/alerts-activity-log", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "By default, no monitoring alerts are created.", - "compliance": { - "ENS-RD2022": [ - "op.mon.2.r1.az.ma.1" - ], - "CIS-2.0": [ - "5.2.3" - ], - "ProwlerThreatScore-1.0": [ - "3.3.5" - ], - "ISO27001-2022": [ - "A.5.7", - "A.8.16" - ], - "SOC2": [ - "cc_2_1", - "cc_5_2", - "cc_7_3", - "cc_7_4", - "cc_8_1" - ], - "CIS-2.1": [ - "5.2.3" - ], - "CIS-3.0": [ - "6.2.3" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR02", - "CCC.KeyMgmt.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.LB.CN04.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN07.AR02" - ], - "PCI-4.0": [ - "10.2.1.1.8", - "10.4.2.2", - "10.4.3.1", - "10.6.3.8", - "10.7.1.3", - "10.7.2.3", - "11.5.2.2", - "11.6.1.2", - "12.10.5.2", - "A3.3.1.3", - "A3.5.1.3" - ], - "CIS-4.0": [ - "7.1.2.3" - ], - "NIS2": [ - "2.2.3", - "3.2.1", - "3.2.2", - "3.2.3.a", - "3.2.3.f", - "3.2.4", - "3.4.1", - "3.5.4", - "4.3.2.c", - "6.4.1", - "7.2.b", - "11.3.1", - "11.5.2.d" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900353, - "created_time_dt": "2025-10-19T18:59:13.053300", - "desc": "Create an Activity Log Alert for the Create or Update Network Security Group event.", - "title": "Ensure that Activity Log Alert exists for Create or Update Network Security Group", - "types": [], - "uid": "prowler-azure-monitor_alert_create_update_nsg-3bb71587-4549-4396-8898-9e15f062e665-global-Monitor" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "monitor" - }, - "labels": [], - "name": "Monitor", - "type": "Monitor", - "uid": "Monitor" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. Navigate to the Monitor blade. 2. Select Alerts. 3. Select Create. 4. Select Alert rule. 5. Under Filter by subscription, choose a subscription. 6. Under Filter by resource type, select Network security groups. 7. Under Filter by location, select All. 8. From the results, select the subscription. 9. Select Done. 10. Select the Condition tab. 11. Under Signal name, click Create or Update Network Security Group (Microsoft.Network/networkSecurityGroups). 12. Select the Actions tab. 13. To use an existing action group, click Select action groups. To create a new action group, click Create action group. Fill out the appropriate details for the selection. 14. Select the Details tab. 15. Select a Resource group, provide an Alert rule name and an optional Alert rule description. 16. Click Review + create. 17. Click Create.", - "references": [ - "https://azure.microsoft.com/en-us/updates/classic-alerting-monitoring-retirement" - ] - }, - "risk_details": "Monitoring for Create or Update Network Security Group events gives insight into network access changes and may reduce the time it takes to detect suspicious activity.", - "time": 1760900353, - "time_dt": "2025-10-19T18:59:13.053300", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There is not an alert for creating/updating Public IP address rule in subscription Azure subscription 1.", - "metadata": { - "event_code": "monitor_alert_create_update_public_ip_address_rule", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "There is not an alert for creating/updating Public IP address rule in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-in/azure/azure-monitor/platform/alerts-activity-log", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "By default, no monitoring alerts are created.", - "compliance": { - "ENS-RD2022": [ - "op.mon.2.r1.az.ma.1" - ], - "MITRE-ATTACK": [ - "T1496" - ], - "CIS-2.0": [ - "5.2.9" - ], - "ProwlerThreatScore-1.0": [ - "3.3.11" - ], - "ISO27001-2022": [ - "A.5.7", - "A.8.1", - "A.8.16" - ], - "SOC2": [ - "cc_2_1", - "cc_5_2", - "cc_7_3", - "cc_7_4", - "cc_8_1" - ], - "CIS-2.1": [ - "5.2.9" - ], - "CIS-3.0": [ - "6.2.9" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR02", - "CCC.KeyMgmt.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.LB.CN04.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN07.AR02" - ], - "CIS-4.0": [ - "7.1.2.9" - ], - "NIS2": [ - "2.2.3", - "3.2.1", - "3.2.2", - "3.2.3.a", - "3.2.3.f", - "3.2.4", - "3.4.1", - "3.5.4", - "4.3.2.c", - "6.4.1", - "7.2.b", - "11.5.2.d" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900353, - "created_time_dt": "2025-10-19T18:59:13.053300", - "desc": "Create an activity log alert for the Create or Update Public IP Addresses rule.", - "title": "Ensure that Activity Log Alert exists for Create or Update Public IP Address rule", - "types": [], - "uid": "prowler-azure-monitor_alert_create_update_public_ip_address_rule-3bb71587-4549-4396-8898-9e15f062e665-global-Monitor" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "monitor" - }, - "labels": [], - "name": "Monitor", - "type": "Monitor", - "uid": "Monitor" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. Navigate to the Monitor blade. 2. Select Alerts. 3. Select Create. 4. Select Alert rule. 5. Under Filter by subscription, choose a subscription. 6. Under Filter by resource type, select Public IP addresses. 7. Under Filter by location, select All. 8. From the results, select the subscription. 9. Select Done. 10. Select the Condition tab. 11. Under Signal name, click Create or Update Public Ip Address (Microsoft.Network/publicIPAddresses). 12. Select the Actions tab. 13. To use an existing action group, click Select action groups. To create a new action group, click Create action group. Fill out the appropriate details for the selection. 14. Select the Details tab. 15. Select a Resource group, provide an Alert rule name and an optional Alert rule description. 16. Click Review + create. 17. Click Create.", - "references": [ - "https://azure.microsoft.com/en-us/updates/classic-alerting-monitoring-retirement" - ] - }, - "risk_details": "Monitoring for Create or Update Public IP Address events gives insight into network access changes and may reduce the time it takes to detect suspicious activity.", - "time": 1760900353, - "time_dt": "2025-10-19T18:59:13.053300", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There is not an alert for creating/updating Security Solution in subscription Azure subscription 1.", - "metadata": { - "event_code": "monitor_alert_create_update_security_solution", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "There is not an alert for creating/updating Security Solution in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-in/azure/azure-monitor/platform/alerts-activity-log", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "By default, no monitoring alerts are created.", - "compliance": { - "ENS-RD2022": [ - "op.mon.2.r1.az.ma.1", - "op.mon.3.r6.az.ma.1" - ], - "MITRE-ATTACK": [ - "T1496" - ], - "CIS-2.0": [ - "5.2.5" - ], - "ProwlerThreatScore-1.0": [ - "3.3.7" - ], - "ISO27001-2022": [ - "A.5.7", - "A.5.16", - "A.5.22", - "A.8.16" - ], - "SOC2": [ - "cc_2_1", - "cc_5_2", - "cc_7_3", - "cc_7_4", - "cc_8_1" - ], - "CIS-2.1": [ - "5.2.5" - ], - "CIS-3.0": [ - "6.2.5" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR02", - "CCC.KeyMgmt.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.LB.CN04.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN07.AR02" - ], - "CIS-4.0": [ - "7.1.2.5" - ], - "NIS2": [ - "2.2.3", - "3.2.1", - "3.2.2", - "3.2.3.f", - "3.2.4", - "3.4.1", - "3.5.4", - "4.3.2.c", - "6.4.1", - "7.2.b", - "11.5.2.d" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900353, - "created_time_dt": "2025-10-19T18:59:13.053300", - "desc": "Create an activity log alert for the Create or Update Security Solution event.", - "title": "Ensure that Activity Log Alert exists for Create or Update Security Solution", - "types": [], - "uid": "prowler-azure-monitor_alert_create_update_security_solution-3bb71587-4549-4396-8898-9e15f062e665-global-Monitor" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "monitor" - }, - "labels": [], - "name": "Monitor", - "type": "Monitor", - "uid": "Monitor" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. Navigate to the Monitor blade. 2. Select Alerts. 3. Select Create. 4. Select Alert rule. 5. Under Filter by subscription, choose a subscription. 6. Under Filter by resource type, select Security Solutions (securitySolutions). 7. Under Filter by location, select All. 8. From the results, select the subscription. 9. Select Done. 10. Select the Condition tab. 11. Under Signal name, click Create or Update Security Solutions (Microsoft.Security/securitySolutions). 12. Select the Actions tab. 13. To use an existing action group, click Select action groups. To create a new action group, click Create action group. Fill out the appropriate details for the selection. 14. Select the Details tab. 15. Select a Resource group, provide an Alert rule name and an optional Alert rule description. 16. Click Review + create. 17. Click Create.", - "references": [ - "https://azure.microsoft.com/en-us/updates/classic-alerting-monitoring-retirement" - ] - }, - "risk_details": "Monitoring for Create or Update Security Solution events gives insight into changes to the active security solutions and may reduce the time it takes to detect suspicious activity.", - "time": 1760900353, - "time_dt": "2025-10-19T18:59:13.053300", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There is not an alert for creating/updating SQL Server firewall rule in subscription Azure subscription 1.", - "metadata": { - "event_code": "monitor_alert_create_update_sqlserver_fr", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "There is not an alert for creating/updating SQL Server firewall rule in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-in/azure/azure-monitor/platform/alerts-activity-log", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "By default, no monitoring alerts are created.", - "compliance": { - "ENS-RD2022": [ - "op.mon.2.r1.az.ma.1" - ], - "MITRE-ATTACK": [ - "T1496" - ], - "CIS-2.0": [ - "5.2.7" - ], - "ProwlerThreatScore-1.0": [ - "3.3.9" - ], - "ISO27001-2022": [ - "A.5.7", - "A.8.16" - ], - "SOC2": [ - "cc_2_1", - "cc_5_2", - "cc_7_3", - "cc_7_4", - "cc_8_1" - ], - "CIS-2.1": [ - "5.2.7" - ], - "CIS-3.0": [ - "6.2.7" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR02", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN07.AR02" - ], - "PCI-4.0": [ - "10.2.1.1.9", - "10.2.1.1.10", - "10.2.1.1.22", - "10.2.1.2.8", - "10.2.1.2.19", - "10.2.1.3.8", - "10.2.1.3.19", - "10.2.1.4.8", - "10.2.1.4.19", - "10.2.1.5.8", - "10.2.1.5.19", - "10.2.1.6.8", - "10.2.1.6.19", - "10.2.1.7.8", - "10.2.1.7.19", - "10.2.1.8", - "10.2.1.19", - "10.2.2.8", - "10.2.2.19", - "10.3.1.8", - "10.3.1.19", - "10.4.1.1.2", - "10.4.1.2", - "10.4.2.3", - "10.6.3.9", - "10.6.3.10", - "10.6.3.24", - "10.7.1.4", - "10.7.2.4", - "5.3.4.9", - "5.3.4.22", - "A1.2.1.10", - "A1.2.1.23", - "A3.3.1.4", - "A3.5.1.4" - ], - "CIS-4.0": [ - "7.1.2.7" - ], - "NIS2": [ - "2.2.3", - "3.2.1", - "3.2.2", - "3.2.3.a", - "3.2.3.f", - "3.2.4", - "3.4.1", - "3.5.4", - "4.3.2.c", - "6.4.1", - "7.2.b", - "11.3.1", - "11.5.2.d" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900353, - "created_time_dt": "2025-10-19T18:59:13.053300", - "desc": "Create an activity log alert for the Create or Update SQL Server Firewall Rule event.", - "title": "Ensure that Activity Log Alert exists for Create or Update SQL Server Firewall Rule", - "types": [], - "uid": "prowler-azure-monitor_alert_create_update_sqlserver_fr-3bb71587-4549-4396-8898-9e15f062e665-global-Monitor" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "monitor" - }, - "labels": [], - "name": "Monitor", - "type": "Monitor", - "uid": "Monitor" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. Navigate to the Monitor blade. 2. Select Alerts. 3. Select Create. 4. Select Alert rule. 5. Under Filter by subscription, choose a subscription. 6. Under Filter by resource type, select Server Firewall Rule (servers/firewallRules). 7. Under Filter by location, select All. 8. From the results, select the subscription. 9. Select Done. 10. Select the Condition tab. 11. Under Signal name, click Create/Update server firewall rule (Microsoft.Sql/servers/firewallRules). 12. Select the Actions tab. 13. To use an existing action group, click Select action groups. To create a new action group, click Create action group. Fill out the appropriate details for the selection. 14. Select the Details tab. 15. Select a Resource group, provide an Alert rule name and an optional Alert rule description. 16. Click Review + create. 17. Click Create.", - "references": [ - "https://azure.microsoft.com/en-us/updates/classic-alerting-monitoring-retirement" - ] - }, - "risk_details": "Monitoring for Create or Update SQL Server Firewall Rule events gives insight into network access changes and may reduce the time it takes to detect suspicious activity.", - "time": 1760900353, - "time_dt": "2025-10-19T18:59:13.053300", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There is not an alert for deleting Network Security Groups in subscription Azure subscription 1.", - "metadata": { - "event_code": "monitor_alert_delete_nsg", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "There is not an alert for deleting Network Security Groups in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-in/azure/azure-monitor/platform/alerts-activity-log", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "By default, no monitoring alerts are created.", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.2" - ], - "MITRE-ATTACK": [ - "T1485", - "T1496" - ], - "CIS-2.0": [ - "5.2.4" - ], - "ProwlerThreatScore-1.0": [ - "3.3.6" - ], - "ISO27001-2022": [ - "A.5.7", - "A.8.16" - ], - "SOC2": [ - "cc_2_1", - "cc_5_2", - "cc_7_3", - "cc_7_4", - "cc_8_1" - ], - "CIS-2.1": [ - "5.2.4" - ], - "CIS-3.0": [ - "6.2.4" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR02", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN07.AR02" - ], - "CIS-4.0": [ - "7.1.2.4" - ], - "NIS2": [ - "2.2.3", - "3.2.1", - "3.2.2", - "3.2.3.a", - "3.2.3.f", - "3.2.4", - "3.4.1", - "3.5.4", - "4.3.2.c", - "6.4.1", - "7.2.b", - "11.3.1", - "11.5.2.d" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900353, - "created_time_dt": "2025-10-19T18:59:13.053300", - "desc": "Create an activity log alert for the Delete Network Security Group event.", - "title": "Ensure that Activity Log Alert exists for Delete Network Security Group", - "types": [], - "uid": "prowler-azure-monitor_alert_delete_nsg-3bb71587-4549-4396-8898-9e15f062e665-global-Monitor" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "monitor" - }, - "labels": [], - "name": "Monitor", - "type": "Monitor", - "uid": "Monitor" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. Navigate to the Monitor blade. 2. Select Alerts. 3. Select Create. 4. Select Alert rule. 5. Under Filter by subscription, choose a subscription. 6. Under Filter by resource type, select Network security groups. 7. Under Filter by location, select All. 8. From the results, select the subscription. 9. Select Done. 10. Select the Condition tab. 11. Under Signal name, click Delete Network Security Group (Microsoft.Network/networkSecurityGroups). 12. Select the Actions tab. 13. To use an existing action group, click Select action groups. To create a new action group, click Create action group. Fill out the appropriate details for the selection. 14. Select the Details tab. 15. Select a Resource group, provide an Alert rule name and an optional Alert rule description. 16. Click Review + create. 17. Click Create.", - "references": [ - "https://azure.microsoft.com/en-us/updates/classic-alerting-monitoring-retirement" - ] - }, - "risk_details": "Monitoring for 'Delete Network Security Group' events gives insight into network access changes and may reduce the time it takes to detect suspicious activity.", - "time": 1760900353, - "time_dt": "2025-10-19T18:59:13.053300", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There is not an alert for deleting policy assignment in subscription Azure subscription 1.", - "metadata": { - "event_code": "monitor_alert_delete_policy_assignment", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "There is not an alert for deleting policy assignment in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-in/rest/api/monitor/activitylogalerts/createorupdate", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "By default, no monitoring alerts are created.", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.2" - ], - "MITRE-ATTACK": [ - "T1485", - "T1496" - ], - "CIS-2.0": [ - "5.2.2" - ], - "ProwlerThreatScore-1.0": [ - "3.3.4" - ], - "ISO27001-2022": [ - "A.5.7", - "A.8.16" - ], - "SOC2": [ - "cc_2_1", - "cc_5_2", - "cc_7_3", - "cc_7_4", - "cc_8_1" - ], - "CIS-2.1": [ - "5.2.2" - ], - "CIS-3.0": [ - "6.2.2" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR02", - "CCC.Logging.CN07.AR01" - ], - "CIS-4.0": [ - "7.1.2.2" - ], - "NIS2": [ - "2.2.3", - "3.2.1", - "3.2.2", - "3.2.3.b", - "3.2.3.f", - "3.2.4", - "3.4.1", - "3.5.4", - "4.3.2.c", - "6.4.1", - "7.2.b", - "11.3.1", - "11.5.2.d" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900353, - "created_time_dt": "2025-10-19T18:59:13.053300", - "desc": "Create an activity log alert for the Delete Policy Assignment event.", - "title": "Ensure that Activity Log Alert exists for Delete Policy Assignment", - "types": [], - "uid": "prowler-azure-monitor_alert_delete_policy_assignment-3bb71587-4549-4396-8898-9e15f062e665-global-Monitor" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "monitor" - }, - "labels": [], - "name": "Monitor", - "type": "Monitor", - "uid": "Monitor" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. Navigate to the Monitor blade. 2. Select Alerts. 3. Select Create. 4. Select Alert rule. 5. Under Filter by subscription, choose a subscription. 6. Under Filter by resource type, select Policy assignment (policyAssignments). 7. Under Filter by location, select All. 8. From the results, select the subscription. 9. Select Done. 10. Select the Condition tab. 11. Under Signal name, click Delete policy assignment (Microsoft.Authorization/policyAssignments). 12. Select the Actions tab. 13. To use an existing action group, click Select action groups. To create a new action group, click Create action group. Fill out the appropriate details for the selection. 14. Select the Details tab. 15. Select a Resource group, provide an Alert rule name and an optional Alert rule description. 16. Click Review + create. 17. Click Create.", - "references": [ - "https://docs.microsoft.com/en-in/azure/azure-monitor/platform/alerts-activity-log" - ] - }, - "risk_details": "Monitoring for delete policy assignment events gives insight into changes done in 'azure policy - assignments' and can reduce the time it takes to detect unsolicited changes.", - "time": 1760900353, - "time_dt": "2025-10-19T18:59:13.053300", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There is not an alert for deleting public IP address rule in subscription Azure subscription 1.", - "metadata": { - "event_code": "monitor_alert_delete_public_ip_address_rule", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "There is not an alert for deleting public IP address rule in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-in/azure/azure-monitor/platform/alerts-activity-log", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "By default, no monitoring alerts are created.", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.2" - ], - "MITRE-ATTACK": [ - "T1485", - "T1496" - ], - "CIS-2.0": [ - "5.2.10" - ], - "ProwlerThreatScore-1.0": [ - "3.3.12" - ], - "ISO27001-2022": [ - "A.5.7", - "A.8.1", - "A.8.16" - ], - "SOC2": [ - "cc_2_1", - "cc_5_2", - "cc_7_3", - "cc_7_4", - "cc_8_1" - ], - "CIS-2.1": [ - "5.2.10" - ], - "CIS-3.0": [ - "6.2.10" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR02", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN07.AR02" - ], - "CIS-4.0": [ - "7.1.2.10" - ], - "NIS2": [ - "2.2.3", - "3.2.1", - "3.2.2", - "3.2.3.a", - "3.2.3.f", - "3.2.4", - "3.4.1", - "3.5.4", - "4.3.2.c", - "6.4.1", - "7.2.b", - "11.5.2.d" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900353, - "created_time_dt": "2025-10-19T18:59:13.053300", - "desc": "Create an activity log alert for the Delete Public IP Address rule.", - "title": "Ensure that Activity Log Alert exists for Delete Public IP Address rule", - "types": [], - "uid": "prowler-azure-monitor_alert_delete_public_ip_address_rule-3bb71587-4549-4396-8898-9e15f062e665-global-Monitor" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "monitor" - }, - "labels": [], - "name": "Monitor", - "type": "Monitor", - "uid": "Monitor" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. Navigate to the Monitor blade. 2. Select Alerts. 3. Select Create. 4. Select Alert rule. 5. Under Filter by subscription, choose a subscription. 6. Under Filter by resource type, select Public IP addresses. 7. Under Filter by location, select All. 8. From the results, select the subscription. 9. Select Done. 10. Select the Condition tab. 11. Under Signal name, click Delete Public Ip Address (Microsoft.Network/publicIPAddresses). 12. Select the Actions tab. 13. To use an existing action group, click Select action groups. To create a new action group, click Create action group. Fill out the appropriate details for the selection. 14. Select the Details tab. 15. Select a Resource group, provide an Alert rule name and an optional Alert rule description. 16. Click Review + create. 17. Click Create.", - "references": [ - "https://azure.microsoft.com/en-us/updates/classic-alerting-monitoring-retirement" - ] - }, - "risk_details": "Monitoring for Delete Public IP Address events gives insight into network access changes and may reduce the time it takes to detect suspicious activity.", - "time": 1760900353, - "time_dt": "2025-10-19T18:59:13.053300", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There is not an alert for deleting Security Solution in subscription Azure subscription 1.", - "metadata": { - "event_code": "monitor_alert_delete_security_solution", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "There is not an alert for deleting Security Solution in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-in/azure/azure-monitor/platform/alerts-activity-log", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "By default, no monitoring alerts are created.", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.2" - ], - "MITRE-ATTACK": [ - "T1485", - "T1496" - ], - "CIS-2.0": [ - "5.2.6" - ], - "ProwlerThreatScore-1.0": [ - "3.3.8" - ], - "ISO27001-2022": [ - "A.5.7", - "A.5.16", - "A.5.22", - "A.8.16" - ], - "SOC2": [ - "cc_2_1", - "cc_5_2", - "cc_7_3", - "cc_7_4", - "cc_8_1" - ], - "CIS-2.1": [ - "5.2.6" - ], - "CIS-3.0": [ - "6.2.6" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR02", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN07.AR02" - ], - "CIS-4.0": [ - "7.1.2.6" - ], - "NIS2": [ - "2.2.3", - "3.2.1", - "3.2.2", - "3.2.3.f", - "3.2.4", - "3.4.1", - "3.5.4", - "4.3.2.c", - "6.4.1", - "7.2.b", - "11.5.2.d" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900353, - "created_time_dt": "2025-10-19T18:59:13.053300", - "desc": "Create an activity log alert for the Delete Security Solution event.", - "title": "Ensure that Activity Log Alert exists for Delete Security Solution", - "types": [], - "uid": "prowler-azure-monitor_alert_delete_security_solution-3bb71587-4549-4396-8898-9e15f062e665-global-Monitor" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "monitor" - }, - "labels": [], - "name": "Monitor", - "type": "Monitor", - "uid": "Monitor" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. Navigate to the Monitor blade. 2. Select Alerts. 3. Select Create. 4. Select Alert rule. 5. Under Filter by subscription, choose a subscription. 6. Under Filter by resource type, select Security Solutions (securitySolutions). 7. Under Filter by location, select All. 8. From the results, select the subscription. 9. Select Done. 10. Select the Condition tab. 11. Under Signal name, click Delete Security Solutions (Microsoft.Security/securitySolutions). 12. Select the Actions tab. 13. To use an existing action group, click Select action groups. To create a new action group, click Create action group. Fill out the appropriate details for the selection. 14. Select the Details tab. 15. Select a Resource group, provide an Alert rule name and an optional Alert rule description. 16. Click Review + create. 17. Click Create.curitySolutions). 7. Under Filter by location, select All. 8. From the results, select the subscription. 9. Select Done. 10. Select the Condition tab. 11. Under Signal name, click Create or Update Security Solutions (Microsoft.Security/securitySolutions). 12. Select the Actions tab. 13. To use an existing action group, click Select action groups. To create a new action group, click Create action group. Fill out the appropriate details for the selection. 14. Select the Details tab. 15. Select a Resource group, provide an Alert rule name and an optional Alert rule description. 16. Click Review + create. 17. Click Create.", - "references": [ - "https://azure.microsoft.com/en-us/updates/classic-alerting-monitoring-retirement" - ] - }, - "risk_details": "Monitoring for Delete Security Solution events gives insight into changes to the active security solutions and may reduce the time it takes to detect suspicious activity.", - "time": 1760900353, - "time_dt": "2025-10-19T18:59:13.053300", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There is not an alert for deleting SQL Server firewall rule in subscription Azure subscription 1.", - "metadata": { - "event_code": "monitor_alert_delete_sqlserver_fr", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "There is not an alert for deleting SQL Server firewall rule in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-in/azure/azure-monitor/platform/alerts-activity-log", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "By default, no monitoring alerts are created.", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.2" - ], - "MITRE-ATTACK": [ - "T1485", - "T1496" - ], - "CIS-2.0": [ - "5.2.8" - ], - "ProwlerThreatScore-1.0": [ - "3.3.10" - ], - "ISO27001-2022": [ - "A.5.7", - "A.8.16" - ], - "SOC2": [ - "cc_2_1", - "cc_5_2", - "cc_7_3", - "cc_7_4", - "cc_8_1" - ], - "CIS-2.1": [ - "5.2.8" - ], - "CIS-3.0": [ - "6.2.8" - ], - "CCC": [ - "CCC.Logging.CN07.AR01" - ], - "CIS-4.0": [ - "7.1.2.8" - ], - "NIS2": [ - "2.2.3", - "3.2.1", - "3.2.2", - "3.2.3.f", - "3.2.4", - "3.4.1", - "3.5.4", - "4.3.2.c", - "6.4.1", - "7.2.b", - "11.3.1", - "11.5.2.d" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900353, - "created_time_dt": "2025-10-19T18:59:13.053300", - "desc": "Create an activity log alert for the 'Delete SQL Server Firewall Rule.'", - "title": "Ensure that Activity Log Alert exists for Delete SQL Server Firewall Rule", - "types": [], - "uid": "prowler-azure-monitor_alert_delete_sqlserver_fr-3bb71587-4549-4396-8898-9e15f062e665-global-Monitor" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "monitor" - }, - "labels": [], - "name": "Monitor", - "type": "Monitor", - "uid": "Monitor" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. Navigate to the Monitor blade. 2. Select Alerts. 3. Select Create. 4. Select Alert rule. 5. Under Filter by subscription, choose a subscription. 6. Under Filter by resource type, select Server Firewall Rule (servers/firewallRules). 7. Under Filter by location, select All. 8. From the results, select the subscription. 9. Select Done. 10. Select the Condition tab. 11. Under Signal name, click Delete server firewall rule (Microsoft.Sql/servers/firewallRules). 12. Select the Actions tab. 13. To use an existing action group, click Select action groups. To create a new action group, click Create action group. Fill out the appropriate details for the selection. 14. Select the Details tab. 15. Select a Resource group, provide an Alert rule name and an optional Alert rule description. 16. Click Review + create. 17. Click Create.", - "references": [ - "https://azure.microsoft.com/en-us/updates/classic-alerting-monitoring-retirement" - ] - }, - "risk_details": "Monitoring for Delete SQL Server Firewall Rule events gives insight into SQL network access changes and may reduce the time it takes to detect suspicious activity.", - "time": 1760900353, - "time_dt": "2025-10-19T18:59:13.053300", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There is no activity log alert for Service Health in subscription Azure subscription 1.", - "metadata": { - "event_code": "monitor_alert_service_health_exists", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "There is no activity log alert for Service Health in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/service-health/overview", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "By default, in your Azure subscription there will not be any activity log alerts configured for Service Health events.", - "compliance": { - "CCC": [ - "CCC.AuditLog.CN03.AR02", - "CCC.KeyMgmt.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN07.AR02" - ], - "CIS-4.0": [ - "7.1.2.11" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900353, - "created_time_dt": "2025-10-19T18:59:13.053300", - "desc": "Ensure that an Azure activity log alert is configured to trigger when Service Health events occur within your Microsoft Azure cloud account. The alert should activate when new events match the specified conditions in the alert rule configuration.", - "title": "Ensure that an Activity Log Alert exists for Service Health", - "types": [], - "uid": "prowler-azure-monitor_alert_service_health_exists-3bb71587-4549-4396-8898-9e15f062e665-global-Monitor" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "monitor" - }, - "labels": [], - "name": "Monitor", - "type": "Monitor", - "uid": "Monitor" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "Create an activity log alert for Service Health events and configure an action group to notify appropriate personnel.", - "references": [ - "https://learn.microsoft.com/en-us/azure/service-health/alerts-activity-log-service-notifications-portal" - ] - }, - "risk_details": "Lack of monitoring for Service Health events may result in missing critical service issues, planned maintenance, security advisories, or other changes that could impact Azure services and regions in use.", - "time": 1760900353, - "time_dt": "2025-10-19T18:59:13.053300", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There are no diagnostic settings capturing appropiate categories in subscription Azure subscription 1.", - "metadata": { - "event_code": "monitor_diagnostic_setting_with_appropriate_categories", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "There are no diagnostic settings capturing appropiate categories in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/azure-monitor/essentials/diagnostic-settings", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "When the diagnostic setting is created using Azure Portal, by default no categories are selected.", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.az.md.1", - "op.mon.2.az.md.1" - ], - "CIS-2.0": [ - "5.1.2" - ], - "ProwlerThreatScore-1.0": [ - "3.3.2" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.22" - ], - "SOC2": [ - "cc_8_1" - ], - "CIS-2.1": [ - "5.1.2" - ], - "CIS-3.0": [ - "6.1.2" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR02", - "CCC.AuditLog.CN04.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.LB.CN01.AR02", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.ObjStor.CN06.AR01", - "CCC.Core.CN09.AR02", - "CCC.Core.CN09.AR03", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR02", - "CCC.Core.CN04.AR03", - "CCC.Core.CN07.AR02" - ], - "PCI-4.0": [ - "10.2.1.1.7", - "10.2.1.1.15", - "10.2.1.2.7", - "10.2.1.3.7", - "10.2.1.4.7", - "10.2.1.5.7", - "10.2.1.6.7", - "10.2.1.7.7", - "10.2.1.7", - "10.2.2.7", - "10.3.1.7", - "10.3.2.2", - "10.3.3.4", - "10.3.4.3", - "10.4.1.1.3", - "10.4.1.1.4", - "10.4.1.3", - "10.4.2.4", - "10.5.1.3", - "10.6.3.7", - "10.6.3.15", - "10.7.1.5", - "10.7.2.5", - "11.5.2.4", - "11.6.1.4", - "12.10.5.4", - "5.3.4.7", - "5.3.4.8", - "A1.2.1.7", - "A1.2.1.8", - "A3.3.1.6", - "A3.3.1.7", - "A3.5.1.6", - "A3.5.1.7" - ], - "CIS-4.0": [ - "7.1.1.2" - ], - "NIS2": [ - "2.2.3", - "3.2.1", - "3.2.2", - "3.2.3.c", - "3.2.3.f", - "3.4.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900353, - "created_time_dt": "2025-10-19T18:59:13.053300", - "desc": "Prerequisite: A Diagnostic Setting must exist. If a Diagnostic Setting does not exist, the navigation and options within this recommendation will not be available. Please review the recommendation at the beginning of this subsection titled: 'Ensure that a 'Diagnostic Setting' exists.' The diagnostic setting should be configured to log the appropriate activities from the control/management plane.", - "title": "Ensure Diagnostic Setting captures appropriate categories", - "types": [], - "uid": "prowler-azure-monitor_diagnostic_setting_with_appropriate_categories-3bb71587-4549-4396-8898-9e15f062e665-global-Monitor" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "monitor" - }, - "labels": [], - "name": "Monitor", - "type": "Monitor", - "uid": "Monitor" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. Go to Azure Monitor 2. Click Activity log 3. Click on Export Activity Logs 4. Select the Subscription from the drop down menu 5. Click on Add diagnostic setting 6. Enter a name for your new Diagnostic Setting 7. Check the following categories: Administrative, Alert, Policy, and Security 8. Choose the destination details according to your organization's needs.", - "references": [ - "https://learn.microsoft.com/en-us/azure/storage/common/manage-storage-analytics-logs?toc=%2Fazure%2Fstorage%2Fblobs%2Ftoc.json&bc=%2Fazure%2Fstorage%2Fblobs%2Fbreadcrumb%2Ftoc.json&tabs=azure-portal" - ] - }, - "risk_details": "A diagnostic setting controls how the diagnostic log is exported. Capturing the diagnostic setting categories for appropriate control/management plane activities allows proper alerting.", - "time": 1760900353, - "time_dt": "2025-10-19T18:59:13.053300", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No diagnostic settings found in subscription Azure subscription 1.", - "metadata": { - "event_code": "monitor_diagnostic_settings_exists", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "No diagnostic settings found in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/cli/azure/monitor/diagnostic-settings?view=azure-cli-latest", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "By default, diagnostic setting is not set.", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.r5.az.ds.1", - "op.mon.2.r2.az.ma.1" - ], - "CIS-2.0": [ - "5.1.1" - ], - "ProwlerThreatScore-1.0": [ - "3.2.3" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.22" - ], - "SOC2": [ - "cc_8_1" - ], - "CIS-2.1": [ - "5.1.1" - ], - "CIS-3.0": [ - "6.1.1" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN03.AR02", - "CCC.AuditLog.CN04.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.AuditLog.CN06.AR01", - "CCC.AuditLog.CN08.AR01", - "CCC.AuditLog.CN09.AR01", - "CCC.KeyMgmt.CN01.AR01", - "CCC.LB.CN01.AR02", - "CCC.LB.CN06.AR01", - "CCC.LB.CN04.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.AuditLog.CN04.AR01", - "CCC.Logging.CN05.AR01", - "CCC.Logging.CN05.AR02", - "CCC.Logging.CN07.AR01", - "CCC.ObjStor.CN06.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN09.AR01", - "CCC.Core.CN09.AR02", - "CCC.Core.CN09.AR03", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR02", - "CCC.Core.CN04.AR03", - "CCC.Core.CN07.AR02" - ], - "CIS-4.0": [ - "7.1.1.1" - ], - "NIS2": [ - "2.2.3", - "3.2.1", - "3.2.2", - "3.2.3.b", - "3.2.3.c", - "3.2.3.f", - "3.2.3.h", - "3.4.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900353, - "created_time_dt": "2025-10-19T18:59:13.053300", - "desc": "Enable Diagnostic settings for exporting activity logs. Diagnostic settings are available for each individual resource within a subscription. Settings should be configured for all appropriate resources for your environment.", - "title": "Ensure that a 'Diagnostic Setting' exists for Subscription Activity Logs ", - "types": [], - "uid": "prowler-azure-monitor_diagnostic_settings_exists-3bb71587-4549-4396-8898-9e15f062e665-global-Diagnostic Settings" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "monitor" - }, - "labels": [], - "name": "Diagnostic Settings", - "type": "Monitor", - "uid": "diagnostic_settings" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "To enable Diagnostic Settings on a Subscription: 1. Go to Monitor 2. Click on Activity Log 3. Click on Export Activity Logs 4. Click + Add diagnostic setting 5. Enter a Diagnostic setting name 6. Select Categories for the diagnostic settings 7. Select the appropriate Destination details (this may be Log Analytics, Storage Account, Event Hub, or Partner solution) 8. Click Save To enable Diagnostic Settings on a specific resource: 1. Go to Monitor 2. Click Diagnostic settings 3. Click on the resource that has a diagnostics status of disabled 4. Select Add Diagnostic Setting 5. Enter a Diagnostic setting name 6. Select the appropriate log, metric, and destination. (this may be Log Analytics, Storage Account, Event Hub, or Partner solution) 7. Click save Repeat these step for all resources as needed.", - "references": [ - "https://docs.microsoft.com/en-us/azure/monitoring-and-diagnostics/monitoring-overview-activity-logs#export-the-activity-log-with-a-log-profile" - ] - }, - "risk_details": "A diagnostic setting controls how a diagnostic log is exported. By default, logs are retained only for 90 days. Diagnostic settings should be defined so that logs can be exported and stored for a longer duration in order to analyze security activities within an Azure subscription.", - "time": 1760900353, - "time_dt": "2025-10-19T18:59:13.053300", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Bastion Host from subscription Azure subscription 1 does not exist", - "metadata": { - "event_code": "network_bastion_host_exists", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Bastion Host from subscription Azure subscription 1 does not exist", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/bastion/bastion-overview#sku", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "The Azure Bastion service incurs additional costs and requires a specific virtual network configuration. The Standard tier offers additional configuration options compared to the Basic tier and may incur additional costs for those added features.", - "compliance": { - "ENS-RD2022": [ - "mp.com.4.r4.az.nt.1" - ], - "CIS-2.0": [ - "7.1" - ], - "ProwlerThreatScore-1.0": [ - "2.1.5" - ], - "ISO27001-2022": [ - "A.8.14", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "CIS-2.1": [ - "7.1" - ], - "CIS-3.0": [ - "8.1" - ], - "CIS-4.0": [ - "9.4.1" - ], - "NIS2": [ - "2.3.1", - "6.7.2.b", - "6.7.2.l", - "11.1.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900353, - "created_time_dt": "2025-10-19T18:59:13.053300", - "desc": "The Azure Bastion service allows secure remote access to Azure Virtual Machines over the Internet without exposing remote access protocol ports and services directly to the Internet. The Azure Bastion service provides this access using TLS over 443/TCP, and subscribes to hardened configurations within an organization's Azure Active Directory service.", - "title": "Ensure an Azure Bastion Host Exists", - "types": [], - "uid": "prowler-azure-network_bastion_host_exists-3bb71587-4549-4396-8898-9e15f062e665-global-Bastion Host" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "network" - }, - "labels": [], - "name": "Bastion Host", - "type": "Network", - "uid": "Bastion Host" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "From Azure Portal* 1. Click on Bastions 2. Select the Subscription 3. Select the Resource group 4. Type a Name for the new Bastion host 5. Select a Region 6. Choose Standard next to Tier 7. Use the slider to set the Instance count 8. Select the Virtual network or Create new 9. Select the Subnet named AzureBastionSubnet. Create a Subnet named AzureBastionSubnet using a /26 CIDR range if it doesn't already exist. 10. Selct the appropriate Public IP address option. 11. If Create new is selected for the Public IP address option, provide a Public IP address name. 12. If Use existing is selected for Public IP address option, select an IP address from Choose public IP address 13. Click Next: Tags > 14. Configure the appropriate Tags 15. Click Next: Advanced > 16. Select the appropriate Advanced options 17. Click Next: Review + create > 18. Click Create From Azure CLI az network bastion create --location --name --public-ip-address --resource-group --vnet-name --scale-units --sku Standard [--disable-copy- paste true|false] [--enable-ip-connect true|false] [--enable-tunneling true|false] From PowerShell Create the appropriate Virtual network settings and Public IP Address settings. $subnetName = 'AzureBastionSubnet' $subnet = New-AzVirtualNetworkSubnetConfig -Name $subnetName -AddressPrefix $virtualNet = New-AzVirtualNetwork -Name - ResourceGroupName -Location -AddressPrefix -Subnet $subnet $publicip = New-AzPublicIpAddress -ResourceGroupName - Name -Location -AllocationMethod Dynamic -Sku Standard", - "references": [ - "https://learn.microsoft.com/en-us/powershell/module/az.network/get-azbastion?view=azps-9.2.0" - ] - }, - "risk_details": "The Azure Bastion service allows organizations a more secure means of accessing Azure Virtual Machines over the Internet without assigning public IP addresses to those Virtual Machines. The Azure Bastion service provides Remote Desktop Protocol (RDP) and Secure Shell (SSH) access to Virtual Machines using TLS within a web browser, thus preventing organizations from opening up 3389/TCP and 22/TCP to the Internet on Azure Virtual Machines. Additional benefits of the Bastion service includes Multi-Factor Authentication, Conditional Access Policies, and any other hardening measures configured within Azure Active Directory using a central point of access.", - "time": 1760900353, - "time_dt": "2025-10-19T18:59:13.053300", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Network Watcher NetworkWatcher_southcentralus from subscription Azure subscription 1 has no flow logs", - "metadata": { - "event_code": "network_flow_log_captured_sent", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Network Watcher NetworkWatcher_southcentralus from subscription Azure subscription 1 has no flow logs", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/security/benchmark/azure/mcsb-logging-threat-detection#lt-4-enable-network-logging-for-security-investigation", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "The impact of configuring NSG Flow logs is primarily one of cost and configuration. If deployed, it will create storage accounts that hold minimal amounts of data on a 5-day lifecycle before feeding to Log Analytics Workspace. This will increase the amount of data stored and used by Azure Monitor.", - "compliance": { - "ENS-RD2022": [ - "op.mon.1.r1.az.nf.1", - "op.mon.3.az.nw.1", - "mp.s.4.r1.az.nt.1" - ], - "MITRE-ATTACK": [ - "T1048", - "T1499" - ], - "CIS-2.0": [ - "5.1.6" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "ISO27001-2022": [ - "A.8.14", - "A.8.15", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "5.1.5" - ], - "CIS-3.0": [ - "6.1.5" - ], - "CCC": [ - "CCC.LB.CN01.AR02", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR01", - "CCC.Core.CN09.AR03", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR02", - "CCC.Core.CN04.AR03" - ], - "CIS-4.0": [ - "7.1.1.5" - ], - "NIS2": [ - "2.1.2.h", - "2.3.1", - "3.2.3.a", - "3.2.3.d", - "3.2.3.g", - "6.7.2.b", - "6.7.2.l", - "11.1.1", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900353, - "created_time_dt": "2025-10-19T18:59:13.053300", - "desc": "Ensure that network flow logs are captured and fed into a central log analytics workspace.", - "title": "Ensure that network flow logs are captured and fed into a central log analytics workspace.", - "types": [], - "uid": "prowler-azure-network_flow_log_captured_sent-3bb71587-4549-4396-8898-9e15f062e665-southcentralus-NetworkWatcher_southcentralus" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "southcentralus", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_southcentralus", - "name": "NetworkWatcher_southcentralus", - "location": "southcentralus", - "flow_logs": [] - } - }, - "group": { - "name": "network" - }, - "labels": [], - "name": "NetworkWatcher_southcentralus", - "type": "Network", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_southcentralus" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "southcentralus" - }, - "remediation": { - "desc": "1. Navigate to Network Watcher. 2. Select NSG flow logs. 3. Select + Create. 4. Select the desired Subscription. 5. Select + Select NSG. 6. Select a network security group. 7. Click Confirm selection. 8. Select or create a new Storage Account. 9. Input the retention in days to retain the log. 10. Click Next. 11. Under Configuration, select Version 2. 12. If rich analytics are required, select Enable Traffic Analytics, a processing interval, and a Log Analytics Workspace. 13. Select Next. 14. Optionally add Tags. 15. Select Review + create. 16. Select Create. Warning The remediation policy creates remediation deployment and names them by concatenating the subscription name and the resource group name. The MAXIMUM permitted length of a deployment name is 64 characters. Exceeding this will cause the remediation task to fail.", - "references": [ - "https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-nsg-flow-logging-portal" - ] - }, - "risk_details": "Network Flow Logs provide valuable insight into the flow of traffic around your network and feed into both Azure Monitor and Azure Sentinel (if in use), permitting the generation of visual flow diagrams to aid with analyzing for lateral movement, etc.", - "time": 1760900353, - "time_dt": "2025-10-19T18:59:13.053300", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Network Watcher NetworkWatcher_centralindia from subscription Azure subscription 1 has no flow logs", - "metadata": { - "event_code": "network_flow_log_captured_sent", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Network Watcher NetworkWatcher_centralindia from subscription Azure subscription 1 has no flow logs", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/security/benchmark/azure/mcsb-logging-threat-detection#lt-4-enable-network-logging-for-security-investigation", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "The impact of configuring NSG Flow logs is primarily one of cost and configuration. If deployed, it will create storage accounts that hold minimal amounts of data on a 5-day lifecycle before feeding to Log Analytics Workspace. This will increase the amount of data stored and used by Azure Monitor.", - "compliance": { - "ENS-RD2022": [ - "op.mon.1.r1.az.nf.1", - "op.mon.3.az.nw.1", - "mp.s.4.r1.az.nt.1" - ], - "MITRE-ATTACK": [ - "T1048", - "T1499" - ], - "CIS-2.0": [ - "5.1.6" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "ISO27001-2022": [ - "A.8.14", - "A.8.15", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "5.1.5" - ], - "CIS-3.0": [ - "6.1.5" - ], - "CCC": [ - "CCC.LB.CN01.AR02", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR01", - "CCC.Core.CN09.AR03", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR02", - "CCC.Core.CN04.AR03" - ], - "CIS-4.0": [ - "7.1.1.5" - ], - "NIS2": [ - "2.1.2.h", - "2.3.1", - "3.2.3.a", - "3.2.3.d", - "3.2.3.g", - "6.7.2.b", - "6.7.2.l", - "11.1.1", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900353, - "created_time_dt": "2025-10-19T18:59:13.053300", - "desc": "Ensure that network flow logs are captured and fed into a central log analytics workspace.", - "title": "Ensure that network flow logs are captured and fed into a central log analytics workspace.", - "types": [], - "uid": "prowler-azure-network_flow_log_captured_sent-3bb71587-4549-4396-8898-9e15f062e665-centralindia-NetworkWatcher_centralindia" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "centralindia", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_centralindia", - "name": "NetworkWatcher_centralindia", - "location": "centralindia", - "flow_logs": [] - } - }, - "group": { - "name": "network" - }, - "labels": [], - "name": "NetworkWatcher_centralindia", - "type": "Network", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_centralindia" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "centralindia" - }, - "remediation": { - "desc": "1. Navigate to Network Watcher. 2. Select NSG flow logs. 3. Select + Create. 4. Select the desired Subscription. 5. Select + Select NSG. 6. Select a network security group. 7. Click Confirm selection. 8. Select or create a new Storage Account. 9. Input the retention in days to retain the log. 10. Click Next. 11. Under Configuration, select Version 2. 12. If rich analytics are required, select Enable Traffic Analytics, a processing interval, and a Log Analytics Workspace. 13. Select Next. 14. Optionally add Tags. 15. Select Review + create. 16. Select Create. Warning The remediation policy creates remediation deployment and names them by concatenating the subscription name and the resource group name. The MAXIMUM permitted length of a deployment name is 64 characters. Exceeding this will cause the remediation task to fail.", - "references": [ - "https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-nsg-flow-logging-portal" - ] - }, - "risk_details": "Network Flow Logs provide valuable insight into the flow of traffic around your network and feed into both Azure Monitor and Azure Sentinel (if in use), permitting the generation of visual flow diagrams to aid with analyzing for lateral movement, etc.", - "time": 1760900353, - "time_dt": "2025-10-19T18:59:13.053300", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Network Watcher NetworkWatcher_westus2 from subscription Azure subscription 1 has no flow logs", - "metadata": { - "event_code": "network_flow_log_captured_sent", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Network Watcher NetworkWatcher_westus2 from subscription Azure subscription 1 has no flow logs", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/security/benchmark/azure/mcsb-logging-threat-detection#lt-4-enable-network-logging-for-security-investigation", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "The impact of configuring NSG Flow logs is primarily one of cost and configuration. If deployed, it will create storage accounts that hold minimal amounts of data on a 5-day lifecycle before feeding to Log Analytics Workspace. This will increase the amount of data stored and used by Azure Monitor.", - "compliance": { - "ENS-RD2022": [ - "op.mon.1.r1.az.nf.1", - "op.mon.3.az.nw.1", - "mp.s.4.r1.az.nt.1" - ], - "MITRE-ATTACK": [ - "T1048", - "T1499" - ], - "CIS-2.0": [ - "5.1.6" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "ISO27001-2022": [ - "A.8.14", - "A.8.15", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "5.1.5" - ], - "CIS-3.0": [ - "6.1.5" - ], - "CCC": [ - "CCC.LB.CN01.AR02", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR01", - "CCC.Core.CN09.AR03", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR02", - "CCC.Core.CN04.AR03" - ], - "CIS-4.0": [ - "7.1.1.5" - ], - "NIS2": [ - "2.1.2.h", - "2.3.1", - "3.2.3.a", - "3.2.3.d", - "3.2.3.g", - "6.7.2.b", - "6.7.2.l", - "11.1.1", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900353, - "created_time_dt": "2025-10-19T18:59:13.053300", - "desc": "Ensure that network flow logs are captured and fed into a central log analytics workspace.", - "title": "Ensure that network flow logs are captured and fed into a central log analytics workspace.", - "types": [], - "uid": "prowler-azure-network_flow_log_captured_sent-3bb71587-4549-4396-8898-9e15f062e665-westus2-NetworkWatcher_westus2" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "westus2", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_westus2", - "name": "NetworkWatcher_westus2", - "location": "westus2", - "flow_logs": [] - } - }, - "group": { - "name": "network" - }, - "labels": [], - "name": "NetworkWatcher_westus2", - "type": "Network", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_westus2" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "westus2" - }, - "remediation": { - "desc": "1. Navigate to Network Watcher. 2. Select NSG flow logs. 3. Select + Create. 4. Select the desired Subscription. 5. Select + Select NSG. 6. Select a network security group. 7. Click Confirm selection. 8. Select or create a new Storage Account. 9. Input the retention in days to retain the log. 10. Click Next. 11. Under Configuration, select Version 2. 12. If rich analytics are required, select Enable Traffic Analytics, a processing interval, and a Log Analytics Workspace. 13. Select Next. 14. Optionally add Tags. 15. Select Review + create. 16. Select Create. Warning The remediation policy creates remediation deployment and names them by concatenating the subscription name and the resource group name. The MAXIMUM permitted length of a deployment name is 64 characters. Exceeding this will cause the remediation task to fail.", - "references": [ - "https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-nsg-flow-logging-portal" - ] - }, - "risk_details": "Network Flow Logs provide valuable insight into the flow of traffic around your network and feed into both Azure Monitor and Azure Sentinel (if in use), permitting the generation of visual flow diagrams to aid with analyzing for lateral movement, etc.", - "time": 1760900353, - "time_dt": "2025-10-19T18:59:13.053300", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Network Watcher NetworkWatcher_southcentralus from subscription Azure subscription 1 has no flow logs", - "metadata": { - "event_code": "network_flow_log_more_than_90_days", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Network Watcher NetworkWatcher_southcentralus from subscription Azure subscription 1 has no flow logs", - "status_id": 1, - "unmapped": { - "related_url": " https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-nsg-flow-logging-overview", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "This will keep IP traffic logs for longer than 90 days. As a level 2, first determine your need to retain data, then apply your selection here. As this is data stored for longer, your monthly storage costs will increase depending on your data use.", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.r3.az.nt.1", - "op.mon.3.az.nw.1" - ], - "MITRE-ATTACK": [ - "T1499" - ], - "CIS-2.0": [ - "6.5" - ], - "ProwlerThreatScore-1.0": [ - "3.2.1" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1", - "cc_c_1_2" - ], - "CIS-2.1": [ - "6.5" - ], - "CIS-3.0": [ - "7.5" - ], - "CCC": [ - "CCC.Logging.CN02.AR01", - "CCC.Logging.CN02.AR02", - "CCC.VPC.CN04.AR01" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.29", - "10.2.1.3.29", - "10.2.1.4.29", - "10.2.1.5.29", - "10.2.1.6.29", - "10.2.1.7.29", - "10.2.1.29", - "10.2.2.29", - "10.3.1.29", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.34" - ], - "CIS-4.0": [ - "8.8", - "8.5" - ], - "NIS2": [ - "1.1.1.c", - "2.1.2.h", - "2.3.1", - "3.2.3.a", - "3.2.3.g", - "3.2.5", - "4.1.2.g", - "4.1.4", - "4.2.2.f", - "6.1.2.b", - "6.7.2.b", - "6.7.2.l", - "11.1.1", - "11.2.2.f", - "12.2.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900353, - "created_time_dt": "2025-10-19T18:59:13.053300", - "desc": "Network Security Group Flow Logs should be enabled and the retention period set to greater than or equal to 90 days.", - "title": "Ensure that Network Security Group Flow Log retention period is 0, 90 days or greater", - "types": [], - "uid": "prowler-azure-network_flow_log_more_than_90_days-3bb71587-4549-4396-8898-9e15f062e665-southcentralus-NetworkWatcher_southcentralus" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "southcentralus", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_southcentralus", - "name": "NetworkWatcher_southcentralus", - "location": "southcentralus", - "flow_logs": [] - } - }, - "group": { - "name": "network" - }, - "labels": [], - "name": "NetworkWatcher_southcentralus", - "type": "Network", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_southcentralus" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "southcentralus" - }, - "remediation": { - "desc": "From Azure Portal 1. Go to Network Watcher 2. Select NSG flow logs blade in the Logs section 3. Select each Network Security Group from the list 4. Ensure Status is set to On 5. Ensure Retention (days) setting greater than 90 days 6. Select your storage account in the Storage account field 7. Select Save From Azure CLI Enable the NSG flow logs and set the Retention (days) to greater than or equal to 90 days. az network watcher flow-log configure --nsg --enabled true --resource-group --retention 91 --storage-account ", - "references": [ - "https://docs.microsoft.com/en-us/cli/azure/network/watcher/flow-log?view=azure-cli-latest" - ] - }, - "risk_details": "Flow logs enable capturing information about IP traffic flowing in and out of network security groups. Logs can be used to check for anomalies and give insight into suspected breaches.", - "time": 1760900353, - "time_dt": "2025-10-19T18:59:13.053300", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Network Watcher NetworkWatcher_centralindia from subscription Azure subscription 1 has no flow logs", - "metadata": { - "event_code": "network_flow_log_more_than_90_days", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Network Watcher NetworkWatcher_centralindia from subscription Azure subscription 1 has no flow logs", - "status_id": 1, - "unmapped": { - "related_url": " https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-nsg-flow-logging-overview", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "This will keep IP traffic logs for longer than 90 days. As a level 2, first determine your need to retain data, then apply your selection here. As this is data stored for longer, your monthly storage costs will increase depending on your data use.", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.r3.az.nt.1", - "op.mon.3.az.nw.1" - ], - "MITRE-ATTACK": [ - "T1499" - ], - "CIS-2.0": [ - "6.5" - ], - "ProwlerThreatScore-1.0": [ - "3.2.1" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1", - "cc_c_1_2" - ], - "CIS-2.1": [ - "6.5" - ], - "CIS-3.0": [ - "7.5" - ], - "CCC": [ - "CCC.Logging.CN02.AR01", - "CCC.Logging.CN02.AR02", - "CCC.VPC.CN04.AR01" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.29", - "10.2.1.3.29", - "10.2.1.4.29", - "10.2.1.5.29", - "10.2.1.6.29", - "10.2.1.7.29", - "10.2.1.29", - "10.2.2.29", - "10.3.1.29", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.34" - ], - "CIS-4.0": [ - "8.8", - "8.5" - ], - "NIS2": [ - "1.1.1.c", - "2.1.2.h", - "2.3.1", - "3.2.3.a", - "3.2.3.g", - "3.2.5", - "4.1.2.g", - "4.1.4", - "4.2.2.f", - "6.1.2.b", - "6.7.2.b", - "6.7.2.l", - "11.1.1", - "11.2.2.f", - "12.2.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900353, - "created_time_dt": "2025-10-19T18:59:13.053300", - "desc": "Network Security Group Flow Logs should be enabled and the retention period set to greater than or equal to 90 days.", - "title": "Ensure that Network Security Group Flow Log retention period is 0, 90 days or greater", - "types": [], - "uid": "prowler-azure-network_flow_log_more_than_90_days-3bb71587-4549-4396-8898-9e15f062e665-centralindia-NetworkWatcher_centralindia" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "centralindia", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_centralindia", - "name": "NetworkWatcher_centralindia", - "location": "centralindia", - "flow_logs": [] - } - }, - "group": { - "name": "network" - }, - "labels": [], - "name": "NetworkWatcher_centralindia", - "type": "Network", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_centralindia" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "centralindia" - }, - "remediation": { - "desc": "From Azure Portal 1. Go to Network Watcher 2. Select NSG flow logs blade in the Logs section 3. Select each Network Security Group from the list 4. Ensure Status is set to On 5. Ensure Retention (days) setting greater than 90 days 6. Select your storage account in the Storage account field 7. Select Save From Azure CLI Enable the NSG flow logs and set the Retention (days) to greater than or equal to 90 days. az network watcher flow-log configure --nsg --enabled true --resource-group --retention 91 --storage-account ", - "references": [ - "https://docs.microsoft.com/en-us/cli/azure/network/watcher/flow-log?view=azure-cli-latest" - ] - }, - "risk_details": "Flow logs enable capturing information about IP traffic flowing in and out of network security groups. Logs can be used to check for anomalies and give insight into suspected breaches.", - "time": 1760900353, - "time_dt": "2025-10-19T18:59:13.053300", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Network Watcher NetworkWatcher_westus2 from subscription Azure subscription 1 has no flow logs", - "metadata": { - "event_code": "network_flow_log_more_than_90_days", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Network Watcher NetworkWatcher_westus2 from subscription Azure subscription 1 has no flow logs", - "status_id": 1, - "unmapped": { - "related_url": " https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-nsg-flow-logging-overview", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "This will keep IP traffic logs for longer than 90 days. As a level 2, first determine your need to retain data, then apply your selection here. As this is data stored for longer, your monthly storage costs will increase depending on your data use.", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.r3.az.nt.1", - "op.mon.3.az.nw.1" - ], - "MITRE-ATTACK": [ - "T1499" - ], - "CIS-2.0": [ - "6.5" - ], - "ProwlerThreatScore-1.0": [ - "3.2.1" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1", - "cc_c_1_2" - ], - "CIS-2.1": [ - "6.5" - ], - "CIS-3.0": [ - "7.5" - ], - "CCC": [ - "CCC.Logging.CN02.AR01", - "CCC.Logging.CN02.AR02", - "CCC.VPC.CN04.AR01" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.29", - "10.2.1.3.29", - "10.2.1.4.29", - "10.2.1.5.29", - "10.2.1.6.29", - "10.2.1.7.29", - "10.2.1.29", - "10.2.2.29", - "10.3.1.29", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.34" - ], - "CIS-4.0": [ - "8.8", - "8.5" - ], - "NIS2": [ - "1.1.1.c", - "2.1.2.h", - "2.3.1", - "3.2.3.a", - "3.2.3.g", - "3.2.5", - "4.1.2.g", - "4.1.4", - "4.2.2.f", - "6.1.2.b", - "6.7.2.b", - "6.7.2.l", - "11.1.1", - "11.2.2.f", - "12.2.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900353, - "created_time_dt": "2025-10-19T18:59:13.053300", - "desc": "Network Security Group Flow Logs should be enabled and the retention period set to greater than or equal to 90 days.", - "title": "Ensure that Network Security Group Flow Log retention period is 0, 90 days or greater", - "types": [], - "uid": "prowler-azure-network_flow_log_more_than_90_days-3bb71587-4549-4396-8898-9e15f062e665-westus2-NetworkWatcher_westus2" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "westus2", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_westus2", - "name": "NetworkWatcher_westus2", - "location": "westus2", - "flow_logs": [] - } - }, - "group": { - "name": "network" - }, - "labels": [], - "name": "NetworkWatcher_westus2", - "type": "Network", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_westus2" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "westus2" - }, - "remediation": { - "desc": "From Azure Portal 1. Go to Network Watcher 2. Select NSG flow logs blade in the Logs section 3. Select each Network Security Group from the list 4. Ensure Status is set to On 5. Ensure Retention (days) setting greater than 90 days 6. Select your storage account in the Storage account field 7. Select Save From Azure CLI Enable the NSG flow logs and set the Retention (days) to greater than or equal to 90 days. az network watcher flow-log configure --nsg --enabled true --resource-group --retention 91 --storage-account ", - "references": [ - "https://docs.microsoft.com/en-us/cli/azure/network/watcher/flow-log?view=azure-cli-latest" - ] - }, - "risk_details": "Flow logs enable capturing information about IP traffic flowing in and out of network security groups. Logs can be used to check for anomalies and give insight into suspected breaches.", - "time": 1760900353, - "time_dt": "2025-10-19T18:59:13.053300", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Security Group nsg-lee8 from subscription Azure subscription 1 has HTTP internet access restricted.", - "metadata": { - "event_code": "network_http_internet_access_restricted", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Security Group nsg-lee8 from subscription Azure subscription 1 has HTTP internet access restricted.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/security/benchmark/azure/security-controls-v3-network-security#ns-1-establish-network-segmentation-boundaries", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.com.3.r2.az.tls.1", - "mp.com.4.r3.az.1", - "mp.com.4.r4.az.nt.1", - "mp.s.4.az.nt.1" - ], - "MITRE-ATTACK": [ - "T1199", - "T1048", - "T1499", - "T1498", - "T1046" - ], - "CIS-2.0": [ - "6.4" - ], - "ProwlerThreatScore-1.0": [ - "2.1.4" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "SOC2": [ - "cc_6_6" - ], - "CIS-2.1": [ - "6.4" - ], - "CIS-3.0": [ - "7.4" - ], - "CCC": [ - "CCC.Build.CN03.AR01", - "CCC.MLDE.CN07.AR01", - "CCC.MLDE.CN07.AR02", - "CCC.MLDE.CN08.AR01", - "CCC.MLDE.CN08.AR02", - "CCC.Core.CN06.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05" - ], - "PCI-4.0": [ - "1.2.5.5", - "1.2.8.25", - "1.3.1.28", - "1.3.2.28", - "1.4.1.6", - "1.4.2.26", - "1.4.4.6", - "1.5.1.25", - "2.2.5.5", - "2.2.7.3", - "4.2.1.1.7", - "4.2.1.3", - "8.3.2.6", - "A1.1.3.25" - ], - "CIS-4.0": [ - "8.4" - ], - "NIS2": [ - "1.1.1.c", - "1.2.1", - "2.3.1", - "6.7.2.b", - "6.7.2.l", - "11.1.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900353, - "created_time_dt": "2025-10-19T18:59:13.053300", - "desc": "Network security groups should be periodically evaluated for port misconfigurations. Where certain ports and protocols may be exposed to the Internet, they should be evaluated for necessity and restricted wherever they are not explicitly required and narrowly configured.", - "title": "Ensure that HTTP(S) access from the Internet is evaluated and restricted", - "types": [], - "uid": "prowler-azure-network_http_internet_access_restricted-3bb71587-4549-4396-8898-9e15f062e665-westus2-nsg-lee8" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "westus2", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-lee8/providers/Microsoft.Network/networkSecurityGroups/nsg-lee8", - "name": "nsg-lee8", - "location": "westus2", - "security_rules": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-lee8/providers/Microsoft.Network/networkSecurityGroups/nsg-lee8/securityRules/nsgr-lee8", - "name": "nsgr-lee8", - "destination_port_range": "*", - "protocol": "*", - "source_address_prefix": "192.168.0.0/24", - "access": "Deny", - "direction": "Outbound" - } - ] - } - }, - "group": { - "name": "network" - }, - "labels": [], - "name": "nsg-lee8", - "type": "Network", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-lee8/providers/Microsoft.Network/networkSecurityGroups/nsg-lee8" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "westus2" - }, - "remediation": { - "desc": "Where HTTP(S) is not explicitly required and narrowly configured for resources attached to the Network Security Group, Internet-level access to your Azure resources should be restricted or eliminated. For internal access to relevant resources, configure an encrypted network tunnel such as: ExpressRoute Site-to-site VPN Point-to-site VPN", - "references": [] - }, - "risk_details": "The potential security problem with using HTTP(S) over the Internet is that attackers can use various brute force techniques to gain access to Azure resources. Once the attackers gain access, they can use the resource as a launch point for compromising other resources within the Azure tenant.", - "time": 1760900353, - "time_dt": "2025-10-19T18:59:13.053300", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Security Group nsg-lee8 from subscription Azure subscription 1 has RDP internet access restricted.", - "metadata": { - "event_code": "network_rdp_internet_access_restricted", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Security Group nsg-lee8 from subscription Azure subscription 1 has RDP internet access restricted.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/azure/security/azure-security-network-security-best-practices#disable-rdpssh-access-to-azure-virtual-machines", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.com.1.az.nw.1" - ], - "MITRE-ATTACK": [ - "T1199", - "T1048", - "T1499", - "T1498", - "T1046" - ], - "CIS-2.0": [ - "6.1" - ], - "ProwlerThreatScore-1.0": [ - "2.1.1" - ], - "ISO27001-2022": [ - "A.8.14", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "SOC2": [ - "cc_6_6" - ], - "CIS-2.1": [ - "6.1" - ], - "CIS-3.0": [ - "7.1" - ], - "CCC": [ - "CCC.Build.CN03.AR01", - "CCC.MLDE.CN07.AR01", - "CCC.MLDE.CN07.AR02", - "CCC.MLDE.CN08.AR01", - "CCC.MLDE.CN08.AR02", - "CCC.Core.CN06.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05" - ], - "CIS-4.0": [ - "8.1" - ], - "NIS2": [ - "2.3.1", - "6.7.2.b", - "6.7.2.l", - "11.1.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900353, - "created_time_dt": "2025-10-19T18:59:13.053300", - "desc": "Network security groups should be periodically evaluated for port misconfigurations. Where certain ports and protocols may be exposed to the Internet, they should be evaluated for necessity and restricted wherever they are not explicitly required.", - "title": "Ensure that RDP access from the Internet is evaluated and restricted", - "types": [], - "uid": "prowler-azure-network_rdp_internet_access_restricted-3bb71587-4549-4396-8898-9e15f062e665-westus2-nsg-lee8" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "westus2", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-lee8/providers/Microsoft.Network/networkSecurityGroups/nsg-lee8", - "name": "nsg-lee8", - "location": "westus2", - "security_rules": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-lee8/providers/Microsoft.Network/networkSecurityGroups/nsg-lee8/securityRules/nsgr-lee8", - "name": "nsgr-lee8", - "destination_port_range": "*", - "protocol": "*", - "source_address_prefix": "192.168.0.0/24", - "access": "Deny", - "direction": "Outbound" - } - ] - } - }, - "group": { - "name": "network" - }, - "labels": [], - "name": "nsg-lee8", - "type": "Network", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-lee8/providers/Microsoft.Network/networkSecurityGroups/nsg-lee8" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "westus2" - }, - "remediation": { - "desc": "Where RDP is not explicitly required and narrowly configured for resources attached to the Network Security Group, Internet-level access to your Azure resources should be restricted or eliminated. For internal access to relevant resources, configure an encrypted network tunnel such as: ExpressRoute Site-to-site VPN Point-to-site VPN", - "references": [ - "https://docs.microsoft.com/en-us/security/benchmark/azure/security-controls-v3-network-security#ns-1-establish-network-segmentation-boundaries" - ] - }, - "risk_details": "The potential security problem with using RDP over the Internet is that attackers can use various brute force techniques to gain access to Azure Virtual Machines. Once the attackers gain access, they can use a virtual machine as a launch point for compromising other machines on an Azure Virtual Network or even attack networked devices outside of Azure.", - "time": 1760900353, - "time_dt": "2025-10-19T18:59:13.053300", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Security Group nsg-lee8 from subscription Azure subscription 1 has SSH internet access restricted.", - "metadata": { - "event_code": "network_ssh_internet_access_restricted", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Security Group nsg-lee8 from subscription Azure subscription 1 has SSH internet access restricted.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/azure/security/azure-security-network-security-best-practices#disable-rdpssh-access-to-azure-virtual-machines", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.com.1.az.nw.2" - ], - "MITRE-ATTACK": [ - "T1199", - "T1048", - "T1499", - "T1498", - "T1046" - ], - "CIS-2.0": [ - "6.2" - ], - "ProwlerThreatScore-1.0": [ - "2.1.2" - ], - "ISO27001-2022": [ - "A.8.14", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "SOC2": [ - "cc_6_6" - ], - "CIS-2.1": [ - "6.2" - ], - "CIS-3.0": [ - "7.2" - ], - "CCC": [ - "CCC.Build.CN03.AR01", - "CCC.MLDE.CN07.AR01", - "CCC.MLDE.CN07.AR02", - "CCC.MLDE.CN08.AR01", - "CCC.MLDE.CN08.AR02", - "CCC.Core.CN01.AR02", - "CCC.Core.CN06.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05" - ], - "PCI-4.0": [ - "1.2.5.17", - "1.2.8.17", - "1.2.8.18", - "1.2.8.21", - "1.2.8.41", - "1.3.1.19", - "1.3.1.21", - "1.3.1.24", - "1.3.1.45", - "1.3.2.19", - "1.3.2.21", - "1.3.2.24", - "1.3.2.45", - "1.4.1.5", - "1.4.2.18", - "1.4.2.19", - "1.4.2.22", - "1.4.2.43", - "1.4.4.5", - "1.5.1.17", - "1.5.1.18", - "1.5.1.21", - "1.5.1.40", - "2.2.5.17", - "A1.1.3.17", - "A1.1.3.18", - "A1.1.3.21", - "A1.1.3.40" - ], - "CIS-4.0": [ - "8.2" - ], - "NIS2": [ - "2.3.1", - "6.7.2.b", - "6.7.2.l", - "11.1.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900353, - "created_time_dt": "2025-10-19T18:59:13.053300", - "desc": "Network security groups should be periodically evaluated for port misconfigurations. Where certain ports and protocols may be exposed to the Internet, they should be evaluated for necessity and restricted wherever they are not explicitly required.", - "title": "Ensure that SSH access from the Internet is evaluated and restricted", - "types": [], - "uid": "prowler-azure-network_ssh_internet_access_restricted-3bb71587-4549-4396-8898-9e15f062e665-westus2-nsg-lee8" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "westus2", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-lee8/providers/Microsoft.Network/networkSecurityGroups/nsg-lee8", - "name": "nsg-lee8", - "location": "westus2", - "security_rules": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-lee8/providers/Microsoft.Network/networkSecurityGroups/nsg-lee8/securityRules/nsgr-lee8", - "name": "nsgr-lee8", - "destination_port_range": "*", - "protocol": "*", - "source_address_prefix": "192.168.0.0/24", - "access": "Deny", - "direction": "Outbound" - } - ] - } - }, - "group": { - "name": "network" - }, - "labels": [], - "name": "nsg-lee8", - "type": "Network", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-lee8/providers/Microsoft.Network/networkSecurityGroups/nsg-lee8" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "westus2" - }, - "remediation": { - "desc": "Where SSH is not explicitly required and narrowly configured for resources attached to the Network Security Group, Internet-level access to your Azure resources should be restricted or eliminated. For internal access to relevant resources, configure an encrypted network tunnel such as: ExpressRoute Site-to-site VPN Point-to-site VPN", - "references": [ - "https://docs.microsoft.com/en-us/security/benchmark/azure/security-controls-v3-network-security#ns-1-establish-network-segmentation-boundaries" - ] - }, - "risk_details": "The potential security problem with using SSH over the Internet is that attackers can use various brute force techniques to gain access to Azure Virtual Machines. Once the attackers gain access, they can use a virtual machine as a launch point for compromising other machines on the Azure Virtual Network or even attack networked devices outside of Azure.", - "time": 1760900353, - "time_dt": "2025-10-19T18:59:13.053300", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Security Group nsg-lee8 from subscription Azure subscription 1 has UDP internet access restricted.", - "metadata": { - "event_code": "network_udp_internet_access_restricted", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Security Group nsg-lee8 from subscription Azure subscription 1 has UDP internet access restricted.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/azure/security/fundamentals/network-best-practices#secure-your-critical-azure-service-resources-to-only-your-virtual-networks", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.com.1.az.nw.3" - ], - "MITRE-ATTACK": [ - "T1199", - "T1048", - "T1499", - "T1498", - "T1046" - ], - "CIS-2.0": [ - "6.3" - ], - "ProwlerThreatScore-1.0": [ - "2.1.3" - ], - "ISO27001-2022": [ - "A.8.14", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "SOC2": [ - "cc_6_6" - ], - "CIS-2.1": [ - "6.3" - ], - "CIS-3.0": [ - "7.3" - ], - "CCC": [ - "CCC.Build.CN03.AR01", - "CCC.MLDE.CN07.AR01", - "CCC.MLDE.CN07.AR02", - "CCC.MLDE.CN08.AR01", - "CCC.MLDE.CN08.AR02", - "CCC.Core.CN06.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05" - ], - "CIS-4.0": [ - "8.3" - ], - "NIS2": [ - "2.3.1", - "6.7.2.b", - "6.7.2.l", - "11.1.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900353, - "created_time_dt": "2025-10-19T18:59:13.053300", - "desc": "Network security groups should be periodically evaluated for port misconfigurations. Where certain ports and protocols may be exposed to the Internet, they should be evaluated for necessity and restricted wherever they are not explicitly required.", - "title": "Ensure that UDP access from the Internet is evaluated and restricted", - "types": [], - "uid": "prowler-azure-network_udp_internet_access_restricted-3bb71587-4549-4396-8898-9e15f062e665-westus2-nsg-lee8" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "westus2", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-lee8/providers/Microsoft.Network/networkSecurityGroups/nsg-lee8", - "name": "nsg-lee8", - "location": "westus2", - "security_rules": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-lee8/providers/Microsoft.Network/networkSecurityGroups/nsg-lee8/securityRules/nsgr-lee8", - "name": "nsgr-lee8", - "destination_port_range": "*", - "protocol": "*", - "source_address_prefix": "192.168.0.0/24", - "access": "Deny", - "direction": "Outbound" - } - ] - } - }, - "group": { - "name": "network" - }, - "labels": [], - "name": "nsg-lee8", - "type": "Network", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-lee8/providers/Microsoft.Network/networkSecurityGroups/nsg-lee8" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "westus2" - }, - "remediation": { - "desc": "Where UDP is not explicitly required and narrowly configured for resources attached tothe Network Security Group, Internet-level access to your Azure resources should be restricted or eliminated. For internal access to relevant resources, configure an encrypted network tunnel such as: ExpressRouteSite-to-site VPN Point-to-site VPN", - "references": [ - "https://docs.microsoft.com/en-us/azure/security/fundamentals/ddos-best-practices" - ] - }, - "risk_details": "The potential security problem with broadly exposing UDP services over the Internet is that attackers can use DDoS amplification techniques to reflect spoofed UDP traffic from Azure Virtual Machines. The most common types of these attacks use exposed DNS, NTP, SSDP, SNMP, CLDAP and other UDP-based services as amplification sources for disrupting services of other machines on the Azure Virtual Network or even attack networked devices outside of Azure.", - "time": 1760900353, - "time_dt": "2025-10-19T18:59:13.053300", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Network Watcher is not enabled for the following locations in subscription 'Azure subscription 1': uaenorth, mexicocentral, westeurope, eastus, ukwest, polandcentral, westcentralus, jioindiacentral, koreacentral, malaysiawest, uaecentral, uksouth, canadaeast, northcentralus, japanwest, australiacentral2, brazilsouth, koreasouth, francesouth, switzerlandwest, indonesiacentral, centralus, southindia, australiaeast, francecentral, swedencentral, norwaywest, germanywestcentral, eastasia, australiasoutheast, westus3, southafricanorth, spaincentral, israelcentral, japaneast, eastus2, brazilsoutheast, germanynorth, qatarcentral, austriaeast, northeurope, australiacentral, chilecentral, newzealandnorth, norwayeast, westus, southafricawest, italynorth, southeastasia, switzerlandnorth, jioindiawest, canadacentral, westindia.", - "metadata": { - "event_code": "network_watcher_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Network Watcher is not enabled for the following locations in subscription 'Azure subscription 1': uaenorth, mexicocentral, westeurope, eastus, ukwest, polandcentral, westcentralus, jioindiacentral, koreacentral, malaysiawest, uaecentral, uksouth, canadaeast, northcentralus, japanwest, australiacentral2, brazilsouth, koreasouth, francesouth, switzerlandwest, indonesiacentral, centralus, southindia, australiaeast, francecentral, swedencentral, norwaywest, germanywestcentral, eastasia, australiasoutheast, westus3, southafricanorth, spaincentral, israelcentral, japaneast, eastus2, brazilsoutheast, germanynorth, qatarcentral, austriaeast, northeurope, australiacentral, chilecentral, newzealandnorth, norwayeast, westus, southafricawest, italynorth, southeastasia, switzerlandnorth, jioindiawest, canadacentral, westindia.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-monitoring-overview", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "There are additional costs per transaction to run and store network data. For high-volume networks these charges will add up quickly.", - "compliance": { - "ENS-RD2022": [ - "op.mon.1.az.nw.1", - "op.mon.2.r2.az.ma.1", - "op.mon.3.az.nw.1", - "mp.com.1.az.nw.1", - "mp.com.1.az.nw.2", - "mp.com.1.az.nw.3", - "mp.com.3.az.nw.1" - ], - "MITRE-ATTACK": [ - "T1048", - "T1499", - "T1498", - "T1046", - "T1049" - ], - "CIS-2.0": [ - "6.6" - ], - "ProwlerThreatScore-1.0": [ - "3.3.14" - ], - "ISO27001-2022": [ - "A.8.14", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "CIS-2.1": [ - "6.6" - ], - "CIS-3.0": [ - "7.6" - ], - "CCC": [ - "CCC.LB.CN01.AR02", - "CCC.LB.CN06.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN06.AR01" - ], - "CIS-4.0": [ - "8.6" - ], - "NIS2": [ - "2.3.1", - "6.7.2.b", - "6.7.2.l", - "6.8.2.a", - "11.1.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900353, - "created_time_dt": "2025-10-19T18:59:13.053300", - "desc": "Enable Network Watcher for Azure subscriptions.", - "title": "Ensure that Network Watcher is 'Enabled' for all locations in the Azure subscription", - "types": [], - "uid": "prowler-azure-network_watcher_enabled-3bb71587-4549-4396-8898-9e15f062e665-global-Network Watcher" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "network" - }, - "labels": [], - "name": "Network Watcher", - "type": "Network", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_*" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "Opting out of Network Watcher automatic enablement is a permanent change. Once you opt-out you cannot opt-in without contacting support.", - "references": [ - "https://learn.microsoft.com/en-us/security/benchmark/azure/security-controls-v2-logging-threat-detection#lt-3-enable-logging-for-azure-network-activities" - ] - }, - "risk_details": "Network diagnostic and visualization tools available with Network Watcher help users understand, diagnose, and gain insights to the network in Azure.", - "time": 1760900353, - "time_dt": "2025-10-19T18:59:13.053300", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Policy assigment '/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Authorization/policyAssignments/SecurityCenterBuiltIn' is configured with enforcement mode 'Default'.", - "metadata": { - "event_code": "policy_ensure_asc_enforcement_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Policy assigment '/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Authorization/policyAssignments/SecurityCenterBuiltIn' is configured with enforcement mode 'Default'.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/defender-for-cloud/security-policy-concept", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-2.0": [ - "2.1.14" - ], - "ProwlerThreatScore-1.0": [ - "3.3.17" - ], - "ISO27001-2022": [ - "A.5.1" - ], - "CIS-2.1": [ - "2.1.13" - ], - "CIS-3.0": [ - "3.1.11" - ], - "PCI-4.0": [ - "10.2.1.1.31", - "10.4.1.1.5", - "10.4.1.4", - "10.4.2.5", - "10.6.3.36", - "10.7.1.6", - "10.7.2.6", - "A3.3.1.9", - "A3.5.1.9" - ], - "CIS-4.0": [ - "9.1.11" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900353, - "created_time_dt": "2025-10-19T18:59:13.053300", - "desc": "None of the settings offered by ASC Default policy should be set to effect Disabled.", - "title": "Ensure Any of the ASC Default Policy Settings are Not Set to 'Disabled'", - "types": [], - "uid": "prowler-azure-policy_ensure_asc_enforcement_enabled-3bb71587-4549-4396-8898-9e15f062e665-global-SecurityCenterBuiltIn" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Authorization/policyAssignments/SecurityCenterBuiltIn", - "name": "SecurityCenterBuiltIn", - "enforcement_mode": "Default" - } - }, - "group": { - "name": "policy" - }, - "labels": [], - "name": "SecurityCenterBuiltIn", - "type": "Microsoft.Authorization/policyAssignments", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Authorization/policyAssignments/SecurityCenterBuiltIn" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. From Azure Home select the Portal Menu 2. Select Policy 3. Select ASC Default for each subscription 4. Click on 'view Assignment' 5. Click on 'Edit assignment' 6. Ensure Policy Enforcement is Enabled 7. Click 'Review + Save'", - "references": [ - "https://learn.microsoft.com/en-us/azure/defender-for-cloud/implement-security-recommendations" - ] - }, - "risk_details": "A security policy defines the desired configuration of your workloads and helps ensure compliance with company or regulatory security requirements. ASC Default policy is associated with every subscription by default. ASC default policy assignment is a set of security recommendations based on best practices. Enabling recommendations in ASC default policy ensures that Azure security center provides the ability to monitor all of the supported recommendations and optionally allow automated action for a few of the supported recommendations.", - "time": 1760900353, - "time_dt": "2025-10-19T18:59:13.053300", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-e9rn from subscription Azure subscription 1 has allow public access from any Azure service disabled", - "metadata": { - "event_code": "postgresql_flexible_server_allow_access_services_disabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-e9rn from subscription Azure subscription 1 has allow public access from any Azure service disabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/azure/postgresql/concepts-firewall-rules", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.r4.az.sa.3" - ], - "CIS-2.0": [ - "4.3.7" - ], - "ProwlerThreatScore-1.0": [ - "2.2.2" - ], - "ISO27001-2022": [ - "A.8.3" - ], - "CIS-2.1": [ - "4.3.7" - ], - "CIS-3.0": [ - "5.2.5" - ], - "CCC": [ - "CCC.DataWar.CN03.AR01" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900353, - "created_time_dt": "2025-10-19T18:59:13.053300", - "desc": "Disable access from Azure services to PostgreSQL Database Server.", - "title": "Ensure 'Allow access to Azure services' for PostgreSQL Database Server is disabled", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_allow_access_services_disabled-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-e9rn" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn", - "name": "psql-e9rn", - "resource_group": "rg-e9rn", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-e9rn", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Connection security. 4. Under Firewall rules, set Allow access to Azure services to No. 5. Click Save. From Azure CLI Use the below command to delete the AllowAllWindowsAzureIps rule for PostgreSQL Database. az postgres server firewall-rule delete --name AllowAllWindowsAzureIps -- resource-group --server-name ", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/quickstart-create-server-database-azure-cli#configure-a-server-based-firewall-rule" - ] - }, - "risk_details": "If access from Azure services is enabled, the server's firewall will accept connections from all Azure resources, including resources not in your subscription. This is usually not a desired configuration. Instead, set up firewall rules to allow access from specific network ranges or VNET rules to allow access from specific virtual networks.", - "time": 1760900353, - "time_dt": "2025-10-19T18:59:13.053300", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-ireu from subscription Azure subscription 1 has allow public access from any Azure service disabled", - "metadata": { - "event_code": "postgresql_flexible_server_allow_access_services_disabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-ireu from subscription Azure subscription 1 has allow public access from any Azure service disabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/azure/postgresql/concepts-firewall-rules", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.r4.az.sa.3" - ], - "CIS-2.0": [ - "4.3.7" - ], - "ProwlerThreatScore-1.0": [ - "2.2.2" - ], - "ISO27001-2022": [ - "A.8.3" - ], - "CIS-2.1": [ - "4.3.7" - ], - "CIS-3.0": [ - "5.2.5" - ], - "CCC": [ - "CCC.DataWar.CN03.AR01" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900353, - "created_time_dt": "2025-10-19T18:59:13.053300", - "desc": "Disable access from Azure services to PostgreSQL Database Server.", - "title": "Ensure 'Allow access to Azure services' for PostgreSQL Database Server is disabled", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_allow_access_services_disabled-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-ireu" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu", - "name": "psql-ireu", - "resource_group": "rg-ireu", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-ireu", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Connection security. 4. Under Firewall rules, set Allow access to Azure services to No. 5. Click Save. From Azure CLI Use the below command to delete the AllowAllWindowsAzureIps rule for PostgreSQL Database. az postgres server firewall-rule delete --name AllowAllWindowsAzureIps -- resource-group --server-name ", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/quickstart-create-server-database-azure-cli#configure-a-server-based-firewall-rule" - ] - }, - "risk_details": "If access from Azure services is enabled, the server's firewall will accept connections from all Azure resources, including resources not in your subscription. This is usually not a desired configuration. Instead, set up firewall rules to allow access from specific network ranges or VNET rules to allow access from specific virtual networks.", - "time": 1760900353, - "time_dt": "2025-10-19T18:59:13.053300", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-rk6x from subscription Azure subscription 1 has allow public access from any Azure service disabled", - "metadata": { - "event_code": "postgresql_flexible_server_allow_access_services_disabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-rk6x from subscription Azure subscription 1 has allow public access from any Azure service disabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/azure/postgresql/concepts-firewall-rules", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.r4.az.sa.3" - ], - "CIS-2.0": [ - "4.3.7" - ], - "ProwlerThreatScore-1.0": [ - "2.2.2" - ], - "ISO27001-2022": [ - "A.8.3" - ], - "CIS-2.1": [ - "4.3.7" - ], - "CIS-3.0": [ - "5.2.5" - ], - "CCC": [ - "CCC.DataWar.CN03.AR01" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900353, - "created_time_dt": "2025-10-19T18:59:13.053300", - "desc": "Disable access from Azure services to PostgreSQL Database Server.", - "title": "Ensure 'Allow access to Azure services' for PostgreSQL Database Server is disabled", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_allow_access_services_disabled-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-rk6x" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x", - "name": "psql-rk6x", - "resource_group": "rg-rk6x", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-rk6x", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Connection security. 4. Under Firewall rules, set Allow access to Azure services to No. 5. Click Save. From Azure CLI Use the below command to delete the AllowAllWindowsAzureIps rule for PostgreSQL Database. az postgres server firewall-rule delete --name AllowAllWindowsAzureIps -- resource-group --server-name ", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/quickstart-create-server-database-azure-cli#configure-a-server-based-firewall-rule" - ] - }, - "risk_details": "If access from Azure services is enabled, the server's firewall will accept connections from all Azure resources, including resources not in your subscription. This is usually not a desired configuration. Instead, set up firewall rules to allow access from specific network ranges or VNET rules to allow access from specific virtual networks.", - "time": 1760900353, - "time_dt": "2025-10-19T18:59:13.053300", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-rtac from subscription Azure subscription 1 has allow public access from any Azure service disabled", - "metadata": { - "event_code": "postgresql_flexible_server_allow_access_services_disabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-rtac from subscription Azure subscription 1 has allow public access from any Azure service disabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/azure/postgresql/concepts-firewall-rules", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.r4.az.sa.3" - ], - "CIS-2.0": [ - "4.3.7" - ], - "ProwlerThreatScore-1.0": [ - "2.2.2" - ], - "ISO27001-2022": [ - "A.8.3" - ], - "CIS-2.1": [ - "4.3.7" - ], - "CIS-3.0": [ - "5.2.5" - ], - "CCC": [ - "CCC.DataWar.CN03.AR01" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900353, - "created_time_dt": "2025-10-19T18:59:13.053300", - "desc": "Disable access from Azure services to PostgreSQL Database Server.", - "title": "Ensure 'Allow access to Azure services' for PostgreSQL Database Server is disabled", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_allow_access_services_disabled-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-rtac" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac", - "name": "psql-rtac", - "resource_group": "rg-rtac", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-rtac", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Connection security. 4. Under Firewall rules, set Allow access to Azure services to No. 5. Click Save. From Azure CLI Use the below command to delete the AllowAllWindowsAzureIps rule for PostgreSQL Database. az postgres server firewall-rule delete --name AllowAllWindowsAzureIps -- resource-group --server-name ", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/quickstart-create-server-database-azure-cli#configure-a-server-based-firewall-rule" - ] - }, - "risk_details": "If access from Azure services is enabled, the server's firewall will accept connections from all Azure resources, including resources not in your subscription. This is usually not a desired configuration. Instead, set up firewall rules to allow access from specific network ranges or VNET rules to allow access from specific virtual networks.", - "time": 1760900353, - "time_dt": "2025-10-19T18:59:13.053300", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-tumw from subscription Azure subscription 1 has allow public access from any Azure service disabled", - "metadata": { - "event_code": "postgresql_flexible_server_allow_access_services_disabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-tumw from subscription Azure subscription 1 has allow public access from any Azure service disabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/azure/postgresql/concepts-firewall-rules", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.r4.az.sa.3" - ], - "CIS-2.0": [ - "4.3.7" - ], - "ProwlerThreatScore-1.0": [ - "2.2.2" - ], - "ISO27001-2022": [ - "A.8.3" - ], - "CIS-2.1": [ - "4.3.7" - ], - "CIS-3.0": [ - "5.2.5" - ], - "CCC": [ - "CCC.DataWar.CN03.AR01" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900353, - "created_time_dt": "2025-10-19T18:59:13.053300", - "desc": "Disable access from Azure services to PostgreSQL Database Server.", - "title": "Ensure 'Allow access to Azure services' for PostgreSQL Database Server is disabled", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_allow_access_services_disabled-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-tumw" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw", - "name": "psql-tumw", - "resource_group": "rg-tumw", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-tumw", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Connection security. 4. Under Firewall rules, set Allow access to Azure services to No. 5. Click Save. From Azure CLI Use the below command to delete the AllowAllWindowsAzureIps rule for PostgreSQL Database. az postgres server firewall-rule delete --name AllowAllWindowsAzureIps -- resource-group --server-name ", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/quickstart-create-server-database-azure-cli#configure-a-server-based-firewall-rule" - ] - }, - "risk_details": "If access from Azure services is enabled, the server's firewall will accept connections from all Azure resources, including resources not in your subscription. This is usually not a desired configuration. Instead, set up firewall rules to allow access from specific network ranges or VNET rules to allow access from specific virtual networks.", - "time": 1760900353, - "time_dt": "2025-10-19T18:59:13.053300", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-e9rn from subscription Azure subscription 1 has connection_throttling disabled", - "metadata": { - "event_code": "postgresql_flexible_server_connection_throttling_on", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Flexible Postgresql server psql-e9rn from subscription Azure subscription 1 has connection_throttling disabled", - "status_id": 1, - "unmapped": { - "related_url": " https://docs.microsoft.com/en-us/rest/api/postgresql/configurations/listbyserver", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-2.0": [ - "4.3.5" - ], - "ProwlerThreatScore-1.0": [ - "3.1.2" - ], - "CIS-2.1": [ - "4.3.5" - ], - "CIS-3.0": [ - "5.2.3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900353, - "created_time_dt": "2025-10-19T18:59:13.053300", - "desc": "Enable connection_throttling on PostgreSQL Servers.", - "title": "Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_connection_throttling_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-e9rn" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn", - "name": "psql-e9rn", - "resource_group": "rg-e9rn", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-e9rn", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for connection_throttling. 5. Click ON and save. From Azure CLI Use the below command to update connection_throttling configuration. az postgres server configuration set --resource-group -- server-name --name connection_throttling --value on From PowerShell Use the below command to update connection_throttling configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name connection_throttling -Value on", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/how-to-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling connection_throttling helps the PostgreSQL Database to Set the verbosity of logged messages. This in turn generates query and error logs with respect to concurrent connections that could lead to a successful Denial of Service (DoS) attack by exhausting connection resources. A system can also fail or be degraded by an overload of legitimate users. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760900353, - "time_dt": "2025-10-19T18:59:13.053300", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-ireu from subscription Azure subscription 1 has connection_throttling disabled", - "metadata": { - "event_code": "postgresql_flexible_server_connection_throttling_on", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Flexible Postgresql server psql-ireu from subscription Azure subscription 1 has connection_throttling disabled", - "status_id": 1, - "unmapped": { - "related_url": " https://docs.microsoft.com/en-us/rest/api/postgresql/configurations/listbyserver", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-2.0": [ - "4.3.5" - ], - "ProwlerThreatScore-1.0": [ - "3.1.2" - ], - "CIS-2.1": [ - "4.3.5" - ], - "CIS-3.0": [ - "5.2.3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900353, - "created_time_dt": "2025-10-19T18:59:13.053300", - "desc": "Enable connection_throttling on PostgreSQL Servers.", - "title": "Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_connection_throttling_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-ireu" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu", - "name": "psql-ireu", - "resource_group": "rg-ireu", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-ireu", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for connection_throttling. 5. Click ON and save. From Azure CLI Use the below command to update connection_throttling configuration. az postgres server configuration set --resource-group -- server-name --name connection_throttling --value on From PowerShell Use the below command to update connection_throttling configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name connection_throttling -Value on", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/how-to-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling connection_throttling helps the PostgreSQL Database to Set the verbosity of logged messages. This in turn generates query and error logs with respect to concurrent connections that could lead to a successful Denial of Service (DoS) attack by exhausting connection resources. A system can also fail or be degraded by an overload of legitimate users. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760900353, - "time_dt": "2025-10-19T18:59:13.053300", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-rk6x from subscription Azure subscription 1 has connection_throttling disabled", - "metadata": { - "event_code": "postgresql_flexible_server_connection_throttling_on", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Flexible Postgresql server psql-rk6x from subscription Azure subscription 1 has connection_throttling disabled", - "status_id": 1, - "unmapped": { - "related_url": " https://docs.microsoft.com/en-us/rest/api/postgresql/configurations/listbyserver", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-2.0": [ - "4.3.5" - ], - "ProwlerThreatScore-1.0": [ - "3.1.2" - ], - "CIS-2.1": [ - "4.3.5" - ], - "CIS-3.0": [ - "5.2.3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900353, - "created_time_dt": "2025-10-19T18:59:13.053300", - "desc": "Enable connection_throttling on PostgreSQL Servers.", - "title": "Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_connection_throttling_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-rk6x" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x", - "name": "psql-rk6x", - "resource_group": "rg-rk6x", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-rk6x", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for connection_throttling. 5. Click ON and save. From Azure CLI Use the below command to update connection_throttling configuration. az postgres server configuration set --resource-group -- server-name --name connection_throttling --value on From PowerShell Use the below command to update connection_throttling configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name connection_throttling -Value on", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/how-to-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling connection_throttling helps the PostgreSQL Database to Set the verbosity of logged messages. This in turn generates query and error logs with respect to concurrent connections that could lead to a successful Denial of Service (DoS) attack by exhausting connection resources. A system can also fail or be degraded by an overload of legitimate users. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760900353, - "time_dt": "2025-10-19T18:59:13.053300", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-rtac from subscription Azure subscription 1 has connection_throttling disabled", - "metadata": { - "event_code": "postgresql_flexible_server_connection_throttling_on", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Flexible Postgresql server psql-rtac from subscription Azure subscription 1 has connection_throttling disabled", - "status_id": 1, - "unmapped": { - "related_url": " https://docs.microsoft.com/en-us/rest/api/postgresql/configurations/listbyserver", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-2.0": [ - "4.3.5" - ], - "ProwlerThreatScore-1.0": [ - "3.1.2" - ], - "CIS-2.1": [ - "4.3.5" - ], - "CIS-3.0": [ - "5.2.3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900353, - "created_time_dt": "2025-10-19T18:59:13.053300", - "desc": "Enable connection_throttling on PostgreSQL Servers.", - "title": "Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_connection_throttling_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-rtac" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac", - "name": "psql-rtac", - "resource_group": "rg-rtac", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-rtac", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for connection_throttling. 5. Click ON and save. From Azure CLI Use the below command to update connection_throttling configuration. az postgres server configuration set --resource-group -- server-name --name connection_throttling --value on From PowerShell Use the below command to update connection_throttling configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name connection_throttling -Value on", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/how-to-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling connection_throttling helps the PostgreSQL Database to Set the verbosity of logged messages. This in turn generates query and error logs with respect to concurrent connections that could lead to a successful Denial of Service (DoS) attack by exhausting connection resources. A system can also fail or be degraded by an overload of legitimate users. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760900353, - "time_dt": "2025-10-19T18:59:13.053300", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-tumw from subscription Azure subscription 1 has connection_throttling disabled", - "metadata": { - "event_code": "postgresql_flexible_server_connection_throttling_on", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Flexible Postgresql server psql-tumw from subscription Azure subscription 1 has connection_throttling disabled", - "status_id": 1, - "unmapped": { - "related_url": " https://docs.microsoft.com/en-us/rest/api/postgresql/configurations/listbyserver", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-2.0": [ - "4.3.5" - ], - "ProwlerThreatScore-1.0": [ - "3.1.2" - ], - "CIS-2.1": [ - "4.3.5" - ], - "CIS-3.0": [ - "5.2.3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900353, - "created_time_dt": "2025-10-19T18:59:13.053300", - "desc": "Enable connection_throttling on PostgreSQL Servers.", - "title": "Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_connection_throttling_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-tumw" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw", - "name": "psql-tumw", - "resource_group": "rg-tumw", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-tumw", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for connection_throttling. 5. Click ON and save. From Azure CLI Use the below command to update connection_throttling configuration. az postgres server configuration set --resource-group -- server-name --name connection_throttling --value on From PowerShell Use the below command to update connection_throttling configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name connection_throttling -Value on", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/how-to-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling connection_throttling helps the PostgreSQL Database to Set the verbosity of logged messages. This in turn generates query and error logs with respect to concurrent connections that could lead to a successful Denial of Service (DoS) attack by exhausting connection resources. A system can also fail or be degraded by an overload of legitimate users. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760900353, - "time_dt": "2025-10-19T18:59:13.053300", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-e9rn from subscription Azure subscription 1 has enforce ssl enabled", - "metadata": { - "event_code": "postgresql_flexible_server_enforce_ssl_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-e9rn from subscription Azure subscription 1 has enforce ssl enabled", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/postgresql/single-server/concepts-ssl-connection-security", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": ".", - "compliance": { - "MITRE-ATTACK": [ - "T1040", - "T1530" - ], - "CIS-2.0": [ - "4.3.1" - ], - "ProwlerThreatScore-1.0": [ - "4.1.1", - "4.1.2" - ], - "SOC2": [ - "cc_6_2", - "cc_6_6" - ], - "CIS-2.1": [ - "4.3.1" - ], - "CIS-3.0": [ - "5.2.1", - "5.3.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900353, - "created_time_dt": "2025-10-19T18:59:13.053300", - "desc": "Enable SSL connection on PostgreSQL Servers.", - "title": "Ensure 'Enforce SSL connection' is set to 'ENABLED' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_enforce_ssl_enabled-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-e9rn" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn", - "name": "psql-e9rn", - "resource_group": "rg-e9rn", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-e9rn", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com 2. Go to Azure Database for PostgreSQL server 3. For each database, click on Connection security 4. In SSL settings, click on ENABLED to enforce SSL connections 5. Click Save From Azure CLI Use the below command to enforce ssl connection for PostgreSQL Database. az postgres server update --resource-group --name --ssl-enforcement Enabled From PowerShell Update-AzPostgreSqlServer -ResourceGroupName -ServerName -SslEnforcement Enabled", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/concepts-ssl-connection-security" - ] - }, - "risk_details": "SSL connectivity helps to provide a new layer of security by connecting database server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between database server and client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and application.", - "time": 1760900353, - "time_dt": "2025-10-19T18:59:13.053300", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-ireu from subscription Azure subscription 1 has enforce ssl enabled", - "metadata": { - "event_code": "postgresql_flexible_server_enforce_ssl_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-ireu from subscription Azure subscription 1 has enforce ssl enabled", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/postgresql/single-server/concepts-ssl-connection-security", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": ".", - "compliance": { - "MITRE-ATTACK": [ - "T1040", - "T1530" - ], - "CIS-2.0": [ - "4.3.1" - ], - "ProwlerThreatScore-1.0": [ - "4.1.1", - "4.1.2" - ], - "SOC2": [ - "cc_6_2", - "cc_6_6" - ], - "CIS-2.1": [ - "4.3.1" - ], - "CIS-3.0": [ - "5.2.1", - "5.3.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900353, - "created_time_dt": "2025-10-19T18:59:13.053300", - "desc": "Enable SSL connection on PostgreSQL Servers.", - "title": "Ensure 'Enforce SSL connection' is set to 'ENABLED' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_enforce_ssl_enabled-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-ireu" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu", - "name": "psql-ireu", - "resource_group": "rg-ireu", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-ireu", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com 2. Go to Azure Database for PostgreSQL server 3. For each database, click on Connection security 4. In SSL settings, click on ENABLED to enforce SSL connections 5. Click Save From Azure CLI Use the below command to enforce ssl connection for PostgreSQL Database. az postgres server update --resource-group --name --ssl-enforcement Enabled From PowerShell Update-AzPostgreSqlServer -ResourceGroupName -ServerName -SslEnforcement Enabled", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/concepts-ssl-connection-security" - ] - }, - "risk_details": "SSL connectivity helps to provide a new layer of security by connecting database server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between database server and client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and application.", - "time": 1760900353, - "time_dt": "2025-10-19T18:59:13.053300", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-rk6x from subscription Azure subscription 1 has enforce ssl enabled", - "metadata": { - "event_code": "postgresql_flexible_server_enforce_ssl_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-rk6x from subscription Azure subscription 1 has enforce ssl enabled", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/postgresql/single-server/concepts-ssl-connection-security", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": ".", - "compliance": { - "MITRE-ATTACK": [ - "T1040", - "T1530" - ], - "CIS-2.0": [ - "4.3.1" - ], - "ProwlerThreatScore-1.0": [ - "4.1.1", - "4.1.2" - ], - "SOC2": [ - "cc_6_2", - "cc_6_6" - ], - "CIS-2.1": [ - "4.3.1" - ], - "CIS-3.0": [ - "5.2.1", - "5.3.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900353, - "created_time_dt": "2025-10-19T18:59:13.053300", - "desc": "Enable SSL connection on PostgreSQL Servers.", - "title": "Ensure 'Enforce SSL connection' is set to 'ENABLED' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_enforce_ssl_enabled-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-rk6x" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x", - "name": "psql-rk6x", - "resource_group": "rg-rk6x", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-rk6x", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com 2. Go to Azure Database for PostgreSQL server 3. For each database, click on Connection security 4. In SSL settings, click on ENABLED to enforce SSL connections 5. Click Save From Azure CLI Use the below command to enforce ssl connection for PostgreSQL Database. az postgres server update --resource-group --name --ssl-enforcement Enabled From PowerShell Update-AzPostgreSqlServer -ResourceGroupName -ServerName -SslEnforcement Enabled", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/concepts-ssl-connection-security" - ] - }, - "risk_details": "SSL connectivity helps to provide a new layer of security by connecting database server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between database server and client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and application.", - "time": 1760900353, - "time_dt": "2025-10-19T18:59:13.053300", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-rtac from subscription Azure subscription 1 has enforce ssl enabled", - "metadata": { - "event_code": "postgresql_flexible_server_enforce_ssl_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-rtac from subscription Azure subscription 1 has enforce ssl enabled", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/postgresql/single-server/concepts-ssl-connection-security", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": ".", - "compliance": { - "MITRE-ATTACK": [ - "T1040", - "T1530" - ], - "CIS-2.0": [ - "4.3.1" - ], - "ProwlerThreatScore-1.0": [ - "4.1.1", - "4.1.2" - ], - "SOC2": [ - "cc_6_2", - "cc_6_6" - ], - "CIS-2.1": [ - "4.3.1" - ], - "CIS-3.0": [ - "5.2.1", - "5.3.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900353, - "created_time_dt": "2025-10-19T18:59:13.053300", - "desc": "Enable SSL connection on PostgreSQL Servers.", - "title": "Ensure 'Enforce SSL connection' is set to 'ENABLED' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_enforce_ssl_enabled-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-rtac" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac", - "name": "psql-rtac", - "resource_group": "rg-rtac", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-rtac", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com 2. Go to Azure Database for PostgreSQL server 3. For each database, click on Connection security 4. In SSL settings, click on ENABLED to enforce SSL connections 5. Click Save From Azure CLI Use the below command to enforce ssl connection for PostgreSQL Database. az postgres server update --resource-group --name --ssl-enforcement Enabled From PowerShell Update-AzPostgreSqlServer -ResourceGroupName -ServerName -SslEnforcement Enabled", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/concepts-ssl-connection-security" - ] - }, - "risk_details": "SSL connectivity helps to provide a new layer of security by connecting database server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between database server and client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and application.", - "time": 1760900353, - "time_dt": "2025-10-19T18:59:13.053300", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-tumw from subscription Azure subscription 1 has enforce ssl enabled", - "metadata": { - "event_code": "postgresql_flexible_server_enforce_ssl_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-tumw from subscription Azure subscription 1 has enforce ssl enabled", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/postgresql/single-server/concepts-ssl-connection-security", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": ".", - "compliance": { - "MITRE-ATTACK": [ - "T1040", - "T1530" - ], - "CIS-2.0": [ - "4.3.1" - ], - "ProwlerThreatScore-1.0": [ - "4.1.1", - "4.1.2" - ], - "SOC2": [ - "cc_6_2", - "cc_6_6" - ], - "CIS-2.1": [ - "4.3.1" - ], - "CIS-3.0": [ - "5.2.1", - "5.3.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900353, - "created_time_dt": "2025-10-19T18:59:13.053300", - "desc": "Enable SSL connection on PostgreSQL Servers.", - "title": "Ensure 'Enforce SSL connection' is set to 'ENABLED' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_enforce_ssl_enabled-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-tumw" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw", - "name": "psql-tumw", - "resource_group": "rg-tumw", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-tumw", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com 2. Go to Azure Database for PostgreSQL server 3. For each database, click on Connection security 4. In SSL settings, click on ENABLED to enforce SSL connections 5. Click Save From Azure CLI Use the below command to enforce ssl connection for PostgreSQL Database. az postgres server update --resource-group --name --ssl-enforcement Enabled From PowerShell Update-AzPostgreSqlServer -ResourceGroupName -ServerName -SslEnforcement Enabled", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/concepts-ssl-connection-security" - ] - }, - "risk_details": "SSL connectivity helps to provide a new layer of security by connecting database server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between database server and client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and application.", - "time": 1760900353, - "time_dt": "2025-10-19T18:59:13.053300", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-e9rn from subscription Azure subscription 1 has log_checkpoints enabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_checkpoints_on", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-e9rn from subscription Azure subscription 1 has log_checkpoints enabled", - "status_id": 1, - "unmapped": { - "related_url": " https://docs.microsoft.com/en-us/rest/api/postgresql/singleserver/configurations/list-by-server", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.3" - ], - "CIS-2.0": [ - "4.3.2" - ], - "ProwlerThreatScore-1.0": [ - "3.1.1" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "4.3.2" - ], - "CIS-3.0": [ - "5.2.2" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.g", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900353, - "created_time_dt": "2025-10-19T18:59:13.053300", - "desc": "Enable log_checkpoints on PostgreSQL Servers.", - "title": "Ensure Server Parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_checkpoints_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-e9rn" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn", - "name": "psql-e9rn", - "resource_group": "rg-e9rn", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-e9rn", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. From Azure Home select the Portal Menu. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for log_checkpoints. 5. Click ON and save. From Azure CLI Use the below command to update log_checkpoints configuration. az postgres server configuration set --resource-group -- server-name --name log_checkpoints --value on From PowerShell Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_checkpoints -Value on", - "references": [ - "https://docs.microsoft.com/en-us/azure/postgresql/howto-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling log_checkpoints helps the PostgreSQL Database to Log each checkpoint in turn generates query and error logs. However, access to transaction logs is not supported. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760900353, - "time_dt": "2025-10-19T18:59:13.053300", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-ireu from subscription Azure subscription 1 has log_checkpoints enabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_checkpoints_on", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-ireu from subscription Azure subscription 1 has log_checkpoints enabled", - "status_id": 1, - "unmapped": { - "related_url": " https://docs.microsoft.com/en-us/rest/api/postgresql/singleserver/configurations/list-by-server", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.3" - ], - "CIS-2.0": [ - "4.3.2" - ], - "ProwlerThreatScore-1.0": [ - "3.1.1" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "4.3.2" - ], - "CIS-3.0": [ - "5.2.2" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.g", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900353, - "created_time_dt": "2025-10-19T18:59:13.053300", - "desc": "Enable log_checkpoints on PostgreSQL Servers.", - "title": "Ensure Server Parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_checkpoints_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-ireu" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu", - "name": "psql-ireu", - "resource_group": "rg-ireu", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-ireu", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. From Azure Home select the Portal Menu. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for log_checkpoints. 5. Click ON and save. From Azure CLI Use the below command to update log_checkpoints configuration. az postgres server configuration set --resource-group -- server-name --name log_checkpoints --value on From PowerShell Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_checkpoints -Value on", - "references": [ - "https://docs.microsoft.com/en-us/azure/postgresql/howto-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling log_checkpoints helps the PostgreSQL Database to Log each checkpoint in turn generates query and error logs. However, access to transaction logs is not supported. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760900353, - "time_dt": "2025-10-19T18:59:13.053300", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-rk6x from subscription Azure subscription 1 has log_checkpoints enabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_checkpoints_on", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-rk6x from subscription Azure subscription 1 has log_checkpoints enabled", - "status_id": 1, - "unmapped": { - "related_url": " https://docs.microsoft.com/en-us/rest/api/postgresql/singleserver/configurations/list-by-server", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.3" - ], - "CIS-2.0": [ - "4.3.2" - ], - "ProwlerThreatScore-1.0": [ - "3.1.1" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "4.3.2" - ], - "CIS-3.0": [ - "5.2.2" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.g", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900353, - "created_time_dt": "2025-10-19T18:59:13.053300", - "desc": "Enable log_checkpoints on PostgreSQL Servers.", - "title": "Ensure Server Parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_checkpoints_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-rk6x" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x", - "name": "psql-rk6x", - "resource_group": "rg-rk6x", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-rk6x", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. From Azure Home select the Portal Menu. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for log_checkpoints. 5. Click ON and save. From Azure CLI Use the below command to update log_checkpoints configuration. az postgres server configuration set --resource-group -- server-name --name log_checkpoints --value on From PowerShell Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_checkpoints -Value on", - "references": [ - "https://docs.microsoft.com/en-us/azure/postgresql/howto-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling log_checkpoints helps the PostgreSQL Database to Log each checkpoint in turn generates query and error logs. However, access to transaction logs is not supported. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760900353, - "time_dt": "2025-10-19T18:59:13.053300", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-rtac from subscription Azure subscription 1 has log_checkpoints enabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_checkpoints_on", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-rtac from subscription Azure subscription 1 has log_checkpoints enabled", - "status_id": 1, - "unmapped": { - "related_url": " https://docs.microsoft.com/en-us/rest/api/postgresql/singleserver/configurations/list-by-server", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.3" - ], - "CIS-2.0": [ - "4.3.2" - ], - "ProwlerThreatScore-1.0": [ - "3.1.1" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "4.3.2" - ], - "CIS-3.0": [ - "5.2.2" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.g", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900353, - "created_time_dt": "2025-10-19T18:59:13.053300", - "desc": "Enable log_checkpoints on PostgreSQL Servers.", - "title": "Ensure Server Parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_checkpoints_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-rtac" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac", - "name": "psql-rtac", - "resource_group": "rg-rtac", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-rtac", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. From Azure Home select the Portal Menu. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for log_checkpoints. 5. Click ON and save. From Azure CLI Use the below command to update log_checkpoints configuration. az postgres server configuration set --resource-group -- server-name --name log_checkpoints --value on From PowerShell Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_checkpoints -Value on", - "references": [ - "https://docs.microsoft.com/en-us/azure/postgresql/howto-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling log_checkpoints helps the PostgreSQL Database to Log each checkpoint in turn generates query and error logs. However, access to transaction logs is not supported. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760900353, - "time_dt": "2025-10-19T18:59:13.053300", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-tumw from subscription Azure subscription 1 has log_checkpoints enabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_checkpoints_on", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-tumw from subscription Azure subscription 1 has log_checkpoints enabled", - "status_id": 1, - "unmapped": { - "related_url": " https://docs.microsoft.com/en-us/rest/api/postgresql/singleserver/configurations/list-by-server", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.3" - ], - "CIS-2.0": [ - "4.3.2" - ], - "ProwlerThreatScore-1.0": [ - "3.1.1" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "4.3.2" - ], - "CIS-3.0": [ - "5.2.2" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.g", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900353, - "created_time_dt": "2025-10-19T18:59:13.053300", - "desc": "Enable log_checkpoints on PostgreSQL Servers.", - "title": "Ensure Server Parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_checkpoints_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-tumw" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw", - "name": "psql-tumw", - "resource_group": "rg-tumw", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-tumw", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. From Azure Home select the Portal Menu. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for log_checkpoints. 5. Click ON and save. From Azure CLI Use the below command to update log_checkpoints configuration. az postgres server configuration set --resource-group -- server-name --name log_checkpoints --value on From PowerShell Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_checkpoints -Value on", - "references": [ - "https://docs.microsoft.com/en-us/azure/postgresql/howto-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling log_checkpoints helps the PostgreSQL Database to Log each checkpoint in turn generates query and error logs. However, access to transaction logs is not supported. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760900353, - "time_dt": "2025-10-19T18:59:13.053300", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-e9rn from subscription Azure subscription 1 has log_connections enabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_connections_on", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-e9rn from subscription Azure subscription 1 has log_connections enabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/rest/api/postgresql/configurations/listbyserver", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.3" - ], - "CIS-2.0": [ - "4.3.3" - ], - "ProwlerThreatScore-1.0": [ - "3.1.3" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "4.3.3" - ], - "CIS-3.0": [ - "5.2.6" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.c", - "3.2.3.e", - "3.2.3.g", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900353, - "created_time_dt": "2025-10-19T18:59:13.053300", - "desc": "Enable log_connections on PostgreSQL Servers.", - "title": "Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_connections_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-e9rn" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn", - "name": "psql-e9rn", - "resource_group": "rg-e9rn", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-e9rn", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for log_connections. 5. Click ON and save. From Azure CLI Use the below command to update log_connections configuration. az postgres server configuration set --resource-group -- server-name --name log_connections --value on From PowerShell Use the below command to update log_connections configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_connections -Value on", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/how-to-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling log_connections helps PostgreSQL Database to log attempted connection to the server, as well as successful completion of client authentication. Log data can be used to identify, troubleshoot, and repair configuration errors and suboptimal performance.", - "time": 1760900353, - "time_dt": "2025-10-19T18:59:13.053300", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-ireu from subscription Azure subscription 1 has log_connections enabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_connections_on", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-ireu from subscription Azure subscription 1 has log_connections enabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/rest/api/postgresql/configurations/listbyserver", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.3" - ], - "CIS-2.0": [ - "4.3.3" - ], - "ProwlerThreatScore-1.0": [ - "3.1.3" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "4.3.3" - ], - "CIS-3.0": [ - "5.2.6" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.c", - "3.2.3.e", - "3.2.3.g", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900353, - "created_time_dt": "2025-10-19T18:59:13.053300", - "desc": "Enable log_connections on PostgreSQL Servers.", - "title": "Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_connections_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-ireu" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu", - "name": "psql-ireu", - "resource_group": "rg-ireu", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-ireu", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for log_connections. 5. Click ON and save. From Azure CLI Use the below command to update log_connections configuration. az postgres server configuration set --resource-group -- server-name --name log_connections --value on From PowerShell Use the below command to update log_connections configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_connections -Value on", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/how-to-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling log_connections helps PostgreSQL Database to log attempted connection to the server, as well as successful completion of client authentication. Log data can be used to identify, troubleshoot, and repair configuration errors and suboptimal performance.", - "time": 1760900353, - "time_dt": "2025-10-19T18:59:13.053300", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-rk6x from subscription Azure subscription 1 has log_connections enabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_connections_on", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-rk6x from subscription Azure subscription 1 has log_connections enabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/rest/api/postgresql/configurations/listbyserver", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.3" - ], - "CIS-2.0": [ - "4.3.3" - ], - "ProwlerThreatScore-1.0": [ - "3.1.3" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "4.3.3" - ], - "CIS-3.0": [ - "5.2.6" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.c", - "3.2.3.e", - "3.2.3.g", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900353, - "created_time_dt": "2025-10-19T18:59:13.053300", - "desc": "Enable log_connections on PostgreSQL Servers.", - "title": "Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_connections_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-rk6x" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x", - "name": "psql-rk6x", - "resource_group": "rg-rk6x", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-rk6x", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for log_connections. 5. Click ON and save. From Azure CLI Use the below command to update log_connections configuration. az postgres server configuration set --resource-group -- server-name --name log_connections --value on From PowerShell Use the below command to update log_connections configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_connections -Value on", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/how-to-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling log_connections helps PostgreSQL Database to log attempted connection to the server, as well as successful completion of client authentication. Log data can be used to identify, troubleshoot, and repair configuration errors and suboptimal performance.", - "time": 1760900353, - "time_dt": "2025-10-19T18:59:13.053300", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-rtac from subscription Azure subscription 1 has log_connections enabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_connections_on", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-rtac from subscription Azure subscription 1 has log_connections enabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/rest/api/postgresql/configurations/listbyserver", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.3" - ], - "CIS-2.0": [ - "4.3.3" - ], - "ProwlerThreatScore-1.0": [ - "3.1.3" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "4.3.3" - ], - "CIS-3.0": [ - "5.2.6" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.c", - "3.2.3.e", - "3.2.3.g", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900353, - "created_time_dt": "2025-10-19T18:59:13.053300", - "desc": "Enable log_connections on PostgreSQL Servers.", - "title": "Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_connections_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-rtac" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac", - "name": "psql-rtac", - "resource_group": "rg-rtac", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-rtac", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for log_connections. 5. Click ON and save. From Azure CLI Use the below command to update log_connections configuration. az postgres server configuration set --resource-group -- server-name --name log_connections --value on From PowerShell Use the below command to update log_connections configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_connections -Value on", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/how-to-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling log_connections helps PostgreSQL Database to log attempted connection to the server, as well as successful completion of client authentication. Log data can be used to identify, troubleshoot, and repair configuration errors and suboptimal performance.", - "time": 1760900353, - "time_dt": "2025-10-19T18:59:13.053300", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-tumw from subscription Azure subscription 1 has log_connections enabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_connections_on", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-tumw from subscription Azure subscription 1 has log_connections enabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/rest/api/postgresql/configurations/listbyserver", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.3" - ], - "CIS-2.0": [ - "4.3.3" - ], - "ProwlerThreatScore-1.0": [ - "3.1.3" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "4.3.3" - ], - "CIS-3.0": [ - "5.2.6" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.c", - "3.2.3.e", - "3.2.3.g", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900353, - "created_time_dt": "2025-10-19T18:59:13.053300", - "desc": "Enable log_connections on PostgreSQL Servers.", - "title": "Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_connections_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-tumw" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw", - "name": "psql-tumw", - "resource_group": "rg-tumw", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-tumw", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for log_connections. 5. Click ON and save. From Azure CLI Use the below command to update log_connections configuration. az postgres server configuration set --resource-group -- server-name --name log_connections --value on From PowerShell Use the below command to update log_connections configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_connections -Value on", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/how-to-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling log_connections helps PostgreSQL Database to log attempted connection to the server, as well as successful completion of client authentication. Log data can be used to identify, troubleshoot, and repair configuration errors and suboptimal performance.", - "time": 1760900353, - "time_dt": "2025-10-19T18:59:13.053300", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-e9rn from subscription Azure subscription 1 has log_disconnections enabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_disconnections_on", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-e9rn from subscription Azure subscription 1 has log_disconnections enabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/rest/api/postgresql/singleserver/configurations/list-by-server", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Enabling this setting will enable a log of all disconnections. If this is enabled for a high traffic server, the log may grow exponentially.", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.3" - ], - "CIS-2.0": [ - "4.3.4" - ], - "ProwlerThreatScore-1.0": [ - "3.1.4" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "4.3.4" - ], - "CIS-3.0": [ - "5.2.7" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.c", - "3.2.3.e", - "3.2.3.g", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900353, - "created_time_dt": "2025-10-19T18:59:13.053300", - "desc": "Enable log_disconnections on PostgreSQL Servers.", - "title": "Ensure server parameter 'log_disconnections' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_disconnections_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-e9rn" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn", - "name": "psql-e9rn", - "resource_group": "rg-e9rn", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-e9rn", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. From Azure Home select the Portal Menu 2. Go to Azure Database for PostgreSQL servers 3. For each database, click on Server parameters 4. Search for log_disconnections. 5. Click ON and save. From Azure CLI Use the below command to update log_disconnections configuration. az postgres server configuration set --resource-group -- server-name --name log_disconnections --value on From PowerShell Use the below command to update log_disconnections configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName -- server-name --name log_disconnections --value on From PowerShell Use the below command to update log_disconnections configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName -- server-name --name log_disconnections --value on From PowerShell Use the below command to update log_disconnections configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName -- server-name --name log_disconnections --value on From PowerShell Use the below command to update log_disconnections configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName -- server-name --name log_disconnections --value on From PowerShell Use the below command to update log_disconnections configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName -- server-name --name log_retention_days --value <4-7> From Powershell Use the below command to update log_retention_days configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_retention_days -Value <4-7>", - "references": [ - "https://learn.microsoft.com/en-us/rest/api/postgresql/singleserver/configurations/list-by-server?view=rest-postgresql-singleserver-2017-12-01&tabs=HTTP" - ] - }, - "risk_details": "Configuring log_retention_days determines the duration in days that Azure Database for PostgreSQL retains log files. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760900353, - "time_dt": "2025-10-19T18:59:13.053300", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-ireu from subscription Azure subscription 1 has log_retention disabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_retention_days_greater_3", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Flexible Postgresql server psql-ireu from subscription Azure subscription 1 has log_retention disabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/azure/postgresql/howto-configure-server-parameters-using-portal", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Configuring this setting will result in logs being retained for the specified number of days. If this is configured on a high traffic server, the log may grow quickly to occupy a large amount of disk space. In this case you may want to set this to a lower number.", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.r3.az.nt.1", - "op.mon.3.az.nw.1" - ], - "CIS-2.0": [ - "4.3.6" - ], - "ProwlerThreatScore-1.0": [ - "3.2.2" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1", - "cc_c_1_2" - ], - "CIS-2.1": [ - "4.3.6" - ], - "CIS-3.0": [ - "5.2.4" - ], - "CCC": [ - "CCC.Logging.CN02.AR02" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.g", - "3.2.5", - "4.1.2.g", - "4.1.4", - "6.1.2.b", - "11.2.2.f", - "12.2.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900353, - "created_time_dt": "2025-10-19T18:59:13.053300", - "desc": "Ensure log_retention_days on PostgreSQL Servers is set to an appropriate value.", - "title": "Ensure Server Parameter 'log_retention_days' is greater than 3 days for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_retention_days_greater_3-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-ireu" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu", - "name": "psql-ireu", - "resource_group": "rg-ireu", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-ireu", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. From Azure Home select the Portal Menu. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for log_retention_days. 5. Input a value between 4 and 7 (inclusive) and click Save. From Azure CLI Use the below command to update log_retention_days configuration. az postgres server configuration set --resource-group -- server-name --name log_retention_days --value <4-7> From Powershell Use the below command to update log_retention_days configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_retention_days -Value <4-7>", - "references": [ - "https://learn.microsoft.com/en-us/rest/api/postgresql/singleserver/configurations/list-by-server?view=rest-postgresql-singleserver-2017-12-01&tabs=HTTP" - ] - }, - "risk_details": "Configuring log_retention_days determines the duration in days that Azure Database for PostgreSQL retains log files. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760900353, - "time_dt": "2025-10-19T18:59:13.053300", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-rk6x from subscription Azure subscription 1 has log_retention disabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_retention_days_greater_3", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Flexible Postgresql server psql-rk6x from subscription Azure subscription 1 has log_retention disabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/azure/postgresql/howto-configure-server-parameters-using-portal", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Configuring this setting will result in logs being retained for the specified number of days. If this is configured on a high traffic server, the log may grow quickly to occupy a large amount of disk space. In this case you may want to set this to a lower number.", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.r3.az.nt.1", - "op.mon.3.az.nw.1" - ], - "CIS-2.0": [ - "4.3.6" - ], - "ProwlerThreatScore-1.0": [ - "3.2.2" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1", - "cc_c_1_2" - ], - "CIS-2.1": [ - "4.3.6" - ], - "CIS-3.0": [ - "5.2.4" - ], - "CCC": [ - "CCC.Logging.CN02.AR02" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.g", - "3.2.5", - "4.1.2.g", - "4.1.4", - "6.1.2.b", - "11.2.2.f", - "12.2.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900353, - "created_time_dt": "2025-10-19T18:59:13.053300", - "desc": "Ensure log_retention_days on PostgreSQL Servers is set to an appropriate value.", - "title": "Ensure Server Parameter 'log_retention_days' is greater than 3 days for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_retention_days_greater_3-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-rk6x" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x", - "name": "psql-rk6x", - "resource_group": "rg-rk6x", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-rk6x", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. From Azure Home select the Portal Menu. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for log_retention_days. 5. Input a value between 4 and 7 (inclusive) and click Save. From Azure CLI Use the below command to update log_retention_days configuration. az postgres server configuration set --resource-group -- server-name --name log_retention_days --value <4-7> From Powershell Use the below command to update log_retention_days configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_retention_days -Value <4-7>", - "references": [ - "https://learn.microsoft.com/en-us/rest/api/postgresql/singleserver/configurations/list-by-server?view=rest-postgresql-singleserver-2017-12-01&tabs=HTTP" - ] - }, - "risk_details": "Configuring log_retention_days determines the duration in days that Azure Database for PostgreSQL retains log files. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760900353, - "time_dt": "2025-10-19T18:59:13.053300", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-rtac from subscription Azure subscription 1 has log_retention disabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_retention_days_greater_3", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Flexible Postgresql server psql-rtac from subscription Azure subscription 1 has log_retention disabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/azure/postgresql/howto-configure-server-parameters-using-portal", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Configuring this setting will result in logs being retained for the specified number of days. If this is configured on a high traffic server, the log may grow quickly to occupy a large amount of disk space. In this case you may want to set this to a lower number.", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.r3.az.nt.1", - "op.mon.3.az.nw.1" - ], - "CIS-2.0": [ - "4.3.6" - ], - "ProwlerThreatScore-1.0": [ - "3.2.2" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1", - "cc_c_1_2" - ], - "CIS-2.1": [ - "4.3.6" - ], - "CIS-3.0": [ - "5.2.4" - ], - "CCC": [ - "CCC.Logging.CN02.AR02" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.g", - "3.2.5", - "4.1.2.g", - "4.1.4", - "6.1.2.b", - "11.2.2.f", - "12.2.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900353, - "created_time_dt": "2025-10-19T18:59:13.053300", - "desc": "Ensure log_retention_days on PostgreSQL Servers is set to an appropriate value.", - "title": "Ensure Server Parameter 'log_retention_days' is greater than 3 days for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_retention_days_greater_3-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-rtac" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac", - "name": "psql-rtac", - "resource_group": "rg-rtac", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-rtac", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. From Azure Home select the Portal Menu. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for log_retention_days. 5. Input a value between 4 and 7 (inclusive) and click Save. From Azure CLI Use the below command to update log_retention_days configuration. az postgres server configuration set --resource-group -- server-name --name log_retention_days --value <4-7> From Powershell Use the below command to update log_retention_days configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_retention_days -Value <4-7>", - "references": [ - "https://learn.microsoft.com/en-us/rest/api/postgresql/singleserver/configurations/list-by-server?view=rest-postgresql-singleserver-2017-12-01&tabs=HTTP" - ] - }, - "risk_details": "Configuring log_retention_days determines the duration in days that Azure Database for PostgreSQL retains log files. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760900353, - "time_dt": "2025-10-19T18:59:13.053300", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-tumw from subscription Azure subscription 1 has log_retention disabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_retention_days_greater_3", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Flexible Postgresql server psql-tumw from subscription Azure subscription 1 has log_retention disabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/azure/postgresql/howto-configure-server-parameters-using-portal", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Configuring this setting will result in logs being retained for the specified number of days. If this is configured on a high traffic server, the log may grow quickly to occupy a large amount of disk space. In this case you may want to set this to a lower number.", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.r3.az.nt.1", - "op.mon.3.az.nw.1" - ], - "CIS-2.0": [ - "4.3.6" - ], - "ProwlerThreatScore-1.0": [ - "3.2.2" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1", - "cc_c_1_2" - ], - "CIS-2.1": [ - "4.3.6" - ], - "CIS-3.0": [ - "5.2.4" - ], - "CCC": [ - "CCC.Logging.CN02.AR02" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.g", - "3.2.5", - "4.1.2.g", - "4.1.4", - "6.1.2.b", - "11.2.2.f", - "12.2.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900353, - "created_time_dt": "2025-10-19T18:59:13.053300", - "desc": "Ensure log_retention_days on PostgreSQL Servers is set to an appropriate value.", - "title": "Ensure Server Parameter 'log_retention_days' is greater than 3 days for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_retention_days_greater_3-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-tumw" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw", - "name": "psql-tumw", - "resource_group": "rg-tumw", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-tumw", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. From Azure Home select the Portal Menu. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for log_retention_days. 5. Input a value between 4 and 7 (inclusive) and click Save. From Azure CLI Use the below command to update log_retention_days configuration. az postgres server configuration set --resource-group -- server-name --name log_retention_days --value <4-7> From Powershell Use the below command to update log_retention_days configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_retention_days -Value <4-7>", - "references": [ - "https://learn.microsoft.com/en-us/rest/api/postgresql/singleserver/configurations/list-by-server?view=rest-postgresql-singleserver-2017-12-01&tabs=HTTP" - ] - }, - "risk_details": "Configuring log_retention_days determines the duration in days that Azure Database for PostgreSQL retains log files. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760900353, - "time_dt": "2025-10-19T18:59:13.053300", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - } -] diff --git a/website/src/data/test-results/finos-labs-ccc-cfi-compliance/azure-virtualnetwork/results/azure-virtualnetwork-combined.ocsf.json b/website/src/data/test-results/finos-labs-ccc-cfi-compliance/azure-virtualnetwork/results/azure-virtualnetwork-combined.ocsf.json deleted file mode 100644 index ec747fa4..00000000 --- a/website/src/data/test-results/finos-labs-ccc-cfi-compliance/azure-virtualnetwork/results/azure-virtualnetwork-combined.ocsf.json +++ /dev/null @@ -1 +0,0 @@ -null \ No newline at end of file diff --git a/website/src/data/test-results/finos-labs-ccc-cfi-compliance/azure-virtualnetwork/results/azure-virtualnetwork-complete.ocsf.json b/website/src/data/test-results/finos-labs-ccc-cfi-compliance/azure-virtualnetwork/results/azure-virtualnetwork-complete.ocsf.json deleted file mode 100644 index e8a90e79..00000000 --- a/website/src/data/test-results/finos-labs-ccc-cfi-compliance/azure-virtualnetwork/results/azure-virtualnetwork-complete.ocsf.json +++ /dev/null @@ -1,11972 +0,0 @@ -[ - { - "message": "There are no AppInsight configured in subscription Azure subscription 1.", - "metadata": { - "event_code": "appinsights_ensure_is_configured", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "There are no AppInsight configured in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/azure-monitor/app/app-insights-overview", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Because Application Insights relies on a Log Analytics Workspace, an organization will incur additional expenses when using this service.", - "compliance": { - "ENS-RD2022": [ - "mp.s.4.r1.az.nt.2" - ], - "CIS-2.0": [ - "5.3.1" - ], - "ProwlerThreatScore-1.0": [ - "3.3.13" - ], - "CIS-2.1": [ - "5.3.1" - ], - "CIS-3.0": [ - "6.3.1" - ], - "CCC": [ - "CCC.Logging.CN01.AR01" - ], - "PCI-4.0": [ - "10.2.1.1.3", - "10.2.1.2.3", - "10.2.1.3.3", - "10.2.1.4.3", - "10.2.1.5.3", - "10.2.1.6.3", - "10.2.1.7.3", - "10.2.1.3", - "10.2.2.3", - "10.4.1.1.1", - "10.4.1.1", - "10.4.2.1", - "10.6.3.3", - "10.7.1.1", - "10.7.2.1", - "5.3.4.3", - "A1.2.1.3", - "A3.3.1.1", - "A3.5.1.1" - ], - "CIS-4.0": [ - "7.1.3.1" - ], - "NIS2": [ - "3.2.3.h", - "5.1.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900493, - "created_time_dt": "2025-10-19T19:01:33.799774", - "desc": "Application Insights within Azure act as an Application Performance Monitoring solution providing valuable data into how well an application performs and additional information when performing incident response. The types of log data collected include application metrics, telemetry data, and application trace logging data providing organizations with detailed information about application activity and application transactions. Both data sets help organizations adopt a proactive and retroactive means to handle security and performance related metrics within their modern applications.", - "title": "Ensure Application Insights are Configured.", - "types": [], - "uid": "prowler-azure-appinsights_ensure_is_configured-3bb71587-4549-4396-8898-9e15f062e665-global-AppInsights" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "appinsights" - }, - "labels": [], - "name": "AppInsights", - "type": "Microsoft.Insights/components", - "uid": "AppInsights" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. Navigate to Application Insights 2. Under the Basics tab within the PROJECT DETAILS section, select the Subscription 3. Select the Resource group 4. Within the INSTANCE DETAILS, enter a Name 5. Select a Region 6. Next to Resource Mode, select Workspace-based 7. Within the WORKSPACE DETAILS, select the Subscription for the log analytics workspace 8. Select the appropriate Log Analytics Workspace 9. Click Next:Tags > 10. Enter the appropriate Tags as Name, Value pairs. 11. Click Next:Review+Create 12. Click Create.", - "references": [] - }, - "risk_details": "Configuring Application Insights provides additional data not found elsewhere within Azure as part of a much larger logging and monitoring program within an organization's Information Security practice. The types and contents of these logs will act as both a potential cost saving measure (application performance) and a means to potentially confirm the source of a potential incident (trace logging). Metrics and Telemetry data provide organizations with a proactive approach to cost savings by monitoring an application's performance, while the trace logging data provides necessary details in a reactive incident response scenario by helping organizations identify the potential source of an incident within their application.", - "time": 1760900493, - "time_dt": "2025-10-19T19:01:33.799774", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Defender Auto Provisioning Log Analytics Agents from subscription Azure subscription 1 is set to OFF.", - "metadata": { - "event_code": "defender_auto_provisioning_log_analytics_agent_vms_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Defender Auto Provisioning Log Analytics Agents from subscription Azure subscription 1 is set to OFF.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/azure/security-center/security-center-data-security", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.mon.3.r2.az.de.1", - "mp.s.4.r1.az.nt.5" - ], - "MITRE-ATTACK": [ - "T1190" - ], - "CIS-2.0": [ - "2.1.15" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1", - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "2.1.14" - ], - "CIS-3.0": [ - "3.1.1.1" - ], - "NIS2": [ - "2.1.2.h", - "3.1.2.d", - "3.2.3.c", - "3.2.3.e", - "3.2.3.g", - "3.6.2", - "6.9.2", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900493, - "created_time_dt": "2025-10-19T19:01:33.799774", - "desc": "Ensure that Auto provisioning of 'Log Analytics agent for Azure VMs' is Set to 'On'. The Microsoft Monitoring Agent scans for various security-related configurations and events such as system updates, OS vulnerabilities, endpoint protection, and provides alerts.", - "title": "Ensure that Auto provisioning of 'Log Analytics agent for Azure VMs' is Set to 'On'", - "types": [], - "uid": "prowler-azure-defender_auto_provisioning_log_analytics_agent_vms_on-3bb71587-4549-4396-8898-9e15f062e665-global-default" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/autoProvisioningSettings/default", - "resource_name": "default", - "resource_type": "Microsoft.Security/autoProvisioningSettings", - "auto_provision": "Off" - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "default", - "type": "AzureDefenderPlan", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/autoProvisioningSettings/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "Ensure comprehensive visibility into possible security vulnerabilities, including missing updates, misconfigured operating system security settings, and active threats, allowing for timely mitigation and improved overall security posture", - "references": [ - "https://learn.microsoft.com/en-us/azure/defender-for-cloud/monitoring-components" - ] - }, - "risk_details": "Missing critical security information about your Azure VMs, such as security alerts, security recommendations, and change tracking.", - "time": 1760900493, - "time_dt": "2025-10-19T19:01:33.799774", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Container image scan is disabled in subscription Azure subscription 1.", - "metadata": { - "event_code": "defender_container_images_scan_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Container image scan is disabled in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/container-registry/container-registry-check-health", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "When using an Azure container registry, you might occasionally encounter problems. For example, you might not be able to pull a container image because of an issue with Docker in your local environment. Or, a network issue might prevent you from connecting to the registry.", - "compliance": { - "MITRE-ATTACK": [ - "T1190", - "T1525" - ], - "ISO27001-2022": [ - "A.5.19", - "A.5.21", - "A.5.25", - "A.5.28", - "A.5.29", - "A.8.7", - "A.8.9" - ], - "SOC2": [ - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CCC": [ - "CCC.CntrReg.CN01.AR01" - ], - "PCI-4.0": [ - "11.3.1.2.1", - "11.3.1.3.3", - "11.3.1.3" - ], - "NIS2": [ - "2.2.1", - "3.1.2.d", - "3.6.2", - "5.1.4.f", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900493, - "created_time_dt": "2025-10-19T19:01:33.799774", - "desc": "Scan images being deployed to Azure (AKS) for vulnerabilities. Vulnerability scanning for images stored in Azure Container Registry is generally available in Azure Security Center. This capability is powered by Qualys, a leading provider of information security. When you push an image to Container Registry, Security Center automatically scans it, then checks for known vulnerabilities in packages or dependencies defined in the file. When the scan completes (after about 10 minutes), Security Center provides details and a security classification for each vulnerability detected, along with guidance on how to remediate issues and protect vulnerable attack surfaces.", - "title": "Ensure Image Vulnerability Scanning using Azure Defender image scanning or a third party provider", - "types": [], - "uid": "prowler-azure-defender_container_images_scan_enabled-3bb71587-4549-4396-8898-9e15f062e665-global-Containers" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/Containers", - "resource_name": "Containers", - "pricing_tier": "Free", - "free_trial_remaining_time": 2592000.0, - "extensions": {} - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "Containers", - "type": "Microsoft.Security", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/Containers" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "", - "references": [ - "https://learn.microsoft.com/en-us/azure/container-registry/scan-images-defender" - ] - }, - "risk_details": "Vulnerabilities in software packages can be exploited by hackers or malicious users to obtain unauthorized access to local cloud resources. Azure Defender and other third party products allow images to be scanned for known vulnerabilities.", - "time": 1760900493, - "time_dt": "2025-10-19T19:01:33.799774", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Defender plan Defender for App Services from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "metadata": { - "event_code": "defender_ensure_defender_for_app_services_is_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Defender plan Defender for App Services from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.s.4.r1.az.nt.3" - ], - "MITRE-ATTACK": [ - "T1190", - "T1059", - "T1204", - "T1552", - "T1486", - "T1499", - "T1496", - "T1087" - ], - "ISO27001-2022": [ - "A.5.19", - "A.5.21", - "A.5.25", - "A.5.28", - "A.5.29", - "A.8.7", - "A.8.9" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CIS-2.1": [ - "2.1.2" - ], - "CIS-3.0": [ - "3.1.6.1" - ], - "CIS-4.0": [ - "9.1.6.1" - ], - "NIS2": [ - "3.6.2", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900493, - "created_time_dt": "2025-10-19T19:01:33.799774", - "desc": "Ensure That Microsoft Defender for App Services Is Set To 'On' ", - "title": "Ensure That Microsoft Defender for App Services Is Set To 'On' ", - "types": [], - "uid": "prowler-azure-defender_ensure_defender_for_app_services_is_on-3bb71587-4549-4396-8898-9e15f062e665-global-Defender plan App Services" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/AppServices", - "resource_name": "AppServices", - "pricing_tier": "Free", - "free_trial_remaining_time": 2592000.0, - "extensions": {} - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "Defender plan App Services", - "type": "AzureDefenderPlan", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/AppServices" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "By default, Microsoft Defender for Cloud is not enabled for your App Service instances. Enabling the Defender security service for App Service instances allows for advanced security defense using threat detection capabilities provided by Microsoft Security Response Center.", - "references": [] - }, - "risk_details": "Turning on Microsoft Defender for App Service enables threat detection for App Service, providing threat intelligence, anomaly detection, and behavior analytics in the Microsoft Defender for Cloud.", - "time": 1760900493, - "time_dt": "2025-10-19T19:01:33.799774", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Defender plan Defender for ARM from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "metadata": { - "event_code": "defender_ensure_defender_for_arm_is_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Defender plan Defender for ARM from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.s.4.r1.az.nt.3" - ], - "MITRE-ATTACK": [ - "T1190", - "T1562", - "T1486", - "T1499", - "T1087", - "T1580", - "T1538", - "T1526", - "T1069" - ], - "CIS-2.0": [ - "2.1.12" - ], - "ISO27001-2022": [ - "A.5.19", - "A.5.21", - "A.5.25", - "A.5.28", - "A.5.29", - "A.8.7", - "A.8.9" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CIS-2.1": [ - "2.1.11" - ], - "CIS-3.0": [ - "3.1.9.1" - ], - "CIS-4.0": [ - "9.1.9.1" - ], - "NIS2": [ - "3.6.2", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900493, - "created_time_dt": "2025-10-19T19:01:33.799774", - "desc": "Ensure That Microsoft Defender for Azure Resource Manager Is Set To 'On' ", - "title": "Ensure That Microsoft Defender for Azure Resource Manager Is Set To 'On' ", - "types": [], - "uid": "prowler-azure-defender_ensure_defender_for_arm_is_on-3bb71587-4549-4396-8898-9e15f062e665-global-Defender plan ARM" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/Arm", - "resource_name": "Arm", - "pricing_tier": "Free", - "free_trial_remaining_time": 2592000.0, - "extensions": {} - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "Defender plan ARM", - "type": "AzureDefenderPlan", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/Arm" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "Enable Microsoft Defender for Azure Resource Manager", - "references": [] - }, - "risk_details": "Scanning resource requests lets you be alerted every time there is suspicious activity in order to prevent a security threat from being introduced.", - "time": 1760900493, - "time_dt": "2025-10-19T19:01:33.799774", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Defender plan Defender for Azure SQL DB Servers from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "metadata": { - "event_code": "defender_ensure_defender_for_azure_sql_databases_is_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Defender plan Defender for Azure SQL DB Servers from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.s.4.r1.az.nt.4" - ], - "MITRE-ATTACK": [ - "T1190", - "T1486", - "T1499" - ], - "CIS-2.0": [ - "2.1.4" - ], - "ISO27001-2022": [ - "A.5.19", - "A.5.21", - "A.5.25", - "A.5.28", - "A.5.29", - "A.8.7", - "A.8.9" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CIS-2.1": [ - "2.1.3" - ], - "CIS-3.0": [ - "3.1.7.3" - ], - "CIS-4.0": [ - "9.1.7.3" - ], - "NIS2": [ - "3.6.2", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900493, - "created_time_dt": "2025-10-19T19:01:33.799774", - "desc": "Ensure That Microsoft Defender for Azure SQL Databases Is Set To 'On' ", - "title": "Ensure That Microsoft Defender for Azure SQL Databases Is Set To 'On' ", - "types": [], - "uid": "prowler-azure-defender_ensure_defender_for_azure_sql_databases_is_on-3bb71587-4549-4396-8898-9e15f062e665-global-SqlServers" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/SqlServers", - "resource_name": "SqlServers", - "pricing_tier": "Free", - "free_trial_remaining_time": 2592000.0, - "extensions": {} - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "SqlServers", - "type": "AzureDefenderPlan", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/SqlServers" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "By default, Microsoft Defender for Cloud is disabled for all your SQL database servers. Defender for Cloud monitors your SQL database servers for threats such as SQL injection, brute-force attacks, and privilege abuse. The security service provides action-oriented security alerts with details of the suspicious activity and guidance on how to mitigate the security threats.", - "references": [] - }, - "risk_details": "Turning on Microsoft Defender for Azure SQL Databases enables threat detection for Azure SQL database servers, providing threat intelligence, anomaly detection, and behavior analytics in the Microsoft Defender for Cloud.", - "time": 1760900493, - "time_dt": "2025-10-19T19:01:33.799774", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Defender plan Defender for Containers from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "metadata": { - "event_code": "defender_ensure_defender_for_containers_is_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Defender plan Defender for Containers from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.s.4.r1.az.nt.3" - ], - "MITRE-ATTACK": [ - "T1190", - "T1525", - "T1486", - "T1499" - ], - "CIS-2.0": [ - "2.1.8" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.19", - "A.5.21", - "A.5.22", - "A.5.25", - "A.5.28", - "A.5.29", - "A.8.7", - "A.8.9" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CIS-2.1": [ - "2.1.8" - ], - "CIS-3.0": [ - "3.1.4.1" - ], - "CIS-4.0": [ - "9.1.4.1" - ], - "NIS2": [ - "3.6.2", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900493, - "created_time_dt": "2025-10-19T19:01:33.799774", - "desc": "Ensure That Microsoft Defender for Containers Is Set To 'On' ", - "title": "Ensure That Microsoft Defender for Containers Is Set To 'On' ", - "types": [], - "uid": "prowler-azure-defender_ensure_defender_for_containers_is_on-3bb71587-4549-4396-8898-9e15f062e665-global-Containers" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/Containers", - "resource_name": "Containers", - "pricing_tier": "Free", - "free_trial_remaining_time": 2592000.0, - "extensions": {} - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "Containers", - "type": "AzureDefenderPlan", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/Containers" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "By default, Microsoft Defender for Cloud is not enabled for your Azure cloud containers. Enabling the Defender security service for Azure containers allows for advanced security defense against threats, using threat detection capabilities provided by the Microsoft Security Response Center (MSRC).", - "references": [] - }, - "risk_details": "Ensure that Microsoft Defender for Cloud is enabled for all your Azure containers. Turning on the Defender for Cloud service enables threat detection for containers, providing threat intelligence, anomaly detection, and behavior analytics.", - "time": 1760900493, - "time_dt": "2025-10-19T19:01:33.799774", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Defender plan Defender for Cosmos DB from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "metadata": { - "event_code": "defender_ensure_defender_for_cosmosdb_is_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Defender plan Defender for Cosmos DB from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.s.4.r1.az.nt.4" - ], - "MITRE-ATTACK": [ - "T1190", - "T1486", - "T1499" - ], - "CIS-2.0": [ - "2.1.9" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.19", - "A.5.21", - "A.5.22", - "A.5.25", - "A.5.28", - "A.5.29", - "A.8.7", - "A.8.9" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CIS-2.1": [ - "2.1.6" - ], - "CIS-3.0": [ - "3.1.7.1" - ], - "CIS-4.0": [ - "9.1.7.1" - ], - "NIS2": [ - "3.6.2", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900493, - "created_time_dt": "2025-10-19T19:01:33.799774", - "desc": "Ensure That Microsoft Defender for Cosmos DB Is Set To 'On' ", - "title": "Ensure That Microsoft Defender for Cosmos DB Is Set To 'On' ", - "types": [], - "uid": "prowler-azure-defender_ensure_defender_for_cosmosdb_is_on-3bb71587-4549-4396-8898-9e15f062e665-global-Defender plan Cosmos DB" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/CosmosDbs", - "resource_name": "CosmosDbs", - "pricing_tier": "Free", - "free_trial_remaining_time": 2592000.0, - "extensions": {} - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "Defender plan Cosmos DB", - "type": "AzureDefenderPlan", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/CosmosDbs" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "By default, Microsoft Defender for Cloud is not enabled for your App Service instances. Enabling the Defender security service for App Service instances allows for advanced security defense using threat detection capabilities provided by Microsoft Security Response Center.", - "references": [ - "Enable Microsoft Defender for Cosmos DB" - ] - }, - "risk_details": "In scanning Cosmos DB requests within a subscription, requests are compared to a heuristic list of potential security threats. These threats could be a result of a security breach within your services, thus scanning for them could prevent a potential security threat from being introduced.", - "time": 1760900493, - "time_dt": "2025-10-19T19:01:33.799774", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Defender plan Defender for Databases from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "metadata": { - "event_code": "defender_ensure_defender_for_databases_is_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Defender plan Defender for Databases from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.s.4.r1.az.nt.4" - ], - "MITRE-ATTACK": [ - "T1190", - "T1486", - "T1499" - ], - "CIS-2.0": [ - "2.1.3" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.19", - "A.5.21", - "A.5.22", - "A.5.25", - "A.5.28", - "A.5.29", - "A.8.7", - "A.8.9" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "NIS2": [ - "3.6.2", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900493, - "created_time_dt": "2025-10-19T19:01:33.799774", - "desc": "Ensure That Microsoft Defender for Databases Is Set To 'On' ", - "title": "Ensure That Microsoft Defender for Databases Is Set To 'On' ", - "types": [], - "uid": "prowler-azure-defender_ensure_defender_for_databases_is_on-3bb71587-4549-4396-8898-9e15f062e665-global-SqlServers" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/SqlServers", - "resource_name": "SqlServers", - "pricing_tier": "Free", - "free_trial_remaining_time": 2592000.0, - "extensions": {} - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "SqlServers", - "type": "AzureDefenderPlan", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/SqlServers" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "Enable Microsoft Defender for Azure SQL Databases", - "references": [] - }, - "risk_details": "Enabling Microsoft Defender for Azure SQL Databases allows your organization more granular control of the infrastructure running your database software", - "time": 1760900493, - "time_dt": "2025-10-19T19:01:33.799774", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Defender plan Defender for DNS from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "metadata": { - "event_code": "defender_ensure_defender_for_dns_is_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Defender plan Defender for DNS from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.s.4.r1.az.nt.3" - ], - "MITRE-ATTACK": [ - "T1190", - "T1486", - "T1499" - ], - "CIS-2.0": [ - "2.1.11" - ], - "ProwlerThreatScore-1.0": [ - "3.3.21" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.19", - "A.5.21", - "A.5.22", - "A.5.25", - "A.5.28", - "A.5.29", - "A.8.7", - "A.8.9" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CIS-2.1": [ - "2.1.10" - ], - "CIS-3.0": [ - "3.1.16" - ], - "CIS-4.0": [ - "9.1.17" - ], - "NIS2": [ - "3.6.2", - "6.7.2.i", - "6.7.2.l", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900493, - "created_time_dt": "2025-10-19T19:01:33.799774", - "desc": "Ensure That Microsoft Defender for DNS Is Set To 'On' ", - "title": "Ensure That Microsoft Defender for DNS Is Set To 'On' ", - "types": [], - "uid": "prowler-azure-defender_ensure_defender_for_dns_is_on-3bb71587-4549-4396-8898-9e15f062e665-global-Defender plan DNS" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/Dns", - "resource_name": "Dns", - "pricing_tier": "Free", - "free_trial_remaining_time": 2592000.0, - "extensions": {} - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "Defender plan DNS", - "type": "AzureDefenderPlan", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/Dns" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "By default, Microsoft Defender for Cloud is not enabled for your App Service instances. Enabling the Defender security service for App Service instances allows for advanced security defense using threat detection capabilities provided by Microsoft Security Response Center.", - "references": [] - }, - "risk_details": "DNS lookups within a subscription are scanned and compared to a dynamic list of websites that might be potential security threats. These threats could be a result of a security breach within your services, thus scanning for them could prevent a potential security threat from being introduced.", - "time": 1760900493, - "time_dt": "2025-10-19T19:01:33.799774", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Defender plan Defender for KeyVaults from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "metadata": { - "event_code": "defender_ensure_defender_for_keyvault_is_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Defender plan Defender for KeyVaults from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r1.az.eid.3" - ], - "MITRE-ATTACK": [ - "T1190", - "T1486", - "T1499", - "T1580" - ], - "CIS-2.0": [ - "2.1.10" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.19", - "A.5.21", - "A.5.22", - "A.5.25", - "A.5.28", - "A.5.29", - "A.8.7", - "A.8.9" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CIS-2.1": [ - "2.1.9" - ], - "CIS-3.0": [ - "3.1.8.1" - ], - "PCI-4.0": [ - "3.5.1.31", - "3.5.1.32", - "8.3.2.50", - "8.3.2.51" - ], - "CIS-4.0": [ - "9.1.8.1" - ], - "NIS2": [ - "3.6.2", - "6.9.2", - "9.2.c", - "9.2.c.iv" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900493, - "created_time_dt": "2025-10-19T19:01:33.799774", - "desc": "Ensure That Microsoft Defender for KeyVault Is Set To 'On' ", - "title": "Ensure That Microsoft Defender for KeyVault Is Set To 'On' ", - "types": [], - "uid": "prowler-azure-defender_ensure_defender_for_keyvault_is_on-3bb71587-4549-4396-8898-9e15f062e665-global-Defender plan KeyVaults" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/KeyVaults", - "resource_name": "KeyVaults", - "pricing_tier": "Free", - "free_trial_remaining_time": 2592000.0, - "extensions": {} - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "Defender plan KeyVaults", - "type": "AzureDefenderPlan", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/KeyVaults" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "Ensure that Microsoft Defender for Cloud is enabled for Azure key vaults. Key Vault is the Azure cloud service that safeguards encryption keys and secrets like certificates, connection-based strings, and passwords.", - "references": [] - }, - "risk_details": "By default, Microsoft Defender for Cloud is disabled for Azure key vaults. Defender for Cloud detects unusual and potentially harmful attempts to access or exploit your Azure Key Vault data. This layer of protection allows you to address threats without being a security expert, and without the need to use and manage third-party security monitoring tools or services.", - "time": 1760900493, - "time_dt": "2025-10-19T19:01:33.799774", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Defender plan Defender for Open-Source Relational Databases from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "metadata": { - "event_code": "defender_ensure_defender_for_os_relational_databases_is_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Defender plan Defender for Open-Source Relational Databases from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.s.4.r1.az.nt.4" - ], - "MITRE-ATTACK": [ - "T1190", - "T1486", - "T1499" - ], - "CIS-2.0": [ - "2.1.6" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.19", - "A.5.21", - "A.5.22", - "A.5.25", - "A.5.28", - "A.5.29", - "A.8.7", - "A.8.9" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CIS-2.1": [ - "2.1.5" - ], - "CIS-3.0": [ - "3.1.7.2" - ], - "CIS-4.0": [ - "9.1.7.2" - ], - "NIS2": [ - "3.6.2", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900493, - "created_time_dt": "2025-10-19T19:01:33.799774", - "desc": "Ensure That Microsoft Defender for Open-Source Relational Databases Is Set To 'On' ", - "title": "Ensure That Microsoft Defender for Open-Source Relational Databases Is Set To 'On' ", - "types": [], - "uid": "prowler-azure-defender_ensure_defender_for_os_relational_databases_is_on-3bb71587-4549-4396-8898-9e15f062e665-global-Defender plan Open-Source Relational Databases" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/OpenSourceRelationalDatabases", - "resource_name": "OpenSourceRelationalDatabases", - "pricing_tier": "Free", - "free_trial_remaining_time": 2592000.0, - "extensions": {} - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "Defender plan Open-Source Relational Databases", - "type": "AzureDefenderPlan", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/OpenSourceRelationalDatabases" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "Enabling Microsoft Defender for Open-source relational databases allows for greater defense-in-depth, with threat detection provided by the Microsoft Security Response Center (MSRC).", - "references": [] - }, - "risk_details": "Turning on Microsoft Defender for Open-source relational databases enables threat detection for Open-source relational databases, providing threat intelligence, anomaly detection, and behavior analytics in the Microsoft Defender for Cloud.", - "time": 1760900493, - "time_dt": "2025-10-19T19:01:33.799774", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Defender plan Defender for Servers from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "metadata": { - "event_code": "defender_ensure_defender_for_server_is_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Defender plan Defender for Servers from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.mon.3.r1.az.ev.1", - "mp.s.4.r1.az.nt.3" - ], - "MITRE-ATTACK": [ - "T1190", - "T1486", - "T1499" - ], - "CIS-2.0": [ - "2.1.1", - "2.1.2" - ], - "ProwlerThreatScore-1.0": [ - "1.1.4" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.19", - "A.5.21", - "A.5.22", - "A.5.25", - "A.5.28", - "A.5.29", - "A.8.7", - "A.8.9" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CIS-2.1": [ - "2.1.1" - ], - "CIS-3.0": [ - "2.2.8", - "3.1.3.1" - ], - "CIS-4.0": [ - "6.2.7", - "9.1.3.1" - ], - "NIS2": [ - "3.6.2", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900493, - "created_time_dt": "2025-10-19T19:01:33.799774", - "desc": "Ensure That Microsoft Defender for Servers Is Set to 'On'", - "title": "Ensure That Microsoft Defender for Servers Is Set to 'On'", - "types": [], - "uid": "prowler-azure-defender_ensure_defender_for_server_is_on-3bb71587-4549-4396-8898-9e15f062e665-global-Defender plan Servers" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/VirtualMachines", - "resource_name": "VirtualMachines", - "pricing_tier": "Free", - "free_trial_remaining_time": 2592000.0, - "extensions": {} - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "Defender plan Servers", - "type": "AzureDefenderPlan", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/VirtualMachines" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "Enabling Microsoft Defender for Cloud standard pricing tier allows for better security assessment with threat detection provided by the Microsoft Security Response Center (MSRC), advanced security policies, adaptive application control, network threat detection, and regulatory compliance management.", - "references": [] - }, - "risk_details": "Turning on Microsoft Defender for Servers enables threat detection for Servers, providing threat intelligence, anomaly detection, and behavior analytics in the Microsoft Defender for Cloud.", - "time": 1760900493, - "time_dt": "2025-10-19T19:01:33.799774", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Defender plan Defender for SQL Server VMs from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "metadata": { - "event_code": "defender_ensure_defender_for_sql_servers_is_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Defender plan Defender for SQL Server VMs from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.s.4.r1.az.nt.4" - ], - "MITRE-ATTACK": [ - "T1190", - "T1486", - "T1499" - ], - "CIS-2.0": [ - "2.1.5" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.19", - "A.5.21", - "A.5.22", - "A.5.25", - "A.5.28", - "A.5.29", - "A.8.7", - "A.8.9" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CIS-2.1": [ - "2.1.4" - ], - "CIS-3.0": [ - "3.1.7.4" - ], - "CIS-4.0": [ - "9.1.7.4" - ], - "NIS2": [ - "3.6.2", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900493, - "created_time_dt": "2025-10-19T19:01:33.799774", - "desc": "Ensure That Microsoft Defender for SQL Servers on Machines Is Set To 'On' ", - "title": "Ensure That Microsoft Defender for SQL Servers on Machines Is Set To 'On' ", - "types": [], - "uid": "prowler-azure-defender_ensure_defender_for_sql_servers_is_on-3bb71587-4549-4396-8898-9e15f062e665-global-Defender plan SQL Server VMs" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/SqlServerVirtualMachines", - "resource_name": "SqlServerVirtualMachines", - "pricing_tier": "Free", - "free_trial_remaining_time": 2592000.0, - "extensions": {} - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "Defender plan SQL Server VMs", - "type": "AzureDefenderPlan", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/SqlServerVirtualMachines" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "By default, Microsoft Defender for Cloud is disabled for the Microsoft SQL servers running on virtual machines. Defender for Cloud for SQL Server virtual machines continuously monitors your SQL database servers for threats such as SQL injection, brute-force attacks, and privilege abuse. The security service provides security alerts together with details of the suspicious activity and guidance on how to mitigate to the security threats.", - "references": [] - }, - "risk_details": "Turning on Microsoft Defender for SQL servers on machines enables threat detection for SQL servers on machines, providing threat intelligence, anomaly detection, and behavior analytics in the Microsoft Defender for Cloud.", - "time": 1760900493, - "time_dt": "2025-10-19T19:01:33.799774", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Defender plan Defender for Storage Accounts from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "metadata": { - "event_code": "defender_ensure_defender_for_storage_is_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Defender plan Defender for Storage Accounts from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.s.4.r1.az.nt.5" - ], - "MITRE-ATTACK": [ - "T1190", - "T1537", - "T1530", - "T1485", - "T1486", - "T1499" - ], - "CIS-2.0": [ - "2.1.7" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.19", - "A.5.21", - "A.5.22", - "A.5.25", - "A.5.28", - "A.5.29", - "A.8.7", - "A.8.9" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CIS-2.1": [ - "2.1.7" - ], - "CIS-3.0": [ - "3.1.5.1" - ], - "CIS-4.0": [ - "9.1.5.1" - ], - "NIS2": [ - "3.6.2", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900493, - "created_time_dt": "2025-10-19T19:01:33.799774", - "desc": "Ensure That Microsoft Defender for Storage Is Set To 'On' ", - "title": "Ensure That Microsoft Defender for Storage Is Set To 'On' ", - "types": [], - "uid": "prowler-azure-defender_ensure_defender_for_storage_is_on-3bb71587-4549-4396-8898-9e15f062e665-global-Defender plan Storage Accounts" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/StorageAccounts", - "resource_name": "StorageAccounts", - "pricing_tier": "Free", - "free_trial_remaining_time": 2592000.0, - "extensions": {} - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "Defender plan Storage Accounts", - "type": "AzureDefenderPlan", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/StorageAccounts" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "By default, Microsoft Defender for Cloud is disabled for your storage accounts. Enabling the Defender security service for Azure storage accounts allows for advanced security defense using threat detection capabilities provided by the Microsoft Security Response Center (MSRC). MSRC investigates all reports of security vulnerabilities affecting Microsoft products and services, including Azure cloud services.", - "references": [] - }, - "risk_details": "Ensure that Microsoft Defender for Cloud is enabled for your Microsoft Azure storage accounts. Defender for storage accounts is an Azure-native layer of security intelligence that detects unusual and potentially harmful attempts to access or exploit your Azure cloud storage accounts.", - "time": 1760900493, - "time_dt": "2025-10-19T19:01:33.799774", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No IoT Security Solutions found in the subscription Azure subscription 1.", - "metadata": { - "event_code": "defender_ensure_iot_hub_defender_is_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "No IoT Security Solutions found in the subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://azure.microsoft.com/en-us/services/iot-defender/#overview", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Enabling Microsoft Defender for IoT will incur additional charges dependent on the level of usage.", - "compliance": { - "ENS-RD2022": [ - "mp.s.4.r1.az.nt.3" - ], - "MITRE-ATTACK": [ - "T1190", - "T1486", - "T1499" - ], - "CIS-2.0": [ - "2.2.1" - ], - "ISO27001-2022": [ - "A.5.19", - "A.5.21", - "A.5.25", - "A.5.28", - "A.5.29", - "A.8.7", - "A.8.9" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CIS-2.1": [ - "2.2.1" - ], - "CIS-3.0": [ - "3.2.1" - ], - "CIS-4.0": [ - "9.2.1" - ], - "NIS2": [ - "3.6.2", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900493, - "created_time_dt": "2025-10-19T19:01:33.799774", - "desc": "Microsoft Defender for IoT acts as a central security hub for IoT devices within your organization.", - "title": "Ensure That Microsoft Defender for IoT Hub Is Set To 'On'", - "types": [], - "uid": "prowler-azure-defender_ensure_iot_hub_defender_is_on-3bb71587-4549-4396-8898-9e15f062e665-global-IoT Hub Defender" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "IoT Hub Defender", - "type": "DefenderIoT", - "uid": "IoT Hub Defender" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. Go to IoT Hub. 2. Select a IoT Hub to validate. 3. Select Overview in Defender for IoT. 4. Click on Secure your IoT solution, and complete the onboarding.", - "references": [ - "https://learn.microsoft.com/en-us/azure/defender-for-iot/device-builders/quickstart-onboard-iot-hub" - ] - }, - "risk_details": "IoT devices are very rarely patched and can be potential attack vectors for enterprise networks. Updating their network configuration to use a central security hub allows for detection of these breaches.", - "time": 1760900493, - "time_dt": "2025-10-19T19:01:33.799774", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Microsoft Defender for Cloud Apps is enabled for subscription Azure subscription 1.", - "metadata": { - "event_code": "defender_ensure_mcas_is_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Microsoft Defender for Cloud Apps is enabled for subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-in/azure/defender-for-cloud/defender-for-cloud-introduction#secure-cloud-applications", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Microsoft Defender for Cloud Apps works with Standard pricing tier Subscription. Choosing the Standard pricing tier of Microsoft Defender for Cloud incurs an additional cost per resource.", - "compliance": { - "ENS-RD2022": [ - "mp.s.4.r1.az.nt.3" - ], - "MITRE-ATTACK": [ - "T1190", - "T1486" - ], - "CIS-2.0": [ - "2.1.21" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.22" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CIS-2.1": [ - "2.1.20" - ], - "CIS-3.0": [ - "3.1.1.2" - ], - "PCI-4.0": [ - "11.5.1.1.2", - "11.5.1.2" - ], - "NIS2": [ - "3.6.2", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900493, - "created_time_dt": "2025-10-19T19:01:33.799774", - "desc": "This integration setting enables Microsoft Defender for Cloud Apps (formerly 'Microsoft Cloud App Security' or 'MCAS' - see additional info) to communicate with Microsoft Defender for Cloud.", - "title": "Ensure that Microsoft Defender for Cloud Apps integration with Microsoft Defender for Cloud is Selected", - "types": [], - "uid": "prowler-azure-defender_ensure_mcas_is_enabled-3bb71587-4549-4396-8898-9e15f062e665-global-MCAS" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/settings/MCAS", - "resource_type": "Microsoft.Security/settings", - "kind": "DataExportSettings", - "enabled": true - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "MCAS", - "type": "DefenderSettings", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/settings/MCAS" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. From Azure Home select the Portal Menu. 2. Select Microsoft Defender for Cloud. 3. Select Environment Settings blade. 4. Select the subscription. 5. Check App Service Defender Plan to On. 6. Select Save.", - "references": [ - "https://docs.microsoft.com/en-us/rest/api/securitycenter/settings/list" - ] - }, - "risk_details": "Microsoft Defender for Cloud offers an additional layer of protection by using Azure Resource Manager events, which is considered to be the control plane for Azure. By analyzing the Azure Resource Manager records, Microsoft Defender for Cloud detects unusual or potentially harmful operations in the Azure subscription environment. Several of the preceding analytics are powered by Microsoft Defender for Cloud Apps. To benefit from these analytics, subscription must have a Cloud App Security license. Microsoft Defender for Cloud Apps works only with Standard Tier subscriptions.", - "time": 1760900493, - "time_dt": "2025-10-19T19:01:33.799774", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Microsoft Defender for Endpoint integration is enabled for subscription Azure subscription 1.", - "metadata": { - "event_code": "defender_ensure_wdatp_is_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Microsoft Defender for Endpoint integration is enabled for subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-in/azure/defender-for-cloud/integration-defender-for-endpoint?tabs=windows", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Microsoft Defender for Endpoint works with Standard pricing tier Subscription. Choosing the Standard pricing tier of Microsoft Defender for Cloud incurs an additional cost per resource.", - "compliance": { - "ENS-RD2022": [ - "op.mon.3.r3.az.de.2" - ], - "MITRE-ATTACK": [ - "T1190" - ], - "CIS-2.0": [ - "2.1.22" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CIS-2.1": [ - "2.1.21" - ], - "NIS2": [ - "3.6.2", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900493, - "created_time_dt": "2025-10-19T19:01:33.799774", - "desc": "This integration setting enables Microsoft Defender for Endpoint (formerly 'Advanced Threat Protection' or 'ATP' or 'WDATP' - see additional info) to communicate with Microsoft Defender for Cloud.", - "title": "Ensure that Microsoft Defender for Endpoint integration with Microsoft Defender for Cloud is selected", - "types": [], - "uid": "prowler-azure-defender_ensure_wdatp_is_enabled-3bb71587-4549-4396-8898-9e15f062e665-global-WDATP" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/settings/WDATP", - "resource_type": "Microsoft.Security/settings", - "kind": "DataExportSettings", - "enabled": true - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "WDATP", - "type": "DefenderSettings", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/settings/WDATP" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "", - "references": [ - "https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/azure-server-integration?view=o365-worldwide" - ] - }, - "risk_details": "Microsoft Defender for Endpoint integration brings comprehensive Endpoint Detection and Response (EDR) capabilities within Microsoft Defender for Cloud. This integration helps to spot abnormalities, as well as detect and respond to advanced attacks on endpoints monitored by Microsoft Defender for Cloud. MDE works only with Standard Tier subscriptions.", - "time": 1760900493, - "time_dt": "2025-10-19T19:01:33.799774", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Role assignment 1b4a98ae-5221-4850-a761-4f9176407028 in subscription Azure subscription 1 does not grant User Access Administrator role.", - "metadata": { - "event_code": "iam_role_user_access_admin_restricted", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Role assignment 1b4a98ae-5221-4850-a761-4f9176407028 in subscription Azure subscription 1 does not grant User Access Administrator role.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/privileged#user-access-administrator", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.LB.CN04.AR01", - "CCC.LB.CN05.AR01", - "CCC.LB.CN09.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.MLDE.CN03.AR01", - "CCC.MLDE.CN03.AR02", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ], - "CIS-4.0": [ - "6.3.3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900493, - "created_time_dt": "2025-10-19T19:01:33.799774", - "desc": "Checks for active assignments of the highly privileged 'User Access Administrator' role in Azure subscriptions.", - "title": "Ensure 'User Access Administrator' role is restricted", - "types": [], - "uid": "prowler-azure-iam_role_user_access_admin_restricted-3bb71587-4549-4396-8898-9e15f062e665-global-1b4a98ae-5221-4850-a761-4f9176407028" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Authorization/roleAssignments/1b4a98ae-5221-4850-a761-4f9176407028", - "name": "1b4a98ae-5221-4850-a761-4f9176407028", - "scope": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665", - "agent_id": "88c2c157-980b-416e-b77e-ec04f7f1b984", - "agent_type": "User", - "role_id": "8e3af657-a8ff-443c-a75c-2fe8c4bcb635" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "1b4a98ae-5221-4850-a761-4f9176407028", - "type": "AzureIAMRoleassignment", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Authorization/roleAssignments/1b4a98ae-5221-4850-a761-4f9176407028" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "Remove 'User Access Administrator' role assignments immediately after use to minimize security risks.", - "references": [ - "https://learn.microsoft.com/en-us/azure/role-based-access-control/elevate-access-global-admin?tabs=azure-portal%2Centra-audit-logs" - ] - }, - "risk_details": "Persistent assignment of this role can lead to privilege escalation and unauthorized access, increasing the risk of security breaches.", - "time": 1760900493, - "time_dt": "2025-10-19T19:01:33.799774", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Role assignment 083c1758-89d9-4b12-8005-48e7e359dc4f in subscription Azure subscription 1 does not grant User Access Administrator role.", - "metadata": { - "event_code": "iam_role_user_access_admin_restricted", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Role assignment 083c1758-89d9-4b12-8005-48e7e359dc4f in subscription Azure subscription 1 does not grant User Access Administrator role.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/privileged#user-access-administrator", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.LB.CN04.AR01", - "CCC.LB.CN05.AR01", - "CCC.LB.CN09.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.MLDE.CN03.AR01", - "CCC.MLDE.CN03.AR02", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ], - "CIS-4.0": [ - "6.3.3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900493, - "created_time_dt": "2025-10-19T19:01:33.799774", - "desc": "Checks for active assignments of the highly privileged 'User Access Administrator' role in Azure subscriptions.", - "title": "Ensure 'User Access Administrator' role is restricted", - "types": [], - "uid": "prowler-azure-iam_role_user_access_admin_restricted-3bb71587-4549-4396-8898-9e15f062e665-global-083c1758-89d9-4b12-8005-48e7e359dc4f" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Authorization/roleAssignments/083c1758-89d9-4b12-8005-48e7e359dc4f", - "name": "083c1758-89d9-4b12-8005-48e7e359dc4f", - "scope": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665", - "agent_id": "88c2c157-980b-416e-b77e-ec04f7f1b984", - "agent_type": "User", - "role_id": "8e3af657-a8ff-443c-a75c-2fe8c4bcb635" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "083c1758-89d9-4b12-8005-48e7e359dc4f", - "type": "AzureIAMRoleassignment", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Authorization/roleAssignments/083c1758-89d9-4b12-8005-48e7e359dc4f" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "Remove 'User Access Administrator' role assignments immediately after use to minimize security risks.", - "references": [ - "https://learn.microsoft.com/en-us/azure/role-based-access-control/elevate-access-global-admin?tabs=azure-portal%2Centra-audit-logs" - ] - }, - "risk_details": "Persistent assignment of this role can lead to privilege escalation and unauthorized access, increasing the risk of security breaches.", - "time": 1760900493, - "time_dt": "2025-10-19T19:01:33.799774", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Role assignment 2c61de5e-5cbb-42b9-9f2a-9dd930efe3fb in subscription Azure subscription 1 does not grant User Access Administrator role.", - "metadata": { - "event_code": "iam_role_user_access_admin_restricted", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Role assignment 2c61de5e-5cbb-42b9-9f2a-9dd930efe3fb in subscription Azure subscription 1 does not grant User Access Administrator role.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/privileged#user-access-administrator", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.LB.CN04.AR01", - "CCC.LB.CN05.AR01", - "CCC.LB.CN09.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.MLDE.CN03.AR01", - "CCC.MLDE.CN03.AR02", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ], - "CIS-4.0": [ - "6.3.3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900493, - "created_time_dt": "2025-10-19T19:01:33.799774", - "desc": "Checks for active assignments of the highly privileged 'User Access Administrator' role in Azure subscriptions.", - "title": "Ensure 'User Access Administrator' role is restricted", - "types": [], - "uid": "prowler-azure-iam_role_user_access_admin_restricted-3bb71587-4549-4396-8898-9e15f062e665-global-2c61de5e-5cbb-42b9-9f2a-9dd930efe3fb" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Authorization/roleAssignments/2c61de5e-5cbb-42b9-9f2a-9dd930efe3fb", - "name": "2c61de5e-5cbb-42b9-9f2a-9dd930efe3fb", - "scope": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665", - "agent_id": "88c2c157-980b-416e-b77e-ec04f7f1b984", - "agent_type": "User", - "role_id": "b24988ac-6180-42a0-ab88-20f7382dd24c" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "2c61de5e-5cbb-42b9-9f2a-9dd930efe3fb", - "type": "AzureIAMRoleassignment", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Authorization/roleAssignments/2c61de5e-5cbb-42b9-9f2a-9dd930efe3fb" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "Remove 'User Access Administrator' role assignments immediately after use to minimize security risks.", - "references": [ - "https://learn.microsoft.com/en-us/azure/role-based-access-control/elevate-access-global-admin?tabs=azure-portal%2Centra-audit-logs" - ] - }, - "risk_details": "Persistent assignment of this role can lead to privilege escalation and unauthorized access, increasing the risk of security breaches.", - "time": 1760900493, - "time_dt": "2025-10-19T19:01:33.799774", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Role assignment 154eadeb-e375-4263-b4bd-4a2a2237ecd2 in subscription Azure subscription 1 does not grant User Access Administrator role.", - "metadata": { - "event_code": "iam_role_user_access_admin_restricted", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Role assignment 154eadeb-e375-4263-b4bd-4a2a2237ecd2 in subscription Azure subscription 1 does not grant User Access Administrator role.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/privileged#user-access-administrator", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.LB.CN04.AR01", - "CCC.LB.CN05.AR01", - "CCC.LB.CN09.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.MLDE.CN03.AR01", - "CCC.MLDE.CN03.AR02", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ], - "CIS-4.0": [ - "6.3.3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900493, - "created_time_dt": "2025-10-19T19:01:33.799774", - "desc": "Checks for active assignments of the highly privileged 'User Access Administrator' role in Azure subscriptions.", - "title": "Ensure 'User Access Administrator' role is restricted", - "types": [], - "uid": "prowler-azure-iam_role_user_access_admin_restricted-3bb71587-4549-4396-8898-9e15f062e665-global-154eadeb-e375-4263-b4bd-4a2a2237ecd2" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Authorization/roleAssignments/154eadeb-e375-4263-b4bd-4a2a2237ecd2", - "name": "154eadeb-e375-4263-b4bd-4a2a2237ecd2", - "scope": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665", - "agent_id": "80dfb9bd-1c99-4012-9de7-580a68334b45", - "agent_type": "ServicePrincipal", - "role_id": "8e3af657-a8ff-443c-a75c-2fe8c4bcb635" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "154eadeb-e375-4263-b4bd-4a2a2237ecd2", - "type": "AzureIAMRoleassignment", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Authorization/roleAssignments/154eadeb-e375-4263-b4bd-4a2a2237ecd2" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "Remove 'User Access Administrator' role assignments immediately after use to minimize security risks.", - "references": [ - "https://learn.microsoft.com/en-us/azure/role-based-access-control/elevate-access-global-admin?tabs=azure-portal%2Centra-audit-logs" - ] - }, - "risk_details": "Persistent assignment of this role can lead to privilege escalation and unauthorized access, increasing the risk of security breaches.", - "time": 1760900493, - "time_dt": "2025-10-19T19:01:33.799774", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There is not an alert for creating Policy Assignments in subscription Azure subscription 1.", - "metadata": { - "event_code": "monitor_alert_create_policy_assignment", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "There is not an alert for creating Policy Assignments in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://azure.microsoft.com/en-us/updates/classic-alerting-monitoring-retirement", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "By default, no monitoring alerts are created.", - "compliance": { - "ENS-RD2022": [ - "op.mon.2.r1.az.ma.1" - ], - "MITRE-ATTACK": [ - "T1496" - ], - "CIS-2.0": [ - "5.2.1" - ], - "ProwlerThreatScore-1.0": [ - "3.3.3" - ], - "ISO27001-2022": [ - "A.5.7", - "A.8.16" - ], - "SOC2": [ - "cc_2_1", - "cc_5_2", - "cc_7_3", - "cc_7_4", - "cc_8_1" - ], - "CIS-2.1": [ - "5.2.1" - ], - "CIS-3.0": [ - "6.2.1" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR02", - "CCC.KeyMgmt.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.LB.CN04.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN07.AR02" - ], - "CIS-4.0": [ - "7.1.2.1" - ], - "NIS2": [ - "2.2.3", - "3.2.1", - "3.2.2", - "3.2.3.b", - "3.2.3.f", - "3.2.4", - "3.4.1", - "3.5.4", - "4.3.2.c", - "6.4.1", - "7.2.b", - "11.3.1", - "11.5.2.d" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900493, - "created_time_dt": "2025-10-19T19:01:33.799774", - "desc": "Create an activity log alert for the Create Policy Assignment event.", - "title": "Ensure that Activity Log Alert exists for Create Policy Assignment", - "types": [], - "uid": "prowler-azure-monitor_alert_create_policy_assignment-3bb71587-4549-4396-8898-9e15f062e665-global-Monitor" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "monitor" - }, - "labels": [], - "name": "Monitor", - "type": "Monitor", - "uid": "Monitor" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. Navigate to the Monitor blade. 2. Select Alerts. 3. Select Create. 4. Select Alert rule. 5. Under Filter by subscription, choose a subscription. 6. Under Filter by resource type, select Policy assignment (policyAssignments). 7. Under Filter by location, select All. 8. From the results, select the subscription. 9. Select Done. 10. Select the Condition tab. 11. Under Signal name, click Create policy assignment (Microsoft.Authorization/policyAssignments). 12. Select the Actions tab. 13. To use an existing action group, click elect action groups. To create a new action group, click Create action group. Fill out the appropriate details for the selection. 14. Select the Details tab. 15. Select a Resource group, provide an Alert rule name and an optional Alert rule description. 16. Click Review + create. 17. Click Create.", - "references": [ - "https://docs.microsoft.com/en-in/azure/azure-monitor/platform/alerts-activity-log" - ] - }, - "risk_details": "Monitoring for create policy assignment events gives insight into changes done in 'Azure policy - assignments' and can reduce the time it takes to detect unsolicited changes.", - "time": 1760900493, - "time_dt": "2025-10-19T19:01:33.799774", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There is not an alert for creating/updating Network Security Groups in subscription Azure subscription 1.", - "metadata": { - "event_code": "monitor_alert_create_update_nsg", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "There is not an alert for creating/updating Network Security Groups in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-in/azure/azure-monitor/platform/alerts-activity-log", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "By default, no monitoring alerts are created.", - "compliance": { - "ENS-RD2022": [ - "op.mon.2.r1.az.ma.1" - ], - "CIS-2.0": [ - "5.2.3" - ], - "ProwlerThreatScore-1.0": [ - "3.3.5" - ], - "ISO27001-2022": [ - "A.5.7", - "A.8.16" - ], - "SOC2": [ - "cc_2_1", - "cc_5_2", - "cc_7_3", - "cc_7_4", - "cc_8_1" - ], - "CIS-2.1": [ - "5.2.3" - ], - "CIS-3.0": [ - "6.2.3" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR02", - "CCC.KeyMgmt.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.LB.CN04.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN07.AR02" - ], - "PCI-4.0": [ - "10.2.1.1.8", - "10.4.2.2", - "10.4.3.1", - "10.6.3.8", - "10.7.1.3", - "10.7.2.3", - "11.5.2.2", - "11.6.1.2", - "12.10.5.2", - "A3.3.1.3", - "A3.5.1.3" - ], - "CIS-4.0": [ - "7.1.2.3" - ], - "NIS2": [ - "2.2.3", - "3.2.1", - "3.2.2", - "3.2.3.a", - "3.2.3.f", - "3.2.4", - "3.4.1", - "3.5.4", - "4.3.2.c", - "6.4.1", - "7.2.b", - "11.3.1", - "11.5.2.d" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900493, - "created_time_dt": "2025-10-19T19:01:33.799774", - "desc": "Create an Activity Log Alert for the Create or Update Network Security Group event.", - "title": "Ensure that Activity Log Alert exists for Create or Update Network Security Group", - "types": [], - "uid": "prowler-azure-monitor_alert_create_update_nsg-3bb71587-4549-4396-8898-9e15f062e665-global-Monitor" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "monitor" - }, - "labels": [], - "name": "Monitor", - "type": "Monitor", - "uid": "Monitor" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. Navigate to the Monitor blade. 2. Select Alerts. 3. Select Create. 4. Select Alert rule. 5. Under Filter by subscription, choose a subscription. 6. Under Filter by resource type, select Network security groups. 7. Under Filter by location, select All. 8. From the results, select the subscription. 9. Select Done. 10. Select the Condition tab. 11. Under Signal name, click Create or Update Network Security Group (Microsoft.Network/networkSecurityGroups). 12. Select the Actions tab. 13. To use an existing action group, click Select action groups. To create a new action group, click Create action group. Fill out the appropriate details for the selection. 14. Select the Details tab. 15. Select a Resource group, provide an Alert rule name and an optional Alert rule description. 16. Click Review + create. 17. Click Create.", - "references": [ - "https://azure.microsoft.com/en-us/updates/classic-alerting-monitoring-retirement" - ] - }, - "risk_details": "Monitoring for Create or Update Network Security Group events gives insight into network access changes and may reduce the time it takes to detect suspicious activity.", - "time": 1760900493, - "time_dt": "2025-10-19T19:01:33.799774", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There is not an alert for creating/updating Public IP address rule in subscription Azure subscription 1.", - "metadata": { - "event_code": "monitor_alert_create_update_public_ip_address_rule", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "There is not an alert for creating/updating Public IP address rule in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-in/azure/azure-monitor/platform/alerts-activity-log", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "By default, no monitoring alerts are created.", - "compliance": { - "ENS-RD2022": [ - "op.mon.2.r1.az.ma.1" - ], - "MITRE-ATTACK": [ - "T1496" - ], - "CIS-2.0": [ - "5.2.9" - ], - "ProwlerThreatScore-1.0": [ - "3.3.11" - ], - "ISO27001-2022": [ - "A.5.7", - "A.8.1", - "A.8.16" - ], - "SOC2": [ - "cc_2_1", - "cc_5_2", - "cc_7_3", - "cc_7_4", - "cc_8_1" - ], - "CIS-2.1": [ - "5.2.9" - ], - "CIS-3.0": [ - "6.2.9" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR02", - "CCC.KeyMgmt.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.LB.CN04.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN07.AR02" - ], - "CIS-4.0": [ - "7.1.2.9" - ], - "NIS2": [ - "2.2.3", - "3.2.1", - "3.2.2", - "3.2.3.a", - "3.2.3.f", - "3.2.4", - "3.4.1", - "3.5.4", - "4.3.2.c", - "6.4.1", - "7.2.b", - "11.5.2.d" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900493, - "created_time_dt": "2025-10-19T19:01:33.799774", - "desc": "Create an activity log alert for the Create or Update Public IP Addresses rule.", - "title": "Ensure that Activity Log Alert exists for Create or Update Public IP Address rule", - "types": [], - "uid": "prowler-azure-monitor_alert_create_update_public_ip_address_rule-3bb71587-4549-4396-8898-9e15f062e665-global-Monitor" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "monitor" - }, - "labels": [], - "name": "Monitor", - "type": "Monitor", - "uid": "Monitor" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. Navigate to the Monitor blade. 2. Select Alerts. 3. Select Create. 4. Select Alert rule. 5. Under Filter by subscription, choose a subscription. 6. Under Filter by resource type, select Public IP addresses. 7. Under Filter by location, select All. 8. From the results, select the subscription. 9. Select Done. 10. Select the Condition tab. 11. Under Signal name, click Create or Update Public Ip Address (Microsoft.Network/publicIPAddresses). 12. Select the Actions tab. 13. To use an existing action group, click Select action groups. To create a new action group, click Create action group. Fill out the appropriate details for the selection. 14. Select the Details tab. 15. Select a Resource group, provide an Alert rule name and an optional Alert rule description. 16. Click Review + create. 17. Click Create.", - "references": [ - "https://azure.microsoft.com/en-us/updates/classic-alerting-monitoring-retirement" - ] - }, - "risk_details": "Monitoring for Create or Update Public IP Address events gives insight into network access changes and may reduce the time it takes to detect suspicious activity.", - "time": 1760900493, - "time_dt": "2025-10-19T19:01:33.799774", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There is not an alert for creating/updating Security Solution in subscription Azure subscription 1.", - "metadata": { - "event_code": "monitor_alert_create_update_security_solution", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "There is not an alert for creating/updating Security Solution in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-in/azure/azure-monitor/platform/alerts-activity-log", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "By default, no monitoring alerts are created.", - "compliance": { - "ENS-RD2022": [ - "op.mon.2.r1.az.ma.1", - "op.mon.3.r6.az.ma.1" - ], - "MITRE-ATTACK": [ - "T1496" - ], - "CIS-2.0": [ - "5.2.5" - ], - "ProwlerThreatScore-1.0": [ - "3.3.7" - ], - "ISO27001-2022": [ - "A.5.7", - "A.5.16", - "A.5.22", - "A.8.16" - ], - "SOC2": [ - "cc_2_1", - "cc_5_2", - "cc_7_3", - "cc_7_4", - "cc_8_1" - ], - "CIS-2.1": [ - "5.2.5" - ], - "CIS-3.0": [ - "6.2.5" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR02", - "CCC.KeyMgmt.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.LB.CN04.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN07.AR02" - ], - "CIS-4.0": [ - "7.1.2.5" - ], - "NIS2": [ - "2.2.3", - "3.2.1", - "3.2.2", - "3.2.3.f", - "3.2.4", - "3.4.1", - "3.5.4", - "4.3.2.c", - "6.4.1", - "7.2.b", - "11.5.2.d" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900493, - "created_time_dt": "2025-10-19T19:01:33.799774", - "desc": "Create an activity log alert for the Create or Update Security Solution event.", - "title": "Ensure that Activity Log Alert exists for Create or Update Security Solution", - "types": [], - "uid": "prowler-azure-monitor_alert_create_update_security_solution-3bb71587-4549-4396-8898-9e15f062e665-global-Monitor" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "monitor" - }, - "labels": [], - "name": "Monitor", - "type": "Monitor", - "uid": "Monitor" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. Navigate to the Monitor blade. 2. Select Alerts. 3. Select Create. 4. Select Alert rule. 5. Under Filter by subscription, choose a subscription. 6. Under Filter by resource type, select Security Solutions (securitySolutions). 7. Under Filter by location, select All. 8. From the results, select the subscription. 9. Select Done. 10. Select the Condition tab. 11. Under Signal name, click Create or Update Security Solutions (Microsoft.Security/securitySolutions). 12. Select the Actions tab. 13. To use an existing action group, click Select action groups. To create a new action group, click Create action group. Fill out the appropriate details for the selection. 14. Select the Details tab. 15. Select a Resource group, provide an Alert rule name and an optional Alert rule description. 16. Click Review + create. 17. Click Create.", - "references": [ - "https://azure.microsoft.com/en-us/updates/classic-alerting-monitoring-retirement" - ] - }, - "risk_details": "Monitoring for Create or Update Security Solution events gives insight into changes to the active security solutions and may reduce the time it takes to detect suspicious activity.", - "time": 1760900493, - "time_dt": "2025-10-19T19:01:33.799774", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There is not an alert for creating/updating SQL Server firewall rule in subscription Azure subscription 1.", - "metadata": { - "event_code": "monitor_alert_create_update_sqlserver_fr", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "There is not an alert for creating/updating SQL Server firewall rule in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-in/azure/azure-monitor/platform/alerts-activity-log", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "By default, no monitoring alerts are created.", - "compliance": { - "ENS-RD2022": [ - "op.mon.2.r1.az.ma.1" - ], - "MITRE-ATTACK": [ - "T1496" - ], - "CIS-2.0": [ - "5.2.7" - ], - "ProwlerThreatScore-1.0": [ - "3.3.9" - ], - "ISO27001-2022": [ - "A.5.7", - "A.8.16" - ], - "SOC2": [ - "cc_2_1", - "cc_5_2", - "cc_7_3", - "cc_7_4", - "cc_8_1" - ], - "CIS-2.1": [ - "5.2.7" - ], - "CIS-3.0": [ - "6.2.7" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR02", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN07.AR02" - ], - "PCI-4.0": [ - "10.2.1.1.9", - "10.2.1.1.10", - "10.2.1.1.22", - "10.2.1.2.8", - "10.2.1.2.19", - "10.2.1.3.8", - "10.2.1.3.19", - "10.2.1.4.8", - "10.2.1.4.19", - "10.2.1.5.8", - "10.2.1.5.19", - "10.2.1.6.8", - "10.2.1.6.19", - "10.2.1.7.8", - "10.2.1.7.19", - "10.2.1.8", - "10.2.1.19", - "10.2.2.8", - "10.2.2.19", - "10.3.1.8", - "10.3.1.19", - "10.4.1.1.2", - "10.4.1.2", - "10.4.2.3", - "10.6.3.9", - "10.6.3.10", - "10.6.3.24", - "10.7.1.4", - "10.7.2.4", - "5.3.4.9", - "5.3.4.22", - "A1.2.1.10", - "A1.2.1.23", - "A3.3.1.4", - "A3.5.1.4" - ], - "CIS-4.0": [ - "7.1.2.7" - ], - "NIS2": [ - "2.2.3", - "3.2.1", - "3.2.2", - "3.2.3.a", - "3.2.3.f", - "3.2.4", - "3.4.1", - "3.5.4", - "4.3.2.c", - "6.4.1", - "7.2.b", - "11.3.1", - "11.5.2.d" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900493, - "created_time_dt": "2025-10-19T19:01:33.799774", - "desc": "Create an activity log alert for the Create or Update SQL Server Firewall Rule event.", - "title": "Ensure that Activity Log Alert exists for Create or Update SQL Server Firewall Rule", - "types": [], - "uid": "prowler-azure-monitor_alert_create_update_sqlserver_fr-3bb71587-4549-4396-8898-9e15f062e665-global-Monitor" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "monitor" - }, - "labels": [], - "name": "Monitor", - "type": "Monitor", - "uid": "Monitor" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. Navigate to the Monitor blade. 2. Select Alerts. 3. Select Create. 4. Select Alert rule. 5. Under Filter by subscription, choose a subscription. 6. Under Filter by resource type, select Server Firewall Rule (servers/firewallRules). 7. Under Filter by location, select All. 8. From the results, select the subscription. 9. Select Done. 10. Select the Condition tab. 11. Under Signal name, click Create/Update server firewall rule (Microsoft.Sql/servers/firewallRules). 12. Select the Actions tab. 13. To use an existing action group, click Select action groups. To create a new action group, click Create action group. Fill out the appropriate details for the selection. 14. Select the Details tab. 15. Select a Resource group, provide an Alert rule name and an optional Alert rule description. 16. Click Review + create. 17. Click Create.", - "references": [ - "https://azure.microsoft.com/en-us/updates/classic-alerting-monitoring-retirement" - ] - }, - "risk_details": "Monitoring for Create or Update SQL Server Firewall Rule events gives insight into network access changes and may reduce the time it takes to detect suspicious activity.", - "time": 1760900493, - "time_dt": "2025-10-19T19:01:33.799774", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There is not an alert for deleting Network Security Groups in subscription Azure subscription 1.", - "metadata": { - "event_code": "monitor_alert_delete_nsg", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "There is not an alert for deleting Network Security Groups in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-in/azure/azure-monitor/platform/alerts-activity-log", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "By default, no monitoring alerts are created.", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.2" - ], - "MITRE-ATTACK": [ - "T1485", - "T1496" - ], - "CIS-2.0": [ - "5.2.4" - ], - "ProwlerThreatScore-1.0": [ - "3.3.6" - ], - "ISO27001-2022": [ - "A.5.7", - "A.8.16" - ], - "SOC2": [ - "cc_2_1", - "cc_5_2", - "cc_7_3", - "cc_7_4", - "cc_8_1" - ], - "CIS-2.1": [ - "5.2.4" - ], - "CIS-3.0": [ - "6.2.4" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR02", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN07.AR02" - ], - "CIS-4.0": [ - "7.1.2.4" - ], - "NIS2": [ - "2.2.3", - "3.2.1", - "3.2.2", - "3.2.3.a", - "3.2.3.f", - "3.2.4", - "3.4.1", - "3.5.4", - "4.3.2.c", - "6.4.1", - "7.2.b", - "11.3.1", - "11.5.2.d" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900493, - "created_time_dt": "2025-10-19T19:01:33.799774", - "desc": "Create an activity log alert for the Delete Network Security Group event.", - "title": "Ensure that Activity Log Alert exists for Delete Network Security Group", - "types": [], - "uid": "prowler-azure-monitor_alert_delete_nsg-3bb71587-4549-4396-8898-9e15f062e665-global-Monitor" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "monitor" - }, - "labels": [], - "name": "Monitor", - "type": "Monitor", - "uid": "Monitor" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. Navigate to the Monitor blade. 2. Select Alerts. 3. Select Create. 4. Select Alert rule. 5. Under Filter by subscription, choose a subscription. 6. Under Filter by resource type, select Network security groups. 7. Under Filter by location, select All. 8. From the results, select the subscription. 9. Select Done. 10. Select the Condition tab. 11. Under Signal name, click Delete Network Security Group (Microsoft.Network/networkSecurityGroups). 12. Select the Actions tab. 13. To use an existing action group, click Select action groups. To create a new action group, click Create action group. Fill out the appropriate details for the selection. 14. Select the Details tab. 15. Select a Resource group, provide an Alert rule name and an optional Alert rule description. 16. Click Review + create. 17. Click Create.", - "references": [ - "https://azure.microsoft.com/en-us/updates/classic-alerting-monitoring-retirement" - ] - }, - "risk_details": "Monitoring for 'Delete Network Security Group' events gives insight into network access changes and may reduce the time it takes to detect suspicious activity.", - "time": 1760900493, - "time_dt": "2025-10-19T19:01:33.799774", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There is not an alert for deleting policy assignment in subscription Azure subscription 1.", - "metadata": { - "event_code": "monitor_alert_delete_policy_assignment", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "There is not an alert for deleting policy assignment in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-in/rest/api/monitor/activitylogalerts/createorupdate", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "By default, no monitoring alerts are created.", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.2" - ], - "MITRE-ATTACK": [ - "T1485", - "T1496" - ], - "CIS-2.0": [ - "5.2.2" - ], - "ProwlerThreatScore-1.0": [ - "3.3.4" - ], - "ISO27001-2022": [ - "A.5.7", - "A.8.16" - ], - "SOC2": [ - "cc_2_1", - "cc_5_2", - "cc_7_3", - "cc_7_4", - "cc_8_1" - ], - "CIS-2.1": [ - "5.2.2" - ], - "CIS-3.0": [ - "6.2.2" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR02", - "CCC.Logging.CN07.AR01" - ], - "CIS-4.0": [ - "7.1.2.2" - ], - "NIS2": [ - "2.2.3", - "3.2.1", - "3.2.2", - "3.2.3.b", - "3.2.3.f", - "3.2.4", - "3.4.1", - "3.5.4", - "4.3.2.c", - "6.4.1", - "7.2.b", - "11.3.1", - "11.5.2.d" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900493, - "created_time_dt": "2025-10-19T19:01:33.799774", - "desc": "Create an activity log alert for the Delete Policy Assignment event.", - "title": "Ensure that Activity Log Alert exists for Delete Policy Assignment", - "types": [], - "uid": "prowler-azure-monitor_alert_delete_policy_assignment-3bb71587-4549-4396-8898-9e15f062e665-global-Monitor" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "monitor" - }, - "labels": [], - "name": "Monitor", - "type": "Monitor", - "uid": "Monitor" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. Navigate to the Monitor blade. 2. Select Alerts. 3. Select Create. 4. Select Alert rule. 5. Under Filter by subscription, choose a subscription. 6. Under Filter by resource type, select Policy assignment (policyAssignments). 7. Under Filter by location, select All. 8. From the results, select the subscription. 9. Select Done. 10. Select the Condition tab. 11. Under Signal name, click Delete policy assignment (Microsoft.Authorization/policyAssignments). 12. Select the Actions tab. 13. To use an existing action group, click Select action groups. To create a new action group, click Create action group. Fill out the appropriate details for the selection. 14. Select the Details tab. 15. Select a Resource group, provide an Alert rule name and an optional Alert rule description. 16. Click Review + create. 17. Click Create.", - "references": [ - "https://docs.microsoft.com/en-in/azure/azure-monitor/platform/alerts-activity-log" - ] - }, - "risk_details": "Monitoring for delete policy assignment events gives insight into changes done in 'azure policy - assignments' and can reduce the time it takes to detect unsolicited changes.", - "time": 1760900493, - "time_dt": "2025-10-19T19:01:33.799774", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There is not an alert for deleting public IP address rule in subscription Azure subscription 1.", - "metadata": { - "event_code": "monitor_alert_delete_public_ip_address_rule", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "There is not an alert for deleting public IP address rule in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-in/azure/azure-monitor/platform/alerts-activity-log", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "By default, no monitoring alerts are created.", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.2" - ], - "MITRE-ATTACK": [ - "T1485", - "T1496" - ], - "CIS-2.0": [ - "5.2.10" - ], - "ProwlerThreatScore-1.0": [ - "3.3.12" - ], - "ISO27001-2022": [ - "A.5.7", - "A.8.1", - "A.8.16" - ], - "SOC2": [ - "cc_2_1", - "cc_5_2", - "cc_7_3", - "cc_7_4", - "cc_8_1" - ], - "CIS-2.1": [ - "5.2.10" - ], - "CIS-3.0": [ - "6.2.10" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR02", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN07.AR02" - ], - "CIS-4.0": [ - "7.1.2.10" - ], - "NIS2": [ - "2.2.3", - "3.2.1", - "3.2.2", - "3.2.3.a", - "3.2.3.f", - "3.2.4", - "3.4.1", - "3.5.4", - "4.3.2.c", - "6.4.1", - "7.2.b", - "11.5.2.d" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900493, - "created_time_dt": "2025-10-19T19:01:33.799774", - "desc": "Create an activity log alert for the Delete Public IP Address rule.", - "title": "Ensure that Activity Log Alert exists for Delete Public IP Address rule", - "types": [], - "uid": "prowler-azure-monitor_alert_delete_public_ip_address_rule-3bb71587-4549-4396-8898-9e15f062e665-global-Monitor" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "monitor" - }, - "labels": [], - "name": "Monitor", - "type": "Monitor", - "uid": "Monitor" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. Navigate to the Monitor blade. 2. Select Alerts. 3. Select Create. 4. Select Alert rule. 5. Under Filter by subscription, choose a subscription. 6. Under Filter by resource type, select Public IP addresses. 7. Under Filter by location, select All. 8. From the results, select the subscription. 9. Select Done. 10. Select the Condition tab. 11. Under Signal name, click Delete Public Ip Address (Microsoft.Network/publicIPAddresses). 12. Select the Actions tab. 13. To use an existing action group, click Select action groups. To create a new action group, click Create action group. Fill out the appropriate details for the selection. 14. Select the Details tab. 15. Select a Resource group, provide an Alert rule name and an optional Alert rule description. 16. Click Review + create. 17. Click Create.", - "references": [ - "https://azure.microsoft.com/en-us/updates/classic-alerting-monitoring-retirement" - ] - }, - "risk_details": "Monitoring for Delete Public IP Address events gives insight into network access changes and may reduce the time it takes to detect suspicious activity.", - "time": 1760900493, - "time_dt": "2025-10-19T19:01:33.799774", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There is not an alert for deleting Security Solution in subscription Azure subscription 1.", - "metadata": { - "event_code": "monitor_alert_delete_security_solution", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "There is not an alert for deleting Security Solution in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-in/azure/azure-monitor/platform/alerts-activity-log", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "By default, no monitoring alerts are created.", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.2" - ], - "MITRE-ATTACK": [ - "T1485", - "T1496" - ], - "CIS-2.0": [ - "5.2.6" - ], - "ProwlerThreatScore-1.0": [ - "3.3.8" - ], - "ISO27001-2022": [ - "A.5.7", - "A.5.16", - "A.5.22", - "A.8.16" - ], - "SOC2": [ - "cc_2_1", - "cc_5_2", - "cc_7_3", - "cc_7_4", - "cc_8_1" - ], - "CIS-2.1": [ - "5.2.6" - ], - "CIS-3.0": [ - "6.2.6" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR02", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN07.AR02" - ], - "CIS-4.0": [ - "7.1.2.6" - ], - "NIS2": [ - "2.2.3", - "3.2.1", - "3.2.2", - "3.2.3.f", - "3.2.4", - "3.4.1", - "3.5.4", - "4.3.2.c", - "6.4.1", - "7.2.b", - "11.5.2.d" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900493, - "created_time_dt": "2025-10-19T19:01:33.799774", - "desc": "Create an activity log alert for the Delete Security Solution event.", - "title": "Ensure that Activity Log Alert exists for Delete Security Solution", - "types": [], - "uid": "prowler-azure-monitor_alert_delete_security_solution-3bb71587-4549-4396-8898-9e15f062e665-global-Monitor" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "monitor" - }, - "labels": [], - "name": "Monitor", - "type": "Monitor", - "uid": "Monitor" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. Navigate to the Monitor blade. 2. Select Alerts. 3. Select Create. 4. Select Alert rule. 5. Under Filter by subscription, choose a subscription. 6. Under Filter by resource type, select Security Solutions (securitySolutions). 7. Under Filter by location, select All. 8. From the results, select the subscription. 9. Select Done. 10. Select the Condition tab. 11. Under Signal name, click Delete Security Solutions (Microsoft.Security/securitySolutions). 12. Select the Actions tab. 13. To use an existing action group, click Select action groups. To create a new action group, click Create action group. Fill out the appropriate details for the selection. 14. Select the Details tab. 15. Select a Resource group, provide an Alert rule name and an optional Alert rule description. 16. Click Review + create. 17. Click Create.curitySolutions). 7. Under Filter by location, select All. 8. From the results, select the subscription. 9. Select Done. 10. Select the Condition tab. 11. Under Signal name, click Create or Update Security Solutions (Microsoft.Security/securitySolutions). 12. Select the Actions tab. 13. To use an existing action group, click Select action groups. To create a new action group, click Create action group. Fill out the appropriate details for the selection. 14. Select the Details tab. 15. Select a Resource group, provide an Alert rule name and an optional Alert rule description. 16. Click Review + create. 17. Click Create.", - "references": [ - "https://azure.microsoft.com/en-us/updates/classic-alerting-monitoring-retirement" - ] - }, - "risk_details": "Monitoring for Delete Security Solution events gives insight into changes to the active security solutions and may reduce the time it takes to detect suspicious activity.", - "time": 1760900493, - "time_dt": "2025-10-19T19:01:33.799774", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There is not an alert for deleting SQL Server firewall rule in subscription Azure subscription 1.", - "metadata": { - "event_code": "monitor_alert_delete_sqlserver_fr", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "There is not an alert for deleting SQL Server firewall rule in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-in/azure/azure-monitor/platform/alerts-activity-log", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "By default, no monitoring alerts are created.", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.2" - ], - "MITRE-ATTACK": [ - "T1485", - "T1496" - ], - "CIS-2.0": [ - "5.2.8" - ], - "ProwlerThreatScore-1.0": [ - "3.3.10" - ], - "ISO27001-2022": [ - "A.5.7", - "A.8.16" - ], - "SOC2": [ - "cc_2_1", - "cc_5_2", - "cc_7_3", - "cc_7_4", - "cc_8_1" - ], - "CIS-2.1": [ - "5.2.8" - ], - "CIS-3.0": [ - "6.2.8" - ], - "CCC": [ - "CCC.Logging.CN07.AR01" - ], - "CIS-4.0": [ - "7.1.2.8" - ], - "NIS2": [ - "2.2.3", - "3.2.1", - "3.2.2", - "3.2.3.f", - "3.2.4", - "3.4.1", - "3.5.4", - "4.3.2.c", - "6.4.1", - "7.2.b", - "11.3.1", - "11.5.2.d" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900493, - "created_time_dt": "2025-10-19T19:01:33.799774", - "desc": "Create an activity log alert for the 'Delete SQL Server Firewall Rule.'", - "title": "Ensure that Activity Log Alert exists for Delete SQL Server Firewall Rule", - "types": [], - "uid": "prowler-azure-monitor_alert_delete_sqlserver_fr-3bb71587-4549-4396-8898-9e15f062e665-global-Monitor" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "monitor" - }, - "labels": [], - "name": "Monitor", - "type": "Monitor", - "uid": "Monitor" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. Navigate to the Monitor blade. 2. Select Alerts. 3. Select Create. 4. Select Alert rule. 5. Under Filter by subscription, choose a subscription. 6. Under Filter by resource type, select Server Firewall Rule (servers/firewallRules). 7. Under Filter by location, select All. 8. From the results, select the subscription. 9. Select Done. 10. Select the Condition tab. 11. Under Signal name, click Delete server firewall rule (Microsoft.Sql/servers/firewallRules). 12. Select the Actions tab. 13. To use an existing action group, click Select action groups. To create a new action group, click Create action group. Fill out the appropriate details for the selection. 14. Select the Details tab. 15. Select a Resource group, provide an Alert rule name and an optional Alert rule description. 16. Click Review + create. 17. Click Create.", - "references": [ - "https://azure.microsoft.com/en-us/updates/classic-alerting-monitoring-retirement" - ] - }, - "risk_details": "Monitoring for Delete SQL Server Firewall Rule events gives insight into SQL network access changes and may reduce the time it takes to detect suspicious activity.", - "time": 1760900493, - "time_dt": "2025-10-19T19:01:33.799774", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There is no activity log alert for Service Health in subscription Azure subscription 1.", - "metadata": { - "event_code": "monitor_alert_service_health_exists", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "There is no activity log alert for Service Health in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/service-health/overview", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "By default, in your Azure subscription there will not be any activity log alerts configured for Service Health events.", - "compliance": { - "CCC": [ - "CCC.AuditLog.CN03.AR02", - "CCC.KeyMgmt.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN07.AR02" - ], - "CIS-4.0": [ - "7.1.2.11" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900493, - "created_time_dt": "2025-10-19T19:01:33.799774", - "desc": "Ensure that an Azure activity log alert is configured to trigger when Service Health events occur within your Microsoft Azure cloud account. The alert should activate when new events match the specified conditions in the alert rule configuration.", - "title": "Ensure that an Activity Log Alert exists for Service Health", - "types": [], - "uid": "prowler-azure-monitor_alert_service_health_exists-3bb71587-4549-4396-8898-9e15f062e665-global-Monitor" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "monitor" - }, - "labels": [], - "name": "Monitor", - "type": "Monitor", - "uid": "Monitor" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "Create an activity log alert for Service Health events and configure an action group to notify appropriate personnel.", - "references": [ - "https://learn.microsoft.com/en-us/azure/service-health/alerts-activity-log-service-notifications-portal" - ] - }, - "risk_details": "Lack of monitoring for Service Health events may result in missing critical service issues, planned maintenance, security advisories, or other changes that could impact Azure services and regions in use.", - "time": 1760900493, - "time_dt": "2025-10-19T19:01:33.799774", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There are no diagnostic settings capturing appropiate categories in subscription Azure subscription 1.", - "metadata": { - "event_code": "monitor_diagnostic_setting_with_appropriate_categories", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "There are no diagnostic settings capturing appropiate categories in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/azure-monitor/essentials/diagnostic-settings", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "When the diagnostic setting is created using Azure Portal, by default no categories are selected.", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.az.md.1", - "op.mon.2.az.md.1" - ], - "CIS-2.0": [ - "5.1.2" - ], - "ProwlerThreatScore-1.0": [ - "3.3.2" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.22" - ], - "SOC2": [ - "cc_8_1" - ], - "CIS-2.1": [ - "5.1.2" - ], - "CIS-3.0": [ - "6.1.2" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR02", - "CCC.AuditLog.CN04.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.LB.CN01.AR02", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.ObjStor.CN06.AR01", - "CCC.Core.CN09.AR02", - "CCC.Core.CN09.AR03", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR02", - "CCC.Core.CN04.AR03", - "CCC.Core.CN07.AR02" - ], - "PCI-4.0": [ - "10.2.1.1.7", - "10.2.1.1.15", - "10.2.1.2.7", - "10.2.1.3.7", - "10.2.1.4.7", - "10.2.1.5.7", - "10.2.1.6.7", - "10.2.1.7.7", - "10.2.1.7", - "10.2.2.7", - "10.3.1.7", - "10.3.2.2", - "10.3.3.4", - "10.3.4.3", - "10.4.1.1.3", - "10.4.1.1.4", - "10.4.1.3", - "10.4.2.4", - "10.5.1.3", - "10.6.3.7", - "10.6.3.15", - "10.7.1.5", - "10.7.2.5", - "11.5.2.4", - "11.6.1.4", - "12.10.5.4", - "5.3.4.7", - "5.3.4.8", - "A1.2.1.7", - "A1.2.1.8", - "A3.3.1.6", - "A3.3.1.7", - "A3.5.1.6", - "A3.5.1.7" - ], - "CIS-4.0": [ - "7.1.1.2" - ], - "NIS2": [ - "2.2.3", - "3.2.1", - "3.2.2", - "3.2.3.c", - "3.2.3.f", - "3.4.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900493, - "created_time_dt": "2025-10-19T19:01:33.799774", - "desc": "Prerequisite: A Diagnostic Setting must exist. If a Diagnostic Setting does not exist, the navigation and options within this recommendation will not be available. Please review the recommendation at the beginning of this subsection titled: 'Ensure that a 'Diagnostic Setting' exists.' The diagnostic setting should be configured to log the appropriate activities from the control/management plane.", - "title": "Ensure Diagnostic Setting captures appropriate categories", - "types": [], - "uid": "prowler-azure-monitor_diagnostic_setting_with_appropriate_categories-3bb71587-4549-4396-8898-9e15f062e665-global-Monitor" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "monitor" - }, - "labels": [], - "name": "Monitor", - "type": "Monitor", - "uid": "Monitor" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. Go to Azure Monitor 2. Click Activity log 3. Click on Export Activity Logs 4. Select the Subscription from the drop down menu 5. Click on Add diagnostic setting 6. Enter a name for your new Diagnostic Setting 7. Check the following categories: Administrative, Alert, Policy, and Security 8. Choose the destination details according to your organization's needs.", - "references": [ - "https://learn.microsoft.com/en-us/azure/storage/common/manage-storage-analytics-logs?toc=%2Fazure%2Fstorage%2Fblobs%2Ftoc.json&bc=%2Fazure%2Fstorage%2Fblobs%2Fbreadcrumb%2Ftoc.json&tabs=azure-portal" - ] - }, - "risk_details": "A diagnostic setting controls how the diagnostic log is exported. Capturing the diagnostic setting categories for appropriate control/management plane activities allows proper alerting.", - "time": 1760900493, - "time_dt": "2025-10-19T19:01:33.799774", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No diagnostic settings found in subscription Azure subscription 1.", - "metadata": { - "event_code": "monitor_diagnostic_settings_exists", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "No diagnostic settings found in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/cli/azure/monitor/diagnostic-settings?view=azure-cli-latest", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "By default, diagnostic setting is not set.", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.r5.az.ds.1", - "op.mon.2.r2.az.ma.1" - ], - "CIS-2.0": [ - "5.1.1" - ], - "ProwlerThreatScore-1.0": [ - "3.2.3" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.22" - ], - "SOC2": [ - "cc_8_1" - ], - "CIS-2.1": [ - "5.1.1" - ], - "CIS-3.0": [ - "6.1.1" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN03.AR02", - "CCC.AuditLog.CN04.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.AuditLog.CN06.AR01", - "CCC.AuditLog.CN08.AR01", - "CCC.AuditLog.CN09.AR01", - "CCC.KeyMgmt.CN01.AR01", - "CCC.LB.CN01.AR02", - "CCC.LB.CN06.AR01", - "CCC.LB.CN04.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.AuditLog.CN04.AR01", - "CCC.Logging.CN05.AR01", - "CCC.Logging.CN05.AR02", - "CCC.Logging.CN07.AR01", - "CCC.ObjStor.CN06.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN09.AR01", - "CCC.Core.CN09.AR02", - "CCC.Core.CN09.AR03", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR02", - "CCC.Core.CN04.AR03", - "CCC.Core.CN07.AR02" - ], - "CIS-4.0": [ - "7.1.1.1" - ], - "NIS2": [ - "2.2.3", - "3.2.1", - "3.2.2", - "3.2.3.b", - "3.2.3.c", - "3.2.3.f", - "3.2.3.h", - "3.4.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900493, - "created_time_dt": "2025-10-19T19:01:33.799774", - "desc": "Enable Diagnostic settings for exporting activity logs. Diagnostic settings are available for each individual resource within a subscription. Settings should be configured for all appropriate resources for your environment.", - "title": "Ensure that a 'Diagnostic Setting' exists for Subscription Activity Logs ", - "types": [], - "uid": "prowler-azure-monitor_diagnostic_settings_exists-3bb71587-4549-4396-8898-9e15f062e665-global-Diagnostic Settings" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "monitor" - }, - "labels": [], - "name": "Diagnostic Settings", - "type": "Monitor", - "uid": "diagnostic_settings" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "To enable Diagnostic Settings on a Subscription: 1. Go to Monitor 2. Click on Activity Log 3. Click on Export Activity Logs 4. Click + Add diagnostic setting 5. Enter a Diagnostic setting name 6. Select Categories for the diagnostic settings 7. Select the appropriate Destination details (this may be Log Analytics, Storage Account, Event Hub, or Partner solution) 8. Click Save To enable Diagnostic Settings on a specific resource: 1. Go to Monitor 2. Click Diagnostic settings 3. Click on the resource that has a diagnostics status of disabled 4. Select Add Diagnostic Setting 5. Enter a Diagnostic setting name 6. Select the appropriate log, metric, and destination. (this may be Log Analytics, Storage Account, Event Hub, or Partner solution) 7. Click save Repeat these step for all resources as needed.", - "references": [ - "https://docs.microsoft.com/en-us/azure/monitoring-and-diagnostics/monitoring-overview-activity-logs#export-the-activity-log-with-a-log-profile" - ] - }, - "risk_details": "A diagnostic setting controls how a diagnostic log is exported. By default, logs are retained only for 90 days. Diagnostic settings should be defined so that logs can be exported and stored for a longer duration in order to analyze security activities within an Azure subscription.", - "time": 1760900493, - "time_dt": "2025-10-19T19:01:33.799774", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Bastion Host from subscription Azure subscription 1 does not exist", - "metadata": { - "event_code": "network_bastion_host_exists", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Bastion Host from subscription Azure subscription 1 does not exist", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/bastion/bastion-overview#sku", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "The Azure Bastion service incurs additional costs and requires a specific virtual network configuration. The Standard tier offers additional configuration options compared to the Basic tier and may incur additional costs for those added features.", - "compliance": { - "ENS-RD2022": [ - "mp.com.4.r4.az.nt.1" - ], - "CIS-2.0": [ - "7.1" - ], - "ProwlerThreatScore-1.0": [ - "2.1.5" - ], - "ISO27001-2022": [ - "A.8.14", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "CIS-2.1": [ - "7.1" - ], - "CIS-3.0": [ - "8.1" - ], - "CIS-4.0": [ - "9.4.1" - ], - "NIS2": [ - "2.3.1", - "6.7.2.b", - "6.7.2.l", - "11.1.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900493, - "created_time_dt": "2025-10-19T19:01:33.799774", - "desc": "The Azure Bastion service allows secure remote access to Azure Virtual Machines over the Internet without exposing remote access protocol ports and services directly to the Internet. The Azure Bastion service provides this access using TLS over 443/TCP, and subscribes to hardened configurations within an organization's Azure Active Directory service.", - "title": "Ensure an Azure Bastion Host Exists", - "types": [], - "uid": "prowler-azure-network_bastion_host_exists-3bb71587-4549-4396-8898-9e15f062e665-global-Bastion Host" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "network" - }, - "labels": [], - "name": "Bastion Host", - "type": "Network", - "uid": "Bastion Host" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "From Azure Portal* 1. Click on Bastions 2. Select the Subscription 3. Select the Resource group 4. Type a Name for the new Bastion host 5. Select a Region 6. Choose Standard next to Tier 7. Use the slider to set the Instance count 8. Select the Virtual network or Create new 9. Select the Subnet named AzureBastionSubnet. Create a Subnet named AzureBastionSubnet using a /26 CIDR range if it doesn't already exist. 10. Selct the appropriate Public IP address option. 11. If Create new is selected for the Public IP address option, provide a Public IP address name. 12. If Use existing is selected for Public IP address option, select an IP address from Choose public IP address 13. Click Next: Tags > 14. Configure the appropriate Tags 15. Click Next: Advanced > 16. Select the appropriate Advanced options 17. Click Next: Review + create > 18. Click Create From Azure CLI az network bastion create --location --name --public-ip-address --resource-group --vnet-name --scale-units --sku Standard [--disable-copy- paste true|false] [--enable-ip-connect true|false] [--enable-tunneling true|false] From PowerShell Create the appropriate Virtual network settings and Public IP Address settings. $subnetName = 'AzureBastionSubnet' $subnet = New-AzVirtualNetworkSubnetConfig -Name $subnetName -AddressPrefix $virtualNet = New-AzVirtualNetwork -Name - ResourceGroupName -Location -AddressPrefix -Subnet $subnet $publicip = New-AzPublicIpAddress -ResourceGroupName - Name -Location -AllocationMethod Dynamic -Sku Standard", - "references": [ - "https://learn.microsoft.com/en-us/powershell/module/az.network/get-azbastion?view=azps-9.2.0" - ] - }, - "risk_details": "The Azure Bastion service allows organizations a more secure means of accessing Azure Virtual Machines over the Internet without assigning public IP addresses to those Virtual Machines. The Azure Bastion service provides Remote Desktop Protocol (RDP) and Secure Shell (SSH) access to Virtual Machines using TLS within a web browser, thus preventing organizations from opening up 3389/TCP and 22/TCP to the Internet on Azure Virtual Machines. Additional benefits of the Bastion service includes Multi-Factor Authentication, Conditional Access Policies, and any other hardening measures configured within Azure Active Directory using a central point of access.", - "time": 1760900493, - "time_dt": "2025-10-19T19:01:33.799774", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Network Watcher NetworkWatcher_southcentralus from subscription Azure subscription 1 has no flow logs", - "metadata": { - "event_code": "network_flow_log_captured_sent", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Network Watcher NetworkWatcher_southcentralus from subscription Azure subscription 1 has no flow logs", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/security/benchmark/azure/mcsb-logging-threat-detection#lt-4-enable-network-logging-for-security-investigation", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "The impact of configuring NSG Flow logs is primarily one of cost and configuration. If deployed, it will create storage accounts that hold minimal amounts of data on a 5-day lifecycle before feeding to Log Analytics Workspace. This will increase the amount of data stored and used by Azure Monitor.", - "compliance": { - "ENS-RD2022": [ - "op.mon.1.r1.az.nf.1", - "op.mon.3.az.nw.1", - "mp.s.4.r1.az.nt.1" - ], - "MITRE-ATTACK": [ - "T1048", - "T1499" - ], - "CIS-2.0": [ - "5.1.6" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "ISO27001-2022": [ - "A.8.14", - "A.8.15", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "5.1.5" - ], - "CIS-3.0": [ - "6.1.5" - ], - "CCC": [ - "CCC.LB.CN01.AR02", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR01", - "CCC.Core.CN09.AR03", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR02", - "CCC.Core.CN04.AR03" - ], - "CIS-4.0": [ - "7.1.1.5" - ], - "NIS2": [ - "2.1.2.h", - "2.3.1", - "3.2.3.a", - "3.2.3.d", - "3.2.3.g", - "6.7.2.b", - "6.7.2.l", - "11.1.1", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900493, - "created_time_dt": "2025-10-19T19:01:33.799774", - "desc": "Ensure that network flow logs are captured and fed into a central log analytics workspace.", - "title": "Ensure that network flow logs are captured and fed into a central log analytics workspace.", - "types": [], - "uid": "prowler-azure-network_flow_log_captured_sent-3bb71587-4549-4396-8898-9e15f062e665-southcentralus-NetworkWatcher_southcentralus" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "southcentralus", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_southcentralus", - "name": "NetworkWatcher_southcentralus", - "location": "southcentralus", - "flow_logs": [] - } - }, - "group": { - "name": "network" - }, - "labels": [], - "name": "NetworkWatcher_southcentralus", - "type": "Network", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_southcentralus" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "southcentralus" - }, - "remediation": { - "desc": "1. Navigate to Network Watcher. 2. Select NSG flow logs. 3. Select + Create. 4. Select the desired Subscription. 5. Select + Select NSG. 6. Select a network security group. 7. Click Confirm selection. 8. Select or create a new Storage Account. 9. Input the retention in days to retain the log. 10. Click Next. 11. Under Configuration, select Version 2. 12. If rich analytics are required, select Enable Traffic Analytics, a processing interval, and a Log Analytics Workspace. 13. Select Next. 14. Optionally add Tags. 15. Select Review + create. 16. Select Create. Warning The remediation policy creates remediation deployment and names them by concatenating the subscription name and the resource group name. The MAXIMUM permitted length of a deployment name is 64 characters. Exceeding this will cause the remediation task to fail.", - "references": [ - "https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-nsg-flow-logging-portal" - ] - }, - "risk_details": "Network Flow Logs provide valuable insight into the flow of traffic around your network and feed into both Azure Monitor and Azure Sentinel (if in use), permitting the generation of visual flow diagrams to aid with analyzing for lateral movement, etc.", - "time": 1760900493, - "time_dt": "2025-10-19T19:01:33.799774", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Network Watcher NetworkWatcher_centralindia from subscription Azure subscription 1 has no flow logs", - "metadata": { - "event_code": "network_flow_log_captured_sent", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Network Watcher NetworkWatcher_centralindia from subscription Azure subscription 1 has no flow logs", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/security/benchmark/azure/mcsb-logging-threat-detection#lt-4-enable-network-logging-for-security-investigation", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "The impact of configuring NSG Flow logs is primarily one of cost and configuration. If deployed, it will create storage accounts that hold minimal amounts of data on a 5-day lifecycle before feeding to Log Analytics Workspace. This will increase the amount of data stored and used by Azure Monitor.", - "compliance": { - "ENS-RD2022": [ - "op.mon.1.r1.az.nf.1", - "op.mon.3.az.nw.1", - "mp.s.4.r1.az.nt.1" - ], - "MITRE-ATTACK": [ - "T1048", - "T1499" - ], - "CIS-2.0": [ - "5.1.6" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "ISO27001-2022": [ - "A.8.14", - "A.8.15", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "5.1.5" - ], - "CIS-3.0": [ - "6.1.5" - ], - "CCC": [ - "CCC.LB.CN01.AR02", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR01", - "CCC.Core.CN09.AR03", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR02", - "CCC.Core.CN04.AR03" - ], - "CIS-4.0": [ - "7.1.1.5" - ], - "NIS2": [ - "2.1.2.h", - "2.3.1", - "3.2.3.a", - "3.2.3.d", - "3.2.3.g", - "6.7.2.b", - "6.7.2.l", - "11.1.1", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900493, - "created_time_dt": "2025-10-19T19:01:33.799774", - "desc": "Ensure that network flow logs are captured and fed into a central log analytics workspace.", - "title": "Ensure that network flow logs are captured and fed into a central log analytics workspace.", - "types": [], - "uid": "prowler-azure-network_flow_log_captured_sent-3bb71587-4549-4396-8898-9e15f062e665-centralindia-NetworkWatcher_centralindia" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "centralindia", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_centralindia", - "name": "NetworkWatcher_centralindia", - "location": "centralindia", - "flow_logs": [] - } - }, - "group": { - "name": "network" - }, - "labels": [], - "name": "NetworkWatcher_centralindia", - "type": "Network", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_centralindia" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "centralindia" - }, - "remediation": { - "desc": "1. Navigate to Network Watcher. 2. Select NSG flow logs. 3. Select + Create. 4. Select the desired Subscription. 5. Select + Select NSG. 6. Select a network security group. 7. Click Confirm selection. 8. Select or create a new Storage Account. 9. Input the retention in days to retain the log. 10. Click Next. 11. Under Configuration, select Version 2. 12. If rich analytics are required, select Enable Traffic Analytics, a processing interval, and a Log Analytics Workspace. 13. Select Next. 14. Optionally add Tags. 15. Select Review + create. 16. Select Create. Warning The remediation policy creates remediation deployment and names them by concatenating the subscription name and the resource group name. The MAXIMUM permitted length of a deployment name is 64 characters. Exceeding this will cause the remediation task to fail.", - "references": [ - "https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-nsg-flow-logging-portal" - ] - }, - "risk_details": "Network Flow Logs provide valuable insight into the flow of traffic around your network and feed into both Azure Monitor and Azure Sentinel (if in use), permitting the generation of visual flow diagrams to aid with analyzing for lateral movement, etc.", - "time": 1760900493, - "time_dt": "2025-10-19T19:01:33.799774", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Network Watcher NetworkWatcher_westus2 from subscription Azure subscription 1 has no flow logs", - "metadata": { - "event_code": "network_flow_log_captured_sent", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Network Watcher NetworkWatcher_westus2 from subscription Azure subscription 1 has no flow logs", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/security/benchmark/azure/mcsb-logging-threat-detection#lt-4-enable-network-logging-for-security-investigation", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "The impact of configuring NSG Flow logs is primarily one of cost and configuration. If deployed, it will create storage accounts that hold minimal amounts of data on a 5-day lifecycle before feeding to Log Analytics Workspace. This will increase the amount of data stored and used by Azure Monitor.", - "compliance": { - "ENS-RD2022": [ - "op.mon.1.r1.az.nf.1", - "op.mon.3.az.nw.1", - "mp.s.4.r1.az.nt.1" - ], - "MITRE-ATTACK": [ - "T1048", - "T1499" - ], - "CIS-2.0": [ - "5.1.6" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "ISO27001-2022": [ - "A.8.14", - "A.8.15", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "5.1.5" - ], - "CIS-3.0": [ - "6.1.5" - ], - "CCC": [ - "CCC.LB.CN01.AR02", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR01", - "CCC.Core.CN09.AR03", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR02", - "CCC.Core.CN04.AR03" - ], - "CIS-4.0": [ - "7.1.1.5" - ], - "NIS2": [ - "2.1.2.h", - "2.3.1", - "3.2.3.a", - "3.2.3.d", - "3.2.3.g", - "6.7.2.b", - "6.7.2.l", - "11.1.1", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900493, - "created_time_dt": "2025-10-19T19:01:33.799774", - "desc": "Ensure that network flow logs are captured and fed into a central log analytics workspace.", - "title": "Ensure that network flow logs are captured and fed into a central log analytics workspace.", - "types": [], - "uid": "prowler-azure-network_flow_log_captured_sent-3bb71587-4549-4396-8898-9e15f062e665-westus2-NetworkWatcher_westus2" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "westus2", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_westus2", - "name": "NetworkWatcher_westus2", - "location": "westus2", - "flow_logs": [] - } - }, - "group": { - "name": "network" - }, - "labels": [], - "name": "NetworkWatcher_westus2", - "type": "Network", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_westus2" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "westus2" - }, - "remediation": { - "desc": "1. Navigate to Network Watcher. 2. Select NSG flow logs. 3. Select + Create. 4. Select the desired Subscription. 5. Select + Select NSG. 6. Select a network security group. 7. Click Confirm selection. 8. Select or create a new Storage Account. 9. Input the retention in days to retain the log. 10. Click Next. 11. Under Configuration, select Version 2. 12. If rich analytics are required, select Enable Traffic Analytics, a processing interval, and a Log Analytics Workspace. 13. Select Next. 14. Optionally add Tags. 15. Select Review + create. 16. Select Create. Warning The remediation policy creates remediation deployment and names them by concatenating the subscription name and the resource group name. The MAXIMUM permitted length of a deployment name is 64 characters. Exceeding this will cause the remediation task to fail.", - "references": [ - "https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-nsg-flow-logging-portal" - ] - }, - "risk_details": "Network Flow Logs provide valuable insight into the flow of traffic around your network and feed into both Azure Monitor and Azure Sentinel (if in use), permitting the generation of visual flow diagrams to aid with analyzing for lateral movement, etc.", - "time": 1760900493, - "time_dt": "2025-10-19T19:01:33.799774", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Network Watcher NetworkWatcher_swedencentral from subscription Azure subscription 1 has no flow logs", - "metadata": { - "event_code": "network_flow_log_captured_sent", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Network Watcher NetworkWatcher_swedencentral from subscription Azure subscription 1 has no flow logs", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/security/benchmark/azure/mcsb-logging-threat-detection#lt-4-enable-network-logging-for-security-investigation", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "The impact of configuring NSG Flow logs is primarily one of cost and configuration. If deployed, it will create storage accounts that hold minimal amounts of data on a 5-day lifecycle before feeding to Log Analytics Workspace. This will increase the amount of data stored and used by Azure Monitor.", - "compliance": { - "ENS-RD2022": [ - "op.mon.1.r1.az.nf.1", - "op.mon.3.az.nw.1", - "mp.s.4.r1.az.nt.1" - ], - "MITRE-ATTACK": [ - "T1048", - "T1499" - ], - "CIS-2.0": [ - "5.1.6" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "ISO27001-2022": [ - "A.8.14", - "A.8.15", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "5.1.5" - ], - "CIS-3.0": [ - "6.1.5" - ], - "CCC": [ - "CCC.LB.CN01.AR02", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR01", - "CCC.Core.CN09.AR03", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR02", - "CCC.Core.CN04.AR03" - ], - "CIS-4.0": [ - "7.1.1.5" - ], - "NIS2": [ - "2.1.2.h", - "2.3.1", - "3.2.3.a", - "3.2.3.d", - "3.2.3.g", - "6.7.2.b", - "6.7.2.l", - "11.1.1", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900493, - "created_time_dt": "2025-10-19T19:01:33.799774", - "desc": "Ensure that network flow logs are captured and fed into a central log analytics workspace.", - "title": "Ensure that network flow logs are captured and fed into a central log analytics workspace.", - "types": [], - "uid": "prowler-azure-network_flow_log_captured_sent-3bb71587-4549-4396-8898-9e15f062e665-swedencentral-NetworkWatcher_swedencentral" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "swedencentral", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_swedencentral", - "name": "NetworkWatcher_swedencentral", - "location": "swedencentral", - "flow_logs": [] - } - }, - "group": { - "name": "network" - }, - "labels": [], - "name": "NetworkWatcher_swedencentral", - "type": "Network", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_swedencentral" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "swedencentral" - }, - "remediation": { - "desc": "1. Navigate to Network Watcher. 2. Select NSG flow logs. 3. Select + Create. 4. Select the desired Subscription. 5. Select + Select NSG. 6. Select a network security group. 7. Click Confirm selection. 8. Select or create a new Storage Account. 9. Input the retention in days to retain the log. 10. Click Next. 11. Under Configuration, select Version 2. 12. If rich analytics are required, select Enable Traffic Analytics, a processing interval, and a Log Analytics Workspace. 13. Select Next. 14. Optionally add Tags. 15. Select Review + create. 16. Select Create. Warning The remediation policy creates remediation deployment and names them by concatenating the subscription name and the resource group name. The MAXIMUM permitted length of a deployment name is 64 characters. Exceeding this will cause the remediation task to fail.", - "references": [ - "https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-nsg-flow-logging-portal" - ] - }, - "risk_details": "Network Flow Logs provide valuable insight into the flow of traffic around your network and feed into both Azure Monitor and Azure Sentinel (if in use), permitting the generation of visual flow diagrams to aid with analyzing for lateral movement, etc.", - "time": 1760900493, - "time_dt": "2025-10-19T19:01:33.799774", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Network Watcher NetworkWatcher_southcentralus from subscription Azure subscription 1 has no flow logs", - "metadata": { - "event_code": "network_flow_log_more_than_90_days", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Network Watcher NetworkWatcher_southcentralus from subscription Azure subscription 1 has no flow logs", - "status_id": 1, - "unmapped": { - "related_url": " https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-nsg-flow-logging-overview", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "This will keep IP traffic logs for longer than 90 days. As a level 2, first determine your need to retain data, then apply your selection here. As this is data stored for longer, your monthly storage costs will increase depending on your data use.", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.r3.az.nt.1", - "op.mon.3.az.nw.1" - ], - "MITRE-ATTACK": [ - "T1499" - ], - "CIS-2.0": [ - "6.5" - ], - "ProwlerThreatScore-1.0": [ - "3.2.1" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1", - "cc_c_1_2" - ], - "CIS-2.1": [ - "6.5" - ], - "CIS-3.0": [ - "7.5" - ], - "CCC": [ - "CCC.Logging.CN02.AR01", - "CCC.Logging.CN02.AR02", - "CCC.VPC.CN04.AR01" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.29", - "10.2.1.3.29", - "10.2.1.4.29", - "10.2.1.5.29", - "10.2.1.6.29", - "10.2.1.7.29", - "10.2.1.29", - "10.2.2.29", - "10.3.1.29", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.34" - ], - "CIS-4.0": [ - "8.8", - "8.5" - ], - "NIS2": [ - "1.1.1.c", - "2.1.2.h", - "2.3.1", - "3.2.3.a", - "3.2.3.g", - "3.2.5", - "4.1.2.g", - "4.1.4", - "4.2.2.f", - "6.1.2.b", - "6.7.2.b", - "6.7.2.l", - "11.1.1", - "11.2.2.f", - "12.2.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900493, - "created_time_dt": "2025-10-19T19:01:33.799774", - "desc": "Network Security Group Flow Logs should be enabled and the retention period set to greater than or equal to 90 days.", - "title": "Ensure that Network Security Group Flow Log retention period is 0, 90 days or greater", - "types": [], - "uid": "prowler-azure-network_flow_log_more_than_90_days-3bb71587-4549-4396-8898-9e15f062e665-southcentralus-NetworkWatcher_southcentralus" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "southcentralus", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_southcentralus", - "name": "NetworkWatcher_southcentralus", - "location": "southcentralus", - "flow_logs": [] - } - }, - "group": { - "name": "network" - }, - "labels": [], - "name": "NetworkWatcher_southcentralus", - "type": "Network", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_southcentralus" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "southcentralus" - }, - "remediation": { - "desc": "From Azure Portal 1. Go to Network Watcher 2. Select NSG flow logs blade in the Logs section 3. Select each Network Security Group from the list 4. Ensure Status is set to On 5. Ensure Retention (days) setting greater than 90 days 6. Select your storage account in the Storage account field 7. Select Save From Azure CLI Enable the NSG flow logs and set the Retention (days) to greater than or equal to 90 days. az network watcher flow-log configure --nsg --enabled true --resource-group --retention 91 --storage-account ", - "references": [ - "https://docs.microsoft.com/en-us/cli/azure/network/watcher/flow-log?view=azure-cli-latest" - ] - }, - "risk_details": "Flow logs enable capturing information about IP traffic flowing in and out of network security groups. Logs can be used to check for anomalies and give insight into suspected breaches.", - "time": 1760900493, - "time_dt": "2025-10-19T19:01:33.799774", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Network Watcher NetworkWatcher_centralindia from subscription Azure subscription 1 has no flow logs", - "metadata": { - "event_code": "network_flow_log_more_than_90_days", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Network Watcher NetworkWatcher_centralindia from subscription Azure subscription 1 has no flow logs", - "status_id": 1, - "unmapped": { - "related_url": " https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-nsg-flow-logging-overview", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "This will keep IP traffic logs for longer than 90 days. As a level 2, first determine your need to retain data, then apply your selection here. As this is data stored for longer, your monthly storage costs will increase depending on your data use.", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.r3.az.nt.1", - "op.mon.3.az.nw.1" - ], - "MITRE-ATTACK": [ - "T1499" - ], - "CIS-2.0": [ - "6.5" - ], - "ProwlerThreatScore-1.0": [ - "3.2.1" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1", - "cc_c_1_2" - ], - "CIS-2.1": [ - "6.5" - ], - "CIS-3.0": [ - "7.5" - ], - "CCC": [ - "CCC.Logging.CN02.AR01", - "CCC.Logging.CN02.AR02", - "CCC.VPC.CN04.AR01" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.29", - "10.2.1.3.29", - "10.2.1.4.29", - "10.2.1.5.29", - "10.2.1.6.29", - "10.2.1.7.29", - "10.2.1.29", - "10.2.2.29", - "10.3.1.29", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.34" - ], - "CIS-4.0": [ - "8.8", - "8.5" - ], - "NIS2": [ - "1.1.1.c", - "2.1.2.h", - "2.3.1", - "3.2.3.a", - "3.2.3.g", - "3.2.5", - "4.1.2.g", - "4.1.4", - "4.2.2.f", - "6.1.2.b", - "6.7.2.b", - "6.7.2.l", - "11.1.1", - "11.2.2.f", - "12.2.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900493, - "created_time_dt": "2025-10-19T19:01:33.799774", - "desc": "Network Security Group Flow Logs should be enabled and the retention period set to greater than or equal to 90 days.", - "title": "Ensure that Network Security Group Flow Log retention period is 0, 90 days or greater", - "types": [], - "uid": "prowler-azure-network_flow_log_more_than_90_days-3bb71587-4549-4396-8898-9e15f062e665-centralindia-NetworkWatcher_centralindia" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "centralindia", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_centralindia", - "name": "NetworkWatcher_centralindia", - "location": "centralindia", - "flow_logs": [] - } - }, - "group": { - "name": "network" - }, - "labels": [], - "name": "NetworkWatcher_centralindia", - "type": "Network", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_centralindia" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "centralindia" - }, - "remediation": { - "desc": "From Azure Portal 1. Go to Network Watcher 2. Select NSG flow logs blade in the Logs section 3. Select each Network Security Group from the list 4. Ensure Status is set to On 5. Ensure Retention (days) setting greater than 90 days 6. Select your storage account in the Storage account field 7. Select Save From Azure CLI Enable the NSG flow logs and set the Retention (days) to greater than or equal to 90 days. az network watcher flow-log configure --nsg --enabled true --resource-group --retention 91 --storage-account ", - "references": [ - "https://docs.microsoft.com/en-us/cli/azure/network/watcher/flow-log?view=azure-cli-latest" - ] - }, - "risk_details": "Flow logs enable capturing information about IP traffic flowing in and out of network security groups. Logs can be used to check for anomalies and give insight into suspected breaches.", - "time": 1760900493, - "time_dt": "2025-10-19T19:01:33.799774", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Network Watcher NetworkWatcher_westus2 from subscription Azure subscription 1 has no flow logs", - "metadata": { - "event_code": "network_flow_log_more_than_90_days", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Network Watcher NetworkWatcher_westus2 from subscription Azure subscription 1 has no flow logs", - "status_id": 1, - "unmapped": { - "related_url": " https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-nsg-flow-logging-overview", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "This will keep IP traffic logs for longer than 90 days. As a level 2, first determine your need to retain data, then apply your selection here. As this is data stored for longer, your monthly storage costs will increase depending on your data use.", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.r3.az.nt.1", - "op.mon.3.az.nw.1" - ], - "MITRE-ATTACK": [ - "T1499" - ], - "CIS-2.0": [ - "6.5" - ], - "ProwlerThreatScore-1.0": [ - "3.2.1" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1", - "cc_c_1_2" - ], - "CIS-2.1": [ - "6.5" - ], - "CIS-3.0": [ - "7.5" - ], - "CCC": [ - "CCC.Logging.CN02.AR01", - "CCC.Logging.CN02.AR02", - "CCC.VPC.CN04.AR01" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.29", - "10.2.1.3.29", - "10.2.1.4.29", - "10.2.1.5.29", - "10.2.1.6.29", - "10.2.1.7.29", - "10.2.1.29", - "10.2.2.29", - "10.3.1.29", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.34" - ], - "CIS-4.0": [ - "8.8", - "8.5" - ], - "NIS2": [ - "1.1.1.c", - "2.1.2.h", - "2.3.1", - "3.2.3.a", - "3.2.3.g", - "3.2.5", - "4.1.2.g", - "4.1.4", - "4.2.2.f", - "6.1.2.b", - "6.7.2.b", - "6.7.2.l", - "11.1.1", - "11.2.2.f", - "12.2.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900493, - "created_time_dt": "2025-10-19T19:01:33.799774", - "desc": "Network Security Group Flow Logs should be enabled and the retention period set to greater than or equal to 90 days.", - "title": "Ensure that Network Security Group Flow Log retention period is 0, 90 days or greater", - "types": [], - "uid": "prowler-azure-network_flow_log_more_than_90_days-3bb71587-4549-4396-8898-9e15f062e665-westus2-NetworkWatcher_westus2" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "westus2", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_westus2", - "name": "NetworkWatcher_westus2", - "location": "westus2", - "flow_logs": [] - } - }, - "group": { - "name": "network" - }, - "labels": [], - "name": "NetworkWatcher_westus2", - "type": "Network", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_westus2" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "westus2" - }, - "remediation": { - "desc": "From Azure Portal 1. Go to Network Watcher 2. Select NSG flow logs blade in the Logs section 3. Select each Network Security Group from the list 4. Ensure Status is set to On 5. Ensure Retention (days) setting greater than 90 days 6. Select your storage account in the Storage account field 7. Select Save From Azure CLI Enable the NSG flow logs and set the Retention (days) to greater than or equal to 90 days. az network watcher flow-log configure --nsg --enabled true --resource-group --retention 91 --storage-account ", - "references": [ - "https://docs.microsoft.com/en-us/cli/azure/network/watcher/flow-log?view=azure-cli-latest" - ] - }, - "risk_details": "Flow logs enable capturing information about IP traffic flowing in and out of network security groups. Logs can be used to check for anomalies and give insight into suspected breaches.", - "time": 1760900493, - "time_dt": "2025-10-19T19:01:33.799774", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Network Watcher NetworkWatcher_swedencentral from subscription Azure subscription 1 has no flow logs", - "metadata": { - "event_code": "network_flow_log_more_than_90_days", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Network Watcher NetworkWatcher_swedencentral from subscription Azure subscription 1 has no flow logs", - "status_id": 1, - "unmapped": { - "related_url": " https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-nsg-flow-logging-overview", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "This will keep IP traffic logs for longer than 90 days. As a level 2, first determine your need to retain data, then apply your selection here. As this is data stored for longer, your monthly storage costs will increase depending on your data use.", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.r3.az.nt.1", - "op.mon.3.az.nw.1" - ], - "MITRE-ATTACK": [ - "T1499" - ], - "CIS-2.0": [ - "6.5" - ], - "ProwlerThreatScore-1.0": [ - "3.2.1" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1", - "cc_c_1_2" - ], - "CIS-2.1": [ - "6.5" - ], - "CIS-3.0": [ - "7.5" - ], - "CCC": [ - "CCC.Logging.CN02.AR01", - "CCC.Logging.CN02.AR02", - "CCC.VPC.CN04.AR01" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.29", - "10.2.1.3.29", - "10.2.1.4.29", - "10.2.1.5.29", - "10.2.1.6.29", - "10.2.1.7.29", - "10.2.1.29", - "10.2.2.29", - "10.3.1.29", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.34" - ], - "CIS-4.0": [ - "8.8", - "8.5" - ], - "NIS2": [ - "1.1.1.c", - "2.1.2.h", - "2.3.1", - "3.2.3.a", - "3.2.3.g", - "3.2.5", - "4.1.2.g", - "4.1.4", - "4.2.2.f", - "6.1.2.b", - "6.7.2.b", - "6.7.2.l", - "11.1.1", - "11.2.2.f", - "12.2.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900493, - "created_time_dt": "2025-10-19T19:01:33.799774", - "desc": "Network Security Group Flow Logs should be enabled and the retention period set to greater than or equal to 90 days.", - "title": "Ensure that Network Security Group Flow Log retention period is 0, 90 days or greater", - "types": [], - "uid": "prowler-azure-network_flow_log_more_than_90_days-3bb71587-4549-4396-8898-9e15f062e665-swedencentral-NetworkWatcher_swedencentral" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "swedencentral", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_swedencentral", - "name": "NetworkWatcher_swedencentral", - "location": "swedencentral", - "flow_logs": [] - } - }, - "group": { - "name": "network" - }, - "labels": [], - "name": "NetworkWatcher_swedencentral", - "type": "Network", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_swedencentral" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "swedencentral" - }, - "remediation": { - "desc": "From Azure Portal 1. Go to Network Watcher 2. Select NSG flow logs blade in the Logs section 3. Select each Network Security Group from the list 4. Ensure Status is set to On 5. Ensure Retention (days) setting greater than 90 days 6. Select your storage account in the Storage account field 7. Select Save From Azure CLI Enable the NSG flow logs and set the Retention (days) to greater than or equal to 90 days. az network watcher flow-log configure --nsg --enabled true --resource-group --retention 91 --storage-account ", - "references": [ - "https://docs.microsoft.com/en-us/cli/azure/network/watcher/flow-log?view=azure-cli-latest" - ] - }, - "risk_details": "Flow logs enable capturing information about IP traffic flowing in and out of network security groups. Logs can be used to check for anomalies and give insight into suspected breaches.", - "time": 1760900493, - "time_dt": "2025-10-19T19:01:33.799774", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Security Group nsg-lee8 from subscription Azure subscription 1 has HTTP internet access restricted.", - "metadata": { - "event_code": "network_http_internet_access_restricted", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Security Group nsg-lee8 from subscription Azure subscription 1 has HTTP internet access restricted.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/security/benchmark/azure/security-controls-v3-network-security#ns-1-establish-network-segmentation-boundaries", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.com.3.r2.az.tls.1", - "mp.com.4.r3.az.1", - "mp.com.4.r4.az.nt.1", - "mp.s.4.az.nt.1" - ], - "MITRE-ATTACK": [ - "T1199", - "T1048", - "T1499", - "T1498", - "T1046" - ], - "CIS-2.0": [ - "6.4" - ], - "ProwlerThreatScore-1.0": [ - "2.1.4" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "SOC2": [ - "cc_6_6" - ], - "CIS-2.1": [ - "6.4" - ], - "CIS-3.0": [ - "7.4" - ], - "CCC": [ - "CCC.Build.CN03.AR01", - "CCC.MLDE.CN07.AR01", - "CCC.MLDE.CN07.AR02", - "CCC.MLDE.CN08.AR01", - "CCC.MLDE.CN08.AR02", - "CCC.Core.CN06.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05" - ], - "PCI-4.0": [ - "1.2.5.5", - "1.2.8.25", - "1.3.1.28", - "1.3.2.28", - "1.4.1.6", - "1.4.2.26", - "1.4.4.6", - "1.5.1.25", - "2.2.5.5", - "2.2.7.3", - "4.2.1.1.7", - "4.2.1.3", - "8.3.2.6", - "A1.1.3.25" - ], - "CIS-4.0": [ - "8.4" - ], - "NIS2": [ - "1.1.1.c", - "1.2.1", - "2.3.1", - "6.7.2.b", - "6.7.2.l", - "11.1.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900493, - "created_time_dt": "2025-10-19T19:01:33.799774", - "desc": "Network security groups should be periodically evaluated for port misconfigurations. Where certain ports and protocols may be exposed to the Internet, they should be evaluated for necessity and restricted wherever they are not explicitly required and narrowly configured.", - "title": "Ensure that HTTP(S) access from the Internet is evaluated and restricted", - "types": [], - "uid": "prowler-azure-network_http_internet_access_restricted-3bb71587-4549-4396-8898-9e15f062e665-westus2-nsg-lee8" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "westus2", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-lee8/providers/Microsoft.Network/networkSecurityGroups/nsg-lee8", - "name": "nsg-lee8", - "location": "westus2", - "security_rules": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-lee8/providers/Microsoft.Network/networkSecurityGroups/nsg-lee8/securityRules/nsgr-lee8", - "name": "nsgr-lee8", - "destination_port_range": "*", - "protocol": "*", - "source_address_prefix": "192.168.0.0/24", - "access": "Deny", - "direction": "Outbound" - } - ] - } - }, - "group": { - "name": "network" - }, - "labels": [], - "name": "nsg-lee8", - "type": "Network", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-lee8/providers/Microsoft.Network/networkSecurityGroups/nsg-lee8" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "westus2" - }, - "remediation": { - "desc": "Where HTTP(S) is not explicitly required and narrowly configured for resources attached to the Network Security Group, Internet-level access to your Azure resources should be restricted or eliminated. For internal access to relevant resources, configure an encrypted network tunnel such as: ExpressRoute Site-to-site VPN Point-to-site VPN", - "references": [] - }, - "risk_details": "The potential security problem with using HTTP(S) over the Internet is that attackers can use various brute force techniques to gain access to Azure resources. Once the attackers gain access, they can use the resource as a launch point for compromising other resources within the Azure tenant.", - "time": 1760900493, - "time_dt": "2025-10-19T19:01:33.799774", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Security Group nsg-lee8 from subscription Azure subscription 1 has RDP internet access restricted.", - "metadata": { - "event_code": "network_rdp_internet_access_restricted", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Security Group nsg-lee8 from subscription Azure subscription 1 has RDP internet access restricted.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/azure/security/azure-security-network-security-best-practices#disable-rdpssh-access-to-azure-virtual-machines", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.com.1.az.nw.1" - ], - "MITRE-ATTACK": [ - "T1199", - "T1048", - "T1499", - "T1498", - "T1046" - ], - "CIS-2.0": [ - "6.1" - ], - "ProwlerThreatScore-1.0": [ - "2.1.1" - ], - "ISO27001-2022": [ - "A.8.14", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "SOC2": [ - "cc_6_6" - ], - "CIS-2.1": [ - "6.1" - ], - "CIS-3.0": [ - "7.1" - ], - "CCC": [ - "CCC.Build.CN03.AR01", - "CCC.MLDE.CN07.AR01", - "CCC.MLDE.CN07.AR02", - "CCC.MLDE.CN08.AR01", - "CCC.MLDE.CN08.AR02", - "CCC.Core.CN06.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05" - ], - "CIS-4.0": [ - "8.1" - ], - "NIS2": [ - "2.3.1", - "6.7.2.b", - "6.7.2.l", - "11.1.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900493, - "created_time_dt": "2025-10-19T19:01:33.799774", - "desc": "Network security groups should be periodically evaluated for port misconfigurations. Where certain ports and protocols may be exposed to the Internet, they should be evaluated for necessity and restricted wherever they are not explicitly required.", - "title": "Ensure that RDP access from the Internet is evaluated and restricted", - "types": [], - "uid": "prowler-azure-network_rdp_internet_access_restricted-3bb71587-4549-4396-8898-9e15f062e665-westus2-nsg-lee8" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "westus2", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-lee8/providers/Microsoft.Network/networkSecurityGroups/nsg-lee8", - "name": "nsg-lee8", - "location": "westus2", - "security_rules": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-lee8/providers/Microsoft.Network/networkSecurityGroups/nsg-lee8/securityRules/nsgr-lee8", - "name": "nsgr-lee8", - "destination_port_range": "*", - "protocol": "*", - "source_address_prefix": "192.168.0.0/24", - "access": "Deny", - "direction": "Outbound" - } - ] - } - }, - "group": { - "name": "network" - }, - "labels": [], - "name": "nsg-lee8", - "type": "Network", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-lee8/providers/Microsoft.Network/networkSecurityGroups/nsg-lee8" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "westus2" - }, - "remediation": { - "desc": "Where RDP is not explicitly required and narrowly configured for resources attached to the Network Security Group, Internet-level access to your Azure resources should be restricted or eliminated. For internal access to relevant resources, configure an encrypted network tunnel such as: ExpressRoute Site-to-site VPN Point-to-site VPN", - "references": [ - "https://docs.microsoft.com/en-us/security/benchmark/azure/security-controls-v3-network-security#ns-1-establish-network-segmentation-boundaries" - ] - }, - "risk_details": "The potential security problem with using RDP over the Internet is that attackers can use various brute force techniques to gain access to Azure Virtual Machines. Once the attackers gain access, they can use a virtual machine as a launch point for compromising other machines on an Azure Virtual Network or even attack networked devices outside of Azure.", - "time": 1760900493, - "time_dt": "2025-10-19T19:01:33.799774", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Security Group nsg-lee8 from subscription Azure subscription 1 has SSH internet access restricted.", - "metadata": { - "event_code": "network_ssh_internet_access_restricted", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Security Group nsg-lee8 from subscription Azure subscription 1 has SSH internet access restricted.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/azure/security/azure-security-network-security-best-practices#disable-rdpssh-access-to-azure-virtual-machines", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.com.1.az.nw.2" - ], - "MITRE-ATTACK": [ - "T1199", - "T1048", - "T1499", - "T1498", - "T1046" - ], - "CIS-2.0": [ - "6.2" - ], - "ProwlerThreatScore-1.0": [ - "2.1.2" - ], - "ISO27001-2022": [ - "A.8.14", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "SOC2": [ - "cc_6_6" - ], - "CIS-2.1": [ - "6.2" - ], - "CIS-3.0": [ - "7.2" - ], - "CCC": [ - "CCC.Build.CN03.AR01", - "CCC.MLDE.CN07.AR01", - "CCC.MLDE.CN07.AR02", - "CCC.MLDE.CN08.AR01", - "CCC.MLDE.CN08.AR02", - "CCC.Core.CN01.AR02", - "CCC.Core.CN06.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05" - ], - "PCI-4.0": [ - "1.2.5.17", - "1.2.8.17", - "1.2.8.18", - "1.2.8.21", - "1.2.8.41", - "1.3.1.19", - "1.3.1.21", - "1.3.1.24", - "1.3.1.45", - "1.3.2.19", - "1.3.2.21", - "1.3.2.24", - "1.3.2.45", - "1.4.1.5", - "1.4.2.18", - "1.4.2.19", - "1.4.2.22", - "1.4.2.43", - "1.4.4.5", - "1.5.1.17", - "1.5.1.18", - "1.5.1.21", - "1.5.1.40", - "2.2.5.17", - "A1.1.3.17", - "A1.1.3.18", - "A1.1.3.21", - "A1.1.3.40" - ], - "CIS-4.0": [ - "8.2" - ], - "NIS2": [ - "2.3.1", - "6.7.2.b", - "6.7.2.l", - "11.1.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900493, - "created_time_dt": "2025-10-19T19:01:33.799774", - "desc": "Network security groups should be periodically evaluated for port misconfigurations. Where certain ports and protocols may be exposed to the Internet, they should be evaluated for necessity and restricted wherever they are not explicitly required.", - "title": "Ensure that SSH access from the Internet is evaluated and restricted", - "types": [], - "uid": "prowler-azure-network_ssh_internet_access_restricted-3bb71587-4549-4396-8898-9e15f062e665-westus2-nsg-lee8" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "westus2", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-lee8/providers/Microsoft.Network/networkSecurityGroups/nsg-lee8", - "name": "nsg-lee8", - "location": "westus2", - "security_rules": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-lee8/providers/Microsoft.Network/networkSecurityGroups/nsg-lee8/securityRules/nsgr-lee8", - "name": "nsgr-lee8", - "destination_port_range": "*", - "protocol": "*", - "source_address_prefix": "192.168.0.0/24", - "access": "Deny", - "direction": "Outbound" - } - ] - } - }, - "group": { - "name": "network" - }, - "labels": [], - "name": "nsg-lee8", - "type": "Network", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-lee8/providers/Microsoft.Network/networkSecurityGroups/nsg-lee8" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "westus2" - }, - "remediation": { - "desc": "Where SSH is not explicitly required and narrowly configured for resources attached to the Network Security Group, Internet-level access to your Azure resources should be restricted or eliminated. For internal access to relevant resources, configure an encrypted network tunnel such as: ExpressRoute Site-to-site VPN Point-to-site VPN", - "references": [ - "https://docs.microsoft.com/en-us/security/benchmark/azure/security-controls-v3-network-security#ns-1-establish-network-segmentation-boundaries" - ] - }, - "risk_details": "The potential security problem with using SSH over the Internet is that attackers can use various brute force techniques to gain access to Azure Virtual Machines. Once the attackers gain access, they can use a virtual machine as a launch point for compromising other machines on the Azure Virtual Network or even attack networked devices outside of Azure.", - "time": 1760900493, - "time_dt": "2025-10-19T19:01:33.799774", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Security Group nsg-lee8 from subscription Azure subscription 1 has UDP internet access restricted.", - "metadata": { - "event_code": "network_udp_internet_access_restricted", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Security Group nsg-lee8 from subscription Azure subscription 1 has UDP internet access restricted.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/azure/security/fundamentals/network-best-practices#secure-your-critical-azure-service-resources-to-only-your-virtual-networks", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.com.1.az.nw.3" - ], - "MITRE-ATTACK": [ - "T1199", - "T1048", - "T1499", - "T1498", - "T1046" - ], - "CIS-2.0": [ - "6.3" - ], - "ProwlerThreatScore-1.0": [ - "2.1.3" - ], - "ISO27001-2022": [ - "A.8.14", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "SOC2": [ - "cc_6_6" - ], - "CIS-2.1": [ - "6.3" - ], - "CIS-3.0": [ - "7.3" - ], - "CCC": [ - "CCC.Build.CN03.AR01", - "CCC.MLDE.CN07.AR01", - "CCC.MLDE.CN07.AR02", - "CCC.MLDE.CN08.AR01", - "CCC.MLDE.CN08.AR02", - "CCC.Core.CN06.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05" - ], - "CIS-4.0": [ - "8.3" - ], - "NIS2": [ - "2.3.1", - "6.7.2.b", - "6.7.2.l", - "11.1.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900493, - "created_time_dt": "2025-10-19T19:01:33.799774", - "desc": "Network security groups should be periodically evaluated for port misconfigurations. Where certain ports and protocols may be exposed to the Internet, they should be evaluated for necessity and restricted wherever they are not explicitly required.", - "title": "Ensure that UDP access from the Internet is evaluated and restricted", - "types": [], - "uid": "prowler-azure-network_udp_internet_access_restricted-3bb71587-4549-4396-8898-9e15f062e665-westus2-nsg-lee8" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "westus2", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-lee8/providers/Microsoft.Network/networkSecurityGroups/nsg-lee8", - "name": "nsg-lee8", - "location": "westus2", - "security_rules": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-lee8/providers/Microsoft.Network/networkSecurityGroups/nsg-lee8/securityRules/nsgr-lee8", - "name": "nsgr-lee8", - "destination_port_range": "*", - "protocol": "*", - "source_address_prefix": "192.168.0.0/24", - "access": "Deny", - "direction": "Outbound" - } - ] - } - }, - "group": { - "name": "network" - }, - "labels": [], - "name": "nsg-lee8", - "type": "Network", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-lee8/providers/Microsoft.Network/networkSecurityGroups/nsg-lee8" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "westus2" - }, - "remediation": { - "desc": "Where UDP is not explicitly required and narrowly configured for resources attached tothe Network Security Group, Internet-level access to your Azure resources should be restricted or eliminated. For internal access to relevant resources, configure an encrypted network tunnel such as: ExpressRouteSite-to-site VPN Point-to-site VPN", - "references": [ - "https://docs.microsoft.com/en-us/azure/security/fundamentals/ddos-best-practices" - ] - }, - "risk_details": "The potential security problem with broadly exposing UDP services over the Internet is that attackers can use DDoS amplification techniques to reflect spoofed UDP traffic from Azure Virtual Machines. The most common types of these attacks use exposed DNS, NTP, SSDP, SNMP, CLDAP and other UDP-based services as amplification sources for disrupting services of other machines on the Azure Virtual Network or even attack networked devices outside of Azure.", - "time": 1760900493, - "time_dt": "2025-10-19T19:01:33.799774", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Network Watcher is not enabled for the following locations in subscription 'Azure subscription 1': japaneast, canadaeast, westindia, westcentralus, italynorth, eastus2, germanynorth, koreasouth, australiacentral, jioindiawest, southafricawest, brazilsoutheast, eastasia, austriaeast, ukwest, australiasoutheast, northcentralus, uaecentral, uaenorth, norwayeast, japanwest, canadacentral, malaysiawest, westus, australiacentral2, francesouth, brazilsouth, indonesiacentral, newzealandnorth, spaincentral, westus3, australiaeast, centralus, norwaywest, eastus, northeurope, uksouth, polandcentral, chilecentral, koreacentral, jioindiacentral, qatarcentral, francecentral, switzerlandnorth, switzerlandwest, westeurope, southindia, southafricanorth, israelcentral, germanywestcentral, mexicocentral, southeastasia.", - "metadata": { - "event_code": "network_watcher_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Network Watcher is not enabled for the following locations in subscription 'Azure subscription 1': japaneast, canadaeast, westindia, westcentralus, italynorth, eastus2, germanynorth, koreasouth, australiacentral, jioindiawest, southafricawest, brazilsoutheast, eastasia, austriaeast, ukwest, australiasoutheast, northcentralus, uaecentral, uaenorth, norwayeast, japanwest, canadacentral, malaysiawest, westus, australiacentral2, francesouth, brazilsouth, indonesiacentral, newzealandnorth, spaincentral, westus3, australiaeast, centralus, norwaywest, eastus, northeurope, uksouth, polandcentral, chilecentral, koreacentral, jioindiacentral, qatarcentral, francecentral, switzerlandnorth, switzerlandwest, westeurope, southindia, southafricanorth, israelcentral, germanywestcentral, mexicocentral, southeastasia.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-monitoring-overview", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "There are additional costs per transaction to run and store network data. For high-volume networks these charges will add up quickly.", - "compliance": { - "ENS-RD2022": [ - "op.mon.1.az.nw.1", - "op.mon.2.r2.az.ma.1", - "op.mon.3.az.nw.1", - "mp.com.1.az.nw.1", - "mp.com.1.az.nw.2", - "mp.com.1.az.nw.3", - "mp.com.3.az.nw.1" - ], - "MITRE-ATTACK": [ - "T1048", - "T1499", - "T1498", - "T1046", - "T1049" - ], - "CIS-2.0": [ - "6.6" - ], - "ProwlerThreatScore-1.0": [ - "3.3.14" - ], - "ISO27001-2022": [ - "A.8.14", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "CIS-2.1": [ - "6.6" - ], - "CIS-3.0": [ - "7.6" - ], - "CCC": [ - "CCC.LB.CN01.AR02", - "CCC.LB.CN06.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN06.AR01" - ], - "CIS-4.0": [ - "8.6" - ], - "NIS2": [ - "2.3.1", - "6.7.2.b", - "6.7.2.l", - "6.8.2.a", - "11.1.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900493, - "created_time_dt": "2025-10-19T19:01:33.799774", - "desc": "Enable Network Watcher for Azure subscriptions.", - "title": "Ensure that Network Watcher is 'Enabled' for all locations in the Azure subscription", - "types": [], - "uid": "prowler-azure-network_watcher_enabled-3bb71587-4549-4396-8898-9e15f062e665-global-Network Watcher" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "network" - }, - "labels": [], - "name": "Network Watcher", - "type": "Network", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_*" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "Opting out of Network Watcher automatic enablement is a permanent change. Once you opt-out you cannot opt-in without contacting support.", - "references": [ - "https://learn.microsoft.com/en-us/security/benchmark/azure/security-controls-v2-logging-threat-detection#lt-3-enable-logging-for-azure-network-activities" - ] - }, - "risk_details": "Network diagnostic and visualization tools available with Network Watcher help users understand, diagnose, and gain insights to the network in Azure.", - "time": 1760900493, - "time_dt": "2025-10-19T19:01:33.799774", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Policy assigment '/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Authorization/policyAssignments/SecurityCenterBuiltIn' is configured with enforcement mode 'Default'.", - "metadata": { - "event_code": "policy_ensure_asc_enforcement_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Policy assigment '/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Authorization/policyAssignments/SecurityCenterBuiltIn' is configured with enforcement mode 'Default'.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/defender-for-cloud/security-policy-concept", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-2.0": [ - "2.1.14" - ], - "ProwlerThreatScore-1.0": [ - "3.3.17" - ], - "ISO27001-2022": [ - "A.5.1" - ], - "CIS-2.1": [ - "2.1.13" - ], - "CIS-3.0": [ - "3.1.11" - ], - "PCI-4.0": [ - "10.2.1.1.31", - "10.4.1.1.5", - "10.4.1.4", - "10.4.2.5", - "10.6.3.36", - "10.7.1.6", - "10.7.2.6", - "A3.3.1.9", - "A3.5.1.9" - ], - "CIS-4.0": [ - "9.1.11" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900493, - "created_time_dt": "2025-10-19T19:01:33.799774", - "desc": "None of the settings offered by ASC Default policy should be set to effect Disabled.", - "title": "Ensure Any of the ASC Default Policy Settings are Not Set to 'Disabled'", - "types": [], - "uid": "prowler-azure-policy_ensure_asc_enforcement_enabled-3bb71587-4549-4396-8898-9e15f062e665-global-SecurityCenterBuiltIn" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Authorization/policyAssignments/SecurityCenterBuiltIn", - "name": "SecurityCenterBuiltIn", - "enforcement_mode": "Default" - } - }, - "group": { - "name": "policy" - }, - "labels": [], - "name": "SecurityCenterBuiltIn", - "type": "Microsoft.Authorization/policyAssignments", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Authorization/policyAssignments/SecurityCenterBuiltIn" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. From Azure Home select the Portal Menu 2. Select Policy 3. Select ASC Default for each subscription 4. Click on 'view Assignment' 5. Click on 'Edit assignment' 6. Ensure Policy Enforcement is Enabled 7. Click 'Review + Save'", - "references": [ - "https://learn.microsoft.com/en-us/azure/defender-for-cloud/implement-security-recommendations" - ] - }, - "risk_details": "A security policy defines the desired configuration of your workloads and helps ensure compliance with company or regulatory security requirements. ASC Default policy is associated with every subscription by default. ASC default policy assignment is a set of security recommendations based on best practices. Enabling recommendations in ASC default policy ensures that Azure security center provides the ability to monitor all of the supported recommendations and optionally allow automated action for a few of the supported recommendations.", - "time": 1760900493, - "time_dt": "2025-10-19T19:01:33.799774", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-e9rn from subscription Azure subscription 1 has allow public access from any Azure service disabled", - "metadata": { - "event_code": "postgresql_flexible_server_allow_access_services_disabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-e9rn from subscription Azure subscription 1 has allow public access from any Azure service disabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/azure/postgresql/concepts-firewall-rules", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.r4.az.sa.3" - ], - "CIS-2.0": [ - "4.3.7" - ], - "ProwlerThreatScore-1.0": [ - "2.2.2" - ], - "ISO27001-2022": [ - "A.8.3" - ], - "CIS-2.1": [ - "4.3.7" - ], - "CIS-3.0": [ - "5.2.5" - ], - "CCC": [ - "CCC.DataWar.CN03.AR01" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900493, - "created_time_dt": "2025-10-19T19:01:33.799774", - "desc": "Disable access from Azure services to PostgreSQL Database Server.", - "title": "Ensure 'Allow access to Azure services' for PostgreSQL Database Server is disabled", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_allow_access_services_disabled-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-e9rn" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn", - "name": "psql-e9rn", - "resource_group": "rg-e9rn", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-e9rn", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Connection security. 4. Under Firewall rules, set Allow access to Azure services to No. 5. Click Save. From Azure CLI Use the below command to delete the AllowAllWindowsAzureIps rule for PostgreSQL Database. az postgres server firewall-rule delete --name AllowAllWindowsAzureIps -- resource-group --server-name ", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/quickstart-create-server-database-azure-cli#configure-a-server-based-firewall-rule" - ] - }, - "risk_details": "If access from Azure services is enabled, the server's firewall will accept connections from all Azure resources, including resources not in your subscription. This is usually not a desired configuration. Instead, set up firewall rules to allow access from specific network ranges or VNET rules to allow access from specific virtual networks.", - "time": 1760900493, - "time_dt": "2025-10-19T19:01:33.799774", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-ireu from subscription Azure subscription 1 has allow public access from any Azure service disabled", - "metadata": { - "event_code": "postgresql_flexible_server_allow_access_services_disabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-ireu from subscription Azure subscription 1 has allow public access from any Azure service disabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/azure/postgresql/concepts-firewall-rules", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.r4.az.sa.3" - ], - "CIS-2.0": [ - "4.3.7" - ], - "ProwlerThreatScore-1.0": [ - "2.2.2" - ], - "ISO27001-2022": [ - "A.8.3" - ], - "CIS-2.1": [ - "4.3.7" - ], - "CIS-3.0": [ - "5.2.5" - ], - "CCC": [ - "CCC.DataWar.CN03.AR01" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900493, - "created_time_dt": "2025-10-19T19:01:33.799774", - "desc": "Disable access from Azure services to PostgreSQL Database Server.", - "title": "Ensure 'Allow access to Azure services' for PostgreSQL Database Server is disabled", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_allow_access_services_disabled-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-ireu" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu", - "name": "psql-ireu", - "resource_group": "rg-ireu", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-ireu", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Connection security. 4. Under Firewall rules, set Allow access to Azure services to No. 5. Click Save. From Azure CLI Use the below command to delete the AllowAllWindowsAzureIps rule for PostgreSQL Database. az postgres server firewall-rule delete --name AllowAllWindowsAzureIps -- resource-group --server-name ", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/quickstart-create-server-database-azure-cli#configure-a-server-based-firewall-rule" - ] - }, - "risk_details": "If access from Azure services is enabled, the server's firewall will accept connections from all Azure resources, including resources not in your subscription. This is usually not a desired configuration. Instead, set up firewall rules to allow access from specific network ranges or VNET rules to allow access from specific virtual networks.", - "time": 1760900493, - "time_dt": "2025-10-19T19:01:33.799774", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-rk6x from subscription Azure subscription 1 has allow public access from any Azure service disabled", - "metadata": { - "event_code": "postgresql_flexible_server_allow_access_services_disabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-rk6x from subscription Azure subscription 1 has allow public access from any Azure service disabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/azure/postgresql/concepts-firewall-rules", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.r4.az.sa.3" - ], - "CIS-2.0": [ - "4.3.7" - ], - "ProwlerThreatScore-1.0": [ - "2.2.2" - ], - "ISO27001-2022": [ - "A.8.3" - ], - "CIS-2.1": [ - "4.3.7" - ], - "CIS-3.0": [ - "5.2.5" - ], - "CCC": [ - "CCC.DataWar.CN03.AR01" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900493, - "created_time_dt": "2025-10-19T19:01:33.799774", - "desc": "Disable access from Azure services to PostgreSQL Database Server.", - "title": "Ensure 'Allow access to Azure services' for PostgreSQL Database Server is disabled", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_allow_access_services_disabled-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-rk6x" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x", - "name": "psql-rk6x", - "resource_group": "rg-rk6x", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-rk6x", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Connection security. 4. Under Firewall rules, set Allow access to Azure services to No. 5. Click Save. From Azure CLI Use the below command to delete the AllowAllWindowsAzureIps rule for PostgreSQL Database. az postgres server firewall-rule delete --name AllowAllWindowsAzureIps -- resource-group --server-name ", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/quickstart-create-server-database-azure-cli#configure-a-server-based-firewall-rule" - ] - }, - "risk_details": "If access from Azure services is enabled, the server's firewall will accept connections from all Azure resources, including resources not in your subscription. This is usually not a desired configuration. Instead, set up firewall rules to allow access from specific network ranges or VNET rules to allow access from specific virtual networks.", - "time": 1760900493, - "time_dt": "2025-10-19T19:01:33.799774", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-rtac from subscription Azure subscription 1 has allow public access from any Azure service disabled", - "metadata": { - "event_code": "postgresql_flexible_server_allow_access_services_disabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-rtac from subscription Azure subscription 1 has allow public access from any Azure service disabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/azure/postgresql/concepts-firewall-rules", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.r4.az.sa.3" - ], - "CIS-2.0": [ - "4.3.7" - ], - "ProwlerThreatScore-1.0": [ - "2.2.2" - ], - "ISO27001-2022": [ - "A.8.3" - ], - "CIS-2.1": [ - "4.3.7" - ], - "CIS-3.0": [ - "5.2.5" - ], - "CCC": [ - "CCC.DataWar.CN03.AR01" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900493, - "created_time_dt": "2025-10-19T19:01:33.799774", - "desc": "Disable access from Azure services to PostgreSQL Database Server.", - "title": "Ensure 'Allow access to Azure services' for PostgreSQL Database Server is disabled", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_allow_access_services_disabled-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-rtac" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac", - "name": "psql-rtac", - "resource_group": "rg-rtac", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-rtac", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Connection security. 4. Under Firewall rules, set Allow access to Azure services to No. 5. Click Save. From Azure CLI Use the below command to delete the AllowAllWindowsAzureIps rule for PostgreSQL Database. az postgres server firewall-rule delete --name AllowAllWindowsAzureIps -- resource-group --server-name ", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/quickstart-create-server-database-azure-cli#configure-a-server-based-firewall-rule" - ] - }, - "risk_details": "If access from Azure services is enabled, the server's firewall will accept connections from all Azure resources, including resources not in your subscription. This is usually not a desired configuration. Instead, set up firewall rules to allow access from specific network ranges or VNET rules to allow access from specific virtual networks.", - "time": 1760900493, - "time_dt": "2025-10-19T19:01:33.799774", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-tumw from subscription Azure subscription 1 has allow public access from any Azure service disabled", - "metadata": { - "event_code": "postgresql_flexible_server_allow_access_services_disabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-tumw from subscription Azure subscription 1 has allow public access from any Azure service disabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/azure/postgresql/concepts-firewall-rules", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.r4.az.sa.3" - ], - "CIS-2.0": [ - "4.3.7" - ], - "ProwlerThreatScore-1.0": [ - "2.2.2" - ], - "ISO27001-2022": [ - "A.8.3" - ], - "CIS-2.1": [ - "4.3.7" - ], - "CIS-3.0": [ - "5.2.5" - ], - "CCC": [ - "CCC.DataWar.CN03.AR01" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900493, - "created_time_dt": "2025-10-19T19:01:33.799774", - "desc": "Disable access from Azure services to PostgreSQL Database Server.", - "title": "Ensure 'Allow access to Azure services' for PostgreSQL Database Server is disabled", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_allow_access_services_disabled-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-tumw" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw", - "name": "psql-tumw", - "resource_group": "rg-tumw", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-tumw", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Connection security. 4. Under Firewall rules, set Allow access to Azure services to No. 5. Click Save. From Azure CLI Use the below command to delete the AllowAllWindowsAzureIps rule for PostgreSQL Database. az postgres server firewall-rule delete --name AllowAllWindowsAzureIps -- resource-group --server-name ", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/quickstart-create-server-database-azure-cli#configure-a-server-based-firewall-rule" - ] - }, - "risk_details": "If access from Azure services is enabled, the server's firewall will accept connections from all Azure resources, including resources not in your subscription. This is usually not a desired configuration. Instead, set up firewall rules to allow access from specific network ranges or VNET rules to allow access from specific virtual networks.", - "time": 1760900493, - "time_dt": "2025-10-19T19:01:33.799774", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-e9rn from subscription Azure subscription 1 has connection_throttling disabled", - "metadata": { - "event_code": "postgresql_flexible_server_connection_throttling_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Flexible Postgresql server psql-e9rn from subscription Azure subscription 1 has connection_throttling disabled", - "status_id": 1, - "unmapped": { - "related_url": " https://docs.microsoft.com/en-us/rest/api/postgresql/configurations/listbyserver", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-2.0": [ - "4.3.5" - ], - "ProwlerThreatScore-1.0": [ - "3.1.2" - ], - "CIS-2.1": [ - "4.3.5" - ], - "CIS-3.0": [ - "5.2.3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900493, - "created_time_dt": "2025-10-19T19:01:33.799774", - "desc": "Enable connection_throttling on PostgreSQL Servers.", - "title": "Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_connection_throttling_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-e9rn" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn", - "name": "psql-e9rn", - "resource_group": "rg-e9rn", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-e9rn", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for connection_throttling. 5. Click ON and save. From Azure CLI Use the below command to update connection_throttling configuration. az postgres server configuration set --resource-group -- server-name --name connection_throttling --value on From PowerShell Use the below command to update connection_throttling configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name connection_throttling -Value on", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/how-to-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling connection_throttling helps the PostgreSQL Database to Set the verbosity of logged messages. This in turn generates query and error logs with respect to concurrent connections that could lead to a successful Denial of Service (DoS) attack by exhausting connection resources. A system can also fail or be degraded by an overload of legitimate users. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760900493, - "time_dt": "2025-10-19T19:01:33.799774", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-ireu from subscription Azure subscription 1 has connection_throttling disabled", - "metadata": { - "event_code": "postgresql_flexible_server_connection_throttling_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Flexible Postgresql server psql-ireu from subscription Azure subscription 1 has connection_throttling disabled", - "status_id": 1, - "unmapped": { - "related_url": " https://docs.microsoft.com/en-us/rest/api/postgresql/configurations/listbyserver", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-2.0": [ - "4.3.5" - ], - "ProwlerThreatScore-1.0": [ - "3.1.2" - ], - "CIS-2.1": [ - "4.3.5" - ], - "CIS-3.0": [ - "5.2.3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900493, - "created_time_dt": "2025-10-19T19:01:33.799774", - "desc": "Enable connection_throttling on PostgreSQL Servers.", - "title": "Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_connection_throttling_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-ireu" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu", - "name": "psql-ireu", - "resource_group": "rg-ireu", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-ireu", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for connection_throttling. 5. Click ON and save. From Azure CLI Use the below command to update connection_throttling configuration. az postgres server configuration set --resource-group -- server-name --name connection_throttling --value on From PowerShell Use the below command to update connection_throttling configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name connection_throttling -Value on", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/how-to-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling connection_throttling helps the PostgreSQL Database to Set the verbosity of logged messages. This in turn generates query and error logs with respect to concurrent connections that could lead to a successful Denial of Service (DoS) attack by exhausting connection resources. A system can also fail or be degraded by an overload of legitimate users. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760900493, - "time_dt": "2025-10-19T19:01:33.799774", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-rk6x from subscription Azure subscription 1 has connection_throttling disabled", - "metadata": { - "event_code": "postgresql_flexible_server_connection_throttling_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Flexible Postgresql server psql-rk6x from subscription Azure subscription 1 has connection_throttling disabled", - "status_id": 1, - "unmapped": { - "related_url": " https://docs.microsoft.com/en-us/rest/api/postgresql/configurations/listbyserver", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-2.0": [ - "4.3.5" - ], - "ProwlerThreatScore-1.0": [ - "3.1.2" - ], - "CIS-2.1": [ - "4.3.5" - ], - "CIS-3.0": [ - "5.2.3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900493, - "created_time_dt": "2025-10-19T19:01:33.799774", - "desc": "Enable connection_throttling on PostgreSQL Servers.", - "title": "Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_connection_throttling_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-rk6x" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x", - "name": "psql-rk6x", - "resource_group": "rg-rk6x", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-rk6x", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for connection_throttling. 5. Click ON and save. From Azure CLI Use the below command to update connection_throttling configuration. az postgres server configuration set --resource-group -- server-name --name connection_throttling --value on From PowerShell Use the below command to update connection_throttling configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name connection_throttling -Value on", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/how-to-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling connection_throttling helps the PostgreSQL Database to Set the verbosity of logged messages. This in turn generates query and error logs with respect to concurrent connections that could lead to a successful Denial of Service (DoS) attack by exhausting connection resources. A system can also fail or be degraded by an overload of legitimate users. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760900493, - "time_dt": "2025-10-19T19:01:33.799774", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-rtac from subscription Azure subscription 1 has connection_throttling disabled", - "metadata": { - "event_code": "postgresql_flexible_server_connection_throttling_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Flexible Postgresql server psql-rtac from subscription Azure subscription 1 has connection_throttling disabled", - "status_id": 1, - "unmapped": { - "related_url": " https://docs.microsoft.com/en-us/rest/api/postgresql/configurations/listbyserver", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-2.0": [ - "4.3.5" - ], - "ProwlerThreatScore-1.0": [ - "3.1.2" - ], - "CIS-2.1": [ - "4.3.5" - ], - "CIS-3.0": [ - "5.2.3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900493, - "created_time_dt": "2025-10-19T19:01:33.799774", - "desc": "Enable connection_throttling on PostgreSQL Servers.", - "title": "Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_connection_throttling_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-rtac" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac", - "name": "psql-rtac", - "resource_group": "rg-rtac", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-rtac", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for connection_throttling. 5. Click ON and save. From Azure CLI Use the below command to update connection_throttling configuration. az postgres server configuration set --resource-group -- server-name --name connection_throttling --value on From PowerShell Use the below command to update connection_throttling configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name connection_throttling -Value on", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/how-to-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling connection_throttling helps the PostgreSQL Database to Set the verbosity of logged messages. This in turn generates query and error logs with respect to concurrent connections that could lead to a successful Denial of Service (DoS) attack by exhausting connection resources. A system can also fail or be degraded by an overload of legitimate users. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760900493, - "time_dt": "2025-10-19T19:01:33.799774", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-tumw from subscription Azure subscription 1 has connection_throttling disabled", - "metadata": { - "event_code": "postgresql_flexible_server_connection_throttling_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Flexible Postgresql server psql-tumw from subscription Azure subscription 1 has connection_throttling disabled", - "status_id": 1, - "unmapped": { - "related_url": " https://docs.microsoft.com/en-us/rest/api/postgresql/configurations/listbyserver", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-2.0": [ - "4.3.5" - ], - "ProwlerThreatScore-1.0": [ - "3.1.2" - ], - "CIS-2.1": [ - "4.3.5" - ], - "CIS-3.0": [ - "5.2.3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900493, - "created_time_dt": "2025-10-19T19:01:33.799774", - "desc": "Enable connection_throttling on PostgreSQL Servers.", - "title": "Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_connection_throttling_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-tumw" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw", - "name": "psql-tumw", - "resource_group": "rg-tumw", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-tumw", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for connection_throttling. 5. Click ON and save. From Azure CLI Use the below command to update connection_throttling configuration. az postgres server configuration set --resource-group -- server-name --name connection_throttling --value on From PowerShell Use the below command to update connection_throttling configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name connection_throttling -Value on", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/how-to-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling connection_throttling helps the PostgreSQL Database to Set the verbosity of logged messages. This in turn generates query and error logs with respect to concurrent connections that could lead to a successful Denial of Service (DoS) attack by exhausting connection resources. A system can also fail or be degraded by an overload of legitimate users. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760900493, - "time_dt": "2025-10-19T19:01:33.799774", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-e9rn from subscription Azure subscription 1 has enforce ssl enabled", - "metadata": { - "event_code": "postgresql_flexible_server_enforce_ssl_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-e9rn from subscription Azure subscription 1 has enforce ssl enabled", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/postgresql/single-server/concepts-ssl-connection-security", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": ".", - "compliance": { - "MITRE-ATTACK": [ - "T1040", - "T1530" - ], - "CIS-2.0": [ - "4.3.1" - ], - "ProwlerThreatScore-1.0": [ - "4.1.1", - "4.1.2" - ], - "SOC2": [ - "cc_6_2", - "cc_6_6" - ], - "CIS-2.1": [ - "4.3.1" - ], - "CIS-3.0": [ - "5.2.1", - "5.3.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900493, - "created_time_dt": "2025-10-19T19:01:33.799774", - "desc": "Enable SSL connection on PostgreSQL Servers.", - "title": "Ensure 'Enforce SSL connection' is set to 'ENABLED' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_enforce_ssl_enabled-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-e9rn" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn", - "name": "psql-e9rn", - "resource_group": "rg-e9rn", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-e9rn", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com 2. Go to Azure Database for PostgreSQL server 3. For each database, click on Connection security 4. In SSL settings, click on ENABLED to enforce SSL connections 5. Click Save From Azure CLI Use the below command to enforce ssl connection for PostgreSQL Database. az postgres server update --resource-group --name --ssl-enforcement Enabled From PowerShell Update-AzPostgreSqlServer -ResourceGroupName -ServerName -SslEnforcement Enabled", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/concepts-ssl-connection-security" - ] - }, - "risk_details": "SSL connectivity helps to provide a new layer of security by connecting database server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between database server and client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and application.", - "time": 1760900493, - "time_dt": "2025-10-19T19:01:33.799774", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-ireu from subscription Azure subscription 1 has enforce ssl enabled", - "metadata": { - "event_code": "postgresql_flexible_server_enforce_ssl_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-ireu from subscription Azure subscription 1 has enforce ssl enabled", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/postgresql/single-server/concepts-ssl-connection-security", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": ".", - "compliance": { - "MITRE-ATTACK": [ - "T1040", - "T1530" - ], - "CIS-2.0": [ - "4.3.1" - ], - "ProwlerThreatScore-1.0": [ - "4.1.1", - "4.1.2" - ], - "SOC2": [ - "cc_6_2", - "cc_6_6" - ], - "CIS-2.1": [ - "4.3.1" - ], - "CIS-3.0": [ - "5.2.1", - "5.3.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900493, - "created_time_dt": "2025-10-19T19:01:33.799774", - "desc": "Enable SSL connection on PostgreSQL Servers.", - "title": "Ensure 'Enforce SSL connection' is set to 'ENABLED' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_enforce_ssl_enabled-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-ireu" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu", - "name": "psql-ireu", - "resource_group": "rg-ireu", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-ireu", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com 2. Go to Azure Database for PostgreSQL server 3. For each database, click on Connection security 4. In SSL settings, click on ENABLED to enforce SSL connections 5. Click Save From Azure CLI Use the below command to enforce ssl connection for PostgreSQL Database. az postgres server update --resource-group --name --ssl-enforcement Enabled From PowerShell Update-AzPostgreSqlServer -ResourceGroupName -ServerName -SslEnforcement Enabled", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/concepts-ssl-connection-security" - ] - }, - "risk_details": "SSL connectivity helps to provide a new layer of security by connecting database server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between database server and client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and application.", - "time": 1760900493, - "time_dt": "2025-10-19T19:01:33.799774", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-rk6x from subscription Azure subscription 1 has enforce ssl enabled", - "metadata": { - "event_code": "postgresql_flexible_server_enforce_ssl_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-rk6x from subscription Azure subscription 1 has enforce ssl enabled", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/postgresql/single-server/concepts-ssl-connection-security", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": ".", - "compliance": { - "MITRE-ATTACK": [ - "T1040", - "T1530" - ], - "CIS-2.0": [ - "4.3.1" - ], - "ProwlerThreatScore-1.0": [ - "4.1.1", - "4.1.2" - ], - "SOC2": [ - "cc_6_2", - "cc_6_6" - ], - "CIS-2.1": [ - "4.3.1" - ], - "CIS-3.0": [ - "5.2.1", - "5.3.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900493, - "created_time_dt": "2025-10-19T19:01:33.799774", - "desc": "Enable SSL connection on PostgreSQL Servers.", - "title": "Ensure 'Enforce SSL connection' is set to 'ENABLED' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_enforce_ssl_enabled-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-rk6x" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x", - "name": "psql-rk6x", - "resource_group": "rg-rk6x", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-rk6x", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com 2. Go to Azure Database for PostgreSQL server 3. For each database, click on Connection security 4. In SSL settings, click on ENABLED to enforce SSL connections 5. Click Save From Azure CLI Use the below command to enforce ssl connection for PostgreSQL Database. az postgres server update --resource-group --name --ssl-enforcement Enabled From PowerShell Update-AzPostgreSqlServer -ResourceGroupName -ServerName -SslEnforcement Enabled", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/concepts-ssl-connection-security" - ] - }, - "risk_details": "SSL connectivity helps to provide a new layer of security by connecting database server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between database server and client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and application.", - "time": 1760900493, - "time_dt": "2025-10-19T19:01:33.799774", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-rtac from subscription Azure subscription 1 has enforce ssl enabled", - "metadata": { - "event_code": "postgresql_flexible_server_enforce_ssl_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-rtac from subscription Azure subscription 1 has enforce ssl enabled", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/postgresql/single-server/concepts-ssl-connection-security", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": ".", - "compliance": { - "MITRE-ATTACK": [ - "T1040", - "T1530" - ], - "CIS-2.0": [ - "4.3.1" - ], - "ProwlerThreatScore-1.0": [ - "4.1.1", - "4.1.2" - ], - "SOC2": [ - "cc_6_2", - "cc_6_6" - ], - "CIS-2.1": [ - "4.3.1" - ], - "CIS-3.0": [ - "5.2.1", - "5.3.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900493, - "created_time_dt": "2025-10-19T19:01:33.799774", - "desc": "Enable SSL connection on PostgreSQL Servers.", - "title": "Ensure 'Enforce SSL connection' is set to 'ENABLED' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_enforce_ssl_enabled-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-rtac" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac", - "name": "psql-rtac", - "resource_group": "rg-rtac", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-rtac", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com 2. Go to Azure Database for PostgreSQL server 3. For each database, click on Connection security 4. In SSL settings, click on ENABLED to enforce SSL connections 5. Click Save From Azure CLI Use the below command to enforce ssl connection for PostgreSQL Database. az postgres server update --resource-group --name --ssl-enforcement Enabled From PowerShell Update-AzPostgreSqlServer -ResourceGroupName -ServerName -SslEnforcement Enabled", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/concepts-ssl-connection-security" - ] - }, - "risk_details": "SSL connectivity helps to provide a new layer of security by connecting database server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between database server and client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and application.", - "time": 1760900493, - "time_dt": "2025-10-19T19:01:33.799774", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-tumw from subscription Azure subscription 1 has enforce ssl enabled", - "metadata": { - "event_code": "postgresql_flexible_server_enforce_ssl_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-tumw from subscription Azure subscription 1 has enforce ssl enabled", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/postgresql/single-server/concepts-ssl-connection-security", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": ".", - "compliance": { - "MITRE-ATTACK": [ - "T1040", - "T1530" - ], - "CIS-2.0": [ - "4.3.1" - ], - "ProwlerThreatScore-1.0": [ - "4.1.1", - "4.1.2" - ], - "SOC2": [ - "cc_6_2", - "cc_6_6" - ], - "CIS-2.1": [ - "4.3.1" - ], - "CIS-3.0": [ - "5.2.1", - "5.3.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900493, - "created_time_dt": "2025-10-19T19:01:33.799774", - "desc": "Enable SSL connection on PostgreSQL Servers.", - "title": "Ensure 'Enforce SSL connection' is set to 'ENABLED' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_enforce_ssl_enabled-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-tumw" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw", - "name": "psql-tumw", - "resource_group": "rg-tumw", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-tumw", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com 2. Go to Azure Database for PostgreSQL server 3. For each database, click on Connection security 4. In SSL settings, click on ENABLED to enforce SSL connections 5. Click Save From Azure CLI Use the below command to enforce ssl connection for PostgreSQL Database. az postgres server update --resource-group --name --ssl-enforcement Enabled From PowerShell Update-AzPostgreSqlServer -ResourceGroupName -ServerName -SslEnforcement Enabled", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/concepts-ssl-connection-security" - ] - }, - "risk_details": "SSL connectivity helps to provide a new layer of security by connecting database server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between database server and client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and application.", - "time": 1760900493, - "time_dt": "2025-10-19T19:01:33.799774", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-e9rn from subscription Azure subscription 1 has log_checkpoints enabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_checkpoints_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-e9rn from subscription Azure subscription 1 has log_checkpoints enabled", - "status_id": 1, - "unmapped": { - "related_url": " https://docs.microsoft.com/en-us/rest/api/postgresql/singleserver/configurations/list-by-server", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.3" - ], - "CIS-2.0": [ - "4.3.2" - ], - "ProwlerThreatScore-1.0": [ - "3.1.1" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "4.3.2" - ], - "CIS-3.0": [ - "5.2.2" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.g", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900493, - "created_time_dt": "2025-10-19T19:01:33.799774", - "desc": "Enable log_checkpoints on PostgreSQL Servers.", - "title": "Ensure Server Parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_checkpoints_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-e9rn" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn", - "name": "psql-e9rn", - "resource_group": "rg-e9rn", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-e9rn", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. From Azure Home select the Portal Menu. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for log_checkpoints. 5. Click ON and save. From Azure CLI Use the below command to update log_checkpoints configuration. az postgres server configuration set --resource-group -- server-name --name log_checkpoints --value on From PowerShell Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_checkpoints -Value on", - "references": [ - "https://docs.microsoft.com/en-us/azure/postgresql/howto-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling log_checkpoints helps the PostgreSQL Database to Log each checkpoint in turn generates query and error logs. However, access to transaction logs is not supported. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760900493, - "time_dt": "2025-10-19T19:01:33.799774", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-ireu from subscription Azure subscription 1 has log_checkpoints enabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_checkpoints_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-ireu from subscription Azure subscription 1 has log_checkpoints enabled", - "status_id": 1, - "unmapped": { - "related_url": " https://docs.microsoft.com/en-us/rest/api/postgresql/singleserver/configurations/list-by-server", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.3" - ], - "CIS-2.0": [ - "4.3.2" - ], - "ProwlerThreatScore-1.0": [ - "3.1.1" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "4.3.2" - ], - "CIS-3.0": [ - "5.2.2" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.g", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900493, - "created_time_dt": "2025-10-19T19:01:33.799774", - "desc": "Enable log_checkpoints on PostgreSQL Servers.", - "title": "Ensure Server Parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_checkpoints_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-ireu" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu", - "name": "psql-ireu", - "resource_group": "rg-ireu", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-ireu", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. From Azure Home select the Portal Menu. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for log_checkpoints. 5. Click ON and save. From Azure CLI Use the below command to update log_checkpoints configuration. az postgres server configuration set --resource-group -- server-name --name log_checkpoints --value on From PowerShell Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_checkpoints -Value on", - "references": [ - "https://docs.microsoft.com/en-us/azure/postgresql/howto-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling log_checkpoints helps the PostgreSQL Database to Log each checkpoint in turn generates query and error logs. However, access to transaction logs is not supported. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760900493, - "time_dt": "2025-10-19T19:01:33.799774", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-rk6x from subscription Azure subscription 1 has log_checkpoints enabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_checkpoints_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-rk6x from subscription Azure subscription 1 has log_checkpoints enabled", - "status_id": 1, - "unmapped": { - "related_url": " https://docs.microsoft.com/en-us/rest/api/postgresql/singleserver/configurations/list-by-server", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.3" - ], - "CIS-2.0": [ - "4.3.2" - ], - "ProwlerThreatScore-1.0": [ - "3.1.1" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "4.3.2" - ], - "CIS-3.0": [ - "5.2.2" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.g", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900493, - "created_time_dt": "2025-10-19T19:01:33.799774", - "desc": "Enable log_checkpoints on PostgreSQL Servers.", - "title": "Ensure Server Parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_checkpoints_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-rk6x" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x", - "name": "psql-rk6x", - "resource_group": "rg-rk6x", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-rk6x", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. From Azure Home select the Portal Menu. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for log_checkpoints. 5. Click ON and save. From Azure CLI Use the below command to update log_checkpoints configuration. az postgres server configuration set --resource-group -- server-name --name log_checkpoints --value on From PowerShell Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_checkpoints -Value on", - "references": [ - "https://docs.microsoft.com/en-us/azure/postgresql/howto-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling log_checkpoints helps the PostgreSQL Database to Log each checkpoint in turn generates query and error logs. However, access to transaction logs is not supported. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760900493, - "time_dt": "2025-10-19T19:01:33.799774", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-rtac from subscription Azure subscription 1 has log_checkpoints enabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_checkpoints_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-rtac from subscription Azure subscription 1 has log_checkpoints enabled", - "status_id": 1, - "unmapped": { - "related_url": " https://docs.microsoft.com/en-us/rest/api/postgresql/singleserver/configurations/list-by-server", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.3" - ], - "CIS-2.0": [ - "4.3.2" - ], - "ProwlerThreatScore-1.0": [ - "3.1.1" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "4.3.2" - ], - "CIS-3.0": [ - "5.2.2" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.g", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900493, - "created_time_dt": "2025-10-19T19:01:33.799774", - "desc": "Enable log_checkpoints on PostgreSQL Servers.", - "title": "Ensure Server Parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_checkpoints_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-rtac" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac", - "name": "psql-rtac", - "resource_group": "rg-rtac", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-rtac", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. From Azure Home select the Portal Menu. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for log_checkpoints. 5. Click ON and save. From Azure CLI Use the below command to update log_checkpoints configuration. az postgres server configuration set --resource-group -- server-name --name log_checkpoints --value on From PowerShell Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_checkpoints -Value on", - "references": [ - "https://docs.microsoft.com/en-us/azure/postgresql/howto-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling log_checkpoints helps the PostgreSQL Database to Log each checkpoint in turn generates query and error logs. However, access to transaction logs is not supported. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760900493, - "time_dt": "2025-10-19T19:01:33.799774", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-tumw from subscription Azure subscription 1 has log_checkpoints enabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_checkpoints_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-tumw from subscription Azure subscription 1 has log_checkpoints enabled", - "status_id": 1, - "unmapped": { - "related_url": " https://docs.microsoft.com/en-us/rest/api/postgresql/singleserver/configurations/list-by-server", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.3" - ], - "CIS-2.0": [ - "4.3.2" - ], - "ProwlerThreatScore-1.0": [ - "3.1.1" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "4.3.2" - ], - "CIS-3.0": [ - "5.2.2" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.g", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900493, - "created_time_dt": "2025-10-19T19:01:33.799774", - "desc": "Enable log_checkpoints on PostgreSQL Servers.", - "title": "Ensure Server Parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_checkpoints_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-tumw" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw", - "name": "psql-tumw", - "resource_group": "rg-tumw", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-tumw", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. From Azure Home select the Portal Menu. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for log_checkpoints. 5. Click ON and save. From Azure CLI Use the below command to update log_checkpoints configuration. az postgres server configuration set --resource-group -- server-name --name log_checkpoints --value on From PowerShell Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_checkpoints -Value on", - "references": [ - "https://docs.microsoft.com/en-us/azure/postgresql/howto-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling log_checkpoints helps the PostgreSQL Database to Log each checkpoint in turn generates query and error logs. However, access to transaction logs is not supported. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760900493, - "time_dt": "2025-10-19T19:01:33.799774", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-e9rn from subscription Azure subscription 1 has log_connections enabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_connections_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-e9rn from subscription Azure subscription 1 has log_connections enabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/rest/api/postgresql/configurations/listbyserver", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.3" - ], - "CIS-2.0": [ - "4.3.3" - ], - "ProwlerThreatScore-1.0": [ - "3.1.3" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "4.3.3" - ], - "CIS-3.0": [ - "5.2.6" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.c", - "3.2.3.e", - "3.2.3.g", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900493, - "created_time_dt": "2025-10-19T19:01:33.799774", - "desc": "Enable log_connections on PostgreSQL Servers.", - "title": "Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_connections_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-e9rn" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn", - "name": "psql-e9rn", - "resource_group": "rg-e9rn", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-e9rn", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for log_connections. 5. Click ON and save. From Azure CLI Use the below command to update log_connections configuration. az postgres server configuration set --resource-group -- server-name --name log_connections --value on From PowerShell Use the below command to update log_connections configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_connections -Value on", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/how-to-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling log_connections helps PostgreSQL Database to log attempted connection to the server, as well as successful completion of client authentication. Log data can be used to identify, troubleshoot, and repair configuration errors and suboptimal performance.", - "time": 1760900493, - "time_dt": "2025-10-19T19:01:33.799774", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-ireu from subscription Azure subscription 1 has log_connections enabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_connections_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-ireu from subscription Azure subscription 1 has log_connections enabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/rest/api/postgresql/configurations/listbyserver", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.3" - ], - "CIS-2.0": [ - "4.3.3" - ], - "ProwlerThreatScore-1.0": [ - "3.1.3" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "4.3.3" - ], - "CIS-3.0": [ - "5.2.6" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.c", - "3.2.3.e", - "3.2.3.g", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900493, - "created_time_dt": "2025-10-19T19:01:33.799774", - "desc": "Enable log_connections on PostgreSQL Servers.", - "title": "Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_connections_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-ireu" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu", - "name": "psql-ireu", - "resource_group": "rg-ireu", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-ireu", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for log_connections. 5. Click ON and save. From Azure CLI Use the below command to update log_connections configuration. az postgres server configuration set --resource-group -- server-name --name log_connections --value on From PowerShell Use the below command to update log_connections configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_connections -Value on", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/how-to-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling log_connections helps PostgreSQL Database to log attempted connection to the server, as well as successful completion of client authentication. Log data can be used to identify, troubleshoot, and repair configuration errors and suboptimal performance.", - "time": 1760900493, - "time_dt": "2025-10-19T19:01:33.799774", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-rk6x from subscription Azure subscription 1 has log_connections enabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_connections_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-rk6x from subscription Azure subscription 1 has log_connections enabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/rest/api/postgresql/configurations/listbyserver", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.3" - ], - "CIS-2.0": [ - "4.3.3" - ], - "ProwlerThreatScore-1.0": [ - "3.1.3" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "4.3.3" - ], - "CIS-3.0": [ - "5.2.6" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.c", - "3.2.3.e", - "3.2.3.g", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900493, - "created_time_dt": "2025-10-19T19:01:33.799774", - "desc": "Enable log_connections on PostgreSQL Servers.", - "title": "Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_connections_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-rk6x" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x", - "name": "psql-rk6x", - "resource_group": "rg-rk6x", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-rk6x", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for log_connections. 5. Click ON and save. From Azure CLI Use the below command to update log_connections configuration. az postgres server configuration set --resource-group -- server-name --name log_connections --value on From PowerShell Use the below command to update log_connections configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_connections -Value on", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/how-to-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling log_connections helps PostgreSQL Database to log attempted connection to the server, as well as successful completion of client authentication. Log data can be used to identify, troubleshoot, and repair configuration errors and suboptimal performance.", - "time": 1760900493, - "time_dt": "2025-10-19T19:01:33.799774", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-rtac from subscription Azure subscription 1 has log_connections enabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_connections_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-rtac from subscription Azure subscription 1 has log_connections enabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/rest/api/postgresql/configurations/listbyserver", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.3" - ], - "CIS-2.0": [ - "4.3.3" - ], - "ProwlerThreatScore-1.0": [ - "3.1.3" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "4.3.3" - ], - "CIS-3.0": [ - "5.2.6" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.c", - "3.2.3.e", - "3.2.3.g", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900493, - "created_time_dt": "2025-10-19T19:01:33.799774", - "desc": "Enable log_connections on PostgreSQL Servers.", - "title": "Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_connections_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-rtac" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac", - "name": "psql-rtac", - "resource_group": "rg-rtac", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-rtac", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for log_connections. 5. Click ON and save. From Azure CLI Use the below command to update log_connections configuration. az postgres server configuration set --resource-group -- server-name --name log_connections --value on From PowerShell Use the below command to update log_connections configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_connections -Value on", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/how-to-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling log_connections helps PostgreSQL Database to log attempted connection to the server, as well as successful completion of client authentication. Log data can be used to identify, troubleshoot, and repair configuration errors and suboptimal performance.", - "time": 1760900493, - "time_dt": "2025-10-19T19:01:33.799774", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-tumw from subscription Azure subscription 1 has log_connections enabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_connections_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-tumw from subscription Azure subscription 1 has log_connections enabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/rest/api/postgresql/configurations/listbyserver", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.3" - ], - "CIS-2.0": [ - "4.3.3" - ], - "ProwlerThreatScore-1.0": [ - "3.1.3" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "4.3.3" - ], - "CIS-3.0": [ - "5.2.6" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.c", - "3.2.3.e", - "3.2.3.g", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900493, - "created_time_dt": "2025-10-19T19:01:33.799774", - "desc": "Enable log_connections on PostgreSQL Servers.", - "title": "Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_connections_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-tumw" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw", - "name": "psql-tumw", - "resource_group": "rg-tumw", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-tumw", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for log_connections. 5. Click ON and save. From Azure CLI Use the below command to update log_connections configuration. az postgres server configuration set --resource-group -- server-name --name log_connections --value on From PowerShell Use the below command to update log_connections configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_connections -Value on", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/how-to-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling log_connections helps PostgreSQL Database to log attempted connection to the server, as well as successful completion of client authentication. Log data can be used to identify, troubleshoot, and repair configuration errors and suboptimal performance.", - "time": 1760900493, - "time_dt": "2025-10-19T19:01:33.799774", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-e9rn from subscription Azure subscription 1 has log_disconnections enabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_disconnections_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-e9rn from subscription Azure subscription 1 has log_disconnections enabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/rest/api/postgresql/singleserver/configurations/list-by-server", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Enabling this setting will enable a log of all disconnections. If this is enabled for a high traffic server, the log may grow exponentially.", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.3" - ], - "CIS-2.0": [ - "4.3.4" - ], - "ProwlerThreatScore-1.0": [ - "3.1.4" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "4.3.4" - ], - "CIS-3.0": [ - "5.2.7" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.c", - "3.2.3.e", - "3.2.3.g", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900493, - "created_time_dt": "2025-10-19T19:01:33.799774", - "desc": "Enable log_disconnections on PostgreSQL Servers.", - "title": "Ensure server parameter 'log_disconnections' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_disconnections_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-e9rn" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn", - "name": "psql-e9rn", - "resource_group": "rg-e9rn", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-e9rn", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. From Azure Home select the Portal Menu 2. Go to Azure Database for PostgreSQL servers 3. For each database, click on Server parameters 4. Search for log_disconnections. 5. Click ON and save. From Azure CLI Use the below command to update log_disconnections configuration. az postgres server configuration set --resource-group -- server-name --name log_disconnections --value on From PowerShell Use the below command to update log_disconnections configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName -- server-name --name log_disconnections --value on From PowerShell Use the below command to update log_disconnections configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName -- server-name --name log_disconnections --value on From PowerShell Use the below command to update log_disconnections configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName -- server-name --name log_disconnections --value on From PowerShell Use the below command to update log_disconnections configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName -- server-name --name log_disconnections --value on From PowerShell Use the below command to update log_disconnections configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName -- server-name --name log_retention_days --value <4-7> From Powershell Use the below command to update log_retention_days configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_retention_days -Value <4-7>", - "references": [ - "https://learn.microsoft.com/en-us/rest/api/postgresql/singleserver/configurations/list-by-server?view=rest-postgresql-singleserver-2017-12-01&tabs=HTTP" - ] - }, - "risk_details": "Configuring log_retention_days determines the duration in days that Azure Database for PostgreSQL retains log files. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760900493, - "time_dt": "2025-10-19T19:01:33.799774", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-ireu from subscription Azure subscription 1 has log_retention disabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_retention_days_greater_3", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Flexible Postgresql server psql-ireu from subscription Azure subscription 1 has log_retention disabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/azure/postgresql/howto-configure-server-parameters-using-portal", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Configuring this setting will result in logs being retained for the specified number of days. If this is configured on a high traffic server, the log may grow quickly to occupy a large amount of disk space. In this case you may want to set this to a lower number.", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.r3.az.nt.1", - "op.mon.3.az.nw.1" - ], - "CIS-2.0": [ - "4.3.6" - ], - "ProwlerThreatScore-1.0": [ - "3.2.2" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1", - "cc_c_1_2" - ], - "CIS-2.1": [ - "4.3.6" - ], - "CIS-3.0": [ - "5.2.4" - ], - "CCC": [ - "CCC.Logging.CN02.AR02" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.g", - "3.2.5", - "4.1.2.g", - "4.1.4", - "6.1.2.b", - "11.2.2.f", - "12.2.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900493, - "created_time_dt": "2025-10-19T19:01:33.799774", - "desc": "Ensure log_retention_days on PostgreSQL Servers is set to an appropriate value.", - "title": "Ensure Server Parameter 'log_retention_days' is greater than 3 days for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_retention_days_greater_3-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-ireu" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu", - "name": "psql-ireu", - "resource_group": "rg-ireu", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-ireu", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. From Azure Home select the Portal Menu. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for log_retention_days. 5. Input a value between 4 and 7 (inclusive) and click Save. From Azure CLI Use the below command to update log_retention_days configuration. az postgres server configuration set --resource-group -- server-name --name log_retention_days --value <4-7> From Powershell Use the below command to update log_retention_days configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_retention_days -Value <4-7>", - "references": [ - "https://learn.microsoft.com/en-us/rest/api/postgresql/singleserver/configurations/list-by-server?view=rest-postgresql-singleserver-2017-12-01&tabs=HTTP" - ] - }, - "risk_details": "Configuring log_retention_days determines the duration in days that Azure Database for PostgreSQL retains log files. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760900493, - "time_dt": "2025-10-19T19:01:33.799774", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-rk6x from subscription Azure subscription 1 has log_retention disabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_retention_days_greater_3", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Flexible Postgresql server psql-rk6x from subscription Azure subscription 1 has log_retention disabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/azure/postgresql/howto-configure-server-parameters-using-portal", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Configuring this setting will result in logs being retained for the specified number of days. If this is configured on a high traffic server, the log may grow quickly to occupy a large amount of disk space. In this case you may want to set this to a lower number.", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.r3.az.nt.1", - "op.mon.3.az.nw.1" - ], - "CIS-2.0": [ - "4.3.6" - ], - "ProwlerThreatScore-1.0": [ - "3.2.2" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1", - "cc_c_1_2" - ], - "CIS-2.1": [ - "4.3.6" - ], - "CIS-3.0": [ - "5.2.4" - ], - "CCC": [ - "CCC.Logging.CN02.AR02" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.g", - "3.2.5", - "4.1.2.g", - "4.1.4", - "6.1.2.b", - "11.2.2.f", - "12.2.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900493, - "created_time_dt": "2025-10-19T19:01:33.799774", - "desc": "Ensure log_retention_days on PostgreSQL Servers is set to an appropriate value.", - "title": "Ensure Server Parameter 'log_retention_days' is greater than 3 days for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_retention_days_greater_3-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-rk6x" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x", - "name": "psql-rk6x", - "resource_group": "rg-rk6x", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-rk6x", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. From Azure Home select the Portal Menu. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for log_retention_days. 5. Input a value between 4 and 7 (inclusive) and click Save. From Azure CLI Use the below command to update log_retention_days configuration. az postgres server configuration set --resource-group -- server-name --name log_retention_days --value <4-7> From Powershell Use the below command to update log_retention_days configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_retention_days -Value <4-7>", - "references": [ - "https://learn.microsoft.com/en-us/rest/api/postgresql/singleserver/configurations/list-by-server?view=rest-postgresql-singleserver-2017-12-01&tabs=HTTP" - ] - }, - "risk_details": "Configuring log_retention_days determines the duration in days that Azure Database for PostgreSQL retains log files. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760900493, - "time_dt": "2025-10-19T19:01:33.799774", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-rtac from subscription Azure subscription 1 has log_retention disabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_retention_days_greater_3", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Flexible Postgresql server psql-rtac from subscription Azure subscription 1 has log_retention disabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/azure/postgresql/howto-configure-server-parameters-using-portal", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Configuring this setting will result in logs being retained for the specified number of days. If this is configured on a high traffic server, the log may grow quickly to occupy a large amount of disk space. In this case you may want to set this to a lower number.", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.r3.az.nt.1", - "op.mon.3.az.nw.1" - ], - "CIS-2.0": [ - "4.3.6" - ], - "ProwlerThreatScore-1.0": [ - "3.2.2" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1", - "cc_c_1_2" - ], - "CIS-2.1": [ - "4.3.6" - ], - "CIS-3.0": [ - "5.2.4" - ], - "CCC": [ - "CCC.Logging.CN02.AR02" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.g", - "3.2.5", - "4.1.2.g", - "4.1.4", - "6.1.2.b", - "11.2.2.f", - "12.2.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900493, - "created_time_dt": "2025-10-19T19:01:33.799774", - "desc": "Ensure log_retention_days on PostgreSQL Servers is set to an appropriate value.", - "title": "Ensure Server Parameter 'log_retention_days' is greater than 3 days for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_retention_days_greater_3-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-rtac" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac", - "name": "psql-rtac", - "resource_group": "rg-rtac", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-rtac", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. From Azure Home select the Portal Menu. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for log_retention_days. 5. Input a value between 4 and 7 (inclusive) and click Save. From Azure CLI Use the below command to update log_retention_days configuration. az postgres server configuration set --resource-group -- server-name --name log_retention_days --value <4-7> From Powershell Use the below command to update log_retention_days configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_retention_days -Value <4-7>", - "references": [ - "https://learn.microsoft.com/en-us/rest/api/postgresql/singleserver/configurations/list-by-server?view=rest-postgresql-singleserver-2017-12-01&tabs=HTTP" - ] - }, - "risk_details": "Configuring log_retention_days determines the duration in days that Azure Database for PostgreSQL retains log files. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760900493, - "time_dt": "2025-10-19T19:01:33.799774", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-tumw from subscription Azure subscription 1 has log_retention disabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_retention_days_greater_3", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Flexible Postgresql server psql-tumw from subscription Azure subscription 1 has log_retention disabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/azure/postgresql/howto-configure-server-parameters-using-portal", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Configuring this setting will result in logs being retained for the specified number of days. If this is configured on a high traffic server, the log may grow quickly to occupy a large amount of disk space. In this case you may want to set this to a lower number.", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.r3.az.nt.1", - "op.mon.3.az.nw.1" - ], - "CIS-2.0": [ - "4.3.6" - ], - "ProwlerThreatScore-1.0": [ - "3.2.2" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1", - "cc_c_1_2" - ], - "CIS-2.1": [ - "4.3.6" - ], - "CIS-3.0": [ - "5.2.4" - ], - "CCC": [ - "CCC.Logging.CN02.AR02" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.g", - "3.2.5", - "4.1.2.g", - "4.1.4", - "6.1.2.b", - "11.2.2.f", - "12.2.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900493, - "created_time_dt": "2025-10-19T19:01:33.799774", - "desc": "Ensure log_retention_days on PostgreSQL Servers is set to an appropriate value.", - "title": "Ensure Server Parameter 'log_retention_days' is greater than 3 days for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_retention_days_greater_3-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-tumw" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw", - "name": "psql-tumw", - "resource_group": "rg-tumw", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-tumw", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. From Azure Home select the Portal Menu. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for log_retention_days. 5. Input a value between 4 and 7 (inclusive) and click Save. From Azure CLI Use the below command to update log_retention_days configuration. az postgres server configuration set --resource-group -- server-name --name log_retention_days --value <4-7> From Powershell Use the below command to update log_retention_days configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_retention_days -Value <4-7>", - "references": [ - "https://learn.microsoft.com/en-us/rest/api/postgresql/singleserver/configurations/list-by-server?view=rest-postgresql-singleserver-2017-12-01&tabs=HTTP" - ] - }, - "risk_details": "Configuring log_retention_days determines the duration in days that Azure Database for PostgreSQL retains log files. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760900493, - "time_dt": "2025-10-19T19:01:33.799774", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - } -] diff --git a/website/src/data/test-results/finos-labs-ccc-cfi-compliance/azure-virtualnetwork/results/azure-virtualnetwork-delta.ocsf.json b/website/src/data/test-results/finos-labs-ccc-cfi-compliance/azure-virtualnetwork/results/azure-virtualnetwork-delta.ocsf.json deleted file mode 100644 index a4d59ae8..00000000 --- a/website/src/data/test-results/finos-labs-ccc-cfi-compliance/azure-virtualnetwork/results/azure-virtualnetwork-delta.ocsf.json +++ /dev/null @@ -1,325 +0,0 @@ -[ - { - "message": "Network Watcher NetworkWatcher_swedencentral from subscription Azure subscription 1 has no flow logs", - "metadata": { - "event_code": "network_flow_log_captured_sent", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Network Watcher NetworkWatcher_swedencentral from subscription Azure subscription 1 has no flow logs", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/security/benchmark/azure/mcsb-logging-threat-detection#lt-4-enable-network-logging-for-security-investigation", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "The impact of configuring NSG Flow logs is primarily one of cost and configuration. If deployed, it will create storage accounts that hold minimal amounts of data on a 5-day lifecycle before feeding to Log Analytics Workspace. This will increase the amount of data stored and used by Azure Monitor.", - "compliance": { - "ENS-RD2022": [ - "op.mon.1.r1.az.nf.1", - "op.mon.3.az.nw.1", - "mp.s.4.r1.az.nt.1" - ], - "MITRE-ATTACK": [ - "T1048", - "T1499" - ], - "CIS-2.0": [ - "5.1.6" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "ISO27001-2022": [ - "A.8.14", - "A.8.15", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "5.1.5" - ], - "CIS-3.0": [ - "6.1.5" - ], - "CCC": [ - "CCC.LB.CN01.AR02", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR01", - "CCC.Core.CN09.AR03", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR02", - "CCC.Core.CN04.AR03" - ], - "CIS-4.0": [ - "7.1.1.5" - ], - "NIS2": [ - "2.1.2.h", - "2.3.1", - "3.2.3.a", - "3.2.3.d", - "3.2.3.g", - "6.7.2.b", - "6.7.2.l", - "11.1.1", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900493, - "created_time_dt": "2025-10-19T19:01:33.799774", - "desc": "Ensure that network flow logs are captured and fed into a central log analytics workspace.", - "title": "Ensure that network flow logs are captured and fed into a central log analytics workspace.", - "types": [], - "uid": "prowler-azure-network_flow_log_captured_sent-3bb71587-4549-4396-8898-9e15f062e665-swedencentral-NetworkWatcher_swedencentral" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "swedencentral", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_swedencentral", - "name": "NetworkWatcher_swedencentral", - "location": "swedencentral", - "flow_logs": [] - } - }, - "group": { - "name": "network" - }, - "labels": [], - "name": "NetworkWatcher_swedencentral", - "type": "Network", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_swedencentral" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "swedencentral" - }, - "remediation": { - "desc": "1. Navigate to Network Watcher. 2. Select NSG flow logs. 3. Select + Create. 4. Select the desired Subscription. 5. Select + Select NSG. 6. Select a network security group. 7. Click Confirm selection. 8. Select or create a new Storage Account. 9. Input the retention in days to retain the log. 10. Click Next. 11. Under Configuration, select Version 2. 12. If rich analytics are required, select Enable Traffic Analytics, a processing interval, and a Log Analytics Workspace. 13. Select Next. 14. Optionally add Tags. 15. Select Review + create. 16. Select Create. Warning The remediation policy creates remediation deployment and names them by concatenating the subscription name and the resource group name. The MAXIMUM permitted length of a deployment name is 64 characters. Exceeding this will cause the remediation task to fail.", - "references": [ - "https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-nsg-flow-logging-portal" - ] - }, - "risk_details": "Network Flow Logs provide valuable insight into the flow of traffic around your network and feed into both Azure Monitor and Azure Sentinel (if in use), permitting the generation of visual flow diagrams to aid with analyzing for lateral movement, etc.", - "time": 1760900493, - "time_dt": "2025-10-19T19:01:33.799774", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Network Watcher NetworkWatcher_swedencentral from subscription Azure subscription 1 has no flow logs", - "metadata": { - "event_code": "network_flow_log_more_than_90_days", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Network Watcher NetworkWatcher_swedencentral from subscription Azure subscription 1 has no flow logs", - "status_id": 1, - "unmapped": { - "related_url": " https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-nsg-flow-logging-overview", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "This will keep IP traffic logs for longer than 90 days. As a level 2, first determine your need to retain data, then apply your selection here. As this is data stored for longer, your monthly storage costs will increase depending on your data use.", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.r3.az.nt.1", - "op.mon.3.az.nw.1" - ], - "MITRE-ATTACK": [ - "T1499" - ], - "CIS-2.0": [ - "6.5" - ], - "ProwlerThreatScore-1.0": [ - "3.2.1" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1", - "cc_c_1_2" - ], - "CIS-2.1": [ - "6.5" - ], - "CIS-3.0": [ - "7.5" - ], - "CCC": [ - "CCC.Logging.CN02.AR01", - "CCC.Logging.CN02.AR02", - "CCC.VPC.CN04.AR01" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.29", - "10.2.1.3.29", - "10.2.1.4.29", - "10.2.1.5.29", - "10.2.1.6.29", - "10.2.1.7.29", - "10.2.1.29", - "10.2.2.29", - "10.3.1.29", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.34" - ], - "CIS-4.0": [ - "8.8", - "8.5" - ], - "NIS2": [ - "1.1.1.c", - "2.1.2.h", - "2.3.1", - "3.2.3.a", - "3.2.3.g", - "3.2.5", - "4.1.2.g", - "4.1.4", - "4.2.2.f", - "6.1.2.b", - "6.7.2.b", - "6.7.2.l", - "11.1.1", - "11.2.2.f", - "12.2.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900493, - "created_time_dt": "2025-10-19T19:01:33.799774", - "desc": "Network Security Group Flow Logs should be enabled and the retention period set to greater than or equal to 90 days.", - "title": "Ensure that Network Security Group Flow Log retention period is 0, 90 days or greater", - "types": [], - "uid": "prowler-azure-network_flow_log_more_than_90_days-3bb71587-4549-4396-8898-9e15f062e665-swedencentral-NetworkWatcher_swedencentral" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "swedencentral", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_swedencentral", - "name": "NetworkWatcher_swedencentral", - "location": "swedencentral", - "flow_logs": [] - } - }, - "group": { - "name": "network" - }, - "labels": [], - "name": "NetworkWatcher_swedencentral", - "type": "Network", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_swedencentral" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "swedencentral" - }, - "remediation": { - "desc": "From Azure Portal 1. Go to Network Watcher 2. Select NSG flow logs blade in the Logs section 3. Select each Network Security Group from the list 4. Ensure Status is set to On 5. Ensure Retention (days) setting greater than 90 days 6. Select your storage account in the Storage account field 7. Select Save From Azure CLI Enable the NSG flow logs and set the Retention (days) to greater than or equal to 90 days. az network watcher flow-log configure --nsg --enabled true --resource-group --retention 91 --storage-account ", - "references": [ - "https://docs.microsoft.com/en-us/cli/azure/network/watcher/flow-log?view=azure-cli-latest" - ] - }, - "risk_details": "Flow logs enable capturing information about IP traffic flowing in and out of network security groups. Logs can be used to check for anomalies and give insight into suspected breaches.", - "time": 1760900493, - "time_dt": "2025-10-19T19:01:33.799774", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - } -] diff --git a/website/src/data/test-results/finos-labs-ccc-cfi-compliance/gcp-cloud-storage/config/gcp-cloud-storage.json b/website/src/data/test-results/finos-labs-ccc-cfi-compliance/gcp-cloud-storage/config/gcp-cloud-storage.json index 6f2becaf..3810a01c 100644 --- a/website/src/data/test-results/finos-labs-ccc-cfi-compliance/gcp-cloud-storage/config/gcp-cloud-storage.json +++ b/website/src/data/test-results/finos-labs-ccc-cfi-compliance/gcp-cloud-storage/config/gcp-cloud-storage.json @@ -5,5 +5,8 @@ "name": "CCC Google Cloud Storage Terraform Module", "description": "This module creates secure Google Cloud Storage buckets with encryption, versioning, lifecycle management, and advanced security features.", "path": "remote/gcp/cloudstorage", + "test-frameworks": [ + "cfi" + ], "git": "https://github.com/terraform-google-modules/terraform-google-cloud-storage" } \ No newline at end of file diff --git a/website/src/data/test-results/finos-labs-ccc-cfi-compliance/gcp-cloud-storage/results/gcp-cloud-storage-baseline.ocsf.json b/website/src/data/test-results/finos-labs-ccc-cfi-compliance/gcp-cloud-storage/results/gcp-cloud-storage-baseline.ocsf.json deleted file mode 100644 index db1c4f57..00000000 --- a/website/src/data/test-results/finos-labs-ccc-cfi-compliance/gcp-cloud-storage/results/gcp-cloud-storage-baseline.ocsf.json +++ /dev/null @@ -1,23865 +0,0 @@ -[ - { - "message": "AR Container Analysis is not enabled in project nodal-time-474015-p5.", - "metadata": { - "event_code": "artifacts_container_analysis_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "AR Container Analysis is not enabled in project nodal-time-474015-p5.", - "status_id": 1, - "unmapped": { - "related_url": "https://cloud.google.com/artifact-analysis/docs", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "By default, AR Container Analysis is disabled.", - "compliance": { - "SOC2": [ - "cc_3_1" - ], - "ENS-RD2022": [ - "op.exp.4.r4.gcp.log.1", - "op.mon.3.gcp.scc.1" - ], - "PCI-4.0": [ - "11.3.1.2.1", - "11.3.1.3.3", - "11.3.1.3" - ], - "MITRE-ATTACK": [ - "T1525" - ], - "NIS2": [ - "5.1.4.f", - "5.1.7.d", - "6.1.2.b", - "6.6.1.a", - "6.9.2", - "9.2.a" - ], - "CCC": [ - "CCC.CntrReg.CN01.AR01", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.MLDE.CN05.AR01", - "CCC.MLDE.CN05.AR02", - "CCC.MLDE.CN06.AR01" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900732, - "created_time_dt": "2025-10-19T19:05:32.768934", - "desc": "Scan images stored in Google Container Registry (GCR) for vulnerabilities using AR Container Analysis or a third-party provider. This helps identify and mitigate security risks associated with known vulnerabilities in container images.", - "title": "Ensure Image Vulnerability Analysis using AR Container Analysis or a third-party provider", - "types": [ - "Security", - "Configuration" - ], - "uid": "prowler-gcp-artifacts_container_analysis_enabled-nodal-time-474015-p5-global-AR Container Analysis" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "number": 784623368087, - "id": "nodal-time-474015-p5", - "name": "My First Project", - "organization": null, - "labels": {}, - "lifecycle_state": "ACTIVE" - } - }, - "group": { - "name": "artifacts" - }, - "labels": [], - "name": "AR Container Analysis", - "type": "Service", - "uid": "containeranalysis.googleapis.com" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "Enable vulnerability scanning for images stored in Artifact Registry using AR Container Analysis or a third-party provider.", - "references": [ - "https://cloud.google.com/artifact-analysis/docs/container-scanning-overview" - ] - }, - "risk_details": "Without image vulnerability scanning, container images stored in Artifact Registry may contain known vulnerabilities, increasing the risk of exploitation by malicious actors.", - "time": 1760900732, - "time_dt": "2025-10-19T19:05:32.768934", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Bucket cfi-logs-bucket-1fba850e is not publicly accessible.", - "metadata": { - "event_code": "cloudstorage_bucket_public_access", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Bucket cfi-logs-bucket-1fba850e is not publicly accessible.", - "status_id": 1, - "unmapped": { - "related_url": "https://www.trendmicro.com/cloudoneconformity/knowledge-base/gcp/CloudStorage/publicly-accessible-storage-buckets.html", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "5.1" - ], - "SOC2": [ - "cc_6_1" - ], - "ISO27001-2022": [ - "A.8.1", - "A.8.12" - ], - "ENS-RD2022": [ - "op.mon.3.r5.gcp.dm.1" - ], - "PCI-4.0": [ - "1.2.5.15", - "1.2.8.30", - "1.2.8.32", - "1.2.8.33", - "1.2.8.34", - "1.2.8.35", - "1.3.1.32", - "1.3.1.34", - "1.3.1.35", - "1.3.1.37", - "1.3.1.38", - "1.3.1.39", - "1.3.2.34", - "1.3.2.35", - "1.3.2.36", - "1.3.2.37", - "1.3.2.38", - "1.3.2.39", - "1.4.2.32", - "1.4.2.33", - "1.4.2.35", - "1.4.2.36", - "1.4.2.37", - "1.5.1.30", - "1.5.1.32", - "1.5.1.33", - "1.5.1.34", - "1.5.1.35", - "10.3.2.8", - "10.3.2.11", - "10.3.2.18", - "10.3.2.19", - "10.3.2.21", - "10.3.2.23", - "10.3.2.24", - "10.3.2.26", - "10.3.3.23", - "10.3.4.8", - "10.6.3.33", - "10.6.3.35", - "2.2.5.15", - "3.5.1.3.8", - "3.5.1.3.23", - "3.5.1.3.24", - "3.5.1.3.26", - "3.5.1.3.28", - "3.5.1.3.29", - "4.2.1.19", - "7.2.1.24", - "7.2.1.25", - "7.2.1.26", - "7.2.1.27", - "7.2.2.2", - "7.2.2.24", - "7.2.2.25", - "7.2.2.26", - "7.2.2.27", - "7.2.5.2", - "7.2.5.18", - "7.2.5.19", - "7.2.5.20", - "7.2.5.21", - "7.2.6.4", - "7.2.6.5", - "7.3.1.18", - "7.3.1.19", - "7.3.1.20", - "7.3.1.21", - "7.3.2.18", - "7.3.2.19", - "7.3.2.20", - "7.3.2.21", - "7.3.3.18", - "7.3.3.19", - "7.3.3.20", - "7.3.3.21", - "8.2.7.18", - "8.2.7.19", - "8.2.7.20", - "8.2.7.21", - "8.2.8.20", - "8.2.8.21", - "8.2.8.22", - "8.2.8.23", - "8.3.2.48", - "8.3.4.18", - "8.3.4.19", - "8.3.4.20", - "A1.1.2.4", - "A1.1.2.7", - "A1.1.2.14", - "A1.1.2.17", - "A1.1.2.19", - "A1.1.2.20", - "A1.1.2.22", - "A1.1.3.30", - "A1.1.3.31", - "A1.1.3.32", - "A1.1.3.33", - "A1.1.3.34", - "A1.1.3.35", - "A1.2.1.31", - "A3.4.1.4", - "A3.4.1.16", - "A3.4.1.19", - "A3.4.1.21", - "A3.4.1.22", - "A3.4.1.25" - ], - "MITRE-ATTACK": [ - "T1190" - ], - "CIS-2.0": [ - "5.1" - ], - "ProwlerThreatScore-1.0": [ - "2.2.1" - ], - "CIS-4.0": [ - "5.1" - ], - "CCC": [ - "CCC.AuditLog.CN04.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.AuditLog.CN10.AR01", - "CCC.AuditLog.CN10.AR02", - "CCC.Build.CN03.AR01", - "CCC.GenAI.CN03.AR01", - "CCC.GenAI.CN04.AR01", - "CCC.GenAI.CN08.AR01", - "CCC.Logging.CN05.AR01", - "CCC.Logging.CN05.AR02", - "CCC.MLDE.CN08.AR02", - "CCC.SvlsComp.CN01.AR01", - "CCC.Core.CN01.AR03", - "CCC.Core.CN03.AR02", - "CCC.Core.CN03.AR04", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900732, - "created_time_dt": "2025-10-19T19:05:32.768934", - "desc": "Ensure That Cloud Storage Bucket Is Not Anonymously or Publicly Accessible", - "title": "Ensure That Cloud Storage Bucket Is Not Anonymously or Publicly Accessible", - "types": [], - "uid": "prowler-gcp-cloudstorage_bucket_public_access-nodal-time-474015-p5-US-CENTRAL1-cfi-logs-bucket-1fba850e" - }, - "resources": [ - { - "region": "US-CENTRAL1", - "data": { - "details": "", - "metadata": { - "name": "cfi-logs-bucket-1fba850e", - "id": "cfi-logs-bucket-1fba850e", - "region": "US-CENTRAL1", - "uniform_bucket_level_access": true, - "public": false, - "project_id": "nodal-time-474015-p5", - "retention_policy": null - } - }, - "group": { - "name": "cloudstorage" - }, - "labels": [], - "name": "cfi-logs-bucket-1fba850e", - "type": "Bucket", - "uid": "cfi-logs-bucket-1fba850e" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "US-CENTRAL1" - }, - "remediation": { - "desc": "It is recommended that IAM policy on Cloud Storage bucket does not allows anonymous or public access.", - "references": [ - "https://cloud.google.com/storage/docs/access-control/iam-reference" - ] - }, - "risk_details": "Allowing anonymous or public access grants permissions to anyone to access bucket content. Such access might not be desired if you are storing any sensitive data. Hence, ensure that anonymous or public access to a bucket is not allowed.", - "time": 1760900732, - "time_dt": "2025-10-19T19:05:32.768934", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Bucket cfi-logs-bucket-7a427af0 is not publicly accessible.", - "metadata": { - "event_code": "cloudstorage_bucket_public_access", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Bucket cfi-logs-bucket-7a427af0 is not publicly accessible.", - "status_id": 1, - "unmapped": { - "related_url": "https://www.trendmicro.com/cloudoneconformity/knowledge-base/gcp/CloudStorage/publicly-accessible-storage-buckets.html", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "5.1" - ], - "SOC2": [ - "cc_6_1" - ], - "ISO27001-2022": [ - "A.8.1", - "A.8.12" - ], - "ENS-RD2022": [ - "op.mon.3.r5.gcp.dm.1" - ], - "PCI-4.0": [ - "1.2.5.15", - "1.2.8.30", - "1.2.8.32", - "1.2.8.33", - "1.2.8.34", - "1.2.8.35", - "1.3.1.32", - "1.3.1.34", - "1.3.1.35", - "1.3.1.37", - "1.3.1.38", - "1.3.1.39", - "1.3.2.34", - "1.3.2.35", - "1.3.2.36", - "1.3.2.37", - "1.3.2.38", - "1.3.2.39", - "1.4.2.32", - "1.4.2.33", - "1.4.2.35", - "1.4.2.36", - "1.4.2.37", - "1.5.1.30", - "1.5.1.32", - "1.5.1.33", - "1.5.1.34", - "1.5.1.35", - "10.3.2.8", - "10.3.2.11", - "10.3.2.18", - "10.3.2.19", - "10.3.2.21", - "10.3.2.23", - "10.3.2.24", - "10.3.2.26", - "10.3.3.23", - "10.3.4.8", - "10.6.3.33", - "10.6.3.35", - "2.2.5.15", - "3.5.1.3.8", - "3.5.1.3.23", - "3.5.1.3.24", - "3.5.1.3.26", - "3.5.1.3.28", - "3.5.1.3.29", - "4.2.1.19", - "7.2.1.24", - "7.2.1.25", - "7.2.1.26", - "7.2.1.27", - "7.2.2.2", - "7.2.2.24", - "7.2.2.25", - "7.2.2.26", - "7.2.2.27", - "7.2.5.2", - "7.2.5.18", - "7.2.5.19", - "7.2.5.20", - "7.2.5.21", - "7.2.6.4", - "7.2.6.5", - "7.3.1.18", - "7.3.1.19", - "7.3.1.20", - "7.3.1.21", - "7.3.2.18", - "7.3.2.19", - "7.3.2.20", - "7.3.2.21", - "7.3.3.18", - "7.3.3.19", - "7.3.3.20", - "7.3.3.21", - "8.2.7.18", - "8.2.7.19", - "8.2.7.20", - "8.2.7.21", - "8.2.8.20", - "8.2.8.21", - "8.2.8.22", - "8.2.8.23", - "8.3.2.48", - "8.3.4.18", - "8.3.4.19", - "8.3.4.20", - "A1.1.2.4", - "A1.1.2.7", - "A1.1.2.14", - "A1.1.2.17", - "A1.1.2.19", - "A1.1.2.20", - "A1.1.2.22", - "A1.1.3.30", - "A1.1.3.31", - "A1.1.3.32", - "A1.1.3.33", - "A1.1.3.34", - "A1.1.3.35", - "A1.2.1.31", - "A3.4.1.4", - "A3.4.1.16", - "A3.4.1.19", - "A3.4.1.21", - "A3.4.1.22", - "A3.4.1.25" - ], - "MITRE-ATTACK": [ - "T1190" - ], - "CIS-2.0": [ - "5.1" - ], - "ProwlerThreatScore-1.0": [ - "2.2.1" - ], - "CIS-4.0": [ - "5.1" - ], - "CCC": [ - "CCC.AuditLog.CN04.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.AuditLog.CN10.AR01", - "CCC.AuditLog.CN10.AR02", - "CCC.Build.CN03.AR01", - "CCC.GenAI.CN03.AR01", - "CCC.GenAI.CN04.AR01", - "CCC.GenAI.CN08.AR01", - "CCC.Logging.CN05.AR01", - "CCC.Logging.CN05.AR02", - "CCC.MLDE.CN08.AR02", - "CCC.SvlsComp.CN01.AR01", - "CCC.Core.CN01.AR03", - "CCC.Core.CN03.AR02", - "CCC.Core.CN03.AR04", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900732, - "created_time_dt": "2025-10-19T19:05:32.768934", - "desc": "Ensure That Cloud Storage Bucket Is Not Anonymously or Publicly Accessible", - "title": "Ensure That Cloud Storage Bucket Is Not Anonymously or Publicly Accessible", - "types": [], - "uid": "prowler-gcp-cloudstorage_bucket_public_access-nodal-time-474015-p5-US-CENTRAL1-cfi-logs-bucket-7a427af0" - }, - "resources": [ - { - "region": "US-CENTRAL1", - "data": { - "details": "", - "metadata": { - "name": "cfi-logs-bucket-7a427af0", - "id": "cfi-logs-bucket-7a427af0", - "region": "US-CENTRAL1", - "uniform_bucket_level_access": true, - "public": false, - "project_id": "nodal-time-474015-p5", - "retention_policy": null - } - }, - "group": { - "name": "cloudstorage" - }, - "labels": [], - "name": "cfi-logs-bucket-7a427af0", - "type": "Bucket", - "uid": "cfi-logs-bucket-7a427af0" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "US-CENTRAL1" - }, - "remediation": { - "desc": "It is recommended that IAM policy on Cloud Storage bucket does not allows anonymous or public access.", - "references": [ - "https://cloud.google.com/storage/docs/access-control/iam-reference" - ] - }, - "risk_details": "Allowing anonymous or public access grants permissions to anyone to access bucket content. Such access might not be desired if you are storing any sensitive data. Hence, ensure that anonymous or public access to a bucket is not allowed.", - "time": 1760900732, - "time_dt": "2025-10-19T19:05:32.768934", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Bucket cfi-logs-bucket-a1aaa547 is not publicly accessible.", - "metadata": { - "event_code": "cloudstorage_bucket_public_access", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Bucket cfi-logs-bucket-a1aaa547 is not publicly accessible.", - "status_id": 1, - "unmapped": { - "related_url": "https://www.trendmicro.com/cloudoneconformity/knowledge-base/gcp/CloudStorage/publicly-accessible-storage-buckets.html", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "5.1" - ], - "SOC2": [ - "cc_6_1" - ], - "ISO27001-2022": [ - "A.8.1", - "A.8.12" - ], - "ENS-RD2022": [ - "op.mon.3.r5.gcp.dm.1" - ], - "PCI-4.0": [ - "1.2.5.15", - "1.2.8.30", - "1.2.8.32", - "1.2.8.33", - "1.2.8.34", - "1.2.8.35", - "1.3.1.32", - "1.3.1.34", - "1.3.1.35", - "1.3.1.37", - "1.3.1.38", - "1.3.1.39", - "1.3.2.34", - "1.3.2.35", - "1.3.2.36", - "1.3.2.37", - "1.3.2.38", - "1.3.2.39", - "1.4.2.32", - "1.4.2.33", - "1.4.2.35", - "1.4.2.36", - "1.4.2.37", - "1.5.1.30", - "1.5.1.32", - "1.5.1.33", - "1.5.1.34", - "1.5.1.35", - "10.3.2.8", - "10.3.2.11", - "10.3.2.18", - "10.3.2.19", - "10.3.2.21", - "10.3.2.23", - "10.3.2.24", - "10.3.2.26", - "10.3.3.23", - "10.3.4.8", - "10.6.3.33", - "10.6.3.35", - "2.2.5.15", - "3.5.1.3.8", - "3.5.1.3.23", - "3.5.1.3.24", - "3.5.1.3.26", - "3.5.1.3.28", - "3.5.1.3.29", - "4.2.1.19", - "7.2.1.24", - "7.2.1.25", - "7.2.1.26", - "7.2.1.27", - "7.2.2.2", - "7.2.2.24", - "7.2.2.25", - "7.2.2.26", - "7.2.2.27", - "7.2.5.2", - "7.2.5.18", - "7.2.5.19", - "7.2.5.20", - "7.2.5.21", - "7.2.6.4", - "7.2.6.5", - "7.3.1.18", - "7.3.1.19", - "7.3.1.20", - "7.3.1.21", - "7.3.2.18", - "7.3.2.19", - "7.3.2.20", - "7.3.2.21", - "7.3.3.18", - "7.3.3.19", - "7.3.3.20", - "7.3.3.21", - "8.2.7.18", - "8.2.7.19", - "8.2.7.20", - "8.2.7.21", - "8.2.8.20", - "8.2.8.21", - "8.2.8.22", - "8.2.8.23", - "8.3.2.48", - "8.3.4.18", - "8.3.4.19", - "8.3.4.20", - "A1.1.2.4", - "A1.1.2.7", - "A1.1.2.14", - "A1.1.2.17", - "A1.1.2.19", - "A1.1.2.20", - "A1.1.2.22", - "A1.1.3.30", - "A1.1.3.31", - "A1.1.3.32", - "A1.1.3.33", - "A1.1.3.34", - "A1.1.3.35", - "A1.2.1.31", - "A3.4.1.4", - "A3.4.1.16", - "A3.4.1.19", - "A3.4.1.21", - "A3.4.1.22", - "A3.4.1.25" - ], - "MITRE-ATTACK": [ - "T1190" - ], - "CIS-2.0": [ - "5.1" - ], - "ProwlerThreatScore-1.0": [ - "2.2.1" - ], - "CIS-4.0": [ - "5.1" - ], - "CCC": [ - "CCC.AuditLog.CN04.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.AuditLog.CN10.AR01", - "CCC.AuditLog.CN10.AR02", - "CCC.Build.CN03.AR01", - "CCC.GenAI.CN03.AR01", - "CCC.GenAI.CN04.AR01", - "CCC.GenAI.CN08.AR01", - "CCC.Logging.CN05.AR01", - "CCC.Logging.CN05.AR02", - "CCC.MLDE.CN08.AR02", - "CCC.SvlsComp.CN01.AR01", - "CCC.Core.CN01.AR03", - "CCC.Core.CN03.AR02", - "CCC.Core.CN03.AR04", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900732, - "created_time_dt": "2025-10-19T19:05:32.768934", - "desc": "Ensure That Cloud Storage Bucket Is Not Anonymously or Publicly Accessible", - "title": "Ensure That Cloud Storage Bucket Is Not Anonymously or Publicly Accessible", - "types": [], - "uid": "prowler-gcp-cloudstorage_bucket_public_access-nodal-time-474015-p5-US-CENTRAL1-cfi-logs-bucket-a1aaa547" - }, - "resources": [ - { - "region": "US-CENTRAL1", - "data": { - "details": "", - "metadata": { - "name": "cfi-logs-bucket-a1aaa547", - "id": "cfi-logs-bucket-a1aaa547", - "region": "US-CENTRAL1", - "uniform_bucket_level_access": true, - "public": false, - "project_id": "nodal-time-474015-p5", - "retention_policy": null - } - }, - "group": { - "name": "cloudstorage" - }, - "labels": [], - "name": "cfi-logs-bucket-a1aaa547", - "type": "Bucket", - "uid": "cfi-logs-bucket-a1aaa547" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "US-CENTRAL1" - }, - "remediation": { - "desc": "It is recommended that IAM policy on Cloud Storage bucket does not allows anonymous or public access.", - "references": [ - "https://cloud.google.com/storage/docs/access-control/iam-reference" - ] - }, - "risk_details": "Allowing anonymous or public access grants permissions to anyone to access bucket content. Such access might not be desired if you are storing any sensitive data. Hence, ensure that anonymous or public access to a bucket is not allowed.", - "time": 1760900732, - "time_dt": "2025-10-19T19:05:32.768934", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Bucket cfi-logs-bucket-1fba850e has uniform Bucket Level Access enabled.", - "metadata": { - "event_code": "cloudstorage_bucket_uniform_bucket_level_access", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Bucket cfi-logs-bucket-1fba850e has uniform Bucket Level Access enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "5.2" - ], - "PCI-4.0": [ - "1.2.5.15", - "1.2.8.33", - "1.2.8.34", - "1.2.8.35", - "1.3.1.34", - "1.3.1.37", - "1.3.1.38", - "1.3.1.39", - "1.3.2.34", - "1.3.2.37", - "1.3.2.38", - "1.3.2.39", - "1.4.2.32", - "1.4.2.35", - "1.4.2.36", - "1.4.2.37", - "1.5.1.30", - "1.5.1.33", - "1.5.1.34", - "1.5.1.35", - "10.3.2.11", - "10.3.2.18", - "10.3.2.21", - "10.3.2.23", - "10.3.2.24", - "10.3.2.26", - "10.3.3.23", - "10.3.4.8", - "10.6.3.33", - "10.6.3.35", - "2.2.5.15", - "2.2.7.19", - "3.5.1.3.23", - "3.5.1.3.26", - "3.5.1.3.28", - "3.5.1.3.29", - "3.5.1.30", - "4.2.1.1.27", - "4.2.1.19", - "7.2.1.24", - "7.2.1.25", - "7.2.1.26", - "7.2.1.27", - "7.2.2.24", - "7.2.2.25", - "7.2.2.26", - "7.2.2.27", - "7.2.5.18", - "7.2.5.19", - "7.2.5.20", - "7.2.5.21", - "7.2.6.4", - "7.2.6.5", - "7.3.1.18", - "7.3.1.19", - "7.3.1.20", - "7.3.1.21", - "7.3.2.18", - "7.3.2.19", - "7.3.2.20", - "7.3.2.21", - "7.3.3.18", - "7.3.3.19", - "7.3.3.20", - "7.3.3.21", - "8.2.7.18", - "8.2.7.19", - "8.2.7.20", - "8.2.7.21", - "8.2.8.20", - "8.2.8.21", - "8.2.8.22", - "8.2.8.23", - "8.3.2.48", - "8.3.4.18", - "8.3.4.19", - "8.3.4.20", - "8.3.4.21", - "A1.1.2.14", - "A1.1.2.17", - "A1.1.2.19", - "A1.1.2.20", - "A1.1.3.30", - "A1.1.3.33", - "A1.1.3.34", - "A1.1.3.35", - "A1.2.1.31", - "A3.4.1.16", - "A3.4.1.19", - "A3.4.1.21", - "A3.4.1.22" - ], - "CIS-2.0": [ - "5.2" - ], - "CIS-4.0": [ - "5.2" - ], - "CCC": [ - "CCC.AuditLog.CN04.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.AuditLog.CN10.AR01", - "CCC.AuditLog.CN10.AR02", - "CCC.GenAI.CN03.AR01", - "CCC.GenAI.CN04.AR01", - "CCC.Logging.CN05.AR01", - "CCC.Logging.CN05.AR02", - "CCC.ObjStor.CN02.AR01", - "CCC.ObjStor.CN02.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900732, - "created_time_dt": "2025-10-19T19:05:32.768934", - "desc": "Ensure That Cloud Storage Buckets Have Uniform Bucket-Level Access Enabled", - "title": "Ensure That Cloud Storage Buckets Have Uniform Bucket-Level Access Enabled", - "types": [], - "uid": "prowler-gcp-cloudstorage_bucket_uniform_bucket_level_access-nodal-time-474015-p5-US-CENTRAL1-cfi-logs-bucket-1fba850e" - }, - "resources": [ - { - "region": "US-CENTRAL1", - "data": { - "details": "", - "metadata": { - "name": "cfi-logs-bucket-1fba850e", - "id": "cfi-logs-bucket-1fba850e", - "region": "US-CENTRAL1", - "uniform_bucket_level_access": true, - "public": false, - "project_id": "nodal-time-474015-p5", - "retention_policy": null - } - }, - "group": { - "name": "cloudstorage" - }, - "labels": [], - "name": "cfi-logs-bucket-1fba850e", - "type": "Bucket", - "uid": "cfi-logs-bucket-1fba850e" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "US-CENTRAL1" - }, - "remediation": { - "desc": "It is recommended that uniform bucket-level access is enabled on Cloud Storage buckets.", - "references": [ - "https://cloud.google.com/storage/docs/using-uniform-bucket-level-access" - ] - }, - "risk_details": "Enabling uniform bucket-level access guarantees that if a Storage bucket is not publicly accessible, no object in the bucket is publicly accessible either.", - "time": 1760900732, - "time_dt": "2025-10-19T19:05:32.768934", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Bucket cfi-logs-bucket-7a427af0 has uniform Bucket Level Access enabled.", - "metadata": { - "event_code": "cloudstorage_bucket_uniform_bucket_level_access", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Bucket cfi-logs-bucket-7a427af0 has uniform Bucket Level Access enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "5.2" - ], - "PCI-4.0": [ - "1.2.5.15", - "1.2.8.33", - "1.2.8.34", - "1.2.8.35", - "1.3.1.34", - "1.3.1.37", - "1.3.1.38", - "1.3.1.39", - "1.3.2.34", - "1.3.2.37", - "1.3.2.38", - "1.3.2.39", - "1.4.2.32", - "1.4.2.35", - "1.4.2.36", - "1.4.2.37", - "1.5.1.30", - "1.5.1.33", - "1.5.1.34", - "1.5.1.35", - "10.3.2.11", - "10.3.2.18", - "10.3.2.21", - "10.3.2.23", - "10.3.2.24", - "10.3.2.26", - "10.3.3.23", - "10.3.4.8", - "10.6.3.33", - "10.6.3.35", - "2.2.5.15", - "2.2.7.19", - "3.5.1.3.23", - "3.5.1.3.26", - "3.5.1.3.28", - "3.5.1.3.29", - "3.5.1.30", - "4.2.1.1.27", - "4.2.1.19", - "7.2.1.24", - "7.2.1.25", - "7.2.1.26", - "7.2.1.27", - "7.2.2.24", - "7.2.2.25", - "7.2.2.26", - "7.2.2.27", - "7.2.5.18", - "7.2.5.19", - "7.2.5.20", - "7.2.5.21", - "7.2.6.4", - "7.2.6.5", - "7.3.1.18", - "7.3.1.19", - "7.3.1.20", - "7.3.1.21", - "7.3.2.18", - "7.3.2.19", - "7.3.2.20", - "7.3.2.21", - "7.3.3.18", - "7.3.3.19", - "7.3.3.20", - "7.3.3.21", - "8.2.7.18", - "8.2.7.19", - "8.2.7.20", - "8.2.7.21", - "8.2.8.20", - "8.2.8.21", - "8.2.8.22", - "8.2.8.23", - "8.3.2.48", - "8.3.4.18", - "8.3.4.19", - "8.3.4.20", - "8.3.4.21", - "A1.1.2.14", - "A1.1.2.17", - "A1.1.2.19", - "A1.1.2.20", - "A1.1.3.30", - "A1.1.3.33", - "A1.1.3.34", - "A1.1.3.35", - "A1.2.1.31", - "A3.4.1.16", - "A3.4.1.19", - "A3.4.1.21", - "A3.4.1.22" - ], - "CIS-2.0": [ - "5.2" - ], - "CIS-4.0": [ - "5.2" - ], - "CCC": [ - "CCC.AuditLog.CN04.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.AuditLog.CN10.AR01", - "CCC.AuditLog.CN10.AR02", - "CCC.GenAI.CN03.AR01", - "CCC.GenAI.CN04.AR01", - "CCC.Logging.CN05.AR01", - "CCC.Logging.CN05.AR02", - "CCC.ObjStor.CN02.AR01", - "CCC.ObjStor.CN02.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900732, - "created_time_dt": "2025-10-19T19:05:32.768934", - "desc": "Ensure That Cloud Storage Buckets Have Uniform Bucket-Level Access Enabled", - "title": "Ensure That Cloud Storage Buckets Have Uniform Bucket-Level Access Enabled", - "types": [], - "uid": "prowler-gcp-cloudstorage_bucket_uniform_bucket_level_access-nodal-time-474015-p5-US-CENTRAL1-cfi-logs-bucket-7a427af0" - }, - "resources": [ - { - "region": "US-CENTRAL1", - "data": { - "details": "", - "metadata": { - "name": "cfi-logs-bucket-7a427af0", - "id": "cfi-logs-bucket-7a427af0", - "region": "US-CENTRAL1", - "uniform_bucket_level_access": true, - "public": false, - "project_id": "nodal-time-474015-p5", - "retention_policy": null - } - }, - "group": { - "name": "cloudstorage" - }, - "labels": [], - "name": "cfi-logs-bucket-7a427af0", - "type": "Bucket", - "uid": "cfi-logs-bucket-7a427af0" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "US-CENTRAL1" - }, - "remediation": { - "desc": "It is recommended that uniform bucket-level access is enabled on Cloud Storage buckets.", - "references": [ - "https://cloud.google.com/storage/docs/using-uniform-bucket-level-access" - ] - }, - "risk_details": "Enabling uniform bucket-level access guarantees that if a Storage bucket is not publicly accessible, no object in the bucket is publicly accessible either.", - "time": 1760900732, - "time_dt": "2025-10-19T19:05:32.768934", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Bucket cfi-logs-bucket-a1aaa547 has uniform Bucket Level Access enabled.", - "metadata": { - "event_code": "cloudstorage_bucket_uniform_bucket_level_access", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Bucket cfi-logs-bucket-a1aaa547 has uniform Bucket Level Access enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "5.2" - ], - "PCI-4.0": [ - "1.2.5.15", - "1.2.8.33", - "1.2.8.34", - "1.2.8.35", - "1.3.1.34", - "1.3.1.37", - "1.3.1.38", - "1.3.1.39", - "1.3.2.34", - "1.3.2.37", - "1.3.2.38", - "1.3.2.39", - "1.4.2.32", - "1.4.2.35", - "1.4.2.36", - "1.4.2.37", - "1.5.1.30", - "1.5.1.33", - "1.5.1.34", - "1.5.1.35", - "10.3.2.11", - "10.3.2.18", - "10.3.2.21", - "10.3.2.23", - "10.3.2.24", - "10.3.2.26", - "10.3.3.23", - "10.3.4.8", - "10.6.3.33", - "10.6.3.35", - "2.2.5.15", - "2.2.7.19", - "3.5.1.3.23", - "3.5.1.3.26", - "3.5.1.3.28", - "3.5.1.3.29", - "3.5.1.30", - "4.2.1.1.27", - "4.2.1.19", - "7.2.1.24", - "7.2.1.25", - "7.2.1.26", - "7.2.1.27", - "7.2.2.24", - "7.2.2.25", - "7.2.2.26", - "7.2.2.27", - "7.2.5.18", - "7.2.5.19", - "7.2.5.20", - "7.2.5.21", - "7.2.6.4", - "7.2.6.5", - "7.3.1.18", - "7.3.1.19", - "7.3.1.20", - "7.3.1.21", - "7.3.2.18", - "7.3.2.19", - "7.3.2.20", - "7.3.2.21", - "7.3.3.18", - "7.3.3.19", - "7.3.3.20", - "7.3.3.21", - "8.2.7.18", - "8.2.7.19", - "8.2.7.20", - "8.2.7.21", - "8.2.8.20", - "8.2.8.21", - "8.2.8.22", - "8.2.8.23", - "8.3.2.48", - "8.3.4.18", - "8.3.4.19", - "8.3.4.20", - "8.3.4.21", - "A1.1.2.14", - "A1.1.2.17", - "A1.1.2.19", - "A1.1.2.20", - "A1.1.3.30", - "A1.1.3.33", - "A1.1.3.34", - "A1.1.3.35", - "A1.2.1.31", - "A3.4.1.16", - "A3.4.1.19", - "A3.4.1.21", - "A3.4.1.22" - ], - "CIS-2.0": [ - "5.2" - ], - "CIS-4.0": [ - "5.2" - ], - "CCC": [ - "CCC.AuditLog.CN04.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.AuditLog.CN10.AR01", - "CCC.AuditLog.CN10.AR02", - "CCC.GenAI.CN03.AR01", - "CCC.GenAI.CN04.AR01", - "CCC.Logging.CN05.AR01", - "CCC.Logging.CN05.AR02", - "CCC.ObjStor.CN02.AR01", - "CCC.ObjStor.CN02.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900732, - "created_time_dt": "2025-10-19T19:05:32.768934", - "desc": "Ensure That Cloud Storage Buckets Have Uniform Bucket-Level Access Enabled", - "title": "Ensure That Cloud Storage Buckets Have Uniform Bucket-Level Access Enabled", - "types": [], - "uid": "prowler-gcp-cloudstorage_bucket_uniform_bucket_level_access-nodal-time-474015-p5-US-CENTRAL1-cfi-logs-bucket-a1aaa547" - }, - "resources": [ - { - "region": "US-CENTRAL1", - "data": { - "details": "", - "metadata": { - "name": "cfi-logs-bucket-a1aaa547", - "id": "cfi-logs-bucket-a1aaa547", - "region": "US-CENTRAL1", - "uniform_bucket_level_access": true, - "public": false, - "project_id": "nodal-time-474015-p5", - "retention_policy": null - } - }, - "group": { - "name": "cloudstorage" - }, - "labels": [], - "name": "cfi-logs-bucket-a1aaa547", - "type": "Bucket", - "uid": "cfi-logs-bucket-a1aaa547" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "US-CENTRAL1" - }, - "remediation": { - "desc": "It is recommended that uniform bucket-level access is enabled on Cloud Storage buckets.", - "references": [ - "https://cloud.google.com/storage/docs/using-uniform-bucket-level-access" - ] - }, - "risk_details": "Enabling uniform bucket-level access guarantees that if a Storage bucket is not publicly accessible, no object in the bucket is publicly accessible either.", - "time": 1760900732, - "time_dt": "2025-10-19T19:05:32.768934", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Firewall default-allow-icmp does not expose port 3389 (RDP) to the internet.", - "metadata": { - "event_code": "compute_firewall_rdp_access_from_the_internet_allowed", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "PASS", - "status_detail": "Firewall default-allow-icmp does not expose port 3389 (RDP) to the internet.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.7" - ], - "SOC2": [ - "cc_6_6", - "cc_6_7" - ], - "ISO27001-2022": [ - "A.8.20" - ], - "ENS-RD2022": [ - "mp.com.1.gcp.fw.1" - ], - "PCI-4.0": [ - "1.2.5.17", - "1.2.8.21", - "1.2.8.41", - "1.3.1.24", - "1.3.2.24", - "1.3.2.45", - "1.4.2.19", - "1.4.2.22", - "1.5.1.21", - "1.5.1.40", - "10.3.2.12", - "2.2.5.17", - "3.5.1.3.14", - "A1.1.2.8", - "A1.1.3.16", - "A1.1.3.21", - "A1.1.3.40" - ], - "MITRE-ATTACK": [ - "T1190", - "T1199", - "T1048", - "T1498", - "T1046" - ], - "CIS-2.0": [ - "3.7" - ], - "NIS2": [ - "1.1.1.c", - "1.2.1", - "2.1.2.e", - "2.1.2.g", - "2.2.1", - "2.3.1", - "6.7.2.b", - "6.7.2.i", - "11.1.1", - "12.2.2.c" - ], - "ProwlerThreatScore-1.0": [ - "2.1.5" - ], - "CIS-4.0": [ - "3.7" - ], - "CCC": [ - "CCC.Build.CN03.AR01", - "CCC.DataWar.CN03.AR01", - "CCC.GenAI.CN04.AR01", - "CCC.MLDE.CN03.AR02", - "CCC.MLDE.CN04.AR02", - "CCC.MLDE.CN05.AR02", - "CCC.MLDE.CN07.AR01", - "CCC.MLDE.CN07.AR02", - "CCC.MLDE.CN08.AR01", - "CCC.MLDE.CN08.AR02", - "CCC.SvlsComp.CN01.AR01", - "CCC.Core.CN01.AR03", - "CCC.Core.CN01.AR07", - "CCC.Core.CN03.AR02", - "CCC.Core.CN03.AR04", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900732, - "created_time_dt": "2025-10-19T19:05:32.768934", - "desc": "GCP `Firewall Rules` are specific to a `VPC Network`. Each rule either `allows` or `denies` traffic when its conditions are met. Its conditions allow users to specify the type of traffic, such as ports and protocols, and the source or destination of the traffic, including IP addresses, subnets, and instances. Firewall rules are defined at the VPC network level and are specific to the network in which they are defined. The rules themselves cannot be shared among networks. Firewall rules only support IPv4 traffic. When specifying a source for an ingress rule or a destination for an egress rule by address, an `IPv4` address or `IPv4 block in CIDR` notation can be used. Generic `(0.0.0.0/0)` incoming traffic from the Internet to a VPC or VM instance using `RDP` on `Port 3389` can be avoided.", - "title": "Ensure That RDP Access Is Restricted From the Internet", - "types": [], - "uid": "prowler-gcp-compute_firewall_rdp_access_from_the_internet_allowed-nodal-time-474015-p5-global-default-allow-icmp" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "default-allow-icmp", - "id": "613284056905897095", - "source_ranges": [ - "0.0.0.0/0" - ], - "direction": "INGRESS", - "allowed_rules": [ - { - "IPProtocol": "icmp" - } - ], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default-allow-icmp", - "type": "FirewallRule", - "uid": "613284056905897095" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "Ensure that Google Cloud Virtual Private Cloud (VPC) firewall rules do not allow unrestricted access (i.e. 0.0.0.0/0) on TCP port 3389 in order to restrict Remote Desktop Protocol (RDP) traffic to trusted IP addresses or IP ranges only and reduce the attack surface. TCP port 3389 is used for secure remote GUI login to Windows VM instances by connecting a RDP client application with an RDP server.", - "references": [ - "https://cloud.google.com/vpc/docs/using-firewalls" - ] - }, - "risk_details": "Allowing unrestricted Remote Desktop Protocol (RDP) access can increase opportunities for malicious activities such as hacking, Man-In-The-Middle attacks (MITM) and Pass-The-Hash (PTH) attacks.", - "time": 1760900732, - "time_dt": "2025-10-19T19:05:32.768934", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Firewall default-allow-internal does not expose port 3389 (RDP) to the internet.", - "metadata": { - "event_code": "compute_firewall_rdp_access_from_the_internet_allowed", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "PASS", - "status_detail": "Firewall default-allow-internal does not expose port 3389 (RDP) to the internet.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.7" - ], - "SOC2": [ - "cc_6_6", - "cc_6_7" - ], - "ISO27001-2022": [ - "A.8.20" - ], - "ENS-RD2022": [ - "mp.com.1.gcp.fw.1" - ], - "PCI-4.0": [ - "1.2.5.17", - "1.2.8.21", - "1.2.8.41", - "1.3.1.24", - "1.3.2.24", - "1.3.2.45", - "1.4.2.19", - "1.4.2.22", - "1.5.1.21", - "1.5.1.40", - "10.3.2.12", - "2.2.5.17", - "3.5.1.3.14", - "A1.1.2.8", - "A1.1.3.16", - "A1.1.3.21", - "A1.1.3.40" - ], - "MITRE-ATTACK": [ - "T1190", - "T1199", - "T1048", - "T1498", - "T1046" - ], - "CIS-2.0": [ - "3.7" - ], - "NIS2": [ - "1.1.1.c", - "1.2.1", - "2.1.2.e", - "2.1.2.g", - "2.2.1", - "2.3.1", - "6.7.2.b", - "6.7.2.i", - "11.1.1", - "12.2.2.c" - ], - "ProwlerThreatScore-1.0": [ - "2.1.5" - ], - "CIS-4.0": [ - "3.7" - ], - "CCC": [ - "CCC.Build.CN03.AR01", - "CCC.DataWar.CN03.AR01", - "CCC.GenAI.CN04.AR01", - "CCC.MLDE.CN03.AR02", - "CCC.MLDE.CN04.AR02", - "CCC.MLDE.CN05.AR02", - "CCC.MLDE.CN07.AR01", - "CCC.MLDE.CN07.AR02", - "CCC.MLDE.CN08.AR01", - "CCC.MLDE.CN08.AR02", - "CCC.SvlsComp.CN01.AR01", - "CCC.Core.CN01.AR03", - "CCC.Core.CN01.AR07", - "CCC.Core.CN03.AR02", - "CCC.Core.CN03.AR04", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900732, - "created_time_dt": "2025-10-19T19:05:32.768934", - "desc": "GCP `Firewall Rules` are specific to a `VPC Network`. Each rule either `allows` or `denies` traffic when its conditions are met. Its conditions allow users to specify the type of traffic, such as ports and protocols, and the source or destination of the traffic, including IP addresses, subnets, and instances. Firewall rules are defined at the VPC network level and are specific to the network in which they are defined. The rules themselves cannot be shared among networks. Firewall rules only support IPv4 traffic. When specifying a source for an ingress rule or a destination for an egress rule by address, an `IPv4` address or `IPv4 block in CIDR` notation can be used. Generic `(0.0.0.0/0)` incoming traffic from the Internet to a VPC or VM instance using `RDP` on `Port 3389` can be avoided.", - "title": "Ensure That RDP Access Is Restricted From the Internet", - "types": [], - "uid": "prowler-gcp-compute_firewall_rdp_access_from_the_internet_allowed-nodal-time-474015-p5-global-default-allow-internal" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "default-allow-internal", - "id": "7344732286417982599", - "source_ranges": [ - "10.128.0.0/9" - ], - "direction": "INGRESS", - "allowed_rules": [ - { - "IPProtocol": "tcp", - "ports": [ - "0-65535" - ] - }, - { - "IPProtocol": "udp", - "ports": [ - "0-65535" - ] - }, - { - "IPProtocol": "icmp" - } - ], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default-allow-internal", - "type": "FirewallRule", - "uid": "7344732286417982599" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "Ensure that Google Cloud Virtual Private Cloud (VPC) firewall rules do not allow unrestricted access (i.e. 0.0.0.0/0) on TCP port 3389 in order to restrict Remote Desktop Protocol (RDP) traffic to trusted IP addresses or IP ranges only and reduce the attack surface. TCP port 3389 is used for secure remote GUI login to Windows VM instances by connecting a RDP client application with an RDP server.", - "references": [ - "https://cloud.google.com/vpc/docs/using-firewalls" - ] - }, - "risk_details": "Allowing unrestricted Remote Desktop Protocol (RDP) access can increase opportunities for malicious activities such as hacking, Man-In-The-Middle attacks (MITM) and Pass-The-Hash (PTH) attacks.", - "time": 1760900732, - "time_dt": "2025-10-19T19:05:32.768934", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Firewall default-allow-rdp does exposes port 3389 (RDP) to the internet.", - "metadata": { - "event_code": "compute_firewall_rdp_access_from_the_internet_allowed", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "FAIL", - "status_detail": "Firewall default-allow-rdp does exposes port 3389 (RDP) to the internet.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.7" - ], - "SOC2": [ - "cc_6_6", - "cc_6_7" - ], - "ISO27001-2022": [ - "A.8.20" - ], - "ENS-RD2022": [ - "mp.com.1.gcp.fw.1" - ], - "PCI-4.0": [ - "1.2.5.17", - "1.2.8.21", - "1.2.8.41", - "1.3.1.24", - "1.3.2.24", - "1.3.2.45", - "1.4.2.19", - "1.4.2.22", - "1.5.1.21", - "1.5.1.40", - "10.3.2.12", - "2.2.5.17", - "3.5.1.3.14", - "A1.1.2.8", - "A1.1.3.16", - "A1.1.3.21", - "A1.1.3.40" - ], - "MITRE-ATTACK": [ - "T1190", - "T1199", - "T1048", - "T1498", - "T1046" - ], - "CIS-2.0": [ - "3.7" - ], - "NIS2": [ - "1.1.1.c", - "1.2.1", - "2.1.2.e", - "2.1.2.g", - "2.2.1", - "2.3.1", - "6.7.2.b", - "6.7.2.i", - "11.1.1", - "12.2.2.c" - ], - "ProwlerThreatScore-1.0": [ - "2.1.5" - ], - "CIS-4.0": [ - "3.7" - ], - "CCC": [ - "CCC.Build.CN03.AR01", - "CCC.DataWar.CN03.AR01", - "CCC.GenAI.CN04.AR01", - "CCC.MLDE.CN03.AR02", - "CCC.MLDE.CN04.AR02", - "CCC.MLDE.CN05.AR02", - "CCC.MLDE.CN07.AR01", - "CCC.MLDE.CN07.AR02", - "CCC.MLDE.CN08.AR01", - "CCC.MLDE.CN08.AR02", - "CCC.SvlsComp.CN01.AR01", - "CCC.Core.CN01.AR03", - "CCC.Core.CN01.AR07", - "CCC.Core.CN03.AR02", - "CCC.Core.CN03.AR04", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900732, - "created_time_dt": "2025-10-19T19:05:32.768934", - "desc": "GCP `Firewall Rules` are specific to a `VPC Network`. Each rule either `allows` or `denies` traffic when its conditions are met. Its conditions allow users to specify the type of traffic, such as ports and protocols, and the source or destination of the traffic, including IP addresses, subnets, and instances. Firewall rules are defined at the VPC network level and are specific to the network in which they are defined. The rules themselves cannot be shared among networks. Firewall rules only support IPv4 traffic. When specifying a source for an ingress rule or a destination for an egress rule by address, an `IPv4` address or `IPv4 block in CIDR` notation can be used. Generic `(0.0.0.0/0)` incoming traffic from the Internet to a VPC or VM instance using `RDP` on `Port 3389` can be avoided.", - "title": "Ensure That RDP Access Is Restricted From the Internet", - "types": [], - "uid": "prowler-gcp-compute_firewall_rdp_access_from_the_internet_allowed-nodal-time-474015-p5-global-default-allow-rdp" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "default-allow-rdp", - "id": "438688946219209863", - "source_ranges": [ - "0.0.0.0/0" - ], - "direction": "INGRESS", - "allowed_rules": [ - { - "IPProtocol": "tcp", - "ports": [ - "3389" - ] - } - ], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default-allow-rdp", - "type": "FirewallRule", - "uid": "438688946219209863" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "Ensure that Google Cloud Virtual Private Cloud (VPC) firewall rules do not allow unrestricted access (i.e. 0.0.0.0/0) on TCP port 3389 in order to restrict Remote Desktop Protocol (RDP) traffic to trusted IP addresses or IP ranges only and reduce the attack surface. TCP port 3389 is used for secure remote GUI login to Windows VM instances by connecting a RDP client application with an RDP server.", - "references": [ - "https://cloud.google.com/vpc/docs/using-firewalls" - ] - }, - "risk_details": "Allowing unrestricted Remote Desktop Protocol (RDP) access can increase opportunities for malicious activities such as hacking, Man-In-The-Middle attacks (MITM) and Pass-The-Hash (PTH) attacks.", - "time": 1760900732, - "time_dt": "2025-10-19T19:05:32.768934", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Firewall default-allow-ssh does not expose port 3389 (RDP) to the internet.", - "metadata": { - "event_code": "compute_firewall_rdp_access_from_the_internet_allowed", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "PASS", - "status_detail": "Firewall default-allow-ssh does not expose port 3389 (RDP) to the internet.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.7" - ], - "SOC2": [ - "cc_6_6", - "cc_6_7" - ], - "ISO27001-2022": [ - "A.8.20" - ], - "ENS-RD2022": [ - "mp.com.1.gcp.fw.1" - ], - "PCI-4.0": [ - "1.2.5.17", - "1.2.8.21", - "1.2.8.41", - "1.3.1.24", - "1.3.2.24", - "1.3.2.45", - "1.4.2.19", - "1.4.2.22", - "1.5.1.21", - "1.5.1.40", - "10.3.2.12", - "2.2.5.17", - "3.5.1.3.14", - "A1.1.2.8", - "A1.1.3.16", - "A1.1.3.21", - "A1.1.3.40" - ], - "MITRE-ATTACK": [ - "T1190", - "T1199", - "T1048", - "T1498", - "T1046" - ], - "CIS-2.0": [ - "3.7" - ], - "NIS2": [ - "1.1.1.c", - "1.2.1", - "2.1.2.e", - "2.1.2.g", - "2.2.1", - "2.3.1", - "6.7.2.b", - "6.7.2.i", - "11.1.1", - "12.2.2.c" - ], - "ProwlerThreatScore-1.0": [ - "2.1.5" - ], - "CIS-4.0": [ - "3.7" - ], - "CCC": [ - "CCC.Build.CN03.AR01", - "CCC.DataWar.CN03.AR01", - "CCC.GenAI.CN04.AR01", - "CCC.MLDE.CN03.AR02", - "CCC.MLDE.CN04.AR02", - "CCC.MLDE.CN05.AR02", - "CCC.MLDE.CN07.AR01", - "CCC.MLDE.CN07.AR02", - "CCC.MLDE.CN08.AR01", - "CCC.MLDE.CN08.AR02", - "CCC.SvlsComp.CN01.AR01", - "CCC.Core.CN01.AR03", - "CCC.Core.CN01.AR07", - "CCC.Core.CN03.AR02", - "CCC.Core.CN03.AR04", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900732, - "created_time_dt": "2025-10-19T19:05:32.768934", - "desc": "GCP `Firewall Rules` are specific to a `VPC Network`. Each rule either `allows` or `denies` traffic when its conditions are met. Its conditions allow users to specify the type of traffic, such as ports and protocols, and the source or destination of the traffic, including IP addresses, subnets, and instances. Firewall rules are defined at the VPC network level and are specific to the network in which they are defined. The rules themselves cannot be shared among networks. Firewall rules only support IPv4 traffic. When specifying a source for an ingress rule or a destination for an egress rule by address, an `IPv4` address or `IPv4 block in CIDR` notation can be used. Generic `(0.0.0.0/0)` incoming traffic from the Internet to a VPC or VM instance using `RDP` on `Port 3389` can be avoided.", - "title": "Ensure That RDP Access Is Restricted From the Internet", - "types": [], - "uid": "prowler-gcp-compute_firewall_rdp_access_from_the_internet_allowed-nodal-time-474015-p5-global-default-allow-ssh" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "default-allow-ssh", - "id": "4612266095473677447", - "source_ranges": [ - "0.0.0.0/0" - ], - "direction": "INGRESS", - "allowed_rules": [ - { - "IPProtocol": "tcp", - "ports": [ - "22" - ] - } - ], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default-allow-ssh", - "type": "FirewallRule", - "uid": "4612266095473677447" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "Ensure that Google Cloud Virtual Private Cloud (VPC) firewall rules do not allow unrestricted access (i.e. 0.0.0.0/0) on TCP port 3389 in order to restrict Remote Desktop Protocol (RDP) traffic to trusted IP addresses or IP ranges only and reduce the attack surface. TCP port 3389 is used for secure remote GUI login to Windows VM instances by connecting a RDP client application with an RDP server.", - "references": [ - "https://cloud.google.com/vpc/docs/using-firewalls" - ] - }, - "risk_details": "Allowing unrestricted Remote Desktop Protocol (RDP) access can increase opportunities for malicious activities such as hacking, Man-In-The-Middle attacks (MITM) and Pass-The-Hash (PTH) attacks.", - "time": 1760900732, - "time_dt": "2025-10-19T19:05:32.768934", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Firewall default-allow-icmp does not expose port 22 (SSH) to the internet.", - "metadata": { - "event_code": "compute_firewall_ssh_access_from_the_internet_allowed", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "PASS", - "status_detail": "Firewall default-allow-icmp does not expose port 22 (SSH) to the internet.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.6" - ], - "SOC2": [ - "cc_6_6", - "cc_6_7" - ], - "ISO27001-2022": [ - "A.8.20" - ], - "ENS-RD2022": [ - "mp.com.1.gcp.fw.2" - ], - "PCI-4.0": [ - "1.2.5.17", - "1.2.8.16", - "1.2.8.17", - "1.2.8.21", - "1.2.8.25", - "1.2.8.40", - "1.2.8.41", - "1.3.1.18", - "1.3.1.19", - "1.3.1.24", - "1.3.2.15", - "1.3.2.18", - "1.3.2.19", - "1.3.2.24", - "1.3.2.45", - "1.4.2.17", - "1.4.2.18", - "1.4.2.19", - "1.4.2.22", - "1.4.2.24", - "1.5.1.16", - "1.5.1.17", - "1.5.1.21", - "1.5.1.40", - "10.3.2.12", - "2.2.5.17", - "3.5.1.3.14", - "A1.1.2.8", - "A1.1.3.16", - "A1.1.3.17", - "A1.1.3.21", - "A1.1.3.23", - "A1.1.3.40", - "A3.4.1.8" - ], - "MITRE-ATTACK": [ - "T1190", - "T1199", - "T1048", - "T1498", - "T1046" - ], - "CIS-2.0": [ - "3.6" - ], - "NIS2": [ - "1.1.1.c", - "1.2.1", - "2.1.2.e", - "2.1.2.g", - "2.2.1", - "2.3.1", - "6.7.2.b", - "6.7.2.i", - "11.1.1", - "11.6.2.a", - "11.7.2", - "12.2.2.c" - ], - "ProwlerThreatScore-1.0": [ - "2.1.4" - ], - "CIS-4.0": [ - "3.6" - ], - "CCC": [ - "CCC.Build.CN03.AR01", - "CCC.DataWar.CN03.AR01", - "CCC.GenAI.CN04.AR01", - "CCC.MLDE.CN03.AR01", - "CCC.MLDE.CN03.AR02", - "CCC.MLDE.CN04.AR02", - "CCC.MLDE.CN05.AR02", - "CCC.MLDE.CN07.AR01", - "CCC.MLDE.CN07.AR02", - "CCC.MLDE.CN08.AR01", - "CCC.MLDE.CN08.AR02", - "CCC.SvlsComp.CN01.AR01", - "CCC.Core.CN01.AR02", - "CCC.Core.CN01.AR03", - "CCC.Core.CN01.AR07", - "CCC.Core.CN03.AR02", - "CCC.Core.CN03.AR04", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900732, - "created_time_dt": "2025-10-19T19:05:32.768934", - "desc": "GCP `Firewall Rules` are specific to a `VPC Network`. Each rule either `allows` or `denies` traffic when its conditions are met. Its conditions allow the user to specify the type of traffic, such as ports and protocols, and the source or destination of the traffic, including IP addresses, subnets, and instances. Firewall rules are defined at the VPC network level and are specific to the network in which they are defined. The rules themselves cannot be shared among networks. Firewall rules only support IPv4 traffic. When specifying a source for an ingress rule or a destination for an egress rule by address, only an `IPv4` address or `IPv4 block in CIDR` notation can be used. Generic `(0.0.0.0/0)` incoming traffic from the internet to VPC or VM instance using `SSH` on `Port 22` can be avoided.", - "title": "Ensure That SSH Access Is Restricted From the Internet", - "types": [], - "uid": "prowler-gcp-compute_firewall_ssh_access_from_the_internet_allowed-nodal-time-474015-p5-global-default-allow-icmp" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "default-allow-icmp", - "id": "613284056905897095", - "source_ranges": [ - "0.0.0.0/0" - ], - "direction": "INGRESS", - "allowed_rules": [ - { - "IPProtocol": "icmp" - } - ], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default-allow-icmp", - "type": "FirewallRule", - "uid": "613284056905897095" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "Check your Google Cloud Virtual Private Cloud (VPC) firewall rules for inbound rules that allow unrestricted access (i.e. 0.0.0.0/0) on TCP port 22 and restrict the access to trusted IP addresses or IP ranges only in order to implement the principle of least privilege and reduce the attack surface. TCP port 22 is used for secure remote login by connecting an SSH client application with an SSH server. It is strongly recommended to configure your Google Cloud VPC firewall rules to limit inbound traffic on TCP port 22 to known IP addresses only.", - "references": [ - "https://cloud.google.com/vpc/docs/using-firewalls" - ] - }, - "risk_details": "Exposing Secure Shell (SSH) port 22 to the Internet can increase opportunities for malicious activities such as hacking, Man-In-The-Middle attacks (MITM) and brute-force attacks.", - "time": 1760900732, - "time_dt": "2025-10-19T19:05:32.768934", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Firewall default-allow-internal does not expose port 22 (SSH) to the internet.", - "metadata": { - "event_code": "compute_firewall_ssh_access_from_the_internet_allowed", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "PASS", - "status_detail": "Firewall default-allow-internal does not expose port 22 (SSH) to the internet.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.6" - ], - "SOC2": [ - "cc_6_6", - "cc_6_7" - ], - "ISO27001-2022": [ - "A.8.20" - ], - "ENS-RD2022": [ - "mp.com.1.gcp.fw.2" - ], - "PCI-4.0": [ - "1.2.5.17", - "1.2.8.16", - "1.2.8.17", - "1.2.8.21", - "1.2.8.25", - "1.2.8.40", - "1.2.8.41", - "1.3.1.18", - "1.3.1.19", - "1.3.1.24", - "1.3.2.15", - "1.3.2.18", - "1.3.2.19", - "1.3.2.24", - "1.3.2.45", - "1.4.2.17", - "1.4.2.18", - "1.4.2.19", - "1.4.2.22", - "1.4.2.24", - "1.5.1.16", - "1.5.1.17", - "1.5.1.21", - "1.5.1.40", - "10.3.2.12", - "2.2.5.17", - "3.5.1.3.14", - "A1.1.2.8", - "A1.1.3.16", - "A1.1.3.17", - "A1.1.3.21", - "A1.1.3.23", - "A1.1.3.40", - "A3.4.1.8" - ], - "MITRE-ATTACK": [ - "T1190", - "T1199", - "T1048", - "T1498", - "T1046" - ], - "CIS-2.0": [ - "3.6" - ], - "NIS2": [ - "1.1.1.c", - "1.2.1", - "2.1.2.e", - "2.1.2.g", - "2.2.1", - "2.3.1", - "6.7.2.b", - "6.7.2.i", - "11.1.1", - "11.6.2.a", - "11.7.2", - "12.2.2.c" - ], - "ProwlerThreatScore-1.0": [ - "2.1.4" - ], - "CIS-4.0": [ - "3.6" - ], - "CCC": [ - "CCC.Build.CN03.AR01", - "CCC.DataWar.CN03.AR01", - "CCC.GenAI.CN04.AR01", - "CCC.MLDE.CN03.AR01", - "CCC.MLDE.CN03.AR02", - "CCC.MLDE.CN04.AR02", - "CCC.MLDE.CN05.AR02", - "CCC.MLDE.CN07.AR01", - "CCC.MLDE.CN07.AR02", - "CCC.MLDE.CN08.AR01", - "CCC.MLDE.CN08.AR02", - "CCC.SvlsComp.CN01.AR01", - "CCC.Core.CN01.AR02", - "CCC.Core.CN01.AR03", - "CCC.Core.CN01.AR07", - "CCC.Core.CN03.AR02", - "CCC.Core.CN03.AR04", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900732, - "created_time_dt": "2025-10-19T19:05:32.768934", - "desc": "GCP `Firewall Rules` are specific to a `VPC Network`. Each rule either `allows` or `denies` traffic when its conditions are met. Its conditions allow the user to specify the type of traffic, such as ports and protocols, and the source or destination of the traffic, including IP addresses, subnets, and instances. Firewall rules are defined at the VPC network level and are specific to the network in which they are defined. The rules themselves cannot be shared among networks. Firewall rules only support IPv4 traffic. When specifying a source for an ingress rule or a destination for an egress rule by address, only an `IPv4` address or `IPv4 block in CIDR` notation can be used. Generic `(0.0.0.0/0)` incoming traffic from the internet to VPC or VM instance using `SSH` on `Port 22` can be avoided.", - "title": "Ensure That SSH Access Is Restricted From the Internet", - "types": [], - "uid": "prowler-gcp-compute_firewall_ssh_access_from_the_internet_allowed-nodal-time-474015-p5-global-default-allow-internal" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "default-allow-internal", - "id": "7344732286417982599", - "source_ranges": [ - "10.128.0.0/9" - ], - "direction": "INGRESS", - "allowed_rules": [ - { - "IPProtocol": "tcp", - "ports": [ - "0-65535" - ] - }, - { - "IPProtocol": "udp", - "ports": [ - "0-65535" - ] - }, - { - "IPProtocol": "icmp" - } - ], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default-allow-internal", - "type": "FirewallRule", - "uid": "7344732286417982599" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "Check your Google Cloud Virtual Private Cloud (VPC) firewall rules for inbound rules that allow unrestricted access (i.e. 0.0.0.0/0) on TCP port 22 and restrict the access to trusted IP addresses or IP ranges only in order to implement the principle of least privilege and reduce the attack surface. TCP port 22 is used for secure remote login by connecting an SSH client application with an SSH server. It is strongly recommended to configure your Google Cloud VPC firewall rules to limit inbound traffic on TCP port 22 to known IP addresses only.", - "references": [ - "https://cloud.google.com/vpc/docs/using-firewalls" - ] - }, - "risk_details": "Exposing Secure Shell (SSH) port 22 to the Internet can increase opportunities for malicious activities such as hacking, Man-In-The-Middle attacks (MITM) and brute-force attacks.", - "time": 1760900732, - "time_dt": "2025-10-19T19:05:32.768934", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Firewall default-allow-rdp does not expose port 22 (SSH) to the internet.", - "metadata": { - "event_code": "compute_firewall_ssh_access_from_the_internet_allowed", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "PASS", - "status_detail": "Firewall default-allow-rdp does not expose port 22 (SSH) to the internet.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.6" - ], - "SOC2": [ - "cc_6_6", - "cc_6_7" - ], - "ISO27001-2022": [ - "A.8.20" - ], - "ENS-RD2022": [ - "mp.com.1.gcp.fw.2" - ], - "PCI-4.0": [ - "1.2.5.17", - "1.2.8.16", - "1.2.8.17", - "1.2.8.21", - "1.2.8.25", - "1.2.8.40", - "1.2.8.41", - "1.3.1.18", - "1.3.1.19", - "1.3.1.24", - "1.3.2.15", - "1.3.2.18", - "1.3.2.19", - "1.3.2.24", - "1.3.2.45", - "1.4.2.17", - "1.4.2.18", - "1.4.2.19", - "1.4.2.22", - "1.4.2.24", - "1.5.1.16", - "1.5.1.17", - "1.5.1.21", - "1.5.1.40", - "10.3.2.12", - "2.2.5.17", - "3.5.1.3.14", - "A1.1.2.8", - "A1.1.3.16", - "A1.1.3.17", - "A1.1.3.21", - "A1.1.3.23", - "A1.1.3.40", - "A3.4.1.8" - ], - "MITRE-ATTACK": [ - "T1190", - "T1199", - "T1048", - "T1498", - "T1046" - ], - "CIS-2.0": [ - "3.6" - ], - "NIS2": [ - "1.1.1.c", - "1.2.1", - "2.1.2.e", - "2.1.2.g", - "2.2.1", - "2.3.1", - "6.7.2.b", - "6.7.2.i", - "11.1.1", - "11.6.2.a", - "11.7.2", - "12.2.2.c" - ], - "ProwlerThreatScore-1.0": [ - "2.1.4" - ], - "CIS-4.0": [ - "3.6" - ], - "CCC": [ - "CCC.Build.CN03.AR01", - "CCC.DataWar.CN03.AR01", - "CCC.GenAI.CN04.AR01", - "CCC.MLDE.CN03.AR01", - "CCC.MLDE.CN03.AR02", - "CCC.MLDE.CN04.AR02", - "CCC.MLDE.CN05.AR02", - "CCC.MLDE.CN07.AR01", - "CCC.MLDE.CN07.AR02", - "CCC.MLDE.CN08.AR01", - "CCC.MLDE.CN08.AR02", - "CCC.SvlsComp.CN01.AR01", - "CCC.Core.CN01.AR02", - "CCC.Core.CN01.AR03", - "CCC.Core.CN01.AR07", - "CCC.Core.CN03.AR02", - "CCC.Core.CN03.AR04", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900732, - "created_time_dt": "2025-10-19T19:05:32.768934", - "desc": "GCP `Firewall Rules` are specific to a `VPC Network`. Each rule either `allows` or `denies` traffic when its conditions are met. Its conditions allow the user to specify the type of traffic, such as ports and protocols, and the source or destination of the traffic, including IP addresses, subnets, and instances. Firewall rules are defined at the VPC network level and are specific to the network in which they are defined. The rules themselves cannot be shared among networks. Firewall rules only support IPv4 traffic. When specifying a source for an ingress rule or a destination for an egress rule by address, only an `IPv4` address or `IPv4 block in CIDR` notation can be used. Generic `(0.0.0.0/0)` incoming traffic from the internet to VPC or VM instance using `SSH` on `Port 22` can be avoided.", - "title": "Ensure That SSH Access Is Restricted From the Internet", - "types": [], - "uid": "prowler-gcp-compute_firewall_ssh_access_from_the_internet_allowed-nodal-time-474015-p5-global-default-allow-rdp" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "default-allow-rdp", - "id": "438688946219209863", - "source_ranges": [ - "0.0.0.0/0" - ], - "direction": "INGRESS", - "allowed_rules": [ - { - "IPProtocol": "tcp", - "ports": [ - "3389" - ] - } - ], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default-allow-rdp", - "type": "FirewallRule", - "uid": "438688946219209863" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "Check your Google Cloud Virtual Private Cloud (VPC) firewall rules for inbound rules that allow unrestricted access (i.e. 0.0.0.0/0) on TCP port 22 and restrict the access to trusted IP addresses or IP ranges only in order to implement the principle of least privilege and reduce the attack surface. TCP port 22 is used for secure remote login by connecting an SSH client application with an SSH server. It is strongly recommended to configure your Google Cloud VPC firewall rules to limit inbound traffic on TCP port 22 to known IP addresses only.", - "references": [ - "https://cloud.google.com/vpc/docs/using-firewalls" - ] - }, - "risk_details": "Exposing Secure Shell (SSH) port 22 to the Internet can increase opportunities for malicious activities such as hacking, Man-In-The-Middle attacks (MITM) and brute-force attacks.", - "time": 1760900732, - "time_dt": "2025-10-19T19:05:32.768934", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Firewall default-allow-ssh does exposes port 22 (SSH) to the internet.", - "metadata": { - "event_code": "compute_firewall_ssh_access_from_the_internet_allowed", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "FAIL", - "status_detail": "Firewall default-allow-ssh does exposes port 22 (SSH) to the internet.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.6" - ], - "SOC2": [ - "cc_6_6", - "cc_6_7" - ], - "ISO27001-2022": [ - "A.8.20" - ], - "ENS-RD2022": [ - "mp.com.1.gcp.fw.2" - ], - "PCI-4.0": [ - "1.2.5.17", - "1.2.8.16", - "1.2.8.17", - "1.2.8.21", - "1.2.8.25", - "1.2.8.40", - "1.2.8.41", - "1.3.1.18", - "1.3.1.19", - "1.3.1.24", - "1.3.2.15", - "1.3.2.18", - "1.3.2.19", - "1.3.2.24", - "1.3.2.45", - "1.4.2.17", - "1.4.2.18", - "1.4.2.19", - "1.4.2.22", - "1.4.2.24", - "1.5.1.16", - "1.5.1.17", - "1.5.1.21", - "1.5.1.40", - "10.3.2.12", - "2.2.5.17", - "3.5.1.3.14", - "A1.1.2.8", - "A1.1.3.16", - "A1.1.3.17", - "A1.1.3.21", - "A1.1.3.23", - "A1.1.3.40", - "A3.4.1.8" - ], - "MITRE-ATTACK": [ - "T1190", - "T1199", - "T1048", - "T1498", - "T1046" - ], - "CIS-2.0": [ - "3.6" - ], - "NIS2": [ - "1.1.1.c", - "1.2.1", - "2.1.2.e", - "2.1.2.g", - "2.2.1", - "2.3.1", - "6.7.2.b", - "6.7.2.i", - "11.1.1", - "11.6.2.a", - "11.7.2", - "12.2.2.c" - ], - "ProwlerThreatScore-1.0": [ - "2.1.4" - ], - "CIS-4.0": [ - "3.6" - ], - "CCC": [ - "CCC.Build.CN03.AR01", - "CCC.DataWar.CN03.AR01", - "CCC.GenAI.CN04.AR01", - "CCC.MLDE.CN03.AR01", - "CCC.MLDE.CN03.AR02", - "CCC.MLDE.CN04.AR02", - "CCC.MLDE.CN05.AR02", - "CCC.MLDE.CN07.AR01", - "CCC.MLDE.CN07.AR02", - "CCC.MLDE.CN08.AR01", - "CCC.MLDE.CN08.AR02", - "CCC.SvlsComp.CN01.AR01", - "CCC.Core.CN01.AR02", - "CCC.Core.CN01.AR03", - "CCC.Core.CN01.AR07", - "CCC.Core.CN03.AR02", - "CCC.Core.CN03.AR04", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900732, - "created_time_dt": "2025-10-19T19:05:32.768934", - "desc": "GCP `Firewall Rules` are specific to a `VPC Network`. Each rule either `allows` or `denies` traffic when its conditions are met. Its conditions allow the user to specify the type of traffic, such as ports and protocols, and the source or destination of the traffic, including IP addresses, subnets, and instances. Firewall rules are defined at the VPC network level and are specific to the network in which they are defined. The rules themselves cannot be shared among networks. Firewall rules only support IPv4 traffic. When specifying a source for an ingress rule or a destination for an egress rule by address, only an `IPv4` address or `IPv4 block in CIDR` notation can be used. Generic `(0.0.0.0/0)` incoming traffic from the internet to VPC or VM instance using `SSH` on `Port 22` can be avoided.", - "title": "Ensure That SSH Access Is Restricted From the Internet", - "types": [], - "uid": "prowler-gcp-compute_firewall_ssh_access_from_the_internet_allowed-nodal-time-474015-p5-global-default-allow-ssh" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "default-allow-ssh", - "id": "4612266095473677447", - "source_ranges": [ - "0.0.0.0/0" - ], - "direction": "INGRESS", - "allowed_rules": [ - { - "IPProtocol": "tcp", - "ports": [ - "22" - ] - } - ], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default-allow-ssh", - "type": "FirewallRule", - "uid": "4612266095473677447" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "Check your Google Cloud Virtual Private Cloud (VPC) firewall rules for inbound rules that allow unrestricted access (i.e. 0.0.0.0/0) on TCP port 22 and restrict the access to trusted IP addresses or IP ranges only in order to implement the principle of least privilege and reduce the attack surface. TCP port 22 is used for secure remote login by connecting an SSH client application with an SSH server. It is strongly recommended to configure your Google Cloud VPC firewall rules to limit inbound traffic on TCP port 22 to known IP addresses only.", - "references": [ - "https://cloud.google.com/vpc/docs/using-firewalls" - ] - }, - "risk_details": "Exposing Secure Shell (SSH) port 22 to the Internet can increase opportunities for malicious activities such as hacking, Man-In-The-Middle attacks (MITM) and brute-force attacks.", - "time": 1760900732, - "time_dt": "2025-10-19T19:05:32.768934", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Default network is in use in project nodal-time-474015-p5.", - "metadata": { - "event_code": "compute_network_default_in_use", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Default network is in use in project nodal-time-474015-p5.", - "status_id": 1, - "unmapped": { - "related_url": "https://www.trendmicro.com/cloudoneconformity/knowledge-base/gcp/CloudVPC/default-vpc-in-use.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.1" - ], - "ISO27001-2022": [ - "A.8.20" - ], - "ENS-RD2022": [ - "mp.com.3.r1.gcp.net.1", - "mp.com.4.gcp.vpc.1", - "mp.com.4.r1.gcp.net.1" - ], - "PCI-4.0": [ - "1.4.2.19" - ], - "MITRE-ATTACK": [ - "T1046" - ], - "CIS-2.0": [ - "3.1" - ], - "NIS2": [ - "1.1.1.c", - "1.2.1", - "2.1.2.e", - "2.1.2.g", - "2.2.1", - "2.3.1", - "5.1.2.a", - "6.2.1" - ], - "ProwlerThreatScore-1.0": [ - "2.1.1" - ], - "CIS-4.0": [ - "3.1" - ], - "CCC": [ - "CCC.MLDE.CN08.AR01", - "CCC.MLDE.CN08.AR02", - "CCC.VPC.CN01.AR01" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900732, - "created_time_dt": "2025-10-19T19:05:32.768934", - "desc": "Ensure that the default network does not exist", - "title": "Ensure that the default network does not exist", - "types": [], - "uid": "prowler-gcp-compute_network_default_in_use-nodal-time-474015-p5-global-default" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "1894544973933139113", - "subnet_mode": "auto", - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Network", - "uid": "default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "When an organization deletes the default network, it may need to migrate or service onto a new network.", - "references": [ - "https://cloud.google.com/vpc/docs/using-vpc" - ] - }, - "risk_details": "The default network has a preconfigured network configuration and automatically generates insecure firewall rules.", - "time": 1760900732, - "time_dt": "2025-10-19T19:05:32.768934", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Network default does not have DNS logging enabled.", - "metadata": { - "event_code": "compute_network_dns_logging_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Network default does not have DNS logging enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_6_6", - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.8.gcp.nt.1", - "mp.com.2.r2.gcp.scc.1", - "mp.com.3.r3.gcp.scc.1" - ], - "PCI-4.0": [ - "1.3.2.44", - "1.4.1.9", - "1.4.2.42", - "1.4.4.9", - "10.2.1.1.6", - "10.2.1.1.29", - "10.2.1.2.6", - "10.2.1.2.12", - "10.2.1.2.21", - "10.2.1.2.26", - "10.2.1.3.6", - "10.2.1.3.21", - "10.2.1.3.26", - "10.2.1.4.6", - "10.2.1.4.21", - "10.2.1.4.26", - "10.2.1.5.6", - "10.2.1.5.26", - "10.2.1.6.6", - "10.2.1.6.21", - "10.2.1.6.26", - "10.2.1.7.6", - "10.2.1.7.12", - "10.2.1.7.26", - "10.2.1.6", - "10.2.1.26", - "10.2.2.6", - "10.2.2.21", - "10.2.2.26", - "10.3.1.6", - "10.3.1.12", - "10.3.1.26", - "10.5.1.9", - "10.6.3.6", - "10.6.3.14", - "10.6.3.26", - "10.6.3.32", - "5.3.4.6", - "5.3.4.24", - "5.3.4.31", - "A1.2.1.6", - "A1.2.1.25", - "A1.2.1.30" - ], - "MITRE-ATTACK": [ - "T1046" - ], - "CIS-2.0": [ - "2.12" - ], - "NIS2": [ - "1.1.1.c", - "1.2.1", - "2.1.2.e", - "2.1.2.g", - "2.1.2.h", - "2.2.1", - "2.3.1", - "3.2.1", - "3.2.3.a", - "3.2.3.d", - "3.6.2", - "6.2.1", - "6.7.2.i", - "6.7.2.l", - "7.2.b", - "9.2.a", - "11.1.1", - "11.5.2.d", - "12.2.2.c" - ], - "CCC": [ - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900732, - "created_time_dt": "2025-10-19T19:05:32.768934", - "desc": "Ensure that Cloud DNS logging is enabled for all your Virtual Private Cloud (VPC) networks using DNS server policies. Cloud DNS logging records queries that the name servers resolve for your Google Cloud VPC networks, as well as queries from external entities directly to a public DNS zone. Recorded queries can come from virtual machine (VM) instances, GKE containers running in the same VPC network, peering zones, or other Google Cloud resources provisioned within your VPC.", - "title": "Enable Cloud DNS Logging for VPC Networks", - "types": [], - "uid": "prowler-gcp-compute_network_dns_logging_enabled-nodal-time-474015-p5-global-default" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "1894544973933139113", - "subnet_mode": "auto", - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Network", - "uid": "1894544973933139113" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "Cloud DNS logging records the queries from the name servers within your VPC to Stackdriver. Logged queries can come from Compute Engine VMs, GKE containers, or other GCP resources provisioned within the VPC.", - "references": [ - "https://cloud.google.com/dns/docs/monitoring" - ] - }, - "risk_details": "Cloud DNS logging is disabled by default on each Google Cloud VPC network. By enabling monitoring of Cloud DNS logs, you can increase visibility into the DNS names requested by the clients within your VPC network. Cloud DNS logs can be monitored for anomalous domain names and evaluated against threat intelligence.", - "time": 1760900732, - "time_dt": "2025-10-19T19:05:32.768934", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Network simple-workbench does not have DNS logging enabled.", - "metadata": { - "event_code": "compute_network_dns_logging_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Network simple-workbench does not have DNS logging enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_6_6", - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.8.gcp.nt.1", - "mp.com.2.r2.gcp.scc.1", - "mp.com.3.r3.gcp.scc.1" - ], - "PCI-4.0": [ - "1.3.2.44", - "1.4.1.9", - "1.4.2.42", - "1.4.4.9", - "10.2.1.1.6", - "10.2.1.1.29", - "10.2.1.2.6", - "10.2.1.2.12", - "10.2.1.2.21", - "10.2.1.2.26", - "10.2.1.3.6", - "10.2.1.3.21", - "10.2.1.3.26", - "10.2.1.4.6", - "10.2.1.4.21", - "10.2.1.4.26", - "10.2.1.5.6", - "10.2.1.5.26", - "10.2.1.6.6", - "10.2.1.6.21", - "10.2.1.6.26", - "10.2.1.7.6", - "10.2.1.7.12", - "10.2.1.7.26", - "10.2.1.6", - "10.2.1.26", - "10.2.2.6", - "10.2.2.21", - "10.2.2.26", - "10.3.1.6", - "10.3.1.12", - "10.3.1.26", - "10.5.1.9", - "10.6.3.6", - "10.6.3.14", - "10.6.3.26", - "10.6.3.32", - "5.3.4.6", - "5.3.4.24", - "5.3.4.31", - "A1.2.1.6", - "A1.2.1.25", - "A1.2.1.30" - ], - "MITRE-ATTACK": [ - "T1046" - ], - "CIS-2.0": [ - "2.12" - ], - "NIS2": [ - "1.1.1.c", - "1.2.1", - "2.1.2.e", - "2.1.2.g", - "2.1.2.h", - "2.2.1", - "2.3.1", - "3.2.1", - "3.2.3.a", - "3.2.3.d", - "3.6.2", - "6.2.1", - "6.7.2.i", - "6.7.2.l", - "7.2.b", - "9.2.a", - "11.1.1", - "11.5.2.d", - "12.2.2.c" - ], - "CCC": [ - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900732, - "created_time_dt": "2025-10-19T19:05:32.768934", - "desc": "Ensure that Cloud DNS logging is enabled for all your Virtual Private Cloud (VPC) networks using DNS server policies. Cloud DNS logging records queries that the name servers resolve for your Google Cloud VPC networks, as well as queries from external entities directly to a public DNS zone. Recorded queries can come from virtual machine (VM) instances, GKE containers running in the same VPC network, peering zones, or other Google Cloud resources provisioned within your VPC.", - "title": "Enable Cloud DNS Logging for VPC Networks", - "types": [], - "uid": "prowler-gcp-compute_network_dns_logging_enabled-nodal-time-474015-p5-global-simple-workbench" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "simple-workbench", - "id": "6879006949331747071", - "subnet_mode": "custom", - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "simple-workbench", - "type": "Network", - "uid": "6879006949331747071" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "Cloud DNS logging records the queries from the name servers within your VPC to Stackdriver. Logged queries can come from Compute Engine VMs, GKE containers, or other GCP resources provisioned within the VPC.", - "references": [ - "https://cloud.google.com/dns/docs/monitoring" - ] - }, - "risk_details": "Cloud DNS logging is disabled by default on each Google Cloud VPC network. By enabling monitoring of Cloud DNS logs, you can increase visibility into the DNS names requested by the clients within your VPC network. Cloud DNS logs can be monitored for anomalous domain names and evaluated against threat intelligence.", - "time": 1760900732, - "time_dt": "2025-10-19T19:05:32.768934", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Network default is not legacy.", - "metadata": { - "event_code": "compute_network_not_legacy", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Network default is not legacy.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.2" - ], - "ISO27001-2022": [ - "A.8.20" - ], - "MITRE-ATTACK": [ - "T1498", - "T1046" - ], - "CIS-2.0": [ - "3.2" - ], - "NIS2": [ - "1.1.1.c", - "1.2.1", - "2.1.2.e", - "2.1.2.g", - "2.2.1", - "2.3.1", - "6.2.1", - "11.1.1" - ], - "ProwlerThreatScore-1.0": [ - "2.1.2" - ], - "CIS-4.0": [ - "3.2" - ], - "CCC": [ - "CCC.MLDE.CN08.AR01", - "CCC.MLDE.CN08.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900732, - "created_time_dt": "2025-10-19T19:05:32.768934", - "desc": "In order to prevent use of legacy networks, a project should not have a legacy network configured. As of now, Legacy Networks are gradually being phased out, and you can no longer create projects with them. This recommendation is to check older projects to ensure that they are not using Legacy Networks.", - "title": "Ensure Legacy Networks Do Not Exist", - "types": [], - "uid": "prowler-gcp-compute_network_not_legacy-nodal-time-474015-p5-global-default" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "1894544973933139113", - "subnet_mode": "auto", - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Network", - "uid": "1894544973933139113" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "Ensure that your Google Cloud Platform (GCP) projects are not using legacy networks as this type of network is no longer recommended for production environments because it does not support advanced networking features. Instead, it is strongly recommended to use Virtual Private Cloud (VPC) networks for existing and future GCP projects.", - "references": [ - "https://cloud.google.com/vpc/docs/using-legacy#deleting_a_legacy_network" - ] - }, - "risk_details": "Google Cloud legacy networks have a single global IPv4 range which cannot be divided into subnets, and a single gateway IP address for the whole network. Legacy networks do not support several Google Cloud networking features such as subnets, alias IP ranges, multiple network interfaces, Cloud NAT (Network Address Translation), Virtual Private Cloud (VPC) Peering, and private access options for GCP services. Legacy networks are not recommended for high network traffic projects and are subject to a single point of contention or failure.", - "time": 1760900732, - "time_dt": "2025-10-19T19:05:32.768934", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Network simple-workbench is not legacy.", - "metadata": { - "event_code": "compute_network_not_legacy", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Network simple-workbench is not legacy.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.2" - ], - "ISO27001-2022": [ - "A.8.20" - ], - "MITRE-ATTACK": [ - "T1498", - "T1046" - ], - "CIS-2.0": [ - "3.2" - ], - "NIS2": [ - "1.1.1.c", - "1.2.1", - "2.1.2.e", - "2.1.2.g", - "2.2.1", - "2.3.1", - "6.2.1", - "11.1.1" - ], - "ProwlerThreatScore-1.0": [ - "2.1.2" - ], - "CIS-4.0": [ - "3.2" - ], - "CCC": [ - "CCC.MLDE.CN08.AR01", - "CCC.MLDE.CN08.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900732, - "created_time_dt": "2025-10-19T19:05:32.768934", - "desc": "In order to prevent use of legacy networks, a project should not have a legacy network configured. As of now, Legacy Networks are gradually being phased out, and you can no longer create projects with them. This recommendation is to check older projects to ensure that they are not using Legacy Networks.", - "title": "Ensure Legacy Networks Do Not Exist", - "types": [], - "uid": "prowler-gcp-compute_network_not_legacy-nodal-time-474015-p5-global-simple-workbench" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "simple-workbench", - "id": "6879006949331747071", - "subnet_mode": "custom", - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "simple-workbench", - "type": "Network", - "uid": "6879006949331747071" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "Ensure that your Google Cloud Platform (GCP) projects are not using legacy networks as this type of network is no longer recommended for production environments because it does not support advanced networking features. Instead, it is strongly recommended to use Virtual Private Cloud (VPC) networks for existing and future GCP projects.", - "references": [ - "https://cloud.google.com/vpc/docs/using-legacy#deleting_a_legacy_network" - ] - }, - "risk_details": "Google Cloud legacy networks have a single global IPv4 range which cannot be divided into subnets, and a single gateway IP address for the whole network. Legacy networks do not support several Google Cloud networking features such as subnets, alias IP ranges, multiple network interfaces, Cloud NAT (Network Address Translation), Virtual Private Cloud (VPC) Peering, and private access options for GCP services. Legacy networks are not recommended for high network traffic projects and are subject to a single point of contention or failure.", - "time": 1760900732, - "time_dt": "2025-10-19T19:05:32.768934", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Project nodal-time-474015-p5 does not have OS Login enabled.", - "metadata": { - "event_code": "compute_project_os_login_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "Project nodal-time-474015-p5 does not have OS Login enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "4.4" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16" - ], - "ENS-RD2022": [ - "op.ext.3.gcp.log.1" - ], - "CIS-2.0": [ - "4.4" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.2.3.d", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "CIS-4.0": [ - "4.4" - ], - "CCC": [ - "CCC.MLDE.CN03.AR01", - "CCC.MLDE.CN03.AR02", - "CCC.Core.CN03.AR04", - "CCC.Core.CN05.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900732, - "created_time_dt": "2025-10-19T19:05:32.768934", - "desc": "Ensure that the OS Login feature is enabled at the Google Cloud Platform (GCP) project level in order to provide you with centralized and automated SSH key pair management.", - "title": "Ensure Os Login Is Enabled for a Project", - "types": [], - "uid": "prowler-gcp-compute_project_os_login_enabled-nodal-time-474015-p5-global-My First Project" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "number": 784623368087, - "id": "nodal-time-474015-p5", - "name": "My First Project", - "organization": null, - "labels": {}, - "lifecycle_state": "ACTIVE" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "My First Project", - "type": "GCPProject", - "uid": "nodal-time-474015-p5" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "Ensure that the OS Login feature is enabled at the Google Cloud Platform (GCP) project level in order to provide you with centralized and automated SSH key pair management.", - "references": [ - "https://cloud.google.com/compute/confidential-vm/docs/creating-cvm-instance:https://cloud.google.com/compute/confidential-vm/docs/about-cvm:https://cloud.google.com/confidential-computing:https://cloud.google.com/blog/products/identity-security/introducing-google-cloud-confidential-computing-with-confidential-vms" - ] - }, - "risk_details": "Enabling OS Login feature ensures that the SSH keys used to connect to VM instances are mapped with Google Cloud IAM users. Revoking access to corresponding IAM users will revoke all the SSH keys associated with these users, therefore it facilitates centralized SSH key pair management, which is extremely useful in handling compromised or stolen SSH key pairs and/or revocation of external/third-party/vendor users.", - "time": 1760900732, - "time_dt": "2025-10-19T19:05:32.768934", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900732, - "created_time_dt": "2025-10-19T19:05:32.768934", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-northamerica-northeast2-default" - }, - "resources": [ - { - "region": "northamerica-northeast2", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "483380030849242274", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "northamerica-northeast2" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "483380030849242274" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "northamerica-northeast2" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760900732, - "time_dt": "2025-10-19T19:05:32.768934", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900732, - "created_time_dt": "2025-10-19T19:05:32.768934", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-europe-west10-default" - }, - "resources": [ - { - "region": "europe-west10", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "4896835085019993250", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "europe-west10" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "4896835085019993250" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "europe-west10" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760900732, - "time_dt": "2025-10-19T19:05:32.768934", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900732, - "created_time_dt": "2025-10-19T19:05:32.768934", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-us-east5-default" - }, - "resources": [ - { - "region": "us-east5", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "1401430415650673826", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "us-east5" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "1401430415650673826" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-east5" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760900732, - "time_dt": "2025-10-19T19:05:32.768934", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900732, - "created_time_dt": "2025-10-19T19:05:32.768934", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-us-west3-default" - }, - "resources": [ - { - "region": "us-west3", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "5329755272922092706", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "us-west3" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "5329755272922092706" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-west3" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760900732, - "time_dt": "2025-10-19T19:05:32.768934", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900732, - "created_time_dt": "2025-10-19T19:05:32.768934", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-europe-west3-default" - }, - "resources": [ - { - "region": "europe-west3", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "5772105379350140066", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "europe-west3" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "5772105379350140066" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "europe-west3" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760900732, - "time_dt": "2025-10-19T19:05:32.768934", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900732, - "created_time_dt": "2025-10-19T19:05:32.768934", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-us-west4-default" - }, - "resources": [ - { - "region": "us-west4", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "7215612770497680546", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "us-west4" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "7215612770497680546" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-west4" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760900732, - "time_dt": "2025-10-19T19:05:32.768934", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900732, - "created_time_dt": "2025-10-19T19:05:32.768934", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-europe-west2-default" - }, - "resources": [ - { - "region": "europe-west2", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "1891634321841280162", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "europe-west2" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "1891634321841280162" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "europe-west2" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760900732, - "time_dt": "2025-10-19T19:05:32.768934", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900732, - "created_time_dt": "2025-10-19T19:05:32.768934", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-europe-west6-default" - }, - "resources": [ - { - "region": "europe-west6", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "3716081487960429730", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "europe-west6" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "3716081487960429730" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "europe-west6" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760900732, - "time_dt": "2025-10-19T19:05:32.768934", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900732, - "created_time_dt": "2025-10-19T19:05:32.768934", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-europe-west4-default" - }, - "resources": [ - { - "region": "europe-west4", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "5555571983192249506", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "europe-west4" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "5555571983192249506" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "europe-west4" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760900732, - "time_dt": "2025-10-19T19:05:32.768934", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900732, - "created_time_dt": "2025-10-19T19:05:32.768934", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-northamerica-northeast1-default" - }, - "resources": [ - { - "region": "northamerica-northeast1", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "3188169212019954850", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "northamerica-northeast1" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "3188169212019954850" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "northamerica-northeast1" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760900732, - "time_dt": "2025-10-19T19:05:32.768934", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900732, - "created_time_dt": "2025-10-19T19:05:32.768934", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-us-east1-default" - }, - "resources": [ - { - "region": "us-east1", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "355354730862040226", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "us-east1" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "355354730862040226" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-east1" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760900732, - "time_dt": "2025-10-19T19:05:32.768934", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900732, - "created_time_dt": "2025-10-19T19:05:32.768934", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-europe-west8-default" - }, - "resources": [ - { - "region": "europe-west8", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "8540268486600512674", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "europe-west8" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "8540268486600512674" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "europe-west8" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760900732, - "time_dt": "2025-10-19T19:05:32.768934", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900732, - "created_time_dt": "2025-10-19T19:05:32.768934", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-asia-southeast2-default" - }, - "resources": [ - { - "region": "asia-southeast2", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "1491739310004196514", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "asia-southeast2" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "1491739310004196514" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "asia-southeast2" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760900732, - "time_dt": "2025-10-19T19:05:32.768934", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900732, - "created_time_dt": "2025-10-19T19:05:32.768934", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-europe-north1-default" - }, - "resources": [ - { - "region": "europe-north1", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "6168370688555570338", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "europe-north1" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "6168370688555570338" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "europe-north1" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760900732, - "time_dt": "2025-10-19T19:05:32.768934", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900732, - "created_time_dt": "2025-10-19T19:05:32.768934", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-us-east4-default" - }, - "resources": [ - { - "region": "us-east4", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "2543292856211690658", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "us-east4" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "2543292856211690658" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-east4" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760900732, - "time_dt": "2025-10-19T19:05:32.768934", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900732, - "created_time_dt": "2025-10-19T19:05:32.768934", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-southamerica-east1-default" - }, - "resources": [ - { - "region": "southamerica-east1", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "5608727104037934242", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "southamerica-east1" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "5608727104037934242" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "southamerica-east1" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760900732, - "time_dt": "2025-10-19T19:05:32.768934", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900732, - "created_time_dt": "2025-10-19T19:05:32.768934", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-northamerica-south1-default" - }, - "resources": [ - { - "region": "northamerica-south1", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "7144258258311140514", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "northamerica-south1" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "7144258258311140514" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "northamerica-south1" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760900732, - "time_dt": "2025-10-19T19:05:32.768934", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900732, - "created_time_dt": "2025-10-19T19:05:32.768934", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-asia-south2-default" - }, - "resources": [ - { - "region": "asia-south2", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "3652760235359687842", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "asia-south2" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "3652760235359687842" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "asia-south2" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760900732, - "time_dt": "2025-10-19T19:05:32.768934", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900732, - "created_time_dt": "2025-10-19T19:05:32.768934", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-us-west2-default" - }, - "resources": [ - { - "region": "us-west2", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "24288970830075042", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "us-west2" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "24288970830075042" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-west2" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760900732, - "time_dt": "2025-10-19T19:05:32.768934", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900732, - "created_time_dt": "2025-10-19T19:05:32.768934", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-us-west1-default" - }, - "resources": [ - { - "region": "us-west1", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "8333568044404659362", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "us-west1" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "8333568044404659362" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-west1" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760900732, - "time_dt": "2025-10-19T19:05:32.768934", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900732, - "created_time_dt": "2025-10-19T19:05:32.768934", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-africa-south1-default" - }, - "resources": [ - { - "region": "africa-south1", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "3728776852941657249", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "africa-south1" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "3728776852941657249" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "africa-south1" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760900732, - "time_dt": "2025-10-19T19:05:32.768934", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900732, - "created_time_dt": "2025-10-19T19:05:32.768934", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-us-south1-default" - }, - "resources": [ - { - "region": "us-south1", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "1314274851926135970", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "us-south1" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "1314274851926135970" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-south1" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760900732, - "time_dt": "2025-10-19T19:05:32.768934", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900732, - "created_time_dt": "2025-10-19T19:05:32.768934", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-southamerica-west1-default" - }, - "resources": [ - { - "region": "southamerica-west1", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "608650311179523233", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "southamerica-west1" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "608650311179523233" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "southamerica-west1" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760900732, - "time_dt": "2025-10-19T19:05:32.768934", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900732, - "created_time_dt": "2025-10-19T19:05:32.768934", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-us-central1-default" - }, - "resources": [ - { - "region": "us-central1", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "7706237583483294882", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "us-central1" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "7706237583483294882" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-central1" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760900732, - "time_dt": "2025-10-19T19:05:32.768934", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet simple-subnet-01 in network simple-workbench does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet simple-subnet-01 in network simple-workbench does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900732, - "created_time_dt": "2025-10-19T19:05:32.768934", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-us-central1-simple-subnet-01" - }, - "resources": [ - { - "region": "us-central1", - "data": { - "details": "", - "metadata": { - "name": "simple-subnet-01", - "id": "8482275995630223604", - "network": "simple-workbench", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "us-central1" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "simple-subnet-01", - "type": "Subnet", - "uid": "8482275995630223604" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-central1" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760900732, - "time_dt": "2025-10-19T19:05:32.768934", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900732, - "created_time_dt": "2025-10-19T19:05:32.768934", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-asia-northeast2-default" - }, - "resources": [ - { - "region": "asia-northeast2", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "508768411464586402", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "asia-northeast2" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "508768411464586402" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "asia-northeast2" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760900732, - "time_dt": "2025-10-19T19:05:32.768934", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900732, - "created_time_dt": "2025-10-19T19:05:32.768934", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-europe-central2-default" - }, - "resources": [ - { - "region": "europe-central2", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "4980955262212461730", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "europe-central2" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "4980955262212461730" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "europe-central2" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760900732, - "time_dt": "2025-10-19T19:05:32.768934", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900732, - "created_time_dt": "2025-10-19T19:05:32.768934", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-me-west1-default" - }, - "resources": [ - { - "region": "me-west1", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "5036744520860521634", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "me-west1" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "5036744520860521634" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "me-west1" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760900732, - "time_dt": "2025-10-19T19:05:32.768934", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900732, - "created_time_dt": "2025-10-19T19:05:32.768934", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-asia-south1-default" - }, - "resources": [ - { - "region": "asia-south1", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "7023929475293861026", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "asia-south1" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "7023929475293861026" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "asia-south1" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760900732, - "time_dt": "2025-10-19T19:05:32.768934", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900732, - "created_time_dt": "2025-10-19T19:05:32.768934", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-europe-west12-default" - }, - "resources": [ - { - "region": "europe-west12", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "5525328356797142178", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "europe-west12" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "5525328356797142178" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "europe-west12" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760900732, - "time_dt": "2025-10-19T19:05:32.768934", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900732, - "created_time_dt": "2025-10-19T19:05:32.768934", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-me-central1-default" - }, - "resources": [ - { - "region": "me-central1", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "8693862684678509730", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "me-central1" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "8693862684678509730" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "me-central1" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760900732, - "time_dt": "2025-10-19T19:05:32.768934", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900732, - "created_time_dt": "2025-10-19T19:05:32.768934", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-europe-west1-default" - }, - "resources": [ - { - "region": "europe-west1", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "3398545940062753954", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "europe-west1" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "3398545940062753954" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "europe-west1" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760900732, - "time_dt": "2025-10-19T19:05:32.768934", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900732, - "created_time_dt": "2025-10-19T19:05:32.768934", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-asia-east2-default" - }, - "resources": [ - { - "region": "asia-east2", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "6078557433428006050", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "asia-east2" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "6078557433428006050" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "asia-east2" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760900732, - "time_dt": "2025-10-19T19:05:32.768934", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900732, - "created_time_dt": "2025-10-19T19:05:32.768934", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-australia-southeast1-default" - }, - "resources": [ - { - "region": "australia-southeast1", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "5526634061214864546", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "australia-southeast1" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "5526634061214864546" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "australia-southeast1" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760900732, - "time_dt": "2025-10-19T19:05:32.768934", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900732, - "created_time_dt": "2025-10-19T19:05:32.768934", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-asia-northeast1-default" - }, - "resources": [ - { - "region": "asia-northeast1", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "7315669883403457698", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "asia-northeast1" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "7315669883403457698" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "asia-northeast1" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760900732, - "time_dt": "2025-10-19T19:05:32.768934", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900732, - "created_time_dt": "2025-10-19T19:05:32.768934", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-asia-east1-default" - }, - "resources": [ - { - "region": "asia-east1", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "5813254284192076962", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "asia-east1" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "5813254284192076962" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "asia-east1" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760900732, - "time_dt": "2025-10-19T19:05:32.768934", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900732, - "created_time_dt": "2025-10-19T19:05:32.768934", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-europe-southwest1-default" - }, - "resources": [ - { - "region": "europe-southwest1", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "1089352323782235298", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "europe-southwest1" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "1089352323782235298" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "europe-southwest1" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760900732, - "time_dt": "2025-10-19T19:05:32.768934", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900732, - "created_time_dt": "2025-10-19T19:05:32.768934", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-europe-north2-default" - }, - "resources": [ - { - "region": "europe-north2", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "1953758124674995362", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "europe-north2" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "1953758124674995362" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "europe-north2" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760900732, - "time_dt": "2025-10-19T19:05:32.768934", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900732, - "created_time_dt": "2025-10-19T19:05:32.768934", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-asia-southeast1-default" - }, - "resources": [ - { - "region": "asia-southeast1", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "4056355735184430242", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "asia-southeast1" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "4056355735184430242" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "asia-southeast1" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760900732, - "time_dt": "2025-10-19T19:05:32.768934", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900732, - "created_time_dt": "2025-10-19T19:05:32.768934", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-australia-southeast2-default" - }, - "resources": [ - { - "region": "australia-southeast2", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "4285468416242439330", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "australia-southeast2" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "4285468416242439330" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "australia-southeast2" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760900732, - "time_dt": "2025-10-19T19:05:32.768934", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900732, - "created_time_dt": "2025-10-19T19:05:32.768934", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-europe-west9-default" - }, - "resources": [ - { - "region": "europe-west9", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "1074046580757714082", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "europe-west9" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "1074046580757714082" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "europe-west9" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760900732, - "time_dt": "2025-10-19T19:05:32.768934", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900732, - "created_time_dt": "2025-10-19T19:05:32.768934", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-asia-northeast3-default" - }, - "resources": [ - { - "region": "asia-northeast3", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "9096168126651389090", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "asia-northeast3" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "9096168126651389090" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "asia-northeast3" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760900732, - "time_dt": "2025-10-19T19:05:32.768934", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "GCR Container Scanning is not enabled in project nodal-time-474015-p5.", - "metadata": { - "event_code": "gcr_container_scanning_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "GCR Container Scanning is not enabled in project nodal-time-474015-p5.", - "status_id": 1, - "unmapped": { - "related_url": "https://cloud.google.com/container-registry/docs/container-analysis", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "By default, GCR Container Scanning is disabled.", - "compliance": { - "SOC2": [ - "cc_3_1", - "cc_3_2" - ], - "ENS-RD2022": [ - "op.mon.1.r1.gcp.scc.1", - "op.mon.1.r2.gcp.scc.1", - "op.mon.3.gcp.scc.1" - ], - "PCI-4.0": [ - "11.3.1.2.1", - "11.3.1.3.3", - "11.3.1.3" - ], - "NIS2": [ - "2.2.1", - "5.1.4.f", - "5.1.7.d", - "6.6.1.a", - "6.9.2" - ], - "CCC": [ - "CCC.CntrReg.CN01.AR01", - "CCC.GenAI.CN04.AR01", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.MLDE.CN05.AR01", - "CCC.MLDE.CN05.AR02", - "CCC.MLDE.CN06.AR01" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900732, - "created_time_dt": "2025-10-19T19:05:32.768934", - "desc": "Scan images stored in Google Container Registry (GCR) for vulnerabilities using GCR Container Scanning or a third-party provider. This helps identify and mitigate security risks associated with known vulnerabilities in container images.", - "title": "Ensure Image Vulnerability Scanning using GCR Container Scanning or a third-party provider", - "types": [ - "Security", - "Configuration" - ], - "uid": "prowler-gcp-gcr_container_scanning_enabled-nodal-time-474015-p5-global-GCR Container Scanning" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "number": 784623368087, - "id": "nodal-time-474015-p5", - "name": "My First Project", - "organization": null, - "labels": {}, - "lifecycle_state": "ACTIVE" - } - }, - "group": { - "name": "gcr" - }, - "labels": [], - "name": "GCR Container Scanning", - "type": "Service", - "uid": "containerscanning.googleapis.com" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "Enable vulnerability scanning for images stored in GCR using GCR Container Scanning or a third-party provider.", - "references": [ - "https://cloud.google.com/container-registry/docs/container-best-practices" - ] - }, - "risk_details": "Without image vulnerability scanning, container images stored in GCR may contain known vulnerabilities, increasing the risk of exploitation by malicious actors.", - "time": 1760900732, - "time_dt": "2025-10-19T19:05:32.768934", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Audit Logs are not enabled for project nodal-time-474015-p5.", - "metadata": { - "event_code": "iam_audit_logs_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Audit Logs are not enabled for project nodal-time-474015-p5.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "2.1" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16" - ], - "ENS-RD2022": [ - "opc.acc.1.r1.gcp.iam.2", - "op.acc.6.r5.gcp.cl.1", - "op.acc.6.r9.gcp.api.1" - ], - "PCI-4.0": [ - "1.5.1.31", - "10.2.1.1.7", - "10.2.1.1.10", - "10.2.1.1.20", - "10.2.1.1.25", - "10.2.1.1.36", - "10.2.1.2.1", - "10.2.1.2.7", - "10.2.1.2.8", - "10.2.1.2.19", - "10.2.1.2.24", - "10.2.1.3.7", - "10.2.1.3.8", - "10.2.1.3.11", - "10.2.1.3.17", - "10.2.1.3.19", - "10.2.1.4.1", - "10.2.1.4.7", - "10.2.1.4.8", - "10.2.1.4.19", - "10.2.1.4.24", - "10.2.1.5.1", - "10.2.1.5.7", - "10.2.1.5.19", - "10.2.1.5.24", - "10.2.1.6.7", - "10.2.1.6.8", - "10.2.1.6.24", - "10.2.1.7.7", - "10.2.1.7.8", - "10.2.1.7.19", - "10.2.1.7.24", - "10.2.1.1", - "10.2.1.7", - "10.2.1.8", - "10.2.1.11", - "10.2.1.17", - "10.2.1.18", - "10.2.1.19", - "10.2.1.24", - "10.2.1.30", - "10.2.2.1", - "10.2.2.7", - "10.2.2.8", - "10.2.2.18", - "10.2.2.24", - "10.3.1.7", - "10.3.1.8", - "10.3.1.24", - "10.3.2.2", - "10.3.2.5", - "10.3.3.4", - "10.3.3.7", - "10.3.4.3", - "10.3.4.6", - "10.4.1.1.3", - "10.5.1.3", - "10.6.3.7", - "10.6.3.10", - "10.6.3.22", - "10.6.3.24", - "10.6.3.41", - "11.5.2.4", - "11.6.1.4", - "12.10.5.4", - "5.3.4.7", - "5.3.4.8", - "5.3.4.9", - "5.3.4.20", - "5.3.4.21", - "5.3.4.22", - "7.2.1.15", - "7.2.2.15", - "7.2.5.11", - "7.3.1.11", - "7.3.2.11", - "7.3.3.11", - "8.2.8.13", - "A1.2.1.1", - "A1.2.1.7", - "A1.2.1.8", - "A1.2.1.10", - "A1.2.1.12", - "A1.2.1.28", - "A3.3.1.6", - "A3.5.1.6" - ], - "CIS-2.0": [ - "2.1" - ], - "NIS2": [ - "3.1.3", - "3.2.1", - "3.2.3.c", - "3.2.3.d", - "3.2.3.e", - "3.6.2", - "7.2.b", - "11.2.2.e", - "11.2.2.f", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "1.3.3" - ], - "CIS-4.0": [ - "2.1" - ], - "CCC": [ - "CCC.AuditLog.CN01.AR01", - "CCC.AuditLog.CN01.AR02", - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.AuditLog.CN07.AR01", - "CCC.DataWar.CN03.AR01", - "CCC.GenAI.CN03.AR01", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.LB.CN04.AR01", - "CCC.LB.CN05.AR01", - "CCC.LB.CN09.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.MLDE.CN01.AR01", - "CCC.MLDE.CN03.AR02", - "CCC.Monitor.CN01.AR01", - "CCC.Monitor.CN02.AR01", - "CCC.Vector.CN05.AR01", - "CCC.Core.CN09.AR01", - "CCC.Core.CN09.AR02", - "CCC.Core.CN03.AR04", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR02", - "CCC.Core.CN04.AR03", - "CCC.Core.CN07.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900732, - "created_time_dt": "2025-10-19T19:05:32.768934", - "desc": "Ensure that Google Cloud Audit Logs feature is configured to track Data Access logs for all Google Cloud Platform (GCP) services and users, in order to enhance overall access security and meet compliance requirements. Once configured, the feature can record all admin related activities, as well as all the read and write access requests to user data.", - "title": "Configure Google Cloud Audit Logs to Track All Activities", - "types": [], - "uid": "prowler-gcp-iam_audit_logs_enabled-nodal-time-474015-p5-global-My First Project" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "number": 784623368087, - "id": "nodal-time-474015-p5", - "name": "My First Project", - "organization": null, - "labels": {}, - "lifecycle_state": "ACTIVE" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "My First Project", - "type": "GCPProject", - "uid": "nodal-time-474015-p5" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended that Cloud Audit Logging is configured to track all admin activities and read, write access to user data.", - "references": [ - "https://cloud.google.com/logging/docs/audit/" - ] - }, - "risk_details": "In order to maintain an effective Google Cloud audit configuration for your project, folder, and organization, all 3 types of Data Access logs (ADMIN_READ, DATA_READ and DATA_WRITE) must be enabled for all supported GCP services. Also, Data Access logs should be captured for all IAM users, without exempting any of them. Exemptions let you control which users generate audit logs. When you add an exempted user to your log configuration, audit logs are not created for that user, for the selected log type(s). Data Access audit logs are disabled by default and must be explicitly enabled based on your business requirements.", - "time": 1760900732, - "time_dt": "2025-10-19T19:05:32.768934", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Cloud Asset Inventory is enabled in project nodal-time-474015-p5.", - "metadata": { - "event_code": "iam_cloud_asset_inventory_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Cloud Asset Inventory is enabled in project nodal-time-474015-p5.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "2.13" - ], - "SOC2": [ - "cc_1_3", - "cc_3_4", - "cc_4_2", - "cc_6_8", - "cc_7_1", - "cc_7_3", - "cc_8_1" - ], - "ISO27001-2022": [ - "A.5.1", - "A.5.19", - "A.5.21", - "A.5.25", - "A.5.28", - "A.5.29", - "A.8.7", - "A.8.9" - ], - "ENS-RD2022": [ - "op.exp.1.gcp.scc.1", - "op.exp.1.r2.gcp.cai.1", - "op.exp.1.r3.gcp.cai.1" - ], - "MITRE-ATTACK": [ - "T1098", - "T1580" - ], - "CIS-2.0": [ - "2.13" - ], - "NIS2": [ - "3.1.3" - ], - "ProwlerThreatScore-1.0": [ - "3.3.1" - ], - "CIS-4.0": [ - "2.13" - ], - "CCC": [ - "CCC.GenAI.CN03.AR01", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.Core.CN05.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900732, - "created_time_dt": "2025-10-19T19:05:32.768934", - "desc": "GCP Cloud Asset Inventory is services that provides a historical view of GCP resources and IAM policies through a time-series database. The information recorded includes metadata on Google Cloud resources, metadata on policies set on Google Cloud projects or resources, and runtime information gathered within a Google Cloud resource.", - "title": "Ensure Cloud Asset Inventory Is Enabled", - "types": [], - "uid": "prowler-gcp-iam_cloud_asset_inventory_enabled-nodal-time-474015-p5-global-Cloud Asset Inventory" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "number": 784623368087, - "id": "nodal-time-474015-p5", - "name": "My First Project", - "organization": null, - "labels": {}, - "lifecycle_state": "ACTIVE" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "Cloud Asset Inventory", - "type": "Service", - "uid": "cloudasset.googleapis.com" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "Ensure that Cloud Asset Inventory is enabled for all your GCP projects in order to efficiently manage the history and the inventory of your cloud resources. Google Cloud Asset Inventory is a fully managed metadata inventory service that allows you to view, monitor, analyze, and gain insights for your Google Cloud and Anthos assets. Cloud Asset Inventory is disabled by default in each GCP project.", - "references": [ - "https://cloud.google.com/asset-inventory/docs" - ] - }, - "risk_details": "Gaining insight into Google Cloud resources and policies is vital for tasks such as DevOps, security analytics, multi-cluster and fleet management, auditing, and governance. With Cloud Asset Inventory you can discover, monitor, and analyze all GCP assets in one place, achieving a better understanding of all your cloud assets across projects and services.", - "time": 1760900732, - "time_dt": "2025-10-19T19:05:32.768934", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No IAM Users assigned to service roles at project level nodal-time-474015-p5.", - "metadata": { - "event_code": "iam_no_service_roles_at_project_level", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "No IAM Users assigned to service roles at project level nodal-time-474015-p5.", - "status_id": 1, - "unmapped": { - "related_url": "https://www.trendmicro.com/cloudoneconformity/knowledge-base/gcp/CloudIAM/check-for-iam-users-with-service-roles.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.6" - ], - "SOC2": [ - "cc_1_3" - ], - "ISO27001-2022": [ - "A.5.3", - "A.5.15", - "A.8.2" - ], - "ENS-RD2022": [ - "op.acc.1.r1.gcp.iam.1" - ], - "PCI-4.0": [ - "1.5.1.31", - "7.2.1.16", - "7.2.1.19", - "7.2.2.17", - "7.2.2.19", - "7.2.5.7", - "7.2.5.10", - "7.2.5.13", - "7.3.1.7", - "7.3.1.12", - "7.3.1.13", - "7.3.2.13", - "7.3.3.10", - "7.3.3.12", - "7.3.3.13", - "8.2.2.6", - "8.2.7.11", - "8.2.7.13", - "8.2.8.9", - "8.2.8.15", - "8.3.4.11", - "8.3.4.12", - "8.3.4.13" - ], - "MITRE-ATTACK": [ - "T1078", - "T1098", - "T1556", - "T1578", - "T1550", - "T1606", - "T1040", - "T1580", - "T1538", - "T1069" - ], - "CIS-2.0": [ - "1.6" - ], - "NIS2": [ - "6.2.2.b", - "6.7.2.g", - "11.1.2.c", - "11.2.2.d", - "11.3.1", - "11.3.2.b" - ], - "ProwlerThreatScore-1.0": [ - "1.3.1" - ], - "CIS-4.0": [ - "1.6" - ], - "CCC": [ - "CCC.DataWar.CN03.AR01", - "CCC.GenAI.CN06.AR01", - "CCC.LB.CN04.AR01", - "CCC.LB.CN05.AR01", - "CCC.LB.CN09.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.MLDE.CN03.AR02", - "CCC.Monitor.CN06.AR01", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900732, - "created_time_dt": "2025-10-19T19:05:32.768934", - "desc": "It is recommended to assign the `Service Account User (iam.serviceAccountUser)` and `Service Account Token Creator (iam.serviceAccountTokenCreator)` roles to a user for a specific service account rather than assigning the role to a user at project level.", - "title": "Ensure That IAM Users Are Not Assigned the Service Account User or Service Account Token Creator Roles at Project Level", - "types": [], - "uid": "prowler-gcp-iam_no_service_roles_at_project_level-nodal-time-474015-p5-global-My First Project" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "number": 784623368087, - "id": "nodal-time-474015-p5", - "name": "My First Project", - "organization": null, - "labels": {}, - "lifecycle_state": "ACTIVE" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "My First Project", - "type": "IAM Policy", - "uid": "nodal-time-474015-p5" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "Ensure that the Service Account User and Service Account Token Creator roles are assigned to a user for a specific GCP service account rather than to a user at the GCP project level, in order to implement the principle of least privilege (POLP). The principle of least privilege (also known as the principle of minimal privilege) is the practice of providing every user the minimal amount of access required to perform its tasks. Google Cloud Platform (GCP) IAM users should not have assigned the Service Account User or Service Account Token Creator roles at the GCP project level. Instead, these roles should be allocated to a user associated with a specific service account, providing that user access to the service account only.", - "references": [ - "https://cloud.google.com/iam/docs/granting-changing-revoking-access" - ] - }, - "risk_details": "The Service Account User (iam.serviceAccountUser) role allows an IAM user to attach a service account to a long-running job service such as an App Engine App or Dataflow Job, whereas the Service Account Token Creator (iam.serviceAccountTokenCreator) role allows a user to directly impersonate the identity of a service account.", - "time": 1760900732, - "time_dt": "2025-10-19T19:05:32.768934", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Principle of separation of duties was enforced for KMS-Related Roles in project nodal-time-474015-p5.", - "metadata": { - "event_code": "iam_role_kms_enforce_separation_of_duties", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Principle of separation of duties was enforced for KMS-Related Roles in project nodal-time-474015-p5.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.8", - "1.11" - ], - "SOC2": [ - "cc_1_3", - "cc_6_3" - ], - "ISO27001-2022": [ - "A.5.3", - "A.5.15", - "A.8.2" - ], - "ENS-RD2022": [ - "op.acc.3.gcp.org.1" - ], - "PCI-4.0": [ - "3.5.1.1.8", - "3.5.1.3.16", - "3.6.1.2.8", - "3.6.1.3.8", - "3.6.1.4.8", - "3.6.1.8", - "3.7.1.9", - "3.7.2.8", - "3.7.4.5", - "3.7.4.9", - "3.7.6.8", - "3.7.7.8", - "4.2.1.1.21", - "7.2.1.10", - "7.2.2.10", - "7.2.3.6", - "7.2.5.6", - "7.3.1.6", - "7.3.2.6", - "7.3.3.5", - "7.3.3.6", - "8.2.7.5", - "8.2.7.6", - "8.2.8.8", - "8.3.4.6" - ], - "MITRE-ATTACK": [ - "T1078", - "T1098", - "T1556", - "T1578", - "T1550", - "T1606", - "T1040", - "T1087", - "T1580", - "T1538", - "T1069" - ], - "CIS-2.0": [ - "1.11" - ], - "NIS2": [ - "1.2.4", - "3.1.3", - "6.2.2.b", - "6.7.2.e", - "11.1.2.c", - "11.2.2.a", - "11.2.2.d", - "11.3.1", - "11.3.2.b", - "11.3.2.c", - "11.3.2.d", - "11.4.2.b", - "11.4.2.c", - "11.6.1" - ], - "ProwlerThreatScore-1.0": [ - "1.2.5", - "1.3.2" - ], - "CIS-4.0": [ - "1.8", - "1.11" - ], - "CCC": [ - "CCC.DataWar.CN03.AR01", - "CCC.KeyMgmt.CN02.AR01", - "CCC.LB.CN05.AR01", - "CCC.LB.CN09.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900732, - "created_time_dt": "2025-10-19T19:05:32.768934", - "desc": "Ensure that separation of duties is enforced for all Cloud Key Management Service (KMS) related roles. The principle of separation of duties (also known as segregation of duties) has as its primary objective the prevention of fraud and human error. This objective is achieved by dismantling the tasks and the associated privileges for a specific business process among multiple users/identities. Google Cloud provides predefined roles that can be used to implement the principle of separation of duties, where it is needed. The predefined Cloud KMS Admin role is meant for users to manage KMS keys but not to use them. The Cloud KMS CryptoKey Encrypter/Decrypter roles are meant for services who can use keys to encrypt and decrypt data, but not to manage them. To adhere to cloud security best practices, your IAM users should not have the Admin role and any of the CryptoKey Encrypter/Decrypter roles assigned at the same time.", - "title": "Enforce Separation of Duties for KMS-Related Roles", - "types": [], - "uid": "prowler-gcp-iam_role_kms_enforce_separation_of_duties-nodal-time-474015-p5-global-My First Project" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "number": 784623368087, - "id": "nodal-time-474015-p5", - "name": "My First Project", - "organization": null, - "labels": {}, - "lifecycle_state": "ACTIVE" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "My First Project", - "type": "IAMRole", - "uid": "nodal-time-474015-p5" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended that the principle of 'Separation of Duties' is enforced while assigning KMS related roles to users.", - "references": [ - "https://cloud.google.com/kms/docs/separation-of-duties" - ] - }, - "risk_details": "The principle of separation of duties can be enforced in order to eliminate the need for the IAM user/identity that has all the permissions needed to perform unwanted actions, such as using a cryptographic key to access and decrypt data which the user should not normally have access to.", - "time": 1760900732, - "time_dt": "2025-10-19T19:05:32.768934", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Principle of separation of duties was not enforced for Service-Account Related Roles in project nodal-time-474015-p5 in members deleted:serviceAccount:gha-deployer@nodal-time-474015-p5.iam.gserviceaccount.com?uid=104781589807131914461,serviceAccount:gha-deployer@nodal-time-474015-p5.iam.gserviceaccount.com.", - "metadata": { - "event_code": "iam_role_sa_enforce_separation_of_duties", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Principle of separation of duties was not enforced for Service-Account Related Roles in project nodal-time-474015-p5 in members deleted:serviceAccount:gha-deployer@nodal-time-474015-p5.iam.gserviceaccount.com?uid=104781589807131914461,serviceAccount:gha-deployer@nodal-time-474015-p5.iam.gserviceaccount.com.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_1_3", - "cc_6_3" - ], - "ISO27001-2022": [ - "A.5.3", - "A.5.15", - "A.5.18", - "A.8.2" - ], - "ENS-RD2022": [ - "op.acc.3.gcp.org.1" - ], - "PCI-4.0": [ - "7.2.1.16", - "7.2.1.19", - "7.2.2.19", - "7.2.5.13", - "7.3.1.7", - "7.3.1.12", - "7.3.1.13", - "7.3.3.12", - "8.2.7.11", - "8.2.7.13", - "8.3.4.11" - ], - "MITRE-ATTACK": [ - "T1078", - "T1098", - "T1556", - "T1578", - "T1550", - "T1606", - "T1040", - "T1087", - "T1580", - "T1538", - "T1069" - ], - "CIS-2.0": [ - "1.8" - ], - "NIS2": [ - "1.2.4", - "3.1.3", - "6.2.2.b", - "11.1.2.c", - "11.2.2.a", - "11.2.2.d", - "11.3.1", - "11.3.2.b", - "11.3.2.c", - "11.3.2.d", - "11.4.2.b", - "11.4.2.c" - ], - "CCC": [ - "CCC.DataWar.CN03.AR01", - "CCC.LB.CN04.AR01", - "CCC.LB.CN05.AR01", - "CCC.LB.CN09.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900732, - "created_time_dt": "2025-10-19T19:05:32.768934", - "desc": "Ensure that separation of duties (also known as segregation of duties - SoD) is enforced for all Google Cloud Platform (GCP) service-account related roles. The security principle of separation of duties has as its primary objective the prevention of fraud and human error. This objective is achieved by disbanding the tasks and associated privileges for a specific business process among multiple users/members. To follow security best practices, your GCP service accounts should not have the Service Account Admin and Service Account User roles assigned at the same time.", - "title": "Enforce Separation of Duties for Service-Account Related Roles", - "types": [], - "uid": "prowler-gcp-iam_role_sa_enforce_separation_of_duties-nodal-time-474015-p5-global-My First Project" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "number": 784623368087, - "id": "nodal-time-474015-p5", - "name": "My First Project", - "organization": null, - "labels": {}, - "lifecycle_state": "ACTIVE" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "My First Project", - "type": "IAMRole", - "uid": "nodal-time-474015-p5" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "Ensure that separation of duties (also known as segregation of duties - SoD) is enforced for all Google Cloud Platform (GCP) service-account related roles. The security principle of separation of duties has as its primary objective the prevention of fraud and human error. This objective is achieved by disbanding the tasks and associated privileges for a specific business process among multiple users/members. To follow security best practices, your GCP service accounts should not have the Service Account Admin and Service Account User roles assigned at the same time.", - "references": [ - "https://cloud.google.com/iam/docs/understanding-roles" - ] - }, - "risk_details": "The principle of separation of duties should be enforced in order to eliminate the need for high-privileged IAM members, as the permissions granted to these members can allow them to perform malicious or unwanted actions.", - "time": 1760900732, - "time_dt": "2025-10-19T19:05:32.768934", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Account gha-deployer@nodal-time-474015-p5.iam.gserviceaccount.com has administrative privileges with roles/serviceusage.serviceUsageAdmin.", - "metadata": { - "event_code": "iam_sa_no_administrative_privileges", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Account gha-deployer@nodal-time-474015-p5.iam.gserviceaccount.com has administrative privileges with roles/serviceusage.serviceUsageAdmin.", - "status_id": 1, - "unmapped": { - "related_url": "https://www.trendmicro.com/cloudoneconformity/knowledge-base/gcp/CloudIAM/restrict-admin-access-for-service-accounts.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.5" - ], - "SOC2": [ - "cc_1_3", - "cc_6_3" - ], - "ISO27001-2022": [ - "A.5.15", - "A.5.18", - "A.8.2", - "A.8.3" - ], - "ENS-RD2022": [ - "op.acc.3.gcp.iam.1", - "opc.acc.4.gcp.iam.1" - ], - "PCI-4.0": [ - "1.5.1.31", - "7.2.1.5", - "7.2.1.11", - "7.2.1.14", - "7.2.1.15", - "7.2.1.16", - "7.2.1.19", - "7.2.2.5", - "7.2.2.14", - "7.2.2.15", - "7.2.2.16", - "7.2.2.17", - "7.2.2.19", - "7.2.3.7", - "7.2.5.3", - "7.2.5.7", - "7.2.5.10", - "7.2.5.11", - "7.2.5.12", - "7.2.5.13", - "7.3.1.3", - "7.3.1.7", - "7.3.1.10", - "7.3.1.11", - "7.3.1.12", - "7.3.1.13", - "7.3.2.3", - "7.3.2.7", - "7.3.2.8", - "7.3.2.10", - "7.3.2.11", - "7.3.2.13", - "7.3.3.3", - "7.3.3.7", - "7.3.3.10", - "7.3.3.11", - "7.3.3.12", - "7.3.3.13", - "8.2.1.4", - "8.2.2.6", - "8.2.5.4", - "8.2.7.3", - "8.2.7.10", - "8.2.7.11", - "8.2.7.13", - "8.2.8.5", - "8.2.8.9", - "8.2.8.12", - "8.2.8.13", - "8.2.8.15", - "8.3.4.3", - "8.3.4.10", - "8.3.4.11", - "8.3.4.12", - "8.3.4.13" - ], - "MITRE-ATTACK": [ - "T1078", - "T1098", - "T1556", - "T1578", - "T1550", - "T1606", - "T1040", - "T1087", - "T1580", - "T1538", - "T1069" - ], - "CIS-2.0": [ - "1.5" - ], - "NIS2": [ - "3.2.3.e", - "6.2.2.b", - "6.7.2.e", - "6.7.2.g", - "11.1.2.c", - "11.2.2.a", - "11.2.2.d", - "11.3.1", - "11.3.2.b", - "11.3.2.c", - "11.3.2.d", - "11.4.2.a", - "11.4.2.c" - ], - "ProwlerThreatScore-1.0": [ - "1.2.2" - ], - "CIS-4.0": [ - "1.5" - ], - "CCC": [ - "CCC.DataWar.CN03.AR01", - "CCC.GenAI.CN06.AR01", - "CCC.LB.CN04.AR01", - "CCC.LB.CN05.AR01", - "CCC.LB.CN09.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.MLDE.CN03.AR02", - "CCC.Monitor.CN06.AR01", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900732, - "created_time_dt": "2025-10-19T19:05:32.768934", - "desc": "Ensure Service Account does not have admin privileges", - "title": "Ensure Service Account does not have admin privileges", - "types": [], - "uid": "prowler-gcp-iam_sa_no_administrative_privileges-nodal-time-474015-p5-global-projects/nodal-time-474015-p5/serviceAccounts/gha-deployer@nodal-time-474015-p5.iam.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/gha-deployer@nodal-time-474015-p5.iam.gserviceaccount.com", - "email": "gha-deployer@nodal-time-474015-p5.iam.gserviceaccount.com", - "display_name": "GitHub Actions Deployer", - "keys": [ - { - "name": "3f2a81ba4bce0b39089b85a2e7678d09d2d183f6", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-15T22:51:06", - "valid_before": "2025-11-01T22:51:06" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "114112078080729873885" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "projects/nodal-time-474015-p5/serviceAccounts/gha-deployer@nodal-time-474015-p5.iam.gserviceaccount.com", - "type": "ServiceAccount", - "uid": "gha-deployer@nodal-time-474015-p5.iam.gserviceaccount.com" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "Ensure that your Google Cloud user-managed service accounts are not using privileged (administrator) roles, in order to implement the principle of least privilege and prevent any accidental or intentional modifications that may lead to data leaks and/or data loss.", - "references": [ - "https://cloud.google.com/iam/docs/manage-access-service-accounts" - ] - }, - "risk_details": "Enrolling ServiceAccount with Admin rights gives full access to an assigned application or a VM. A ServiceAccount Access holder can perform critical actions, such as delete and update change settings, without user intervention.", - "time": 1760900732, - "time_dt": "2025-10-19T19:05:32.768934", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com has no administrative privileges.", - "metadata": { - "event_code": "iam_sa_no_administrative_privileges", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com has no administrative privileges.", - "status_id": 1, - "unmapped": { - "related_url": "https://www.trendmicro.com/cloudoneconformity/knowledge-base/gcp/CloudIAM/restrict-admin-access-for-service-accounts.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.5" - ], - "SOC2": [ - "cc_1_3", - "cc_6_3" - ], - "ISO27001-2022": [ - "A.5.15", - "A.5.18", - "A.8.2", - "A.8.3" - ], - "ENS-RD2022": [ - "op.acc.3.gcp.iam.1", - "opc.acc.4.gcp.iam.1" - ], - "PCI-4.0": [ - "1.5.1.31", - "7.2.1.5", - "7.2.1.11", - "7.2.1.14", - "7.2.1.15", - "7.2.1.16", - "7.2.1.19", - "7.2.2.5", - "7.2.2.14", - "7.2.2.15", - "7.2.2.16", - "7.2.2.17", - "7.2.2.19", - "7.2.3.7", - "7.2.5.3", - "7.2.5.7", - "7.2.5.10", - "7.2.5.11", - "7.2.5.12", - "7.2.5.13", - "7.3.1.3", - "7.3.1.7", - "7.3.1.10", - "7.3.1.11", - "7.3.1.12", - "7.3.1.13", - "7.3.2.3", - "7.3.2.7", - "7.3.2.8", - "7.3.2.10", - "7.3.2.11", - "7.3.2.13", - "7.3.3.3", - "7.3.3.7", - "7.3.3.10", - "7.3.3.11", - "7.3.3.12", - "7.3.3.13", - "8.2.1.4", - "8.2.2.6", - "8.2.5.4", - "8.2.7.3", - "8.2.7.10", - "8.2.7.11", - "8.2.7.13", - "8.2.8.5", - "8.2.8.9", - "8.2.8.12", - "8.2.8.13", - "8.2.8.15", - "8.3.4.3", - "8.3.4.10", - "8.3.4.11", - "8.3.4.12", - "8.3.4.13" - ], - "MITRE-ATTACK": [ - "T1078", - "T1098", - "T1556", - "T1578", - "T1550", - "T1606", - "T1040", - "T1087", - "T1580", - "T1538", - "T1069" - ], - "CIS-2.0": [ - "1.5" - ], - "NIS2": [ - "3.2.3.e", - "6.2.2.b", - "6.7.2.e", - "6.7.2.g", - "11.1.2.c", - "11.2.2.a", - "11.2.2.d", - "11.3.1", - "11.3.2.b", - "11.3.2.c", - "11.3.2.d", - "11.4.2.a", - "11.4.2.c" - ], - "ProwlerThreatScore-1.0": [ - "1.2.2" - ], - "CIS-4.0": [ - "1.5" - ], - "CCC": [ - "CCC.DataWar.CN03.AR01", - "CCC.GenAI.CN06.AR01", - "CCC.LB.CN04.AR01", - "CCC.LB.CN05.AR01", - "CCC.LB.CN09.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.MLDE.CN03.AR02", - "CCC.Monitor.CN06.AR01", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900732, - "created_time_dt": "2025-10-19T19:05:32.768934", - "desc": "Ensure Service Account does not have admin privileges", - "title": "Ensure Service Account does not have admin privileges", - "types": [], - "uid": "prowler-gcp-iam_sa_no_administrative_privileges-nodal-time-474015-p5-global-projects/nodal-time-474015-p5/serviceAccounts/test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "email": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "display_name": "CCC Test User: test-user-trusted", - "keys": [ - { - "name": "2be636359d12f2e126e0d77f6dfaa3ba883c97c6", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-12T13:15:46", - "valid_before": "2025-10-29T13:15:46" - }, - { - "name": "b42bff156412b21c8615812a79d72ba55d6bafb4", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:44", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "24a51f6716e116e4b0c095d727d4a101242b82a2", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "a9ef76bd9a4bf65183c4eca79577351caf8a8b9c", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:47", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "3ec34a6521569dd67684f27f37d1d6ab56db09dc", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:43", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c450c6187eeddc932b29ffd3d0f3e675bf53af62", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:45", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "da1ab7a5db1c4c450463dd8897ce39f496b0ad66", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "f69cf03d448314cf03036f08165420dfe98b3992", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:50", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "ce51dbe0ea021fb2e8124f86d8842546246040c1", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:51", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "9fb92292efcb6cf783f5b7ef3bc67a293bea8a33", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:52", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c0604742fabec0b925df21e0606a25c9e007f571", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:38:22", - "valid_before": "9999-12-31T23:59:59" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "101453138596815216260" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "projects/nodal-time-474015-p5/serviceAccounts/test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "type": "ServiceAccount", - "uid": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "Ensure that your Google Cloud user-managed service accounts are not using privileged (administrator) roles, in order to implement the principle of least privilege and prevent any accidental or intentional modifications that may lead to data leaks and/or data loss.", - "references": [ - "https://cloud.google.com/iam/docs/manage-access-service-accounts" - ] - }, - "risk_details": "Enrolling ServiceAccount with Admin rights gives full access to an assigned application or a VM. A ServiceAccount Access holder can perform critical actions, such as delete and update change settings, without user intervention.", - "time": 1760900732, - "time_dt": "2025-10-19T19:05:32.768934", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Account 784623368087-compute@developer.gserviceaccount.com has administrative privileges with roles/editor.", - "metadata": { - "event_code": "iam_sa_no_administrative_privileges", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Account 784623368087-compute@developer.gserviceaccount.com has administrative privileges with roles/editor.", - "status_id": 1, - "unmapped": { - "related_url": "https://www.trendmicro.com/cloudoneconformity/knowledge-base/gcp/CloudIAM/restrict-admin-access-for-service-accounts.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.5" - ], - "SOC2": [ - "cc_1_3", - "cc_6_3" - ], - "ISO27001-2022": [ - "A.5.15", - "A.5.18", - "A.8.2", - "A.8.3" - ], - "ENS-RD2022": [ - "op.acc.3.gcp.iam.1", - "opc.acc.4.gcp.iam.1" - ], - "PCI-4.0": [ - "1.5.1.31", - "7.2.1.5", - "7.2.1.11", - "7.2.1.14", - "7.2.1.15", - "7.2.1.16", - "7.2.1.19", - "7.2.2.5", - "7.2.2.14", - "7.2.2.15", - "7.2.2.16", - "7.2.2.17", - "7.2.2.19", - "7.2.3.7", - "7.2.5.3", - "7.2.5.7", - "7.2.5.10", - "7.2.5.11", - "7.2.5.12", - "7.2.5.13", - "7.3.1.3", - "7.3.1.7", - "7.3.1.10", - "7.3.1.11", - "7.3.1.12", - "7.3.1.13", - "7.3.2.3", - "7.3.2.7", - "7.3.2.8", - "7.3.2.10", - "7.3.2.11", - "7.3.2.13", - "7.3.3.3", - "7.3.3.7", - "7.3.3.10", - "7.3.3.11", - "7.3.3.12", - "7.3.3.13", - "8.2.1.4", - "8.2.2.6", - "8.2.5.4", - "8.2.7.3", - "8.2.7.10", - "8.2.7.11", - "8.2.7.13", - "8.2.8.5", - "8.2.8.9", - "8.2.8.12", - "8.2.8.13", - "8.2.8.15", - "8.3.4.3", - "8.3.4.10", - "8.3.4.11", - "8.3.4.12", - "8.3.4.13" - ], - "MITRE-ATTACK": [ - "T1078", - "T1098", - "T1556", - "T1578", - "T1550", - "T1606", - "T1040", - "T1087", - "T1580", - "T1538", - "T1069" - ], - "CIS-2.0": [ - "1.5" - ], - "NIS2": [ - "3.2.3.e", - "6.2.2.b", - "6.7.2.e", - "6.7.2.g", - "11.1.2.c", - "11.2.2.a", - "11.2.2.d", - "11.3.1", - "11.3.2.b", - "11.3.2.c", - "11.3.2.d", - "11.4.2.a", - "11.4.2.c" - ], - "ProwlerThreatScore-1.0": [ - "1.2.2" - ], - "CIS-4.0": [ - "1.5" - ], - "CCC": [ - "CCC.DataWar.CN03.AR01", - "CCC.GenAI.CN06.AR01", - "CCC.LB.CN04.AR01", - "CCC.LB.CN05.AR01", - "CCC.LB.CN09.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.MLDE.CN03.AR02", - "CCC.Monitor.CN06.AR01", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900732, - "created_time_dt": "2025-10-19T19:05:32.768934", - "desc": "Ensure Service Account does not have admin privileges", - "title": "Ensure Service Account does not have admin privileges", - "types": [], - "uid": "prowler-gcp-iam_sa_no_administrative_privileges-nodal-time-474015-p5-global-projects/nodal-time-474015-p5/serviceAccounts/784623368087-compute@developer.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/784623368087-compute@developer.gserviceaccount.com", - "email": "784623368087-compute@developer.gserviceaccount.com", - "display_name": "Compute Engine default service account", - "keys": [ - { - "name": "93b9e85d69bcb0503b5a7696d8b3bf5855a91d37", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-15T10:25:01", - "valid_before": "2025-10-31T10:25:01" - }, - { - "name": "202c306e41b020fefe81250bea563d31c07138e3", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-06T10:25:01", - "valid_before": "2025-10-23T10:25:01" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "111974737467208838860" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "projects/nodal-time-474015-p5/serviceAccounts/784623368087-compute@developer.gserviceaccount.com", - "type": "ServiceAccount", - "uid": "784623368087-compute@developer.gserviceaccount.com" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "Ensure that your Google Cloud user-managed service accounts are not using privileged (administrator) roles, in order to implement the principle of least privilege and prevent any accidental or intentional modifications that may lead to data leaks and/or data loss.", - "references": [ - "https://cloud.google.com/iam/docs/manage-access-service-accounts" - ] - }, - "risk_details": "Enrolling ServiceAccount with Admin rights gives full access to an assigned application or a VM. A ServiceAccount Access holder can perform critical actions, such as delete and update change settings, without user intervention.", - "time": 1760900732, - "time_dt": "2025-10-19T19:05:32.768934", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Account vertex-ai-workbench-sa@nodal-time-474015-p5.iam.gserviceaccount.com has no administrative privileges.", - "metadata": { - "event_code": "iam_sa_no_administrative_privileges", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Account vertex-ai-workbench-sa@nodal-time-474015-p5.iam.gserviceaccount.com has no administrative privileges.", - "status_id": 1, - "unmapped": { - "related_url": "https://www.trendmicro.com/cloudoneconformity/knowledge-base/gcp/CloudIAM/restrict-admin-access-for-service-accounts.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.5" - ], - "SOC2": [ - "cc_1_3", - "cc_6_3" - ], - "ISO27001-2022": [ - "A.5.15", - "A.5.18", - "A.8.2", - "A.8.3" - ], - "ENS-RD2022": [ - "op.acc.3.gcp.iam.1", - "opc.acc.4.gcp.iam.1" - ], - "PCI-4.0": [ - "1.5.1.31", - "7.2.1.5", - "7.2.1.11", - "7.2.1.14", - "7.2.1.15", - "7.2.1.16", - "7.2.1.19", - "7.2.2.5", - "7.2.2.14", - "7.2.2.15", - "7.2.2.16", - "7.2.2.17", - "7.2.2.19", - "7.2.3.7", - "7.2.5.3", - "7.2.5.7", - "7.2.5.10", - "7.2.5.11", - "7.2.5.12", - "7.2.5.13", - "7.3.1.3", - "7.3.1.7", - "7.3.1.10", - "7.3.1.11", - "7.3.1.12", - "7.3.1.13", - "7.3.2.3", - "7.3.2.7", - "7.3.2.8", - "7.3.2.10", - "7.3.2.11", - "7.3.2.13", - "7.3.3.3", - "7.3.3.7", - "7.3.3.10", - "7.3.3.11", - "7.3.3.12", - "7.3.3.13", - "8.2.1.4", - "8.2.2.6", - "8.2.5.4", - "8.2.7.3", - "8.2.7.10", - "8.2.7.11", - "8.2.7.13", - "8.2.8.5", - "8.2.8.9", - "8.2.8.12", - "8.2.8.13", - "8.2.8.15", - "8.3.4.3", - "8.3.4.10", - "8.3.4.11", - "8.3.4.12", - "8.3.4.13" - ], - "MITRE-ATTACK": [ - "T1078", - "T1098", - "T1556", - "T1578", - "T1550", - "T1606", - "T1040", - "T1087", - "T1580", - "T1538", - "T1069" - ], - "CIS-2.0": [ - "1.5" - ], - "NIS2": [ - "3.2.3.e", - "6.2.2.b", - "6.7.2.e", - "6.7.2.g", - "11.1.2.c", - "11.2.2.a", - "11.2.2.d", - "11.3.1", - "11.3.2.b", - "11.3.2.c", - "11.3.2.d", - "11.4.2.a", - "11.4.2.c" - ], - "ProwlerThreatScore-1.0": [ - "1.2.2" - ], - "CIS-4.0": [ - "1.5" - ], - "CCC": [ - "CCC.DataWar.CN03.AR01", - "CCC.GenAI.CN06.AR01", - "CCC.LB.CN04.AR01", - "CCC.LB.CN05.AR01", - "CCC.LB.CN09.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.MLDE.CN03.AR02", - "CCC.Monitor.CN06.AR01", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900732, - "created_time_dt": "2025-10-19T19:05:32.768934", - "desc": "Ensure Service Account does not have admin privileges", - "title": "Ensure Service Account does not have admin privileges", - "types": [], - "uid": "prowler-gcp-iam_sa_no_administrative_privileges-nodal-time-474015-p5-global-projects/nodal-time-474015-p5/serviceAccounts/vertex-ai-workbench-sa@nodal-time-474015-p5.iam.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/vertex-ai-workbench-sa@nodal-time-474015-p5.iam.gserviceaccount.com", - "email": "vertex-ai-workbench-sa@nodal-time-474015-p5.iam.gserviceaccount.com", - "display_name": "Vertex AI Workbench Service Account", - "keys": [ - { - "name": "92e39887344dae71e19dc25c005a53a68ceb62cb", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-15T23:25:14", - "valid_before": "2025-11-01T23:25:14" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "108352930858191263233" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "projects/nodal-time-474015-p5/serviceAccounts/vertex-ai-workbench-sa@nodal-time-474015-p5.iam.gserviceaccount.com", - "type": "ServiceAccount", - "uid": "vertex-ai-workbench-sa@nodal-time-474015-p5.iam.gserviceaccount.com" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "Ensure that your Google Cloud user-managed service accounts are not using privileged (administrator) roles, in order to implement the principle of least privilege and prevent any accidental or intentional modifications that may lead to data leaks and/or data loss.", - "references": [ - "https://cloud.google.com/iam/docs/manage-access-service-accounts" - ] - }, - "risk_details": "Enrolling ServiceAccount with Admin rights gives full access to an assigned application or a VM. A ServiceAccount Access holder can perform critical actions, such as delete and update change settings, without user intervention.", - "time": 1760900732, - "time_dt": "2025-10-19T19:05:32.768934", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Account gha-deployer@nodal-time-474015-p5.iam.gserviceaccount.com does not have user-managed keys.", - "metadata": { - "event_code": "iam_sa_no_user_managed_keys", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Account gha-deployer@nodal-time-474015-p5.iam.gserviceaccount.com does not have user-managed keys.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.4" - ], - "SOC2": [ - "cc_1_3" - ], - "ISO27001-2022": [ - "A.5.15", - "A.8.2" - ], - "ENS-RD2022": [ - "op.acc.2.gcp.rbak.1", - "op.acc.3.gcp.iam.1" - ], - "PCI-4.0": [ - "3.5.1.1.8", - "3.5.1.3.16", - "3.6.1.3.8", - "3.6.1.4.8", - "3.7.2.8", - "3.7.7.8", - "7.2.1.10", - "7.2.5.1.2", - "7.3.1.6", - "7.3.1.7", - "7.3.2.7", - "7.3.3.6", - "8.2.1.1", - "8.2.1.4", - "8.2.2.6", - "8.2.5.4" - ], - "MITRE-ATTACK": [ - "T1078", - "T1098", - "T1556", - "T1578", - "T1550", - "T1580", - "T1538", - "T1069" - ], - "CIS-2.0": [ - "1.4" - ], - "NIS2": [ - "6.2.2.b", - "9.2.c", - "9.2.c.i", - "9.2.c.xii", - "11.1.2.c", - "11.2.2.a", - "11.2.2.d", - "11.3.1", - "11.3.2.a", - "11.3.2.c", - "11.3.2.d", - "11.4.2.c", - "11.5.4" - ], - "CIS-4.0": [ - "1.4" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900732, - "created_time_dt": "2025-10-19T19:05:32.768934", - "desc": "Ensure That There Are Only GCP-Managed Service Account Keys for Each Service Account", - "title": "Ensure That There Are Only GCP-Managed Service Account Keys for Each Service Account", - "types": [], - "uid": "prowler-gcp-iam_sa_no_user_managed_keys-nodal-time-474015-p5-global-projects/nodal-time-474015-p5/serviceAccounts/gha-deployer@nodal-time-474015-p5.iam.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/gha-deployer@nodal-time-474015-p5.iam.gserviceaccount.com", - "email": "gha-deployer@nodal-time-474015-p5.iam.gserviceaccount.com", - "display_name": "GitHub Actions Deployer", - "keys": [ - { - "name": "3f2a81ba4bce0b39089b85a2e7678d09d2d183f6", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-15T22:51:06", - "valid_before": "2025-11-01T22:51:06" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "114112078080729873885" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "projects/nodal-time-474015-p5/serviceAccounts/gha-deployer@nodal-time-474015-p5.iam.gserviceaccount.com", - "type": "ServiceAccountKey", - "uid": "gha-deployer@nodal-time-474015-p5.iam.gserviceaccount.com" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended to prevent user-managed service account keys.", - "references": [ - "https://cloud.google.com/iam/docs/creating-managing-service-account-keys" - ] - }, - "risk_details": "Anyone who has access to the keys will be able to access resources through the service account. GCP-managed keys are used by Cloud Platform services such as App Engine and Compute Engine. These keys cannot be downloaded. Google will keep the keys and automatically rotate them on an approximately weekly basis. User-managed keys are created, downloadable, and managed by users.", - "time": 1760900732, - "time_dt": "2025-10-19T19:05:32.768934", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com has user-managed keys.", - "metadata": { - "event_code": "iam_sa_no_user_managed_keys", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com has user-managed keys.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.4" - ], - "SOC2": [ - "cc_1_3" - ], - "ISO27001-2022": [ - "A.5.15", - "A.8.2" - ], - "ENS-RD2022": [ - "op.acc.2.gcp.rbak.1", - "op.acc.3.gcp.iam.1" - ], - "PCI-4.0": [ - "3.5.1.1.8", - "3.5.1.3.16", - "3.6.1.3.8", - "3.6.1.4.8", - "3.7.2.8", - "3.7.7.8", - "7.2.1.10", - "7.2.5.1.2", - "7.3.1.6", - "7.3.1.7", - "7.3.2.7", - "7.3.3.6", - "8.2.1.1", - "8.2.1.4", - "8.2.2.6", - "8.2.5.4" - ], - "MITRE-ATTACK": [ - "T1078", - "T1098", - "T1556", - "T1578", - "T1550", - "T1580", - "T1538", - "T1069" - ], - "CIS-2.0": [ - "1.4" - ], - "NIS2": [ - "6.2.2.b", - "9.2.c", - "9.2.c.i", - "9.2.c.xii", - "11.1.2.c", - "11.2.2.a", - "11.2.2.d", - "11.3.1", - "11.3.2.a", - "11.3.2.c", - "11.3.2.d", - "11.4.2.c", - "11.5.4" - ], - "CIS-4.0": [ - "1.4" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900732, - "created_time_dt": "2025-10-19T19:05:32.768934", - "desc": "Ensure That There Are Only GCP-Managed Service Account Keys for Each Service Account", - "title": "Ensure That There Are Only GCP-Managed Service Account Keys for Each Service Account", - "types": [], - "uid": "prowler-gcp-iam_sa_no_user_managed_keys-nodal-time-474015-p5-global-projects/nodal-time-474015-p5/serviceAccounts/test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "email": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "display_name": "CCC Test User: test-user-trusted", - "keys": [ - { - "name": "2be636359d12f2e126e0d77f6dfaa3ba883c97c6", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-12T13:15:46", - "valid_before": "2025-10-29T13:15:46" - }, - { - "name": "b42bff156412b21c8615812a79d72ba55d6bafb4", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:44", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "24a51f6716e116e4b0c095d727d4a101242b82a2", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "a9ef76bd9a4bf65183c4eca79577351caf8a8b9c", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:47", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "3ec34a6521569dd67684f27f37d1d6ab56db09dc", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:43", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c450c6187eeddc932b29ffd3d0f3e675bf53af62", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:45", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "da1ab7a5db1c4c450463dd8897ce39f496b0ad66", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "f69cf03d448314cf03036f08165420dfe98b3992", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:50", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "ce51dbe0ea021fb2e8124f86d8842546246040c1", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:51", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "9fb92292efcb6cf783f5b7ef3bc67a293bea8a33", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:52", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c0604742fabec0b925df21e0606a25c9e007f571", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:38:22", - "valid_before": "9999-12-31T23:59:59" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "101453138596815216260" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "projects/nodal-time-474015-p5/serviceAccounts/test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "type": "ServiceAccountKey", - "uid": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended to prevent user-managed service account keys.", - "references": [ - "https://cloud.google.com/iam/docs/creating-managing-service-account-keys" - ] - }, - "risk_details": "Anyone who has access to the keys will be able to access resources through the service account. GCP-managed keys are used by Cloud Platform services such as App Engine and Compute Engine. These keys cannot be downloaded. Google will keep the keys and automatically rotate them on an approximately weekly basis. User-managed keys are created, downloadable, and managed by users.", - "time": 1760900732, - "time_dt": "2025-10-19T19:05:32.768934", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Account 784623368087-compute@developer.gserviceaccount.com does not have user-managed keys.", - "metadata": { - "event_code": "iam_sa_no_user_managed_keys", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Account 784623368087-compute@developer.gserviceaccount.com does not have user-managed keys.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.4" - ], - "SOC2": [ - "cc_1_3" - ], - "ISO27001-2022": [ - "A.5.15", - "A.8.2" - ], - "ENS-RD2022": [ - "op.acc.2.gcp.rbak.1", - "op.acc.3.gcp.iam.1" - ], - "PCI-4.0": [ - "3.5.1.1.8", - "3.5.1.3.16", - "3.6.1.3.8", - "3.6.1.4.8", - "3.7.2.8", - "3.7.7.8", - "7.2.1.10", - "7.2.5.1.2", - "7.3.1.6", - "7.3.1.7", - "7.3.2.7", - "7.3.3.6", - "8.2.1.1", - "8.2.1.4", - "8.2.2.6", - "8.2.5.4" - ], - "MITRE-ATTACK": [ - "T1078", - "T1098", - "T1556", - "T1578", - "T1550", - "T1580", - "T1538", - "T1069" - ], - "CIS-2.0": [ - "1.4" - ], - "NIS2": [ - "6.2.2.b", - "9.2.c", - "9.2.c.i", - "9.2.c.xii", - "11.1.2.c", - "11.2.2.a", - "11.2.2.d", - "11.3.1", - "11.3.2.a", - "11.3.2.c", - "11.3.2.d", - "11.4.2.c", - "11.5.4" - ], - "CIS-4.0": [ - "1.4" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900732, - "created_time_dt": "2025-10-19T19:05:32.768934", - "desc": "Ensure That There Are Only GCP-Managed Service Account Keys for Each Service Account", - "title": "Ensure That There Are Only GCP-Managed Service Account Keys for Each Service Account", - "types": [], - "uid": "prowler-gcp-iam_sa_no_user_managed_keys-nodal-time-474015-p5-global-projects/nodal-time-474015-p5/serviceAccounts/784623368087-compute@developer.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/784623368087-compute@developer.gserviceaccount.com", - "email": "784623368087-compute@developer.gserviceaccount.com", - "display_name": "Compute Engine default service account", - "keys": [ - { - "name": "93b9e85d69bcb0503b5a7696d8b3bf5855a91d37", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-15T10:25:01", - "valid_before": "2025-10-31T10:25:01" - }, - { - "name": "202c306e41b020fefe81250bea563d31c07138e3", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-06T10:25:01", - "valid_before": "2025-10-23T10:25:01" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "111974737467208838860" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "projects/nodal-time-474015-p5/serviceAccounts/784623368087-compute@developer.gserviceaccount.com", - "type": "ServiceAccountKey", - "uid": "784623368087-compute@developer.gserviceaccount.com" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended to prevent user-managed service account keys.", - "references": [ - "https://cloud.google.com/iam/docs/creating-managing-service-account-keys" - ] - }, - "risk_details": "Anyone who has access to the keys will be able to access resources through the service account. GCP-managed keys are used by Cloud Platform services such as App Engine and Compute Engine. These keys cannot be downloaded. Google will keep the keys and automatically rotate them on an approximately weekly basis. User-managed keys are created, downloadable, and managed by users.", - "time": 1760900732, - "time_dt": "2025-10-19T19:05:32.768934", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Account vertex-ai-workbench-sa@nodal-time-474015-p5.iam.gserviceaccount.com does not have user-managed keys.", - "metadata": { - "event_code": "iam_sa_no_user_managed_keys", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Account vertex-ai-workbench-sa@nodal-time-474015-p5.iam.gserviceaccount.com does not have user-managed keys.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.4" - ], - "SOC2": [ - "cc_1_3" - ], - "ISO27001-2022": [ - "A.5.15", - "A.8.2" - ], - "ENS-RD2022": [ - "op.acc.2.gcp.rbak.1", - "op.acc.3.gcp.iam.1" - ], - "PCI-4.0": [ - "3.5.1.1.8", - "3.5.1.3.16", - "3.6.1.3.8", - "3.6.1.4.8", - "3.7.2.8", - "3.7.7.8", - "7.2.1.10", - "7.2.5.1.2", - "7.3.1.6", - "7.3.1.7", - "7.3.2.7", - "7.3.3.6", - "8.2.1.1", - "8.2.1.4", - "8.2.2.6", - "8.2.5.4" - ], - "MITRE-ATTACK": [ - "T1078", - "T1098", - "T1556", - "T1578", - "T1550", - "T1580", - "T1538", - "T1069" - ], - "CIS-2.0": [ - "1.4" - ], - "NIS2": [ - "6.2.2.b", - "9.2.c", - "9.2.c.i", - "9.2.c.xii", - "11.1.2.c", - "11.2.2.a", - "11.2.2.d", - "11.3.1", - "11.3.2.a", - "11.3.2.c", - "11.3.2.d", - "11.4.2.c", - "11.5.4" - ], - "CIS-4.0": [ - "1.4" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900732, - "created_time_dt": "2025-10-19T19:05:32.768934", - "desc": "Ensure That There Are Only GCP-Managed Service Account Keys for Each Service Account", - "title": "Ensure That There Are Only GCP-Managed Service Account Keys for Each Service Account", - "types": [], - "uid": "prowler-gcp-iam_sa_no_user_managed_keys-nodal-time-474015-p5-global-projects/nodal-time-474015-p5/serviceAccounts/vertex-ai-workbench-sa@nodal-time-474015-p5.iam.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/vertex-ai-workbench-sa@nodal-time-474015-p5.iam.gserviceaccount.com", - "email": "vertex-ai-workbench-sa@nodal-time-474015-p5.iam.gserviceaccount.com", - "display_name": "Vertex AI Workbench Service Account", - "keys": [ - { - "name": "92e39887344dae71e19dc25c005a53a68ceb62cb", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-15T23:25:14", - "valid_before": "2025-11-01T23:25:14" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "108352930858191263233" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "projects/nodal-time-474015-p5/serviceAccounts/vertex-ai-workbench-sa@nodal-time-474015-p5.iam.gserviceaccount.com", - "type": "ServiceAccountKey", - "uid": "vertex-ai-workbench-sa@nodal-time-474015-p5.iam.gserviceaccount.com" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended to prevent user-managed service account keys.", - "references": [ - "https://cloud.google.com/iam/docs/creating-managing-service-account-keys" - ] - }, - "risk_details": "Anyone who has access to the keys will be able to access resources through the service account. GCP-managed keys are used by Cloud Platform services such as App Engine and Compute Engine. These keys cannot be downloaded. Google will keep the keys and automatically rotate them on an approximately weekly basis. User-managed keys are created, downloadable, and managed by users.", - "time": 1760900732, - "time_dt": "2025-10-19T19:05:32.768934", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User-managed key b42bff156412b21c8615812a79d72ba55d6bafb4 for account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was rotated over the last 90 days (6 days ago).", - "metadata": { - "event_code": "iam_sa_user_managed_key_rotate_90_days", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "PASS", - "status_detail": "User-managed key b42bff156412b21c8615812a79d72ba55d6bafb4 for account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was rotated over the last 90 days (6 days ago).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.7" - ], - "ISO27001-2022": [ - "A.5.16" - ], - "ENS-RD2022": [ - "op.acc.6.r1.gcp.ip.1" - ], - "PCI-4.0": [ - "3.7.5.2", - "7.2.5.1.2", - "8.3.10.1.1", - "8.3.5.1", - "8.3.7.1", - "8.3.9.1", - "8.6.3.1" - ], - "MITRE-ATTACK": [ - "T1078", - "T1098" - ], - "CIS-2.0": [ - "1.7" - ], - "NIS2": [ - "9.2.c", - "9.2.c.i", - "9.2.c.ii", - "9.2.c.v", - "9.2.c.vi", - "9.2.c.vii", - "9.2.c.xii", - "11.5.4", - "11.6.2.c", - "12.2.2.a", - "12.2.2.b" - ], - "ProwlerThreatScore-1.0": [ - "1.1.1" - ], - "CIS-4.0": [ - "1.7" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900732, - "created_time_dt": "2025-10-19T19:05:32.768934", - "desc": "Ensure User-Managed/External Keys for Service Accounts Are Rotated Every 90 Days", - "title": "Ensure User-Managed/External Keys for Service Accounts Are Rotated Every 90 Days", - "types": [], - "uid": "prowler-gcp-iam_sa_user_managed_key_rotate_90_days-nodal-time-474015-p5-global-test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "email": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "display_name": "CCC Test User: test-user-trusted", - "keys": [ - { - "name": "2be636359d12f2e126e0d77f6dfaa3ba883c97c6", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-12T13:15:46", - "valid_before": "2025-10-29T13:15:46" - }, - { - "name": "b42bff156412b21c8615812a79d72ba55d6bafb4", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:44", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "24a51f6716e116e4b0c095d727d4a101242b82a2", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "a9ef76bd9a4bf65183c4eca79577351caf8a8b9c", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:47", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "3ec34a6521569dd67684f27f37d1d6ab56db09dc", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:43", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c450c6187eeddc932b29ffd3d0f3e675bf53af62", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:45", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "da1ab7a5db1c4c450463dd8897ce39f496b0ad66", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "f69cf03d448314cf03036f08165420dfe98b3992", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:50", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "ce51dbe0ea021fb2e8124f86d8842546246040c1", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:51", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "9fb92292efcb6cf783f5b7ef3bc67a293bea8a33", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:52", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c0604742fabec0b925df21e0606a25c9e007f571", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:38:22", - "valid_before": "9999-12-31T23:59:59" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "101453138596815216260" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "type": "ServiceAccountKey", - "uid": "b42bff156412b21c8615812a79d72ba55d6bafb4" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended that all Service Account keys are regularly rotated.", - "references": [ - "https://cloud.google.com/iam/docs/creating-managing-service-account-keys" - ] - }, - "risk_details": "Service Account keys should be rotated to ensure that data cannot be accessed with an old key that might have been lost, cracked, or stolen.", - "time": 1760900732, - "time_dt": "2025-10-19T19:05:32.768934", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User-managed key 24a51f6716e116e4b0c095d727d4a101242b82a2 for account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was rotated over the last 90 days (6 days ago).", - "metadata": { - "event_code": "iam_sa_user_managed_key_rotate_90_days", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "PASS", - "status_detail": "User-managed key 24a51f6716e116e4b0c095d727d4a101242b82a2 for account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was rotated over the last 90 days (6 days ago).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.7" - ], - "ISO27001-2022": [ - "A.5.16" - ], - "ENS-RD2022": [ - "op.acc.6.r1.gcp.ip.1" - ], - "PCI-4.0": [ - "3.7.5.2", - "7.2.5.1.2", - "8.3.10.1.1", - "8.3.5.1", - "8.3.7.1", - "8.3.9.1", - "8.6.3.1" - ], - "MITRE-ATTACK": [ - "T1078", - "T1098" - ], - "CIS-2.0": [ - "1.7" - ], - "NIS2": [ - "9.2.c", - "9.2.c.i", - "9.2.c.ii", - "9.2.c.v", - "9.2.c.vi", - "9.2.c.vii", - "9.2.c.xii", - "11.5.4", - "11.6.2.c", - "12.2.2.a", - "12.2.2.b" - ], - "ProwlerThreatScore-1.0": [ - "1.1.1" - ], - "CIS-4.0": [ - "1.7" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900732, - "created_time_dt": "2025-10-19T19:05:32.768934", - "desc": "Ensure User-Managed/External Keys for Service Accounts Are Rotated Every 90 Days", - "title": "Ensure User-Managed/External Keys for Service Accounts Are Rotated Every 90 Days", - "types": [], - "uid": "prowler-gcp-iam_sa_user_managed_key_rotate_90_days-nodal-time-474015-p5-global-test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "email": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "display_name": "CCC Test User: test-user-trusted", - "keys": [ - { - "name": "2be636359d12f2e126e0d77f6dfaa3ba883c97c6", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-12T13:15:46", - "valid_before": "2025-10-29T13:15:46" - }, - { - "name": "b42bff156412b21c8615812a79d72ba55d6bafb4", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:44", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "24a51f6716e116e4b0c095d727d4a101242b82a2", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "a9ef76bd9a4bf65183c4eca79577351caf8a8b9c", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:47", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "3ec34a6521569dd67684f27f37d1d6ab56db09dc", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:43", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c450c6187eeddc932b29ffd3d0f3e675bf53af62", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:45", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "da1ab7a5db1c4c450463dd8897ce39f496b0ad66", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "f69cf03d448314cf03036f08165420dfe98b3992", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:50", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "ce51dbe0ea021fb2e8124f86d8842546246040c1", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:51", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "9fb92292efcb6cf783f5b7ef3bc67a293bea8a33", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:52", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c0604742fabec0b925df21e0606a25c9e007f571", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:38:22", - "valid_before": "9999-12-31T23:59:59" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "101453138596815216260" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "type": "ServiceAccountKey", - "uid": "24a51f6716e116e4b0c095d727d4a101242b82a2" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended that all Service Account keys are regularly rotated.", - "references": [ - "https://cloud.google.com/iam/docs/creating-managing-service-account-keys" - ] - }, - "risk_details": "Service Account keys should be rotated to ensure that data cannot be accessed with an old key that might have been lost, cracked, or stolen.", - "time": 1760900732, - "time_dt": "2025-10-19T19:05:32.768934", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User-managed key a9ef76bd9a4bf65183c4eca79577351caf8a8b9c for account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was rotated over the last 90 days (6 days ago).", - "metadata": { - "event_code": "iam_sa_user_managed_key_rotate_90_days", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "PASS", - "status_detail": "User-managed key a9ef76bd9a4bf65183c4eca79577351caf8a8b9c for account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was rotated over the last 90 days (6 days ago).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.7" - ], - "ISO27001-2022": [ - "A.5.16" - ], - "ENS-RD2022": [ - "op.acc.6.r1.gcp.ip.1" - ], - "PCI-4.0": [ - "3.7.5.2", - "7.2.5.1.2", - "8.3.10.1.1", - "8.3.5.1", - "8.3.7.1", - "8.3.9.1", - "8.6.3.1" - ], - "MITRE-ATTACK": [ - "T1078", - "T1098" - ], - "CIS-2.0": [ - "1.7" - ], - "NIS2": [ - "9.2.c", - "9.2.c.i", - "9.2.c.ii", - "9.2.c.v", - "9.2.c.vi", - "9.2.c.vii", - "9.2.c.xii", - "11.5.4", - "11.6.2.c", - "12.2.2.a", - "12.2.2.b" - ], - "ProwlerThreatScore-1.0": [ - "1.1.1" - ], - "CIS-4.0": [ - "1.7" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900732, - "created_time_dt": "2025-10-19T19:05:32.768934", - "desc": "Ensure User-Managed/External Keys for Service Accounts Are Rotated Every 90 Days", - "title": "Ensure User-Managed/External Keys for Service Accounts Are Rotated Every 90 Days", - "types": [], - "uid": "prowler-gcp-iam_sa_user_managed_key_rotate_90_days-nodal-time-474015-p5-global-test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "email": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "display_name": "CCC Test User: test-user-trusted", - "keys": [ - { - "name": "2be636359d12f2e126e0d77f6dfaa3ba883c97c6", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-12T13:15:46", - "valid_before": "2025-10-29T13:15:46" - }, - { - "name": "b42bff156412b21c8615812a79d72ba55d6bafb4", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:44", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "24a51f6716e116e4b0c095d727d4a101242b82a2", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "a9ef76bd9a4bf65183c4eca79577351caf8a8b9c", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:47", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "3ec34a6521569dd67684f27f37d1d6ab56db09dc", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:43", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c450c6187eeddc932b29ffd3d0f3e675bf53af62", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:45", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "da1ab7a5db1c4c450463dd8897ce39f496b0ad66", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "f69cf03d448314cf03036f08165420dfe98b3992", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:50", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "ce51dbe0ea021fb2e8124f86d8842546246040c1", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:51", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "9fb92292efcb6cf783f5b7ef3bc67a293bea8a33", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:52", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c0604742fabec0b925df21e0606a25c9e007f571", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:38:22", - "valid_before": "9999-12-31T23:59:59" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "101453138596815216260" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "type": "ServiceAccountKey", - "uid": "a9ef76bd9a4bf65183c4eca79577351caf8a8b9c" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended that all Service Account keys are regularly rotated.", - "references": [ - "https://cloud.google.com/iam/docs/creating-managing-service-account-keys" - ] - }, - "risk_details": "Service Account keys should be rotated to ensure that data cannot be accessed with an old key that might have been lost, cracked, or stolen.", - "time": 1760900732, - "time_dt": "2025-10-19T19:05:32.768934", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User-managed key 3ec34a6521569dd67684f27f37d1d6ab56db09dc for account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was rotated over the last 90 days (4 days ago).", - "metadata": { - "event_code": "iam_sa_user_managed_key_rotate_90_days", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "PASS", - "status_detail": "User-managed key 3ec34a6521569dd67684f27f37d1d6ab56db09dc for account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was rotated over the last 90 days (4 days ago).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.7" - ], - "ISO27001-2022": [ - "A.5.16" - ], - "ENS-RD2022": [ - "op.acc.6.r1.gcp.ip.1" - ], - "PCI-4.0": [ - "3.7.5.2", - "7.2.5.1.2", - "8.3.10.1.1", - "8.3.5.1", - "8.3.7.1", - "8.3.9.1", - "8.6.3.1" - ], - "MITRE-ATTACK": [ - "T1078", - "T1098" - ], - "CIS-2.0": [ - "1.7" - ], - "NIS2": [ - "9.2.c", - "9.2.c.i", - "9.2.c.ii", - "9.2.c.v", - "9.2.c.vi", - "9.2.c.vii", - "9.2.c.xii", - "11.5.4", - "11.6.2.c", - "12.2.2.a", - "12.2.2.b" - ], - "ProwlerThreatScore-1.0": [ - "1.1.1" - ], - "CIS-4.0": [ - "1.7" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900732, - "created_time_dt": "2025-10-19T19:05:32.768934", - "desc": "Ensure User-Managed/External Keys for Service Accounts Are Rotated Every 90 Days", - "title": "Ensure User-Managed/External Keys for Service Accounts Are Rotated Every 90 Days", - "types": [], - "uid": "prowler-gcp-iam_sa_user_managed_key_rotate_90_days-nodal-time-474015-p5-global-test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "email": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "display_name": "CCC Test User: test-user-trusted", - "keys": [ - { - "name": "2be636359d12f2e126e0d77f6dfaa3ba883c97c6", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-12T13:15:46", - "valid_before": "2025-10-29T13:15:46" - }, - { - "name": "b42bff156412b21c8615812a79d72ba55d6bafb4", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:44", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "24a51f6716e116e4b0c095d727d4a101242b82a2", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "a9ef76bd9a4bf65183c4eca79577351caf8a8b9c", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:47", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "3ec34a6521569dd67684f27f37d1d6ab56db09dc", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:43", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c450c6187eeddc932b29ffd3d0f3e675bf53af62", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:45", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "da1ab7a5db1c4c450463dd8897ce39f496b0ad66", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "f69cf03d448314cf03036f08165420dfe98b3992", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:50", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "ce51dbe0ea021fb2e8124f86d8842546246040c1", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:51", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "9fb92292efcb6cf783f5b7ef3bc67a293bea8a33", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:52", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c0604742fabec0b925df21e0606a25c9e007f571", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:38:22", - "valid_before": "9999-12-31T23:59:59" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "101453138596815216260" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "type": "ServiceAccountKey", - "uid": "3ec34a6521569dd67684f27f37d1d6ab56db09dc" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended that all Service Account keys are regularly rotated.", - "references": [ - "https://cloud.google.com/iam/docs/creating-managing-service-account-keys" - ] - }, - "risk_details": "Service Account keys should be rotated to ensure that data cannot be accessed with an old key that might have been lost, cracked, or stolen.", - "time": 1760900732, - "time_dt": "2025-10-19T19:05:32.768934", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User-managed key c450c6187eeddc932b29ffd3d0f3e675bf53af62 for account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was rotated over the last 90 days (4 days ago).", - "metadata": { - "event_code": "iam_sa_user_managed_key_rotate_90_days", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "PASS", - "status_detail": "User-managed key c450c6187eeddc932b29ffd3d0f3e675bf53af62 for account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was rotated over the last 90 days (4 days ago).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.7" - ], - "ISO27001-2022": [ - "A.5.16" - ], - "ENS-RD2022": [ - "op.acc.6.r1.gcp.ip.1" - ], - "PCI-4.0": [ - "3.7.5.2", - "7.2.5.1.2", - "8.3.10.1.1", - "8.3.5.1", - "8.3.7.1", - "8.3.9.1", - "8.6.3.1" - ], - "MITRE-ATTACK": [ - "T1078", - "T1098" - ], - "CIS-2.0": [ - "1.7" - ], - "NIS2": [ - "9.2.c", - "9.2.c.i", - "9.2.c.ii", - "9.2.c.v", - "9.2.c.vi", - "9.2.c.vii", - "9.2.c.xii", - "11.5.4", - "11.6.2.c", - "12.2.2.a", - "12.2.2.b" - ], - "ProwlerThreatScore-1.0": [ - "1.1.1" - ], - "CIS-4.0": [ - "1.7" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900732, - "created_time_dt": "2025-10-19T19:05:32.768934", - "desc": "Ensure User-Managed/External Keys for Service Accounts Are Rotated Every 90 Days", - "title": "Ensure User-Managed/External Keys for Service Accounts Are Rotated Every 90 Days", - "types": [], - "uid": "prowler-gcp-iam_sa_user_managed_key_rotate_90_days-nodal-time-474015-p5-global-test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "email": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "display_name": "CCC Test User: test-user-trusted", - "keys": [ - { - "name": "2be636359d12f2e126e0d77f6dfaa3ba883c97c6", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-12T13:15:46", - "valid_before": "2025-10-29T13:15:46" - }, - { - "name": "b42bff156412b21c8615812a79d72ba55d6bafb4", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:44", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "24a51f6716e116e4b0c095d727d4a101242b82a2", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "a9ef76bd9a4bf65183c4eca79577351caf8a8b9c", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:47", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "3ec34a6521569dd67684f27f37d1d6ab56db09dc", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:43", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c450c6187eeddc932b29ffd3d0f3e675bf53af62", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:45", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "da1ab7a5db1c4c450463dd8897ce39f496b0ad66", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "f69cf03d448314cf03036f08165420dfe98b3992", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:50", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "ce51dbe0ea021fb2e8124f86d8842546246040c1", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:51", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "9fb92292efcb6cf783f5b7ef3bc67a293bea8a33", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:52", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c0604742fabec0b925df21e0606a25c9e007f571", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:38:22", - "valid_before": "9999-12-31T23:59:59" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "101453138596815216260" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "type": "ServiceAccountKey", - "uid": "c450c6187eeddc932b29ffd3d0f3e675bf53af62" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended that all Service Account keys are regularly rotated.", - "references": [ - "https://cloud.google.com/iam/docs/creating-managing-service-account-keys" - ] - }, - "risk_details": "Service Account keys should be rotated to ensure that data cannot be accessed with an old key that might have been lost, cracked, or stolen.", - "time": 1760900732, - "time_dt": "2025-10-19T19:05:32.768934", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User-managed key da1ab7a5db1c4c450463dd8897ce39f496b0ad66 for account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was rotated over the last 90 days (4 days ago).", - "metadata": { - "event_code": "iam_sa_user_managed_key_rotate_90_days", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "PASS", - "status_detail": "User-managed key da1ab7a5db1c4c450463dd8897ce39f496b0ad66 for account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was rotated over the last 90 days (4 days ago).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.7" - ], - "ISO27001-2022": [ - "A.5.16" - ], - "ENS-RD2022": [ - "op.acc.6.r1.gcp.ip.1" - ], - "PCI-4.0": [ - "3.7.5.2", - "7.2.5.1.2", - "8.3.10.1.1", - "8.3.5.1", - "8.3.7.1", - "8.3.9.1", - "8.6.3.1" - ], - "MITRE-ATTACK": [ - "T1078", - "T1098" - ], - "CIS-2.0": [ - "1.7" - ], - "NIS2": [ - "9.2.c", - "9.2.c.i", - "9.2.c.ii", - "9.2.c.v", - "9.2.c.vi", - "9.2.c.vii", - "9.2.c.xii", - "11.5.4", - "11.6.2.c", - "12.2.2.a", - "12.2.2.b" - ], - "ProwlerThreatScore-1.0": [ - "1.1.1" - ], - "CIS-4.0": [ - "1.7" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900732, - "created_time_dt": "2025-10-19T19:05:32.768934", - "desc": "Ensure User-Managed/External Keys for Service Accounts Are Rotated Every 90 Days", - "title": "Ensure User-Managed/External Keys for Service Accounts Are Rotated Every 90 Days", - "types": [], - "uid": "prowler-gcp-iam_sa_user_managed_key_rotate_90_days-nodal-time-474015-p5-global-test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "email": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "display_name": "CCC Test User: test-user-trusted", - "keys": [ - { - "name": "2be636359d12f2e126e0d77f6dfaa3ba883c97c6", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-12T13:15:46", - "valid_before": "2025-10-29T13:15:46" - }, - { - "name": "b42bff156412b21c8615812a79d72ba55d6bafb4", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:44", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "24a51f6716e116e4b0c095d727d4a101242b82a2", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "a9ef76bd9a4bf65183c4eca79577351caf8a8b9c", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:47", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "3ec34a6521569dd67684f27f37d1d6ab56db09dc", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:43", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c450c6187eeddc932b29ffd3d0f3e675bf53af62", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:45", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "da1ab7a5db1c4c450463dd8897ce39f496b0ad66", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "f69cf03d448314cf03036f08165420dfe98b3992", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:50", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "ce51dbe0ea021fb2e8124f86d8842546246040c1", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:51", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "9fb92292efcb6cf783f5b7ef3bc67a293bea8a33", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:52", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c0604742fabec0b925df21e0606a25c9e007f571", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:38:22", - "valid_before": "9999-12-31T23:59:59" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "101453138596815216260" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "type": "ServiceAccountKey", - "uid": "da1ab7a5db1c4c450463dd8897ce39f496b0ad66" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended that all Service Account keys are regularly rotated.", - "references": [ - "https://cloud.google.com/iam/docs/creating-managing-service-account-keys" - ] - }, - "risk_details": "Service Account keys should be rotated to ensure that data cannot be accessed with an old key that might have been lost, cracked, or stolen.", - "time": 1760900732, - "time_dt": "2025-10-19T19:05:32.768934", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User-managed key f69cf03d448314cf03036f08165420dfe98b3992 for account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was rotated over the last 90 days (4 days ago).", - "metadata": { - "event_code": "iam_sa_user_managed_key_rotate_90_days", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "PASS", - "status_detail": "User-managed key f69cf03d448314cf03036f08165420dfe98b3992 for account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was rotated over the last 90 days (4 days ago).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.7" - ], - "ISO27001-2022": [ - "A.5.16" - ], - "ENS-RD2022": [ - "op.acc.6.r1.gcp.ip.1" - ], - "PCI-4.0": [ - "3.7.5.2", - "7.2.5.1.2", - "8.3.10.1.1", - "8.3.5.1", - "8.3.7.1", - "8.3.9.1", - "8.6.3.1" - ], - "MITRE-ATTACK": [ - "T1078", - "T1098" - ], - "CIS-2.0": [ - "1.7" - ], - "NIS2": [ - "9.2.c", - "9.2.c.i", - "9.2.c.ii", - "9.2.c.v", - "9.2.c.vi", - "9.2.c.vii", - "9.2.c.xii", - "11.5.4", - "11.6.2.c", - "12.2.2.a", - "12.2.2.b" - ], - "ProwlerThreatScore-1.0": [ - "1.1.1" - ], - "CIS-4.0": [ - "1.7" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900732, - "created_time_dt": "2025-10-19T19:05:32.768934", - "desc": "Ensure User-Managed/External Keys for Service Accounts Are Rotated Every 90 Days", - "title": "Ensure User-Managed/External Keys for Service Accounts Are Rotated Every 90 Days", - "types": [], - "uid": "prowler-gcp-iam_sa_user_managed_key_rotate_90_days-nodal-time-474015-p5-global-test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "email": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "display_name": "CCC Test User: test-user-trusted", - "keys": [ - { - "name": "2be636359d12f2e126e0d77f6dfaa3ba883c97c6", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-12T13:15:46", - "valid_before": "2025-10-29T13:15:46" - }, - { - "name": "b42bff156412b21c8615812a79d72ba55d6bafb4", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:44", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "24a51f6716e116e4b0c095d727d4a101242b82a2", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "a9ef76bd9a4bf65183c4eca79577351caf8a8b9c", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:47", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "3ec34a6521569dd67684f27f37d1d6ab56db09dc", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:43", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c450c6187eeddc932b29ffd3d0f3e675bf53af62", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:45", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "da1ab7a5db1c4c450463dd8897ce39f496b0ad66", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "f69cf03d448314cf03036f08165420dfe98b3992", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:50", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "ce51dbe0ea021fb2e8124f86d8842546246040c1", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:51", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "9fb92292efcb6cf783f5b7ef3bc67a293bea8a33", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:52", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c0604742fabec0b925df21e0606a25c9e007f571", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:38:22", - "valid_before": "9999-12-31T23:59:59" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "101453138596815216260" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "type": "ServiceAccountKey", - "uid": "f69cf03d448314cf03036f08165420dfe98b3992" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended that all Service Account keys are regularly rotated.", - "references": [ - "https://cloud.google.com/iam/docs/creating-managing-service-account-keys" - ] - }, - "risk_details": "Service Account keys should be rotated to ensure that data cannot be accessed with an old key that might have been lost, cracked, or stolen.", - "time": 1760900732, - "time_dt": "2025-10-19T19:05:32.768934", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User-managed key ce51dbe0ea021fb2e8124f86d8842546246040c1 for account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was rotated over the last 90 days (4 days ago).", - "metadata": { - "event_code": "iam_sa_user_managed_key_rotate_90_days", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "PASS", - "status_detail": "User-managed key ce51dbe0ea021fb2e8124f86d8842546246040c1 for account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was rotated over the last 90 days (4 days ago).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.7" - ], - "ISO27001-2022": [ - "A.5.16" - ], - "ENS-RD2022": [ - "op.acc.6.r1.gcp.ip.1" - ], - "PCI-4.0": [ - "3.7.5.2", - "7.2.5.1.2", - "8.3.10.1.1", - "8.3.5.1", - "8.3.7.1", - "8.3.9.1", - "8.6.3.1" - ], - "MITRE-ATTACK": [ - "T1078", - "T1098" - ], - "CIS-2.0": [ - "1.7" - ], - "NIS2": [ - "9.2.c", - "9.2.c.i", - "9.2.c.ii", - "9.2.c.v", - "9.2.c.vi", - "9.2.c.vii", - "9.2.c.xii", - "11.5.4", - "11.6.2.c", - "12.2.2.a", - "12.2.2.b" - ], - "ProwlerThreatScore-1.0": [ - "1.1.1" - ], - "CIS-4.0": [ - "1.7" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900732, - "created_time_dt": "2025-10-19T19:05:32.768934", - "desc": "Ensure User-Managed/External Keys for Service Accounts Are Rotated Every 90 Days", - "title": "Ensure User-Managed/External Keys for Service Accounts Are Rotated Every 90 Days", - "types": [], - "uid": "prowler-gcp-iam_sa_user_managed_key_rotate_90_days-nodal-time-474015-p5-global-test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "email": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "display_name": "CCC Test User: test-user-trusted", - "keys": [ - { - "name": "2be636359d12f2e126e0d77f6dfaa3ba883c97c6", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-12T13:15:46", - "valid_before": "2025-10-29T13:15:46" - }, - { - "name": "b42bff156412b21c8615812a79d72ba55d6bafb4", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:44", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "24a51f6716e116e4b0c095d727d4a101242b82a2", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "a9ef76bd9a4bf65183c4eca79577351caf8a8b9c", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:47", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "3ec34a6521569dd67684f27f37d1d6ab56db09dc", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:43", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c450c6187eeddc932b29ffd3d0f3e675bf53af62", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:45", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "da1ab7a5db1c4c450463dd8897ce39f496b0ad66", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "f69cf03d448314cf03036f08165420dfe98b3992", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:50", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "ce51dbe0ea021fb2e8124f86d8842546246040c1", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:51", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "9fb92292efcb6cf783f5b7ef3bc67a293bea8a33", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:52", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c0604742fabec0b925df21e0606a25c9e007f571", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:38:22", - "valid_before": "9999-12-31T23:59:59" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "101453138596815216260" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "type": "ServiceAccountKey", - "uid": "ce51dbe0ea021fb2e8124f86d8842546246040c1" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended that all Service Account keys are regularly rotated.", - "references": [ - "https://cloud.google.com/iam/docs/creating-managing-service-account-keys" - ] - }, - "risk_details": "Service Account keys should be rotated to ensure that data cannot be accessed with an old key that might have been lost, cracked, or stolen.", - "time": 1760900732, - "time_dt": "2025-10-19T19:05:32.768934", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User-managed key 9fb92292efcb6cf783f5b7ef3bc67a293bea8a33 for account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was rotated over the last 90 days (4 days ago).", - "metadata": { - "event_code": "iam_sa_user_managed_key_rotate_90_days", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "PASS", - "status_detail": "User-managed key 9fb92292efcb6cf783f5b7ef3bc67a293bea8a33 for account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was rotated over the last 90 days (4 days ago).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.7" - ], - "ISO27001-2022": [ - "A.5.16" - ], - "ENS-RD2022": [ - "op.acc.6.r1.gcp.ip.1" - ], - "PCI-4.0": [ - "3.7.5.2", - "7.2.5.1.2", - "8.3.10.1.1", - "8.3.5.1", - "8.3.7.1", - "8.3.9.1", - "8.6.3.1" - ], - "MITRE-ATTACK": [ - "T1078", - "T1098" - ], - "CIS-2.0": [ - "1.7" - ], - "NIS2": [ - "9.2.c", - "9.2.c.i", - "9.2.c.ii", - "9.2.c.v", - "9.2.c.vi", - "9.2.c.vii", - "9.2.c.xii", - "11.5.4", - "11.6.2.c", - "12.2.2.a", - "12.2.2.b" - ], - "ProwlerThreatScore-1.0": [ - "1.1.1" - ], - "CIS-4.0": [ - "1.7" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900732, - "created_time_dt": "2025-10-19T19:05:32.768934", - "desc": "Ensure User-Managed/External Keys for Service Accounts Are Rotated Every 90 Days", - "title": "Ensure User-Managed/External Keys for Service Accounts Are Rotated Every 90 Days", - "types": [], - "uid": "prowler-gcp-iam_sa_user_managed_key_rotate_90_days-nodal-time-474015-p5-global-test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "email": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "display_name": "CCC Test User: test-user-trusted", - "keys": [ - { - "name": "2be636359d12f2e126e0d77f6dfaa3ba883c97c6", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-12T13:15:46", - "valid_before": "2025-10-29T13:15:46" - }, - { - "name": "b42bff156412b21c8615812a79d72ba55d6bafb4", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:44", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "24a51f6716e116e4b0c095d727d4a101242b82a2", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "a9ef76bd9a4bf65183c4eca79577351caf8a8b9c", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:47", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "3ec34a6521569dd67684f27f37d1d6ab56db09dc", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:43", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c450c6187eeddc932b29ffd3d0f3e675bf53af62", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:45", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "da1ab7a5db1c4c450463dd8897ce39f496b0ad66", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "f69cf03d448314cf03036f08165420dfe98b3992", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:50", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "ce51dbe0ea021fb2e8124f86d8842546246040c1", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:51", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "9fb92292efcb6cf783f5b7ef3bc67a293bea8a33", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:52", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c0604742fabec0b925df21e0606a25c9e007f571", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:38:22", - "valid_before": "9999-12-31T23:59:59" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "101453138596815216260" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "type": "ServiceAccountKey", - "uid": "9fb92292efcb6cf783f5b7ef3bc67a293bea8a33" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended that all Service Account keys are regularly rotated.", - "references": [ - "https://cloud.google.com/iam/docs/creating-managing-service-account-keys" - ] - }, - "risk_details": "Service Account keys should be rotated to ensure that data cannot be accessed with an old key that might have been lost, cracked, or stolen.", - "time": 1760900732, - "time_dt": "2025-10-19T19:05:32.768934", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User-managed key c0604742fabec0b925df21e0606a25c9e007f571 for account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was rotated over the last 90 days (4 days ago).", - "metadata": { - "event_code": "iam_sa_user_managed_key_rotate_90_days", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "PASS", - "status_detail": "User-managed key c0604742fabec0b925df21e0606a25c9e007f571 for account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was rotated over the last 90 days (4 days ago).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.7" - ], - "ISO27001-2022": [ - "A.5.16" - ], - "ENS-RD2022": [ - "op.acc.6.r1.gcp.ip.1" - ], - "PCI-4.0": [ - "3.7.5.2", - "7.2.5.1.2", - "8.3.10.1.1", - "8.3.5.1", - "8.3.7.1", - "8.3.9.1", - "8.6.3.1" - ], - "MITRE-ATTACK": [ - "T1078", - "T1098" - ], - "CIS-2.0": [ - "1.7" - ], - "NIS2": [ - "9.2.c", - "9.2.c.i", - "9.2.c.ii", - "9.2.c.v", - "9.2.c.vi", - "9.2.c.vii", - "9.2.c.xii", - "11.5.4", - "11.6.2.c", - "12.2.2.a", - "12.2.2.b" - ], - "ProwlerThreatScore-1.0": [ - "1.1.1" - ], - "CIS-4.0": [ - "1.7" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900732, - "created_time_dt": "2025-10-19T19:05:32.768934", - "desc": "Ensure User-Managed/External Keys for Service Accounts Are Rotated Every 90 Days", - "title": "Ensure User-Managed/External Keys for Service Accounts Are Rotated Every 90 Days", - "types": [], - "uid": "prowler-gcp-iam_sa_user_managed_key_rotate_90_days-nodal-time-474015-p5-global-test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "email": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "display_name": "CCC Test User: test-user-trusted", - "keys": [ - { - "name": "2be636359d12f2e126e0d77f6dfaa3ba883c97c6", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-12T13:15:46", - "valid_before": "2025-10-29T13:15:46" - }, - { - "name": "b42bff156412b21c8615812a79d72ba55d6bafb4", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:44", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "24a51f6716e116e4b0c095d727d4a101242b82a2", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "a9ef76bd9a4bf65183c4eca79577351caf8a8b9c", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:47", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "3ec34a6521569dd67684f27f37d1d6ab56db09dc", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:43", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c450c6187eeddc932b29ffd3d0f3e675bf53af62", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:45", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "da1ab7a5db1c4c450463dd8897ce39f496b0ad66", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "f69cf03d448314cf03036f08165420dfe98b3992", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:50", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "ce51dbe0ea021fb2e8124f86d8842546246040c1", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:51", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "9fb92292efcb6cf783f5b7ef3bc67a293bea8a33", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:52", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c0604742fabec0b925df21e0606a25c9e007f571", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:38:22", - "valid_before": "9999-12-31T23:59:59" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "101453138596815216260" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "type": "ServiceAccountKey", - "uid": "c0604742fabec0b925df21e0606a25c9e007f571" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended that all Service Account keys are regularly rotated.", - "references": [ - "https://cloud.google.com/iam/docs/creating-managing-service-account-keys" - ] - }, - "risk_details": "Service Account keys should be rotated to ensure that data cannot be accessed with an old key that might have been lost, cracked, or stolen.", - "time": 1760900732, - "time_dt": "2025-10-19T19:05:32.768934", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User-managed key b42bff156412b21c8615812a79d72ba55d6bafb4 for Service Account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was not used over the last 180 days.", - "metadata": { - "event_code": "iam_sa_user_managed_key_unused", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "User-managed key b42bff156412b21c8615812a79d72ba55d6bafb4 for Service Account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was not used over the last 180 days.", - "status_id": 1, - "unmapped": { - "related_url": "https://cloud.google.com/iam/docs/service-account-overview#identify-unused", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_1_3", - "cc_6_3" - ], - "MITRE-ATTACK": [ - "T1078" - ], - "NIS2": [ - "6.2.2.b", - "9.2.c", - "9.2.c.i", - "9.2.c.vii", - "9.2.c.xii", - "11.5.4" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900732, - "created_time_dt": "2025-10-19T19:05:32.768934", - "desc": "Ensure That There Are No Unused Service Account Keys for Each Service Account.", - "title": "Ensure That There Are No Unused Service Account Keys for Each Service Account", - "types": [], - "uid": "prowler-gcp-iam_sa_user_managed_key_unused-nodal-time-474015-p5-global-test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "email": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "display_name": "CCC Test User: test-user-trusted", - "keys": [ - { - "name": "2be636359d12f2e126e0d77f6dfaa3ba883c97c6", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-12T13:15:46", - "valid_before": "2025-10-29T13:15:46" - }, - { - "name": "b42bff156412b21c8615812a79d72ba55d6bafb4", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:44", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "24a51f6716e116e4b0c095d727d4a101242b82a2", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "a9ef76bd9a4bf65183c4eca79577351caf8a8b9c", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:47", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "3ec34a6521569dd67684f27f37d1d6ab56db09dc", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:43", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c450c6187eeddc932b29ffd3d0f3e675bf53af62", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:45", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "da1ab7a5db1c4c450463dd8897ce39f496b0ad66", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "f69cf03d448314cf03036f08165420dfe98b3992", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:50", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "ce51dbe0ea021fb2e8124f86d8842546246040c1", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:51", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "9fb92292efcb6cf783f5b7ef3bc67a293bea8a33", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:52", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c0604742fabec0b925df21e0606a25c9e007f571", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:38:22", - "valid_before": "9999-12-31T23:59:59" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "101453138596815216260" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "type": "ServiceAccountKey", - "uid": "b42bff156412b21c8615812a79d72ba55d6bafb4" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended to prevent user-managed service account keys.", - "references": [ - "https://cloud.google.com/iam/docs/creating-managing-service-account-keys" - ] - }, - "risk_details": "Anyone who has access to the keys will be able to access resources through the service account. GCP-managed keys are used by Cloud Platform services such as App Engine and Compute Engine. These keys cannot be downloaded. Google will keep the keys and automatically rotate them on an approximately weekly basis. User-managed keys are created, downloadable, and managed by users.", - "time": 1760900732, - "time_dt": "2025-10-19T19:05:32.768934", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User-managed key 24a51f6716e116e4b0c095d727d4a101242b82a2 for Service Account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was not used over the last 180 days.", - "metadata": { - "event_code": "iam_sa_user_managed_key_unused", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "User-managed key 24a51f6716e116e4b0c095d727d4a101242b82a2 for Service Account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was not used over the last 180 days.", - "status_id": 1, - "unmapped": { - "related_url": "https://cloud.google.com/iam/docs/service-account-overview#identify-unused", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_1_3", - "cc_6_3" - ], - "MITRE-ATTACK": [ - "T1078" - ], - "NIS2": [ - "6.2.2.b", - "9.2.c", - "9.2.c.i", - "9.2.c.vii", - "9.2.c.xii", - "11.5.4" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900732, - "created_time_dt": "2025-10-19T19:05:32.768934", - "desc": "Ensure That There Are No Unused Service Account Keys for Each Service Account.", - "title": "Ensure That There Are No Unused Service Account Keys for Each Service Account", - "types": [], - "uid": "prowler-gcp-iam_sa_user_managed_key_unused-nodal-time-474015-p5-global-test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "email": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "display_name": "CCC Test User: test-user-trusted", - "keys": [ - { - "name": "2be636359d12f2e126e0d77f6dfaa3ba883c97c6", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-12T13:15:46", - "valid_before": "2025-10-29T13:15:46" - }, - { - "name": "b42bff156412b21c8615812a79d72ba55d6bafb4", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:44", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "24a51f6716e116e4b0c095d727d4a101242b82a2", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "a9ef76bd9a4bf65183c4eca79577351caf8a8b9c", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:47", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "3ec34a6521569dd67684f27f37d1d6ab56db09dc", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:43", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c450c6187eeddc932b29ffd3d0f3e675bf53af62", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:45", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "da1ab7a5db1c4c450463dd8897ce39f496b0ad66", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "f69cf03d448314cf03036f08165420dfe98b3992", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:50", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "ce51dbe0ea021fb2e8124f86d8842546246040c1", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:51", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "9fb92292efcb6cf783f5b7ef3bc67a293bea8a33", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:52", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c0604742fabec0b925df21e0606a25c9e007f571", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:38:22", - "valid_before": "9999-12-31T23:59:59" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "101453138596815216260" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "type": "ServiceAccountKey", - "uid": "24a51f6716e116e4b0c095d727d4a101242b82a2" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended to prevent user-managed service account keys.", - "references": [ - "https://cloud.google.com/iam/docs/creating-managing-service-account-keys" - ] - }, - "risk_details": "Anyone who has access to the keys will be able to access resources through the service account. GCP-managed keys are used by Cloud Platform services such as App Engine and Compute Engine. These keys cannot be downloaded. Google will keep the keys and automatically rotate them on an approximately weekly basis. User-managed keys are created, downloadable, and managed by users.", - "time": 1760900732, - "time_dt": "2025-10-19T19:05:32.768934", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User-managed key a9ef76bd9a4bf65183c4eca79577351caf8a8b9c for Service Account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was not used over the last 180 days.", - "metadata": { - "event_code": "iam_sa_user_managed_key_unused", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "User-managed key a9ef76bd9a4bf65183c4eca79577351caf8a8b9c for Service Account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was not used over the last 180 days.", - "status_id": 1, - "unmapped": { - "related_url": "https://cloud.google.com/iam/docs/service-account-overview#identify-unused", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_1_3", - "cc_6_3" - ], - "MITRE-ATTACK": [ - "T1078" - ], - "NIS2": [ - "6.2.2.b", - "9.2.c", - "9.2.c.i", - "9.2.c.vii", - "9.2.c.xii", - "11.5.4" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900732, - "created_time_dt": "2025-10-19T19:05:32.768934", - "desc": "Ensure That There Are No Unused Service Account Keys for Each Service Account.", - "title": "Ensure That There Are No Unused Service Account Keys for Each Service Account", - "types": [], - "uid": "prowler-gcp-iam_sa_user_managed_key_unused-nodal-time-474015-p5-global-test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "email": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "display_name": "CCC Test User: test-user-trusted", - "keys": [ - { - "name": "2be636359d12f2e126e0d77f6dfaa3ba883c97c6", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-12T13:15:46", - "valid_before": "2025-10-29T13:15:46" - }, - { - "name": "b42bff156412b21c8615812a79d72ba55d6bafb4", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:44", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "24a51f6716e116e4b0c095d727d4a101242b82a2", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "a9ef76bd9a4bf65183c4eca79577351caf8a8b9c", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:47", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "3ec34a6521569dd67684f27f37d1d6ab56db09dc", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:43", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c450c6187eeddc932b29ffd3d0f3e675bf53af62", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:45", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "da1ab7a5db1c4c450463dd8897ce39f496b0ad66", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "f69cf03d448314cf03036f08165420dfe98b3992", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:50", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "ce51dbe0ea021fb2e8124f86d8842546246040c1", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:51", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "9fb92292efcb6cf783f5b7ef3bc67a293bea8a33", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:52", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c0604742fabec0b925df21e0606a25c9e007f571", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:38:22", - "valid_before": "9999-12-31T23:59:59" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "101453138596815216260" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "type": "ServiceAccountKey", - "uid": "a9ef76bd9a4bf65183c4eca79577351caf8a8b9c" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended to prevent user-managed service account keys.", - "references": [ - "https://cloud.google.com/iam/docs/creating-managing-service-account-keys" - ] - }, - "risk_details": "Anyone who has access to the keys will be able to access resources through the service account. GCP-managed keys are used by Cloud Platform services such as App Engine and Compute Engine. These keys cannot be downloaded. Google will keep the keys and automatically rotate them on an approximately weekly basis. User-managed keys are created, downloadable, and managed by users.", - "time": 1760900732, - "time_dt": "2025-10-19T19:05:32.768934", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User-managed key 3ec34a6521569dd67684f27f37d1d6ab56db09dc for Service Account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was not used over the last 180 days.", - "metadata": { - "event_code": "iam_sa_user_managed_key_unused", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "User-managed key 3ec34a6521569dd67684f27f37d1d6ab56db09dc for Service Account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was not used over the last 180 days.", - "status_id": 1, - "unmapped": { - "related_url": "https://cloud.google.com/iam/docs/service-account-overview#identify-unused", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_1_3", - "cc_6_3" - ], - "MITRE-ATTACK": [ - "T1078" - ], - "NIS2": [ - "6.2.2.b", - "9.2.c", - "9.2.c.i", - "9.2.c.vii", - "9.2.c.xii", - "11.5.4" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900732, - "created_time_dt": "2025-10-19T19:05:32.768934", - "desc": "Ensure That There Are No Unused Service Account Keys for Each Service Account.", - "title": "Ensure That There Are No Unused Service Account Keys for Each Service Account", - "types": [], - "uid": "prowler-gcp-iam_sa_user_managed_key_unused-nodal-time-474015-p5-global-test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "email": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "display_name": "CCC Test User: test-user-trusted", - "keys": [ - { - "name": "2be636359d12f2e126e0d77f6dfaa3ba883c97c6", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-12T13:15:46", - "valid_before": "2025-10-29T13:15:46" - }, - { - "name": "b42bff156412b21c8615812a79d72ba55d6bafb4", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:44", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "24a51f6716e116e4b0c095d727d4a101242b82a2", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "a9ef76bd9a4bf65183c4eca79577351caf8a8b9c", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:47", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "3ec34a6521569dd67684f27f37d1d6ab56db09dc", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:43", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c450c6187eeddc932b29ffd3d0f3e675bf53af62", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:45", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "da1ab7a5db1c4c450463dd8897ce39f496b0ad66", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "f69cf03d448314cf03036f08165420dfe98b3992", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:50", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "ce51dbe0ea021fb2e8124f86d8842546246040c1", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:51", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "9fb92292efcb6cf783f5b7ef3bc67a293bea8a33", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:52", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c0604742fabec0b925df21e0606a25c9e007f571", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:38:22", - "valid_before": "9999-12-31T23:59:59" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "101453138596815216260" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "type": "ServiceAccountKey", - "uid": "3ec34a6521569dd67684f27f37d1d6ab56db09dc" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended to prevent user-managed service account keys.", - "references": [ - "https://cloud.google.com/iam/docs/creating-managing-service-account-keys" - ] - }, - "risk_details": "Anyone who has access to the keys will be able to access resources through the service account. GCP-managed keys are used by Cloud Platform services such as App Engine and Compute Engine. These keys cannot be downloaded. Google will keep the keys and automatically rotate them on an approximately weekly basis. User-managed keys are created, downloadable, and managed by users.", - "time": 1760900732, - "time_dt": "2025-10-19T19:05:32.768934", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User-managed key c450c6187eeddc932b29ffd3d0f3e675bf53af62 for Service Account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was not used over the last 180 days.", - "metadata": { - "event_code": "iam_sa_user_managed_key_unused", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "User-managed key c450c6187eeddc932b29ffd3d0f3e675bf53af62 for Service Account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was not used over the last 180 days.", - "status_id": 1, - "unmapped": { - "related_url": "https://cloud.google.com/iam/docs/service-account-overview#identify-unused", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_1_3", - "cc_6_3" - ], - "MITRE-ATTACK": [ - "T1078" - ], - "NIS2": [ - "6.2.2.b", - "9.2.c", - "9.2.c.i", - "9.2.c.vii", - "9.2.c.xii", - "11.5.4" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900732, - "created_time_dt": "2025-10-19T19:05:32.768934", - "desc": "Ensure That There Are No Unused Service Account Keys for Each Service Account.", - "title": "Ensure That There Are No Unused Service Account Keys for Each Service Account", - "types": [], - "uid": "prowler-gcp-iam_sa_user_managed_key_unused-nodal-time-474015-p5-global-test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "email": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "display_name": "CCC Test User: test-user-trusted", - "keys": [ - { - "name": "2be636359d12f2e126e0d77f6dfaa3ba883c97c6", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-12T13:15:46", - "valid_before": "2025-10-29T13:15:46" - }, - { - "name": "b42bff156412b21c8615812a79d72ba55d6bafb4", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:44", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "24a51f6716e116e4b0c095d727d4a101242b82a2", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "a9ef76bd9a4bf65183c4eca79577351caf8a8b9c", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:47", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "3ec34a6521569dd67684f27f37d1d6ab56db09dc", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:43", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c450c6187eeddc932b29ffd3d0f3e675bf53af62", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:45", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "da1ab7a5db1c4c450463dd8897ce39f496b0ad66", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "f69cf03d448314cf03036f08165420dfe98b3992", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:50", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "ce51dbe0ea021fb2e8124f86d8842546246040c1", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:51", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "9fb92292efcb6cf783f5b7ef3bc67a293bea8a33", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:52", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c0604742fabec0b925df21e0606a25c9e007f571", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:38:22", - "valid_before": "9999-12-31T23:59:59" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "101453138596815216260" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "type": "ServiceAccountKey", - "uid": "c450c6187eeddc932b29ffd3d0f3e675bf53af62" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended to prevent user-managed service account keys.", - "references": [ - "https://cloud.google.com/iam/docs/creating-managing-service-account-keys" - ] - }, - "risk_details": "Anyone who has access to the keys will be able to access resources through the service account. GCP-managed keys are used by Cloud Platform services such as App Engine and Compute Engine. These keys cannot be downloaded. Google will keep the keys and automatically rotate them on an approximately weekly basis. User-managed keys are created, downloadable, and managed by users.", - "time": 1760900732, - "time_dt": "2025-10-19T19:05:32.768934", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User-managed key da1ab7a5db1c4c450463dd8897ce39f496b0ad66 for Service Account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was not used over the last 180 days.", - "metadata": { - "event_code": "iam_sa_user_managed_key_unused", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "User-managed key da1ab7a5db1c4c450463dd8897ce39f496b0ad66 for Service Account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was not used over the last 180 days.", - "status_id": 1, - "unmapped": { - "related_url": "https://cloud.google.com/iam/docs/service-account-overview#identify-unused", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_1_3", - "cc_6_3" - ], - "MITRE-ATTACK": [ - "T1078" - ], - "NIS2": [ - "6.2.2.b", - "9.2.c", - "9.2.c.i", - "9.2.c.vii", - "9.2.c.xii", - "11.5.4" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900732, - "created_time_dt": "2025-10-19T19:05:32.768934", - "desc": "Ensure That There Are No Unused Service Account Keys for Each Service Account.", - "title": "Ensure That There Are No Unused Service Account Keys for Each Service Account", - "types": [], - "uid": "prowler-gcp-iam_sa_user_managed_key_unused-nodal-time-474015-p5-global-test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "email": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "display_name": "CCC Test User: test-user-trusted", - "keys": [ - { - "name": "2be636359d12f2e126e0d77f6dfaa3ba883c97c6", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-12T13:15:46", - "valid_before": "2025-10-29T13:15:46" - }, - { - "name": "b42bff156412b21c8615812a79d72ba55d6bafb4", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:44", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "24a51f6716e116e4b0c095d727d4a101242b82a2", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "a9ef76bd9a4bf65183c4eca79577351caf8a8b9c", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:47", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "3ec34a6521569dd67684f27f37d1d6ab56db09dc", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:43", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c450c6187eeddc932b29ffd3d0f3e675bf53af62", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:45", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "da1ab7a5db1c4c450463dd8897ce39f496b0ad66", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "f69cf03d448314cf03036f08165420dfe98b3992", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:50", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "ce51dbe0ea021fb2e8124f86d8842546246040c1", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:51", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "9fb92292efcb6cf783f5b7ef3bc67a293bea8a33", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:52", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c0604742fabec0b925df21e0606a25c9e007f571", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:38:22", - "valid_before": "9999-12-31T23:59:59" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "101453138596815216260" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "type": "ServiceAccountKey", - "uid": "da1ab7a5db1c4c450463dd8897ce39f496b0ad66" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended to prevent user-managed service account keys.", - "references": [ - "https://cloud.google.com/iam/docs/creating-managing-service-account-keys" - ] - }, - "risk_details": "Anyone who has access to the keys will be able to access resources through the service account. GCP-managed keys are used by Cloud Platform services such as App Engine and Compute Engine. These keys cannot be downloaded. Google will keep the keys and automatically rotate them on an approximately weekly basis. User-managed keys are created, downloadable, and managed by users.", - "time": 1760900732, - "time_dt": "2025-10-19T19:05:32.768934", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User-managed key f69cf03d448314cf03036f08165420dfe98b3992 for Service Account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was not used over the last 180 days.", - "metadata": { - "event_code": "iam_sa_user_managed_key_unused", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "User-managed key f69cf03d448314cf03036f08165420dfe98b3992 for Service Account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was not used over the last 180 days.", - "status_id": 1, - "unmapped": { - "related_url": "https://cloud.google.com/iam/docs/service-account-overview#identify-unused", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_1_3", - "cc_6_3" - ], - "MITRE-ATTACK": [ - "T1078" - ], - "NIS2": [ - "6.2.2.b", - "9.2.c", - "9.2.c.i", - "9.2.c.vii", - "9.2.c.xii", - "11.5.4" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900732, - "created_time_dt": "2025-10-19T19:05:32.768934", - "desc": "Ensure That There Are No Unused Service Account Keys for Each Service Account.", - "title": "Ensure That There Are No Unused Service Account Keys for Each Service Account", - "types": [], - "uid": "prowler-gcp-iam_sa_user_managed_key_unused-nodal-time-474015-p5-global-test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "email": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "display_name": "CCC Test User: test-user-trusted", - "keys": [ - { - "name": "2be636359d12f2e126e0d77f6dfaa3ba883c97c6", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-12T13:15:46", - "valid_before": "2025-10-29T13:15:46" - }, - { - "name": "b42bff156412b21c8615812a79d72ba55d6bafb4", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:44", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "24a51f6716e116e4b0c095d727d4a101242b82a2", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "a9ef76bd9a4bf65183c4eca79577351caf8a8b9c", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:47", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "3ec34a6521569dd67684f27f37d1d6ab56db09dc", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:43", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c450c6187eeddc932b29ffd3d0f3e675bf53af62", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:45", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "da1ab7a5db1c4c450463dd8897ce39f496b0ad66", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "f69cf03d448314cf03036f08165420dfe98b3992", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:50", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "ce51dbe0ea021fb2e8124f86d8842546246040c1", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:51", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "9fb92292efcb6cf783f5b7ef3bc67a293bea8a33", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:52", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c0604742fabec0b925df21e0606a25c9e007f571", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:38:22", - "valid_before": "9999-12-31T23:59:59" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "101453138596815216260" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "type": "ServiceAccountKey", - "uid": "f69cf03d448314cf03036f08165420dfe98b3992" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended to prevent user-managed service account keys.", - "references": [ - "https://cloud.google.com/iam/docs/creating-managing-service-account-keys" - ] - }, - "risk_details": "Anyone who has access to the keys will be able to access resources through the service account. GCP-managed keys are used by Cloud Platform services such as App Engine and Compute Engine. These keys cannot be downloaded. Google will keep the keys and automatically rotate them on an approximately weekly basis. User-managed keys are created, downloadable, and managed by users.", - "time": 1760900732, - "time_dt": "2025-10-19T19:05:32.768934", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User-managed key ce51dbe0ea021fb2e8124f86d8842546246040c1 for Service Account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was not used over the last 180 days.", - "metadata": { - "event_code": "iam_sa_user_managed_key_unused", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "User-managed key ce51dbe0ea021fb2e8124f86d8842546246040c1 for Service Account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was not used over the last 180 days.", - "status_id": 1, - "unmapped": { - "related_url": "https://cloud.google.com/iam/docs/service-account-overview#identify-unused", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_1_3", - "cc_6_3" - ], - "MITRE-ATTACK": [ - "T1078" - ], - "NIS2": [ - "6.2.2.b", - "9.2.c", - "9.2.c.i", - "9.2.c.vii", - "9.2.c.xii", - "11.5.4" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900732, - "created_time_dt": "2025-10-19T19:05:32.768934", - "desc": "Ensure That There Are No Unused Service Account Keys for Each Service Account.", - "title": "Ensure That There Are No Unused Service Account Keys for Each Service Account", - "types": [], - "uid": "prowler-gcp-iam_sa_user_managed_key_unused-nodal-time-474015-p5-global-test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "email": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "display_name": "CCC Test User: test-user-trusted", - "keys": [ - { - "name": "2be636359d12f2e126e0d77f6dfaa3ba883c97c6", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-12T13:15:46", - "valid_before": "2025-10-29T13:15:46" - }, - { - "name": "b42bff156412b21c8615812a79d72ba55d6bafb4", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:44", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "24a51f6716e116e4b0c095d727d4a101242b82a2", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "a9ef76bd9a4bf65183c4eca79577351caf8a8b9c", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:47", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "3ec34a6521569dd67684f27f37d1d6ab56db09dc", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:43", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c450c6187eeddc932b29ffd3d0f3e675bf53af62", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:45", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "da1ab7a5db1c4c450463dd8897ce39f496b0ad66", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "f69cf03d448314cf03036f08165420dfe98b3992", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:50", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "ce51dbe0ea021fb2e8124f86d8842546246040c1", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:51", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "9fb92292efcb6cf783f5b7ef3bc67a293bea8a33", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:52", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c0604742fabec0b925df21e0606a25c9e007f571", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:38:22", - "valid_before": "9999-12-31T23:59:59" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "101453138596815216260" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "type": "ServiceAccountKey", - "uid": "ce51dbe0ea021fb2e8124f86d8842546246040c1" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended to prevent user-managed service account keys.", - "references": [ - "https://cloud.google.com/iam/docs/creating-managing-service-account-keys" - ] - }, - "risk_details": "Anyone who has access to the keys will be able to access resources through the service account. GCP-managed keys are used by Cloud Platform services such as App Engine and Compute Engine. These keys cannot be downloaded. Google will keep the keys and automatically rotate them on an approximately weekly basis. User-managed keys are created, downloadable, and managed by users.", - "time": 1760900732, - "time_dt": "2025-10-19T19:05:32.768934", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User-managed key 9fb92292efcb6cf783f5b7ef3bc67a293bea8a33 for Service Account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was not used over the last 180 days.", - "metadata": { - "event_code": "iam_sa_user_managed_key_unused", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "User-managed key 9fb92292efcb6cf783f5b7ef3bc67a293bea8a33 for Service Account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was not used over the last 180 days.", - "status_id": 1, - "unmapped": { - "related_url": "https://cloud.google.com/iam/docs/service-account-overview#identify-unused", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_1_3", - "cc_6_3" - ], - "MITRE-ATTACK": [ - "T1078" - ], - "NIS2": [ - "6.2.2.b", - "9.2.c", - "9.2.c.i", - "9.2.c.vii", - "9.2.c.xii", - "11.5.4" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900732, - "created_time_dt": "2025-10-19T19:05:32.768934", - "desc": "Ensure That There Are No Unused Service Account Keys for Each Service Account.", - "title": "Ensure That There Are No Unused Service Account Keys for Each Service Account", - "types": [], - "uid": "prowler-gcp-iam_sa_user_managed_key_unused-nodal-time-474015-p5-global-test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "email": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "display_name": "CCC Test User: test-user-trusted", - "keys": [ - { - "name": "2be636359d12f2e126e0d77f6dfaa3ba883c97c6", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-12T13:15:46", - "valid_before": "2025-10-29T13:15:46" - }, - { - "name": "b42bff156412b21c8615812a79d72ba55d6bafb4", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:44", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "24a51f6716e116e4b0c095d727d4a101242b82a2", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "a9ef76bd9a4bf65183c4eca79577351caf8a8b9c", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:47", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "3ec34a6521569dd67684f27f37d1d6ab56db09dc", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:43", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c450c6187eeddc932b29ffd3d0f3e675bf53af62", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:45", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "da1ab7a5db1c4c450463dd8897ce39f496b0ad66", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "f69cf03d448314cf03036f08165420dfe98b3992", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:50", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "ce51dbe0ea021fb2e8124f86d8842546246040c1", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:51", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "9fb92292efcb6cf783f5b7ef3bc67a293bea8a33", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:52", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c0604742fabec0b925df21e0606a25c9e007f571", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:38:22", - "valid_before": "9999-12-31T23:59:59" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "101453138596815216260" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "type": "ServiceAccountKey", - "uid": "9fb92292efcb6cf783f5b7ef3bc67a293bea8a33" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended to prevent user-managed service account keys.", - "references": [ - "https://cloud.google.com/iam/docs/creating-managing-service-account-keys" - ] - }, - "risk_details": "Anyone who has access to the keys will be able to access resources through the service account. GCP-managed keys are used by Cloud Platform services such as App Engine and Compute Engine. These keys cannot be downloaded. Google will keep the keys and automatically rotate them on an approximately weekly basis. User-managed keys are created, downloadable, and managed by users.", - "time": 1760900732, - "time_dt": "2025-10-19T19:05:32.768934", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User-managed key c0604742fabec0b925df21e0606a25c9e007f571 for Service Account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was not used over the last 180 days.", - "metadata": { - "event_code": "iam_sa_user_managed_key_unused", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "User-managed key c0604742fabec0b925df21e0606a25c9e007f571 for Service Account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was not used over the last 180 days.", - "status_id": 1, - "unmapped": { - "related_url": "https://cloud.google.com/iam/docs/service-account-overview#identify-unused", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_1_3", - "cc_6_3" - ], - "MITRE-ATTACK": [ - "T1078" - ], - "NIS2": [ - "6.2.2.b", - "9.2.c", - "9.2.c.i", - "9.2.c.vii", - "9.2.c.xii", - "11.5.4" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900732, - "created_time_dt": "2025-10-19T19:05:32.768934", - "desc": "Ensure That There Are No Unused Service Account Keys for Each Service Account.", - "title": "Ensure That There Are No Unused Service Account Keys for Each Service Account", - "types": [], - "uid": "prowler-gcp-iam_sa_user_managed_key_unused-nodal-time-474015-p5-global-test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "email": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "display_name": "CCC Test User: test-user-trusted", - "keys": [ - { - "name": "2be636359d12f2e126e0d77f6dfaa3ba883c97c6", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-12T13:15:46", - "valid_before": "2025-10-29T13:15:46" - }, - { - "name": "b42bff156412b21c8615812a79d72ba55d6bafb4", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:44", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "24a51f6716e116e4b0c095d727d4a101242b82a2", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "a9ef76bd9a4bf65183c4eca79577351caf8a8b9c", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:47", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "3ec34a6521569dd67684f27f37d1d6ab56db09dc", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:43", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c450c6187eeddc932b29ffd3d0f3e675bf53af62", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:45", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "da1ab7a5db1c4c450463dd8897ce39f496b0ad66", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "f69cf03d448314cf03036f08165420dfe98b3992", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:50", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "ce51dbe0ea021fb2e8124f86d8842546246040c1", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:51", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "9fb92292efcb6cf783f5b7ef3bc67a293bea8a33", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:52", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c0604742fabec0b925df21e0606a25c9e007f571", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:38:22", - "valid_before": "9999-12-31T23:59:59" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "101453138596815216260" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "type": "ServiceAccountKey", - "uid": "c0604742fabec0b925df21e0606a25c9e007f571" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended to prevent user-managed service account keys.", - "references": [ - "https://cloud.google.com/iam/docs/creating-managing-service-account-keys" - ] - }, - "risk_details": "Anyone who has access to the keys will be able to access resources through the service account. GCP-managed keys are used by Cloud Platform services such as App Engine and Compute Engine. These keys cannot be downloaded. Google will keep the keys and automatically rotate them on an approximately weekly basis. User-managed keys are created, downloadable, and managed by users.", - "time": 1760900732, - "time_dt": "2025-10-19T19:05:32.768934", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Service Account gha-deployer@nodal-time-474015-p5.iam.gserviceaccount.com was used over the last 180 days.", - "metadata": { - "event_code": "iam_service_account_unused", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Service Account gha-deployer@nodal-time-474015-p5.iam.gserviceaccount.com was used over the last 180 days.", - "status_id": 1, - "unmapped": { - "related_url": "https://cloud.google.com/iam/docs/service-account-overview#identify-unused", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "MITRE-ATTACK": [ - "T1078" - ], - "NIS2": [ - "6.2.2.b", - "11.1.2.c", - "11.2.2.a", - "11.2.2.d", - "11.3.1", - "11.3.2.a", - "11.3.2.c", - "11.4.2.a", - "11.4.2.c", - "11.5.4" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900732, - "created_time_dt": "2025-10-19T19:05:32.768934", - "desc": "Ensure That There Are No Unused Service Accounts.", - "title": "Ensure That There Are No Unused Service Accounts", - "types": [], - "uid": "prowler-gcp-iam_service_account_unused-nodal-time-474015-p5-global-projects/nodal-time-474015-p5/serviceAccounts/gha-deployer@nodal-time-474015-p5.iam.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/gha-deployer@nodal-time-474015-p5.iam.gserviceaccount.com", - "email": "gha-deployer@nodal-time-474015-p5.iam.gserviceaccount.com", - "display_name": "GitHub Actions Deployer", - "keys": [ - { - "name": "3f2a81ba4bce0b39089b85a2e7678d09d2d183f6", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-15T22:51:06", - "valid_before": "2025-11-01T22:51:06" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "114112078080729873885" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "projects/nodal-time-474015-p5/serviceAccounts/gha-deployer@nodal-time-474015-p5.iam.gserviceaccount.com", - "type": "ServiceAccount", - "uid": "gha-deployer@nodal-time-474015-p5.iam.gserviceaccount.com" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended to disable or remove unused Service Accounts.", - "references": [ - "https://cloud.google.com/iam/docs/service-account-overview#identify-unused" - ] - }, - "risk_details": "A malicious actor could make use of privilege escalation or impersonation to access an unused Service Account that is over-privileged.", - "time": 1760900732, - "time_dt": "2025-10-19T19:05:32.768934", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Service Account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was not used over the last 180 days.", - "metadata": { - "event_code": "iam_service_account_unused", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Service Account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was not used over the last 180 days.", - "status_id": 1, - "unmapped": { - "related_url": "https://cloud.google.com/iam/docs/service-account-overview#identify-unused", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "MITRE-ATTACK": [ - "T1078" - ], - "NIS2": [ - "6.2.2.b", - "11.1.2.c", - "11.2.2.a", - "11.2.2.d", - "11.3.1", - "11.3.2.a", - "11.3.2.c", - "11.4.2.a", - "11.4.2.c", - "11.5.4" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900732, - "created_time_dt": "2025-10-19T19:05:32.768934", - "desc": "Ensure That There Are No Unused Service Accounts.", - "title": "Ensure That There Are No Unused Service Accounts", - "types": [], - "uid": "prowler-gcp-iam_service_account_unused-nodal-time-474015-p5-global-projects/nodal-time-474015-p5/serviceAccounts/test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "email": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "display_name": "CCC Test User: test-user-trusted", - "keys": [ - { - "name": "2be636359d12f2e126e0d77f6dfaa3ba883c97c6", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-12T13:15:46", - "valid_before": "2025-10-29T13:15:46" - }, - { - "name": "b42bff156412b21c8615812a79d72ba55d6bafb4", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:44", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "24a51f6716e116e4b0c095d727d4a101242b82a2", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "a9ef76bd9a4bf65183c4eca79577351caf8a8b9c", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:47", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "3ec34a6521569dd67684f27f37d1d6ab56db09dc", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:43", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c450c6187eeddc932b29ffd3d0f3e675bf53af62", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:45", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "da1ab7a5db1c4c450463dd8897ce39f496b0ad66", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "f69cf03d448314cf03036f08165420dfe98b3992", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:50", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "ce51dbe0ea021fb2e8124f86d8842546246040c1", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:51", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "9fb92292efcb6cf783f5b7ef3bc67a293bea8a33", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:52", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c0604742fabec0b925df21e0606a25c9e007f571", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:38:22", - "valid_before": "9999-12-31T23:59:59" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "101453138596815216260" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "projects/nodal-time-474015-p5/serviceAccounts/test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "type": "ServiceAccount", - "uid": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended to disable or remove unused Service Accounts.", - "references": [ - "https://cloud.google.com/iam/docs/service-account-overview#identify-unused" - ] - }, - "risk_details": "A malicious actor could make use of privilege escalation or impersonation to access an unused Service Account that is over-privileged.", - "time": 1760900732, - "time_dt": "2025-10-19T19:05:32.768934", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Service Account 784623368087-compute@developer.gserviceaccount.com was not used over the last 180 days.", - "metadata": { - "event_code": "iam_service_account_unused", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Service Account 784623368087-compute@developer.gserviceaccount.com was not used over the last 180 days.", - "status_id": 1, - "unmapped": { - "related_url": "https://cloud.google.com/iam/docs/service-account-overview#identify-unused", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "MITRE-ATTACK": [ - "T1078" - ], - "NIS2": [ - "6.2.2.b", - "11.1.2.c", - "11.2.2.a", - "11.2.2.d", - "11.3.1", - "11.3.2.a", - "11.3.2.c", - "11.4.2.a", - "11.4.2.c", - "11.5.4" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900732, - "created_time_dt": "2025-10-19T19:05:32.768934", - "desc": "Ensure That There Are No Unused Service Accounts.", - "title": "Ensure That There Are No Unused Service Accounts", - "types": [], - "uid": "prowler-gcp-iam_service_account_unused-nodal-time-474015-p5-global-projects/nodal-time-474015-p5/serviceAccounts/784623368087-compute@developer.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/784623368087-compute@developer.gserviceaccount.com", - "email": "784623368087-compute@developer.gserviceaccount.com", - "display_name": "Compute Engine default service account", - "keys": [ - { - "name": "93b9e85d69bcb0503b5a7696d8b3bf5855a91d37", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-15T10:25:01", - "valid_before": "2025-10-31T10:25:01" - }, - { - "name": "202c306e41b020fefe81250bea563d31c07138e3", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-06T10:25:01", - "valid_before": "2025-10-23T10:25:01" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "111974737467208838860" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "projects/nodal-time-474015-p5/serviceAccounts/784623368087-compute@developer.gserviceaccount.com", - "type": "ServiceAccount", - "uid": "784623368087-compute@developer.gserviceaccount.com" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended to disable or remove unused Service Accounts.", - "references": [ - "https://cloud.google.com/iam/docs/service-account-overview#identify-unused" - ] - }, - "risk_details": "A malicious actor could make use of privilege escalation or impersonation to access an unused Service Account that is over-privileged.", - "time": 1760900732, - "time_dt": "2025-10-19T19:05:32.768934", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Service Account vertex-ai-workbench-sa@nodal-time-474015-p5.iam.gserviceaccount.com was not used over the last 180 days.", - "metadata": { - "event_code": "iam_service_account_unused", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Service Account vertex-ai-workbench-sa@nodal-time-474015-p5.iam.gserviceaccount.com was not used over the last 180 days.", - "status_id": 1, - "unmapped": { - "related_url": "https://cloud.google.com/iam/docs/service-account-overview#identify-unused", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "MITRE-ATTACK": [ - "T1078" - ], - "NIS2": [ - "6.2.2.b", - "11.1.2.c", - "11.2.2.a", - "11.2.2.d", - "11.3.1", - "11.3.2.a", - "11.3.2.c", - "11.4.2.a", - "11.4.2.c", - "11.5.4" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900732, - "created_time_dt": "2025-10-19T19:05:32.768934", - "desc": "Ensure That There Are No Unused Service Accounts.", - "title": "Ensure That There Are No Unused Service Accounts", - "types": [], - "uid": "prowler-gcp-iam_service_account_unused-nodal-time-474015-p5-global-projects/nodal-time-474015-p5/serviceAccounts/vertex-ai-workbench-sa@nodal-time-474015-p5.iam.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/vertex-ai-workbench-sa@nodal-time-474015-p5.iam.gserviceaccount.com", - "email": "vertex-ai-workbench-sa@nodal-time-474015-p5.iam.gserviceaccount.com", - "display_name": "Vertex AI Workbench Service Account", - "keys": [ - { - "name": "92e39887344dae71e19dc25c005a53a68ceb62cb", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-15T23:25:14", - "valid_before": "2025-11-01T23:25:14" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "108352930858191263233" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "projects/nodal-time-474015-p5/serviceAccounts/vertex-ai-workbench-sa@nodal-time-474015-p5.iam.gserviceaccount.com", - "type": "ServiceAccount", - "uid": "vertex-ai-workbench-sa@nodal-time-474015-p5.iam.gserviceaccount.com" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended to disable or remove unused Service Accounts.", - "references": [ - "https://cloud.google.com/iam/docs/service-account-overview#identify-unused" - ] - }, - "risk_details": "A malicious actor could make use of privilege escalation or impersonation to access an unused Service Account that is over-privileged.", - "time": 1760900732, - "time_dt": "2025-10-19T19:05:32.768934", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Key cfi-bucket-key-13fa4761 is not exposed to Public.", - "metadata": { - "event_code": "kms_key_not_publicly_accessible", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Key cfi-bucket-key-13fa4761 is not exposed to Public.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.9" - ], - "ISO27001-2022": [ - "A.8.1", - "A.8.12", - "A.8.24" - ], - "ENS-RD2022": [ - "op.exp.10.gcp.kms.1" - ], - "PCI-4.0": [ - "10.3.3.6", - "3.5.1.1.7", - "3.5.1.1.8", - "3.5.1.3.15", - "3.5.1.3.16", - "3.5.1.5", - "3.5.1.15", - "3.5.1.16", - "3.5.1.17", - "3.5.1.31", - "3.5.1.32", - "3.5.1.35", - "3.6.1.2.7", - "3.6.1.2.8", - "3.6.1.3.7", - "3.6.1.3.8", - "3.6.1.4.7", - "3.6.1.4.8", - "3.6.1.7", - "3.6.1.8", - "3.7.1.8", - "3.7.1.9", - "3.7.2.7", - "3.7.2.8", - "3.7.4.5", - "3.7.4.8", - "3.7.4.9", - "3.7.5.2", - "3.7.6.7", - "3.7.6.8", - "3.7.7.7", - "3.7.7.8", - "4.2.1.1.20", - "4.2.1.1.21", - "7.2.1.9", - "7.2.1.10", - "7.2.2.9", - "7.2.2.10", - "7.2.3.5", - "7.2.3.6", - "7.2.5.5", - "7.2.5.6", - "7.3.1.5", - "7.3.1.6", - "7.3.2.5", - "7.3.2.6", - "7.3.3.5", - "7.3.3.6", - "8.2.7.5", - "8.2.7.6", - "8.2.8.7", - "8.2.8.8", - "8.3.2.9", - "8.3.2.24", - "8.3.2.50", - "8.3.2.51", - "8.3.2.53", - "8.3.2.54", - "8.3.4.5", - "8.3.4.6", - "A1.2.1.11" - ], - "MITRE-ATTACK": [ - "T1190" - ], - "CIS-2.0": [ - "1.9" - ], - "NIS2": [ - "9.2.c", - "9.2.c.i", - "9.2.c.iv", - "9.2.c.vi", - "9.2.c.xii", - "11.4.2.c", - "11.6.1" - ], - "ProwlerThreatScore-1.0": [ - "1.2.3" - ], - "CIS-4.0": [ - "1.9" - ], - "CCC": [ - "CCC.GenAI.CN03.AR01", - "CCC.GenAI.CN04.AR01", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR01", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN02.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04", - "CCC.Core.CN11.AR05", - "CCC.Core.CN11.AR06", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900732, - "created_time_dt": "2025-10-19T19:05:32.768934", - "desc": "Check for Publicly Accessible Cloud KMS Keys", - "title": "Check for Publicly Accessible Cloud KMS Keys", - "types": [], - "uid": "prowler-gcp-kms_key_not_publicly_accessible-nodal-time-474015-p5-us-central1-cfi-bucket-key-13fa4761" - }, - "resources": [ - { - "region": "us-central1", - "data": { - "details": "", - "metadata": { - "id": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-13fa4761/cryptoKeys/cfi-bucket-key-13fa4761", - "name": "cfi-bucket-key-13fa4761", - "location": "us-central1", - "rotation_period": null, - "next_rotation_time": null, - "key_ring": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-13fa4761", - "members": [], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "cfi-bucket-key-13fa4761", - "type": "CryptoKey", - "uid": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-13fa4761/cryptoKeys/cfi-bucket-key-13fa4761" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-central1" - }, - "remediation": { - "desc": "To deny access from anonymous and public users, remove the bindings for 'allUsers' and 'allAuthenticatedUsers' members from the KMS key's IAM policy.", - "references": [ - "https://cloud.google.com/kms/docs/iam" - ] - }, - "risk_details": "Ensure that the IAM policy associated with your Cloud Key Management Service (KMS) keys is restricting anonymous and/or public access", - "time": 1760900732, - "time_dt": "2025-10-19T19:05:32.768934", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Key cfi-bucket-key-1c7d7a2a is not exposed to Public.", - "metadata": { - "event_code": "kms_key_not_publicly_accessible", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Key cfi-bucket-key-1c7d7a2a is not exposed to Public.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.9" - ], - "ISO27001-2022": [ - "A.8.1", - "A.8.12", - "A.8.24" - ], - "ENS-RD2022": [ - "op.exp.10.gcp.kms.1" - ], - "PCI-4.0": [ - "10.3.3.6", - "3.5.1.1.7", - "3.5.1.1.8", - "3.5.1.3.15", - "3.5.1.3.16", - "3.5.1.5", - "3.5.1.15", - "3.5.1.16", - "3.5.1.17", - "3.5.1.31", - "3.5.1.32", - "3.5.1.35", - "3.6.1.2.7", - "3.6.1.2.8", - "3.6.1.3.7", - "3.6.1.3.8", - "3.6.1.4.7", - "3.6.1.4.8", - "3.6.1.7", - "3.6.1.8", - "3.7.1.8", - "3.7.1.9", - "3.7.2.7", - "3.7.2.8", - "3.7.4.5", - "3.7.4.8", - "3.7.4.9", - "3.7.5.2", - "3.7.6.7", - "3.7.6.8", - "3.7.7.7", - "3.7.7.8", - "4.2.1.1.20", - "4.2.1.1.21", - "7.2.1.9", - "7.2.1.10", - "7.2.2.9", - "7.2.2.10", - "7.2.3.5", - "7.2.3.6", - "7.2.5.5", - "7.2.5.6", - "7.3.1.5", - "7.3.1.6", - "7.3.2.5", - "7.3.2.6", - "7.3.3.5", - "7.3.3.6", - "8.2.7.5", - "8.2.7.6", - "8.2.8.7", - "8.2.8.8", - "8.3.2.9", - "8.3.2.24", - "8.3.2.50", - "8.3.2.51", - "8.3.2.53", - "8.3.2.54", - "8.3.4.5", - "8.3.4.6", - "A1.2.1.11" - ], - "MITRE-ATTACK": [ - "T1190" - ], - "CIS-2.0": [ - "1.9" - ], - "NIS2": [ - "9.2.c", - "9.2.c.i", - "9.2.c.iv", - "9.2.c.vi", - "9.2.c.xii", - "11.4.2.c", - "11.6.1" - ], - "ProwlerThreatScore-1.0": [ - "1.2.3" - ], - "CIS-4.0": [ - "1.9" - ], - "CCC": [ - "CCC.GenAI.CN03.AR01", - "CCC.GenAI.CN04.AR01", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR01", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN02.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04", - "CCC.Core.CN11.AR05", - "CCC.Core.CN11.AR06", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900732, - "created_time_dt": "2025-10-19T19:05:32.768934", - "desc": "Check for Publicly Accessible Cloud KMS Keys", - "title": "Check for Publicly Accessible Cloud KMS Keys", - "types": [], - "uid": "prowler-gcp-kms_key_not_publicly_accessible-nodal-time-474015-p5-us-central1-cfi-bucket-key-1c7d7a2a" - }, - "resources": [ - { - "region": "us-central1", - "data": { - "details": "", - "metadata": { - "id": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-1c7d7a2a/cryptoKeys/cfi-bucket-key-1c7d7a2a", - "name": "cfi-bucket-key-1c7d7a2a", - "location": "us-central1", - "rotation_period": null, - "next_rotation_time": null, - "key_ring": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-1c7d7a2a", - "members": [], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "cfi-bucket-key-1c7d7a2a", - "type": "CryptoKey", - "uid": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-1c7d7a2a/cryptoKeys/cfi-bucket-key-1c7d7a2a" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-central1" - }, - "remediation": { - "desc": "To deny access from anonymous and public users, remove the bindings for 'allUsers' and 'allAuthenticatedUsers' members from the KMS key's IAM policy.", - "references": [ - "https://cloud.google.com/kms/docs/iam" - ] - }, - "risk_details": "Ensure that the IAM policy associated with your Cloud Key Management Service (KMS) keys is restricting anonymous and/or public access", - "time": 1760900732, - "time_dt": "2025-10-19T19:05:32.768934", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Key cfi-bucket-key-1fba850e is not exposed to Public.", - "metadata": { - "event_code": "kms_key_not_publicly_accessible", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Key cfi-bucket-key-1fba850e is not exposed to Public.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.9" - ], - "ISO27001-2022": [ - "A.8.1", - "A.8.12", - "A.8.24" - ], - "ENS-RD2022": [ - "op.exp.10.gcp.kms.1" - ], - "PCI-4.0": [ - "10.3.3.6", - "3.5.1.1.7", - "3.5.1.1.8", - "3.5.1.3.15", - "3.5.1.3.16", - "3.5.1.5", - "3.5.1.15", - "3.5.1.16", - "3.5.1.17", - "3.5.1.31", - "3.5.1.32", - "3.5.1.35", - "3.6.1.2.7", - "3.6.1.2.8", - "3.6.1.3.7", - "3.6.1.3.8", - "3.6.1.4.7", - "3.6.1.4.8", - "3.6.1.7", - "3.6.1.8", - "3.7.1.8", - "3.7.1.9", - "3.7.2.7", - "3.7.2.8", - "3.7.4.5", - "3.7.4.8", - "3.7.4.9", - "3.7.5.2", - "3.7.6.7", - "3.7.6.8", - "3.7.7.7", - "3.7.7.8", - "4.2.1.1.20", - "4.2.1.1.21", - "7.2.1.9", - "7.2.1.10", - "7.2.2.9", - "7.2.2.10", - "7.2.3.5", - "7.2.3.6", - "7.2.5.5", - "7.2.5.6", - "7.3.1.5", - "7.3.1.6", - "7.3.2.5", - "7.3.2.6", - "7.3.3.5", - "7.3.3.6", - "8.2.7.5", - "8.2.7.6", - "8.2.8.7", - "8.2.8.8", - "8.3.2.9", - "8.3.2.24", - "8.3.2.50", - "8.3.2.51", - "8.3.2.53", - "8.3.2.54", - "8.3.4.5", - "8.3.4.6", - "A1.2.1.11" - ], - "MITRE-ATTACK": [ - "T1190" - ], - "CIS-2.0": [ - "1.9" - ], - "NIS2": [ - "9.2.c", - "9.2.c.i", - "9.2.c.iv", - "9.2.c.vi", - "9.2.c.xii", - "11.4.2.c", - "11.6.1" - ], - "ProwlerThreatScore-1.0": [ - "1.2.3" - ], - "CIS-4.0": [ - "1.9" - ], - "CCC": [ - "CCC.GenAI.CN03.AR01", - "CCC.GenAI.CN04.AR01", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR01", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN02.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04", - "CCC.Core.CN11.AR05", - "CCC.Core.CN11.AR06", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900732, - "created_time_dt": "2025-10-19T19:05:32.768934", - "desc": "Check for Publicly Accessible Cloud KMS Keys", - "title": "Check for Publicly Accessible Cloud KMS Keys", - "types": [], - "uid": "prowler-gcp-kms_key_not_publicly_accessible-nodal-time-474015-p5-us-central1-cfi-bucket-key-1fba850e" - }, - "resources": [ - { - "region": "us-central1", - "data": { - "details": "", - "metadata": { - "id": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-1fba850e/cryptoKeys/cfi-bucket-key-1fba850e", - "name": "cfi-bucket-key-1fba850e", - "location": "us-central1", - "rotation_period": "2592000s", - "next_rotation_time": "2025-11-15T23:25:31.957183Z", - "key_ring": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-1fba850e", - "members": [], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "cfi-bucket-key-1fba850e", - "type": "CryptoKey", - "uid": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-1fba850e/cryptoKeys/cfi-bucket-key-1fba850e" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-central1" - }, - "remediation": { - "desc": "To deny access from anonymous and public users, remove the bindings for 'allUsers' and 'allAuthenticatedUsers' members from the KMS key's IAM policy.", - "references": [ - "https://cloud.google.com/kms/docs/iam" - ] - }, - "risk_details": "Ensure that the IAM policy associated with your Cloud Key Management Service (KMS) keys is restricting anonymous and/or public access", - "time": 1760900732, - "time_dt": "2025-10-19T19:05:32.768934", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Key cfi-bucket-key-4cd10935 is not exposed to Public.", - "metadata": { - "event_code": "kms_key_not_publicly_accessible", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Key cfi-bucket-key-4cd10935 is not exposed to Public.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.9" - ], - "ISO27001-2022": [ - "A.8.1", - "A.8.12", - "A.8.24" - ], - "ENS-RD2022": [ - "op.exp.10.gcp.kms.1" - ], - "PCI-4.0": [ - "10.3.3.6", - "3.5.1.1.7", - "3.5.1.1.8", - "3.5.1.3.15", - "3.5.1.3.16", - "3.5.1.5", - "3.5.1.15", - "3.5.1.16", - "3.5.1.17", - "3.5.1.31", - "3.5.1.32", - "3.5.1.35", - "3.6.1.2.7", - "3.6.1.2.8", - "3.6.1.3.7", - "3.6.1.3.8", - "3.6.1.4.7", - "3.6.1.4.8", - "3.6.1.7", - "3.6.1.8", - "3.7.1.8", - "3.7.1.9", - "3.7.2.7", - "3.7.2.8", - "3.7.4.5", - "3.7.4.8", - "3.7.4.9", - "3.7.5.2", - "3.7.6.7", - "3.7.6.8", - "3.7.7.7", - "3.7.7.8", - "4.2.1.1.20", - "4.2.1.1.21", - "7.2.1.9", - "7.2.1.10", - "7.2.2.9", - "7.2.2.10", - "7.2.3.5", - "7.2.3.6", - "7.2.5.5", - "7.2.5.6", - "7.3.1.5", - "7.3.1.6", - "7.3.2.5", - "7.3.2.6", - "7.3.3.5", - "7.3.3.6", - "8.2.7.5", - "8.2.7.6", - "8.2.8.7", - "8.2.8.8", - "8.3.2.9", - "8.3.2.24", - "8.3.2.50", - "8.3.2.51", - "8.3.2.53", - "8.3.2.54", - "8.3.4.5", - "8.3.4.6", - "A1.2.1.11" - ], - "MITRE-ATTACK": [ - "T1190" - ], - "CIS-2.0": [ - "1.9" - ], - "NIS2": [ - "9.2.c", - "9.2.c.i", - "9.2.c.iv", - "9.2.c.vi", - "9.2.c.xii", - "11.4.2.c", - "11.6.1" - ], - "ProwlerThreatScore-1.0": [ - "1.2.3" - ], - "CIS-4.0": [ - "1.9" - ], - "CCC": [ - "CCC.GenAI.CN03.AR01", - "CCC.GenAI.CN04.AR01", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR01", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN02.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04", - "CCC.Core.CN11.AR05", - "CCC.Core.CN11.AR06", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900732, - "created_time_dt": "2025-10-19T19:05:32.768934", - "desc": "Check for Publicly Accessible Cloud KMS Keys", - "title": "Check for Publicly Accessible Cloud KMS Keys", - "types": [], - "uid": "prowler-gcp-kms_key_not_publicly_accessible-nodal-time-474015-p5-us-central1-cfi-bucket-key-4cd10935" - }, - "resources": [ - { - "region": "us-central1", - "data": { - "details": "", - "metadata": { - "id": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-4cd10935/cryptoKeys/cfi-bucket-key-4cd10935", - "name": "cfi-bucket-key-4cd10935", - "location": "us-central1", - "rotation_period": null, - "next_rotation_time": null, - "key_ring": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-4cd10935", - "members": [], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "cfi-bucket-key-4cd10935", - "type": "CryptoKey", - "uid": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-4cd10935/cryptoKeys/cfi-bucket-key-4cd10935" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-central1" - }, - "remediation": { - "desc": "To deny access from anonymous and public users, remove the bindings for 'allUsers' and 'allAuthenticatedUsers' members from the KMS key's IAM policy.", - "references": [ - "https://cloud.google.com/kms/docs/iam" - ] - }, - "risk_details": "Ensure that the IAM policy associated with your Cloud Key Management Service (KMS) keys is restricting anonymous and/or public access", - "time": 1760900732, - "time_dt": "2025-10-19T19:05:32.768934", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Key cfi-bucket-key-7a427af0 is not exposed to Public.", - "metadata": { - "event_code": "kms_key_not_publicly_accessible", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Key cfi-bucket-key-7a427af0 is not exposed to Public.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.9" - ], - "ISO27001-2022": [ - "A.8.1", - "A.8.12", - "A.8.24" - ], - "ENS-RD2022": [ - "op.exp.10.gcp.kms.1" - ], - "PCI-4.0": [ - "10.3.3.6", - "3.5.1.1.7", - "3.5.1.1.8", - "3.5.1.3.15", - "3.5.1.3.16", - "3.5.1.5", - "3.5.1.15", - "3.5.1.16", - "3.5.1.17", - "3.5.1.31", - "3.5.1.32", - "3.5.1.35", - "3.6.1.2.7", - "3.6.1.2.8", - "3.6.1.3.7", - "3.6.1.3.8", - "3.6.1.4.7", - "3.6.1.4.8", - "3.6.1.7", - "3.6.1.8", - "3.7.1.8", - "3.7.1.9", - "3.7.2.7", - "3.7.2.8", - "3.7.4.5", - "3.7.4.8", - "3.7.4.9", - "3.7.5.2", - "3.7.6.7", - "3.7.6.8", - "3.7.7.7", - "3.7.7.8", - "4.2.1.1.20", - "4.2.1.1.21", - "7.2.1.9", - "7.2.1.10", - "7.2.2.9", - "7.2.2.10", - "7.2.3.5", - "7.2.3.6", - "7.2.5.5", - "7.2.5.6", - "7.3.1.5", - "7.3.1.6", - "7.3.2.5", - "7.3.2.6", - "7.3.3.5", - "7.3.3.6", - "8.2.7.5", - "8.2.7.6", - "8.2.8.7", - "8.2.8.8", - "8.3.2.9", - "8.3.2.24", - "8.3.2.50", - "8.3.2.51", - "8.3.2.53", - "8.3.2.54", - "8.3.4.5", - "8.3.4.6", - "A1.2.1.11" - ], - "MITRE-ATTACK": [ - "T1190" - ], - "CIS-2.0": [ - "1.9" - ], - "NIS2": [ - "9.2.c", - "9.2.c.i", - "9.2.c.iv", - "9.2.c.vi", - "9.2.c.xii", - "11.4.2.c", - "11.6.1" - ], - "ProwlerThreatScore-1.0": [ - "1.2.3" - ], - "CIS-4.0": [ - "1.9" - ], - "CCC": [ - "CCC.GenAI.CN03.AR01", - "CCC.GenAI.CN04.AR01", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR01", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN02.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04", - "CCC.Core.CN11.AR05", - "CCC.Core.CN11.AR06", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900732, - "created_time_dt": "2025-10-19T19:05:32.768934", - "desc": "Check for Publicly Accessible Cloud KMS Keys", - "title": "Check for Publicly Accessible Cloud KMS Keys", - "types": [], - "uid": "prowler-gcp-kms_key_not_publicly_accessible-nodal-time-474015-p5-us-central1-cfi-bucket-key-7a427af0" - }, - "resources": [ - { - "region": "us-central1", - "data": { - "details": "", - "metadata": { - "id": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-7a427af0/cryptoKeys/cfi-bucket-key-7a427af0", - "name": "cfi-bucket-key-7a427af0", - "location": "us-central1", - "rotation_period": "2592000s", - "next_rotation_time": "2025-11-16T15:28:10.344444Z", - "key_ring": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-7a427af0", - "members": [], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "cfi-bucket-key-7a427af0", - "type": "CryptoKey", - "uid": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-7a427af0/cryptoKeys/cfi-bucket-key-7a427af0" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-central1" - }, - "remediation": { - "desc": "To deny access from anonymous and public users, remove the bindings for 'allUsers' and 'allAuthenticatedUsers' members from the KMS key's IAM policy.", - "references": [ - "https://cloud.google.com/kms/docs/iam" - ] - }, - "risk_details": "Ensure that the IAM policy associated with your Cloud Key Management Service (KMS) keys is restricting anonymous and/or public access", - "time": 1760900732, - "time_dt": "2025-10-19T19:05:32.768934", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Key cfi-bucket-key-a03be2ac is not exposed to Public.", - "metadata": { - "event_code": "kms_key_not_publicly_accessible", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Key cfi-bucket-key-a03be2ac is not exposed to Public.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.9" - ], - "ISO27001-2022": [ - "A.8.1", - "A.8.12", - "A.8.24" - ], - "ENS-RD2022": [ - "op.exp.10.gcp.kms.1" - ], - "PCI-4.0": [ - "10.3.3.6", - "3.5.1.1.7", - "3.5.1.1.8", - "3.5.1.3.15", - "3.5.1.3.16", - "3.5.1.5", - "3.5.1.15", - "3.5.1.16", - "3.5.1.17", - "3.5.1.31", - "3.5.1.32", - "3.5.1.35", - "3.6.1.2.7", - "3.6.1.2.8", - "3.6.1.3.7", - "3.6.1.3.8", - "3.6.1.4.7", - "3.6.1.4.8", - "3.6.1.7", - "3.6.1.8", - "3.7.1.8", - "3.7.1.9", - "3.7.2.7", - "3.7.2.8", - "3.7.4.5", - "3.7.4.8", - "3.7.4.9", - "3.7.5.2", - "3.7.6.7", - "3.7.6.8", - "3.7.7.7", - "3.7.7.8", - "4.2.1.1.20", - "4.2.1.1.21", - "7.2.1.9", - "7.2.1.10", - "7.2.2.9", - "7.2.2.10", - "7.2.3.5", - "7.2.3.6", - "7.2.5.5", - "7.2.5.6", - "7.3.1.5", - "7.3.1.6", - "7.3.2.5", - "7.3.2.6", - "7.3.3.5", - "7.3.3.6", - "8.2.7.5", - "8.2.7.6", - "8.2.8.7", - "8.2.8.8", - "8.3.2.9", - "8.3.2.24", - "8.3.2.50", - "8.3.2.51", - "8.3.2.53", - "8.3.2.54", - "8.3.4.5", - "8.3.4.6", - "A1.2.1.11" - ], - "MITRE-ATTACK": [ - "T1190" - ], - "CIS-2.0": [ - "1.9" - ], - "NIS2": [ - "9.2.c", - "9.2.c.i", - "9.2.c.iv", - "9.2.c.vi", - "9.2.c.xii", - "11.4.2.c", - "11.6.1" - ], - "ProwlerThreatScore-1.0": [ - "1.2.3" - ], - "CIS-4.0": [ - "1.9" - ], - "CCC": [ - "CCC.GenAI.CN03.AR01", - "CCC.GenAI.CN04.AR01", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR01", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN02.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04", - "CCC.Core.CN11.AR05", - "CCC.Core.CN11.AR06", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900732, - "created_time_dt": "2025-10-19T19:05:32.768934", - "desc": "Check for Publicly Accessible Cloud KMS Keys", - "title": "Check for Publicly Accessible Cloud KMS Keys", - "types": [], - "uid": "prowler-gcp-kms_key_not_publicly_accessible-nodal-time-474015-p5-us-central1-cfi-bucket-key-a03be2ac" - }, - "resources": [ - { - "region": "us-central1", - "data": { - "details": "", - "metadata": { - "id": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-a03be2ac/cryptoKeys/cfi-bucket-key-a03be2ac", - "name": "cfi-bucket-key-a03be2ac", - "location": "us-central1", - "rotation_period": null, - "next_rotation_time": null, - "key_ring": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-a03be2ac", - "members": [], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "cfi-bucket-key-a03be2ac", - "type": "CryptoKey", - "uid": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-a03be2ac/cryptoKeys/cfi-bucket-key-a03be2ac" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-central1" - }, - "remediation": { - "desc": "To deny access from anonymous and public users, remove the bindings for 'allUsers' and 'allAuthenticatedUsers' members from the KMS key's IAM policy.", - "references": [ - "https://cloud.google.com/kms/docs/iam" - ] - }, - "risk_details": "Ensure that the IAM policy associated with your Cloud Key Management Service (KMS) keys is restricting anonymous and/or public access", - "time": 1760900732, - "time_dt": "2025-10-19T19:05:32.768934", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Key cfi-bucket-key-a1aaa547 is not exposed to Public.", - "metadata": { - "event_code": "kms_key_not_publicly_accessible", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Key cfi-bucket-key-a1aaa547 is not exposed to Public.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.9" - ], - "ISO27001-2022": [ - "A.8.1", - "A.8.12", - "A.8.24" - ], - "ENS-RD2022": [ - "op.exp.10.gcp.kms.1" - ], - "PCI-4.0": [ - "10.3.3.6", - "3.5.1.1.7", - "3.5.1.1.8", - "3.5.1.3.15", - "3.5.1.3.16", - "3.5.1.5", - "3.5.1.15", - "3.5.1.16", - "3.5.1.17", - "3.5.1.31", - "3.5.1.32", - "3.5.1.35", - "3.6.1.2.7", - "3.6.1.2.8", - "3.6.1.3.7", - "3.6.1.3.8", - "3.6.1.4.7", - "3.6.1.4.8", - "3.6.1.7", - "3.6.1.8", - "3.7.1.8", - "3.7.1.9", - "3.7.2.7", - "3.7.2.8", - "3.7.4.5", - "3.7.4.8", - "3.7.4.9", - "3.7.5.2", - "3.7.6.7", - "3.7.6.8", - "3.7.7.7", - "3.7.7.8", - "4.2.1.1.20", - "4.2.1.1.21", - "7.2.1.9", - "7.2.1.10", - "7.2.2.9", - "7.2.2.10", - "7.2.3.5", - "7.2.3.6", - "7.2.5.5", - "7.2.5.6", - "7.3.1.5", - "7.3.1.6", - "7.3.2.5", - "7.3.2.6", - "7.3.3.5", - "7.3.3.6", - "8.2.7.5", - "8.2.7.6", - "8.2.8.7", - "8.2.8.8", - "8.3.2.9", - "8.3.2.24", - "8.3.2.50", - "8.3.2.51", - "8.3.2.53", - "8.3.2.54", - "8.3.4.5", - "8.3.4.6", - "A1.2.1.11" - ], - "MITRE-ATTACK": [ - "T1190" - ], - "CIS-2.0": [ - "1.9" - ], - "NIS2": [ - "9.2.c", - "9.2.c.i", - "9.2.c.iv", - "9.2.c.vi", - "9.2.c.xii", - "11.4.2.c", - "11.6.1" - ], - "ProwlerThreatScore-1.0": [ - "1.2.3" - ], - "CIS-4.0": [ - "1.9" - ], - "CCC": [ - "CCC.GenAI.CN03.AR01", - "CCC.GenAI.CN04.AR01", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR01", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN02.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04", - "CCC.Core.CN11.AR05", - "CCC.Core.CN11.AR06", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900732, - "created_time_dt": "2025-10-19T19:05:32.768934", - "desc": "Check for Publicly Accessible Cloud KMS Keys", - "title": "Check for Publicly Accessible Cloud KMS Keys", - "types": [], - "uid": "prowler-gcp-kms_key_not_publicly_accessible-nodal-time-474015-p5-us-central1-cfi-bucket-key-a1aaa547" - }, - "resources": [ - { - "region": "us-central1", - "data": { - "details": "", - "metadata": { - "id": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-a1aaa547/cryptoKeys/cfi-bucket-key-a1aaa547", - "name": "cfi-bucket-key-a1aaa547", - "location": "us-central1", - "rotation_period": "2592000s", - "next_rotation_time": "2025-11-16T00:25:56.259471Z", - "key_ring": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-a1aaa547", - "members": [], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "cfi-bucket-key-a1aaa547", - "type": "CryptoKey", - "uid": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-a1aaa547/cryptoKeys/cfi-bucket-key-a1aaa547" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-central1" - }, - "remediation": { - "desc": "To deny access from anonymous and public users, remove the bindings for 'allUsers' and 'allAuthenticatedUsers' members from the KMS key's IAM policy.", - "references": [ - "https://cloud.google.com/kms/docs/iam" - ] - }, - "risk_details": "Ensure that the IAM policy associated with your Cloud Key Management Service (KMS) keys is restricting anonymous and/or public access", - "time": 1760900732, - "time_dt": "2025-10-19T19:05:32.768934", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Key cfi-bucket-key-e7619e1f is not exposed to Public.", - "metadata": { - "event_code": "kms_key_not_publicly_accessible", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Key cfi-bucket-key-e7619e1f is not exposed to Public.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.9" - ], - "ISO27001-2022": [ - "A.8.1", - "A.8.12", - "A.8.24" - ], - "ENS-RD2022": [ - "op.exp.10.gcp.kms.1" - ], - "PCI-4.0": [ - "10.3.3.6", - "3.5.1.1.7", - "3.5.1.1.8", - "3.5.1.3.15", - "3.5.1.3.16", - "3.5.1.5", - "3.5.1.15", - "3.5.1.16", - "3.5.1.17", - "3.5.1.31", - "3.5.1.32", - "3.5.1.35", - "3.6.1.2.7", - "3.6.1.2.8", - "3.6.1.3.7", - "3.6.1.3.8", - "3.6.1.4.7", - "3.6.1.4.8", - "3.6.1.7", - "3.6.1.8", - "3.7.1.8", - "3.7.1.9", - "3.7.2.7", - "3.7.2.8", - "3.7.4.5", - "3.7.4.8", - "3.7.4.9", - "3.7.5.2", - "3.7.6.7", - "3.7.6.8", - "3.7.7.7", - "3.7.7.8", - "4.2.1.1.20", - "4.2.1.1.21", - "7.2.1.9", - "7.2.1.10", - "7.2.2.9", - "7.2.2.10", - "7.2.3.5", - "7.2.3.6", - "7.2.5.5", - "7.2.5.6", - "7.3.1.5", - "7.3.1.6", - "7.3.2.5", - "7.3.2.6", - "7.3.3.5", - "7.3.3.6", - "8.2.7.5", - "8.2.7.6", - "8.2.8.7", - "8.2.8.8", - "8.3.2.9", - "8.3.2.24", - "8.3.2.50", - "8.3.2.51", - "8.3.2.53", - "8.3.2.54", - "8.3.4.5", - "8.3.4.6", - "A1.2.1.11" - ], - "MITRE-ATTACK": [ - "T1190" - ], - "CIS-2.0": [ - "1.9" - ], - "NIS2": [ - "9.2.c", - "9.2.c.i", - "9.2.c.iv", - "9.2.c.vi", - "9.2.c.xii", - "11.4.2.c", - "11.6.1" - ], - "ProwlerThreatScore-1.0": [ - "1.2.3" - ], - "CIS-4.0": [ - "1.9" - ], - "CCC": [ - "CCC.GenAI.CN03.AR01", - "CCC.GenAI.CN04.AR01", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR01", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN02.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04", - "CCC.Core.CN11.AR05", - "CCC.Core.CN11.AR06", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900732, - "created_time_dt": "2025-10-19T19:05:32.768934", - "desc": "Check for Publicly Accessible Cloud KMS Keys", - "title": "Check for Publicly Accessible Cloud KMS Keys", - "types": [], - "uid": "prowler-gcp-kms_key_not_publicly_accessible-nodal-time-474015-p5-us-central1-cfi-bucket-key-e7619e1f" - }, - "resources": [ - { - "region": "us-central1", - "data": { - "details": "", - "metadata": { - "id": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-e7619e1f/cryptoKeys/cfi-bucket-key-e7619e1f", - "name": "cfi-bucket-key-e7619e1f", - "location": "us-central1", - "rotation_period": null, - "next_rotation_time": null, - "key_ring": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-e7619e1f", - "members": [], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "cfi-bucket-key-e7619e1f", - "type": "CryptoKey", - "uid": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-e7619e1f/cryptoKeys/cfi-bucket-key-e7619e1f" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-central1" - }, - "remediation": { - "desc": "To deny access from anonymous and public users, remove the bindings for 'allUsers' and 'allAuthenticatedUsers' members from the KMS key's IAM policy.", - "references": [ - "https://cloud.google.com/kms/docs/iam" - ] - }, - "risk_details": "Ensure that the IAM policy associated with your Cloud Key Management Service (KMS) keys is restricting anonymous and/or public access", - "time": 1760900732, - "time_dt": "2025-10-19T19:05:32.768934", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Key cfi-bucket-key-f5bc86ea is not exposed to Public.", - "metadata": { - "event_code": "kms_key_not_publicly_accessible", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Key cfi-bucket-key-f5bc86ea is not exposed to Public.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.9" - ], - "ISO27001-2022": [ - "A.8.1", - "A.8.12", - "A.8.24" - ], - "ENS-RD2022": [ - "op.exp.10.gcp.kms.1" - ], - "PCI-4.0": [ - "10.3.3.6", - "3.5.1.1.7", - "3.5.1.1.8", - "3.5.1.3.15", - "3.5.1.3.16", - "3.5.1.5", - "3.5.1.15", - "3.5.1.16", - "3.5.1.17", - "3.5.1.31", - "3.5.1.32", - "3.5.1.35", - "3.6.1.2.7", - "3.6.1.2.8", - "3.6.1.3.7", - "3.6.1.3.8", - "3.6.1.4.7", - "3.6.1.4.8", - "3.6.1.7", - "3.6.1.8", - "3.7.1.8", - "3.7.1.9", - "3.7.2.7", - "3.7.2.8", - "3.7.4.5", - "3.7.4.8", - "3.7.4.9", - "3.7.5.2", - "3.7.6.7", - "3.7.6.8", - "3.7.7.7", - "3.7.7.8", - "4.2.1.1.20", - "4.2.1.1.21", - "7.2.1.9", - "7.2.1.10", - "7.2.2.9", - "7.2.2.10", - "7.2.3.5", - "7.2.3.6", - "7.2.5.5", - "7.2.5.6", - "7.3.1.5", - "7.3.1.6", - "7.3.2.5", - "7.3.2.6", - "7.3.3.5", - "7.3.3.6", - "8.2.7.5", - "8.2.7.6", - "8.2.8.7", - "8.2.8.8", - "8.3.2.9", - "8.3.2.24", - "8.3.2.50", - "8.3.2.51", - "8.3.2.53", - "8.3.2.54", - "8.3.4.5", - "8.3.4.6", - "A1.2.1.11" - ], - "MITRE-ATTACK": [ - "T1190" - ], - "CIS-2.0": [ - "1.9" - ], - "NIS2": [ - "9.2.c", - "9.2.c.i", - "9.2.c.iv", - "9.2.c.vi", - "9.2.c.xii", - "11.4.2.c", - "11.6.1" - ], - "ProwlerThreatScore-1.0": [ - "1.2.3" - ], - "CIS-4.0": [ - "1.9" - ], - "CCC": [ - "CCC.GenAI.CN03.AR01", - "CCC.GenAI.CN04.AR01", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR01", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN02.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04", - "CCC.Core.CN11.AR05", - "CCC.Core.CN11.AR06", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900732, - "created_time_dt": "2025-10-19T19:05:32.768934", - "desc": "Check for Publicly Accessible Cloud KMS Keys", - "title": "Check for Publicly Accessible Cloud KMS Keys", - "types": [], - "uid": "prowler-gcp-kms_key_not_publicly_accessible-nodal-time-474015-p5-us-central1-cfi-bucket-key-f5bc86ea" - }, - "resources": [ - { - "region": "us-central1", - "data": { - "details": "", - "metadata": { - "id": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-f5bc86ea/cryptoKeys/cfi-bucket-key-f5bc86ea", - "name": "cfi-bucket-key-f5bc86ea", - "location": "us-central1", - "rotation_period": null, - "next_rotation_time": null, - "key_ring": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-f5bc86ea", - "members": [], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "cfi-bucket-key-f5bc86ea", - "type": "CryptoKey", - "uid": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-f5bc86ea/cryptoKeys/cfi-bucket-key-f5bc86ea" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-central1" - }, - "remediation": { - "desc": "To deny access from anonymous and public users, remove the bindings for 'allUsers' and 'allAuthenticatedUsers' members from the KMS key's IAM policy.", - "references": [ - "https://cloud.google.com/kms/docs/iam" - ] - }, - "risk_details": "Ensure that the IAM policy associated with your Cloud Key Management Service (KMS) keys is restricting anonymous and/or public access", - "time": 1760900732, - "time_dt": "2025-10-19T19:05:32.768934", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Key cfi-bucket-key-13fa4761 is not rotated every 90 days or less and the next rotation time is in more than 90 days.", - "metadata": { - "event_code": "kms_key_rotation_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "Key cfi-bucket-key-13fa4761 is not rotated every 90 days or less and the next rotation time is in more than 90 days.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.10" - ], - "ISO27001-2022": [ - "A.5.16", - "A.8.12", - "A.8.24" - ], - "ENS-RD2022": [ - "op.acc.6.r1.gcp.ip.1" - ], - "PCI-4.0": [ - "10.3.3.6", - "3.5.1.1.7", - "3.5.1.1.8", - "3.5.1.1.9", - "3.5.1.3.15", - "3.5.1.3.16", - "3.5.1.3.17", - "3.5.1.5", - "3.5.1.15", - "3.5.1.31", - "3.5.1.32", - "3.6.1.2.7", - "3.6.1.2.8", - "3.6.1.2.9", - "3.6.1.3.8", - "3.6.1.3.9", - "3.6.1.4.7", - "3.6.1.4.8", - "3.6.1.4.9", - "3.6.1.7", - "3.6.1.8", - "3.6.1.9", - "3.7.1.9", - "3.7.1.10", - "3.7.2.8", - "3.7.2.9", - "3.7.4.5", - "3.7.4.9", - "3.7.4.10", - "3.7.5.2", - "3.7.6.7", - "3.7.6.8", - "3.7.6.9", - "3.7.7.8", - "3.7.7.9", - "4.2.1.1.20", - "4.2.1.1.21", - "4.2.1.1.22", - "7.2.1.10", - "7.2.2.10", - "7.2.3.5", - "7.2.3.6", - "7.2.5.5", - "7.2.5.6", - "7.3.1.5", - "7.3.1.6", - "7.3.2.6", - "7.3.3.5", - "7.3.3.6", - "8.2.7.5", - "8.2.7.6", - "8.2.8.8", - "8.3.10.1.1", - "8.3.2.9", - "8.3.2.22", - "8.3.2.50", - "8.3.2.51", - "8.3.4.6", - "8.3.5.1", - "8.3.7.1", - "8.3.9.1", - "8.6.3.1", - "A1.2.1.11" - ], - "CIS-2.0": [ - "1.10" - ], - "NIS2": [ - "9.2.c", - "9.2.c.i", - "9.2.c.ii", - "9.2.c.v", - "9.2.c.vi", - "9.2.c.xii", - "11.4.2.c", - "11.6.1", - "11.6.2.c", - "12.2.2.a", - "12.2.2.b" - ], - "ProwlerThreatScore-1.0": [ - "1.2.4" - ], - "CIS-4.0": [ - "1.10" - ], - "CCC": [ - "CCC.GenAI.CN08.AR01", - "CCC.KeyMgmt.CN03.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR01", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.Core.CN13.AR03", - "CCC.Core.CN02.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04", - "CCC.Core.CN11.AR05", - "CCC.Core.CN11.AR06", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900732, - "created_time_dt": "2025-10-19T19:05:32.768934", - "desc": "Ensure KMS keys are rotated within a period of 90 days", - "title": "Ensure KMS keys are rotated within a period of 90 days", - "types": [], - "uid": "prowler-gcp-kms_key_rotation_enabled-nodal-time-474015-p5-us-central1-cfi-bucket-key-13fa4761" - }, - "resources": [ - { - "region": "us-central1", - "data": { - "details": "", - "metadata": { - "id": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-13fa4761/cryptoKeys/cfi-bucket-key-13fa4761", - "name": "cfi-bucket-key-13fa4761", - "location": "us-central1", - "rotation_period": null, - "next_rotation_time": null, - "key_ring": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-13fa4761", - "members": [], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "cfi-bucket-key-13fa4761", - "type": "CryptoKey", - "uid": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-13fa4761/cryptoKeys/cfi-bucket-key-13fa4761" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-central1" - }, - "remediation": { - "desc": "After a successful key rotation, the older key version is required in order to decrypt the data encrypted by that previous key version.", - "references": [ - "https://cloud.google.com/iam/docs/manage-access-service-accounts" - ] - }, - "risk_details": "Ensure that all your Cloud Key Management Service (KMS) keys are rotated within a period of 90 days in order to meet security and compliance requirements", - "time": 1760900732, - "time_dt": "2025-10-19T19:05:32.768934", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Key cfi-bucket-key-1c7d7a2a is not rotated every 90 days or less and the next rotation time is in more than 90 days.", - "metadata": { - "event_code": "kms_key_rotation_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "Key cfi-bucket-key-1c7d7a2a is not rotated every 90 days or less and the next rotation time is in more than 90 days.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.10" - ], - "ISO27001-2022": [ - "A.5.16", - "A.8.12", - "A.8.24" - ], - "ENS-RD2022": [ - "op.acc.6.r1.gcp.ip.1" - ], - "PCI-4.0": [ - "10.3.3.6", - "3.5.1.1.7", - "3.5.1.1.8", - "3.5.1.1.9", - "3.5.1.3.15", - "3.5.1.3.16", - "3.5.1.3.17", - "3.5.1.5", - "3.5.1.15", - "3.5.1.31", - "3.5.1.32", - "3.6.1.2.7", - "3.6.1.2.8", - "3.6.1.2.9", - "3.6.1.3.8", - "3.6.1.3.9", - "3.6.1.4.7", - "3.6.1.4.8", - "3.6.1.4.9", - "3.6.1.7", - "3.6.1.8", - "3.6.1.9", - "3.7.1.9", - "3.7.1.10", - "3.7.2.8", - "3.7.2.9", - "3.7.4.5", - "3.7.4.9", - "3.7.4.10", - "3.7.5.2", - "3.7.6.7", - "3.7.6.8", - "3.7.6.9", - "3.7.7.8", - "3.7.7.9", - "4.2.1.1.20", - "4.2.1.1.21", - "4.2.1.1.22", - "7.2.1.10", - "7.2.2.10", - "7.2.3.5", - "7.2.3.6", - "7.2.5.5", - "7.2.5.6", - "7.3.1.5", - "7.3.1.6", - "7.3.2.6", - "7.3.3.5", - "7.3.3.6", - "8.2.7.5", - "8.2.7.6", - "8.2.8.8", - "8.3.10.1.1", - "8.3.2.9", - "8.3.2.22", - "8.3.2.50", - "8.3.2.51", - "8.3.4.6", - "8.3.5.1", - "8.3.7.1", - "8.3.9.1", - "8.6.3.1", - "A1.2.1.11" - ], - "CIS-2.0": [ - "1.10" - ], - "NIS2": [ - "9.2.c", - "9.2.c.i", - "9.2.c.ii", - "9.2.c.v", - "9.2.c.vi", - "9.2.c.xii", - "11.4.2.c", - "11.6.1", - "11.6.2.c", - "12.2.2.a", - "12.2.2.b" - ], - "ProwlerThreatScore-1.0": [ - "1.2.4" - ], - "CIS-4.0": [ - "1.10" - ], - "CCC": [ - "CCC.GenAI.CN08.AR01", - "CCC.KeyMgmt.CN03.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR01", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.Core.CN13.AR03", - "CCC.Core.CN02.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04", - "CCC.Core.CN11.AR05", - "CCC.Core.CN11.AR06", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900732, - "created_time_dt": "2025-10-19T19:05:32.768934", - "desc": "Ensure KMS keys are rotated within a period of 90 days", - "title": "Ensure KMS keys are rotated within a period of 90 days", - "types": [], - "uid": "prowler-gcp-kms_key_rotation_enabled-nodal-time-474015-p5-us-central1-cfi-bucket-key-1c7d7a2a" - }, - "resources": [ - { - "region": "us-central1", - "data": { - "details": "", - "metadata": { - "id": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-1c7d7a2a/cryptoKeys/cfi-bucket-key-1c7d7a2a", - "name": "cfi-bucket-key-1c7d7a2a", - "location": "us-central1", - "rotation_period": null, - "next_rotation_time": null, - "key_ring": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-1c7d7a2a", - "members": [], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "cfi-bucket-key-1c7d7a2a", - "type": "CryptoKey", - "uid": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-1c7d7a2a/cryptoKeys/cfi-bucket-key-1c7d7a2a" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-central1" - }, - "remediation": { - "desc": "After a successful key rotation, the older key version is required in order to decrypt the data encrypted by that previous key version.", - "references": [ - "https://cloud.google.com/iam/docs/manage-access-service-accounts" - ] - }, - "risk_details": "Ensure that all your Cloud Key Management Service (KMS) keys are rotated within a period of 90 days in order to meet security and compliance requirements", - "time": 1760900732, - "time_dt": "2025-10-19T19:05:32.768934", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Key cfi-bucket-key-1fba850e is rotated every 90 days or less and the next rotation time is in less than 90 days.", - "metadata": { - "event_code": "kms_key_rotation_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "PASS", - "status_detail": "Key cfi-bucket-key-1fba850e is rotated every 90 days or less and the next rotation time is in less than 90 days.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.10" - ], - "ISO27001-2022": [ - "A.5.16", - "A.8.12", - "A.8.24" - ], - "ENS-RD2022": [ - "op.acc.6.r1.gcp.ip.1" - ], - "PCI-4.0": [ - "10.3.3.6", - "3.5.1.1.7", - "3.5.1.1.8", - "3.5.1.1.9", - "3.5.1.3.15", - "3.5.1.3.16", - "3.5.1.3.17", - "3.5.1.5", - "3.5.1.15", - "3.5.1.31", - "3.5.1.32", - "3.6.1.2.7", - "3.6.1.2.8", - "3.6.1.2.9", - "3.6.1.3.8", - "3.6.1.3.9", - "3.6.1.4.7", - "3.6.1.4.8", - "3.6.1.4.9", - "3.6.1.7", - "3.6.1.8", - "3.6.1.9", - "3.7.1.9", - "3.7.1.10", - "3.7.2.8", - "3.7.2.9", - "3.7.4.5", - "3.7.4.9", - "3.7.4.10", - "3.7.5.2", - "3.7.6.7", - "3.7.6.8", - "3.7.6.9", - "3.7.7.8", - "3.7.7.9", - "4.2.1.1.20", - "4.2.1.1.21", - "4.2.1.1.22", - "7.2.1.10", - "7.2.2.10", - "7.2.3.5", - "7.2.3.6", - "7.2.5.5", - "7.2.5.6", - "7.3.1.5", - "7.3.1.6", - "7.3.2.6", - "7.3.3.5", - "7.3.3.6", - "8.2.7.5", - "8.2.7.6", - "8.2.8.8", - "8.3.10.1.1", - "8.3.2.9", - "8.3.2.22", - "8.3.2.50", - "8.3.2.51", - "8.3.4.6", - "8.3.5.1", - "8.3.7.1", - "8.3.9.1", - "8.6.3.1", - "A1.2.1.11" - ], - "CIS-2.0": [ - "1.10" - ], - "NIS2": [ - "9.2.c", - "9.2.c.i", - "9.2.c.ii", - "9.2.c.v", - "9.2.c.vi", - "9.2.c.xii", - "11.4.2.c", - "11.6.1", - "11.6.2.c", - "12.2.2.a", - "12.2.2.b" - ], - "ProwlerThreatScore-1.0": [ - "1.2.4" - ], - "CIS-4.0": [ - "1.10" - ], - "CCC": [ - "CCC.GenAI.CN08.AR01", - "CCC.KeyMgmt.CN03.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR01", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.Core.CN13.AR03", - "CCC.Core.CN02.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04", - "CCC.Core.CN11.AR05", - "CCC.Core.CN11.AR06", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900732, - "created_time_dt": "2025-10-19T19:05:32.768934", - "desc": "Ensure KMS keys are rotated within a period of 90 days", - "title": "Ensure KMS keys are rotated within a period of 90 days", - "types": [], - "uid": "prowler-gcp-kms_key_rotation_enabled-nodal-time-474015-p5-us-central1-cfi-bucket-key-1fba850e" - }, - "resources": [ - { - "region": "us-central1", - "data": { - "details": "", - "metadata": { - "id": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-1fba850e/cryptoKeys/cfi-bucket-key-1fba850e", - "name": "cfi-bucket-key-1fba850e", - "location": "us-central1", - "rotation_period": "2592000s", - "next_rotation_time": "2025-11-15T23:25:31.957183Z", - "key_ring": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-1fba850e", - "members": [], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "cfi-bucket-key-1fba850e", - "type": "CryptoKey", - "uid": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-1fba850e/cryptoKeys/cfi-bucket-key-1fba850e" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-central1" - }, - "remediation": { - "desc": "After a successful key rotation, the older key version is required in order to decrypt the data encrypted by that previous key version.", - "references": [ - "https://cloud.google.com/iam/docs/manage-access-service-accounts" - ] - }, - "risk_details": "Ensure that all your Cloud Key Management Service (KMS) keys are rotated within a period of 90 days in order to meet security and compliance requirements", - "time": 1760900732, - "time_dt": "2025-10-19T19:05:32.768934", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Key cfi-bucket-key-4cd10935 is not rotated every 90 days or less and the next rotation time is in more than 90 days.", - "metadata": { - "event_code": "kms_key_rotation_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "Key cfi-bucket-key-4cd10935 is not rotated every 90 days or less and the next rotation time is in more than 90 days.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.10" - ], - "ISO27001-2022": [ - "A.5.16", - "A.8.12", - "A.8.24" - ], - "ENS-RD2022": [ - "op.acc.6.r1.gcp.ip.1" - ], - "PCI-4.0": [ - "10.3.3.6", - "3.5.1.1.7", - "3.5.1.1.8", - "3.5.1.1.9", - "3.5.1.3.15", - "3.5.1.3.16", - "3.5.1.3.17", - "3.5.1.5", - "3.5.1.15", - "3.5.1.31", - "3.5.1.32", - "3.6.1.2.7", - "3.6.1.2.8", - "3.6.1.2.9", - "3.6.1.3.8", - "3.6.1.3.9", - "3.6.1.4.7", - "3.6.1.4.8", - "3.6.1.4.9", - "3.6.1.7", - "3.6.1.8", - "3.6.1.9", - "3.7.1.9", - "3.7.1.10", - "3.7.2.8", - "3.7.2.9", - "3.7.4.5", - "3.7.4.9", - "3.7.4.10", - "3.7.5.2", - "3.7.6.7", - "3.7.6.8", - "3.7.6.9", - "3.7.7.8", - "3.7.7.9", - "4.2.1.1.20", - "4.2.1.1.21", - "4.2.1.1.22", - "7.2.1.10", - "7.2.2.10", - "7.2.3.5", - "7.2.3.6", - "7.2.5.5", - "7.2.5.6", - "7.3.1.5", - "7.3.1.6", - "7.3.2.6", - "7.3.3.5", - "7.3.3.6", - "8.2.7.5", - "8.2.7.6", - "8.2.8.8", - "8.3.10.1.1", - "8.3.2.9", - "8.3.2.22", - "8.3.2.50", - "8.3.2.51", - "8.3.4.6", - "8.3.5.1", - "8.3.7.1", - "8.3.9.1", - "8.6.3.1", - "A1.2.1.11" - ], - "CIS-2.0": [ - "1.10" - ], - "NIS2": [ - "9.2.c", - "9.2.c.i", - "9.2.c.ii", - "9.2.c.v", - "9.2.c.vi", - "9.2.c.xii", - "11.4.2.c", - "11.6.1", - "11.6.2.c", - "12.2.2.a", - "12.2.2.b" - ], - "ProwlerThreatScore-1.0": [ - "1.2.4" - ], - "CIS-4.0": [ - "1.10" - ], - "CCC": [ - "CCC.GenAI.CN08.AR01", - "CCC.KeyMgmt.CN03.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR01", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.Core.CN13.AR03", - "CCC.Core.CN02.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04", - "CCC.Core.CN11.AR05", - "CCC.Core.CN11.AR06", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900732, - "created_time_dt": "2025-10-19T19:05:32.768934", - "desc": "Ensure KMS keys are rotated within a period of 90 days", - "title": "Ensure KMS keys are rotated within a period of 90 days", - "types": [], - "uid": "prowler-gcp-kms_key_rotation_enabled-nodal-time-474015-p5-us-central1-cfi-bucket-key-4cd10935" - }, - "resources": [ - { - "region": "us-central1", - "data": { - "details": "", - "metadata": { - "id": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-4cd10935/cryptoKeys/cfi-bucket-key-4cd10935", - "name": "cfi-bucket-key-4cd10935", - "location": "us-central1", - "rotation_period": null, - "next_rotation_time": null, - "key_ring": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-4cd10935", - "members": [], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "cfi-bucket-key-4cd10935", - "type": "CryptoKey", - "uid": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-4cd10935/cryptoKeys/cfi-bucket-key-4cd10935" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-central1" - }, - "remediation": { - "desc": "After a successful key rotation, the older key version is required in order to decrypt the data encrypted by that previous key version.", - "references": [ - "https://cloud.google.com/iam/docs/manage-access-service-accounts" - ] - }, - "risk_details": "Ensure that all your Cloud Key Management Service (KMS) keys are rotated within a period of 90 days in order to meet security and compliance requirements", - "time": 1760900732, - "time_dt": "2025-10-19T19:05:32.768934", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Key cfi-bucket-key-7a427af0 is rotated every 90 days or less and the next rotation time is in less than 90 days.", - "metadata": { - "event_code": "kms_key_rotation_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "PASS", - "status_detail": "Key cfi-bucket-key-7a427af0 is rotated every 90 days or less and the next rotation time is in less than 90 days.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.10" - ], - "ISO27001-2022": [ - "A.5.16", - "A.8.12", - "A.8.24" - ], - "ENS-RD2022": [ - "op.acc.6.r1.gcp.ip.1" - ], - "PCI-4.0": [ - "10.3.3.6", - "3.5.1.1.7", - "3.5.1.1.8", - "3.5.1.1.9", - "3.5.1.3.15", - "3.5.1.3.16", - "3.5.1.3.17", - "3.5.1.5", - "3.5.1.15", - "3.5.1.31", - "3.5.1.32", - "3.6.1.2.7", - "3.6.1.2.8", - "3.6.1.2.9", - "3.6.1.3.8", - "3.6.1.3.9", - "3.6.1.4.7", - "3.6.1.4.8", - "3.6.1.4.9", - "3.6.1.7", - "3.6.1.8", - "3.6.1.9", - "3.7.1.9", - "3.7.1.10", - "3.7.2.8", - "3.7.2.9", - "3.7.4.5", - "3.7.4.9", - "3.7.4.10", - "3.7.5.2", - "3.7.6.7", - "3.7.6.8", - "3.7.6.9", - "3.7.7.8", - "3.7.7.9", - "4.2.1.1.20", - "4.2.1.1.21", - "4.2.1.1.22", - "7.2.1.10", - "7.2.2.10", - "7.2.3.5", - "7.2.3.6", - "7.2.5.5", - "7.2.5.6", - "7.3.1.5", - "7.3.1.6", - "7.3.2.6", - "7.3.3.5", - "7.3.3.6", - "8.2.7.5", - "8.2.7.6", - "8.2.8.8", - "8.3.10.1.1", - "8.3.2.9", - "8.3.2.22", - "8.3.2.50", - "8.3.2.51", - "8.3.4.6", - "8.3.5.1", - "8.3.7.1", - "8.3.9.1", - "8.6.3.1", - "A1.2.1.11" - ], - "CIS-2.0": [ - "1.10" - ], - "NIS2": [ - "9.2.c", - "9.2.c.i", - "9.2.c.ii", - "9.2.c.v", - "9.2.c.vi", - "9.2.c.xii", - "11.4.2.c", - "11.6.1", - "11.6.2.c", - "12.2.2.a", - "12.2.2.b" - ], - "ProwlerThreatScore-1.0": [ - "1.2.4" - ], - "CIS-4.0": [ - "1.10" - ], - "CCC": [ - "CCC.GenAI.CN08.AR01", - "CCC.KeyMgmt.CN03.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR01", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.Core.CN13.AR03", - "CCC.Core.CN02.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04", - "CCC.Core.CN11.AR05", - "CCC.Core.CN11.AR06", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900732, - "created_time_dt": "2025-10-19T19:05:32.768934", - "desc": "Ensure KMS keys are rotated within a period of 90 days", - "title": "Ensure KMS keys are rotated within a period of 90 days", - "types": [], - "uid": "prowler-gcp-kms_key_rotation_enabled-nodal-time-474015-p5-us-central1-cfi-bucket-key-7a427af0" - }, - "resources": [ - { - "region": "us-central1", - "data": { - "details": "", - "metadata": { - "id": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-7a427af0/cryptoKeys/cfi-bucket-key-7a427af0", - "name": "cfi-bucket-key-7a427af0", - "location": "us-central1", - "rotation_period": "2592000s", - "next_rotation_time": "2025-11-16T15:28:10.344444Z", - "key_ring": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-7a427af0", - "members": [], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "cfi-bucket-key-7a427af0", - "type": "CryptoKey", - "uid": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-7a427af0/cryptoKeys/cfi-bucket-key-7a427af0" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-central1" - }, - "remediation": { - "desc": "After a successful key rotation, the older key version is required in order to decrypt the data encrypted by that previous key version.", - "references": [ - "https://cloud.google.com/iam/docs/manage-access-service-accounts" - ] - }, - "risk_details": "Ensure that all your Cloud Key Management Service (KMS) keys are rotated within a period of 90 days in order to meet security and compliance requirements", - "time": 1760900732, - "time_dt": "2025-10-19T19:05:32.768934", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Key cfi-bucket-key-a03be2ac is not rotated every 90 days or less and the next rotation time is in more than 90 days.", - "metadata": { - "event_code": "kms_key_rotation_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "Key cfi-bucket-key-a03be2ac is not rotated every 90 days or less and the next rotation time is in more than 90 days.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.10" - ], - "ISO27001-2022": [ - "A.5.16", - "A.8.12", - "A.8.24" - ], - "ENS-RD2022": [ - "op.acc.6.r1.gcp.ip.1" - ], - "PCI-4.0": [ - "10.3.3.6", - "3.5.1.1.7", - "3.5.1.1.8", - "3.5.1.1.9", - "3.5.1.3.15", - "3.5.1.3.16", - "3.5.1.3.17", - "3.5.1.5", - "3.5.1.15", - "3.5.1.31", - "3.5.1.32", - "3.6.1.2.7", - "3.6.1.2.8", - "3.6.1.2.9", - "3.6.1.3.8", - "3.6.1.3.9", - "3.6.1.4.7", - "3.6.1.4.8", - "3.6.1.4.9", - "3.6.1.7", - "3.6.1.8", - "3.6.1.9", - "3.7.1.9", - "3.7.1.10", - "3.7.2.8", - "3.7.2.9", - "3.7.4.5", - "3.7.4.9", - "3.7.4.10", - "3.7.5.2", - "3.7.6.7", - "3.7.6.8", - "3.7.6.9", - "3.7.7.8", - "3.7.7.9", - "4.2.1.1.20", - "4.2.1.1.21", - "4.2.1.1.22", - "7.2.1.10", - "7.2.2.10", - "7.2.3.5", - "7.2.3.6", - "7.2.5.5", - "7.2.5.6", - "7.3.1.5", - "7.3.1.6", - "7.3.2.6", - "7.3.3.5", - "7.3.3.6", - "8.2.7.5", - "8.2.7.6", - "8.2.8.8", - "8.3.10.1.1", - "8.3.2.9", - "8.3.2.22", - "8.3.2.50", - "8.3.2.51", - "8.3.4.6", - "8.3.5.1", - "8.3.7.1", - "8.3.9.1", - "8.6.3.1", - "A1.2.1.11" - ], - "CIS-2.0": [ - "1.10" - ], - "NIS2": [ - "9.2.c", - "9.2.c.i", - "9.2.c.ii", - "9.2.c.v", - "9.2.c.vi", - "9.2.c.xii", - "11.4.2.c", - "11.6.1", - "11.6.2.c", - "12.2.2.a", - "12.2.2.b" - ], - "ProwlerThreatScore-1.0": [ - "1.2.4" - ], - "CIS-4.0": [ - "1.10" - ], - "CCC": [ - "CCC.GenAI.CN08.AR01", - "CCC.KeyMgmt.CN03.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR01", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.Core.CN13.AR03", - "CCC.Core.CN02.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04", - "CCC.Core.CN11.AR05", - "CCC.Core.CN11.AR06", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900732, - "created_time_dt": "2025-10-19T19:05:32.768934", - "desc": "Ensure KMS keys are rotated within a period of 90 days", - "title": "Ensure KMS keys are rotated within a period of 90 days", - "types": [], - "uid": "prowler-gcp-kms_key_rotation_enabled-nodal-time-474015-p5-us-central1-cfi-bucket-key-a03be2ac" - }, - "resources": [ - { - "region": "us-central1", - "data": { - "details": "", - "metadata": { - "id": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-a03be2ac/cryptoKeys/cfi-bucket-key-a03be2ac", - "name": "cfi-bucket-key-a03be2ac", - "location": "us-central1", - "rotation_period": null, - "next_rotation_time": null, - "key_ring": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-a03be2ac", - "members": [], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "cfi-bucket-key-a03be2ac", - "type": "CryptoKey", - "uid": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-a03be2ac/cryptoKeys/cfi-bucket-key-a03be2ac" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-central1" - }, - "remediation": { - "desc": "After a successful key rotation, the older key version is required in order to decrypt the data encrypted by that previous key version.", - "references": [ - "https://cloud.google.com/iam/docs/manage-access-service-accounts" - ] - }, - "risk_details": "Ensure that all your Cloud Key Management Service (KMS) keys are rotated within a period of 90 days in order to meet security and compliance requirements", - "time": 1760900732, - "time_dt": "2025-10-19T19:05:32.768934", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Key cfi-bucket-key-a1aaa547 is rotated every 90 days or less and the next rotation time is in less than 90 days.", - "metadata": { - "event_code": "kms_key_rotation_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "PASS", - "status_detail": "Key cfi-bucket-key-a1aaa547 is rotated every 90 days or less and the next rotation time is in less than 90 days.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.10" - ], - "ISO27001-2022": [ - "A.5.16", - "A.8.12", - "A.8.24" - ], - "ENS-RD2022": [ - "op.acc.6.r1.gcp.ip.1" - ], - "PCI-4.0": [ - "10.3.3.6", - "3.5.1.1.7", - "3.5.1.1.8", - "3.5.1.1.9", - "3.5.1.3.15", - "3.5.1.3.16", - "3.5.1.3.17", - "3.5.1.5", - "3.5.1.15", - "3.5.1.31", - "3.5.1.32", - "3.6.1.2.7", - "3.6.1.2.8", - "3.6.1.2.9", - "3.6.1.3.8", - "3.6.1.3.9", - "3.6.1.4.7", - "3.6.1.4.8", - "3.6.1.4.9", - "3.6.1.7", - "3.6.1.8", - "3.6.1.9", - "3.7.1.9", - "3.7.1.10", - "3.7.2.8", - "3.7.2.9", - "3.7.4.5", - "3.7.4.9", - "3.7.4.10", - "3.7.5.2", - "3.7.6.7", - "3.7.6.8", - "3.7.6.9", - "3.7.7.8", - "3.7.7.9", - "4.2.1.1.20", - "4.2.1.1.21", - "4.2.1.1.22", - "7.2.1.10", - "7.2.2.10", - "7.2.3.5", - "7.2.3.6", - "7.2.5.5", - "7.2.5.6", - "7.3.1.5", - "7.3.1.6", - "7.3.2.6", - "7.3.3.5", - "7.3.3.6", - "8.2.7.5", - "8.2.7.6", - "8.2.8.8", - "8.3.10.1.1", - "8.3.2.9", - "8.3.2.22", - "8.3.2.50", - "8.3.2.51", - "8.3.4.6", - "8.3.5.1", - "8.3.7.1", - "8.3.9.1", - "8.6.3.1", - "A1.2.1.11" - ], - "CIS-2.0": [ - "1.10" - ], - "NIS2": [ - "9.2.c", - "9.2.c.i", - "9.2.c.ii", - "9.2.c.v", - "9.2.c.vi", - "9.2.c.xii", - "11.4.2.c", - "11.6.1", - "11.6.2.c", - "12.2.2.a", - "12.2.2.b" - ], - "ProwlerThreatScore-1.0": [ - "1.2.4" - ], - "CIS-4.0": [ - "1.10" - ], - "CCC": [ - "CCC.GenAI.CN08.AR01", - "CCC.KeyMgmt.CN03.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR01", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.Core.CN13.AR03", - "CCC.Core.CN02.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04", - "CCC.Core.CN11.AR05", - "CCC.Core.CN11.AR06", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900732, - "created_time_dt": "2025-10-19T19:05:32.768934", - "desc": "Ensure KMS keys are rotated within a period of 90 days", - "title": "Ensure KMS keys are rotated within a period of 90 days", - "types": [], - "uid": "prowler-gcp-kms_key_rotation_enabled-nodal-time-474015-p5-us-central1-cfi-bucket-key-a1aaa547" - }, - "resources": [ - { - "region": "us-central1", - "data": { - "details": "", - "metadata": { - "id": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-a1aaa547/cryptoKeys/cfi-bucket-key-a1aaa547", - "name": "cfi-bucket-key-a1aaa547", - "location": "us-central1", - "rotation_period": "2592000s", - "next_rotation_time": "2025-11-16T00:25:56.259471Z", - "key_ring": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-a1aaa547", - "members": [], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "cfi-bucket-key-a1aaa547", - "type": "CryptoKey", - "uid": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-a1aaa547/cryptoKeys/cfi-bucket-key-a1aaa547" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-central1" - }, - "remediation": { - "desc": "After a successful key rotation, the older key version is required in order to decrypt the data encrypted by that previous key version.", - "references": [ - "https://cloud.google.com/iam/docs/manage-access-service-accounts" - ] - }, - "risk_details": "Ensure that all your Cloud Key Management Service (KMS) keys are rotated within a period of 90 days in order to meet security and compliance requirements", - "time": 1760900732, - "time_dt": "2025-10-19T19:05:32.768934", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Key cfi-bucket-key-e7619e1f is not rotated every 90 days or less and the next rotation time is in more than 90 days.", - "metadata": { - "event_code": "kms_key_rotation_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "Key cfi-bucket-key-e7619e1f is not rotated every 90 days or less and the next rotation time is in more than 90 days.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.10" - ], - "ISO27001-2022": [ - "A.5.16", - "A.8.12", - "A.8.24" - ], - "ENS-RD2022": [ - "op.acc.6.r1.gcp.ip.1" - ], - "PCI-4.0": [ - "10.3.3.6", - "3.5.1.1.7", - "3.5.1.1.8", - "3.5.1.1.9", - "3.5.1.3.15", - "3.5.1.3.16", - "3.5.1.3.17", - "3.5.1.5", - "3.5.1.15", - "3.5.1.31", - "3.5.1.32", - "3.6.1.2.7", - "3.6.1.2.8", - "3.6.1.2.9", - "3.6.1.3.8", - "3.6.1.3.9", - "3.6.1.4.7", - "3.6.1.4.8", - "3.6.1.4.9", - "3.6.1.7", - "3.6.1.8", - "3.6.1.9", - "3.7.1.9", - "3.7.1.10", - "3.7.2.8", - "3.7.2.9", - "3.7.4.5", - "3.7.4.9", - "3.7.4.10", - "3.7.5.2", - "3.7.6.7", - "3.7.6.8", - "3.7.6.9", - "3.7.7.8", - "3.7.7.9", - "4.2.1.1.20", - "4.2.1.1.21", - "4.2.1.1.22", - "7.2.1.10", - "7.2.2.10", - "7.2.3.5", - "7.2.3.6", - "7.2.5.5", - "7.2.5.6", - "7.3.1.5", - "7.3.1.6", - "7.3.2.6", - "7.3.3.5", - "7.3.3.6", - "8.2.7.5", - "8.2.7.6", - "8.2.8.8", - "8.3.10.1.1", - "8.3.2.9", - "8.3.2.22", - "8.3.2.50", - "8.3.2.51", - "8.3.4.6", - "8.3.5.1", - "8.3.7.1", - "8.3.9.1", - "8.6.3.1", - "A1.2.1.11" - ], - "CIS-2.0": [ - "1.10" - ], - "NIS2": [ - "9.2.c", - "9.2.c.i", - "9.2.c.ii", - "9.2.c.v", - "9.2.c.vi", - "9.2.c.xii", - "11.4.2.c", - "11.6.1", - "11.6.2.c", - "12.2.2.a", - "12.2.2.b" - ], - "ProwlerThreatScore-1.0": [ - "1.2.4" - ], - "CIS-4.0": [ - "1.10" - ], - "CCC": [ - "CCC.GenAI.CN08.AR01", - "CCC.KeyMgmt.CN03.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR01", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.Core.CN13.AR03", - "CCC.Core.CN02.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04", - "CCC.Core.CN11.AR05", - "CCC.Core.CN11.AR06", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900732, - "created_time_dt": "2025-10-19T19:05:32.768934", - "desc": "Ensure KMS keys are rotated within a period of 90 days", - "title": "Ensure KMS keys are rotated within a period of 90 days", - "types": [], - "uid": "prowler-gcp-kms_key_rotation_enabled-nodal-time-474015-p5-us-central1-cfi-bucket-key-e7619e1f" - }, - "resources": [ - { - "region": "us-central1", - "data": { - "details": "", - "metadata": { - "id": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-e7619e1f/cryptoKeys/cfi-bucket-key-e7619e1f", - "name": "cfi-bucket-key-e7619e1f", - "location": "us-central1", - "rotation_period": null, - "next_rotation_time": null, - "key_ring": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-e7619e1f", - "members": [], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "cfi-bucket-key-e7619e1f", - "type": "CryptoKey", - "uid": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-e7619e1f/cryptoKeys/cfi-bucket-key-e7619e1f" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-central1" - }, - "remediation": { - "desc": "After a successful key rotation, the older key version is required in order to decrypt the data encrypted by that previous key version.", - "references": [ - "https://cloud.google.com/iam/docs/manage-access-service-accounts" - ] - }, - "risk_details": "Ensure that all your Cloud Key Management Service (KMS) keys are rotated within a period of 90 days in order to meet security and compliance requirements", - "time": 1760900732, - "time_dt": "2025-10-19T19:05:32.768934", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Key cfi-bucket-key-f5bc86ea is not rotated every 90 days or less and the next rotation time is in more than 90 days.", - "metadata": { - "event_code": "kms_key_rotation_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "Key cfi-bucket-key-f5bc86ea is not rotated every 90 days or less and the next rotation time is in more than 90 days.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.10" - ], - "ISO27001-2022": [ - "A.5.16", - "A.8.12", - "A.8.24" - ], - "ENS-RD2022": [ - "op.acc.6.r1.gcp.ip.1" - ], - "PCI-4.0": [ - "10.3.3.6", - "3.5.1.1.7", - "3.5.1.1.8", - "3.5.1.1.9", - "3.5.1.3.15", - "3.5.1.3.16", - "3.5.1.3.17", - "3.5.1.5", - "3.5.1.15", - "3.5.1.31", - "3.5.1.32", - "3.6.1.2.7", - "3.6.1.2.8", - "3.6.1.2.9", - "3.6.1.3.8", - "3.6.1.3.9", - "3.6.1.4.7", - "3.6.1.4.8", - "3.6.1.4.9", - "3.6.1.7", - "3.6.1.8", - "3.6.1.9", - "3.7.1.9", - "3.7.1.10", - "3.7.2.8", - "3.7.2.9", - "3.7.4.5", - "3.7.4.9", - "3.7.4.10", - "3.7.5.2", - "3.7.6.7", - "3.7.6.8", - "3.7.6.9", - "3.7.7.8", - "3.7.7.9", - "4.2.1.1.20", - "4.2.1.1.21", - "4.2.1.1.22", - "7.2.1.10", - "7.2.2.10", - "7.2.3.5", - "7.2.3.6", - "7.2.5.5", - "7.2.5.6", - "7.3.1.5", - "7.3.1.6", - "7.3.2.6", - "7.3.3.5", - "7.3.3.6", - "8.2.7.5", - "8.2.7.6", - "8.2.8.8", - "8.3.10.1.1", - "8.3.2.9", - "8.3.2.22", - "8.3.2.50", - "8.3.2.51", - "8.3.4.6", - "8.3.5.1", - "8.3.7.1", - "8.3.9.1", - "8.6.3.1", - "A1.2.1.11" - ], - "CIS-2.0": [ - "1.10" - ], - "NIS2": [ - "9.2.c", - "9.2.c.i", - "9.2.c.ii", - "9.2.c.v", - "9.2.c.vi", - "9.2.c.xii", - "11.4.2.c", - "11.6.1", - "11.6.2.c", - "12.2.2.a", - "12.2.2.b" - ], - "ProwlerThreatScore-1.0": [ - "1.2.4" - ], - "CIS-4.0": [ - "1.10" - ], - "CCC": [ - "CCC.GenAI.CN08.AR01", - "CCC.KeyMgmt.CN03.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR01", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.Core.CN13.AR03", - "CCC.Core.CN02.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04", - "CCC.Core.CN11.AR05", - "CCC.Core.CN11.AR06", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900732, - "created_time_dt": "2025-10-19T19:05:32.768934", - "desc": "Ensure KMS keys are rotated within a period of 90 days", - "title": "Ensure KMS keys are rotated within a period of 90 days", - "types": [], - "uid": "prowler-gcp-kms_key_rotation_enabled-nodal-time-474015-p5-us-central1-cfi-bucket-key-f5bc86ea" - }, - "resources": [ - { - "region": "us-central1", - "data": { - "details": "", - "metadata": { - "id": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-f5bc86ea/cryptoKeys/cfi-bucket-key-f5bc86ea", - "name": "cfi-bucket-key-f5bc86ea", - "location": "us-central1", - "rotation_period": null, - "next_rotation_time": null, - "key_ring": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-f5bc86ea", - "members": [], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "cfi-bucket-key-f5bc86ea", - "type": "CryptoKey", - "uid": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-f5bc86ea/cryptoKeys/cfi-bucket-key-f5bc86ea" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-central1" - }, - "remediation": { - "desc": "After a successful key rotation, the older key version is required in order to decrypt the data encrypted by that previous key version.", - "references": [ - "https://cloud.google.com/iam/docs/manage-access-service-accounts" - ] - }, - "risk_details": "Ensure that all your Cloud Key Management Service (KMS) keys are rotated within a period of 90 days in order to meet security and compliance requirements", - "time": 1760900732, - "time_dt": "2025-10-19T19:05:32.768934", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There are no log metric filters or alerts associated in project nodal-time-474015-p5.", - "metadata": { - "event_code": "logging_log_metric_filter_and_alert_for_audit_configuration_changes_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "There are no log metric filters or alerts associated in project nodal-time-474015-p5.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "2.5" - ], - "SOC2": [ - "cc_2_1", - "cc_5_2", - "cc_7_2", - "cc_7_3", - "cc_7_4", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "ENS-RD2022": [ - "op.exp.1.r2.gcp.cai.1", - "op.exp.4.r4.gcp.log.1", - "op.mon.3.r6.gcp.scc.1" - ], - "PCI-4.0": [ - "10.2.1.1.7", - "10.2.1.1.10", - "10.2.1.1.20", - "10.2.1.1.36", - "10.2.1.2.7", - "10.2.1.2.8", - "10.2.1.3.7", - "10.2.1.3.8", - "10.2.1.3.17", - "10.2.1.4.7", - "10.2.1.4.8", - "10.2.1.5.7", - "10.2.1.6.7", - "10.2.1.7.7", - "10.2.1.7", - "10.2.1.17", - "10.2.1.18", - "10.2.2.7", - "10.2.2.8", - "10.2.2.15", - "10.2.2.18", - "10.3.1.7", - "10.3.1.8", - "10.3.2.2", - "10.3.3.4", - "10.3.4.3", - "10.3.4.6", - "10.5.1.3", - "10.6.3.7", - "10.6.3.10", - "10.6.3.22", - "10.6.3.24", - "10.6.3.41", - "11.5.2.4", - "11.6.1.4", - "12.10.5.3", - "12.10.5.4", - "5.3.4.8", - "5.3.4.20", - "5.3.4.21", - "A1.2.1.7", - "A1.2.1.8", - "A1.2.1.12", - "A3.3.1.6", - "A3.5.1.6" - ], - "MITRE-ATTACK": [ - "T1485", - "T1499", - "T1496" - ], - "CIS-2.0": [ - "2.5" - ], - "NIS2": [ - "1.1.2", - "2.1.2.h", - "2.2.1", - "3.2.1", - "3.2.3.b", - "3.2.3.f", - "3.2.4", - "3.4.1", - "3.6.2", - "6.4.1", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "1.3.5" - ], - "CIS-4.0": [ - "2.5" - ], - "CCC": [ - "CCC.AuditLog.CN01.AR01", - "CCC.AuditLog.CN01.AR02", - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN03.AR02", - "CCC.DataWar.CN03.AR01", - "CCC.GenAI.CN03.AR01", - "CCC.LB.CN01.AR01", - "CCC.LB.CN05.AR01", - "CCC.LB.CN09.AR01", - "CCC.Logging.CN06.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Monitor.CN02.AR01", - "CCC.Monitor.CN05.AR01", - "CCC.Vector.CN05.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR02", - "CCC.Core.CN04.AR03", - "CCC.Core.CN07.AR01", - "CCC.Core.CN07.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900732, - "created_time_dt": "2025-10-19T19:05:32.768934", - "desc": "Ensure That the Log Metric Filter and Alerts Exist for Audit Configuration Changes.", - "title": "Ensure That the Log Metric Filter and Alerts Exist for Audit Configuration Changes.", - "types": [], - "uid": "prowler-gcp-logging_log_metric_filter_and_alert_for_audit_configuration_changes_enabled-nodal-time-474015-p5-global-My First Project" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "number": 784623368087, - "id": "nodal-time-474015-p5", - "name": "My First Project", - "organization": null, - "labels": {}, - "lifecycle_state": "ACTIVE" - } - }, - "group": { - "name": "logging" - }, - "labels": [], - "name": "My First Project", - "type": "MetricFilter", - "uid": "nodal-time-474015-p5" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "By using Google Cloud alerting policies to detect audit configuration changes, you make sure that the recommended state of audit configuration is well maintained so that all the activities performed within your GCP project are available for security analysis and auditing at any point in time.", - "references": [ - "https://cloud.google.com/monitoring/alerts" - ] - }, - "risk_details": "Admin Activity audit logs and Data Access audit logs produced by the Google Cloud Audit Logs service can be extremely useful for security analysis, resource change tracking, and compliance auditing.", - "time": 1760900732, - "time_dt": "2025-10-19T19:05:32.768934", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There are no log metric filters or alerts associated in project nodal-time-474015-p5.", - "metadata": { - "event_code": "logging_log_metric_filter_and_alert_for_bucket_permission_changes_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "There are no log metric filters or alerts associated in project nodal-time-474015-p5.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "2.10" - ], - "SOC2": [ - "cc_2_1", - "cc_3_3", - "cc_5_2", - "cc_7_2", - "cc_7_3", - "cc_7_4", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "ENS-RD2022": [ - "op.exp.1.r2.gcp.cai.1" - ], - "PCI-4.0": [ - "10.2.1.1.7", - "10.2.1.1.9", - "10.2.1.1.30", - "10.2.1.2.7", - "10.2.1.2.27", - "10.2.1.3.7", - "10.2.1.4.27", - "10.2.1.5.7", - "10.2.1.5.27", - "10.2.1.6.7", - "10.2.1.6.27", - "10.2.1.7.7", - "10.2.1.7.27", - "10.2.1.7", - "10.2.1.27", - "10.2.2.7", - "10.2.2.27", - "10.3.1.7", - "10.3.1.27", - "10.4.1.1.2", - "10.4.1.2", - "10.4.2.3", - "10.6.3.7", - "10.6.3.9", - "10.6.3.34", - "10.6.3.41", - "10.7.1.4", - "10.7.2.4", - "11.5.2.5", - "12.10.5.3", - "5.3.4.7", - "5.3.4.32", - "7.2.2.2", - "A1.2.1.7", - "A1.2.1.32", - "A3.3.1.4", - "A3.5.1.4" - ], - "MITRE-ATTACK": [ - "T1485", - "T1499", - "T1496" - ], - "CIS-2.0": [ - "2.10" - ], - "NIS2": [ - "1.1.2", - "2.1.2.h", - "2.2.1", - "3.2.1", - "3.2.3.b", - "3.2.3.f", - "3.2.4", - "3.4.1", - "3.6.2", - "6.2.2.b", - "6.4.1", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.5" - ], - "CIS-4.0": [ - "2.10" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.Logging.CN06.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Monitor.CN02.AR01", - "CCC.Monitor.CN05.AR01", - "CCC.Vector.CN05.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR02", - "CCC.Core.CN04.AR03", - "CCC.Core.CN07.AR01", - "CCC.Core.CN07.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900732, - "created_time_dt": "2025-10-19T19:05:32.768934", - "desc": "Ensure That the Log Metric Filter and Alerts Exist for Cloud Storage IAM Permission Changes.", - "title": "Ensure That the Log Metric Filter and Alerts Exist for Cloud Storage IAM Permission Changes.", - "types": [], - "uid": "prowler-gcp-logging_log_metric_filter_and_alert_for_bucket_permission_changes_enabled-nodal-time-474015-p5-global-My First Project" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "number": 784623368087, - "id": "nodal-time-474015-p5", - "name": "My First Project", - "organization": null, - "labels": {}, - "lifecycle_state": "ACTIVE" - } - }, - "group": { - "name": "logging" - }, - "labels": [], - "name": "My First Project", - "type": "MetricFilter", - "uid": "nodal-time-474015-p5" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended that a metric filter and alarm be established for Cloud Storage Bucket IAM changes.", - "references": [ - "https://cloud.google.com/monitoring/alerts" - ] - }, - "risk_details": "Monitoring changes to cloud storage bucket permissions may reduce the time needed to detect and correct permissions on sensitive cloud storage buckets and objects inside the bucket.", - "time": 1760900732, - "time_dt": "2025-10-19T19:05:32.768934", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There are no log metric filters or alerts associated in project nodal-time-474015-p5.", - "metadata": { - "event_code": "logging_log_metric_filter_and_alert_for_custom_role_changes_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "There are no log metric filters or alerts associated in project nodal-time-474015-p5.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "2.6" - ], - "SOC2": [ - "cc_2_1", - "cc_5_2", - "cc_7_2", - "cc_7_3", - "cc_7_4", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "ENS-RD2022": [ - "opc.acc.1.r1.gcp.iam.2" - ], - "PCI-4.0": [ - "7.3.1.12", - "7.3.2.13" - ], - "MITRE-ATTACK": [ - "T1485", - "T1499", - "T1496" - ], - "CIS-2.0": [ - "2.6" - ], - "NIS2": [ - "1.1.2", - "2.1.2.h", - "2.2.1", - "3.2.1", - "3.2.3.b", - "3.2.3.d", - "3.2.3.f", - "3.2.4", - "3.4.1", - "3.6.2", - "6.4.1", - "7.2.b", - "11.2.2.e", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "1.3.6" - ], - "CIS-4.0": [ - "2.6" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.LB.CN05.AR01", - "CCC.LB.CN09.AR01", - "CCC.Logging.CN06.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Monitor.CN02.AR01", - "CCC.Monitor.CN05.AR01", - "CCC.Vector.CN05.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR02", - "CCC.Core.CN04.AR03", - "CCC.Core.CN07.AR01", - "CCC.Core.CN07.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900732, - "created_time_dt": "2025-10-19T19:05:32.768934", - "desc": "Ensure That the Log Metric Filter and Alerts Exist for Custom Role Changes.", - "title": "Ensure That the Log Metric Filter and Alerts Exist for Custom Role Changes.", - "types": [], - "uid": "prowler-gcp-logging_log_metric_filter_and_alert_for_custom_role_changes_enabled-nodal-time-474015-p5-global-My First Project" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "number": 784623368087, - "id": "nodal-time-474015-p5", - "name": "My First Project", - "organization": null, - "labels": {}, - "lifecycle_state": "ACTIVE" - } - }, - "group": { - "name": "logging" - }, - "labels": [], - "name": "My First Project", - "type": "MetricFilter", - "uid": "nodal-time-474015-p5" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended that a metric filter and alarm be established for changes to Identity and Access Management (IAM) role creation, deletion and updating activities.", - "references": [ - "https://cloud.google.com/monitoring/alerts" - ] - }, - "risk_details": "Google Cloud IAM provides predefined roles that give granular access to specific Google Cloud Platform resources and prevent unwanted access to other resources.", - "time": 1760900732, - "time_dt": "2025-10-19T19:05:32.768934", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There are no log metric filters or alerts associated in project nodal-time-474015-p5.", - "metadata": { - "event_code": "logging_log_metric_filter_and_alert_for_project_ownership_changes_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "There are no log metric filters or alerts associated in project nodal-time-474015-p5.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "2.4" - ], - "SOC2": [ - "cc_2_1", - "cc_3_3", - "cc_5_2", - "cc_7_2", - "cc_7_3", - "cc_7_4", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "ENS-RD2022": [ - "opc.acc.1.r1.gcp.iam.2", - "op.acc.3.r1.gcp.iam.1" - ], - "MITRE-ATTACK": [ - "T1485", - "T1499", - "T1496" - ], - "CIS-2.0": [ - "2.4" - ], - "NIS2": [ - "1.1.2", - "2.1.2.h", - "2.2.1", - "3.2.1", - "3.2.3.b", - "3.2.3.f", - "3.2.4", - "3.4.1", - "3.6.2", - "6.4.1", - "7.2.b", - "11.2.2.e", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "1.3.4" - ], - "CIS-4.0": [ - "2.4" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.LB.CN05.AR01", - "CCC.Logging.CN06.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Monitor.CN02.AR01", - "CCC.Monitor.CN05.AR01", - "CCC.Vector.CN05.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR02", - "CCC.Core.CN04.AR03", - "CCC.Core.CN07.AR01", - "CCC.Core.CN07.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900732, - "created_time_dt": "2025-10-19T19:05:32.768934", - "desc": "Ensure Log Metric Filter and Alerts Exist for Project Ownership Assignments/Changes.", - "title": "Ensure Log Metric Filter and Alerts Exist for Project Ownership Assignments/Changes.", - "types": [], - "uid": "prowler-gcp-logging_log_metric_filter_and_alert_for_project_ownership_changes_enabled-nodal-time-474015-p5-global-My First Project" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "number": 784623368087, - "id": "nodal-time-474015-p5", - "name": "My First Project", - "organization": null, - "labels": {}, - "lifecycle_state": "ACTIVE" - } - }, - "group": { - "name": "logging" - }, - "labels": [], - "name": "My First Project", - "type": "MetricFilter", - "uid": "nodal-time-474015-p5" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "Using Google Cloud alerting policies to detect ownership assignments/changes will help you maintain the right access permissions for each IAM member created within your project, follow the security principle of least privilege, and prevent any accidental or intentional changes that may lead to unauthorized actions.", - "references": [ - "https://cloud.google.com/monitoring/alerts" - ] - }, - "risk_details": "Project ownership has the highest level of privileges on a GCP project. These privileges include viewer permissions on all GCP services inside the project, permission to modify the state of all GCP services within the project, set up billing and manage roles and permissions for the project and all the resources inside the project.", - "time": 1760900732, - "time_dt": "2025-10-19T19:05:32.768934", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There are no log metric filters or alerts associated in project nodal-time-474015-p5.", - "metadata": { - "event_code": "logging_log_metric_filter_and_alert_for_sql_instance_configuration_changes_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "There are no log metric filters or alerts associated in project nodal-time-474015-p5.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "2.11" - ], - "SOC2": [ - "cc_2_1", - "cc_3_3", - "cc_5_2", - "cc_7_2", - "cc_7_3", - "cc_7_4", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "ENS-RD2022": [ - "mp.s.4.r1.gcp.app.1" - ], - "PCI-4.0": [ - "10.2.1.1.9", - "10.2.1.3.22", - "10.2.2.22", - "10.4.2.3", - "10.7.1.4", - "A3.3.1.4" - ], - "MITRE-ATTACK": [ - "T1485", - "T1499", - "T1496" - ], - "CIS-2.0": [ - "2.11" - ], - "NIS2": [ - "1.1.2", - "2.1.2.h", - "2.2.1", - "3.2.1", - "3.2.3.b", - "3.2.3.f", - "3.2.4", - "3.4.1", - "3.6.2", - "6.4.1", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.6" - ], - "CIS-4.0": [ - "2.11" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.LB.CN09.AR01", - "CCC.Logging.CN06.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Monitor.CN02.AR01", - "CCC.Monitor.CN05.AR01", - "CCC.Vector.CN05.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR02", - "CCC.Core.CN04.AR03", - "CCC.Core.CN07.AR01", - "CCC.Core.CN07.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900732, - "created_time_dt": "2025-10-19T19:05:32.768934", - "desc": "Ensure That the Log Metric Filter and Alerts Exist for SQL Instance Configuration Changes.", - "title": "Ensure That the Log Metric Filter and Alerts Exist for SQL Instance Configuration Changes.", - "types": [], - "uid": "prowler-gcp-logging_log_metric_filter_and_alert_for_sql_instance_configuration_changes_enabled-nodal-time-474015-p5-global-My First Project" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "number": 784623368087, - "id": "nodal-time-474015-p5", - "name": "My First Project", - "organization": null, - "labels": {}, - "lifecycle_state": "ACTIVE" - } - }, - "group": { - "name": "logging" - }, - "labels": [], - "name": "My First Project", - "type": "MetricFilter", - "uid": "nodal-time-474015-p5" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended that a metric filter and alarm be established for SQL instance configuration changes.", - "references": [ - "https://cloud.google.com/monitoring/alerts" - ] - }, - "risk_details": "Monitoring changes to SQL instance configuration changes may reduce the time needed to detect and correct misconfigurations done on the SQL server.", - "time": 1760900732, - "time_dt": "2025-10-19T19:05:32.768934", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There are no log metric filters or alerts associated in project nodal-time-474015-p5.", - "metadata": { - "event_code": "logging_log_metric_filter_and_alert_for_vpc_firewall_rule_changes_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "There are no log metric filters or alerts associated in project nodal-time-474015-p5.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "2.7" - ], - "SOC2": [ - "cc_2_1", - "cc_5_2", - "cc_7_2", - "cc_7_3", - "cc_7_4", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "ENS-RD2022": [ - "op.exp.8.gcp.nt.1", - "op.exp.8.r1.gcp.nt.1" - ], - "PCI-4.0": [ - "1.3.2.27", - "10.2.1.1.9", - "10.2.1.1.24", - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.21", - "10.3.1.29", - "10.4.1.1.7", - "10.4.2.7", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "10.6.3.41", - "10.7.1.4", - "10.7.1.8", - "5.3.4.8", - "5.3.4.24", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "MITRE-ATTACK": [ - "T1485", - "T1499", - "T1496" - ], - "CIS-2.0": [ - "2.7" - ], - "NIS2": [ - "1.1.2", - "2.1.2.g", - "2.1.2.h", - "2.2.1", - "3.2.1", - "3.2.3.b", - "3.2.3.f", - "3.2.3.g", - "3.2.4", - "3.4.1", - "3.6.2", - "6.4.1", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.2" - ], - "CIS-4.0": [ - "2.7" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.LB.CN01.AR01", - "CCC.LB.CN05.AR01", - "CCC.LB.CN09.AR01", - "CCC.Logging.CN06.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Monitor.CN02.AR01", - "CCC.Monitor.CN05.AR01", - "CCC.Vector.CN05.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR02", - "CCC.Core.CN04.AR03", - "CCC.Core.CN07.AR01", - "CCC.Core.CN07.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900732, - "created_time_dt": "2025-10-19T19:05:32.768934", - "desc": "Ensure That the Log Metric Filter and Alerts Exist for VPC Network Firewall Rule Changes.", - "title": "Ensure That the Log Metric Filter and Alerts Exist for VPC Network Firewall Rule Changes.", - "types": [], - "uid": "prowler-gcp-logging_log_metric_filter_and_alert_for_vpc_firewall_rule_changes_enabled-nodal-time-474015-p5-global-My First Project" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "number": 784623368087, - "id": "nodal-time-474015-p5", - "name": "My First Project", - "organization": null, - "labels": {}, - "lifecycle_state": "ACTIVE" - } - }, - "group": { - "name": "logging" - }, - "labels": [], - "name": "My First Project", - "type": "MetricFilter", - "uid": "nodal-time-474015-p5" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended that a metric filter and alarm be established for Virtual Private Cloud (VPC) Network Firewall rule changes.", - "references": [ - "https://cloud.google.com/monitoring/alerts" - ] - }, - "risk_details": "Monitoring for Create or Update Firewall rule events gives insight to network access changes and may reduce the time it takes to detect suspicious activity.", - "time": 1760900732, - "time_dt": "2025-10-19T19:05:32.768934", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There are no log metric filters or alerts associated in project nodal-time-474015-p5.", - "metadata": { - "event_code": "logging_log_metric_filter_and_alert_for_vpc_network_changes_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "There are no log metric filters or alerts associated in project nodal-time-474015-p5.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "2.9" - ], - "SOC2": [ - "cc_2_1", - "cc_3_3", - "cc_5_2", - "cc_7_2", - "cc_7_3", - "cc_7_4", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.8.gcp.nt.1", - "op.exp.8.r1.gcp.nt.1", - "mp.com.4.r4.gcp.net.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.34" - ], - "MITRE-ATTACK": [ - "T1485", - "T1499", - "T1496" - ], - "CIS-2.0": [ - "2.9" - ], - "NIS2": [ - "1.1.2", - "2.1.2.e", - "2.1.2.g", - "2.1.2.h", - "2.2.1", - "2.3.1", - "3.2.1", - "3.2.3.b", - "3.2.3.f", - "3.2.4", - "3.4.1", - "3.6.2", - "6.4.1", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.4" - ], - "CIS-4.0": [ - "2.9" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.LB.CN01.AR01", - "CCC.LB.CN04.AR01", - "CCC.LB.CN05.AR01", - "CCC.LB.CN09.AR01", - "CCC.Logging.CN06.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Monitor.CN02.AR01", - "CCC.Monitor.CN05.AR01", - "CCC.Vector.CN05.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR02", - "CCC.Core.CN04.AR03", - "CCC.Core.CN07.AR01", - "CCC.Core.CN07.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900732, - "created_time_dt": "2025-10-19T19:05:32.768934", - "desc": "Ensure That the Log Metric Filter and Alerts Exist for VPC Network Changes.", - "title": "Ensure That the Log Metric Filter and Alerts Exist for VPC Network Changes.", - "types": [], - "uid": "prowler-gcp-logging_log_metric_filter_and_alert_for_vpc_network_changes_enabled-nodal-time-474015-p5-global-My First Project" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "number": 784623368087, - "id": "nodal-time-474015-p5", - "name": "My First Project", - "organization": null, - "labels": {}, - "lifecycle_state": "ACTIVE" - } - }, - "group": { - "name": "logging" - }, - "labels": [], - "name": "My First Project", - "type": "MetricFilter", - "uid": "nodal-time-474015-p5" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended that a metric filter and alarm be established for Virtual Private Cloud (VPC) network changes.", - "references": [ - "https://cloud.google.com/monitoring/alerts" - ] - }, - "risk_details": "Monitoring changes to a VPC will help ensure VPC traffic flow is not getting impacted.", - "time": 1760900732, - "time_dt": "2025-10-19T19:05:32.768934", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There are no log metric filters or alerts associated in project nodal-time-474015-p5.", - "metadata": { - "event_code": "logging_log_metric_filter_and_alert_for_vpc_network_route_changes_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "There are no log metric filters or alerts associated in project nodal-time-474015-p5.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "2.8" - ], - "SOC2": [ - "cc_2_1", - "cc_3_3", - "cc_5_2", - "cc_7_2", - "cc_7_3", - "cc_7_4", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.8.gcp.nt.1", - "op.exp.8.r1.gcp.nt.1" - ], - "PCI-4.0": [ - "1.5.1.18", - "10.2.1.5.21", - "10.2.1.21" - ], - "MITRE-ATTACK": [ - "T1485", - "T1499", - "T1496" - ], - "CIS-2.0": [ - "2.8" - ], - "NIS2": [ - "1.1.2", - "2.1.2.e", - "2.1.2.g", - "2.1.2.h", - "2.2.1", - "2.3.1", - "3.2.1", - "3.2.3.b", - "3.2.3.f", - "3.2.4", - "3.4.1", - "3.6.2", - "6.4.1", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.3" - ], - "CIS-4.0": [ - "2.8" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.LB.CN01.AR01", - "CCC.LB.CN04.AR01", - "CCC.LB.CN05.AR01", - "CCC.LB.CN09.AR01", - "CCC.Logging.CN06.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Monitor.CN02.AR01", - "CCC.Monitor.CN05.AR01", - "CCC.Vector.CN05.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR02", - "CCC.Core.CN04.AR03", - "CCC.Core.CN07.AR01", - "CCC.Core.CN07.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900732, - "created_time_dt": "2025-10-19T19:05:32.768934", - "desc": "Ensure That the Log Metric Filter and Alerts Exist for VPC Network Route Changes.", - "title": "Ensure That the Log Metric Filter and Alerts Exist for VPC Network Route Changes.", - "types": [], - "uid": "prowler-gcp-logging_log_metric_filter_and_alert_for_vpc_network_route_changes_enabled-nodal-time-474015-p5-global-My First Project" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "number": 784623368087, - "id": "nodal-time-474015-p5", - "name": "My First Project", - "organization": null, - "labels": {}, - "lifecycle_state": "ACTIVE" - } - }, - "group": { - "name": "logging" - }, - "labels": [], - "name": "My First Project", - "type": "MetricFilter", - "uid": "nodal-time-474015-p5" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended that a metric filter and alarm be established for Virtual Private Cloud (VPC) network route changes.", - "references": [ - "https://cloud.google.com/monitoring/alerts" - ] - }, - "risk_details": "Monitoring changes to route tables will help ensure that all VPC traffic flows through an expected path.", - "time": 1760900732, - "time_dt": "2025-10-19T19:05:32.768934", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There are no logging sinks to export copies of all the log entries in project nodal-time-474015-p5.", - "metadata": { - "event_code": "logging_sink_created", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "There are no logging sinks to export copies of all the log entries in project nodal-time-474015-p5.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_2_1", - "cc_5_2", - "cc_7_2", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "ENS-RD2022": [ - "op.exp.8.r5.gcp.cl.1", - "op.ext.3.gcp.log.2" - ], - "PCI-4.0": [ - "10.5.1.3", - "11.5.2.4", - "12.10.5.4", - "A3.3.1.6", - "A3.5.1.6" - ], - "MITRE-ATTACK": [ - "T1562", - "T1049" - ], - "CIS-2.0": [ - "2.2" - ], - "NIS2": [ - "2.1.2.h", - "3.2.1", - "3.2.5", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "CCC": [ - "CCC.AuditLog.CN01.AR01", - "CCC.AuditLog.CN01.AR02", - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN03.AR02", - "CCC.AuditLog.CN04.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.AuditLog.CN06.AR01", - "CCC.AuditLog.CN07.AR01", - "CCC.DataWar.CN03.AR01", - "CCC.GenAI.CN03.AR01", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.LB.CN01.AR01", - "CCC.LB.CN01.AR02", - "CCC.LB.CN06.AR01", - "CCC.LB.CN04.AR01", - "CCC.LB.CN05.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Logging.CN05.AR01", - "CCC.Logging.CN06.AR01", - "CCC.ObjStor.CN06.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Monitor.CN02.AR01", - "CCC.Monitor.CN05.AR01", - "CCC.Vector.CN05.AR01", - "CCC.Core.CN09.AR01", - "CCC.Core.CN09.AR02", - "CCC.Core.CN09.AR03", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR02", - "CCC.Core.CN04.AR03", - "CCC.Core.CN07.AR01", - "CCC.Core.CN07.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900732, - "created_time_dt": "2025-10-19T19:05:32.768934", - "desc": "Ensure there is at least one sink used to export copies of all the log entries.", - "title": "Ensure there is at least one sink used to export copies of all the log entries.", - "types": [], - "uid": "prowler-gcp-logging_sink_created-nodal-time-474015-p5-global-My First Project" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "number": 784623368087, - "id": "nodal-time-474015-p5", - "name": "My First Project", - "organization": null, - "labels": {}, - "lifecycle_state": "ACTIVE" - } - }, - "group": { - "name": "logging" - }, - "labels": [], - "name": "My First Project", - "type": "Sink", - "uid": "nodal-time-474015-p5" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended to create a sink that will export copies of all the log entries. This can help aggregate logs from multiple projects and export them to a Security Information and Event Management (SIEM).", - "references": [ - "https://cloud.google.com/logging/docs/export" - ] - }, - "risk_details": "If sinks are not created, logs would be deleted after the configured retention period, and would not be backed up.", - "time": 1760900732, - "time_dt": "2025-10-19T19:05:32.768934", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - } -] diff --git a/website/src/data/test-results/finos-labs-ccc-cfi-compliance/gcp-cloud-storage/results/gcp-cloud-storage-complete.ocsf.json b/website/src/data/test-results/finos-labs-ccc-cfi-compliance/gcp-cloud-storage/results/gcp-cloud-storage-complete.ocsf.json deleted file mode 100644 index 554641eb..00000000 --- a/website/src/data/test-results/finos-labs-ccc-cfi-compliance/gcp-cloud-storage/results/gcp-cloud-storage-complete.ocsf.json +++ /dev/null @@ -1,24333 +0,0 @@ -[ - { - "message": "AR Container Analysis is not enabled in project nodal-time-474015-p5.", - "metadata": { - "event_code": "artifacts_container_analysis_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "AR Container Analysis is not enabled in project nodal-time-474015-p5.", - "status_id": 1, - "unmapped": { - "related_url": "https://cloud.google.com/artifact-analysis/docs", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "By default, AR Container Analysis is disabled.", - "compliance": { - "SOC2": [ - "cc_3_1" - ], - "ENS-RD2022": [ - "op.exp.4.r4.gcp.log.1", - "op.mon.3.gcp.scc.1" - ], - "PCI-4.0": [ - "11.3.1.2.1", - "11.3.1.3.3", - "11.3.1.3" - ], - "MITRE-ATTACK": [ - "T1525" - ], - "NIS2": [ - "5.1.4.f", - "5.1.7.d", - "6.1.2.b", - "6.6.1.a", - "6.9.2", - "9.2.a" - ], - "CCC": [ - "CCC.CntrReg.CN01.AR01", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.MLDE.CN05.AR01", - "CCC.MLDE.CN05.AR02", - "CCC.MLDE.CN06.AR01" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900789, - "created_time_dt": "2025-10-19T19:06:29.756296", - "desc": "Scan images stored in Google Container Registry (GCR) for vulnerabilities using AR Container Analysis or a third-party provider. This helps identify and mitigate security risks associated with known vulnerabilities in container images.", - "title": "Ensure Image Vulnerability Analysis using AR Container Analysis or a third-party provider", - "types": [ - "Security", - "Configuration" - ], - "uid": "prowler-gcp-artifacts_container_analysis_enabled-nodal-time-474015-p5-global-AR Container Analysis" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "number": 784623368087, - "id": "nodal-time-474015-p5", - "name": "My First Project", - "organization": null, - "labels": {}, - "lifecycle_state": "ACTIVE" - } - }, - "group": { - "name": "artifacts" - }, - "labels": [], - "name": "AR Container Analysis", - "type": "Service", - "uid": "containeranalysis.googleapis.com" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "Enable vulnerability scanning for images stored in Artifact Registry using AR Container Analysis or a third-party provider.", - "references": [ - "https://cloud.google.com/artifact-analysis/docs/container-scanning-overview" - ] - }, - "risk_details": "Without image vulnerability scanning, container images stored in Artifact Registry may contain known vulnerabilities, increasing the risk of exploitation by malicious actors.", - "time": 1760900789, - "time_dt": "2025-10-19T19:06:29.756296", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Bucket cfi-logs-bucket-1fba850e is not publicly accessible.", - "metadata": { - "event_code": "cloudstorage_bucket_public_access", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Bucket cfi-logs-bucket-1fba850e is not publicly accessible.", - "status_id": 1, - "unmapped": { - "related_url": "https://www.trendmicro.com/cloudoneconformity/knowledge-base/gcp/CloudStorage/publicly-accessible-storage-buckets.html", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "5.1" - ], - "SOC2": [ - "cc_6_1" - ], - "ISO27001-2022": [ - "A.8.1", - "A.8.12" - ], - "ENS-RD2022": [ - "op.mon.3.r5.gcp.dm.1" - ], - "PCI-4.0": [ - "1.2.5.15", - "1.2.8.30", - "1.2.8.32", - "1.2.8.33", - "1.2.8.34", - "1.2.8.35", - "1.3.1.32", - "1.3.1.34", - "1.3.1.35", - "1.3.1.37", - "1.3.1.38", - "1.3.1.39", - "1.3.2.34", - "1.3.2.35", - "1.3.2.36", - "1.3.2.37", - "1.3.2.38", - "1.3.2.39", - "1.4.2.32", - "1.4.2.33", - "1.4.2.35", - "1.4.2.36", - "1.4.2.37", - "1.5.1.30", - "1.5.1.32", - "1.5.1.33", - "1.5.1.34", - "1.5.1.35", - "10.3.2.8", - "10.3.2.11", - "10.3.2.18", - "10.3.2.19", - "10.3.2.21", - "10.3.2.23", - "10.3.2.24", - "10.3.2.26", - "10.3.3.23", - "10.3.4.8", - "10.6.3.33", - "10.6.3.35", - "2.2.5.15", - "3.5.1.3.8", - "3.5.1.3.23", - "3.5.1.3.24", - "3.5.1.3.26", - "3.5.1.3.28", - "3.5.1.3.29", - "4.2.1.19", - "7.2.1.24", - "7.2.1.25", - "7.2.1.26", - "7.2.1.27", - "7.2.2.2", - "7.2.2.24", - "7.2.2.25", - "7.2.2.26", - "7.2.2.27", - "7.2.5.2", - "7.2.5.18", - "7.2.5.19", - "7.2.5.20", - "7.2.5.21", - "7.2.6.4", - "7.2.6.5", - "7.3.1.18", - "7.3.1.19", - "7.3.1.20", - "7.3.1.21", - "7.3.2.18", - "7.3.2.19", - "7.3.2.20", - "7.3.2.21", - "7.3.3.18", - "7.3.3.19", - "7.3.3.20", - "7.3.3.21", - "8.2.7.18", - "8.2.7.19", - "8.2.7.20", - "8.2.7.21", - "8.2.8.20", - "8.2.8.21", - "8.2.8.22", - "8.2.8.23", - "8.3.2.48", - "8.3.4.18", - "8.3.4.19", - "8.3.4.20", - "A1.1.2.4", - "A1.1.2.7", - "A1.1.2.14", - "A1.1.2.17", - "A1.1.2.19", - "A1.1.2.20", - "A1.1.2.22", - "A1.1.3.30", - "A1.1.3.31", - "A1.1.3.32", - "A1.1.3.33", - "A1.1.3.34", - "A1.1.3.35", - "A1.2.1.31", - "A3.4.1.4", - "A3.4.1.16", - "A3.4.1.19", - "A3.4.1.21", - "A3.4.1.22", - "A3.4.1.25" - ], - "MITRE-ATTACK": [ - "T1190" - ], - "CIS-2.0": [ - "5.1" - ], - "ProwlerThreatScore-1.0": [ - "2.2.1" - ], - "CIS-4.0": [ - "5.1" - ], - "CCC": [ - "CCC.AuditLog.CN04.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.AuditLog.CN10.AR01", - "CCC.AuditLog.CN10.AR02", - "CCC.Build.CN03.AR01", - "CCC.GenAI.CN03.AR01", - "CCC.GenAI.CN04.AR01", - "CCC.GenAI.CN08.AR01", - "CCC.Logging.CN05.AR01", - "CCC.Logging.CN05.AR02", - "CCC.MLDE.CN08.AR02", - "CCC.SvlsComp.CN01.AR01", - "CCC.Core.CN01.AR03", - "CCC.Core.CN03.AR02", - "CCC.Core.CN03.AR04", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900789, - "created_time_dt": "2025-10-19T19:06:29.756296", - "desc": "Ensure That Cloud Storage Bucket Is Not Anonymously or Publicly Accessible", - "title": "Ensure That Cloud Storage Bucket Is Not Anonymously or Publicly Accessible", - "types": [], - "uid": "prowler-gcp-cloudstorage_bucket_public_access-nodal-time-474015-p5-US-CENTRAL1-cfi-logs-bucket-1fba850e" - }, - "resources": [ - { - "region": "US-CENTRAL1", - "data": { - "details": "", - "metadata": { - "name": "cfi-logs-bucket-1fba850e", - "id": "cfi-logs-bucket-1fba850e", - "region": "US-CENTRAL1", - "uniform_bucket_level_access": true, - "public": false, - "project_id": "nodal-time-474015-p5", - "retention_policy": null - } - }, - "group": { - "name": "cloudstorage" - }, - "labels": [], - "name": "cfi-logs-bucket-1fba850e", - "type": "Bucket", - "uid": "cfi-logs-bucket-1fba850e" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "US-CENTRAL1" - }, - "remediation": { - "desc": "It is recommended that IAM policy on Cloud Storage bucket does not allows anonymous or public access.", - "references": [ - "https://cloud.google.com/storage/docs/access-control/iam-reference" - ] - }, - "risk_details": "Allowing anonymous or public access grants permissions to anyone to access bucket content. Such access might not be desired if you are storing any sensitive data. Hence, ensure that anonymous or public access to a bucket is not allowed.", - "time": 1760900789, - "time_dt": "2025-10-19T19:06:29.756296", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Bucket cfi-logs-bucket-7a427af0 is not publicly accessible.", - "metadata": { - "event_code": "cloudstorage_bucket_public_access", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Bucket cfi-logs-bucket-7a427af0 is not publicly accessible.", - "status_id": 1, - "unmapped": { - "related_url": "https://www.trendmicro.com/cloudoneconformity/knowledge-base/gcp/CloudStorage/publicly-accessible-storage-buckets.html", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "5.1" - ], - "SOC2": [ - "cc_6_1" - ], - "ISO27001-2022": [ - "A.8.1", - "A.8.12" - ], - "ENS-RD2022": [ - "op.mon.3.r5.gcp.dm.1" - ], - "PCI-4.0": [ - "1.2.5.15", - "1.2.8.30", - "1.2.8.32", - "1.2.8.33", - "1.2.8.34", - "1.2.8.35", - "1.3.1.32", - "1.3.1.34", - "1.3.1.35", - "1.3.1.37", - "1.3.1.38", - "1.3.1.39", - "1.3.2.34", - "1.3.2.35", - "1.3.2.36", - "1.3.2.37", - "1.3.2.38", - "1.3.2.39", - "1.4.2.32", - "1.4.2.33", - "1.4.2.35", - "1.4.2.36", - "1.4.2.37", - "1.5.1.30", - "1.5.1.32", - "1.5.1.33", - "1.5.1.34", - "1.5.1.35", - "10.3.2.8", - "10.3.2.11", - "10.3.2.18", - "10.3.2.19", - "10.3.2.21", - "10.3.2.23", - "10.3.2.24", - "10.3.2.26", - "10.3.3.23", - "10.3.4.8", - "10.6.3.33", - "10.6.3.35", - "2.2.5.15", - "3.5.1.3.8", - "3.5.1.3.23", - "3.5.1.3.24", - "3.5.1.3.26", - "3.5.1.3.28", - "3.5.1.3.29", - "4.2.1.19", - "7.2.1.24", - "7.2.1.25", - "7.2.1.26", - "7.2.1.27", - "7.2.2.2", - "7.2.2.24", - "7.2.2.25", - "7.2.2.26", - "7.2.2.27", - "7.2.5.2", - "7.2.5.18", - "7.2.5.19", - "7.2.5.20", - "7.2.5.21", - "7.2.6.4", - "7.2.6.5", - "7.3.1.18", - "7.3.1.19", - "7.3.1.20", - "7.3.1.21", - "7.3.2.18", - "7.3.2.19", - "7.3.2.20", - "7.3.2.21", - "7.3.3.18", - "7.3.3.19", - "7.3.3.20", - "7.3.3.21", - "8.2.7.18", - "8.2.7.19", - "8.2.7.20", - "8.2.7.21", - "8.2.8.20", - "8.2.8.21", - "8.2.8.22", - "8.2.8.23", - "8.3.2.48", - "8.3.4.18", - "8.3.4.19", - "8.3.4.20", - "A1.1.2.4", - "A1.1.2.7", - "A1.1.2.14", - "A1.1.2.17", - "A1.1.2.19", - "A1.1.2.20", - "A1.1.2.22", - "A1.1.3.30", - "A1.1.3.31", - "A1.1.3.32", - "A1.1.3.33", - "A1.1.3.34", - "A1.1.3.35", - "A1.2.1.31", - "A3.4.1.4", - "A3.4.1.16", - "A3.4.1.19", - "A3.4.1.21", - "A3.4.1.22", - "A3.4.1.25" - ], - "MITRE-ATTACK": [ - "T1190" - ], - "CIS-2.0": [ - "5.1" - ], - "ProwlerThreatScore-1.0": [ - "2.2.1" - ], - "CIS-4.0": [ - "5.1" - ], - "CCC": [ - "CCC.AuditLog.CN04.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.AuditLog.CN10.AR01", - "CCC.AuditLog.CN10.AR02", - "CCC.Build.CN03.AR01", - "CCC.GenAI.CN03.AR01", - "CCC.GenAI.CN04.AR01", - "CCC.GenAI.CN08.AR01", - "CCC.Logging.CN05.AR01", - "CCC.Logging.CN05.AR02", - "CCC.MLDE.CN08.AR02", - "CCC.SvlsComp.CN01.AR01", - "CCC.Core.CN01.AR03", - "CCC.Core.CN03.AR02", - "CCC.Core.CN03.AR04", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900789, - "created_time_dt": "2025-10-19T19:06:29.756296", - "desc": "Ensure That Cloud Storage Bucket Is Not Anonymously or Publicly Accessible", - "title": "Ensure That Cloud Storage Bucket Is Not Anonymously or Publicly Accessible", - "types": [], - "uid": "prowler-gcp-cloudstorage_bucket_public_access-nodal-time-474015-p5-US-CENTRAL1-cfi-logs-bucket-7a427af0" - }, - "resources": [ - { - "region": "US-CENTRAL1", - "data": { - "details": "", - "metadata": { - "name": "cfi-logs-bucket-7a427af0", - "id": "cfi-logs-bucket-7a427af0", - "region": "US-CENTRAL1", - "uniform_bucket_level_access": true, - "public": false, - "project_id": "nodal-time-474015-p5", - "retention_policy": null - } - }, - "group": { - "name": "cloudstorage" - }, - "labels": [], - "name": "cfi-logs-bucket-7a427af0", - "type": "Bucket", - "uid": "cfi-logs-bucket-7a427af0" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "US-CENTRAL1" - }, - "remediation": { - "desc": "It is recommended that IAM policy on Cloud Storage bucket does not allows anonymous or public access.", - "references": [ - "https://cloud.google.com/storage/docs/access-control/iam-reference" - ] - }, - "risk_details": "Allowing anonymous or public access grants permissions to anyone to access bucket content. Such access might not be desired if you are storing any sensitive data. Hence, ensure that anonymous or public access to a bucket is not allowed.", - "time": 1760900789, - "time_dt": "2025-10-19T19:06:29.756296", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Bucket cfi-logs-bucket-a1aaa547 is not publicly accessible.", - "metadata": { - "event_code": "cloudstorage_bucket_public_access", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Bucket cfi-logs-bucket-a1aaa547 is not publicly accessible.", - "status_id": 1, - "unmapped": { - "related_url": "https://www.trendmicro.com/cloudoneconformity/knowledge-base/gcp/CloudStorage/publicly-accessible-storage-buckets.html", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "5.1" - ], - "SOC2": [ - "cc_6_1" - ], - "ISO27001-2022": [ - "A.8.1", - "A.8.12" - ], - "ENS-RD2022": [ - "op.mon.3.r5.gcp.dm.1" - ], - "PCI-4.0": [ - "1.2.5.15", - "1.2.8.30", - "1.2.8.32", - "1.2.8.33", - "1.2.8.34", - "1.2.8.35", - "1.3.1.32", - "1.3.1.34", - "1.3.1.35", - "1.3.1.37", - "1.3.1.38", - "1.3.1.39", - "1.3.2.34", - "1.3.2.35", - "1.3.2.36", - "1.3.2.37", - "1.3.2.38", - "1.3.2.39", - "1.4.2.32", - "1.4.2.33", - "1.4.2.35", - "1.4.2.36", - "1.4.2.37", - "1.5.1.30", - "1.5.1.32", - "1.5.1.33", - "1.5.1.34", - "1.5.1.35", - "10.3.2.8", - "10.3.2.11", - "10.3.2.18", - "10.3.2.19", - "10.3.2.21", - "10.3.2.23", - "10.3.2.24", - "10.3.2.26", - "10.3.3.23", - "10.3.4.8", - "10.6.3.33", - "10.6.3.35", - "2.2.5.15", - "3.5.1.3.8", - "3.5.1.3.23", - "3.5.1.3.24", - "3.5.1.3.26", - "3.5.1.3.28", - "3.5.1.3.29", - "4.2.1.19", - "7.2.1.24", - "7.2.1.25", - "7.2.1.26", - "7.2.1.27", - "7.2.2.2", - "7.2.2.24", - "7.2.2.25", - "7.2.2.26", - "7.2.2.27", - "7.2.5.2", - "7.2.5.18", - "7.2.5.19", - "7.2.5.20", - "7.2.5.21", - "7.2.6.4", - "7.2.6.5", - "7.3.1.18", - "7.3.1.19", - "7.3.1.20", - "7.3.1.21", - "7.3.2.18", - "7.3.2.19", - "7.3.2.20", - "7.3.2.21", - "7.3.3.18", - "7.3.3.19", - "7.3.3.20", - "7.3.3.21", - "8.2.7.18", - "8.2.7.19", - "8.2.7.20", - "8.2.7.21", - "8.2.8.20", - "8.2.8.21", - "8.2.8.22", - "8.2.8.23", - "8.3.2.48", - "8.3.4.18", - "8.3.4.19", - "8.3.4.20", - "A1.1.2.4", - "A1.1.2.7", - "A1.1.2.14", - "A1.1.2.17", - "A1.1.2.19", - "A1.1.2.20", - "A1.1.2.22", - "A1.1.3.30", - "A1.1.3.31", - "A1.1.3.32", - "A1.1.3.33", - "A1.1.3.34", - "A1.1.3.35", - "A1.2.1.31", - "A3.4.1.4", - "A3.4.1.16", - "A3.4.1.19", - "A3.4.1.21", - "A3.4.1.22", - "A3.4.1.25" - ], - "MITRE-ATTACK": [ - "T1190" - ], - "CIS-2.0": [ - "5.1" - ], - "ProwlerThreatScore-1.0": [ - "2.2.1" - ], - "CIS-4.0": [ - "5.1" - ], - "CCC": [ - "CCC.AuditLog.CN04.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.AuditLog.CN10.AR01", - "CCC.AuditLog.CN10.AR02", - "CCC.Build.CN03.AR01", - "CCC.GenAI.CN03.AR01", - "CCC.GenAI.CN04.AR01", - "CCC.GenAI.CN08.AR01", - "CCC.Logging.CN05.AR01", - "CCC.Logging.CN05.AR02", - "CCC.MLDE.CN08.AR02", - "CCC.SvlsComp.CN01.AR01", - "CCC.Core.CN01.AR03", - "CCC.Core.CN03.AR02", - "CCC.Core.CN03.AR04", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900789, - "created_time_dt": "2025-10-19T19:06:29.756296", - "desc": "Ensure That Cloud Storage Bucket Is Not Anonymously or Publicly Accessible", - "title": "Ensure That Cloud Storage Bucket Is Not Anonymously or Publicly Accessible", - "types": [], - "uid": "prowler-gcp-cloudstorage_bucket_public_access-nodal-time-474015-p5-US-CENTRAL1-cfi-logs-bucket-a1aaa547" - }, - "resources": [ - { - "region": "US-CENTRAL1", - "data": { - "details": "", - "metadata": { - "name": "cfi-logs-bucket-a1aaa547", - "id": "cfi-logs-bucket-a1aaa547", - "region": "US-CENTRAL1", - "uniform_bucket_level_access": true, - "public": false, - "project_id": "nodal-time-474015-p5", - "retention_policy": null - } - }, - "group": { - "name": "cloudstorage" - }, - "labels": [], - "name": "cfi-logs-bucket-a1aaa547", - "type": "Bucket", - "uid": "cfi-logs-bucket-a1aaa547" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "US-CENTRAL1" - }, - "remediation": { - "desc": "It is recommended that IAM policy on Cloud Storage bucket does not allows anonymous or public access.", - "references": [ - "https://cloud.google.com/storage/docs/access-control/iam-reference" - ] - }, - "risk_details": "Allowing anonymous or public access grants permissions to anyone to access bucket content. Such access might not be desired if you are storing any sensitive data. Hence, ensure that anonymous or public access to a bucket is not allowed.", - "time": 1760900789, - "time_dt": "2025-10-19T19:06:29.756296", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Bucket nodal-time-474015-p5-bucket is not publicly accessible.", - "metadata": { - "event_code": "cloudstorage_bucket_public_access", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Bucket nodal-time-474015-p5-bucket is not publicly accessible.", - "status_id": 1, - "unmapped": { - "related_url": "https://www.trendmicro.com/cloudoneconformity/knowledge-base/gcp/CloudStorage/publicly-accessible-storage-buckets.html", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "5.1" - ], - "SOC2": [ - "cc_6_1" - ], - "ISO27001-2022": [ - "A.8.1", - "A.8.12" - ], - "ENS-RD2022": [ - "op.mon.3.r5.gcp.dm.1" - ], - "PCI-4.0": [ - "1.2.5.15", - "1.2.8.30", - "1.2.8.32", - "1.2.8.33", - "1.2.8.34", - "1.2.8.35", - "1.3.1.32", - "1.3.1.34", - "1.3.1.35", - "1.3.1.37", - "1.3.1.38", - "1.3.1.39", - "1.3.2.34", - "1.3.2.35", - "1.3.2.36", - "1.3.2.37", - "1.3.2.38", - "1.3.2.39", - "1.4.2.32", - "1.4.2.33", - "1.4.2.35", - "1.4.2.36", - "1.4.2.37", - "1.5.1.30", - "1.5.1.32", - "1.5.1.33", - "1.5.1.34", - "1.5.1.35", - "10.3.2.8", - "10.3.2.11", - "10.3.2.18", - "10.3.2.19", - "10.3.2.21", - "10.3.2.23", - "10.3.2.24", - "10.3.2.26", - "10.3.3.23", - "10.3.4.8", - "10.6.3.33", - "10.6.3.35", - "2.2.5.15", - "3.5.1.3.8", - "3.5.1.3.23", - "3.5.1.3.24", - "3.5.1.3.26", - "3.5.1.3.28", - "3.5.1.3.29", - "4.2.1.19", - "7.2.1.24", - "7.2.1.25", - "7.2.1.26", - "7.2.1.27", - "7.2.2.2", - "7.2.2.24", - "7.2.2.25", - "7.2.2.26", - "7.2.2.27", - "7.2.5.2", - "7.2.5.18", - "7.2.5.19", - "7.2.5.20", - "7.2.5.21", - "7.2.6.4", - "7.2.6.5", - "7.3.1.18", - "7.3.1.19", - "7.3.1.20", - "7.3.1.21", - "7.3.2.18", - "7.3.2.19", - "7.3.2.20", - "7.3.2.21", - "7.3.3.18", - "7.3.3.19", - "7.3.3.20", - "7.3.3.21", - "8.2.7.18", - "8.2.7.19", - "8.2.7.20", - "8.2.7.21", - "8.2.8.20", - "8.2.8.21", - "8.2.8.22", - "8.2.8.23", - "8.3.2.48", - "8.3.4.18", - "8.3.4.19", - "8.3.4.20", - "A1.1.2.4", - "A1.1.2.7", - "A1.1.2.14", - "A1.1.2.17", - "A1.1.2.19", - "A1.1.2.20", - "A1.1.2.22", - "A1.1.3.30", - "A1.1.3.31", - "A1.1.3.32", - "A1.1.3.33", - "A1.1.3.34", - "A1.1.3.35", - "A1.2.1.31", - "A3.4.1.4", - "A3.4.1.16", - "A3.4.1.19", - "A3.4.1.21", - "A3.4.1.22", - "A3.4.1.25" - ], - "MITRE-ATTACK": [ - "T1190" - ], - "CIS-2.0": [ - "5.1" - ], - "ProwlerThreatScore-1.0": [ - "2.2.1" - ], - "CIS-4.0": [ - "5.1" - ], - "CCC": [ - "CCC.AuditLog.CN04.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.AuditLog.CN10.AR01", - "CCC.AuditLog.CN10.AR02", - "CCC.Build.CN03.AR01", - "CCC.GenAI.CN03.AR01", - "CCC.GenAI.CN04.AR01", - "CCC.GenAI.CN08.AR01", - "CCC.Logging.CN05.AR01", - "CCC.Logging.CN05.AR02", - "CCC.MLDE.CN08.AR02", - "CCC.SvlsComp.CN01.AR01", - "CCC.Core.CN01.AR03", - "CCC.Core.CN03.AR02", - "CCC.Core.CN03.AR04", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900789, - "created_time_dt": "2025-10-19T19:06:29.756296", - "desc": "Ensure That Cloud Storage Bucket Is Not Anonymously or Publicly Accessible", - "title": "Ensure That Cloud Storage Bucket Is Not Anonymously or Publicly Accessible", - "types": [], - "uid": "prowler-gcp-cloudstorage_bucket_public_access-nodal-time-474015-p5-US-nodal-time-474015-p5-bucket" - }, - "resources": [ - { - "region": "US", - "data": { - "details": "", - "metadata": { - "name": "nodal-time-474015-p5-bucket", - "id": "nodal-time-474015-p5-bucket", - "region": "US", - "uniform_bucket_level_access": true, - "public": false, - "project_id": "nodal-time-474015-p5", - "retention_policy": { - "retentionPeriod": "2", - "effectiveTime": "2025-10-19T19:06:23.365Z" - } - } - }, - "group": { - "name": "cloudstorage" - }, - "labels": [], - "name": "nodal-time-474015-p5-bucket", - "type": "Bucket", - "uid": "nodal-time-474015-p5-bucket" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "US" - }, - "remediation": { - "desc": "It is recommended that IAM policy on Cloud Storage bucket does not allows anonymous or public access.", - "references": [ - "https://cloud.google.com/storage/docs/access-control/iam-reference" - ] - }, - "risk_details": "Allowing anonymous or public access grants permissions to anyone to access bucket content. Such access might not be desired if you are storing any sensitive data. Hence, ensure that anonymous or public access to a bucket is not allowed.", - "time": 1760900789, - "time_dt": "2025-10-19T19:06:29.756296", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Bucket cfi-logs-bucket-1fba850e has uniform Bucket Level Access enabled.", - "metadata": { - "event_code": "cloudstorage_bucket_uniform_bucket_level_access", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Bucket cfi-logs-bucket-1fba850e has uniform Bucket Level Access enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "5.2" - ], - "PCI-4.0": [ - "1.2.5.15", - "1.2.8.33", - "1.2.8.34", - "1.2.8.35", - "1.3.1.34", - "1.3.1.37", - "1.3.1.38", - "1.3.1.39", - "1.3.2.34", - "1.3.2.37", - "1.3.2.38", - "1.3.2.39", - "1.4.2.32", - "1.4.2.35", - "1.4.2.36", - "1.4.2.37", - "1.5.1.30", - "1.5.1.33", - "1.5.1.34", - "1.5.1.35", - "10.3.2.11", - "10.3.2.18", - "10.3.2.21", - "10.3.2.23", - "10.3.2.24", - "10.3.2.26", - "10.3.3.23", - "10.3.4.8", - "10.6.3.33", - "10.6.3.35", - "2.2.5.15", - "2.2.7.19", - "3.5.1.3.23", - "3.5.1.3.26", - "3.5.1.3.28", - "3.5.1.3.29", - "3.5.1.30", - "4.2.1.1.27", - "4.2.1.19", - "7.2.1.24", - "7.2.1.25", - "7.2.1.26", - "7.2.1.27", - "7.2.2.24", - "7.2.2.25", - "7.2.2.26", - "7.2.2.27", - "7.2.5.18", - "7.2.5.19", - "7.2.5.20", - "7.2.5.21", - "7.2.6.4", - "7.2.6.5", - "7.3.1.18", - "7.3.1.19", - "7.3.1.20", - "7.3.1.21", - "7.3.2.18", - "7.3.2.19", - "7.3.2.20", - "7.3.2.21", - "7.3.3.18", - "7.3.3.19", - "7.3.3.20", - "7.3.3.21", - "8.2.7.18", - "8.2.7.19", - "8.2.7.20", - "8.2.7.21", - "8.2.8.20", - "8.2.8.21", - "8.2.8.22", - "8.2.8.23", - "8.3.2.48", - "8.3.4.18", - "8.3.4.19", - "8.3.4.20", - "8.3.4.21", - "A1.1.2.14", - "A1.1.2.17", - "A1.1.2.19", - "A1.1.2.20", - "A1.1.3.30", - "A1.1.3.33", - "A1.1.3.34", - "A1.1.3.35", - "A1.2.1.31", - "A3.4.1.16", - "A3.4.1.19", - "A3.4.1.21", - "A3.4.1.22" - ], - "CIS-2.0": [ - "5.2" - ], - "CIS-4.0": [ - "5.2" - ], - "CCC": [ - "CCC.AuditLog.CN04.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.AuditLog.CN10.AR01", - "CCC.AuditLog.CN10.AR02", - "CCC.GenAI.CN03.AR01", - "CCC.GenAI.CN04.AR01", - "CCC.Logging.CN05.AR01", - "CCC.Logging.CN05.AR02", - "CCC.ObjStor.CN02.AR01", - "CCC.ObjStor.CN02.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900789, - "created_time_dt": "2025-10-19T19:06:29.756296", - "desc": "Ensure That Cloud Storage Buckets Have Uniform Bucket-Level Access Enabled", - "title": "Ensure That Cloud Storage Buckets Have Uniform Bucket-Level Access Enabled", - "types": [], - "uid": "prowler-gcp-cloudstorage_bucket_uniform_bucket_level_access-nodal-time-474015-p5-US-CENTRAL1-cfi-logs-bucket-1fba850e" - }, - "resources": [ - { - "region": "US-CENTRAL1", - "data": { - "details": "", - "metadata": { - "name": "cfi-logs-bucket-1fba850e", - "id": "cfi-logs-bucket-1fba850e", - "region": "US-CENTRAL1", - "uniform_bucket_level_access": true, - "public": false, - "project_id": "nodal-time-474015-p5", - "retention_policy": null - } - }, - "group": { - "name": "cloudstorage" - }, - "labels": [], - "name": "cfi-logs-bucket-1fba850e", - "type": "Bucket", - "uid": "cfi-logs-bucket-1fba850e" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "US-CENTRAL1" - }, - "remediation": { - "desc": "It is recommended that uniform bucket-level access is enabled on Cloud Storage buckets.", - "references": [ - "https://cloud.google.com/storage/docs/using-uniform-bucket-level-access" - ] - }, - "risk_details": "Enabling uniform bucket-level access guarantees that if a Storage bucket is not publicly accessible, no object in the bucket is publicly accessible either.", - "time": 1760900789, - "time_dt": "2025-10-19T19:06:29.756296", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Bucket cfi-logs-bucket-7a427af0 has uniform Bucket Level Access enabled.", - "metadata": { - "event_code": "cloudstorage_bucket_uniform_bucket_level_access", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Bucket cfi-logs-bucket-7a427af0 has uniform Bucket Level Access enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "5.2" - ], - "PCI-4.0": [ - "1.2.5.15", - "1.2.8.33", - "1.2.8.34", - "1.2.8.35", - "1.3.1.34", - "1.3.1.37", - "1.3.1.38", - "1.3.1.39", - "1.3.2.34", - "1.3.2.37", - "1.3.2.38", - "1.3.2.39", - "1.4.2.32", - "1.4.2.35", - "1.4.2.36", - "1.4.2.37", - "1.5.1.30", - "1.5.1.33", - "1.5.1.34", - "1.5.1.35", - "10.3.2.11", - "10.3.2.18", - "10.3.2.21", - "10.3.2.23", - "10.3.2.24", - "10.3.2.26", - "10.3.3.23", - "10.3.4.8", - "10.6.3.33", - "10.6.3.35", - "2.2.5.15", - "2.2.7.19", - "3.5.1.3.23", - "3.5.1.3.26", - "3.5.1.3.28", - "3.5.1.3.29", - "3.5.1.30", - "4.2.1.1.27", - "4.2.1.19", - "7.2.1.24", - "7.2.1.25", - "7.2.1.26", - "7.2.1.27", - "7.2.2.24", - "7.2.2.25", - "7.2.2.26", - "7.2.2.27", - "7.2.5.18", - "7.2.5.19", - "7.2.5.20", - "7.2.5.21", - "7.2.6.4", - "7.2.6.5", - "7.3.1.18", - "7.3.1.19", - "7.3.1.20", - "7.3.1.21", - "7.3.2.18", - "7.3.2.19", - "7.3.2.20", - "7.3.2.21", - "7.3.3.18", - "7.3.3.19", - "7.3.3.20", - "7.3.3.21", - "8.2.7.18", - "8.2.7.19", - "8.2.7.20", - "8.2.7.21", - "8.2.8.20", - "8.2.8.21", - "8.2.8.22", - "8.2.8.23", - "8.3.2.48", - "8.3.4.18", - "8.3.4.19", - "8.3.4.20", - "8.3.4.21", - "A1.1.2.14", - "A1.1.2.17", - "A1.1.2.19", - "A1.1.2.20", - "A1.1.3.30", - "A1.1.3.33", - "A1.1.3.34", - "A1.1.3.35", - "A1.2.1.31", - "A3.4.1.16", - "A3.4.1.19", - "A3.4.1.21", - "A3.4.1.22" - ], - "CIS-2.0": [ - "5.2" - ], - "CIS-4.0": [ - "5.2" - ], - "CCC": [ - "CCC.AuditLog.CN04.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.AuditLog.CN10.AR01", - "CCC.AuditLog.CN10.AR02", - "CCC.GenAI.CN03.AR01", - "CCC.GenAI.CN04.AR01", - "CCC.Logging.CN05.AR01", - "CCC.Logging.CN05.AR02", - "CCC.ObjStor.CN02.AR01", - "CCC.ObjStor.CN02.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900789, - "created_time_dt": "2025-10-19T19:06:29.756296", - "desc": "Ensure That Cloud Storage Buckets Have Uniform Bucket-Level Access Enabled", - "title": "Ensure That Cloud Storage Buckets Have Uniform Bucket-Level Access Enabled", - "types": [], - "uid": "prowler-gcp-cloudstorage_bucket_uniform_bucket_level_access-nodal-time-474015-p5-US-CENTRAL1-cfi-logs-bucket-7a427af0" - }, - "resources": [ - { - "region": "US-CENTRAL1", - "data": { - "details": "", - "metadata": { - "name": "cfi-logs-bucket-7a427af0", - "id": "cfi-logs-bucket-7a427af0", - "region": "US-CENTRAL1", - "uniform_bucket_level_access": true, - "public": false, - "project_id": "nodal-time-474015-p5", - "retention_policy": null - } - }, - "group": { - "name": "cloudstorage" - }, - "labels": [], - "name": "cfi-logs-bucket-7a427af0", - "type": "Bucket", - "uid": "cfi-logs-bucket-7a427af0" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "US-CENTRAL1" - }, - "remediation": { - "desc": "It is recommended that uniform bucket-level access is enabled on Cloud Storage buckets.", - "references": [ - "https://cloud.google.com/storage/docs/using-uniform-bucket-level-access" - ] - }, - "risk_details": "Enabling uniform bucket-level access guarantees that if a Storage bucket is not publicly accessible, no object in the bucket is publicly accessible either.", - "time": 1760900789, - "time_dt": "2025-10-19T19:06:29.756296", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Bucket cfi-logs-bucket-a1aaa547 has uniform Bucket Level Access enabled.", - "metadata": { - "event_code": "cloudstorage_bucket_uniform_bucket_level_access", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Bucket cfi-logs-bucket-a1aaa547 has uniform Bucket Level Access enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "5.2" - ], - "PCI-4.0": [ - "1.2.5.15", - "1.2.8.33", - "1.2.8.34", - "1.2.8.35", - "1.3.1.34", - "1.3.1.37", - "1.3.1.38", - "1.3.1.39", - "1.3.2.34", - "1.3.2.37", - "1.3.2.38", - "1.3.2.39", - "1.4.2.32", - "1.4.2.35", - "1.4.2.36", - "1.4.2.37", - "1.5.1.30", - "1.5.1.33", - "1.5.1.34", - "1.5.1.35", - "10.3.2.11", - "10.3.2.18", - "10.3.2.21", - "10.3.2.23", - "10.3.2.24", - "10.3.2.26", - "10.3.3.23", - "10.3.4.8", - "10.6.3.33", - "10.6.3.35", - "2.2.5.15", - "2.2.7.19", - "3.5.1.3.23", - "3.5.1.3.26", - "3.5.1.3.28", - "3.5.1.3.29", - "3.5.1.30", - "4.2.1.1.27", - "4.2.1.19", - "7.2.1.24", - "7.2.1.25", - "7.2.1.26", - "7.2.1.27", - "7.2.2.24", - "7.2.2.25", - "7.2.2.26", - "7.2.2.27", - "7.2.5.18", - "7.2.5.19", - "7.2.5.20", - "7.2.5.21", - "7.2.6.4", - "7.2.6.5", - "7.3.1.18", - "7.3.1.19", - "7.3.1.20", - "7.3.1.21", - "7.3.2.18", - "7.3.2.19", - "7.3.2.20", - "7.3.2.21", - "7.3.3.18", - "7.3.3.19", - "7.3.3.20", - "7.3.3.21", - "8.2.7.18", - "8.2.7.19", - "8.2.7.20", - "8.2.7.21", - "8.2.8.20", - "8.2.8.21", - "8.2.8.22", - "8.2.8.23", - "8.3.2.48", - "8.3.4.18", - "8.3.4.19", - "8.3.4.20", - "8.3.4.21", - "A1.1.2.14", - "A1.1.2.17", - "A1.1.2.19", - "A1.1.2.20", - "A1.1.3.30", - "A1.1.3.33", - "A1.1.3.34", - "A1.1.3.35", - "A1.2.1.31", - "A3.4.1.16", - "A3.4.1.19", - "A3.4.1.21", - "A3.4.1.22" - ], - "CIS-2.0": [ - "5.2" - ], - "CIS-4.0": [ - "5.2" - ], - "CCC": [ - "CCC.AuditLog.CN04.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.AuditLog.CN10.AR01", - "CCC.AuditLog.CN10.AR02", - "CCC.GenAI.CN03.AR01", - "CCC.GenAI.CN04.AR01", - "CCC.Logging.CN05.AR01", - "CCC.Logging.CN05.AR02", - "CCC.ObjStor.CN02.AR01", - "CCC.ObjStor.CN02.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900789, - "created_time_dt": "2025-10-19T19:06:29.756296", - "desc": "Ensure That Cloud Storage Buckets Have Uniform Bucket-Level Access Enabled", - "title": "Ensure That Cloud Storage Buckets Have Uniform Bucket-Level Access Enabled", - "types": [], - "uid": "prowler-gcp-cloudstorage_bucket_uniform_bucket_level_access-nodal-time-474015-p5-US-CENTRAL1-cfi-logs-bucket-a1aaa547" - }, - "resources": [ - { - "region": "US-CENTRAL1", - "data": { - "details": "", - "metadata": { - "name": "cfi-logs-bucket-a1aaa547", - "id": "cfi-logs-bucket-a1aaa547", - "region": "US-CENTRAL1", - "uniform_bucket_level_access": true, - "public": false, - "project_id": "nodal-time-474015-p5", - "retention_policy": null - } - }, - "group": { - "name": "cloudstorage" - }, - "labels": [], - "name": "cfi-logs-bucket-a1aaa547", - "type": "Bucket", - "uid": "cfi-logs-bucket-a1aaa547" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "US-CENTRAL1" - }, - "remediation": { - "desc": "It is recommended that uniform bucket-level access is enabled on Cloud Storage buckets.", - "references": [ - "https://cloud.google.com/storage/docs/using-uniform-bucket-level-access" - ] - }, - "risk_details": "Enabling uniform bucket-level access guarantees that if a Storage bucket is not publicly accessible, no object in the bucket is publicly accessible either.", - "time": 1760900789, - "time_dt": "2025-10-19T19:06:29.756296", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Bucket nodal-time-474015-p5-bucket has uniform Bucket Level Access enabled.", - "metadata": { - "event_code": "cloudstorage_bucket_uniform_bucket_level_access", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Bucket nodal-time-474015-p5-bucket has uniform Bucket Level Access enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "5.2" - ], - "PCI-4.0": [ - "1.2.5.15", - "1.2.8.33", - "1.2.8.34", - "1.2.8.35", - "1.3.1.34", - "1.3.1.37", - "1.3.1.38", - "1.3.1.39", - "1.3.2.34", - "1.3.2.37", - "1.3.2.38", - "1.3.2.39", - "1.4.2.32", - "1.4.2.35", - "1.4.2.36", - "1.4.2.37", - "1.5.1.30", - "1.5.1.33", - "1.5.1.34", - "1.5.1.35", - "10.3.2.11", - "10.3.2.18", - "10.3.2.21", - "10.3.2.23", - "10.3.2.24", - "10.3.2.26", - "10.3.3.23", - "10.3.4.8", - "10.6.3.33", - "10.6.3.35", - "2.2.5.15", - "2.2.7.19", - "3.5.1.3.23", - "3.5.1.3.26", - "3.5.1.3.28", - "3.5.1.3.29", - "3.5.1.30", - "4.2.1.1.27", - "4.2.1.19", - "7.2.1.24", - "7.2.1.25", - "7.2.1.26", - "7.2.1.27", - "7.2.2.24", - "7.2.2.25", - "7.2.2.26", - "7.2.2.27", - "7.2.5.18", - "7.2.5.19", - "7.2.5.20", - "7.2.5.21", - "7.2.6.4", - "7.2.6.5", - "7.3.1.18", - "7.3.1.19", - "7.3.1.20", - "7.3.1.21", - "7.3.2.18", - "7.3.2.19", - "7.3.2.20", - "7.3.2.21", - "7.3.3.18", - "7.3.3.19", - "7.3.3.20", - "7.3.3.21", - "8.2.7.18", - "8.2.7.19", - "8.2.7.20", - "8.2.7.21", - "8.2.8.20", - "8.2.8.21", - "8.2.8.22", - "8.2.8.23", - "8.3.2.48", - "8.3.4.18", - "8.3.4.19", - "8.3.4.20", - "8.3.4.21", - "A1.1.2.14", - "A1.1.2.17", - "A1.1.2.19", - "A1.1.2.20", - "A1.1.3.30", - "A1.1.3.33", - "A1.1.3.34", - "A1.1.3.35", - "A1.2.1.31", - "A3.4.1.16", - "A3.4.1.19", - "A3.4.1.21", - "A3.4.1.22" - ], - "CIS-2.0": [ - "5.2" - ], - "CIS-4.0": [ - "5.2" - ], - "CCC": [ - "CCC.AuditLog.CN04.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.AuditLog.CN10.AR01", - "CCC.AuditLog.CN10.AR02", - "CCC.GenAI.CN03.AR01", - "CCC.GenAI.CN04.AR01", - "CCC.Logging.CN05.AR01", - "CCC.Logging.CN05.AR02", - "CCC.ObjStor.CN02.AR01", - "CCC.ObjStor.CN02.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900789, - "created_time_dt": "2025-10-19T19:06:29.756296", - "desc": "Ensure That Cloud Storage Buckets Have Uniform Bucket-Level Access Enabled", - "title": "Ensure That Cloud Storage Buckets Have Uniform Bucket-Level Access Enabled", - "types": [], - "uid": "prowler-gcp-cloudstorage_bucket_uniform_bucket_level_access-nodal-time-474015-p5-US-nodal-time-474015-p5-bucket" - }, - "resources": [ - { - "region": "US", - "data": { - "details": "", - "metadata": { - "name": "nodal-time-474015-p5-bucket", - "id": "nodal-time-474015-p5-bucket", - "region": "US", - "uniform_bucket_level_access": true, - "public": false, - "project_id": "nodal-time-474015-p5", - "retention_policy": { - "retentionPeriod": "2", - "effectiveTime": "2025-10-19T19:06:23.365Z" - } - } - }, - "group": { - "name": "cloudstorage" - }, - "labels": [], - "name": "nodal-time-474015-p5-bucket", - "type": "Bucket", - "uid": "nodal-time-474015-p5-bucket" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "US" - }, - "remediation": { - "desc": "It is recommended that uniform bucket-level access is enabled on Cloud Storage buckets.", - "references": [ - "https://cloud.google.com/storage/docs/using-uniform-bucket-level-access" - ] - }, - "risk_details": "Enabling uniform bucket-level access guarantees that if a Storage bucket is not publicly accessible, no object in the bucket is publicly accessible either.", - "time": 1760900789, - "time_dt": "2025-10-19T19:06:29.756296", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Firewall default-allow-icmp does not expose port 3389 (RDP) to the internet.", - "metadata": { - "event_code": "compute_firewall_rdp_access_from_the_internet_allowed", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "PASS", - "status_detail": "Firewall default-allow-icmp does not expose port 3389 (RDP) to the internet.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.7" - ], - "SOC2": [ - "cc_6_6", - "cc_6_7" - ], - "ISO27001-2022": [ - "A.8.20" - ], - "ENS-RD2022": [ - "mp.com.1.gcp.fw.1" - ], - "PCI-4.0": [ - "1.2.5.17", - "1.2.8.21", - "1.2.8.41", - "1.3.1.24", - "1.3.2.24", - "1.3.2.45", - "1.4.2.19", - "1.4.2.22", - "1.5.1.21", - "1.5.1.40", - "10.3.2.12", - "2.2.5.17", - "3.5.1.3.14", - "A1.1.2.8", - "A1.1.3.16", - "A1.1.3.21", - "A1.1.3.40" - ], - "MITRE-ATTACK": [ - "T1190", - "T1199", - "T1048", - "T1498", - "T1046" - ], - "CIS-2.0": [ - "3.7" - ], - "NIS2": [ - "1.1.1.c", - "1.2.1", - "2.1.2.e", - "2.1.2.g", - "2.2.1", - "2.3.1", - "6.7.2.b", - "6.7.2.i", - "11.1.1", - "12.2.2.c" - ], - "ProwlerThreatScore-1.0": [ - "2.1.5" - ], - "CIS-4.0": [ - "3.7" - ], - "CCC": [ - "CCC.Build.CN03.AR01", - "CCC.DataWar.CN03.AR01", - "CCC.GenAI.CN04.AR01", - "CCC.MLDE.CN03.AR02", - "CCC.MLDE.CN04.AR02", - "CCC.MLDE.CN05.AR02", - "CCC.MLDE.CN07.AR01", - "CCC.MLDE.CN07.AR02", - "CCC.MLDE.CN08.AR01", - "CCC.MLDE.CN08.AR02", - "CCC.SvlsComp.CN01.AR01", - "CCC.Core.CN01.AR03", - "CCC.Core.CN01.AR07", - "CCC.Core.CN03.AR02", - "CCC.Core.CN03.AR04", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900789, - "created_time_dt": "2025-10-19T19:06:29.756296", - "desc": "GCP `Firewall Rules` are specific to a `VPC Network`. Each rule either `allows` or `denies` traffic when its conditions are met. Its conditions allow users to specify the type of traffic, such as ports and protocols, and the source or destination of the traffic, including IP addresses, subnets, and instances. Firewall rules are defined at the VPC network level and are specific to the network in which they are defined. The rules themselves cannot be shared among networks. Firewall rules only support IPv4 traffic. When specifying a source for an ingress rule or a destination for an egress rule by address, an `IPv4` address or `IPv4 block in CIDR` notation can be used. Generic `(0.0.0.0/0)` incoming traffic from the Internet to a VPC or VM instance using `RDP` on `Port 3389` can be avoided.", - "title": "Ensure That RDP Access Is Restricted From the Internet", - "types": [], - "uid": "prowler-gcp-compute_firewall_rdp_access_from_the_internet_allowed-nodal-time-474015-p5-global-default-allow-icmp" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "default-allow-icmp", - "id": "613284056905897095", - "source_ranges": [ - "0.0.0.0/0" - ], - "direction": "INGRESS", - "allowed_rules": [ - { - "IPProtocol": "icmp" - } - ], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default-allow-icmp", - "type": "FirewallRule", - "uid": "613284056905897095" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "Ensure that Google Cloud Virtual Private Cloud (VPC) firewall rules do not allow unrestricted access (i.e. 0.0.0.0/0) on TCP port 3389 in order to restrict Remote Desktop Protocol (RDP) traffic to trusted IP addresses or IP ranges only and reduce the attack surface. TCP port 3389 is used for secure remote GUI login to Windows VM instances by connecting a RDP client application with an RDP server.", - "references": [ - "https://cloud.google.com/vpc/docs/using-firewalls" - ] - }, - "risk_details": "Allowing unrestricted Remote Desktop Protocol (RDP) access can increase opportunities for malicious activities such as hacking, Man-In-The-Middle attacks (MITM) and Pass-The-Hash (PTH) attacks.", - "time": 1760900789, - "time_dt": "2025-10-19T19:06:29.756296", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Firewall default-allow-internal does not expose port 3389 (RDP) to the internet.", - "metadata": { - "event_code": "compute_firewall_rdp_access_from_the_internet_allowed", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "PASS", - "status_detail": "Firewall default-allow-internal does not expose port 3389 (RDP) to the internet.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.7" - ], - "SOC2": [ - "cc_6_6", - "cc_6_7" - ], - "ISO27001-2022": [ - "A.8.20" - ], - "ENS-RD2022": [ - "mp.com.1.gcp.fw.1" - ], - "PCI-4.0": [ - "1.2.5.17", - "1.2.8.21", - "1.2.8.41", - "1.3.1.24", - "1.3.2.24", - "1.3.2.45", - "1.4.2.19", - "1.4.2.22", - "1.5.1.21", - "1.5.1.40", - "10.3.2.12", - "2.2.5.17", - "3.5.1.3.14", - "A1.1.2.8", - "A1.1.3.16", - "A1.1.3.21", - "A1.1.3.40" - ], - "MITRE-ATTACK": [ - "T1190", - "T1199", - "T1048", - "T1498", - "T1046" - ], - "CIS-2.0": [ - "3.7" - ], - "NIS2": [ - "1.1.1.c", - "1.2.1", - "2.1.2.e", - "2.1.2.g", - "2.2.1", - "2.3.1", - "6.7.2.b", - "6.7.2.i", - "11.1.1", - "12.2.2.c" - ], - "ProwlerThreatScore-1.0": [ - "2.1.5" - ], - "CIS-4.0": [ - "3.7" - ], - "CCC": [ - "CCC.Build.CN03.AR01", - "CCC.DataWar.CN03.AR01", - "CCC.GenAI.CN04.AR01", - "CCC.MLDE.CN03.AR02", - "CCC.MLDE.CN04.AR02", - "CCC.MLDE.CN05.AR02", - "CCC.MLDE.CN07.AR01", - "CCC.MLDE.CN07.AR02", - "CCC.MLDE.CN08.AR01", - "CCC.MLDE.CN08.AR02", - "CCC.SvlsComp.CN01.AR01", - "CCC.Core.CN01.AR03", - "CCC.Core.CN01.AR07", - "CCC.Core.CN03.AR02", - "CCC.Core.CN03.AR04", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900789, - "created_time_dt": "2025-10-19T19:06:29.756296", - "desc": "GCP `Firewall Rules` are specific to a `VPC Network`. Each rule either `allows` or `denies` traffic when its conditions are met. Its conditions allow users to specify the type of traffic, such as ports and protocols, and the source or destination of the traffic, including IP addresses, subnets, and instances. Firewall rules are defined at the VPC network level and are specific to the network in which they are defined. The rules themselves cannot be shared among networks. Firewall rules only support IPv4 traffic. When specifying a source for an ingress rule or a destination for an egress rule by address, an `IPv4` address or `IPv4 block in CIDR` notation can be used. Generic `(0.0.0.0/0)` incoming traffic from the Internet to a VPC or VM instance using `RDP` on `Port 3389` can be avoided.", - "title": "Ensure That RDP Access Is Restricted From the Internet", - "types": [], - "uid": "prowler-gcp-compute_firewall_rdp_access_from_the_internet_allowed-nodal-time-474015-p5-global-default-allow-internal" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "default-allow-internal", - "id": "7344732286417982599", - "source_ranges": [ - "10.128.0.0/9" - ], - "direction": "INGRESS", - "allowed_rules": [ - { - "IPProtocol": "tcp", - "ports": [ - "0-65535" - ] - }, - { - "IPProtocol": "udp", - "ports": [ - "0-65535" - ] - }, - { - "IPProtocol": "icmp" - } - ], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default-allow-internal", - "type": "FirewallRule", - "uid": "7344732286417982599" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "Ensure that Google Cloud Virtual Private Cloud (VPC) firewall rules do not allow unrestricted access (i.e. 0.0.0.0/0) on TCP port 3389 in order to restrict Remote Desktop Protocol (RDP) traffic to trusted IP addresses or IP ranges only and reduce the attack surface. TCP port 3389 is used for secure remote GUI login to Windows VM instances by connecting a RDP client application with an RDP server.", - "references": [ - "https://cloud.google.com/vpc/docs/using-firewalls" - ] - }, - "risk_details": "Allowing unrestricted Remote Desktop Protocol (RDP) access can increase opportunities for malicious activities such as hacking, Man-In-The-Middle attacks (MITM) and Pass-The-Hash (PTH) attacks.", - "time": 1760900789, - "time_dt": "2025-10-19T19:06:29.756296", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Firewall default-allow-rdp does exposes port 3389 (RDP) to the internet.", - "metadata": { - "event_code": "compute_firewall_rdp_access_from_the_internet_allowed", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "FAIL", - "status_detail": "Firewall default-allow-rdp does exposes port 3389 (RDP) to the internet.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.7" - ], - "SOC2": [ - "cc_6_6", - "cc_6_7" - ], - "ISO27001-2022": [ - "A.8.20" - ], - "ENS-RD2022": [ - "mp.com.1.gcp.fw.1" - ], - "PCI-4.0": [ - "1.2.5.17", - "1.2.8.21", - "1.2.8.41", - "1.3.1.24", - "1.3.2.24", - "1.3.2.45", - "1.4.2.19", - "1.4.2.22", - "1.5.1.21", - "1.5.1.40", - "10.3.2.12", - "2.2.5.17", - "3.5.1.3.14", - "A1.1.2.8", - "A1.1.3.16", - "A1.1.3.21", - "A1.1.3.40" - ], - "MITRE-ATTACK": [ - "T1190", - "T1199", - "T1048", - "T1498", - "T1046" - ], - "CIS-2.0": [ - "3.7" - ], - "NIS2": [ - "1.1.1.c", - "1.2.1", - "2.1.2.e", - "2.1.2.g", - "2.2.1", - "2.3.1", - "6.7.2.b", - "6.7.2.i", - "11.1.1", - "12.2.2.c" - ], - "ProwlerThreatScore-1.0": [ - "2.1.5" - ], - "CIS-4.0": [ - "3.7" - ], - "CCC": [ - "CCC.Build.CN03.AR01", - "CCC.DataWar.CN03.AR01", - "CCC.GenAI.CN04.AR01", - "CCC.MLDE.CN03.AR02", - "CCC.MLDE.CN04.AR02", - "CCC.MLDE.CN05.AR02", - "CCC.MLDE.CN07.AR01", - "CCC.MLDE.CN07.AR02", - "CCC.MLDE.CN08.AR01", - "CCC.MLDE.CN08.AR02", - "CCC.SvlsComp.CN01.AR01", - "CCC.Core.CN01.AR03", - "CCC.Core.CN01.AR07", - "CCC.Core.CN03.AR02", - "CCC.Core.CN03.AR04", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900789, - "created_time_dt": "2025-10-19T19:06:29.756296", - "desc": "GCP `Firewall Rules` are specific to a `VPC Network`. Each rule either `allows` or `denies` traffic when its conditions are met. Its conditions allow users to specify the type of traffic, such as ports and protocols, and the source or destination of the traffic, including IP addresses, subnets, and instances. Firewall rules are defined at the VPC network level and are specific to the network in which they are defined. The rules themselves cannot be shared among networks. Firewall rules only support IPv4 traffic. When specifying a source for an ingress rule or a destination for an egress rule by address, an `IPv4` address or `IPv4 block in CIDR` notation can be used. Generic `(0.0.0.0/0)` incoming traffic from the Internet to a VPC or VM instance using `RDP` on `Port 3389` can be avoided.", - "title": "Ensure That RDP Access Is Restricted From the Internet", - "types": [], - "uid": "prowler-gcp-compute_firewall_rdp_access_from_the_internet_allowed-nodal-time-474015-p5-global-default-allow-rdp" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "default-allow-rdp", - "id": "438688946219209863", - "source_ranges": [ - "0.0.0.0/0" - ], - "direction": "INGRESS", - "allowed_rules": [ - { - "IPProtocol": "tcp", - "ports": [ - "3389" - ] - } - ], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default-allow-rdp", - "type": "FirewallRule", - "uid": "438688946219209863" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "Ensure that Google Cloud Virtual Private Cloud (VPC) firewall rules do not allow unrestricted access (i.e. 0.0.0.0/0) on TCP port 3389 in order to restrict Remote Desktop Protocol (RDP) traffic to trusted IP addresses or IP ranges only and reduce the attack surface. TCP port 3389 is used for secure remote GUI login to Windows VM instances by connecting a RDP client application with an RDP server.", - "references": [ - "https://cloud.google.com/vpc/docs/using-firewalls" - ] - }, - "risk_details": "Allowing unrestricted Remote Desktop Protocol (RDP) access can increase opportunities for malicious activities such as hacking, Man-In-The-Middle attacks (MITM) and Pass-The-Hash (PTH) attacks.", - "time": 1760900789, - "time_dt": "2025-10-19T19:06:29.756296", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Firewall default-allow-ssh does not expose port 3389 (RDP) to the internet.", - "metadata": { - "event_code": "compute_firewall_rdp_access_from_the_internet_allowed", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "PASS", - "status_detail": "Firewall default-allow-ssh does not expose port 3389 (RDP) to the internet.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.7" - ], - "SOC2": [ - "cc_6_6", - "cc_6_7" - ], - "ISO27001-2022": [ - "A.8.20" - ], - "ENS-RD2022": [ - "mp.com.1.gcp.fw.1" - ], - "PCI-4.0": [ - "1.2.5.17", - "1.2.8.21", - "1.2.8.41", - "1.3.1.24", - "1.3.2.24", - "1.3.2.45", - "1.4.2.19", - "1.4.2.22", - "1.5.1.21", - "1.5.1.40", - "10.3.2.12", - "2.2.5.17", - "3.5.1.3.14", - "A1.1.2.8", - "A1.1.3.16", - "A1.1.3.21", - "A1.1.3.40" - ], - "MITRE-ATTACK": [ - "T1190", - "T1199", - "T1048", - "T1498", - "T1046" - ], - "CIS-2.0": [ - "3.7" - ], - "NIS2": [ - "1.1.1.c", - "1.2.1", - "2.1.2.e", - "2.1.2.g", - "2.2.1", - "2.3.1", - "6.7.2.b", - "6.7.2.i", - "11.1.1", - "12.2.2.c" - ], - "ProwlerThreatScore-1.0": [ - "2.1.5" - ], - "CIS-4.0": [ - "3.7" - ], - "CCC": [ - "CCC.Build.CN03.AR01", - "CCC.DataWar.CN03.AR01", - "CCC.GenAI.CN04.AR01", - "CCC.MLDE.CN03.AR02", - "CCC.MLDE.CN04.AR02", - "CCC.MLDE.CN05.AR02", - "CCC.MLDE.CN07.AR01", - "CCC.MLDE.CN07.AR02", - "CCC.MLDE.CN08.AR01", - "CCC.MLDE.CN08.AR02", - "CCC.SvlsComp.CN01.AR01", - "CCC.Core.CN01.AR03", - "CCC.Core.CN01.AR07", - "CCC.Core.CN03.AR02", - "CCC.Core.CN03.AR04", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900789, - "created_time_dt": "2025-10-19T19:06:29.756296", - "desc": "GCP `Firewall Rules` are specific to a `VPC Network`. Each rule either `allows` or `denies` traffic when its conditions are met. Its conditions allow users to specify the type of traffic, such as ports and protocols, and the source or destination of the traffic, including IP addresses, subnets, and instances. Firewall rules are defined at the VPC network level and are specific to the network in which they are defined. The rules themselves cannot be shared among networks. Firewall rules only support IPv4 traffic. When specifying a source for an ingress rule or a destination for an egress rule by address, an `IPv4` address or `IPv4 block in CIDR` notation can be used. Generic `(0.0.0.0/0)` incoming traffic from the Internet to a VPC or VM instance using `RDP` on `Port 3389` can be avoided.", - "title": "Ensure That RDP Access Is Restricted From the Internet", - "types": [], - "uid": "prowler-gcp-compute_firewall_rdp_access_from_the_internet_allowed-nodal-time-474015-p5-global-default-allow-ssh" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "default-allow-ssh", - "id": "4612266095473677447", - "source_ranges": [ - "0.0.0.0/0" - ], - "direction": "INGRESS", - "allowed_rules": [ - { - "IPProtocol": "tcp", - "ports": [ - "22" - ] - } - ], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default-allow-ssh", - "type": "FirewallRule", - "uid": "4612266095473677447" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "Ensure that Google Cloud Virtual Private Cloud (VPC) firewall rules do not allow unrestricted access (i.e. 0.0.0.0/0) on TCP port 3389 in order to restrict Remote Desktop Protocol (RDP) traffic to trusted IP addresses or IP ranges only and reduce the attack surface. TCP port 3389 is used for secure remote GUI login to Windows VM instances by connecting a RDP client application with an RDP server.", - "references": [ - "https://cloud.google.com/vpc/docs/using-firewalls" - ] - }, - "risk_details": "Allowing unrestricted Remote Desktop Protocol (RDP) access can increase opportunities for malicious activities such as hacking, Man-In-The-Middle attacks (MITM) and Pass-The-Hash (PTH) attacks.", - "time": 1760900789, - "time_dt": "2025-10-19T19:06:29.756296", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Firewall default-allow-icmp does not expose port 22 (SSH) to the internet.", - "metadata": { - "event_code": "compute_firewall_ssh_access_from_the_internet_allowed", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "PASS", - "status_detail": "Firewall default-allow-icmp does not expose port 22 (SSH) to the internet.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.6" - ], - "SOC2": [ - "cc_6_6", - "cc_6_7" - ], - "ISO27001-2022": [ - "A.8.20" - ], - "ENS-RD2022": [ - "mp.com.1.gcp.fw.2" - ], - "PCI-4.0": [ - "1.2.5.17", - "1.2.8.16", - "1.2.8.17", - "1.2.8.21", - "1.2.8.25", - "1.2.8.40", - "1.2.8.41", - "1.3.1.18", - "1.3.1.19", - "1.3.1.24", - "1.3.2.15", - "1.3.2.18", - "1.3.2.19", - "1.3.2.24", - "1.3.2.45", - "1.4.2.17", - "1.4.2.18", - "1.4.2.19", - "1.4.2.22", - "1.4.2.24", - "1.5.1.16", - "1.5.1.17", - "1.5.1.21", - "1.5.1.40", - "10.3.2.12", - "2.2.5.17", - "3.5.1.3.14", - "A1.1.2.8", - "A1.1.3.16", - "A1.1.3.17", - "A1.1.3.21", - "A1.1.3.23", - "A1.1.3.40", - "A3.4.1.8" - ], - "MITRE-ATTACK": [ - "T1190", - "T1199", - "T1048", - "T1498", - "T1046" - ], - "CIS-2.0": [ - "3.6" - ], - "NIS2": [ - "1.1.1.c", - "1.2.1", - "2.1.2.e", - "2.1.2.g", - "2.2.1", - "2.3.1", - "6.7.2.b", - "6.7.2.i", - "11.1.1", - "11.6.2.a", - "11.7.2", - "12.2.2.c" - ], - "ProwlerThreatScore-1.0": [ - "2.1.4" - ], - "CIS-4.0": [ - "3.6" - ], - "CCC": [ - "CCC.Build.CN03.AR01", - "CCC.DataWar.CN03.AR01", - "CCC.GenAI.CN04.AR01", - "CCC.MLDE.CN03.AR01", - "CCC.MLDE.CN03.AR02", - "CCC.MLDE.CN04.AR02", - "CCC.MLDE.CN05.AR02", - "CCC.MLDE.CN07.AR01", - "CCC.MLDE.CN07.AR02", - "CCC.MLDE.CN08.AR01", - "CCC.MLDE.CN08.AR02", - "CCC.SvlsComp.CN01.AR01", - "CCC.Core.CN01.AR02", - "CCC.Core.CN01.AR03", - "CCC.Core.CN01.AR07", - "CCC.Core.CN03.AR02", - "CCC.Core.CN03.AR04", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900789, - "created_time_dt": "2025-10-19T19:06:29.756296", - "desc": "GCP `Firewall Rules` are specific to a `VPC Network`. Each rule either `allows` or `denies` traffic when its conditions are met. Its conditions allow the user to specify the type of traffic, such as ports and protocols, and the source or destination of the traffic, including IP addresses, subnets, and instances. Firewall rules are defined at the VPC network level and are specific to the network in which they are defined. The rules themselves cannot be shared among networks. Firewall rules only support IPv4 traffic. When specifying a source for an ingress rule or a destination for an egress rule by address, only an `IPv4` address or `IPv4 block in CIDR` notation can be used. Generic `(0.0.0.0/0)` incoming traffic from the internet to VPC or VM instance using `SSH` on `Port 22` can be avoided.", - "title": "Ensure That SSH Access Is Restricted From the Internet", - "types": [], - "uid": "prowler-gcp-compute_firewall_ssh_access_from_the_internet_allowed-nodal-time-474015-p5-global-default-allow-icmp" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "default-allow-icmp", - "id": "613284056905897095", - "source_ranges": [ - "0.0.0.0/0" - ], - "direction": "INGRESS", - "allowed_rules": [ - { - "IPProtocol": "icmp" - } - ], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default-allow-icmp", - "type": "FirewallRule", - "uid": "613284056905897095" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "Check your Google Cloud Virtual Private Cloud (VPC) firewall rules for inbound rules that allow unrestricted access (i.e. 0.0.0.0/0) on TCP port 22 and restrict the access to trusted IP addresses or IP ranges only in order to implement the principle of least privilege and reduce the attack surface. TCP port 22 is used for secure remote login by connecting an SSH client application with an SSH server. It is strongly recommended to configure your Google Cloud VPC firewall rules to limit inbound traffic on TCP port 22 to known IP addresses only.", - "references": [ - "https://cloud.google.com/vpc/docs/using-firewalls" - ] - }, - "risk_details": "Exposing Secure Shell (SSH) port 22 to the Internet can increase opportunities for malicious activities such as hacking, Man-In-The-Middle attacks (MITM) and brute-force attacks.", - "time": 1760900789, - "time_dt": "2025-10-19T19:06:29.756296", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Firewall default-allow-internal does not expose port 22 (SSH) to the internet.", - "metadata": { - "event_code": "compute_firewall_ssh_access_from_the_internet_allowed", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "PASS", - "status_detail": "Firewall default-allow-internal does not expose port 22 (SSH) to the internet.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.6" - ], - "SOC2": [ - "cc_6_6", - "cc_6_7" - ], - "ISO27001-2022": [ - "A.8.20" - ], - "ENS-RD2022": [ - "mp.com.1.gcp.fw.2" - ], - "PCI-4.0": [ - "1.2.5.17", - "1.2.8.16", - "1.2.8.17", - "1.2.8.21", - "1.2.8.25", - "1.2.8.40", - "1.2.8.41", - "1.3.1.18", - "1.3.1.19", - "1.3.1.24", - "1.3.2.15", - "1.3.2.18", - "1.3.2.19", - "1.3.2.24", - "1.3.2.45", - "1.4.2.17", - "1.4.2.18", - "1.4.2.19", - "1.4.2.22", - "1.4.2.24", - "1.5.1.16", - "1.5.1.17", - "1.5.1.21", - "1.5.1.40", - "10.3.2.12", - "2.2.5.17", - "3.5.1.3.14", - "A1.1.2.8", - "A1.1.3.16", - "A1.1.3.17", - "A1.1.3.21", - "A1.1.3.23", - "A1.1.3.40", - "A3.4.1.8" - ], - "MITRE-ATTACK": [ - "T1190", - "T1199", - "T1048", - "T1498", - "T1046" - ], - "CIS-2.0": [ - "3.6" - ], - "NIS2": [ - "1.1.1.c", - "1.2.1", - "2.1.2.e", - "2.1.2.g", - "2.2.1", - "2.3.1", - "6.7.2.b", - "6.7.2.i", - "11.1.1", - "11.6.2.a", - "11.7.2", - "12.2.2.c" - ], - "ProwlerThreatScore-1.0": [ - "2.1.4" - ], - "CIS-4.0": [ - "3.6" - ], - "CCC": [ - "CCC.Build.CN03.AR01", - "CCC.DataWar.CN03.AR01", - "CCC.GenAI.CN04.AR01", - "CCC.MLDE.CN03.AR01", - "CCC.MLDE.CN03.AR02", - "CCC.MLDE.CN04.AR02", - "CCC.MLDE.CN05.AR02", - "CCC.MLDE.CN07.AR01", - "CCC.MLDE.CN07.AR02", - "CCC.MLDE.CN08.AR01", - "CCC.MLDE.CN08.AR02", - "CCC.SvlsComp.CN01.AR01", - "CCC.Core.CN01.AR02", - "CCC.Core.CN01.AR03", - "CCC.Core.CN01.AR07", - "CCC.Core.CN03.AR02", - "CCC.Core.CN03.AR04", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900789, - "created_time_dt": "2025-10-19T19:06:29.756296", - "desc": "GCP `Firewall Rules` are specific to a `VPC Network`. Each rule either `allows` or `denies` traffic when its conditions are met. Its conditions allow the user to specify the type of traffic, such as ports and protocols, and the source or destination of the traffic, including IP addresses, subnets, and instances. Firewall rules are defined at the VPC network level and are specific to the network in which they are defined. The rules themselves cannot be shared among networks. Firewall rules only support IPv4 traffic. When specifying a source for an ingress rule or a destination for an egress rule by address, only an `IPv4` address or `IPv4 block in CIDR` notation can be used. Generic `(0.0.0.0/0)` incoming traffic from the internet to VPC or VM instance using `SSH` on `Port 22` can be avoided.", - "title": "Ensure That SSH Access Is Restricted From the Internet", - "types": [], - "uid": "prowler-gcp-compute_firewall_ssh_access_from_the_internet_allowed-nodal-time-474015-p5-global-default-allow-internal" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "default-allow-internal", - "id": "7344732286417982599", - "source_ranges": [ - "10.128.0.0/9" - ], - "direction": "INGRESS", - "allowed_rules": [ - { - "IPProtocol": "tcp", - "ports": [ - "0-65535" - ] - }, - { - "IPProtocol": "udp", - "ports": [ - "0-65535" - ] - }, - { - "IPProtocol": "icmp" - } - ], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default-allow-internal", - "type": "FirewallRule", - "uid": "7344732286417982599" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "Check your Google Cloud Virtual Private Cloud (VPC) firewall rules for inbound rules that allow unrestricted access (i.e. 0.0.0.0/0) on TCP port 22 and restrict the access to trusted IP addresses or IP ranges only in order to implement the principle of least privilege and reduce the attack surface. TCP port 22 is used for secure remote login by connecting an SSH client application with an SSH server. It is strongly recommended to configure your Google Cloud VPC firewall rules to limit inbound traffic on TCP port 22 to known IP addresses only.", - "references": [ - "https://cloud.google.com/vpc/docs/using-firewalls" - ] - }, - "risk_details": "Exposing Secure Shell (SSH) port 22 to the Internet can increase opportunities for malicious activities such as hacking, Man-In-The-Middle attacks (MITM) and brute-force attacks.", - "time": 1760900789, - "time_dt": "2025-10-19T19:06:29.756296", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Firewall default-allow-rdp does not expose port 22 (SSH) to the internet.", - "metadata": { - "event_code": "compute_firewall_ssh_access_from_the_internet_allowed", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "PASS", - "status_detail": "Firewall default-allow-rdp does not expose port 22 (SSH) to the internet.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.6" - ], - "SOC2": [ - "cc_6_6", - "cc_6_7" - ], - "ISO27001-2022": [ - "A.8.20" - ], - "ENS-RD2022": [ - "mp.com.1.gcp.fw.2" - ], - "PCI-4.0": [ - "1.2.5.17", - "1.2.8.16", - "1.2.8.17", - "1.2.8.21", - "1.2.8.25", - "1.2.8.40", - "1.2.8.41", - "1.3.1.18", - "1.3.1.19", - "1.3.1.24", - "1.3.2.15", - "1.3.2.18", - "1.3.2.19", - "1.3.2.24", - "1.3.2.45", - "1.4.2.17", - "1.4.2.18", - "1.4.2.19", - "1.4.2.22", - "1.4.2.24", - "1.5.1.16", - "1.5.1.17", - "1.5.1.21", - "1.5.1.40", - "10.3.2.12", - "2.2.5.17", - "3.5.1.3.14", - "A1.1.2.8", - "A1.1.3.16", - "A1.1.3.17", - "A1.1.3.21", - "A1.1.3.23", - "A1.1.3.40", - "A3.4.1.8" - ], - "MITRE-ATTACK": [ - "T1190", - "T1199", - "T1048", - "T1498", - "T1046" - ], - "CIS-2.0": [ - "3.6" - ], - "NIS2": [ - "1.1.1.c", - "1.2.1", - "2.1.2.e", - "2.1.2.g", - "2.2.1", - "2.3.1", - "6.7.2.b", - "6.7.2.i", - "11.1.1", - "11.6.2.a", - "11.7.2", - "12.2.2.c" - ], - "ProwlerThreatScore-1.0": [ - "2.1.4" - ], - "CIS-4.0": [ - "3.6" - ], - "CCC": [ - "CCC.Build.CN03.AR01", - "CCC.DataWar.CN03.AR01", - "CCC.GenAI.CN04.AR01", - "CCC.MLDE.CN03.AR01", - "CCC.MLDE.CN03.AR02", - "CCC.MLDE.CN04.AR02", - "CCC.MLDE.CN05.AR02", - "CCC.MLDE.CN07.AR01", - "CCC.MLDE.CN07.AR02", - "CCC.MLDE.CN08.AR01", - "CCC.MLDE.CN08.AR02", - "CCC.SvlsComp.CN01.AR01", - "CCC.Core.CN01.AR02", - "CCC.Core.CN01.AR03", - "CCC.Core.CN01.AR07", - "CCC.Core.CN03.AR02", - "CCC.Core.CN03.AR04", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900789, - "created_time_dt": "2025-10-19T19:06:29.756296", - "desc": "GCP `Firewall Rules` are specific to a `VPC Network`. Each rule either `allows` or `denies` traffic when its conditions are met. Its conditions allow the user to specify the type of traffic, such as ports and protocols, and the source or destination of the traffic, including IP addresses, subnets, and instances. Firewall rules are defined at the VPC network level and are specific to the network in which they are defined. The rules themselves cannot be shared among networks. Firewall rules only support IPv4 traffic. When specifying a source for an ingress rule or a destination for an egress rule by address, only an `IPv4` address or `IPv4 block in CIDR` notation can be used. Generic `(0.0.0.0/0)` incoming traffic from the internet to VPC or VM instance using `SSH` on `Port 22` can be avoided.", - "title": "Ensure That SSH Access Is Restricted From the Internet", - "types": [], - "uid": "prowler-gcp-compute_firewall_ssh_access_from_the_internet_allowed-nodal-time-474015-p5-global-default-allow-rdp" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "default-allow-rdp", - "id": "438688946219209863", - "source_ranges": [ - "0.0.0.0/0" - ], - "direction": "INGRESS", - "allowed_rules": [ - { - "IPProtocol": "tcp", - "ports": [ - "3389" - ] - } - ], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default-allow-rdp", - "type": "FirewallRule", - "uid": "438688946219209863" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "Check your Google Cloud Virtual Private Cloud (VPC) firewall rules for inbound rules that allow unrestricted access (i.e. 0.0.0.0/0) on TCP port 22 and restrict the access to trusted IP addresses or IP ranges only in order to implement the principle of least privilege and reduce the attack surface. TCP port 22 is used for secure remote login by connecting an SSH client application with an SSH server. It is strongly recommended to configure your Google Cloud VPC firewall rules to limit inbound traffic on TCP port 22 to known IP addresses only.", - "references": [ - "https://cloud.google.com/vpc/docs/using-firewalls" - ] - }, - "risk_details": "Exposing Secure Shell (SSH) port 22 to the Internet can increase opportunities for malicious activities such as hacking, Man-In-The-Middle attacks (MITM) and brute-force attacks.", - "time": 1760900789, - "time_dt": "2025-10-19T19:06:29.756296", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Firewall default-allow-ssh does exposes port 22 (SSH) to the internet.", - "metadata": { - "event_code": "compute_firewall_ssh_access_from_the_internet_allowed", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "FAIL", - "status_detail": "Firewall default-allow-ssh does exposes port 22 (SSH) to the internet.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.6" - ], - "SOC2": [ - "cc_6_6", - "cc_6_7" - ], - "ISO27001-2022": [ - "A.8.20" - ], - "ENS-RD2022": [ - "mp.com.1.gcp.fw.2" - ], - "PCI-4.0": [ - "1.2.5.17", - "1.2.8.16", - "1.2.8.17", - "1.2.8.21", - "1.2.8.25", - "1.2.8.40", - "1.2.8.41", - "1.3.1.18", - "1.3.1.19", - "1.3.1.24", - "1.3.2.15", - "1.3.2.18", - "1.3.2.19", - "1.3.2.24", - "1.3.2.45", - "1.4.2.17", - "1.4.2.18", - "1.4.2.19", - "1.4.2.22", - "1.4.2.24", - "1.5.1.16", - "1.5.1.17", - "1.5.1.21", - "1.5.1.40", - "10.3.2.12", - "2.2.5.17", - "3.5.1.3.14", - "A1.1.2.8", - "A1.1.3.16", - "A1.1.3.17", - "A1.1.3.21", - "A1.1.3.23", - "A1.1.3.40", - "A3.4.1.8" - ], - "MITRE-ATTACK": [ - "T1190", - "T1199", - "T1048", - "T1498", - "T1046" - ], - "CIS-2.0": [ - "3.6" - ], - "NIS2": [ - "1.1.1.c", - "1.2.1", - "2.1.2.e", - "2.1.2.g", - "2.2.1", - "2.3.1", - "6.7.2.b", - "6.7.2.i", - "11.1.1", - "11.6.2.a", - "11.7.2", - "12.2.2.c" - ], - "ProwlerThreatScore-1.0": [ - "2.1.4" - ], - "CIS-4.0": [ - "3.6" - ], - "CCC": [ - "CCC.Build.CN03.AR01", - "CCC.DataWar.CN03.AR01", - "CCC.GenAI.CN04.AR01", - "CCC.MLDE.CN03.AR01", - "CCC.MLDE.CN03.AR02", - "CCC.MLDE.CN04.AR02", - "CCC.MLDE.CN05.AR02", - "CCC.MLDE.CN07.AR01", - "CCC.MLDE.CN07.AR02", - "CCC.MLDE.CN08.AR01", - "CCC.MLDE.CN08.AR02", - "CCC.SvlsComp.CN01.AR01", - "CCC.Core.CN01.AR02", - "CCC.Core.CN01.AR03", - "CCC.Core.CN01.AR07", - "CCC.Core.CN03.AR02", - "CCC.Core.CN03.AR04", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900789, - "created_time_dt": "2025-10-19T19:06:29.756296", - "desc": "GCP `Firewall Rules` are specific to a `VPC Network`. Each rule either `allows` or `denies` traffic when its conditions are met. Its conditions allow the user to specify the type of traffic, such as ports and protocols, and the source or destination of the traffic, including IP addresses, subnets, and instances. Firewall rules are defined at the VPC network level and are specific to the network in which they are defined. The rules themselves cannot be shared among networks. Firewall rules only support IPv4 traffic. When specifying a source for an ingress rule or a destination for an egress rule by address, only an `IPv4` address or `IPv4 block in CIDR` notation can be used. Generic `(0.0.0.0/0)` incoming traffic from the internet to VPC or VM instance using `SSH` on `Port 22` can be avoided.", - "title": "Ensure That SSH Access Is Restricted From the Internet", - "types": [], - "uid": "prowler-gcp-compute_firewall_ssh_access_from_the_internet_allowed-nodal-time-474015-p5-global-default-allow-ssh" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "default-allow-ssh", - "id": "4612266095473677447", - "source_ranges": [ - "0.0.0.0/0" - ], - "direction": "INGRESS", - "allowed_rules": [ - { - "IPProtocol": "tcp", - "ports": [ - "22" - ] - } - ], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default-allow-ssh", - "type": "FirewallRule", - "uid": "4612266095473677447" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "Check your Google Cloud Virtual Private Cloud (VPC) firewall rules for inbound rules that allow unrestricted access (i.e. 0.0.0.0/0) on TCP port 22 and restrict the access to trusted IP addresses or IP ranges only in order to implement the principle of least privilege and reduce the attack surface. TCP port 22 is used for secure remote login by connecting an SSH client application with an SSH server. It is strongly recommended to configure your Google Cloud VPC firewall rules to limit inbound traffic on TCP port 22 to known IP addresses only.", - "references": [ - "https://cloud.google.com/vpc/docs/using-firewalls" - ] - }, - "risk_details": "Exposing Secure Shell (SSH) port 22 to the Internet can increase opportunities for malicious activities such as hacking, Man-In-The-Middle attacks (MITM) and brute-force attacks.", - "time": 1760900789, - "time_dt": "2025-10-19T19:06:29.756296", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Default network is in use in project nodal-time-474015-p5.", - "metadata": { - "event_code": "compute_network_default_in_use", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Default network is in use in project nodal-time-474015-p5.", - "status_id": 1, - "unmapped": { - "related_url": "https://www.trendmicro.com/cloudoneconformity/knowledge-base/gcp/CloudVPC/default-vpc-in-use.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.1" - ], - "ISO27001-2022": [ - "A.8.20" - ], - "ENS-RD2022": [ - "mp.com.3.r1.gcp.net.1", - "mp.com.4.gcp.vpc.1", - "mp.com.4.r1.gcp.net.1" - ], - "PCI-4.0": [ - "1.4.2.19" - ], - "MITRE-ATTACK": [ - "T1046" - ], - "CIS-2.0": [ - "3.1" - ], - "NIS2": [ - "1.1.1.c", - "1.2.1", - "2.1.2.e", - "2.1.2.g", - "2.2.1", - "2.3.1", - "5.1.2.a", - "6.2.1" - ], - "ProwlerThreatScore-1.0": [ - "2.1.1" - ], - "CIS-4.0": [ - "3.1" - ], - "CCC": [ - "CCC.MLDE.CN08.AR01", - "CCC.MLDE.CN08.AR02", - "CCC.VPC.CN01.AR01" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900789, - "created_time_dt": "2025-10-19T19:06:29.756296", - "desc": "Ensure that the default network does not exist", - "title": "Ensure that the default network does not exist", - "types": [], - "uid": "prowler-gcp-compute_network_default_in_use-nodal-time-474015-p5-global-default" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "1894544973933139113", - "subnet_mode": "auto", - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Network", - "uid": "default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "When an organization deletes the default network, it may need to migrate or service onto a new network.", - "references": [ - "https://cloud.google.com/vpc/docs/using-vpc" - ] - }, - "risk_details": "The default network has a preconfigured network configuration and automatically generates insecure firewall rules.", - "time": 1760900789, - "time_dt": "2025-10-19T19:06:29.756296", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Network default does not have DNS logging enabled.", - "metadata": { - "event_code": "compute_network_dns_logging_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Network default does not have DNS logging enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_6_6", - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.8.gcp.nt.1", - "mp.com.2.r2.gcp.scc.1", - "mp.com.3.r3.gcp.scc.1" - ], - "PCI-4.0": [ - "1.3.2.44", - "1.4.1.9", - "1.4.2.42", - "1.4.4.9", - "10.2.1.1.6", - "10.2.1.1.29", - "10.2.1.2.6", - "10.2.1.2.12", - "10.2.1.2.21", - "10.2.1.2.26", - "10.2.1.3.6", - "10.2.1.3.21", - "10.2.1.3.26", - "10.2.1.4.6", - "10.2.1.4.21", - "10.2.1.4.26", - "10.2.1.5.6", - "10.2.1.5.26", - "10.2.1.6.6", - "10.2.1.6.21", - "10.2.1.6.26", - "10.2.1.7.6", - "10.2.1.7.12", - "10.2.1.7.26", - "10.2.1.6", - "10.2.1.26", - "10.2.2.6", - "10.2.2.21", - "10.2.2.26", - "10.3.1.6", - "10.3.1.12", - "10.3.1.26", - "10.5.1.9", - "10.6.3.6", - "10.6.3.14", - "10.6.3.26", - "10.6.3.32", - "5.3.4.6", - "5.3.4.24", - "5.3.4.31", - "A1.2.1.6", - "A1.2.1.25", - "A1.2.1.30" - ], - "MITRE-ATTACK": [ - "T1046" - ], - "CIS-2.0": [ - "2.12" - ], - "NIS2": [ - "1.1.1.c", - "1.2.1", - "2.1.2.e", - "2.1.2.g", - "2.1.2.h", - "2.2.1", - "2.3.1", - "3.2.1", - "3.2.3.a", - "3.2.3.d", - "3.6.2", - "6.2.1", - "6.7.2.i", - "6.7.2.l", - "7.2.b", - "9.2.a", - "11.1.1", - "11.5.2.d", - "12.2.2.c" - ], - "CCC": [ - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900789, - "created_time_dt": "2025-10-19T19:06:29.756296", - "desc": "Ensure that Cloud DNS logging is enabled for all your Virtual Private Cloud (VPC) networks using DNS server policies. Cloud DNS logging records queries that the name servers resolve for your Google Cloud VPC networks, as well as queries from external entities directly to a public DNS zone. Recorded queries can come from virtual machine (VM) instances, GKE containers running in the same VPC network, peering zones, or other Google Cloud resources provisioned within your VPC.", - "title": "Enable Cloud DNS Logging for VPC Networks", - "types": [], - "uid": "prowler-gcp-compute_network_dns_logging_enabled-nodal-time-474015-p5-global-default" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "1894544973933139113", - "subnet_mode": "auto", - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Network", - "uid": "1894544973933139113" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "Cloud DNS logging records the queries from the name servers within your VPC to Stackdriver. Logged queries can come from Compute Engine VMs, GKE containers, or other GCP resources provisioned within the VPC.", - "references": [ - "https://cloud.google.com/dns/docs/monitoring" - ] - }, - "risk_details": "Cloud DNS logging is disabled by default on each Google Cloud VPC network. By enabling monitoring of Cloud DNS logs, you can increase visibility into the DNS names requested by the clients within your VPC network. Cloud DNS logs can be monitored for anomalous domain names and evaluated against threat intelligence.", - "time": 1760900789, - "time_dt": "2025-10-19T19:06:29.756296", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Network simple-workbench does not have DNS logging enabled.", - "metadata": { - "event_code": "compute_network_dns_logging_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Network simple-workbench does not have DNS logging enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_6_6", - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.8.gcp.nt.1", - "mp.com.2.r2.gcp.scc.1", - "mp.com.3.r3.gcp.scc.1" - ], - "PCI-4.0": [ - "1.3.2.44", - "1.4.1.9", - "1.4.2.42", - "1.4.4.9", - "10.2.1.1.6", - "10.2.1.1.29", - "10.2.1.2.6", - "10.2.1.2.12", - "10.2.1.2.21", - "10.2.1.2.26", - "10.2.1.3.6", - "10.2.1.3.21", - "10.2.1.3.26", - "10.2.1.4.6", - "10.2.1.4.21", - "10.2.1.4.26", - "10.2.1.5.6", - "10.2.1.5.26", - "10.2.1.6.6", - "10.2.1.6.21", - "10.2.1.6.26", - "10.2.1.7.6", - "10.2.1.7.12", - "10.2.1.7.26", - "10.2.1.6", - "10.2.1.26", - "10.2.2.6", - "10.2.2.21", - "10.2.2.26", - "10.3.1.6", - "10.3.1.12", - "10.3.1.26", - "10.5.1.9", - "10.6.3.6", - "10.6.3.14", - "10.6.3.26", - "10.6.3.32", - "5.3.4.6", - "5.3.4.24", - "5.3.4.31", - "A1.2.1.6", - "A1.2.1.25", - "A1.2.1.30" - ], - "MITRE-ATTACK": [ - "T1046" - ], - "CIS-2.0": [ - "2.12" - ], - "NIS2": [ - "1.1.1.c", - "1.2.1", - "2.1.2.e", - "2.1.2.g", - "2.1.2.h", - "2.2.1", - "2.3.1", - "3.2.1", - "3.2.3.a", - "3.2.3.d", - "3.6.2", - "6.2.1", - "6.7.2.i", - "6.7.2.l", - "7.2.b", - "9.2.a", - "11.1.1", - "11.5.2.d", - "12.2.2.c" - ], - "CCC": [ - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900789, - "created_time_dt": "2025-10-19T19:06:29.756296", - "desc": "Ensure that Cloud DNS logging is enabled for all your Virtual Private Cloud (VPC) networks using DNS server policies. Cloud DNS logging records queries that the name servers resolve for your Google Cloud VPC networks, as well as queries from external entities directly to a public DNS zone. Recorded queries can come from virtual machine (VM) instances, GKE containers running in the same VPC network, peering zones, or other Google Cloud resources provisioned within your VPC.", - "title": "Enable Cloud DNS Logging for VPC Networks", - "types": [], - "uid": "prowler-gcp-compute_network_dns_logging_enabled-nodal-time-474015-p5-global-simple-workbench" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "simple-workbench", - "id": "6879006949331747071", - "subnet_mode": "custom", - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "simple-workbench", - "type": "Network", - "uid": "6879006949331747071" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "Cloud DNS logging records the queries from the name servers within your VPC to Stackdriver. Logged queries can come from Compute Engine VMs, GKE containers, or other GCP resources provisioned within the VPC.", - "references": [ - "https://cloud.google.com/dns/docs/monitoring" - ] - }, - "risk_details": "Cloud DNS logging is disabled by default on each Google Cloud VPC network. By enabling monitoring of Cloud DNS logs, you can increase visibility into the DNS names requested by the clients within your VPC network. Cloud DNS logs can be monitored for anomalous domain names and evaluated against threat intelligence.", - "time": 1760900789, - "time_dt": "2025-10-19T19:06:29.756296", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Network default is not legacy.", - "metadata": { - "event_code": "compute_network_not_legacy", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Network default is not legacy.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.2" - ], - "ISO27001-2022": [ - "A.8.20" - ], - "MITRE-ATTACK": [ - "T1498", - "T1046" - ], - "CIS-2.0": [ - "3.2" - ], - "NIS2": [ - "1.1.1.c", - "1.2.1", - "2.1.2.e", - "2.1.2.g", - "2.2.1", - "2.3.1", - "6.2.1", - "11.1.1" - ], - "ProwlerThreatScore-1.0": [ - "2.1.2" - ], - "CIS-4.0": [ - "3.2" - ], - "CCC": [ - "CCC.MLDE.CN08.AR01", - "CCC.MLDE.CN08.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900789, - "created_time_dt": "2025-10-19T19:06:29.756296", - "desc": "In order to prevent use of legacy networks, a project should not have a legacy network configured. As of now, Legacy Networks are gradually being phased out, and you can no longer create projects with them. This recommendation is to check older projects to ensure that they are not using Legacy Networks.", - "title": "Ensure Legacy Networks Do Not Exist", - "types": [], - "uid": "prowler-gcp-compute_network_not_legacy-nodal-time-474015-p5-global-default" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "1894544973933139113", - "subnet_mode": "auto", - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Network", - "uid": "1894544973933139113" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "Ensure that your Google Cloud Platform (GCP) projects are not using legacy networks as this type of network is no longer recommended for production environments because it does not support advanced networking features. Instead, it is strongly recommended to use Virtual Private Cloud (VPC) networks for existing and future GCP projects.", - "references": [ - "https://cloud.google.com/vpc/docs/using-legacy#deleting_a_legacy_network" - ] - }, - "risk_details": "Google Cloud legacy networks have a single global IPv4 range which cannot be divided into subnets, and a single gateway IP address for the whole network. Legacy networks do not support several Google Cloud networking features such as subnets, alias IP ranges, multiple network interfaces, Cloud NAT (Network Address Translation), Virtual Private Cloud (VPC) Peering, and private access options for GCP services. Legacy networks are not recommended for high network traffic projects and are subject to a single point of contention or failure.", - "time": 1760900789, - "time_dt": "2025-10-19T19:06:29.756296", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Network simple-workbench is not legacy.", - "metadata": { - "event_code": "compute_network_not_legacy", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Network simple-workbench is not legacy.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.2" - ], - "ISO27001-2022": [ - "A.8.20" - ], - "MITRE-ATTACK": [ - "T1498", - "T1046" - ], - "CIS-2.0": [ - "3.2" - ], - "NIS2": [ - "1.1.1.c", - "1.2.1", - "2.1.2.e", - "2.1.2.g", - "2.2.1", - "2.3.1", - "6.2.1", - "11.1.1" - ], - "ProwlerThreatScore-1.0": [ - "2.1.2" - ], - "CIS-4.0": [ - "3.2" - ], - "CCC": [ - "CCC.MLDE.CN08.AR01", - "CCC.MLDE.CN08.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900789, - "created_time_dt": "2025-10-19T19:06:29.756296", - "desc": "In order to prevent use of legacy networks, a project should not have a legacy network configured. As of now, Legacy Networks are gradually being phased out, and you can no longer create projects with them. This recommendation is to check older projects to ensure that they are not using Legacy Networks.", - "title": "Ensure Legacy Networks Do Not Exist", - "types": [], - "uid": "prowler-gcp-compute_network_not_legacy-nodal-time-474015-p5-global-simple-workbench" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "simple-workbench", - "id": "6879006949331747071", - "subnet_mode": "custom", - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "simple-workbench", - "type": "Network", - "uid": "6879006949331747071" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "Ensure that your Google Cloud Platform (GCP) projects are not using legacy networks as this type of network is no longer recommended for production environments because it does not support advanced networking features. Instead, it is strongly recommended to use Virtual Private Cloud (VPC) networks for existing and future GCP projects.", - "references": [ - "https://cloud.google.com/vpc/docs/using-legacy#deleting_a_legacy_network" - ] - }, - "risk_details": "Google Cloud legacy networks have a single global IPv4 range which cannot be divided into subnets, and a single gateway IP address for the whole network. Legacy networks do not support several Google Cloud networking features such as subnets, alias IP ranges, multiple network interfaces, Cloud NAT (Network Address Translation), Virtual Private Cloud (VPC) Peering, and private access options for GCP services. Legacy networks are not recommended for high network traffic projects and are subject to a single point of contention or failure.", - "time": 1760900789, - "time_dt": "2025-10-19T19:06:29.756296", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Project nodal-time-474015-p5 does not have OS Login enabled.", - "metadata": { - "event_code": "compute_project_os_login_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "Project nodal-time-474015-p5 does not have OS Login enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "4.4" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16" - ], - "ENS-RD2022": [ - "op.ext.3.gcp.log.1" - ], - "CIS-2.0": [ - "4.4" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.2.3.d", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "CIS-4.0": [ - "4.4" - ], - "CCC": [ - "CCC.MLDE.CN03.AR01", - "CCC.MLDE.CN03.AR02", - "CCC.Core.CN03.AR04", - "CCC.Core.CN05.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900789, - "created_time_dt": "2025-10-19T19:06:29.756296", - "desc": "Ensure that the OS Login feature is enabled at the Google Cloud Platform (GCP) project level in order to provide you with centralized and automated SSH key pair management.", - "title": "Ensure Os Login Is Enabled for a Project", - "types": [], - "uid": "prowler-gcp-compute_project_os_login_enabled-nodal-time-474015-p5-global-My First Project" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "number": 784623368087, - "id": "nodal-time-474015-p5", - "name": "My First Project", - "organization": null, - "labels": {}, - "lifecycle_state": "ACTIVE" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "My First Project", - "type": "GCPProject", - "uid": "nodal-time-474015-p5" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "Ensure that the OS Login feature is enabled at the Google Cloud Platform (GCP) project level in order to provide you with centralized and automated SSH key pair management.", - "references": [ - "https://cloud.google.com/compute/confidential-vm/docs/creating-cvm-instance:https://cloud.google.com/compute/confidential-vm/docs/about-cvm:https://cloud.google.com/confidential-computing:https://cloud.google.com/blog/products/identity-security/introducing-google-cloud-confidential-computing-with-confidential-vms" - ] - }, - "risk_details": "Enabling OS Login feature ensures that the SSH keys used to connect to VM instances are mapped with Google Cloud IAM users. Revoking access to corresponding IAM users will revoke all the SSH keys associated with these users, therefore it facilitates centralized SSH key pair management, which is extremely useful in handling compromised or stolen SSH key pairs and/or revocation of external/third-party/vendor users.", - "time": 1760900789, - "time_dt": "2025-10-19T19:06:29.756296", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900789, - "created_time_dt": "2025-10-19T19:06:29.756296", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-us-east1-default" - }, - "resources": [ - { - "region": "us-east1", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "355354730862040226", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "us-east1" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "355354730862040226" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-east1" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760900789, - "time_dt": "2025-10-19T19:06:29.756296", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900789, - "created_time_dt": "2025-10-19T19:06:29.756296", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-us-west1-default" - }, - "resources": [ - { - "region": "us-west1", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "8333568044404659362", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "us-west1" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "8333568044404659362" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-west1" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760900789, - "time_dt": "2025-10-19T19:06:29.756296", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900789, - "created_time_dt": "2025-10-19T19:06:29.756296", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-europe-southwest1-default" - }, - "resources": [ - { - "region": "europe-southwest1", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "1089352323782235298", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "europe-southwest1" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "1089352323782235298" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "europe-southwest1" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760900789, - "time_dt": "2025-10-19T19:06:29.756296", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900789, - "created_time_dt": "2025-10-19T19:06:29.756296", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-us-west2-default" - }, - "resources": [ - { - "region": "us-west2", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "24288970830075042", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "us-west2" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "24288970830075042" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-west2" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760900789, - "time_dt": "2025-10-19T19:06:29.756296", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900789, - "created_time_dt": "2025-10-19T19:06:29.756296", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-us-east4-default" - }, - "resources": [ - { - "region": "us-east4", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "2543292856211690658", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "us-east4" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "2543292856211690658" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-east4" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760900789, - "time_dt": "2025-10-19T19:06:29.756296", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900789, - "created_time_dt": "2025-10-19T19:06:29.756296", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-us-south1-default" - }, - "resources": [ - { - "region": "us-south1", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "1314274851926135970", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "us-south1" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "1314274851926135970" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-south1" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760900789, - "time_dt": "2025-10-19T19:06:29.756296", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900789, - "created_time_dt": "2025-10-19T19:06:29.756296", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-europe-west10-default" - }, - "resources": [ - { - "region": "europe-west10", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "4896835085019993250", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "europe-west10" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "4896835085019993250" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "europe-west10" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760900789, - "time_dt": "2025-10-19T19:06:29.756296", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900789, - "created_time_dt": "2025-10-19T19:06:29.756296", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-asia-east1-default" - }, - "resources": [ - { - "region": "asia-east1", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "5813254284192076962", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "asia-east1" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "5813254284192076962" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "asia-east1" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760900789, - "time_dt": "2025-10-19T19:06:29.756296", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900789, - "created_time_dt": "2025-10-19T19:06:29.756296", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-australia-southeast2-default" - }, - "resources": [ - { - "region": "australia-southeast2", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "4285468416242439330", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "australia-southeast2" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "4285468416242439330" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "australia-southeast2" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760900789, - "time_dt": "2025-10-19T19:06:29.756296", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900789, - "created_time_dt": "2025-10-19T19:06:29.756296", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-europe-west3-default" - }, - "resources": [ - { - "region": "europe-west3", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "5772105379350140066", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "europe-west3" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "5772105379350140066" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "europe-west3" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760900789, - "time_dt": "2025-10-19T19:06:29.756296", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900789, - "created_time_dt": "2025-10-19T19:06:29.756296", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-us-west3-default" - }, - "resources": [ - { - "region": "us-west3", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "5329755272922092706", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "us-west3" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "5329755272922092706" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-west3" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760900789, - "time_dt": "2025-10-19T19:06:29.756296", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900789, - "created_time_dt": "2025-10-19T19:06:29.756296", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-northamerica-south1-default" - }, - "resources": [ - { - "region": "northamerica-south1", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "7144258258311140514", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "northamerica-south1" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "7144258258311140514" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "northamerica-south1" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760900789, - "time_dt": "2025-10-19T19:06:29.756296", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900789, - "created_time_dt": "2025-10-19T19:06:29.756296", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-asia-south1-default" - }, - "resources": [ - { - "region": "asia-south1", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "7023929475293861026", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "asia-south1" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "7023929475293861026" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "asia-south1" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760900789, - "time_dt": "2025-10-19T19:06:29.756296", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900789, - "created_time_dt": "2025-10-19T19:06:29.756296", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-southamerica-west1-default" - }, - "resources": [ - { - "region": "southamerica-west1", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "608650311179523233", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "southamerica-west1" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "608650311179523233" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "southamerica-west1" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760900789, - "time_dt": "2025-10-19T19:06:29.756296", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900789, - "created_time_dt": "2025-10-19T19:06:29.756296", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-us-central1-default" - }, - "resources": [ - { - "region": "us-central1", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "7706237583483294882", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "us-central1" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "7706237583483294882" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-central1" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760900789, - "time_dt": "2025-10-19T19:06:29.756296", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet simple-subnet-01 in network simple-workbench does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet simple-subnet-01 in network simple-workbench does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900789, - "created_time_dt": "2025-10-19T19:06:29.756296", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-us-central1-simple-subnet-01" - }, - "resources": [ - { - "region": "us-central1", - "data": { - "details": "", - "metadata": { - "name": "simple-subnet-01", - "id": "8482275995630223604", - "network": "simple-workbench", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "us-central1" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "simple-subnet-01", - "type": "Subnet", - "uid": "8482275995630223604" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-central1" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760900789, - "time_dt": "2025-10-19T19:06:29.756296", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900789, - "created_time_dt": "2025-10-19T19:06:29.756296", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-northamerica-northeast2-default" - }, - "resources": [ - { - "region": "northamerica-northeast2", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "483380030849242274", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "northamerica-northeast2" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "483380030849242274" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "northamerica-northeast2" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760900789, - "time_dt": "2025-10-19T19:06:29.756296", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900789, - "created_time_dt": "2025-10-19T19:06:29.756296", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-europe-west9-default" - }, - "resources": [ - { - "region": "europe-west9", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "1074046580757714082", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "europe-west9" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "1074046580757714082" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "europe-west9" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760900789, - "time_dt": "2025-10-19T19:06:29.756296", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900789, - "created_time_dt": "2025-10-19T19:06:29.756296", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-europe-central2-default" - }, - "resources": [ - { - "region": "europe-central2", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "4980955262212461730", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "europe-central2" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "4980955262212461730" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "europe-central2" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760900789, - "time_dt": "2025-10-19T19:06:29.756296", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900789, - "created_time_dt": "2025-10-19T19:06:29.756296", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-us-east5-default" - }, - "resources": [ - { - "region": "us-east5", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "1401430415650673826", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "us-east5" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "1401430415650673826" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-east5" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760900789, - "time_dt": "2025-10-19T19:06:29.756296", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900789, - "created_time_dt": "2025-10-19T19:06:29.756296", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-asia-east2-default" - }, - "resources": [ - { - "region": "asia-east2", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "6078557433428006050", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "asia-east2" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "6078557433428006050" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "asia-east2" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760900789, - "time_dt": "2025-10-19T19:06:29.756296", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900789, - "created_time_dt": "2025-10-19T19:06:29.756296", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-southamerica-east1-default" - }, - "resources": [ - { - "region": "southamerica-east1", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "5608727104037934242", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "southamerica-east1" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "5608727104037934242" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "southamerica-east1" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760900789, - "time_dt": "2025-10-19T19:06:29.756296", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900789, - "created_time_dt": "2025-10-19T19:06:29.756296", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-northamerica-northeast1-default" - }, - "resources": [ - { - "region": "northamerica-northeast1", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "3188169212019954850", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "northamerica-northeast1" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "3188169212019954850" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "northamerica-northeast1" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760900789, - "time_dt": "2025-10-19T19:06:29.756296", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900789, - "created_time_dt": "2025-10-19T19:06:29.756296", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-europe-west6-default" - }, - "resources": [ - { - "region": "europe-west6", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "3716081487960429730", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "europe-west6" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "3716081487960429730" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "europe-west6" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760900789, - "time_dt": "2025-10-19T19:06:29.756296", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900789, - "created_time_dt": "2025-10-19T19:06:29.756296", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-europe-north2-default" - }, - "resources": [ - { - "region": "europe-north2", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "1953758124674995362", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "europe-north2" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "1953758124674995362" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "europe-north2" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760900789, - "time_dt": "2025-10-19T19:06:29.756296", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900789, - "created_time_dt": "2025-10-19T19:06:29.756296", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-europe-west8-default" - }, - "resources": [ - { - "region": "europe-west8", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "8540268486600512674", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "europe-west8" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "8540268486600512674" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "europe-west8" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760900789, - "time_dt": "2025-10-19T19:06:29.756296", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900789, - "created_time_dt": "2025-10-19T19:06:29.756296", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-europe-west4-default" - }, - "resources": [ - { - "region": "europe-west4", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "5555571983192249506", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "europe-west4" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "5555571983192249506" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "europe-west4" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760900789, - "time_dt": "2025-10-19T19:06:29.756296", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900789, - "created_time_dt": "2025-10-19T19:06:29.756296", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-europe-west1-default" - }, - "resources": [ - { - "region": "europe-west1", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "3398545940062753954", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "europe-west1" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "3398545940062753954" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "europe-west1" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760900789, - "time_dt": "2025-10-19T19:06:29.756296", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900789, - "created_time_dt": "2025-10-19T19:06:29.756296", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-europe-north1-default" - }, - "resources": [ - { - "region": "europe-north1", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "6168370688555570338", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "europe-north1" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "6168370688555570338" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "europe-north1" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760900789, - "time_dt": "2025-10-19T19:06:29.756296", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900789, - "created_time_dt": "2025-10-19T19:06:29.756296", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-asia-southeast1-default" - }, - "resources": [ - { - "region": "asia-southeast1", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "4056355735184430242", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "asia-southeast1" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "4056355735184430242" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "asia-southeast1" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760900789, - "time_dt": "2025-10-19T19:06:29.756296", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900789, - "created_time_dt": "2025-10-19T19:06:29.756296", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-asia-northeast2-default" - }, - "resources": [ - { - "region": "asia-northeast2", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "508768411464586402", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "asia-northeast2" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "508768411464586402" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "asia-northeast2" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760900789, - "time_dt": "2025-10-19T19:06:29.756296", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900789, - "created_time_dt": "2025-10-19T19:06:29.756296", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-australia-southeast1-default" - }, - "resources": [ - { - "region": "australia-southeast1", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "5526634061214864546", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "australia-southeast1" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "5526634061214864546" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "australia-southeast1" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760900789, - "time_dt": "2025-10-19T19:06:29.756296", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900789, - "created_time_dt": "2025-10-19T19:06:29.756296", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-us-west4-default" - }, - "resources": [ - { - "region": "us-west4", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "7215612770497680546", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "us-west4" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "7215612770497680546" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-west4" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760900789, - "time_dt": "2025-10-19T19:06:29.756296", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900789, - "created_time_dt": "2025-10-19T19:06:29.756296", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-europe-west2-default" - }, - "resources": [ - { - "region": "europe-west2", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "1891634321841280162", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "europe-west2" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "1891634321841280162" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "europe-west2" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760900789, - "time_dt": "2025-10-19T19:06:29.756296", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900789, - "created_time_dt": "2025-10-19T19:06:29.756296", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-me-west1-default" - }, - "resources": [ - { - "region": "me-west1", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "5036744520860521634", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "me-west1" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "5036744520860521634" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "me-west1" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760900789, - "time_dt": "2025-10-19T19:06:29.756296", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900789, - "created_time_dt": "2025-10-19T19:06:29.756296", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-europe-west12-default" - }, - "resources": [ - { - "region": "europe-west12", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "5525328356797142178", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "europe-west12" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "5525328356797142178" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "europe-west12" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760900789, - "time_dt": "2025-10-19T19:06:29.756296", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900789, - "created_time_dt": "2025-10-19T19:06:29.756296", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-asia-southeast2-default" - }, - "resources": [ - { - "region": "asia-southeast2", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "1491739310004196514", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "asia-southeast2" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "1491739310004196514" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "asia-southeast2" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760900789, - "time_dt": "2025-10-19T19:06:29.756296", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900789, - "created_time_dt": "2025-10-19T19:06:29.756296", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-asia-northeast1-default" - }, - "resources": [ - { - "region": "asia-northeast1", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "7315669883403457698", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "asia-northeast1" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "7315669883403457698" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "asia-northeast1" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760900789, - "time_dt": "2025-10-19T19:06:29.756296", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900789, - "created_time_dt": "2025-10-19T19:06:29.756296", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-me-central1-default" - }, - "resources": [ - { - "region": "me-central1", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "8693862684678509730", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "me-central1" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "8693862684678509730" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "me-central1" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760900789, - "time_dt": "2025-10-19T19:06:29.756296", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900789, - "created_time_dt": "2025-10-19T19:06:29.756296", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-asia-northeast3-default" - }, - "resources": [ - { - "region": "asia-northeast3", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "9096168126651389090", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "asia-northeast3" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "9096168126651389090" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "asia-northeast3" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760900789, - "time_dt": "2025-10-19T19:06:29.756296", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900789, - "created_time_dt": "2025-10-19T19:06:29.756296", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-africa-south1-default" - }, - "resources": [ - { - "region": "africa-south1", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "3728776852941657249", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "africa-south1" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "3728776852941657249" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "africa-south1" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760900789, - "time_dt": "2025-10-19T19:06:29.756296", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900789, - "created_time_dt": "2025-10-19T19:06:29.756296", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-asia-south2-default" - }, - "resources": [ - { - "region": "asia-south2", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "3652760235359687842", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "asia-south2" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "3652760235359687842" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "asia-south2" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760900789, - "time_dt": "2025-10-19T19:06:29.756296", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "GCR Container Scanning is not enabled in project nodal-time-474015-p5.", - "metadata": { - "event_code": "gcr_container_scanning_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "GCR Container Scanning is not enabled in project nodal-time-474015-p5.", - "status_id": 1, - "unmapped": { - "related_url": "https://cloud.google.com/container-registry/docs/container-analysis", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "By default, GCR Container Scanning is disabled.", - "compliance": { - "SOC2": [ - "cc_3_1", - "cc_3_2" - ], - "ENS-RD2022": [ - "op.mon.1.r1.gcp.scc.1", - "op.mon.1.r2.gcp.scc.1", - "op.mon.3.gcp.scc.1" - ], - "PCI-4.0": [ - "11.3.1.2.1", - "11.3.1.3.3", - "11.3.1.3" - ], - "NIS2": [ - "2.2.1", - "5.1.4.f", - "5.1.7.d", - "6.6.1.a", - "6.9.2" - ], - "CCC": [ - "CCC.CntrReg.CN01.AR01", - "CCC.GenAI.CN04.AR01", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.MLDE.CN05.AR01", - "CCC.MLDE.CN05.AR02", - "CCC.MLDE.CN06.AR01" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900789, - "created_time_dt": "2025-10-19T19:06:29.756296", - "desc": "Scan images stored in Google Container Registry (GCR) for vulnerabilities using GCR Container Scanning or a third-party provider. This helps identify and mitigate security risks associated with known vulnerabilities in container images.", - "title": "Ensure Image Vulnerability Scanning using GCR Container Scanning or a third-party provider", - "types": [ - "Security", - "Configuration" - ], - "uid": "prowler-gcp-gcr_container_scanning_enabled-nodal-time-474015-p5-global-GCR Container Scanning" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "number": 784623368087, - "id": "nodal-time-474015-p5", - "name": "My First Project", - "organization": null, - "labels": {}, - "lifecycle_state": "ACTIVE" - } - }, - "group": { - "name": "gcr" - }, - "labels": [], - "name": "GCR Container Scanning", - "type": "Service", - "uid": "containerscanning.googleapis.com" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "Enable vulnerability scanning for images stored in GCR using GCR Container Scanning or a third-party provider.", - "references": [ - "https://cloud.google.com/container-registry/docs/container-best-practices" - ] - }, - "risk_details": "Without image vulnerability scanning, container images stored in GCR may contain known vulnerabilities, increasing the risk of exploitation by malicious actors.", - "time": 1760900789, - "time_dt": "2025-10-19T19:06:29.756296", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Audit Logs are not enabled for project nodal-time-474015-p5.", - "metadata": { - "event_code": "iam_audit_logs_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Audit Logs are not enabled for project nodal-time-474015-p5.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "2.1" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16" - ], - "ENS-RD2022": [ - "opc.acc.1.r1.gcp.iam.2", - "op.acc.6.r5.gcp.cl.1", - "op.acc.6.r9.gcp.api.1" - ], - "PCI-4.0": [ - "1.5.1.31", - "10.2.1.1.7", - "10.2.1.1.10", - "10.2.1.1.20", - "10.2.1.1.25", - "10.2.1.1.36", - "10.2.1.2.1", - "10.2.1.2.7", - "10.2.1.2.8", - "10.2.1.2.19", - "10.2.1.2.24", - "10.2.1.3.7", - "10.2.1.3.8", - "10.2.1.3.11", - "10.2.1.3.17", - "10.2.1.3.19", - "10.2.1.4.1", - "10.2.1.4.7", - "10.2.1.4.8", - "10.2.1.4.19", - "10.2.1.4.24", - "10.2.1.5.1", - "10.2.1.5.7", - "10.2.1.5.19", - "10.2.1.5.24", - "10.2.1.6.7", - "10.2.1.6.8", - "10.2.1.6.24", - "10.2.1.7.7", - "10.2.1.7.8", - "10.2.1.7.19", - "10.2.1.7.24", - "10.2.1.1", - "10.2.1.7", - "10.2.1.8", - "10.2.1.11", - "10.2.1.17", - "10.2.1.18", - "10.2.1.19", - "10.2.1.24", - "10.2.1.30", - "10.2.2.1", - "10.2.2.7", - "10.2.2.8", - "10.2.2.18", - "10.2.2.24", - "10.3.1.7", - "10.3.1.8", - "10.3.1.24", - "10.3.2.2", - "10.3.2.5", - "10.3.3.4", - "10.3.3.7", - "10.3.4.3", - "10.3.4.6", - "10.4.1.1.3", - "10.5.1.3", - "10.6.3.7", - "10.6.3.10", - "10.6.3.22", - "10.6.3.24", - "10.6.3.41", - "11.5.2.4", - "11.6.1.4", - "12.10.5.4", - "5.3.4.7", - "5.3.4.8", - "5.3.4.9", - "5.3.4.20", - "5.3.4.21", - "5.3.4.22", - "7.2.1.15", - "7.2.2.15", - "7.2.5.11", - "7.3.1.11", - "7.3.2.11", - "7.3.3.11", - "8.2.8.13", - "A1.2.1.1", - "A1.2.1.7", - "A1.2.1.8", - "A1.2.1.10", - "A1.2.1.12", - "A1.2.1.28", - "A3.3.1.6", - "A3.5.1.6" - ], - "CIS-2.0": [ - "2.1" - ], - "NIS2": [ - "3.1.3", - "3.2.1", - "3.2.3.c", - "3.2.3.d", - "3.2.3.e", - "3.6.2", - "7.2.b", - "11.2.2.e", - "11.2.2.f", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "1.3.3" - ], - "CIS-4.0": [ - "2.1" - ], - "CCC": [ - "CCC.AuditLog.CN01.AR01", - "CCC.AuditLog.CN01.AR02", - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.AuditLog.CN07.AR01", - "CCC.DataWar.CN03.AR01", - "CCC.GenAI.CN03.AR01", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.LB.CN04.AR01", - "CCC.LB.CN05.AR01", - "CCC.LB.CN09.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.MLDE.CN01.AR01", - "CCC.MLDE.CN03.AR02", - "CCC.Monitor.CN01.AR01", - "CCC.Monitor.CN02.AR01", - "CCC.Vector.CN05.AR01", - "CCC.Core.CN09.AR01", - "CCC.Core.CN09.AR02", - "CCC.Core.CN03.AR04", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR02", - "CCC.Core.CN04.AR03", - "CCC.Core.CN07.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900789, - "created_time_dt": "2025-10-19T19:06:29.756296", - "desc": "Ensure that Google Cloud Audit Logs feature is configured to track Data Access logs for all Google Cloud Platform (GCP) services and users, in order to enhance overall access security and meet compliance requirements. Once configured, the feature can record all admin related activities, as well as all the read and write access requests to user data.", - "title": "Configure Google Cloud Audit Logs to Track All Activities", - "types": [], - "uid": "prowler-gcp-iam_audit_logs_enabled-nodal-time-474015-p5-global-My First Project" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "number": 784623368087, - "id": "nodal-time-474015-p5", - "name": "My First Project", - "organization": null, - "labels": {}, - "lifecycle_state": "ACTIVE" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "My First Project", - "type": "GCPProject", - "uid": "nodal-time-474015-p5" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended that Cloud Audit Logging is configured to track all admin activities and read, write access to user data.", - "references": [ - "https://cloud.google.com/logging/docs/audit/" - ] - }, - "risk_details": "In order to maintain an effective Google Cloud audit configuration for your project, folder, and organization, all 3 types of Data Access logs (ADMIN_READ, DATA_READ and DATA_WRITE) must be enabled for all supported GCP services. Also, Data Access logs should be captured for all IAM users, without exempting any of them. Exemptions let you control which users generate audit logs. When you add an exempted user to your log configuration, audit logs are not created for that user, for the selected log type(s). Data Access audit logs are disabled by default and must be explicitly enabled based on your business requirements.", - "time": 1760900789, - "time_dt": "2025-10-19T19:06:29.756296", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Cloud Asset Inventory is enabled in project nodal-time-474015-p5.", - "metadata": { - "event_code": "iam_cloud_asset_inventory_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Cloud Asset Inventory is enabled in project nodal-time-474015-p5.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "2.13" - ], - "SOC2": [ - "cc_1_3", - "cc_3_4", - "cc_4_2", - "cc_6_8", - "cc_7_1", - "cc_7_3", - "cc_8_1" - ], - "ISO27001-2022": [ - "A.5.1", - "A.5.19", - "A.5.21", - "A.5.25", - "A.5.28", - "A.5.29", - "A.8.7", - "A.8.9" - ], - "ENS-RD2022": [ - "op.exp.1.gcp.scc.1", - "op.exp.1.r2.gcp.cai.1", - "op.exp.1.r3.gcp.cai.1" - ], - "MITRE-ATTACK": [ - "T1098", - "T1580" - ], - "CIS-2.0": [ - "2.13" - ], - "NIS2": [ - "3.1.3" - ], - "ProwlerThreatScore-1.0": [ - "3.3.1" - ], - "CIS-4.0": [ - "2.13" - ], - "CCC": [ - "CCC.GenAI.CN03.AR01", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.Core.CN05.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900789, - "created_time_dt": "2025-10-19T19:06:29.756296", - "desc": "GCP Cloud Asset Inventory is services that provides a historical view of GCP resources and IAM policies through a time-series database. The information recorded includes metadata on Google Cloud resources, metadata on policies set on Google Cloud projects or resources, and runtime information gathered within a Google Cloud resource.", - "title": "Ensure Cloud Asset Inventory Is Enabled", - "types": [], - "uid": "prowler-gcp-iam_cloud_asset_inventory_enabled-nodal-time-474015-p5-global-Cloud Asset Inventory" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "number": 784623368087, - "id": "nodal-time-474015-p5", - "name": "My First Project", - "organization": null, - "labels": {}, - "lifecycle_state": "ACTIVE" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "Cloud Asset Inventory", - "type": "Service", - "uid": "cloudasset.googleapis.com" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "Ensure that Cloud Asset Inventory is enabled for all your GCP projects in order to efficiently manage the history and the inventory of your cloud resources. Google Cloud Asset Inventory is a fully managed metadata inventory service that allows you to view, monitor, analyze, and gain insights for your Google Cloud and Anthos assets. Cloud Asset Inventory is disabled by default in each GCP project.", - "references": [ - "https://cloud.google.com/asset-inventory/docs" - ] - }, - "risk_details": "Gaining insight into Google Cloud resources and policies is vital for tasks such as DevOps, security analytics, multi-cluster and fleet management, auditing, and governance. With Cloud Asset Inventory you can discover, monitor, and analyze all GCP assets in one place, achieving a better understanding of all your cloud assets across projects and services.", - "time": 1760900789, - "time_dt": "2025-10-19T19:06:29.756296", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No IAM Users assigned to service roles at project level nodal-time-474015-p5.", - "metadata": { - "event_code": "iam_no_service_roles_at_project_level", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "No IAM Users assigned to service roles at project level nodal-time-474015-p5.", - "status_id": 1, - "unmapped": { - "related_url": "https://www.trendmicro.com/cloudoneconformity/knowledge-base/gcp/CloudIAM/check-for-iam-users-with-service-roles.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.6" - ], - "SOC2": [ - "cc_1_3" - ], - "ISO27001-2022": [ - "A.5.3", - "A.5.15", - "A.8.2" - ], - "ENS-RD2022": [ - "op.acc.1.r1.gcp.iam.1" - ], - "PCI-4.0": [ - "1.5.1.31", - "7.2.1.16", - "7.2.1.19", - "7.2.2.17", - "7.2.2.19", - "7.2.5.7", - "7.2.5.10", - "7.2.5.13", - "7.3.1.7", - "7.3.1.12", - "7.3.1.13", - "7.3.2.13", - "7.3.3.10", - "7.3.3.12", - "7.3.3.13", - "8.2.2.6", - "8.2.7.11", - "8.2.7.13", - "8.2.8.9", - "8.2.8.15", - "8.3.4.11", - "8.3.4.12", - "8.3.4.13" - ], - "MITRE-ATTACK": [ - "T1078", - "T1098", - "T1556", - "T1578", - "T1550", - "T1606", - "T1040", - "T1580", - "T1538", - "T1069" - ], - "CIS-2.0": [ - "1.6" - ], - "NIS2": [ - "6.2.2.b", - "6.7.2.g", - "11.1.2.c", - "11.2.2.d", - "11.3.1", - "11.3.2.b" - ], - "ProwlerThreatScore-1.0": [ - "1.3.1" - ], - "CIS-4.0": [ - "1.6" - ], - "CCC": [ - "CCC.DataWar.CN03.AR01", - "CCC.GenAI.CN06.AR01", - "CCC.LB.CN04.AR01", - "CCC.LB.CN05.AR01", - "CCC.LB.CN09.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.MLDE.CN03.AR02", - "CCC.Monitor.CN06.AR01", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900789, - "created_time_dt": "2025-10-19T19:06:29.756296", - "desc": "It is recommended to assign the `Service Account User (iam.serviceAccountUser)` and `Service Account Token Creator (iam.serviceAccountTokenCreator)` roles to a user for a specific service account rather than assigning the role to a user at project level.", - "title": "Ensure That IAM Users Are Not Assigned the Service Account User or Service Account Token Creator Roles at Project Level", - "types": [], - "uid": "prowler-gcp-iam_no_service_roles_at_project_level-nodal-time-474015-p5-global-My First Project" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "number": 784623368087, - "id": "nodal-time-474015-p5", - "name": "My First Project", - "organization": null, - "labels": {}, - "lifecycle_state": "ACTIVE" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "My First Project", - "type": "IAM Policy", - "uid": "nodal-time-474015-p5" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "Ensure that the Service Account User and Service Account Token Creator roles are assigned to a user for a specific GCP service account rather than to a user at the GCP project level, in order to implement the principle of least privilege (POLP). The principle of least privilege (also known as the principle of minimal privilege) is the practice of providing every user the minimal amount of access required to perform its tasks. Google Cloud Platform (GCP) IAM users should not have assigned the Service Account User or Service Account Token Creator roles at the GCP project level. Instead, these roles should be allocated to a user associated with a specific service account, providing that user access to the service account only.", - "references": [ - "https://cloud.google.com/iam/docs/granting-changing-revoking-access" - ] - }, - "risk_details": "The Service Account User (iam.serviceAccountUser) role allows an IAM user to attach a service account to a long-running job service such as an App Engine App or Dataflow Job, whereas the Service Account Token Creator (iam.serviceAccountTokenCreator) role allows a user to directly impersonate the identity of a service account.", - "time": 1760900789, - "time_dt": "2025-10-19T19:06:29.756296", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Principle of separation of duties was enforced for KMS-Related Roles in project nodal-time-474015-p5.", - "metadata": { - "event_code": "iam_role_kms_enforce_separation_of_duties", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Principle of separation of duties was enforced for KMS-Related Roles in project nodal-time-474015-p5.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.8", - "1.11" - ], - "SOC2": [ - "cc_1_3", - "cc_6_3" - ], - "ISO27001-2022": [ - "A.5.3", - "A.5.15", - "A.8.2" - ], - "ENS-RD2022": [ - "op.acc.3.gcp.org.1" - ], - "PCI-4.0": [ - "3.5.1.1.8", - "3.5.1.3.16", - "3.6.1.2.8", - "3.6.1.3.8", - "3.6.1.4.8", - "3.6.1.8", - "3.7.1.9", - "3.7.2.8", - "3.7.4.5", - "3.7.4.9", - "3.7.6.8", - "3.7.7.8", - "4.2.1.1.21", - "7.2.1.10", - "7.2.2.10", - "7.2.3.6", - "7.2.5.6", - "7.3.1.6", - "7.3.2.6", - "7.3.3.5", - "7.3.3.6", - "8.2.7.5", - "8.2.7.6", - "8.2.8.8", - "8.3.4.6" - ], - "MITRE-ATTACK": [ - "T1078", - "T1098", - "T1556", - "T1578", - "T1550", - "T1606", - "T1040", - "T1087", - "T1580", - "T1538", - "T1069" - ], - "CIS-2.0": [ - "1.11" - ], - "NIS2": [ - "1.2.4", - "3.1.3", - "6.2.2.b", - "6.7.2.e", - "11.1.2.c", - "11.2.2.a", - "11.2.2.d", - "11.3.1", - "11.3.2.b", - "11.3.2.c", - "11.3.2.d", - "11.4.2.b", - "11.4.2.c", - "11.6.1" - ], - "ProwlerThreatScore-1.0": [ - "1.2.5", - "1.3.2" - ], - "CIS-4.0": [ - "1.8", - "1.11" - ], - "CCC": [ - "CCC.DataWar.CN03.AR01", - "CCC.KeyMgmt.CN02.AR01", - "CCC.LB.CN05.AR01", - "CCC.LB.CN09.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900789, - "created_time_dt": "2025-10-19T19:06:29.756296", - "desc": "Ensure that separation of duties is enforced for all Cloud Key Management Service (KMS) related roles. The principle of separation of duties (also known as segregation of duties) has as its primary objective the prevention of fraud and human error. This objective is achieved by dismantling the tasks and the associated privileges for a specific business process among multiple users/identities. Google Cloud provides predefined roles that can be used to implement the principle of separation of duties, where it is needed. The predefined Cloud KMS Admin role is meant for users to manage KMS keys but not to use them. The Cloud KMS CryptoKey Encrypter/Decrypter roles are meant for services who can use keys to encrypt and decrypt data, but not to manage them. To adhere to cloud security best practices, your IAM users should not have the Admin role and any of the CryptoKey Encrypter/Decrypter roles assigned at the same time.", - "title": "Enforce Separation of Duties for KMS-Related Roles", - "types": [], - "uid": "prowler-gcp-iam_role_kms_enforce_separation_of_duties-nodal-time-474015-p5-global-My First Project" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "number": 784623368087, - "id": "nodal-time-474015-p5", - "name": "My First Project", - "organization": null, - "labels": {}, - "lifecycle_state": "ACTIVE" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "My First Project", - "type": "IAMRole", - "uid": "nodal-time-474015-p5" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended that the principle of 'Separation of Duties' is enforced while assigning KMS related roles to users.", - "references": [ - "https://cloud.google.com/kms/docs/separation-of-duties" - ] - }, - "risk_details": "The principle of separation of duties can be enforced in order to eliminate the need for the IAM user/identity that has all the permissions needed to perform unwanted actions, such as using a cryptographic key to access and decrypt data which the user should not normally have access to.", - "time": 1760900789, - "time_dt": "2025-10-19T19:06:29.756296", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Principle of separation of duties was not enforced for Service-Account Related Roles in project nodal-time-474015-p5 in members deleted:serviceAccount:gha-deployer@nodal-time-474015-p5.iam.gserviceaccount.com?uid=104781589807131914461,serviceAccount:gha-deployer@nodal-time-474015-p5.iam.gserviceaccount.com.", - "metadata": { - "event_code": "iam_role_sa_enforce_separation_of_duties", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Principle of separation of duties was not enforced for Service-Account Related Roles in project nodal-time-474015-p5 in members deleted:serviceAccount:gha-deployer@nodal-time-474015-p5.iam.gserviceaccount.com?uid=104781589807131914461,serviceAccount:gha-deployer@nodal-time-474015-p5.iam.gserviceaccount.com.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_1_3", - "cc_6_3" - ], - "ISO27001-2022": [ - "A.5.3", - "A.5.15", - "A.5.18", - "A.8.2" - ], - "ENS-RD2022": [ - "op.acc.3.gcp.org.1" - ], - "PCI-4.0": [ - "7.2.1.16", - "7.2.1.19", - "7.2.2.19", - "7.2.5.13", - "7.3.1.7", - "7.3.1.12", - "7.3.1.13", - "7.3.3.12", - "8.2.7.11", - "8.2.7.13", - "8.3.4.11" - ], - "MITRE-ATTACK": [ - "T1078", - "T1098", - "T1556", - "T1578", - "T1550", - "T1606", - "T1040", - "T1087", - "T1580", - "T1538", - "T1069" - ], - "CIS-2.0": [ - "1.8" - ], - "NIS2": [ - "1.2.4", - "3.1.3", - "6.2.2.b", - "11.1.2.c", - "11.2.2.a", - "11.2.2.d", - "11.3.1", - "11.3.2.b", - "11.3.2.c", - "11.3.2.d", - "11.4.2.b", - "11.4.2.c" - ], - "CCC": [ - "CCC.DataWar.CN03.AR01", - "CCC.LB.CN04.AR01", - "CCC.LB.CN05.AR01", - "CCC.LB.CN09.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900789, - "created_time_dt": "2025-10-19T19:06:29.756296", - "desc": "Ensure that separation of duties (also known as segregation of duties - SoD) is enforced for all Google Cloud Platform (GCP) service-account related roles. The security principle of separation of duties has as its primary objective the prevention of fraud and human error. This objective is achieved by disbanding the tasks and associated privileges for a specific business process among multiple users/members. To follow security best practices, your GCP service accounts should not have the Service Account Admin and Service Account User roles assigned at the same time.", - "title": "Enforce Separation of Duties for Service-Account Related Roles", - "types": [], - "uid": "prowler-gcp-iam_role_sa_enforce_separation_of_duties-nodal-time-474015-p5-global-My First Project" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "number": 784623368087, - "id": "nodal-time-474015-p5", - "name": "My First Project", - "organization": null, - "labels": {}, - "lifecycle_state": "ACTIVE" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "My First Project", - "type": "IAMRole", - "uid": "nodal-time-474015-p5" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "Ensure that separation of duties (also known as segregation of duties - SoD) is enforced for all Google Cloud Platform (GCP) service-account related roles. The security principle of separation of duties has as its primary objective the prevention of fraud and human error. This objective is achieved by disbanding the tasks and associated privileges for a specific business process among multiple users/members. To follow security best practices, your GCP service accounts should not have the Service Account Admin and Service Account User roles assigned at the same time.", - "references": [ - "https://cloud.google.com/iam/docs/understanding-roles" - ] - }, - "risk_details": "The principle of separation of duties should be enforced in order to eliminate the need for high-privileged IAM members, as the permissions granted to these members can allow them to perform malicious or unwanted actions.", - "time": 1760900789, - "time_dt": "2025-10-19T19:06:29.756296", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Account gha-deployer@nodal-time-474015-p5.iam.gserviceaccount.com has administrative privileges with roles/serviceusage.serviceUsageAdmin.", - "metadata": { - "event_code": "iam_sa_no_administrative_privileges", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Account gha-deployer@nodal-time-474015-p5.iam.gserviceaccount.com has administrative privileges with roles/serviceusage.serviceUsageAdmin.", - "status_id": 1, - "unmapped": { - "related_url": "https://www.trendmicro.com/cloudoneconformity/knowledge-base/gcp/CloudIAM/restrict-admin-access-for-service-accounts.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.5" - ], - "SOC2": [ - "cc_1_3", - "cc_6_3" - ], - "ISO27001-2022": [ - "A.5.15", - "A.5.18", - "A.8.2", - "A.8.3" - ], - "ENS-RD2022": [ - "op.acc.3.gcp.iam.1", - "opc.acc.4.gcp.iam.1" - ], - "PCI-4.0": [ - "1.5.1.31", - "7.2.1.5", - "7.2.1.11", - "7.2.1.14", - "7.2.1.15", - "7.2.1.16", - "7.2.1.19", - "7.2.2.5", - "7.2.2.14", - "7.2.2.15", - "7.2.2.16", - "7.2.2.17", - "7.2.2.19", - "7.2.3.7", - "7.2.5.3", - "7.2.5.7", - "7.2.5.10", - "7.2.5.11", - "7.2.5.12", - "7.2.5.13", - "7.3.1.3", - "7.3.1.7", - "7.3.1.10", - "7.3.1.11", - "7.3.1.12", - "7.3.1.13", - "7.3.2.3", - "7.3.2.7", - "7.3.2.8", - "7.3.2.10", - "7.3.2.11", - "7.3.2.13", - "7.3.3.3", - "7.3.3.7", - "7.3.3.10", - "7.3.3.11", - "7.3.3.12", - "7.3.3.13", - "8.2.1.4", - "8.2.2.6", - "8.2.5.4", - "8.2.7.3", - "8.2.7.10", - "8.2.7.11", - "8.2.7.13", - "8.2.8.5", - "8.2.8.9", - "8.2.8.12", - "8.2.8.13", - "8.2.8.15", - "8.3.4.3", - "8.3.4.10", - "8.3.4.11", - "8.3.4.12", - "8.3.4.13" - ], - "MITRE-ATTACK": [ - "T1078", - "T1098", - "T1556", - "T1578", - "T1550", - "T1606", - "T1040", - "T1087", - "T1580", - "T1538", - "T1069" - ], - "CIS-2.0": [ - "1.5" - ], - "NIS2": [ - "3.2.3.e", - "6.2.2.b", - "6.7.2.e", - "6.7.2.g", - "11.1.2.c", - "11.2.2.a", - "11.2.2.d", - "11.3.1", - "11.3.2.b", - "11.3.2.c", - "11.3.2.d", - "11.4.2.a", - "11.4.2.c" - ], - "ProwlerThreatScore-1.0": [ - "1.2.2" - ], - "CIS-4.0": [ - "1.5" - ], - "CCC": [ - "CCC.DataWar.CN03.AR01", - "CCC.GenAI.CN06.AR01", - "CCC.LB.CN04.AR01", - "CCC.LB.CN05.AR01", - "CCC.LB.CN09.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.MLDE.CN03.AR02", - "CCC.Monitor.CN06.AR01", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900789, - "created_time_dt": "2025-10-19T19:06:29.756296", - "desc": "Ensure Service Account does not have admin privileges", - "title": "Ensure Service Account does not have admin privileges", - "types": [], - "uid": "prowler-gcp-iam_sa_no_administrative_privileges-nodal-time-474015-p5-global-projects/nodal-time-474015-p5/serviceAccounts/gha-deployer@nodal-time-474015-p5.iam.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/gha-deployer@nodal-time-474015-p5.iam.gserviceaccount.com", - "email": "gha-deployer@nodal-time-474015-p5.iam.gserviceaccount.com", - "display_name": "GitHub Actions Deployer", - "keys": [ - { - "name": "3f2a81ba4bce0b39089b85a2e7678d09d2d183f6", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-15T22:51:06", - "valid_before": "2025-11-01T22:51:06" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "114112078080729873885" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "projects/nodal-time-474015-p5/serviceAccounts/gha-deployer@nodal-time-474015-p5.iam.gserviceaccount.com", - "type": "ServiceAccount", - "uid": "gha-deployer@nodal-time-474015-p5.iam.gserviceaccount.com" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "Ensure that your Google Cloud user-managed service accounts are not using privileged (administrator) roles, in order to implement the principle of least privilege and prevent any accidental or intentional modifications that may lead to data leaks and/or data loss.", - "references": [ - "https://cloud.google.com/iam/docs/manage-access-service-accounts" - ] - }, - "risk_details": "Enrolling ServiceAccount with Admin rights gives full access to an assigned application or a VM. A ServiceAccount Access holder can perform critical actions, such as delete and update change settings, without user intervention.", - "time": 1760900789, - "time_dt": "2025-10-19T19:06:29.756296", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com has no administrative privileges.", - "metadata": { - "event_code": "iam_sa_no_administrative_privileges", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com has no administrative privileges.", - "status_id": 1, - "unmapped": { - "related_url": "https://www.trendmicro.com/cloudoneconformity/knowledge-base/gcp/CloudIAM/restrict-admin-access-for-service-accounts.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.5" - ], - "SOC2": [ - "cc_1_3", - "cc_6_3" - ], - "ISO27001-2022": [ - "A.5.15", - "A.5.18", - "A.8.2", - "A.8.3" - ], - "ENS-RD2022": [ - "op.acc.3.gcp.iam.1", - "opc.acc.4.gcp.iam.1" - ], - "PCI-4.0": [ - "1.5.1.31", - "7.2.1.5", - "7.2.1.11", - "7.2.1.14", - "7.2.1.15", - "7.2.1.16", - "7.2.1.19", - "7.2.2.5", - "7.2.2.14", - "7.2.2.15", - "7.2.2.16", - "7.2.2.17", - "7.2.2.19", - "7.2.3.7", - "7.2.5.3", - "7.2.5.7", - "7.2.5.10", - "7.2.5.11", - "7.2.5.12", - "7.2.5.13", - "7.3.1.3", - "7.3.1.7", - "7.3.1.10", - "7.3.1.11", - "7.3.1.12", - "7.3.1.13", - "7.3.2.3", - "7.3.2.7", - "7.3.2.8", - "7.3.2.10", - "7.3.2.11", - "7.3.2.13", - "7.3.3.3", - "7.3.3.7", - "7.3.3.10", - "7.3.3.11", - "7.3.3.12", - "7.3.3.13", - "8.2.1.4", - "8.2.2.6", - "8.2.5.4", - "8.2.7.3", - "8.2.7.10", - "8.2.7.11", - "8.2.7.13", - "8.2.8.5", - "8.2.8.9", - "8.2.8.12", - "8.2.8.13", - "8.2.8.15", - "8.3.4.3", - "8.3.4.10", - "8.3.4.11", - "8.3.4.12", - "8.3.4.13" - ], - "MITRE-ATTACK": [ - "T1078", - "T1098", - "T1556", - "T1578", - "T1550", - "T1606", - "T1040", - "T1087", - "T1580", - "T1538", - "T1069" - ], - "CIS-2.0": [ - "1.5" - ], - "NIS2": [ - "3.2.3.e", - "6.2.2.b", - "6.7.2.e", - "6.7.2.g", - "11.1.2.c", - "11.2.2.a", - "11.2.2.d", - "11.3.1", - "11.3.2.b", - "11.3.2.c", - "11.3.2.d", - "11.4.2.a", - "11.4.2.c" - ], - "ProwlerThreatScore-1.0": [ - "1.2.2" - ], - "CIS-4.0": [ - "1.5" - ], - "CCC": [ - "CCC.DataWar.CN03.AR01", - "CCC.GenAI.CN06.AR01", - "CCC.LB.CN04.AR01", - "CCC.LB.CN05.AR01", - "CCC.LB.CN09.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.MLDE.CN03.AR02", - "CCC.Monitor.CN06.AR01", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900789, - "created_time_dt": "2025-10-19T19:06:29.756296", - "desc": "Ensure Service Account does not have admin privileges", - "title": "Ensure Service Account does not have admin privileges", - "types": [], - "uid": "prowler-gcp-iam_sa_no_administrative_privileges-nodal-time-474015-p5-global-projects/nodal-time-474015-p5/serviceAccounts/test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "email": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "display_name": "CCC Test User: test-user-trusted", - "keys": [ - { - "name": "2be636359d12f2e126e0d77f6dfaa3ba883c97c6", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-12T13:15:46", - "valid_before": "2025-10-29T13:15:46" - }, - { - "name": "b42bff156412b21c8615812a79d72ba55d6bafb4", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:44", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "24a51f6716e116e4b0c095d727d4a101242b82a2", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "a9ef76bd9a4bf65183c4eca79577351caf8a8b9c", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:47", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "3ec34a6521569dd67684f27f37d1d6ab56db09dc", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:43", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c450c6187eeddc932b29ffd3d0f3e675bf53af62", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:45", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "da1ab7a5db1c4c450463dd8897ce39f496b0ad66", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "f69cf03d448314cf03036f08165420dfe98b3992", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:50", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "ce51dbe0ea021fb2e8124f86d8842546246040c1", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:51", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "9fb92292efcb6cf783f5b7ef3bc67a293bea8a33", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:52", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c0604742fabec0b925df21e0606a25c9e007f571", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:38:22", - "valid_before": "9999-12-31T23:59:59" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "101453138596815216260" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "projects/nodal-time-474015-p5/serviceAccounts/test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "type": "ServiceAccount", - "uid": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "Ensure that your Google Cloud user-managed service accounts are not using privileged (administrator) roles, in order to implement the principle of least privilege and prevent any accidental or intentional modifications that may lead to data leaks and/or data loss.", - "references": [ - "https://cloud.google.com/iam/docs/manage-access-service-accounts" - ] - }, - "risk_details": "Enrolling ServiceAccount with Admin rights gives full access to an assigned application or a VM. A ServiceAccount Access holder can perform critical actions, such as delete and update change settings, without user intervention.", - "time": 1760900789, - "time_dt": "2025-10-19T19:06:29.756296", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Account 784623368087-compute@developer.gserviceaccount.com has administrative privileges with roles/editor.", - "metadata": { - "event_code": "iam_sa_no_administrative_privileges", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Account 784623368087-compute@developer.gserviceaccount.com has administrative privileges with roles/editor.", - "status_id": 1, - "unmapped": { - "related_url": "https://www.trendmicro.com/cloudoneconformity/knowledge-base/gcp/CloudIAM/restrict-admin-access-for-service-accounts.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.5" - ], - "SOC2": [ - "cc_1_3", - "cc_6_3" - ], - "ISO27001-2022": [ - "A.5.15", - "A.5.18", - "A.8.2", - "A.8.3" - ], - "ENS-RD2022": [ - "op.acc.3.gcp.iam.1", - "opc.acc.4.gcp.iam.1" - ], - "PCI-4.0": [ - "1.5.1.31", - "7.2.1.5", - "7.2.1.11", - "7.2.1.14", - "7.2.1.15", - "7.2.1.16", - "7.2.1.19", - "7.2.2.5", - "7.2.2.14", - "7.2.2.15", - "7.2.2.16", - "7.2.2.17", - "7.2.2.19", - "7.2.3.7", - "7.2.5.3", - "7.2.5.7", - "7.2.5.10", - "7.2.5.11", - "7.2.5.12", - "7.2.5.13", - "7.3.1.3", - "7.3.1.7", - "7.3.1.10", - "7.3.1.11", - "7.3.1.12", - "7.3.1.13", - "7.3.2.3", - "7.3.2.7", - "7.3.2.8", - "7.3.2.10", - "7.3.2.11", - "7.3.2.13", - "7.3.3.3", - "7.3.3.7", - "7.3.3.10", - "7.3.3.11", - "7.3.3.12", - "7.3.3.13", - "8.2.1.4", - "8.2.2.6", - "8.2.5.4", - "8.2.7.3", - "8.2.7.10", - "8.2.7.11", - "8.2.7.13", - "8.2.8.5", - "8.2.8.9", - "8.2.8.12", - "8.2.8.13", - "8.2.8.15", - "8.3.4.3", - "8.3.4.10", - "8.3.4.11", - "8.3.4.12", - "8.3.4.13" - ], - "MITRE-ATTACK": [ - "T1078", - "T1098", - "T1556", - "T1578", - "T1550", - "T1606", - "T1040", - "T1087", - "T1580", - "T1538", - "T1069" - ], - "CIS-2.0": [ - "1.5" - ], - "NIS2": [ - "3.2.3.e", - "6.2.2.b", - "6.7.2.e", - "6.7.2.g", - "11.1.2.c", - "11.2.2.a", - "11.2.2.d", - "11.3.1", - "11.3.2.b", - "11.3.2.c", - "11.3.2.d", - "11.4.2.a", - "11.4.2.c" - ], - "ProwlerThreatScore-1.0": [ - "1.2.2" - ], - "CIS-4.0": [ - "1.5" - ], - "CCC": [ - "CCC.DataWar.CN03.AR01", - "CCC.GenAI.CN06.AR01", - "CCC.LB.CN04.AR01", - "CCC.LB.CN05.AR01", - "CCC.LB.CN09.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.MLDE.CN03.AR02", - "CCC.Monitor.CN06.AR01", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900789, - "created_time_dt": "2025-10-19T19:06:29.756296", - "desc": "Ensure Service Account does not have admin privileges", - "title": "Ensure Service Account does not have admin privileges", - "types": [], - "uid": "prowler-gcp-iam_sa_no_administrative_privileges-nodal-time-474015-p5-global-projects/nodal-time-474015-p5/serviceAccounts/784623368087-compute@developer.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/784623368087-compute@developer.gserviceaccount.com", - "email": "784623368087-compute@developer.gserviceaccount.com", - "display_name": "Compute Engine default service account", - "keys": [ - { - "name": "93b9e85d69bcb0503b5a7696d8b3bf5855a91d37", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-15T10:25:01", - "valid_before": "2025-10-31T10:25:01" - }, - { - "name": "202c306e41b020fefe81250bea563d31c07138e3", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-06T10:25:01", - "valid_before": "2025-10-23T10:25:01" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "111974737467208838860" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "projects/nodal-time-474015-p5/serviceAccounts/784623368087-compute@developer.gserviceaccount.com", - "type": "ServiceAccount", - "uid": "784623368087-compute@developer.gserviceaccount.com" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "Ensure that your Google Cloud user-managed service accounts are not using privileged (administrator) roles, in order to implement the principle of least privilege and prevent any accidental or intentional modifications that may lead to data leaks and/or data loss.", - "references": [ - "https://cloud.google.com/iam/docs/manage-access-service-accounts" - ] - }, - "risk_details": "Enrolling ServiceAccount with Admin rights gives full access to an assigned application or a VM. A ServiceAccount Access holder can perform critical actions, such as delete and update change settings, without user intervention.", - "time": 1760900789, - "time_dt": "2025-10-19T19:06:29.756296", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Account vertex-ai-workbench-sa@nodal-time-474015-p5.iam.gserviceaccount.com has no administrative privileges.", - "metadata": { - "event_code": "iam_sa_no_administrative_privileges", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Account vertex-ai-workbench-sa@nodal-time-474015-p5.iam.gserviceaccount.com has no administrative privileges.", - "status_id": 1, - "unmapped": { - "related_url": "https://www.trendmicro.com/cloudoneconformity/knowledge-base/gcp/CloudIAM/restrict-admin-access-for-service-accounts.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.5" - ], - "SOC2": [ - "cc_1_3", - "cc_6_3" - ], - "ISO27001-2022": [ - "A.5.15", - "A.5.18", - "A.8.2", - "A.8.3" - ], - "ENS-RD2022": [ - "op.acc.3.gcp.iam.1", - "opc.acc.4.gcp.iam.1" - ], - "PCI-4.0": [ - "1.5.1.31", - "7.2.1.5", - "7.2.1.11", - "7.2.1.14", - "7.2.1.15", - "7.2.1.16", - "7.2.1.19", - "7.2.2.5", - "7.2.2.14", - "7.2.2.15", - "7.2.2.16", - "7.2.2.17", - "7.2.2.19", - "7.2.3.7", - "7.2.5.3", - "7.2.5.7", - "7.2.5.10", - "7.2.5.11", - "7.2.5.12", - "7.2.5.13", - "7.3.1.3", - "7.3.1.7", - "7.3.1.10", - "7.3.1.11", - "7.3.1.12", - "7.3.1.13", - "7.3.2.3", - "7.3.2.7", - "7.3.2.8", - "7.3.2.10", - "7.3.2.11", - "7.3.2.13", - "7.3.3.3", - "7.3.3.7", - "7.3.3.10", - "7.3.3.11", - "7.3.3.12", - "7.3.3.13", - "8.2.1.4", - "8.2.2.6", - "8.2.5.4", - "8.2.7.3", - "8.2.7.10", - "8.2.7.11", - "8.2.7.13", - "8.2.8.5", - "8.2.8.9", - "8.2.8.12", - "8.2.8.13", - "8.2.8.15", - "8.3.4.3", - "8.3.4.10", - "8.3.4.11", - "8.3.4.12", - "8.3.4.13" - ], - "MITRE-ATTACK": [ - "T1078", - "T1098", - "T1556", - "T1578", - "T1550", - "T1606", - "T1040", - "T1087", - "T1580", - "T1538", - "T1069" - ], - "CIS-2.0": [ - "1.5" - ], - "NIS2": [ - "3.2.3.e", - "6.2.2.b", - "6.7.2.e", - "6.7.2.g", - "11.1.2.c", - "11.2.2.a", - "11.2.2.d", - "11.3.1", - "11.3.2.b", - "11.3.2.c", - "11.3.2.d", - "11.4.2.a", - "11.4.2.c" - ], - "ProwlerThreatScore-1.0": [ - "1.2.2" - ], - "CIS-4.0": [ - "1.5" - ], - "CCC": [ - "CCC.DataWar.CN03.AR01", - "CCC.GenAI.CN06.AR01", - "CCC.LB.CN04.AR01", - "CCC.LB.CN05.AR01", - "CCC.LB.CN09.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.MLDE.CN03.AR02", - "CCC.Monitor.CN06.AR01", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900789, - "created_time_dt": "2025-10-19T19:06:29.756296", - "desc": "Ensure Service Account does not have admin privileges", - "title": "Ensure Service Account does not have admin privileges", - "types": [], - "uid": "prowler-gcp-iam_sa_no_administrative_privileges-nodal-time-474015-p5-global-projects/nodal-time-474015-p5/serviceAccounts/vertex-ai-workbench-sa@nodal-time-474015-p5.iam.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/vertex-ai-workbench-sa@nodal-time-474015-p5.iam.gserviceaccount.com", - "email": "vertex-ai-workbench-sa@nodal-time-474015-p5.iam.gserviceaccount.com", - "display_name": "Vertex AI Workbench Service Account", - "keys": [ - { - "name": "92e39887344dae71e19dc25c005a53a68ceb62cb", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-15T23:25:14", - "valid_before": "2025-11-01T23:25:14" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "108352930858191263233" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "projects/nodal-time-474015-p5/serviceAccounts/vertex-ai-workbench-sa@nodal-time-474015-p5.iam.gserviceaccount.com", - "type": "ServiceAccount", - "uid": "vertex-ai-workbench-sa@nodal-time-474015-p5.iam.gserviceaccount.com" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "Ensure that your Google Cloud user-managed service accounts are not using privileged (administrator) roles, in order to implement the principle of least privilege and prevent any accidental or intentional modifications that may lead to data leaks and/or data loss.", - "references": [ - "https://cloud.google.com/iam/docs/manage-access-service-accounts" - ] - }, - "risk_details": "Enrolling ServiceAccount with Admin rights gives full access to an assigned application or a VM. A ServiceAccount Access holder can perform critical actions, such as delete and update change settings, without user intervention.", - "time": 1760900789, - "time_dt": "2025-10-19T19:06:29.756296", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Account gha-deployer@nodal-time-474015-p5.iam.gserviceaccount.com does not have user-managed keys.", - "metadata": { - "event_code": "iam_sa_no_user_managed_keys", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Account gha-deployer@nodal-time-474015-p5.iam.gserviceaccount.com does not have user-managed keys.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.4" - ], - "SOC2": [ - "cc_1_3" - ], - "ISO27001-2022": [ - "A.5.15", - "A.8.2" - ], - "ENS-RD2022": [ - "op.acc.2.gcp.rbak.1", - "op.acc.3.gcp.iam.1" - ], - "PCI-4.0": [ - "3.5.1.1.8", - "3.5.1.3.16", - "3.6.1.3.8", - "3.6.1.4.8", - "3.7.2.8", - "3.7.7.8", - "7.2.1.10", - "7.2.5.1.2", - "7.3.1.6", - "7.3.1.7", - "7.3.2.7", - "7.3.3.6", - "8.2.1.1", - "8.2.1.4", - "8.2.2.6", - "8.2.5.4" - ], - "MITRE-ATTACK": [ - "T1078", - "T1098", - "T1556", - "T1578", - "T1550", - "T1580", - "T1538", - "T1069" - ], - "CIS-2.0": [ - "1.4" - ], - "NIS2": [ - "6.2.2.b", - "9.2.c", - "9.2.c.i", - "9.2.c.xii", - "11.1.2.c", - "11.2.2.a", - "11.2.2.d", - "11.3.1", - "11.3.2.a", - "11.3.2.c", - "11.3.2.d", - "11.4.2.c", - "11.5.4" - ], - "CIS-4.0": [ - "1.4" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900789, - "created_time_dt": "2025-10-19T19:06:29.756296", - "desc": "Ensure That There Are Only GCP-Managed Service Account Keys for Each Service Account", - "title": "Ensure That There Are Only GCP-Managed Service Account Keys for Each Service Account", - "types": [], - "uid": "prowler-gcp-iam_sa_no_user_managed_keys-nodal-time-474015-p5-global-projects/nodal-time-474015-p5/serviceAccounts/gha-deployer@nodal-time-474015-p5.iam.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/gha-deployer@nodal-time-474015-p5.iam.gserviceaccount.com", - "email": "gha-deployer@nodal-time-474015-p5.iam.gserviceaccount.com", - "display_name": "GitHub Actions Deployer", - "keys": [ - { - "name": "3f2a81ba4bce0b39089b85a2e7678d09d2d183f6", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-15T22:51:06", - "valid_before": "2025-11-01T22:51:06" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "114112078080729873885" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "projects/nodal-time-474015-p5/serviceAccounts/gha-deployer@nodal-time-474015-p5.iam.gserviceaccount.com", - "type": "ServiceAccountKey", - "uid": "gha-deployer@nodal-time-474015-p5.iam.gserviceaccount.com" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended to prevent user-managed service account keys.", - "references": [ - "https://cloud.google.com/iam/docs/creating-managing-service-account-keys" - ] - }, - "risk_details": "Anyone who has access to the keys will be able to access resources through the service account. GCP-managed keys are used by Cloud Platform services such as App Engine and Compute Engine. These keys cannot be downloaded. Google will keep the keys and automatically rotate them on an approximately weekly basis. User-managed keys are created, downloadable, and managed by users.", - "time": 1760900789, - "time_dt": "2025-10-19T19:06:29.756296", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com has user-managed keys.", - "metadata": { - "event_code": "iam_sa_no_user_managed_keys", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com has user-managed keys.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.4" - ], - "SOC2": [ - "cc_1_3" - ], - "ISO27001-2022": [ - "A.5.15", - "A.8.2" - ], - "ENS-RD2022": [ - "op.acc.2.gcp.rbak.1", - "op.acc.3.gcp.iam.1" - ], - "PCI-4.0": [ - "3.5.1.1.8", - "3.5.1.3.16", - "3.6.1.3.8", - "3.6.1.4.8", - "3.7.2.8", - "3.7.7.8", - "7.2.1.10", - "7.2.5.1.2", - "7.3.1.6", - "7.3.1.7", - "7.3.2.7", - "7.3.3.6", - "8.2.1.1", - "8.2.1.4", - "8.2.2.6", - "8.2.5.4" - ], - "MITRE-ATTACK": [ - "T1078", - "T1098", - "T1556", - "T1578", - "T1550", - "T1580", - "T1538", - "T1069" - ], - "CIS-2.0": [ - "1.4" - ], - "NIS2": [ - "6.2.2.b", - "9.2.c", - "9.2.c.i", - "9.2.c.xii", - "11.1.2.c", - "11.2.2.a", - "11.2.2.d", - "11.3.1", - "11.3.2.a", - "11.3.2.c", - "11.3.2.d", - "11.4.2.c", - "11.5.4" - ], - "CIS-4.0": [ - "1.4" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900789, - "created_time_dt": "2025-10-19T19:06:29.756296", - "desc": "Ensure That There Are Only GCP-Managed Service Account Keys for Each Service Account", - "title": "Ensure That There Are Only GCP-Managed Service Account Keys for Each Service Account", - "types": [], - "uid": "prowler-gcp-iam_sa_no_user_managed_keys-nodal-time-474015-p5-global-projects/nodal-time-474015-p5/serviceAccounts/test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "email": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "display_name": "CCC Test User: test-user-trusted", - "keys": [ - { - "name": "2be636359d12f2e126e0d77f6dfaa3ba883c97c6", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-12T13:15:46", - "valid_before": "2025-10-29T13:15:46" - }, - { - "name": "b42bff156412b21c8615812a79d72ba55d6bafb4", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:44", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "24a51f6716e116e4b0c095d727d4a101242b82a2", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "a9ef76bd9a4bf65183c4eca79577351caf8a8b9c", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:47", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "3ec34a6521569dd67684f27f37d1d6ab56db09dc", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:43", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c450c6187eeddc932b29ffd3d0f3e675bf53af62", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:45", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "da1ab7a5db1c4c450463dd8897ce39f496b0ad66", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "f69cf03d448314cf03036f08165420dfe98b3992", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:50", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "ce51dbe0ea021fb2e8124f86d8842546246040c1", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:51", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "9fb92292efcb6cf783f5b7ef3bc67a293bea8a33", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:52", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c0604742fabec0b925df21e0606a25c9e007f571", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:38:22", - "valid_before": "9999-12-31T23:59:59" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "101453138596815216260" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "projects/nodal-time-474015-p5/serviceAccounts/test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "type": "ServiceAccountKey", - "uid": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended to prevent user-managed service account keys.", - "references": [ - "https://cloud.google.com/iam/docs/creating-managing-service-account-keys" - ] - }, - "risk_details": "Anyone who has access to the keys will be able to access resources through the service account. GCP-managed keys are used by Cloud Platform services such as App Engine and Compute Engine. These keys cannot be downloaded. Google will keep the keys and automatically rotate them on an approximately weekly basis. User-managed keys are created, downloadable, and managed by users.", - "time": 1760900789, - "time_dt": "2025-10-19T19:06:29.756296", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Account 784623368087-compute@developer.gserviceaccount.com does not have user-managed keys.", - "metadata": { - "event_code": "iam_sa_no_user_managed_keys", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Account 784623368087-compute@developer.gserviceaccount.com does not have user-managed keys.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.4" - ], - "SOC2": [ - "cc_1_3" - ], - "ISO27001-2022": [ - "A.5.15", - "A.8.2" - ], - "ENS-RD2022": [ - "op.acc.2.gcp.rbak.1", - "op.acc.3.gcp.iam.1" - ], - "PCI-4.0": [ - "3.5.1.1.8", - "3.5.1.3.16", - "3.6.1.3.8", - "3.6.1.4.8", - "3.7.2.8", - "3.7.7.8", - "7.2.1.10", - "7.2.5.1.2", - "7.3.1.6", - "7.3.1.7", - "7.3.2.7", - "7.3.3.6", - "8.2.1.1", - "8.2.1.4", - "8.2.2.6", - "8.2.5.4" - ], - "MITRE-ATTACK": [ - "T1078", - "T1098", - "T1556", - "T1578", - "T1550", - "T1580", - "T1538", - "T1069" - ], - "CIS-2.0": [ - "1.4" - ], - "NIS2": [ - "6.2.2.b", - "9.2.c", - "9.2.c.i", - "9.2.c.xii", - "11.1.2.c", - "11.2.2.a", - "11.2.2.d", - "11.3.1", - "11.3.2.a", - "11.3.2.c", - "11.3.2.d", - "11.4.2.c", - "11.5.4" - ], - "CIS-4.0": [ - "1.4" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900789, - "created_time_dt": "2025-10-19T19:06:29.756296", - "desc": "Ensure That There Are Only GCP-Managed Service Account Keys for Each Service Account", - "title": "Ensure That There Are Only GCP-Managed Service Account Keys for Each Service Account", - "types": [], - "uid": "prowler-gcp-iam_sa_no_user_managed_keys-nodal-time-474015-p5-global-projects/nodal-time-474015-p5/serviceAccounts/784623368087-compute@developer.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/784623368087-compute@developer.gserviceaccount.com", - "email": "784623368087-compute@developer.gserviceaccount.com", - "display_name": "Compute Engine default service account", - "keys": [ - { - "name": "93b9e85d69bcb0503b5a7696d8b3bf5855a91d37", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-15T10:25:01", - "valid_before": "2025-10-31T10:25:01" - }, - { - "name": "202c306e41b020fefe81250bea563d31c07138e3", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-06T10:25:01", - "valid_before": "2025-10-23T10:25:01" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "111974737467208838860" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "projects/nodal-time-474015-p5/serviceAccounts/784623368087-compute@developer.gserviceaccount.com", - "type": "ServiceAccountKey", - "uid": "784623368087-compute@developer.gserviceaccount.com" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended to prevent user-managed service account keys.", - "references": [ - "https://cloud.google.com/iam/docs/creating-managing-service-account-keys" - ] - }, - "risk_details": "Anyone who has access to the keys will be able to access resources through the service account. GCP-managed keys are used by Cloud Platform services such as App Engine and Compute Engine. These keys cannot be downloaded. Google will keep the keys and automatically rotate them on an approximately weekly basis. User-managed keys are created, downloadable, and managed by users.", - "time": 1760900789, - "time_dt": "2025-10-19T19:06:29.756296", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Account vertex-ai-workbench-sa@nodal-time-474015-p5.iam.gserviceaccount.com does not have user-managed keys.", - "metadata": { - "event_code": "iam_sa_no_user_managed_keys", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Account vertex-ai-workbench-sa@nodal-time-474015-p5.iam.gserviceaccount.com does not have user-managed keys.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.4" - ], - "SOC2": [ - "cc_1_3" - ], - "ISO27001-2022": [ - "A.5.15", - "A.8.2" - ], - "ENS-RD2022": [ - "op.acc.2.gcp.rbak.1", - "op.acc.3.gcp.iam.1" - ], - "PCI-4.0": [ - "3.5.1.1.8", - "3.5.1.3.16", - "3.6.1.3.8", - "3.6.1.4.8", - "3.7.2.8", - "3.7.7.8", - "7.2.1.10", - "7.2.5.1.2", - "7.3.1.6", - "7.3.1.7", - "7.3.2.7", - "7.3.3.6", - "8.2.1.1", - "8.2.1.4", - "8.2.2.6", - "8.2.5.4" - ], - "MITRE-ATTACK": [ - "T1078", - "T1098", - "T1556", - "T1578", - "T1550", - "T1580", - "T1538", - "T1069" - ], - "CIS-2.0": [ - "1.4" - ], - "NIS2": [ - "6.2.2.b", - "9.2.c", - "9.2.c.i", - "9.2.c.xii", - "11.1.2.c", - "11.2.2.a", - "11.2.2.d", - "11.3.1", - "11.3.2.a", - "11.3.2.c", - "11.3.2.d", - "11.4.2.c", - "11.5.4" - ], - "CIS-4.0": [ - "1.4" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900789, - "created_time_dt": "2025-10-19T19:06:29.756296", - "desc": "Ensure That There Are Only GCP-Managed Service Account Keys for Each Service Account", - "title": "Ensure That There Are Only GCP-Managed Service Account Keys for Each Service Account", - "types": [], - "uid": "prowler-gcp-iam_sa_no_user_managed_keys-nodal-time-474015-p5-global-projects/nodal-time-474015-p5/serviceAccounts/vertex-ai-workbench-sa@nodal-time-474015-p5.iam.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/vertex-ai-workbench-sa@nodal-time-474015-p5.iam.gserviceaccount.com", - "email": "vertex-ai-workbench-sa@nodal-time-474015-p5.iam.gserviceaccount.com", - "display_name": "Vertex AI Workbench Service Account", - "keys": [ - { - "name": "92e39887344dae71e19dc25c005a53a68ceb62cb", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-15T23:25:14", - "valid_before": "2025-11-01T23:25:14" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "108352930858191263233" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "projects/nodal-time-474015-p5/serviceAccounts/vertex-ai-workbench-sa@nodal-time-474015-p5.iam.gserviceaccount.com", - "type": "ServiceAccountKey", - "uid": "vertex-ai-workbench-sa@nodal-time-474015-p5.iam.gserviceaccount.com" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended to prevent user-managed service account keys.", - "references": [ - "https://cloud.google.com/iam/docs/creating-managing-service-account-keys" - ] - }, - "risk_details": "Anyone who has access to the keys will be able to access resources through the service account. GCP-managed keys are used by Cloud Platform services such as App Engine and Compute Engine. These keys cannot be downloaded. Google will keep the keys and automatically rotate them on an approximately weekly basis. User-managed keys are created, downloadable, and managed by users.", - "time": 1760900789, - "time_dt": "2025-10-19T19:06:29.756296", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User-managed key b42bff156412b21c8615812a79d72ba55d6bafb4 for account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was rotated over the last 90 days (6 days ago).", - "metadata": { - "event_code": "iam_sa_user_managed_key_rotate_90_days", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "PASS", - "status_detail": "User-managed key b42bff156412b21c8615812a79d72ba55d6bafb4 for account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was rotated over the last 90 days (6 days ago).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.7" - ], - "ISO27001-2022": [ - "A.5.16" - ], - "ENS-RD2022": [ - "op.acc.6.r1.gcp.ip.1" - ], - "PCI-4.0": [ - "3.7.5.2", - "7.2.5.1.2", - "8.3.10.1.1", - "8.3.5.1", - "8.3.7.1", - "8.3.9.1", - "8.6.3.1" - ], - "MITRE-ATTACK": [ - "T1078", - "T1098" - ], - "CIS-2.0": [ - "1.7" - ], - "NIS2": [ - "9.2.c", - "9.2.c.i", - "9.2.c.ii", - "9.2.c.v", - "9.2.c.vi", - "9.2.c.vii", - "9.2.c.xii", - "11.5.4", - "11.6.2.c", - "12.2.2.a", - "12.2.2.b" - ], - "ProwlerThreatScore-1.0": [ - "1.1.1" - ], - "CIS-4.0": [ - "1.7" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900789, - "created_time_dt": "2025-10-19T19:06:29.756296", - "desc": "Ensure User-Managed/External Keys for Service Accounts Are Rotated Every 90 Days", - "title": "Ensure User-Managed/External Keys for Service Accounts Are Rotated Every 90 Days", - "types": [], - "uid": "prowler-gcp-iam_sa_user_managed_key_rotate_90_days-nodal-time-474015-p5-global-test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "email": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "display_name": "CCC Test User: test-user-trusted", - "keys": [ - { - "name": "2be636359d12f2e126e0d77f6dfaa3ba883c97c6", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-12T13:15:46", - "valid_before": "2025-10-29T13:15:46" - }, - { - "name": "b42bff156412b21c8615812a79d72ba55d6bafb4", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:44", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "24a51f6716e116e4b0c095d727d4a101242b82a2", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "a9ef76bd9a4bf65183c4eca79577351caf8a8b9c", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:47", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "3ec34a6521569dd67684f27f37d1d6ab56db09dc", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:43", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c450c6187eeddc932b29ffd3d0f3e675bf53af62", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:45", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "da1ab7a5db1c4c450463dd8897ce39f496b0ad66", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "f69cf03d448314cf03036f08165420dfe98b3992", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:50", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "ce51dbe0ea021fb2e8124f86d8842546246040c1", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:51", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "9fb92292efcb6cf783f5b7ef3bc67a293bea8a33", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:52", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c0604742fabec0b925df21e0606a25c9e007f571", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:38:22", - "valid_before": "9999-12-31T23:59:59" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "101453138596815216260" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "type": "ServiceAccountKey", - "uid": "b42bff156412b21c8615812a79d72ba55d6bafb4" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended that all Service Account keys are regularly rotated.", - "references": [ - "https://cloud.google.com/iam/docs/creating-managing-service-account-keys" - ] - }, - "risk_details": "Service Account keys should be rotated to ensure that data cannot be accessed with an old key that might have been lost, cracked, or stolen.", - "time": 1760900789, - "time_dt": "2025-10-19T19:06:29.756296", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User-managed key 24a51f6716e116e4b0c095d727d4a101242b82a2 for account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was rotated over the last 90 days (6 days ago).", - "metadata": { - "event_code": "iam_sa_user_managed_key_rotate_90_days", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "PASS", - "status_detail": "User-managed key 24a51f6716e116e4b0c095d727d4a101242b82a2 for account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was rotated over the last 90 days (6 days ago).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.7" - ], - "ISO27001-2022": [ - "A.5.16" - ], - "ENS-RD2022": [ - "op.acc.6.r1.gcp.ip.1" - ], - "PCI-4.0": [ - "3.7.5.2", - "7.2.5.1.2", - "8.3.10.1.1", - "8.3.5.1", - "8.3.7.1", - "8.3.9.1", - "8.6.3.1" - ], - "MITRE-ATTACK": [ - "T1078", - "T1098" - ], - "CIS-2.0": [ - "1.7" - ], - "NIS2": [ - "9.2.c", - "9.2.c.i", - "9.2.c.ii", - "9.2.c.v", - "9.2.c.vi", - "9.2.c.vii", - "9.2.c.xii", - "11.5.4", - "11.6.2.c", - "12.2.2.a", - "12.2.2.b" - ], - "ProwlerThreatScore-1.0": [ - "1.1.1" - ], - "CIS-4.0": [ - "1.7" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900789, - "created_time_dt": "2025-10-19T19:06:29.756296", - "desc": "Ensure User-Managed/External Keys for Service Accounts Are Rotated Every 90 Days", - "title": "Ensure User-Managed/External Keys for Service Accounts Are Rotated Every 90 Days", - "types": [], - "uid": "prowler-gcp-iam_sa_user_managed_key_rotate_90_days-nodal-time-474015-p5-global-test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "email": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "display_name": "CCC Test User: test-user-trusted", - "keys": [ - { - "name": "2be636359d12f2e126e0d77f6dfaa3ba883c97c6", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-12T13:15:46", - "valid_before": "2025-10-29T13:15:46" - }, - { - "name": "b42bff156412b21c8615812a79d72ba55d6bafb4", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:44", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "24a51f6716e116e4b0c095d727d4a101242b82a2", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "a9ef76bd9a4bf65183c4eca79577351caf8a8b9c", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:47", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "3ec34a6521569dd67684f27f37d1d6ab56db09dc", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:43", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c450c6187eeddc932b29ffd3d0f3e675bf53af62", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:45", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "da1ab7a5db1c4c450463dd8897ce39f496b0ad66", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "f69cf03d448314cf03036f08165420dfe98b3992", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:50", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "ce51dbe0ea021fb2e8124f86d8842546246040c1", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:51", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "9fb92292efcb6cf783f5b7ef3bc67a293bea8a33", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:52", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c0604742fabec0b925df21e0606a25c9e007f571", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:38:22", - "valid_before": "9999-12-31T23:59:59" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "101453138596815216260" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "type": "ServiceAccountKey", - "uid": "24a51f6716e116e4b0c095d727d4a101242b82a2" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended that all Service Account keys are regularly rotated.", - "references": [ - "https://cloud.google.com/iam/docs/creating-managing-service-account-keys" - ] - }, - "risk_details": "Service Account keys should be rotated to ensure that data cannot be accessed with an old key that might have been lost, cracked, or stolen.", - "time": 1760900789, - "time_dt": "2025-10-19T19:06:29.756296", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User-managed key a9ef76bd9a4bf65183c4eca79577351caf8a8b9c for account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was rotated over the last 90 days (6 days ago).", - "metadata": { - "event_code": "iam_sa_user_managed_key_rotate_90_days", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "PASS", - "status_detail": "User-managed key a9ef76bd9a4bf65183c4eca79577351caf8a8b9c for account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was rotated over the last 90 days (6 days ago).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.7" - ], - "ISO27001-2022": [ - "A.5.16" - ], - "ENS-RD2022": [ - "op.acc.6.r1.gcp.ip.1" - ], - "PCI-4.0": [ - "3.7.5.2", - "7.2.5.1.2", - "8.3.10.1.1", - "8.3.5.1", - "8.3.7.1", - "8.3.9.1", - "8.6.3.1" - ], - "MITRE-ATTACK": [ - "T1078", - "T1098" - ], - "CIS-2.0": [ - "1.7" - ], - "NIS2": [ - "9.2.c", - "9.2.c.i", - "9.2.c.ii", - "9.2.c.v", - "9.2.c.vi", - "9.2.c.vii", - "9.2.c.xii", - "11.5.4", - "11.6.2.c", - "12.2.2.a", - "12.2.2.b" - ], - "ProwlerThreatScore-1.0": [ - "1.1.1" - ], - "CIS-4.0": [ - "1.7" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900789, - "created_time_dt": "2025-10-19T19:06:29.756296", - "desc": "Ensure User-Managed/External Keys for Service Accounts Are Rotated Every 90 Days", - "title": "Ensure User-Managed/External Keys for Service Accounts Are Rotated Every 90 Days", - "types": [], - "uid": "prowler-gcp-iam_sa_user_managed_key_rotate_90_days-nodal-time-474015-p5-global-test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "email": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "display_name": "CCC Test User: test-user-trusted", - "keys": [ - { - "name": "2be636359d12f2e126e0d77f6dfaa3ba883c97c6", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-12T13:15:46", - "valid_before": "2025-10-29T13:15:46" - }, - { - "name": "b42bff156412b21c8615812a79d72ba55d6bafb4", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:44", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "24a51f6716e116e4b0c095d727d4a101242b82a2", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "a9ef76bd9a4bf65183c4eca79577351caf8a8b9c", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:47", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "3ec34a6521569dd67684f27f37d1d6ab56db09dc", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:43", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c450c6187eeddc932b29ffd3d0f3e675bf53af62", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:45", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "da1ab7a5db1c4c450463dd8897ce39f496b0ad66", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "f69cf03d448314cf03036f08165420dfe98b3992", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:50", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "ce51dbe0ea021fb2e8124f86d8842546246040c1", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:51", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "9fb92292efcb6cf783f5b7ef3bc67a293bea8a33", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:52", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c0604742fabec0b925df21e0606a25c9e007f571", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:38:22", - "valid_before": "9999-12-31T23:59:59" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "101453138596815216260" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "type": "ServiceAccountKey", - "uid": "a9ef76bd9a4bf65183c4eca79577351caf8a8b9c" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended that all Service Account keys are regularly rotated.", - "references": [ - "https://cloud.google.com/iam/docs/creating-managing-service-account-keys" - ] - }, - "risk_details": "Service Account keys should be rotated to ensure that data cannot be accessed with an old key that might have been lost, cracked, or stolen.", - "time": 1760900789, - "time_dt": "2025-10-19T19:06:29.756296", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User-managed key 3ec34a6521569dd67684f27f37d1d6ab56db09dc for account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was rotated over the last 90 days (4 days ago).", - "metadata": { - "event_code": "iam_sa_user_managed_key_rotate_90_days", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "PASS", - "status_detail": "User-managed key 3ec34a6521569dd67684f27f37d1d6ab56db09dc for account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was rotated over the last 90 days (4 days ago).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.7" - ], - "ISO27001-2022": [ - "A.5.16" - ], - "ENS-RD2022": [ - "op.acc.6.r1.gcp.ip.1" - ], - "PCI-4.0": [ - "3.7.5.2", - "7.2.5.1.2", - "8.3.10.1.1", - "8.3.5.1", - "8.3.7.1", - "8.3.9.1", - "8.6.3.1" - ], - "MITRE-ATTACK": [ - "T1078", - "T1098" - ], - "CIS-2.0": [ - "1.7" - ], - "NIS2": [ - "9.2.c", - "9.2.c.i", - "9.2.c.ii", - "9.2.c.v", - "9.2.c.vi", - "9.2.c.vii", - "9.2.c.xii", - "11.5.4", - "11.6.2.c", - "12.2.2.a", - "12.2.2.b" - ], - "ProwlerThreatScore-1.0": [ - "1.1.1" - ], - "CIS-4.0": [ - "1.7" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900789, - "created_time_dt": "2025-10-19T19:06:29.756296", - "desc": "Ensure User-Managed/External Keys for Service Accounts Are Rotated Every 90 Days", - "title": "Ensure User-Managed/External Keys for Service Accounts Are Rotated Every 90 Days", - "types": [], - "uid": "prowler-gcp-iam_sa_user_managed_key_rotate_90_days-nodal-time-474015-p5-global-test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "email": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "display_name": "CCC Test User: test-user-trusted", - "keys": [ - { - "name": "2be636359d12f2e126e0d77f6dfaa3ba883c97c6", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-12T13:15:46", - "valid_before": "2025-10-29T13:15:46" - }, - { - "name": "b42bff156412b21c8615812a79d72ba55d6bafb4", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:44", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "24a51f6716e116e4b0c095d727d4a101242b82a2", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "a9ef76bd9a4bf65183c4eca79577351caf8a8b9c", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:47", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "3ec34a6521569dd67684f27f37d1d6ab56db09dc", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:43", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c450c6187eeddc932b29ffd3d0f3e675bf53af62", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:45", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "da1ab7a5db1c4c450463dd8897ce39f496b0ad66", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "f69cf03d448314cf03036f08165420dfe98b3992", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:50", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "ce51dbe0ea021fb2e8124f86d8842546246040c1", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:51", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "9fb92292efcb6cf783f5b7ef3bc67a293bea8a33", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:52", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c0604742fabec0b925df21e0606a25c9e007f571", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:38:22", - "valid_before": "9999-12-31T23:59:59" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "101453138596815216260" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "type": "ServiceAccountKey", - "uid": "3ec34a6521569dd67684f27f37d1d6ab56db09dc" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended that all Service Account keys are regularly rotated.", - "references": [ - "https://cloud.google.com/iam/docs/creating-managing-service-account-keys" - ] - }, - "risk_details": "Service Account keys should be rotated to ensure that data cannot be accessed with an old key that might have been lost, cracked, or stolen.", - "time": 1760900789, - "time_dt": "2025-10-19T19:06:29.756296", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User-managed key c450c6187eeddc932b29ffd3d0f3e675bf53af62 for account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was rotated over the last 90 days (4 days ago).", - "metadata": { - "event_code": "iam_sa_user_managed_key_rotate_90_days", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "PASS", - "status_detail": "User-managed key c450c6187eeddc932b29ffd3d0f3e675bf53af62 for account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was rotated over the last 90 days (4 days ago).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.7" - ], - "ISO27001-2022": [ - "A.5.16" - ], - "ENS-RD2022": [ - "op.acc.6.r1.gcp.ip.1" - ], - "PCI-4.0": [ - "3.7.5.2", - "7.2.5.1.2", - "8.3.10.1.1", - "8.3.5.1", - "8.3.7.1", - "8.3.9.1", - "8.6.3.1" - ], - "MITRE-ATTACK": [ - "T1078", - "T1098" - ], - "CIS-2.0": [ - "1.7" - ], - "NIS2": [ - "9.2.c", - "9.2.c.i", - "9.2.c.ii", - "9.2.c.v", - "9.2.c.vi", - "9.2.c.vii", - "9.2.c.xii", - "11.5.4", - "11.6.2.c", - "12.2.2.a", - "12.2.2.b" - ], - "ProwlerThreatScore-1.0": [ - "1.1.1" - ], - "CIS-4.0": [ - "1.7" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900789, - "created_time_dt": "2025-10-19T19:06:29.756296", - "desc": "Ensure User-Managed/External Keys for Service Accounts Are Rotated Every 90 Days", - "title": "Ensure User-Managed/External Keys for Service Accounts Are Rotated Every 90 Days", - "types": [], - "uid": "prowler-gcp-iam_sa_user_managed_key_rotate_90_days-nodal-time-474015-p5-global-test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "email": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "display_name": "CCC Test User: test-user-trusted", - "keys": [ - { - "name": "2be636359d12f2e126e0d77f6dfaa3ba883c97c6", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-12T13:15:46", - "valid_before": "2025-10-29T13:15:46" - }, - { - "name": "b42bff156412b21c8615812a79d72ba55d6bafb4", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:44", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "24a51f6716e116e4b0c095d727d4a101242b82a2", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "a9ef76bd9a4bf65183c4eca79577351caf8a8b9c", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:47", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "3ec34a6521569dd67684f27f37d1d6ab56db09dc", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:43", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c450c6187eeddc932b29ffd3d0f3e675bf53af62", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:45", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "da1ab7a5db1c4c450463dd8897ce39f496b0ad66", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "f69cf03d448314cf03036f08165420dfe98b3992", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:50", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "ce51dbe0ea021fb2e8124f86d8842546246040c1", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:51", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "9fb92292efcb6cf783f5b7ef3bc67a293bea8a33", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:52", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c0604742fabec0b925df21e0606a25c9e007f571", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:38:22", - "valid_before": "9999-12-31T23:59:59" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "101453138596815216260" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "type": "ServiceAccountKey", - "uid": "c450c6187eeddc932b29ffd3d0f3e675bf53af62" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended that all Service Account keys are regularly rotated.", - "references": [ - "https://cloud.google.com/iam/docs/creating-managing-service-account-keys" - ] - }, - "risk_details": "Service Account keys should be rotated to ensure that data cannot be accessed with an old key that might have been lost, cracked, or stolen.", - "time": 1760900789, - "time_dt": "2025-10-19T19:06:29.756296", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User-managed key da1ab7a5db1c4c450463dd8897ce39f496b0ad66 for account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was rotated over the last 90 days (4 days ago).", - "metadata": { - "event_code": "iam_sa_user_managed_key_rotate_90_days", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "PASS", - "status_detail": "User-managed key da1ab7a5db1c4c450463dd8897ce39f496b0ad66 for account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was rotated over the last 90 days (4 days ago).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.7" - ], - "ISO27001-2022": [ - "A.5.16" - ], - "ENS-RD2022": [ - "op.acc.6.r1.gcp.ip.1" - ], - "PCI-4.0": [ - "3.7.5.2", - "7.2.5.1.2", - "8.3.10.1.1", - "8.3.5.1", - "8.3.7.1", - "8.3.9.1", - "8.6.3.1" - ], - "MITRE-ATTACK": [ - "T1078", - "T1098" - ], - "CIS-2.0": [ - "1.7" - ], - "NIS2": [ - "9.2.c", - "9.2.c.i", - "9.2.c.ii", - "9.2.c.v", - "9.2.c.vi", - "9.2.c.vii", - "9.2.c.xii", - "11.5.4", - "11.6.2.c", - "12.2.2.a", - "12.2.2.b" - ], - "ProwlerThreatScore-1.0": [ - "1.1.1" - ], - "CIS-4.0": [ - "1.7" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900789, - "created_time_dt": "2025-10-19T19:06:29.756296", - "desc": "Ensure User-Managed/External Keys for Service Accounts Are Rotated Every 90 Days", - "title": "Ensure User-Managed/External Keys for Service Accounts Are Rotated Every 90 Days", - "types": [], - "uid": "prowler-gcp-iam_sa_user_managed_key_rotate_90_days-nodal-time-474015-p5-global-test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "email": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "display_name": "CCC Test User: test-user-trusted", - "keys": [ - { - "name": "2be636359d12f2e126e0d77f6dfaa3ba883c97c6", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-12T13:15:46", - "valid_before": "2025-10-29T13:15:46" - }, - { - "name": "b42bff156412b21c8615812a79d72ba55d6bafb4", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:44", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "24a51f6716e116e4b0c095d727d4a101242b82a2", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "a9ef76bd9a4bf65183c4eca79577351caf8a8b9c", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:47", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "3ec34a6521569dd67684f27f37d1d6ab56db09dc", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:43", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c450c6187eeddc932b29ffd3d0f3e675bf53af62", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:45", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "da1ab7a5db1c4c450463dd8897ce39f496b0ad66", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "f69cf03d448314cf03036f08165420dfe98b3992", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:50", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "ce51dbe0ea021fb2e8124f86d8842546246040c1", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:51", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "9fb92292efcb6cf783f5b7ef3bc67a293bea8a33", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:52", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c0604742fabec0b925df21e0606a25c9e007f571", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:38:22", - "valid_before": "9999-12-31T23:59:59" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "101453138596815216260" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "type": "ServiceAccountKey", - "uid": "da1ab7a5db1c4c450463dd8897ce39f496b0ad66" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended that all Service Account keys are regularly rotated.", - "references": [ - "https://cloud.google.com/iam/docs/creating-managing-service-account-keys" - ] - }, - "risk_details": "Service Account keys should be rotated to ensure that data cannot be accessed with an old key that might have been lost, cracked, or stolen.", - "time": 1760900789, - "time_dt": "2025-10-19T19:06:29.756296", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User-managed key f69cf03d448314cf03036f08165420dfe98b3992 for account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was rotated over the last 90 days (4 days ago).", - "metadata": { - "event_code": "iam_sa_user_managed_key_rotate_90_days", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "PASS", - "status_detail": "User-managed key f69cf03d448314cf03036f08165420dfe98b3992 for account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was rotated over the last 90 days (4 days ago).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.7" - ], - "ISO27001-2022": [ - "A.5.16" - ], - "ENS-RD2022": [ - "op.acc.6.r1.gcp.ip.1" - ], - "PCI-4.0": [ - "3.7.5.2", - "7.2.5.1.2", - "8.3.10.1.1", - "8.3.5.1", - "8.3.7.1", - "8.3.9.1", - "8.6.3.1" - ], - "MITRE-ATTACK": [ - "T1078", - "T1098" - ], - "CIS-2.0": [ - "1.7" - ], - "NIS2": [ - "9.2.c", - "9.2.c.i", - "9.2.c.ii", - "9.2.c.v", - "9.2.c.vi", - "9.2.c.vii", - "9.2.c.xii", - "11.5.4", - "11.6.2.c", - "12.2.2.a", - "12.2.2.b" - ], - "ProwlerThreatScore-1.0": [ - "1.1.1" - ], - "CIS-4.0": [ - "1.7" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900789, - "created_time_dt": "2025-10-19T19:06:29.756296", - "desc": "Ensure User-Managed/External Keys for Service Accounts Are Rotated Every 90 Days", - "title": "Ensure User-Managed/External Keys for Service Accounts Are Rotated Every 90 Days", - "types": [], - "uid": "prowler-gcp-iam_sa_user_managed_key_rotate_90_days-nodal-time-474015-p5-global-test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "email": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "display_name": "CCC Test User: test-user-trusted", - "keys": [ - { - "name": "2be636359d12f2e126e0d77f6dfaa3ba883c97c6", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-12T13:15:46", - "valid_before": "2025-10-29T13:15:46" - }, - { - "name": "b42bff156412b21c8615812a79d72ba55d6bafb4", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:44", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "24a51f6716e116e4b0c095d727d4a101242b82a2", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "a9ef76bd9a4bf65183c4eca79577351caf8a8b9c", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:47", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "3ec34a6521569dd67684f27f37d1d6ab56db09dc", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:43", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c450c6187eeddc932b29ffd3d0f3e675bf53af62", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:45", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "da1ab7a5db1c4c450463dd8897ce39f496b0ad66", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "f69cf03d448314cf03036f08165420dfe98b3992", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:50", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "ce51dbe0ea021fb2e8124f86d8842546246040c1", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:51", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "9fb92292efcb6cf783f5b7ef3bc67a293bea8a33", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:52", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c0604742fabec0b925df21e0606a25c9e007f571", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:38:22", - "valid_before": "9999-12-31T23:59:59" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "101453138596815216260" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "type": "ServiceAccountKey", - "uid": "f69cf03d448314cf03036f08165420dfe98b3992" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended that all Service Account keys are regularly rotated.", - "references": [ - "https://cloud.google.com/iam/docs/creating-managing-service-account-keys" - ] - }, - "risk_details": "Service Account keys should be rotated to ensure that data cannot be accessed with an old key that might have been lost, cracked, or stolen.", - "time": 1760900789, - "time_dt": "2025-10-19T19:06:29.756296", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User-managed key ce51dbe0ea021fb2e8124f86d8842546246040c1 for account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was rotated over the last 90 days (4 days ago).", - "metadata": { - "event_code": "iam_sa_user_managed_key_rotate_90_days", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "PASS", - "status_detail": "User-managed key ce51dbe0ea021fb2e8124f86d8842546246040c1 for account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was rotated over the last 90 days (4 days ago).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.7" - ], - "ISO27001-2022": [ - "A.5.16" - ], - "ENS-RD2022": [ - "op.acc.6.r1.gcp.ip.1" - ], - "PCI-4.0": [ - "3.7.5.2", - "7.2.5.1.2", - "8.3.10.1.1", - "8.3.5.1", - "8.3.7.1", - "8.3.9.1", - "8.6.3.1" - ], - "MITRE-ATTACK": [ - "T1078", - "T1098" - ], - "CIS-2.0": [ - "1.7" - ], - "NIS2": [ - "9.2.c", - "9.2.c.i", - "9.2.c.ii", - "9.2.c.v", - "9.2.c.vi", - "9.2.c.vii", - "9.2.c.xii", - "11.5.4", - "11.6.2.c", - "12.2.2.a", - "12.2.2.b" - ], - "ProwlerThreatScore-1.0": [ - "1.1.1" - ], - "CIS-4.0": [ - "1.7" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900789, - "created_time_dt": "2025-10-19T19:06:29.756296", - "desc": "Ensure User-Managed/External Keys for Service Accounts Are Rotated Every 90 Days", - "title": "Ensure User-Managed/External Keys for Service Accounts Are Rotated Every 90 Days", - "types": [], - "uid": "prowler-gcp-iam_sa_user_managed_key_rotate_90_days-nodal-time-474015-p5-global-test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "email": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "display_name": "CCC Test User: test-user-trusted", - "keys": [ - { - "name": "2be636359d12f2e126e0d77f6dfaa3ba883c97c6", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-12T13:15:46", - "valid_before": "2025-10-29T13:15:46" - }, - { - "name": "b42bff156412b21c8615812a79d72ba55d6bafb4", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:44", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "24a51f6716e116e4b0c095d727d4a101242b82a2", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "a9ef76bd9a4bf65183c4eca79577351caf8a8b9c", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:47", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "3ec34a6521569dd67684f27f37d1d6ab56db09dc", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:43", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c450c6187eeddc932b29ffd3d0f3e675bf53af62", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:45", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "da1ab7a5db1c4c450463dd8897ce39f496b0ad66", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "f69cf03d448314cf03036f08165420dfe98b3992", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:50", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "ce51dbe0ea021fb2e8124f86d8842546246040c1", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:51", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "9fb92292efcb6cf783f5b7ef3bc67a293bea8a33", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:52", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c0604742fabec0b925df21e0606a25c9e007f571", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:38:22", - "valid_before": "9999-12-31T23:59:59" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "101453138596815216260" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "type": "ServiceAccountKey", - "uid": "ce51dbe0ea021fb2e8124f86d8842546246040c1" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended that all Service Account keys are regularly rotated.", - "references": [ - "https://cloud.google.com/iam/docs/creating-managing-service-account-keys" - ] - }, - "risk_details": "Service Account keys should be rotated to ensure that data cannot be accessed with an old key that might have been lost, cracked, or stolen.", - "time": 1760900789, - "time_dt": "2025-10-19T19:06:29.756296", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User-managed key 9fb92292efcb6cf783f5b7ef3bc67a293bea8a33 for account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was rotated over the last 90 days (4 days ago).", - "metadata": { - "event_code": "iam_sa_user_managed_key_rotate_90_days", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "PASS", - "status_detail": "User-managed key 9fb92292efcb6cf783f5b7ef3bc67a293bea8a33 for account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was rotated over the last 90 days (4 days ago).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.7" - ], - "ISO27001-2022": [ - "A.5.16" - ], - "ENS-RD2022": [ - "op.acc.6.r1.gcp.ip.1" - ], - "PCI-4.0": [ - "3.7.5.2", - "7.2.5.1.2", - "8.3.10.1.1", - "8.3.5.1", - "8.3.7.1", - "8.3.9.1", - "8.6.3.1" - ], - "MITRE-ATTACK": [ - "T1078", - "T1098" - ], - "CIS-2.0": [ - "1.7" - ], - "NIS2": [ - "9.2.c", - "9.2.c.i", - "9.2.c.ii", - "9.2.c.v", - "9.2.c.vi", - "9.2.c.vii", - "9.2.c.xii", - "11.5.4", - "11.6.2.c", - "12.2.2.a", - "12.2.2.b" - ], - "ProwlerThreatScore-1.0": [ - "1.1.1" - ], - "CIS-4.0": [ - "1.7" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900789, - "created_time_dt": "2025-10-19T19:06:29.756296", - "desc": "Ensure User-Managed/External Keys for Service Accounts Are Rotated Every 90 Days", - "title": "Ensure User-Managed/External Keys for Service Accounts Are Rotated Every 90 Days", - "types": [], - "uid": "prowler-gcp-iam_sa_user_managed_key_rotate_90_days-nodal-time-474015-p5-global-test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "email": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "display_name": "CCC Test User: test-user-trusted", - "keys": [ - { - "name": "2be636359d12f2e126e0d77f6dfaa3ba883c97c6", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-12T13:15:46", - "valid_before": "2025-10-29T13:15:46" - }, - { - "name": "b42bff156412b21c8615812a79d72ba55d6bafb4", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:44", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "24a51f6716e116e4b0c095d727d4a101242b82a2", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "a9ef76bd9a4bf65183c4eca79577351caf8a8b9c", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:47", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "3ec34a6521569dd67684f27f37d1d6ab56db09dc", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:43", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c450c6187eeddc932b29ffd3d0f3e675bf53af62", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:45", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "da1ab7a5db1c4c450463dd8897ce39f496b0ad66", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "f69cf03d448314cf03036f08165420dfe98b3992", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:50", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "ce51dbe0ea021fb2e8124f86d8842546246040c1", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:51", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "9fb92292efcb6cf783f5b7ef3bc67a293bea8a33", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:52", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c0604742fabec0b925df21e0606a25c9e007f571", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:38:22", - "valid_before": "9999-12-31T23:59:59" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "101453138596815216260" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "type": "ServiceAccountKey", - "uid": "9fb92292efcb6cf783f5b7ef3bc67a293bea8a33" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended that all Service Account keys are regularly rotated.", - "references": [ - "https://cloud.google.com/iam/docs/creating-managing-service-account-keys" - ] - }, - "risk_details": "Service Account keys should be rotated to ensure that data cannot be accessed with an old key that might have been lost, cracked, or stolen.", - "time": 1760900789, - "time_dt": "2025-10-19T19:06:29.756296", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User-managed key c0604742fabec0b925df21e0606a25c9e007f571 for account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was rotated over the last 90 days (4 days ago).", - "metadata": { - "event_code": "iam_sa_user_managed_key_rotate_90_days", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "PASS", - "status_detail": "User-managed key c0604742fabec0b925df21e0606a25c9e007f571 for account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was rotated over the last 90 days (4 days ago).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.7" - ], - "ISO27001-2022": [ - "A.5.16" - ], - "ENS-RD2022": [ - "op.acc.6.r1.gcp.ip.1" - ], - "PCI-4.0": [ - "3.7.5.2", - "7.2.5.1.2", - "8.3.10.1.1", - "8.3.5.1", - "8.3.7.1", - "8.3.9.1", - "8.6.3.1" - ], - "MITRE-ATTACK": [ - "T1078", - "T1098" - ], - "CIS-2.0": [ - "1.7" - ], - "NIS2": [ - "9.2.c", - "9.2.c.i", - "9.2.c.ii", - "9.2.c.v", - "9.2.c.vi", - "9.2.c.vii", - "9.2.c.xii", - "11.5.4", - "11.6.2.c", - "12.2.2.a", - "12.2.2.b" - ], - "ProwlerThreatScore-1.0": [ - "1.1.1" - ], - "CIS-4.0": [ - "1.7" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900789, - "created_time_dt": "2025-10-19T19:06:29.756296", - "desc": "Ensure User-Managed/External Keys for Service Accounts Are Rotated Every 90 Days", - "title": "Ensure User-Managed/External Keys for Service Accounts Are Rotated Every 90 Days", - "types": [], - "uid": "prowler-gcp-iam_sa_user_managed_key_rotate_90_days-nodal-time-474015-p5-global-test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "email": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "display_name": "CCC Test User: test-user-trusted", - "keys": [ - { - "name": "2be636359d12f2e126e0d77f6dfaa3ba883c97c6", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-12T13:15:46", - "valid_before": "2025-10-29T13:15:46" - }, - { - "name": "b42bff156412b21c8615812a79d72ba55d6bafb4", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:44", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "24a51f6716e116e4b0c095d727d4a101242b82a2", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "a9ef76bd9a4bf65183c4eca79577351caf8a8b9c", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:47", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "3ec34a6521569dd67684f27f37d1d6ab56db09dc", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:43", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c450c6187eeddc932b29ffd3d0f3e675bf53af62", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:45", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "da1ab7a5db1c4c450463dd8897ce39f496b0ad66", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "f69cf03d448314cf03036f08165420dfe98b3992", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:50", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "ce51dbe0ea021fb2e8124f86d8842546246040c1", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:51", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "9fb92292efcb6cf783f5b7ef3bc67a293bea8a33", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:52", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c0604742fabec0b925df21e0606a25c9e007f571", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:38:22", - "valid_before": "9999-12-31T23:59:59" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "101453138596815216260" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "type": "ServiceAccountKey", - "uid": "c0604742fabec0b925df21e0606a25c9e007f571" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended that all Service Account keys are regularly rotated.", - "references": [ - "https://cloud.google.com/iam/docs/creating-managing-service-account-keys" - ] - }, - "risk_details": "Service Account keys should be rotated to ensure that data cannot be accessed with an old key that might have been lost, cracked, or stolen.", - "time": 1760900789, - "time_dt": "2025-10-19T19:06:29.756296", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User-managed key b42bff156412b21c8615812a79d72ba55d6bafb4 for Service Account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was not used over the last 180 days.", - "metadata": { - "event_code": "iam_sa_user_managed_key_unused", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "User-managed key b42bff156412b21c8615812a79d72ba55d6bafb4 for Service Account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was not used over the last 180 days.", - "status_id": 1, - "unmapped": { - "related_url": "https://cloud.google.com/iam/docs/service-account-overview#identify-unused", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_1_3", - "cc_6_3" - ], - "MITRE-ATTACK": [ - "T1078" - ], - "NIS2": [ - "6.2.2.b", - "9.2.c", - "9.2.c.i", - "9.2.c.vii", - "9.2.c.xii", - "11.5.4" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900789, - "created_time_dt": "2025-10-19T19:06:29.756296", - "desc": "Ensure That There Are No Unused Service Account Keys for Each Service Account.", - "title": "Ensure That There Are No Unused Service Account Keys for Each Service Account", - "types": [], - "uid": "prowler-gcp-iam_sa_user_managed_key_unused-nodal-time-474015-p5-global-test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "email": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "display_name": "CCC Test User: test-user-trusted", - "keys": [ - { - "name": "2be636359d12f2e126e0d77f6dfaa3ba883c97c6", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-12T13:15:46", - "valid_before": "2025-10-29T13:15:46" - }, - { - "name": "b42bff156412b21c8615812a79d72ba55d6bafb4", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:44", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "24a51f6716e116e4b0c095d727d4a101242b82a2", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "a9ef76bd9a4bf65183c4eca79577351caf8a8b9c", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:47", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "3ec34a6521569dd67684f27f37d1d6ab56db09dc", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:43", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c450c6187eeddc932b29ffd3d0f3e675bf53af62", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:45", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "da1ab7a5db1c4c450463dd8897ce39f496b0ad66", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "f69cf03d448314cf03036f08165420dfe98b3992", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:50", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "ce51dbe0ea021fb2e8124f86d8842546246040c1", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:51", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "9fb92292efcb6cf783f5b7ef3bc67a293bea8a33", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:52", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c0604742fabec0b925df21e0606a25c9e007f571", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:38:22", - "valid_before": "9999-12-31T23:59:59" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "101453138596815216260" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "type": "ServiceAccountKey", - "uid": "b42bff156412b21c8615812a79d72ba55d6bafb4" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended to prevent user-managed service account keys.", - "references": [ - "https://cloud.google.com/iam/docs/creating-managing-service-account-keys" - ] - }, - "risk_details": "Anyone who has access to the keys will be able to access resources through the service account. GCP-managed keys are used by Cloud Platform services such as App Engine and Compute Engine. These keys cannot be downloaded. Google will keep the keys and automatically rotate them on an approximately weekly basis. User-managed keys are created, downloadable, and managed by users.", - "time": 1760900789, - "time_dt": "2025-10-19T19:06:29.756296", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User-managed key 24a51f6716e116e4b0c095d727d4a101242b82a2 for Service Account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was not used over the last 180 days.", - "metadata": { - "event_code": "iam_sa_user_managed_key_unused", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "User-managed key 24a51f6716e116e4b0c095d727d4a101242b82a2 for Service Account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was not used over the last 180 days.", - "status_id": 1, - "unmapped": { - "related_url": "https://cloud.google.com/iam/docs/service-account-overview#identify-unused", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_1_3", - "cc_6_3" - ], - "MITRE-ATTACK": [ - "T1078" - ], - "NIS2": [ - "6.2.2.b", - "9.2.c", - "9.2.c.i", - "9.2.c.vii", - "9.2.c.xii", - "11.5.4" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900789, - "created_time_dt": "2025-10-19T19:06:29.756296", - "desc": "Ensure That There Are No Unused Service Account Keys for Each Service Account.", - "title": "Ensure That There Are No Unused Service Account Keys for Each Service Account", - "types": [], - "uid": "prowler-gcp-iam_sa_user_managed_key_unused-nodal-time-474015-p5-global-test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "email": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "display_name": "CCC Test User: test-user-trusted", - "keys": [ - { - "name": "2be636359d12f2e126e0d77f6dfaa3ba883c97c6", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-12T13:15:46", - "valid_before": "2025-10-29T13:15:46" - }, - { - "name": "b42bff156412b21c8615812a79d72ba55d6bafb4", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:44", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "24a51f6716e116e4b0c095d727d4a101242b82a2", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "a9ef76bd9a4bf65183c4eca79577351caf8a8b9c", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:47", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "3ec34a6521569dd67684f27f37d1d6ab56db09dc", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:43", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c450c6187eeddc932b29ffd3d0f3e675bf53af62", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:45", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "da1ab7a5db1c4c450463dd8897ce39f496b0ad66", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "f69cf03d448314cf03036f08165420dfe98b3992", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:50", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "ce51dbe0ea021fb2e8124f86d8842546246040c1", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:51", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "9fb92292efcb6cf783f5b7ef3bc67a293bea8a33", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:52", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c0604742fabec0b925df21e0606a25c9e007f571", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:38:22", - "valid_before": "9999-12-31T23:59:59" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "101453138596815216260" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "type": "ServiceAccountKey", - "uid": "24a51f6716e116e4b0c095d727d4a101242b82a2" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended to prevent user-managed service account keys.", - "references": [ - "https://cloud.google.com/iam/docs/creating-managing-service-account-keys" - ] - }, - "risk_details": "Anyone who has access to the keys will be able to access resources through the service account. GCP-managed keys are used by Cloud Platform services such as App Engine and Compute Engine. These keys cannot be downloaded. Google will keep the keys and automatically rotate them on an approximately weekly basis. User-managed keys are created, downloadable, and managed by users.", - "time": 1760900789, - "time_dt": "2025-10-19T19:06:29.756296", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User-managed key a9ef76bd9a4bf65183c4eca79577351caf8a8b9c for Service Account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was not used over the last 180 days.", - "metadata": { - "event_code": "iam_sa_user_managed_key_unused", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "User-managed key a9ef76bd9a4bf65183c4eca79577351caf8a8b9c for Service Account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was not used over the last 180 days.", - "status_id": 1, - "unmapped": { - "related_url": "https://cloud.google.com/iam/docs/service-account-overview#identify-unused", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_1_3", - "cc_6_3" - ], - "MITRE-ATTACK": [ - "T1078" - ], - "NIS2": [ - "6.2.2.b", - "9.2.c", - "9.2.c.i", - "9.2.c.vii", - "9.2.c.xii", - "11.5.4" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900789, - "created_time_dt": "2025-10-19T19:06:29.756296", - "desc": "Ensure That There Are No Unused Service Account Keys for Each Service Account.", - "title": "Ensure That There Are No Unused Service Account Keys for Each Service Account", - "types": [], - "uid": "prowler-gcp-iam_sa_user_managed_key_unused-nodal-time-474015-p5-global-test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "email": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "display_name": "CCC Test User: test-user-trusted", - "keys": [ - { - "name": "2be636359d12f2e126e0d77f6dfaa3ba883c97c6", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-12T13:15:46", - "valid_before": "2025-10-29T13:15:46" - }, - { - "name": "b42bff156412b21c8615812a79d72ba55d6bafb4", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:44", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "24a51f6716e116e4b0c095d727d4a101242b82a2", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "a9ef76bd9a4bf65183c4eca79577351caf8a8b9c", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:47", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "3ec34a6521569dd67684f27f37d1d6ab56db09dc", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:43", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c450c6187eeddc932b29ffd3d0f3e675bf53af62", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:45", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "da1ab7a5db1c4c450463dd8897ce39f496b0ad66", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "f69cf03d448314cf03036f08165420dfe98b3992", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:50", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "ce51dbe0ea021fb2e8124f86d8842546246040c1", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:51", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "9fb92292efcb6cf783f5b7ef3bc67a293bea8a33", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:52", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c0604742fabec0b925df21e0606a25c9e007f571", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:38:22", - "valid_before": "9999-12-31T23:59:59" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "101453138596815216260" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "type": "ServiceAccountKey", - "uid": "a9ef76bd9a4bf65183c4eca79577351caf8a8b9c" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended to prevent user-managed service account keys.", - "references": [ - "https://cloud.google.com/iam/docs/creating-managing-service-account-keys" - ] - }, - "risk_details": "Anyone who has access to the keys will be able to access resources through the service account. GCP-managed keys are used by Cloud Platform services such as App Engine and Compute Engine. These keys cannot be downloaded. Google will keep the keys and automatically rotate them on an approximately weekly basis. User-managed keys are created, downloadable, and managed by users.", - "time": 1760900789, - "time_dt": "2025-10-19T19:06:29.756296", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User-managed key 3ec34a6521569dd67684f27f37d1d6ab56db09dc for Service Account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was not used over the last 180 days.", - "metadata": { - "event_code": "iam_sa_user_managed_key_unused", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "User-managed key 3ec34a6521569dd67684f27f37d1d6ab56db09dc for Service Account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was not used over the last 180 days.", - "status_id": 1, - "unmapped": { - "related_url": "https://cloud.google.com/iam/docs/service-account-overview#identify-unused", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_1_3", - "cc_6_3" - ], - "MITRE-ATTACK": [ - "T1078" - ], - "NIS2": [ - "6.2.2.b", - "9.2.c", - "9.2.c.i", - "9.2.c.vii", - "9.2.c.xii", - "11.5.4" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900789, - "created_time_dt": "2025-10-19T19:06:29.756296", - "desc": "Ensure That There Are No Unused Service Account Keys for Each Service Account.", - "title": "Ensure That There Are No Unused Service Account Keys for Each Service Account", - "types": [], - "uid": "prowler-gcp-iam_sa_user_managed_key_unused-nodal-time-474015-p5-global-test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "email": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "display_name": "CCC Test User: test-user-trusted", - "keys": [ - { - "name": "2be636359d12f2e126e0d77f6dfaa3ba883c97c6", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-12T13:15:46", - "valid_before": "2025-10-29T13:15:46" - }, - { - "name": "b42bff156412b21c8615812a79d72ba55d6bafb4", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:44", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "24a51f6716e116e4b0c095d727d4a101242b82a2", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "a9ef76bd9a4bf65183c4eca79577351caf8a8b9c", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:47", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "3ec34a6521569dd67684f27f37d1d6ab56db09dc", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:43", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c450c6187eeddc932b29ffd3d0f3e675bf53af62", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:45", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "da1ab7a5db1c4c450463dd8897ce39f496b0ad66", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "f69cf03d448314cf03036f08165420dfe98b3992", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:50", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "ce51dbe0ea021fb2e8124f86d8842546246040c1", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:51", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "9fb92292efcb6cf783f5b7ef3bc67a293bea8a33", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:52", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c0604742fabec0b925df21e0606a25c9e007f571", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:38:22", - "valid_before": "9999-12-31T23:59:59" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "101453138596815216260" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "type": "ServiceAccountKey", - "uid": "3ec34a6521569dd67684f27f37d1d6ab56db09dc" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended to prevent user-managed service account keys.", - "references": [ - "https://cloud.google.com/iam/docs/creating-managing-service-account-keys" - ] - }, - "risk_details": "Anyone who has access to the keys will be able to access resources through the service account. GCP-managed keys are used by Cloud Platform services such as App Engine and Compute Engine. These keys cannot be downloaded. Google will keep the keys and automatically rotate them on an approximately weekly basis. User-managed keys are created, downloadable, and managed by users.", - "time": 1760900789, - "time_dt": "2025-10-19T19:06:29.756296", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User-managed key c450c6187eeddc932b29ffd3d0f3e675bf53af62 for Service Account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was not used over the last 180 days.", - "metadata": { - "event_code": "iam_sa_user_managed_key_unused", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "User-managed key c450c6187eeddc932b29ffd3d0f3e675bf53af62 for Service Account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was not used over the last 180 days.", - "status_id": 1, - "unmapped": { - "related_url": "https://cloud.google.com/iam/docs/service-account-overview#identify-unused", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_1_3", - "cc_6_3" - ], - "MITRE-ATTACK": [ - "T1078" - ], - "NIS2": [ - "6.2.2.b", - "9.2.c", - "9.2.c.i", - "9.2.c.vii", - "9.2.c.xii", - "11.5.4" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900789, - "created_time_dt": "2025-10-19T19:06:29.756296", - "desc": "Ensure That There Are No Unused Service Account Keys for Each Service Account.", - "title": "Ensure That There Are No Unused Service Account Keys for Each Service Account", - "types": [], - "uid": "prowler-gcp-iam_sa_user_managed_key_unused-nodal-time-474015-p5-global-test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "email": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "display_name": "CCC Test User: test-user-trusted", - "keys": [ - { - "name": "2be636359d12f2e126e0d77f6dfaa3ba883c97c6", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-12T13:15:46", - "valid_before": "2025-10-29T13:15:46" - }, - { - "name": "b42bff156412b21c8615812a79d72ba55d6bafb4", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:44", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "24a51f6716e116e4b0c095d727d4a101242b82a2", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "a9ef76bd9a4bf65183c4eca79577351caf8a8b9c", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:47", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "3ec34a6521569dd67684f27f37d1d6ab56db09dc", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:43", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c450c6187eeddc932b29ffd3d0f3e675bf53af62", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:45", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "da1ab7a5db1c4c450463dd8897ce39f496b0ad66", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "f69cf03d448314cf03036f08165420dfe98b3992", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:50", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "ce51dbe0ea021fb2e8124f86d8842546246040c1", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:51", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "9fb92292efcb6cf783f5b7ef3bc67a293bea8a33", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:52", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c0604742fabec0b925df21e0606a25c9e007f571", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:38:22", - "valid_before": "9999-12-31T23:59:59" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "101453138596815216260" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "type": "ServiceAccountKey", - "uid": "c450c6187eeddc932b29ffd3d0f3e675bf53af62" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended to prevent user-managed service account keys.", - "references": [ - "https://cloud.google.com/iam/docs/creating-managing-service-account-keys" - ] - }, - "risk_details": "Anyone who has access to the keys will be able to access resources through the service account. GCP-managed keys are used by Cloud Platform services such as App Engine and Compute Engine. These keys cannot be downloaded. Google will keep the keys and automatically rotate them on an approximately weekly basis. User-managed keys are created, downloadable, and managed by users.", - "time": 1760900789, - "time_dt": "2025-10-19T19:06:29.756296", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User-managed key da1ab7a5db1c4c450463dd8897ce39f496b0ad66 for Service Account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was not used over the last 180 days.", - "metadata": { - "event_code": "iam_sa_user_managed_key_unused", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "User-managed key da1ab7a5db1c4c450463dd8897ce39f496b0ad66 for Service Account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was not used over the last 180 days.", - "status_id": 1, - "unmapped": { - "related_url": "https://cloud.google.com/iam/docs/service-account-overview#identify-unused", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_1_3", - "cc_6_3" - ], - "MITRE-ATTACK": [ - "T1078" - ], - "NIS2": [ - "6.2.2.b", - "9.2.c", - "9.2.c.i", - "9.2.c.vii", - "9.2.c.xii", - "11.5.4" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900789, - "created_time_dt": "2025-10-19T19:06:29.756296", - "desc": "Ensure That There Are No Unused Service Account Keys for Each Service Account.", - "title": "Ensure That There Are No Unused Service Account Keys for Each Service Account", - "types": [], - "uid": "prowler-gcp-iam_sa_user_managed_key_unused-nodal-time-474015-p5-global-test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "email": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "display_name": "CCC Test User: test-user-trusted", - "keys": [ - { - "name": "2be636359d12f2e126e0d77f6dfaa3ba883c97c6", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-12T13:15:46", - "valid_before": "2025-10-29T13:15:46" - }, - { - "name": "b42bff156412b21c8615812a79d72ba55d6bafb4", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:44", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "24a51f6716e116e4b0c095d727d4a101242b82a2", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "a9ef76bd9a4bf65183c4eca79577351caf8a8b9c", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:47", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "3ec34a6521569dd67684f27f37d1d6ab56db09dc", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:43", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c450c6187eeddc932b29ffd3d0f3e675bf53af62", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:45", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "da1ab7a5db1c4c450463dd8897ce39f496b0ad66", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "f69cf03d448314cf03036f08165420dfe98b3992", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:50", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "ce51dbe0ea021fb2e8124f86d8842546246040c1", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:51", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "9fb92292efcb6cf783f5b7ef3bc67a293bea8a33", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:52", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c0604742fabec0b925df21e0606a25c9e007f571", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:38:22", - "valid_before": "9999-12-31T23:59:59" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "101453138596815216260" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "type": "ServiceAccountKey", - "uid": "da1ab7a5db1c4c450463dd8897ce39f496b0ad66" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended to prevent user-managed service account keys.", - "references": [ - "https://cloud.google.com/iam/docs/creating-managing-service-account-keys" - ] - }, - "risk_details": "Anyone who has access to the keys will be able to access resources through the service account. GCP-managed keys are used by Cloud Platform services such as App Engine and Compute Engine. These keys cannot be downloaded. Google will keep the keys and automatically rotate them on an approximately weekly basis. User-managed keys are created, downloadable, and managed by users.", - "time": 1760900789, - "time_dt": "2025-10-19T19:06:29.756296", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User-managed key f69cf03d448314cf03036f08165420dfe98b3992 for Service Account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was not used over the last 180 days.", - "metadata": { - "event_code": "iam_sa_user_managed_key_unused", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "User-managed key f69cf03d448314cf03036f08165420dfe98b3992 for Service Account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was not used over the last 180 days.", - "status_id": 1, - "unmapped": { - "related_url": "https://cloud.google.com/iam/docs/service-account-overview#identify-unused", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_1_3", - "cc_6_3" - ], - "MITRE-ATTACK": [ - "T1078" - ], - "NIS2": [ - "6.2.2.b", - "9.2.c", - "9.2.c.i", - "9.2.c.vii", - "9.2.c.xii", - "11.5.4" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900789, - "created_time_dt": "2025-10-19T19:06:29.756296", - "desc": "Ensure That There Are No Unused Service Account Keys for Each Service Account.", - "title": "Ensure That There Are No Unused Service Account Keys for Each Service Account", - "types": [], - "uid": "prowler-gcp-iam_sa_user_managed_key_unused-nodal-time-474015-p5-global-test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "email": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "display_name": "CCC Test User: test-user-trusted", - "keys": [ - { - "name": "2be636359d12f2e126e0d77f6dfaa3ba883c97c6", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-12T13:15:46", - "valid_before": "2025-10-29T13:15:46" - }, - { - "name": "b42bff156412b21c8615812a79d72ba55d6bafb4", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:44", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "24a51f6716e116e4b0c095d727d4a101242b82a2", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "a9ef76bd9a4bf65183c4eca79577351caf8a8b9c", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:47", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "3ec34a6521569dd67684f27f37d1d6ab56db09dc", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:43", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c450c6187eeddc932b29ffd3d0f3e675bf53af62", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:45", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "da1ab7a5db1c4c450463dd8897ce39f496b0ad66", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "f69cf03d448314cf03036f08165420dfe98b3992", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:50", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "ce51dbe0ea021fb2e8124f86d8842546246040c1", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:51", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "9fb92292efcb6cf783f5b7ef3bc67a293bea8a33", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:52", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c0604742fabec0b925df21e0606a25c9e007f571", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:38:22", - "valid_before": "9999-12-31T23:59:59" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "101453138596815216260" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "type": "ServiceAccountKey", - "uid": "f69cf03d448314cf03036f08165420dfe98b3992" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended to prevent user-managed service account keys.", - "references": [ - "https://cloud.google.com/iam/docs/creating-managing-service-account-keys" - ] - }, - "risk_details": "Anyone who has access to the keys will be able to access resources through the service account. GCP-managed keys are used by Cloud Platform services such as App Engine and Compute Engine. These keys cannot be downloaded. Google will keep the keys and automatically rotate them on an approximately weekly basis. User-managed keys are created, downloadable, and managed by users.", - "time": 1760900789, - "time_dt": "2025-10-19T19:06:29.756296", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User-managed key ce51dbe0ea021fb2e8124f86d8842546246040c1 for Service Account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was not used over the last 180 days.", - "metadata": { - "event_code": "iam_sa_user_managed_key_unused", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "User-managed key ce51dbe0ea021fb2e8124f86d8842546246040c1 for Service Account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was not used over the last 180 days.", - "status_id": 1, - "unmapped": { - "related_url": "https://cloud.google.com/iam/docs/service-account-overview#identify-unused", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_1_3", - "cc_6_3" - ], - "MITRE-ATTACK": [ - "T1078" - ], - "NIS2": [ - "6.2.2.b", - "9.2.c", - "9.2.c.i", - "9.2.c.vii", - "9.2.c.xii", - "11.5.4" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900789, - "created_time_dt": "2025-10-19T19:06:29.756296", - "desc": "Ensure That There Are No Unused Service Account Keys for Each Service Account.", - "title": "Ensure That There Are No Unused Service Account Keys for Each Service Account", - "types": [], - "uid": "prowler-gcp-iam_sa_user_managed_key_unused-nodal-time-474015-p5-global-test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "email": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "display_name": "CCC Test User: test-user-trusted", - "keys": [ - { - "name": "2be636359d12f2e126e0d77f6dfaa3ba883c97c6", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-12T13:15:46", - "valid_before": "2025-10-29T13:15:46" - }, - { - "name": "b42bff156412b21c8615812a79d72ba55d6bafb4", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:44", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "24a51f6716e116e4b0c095d727d4a101242b82a2", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "a9ef76bd9a4bf65183c4eca79577351caf8a8b9c", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:47", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "3ec34a6521569dd67684f27f37d1d6ab56db09dc", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:43", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c450c6187eeddc932b29ffd3d0f3e675bf53af62", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:45", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "da1ab7a5db1c4c450463dd8897ce39f496b0ad66", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "f69cf03d448314cf03036f08165420dfe98b3992", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:50", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "ce51dbe0ea021fb2e8124f86d8842546246040c1", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:51", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "9fb92292efcb6cf783f5b7ef3bc67a293bea8a33", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:52", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c0604742fabec0b925df21e0606a25c9e007f571", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:38:22", - "valid_before": "9999-12-31T23:59:59" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "101453138596815216260" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "type": "ServiceAccountKey", - "uid": "ce51dbe0ea021fb2e8124f86d8842546246040c1" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended to prevent user-managed service account keys.", - "references": [ - "https://cloud.google.com/iam/docs/creating-managing-service-account-keys" - ] - }, - "risk_details": "Anyone who has access to the keys will be able to access resources through the service account. GCP-managed keys are used by Cloud Platform services such as App Engine and Compute Engine. These keys cannot be downloaded. Google will keep the keys and automatically rotate them on an approximately weekly basis. User-managed keys are created, downloadable, and managed by users.", - "time": 1760900789, - "time_dt": "2025-10-19T19:06:29.756296", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User-managed key 9fb92292efcb6cf783f5b7ef3bc67a293bea8a33 for Service Account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was not used over the last 180 days.", - "metadata": { - "event_code": "iam_sa_user_managed_key_unused", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "User-managed key 9fb92292efcb6cf783f5b7ef3bc67a293bea8a33 for Service Account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was not used over the last 180 days.", - "status_id": 1, - "unmapped": { - "related_url": "https://cloud.google.com/iam/docs/service-account-overview#identify-unused", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_1_3", - "cc_6_3" - ], - "MITRE-ATTACK": [ - "T1078" - ], - "NIS2": [ - "6.2.2.b", - "9.2.c", - "9.2.c.i", - "9.2.c.vii", - "9.2.c.xii", - "11.5.4" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900789, - "created_time_dt": "2025-10-19T19:06:29.756296", - "desc": "Ensure That There Are No Unused Service Account Keys for Each Service Account.", - "title": "Ensure That There Are No Unused Service Account Keys for Each Service Account", - "types": [], - "uid": "prowler-gcp-iam_sa_user_managed_key_unused-nodal-time-474015-p5-global-test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "email": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "display_name": "CCC Test User: test-user-trusted", - "keys": [ - { - "name": "2be636359d12f2e126e0d77f6dfaa3ba883c97c6", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-12T13:15:46", - "valid_before": "2025-10-29T13:15:46" - }, - { - "name": "b42bff156412b21c8615812a79d72ba55d6bafb4", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:44", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "24a51f6716e116e4b0c095d727d4a101242b82a2", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "a9ef76bd9a4bf65183c4eca79577351caf8a8b9c", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:47", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "3ec34a6521569dd67684f27f37d1d6ab56db09dc", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:43", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c450c6187eeddc932b29ffd3d0f3e675bf53af62", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:45", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "da1ab7a5db1c4c450463dd8897ce39f496b0ad66", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "f69cf03d448314cf03036f08165420dfe98b3992", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:50", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "ce51dbe0ea021fb2e8124f86d8842546246040c1", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:51", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "9fb92292efcb6cf783f5b7ef3bc67a293bea8a33", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:52", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c0604742fabec0b925df21e0606a25c9e007f571", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:38:22", - "valid_before": "9999-12-31T23:59:59" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "101453138596815216260" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "type": "ServiceAccountKey", - "uid": "9fb92292efcb6cf783f5b7ef3bc67a293bea8a33" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended to prevent user-managed service account keys.", - "references": [ - "https://cloud.google.com/iam/docs/creating-managing-service-account-keys" - ] - }, - "risk_details": "Anyone who has access to the keys will be able to access resources through the service account. GCP-managed keys are used by Cloud Platform services such as App Engine and Compute Engine. These keys cannot be downloaded. Google will keep the keys and automatically rotate them on an approximately weekly basis. User-managed keys are created, downloadable, and managed by users.", - "time": 1760900789, - "time_dt": "2025-10-19T19:06:29.756296", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User-managed key c0604742fabec0b925df21e0606a25c9e007f571 for Service Account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was not used over the last 180 days.", - "metadata": { - "event_code": "iam_sa_user_managed_key_unused", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "User-managed key c0604742fabec0b925df21e0606a25c9e007f571 for Service Account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was not used over the last 180 days.", - "status_id": 1, - "unmapped": { - "related_url": "https://cloud.google.com/iam/docs/service-account-overview#identify-unused", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_1_3", - "cc_6_3" - ], - "MITRE-ATTACK": [ - "T1078" - ], - "NIS2": [ - "6.2.2.b", - "9.2.c", - "9.2.c.i", - "9.2.c.vii", - "9.2.c.xii", - "11.5.4" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900789, - "created_time_dt": "2025-10-19T19:06:29.756296", - "desc": "Ensure That There Are No Unused Service Account Keys for Each Service Account.", - "title": "Ensure That There Are No Unused Service Account Keys for Each Service Account", - "types": [], - "uid": "prowler-gcp-iam_sa_user_managed_key_unused-nodal-time-474015-p5-global-test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "email": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "display_name": "CCC Test User: test-user-trusted", - "keys": [ - { - "name": "2be636359d12f2e126e0d77f6dfaa3ba883c97c6", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-12T13:15:46", - "valid_before": "2025-10-29T13:15:46" - }, - { - "name": "b42bff156412b21c8615812a79d72ba55d6bafb4", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:44", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "24a51f6716e116e4b0c095d727d4a101242b82a2", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "a9ef76bd9a4bf65183c4eca79577351caf8a8b9c", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:47", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "3ec34a6521569dd67684f27f37d1d6ab56db09dc", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:43", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c450c6187eeddc932b29ffd3d0f3e675bf53af62", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:45", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "da1ab7a5db1c4c450463dd8897ce39f496b0ad66", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "f69cf03d448314cf03036f08165420dfe98b3992", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:50", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "ce51dbe0ea021fb2e8124f86d8842546246040c1", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:51", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "9fb92292efcb6cf783f5b7ef3bc67a293bea8a33", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:52", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c0604742fabec0b925df21e0606a25c9e007f571", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:38:22", - "valid_before": "9999-12-31T23:59:59" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "101453138596815216260" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "type": "ServiceAccountKey", - "uid": "c0604742fabec0b925df21e0606a25c9e007f571" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended to prevent user-managed service account keys.", - "references": [ - "https://cloud.google.com/iam/docs/creating-managing-service-account-keys" - ] - }, - "risk_details": "Anyone who has access to the keys will be able to access resources through the service account. GCP-managed keys are used by Cloud Platform services such as App Engine and Compute Engine. These keys cannot be downloaded. Google will keep the keys and automatically rotate them on an approximately weekly basis. User-managed keys are created, downloadable, and managed by users.", - "time": 1760900789, - "time_dt": "2025-10-19T19:06:29.756296", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Service Account gha-deployer@nodal-time-474015-p5.iam.gserviceaccount.com was used over the last 180 days.", - "metadata": { - "event_code": "iam_service_account_unused", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Service Account gha-deployer@nodal-time-474015-p5.iam.gserviceaccount.com was used over the last 180 days.", - "status_id": 1, - "unmapped": { - "related_url": "https://cloud.google.com/iam/docs/service-account-overview#identify-unused", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "MITRE-ATTACK": [ - "T1078" - ], - "NIS2": [ - "6.2.2.b", - "11.1.2.c", - "11.2.2.a", - "11.2.2.d", - "11.3.1", - "11.3.2.a", - "11.3.2.c", - "11.4.2.a", - "11.4.2.c", - "11.5.4" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900789, - "created_time_dt": "2025-10-19T19:06:29.756296", - "desc": "Ensure That There Are No Unused Service Accounts.", - "title": "Ensure That There Are No Unused Service Accounts", - "types": [], - "uid": "prowler-gcp-iam_service_account_unused-nodal-time-474015-p5-global-projects/nodal-time-474015-p5/serviceAccounts/gha-deployer@nodal-time-474015-p5.iam.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/gha-deployer@nodal-time-474015-p5.iam.gserviceaccount.com", - "email": "gha-deployer@nodal-time-474015-p5.iam.gserviceaccount.com", - "display_name": "GitHub Actions Deployer", - "keys": [ - { - "name": "3f2a81ba4bce0b39089b85a2e7678d09d2d183f6", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-15T22:51:06", - "valid_before": "2025-11-01T22:51:06" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "114112078080729873885" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "projects/nodal-time-474015-p5/serviceAccounts/gha-deployer@nodal-time-474015-p5.iam.gserviceaccount.com", - "type": "ServiceAccount", - "uid": "gha-deployer@nodal-time-474015-p5.iam.gserviceaccount.com" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended to disable or remove unused Service Accounts.", - "references": [ - "https://cloud.google.com/iam/docs/service-account-overview#identify-unused" - ] - }, - "risk_details": "A malicious actor could make use of privilege escalation or impersonation to access an unused Service Account that is over-privileged.", - "time": 1760900789, - "time_dt": "2025-10-19T19:06:29.756296", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Service Account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was not used over the last 180 days.", - "metadata": { - "event_code": "iam_service_account_unused", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Service Account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was not used over the last 180 days.", - "status_id": 1, - "unmapped": { - "related_url": "https://cloud.google.com/iam/docs/service-account-overview#identify-unused", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "MITRE-ATTACK": [ - "T1078" - ], - "NIS2": [ - "6.2.2.b", - "11.1.2.c", - "11.2.2.a", - "11.2.2.d", - "11.3.1", - "11.3.2.a", - "11.3.2.c", - "11.4.2.a", - "11.4.2.c", - "11.5.4" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900789, - "created_time_dt": "2025-10-19T19:06:29.756296", - "desc": "Ensure That There Are No Unused Service Accounts.", - "title": "Ensure That There Are No Unused Service Accounts", - "types": [], - "uid": "prowler-gcp-iam_service_account_unused-nodal-time-474015-p5-global-projects/nodal-time-474015-p5/serviceAccounts/test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "email": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "display_name": "CCC Test User: test-user-trusted", - "keys": [ - { - "name": "2be636359d12f2e126e0d77f6dfaa3ba883c97c6", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-12T13:15:46", - "valid_before": "2025-10-29T13:15:46" - }, - { - "name": "b42bff156412b21c8615812a79d72ba55d6bafb4", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:44", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "24a51f6716e116e4b0c095d727d4a101242b82a2", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "a9ef76bd9a4bf65183c4eca79577351caf8a8b9c", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:47", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "3ec34a6521569dd67684f27f37d1d6ab56db09dc", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:43", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c450c6187eeddc932b29ffd3d0f3e675bf53af62", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:45", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "da1ab7a5db1c4c450463dd8897ce39f496b0ad66", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "f69cf03d448314cf03036f08165420dfe98b3992", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:50", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "ce51dbe0ea021fb2e8124f86d8842546246040c1", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:51", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "9fb92292efcb6cf783f5b7ef3bc67a293bea8a33", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:52", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c0604742fabec0b925df21e0606a25c9e007f571", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:38:22", - "valid_before": "9999-12-31T23:59:59" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "101453138596815216260" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "projects/nodal-time-474015-p5/serviceAccounts/test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "type": "ServiceAccount", - "uid": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended to disable or remove unused Service Accounts.", - "references": [ - "https://cloud.google.com/iam/docs/service-account-overview#identify-unused" - ] - }, - "risk_details": "A malicious actor could make use of privilege escalation or impersonation to access an unused Service Account that is over-privileged.", - "time": 1760900789, - "time_dt": "2025-10-19T19:06:29.756296", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Service Account 784623368087-compute@developer.gserviceaccount.com was not used over the last 180 days.", - "metadata": { - "event_code": "iam_service_account_unused", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Service Account 784623368087-compute@developer.gserviceaccount.com was not used over the last 180 days.", - "status_id": 1, - "unmapped": { - "related_url": "https://cloud.google.com/iam/docs/service-account-overview#identify-unused", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "MITRE-ATTACK": [ - "T1078" - ], - "NIS2": [ - "6.2.2.b", - "11.1.2.c", - "11.2.2.a", - "11.2.2.d", - "11.3.1", - "11.3.2.a", - "11.3.2.c", - "11.4.2.a", - "11.4.2.c", - "11.5.4" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900789, - "created_time_dt": "2025-10-19T19:06:29.756296", - "desc": "Ensure That There Are No Unused Service Accounts.", - "title": "Ensure That There Are No Unused Service Accounts", - "types": [], - "uid": "prowler-gcp-iam_service_account_unused-nodal-time-474015-p5-global-projects/nodal-time-474015-p5/serviceAccounts/784623368087-compute@developer.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/784623368087-compute@developer.gserviceaccount.com", - "email": "784623368087-compute@developer.gserviceaccount.com", - "display_name": "Compute Engine default service account", - "keys": [ - { - "name": "93b9e85d69bcb0503b5a7696d8b3bf5855a91d37", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-15T10:25:01", - "valid_before": "2025-10-31T10:25:01" - }, - { - "name": "202c306e41b020fefe81250bea563d31c07138e3", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-06T10:25:01", - "valid_before": "2025-10-23T10:25:01" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "111974737467208838860" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "projects/nodal-time-474015-p5/serviceAccounts/784623368087-compute@developer.gserviceaccount.com", - "type": "ServiceAccount", - "uid": "784623368087-compute@developer.gserviceaccount.com" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended to disable or remove unused Service Accounts.", - "references": [ - "https://cloud.google.com/iam/docs/service-account-overview#identify-unused" - ] - }, - "risk_details": "A malicious actor could make use of privilege escalation or impersonation to access an unused Service Account that is over-privileged.", - "time": 1760900789, - "time_dt": "2025-10-19T19:06:29.756296", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Service Account vertex-ai-workbench-sa@nodal-time-474015-p5.iam.gserviceaccount.com was not used over the last 180 days.", - "metadata": { - "event_code": "iam_service_account_unused", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Service Account vertex-ai-workbench-sa@nodal-time-474015-p5.iam.gserviceaccount.com was not used over the last 180 days.", - "status_id": 1, - "unmapped": { - "related_url": "https://cloud.google.com/iam/docs/service-account-overview#identify-unused", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "MITRE-ATTACK": [ - "T1078" - ], - "NIS2": [ - "6.2.2.b", - "11.1.2.c", - "11.2.2.a", - "11.2.2.d", - "11.3.1", - "11.3.2.a", - "11.3.2.c", - "11.4.2.a", - "11.4.2.c", - "11.5.4" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900789, - "created_time_dt": "2025-10-19T19:06:29.756296", - "desc": "Ensure That There Are No Unused Service Accounts.", - "title": "Ensure That There Are No Unused Service Accounts", - "types": [], - "uid": "prowler-gcp-iam_service_account_unused-nodal-time-474015-p5-global-projects/nodal-time-474015-p5/serviceAccounts/vertex-ai-workbench-sa@nodal-time-474015-p5.iam.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/vertex-ai-workbench-sa@nodal-time-474015-p5.iam.gserviceaccount.com", - "email": "vertex-ai-workbench-sa@nodal-time-474015-p5.iam.gserviceaccount.com", - "display_name": "Vertex AI Workbench Service Account", - "keys": [ - { - "name": "92e39887344dae71e19dc25c005a53a68ceb62cb", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-15T23:25:14", - "valid_before": "2025-11-01T23:25:14" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "108352930858191263233" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "projects/nodal-time-474015-p5/serviceAccounts/vertex-ai-workbench-sa@nodal-time-474015-p5.iam.gserviceaccount.com", - "type": "ServiceAccount", - "uid": "vertex-ai-workbench-sa@nodal-time-474015-p5.iam.gserviceaccount.com" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended to disable or remove unused Service Accounts.", - "references": [ - "https://cloud.google.com/iam/docs/service-account-overview#identify-unused" - ] - }, - "risk_details": "A malicious actor could make use of privilege escalation or impersonation to access an unused Service Account that is over-privileged.", - "time": 1760900789, - "time_dt": "2025-10-19T19:06:29.756296", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Key cfi-bucket-key-13fa4761 is not exposed to Public.", - "metadata": { - "event_code": "kms_key_not_publicly_accessible", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Key cfi-bucket-key-13fa4761 is not exposed to Public.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.9" - ], - "ISO27001-2022": [ - "A.8.1", - "A.8.12", - "A.8.24" - ], - "ENS-RD2022": [ - "op.exp.10.gcp.kms.1" - ], - "PCI-4.0": [ - "10.3.3.6", - "3.5.1.1.7", - "3.5.1.1.8", - "3.5.1.3.15", - "3.5.1.3.16", - "3.5.1.5", - "3.5.1.15", - "3.5.1.16", - "3.5.1.17", - "3.5.1.31", - "3.5.1.32", - "3.5.1.35", - "3.6.1.2.7", - "3.6.1.2.8", - "3.6.1.3.7", - "3.6.1.3.8", - "3.6.1.4.7", - "3.6.1.4.8", - "3.6.1.7", - "3.6.1.8", - "3.7.1.8", - "3.7.1.9", - "3.7.2.7", - "3.7.2.8", - "3.7.4.5", - "3.7.4.8", - "3.7.4.9", - "3.7.5.2", - "3.7.6.7", - "3.7.6.8", - "3.7.7.7", - "3.7.7.8", - "4.2.1.1.20", - "4.2.1.1.21", - "7.2.1.9", - "7.2.1.10", - "7.2.2.9", - "7.2.2.10", - "7.2.3.5", - "7.2.3.6", - "7.2.5.5", - "7.2.5.6", - "7.3.1.5", - "7.3.1.6", - "7.3.2.5", - "7.3.2.6", - "7.3.3.5", - "7.3.3.6", - "8.2.7.5", - "8.2.7.6", - "8.2.8.7", - "8.2.8.8", - "8.3.2.9", - "8.3.2.24", - "8.3.2.50", - "8.3.2.51", - "8.3.2.53", - "8.3.2.54", - "8.3.4.5", - "8.3.4.6", - "A1.2.1.11" - ], - "MITRE-ATTACK": [ - "T1190" - ], - "CIS-2.0": [ - "1.9" - ], - "NIS2": [ - "9.2.c", - "9.2.c.i", - "9.2.c.iv", - "9.2.c.vi", - "9.2.c.xii", - "11.4.2.c", - "11.6.1" - ], - "ProwlerThreatScore-1.0": [ - "1.2.3" - ], - "CIS-4.0": [ - "1.9" - ], - "CCC": [ - "CCC.GenAI.CN03.AR01", - "CCC.GenAI.CN04.AR01", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR01", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN02.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04", - "CCC.Core.CN11.AR05", - "CCC.Core.CN11.AR06", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900789, - "created_time_dt": "2025-10-19T19:06:29.756296", - "desc": "Check for Publicly Accessible Cloud KMS Keys", - "title": "Check for Publicly Accessible Cloud KMS Keys", - "types": [], - "uid": "prowler-gcp-kms_key_not_publicly_accessible-nodal-time-474015-p5-us-central1-cfi-bucket-key-13fa4761" - }, - "resources": [ - { - "region": "us-central1", - "data": { - "details": "", - "metadata": { - "id": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-13fa4761/cryptoKeys/cfi-bucket-key-13fa4761", - "name": "cfi-bucket-key-13fa4761", - "location": "us-central1", - "rotation_period": null, - "next_rotation_time": null, - "key_ring": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-13fa4761", - "members": [], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "cfi-bucket-key-13fa4761", - "type": "CryptoKey", - "uid": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-13fa4761/cryptoKeys/cfi-bucket-key-13fa4761" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-central1" - }, - "remediation": { - "desc": "To deny access from anonymous and public users, remove the bindings for 'allUsers' and 'allAuthenticatedUsers' members from the KMS key's IAM policy.", - "references": [ - "https://cloud.google.com/kms/docs/iam" - ] - }, - "risk_details": "Ensure that the IAM policy associated with your Cloud Key Management Service (KMS) keys is restricting anonymous and/or public access", - "time": 1760900789, - "time_dt": "2025-10-19T19:06:29.756296", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Key cfi-bucket-key-1c7d7a2a is not exposed to Public.", - "metadata": { - "event_code": "kms_key_not_publicly_accessible", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Key cfi-bucket-key-1c7d7a2a is not exposed to Public.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.9" - ], - "ISO27001-2022": [ - "A.8.1", - "A.8.12", - "A.8.24" - ], - "ENS-RD2022": [ - "op.exp.10.gcp.kms.1" - ], - "PCI-4.0": [ - "10.3.3.6", - "3.5.1.1.7", - "3.5.1.1.8", - "3.5.1.3.15", - "3.5.1.3.16", - "3.5.1.5", - "3.5.1.15", - "3.5.1.16", - "3.5.1.17", - "3.5.1.31", - "3.5.1.32", - "3.5.1.35", - "3.6.1.2.7", - "3.6.1.2.8", - "3.6.1.3.7", - "3.6.1.3.8", - "3.6.1.4.7", - "3.6.1.4.8", - "3.6.1.7", - "3.6.1.8", - "3.7.1.8", - "3.7.1.9", - "3.7.2.7", - "3.7.2.8", - "3.7.4.5", - "3.7.4.8", - "3.7.4.9", - "3.7.5.2", - "3.7.6.7", - "3.7.6.8", - "3.7.7.7", - "3.7.7.8", - "4.2.1.1.20", - "4.2.1.1.21", - "7.2.1.9", - "7.2.1.10", - "7.2.2.9", - "7.2.2.10", - "7.2.3.5", - "7.2.3.6", - "7.2.5.5", - "7.2.5.6", - "7.3.1.5", - "7.3.1.6", - "7.3.2.5", - "7.3.2.6", - "7.3.3.5", - "7.3.3.6", - "8.2.7.5", - "8.2.7.6", - "8.2.8.7", - "8.2.8.8", - "8.3.2.9", - "8.3.2.24", - "8.3.2.50", - "8.3.2.51", - "8.3.2.53", - "8.3.2.54", - "8.3.4.5", - "8.3.4.6", - "A1.2.1.11" - ], - "MITRE-ATTACK": [ - "T1190" - ], - "CIS-2.0": [ - "1.9" - ], - "NIS2": [ - "9.2.c", - "9.2.c.i", - "9.2.c.iv", - "9.2.c.vi", - "9.2.c.xii", - "11.4.2.c", - "11.6.1" - ], - "ProwlerThreatScore-1.0": [ - "1.2.3" - ], - "CIS-4.0": [ - "1.9" - ], - "CCC": [ - "CCC.GenAI.CN03.AR01", - "CCC.GenAI.CN04.AR01", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR01", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN02.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04", - "CCC.Core.CN11.AR05", - "CCC.Core.CN11.AR06", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900789, - "created_time_dt": "2025-10-19T19:06:29.756296", - "desc": "Check for Publicly Accessible Cloud KMS Keys", - "title": "Check for Publicly Accessible Cloud KMS Keys", - "types": [], - "uid": "prowler-gcp-kms_key_not_publicly_accessible-nodal-time-474015-p5-us-central1-cfi-bucket-key-1c7d7a2a" - }, - "resources": [ - { - "region": "us-central1", - "data": { - "details": "", - "metadata": { - "id": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-1c7d7a2a/cryptoKeys/cfi-bucket-key-1c7d7a2a", - "name": "cfi-bucket-key-1c7d7a2a", - "location": "us-central1", - "rotation_period": null, - "next_rotation_time": null, - "key_ring": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-1c7d7a2a", - "members": [], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "cfi-bucket-key-1c7d7a2a", - "type": "CryptoKey", - "uid": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-1c7d7a2a/cryptoKeys/cfi-bucket-key-1c7d7a2a" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-central1" - }, - "remediation": { - "desc": "To deny access from anonymous and public users, remove the bindings for 'allUsers' and 'allAuthenticatedUsers' members from the KMS key's IAM policy.", - "references": [ - "https://cloud.google.com/kms/docs/iam" - ] - }, - "risk_details": "Ensure that the IAM policy associated with your Cloud Key Management Service (KMS) keys is restricting anonymous and/or public access", - "time": 1760900789, - "time_dt": "2025-10-19T19:06:29.756296", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Key cfi-bucket-key-1fba850e is not exposed to Public.", - "metadata": { - "event_code": "kms_key_not_publicly_accessible", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Key cfi-bucket-key-1fba850e is not exposed to Public.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.9" - ], - "ISO27001-2022": [ - "A.8.1", - "A.8.12", - "A.8.24" - ], - "ENS-RD2022": [ - "op.exp.10.gcp.kms.1" - ], - "PCI-4.0": [ - "10.3.3.6", - "3.5.1.1.7", - "3.5.1.1.8", - "3.5.1.3.15", - "3.5.1.3.16", - "3.5.1.5", - "3.5.1.15", - "3.5.1.16", - "3.5.1.17", - "3.5.1.31", - "3.5.1.32", - "3.5.1.35", - "3.6.1.2.7", - "3.6.1.2.8", - "3.6.1.3.7", - "3.6.1.3.8", - "3.6.1.4.7", - "3.6.1.4.8", - "3.6.1.7", - "3.6.1.8", - "3.7.1.8", - "3.7.1.9", - "3.7.2.7", - "3.7.2.8", - "3.7.4.5", - "3.7.4.8", - "3.7.4.9", - "3.7.5.2", - "3.7.6.7", - "3.7.6.8", - "3.7.7.7", - "3.7.7.8", - "4.2.1.1.20", - "4.2.1.1.21", - "7.2.1.9", - "7.2.1.10", - "7.2.2.9", - "7.2.2.10", - "7.2.3.5", - "7.2.3.6", - "7.2.5.5", - "7.2.5.6", - "7.3.1.5", - "7.3.1.6", - "7.3.2.5", - "7.3.2.6", - "7.3.3.5", - "7.3.3.6", - "8.2.7.5", - "8.2.7.6", - "8.2.8.7", - "8.2.8.8", - "8.3.2.9", - "8.3.2.24", - "8.3.2.50", - "8.3.2.51", - "8.3.2.53", - "8.3.2.54", - "8.3.4.5", - "8.3.4.6", - "A1.2.1.11" - ], - "MITRE-ATTACK": [ - "T1190" - ], - "CIS-2.0": [ - "1.9" - ], - "NIS2": [ - "9.2.c", - "9.2.c.i", - "9.2.c.iv", - "9.2.c.vi", - "9.2.c.xii", - "11.4.2.c", - "11.6.1" - ], - "ProwlerThreatScore-1.0": [ - "1.2.3" - ], - "CIS-4.0": [ - "1.9" - ], - "CCC": [ - "CCC.GenAI.CN03.AR01", - "CCC.GenAI.CN04.AR01", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR01", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN02.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04", - "CCC.Core.CN11.AR05", - "CCC.Core.CN11.AR06", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900789, - "created_time_dt": "2025-10-19T19:06:29.756296", - "desc": "Check for Publicly Accessible Cloud KMS Keys", - "title": "Check for Publicly Accessible Cloud KMS Keys", - "types": [], - "uid": "prowler-gcp-kms_key_not_publicly_accessible-nodal-time-474015-p5-us-central1-cfi-bucket-key-1fba850e" - }, - "resources": [ - { - "region": "us-central1", - "data": { - "details": "", - "metadata": { - "id": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-1fba850e/cryptoKeys/cfi-bucket-key-1fba850e", - "name": "cfi-bucket-key-1fba850e", - "location": "us-central1", - "rotation_period": "2592000s", - "next_rotation_time": "2025-11-15T23:25:31.957183Z", - "key_ring": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-1fba850e", - "members": [], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "cfi-bucket-key-1fba850e", - "type": "CryptoKey", - "uid": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-1fba850e/cryptoKeys/cfi-bucket-key-1fba850e" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-central1" - }, - "remediation": { - "desc": "To deny access from anonymous and public users, remove the bindings for 'allUsers' and 'allAuthenticatedUsers' members from the KMS key's IAM policy.", - "references": [ - "https://cloud.google.com/kms/docs/iam" - ] - }, - "risk_details": "Ensure that the IAM policy associated with your Cloud Key Management Service (KMS) keys is restricting anonymous and/or public access", - "time": 1760900789, - "time_dt": "2025-10-19T19:06:29.756296", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Key cfi-bucket-key-4cd10935 is not exposed to Public.", - "metadata": { - "event_code": "kms_key_not_publicly_accessible", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Key cfi-bucket-key-4cd10935 is not exposed to Public.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.9" - ], - "ISO27001-2022": [ - "A.8.1", - "A.8.12", - "A.8.24" - ], - "ENS-RD2022": [ - "op.exp.10.gcp.kms.1" - ], - "PCI-4.0": [ - "10.3.3.6", - "3.5.1.1.7", - "3.5.1.1.8", - "3.5.1.3.15", - "3.5.1.3.16", - "3.5.1.5", - "3.5.1.15", - "3.5.1.16", - "3.5.1.17", - "3.5.1.31", - "3.5.1.32", - "3.5.1.35", - "3.6.1.2.7", - "3.6.1.2.8", - "3.6.1.3.7", - "3.6.1.3.8", - "3.6.1.4.7", - "3.6.1.4.8", - "3.6.1.7", - "3.6.1.8", - "3.7.1.8", - "3.7.1.9", - "3.7.2.7", - "3.7.2.8", - "3.7.4.5", - "3.7.4.8", - "3.7.4.9", - "3.7.5.2", - "3.7.6.7", - "3.7.6.8", - "3.7.7.7", - "3.7.7.8", - "4.2.1.1.20", - "4.2.1.1.21", - "7.2.1.9", - "7.2.1.10", - "7.2.2.9", - "7.2.2.10", - "7.2.3.5", - "7.2.3.6", - "7.2.5.5", - "7.2.5.6", - "7.3.1.5", - "7.3.1.6", - "7.3.2.5", - "7.3.2.6", - "7.3.3.5", - "7.3.3.6", - "8.2.7.5", - "8.2.7.6", - "8.2.8.7", - "8.2.8.8", - "8.3.2.9", - "8.3.2.24", - "8.3.2.50", - "8.3.2.51", - "8.3.2.53", - "8.3.2.54", - "8.3.4.5", - "8.3.4.6", - "A1.2.1.11" - ], - "MITRE-ATTACK": [ - "T1190" - ], - "CIS-2.0": [ - "1.9" - ], - "NIS2": [ - "9.2.c", - "9.2.c.i", - "9.2.c.iv", - "9.2.c.vi", - "9.2.c.xii", - "11.4.2.c", - "11.6.1" - ], - "ProwlerThreatScore-1.0": [ - "1.2.3" - ], - "CIS-4.0": [ - "1.9" - ], - "CCC": [ - "CCC.GenAI.CN03.AR01", - "CCC.GenAI.CN04.AR01", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR01", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN02.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04", - "CCC.Core.CN11.AR05", - "CCC.Core.CN11.AR06", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900789, - "created_time_dt": "2025-10-19T19:06:29.756296", - "desc": "Check for Publicly Accessible Cloud KMS Keys", - "title": "Check for Publicly Accessible Cloud KMS Keys", - "types": [], - "uid": "prowler-gcp-kms_key_not_publicly_accessible-nodal-time-474015-p5-us-central1-cfi-bucket-key-4cd10935" - }, - "resources": [ - { - "region": "us-central1", - "data": { - "details": "", - "metadata": { - "id": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-4cd10935/cryptoKeys/cfi-bucket-key-4cd10935", - "name": "cfi-bucket-key-4cd10935", - "location": "us-central1", - "rotation_period": null, - "next_rotation_time": null, - "key_ring": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-4cd10935", - "members": [], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "cfi-bucket-key-4cd10935", - "type": "CryptoKey", - "uid": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-4cd10935/cryptoKeys/cfi-bucket-key-4cd10935" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-central1" - }, - "remediation": { - "desc": "To deny access from anonymous and public users, remove the bindings for 'allUsers' and 'allAuthenticatedUsers' members from the KMS key's IAM policy.", - "references": [ - "https://cloud.google.com/kms/docs/iam" - ] - }, - "risk_details": "Ensure that the IAM policy associated with your Cloud Key Management Service (KMS) keys is restricting anonymous and/or public access", - "time": 1760900789, - "time_dt": "2025-10-19T19:06:29.756296", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Key cfi-bucket-key-7a427af0 is not exposed to Public.", - "metadata": { - "event_code": "kms_key_not_publicly_accessible", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Key cfi-bucket-key-7a427af0 is not exposed to Public.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.9" - ], - "ISO27001-2022": [ - "A.8.1", - "A.8.12", - "A.8.24" - ], - "ENS-RD2022": [ - "op.exp.10.gcp.kms.1" - ], - "PCI-4.0": [ - "10.3.3.6", - "3.5.1.1.7", - "3.5.1.1.8", - "3.5.1.3.15", - "3.5.1.3.16", - "3.5.1.5", - "3.5.1.15", - "3.5.1.16", - "3.5.1.17", - "3.5.1.31", - "3.5.1.32", - "3.5.1.35", - "3.6.1.2.7", - "3.6.1.2.8", - "3.6.1.3.7", - "3.6.1.3.8", - "3.6.1.4.7", - "3.6.1.4.8", - "3.6.1.7", - "3.6.1.8", - "3.7.1.8", - "3.7.1.9", - "3.7.2.7", - "3.7.2.8", - "3.7.4.5", - "3.7.4.8", - "3.7.4.9", - "3.7.5.2", - "3.7.6.7", - "3.7.6.8", - "3.7.7.7", - "3.7.7.8", - "4.2.1.1.20", - "4.2.1.1.21", - "7.2.1.9", - "7.2.1.10", - "7.2.2.9", - "7.2.2.10", - "7.2.3.5", - "7.2.3.6", - "7.2.5.5", - "7.2.5.6", - "7.3.1.5", - "7.3.1.6", - "7.3.2.5", - "7.3.2.6", - "7.3.3.5", - "7.3.3.6", - "8.2.7.5", - "8.2.7.6", - "8.2.8.7", - "8.2.8.8", - "8.3.2.9", - "8.3.2.24", - "8.3.2.50", - "8.3.2.51", - "8.3.2.53", - "8.3.2.54", - "8.3.4.5", - "8.3.4.6", - "A1.2.1.11" - ], - "MITRE-ATTACK": [ - "T1190" - ], - "CIS-2.0": [ - "1.9" - ], - "NIS2": [ - "9.2.c", - "9.2.c.i", - "9.2.c.iv", - "9.2.c.vi", - "9.2.c.xii", - "11.4.2.c", - "11.6.1" - ], - "ProwlerThreatScore-1.0": [ - "1.2.3" - ], - "CIS-4.0": [ - "1.9" - ], - "CCC": [ - "CCC.GenAI.CN03.AR01", - "CCC.GenAI.CN04.AR01", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR01", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN02.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04", - "CCC.Core.CN11.AR05", - "CCC.Core.CN11.AR06", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900789, - "created_time_dt": "2025-10-19T19:06:29.756296", - "desc": "Check for Publicly Accessible Cloud KMS Keys", - "title": "Check for Publicly Accessible Cloud KMS Keys", - "types": [], - "uid": "prowler-gcp-kms_key_not_publicly_accessible-nodal-time-474015-p5-us-central1-cfi-bucket-key-7a427af0" - }, - "resources": [ - { - "region": "us-central1", - "data": { - "details": "", - "metadata": { - "id": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-7a427af0/cryptoKeys/cfi-bucket-key-7a427af0", - "name": "cfi-bucket-key-7a427af0", - "location": "us-central1", - "rotation_period": "2592000s", - "next_rotation_time": "2025-11-16T15:28:10.344444Z", - "key_ring": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-7a427af0", - "members": [], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "cfi-bucket-key-7a427af0", - "type": "CryptoKey", - "uid": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-7a427af0/cryptoKeys/cfi-bucket-key-7a427af0" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-central1" - }, - "remediation": { - "desc": "To deny access from anonymous and public users, remove the bindings for 'allUsers' and 'allAuthenticatedUsers' members from the KMS key's IAM policy.", - "references": [ - "https://cloud.google.com/kms/docs/iam" - ] - }, - "risk_details": "Ensure that the IAM policy associated with your Cloud Key Management Service (KMS) keys is restricting anonymous and/or public access", - "time": 1760900789, - "time_dt": "2025-10-19T19:06:29.756296", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Key cfi-bucket-key-a03be2ac is not exposed to Public.", - "metadata": { - "event_code": "kms_key_not_publicly_accessible", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Key cfi-bucket-key-a03be2ac is not exposed to Public.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.9" - ], - "ISO27001-2022": [ - "A.8.1", - "A.8.12", - "A.8.24" - ], - "ENS-RD2022": [ - "op.exp.10.gcp.kms.1" - ], - "PCI-4.0": [ - "10.3.3.6", - "3.5.1.1.7", - "3.5.1.1.8", - "3.5.1.3.15", - "3.5.1.3.16", - "3.5.1.5", - "3.5.1.15", - "3.5.1.16", - "3.5.1.17", - "3.5.1.31", - "3.5.1.32", - "3.5.1.35", - "3.6.1.2.7", - "3.6.1.2.8", - "3.6.1.3.7", - "3.6.1.3.8", - "3.6.1.4.7", - "3.6.1.4.8", - "3.6.1.7", - "3.6.1.8", - "3.7.1.8", - "3.7.1.9", - "3.7.2.7", - "3.7.2.8", - "3.7.4.5", - "3.7.4.8", - "3.7.4.9", - "3.7.5.2", - "3.7.6.7", - "3.7.6.8", - "3.7.7.7", - "3.7.7.8", - "4.2.1.1.20", - "4.2.1.1.21", - "7.2.1.9", - "7.2.1.10", - "7.2.2.9", - "7.2.2.10", - "7.2.3.5", - "7.2.3.6", - "7.2.5.5", - "7.2.5.6", - "7.3.1.5", - "7.3.1.6", - "7.3.2.5", - "7.3.2.6", - "7.3.3.5", - "7.3.3.6", - "8.2.7.5", - "8.2.7.6", - "8.2.8.7", - "8.2.8.8", - "8.3.2.9", - "8.3.2.24", - "8.3.2.50", - "8.3.2.51", - "8.3.2.53", - "8.3.2.54", - "8.3.4.5", - "8.3.4.6", - "A1.2.1.11" - ], - "MITRE-ATTACK": [ - "T1190" - ], - "CIS-2.0": [ - "1.9" - ], - "NIS2": [ - "9.2.c", - "9.2.c.i", - "9.2.c.iv", - "9.2.c.vi", - "9.2.c.xii", - "11.4.2.c", - "11.6.1" - ], - "ProwlerThreatScore-1.0": [ - "1.2.3" - ], - "CIS-4.0": [ - "1.9" - ], - "CCC": [ - "CCC.GenAI.CN03.AR01", - "CCC.GenAI.CN04.AR01", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR01", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN02.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04", - "CCC.Core.CN11.AR05", - "CCC.Core.CN11.AR06", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900789, - "created_time_dt": "2025-10-19T19:06:29.756296", - "desc": "Check for Publicly Accessible Cloud KMS Keys", - "title": "Check for Publicly Accessible Cloud KMS Keys", - "types": [], - "uid": "prowler-gcp-kms_key_not_publicly_accessible-nodal-time-474015-p5-us-central1-cfi-bucket-key-a03be2ac" - }, - "resources": [ - { - "region": "us-central1", - "data": { - "details": "", - "metadata": { - "id": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-a03be2ac/cryptoKeys/cfi-bucket-key-a03be2ac", - "name": "cfi-bucket-key-a03be2ac", - "location": "us-central1", - "rotation_period": null, - "next_rotation_time": null, - "key_ring": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-a03be2ac", - "members": [], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "cfi-bucket-key-a03be2ac", - "type": "CryptoKey", - "uid": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-a03be2ac/cryptoKeys/cfi-bucket-key-a03be2ac" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-central1" - }, - "remediation": { - "desc": "To deny access from anonymous and public users, remove the bindings for 'allUsers' and 'allAuthenticatedUsers' members from the KMS key's IAM policy.", - "references": [ - "https://cloud.google.com/kms/docs/iam" - ] - }, - "risk_details": "Ensure that the IAM policy associated with your Cloud Key Management Service (KMS) keys is restricting anonymous and/or public access", - "time": 1760900789, - "time_dt": "2025-10-19T19:06:29.756296", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Key cfi-bucket-key-a1aaa547 is not exposed to Public.", - "metadata": { - "event_code": "kms_key_not_publicly_accessible", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Key cfi-bucket-key-a1aaa547 is not exposed to Public.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.9" - ], - "ISO27001-2022": [ - "A.8.1", - "A.8.12", - "A.8.24" - ], - "ENS-RD2022": [ - "op.exp.10.gcp.kms.1" - ], - "PCI-4.0": [ - "10.3.3.6", - "3.5.1.1.7", - "3.5.1.1.8", - "3.5.1.3.15", - "3.5.1.3.16", - "3.5.1.5", - "3.5.1.15", - "3.5.1.16", - "3.5.1.17", - "3.5.1.31", - "3.5.1.32", - "3.5.1.35", - "3.6.1.2.7", - "3.6.1.2.8", - "3.6.1.3.7", - "3.6.1.3.8", - "3.6.1.4.7", - "3.6.1.4.8", - "3.6.1.7", - "3.6.1.8", - "3.7.1.8", - "3.7.1.9", - "3.7.2.7", - "3.7.2.8", - "3.7.4.5", - "3.7.4.8", - "3.7.4.9", - "3.7.5.2", - "3.7.6.7", - "3.7.6.8", - "3.7.7.7", - "3.7.7.8", - "4.2.1.1.20", - "4.2.1.1.21", - "7.2.1.9", - "7.2.1.10", - "7.2.2.9", - "7.2.2.10", - "7.2.3.5", - "7.2.3.6", - "7.2.5.5", - "7.2.5.6", - "7.3.1.5", - "7.3.1.6", - "7.3.2.5", - "7.3.2.6", - "7.3.3.5", - "7.3.3.6", - "8.2.7.5", - "8.2.7.6", - "8.2.8.7", - "8.2.8.8", - "8.3.2.9", - "8.3.2.24", - "8.3.2.50", - "8.3.2.51", - "8.3.2.53", - "8.3.2.54", - "8.3.4.5", - "8.3.4.6", - "A1.2.1.11" - ], - "MITRE-ATTACK": [ - "T1190" - ], - "CIS-2.0": [ - "1.9" - ], - "NIS2": [ - "9.2.c", - "9.2.c.i", - "9.2.c.iv", - "9.2.c.vi", - "9.2.c.xii", - "11.4.2.c", - "11.6.1" - ], - "ProwlerThreatScore-1.0": [ - "1.2.3" - ], - "CIS-4.0": [ - "1.9" - ], - "CCC": [ - "CCC.GenAI.CN03.AR01", - "CCC.GenAI.CN04.AR01", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR01", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN02.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04", - "CCC.Core.CN11.AR05", - "CCC.Core.CN11.AR06", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900789, - "created_time_dt": "2025-10-19T19:06:29.756296", - "desc": "Check for Publicly Accessible Cloud KMS Keys", - "title": "Check for Publicly Accessible Cloud KMS Keys", - "types": [], - "uid": "prowler-gcp-kms_key_not_publicly_accessible-nodal-time-474015-p5-us-central1-cfi-bucket-key-a1aaa547" - }, - "resources": [ - { - "region": "us-central1", - "data": { - "details": "", - "metadata": { - "id": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-a1aaa547/cryptoKeys/cfi-bucket-key-a1aaa547", - "name": "cfi-bucket-key-a1aaa547", - "location": "us-central1", - "rotation_period": "2592000s", - "next_rotation_time": "2025-11-16T00:25:56.259471Z", - "key_ring": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-a1aaa547", - "members": [], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "cfi-bucket-key-a1aaa547", - "type": "CryptoKey", - "uid": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-a1aaa547/cryptoKeys/cfi-bucket-key-a1aaa547" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-central1" - }, - "remediation": { - "desc": "To deny access from anonymous and public users, remove the bindings for 'allUsers' and 'allAuthenticatedUsers' members from the KMS key's IAM policy.", - "references": [ - "https://cloud.google.com/kms/docs/iam" - ] - }, - "risk_details": "Ensure that the IAM policy associated with your Cloud Key Management Service (KMS) keys is restricting anonymous and/or public access", - "time": 1760900789, - "time_dt": "2025-10-19T19:06:29.756296", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Key cfi-bucket-key-e7619e1f is not exposed to Public.", - "metadata": { - "event_code": "kms_key_not_publicly_accessible", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Key cfi-bucket-key-e7619e1f is not exposed to Public.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.9" - ], - "ISO27001-2022": [ - "A.8.1", - "A.8.12", - "A.8.24" - ], - "ENS-RD2022": [ - "op.exp.10.gcp.kms.1" - ], - "PCI-4.0": [ - "10.3.3.6", - "3.5.1.1.7", - "3.5.1.1.8", - "3.5.1.3.15", - "3.5.1.3.16", - "3.5.1.5", - "3.5.1.15", - "3.5.1.16", - "3.5.1.17", - "3.5.1.31", - "3.5.1.32", - "3.5.1.35", - "3.6.1.2.7", - "3.6.1.2.8", - "3.6.1.3.7", - "3.6.1.3.8", - "3.6.1.4.7", - "3.6.1.4.8", - "3.6.1.7", - "3.6.1.8", - "3.7.1.8", - "3.7.1.9", - "3.7.2.7", - "3.7.2.8", - "3.7.4.5", - "3.7.4.8", - "3.7.4.9", - "3.7.5.2", - "3.7.6.7", - "3.7.6.8", - "3.7.7.7", - "3.7.7.8", - "4.2.1.1.20", - "4.2.1.1.21", - "7.2.1.9", - "7.2.1.10", - "7.2.2.9", - "7.2.2.10", - "7.2.3.5", - "7.2.3.6", - "7.2.5.5", - "7.2.5.6", - "7.3.1.5", - "7.3.1.6", - "7.3.2.5", - "7.3.2.6", - "7.3.3.5", - "7.3.3.6", - "8.2.7.5", - "8.2.7.6", - "8.2.8.7", - "8.2.8.8", - "8.3.2.9", - "8.3.2.24", - "8.3.2.50", - "8.3.2.51", - "8.3.2.53", - "8.3.2.54", - "8.3.4.5", - "8.3.4.6", - "A1.2.1.11" - ], - "MITRE-ATTACK": [ - "T1190" - ], - "CIS-2.0": [ - "1.9" - ], - "NIS2": [ - "9.2.c", - "9.2.c.i", - "9.2.c.iv", - "9.2.c.vi", - "9.2.c.xii", - "11.4.2.c", - "11.6.1" - ], - "ProwlerThreatScore-1.0": [ - "1.2.3" - ], - "CIS-4.0": [ - "1.9" - ], - "CCC": [ - "CCC.GenAI.CN03.AR01", - "CCC.GenAI.CN04.AR01", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR01", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN02.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04", - "CCC.Core.CN11.AR05", - "CCC.Core.CN11.AR06", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900789, - "created_time_dt": "2025-10-19T19:06:29.756296", - "desc": "Check for Publicly Accessible Cloud KMS Keys", - "title": "Check for Publicly Accessible Cloud KMS Keys", - "types": [], - "uid": "prowler-gcp-kms_key_not_publicly_accessible-nodal-time-474015-p5-us-central1-cfi-bucket-key-e7619e1f" - }, - "resources": [ - { - "region": "us-central1", - "data": { - "details": "", - "metadata": { - "id": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-e7619e1f/cryptoKeys/cfi-bucket-key-e7619e1f", - "name": "cfi-bucket-key-e7619e1f", - "location": "us-central1", - "rotation_period": null, - "next_rotation_time": null, - "key_ring": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-e7619e1f", - "members": [], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "cfi-bucket-key-e7619e1f", - "type": "CryptoKey", - "uid": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-e7619e1f/cryptoKeys/cfi-bucket-key-e7619e1f" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-central1" - }, - "remediation": { - "desc": "To deny access from anonymous and public users, remove the bindings for 'allUsers' and 'allAuthenticatedUsers' members from the KMS key's IAM policy.", - "references": [ - "https://cloud.google.com/kms/docs/iam" - ] - }, - "risk_details": "Ensure that the IAM policy associated with your Cloud Key Management Service (KMS) keys is restricting anonymous and/or public access", - "time": 1760900789, - "time_dt": "2025-10-19T19:06:29.756296", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Key cfi-bucket-key-f5bc86ea is not exposed to Public.", - "metadata": { - "event_code": "kms_key_not_publicly_accessible", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Key cfi-bucket-key-f5bc86ea is not exposed to Public.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.9" - ], - "ISO27001-2022": [ - "A.8.1", - "A.8.12", - "A.8.24" - ], - "ENS-RD2022": [ - "op.exp.10.gcp.kms.1" - ], - "PCI-4.0": [ - "10.3.3.6", - "3.5.1.1.7", - "3.5.1.1.8", - "3.5.1.3.15", - "3.5.1.3.16", - "3.5.1.5", - "3.5.1.15", - "3.5.1.16", - "3.5.1.17", - "3.5.1.31", - "3.5.1.32", - "3.5.1.35", - "3.6.1.2.7", - "3.6.1.2.8", - "3.6.1.3.7", - "3.6.1.3.8", - "3.6.1.4.7", - "3.6.1.4.8", - "3.6.1.7", - "3.6.1.8", - "3.7.1.8", - "3.7.1.9", - "3.7.2.7", - "3.7.2.8", - "3.7.4.5", - "3.7.4.8", - "3.7.4.9", - "3.7.5.2", - "3.7.6.7", - "3.7.6.8", - "3.7.7.7", - "3.7.7.8", - "4.2.1.1.20", - "4.2.1.1.21", - "7.2.1.9", - "7.2.1.10", - "7.2.2.9", - "7.2.2.10", - "7.2.3.5", - "7.2.3.6", - "7.2.5.5", - "7.2.5.6", - "7.3.1.5", - "7.3.1.6", - "7.3.2.5", - "7.3.2.6", - "7.3.3.5", - "7.3.3.6", - "8.2.7.5", - "8.2.7.6", - "8.2.8.7", - "8.2.8.8", - "8.3.2.9", - "8.3.2.24", - "8.3.2.50", - "8.3.2.51", - "8.3.2.53", - "8.3.2.54", - "8.3.4.5", - "8.3.4.6", - "A1.2.1.11" - ], - "MITRE-ATTACK": [ - "T1190" - ], - "CIS-2.0": [ - "1.9" - ], - "NIS2": [ - "9.2.c", - "9.2.c.i", - "9.2.c.iv", - "9.2.c.vi", - "9.2.c.xii", - "11.4.2.c", - "11.6.1" - ], - "ProwlerThreatScore-1.0": [ - "1.2.3" - ], - "CIS-4.0": [ - "1.9" - ], - "CCC": [ - "CCC.GenAI.CN03.AR01", - "CCC.GenAI.CN04.AR01", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR01", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN02.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04", - "CCC.Core.CN11.AR05", - "CCC.Core.CN11.AR06", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900789, - "created_time_dt": "2025-10-19T19:06:29.756296", - "desc": "Check for Publicly Accessible Cloud KMS Keys", - "title": "Check for Publicly Accessible Cloud KMS Keys", - "types": [], - "uid": "prowler-gcp-kms_key_not_publicly_accessible-nodal-time-474015-p5-us-central1-cfi-bucket-key-f5bc86ea" - }, - "resources": [ - { - "region": "us-central1", - "data": { - "details": "", - "metadata": { - "id": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-f5bc86ea/cryptoKeys/cfi-bucket-key-f5bc86ea", - "name": "cfi-bucket-key-f5bc86ea", - "location": "us-central1", - "rotation_period": null, - "next_rotation_time": null, - "key_ring": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-f5bc86ea", - "members": [], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "cfi-bucket-key-f5bc86ea", - "type": "CryptoKey", - "uid": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-f5bc86ea/cryptoKeys/cfi-bucket-key-f5bc86ea" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-central1" - }, - "remediation": { - "desc": "To deny access from anonymous and public users, remove the bindings for 'allUsers' and 'allAuthenticatedUsers' members from the KMS key's IAM policy.", - "references": [ - "https://cloud.google.com/kms/docs/iam" - ] - }, - "risk_details": "Ensure that the IAM policy associated with your Cloud Key Management Service (KMS) keys is restricting anonymous and/or public access", - "time": 1760900789, - "time_dt": "2025-10-19T19:06:29.756296", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Key cfi-bucket-key-13fa4761 is not rotated every 90 days or less and the next rotation time is in more than 90 days.", - "metadata": { - "event_code": "kms_key_rotation_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "Key cfi-bucket-key-13fa4761 is not rotated every 90 days or less and the next rotation time is in more than 90 days.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.10" - ], - "ISO27001-2022": [ - "A.5.16", - "A.8.12", - "A.8.24" - ], - "ENS-RD2022": [ - "op.acc.6.r1.gcp.ip.1" - ], - "PCI-4.0": [ - "10.3.3.6", - "3.5.1.1.7", - "3.5.1.1.8", - "3.5.1.1.9", - "3.5.1.3.15", - "3.5.1.3.16", - "3.5.1.3.17", - "3.5.1.5", - "3.5.1.15", - "3.5.1.31", - "3.5.1.32", - "3.6.1.2.7", - "3.6.1.2.8", - "3.6.1.2.9", - "3.6.1.3.8", - "3.6.1.3.9", - "3.6.1.4.7", - "3.6.1.4.8", - "3.6.1.4.9", - "3.6.1.7", - "3.6.1.8", - "3.6.1.9", - "3.7.1.9", - "3.7.1.10", - "3.7.2.8", - "3.7.2.9", - "3.7.4.5", - "3.7.4.9", - "3.7.4.10", - "3.7.5.2", - "3.7.6.7", - "3.7.6.8", - "3.7.6.9", - "3.7.7.8", - "3.7.7.9", - "4.2.1.1.20", - "4.2.1.1.21", - "4.2.1.1.22", - "7.2.1.10", - "7.2.2.10", - "7.2.3.5", - "7.2.3.6", - "7.2.5.5", - "7.2.5.6", - "7.3.1.5", - "7.3.1.6", - "7.3.2.6", - "7.3.3.5", - "7.3.3.6", - "8.2.7.5", - "8.2.7.6", - "8.2.8.8", - "8.3.10.1.1", - "8.3.2.9", - "8.3.2.22", - "8.3.2.50", - "8.3.2.51", - "8.3.4.6", - "8.3.5.1", - "8.3.7.1", - "8.3.9.1", - "8.6.3.1", - "A1.2.1.11" - ], - "CIS-2.0": [ - "1.10" - ], - "NIS2": [ - "9.2.c", - "9.2.c.i", - "9.2.c.ii", - "9.2.c.v", - "9.2.c.vi", - "9.2.c.xii", - "11.4.2.c", - "11.6.1", - "11.6.2.c", - "12.2.2.a", - "12.2.2.b" - ], - "ProwlerThreatScore-1.0": [ - "1.2.4" - ], - "CIS-4.0": [ - "1.10" - ], - "CCC": [ - "CCC.GenAI.CN08.AR01", - "CCC.KeyMgmt.CN03.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR01", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.Core.CN13.AR03", - "CCC.Core.CN02.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04", - "CCC.Core.CN11.AR05", - "CCC.Core.CN11.AR06", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900789, - "created_time_dt": "2025-10-19T19:06:29.756296", - "desc": "Ensure KMS keys are rotated within a period of 90 days", - "title": "Ensure KMS keys are rotated within a period of 90 days", - "types": [], - "uid": "prowler-gcp-kms_key_rotation_enabled-nodal-time-474015-p5-us-central1-cfi-bucket-key-13fa4761" - }, - "resources": [ - { - "region": "us-central1", - "data": { - "details": "", - "metadata": { - "id": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-13fa4761/cryptoKeys/cfi-bucket-key-13fa4761", - "name": "cfi-bucket-key-13fa4761", - "location": "us-central1", - "rotation_period": null, - "next_rotation_time": null, - "key_ring": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-13fa4761", - "members": [], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "cfi-bucket-key-13fa4761", - "type": "CryptoKey", - "uid": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-13fa4761/cryptoKeys/cfi-bucket-key-13fa4761" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-central1" - }, - "remediation": { - "desc": "After a successful key rotation, the older key version is required in order to decrypt the data encrypted by that previous key version.", - "references": [ - "https://cloud.google.com/iam/docs/manage-access-service-accounts" - ] - }, - "risk_details": "Ensure that all your Cloud Key Management Service (KMS) keys are rotated within a period of 90 days in order to meet security and compliance requirements", - "time": 1760900789, - "time_dt": "2025-10-19T19:06:29.756296", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Key cfi-bucket-key-1c7d7a2a is not rotated every 90 days or less and the next rotation time is in more than 90 days.", - "metadata": { - "event_code": "kms_key_rotation_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "Key cfi-bucket-key-1c7d7a2a is not rotated every 90 days or less and the next rotation time is in more than 90 days.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.10" - ], - "ISO27001-2022": [ - "A.5.16", - "A.8.12", - "A.8.24" - ], - "ENS-RD2022": [ - "op.acc.6.r1.gcp.ip.1" - ], - "PCI-4.0": [ - "10.3.3.6", - "3.5.1.1.7", - "3.5.1.1.8", - "3.5.1.1.9", - "3.5.1.3.15", - "3.5.1.3.16", - "3.5.1.3.17", - "3.5.1.5", - "3.5.1.15", - "3.5.1.31", - "3.5.1.32", - "3.6.1.2.7", - "3.6.1.2.8", - "3.6.1.2.9", - "3.6.1.3.8", - "3.6.1.3.9", - "3.6.1.4.7", - "3.6.1.4.8", - "3.6.1.4.9", - "3.6.1.7", - "3.6.1.8", - "3.6.1.9", - "3.7.1.9", - "3.7.1.10", - "3.7.2.8", - "3.7.2.9", - "3.7.4.5", - "3.7.4.9", - "3.7.4.10", - "3.7.5.2", - "3.7.6.7", - "3.7.6.8", - "3.7.6.9", - "3.7.7.8", - "3.7.7.9", - "4.2.1.1.20", - "4.2.1.1.21", - "4.2.1.1.22", - "7.2.1.10", - "7.2.2.10", - "7.2.3.5", - "7.2.3.6", - "7.2.5.5", - "7.2.5.6", - "7.3.1.5", - "7.3.1.6", - "7.3.2.6", - "7.3.3.5", - "7.3.3.6", - "8.2.7.5", - "8.2.7.6", - "8.2.8.8", - "8.3.10.1.1", - "8.3.2.9", - "8.3.2.22", - "8.3.2.50", - "8.3.2.51", - "8.3.4.6", - "8.3.5.1", - "8.3.7.1", - "8.3.9.1", - "8.6.3.1", - "A1.2.1.11" - ], - "CIS-2.0": [ - "1.10" - ], - "NIS2": [ - "9.2.c", - "9.2.c.i", - "9.2.c.ii", - "9.2.c.v", - "9.2.c.vi", - "9.2.c.xii", - "11.4.2.c", - "11.6.1", - "11.6.2.c", - "12.2.2.a", - "12.2.2.b" - ], - "ProwlerThreatScore-1.0": [ - "1.2.4" - ], - "CIS-4.0": [ - "1.10" - ], - "CCC": [ - "CCC.GenAI.CN08.AR01", - "CCC.KeyMgmt.CN03.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR01", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.Core.CN13.AR03", - "CCC.Core.CN02.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04", - "CCC.Core.CN11.AR05", - "CCC.Core.CN11.AR06", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900789, - "created_time_dt": "2025-10-19T19:06:29.756296", - "desc": "Ensure KMS keys are rotated within a period of 90 days", - "title": "Ensure KMS keys are rotated within a period of 90 days", - "types": [], - "uid": "prowler-gcp-kms_key_rotation_enabled-nodal-time-474015-p5-us-central1-cfi-bucket-key-1c7d7a2a" - }, - "resources": [ - { - "region": "us-central1", - "data": { - "details": "", - "metadata": { - "id": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-1c7d7a2a/cryptoKeys/cfi-bucket-key-1c7d7a2a", - "name": "cfi-bucket-key-1c7d7a2a", - "location": "us-central1", - "rotation_period": null, - "next_rotation_time": null, - "key_ring": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-1c7d7a2a", - "members": [], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "cfi-bucket-key-1c7d7a2a", - "type": "CryptoKey", - "uid": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-1c7d7a2a/cryptoKeys/cfi-bucket-key-1c7d7a2a" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-central1" - }, - "remediation": { - "desc": "After a successful key rotation, the older key version is required in order to decrypt the data encrypted by that previous key version.", - "references": [ - "https://cloud.google.com/iam/docs/manage-access-service-accounts" - ] - }, - "risk_details": "Ensure that all your Cloud Key Management Service (KMS) keys are rotated within a period of 90 days in order to meet security and compliance requirements", - "time": 1760900789, - "time_dt": "2025-10-19T19:06:29.756296", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Key cfi-bucket-key-1fba850e is rotated every 90 days or less and the next rotation time is in less than 90 days.", - "metadata": { - "event_code": "kms_key_rotation_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "PASS", - "status_detail": "Key cfi-bucket-key-1fba850e is rotated every 90 days or less and the next rotation time is in less than 90 days.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.10" - ], - "ISO27001-2022": [ - "A.5.16", - "A.8.12", - "A.8.24" - ], - "ENS-RD2022": [ - "op.acc.6.r1.gcp.ip.1" - ], - "PCI-4.0": [ - "10.3.3.6", - "3.5.1.1.7", - "3.5.1.1.8", - "3.5.1.1.9", - "3.5.1.3.15", - "3.5.1.3.16", - "3.5.1.3.17", - "3.5.1.5", - "3.5.1.15", - "3.5.1.31", - "3.5.1.32", - "3.6.1.2.7", - "3.6.1.2.8", - "3.6.1.2.9", - "3.6.1.3.8", - "3.6.1.3.9", - "3.6.1.4.7", - "3.6.1.4.8", - "3.6.1.4.9", - "3.6.1.7", - "3.6.1.8", - "3.6.1.9", - "3.7.1.9", - "3.7.1.10", - "3.7.2.8", - "3.7.2.9", - "3.7.4.5", - "3.7.4.9", - "3.7.4.10", - "3.7.5.2", - "3.7.6.7", - "3.7.6.8", - "3.7.6.9", - "3.7.7.8", - "3.7.7.9", - "4.2.1.1.20", - "4.2.1.1.21", - "4.2.1.1.22", - "7.2.1.10", - "7.2.2.10", - "7.2.3.5", - "7.2.3.6", - "7.2.5.5", - "7.2.5.6", - "7.3.1.5", - "7.3.1.6", - "7.3.2.6", - "7.3.3.5", - "7.3.3.6", - "8.2.7.5", - "8.2.7.6", - "8.2.8.8", - "8.3.10.1.1", - "8.3.2.9", - "8.3.2.22", - "8.3.2.50", - "8.3.2.51", - "8.3.4.6", - "8.3.5.1", - "8.3.7.1", - "8.3.9.1", - "8.6.3.1", - "A1.2.1.11" - ], - "CIS-2.0": [ - "1.10" - ], - "NIS2": [ - "9.2.c", - "9.2.c.i", - "9.2.c.ii", - "9.2.c.v", - "9.2.c.vi", - "9.2.c.xii", - "11.4.2.c", - "11.6.1", - "11.6.2.c", - "12.2.2.a", - "12.2.2.b" - ], - "ProwlerThreatScore-1.0": [ - "1.2.4" - ], - "CIS-4.0": [ - "1.10" - ], - "CCC": [ - "CCC.GenAI.CN08.AR01", - "CCC.KeyMgmt.CN03.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR01", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.Core.CN13.AR03", - "CCC.Core.CN02.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04", - "CCC.Core.CN11.AR05", - "CCC.Core.CN11.AR06", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900789, - "created_time_dt": "2025-10-19T19:06:29.756296", - "desc": "Ensure KMS keys are rotated within a period of 90 days", - "title": "Ensure KMS keys are rotated within a period of 90 days", - "types": [], - "uid": "prowler-gcp-kms_key_rotation_enabled-nodal-time-474015-p5-us-central1-cfi-bucket-key-1fba850e" - }, - "resources": [ - { - "region": "us-central1", - "data": { - "details": "", - "metadata": { - "id": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-1fba850e/cryptoKeys/cfi-bucket-key-1fba850e", - "name": "cfi-bucket-key-1fba850e", - "location": "us-central1", - "rotation_period": "2592000s", - "next_rotation_time": "2025-11-15T23:25:31.957183Z", - "key_ring": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-1fba850e", - "members": [], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "cfi-bucket-key-1fba850e", - "type": "CryptoKey", - "uid": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-1fba850e/cryptoKeys/cfi-bucket-key-1fba850e" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-central1" - }, - "remediation": { - "desc": "After a successful key rotation, the older key version is required in order to decrypt the data encrypted by that previous key version.", - "references": [ - "https://cloud.google.com/iam/docs/manage-access-service-accounts" - ] - }, - "risk_details": "Ensure that all your Cloud Key Management Service (KMS) keys are rotated within a period of 90 days in order to meet security and compliance requirements", - "time": 1760900789, - "time_dt": "2025-10-19T19:06:29.756296", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Key cfi-bucket-key-4cd10935 is not rotated every 90 days or less and the next rotation time is in more than 90 days.", - "metadata": { - "event_code": "kms_key_rotation_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "Key cfi-bucket-key-4cd10935 is not rotated every 90 days or less and the next rotation time is in more than 90 days.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.10" - ], - "ISO27001-2022": [ - "A.5.16", - "A.8.12", - "A.8.24" - ], - "ENS-RD2022": [ - "op.acc.6.r1.gcp.ip.1" - ], - "PCI-4.0": [ - "10.3.3.6", - "3.5.1.1.7", - "3.5.1.1.8", - "3.5.1.1.9", - "3.5.1.3.15", - "3.5.1.3.16", - "3.5.1.3.17", - "3.5.1.5", - "3.5.1.15", - "3.5.1.31", - "3.5.1.32", - "3.6.1.2.7", - "3.6.1.2.8", - "3.6.1.2.9", - "3.6.1.3.8", - "3.6.1.3.9", - "3.6.1.4.7", - "3.6.1.4.8", - "3.6.1.4.9", - "3.6.1.7", - "3.6.1.8", - "3.6.1.9", - "3.7.1.9", - "3.7.1.10", - "3.7.2.8", - "3.7.2.9", - "3.7.4.5", - "3.7.4.9", - "3.7.4.10", - "3.7.5.2", - "3.7.6.7", - "3.7.6.8", - "3.7.6.9", - "3.7.7.8", - "3.7.7.9", - "4.2.1.1.20", - "4.2.1.1.21", - "4.2.1.1.22", - "7.2.1.10", - "7.2.2.10", - "7.2.3.5", - "7.2.3.6", - "7.2.5.5", - "7.2.5.6", - "7.3.1.5", - "7.3.1.6", - "7.3.2.6", - "7.3.3.5", - "7.3.3.6", - "8.2.7.5", - "8.2.7.6", - "8.2.8.8", - "8.3.10.1.1", - "8.3.2.9", - "8.3.2.22", - "8.3.2.50", - "8.3.2.51", - "8.3.4.6", - "8.3.5.1", - "8.3.7.1", - "8.3.9.1", - "8.6.3.1", - "A1.2.1.11" - ], - "CIS-2.0": [ - "1.10" - ], - "NIS2": [ - "9.2.c", - "9.2.c.i", - "9.2.c.ii", - "9.2.c.v", - "9.2.c.vi", - "9.2.c.xii", - "11.4.2.c", - "11.6.1", - "11.6.2.c", - "12.2.2.a", - "12.2.2.b" - ], - "ProwlerThreatScore-1.0": [ - "1.2.4" - ], - "CIS-4.0": [ - "1.10" - ], - "CCC": [ - "CCC.GenAI.CN08.AR01", - "CCC.KeyMgmt.CN03.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR01", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.Core.CN13.AR03", - "CCC.Core.CN02.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04", - "CCC.Core.CN11.AR05", - "CCC.Core.CN11.AR06", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900789, - "created_time_dt": "2025-10-19T19:06:29.756296", - "desc": "Ensure KMS keys are rotated within a period of 90 days", - "title": "Ensure KMS keys are rotated within a period of 90 days", - "types": [], - "uid": "prowler-gcp-kms_key_rotation_enabled-nodal-time-474015-p5-us-central1-cfi-bucket-key-4cd10935" - }, - "resources": [ - { - "region": "us-central1", - "data": { - "details": "", - "metadata": { - "id": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-4cd10935/cryptoKeys/cfi-bucket-key-4cd10935", - "name": "cfi-bucket-key-4cd10935", - "location": "us-central1", - "rotation_period": null, - "next_rotation_time": null, - "key_ring": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-4cd10935", - "members": [], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "cfi-bucket-key-4cd10935", - "type": "CryptoKey", - "uid": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-4cd10935/cryptoKeys/cfi-bucket-key-4cd10935" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-central1" - }, - "remediation": { - "desc": "After a successful key rotation, the older key version is required in order to decrypt the data encrypted by that previous key version.", - "references": [ - "https://cloud.google.com/iam/docs/manage-access-service-accounts" - ] - }, - "risk_details": "Ensure that all your Cloud Key Management Service (KMS) keys are rotated within a period of 90 days in order to meet security and compliance requirements", - "time": 1760900789, - "time_dt": "2025-10-19T19:06:29.756296", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Key cfi-bucket-key-7a427af0 is rotated every 90 days or less and the next rotation time is in less than 90 days.", - "metadata": { - "event_code": "kms_key_rotation_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "PASS", - "status_detail": "Key cfi-bucket-key-7a427af0 is rotated every 90 days or less and the next rotation time is in less than 90 days.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.10" - ], - "ISO27001-2022": [ - "A.5.16", - "A.8.12", - "A.8.24" - ], - "ENS-RD2022": [ - "op.acc.6.r1.gcp.ip.1" - ], - "PCI-4.0": [ - "10.3.3.6", - "3.5.1.1.7", - "3.5.1.1.8", - "3.5.1.1.9", - "3.5.1.3.15", - "3.5.1.3.16", - "3.5.1.3.17", - "3.5.1.5", - "3.5.1.15", - "3.5.1.31", - "3.5.1.32", - "3.6.1.2.7", - "3.6.1.2.8", - "3.6.1.2.9", - "3.6.1.3.8", - "3.6.1.3.9", - "3.6.1.4.7", - "3.6.1.4.8", - "3.6.1.4.9", - "3.6.1.7", - "3.6.1.8", - "3.6.1.9", - "3.7.1.9", - "3.7.1.10", - "3.7.2.8", - "3.7.2.9", - "3.7.4.5", - "3.7.4.9", - "3.7.4.10", - "3.7.5.2", - "3.7.6.7", - "3.7.6.8", - "3.7.6.9", - "3.7.7.8", - "3.7.7.9", - "4.2.1.1.20", - "4.2.1.1.21", - "4.2.1.1.22", - "7.2.1.10", - "7.2.2.10", - "7.2.3.5", - "7.2.3.6", - "7.2.5.5", - "7.2.5.6", - "7.3.1.5", - "7.3.1.6", - "7.3.2.6", - "7.3.3.5", - "7.3.3.6", - "8.2.7.5", - "8.2.7.6", - "8.2.8.8", - "8.3.10.1.1", - "8.3.2.9", - "8.3.2.22", - "8.3.2.50", - "8.3.2.51", - "8.3.4.6", - "8.3.5.1", - "8.3.7.1", - "8.3.9.1", - "8.6.3.1", - "A1.2.1.11" - ], - "CIS-2.0": [ - "1.10" - ], - "NIS2": [ - "9.2.c", - "9.2.c.i", - "9.2.c.ii", - "9.2.c.v", - "9.2.c.vi", - "9.2.c.xii", - "11.4.2.c", - "11.6.1", - "11.6.2.c", - "12.2.2.a", - "12.2.2.b" - ], - "ProwlerThreatScore-1.0": [ - "1.2.4" - ], - "CIS-4.0": [ - "1.10" - ], - "CCC": [ - "CCC.GenAI.CN08.AR01", - "CCC.KeyMgmt.CN03.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR01", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.Core.CN13.AR03", - "CCC.Core.CN02.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04", - "CCC.Core.CN11.AR05", - "CCC.Core.CN11.AR06", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900789, - "created_time_dt": "2025-10-19T19:06:29.756296", - "desc": "Ensure KMS keys are rotated within a period of 90 days", - "title": "Ensure KMS keys are rotated within a period of 90 days", - "types": [], - "uid": "prowler-gcp-kms_key_rotation_enabled-nodal-time-474015-p5-us-central1-cfi-bucket-key-7a427af0" - }, - "resources": [ - { - "region": "us-central1", - "data": { - "details": "", - "metadata": { - "id": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-7a427af0/cryptoKeys/cfi-bucket-key-7a427af0", - "name": "cfi-bucket-key-7a427af0", - "location": "us-central1", - "rotation_period": "2592000s", - "next_rotation_time": "2025-11-16T15:28:10.344444Z", - "key_ring": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-7a427af0", - "members": [], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "cfi-bucket-key-7a427af0", - "type": "CryptoKey", - "uid": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-7a427af0/cryptoKeys/cfi-bucket-key-7a427af0" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-central1" - }, - "remediation": { - "desc": "After a successful key rotation, the older key version is required in order to decrypt the data encrypted by that previous key version.", - "references": [ - "https://cloud.google.com/iam/docs/manage-access-service-accounts" - ] - }, - "risk_details": "Ensure that all your Cloud Key Management Service (KMS) keys are rotated within a period of 90 days in order to meet security and compliance requirements", - "time": 1760900789, - "time_dt": "2025-10-19T19:06:29.756296", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Key cfi-bucket-key-a03be2ac is not rotated every 90 days or less and the next rotation time is in more than 90 days.", - "metadata": { - "event_code": "kms_key_rotation_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "Key cfi-bucket-key-a03be2ac is not rotated every 90 days or less and the next rotation time is in more than 90 days.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.10" - ], - "ISO27001-2022": [ - "A.5.16", - "A.8.12", - "A.8.24" - ], - "ENS-RD2022": [ - "op.acc.6.r1.gcp.ip.1" - ], - "PCI-4.0": [ - "10.3.3.6", - "3.5.1.1.7", - "3.5.1.1.8", - "3.5.1.1.9", - "3.5.1.3.15", - "3.5.1.3.16", - "3.5.1.3.17", - "3.5.1.5", - "3.5.1.15", - "3.5.1.31", - "3.5.1.32", - "3.6.1.2.7", - "3.6.1.2.8", - "3.6.1.2.9", - "3.6.1.3.8", - "3.6.1.3.9", - "3.6.1.4.7", - "3.6.1.4.8", - "3.6.1.4.9", - "3.6.1.7", - "3.6.1.8", - "3.6.1.9", - "3.7.1.9", - "3.7.1.10", - "3.7.2.8", - "3.7.2.9", - "3.7.4.5", - "3.7.4.9", - "3.7.4.10", - "3.7.5.2", - "3.7.6.7", - "3.7.6.8", - "3.7.6.9", - "3.7.7.8", - "3.7.7.9", - "4.2.1.1.20", - "4.2.1.1.21", - "4.2.1.1.22", - "7.2.1.10", - "7.2.2.10", - "7.2.3.5", - "7.2.3.6", - "7.2.5.5", - "7.2.5.6", - "7.3.1.5", - "7.3.1.6", - "7.3.2.6", - "7.3.3.5", - "7.3.3.6", - "8.2.7.5", - "8.2.7.6", - "8.2.8.8", - "8.3.10.1.1", - "8.3.2.9", - "8.3.2.22", - "8.3.2.50", - "8.3.2.51", - "8.3.4.6", - "8.3.5.1", - "8.3.7.1", - "8.3.9.1", - "8.6.3.1", - "A1.2.1.11" - ], - "CIS-2.0": [ - "1.10" - ], - "NIS2": [ - "9.2.c", - "9.2.c.i", - "9.2.c.ii", - "9.2.c.v", - "9.2.c.vi", - "9.2.c.xii", - "11.4.2.c", - "11.6.1", - "11.6.2.c", - "12.2.2.a", - "12.2.2.b" - ], - "ProwlerThreatScore-1.0": [ - "1.2.4" - ], - "CIS-4.0": [ - "1.10" - ], - "CCC": [ - "CCC.GenAI.CN08.AR01", - "CCC.KeyMgmt.CN03.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR01", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.Core.CN13.AR03", - "CCC.Core.CN02.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04", - "CCC.Core.CN11.AR05", - "CCC.Core.CN11.AR06", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900789, - "created_time_dt": "2025-10-19T19:06:29.756296", - "desc": "Ensure KMS keys are rotated within a period of 90 days", - "title": "Ensure KMS keys are rotated within a period of 90 days", - "types": [], - "uid": "prowler-gcp-kms_key_rotation_enabled-nodal-time-474015-p5-us-central1-cfi-bucket-key-a03be2ac" - }, - "resources": [ - { - "region": "us-central1", - "data": { - "details": "", - "metadata": { - "id": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-a03be2ac/cryptoKeys/cfi-bucket-key-a03be2ac", - "name": "cfi-bucket-key-a03be2ac", - "location": "us-central1", - "rotation_period": null, - "next_rotation_time": null, - "key_ring": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-a03be2ac", - "members": [], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "cfi-bucket-key-a03be2ac", - "type": "CryptoKey", - "uid": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-a03be2ac/cryptoKeys/cfi-bucket-key-a03be2ac" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-central1" - }, - "remediation": { - "desc": "After a successful key rotation, the older key version is required in order to decrypt the data encrypted by that previous key version.", - "references": [ - "https://cloud.google.com/iam/docs/manage-access-service-accounts" - ] - }, - "risk_details": "Ensure that all your Cloud Key Management Service (KMS) keys are rotated within a period of 90 days in order to meet security and compliance requirements", - "time": 1760900789, - "time_dt": "2025-10-19T19:06:29.756296", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Key cfi-bucket-key-a1aaa547 is rotated every 90 days or less and the next rotation time is in less than 90 days.", - "metadata": { - "event_code": "kms_key_rotation_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "PASS", - "status_detail": "Key cfi-bucket-key-a1aaa547 is rotated every 90 days or less and the next rotation time is in less than 90 days.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.10" - ], - "ISO27001-2022": [ - "A.5.16", - "A.8.12", - "A.8.24" - ], - "ENS-RD2022": [ - "op.acc.6.r1.gcp.ip.1" - ], - "PCI-4.0": [ - "10.3.3.6", - "3.5.1.1.7", - "3.5.1.1.8", - "3.5.1.1.9", - "3.5.1.3.15", - "3.5.1.3.16", - "3.5.1.3.17", - "3.5.1.5", - "3.5.1.15", - "3.5.1.31", - "3.5.1.32", - "3.6.1.2.7", - "3.6.1.2.8", - "3.6.1.2.9", - "3.6.1.3.8", - "3.6.1.3.9", - "3.6.1.4.7", - "3.6.1.4.8", - "3.6.1.4.9", - "3.6.1.7", - "3.6.1.8", - "3.6.1.9", - "3.7.1.9", - "3.7.1.10", - "3.7.2.8", - "3.7.2.9", - "3.7.4.5", - "3.7.4.9", - "3.7.4.10", - "3.7.5.2", - "3.7.6.7", - "3.7.6.8", - "3.7.6.9", - "3.7.7.8", - "3.7.7.9", - "4.2.1.1.20", - "4.2.1.1.21", - "4.2.1.1.22", - "7.2.1.10", - "7.2.2.10", - "7.2.3.5", - "7.2.3.6", - "7.2.5.5", - "7.2.5.6", - "7.3.1.5", - "7.3.1.6", - "7.3.2.6", - "7.3.3.5", - "7.3.3.6", - "8.2.7.5", - "8.2.7.6", - "8.2.8.8", - "8.3.10.1.1", - "8.3.2.9", - "8.3.2.22", - "8.3.2.50", - "8.3.2.51", - "8.3.4.6", - "8.3.5.1", - "8.3.7.1", - "8.3.9.1", - "8.6.3.1", - "A1.2.1.11" - ], - "CIS-2.0": [ - "1.10" - ], - "NIS2": [ - "9.2.c", - "9.2.c.i", - "9.2.c.ii", - "9.2.c.v", - "9.2.c.vi", - "9.2.c.xii", - "11.4.2.c", - "11.6.1", - "11.6.2.c", - "12.2.2.a", - "12.2.2.b" - ], - "ProwlerThreatScore-1.0": [ - "1.2.4" - ], - "CIS-4.0": [ - "1.10" - ], - "CCC": [ - "CCC.GenAI.CN08.AR01", - "CCC.KeyMgmt.CN03.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR01", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.Core.CN13.AR03", - "CCC.Core.CN02.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04", - "CCC.Core.CN11.AR05", - "CCC.Core.CN11.AR06", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900789, - "created_time_dt": "2025-10-19T19:06:29.756296", - "desc": "Ensure KMS keys are rotated within a period of 90 days", - "title": "Ensure KMS keys are rotated within a period of 90 days", - "types": [], - "uid": "prowler-gcp-kms_key_rotation_enabled-nodal-time-474015-p5-us-central1-cfi-bucket-key-a1aaa547" - }, - "resources": [ - { - "region": "us-central1", - "data": { - "details": "", - "metadata": { - "id": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-a1aaa547/cryptoKeys/cfi-bucket-key-a1aaa547", - "name": "cfi-bucket-key-a1aaa547", - "location": "us-central1", - "rotation_period": "2592000s", - "next_rotation_time": "2025-11-16T00:25:56.259471Z", - "key_ring": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-a1aaa547", - "members": [], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "cfi-bucket-key-a1aaa547", - "type": "CryptoKey", - "uid": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-a1aaa547/cryptoKeys/cfi-bucket-key-a1aaa547" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-central1" - }, - "remediation": { - "desc": "After a successful key rotation, the older key version is required in order to decrypt the data encrypted by that previous key version.", - "references": [ - "https://cloud.google.com/iam/docs/manage-access-service-accounts" - ] - }, - "risk_details": "Ensure that all your Cloud Key Management Service (KMS) keys are rotated within a period of 90 days in order to meet security and compliance requirements", - "time": 1760900789, - "time_dt": "2025-10-19T19:06:29.756296", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Key cfi-bucket-key-e7619e1f is not rotated every 90 days or less and the next rotation time is in more than 90 days.", - "metadata": { - "event_code": "kms_key_rotation_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "Key cfi-bucket-key-e7619e1f is not rotated every 90 days or less and the next rotation time is in more than 90 days.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.10" - ], - "ISO27001-2022": [ - "A.5.16", - "A.8.12", - "A.8.24" - ], - "ENS-RD2022": [ - "op.acc.6.r1.gcp.ip.1" - ], - "PCI-4.0": [ - "10.3.3.6", - "3.5.1.1.7", - "3.5.1.1.8", - "3.5.1.1.9", - "3.5.1.3.15", - "3.5.1.3.16", - "3.5.1.3.17", - "3.5.1.5", - "3.5.1.15", - "3.5.1.31", - "3.5.1.32", - "3.6.1.2.7", - "3.6.1.2.8", - "3.6.1.2.9", - "3.6.1.3.8", - "3.6.1.3.9", - "3.6.1.4.7", - "3.6.1.4.8", - "3.6.1.4.9", - "3.6.1.7", - "3.6.1.8", - "3.6.1.9", - "3.7.1.9", - "3.7.1.10", - "3.7.2.8", - "3.7.2.9", - "3.7.4.5", - "3.7.4.9", - "3.7.4.10", - "3.7.5.2", - "3.7.6.7", - "3.7.6.8", - "3.7.6.9", - "3.7.7.8", - "3.7.7.9", - "4.2.1.1.20", - "4.2.1.1.21", - "4.2.1.1.22", - "7.2.1.10", - "7.2.2.10", - "7.2.3.5", - "7.2.3.6", - "7.2.5.5", - "7.2.5.6", - "7.3.1.5", - "7.3.1.6", - "7.3.2.6", - "7.3.3.5", - "7.3.3.6", - "8.2.7.5", - "8.2.7.6", - "8.2.8.8", - "8.3.10.1.1", - "8.3.2.9", - "8.3.2.22", - "8.3.2.50", - "8.3.2.51", - "8.3.4.6", - "8.3.5.1", - "8.3.7.1", - "8.3.9.1", - "8.6.3.1", - "A1.2.1.11" - ], - "CIS-2.0": [ - "1.10" - ], - "NIS2": [ - "9.2.c", - "9.2.c.i", - "9.2.c.ii", - "9.2.c.v", - "9.2.c.vi", - "9.2.c.xii", - "11.4.2.c", - "11.6.1", - "11.6.2.c", - "12.2.2.a", - "12.2.2.b" - ], - "ProwlerThreatScore-1.0": [ - "1.2.4" - ], - "CIS-4.0": [ - "1.10" - ], - "CCC": [ - "CCC.GenAI.CN08.AR01", - "CCC.KeyMgmt.CN03.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR01", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.Core.CN13.AR03", - "CCC.Core.CN02.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04", - "CCC.Core.CN11.AR05", - "CCC.Core.CN11.AR06", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900789, - "created_time_dt": "2025-10-19T19:06:29.756296", - "desc": "Ensure KMS keys are rotated within a period of 90 days", - "title": "Ensure KMS keys are rotated within a period of 90 days", - "types": [], - "uid": "prowler-gcp-kms_key_rotation_enabled-nodal-time-474015-p5-us-central1-cfi-bucket-key-e7619e1f" - }, - "resources": [ - { - "region": "us-central1", - "data": { - "details": "", - "metadata": { - "id": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-e7619e1f/cryptoKeys/cfi-bucket-key-e7619e1f", - "name": "cfi-bucket-key-e7619e1f", - "location": "us-central1", - "rotation_period": null, - "next_rotation_time": null, - "key_ring": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-e7619e1f", - "members": [], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "cfi-bucket-key-e7619e1f", - "type": "CryptoKey", - "uid": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-e7619e1f/cryptoKeys/cfi-bucket-key-e7619e1f" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-central1" - }, - "remediation": { - "desc": "After a successful key rotation, the older key version is required in order to decrypt the data encrypted by that previous key version.", - "references": [ - "https://cloud.google.com/iam/docs/manage-access-service-accounts" - ] - }, - "risk_details": "Ensure that all your Cloud Key Management Service (KMS) keys are rotated within a period of 90 days in order to meet security and compliance requirements", - "time": 1760900789, - "time_dt": "2025-10-19T19:06:29.756296", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Key cfi-bucket-key-f5bc86ea is not rotated every 90 days or less and the next rotation time is in more than 90 days.", - "metadata": { - "event_code": "kms_key_rotation_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "Key cfi-bucket-key-f5bc86ea is not rotated every 90 days or less and the next rotation time is in more than 90 days.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.10" - ], - "ISO27001-2022": [ - "A.5.16", - "A.8.12", - "A.8.24" - ], - "ENS-RD2022": [ - "op.acc.6.r1.gcp.ip.1" - ], - "PCI-4.0": [ - "10.3.3.6", - "3.5.1.1.7", - "3.5.1.1.8", - "3.5.1.1.9", - "3.5.1.3.15", - "3.5.1.3.16", - "3.5.1.3.17", - "3.5.1.5", - "3.5.1.15", - "3.5.1.31", - "3.5.1.32", - "3.6.1.2.7", - "3.6.1.2.8", - "3.6.1.2.9", - "3.6.1.3.8", - "3.6.1.3.9", - "3.6.1.4.7", - "3.6.1.4.8", - "3.6.1.4.9", - "3.6.1.7", - "3.6.1.8", - "3.6.1.9", - "3.7.1.9", - "3.7.1.10", - "3.7.2.8", - "3.7.2.9", - "3.7.4.5", - "3.7.4.9", - "3.7.4.10", - "3.7.5.2", - "3.7.6.7", - "3.7.6.8", - "3.7.6.9", - "3.7.7.8", - "3.7.7.9", - "4.2.1.1.20", - "4.2.1.1.21", - "4.2.1.1.22", - "7.2.1.10", - "7.2.2.10", - "7.2.3.5", - "7.2.3.6", - "7.2.5.5", - "7.2.5.6", - "7.3.1.5", - "7.3.1.6", - "7.3.2.6", - "7.3.3.5", - "7.3.3.6", - "8.2.7.5", - "8.2.7.6", - "8.2.8.8", - "8.3.10.1.1", - "8.3.2.9", - "8.3.2.22", - "8.3.2.50", - "8.3.2.51", - "8.3.4.6", - "8.3.5.1", - "8.3.7.1", - "8.3.9.1", - "8.6.3.1", - "A1.2.1.11" - ], - "CIS-2.0": [ - "1.10" - ], - "NIS2": [ - "9.2.c", - "9.2.c.i", - "9.2.c.ii", - "9.2.c.v", - "9.2.c.vi", - "9.2.c.xii", - "11.4.2.c", - "11.6.1", - "11.6.2.c", - "12.2.2.a", - "12.2.2.b" - ], - "ProwlerThreatScore-1.0": [ - "1.2.4" - ], - "CIS-4.0": [ - "1.10" - ], - "CCC": [ - "CCC.GenAI.CN08.AR01", - "CCC.KeyMgmt.CN03.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR01", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.Core.CN13.AR03", - "CCC.Core.CN02.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04", - "CCC.Core.CN11.AR05", - "CCC.Core.CN11.AR06", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900789, - "created_time_dt": "2025-10-19T19:06:29.756296", - "desc": "Ensure KMS keys are rotated within a period of 90 days", - "title": "Ensure KMS keys are rotated within a period of 90 days", - "types": [], - "uid": "prowler-gcp-kms_key_rotation_enabled-nodal-time-474015-p5-us-central1-cfi-bucket-key-f5bc86ea" - }, - "resources": [ - { - "region": "us-central1", - "data": { - "details": "", - "metadata": { - "id": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-f5bc86ea/cryptoKeys/cfi-bucket-key-f5bc86ea", - "name": "cfi-bucket-key-f5bc86ea", - "location": "us-central1", - "rotation_period": null, - "next_rotation_time": null, - "key_ring": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-f5bc86ea", - "members": [], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "cfi-bucket-key-f5bc86ea", - "type": "CryptoKey", - "uid": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-f5bc86ea/cryptoKeys/cfi-bucket-key-f5bc86ea" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-central1" - }, - "remediation": { - "desc": "After a successful key rotation, the older key version is required in order to decrypt the data encrypted by that previous key version.", - "references": [ - "https://cloud.google.com/iam/docs/manage-access-service-accounts" - ] - }, - "risk_details": "Ensure that all your Cloud Key Management Service (KMS) keys are rotated within a period of 90 days in order to meet security and compliance requirements", - "time": 1760900789, - "time_dt": "2025-10-19T19:06:29.756296", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There are no log metric filters or alerts associated in project nodal-time-474015-p5.", - "metadata": { - "event_code": "logging_log_metric_filter_and_alert_for_audit_configuration_changes_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "There are no log metric filters or alerts associated in project nodal-time-474015-p5.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "2.5" - ], - "SOC2": [ - "cc_2_1", - "cc_5_2", - "cc_7_2", - "cc_7_3", - "cc_7_4", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "ENS-RD2022": [ - "op.exp.1.r2.gcp.cai.1", - "op.exp.4.r4.gcp.log.1", - "op.mon.3.r6.gcp.scc.1" - ], - "PCI-4.0": [ - "10.2.1.1.7", - "10.2.1.1.10", - "10.2.1.1.20", - "10.2.1.1.36", - "10.2.1.2.7", - "10.2.1.2.8", - "10.2.1.3.7", - "10.2.1.3.8", - "10.2.1.3.17", - "10.2.1.4.7", - "10.2.1.4.8", - "10.2.1.5.7", - "10.2.1.6.7", - "10.2.1.7.7", - "10.2.1.7", - "10.2.1.17", - "10.2.1.18", - "10.2.2.7", - "10.2.2.8", - "10.2.2.15", - "10.2.2.18", - "10.3.1.7", - "10.3.1.8", - "10.3.2.2", - "10.3.3.4", - "10.3.4.3", - "10.3.4.6", - "10.5.1.3", - "10.6.3.7", - "10.6.3.10", - "10.6.3.22", - "10.6.3.24", - "10.6.3.41", - "11.5.2.4", - "11.6.1.4", - "12.10.5.3", - "12.10.5.4", - "5.3.4.8", - "5.3.4.20", - "5.3.4.21", - "A1.2.1.7", - "A1.2.1.8", - "A1.2.1.12", - "A3.3.1.6", - "A3.5.1.6" - ], - "MITRE-ATTACK": [ - "T1485", - "T1499", - "T1496" - ], - "CIS-2.0": [ - "2.5" - ], - "NIS2": [ - "1.1.2", - "2.1.2.h", - "2.2.1", - "3.2.1", - "3.2.3.b", - "3.2.3.f", - "3.2.4", - "3.4.1", - "3.6.2", - "6.4.1", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "1.3.5" - ], - "CIS-4.0": [ - "2.5" - ], - "CCC": [ - "CCC.AuditLog.CN01.AR01", - "CCC.AuditLog.CN01.AR02", - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN03.AR02", - "CCC.DataWar.CN03.AR01", - "CCC.GenAI.CN03.AR01", - "CCC.LB.CN01.AR01", - "CCC.LB.CN05.AR01", - "CCC.LB.CN09.AR01", - "CCC.Logging.CN06.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Monitor.CN02.AR01", - "CCC.Monitor.CN05.AR01", - "CCC.Vector.CN05.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR02", - "CCC.Core.CN04.AR03", - "CCC.Core.CN07.AR01", - "CCC.Core.CN07.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900789, - "created_time_dt": "2025-10-19T19:06:29.756296", - "desc": "Ensure That the Log Metric Filter and Alerts Exist for Audit Configuration Changes.", - "title": "Ensure That the Log Metric Filter and Alerts Exist for Audit Configuration Changes.", - "types": [], - "uid": "prowler-gcp-logging_log_metric_filter_and_alert_for_audit_configuration_changes_enabled-nodal-time-474015-p5-global-My First Project" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "number": 784623368087, - "id": "nodal-time-474015-p5", - "name": "My First Project", - "organization": null, - "labels": {}, - "lifecycle_state": "ACTIVE" - } - }, - "group": { - "name": "logging" - }, - "labels": [], - "name": "My First Project", - "type": "MetricFilter", - "uid": "nodal-time-474015-p5" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "By using Google Cloud alerting policies to detect audit configuration changes, you make sure that the recommended state of audit configuration is well maintained so that all the activities performed within your GCP project are available for security analysis and auditing at any point in time.", - "references": [ - "https://cloud.google.com/monitoring/alerts" - ] - }, - "risk_details": "Admin Activity audit logs and Data Access audit logs produced by the Google Cloud Audit Logs service can be extremely useful for security analysis, resource change tracking, and compliance auditing.", - "time": 1760900789, - "time_dt": "2025-10-19T19:06:29.756296", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There are no log metric filters or alerts associated in project nodal-time-474015-p5.", - "metadata": { - "event_code": "logging_log_metric_filter_and_alert_for_bucket_permission_changes_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "There are no log metric filters or alerts associated in project nodal-time-474015-p5.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "2.10" - ], - "SOC2": [ - "cc_2_1", - "cc_3_3", - "cc_5_2", - "cc_7_2", - "cc_7_3", - "cc_7_4", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "ENS-RD2022": [ - "op.exp.1.r2.gcp.cai.1" - ], - "PCI-4.0": [ - "10.2.1.1.7", - "10.2.1.1.9", - "10.2.1.1.30", - "10.2.1.2.7", - "10.2.1.2.27", - "10.2.1.3.7", - "10.2.1.4.27", - "10.2.1.5.7", - "10.2.1.5.27", - "10.2.1.6.7", - "10.2.1.6.27", - "10.2.1.7.7", - "10.2.1.7.27", - "10.2.1.7", - "10.2.1.27", - "10.2.2.7", - "10.2.2.27", - "10.3.1.7", - "10.3.1.27", - "10.4.1.1.2", - "10.4.1.2", - "10.4.2.3", - "10.6.3.7", - "10.6.3.9", - "10.6.3.34", - "10.6.3.41", - "10.7.1.4", - "10.7.2.4", - "11.5.2.5", - "12.10.5.3", - "5.3.4.7", - "5.3.4.32", - "7.2.2.2", - "A1.2.1.7", - "A1.2.1.32", - "A3.3.1.4", - "A3.5.1.4" - ], - "MITRE-ATTACK": [ - "T1485", - "T1499", - "T1496" - ], - "CIS-2.0": [ - "2.10" - ], - "NIS2": [ - "1.1.2", - "2.1.2.h", - "2.2.1", - "3.2.1", - "3.2.3.b", - "3.2.3.f", - "3.2.4", - "3.4.1", - "3.6.2", - "6.2.2.b", - "6.4.1", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.5" - ], - "CIS-4.0": [ - "2.10" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.Logging.CN06.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Monitor.CN02.AR01", - "CCC.Monitor.CN05.AR01", - "CCC.Vector.CN05.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR02", - "CCC.Core.CN04.AR03", - "CCC.Core.CN07.AR01", - "CCC.Core.CN07.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900789, - "created_time_dt": "2025-10-19T19:06:29.756296", - "desc": "Ensure That the Log Metric Filter and Alerts Exist for Cloud Storage IAM Permission Changes.", - "title": "Ensure That the Log Metric Filter and Alerts Exist for Cloud Storage IAM Permission Changes.", - "types": [], - "uid": "prowler-gcp-logging_log_metric_filter_and_alert_for_bucket_permission_changes_enabled-nodal-time-474015-p5-global-My First Project" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "number": 784623368087, - "id": "nodal-time-474015-p5", - "name": "My First Project", - "organization": null, - "labels": {}, - "lifecycle_state": "ACTIVE" - } - }, - "group": { - "name": "logging" - }, - "labels": [], - "name": "My First Project", - "type": "MetricFilter", - "uid": "nodal-time-474015-p5" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended that a metric filter and alarm be established for Cloud Storage Bucket IAM changes.", - "references": [ - "https://cloud.google.com/monitoring/alerts" - ] - }, - "risk_details": "Monitoring changes to cloud storage bucket permissions may reduce the time needed to detect and correct permissions on sensitive cloud storage buckets and objects inside the bucket.", - "time": 1760900789, - "time_dt": "2025-10-19T19:06:29.756296", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There are no log metric filters or alerts associated in project nodal-time-474015-p5.", - "metadata": { - "event_code": "logging_log_metric_filter_and_alert_for_custom_role_changes_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "There are no log metric filters or alerts associated in project nodal-time-474015-p5.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "2.6" - ], - "SOC2": [ - "cc_2_1", - "cc_5_2", - "cc_7_2", - "cc_7_3", - "cc_7_4", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "ENS-RD2022": [ - "opc.acc.1.r1.gcp.iam.2" - ], - "PCI-4.0": [ - "7.3.1.12", - "7.3.2.13" - ], - "MITRE-ATTACK": [ - "T1485", - "T1499", - "T1496" - ], - "CIS-2.0": [ - "2.6" - ], - "NIS2": [ - "1.1.2", - "2.1.2.h", - "2.2.1", - "3.2.1", - "3.2.3.b", - "3.2.3.d", - "3.2.3.f", - "3.2.4", - "3.4.1", - "3.6.2", - "6.4.1", - "7.2.b", - "11.2.2.e", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "1.3.6" - ], - "CIS-4.0": [ - "2.6" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.LB.CN05.AR01", - "CCC.LB.CN09.AR01", - "CCC.Logging.CN06.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Monitor.CN02.AR01", - "CCC.Monitor.CN05.AR01", - "CCC.Vector.CN05.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR02", - "CCC.Core.CN04.AR03", - "CCC.Core.CN07.AR01", - "CCC.Core.CN07.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900789, - "created_time_dt": "2025-10-19T19:06:29.756296", - "desc": "Ensure That the Log Metric Filter and Alerts Exist for Custom Role Changes.", - "title": "Ensure That the Log Metric Filter and Alerts Exist for Custom Role Changes.", - "types": [], - "uid": "prowler-gcp-logging_log_metric_filter_and_alert_for_custom_role_changes_enabled-nodal-time-474015-p5-global-My First Project" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "number": 784623368087, - "id": "nodal-time-474015-p5", - "name": "My First Project", - "organization": null, - "labels": {}, - "lifecycle_state": "ACTIVE" - } - }, - "group": { - "name": "logging" - }, - "labels": [], - "name": "My First Project", - "type": "MetricFilter", - "uid": "nodal-time-474015-p5" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended that a metric filter and alarm be established for changes to Identity and Access Management (IAM) role creation, deletion and updating activities.", - "references": [ - "https://cloud.google.com/monitoring/alerts" - ] - }, - "risk_details": "Google Cloud IAM provides predefined roles that give granular access to specific Google Cloud Platform resources and prevent unwanted access to other resources.", - "time": 1760900789, - "time_dt": "2025-10-19T19:06:29.756296", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There are no log metric filters or alerts associated in project nodal-time-474015-p5.", - "metadata": { - "event_code": "logging_log_metric_filter_and_alert_for_project_ownership_changes_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "There are no log metric filters or alerts associated in project nodal-time-474015-p5.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "2.4" - ], - "SOC2": [ - "cc_2_1", - "cc_3_3", - "cc_5_2", - "cc_7_2", - "cc_7_3", - "cc_7_4", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "ENS-RD2022": [ - "opc.acc.1.r1.gcp.iam.2", - "op.acc.3.r1.gcp.iam.1" - ], - "MITRE-ATTACK": [ - "T1485", - "T1499", - "T1496" - ], - "CIS-2.0": [ - "2.4" - ], - "NIS2": [ - "1.1.2", - "2.1.2.h", - "2.2.1", - "3.2.1", - "3.2.3.b", - "3.2.3.f", - "3.2.4", - "3.4.1", - "3.6.2", - "6.4.1", - "7.2.b", - "11.2.2.e", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "1.3.4" - ], - "CIS-4.0": [ - "2.4" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.LB.CN05.AR01", - "CCC.Logging.CN06.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Monitor.CN02.AR01", - "CCC.Monitor.CN05.AR01", - "CCC.Vector.CN05.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR02", - "CCC.Core.CN04.AR03", - "CCC.Core.CN07.AR01", - "CCC.Core.CN07.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900789, - "created_time_dt": "2025-10-19T19:06:29.756296", - "desc": "Ensure Log Metric Filter and Alerts Exist for Project Ownership Assignments/Changes.", - "title": "Ensure Log Metric Filter and Alerts Exist for Project Ownership Assignments/Changes.", - "types": [], - "uid": "prowler-gcp-logging_log_metric_filter_and_alert_for_project_ownership_changes_enabled-nodal-time-474015-p5-global-My First Project" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "number": 784623368087, - "id": "nodal-time-474015-p5", - "name": "My First Project", - "organization": null, - "labels": {}, - "lifecycle_state": "ACTIVE" - } - }, - "group": { - "name": "logging" - }, - "labels": [], - "name": "My First Project", - "type": "MetricFilter", - "uid": "nodal-time-474015-p5" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "Using Google Cloud alerting policies to detect ownership assignments/changes will help you maintain the right access permissions for each IAM member created within your project, follow the security principle of least privilege, and prevent any accidental or intentional changes that may lead to unauthorized actions.", - "references": [ - "https://cloud.google.com/monitoring/alerts" - ] - }, - "risk_details": "Project ownership has the highest level of privileges on a GCP project. These privileges include viewer permissions on all GCP services inside the project, permission to modify the state of all GCP services within the project, set up billing and manage roles and permissions for the project and all the resources inside the project.", - "time": 1760900789, - "time_dt": "2025-10-19T19:06:29.756296", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There are no log metric filters or alerts associated in project nodal-time-474015-p5.", - "metadata": { - "event_code": "logging_log_metric_filter_and_alert_for_sql_instance_configuration_changes_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "There are no log metric filters or alerts associated in project nodal-time-474015-p5.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "2.11" - ], - "SOC2": [ - "cc_2_1", - "cc_3_3", - "cc_5_2", - "cc_7_2", - "cc_7_3", - "cc_7_4", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "ENS-RD2022": [ - "mp.s.4.r1.gcp.app.1" - ], - "PCI-4.0": [ - "10.2.1.1.9", - "10.2.1.3.22", - "10.2.2.22", - "10.4.2.3", - "10.7.1.4", - "A3.3.1.4" - ], - "MITRE-ATTACK": [ - "T1485", - "T1499", - "T1496" - ], - "CIS-2.0": [ - "2.11" - ], - "NIS2": [ - "1.1.2", - "2.1.2.h", - "2.2.1", - "3.2.1", - "3.2.3.b", - "3.2.3.f", - "3.2.4", - "3.4.1", - "3.6.2", - "6.4.1", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.6" - ], - "CIS-4.0": [ - "2.11" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.LB.CN09.AR01", - "CCC.Logging.CN06.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Monitor.CN02.AR01", - "CCC.Monitor.CN05.AR01", - "CCC.Vector.CN05.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR02", - "CCC.Core.CN04.AR03", - "CCC.Core.CN07.AR01", - "CCC.Core.CN07.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900789, - "created_time_dt": "2025-10-19T19:06:29.756296", - "desc": "Ensure That the Log Metric Filter and Alerts Exist for SQL Instance Configuration Changes.", - "title": "Ensure That the Log Metric Filter and Alerts Exist for SQL Instance Configuration Changes.", - "types": [], - "uid": "prowler-gcp-logging_log_metric_filter_and_alert_for_sql_instance_configuration_changes_enabled-nodal-time-474015-p5-global-My First Project" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "number": 784623368087, - "id": "nodal-time-474015-p5", - "name": "My First Project", - "organization": null, - "labels": {}, - "lifecycle_state": "ACTIVE" - } - }, - "group": { - "name": "logging" - }, - "labels": [], - "name": "My First Project", - "type": "MetricFilter", - "uid": "nodal-time-474015-p5" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended that a metric filter and alarm be established for SQL instance configuration changes.", - "references": [ - "https://cloud.google.com/monitoring/alerts" - ] - }, - "risk_details": "Monitoring changes to SQL instance configuration changes may reduce the time needed to detect and correct misconfigurations done on the SQL server.", - "time": 1760900789, - "time_dt": "2025-10-19T19:06:29.756296", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There are no log metric filters or alerts associated in project nodal-time-474015-p5.", - "metadata": { - "event_code": "logging_log_metric_filter_and_alert_for_vpc_firewall_rule_changes_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "There are no log metric filters or alerts associated in project nodal-time-474015-p5.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "2.7" - ], - "SOC2": [ - "cc_2_1", - "cc_5_2", - "cc_7_2", - "cc_7_3", - "cc_7_4", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "ENS-RD2022": [ - "op.exp.8.gcp.nt.1", - "op.exp.8.r1.gcp.nt.1" - ], - "PCI-4.0": [ - "1.3.2.27", - "10.2.1.1.9", - "10.2.1.1.24", - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.21", - "10.3.1.29", - "10.4.1.1.7", - "10.4.2.7", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "10.6.3.41", - "10.7.1.4", - "10.7.1.8", - "5.3.4.8", - "5.3.4.24", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "MITRE-ATTACK": [ - "T1485", - "T1499", - "T1496" - ], - "CIS-2.0": [ - "2.7" - ], - "NIS2": [ - "1.1.2", - "2.1.2.g", - "2.1.2.h", - "2.2.1", - "3.2.1", - "3.2.3.b", - "3.2.3.f", - "3.2.3.g", - "3.2.4", - "3.4.1", - "3.6.2", - "6.4.1", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.2" - ], - "CIS-4.0": [ - "2.7" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.LB.CN01.AR01", - "CCC.LB.CN05.AR01", - "CCC.LB.CN09.AR01", - "CCC.Logging.CN06.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Monitor.CN02.AR01", - "CCC.Monitor.CN05.AR01", - "CCC.Vector.CN05.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR02", - "CCC.Core.CN04.AR03", - "CCC.Core.CN07.AR01", - "CCC.Core.CN07.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900789, - "created_time_dt": "2025-10-19T19:06:29.756296", - "desc": "Ensure That the Log Metric Filter and Alerts Exist for VPC Network Firewall Rule Changes.", - "title": "Ensure That the Log Metric Filter and Alerts Exist for VPC Network Firewall Rule Changes.", - "types": [], - "uid": "prowler-gcp-logging_log_metric_filter_and_alert_for_vpc_firewall_rule_changes_enabled-nodal-time-474015-p5-global-My First Project" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "number": 784623368087, - "id": "nodal-time-474015-p5", - "name": "My First Project", - "organization": null, - "labels": {}, - "lifecycle_state": "ACTIVE" - } - }, - "group": { - "name": "logging" - }, - "labels": [], - "name": "My First Project", - "type": "MetricFilter", - "uid": "nodal-time-474015-p5" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended that a metric filter and alarm be established for Virtual Private Cloud (VPC) Network Firewall rule changes.", - "references": [ - "https://cloud.google.com/monitoring/alerts" - ] - }, - "risk_details": "Monitoring for Create or Update Firewall rule events gives insight to network access changes and may reduce the time it takes to detect suspicious activity.", - "time": 1760900789, - "time_dt": "2025-10-19T19:06:29.756296", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There are no log metric filters or alerts associated in project nodal-time-474015-p5.", - "metadata": { - "event_code": "logging_log_metric_filter_and_alert_for_vpc_network_changes_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "There are no log metric filters or alerts associated in project nodal-time-474015-p5.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "2.9" - ], - "SOC2": [ - "cc_2_1", - "cc_3_3", - "cc_5_2", - "cc_7_2", - "cc_7_3", - "cc_7_4", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.8.gcp.nt.1", - "op.exp.8.r1.gcp.nt.1", - "mp.com.4.r4.gcp.net.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.34" - ], - "MITRE-ATTACK": [ - "T1485", - "T1499", - "T1496" - ], - "CIS-2.0": [ - "2.9" - ], - "NIS2": [ - "1.1.2", - "2.1.2.e", - "2.1.2.g", - "2.1.2.h", - "2.2.1", - "2.3.1", - "3.2.1", - "3.2.3.b", - "3.2.3.f", - "3.2.4", - "3.4.1", - "3.6.2", - "6.4.1", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.4" - ], - "CIS-4.0": [ - "2.9" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.LB.CN01.AR01", - "CCC.LB.CN04.AR01", - "CCC.LB.CN05.AR01", - "CCC.LB.CN09.AR01", - "CCC.Logging.CN06.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Monitor.CN02.AR01", - "CCC.Monitor.CN05.AR01", - "CCC.Vector.CN05.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR02", - "CCC.Core.CN04.AR03", - "CCC.Core.CN07.AR01", - "CCC.Core.CN07.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900789, - "created_time_dt": "2025-10-19T19:06:29.756296", - "desc": "Ensure That the Log Metric Filter and Alerts Exist for VPC Network Changes.", - "title": "Ensure That the Log Metric Filter and Alerts Exist for VPC Network Changes.", - "types": [], - "uid": "prowler-gcp-logging_log_metric_filter_and_alert_for_vpc_network_changes_enabled-nodal-time-474015-p5-global-My First Project" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "number": 784623368087, - "id": "nodal-time-474015-p5", - "name": "My First Project", - "organization": null, - "labels": {}, - "lifecycle_state": "ACTIVE" - } - }, - "group": { - "name": "logging" - }, - "labels": [], - "name": "My First Project", - "type": "MetricFilter", - "uid": "nodal-time-474015-p5" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended that a metric filter and alarm be established for Virtual Private Cloud (VPC) network changes.", - "references": [ - "https://cloud.google.com/monitoring/alerts" - ] - }, - "risk_details": "Monitoring changes to a VPC will help ensure VPC traffic flow is not getting impacted.", - "time": 1760900789, - "time_dt": "2025-10-19T19:06:29.756296", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There are no log metric filters or alerts associated in project nodal-time-474015-p5.", - "metadata": { - "event_code": "logging_log_metric_filter_and_alert_for_vpc_network_route_changes_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "There are no log metric filters or alerts associated in project nodal-time-474015-p5.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "2.8" - ], - "SOC2": [ - "cc_2_1", - "cc_3_3", - "cc_5_2", - "cc_7_2", - "cc_7_3", - "cc_7_4", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.8.gcp.nt.1", - "op.exp.8.r1.gcp.nt.1" - ], - "PCI-4.0": [ - "1.5.1.18", - "10.2.1.5.21", - "10.2.1.21" - ], - "MITRE-ATTACK": [ - "T1485", - "T1499", - "T1496" - ], - "CIS-2.0": [ - "2.8" - ], - "NIS2": [ - "1.1.2", - "2.1.2.e", - "2.1.2.g", - "2.1.2.h", - "2.2.1", - "2.3.1", - "3.2.1", - "3.2.3.b", - "3.2.3.f", - "3.2.4", - "3.4.1", - "3.6.2", - "6.4.1", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.3" - ], - "CIS-4.0": [ - "2.8" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.LB.CN01.AR01", - "CCC.LB.CN04.AR01", - "CCC.LB.CN05.AR01", - "CCC.LB.CN09.AR01", - "CCC.Logging.CN06.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Monitor.CN02.AR01", - "CCC.Monitor.CN05.AR01", - "CCC.Vector.CN05.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR02", - "CCC.Core.CN04.AR03", - "CCC.Core.CN07.AR01", - "CCC.Core.CN07.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900789, - "created_time_dt": "2025-10-19T19:06:29.756296", - "desc": "Ensure That the Log Metric Filter and Alerts Exist for VPC Network Route Changes.", - "title": "Ensure That the Log Metric Filter and Alerts Exist for VPC Network Route Changes.", - "types": [], - "uid": "prowler-gcp-logging_log_metric_filter_and_alert_for_vpc_network_route_changes_enabled-nodal-time-474015-p5-global-My First Project" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "number": 784623368087, - "id": "nodal-time-474015-p5", - "name": "My First Project", - "organization": null, - "labels": {}, - "lifecycle_state": "ACTIVE" - } - }, - "group": { - "name": "logging" - }, - "labels": [], - "name": "My First Project", - "type": "MetricFilter", - "uid": "nodal-time-474015-p5" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended that a metric filter and alarm be established for Virtual Private Cloud (VPC) network route changes.", - "references": [ - "https://cloud.google.com/monitoring/alerts" - ] - }, - "risk_details": "Monitoring changes to route tables will help ensure that all VPC traffic flows through an expected path.", - "time": 1760900789, - "time_dt": "2025-10-19T19:06:29.756296", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There are no logging sinks to export copies of all the log entries in project nodal-time-474015-p5.", - "metadata": { - "event_code": "logging_sink_created", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "There are no logging sinks to export copies of all the log entries in project nodal-time-474015-p5.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_2_1", - "cc_5_2", - "cc_7_2", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "ENS-RD2022": [ - "op.exp.8.r5.gcp.cl.1", - "op.ext.3.gcp.log.2" - ], - "PCI-4.0": [ - "10.5.1.3", - "11.5.2.4", - "12.10.5.4", - "A3.3.1.6", - "A3.5.1.6" - ], - "MITRE-ATTACK": [ - "T1562", - "T1049" - ], - "CIS-2.0": [ - "2.2" - ], - "NIS2": [ - "2.1.2.h", - "3.2.1", - "3.2.5", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "CCC": [ - "CCC.AuditLog.CN01.AR01", - "CCC.AuditLog.CN01.AR02", - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN03.AR02", - "CCC.AuditLog.CN04.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.AuditLog.CN06.AR01", - "CCC.AuditLog.CN07.AR01", - "CCC.DataWar.CN03.AR01", - "CCC.GenAI.CN03.AR01", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.LB.CN01.AR01", - "CCC.LB.CN01.AR02", - "CCC.LB.CN06.AR01", - "CCC.LB.CN04.AR01", - "CCC.LB.CN05.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Logging.CN05.AR01", - "CCC.Logging.CN06.AR01", - "CCC.ObjStor.CN06.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Monitor.CN02.AR01", - "CCC.Monitor.CN05.AR01", - "CCC.Vector.CN05.AR01", - "CCC.Core.CN09.AR01", - "CCC.Core.CN09.AR02", - "CCC.Core.CN09.AR03", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR02", - "CCC.Core.CN04.AR03", - "CCC.Core.CN07.AR01", - "CCC.Core.CN07.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900789, - "created_time_dt": "2025-10-19T19:06:29.756296", - "desc": "Ensure there is at least one sink used to export copies of all the log entries.", - "title": "Ensure there is at least one sink used to export copies of all the log entries.", - "types": [], - "uid": "prowler-gcp-logging_sink_created-nodal-time-474015-p5-global-My First Project" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "number": 784623368087, - "id": "nodal-time-474015-p5", - "name": "My First Project", - "organization": null, - "labels": {}, - "lifecycle_state": "ACTIVE" - } - }, - "group": { - "name": "logging" - }, - "labels": [], - "name": "My First Project", - "type": "Sink", - "uid": "nodal-time-474015-p5" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended to create a sink that will export copies of all the log entries. This can help aggregate logs from multiple projects and export them to a Security Information and Event Management (SIEM).", - "references": [ - "https://cloud.google.com/logging/docs/export" - ] - }, - "risk_details": "If sinks are not created, logs would be deleted after the configured retention period, and would not be backed up.", - "time": 1760900789, - "time_dt": "2025-10-19T19:06:29.756296", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - } -] diff --git a/website/src/data/test-results/finos-labs-ccc-cfi-compliance/gcp-cloud-storage/results/gcp-cloud-storage-delta.ocsf.json b/website/src/data/test-results/finos-labs-ccc-cfi-compliance/gcp-cloud-storage/results/gcp-cloud-storage-delta.ocsf.json deleted file mode 100644 index b40df79f..00000000 --- a/website/src/data/test-results/finos-labs-ccc-cfi-compliance/gcp-cloud-storage/results/gcp-cloud-storage-delta.ocsf.json +++ /dev/null @@ -1,470 +0,0 @@ -[ - { - "message": "Bucket nodal-time-474015-p5-bucket is not publicly accessible.", - "metadata": { - "event_code": "cloudstorage_bucket_public_access", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Bucket nodal-time-474015-p5-bucket is not publicly accessible.", - "status_id": 1, - "unmapped": { - "related_url": "https://www.trendmicro.com/cloudoneconformity/knowledge-base/gcp/CloudStorage/publicly-accessible-storage-buckets.html", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "5.1" - ], - "SOC2": [ - "cc_6_1" - ], - "ISO27001-2022": [ - "A.8.1", - "A.8.12" - ], - "ENS-RD2022": [ - "op.mon.3.r5.gcp.dm.1" - ], - "PCI-4.0": [ - "1.2.5.15", - "1.2.8.30", - "1.2.8.32", - "1.2.8.33", - "1.2.8.34", - "1.2.8.35", - "1.3.1.32", - "1.3.1.34", - "1.3.1.35", - "1.3.1.37", - "1.3.1.38", - "1.3.1.39", - "1.3.2.34", - "1.3.2.35", - "1.3.2.36", - "1.3.2.37", - "1.3.2.38", - "1.3.2.39", - "1.4.2.32", - "1.4.2.33", - "1.4.2.35", - "1.4.2.36", - "1.4.2.37", - "1.5.1.30", - "1.5.1.32", - "1.5.1.33", - "1.5.1.34", - "1.5.1.35", - "10.3.2.8", - "10.3.2.11", - "10.3.2.18", - "10.3.2.19", - "10.3.2.21", - "10.3.2.23", - "10.3.2.24", - "10.3.2.26", - "10.3.3.23", - "10.3.4.8", - "10.6.3.33", - "10.6.3.35", - "2.2.5.15", - "3.5.1.3.8", - "3.5.1.3.23", - "3.5.1.3.24", - "3.5.1.3.26", - "3.5.1.3.28", - "3.5.1.3.29", - "4.2.1.19", - "7.2.1.24", - "7.2.1.25", - "7.2.1.26", - "7.2.1.27", - "7.2.2.2", - "7.2.2.24", - "7.2.2.25", - "7.2.2.26", - "7.2.2.27", - "7.2.5.2", - "7.2.5.18", - "7.2.5.19", - "7.2.5.20", - "7.2.5.21", - "7.2.6.4", - "7.2.6.5", - "7.3.1.18", - "7.3.1.19", - "7.3.1.20", - "7.3.1.21", - "7.3.2.18", - "7.3.2.19", - "7.3.2.20", - "7.3.2.21", - "7.3.3.18", - "7.3.3.19", - "7.3.3.20", - "7.3.3.21", - "8.2.7.18", - "8.2.7.19", - "8.2.7.20", - "8.2.7.21", - "8.2.8.20", - "8.2.8.21", - "8.2.8.22", - "8.2.8.23", - "8.3.2.48", - "8.3.4.18", - "8.3.4.19", - "8.3.4.20", - "A1.1.2.4", - "A1.1.2.7", - "A1.1.2.14", - "A1.1.2.17", - "A1.1.2.19", - "A1.1.2.20", - "A1.1.2.22", - "A1.1.3.30", - "A1.1.3.31", - "A1.1.3.32", - "A1.1.3.33", - "A1.1.3.34", - "A1.1.3.35", - "A1.2.1.31", - "A3.4.1.4", - "A3.4.1.16", - "A3.4.1.19", - "A3.4.1.21", - "A3.4.1.22", - "A3.4.1.25" - ], - "MITRE-ATTACK": [ - "T1190" - ], - "CIS-2.0": [ - "5.1" - ], - "ProwlerThreatScore-1.0": [ - "2.2.1" - ], - "CIS-4.0": [ - "5.1" - ], - "CCC": [ - "CCC.AuditLog.CN04.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.AuditLog.CN10.AR01", - "CCC.AuditLog.CN10.AR02", - "CCC.Build.CN03.AR01", - "CCC.GenAI.CN03.AR01", - "CCC.GenAI.CN04.AR01", - "CCC.GenAI.CN08.AR01", - "CCC.Logging.CN05.AR01", - "CCC.Logging.CN05.AR02", - "CCC.MLDE.CN08.AR02", - "CCC.SvlsComp.CN01.AR01", - "CCC.Core.CN01.AR03", - "CCC.Core.CN03.AR02", - "CCC.Core.CN03.AR04", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900789, - "created_time_dt": "2025-10-19T19:06:29.756296", - "desc": "Ensure That Cloud Storage Bucket Is Not Anonymously or Publicly Accessible", - "title": "Ensure That Cloud Storage Bucket Is Not Anonymously or Publicly Accessible", - "types": [], - "uid": "prowler-gcp-cloudstorage_bucket_public_access-nodal-time-474015-p5-US-nodal-time-474015-p5-bucket" - }, - "resources": [ - { - "region": "US", - "data": { - "details": "", - "metadata": { - "name": "nodal-time-474015-p5-bucket", - "id": "nodal-time-474015-p5-bucket", - "region": "US", - "uniform_bucket_level_access": true, - "public": false, - "project_id": "nodal-time-474015-p5", - "retention_policy": { - "retentionPeriod": "2", - "effectiveTime": "2025-10-19T19:06:23.365Z" - } - } - }, - "group": { - "name": "cloudstorage" - }, - "labels": [], - "name": "nodal-time-474015-p5-bucket", - "type": "Bucket", - "uid": "nodal-time-474015-p5-bucket" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "US" - }, - "remediation": { - "desc": "It is recommended that IAM policy on Cloud Storage bucket does not allows anonymous or public access.", - "references": [ - "https://cloud.google.com/storage/docs/access-control/iam-reference" - ] - }, - "risk_details": "Allowing anonymous or public access grants permissions to anyone to access bucket content. Such access might not be desired if you are storing any sensitive data. Hence, ensure that anonymous or public access to a bucket is not allowed.", - "time": 1760900789, - "time_dt": "2025-10-19T19:06:29.756296", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Bucket nodal-time-474015-p5-bucket has uniform Bucket Level Access enabled.", - "metadata": { - "event_code": "cloudstorage_bucket_uniform_bucket_level_access", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Bucket nodal-time-474015-p5-bucket has uniform Bucket Level Access enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "5.2" - ], - "PCI-4.0": [ - "1.2.5.15", - "1.2.8.33", - "1.2.8.34", - "1.2.8.35", - "1.3.1.34", - "1.3.1.37", - "1.3.1.38", - "1.3.1.39", - "1.3.2.34", - "1.3.2.37", - "1.3.2.38", - "1.3.2.39", - "1.4.2.32", - "1.4.2.35", - "1.4.2.36", - "1.4.2.37", - "1.5.1.30", - "1.5.1.33", - "1.5.1.34", - "1.5.1.35", - "10.3.2.11", - "10.3.2.18", - "10.3.2.21", - "10.3.2.23", - "10.3.2.24", - "10.3.2.26", - "10.3.3.23", - "10.3.4.8", - "10.6.3.33", - "10.6.3.35", - "2.2.5.15", - "2.2.7.19", - "3.5.1.3.23", - "3.5.1.3.26", - "3.5.1.3.28", - "3.5.1.3.29", - "3.5.1.30", - "4.2.1.1.27", - "4.2.1.19", - "7.2.1.24", - "7.2.1.25", - "7.2.1.26", - "7.2.1.27", - "7.2.2.24", - "7.2.2.25", - "7.2.2.26", - "7.2.2.27", - "7.2.5.18", - "7.2.5.19", - "7.2.5.20", - "7.2.5.21", - "7.2.6.4", - "7.2.6.5", - "7.3.1.18", - "7.3.1.19", - "7.3.1.20", - "7.3.1.21", - "7.3.2.18", - "7.3.2.19", - "7.3.2.20", - "7.3.2.21", - "7.3.3.18", - "7.3.3.19", - "7.3.3.20", - "7.3.3.21", - "8.2.7.18", - "8.2.7.19", - "8.2.7.20", - "8.2.7.21", - "8.2.8.20", - "8.2.8.21", - "8.2.8.22", - "8.2.8.23", - "8.3.2.48", - "8.3.4.18", - "8.3.4.19", - "8.3.4.20", - "8.3.4.21", - "A1.1.2.14", - "A1.1.2.17", - "A1.1.2.19", - "A1.1.2.20", - "A1.1.3.30", - "A1.1.3.33", - "A1.1.3.34", - "A1.1.3.35", - "A1.2.1.31", - "A3.4.1.16", - "A3.4.1.19", - "A3.4.1.21", - "A3.4.1.22" - ], - "CIS-2.0": [ - "5.2" - ], - "CIS-4.0": [ - "5.2" - ], - "CCC": [ - "CCC.AuditLog.CN04.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.AuditLog.CN10.AR01", - "CCC.AuditLog.CN10.AR02", - "CCC.GenAI.CN03.AR01", - "CCC.GenAI.CN04.AR01", - "CCC.Logging.CN05.AR01", - "CCC.Logging.CN05.AR02", - "CCC.ObjStor.CN02.AR01", - "CCC.ObjStor.CN02.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900789, - "created_time_dt": "2025-10-19T19:06:29.756296", - "desc": "Ensure That Cloud Storage Buckets Have Uniform Bucket-Level Access Enabled", - "title": "Ensure That Cloud Storage Buckets Have Uniform Bucket-Level Access Enabled", - "types": [], - "uid": "prowler-gcp-cloudstorage_bucket_uniform_bucket_level_access-nodal-time-474015-p5-US-nodal-time-474015-p5-bucket" - }, - "resources": [ - { - "region": "US", - "data": { - "details": "", - "metadata": { - "name": "nodal-time-474015-p5-bucket", - "id": "nodal-time-474015-p5-bucket", - "region": "US", - "uniform_bucket_level_access": true, - "public": false, - "project_id": "nodal-time-474015-p5", - "retention_policy": { - "retentionPeriod": "2", - "effectiveTime": "2025-10-19T19:06:23.365Z" - } - } - }, - "group": { - "name": "cloudstorage" - }, - "labels": [], - "name": "nodal-time-474015-p5-bucket", - "type": "Bucket", - "uid": "nodal-time-474015-p5-bucket" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "US" - }, - "remediation": { - "desc": "It is recommended that uniform bucket-level access is enabled on Cloud Storage buckets.", - "references": [ - "https://cloud.google.com/storage/docs/using-uniform-bucket-level-access" - ] - }, - "risk_details": "Enabling uniform bucket-level access guarantees that if a Storage bucket is not publicly accessible, no object in the bucket is publicly accessible either.", - "time": 1760900789, - "time_dt": "2025-10-19T19:06:29.756296", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - } -] diff --git a/website/src/data/test-results/finos-labs-ccc-cfi-compliance/gcp-network/config/gcp-network.json b/website/src/data/test-results/finos-labs-ccc-cfi-compliance/gcp-network/config/gcp-network.json deleted file mode 100644 index d5762aed..00000000 --- a/website/src/data/test-results/finos-labs-ccc-cfi-compliance/gcp-network/config/gcp-network.json +++ /dev/null @@ -1,9 +0,0 @@ -{ - "id": "gcp-network", - "provider": "gcp", - "service": "networking", - "name": "CCC Google Cloud VPC Terraform Module", - "description": "This module creates a secure Google Cloud VPC (Virtual Private Cloud) network with subnets, routes, firewall rules, and advanced networking capabilities.", - "path": "remote/gcp/virtualnetwork", - "git": "https://github.com/terraform-google-modules/terraform-google-network" -} \ No newline at end of file diff --git a/website/src/data/test-results/finos-labs-ccc-cfi-compliance/gcp-network/results/gcp-network-baseline.ocsf.json b/website/src/data/test-results/finos-labs-ccc-cfi-compliance/gcp-network/results/gcp-network-baseline.ocsf.json deleted file mode 100644 index 415cbad8..00000000 --- a/website/src/data/test-results/finos-labs-ccc-cfi-compliance/gcp-network/results/gcp-network-baseline.ocsf.json +++ /dev/null @@ -1,23865 +0,0 @@ -[ - { - "message": "AR Container Analysis is not enabled in project nodal-time-474015-p5.", - "metadata": { - "event_code": "artifacts_container_analysis_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "AR Container Analysis is not enabled in project nodal-time-474015-p5.", - "status_id": 1, - "unmapped": { - "related_url": "https://cloud.google.com/artifact-analysis/docs", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "By default, AR Container Analysis is disabled.", - "compliance": { - "SOC2": [ - "cc_3_1" - ], - "ENS-RD2022": [ - "op.exp.4.r4.gcp.log.1", - "op.mon.3.gcp.scc.1" - ], - "PCI-4.0": [ - "11.3.1.2.1", - "11.3.1.3.3", - "11.3.1.3" - ], - "MITRE-ATTACK": [ - "T1525" - ], - "NIS2": [ - "5.1.4.f", - "5.1.7.d", - "6.1.2.b", - "6.6.1.a", - "6.9.2", - "9.2.a" - ], - "CCC": [ - "CCC.CntrReg.CN01.AR01", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.MLDE.CN05.AR01", - "CCC.MLDE.CN05.AR02", - "CCC.MLDE.CN06.AR01" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901002, - "created_time_dt": "2025-10-19T19:10:02.363981", - "desc": "Scan images stored in Google Container Registry (GCR) for vulnerabilities using AR Container Analysis or a third-party provider. This helps identify and mitigate security risks associated with known vulnerabilities in container images.", - "title": "Ensure Image Vulnerability Analysis using AR Container Analysis or a third-party provider", - "types": [ - "Security", - "Configuration" - ], - "uid": "prowler-gcp-artifacts_container_analysis_enabled-nodal-time-474015-p5-global-AR Container Analysis" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "number": 784623368087, - "id": "nodal-time-474015-p5", - "name": "My First Project", - "organization": null, - "labels": {}, - "lifecycle_state": "ACTIVE" - } - }, - "group": { - "name": "artifacts" - }, - "labels": [], - "name": "AR Container Analysis", - "type": "Service", - "uid": "containeranalysis.googleapis.com" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "Enable vulnerability scanning for images stored in Artifact Registry using AR Container Analysis or a third-party provider.", - "references": [ - "https://cloud.google.com/artifact-analysis/docs/container-scanning-overview" - ] - }, - "risk_details": "Without image vulnerability scanning, container images stored in Artifact Registry may contain known vulnerabilities, increasing the risk of exploitation by malicious actors.", - "time": 1760901002, - "time_dt": "2025-10-19T19:10:02.363981", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Bucket cfi-logs-bucket-1fba850e is not publicly accessible.", - "metadata": { - "event_code": "cloudstorage_bucket_public_access", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Bucket cfi-logs-bucket-1fba850e is not publicly accessible.", - "status_id": 1, - "unmapped": { - "related_url": "https://www.trendmicro.com/cloudoneconformity/knowledge-base/gcp/CloudStorage/publicly-accessible-storage-buckets.html", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "5.1" - ], - "SOC2": [ - "cc_6_1" - ], - "ISO27001-2022": [ - "A.8.1", - "A.8.12" - ], - "ENS-RD2022": [ - "op.mon.3.r5.gcp.dm.1" - ], - "PCI-4.0": [ - "1.2.5.15", - "1.2.8.30", - "1.2.8.32", - "1.2.8.33", - "1.2.8.34", - "1.2.8.35", - "1.3.1.32", - "1.3.1.34", - "1.3.1.35", - "1.3.1.37", - "1.3.1.38", - "1.3.1.39", - "1.3.2.34", - "1.3.2.35", - "1.3.2.36", - "1.3.2.37", - "1.3.2.38", - "1.3.2.39", - "1.4.2.32", - "1.4.2.33", - "1.4.2.35", - "1.4.2.36", - "1.4.2.37", - "1.5.1.30", - "1.5.1.32", - "1.5.1.33", - "1.5.1.34", - "1.5.1.35", - "10.3.2.8", - "10.3.2.11", - "10.3.2.18", - "10.3.2.19", - "10.3.2.21", - "10.3.2.23", - "10.3.2.24", - "10.3.2.26", - "10.3.3.23", - "10.3.4.8", - "10.6.3.33", - "10.6.3.35", - "2.2.5.15", - "3.5.1.3.8", - "3.5.1.3.23", - "3.5.1.3.24", - "3.5.1.3.26", - "3.5.1.3.28", - "3.5.1.3.29", - "4.2.1.19", - "7.2.1.24", - "7.2.1.25", - "7.2.1.26", - "7.2.1.27", - "7.2.2.2", - "7.2.2.24", - "7.2.2.25", - "7.2.2.26", - "7.2.2.27", - "7.2.5.2", - "7.2.5.18", - "7.2.5.19", - "7.2.5.20", - "7.2.5.21", - "7.2.6.4", - "7.2.6.5", - "7.3.1.18", - "7.3.1.19", - "7.3.1.20", - "7.3.1.21", - "7.3.2.18", - "7.3.2.19", - "7.3.2.20", - "7.3.2.21", - "7.3.3.18", - "7.3.3.19", - "7.3.3.20", - "7.3.3.21", - "8.2.7.18", - "8.2.7.19", - "8.2.7.20", - "8.2.7.21", - "8.2.8.20", - "8.2.8.21", - "8.2.8.22", - "8.2.8.23", - "8.3.2.48", - "8.3.4.18", - "8.3.4.19", - "8.3.4.20", - "A1.1.2.4", - "A1.1.2.7", - "A1.1.2.14", - "A1.1.2.17", - "A1.1.2.19", - "A1.1.2.20", - "A1.1.2.22", - "A1.1.3.30", - "A1.1.3.31", - "A1.1.3.32", - "A1.1.3.33", - "A1.1.3.34", - "A1.1.3.35", - "A1.2.1.31", - "A3.4.1.4", - "A3.4.1.16", - "A3.4.1.19", - "A3.4.1.21", - "A3.4.1.22", - "A3.4.1.25" - ], - "MITRE-ATTACK": [ - "T1190" - ], - "CIS-2.0": [ - "5.1" - ], - "ProwlerThreatScore-1.0": [ - "2.2.1" - ], - "CIS-4.0": [ - "5.1" - ], - "CCC": [ - "CCC.AuditLog.CN04.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.AuditLog.CN10.AR01", - "CCC.AuditLog.CN10.AR02", - "CCC.Build.CN03.AR01", - "CCC.GenAI.CN03.AR01", - "CCC.GenAI.CN04.AR01", - "CCC.GenAI.CN08.AR01", - "CCC.Logging.CN05.AR01", - "CCC.Logging.CN05.AR02", - "CCC.MLDE.CN08.AR02", - "CCC.SvlsComp.CN01.AR01", - "CCC.Core.CN01.AR03", - "CCC.Core.CN03.AR02", - "CCC.Core.CN03.AR04", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901002, - "created_time_dt": "2025-10-19T19:10:02.363981", - "desc": "Ensure That Cloud Storage Bucket Is Not Anonymously or Publicly Accessible", - "title": "Ensure That Cloud Storage Bucket Is Not Anonymously or Publicly Accessible", - "types": [], - "uid": "prowler-gcp-cloudstorage_bucket_public_access-nodal-time-474015-p5-US-CENTRAL1-cfi-logs-bucket-1fba850e" - }, - "resources": [ - { - "region": "US-CENTRAL1", - "data": { - "details": "", - "metadata": { - "name": "cfi-logs-bucket-1fba850e", - "id": "cfi-logs-bucket-1fba850e", - "region": "US-CENTRAL1", - "uniform_bucket_level_access": true, - "public": false, - "project_id": "nodal-time-474015-p5", - "retention_policy": null - } - }, - "group": { - "name": "cloudstorage" - }, - "labels": [], - "name": "cfi-logs-bucket-1fba850e", - "type": "Bucket", - "uid": "cfi-logs-bucket-1fba850e" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "US-CENTRAL1" - }, - "remediation": { - "desc": "It is recommended that IAM policy on Cloud Storage bucket does not allows anonymous or public access.", - "references": [ - "https://cloud.google.com/storage/docs/access-control/iam-reference" - ] - }, - "risk_details": "Allowing anonymous or public access grants permissions to anyone to access bucket content. Such access might not be desired if you are storing any sensitive data. Hence, ensure that anonymous or public access to a bucket is not allowed.", - "time": 1760901002, - "time_dt": "2025-10-19T19:10:02.363981", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Bucket cfi-logs-bucket-7a427af0 is not publicly accessible.", - "metadata": { - "event_code": "cloudstorage_bucket_public_access", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Bucket cfi-logs-bucket-7a427af0 is not publicly accessible.", - "status_id": 1, - "unmapped": { - "related_url": "https://www.trendmicro.com/cloudoneconformity/knowledge-base/gcp/CloudStorage/publicly-accessible-storage-buckets.html", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "5.1" - ], - "SOC2": [ - "cc_6_1" - ], - "ISO27001-2022": [ - "A.8.1", - "A.8.12" - ], - "ENS-RD2022": [ - "op.mon.3.r5.gcp.dm.1" - ], - "PCI-4.0": [ - "1.2.5.15", - "1.2.8.30", - "1.2.8.32", - "1.2.8.33", - "1.2.8.34", - "1.2.8.35", - "1.3.1.32", - "1.3.1.34", - "1.3.1.35", - "1.3.1.37", - "1.3.1.38", - "1.3.1.39", - "1.3.2.34", - "1.3.2.35", - "1.3.2.36", - "1.3.2.37", - "1.3.2.38", - "1.3.2.39", - "1.4.2.32", - "1.4.2.33", - "1.4.2.35", - "1.4.2.36", - "1.4.2.37", - "1.5.1.30", - "1.5.1.32", - "1.5.1.33", - "1.5.1.34", - "1.5.1.35", - "10.3.2.8", - "10.3.2.11", - "10.3.2.18", - "10.3.2.19", - "10.3.2.21", - "10.3.2.23", - "10.3.2.24", - "10.3.2.26", - "10.3.3.23", - "10.3.4.8", - "10.6.3.33", - "10.6.3.35", - "2.2.5.15", - "3.5.1.3.8", - "3.5.1.3.23", - "3.5.1.3.24", - "3.5.1.3.26", - "3.5.1.3.28", - "3.5.1.3.29", - "4.2.1.19", - "7.2.1.24", - "7.2.1.25", - "7.2.1.26", - "7.2.1.27", - "7.2.2.2", - "7.2.2.24", - "7.2.2.25", - "7.2.2.26", - "7.2.2.27", - "7.2.5.2", - "7.2.5.18", - "7.2.5.19", - "7.2.5.20", - "7.2.5.21", - "7.2.6.4", - "7.2.6.5", - "7.3.1.18", - "7.3.1.19", - "7.3.1.20", - "7.3.1.21", - "7.3.2.18", - "7.3.2.19", - "7.3.2.20", - "7.3.2.21", - "7.3.3.18", - "7.3.3.19", - "7.3.3.20", - "7.3.3.21", - "8.2.7.18", - "8.2.7.19", - "8.2.7.20", - "8.2.7.21", - "8.2.8.20", - "8.2.8.21", - "8.2.8.22", - "8.2.8.23", - "8.3.2.48", - "8.3.4.18", - "8.3.4.19", - "8.3.4.20", - "A1.1.2.4", - "A1.1.2.7", - "A1.1.2.14", - "A1.1.2.17", - "A1.1.2.19", - "A1.1.2.20", - "A1.1.2.22", - "A1.1.3.30", - "A1.1.3.31", - "A1.1.3.32", - "A1.1.3.33", - "A1.1.3.34", - "A1.1.3.35", - "A1.2.1.31", - "A3.4.1.4", - "A3.4.1.16", - "A3.4.1.19", - "A3.4.1.21", - "A3.4.1.22", - "A3.4.1.25" - ], - "MITRE-ATTACK": [ - "T1190" - ], - "CIS-2.0": [ - "5.1" - ], - "ProwlerThreatScore-1.0": [ - "2.2.1" - ], - "CIS-4.0": [ - "5.1" - ], - "CCC": [ - "CCC.AuditLog.CN04.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.AuditLog.CN10.AR01", - "CCC.AuditLog.CN10.AR02", - "CCC.Build.CN03.AR01", - "CCC.GenAI.CN03.AR01", - "CCC.GenAI.CN04.AR01", - "CCC.GenAI.CN08.AR01", - "CCC.Logging.CN05.AR01", - "CCC.Logging.CN05.AR02", - "CCC.MLDE.CN08.AR02", - "CCC.SvlsComp.CN01.AR01", - "CCC.Core.CN01.AR03", - "CCC.Core.CN03.AR02", - "CCC.Core.CN03.AR04", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901002, - "created_time_dt": "2025-10-19T19:10:02.363981", - "desc": "Ensure That Cloud Storage Bucket Is Not Anonymously or Publicly Accessible", - "title": "Ensure That Cloud Storage Bucket Is Not Anonymously or Publicly Accessible", - "types": [], - "uid": "prowler-gcp-cloudstorage_bucket_public_access-nodal-time-474015-p5-US-CENTRAL1-cfi-logs-bucket-7a427af0" - }, - "resources": [ - { - "region": "US-CENTRAL1", - "data": { - "details": "", - "metadata": { - "name": "cfi-logs-bucket-7a427af0", - "id": "cfi-logs-bucket-7a427af0", - "region": "US-CENTRAL1", - "uniform_bucket_level_access": true, - "public": false, - "project_id": "nodal-time-474015-p5", - "retention_policy": null - } - }, - "group": { - "name": "cloudstorage" - }, - "labels": [], - "name": "cfi-logs-bucket-7a427af0", - "type": "Bucket", - "uid": "cfi-logs-bucket-7a427af0" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "US-CENTRAL1" - }, - "remediation": { - "desc": "It is recommended that IAM policy on Cloud Storage bucket does not allows anonymous or public access.", - "references": [ - "https://cloud.google.com/storage/docs/access-control/iam-reference" - ] - }, - "risk_details": "Allowing anonymous or public access grants permissions to anyone to access bucket content. Such access might not be desired if you are storing any sensitive data. Hence, ensure that anonymous or public access to a bucket is not allowed.", - "time": 1760901002, - "time_dt": "2025-10-19T19:10:02.363981", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Bucket cfi-logs-bucket-a1aaa547 is not publicly accessible.", - "metadata": { - "event_code": "cloudstorage_bucket_public_access", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Bucket cfi-logs-bucket-a1aaa547 is not publicly accessible.", - "status_id": 1, - "unmapped": { - "related_url": "https://www.trendmicro.com/cloudoneconformity/knowledge-base/gcp/CloudStorage/publicly-accessible-storage-buckets.html", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "5.1" - ], - "SOC2": [ - "cc_6_1" - ], - "ISO27001-2022": [ - "A.8.1", - "A.8.12" - ], - "ENS-RD2022": [ - "op.mon.3.r5.gcp.dm.1" - ], - "PCI-4.0": [ - "1.2.5.15", - "1.2.8.30", - "1.2.8.32", - "1.2.8.33", - "1.2.8.34", - "1.2.8.35", - "1.3.1.32", - "1.3.1.34", - "1.3.1.35", - "1.3.1.37", - "1.3.1.38", - "1.3.1.39", - "1.3.2.34", - "1.3.2.35", - "1.3.2.36", - "1.3.2.37", - "1.3.2.38", - "1.3.2.39", - "1.4.2.32", - "1.4.2.33", - "1.4.2.35", - "1.4.2.36", - "1.4.2.37", - "1.5.1.30", - "1.5.1.32", - "1.5.1.33", - "1.5.1.34", - "1.5.1.35", - "10.3.2.8", - "10.3.2.11", - "10.3.2.18", - "10.3.2.19", - "10.3.2.21", - "10.3.2.23", - "10.3.2.24", - "10.3.2.26", - "10.3.3.23", - "10.3.4.8", - "10.6.3.33", - "10.6.3.35", - "2.2.5.15", - "3.5.1.3.8", - "3.5.1.3.23", - "3.5.1.3.24", - "3.5.1.3.26", - "3.5.1.3.28", - "3.5.1.3.29", - "4.2.1.19", - "7.2.1.24", - "7.2.1.25", - "7.2.1.26", - "7.2.1.27", - "7.2.2.2", - "7.2.2.24", - "7.2.2.25", - "7.2.2.26", - "7.2.2.27", - "7.2.5.2", - "7.2.5.18", - "7.2.5.19", - "7.2.5.20", - "7.2.5.21", - "7.2.6.4", - "7.2.6.5", - "7.3.1.18", - "7.3.1.19", - "7.3.1.20", - "7.3.1.21", - "7.3.2.18", - "7.3.2.19", - "7.3.2.20", - "7.3.2.21", - "7.3.3.18", - "7.3.3.19", - "7.3.3.20", - "7.3.3.21", - "8.2.7.18", - "8.2.7.19", - "8.2.7.20", - "8.2.7.21", - "8.2.8.20", - "8.2.8.21", - "8.2.8.22", - "8.2.8.23", - "8.3.2.48", - "8.3.4.18", - "8.3.4.19", - "8.3.4.20", - "A1.1.2.4", - "A1.1.2.7", - "A1.1.2.14", - "A1.1.2.17", - "A1.1.2.19", - "A1.1.2.20", - "A1.1.2.22", - "A1.1.3.30", - "A1.1.3.31", - "A1.1.3.32", - "A1.1.3.33", - "A1.1.3.34", - "A1.1.3.35", - "A1.2.1.31", - "A3.4.1.4", - "A3.4.1.16", - "A3.4.1.19", - "A3.4.1.21", - "A3.4.1.22", - "A3.4.1.25" - ], - "MITRE-ATTACK": [ - "T1190" - ], - "CIS-2.0": [ - "5.1" - ], - "ProwlerThreatScore-1.0": [ - "2.2.1" - ], - "CIS-4.0": [ - "5.1" - ], - "CCC": [ - "CCC.AuditLog.CN04.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.AuditLog.CN10.AR01", - "CCC.AuditLog.CN10.AR02", - "CCC.Build.CN03.AR01", - "CCC.GenAI.CN03.AR01", - "CCC.GenAI.CN04.AR01", - "CCC.GenAI.CN08.AR01", - "CCC.Logging.CN05.AR01", - "CCC.Logging.CN05.AR02", - "CCC.MLDE.CN08.AR02", - "CCC.SvlsComp.CN01.AR01", - "CCC.Core.CN01.AR03", - "CCC.Core.CN03.AR02", - "CCC.Core.CN03.AR04", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901002, - "created_time_dt": "2025-10-19T19:10:02.363981", - "desc": "Ensure That Cloud Storage Bucket Is Not Anonymously or Publicly Accessible", - "title": "Ensure That Cloud Storage Bucket Is Not Anonymously or Publicly Accessible", - "types": [], - "uid": "prowler-gcp-cloudstorage_bucket_public_access-nodal-time-474015-p5-US-CENTRAL1-cfi-logs-bucket-a1aaa547" - }, - "resources": [ - { - "region": "US-CENTRAL1", - "data": { - "details": "", - "metadata": { - "name": "cfi-logs-bucket-a1aaa547", - "id": "cfi-logs-bucket-a1aaa547", - "region": "US-CENTRAL1", - "uniform_bucket_level_access": true, - "public": false, - "project_id": "nodal-time-474015-p5", - "retention_policy": null - } - }, - "group": { - "name": "cloudstorage" - }, - "labels": [], - "name": "cfi-logs-bucket-a1aaa547", - "type": "Bucket", - "uid": "cfi-logs-bucket-a1aaa547" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "US-CENTRAL1" - }, - "remediation": { - "desc": "It is recommended that IAM policy on Cloud Storage bucket does not allows anonymous or public access.", - "references": [ - "https://cloud.google.com/storage/docs/access-control/iam-reference" - ] - }, - "risk_details": "Allowing anonymous or public access grants permissions to anyone to access bucket content. Such access might not be desired if you are storing any sensitive data. Hence, ensure that anonymous or public access to a bucket is not allowed.", - "time": 1760901002, - "time_dt": "2025-10-19T19:10:02.363981", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Bucket cfi-logs-bucket-1fba850e has uniform Bucket Level Access enabled.", - "metadata": { - "event_code": "cloudstorage_bucket_uniform_bucket_level_access", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Bucket cfi-logs-bucket-1fba850e has uniform Bucket Level Access enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "5.2" - ], - "PCI-4.0": [ - "1.2.5.15", - "1.2.8.33", - "1.2.8.34", - "1.2.8.35", - "1.3.1.34", - "1.3.1.37", - "1.3.1.38", - "1.3.1.39", - "1.3.2.34", - "1.3.2.37", - "1.3.2.38", - "1.3.2.39", - "1.4.2.32", - "1.4.2.35", - "1.4.2.36", - "1.4.2.37", - "1.5.1.30", - "1.5.1.33", - "1.5.1.34", - "1.5.1.35", - "10.3.2.11", - "10.3.2.18", - "10.3.2.21", - "10.3.2.23", - "10.3.2.24", - "10.3.2.26", - "10.3.3.23", - "10.3.4.8", - "10.6.3.33", - "10.6.3.35", - "2.2.5.15", - "2.2.7.19", - "3.5.1.3.23", - "3.5.1.3.26", - "3.5.1.3.28", - "3.5.1.3.29", - "3.5.1.30", - "4.2.1.1.27", - "4.2.1.19", - "7.2.1.24", - "7.2.1.25", - "7.2.1.26", - "7.2.1.27", - "7.2.2.24", - "7.2.2.25", - "7.2.2.26", - "7.2.2.27", - "7.2.5.18", - "7.2.5.19", - "7.2.5.20", - "7.2.5.21", - "7.2.6.4", - "7.2.6.5", - "7.3.1.18", - "7.3.1.19", - "7.3.1.20", - "7.3.1.21", - "7.3.2.18", - "7.3.2.19", - "7.3.2.20", - "7.3.2.21", - "7.3.3.18", - "7.3.3.19", - "7.3.3.20", - "7.3.3.21", - "8.2.7.18", - "8.2.7.19", - "8.2.7.20", - "8.2.7.21", - "8.2.8.20", - "8.2.8.21", - "8.2.8.22", - "8.2.8.23", - "8.3.2.48", - "8.3.4.18", - "8.3.4.19", - "8.3.4.20", - "8.3.4.21", - "A1.1.2.14", - "A1.1.2.17", - "A1.1.2.19", - "A1.1.2.20", - "A1.1.3.30", - "A1.1.3.33", - "A1.1.3.34", - "A1.1.3.35", - "A1.2.1.31", - "A3.4.1.16", - "A3.4.1.19", - "A3.4.1.21", - "A3.4.1.22" - ], - "CIS-2.0": [ - "5.2" - ], - "CIS-4.0": [ - "5.2" - ], - "CCC": [ - "CCC.AuditLog.CN04.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.AuditLog.CN10.AR01", - "CCC.AuditLog.CN10.AR02", - "CCC.GenAI.CN03.AR01", - "CCC.GenAI.CN04.AR01", - "CCC.Logging.CN05.AR01", - "CCC.Logging.CN05.AR02", - "CCC.ObjStor.CN02.AR01", - "CCC.ObjStor.CN02.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901002, - "created_time_dt": "2025-10-19T19:10:02.363981", - "desc": "Ensure That Cloud Storage Buckets Have Uniform Bucket-Level Access Enabled", - "title": "Ensure That Cloud Storage Buckets Have Uniform Bucket-Level Access Enabled", - "types": [], - "uid": "prowler-gcp-cloudstorage_bucket_uniform_bucket_level_access-nodal-time-474015-p5-US-CENTRAL1-cfi-logs-bucket-1fba850e" - }, - "resources": [ - { - "region": "US-CENTRAL1", - "data": { - "details": "", - "metadata": { - "name": "cfi-logs-bucket-1fba850e", - "id": "cfi-logs-bucket-1fba850e", - "region": "US-CENTRAL1", - "uniform_bucket_level_access": true, - "public": false, - "project_id": "nodal-time-474015-p5", - "retention_policy": null - } - }, - "group": { - "name": "cloudstorage" - }, - "labels": [], - "name": "cfi-logs-bucket-1fba850e", - "type": "Bucket", - "uid": "cfi-logs-bucket-1fba850e" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "US-CENTRAL1" - }, - "remediation": { - "desc": "It is recommended that uniform bucket-level access is enabled on Cloud Storage buckets.", - "references": [ - "https://cloud.google.com/storage/docs/using-uniform-bucket-level-access" - ] - }, - "risk_details": "Enabling uniform bucket-level access guarantees that if a Storage bucket is not publicly accessible, no object in the bucket is publicly accessible either.", - "time": 1760901002, - "time_dt": "2025-10-19T19:10:02.363981", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Bucket cfi-logs-bucket-7a427af0 has uniform Bucket Level Access enabled.", - "metadata": { - "event_code": "cloudstorage_bucket_uniform_bucket_level_access", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Bucket cfi-logs-bucket-7a427af0 has uniform Bucket Level Access enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "5.2" - ], - "PCI-4.0": [ - "1.2.5.15", - "1.2.8.33", - "1.2.8.34", - "1.2.8.35", - "1.3.1.34", - "1.3.1.37", - "1.3.1.38", - "1.3.1.39", - "1.3.2.34", - "1.3.2.37", - "1.3.2.38", - "1.3.2.39", - "1.4.2.32", - "1.4.2.35", - "1.4.2.36", - "1.4.2.37", - "1.5.1.30", - "1.5.1.33", - "1.5.1.34", - "1.5.1.35", - "10.3.2.11", - "10.3.2.18", - "10.3.2.21", - "10.3.2.23", - "10.3.2.24", - "10.3.2.26", - "10.3.3.23", - "10.3.4.8", - "10.6.3.33", - "10.6.3.35", - "2.2.5.15", - "2.2.7.19", - "3.5.1.3.23", - "3.5.1.3.26", - "3.5.1.3.28", - "3.5.1.3.29", - "3.5.1.30", - "4.2.1.1.27", - "4.2.1.19", - "7.2.1.24", - "7.2.1.25", - "7.2.1.26", - "7.2.1.27", - "7.2.2.24", - "7.2.2.25", - "7.2.2.26", - "7.2.2.27", - "7.2.5.18", - "7.2.5.19", - "7.2.5.20", - "7.2.5.21", - "7.2.6.4", - "7.2.6.5", - "7.3.1.18", - "7.3.1.19", - "7.3.1.20", - "7.3.1.21", - "7.3.2.18", - "7.3.2.19", - "7.3.2.20", - "7.3.2.21", - "7.3.3.18", - "7.3.3.19", - "7.3.3.20", - "7.3.3.21", - "8.2.7.18", - "8.2.7.19", - "8.2.7.20", - "8.2.7.21", - "8.2.8.20", - "8.2.8.21", - "8.2.8.22", - "8.2.8.23", - "8.3.2.48", - "8.3.4.18", - "8.3.4.19", - "8.3.4.20", - "8.3.4.21", - "A1.1.2.14", - "A1.1.2.17", - "A1.1.2.19", - "A1.1.2.20", - "A1.1.3.30", - "A1.1.3.33", - "A1.1.3.34", - "A1.1.3.35", - "A1.2.1.31", - "A3.4.1.16", - "A3.4.1.19", - "A3.4.1.21", - "A3.4.1.22" - ], - "CIS-2.0": [ - "5.2" - ], - "CIS-4.0": [ - "5.2" - ], - "CCC": [ - "CCC.AuditLog.CN04.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.AuditLog.CN10.AR01", - "CCC.AuditLog.CN10.AR02", - "CCC.GenAI.CN03.AR01", - "CCC.GenAI.CN04.AR01", - "CCC.Logging.CN05.AR01", - "CCC.Logging.CN05.AR02", - "CCC.ObjStor.CN02.AR01", - "CCC.ObjStor.CN02.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901002, - "created_time_dt": "2025-10-19T19:10:02.363981", - "desc": "Ensure That Cloud Storage Buckets Have Uniform Bucket-Level Access Enabled", - "title": "Ensure That Cloud Storage Buckets Have Uniform Bucket-Level Access Enabled", - "types": [], - "uid": "prowler-gcp-cloudstorage_bucket_uniform_bucket_level_access-nodal-time-474015-p5-US-CENTRAL1-cfi-logs-bucket-7a427af0" - }, - "resources": [ - { - "region": "US-CENTRAL1", - "data": { - "details": "", - "metadata": { - "name": "cfi-logs-bucket-7a427af0", - "id": "cfi-logs-bucket-7a427af0", - "region": "US-CENTRAL1", - "uniform_bucket_level_access": true, - "public": false, - "project_id": "nodal-time-474015-p5", - "retention_policy": null - } - }, - "group": { - "name": "cloudstorage" - }, - "labels": [], - "name": "cfi-logs-bucket-7a427af0", - "type": "Bucket", - "uid": "cfi-logs-bucket-7a427af0" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "US-CENTRAL1" - }, - "remediation": { - "desc": "It is recommended that uniform bucket-level access is enabled on Cloud Storage buckets.", - "references": [ - "https://cloud.google.com/storage/docs/using-uniform-bucket-level-access" - ] - }, - "risk_details": "Enabling uniform bucket-level access guarantees that if a Storage bucket is not publicly accessible, no object in the bucket is publicly accessible either.", - "time": 1760901002, - "time_dt": "2025-10-19T19:10:02.363981", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Bucket cfi-logs-bucket-a1aaa547 has uniform Bucket Level Access enabled.", - "metadata": { - "event_code": "cloudstorage_bucket_uniform_bucket_level_access", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Bucket cfi-logs-bucket-a1aaa547 has uniform Bucket Level Access enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "5.2" - ], - "PCI-4.0": [ - "1.2.5.15", - "1.2.8.33", - "1.2.8.34", - "1.2.8.35", - "1.3.1.34", - "1.3.1.37", - "1.3.1.38", - "1.3.1.39", - "1.3.2.34", - "1.3.2.37", - "1.3.2.38", - "1.3.2.39", - "1.4.2.32", - "1.4.2.35", - "1.4.2.36", - "1.4.2.37", - "1.5.1.30", - "1.5.1.33", - "1.5.1.34", - "1.5.1.35", - "10.3.2.11", - "10.3.2.18", - "10.3.2.21", - "10.3.2.23", - "10.3.2.24", - "10.3.2.26", - "10.3.3.23", - "10.3.4.8", - "10.6.3.33", - "10.6.3.35", - "2.2.5.15", - "2.2.7.19", - "3.5.1.3.23", - "3.5.1.3.26", - "3.5.1.3.28", - "3.5.1.3.29", - "3.5.1.30", - "4.2.1.1.27", - "4.2.1.19", - "7.2.1.24", - "7.2.1.25", - "7.2.1.26", - "7.2.1.27", - "7.2.2.24", - "7.2.2.25", - "7.2.2.26", - "7.2.2.27", - "7.2.5.18", - "7.2.5.19", - "7.2.5.20", - "7.2.5.21", - "7.2.6.4", - "7.2.6.5", - "7.3.1.18", - "7.3.1.19", - "7.3.1.20", - "7.3.1.21", - "7.3.2.18", - "7.3.2.19", - "7.3.2.20", - "7.3.2.21", - "7.3.3.18", - "7.3.3.19", - "7.3.3.20", - "7.3.3.21", - "8.2.7.18", - "8.2.7.19", - "8.2.7.20", - "8.2.7.21", - "8.2.8.20", - "8.2.8.21", - "8.2.8.22", - "8.2.8.23", - "8.3.2.48", - "8.3.4.18", - "8.3.4.19", - "8.3.4.20", - "8.3.4.21", - "A1.1.2.14", - "A1.1.2.17", - "A1.1.2.19", - "A1.1.2.20", - "A1.1.3.30", - "A1.1.3.33", - "A1.1.3.34", - "A1.1.3.35", - "A1.2.1.31", - "A3.4.1.16", - "A3.4.1.19", - "A3.4.1.21", - "A3.4.1.22" - ], - "CIS-2.0": [ - "5.2" - ], - "CIS-4.0": [ - "5.2" - ], - "CCC": [ - "CCC.AuditLog.CN04.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.AuditLog.CN10.AR01", - "CCC.AuditLog.CN10.AR02", - "CCC.GenAI.CN03.AR01", - "CCC.GenAI.CN04.AR01", - "CCC.Logging.CN05.AR01", - "CCC.Logging.CN05.AR02", - "CCC.ObjStor.CN02.AR01", - "CCC.ObjStor.CN02.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901002, - "created_time_dt": "2025-10-19T19:10:02.363981", - "desc": "Ensure That Cloud Storage Buckets Have Uniform Bucket-Level Access Enabled", - "title": "Ensure That Cloud Storage Buckets Have Uniform Bucket-Level Access Enabled", - "types": [], - "uid": "prowler-gcp-cloudstorage_bucket_uniform_bucket_level_access-nodal-time-474015-p5-US-CENTRAL1-cfi-logs-bucket-a1aaa547" - }, - "resources": [ - { - "region": "US-CENTRAL1", - "data": { - "details": "", - "metadata": { - "name": "cfi-logs-bucket-a1aaa547", - "id": "cfi-logs-bucket-a1aaa547", - "region": "US-CENTRAL1", - "uniform_bucket_level_access": true, - "public": false, - "project_id": "nodal-time-474015-p5", - "retention_policy": null - } - }, - "group": { - "name": "cloudstorage" - }, - "labels": [], - "name": "cfi-logs-bucket-a1aaa547", - "type": "Bucket", - "uid": "cfi-logs-bucket-a1aaa547" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "US-CENTRAL1" - }, - "remediation": { - "desc": "It is recommended that uniform bucket-level access is enabled on Cloud Storage buckets.", - "references": [ - "https://cloud.google.com/storage/docs/using-uniform-bucket-level-access" - ] - }, - "risk_details": "Enabling uniform bucket-level access guarantees that if a Storage bucket is not publicly accessible, no object in the bucket is publicly accessible either.", - "time": 1760901002, - "time_dt": "2025-10-19T19:10:02.363981", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Firewall default-allow-icmp does not expose port 3389 (RDP) to the internet.", - "metadata": { - "event_code": "compute_firewall_rdp_access_from_the_internet_allowed", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "PASS", - "status_detail": "Firewall default-allow-icmp does not expose port 3389 (RDP) to the internet.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.7" - ], - "SOC2": [ - "cc_6_6", - "cc_6_7" - ], - "ISO27001-2022": [ - "A.8.20" - ], - "ENS-RD2022": [ - "mp.com.1.gcp.fw.1" - ], - "PCI-4.0": [ - "1.2.5.17", - "1.2.8.21", - "1.2.8.41", - "1.3.1.24", - "1.3.2.24", - "1.3.2.45", - "1.4.2.19", - "1.4.2.22", - "1.5.1.21", - "1.5.1.40", - "10.3.2.12", - "2.2.5.17", - "3.5.1.3.14", - "A1.1.2.8", - "A1.1.3.16", - "A1.1.3.21", - "A1.1.3.40" - ], - "MITRE-ATTACK": [ - "T1190", - "T1199", - "T1048", - "T1498", - "T1046" - ], - "CIS-2.0": [ - "3.7" - ], - "NIS2": [ - "1.1.1.c", - "1.2.1", - "2.1.2.e", - "2.1.2.g", - "2.2.1", - "2.3.1", - "6.7.2.b", - "6.7.2.i", - "11.1.1", - "12.2.2.c" - ], - "ProwlerThreatScore-1.0": [ - "2.1.5" - ], - "CIS-4.0": [ - "3.7" - ], - "CCC": [ - "CCC.Build.CN03.AR01", - "CCC.DataWar.CN03.AR01", - "CCC.GenAI.CN04.AR01", - "CCC.MLDE.CN03.AR02", - "CCC.MLDE.CN04.AR02", - "CCC.MLDE.CN05.AR02", - "CCC.MLDE.CN07.AR01", - "CCC.MLDE.CN07.AR02", - "CCC.MLDE.CN08.AR01", - "CCC.MLDE.CN08.AR02", - "CCC.SvlsComp.CN01.AR01", - "CCC.Core.CN01.AR03", - "CCC.Core.CN01.AR07", - "CCC.Core.CN03.AR02", - "CCC.Core.CN03.AR04", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901002, - "created_time_dt": "2025-10-19T19:10:02.363981", - "desc": "GCP `Firewall Rules` are specific to a `VPC Network`. Each rule either `allows` or `denies` traffic when its conditions are met. Its conditions allow users to specify the type of traffic, such as ports and protocols, and the source or destination of the traffic, including IP addresses, subnets, and instances. Firewall rules are defined at the VPC network level and are specific to the network in which they are defined. The rules themselves cannot be shared among networks. Firewall rules only support IPv4 traffic. When specifying a source for an ingress rule or a destination for an egress rule by address, an `IPv4` address or `IPv4 block in CIDR` notation can be used. Generic `(0.0.0.0/0)` incoming traffic from the Internet to a VPC or VM instance using `RDP` on `Port 3389` can be avoided.", - "title": "Ensure That RDP Access Is Restricted From the Internet", - "types": [], - "uid": "prowler-gcp-compute_firewall_rdp_access_from_the_internet_allowed-nodal-time-474015-p5-global-default-allow-icmp" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "default-allow-icmp", - "id": "613284056905897095", - "source_ranges": [ - "0.0.0.0/0" - ], - "direction": "INGRESS", - "allowed_rules": [ - { - "IPProtocol": "icmp" - } - ], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default-allow-icmp", - "type": "FirewallRule", - "uid": "613284056905897095" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "Ensure that Google Cloud Virtual Private Cloud (VPC) firewall rules do not allow unrestricted access (i.e. 0.0.0.0/0) on TCP port 3389 in order to restrict Remote Desktop Protocol (RDP) traffic to trusted IP addresses or IP ranges only and reduce the attack surface. TCP port 3389 is used for secure remote GUI login to Windows VM instances by connecting a RDP client application with an RDP server.", - "references": [ - "https://cloud.google.com/vpc/docs/using-firewalls" - ] - }, - "risk_details": "Allowing unrestricted Remote Desktop Protocol (RDP) access can increase opportunities for malicious activities such as hacking, Man-In-The-Middle attacks (MITM) and Pass-The-Hash (PTH) attacks.", - "time": 1760901002, - "time_dt": "2025-10-19T19:10:02.363981", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Firewall default-allow-internal does not expose port 3389 (RDP) to the internet.", - "metadata": { - "event_code": "compute_firewall_rdp_access_from_the_internet_allowed", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "PASS", - "status_detail": "Firewall default-allow-internal does not expose port 3389 (RDP) to the internet.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.7" - ], - "SOC2": [ - "cc_6_6", - "cc_6_7" - ], - "ISO27001-2022": [ - "A.8.20" - ], - "ENS-RD2022": [ - "mp.com.1.gcp.fw.1" - ], - "PCI-4.0": [ - "1.2.5.17", - "1.2.8.21", - "1.2.8.41", - "1.3.1.24", - "1.3.2.24", - "1.3.2.45", - "1.4.2.19", - "1.4.2.22", - "1.5.1.21", - "1.5.1.40", - "10.3.2.12", - "2.2.5.17", - "3.5.1.3.14", - "A1.1.2.8", - "A1.1.3.16", - "A1.1.3.21", - "A1.1.3.40" - ], - "MITRE-ATTACK": [ - "T1190", - "T1199", - "T1048", - "T1498", - "T1046" - ], - "CIS-2.0": [ - "3.7" - ], - "NIS2": [ - "1.1.1.c", - "1.2.1", - "2.1.2.e", - "2.1.2.g", - "2.2.1", - "2.3.1", - "6.7.2.b", - "6.7.2.i", - "11.1.1", - "12.2.2.c" - ], - "ProwlerThreatScore-1.0": [ - "2.1.5" - ], - "CIS-4.0": [ - "3.7" - ], - "CCC": [ - "CCC.Build.CN03.AR01", - "CCC.DataWar.CN03.AR01", - "CCC.GenAI.CN04.AR01", - "CCC.MLDE.CN03.AR02", - "CCC.MLDE.CN04.AR02", - "CCC.MLDE.CN05.AR02", - "CCC.MLDE.CN07.AR01", - "CCC.MLDE.CN07.AR02", - "CCC.MLDE.CN08.AR01", - "CCC.MLDE.CN08.AR02", - "CCC.SvlsComp.CN01.AR01", - "CCC.Core.CN01.AR03", - "CCC.Core.CN01.AR07", - "CCC.Core.CN03.AR02", - "CCC.Core.CN03.AR04", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901002, - "created_time_dt": "2025-10-19T19:10:02.363981", - "desc": "GCP `Firewall Rules` are specific to a `VPC Network`. Each rule either `allows` or `denies` traffic when its conditions are met. Its conditions allow users to specify the type of traffic, such as ports and protocols, and the source or destination of the traffic, including IP addresses, subnets, and instances. Firewall rules are defined at the VPC network level and are specific to the network in which they are defined. The rules themselves cannot be shared among networks. Firewall rules only support IPv4 traffic. When specifying a source for an ingress rule or a destination for an egress rule by address, an `IPv4` address or `IPv4 block in CIDR` notation can be used. Generic `(0.0.0.0/0)` incoming traffic from the Internet to a VPC or VM instance using `RDP` on `Port 3389` can be avoided.", - "title": "Ensure That RDP Access Is Restricted From the Internet", - "types": [], - "uid": "prowler-gcp-compute_firewall_rdp_access_from_the_internet_allowed-nodal-time-474015-p5-global-default-allow-internal" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "default-allow-internal", - "id": "7344732286417982599", - "source_ranges": [ - "10.128.0.0/9" - ], - "direction": "INGRESS", - "allowed_rules": [ - { - "IPProtocol": "tcp", - "ports": [ - "0-65535" - ] - }, - { - "IPProtocol": "udp", - "ports": [ - "0-65535" - ] - }, - { - "IPProtocol": "icmp" - } - ], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default-allow-internal", - "type": "FirewallRule", - "uid": "7344732286417982599" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "Ensure that Google Cloud Virtual Private Cloud (VPC) firewall rules do not allow unrestricted access (i.e. 0.0.0.0/0) on TCP port 3389 in order to restrict Remote Desktop Protocol (RDP) traffic to trusted IP addresses or IP ranges only and reduce the attack surface. TCP port 3389 is used for secure remote GUI login to Windows VM instances by connecting a RDP client application with an RDP server.", - "references": [ - "https://cloud.google.com/vpc/docs/using-firewalls" - ] - }, - "risk_details": "Allowing unrestricted Remote Desktop Protocol (RDP) access can increase opportunities for malicious activities such as hacking, Man-In-The-Middle attacks (MITM) and Pass-The-Hash (PTH) attacks.", - "time": 1760901002, - "time_dt": "2025-10-19T19:10:02.363981", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Firewall default-allow-rdp does exposes port 3389 (RDP) to the internet.", - "metadata": { - "event_code": "compute_firewall_rdp_access_from_the_internet_allowed", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "FAIL", - "status_detail": "Firewall default-allow-rdp does exposes port 3389 (RDP) to the internet.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.7" - ], - "SOC2": [ - "cc_6_6", - "cc_6_7" - ], - "ISO27001-2022": [ - "A.8.20" - ], - "ENS-RD2022": [ - "mp.com.1.gcp.fw.1" - ], - "PCI-4.0": [ - "1.2.5.17", - "1.2.8.21", - "1.2.8.41", - "1.3.1.24", - "1.3.2.24", - "1.3.2.45", - "1.4.2.19", - "1.4.2.22", - "1.5.1.21", - "1.5.1.40", - "10.3.2.12", - "2.2.5.17", - "3.5.1.3.14", - "A1.1.2.8", - "A1.1.3.16", - "A1.1.3.21", - "A1.1.3.40" - ], - "MITRE-ATTACK": [ - "T1190", - "T1199", - "T1048", - "T1498", - "T1046" - ], - "CIS-2.0": [ - "3.7" - ], - "NIS2": [ - "1.1.1.c", - "1.2.1", - "2.1.2.e", - "2.1.2.g", - "2.2.1", - "2.3.1", - "6.7.2.b", - "6.7.2.i", - "11.1.1", - "12.2.2.c" - ], - "ProwlerThreatScore-1.0": [ - "2.1.5" - ], - "CIS-4.0": [ - "3.7" - ], - "CCC": [ - "CCC.Build.CN03.AR01", - "CCC.DataWar.CN03.AR01", - "CCC.GenAI.CN04.AR01", - "CCC.MLDE.CN03.AR02", - "CCC.MLDE.CN04.AR02", - "CCC.MLDE.CN05.AR02", - "CCC.MLDE.CN07.AR01", - "CCC.MLDE.CN07.AR02", - "CCC.MLDE.CN08.AR01", - "CCC.MLDE.CN08.AR02", - "CCC.SvlsComp.CN01.AR01", - "CCC.Core.CN01.AR03", - "CCC.Core.CN01.AR07", - "CCC.Core.CN03.AR02", - "CCC.Core.CN03.AR04", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901002, - "created_time_dt": "2025-10-19T19:10:02.363981", - "desc": "GCP `Firewall Rules` are specific to a `VPC Network`. Each rule either `allows` or `denies` traffic when its conditions are met. Its conditions allow users to specify the type of traffic, such as ports and protocols, and the source or destination of the traffic, including IP addresses, subnets, and instances. Firewall rules are defined at the VPC network level and are specific to the network in which they are defined. The rules themselves cannot be shared among networks. Firewall rules only support IPv4 traffic. When specifying a source for an ingress rule or a destination for an egress rule by address, an `IPv4` address or `IPv4 block in CIDR` notation can be used. Generic `(0.0.0.0/0)` incoming traffic from the Internet to a VPC or VM instance using `RDP` on `Port 3389` can be avoided.", - "title": "Ensure That RDP Access Is Restricted From the Internet", - "types": [], - "uid": "prowler-gcp-compute_firewall_rdp_access_from_the_internet_allowed-nodal-time-474015-p5-global-default-allow-rdp" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "default-allow-rdp", - "id": "438688946219209863", - "source_ranges": [ - "0.0.0.0/0" - ], - "direction": "INGRESS", - "allowed_rules": [ - { - "IPProtocol": "tcp", - "ports": [ - "3389" - ] - } - ], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default-allow-rdp", - "type": "FirewallRule", - "uid": "438688946219209863" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "Ensure that Google Cloud Virtual Private Cloud (VPC) firewall rules do not allow unrestricted access (i.e. 0.0.0.0/0) on TCP port 3389 in order to restrict Remote Desktop Protocol (RDP) traffic to trusted IP addresses or IP ranges only and reduce the attack surface. TCP port 3389 is used for secure remote GUI login to Windows VM instances by connecting a RDP client application with an RDP server.", - "references": [ - "https://cloud.google.com/vpc/docs/using-firewalls" - ] - }, - "risk_details": "Allowing unrestricted Remote Desktop Protocol (RDP) access can increase opportunities for malicious activities such as hacking, Man-In-The-Middle attacks (MITM) and Pass-The-Hash (PTH) attacks.", - "time": 1760901002, - "time_dt": "2025-10-19T19:10:02.363981", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Firewall default-allow-ssh does not expose port 3389 (RDP) to the internet.", - "metadata": { - "event_code": "compute_firewall_rdp_access_from_the_internet_allowed", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "PASS", - "status_detail": "Firewall default-allow-ssh does not expose port 3389 (RDP) to the internet.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.7" - ], - "SOC2": [ - "cc_6_6", - "cc_6_7" - ], - "ISO27001-2022": [ - "A.8.20" - ], - "ENS-RD2022": [ - "mp.com.1.gcp.fw.1" - ], - "PCI-4.0": [ - "1.2.5.17", - "1.2.8.21", - "1.2.8.41", - "1.3.1.24", - "1.3.2.24", - "1.3.2.45", - "1.4.2.19", - "1.4.2.22", - "1.5.1.21", - "1.5.1.40", - "10.3.2.12", - "2.2.5.17", - "3.5.1.3.14", - "A1.1.2.8", - "A1.1.3.16", - "A1.1.3.21", - "A1.1.3.40" - ], - "MITRE-ATTACK": [ - "T1190", - "T1199", - "T1048", - "T1498", - "T1046" - ], - "CIS-2.0": [ - "3.7" - ], - "NIS2": [ - "1.1.1.c", - "1.2.1", - "2.1.2.e", - "2.1.2.g", - "2.2.1", - "2.3.1", - "6.7.2.b", - "6.7.2.i", - "11.1.1", - "12.2.2.c" - ], - "ProwlerThreatScore-1.0": [ - "2.1.5" - ], - "CIS-4.0": [ - "3.7" - ], - "CCC": [ - "CCC.Build.CN03.AR01", - "CCC.DataWar.CN03.AR01", - "CCC.GenAI.CN04.AR01", - "CCC.MLDE.CN03.AR02", - "CCC.MLDE.CN04.AR02", - "CCC.MLDE.CN05.AR02", - "CCC.MLDE.CN07.AR01", - "CCC.MLDE.CN07.AR02", - "CCC.MLDE.CN08.AR01", - "CCC.MLDE.CN08.AR02", - "CCC.SvlsComp.CN01.AR01", - "CCC.Core.CN01.AR03", - "CCC.Core.CN01.AR07", - "CCC.Core.CN03.AR02", - "CCC.Core.CN03.AR04", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901002, - "created_time_dt": "2025-10-19T19:10:02.363981", - "desc": "GCP `Firewall Rules` are specific to a `VPC Network`. Each rule either `allows` or `denies` traffic when its conditions are met. Its conditions allow users to specify the type of traffic, such as ports and protocols, and the source or destination of the traffic, including IP addresses, subnets, and instances. Firewall rules are defined at the VPC network level and are specific to the network in which they are defined. The rules themselves cannot be shared among networks. Firewall rules only support IPv4 traffic. When specifying a source for an ingress rule or a destination for an egress rule by address, an `IPv4` address or `IPv4 block in CIDR` notation can be used. Generic `(0.0.0.0/0)` incoming traffic from the Internet to a VPC or VM instance using `RDP` on `Port 3389` can be avoided.", - "title": "Ensure That RDP Access Is Restricted From the Internet", - "types": [], - "uid": "prowler-gcp-compute_firewall_rdp_access_from_the_internet_allowed-nodal-time-474015-p5-global-default-allow-ssh" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "default-allow-ssh", - "id": "4612266095473677447", - "source_ranges": [ - "0.0.0.0/0" - ], - "direction": "INGRESS", - "allowed_rules": [ - { - "IPProtocol": "tcp", - "ports": [ - "22" - ] - } - ], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default-allow-ssh", - "type": "FirewallRule", - "uid": "4612266095473677447" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "Ensure that Google Cloud Virtual Private Cloud (VPC) firewall rules do not allow unrestricted access (i.e. 0.0.0.0/0) on TCP port 3389 in order to restrict Remote Desktop Protocol (RDP) traffic to trusted IP addresses or IP ranges only and reduce the attack surface. TCP port 3389 is used for secure remote GUI login to Windows VM instances by connecting a RDP client application with an RDP server.", - "references": [ - "https://cloud.google.com/vpc/docs/using-firewalls" - ] - }, - "risk_details": "Allowing unrestricted Remote Desktop Protocol (RDP) access can increase opportunities for malicious activities such as hacking, Man-In-The-Middle attacks (MITM) and Pass-The-Hash (PTH) attacks.", - "time": 1760901002, - "time_dt": "2025-10-19T19:10:02.363981", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Firewall default-allow-icmp does not expose port 22 (SSH) to the internet.", - "metadata": { - "event_code": "compute_firewall_ssh_access_from_the_internet_allowed", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "PASS", - "status_detail": "Firewall default-allow-icmp does not expose port 22 (SSH) to the internet.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.6" - ], - "SOC2": [ - "cc_6_6", - "cc_6_7" - ], - "ISO27001-2022": [ - "A.8.20" - ], - "ENS-RD2022": [ - "mp.com.1.gcp.fw.2" - ], - "PCI-4.0": [ - "1.2.5.17", - "1.2.8.16", - "1.2.8.17", - "1.2.8.21", - "1.2.8.25", - "1.2.8.40", - "1.2.8.41", - "1.3.1.18", - "1.3.1.19", - "1.3.1.24", - "1.3.2.15", - "1.3.2.18", - "1.3.2.19", - "1.3.2.24", - "1.3.2.45", - "1.4.2.17", - "1.4.2.18", - "1.4.2.19", - "1.4.2.22", - "1.4.2.24", - "1.5.1.16", - "1.5.1.17", - "1.5.1.21", - "1.5.1.40", - "10.3.2.12", - "2.2.5.17", - "3.5.1.3.14", - "A1.1.2.8", - "A1.1.3.16", - "A1.1.3.17", - "A1.1.3.21", - "A1.1.3.23", - "A1.1.3.40", - "A3.4.1.8" - ], - "MITRE-ATTACK": [ - "T1190", - "T1199", - "T1048", - "T1498", - "T1046" - ], - "CIS-2.0": [ - "3.6" - ], - "NIS2": [ - "1.1.1.c", - "1.2.1", - "2.1.2.e", - "2.1.2.g", - "2.2.1", - "2.3.1", - "6.7.2.b", - "6.7.2.i", - "11.1.1", - "11.6.2.a", - "11.7.2", - "12.2.2.c" - ], - "ProwlerThreatScore-1.0": [ - "2.1.4" - ], - "CIS-4.0": [ - "3.6" - ], - "CCC": [ - "CCC.Build.CN03.AR01", - "CCC.DataWar.CN03.AR01", - "CCC.GenAI.CN04.AR01", - "CCC.MLDE.CN03.AR01", - "CCC.MLDE.CN03.AR02", - "CCC.MLDE.CN04.AR02", - "CCC.MLDE.CN05.AR02", - "CCC.MLDE.CN07.AR01", - "CCC.MLDE.CN07.AR02", - "CCC.MLDE.CN08.AR01", - "CCC.MLDE.CN08.AR02", - "CCC.SvlsComp.CN01.AR01", - "CCC.Core.CN01.AR02", - "CCC.Core.CN01.AR03", - "CCC.Core.CN01.AR07", - "CCC.Core.CN03.AR02", - "CCC.Core.CN03.AR04", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901002, - "created_time_dt": "2025-10-19T19:10:02.363981", - "desc": "GCP `Firewall Rules` are specific to a `VPC Network`. Each rule either `allows` or `denies` traffic when its conditions are met. Its conditions allow the user to specify the type of traffic, such as ports and protocols, and the source or destination of the traffic, including IP addresses, subnets, and instances. Firewall rules are defined at the VPC network level and are specific to the network in which they are defined. The rules themselves cannot be shared among networks. Firewall rules only support IPv4 traffic. When specifying a source for an ingress rule or a destination for an egress rule by address, only an `IPv4` address or `IPv4 block in CIDR` notation can be used. Generic `(0.0.0.0/0)` incoming traffic from the internet to VPC or VM instance using `SSH` on `Port 22` can be avoided.", - "title": "Ensure That SSH Access Is Restricted From the Internet", - "types": [], - "uid": "prowler-gcp-compute_firewall_ssh_access_from_the_internet_allowed-nodal-time-474015-p5-global-default-allow-icmp" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "default-allow-icmp", - "id": "613284056905897095", - "source_ranges": [ - "0.0.0.0/0" - ], - "direction": "INGRESS", - "allowed_rules": [ - { - "IPProtocol": "icmp" - } - ], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default-allow-icmp", - "type": "FirewallRule", - "uid": "613284056905897095" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "Check your Google Cloud Virtual Private Cloud (VPC) firewall rules for inbound rules that allow unrestricted access (i.e. 0.0.0.0/0) on TCP port 22 and restrict the access to trusted IP addresses or IP ranges only in order to implement the principle of least privilege and reduce the attack surface. TCP port 22 is used for secure remote login by connecting an SSH client application with an SSH server. It is strongly recommended to configure your Google Cloud VPC firewall rules to limit inbound traffic on TCP port 22 to known IP addresses only.", - "references": [ - "https://cloud.google.com/vpc/docs/using-firewalls" - ] - }, - "risk_details": "Exposing Secure Shell (SSH) port 22 to the Internet can increase opportunities for malicious activities such as hacking, Man-In-The-Middle attacks (MITM) and brute-force attacks.", - "time": 1760901002, - "time_dt": "2025-10-19T19:10:02.363981", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Firewall default-allow-internal does not expose port 22 (SSH) to the internet.", - "metadata": { - "event_code": "compute_firewall_ssh_access_from_the_internet_allowed", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "PASS", - "status_detail": "Firewall default-allow-internal does not expose port 22 (SSH) to the internet.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.6" - ], - "SOC2": [ - "cc_6_6", - "cc_6_7" - ], - "ISO27001-2022": [ - "A.8.20" - ], - "ENS-RD2022": [ - "mp.com.1.gcp.fw.2" - ], - "PCI-4.0": [ - "1.2.5.17", - "1.2.8.16", - "1.2.8.17", - "1.2.8.21", - "1.2.8.25", - "1.2.8.40", - "1.2.8.41", - "1.3.1.18", - "1.3.1.19", - "1.3.1.24", - "1.3.2.15", - "1.3.2.18", - "1.3.2.19", - "1.3.2.24", - "1.3.2.45", - "1.4.2.17", - "1.4.2.18", - "1.4.2.19", - "1.4.2.22", - "1.4.2.24", - "1.5.1.16", - "1.5.1.17", - "1.5.1.21", - "1.5.1.40", - "10.3.2.12", - "2.2.5.17", - "3.5.1.3.14", - "A1.1.2.8", - "A1.1.3.16", - "A1.1.3.17", - "A1.1.3.21", - "A1.1.3.23", - "A1.1.3.40", - "A3.4.1.8" - ], - "MITRE-ATTACK": [ - "T1190", - "T1199", - "T1048", - "T1498", - "T1046" - ], - "CIS-2.0": [ - "3.6" - ], - "NIS2": [ - "1.1.1.c", - "1.2.1", - "2.1.2.e", - "2.1.2.g", - "2.2.1", - "2.3.1", - "6.7.2.b", - "6.7.2.i", - "11.1.1", - "11.6.2.a", - "11.7.2", - "12.2.2.c" - ], - "ProwlerThreatScore-1.0": [ - "2.1.4" - ], - "CIS-4.0": [ - "3.6" - ], - "CCC": [ - "CCC.Build.CN03.AR01", - "CCC.DataWar.CN03.AR01", - "CCC.GenAI.CN04.AR01", - "CCC.MLDE.CN03.AR01", - "CCC.MLDE.CN03.AR02", - "CCC.MLDE.CN04.AR02", - "CCC.MLDE.CN05.AR02", - "CCC.MLDE.CN07.AR01", - "CCC.MLDE.CN07.AR02", - "CCC.MLDE.CN08.AR01", - "CCC.MLDE.CN08.AR02", - "CCC.SvlsComp.CN01.AR01", - "CCC.Core.CN01.AR02", - "CCC.Core.CN01.AR03", - "CCC.Core.CN01.AR07", - "CCC.Core.CN03.AR02", - "CCC.Core.CN03.AR04", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901002, - "created_time_dt": "2025-10-19T19:10:02.363981", - "desc": "GCP `Firewall Rules` are specific to a `VPC Network`. Each rule either `allows` or `denies` traffic when its conditions are met. Its conditions allow the user to specify the type of traffic, such as ports and protocols, and the source or destination of the traffic, including IP addresses, subnets, and instances. Firewall rules are defined at the VPC network level and are specific to the network in which they are defined. The rules themselves cannot be shared among networks. Firewall rules only support IPv4 traffic. When specifying a source for an ingress rule or a destination for an egress rule by address, only an `IPv4` address or `IPv4 block in CIDR` notation can be used. Generic `(0.0.0.0/0)` incoming traffic from the internet to VPC or VM instance using `SSH` on `Port 22` can be avoided.", - "title": "Ensure That SSH Access Is Restricted From the Internet", - "types": [], - "uid": "prowler-gcp-compute_firewall_ssh_access_from_the_internet_allowed-nodal-time-474015-p5-global-default-allow-internal" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "default-allow-internal", - "id": "7344732286417982599", - "source_ranges": [ - "10.128.0.0/9" - ], - "direction": "INGRESS", - "allowed_rules": [ - { - "IPProtocol": "tcp", - "ports": [ - "0-65535" - ] - }, - { - "IPProtocol": "udp", - "ports": [ - "0-65535" - ] - }, - { - "IPProtocol": "icmp" - } - ], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default-allow-internal", - "type": "FirewallRule", - "uid": "7344732286417982599" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "Check your Google Cloud Virtual Private Cloud (VPC) firewall rules for inbound rules that allow unrestricted access (i.e. 0.0.0.0/0) on TCP port 22 and restrict the access to trusted IP addresses or IP ranges only in order to implement the principle of least privilege and reduce the attack surface. TCP port 22 is used for secure remote login by connecting an SSH client application with an SSH server. It is strongly recommended to configure your Google Cloud VPC firewall rules to limit inbound traffic on TCP port 22 to known IP addresses only.", - "references": [ - "https://cloud.google.com/vpc/docs/using-firewalls" - ] - }, - "risk_details": "Exposing Secure Shell (SSH) port 22 to the Internet can increase opportunities for malicious activities such as hacking, Man-In-The-Middle attacks (MITM) and brute-force attacks.", - "time": 1760901002, - "time_dt": "2025-10-19T19:10:02.363981", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Firewall default-allow-rdp does not expose port 22 (SSH) to the internet.", - "metadata": { - "event_code": "compute_firewall_ssh_access_from_the_internet_allowed", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "PASS", - "status_detail": "Firewall default-allow-rdp does not expose port 22 (SSH) to the internet.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.6" - ], - "SOC2": [ - "cc_6_6", - "cc_6_7" - ], - "ISO27001-2022": [ - "A.8.20" - ], - "ENS-RD2022": [ - "mp.com.1.gcp.fw.2" - ], - "PCI-4.0": [ - "1.2.5.17", - "1.2.8.16", - "1.2.8.17", - "1.2.8.21", - "1.2.8.25", - "1.2.8.40", - "1.2.8.41", - "1.3.1.18", - "1.3.1.19", - "1.3.1.24", - "1.3.2.15", - "1.3.2.18", - "1.3.2.19", - "1.3.2.24", - "1.3.2.45", - "1.4.2.17", - "1.4.2.18", - "1.4.2.19", - "1.4.2.22", - "1.4.2.24", - "1.5.1.16", - "1.5.1.17", - "1.5.1.21", - "1.5.1.40", - "10.3.2.12", - "2.2.5.17", - "3.5.1.3.14", - "A1.1.2.8", - "A1.1.3.16", - "A1.1.3.17", - "A1.1.3.21", - "A1.1.3.23", - "A1.1.3.40", - "A3.4.1.8" - ], - "MITRE-ATTACK": [ - "T1190", - "T1199", - "T1048", - "T1498", - "T1046" - ], - "CIS-2.0": [ - "3.6" - ], - "NIS2": [ - "1.1.1.c", - "1.2.1", - "2.1.2.e", - "2.1.2.g", - "2.2.1", - "2.3.1", - "6.7.2.b", - "6.7.2.i", - "11.1.1", - "11.6.2.a", - "11.7.2", - "12.2.2.c" - ], - "ProwlerThreatScore-1.0": [ - "2.1.4" - ], - "CIS-4.0": [ - "3.6" - ], - "CCC": [ - "CCC.Build.CN03.AR01", - "CCC.DataWar.CN03.AR01", - "CCC.GenAI.CN04.AR01", - "CCC.MLDE.CN03.AR01", - "CCC.MLDE.CN03.AR02", - "CCC.MLDE.CN04.AR02", - "CCC.MLDE.CN05.AR02", - "CCC.MLDE.CN07.AR01", - "CCC.MLDE.CN07.AR02", - "CCC.MLDE.CN08.AR01", - "CCC.MLDE.CN08.AR02", - "CCC.SvlsComp.CN01.AR01", - "CCC.Core.CN01.AR02", - "CCC.Core.CN01.AR03", - "CCC.Core.CN01.AR07", - "CCC.Core.CN03.AR02", - "CCC.Core.CN03.AR04", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901002, - "created_time_dt": "2025-10-19T19:10:02.363981", - "desc": "GCP `Firewall Rules` are specific to a `VPC Network`. Each rule either `allows` or `denies` traffic when its conditions are met. Its conditions allow the user to specify the type of traffic, such as ports and protocols, and the source or destination of the traffic, including IP addresses, subnets, and instances. Firewall rules are defined at the VPC network level and are specific to the network in which they are defined. The rules themselves cannot be shared among networks. Firewall rules only support IPv4 traffic. When specifying a source for an ingress rule or a destination for an egress rule by address, only an `IPv4` address or `IPv4 block in CIDR` notation can be used. Generic `(0.0.0.0/0)` incoming traffic from the internet to VPC or VM instance using `SSH` on `Port 22` can be avoided.", - "title": "Ensure That SSH Access Is Restricted From the Internet", - "types": [], - "uid": "prowler-gcp-compute_firewall_ssh_access_from_the_internet_allowed-nodal-time-474015-p5-global-default-allow-rdp" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "default-allow-rdp", - "id": "438688946219209863", - "source_ranges": [ - "0.0.0.0/0" - ], - "direction": "INGRESS", - "allowed_rules": [ - { - "IPProtocol": "tcp", - "ports": [ - "3389" - ] - } - ], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default-allow-rdp", - "type": "FirewallRule", - "uid": "438688946219209863" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "Check your Google Cloud Virtual Private Cloud (VPC) firewall rules for inbound rules that allow unrestricted access (i.e. 0.0.0.0/0) on TCP port 22 and restrict the access to trusted IP addresses or IP ranges only in order to implement the principle of least privilege and reduce the attack surface. TCP port 22 is used for secure remote login by connecting an SSH client application with an SSH server. It is strongly recommended to configure your Google Cloud VPC firewall rules to limit inbound traffic on TCP port 22 to known IP addresses only.", - "references": [ - "https://cloud.google.com/vpc/docs/using-firewalls" - ] - }, - "risk_details": "Exposing Secure Shell (SSH) port 22 to the Internet can increase opportunities for malicious activities such as hacking, Man-In-The-Middle attacks (MITM) and brute-force attacks.", - "time": 1760901002, - "time_dt": "2025-10-19T19:10:02.363981", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Firewall default-allow-ssh does exposes port 22 (SSH) to the internet.", - "metadata": { - "event_code": "compute_firewall_ssh_access_from_the_internet_allowed", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "FAIL", - "status_detail": "Firewall default-allow-ssh does exposes port 22 (SSH) to the internet.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.6" - ], - "SOC2": [ - "cc_6_6", - "cc_6_7" - ], - "ISO27001-2022": [ - "A.8.20" - ], - "ENS-RD2022": [ - "mp.com.1.gcp.fw.2" - ], - "PCI-4.0": [ - "1.2.5.17", - "1.2.8.16", - "1.2.8.17", - "1.2.8.21", - "1.2.8.25", - "1.2.8.40", - "1.2.8.41", - "1.3.1.18", - "1.3.1.19", - "1.3.1.24", - "1.3.2.15", - "1.3.2.18", - "1.3.2.19", - "1.3.2.24", - "1.3.2.45", - "1.4.2.17", - "1.4.2.18", - "1.4.2.19", - "1.4.2.22", - "1.4.2.24", - "1.5.1.16", - "1.5.1.17", - "1.5.1.21", - "1.5.1.40", - "10.3.2.12", - "2.2.5.17", - "3.5.1.3.14", - "A1.1.2.8", - "A1.1.3.16", - "A1.1.3.17", - "A1.1.3.21", - "A1.1.3.23", - "A1.1.3.40", - "A3.4.1.8" - ], - "MITRE-ATTACK": [ - "T1190", - "T1199", - "T1048", - "T1498", - "T1046" - ], - "CIS-2.0": [ - "3.6" - ], - "NIS2": [ - "1.1.1.c", - "1.2.1", - "2.1.2.e", - "2.1.2.g", - "2.2.1", - "2.3.1", - "6.7.2.b", - "6.7.2.i", - "11.1.1", - "11.6.2.a", - "11.7.2", - "12.2.2.c" - ], - "ProwlerThreatScore-1.0": [ - "2.1.4" - ], - "CIS-4.0": [ - "3.6" - ], - "CCC": [ - "CCC.Build.CN03.AR01", - "CCC.DataWar.CN03.AR01", - "CCC.GenAI.CN04.AR01", - "CCC.MLDE.CN03.AR01", - "CCC.MLDE.CN03.AR02", - "CCC.MLDE.CN04.AR02", - "CCC.MLDE.CN05.AR02", - "CCC.MLDE.CN07.AR01", - "CCC.MLDE.CN07.AR02", - "CCC.MLDE.CN08.AR01", - "CCC.MLDE.CN08.AR02", - "CCC.SvlsComp.CN01.AR01", - "CCC.Core.CN01.AR02", - "CCC.Core.CN01.AR03", - "CCC.Core.CN01.AR07", - "CCC.Core.CN03.AR02", - "CCC.Core.CN03.AR04", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901002, - "created_time_dt": "2025-10-19T19:10:02.363981", - "desc": "GCP `Firewall Rules` are specific to a `VPC Network`. Each rule either `allows` or `denies` traffic when its conditions are met. Its conditions allow the user to specify the type of traffic, such as ports and protocols, and the source or destination of the traffic, including IP addresses, subnets, and instances. Firewall rules are defined at the VPC network level and are specific to the network in which they are defined. The rules themselves cannot be shared among networks. Firewall rules only support IPv4 traffic. When specifying a source for an ingress rule or a destination for an egress rule by address, only an `IPv4` address or `IPv4 block in CIDR` notation can be used. Generic `(0.0.0.0/0)` incoming traffic from the internet to VPC or VM instance using `SSH` on `Port 22` can be avoided.", - "title": "Ensure That SSH Access Is Restricted From the Internet", - "types": [], - "uid": "prowler-gcp-compute_firewall_ssh_access_from_the_internet_allowed-nodal-time-474015-p5-global-default-allow-ssh" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "default-allow-ssh", - "id": "4612266095473677447", - "source_ranges": [ - "0.0.0.0/0" - ], - "direction": "INGRESS", - "allowed_rules": [ - { - "IPProtocol": "tcp", - "ports": [ - "22" - ] - } - ], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default-allow-ssh", - "type": "FirewallRule", - "uid": "4612266095473677447" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "Check your Google Cloud Virtual Private Cloud (VPC) firewall rules for inbound rules that allow unrestricted access (i.e. 0.0.0.0/0) on TCP port 22 and restrict the access to trusted IP addresses or IP ranges only in order to implement the principle of least privilege and reduce the attack surface. TCP port 22 is used for secure remote login by connecting an SSH client application with an SSH server. It is strongly recommended to configure your Google Cloud VPC firewall rules to limit inbound traffic on TCP port 22 to known IP addresses only.", - "references": [ - "https://cloud.google.com/vpc/docs/using-firewalls" - ] - }, - "risk_details": "Exposing Secure Shell (SSH) port 22 to the Internet can increase opportunities for malicious activities such as hacking, Man-In-The-Middle attacks (MITM) and brute-force attacks.", - "time": 1760901002, - "time_dt": "2025-10-19T19:10:02.363981", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Default network is in use in project nodal-time-474015-p5.", - "metadata": { - "event_code": "compute_network_default_in_use", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Default network is in use in project nodal-time-474015-p5.", - "status_id": 1, - "unmapped": { - "related_url": "https://www.trendmicro.com/cloudoneconformity/knowledge-base/gcp/CloudVPC/default-vpc-in-use.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.1" - ], - "ISO27001-2022": [ - "A.8.20" - ], - "ENS-RD2022": [ - "mp.com.3.r1.gcp.net.1", - "mp.com.4.gcp.vpc.1", - "mp.com.4.r1.gcp.net.1" - ], - "PCI-4.0": [ - "1.4.2.19" - ], - "MITRE-ATTACK": [ - "T1046" - ], - "CIS-2.0": [ - "3.1" - ], - "NIS2": [ - "1.1.1.c", - "1.2.1", - "2.1.2.e", - "2.1.2.g", - "2.2.1", - "2.3.1", - "5.1.2.a", - "6.2.1" - ], - "ProwlerThreatScore-1.0": [ - "2.1.1" - ], - "CIS-4.0": [ - "3.1" - ], - "CCC": [ - "CCC.MLDE.CN08.AR01", - "CCC.MLDE.CN08.AR02", - "CCC.VPC.CN01.AR01" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901002, - "created_time_dt": "2025-10-19T19:10:02.363981", - "desc": "Ensure that the default network does not exist", - "title": "Ensure that the default network does not exist", - "types": [], - "uid": "prowler-gcp-compute_network_default_in_use-nodal-time-474015-p5-global-default" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "1894544973933139113", - "subnet_mode": "auto", - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Network", - "uid": "default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "When an organization deletes the default network, it may need to migrate or service onto a new network.", - "references": [ - "https://cloud.google.com/vpc/docs/using-vpc" - ] - }, - "risk_details": "The default network has a preconfigured network configuration and automatically generates insecure firewall rules.", - "time": 1760901002, - "time_dt": "2025-10-19T19:10:02.363981", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Network default does not have DNS logging enabled.", - "metadata": { - "event_code": "compute_network_dns_logging_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Network default does not have DNS logging enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_6_6", - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.8.gcp.nt.1", - "mp.com.2.r2.gcp.scc.1", - "mp.com.3.r3.gcp.scc.1" - ], - "PCI-4.0": [ - "1.3.2.44", - "1.4.1.9", - "1.4.2.42", - "1.4.4.9", - "10.2.1.1.6", - "10.2.1.1.29", - "10.2.1.2.6", - "10.2.1.2.12", - "10.2.1.2.21", - "10.2.1.2.26", - "10.2.1.3.6", - "10.2.1.3.21", - "10.2.1.3.26", - "10.2.1.4.6", - "10.2.1.4.21", - "10.2.1.4.26", - "10.2.1.5.6", - "10.2.1.5.26", - "10.2.1.6.6", - "10.2.1.6.21", - "10.2.1.6.26", - "10.2.1.7.6", - "10.2.1.7.12", - "10.2.1.7.26", - "10.2.1.6", - "10.2.1.26", - "10.2.2.6", - "10.2.2.21", - "10.2.2.26", - "10.3.1.6", - "10.3.1.12", - "10.3.1.26", - "10.5.1.9", - "10.6.3.6", - "10.6.3.14", - "10.6.3.26", - "10.6.3.32", - "5.3.4.6", - "5.3.4.24", - "5.3.4.31", - "A1.2.1.6", - "A1.2.1.25", - "A1.2.1.30" - ], - "MITRE-ATTACK": [ - "T1046" - ], - "CIS-2.0": [ - "2.12" - ], - "NIS2": [ - "1.1.1.c", - "1.2.1", - "2.1.2.e", - "2.1.2.g", - "2.1.2.h", - "2.2.1", - "2.3.1", - "3.2.1", - "3.2.3.a", - "3.2.3.d", - "3.6.2", - "6.2.1", - "6.7.2.i", - "6.7.2.l", - "7.2.b", - "9.2.a", - "11.1.1", - "11.5.2.d", - "12.2.2.c" - ], - "CCC": [ - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901002, - "created_time_dt": "2025-10-19T19:10:02.363981", - "desc": "Ensure that Cloud DNS logging is enabled for all your Virtual Private Cloud (VPC) networks using DNS server policies. Cloud DNS logging records queries that the name servers resolve for your Google Cloud VPC networks, as well as queries from external entities directly to a public DNS zone. Recorded queries can come from virtual machine (VM) instances, GKE containers running in the same VPC network, peering zones, or other Google Cloud resources provisioned within your VPC.", - "title": "Enable Cloud DNS Logging for VPC Networks", - "types": [], - "uid": "prowler-gcp-compute_network_dns_logging_enabled-nodal-time-474015-p5-global-default" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "1894544973933139113", - "subnet_mode": "auto", - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Network", - "uid": "1894544973933139113" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "Cloud DNS logging records the queries from the name servers within your VPC to Stackdriver. Logged queries can come from Compute Engine VMs, GKE containers, or other GCP resources provisioned within the VPC.", - "references": [ - "https://cloud.google.com/dns/docs/monitoring" - ] - }, - "risk_details": "Cloud DNS logging is disabled by default on each Google Cloud VPC network. By enabling monitoring of Cloud DNS logs, you can increase visibility into the DNS names requested by the clients within your VPC network. Cloud DNS logs can be monitored for anomalous domain names and evaluated against threat intelligence.", - "time": 1760901002, - "time_dt": "2025-10-19T19:10:02.363981", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Network simple-workbench does not have DNS logging enabled.", - "metadata": { - "event_code": "compute_network_dns_logging_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Network simple-workbench does not have DNS logging enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_6_6", - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.8.gcp.nt.1", - "mp.com.2.r2.gcp.scc.1", - "mp.com.3.r3.gcp.scc.1" - ], - "PCI-4.0": [ - "1.3.2.44", - "1.4.1.9", - "1.4.2.42", - "1.4.4.9", - "10.2.1.1.6", - "10.2.1.1.29", - "10.2.1.2.6", - "10.2.1.2.12", - "10.2.1.2.21", - "10.2.1.2.26", - "10.2.1.3.6", - "10.2.1.3.21", - "10.2.1.3.26", - "10.2.1.4.6", - "10.2.1.4.21", - "10.2.1.4.26", - "10.2.1.5.6", - "10.2.1.5.26", - "10.2.1.6.6", - "10.2.1.6.21", - "10.2.1.6.26", - "10.2.1.7.6", - "10.2.1.7.12", - "10.2.1.7.26", - "10.2.1.6", - "10.2.1.26", - "10.2.2.6", - "10.2.2.21", - "10.2.2.26", - "10.3.1.6", - "10.3.1.12", - "10.3.1.26", - "10.5.1.9", - "10.6.3.6", - "10.6.3.14", - "10.6.3.26", - "10.6.3.32", - "5.3.4.6", - "5.3.4.24", - "5.3.4.31", - "A1.2.1.6", - "A1.2.1.25", - "A1.2.1.30" - ], - "MITRE-ATTACK": [ - "T1046" - ], - "CIS-2.0": [ - "2.12" - ], - "NIS2": [ - "1.1.1.c", - "1.2.1", - "2.1.2.e", - "2.1.2.g", - "2.1.2.h", - "2.2.1", - "2.3.1", - "3.2.1", - "3.2.3.a", - "3.2.3.d", - "3.6.2", - "6.2.1", - "6.7.2.i", - "6.7.2.l", - "7.2.b", - "9.2.a", - "11.1.1", - "11.5.2.d", - "12.2.2.c" - ], - "CCC": [ - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901002, - "created_time_dt": "2025-10-19T19:10:02.363981", - "desc": "Ensure that Cloud DNS logging is enabled for all your Virtual Private Cloud (VPC) networks using DNS server policies. Cloud DNS logging records queries that the name servers resolve for your Google Cloud VPC networks, as well as queries from external entities directly to a public DNS zone. Recorded queries can come from virtual machine (VM) instances, GKE containers running in the same VPC network, peering zones, or other Google Cloud resources provisioned within your VPC.", - "title": "Enable Cloud DNS Logging for VPC Networks", - "types": [], - "uid": "prowler-gcp-compute_network_dns_logging_enabled-nodal-time-474015-p5-global-simple-workbench" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "simple-workbench", - "id": "6879006949331747071", - "subnet_mode": "custom", - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "simple-workbench", - "type": "Network", - "uid": "6879006949331747071" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "Cloud DNS logging records the queries from the name servers within your VPC to Stackdriver. Logged queries can come from Compute Engine VMs, GKE containers, or other GCP resources provisioned within the VPC.", - "references": [ - "https://cloud.google.com/dns/docs/monitoring" - ] - }, - "risk_details": "Cloud DNS logging is disabled by default on each Google Cloud VPC network. By enabling monitoring of Cloud DNS logs, you can increase visibility into the DNS names requested by the clients within your VPC network. Cloud DNS logs can be monitored for anomalous domain names and evaluated against threat intelligence.", - "time": 1760901002, - "time_dt": "2025-10-19T19:10:02.363981", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Network default is not legacy.", - "metadata": { - "event_code": "compute_network_not_legacy", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Network default is not legacy.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.2" - ], - "ISO27001-2022": [ - "A.8.20" - ], - "MITRE-ATTACK": [ - "T1498", - "T1046" - ], - "CIS-2.0": [ - "3.2" - ], - "NIS2": [ - "1.1.1.c", - "1.2.1", - "2.1.2.e", - "2.1.2.g", - "2.2.1", - "2.3.1", - "6.2.1", - "11.1.1" - ], - "ProwlerThreatScore-1.0": [ - "2.1.2" - ], - "CIS-4.0": [ - "3.2" - ], - "CCC": [ - "CCC.MLDE.CN08.AR01", - "CCC.MLDE.CN08.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901002, - "created_time_dt": "2025-10-19T19:10:02.363981", - "desc": "In order to prevent use of legacy networks, a project should not have a legacy network configured. As of now, Legacy Networks are gradually being phased out, and you can no longer create projects with them. This recommendation is to check older projects to ensure that they are not using Legacy Networks.", - "title": "Ensure Legacy Networks Do Not Exist", - "types": [], - "uid": "prowler-gcp-compute_network_not_legacy-nodal-time-474015-p5-global-default" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "1894544973933139113", - "subnet_mode": "auto", - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Network", - "uid": "1894544973933139113" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "Ensure that your Google Cloud Platform (GCP) projects are not using legacy networks as this type of network is no longer recommended for production environments because it does not support advanced networking features. Instead, it is strongly recommended to use Virtual Private Cloud (VPC) networks for existing and future GCP projects.", - "references": [ - "https://cloud.google.com/vpc/docs/using-legacy#deleting_a_legacy_network" - ] - }, - "risk_details": "Google Cloud legacy networks have a single global IPv4 range which cannot be divided into subnets, and a single gateway IP address for the whole network. Legacy networks do not support several Google Cloud networking features such as subnets, alias IP ranges, multiple network interfaces, Cloud NAT (Network Address Translation), Virtual Private Cloud (VPC) Peering, and private access options for GCP services. Legacy networks are not recommended for high network traffic projects and are subject to a single point of contention or failure.", - "time": 1760901002, - "time_dt": "2025-10-19T19:10:02.363981", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Network simple-workbench is not legacy.", - "metadata": { - "event_code": "compute_network_not_legacy", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Network simple-workbench is not legacy.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.2" - ], - "ISO27001-2022": [ - "A.8.20" - ], - "MITRE-ATTACK": [ - "T1498", - "T1046" - ], - "CIS-2.0": [ - "3.2" - ], - "NIS2": [ - "1.1.1.c", - "1.2.1", - "2.1.2.e", - "2.1.2.g", - "2.2.1", - "2.3.1", - "6.2.1", - "11.1.1" - ], - "ProwlerThreatScore-1.0": [ - "2.1.2" - ], - "CIS-4.0": [ - "3.2" - ], - "CCC": [ - "CCC.MLDE.CN08.AR01", - "CCC.MLDE.CN08.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901002, - "created_time_dt": "2025-10-19T19:10:02.363981", - "desc": "In order to prevent use of legacy networks, a project should not have a legacy network configured. As of now, Legacy Networks are gradually being phased out, and you can no longer create projects with them. This recommendation is to check older projects to ensure that they are not using Legacy Networks.", - "title": "Ensure Legacy Networks Do Not Exist", - "types": [], - "uid": "prowler-gcp-compute_network_not_legacy-nodal-time-474015-p5-global-simple-workbench" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "simple-workbench", - "id": "6879006949331747071", - "subnet_mode": "custom", - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "simple-workbench", - "type": "Network", - "uid": "6879006949331747071" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "Ensure that your Google Cloud Platform (GCP) projects are not using legacy networks as this type of network is no longer recommended for production environments because it does not support advanced networking features. Instead, it is strongly recommended to use Virtual Private Cloud (VPC) networks for existing and future GCP projects.", - "references": [ - "https://cloud.google.com/vpc/docs/using-legacy#deleting_a_legacy_network" - ] - }, - "risk_details": "Google Cloud legacy networks have a single global IPv4 range which cannot be divided into subnets, and a single gateway IP address for the whole network. Legacy networks do not support several Google Cloud networking features such as subnets, alias IP ranges, multiple network interfaces, Cloud NAT (Network Address Translation), Virtual Private Cloud (VPC) Peering, and private access options for GCP services. Legacy networks are not recommended for high network traffic projects and are subject to a single point of contention or failure.", - "time": 1760901002, - "time_dt": "2025-10-19T19:10:02.363981", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Project nodal-time-474015-p5 does not have OS Login enabled.", - "metadata": { - "event_code": "compute_project_os_login_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "Project nodal-time-474015-p5 does not have OS Login enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "4.4" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16" - ], - "ENS-RD2022": [ - "op.ext.3.gcp.log.1" - ], - "CIS-2.0": [ - "4.4" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.2.3.d", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "CIS-4.0": [ - "4.4" - ], - "CCC": [ - "CCC.MLDE.CN03.AR01", - "CCC.MLDE.CN03.AR02", - "CCC.Core.CN03.AR04", - "CCC.Core.CN05.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901002, - "created_time_dt": "2025-10-19T19:10:02.363981", - "desc": "Ensure that the OS Login feature is enabled at the Google Cloud Platform (GCP) project level in order to provide you with centralized and automated SSH key pair management.", - "title": "Ensure Os Login Is Enabled for a Project", - "types": [], - "uid": "prowler-gcp-compute_project_os_login_enabled-nodal-time-474015-p5-global-My First Project" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "number": 784623368087, - "id": "nodal-time-474015-p5", - "name": "My First Project", - "organization": null, - "labels": {}, - "lifecycle_state": "ACTIVE" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "My First Project", - "type": "GCPProject", - "uid": "nodal-time-474015-p5" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "Ensure that the OS Login feature is enabled at the Google Cloud Platform (GCP) project level in order to provide you with centralized and automated SSH key pair management.", - "references": [ - "https://cloud.google.com/compute/confidential-vm/docs/creating-cvm-instance:https://cloud.google.com/compute/confidential-vm/docs/about-cvm:https://cloud.google.com/confidential-computing:https://cloud.google.com/blog/products/identity-security/introducing-google-cloud-confidential-computing-with-confidential-vms" - ] - }, - "risk_details": "Enabling OS Login feature ensures that the SSH keys used to connect to VM instances are mapped with Google Cloud IAM users. Revoking access to corresponding IAM users will revoke all the SSH keys associated with these users, therefore it facilitates centralized SSH key pair management, which is extremely useful in handling compromised or stolen SSH key pairs and/or revocation of external/third-party/vendor users.", - "time": 1760901002, - "time_dt": "2025-10-19T19:10:02.363981", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901002, - "created_time_dt": "2025-10-19T19:10:02.363981", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-us-west2-default" - }, - "resources": [ - { - "region": "us-west2", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "24288970830075042", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "us-west2" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "24288970830075042" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-west2" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901002, - "time_dt": "2025-10-19T19:10:02.363981", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901002, - "created_time_dt": "2025-10-19T19:10:02.363981", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-us-west3-default" - }, - "resources": [ - { - "region": "us-west3", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "5329755272922092706", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "us-west3" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "5329755272922092706" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-west3" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901002, - "time_dt": "2025-10-19T19:10:02.363981", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901002, - "created_time_dt": "2025-10-19T19:10:02.363981", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-us-east5-default" - }, - "resources": [ - { - "region": "us-east5", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "1401430415650673826", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "us-east5" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "1401430415650673826" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-east5" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901002, - "time_dt": "2025-10-19T19:10:02.363981", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901002, - "created_time_dt": "2025-10-19T19:10:02.363981", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-europe-west4-default" - }, - "resources": [ - { - "region": "europe-west4", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "5555571983192249506", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "europe-west4" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "5555571983192249506" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "europe-west4" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901002, - "time_dt": "2025-10-19T19:10:02.363981", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901002, - "created_time_dt": "2025-10-19T19:10:02.363981", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-northamerica-south1-default" - }, - "resources": [ - { - "region": "northamerica-south1", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "7144258258311140514", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "northamerica-south1" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "7144258258311140514" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "northamerica-south1" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901002, - "time_dt": "2025-10-19T19:10:02.363981", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901002, - "created_time_dt": "2025-10-19T19:10:02.363981", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-europe-west9-default" - }, - "resources": [ - { - "region": "europe-west9", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "1074046580757714082", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "europe-west9" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "1074046580757714082" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "europe-west9" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901002, - "time_dt": "2025-10-19T19:10:02.363981", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901002, - "created_time_dt": "2025-10-19T19:10:02.363981", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-europe-west3-default" - }, - "resources": [ - { - "region": "europe-west3", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "5772105379350140066", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "europe-west3" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "5772105379350140066" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "europe-west3" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901002, - "time_dt": "2025-10-19T19:10:02.363981", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901002, - "created_time_dt": "2025-10-19T19:10:02.363981", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-europe-west1-default" - }, - "resources": [ - { - "region": "europe-west1", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "3398545940062753954", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "europe-west1" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "3398545940062753954" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "europe-west1" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901002, - "time_dt": "2025-10-19T19:10:02.363981", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901002, - "created_time_dt": "2025-10-19T19:10:02.363981", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-us-east4-default" - }, - "resources": [ - { - "region": "us-east4", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "2543292856211690658", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "us-east4" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "2543292856211690658" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-east4" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901002, - "time_dt": "2025-10-19T19:10:02.363981", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901002, - "created_time_dt": "2025-10-19T19:10:02.363981", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-australia-southeast2-default" - }, - "resources": [ - { - "region": "australia-southeast2", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "4285468416242439330", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "australia-southeast2" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "4285468416242439330" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "australia-southeast2" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901002, - "time_dt": "2025-10-19T19:10:02.363981", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901002, - "created_time_dt": "2025-10-19T19:10:02.363981", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-me-central1-default" - }, - "resources": [ - { - "region": "me-central1", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "8693862684678509730", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "me-central1" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "8693862684678509730" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "me-central1" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901002, - "time_dt": "2025-10-19T19:10:02.363981", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901002, - "created_time_dt": "2025-10-19T19:10:02.363981", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-australia-southeast1-default" - }, - "resources": [ - { - "region": "australia-southeast1", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "5526634061214864546", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "australia-southeast1" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "5526634061214864546" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "australia-southeast1" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901002, - "time_dt": "2025-10-19T19:10:02.363981", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901002, - "created_time_dt": "2025-10-19T19:10:02.363981", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-us-south1-default" - }, - "resources": [ - { - "region": "us-south1", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "1314274851926135970", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "us-south1" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "1314274851926135970" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-south1" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901002, - "time_dt": "2025-10-19T19:10:02.363981", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901002, - "created_time_dt": "2025-10-19T19:10:02.363981", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-europe-north1-default" - }, - "resources": [ - { - "region": "europe-north1", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "6168370688555570338", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "europe-north1" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "6168370688555570338" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "europe-north1" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901002, - "time_dt": "2025-10-19T19:10:02.363981", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901002, - "created_time_dt": "2025-10-19T19:10:02.363981", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-us-west4-default" - }, - "resources": [ - { - "region": "us-west4", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "7215612770497680546", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "us-west4" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "7215612770497680546" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-west4" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901002, - "time_dt": "2025-10-19T19:10:02.363981", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901002, - "created_time_dt": "2025-10-19T19:10:02.363981", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-us-west1-default" - }, - "resources": [ - { - "region": "us-west1", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "8333568044404659362", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "us-west1" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "8333568044404659362" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-west1" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901002, - "time_dt": "2025-10-19T19:10:02.363981", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901002, - "created_time_dt": "2025-10-19T19:10:02.363981", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-northamerica-northeast2-default" - }, - "resources": [ - { - "region": "northamerica-northeast2", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "483380030849242274", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "northamerica-northeast2" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "483380030849242274" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "northamerica-northeast2" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901002, - "time_dt": "2025-10-19T19:10:02.363981", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901002, - "created_time_dt": "2025-10-19T19:10:02.363981", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-us-east1-default" - }, - "resources": [ - { - "region": "us-east1", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "355354730862040226", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "us-east1" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "355354730862040226" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-east1" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901002, - "time_dt": "2025-10-19T19:10:02.363981", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901002, - "created_time_dt": "2025-10-19T19:10:02.363981", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-asia-southeast2-default" - }, - "resources": [ - { - "region": "asia-southeast2", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "1491739310004196514", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "asia-southeast2" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "1491739310004196514" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "asia-southeast2" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901002, - "time_dt": "2025-10-19T19:10:02.363981", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901002, - "created_time_dt": "2025-10-19T19:10:02.363981", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-europe-southwest1-default" - }, - "resources": [ - { - "region": "europe-southwest1", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "1089352323782235298", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "europe-southwest1" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "1089352323782235298" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "europe-southwest1" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901002, - "time_dt": "2025-10-19T19:10:02.363981", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901002, - "created_time_dt": "2025-10-19T19:10:02.363981", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-asia-northeast2-default" - }, - "resources": [ - { - "region": "asia-northeast2", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "508768411464586402", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "asia-northeast2" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "508768411464586402" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "asia-northeast2" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901002, - "time_dt": "2025-10-19T19:10:02.363981", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901002, - "created_time_dt": "2025-10-19T19:10:02.363981", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-northamerica-northeast1-default" - }, - "resources": [ - { - "region": "northamerica-northeast1", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "3188169212019954850", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "northamerica-northeast1" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "3188169212019954850" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "northamerica-northeast1" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901002, - "time_dt": "2025-10-19T19:10:02.363981", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901002, - "created_time_dt": "2025-10-19T19:10:02.363981", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-europe-central2-default" - }, - "resources": [ - { - "region": "europe-central2", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "4980955262212461730", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "europe-central2" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "4980955262212461730" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "europe-central2" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901002, - "time_dt": "2025-10-19T19:10:02.363981", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901002, - "created_time_dt": "2025-10-19T19:10:02.363981", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-southamerica-east1-default" - }, - "resources": [ - { - "region": "southamerica-east1", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "5608727104037934242", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "southamerica-east1" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "5608727104037934242" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "southamerica-east1" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901002, - "time_dt": "2025-10-19T19:10:02.363981", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901002, - "created_time_dt": "2025-10-19T19:10:02.363981", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-us-central1-default" - }, - "resources": [ - { - "region": "us-central1", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "7706237583483294882", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "us-central1" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "7706237583483294882" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-central1" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901002, - "time_dt": "2025-10-19T19:10:02.363981", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet simple-subnet-01 in network simple-workbench does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet simple-subnet-01 in network simple-workbench does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901002, - "created_time_dt": "2025-10-19T19:10:02.363981", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-us-central1-simple-subnet-01" - }, - "resources": [ - { - "region": "us-central1", - "data": { - "details": "", - "metadata": { - "name": "simple-subnet-01", - "id": "8482275995630223604", - "network": "simple-workbench", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "us-central1" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "simple-subnet-01", - "type": "Subnet", - "uid": "8482275995630223604" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-central1" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901002, - "time_dt": "2025-10-19T19:10:02.363981", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901002, - "created_time_dt": "2025-10-19T19:10:02.363981", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-africa-south1-default" - }, - "resources": [ - { - "region": "africa-south1", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "3728776852941657249", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "africa-south1" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "3728776852941657249" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "africa-south1" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901002, - "time_dt": "2025-10-19T19:10:02.363981", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901002, - "created_time_dt": "2025-10-19T19:10:02.363981", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-europe-west10-default" - }, - "resources": [ - { - "region": "europe-west10", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "4896835085019993250", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "europe-west10" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "4896835085019993250" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "europe-west10" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901002, - "time_dt": "2025-10-19T19:10:02.363981", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901002, - "created_time_dt": "2025-10-19T19:10:02.363981", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-europe-west6-default" - }, - "resources": [ - { - "region": "europe-west6", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "3716081487960429730", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "europe-west6" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "3716081487960429730" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "europe-west6" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901002, - "time_dt": "2025-10-19T19:10:02.363981", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901002, - "created_time_dt": "2025-10-19T19:10:02.363981", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-asia-east2-default" - }, - "resources": [ - { - "region": "asia-east2", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "6078557433428006050", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "asia-east2" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "6078557433428006050" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "asia-east2" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901002, - "time_dt": "2025-10-19T19:10:02.363981", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901002, - "created_time_dt": "2025-10-19T19:10:02.363981", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-southamerica-west1-default" - }, - "resources": [ - { - "region": "southamerica-west1", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "608650311179523233", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "southamerica-west1" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "608650311179523233" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "southamerica-west1" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901002, - "time_dt": "2025-10-19T19:10:02.363981", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901002, - "created_time_dt": "2025-10-19T19:10:02.363981", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-asia-northeast1-default" - }, - "resources": [ - { - "region": "asia-northeast1", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "7315669883403457698", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "asia-northeast1" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "7315669883403457698" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "asia-northeast1" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901002, - "time_dt": "2025-10-19T19:10:02.363981", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901002, - "created_time_dt": "2025-10-19T19:10:02.363981", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-europe-west8-default" - }, - "resources": [ - { - "region": "europe-west8", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "8540268486600512674", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "europe-west8" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "8540268486600512674" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "europe-west8" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901002, - "time_dt": "2025-10-19T19:10:02.363981", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901002, - "created_time_dt": "2025-10-19T19:10:02.363981", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-asia-east1-default" - }, - "resources": [ - { - "region": "asia-east1", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "5813254284192076962", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "asia-east1" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "5813254284192076962" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "asia-east1" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901002, - "time_dt": "2025-10-19T19:10:02.363981", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901002, - "created_time_dt": "2025-10-19T19:10:02.363981", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-europe-west12-default" - }, - "resources": [ - { - "region": "europe-west12", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "5525328356797142178", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "europe-west12" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "5525328356797142178" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "europe-west12" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901002, - "time_dt": "2025-10-19T19:10:02.363981", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901002, - "created_time_dt": "2025-10-19T19:10:02.363981", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-europe-north2-default" - }, - "resources": [ - { - "region": "europe-north2", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "1953758124674995362", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "europe-north2" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "1953758124674995362" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "europe-north2" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901002, - "time_dt": "2025-10-19T19:10:02.363981", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901002, - "created_time_dt": "2025-10-19T19:10:02.363981", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-asia-northeast3-default" - }, - "resources": [ - { - "region": "asia-northeast3", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "9096168126651389090", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "asia-northeast3" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "9096168126651389090" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "asia-northeast3" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901002, - "time_dt": "2025-10-19T19:10:02.363981", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901002, - "created_time_dt": "2025-10-19T19:10:02.363981", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-europe-west2-default" - }, - "resources": [ - { - "region": "europe-west2", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "1891634321841280162", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "europe-west2" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "1891634321841280162" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "europe-west2" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901002, - "time_dt": "2025-10-19T19:10:02.363981", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901002, - "created_time_dt": "2025-10-19T19:10:02.363981", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-asia-southeast1-default" - }, - "resources": [ - { - "region": "asia-southeast1", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "4056355735184430242", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "asia-southeast1" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "4056355735184430242" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "asia-southeast1" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901002, - "time_dt": "2025-10-19T19:10:02.363981", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901002, - "created_time_dt": "2025-10-19T19:10:02.363981", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-me-west1-default" - }, - "resources": [ - { - "region": "me-west1", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "5036744520860521634", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "me-west1" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "5036744520860521634" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "me-west1" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901002, - "time_dt": "2025-10-19T19:10:02.363981", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901002, - "created_time_dt": "2025-10-19T19:10:02.363981", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-asia-south1-default" - }, - "resources": [ - { - "region": "asia-south1", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "7023929475293861026", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "asia-south1" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "7023929475293861026" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "asia-south1" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901002, - "time_dt": "2025-10-19T19:10:02.363981", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901002, - "created_time_dt": "2025-10-19T19:10:02.363981", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-asia-south2-default" - }, - "resources": [ - { - "region": "asia-south2", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "3652760235359687842", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "asia-south2" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "3652760235359687842" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "asia-south2" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901002, - "time_dt": "2025-10-19T19:10:02.363981", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "GCR Container Scanning is not enabled in project nodal-time-474015-p5.", - "metadata": { - "event_code": "gcr_container_scanning_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "GCR Container Scanning is not enabled in project nodal-time-474015-p5.", - "status_id": 1, - "unmapped": { - "related_url": "https://cloud.google.com/container-registry/docs/container-analysis", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "By default, GCR Container Scanning is disabled.", - "compliance": { - "SOC2": [ - "cc_3_1", - "cc_3_2" - ], - "ENS-RD2022": [ - "op.mon.1.r1.gcp.scc.1", - "op.mon.1.r2.gcp.scc.1", - "op.mon.3.gcp.scc.1" - ], - "PCI-4.0": [ - "11.3.1.2.1", - "11.3.1.3.3", - "11.3.1.3" - ], - "NIS2": [ - "2.2.1", - "5.1.4.f", - "5.1.7.d", - "6.6.1.a", - "6.9.2" - ], - "CCC": [ - "CCC.CntrReg.CN01.AR01", - "CCC.GenAI.CN04.AR01", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.MLDE.CN05.AR01", - "CCC.MLDE.CN05.AR02", - "CCC.MLDE.CN06.AR01" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901002, - "created_time_dt": "2025-10-19T19:10:02.363981", - "desc": "Scan images stored in Google Container Registry (GCR) for vulnerabilities using GCR Container Scanning or a third-party provider. This helps identify and mitigate security risks associated with known vulnerabilities in container images.", - "title": "Ensure Image Vulnerability Scanning using GCR Container Scanning or a third-party provider", - "types": [ - "Security", - "Configuration" - ], - "uid": "prowler-gcp-gcr_container_scanning_enabled-nodal-time-474015-p5-global-GCR Container Scanning" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "number": 784623368087, - "id": "nodal-time-474015-p5", - "name": "My First Project", - "organization": null, - "labels": {}, - "lifecycle_state": "ACTIVE" - } - }, - "group": { - "name": "gcr" - }, - "labels": [], - "name": "GCR Container Scanning", - "type": "Service", - "uid": "containerscanning.googleapis.com" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "Enable vulnerability scanning for images stored in GCR using GCR Container Scanning or a third-party provider.", - "references": [ - "https://cloud.google.com/container-registry/docs/container-best-practices" - ] - }, - "risk_details": "Without image vulnerability scanning, container images stored in GCR may contain known vulnerabilities, increasing the risk of exploitation by malicious actors.", - "time": 1760901002, - "time_dt": "2025-10-19T19:10:02.363981", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Audit Logs are not enabled for project nodal-time-474015-p5.", - "metadata": { - "event_code": "iam_audit_logs_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Audit Logs are not enabled for project nodal-time-474015-p5.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "2.1" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16" - ], - "ENS-RD2022": [ - "opc.acc.1.r1.gcp.iam.2", - "op.acc.6.r5.gcp.cl.1", - "op.acc.6.r9.gcp.api.1" - ], - "PCI-4.0": [ - "1.5.1.31", - "10.2.1.1.7", - "10.2.1.1.10", - "10.2.1.1.20", - "10.2.1.1.25", - "10.2.1.1.36", - "10.2.1.2.1", - "10.2.1.2.7", - "10.2.1.2.8", - "10.2.1.2.19", - "10.2.1.2.24", - "10.2.1.3.7", - "10.2.1.3.8", - "10.2.1.3.11", - "10.2.1.3.17", - "10.2.1.3.19", - "10.2.1.4.1", - "10.2.1.4.7", - "10.2.1.4.8", - "10.2.1.4.19", - "10.2.1.4.24", - "10.2.1.5.1", - "10.2.1.5.7", - "10.2.1.5.19", - "10.2.1.5.24", - "10.2.1.6.7", - "10.2.1.6.8", - "10.2.1.6.24", - "10.2.1.7.7", - "10.2.1.7.8", - "10.2.1.7.19", - "10.2.1.7.24", - "10.2.1.1", - "10.2.1.7", - "10.2.1.8", - "10.2.1.11", - "10.2.1.17", - "10.2.1.18", - "10.2.1.19", - "10.2.1.24", - "10.2.1.30", - "10.2.2.1", - "10.2.2.7", - "10.2.2.8", - "10.2.2.18", - "10.2.2.24", - "10.3.1.7", - "10.3.1.8", - "10.3.1.24", - "10.3.2.2", - "10.3.2.5", - "10.3.3.4", - "10.3.3.7", - "10.3.4.3", - "10.3.4.6", - "10.4.1.1.3", - "10.5.1.3", - "10.6.3.7", - "10.6.3.10", - "10.6.3.22", - "10.6.3.24", - "10.6.3.41", - "11.5.2.4", - "11.6.1.4", - "12.10.5.4", - "5.3.4.7", - "5.3.4.8", - "5.3.4.9", - "5.3.4.20", - "5.3.4.21", - "5.3.4.22", - "7.2.1.15", - "7.2.2.15", - "7.2.5.11", - "7.3.1.11", - "7.3.2.11", - "7.3.3.11", - "8.2.8.13", - "A1.2.1.1", - "A1.2.1.7", - "A1.2.1.8", - "A1.2.1.10", - "A1.2.1.12", - "A1.2.1.28", - "A3.3.1.6", - "A3.5.1.6" - ], - "CIS-2.0": [ - "2.1" - ], - "NIS2": [ - "3.1.3", - "3.2.1", - "3.2.3.c", - "3.2.3.d", - "3.2.3.e", - "3.6.2", - "7.2.b", - "11.2.2.e", - "11.2.2.f", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "1.3.3" - ], - "CIS-4.0": [ - "2.1" - ], - "CCC": [ - "CCC.AuditLog.CN01.AR01", - "CCC.AuditLog.CN01.AR02", - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.AuditLog.CN07.AR01", - "CCC.DataWar.CN03.AR01", - "CCC.GenAI.CN03.AR01", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.LB.CN04.AR01", - "CCC.LB.CN05.AR01", - "CCC.LB.CN09.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.MLDE.CN01.AR01", - "CCC.MLDE.CN03.AR02", - "CCC.Monitor.CN01.AR01", - "CCC.Monitor.CN02.AR01", - "CCC.Vector.CN05.AR01", - "CCC.Core.CN09.AR01", - "CCC.Core.CN09.AR02", - "CCC.Core.CN03.AR04", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR02", - "CCC.Core.CN04.AR03", - "CCC.Core.CN07.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901002, - "created_time_dt": "2025-10-19T19:10:02.363981", - "desc": "Ensure that Google Cloud Audit Logs feature is configured to track Data Access logs for all Google Cloud Platform (GCP) services and users, in order to enhance overall access security and meet compliance requirements. Once configured, the feature can record all admin related activities, as well as all the read and write access requests to user data.", - "title": "Configure Google Cloud Audit Logs to Track All Activities", - "types": [], - "uid": "prowler-gcp-iam_audit_logs_enabled-nodal-time-474015-p5-global-My First Project" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "number": 784623368087, - "id": "nodal-time-474015-p5", - "name": "My First Project", - "organization": null, - "labels": {}, - "lifecycle_state": "ACTIVE" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "My First Project", - "type": "GCPProject", - "uid": "nodal-time-474015-p5" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended that Cloud Audit Logging is configured to track all admin activities and read, write access to user data.", - "references": [ - "https://cloud.google.com/logging/docs/audit/" - ] - }, - "risk_details": "In order to maintain an effective Google Cloud audit configuration for your project, folder, and organization, all 3 types of Data Access logs (ADMIN_READ, DATA_READ and DATA_WRITE) must be enabled for all supported GCP services. Also, Data Access logs should be captured for all IAM users, without exempting any of them. Exemptions let you control which users generate audit logs. When you add an exempted user to your log configuration, audit logs are not created for that user, for the selected log type(s). Data Access audit logs are disabled by default and must be explicitly enabled based on your business requirements.", - "time": 1760901002, - "time_dt": "2025-10-19T19:10:02.363981", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Cloud Asset Inventory is enabled in project nodal-time-474015-p5.", - "metadata": { - "event_code": "iam_cloud_asset_inventory_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Cloud Asset Inventory is enabled in project nodal-time-474015-p5.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "2.13" - ], - "SOC2": [ - "cc_1_3", - "cc_3_4", - "cc_4_2", - "cc_6_8", - "cc_7_1", - "cc_7_3", - "cc_8_1" - ], - "ISO27001-2022": [ - "A.5.1", - "A.5.19", - "A.5.21", - "A.5.25", - "A.5.28", - "A.5.29", - "A.8.7", - "A.8.9" - ], - "ENS-RD2022": [ - "op.exp.1.gcp.scc.1", - "op.exp.1.r2.gcp.cai.1", - "op.exp.1.r3.gcp.cai.1" - ], - "MITRE-ATTACK": [ - "T1098", - "T1580" - ], - "CIS-2.0": [ - "2.13" - ], - "NIS2": [ - "3.1.3" - ], - "ProwlerThreatScore-1.0": [ - "3.3.1" - ], - "CIS-4.0": [ - "2.13" - ], - "CCC": [ - "CCC.GenAI.CN03.AR01", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.Core.CN05.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901002, - "created_time_dt": "2025-10-19T19:10:02.363981", - "desc": "GCP Cloud Asset Inventory is services that provides a historical view of GCP resources and IAM policies through a time-series database. The information recorded includes metadata on Google Cloud resources, metadata on policies set on Google Cloud projects or resources, and runtime information gathered within a Google Cloud resource.", - "title": "Ensure Cloud Asset Inventory Is Enabled", - "types": [], - "uid": "prowler-gcp-iam_cloud_asset_inventory_enabled-nodal-time-474015-p5-global-Cloud Asset Inventory" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "number": 784623368087, - "id": "nodal-time-474015-p5", - "name": "My First Project", - "organization": null, - "labels": {}, - "lifecycle_state": "ACTIVE" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "Cloud Asset Inventory", - "type": "Service", - "uid": "cloudasset.googleapis.com" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "Ensure that Cloud Asset Inventory is enabled for all your GCP projects in order to efficiently manage the history and the inventory of your cloud resources. Google Cloud Asset Inventory is a fully managed metadata inventory service that allows you to view, monitor, analyze, and gain insights for your Google Cloud and Anthos assets. Cloud Asset Inventory is disabled by default in each GCP project.", - "references": [ - "https://cloud.google.com/asset-inventory/docs" - ] - }, - "risk_details": "Gaining insight into Google Cloud resources and policies is vital for tasks such as DevOps, security analytics, multi-cluster and fleet management, auditing, and governance. With Cloud Asset Inventory you can discover, monitor, and analyze all GCP assets in one place, achieving a better understanding of all your cloud assets across projects and services.", - "time": 1760901002, - "time_dt": "2025-10-19T19:10:02.363981", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No IAM Users assigned to service roles at project level nodal-time-474015-p5.", - "metadata": { - "event_code": "iam_no_service_roles_at_project_level", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "No IAM Users assigned to service roles at project level nodal-time-474015-p5.", - "status_id": 1, - "unmapped": { - "related_url": "https://www.trendmicro.com/cloudoneconformity/knowledge-base/gcp/CloudIAM/check-for-iam-users-with-service-roles.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.6" - ], - "SOC2": [ - "cc_1_3" - ], - "ISO27001-2022": [ - "A.5.3", - "A.5.15", - "A.8.2" - ], - "ENS-RD2022": [ - "op.acc.1.r1.gcp.iam.1" - ], - "PCI-4.0": [ - "1.5.1.31", - "7.2.1.16", - "7.2.1.19", - "7.2.2.17", - "7.2.2.19", - "7.2.5.7", - "7.2.5.10", - "7.2.5.13", - "7.3.1.7", - "7.3.1.12", - "7.3.1.13", - "7.3.2.13", - "7.3.3.10", - "7.3.3.12", - "7.3.3.13", - "8.2.2.6", - "8.2.7.11", - "8.2.7.13", - "8.2.8.9", - "8.2.8.15", - "8.3.4.11", - "8.3.4.12", - "8.3.4.13" - ], - "MITRE-ATTACK": [ - "T1078", - "T1098", - "T1556", - "T1578", - "T1550", - "T1606", - "T1040", - "T1580", - "T1538", - "T1069" - ], - "CIS-2.0": [ - "1.6" - ], - "NIS2": [ - "6.2.2.b", - "6.7.2.g", - "11.1.2.c", - "11.2.2.d", - "11.3.1", - "11.3.2.b" - ], - "ProwlerThreatScore-1.0": [ - "1.3.1" - ], - "CIS-4.0": [ - "1.6" - ], - "CCC": [ - "CCC.DataWar.CN03.AR01", - "CCC.GenAI.CN06.AR01", - "CCC.LB.CN04.AR01", - "CCC.LB.CN05.AR01", - "CCC.LB.CN09.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.MLDE.CN03.AR02", - "CCC.Monitor.CN06.AR01", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901002, - "created_time_dt": "2025-10-19T19:10:02.363981", - "desc": "It is recommended to assign the `Service Account User (iam.serviceAccountUser)` and `Service Account Token Creator (iam.serviceAccountTokenCreator)` roles to a user for a specific service account rather than assigning the role to a user at project level.", - "title": "Ensure That IAM Users Are Not Assigned the Service Account User or Service Account Token Creator Roles at Project Level", - "types": [], - "uid": "prowler-gcp-iam_no_service_roles_at_project_level-nodal-time-474015-p5-global-My First Project" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "number": 784623368087, - "id": "nodal-time-474015-p5", - "name": "My First Project", - "organization": null, - "labels": {}, - "lifecycle_state": "ACTIVE" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "My First Project", - "type": "IAM Policy", - "uid": "nodal-time-474015-p5" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "Ensure that the Service Account User and Service Account Token Creator roles are assigned to a user for a specific GCP service account rather than to a user at the GCP project level, in order to implement the principle of least privilege (POLP). The principle of least privilege (also known as the principle of minimal privilege) is the practice of providing every user the minimal amount of access required to perform its tasks. Google Cloud Platform (GCP) IAM users should not have assigned the Service Account User or Service Account Token Creator roles at the GCP project level. Instead, these roles should be allocated to a user associated with a specific service account, providing that user access to the service account only.", - "references": [ - "https://cloud.google.com/iam/docs/granting-changing-revoking-access" - ] - }, - "risk_details": "The Service Account User (iam.serviceAccountUser) role allows an IAM user to attach a service account to a long-running job service such as an App Engine App or Dataflow Job, whereas the Service Account Token Creator (iam.serviceAccountTokenCreator) role allows a user to directly impersonate the identity of a service account.", - "time": 1760901002, - "time_dt": "2025-10-19T19:10:02.363981", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Principle of separation of duties was enforced for KMS-Related Roles in project nodal-time-474015-p5.", - "metadata": { - "event_code": "iam_role_kms_enforce_separation_of_duties", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Principle of separation of duties was enforced for KMS-Related Roles in project nodal-time-474015-p5.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.8", - "1.11" - ], - "SOC2": [ - "cc_1_3", - "cc_6_3" - ], - "ISO27001-2022": [ - "A.5.3", - "A.5.15", - "A.8.2" - ], - "ENS-RD2022": [ - "op.acc.3.gcp.org.1" - ], - "PCI-4.0": [ - "3.5.1.1.8", - "3.5.1.3.16", - "3.6.1.2.8", - "3.6.1.3.8", - "3.6.1.4.8", - "3.6.1.8", - "3.7.1.9", - "3.7.2.8", - "3.7.4.5", - "3.7.4.9", - "3.7.6.8", - "3.7.7.8", - "4.2.1.1.21", - "7.2.1.10", - "7.2.2.10", - "7.2.3.6", - "7.2.5.6", - "7.3.1.6", - "7.3.2.6", - "7.3.3.5", - "7.3.3.6", - "8.2.7.5", - "8.2.7.6", - "8.2.8.8", - "8.3.4.6" - ], - "MITRE-ATTACK": [ - "T1078", - "T1098", - "T1556", - "T1578", - "T1550", - "T1606", - "T1040", - "T1087", - "T1580", - "T1538", - "T1069" - ], - "CIS-2.0": [ - "1.11" - ], - "NIS2": [ - "1.2.4", - "3.1.3", - "6.2.2.b", - "6.7.2.e", - "11.1.2.c", - "11.2.2.a", - "11.2.2.d", - "11.3.1", - "11.3.2.b", - "11.3.2.c", - "11.3.2.d", - "11.4.2.b", - "11.4.2.c", - "11.6.1" - ], - "ProwlerThreatScore-1.0": [ - "1.2.5", - "1.3.2" - ], - "CIS-4.0": [ - "1.8", - "1.11" - ], - "CCC": [ - "CCC.DataWar.CN03.AR01", - "CCC.KeyMgmt.CN02.AR01", - "CCC.LB.CN05.AR01", - "CCC.LB.CN09.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901002, - "created_time_dt": "2025-10-19T19:10:02.363981", - "desc": "Ensure that separation of duties is enforced for all Cloud Key Management Service (KMS) related roles. The principle of separation of duties (also known as segregation of duties) has as its primary objective the prevention of fraud and human error. This objective is achieved by dismantling the tasks and the associated privileges for a specific business process among multiple users/identities. Google Cloud provides predefined roles that can be used to implement the principle of separation of duties, where it is needed. The predefined Cloud KMS Admin role is meant for users to manage KMS keys but not to use them. The Cloud KMS CryptoKey Encrypter/Decrypter roles are meant for services who can use keys to encrypt and decrypt data, but not to manage them. To adhere to cloud security best practices, your IAM users should not have the Admin role and any of the CryptoKey Encrypter/Decrypter roles assigned at the same time.", - "title": "Enforce Separation of Duties for KMS-Related Roles", - "types": [], - "uid": "prowler-gcp-iam_role_kms_enforce_separation_of_duties-nodal-time-474015-p5-global-My First Project" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "number": 784623368087, - "id": "nodal-time-474015-p5", - "name": "My First Project", - "organization": null, - "labels": {}, - "lifecycle_state": "ACTIVE" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "My First Project", - "type": "IAMRole", - "uid": "nodal-time-474015-p5" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended that the principle of 'Separation of Duties' is enforced while assigning KMS related roles to users.", - "references": [ - "https://cloud.google.com/kms/docs/separation-of-duties" - ] - }, - "risk_details": "The principle of separation of duties can be enforced in order to eliminate the need for the IAM user/identity that has all the permissions needed to perform unwanted actions, such as using a cryptographic key to access and decrypt data which the user should not normally have access to.", - "time": 1760901002, - "time_dt": "2025-10-19T19:10:02.363981", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Principle of separation of duties was not enforced for Service-Account Related Roles in project nodal-time-474015-p5 in members deleted:serviceAccount:gha-deployer@nodal-time-474015-p5.iam.gserviceaccount.com?uid=104781589807131914461,serviceAccount:gha-deployer@nodal-time-474015-p5.iam.gserviceaccount.com.", - "metadata": { - "event_code": "iam_role_sa_enforce_separation_of_duties", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Principle of separation of duties was not enforced for Service-Account Related Roles in project nodal-time-474015-p5 in members deleted:serviceAccount:gha-deployer@nodal-time-474015-p5.iam.gserviceaccount.com?uid=104781589807131914461,serviceAccount:gha-deployer@nodal-time-474015-p5.iam.gserviceaccount.com.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_1_3", - "cc_6_3" - ], - "ISO27001-2022": [ - "A.5.3", - "A.5.15", - "A.5.18", - "A.8.2" - ], - "ENS-RD2022": [ - "op.acc.3.gcp.org.1" - ], - "PCI-4.0": [ - "7.2.1.16", - "7.2.1.19", - "7.2.2.19", - "7.2.5.13", - "7.3.1.7", - "7.3.1.12", - "7.3.1.13", - "7.3.3.12", - "8.2.7.11", - "8.2.7.13", - "8.3.4.11" - ], - "MITRE-ATTACK": [ - "T1078", - "T1098", - "T1556", - "T1578", - "T1550", - "T1606", - "T1040", - "T1087", - "T1580", - "T1538", - "T1069" - ], - "CIS-2.0": [ - "1.8" - ], - "NIS2": [ - "1.2.4", - "3.1.3", - "6.2.2.b", - "11.1.2.c", - "11.2.2.a", - "11.2.2.d", - "11.3.1", - "11.3.2.b", - "11.3.2.c", - "11.3.2.d", - "11.4.2.b", - "11.4.2.c" - ], - "CCC": [ - "CCC.DataWar.CN03.AR01", - "CCC.LB.CN04.AR01", - "CCC.LB.CN05.AR01", - "CCC.LB.CN09.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901002, - "created_time_dt": "2025-10-19T19:10:02.363981", - "desc": "Ensure that separation of duties (also known as segregation of duties - SoD) is enforced for all Google Cloud Platform (GCP) service-account related roles. The security principle of separation of duties has as its primary objective the prevention of fraud and human error. This objective is achieved by disbanding the tasks and associated privileges for a specific business process among multiple users/members. To follow security best practices, your GCP service accounts should not have the Service Account Admin and Service Account User roles assigned at the same time.", - "title": "Enforce Separation of Duties for Service-Account Related Roles", - "types": [], - "uid": "prowler-gcp-iam_role_sa_enforce_separation_of_duties-nodal-time-474015-p5-global-My First Project" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "number": 784623368087, - "id": "nodal-time-474015-p5", - "name": "My First Project", - "organization": null, - "labels": {}, - "lifecycle_state": "ACTIVE" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "My First Project", - "type": "IAMRole", - "uid": "nodal-time-474015-p5" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "Ensure that separation of duties (also known as segregation of duties - SoD) is enforced for all Google Cloud Platform (GCP) service-account related roles. The security principle of separation of duties has as its primary objective the prevention of fraud and human error. This objective is achieved by disbanding the tasks and associated privileges for a specific business process among multiple users/members. To follow security best practices, your GCP service accounts should not have the Service Account Admin and Service Account User roles assigned at the same time.", - "references": [ - "https://cloud.google.com/iam/docs/understanding-roles" - ] - }, - "risk_details": "The principle of separation of duties should be enforced in order to eliminate the need for high-privileged IAM members, as the permissions granted to these members can allow them to perform malicious or unwanted actions.", - "time": 1760901002, - "time_dt": "2025-10-19T19:10:02.363981", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Account gha-deployer@nodal-time-474015-p5.iam.gserviceaccount.com has administrative privileges with roles/serviceusage.serviceUsageAdmin.", - "metadata": { - "event_code": "iam_sa_no_administrative_privileges", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Account gha-deployer@nodal-time-474015-p5.iam.gserviceaccount.com has administrative privileges with roles/serviceusage.serviceUsageAdmin.", - "status_id": 1, - "unmapped": { - "related_url": "https://www.trendmicro.com/cloudoneconformity/knowledge-base/gcp/CloudIAM/restrict-admin-access-for-service-accounts.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.5" - ], - "SOC2": [ - "cc_1_3", - "cc_6_3" - ], - "ISO27001-2022": [ - "A.5.15", - "A.5.18", - "A.8.2", - "A.8.3" - ], - "ENS-RD2022": [ - "op.acc.3.gcp.iam.1", - "opc.acc.4.gcp.iam.1" - ], - "PCI-4.0": [ - "1.5.1.31", - "7.2.1.5", - "7.2.1.11", - "7.2.1.14", - "7.2.1.15", - "7.2.1.16", - "7.2.1.19", - "7.2.2.5", - "7.2.2.14", - "7.2.2.15", - "7.2.2.16", - "7.2.2.17", - "7.2.2.19", - "7.2.3.7", - "7.2.5.3", - "7.2.5.7", - "7.2.5.10", - "7.2.5.11", - "7.2.5.12", - "7.2.5.13", - "7.3.1.3", - "7.3.1.7", - "7.3.1.10", - "7.3.1.11", - "7.3.1.12", - "7.3.1.13", - "7.3.2.3", - "7.3.2.7", - "7.3.2.8", - "7.3.2.10", - "7.3.2.11", - "7.3.2.13", - "7.3.3.3", - "7.3.3.7", - "7.3.3.10", - "7.3.3.11", - "7.3.3.12", - "7.3.3.13", - "8.2.1.4", - "8.2.2.6", - "8.2.5.4", - "8.2.7.3", - "8.2.7.10", - "8.2.7.11", - "8.2.7.13", - "8.2.8.5", - "8.2.8.9", - "8.2.8.12", - "8.2.8.13", - "8.2.8.15", - "8.3.4.3", - "8.3.4.10", - "8.3.4.11", - "8.3.4.12", - "8.3.4.13" - ], - "MITRE-ATTACK": [ - "T1078", - "T1098", - "T1556", - "T1578", - "T1550", - "T1606", - "T1040", - "T1087", - "T1580", - "T1538", - "T1069" - ], - "CIS-2.0": [ - "1.5" - ], - "NIS2": [ - "3.2.3.e", - "6.2.2.b", - "6.7.2.e", - "6.7.2.g", - "11.1.2.c", - "11.2.2.a", - "11.2.2.d", - "11.3.1", - "11.3.2.b", - "11.3.2.c", - "11.3.2.d", - "11.4.2.a", - "11.4.2.c" - ], - "ProwlerThreatScore-1.0": [ - "1.2.2" - ], - "CIS-4.0": [ - "1.5" - ], - "CCC": [ - "CCC.DataWar.CN03.AR01", - "CCC.GenAI.CN06.AR01", - "CCC.LB.CN04.AR01", - "CCC.LB.CN05.AR01", - "CCC.LB.CN09.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.MLDE.CN03.AR02", - "CCC.Monitor.CN06.AR01", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901002, - "created_time_dt": "2025-10-19T19:10:02.363981", - "desc": "Ensure Service Account does not have admin privileges", - "title": "Ensure Service Account does not have admin privileges", - "types": [], - "uid": "prowler-gcp-iam_sa_no_administrative_privileges-nodal-time-474015-p5-global-projects/nodal-time-474015-p5/serviceAccounts/gha-deployer@nodal-time-474015-p5.iam.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/gha-deployer@nodal-time-474015-p5.iam.gserviceaccount.com", - "email": "gha-deployer@nodal-time-474015-p5.iam.gserviceaccount.com", - "display_name": "GitHub Actions Deployer", - "keys": [ - { - "name": "3f2a81ba4bce0b39089b85a2e7678d09d2d183f6", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-16T22:26:26", - "valid_before": "2027-10-28T08:50:15" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "114112078080729873885" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "projects/nodal-time-474015-p5/serviceAccounts/gha-deployer@nodal-time-474015-p5.iam.gserviceaccount.com", - "type": "ServiceAccount", - "uid": "gha-deployer@nodal-time-474015-p5.iam.gserviceaccount.com" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "Ensure that your Google Cloud user-managed service accounts are not using privileged (administrator) roles, in order to implement the principle of least privilege and prevent any accidental or intentional modifications that may lead to data leaks and/or data loss.", - "references": [ - "https://cloud.google.com/iam/docs/manage-access-service-accounts" - ] - }, - "risk_details": "Enrolling ServiceAccount with Admin rights gives full access to an assigned application or a VM. A ServiceAccount Access holder can perform critical actions, such as delete and update change settings, without user intervention.", - "time": 1760901002, - "time_dt": "2025-10-19T19:10:02.363981", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com has no administrative privileges.", - "metadata": { - "event_code": "iam_sa_no_administrative_privileges", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com has no administrative privileges.", - "status_id": 1, - "unmapped": { - "related_url": "https://www.trendmicro.com/cloudoneconformity/knowledge-base/gcp/CloudIAM/restrict-admin-access-for-service-accounts.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.5" - ], - "SOC2": [ - "cc_1_3", - "cc_6_3" - ], - "ISO27001-2022": [ - "A.5.15", - "A.5.18", - "A.8.2", - "A.8.3" - ], - "ENS-RD2022": [ - "op.acc.3.gcp.iam.1", - "opc.acc.4.gcp.iam.1" - ], - "PCI-4.0": [ - "1.5.1.31", - "7.2.1.5", - "7.2.1.11", - "7.2.1.14", - "7.2.1.15", - "7.2.1.16", - "7.2.1.19", - "7.2.2.5", - "7.2.2.14", - "7.2.2.15", - "7.2.2.16", - "7.2.2.17", - "7.2.2.19", - "7.2.3.7", - "7.2.5.3", - "7.2.5.7", - "7.2.5.10", - "7.2.5.11", - "7.2.5.12", - "7.2.5.13", - "7.3.1.3", - "7.3.1.7", - "7.3.1.10", - "7.3.1.11", - "7.3.1.12", - "7.3.1.13", - "7.3.2.3", - "7.3.2.7", - "7.3.2.8", - "7.3.2.10", - "7.3.2.11", - "7.3.2.13", - "7.3.3.3", - "7.3.3.7", - "7.3.3.10", - "7.3.3.11", - "7.3.3.12", - "7.3.3.13", - "8.2.1.4", - "8.2.2.6", - "8.2.5.4", - "8.2.7.3", - "8.2.7.10", - "8.2.7.11", - "8.2.7.13", - "8.2.8.5", - "8.2.8.9", - "8.2.8.12", - "8.2.8.13", - "8.2.8.15", - "8.3.4.3", - "8.3.4.10", - "8.3.4.11", - "8.3.4.12", - "8.3.4.13" - ], - "MITRE-ATTACK": [ - "T1078", - "T1098", - "T1556", - "T1578", - "T1550", - "T1606", - "T1040", - "T1087", - "T1580", - "T1538", - "T1069" - ], - "CIS-2.0": [ - "1.5" - ], - "NIS2": [ - "3.2.3.e", - "6.2.2.b", - "6.7.2.e", - "6.7.2.g", - "11.1.2.c", - "11.2.2.a", - "11.2.2.d", - "11.3.1", - "11.3.2.b", - "11.3.2.c", - "11.3.2.d", - "11.4.2.a", - "11.4.2.c" - ], - "ProwlerThreatScore-1.0": [ - "1.2.2" - ], - "CIS-4.0": [ - "1.5" - ], - "CCC": [ - "CCC.DataWar.CN03.AR01", - "CCC.GenAI.CN06.AR01", - "CCC.LB.CN04.AR01", - "CCC.LB.CN05.AR01", - "CCC.LB.CN09.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.MLDE.CN03.AR02", - "CCC.Monitor.CN06.AR01", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901002, - "created_time_dt": "2025-10-19T19:10:02.363981", - "desc": "Ensure Service Account does not have admin privileges", - "title": "Ensure Service Account does not have admin privileges", - "types": [], - "uid": "prowler-gcp-iam_sa_no_administrative_privileges-nodal-time-474015-p5-global-projects/nodal-time-474015-p5/serviceAccounts/test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "email": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "display_name": "CCC Test User: test-user-trusted", - "keys": [ - { - "name": "2be636359d12f2e126e0d77f6dfaa3ba883c97c6", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-12T13:15:46", - "valid_before": "2025-10-29T13:15:46" - }, - { - "name": "b42bff156412b21c8615812a79d72ba55d6bafb4", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:44", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "24a51f6716e116e4b0c095d727d4a101242b82a2", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "a9ef76bd9a4bf65183c4eca79577351caf8a8b9c", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:47", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "3ec34a6521569dd67684f27f37d1d6ab56db09dc", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:43", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c450c6187eeddc932b29ffd3d0f3e675bf53af62", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:45", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "da1ab7a5db1c4c450463dd8897ce39f496b0ad66", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "f69cf03d448314cf03036f08165420dfe98b3992", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:50", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "ce51dbe0ea021fb2e8124f86d8842546246040c1", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:51", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "9fb92292efcb6cf783f5b7ef3bc67a293bea8a33", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:52", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c0604742fabec0b925df21e0606a25c9e007f571", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:38:22", - "valid_before": "9999-12-31T23:59:59" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "101453138596815216260" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "projects/nodal-time-474015-p5/serviceAccounts/test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "type": "ServiceAccount", - "uid": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "Ensure that your Google Cloud user-managed service accounts are not using privileged (administrator) roles, in order to implement the principle of least privilege and prevent any accidental or intentional modifications that may lead to data leaks and/or data loss.", - "references": [ - "https://cloud.google.com/iam/docs/manage-access-service-accounts" - ] - }, - "risk_details": "Enrolling ServiceAccount with Admin rights gives full access to an assigned application or a VM. A ServiceAccount Access holder can perform critical actions, such as delete and update change settings, without user intervention.", - "time": 1760901002, - "time_dt": "2025-10-19T19:10:02.363981", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Account 784623368087-compute@developer.gserviceaccount.com has administrative privileges with roles/editor.", - "metadata": { - "event_code": "iam_sa_no_administrative_privileges", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Account 784623368087-compute@developer.gserviceaccount.com has administrative privileges with roles/editor.", - "status_id": 1, - "unmapped": { - "related_url": "https://www.trendmicro.com/cloudoneconformity/knowledge-base/gcp/CloudIAM/restrict-admin-access-for-service-accounts.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.5" - ], - "SOC2": [ - "cc_1_3", - "cc_6_3" - ], - "ISO27001-2022": [ - "A.5.15", - "A.5.18", - "A.8.2", - "A.8.3" - ], - "ENS-RD2022": [ - "op.acc.3.gcp.iam.1", - "opc.acc.4.gcp.iam.1" - ], - "PCI-4.0": [ - "1.5.1.31", - "7.2.1.5", - "7.2.1.11", - "7.2.1.14", - "7.2.1.15", - "7.2.1.16", - "7.2.1.19", - "7.2.2.5", - "7.2.2.14", - "7.2.2.15", - "7.2.2.16", - "7.2.2.17", - "7.2.2.19", - "7.2.3.7", - "7.2.5.3", - "7.2.5.7", - "7.2.5.10", - "7.2.5.11", - "7.2.5.12", - "7.2.5.13", - "7.3.1.3", - "7.3.1.7", - "7.3.1.10", - "7.3.1.11", - "7.3.1.12", - "7.3.1.13", - "7.3.2.3", - "7.3.2.7", - "7.3.2.8", - "7.3.2.10", - "7.3.2.11", - "7.3.2.13", - "7.3.3.3", - "7.3.3.7", - "7.3.3.10", - "7.3.3.11", - "7.3.3.12", - "7.3.3.13", - "8.2.1.4", - "8.2.2.6", - "8.2.5.4", - "8.2.7.3", - "8.2.7.10", - "8.2.7.11", - "8.2.7.13", - "8.2.8.5", - "8.2.8.9", - "8.2.8.12", - "8.2.8.13", - "8.2.8.15", - "8.3.4.3", - "8.3.4.10", - "8.3.4.11", - "8.3.4.12", - "8.3.4.13" - ], - "MITRE-ATTACK": [ - "T1078", - "T1098", - "T1556", - "T1578", - "T1550", - "T1606", - "T1040", - "T1087", - "T1580", - "T1538", - "T1069" - ], - "CIS-2.0": [ - "1.5" - ], - "NIS2": [ - "3.2.3.e", - "6.2.2.b", - "6.7.2.e", - "6.7.2.g", - "11.1.2.c", - "11.2.2.a", - "11.2.2.d", - "11.3.1", - "11.3.2.b", - "11.3.2.c", - "11.3.2.d", - "11.4.2.a", - "11.4.2.c" - ], - "ProwlerThreatScore-1.0": [ - "1.2.2" - ], - "CIS-4.0": [ - "1.5" - ], - "CCC": [ - "CCC.DataWar.CN03.AR01", - "CCC.GenAI.CN06.AR01", - "CCC.LB.CN04.AR01", - "CCC.LB.CN05.AR01", - "CCC.LB.CN09.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.MLDE.CN03.AR02", - "CCC.Monitor.CN06.AR01", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901002, - "created_time_dt": "2025-10-19T19:10:02.363981", - "desc": "Ensure Service Account does not have admin privileges", - "title": "Ensure Service Account does not have admin privileges", - "types": [], - "uid": "prowler-gcp-iam_sa_no_administrative_privileges-nodal-time-474015-p5-global-projects/nodal-time-474015-p5/serviceAccounts/784623368087-compute@developer.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/784623368087-compute@developer.gserviceaccount.com", - "email": "784623368087-compute@developer.gserviceaccount.com", - "display_name": "Compute Engine default service account", - "keys": [ - { - "name": "202c306e41b020fefe81250bea563d31c07138e3", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-06T10:25:01", - "valid_before": "2025-10-23T10:25:01" - }, - { - "name": "93b9e85d69bcb0503b5a7696d8b3bf5855a91d37", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-15T10:25:01", - "valid_before": "2025-10-31T10:25:01" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "111974737467208838860" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "projects/nodal-time-474015-p5/serviceAccounts/784623368087-compute@developer.gserviceaccount.com", - "type": "ServiceAccount", - "uid": "784623368087-compute@developer.gserviceaccount.com" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "Ensure that your Google Cloud user-managed service accounts are not using privileged (administrator) roles, in order to implement the principle of least privilege and prevent any accidental or intentional modifications that may lead to data leaks and/or data loss.", - "references": [ - "https://cloud.google.com/iam/docs/manage-access-service-accounts" - ] - }, - "risk_details": "Enrolling ServiceAccount with Admin rights gives full access to an assigned application or a VM. A ServiceAccount Access holder can perform critical actions, such as delete and update change settings, without user intervention.", - "time": 1760901002, - "time_dt": "2025-10-19T19:10:02.363981", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Account vertex-ai-workbench-sa@nodal-time-474015-p5.iam.gserviceaccount.com has no administrative privileges.", - "metadata": { - "event_code": "iam_sa_no_administrative_privileges", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Account vertex-ai-workbench-sa@nodal-time-474015-p5.iam.gserviceaccount.com has no administrative privileges.", - "status_id": 1, - "unmapped": { - "related_url": "https://www.trendmicro.com/cloudoneconformity/knowledge-base/gcp/CloudIAM/restrict-admin-access-for-service-accounts.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.5" - ], - "SOC2": [ - "cc_1_3", - "cc_6_3" - ], - "ISO27001-2022": [ - "A.5.15", - "A.5.18", - "A.8.2", - "A.8.3" - ], - "ENS-RD2022": [ - "op.acc.3.gcp.iam.1", - "opc.acc.4.gcp.iam.1" - ], - "PCI-4.0": [ - "1.5.1.31", - "7.2.1.5", - "7.2.1.11", - "7.2.1.14", - "7.2.1.15", - "7.2.1.16", - "7.2.1.19", - "7.2.2.5", - "7.2.2.14", - "7.2.2.15", - "7.2.2.16", - "7.2.2.17", - "7.2.2.19", - "7.2.3.7", - "7.2.5.3", - "7.2.5.7", - "7.2.5.10", - "7.2.5.11", - "7.2.5.12", - "7.2.5.13", - "7.3.1.3", - "7.3.1.7", - "7.3.1.10", - "7.3.1.11", - "7.3.1.12", - "7.3.1.13", - "7.3.2.3", - "7.3.2.7", - "7.3.2.8", - "7.3.2.10", - "7.3.2.11", - "7.3.2.13", - "7.3.3.3", - "7.3.3.7", - "7.3.3.10", - "7.3.3.11", - "7.3.3.12", - "7.3.3.13", - "8.2.1.4", - "8.2.2.6", - "8.2.5.4", - "8.2.7.3", - "8.2.7.10", - "8.2.7.11", - "8.2.7.13", - "8.2.8.5", - "8.2.8.9", - "8.2.8.12", - "8.2.8.13", - "8.2.8.15", - "8.3.4.3", - "8.3.4.10", - "8.3.4.11", - "8.3.4.12", - "8.3.4.13" - ], - "MITRE-ATTACK": [ - "T1078", - "T1098", - "T1556", - "T1578", - "T1550", - "T1606", - "T1040", - "T1087", - "T1580", - "T1538", - "T1069" - ], - "CIS-2.0": [ - "1.5" - ], - "NIS2": [ - "3.2.3.e", - "6.2.2.b", - "6.7.2.e", - "6.7.2.g", - "11.1.2.c", - "11.2.2.a", - "11.2.2.d", - "11.3.1", - "11.3.2.b", - "11.3.2.c", - "11.3.2.d", - "11.4.2.a", - "11.4.2.c" - ], - "ProwlerThreatScore-1.0": [ - "1.2.2" - ], - "CIS-4.0": [ - "1.5" - ], - "CCC": [ - "CCC.DataWar.CN03.AR01", - "CCC.GenAI.CN06.AR01", - "CCC.LB.CN04.AR01", - "CCC.LB.CN05.AR01", - "CCC.LB.CN09.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.MLDE.CN03.AR02", - "CCC.Monitor.CN06.AR01", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901002, - "created_time_dt": "2025-10-19T19:10:02.363981", - "desc": "Ensure Service Account does not have admin privileges", - "title": "Ensure Service Account does not have admin privileges", - "types": [], - "uid": "prowler-gcp-iam_sa_no_administrative_privileges-nodal-time-474015-p5-global-projects/nodal-time-474015-p5/serviceAccounts/vertex-ai-workbench-sa@nodal-time-474015-p5.iam.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/vertex-ai-workbench-sa@nodal-time-474015-p5.iam.gserviceaccount.com", - "email": "vertex-ai-workbench-sa@nodal-time-474015-p5.iam.gserviceaccount.com", - "display_name": "Vertex AI Workbench Service Account", - "keys": [ - { - "name": "92e39887344dae71e19dc25c005a53a68ceb62cb", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-16T23:21:52", - "valid_before": "2027-10-29T23:07:36" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "108352930858191263233" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "projects/nodal-time-474015-p5/serviceAccounts/vertex-ai-workbench-sa@nodal-time-474015-p5.iam.gserviceaccount.com", - "type": "ServiceAccount", - "uid": "vertex-ai-workbench-sa@nodal-time-474015-p5.iam.gserviceaccount.com" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "Ensure that your Google Cloud user-managed service accounts are not using privileged (administrator) roles, in order to implement the principle of least privilege and prevent any accidental or intentional modifications that may lead to data leaks and/or data loss.", - "references": [ - "https://cloud.google.com/iam/docs/manage-access-service-accounts" - ] - }, - "risk_details": "Enrolling ServiceAccount with Admin rights gives full access to an assigned application or a VM. A ServiceAccount Access holder can perform critical actions, such as delete and update change settings, without user intervention.", - "time": 1760901002, - "time_dt": "2025-10-19T19:10:02.363981", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Account gha-deployer@nodal-time-474015-p5.iam.gserviceaccount.com does not have user-managed keys.", - "metadata": { - "event_code": "iam_sa_no_user_managed_keys", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Account gha-deployer@nodal-time-474015-p5.iam.gserviceaccount.com does not have user-managed keys.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.4" - ], - "SOC2": [ - "cc_1_3" - ], - "ISO27001-2022": [ - "A.5.15", - "A.8.2" - ], - "ENS-RD2022": [ - "op.acc.2.gcp.rbak.1", - "op.acc.3.gcp.iam.1" - ], - "PCI-4.0": [ - "3.5.1.1.8", - "3.5.1.3.16", - "3.6.1.3.8", - "3.6.1.4.8", - "3.7.2.8", - "3.7.7.8", - "7.2.1.10", - "7.2.5.1.2", - "7.3.1.6", - "7.3.1.7", - "7.3.2.7", - "7.3.3.6", - "8.2.1.1", - "8.2.1.4", - "8.2.2.6", - "8.2.5.4" - ], - "MITRE-ATTACK": [ - "T1078", - "T1098", - "T1556", - "T1578", - "T1550", - "T1580", - "T1538", - "T1069" - ], - "CIS-2.0": [ - "1.4" - ], - "NIS2": [ - "6.2.2.b", - "9.2.c", - "9.2.c.i", - "9.2.c.xii", - "11.1.2.c", - "11.2.2.a", - "11.2.2.d", - "11.3.1", - "11.3.2.a", - "11.3.2.c", - "11.3.2.d", - "11.4.2.c", - "11.5.4" - ], - "CIS-4.0": [ - "1.4" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901002, - "created_time_dt": "2025-10-19T19:10:02.363981", - "desc": "Ensure That There Are Only GCP-Managed Service Account Keys for Each Service Account", - "title": "Ensure That There Are Only GCP-Managed Service Account Keys for Each Service Account", - "types": [], - "uid": "prowler-gcp-iam_sa_no_user_managed_keys-nodal-time-474015-p5-global-projects/nodal-time-474015-p5/serviceAccounts/gha-deployer@nodal-time-474015-p5.iam.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/gha-deployer@nodal-time-474015-p5.iam.gserviceaccount.com", - "email": "gha-deployer@nodal-time-474015-p5.iam.gserviceaccount.com", - "display_name": "GitHub Actions Deployer", - "keys": [ - { - "name": "3f2a81ba4bce0b39089b85a2e7678d09d2d183f6", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-16T22:26:26", - "valid_before": "2027-10-28T08:50:15" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "114112078080729873885" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "projects/nodal-time-474015-p5/serviceAccounts/gha-deployer@nodal-time-474015-p5.iam.gserviceaccount.com", - "type": "ServiceAccountKey", - "uid": "gha-deployer@nodal-time-474015-p5.iam.gserviceaccount.com" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended to prevent user-managed service account keys.", - "references": [ - "https://cloud.google.com/iam/docs/creating-managing-service-account-keys" - ] - }, - "risk_details": "Anyone who has access to the keys will be able to access resources through the service account. GCP-managed keys are used by Cloud Platform services such as App Engine and Compute Engine. These keys cannot be downloaded. Google will keep the keys and automatically rotate them on an approximately weekly basis. User-managed keys are created, downloadable, and managed by users.", - "time": 1760901002, - "time_dt": "2025-10-19T19:10:02.363981", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com has user-managed keys.", - "metadata": { - "event_code": "iam_sa_no_user_managed_keys", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com has user-managed keys.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.4" - ], - "SOC2": [ - "cc_1_3" - ], - "ISO27001-2022": [ - "A.5.15", - "A.8.2" - ], - "ENS-RD2022": [ - "op.acc.2.gcp.rbak.1", - "op.acc.3.gcp.iam.1" - ], - "PCI-4.0": [ - "3.5.1.1.8", - "3.5.1.3.16", - "3.6.1.3.8", - "3.6.1.4.8", - "3.7.2.8", - "3.7.7.8", - "7.2.1.10", - "7.2.5.1.2", - "7.3.1.6", - "7.3.1.7", - "7.3.2.7", - "7.3.3.6", - "8.2.1.1", - "8.2.1.4", - "8.2.2.6", - "8.2.5.4" - ], - "MITRE-ATTACK": [ - "T1078", - "T1098", - "T1556", - "T1578", - "T1550", - "T1580", - "T1538", - "T1069" - ], - "CIS-2.0": [ - "1.4" - ], - "NIS2": [ - "6.2.2.b", - "9.2.c", - "9.2.c.i", - "9.2.c.xii", - "11.1.2.c", - "11.2.2.a", - "11.2.2.d", - "11.3.1", - "11.3.2.a", - "11.3.2.c", - "11.3.2.d", - "11.4.2.c", - "11.5.4" - ], - "CIS-4.0": [ - "1.4" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901002, - "created_time_dt": "2025-10-19T19:10:02.363981", - "desc": "Ensure That There Are Only GCP-Managed Service Account Keys for Each Service Account", - "title": "Ensure That There Are Only GCP-Managed Service Account Keys for Each Service Account", - "types": [], - "uid": "prowler-gcp-iam_sa_no_user_managed_keys-nodal-time-474015-p5-global-projects/nodal-time-474015-p5/serviceAccounts/test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "email": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "display_name": "CCC Test User: test-user-trusted", - "keys": [ - { - "name": "2be636359d12f2e126e0d77f6dfaa3ba883c97c6", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-12T13:15:46", - "valid_before": "2025-10-29T13:15:46" - }, - { - "name": "b42bff156412b21c8615812a79d72ba55d6bafb4", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:44", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "24a51f6716e116e4b0c095d727d4a101242b82a2", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "a9ef76bd9a4bf65183c4eca79577351caf8a8b9c", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:47", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "3ec34a6521569dd67684f27f37d1d6ab56db09dc", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:43", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c450c6187eeddc932b29ffd3d0f3e675bf53af62", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:45", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "da1ab7a5db1c4c450463dd8897ce39f496b0ad66", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "f69cf03d448314cf03036f08165420dfe98b3992", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:50", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "ce51dbe0ea021fb2e8124f86d8842546246040c1", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:51", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "9fb92292efcb6cf783f5b7ef3bc67a293bea8a33", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:52", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c0604742fabec0b925df21e0606a25c9e007f571", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:38:22", - "valid_before": "9999-12-31T23:59:59" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "101453138596815216260" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "projects/nodal-time-474015-p5/serviceAccounts/test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "type": "ServiceAccountKey", - "uid": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended to prevent user-managed service account keys.", - "references": [ - "https://cloud.google.com/iam/docs/creating-managing-service-account-keys" - ] - }, - "risk_details": "Anyone who has access to the keys will be able to access resources through the service account. GCP-managed keys are used by Cloud Platform services such as App Engine and Compute Engine. These keys cannot be downloaded. Google will keep the keys and automatically rotate them on an approximately weekly basis. User-managed keys are created, downloadable, and managed by users.", - "time": 1760901002, - "time_dt": "2025-10-19T19:10:02.363981", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Account 784623368087-compute@developer.gserviceaccount.com does not have user-managed keys.", - "metadata": { - "event_code": "iam_sa_no_user_managed_keys", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Account 784623368087-compute@developer.gserviceaccount.com does not have user-managed keys.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.4" - ], - "SOC2": [ - "cc_1_3" - ], - "ISO27001-2022": [ - "A.5.15", - "A.8.2" - ], - "ENS-RD2022": [ - "op.acc.2.gcp.rbak.1", - "op.acc.3.gcp.iam.1" - ], - "PCI-4.0": [ - "3.5.1.1.8", - "3.5.1.3.16", - "3.6.1.3.8", - "3.6.1.4.8", - "3.7.2.8", - "3.7.7.8", - "7.2.1.10", - "7.2.5.1.2", - "7.3.1.6", - "7.3.1.7", - "7.3.2.7", - "7.3.3.6", - "8.2.1.1", - "8.2.1.4", - "8.2.2.6", - "8.2.5.4" - ], - "MITRE-ATTACK": [ - "T1078", - "T1098", - "T1556", - "T1578", - "T1550", - "T1580", - "T1538", - "T1069" - ], - "CIS-2.0": [ - "1.4" - ], - "NIS2": [ - "6.2.2.b", - "9.2.c", - "9.2.c.i", - "9.2.c.xii", - "11.1.2.c", - "11.2.2.a", - "11.2.2.d", - "11.3.1", - "11.3.2.a", - "11.3.2.c", - "11.3.2.d", - "11.4.2.c", - "11.5.4" - ], - "CIS-4.0": [ - "1.4" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901002, - "created_time_dt": "2025-10-19T19:10:02.363981", - "desc": "Ensure That There Are Only GCP-Managed Service Account Keys for Each Service Account", - "title": "Ensure That There Are Only GCP-Managed Service Account Keys for Each Service Account", - "types": [], - "uid": "prowler-gcp-iam_sa_no_user_managed_keys-nodal-time-474015-p5-global-projects/nodal-time-474015-p5/serviceAccounts/784623368087-compute@developer.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/784623368087-compute@developer.gserviceaccount.com", - "email": "784623368087-compute@developer.gserviceaccount.com", - "display_name": "Compute Engine default service account", - "keys": [ - { - "name": "202c306e41b020fefe81250bea563d31c07138e3", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-06T10:25:01", - "valid_before": "2025-10-23T10:25:01" - }, - { - "name": "93b9e85d69bcb0503b5a7696d8b3bf5855a91d37", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-15T10:25:01", - "valid_before": "2025-10-31T10:25:01" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "111974737467208838860" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "projects/nodal-time-474015-p5/serviceAccounts/784623368087-compute@developer.gserviceaccount.com", - "type": "ServiceAccountKey", - "uid": "784623368087-compute@developer.gserviceaccount.com" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended to prevent user-managed service account keys.", - "references": [ - "https://cloud.google.com/iam/docs/creating-managing-service-account-keys" - ] - }, - "risk_details": "Anyone who has access to the keys will be able to access resources through the service account. GCP-managed keys are used by Cloud Platform services such as App Engine and Compute Engine. These keys cannot be downloaded. Google will keep the keys and automatically rotate them on an approximately weekly basis. User-managed keys are created, downloadable, and managed by users.", - "time": 1760901002, - "time_dt": "2025-10-19T19:10:02.363981", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Account vertex-ai-workbench-sa@nodal-time-474015-p5.iam.gserviceaccount.com does not have user-managed keys.", - "metadata": { - "event_code": "iam_sa_no_user_managed_keys", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Account vertex-ai-workbench-sa@nodal-time-474015-p5.iam.gserviceaccount.com does not have user-managed keys.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.4" - ], - "SOC2": [ - "cc_1_3" - ], - "ISO27001-2022": [ - "A.5.15", - "A.8.2" - ], - "ENS-RD2022": [ - "op.acc.2.gcp.rbak.1", - "op.acc.3.gcp.iam.1" - ], - "PCI-4.0": [ - "3.5.1.1.8", - "3.5.1.3.16", - "3.6.1.3.8", - "3.6.1.4.8", - "3.7.2.8", - "3.7.7.8", - "7.2.1.10", - "7.2.5.1.2", - "7.3.1.6", - "7.3.1.7", - "7.3.2.7", - "7.3.3.6", - "8.2.1.1", - "8.2.1.4", - "8.2.2.6", - "8.2.5.4" - ], - "MITRE-ATTACK": [ - "T1078", - "T1098", - "T1556", - "T1578", - "T1550", - "T1580", - "T1538", - "T1069" - ], - "CIS-2.0": [ - "1.4" - ], - "NIS2": [ - "6.2.2.b", - "9.2.c", - "9.2.c.i", - "9.2.c.xii", - "11.1.2.c", - "11.2.2.a", - "11.2.2.d", - "11.3.1", - "11.3.2.a", - "11.3.2.c", - "11.3.2.d", - "11.4.2.c", - "11.5.4" - ], - "CIS-4.0": [ - "1.4" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901002, - "created_time_dt": "2025-10-19T19:10:02.363981", - "desc": "Ensure That There Are Only GCP-Managed Service Account Keys for Each Service Account", - "title": "Ensure That There Are Only GCP-Managed Service Account Keys for Each Service Account", - "types": [], - "uid": "prowler-gcp-iam_sa_no_user_managed_keys-nodal-time-474015-p5-global-projects/nodal-time-474015-p5/serviceAccounts/vertex-ai-workbench-sa@nodal-time-474015-p5.iam.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/vertex-ai-workbench-sa@nodal-time-474015-p5.iam.gserviceaccount.com", - "email": "vertex-ai-workbench-sa@nodal-time-474015-p5.iam.gserviceaccount.com", - "display_name": "Vertex AI Workbench Service Account", - "keys": [ - { - "name": "92e39887344dae71e19dc25c005a53a68ceb62cb", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-16T23:21:52", - "valid_before": "2027-10-29T23:07:36" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "108352930858191263233" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "projects/nodal-time-474015-p5/serviceAccounts/vertex-ai-workbench-sa@nodal-time-474015-p5.iam.gserviceaccount.com", - "type": "ServiceAccountKey", - "uid": "vertex-ai-workbench-sa@nodal-time-474015-p5.iam.gserviceaccount.com" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended to prevent user-managed service account keys.", - "references": [ - "https://cloud.google.com/iam/docs/creating-managing-service-account-keys" - ] - }, - "risk_details": "Anyone who has access to the keys will be able to access resources through the service account. GCP-managed keys are used by Cloud Platform services such as App Engine and Compute Engine. These keys cannot be downloaded. Google will keep the keys and automatically rotate them on an approximately weekly basis. User-managed keys are created, downloadable, and managed by users.", - "time": 1760901002, - "time_dt": "2025-10-19T19:10:02.363981", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User-managed key b42bff156412b21c8615812a79d72ba55d6bafb4 for account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was rotated over the last 90 days (6 days ago).", - "metadata": { - "event_code": "iam_sa_user_managed_key_rotate_90_days", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "PASS", - "status_detail": "User-managed key b42bff156412b21c8615812a79d72ba55d6bafb4 for account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was rotated over the last 90 days (6 days ago).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.7" - ], - "ISO27001-2022": [ - "A.5.16" - ], - "ENS-RD2022": [ - "op.acc.6.r1.gcp.ip.1" - ], - "PCI-4.0": [ - "3.7.5.2", - "7.2.5.1.2", - "8.3.10.1.1", - "8.3.5.1", - "8.3.7.1", - "8.3.9.1", - "8.6.3.1" - ], - "MITRE-ATTACK": [ - "T1078", - "T1098" - ], - "CIS-2.0": [ - "1.7" - ], - "NIS2": [ - "9.2.c", - "9.2.c.i", - "9.2.c.ii", - "9.2.c.v", - "9.2.c.vi", - "9.2.c.vii", - "9.2.c.xii", - "11.5.4", - "11.6.2.c", - "12.2.2.a", - "12.2.2.b" - ], - "ProwlerThreatScore-1.0": [ - "1.1.1" - ], - "CIS-4.0": [ - "1.7" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901002, - "created_time_dt": "2025-10-19T19:10:02.363981", - "desc": "Ensure User-Managed/External Keys for Service Accounts Are Rotated Every 90 Days", - "title": "Ensure User-Managed/External Keys for Service Accounts Are Rotated Every 90 Days", - "types": [], - "uid": "prowler-gcp-iam_sa_user_managed_key_rotate_90_days-nodal-time-474015-p5-global-test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "email": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "display_name": "CCC Test User: test-user-trusted", - "keys": [ - { - "name": "2be636359d12f2e126e0d77f6dfaa3ba883c97c6", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-12T13:15:46", - "valid_before": "2025-10-29T13:15:46" - }, - { - "name": "b42bff156412b21c8615812a79d72ba55d6bafb4", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:44", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "24a51f6716e116e4b0c095d727d4a101242b82a2", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "a9ef76bd9a4bf65183c4eca79577351caf8a8b9c", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:47", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "3ec34a6521569dd67684f27f37d1d6ab56db09dc", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:43", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c450c6187eeddc932b29ffd3d0f3e675bf53af62", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:45", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "da1ab7a5db1c4c450463dd8897ce39f496b0ad66", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "f69cf03d448314cf03036f08165420dfe98b3992", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:50", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "ce51dbe0ea021fb2e8124f86d8842546246040c1", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:51", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "9fb92292efcb6cf783f5b7ef3bc67a293bea8a33", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:52", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c0604742fabec0b925df21e0606a25c9e007f571", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:38:22", - "valid_before": "9999-12-31T23:59:59" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "101453138596815216260" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "type": "ServiceAccountKey", - "uid": "b42bff156412b21c8615812a79d72ba55d6bafb4" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended that all Service Account keys are regularly rotated.", - "references": [ - "https://cloud.google.com/iam/docs/creating-managing-service-account-keys" - ] - }, - "risk_details": "Service Account keys should be rotated to ensure that data cannot be accessed with an old key that might have been lost, cracked, or stolen.", - "time": 1760901002, - "time_dt": "2025-10-19T19:10:02.363981", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User-managed key 24a51f6716e116e4b0c095d727d4a101242b82a2 for account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was rotated over the last 90 days (6 days ago).", - "metadata": { - "event_code": "iam_sa_user_managed_key_rotate_90_days", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "PASS", - "status_detail": "User-managed key 24a51f6716e116e4b0c095d727d4a101242b82a2 for account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was rotated over the last 90 days (6 days ago).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.7" - ], - "ISO27001-2022": [ - "A.5.16" - ], - "ENS-RD2022": [ - "op.acc.6.r1.gcp.ip.1" - ], - "PCI-4.0": [ - "3.7.5.2", - "7.2.5.1.2", - "8.3.10.1.1", - "8.3.5.1", - "8.3.7.1", - "8.3.9.1", - "8.6.3.1" - ], - "MITRE-ATTACK": [ - "T1078", - "T1098" - ], - "CIS-2.0": [ - "1.7" - ], - "NIS2": [ - "9.2.c", - "9.2.c.i", - "9.2.c.ii", - "9.2.c.v", - "9.2.c.vi", - "9.2.c.vii", - "9.2.c.xii", - "11.5.4", - "11.6.2.c", - "12.2.2.a", - "12.2.2.b" - ], - "ProwlerThreatScore-1.0": [ - "1.1.1" - ], - "CIS-4.0": [ - "1.7" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901002, - "created_time_dt": "2025-10-19T19:10:02.363981", - "desc": "Ensure User-Managed/External Keys for Service Accounts Are Rotated Every 90 Days", - "title": "Ensure User-Managed/External Keys for Service Accounts Are Rotated Every 90 Days", - "types": [], - "uid": "prowler-gcp-iam_sa_user_managed_key_rotate_90_days-nodal-time-474015-p5-global-test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "email": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "display_name": "CCC Test User: test-user-trusted", - "keys": [ - { - "name": "2be636359d12f2e126e0d77f6dfaa3ba883c97c6", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-12T13:15:46", - "valid_before": "2025-10-29T13:15:46" - }, - { - "name": "b42bff156412b21c8615812a79d72ba55d6bafb4", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:44", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "24a51f6716e116e4b0c095d727d4a101242b82a2", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "a9ef76bd9a4bf65183c4eca79577351caf8a8b9c", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:47", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "3ec34a6521569dd67684f27f37d1d6ab56db09dc", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:43", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c450c6187eeddc932b29ffd3d0f3e675bf53af62", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:45", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "da1ab7a5db1c4c450463dd8897ce39f496b0ad66", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "f69cf03d448314cf03036f08165420dfe98b3992", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:50", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "ce51dbe0ea021fb2e8124f86d8842546246040c1", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:51", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "9fb92292efcb6cf783f5b7ef3bc67a293bea8a33", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:52", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c0604742fabec0b925df21e0606a25c9e007f571", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:38:22", - "valid_before": "9999-12-31T23:59:59" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "101453138596815216260" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "type": "ServiceAccountKey", - "uid": "24a51f6716e116e4b0c095d727d4a101242b82a2" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended that all Service Account keys are regularly rotated.", - "references": [ - "https://cloud.google.com/iam/docs/creating-managing-service-account-keys" - ] - }, - "risk_details": "Service Account keys should be rotated to ensure that data cannot be accessed with an old key that might have been lost, cracked, or stolen.", - "time": 1760901002, - "time_dt": "2025-10-19T19:10:02.363981", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User-managed key a9ef76bd9a4bf65183c4eca79577351caf8a8b9c for account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was rotated over the last 90 days (6 days ago).", - "metadata": { - "event_code": "iam_sa_user_managed_key_rotate_90_days", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "PASS", - "status_detail": "User-managed key a9ef76bd9a4bf65183c4eca79577351caf8a8b9c for account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was rotated over the last 90 days (6 days ago).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.7" - ], - "ISO27001-2022": [ - "A.5.16" - ], - "ENS-RD2022": [ - "op.acc.6.r1.gcp.ip.1" - ], - "PCI-4.0": [ - "3.7.5.2", - "7.2.5.1.2", - "8.3.10.1.1", - "8.3.5.1", - "8.3.7.1", - "8.3.9.1", - "8.6.3.1" - ], - "MITRE-ATTACK": [ - "T1078", - "T1098" - ], - "CIS-2.0": [ - "1.7" - ], - "NIS2": [ - "9.2.c", - "9.2.c.i", - "9.2.c.ii", - "9.2.c.v", - "9.2.c.vi", - "9.2.c.vii", - "9.2.c.xii", - "11.5.4", - "11.6.2.c", - "12.2.2.a", - "12.2.2.b" - ], - "ProwlerThreatScore-1.0": [ - "1.1.1" - ], - "CIS-4.0": [ - "1.7" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901002, - "created_time_dt": "2025-10-19T19:10:02.363981", - "desc": "Ensure User-Managed/External Keys for Service Accounts Are Rotated Every 90 Days", - "title": "Ensure User-Managed/External Keys for Service Accounts Are Rotated Every 90 Days", - "types": [], - "uid": "prowler-gcp-iam_sa_user_managed_key_rotate_90_days-nodal-time-474015-p5-global-test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "email": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "display_name": "CCC Test User: test-user-trusted", - "keys": [ - { - "name": "2be636359d12f2e126e0d77f6dfaa3ba883c97c6", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-12T13:15:46", - "valid_before": "2025-10-29T13:15:46" - }, - { - "name": "b42bff156412b21c8615812a79d72ba55d6bafb4", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:44", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "24a51f6716e116e4b0c095d727d4a101242b82a2", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "a9ef76bd9a4bf65183c4eca79577351caf8a8b9c", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:47", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "3ec34a6521569dd67684f27f37d1d6ab56db09dc", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:43", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c450c6187eeddc932b29ffd3d0f3e675bf53af62", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:45", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "da1ab7a5db1c4c450463dd8897ce39f496b0ad66", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "f69cf03d448314cf03036f08165420dfe98b3992", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:50", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "ce51dbe0ea021fb2e8124f86d8842546246040c1", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:51", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "9fb92292efcb6cf783f5b7ef3bc67a293bea8a33", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:52", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c0604742fabec0b925df21e0606a25c9e007f571", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:38:22", - "valid_before": "9999-12-31T23:59:59" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "101453138596815216260" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "type": "ServiceAccountKey", - "uid": "a9ef76bd9a4bf65183c4eca79577351caf8a8b9c" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended that all Service Account keys are regularly rotated.", - "references": [ - "https://cloud.google.com/iam/docs/creating-managing-service-account-keys" - ] - }, - "risk_details": "Service Account keys should be rotated to ensure that data cannot be accessed with an old key that might have been lost, cracked, or stolen.", - "time": 1760901002, - "time_dt": "2025-10-19T19:10:02.363981", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User-managed key 3ec34a6521569dd67684f27f37d1d6ab56db09dc for account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was rotated over the last 90 days (4 days ago).", - "metadata": { - "event_code": "iam_sa_user_managed_key_rotate_90_days", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "PASS", - "status_detail": "User-managed key 3ec34a6521569dd67684f27f37d1d6ab56db09dc for account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was rotated over the last 90 days (4 days ago).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.7" - ], - "ISO27001-2022": [ - "A.5.16" - ], - "ENS-RD2022": [ - "op.acc.6.r1.gcp.ip.1" - ], - "PCI-4.0": [ - "3.7.5.2", - "7.2.5.1.2", - "8.3.10.1.1", - "8.3.5.1", - "8.3.7.1", - "8.3.9.1", - "8.6.3.1" - ], - "MITRE-ATTACK": [ - "T1078", - "T1098" - ], - "CIS-2.0": [ - "1.7" - ], - "NIS2": [ - "9.2.c", - "9.2.c.i", - "9.2.c.ii", - "9.2.c.v", - "9.2.c.vi", - "9.2.c.vii", - "9.2.c.xii", - "11.5.4", - "11.6.2.c", - "12.2.2.a", - "12.2.2.b" - ], - "ProwlerThreatScore-1.0": [ - "1.1.1" - ], - "CIS-4.0": [ - "1.7" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901002, - "created_time_dt": "2025-10-19T19:10:02.363981", - "desc": "Ensure User-Managed/External Keys for Service Accounts Are Rotated Every 90 Days", - "title": "Ensure User-Managed/External Keys for Service Accounts Are Rotated Every 90 Days", - "types": [], - "uid": "prowler-gcp-iam_sa_user_managed_key_rotate_90_days-nodal-time-474015-p5-global-test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "email": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "display_name": "CCC Test User: test-user-trusted", - "keys": [ - { - "name": "2be636359d12f2e126e0d77f6dfaa3ba883c97c6", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-12T13:15:46", - "valid_before": "2025-10-29T13:15:46" - }, - { - "name": "b42bff156412b21c8615812a79d72ba55d6bafb4", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:44", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "24a51f6716e116e4b0c095d727d4a101242b82a2", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "a9ef76bd9a4bf65183c4eca79577351caf8a8b9c", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:47", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "3ec34a6521569dd67684f27f37d1d6ab56db09dc", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:43", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c450c6187eeddc932b29ffd3d0f3e675bf53af62", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:45", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "da1ab7a5db1c4c450463dd8897ce39f496b0ad66", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "f69cf03d448314cf03036f08165420dfe98b3992", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:50", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "ce51dbe0ea021fb2e8124f86d8842546246040c1", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:51", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "9fb92292efcb6cf783f5b7ef3bc67a293bea8a33", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:52", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c0604742fabec0b925df21e0606a25c9e007f571", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:38:22", - "valid_before": "9999-12-31T23:59:59" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "101453138596815216260" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "type": "ServiceAccountKey", - "uid": "3ec34a6521569dd67684f27f37d1d6ab56db09dc" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended that all Service Account keys are regularly rotated.", - "references": [ - "https://cloud.google.com/iam/docs/creating-managing-service-account-keys" - ] - }, - "risk_details": "Service Account keys should be rotated to ensure that data cannot be accessed with an old key that might have been lost, cracked, or stolen.", - "time": 1760901002, - "time_dt": "2025-10-19T19:10:02.363981", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User-managed key c450c6187eeddc932b29ffd3d0f3e675bf53af62 for account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was rotated over the last 90 days (4 days ago).", - "metadata": { - "event_code": "iam_sa_user_managed_key_rotate_90_days", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "PASS", - "status_detail": "User-managed key c450c6187eeddc932b29ffd3d0f3e675bf53af62 for account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was rotated over the last 90 days (4 days ago).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.7" - ], - "ISO27001-2022": [ - "A.5.16" - ], - "ENS-RD2022": [ - "op.acc.6.r1.gcp.ip.1" - ], - "PCI-4.0": [ - "3.7.5.2", - "7.2.5.1.2", - "8.3.10.1.1", - "8.3.5.1", - "8.3.7.1", - "8.3.9.1", - "8.6.3.1" - ], - "MITRE-ATTACK": [ - "T1078", - "T1098" - ], - "CIS-2.0": [ - "1.7" - ], - "NIS2": [ - "9.2.c", - "9.2.c.i", - "9.2.c.ii", - "9.2.c.v", - "9.2.c.vi", - "9.2.c.vii", - "9.2.c.xii", - "11.5.4", - "11.6.2.c", - "12.2.2.a", - "12.2.2.b" - ], - "ProwlerThreatScore-1.0": [ - "1.1.1" - ], - "CIS-4.0": [ - "1.7" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901002, - "created_time_dt": "2025-10-19T19:10:02.363981", - "desc": "Ensure User-Managed/External Keys for Service Accounts Are Rotated Every 90 Days", - "title": "Ensure User-Managed/External Keys for Service Accounts Are Rotated Every 90 Days", - "types": [], - "uid": "prowler-gcp-iam_sa_user_managed_key_rotate_90_days-nodal-time-474015-p5-global-test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "email": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "display_name": "CCC Test User: test-user-trusted", - "keys": [ - { - "name": "2be636359d12f2e126e0d77f6dfaa3ba883c97c6", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-12T13:15:46", - "valid_before": "2025-10-29T13:15:46" - }, - { - "name": "b42bff156412b21c8615812a79d72ba55d6bafb4", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:44", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "24a51f6716e116e4b0c095d727d4a101242b82a2", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "a9ef76bd9a4bf65183c4eca79577351caf8a8b9c", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:47", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "3ec34a6521569dd67684f27f37d1d6ab56db09dc", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:43", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c450c6187eeddc932b29ffd3d0f3e675bf53af62", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:45", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "da1ab7a5db1c4c450463dd8897ce39f496b0ad66", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "f69cf03d448314cf03036f08165420dfe98b3992", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:50", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "ce51dbe0ea021fb2e8124f86d8842546246040c1", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:51", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "9fb92292efcb6cf783f5b7ef3bc67a293bea8a33", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:52", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c0604742fabec0b925df21e0606a25c9e007f571", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:38:22", - "valid_before": "9999-12-31T23:59:59" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "101453138596815216260" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "type": "ServiceAccountKey", - "uid": "c450c6187eeddc932b29ffd3d0f3e675bf53af62" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended that all Service Account keys are regularly rotated.", - "references": [ - "https://cloud.google.com/iam/docs/creating-managing-service-account-keys" - ] - }, - "risk_details": "Service Account keys should be rotated to ensure that data cannot be accessed with an old key that might have been lost, cracked, or stolen.", - "time": 1760901002, - "time_dt": "2025-10-19T19:10:02.363981", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User-managed key da1ab7a5db1c4c450463dd8897ce39f496b0ad66 for account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was rotated over the last 90 days (4 days ago).", - "metadata": { - "event_code": "iam_sa_user_managed_key_rotate_90_days", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "PASS", - "status_detail": "User-managed key da1ab7a5db1c4c450463dd8897ce39f496b0ad66 for account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was rotated over the last 90 days (4 days ago).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.7" - ], - "ISO27001-2022": [ - "A.5.16" - ], - "ENS-RD2022": [ - "op.acc.6.r1.gcp.ip.1" - ], - "PCI-4.0": [ - "3.7.5.2", - "7.2.5.1.2", - "8.3.10.1.1", - "8.3.5.1", - "8.3.7.1", - "8.3.9.1", - "8.6.3.1" - ], - "MITRE-ATTACK": [ - "T1078", - "T1098" - ], - "CIS-2.0": [ - "1.7" - ], - "NIS2": [ - "9.2.c", - "9.2.c.i", - "9.2.c.ii", - "9.2.c.v", - "9.2.c.vi", - "9.2.c.vii", - "9.2.c.xii", - "11.5.4", - "11.6.2.c", - "12.2.2.a", - "12.2.2.b" - ], - "ProwlerThreatScore-1.0": [ - "1.1.1" - ], - "CIS-4.0": [ - "1.7" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901002, - "created_time_dt": "2025-10-19T19:10:02.363981", - "desc": "Ensure User-Managed/External Keys for Service Accounts Are Rotated Every 90 Days", - "title": "Ensure User-Managed/External Keys for Service Accounts Are Rotated Every 90 Days", - "types": [], - "uid": "prowler-gcp-iam_sa_user_managed_key_rotate_90_days-nodal-time-474015-p5-global-test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "email": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "display_name": "CCC Test User: test-user-trusted", - "keys": [ - { - "name": "2be636359d12f2e126e0d77f6dfaa3ba883c97c6", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-12T13:15:46", - "valid_before": "2025-10-29T13:15:46" - }, - { - "name": "b42bff156412b21c8615812a79d72ba55d6bafb4", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:44", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "24a51f6716e116e4b0c095d727d4a101242b82a2", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "a9ef76bd9a4bf65183c4eca79577351caf8a8b9c", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:47", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "3ec34a6521569dd67684f27f37d1d6ab56db09dc", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:43", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c450c6187eeddc932b29ffd3d0f3e675bf53af62", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:45", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "da1ab7a5db1c4c450463dd8897ce39f496b0ad66", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "f69cf03d448314cf03036f08165420dfe98b3992", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:50", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "ce51dbe0ea021fb2e8124f86d8842546246040c1", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:51", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "9fb92292efcb6cf783f5b7ef3bc67a293bea8a33", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:52", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c0604742fabec0b925df21e0606a25c9e007f571", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:38:22", - "valid_before": "9999-12-31T23:59:59" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "101453138596815216260" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "type": "ServiceAccountKey", - "uid": "da1ab7a5db1c4c450463dd8897ce39f496b0ad66" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended that all Service Account keys are regularly rotated.", - "references": [ - "https://cloud.google.com/iam/docs/creating-managing-service-account-keys" - ] - }, - "risk_details": "Service Account keys should be rotated to ensure that data cannot be accessed with an old key that might have been lost, cracked, or stolen.", - "time": 1760901002, - "time_dt": "2025-10-19T19:10:02.363981", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User-managed key f69cf03d448314cf03036f08165420dfe98b3992 for account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was rotated over the last 90 days (4 days ago).", - "metadata": { - "event_code": "iam_sa_user_managed_key_rotate_90_days", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "PASS", - "status_detail": "User-managed key f69cf03d448314cf03036f08165420dfe98b3992 for account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was rotated over the last 90 days (4 days ago).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.7" - ], - "ISO27001-2022": [ - "A.5.16" - ], - "ENS-RD2022": [ - "op.acc.6.r1.gcp.ip.1" - ], - "PCI-4.0": [ - "3.7.5.2", - "7.2.5.1.2", - "8.3.10.1.1", - "8.3.5.1", - "8.3.7.1", - "8.3.9.1", - "8.6.3.1" - ], - "MITRE-ATTACK": [ - "T1078", - "T1098" - ], - "CIS-2.0": [ - "1.7" - ], - "NIS2": [ - "9.2.c", - "9.2.c.i", - "9.2.c.ii", - "9.2.c.v", - "9.2.c.vi", - "9.2.c.vii", - "9.2.c.xii", - "11.5.4", - "11.6.2.c", - "12.2.2.a", - "12.2.2.b" - ], - "ProwlerThreatScore-1.0": [ - "1.1.1" - ], - "CIS-4.0": [ - "1.7" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901002, - "created_time_dt": "2025-10-19T19:10:02.363981", - "desc": "Ensure User-Managed/External Keys for Service Accounts Are Rotated Every 90 Days", - "title": "Ensure User-Managed/External Keys for Service Accounts Are Rotated Every 90 Days", - "types": [], - "uid": "prowler-gcp-iam_sa_user_managed_key_rotate_90_days-nodal-time-474015-p5-global-test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "email": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "display_name": "CCC Test User: test-user-trusted", - "keys": [ - { - "name": "2be636359d12f2e126e0d77f6dfaa3ba883c97c6", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-12T13:15:46", - "valid_before": "2025-10-29T13:15:46" - }, - { - "name": "b42bff156412b21c8615812a79d72ba55d6bafb4", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:44", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "24a51f6716e116e4b0c095d727d4a101242b82a2", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "a9ef76bd9a4bf65183c4eca79577351caf8a8b9c", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:47", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "3ec34a6521569dd67684f27f37d1d6ab56db09dc", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:43", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c450c6187eeddc932b29ffd3d0f3e675bf53af62", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:45", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "da1ab7a5db1c4c450463dd8897ce39f496b0ad66", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "f69cf03d448314cf03036f08165420dfe98b3992", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:50", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "ce51dbe0ea021fb2e8124f86d8842546246040c1", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:51", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "9fb92292efcb6cf783f5b7ef3bc67a293bea8a33", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:52", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c0604742fabec0b925df21e0606a25c9e007f571", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:38:22", - "valid_before": "9999-12-31T23:59:59" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "101453138596815216260" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "type": "ServiceAccountKey", - "uid": "f69cf03d448314cf03036f08165420dfe98b3992" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended that all Service Account keys are regularly rotated.", - "references": [ - "https://cloud.google.com/iam/docs/creating-managing-service-account-keys" - ] - }, - "risk_details": "Service Account keys should be rotated to ensure that data cannot be accessed with an old key that might have been lost, cracked, or stolen.", - "time": 1760901002, - "time_dt": "2025-10-19T19:10:02.363981", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User-managed key ce51dbe0ea021fb2e8124f86d8842546246040c1 for account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was rotated over the last 90 days (4 days ago).", - "metadata": { - "event_code": "iam_sa_user_managed_key_rotate_90_days", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "PASS", - "status_detail": "User-managed key ce51dbe0ea021fb2e8124f86d8842546246040c1 for account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was rotated over the last 90 days (4 days ago).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.7" - ], - "ISO27001-2022": [ - "A.5.16" - ], - "ENS-RD2022": [ - "op.acc.6.r1.gcp.ip.1" - ], - "PCI-4.0": [ - "3.7.5.2", - "7.2.5.1.2", - "8.3.10.1.1", - "8.3.5.1", - "8.3.7.1", - "8.3.9.1", - "8.6.3.1" - ], - "MITRE-ATTACK": [ - "T1078", - "T1098" - ], - "CIS-2.0": [ - "1.7" - ], - "NIS2": [ - "9.2.c", - "9.2.c.i", - "9.2.c.ii", - "9.2.c.v", - "9.2.c.vi", - "9.2.c.vii", - "9.2.c.xii", - "11.5.4", - "11.6.2.c", - "12.2.2.a", - "12.2.2.b" - ], - "ProwlerThreatScore-1.0": [ - "1.1.1" - ], - "CIS-4.0": [ - "1.7" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901002, - "created_time_dt": "2025-10-19T19:10:02.363981", - "desc": "Ensure User-Managed/External Keys for Service Accounts Are Rotated Every 90 Days", - "title": "Ensure User-Managed/External Keys for Service Accounts Are Rotated Every 90 Days", - "types": [], - "uid": "prowler-gcp-iam_sa_user_managed_key_rotate_90_days-nodal-time-474015-p5-global-test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "email": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "display_name": "CCC Test User: test-user-trusted", - "keys": [ - { - "name": "2be636359d12f2e126e0d77f6dfaa3ba883c97c6", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-12T13:15:46", - "valid_before": "2025-10-29T13:15:46" - }, - { - "name": "b42bff156412b21c8615812a79d72ba55d6bafb4", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:44", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "24a51f6716e116e4b0c095d727d4a101242b82a2", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "a9ef76bd9a4bf65183c4eca79577351caf8a8b9c", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:47", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "3ec34a6521569dd67684f27f37d1d6ab56db09dc", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:43", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c450c6187eeddc932b29ffd3d0f3e675bf53af62", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:45", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "da1ab7a5db1c4c450463dd8897ce39f496b0ad66", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "f69cf03d448314cf03036f08165420dfe98b3992", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:50", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "ce51dbe0ea021fb2e8124f86d8842546246040c1", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:51", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "9fb92292efcb6cf783f5b7ef3bc67a293bea8a33", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:52", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c0604742fabec0b925df21e0606a25c9e007f571", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:38:22", - "valid_before": "9999-12-31T23:59:59" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "101453138596815216260" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "type": "ServiceAccountKey", - "uid": "ce51dbe0ea021fb2e8124f86d8842546246040c1" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended that all Service Account keys are regularly rotated.", - "references": [ - "https://cloud.google.com/iam/docs/creating-managing-service-account-keys" - ] - }, - "risk_details": "Service Account keys should be rotated to ensure that data cannot be accessed with an old key that might have been lost, cracked, or stolen.", - "time": 1760901002, - "time_dt": "2025-10-19T19:10:02.363981", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User-managed key 9fb92292efcb6cf783f5b7ef3bc67a293bea8a33 for account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was rotated over the last 90 days (4 days ago).", - "metadata": { - "event_code": "iam_sa_user_managed_key_rotate_90_days", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "PASS", - "status_detail": "User-managed key 9fb92292efcb6cf783f5b7ef3bc67a293bea8a33 for account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was rotated over the last 90 days (4 days ago).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.7" - ], - "ISO27001-2022": [ - "A.5.16" - ], - "ENS-RD2022": [ - "op.acc.6.r1.gcp.ip.1" - ], - "PCI-4.0": [ - "3.7.5.2", - "7.2.5.1.2", - "8.3.10.1.1", - "8.3.5.1", - "8.3.7.1", - "8.3.9.1", - "8.6.3.1" - ], - "MITRE-ATTACK": [ - "T1078", - "T1098" - ], - "CIS-2.0": [ - "1.7" - ], - "NIS2": [ - "9.2.c", - "9.2.c.i", - "9.2.c.ii", - "9.2.c.v", - "9.2.c.vi", - "9.2.c.vii", - "9.2.c.xii", - "11.5.4", - "11.6.2.c", - "12.2.2.a", - "12.2.2.b" - ], - "ProwlerThreatScore-1.0": [ - "1.1.1" - ], - "CIS-4.0": [ - "1.7" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901002, - "created_time_dt": "2025-10-19T19:10:02.363981", - "desc": "Ensure User-Managed/External Keys for Service Accounts Are Rotated Every 90 Days", - "title": "Ensure User-Managed/External Keys for Service Accounts Are Rotated Every 90 Days", - "types": [], - "uid": "prowler-gcp-iam_sa_user_managed_key_rotate_90_days-nodal-time-474015-p5-global-test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "email": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "display_name": "CCC Test User: test-user-trusted", - "keys": [ - { - "name": "2be636359d12f2e126e0d77f6dfaa3ba883c97c6", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-12T13:15:46", - "valid_before": "2025-10-29T13:15:46" - }, - { - "name": "b42bff156412b21c8615812a79d72ba55d6bafb4", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:44", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "24a51f6716e116e4b0c095d727d4a101242b82a2", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "a9ef76bd9a4bf65183c4eca79577351caf8a8b9c", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:47", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "3ec34a6521569dd67684f27f37d1d6ab56db09dc", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:43", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c450c6187eeddc932b29ffd3d0f3e675bf53af62", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:45", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "da1ab7a5db1c4c450463dd8897ce39f496b0ad66", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "f69cf03d448314cf03036f08165420dfe98b3992", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:50", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "ce51dbe0ea021fb2e8124f86d8842546246040c1", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:51", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "9fb92292efcb6cf783f5b7ef3bc67a293bea8a33", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:52", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c0604742fabec0b925df21e0606a25c9e007f571", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:38:22", - "valid_before": "9999-12-31T23:59:59" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "101453138596815216260" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "type": "ServiceAccountKey", - "uid": "9fb92292efcb6cf783f5b7ef3bc67a293bea8a33" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended that all Service Account keys are regularly rotated.", - "references": [ - "https://cloud.google.com/iam/docs/creating-managing-service-account-keys" - ] - }, - "risk_details": "Service Account keys should be rotated to ensure that data cannot be accessed with an old key that might have been lost, cracked, or stolen.", - "time": 1760901002, - "time_dt": "2025-10-19T19:10:02.363981", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User-managed key c0604742fabec0b925df21e0606a25c9e007f571 for account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was rotated over the last 90 days (4 days ago).", - "metadata": { - "event_code": "iam_sa_user_managed_key_rotate_90_days", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "PASS", - "status_detail": "User-managed key c0604742fabec0b925df21e0606a25c9e007f571 for account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was rotated over the last 90 days (4 days ago).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.7" - ], - "ISO27001-2022": [ - "A.5.16" - ], - "ENS-RD2022": [ - "op.acc.6.r1.gcp.ip.1" - ], - "PCI-4.0": [ - "3.7.5.2", - "7.2.5.1.2", - "8.3.10.1.1", - "8.3.5.1", - "8.3.7.1", - "8.3.9.1", - "8.6.3.1" - ], - "MITRE-ATTACK": [ - "T1078", - "T1098" - ], - "CIS-2.0": [ - "1.7" - ], - "NIS2": [ - "9.2.c", - "9.2.c.i", - "9.2.c.ii", - "9.2.c.v", - "9.2.c.vi", - "9.2.c.vii", - "9.2.c.xii", - "11.5.4", - "11.6.2.c", - "12.2.2.a", - "12.2.2.b" - ], - "ProwlerThreatScore-1.0": [ - "1.1.1" - ], - "CIS-4.0": [ - "1.7" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901002, - "created_time_dt": "2025-10-19T19:10:02.363981", - "desc": "Ensure User-Managed/External Keys for Service Accounts Are Rotated Every 90 Days", - "title": "Ensure User-Managed/External Keys for Service Accounts Are Rotated Every 90 Days", - "types": [], - "uid": "prowler-gcp-iam_sa_user_managed_key_rotate_90_days-nodal-time-474015-p5-global-test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "email": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "display_name": "CCC Test User: test-user-trusted", - "keys": [ - { - "name": "2be636359d12f2e126e0d77f6dfaa3ba883c97c6", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-12T13:15:46", - "valid_before": "2025-10-29T13:15:46" - }, - { - "name": "b42bff156412b21c8615812a79d72ba55d6bafb4", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:44", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "24a51f6716e116e4b0c095d727d4a101242b82a2", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "a9ef76bd9a4bf65183c4eca79577351caf8a8b9c", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:47", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "3ec34a6521569dd67684f27f37d1d6ab56db09dc", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:43", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c450c6187eeddc932b29ffd3d0f3e675bf53af62", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:45", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "da1ab7a5db1c4c450463dd8897ce39f496b0ad66", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "f69cf03d448314cf03036f08165420dfe98b3992", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:50", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "ce51dbe0ea021fb2e8124f86d8842546246040c1", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:51", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "9fb92292efcb6cf783f5b7ef3bc67a293bea8a33", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:52", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c0604742fabec0b925df21e0606a25c9e007f571", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:38:22", - "valid_before": "9999-12-31T23:59:59" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "101453138596815216260" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "type": "ServiceAccountKey", - "uid": "c0604742fabec0b925df21e0606a25c9e007f571" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended that all Service Account keys are regularly rotated.", - "references": [ - "https://cloud.google.com/iam/docs/creating-managing-service-account-keys" - ] - }, - "risk_details": "Service Account keys should be rotated to ensure that data cannot be accessed with an old key that might have been lost, cracked, or stolen.", - "time": 1760901002, - "time_dt": "2025-10-19T19:10:02.363981", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User-managed key b42bff156412b21c8615812a79d72ba55d6bafb4 for Service Account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was not used over the last 180 days.", - "metadata": { - "event_code": "iam_sa_user_managed_key_unused", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "User-managed key b42bff156412b21c8615812a79d72ba55d6bafb4 for Service Account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was not used over the last 180 days.", - "status_id": 1, - "unmapped": { - "related_url": "https://cloud.google.com/iam/docs/service-account-overview#identify-unused", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_1_3", - "cc_6_3" - ], - "MITRE-ATTACK": [ - "T1078" - ], - "NIS2": [ - "6.2.2.b", - "9.2.c", - "9.2.c.i", - "9.2.c.vii", - "9.2.c.xii", - "11.5.4" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901002, - "created_time_dt": "2025-10-19T19:10:02.363981", - "desc": "Ensure That There Are No Unused Service Account Keys for Each Service Account.", - "title": "Ensure That There Are No Unused Service Account Keys for Each Service Account", - "types": [], - "uid": "prowler-gcp-iam_sa_user_managed_key_unused-nodal-time-474015-p5-global-test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "email": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "display_name": "CCC Test User: test-user-trusted", - "keys": [ - { - "name": "2be636359d12f2e126e0d77f6dfaa3ba883c97c6", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-12T13:15:46", - "valid_before": "2025-10-29T13:15:46" - }, - { - "name": "b42bff156412b21c8615812a79d72ba55d6bafb4", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:44", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "24a51f6716e116e4b0c095d727d4a101242b82a2", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "a9ef76bd9a4bf65183c4eca79577351caf8a8b9c", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:47", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "3ec34a6521569dd67684f27f37d1d6ab56db09dc", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:43", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c450c6187eeddc932b29ffd3d0f3e675bf53af62", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:45", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "da1ab7a5db1c4c450463dd8897ce39f496b0ad66", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "f69cf03d448314cf03036f08165420dfe98b3992", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:50", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "ce51dbe0ea021fb2e8124f86d8842546246040c1", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:51", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "9fb92292efcb6cf783f5b7ef3bc67a293bea8a33", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:52", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c0604742fabec0b925df21e0606a25c9e007f571", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:38:22", - "valid_before": "9999-12-31T23:59:59" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "101453138596815216260" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "type": "ServiceAccountKey", - "uid": "b42bff156412b21c8615812a79d72ba55d6bafb4" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended to prevent user-managed service account keys.", - "references": [ - "https://cloud.google.com/iam/docs/creating-managing-service-account-keys" - ] - }, - "risk_details": "Anyone who has access to the keys will be able to access resources through the service account. GCP-managed keys are used by Cloud Platform services such as App Engine and Compute Engine. These keys cannot be downloaded. Google will keep the keys and automatically rotate them on an approximately weekly basis. User-managed keys are created, downloadable, and managed by users.", - "time": 1760901002, - "time_dt": "2025-10-19T19:10:02.363981", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User-managed key 24a51f6716e116e4b0c095d727d4a101242b82a2 for Service Account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was not used over the last 180 days.", - "metadata": { - "event_code": "iam_sa_user_managed_key_unused", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "User-managed key 24a51f6716e116e4b0c095d727d4a101242b82a2 for Service Account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was not used over the last 180 days.", - "status_id": 1, - "unmapped": { - "related_url": "https://cloud.google.com/iam/docs/service-account-overview#identify-unused", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_1_3", - "cc_6_3" - ], - "MITRE-ATTACK": [ - "T1078" - ], - "NIS2": [ - "6.2.2.b", - "9.2.c", - "9.2.c.i", - "9.2.c.vii", - "9.2.c.xii", - "11.5.4" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901002, - "created_time_dt": "2025-10-19T19:10:02.363981", - "desc": "Ensure That There Are No Unused Service Account Keys for Each Service Account.", - "title": "Ensure That There Are No Unused Service Account Keys for Each Service Account", - "types": [], - "uid": "prowler-gcp-iam_sa_user_managed_key_unused-nodal-time-474015-p5-global-test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "email": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "display_name": "CCC Test User: test-user-trusted", - "keys": [ - { - "name": "2be636359d12f2e126e0d77f6dfaa3ba883c97c6", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-12T13:15:46", - "valid_before": "2025-10-29T13:15:46" - }, - { - "name": "b42bff156412b21c8615812a79d72ba55d6bafb4", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:44", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "24a51f6716e116e4b0c095d727d4a101242b82a2", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "a9ef76bd9a4bf65183c4eca79577351caf8a8b9c", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:47", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "3ec34a6521569dd67684f27f37d1d6ab56db09dc", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:43", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c450c6187eeddc932b29ffd3d0f3e675bf53af62", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:45", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "da1ab7a5db1c4c450463dd8897ce39f496b0ad66", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "f69cf03d448314cf03036f08165420dfe98b3992", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:50", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "ce51dbe0ea021fb2e8124f86d8842546246040c1", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:51", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "9fb92292efcb6cf783f5b7ef3bc67a293bea8a33", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:52", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c0604742fabec0b925df21e0606a25c9e007f571", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:38:22", - "valid_before": "9999-12-31T23:59:59" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "101453138596815216260" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "type": "ServiceAccountKey", - "uid": "24a51f6716e116e4b0c095d727d4a101242b82a2" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended to prevent user-managed service account keys.", - "references": [ - "https://cloud.google.com/iam/docs/creating-managing-service-account-keys" - ] - }, - "risk_details": "Anyone who has access to the keys will be able to access resources through the service account. GCP-managed keys are used by Cloud Platform services such as App Engine and Compute Engine. These keys cannot be downloaded. Google will keep the keys and automatically rotate them on an approximately weekly basis. User-managed keys are created, downloadable, and managed by users.", - "time": 1760901002, - "time_dt": "2025-10-19T19:10:02.363981", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User-managed key a9ef76bd9a4bf65183c4eca79577351caf8a8b9c for Service Account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was not used over the last 180 days.", - "metadata": { - "event_code": "iam_sa_user_managed_key_unused", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "User-managed key a9ef76bd9a4bf65183c4eca79577351caf8a8b9c for Service Account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was not used over the last 180 days.", - "status_id": 1, - "unmapped": { - "related_url": "https://cloud.google.com/iam/docs/service-account-overview#identify-unused", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_1_3", - "cc_6_3" - ], - "MITRE-ATTACK": [ - "T1078" - ], - "NIS2": [ - "6.2.2.b", - "9.2.c", - "9.2.c.i", - "9.2.c.vii", - "9.2.c.xii", - "11.5.4" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901002, - "created_time_dt": "2025-10-19T19:10:02.363981", - "desc": "Ensure That There Are No Unused Service Account Keys for Each Service Account.", - "title": "Ensure That There Are No Unused Service Account Keys for Each Service Account", - "types": [], - "uid": "prowler-gcp-iam_sa_user_managed_key_unused-nodal-time-474015-p5-global-test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "email": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "display_name": "CCC Test User: test-user-trusted", - "keys": [ - { - "name": "2be636359d12f2e126e0d77f6dfaa3ba883c97c6", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-12T13:15:46", - "valid_before": "2025-10-29T13:15:46" - }, - { - "name": "b42bff156412b21c8615812a79d72ba55d6bafb4", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:44", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "24a51f6716e116e4b0c095d727d4a101242b82a2", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "a9ef76bd9a4bf65183c4eca79577351caf8a8b9c", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:47", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "3ec34a6521569dd67684f27f37d1d6ab56db09dc", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:43", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c450c6187eeddc932b29ffd3d0f3e675bf53af62", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:45", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "da1ab7a5db1c4c450463dd8897ce39f496b0ad66", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "f69cf03d448314cf03036f08165420dfe98b3992", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:50", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "ce51dbe0ea021fb2e8124f86d8842546246040c1", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:51", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "9fb92292efcb6cf783f5b7ef3bc67a293bea8a33", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:52", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c0604742fabec0b925df21e0606a25c9e007f571", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:38:22", - "valid_before": "9999-12-31T23:59:59" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "101453138596815216260" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "type": "ServiceAccountKey", - "uid": "a9ef76bd9a4bf65183c4eca79577351caf8a8b9c" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended to prevent user-managed service account keys.", - "references": [ - "https://cloud.google.com/iam/docs/creating-managing-service-account-keys" - ] - }, - "risk_details": "Anyone who has access to the keys will be able to access resources through the service account. GCP-managed keys are used by Cloud Platform services such as App Engine and Compute Engine. These keys cannot be downloaded. Google will keep the keys and automatically rotate them on an approximately weekly basis. User-managed keys are created, downloadable, and managed by users.", - "time": 1760901002, - "time_dt": "2025-10-19T19:10:02.363981", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User-managed key 3ec34a6521569dd67684f27f37d1d6ab56db09dc for Service Account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was not used over the last 180 days.", - "metadata": { - "event_code": "iam_sa_user_managed_key_unused", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "User-managed key 3ec34a6521569dd67684f27f37d1d6ab56db09dc for Service Account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was not used over the last 180 days.", - "status_id": 1, - "unmapped": { - "related_url": "https://cloud.google.com/iam/docs/service-account-overview#identify-unused", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_1_3", - "cc_6_3" - ], - "MITRE-ATTACK": [ - "T1078" - ], - "NIS2": [ - "6.2.2.b", - "9.2.c", - "9.2.c.i", - "9.2.c.vii", - "9.2.c.xii", - "11.5.4" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901002, - "created_time_dt": "2025-10-19T19:10:02.363981", - "desc": "Ensure That There Are No Unused Service Account Keys for Each Service Account.", - "title": "Ensure That There Are No Unused Service Account Keys for Each Service Account", - "types": [], - "uid": "prowler-gcp-iam_sa_user_managed_key_unused-nodal-time-474015-p5-global-test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "email": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "display_name": "CCC Test User: test-user-trusted", - "keys": [ - { - "name": "2be636359d12f2e126e0d77f6dfaa3ba883c97c6", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-12T13:15:46", - "valid_before": "2025-10-29T13:15:46" - }, - { - "name": "b42bff156412b21c8615812a79d72ba55d6bafb4", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:44", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "24a51f6716e116e4b0c095d727d4a101242b82a2", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "a9ef76bd9a4bf65183c4eca79577351caf8a8b9c", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:47", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "3ec34a6521569dd67684f27f37d1d6ab56db09dc", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:43", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c450c6187eeddc932b29ffd3d0f3e675bf53af62", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:45", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "da1ab7a5db1c4c450463dd8897ce39f496b0ad66", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "f69cf03d448314cf03036f08165420dfe98b3992", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:50", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "ce51dbe0ea021fb2e8124f86d8842546246040c1", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:51", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "9fb92292efcb6cf783f5b7ef3bc67a293bea8a33", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:52", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c0604742fabec0b925df21e0606a25c9e007f571", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:38:22", - "valid_before": "9999-12-31T23:59:59" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "101453138596815216260" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "type": "ServiceAccountKey", - "uid": "3ec34a6521569dd67684f27f37d1d6ab56db09dc" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended to prevent user-managed service account keys.", - "references": [ - "https://cloud.google.com/iam/docs/creating-managing-service-account-keys" - ] - }, - "risk_details": "Anyone who has access to the keys will be able to access resources through the service account. GCP-managed keys are used by Cloud Platform services such as App Engine and Compute Engine. These keys cannot be downloaded. Google will keep the keys and automatically rotate them on an approximately weekly basis. User-managed keys are created, downloadable, and managed by users.", - "time": 1760901002, - "time_dt": "2025-10-19T19:10:02.363981", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User-managed key c450c6187eeddc932b29ffd3d0f3e675bf53af62 for Service Account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was not used over the last 180 days.", - "metadata": { - "event_code": "iam_sa_user_managed_key_unused", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "User-managed key c450c6187eeddc932b29ffd3d0f3e675bf53af62 for Service Account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was not used over the last 180 days.", - "status_id": 1, - "unmapped": { - "related_url": "https://cloud.google.com/iam/docs/service-account-overview#identify-unused", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_1_3", - "cc_6_3" - ], - "MITRE-ATTACK": [ - "T1078" - ], - "NIS2": [ - "6.2.2.b", - "9.2.c", - "9.2.c.i", - "9.2.c.vii", - "9.2.c.xii", - "11.5.4" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901002, - "created_time_dt": "2025-10-19T19:10:02.363981", - "desc": "Ensure That There Are No Unused Service Account Keys for Each Service Account.", - "title": "Ensure That There Are No Unused Service Account Keys for Each Service Account", - "types": [], - "uid": "prowler-gcp-iam_sa_user_managed_key_unused-nodal-time-474015-p5-global-test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "email": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "display_name": "CCC Test User: test-user-trusted", - "keys": [ - { - "name": "2be636359d12f2e126e0d77f6dfaa3ba883c97c6", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-12T13:15:46", - "valid_before": "2025-10-29T13:15:46" - }, - { - "name": "b42bff156412b21c8615812a79d72ba55d6bafb4", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:44", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "24a51f6716e116e4b0c095d727d4a101242b82a2", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "a9ef76bd9a4bf65183c4eca79577351caf8a8b9c", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:47", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "3ec34a6521569dd67684f27f37d1d6ab56db09dc", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:43", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c450c6187eeddc932b29ffd3d0f3e675bf53af62", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:45", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "da1ab7a5db1c4c450463dd8897ce39f496b0ad66", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "f69cf03d448314cf03036f08165420dfe98b3992", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:50", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "ce51dbe0ea021fb2e8124f86d8842546246040c1", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:51", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "9fb92292efcb6cf783f5b7ef3bc67a293bea8a33", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:52", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c0604742fabec0b925df21e0606a25c9e007f571", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:38:22", - "valid_before": "9999-12-31T23:59:59" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "101453138596815216260" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "type": "ServiceAccountKey", - "uid": "c450c6187eeddc932b29ffd3d0f3e675bf53af62" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended to prevent user-managed service account keys.", - "references": [ - "https://cloud.google.com/iam/docs/creating-managing-service-account-keys" - ] - }, - "risk_details": "Anyone who has access to the keys will be able to access resources through the service account. GCP-managed keys are used by Cloud Platform services such as App Engine and Compute Engine. These keys cannot be downloaded. Google will keep the keys and automatically rotate them on an approximately weekly basis. User-managed keys are created, downloadable, and managed by users.", - "time": 1760901002, - "time_dt": "2025-10-19T19:10:02.363981", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User-managed key da1ab7a5db1c4c450463dd8897ce39f496b0ad66 for Service Account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was not used over the last 180 days.", - "metadata": { - "event_code": "iam_sa_user_managed_key_unused", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "User-managed key da1ab7a5db1c4c450463dd8897ce39f496b0ad66 for Service Account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was not used over the last 180 days.", - "status_id": 1, - "unmapped": { - "related_url": "https://cloud.google.com/iam/docs/service-account-overview#identify-unused", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_1_3", - "cc_6_3" - ], - "MITRE-ATTACK": [ - "T1078" - ], - "NIS2": [ - "6.2.2.b", - "9.2.c", - "9.2.c.i", - "9.2.c.vii", - "9.2.c.xii", - "11.5.4" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901002, - "created_time_dt": "2025-10-19T19:10:02.363981", - "desc": "Ensure That There Are No Unused Service Account Keys for Each Service Account.", - "title": "Ensure That There Are No Unused Service Account Keys for Each Service Account", - "types": [], - "uid": "prowler-gcp-iam_sa_user_managed_key_unused-nodal-time-474015-p5-global-test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "email": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "display_name": "CCC Test User: test-user-trusted", - "keys": [ - { - "name": "2be636359d12f2e126e0d77f6dfaa3ba883c97c6", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-12T13:15:46", - "valid_before": "2025-10-29T13:15:46" - }, - { - "name": "b42bff156412b21c8615812a79d72ba55d6bafb4", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:44", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "24a51f6716e116e4b0c095d727d4a101242b82a2", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "a9ef76bd9a4bf65183c4eca79577351caf8a8b9c", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:47", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "3ec34a6521569dd67684f27f37d1d6ab56db09dc", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:43", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c450c6187eeddc932b29ffd3d0f3e675bf53af62", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:45", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "da1ab7a5db1c4c450463dd8897ce39f496b0ad66", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "f69cf03d448314cf03036f08165420dfe98b3992", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:50", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "ce51dbe0ea021fb2e8124f86d8842546246040c1", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:51", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "9fb92292efcb6cf783f5b7ef3bc67a293bea8a33", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:52", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c0604742fabec0b925df21e0606a25c9e007f571", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:38:22", - "valid_before": "9999-12-31T23:59:59" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "101453138596815216260" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "type": "ServiceAccountKey", - "uid": "da1ab7a5db1c4c450463dd8897ce39f496b0ad66" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended to prevent user-managed service account keys.", - "references": [ - "https://cloud.google.com/iam/docs/creating-managing-service-account-keys" - ] - }, - "risk_details": "Anyone who has access to the keys will be able to access resources through the service account. GCP-managed keys are used by Cloud Platform services such as App Engine and Compute Engine. These keys cannot be downloaded. Google will keep the keys and automatically rotate them on an approximately weekly basis. User-managed keys are created, downloadable, and managed by users.", - "time": 1760901002, - "time_dt": "2025-10-19T19:10:02.363981", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User-managed key f69cf03d448314cf03036f08165420dfe98b3992 for Service Account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was not used over the last 180 days.", - "metadata": { - "event_code": "iam_sa_user_managed_key_unused", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "User-managed key f69cf03d448314cf03036f08165420dfe98b3992 for Service Account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was not used over the last 180 days.", - "status_id": 1, - "unmapped": { - "related_url": "https://cloud.google.com/iam/docs/service-account-overview#identify-unused", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_1_3", - "cc_6_3" - ], - "MITRE-ATTACK": [ - "T1078" - ], - "NIS2": [ - "6.2.2.b", - "9.2.c", - "9.2.c.i", - "9.2.c.vii", - "9.2.c.xii", - "11.5.4" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901002, - "created_time_dt": "2025-10-19T19:10:02.363981", - "desc": "Ensure That There Are No Unused Service Account Keys for Each Service Account.", - "title": "Ensure That There Are No Unused Service Account Keys for Each Service Account", - "types": [], - "uid": "prowler-gcp-iam_sa_user_managed_key_unused-nodal-time-474015-p5-global-test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "email": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "display_name": "CCC Test User: test-user-trusted", - "keys": [ - { - "name": "2be636359d12f2e126e0d77f6dfaa3ba883c97c6", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-12T13:15:46", - "valid_before": "2025-10-29T13:15:46" - }, - { - "name": "b42bff156412b21c8615812a79d72ba55d6bafb4", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:44", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "24a51f6716e116e4b0c095d727d4a101242b82a2", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "a9ef76bd9a4bf65183c4eca79577351caf8a8b9c", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:47", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "3ec34a6521569dd67684f27f37d1d6ab56db09dc", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:43", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c450c6187eeddc932b29ffd3d0f3e675bf53af62", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:45", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "da1ab7a5db1c4c450463dd8897ce39f496b0ad66", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "f69cf03d448314cf03036f08165420dfe98b3992", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:50", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "ce51dbe0ea021fb2e8124f86d8842546246040c1", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:51", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "9fb92292efcb6cf783f5b7ef3bc67a293bea8a33", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:52", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c0604742fabec0b925df21e0606a25c9e007f571", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:38:22", - "valid_before": "9999-12-31T23:59:59" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "101453138596815216260" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "type": "ServiceAccountKey", - "uid": "f69cf03d448314cf03036f08165420dfe98b3992" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended to prevent user-managed service account keys.", - "references": [ - "https://cloud.google.com/iam/docs/creating-managing-service-account-keys" - ] - }, - "risk_details": "Anyone who has access to the keys will be able to access resources through the service account. GCP-managed keys are used by Cloud Platform services such as App Engine and Compute Engine. These keys cannot be downloaded. Google will keep the keys and automatically rotate them on an approximately weekly basis. User-managed keys are created, downloadable, and managed by users.", - "time": 1760901002, - "time_dt": "2025-10-19T19:10:02.363981", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User-managed key ce51dbe0ea021fb2e8124f86d8842546246040c1 for Service Account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was not used over the last 180 days.", - "metadata": { - "event_code": "iam_sa_user_managed_key_unused", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "User-managed key ce51dbe0ea021fb2e8124f86d8842546246040c1 for Service Account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was not used over the last 180 days.", - "status_id": 1, - "unmapped": { - "related_url": "https://cloud.google.com/iam/docs/service-account-overview#identify-unused", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_1_3", - "cc_6_3" - ], - "MITRE-ATTACK": [ - "T1078" - ], - "NIS2": [ - "6.2.2.b", - "9.2.c", - "9.2.c.i", - "9.2.c.vii", - "9.2.c.xii", - "11.5.4" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901002, - "created_time_dt": "2025-10-19T19:10:02.363981", - "desc": "Ensure That There Are No Unused Service Account Keys for Each Service Account.", - "title": "Ensure That There Are No Unused Service Account Keys for Each Service Account", - "types": [], - "uid": "prowler-gcp-iam_sa_user_managed_key_unused-nodal-time-474015-p5-global-test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "email": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "display_name": "CCC Test User: test-user-trusted", - "keys": [ - { - "name": "2be636359d12f2e126e0d77f6dfaa3ba883c97c6", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-12T13:15:46", - "valid_before": "2025-10-29T13:15:46" - }, - { - "name": "b42bff156412b21c8615812a79d72ba55d6bafb4", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:44", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "24a51f6716e116e4b0c095d727d4a101242b82a2", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "a9ef76bd9a4bf65183c4eca79577351caf8a8b9c", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:47", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "3ec34a6521569dd67684f27f37d1d6ab56db09dc", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:43", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c450c6187eeddc932b29ffd3d0f3e675bf53af62", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:45", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "da1ab7a5db1c4c450463dd8897ce39f496b0ad66", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "f69cf03d448314cf03036f08165420dfe98b3992", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:50", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "ce51dbe0ea021fb2e8124f86d8842546246040c1", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:51", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "9fb92292efcb6cf783f5b7ef3bc67a293bea8a33", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:52", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c0604742fabec0b925df21e0606a25c9e007f571", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:38:22", - "valid_before": "9999-12-31T23:59:59" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "101453138596815216260" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "type": "ServiceAccountKey", - "uid": "ce51dbe0ea021fb2e8124f86d8842546246040c1" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended to prevent user-managed service account keys.", - "references": [ - "https://cloud.google.com/iam/docs/creating-managing-service-account-keys" - ] - }, - "risk_details": "Anyone who has access to the keys will be able to access resources through the service account. GCP-managed keys are used by Cloud Platform services such as App Engine and Compute Engine. These keys cannot be downloaded. Google will keep the keys and automatically rotate them on an approximately weekly basis. User-managed keys are created, downloadable, and managed by users.", - "time": 1760901002, - "time_dt": "2025-10-19T19:10:02.363981", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User-managed key 9fb92292efcb6cf783f5b7ef3bc67a293bea8a33 for Service Account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was not used over the last 180 days.", - "metadata": { - "event_code": "iam_sa_user_managed_key_unused", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "User-managed key 9fb92292efcb6cf783f5b7ef3bc67a293bea8a33 for Service Account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was not used over the last 180 days.", - "status_id": 1, - "unmapped": { - "related_url": "https://cloud.google.com/iam/docs/service-account-overview#identify-unused", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_1_3", - "cc_6_3" - ], - "MITRE-ATTACK": [ - "T1078" - ], - "NIS2": [ - "6.2.2.b", - "9.2.c", - "9.2.c.i", - "9.2.c.vii", - "9.2.c.xii", - "11.5.4" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901002, - "created_time_dt": "2025-10-19T19:10:02.363981", - "desc": "Ensure That There Are No Unused Service Account Keys for Each Service Account.", - "title": "Ensure That There Are No Unused Service Account Keys for Each Service Account", - "types": [], - "uid": "prowler-gcp-iam_sa_user_managed_key_unused-nodal-time-474015-p5-global-test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "email": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "display_name": "CCC Test User: test-user-trusted", - "keys": [ - { - "name": "2be636359d12f2e126e0d77f6dfaa3ba883c97c6", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-12T13:15:46", - "valid_before": "2025-10-29T13:15:46" - }, - { - "name": "b42bff156412b21c8615812a79d72ba55d6bafb4", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:44", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "24a51f6716e116e4b0c095d727d4a101242b82a2", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "a9ef76bd9a4bf65183c4eca79577351caf8a8b9c", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:47", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "3ec34a6521569dd67684f27f37d1d6ab56db09dc", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:43", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c450c6187eeddc932b29ffd3d0f3e675bf53af62", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:45", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "da1ab7a5db1c4c450463dd8897ce39f496b0ad66", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "f69cf03d448314cf03036f08165420dfe98b3992", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:50", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "ce51dbe0ea021fb2e8124f86d8842546246040c1", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:51", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "9fb92292efcb6cf783f5b7ef3bc67a293bea8a33", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:52", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c0604742fabec0b925df21e0606a25c9e007f571", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:38:22", - "valid_before": "9999-12-31T23:59:59" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "101453138596815216260" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "type": "ServiceAccountKey", - "uid": "9fb92292efcb6cf783f5b7ef3bc67a293bea8a33" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended to prevent user-managed service account keys.", - "references": [ - "https://cloud.google.com/iam/docs/creating-managing-service-account-keys" - ] - }, - "risk_details": "Anyone who has access to the keys will be able to access resources through the service account. GCP-managed keys are used by Cloud Platform services such as App Engine and Compute Engine. These keys cannot be downloaded. Google will keep the keys and automatically rotate them on an approximately weekly basis. User-managed keys are created, downloadable, and managed by users.", - "time": 1760901002, - "time_dt": "2025-10-19T19:10:02.363981", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User-managed key c0604742fabec0b925df21e0606a25c9e007f571 for Service Account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was not used over the last 180 days.", - "metadata": { - "event_code": "iam_sa_user_managed_key_unused", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "User-managed key c0604742fabec0b925df21e0606a25c9e007f571 for Service Account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was not used over the last 180 days.", - "status_id": 1, - "unmapped": { - "related_url": "https://cloud.google.com/iam/docs/service-account-overview#identify-unused", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_1_3", - "cc_6_3" - ], - "MITRE-ATTACK": [ - "T1078" - ], - "NIS2": [ - "6.2.2.b", - "9.2.c", - "9.2.c.i", - "9.2.c.vii", - "9.2.c.xii", - "11.5.4" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901002, - "created_time_dt": "2025-10-19T19:10:02.363981", - "desc": "Ensure That There Are No Unused Service Account Keys for Each Service Account.", - "title": "Ensure That There Are No Unused Service Account Keys for Each Service Account", - "types": [], - "uid": "prowler-gcp-iam_sa_user_managed_key_unused-nodal-time-474015-p5-global-test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "email": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "display_name": "CCC Test User: test-user-trusted", - "keys": [ - { - "name": "2be636359d12f2e126e0d77f6dfaa3ba883c97c6", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-12T13:15:46", - "valid_before": "2025-10-29T13:15:46" - }, - { - "name": "b42bff156412b21c8615812a79d72ba55d6bafb4", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:44", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "24a51f6716e116e4b0c095d727d4a101242b82a2", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "a9ef76bd9a4bf65183c4eca79577351caf8a8b9c", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:47", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "3ec34a6521569dd67684f27f37d1d6ab56db09dc", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:43", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c450c6187eeddc932b29ffd3d0f3e675bf53af62", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:45", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "da1ab7a5db1c4c450463dd8897ce39f496b0ad66", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "f69cf03d448314cf03036f08165420dfe98b3992", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:50", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "ce51dbe0ea021fb2e8124f86d8842546246040c1", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:51", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "9fb92292efcb6cf783f5b7ef3bc67a293bea8a33", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:52", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c0604742fabec0b925df21e0606a25c9e007f571", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:38:22", - "valid_before": "9999-12-31T23:59:59" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "101453138596815216260" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "type": "ServiceAccountKey", - "uid": "c0604742fabec0b925df21e0606a25c9e007f571" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended to prevent user-managed service account keys.", - "references": [ - "https://cloud.google.com/iam/docs/creating-managing-service-account-keys" - ] - }, - "risk_details": "Anyone who has access to the keys will be able to access resources through the service account. GCP-managed keys are used by Cloud Platform services such as App Engine and Compute Engine. These keys cannot be downloaded. Google will keep the keys and automatically rotate them on an approximately weekly basis. User-managed keys are created, downloadable, and managed by users.", - "time": 1760901002, - "time_dt": "2025-10-19T19:10:02.363981", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Service Account gha-deployer@nodal-time-474015-p5.iam.gserviceaccount.com was used over the last 180 days.", - "metadata": { - "event_code": "iam_service_account_unused", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Service Account gha-deployer@nodal-time-474015-p5.iam.gserviceaccount.com was used over the last 180 days.", - "status_id": 1, - "unmapped": { - "related_url": "https://cloud.google.com/iam/docs/service-account-overview#identify-unused", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "MITRE-ATTACK": [ - "T1078" - ], - "NIS2": [ - "6.2.2.b", - "11.1.2.c", - "11.2.2.a", - "11.2.2.d", - "11.3.1", - "11.3.2.a", - "11.3.2.c", - "11.4.2.a", - "11.4.2.c", - "11.5.4" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901002, - "created_time_dt": "2025-10-19T19:10:02.363981", - "desc": "Ensure That There Are No Unused Service Accounts.", - "title": "Ensure That There Are No Unused Service Accounts", - "types": [], - "uid": "prowler-gcp-iam_service_account_unused-nodal-time-474015-p5-global-projects/nodal-time-474015-p5/serviceAccounts/gha-deployer@nodal-time-474015-p5.iam.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/gha-deployer@nodal-time-474015-p5.iam.gserviceaccount.com", - "email": "gha-deployer@nodal-time-474015-p5.iam.gserviceaccount.com", - "display_name": "GitHub Actions Deployer", - "keys": [ - { - "name": "3f2a81ba4bce0b39089b85a2e7678d09d2d183f6", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-16T22:26:26", - "valid_before": "2027-10-28T08:50:15" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "114112078080729873885" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "projects/nodal-time-474015-p5/serviceAccounts/gha-deployer@nodal-time-474015-p5.iam.gserviceaccount.com", - "type": "ServiceAccount", - "uid": "gha-deployer@nodal-time-474015-p5.iam.gserviceaccount.com" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended to disable or remove unused Service Accounts.", - "references": [ - "https://cloud.google.com/iam/docs/service-account-overview#identify-unused" - ] - }, - "risk_details": "A malicious actor could make use of privilege escalation or impersonation to access an unused Service Account that is over-privileged.", - "time": 1760901002, - "time_dt": "2025-10-19T19:10:02.363981", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Service Account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was not used over the last 180 days.", - "metadata": { - "event_code": "iam_service_account_unused", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Service Account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was not used over the last 180 days.", - "status_id": 1, - "unmapped": { - "related_url": "https://cloud.google.com/iam/docs/service-account-overview#identify-unused", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "MITRE-ATTACK": [ - "T1078" - ], - "NIS2": [ - "6.2.2.b", - "11.1.2.c", - "11.2.2.a", - "11.2.2.d", - "11.3.1", - "11.3.2.a", - "11.3.2.c", - "11.4.2.a", - "11.4.2.c", - "11.5.4" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901002, - "created_time_dt": "2025-10-19T19:10:02.363981", - "desc": "Ensure That There Are No Unused Service Accounts.", - "title": "Ensure That There Are No Unused Service Accounts", - "types": [], - "uid": "prowler-gcp-iam_service_account_unused-nodal-time-474015-p5-global-projects/nodal-time-474015-p5/serviceAccounts/test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "email": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "display_name": "CCC Test User: test-user-trusted", - "keys": [ - { - "name": "2be636359d12f2e126e0d77f6dfaa3ba883c97c6", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-12T13:15:46", - "valid_before": "2025-10-29T13:15:46" - }, - { - "name": "b42bff156412b21c8615812a79d72ba55d6bafb4", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:44", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "24a51f6716e116e4b0c095d727d4a101242b82a2", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "a9ef76bd9a4bf65183c4eca79577351caf8a8b9c", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:47", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "3ec34a6521569dd67684f27f37d1d6ab56db09dc", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:43", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c450c6187eeddc932b29ffd3d0f3e675bf53af62", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:45", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "da1ab7a5db1c4c450463dd8897ce39f496b0ad66", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "f69cf03d448314cf03036f08165420dfe98b3992", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:50", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "ce51dbe0ea021fb2e8124f86d8842546246040c1", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:51", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "9fb92292efcb6cf783f5b7ef3bc67a293bea8a33", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:52", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c0604742fabec0b925df21e0606a25c9e007f571", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:38:22", - "valid_before": "9999-12-31T23:59:59" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "101453138596815216260" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "projects/nodal-time-474015-p5/serviceAccounts/test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "type": "ServiceAccount", - "uid": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended to disable or remove unused Service Accounts.", - "references": [ - "https://cloud.google.com/iam/docs/service-account-overview#identify-unused" - ] - }, - "risk_details": "A malicious actor could make use of privilege escalation or impersonation to access an unused Service Account that is over-privileged.", - "time": 1760901002, - "time_dt": "2025-10-19T19:10:02.363981", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Service Account 784623368087-compute@developer.gserviceaccount.com was not used over the last 180 days.", - "metadata": { - "event_code": "iam_service_account_unused", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Service Account 784623368087-compute@developer.gserviceaccount.com was not used over the last 180 days.", - "status_id": 1, - "unmapped": { - "related_url": "https://cloud.google.com/iam/docs/service-account-overview#identify-unused", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "MITRE-ATTACK": [ - "T1078" - ], - "NIS2": [ - "6.2.2.b", - "11.1.2.c", - "11.2.2.a", - "11.2.2.d", - "11.3.1", - "11.3.2.a", - "11.3.2.c", - "11.4.2.a", - "11.4.2.c", - "11.5.4" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901002, - "created_time_dt": "2025-10-19T19:10:02.363981", - "desc": "Ensure That There Are No Unused Service Accounts.", - "title": "Ensure That There Are No Unused Service Accounts", - "types": [], - "uid": "prowler-gcp-iam_service_account_unused-nodal-time-474015-p5-global-projects/nodal-time-474015-p5/serviceAccounts/784623368087-compute@developer.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/784623368087-compute@developer.gserviceaccount.com", - "email": "784623368087-compute@developer.gserviceaccount.com", - "display_name": "Compute Engine default service account", - "keys": [ - { - "name": "202c306e41b020fefe81250bea563d31c07138e3", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-06T10:25:01", - "valid_before": "2025-10-23T10:25:01" - }, - { - "name": "93b9e85d69bcb0503b5a7696d8b3bf5855a91d37", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-15T10:25:01", - "valid_before": "2025-10-31T10:25:01" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "111974737467208838860" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "projects/nodal-time-474015-p5/serviceAccounts/784623368087-compute@developer.gserviceaccount.com", - "type": "ServiceAccount", - "uid": "784623368087-compute@developer.gserviceaccount.com" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended to disable or remove unused Service Accounts.", - "references": [ - "https://cloud.google.com/iam/docs/service-account-overview#identify-unused" - ] - }, - "risk_details": "A malicious actor could make use of privilege escalation or impersonation to access an unused Service Account that is over-privileged.", - "time": 1760901002, - "time_dt": "2025-10-19T19:10:02.363981", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Service Account vertex-ai-workbench-sa@nodal-time-474015-p5.iam.gserviceaccount.com was not used over the last 180 days.", - "metadata": { - "event_code": "iam_service_account_unused", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Service Account vertex-ai-workbench-sa@nodal-time-474015-p5.iam.gserviceaccount.com was not used over the last 180 days.", - "status_id": 1, - "unmapped": { - "related_url": "https://cloud.google.com/iam/docs/service-account-overview#identify-unused", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "MITRE-ATTACK": [ - "T1078" - ], - "NIS2": [ - "6.2.2.b", - "11.1.2.c", - "11.2.2.a", - "11.2.2.d", - "11.3.1", - "11.3.2.a", - "11.3.2.c", - "11.4.2.a", - "11.4.2.c", - "11.5.4" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901002, - "created_time_dt": "2025-10-19T19:10:02.363981", - "desc": "Ensure That There Are No Unused Service Accounts.", - "title": "Ensure That There Are No Unused Service Accounts", - "types": [], - "uid": "prowler-gcp-iam_service_account_unused-nodal-time-474015-p5-global-projects/nodal-time-474015-p5/serviceAccounts/vertex-ai-workbench-sa@nodal-time-474015-p5.iam.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/vertex-ai-workbench-sa@nodal-time-474015-p5.iam.gserviceaccount.com", - "email": "vertex-ai-workbench-sa@nodal-time-474015-p5.iam.gserviceaccount.com", - "display_name": "Vertex AI Workbench Service Account", - "keys": [ - { - "name": "92e39887344dae71e19dc25c005a53a68ceb62cb", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-16T23:21:52", - "valid_before": "2027-10-29T23:07:36" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "108352930858191263233" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "projects/nodal-time-474015-p5/serviceAccounts/vertex-ai-workbench-sa@nodal-time-474015-p5.iam.gserviceaccount.com", - "type": "ServiceAccount", - "uid": "vertex-ai-workbench-sa@nodal-time-474015-p5.iam.gserviceaccount.com" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended to disable or remove unused Service Accounts.", - "references": [ - "https://cloud.google.com/iam/docs/service-account-overview#identify-unused" - ] - }, - "risk_details": "A malicious actor could make use of privilege escalation or impersonation to access an unused Service Account that is over-privileged.", - "time": 1760901002, - "time_dt": "2025-10-19T19:10:02.363981", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Key cfi-bucket-key-13fa4761 is not exposed to Public.", - "metadata": { - "event_code": "kms_key_not_publicly_accessible", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Key cfi-bucket-key-13fa4761 is not exposed to Public.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.9" - ], - "ISO27001-2022": [ - "A.8.1", - "A.8.12", - "A.8.24" - ], - "ENS-RD2022": [ - "op.exp.10.gcp.kms.1" - ], - "PCI-4.0": [ - "10.3.3.6", - "3.5.1.1.7", - "3.5.1.1.8", - "3.5.1.3.15", - "3.5.1.3.16", - "3.5.1.5", - "3.5.1.15", - "3.5.1.16", - "3.5.1.17", - "3.5.1.31", - "3.5.1.32", - "3.5.1.35", - "3.6.1.2.7", - "3.6.1.2.8", - "3.6.1.3.7", - "3.6.1.3.8", - "3.6.1.4.7", - "3.6.1.4.8", - "3.6.1.7", - "3.6.1.8", - "3.7.1.8", - "3.7.1.9", - "3.7.2.7", - "3.7.2.8", - "3.7.4.5", - "3.7.4.8", - "3.7.4.9", - "3.7.5.2", - "3.7.6.7", - "3.7.6.8", - "3.7.7.7", - "3.7.7.8", - "4.2.1.1.20", - "4.2.1.1.21", - "7.2.1.9", - "7.2.1.10", - "7.2.2.9", - "7.2.2.10", - "7.2.3.5", - "7.2.3.6", - "7.2.5.5", - "7.2.5.6", - "7.3.1.5", - "7.3.1.6", - "7.3.2.5", - "7.3.2.6", - "7.3.3.5", - "7.3.3.6", - "8.2.7.5", - "8.2.7.6", - "8.2.8.7", - "8.2.8.8", - "8.3.2.9", - "8.3.2.24", - "8.3.2.50", - "8.3.2.51", - "8.3.2.53", - "8.3.2.54", - "8.3.4.5", - "8.3.4.6", - "A1.2.1.11" - ], - "MITRE-ATTACK": [ - "T1190" - ], - "CIS-2.0": [ - "1.9" - ], - "NIS2": [ - "9.2.c", - "9.2.c.i", - "9.2.c.iv", - "9.2.c.vi", - "9.2.c.xii", - "11.4.2.c", - "11.6.1" - ], - "ProwlerThreatScore-1.0": [ - "1.2.3" - ], - "CIS-4.0": [ - "1.9" - ], - "CCC": [ - "CCC.GenAI.CN03.AR01", - "CCC.GenAI.CN04.AR01", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR01", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN02.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04", - "CCC.Core.CN11.AR05", - "CCC.Core.CN11.AR06", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901002, - "created_time_dt": "2025-10-19T19:10:02.363981", - "desc": "Check for Publicly Accessible Cloud KMS Keys", - "title": "Check for Publicly Accessible Cloud KMS Keys", - "types": [], - "uid": "prowler-gcp-kms_key_not_publicly_accessible-nodal-time-474015-p5-us-central1-cfi-bucket-key-13fa4761" - }, - "resources": [ - { - "region": "us-central1", - "data": { - "details": "", - "metadata": { - "id": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-13fa4761/cryptoKeys/cfi-bucket-key-13fa4761", - "name": "cfi-bucket-key-13fa4761", - "location": "us-central1", - "rotation_period": null, - "next_rotation_time": null, - "key_ring": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-13fa4761", - "members": [], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "cfi-bucket-key-13fa4761", - "type": "CryptoKey", - "uid": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-13fa4761/cryptoKeys/cfi-bucket-key-13fa4761" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-central1" - }, - "remediation": { - "desc": "To deny access from anonymous and public users, remove the bindings for 'allUsers' and 'allAuthenticatedUsers' members from the KMS key's IAM policy.", - "references": [ - "https://cloud.google.com/kms/docs/iam" - ] - }, - "risk_details": "Ensure that the IAM policy associated with your Cloud Key Management Service (KMS) keys is restricting anonymous and/or public access", - "time": 1760901002, - "time_dt": "2025-10-19T19:10:02.363981", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Key cfi-bucket-key-1c7d7a2a is not exposed to Public.", - "metadata": { - "event_code": "kms_key_not_publicly_accessible", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Key cfi-bucket-key-1c7d7a2a is not exposed to Public.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.9" - ], - "ISO27001-2022": [ - "A.8.1", - "A.8.12", - "A.8.24" - ], - "ENS-RD2022": [ - "op.exp.10.gcp.kms.1" - ], - "PCI-4.0": [ - "10.3.3.6", - "3.5.1.1.7", - "3.5.1.1.8", - "3.5.1.3.15", - "3.5.1.3.16", - "3.5.1.5", - "3.5.1.15", - "3.5.1.16", - "3.5.1.17", - "3.5.1.31", - "3.5.1.32", - "3.5.1.35", - "3.6.1.2.7", - "3.6.1.2.8", - "3.6.1.3.7", - "3.6.1.3.8", - "3.6.1.4.7", - "3.6.1.4.8", - "3.6.1.7", - "3.6.1.8", - "3.7.1.8", - "3.7.1.9", - "3.7.2.7", - "3.7.2.8", - "3.7.4.5", - "3.7.4.8", - "3.7.4.9", - "3.7.5.2", - "3.7.6.7", - "3.7.6.8", - "3.7.7.7", - "3.7.7.8", - "4.2.1.1.20", - "4.2.1.1.21", - "7.2.1.9", - "7.2.1.10", - "7.2.2.9", - "7.2.2.10", - "7.2.3.5", - "7.2.3.6", - "7.2.5.5", - "7.2.5.6", - "7.3.1.5", - "7.3.1.6", - "7.3.2.5", - "7.3.2.6", - "7.3.3.5", - "7.3.3.6", - "8.2.7.5", - "8.2.7.6", - "8.2.8.7", - "8.2.8.8", - "8.3.2.9", - "8.3.2.24", - "8.3.2.50", - "8.3.2.51", - "8.3.2.53", - "8.3.2.54", - "8.3.4.5", - "8.3.4.6", - "A1.2.1.11" - ], - "MITRE-ATTACK": [ - "T1190" - ], - "CIS-2.0": [ - "1.9" - ], - "NIS2": [ - "9.2.c", - "9.2.c.i", - "9.2.c.iv", - "9.2.c.vi", - "9.2.c.xii", - "11.4.2.c", - "11.6.1" - ], - "ProwlerThreatScore-1.0": [ - "1.2.3" - ], - "CIS-4.0": [ - "1.9" - ], - "CCC": [ - "CCC.GenAI.CN03.AR01", - "CCC.GenAI.CN04.AR01", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR01", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN02.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04", - "CCC.Core.CN11.AR05", - "CCC.Core.CN11.AR06", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901002, - "created_time_dt": "2025-10-19T19:10:02.363981", - "desc": "Check for Publicly Accessible Cloud KMS Keys", - "title": "Check for Publicly Accessible Cloud KMS Keys", - "types": [], - "uid": "prowler-gcp-kms_key_not_publicly_accessible-nodal-time-474015-p5-us-central1-cfi-bucket-key-1c7d7a2a" - }, - "resources": [ - { - "region": "us-central1", - "data": { - "details": "", - "metadata": { - "id": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-1c7d7a2a/cryptoKeys/cfi-bucket-key-1c7d7a2a", - "name": "cfi-bucket-key-1c7d7a2a", - "location": "us-central1", - "rotation_period": null, - "next_rotation_time": null, - "key_ring": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-1c7d7a2a", - "members": [], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "cfi-bucket-key-1c7d7a2a", - "type": "CryptoKey", - "uid": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-1c7d7a2a/cryptoKeys/cfi-bucket-key-1c7d7a2a" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-central1" - }, - "remediation": { - "desc": "To deny access from anonymous and public users, remove the bindings for 'allUsers' and 'allAuthenticatedUsers' members from the KMS key's IAM policy.", - "references": [ - "https://cloud.google.com/kms/docs/iam" - ] - }, - "risk_details": "Ensure that the IAM policy associated with your Cloud Key Management Service (KMS) keys is restricting anonymous and/or public access", - "time": 1760901002, - "time_dt": "2025-10-19T19:10:02.363981", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Key cfi-bucket-key-1fba850e is not exposed to Public.", - "metadata": { - "event_code": "kms_key_not_publicly_accessible", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Key cfi-bucket-key-1fba850e is not exposed to Public.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.9" - ], - "ISO27001-2022": [ - "A.8.1", - "A.8.12", - "A.8.24" - ], - "ENS-RD2022": [ - "op.exp.10.gcp.kms.1" - ], - "PCI-4.0": [ - "10.3.3.6", - "3.5.1.1.7", - "3.5.1.1.8", - "3.5.1.3.15", - "3.5.1.3.16", - "3.5.1.5", - "3.5.1.15", - "3.5.1.16", - "3.5.1.17", - "3.5.1.31", - "3.5.1.32", - "3.5.1.35", - "3.6.1.2.7", - "3.6.1.2.8", - "3.6.1.3.7", - "3.6.1.3.8", - "3.6.1.4.7", - "3.6.1.4.8", - "3.6.1.7", - "3.6.1.8", - "3.7.1.8", - "3.7.1.9", - "3.7.2.7", - "3.7.2.8", - "3.7.4.5", - "3.7.4.8", - "3.7.4.9", - "3.7.5.2", - "3.7.6.7", - "3.7.6.8", - "3.7.7.7", - "3.7.7.8", - "4.2.1.1.20", - "4.2.1.1.21", - "7.2.1.9", - "7.2.1.10", - "7.2.2.9", - "7.2.2.10", - "7.2.3.5", - "7.2.3.6", - "7.2.5.5", - "7.2.5.6", - "7.3.1.5", - "7.3.1.6", - "7.3.2.5", - "7.3.2.6", - "7.3.3.5", - "7.3.3.6", - "8.2.7.5", - "8.2.7.6", - "8.2.8.7", - "8.2.8.8", - "8.3.2.9", - "8.3.2.24", - "8.3.2.50", - "8.3.2.51", - "8.3.2.53", - "8.3.2.54", - "8.3.4.5", - "8.3.4.6", - "A1.2.1.11" - ], - "MITRE-ATTACK": [ - "T1190" - ], - "CIS-2.0": [ - "1.9" - ], - "NIS2": [ - "9.2.c", - "9.2.c.i", - "9.2.c.iv", - "9.2.c.vi", - "9.2.c.xii", - "11.4.2.c", - "11.6.1" - ], - "ProwlerThreatScore-1.0": [ - "1.2.3" - ], - "CIS-4.0": [ - "1.9" - ], - "CCC": [ - "CCC.GenAI.CN03.AR01", - "CCC.GenAI.CN04.AR01", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR01", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN02.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04", - "CCC.Core.CN11.AR05", - "CCC.Core.CN11.AR06", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901002, - "created_time_dt": "2025-10-19T19:10:02.363981", - "desc": "Check for Publicly Accessible Cloud KMS Keys", - "title": "Check for Publicly Accessible Cloud KMS Keys", - "types": [], - "uid": "prowler-gcp-kms_key_not_publicly_accessible-nodal-time-474015-p5-us-central1-cfi-bucket-key-1fba850e" - }, - "resources": [ - { - "region": "us-central1", - "data": { - "details": "", - "metadata": { - "id": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-1fba850e/cryptoKeys/cfi-bucket-key-1fba850e", - "name": "cfi-bucket-key-1fba850e", - "location": "us-central1", - "rotation_period": "2592000s", - "next_rotation_time": "2025-11-15T23:25:31.957183Z", - "key_ring": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-1fba850e", - "members": [], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "cfi-bucket-key-1fba850e", - "type": "CryptoKey", - "uid": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-1fba850e/cryptoKeys/cfi-bucket-key-1fba850e" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-central1" - }, - "remediation": { - "desc": "To deny access from anonymous and public users, remove the bindings for 'allUsers' and 'allAuthenticatedUsers' members from the KMS key's IAM policy.", - "references": [ - "https://cloud.google.com/kms/docs/iam" - ] - }, - "risk_details": "Ensure that the IAM policy associated with your Cloud Key Management Service (KMS) keys is restricting anonymous and/or public access", - "time": 1760901002, - "time_dt": "2025-10-19T19:10:02.363981", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Key cfi-bucket-key-4cd10935 is not exposed to Public.", - "metadata": { - "event_code": "kms_key_not_publicly_accessible", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Key cfi-bucket-key-4cd10935 is not exposed to Public.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.9" - ], - "ISO27001-2022": [ - "A.8.1", - "A.8.12", - "A.8.24" - ], - "ENS-RD2022": [ - "op.exp.10.gcp.kms.1" - ], - "PCI-4.0": [ - "10.3.3.6", - "3.5.1.1.7", - "3.5.1.1.8", - "3.5.1.3.15", - "3.5.1.3.16", - "3.5.1.5", - "3.5.1.15", - "3.5.1.16", - "3.5.1.17", - "3.5.1.31", - "3.5.1.32", - "3.5.1.35", - "3.6.1.2.7", - "3.6.1.2.8", - "3.6.1.3.7", - "3.6.1.3.8", - "3.6.1.4.7", - "3.6.1.4.8", - "3.6.1.7", - "3.6.1.8", - "3.7.1.8", - "3.7.1.9", - "3.7.2.7", - "3.7.2.8", - "3.7.4.5", - "3.7.4.8", - "3.7.4.9", - "3.7.5.2", - "3.7.6.7", - "3.7.6.8", - "3.7.7.7", - "3.7.7.8", - "4.2.1.1.20", - "4.2.1.1.21", - "7.2.1.9", - "7.2.1.10", - "7.2.2.9", - "7.2.2.10", - "7.2.3.5", - "7.2.3.6", - "7.2.5.5", - "7.2.5.6", - "7.3.1.5", - "7.3.1.6", - "7.3.2.5", - "7.3.2.6", - "7.3.3.5", - "7.3.3.6", - "8.2.7.5", - "8.2.7.6", - "8.2.8.7", - "8.2.8.8", - "8.3.2.9", - "8.3.2.24", - "8.3.2.50", - "8.3.2.51", - "8.3.2.53", - "8.3.2.54", - "8.3.4.5", - "8.3.4.6", - "A1.2.1.11" - ], - "MITRE-ATTACK": [ - "T1190" - ], - "CIS-2.0": [ - "1.9" - ], - "NIS2": [ - "9.2.c", - "9.2.c.i", - "9.2.c.iv", - "9.2.c.vi", - "9.2.c.xii", - "11.4.2.c", - "11.6.1" - ], - "ProwlerThreatScore-1.0": [ - "1.2.3" - ], - "CIS-4.0": [ - "1.9" - ], - "CCC": [ - "CCC.GenAI.CN03.AR01", - "CCC.GenAI.CN04.AR01", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR01", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN02.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04", - "CCC.Core.CN11.AR05", - "CCC.Core.CN11.AR06", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901002, - "created_time_dt": "2025-10-19T19:10:02.363981", - "desc": "Check for Publicly Accessible Cloud KMS Keys", - "title": "Check for Publicly Accessible Cloud KMS Keys", - "types": [], - "uid": "prowler-gcp-kms_key_not_publicly_accessible-nodal-time-474015-p5-us-central1-cfi-bucket-key-4cd10935" - }, - "resources": [ - { - "region": "us-central1", - "data": { - "details": "", - "metadata": { - "id": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-4cd10935/cryptoKeys/cfi-bucket-key-4cd10935", - "name": "cfi-bucket-key-4cd10935", - "location": "us-central1", - "rotation_period": null, - "next_rotation_time": null, - "key_ring": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-4cd10935", - "members": [], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "cfi-bucket-key-4cd10935", - "type": "CryptoKey", - "uid": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-4cd10935/cryptoKeys/cfi-bucket-key-4cd10935" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-central1" - }, - "remediation": { - "desc": "To deny access from anonymous and public users, remove the bindings for 'allUsers' and 'allAuthenticatedUsers' members from the KMS key's IAM policy.", - "references": [ - "https://cloud.google.com/kms/docs/iam" - ] - }, - "risk_details": "Ensure that the IAM policy associated with your Cloud Key Management Service (KMS) keys is restricting anonymous and/or public access", - "time": 1760901002, - "time_dt": "2025-10-19T19:10:02.363981", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Key cfi-bucket-key-7a427af0 is not exposed to Public.", - "metadata": { - "event_code": "kms_key_not_publicly_accessible", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Key cfi-bucket-key-7a427af0 is not exposed to Public.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.9" - ], - "ISO27001-2022": [ - "A.8.1", - "A.8.12", - "A.8.24" - ], - "ENS-RD2022": [ - "op.exp.10.gcp.kms.1" - ], - "PCI-4.0": [ - "10.3.3.6", - "3.5.1.1.7", - "3.5.1.1.8", - "3.5.1.3.15", - "3.5.1.3.16", - "3.5.1.5", - "3.5.1.15", - "3.5.1.16", - "3.5.1.17", - "3.5.1.31", - "3.5.1.32", - "3.5.1.35", - "3.6.1.2.7", - "3.6.1.2.8", - "3.6.1.3.7", - "3.6.1.3.8", - "3.6.1.4.7", - "3.6.1.4.8", - "3.6.1.7", - "3.6.1.8", - "3.7.1.8", - "3.7.1.9", - "3.7.2.7", - "3.7.2.8", - "3.7.4.5", - "3.7.4.8", - "3.7.4.9", - "3.7.5.2", - "3.7.6.7", - "3.7.6.8", - "3.7.7.7", - "3.7.7.8", - "4.2.1.1.20", - "4.2.1.1.21", - "7.2.1.9", - "7.2.1.10", - "7.2.2.9", - "7.2.2.10", - "7.2.3.5", - "7.2.3.6", - "7.2.5.5", - "7.2.5.6", - "7.3.1.5", - "7.3.1.6", - "7.3.2.5", - "7.3.2.6", - "7.3.3.5", - "7.3.3.6", - "8.2.7.5", - "8.2.7.6", - "8.2.8.7", - "8.2.8.8", - "8.3.2.9", - "8.3.2.24", - "8.3.2.50", - "8.3.2.51", - "8.3.2.53", - "8.3.2.54", - "8.3.4.5", - "8.3.4.6", - "A1.2.1.11" - ], - "MITRE-ATTACK": [ - "T1190" - ], - "CIS-2.0": [ - "1.9" - ], - "NIS2": [ - "9.2.c", - "9.2.c.i", - "9.2.c.iv", - "9.2.c.vi", - "9.2.c.xii", - "11.4.2.c", - "11.6.1" - ], - "ProwlerThreatScore-1.0": [ - "1.2.3" - ], - "CIS-4.0": [ - "1.9" - ], - "CCC": [ - "CCC.GenAI.CN03.AR01", - "CCC.GenAI.CN04.AR01", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR01", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN02.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04", - "CCC.Core.CN11.AR05", - "CCC.Core.CN11.AR06", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901002, - "created_time_dt": "2025-10-19T19:10:02.363981", - "desc": "Check for Publicly Accessible Cloud KMS Keys", - "title": "Check for Publicly Accessible Cloud KMS Keys", - "types": [], - "uid": "prowler-gcp-kms_key_not_publicly_accessible-nodal-time-474015-p5-us-central1-cfi-bucket-key-7a427af0" - }, - "resources": [ - { - "region": "us-central1", - "data": { - "details": "", - "metadata": { - "id": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-7a427af0/cryptoKeys/cfi-bucket-key-7a427af0", - "name": "cfi-bucket-key-7a427af0", - "location": "us-central1", - "rotation_period": "2592000s", - "next_rotation_time": "2025-11-16T15:28:10.344444Z", - "key_ring": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-7a427af0", - "members": [], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "cfi-bucket-key-7a427af0", - "type": "CryptoKey", - "uid": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-7a427af0/cryptoKeys/cfi-bucket-key-7a427af0" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-central1" - }, - "remediation": { - "desc": "To deny access from anonymous and public users, remove the bindings for 'allUsers' and 'allAuthenticatedUsers' members from the KMS key's IAM policy.", - "references": [ - "https://cloud.google.com/kms/docs/iam" - ] - }, - "risk_details": "Ensure that the IAM policy associated with your Cloud Key Management Service (KMS) keys is restricting anonymous and/or public access", - "time": 1760901002, - "time_dt": "2025-10-19T19:10:02.363981", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Key cfi-bucket-key-a03be2ac is not exposed to Public.", - "metadata": { - "event_code": "kms_key_not_publicly_accessible", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Key cfi-bucket-key-a03be2ac is not exposed to Public.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.9" - ], - "ISO27001-2022": [ - "A.8.1", - "A.8.12", - "A.8.24" - ], - "ENS-RD2022": [ - "op.exp.10.gcp.kms.1" - ], - "PCI-4.0": [ - "10.3.3.6", - "3.5.1.1.7", - "3.5.1.1.8", - "3.5.1.3.15", - "3.5.1.3.16", - "3.5.1.5", - "3.5.1.15", - "3.5.1.16", - "3.5.1.17", - "3.5.1.31", - "3.5.1.32", - "3.5.1.35", - "3.6.1.2.7", - "3.6.1.2.8", - "3.6.1.3.7", - "3.6.1.3.8", - "3.6.1.4.7", - "3.6.1.4.8", - "3.6.1.7", - "3.6.1.8", - "3.7.1.8", - "3.7.1.9", - "3.7.2.7", - "3.7.2.8", - "3.7.4.5", - "3.7.4.8", - "3.7.4.9", - "3.7.5.2", - "3.7.6.7", - "3.7.6.8", - "3.7.7.7", - "3.7.7.8", - "4.2.1.1.20", - "4.2.1.1.21", - "7.2.1.9", - "7.2.1.10", - "7.2.2.9", - "7.2.2.10", - "7.2.3.5", - "7.2.3.6", - "7.2.5.5", - "7.2.5.6", - "7.3.1.5", - "7.3.1.6", - "7.3.2.5", - "7.3.2.6", - "7.3.3.5", - "7.3.3.6", - "8.2.7.5", - "8.2.7.6", - "8.2.8.7", - "8.2.8.8", - "8.3.2.9", - "8.3.2.24", - "8.3.2.50", - "8.3.2.51", - "8.3.2.53", - "8.3.2.54", - "8.3.4.5", - "8.3.4.6", - "A1.2.1.11" - ], - "MITRE-ATTACK": [ - "T1190" - ], - "CIS-2.0": [ - "1.9" - ], - "NIS2": [ - "9.2.c", - "9.2.c.i", - "9.2.c.iv", - "9.2.c.vi", - "9.2.c.xii", - "11.4.2.c", - "11.6.1" - ], - "ProwlerThreatScore-1.0": [ - "1.2.3" - ], - "CIS-4.0": [ - "1.9" - ], - "CCC": [ - "CCC.GenAI.CN03.AR01", - "CCC.GenAI.CN04.AR01", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR01", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN02.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04", - "CCC.Core.CN11.AR05", - "CCC.Core.CN11.AR06", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901002, - "created_time_dt": "2025-10-19T19:10:02.363981", - "desc": "Check for Publicly Accessible Cloud KMS Keys", - "title": "Check for Publicly Accessible Cloud KMS Keys", - "types": [], - "uid": "prowler-gcp-kms_key_not_publicly_accessible-nodal-time-474015-p5-us-central1-cfi-bucket-key-a03be2ac" - }, - "resources": [ - { - "region": "us-central1", - "data": { - "details": "", - "metadata": { - "id": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-a03be2ac/cryptoKeys/cfi-bucket-key-a03be2ac", - "name": "cfi-bucket-key-a03be2ac", - "location": "us-central1", - "rotation_period": null, - "next_rotation_time": null, - "key_ring": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-a03be2ac", - "members": [], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "cfi-bucket-key-a03be2ac", - "type": "CryptoKey", - "uid": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-a03be2ac/cryptoKeys/cfi-bucket-key-a03be2ac" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-central1" - }, - "remediation": { - "desc": "To deny access from anonymous and public users, remove the bindings for 'allUsers' and 'allAuthenticatedUsers' members from the KMS key's IAM policy.", - "references": [ - "https://cloud.google.com/kms/docs/iam" - ] - }, - "risk_details": "Ensure that the IAM policy associated with your Cloud Key Management Service (KMS) keys is restricting anonymous and/or public access", - "time": 1760901002, - "time_dt": "2025-10-19T19:10:02.363981", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Key cfi-bucket-key-a1aaa547 is not exposed to Public.", - "metadata": { - "event_code": "kms_key_not_publicly_accessible", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Key cfi-bucket-key-a1aaa547 is not exposed to Public.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.9" - ], - "ISO27001-2022": [ - "A.8.1", - "A.8.12", - "A.8.24" - ], - "ENS-RD2022": [ - "op.exp.10.gcp.kms.1" - ], - "PCI-4.0": [ - "10.3.3.6", - "3.5.1.1.7", - "3.5.1.1.8", - "3.5.1.3.15", - "3.5.1.3.16", - "3.5.1.5", - "3.5.1.15", - "3.5.1.16", - "3.5.1.17", - "3.5.1.31", - "3.5.1.32", - "3.5.1.35", - "3.6.1.2.7", - "3.6.1.2.8", - "3.6.1.3.7", - "3.6.1.3.8", - "3.6.1.4.7", - "3.6.1.4.8", - "3.6.1.7", - "3.6.1.8", - "3.7.1.8", - "3.7.1.9", - "3.7.2.7", - "3.7.2.8", - "3.7.4.5", - "3.7.4.8", - "3.7.4.9", - "3.7.5.2", - "3.7.6.7", - "3.7.6.8", - "3.7.7.7", - "3.7.7.8", - "4.2.1.1.20", - "4.2.1.1.21", - "7.2.1.9", - "7.2.1.10", - "7.2.2.9", - "7.2.2.10", - "7.2.3.5", - "7.2.3.6", - "7.2.5.5", - "7.2.5.6", - "7.3.1.5", - "7.3.1.6", - "7.3.2.5", - "7.3.2.6", - "7.3.3.5", - "7.3.3.6", - "8.2.7.5", - "8.2.7.6", - "8.2.8.7", - "8.2.8.8", - "8.3.2.9", - "8.3.2.24", - "8.3.2.50", - "8.3.2.51", - "8.3.2.53", - "8.3.2.54", - "8.3.4.5", - "8.3.4.6", - "A1.2.1.11" - ], - "MITRE-ATTACK": [ - "T1190" - ], - "CIS-2.0": [ - "1.9" - ], - "NIS2": [ - "9.2.c", - "9.2.c.i", - "9.2.c.iv", - "9.2.c.vi", - "9.2.c.xii", - "11.4.2.c", - "11.6.1" - ], - "ProwlerThreatScore-1.0": [ - "1.2.3" - ], - "CIS-4.0": [ - "1.9" - ], - "CCC": [ - "CCC.GenAI.CN03.AR01", - "CCC.GenAI.CN04.AR01", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR01", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN02.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04", - "CCC.Core.CN11.AR05", - "CCC.Core.CN11.AR06", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901002, - "created_time_dt": "2025-10-19T19:10:02.363981", - "desc": "Check for Publicly Accessible Cloud KMS Keys", - "title": "Check for Publicly Accessible Cloud KMS Keys", - "types": [], - "uid": "prowler-gcp-kms_key_not_publicly_accessible-nodal-time-474015-p5-us-central1-cfi-bucket-key-a1aaa547" - }, - "resources": [ - { - "region": "us-central1", - "data": { - "details": "", - "metadata": { - "id": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-a1aaa547/cryptoKeys/cfi-bucket-key-a1aaa547", - "name": "cfi-bucket-key-a1aaa547", - "location": "us-central1", - "rotation_period": "2592000s", - "next_rotation_time": "2025-11-16T00:25:56.259471Z", - "key_ring": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-a1aaa547", - "members": [], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "cfi-bucket-key-a1aaa547", - "type": "CryptoKey", - "uid": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-a1aaa547/cryptoKeys/cfi-bucket-key-a1aaa547" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-central1" - }, - "remediation": { - "desc": "To deny access from anonymous and public users, remove the bindings for 'allUsers' and 'allAuthenticatedUsers' members from the KMS key's IAM policy.", - "references": [ - "https://cloud.google.com/kms/docs/iam" - ] - }, - "risk_details": "Ensure that the IAM policy associated with your Cloud Key Management Service (KMS) keys is restricting anonymous and/or public access", - "time": 1760901002, - "time_dt": "2025-10-19T19:10:02.363981", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Key cfi-bucket-key-e7619e1f is not exposed to Public.", - "metadata": { - "event_code": "kms_key_not_publicly_accessible", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Key cfi-bucket-key-e7619e1f is not exposed to Public.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.9" - ], - "ISO27001-2022": [ - "A.8.1", - "A.8.12", - "A.8.24" - ], - "ENS-RD2022": [ - "op.exp.10.gcp.kms.1" - ], - "PCI-4.0": [ - "10.3.3.6", - "3.5.1.1.7", - "3.5.1.1.8", - "3.5.1.3.15", - "3.5.1.3.16", - "3.5.1.5", - "3.5.1.15", - "3.5.1.16", - "3.5.1.17", - "3.5.1.31", - "3.5.1.32", - "3.5.1.35", - "3.6.1.2.7", - "3.6.1.2.8", - "3.6.1.3.7", - "3.6.1.3.8", - "3.6.1.4.7", - "3.6.1.4.8", - "3.6.1.7", - "3.6.1.8", - "3.7.1.8", - "3.7.1.9", - "3.7.2.7", - "3.7.2.8", - "3.7.4.5", - "3.7.4.8", - "3.7.4.9", - "3.7.5.2", - "3.7.6.7", - "3.7.6.8", - "3.7.7.7", - "3.7.7.8", - "4.2.1.1.20", - "4.2.1.1.21", - "7.2.1.9", - "7.2.1.10", - "7.2.2.9", - "7.2.2.10", - "7.2.3.5", - "7.2.3.6", - "7.2.5.5", - "7.2.5.6", - "7.3.1.5", - "7.3.1.6", - "7.3.2.5", - "7.3.2.6", - "7.3.3.5", - "7.3.3.6", - "8.2.7.5", - "8.2.7.6", - "8.2.8.7", - "8.2.8.8", - "8.3.2.9", - "8.3.2.24", - "8.3.2.50", - "8.3.2.51", - "8.3.2.53", - "8.3.2.54", - "8.3.4.5", - "8.3.4.6", - "A1.2.1.11" - ], - "MITRE-ATTACK": [ - "T1190" - ], - "CIS-2.0": [ - "1.9" - ], - "NIS2": [ - "9.2.c", - "9.2.c.i", - "9.2.c.iv", - "9.2.c.vi", - "9.2.c.xii", - "11.4.2.c", - "11.6.1" - ], - "ProwlerThreatScore-1.0": [ - "1.2.3" - ], - "CIS-4.0": [ - "1.9" - ], - "CCC": [ - "CCC.GenAI.CN03.AR01", - "CCC.GenAI.CN04.AR01", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR01", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN02.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04", - "CCC.Core.CN11.AR05", - "CCC.Core.CN11.AR06", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901002, - "created_time_dt": "2025-10-19T19:10:02.363981", - "desc": "Check for Publicly Accessible Cloud KMS Keys", - "title": "Check for Publicly Accessible Cloud KMS Keys", - "types": [], - "uid": "prowler-gcp-kms_key_not_publicly_accessible-nodal-time-474015-p5-us-central1-cfi-bucket-key-e7619e1f" - }, - "resources": [ - { - "region": "us-central1", - "data": { - "details": "", - "metadata": { - "id": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-e7619e1f/cryptoKeys/cfi-bucket-key-e7619e1f", - "name": "cfi-bucket-key-e7619e1f", - "location": "us-central1", - "rotation_period": null, - "next_rotation_time": null, - "key_ring": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-e7619e1f", - "members": [], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "cfi-bucket-key-e7619e1f", - "type": "CryptoKey", - "uid": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-e7619e1f/cryptoKeys/cfi-bucket-key-e7619e1f" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-central1" - }, - "remediation": { - "desc": "To deny access from anonymous and public users, remove the bindings for 'allUsers' and 'allAuthenticatedUsers' members from the KMS key's IAM policy.", - "references": [ - "https://cloud.google.com/kms/docs/iam" - ] - }, - "risk_details": "Ensure that the IAM policy associated with your Cloud Key Management Service (KMS) keys is restricting anonymous and/or public access", - "time": 1760901002, - "time_dt": "2025-10-19T19:10:02.363981", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Key cfi-bucket-key-f5bc86ea is not exposed to Public.", - "metadata": { - "event_code": "kms_key_not_publicly_accessible", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Key cfi-bucket-key-f5bc86ea is not exposed to Public.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.9" - ], - "ISO27001-2022": [ - "A.8.1", - "A.8.12", - "A.8.24" - ], - "ENS-RD2022": [ - "op.exp.10.gcp.kms.1" - ], - "PCI-4.0": [ - "10.3.3.6", - "3.5.1.1.7", - "3.5.1.1.8", - "3.5.1.3.15", - "3.5.1.3.16", - "3.5.1.5", - "3.5.1.15", - "3.5.1.16", - "3.5.1.17", - "3.5.1.31", - "3.5.1.32", - "3.5.1.35", - "3.6.1.2.7", - "3.6.1.2.8", - "3.6.1.3.7", - "3.6.1.3.8", - "3.6.1.4.7", - "3.6.1.4.8", - "3.6.1.7", - "3.6.1.8", - "3.7.1.8", - "3.7.1.9", - "3.7.2.7", - "3.7.2.8", - "3.7.4.5", - "3.7.4.8", - "3.7.4.9", - "3.7.5.2", - "3.7.6.7", - "3.7.6.8", - "3.7.7.7", - "3.7.7.8", - "4.2.1.1.20", - "4.2.1.1.21", - "7.2.1.9", - "7.2.1.10", - "7.2.2.9", - "7.2.2.10", - "7.2.3.5", - "7.2.3.6", - "7.2.5.5", - "7.2.5.6", - "7.3.1.5", - "7.3.1.6", - "7.3.2.5", - "7.3.2.6", - "7.3.3.5", - "7.3.3.6", - "8.2.7.5", - "8.2.7.6", - "8.2.8.7", - "8.2.8.8", - "8.3.2.9", - "8.3.2.24", - "8.3.2.50", - "8.3.2.51", - "8.3.2.53", - "8.3.2.54", - "8.3.4.5", - "8.3.4.6", - "A1.2.1.11" - ], - "MITRE-ATTACK": [ - "T1190" - ], - "CIS-2.0": [ - "1.9" - ], - "NIS2": [ - "9.2.c", - "9.2.c.i", - "9.2.c.iv", - "9.2.c.vi", - "9.2.c.xii", - "11.4.2.c", - "11.6.1" - ], - "ProwlerThreatScore-1.0": [ - "1.2.3" - ], - "CIS-4.0": [ - "1.9" - ], - "CCC": [ - "CCC.GenAI.CN03.AR01", - "CCC.GenAI.CN04.AR01", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR01", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN02.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04", - "CCC.Core.CN11.AR05", - "CCC.Core.CN11.AR06", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901002, - "created_time_dt": "2025-10-19T19:10:02.363981", - "desc": "Check for Publicly Accessible Cloud KMS Keys", - "title": "Check for Publicly Accessible Cloud KMS Keys", - "types": [], - "uid": "prowler-gcp-kms_key_not_publicly_accessible-nodal-time-474015-p5-us-central1-cfi-bucket-key-f5bc86ea" - }, - "resources": [ - { - "region": "us-central1", - "data": { - "details": "", - "metadata": { - "id": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-f5bc86ea/cryptoKeys/cfi-bucket-key-f5bc86ea", - "name": "cfi-bucket-key-f5bc86ea", - "location": "us-central1", - "rotation_period": null, - "next_rotation_time": null, - "key_ring": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-f5bc86ea", - "members": [], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "cfi-bucket-key-f5bc86ea", - "type": "CryptoKey", - "uid": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-f5bc86ea/cryptoKeys/cfi-bucket-key-f5bc86ea" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-central1" - }, - "remediation": { - "desc": "To deny access from anonymous and public users, remove the bindings for 'allUsers' and 'allAuthenticatedUsers' members from the KMS key's IAM policy.", - "references": [ - "https://cloud.google.com/kms/docs/iam" - ] - }, - "risk_details": "Ensure that the IAM policy associated with your Cloud Key Management Service (KMS) keys is restricting anonymous and/or public access", - "time": 1760901002, - "time_dt": "2025-10-19T19:10:02.363981", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Key cfi-bucket-key-13fa4761 is not rotated every 90 days or less and the next rotation time is in more than 90 days.", - "metadata": { - "event_code": "kms_key_rotation_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "Key cfi-bucket-key-13fa4761 is not rotated every 90 days or less and the next rotation time is in more than 90 days.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.10" - ], - "ISO27001-2022": [ - "A.5.16", - "A.8.12", - "A.8.24" - ], - "ENS-RD2022": [ - "op.acc.6.r1.gcp.ip.1" - ], - "PCI-4.0": [ - "10.3.3.6", - "3.5.1.1.7", - "3.5.1.1.8", - "3.5.1.1.9", - "3.5.1.3.15", - "3.5.1.3.16", - "3.5.1.3.17", - "3.5.1.5", - "3.5.1.15", - "3.5.1.31", - "3.5.1.32", - "3.6.1.2.7", - "3.6.1.2.8", - "3.6.1.2.9", - "3.6.1.3.8", - "3.6.1.3.9", - "3.6.1.4.7", - "3.6.1.4.8", - "3.6.1.4.9", - "3.6.1.7", - "3.6.1.8", - "3.6.1.9", - "3.7.1.9", - "3.7.1.10", - "3.7.2.8", - "3.7.2.9", - "3.7.4.5", - "3.7.4.9", - "3.7.4.10", - "3.7.5.2", - "3.7.6.7", - "3.7.6.8", - "3.7.6.9", - "3.7.7.8", - "3.7.7.9", - "4.2.1.1.20", - "4.2.1.1.21", - "4.2.1.1.22", - "7.2.1.10", - "7.2.2.10", - "7.2.3.5", - "7.2.3.6", - "7.2.5.5", - "7.2.5.6", - "7.3.1.5", - "7.3.1.6", - "7.3.2.6", - "7.3.3.5", - "7.3.3.6", - "8.2.7.5", - "8.2.7.6", - "8.2.8.8", - "8.3.10.1.1", - "8.3.2.9", - "8.3.2.22", - "8.3.2.50", - "8.3.2.51", - "8.3.4.6", - "8.3.5.1", - "8.3.7.1", - "8.3.9.1", - "8.6.3.1", - "A1.2.1.11" - ], - "CIS-2.0": [ - "1.10" - ], - "NIS2": [ - "9.2.c", - "9.2.c.i", - "9.2.c.ii", - "9.2.c.v", - "9.2.c.vi", - "9.2.c.xii", - "11.4.2.c", - "11.6.1", - "11.6.2.c", - "12.2.2.a", - "12.2.2.b" - ], - "ProwlerThreatScore-1.0": [ - "1.2.4" - ], - "CIS-4.0": [ - "1.10" - ], - "CCC": [ - "CCC.GenAI.CN08.AR01", - "CCC.KeyMgmt.CN03.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR01", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.Core.CN13.AR03", - "CCC.Core.CN02.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04", - "CCC.Core.CN11.AR05", - "CCC.Core.CN11.AR06", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901002, - "created_time_dt": "2025-10-19T19:10:02.363981", - "desc": "Ensure KMS keys are rotated within a period of 90 days", - "title": "Ensure KMS keys are rotated within a period of 90 days", - "types": [], - "uid": "prowler-gcp-kms_key_rotation_enabled-nodal-time-474015-p5-us-central1-cfi-bucket-key-13fa4761" - }, - "resources": [ - { - "region": "us-central1", - "data": { - "details": "", - "metadata": { - "id": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-13fa4761/cryptoKeys/cfi-bucket-key-13fa4761", - "name": "cfi-bucket-key-13fa4761", - "location": "us-central1", - "rotation_period": null, - "next_rotation_time": null, - "key_ring": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-13fa4761", - "members": [], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "cfi-bucket-key-13fa4761", - "type": "CryptoKey", - "uid": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-13fa4761/cryptoKeys/cfi-bucket-key-13fa4761" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-central1" - }, - "remediation": { - "desc": "After a successful key rotation, the older key version is required in order to decrypt the data encrypted by that previous key version.", - "references": [ - "https://cloud.google.com/iam/docs/manage-access-service-accounts" - ] - }, - "risk_details": "Ensure that all your Cloud Key Management Service (KMS) keys are rotated within a period of 90 days in order to meet security and compliance requirements", - "time": 1760901002, - "time_dt": "2025-10-19T19:10:02.363981", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Key cfi-bucket-key-1c7d7a2a is not rotated every 90 days or less and the next rotation time is in more than 90 days.", - "metadata": { - "event_code": "kms_key_rotation_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "Key cfi-bucket-key-1c7d7a2a is not rotated every 90 days or less and the next rotation time is in more than 90 days.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.10" - ], - "ISO27001-2022": [ - "A.5.16", - "A.8.12", - "A.8.24" - ], - "ENS-RD2022": [ - "op.acc.6.r1.gcp.ip.1" - ], - "PCI-4.0": [ - "10.3.3.6", - "3.5.1.1.7", - "3.5.1.1.8", - "3.5.1.1.9", - "3.5.1.3.15", - "3.5.1.3.16", - "3.5.1.3.17", - "3.5.1.5", - "3.5.1.15", - "3.5.1.31", - "3.5.1.32", - "3.6.1.2.7", - "3.6.1.2.8", - "3.6.1.2.9", - "3.6.1.3.8", - "3.6.1.3.9", - "3.6.1.4.7", - "3.6.1.4.8", - "3.6.1.4.9", - "3.6.1.7", - "3.6.1.8", - "3.6.1.9", - "3.7.1.9", - "3.7.1.10", - "3.7.2.8", - "3.7.2.9", - "3.7.4.5", - "3.7.4.9", - "3.7.4.10", - "3.7.5.2", - "3.7.6.7", - "3.7.6.8", - "3.7.6.9", - "3.7.7.8", - "3.7.7.9", - "4.2.1.1.20", - "4.2.1.1.21", - "4.2.1.1.22", - "7.2.1.10", - "7.2.2.10", - "7.2.3.5", - "7.2.3.6", - "7.2.5.5", - "7.2.5.6", - "7.3.1.5", - "7.3.1.6", - "7.3.2.6", - "7.3.3.5", - "7.3.3.6", - "8.2.7.5", - "8.2.7.6", - "8.2.8.8", - "8.3.10.1.1", - "8.3.2.9", - "8.3.2.22", - "8.3.2.50", - "8.3.2.51", - "8.3.4.6", - "8.3.5.1", - "8.3.7.1", - "8.3.9.1", - "8.6.3.1", - "A1.2.1.11" - ], - "CIS-2.0": [ - "1.10" - ], - "NIS2": [ - "9.2.c", - "9.2.c.i", - "9.2.c.ii", - "9.2.c.v", - "9.2.c.vi", - "9.2.c.xii", - "11.4.2.c", - "11.6.1", - "11.6.2.c", - "12.2.2.a", - "12.2.2.b" - ], - "ProwlerThreatScore-1.0": [ - "1.2.4" - ], - "CIS-4.0": [ - "1.10" - ], - "CCC": [ - "CCC.GenAI.CN08.AR01", - "CCC.KeyMgmt.CN03.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR01", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.Core.CN13.AR03", - "CCC.Core.CN02.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04", - "CCC.Core.CN11.AR05", - "CCC.Core.CN11.AR06", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901002, - "created_time_dt": "2025-10-19T19:10:02.363981", - "desc": "Ensure KMS keys are rotated within a period of 90 days", - "title": "Ensure KMS keys are rotated within a period of 90 days", - "types": [], - "uid": "prowler-gcp-kms_key_rotation_enabled-nodal-time-474015-p5-us-central1-cfi-bucket-key-1c7d7a2a" - }, - "resources": [ - { - "region": "us-central1", - "data": { - "details": "", - "metadata": { - "id": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-1c7d7a2a/cryptoKeys/cfi-bucket-key-1c7d7a2a", - "name": "cfi-bucket-key-1c7d7a2a", - "location": "us-central1", - "rotation_period": null, - "next_rotation_time": null, - "key_ring": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-1c7d7a2a", - "members": [], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "cfi-bucket-key-1c7d7a2a", - "type": "CryptoKey", - "uid": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-1c7d7a2a/cryptoKeys/cfi-bucket-key-1c7d7a2a" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-central1" - }, - "remediation": { - "desc": "After a successful key rotation, the older key version is required in order to decrypt the data encrypted by that previous key version.", - "references": [ - "https://cloud.google.com/iam/docs/manage-access-service-accounts" - ] - }, - "risk_details": "Ensure that all your Cloud Key Management Service (KMS) keys are rotated within a period of 90 days in order to meet security and compliance requirements", - "time": 1760901002, - "time_dt": "2025-10-19T19:10:02.363981", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Key cfi-bucket-key-1fba850e is rotated every 90 days or less and the next rotation time is in less than 90 days.", - "metadata": { - "event_code": "kms_key_rotation_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "PASS", - "status_detail": "Key cfi-bucket-key-1fba850e is rotated every 90 days or less and the next rotation time is in less than 90 days.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.10" - ], - "ISO27001-2022": [ - "A.5.16", - "A.8.12", - "A.8.24" - ], - "ENS-RD2022": [ - "op.acc.6.r1.gcp.ip.1" - ], - "PCI-4.0": [ - "10.3.3.6", - "3.5.1.1.7", - "3.5.1.1.8", - "3.5.1.1.9", - "3.5.1.3.15", - "3.5.1.3.16", - "3.5.1.3.17", - "3.5.1.5", - "3.5.1.15", - "3.5.1.31", - "3.5.1.32", - "3.6.1.2.7", - "3.6.1.2.8", - "3.6.1.2.9", - "3.6.1.3.8", - "3.6.1.3.9", - "3.6.1.4.7", - "3.6.1.4.8", - "3.6.1.4.9", - "3.6.1.7", - "3.6.1.8", - "3.6.1.9", - "3.7.1.9", - "3.7.1.10", - "3.7.2.8", - "3.7.2.9", - "3.7.4.5", - "3.7.4.9", - "3.7.4.10", - "3.7.5.2", - "3.7.6.7", - "3.7.6.8", - "3.7.6.9", - "3.7.7.8", - "3.7.7.9", - "4.2.1.1.20", - "4.2.1.1.21", - "4.2.1.1.22", - "7.2.1.10", - "7.2.2.10", - "7.2.3.5", - "7.2.3.6", - "7.2.5.5", - "7.2.5.6", - "7.3.1.5", - "7.3.1.6", - "7.3.2.6", - "7.3.3.5", - "7.3.3.6", - "8.2.7.5", - "8.2.7.6", - "8.2.8.8", - "8.3.10.1.1", - "8.3.2.9", - "8.3.2.22", - "8.3.2.50", - "8.3.2.51", - "8.3.4.6", - "8.3.5.1", - "8.3.7.1", - "8.3.9.1", - "8.6.3.1", - "A1.2.1.11" - ], - "CIS-2.0": [ - "1.10" - ], - "NIS2": [ - "9.2.c", - "9.2.c.i", - "9.2.c.ii", - "9.2.c.v", - "9.2.c.vi", - "9.2.c.xii", - "11.4.2.c", - "11.6.1", - "11.6.2.c", - "12.2.2.a", - "12.2.2.b" - ], - "ProwlerThreatScore-1.0": [ - "1.2.4" - ], - "CIS-4.0": [ - "1.10" - ], - "CCC": [ - "CCC.GenAI.CN08.AR01", - "CCC.KeyMgmt.CN03.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR01", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.Core.CN13.AR03", - "CCC.Core.CN02.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04", - "CCC.Core.CN11.AR05", - "CCC.Core.CN11.AR06", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901002, - "created_time_dt": "2025-10-19T19:10:02.363981", - "desc": "Ensure KMS keys are rotated within a period of 90 days", - "title": "Ensure KMS keys are rotated within a period of 90 days", - "types": [], - "uid": "prowler-gcp-kms_key_rotation_enabled-nodal-time-474015-p5-us-central1-cfi-bucket-key-1fba850e" - }, - "resources": [ - { - "region": "us-central1", - "data": { - "details": "", - "metadata": { - "id": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-1fba850e/cryptoKeys/cfi-bucket-key-1fba850e", - "name": "cfi-bucket-key-1fba850e", - "location": "us-central1", - "rotation_period": "2592000s", - "next_rotation_time": "2025-11-15T23:25:31.957183Z", - "key_ring": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-1fba850e", - "members": [], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "cfi-bucket-key-1fba850e", - "type": "CryptoKey", - "uid": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-1fba850e/cryptoKeys/cfi-bucket-key-1fba850e" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-central1" - }, - "remediation": { - "desc": "After a successful key rotation, the older key version is required in order to decrypt the data encrypted by that previous key version.", - "references": [ - "https://cloud.google.com/iam/docs/manage-access-service-accounts" - ] - }, - "risk_details": "Ensure that all your Cloud Key Management Service (KMS) keys are rotated within a period of 90 days in order to meet security and compliance requirements", - "time": 1760901002, - "time_dt": "2025-10-19T19:10:02.363981", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Key cfi-bucket-key-4cd10935 is not rotated every 90 days or less and the next rotation time is in more than 90 days.", - "metadata": { - "event_code": "kms_key_rotation_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "Key cfi-bucket-key-4cd10935 is not rotated every 90 days or less and the next rotation time is in more than 90 days.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.10" - ], - "ISO27001-2022": [ - "A.5.16", - "A.8.12", - "A.8.24" - ], - "ENS-RD2022": [ - "op.acc.6.r1.gcp.ip.1" - ], - "PCI-4.0": [ - "10.3.3.6", - "3.5.1.1.7", - "3.5.1.1.8", - "3.5.1.1.9", - "3.5.1.3.15", - "3.5.1.3.16", - "3.5.1.3.17", - "3.5.1.5", - "3.5.1.15", - "3.5.1.31", - "3.5.1.32", - "3.6.1.2.7", - "3.6.1.2.8", - "3.6.1.2.9", - "3.6.1.3.8", - "3.6.1.3.9", - "3.6.1.4.7", - "3.6.1.4.8", - "3.6.1.4.9", - "3.6.1.7", - "3.6.1.8", - "3.6.1.9", - "3.7.1.9", - "3.7.1.10", - "3.7.2.8", - "3.7.2.9", - "3.7.4.5", - "3.7.4.9", - "3.7.4.10", - "3.7.5.2", - "3.7.6.7", - "3.7.6.8", - "3.7.6.9", - "3.7.7.8", - "3.7.7.9", - "4.2.1.1.20", - "4.2.1.1.21", - "4.2.1.1.22", - "7.2.1.10", - "7.2.2.10", - "7.2.3.5", - "7.2.3.6", - "7.2.5.5", - "7.2.5.6", - "7.3.1.5", - "7.3.1.6", - "7.3.2.6", - "7.3.3.5", - "7.3.3.6", - "8.2.7.5", - "8.2.7.6", - "8.2.8.8", - "8.3.10.1.1", - "8.3.2.9", - "8.3.2.22", - "8.3.2.50", - "8.3.2.51", - "8.3.4.6", - "8.3.5.1", - "8.3.7.1", - "8.3.9.1", - "8.6.3.1", - "A1.2.1.11" - ], - "CIS-2.0": [ - "1.10" - ], - "NIS2": [ - "9.2.c", - "9.2.c.i", - "9.2.c.ii", - "9.2.c.v", - "9.2.c.vi", - "9.2.c.xii", - "11.4.2.c", - "11.6.1", - "11.6.2.c", - "12.2.2.a", - "12.2.2.b" - ], - "ProwlerThreatScore-1.0": [ - "1.2.4" - ], - "CIS-4.0": [ - "1.10" - ], - "CCC": [ - "CCC.GenAI.CN08.AR01", - "CCC.KeyMgmt.CN03.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR01", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.Core.CN13.AR03", - "CCC.Core.CN02.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04", - "CCC.Core.CN11.AR05", - "CCC.Core.CN11.AR06", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901002, - "created_time_dt": "2025-10-19T19:10:02.363981", - "desc": "Ensure KMS keys are rotated within a period of 90 days", - "title": "Ensure KMS keys are rotated within a period of 90 days", - "types": [], - "uid": "prowler-gcp-kms_key_rotation_enabled-nodal-time-474015-p5-us-central1-cfi-bucket-key-4cd10935" - }, - "resources": [ - { - "region": "us-central1", - "data": { - "details": "", - "metadata": { - "id": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-4cd10935/cryptoKeys/cfi-bucket-key-4cd10935", - "name": "cfi-bucket-key-4cd10935", - "location": "us-central1", - "rotation_period": null, - "next_rotation_time": null, - "key_ring": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-4cd10935", - "members": [], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "cfi-bucket-key-4cd10935", - "type": "CryptoKey", - "uid": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-4cd10935/cryptoKeys/cfi-bucket-key-4cd10935" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-central1" - }, - "remediation": { - "desc": "After a successful key rotation, the older key version is required in order to decrypt the data encrypted by that previous key version.", - "references": [ - "https://cloud.google.com/iam/docs/manage-access-service-accounts" - ] - }, - "risk_details": "Ensure that all your Cloud Key Management Service (KMS) keys are rotated within a period of 90 days in order to meet security and compliance requirements", - "time": 1760901002, - "time_dt": "2025-10-19T19:10:02.363981", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Key cfi-bucket-key-7a427af0 is rotated every 90 days or less and the next rotation time is in less than 90 days.", - "metadata": { - "event_code": "kms_key_rotation_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "PASS", - "status_detail": "Key cfi-bucket-key-7a427af0 is rotated every 90 days or less and the next rotation time is in less than 90 days.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.10" - ], - "ISO27001-2022": [ - "A.5.16", - "A.8.12", - "A.8.24" - ], - "ENS-RD2022": [ - "op.acc.6.r1.gcp.ip.1" - ], - "PCI-4.0": [ - "10.3.3.6", - "3.5.1.1.7", - "3.5.1.1.8", - "3.5.1.1.9", - "3.5.1.3.15", - "3.5.1.3.16", - "3.5.1.3.17", - "3.5.1.5", - "3.5.1.15", - "3.5.1.31", - "3.5.1.32", - "3.6.1.2.7", - "3.6.1.2.8", - "3.6.1.2.9", - "3.6.1.3.8", - "3.6.1.3.9", - "3.6.1.4.7", - "3.6.1.4.8", - "3.6.1.4.9", - "3.6.1.7", - "3.6.1.8", - "3.6.1.9", - "3.7.1.9", - "3.7.1.10", - "3.7.2.8", - "3.7.2.9", - "3.7.4.5", - "3.7.4.9", - "3.7.4.10", - "3.7.5.2", - "3.7.6.7", - "3.7.6.8", - "3.7.6.9", - "3.7.7.8", - "3.7.7.9", - "4.2.1.1.20", - "4.2.1.1.21", - "4.2.1.1.22", - "7.2.1.10", - "7.2.2.10", - "7.2.3.5", - "7.2.3.6", - "7.2.5.5", - "7.2.5.6", - "7.3.1.5", - "7.3.1.6", - "7.3.2.6", - "7.3.3.5", - "7.3.3.6", - "8.2.7.5", - "8.2.7.6", - "8.2.8.8", - "8.3.10.1.1", - "8.3.2.9", - "8.3.2.22", - "8.3.2.50", - "8.3.2.51", - "8.3.4.6", - "8.3.5.1", - "8.3.7.1", - "8.3.9.1", - "8.6.3.1", - "A1.2.1.11" - ], - "CIS-2.0": [ - "1.10" - ], - "NIS2": [ - "9.2.c", - "9.2.c.i", - "9.2.c.ii", - "9.2.c.v", - "9.2.c.vi", - "9.2.c.xii", - "11.4.2.c", - "11.6.1", - "11.6.2.c", - "12.2.2.a", - "12.2.2.b" - ], - "ProwlerThreatScore-1.0": [ - "1.2.4" - ], - "CIS-4.0": [ - "1.10" - ], - "CCC": [ - "CCC.GenAI.CN08.AR01", - "CCC.KeyMgmt.CN03.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR01", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.Core.CN13.AR03", - "CCC.Core.CN02.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04", - "CCC.Core.CN11.AR05", - "CCC.Core.CN11.AR06", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901002, - "created_time_dt": "2025-10-19T19:10:02.363981", - "desc": "Ensure KMS keys are rotated within a period of 90 days", - "title": "Ensure KMS keys are rotated within a period of 90 days", - "types": [], - "uid": "prowler-gcp-kms_key_rotation_enabled-nodal-time-474015-p5-us-central1-cfi-bucket-key-7a427af0" - }, - "resources": [ - { - "region": "us-central1", - "data": { - "details": "", - "metadata": { - "id": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-7a427af0/cryptoKeys/cfi-bucket-key-7a427af0", - "name": "cfi-bucket-key-7a427af0", - "location": "us-central1", - "rotation_period": "2592000s", - "next_rotation_time": "2025-11-16T15:28:10.344444Z", - "key_ring": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-7a427af0", - "members": [], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "cfi-bucket-key-7a427af0", - "type": "CryptoKey", - "uid": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-7a427af0/cryptoKeys/cfi-bucket-key-7a427af0" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-central1" - }, - "remediation": { - "desc": "After a successful key rotation, the older key version is required in order to decrypt the data encrypted by that previous key version.", - "references": [ - "https://cloud.google.com/iam/docs/manage-access-service-accounts" - ] - }, - "risk_details": "Ensure that all your Cloud Key Management Service (KMS) keys are rotated within a period of 90 days in order to meet security and compliance requirements", - "time": 1760901002, - "time_dt": "2025-10-19T19:10:02.363981", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Key cfi-bucket-key-a03be2ac is not rotated every 90 days or less and the next rotation time is in more than 90 days.", - "metadata": { - "event_code": "kms_key_rotation_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "Key cfi-bucket-key-a03be2ac is not rotated every 90 days or less and the next rotation time is in more than 90 days.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.10" - ], - "ISO27001-2022": [ - "A.5.16", - "A.8.12", - "A.8.24" - ], - "ENS-RD2022": [ - "op.acc.6.r1.gcp.ip.1" - ], - "PCI-4.0": [ - "10.3.3.6", - "3.5.1.1.7", - "3.5.1.1.8", - "3.5.1.1.9", - "3.5.1.3.15", - "3.5.1.3.16", - "3.5.1.3.17", - "3.5.1.5", - "3.5.1.15", - "3.5.1.31", - "3.5.1.32", - "3.6.1.2.7", - "3.6.1.2.8", - "3.6.1.2.9", - "3.6.1.3.8", - "3.6.1.3.9", - "3.6.1.4.7", - "3.6.1.4.8", - "3.6.1.4.9", - "3.6.1.7", - "3.6.1.8", - "3.6.1.9", - "3.7.1.9", - "3.7.1.10", - "3.7.2.8", - "3.7.2.9", - "3.7.4.5", - "3.7.4.9", - "3.7.4.10", - "3.7.5.2", - "3.7.6.7", - "3.7.6.8", - "3.7.6.9", - "3.7.7.8", - "3.7.7.9", - "4.2.1.1.20", - "4.2.1.1.21", - "4.2.1.1.22", - "7.2.1.10", - "7.2.2.10", - "7.2.3.5", - "7.2.3.6", - "7.2.5.5", - "7.2.5.6", - "7.3.1.5", - "7.3.1.6", - "7.3.2.6", - "7.3.3.5", - "7.3.3.6", - "8.2.7.5", - "8.2.7.6", - "8.2.8.8", - "8.3.10.1.1", - "8.3.2.9", - "8.3.2.22", - "8.3.2.50", - "8.3.2.51", - "8.3.4.6", - "8.3.5.1", - "8.3.7.1", - "8.3.9.1", - "8.6.3.1", - "A1.2.1.11" - ], - "CIS-2.0": [ - "1.10" - ], - "NIS2": [ - "9.2.c", - "9.2.c.i", - "9.2.c.ii", - "9.2.c.v", - "9.2.c.vi", - "9.2.c.xii", - "11.4.2.c", - "11.6.1", - "11.6.2.c", - "12.2.2.a", - "12.2.2.b" - ], - "ProwlerThreatScore-1.0": [ - "1.2.4" - ], - "CIS-4.0": [ - "1.10" - ], - "CCC": [ - "CCC.GenAI.CN08.AR01", - "CCC.KeyMgmt.CN03.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR01", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.Core.CN13.AR03", - "CCC.Core.CN02.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04", - "CCC.Core.CN11.AR05", - "CCC.Core.CN11.AR06", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901002, - "created_time_dt": "2025-10-19T19:10:02.363981", - "desc": "Ensure KMS keys are rotated within a period of 90 days", - "title": "Ensure KMS keys are rotated within a period of 90 days", - "types": [], - "uid": "prowler-gcp-kms_key_rotation_enabled-nodal-time-474015-p5-us-central1-cfi-bucket-key-a03be2ac" - }, - "resources": [ - { - "region": "us-central1", - "data": { - "details": "", - "metadata": { - "id": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-a03be2ac/cryptoKeys/cfi-bucket-key-a03be2ac", - "name": "cfi-bucket-key-a03be2ac", - "location": "us-central1", - "rotation_period": null, - "next_rotation_time": null, - "key_ring": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-a03be2ac", - "members": [], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "cfi-bucket-key-a03be2ac", - "type": "CryptoKey", - "uid": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-a03be2ac/cryptoKeys/cfi-bucket-key-a03be2ac" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-central1" - }, - "remediation": { - "desc": "After a successful key rotation, the older key version is required in order to decrypt the data encrypted by that previous key version.", - "references": [ - "https://cloud.google.com/iam/docs/manage-access-service-accounts" - ] - }, - "risk_details": "Ensure that all your Cloud Key Management Service (KMS) keys are rotated within a period of 90 days in order to meet security and compliance requirements", - "time": 1760901002, - "time_dt": "2025-10-19T19:10:02.363981", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Key cfi-bucket-key-a1aaa547 is rotated every 90 days or less and the next rotation time is in less than 90 days.", - "metadata": { - "event_code": "kms_key_rotation_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "PASS", - "status_detail": "Key cfi-bucket-key-a1aaa547 is rotated every 90 days or less and the next rotation time is in less than 90 days.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.10" - ], - "ISO27001-2022": [ - "A.5.16", - "A.8.12", - "A.8.24" - ], - "ENS-RD2022": [ - "op.acc.6.r1.gcp.ip.1" - ], - "PCI-4.0": [ - "10.3.3.6", - "3.5.1.1.7", - "3.5.1.1.8", - "3.5.1.1.9", - "3.5.1.3.15", - "3.5.1.3.16", - "3.5.1.3.17", - "3.5.1.5", - "3.5.1.15", - "3.5.1.31", - "3.5.1.32", - "3.6.1.2.7", - "3.6.1.2.8", - "3.6.1.2.9", - "3.6.1.3.8", - "3.6.1.3.9", - "3.6.1.4.7", - "3.6.1.4.8", - "3.6.1.4.9", - "3.6.1.7", - "3.6.1.8", - "3.6.1.9", - "3.7.1.9", - "3.7.1.10", - "3.7.2.8", - "3.7.2.9", - "3.7.4.5", - "3.7.4.9", - "3.7.4.10", - "3.7.5.2", - "3.7.6.7", - "3.7.6.8", - "3.7.6.9", - "3.7.7.8", - "3.7.7.9", - "4.2.1.1.20", - "4.2.1.1.21", - "4.2.1.1.22", - "7.2.1.10", - "7.2.2.10", - "7.2.3.5", - "7.2.3.6", - "7.2.5.5", - "7.2.5.6", - "7.3.1.5", - "7.3.1.6", - "7.3.2.6", - "7.3.3.5", - "7.3.3.6", - "8.2.7.5", - "8.2.7.6", - "8.2.8.8", - "8.3.10.1.1", - "8.3.2.9", - "8.3.2.22", - "8.3.2.50", - "8.3.2.51", - "8.3.4.6", - "8.3.5.1", - "8.3.7.1", - "8.3.9.1", - "8.6.3.1", - "A1.2.1.11" - ], - "CIS-2.0": [ - "1.10" - ], - "NIS2": [ - "9.2.c", - "9.2.c.i", - "9.2.c.ii", - "9.2.c.v", - "9.2.c.vi", - "9.2.c.xii", - "11.4.2.c", - "11.6.1", - "11.6.2.c", - "12.2.2.a", - "12.2.2.b" - ], - "ProwlerThreatScore-1.0": [ - "1.2.4" - ], - "CIS-4.0": [ - "1.10" - ], - "CCC": [ - "CCC.GenAI.CN08.AR01", - "CCC.KeyMgmt.CN03.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR01", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.Core.CN13.AR03", - "CCC.Core.CN02.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04", - "CCC.Core.CN11.AR05", - "CCC.Core.CN11.AR06", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901002, - "created_time_dt": "2025-10-19T19:10:02.363981", - "desc": "Ensure KMS keys are rotated within a period of 90 days", - "title": "Ensure KMS keys are rotated within a period of 90 days", - "types": [], - "uid": "prowler-gcp-kms_key_rotation_enabled-nodal-time-474015-p5-us-central1-cfi-bucket-key-a1aaa547" - }, - "resources": [ - { - "region": "us-central1", - "data": { - "details": "", - "metadata": { - "id": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-a1aaa547/cryptoKeys/cfi-bucket-key-a1aaa547", - "name": "cfi-bucket-key-a1aaa547", - "location": "us-central1", - "rotation_period": "2592000s", - "next_rotation_time": "2025-11-16T00:25:56.259471Z", - "key_ring": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-a1aaa547", - "members": [], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "cfi-bucket-key-a1aaa547", - "type": "CryptoKey", - "uid": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-a1aaa547/cryptoKeys/cfi-bucket-key-a1aaa547" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-central1" - }, - "remediation": { - "desc": "After a successful key rotation, the older key version is required in order to decrypt the data encrypted by that previous key version.", - "references": [ - "https://cloud.google.com/iam/docs/manage-access-service-accounts" - ] - }, - "risk_details": "Ensure that all your Cloud Key Management Service (KMS) keys are rotated within a period of 90 days in order to meet security and compliance requirements", - "time": 1760901002, - "time_dt": "2025-10-19T19:10:02.363981", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Key cfi-bucket-key-e7619e1f is not rotated every 90 days or less and the next rotation time is in more than 90 days.", - "metadata": { - "event_code": "kms_key_rotation_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "Key cfi-bucket-key-e7619e1f is not rotated every 90 days or less and the next rotation time is in more than 90 days.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.10" - ], - "ISO27001-2022": [ - "A.5.16", - "A.8.12", - "A.8.24" - ], - "ENS-RD2022": [ - "op.acc.6.r1.gcp.ip.1" - ], - "PCI-4.0": [ - "10.3.3.6", - "3.5.1.1.7", - "3.5.1.1.8", - "3.5.1.1.9", - "3.5.1.3.15", - "3.5.1.3.16", - "3.5.1.3.17", - "3.5.1.5", - "3.5.1.15", - "3.5.1.31", - "3.5.1.32", - "3.6.1.2.7", - "3.6.1.2.8", - "3.6.1.2.9", - "3.6.1.3.8", - "3.6.1.3.9", - "3.6.1.4.7", - "3.6.1.4.8", - "3.6.1.4.9", - "3.6.1.7", - "3.6.1.8", - "3.6.1.9", - "3.7.1.9", - "3.7.1.10", - "3.7.2.8", - "3.7.2.9", - "3.7.4.5", - "3.7.4.9", - "3.7.4.10", - "3.7.5.2", - "3.7.6.7", - "3.7.6.8", - "3.7.6.9", - "3.7.7.8", - "3.7.7.9", - "4.2.1.1.20", - "4.2.1.1.21", - "4.2.1.1.22", - "7.2.1.10", - "7.2.2.10", - "7.2.3.5", - "7.2.3.6", - "7.2.5.5", - "7.2.5.6", - "7.3.1.5", - "7.3.1.6", - "7.3.2.6", - "7.3.3.5", - "7.3.3.6", - "8.2.7.5", - "8.2.7.6", - "8.2.8.8", - "8.3.10.1.1", - "8.3.2.9", - "8.3.2.22", - "8.3.2.50", - "8.3.2.51", - "8.3.4.6", - "8.3.5.1", - "8.3.7.1", - "8.3.9.1", - "8.6.3.1", - "A1.2.1.11" - ], - "CIS-2.0": [ - "1.10" - ], - "NIS2": [ - "9.2.c", - "9.2.c.i", - "9.2.c.ii", - "9.2.c.v", - "9.2.c.vi", - "9.2.c.xii", - "11.4.2.c", - "11.6.1", - "11.6.2.c", - "12.2.2.a", - "12.2.2.b" - ], - "ProwlerThreatScore-1.0": [ - "1.2.4" - ], - "CIS-4.0": [ - "1.10" - ], - "CCC": [ - "CCC.GenAI.CN08.AR01", - "CCC.KeyMgmt.CN03.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR01", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.Core.CN13.AR03", - "CCC.Core.CN02.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04", - "CCC.Core.CN11.AR05", - "CCC.Core.CN11.AR06", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901002, - "created_time_dt": "2025-10-19T19:10:02.363981", - "desc": "Ensure KMS keys are rotated within a period of 90 days", - "title": "Ensure KMS keys are rotated within a period of 90 days", - "types": [], - "uid": "prowler-gcp-kms_key_rotation_enabled-nodal-time-474015-p5-us-central1-cfi-bucket-key-e7619e1f" - }, - "resources": [ - { - "region": "us-central1", - "data": { - "details": "", - "metadata": { - "id": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-e7619e1f/cryptoKeys/cfi-bucket-key-e7619e1f", - "name": "cfi-bucket-key-e7619e1f", - "location": "us-central1", - "rotation_period": null, - "next_rotation_time": null, - "key_ring": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-e7619e1f", - "members": [], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "cfi-bucket-key-e7619e1f", - "type": "CryptoKey", - "uid": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-e7619e1f/cryptoKeys/cfi-bucket-key-e7619e1f" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-central1" - }, - "remediation": { - "desc": "After a successful key rotation, the older key version is required in order to decrypt the data encrypted by that previous key version.", - "references": [ - "https://cloud.google.com/iam/docs/manage-access-service-accounts" - ] - }, - "risk_details": "Ensure that all your Cloud Key Management Service (KMS) keys are rotated within a period of 90 days in order to meet security and compliance requirements", - "time": 1760901002, - "time_dt": "2025-10-19T19:10:02.363981", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Key cfi-bucket-key-f5bc86ea is not rotated every 90 days or less and the next rotation time is in more than 90 days.", - "metadata": { - "event_code": "kms_key_rotation_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "Key cfi-bucket-key-f5bc86ea is not rotated every 90 days or less and the next rotation time is in more than 90 days.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.10" - ], - "ISO27001-2022": [ - "A.5.16", - "A.8.12", - "A.8.24" - ], - "ENS-RD2022": [ - "op.acc.6.r1.gcp.ip.1" - ], - "PCI-4.0": [ - "10.3.3.6", - "3.5.1.1.7", - "3.5.1.1.8", - "3.5.1.1.9", - "3.5.1.3.15", - "3.5.1.3.16", - "3.5.1.3.17", - "3.5.1.5", - "3.5.1.15", - "3.5.1.31", - "3.5.1.32", - "3.6.1.2.7", - "3.6.1.2.8", - "3.6.1.2.9", - "3.6.1.3.8", - "3.6.1.3.9", - "3.6.1.4.7", - "3.6.1.4.8", - "3.6.1.4.9", - "3.6.1.7", - "3.6.1.8", - "3.6.1.9", - "3.7.1.9", - "3.7.1.10", - "3.7.2.8", - "3.7.2.9", - "3.7.4.5", - "3.7.4.9", - "3.7.4.10", - "3.7.5.2", - "3.7.6.7", - "3.7.6.8", - "3.7.6.9", - "3.7.7.8", - "3.7.7.9", - "4.2.1.1.20", - "4.2.1.1.21", - "4.2.1.1.22", - "7.2.1.10", - "7.2.2.10", - "7.2.3.5", - "7.2.3.6", - "7.2.5.5", - "7.2.5.6", - "7.3.1.5", - "7.3.1.6", - "7.3.2.6", - "7.3.3.5", - "7.3.3.6", - "8.2.7.5", - "8.2.7.6", - "8.2.8.8", - "8.3.10.1.1", - "8.3.2.9", - "8.3.2.22", - "8.3.2.50", - "8.3.2.51", - "8.3.4.6", - "8.3.5.1", - "8.3.7.1", - "8.3.9.1", - "8.6.3.1", - "A1.2.1.11" - ], - "CIS-2.0": [ - "1.10" - ], - "NIS2": [ - "9.2.c", - "9.2.c.i", - "9.2.c.ii", - "9.2.c.v", - "9.2.c.vi", - "9.2.c.xii", - "11.4.2.c", - "11.6.1", - "11.6.2.c", - "12.2.2.a", - "12.2.2.b" - ], - "ProwlerThreatScore-1.0": [ - "1.2.4" - ], - "CIS-4.0": [ - "1.10" - ], - "CCC": [ - "CCC.GenAI.CN08.AR01", - "CCC.KeyMgmt.CN03.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR01", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.Core.CN13.AR03", - "CCC.Core.CN02.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04", - "CCC.Core.CN11.AR05", - "CCC.Core.CN11.AR06", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901002, - "created_time_dt": "2025-10-19T19:10:02.363981", - "desc": "Ensure KMS keys are rotated within a period of 90 days", - "title": "Ensure KMS keys are rotated within a period of 90 days", - "types": [], - "uid": "prowler-gcp-kms_key_rotation_enabled-nodal-time-474015-p5-us-central1-cfi-bucket-key-f5bc86ea" - }, - "resources": [ - { - "region": "us-central1", - "data": { - "details": "", - "metadata": { - "id": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-f5bc86ea/cryptoKeys/cfi-bucket-key-f5bc86ea", - "name": "cfi-bucket-key-f5bc86ea", - "location": "us-central1", - "rotation_period": null, - "next_rotation_time": null, - "key_ring": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-f5bc86ea", - "members": [], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "cfi-bucket-key-f5bc86ea", - "type": "CryptoKey", - "uid": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-f5bc86ea/cryptoKeys/cfi-bucket-key-f5bc86ea" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-central1" - }, - "remediation": { - "desc": "After a successful key rotation, the older key version is required in order to decrypt the data encrypted by that previous key version.", - "references": [ - "https://cloud.google.com/iam/docs/manage-access-service-accounts" - ] - }, - "risk_details": "Ensure that all your Cloud Key Management Service (KMS) keys are rotated within a period of 90 days in order to meet security and compliance requirements", - "time": 1760901002, - "time_dt": "2025-10-19T19:10:02.363981", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There are no log metric filters or alerts associated in project nodal-time-474015-p5.", - "metadata": { - "event_code": "logging_log_metric_filter_and_alert_for_audit_configuration_changes_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "There are no log metric filters or alerts associated in project nodal-time-474015-p5.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "2.5" - ], - "SOC2": [ - "cc_2_1", - "cc_5_2", - "cc_7_2", - "cc_7_3", - "cc_7_4", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "ENS-RD2022": [ - "op.exp.1.r2.gcp.cai.1", - "op.exp.4.r4.gcp.log.1", - "op.mon.3.r6.gcp.scc.1" - ], - "PCI-4.0": [ - "10.2.1.1.7", - "10.2.1.1.10", - "10.2.1.1.20", - "10.2.1.1.36", - "10.2.1.2.7", - "10.2.1.2.8", - "10.2.1.3.7", - "10.2.1.3.8", - "10.2.1.3.17", - "10.2.1.4.7", - "10.2.1.4.8", - "10.2.1.5.7", - "10.2.1.6.7", - "10.2.1.7.7", - "10.2.1.7", - "10.2.1.17", - "10.2.1.18", - "10.2.2.7", - "10.2.2.8", - "10.2.2.15", - "10.2.2.18", - "10.3.1.7", - "10.3.1.8", - "10.3.2.2", - "10.3.3.4", - "10.3.4.3", - "10.3.4.6", - "10.5.1.3", - "10.6.3.7", - "10.6.3.10", - "10.6.3.22", - "10.6.3.24", - "10.6.3.41", - "11.5.2.4", - "11.6.1.4", - "12.10.5.3", - "12.10.5.4", - "5.3.4.8", - "5.3.4.20", - "5.3.4.21", - "A1.2.1.7", - "A1.2.1.8", - "A1.2.1.12", - "A3.3.1.6", - "A3.5.1.6" - ], - "MITRE-ATTACK": [ - "T1485", - "T1499", - "T1496" - ], - "CIS-2.0": [ - "2.5" - ], - "NIS2": [ - "1.1.2", - "2.1.2.h", - "2.2.1", - "3.2.1", - "3.2.3.b", - "3.2.3.f", - "3.2.4", - "3.4.1", - "3.6.2", - "6.4.1", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "1.3.5" - ], - "CIS-4.0": [ - "2.5" - ], - "CCC": [ - "CCC.AuditLog.CN01.AR01", - "CCC.AuditLog.CN01.AR02", - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN03.AR02", - "CCC.DataWar.CN03.AR01", - "CCC.GenAI.CN03.AR01", - "CCC.LB.CN01.AR01", - "CCC.LB.CN05.AR01", - "CCC.LB.CN09.AR01", - "CCC.Logging.CN06.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Monitor.CN02.AR01", - "CCC.Monitor.CN05.AR01", - "CCC.Vector.CN05.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR02", - "CCC.Core.CN04.AR03", - "CCC.Core.CN07.AR01", - "CCC.Core.CN07.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901002, - "created_time_dt": "2025-10-19T19:10:02.363981", - "desc": "Ensure That the Log Metric Filter and Alerts Exist for Audit Configuration Changes.", - "title": "Ensure That the Log Metric Filter and Alerts Exist for Audit Configuration Changes.", - "types": [], - "uid": "prowler-gcp-logging_log_metric_filter_and_alert_for_audit_configuration_changes_enabled-nodal-time-474015-p5-global-My First Project" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "number": 784623368087, - "id": "nodal-time-474015-p5", - "name": "My First Project", - "organization": null, - "labels": {}, - "lifecycle_state": "ACTIVE" - } - }, - "group": { - "name": "logging" - }, - "labels": [], - "name": "My First Project", - "type": "MetricFilter", - "uid": "nodal-time-474015-p5" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "By using Google Cloud alerting policies to detect audit configuration changes, you make sure that the recommended state of audit configuration is well maintained so that all the activities performed within your GCP project are available for security analysis and auditing at any point in time.", - "references": [ - "https://cloud.google.com/monitoring/alerts" - ] - }, - "risk_details": "Admin Activity audit logs and Data Access audit logs produced by the Google Cloud Audit Logs service can be extremely useful for security analysis, resource change tracking, and compliance auditing.", - "time": 1760901002, - "time_dt": "2025-10-19T19:10:02.363981", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There are no log metric filters or alerts associated in project nodal-time-474015-p5.", - "metadata": { - "event_code": "logging_log_metric_filter_and_alert_for_bucket_permission_changes_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "There are no log metric filters or alerts associated in project nodal-time-474015-p5.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "2.10" - ], - "SOC2": [ - "cc_2_1", - "cc_3_3", - "cc_5_2", - "cc_7_2", - "cc_7_3", - "cc_7_4", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "ENS-RD2022": [ - "op.exp.1.r2.gcp.cai.1" - ], - "PCI-4.0": [ - "10.2.1.1.7", - "10.2.1.1.9", - "10.2.1.1.30", - "10.2.1.2.7", - "10.2.1.2.27", - "10.2.1.3.7", - "10.2.1.4.27", - "10.2.1.5.7", - "10.2.1.5.27", - "10.2.1.6.7", - "10.2.1.6.27", - "10.2.1.7.7", - "10.2.1.7.27", - "10.2.1.7", - "10.2.1.27", - "10.2.2.7", - "10.2.2.27", - "10.3.1.7", - "10.3.1.27", - "10.4.1.1.2", - "10.4.1.2", - "10.4.2.3", - "10.6.3.7", - "10.6.3.9", - "10.6.3.34", - "10.6.3.41", - "10.7.1.4", - "10.7.2.4", - "11.5.2.5", - "12.10.5.3", - "5.3.4.7", - "5.3.4.32", - "7.2.2.2", - "A1.2.1.7", - "A1.2.1.32", - "A3.3.1.4", - "A3.5.1.4" - ], - "MITRE-ATTACK": [ - "T1485", - "T1499", - "T1496" - ], - "CIS-2.0": [ - "2.10" - ], - "NIS2": [ - "1.1.2", - "2.1.2.h", - "2.2.1", - "3.2.1", - "3.2.3.b", - "3.2.3.f", - "3.2.4", - "3.4.1", - "3.6.2", - "6.2.2.b", - "6.4.1", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.5" - ], - "CIS-4.0": [ - "2.10" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.Logging.CN06.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Monitor.CN02.AR01", - "CCC.Monitor.CN05.AR01", - "CCC.Vector.CN05.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR02", - "CCC.Core.CN04.AR03", - "CCC.Core.CN07.AR01", - "CCC.Core.CN07.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901002, - "created_time_dt": "2025-10-19T19:10:02.363981", - "desc": "Ensure That the Log Metric Filter and Alerts Exist for Cloud Storage IAM Permission Changes.", - "title": "Ensure That the Log Metric Filter and Alerts Exist for Cloud Storage IAM Permission Changes.", - "types": [], - "uid": "prowler-gcp-logging_log_metric_filter_and_alert_for_bucket_permission_changes_enabled-nodal-time-474015-p5-global-My First Project" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "number": 784623368087, - "id": "nodal-time-474015-p5", - "name": "My First Project", - "organization": null, - "labels": {}, - "lifecycle_state": "ACTIVE" - } - }, - "group": { - "name": "logging" - }, - "labels": [], - "name": "My First Project", - "type": "MetricFilter", - "uid": "nodal-time-474015-p5" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended that a metric filter and alarm be established for Cloud Storage Bucket IAM changes.", - "references": [ - "https://cloud.google.com/monitoring/alerts" - ] - }, - "risk_details": "Monitoring changes to cloud storage bucket permissions may reduce the time needed to detect and correct permissions on sensitive cloud storage buckets and objects inside the bucket.", - "time": 1760901002, - "time_dt": "2025-10-19T19:10:02.363981", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There are no log metric filters or alerts associated in project nodal-time-474015-p5.", - "metadata": { - "event_code": "logging_log_metric_filter_and_alert_for_custom_role_changes_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "There are no log metric filters or alerts associated in project nodal-time-474015-p5.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "2.6" - ], - "SOC2": [ - "cc_2_1", - "cc_5_2", - "cc_7_2", - "cc_7_3", - "cc_7_4", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "ENS-RD2022": [ - "opc.acc.1.r1.gcp.iam.2" - ], - "PCI-4.0": [ - "7.3.1.12", - "7.3.2.13" - ], - "MITRE-ATTACK": [ - "T1485", - "T1499", - "T1496" - ], - "CIS-2.0": [ - "2.6" - ], - "NIS2": [ - "1.1.2", - "2.1.2.h", - "2.2.1", - "3.2.1", - "3.2.3.b", - "3.2.3.d", - "3.2.3.f", - "3.2.4", - "3.4.1", - "3.6.2", - "6.4.1", - "7.2.b", - "11.2.2.e", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "1.3.6" - ], - "CIS-4.0": [ - "2.6" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.LB.CN05.AR01", - "CCC.LB.CN09.AR01", - "CCC.Logging.CN06.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Monitor.CN02.AR01", - "CCC.Monitor.CN05.AR01", - "CCC.Vector.CN05.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR02", - "CCC.Core.CN04.AR03", - "CCC.Core.CN07.AR01", - "CCC.Core.CN07.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901002, - "created_time_dt": "2025-10-19T19:10:02.363981", - "desc": "Ensure That the Log Metric Filter and Alerts Exist for Custom Role Changes.", - "title": "Ensure That the Log Metric Filter and Alerts Exist for Custom Role Changes.", - "types": [], - "uid": "prowler-gcp-logging_log_metric_filter_and_alert_for_custom_role_changes_enabled-nodal-time-474015-p5-global-My First Project" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "number": 784623368087, - "id": "nodal-time-474015-p5", - "name": "My First Project", - "organization": null, - "labels": {}, - "lifecycle_state": "ACTIVE" - } - }, - "group": { - "name": "logging" - }, - "labels": [], - "name": "My First Project", - "type": "MetricFilter", - "uid": "nodal-time-474015-p5" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended that a metric filter and alarm be established for changes to Identity and Access Management (IAM) role creation, deletion and updating activities.", - "references": [ - "https://cloud.google.com/monitoring/alerts" - ] - }, - "risk_details": "Google Cloud IAM provides predefined roles that give granular access to specific Google Cloud Platform resources and prevent unwanted access to other resources.", - "time": 1760901002, - "time_dt": "2025-10-19T19:10:02.363981", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There are no log metric filters or alerts associated in project nodal-time-474015-p5.", - "metadata": { - "event_code": "logging_log_metric_filter_and_alert_for_project_ownership_changes_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "There are no log metric filters or alerts associated in project nodal-time-474015-p5.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "2.4" - ], - "SOC2": [ - "cc_2_1", - "cc_3_3", - "cc_5_2", - "cc_7_2", - "cc_7_3", - "cc_7_4", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "ENS-RD2022": [ - "opc.acc.1.r1.gcp.iam.2", - "op.acc.3.r1.gcp.iam.1" - ], - "MITRE-ATTACK": [ - "T1485", - "T1499", - "T1496" - ], - "CIS-2.0": [ - "2.4" - ], - "NIS2": [ - "1.1.2", - "2.1.2.h", - "2.2.1", - "3.2.1", - "3.2.3.b", - "3.2.3.f", - "3.2.4", - "3.4.1", - "3.6.2", - "6.4.1", - "7.2.b", - "11.2.2.e", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "1.3.4" - ], - "CIS-4.0": [ - "2.4" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.LB.CN05.AR01", - "CCC.Logging.CN06.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Monitor.CN02.AR01", - "CCC.Monitor.CN05.AR01", - "CCC.Vector.CN05.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR02", - "CCC.Core.CN04.AR03", - "CCC.Core.CN07.AR01", - "CCC.Core.CN07.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901002, - "created_time_dt": "2025-10-19T19:10:02.363981", - "desc": "Ensure Log Metric Filter and Alerts Exist for Project Ownership Assignments/Changes.", - "title": "Ensure Log Metric Filter and Alerts Exist for Project Ownership Assignments/Changes.", - "types": [], - "uid": "prowler-gcp-logging_log_metric_filter_and_alert_for_project_ownership_changes_enabled-nodal-time-474015-p5-global-My First Project" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "number": 784623368087, - "id": "nodal-time-474015-p5", - "name": "My First Project", - "organization": null, - "labels": {}, - "lifecycle_state": "ACTIVE" - } - }, - "group": { - "name": "logging" - }, - "labels": [], - "name": "My First Project", - "type": "MetricFilter", - "uid": "nodal-time-474015-p5" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "Using Google Cloud alerting policies to detect ownership assignments/changes will help you maintain the right access permissions for each IAM member created within your project, follow the security principle of least privilege, and prevent any accidental or intentional changes that may lead to unauthorized actions.", - "references": [ - "https://cloud.google.com/monitoring/alerts" - ] - }, - "risk_details": "Project ownership has the highest level of privileges on a GCP project. These privileges include viewer permissions on all GCP services inside the project, permission to modify the state of all GCP services within the project, set up billing and manage roles and permissions for the project and all the resources inside the project.", - "time": 1760901002, - "time_dt": "2025-10-19T19:10:02.363981", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There are no log metric filters or alerts associated in project nodal-time-474015-p5.", - "metadata": { - "event_code": "logging_log_metric_filter_and_alert_for_sql_instance_configuration_changes_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "There are no log metric filters or alerts associated in project nodal-time-474015-p5.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "2.11" - ], - "SOC2": [ - "cc_2_1", - "cc_3_3", - "cc_5_2", - "cc_7_2", - "cc_7_3", - "cc_7_4", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "ENS-RD2022": [ - "mp.s.4.r1.gcp.app.1" - ], - "PCI-4.0": [ - "10.2.1.1.9", - "10.2.1.3.22", - "10.2.2.22", - "10.4.2.3", - "10.7.1.4", - "A3.3.1.4" - ], - "MITRE-ATTACK": [ - "T1485", - "T1499", - "T1496" - ], - "CIS-2.0": [ - "2.11" - ], - "NIS2": [ - "1.1.2", - "2.1.2.h", - "2.2.1", - "3.2.1", - "3.2.3.b", - "3.2.3.f", - "3.2.4", - "3.4.1", - "3.6.2", - "6.4.1", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.6" - ], - "CIS-4.0": [ - "2.11" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.LB.CN09.AR01", - "CCC.Logging.CN06.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Monitor.CN02.AR01", - "CCC.Monitor.CN05.AR01", - "CCC.Vector.CN05.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR02", - "CCC.Core.CN04.AR03", - "CCC.Core.CN07.AR01", - "CCC.Core.CN07.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901002, - "created_time_dt": "2025-10-19T19:10:02.363981", - "desc": "Ensure That the Log Metric Filter and Alerts Exist for SQL Instance Configuration Changes.", - "title": "Ensure That the Log Metric Filter and Alerts Exist for SQL Instance Configuration Changes.", - "types": [], - "uid": "prowler-gcp-logging_log_metric_filter_and_alert_for_sql_instance_configuration_changes_enabled-nodal-time-474015-p5-global-My First Project" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "number": 784623368087, - "id": "nodal-time-474015-p5", - "name": "My First Project", - "organization": null, - "labels": {}, - "lifecycle_state": "ACTIVE" - } - }, - "group": { - "name": "logging" - }, - "labels": [], - "name": "My First Project", - "type": "MetricFilter", - "uid": "nodal-time-474015-p5" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended that a metric filter and alarm be established for SQL instance configuration changes.", - "references": [ - "https://cloud.google.com/monitoring/alerts" - ] - }, - "risk_details": "Monitoring changes to SQL instance configuration changes may reduce the time needed to detect and correct misconfigurations done on the SQL server.", - "time": 1760901002, - "time_dt": "2025-10-19T19:10:02.363981", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There are no log metric filters or alerts associated in project nodal-time-474015-p5.", - "metadata": { - "event_code": "logging_log_metric_filter_and_alert_for_vpc_firewall_rule_changes_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "There are no log metric filters or alerts associated in project nodal-time-474015-p5.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "2.7" - ], - "SOC2": [ - "cc_2_1", - "cc_5_2", - "cc_7_2", - "cc_7_3", - "cc_7_4", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "ENS-RD2022": [ - "op.exp.8.gcp.nt.1", - "op.exp.8.r1.gcp.nt.1" - ], - "PCI-4.0": [ - "1.3.2.27", - "10.2.1.1.9", - "10.2.1.1.24", - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.21", - "10.3.1.29", - "10.4.1.1.7", - "10.4.2.7", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "10.6.3.41", - "10.7.1.4", - "10.7.1.8", - "5.3.4.8", - "5.3.4.24", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "MITRE-ATTACK": [ - "T1485", - "T1499", - "T1496" - ], - "CIS-2.0": [ - "2.7" - ], - "NIS2": [ - "1.1.2", - "2.1.2.g", - "2.1.2.h", - "2.2.1", - "3.2.1", - "3.2.3.b", - "3.2.3.f", - "3.2.3.g", - "3.2.4", - "3.4.1", - "3.6.2", - "6.4.1", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.2" - ], - "CIS-4.0": [ - "2.7" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.LB.CN01.AR01", - "CCC.LB.CN05.AR01", - "CCC.LB.CN09.AR01", - "CCC.Logging.CN06.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Monitor.CN02.AR01", - "CCC.Monitor.CN05.AR01", - "CCC.Vector.CN05.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR02", - "CCC.Core.CN04.AR03", - "CCC.Core.CN07.AR01", - "CCC.Core.CN07.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901002, - "created_time_dt": "2025-10-19T19:10:02.363981", - "desc": "Ensure That the Log Metric Filter and Alerts Exist for VPC Network Firewall Rule Changes.", - "title": "Ensure That the Log Metric Filter and Alerts Exist for VPC Network Firewall Rule Changes.", - "types": [], - "uid": "prowler-gcp-logging_log_metric_filter_and_alert_for_vpc_firewall_rule_changes_enabled-nodal-time-474015-p5-global-My First Project" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "number": 784623368087, - "id": "nodal-time-474015-p5", - "name": "My First Project", - "organization": null, - "labels": {}, - "lifecycle_state": "ACTIVE" - } - }, - "group": { - "name": "logging" - }, - "labels": [], - "name": "My First Project", - "type": "MetricFilter", - "uid": "nodal-time-474015-p5" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended that a metric filter and alarm be established for Virtual Private Cloud (VPC) Network Firewall rule changes.", - "references": [ - "https://cloud.google.com/monitoring/alerts" - ] - }, - "risk_details": "Monitoring for Create or Update Firewall rule events gives insight to network access changes and may reduce the time it takes to detect suspicious activity.", - "time": 1760901002, - "time_dt": "2025-10-19T19:10:02.363981", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There are no log metric filters or alerts associated in project nodal-time-474015-p5.", - "metadata": { - "event_code": "logging_log_metric_filter_and_alert_for_vpc_network_changes_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "There are no log metric filters or alerts associated in project nodal-time-474015-p5.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "2.9" - ], - "SOC2": [ - "cc_2_1", - "cc_3_3", - "cc_5_2", - "cc_7_2", - "cc_7_3", - "cc_7_4", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.8.gcp.nt.1", - "op.exp.8.r1.gcp.nt.1", - "mp.com.4.r4.gcp.net.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.34" - ], - "MITRE-ATTACK": [ - "T1485", - "T1499", - "T1496" - ], - "CIS-2.0": [ - "2.9" - ], - "NIS2": [ - "1.1.2", - "2.1.2.e", - "2.1.2.g", - "2.1.2.h", - "2.2.1", - "2.3.1", - "3.2.1", - "3.2.3.b", - "3.2.3.f", - "3.2.4", - "3.4.1", - "3.6.2", - "6.4.1", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.4" - ], - "CIS-4.0": [ - "2.9" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.LB.CN01.AR01", - "CCC.LB.CN04.AR01", - "CCC.LB.CN05.AR01", - "CCC.LB.CN09.AR01", - "CCC.Logging.CN06.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Monitor.CN02.AR01", - "CCC.Monitor.CN05.AR01", - "CCC.Vector.CN05.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR02", - "CCC.Core.CN04.AR03", - "CCC.Core.CN07.AR01", - "CCC.Core.CN07.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901002, - "created_time_dt": "2025-10-19T19:10:02.363981", - "desc": "Ensure That the Log Metric Filter and Alerts Exist for VPC Network Changes.", - "title": "Ensure That the Log Metric Filter and Alerts Exist for VPC Network Changes.", - "types": [], - "uid": "prowler-gcp-logging_log_metric_filter_and_alert_for_vpc_network_changes_enabled-nodal-time-474015-p5-global-My First Project" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "number": 784623368087, - "id": "nodal-time-474015-p5", - "name": "My First Project", - "organization": null, - "labels": {}, - "lifecycle_state": "ACTIVE" - } - }, - "group": { - "name": "logging" - }, - "labels": [], - "name": "My First Project", - "type": "MetricFilter", - "uid": "nodal-time-474015-p5" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended that a metric filter and alarm be established for Virtual Private Cloud (VPC) network changes.", - "references": [ - "https://cloud.google.com/monitoring/alerts" - ] - }, - "risk_details": "Monitoring changes to a VPC will help ensure VPC traffic flow is not getting impacted.", - "time": 1760901002, - "time_dt": "2025-10-19T19:10:02.363981", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There are no log metric filters or alerts associated in project nodal-time-474015-p5.", - "metadata": { - "event_code": "logging_log_metric_filter_and_alert_for_vpc_network_route_changes_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "There are no log metric filters or alerts associated in project nodal-time-474015-p5.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "2.8" - ], - "SOC2": [ - "cc_2_1", - "cc_3_3", - "cc_5_2", - "cc_7_2", - "cc_7_3", - "cc_7_4", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.8.gcp.nt.1", - "op.exp.8.r1.gcp.nt.1" - ], - "PCI-4.0": [ - "1.5.1.18", - "10.2.1.5.21", - "10.2.1.21" - ], - "MITRE-ATTACK": [ - "T1485", - "T1499", - "T1496" - ], - "CIS-2.0": [ - "2.8" - ], - "NIS2": [ - "1.1.2", - "2.1.2.e", - "2.1.2.g", - "2.1.2.h", - "2.2.1", - "2.3.1", - "3.2.1", - "3.2.3.b", - "3.2.3.f", - "3.2.4", - "3.4.1", - "3.6.2", - "6.4.1", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.3" - ], - "CIS-4.0": [ - "2.8" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.LB.CN01.AR01", - "CCC.LB.CN04.AR01", - "CCC.LB.CN05.AR01", - "CCC.LB.CN09.AR01", - "CCC.Logging.CN06.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Monitor.CN02.AR01", - "CCC.Monitor.CN05.AR01", - "CCC.Vector.CN05.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR02", - "CCC.Core.CN04.AR03", - "CCC.Core.CN07.AR01", - "CCC.Core.CN07.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901002, - "created_time_dt": "2025-10-19T19:10:02.363981", - "desc": "Ensure That the Log Metric Filter and Alerts Exist for VPC Network Route Changes.", - "title": "Ensure That the Log Metric Filter and Alerts Exist for VPC Network Route Changes.", - "types": [], - "uid": "prowler-gcp-logging_log_metric_filter_and_alert_for_vpc_network_route_changes_enabled-nodal-time-474015-p5-global-My First Project" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "number": 784623368087, - "id": "nodal-time-474015-p5", - "name": "My First Project", - "organization": null, - "labels": {}, - "lifecycle_state": "ACTIVE" - } - }, - "group": { - "name": "logging" - }, - "labels": [], - "name": "My First Project", - "type": "MetricFilter", - "uid": "nodal-time-474015-p5" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended that a metric filter and alarm be established for Virtual Private Cloud (VPC) network route changes.", - "references": [ - "https://cloud.google.com/monitoring/alerts" - ] - }, - "risk_details": "Monitoring changes to route tables will help ensure that all VPC traffic flows through an expected path.", - "time": 1760901002, - "time_dt": "2025-10-19T19:10:02.363981", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There are no logging sinks to export copies of all the log entries in project nodal-time-474015-p5.", - "metadata": { - "event_code": "logging_sink_created", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "There are no logging sinks to export copies of all the log entries in project nodal-time-474015-p5.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_2_1", - "cc_5_2", - "cc_7_2", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "ENS-RD2022": [ - "op.exp.8.r5.gcp.cl.1", - "op.ext.3.gcp.log.2" - ], - "PCI-4.0": [ - "10.5.1.3", - "11.5.2.4", - "12.10.5.4", - "A3.3.1.6", - "A3.5.1.6" - ], - "MITRE-ATTACK": [ - "T1562", - "T1049" - ], - "CIS-2.0": [ - "2.2" - ], - "NIS2": [ - "2.1.2.h", - "3.2.1", - "3.2.5", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "CCC": [ - "CCC.AuditLog.CN01.AR01", - "CCC.AuditLog.CN01.AR02", - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN03.AR02", - "CCC.AuditLog.CN04.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.AuditLog.CN06.AR01", - "CCC.AuditLog.CN07.AR01", - "CCC.DataWar.CN03.AR01", - "CCC.GenAI.CN03.AR01", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.LB.CN01.AR01", - "CCC.LB.CN01.AR02", - "CCC.LB.CN06.AR01", - "CCC.LB.CN04.AR01", - "CCC.LB.CN05.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Logging.CN05.AR01", - "CCC.Logging.CN06.AR01", - "CCC.ObjStor.CN06.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Monitor.CN02.AR01", - "CCC.Monitor.CN05.AR01", - "CCC.Vector.CN05.AR01", - "CCC.Core.CN09.AR01", - "CCC.Core.CN09.AR02", - "CCC.Core.CN09.AR03", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR02", - "CCC.Core.CN04.AR03", - "CCC.Core.CN07.AR01", - "CCC.Core.CN07.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901002, - "created_time_dt": "2025-10-19T19:10:02.363981", - "desc": "Ensure there is at least one sink used to export copies of all the log entries.", - "title": "Ensure there is at least one sink used to export copies of all the log entries.", - "types": [], - "uid": "prowler-gcp-logging_sink_created-nodal-time-474015-p5-global-My First Project" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "number": 784623368087, - "id": "nodal-time-474015-p5", - "name": "My First Project", - "organization": null, - "labels": {}, - "lifecycle_state": "ACTIVE" - } - }, - "group": { - "name": "logging" - }, - "labels": [], - "name": "My First Project", - "type": "Sink", - "uid": "nodal-time-474015-p5" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended to create a sink that will export copies of all the log entries. This can help aggregate logs from multiple projects and export them to a Security Information and Event Management (SIEM).", - "references": [ - "https://cloud.google.com/logging/docs/export" - ] - }, - "risk_details": "If sinks are not created, logs would be deleted after the configured retention period, and would not be backed up.", - "time": 1760901002, - "time_dt": "2025-10-19T19:10:02.363981", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - } -] diff --git a/website/src/data/test-results/finos-labs-ccc-cfi-compliance/gcp-network/results/gcp-network-complete.ocsf.json b/website/src/data/test-results/finos-labs-ccc-cfi-compliance/gcp-network/results/gcp-network-complete.ocsf.json deleted file mode 100644 index 62f96f66..00000000 --- a/website/src/data/test-results/finos-labs-ccc-cfi-compliance/gcp-network/results/gcp-network-complete.ocsf.json +++ /dev/null @@ -1,30816 +0,0 @@ -[ - { - "message": "AR Container Analysis is not enabled in project nodal-time-474015-p5.", - "metadata": { - "event_code": "artifacts_container_analysis_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "AR Container Analysis is not enabled in project nodal-time-474015-p5.", - "status_id": 1, - "unmapped": { - "related_url": "https://cloud.google.com/artifact-analysis/docs", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "By default, AR Container Analysis is disabled.", - "compliance": { - "SOC2": [ - "cc_3_1" - ], - "ENS-RD2022": [ - "op.exp.4.r4.gcp.log.1", - "op.mon.3.gcp.scc.1" - ], - "PCI-4.0": [ - "11.3.1.2.1", - "11.3.1.3.3", - "11.3.1.3" - ], - "MITRE-ATTACK": [ - "T1525" - ], - "NIS2": [ - "5.1.4.f", - "5.1.7.d", - "6.1.2.b", - "6.6.1.a", - "6.9.2", - "9.2.a" - ], - "CCC": [ - "CCC.CntrReg.CN01.AR01", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.MLDE.CN05.AR01", - "CCC.MLDE.CN05.AR02", - "CCC.MLDE.CN06.AR01" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Scan images stored in Google Container Registry (GCR) for vulnerabilities using AR Container Analysis or a third-party provider. This helps identify and mitigate security risks associated with known vulnerabilities in container images.", - "title": "Ensure Image Vulnerability Analysis using AR Container Analysis or a third-party provider", - "types": [ - "Security", - "Configuration" - ], - "uid": "prowler-gcp-artifacts_container_analysis_enabled-nodal-time-474015-p5-global-AR Container Analysis" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "number": 784623368087, - "id": "nodal-time-474015-p5", - "name": "My First Project", - "organization": null, - "labels": {}, - "lifecycle_state": "ACTIVE" - } - }, - "group": { - "name": "artifacts" - }, - "labels": [], - "name": "AR Container Analysis", - "type": "Service", - "uid": "containeranalysis.googleapis.com" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "Enable vulnerability scanning for images stored in Artifact Registry using AR Container Analysis or a third-party provider.", - "references": [ - "https://cloud.google.com/artifact-analysis/docs/container-scanning-overview" - ] - }, - "risk_details": "Without image vulnerability scanning, container images stored in Artifact Registry may contain known vulnerabilities, increasing the risk of exploitation by malicious actors.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Bucket cfi-logs-bucket-1fba850e is not publicly accessible.", - "metadata": { - "event_code": "cloudstorage_bucket_public_access", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Bucket cfi-logs-bucket-1fba850e is not publicly accessible.", - "status_id": 1, - "unmapped": { - "related_url": "https://www.trendmicro.com/cloudoneconformity/knowledge-base/gcp/CloudStorage/publicly-accessible-storage-buckets.html", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "5.1" - ], - "SOC2": [ - "cc_6_1" - ], - "ISO27001-2022": [ - "A.8.1", - "A.8.12" - ], - "ENS-RD2022": [ - "op.mon.3.r5.gcp.dm.1" - ], - "PCI-4.0": [ - "1.2.5.15", - "1.2.8.30", - "1.2.8.32", - "1.2.8.33", - "1.2.8.34", - "1.2.8.35", - "1.3.1.32", - "1.3.1.34", - "1.3.1.35", - "1.3.1.37", - "1.3.1.38", - "1.3.1.39", - "1.3.2.34", - "1.3.2.35", - "1.3.2.36", - "1.3.2.37", - "1.3.2.38", - "1.3.2.39", - "1.4.2.32", - "1.4.2.33", - "1.4.2.35", - "1.4.2.36", - "1.4.2.37", - "1.5.1.30", - "1.5.1.32", - "1.5.1.33", - "1.5.1.34", - "1.5.1.35", - "10.3.2.8", - "10.3.2.11", - "10.3.2.18", - "10.3.2.19", - "10.3.2.21", - "10.3.2.23", - "10.3.2.24", - "10.3.2.26", - "10.3.3.23", - "10.3.4.8", - "10.6.3.33", - "10.6.3.35", - "2.2.5.15", - "3.5.1.3.8", - "3.5.1.3.23", - "3.5.1.3.24", - "3.5.1.3.26", - "3.5.1.3.28", - "3.5.1.3.29", - "4.2.1.19", - "7.2.1.24", - "7.2.1.25", - "7.2.1.26", - "7.2.1.27", - "7.2.2.2", - "7.2.2.24", - "7.2.2.25", - "7.2.2.26", - "7.2.2.27", - "7.2.5.2", - "7.2.5.18", - "7.2.5.19", - "7.2.5.20", - "7.2.5.21", - "7.2.6.4", - "7.2.6.5", - "7.3.1.18", - "7.3.1.19", - "7.3.1.20", - "7.3.1.21", - "7.3.2.18", - "7.3.2.19", - "7.3.2.20", - "7.3.2.21", - "7.3.3.18", - "7.3.3.19", - "7.3.3.20", - "7.3.3.21", - "8.2.7.18", - "8.2.7.19", - "8.2.7.20", - "8.2.7.21", - "8.2.8.20", - "8.2.8.21", - "8.2.8.22", - "8.2.8.23", - "8.3.2.48", - "8.3.4.18", - "8.3.4.19", - "8.3.4.20", - "A1.1.2.4", - "A1.1.2.7", - "A1.1.2.14", - "A1.1.2.17", - "A1.1.2.19", - "A1.1.2.20", - "A1.1.2.22", - "A1.1.3.30", - "A1.1.3.31", - "A1.1.3.32", - "A1.1.3.33", - "A1.1.3.34", - "A1.1.3.35", - "A1.2.1.31", - "A3.4.1.4", - "A3.4.1.16", - "A3.4.1.19", - "A3.4.1.21", - "A3.4.1.22", - "A3.4.1.25" - ], - "MITRE-ATTACK": [ - "T1190" - ], - "CIS-2.0": [ - "5.1" - ], - "ProwlerThreatScore-1.0": [ - "2.2.1" - ], - "CIS-4.0": [ - "5.1" - ], - "CCC": [ - "CCC.AuditLog.CN04.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.AuditLog.CN10.AR01", - "CCC.AuditLog.CN10.AR02", - "CCC.Build.CN03.AR01", - "CCC.GenAI.CN03.AR01", - "CCC.GenAI.CN04.AR01", - "CCC.GenAI.CN08.AR01", - "CCC.Logging.CN05.AR01", - "CCC.Logging.CN05.AR02", - "CCC.MLDE.CN08.AR02", - "CCC.SvlsComp.CN01.AR01", - "CCC.Core.CN01.AR03", - "CCC.Core.CN03.AR02", - "CCC.Core.CN03.AR04", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure That Cloud Storage Bucket Is Not Anonymously or Publicly Accessible", - "title": "Ensure That Cloud Storage Bucket Is Not Anonymously or Publicly Accessible", - "types": [], - "uid": "prowler-gcp-cloudstorage_bucket_public_access-nodal-time-474015-p5-US-CENTRAL1-cfi-logs-bucket-1fba850e" - }, - "resources": [ - { - "region": "US-CENTRAL1", - "data": { - "details": "", - "metadata": { - "name": "cfi-logs-bucket-1fba850e", - "id": "cfi-logs-bucket-1fba850e", - "region": "US-CENTRAL1", - "uniform_bucket_level_access": true, - "public": false, - "project_id": "nodal-time-474015-p5", - "retention_policy": null - } - }, - "group": { - "name": "cloudstorage" - }, - "labels": [], - "name": "cfi-logs-bucket-1fba850e", - "type": "Bucket", - "uid": "cfi-logs-bucket-1fba850e" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "US-CENTRAL1" - }, - "remediation": { - "desc": "It is recommended that IAM policy on Cloud Storage bucket does not allows anonymous or public access.", - "references": [ - "https://cloud.google.com/storage/docs/access-control/iam-reference" - ] - }, - "risk_details": "Allowing anonymous or public access grants permissions to anyone to access bucket content. Such access might not be desired if you are storing any sensitive data. Hence, ensure that anonymous or public access to a bucket is not allowed.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Bucket cfi-logs-bucket-7a427af0 is not publicly accessible.", - "metadata": { - "event_code": "cloudstorage_bucket_public_access", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Bucket cfi-logs-bucket-7a427af0 is not publicly accessible.", - "status_id": 1, - "unmapped": { - "related_url": "https://www.trendmicro.com/cloudoneconformity/knowledge-base/gcp/CloudStorage/publicly-accessible-storage-buckets.html", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "5.1" - ], - "SOC2": [ - "cc_6_1" - ], - "ISO27001-2022": [ - "A.8.1", - "A.8.12" - ], - "ENS-RD2022": [ - "op.mon.3.r5.gcp.dm.1" - ], - "PCI-4.0": [ - "1.2.5.15", - "1.2.8.30", - "1.2.8.32", - "1.2.8.33", - "1.2.8.34", - "1.2.8.35", - "1.3.1.32", - "1.3.1.34", - "1.3.1.35", - "1.3.1.37", - "1.3.1.38", - "1.3.1.39", - "1.3.2.34", - "1.3.2.35", - "1.3.2.36", - "1.3.2.37", - "1.3.2.38", - "1.3.2.39", - "1.4.2.32", - "1.4.2.33", - "1.4.2.35", - "1.4.2.36", - "1.4.2.37", - "1.5.1.30", - "1.5.1.32", - "1.5.1.33", - "1.5.1.34", - "1.5.1.35", - "10.3.2.8", - "10.3.2.11", - "10.3.2.18", - "10.3.2.19", - "10.3.2.21", - "10.3.2.23", - "10.3.2.24", - "10.3.2.26", - "10.3.3.23", - "10.3.4.8", - "10.6.3.33", - "10.6.3.35", - "2.2.5.15", - "3.5.1.3.8", - "3.5.1.3.23", - "3.5.1.3.24", - "3.5.1.3.26", - "3.5.1.3.28", - "3.5.1.3.29", - "4.2.1.19", - "7.2.1.24", - "7.2.1.25", - "7.2.1.26", - "7.2.1.27", - "7.2.2.2", - "7.2.2.24", - "7.2.2.25", - "7.2.2.26", - "7.2.2.27", - "7.2.5.2", - "7.2.5.18", - "7.2.5.19", - "7.2.5.20", - "7.2.5.21", - "7.2.6.4", - "7.2.6.5", - "7.3.1.18", - "7.3.1.19", - "7.3.1.20", - "7.3.1.21", - "7.3.2.18", - "7.3.2.19", - "7.3.2.20", - "7.3.2.21", - "7.3.3.18", - "7.3.3.19", - "7.3.3.20", - "7.3.3.21", - "8.2.7.18", - "8.2.7.19", - "8.2.7.20", - "8.2.7.21", - "8.2.8.20", - "8.2.8.21", - "8.2.8.22", - "8.2.8.23", - "8.3.2.48", - "8.3.4.18", - "8.3.4.19", - "8.3.4.20", - "A1.1.2.4", - "A1.1.2.7", - "A1.1.2.14", - "A1.1.2.17", - "A1.1.2.19", - "A1.1.2.20", - "A1.1.2.22", - "A1.1.3.30", - "A1.1.3.31", - "A1.1.3.32", - "A1.1.3.33", - "A1.1.3.34", - "A1.1.3.35", - "A1.2.1.31", - "A3.4.1.4", - "A3.4.1.16", - "A3.4.1.19", - "A3.4.1.21", - "A3.4.1.22", - "A3.4.1.25" - ], - "MITRE-ATTACK": [ - "T1190" - ], - "CIS-2.0": [ - "5.1" - ], - "ProwlerThreatScore-1.0": [ - "2.2.1" - ], - "CIS-4.0": [ - "5.1" - ], - "CCC": [ - "CCC.AuditLog.CN04.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.AuditLog.CN10.AR01", - "CCC.AuditLog.CN10.AR02", - "CCC.Build.CN03.AR01", - "CCC.GenAI.CN03.AR01", - "CCC.GenAI.CN04.AR01", - "CCC.GenAI.CN08.AR01", - "CCC.Logging.CN05.AR01", - "CCC.Logging.CN05.AR02", - "CCC.MLDE.CN08.AR02", - "CCC.SvlsComp.CN01.AR01", - "CCC.Core.CN01.AR03", - "CCC.Core.CN03.AR02", - "CCC.Core.CN03.AR04", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure That Cloud Storage Bucket Is Not Anonymously or Publicly Accessible", - "title": "Ensure That Cloud Storage Bucket Is Not Anonymously or Publicly Accessible", - "types": [], - "uid": "prowler-gcp-cloudstorage_bucket_public_access-nodal-time-474015-p5-US-CENTRAL1-cfi-logs-bucket-7a427af0" - }, - "resources": [ - { - "region": "US-CENTRAL1", - "data": { - "details": "", - "metadata": { - "name": "cfi-logs-bucket-7a427af0", - "id": "cfi-logs-bucket-7a427af0", - "region": "US-CENTRAL1", - "uniform_bucket_level_access": true, - "public": false, - "project_id": "nodal-time-474015-p5", - "retention_policy": null - } - }, - "group": { - "name": "cloudstorage" - }, - "labels": [], - "name": "cfi-logs-bucket-7a427af0", - "type": "Bucket", - "uid": "cfi-logs-bucket-7a427af0" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "US-CENTRAL1" - }, - "remediation": { - "desc": "It is recommended that IAM policy on Cloud Storage bucket does not allows anonymous or public access.", - "references": [ - "https://cloud.google.com/storage/docs/access-control/iam-reference" - ] - }, - "risk_details": "Allowing anonymous or public access grants permissions to anyone to access bucket content. Such access might not be desired if you are storing any sensitive data. Hence, ensure that anonymous or public access to a bucket is not allowed.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Bucket cfi-logs-bucket-a1aaa547 is not publicly accessible.", - "metadata": { - "event_code": "cloudstorage_bucket_public_access", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Bucket cfi-logs-bucket-a1aaa547 is not publicly accessible.", - "status_id": 1, - "unmapped": { - "related_url": "https://www.trendmicro.com/cloudoneconformity/knowledge-base/gcp/CloudStorage/publicly-accessible-storage-buckets.html", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "5.1" - ], - "SOC2": [ - "cc_6_1" - ], - "ISO27001-2022": [ - "A.8.1", - "A.8.12" - ], - "ENS-RD2022": [ - "op.mon.3.r5.gcp.dm.1" - ], - "PCI-4.0": [ - "1.2.5.15", - "1.2.8.30", - "1.2.8.32", - "1.2.8.33", - "1.2.8.34", - "1.2.8.35", - "1.3.1.32", - "1.3.1.34", - "1.3.1.35", - "1.3.1.37", - "1.3.1.38", - "1.3.1.39", - "1.3.2.34", - "1.3.2.35", - "1.3.2.36", - "1.3.2.37", - "1.3.2.38", - "1.3.2.39", - "1.4.2.32", - "1.4.2.33", - "1.4.2.35", - "1.4.2.36", - "1.4.2.37", - "1.5.1.30", - "1.5.1.32", - "1.5.1.33", - "1.5.1.34", - "1.5.1.35", - "10.3.2.8", - "10.3.2.11", - "10.3.2.18", - "10.3.2.19", - "10.3.2.21", - "10.3.2.23", - "10.3.2.24", - "10.3.2.26", - "10.3.3.23", - "10.3.4.8", - "10.6.3.33", - "10.6.3.35", - "2.2.5.15", - "3.5.1.3.8", - "3.5.1.3.23", - "3.5.1.3.24", - "3.5.1.3.26", - "3.5.1.3.28", - "3.5.1.3.29", - "4.2.1.19", - "7.2.1.24", - "7.2.1.25", - "7.2.1.26", - "7.2.1.27", - "7.2.2.2", - "7.2.2.24", - "7.2.2.25", - "7.2.2.26", - "7.2.2.27", - "7.2.5.2", - "7.2.5.18", - "7.2.5.19", - "7.2.5.20", - "7.2.5.21", - "7.2.6.4", - "7.2.6.5", - "7.3.1.18", - "7.3.1.19", - "7.3.1.20", - "7.3.1.21", - "7.3.2.18", - "7.3.2.19", - "7.3.2.20", - "7.3.2.21", - "7.3.3.18", - "7.3.3.19", - "7.3.3.20", - "7.3.3.21", - "8.2.7.18", - "8.2.7.19", - "8.2.7.20", - "8.2.7.21", - "8.2.8.20", - "8.2.8.21", - "8.2.8.22", - "8.2.8.23", - "8.3.2.48", - "8.3.4.18", - "8.3.4.19", - "8.3.4.20", - "A1.1.2.4", - "A1.1.2.7", - "A1.1.2.14", - "A1.1.2.17", - "A1.1.2.19", - "A1.1.2.20", - "A1.1.2.22", - "A1.1.3.30", - "A1.1.3.31", - "A1.1.3.32", - "A1.1.3.33", - "A1.1.3.34", - "A1.1.3.35", - "A1.2.1.31", - "A3.4.1.4", - "A3.4.1.16", - "A3.4.1.19", - "A3.4.1.21", - "A3.4.1.22", - "A3.4.1.25" - ], - "MITRE-ATTACK": [ - "T1190" - ], - "CIS-2.0": [ - "5.1" - ], - "ProwlerThreatScore-1.0": [ - "2.2.1" - ], - "CIS-4.0": [ - "5.1" - ], - "CCC": [ - "CCC.AuditLog.CN04.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.AuditLog.CN10.AR01", - "CCC.AuditLog.CN10.AR02", - "CCC.Build.CN03.AR01", - "CCC.GenAI.CN03.AR01", - "CCC.GenAI.CN04.AR01", - "CCC.GenAI.CN08.AR01", - "CCC.Logging.CN05.AR01", - "CCC.Logging.CN05.AR02", - "CCC.MLDE.CN08.AR02", - "CCC.SvlsComp.CN01.AR01", - "CCC.Core.CN01.AR03", - "CCC.Core.CN03.AR02", - "CCC.Core.CN03.AR04", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure That Cloud Storage Bucket Is Not Anonymously or Publicly Accessible", - "title": "Ensure That Cloud Storage Bucket Is Not Anonymously or Publicly Accessible", - "types": [], - "uid": "prowler-gcp-cloudstorage_bucket_public_access-nodal-time-474015-p5-US-CENTRAL1-cfi-logs-bucket-a1aaa547" - }, - "resources": [ - { - "region": "US-CENTRAL1", - "data": { - "details": "", - "metadata": { - "name": "cfi-logs-bucket-a1aaa547", - "id": "cfi-logs-bucket-a1aaa547", - "region": "US-CENTRAL1", - "uniform_bucket_level_access": true, - "public": false, - "project_id": "nodal-time-474015-p5", - "retention_policy": null - } - }, - "group": { - "name": "cloudstorage" - }, - "labels": [], - "name": "cfi-logs-bucket-a1aaa547", - "type": "Bucket", - "uid": "cfi-logs-bucket-a1aaa547" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "US-CENTRAL1" - }, - "remediation": { - "desc": "It is recommended that IAM policy on Cloud Storage bucket does not allows anonymous or public access.", - "references": [ - "https://cloud.google.com/storage/docs/access-control/iam-reference" - ] - }, - "risk_details": "Allowing anonymous or public access grants permissions to anyone to access bucket content. Such access might not be desired if you are storing any sensitive data. Hence, ensure that anonymous or public access to a bucket is not allowed.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Bucket cfi-logs-bucket-1fba850e has uniform Bucket Level Access enabled.", - "metadata": { - "event_code": "cloudstorage_bucket_uniform_bucket_level_access", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Bucket cfi-logs-bucket-1fba850e has uniform Bucket Level Access enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "5.2" - ], - "PCI-4.0": [ - "1.2.5.15", - "1.2.8.33", - "1.2.8.34", - "1.2.8.35", - "1.3.1.34", - "1.3.1.37", - "1.3.1.38", - "1.3.1.39", - "1.3.2.34", - "1.3.2.37", - "1.3.2.38", - "1.3.2.39", - "1.4.2.32", - "1.4.2.35", - "1.4.2.36", - "1.4.2.37", - "1.5.1.30", - "1.5.1.33", - "1.5.1.34", - "1.5.1.35", - "10.3.2.11", - "10.3.2.18", - "10.3.2.21", - "10.3.2.23", - "10.3.2.24", - "10.3.2.26", - "10.3.3.23", - "10.3.4.8", - "10.6.3.33", - "10.6.3.35", - "2.2.5.15", - "2.2.7.19", - "3.5.1.3.23", - "3.5.1.3.26", - "3.5.1.3.28", - "3.5.1.3.29", - "3.5.1.30", - "4.2.1.1.27", - "4.2.1.19", - "7.2.1.24", - "7.2.1.25", - "7.2.1.26", - "7.2.1.27", - "7.2.2.24", - "7.2.2.25", - "7.2.2.26", - "7.2.2.27", - "7.2.5.18", - "7.2.5.19", - "7.2.5.20", - "7.2.5.21", - "7.2.6.4", - "7.2.6.5", - "7.3.1.18", - "7.3.1.19", - "7.3.1.20", - "7.3.1.21", - "7.3.2.18", - "7.3.2.19", - "7.3.2.20", - "7.3.2.21", - "7.3.3.18", - "7.3.3.19", - "7.3.3.20", - "7.3.3.21", - "8.2.7.18", - "8.2.7.19", - "8.2.7.20", - "8.2.7.21", - "8.2.8.20", - "8.2.8.21", - "8.2.8.22", - "8.2.8.23", - "8.3.2.48", - "8.3.4.18", - "8.3.4.19", - "8.3.4.20", - "8.3.4.21", - "A1.1.2.14", - "A1.1.2.17", - "A1.1.2.19", - "A1.1.2.20", - "A1.1.3.30", - "A1.1.3.33", - "A1.1.3.34", - "A1.1.3.35", - "A1.2.1.31", - "A3.4.1.16", - "A3.4.1.19", - "A3.4.1.21", - "A3.4.1.22" - ], - "CIS-2.0": [ - "5.2" - ], - "CIS-4.0": [ - "5.2" - ], - "CCC": [ - "CCC.AuditLog.CN04.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.AuditLog.CN10.AR01", - "CCC.AuditLog.CN10.AR02", - "CCC.GenAI.CN03.AR01", - "CCC.GenAI.CN04.AR01", - "CCC.Logging.CN05.AR01", - "CCC.Logging.CN05.AR02", - "CCC.ObjStor.CN02.AR01", - "CCC.ObjStor.CN02.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure That Cloud Storage Buckets Have Uniform Bucket-Level Access Enabled", - "title": "Ensure That Cloud Storage Buckets Have Uniform Bucket-Level Access Enabled", - "types": [], - "uid": "prowler-gcp-cloudstorage_bucket_uniform_bucket_level_access-nodal-time-474015-p5-US-CENTRAL1-cfi-logs-bucket-1fba850e" - }, - "resources": [ - { - "region": "US-CENTRAL1", - "data": { - "details": "", - "metadata": { - "name": "cfi-logs-bucket-1fba850e", - "id": "cfi-logs-bucket-1fba850e", - "region": "US-CENTRAL1", - "uniform_bucket_level_access": true, - "public": false, - "project_id": "nodal-time-474015-p5", - "retention_policy": null - } - }, - "group": { - "name": "cloudstorage" - }, - "labels": [], - "name": "cfi-logs-bucket-1fba850e", - "type": "Bucket", - "uid": "cfi-logs-bucket-1fba850e" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "US-CENTRAL1" - }, - "remediation": { - "desc": "It is recommended that uniform bucket-level access is enabled on Cloud Storage buckets.", - "references": [ - "https://cloud.google.com/storage/docs/using-uniform-bucket-level-access" - ] - }, - "risk_details": "Enabling uniform bucket-level access guarantees that if a Storage bucket is not publicly accessible, no object in the bucket is publicly accessible either.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Bucket cfi-logs-bucket-7a427af0 has uniform Bucket Level Access enabled.", - "metadata": { - "event_code": "cloudstorage_bucket_uniform_bucket_level_access", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Bucket cfi-logs-bucket-7a427af0 has uniform Bucket Level Access enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "5.2" - ], - "PCI-4.0": [ - "1.2.5.15", - "1.2.8.33", - "1.2.8.34", - "1.2.8.35", - "1.3.1.34", - "1.3.1.37", - "1.3.1.38", - "1.3.1.39", - "1.3.2.34", - "1.3.2.37", - "1.3.2.38", - "1.3.2.39", - "1.4.2.32", - "1.4.2.35", - "1.4.2.36", - "1.4.2.37", - "1.5.1.30", - "1.5.1.33", - "1.5.1.34", - "1.5.1.35", - "10.3.2.11", - "10.3.2.18", - "10.3.2.21", - "10.3.2.23", - "10.3.2.24", - "10.3.2.26", - "10.3.3.23", - "10.3.4.8", - "10.6.3.33", - "10.6.3.35", - "2.2.5.15", - "2.2.7.19", - "3.5.1.3.23", - "3.5.1.3.26", - "3.5.1.3.28", - "3.5.1.3.29", - "3.5.1.30", - "4.2.1.1.27", - "4.2.1.19", - "7.2.1.24", - "7.2.1.25", - "7.2.1.26", - "7.2.1.27", - "7.2.2.24", - "7.2.2.25", - "7.2.2.26", - "7.2.2.27", - "7.2.5.18", - "7.2.5.19", - "7.2.5.20", - "7.2.5.21", - "7.2.6.4", - "7.2.6.5", - "7.3.1.18", - "7.3.1.19", - "7.3.1.20", - "7.3.1.21", - "7.3.2.18", - "7.3.2.19", - "7.3.2.20", - "7.3.2.21", - "7.3.3.18", - "7.3.3.19", - "7.3.3.20", - "7.3.3.21", - "8.2.7.18", - "8.2.7.19", - "8.2.7.20", - "8.2.7.21", - "8.2.8.20", - "8.2.8.21", - "8.2.8.22", - "8.2.8.23", - "8.3.2.48", - "8.3.4.18", - "8.3.4.19", - "8.3.4.20", - "8.3.4.21", - "A1.1.2.14", - "A1.1.2.17", - "A1.1.2.19", - "A1.1.2.20", - "A1.1.3.30", - "A1.1.3.33", - "A1.1.3.34", - "A1.1.3.35", - "A1.2.1.31", - "A3.4.1.16", - "A3.4.1.19", - "A3.4.1.21", - "A3.4.1.22" - ], - "CIS-2.0": [ - "5.2" - ], - "CIS-4.0": [ - "5.2" - ], - "CCC": [ - "CCC.AuditLog.CN04.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.AuditLog.CN10.AR01", - "CCC.AuditLog.CN10.AR02", - "CCC.GenAI.CN03.AR01", - "CCC.GenAI.CN04.AR01", - "CCC.Logging.CN05.AR01", - "CCC.Logging.CN05.AR02", - "CCC.ObjStor.CN02.AR01", - "CCC.ObjStor.CN02.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure That Cloud Storage Buckets Have Uniform Bucket-Level Access Enabled", - "title": "Ensure That Cloud Storage Buckets Have Uniform Bucket-Level Access Enabled", - "types": [], - "uid": "prowler-gcp-cloudstorage_bucket_uniform_bucket_level_access-nodal-time-474015-p5-US-CENTRAL1-cfi-logs-bucket-7a427af0" - }, - "resources": [ - { - "region": "US-CENTRAL1", - "data": { - "details": "", - "metadata": { - "name": "cfi-logs-bucket-7a427af0", - "id": "cfi-logs-bucket-7a427af0", - "region": "US-CENTRAL1", - "uniform_bucket_level_access": true, - "public": false, - "project_id": "nodal-time-474015-p5", - "retention_policy": null - } - }, - "group": { - "name": "cloudstorage" - }, - "labels": [], - "name": "cfi-logs-bucket-7a427af0", - "type": "Bucket", - "uid": "cfi-logs-bucket-7a427af0" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "US-CENTRAL1" - }, - "remediation": { - "desc": "It is recommended that uniform bucket-level access is enabled on Cloud Storage buckets.", - "references": [ - "https://cloud.google.com/storage/docs/using-uniform-bucket-level-access" - ] - }, - "risk_details": "Enabling uniform bucket-level access guarantees that if a Storage bucket is not publicly accessible, no object in the bucket is publicly accessible either.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Bucket cfi-logs-bucket-a1aaa547 has uniform Bucket Level Access enabled.", - "metadata": { - "event_code": "cloudstorage_bucket_uniform_bucket_level_access", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Bucket cfi-logs-bucket-a1aaa547 has uniform Bucket Level Access enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "5.2" - ], - "PCI-4.0": [ - "1.2.5.15", - "1.2.8.33", - "1.2.8.34", - "1.2.8.35", - "1.3.1.34", - "1.3.1.37", - "1.3.1.38", - "1.3.1.39", - "1.3.2.34", - "1.3.2.37", - "1.3.2.38", - "1.3.2.39", - "1.4.2.32", - "1.4.2.35", - "1.4.2.36", - "1.4.2.37", - "1.5.1.30", - "1.5.1.33", - "1.5.1.34", - "1.5.1.35", - "10.3.2.11", - "10.3.2.18", - "10.3.2.21", - "10.3.2.23", - "10.3.2.24", - "10.3.2.26", - "10.3.3.23", - "10.3.4.8", - "10.6.3.33", - "10.6.3.35", - "2.2.5.15", - "2.2.7.19", - "3.5.1.3.23", - "3.5.1.3.26", - "3.5.1.3.28", - "3.5.1.3.29", - "3.5.1.30", - "4.2.1.1.27", - "4.2.1.19", - "7.2.1.24", - "7.2.1.25", - "7.2.1.26", - "7.2.1.27", - "7.2.2.24", - "7.2.2.25", - "7.2.2.26", - "7.2.2.27", - "7.2.5.18", - "7.2.5.19", - "7.2.5.20", - "7.2.5.21", - "7.2.6.4", - "7.2.6.5", - "7.3.1.18", - "7.3.1.19", - "7.3.1.20", - "7.3.1.21", - "7.3.2.18", - "7.3.2.19", - "7.3.2.20", - "7.3.2.21", - "7.3.3.18", - "7.3.3.19", - "7.3.3.20", - "7.3.3.21", - "8.2.7.18", - "8.2.7.19", - "8.2.7.20", - "8.2.7.21", - "8.2.8.20", - "8.2.8.21", - "8.2.8.22", - "8.2.8.23", - "8.3.2.48", - "8.3.4.18", - "8.3.4.19", - "8.3.4.20", - "8.3.4.21", - "A1.1.2.14", - "A1.1.2.17", - "A1.1.2.19", - "A1.1.2.20", - "A1.1.3.30", - "A1.1.3.33", - "A1.1.3.34", - "A1.1.3.35", - "A1.2.1.31", - "A3.4.1.16", - "A3.4.1.19", - "A3.4.1.21", - "A3.4.1.22" - ], - "CIS-2.0": [ - "5.2" - ], - "CIS-4.0": [ - "5.2" - ], - "CCC": [ - "CCC.AuditLog.CN04.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.AuditLog.CN10.AR01", - "CCC.AuditLog.CN10.AR02", - "CCC.GenAI.CN03.AR01", - "CCC.GenAI.CN04.AR01", - "CCC.Logging.CN05.AR01", - "CCC.Logging.CN05.AR02", - "CCC.ObjStor.CN02.AR01", - "CCC.ObjStor.CN02.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure That Cloud Storage Buckets Have Uniform Bucket-Level Access Enabled", - "title": "Ensure That Cloud Storage Buckets Have Uniform Bucket-Level Access Enabled", - "types": [], - "uid": "prowler-gcp-cloudstorage_bucket_uniform_bucket_level_access-nodal-time-474015-p5-US-CENTRAL1-cfi-logs-bucket-a1aaa547" - }, - "resources": [ - { - "region": "US-CENTRAL1", - "data": { - "details": "", - "metadata": { - "name": "cfi-logs-bucket-a1aaa547", - "id": "cfi-logs-bucket-a1aaa547", - "region": "US-CENTRAL1", - "uniform_bucket_level_access": true, - "public": false, - "project_id": "nodal-time-474015-p5", - "retention_policy": null - } - }, - "group": { - "name": "cloudstorage" - }, - "labels": [], - "name": "cfi-logs-bucket-a1aaa547", - "type": "Bucket", - "uid": "cfi-logs-bucket-a1aaa547" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "US-CENTRAL1" - }, - "remediation": { - "desc": "It is recommended that uniform bucket-level access is enabled on Cloud Storage buckets.", - "references": [ - "https://cloud.google.com/storage/docs/using-uniform-bucket-level-access" - ] - }, - "risk_details": "Enabling uniform bucket-level access guarantees that if a Storage bucket is not publicly accessible, no object in the bucket is publicly accessible either.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Firewall default-allow-icmp does not expose port 3389 (RDP) to the internet.", - "metadata": { - "event_code": "compute_firewall_rdp_access_from_the_internet_allowed", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "PASS", - "status_detail": "Firewall default-allow-icmp does not expose port 3389 (RDP) to the internet.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.7" - ], - "SOC2": [ - "cc_6_6", - "cc_6_7" - ], - "ISO27001-2022": [ - "A.8.20" - ], - "ENS-RD2022": [ - "mp.com.1.gcp.fw.1" - ], - "PCI-4.0": [ - "1.2.5.17", - "1.2.8.21", - "1.2.8.41", - "1.3.1.24", - "1.3.2.24", - "1.3.2.45", - "1.4.2.19", - "1.4.2.22", - "1.5.1.21", - "1.5.1.40", - "10.3.2.12", - "2.2.5.17", - "3.5.1.3.14", - "A1.1.2.8", - "A1.1.3.16", - "A1.1.3.21", - "A1.1.3.40" - ], - "MITRE-ATTACK": [ - "T1190", - "T1199", - "T1048", - "T1498", - "T1046" - ], - "CIS-2.0": [ - "3.7" - ], - "NIS2": [ - "1.1.1.c", - "1.2.1", - "2.1.2.e", - "2.1.2.g", - "2.2.1", - "2.3.1", - "6.7.2.b", - "6.7.2.i", - "11.1.1", - "12.2.2.c" - ], - "ProwlerThreatScore-1.0": [ - "2.1.5" - ], - "CIS-4.0": [ - "3.7" - ], - "CCC": [ - "CCC.Build.CN03.AR01", - "CCC.DataWar.CN03.AR01", - "CCC.GenAI.CN04.AR01", - "CCC.MLDE.CN03.AR02", - "CCC.MLDE.CN04.AR02", - "CCC.MLDE.CN05.AR02", - "CCC.MLDE.CN07.AR01", - "CCC.MLDE.CN07.AR02", - "CCC.MLDE.CN08.AR01", - "CCC.MLDE.CN08.AR02", - "CCC.SvlsComp.CN01.AR01", - "CCC.Core.CN01.AR03", - "CCC.Core.CN01.AR07", - "CCC.Core.CN03.AR02", - "CCC.Core.CN03.AR04", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "GCP `Firewall Rules` are specific to a `VPC Network`. Each rule either `allows` or `denies` traffic when its conditions are met. Its conditions allow users to specify the type of traffic, such as ports and protocols, and the source or destination of the traffic, including IP addresses, subnets, and instances. Firewall rules are defined at the VPC network level and are specific to the network in which they are defined. The rules themselves cannot be shared among networks. Firewall rules only support IPv4 traffic. When specifying a source for an ingress rule or a destination for an egress rule by address, an `IPv4` address or `IPv4 block in CIDR` notation can be used. Generic `(0.0.0.0/0)` incoming traffic from the Internet to a VPC or VM instance using `RDP` on `Port 3389` can be avoided.", - "title": "Ensure That RDP Access Is Restricted From the Internet", - "types": [], - "uid": "prowler-gcp-compute_firewall_rdp_access_from_the_internet_allowed-nodal-time-474015-p5-global-default-allow-icmp" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "default-allow-icmp", - "id": "613284056905897095", - "source_ranges": [ - "0.0.0.0/0" - ], - "direction": "INGRESS", - "allowed_rules": [ - { - "IPProtocol": "icmp" - } - ], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default-allow-icmp", - "type": "FirewallRule", - "uid": "613284056905897095" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "Ensure that Google Cloud Virtual Private Cloud (VPC) firewall rules do not allow unrestricted access (i.e. 0.0.0.0/0) on TCP port 3389 in order to restrict Remote Desktop Protocol (RDP) traffic to trusted IP addresses or IP ranges only and reduce the attack surface. TCP port 3389 is used for secure remote GUI login to Windows VM instances by connecting a RDP client application with an RDP server.", - "references": [ - "https://cloud.google.com/vpc/docs/using-firewalls" - ] - }, - "risk_details": "Allowing unrestricted Remote Desktop Protocol (RDP) access can increase opportunities for malicious activities such as hacking, Man-In-The-Middle attacks (MITM) and Pass-The-Hash (PTH) attacks.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Firewall default-allow-internal does not expose port 3389 (RDP) to the internet.", - "metadata": { - "event_code": "compute_firewall_rdp_access_from_the_internet_allowed", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "PASS", - "status_detail": "Firewall default-allow-internal does not expose port 3389 (RDP) to the internet.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.7" - ], - "SOC2": [ - "cc_6_6", - "cc_6_7" - ], - "ISO27001-2022": [ - "A.8.20" - ], - "ENS-RD2022": [ - "mp.com.1.gcp.fw.1" - ], - "PCI-4.0": [ - "1.2.5.17", - "1.2.8.21", - "1.2.8.41", - "1.3.1.24", - "1.3.2.24", - "1.3.2.45", - "1.4.2.19", - "1.4.2.22", - "1.5.1.21", - "1.5.1.40", - "10.3.2.12", - "2.2.5.17", - "3.5.1.3.14", - "A1.1.2.8", - "A1.1.3.16", - "A1.1.3.21", - "A1.1.3.40" - ], - "MITRE-ATTACK": [ - "T1190", - "T1199", - "T1048", - "T1498", - "T1046" - ], - "CIS-2.0": [ - "3.7" - ], - "NIS2": [ - "1.1.1.c", - "1.2.1", - "2.1.2.e", - "2.1.2.g", - "2.2.1", - "2.3.1", - "6.7.2.b", - "6.7.2.i", - "11.1.1", - "12.2.2.c" - ], - "ProwlerThreatScore-1.0": [ - "2.1.5" - ], - "CIS-4.0": [ - "3.7" - ], - "CCC": [ - "CCC.Build.CN03.AR01", - "CCC.DataWar.CN03.AR01", - "CCC.GenAI.CN04.AR01", - "CCC.MLDE.CN03.AR02", - "CCC.MLDE.CN04.AR02", - "CCC.MLDE.CN05.AR02", - "CCC.MLDE.CN07.AR01", - "CCC.MLDE.CN07.AR02", - "CCC.MLDE.CN08.AR01", - "CCC.MLDE.CN08.AR02", - "CCC.SvlsComp.CN01.AR01", - "CCC.Core.CN01.AR03", - "CCC.Core.CN01.AR07", - "CCC.Core.CN03.AR02", - "CCC.Core.CN03.AR04", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "GCP `Firewall Rules` are specific to a `VPC Network`. Each rule either `allows` or `denies` traffic when its conditions are met. Its conditions allow users to specify the type of traffic, such as ports and protocols, and the source or destination of the traffic, including IP addresses, subnets, and instances. Firewall rules are defined at the VPC network level and are specific to the network in which they are defined. The rules themselves cannot be shared among networks. Firewall rules only support IPv4 traffic. When specifying a source for an ingress rule or a destination for an egress rule by address, an `IPv4` address or `IPv4 block in CIDR` notation can be used. Generic `(0.0.0.0/0)` incoming traffic from the Internet to a VPC or VM instance using `RDP` on `Port 3389` can be avoided.", - "title": "Ensure That RDP Access Is Restricted From the Internet", - "types": [], - "uid": "prowler-gcp-compute_firewall_rdp_access_from_the_internet_allowed-nodal-time-474015-p5-global-default-allow-internal" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "default-allow-internal", - "id": "7344732286417982599", - "source_ranges": [ - "10.128.0.0/9" - ], - "direction": "INGRESS", - "allowed_rules": [ - { - "IPProtocol": "tcp", - "ports": [ - "0-65535" - ] - }, - { - "IPProtocol": "udp", - "ports": [ - "0-65535" - ] - }, - { - "IPProtocol": "icmp" - } - ], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default-allow-internal", - "type": "FirewallRule", - "uid": "7344732286417982599" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "Ensure that Google Cloud Virtual Private Cloud (VPC) firewall rules do not allow unrestricted access (i.e. 0.0.0.0/0) on TCP port 3389 in order to restrict Remote Desktop Protocol (RDP) traffic to trusted IP addresses or IP ranges only and reduce the attack surface. TCP port 3389 is used for secure remote GUI login to Windows VM instances by connecting a RDP client application with an RDP server.", - "references": [ - "https://cloud.google.com/vpc/docs/using-firewalls" - ] - }, - "risk_details": "Allowing unrestricted Remote Desktop Protocol (RDP) access can increase opportunities for malicious activities such as hacking, Man-In-The-Middle attacks (MITM) and Pass-The-Hash (PTH) attacks.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Firewall default-allow-rdp does exposes port 3389 (RDP) to the internet.", - "metadata": { - "event_code": "compute_firewall_rdp_access_from_the_internet_allowed", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "FAIL", - "status_detail": "Firewall default-allow-rdp does exposes port 3389 (RDP) to the internet.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.7" - ], - "SOC2": [ - "cc_6_6", - "cc_6_7" - ], - "ISO27001-2022": [ - "A.8.20" - ], - "ENS-RD2022": [ - "mp.com.1.gcp.fw.1" - ], - "PCI-4.0": [ - "1.2.5.17", - "1.2.8.21", - "1.2.8.41", - "1.3.1.24", - "1.3.2.24", - "1.3.2.45", - "1.4.2.19", - "1.4.2.22", - "1.5.1.21", - "1.5.1.40", - "10.3.2.12", - "2.2.5.17", - "3.5.1.3.14", - "A1.1.2.8", - "A1.1.3.16", - "A1.1.3.21", - "A1.1.3.40" - ], - "MITRE-ATTACK": [ - "T1190", - "T1199", - "T1048", - "T1498", - "T1046" - ], - "CIS-2.0": [ - "3.7" - ], - "NIS2": [ - "1.1.1.c", - "1.2.1", - "2.1.2.e", - "2.1.2.g", - "2.2.1", - "2.3.1", - "6.7.2.b", - "6.7.2.i", - "11.1.1", - "12.2.2.c" - ], - "ProwlerThreatScore-1.0": [ - "2.1.5" - ], - "CIS-4.0": [ - "3.7" - ], - "CCC": [ - "CCC.Build.CN03.AR01", - "CCC.DataWar.CN03.AR01", - "CCC.GenAI.CN04.AR01", - "CCC.MLDE.CN03.AR02", - "CCC.MLDE.CN04.AR02", - "CCC.MLDE.CN05.AR02", - "CCC.MLDE.CN07.AR01", - "CCC.MLDE.CN07.AR02", - "CCC.MLDE.CN08.AR01", - "CCC.MLDE.CN08.AR02", - "CCC.SvlsComp.CN01.AR01", - "CCC.Core.CN01.AR03", - "CCC.Core.CN01.AR07", - "CCC.Core.CN03.AR02", - "CCC.Core.CN03.AR04", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "GCP `Firewall Rules` are specific to a `VPC Network`. Each rule either `allows` or `denies` traffic when its conditions are met. Its conditions allow users to specify the type of traffic, such as ports and protocols, and the source or destination of the traffic, including IP addresses, subnets, and instances. Firewall rules are defined at the VPC network level and are specific to the network in which they are defined. The rules themselves cannot be shared among networks. Firewall rules only support IPv4 traffic. When specifying a source for an ingress rule or a destination for an egress rule by address, an `IPv4` address or `IPv4 block in CIDR` notation can be used. Generic `(0.0.0.0/0)` incoming traffic from the Internet to a VPC or VM instance using `RDP` on `Port 3389` can be avoided.", - "title": "Ensure That RDP Access Is Restricted From the Internet", - "types": [], - "uid": "prowler-gcp-compute_firewall_rdp_access_from_the_internet_allowed-nodal-time-474015-p5-global-default-allow-rdp" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "default-allow-rdp", - "id": "438688946219209863", - "source_ranges": [ - "0.0.0.0/0" - ], - "direction": "INGRESS", - "allowed_rules": [ - { - "IPProtocol": "tcp", - "ports": [ - "3389" - ] - } - ], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default-allow-rdp", - "type": "FirewallRule", - "uid": "438688946219209863" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "Ensure that Google Cloud Virtual Private Cloud (VPC) firewall rules do not allow unrestricted access (i.e. 0.0.0.0/0) on TCP port 3389 in order to restrict Remote Desktop Protocol (RDP) traffic to trusted IP addresses or IP ranges only and reduce the attack surface. TCP port 3389 is used for secure remote GUI login to Windows VM instances by connecting a RDP client application with an RDP server.", - "references": [ - "https://cloud.google.com/vpc/docs/using-firewalls" - ] - }, - "risk_details": "Allowing unrestricted Remote Desktop Protocol (RDP) access can increase opportunities for malicious activities such as hacking, Man-In-The-Middle attacks (MITM) and Pass-The-Hash (PTH) attacks.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Firewall default-allow-ssh does not expose port 3389 (RDP) to the internet.", - "metadata": { - "event_code": "compute_firewall_rdp_access_from_the_internet_allowed", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "PASS", - "status_detail": "Firewall default-allow-ssh does not expose port 3389 (RDP) to the internet.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.7" - ], - "SOC2": [ - "cc_6_6", - "cc_6_7" - ], - "ISO27001-2022": [ - "A.8.20" - ], - "ENS-RD2022": [ - "mp.com.1.gcp.fw.1" - ], - "PCI-4.0": [ - "1.2.5.17", - "1.2.8.21", - "1.2.8.41", - "1.3.1.24", - "1.3.2.24", - "1.3.2.45", - "1.4.2.19", - "1.4.2.22", - "1.5.1.21", - "1.5.1.40", - "10.3.2.12", - "2.2.5.17", - "3.5.1.3.14", - "A1.1.2.8", - "A1.1.3.16", - "A1.1.3.21", - "A1.1.3.40" - ], - "MITRE-ATTACK": [ - "T1190", - "T1199", - "T1048", - "T1498", - "T1046" - ], - "CIS-2.0": [ - "3.7" - ], - "NIS2": [ - "1.1.1.c", - "1.2.1", - "2.1.2.e", - "2.1.2.g", - "2.2.1", - "2.3.1", - "6.7.2.b", - "6.7.2.i", - "11.1.1", - "12.2.2.c" - ], - "ProwlerThreatScore-1.0": [ - "2.1.5" - ], - "CIS-4.0": [ - "3.7" - ], - "CCC": [ - "CCC.Build.CN03.AR01", - "CCC.DataWar.CN03.AR01", - "CCC.GenAI.CN04.AR01", - "CCC.MLDE.CN03.AR02", - "CCC.MLDE.CN04.AR02", - "CCC.MLDE.CN05.AR02", - "CCC.MLDE.CN07.AR01", - "CCC.MLDE.CN07.AR02", - "CCC.MLDE.CN08.AR01", - "CCC.MLDE.CN08.AR02", - "CCC.SvlsComp.CN01.AR01", - "CCC.Core.CN01.AR03", - "CCC.Core.CN01.AR07", - "CCC.Core.CN03.AR02", - "CCC.Core.CN03.AR04", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "GCP `Firewall Rules` are specific to a `VPC Network`. Each rule either `allows` or `denies` traffic when its conditions are met. Its conditions allow users to specify the type of traffic, such as ports and protocols, and the source or destination of the traffic, including IP addresses, subnets, and instances. Firewall rules are defined at the VPC network level and are specific to the network in which they are defined. The rules themselves cannot be shared among networks. Firewall rules only support IPv4 traffic. When specifying a source for an ingress rule or a destination for an egress rule by address, an `IPv4` address or `IPv4 block in CIDR` notation can be used. Generic `(0.0.0.0/0)` incoming traffic from the Internet to a VPC or VM instance using `RDP` on `Port 3389` can be avoided.", - "title": "Ensure That RDP Access Is Restricted From the Internet", - "types": [], - "uid": "prowler-gcp-compute_firewall_rdp_access_from_the_internet_allowed-nodal-time-474015-p5-global-default-allow-ssh" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "default-allow-ssh", - "id": "4612266095473677447", - "source_ranges": [ - "0.0.0.0/0" - ], - "direction": "INGRESS", - "allowed_rules": [ - { - "IPProtocol": "tcp", - "ports": [ - "22" - ] - } - ], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default-allow-ssh", - "type": "FirewallRule", - "uid": "4612266095473677447" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "Ensure that Google Cloud Virtual Private Cloud (VPC) firewall rules do not allow unrestricted access (i.e. 0.0.0.0/0) on TCP port 3389 in order to restrict Remote Desktop Protocol (RDP) traffic to trusted IP addresses or IP ranges only and reduce the attack surface. TCP port 3389 is used for secure remote GUI login to Windows VM instances by connecting a RDP client application with an RDP server.", - "references": [ - "https://cloud.google.com/vpc/docs/using-firewalls" - ] - }, - "risk_details": "Allowing unrestricted Remote Desktop Protocol (RDP) access can increase opportunities for malicious activities such as hacking, Man-In-The-Middle attacks (MITM) and Pass-The-Hash (PTH) attacks.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Firewall default-allow-icmp does not expose port 22 (SSH) to the internet.", - "metadata": { - "event_code": "compute_firewall_ssh_access_from_the_internet_allowed", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "PASS", - "status_detail": "Firewall default-allow-icmp does not expose port 22 (SSH) to the internet.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.6" - ], - "SOC2": [ - "cc_6_6", - "cc_6_7" - ], - "ISO27001-2022": [ - "A.8.20" - ], - "ENS-RD2022": [ - "mp.com.1.gcp.fw.2" - ], - "PCI-4.0": [ - "1.2.5.17", - "1.2.8.16", - "1.2.8.17", - "1.2.8.21", - "1.2.8.25", - "1.2.8.40", - "1.2.8.41", - "1.3.1.18", - "1.3.1.19", - "1.3.1.24", - "1.3.2.15", - "1.3.2.18", - "1.3.2.19", - "1.3.2.24", - "1.3.2.45", - "1.4.2.17", - "1.4.2.18", - "1.4.2.19", - "1.4.2.22", - "1.4.2.24", - "1.5.1.16", - "1.5.1.17", - "1.5.1.21", - "1.5.1.40", - "10.3.2.12", - "2.2.5.17", - "3.5.1.3.14", - "A1.1.2.8", - "A1.1.3.16", - "A1.1.3.17", - "A1.1.3.21", - "A1.1.3.23", - "A1.1.3.40", - "A3.4.1.8" - ], - "MITRE-ATTACK": [ - "T1190", - "T1199", - "T1048", - "T1498", - "T1046" - ], - "CIS-2.0": [ - "3.6" - ], - "NIS2": [ - "1.1.1.c", - "1.2.1", - "2.1.2.e", - "2.1.2.g", - "2.2.1", - "2.3.1", - "6.7.2.b", - "6.7.2.i", - "11.1.1", - "11.6.2.a", - "11.7.2", - "12.2.2.c" - ], - "ProwlerThreatScore-1.0": [ - "2.1.4" - ], - "CIS-4.0": [ - "3.6" - ], - "CCC": [ - "CCC.Build.CN03.AR01", - "CCC.DataWar.CN03.AR01", - "CCC.GenAI.CN04.AR01", - "CCC.MLDE.CN03.AR01", - "CCC.MLDE.CN03.AR02", - "CCC.MLDE.CN04.AR02", - "CCC.MLDE.CN05.AR02", - "CCC.MLDE.CN07.AR01", - "CCC.MLDE.CN07.AR02", - "CCC.MLDE.CN08.AR01", - "CCC.MLDE.CN08.AR02", - "CCC.SvlsComp.CN01.AR01", - "CCC.Core.CN01.AR02", - "CCC.Core.CN01.AR03", - "CCC.Core.CN01.AR07", - "CCC.Core.CN03.AR02", - "CCC.Core.CN03.AR04", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "GCP `Firewall Rules` are specific to a `VPC Network`. Each rule either `allows` or `denies` traffic when its conditions are met. Its conditions allow the user to specify the type of traffic, such as ports and protocols, and the source or destination of the traffic, including IP addresses, subnets, and instances. Firewall rules are defined at the VPC network level and are specific to the network in which they are defined. The rules themselves cannot be shared among networks. Firewall rules only support IPv4 traffic. When specifying a source for an ingress rule or a destination for an egress rule by address, only an `IPv4` address or `IPv4 block in CIDR` notation can be used. Generic `(0.0.0.0/0)` incoming traffic from the internet to VPC or VM instance using `SSH` on `Port 22` can be avoided.", - "title": "Ensure That SSH Access Is Restricted From the Internet", - "types": [], - "uid": "prowler-gcp-compute_firewall_ssh_access_from_the_internet_allowed-nodal-time-474015-p5-global-default-allow-icmp" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "default-allow-icmp", - "id": "613284056905897095", - "source_ranges": [ - "0.0.0.0/0" - ], - "direction": "INGRESS", - "allowed_rules": [ - { - "IPProtocol": "icmp" - } - ], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default-allow-icmp", - "type": "FirewallRule", - "uid": "613284056905897095" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "Check your Google Cloud Virtual Private Cloud (VPC) firewall rules for inbound rules that allow unrestricted access (i.e. 0.0.0.0/0) on TCP port 22 and restrict the access to trusted IP addresses or IP ranges only in order to implement the principle of least privilege and reduce the attack surface. TCP port 22 is used for secure remote login by connecting an SSH client application with an SSH server. It is strongly recommended to configure your Google Cloud VPC firewall rules to limit inbound traffic on TCP port 22 to known IP addresses only.", - "references": [ - "https://cloud.google.com/vpc/docs/using-firewalls" - ] - }, - "risk_details": "Exposing Secure Shell (SSH) port 22 to the Internet can increase opportunities for malicious activities such as hacking, Man-In-The-Middle attacks (MITM) and brute-force attacks.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Firewall default-allow-internal does not expose port 22 (SSH) to the internet.", - "metadata": { - "event_code": "compute_firewall_ssh_access_from_the_internet_allowed", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "PASS", - "status_detail": "Firewall default-allow-internal does not expose port 22 (SSH) to the internet.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.6" - ], - "SOC2": [ - "cc_6_6", - "cc_6_7" - ], - "ISO27001-2022": [ - "A.8.20" - ], - "ENS-RD2022": [ - "mp.com.1.gcp.fw.2" - ], - "PCI-4.0": [ - "1.2.5.17", - "1.2.8.16", - "1.2.8.17", - "1.2.8.21", - "1.2.8.25", - "1.2.8.40", - "1.2.8.41", - "1.3.1.18", - "1.3.1.19", - "1.3.1.24", - "1.3.2.15", - "1.3.2.18", - "1.3.2.19", - "1.3.2.24", - "1.3.2.45", - "1.4.2.17", - "1.4.2.18", - "1.4.2.19", - "1.4.2.22", - "1.4.2.24", - "1.5.1.16", - "1.5.1.17", - "1.5.1.21", - "1.5.1.40", - "10.3.2.12", - "2.2.5.17", - "3.5.1.3.14", - "A1.1.2.8", - "A1.1.3.16", - "A1.1.3.17", - "A1.1.3.21", - "A1.1.3.23", - "A1.1.3.40", - "A3.4.1.8" - ], - "MITRE-ATTACK": [ - "T1190", - "T1199", - "T1048", - "T1498", - "T1046" - ], - "CIS-2.0": [ - "3.6" - ], - "NIS2": [ - "1.1.1.c", - "1.2.1", - "2.1.2.e", - "2.1.2.g", - "2.2.1", - "2.3.1", - "6.7.2.b", - "6.7.2.i", - "11.1.1", - "11.6.2.a", - "11.7.2", - "12.2.2.c" - ], - "ProwlerThreatScore-1.0": [ - "2.1.4" - ], - "CIS-4.0": [ - "3.6" - ], - "CCC": [ - "CCC.Build.CN03.AR01", - "CCC.DataWar.CN03.AR01", - "CCC.GenAI.CN04.AR01", - "CCC.MLDE.CN03.AR01", - "CCC.MLDE.CN03.AR02", - "CCC.MLDE.CN04.AR02", - "CCC.MLDE.CN05.AR02", - "CCC.MLDE.CN07.AR01", - "CCC.MLDE.CN07.AR02", - "CCC.MLDE.CN08.AR01", - "CCC.MLDE.CN08.AR02", - "CCC.SvlsComp.CN01.AR01", - "CCC.Core.CN01.AR02", - "CCC.Core.CN01.AR03", - "CCC.Core.CN01.AR07", - "CCC.Core.CN03.AR02", - "CCC.Core.CN03.AR04", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "GCP `Firewall Rules` are specific to a `VPC Network`. Each rule either `allows` or `denies` traffic when its conditions are met. Its conditions allow the user to specify the type of traffic, such as ports and protocols, and the source or destination of the traffic, including IP addresses, subnets, and instances. Firewall rules are defined at the VPC network level and are specific to the network in which they are defined. The rules themselves cannot be shared among networks. Firewall rules only support IPv4 traffic. When specifying a source for an ingress rule or a destination for an egress rule by address, only an `IPv4` address or `IPv4 block in CIDR` notation can be used. Generic `(0.0.0.0/0)` incoming traffic from the internet to VPC or VM instance using `SSH` on `Port 22` can be avoided.", - "title": "Ensure That SSH Access Is Restricted From the Internet", - "types": [], - "uid": "prowler-gcp-compute_firewall_ssh_access_from_the_internet_allowed-nodal-time-474015-p5-global-default-allow-internal" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "default-allow-internal", - "id": "7344732286417982599", - "source_ranges": [ - "10.128.0.0/9" - ], - "direction": "INGRESS", - "allowed_rules": [ - { - "IPProtocol": "tcp", - "ports": [ - "0-65535" - ] - }, - { - "IPProtocol": "udp", - "ports": [ - "0-65535" - ] - }, - { - "IPProtocol": "icmp" - } - ], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default-allow-internal", - "type": "FirewallRule", - "uid": "7344732286417982599" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "Check your Google Cloud Virtual Private Cloud (VPC) firewall rules for inbound rules that allow unrestricted access (i.e. 0.0.0.0/0) on TCP port 22 and restrict the access to trusted IP addresses or IP ranges only in order to implement the principle of least privilege and reduce the attack surface. TCP port 22 is used for secure remote login by connecting an SSH client application with an SSH server. It is strongly recommended to configure your Google Cloud VPC firewall rules to limit inbound traffic on TCP port 22 to known IP addresses only.", - "references": [ - "https://cloud.google.com/vpc/docs/using-firewalls" - ] - }, - "risk_details": "Exposing Secure Shell (SSH) port 22 to the Internet can increase opportunities for malicious activities such as hacking, Man-In-The-Middle attacks (MITM) and brute-force attacks.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Firewall default-allow-rdp does not expose port 22 (SSH) to the internet.", - "metadata": { - "event_code": "compute_firewall_ssh_access_from_the_internet_allowed", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "PASS", - "status_detail": "Firewall default-allow-rdp does not expose port 22 (SSH) to the internet.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.6" - ], - "SOC2": [ - "cc_6_6", - "cc_6_7" - ], - "ISO27001-2022": [ - "A.8.20" - ], - "ENS-RD2022": [ - "mp.com.1.gcp.fw.2" - ], - "PCI-4.0": [ - "1.2.5.17", - "1.2.8.16", - "1.2.8.17", - "1.2.8.21", - "1.2.8.25", - "1.2.8.40", - "1.2.8.41", - "1.3.1.18", - "1.3.1.19", - "1.3.1.24", - "1.3.2.15", - "1.3.2.18", - "1.3.2.19", - "1.3.2.24", - "1.3.2.45", - "1.4.2.17", - "1.4.2.18", - "1.4.2.19", - "1.4.2.22", - "1.4.2.24", - "1.5.1.16", - "1.5.1.17", - "1.5.1.21", - "1.5.1.40", - "10.3.2.12", - "2.2.5.17", - "3.5.1.3.14", - "A1.1.2.8", - "A1.1.3.16", - "A1.1.3.17", - "A1.1.3.21", - "A1.1.3.23", - "A1.1.3.40", - "A3.4.1.8" - ], - "MITRE-ATTACK": [ - "T1190", - "T1199", - "T1048", - "T1498", - "T1046" - ], - "CIS-2.0": [ - "3.6" - ], - "NIS2": [ - "1.1.1.c", - "1.2.1", - "2.1.2.e", - "2.1.2.g", - "2.2.1", - "2.3.1", - "6.7.2.b", - "6.7.2.i", - "11.1.1", - "11.6.2.a", - "11.7.2", - "12.2.2.c" - ], - "ProwlerThreatScore-1.0": [ - "2.1.4" - ], - "CIS-4.0": [ - "3.6" - ], - "CCC": [ - "CCC.Build.CN03.AR01", - "CCC.DataWar.CN03.AR01", - "CCC.GenAI.CN04.AR01", - "CCC.MLDE.CN03.AR01", - "CCC.MLDE.CN03.AR02", - "CCC.MLDE.CN04.AR02", - "CCC.MLDE.CN05.AR02", - "CCC.MLDE.CN07.AR01", - "CCC.MLDE.CN07.AR02", - "CCC.MLDE.CN08.AR01", - "CCC.MLDE.CN08.AR02", - "CCC.SvlsComp.CN01.AR01", - "CCC.Core.CN01.AR02", - "CCC.Core.CN01.AR03", - "CCC.Core.CN01.AR07", - "CCC.Core.CN03.AR02", - "CCC.Core.CN03.AR04", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "GCP `Firewall Rules` are specific to a `VPC Network`. Each rule either `allows` or `denies` traffic when its conditions are met. Its conditions allow the user to specify the type of traffic, such as ports and protocols, and the source or destination of the traffic, including IP addresses, subnets, and instances. Firewall rules are defined at the VPC network level and are specific to the network in which they are defined. The rules themselves cannot be shared among networks. Firewall rules only support IPv4 traffic. When specifying a source for an ingress rule or a destination for an egress rule by address, only an `IPv4` address or `IPv4 block in CIDR` notation can be used. Generic `(0.0.0.0/0)` incoming traffic from the internet to VPC or VM instance using `SSH` on `Port 22` can be avoided.", - "title": "Ensure That SSH Access Is Restricted From the Internet", - "types": [], - "uid": "prowler-gcp-compute_firewall_ssh_access_from_the_internet_allowed-nodal-time-474015-p5-global-default-allow-rdp" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "default-allow-rdp", - "id": "438688946219209863", - "source_ranges": [ - "0.0.0.0/0" - ], - "direction": "INGRESS", - "allowed_rules": [ - { - "IPProtocol": "tcp", - "ports": [ - "3389" - ] - } - ], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default-allow-rdp", - "type": "FirewallRule", - "uid": "438688946219209863" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "Check your Google Cloud Virtual Private Cloud (VPC) firewall rules for inbound rules that allow unrestricted access (i.e. 0.0.0.0/0) on TCP port 22 and restrict the access to trusted IP addresses or IP ranges only in order to implement the principle of least privilege and reduce the attack surface. TCP port 22 is used for secure remote login by connecting an SSH client application with an SSH server. It is strongly recommended to configure your Google Cloud VPC firewall rules to limit inbound traffic on TCP port 22 to known IP addresses only.", - "references": [ - "https://cloud.google.com/vpc/docs/using-firewalls" - ] - }, - "risk_details": "Exposing Secure Shell (SSH) port 22 to the Internet can increase opportunities for malicious activities such as hacking, Man-In-The-Middle attacks (MITM) and brute-force attacks.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Firewall default-allow-ssh does exposes port 22 (SSH) to the internet.", - "metadata": { - "event_code": "compute_firewall_ssh_access_from_the_internet_allowed", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "FAIL", - "status_detail": "Firewall default-allow-ssh does exposes port 22 (SSH) to the internet.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.6" - ], - "SOC2": [ - "cc_6_6", - "cc_6_7" - ], - "ISO27001-2022": [ - "A.8.20" - ], - "ENS-RD2022": [ - "mp.com.1.gcp.fw.2" - ], - "PCI-4.0": [ - "1.2.5.17", - "1.2.8.16", - "1.2.8.17", - "1.2.8.21", - "1.2.8.25", - "1.2.8.40", - "1.2.8.41", - "1.3.1.18", - "1.3.1.19", - "1.3.1.24", - "1.3.2.15", - "1.3.2.18", - "1.3.2.19", - "1.3.2.24", - "1.3.2.45", - "1.4.2.17", - "1.4.2.18", - "1.4.2.19", - "1.4.2.22", - "1.4.2.24", - "1.5.1.16", - "1.5.1.17", - "1.5.1.21", - "1.5.1.40", - "10.3.2.12", - "2.2.5.17", - "3.5.1.3.14", - "A1.1.2.8", - "A1.1.3.16", - "A1.1.3.17", - "A1.1.3.21", - "A1.1.3.23", - "A1.1.3.40", - "A3.4.1.8" - ], - "MITRE-ATTACK": [ - "T1190", - "T1199", - "T1048", - "T1498", - "T1046" - ], - "CIS-2.0": [ - "3.6" - ], - "NIS2": [ - "1.1.1.c", - "1.2.1", - "2.1.2.e", - "2.1.2.g", - "2.2.1", - "2.3.1", - "6.7.2.b", - "6.7.2.i", - "11.1.1", - "11.6.2.a", - "11.7.2", - "12.2.2.c" - ], - "ProwlerThreatScore-1.0": [ - "2.1.4" - ], - "CIS-4.0": [ - "3.6" - ], - "CCC": [ - "CCC.Build.CN03.AR01", - "CCC.DataWar.CN03.AR01", - "CCC.GenAI.CN04.AR01", - "CCC.MLDE.CN03.AR01", - "CCC.MLDE.CN03.AR02", - "CCC.MLDE.CN04.AR02", - "CCC.MLDE.CN05.AR02", - "CCC.MLDE.CN07.AR01", - "CCC.MLDE.CN07.AR02", - "CCC.MLDE.CN08.AR01", - "CCC.MLDE.CN08.AR02", - "CCC.SvlsComp.CN01.AR01", - "CCC.Core.CN01.AR02", - "CCC.Core.CN01.AR03", - "CCC.Core.CN01.AR07", - "CCC.Core.CN03.AR02", - "CCC.Core.CN03.AR04", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "GCP `Firewall Rules` are specific to a `VPC Network`. Each rule either `allows` or `denies` traffic when its conditions are met. Its conditions allow the user to specify the type of traffic, such as ports and protocols, and the source or destination of the traffic, including IP addresses, subnets, and instances. Firewall rules are defined at the VPC network level and are specific to the network in which they are defined. The rules themselves cannot be shared among networks. Firewall rules only support IPv4 traffic. When specifying a source for an ingress rule or a destination for an egress rule by address, only an `IPv4` address or `IPv4 block in CIDR` notation can be used. Generic `(0.0.0.0/0)` incoming traffic from the internet to VPC or VM instance using `SSH` on `Port 22` can be avoided.", - "title": "Ensure That SSH Access Is Restricted From the Internet", - "types": [], - "uid": "prowler-gcp-compute_firewall_ssh_access_from_the_internet_allowed-nodal-time-474015-p5-global-default-allow-ssh" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "default-allow-ssh", - "id": "4612266095473677447", - "source_ranges": [ - "0.0.0.0/0" - ], - "direction": "INGRESS", - "allowed_rules": [ - { - "IPProtocol": "tcp", - "ports": [ - "22" - ] - } - ], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default-allow-ssh", - "type": "FirewallRule", - "uid": "4612266095473677447" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "Check your Google Cloud Virtual Private Cloud (VPC) firewall rules for inbound rules that allow unrestricted access (i.e. 0.0.0.0/0) on TCP port 22 and restrict the access to trusted IP addresses or IP ranges only in order to implement the principle of least privilege and reduce the attack surface. TCP port 22 is used for secure remote login by connecting an SSH client application with an SSH server. It is strongly recommended to configure your Google Cloud VPC firewall rules to limit inbound traffic on TCP port 22 to known IP addresses only.", - "references": [ - "https://cloud.google.com/vpc/docs/using-firewalls" - ] - }, - "risk_details": "Exposing Secure Shell (SSH) port 22 to the Internet can increase opportunities for malicious activities such as hacking, Man-In-The-Middle attacks (MITM) and brute-force attacks.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Default network is in use in project nodal-time-474015-p5.", - "metadata": { - "event_code": "compute_network_default_in_use", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Default network is in use in project nodal-time-474015-p5.", - "status_id": 1, - "unmapped": { - "related_url": "https://www.trendmicro.com/cloudoneconformity/knowledge-base/gcp/CloudVPC/default-vpc-in-use.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.1" - ], - "ISO27001-2022": [ - "A.8.20" - ], - "ENS-RD2022": [ - "mp.com.3.r1.gcp.net.1", - "mp.com.4.gcp.vpc.1", - "mp.com.4.r1.gcp.net.1" - ], - "PCI-4.0": [ - "1.4.2.19" - ], - "MITRE-ATTACK": [ - "T1046" - ], - "CIS-2.0": [ - "3.1" - ], - "NIS2": [ - "1.1.1.c", - "1.2.1", - "2.1.2.e", - "2.1.2.g", - "2.2.1", - "2.3.1", - "5.1.2.a", - "6.2.1" - ], - "ProwlerThreatScore-1.0": [ - "2.1.1" - ], - "CIS-4.0": [ - "3.1" - ], - "CCC": [ - "CCC.MLDE.CN08.AR01", - "CCC.MLDE.CN08.AR02", - "CCC.VPC.CN01.AR01" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure that the default network does not exist", - "title": "Ensure that the default network does not exist", - "types": [], - "uid": "prowler-gcp-compute_network_default_in_use-nodal-time-474015-p5-global-default" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "1894544973933139113", - "subnet_mode": "auto", - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Network", - "uid": "default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "When an organization deletes the default network, it may need to migrate or service onto a new network.", - "references": [ - "https://cloud.google.com/vpc/docs/using-vpc" - ] - }, - "risk_details": "The default network has a preconfigured network configuration and automatically generates insecure firewall rules.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Network default does not have DNS logging enabled.", - "metadata": { - "event_code": "compute_network_dns_logging_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Network default does not have DNS logging enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_6_6", - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.8.gcp.nt.1", - "mp.com.2.r2.gcp.scc.1", - "mp.com.3.r3.gcp.scc.1" - ], - "PCI-4.0": [ - "1.3.2.44", - "1.4.1.9", - "1.4.2.42", - "1.4.4.9", - "10.2.1.1.6", - "10.2.1.1.29", - "10.2.1.2.6", - "10.2.1.2.12", - "10.2.1.2.21", - "10.2.1.2.26", - "10.2.1.3.6", - "10.2.1.3.21", - "10.2.1.3.26", - "10.2.1.4.6", - "10.2.1.4.21", - "10.2.1.4.26", - "10.2.1.5.6", - "10.2.1.5.26", - "10.2.1.6.6", - "10.2.1.6.21", - "10.2.1.6.26", - "10.2.1.7.6", - "10.2.1.7.12", - "10.2.1.7.26", - "10.2.1.6", - "10.2.1.26", - "10.2.2.6", - "10.2.2.21", - "10.2.2.26", - "10.3.1.6", - "10.3.1.12", - "10.3.1.26", - "10.5.1.9", - "10.6.3.6", - "10.6.3.14", - "10.6.3.26", - "10.6.3.32", - "5.3.4.6", - "5.3.4.24", - "5.3.4.31", - "A1.2.1.6", - "A1.2.1.25", - "A1.2.1.30" - ], - "MITRE-ATTACK": [ - "T1046" - ], - "CIS-2.0": [ - "2.12" - ], - "NIS2": [ - "1.1.1.c", - "1.2.1", - "2.1.2.e", - "2.1.2.g", - "2.1.2.h", - "2.2.1", - "2.3.1", - "3.2.1", - "3.2.3.a", - "3.2.3.d", - "3.6.2", - "6.2.1", - "6.7.2.i", - "6.7.2.l", - "7.2.b", - "9.2.a", - "11.1.1", - "11.5.2.d", - "12.2.2.c" - ], - "CCC": [ - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure that Cloud DNS logging is enabled for all your Virtual Private Cloud (VPC) networks using DNS server policies. Cloud DNS logging records queries that the name servers resolve for your Google Cloud VPC networks, as well as queries from external entities directly to a public DNS zone. Recorded queries can come from virtual machine (VM) instances, GKE containers running in the same VPC network, peering zones, or other Google Cloud resources provisioned within your VPC.", - "title": "Enable Cloud DNS Logging for VPC Networks", - "types": [], - "uid": "prowler-gcp-compute_network_dns_logging_enabled-nodal-time-474015-p5-global-default" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "1894544973933139113", - "subnet_mode": "auto", - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Network", - "uid": "1894544973933139113" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "Cloud DNS logging records the queries from the name servers within your VPC to Stackdriver. Logged queries can come from Compute Engine VMs, GKE containers, or other GCP resources provisioned within the VPC.", - "references": [ - "https://cloud.google.com/dns/docs/monitoring" - ] - }, - "risk_details": "Cloud DNS logging is disabled by default on each Google Cloud VPC network. By enabling monitoring of Cloud DNS logs, you can increase visibility into the DNS names requested by the clients within your VPC network. Cloud DNS logs can be monitored for anomalous domain names and evaluated against threat intelligence.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Network my-auto-mode-network does not have DNS logging enabled.", - "metadata": { - "event_code": "compute_network_dns_logging_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Network my-auto-mode-network does not have DNS logging enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_6_6", - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.8.gcp.nt.1", - "mp.com.2.r2.gcp.scc.1", - "mp.com.3.r3.gcp.scc.1" - ], - "PCI-4.0": [ - "1.3.2.44", - "1.4.1.9", - "1.4.2.42", - "1.4.4.9", - "10.2.1.1.6", - "10.2.1.1.29", - "10.2.1.2.6", - "10.2.1.2.12", - "10.2.1.2.21", - "10.2.1.2.26", - "10.2.1.3.6", - "10.2.1.3.21", - "10.2.1.3.26", - "10.2.1.4.6", - "10.2.1.4.21", - "10.2.1.4.26", - "10.2.1.5.6", - "10.2.1.5.26", - "10.2.1.6.6", - "10.2.1.6.21", - "10.2.1.6.26", - "10.2.1.7.6", - "10.2.1.7.12", - "10.2.1.7.26", - "10.2.1.6", - "10.2.1.26", - "10.2.2.6", - "10.2.2.21", - "10.2.2.26", - "10.3.1.6", - "10.3.1.12", - "10.3.1.26", - "10.5.1.9", - "10.6.3.6", - "10.6.3.14", - "10.6.3.26", - "10.6.3.32", - "5.3.4.6", - "5.3.4.24", - "5.3.4.31", - "A1.2.1.6", - "A1.2.1.25", - "A1.2.1.30" - ], - "MITRE-ATTACK": [ - "T1046" - ], - "CIS-2.0": [ - "2.12" - ], - "NIS2": [ - "1.1.1.c", - "1.2.1", - "2.1.2.e", - "2.1.2.g", - "2.1.2.h", - "2.2.1", - "2.3.1", - "3.2.1", - "3.2.3.a", - "3.2.3.d", - "3.6.2", - "6.2.1", - "6.7.2.i", - "6.7.2.l", - "7.2.b", - "9.2.a", - "11.1.1", - "11.5.2.d", - "12.2.2.c" - ], - "CCC": [ - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure that Cloud DNS logging is enabled for all your Virtual Private Cloud (VPC) networks using DNS server policies. Cloud DNS logging records queries that the name servers resolve for your Google Cloud VPC networks, as well as queries from external entities directly to a public DNS zone. Recorded queries can come from virtual machine (VM) instances, GKE containers running in the same VPC network, peering zones, or other Google Cloud resources provisioned within your VPC.", - "title": "Enable Cloud DNS Logging for VPC Networks", - "types": [], - "uid": "prowler-gcp-compute_network_dns_logging_enabled-nodal-time-474015-p5-global-my-auto-mode-network" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "my-auto-mode-network", - "id": "7882304364714953002", - "subnet_mode": "auto", - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "my-auto-mode-network", - "type": "Network", - "uid": "7882304364714953002" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "Cloud DNS logging records the queries from the name servers within your VPC to Stackdriver. Logged queries can come from Compute Engine VMs, GKE containers, or other GCP resources provisioned within the VPC.", - "references": [ - "https://cloud.google.com/dns/docs/monitoring" - ] - }, - "risk_details": "Cloud DNS logging is disabled by default on each Google Cloud VPC network. By enabling monitoring of Cloud DNS logs, you can increase visibility into the DNS names requested by the clients within your VPC network. Cloud DNS logs can be monitored for anomalous domain names and evaluated against threat intelligence.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Network simple-workbench does not have DNS logging enabled.", - "metadata": { - "event_code": "compute_network_dns_logging_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Network simple-workbench does not have DNS logging enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_6_6", - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.8.gcp.nt.1", - "mp.com.2.r2.gcp.scc.1", - "mp.com.3.r3.gcp.scc.1" - ], - "PCI-4.0": [ - "1.3.2.44", - "1.4.1.9", - "1.4.2.42", - "1.4.4.9", - "10.2.1.1.6", - "10.2.1.1.29", - "10.2.1.2.6", - "10.2.1.2.12", - "10.2.1.2.21", - "10.2.1.2.26", - "10.2.1.3.6", - "10.2.1.3.21", - "10.2.1.3.26", - "10.2.1.4.6", - "10.2.1.4.21", - "10.2.1.4.26", - "10.2.1.5.6", - "10.2.1.5.26", - "10.2.1.6.6", - "10.2.1.6.21", - "10.2.1.6.26", - "10.2.1.7.6", - "10.2.1.7.12", - "10.2.1.7.26", - "10.2.1.6", - "10.2.1.26", - "10.2.2.6", - "10.2.2.21", - "10.2.2.26", - "10.3.1.6", - "10.3.1.12", - "10.3.1.26", - "10.5.1.9", - "10.6.3.6", - "10.6.3.14", - "10.6.3.26", - "10.6.3.32", - "5.3.4.6", - "5.3.4.24", - "5.3.4.31", - "A1.2.1.6", - "A1.2.1.25", - "A1.2.1.30" - ], - "MITRE-ATTACK": [ - "T1046" - ], - "CIS-2.0": [ - "2.12" - ], - "NIS2": [ - "1.1.1.c", - "1.2.1", - "2.1.2.e", - "2.1.2.g", - "2.1.2.h", - "2.2.1", - "2.3.1", - "3.2.1", - "3.2.3.a", - "3.2.3.d", - "3.6.2", - "6.2.1", - "6.7.2.i", - "6.7.2.l", - "7.2.b", - "9.2.a", - "11.1.1", - "11.5.2.d", - "12.2.2.c" - ], - "CCC": [ - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure that Cloud DNS logging is enabled for all your Virtual Private Cloud (VPC) networks using DNS server policies. Cloud DNS logging records queries that the name servers resolve for your Google Cloud VPC networks, as well as queries from external entities directly to a public DNS zone. Recorded queries can come from virtual machine (VM) instances, GKE containers running in the same VPC network, peering zones, or other Google Cloud resources provisioned within your VPC.", - "title": "Enable Cloud DNS Logging for VPC Networks", - "types": [], - "uid": "prowler-gcp-compute_network_dns_logging_enabled-nodal-time-474015-p5-global-simple-workbench" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "simple-workbench", - "id": "6879006949331747071", - "subnet_mode": "custom", - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "simple-workbench", - "type": "Network", - "uid": "6879006949331747071" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "Cloud DNS logging records the queries from the name servers within your VPC to Stackdriver. Logged queries can come from Compute Engine VMs, GKE containers, or other GCP resources provisioned within the VPC.", - "references": [ - "https://cloud.google.com/dns/docs/monitoring" - ] - }, - "risk_details": "Cloud DNS logging is disabled by default on each Google Cloud VPC network. By enabling monitoring of Cloud DNS logs, you can increase visibility into the DNS names requested by the clients within your VPC network. Cloud DNS logs can be monitored for anomalous domain names and evaluated against threat intelligence.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Network default is not legacy.", - "metadata": { - "event_code": "compute_network_not_legacy", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Network default is not legacy.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.2" - ], - "ISO27001-2022": [ - "A.8.20" - ], - "MITRE-ATTACK": [ - "T1498", - "T1046" - ], - "CIS-2.0": [ - "3.2" - ], - "NIS2": [ - "1.1.1.c", - "1.2.1", - "2.1.2.e", - "2.1.2.g", - "2.2.1", - "2.3.1", - "6.2.1", - "11.1.1" - ], - "ProwlerThreatScore-1.0": [ - "2.1.2" - ], - "CIS-4.0": [ - "3.2" - ], - "CCC": [ - "CCC.MLDE.CN08.AR01", - "CCC.MLDE.CN08.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "In order to prevent use of legacy networks, a project should not have a legacy network configured. As of now, Legacy Networks are gradually being phased out, and you can no longer create projects with them. This recommendation is to check older projects to ensure that they are not using Legacy Networks.", - "title": "Ensure Legacy Networks Do Not Exist", - "types": [], - "uid": "prowler-gcp-compute_network_not_legacy-nodal-time-474015-p5-global-default" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "1894544973933139113", - "subnet_mode": "auto", - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Network", - "uid": "1894544973933139113" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "Ensure that your Google Cloud Platform (GCP) projects are not using legacy networks as this type of network is no longer recommended for production environments because it does not support advanced networking features. Instead, it is strongly recommended to use Virtual Private Cloud (VPC) networks for existing and future GCP projects.", - "references": [ - "https://cloud.google.com/vpc/docs/using-legacy#deleting_a_legacy_network" - ] - }, - "risk_details": "Google Cloud legacy networks have a single global IPv4 range which cannot be divided into subnets, and a single gateway IP address for the whole network. Legacy networks do not support several Google Cloud networking features such as subnets, alias IP ranges, multiple network interfaces, Cloud NAT (Network Address Translation), Virtual Private Cloud (VPC) Peering, and private access options for GCP services. Legacy networks are not recommended for high network traffic projects and are subject to a single point of contention or failure.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Network my-auto-mode-network is not legacy.", - "metadata": { - "event_code": "compute_network_not_legacy", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Network my-auto-mode-network is not legacy.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.2" - ], - "ISO27001-2022": [ - "A.8.20" - ], - "MITRE-ATTACK": [ - "T1498", - "T1046" - ], - "CIS-2.0": [ - "3.2" - ], - "NIS2": [ - "1.1.1.c", - "1.2.1", - "2.1.2.e", - "2.1.2.g", - "2.2.1", - "2.3.1", - "6.2.1", - "11.1.1" - ], - "ProwlerThreatScore-1.0": [ - "2.1.2" - ], - "CIS-4.0": [ - "3.2" - ], - "CCC": [ - "CCC.MLDE.CN08.AR01", - "CCC.MLDE.CN08.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "In order to prevent use of legacy networks, a project should not have a legacy network configured. As of now, Legacy Networks are gradually being phased out, and you can no longer create projects with them. This recommendation is to check older projects to ensure that they are not using Legacy Networks.", - "title": "Ensure Legacy Networks Do Not Exist", - "types": [], - "uid": "prowler-gcp-compute_network_not_legacy-nodal-time-474015-p5-global-my-auto-mode-network" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "my-auto-mode-network", - "id": "7882304364714953002", - "subnet_mode": "auto", - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "my-auto-mode-network", - "type": "Network", - "uid": "7882304364714953002" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "Ensure that your Google Cloud Platform (GCP) projects are not using legacy networks as this type of network is no longer recommended for production environments because it does not support advanced networking features. Instead, it is strongly recommended to use Virtual Private Cloud (VPC) networks for existing and future GCP projects.", - "references": [ - "https://cloud.google.com/vpc/docs/using-legacy#deleting_a_legacy_network" - ] - }, - "risk_details": "Google Cloud legacy networks have a single global IPv4 range which cannot be divided into subnets, and a single gateway IP address for the whole network. Legacy networks do not support several Google Cloud networking features such as subnets, alias IP ranges, multiple network interfaces, Cloud NAT (Network Address Translation), Virtual Private Cloud (VPC) Peering, and private access options for GCP services. Legacy networks are not recommended for high network traffic projects and are subject to a single point of contention or failure.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Network simple-workbench is not legacy.", - "metadata": { - "event_code": "compute_network_not_legacy", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Network simple-workbench is not legacy.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.2" - ], - "ISO27001-2022": [ - "A.8.20" - ], - "MITRE-ATTACK": [ - "T1498", - "T1046" - ], - "CIS-2.0": [ - "3.2" - ], - "NIS2": [ - "1.1.1.c", - "1.2.1", - "2.1.2.e", - "2.1.2.g", - "2.2.1", - "2.3.1", - "6.2.1", - "11.1.1" - ], - "ProwlerThreatScore-1.0": [ - "2.1.2" - ], - "CIS-4.0": [ - "3.2" - ], - "CCC": [ - "CCC.MLDE.CN08.AR01", - "CCC.MLDE.CN08.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "In order to prevent use of legacy networks, a project should not have a legacy network configured. As of now, Legacy Networks are gradually being phased out, and you can no longer create projects with them. This recommendation is to check older projects to ensure that they are not using Legacy Networks.", - "title": "Ensure Legacy Networks Do Not Exist", - "types": [], - "uid": "prowler-gcp-compute_network_not_legacy-nodal-time-474015-p5-global-simple-workbench" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "simple-workbench", - "id": "6879006949331747071", - "subnet_mode": "custom", - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "simple-workbench", - "type": "Network", - "uid": "6879006949331747071" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "Ensure that your Google Cloud Platform (GCP) projects are not using legacy networks as this type of network is no longer recommended for production environments because it does not support advanced networking features. Instead, it is strongly recommended to use Virtual Private Cloud (VPC) networks for existing and future GCP projects.", - "references": [ - "https://cloud.google.com/vpc/docs/using-legacy#deleting_a_legacy_network" - ] - }, - "risk_details": "Google Cloud legacy networks have a single global IPv4 range which cannot be divided into subnets, and a single gateway IP address for the whole network. Legacy networks do not support several Google Cloud networking features such as subnets, alias IP ranges, multiple network interfaces, Cloud NAT (Network Address Translation), Virtual Private Cloud (VPC) Peering, and private access options for GCP services. Legacy networks are not recommended for high network traffic projects and are subject to a single point of contention or failure.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Project nodal-time-474015-p5 does not have OS Login enabled.", - "metadata": { - "event_code": "compute_project_os_login_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "Project nodal-time-474015-p5 does not have OS Login enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "4.4" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16" - ], - "ENS-RD2022": [ - "op.ext.3.gcp.log.1" - ], - "CIS-2.0": [ - "4.4" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.2.3.d", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "CIS-4.0": [ - "4.4" - ], - "CCC": [ - "CCC.MLDE.CN03.AR01", - "CCC.MLDE.CN03.AR02", - "CCC.Core.CN03.AR04", - "CCC.Core.CN05.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure that the OS Login feature is enabled at the Google Cloud Platform (GCP) project level in order to provide you with centralized and automated SSH key pair management.", - "title": "Ensure Os Login Is Enabled for a Project", - "types": [], - "uid": "prowler-gcp-compute_project_os_login_enabled-nodal-time-474015-p5-global-My First Project" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "number": 784623368087, - "id": "nodal-time-474015-p5", - "name": "My First Project", - "organization": null, - "labels": {}, - "lifecycle_state": "ACTIVE" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "My First Project", - "type": "GCPProject", - "uid": "nodal-time-474015-p5" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "Ensure that the OS Login feature is enabled at the Google Cloud Platform (GCP) project level in order to provide you with centralized and automated SSH key pair management.", - "references": [ - "https://cloud.google.com/compute/confidential-vm/docs/creating-cvm-instance:https://cloud.google.com/compute/confidential-vm/docs/about-cvm:https://cloud.google.com/confidential-computing:https://cloud.google.com/blog/products/identity-security/introducing-google-cloud-confidential-computing-with-confidential-vms" - ] - }, - "risk_details": "Enabling OS Login feature ensures that the SSH keys used to connect to VM instances are mapped with Google Cloud IAM users. Revoking access to corresponding IAM users will revoke all the SSH keys associated with these users, therefore it facilitates centralized SSH key pair management, which is extremely useful in handling compromised or stolen SSH key pairs and/or revocation of external/third-party/vendor users.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-asia-northeast2-default" - }, - "resources": [ - { - "region": "asia-northeast2", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "508768411464586402", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "asia-northeast2" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "508768411464586402" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "asia-northeast2" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet my-auto-mode-network in network my-auto-mode-network does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet my-auto-mode-network in network my-auto-mode-network does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-asia-northeast2-my-auto-mode-network" - }, - "resources": [ - { - "region": "asia-northeast2", - "data": { - "details": "", - "metadata": { - "name": "my-auto-mode-network", - "id": "5382528459507009827", - "network": "my-auto-mode-network", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "asia-northeast2" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "my-auto-mode-network", - "type": "Subnet", - "uid": "5382528459507009827" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "asia-northeast2" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-us-south1-default" - }, - "resources": [ - { - "region": "us-south1", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "1314274851926135970", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "us-south1" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "1314274851926135970" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-south1" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet my-auto-mode-network in network my-auto-mode-network does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet my-auto-mode-network in network my-auto-mode-network does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-us-south1-my-auto-mode-network" - }, - "resources": [ - { - "region": "us-south1", - "data": { - "details": "", - "metadata": { - "name": "my-auto-mode-network", - "id": "4585507886579878179", - "network": "my-auto-mode-network", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "us-south1" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "my-auto-mode-network", - "type": "Subnet", - "uid": "4585507886579878179" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-south1" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-northamerica-northeast2-default" - }, - "resources": [ - { - "region": "northamerica-northeast2", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "483380030849242274", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "northamerica-northeast2" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "483380030849242274" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "northamerica-northeast2" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet my-auto-mode-network in network my-auto-mode-network does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet my-auto-mode-network in network my-auto-mode-network does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-northamerica-northeast2-my-auto-mode-network" - }, - "resources": [ - { - "region": "northamerica-northeast2", - "data": { - "details": "", - "metadata": { - "name": "my-auto-mode-network", - "id": "2517471164936784163", - "network": "my-auto-mode-network", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "northamerica-northeast2" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "my-auto-mode-network", - "type": "Subnet", - "uid": "2517471164936784163" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "northamerica-northeast2" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-us-west4-default" - }, - "resources": [ - { - "region": "us-west4", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "7215612770497680546", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "us-west4" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "7215612770497680546" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-west4" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet my-auto-mode-network in network my-auto-mode-network does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet my-auto-mode-network in network my-auto-mode-network does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-us-west4-my-auto-mode-network" - }, - "resources": [ - { - "region": "us-west4", - "data": { - "details": "", - "metadata": { - "name": "my-auto-mode-network", - "id": "6333766653605087523", - "network": "my-auto-mode-network", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "us-west4" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "my-auto-mode-network", - "type": "Subnet", - "uid": "6333766653605087523" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-west4" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-us-central1-default" - }, - "resources": [ - { - "region": "us-central1", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "7706237583483294882", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "us-central1" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "7706237583483294882" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-central1" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet my-auto-mode-network in network my-auto-mode-network does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet my-auto-mode-network in network my-auto-mode-network does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-us-central1-my-auto-mode-network" - }, - "resources": [ - { - "region": "us-central1", - "data": { - "details": "", - "metadata": { - "name": "my-auto-mode-network", - "id": "989426765725731107", - "network": "my-auto-mode-network", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "us-central1" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "my-auto-mode-network", - "type": "Subnet", - "uid": "989426765725731107" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-central1" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet simple-subnet-01 in network simple-workbench does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet simple-subnet-01 in network simple-workbench does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-us-central1-simple-subnet-01" - }, - "resources": [ - { - "region": "us-central1", - "data": { - "details": "", - "metadata": { - "name": "simple-subnet-01", - "id": "8482275995630223604", - "network": "simple-workbench", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "us-central1" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "simple-subnet-01", - "type": "Subnet", - "uid": "8482275995630223604" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-central1" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-northamerica-south1-default" - }, - "resources": [ - { - "region": "northamerica-south1", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "7144258258311140514", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "northamerica-south1" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "7144258258311140514" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "northamerica-south1" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet my-auto-mode-network in network my-auto-mode-network does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet my-auto-mode-network in network my-auto-mode-network does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-northamerica-south1-my-auto-mode-network" - }, - "resources": [ - { - "region": "northamerica-south1", - "data": { - "details": "", - "metadata": { - "name": "my-auto-mode-network", - "id": "7329228270524205347", - "network": "my-auto-mode-network", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "northamerica-south1" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "my-auto-mode-network", - "type": "Subnet", - "uid": "7329228270524205347" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "northamerica-south1" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-us-west3-default" - }, - "resources": [ - { - "region": "us-west3", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "5329755272922092706", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "us-west3" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "5329755272922092706" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-west3" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet my-auto-mode-network in network my-auto-mode-network does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet my-auto-mode-network in network my-auto-mode-network does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-us-west3-my-auto-mode-network" - }, - "resources": [ - { - "region": "us-west3", - "data": { - "details": "", - "metadata": { - "name": "my-auto-mode-network", - "id": "1350990663324829987", - "network": "my-auto-mode-network", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "us-west3" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "my-auto-mode-network", - "type": "Subnet", - "uid": "1350990663324829987" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-west3" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-asia-east1-default" - }, - "resources": [ - { - "region": "asia-east1", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "5813254284192076962", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "asia-east1" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "5813254284192076962" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "asia-east1" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet my-auto-mode-network in network my-auto-mode-network does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet my-auto-mode-network in network my-auto-mode-network does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-asia-east1-my-auto-mode-network" - }, - "resources": [ - { - "region": "asia-east1", - "data": { - "details": "", - "metadata": { - "name": "my-auto-mode-network", - "id": "7418966166155594019", - "network": "my-auto-mode-network", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "asia-east1" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "my-auto-mode-network", - "type": "Subnet", - "uid": "7418966166155594019" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "asia-east1" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-africa-south1-default" - }, - "resources": [ - { - "region": "africa-south1", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "3728776852941657249", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "africa-south1" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "3728776852941657249" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "africa-south1" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet my-auto-mode-network in network my-auto-mode-network does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet my-auto-mode-network in network my-auto-mode-network does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-africa-south1-my-auto-mode-network" - }, - "resources": [ - { - "region": "africa-south1", - "data": { - "details": "", - "metadata": { - "name": "my-auto-mode-network", - "id": "5337094517333461283", - "network": "my-auto-mode-network", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "africa-south1" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "my-auto-mode-network", - "type": "Subnet", - "uid": "5337094517333461283" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "africa-south1" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-us-west1-default" - }, - "resources": [ - { - "region": "us-west1", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "8333568044404659362", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "us-west1" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "8333568044404659362" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-west1" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet my-auto-mode-network in network my-auto-mode-network does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet my-auto-mode-network in network my-auto-mode-network does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-us-west1-my-auto-mode-network" - }, - "resources": [ - { - "region": "us-west1", - "data": { - "details": "", - "metadata": { - "name": "my-auto-mode-network", - "id": "5258729269900118307", - "network": "my-auto-mode-network", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "us-west1" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "my-auto-mode-network", - "type": "Subnet", - "uid": "5258729269900118307" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-west1" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-us-west2-default" - }, - "resources": [ - { - "region": "us-west2", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "24288970830075042", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "us-west2" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "24288970830075042" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-west2" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet my-auto-mode-network in network my-auto-mode-network does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet my-auto-mode-network in network my-auto-mode-network does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-us-west2-my-auto-mode-network" - }, - "resources": [ - { - "region": "us-west2", - "data": { - "details": "", - "metadata": { - "name": "my-auto-mode-network", - "id": "5617727019029137699", - "network": "my-auto-mode-network", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "us-west2" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "my-auto-mode-network", - "type": "Subnet", - "uid": "5617727019029137699" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-west2" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-asia-northeast3-default" - }, - "resources": [ - { - "region": "asia-northeast3", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "9096168126651389090", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "asia-northeast3" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "9096168126651389090" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "asia-northeast3" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet my-auto-mode-network in network my-auto-mode-network does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet my-auto-mode-network in network my-auto-mode-network does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-asia-northeast3-my-auto-mode-network" - }, - "resources": [ - { - "region": "asia-northeast3", - "data": { - "details": "", - "metadata": { - "name": "my-auto-mode-network", - "id": "5639285641731148067", - "network": "my-auto-mode-network", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "asia-northeast3" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "my-auto-mode-network", - "type": "Subnet", - "uid": "5639285641731148067" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "asia-northeast3" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-northamerica-northeast1-default" - }, - "resources": [ - { - "region": "northamerica-northeast1", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "3188169212019954850", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "northamerica-northeast1" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "3188169212019954850" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "northamerica-northeast1" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet my-auto-mode-network in network my-auto-mode-network does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet my-auto-mode-network in network my-auto-mode-network does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-northamerica-northeast1-my-auto-mode-network" - }, - "resources": [ - { - "region": "northamerica-northeast1", - "data": { - "details": "", - "metadata": { - "name": "my-auto-mode-network", - "id": "1657963056985573667", - "network": "my-auto-mode-network", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "northamerica-northeast1" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "my-auto-mode-network", - "type": "Subnet", - "uid": "1657963056985573667" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "northamerica-northeast1" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-us-east4-default" - }, - "resources": [ - { - "region": "us-east4", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "2543292856211690658", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "us-east4" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "2543292856211690658" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-east4" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet my-auto-mode-network in network my-auto-mode-network does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet my-auto-mode-network in network my-auto-mode-network does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-us-east4-my-auto-mode-network" - }, - "resources": [ - { - "region": "us-east4", - "data": { - "details": "", - "metadata": { - "name": "my-auto-mode-network", - "id": "6281437725553363235", - "network": "my-auto-mode-network", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "us-east4" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "my-auto-mode-network", - "type": "Subnet", - "uid": "6281437725553363235" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-east4" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-europe-west4-default" - }, - "resources": [ - { - "region": "europe-west4", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "5555571983192249506", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "europe-west4" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "5555571983192249506" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "europe-west4" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet my-auto-mode-network in network my-auto-mode-network does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet my-auto-mode-network in network my-auto-mode-network does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-europe-west4-my-auto-mode-network" - }, - "resources": [ - { - "region": "europe-west4", - "data": { - "details": "", - "metadata": { - "name": "my-auto-mode-network", - "id": "3792494857442330915", - "network": "my-auto-mode-network", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "europe-west4" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "my-auto-mode-network", - "type": "Subnet", - "uid": "3792494857442330915" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "europe-west4" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-europe-west3-default" - }, - "resources": [ - { - "region": "europe-west3", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "5772105379350140066", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "europe-west3" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "5772105379350140066" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "europe-west3" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet my-auto-mode-network in network my-auto-mode-network does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet my-auto-mode-network in network my-auto-mode-network does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-europe-west3-my-auto-mode-network" - }, - "resources": [ - { - "region": "europe-west3", - "data": { - "details": "", - "metadata": { - "name": "my-auto-mode-network", - "id": "1302189221978081571", - "network": "my-auto-mode-network", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "europe-west3" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "my-auto-mode-network", - "type": "Subnet", - "uid": "1302189221978081571" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "europe-west3" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-europe-southwest1-default" - }, - "resources": [ - { - "region": "europe-southwest1", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "1089352323782235298", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "europe-southwest1" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "1089352323782235298" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "europe-southwest1" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet my-auto-mode-network in network my-auto-mode-network does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet my-auto-mode-network in network my-auto-mode-network does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-europe-southwest1-my-auto-mode-network" - }, - "resources": [ - { - "region": "europe-southwest1", - "data": { - "details": "", - "metadata": { - "name": "my-auto-mode-network", - "id": "7896974598608554275", - "network": "my-auto-mode-network", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "europe-southwest1" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "my-auto-mode-network", - "type": "Subnet", - "uid": "7896974598608554275" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "europe-southwest1" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-europe-west2-default" - }, - "resources": [ - { - "region": "europe-west2", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "1891634321841280162", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "europe-west2" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "1891634321841280162" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "europe-west2" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet my-auto-mode-network in network my-auto-mode-network does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet my-auto-mode-network in network my-auto-mode-network does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-europe-west2-my-auto-mode-network" - }, - "resources": [ - { - "region": "europe-west2", - "data": { - "details": "", - "metadata": { - "name": "my-auto-mode-network", - "id": "296939310166870307", - "network": "my-auto-mode-network", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "europe-west2" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "my-auto-mode-network", - "type": "Subnet", - "uid": "296939310166870307" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "europe-west2" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-europe-west6-default" - }, - "resources": [ - { - "region": "europe-west6", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "3716081487960429730", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "europe-west6" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "3716081487960429730" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "europe-west6" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet my-auto-mode-network in network my-auto-mode-network does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet my-auto-mode-network in network my-auto-mode-network does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-europe-west6-my-auto-mode-network" - }, - "resources": [ - { - "region": "europe-west6", - "data": { - "details": "", - "metadata": { - "name": "my-auto-mode-network", - "id": "8430378969489508643", - "network": "my-auto-mode-network", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "europe-west6" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "my-auto-mode-network", - "type": "Subnet", - "uid": "8430378969489508643" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "europe-west6" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-us-east5-default" - }, - "resources": [ - { - "region": "us-east5", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "1401430415650673826", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "us-east5" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "1401430415650673826" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-east5" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet my-auto-mode-network in network my-auto-mode-network does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet my-auto-mode-network in network my-auto-mode-network does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-us-east5-my-auto-mode-network" - }, - "resources": [ - { - "region": "us-east5", - "data": { - "details": "", - "metadata": { - "name": "my-auto-mode-network", - "id": "5540315868515830051", - "network": "my-auto-mode-network", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "us-east5" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "my-auto-mode-network", - "type": "Subnet", - "uid": "5540315868515830051" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-east5" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-asia-south1-default" - }, - "resources": [ - { - "region": "asia-south1", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "7023929475293861026", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "asia-south1" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "7023929475293861026" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "asia-south1" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet my-auto-mode-network in network my-auto-mode-network does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet my-auto-mode-network in network my-auto-mode-network does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-asia-south1-my-auto-mode-network" - }, - "resources": [ - { - "region": "asia-south1", - "data": { - "details": "", - "metadata": { - "name": "my-auto-mode-network", - "id": "5729154426490882338", - "network": "my-auto-mode-network", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "asia-south1" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "my-auto-mode-network", - "type": "Subnet", - "uid": "5729154426490882338" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "asia-south1" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-us-east1-default" - }, - "resources": [ - { - "region": "us-east1", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "355354730862040226", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "us-east1" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "355354730862040226" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-east1" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet my-auto-mode-network in network my-auto-mode-network does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet my-auto-mode-network in network my-auto-mode-network does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-us-east1-my-auto-mode-network" - }, - "resources": [ - { - "region": "us-east1", - "data": { - "details": "", - "metadata": { - "name": "my-auto-mode-network", - "id": "5660097635908356387", - "network": "my-auto-mode-network", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "us-east1" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "my-auto-mode-network", - "type": "Subnet", - "uid": "5660097635908356387" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-east1" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-me-west1-default" - }, - "resources": [ - { - "region": "me-west1", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "5036744520860521634", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "me-west1" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "5036744520860521634" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "me-west1" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet my-auto-mode-network in network my-auto-mode-network does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet my-auto-mode-network in network my-auto-mode-network does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-me-west1-my-auto-mode-network" - }, - "resources": [ - { - "region": "me-west1", - "data": { - "details": "", - "metadata": { - "name": "my-auto-mode-network", - "id": "7650255777157384483", - "network": "my-auto-mode-network", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "me-west1" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "my-auto-mode-network", - "type": "Subnet", - "uid": "7650255777157384483" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "me-west1" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-asia-south2-default" - }, - "resources": [ - { - "region": "asia-south2", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "3652760235359687842", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "asia-south2" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "3652760235359687842" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "asia-south2" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet my-auto-mode-network in network my-auto-mode-network does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet my-auto-mode-network in network my-auto-mode-network does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-asia-south2-my-auto-mode-network" - }, - "resources": [ - { - "region": "asia-south2", - "data": { - "details": "", - "metadata": { - "name": "my-auto-mode-network", - "id": "3383054087516358946", - "network": "my-auto-mode-network", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "asia-south2" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "my-auto-mode-network", - "type": "Subnet", - "uid": "3383054087516358946" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "asia-south2" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-southamerica-west1-default" - }, - "resources": [ - { - "region": "southamerica-west1", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "608650311179523233", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "southamerica-west1" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "608650311179523233" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "southamerica-west1" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet my-auto-mode-network in network my-auto-mode-network does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet my-auto-mode-network in network my-auto-mode-network does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-southamerica-west1-my-auto-mode-network" - }, - "resources": [ - { - "region": "southamerica-west1", - "data": { - "details": "", - "metadata": { - "name": "my-auto-mode-network", - "id": "5300207383985293602", - "network": "my-auto-mode-network", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "southamerica-west1" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "my-auto-mode-network", - "type": "Subnet", - "uid": "5300207383985293602" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "southamerica-west1" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-europe-north2-default" - }, - "resources": [ - { - "region": "europe-north2", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "1953758124674995362", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "europe-north2" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "1953758124674995362" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "europe-north2" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet my-auto-mode-network in network my-auto-mode-network does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet my-auto-mode-network in network my-auto-mode-network does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-europe-north2-my-auto-mode-network" - }, - "resources": [ - { - "region": "europe-north2", - "data": { - "details": "", - "metadata": { - "name": "my-auto-mode-network", - "id": "5675017759589173539", - "network": "my-auto-mode-network", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "europe-north2" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "my-auto-mode-network", - "type": "Subnet", - "uid": "5675017759589173539" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "europe-north2" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-asia-northeast1-default" - }, - "resources": [ - { - "region": "asia-northeast1", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "7315669883403457698", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "asia-northeast1" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "7315669883403457698" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "asia-northeast1" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet my-auto-mode-network in network my-auto-mode-network does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet my-auto-mode-network in network my-auto-mode-network does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-asia-northeast1-my-auto-mode-network" - }, - "resources": [ - { - "region": "asia-northeast1", - "data": { - "details": "", - "metadata": { - "name": "my-auto-mode-network", - "id": "6448791379645073699", - "network": "my-auto-mode-network", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "asia-northeast1" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "my-auto-mode-network", - "type": "Subnet", - "uid": "6448791379645073699" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "asia-northeast1" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-europe-west1-default" - }, - "resources": [ - { - "region": "europe-west1", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "3398545940062753954", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "europe-west1" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "3398545940062753954" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "europe-west1" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet my-auto-mode-network in network my-auto-mode-network does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet my-auto-mode-network in network my-auto-mode-network does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-europe-west1-my-auto-mode-network" - }, - "resources": [ - { - "region": "europe-west1", - "data": { - "details": "", - "metadata": { - "name": "my-auto-mode-network", - "id": "6016379114575399203", - "network": "my-auto-mode-network", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "europe-west1" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "my-auto-mode-network", - "type": "Subnet", - "uid": "6016379114575399203" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "europe-west1" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-europe-west9-default" - }, - "resources": [ - { - "region": "europe-west9", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "1074046580757714082", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "europe-west9" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "1074046580757714082" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "europe-west9" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet my-auto-mode-network in network my-auto-mode-network does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet my-auto-mode-network in network my-auto-mode-network does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-europe-west9-my-auto-mode-network" - }, - "resources": [ - { - "region": "europe-west9", - "data": { - "details": "", - "metadata": { - "name": "my-auto-mode-network", - "id": "5381244156911323427", - "network": "my-auto-mode-network", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "europe-west9" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "my-auto-mode-network", - "type": "Subnet", - "uid": "5381244156911323427" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "europe-west9" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-europe-west12-default" - }, - "resources": [ - { - "region": "europe-west12", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "5525328356797142178", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "europe-west12" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "5525328356797142178" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "europe-west12" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet my-auto-mode-network in network my-auto-mode-network does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet my-auto-mode-network in network my-auto-mode-network does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-europe-west12-my-auto-mode-network" - }, - "resources": [ - { - "region": "europe-west12", - "data": { - "details": "", - "metadata": { - "name": "my-auto-mode-network", - "id": "3212626551100705058", - "network": "my-auto-mode-network", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "europe-west12" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "my-auto-mode-network", - "type": "Subnet", - "uid": "3212626551100705058" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "europe-west12" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-europe-central2-default" - }, - "resources": [ - { - "region": "europe-central2", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "4980955262212461730", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "europe-central2" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "4980955262212461730" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "europe-central2" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet my-auto-mode-network in network my-auto-mode-network does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet my-auto-mode-network in network my-auto-mode-network does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-europe-central2-my-auto-mode-network" - }, - "resources": [ - { - "region": "europe-central2", - "data": { - "details": "", - "metadata": { - "name": "my-auto-mode-network", - "id": "4030368752093137187", - "network": "my-auto-mode-network", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "europe-central2" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "my-auto-mode-network", - "type": "Subnet", - "uid": "4030368752093137187" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "europe-central2" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-australia-southeast2-default" - }, - "resources": [ - { - "region": "australia-southeast2", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "4285468416242439330", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "australia-southeast2" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "4285468416242439330" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "australia-southeast2" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet my-auto-mode-network in network my-auto-mode-network does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet my-auto-mode-network in network my-auto-mode-network does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-australia-southeast2-my-auto-mode-network" - }, - "resources": [ - { - "region": "australia-southeast2", - "data": { - "details": "", - "metadata": { - "name": "my-auto-mode-network", - "id": "7995795735890659617", - "network": "my-auto-mode-network", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "australia-southeast2" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "my-auto-mode-network", - "type": "Subnet", - "uid": "7995795735890659617" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "australia-southeast2" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-asia-southeast2-default" - }, - "resources": [ - { - "region": "asia-southeast2", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "1491739310004196514", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "asia-southeast2" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "1491739310004196514" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "asia-southeast2" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet my-auto-mode-network in network my-auto-mode-network does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet my-auto-mode-network in network my-auto-mode-network does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-asia-southeast2-my-auto-mode-network" - }, - "resources": [ - { - "region": "asia-southeast2", - "data": { - "details": "", - "metadata": { - "name": "my-auto-mode-network", - "id": "5565608540079950115", - "network": "my-auto-mode-network", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "asia-southeast2" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "my-auto-mode-network", - "type": "Subnet", - "uid": "5565608540079950115" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "asia-southeast2" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-australia-southeast1-default" - }, - "resources": [ - { - "region": "australia-southeast1", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "5526634061214864546", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "australia-southeast1" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "5526634061214864546" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "australia-southeast1" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet my-auto-mode-network in network my-auto-mode-network does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet my-auto-mode-network in network my-auto-mode-network does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-australia-southeast1-my-auto-mode-network" - }, - "resources": [ - { - "region": "australia-southeast1", - "data": { - "details": "", - "metadata": { - "name": "my-auto-mode-network", - "id": "2912428282938427682", - "network": "my-auto-mode-network", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "australia-southeast1" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "my-auto-mode-network", - "type": "Subnet", - "uid": "2912428282938427682" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "australia-southeast1" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-europe-west10-default" - }, - "resources": [ - { - "region": "europe-west10", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "4896835085019993250", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "europe-west10" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "4896835085019993250" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "europe-west10" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet my-auto-mode-network in network my-auto-mode-network does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet my-auto-mode-network in network my-auto-mode-network does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-europe-west10-my-auto-mode-network" - }, - "resources": [ - { - "region": "europe-west10", - "data": { - "details": "", - "metadata": { - "name": "my-auto-mode-network", - "id": "7985414817116096803", - "network": "my-auto-mode-network", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "europe-west10" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "my-auto-mode-network", - "type": "Subnet", - "uid": "7985414817116096803" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "europe-west10" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-asia-southeast1-default" - }, - "resources": [ - { - "region": "asia-southeast1", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "4056355735184430242", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "asia-southeast1" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "4056355735184430242" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "asia-southeast1" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet my-auto-mode-network in network my-auto-mode-network does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet my-auto-mode-network in network my-auto-mode-network does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-asia-southeast1-my-auto-mode-network" - }, - "resources": [ - { - "region": "asia-southeast1", - "data": { - "details": "", - "metadata": { - "name": "my-auto-mode-network", - "id": "5582712280968628515", - "network": "my-auto-mode-network", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "asia-southeast1" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "my-auto-mode-network", - "type": "Subnet", - "uid": "5582712280968628515" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "asia-southeast1" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-europe-west8-default" - }, - "resources": [ - { - "region": "europe-west8", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "8540268486600512674", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "europe-west8" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "8540268486600512674" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "europe-west8" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet my-auto-mode-network in network my-auto-mode-network does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet my-auto-mode-network in network my-auto-mode-network does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-europe-west8-my-auto-mode-network" - }, - "resources": [ - { - "region": "europe-west8", - "data": { - "details": "", - "metadata": { - "name": "my-auto-mode-network", - "id": "3747226911459805474", - "network": "my-auto-mode-network", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "europe-west8" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "my-auto-mode-network", - "type": "Subnet", - "uid": "3747226911459805474" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "europe-west8" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-me-central1-default" - }, - "resources": [ - { - "region": "me-central1", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "8693862684678509730", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "me-central1" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "8693862684678509730" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "me-central1" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet my-auto-mode-network in network my-auto-mode-network does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet my-auto-mode-network in network my-auto-mode-network does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-me-central1-my-auto-mode-network" - }, - "resources": [ - { - "region": "me-central1", - "data": { - "details": "", - "metadata": { - "name": "my-auto-mode-network", - "id": "5978380323431942435", - "network": "my-auto-mode-network", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "me-central1" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "my-auto-mode-network", - "type": "Subnet", - "uid": "5978380323431942435" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "me-central1" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-southamerica-east1-default" - }, - "resources": [ - { - "region": "southamerica-east1", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "5608727104037934242", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "southamerica-east1" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "5608727104037934242" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "southamerica-east1" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet my-auto-mode-network in network my-auto-mode-network does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet my-auto-mode-network in network my-auto-mode-network does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-southamerica-east1-my-auto-mode-network" - }, - "resources": [ - { - "region": "southamerica-east1", - "data": { - "details": "", - "metadata": { - "name": "my-auto-mode-network", - "id": "612290845719693601", - "network": "my-auto-mode-network", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "southamerica-east1" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "my-auto-mode-network", - "type": "Subnet", - "uid": "612290845719693601" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "southamerica-east1" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-europe-north1-default" - }, - "resources": [ - { - "region": "europe-north1", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "6168370688555570338", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "europe-north1" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "6168370688555570338" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "europe-north1" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet my-auto-mode-network in network my-auto-mode-network does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet my-auto-mode-network in network my-auto-mode-network does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-europe-north1-my-auto-mode-network" - }, - "resources": [ - { - "region": "europe-north1", - "data": { - "details": "", - "metadata": { - "name": "my-auto-mode-network", - "id": "5273743466249619747", - "network": "my-auto-mode-network", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "europe-north1" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "my-auto-mode-network", - "type": "Subnet", - "uid": "5273743466249619747" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "europe-north1" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-asia-east2-default" - }, - "resources": [ - { - "region": "asia-east2", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "6078557433428006050", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "asia-east2" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "6078557433428006050" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "asia-east2" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet my-auto-mode-network in network my-auto-mode-network does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet my-auto-mode-network in network my-auto-mode-network does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-asia-east2-my-auto-mode-network" - }, - "resources": [ - { - "region": "asia-east2", - "data": { - "details": "", - "metadata": { - "name": "my-auto-mode-network", - "id": "9109773367570368801", - "network": "my-auto-mode-network", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "asia-east2" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "my-auto-mode-network", - "type": "Subnet", - "uid": "9109773367570368801" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "asia-east2" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "GCR Container Scanning is not enabled in project nodal-time-474015-p5.", - "metadata": { - "event_code": "gcr_container_scanning_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "GCR Container Scanning is not enabled in project nodal-time-474015-p5.", - "status_id": 1, - "unmapped": { - "related_url": "https://cloud.google.com/container-registry/docs/container-analysis", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "By default, GCR Container Scanning is disabled.", - "compliance": { - "SOC2": [ - "cc_3_1", - "cc_3_2" - ], - "ENS-RD2022": [ - "op.mon.1.r1.gcp.scc.1", - "op.mon.1.r2.gcp.scc.1", - "op.mon.3.gcp.scc.1" - ], - "PCI-4.0": [ - "11.3.1.2.1", - "11.3.1.3.3", - "11.3.1.3" - ], - "NIS2": [ - "2.2.1", - "5.1.4.f", - "5.1.7.d", - "6.6.1.a", - "6.9.2" - ], - "CCC": [ - "CCC.CntrReg.CN01.AR01", - "CCC.GenAI.CN04.AR01", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.MLDE.CN05.AR01", - "CCC.MLDE.CN05.AR02", - "CCC.MLDE.CN06.AR01" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Scan images stored in Google Container Registry (GCR) for vulnerabilities using GCR Container Scanning or a third-party provider. This helps identify and mitigate security risks associated with known vulnerabilities in container images.", - "title": "Ensure Image Vulnerability Scanning using GCR Container Scanning or a third-party provider", - "types": [ - "Security", - "Configuration" - ], - "uid": "prowler-gcp-gcr_container_scanning_enabled-nodal-time-474015-p5-global-GCR Container Scanning" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "number": 784623368087, - "id": "nodal-time-474015-p5", - "name": "My First Project", - "organization": null, - "labels": {}, - "lifecycle_state": "ACTIVE" - } - }, - "group": { - "name": "gcr" - }, - "labels": [], - "name": "GCR Container Scanning", - "type": "Service", - "uid": "containerscanning.googleapis.com" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "Enable vulnerability scanning for images stored in GCR using GCR Container Scanning or a third-party provider.", - "references": [ - "https://cloud.google.com/container-registry/docs/container-best-practices" - ] - }, - "risk_details": "Without image vulnerability scanning, container images stored in GCR may contain known vulnerabilities, increasing the risk of exploitation by malicious actors.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Audit Logs are not enabled for project nodal-time-474015-p5.", - "metadata": { - "event_code": "iam_audit_logs_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Audit Logs are not enabled for project nodal-time-474015-p5.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "2.1" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16" - ], - "ENS-RD2022": [ - "opc.acc.1.r1.gcp.iam.2", - "op.acc.6.r5.gcp.cl.1", - "op.acc.6.r9.gcp.api.1" - ], - "PCI-4.0": [ - "1.5.1.31", - "10.2.1.1.7", - "10.2.1.1.10", - "10.2.1.1.20", - "10.2.1.1.25", - "10.2.1.1.36", - "10.2.1.2.1", - "10.2.1.2.7", - "10.2.1.2.8", - "10.2.1.2.19", - "10.2.1.2.24", - "10.2.1.3.7", - "10.2.1.3.8", - "10.2.1.3.11", - "10.2.1.3.17", - "10.2.1.3.19", - "10.2.1.4.1", - "10.2.1.4.7", - "10.2.1.4.8", - "10.2.1.4.19", - "10.2.1.4.24", - "10.2.1.5.1", - "10.2.1.5.7", - "10.2.1.5.19", - "10.2.1.5.24", - "10.2.1.6.7", - "10.2.1.6.8", - "10.2.1.6.24", - "10.2.1.7.7", - "10.2.1.7.8", - "10.2.1.7.19", - "10.2.1.7.24", - "10.2.1.1", - "10.2.1.7", - "10.2.1.8", - "10.2.1.11", - "10.2.1.17", - "10.2.1.18", - "10.2.1.19", - "10.2.1.24", - "10.2.1.30", - "10.2.2.1", - "10.2.2.7", - "10.2.2.8", - "10.2.2.18", - "10.2.2.24", - "10.3.1.7", - "10.3.1.8", - "10.3.1.24", - "10.3.2.2", - "10.3.2.5", - "10.3.3.4", - "10.3.3.7", - "10.3.4.3", - "10.3.4.6", - "10.4.1.1.3", - "10.5.1.3", - "10.6.3.7", - "10.6.3.10", - "10.6.3.22", - "10.6.3.24", - "10.6.3.41", - "11.5.2.4", - "11.6.1.4", - "12.10.5.4", - "5.3.4.7", - "5.3.4.8", - "5.3.4.9", - "5.3.4.20", - "5.3.4.21", - "5.3.4.22", - "7.2.1.15", - "7.2.2.15", - "7.2.5.11", - "7.3.1.11", - "7.3.2.11", - "7.3.3.11", - "8.2.8.13", - "A1.2.1.1", - "A1.2.1.7", - "A1.2.1.8", - "A1.2.1.10", - "A1.2.1.12", - "A1.2.1.28", - "A3.3.1.6", - "A3.5.1.6" - ], - "CIS-2.0": [ - "2.1" - ], - "NIS2": [ - "3.1.3", - "3.2.1", - "3.2.3.c", - "3.2.3.d", - "3.2.3.e", - "3.6.2", - "7.2.b", - "11.2.2.e", - "11.2.2.f", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "1.3.3" - ], - "CIS-4.0": [ - "2.1" - ], - "CCC": [ - "CCC.AuditLog.CN01.AR01", - "CCC.AuditLog.CN01.AR02", - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.AuditLog.CN07.AR01", - "CCC.DataWar.CN03.AR01", - "CCC.GenAI.CN03.AR01", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.LB.CN04.AR01", - "CCC.LB.CN05.AR01", - "CCC.LB.CN09.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.MLDE.CN01.AR01", - "CCC.MLDE.CN03.AR02", - "CCC.Monitor.CN01.AR01", - "CCC.Monitor.CN02.AR01", - "CCC.Vector.CN05.AR01", - "CCC.Core.CN09.AR01", - "CCC.Core.CN09.AR02", - "CCC.Core.CN03.AR04", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR02", - "CCC.Core.CN04.AR03", - "CCC.Core.CN07.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure that Google Cloud Audit Logs feature is configured to track Data Access logs for all Google Cloud Platform (GCP) services and users, in order to enhance overall access security and meet compliance requirements. Once configured, the feature can record all admin related activities, as well as all the read and write access requests to user data.", - "title": "Configure Google Cloud Audit Logs to Track All Activities", - "types": [], - "uid": "prowler-gcp-iam_audit_logs_enabled-nodal-time-474015-p5-global-My First Project" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "number": 784623368087, - "id": "nodal-time-474015-p5", - "name": "My First Project", - "organization": null, - "labels": {}, - "lifecycle_state": "ACTIVE" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "My First Project", - "type": "GCPProject", - "uid": "nodal-time-474015-p5" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended that Cloud Audit Logging is configured to track all admin activities and read, write access to user data.", - "references": [ - "https://cloud.google.com/logging/docs/audit/" - ] - }, - "risk_details": "In order to maintain an effective Google Cloud audit configuration for your project, folder, and organization, all 3 types of Data Access logs (ADMIN_READ, DATA_READ and DATA_WRITE) must be enabled for all supported GCP services. Also, Data Access logs should be captured for all IAM users, without exempting any of them. Exemptions let you control which users generate audit logs. When you add an exempted user to your log configuration, audit logs are not created for that user, for the selected log type(s). Data Access audit logs are disabled by default and must be explicitly enabled based on your business requirements.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Cloud Asset Inventory is enabled in project nodal-time-474015-p5.", - "metadata": { - "event_code": "iam_cloud_asset_inventory_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Cloud Asset Inventory is enabled in project nodal-time-474015-p5.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "2.13" - ], - "SOC2": [ - "cc_1_3", - "cc_3_4", - "cc_4_2", - "cc_6_8", - "cc_7_1", - "cc_7_3", - "cc_8_1" - ], - "ISO27001-2022": [ - "A.5.1", - "A.5.19", - "A.5.21", - "A.5.25", - "A.5.28", - "A.5.29", - "A.8.7", - "A.8.9" - ], - "ENS-RD2022": [ - "op.exp.1.gcp.scc.1", - "op.exp.1.r2.gcp.cai.1", - "op.exp.1.r3.gcp.cai.1" - ], - "MITRE-ATTACK": [ - "T1098", - "T1580" - ], - "CIS-2.0": [ - "2.13" - ], - "NIS2": [ - "3.1.3" - ], - "ProwlerThreatScore-1.0": [ - "3.3.1" - ], - "CIS-4.0": [ - "2.13" - ], - "CCC": [ - "CCC.GenAI.CN03.AR01", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.Core.CN05.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "GCP Cloud Asset Inventory is services that provides a historical view of GCP resources and IAM policies through a time-series database. The information recorded includes metadata on Google Cloud resources, metadata on policies set on Google Cloud projects or resources, and runtime information gathered within a Google Cloud resource.", - "title": "Ensure Cloud Asset Inventory Is Enabled", - "types": [], - "uid": "prowler-gcp-iam_cloud_asset_inventory_enabled-nodal-time-474015-p5-global-Cloud Asset Inventory" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "number": 784623368087, - "id": "nodal-time-474015-p5", - "name": "My First Project", - "organization": null, - "labels": {}, - "lifecycle_state": "ACTIVE" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "Cloud Asset Inventory", - "type": "Service", - "uid": "cloudasset.googleapis.com" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "Ensure that Cloud Asset Inventory is enabled for all your GCP projects in order to efficiently manage the history and the inventory of your cloud resources. Google Cloud Asset Inventory is a fully managed metadata inventory service that allows you to view, monitor, analyze, and gain insights for your Google Cloud and Anthos assets. Cloud Asset Inventory is disabled by default in each GCP project.", - "references": [ - "https://cloud.google.com/asset-inventory/docs" - ] - }, - "risk_details": "Gaining insight into Google Cloud resources and policies is vital for tasks such as DevOps, security analytics, multi-cluster and fleet management, auditing, and governance. With Cloud Asset Inventory you can discover, monitor, and analyze all GCP assets in one place, achieving a better understanding of all your cloud assets across projects and services.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No IAM Users assigned to service roles at project level nodal-time-474015-p5.", - "metadata": { - "event_code": "iam_no_service_roles_at_project_level", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "No IAM Users assigned to service roles at project level nodal-time-474015-p5.", - "status_id": 1, - "unmapped": { - "related_url": "https://www.trendmicro.com/cloudoneconformity/knowledge-base/gcp/CloudIAM/check-for-iam-users-with-service-roles.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.6" - ], - "SOC2": [ - "cc_1_3" - ], - "ISO27001-2022": [ - "A.5.3", - "A.5.15", - "A.8.2" - ], - "ENS-RD2022": [ - "op.acc.1.r1.gcp.iam.1" - ], - "PCI-4.0": [ - "1.5.1.31", - "7.2.1.16", - "7.2.1.19", - "7.2.2.17", - "7.2.2.19", - "7.2.5.7", - "7.2.5.10", - "7.2.5.13", - "7.3.1.7", - "7.3.1.12", - "7.3.1.13", - "7.3.2.13", - "7.3.3.10", - "7.3.3.12", - "7.3.3.13", - "8.2.2.6", - "8.2.7.11", - "8.2.7.13", - "8.2.8.9", - "8.2.8.15", - "8.3.4.11", - "8.3.4.12", - "8.3.4.13" - ], - "MITRE-ATTACK": [ - "T1078", - "T1098", - "T1556", - "T1578", - "T1550", - "T1606", - "T1040", - "T1580", - "T1538", - "T1069" - ], - "CIS-2.0": [ - "1.6" - ], - "NIS2": [ - "6.2.2.b", - "6.7.2.g", - "11.1.2.c", - "11.2.2.d", - "11.3.1", - "11.3.2.b" - ], - "ProwlerThreatScore-1.0": [ - "1.3.1" - ], - "CIS-4.0": [ - "1.6" - ], - "CCC": [ - "CCC.DataWar.CN03.AR01", - "CCC.GenAI.CN06.AR01", - "CCC.LB.CN04.AR01", - "CCC.LB.CN05.AR01", - "CCC.LB.CN09.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.MLDE.CN03.AR02", - "CCC.Monitor.CN06.AR01", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "It is recommended to assign the `Service Account User (iam.serviceAccountUser)` and `Service Account Token Creator (iam.serviceAccountTokenCreator)` roles to a user for a specific service account rather than assigning the role to a user at project level.", - "title": "Ensure That IAM Users Are Not Assigned the Service Account User or Service Account Token Creator Roles at Project Level", - "types": [], - "uid": "prowler-gcp-iam_no_service_roles_at_project_level-nodal-time-474015-p5-global-My First Project" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "number": 784623368087, - "id": "nodal-time-474015-p5", - "name": "My First Project", - "organization": null, - "labels": {}, - "lifecycle_state": "ACTIVE" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "My First Project", - "type": "IAM Policy", - "uid": "nodal-time-474015-p5" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "Ensure that the Service Account User and Service Account Token Creator roles are assigned to a user for a specific GCP service account rather than to a user at the GCP project level, in order to implement the principle of least privilege (POLP). The principle of least privilege (also known as the principle of minimal privilege) is the practice of providing every user the minimal amount of access required to perform its tasks. Google Cloud Platform (GCP) IAM users should not have assigned the Service Account User or Service Account Token Creator roles at the GCP project level. Instead, these roles should be allocated to a user associated with a specific service account, providing that user access to the service account only.", - "references": [ - "https://cloud.google.com/iam/docs/granting-changing-revoking-access" - ] - }, - "risk_details": "The Service Account User (iam.serviceAccountUser) role allows an IAM user to attach a service account to a long-running job service such as an App Engine App or Dataflow Job, whereas the Service Account Token Creator (iam.serviceAccountTokenCreator) role allows a user to directly impersonate the identity of a service account.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Principle of separation of duties was enforced for KMS-Related Roles in project nodal-time-474015-p5.", - "metadata": { - "event_code": "iam_role_kms_enforce_separation_of_duties", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Principle of separation of duties was enforced for KMS-Related Roles in project nodal-time-474015-p5.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.8", - "1.11" - ], - "SOC2": [ - "cc_1_3", - "cc_6_3" - ], - "ISO27001-2022": [ - "A.5.3", - "A.5.15", - "A.8.2" - ], - "ENS-RD2022": [ - "op.acc.3.gcp.org.1" - ], - "PCI-4.0": [ - "3.5.1.1.8", - "3.5.1.3.16", - "3.6.1.2.8", - "3.6.1.3.8", - "3.6.1.4.8", - "3.6.1.8", - "3.7.1.9", - "3.7.2.8", - "3.7.4.5", - "3.7.4.9", - "3.7.6.8", - "3.7.7.8", - "4.2.1.1.21", - "7.2.1.10", - "7.2.2.10", - "7.2.3.6", - "7.2.5.6", - "7.3.1.6", - "7.3.2.6", - "7.3.3.5", - "7.3.3.6", - "8.2.7.5", - "8.2.7.6", - "8.2.8.8", - "8.3.4.6" - ], - "MITRE-ATTACK": [ - "T1078", - "T1098", - "T1556", - "T1578", - "T1550", - "T1606", - "T1040", - "T1087", - "T1580", - "T1538", - "T1069" - ], - "CIS-2.0": [ - "1.11" - ], - "NIS2": [ - "1.2.4", - "3.1.3", - "6.2.2.b", - "6.7.2.e", - "11.1.2.c", - "11.2.2.a", - "11.2.2.d", - "11.3.1", - "11.3.2.b", - "11.3.2.c", - "11.3.2.d", - "11.4.2.b", - "11.4.2.c", - "11.6.1" - ], - "ProwlerThreatScore-1.0": [ - "1.2.5", - "1.3.2" - ], - "CIS-4.0": [ - "1.8", - "1.11" - ], - "CCC": [ - "CCC.DataWar.CN03.AR01", - "CCC.KeyMgmt.CN02.AR01", - "CCC.LB.CN05.AR01", - "CCC.LB.CN09.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure that separation of duties is enforced for all Cloud Key Management Service (KMS) related roles. The principle of separation of duties (also known as segregation of duties) has as its primary objective the prevention of fraud and human error. This objective is achieved by dismantling the tasks and the associated privileges for a specific business process among multiple users/identities. Google Cloud provides predefined roles that can be used to implement the principle of separation of duties, where it is needed. The predefined Cloud KMS Admin role is meant for users to manage KMS keys but not to use them. The Cloud KMS CryptoKey Encrypter/Decrypter roles are meant for services who can use keys to encrypt and decrypt data, but not to manage them. To adhere to cloud security best practices, your IAM users should not have the Admin role and any of the CryptoKey Encrypter/Decrypter roles assigned at the same time.", - "title": "Enforce Separation of Duties for KMS-Related Roles", - "types": [], - "uid": "prowler-gcp-iam_role_kms_enforce_separation_of_duties-nodal-time-474015-p5-global-My First Project" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "number": 784623368087, - "id": "nodal-time-474015-p5", - "name": "My First Project", - "organization": null, - "labels": {}, - "lifecycle_state": "ACTIVE" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "My First Project", - "type": "IAMRole", - "uid": "nodal-time-474015-p5" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended that the principle of 'Separation of Duties' is enforced while assigning KMS related roles to users.", - "references": [ - "https://cloud.google.com/kms/docs/separation-of-duties" - ] - }, - "risk_details": "The principle of separation of duties can be enforced in order to eliminate the need for the IAM user/identity that has all the permissions needed to perform unwanted actions, such as using a cryptographic key to access and decrypt data which the user should not normally have access to.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Principle of separation of duties was not enforced for Service-Account Related Roles in project nodal-time-474015-p5 in members deleted:serviceAccount:gha-deployer@nodal-time-474015-p5.iam.gserviceaccount.com?uid=104781589807131914461,serviceAccount:gha-deployer@nodal-time-474015-p5.iam.gserviceaccount.com.", - "metadata": { - "event_code": "iam_role_sa_enforce_separation_of_duties", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Principle of separation of duties was not enforced for Service-Account Related Roles in project nodal-time-474015-p5 in members deleted:serviceAccount:gha-deployer@nodal-time-474015-p5.iam.gserviceaccount.com?uid=104781589807131914461,serviceAccount:gha-deployer@nodal-time-474015-p5.iam.gserviceaccount.com.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_1_3", - "cc_6_3" - ], - "ISO27001-2022": [ - "A.5.3", - "A.5.15", - "A.5.18", - "A.8.2" - ], - "ENS-RD2022": [ - "op.acc.3.gcp.org.1" - ], - "PCI-4.0": [ - "7.2.1.16", - "7.2.1.19", - "7.2.2.19", - "7.2.5.13", - "7.3.1.7", - "7.3.1.12", - "7.3.1.13", - "7.3.3.12", - "8.2.7.11", - "8.2.7.13", - "8.3.4.11" - ], - "MITRE-ATTACK": [ - "T1078", - "T1098", - "T1556", - "T1578", - "T1550", - "T1606", - "T1040", - "T1087", - "T1580", - "T1538", - "T1069" - ], - "CIS-2.0": [ - "1.8" - ], - "NIS2": [ - "1.2.4", - "3.1.3", - "6.2.2.b", - "11.1.2.c", - "11.2.2.a", - "11.2.2.d", - "11.3.1", - "11.3.2.b", - "11.3.2.c", - "11.3.2.d", - "11.4.2.b", - "11.4.2.c" - ], - "CCC": [ - "CCC.DataWar.CN03.AR01", - "CCC.LB.CN04.AR01", - "CCC.LB.CN05.AR01", - "CCC.LB.CN09.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure that separation of duties (also known as segregation of duties - SoD) is enforced for all Google Cloud Platform (GCP) service-account related roles. The security principle of separation of duties has as its primary objective the prevention of fraud and human error. This objective is achieved by disbanding the tasks and associated privileges for a specific business process among multiple users/members. To follow security best practices, your GCP service accounts should not have the Service Account Admin and Service Account User roles assigned at the same time.", - "title": "Enforce Separation of Duties for Service-Account Related Roles", - "types": [], - "uid": "prowler-gcp-iam_role_sa_enforce_separation_of_duties-nodal-time-474015-p5-global-My First Project" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "number": 784623368087, - "id": "nodal-time-474015-p5", - "name": "My First Project", - "organization": null, - "labels": {}, - "lifecycle_state": "ACTIVE" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "My First Project", - "type": "IAMRole", - "uid": "nodal-time-474015-p5" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "Ensure that separation of duties (also known as segregation of duties - SoD) is enforced for all Google Cloud Platform (GCP) service-account related roles. The security principle of separation of duties has as its primary objective the prevention of fraud and human error. This objective is achieved by disbanding the tasks and associated privileges for a specific business process among multiple users/members. To follow security best practices, your GCP service accounts should not have the Service Account Admin and Service Account User roles assigned at the same time.", - "references": [ - "https://cloud.google.com/iam/docs/understanding-roles" - ] - }, - "risk_details": "The principle of separation of duties should be enforced in order to eliminate the need for high-privileged IAM members, as the permissions granted to these members can allow them to perform malicious or unwanted actions.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Account gha-deployer@nodal-time-474015-p5.iam.gserviceaccount.com has administrative privileges with roles/serviceusage.serviceUsageAdmin.", - "metadata": { - "event_code": "iam_sa_no_administrative_privileges", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Account gha-deployer@nodal-time-474015-p5.iam.gserviceaccount.com has administrative privileges with roles/serviceusage.serviceUsageAdmin.", - "status_id": 1, - "unmapped": { - "related_url": "https://www.trendmicro.com/cloudoneconformity/knowledge-base/gcp/CloudIAM/restrict-admin-access-for-service-accounts.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.5" - ], - "SOC2": [ - "cc_1_3", - "cc_6_3" - ], - "ISO27001-2022": [ - "A.5.15", - "A.5.18", - "A.8.2", - "A.8.3" - ], - "ENS-RD2022": [ - "op.acc.3.gcp.iam.1", - "opc.acc.4.gcp.iam.1" - ], - "PCI-4.0": [ - "1.5.1.31", - "7.2.1.5", - "7.2.1.11", - "7.2.1.14", - "7.2.1.15", - "7.2.1.16", - "7.2.1.19", - "7.2.2.5", - "7.2.2.14", - "7.2.2.15", - "7.2.2.16", - "7.2.2.17", - "7.2.2.19", - "7.2.3.7", - "7.2.5.3", - "7.2.5.7", - "7.2.5.10", - "7.2.5.11", - "7.2.5.12", - "7.2.5.13", - "7.3.1.3", - "7.3.1.7", - "7.3.1.10", - "7.3.1.11", - "7.3.1.12", - "7.3.1.13", - "7.3.2.3", - "7.3.2.7", - "7.3.2.8", - "7.3.2.10", - "7.3.2.11", - "7.3.2.13", - "7.3.3.3", - "7.3.3.7", - "7.3.3.10", - "7.3.3.11", - "7.3.3.12", - "7.3.3.13", - "8.2.1.4", - "8.2.2.6", - "8.2.5.4", - "8.2.7.3", - "8.2.7.10", - "8.2.7.11", - "8.2.7.13", - "8.2.8.5", - "8.2.8.9", - "8.2.8.12", - "8.2.8.13", - "8.2.8.15", - "8.3.4.3", - "8.3.4.10", - "8.3.4.11", - "8.3.4.12", - "8.3.4.13" - ], - "MITRE-ATTACK": [ - "T1078", - "T1098", - "T1556", - "T1578", - "T1550", - "T1606", - "T1040", - "T1087", - "T1580", - "T1538", - "T1069" - ], - "CIS-2.0": [ - "1.5" - ], - "NIS2": [ - "3.2.3.e", - "6.2.2.b", - "6.7.2.e", - "6.7.2.g", - "11.1.2.c", - "11.2.2.a", - "11.2.2.d", - "11.3.1", - "11.3.2.b", - "11.3.2.c", - "11.3.2.d", - "11.4.2.a", - "11.4.2.c" - ], - "ProwlerThreatScore-1.0": [ - "1.2.2" - ], - "CIS-4.0": [ - "1.5" - ], - "CCC": [ - "CCC.DataWar.CN03.AR01", - "CCC.GenAI.CN06.AR01", - "CCC.LB.CN04.AR01", - "CCC.LB.CN05.AR01", - "CCC.LB.CN09.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.MLDE.CN03.AR02", - "CCC.Monitor.CN06.AR01", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure Service Account does not have admin privileges", - "title": "Ensure Service Account does not have admin privileges", - "types": [], - "uid": "prowler-gcp-iam_sa_no_administrative_privileges-nodal-time-474015-p5-global-projects/nodal-time-474015-p5/serviceAccounts/gha-deployer@nodal-time-474015-p5.iam.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/gha-deployer@nodal-time-474015-p5.iam.gserviceaccount.com", - "email": "gha-deployer@nodal-time-474015-p5.iam.gserviceaccount.com", - "display_name": "GitHub Actions Deployer", - "keys": [ - { - "name": "3f2a81ba4bce0b39089b85a2e7678d09d2d183f6", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-16T22:26:26", - "valid_before": "2027-10-28T08:50:15" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "114112078080729873885" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "projects/nodal-time-474015-p5/serviceAccounts/gha-deployer@nodal-time-474015-p5.iam.gserviceaccount.com", - "type": "ServiceAccount", - "uid": "gha-deployer@nodal-time-474015-p5.iam.gserviceaccount.com" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "Ensure that your Google Cloud user-managed service accounts are not using privileged (administrator) roles, in order to implement the principle of least privilege and prevent any accidental or intentional modifications that may lead to data leaks and/or data loss.", - "references": [ - "https://cloud.google.com/iam/docs/manage-access-service-accounts" - ] - }, - "risk_details": "Enrolling ServiceAccount with Admin rights gives full access to an assigned application or a VM. A ServiceAccount Access holder can perform critical actions, such as delete and update change settings, without user intervention.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com has no administrative privileges.", - "metadata": { - "event_code": "iam_sa_no_administrative_privileges", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com has no administrative privileges.", - "status_id": 1, - "unmapped": { - "related_url": "https://www.trendmicro.com/cloudoneconformity/knowledge-base/gcp/CloudIAM/restrict-admin-access-for-service-accounts.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.5" - ], - "SOC2": [ - "cc_1_3", - "cc_6_3" - ], - "ISO27001-2022": [ - "A.5.15", - "A.5.18", - "A.8.2", - "A.8.3" - ], - "ENS-RD2022": [ - "op.acc.3.gcp.iam.1", - "opc.acc.4.gcp.iam.1" - ], - "PCI-4.0": [ - "1.5.1.31", - "7.2.1.5", - "7.2.1.11", - "7.2.1.14", - "7.2.1.15", - "7.2.1.16", - "7.2.1.19", - "7.2.2.5", - "7.2.2.14", - "7.2.2.15", - "7.2.2.16", - "7.2.2.17", - "7.2.2.19", - "7.2.3.7", - "7.2.5.3", - "7.2.5.7", - "7.2.5.10", - "7.2.5.11", - "7.2.5.12", - "7.2.5.13", - "7.3.1.3", - "7.3.1.7", - "7.3.1.10", - "7.3.1.11", - "7.3.1.12", - "7.3.1.13", - "7.3.2.3", - "7.3.2.7", - "7.3.2.8", - "7.3.2.10", - "7.3.2.11", - "7.3.2.13", - "7.3.3.3", - "7.3.3.7", - "7.3.3.10", - "7.3.3.11", - "7.3.3.12", - "7.3.3.13", - "8.2.1.4", - "8.2.2.6", - "8.2.5.4", - "8.2.7.3", - "8.2.7.10", - "8.2.7.11", - "8.2.7.13", - "8.2.8.5", - "8.2.8.9", - "8.2.8.12", - "8.2.8.13", - "8.2.8.15", - "8.3.4.3", - "8.3.4.10", - "8.3.4.11", - "8.3.4.12", - "8.3.4.13" - ], - "MITRE-ATTACK": [ - "T1078", - "T1098", - "T1556", - "T1578", - "T1550", - "T1606", - "T1040", - "T1087", - "T1580", - "T1538", - "T1069" - ], - "CIS-2.0": [ - "1.5" - ], - "NIS2": [ - "3.2.3.e", - "6.2.2.b", - "6.7.2.e", - "6.7.2.g", - "11.1.2.c", - "11.2.2.a", - "11.2.2.d", - "11.3.1", - "11.3.2.b", - "11.3.2.c", - "11.3.2.d", - "11.4.2.a", - "11.4.2.c" - ], - "ProwlerThreatScore-1.0": [ - "1.2.2" - ], - "CIS-4.0": [ - "1.5" - ], - "CCC": [ - "CCC.DataWar.CN03.AR01", - "CCC.GenAI.CN06.AR01", - "CCC.LB.CN04.AR01", - "CCC.LB.CN05.AR01", - "CCC.LB.CN09.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.MLDE.CN03.AR02", - "CCC.Monitor.CN06.AR01", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure Service Account does not have admin privileges", - "title": "Ensure Service Account does not have admin privileges", - "types": [], - "uid": "prowler-gcp-iam_sa_no_administrative_privileges-nodal-time-474015-p5-global-projects/nodal-time-474015-p5/serviceAccounts/test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "email": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "display_name": "CCC Test User: test-user-trusted", - "keys": [ - { - "name": "2be636359d12f2e126e0d77f6dfaa3ba883c97c6", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-12T13:15:46", - "valid_before": "2025-10-29T13:15:46" - }, - { - "name": "b42bff156412b21c8615812a79d72ba55d6bafb4", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:44", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "24a51f6716e116e4b0c095d727d4a101242b82a2", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "a9ef76bd9a4bf65183c4eca79577351caf8a8b9c", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:47", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "3ec34a6521569dd67684f27f37d1d6ab56db09dc", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:43", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c450c6187eeddc932b29ffd3d0f3e675bf53af62", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:45", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "da1ab7a5db1c4c450463dd8897ce39f496b0ad66", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "f69cf03d448314cf03036f08165420dfe98b3992", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:50", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "ce51dbe0ea021fb2e8124f86d8842546246040c1", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:51", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "9fb92292efcb6cf783f5b7ef3bc67a293bea8a33", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:52", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c0604742fabec0b925df21e0606a25c9e007f571", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:38:22", - "valid_before": "9999-12-31T23:59:59" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "101453138596815216260" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "projects/nodal-time-474015-p5/serviceAccounts/test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "type": "ServiceAccount", - "uid": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "Ensure that your Google Cloud user-managed service accounts are not using privileged (administrator) roles, in order to implement the principle of least privilege and prevent any accidental or intentional modifications that may lead to data leaks and/or data loss.", - "references": [ - "https://cloud.google.com/iam/docs/manage-access-service-accounts" - ] - }, - "risk_details": "Enrolling ServiceAccount with Admin rights gives full access to an assigned application or a VM. A ServiceAccount Access holder can perform critical actions, such as delete and update change settings, without user intervention.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Account 784623368087-compute@developer.gserviceaccount.com has administrative privileges with roles/editor.", - "metadata": { - "event_code": "iam_sa_no_administrative_privileges", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Account 784623368087-compute@developer.gserviceaccount.com has administrative privileges with roles/editor.", - "status_id": 1, - "unmapped": { - "related_url": "https://www.trendmicro.com/cloudoneconformity/knowledge-base/gcp/CloudIAM/restrict-admin-access-for-service-accounts.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.5" - ], - "SOC2": [ - "cc_1_3", - "cc_6_3" - ], - "ISO27001-2022": [ - "A.5.15", - "A.5.18", - "A.8.2", - "A.8.3" - ], - "ENS-RD2022": [ - "op.acc.3.gcp.iam.1", - "opc.acc.4.gcp.iam.1" - ], - "PCI-4.0": [ - "1.5.1.31", - "7.2.1.5", - "7.2.1.11", - "7.2.1.14", - "7.2.1.15", - "7.2.1.16", - "7.2.1.19", - "7.2.2.5", - "7.2.2.14", - "7.2.2.15", - "7.2.2.16", - "7.2.2.17", - "7.2.2.19", - "7.2.3.7", - "7.2.5.3", - "7.2.5.7", - "7.2.5.10", - "7.2.5.11", - "7.2.5.12", - "7.2.5.13", - "7.3.1.3", - "7.3.1.7", - "7.3.1.10", - "7.3.1.11", - "7.3.1.12", - "7.3.1.13", - "7.3.2.3", - "7.3.2.7", - "7.3.2.8", - "7.3.2.10", - "7.3.2.11", - "7.3.2.13", - "7.3.3.3", - "7.3.3.7", - "7.3.3.10", - "7.3.3.11", - "7.3.3.12", - "7.3.3.13", - "8.2.1.4", - "8.2.2.6", - "8.2.5.4", - "8.2.7.3", - "8.2.7.10", - "8.2.7.11", - "8.2.7.13", - "8.2.8.5", - "8.2.8.9", - "8.2.8.12", - "8.2.8.13", - "8.2.8.15", - "8.3.4.3", - "8.3.4.10", - "8.3.4.11", - "8.3.4.12", - "8.3.4.13" - ], - "MITRE-ATTACK": [ - "T1078", - "T1098", - "T1556", - "T1578", - "T1550", - "T1606", - "T1040", - "T1087", - "T1580", - "T1538", - "T1069" - ], - "CIS-2.0": [ - "1.5" - ], - "NIS2": [ - "3.2.3.e", - "6.2.2.b", - "6.7.2.e", - "6.7.2.g", - "11.1.2.c", - "11.2.2.a", - "11.2.2.d", - "11.3.1", - "11.3.2.b", - "11.3.2.c", - "11.3.2.d", - "11.4.2.a", - "11.4.2.c" - ], - "ProwlerThreatScore-1.0": [ - "1.2.2" - ], - "CIS-4.0": [ - "1.5" - ], - "CCC": [ - "CCC.DataWar.CN03.AR01", - "CCC.GenAI.CN06.AR01", - "CCC.LB.CN04.AR01", - "CCC.LB.CN05.AR01", - "CCC.LB.CN09.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.MLDE.CN03.AR02", - "CCC.Monitor.CN06.AR01", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure Service Account does not have admin privileges", - "title": "Ensure Service Account does not have admin privileges", - "types": [], - "uid": "prowler-gcp-iam_sa_no_administrative_privileges-nodal-time-474015-p5-global-projects/nodal-time-474015-p5/serviceAccounts/784623368087-compute@developer.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/784623368087-compute@developer.gserviceaccount.com", - "email": "784623368087-compute@developer.gserviceaccount.com", - "display_name": "Compute Engine default service account", - "keys": [ - { - "name": "202c306e41b020fefe81250bea563d31c07138e3", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-06T10:25:01", - "valid_before": "2025-10-23T10:25:01" - }, - { - "name": "93b9e85d69bcb0503b5a7696d8b3bf5855a91d37", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-15T10:25:01", - "valid_before": "2025-10-31T10:25:01" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "111974737467208838860" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "projects/nodal-time-474015-p5/serviceAccounts/784623368087-compute@developer.gserviceaccount.com", - "type": "ServiceAccount", - "uid": "784623368087-compute@developer.gserviceaccount.com" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "Ensure that your Google Cloud user-managed service accounts are not using privileged (administrator) roles, in order to implement the principle of least privilege and prevent any accidental or intentional modifications that may lead to data leaks and/or data loss.", - "references": [ - "https://cloud.google.com/iam/docs/manage-access-service-accounts" - ] - }, - "risk_details": "Enrolling ServiceAccount with Admin rights gives full access to an assigned application or a VM. A ServiceAccount Access holder can perform critical actions, such as delete and update change settings, without user intervention.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Account vertex-ai-workbench-sa@nodal-time-474015-p5.iam.gserviceaccount.com has no administrative privileges.", - "metadata": { - "event_code": "iam_sa_no_administrative_privileges", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Account vertex-ai-workbench-sa@nodal-time-474015-p5.iam.gserviceaccount.com has no administrative privileges.", - "status_id": 1, - "unmapped": { - "related_url": "https://www.trendmicro.com/cloudoneconformity/knowledge-base/gcp/CloudIAM/restrict-admin-access-for-service-accounts.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.5" - ], - "SOC2": [ - "cc_1_3", - "cc_6_3" - ], - "ISO27001-2022": [ - "A.5.15", - "A.5.18", - "A.8.2", - "A.8.3" - ], - "ENS-RD2022": [ - "op.acc.3.gcp.iam.1", - "opc.acc.4.gcp.iam.1" - ], - "PCI-4.0": [ - "1.5.1.31", - "7.2.1.5", - "7.2.1.11", - "7.2.1.14", - "7.2.1.15", - "7.2.1.16", - "7.2.1.19", - "7.2.2.5", - "7.2.2.14", - "7.2.2.15", - "7.2.2.16", - "7.2.2.17", - "7.2.2.19", - "7.2.3.7", - "7.2.5.3", - "7.2.5.7", - "7.2.5.10", - "7.2.5.11", - "7.2.5.12", - "7.2.5.13", - "7.3.1.3", - "7.3.1.7", - "7.3.1.10", - "7.3.1.11", - "7.3.1.12", - "7.3.1.13", - "7.3.2.3", - "7.3.2.7", - "7.3.2.8", - "7.3.2.10", - "7.3.2.11", - "7.3.2.13", - "7.3.3.3", - "7.3.3.7", - "7.3.3.10", - "7.3.3.11", - "7.3.3.12", - "7.3.3.13", - "8.2.1.4", - "8.2.2.6", - "8.2.5.4", - "8.2.7.3", - "8.2.7.10", - "8.2.7.11", - "8.2.7.13", - "8.2.8.5", - "8.2.8.9", - "8.2.8.12", - "8.2.8.13", - "8.2.8.15", - "8.3.4.3", - "8.3.4.10", - "8.3.4.11", - "8.3.4.12", - "8.3.4.13" - ], - "MITRE-ATTACK": [ - "T1078", - "T1098", - "T1556", - "T1578", - "T1550", - "T1606", - "T1040", - "T1087", - "T1580", - "T1538", - "T1069" - ], - "CIS-2.0": [ - "1.5" - ], - "NIS2": [ - "3.2.3.e", - "6.2.2.b", - "6.7.2.e", - "6.7.2.g", - "11.1.2.c", - "11.2.2.a", - "11.2.2.d", - "11.3.1", - "11.3.2.b", - "11.3.2.c", - "11.3.2.d", - "11.4.2.a", - "11.4.2.c" - ], - "ProwlerThreatScore-1.0": [ - "1.2.2" - ], - "CIS-4.0": [ - "1.5" - ], - "CCC": [ - "CCC.DataWar.CN03.AR01", - "CCC.GenAI.CN06.AR01", - "CCC.LB.CN04.AR01", - "CCC.LB.CN05.AR01", - "CCC.LB.CN09.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.MLDE.CN03.AR02", - "CCC.Monitor.CN06.AR01", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure Service Account does not have admin privileges", - "title": "Ensure Service Account does not have admin privileges", - "types": [], - "uid": "prowler-gcp-iam_sa_no_administrative_privileges-nodal-time-474015-p5-global-projects/nodal-time-474015-p5/serviceAccounts/vertex-ai-workbench-sa@nodal-time-474015-p5.iam.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/vertex-ai-workbench-sa@nodal-time-474015-p5.iam.gserviceaccount.com", - "email": "vertex-ai-workbench-sa@nodal-time-474015-p5.iam.gserviceaccount.com", - "display_name": "Vertex AI Workbench Service Account", - "keys": [ - { - "name": "92e39887344dae71e19dc25c005a53a68ceb62cb", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-16T23:21:52", - "valid_before": "2027-10-29T23:07:36" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "108352930858191263233" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "projects/nodal-time-474015-p5/serviceAccounts/vertex-ai-workbench-sa@nodal-time-474015-p5.iam.gserviceaccount.com", - "type": "ServiceAccount", - "uid": "vertex-ai-workbench-sa@nodal-time-474015-p5.iam.gserviceaccount.com" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "Ensure that your Google Cloud user-managed service accounts are not using privileged (administrator) roles, in order to implement the principle of least privilege and prevent any accidental or intentional modifications that may lead to data leaks and/or data loss.", - "references": [ - "https://cloud.google.com/iam/docs/manage-access-service-accounts" - ] - }, - "risk_details": "Enrolling ServiceAccount with Admin rights gives full access to an assigned application or a VM. A ServiceAccount Access holder can perform critical actions, such as delete and update change settings, without user intervention.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Account gha-deployer@nodal-time-474015-p5.iam.gserviceaccount.com does not have user-managed keys.", - "metadata": { - "event_code": "iam_sa_no_user_managed_keys", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Account gha-deployer@nodal-time-474015-p5.iam.gserviceaccount.com does not have user-managed keys.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.4" - ], - "SOC2": [ - "cc_1_3" - ], - "ISO27001-2022": [ - "A.5.15", - "A.8.2" - ], - "ENS-RD2022": [ - "op.acc.2.gcp.rbak.1", - "op.acc.3.gcp.iam.1" - ], - "PCI-4.0": [ - "3.5.1.1.8", - "3.5.1.3.16", - "3.6.1.3.8", - "3.6.1.4.8", - "3.7.2.8", - "3.7.7.8", - "7.2.1.10", - "7.2.5.1.2", - "7.3.1.6", - "7.3.1.7", - "7.3.2.7", - "7.3.3.6", - "8.2.1.1", - "8.2.1.4", - "8.2.2.6", - "8.2.5.4" - ], - "MITRE-ATTACK": [ - "T1078", - "T1098", - "T1556", - "T1578", - "T1550", - "T1580", - "T1538", - "T1069" - ], - "CIS-2.0": [ - "1.4" - ], - "NIS2": [ - "6.2.2.b", - "9.2.c", - "9.2.c.i", - "9.2.c.xii", - "11.1.2.c", - "11.2.2.a", - "11.2.2.d", - "11.3.1", - "11.3.2.a", - "11.3.2.c", - "11.3.2.d", - "11.4.2.c", - "11.5.4" - ], - "CIS-4.0": [ - "1.4" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure That There Are Only GCP-Managed Service Account Keys for Each Service Account", - "title": "Ensure That There Are Only GCP-Managed Service Account Keys for Each Service Account", - "types": [], - "uid": "prowler-gcp-iam_sa_no_user_managed_keys-nodal-time-474015-p5-global-projects/nodal-time-474015-p5/serviceAccounts/gha-deployer@nodal-time-474015-p5.iam.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/gha-deployer@nodal-time-474015-p5.iam.gserviceaccount.com", - "email": "gha-deployer@nodal-time-474015-p5.iam.gserviceaccount.com", - "display_name": "GitHub Actions Deployer", - "keys": [ - { - "name": "3f2a81ba4bce0b39089b85a2e7678d09d2d183f6", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-16T22:26:26", - "valid_before": "2027-10-28T08:50:15" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "114112078080729873885" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "projects/nodal-time-474015-p5/serviceAccounts/gha-deployer@nodal-time-474015-p5.iam.gserviceaccount.com", - "type": "ServiceAccountKey", - "uid": "gha-deployer@nodal-time-474015-p5.iam.gserviceaccount.com" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended to prevent user-managed service account keys.", - "references": [ - "https://cloud.google.com/iam/docs/creating-managing-service-account-keys" - ] - }, - "risk_details": "Anyone who has access to the keys will be able to access resources through the service account. GCP-managed keys are used by Cloud Platform services such as App Engine and Compute Engine. These keys cannot be downloaded. Google will keep the keys and automatically rotate them on an approximately weekly basis. User-managed keys are created, downloadable, and managed by users.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com has user-managed keys.", - "metadata": { - "event_code": "iam_sa_no_user_managed_keys", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com has user-managed keys.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.4" - ], - "SOC2": [ - "cc_1_3" - ], - "ISO27001-2022": [ - "A.5.15", - "A.8.2" - ], - "ENS-RD2022": [ - "op.acc.2.gcp.rbak.1", - "op.acc.3.gcp.iam.1" - ], - "PCI-4.0": [ - "3.5.1.1.8", - "3.5.1.3.16", - "3.6.1.3.8", - "3.6.1.4.8", - "3.7.2.8", - "3.7.7.8", - "7.2.1.10", - "7.2.5.1.2", - "7.3.1.6", - "7.3.1.7", - "7.3.2.7", - "7.3.3.6", - "8.2.1.1", - "8.2.1.4", - "8.2.2.6", - "8.2.5.4" - ], - "MITRE-ATTACK": [ - "T1078", - "T1098", - "T1556", - "T1578", - "T1550", - "T1580", - "T1538", - "T1069" - ], - "CIS-2.0": [ - "1.4" - ], - "NIS2": [ - "6.2.2.b", - "9.2.c", - "9.2.c.i", - "9.2.c.xii", - "11.1.2.c", - "11.2.2.a", - "11.2.2.d", - "11.3.1", - "11.3.2.a", - "11.3.2.c", - "11.3.2.d", - "11.4.2.c", - "11.5.4" - ], - "CIS-4.0": [ - "1.4" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure That There Are Only GCP-Managed Service Account Keys for Each Service Account", - "title": "Ensure That There Are Only GCP-Managed Service Account Keys for Each Service Account", - "types": [], - "uid": "prowler-gcp-iam_sa_no_user_managed_keys-nodal-time-474015-p5-global-projects/nodal-time-474015-p5/serviceAccounts/test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "email": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "display_name": "CCC Test User: test-user-trusted", - "keys": [ - { - "name": "2be636359d12f2e126e0d77f6dfaa3ba883c97c6", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-12T13:15:46", - "valid_before": "2025-10-29T13:15:46" - }, - { - "name": "b42bff156412b21c8615812a79d72ba55d6bafb4", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:44", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "24a51f6716e116e4b0c095d727d4a101242b82a2", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "a9ef76bd9a4bf65183c4eca79577351caf8a8b9c", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:47", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "3ec34a6521569dd67684f27f37d1d6ab56db09dc", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:43", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c450c6187eeddc932b29ffd3d0f3e675bf53af62", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:45", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "da1ab7a5db1c4c450463dd8897ce39f496b0ad66", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "f69cf03d448314cf03036f08165420dfe98b3992", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:50", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "ce51dbe0ea021fb2e8124f86d8842546246040c1", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:51", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "9fb92292efcb6cf783f5b7ef3bc67a293bea8a33", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:52", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c0604742fabec0b925df21e0606a25c9e007f571", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:38:22", - "valid_before": "9999-12-31T23:59:59" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "101453138596815216260" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "projects/nodal-time-474015-p5/serviceAccounts/test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "type": "ServiceAccountKey", - "uid": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended to prevent user-managed service account keys.", - "references": [ - "https://cloud.google.com/iam/docs/creating-managing-service-account-keys" - ] - }, - "risk_details": "Anyone who has access to the keys will be able to access resources through the service account. GCP-managed keys are used by Cloud Platform services such as App Engine and Compute Engine. These keys cannot be downloaded. Google will keep the keys and automatically rotate them on an approximately weekly basis. User-managed keys are created, downloadable, and managed by users.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Account 784623368087-compute@developer.gserviceaccount.com does not have user-managed keys.", - "metadata": { - "event_code": "iam_sa_no_user_managed_keys", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Account 784623368087-compute@developer.gserviceaccount.com does not have user-managed keys.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.4" - ], - "SOC2": [ - "cc_1_3" - ], - "ISO27001-2022": [ - "A.5.15", - "A.8.2" - ], - "ENS-RD2022": [ - "op.acc.2.gcp.rbak.1", - "op.acc.3.gcp.iam.1" - ], - "PCI-4.0": [ - "3.5.1.1.8", - "3.5.1.3.16", - "3.6.1.3.8", - "3.6.1.4.8", - "3.7.2.8", - "3.7.7.8", - "7.2.1.10", - "7.2.5.1.2", - "7.3.1.6", - "7.3.1.7", - "7.3.2.7", - "7.3.3.6", - "8.2.1.1", - "8.2.1.4", - "8.2.2.6", - "8.2.5.4" - ], - "MITRE-ATTACK": [ - "T1078", - "T1098", - "T1556", - "T1578", - "T1550", - "T1580", - "T1538", - "T1069" - ], - "CIS-2.0": [ - "1.4" - ], - "NIS2": [ - "6.2.2.b", - "9.2.c", - "9.2.c.i", - "9.2.c.xii", - "11.1.2.c", - "11.2.2.a", - "11.2.2.d", - "11.3.1", - "11.3.2.a", - "11.3.2.c", - "11.3.2.d", - "11.4.2.c", - "11.5.4" - ], - "CIS-4.0": [ - "1.4" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure That There Are Only GCP-Managed Service Account Keys for Each Service Account", - "title": "Ensure That There Are Only GCP-Managed Service Account Keys for Each Service Account", - "types": [], - "uid": "prowler-gcp-iam_sa_no_user_managed_keys-nodal-time-474015-p5-global-projects/nodal-time-474015-p5/serviceAccounts/784623368087-compute@developer.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/784623368087-compute@developer.gserviceaccount.com", - "email": "784623368087-compute@developer.gserviceaccount.com", - "display_name": "Compute Engine default service account", - "keys": [ - { - "name": "202c306e41b020fefe81250bea563d31c07138e3", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-06T10:25:01", - "valid_before": "2025-10-23T10:25:01" - }, - { - "name": "93b9e85d69bcb0503b5a7696d8b3bf5855a91d37", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-15T10:25:01", - "valid_before": "2025-10-31T10:25:01" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "111974737467208838860" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "projects/nodal-time-474015-p5/serviceAccounts/784623368087-compute@developer.gserviceaccount.com", - "type": "ServiceAccountKey", - "uid": "784623368087-compute@developer.gserviceaccount.com" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended to prevent user-managed service account keys.", - "references": [ - "https://cloud.google.com/iam/docs/creating-managing-service-account-keys" - ] - }, - "risk_details": "Anyone who has access to the keys will be able to access resources through the service account. GCP-managed keys are used by Cloud Platform services such as App Engine and Compute Engine. These keys cannot be downloaded. Google will keep the keys and automatically rotate them on an approximately weekly basis. User-managed keys are created, downloadable, and managed by users.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Account vertex-ai-workbench-sa@nodal-time-474015-p5.iam.gserviceaccount.com does not have user-managed keys.", - "metadata": { - "event_code": "iam_sa_no_user_managed_keys", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Account vertex-ai-workbench-sa@nodal-time-474015-p5.iam.gserviceaccount.com does not have user-managed keys.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.4" - ], - "SOC2": [ - "cc_1_3" - ], - "ISO27001-2022": [ - "A.5.15", - "A.8.2" - ], - "ENS-RD2022": [ - "op.acc.2.gcp.rbak.1", - "op.acc.3.gcp.iam.1" - ], - "PCI-4.0": [ - "3.5.1.1.8", - "3.5.1.3.16", - "3.6.1.3.8", - "3.6.1.4.8", - "3.7.2.8", - "3.7.7.8", - "7.2.1.10", - "7.2.5.1.2", - "7.3.1.6", - "7.3.1.7", - "7.3.2.7", - "7.3.3.6", - "8.2.1.1", - "8.2.1.4", - "8.2.2.6", - "8.2.5.4" - ], - "MITRE-ATTACK": [ - "T1078", - "T1098", - "T1556", - "T1578", - "T1550", - "T1580", - "T1538", - "T1069" - ], - "CIS-2.0": [ - "1.4" - ], - "NIS2": [ - "6.2.2.b", - "9.2.c", - "9.2.c.i", - "9.2.c.xii", - "11.1.2.c", - "11.2.2.a", - "11.2.2.d", - "11.3.1", - "11.3.2.a", - "11.3.2.c", - "11.3.2.d", - "11.4.2.c", - "11.5.4" - ], - "CIS-4.0": [ - "1.4" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure That There Are Only GCP-Managed Service Account Keys for Each Service Account", - "title": "Ensure That There Are Only GCP-Managed Service Account Keys for Each Service Account", - "types": [], - "uid": "prowler-gcp-iam_sa_no_user_managed_keys-nodal-time-474015-p5-global-projects/nodal-time-474015-p5/serviceAccounts/vertex-ai-workbench-sa@nodal-time-474015-p5.iam.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/vertex-ai-workbench-sa@nodal-time-474015-p5.iam.gserviceaccount.com", - "email": "vertex-ai-workbench-sa@nodal-time-474015-p5.iam.gserviceaccount.com", - "display_name": "Vertex AI Workbench Service Account", - "keys": [ - { - "name": "92e39887344dae71e19dc25c005a53a68ceb62cb", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-16T23:21:52", - "valid_before": "2027-10-29T23:07:36" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "108352930858191263233" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "projects/nodal-time-474015-p5/serviceAccounts/vertex-ai-workbench-sa@nodal-time-474015-p5.iam.gserviceaccount.com", - "type": "ServiceAccountKey", - "uid": "vertex-ai-workbench-sa@nodal-time-474015-p5.iam.gserviceaccount.com" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended to prevent user-managed service account keys.", - "references": [ - "https://cloud.google.com/iam/docs/creating-managing-service-account-keys" - ] - }, - "risk_details": "Anyone who has access to the keys will be able to access resources through the service account. GCP-managed keys are used by Cloud Platform services such as App Engine and Compute Engine. These keys cannot be downloaded. Google will keep the keys and automatically rotate them on an approximately weekly basis. User-managed keys are created, downloadable, and managed by users.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User-managed key b42bff156412b21c8615812a79d72ba55d6bafb4 for account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was rotated over the last 90 days (6 days ago).", - "metadata": { - "event_code": "iam_sa_user_managed_key_rotate_90_days", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "PASS", - "status_detail": "User-managed key b42bff156412b21c8615812a79d72ba55d6bafb4 for account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was rotated over the last 90 days (6 days ago).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.7" - ], - "ISO27001-2022": [ - "A.5.16" - ], - "ENS-RD2022": [ - "op.acc.6.r1.gcp.ip.1" - ], - "PCI-4.0": [ - "3.7.5.2", - "7.2.5.1.2", - "8.3.10.1.1", - "8.3.5.1", - "8.3.7.1", - "8.3.9.1", - "8.6.3.1" - ], - "MITRE-ATTACK": [ - "T1078", - "T1098" - ], - "CIS-2.0": [ - "1.7" - ], - "NIS2": [ - "9.2.c", - "9.2.c.i", - "9.2.c.ii", - "9.2.c.v", - "9.2.c.vi", - "9.2.c.vii", - "9.2.c.xii", - "11.5.4", - "11.6.2.c", - "12.2.2.a", - "12.2.2.b" - ], - "ProwlerThreatScore-1.0": [ - "1.1.1" - ], - "CIS-4.0": [ - "1.7" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure User-Managed/External Keys for Service Accounts Are Rotated Every 90 Days", - "title": "Ensure User-Managed/External Keys for Service Accounts Are Rotated Every 90 Days", - "types": [], - "uid": "prowler-gcp-iam_sa_user_managed_key_rotate_90_days-nodal-time-474015-p5-global-test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "email": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "display_name": "CCC Test User: test-user-trusted", - "keys": [ - { - "name": "2be636359d12f2e126e0d77f6dfaa3ba883c97c6", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-12T13:15:46", - "valid_before": "2025-10-29T13:15:46" - }, - { - "name": "b42bff156412b21c8615812a79d72ba55d6bafb4", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:44", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "24a51f6716e116e4b0c095d727d4a101242b82a2", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "a9ef76bd9a4bf65183c4eca79577351caf8a8b9c", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:47", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "3ec34a6521569dd67684f27f37d1d6ab56db09dc", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:43", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c450c6187eeddc932b29ffd3d0f3e675bf53af62", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:45", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "da1ab7a5db1c4c450463dd8897ce39f496b0ad66", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "f69cf03d448314cf03036f08165420dfe98b3992", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:50", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "ce51dbe0ea021fb2e8124f86d8842546246040c1", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:51", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "9fb92292efcb6cf783f5b7ef3bc67a293bea8a33", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:52", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c0604742fabec0b925df21e0606a25c9e007f571", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:38:22", - "valid_before": "9999-12-31T23:59:59" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "101453138596815216260" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "type": "ServiceAccountKey", - "uid": "b42bff156412b21c8615812a79d72ba55d6bafb4" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended that all Service Account keys are regularly rotated.", - "references": [ - "https://cloud.google.com/iam/docs/creating-managing-service-account-keys" - ] - }, - "risk_details": "Service Account keys should be rotated to ensure that data cannot be accessed with an old key that might have been lost, cracked, or stolen.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User-managed key 24a51f6716e116e4b0c095d727d4a101242b82a2 for account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was rotated over the last 90 days (6 days ago).", - "metadata": { - "event_code": "iam_sa_user_managed_key_rotate_90_days", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "PASS", - "status_detail": "User-managed key 24a51f6716e116e4b0c095d727d4a101242b82a2 for account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was rotated over the last 90 days (6 days ago).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.7" - ], - "ISO27001-2022": [ - "A.5.16" - ], - "ENS-RD2022": [ - "op.acc.6.r1.gcp.ip.1" - ], - "PCI-4.0": [ - "3.7.5.2", - "7.2.5.1.2", - "8.3.10.1.1", - "8.3.5.1", - "8.3.7.1", - "8.3.9.1", - "8.6.3.1" - ], - "MITRE-ATTACK": [ - "T1078", - "T1098" - ], - "CIS-2.0": [ - "1.7" - ], - "NIS2": [ - "9.2.c", - "9.2.c.i", - "9.2.c.ii", - "9.2.c.v", - "9.2.c.vi", - "9.2.c.vii", - "9.2.c.xii", - "11.5.4", - "11.6.2.c", - "12.2.2.a", - "12.2.2.b" - ], - "ProwlerThreatScore-1.0": [ - "1.1.1" - ], - "CIS-4.0": [ - "1.7" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure User-Managed/External Keys for Service Accounts Are Rotated Every 90 Days", - "title": "Ensure User-Managed/External Keys for Service Accounts Are Rotated Every 90 Days", - "types": [], - "uid": "prowler-gcp-iam_sa_user_managed_key_rotate_90_days-nodal-time-474015-p5-global-test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "email": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "display_name": "CCC Test User: test-user-trusted", - "keys": [ - { - "name": "2be636359d12f2e126e0d77f6dfaa3ba883c97c6", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-12T13:15:46", - "valid_before": "2025-10-29T13:15:46" - }, - { - "name": "b42bff156412b21c8615812a79d72ba55d6bafb4", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:44", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "24a51f6716e116e4b0c095d727d4a101242b82a2", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "a9ef76bd9a4bf65183c4eca79577351caf8a8b9c", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:47", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "3ec34a6521569dd67684f27f37d1d6ab56db09dc", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:43", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c450c6187eeddc932b29ffd3d0f3e675bf53af62", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:45", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "da1ab7a5db1c4c450463dd8897ce39f496b0ad66", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "f69cf03d448314cf03036f08165420dfe98b3992", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:50", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "ce51dbe0ea021fb2e8124f86d8842546246040c1", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:51", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "9fb92292efcb6cf783f5b7ef3bc67a293bea8a33", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:52", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c0604742fabec0b925df21e0606a25c9e007f571", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:38:22", - "valid_before": "9999-12-31T23:59:59" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "101453138596815216260" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "type": "ServiceAccountKey", - "uid": "24a51f6716e116e4b0c095d727d4a101242b82a2" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended that all Service Account keys are regularly rotated.", - "references": [ - "https://cloud.google.com/iam/docs/creating-managing-service-account-keys" - ] - }, - "risk_details": "Service Account keys should be rotated to ensure that data cannot be accessed with an old key that might have been lost, cracked, or stolen.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User-managed key a9ef76bd9a4bf65183c4eca79577351caf8a8b9c for account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was rotated over the last 90 days (6 days ago).", - "metadata": { - "event_code": "iam_sa_user_managed_key_rotate_90_days", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "PASS", - "status_detail": "User-managed key a9ef76bd9a4bf65183c4eca79577351caf8a8b9c for account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was rotated over the last 90 days (6 days ago).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.7" - ], - "ISO27001-2022": [ - "A.5.16" - ], - "ENS-RD2022": [ - "op.acc.6.r1.gcp.ip.1" - ], - "PCI-4.0": [ - "3.7.5.2", - "7.2.5.1.2", - "8.3.10.1.1", - "8.3.5.1", - "8.3.7.1", - "8.3.9.1", - "8.6.3.1" - ], - "MITRE-ATTACK": [ - "T1078", - "T1098" - ], - "CIS-2.0": [ - "1.7" - ], - "NIS2": [ - "9.2.c", - "9.2.c.i", - "9.2.c.ii", - "9.2.c.v", - "9.2.c.vi", - "9.2.c.vii", - "9.2.c.xii", - "11.5.4", - "11.6.2.c", - "12.2.2.a", - "12.2.2.b" - ], - "ProwlerThreatScore-1.0": [ - "1.1.1" - ], - "CIS-4.0": [ - "1.7" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure User-Managed/External Keys for Service Accounts Are Rotated Every 90 Days", - "title": "Ensure User-Managed/External Keys for Service Accounts Are Rotated Every 90 Days", - "types": [], - "uid": "prowler-gcp-iam_sa_user_managed_key_rotate_90_days-nodal-time-474015-p5-global-test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "email": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "display_name": "CCC Test User: test-user-trusted", - "keys": [ - { - "name": "2be636359d12f2e126e0d77f6dfaa3ba883c97c6", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-12T13:15:46", - "valid_before": "2025-10-29T13:15:46" - }, - { - "name": "b42bff156412b21c8615812a79d72ba55d6bafb4", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:44", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "24a51f6716e116e4b0c095d727d4a101242b82a2", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "a9ef76bd9a4bf65183c4eca79577351caf8a8b9c", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:47", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "3ec34a6521569dd67684f27f37d1d6ab56db09dc", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:43", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c450c6187eeddc932b29ffd3d0f3e675bf53af62", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:45", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "da1ab7a5db1c4c450463dd8897ce39f496b0ad66", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "f69cf03d448314cf03036f08165420dfe98b3992", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:50", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "ce51dbe0ea021fb2e8124f86d8842546246040c1", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:51", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "9fb92292efcb6cf783f5b7ef3bc67a293bea8a33", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:52", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c0604742fabec0b925df21e0606a25c9e007f571", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:38:22", - "valid_before": "9999-12-31T23:59:59" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "101453138596815216260" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "type": "ServiceAccountKey", - "uid": "a9ef76bd9a4bf65183c4eca79577351caf8a8b9c" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended that all Service Account keys are regularly rotated.", - "references": [ - "https://cloud.google.com/iam/docs/creating-managing-service-account-keys" - ] - }, - "risk_details": "Service Account keys should be rotated to ensure that data cannot be accessed with an old key that might have been lost, cracked, or stolen.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User-managed key 3ec34a6521569dd67684f27f37d1d6ab56db09dc for account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was rotated over the last 90 days (4 days ago).", - "metadata": { - "event_code": "iam_sa_user_managed_key_rotate_90_days", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "PASS", - "status_detail": "User-managed key 3ec34a6521569dd67684f27f37d1d6ab56db09dc for account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was rotated over the last 90 days (4 days ago).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.7" - ], - "ISO27001-2022": [ - "A.5.16" - ], - "ENS-RD2022": [ - "op.acc.6.r1.gcp.ip.1" - ], - "PCI-4.0": [ - "3.7.5.2", - "7.2.5.1.2", - "8.3.10.1.1", - "8.3.5.1", - "8.3.7.1", - "8.3.9.1", - "8.6.3.1" - ], - "MITRE-ATTACK": [ - "T1078", - "T1098" - ], - "CIS-2.0": [ - "1.7" - ], - "NIS2": [ - "9.2.c", - "9.2.c.i", - "9.2.c.ii", - "9.2.c.v", - "9.2.c.vi", - "9.2.c.vii", - "9.2.c.xii", - "11.5.4", - "11.6.2.c", - "12.2.2.a", - "12.2.2.b" - ], - "ProwlerThreatScore-1.0": [ - "1.1.1" - ], - "CIS-4.0": [ - "1.7" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure User-Managed/External Keys for Service Accounts Are Rotated Every 90 Days", - "title": "Ensure User-Managed/External Keys for Service Accounts Are Rotated Every 90 Days", - "types": [], - "uid": "prowler-gcp-iam_sa_user_managed_key_rotate_90_days-nodal-time-474015-p5-global-test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "email": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "display_name": "CCC Test User: test-user-trusted", - "keys": [ - { - "name": "2be636359d12f2e126e0d77f6dfaa3ba883c97c6", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-12T13:15:46", - "valid_before": "2025-10-29T13:15:46" - }, - { - "name": "b42bff156412b21c8615812a79d72ba55d6bafb4", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:44", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "24a51f6716e116e4b0c095d727d4a101242b82a2", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "a9ef76bd9a4bf65183c4eca79577351caf8a8b9c", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:47", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "3ec34a6521569dd67684f27f37d1d6ab56db09dc", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:43", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c450c6187eeddc932b29ffd3d0f3e675bf53af62", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:45", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "da1ab7a5db1c4c450463dd8897ce39f496b0ad66", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "f69cf03d448314cf03036f08165420dfe98b3992", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:50", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "ce51dbe0ea021fb2e8124f86d8842546246040c1", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:51", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "9fb92292efcb6cf783f5b7ef3bc67a293bea8a33", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:52", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c0604742fabec0b925df21e0606a25c9e007f571", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:38:22", - "valid_before": "9999-12-31T23:59:59" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "101453138596815216260" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "type": "ServiceAccountKey", - "uid": "3ec34a6521569dd67684f27f37d1d6ab56db09dc" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended that all Service Account keys are regularly rotated.", - "references": [ - "https://cloud.google.com/iam/docs/creating-managing-service-account-keys" - ] - }, - "risk_details": "Service Account keys should be rotated to ensure that data cannot be accessed with an old key that might have been lost, cracked, or stolen.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User-managed key c450c6187eeddc932b29ffd3d0f3e675bf53af62 for account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was rotated over the last 90 days (4 days ago).", - "metadata": { - "event_code": "iam_sa_user_managed_key_rotate_90_days", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "PASS", - "status_detail": "User-managed key c450c6187eeddc932b29ffd3d0f3e675bf53af62 for account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was rotated over the last 90 days (4 days ago).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.7" - ], - "ISO27001-2022": [ - "A.5.16" - ], - "ENS-RD2022": [ - "op.acc.6.r1.gcp.ip.1" - ], - "PCI-4.0": [ - "3.7.5.2", - "7.2.5.1.2", - "8.3.10.1.1", - "8.3.5.1", - "8.3.7.1", - "8.3.9.1", - "8.6.3.1" - ], - "MITRE-ATTACK": [ - "T1078", - "T1098" - ], - "CIS-2.0": [ - "1.7" - ], - "NIS2": [ - "9.2.c", - "9.2.c.i", - "9.2.c.ii", - "9.2.c.v", - "9.2.c.vi", - "9.2.c.vii", - "9.2.c.xii", - "11.5.4", - "11.6.2.c", - "12.2.2.a", - "12.2.2.b" - ], - "ProwlerThreatScore-1.0": [ - "1.1.1" - ], - "CIS-4.0": [ - "1.7" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure User-Managed/External Keys for Service Accounts Are Rotated Every 90 Days", - "title": "Ensure User-Managed/External Keys for Service Accounts Are Rotated Every 90 Days", - "types": [], - "uid": "prowler-gcp-iam_sa_user_managed_key_rotate_90_days-nodal-time-474015-p5-global-test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "email": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "display_name": "CCC Test User: test-user-trusted", - "keys": [ - { - "name": "2be636359d12f2e126e0d77f6dfaa3ba883c97c6", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-12T13:15:46", - "valid_before": "2025-10-29T13:15:46" - }, - { - "name": "b42bff156412b21c8615812a79d72ba55d6bafb4", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:44", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "24a51f6716e116e4b0c095d727d4a101242b82a2", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "a9ef76bd9a4bf65183c4eca79577351caf8a8b9c", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:47", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "3ec34a6521569dd67684f27f37d1d6ab56db09dc", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:43", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c450c6187eeddc932b29ffd3d0f3e675bf53af62", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:45", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "da1ab7a5db1c4c450463dd8897ce39f496b0ad66", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "f69cf03d448314cf03036f08165420dfe98b3992", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:50", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "ce51dbe0ea021fb2e8124f86d8842546246040c1", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:51", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "9fb92292efcb6cf783f5b7ef3bc67a293bea8a33", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:52", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c0604742fabec0b925df21e0606a25c9e007f571", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:38:22", - "valid_before": "9999-12-31T23:59:59" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "101453138596815216260" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "type": "ServiceAccountKey", - "uid": "c450c6187eeddc932b29ffd3d0f3e675bf53af62" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended that all Service Account keys are regularly rotated.", - "references": [ - "https://cloud.google.com/iam/docs/creating-managing-service-account-keys" - ] - }, - "risk_details": "Service Account keys should be rotated to ensure that data cannot be accessed with an old key that might have been lost, cracked, or stolen.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User-managed key da1ab7a5db1c4c450463dd8897ce39f496b0ad66 for account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was rotated over the last 90 days (4 days ago).", - "metadata": { - "event_code": "iam_sa_user_managed_key_rotate_90_days", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "PASS", - "status_detail": "User-managed key da1ab7a5db1c4c450463dd8897ce39f496b0ad66 for account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was rotated over the last 90 days (4 days ago).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.7" - ], - "ISO27001-2022": [ - "A.5.16" - ], - "ENS-RD2022": [ - "op.acc.6.r1.gcp.ip.1" - ], - "PCI-4.0": [ - "3.7.5.2", - "7.2.5.1.2", - "8.3.10.1.1", - "8.3.5.1", - "8.3.7.1", - "8.3.9.1", - "8.6.3.1" - ], - "MITRE-ATTACK": [ - "T1078", - "T1098" - ], - "CIS-2.0": [ - "1.7" - ], - "NIS2": [ - "9.2.c", - "9.2.c.i", - "9.2.c.ii", - "9.2.c.v", - "9.2.c.vi", - "9.2.c.vii", - "9.2.c.xii", - "11.5.4", - "11.6.2.c", - "12.2.2.a", - "12.2.2.b" - ], - "ProwlerThreatScore-1.0": [ - "1.1.1" - ], - "CIS-4.0": [ - "1.7" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure User-Managed/External Keys for Service Accounts Are Rotated Every 90 Days", - "title": "Ensure User-Managed/External Keys for Service Accounts Are Rotated Every 90 Days", - "types": [], - "uid": "prowler-gcp-iam_sa_user_managed_key_rotate_90_days-nodal-time-474015-p5-global-test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "email": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "display_name": "CCC Test User: test-user-trusted", - "keys": [ - { - "name": "2be636359d12f2e126e0d77f6dfaa3ba883c97c6", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-12T13:15:46", - "valid_before": "2025-10-29T13:15:46" - }, - { - "name": "b42bff156412b21c8615812a79d72ba55d6bafb4", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:44", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "24a51f6716e116e4b0c095d727d4a101242b82a2", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "a9ef76bd9a4bf65183c4eca79577351caf8a8b9c", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:47", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "3ec34a6521569dd67684f27f37d1d6ab56db09dc", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:43", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c450c6187eeddc932b29ffd3d0f3e675bf53af62", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:45", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "da1ab7a5db1c4c450463dd8897ce39f496b0ad66", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "f69cf03d448314cf03036f08165420dfe98b3992", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:50", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "ce51dbe0ea021fb2e8124f86d8842546246040c1", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:51", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "9fb92292efcb6cf783f5b7ef3bc67a293bea8a33", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:52", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c0604742fabec0b925df21e0606a25c9e007f571", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:38:22", - "valid_before": "9999-12-31T23:59:59" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "101453138596815216260" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "type": "ServiceAccountKey", - "uid": "da1ab7a5db1c4c450463dd8897ce39f496b0ad66" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended that all Service Account keys are regularly rotated.", - "references": [ - "https://cloud.google.com/iam/docs/creating-managing-service-account-keys" - ] - }, - "risk_details": "Service Account keys should be rotated to ensure that data cannot be accessed with an old key that might have been lost, cracked, or stolen.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User-managed key f69cf03d448314cf03036f08165420dfe98b3992 for account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was rotated over the last 90 days (4 days ago).", - "metadata": { - "event_code": "iam_sa_user_managed_key_rotate_90_days", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "PASS", - "status_detail": "User-managed key f69cf03d448314cf03036f08165420dfe98b3992 for account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was rotated over the last 90 days (4 days ago).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.7" - ], - "ISO27001-2022": [ - "A.5.16" - ], - "ENS-RD2022": [ - "op.acc.6.r1.gcp.ip.1" - ], - "PCI-4.0": [ - "3.7.5.2", - "7.2.5.1.2", - "8.3.10.1.1", - "8.3.5.1", - "8.3.7.1", - "8.3.9.1", - "8.6.3.1" - ], - "MITRE-ATTACK": [ - "T1078", - "T1098" - ], - "CIS-2.0": [ - "1.7" - ], - "NIS2": [ - "9.2.c", - "9.2.c.i", - "9.2.c.ii", - "9.2.c.v", - "9.2.c.vi", - "9.2.c.vii", - "9.2.c.xii", - "11.5.4", - "11.6.2.c", - "12.2.2.a", - "12.2.2.b" - ], - "ProwlerThreatScore-1.0": [ - "1.1.1" - ], - "CIS-4.0": [ - "1.7" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure User-Managed/External Keys for Service Accounts Are Rotated Every 90 Days", - "title": "Ensure User-Managed/External Keys for Service Accounts Are Rotated Every 90 Days", - "types": [], - "uid": "prowler-gcp-iam_sa_user_managed_key_rotate_90_days-nodal-time-474015-p5-global-test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "email": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "display_name": "CCC Test User: test-user-trusted", - "keys": [ - { - "name": "2be636359d12f2e126e0d77f6dfaa3ba883c97c6", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-12T13:15:46", - "valid_before": "2025-10-29T13:15:46" - }, - { - "name": "b42bff156412b21c8615812a79d72ba55d6bafb4", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:44", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "24a51f6716e116e4b0c095d727d4a101242b82a2", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "a9ef76bd9a4bf65183c4eca79577351caf8a8b9c", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:47", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "3ec34a6521569dd67684f27f37d1d6ab56db09dc", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:43", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c450c6187eeddc932b29ffd3d0f3e675bf53af62", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:45", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "da1ab7a5db1c4c450463dd8897ce39f496b0ad66", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "f69cf03d448314cf03036f08165420dfe98b3992", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:50", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "ce51dbe0ea021fb2e8124f86d8842546246040c1", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:51", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "9fb92292efcb6cf783f5b7ef3bc67a293bea8a33", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:52", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c0604742fabec0b925df21e0606a25c9e007f571", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:38:22", - "valid_before": "9999-12-31T23:59:59" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "101453138596815216260" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "type": "ServiceAccountKey", - "uid": "f69cf03d448314cf03036f08165420dfe98b3992" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended that all Service Account keys are regularly rotated.", - "references": [ - "https://cloud.google.com/iam/docs/creating-managing-service-account-keys" - ] - }, - "risk_details": "Service Account keys should be rotated to ensure that data cannot be accessed with an old key that might have been lost, cracked, or stolen.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User-managed key ce51dbe0ea021fb2e8124f86d8842546246040c1 for account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was rotated over the last 90 days (4 days ago).", - "metadata": { - "event_code": "iam_sa_user_managed_key_rotate_90_days", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "PASS", - "status_detail": "User-managed key ce51dbe0ea021fb2e8124f86d8842546246040c1 for account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was rotated over the last 90 days (4 days ago).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.7" - ], - "ISO27001-2022": [ - "A.5.16" - ], - "ENS-RD2022": [ - "op.acc.6.r1.gcp.ip.1" - ], - "PCI-4.0": [ - "3.7.5.2", - "7.2.5.1.2", - "8.3.10.1.1", - "8.3.5.1", - "8.3.7.1", - "8.3.9.1", - "8.6.3.1" - ], - "MITRE-ATTACK": [ - "T1078", - "T1098" - ], - "CIS-2.0": [ - "1.7" - ], - "NIS2": [ - "9.2.c", - "9.2.c.i", - "9.2.c.ii", - "9.2.c.v", - "9.2.c.vi", - "9.2.c.vii", - "9.2.c.xii", - "11.5.4", - "11.6.2.c", - "12.2.2.a", - "12.2.2.b" - ], - "ProwlerThreatScore-1.0": [ - "1.1.1" - ], - "CIS-4.0": [ - "1.7" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure User-Managed/External Keys for Service Accounts Are Rotated Every 90 Days", - "title": "Ensure User-Managed/External Keys for Service Accounts Are Rotated Every 90 Days", - "types": [], - "uid": "prowler-gcp-iam_sa_user_managed_key_rotate_90_days-nodal-time-474015-p5-global-test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "email": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "display_name": "CCC Test User: test-user-trusted", - "keys": [ - { - "name": "2be636359d12f2e126e0d77f6dfaa3ba883c97c6", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-12T13:15:46", - "valid_before": "2025-10-29T13:15:46" - }, - { - "name": "b42bff156412b21c8615812a79d72ba55d6bafb4", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:44", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "24a51f6716e116e4b0c095d727d4a101242b82a2", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "a9ef76bd9a4bf65183c4eca79577351caf8a8b9c", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:47", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "3ec34a6521569dd67684f27f37d1d6ab56db09dc", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:43", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c450c6187eeddc932b29ffd3d0f3e675bf53af62", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:45", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "da1ab7a5db1c4c450463dd8897ce39f496b0ad66", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "f69cf03d448314cf03036f08165420dfe98b3992", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:50", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "ce51dbe0ea021fb2e8124f86d8842546246040c1", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:51", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "9fb92292efcb6cf783f5b7ef3bc67a293bea8a33", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:52", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c0604742fabec0b925df21e0606a25c9e007f571", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:38:22", - "valid_before": "9999-12-31T23:59:59" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "101453138596815216260" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "type": "ServiceAccountKey", - "uid": "ce51dbe0ea021fb2e8124f86d8842546246040c1" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended that all Service Account keys are regularly rotated.", - "references": [ - "https://cloud.google.com/iam/docs/creating-managing-service-account-keys" - ] - }, - "risk_details": "Service Account keys should be rotated to ensure that data cannot be accessed with an old key that might have been lost, cracked, or stolen.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User-managed key 9fb92292efcb6cf783f5b7ef3bc67a293bea8a33 for account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was rotated over the last 90 days (4 days ago).", - "metadata": { - "event_code": "iam_sa_user_managed_key_rotate_90_days", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "PASS", - "status_detail": "User-managed key 9fb92292efcb6cf783f5b7ef3bc67a293bea8a33 for account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was rotated over the last 90 days (4 days ago).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.7" - ], - "ISO27001-2022": [ - "A.5.16" - ], - "ENS-RD2022": [ - "op.acc.6.r1.gcp.ip.1" - ], - "PCI-4.0": [ - "3.7.5.2", - "7.2.5.1.2", - "8.3.10.1.1", - "8.3.5.1", - "8.3.7.1", - "8.3.9.1", - "8.6.3.1" - ], - "MITRE-ATTACK": [ - "T1078", - "T1098" - ], - "CIS-2.0": [ - "1.7" - ], - "NIS2": [ - "9.2.c", - "9.2.c.i", - "9.2.c.ii", - "9.2.c.v", - "9.2.c.vi", - "9.2.c.vii", - "9.2.c.xii", - "11.5.4", - "11.6.2.c", - "12.2.2.a", - "12.2.2.b" - ], - "ProwlerThreatScore-1.0": [ - "1.1.1" - ], - "CIS-4.0": [ - "1.7" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure User-Managed/External Keys for Service Accounts Are Rotated Every 90 Days", - "title": "Ensure User-Managed/External Keys for Service Accounts Are Rotated Every 90 Days", - "types": [], - "uid": "prowler-gcp-iam_sa_user_managed_key_rotate_90_days-nodal-time-474015-p5-global-test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "email": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "display_name": "CCC Test User: test-user-trusted", - "keys": [ - { - "name": "2be636359d12f2e126e0d77f6dfaa3ba883c97c6", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-12T13:15:46", - "valid_before": "2025-10-29T13:15:46" - }, - { - "name": "b42bff156412b21c8615812a79d72ba55d6bafb4", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:44", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "24a51f6716e116e4b0c095d727d4a101242b82a2", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "a9ef76bd9a4bf65183c4eca79577351caf8a8b9c", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:47", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "3ec34a6521569dd67684f27f37d1d6ab56db09dc", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:43", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c450c6187eeddc932b29ffd3d0f3e675bf53af62", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:45", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "da1ab7a5db1c4c450463dd8897ce39f496b0ad66", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "f69cf03d448314cf03036f08165420dfe98b3992", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:50", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "ce51dbe0ea021fb2e8124f86d8842546246040c1", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:51", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "9fb92292efcb6cf783f5b7ef3bc67a293bea8a33", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:52", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c0604742fabec0b925df21e0606a25c9e007f571", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:38:22", - "valid_before": "9999-12-31T23:59:59" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "101453138596815216260" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "type": "ServiceAccountKey", - "uid": "9fb92292efcb6cf783f5b7ef3bc67a293bea8a33" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended that all Service Account keys are regularly rotated.", - "references": [ - "https://cloud.google.com/iam/docs/creating-managing-service-account-keys" - ] - }, - "risk_details": "Service Account keys should be rotated to ensure that data cannot be accessed with an old key that might have been lost, cracked, or stolen.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User-managed key c0604742fabec0b925df21e0606a25c9e007f571 for account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was rotated over the last 90 days (4 days ago).", - "metadata": { - "event_code": "iam_sa_user_managed_key_rotate_90_days", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "PASS", - "status_detail": "User-managed key c0604742fabec0b925df21e0606a25c9e007f571 for account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was rotated over the last 90 days (4 days ago).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.7" - ], - "ISO27001-2022": [ - "A.5.16" - ], - "ENS-RD2022": [ - "op.acc.6.r1.gcp.ip.1" - ], - "PCI-4.0": [ - "3.7.5.2", - "7.2.5.1.2", - "8.3.10.1.1", - "8.3.5.1", - "8.3.7.1", - "8.3.9.1", - "8.6.3.1" - ], - "MITRE-ATTACK": [ - "T1078", - "T1098" - ], - "CIS-2.0": [ - "1.7" - ], - "NIS2": [ - "9.2.c", - "9.2.c.i", - "9.2.c.ii", - "9.2.c.v", - "9.2.c.vi", - "9.2.c.vii", - "9.2.c.xii", - "11.5.4", - "11.6.2.c", - "12.2.2.a", - "12.2.2.b" - ], - "ProwlerThreatScore-1.0": [ - "1.1.1" - ], - "CIS-4.0": [ - "1.7" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure User-Managed/External Keys for Service Accounts Are Rotated Every 90 Days", - "title": "Ensure User-Managed/External Keys for Service Accounts Are Rotated Every 90 Days", - "types": [], - "uid": "prowler-gcp-iam_sa_user_managed_key_rotate_90_days-nodal-time-474015-p5-global-test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "email": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "display_name": "CCC Test User: test-user-trusted", - "keys": [ - { - "name": "2be636359d12f2e126e0d77f6dfaa3ba883c97c6", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-12T13:15:46", - "valid_before": "2025-10-29T13:15:46" - }, - { - "name": "b42bff156412b21c8615812a79d72ba55d6bafb4", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:44", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "24a51f6716e116e4b0c095d727d4a101242b82a2", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "a9ef76bd9a4bf65183c4eca79577351caf8a8b9c", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:47", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "3ec34a6521569dd67684f27f37d1d6ab56db09dc", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:43", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c450c6187eeddc932b29ffd3d0f3e675bf53af62", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:45", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "da1ab7a5db1c4c450463dd8897ce39f496b0ad66", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "f69cf03d448314cf03036f08165420dfe98b3992", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:50", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "ce51dbe0ea021fb2e8124f86d8842546246040c1", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:51", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "9fb92292efcb6cf783f5b7ef3bc67a293bea8a33", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:52", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c0604742fabec0b925df21e0606a25c9e007f571", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:38:22", - "valid_before": "9999-12-31T23:59:59" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "101453138596815216260" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "type": "ServiceAccountKey", - "uid": "c0604742fabec0b925df21e0606a25c9e007f571" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended that all Service Account keys are regularly rotated.", - "references": [ - "https://cloud.google.com/iam/docs/creating-managing-service-account-keys" - ] - }, - "risk_details": "Service Account keys should be rotated to ensure that data cannot be accessed with an old key that might have been lost, cracked, or stolen.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User-managed key b42bff156412b21c8615812a79d72ba55d6bafb4 for Service Account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was not used over the last 180 days.", - "metadata": { - "event_code": "iam_sa_user_managed_key_unused", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "User-managed key b42bff156412b21c8615812a79d72ba55d6bafb4 for Service Account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was not used over the last 180 days.", - "status_id": 1, - "unmapped": { - "related_url": "https://cloud.google.com/iam/docs/service-account-overview#identify-unused", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_1_3", - "cc_6_3" - ], - "MITRE-ATTACK": [ - "T1078" - ], - "NIS2": [ - "6.2.2.b", - "9.2.c", - "9.2.c.i", - "9.2.c.vii", - "9.2.c.xii", - "11.5.4" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure That There Are No Unused Service Account Keys for Each Service Account.", - "title": "Ensure That There Are No Unused Service Account Keys for Each Service Account", - "types": [], - "uid": "prowler-gcp-iam_sa_user_managed_key_unused-nodal-time-474015-p5-global-test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "email": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "display_name": "CCC Test User: test-user-trusted", - "keys": [ - { - "name": "2be636359d12f2e126e0d77f6dfaa3ba883c97c6", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-12T13:15:46", - "valid_before": "2025-10-29T13:15:46" - }, - { - "name": "b42bff156412b21c8615812a79d72ba55d6bafb4", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:44", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "24a51f6716e116e4b0c095d727d4a101242b82a2", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "a9ef76bd9a4bf65183c4eca79577351caf8a8b9c", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:47", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "3ec34a6521569dd67684f27f37d1d6ab56db09dc", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:43", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c450c6187eeddc932b29ffd3d0f3e675bf53af62", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:45", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "da1ab7a5db1c4c450463dd8897ce39f496b0ad66", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "f69cf03d448314cf03036f08165420dfe98b3992", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:50", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "ce51dbe0ea021fb2e8124f86d8842546246040c1", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:51", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "9fb92292efcb6cf783f5b7ef3bc67a293bea8a33", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:52", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c0604742fabec0b925df21e0606a25c9e007f571", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:38:22", - "valid_before": "9999-12-31T23:59:59" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "101453138596815216260" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "type": "ServiceAccountKey", - "uid": "b42bff156412b21c8615812a79d72ba55d6bafb4" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended to prevent user-managed service account keys.", - "references": [ - "https://cloud.google.com/iam/docs/creating-managing-service-account-keys" - ] - }, - "risk_details": "Anyone who has access to the keys will be able to access resources through the service account. GCP-managed keys are used by Cloud Platform services such as App Engine and Compute Engine. These keys cannot be downloaded. Google will keep the keys and automatically rotate them on an approximately weekly basis. User-managed keys are created, downloadable, and managed by users.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User-managed key 24a51f6716e116e4b0c095d727d4a101242b82a2 for Service Account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was not used over the last 180 days.", - "metadata": { - "event_code": "iam_sa_user_managed_key_unused", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "User-managed key 24a51f6716e116e4b0c095d727d4a101242b82a2 for Service Account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was not used over the last 180 days.", - "status_id": 1, - "unmapped": { - "related_url": "https://cloud.google.com/iam/docs/service-account-overview#identify-unused", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_1_3", - "cc_6_3" - ], - "MITRE-ATTACK": [ - "T1078" - ], - "NIS2": [ - "6.2.2.b", - "9.2.c", - "9.2.c.i", - "9.2.c.vii", - "9.2.c.xii", - "11.5.4" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure That There Are No Unused Service Account Keys for Each Service Account.", - "title": "Ensure That There Are No Unused Service Account Keys for Each Service Account", - "types": [], - "uid": "prowler-gcp-iam_sa_user_managed_key_unused-nodal-time-474015-p5-global-test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "email": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "display_name": "CCC Test User: test-user-trusted", - "keys": [ - { - "name": "2be636359d12f2e126e0d77f6dfaa3ba883c97c6", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-12T13:15:46", - "valid_before": "2025-10-29T13:15:46" - }, - { - "name": "b42bff156412b21c8615812a79d72ba55d6bafb4", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:44", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "24a51f6716e116e4b0c095d727d4a101242b82a2", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "a9ef76bd9a4bf65183c4eca79577351caf8a8b9c", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:47", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "3ec34a6521569dd67684f27f37d1d6ab56db09dc", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:43", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c450c6187eeddc932b29ffd3d0f3e675bf53af62", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:45", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "da1ab7a5db1c4c450463dd8897ce39f496b0ad66", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "f69cf03d448314cf03036f08165420dfe98b3992", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:50", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "ce51dbe0ea021fb2e8124f86d8842546246040c1", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:51", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "9fb92292efcb6cf783f5b7ef3bc67a293bea8a33", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:52", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c0604742fabec0b925df21e0606a25c9e007f571", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:38:22", - "valid_before": "9999-12-31T23:59:59" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "101453138596815216260" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "type": "ServiceAccountKey", - "uid": "24a51f6716e116e4b0c095d727d4a101242b82a2" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended to prevent user-managed service account keys.", - "references": [ - "https://cloud.google.com/iam/docs/creating-managing-service-account-keys" - ] - }, - "risk_details": "Anyone who has access to the keys will be able to access resources through the service account. GCP-managed keys are used by Cloud Platform services such as App Engine and Compute Engine. These keys cannot be downloaded. Google will keep the keys and automatically rotate them on an approximately weekly basis. User-managed keys are created, downloadable, and managed by users.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User-managed key a9ef76bd9a4bf65183c4eca79577351caf8a8b9c for Service Account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was not used over the last 180 days.", - "metadata": { - "event_code": "iam_sa_user_managed_key_unused", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "User-managed key a9ef76bd9a4bf65183c4eca79577351caf8a8b9c for Service Account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was not used over the last 180 days.", - "status_id": 1, - "unmapped": { - "related_url": "https://cloud.google.com/iam/docs/service-account-overview#identify-unused", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_1_3", - "cc_6_3" - ], - "MITRE-ATTACK": [ - "T1078" - ], - "NIS2": [ - "6.2.2.b", - "9.2.c", - "9.2.c.i", - "9.2.c.vii", - "9.2.c.xii", - "11.5.4" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure That There Are No Unused Service Account Keys for Each Service Account.", - "title": "Ensure That There Are No Unused Service Account Keys for Each Service Account", - "types": [], - "uid": "prowler-gcp-iam_sa_user_managed_key_unused-nodal-time-474015-p5-global-test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "email": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "display_name": "CCC Test User: test-user-trusted", - "keys": [ - { - "name": "2be636359d12f2e126e0d77f6dfaa3ba883c97c6", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-12T13:15:46", - "valid_before": "2025-10-29T13:15:46" - }, - { - "name": "b42bff156412b21c8615812a79d72ba55d6bafb4", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:44", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "24a51f6716e116e4b0c095d727d4a101242b82a2", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "a9ef76bd9a4bf65183c4eca79577351caf8a8b9c", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:47", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "3ec34a6521569dd67684f27f37d1d6ab56db09dc", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:43", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c450c6187eeddc932b29ffd3d0f3e675bf53af62", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:45", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "da1ab7a5db1c4c450463dd8897ce39f496b0ad66", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "f69cf03d448314cf03036f08165420dfe98b3992", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:50", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "ce51dbe0ea021fb2e8124f86d8842546246040c1", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:51", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "9fb92292efcb6cf783f5b7ef3bc67a293bea8a33", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:52", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c0604742fabec0b925df21e0606a25c9e007f571", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:38:22", - "valid_before": "9999-12-31T23:59:59" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "101453138596815216260" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "type": "ServiceAccountKey", - "uid": "a9ef76bd9a4bf65183c4eca79577351caf8a8b9c" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended to prevent user-managed service account keys.", - "references": [ - "https://cloud.google.com/iam/docs/creating-managing-service-account-keys" - ] - }, - "risk_details": "Anyone who has access to the keys will be able to access resources through the service account. GCP-managed keys are used by Cloud Platform services such as App Engine and Compute Engine. These keys cannot be downloaded. Google will keep the keys and automatically rotate them on an approximately weekly basis. User-managed keys are created, downloadable, and managed by users.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User-managed key 3ec34a6521569dd67684f27f37d1d6ab56db09dc for Service Account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was not used over the last 180 days.", - "metadata": { - "event_code": "iam_sa_user_managed_key_unused", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "User-managed key 3ec34a6521569dd67684f27f37d1d6ab56db09dc for Service Account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was not used over the last 180 days.", - "status_id": 1, - "unmapped": { - "related_url": "https://cloud.google.com/iam/docs/service-account-overview#identify-unused", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_1_3", - "cc_6_3" - ], - "MITRE-ATTACK": [ - "T1078" - ], - "NIS2": [ - "6.2.2.b", - "9.2.c", - "9.2.c.i", - "9.2.c.vii", - "9.2.c.xii", - "11.5.4" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure That There Are No Unused Service Account Keys for Each Service Account.", - "title": "Ensure That There Are No Unused Service Account Keys for Each Service Account", - "types": [], - "uid": "prowler-gcp-iam_sa_user_managed_key_unused-nodal-time-474015-p5-global-test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "email": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "display_name": "CCC Test User: test-user-trusted", - "keys": [ - { - "name": "2be636359d12f2e126e0d77f6dfaa3ba883c97c6", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-12T13:15:46", - "valid_before": "2025-10-29T13:15:46" - }, - { - "name": "b42bff156412b21c8615812a79d72ba55d6bafb4", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:44", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "24a51f6716e116e4b0c095d727d4a101242b82a2", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "a9ef76bd9a4bf65183c4eca79577351caf8a8b9c", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:47", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "3ec34a6521569dd67684f27f37d1d6ab56db09dc", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:43", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c450c6187eeddc932b29ffd3d0f3e675bf53af62", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:45", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "da1ab7a5db1c4c450463dd8897ce39f496b0ad66", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "f69cf03d448314cf03036f08165420dfe98b3992", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:50", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "ce51dbe0ea021fb2e8124f86d8842546246040c1", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:51", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "9fb92292efcb6cf783f5b7ef3bc67a293bea8a33", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:52", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c0604742fabec0b925df21e0606a25c9e007f571", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:38:22", - "valid_before": "9999-12-31T23:59:59" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "101453138596815216260" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "type": "ServiceAccountKey", - "uid": "3ec34a6521569dd67684f27f37d1d6ab56db09dc" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended to prevent user-managed service account keys.", - "references": [ - "https://cloud.google.com/iam/docs/creating-managing-service-account-keys" - ] - }, - "risk_details": "Anyone who has access to the keys will be able to access resources through the service account. GCP-managed keys are used by Cloud Platform services such as App Engine and Compute Engine. These keys cannot be downloaded. Google will keep the keys and automatically rotate them on an approximately weekly basis. User-managed keys are created, downloadable, and managed by users.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User-managed key c450c6187eeddc932b29ffd3d0f3e675bf53af62 for Service Account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was not used over the last 180 days.", - "metadata": { - "event_code": "iam_sa_user_managed_key_unused", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "User-managed key c450c6187eeddc932b29ffd3d0f3e675bf53af62 for Service Account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was not used over the last 180 days.", - "status_id": 1, - "unmapped": { - "related_url": "https://cloud.google.com/iam/docs/service-account-overview#identify-unused", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_1_3", - "cc_6_3" - ], - "MITRE-ATTACK": [ - "T1078" - ], - "NIS2": [ - "6.2.2.b", - "9.2.c", - "9.2.c.i", - "9.2.c.vii", - "9.2.c.xii", - "11.5.4" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure That There Are No Unused Service Account Keys for Each Service Account.", - "title": "Ensure That There Are No Unused Service Account Keys for Each Service Account", - "types": [], - "uid": "prowler-gcp-iam_sa_user_managed_key_unused-nodal-time-474015-p5-global-test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "email": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "display_name": "CCC Test User: test-user-trusted", - "keys": [ - { - "name": "2be636359d12f2e126e0d77f6dfaa3ba883c97c6", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-12T13:15:46", - "valid_before": "2025-10-29T13:15:46" - }, - { - "name": "b42bff156412b21c8615812a79d72ba55d6bafb4", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:44", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "24a51f6716e116e4b0c095d727d4a101242b82a2", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "a9ef76bd9a4bf65183c4eca79577351caf8a8b9c", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:47", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "3ec34a6521569dd67684f27f37d1d6ab56db09dc", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:43", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c450c6187eeddc932b29ffd3d0f3e675bf53af62", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:45", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "da1ab7a5db1c4c450463dd8897ce39f496b0ad66", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "f69cf03d448314cf03036f08165420dfe98b3992", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:50", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "ce51dbe0ea021fb2e8124f86d8842546246040c1", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:51", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "9fb92292efcb6cf783f5b7ef3bc67a293bea8a33", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:52", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c0604742fabec0b925df21e0606a25c9e007f571", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:38:22", - "valid_before": "9999-12-31T23:59:59" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "101453138596815216260" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "type": "ServiceAccountKey", - "uid": "c450c6187eeddc932b29ffd3d0f3e675bf53af62" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended to prevent user-managed service account keys.", - "references": [ - "https://cloud.google.com/iam/docs/creating-managing-service-account-keys" - ] - }, - "risk_details": "Anyone who has access to the keys will be able to access resources through the service account. GCP-managed keys are used by Cloud Platform services such as App Engine and Compute Engine. These keys cannot be downloaded. Google will keep the keys and automatically rotate them on an approximately weekly basis. User-managed keys are created, downloadable, and managed by users.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User-managed key da1ab7a5db1c4c450463dd8897ce39f496b0ad66 for Service Account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was not used over the last 180 days.", - "metadata": { - "event_code": "iam_sa_user_managed_key_unused", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "User-managed key da1ab7a5db1c4c450463dd8897ce39f496b0ad66 for Service Account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was not used over the last 180 days.", - "status_id": 1, - "unmapped": { - "related_url": "https://cloud.google.com/iam/docs/service-account-overview#identify-unused", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_1_3", - "cc_6_3" - ], - "MITRE-ATTACK": [ - "T1078" - ], - "NIS2": [ - "6.2.2.b", - "9.2.c", - "9.2.c.i", - "9.2.c.vii", - "9.2.c.xii", - "11.5.4" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure That There Are No Unused Service Account Keys for Each Service Account.", - "title": "Ensure That There Are No Unused Service Account Keys for Each Service Account", - "types": [], - "uid": "prowler-gcp-iam_sa_user_managed_key_unused-nodal-time-474015-p5-global-test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "email": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "display_name": "CCC Test User: test-user-trusted", - "keys": [ - { - "name": "2be636359d12f2e126e0d77f6dfaa3ba883c97c6", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-12T13:15:46", - "valid_before": "2025-10-29T13:15:46" - }, - { - "name": "b42bff156412b21c8615812a79d72ba55d6bafb4", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:44", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "24a51f6716e116e4b0c095d727d4a101242b82a2", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "a9ef76bd9a4bf65183c4eca79577351caf8a8b9c", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:47", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "3ec34a6521569dd67684f27f37d1d6ab56db09dc", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:43", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c450c6187eeddc932b29ffd3d0f3e675bf53af62", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:45", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "da1ab7a5db1c4c450463dd8897ce39f496b0ad66", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "f69cf03d448314cf03036f08165420dfe98b3992", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:50", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "ce51dbe0ea021fb2e8124f86d8842546246040c1", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:51", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "9fb92292efcb6cf783f5b7ef3bc67a293bea8a33", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:52", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c0604742fabec0b925df21e0606a25c9e007f571", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:38:22", - "valid_before": "9999-12-31T23:59:59" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "101453138596815216260" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "type": "ServiceAccountKey", - "uid": "da1ab7a5db1c4c450463dd8897ce39f496b0ad66" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended to prevent user-managed service account keys.", - "references": [ - "https://cloud.google.com/iam/docs/creating-managing-service-account-keys" - ] - }, - "risk_details": "Anyone who has access to the keys will be able to access resources through the service account. GCP-managed keys are used by Cloud Platform services such as App Engine and Compute Engine. These keys cannot be downloaded. Google will keep the keys and automatically rotate them on an approximately weekly basis. User-managed keys are created, downloadable, and managed by users.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User-managed key f69cf03d448314cf03036f08165420dfe98b3992 for Service Account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was not used over the last 180 days.", - "metadata": { - "event_code": "iam_sa_user_managed_key_unused", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "User-managed key f69cf03d448314cf03036f08165420dfe98b3992 for Service Account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was not used over the last 180 days.", - "status_id": 1, - "unmapped": { - "related_url": "https://cloud.google.com/iam/docs/service-account-overview#identify-unused", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_1_3", - "cc_6_3" - ], - "MITRE-ATTACK": [ - "T1078" - ], - "NIS2": [ - "6.2.2.b", - "9.2.c", - "9.2.c.i", - "9.2.c.vii", - "9.2.c.xii", - "11.5.4" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure That There Are No Unused Service Account Keys for Each Service Account.", - "title": "Ensure That There Are No Unused Service Account Keys for Each Service Account", - "types": [], - "uid": "prowler-gcp-iam_sa_user_managed_key_unused-nodal-time-474015-p5-global-test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "email": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "display_name": "CCC Test User: test-user-trusted", - "keys": [ - { - "name": "2be636359d12f2e126e0d77f6dfaa3ba883c97c6", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-12T13:15:46", - "valid_before": "2025-10-29T13:15:46" - }, - { - "name": "b42bff156412b21c8615812a79d72ba55d6bafb4", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:44", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "24a51f6716e116e4b0c095d727d4a101242b82a2", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "a9ef76bd9a4bf65183c4eca79577351caf8a8b9c", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:47", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "3ec34a6521569dd67684f27f37d1d6ab56db09dc", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:43", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c450c6187eeddc932b29ffd3d0f3e675bf53af62", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:45", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "da1ab7a5db1c4c450463dd8897ce39f496b0ad66", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "f69cf03d448314cf03036f08165420dfe98b3992", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:50", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "ce51dbe0ea021fb2e8124f86d8842546246040c1", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:51", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "9fb92292efcb6cf783f5b7ef3bc67a293bea8a33", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:52", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c0604742fabec0b925df21e0606a25c9e007f571", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:38:22", - "valid_before": "9999-12-31T23:59:59" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "101453138596815216260" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "type": "ServiceAccountKey", - "uid": "f69cf03d448314cf03036f08165420dfe98b3992" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended to prevent user-managed service account keys.", - "references": [ - "https://cloud.google.com/iam/docs/creating-managing-service-account-keys" - ] - }, - "risk_details": "Anyone who has access to the keys will be able to access resources through the service account. GCP-managed keys are used by Cloud Platform services such as App Engine and Compute Engine. These keys cannot be downloaded. Google will keep the keys and automatically rotate them on an approximately weekly basis. User-managed keys are created, downloadable, and managed by users.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User-managed key ce51dbe0ea021fb2e8124f86d8842546246040c1 for Service Account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was not used over the last 180 days.", - "metadata": { - "event_code": "iam_sa_user_managed_key_unused", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "User-managed key ce51dbe0ea021fb2e8124f86d8842546246040c1 for Service Account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was not used over the last 180 days.", - "status_id": 1, - "unmapped": { - "related_url": "https://cloud.google.com/iam/docs/service-account-overview#identify-unused", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_1_3", - "cc_6_3" - ], - "MITRE-ATTACK": [ - "T1078" - ], - "NIS2": [ - "6.2.2.b", - "9.2.c", - "9.2.c.i", - "9.2.c.vii", - "9.2.c.xii", - "11.5.4" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure That There Are No Unused Service Account Keys for Each Service Account.", - "title": "Ensure That There Are No Unused Service Account Keys for Each Service Account", - "types": [], - "uid": "prowler-gcp-iam_sa_user_managed_key_unused-nodal-time-474015-p5-global-test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "email": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "display_name": "CCC Test User: test-user-trusted", - "keys": [ - { - "name": "2be636359d12f2e126e0d77f6dfaa3ba883c97c6", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-12T13:15:46", - "valid_before": "2025-10-29T13:15:46" - }, - { - "name": "b42bff156412b21c8615812a79d72ba55d6bafb4", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:44", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "24a51f6716e116e4b0c095d727d4a101242b82a2", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "a9ef76bd9a4bf65183c4eca79577351caf8a8b9c", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:47", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "3ec34a6521569dd67684f27f37d1d6ab56db09dc", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:43", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c450c6187eeddc932b29ffd3d0f3e675bf53af62", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:45", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "da1ab7a5db1c4c450463dd8897ce39f496b0ad66", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "f69cf03d448314cf03036f08165420dfe98b3992", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:50", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "ce51dbe0ea021fb2e8124f86d8842546246040c1", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:51", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "9fb92292efcb6cf783f5b7ef3bc67a293bea8a33", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:52", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c0604742fabec0b925df21e0606a25c9e007f571", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:38:22", - "valid_before": "9999-12-31T23:59:59" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "101453138596815216260" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "type": "ServiceAccountKey", - "uid": "ce51dbe0ea021fb2e8124f86d8842546246040c1" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended to prevent user-managed service account keys.", - "references": [ - "https://cloud.google.com/iam/docs/creating-managing-service-account-keys" - ] - }, - "risk_details": "Anyone who has access to the keys will be able to access resources through the service account. GCP-managed keys are used by Cloud Platform services such as App Engine and Compute Engine. These keys cannot be downloaded. Google will keep the keys and automatically rotate them on an approximately weekly basis. User-managed keys are created, downloadable, and managed by users.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User-managed key 9fb92292efcb6cf783f5b7ef3bc67a293bea8a33 for Service Account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was not used over the last 180 days.", - "metadata": { - "event_code": "iam_sa_user_managed_key_unused", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "User-managed key 9fb92292efcb6cf783f5b7ef3bc67a293bea8a33 for Service Account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was not used over the last 180 days.", - "status_id": 1, - "unmapped": { - "related_url": "https://cloud.google.com/iam/docs/service-account-overview#identify-unused", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_1_3", - "cc_6_3" - ], - "MITRE-ATTACK": [ - "T1078" - ], - "NIS2": [ - "6.2.2.b", - "9.2.c", - "9.2.c.i", - "9.2.c.vii", - "9.2.c.xii", - "11.5.4" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure That There Are No Unused Service Account Keys for Each Service Account.", - "title": "Ensure That There Are No Unused Service Account Keys for Each Service Account", - "types": [], - "uid": "prowler-gcp-iam_sa_user_managed_key_unused-nodal-time-474015-p5-global-test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "email": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "display_name": "CCC Test User: test-user-trusted", - "keys": [ - { - "name": "2be636359d12f2e126e0d77f6dfaa3ba883c97c6", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-12T13:15:46", - "valid_before": "2025-10-29T13:15:46" - }, - { - "name": "b42bff156412b21c8615812a79d72ba55d6bafb4", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:44", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "24a51f6716e116e4b0c095d727d4a101242b82a2", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "a9ef76bd9a4bf65183c4eca79577351caf8a8b9c", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:47", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "3ec34a6521569dd67684f27f37d1d6ab56db09dc", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:43", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c450c6187eeddc932b29ffd3d0f3e675bf53af62", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:45", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "da1ab7a5db1c4c450463dd8897ce39f496b0ad66", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "f69cf03d448314cf03036f08165420dfe98b3992", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:50", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "ce51dbe0ea021fb2e8124f86d8842546246040c1", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:51", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "9fb92292efcb6cf783f5b7ef3bc67a293bea8a33", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:52", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c0604742fabec0b925df21e0606a25c9e007f571", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:38:22", - "valid_before": "9999-12-31T23:59:59" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "101453138596815216260" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "type": "ServiceAccountKey", - "uid": "9fb92292efcb6cf783f5b7ef3bc67a293bea8a33" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended to prevent user-managed service account keys.", - "references": [ - "https://cloud.google.com/iam/docs/creating-managing-service-account-keys" - ] - }, - "risk_details": "Anyone who has access to the keys will be able to access resources through the service account. GCP-managed keys are used by Cloud Platform services such as App Engine and Compute Engine. These keys cannot be downloaded. Google will keep the keys and automatically rotate them on an approximately weekly basis. User-managed keys are created, downloadable, and managed by users.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User-managed key c0604742fabec0b925df21e0606a25c9e007f571 for Service Account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was not used over the last 180 days.", - "metadata": { - "event_code": "iam_sa_user_managed_key_unused", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "User-managed key c0604742fabec0b925df21e0606a25c9e007f571 for Service Account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was not used over the last 180 days.", - "status_id": 1, - "unmapped": { - "related_url": "https://cloud.google.com/iam/docs/service-account-overview#identify-unused", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_1_3", - "cc_6_3" - ], - "MITRE-ATTACK": [ - "T1078" - ], - "NIS2": [ - "6.2.2.b", - "9.2.c", - "9.2.c.i", - "9.2.c.vii", - "9.2.c.xii", - "11.5.4" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure That There Are No Unused Service Account Keys for Each Service Account.", - "title": "Ensure That There Are No Unused Service Account Keys for Each Service Account", - "types": [], - "uid": "prowler-gcp-iam_sa_user_managed_key_unused-nodal-time-474015-p5-global-test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "email": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "display_name": "CCC Test User: test-user-trusted", - "keys": [ - { - "name": "2be636359d12f2e126e0d77f6dfaa3ba883c97c6", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-12T13:15:46", - "valid_before": "2025-10-29T13:15:46" - }, - { - "name": "b42bff156412b21c8615812a79d72ba55d6bafb4", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:44", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "24a51f6716e116e4b0c095d727d4a101242b82a2", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "a9ef76bd9a4bf65183c4eca79577351caf8a8b9c", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:47", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "3ec34a6521569dd67684f27f37d1d6ab56db09dc", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:43", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c450c6187eeddc932b29ffd3d0f3e675bf53af62", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:45", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "da1ab7a5db1c4c450463dd8897ce39f496b0ad66", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "f69cf03d448314cf03036f08165420dfe98b3992", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:50", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "ce51dbe0ea021fb2e8124f86d8842546246040c1", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:51", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "9fb92292efcb6cf783f5b7ef3bc67a293bea8a33", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:52", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c0604742fabec0b925df21e0606a25c9e007f571", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:38:22", - "valid_before": "9999-12-31T23:59:59" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "101453138596815216260" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "type": "ServiceAccountKey", - "uid": "c0604742fabec0b925df21e0606a25c9e007f571" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended to prevent user-managed service account keys.", - "references": [ - "https://cloud.google.com/iam/docs/creating-managing-service-account-keys" - ] - }, - "risk_details": "Anyone who has access to the keys will be able to access resources through the service account. GCP-managed keys are used by Cloud Platform services such as App Engine and Compute Engine. These keys cannot be downloaded. Google will keep the keys and automatically rotate them on an approximately weekly basis. User-managed keys are created, downloadable, and managed by users.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Service Account gha-deployer@nodal-time-474015-p5.iam.gserviceaccount.com was used over the last 180 days.", - "metadata": { - "event_code": "iam_service_account_unused", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Service Account gha-deployer@nodal-time-474015-p5.iam.gserviceaccount.com was used over the last 180 days.", - "status_id": 1, - "unmapped": { - "related_url": "https://cloud.google.com/iam/docs/service-account-overview#identify-unused", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "MITRE-ATTACK": [ - "T1078" - ], - "NIS2": [ - "6.2.2.b", - "11.1.2.c", - "11.2.2.a", - "11.2.2.d", - "11.3.1", - "11.3.2.a", - "11.3.2.c", - "11.4.2.a", - "11.4.2.c", - "11.5.4" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure That There Are No Unused Service Accounts.", - "title": "Ensure That There Are No Unused Service Accounts", - "types": [], - "uid": "prowler-gcp-iam_service_account_unused-nodal-time-474015-p5-global-projects/nodal-time-474015-p5/serviceAccounts/gha-deployer@nodal-time-474015-p5.iam.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/gha-deployer@nodal-time-474015-p5.iam.gserviceaccount.com", - "email": "gha-deployer@nodal-time-474015-p5.iam.gserviceaccount.com", - "display_name": "GitHub Actions Deployer", - "keys": [ - { - "name": "3f2a81ba4bce0b39089b85a2e7678d09d2d183f6", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-16T22:26:26", - "valid_before": "2027-10-28T08:50:15" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "114112078080729873885" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "projects/nodal-time-474015-p5/serviceAccounts/gha-deployer@nodal-time-474015-p5.iam.gserviceaccount.com", - "type": "ServiceAccount", - "uid": "gha-deployer@nodal-time-474015-p5.iam.gserviceaccount.com" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended to disable or remove unused Service Accounts.", - "references": [ - "https://cloud.google.com/iam/docs/service-account-overview#identify-unused" - ] - }, - "risk_details": "A malicious actor could make use of privilege escalation or impersonation to access an unused Service Account that is over-privileged.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Service Account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was not used over the last 180 days.", - "metadata": { - "event_code": "iam_service_account_unused", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Service Account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was not used over the last 180 days.", - "status_id": 1, - "unmapped": { - "related_url": "https://cloud.google.com/iam/docs/service-account-overview#identify-unused", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "MITRE-ATTACK": [ - "T1078" - ], - "NIS2": [ - "6.2.2.b", - "11.1.2.c", - "11.2.2.a", - "11.2.2.d", - "11.3.1", - "11.3.2.a", - "11.3.2.c", - "11.4.2.a", - "11.4.2.c", - "11.5.4" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure That There Are No Unused Service Accounts.", - "title": "Ensure That There Are No Unused Service Accounts", - "types": [], - "uid": "prowler-gcp-iam_service_account_unused-nodal-time-474015-p5-global-projects/nodal-time-474015-p5/serviceAccounts/test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "email": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "display_name": "CCC Test User: test-user-trusted", - "keys": [ - { - "name": "2be636359d12f2e126e0d77f6dfaa3ba883c97c6", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-12T13:15:46", - "valid_before": "2025-10-29T13:15:46" - }, - { - "name": "b42bff156412b21c8615812a79d72ba55d6bafb4", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:44", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "24a51f6716e116e4b0c095d727d4a101242b82a2", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "a9ef76bd9a4bf65183c4eca79577351caf8a8b9c", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:47", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "3ec34a6521569dd67684f27f37d1d6ab56db09dc", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:43", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c450c6187eeddc932b29ffd3d0f3e675bf53af62", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:45", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "da1ab7a5db1c4c450463dd8897ce39f496b0ad66", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "f69cf03d448314cf03036f08165420dfe98b3992", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:50", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "ce51dbe0ea021fb2e8124f86d8842546246040c1", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:51", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "9fb92292efcb6cf783f5b7ef3bc67a293bea8a33", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:52", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c0604742fabec0b925df21e0606a25c9e007f571", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:38:22", - "valid_before": "9999-12-31T23:59:59" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "101453138596815216260" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "projects/nodal-time-474015-p5/serviceAccounts/test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "type": "ServiceAccount", - "uid": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended to disable or remove unused Service Accounts.", - "references": [ - "https://cloud.google.com/iam/docs/service-account-overview#identify-unused" - ] - }, - "risk_details": "A malicious actor could make use of privilege escalation or impersonation to access an unused Service Account that is over-privileged.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Service Account 784623368087-compute@developer.gserviceaccount.com was not used over the last 180 days.", - "metadata": { - "event_code": "iam_service_account_unused", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Service Account 784623368087-compute@developer.gserviceaccount.com was not used over the last 180 days.", - "status_id": 1, - "unmapped": { - "related_url": "https://cloud.google.com/iam/docs/service-account-overview#identify-unused", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "MITRE-ATTACK": [ - "T1078" - ], - "NIS2": [ - "6.2.2.b", - "11.1.2.c", - "11.2.2.a", - "11.2.2.d", - "11.3.1", - "11.3.2.a", - "11.3.2.c", - "11.4.2.a", - "11.4.2.c", - "11.5.4" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure That There Are No Unused Service Accounts.", - "title": "Ensure That There Are No Unused Service Accounts", - "types": [], - "uid": "prowler-gcp-iam_service_account_unused-nodal-time-474015-p5-global-projects/nodal-time-474015-p5/serviceAccounts/784623368087-compute@developer.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/784623368087-compute@developer.gserviceaccount.com", - "email": "784623368087-compute@developer.gserviceaccount.com", - "display_name": "Compute Engine default service account", - "keys": [ - { - "name": "202c306e41b020fefe81250bea563d31c07138e3", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-06T10:25:01", - "valid_before": "2025-10-23T10:25:01" - }, - { - "name": "93b9e85d69bcb0503b5a7696d8b3bf5855a91d37", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-15T10:25:01", - "valid_before": "2025-10-31T10:25:01" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "111974737467208838860" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "projects/nodal-time-474015-p5/serviceAccounts/784623368087-compute@developer.gserviceaccount.com", - "type": "ServiceAccount", - "uid": "784623368087-compute@developer.gserviceaccount.com" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended to disable or remove unused Service Accounts.", - "references": [ - "https://cloud.google.com/iam/docs/service-account-overview#identify-unused" - ] - }, - "risk_details": "A malicious actor could make use of privilege escalation or impersonation to access an unused Service Account that is over-privileged.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Service Account vertex-ai-workbench-sa@nodal-time-474015-p5.iam.gserviceaccount.com was not used over the last 180 days.", - "metadata": { - "event_code": "iam_service_account_unused", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Service Account vertex-ai-workbench-sa@nodal-time-474015-p5.iam.gserviceaccount.com was not used over the last 180 days.", - "status_id": 1, - "unmapped": { - "related_url": "https://cloud.google.com/iam/docs/service-account-overview#identify-unused", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "MITRE-ATTACK": [ - "T1078" - ], - "NIS2": [ - "6.2.2.b", - "11.1.2.c", - "11.2.2.a", - "11.2.2.d", - "11.3.1", - "11.3.2.a", - "11.3.2.c", - "11.4.2.a", - "11.4.2.c", - "11.5.4" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure That There Are No Unused Service Accounts.", - "title": "Ensure That There Are No Unused Service Accounts", - "types": [], - "uid": "prowler-gcp-iam_service_account_unused-nodal-time-474015-p5-global-projects/nodal-time-474015-p5/serviceAccounts/vertex-ai-workbench-sa@nodal-time-474015-p5.iam.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/vertex-ai-workbench-sa@nodal-time-474015-p5.iam.gserviceaccount.com", - "email": "vertex-ai-workbench-sa@nodal-time-474015-p5.iam.gserviceaccount.com", - "display_name": "Vertex AI Workbench Service Account", - "keys": [ - { - "name": "92e39887344dae71e19dc25c005a53a68ceb62cb", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-16T23:21:52", - "valid_before": "2027-10-29T23:07:36" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "108352930858191263233" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "projects/nodal-time-474015-p5/serviceAccounts/vertex-ai-workbench-sa@nodal-time-474015-p5.iam.gserviceaccount.com", - "type": "ServiceAccount", - "uid": "vertex-ai-workbench-sa@nodal-time-474015-p5.iam.gserviceaccount.com" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended to disable or remove unused Service Accounts.", - "references": [ - "https://cloud.google.com/iam/docs/service-account-overview#identify-unused" - ] - }, - "risk_details": "A malicious actor could make use of privilege escalation or impersonation to access an unused Service Account that is over-privileged.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Key cfi-bucket-key-13fa4761 is not exposed to Public.", - "metadata": { - "event_code": "kms_key_not_publicly_accessible", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Key cfi-bucket-key-13fa4761 is not exposed to Public.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.9" - ], - "ISO27001-2022": [ - "A.8.1", - "A.8.12", - "A.8.24" - ], - "ENS-RD2022": [ - "op.exp.10.gcp.kms.1" - ], - "PCI-4.0": [ - "10.3.3.6", - "3.5.1.1.7", - "3.5.1.1.8", - "3.5.1.3.15", - "3.5.1.3.16", - "3.5.1.5", - "3.5.1.15", - "3.5.1.16", - "3.5.1.17", - "3.5.1.31", - "3.5.1.32", - "3.5.1.35", - "3.6.1.2.7", - "3.6.1.2.8", - "3.6.1.3.7", - "3.6.1.3.8", - "3.6.1.4.7", - "3.6.1.4.8", - "3.6.1.7", - "3.6.1.8", - "3.7.1.8", - "3.7.1.9", - "3.7.2.7", - "3.7.2.8", - "3.7.4.5", - "3.7.4.8", - "3.7.4.9", - "3.7.5.2", - "3.7.6.7", - "3.7.6.8", - "3.7.7.7", - "3.7.7.8", - "4.2.1.1.20", - "4.2.1.1.21", - "7.2.1.9", - "7.2.1.10", - "7.2.2.9", - "7.2.2.10", - "7.2.3.5", - "7.2.3.6", - "7.2.5.5", - "7.2.5.6", - "7.3.1.5", - "7.3.1.6", - "7.3.2.5", - "7.3.2.6", - "7.3.3.5", - "7.3.3.6", - "8.2.7.5", - "8.2.7.6", - "8.2.8.7", - "8.2.8.8", - "8.3.2.9", - "8.3.2.24", - "8.3.2.50", - "8.3.2.51", - "8.3.2.53", - "8.3.2.54", - "8.3.4.5", - "8.3.4.6", - "A1.2.1.11" - ], - "MITRE-ATTACK": [ - "T1190" - ], - "CIS-2.0": [ - "1.9" - ], - "NIS2": [ - "9.2.c", - "9.2.c.i", - "9.2.c.iv", - "9.2.c.vi", - "9.2.c.xii", - "11.4.2.c", - "11.6.1" - ], - "ProwlerThreatScore-1.0": [ - "1.2.3" - ], - "CIS-4.0": [ - "1.9" - ], - "CCC": [ - "CCC.GenAI.CN03.AR01", - "CCC.GenAI.CN04.AR01", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR01", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN02.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04", - "CCC.Core.CN11.AR05", - "CCC.Core.CN11.AR06", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Check for Publicly Accessible Cloud KMS Keys", - "title": "Check for Publicly Accessible Cloud KMS Keys", - "types": [], - "uid": "prowler-gcp-kms_key_not_publicly_accessible-nodal-time-474015-p5-us-central1-cfi-bucket-key-13fa4761" - }, - "resources": [ - { - "region": "us-central1", - "data": { - "details": "", - "metadata": { - "id": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-13fa4761/cryptoKeys/cfi-bucket-key-13fa4761", - "name": "cfi-bucket-key-13fa4761", - "location": "us-central1", - "rotation_period": null, - "next_rotation_time": null, - "key_ring": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-13fa4761", - "members": [], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "cfi-bucket-key-13fa4761", - "type": "CryptoKey", - "uid": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-13fa4761/cryptoKeys/cfi-bucket-key-13fa4761" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-central1" - }, - "remediation": { - "desc": "To deny access from anonymous and public users, remove the bindings for 'allUsers' and 'allAuthenticatedUsers' members from the KMS key's IAM policy.", - "references": [ - "https://cloud.google.com/kms/docs/iam" - ] - }, - "risk_details": "Ensure that the IAM policy associated with your Cloud Key Management Service (KMS) keys is restricting anonymous and/or public access", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Key cfi-bucket-key-1c7d7a2a is not exposed to Public.", - "metadata": { - "event_code": "kms_key_not_publicly_accessible", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Key cfi-bucket-key-1c7d7a2a is not exposed to Public.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.9" - ], - "ISO27001-2022": [ - "A.8.1", - "A.8.12", - "A.8.24" - ], - "ENS-RD2022": [ - "op.exp.10.gcp.kms.1" - ], - "PCI-4.0": [ - "10.3.3.6", - "3.5.1.1.7", - "3.5.1.1.8", - "3.5.1.3.15", - "3.5.1.3.16", - "3.5.1.5", - "3.5.1.15", - "3.5.1.16", - "3.5.1.17", - "3.5.1.31", - "3.5.1.32", - "3.5.1.35", - "3.6.1.2.7", - "3.6.1.2.8", - "3.6.1.3.7", - "3.6.1.3.8", - "3.6.1.4.7", - "3.6.1.4.8", - "3.6.1.7", - "3.6.1.8", - "3.7.1.8", - "3.7.1.9", - "3.7.2.7", - "3.7.2.8", - "3.7.4.5", - "3.7.4.8", - "3.7.4.9", - "3.7.5.2", - "3.7.6.7", - "3.7.6.8", - "3.7.7.7", - "3.7.7.8", - "4.2.1.1.20", - "4.2.1.1.21", - "7.2.1.9", - "7.2.1.10", - "7.2.2.9", - "7.2.2.10", - "7.2.3.5", - "7.2.3.6", - "7.2.5.5", - "7.2.5.6", - "7.3.1.5", - "7.3.1.6", - "7.3.2.5", - "7.3.2.6", - "7.3.3.5", - "7.3.3.6", - "8.2.7.5", - "8.2.7.6", - "8.2.8.7", - "8.2.8.8", - "8.3.2.9", - "8.3.2.24", - "8.3.2.50", - "8.3.2.51", - "8.3.2.53", - "8.3.2.54", - "8.3.4.5", - "8.3.4.6", - "A1.2.1.11" - ], - "MITRE-ATTACK": [ - "T1190" - ], - "CIS-2.0": [ - "1.9" - ], - "NIS2": [ - "9.2.c", - "9.2.c.i", - "9.2.c.iv", - "9.2.c.vi", - "9.2.c.xii", - "11.4.2.c", - "11.6.1" - ], - "ProwlerThreatScore-1.0": [ - "1.2.3" - ], - "CIS-4.0": [ - "1.9" - ], - "CCC": [ - "CCC.GenAI.CN03.AR01", - "CCC.GenAI.CN04.AR01", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR01", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN02.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04", - "CCC.Core.CN11.AR05", - "CCC.Core.CN11.AR06", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Check for Publicly Accessible Cloud KMS Keys", - "title": "Check for Publicly Accessible Cloud KMS Keys", - "types": [], - "uid": "prowler-gcp-kms_key_not_publicly_accessible-nodal-time-474015-p5-us-central1-cfi-bucket-key-1c7d7a2a" - }, - "resources": [ - { - "region": "us-central1", - "data": { - "details": "", - "metadata": { - "id": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-1c7d7a2a/cryptoKeys/cfi-bucket-key-1c7d7a2a", - "name": "cfi-bucket-key-1c7d7a2a", - "location": "us-central1", - "rotation_period": null, - "next_rotation_time": null, - "key_ring": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-1c7d7a2a", - "members": [], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "cfi-bucket-key-1c7d7a2a", - "type": "CryptoKey", - "uid": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-1c7d7a2a/cryptoKeys/cfi-bucket-key-1c7d7a2a" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-central1" - }, - "remediation": { - "desc": "To deny access from anonymous and public users, remove the bindings for 'allUsers' and 'allAuthenticatedUsers' members from the KMS key's IAM policy.", - "references": [ - "https://cloud.google.com/kms/docs/iam" - ] - }, - "risk_details": "Ensure that the IAM policy associated with your Cloud Key Management Service (KMS) keys is restricting anonymous and/or public access", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Key cfi-bucket-key-1fba850e is not exposed to Public.", - "metadata": { - "event_code": "kms_key_not_publicly_accessible", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Key cfi-bucket-key-1fba850e is not exposed to Public.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.9" - ], - "ISO27001-2022": [ - "A.8.1", - "A.8.12", - "A.8.24" - ], - "ENS-RD2022": [ - "op.exp.10.gcp.kms.1" - ], - "PCI-4.0": [ - "10.3.3.6", - "3.5.1.1.7", - "3.5.1.1.8", - "3.5.1.3.15", - "3.5.1.3.16", - "3.5.1.5", - "3.5.1.15", - "3.5.1.16", - "3.5.1.17", - "3.5.1.31", - "3.5.1.32", - "3.5.1.35", - "3.6.1.2.7", - "3.6.1.2.8", - "3.6.1.3.7", - "3.6.1.3.8", - "3.6.1.4.7", - "3.6.1.4.8", - "3.6.1.7", - "3.6.1.8", - "3.7.1.8", - "3.7.1.9", - "3.7.2.7", - "3.7.2.8", - "3.7.4.5", - "3.7.4.8", - "3.7.4.9", - "3.7.5.2", - "3.7.6.7", - "3.7.6.8", - "3.7.7.7", - "3.7.7.8", - "4.2.1.1.20", - "4.2.1.1.21", - "7.2.1.9", - "7.2.1.10", - "7.2.2.9", - "7.2.2.10", - "7.2.3.5", - "7.2.3.6", - "7.2.5.5", - "7.2.5.6", - "7.3.1.5", - "7.3.1.6", - "7.3.2.5", - "7.3.2.6", - "7.3.3.5", - "7.3.3.6", - "8.2.7.5", - "8.2.7.6", - "8.2.8.7", - "8.2.8.8", - "8.3.2.9", - "8.3.2.24", - "8.3.2.50", - "8.3.2.51", - "8.3.2.53", - "8.3.2.54", - "8.3.4.5", - "8.3.4.6", - "A1.2.1.11" - ], - "MITRE-ATTACK": [ - "T1190" - ], - "CIS-2.0": [ - "1.9" - ], - "NIS2": [ - "9.2.c", - "9.2.c.i", - "9.2.c.iv", - "9.2.c.vi", - "9.2.c.xii", - "11.4.2.c", - "11.6.1" - ], - "ProwlerThreatScore-1.0": [ - "1.2.3" - ], - "CIS-4.0": [ - "1.9" - ], - "CCC": [ - "CCC.GenAI.CN03.AR01", - "CCC.GenAI.CN04.AR01", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR01", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN02.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04", - "CCC.Core.CN11.AR05", - "CCC.Core.CN11.AR06", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Check for Publicly Accessible Cloud KMS Keys", - "title": "Check for Publicly Accessible Cloud KMS Keys", - "types": [], - "uid": "prowler-gcp-kms_key_not_publicly_accessible-nodal-time-474015-p5-us-central1-cfi-bucket-key-1fba850e" - }, - "resources": [ - { - "region": "us-central1", - "data": { - "details": "", - "metadata": { - "id": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-1fba850e/cryptoKeys/cfi-bucket-key-1fba850e", - "name": "cfi-bucket-key-1fba850e", - "location": "us-central1", - "rotation_period": "2592000s", - "next_rotation_time": "2025-11-15T23:25:31.957183Z", - "key_ring": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-1fba850e", - "members": [], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "cfi-bucket-key-1fba850e", - "type": "CryptoKey", - "uid": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-1fba850e/cryptoKeys/cfi-bucket-key-1fba850e" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-central1" - }, - "remediation": { - "desc": "To deny access from anonymous and public users, remove the bindings for 'allUsers' and 'allAuthenticatedUsers' members from the KMS key's IAM policy.", - "references": [ - "https://cloud.google.com/kms/docs/iam" - ] - }, - "risk_details": "Ensure that the IAM policy associated with your Cloud Key Management Service (KMS) keys is restricting anonymous and/or public access", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Key cfi-bucket-key-4cd10935 is not exposed to Public.", - "metadata": { - "event_code": "kms_key_not_publicly_accessible", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Key cfi-bucket-key-4cd10935 is not exposed to Public.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.9" - ], - "ISO27001-2022": [ - "A.8.1", - "A.8.12", - "A.8.24" - ], - "ENS-RD2022": [ - "op.exp.10.gcp.kms.1" - ], - "PCI-4.0": [ - "10.3.3.6", - "3.5.1.1.7", - "3.5.1.1.8", - "3.5.1.3.15", - "3.5.1.3.16", - "3.5.1.5", - "3.5.1.15", - "3.5.1.16", - "3.5.1.17", - "3.5.1.31", - "3.5.1.32", - "3.5.1.35", - "3.6.1.2.7", - "3.6.1.2.8", - "3.6.1.3.7", - "3.6.1.3.8", - "3.6.1.4.7", - "3.6.1.4.8", - "3.6.1.7", - "3.6.1.8", - "3.7.1.8", - "3.7.1.9", - "3.7.2.7", - "3.7.2.8", - "3.7.4.5", - "3.7.4.8", - "3.7.4.9", - "3.7.5.2", - "3.7.6.7", - "3.7.6.8", - "3.7.7.7", - "3.7.7.8", - "4.2.1.1.20", - "4.2.1.1.21", - "7.2.1.9", - "7.2.1.10", - "7.2.2.9", - "7.2.2.10", - "7.2.3.5", - "7.2.3.6", - "7.2.5.5", - "7.2.5.6", - "7.3.1.5", - "7.3.1.6", - "7.3.2.5", - "7.3.2.6", - "7.3.3.5", - "7.3.3.6", - "8.2.7.5", - "8.2.7.6", - "8.2.8.7", - "8.2.8.8", - "8.3.2.9", - "8.3.2.24", - "8.3.2.50", - "8.3.2.51", - "8.3.2.53", - "8.3.2.54", - "8.3.4.5", - "8.3.4.6", - "A1.2.1.11" - ], - "MITRE-ATTACK": [ - "T1190" - ], - "CIS-2.0": [ - "1.9" - ], - "NIS2": [ - "9.2.c", - "9.2.c.i", - "9.2.c.iv", - "9.2.c.vi", - "9.2.c.xii", - "11.4.2.c", - "11.6.1" - ], - "ProwlerThreatScore-1.0": [ - "1.2.3" - ], - "CIS-4.0": [ - "1.9" - ], - "CCC": [ - "CCC.GenAI.CN03.AR01", - "CCC.GenAI.CN04.AR01", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR01", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN02.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04", - "CCC.Core.CN11.AR05", - "CCC.Core.CN11.AR06", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Check for Publicly Accessible Cloud KMS Keys", - "title": "Check for Publicly Accessible Cloud KMS Keys", - "types": [], - "uid": "prowler-gcp-kms_key_not_publicly_accessible-nodal-time-474015-p5-us-central1-cfi-bucket-key-4cd10935" - }, - "resources": [ - { - "region": "us-central1", - "data": { - "details": "", - "metadata": { - "id": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-4cd10935/cryptoKeys/cfi-bucket-key-4cd10935", - "name": "cfi-bucket-key-4cd10935", - "location": "us-central1", - "rotation_period": null, - "next_rotation_time": null, - "key_ring": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-4cd10935", - "members": [], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "cfi-bucket-key-4cd10935", - "type": "CryptoKey", - "uid": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-4cd10935/cryptoKeys/cfi-bucket-key-4cd10935" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-central1" - }, - "remediation": { - "desc": "To deny access from anonymous and public users, remove the bindings for 'allUsers' and 'allAuthenticatedUsers' members from the KMS key's IAM policy.", - "references": [ - "https://cloud.google.com/kms/docs/iam" - ] - }, - "risk_details": "Ensure that the IAM policy associated with your Cloud Key Management Service (KMS) keys is restricting anonymous and/or public access", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Key cfi-bucket-key-7a427af0 is not exposed to Public.", - "metadata": { - "event_code": "kms_key_not_publicly_accessible", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Key cfi-bucket-key-7a427af0 is not exposed to Public.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.9" - ], - "ISO27001-2022": [ - "A.8.1", - "A.8.12", - "A.8.24" - ], - "ENS-RD2022": [ - "op.exp.10.gcp.kms.1" - ], - "PCI-4.0": [ - "10.3.3.6", - "3.5.1.1.7", - "3.5.1.1.8", - "3.5.1.3.15", - "3.5.1.3.16", - "3.5.1.5", - "3.5.1.15", - "3.5.1.16", - "3.5.1.17", - "3.5.1.31", - "3.5.1.32", - "3.5.1.35", - "3.6.1.2.7", - "3.6.1.2.8", - "3.6.1.3.7", - "3.6.1.3.8", - "3.6.1.4.7", - "3.6.1.4.8", - "3.6.1.7", - "3.6.1.8", - "3.7.1.8", - "3.7.1.9", - "3.7.2.7", - "3.7.2.8", - "3.7.4.5", - "3.7.4.8", - "3.7.4.9", - "3.7.5.2", - "3.7.6.7", - "3.7.6.8", - "3.7.7.7", - "3.7.7.8", - "4.2.1.1.20", - "4.2.1.1.21", - "7.2.1.9", - "7.2.1.10", - "7.2.2.9", - "7.2.2.10", - "7.2.3.5", - "7.2.3.6", - "7.2.5.5", - "7.2.5.6", - "7.3.1.5", - "7.3.1.6", - "7.3.2.5", - "7.3.2.6", - "7.3.3.5", - "7.3.3.6", - "8.2.7.5", - "8.2.7.6", - "8.2.8.7", - "8.2.8.8", - "8.3.2.9", - "8.3.2.24", - "8.3.2.50", - "8.3.2.51", - "8.3.2.53", - "8.3.2.54", - "8.3.4.5", - "8.3.4.6", - "A1.2.1.11" - ], - "MITRE-ATTACK": [ - "T1190" - ], - "CIS-2.0": [ - "1.9" - ], - "NIS2": [ - "9.2.c", - "9.2.c.i", - "9.2.c.iv", - "9.2.c.vi", - "9.2.c.xii", - "11.4.2.c", - "11.6.1" - ], - "ProwlerThreatScore-1.0": [ - "1.2.3" - ], - "CIS-4.0": [ - "1.9" - ], - "CCC": [ - "CCC.GenAI.CN03.AR01", - "CCC.GenAI.CN04.AR01", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR01", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN02.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04", - "CCC.Core.CN11.AR05", - "CCC.Core.CN11.AR06", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Check for Publicly Accessible Cloud KMS Keys", - "title": "Check for Publicly Accessible Cloud KMS Keys", - "types": [], - "uid": "prowler-gcp-kms_key_not_publicly_accessible-nodal-time-474015-p5-us-central1-cfi-bucket-key-7a427af0" - }, - "resources": [ - { - "region": "us-central1", - "data": { - "details": "", - "metadata": { - "id": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-7a427af0/cryptoKeys/cfi-bucket-key-7a427af0", - "name": "cfi-bucket-key-7a427af0", - "location": "us-central1", - "rotation_period": "2592000s", - "next_rotation_time": "2025-11-16T15:28:10.344444Z", - "key_ring": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-7a427af0", - "members": [], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "cfi-bucket-key-7a427af0", - "type": "CryptoKey", - "uid": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-7a427af0/cryptoKeys/cfi-bucket-key-7a427af0" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-central1" - }, - "remediation": { - "desc": "To deny access from anonymous and public users, remove the bindings for 'allUsers' and 'allAuthenticatedUsers' members from the KMS key's IAM policy.", - "references": [ - "https://cloud.google.com/kms/docs/iam" - ] - }, - "risk_details": "Ensure that the IAM policy associated with your Cloud Key Management Service (KMS) keys is restricting anonymous and/or public access", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Key cfi-bucket-key-a03be2ac is not exposed to Public.", - "metadata": { - "event_code": "kms_key_not_publicly_accessible", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Key cfi-bucket-key-a03be2ac is not exposed to Public.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.9" - ], - "ISO27001-2022": [ - "A.8.1", - "A.8.12", - "A.8.24" - ], - "ENS-RD2022": [ - "op.exp.10.gcp.kms.1" - ], - "PCI-4.0": [ - "10.3.3.6", - "3.5.1.1.7", - "3.5.1.1.8", - "3.5.1.3.15", - "3.5.1.3.16", - "3.5.1.5", - "3.5.1.15", - "3.5.1.16", - "3.5.1.17", - "3.5.1.31", - "3.5.1.32", - "3.5.1.35", - "3.6.1.2.7", - "3.6.1.2.8", - "3.6.1.3.7", - "3.6.1.3.8", - "3.6.1.4.7", - "3.6.1.4.8", - "3.6.1.7", - "3.6.1.8", - "3.7.1.8", - "3.7.1.9", - "3.7.2.7", - "3.7.2.8", - "3.7.4.5", - "3.7.4.8", - "3.7.4.9", - "3.7.5.2", - "3.7.6.7", - "3.7.6.8", - "3.7.7.7", - "3.7.7.8", - "4.2.1.1.20", - "4.2.1.1.21", - "7.2.1.9", - "7.2.1.10", - "7.2.2.9", - "7.2.2.10", - "7.2.3.5", - "7.2.3.6", - "7.2.5.5", - "7.2.5.6", - "7.3.1.5", - "7.3.1.6", - "7.3.2.5", - "7.3.2.6", - "7.3.3.5", - "7.3.3.6", - "8.2.7.5", - "8.2.7.6", - "8.2.8.7", - "8.2.8.8", - "8.3.2.9", - "8.3.2.24", - "8.3.2.50", - "8.3.2.51", - "8.3.2.53", - "8.3.2.54", - "8.3.4.5", - "8.3.4.6", - "A1.2.1.11" - ], - "MITRE-ATTACK": [ - "T1190" - ], - "CIS-2.0": [ - "1.9" - ], - "NIS2": [ - "9.2.c", - "9.2.c.i", - "9.2.c.iv", - "9.2.c.vi", - "9.2.c.xii", - "11.4.2.c", - "11.6.1" - ], - "ProwlerThreatScore-1.0": [ - "1.2.3" - ], - "CIS-4.0": [ - "1.9" - ], - "CCC": [ - "CCC.GenAI.CN03.AR01", - "CCC.GenAI.CN04.AR01", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR01", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN02.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04", - "CCC.Core.CN11.AR05", - "CCC.Core.CN11.AR06", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Check for Publicly Accessible Cloud KMS Keys", - "title": "Check for Publicly Accessible Cloud KMS Keys", - "types": [], - "uid": "prowler-gcp-kms_key_not_publicly_accessible-nodal-time-474015-p5-us-central1-cfi-bucket-key-a03be2ac" - }, - "resources": [ - { - "region": "us-central1", - "data": { - "details": "", - "metadata": { - "id": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-a03be2ac/cryptoKeys/cfi-bucket-key-a03be2ac", - "name": "cfi-bucket-key-a03be2ac", - "location": "us-central1", - "rotation_period": null, - "next_rotation_time": null, - "key_ring": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-a03be2ac", - "members": [], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "cfi-bucket-key-a03be2ac", - "type": "CryptoKey", - "uid": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-a03be2ac/cryptoKeys/cfi-bucket-key-a03be2ac" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-central1" - }, - "remediation": { - "desc": "To deny access from anonymous and public users, remove the bindings for 'allUsers' and 'allAuthenticatedUsers' members from the KMS key's IAM policy.", - "references": [ - "https://cloud.google.com/kms/docs/iam" - ] - }, - "risk_details": "Ensure that the IAM policy associated with your Cloud Key Management Service (KMS) keys is restricting anonymous and/or public access", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Key cfi-bucket-key-a1aaa547 is not exposed to Public.", - "metadata": { - "event_code": "kms_key_not_publicly_accessible", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Key cfi-bucket-key-a1aaa547 is not exposed to Public.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.9" - ], - "ISO27001-2022": [ - "A.8.1", - "A.8.12", - "A.8.24" - ], - "ENS-RD2022": [ - "op.exp.10.gcp.kms.1" - ], - "PCI-4.0": [ - "10.3.3.6", - "3.5.1.1.7", - "3.5.1.1.8", - "3.5.1.3.15", - "3.5.1.3.16", - "3.5.1.5", - "3.5.1.15", - "3.5.1.16", - "3.5.1.17", - "3.5.1.31", - "3.5.1.32", - "3.5.1.35", - "3.6.1.2.7", - "3.6.1.2.8", - "3.6.1.3.7", - "3.6.1.3.8", - "3.6.1.4.7", - "3.6.1.4.8", - "3.6.1.7", - "3.6.1.8", - "3.7.1.8", - "3.7.1.9", - "3.7.2.7", - "3.7.2.8", - "3.7.4.5", - "3.7.4.8", - "3.7.4.9", - "3.7.5.2", - "3.7.6.7", - "3.7.6.8", - "3.7.7.7", - "3.7.7.8", - "4.2.1.1.20", - "4.2.1.1.21", - "7.2.1.9", - "7.2.1.10", - "7.2.2.9", - "7.2.2.10", - "7.2.3.5", - "7.2.3.6", - "7.2.5.5", - "7.2.5.6", - "7.3.1.5", - "7.3.1.6", - "7.3.2.5", - "7.3.2.6", - "7.3.3.5", - "7.3.3.6", - "8.2.7.5", - "8.2.7.6", - "8.2.8.7", - "8.2.8.8", - "8.3.2.9", - "8.3.2.24", - "8.3.2.50", - "8.3.2.51", - "8.3.2.53", - "8.3.2.54", - "8.3.4.5", - "8.3.4.6", - "A1.2.1.11" - ], - "MITRE-ATTACK": [ - "T1190" - ], - "CIS-2.0": [ - "1.9" - ], - "NIS2": [ - "9.2.c", - "9.2.c.i", - "9.2.c.iv", - "9.2.c.vi", - "9.2.c.xii", - "11.4.2.c", - "11.6.1" - ], - "ProwlerThreatScore-1.0": [ - "1.2.3" - ], - "CIS-4.0": [ - "1.9" - ], - "CCC": [ - "CCC.GenAI.CN03.AR01", - "CCC.GenAI.CN04.AR01", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR01", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN02.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04", - "CCC.Core.CN11.AR05", - "CCC.Core.CN11.AR06", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Check for Publicly Accessible Cloud KMS Keys", - "title": "Check for Publicly Accessible Cloud KMS Keys", - "types": [], - "uid": "prowler-gcp-kms_key_not_publicly_accessible-nodal-time-474015-p5-us-central1-cfi-bucket-key-a1aaa547" - }, - "resources": [ - { - "region": "us-central1", - "data": { - "details": "", - "metadata": { - "id": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-a1aaa547/cryptoKeys/cfi-bucket-key-a1aaa547", - "name": "cfi-bucket-key-a1aaa547", - "location": "us-central1", - "rotation_period": "2592000s", - "next_rotation_time": "2025-11-16T00:25:56.259471Z", - "key_ring": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-a1aaa547", - "members": [], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "cfi-bucket-key-a1aaa547", - "type": "CryptoKey", - "uid": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-a1aaa547/cryptoKeys/cfi-bucket-key-a1aaa547" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-central1" - }, - "remediation": { - "desc": "To deny access from anonymous and public users, remove the bindings for 'allUsers' and 'allAuthenticatedUsers' members from the KMS key's IAM policy.", - "references": [ - "https://cloud.google.com/kms/docs/iam" - ] - }, - "risk_details": "Ensure that the IAM policy associated with your Cloud Key Management Service (KMS) keys is restricting anonymous and/or public access", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Key cfi-bucket-key-e7619e1f is not exposed to Public.", - "metadata": { - "event_code": "kms_key_not_publicly_accessible", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Key cfi-bucket-key-e7619e1f is not exposed to Public.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.9" - ], - "ISO27001-2022": [ - "A.8.1", - "A.8.12", - "A.8.24" - ], - "ENS-RD2022": [ - "op.exp.10.gcp.kms.1" - ], - "PCI-4.0": [ - "10.3.3.6", - "3.5.1.1.7", - "3.5.1.1.8", - "3.5.1.3.15", - "3.5.1.3.16", - "3.5.1.5", - "3.5.1.15", - "3.5.1.16", - "3.5.1.17", - "3.5.1.31", - "3.5.1.32", - "3.5.1.35", - "3.6.1.2.7", - "3.6.1.2.8", - "3.6.1.3.7", - "3.6.1.3.8", - "3.6.1.4.7", - "3.6.1.4.8", - "3.6.1.7", - "3.6.1.8", - "3.7.1.8", - "3.7.1.9", - "3.7.2.7", - "3.7.2.8", - "3.7.4.5", - "3.7.4.8", - "3.7.4.9", - "3.7.5.2", - "3.7.6.7", - "3.7.6.8", - "3.7.7.7", - "3.7.7.8", - "4.2.1.1.20", - "4.2.1.1.21", - "7.2.1.9", - "7.2.1.10", - "7.2.2.9", - "7.2.2.10", - "7.2.3.5", - "7.2.3.6", - "7.2.5.5", - "7.2.5.6", - "7.3.1.5", - "7.3.1.6", - "7.3.2.5", - "7.3.2.6", - "7.3.3.5", - "7.3.3.6", - "8.2.7.5", - "8.2.7.6", - "8.2.8.7", - "8.2.8.8", - "8.3.2.9", - "8.3.2.24", - "8.3.2.50", - "8.3.2.51", - "8.3.2.53", - "8.3.2.54", - "8.3.4.5", - "8.3.4.6", - "A1.2.1.11" - ], - "MITRE-ATTACK": [ - "T1190" - ], - "CIS-2.0": [ - "1.9" - ], - "NIS2": [ - "9.2.c", - "9.2.c.i", - "9.2.c.iv", - "9.2.c.vi", - "9.2.c.xii", - "11.4.2.c", - "11.6.1" - ], - "ProwlerThreatScore-1.0": [ - "1.2.3" - ], - "CIS-4.0": [ - "1.9" - ], - "CCC": [ - "CCC.GenAI.CN03.AR01", - "CCC.GenAI.CN04.AR01", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR01", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN02.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04", - "CCC.Core.CN11.AR05", - "CCC.Core.CN11.AR06", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Check for Publicly Accessible Cloud KMS Keys", - "title": "Check for Publicly Accessible Cloud KMS Keys", - "types": [], - "uid": "prowler-gcp-kms_key_not_publicly_accessible-nodal-time-474015-p5-us-central1-cfi-bucket-key-e7619e1f" - }, - "resources": [ - { - "region": "us-central1", - "data": { - "details": "", - "metadata": { - "id": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-e7619e1f/cryptoKeys/cfi-bucket-key-e7619e1f", - "name": "cfi-bucket-key-e7619e1f", - "location": "us-central1", - "rotation_period": null, - "next_rotation_time": null, - "key_ring": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-e7619e1f", - "members": [], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "cfi-bucket-key-e7619e1f", - "type": "CryptoKey", - "uid": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-e7619e1f/cryptoKeys/cfi-bucket-key-e7619e1f" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-central1" - }, - "remediation": { - "desc": "To deny access from anonymous and public users, remove the bindings for 'allUsers' and 'allAuthenticatedUsers' members from the KMS key's IAM policy.", - "references": [ - "https://cloud.google.com/kms/docs/iam" - ] - }, - "risk_details": "Ensure that the IAM policy associated with your Cloud Key Management Service (KMS) keys is restricting anonymous and/or public access", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Key cfi-bucket-key-f5bc86ea is not exposed to Public.", - "metadata": { - "event_code": "kms_key_not_publicly_accessible", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Key cfi-bucket-key-f5bc86ea is not exposed to Public.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.9" - ], - "ISO27001-2022": [ - "A.8.1", - "A.8.12", - "A.8.24" - ], - "ENS-RD2022": [ - "op.exp.10.gcp.kms.1" - ], - "PCI-4.0": [ - "10.3.3.6", - "3.5.1.1.7", - "3.5.1.1.8", - "3.5.1.3.15", - "3.5.1.3.16", - "3.5.1.5", - "3.5.1.15", - "3.5.1.16", - "3.5.1.17", - "3.5.1.31", - "3.5.1.32", - "3.5.1.35", - "3.6.1.2.7", - "3.6.1.2.8", - "3.6.1.3.7", - "3.6.1.3.8", - "3.6.1.4.7", - "3.6.1.4.8", - "3.6.1.7", - "3.6.1.8", - "3.7.1.8", - "3.7.1.9", - "3.7.2.7", - "3.7.2.8", - "3.7.4.5", - "3.7.4.8", - "3.7.4.9", - "3.7.5.2", - "3.7.6.7", - "3.7.6.8", - "3.7.7.7", - "3.7.7.8", - "4.2.1.1.20", - "4.2.1.1.21", - "7.2.1.9", - "7.2.1.10", - "7.2.2.9", - "7.2.2.10", - "7.2.3.5", - "7.2.3.6", - "7.2.5.5", - "7.2.5.6", - "7.3.1.5", - "7.3.1.6", - "7.3.2.5", - "7.3.2.6", - "7.3.3.5", - "7.3.3.6", - "8.2.7.5", - "8.2.7.6", - "8.2.8.7", - "8.2.8.8", - "8.3.2.9", - "8.3.2.24", - "8.3.2.50", - "8.3.2.51", - "8.3.2.53", - "8.3.2.54", - "8.3.4.5", - "8.3.4.6", - "A1.2.1.11" - ], - "MITRE-ATTACK": [ - "T1190" - ], - "CIS-2.0": [ - "1.9" - ], - "NIS2": [ - "9.2.c", - "9.2.c.i", - "9.2.c.iv", - "9.2.c.vi", - "9.2.c.xii", - "11.4.2.c", - "11.6.1" - ], - "ProwlerThreatScore-1.0": [ - "1.2.3" - ], - "CIS-4.0": [ - "1.9" - ], - "CCC": [ - "CCC.GenAI.CN03.AR01", - "CCC.GenAI.CN04.AR01", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR01", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN02.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04", - "CCC.Core.CN11.AR05", - "CCC.Core.CN11.AR06", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Check for Publicly Accessible Cloud KMS Keys", - "title": "Check for Publicly Accessible Cloud KMS Keys", - "types": [], - "uid": "prowler-gcp-kms_key_not_publicly_accessible-nodal-time-474015-p5-us-central1-cfi-bucket-key-f5bc86ea" - }, - "resources": [ - { - "region": "us-central1", - "data": { - "details": "", - "metadata": { - "id": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-f5bc86ea/cryptoKeys/cfi-bucket-key-f5bc86ea", - "name": "cfi-bucket-key-f5bc86ea", - "location": "us-central1", - "rotation_period": null, - "next_rotation_time": null, - "key_ring": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-f5bc86ea", - "members": [], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "cfi-bucket-key-f5bc86ea", - "type": "CryptoKey", - "uid": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-f5bc86ea/cryptoKeys/cfi-bucket-key-f5bc86ea" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-central1" - }, - "remediation": { - "desc": "To deny access from anonymous and public users, remove the bindings for 'allUsers' and 'allAuthenticatedUsers' members from the KMS key's IAM policy.", - "references": [ - "https://cloud.google.com/kms/docs/iam" - ] - }, - "risk_details": "Ensure that the IAM policy associated with your Cloud Key Management Service (KMS) keys is restricting anonymous and/or public access", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Key cfi-bucket-key-13fa4761 is not rotated every 90 days or less and the next rotation time is in more than 90 days.", - "metadata": { - "event_code": "kms_key_rotation_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "Key cfi-bucket-key-13fa4761 is not rotated every 90 days or less and the next rotation time is in more than 90 days.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.10" - ], - "ISO27001-2022": [ - "A.5.16", - "A.8.12", - "A.8.24" - ], - "ENS-RD2022": [ - "op.acc.6.r1.gcp.ip.1" - ], - "PCI-4.0": [ - "10.3.3.6", - "3.5.1.1.7", - "3.5.1.1.8", - "3.5.1.1.9", - "3.5.1.3.15", - "3.5.1.3.16", - "3.5.1.3.17", - "3.5.1.5", - "3.5.1.15", - "3.5.1.31", - "3.5.1.32", - "3.6.1.2.7", - "3.6.1.2.8", - "3.6.1.2.9", - "3.6.1.3.8", - "3.6.1.3.9", - "3.6.1.4.7", - "3.6.1.4.8", - "3.6.1.4.9", - "3.6.1.7", - "3.6.1.8", - "3.6.1.9", - "3.7.1.9", - "3.7.1.10", - "3.7.2.8", - "3.7.2.9", - "3.7.4.5", - "3.7.4.9", - "3.7.4.10", - "3.7.5.2", - "3.7.6.7", - "3.7.6.8", - "3.7.6.9", - "3.7.7.8", - "3.7.7.9", - "4.2.1.1.20", - "4.2.1.1.21", - "4.2.1.1.22", - "7.2.1.10", - "7.2.2.10", - "7.2.3.5", - "7.2.3.6", - "7.2.5.5", - "7.2.5.6", - "7.3.1.5", - "7.3.1.6", - "7.3.2.6", - "7.3.3.5", - "7.3.3.6", - "8.2.7.5", - "8.2.7.6", - "8.2.8.8", - "8.3.10.1.1", - "8.3.2.9", - "8.3.2.22", - "8.3.2.50", - "8.3.2.51", - "8.3.4.6", - "8.3.5.1", - "8.3.7.1", - "8.3.9.1", - "8.6.3.1", - "A1.2.1.11" - ], - "CIS-2.0": [ - "1.10" - ], - "NIS2": [ - "9.2.c", - "9.2.c.i", - "9.2.c.ii", - "9.2.c.v", - "9.2.c.vi", - "9.2.c.xii", - "11.4.2.c", - "11.6.1", - "11.6.2.c", - "12.2.2.a", - "12.2.2.b" - ], - "ProwlerThreatScore-1.0": [ - "1.2.4" - ], - "CIS-4.0": [ - "1.10" - ], - "CCC": [ - "CCC.GenAI.CN08.AR01", - "CCC.KeyMgmt.CN03.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR01", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.Core.CN13.AR03", - "CCC.Core.CN02.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04", - "CCC.Core.CN11.AR05", - "CCC.Core.CN11.AR06", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure KMS keys are rotated within a period of 90 days", - "title": "Ensure KMS keys are rotated within a period of 90 days", - "types": [], - "uid": "prowler-gcp-kms_key_rotation_enabled-nodal-time-474015-p5-us-central1-cfi-bucket-key-13fa4761" - }, - "resources": [ - { - "region": "us-central1", - "data": { - "details": "", - "metadata": { - "id": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-13fa4761/cryptoKeys/cfi-bucket-key-13fa4761", - "name": "cfi-bucket-key-13fa4761", - "location": "us-central1", - "rotation_period": null, - "next_rotation_time": null, - "key_ring": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-13fa4761", - "members": [], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "cfi-bucket-key-13fa4761", - "type": "CryptoKey", - "uid": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-13fa4761/cryptoKeys/cfi-bucket-key-13fa4761" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-central1" - }, - "remediation": { - "desc": "After a successful key rotation, the older key version is required in order to decrypt the data encrypted by that previous key version.", - "references": [ - "https://cloud.google.com/iam/docs/manage-access-service-accounts" - ] - }, - "risk_details": "Ensure that all your Cloud Key Management Service (KMS) keys are rotated within a period of 90 days in order to meet security and compliance requirements", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Key cfi-bucket-key-1c7d7a2a is not rotated every 90 days or less and the next rotation time is in more than 90 days.", - "metadata": { - "event_code": "kms_key_rotation_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "Key cfi-bucket-key-1c7d7a2a is not rotated every 90 days or less and the next rotation time is in more than 90 days.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.10" - ], - "ISO27001-2022": [ - "A.5.16", - "A.8.12", - "A.8.24" - ], - "ENS-RD2022": [ - "op.acc.6.r1.gcp.ip.1" - ], - "PCI-4.0": [ - "10.3.3.6", - "3.5.1.1.7", - "3.5.1.1.8", - "3.5.1.1.9", - "3.5.1.3.15", - "3.5.1.3.16", - "3.5.1.3.17", - "3.5.1.5", - "3.5.1.15", - "3.5.1.31", - "3.5.1.32", - "3.6.1.2.7", - "3.6.1.2.8", - "3.6.1.2.9", - "3.6.1.3.8", - "3.6.1.3.9", - "3.6.1.4.7", - "3.6.1.4.8", - "3.6.1.4.9", - "3.6.1.7", - "3.6.1.8", - "3.6.1.9", - "3.7.1.9", - "3.7.1.10", - "3.7.2.8", - "3.7.2.9", - "3.7.4.5", - "3.7.4.9", - "3.7.4.10", - "3.7.5.2", - "3.7.6.7", - "3.7.6.8", - "3.7.6.9", - "3.7.7.8", - "3.7.7.9", - "4.2.1.1.20", - "4.2.1.1.21", - "4.2.1.1.22", - "7.2.1.10", - "7.2.2.10", - "7.2.3.5", - "7.2.3.6", - "7.2.5.5", - "7.2.5.6", - "7.3.1.5", - "7.3.1.6", - "7.3.2.6", - "7.3.3.5", - "7.3.3.6", - "8.2.7.5", - "8.2.7.6", - "8.2.8.8", - "8.3.10.1.1", - "8.3.2.9", - "8.3.2.22", - "8.3.2.50", - "8.3.2.51", - "8.3.4.6", - "8.3.5.1", - "8.3.7.1", - "8.3.9.1", - "8.6.3.1", - "A1.2.1.11" - ], - "CIS-2.0": [ - "1.10" - ], - "NIS2": [ - "9.2.c", - "9.2.c.i", - "9.2.c.ii", - "9.2.c.v", - "9.2.c.vi", - "9.2.c.xii", - "11.4.2.c", - "11.6.1", - "11.6.2.c", - "12.2.2.a", - "12.2.2.b" - ], - "ProwlerThreatScore-1.0": [ - "1.2.4" - ], - "CIS-4.0": [ - "1.10" - ], - "CCC": [ - "CCC.GenAI.CN08.AR01", - "CCC.KeyMgmt.CN03.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR01", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.Core.CN13.AR03", - "CCC.Core.CN02.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04", - "CCC.Core.CN11.AR05", - "CCC.Core.CN11.AR06", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure KMS keys are rotated within a period of 90 days", - "title": "Ensure KMS keys are rotated within a period of 90 days", - "types": [], - "uid": "prowler-gcp-kms_key_rotation_enabled-nodal-time-474015-p5-us-central1-cfi-bucket-key-1c7d7a2a" - }, - "resources": [ - { - "region": "us-central1", - "data": { - "details": "", - "metadata": { - "id": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-1c7d7a2a/cryptoKeys/cfi-bucket-key-1c7d7a2a", - "name": "cfi-bucket-key-1c7d7a2a", - "location": "us-central1", - "rotation_period": null, - "next_rotation_time": null, - "key_ring": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-1c7d7a2a", - "members": [], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "cfi-bucket-key-1c7d7a2a", - "type": "CryptoKey", - "uid": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-1c7d7a2a/cryptoKeys/cfi-bucket-key-1c7d7a2a" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-central1" - }, - "remediation": { - "desc": "After a successful key rotation, the older key version is required in order to decrypt the data encrypted by that previous key version.", - "references": [ - "https://cloud.google.com/iam/docs/manage-access-service-accounts" - ] - }, - "risk_details": "Ensure that all your Cloud Key Management Service (KMS) keys are rotated within a period of 90 days in order to meet security and compliance requirements", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Key cfi-bucket-key-1fba850e is rotated every 90 days or less and the next rotation time is in less than 90 days.", - "metadata": { - "event_code": "kms_key_rotation_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "PASS", - "status_detail": "Key cfi-bucket-key-1fba850e is rotated every 90 days or less and the next rotation time is in less than 90 days.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.10" - ], - "ISO27001-2022": [ - "A.5.16", - "A.8.12", - "A.8.24" - ], - "ENS-RD2022": [ - "op.acc.6.r1.gcp.ip.1" - ], - "PCI-4.0": [ - "10.3.3.6", - "3.5.1.1.7", - "3.5.1.1.8", - "3.5.1.1.9", - "3.5.1.3.15", - "3.5.1.3.16", - "3.5.1.3.17", - "3.5.1.5", - "3.5.1.15", - "3.5.1.31", - "3.5.1.32", - "3.6.1.2.7", - "3.6.1.2.8", - "3.6.1.2.9", - "3.6.1.3.8", - "3.6.1.3.9", - "3.6.1.4.7", - "3.6.1.4.8", - "3.6.1.4.9", - "3.6.1.7", - "3.6.1.8", - "3.6.1.9", - "3.7.1.9", - "3.7.1.10", - "3.7.2.8", - "3.7.2.9", - "3.7.4.5", - "3.7.4.9", - "3.7.4.10", - "3.7.5.2", - "3.7.6.7", - "3.7.6.8", - "3.7.6.9", - "3.7.7.8", - "3.7.7.9", - "4.2.1.1.20", - "4.2.1.1.21", - "4.2.1.1.22", - "7.2.1.10", - "7.2.2.10", - "7.2.3.5", - "7.2.3.6", - "7.2.5.5", - "7.2.5.6", - "7.3.1.5", - "7.3.1.6", - "7.3.2.6", - "7.3.3.5", - "7.3.3.6", - "8.2.7.5", - "8.2.7.6", - "8.2.8.8", - "8.3.10.1.1", - "8.3.2.9", - "8.3.2.22", - "8.3.2.50", - "8.3.2.51", - "8.3.4.6", - "8.3.5.1", - "8.3.7.1", - "8.3.9.1", - "8.6.3.1", - "A1.2.1.11" - ], - "CIS-2.0": [ - "1.10" - ], - "NIS2": [ - "9.2.c", - "9.2.c.i", - "9.2.c.ii", - "9.2.c.v", - "9.2.c.vi", - "9.2.c.xii", - "11.4.2.c", - "11.6.1", - "11.6.2.c", - "12.2.2.a", - "12.2.2.b" - ], - "ProwlerThreatScore-1.0": [ - "1.2.4" - ], - "CIS-4.0": [ - "1.10" - ], - "CCC": [ - "CCC.GenAI.CN08.AR01", - "CCC.KeyMgmt.CN03.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR01", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.Core.CN13.AR03", - "CCC.Core.CN02.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04", - "CCC.Core.CN11.AR05", - "CCC.Core.CN11.AR06", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure KMS keys are rotated within a period of 90 days", - "title": "Ensure KMS keys are rotated within a period of 90 days", - "types": [], - "uid": "prowler-gcp-kms_key_rotation_enabled-nodal-time-474015-p5-us-central1-cfi-bucket-key-1fba850e" - }, - "resources": [ - { - "region": "us-central1", - "data": { - "details": "", - "metadata": { - "id": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-1fba850e/cryptoKeys/cfi-bucket-key-1fba850e", - "name": "cfi-bucket-key-1fba850e", - "location": "us-central1", - "rotation_period": "2592000s", - "next_rotation_time": "2025-11-15T23:25:31.957183Z", - "key_ring": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-1fba850e", - "members": [], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "cfi-bucket-key-1fba850e", - "type": "CryptoKey", - "uid": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-1fba850e/cryptoKeys/cfi-bucket-key-1fba850e" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-central1" - }, - "remediation": { - "desc": "After a successful key rotation, the older key version is required in order to decrypt the data encrypted by that previous key version.", - "references": [ - "https://cloud.google.com/iam/docs/manage-access-service-accounts" - ] - }, - "risk_details": "Ensure that all your Cloud Key Management Service (KMS) keys are rotated within a period of 90 days in order to meet security and compliance requirements", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Key cfi-bucket-key-4cd10935 is not rotated every 90 days or less and the next rotation time is in more than 90 days.", - "metadata": { - "event_code": "kms_key_rotation_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "Key cfi-bucket-key-4cd10935 is not rotated every 90 days or less and the next rotation time is in more than 90 days.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.10" - ], - "ISO27001-2022": [ - "A.5.16", - "A.8.12", - "A.8.24" - ], - "ENS-RD2022": [ - "op.acc.6.r1.gcp.ip.1" - ], - "PCI-4.0": [ - "10.3.3.6", - "3.5.1.1.7", - "3.5.1.1.8", - "3.5.1.1.9", - "3.5.1.3.15", - "3.5.1.3.16", - "3.5.1.3.17", - "3.5.1.5", - "3.5.1.15", - "3.5.1.31", - "3.5.1.32", - "3.6.1.2.7", - "3.6.1.2.8", - "3.6.1.2.9", - "3.6.1.3.8", - "3.6.1.3.9", - "3.6.1.4.7", - "3.6.1.4.8", - "3.6.1.4.9", - "3.6.1.7", - "3.6.1.8", - "3.6.1.9", - "3.7.1.9", - "3.7.1.10", - "3.7.2.8", - "3.7.2.9", - "3.7.4.5", - "3.7.4.9", - "3.7.4.10", - "3.7.5.2", - "3.7.6.7", - "3.7.6.8", - "3.7.6.9", - "3.7.7.8", - "3.7.7.9", - "4.2.1.1.20", - "4.2.1.1.21", - "4.2.1.1.22", - "7.2.1.10", - "7.2.2.10", - "7.2.3.5", - "7.2.3.6", - "7.2.5.5", - "7.2.5.6", - "7.3.1.5", - "7.3.1.6", - "7.3.2.6", - "7.3.3.5", - "7.3.3.6", - "8.2.7.5", - "8.2.7.6", - "8.2.8.8", - "8.3.10.1.1", - "8.3.2.9", - "8.3.2.22", - "8.3.2.50", - "8.3.2.51", - "8.3.4.6", - "8.3.5.1", - "8.3.7.1", - "8.3.9.1", - "8.6.3.1", - "A1.2.1.11" - ], - "CIS-2.0": [ - "1.10" - ], - "NIS2": [ - "9.2.c", - "9.2.c.i", - "9.2.c.ii", - "9.2.c.v", - "9.2.c.vi", - "9.2.c.xii", - "11.4.2.c", - "11.6.1", - "11.6.2.c", - "12.2.2.a", - "12.2.2.b" - ], - "ProwlerThreatScore-1.0": [ - "1.2.4" - ], - "CIS-4.0": [ - "1.10" - ], - "CCC": [ - "CCC.GenAI.CN08.AR01", - "CCC.KeyMgmt.CN03.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR01", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.Core.CN13.AR03", - "CCC.Core.CN02.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04", - "CCC.Core.CN11.AR05", - "CCC.Core.CN11.AR06", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure KMS keys are rotated within a period of 90 days", - "title": "Ensure KMS keys are rotated within a period of 90 days", - "types": [], - "uid": "prowler-gcp-kms_key_rotation_enabled-nodal-time-474015-p5-us-central1-cfi-bucket-key-4cd10935" - }, - "resources": [ - { - "region": "us-central1", - "data": { - "details": "", - "metadata": { - "id": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-4cd10935/cryptoKeys/cfi-bucket-key-4cd10935", - "name": "cfi-bucket-key-4cd10935", - "location": "us-central1", - "rotation_period": null, - "next_rotation_time": null, - "key_ring": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-4cd10935", - "members": [], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "cfi-bucket-key-4cd10935", - "type": "CryptoKey", - "uid": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-4cd10935/cryptoKeys/cfi-bucket-key-4cd10935" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-central1" - }, - "remediation": { - "desc": "After a successful key rotation, the older key version is required in order to decrypt the data encrypted by that previous key version.", - "references": [ - "https://cloud.google.com/iam/docs/manage-access-service-accounts" - ] - }, - "risk_details": "Ensure that all your Cloud Key Management Service (KMS) keys are rotated within a period of 90 days in order to meet security and compliance requirements", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Key cfi-bucket-key-7a427af0 is rotated every 90 days or less and the next rotation time is in less than 90 days.", - "metadata": { - "event_code": "kms_key_rotation_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "PASS", - "status_detail": "Key cfi-bucket-key-7a427af0 is rotated every 90 days or less and the next rotation time is in less than 90 days.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.10" - ], - "ISO27001-2022": [ - "A.5.16", - "A.8.12", - "A.8.24" - ], - "ENS-RD2022": [ - "op.acc.6.r1.gcp.ip.1" - ], - "PCI-4.0": [ - "10.3.3.6", - "3.5.1.1.7", - "3.5.1.1.8", - "3.5.1.1.9", - "3.5.1.3.15", - "3.5.1.3.16", - "3.5.1.3.17", - "3.5.1.5", - "3.5.1.15", - "3.5.1.31", - "3.5.1.32", - "3.6.1.2.7", - "3.6.1.2.8", - "3.6.1.2.9", - "3.6.1.3.8", - "3.6.1.3.9", - "3.6.1.4.7", - "3.6.1.4.8", - "3.6.1.4.9", - "3.6.1.7", - "3.6.1.8", - "3.6.1.9", - "3.7.1.9", - "3.7.1.10", - "3.7.2.8", - "3.7.2.9", - "3.7.4.5", - "3.7.4.9", - "3.7.4.10", - "3.7.5.2", - "3.7.6.7", - "3.7.6.8", - "3.7.6.9", - "3.7.7.8", - "3.7.7.9", - "4.2.1.1.20", - "4.2.1.1.21", - "4.2.1.1.22", - "7.2.1.10", - "7.2.2.10", - "7.2.3.5", - "7.2.3.6", - "7.2.5.5", - "7.2.5.6", - "7.3.1.5", - "7.3.1.6", - "7.3.2.6", - "7.3.3.5", - "7.3.3.6", - "8.2.7.5", - "8.2.7.6", - "8.2.8.8", - "8.3.10.1.1", - "8.3.2.9", - "8.3.2.22", - "8.3.2.50", - "8.3.2.51", - "8.3.4.6", - "8.3.5.1", - "8.3.7.1", - "8.3.9.1", - "8.6.3.1", - "A1.2.1.11" - ], - "CIS-2.0": [ - "1.10" - ], - "NIS2": [ - "9.2.c", - "9.2.c.i", - "9.2.c.ii", - "9.2.c.v", - "9.2.c.vi", - "9.2.c.xii", - "11.4.2.c", - "11.6.1", - "11.6.2.c", - "12.2.2.a", - "12.2.2.b" - ], - "ProwlerThreatScore-1.0": [ - "1.2.4" - ], - "CIS-4.0": [ - "1.10" - ], - "CCC": [ - "CCC.GenAI.CN08.AR01", - "CCC.KeyMgmt.CN03.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR01", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.Core.CN13.AR03", - "CCC.Core.CN02.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04", - "CCC.Core.CN11.AR05", - "CCC.Core.CN11.AR06", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure KMS keys are rotated within a period of 90 days", - "title": "Ensure KMS keys are rotated within a period of 90 days", - "types": [], - "uid": "prowler-gcp-kms_key_rotation_enabled-nodal-time-474015-p5-us-central1-cfi-bucket-key-7a427af0" - }, - "resources": [ - { - "region": "us-central1", - "data": { - "details": "", - "metadata": { - "id": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-7a427af0/cryptoKeys/cfi-bucket-key-7a427af0", - "name": "cfi-bucket-key-7a427af0", - "location": "us-central1", - "rotation_period": "2592000s", - "next_rotation_time": "2025-11-16T15:28:10.344444Z", - "key_ring": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-7a427af0", - "members": [], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "cfi-bucket-key-7a427af0", - "type": "CryptoKey", - "uid": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-7a427af0/cryptoKeys/cfi-bucket-key-7a427af0" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-central1" - }, - "remediation": { - "desc": "After a successful key rotation, the older key version is required in order to decrypt the data encrypted by that previous key version.", - "references": [ - "https://cloud.google.com/iam/docs/manage-access-service-accounts" - ] - }, - "risk_details": "Ensure that all your Cloud Key Management Service (KMS) keys are rotated within a period of 90 days in order to meet security and compliance requirements", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Key cfi-bucket-key-a03be2ac is not rotated every 90 days or less and the next rotation time is in more than 90 days.", - "metadata": { - "event_code": "kms_key_rotation_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "Key cfi-bucket-key-a03be2ac is not rotated every 90 days or less and the next rotation time is in more than 90 days.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.10" - ], - "ISO27001-2022": [ - "A.5.16", - "A.8.12", - "A.8.24" - ], - "ENS-RD2022": [ - "op.acc.6.r1.gcp.ip.1" - ], - "PCI-4.0": [ - "10.3.3.6", - "3.5.1.1.7", - "3.5.1.1.8", - "3.5.1.1.9", - "3.5.1.3.15", - "3.5.1.3.16", - "3.5.1.3.17", - "3.5.1.5", - "3.5.1.15", - "3.5.1.31", - "3.5.1.32", - "3.6.1.2.7", - "3.6.1.2.8", - "3.6.1.2.9", - "3.6.1.3.8", - "3.6.1.3.9", - "3.6.1.4.7", - "3.6.1.4.8", - "3.6.1.4.9", - "3.6.1.7", - "3.6.1.8", - "3.6.1.9", - "3.7.1.9", - "3.7.1.10", - "3.7.2.8", - "3.7.2.9", - "3.7.4.5", - "3.7.4.9", - "3.7.4.10", - "3.7.5.2", - "3.7.6.7", - "3.7.6.8", - "3.7.6.9", - "3.7.7.8", - "3.7.7.9", - "4.2.1.1.20", - "4.2.1.1.21", - "4.2.1.1.22", - "7.2.1.10", - "7.2.2.10", - "7.2.3.5", - "7.2.3.6", - "7.2.5.5", - "7.2.5.6", - "7.3.1.5", - "7.3.1.6", - "7.3.2.6", - "7.3.3.5", - "7.3.3.6", - "8.2.7.5", - "8.2.7.6", - "8.2.8.8", - "8.3.10.1.1", - "8.3.2.9", - "8.3.2.22", - "8.3.2.50", - "8.3.2.51", - "8.3.4.6", - "8.3.5.1", - "8.3.7.1", - "8.3.9.1", - "8.6.3.1", - "A1.2.1.11" - ], - "CIS-2.0": [ - "1.10" - ], - "NIS2": [ - "9.2.c", - "9.2.c.i", - "9.2.c.ii", - "9.2.c.v", - "9.2.c.vi", - "9.2.c.xii", - "11.4.2.c", - "11.6.1", - "11.6.2.c", - "12.2.2.a", - "12.2.2.b" - ], - "ProwlerThreatScore-1.0": [ - "1.2.4" - ], - "CIS-4.0": [ - "1.10" - ], - "CCC": [ - "CCC.GenAI.CN08.AR01", - "CCC.KeyMgmt.CN03.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR01", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.Core.CN13.AR03", - "CCC.Core.CN02.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04", - "CCC.Core.CN11.AR05", - "CCC.Core.CN11.AR06", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure KMS keys are rotated within a period of 90 days", - "title": "Ensure KMS keys are rotated within a period of 90 days", - "types": [], - "uid": "prowler-gcp-kms_key_rotation_enabled-nodal-time-474015-p5-us-central1-cfi-bucket-key-a03be2ac" - }, - "resources": [ - { - "region": "us-central1", - "data": { - "details": "", - "metadata": { - "id": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-a03be2ac/cryptoKeys/cfi-bucket-key-a03be2ac", - "name": "cfi-bucket-key-a03be2ac", - "location": "us-central1", - "rotation_period": null, - "next_rotation_time": null, - "key_ring": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-a03be2ac", - "members": [], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "cfi-bucket-key-a03be2ac", - "type": "CryptoKey", - "uid": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-a03be2ac/cryptoKeys/cfi-bucket-key-a03be2ac" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-central1" - }, - "remediation": { - "desc": "After a successful key rotation, the older key version is required in order to decrypt the data encrypted by that previous key version.", - "references": [ - "https://cloud.google.com/iam/docs/manage-access-service-accounts" - ] - }, - "risk_details": "Ensure that all your Cloud Key Management Service (KMS) keys are rotated within a period of 90 days in order to meet security and compliance requirements", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Key cfi-bucket-key-a1aaa547 is rotated every 90 days or less and the next rotation time is in less than 90 days.", - "metadata": { - "event_code": "kms_key_rotation_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "PASS", - "status_detail": "Key cfi-bucket-key-a1aaa547 is rotated every 90 days or less and the next rotation time is in less than 90 days.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.10" - ], - "ISO27001-2022": [ - "A.5.16", - "A.8.12", - "A.8.24" - ], - "ENS-RD2022": [ - "op.acc.6.r1.gcp.ip.1" - ], - "PCI-4.0": [ - "10.3.3.6", - "3.5.1.1.7", - "3.5.1.1.8", - "3.5.1.1.9", - "3.5.1.3.15", - "3.5.1.3.16", - "3.5.1.3.17", - "3.5.1.5", - "3.5.1.15", - "3.5.1.31", - "3.5.1.32", - "3.6.1.2.7", - "3.6.1.2.8", - "3.6.1.2.9", - "3.6.1.3.8", - "3.6.1.3.9", - "3.6.1.4.7", - "3.6.1.4.8", - "3.6.1.4.9", - "3.6.1.7", - "3.6.1.8", - "3.6.1.9", - "3.7.1.9", - "3.7.1.10", - "3.7.2.8", - "3.7.2.9", - "3.7.4.5", - "3.7.4.9", - "3.7.4.10", - "3.7.5.2", - "3.7.6.7", - "3.7.6.8", - "3.7.6.9", - "3.7.7.8", - "3.7.7.9", - "4.2.1.1.20", - "4.2.1.1.21", - "4.2.1.1.22", - "7.2.1.10", - "7.2.2.10", - "7.2.3.5", - "7.2.3.6", - "7.2.5.5", - "7.2.5.6", - "7.3.1.5", - "7.3.1.6", - "7.3.2.6", - "7.3.3.5", - "7.3.3.6", - "8.2.7.5", - "8.2.7.6", - "8.2.8.8", - "8.3.10.1.1", - "8.3.2.9", - "8.3.2.22", - "8.3.2.50", - "8.3.2.51", - "8.3.4.6", - "8.3.5.1", - "8.3.7.1", - "8.3.9.1", - "8.6.3.1", - "A1.2.1.11" - ], - "CIS-2.0": [ - "1.10" - ], - "NIS2": [ - "9.2.c", - "9.2.c.i", - "9.2.c.ii", - "9.2.c.v", - "9.2.c.vi", - "9.2.c.xii", - "11.4.2.c", - "11.6.1", - "11.6.2.c", - "12.2.2.a", - "12.2.2.b" - ], - "ProwlerThreatScore-1.0": [ - "1.2.4" - ], - "CIS-4.0": [ - "1.10" - ], - "CCC": [ - "CCC.GenAI.CN08.AR01", - "CCC.KeyMgmt.CN03.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR01", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.Core.CN13.AR03", - "CCC.Core.CN02.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04", - "CCC.Core.CN11.AR05", - "CCC.Core.CN11.AR06", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure KMS keys are rotated within a period of 90 days", - "title": "Ensure KMS keys are rotated within a period of 90 days", - "types": [], - "uid": "prowler-gcp-kms_key_rotation_enabled-nodal-time-474015-p5-us-central1-cfi-bucket-key-a1aaa547" - }, - "resources": [ - { - "region": "us-central1", - "data": { - "details": "", - "metadata": { - "id": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-a1aaa547/cryptoKeys/cfi-bucket-key-a1aaa547", - "name": "cfi-bucket-key-a1aaa547", - "location": "us-central1", - "rotation_period": "2592000s", - "next_rotation_time": "2025-11-16T00:25:56.259471Z", - "key_ring": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-a1aaa547", - "members": [], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "cfi-bucket-key-a1aaa547", - "type": "CryptoKey", - "uid": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-a1aaa547/cryptoKeys/cfi-bucket-key-a1aaa547" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-central1" - }, - "remediation": { - "desc": "After a successful key rotation, the older key version is required in order to decrypt the data encrypted by that previous key version.", - "references": [ - "https://cloud.google.com/iam/docs/manage-access-service-accounts" - ] - }, - "risk_details": "Ensure that all your Cloud Key Management Service (KMS) keys are rotated within a period of 90 days in order to meet security and compliance requirements", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Key cfi-bucket-key-e7619e1f is not rotated every 90 days or less and the next rotation time is in more than 90 days.", - "metadata": { - "event_code": "kms_key_rotation_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "Key cfi-bucket-key-e7619e1f is not rotated every 90 days or less and the next rotation time is in more than 90 days.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.10" - ], - "ISO27001-2022": [ - "A.5.16", - "A.8.12", - "A.8.24" - ], - "ENS-RD2022": [ - "op.acc.6.r1.gcp.ip.1" - ], - "PCI-4.0": [ - "10.3.3.6", - "3.5.1.1.7", - "3.5.1.1.8", - "3.5.1.1.9", - "3.5.1.3.15", - "3.5.1.3.16", - "3.5.1.3.17", - "3.5.1.5", - "3.5.1.15", - "3.5.1.31", - "3.5.1.32", - "3.6.1.2.7", - "3.6.1.2.8", - "3.6.1.2.9", - "3.6.1.3.8", - "3.6.1.3.9", - "3.6.1.4.7", - "3.6.1.4.8", - "3.6.1.4.9", - "3.6.1.7", - "3.6.1.8", - "3.6.1.9", - "3.7.1.9", - "3.7.1.10", - "3.7.2.8", - "3.7.2.9", - "3.7.4.5", - "3.7.4.9", - "3.7.4.10", - "3.7.5.2", - "3.7.6.7", - "3.7.6.8", - "3.7.6.9", - "3.7.7.8", - "3.7.7.9", - "4.2.1.1.20", - "4.2.1.1.21", - "4.2.1.1.22", - "7.2.1.10", - "7.2.2.10", - "7.2.3.5", - "7.2.3.6", - "7.2.5.5", - "7.2.5.6", - "7.3.1.5", - "7.3.1.6", - "7.3.2.6", - "7.3.3.5", - "7.3.3.6", - "8.2.7.5", - "8.2.7.6", - "8.2.8.8", - "8.3.10.1.1", - "8.3.2.9", - "8.3.2.22", - "8.3.2.50", - "8.3.2.51", - "8.3.4.6", - "8.3.5.1", - "8.3.7.1", - "8.3.9.1", - "8.6.3.1", - "A1.2.1.11" - ], - "CIS-2.0": [ - "1.10" - ], - "NIS2": [ - "9.2.c", - "9.2.c.i", - "9.2.c.ii", - "9.2.c.v", - "9.2.c.vi", - "9.2.c.xii", - "11.4.2.c", - "11.6.1", - "11.6.2.c", - "12.2.2.a", - "12.2.2.b" - ], - "ProwlerThreatScore-1.0": [ - "1.2.4" - ], - "CIS-4.0": [ - "1.10" - ], - "CCC": [ - "CCC.GenAI.CN08.AR01", - "CCC.KeyMgmt.CN03.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR01", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.Core.CN13.AR03", - "CCC.Core.CN02.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04", - "CCC.Core.CN11.AR05", - "CCC.Core.CN11.AR06", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure KMS keys are rotated within a period of 90 days", - "title": "Ensure KMS keys are rotated within a period of 90 days", - "types": [], - "uid": "prowler-gcp-kms_key_rotation_enabled-nodal-time-474015-p5-us-central1-cfi-bucket-key-e7619e1f" - }, - "resources": [ - { - "region": "us-central1", - "data": { - "details": "", - "metadata": { - "id": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-e7619e1f/cryptoKeys/cfi-bucket-key-e7619e1f", - "name": "cfi-bucket-key-e7619e1f", - "location": "us-central1", - "rotation_period": null, - "next_rotation_time": null, - "key_ring": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-e7619e1f", - "members": [], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "cfi-bucket-key-e7619e1f", - "type": "CryptoKey", - "uid": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-e7619e1f/cryptoKeys/cfi-bucket-key-e7619e1f" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-central1" - }, - "remediation": { - "desc": "After a successful key rotation, the older key version is required in order to decrypt the data encrypted by that previous key version.", - "references": [ - "https://cloud.google.com/iam/docs/manage-access-service-accounts" - ] - }, - "risk_details": "Ensure that all your Cloud Key Management Service (KMS) keys are rotated within a period of 90 days in order to meet security and compliance requirements", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Key cfi-bucket-key-f5bc86ea is not rotated every 90 days or less and the next rotation time is in more than 90 days.", - "metadata": { - "event_code": "kms_key_rotation_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "Key cfi-bucket-key-f5bc86ea is not rotated every 90 days or less and the next rotation time is in more than 90 days.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.10" - ], - "ISO27001-2022": [ - "A.5.16", - "A.8.12", - "A.8.24" - ], - "ENS-RD2022": [ - "op.acc.6.r1.gcp.ip.1" - ], - "PCI-4.0": [ - "10.3.3.6", - "3.5.1.1.7", - "3.5.1.1.8", - "3.5.1.1.9", - "3.5.1.3.15", - "3.5.1.3.16", - "3.5.1.3.17", - "3.5.1.5", - "3.5.1.15", - "3.5.1.31", - "3.5.1.32", - "3.6.1.2.7", - "3.6.1.2.8", - "3.6.1.2.9", - "3.6.1.3.8", - "3.6.1.3.9", - "3.6.1.4.7", - "3.6.1.4.8", - "3.6.1.4.9", - "3.6.1.7", - "3.6.1.8", - "3.6.1.9", - "3.7.1.9", - "3.7.1.10", - "3.7.2.8", - "3.7.2.9", - "3.7.4.5", - "3.7.4.9", - "3.7.4.10", - "3.7.5.2", - "3.7.6.7", - "3.7.6.8", - "3.7.6.9", - "3.7.7.8", - "3.7.7.9", - "4.2.1.1.20", - "4.2.1.1.21", - "4.2.1.1.22", - "7.2.1.10", - "7.2.2.10", - "7.2.3.5", - "7.2.3.6", - "7.2.5.5", - "7.2.5.6", - "7.3.1.5", - "7.3.1.6", - "7.3.2.6", - "7.3.3.5", - "7.3.3.6", - "8.2.7.5", - "8.2.7.6", - "8.2.8.8", - "8.3.10.1.1", - "8.3.2.9", - "8.3.2.22", - "8.3.2.50", - "8.3.2.51", - "8.3.4.6", - "8.3.5.1", - "8.3.7.1", - "8.3.9.1", - "8.6.3.1", - "A1.2.1.11" - ], - "CIS-2.0": [ - "1.10" - ], - "NIS2": [ - "9.2.c", - "9.2.c.i", - "9.2.c.ii", - "9.2.c.v", - "9.2.c.vi", - "9.2.c.xii", - "11.4.2.c", - "11.6.1", - "11.6.2.c", - "12.2.2.a", - "12.2.2.b" - ], - "ProwlerThreatScore-1.0": [ - "1.2.4" - ], - "CIS-4.0": [ - "1.10" - ], - "CCC": [ - "CCC.GenAI.CN08.AR01", - "CCC.KeyMgmt.CN03.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR01", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.Core.CN13.AR03", - "CCC.Core.CN02.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04", - "CCC.Core.CN11.AR05", - "CCC.Core.CN11.AR06", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure KMS keys are rotated within a period of 90 days", - "title": "Ensure KMS keys are rotated within a period of 90 days", - "types": [], - "uid": "prowler-gcp-kms_key_rotation_enabled-nodal-time-474015-p5-us-central1-cfi-bucket-key-f5bc86ea" - }, - "resources": [ - { - "region": "us-central1", - "data": { - "details": "", - "metadata": { - "id": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-f5bc86ea/cryptoKeys/cfi-bucket-key-f5bc86ea", - "name": "cfi-bucket-key-f5bc86ea", - "location": "us-central1", - "rotation_period": null, - "next_rotation_time": null, - "key_ring": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-f5bc86ea", - "members": [], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "cfi-bucket-key-f5bc86ea", - "type": "CryptoKey", - "uid": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-f5bc86ea/cryptoKeys/cfi-bucket-key-f5bc86ea" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-central1" - }, - "remediation": { - "desc": "After a successful key rotation, the older key version is required in order to decrypt the data encrypted by that previous key version.", - "references": [ - "https://cloud.google.com/iam/docs/manage-access-service-accounts" - ] - }, - "risk_details": "Ensure that all your Cloud Key Management Service (KMS) keys are rotated within a period of 90 days in order to meet security and compliance requirements", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There are no log metric filters or alerts associated in project nodal-time-474015-p5.", - "metadata": { - "event_code": "logging_log_metric_filter_and_alert_for_audit_configuration_changes_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "There are no log metric filters or alerts associated in project nodal-time-474015-p5.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "2.5" - ], - "SOC2": [ - "cc_2_1", - "cc_5_2", - "cc_7_2", - "cc_7_3", - "cc_7_4", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "ENS-RD2022": [ - "op.exp.1.r2.gcp.cai.1", - "op.exp.4.r4.gcp.log.1", - "op.mon.3.r6.gcp.scc.1" - ], - "PCI-4.0": [ - "10.2.1.1.7", - "10.2.1.1.10", - "10.2.1.1.20", - "10.2.1.1.36", - "10.2.1.2.7", - "10.2.1.2.8", - "10.2.1.3.7", - "10.2.1.3.8", - "10.2.1.3.17", - "10.2.1.4.7", - "10.2.1.4.8", - "10.2.1.5.7", - "10.2.1.6.7", - "10.2.1.7.7", - "10.2.1.7", - "10.2.1.17", - "10.2.1.18", - "10.2.2.7", - "10.2.2.8", - "10.2.2.15", - "10.2.2.18", - "10.3.1.7", - "10.3.1.8", - "10.3.2.2", - "10.3.3.4", - "10.3.4.3", - "10.3.4.6", - "10.5.1.3", - "10.6.3.7", - "10.6.3.10", - "10.6.3.22", - "10.6.3.24", - "10.6.3.41", - "11.5.2.4", - "11.6.1.4", - "12.10.5.3", - "12.10.5.4", - "5.3.4.8", - "5.3.4.20", - "5.3.4.21", - "A1.2.1.7", - "A1.2.1.8", - "A1.2.1.12", - "A3.3.1.6", - "A3.5.1.6" - ], - "MITRE-ATTACK": [ - "T1485", - "T1499", - "T1496" - ], - "CIS-2.0": [ - "2.5" - ], - "NIS2": [ - "1.1.2", - "2.1.2.h", - "2.2.1", - "3.2.1", - "3.2.3.b", - "3.2.3.f", - "3.2.4", - "3.4.1", - "3.6.2", - "6.4.1", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "1.3.5" - ], - "CIS-4.0": [ - "2.5" - ], - "CCC": [ - "CCC.AuditLog.CN01.AR01", - "CCC.AuditLog.CN01.AR02", - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN03.AR02", - "CCC.DataWar.CN03.AR01", - "CCC.GenAI.CN03.AR01", - "CCC.LB.CN01.AR01", - "CCC.LB.CN05.AR01", - "CCC.LB.CN09.AR01", - "CCC.Logging.CN06.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Monitor.CN02.AR01", - "CCC.Monitor.CN05.AR01", - "CCC.Vector.CN05.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR02", - "CCC.Core.CN04.AR03", - "CCC.Core.CN07.AR01", - "CCC.Core.CN07.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure That the Log Metric Filter and Alerts Exist for Audit Configuration Changes.", - "title": "Ensure That the Log Metric Filter and Alerts Exist for Audit Configuration Changes.", - "types": [], - "uid": "prowler-gcp-logging_log_metric_filter_and_alert_for_audit_configuration_changes_enabled-nodal-time-474015-p5-global-My First Project" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "number": 784623368087, - "id": "nodal-time-474015-p5", - "name": "My First Project", - "organization": null, - "labels": {}, - "lifecycle_state": "ACTIVE" - } - }, - "group": { - "name": "logging" - }, - "labels": [], - "name": "My First Project", - "type": "MetricFilter", - "uid": "nodal-time-474015-p5" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "By using Google Cloud alerting policies to detect audit configuration changes, you make sure that the recommended state of audit configuration is well maintained so that all the activities performed within your GCP project are available for security analysis and auditing at any point in time.", - "references": [ - "https://cloud.google.com/monitoring/alerts" - ] - }, - "risk_details": "Admin Activity audit logs and Data Access audit logs produced by the Google Cloud Audit Logs service can be extremely useful for security analysis, resource change tracking, and compliance auditing.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There are no log metric filters or alerts associated in project nodal-time-474015-p5.", - "metadata": { - "event_code": "logging_log_metric_filter_and_alert_for_bucket_permission_changes_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "There are no log metric filters or alerts associated in project nodal-time-474015-p5.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "2.10" - ], - "SOC2": [ - "cc_2_1", - "cc_3_3", - "cc_5_2", - "cc_7_2", - "cc_7_3", - "cc_7_4", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "ENS-RD2022": [ - "op.exp.1.r2.gcp.cai.1" - ], - "PCI-4.0": [ - "10.2.1.1.7", - "10.2.1.1.9", - "10.2.1.1.30", - "10.2.1.2.7", - "10.2.1.2.27", - "10.2.1.3.7", - "10.2.1.4.27", - "10.2.1.5.7", - "10.2.1.5.27", - "10.2.1.6.7", - "10.2.1.6.27", - "10.2.1.7.7", - "10.2.1.7.27", - "10.2.1.7", - "10.2.1.27", - "10.2.2.7", - "10.2.2.27", - "10.3.1.7", - "10.3.1.27", - "10.4.1.1.2", - "10.4.1.2", - "10.4.2.3", - "10.6.3.7", - "10.6.3.9", - "10.6.3.34", - "10.6.3.41", - "10.7.1.4", - "10.7.2.4", - "11.5.2.5", - "12.10.5.3", - "5.3.4.7", - "5.3.4.32", - "7.2.2.2", - "A1.2.1.7", - "A1.2.1.32", - "A3.3.1.4", - "A3.5.1.4" - ], - "MITRE-ATTACK": [ - "T1485", - "T1499", - "T1496" - ], - "CIS-2.0": [ - "2.10" - ], - "NIS2": [ - "1.1.2", - "2.1.2.h", - "2.2.1", - "3.2.1", - "3.2.3.b", - "3.2.3.f", - "3.2.4", - "3.4.1", - "3.6.2", - "6.2.2.b", - "6.4.1", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.5" - ], - "CIS-4.0": [ - "2.10" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.Logging.CN06.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Monitor.CN02.AR01", - "CCC.Monitor.CN05.AR01", - "CCC.Vector.CN05.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR02", - "CCC.Core.CN04.AR03", - "CCC.Core.CN07.AR01", - "CCC.Core.CN07.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure That the Log Metric Filter and Alerts Exist for Cloud Storage IAM Permission Changes.", - "title": "Ensure That the Log Metric Filter and Alerts Exist for Cloud Storage IAM Permission Changes.", - "types": [], - "uid": "prowler-gcp-logging_log_metric_filter_and_alert_for_bucket_permission_changes_enabled-nodal-time-474015-p5-global-My First Project" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "number": 784623368087, - "id": "nodal-time-474015-p5", - "name": "My First Project", - "organization": null, - "labels": {}, - "lifecycle_state": "ACTIVE" - } - }, - "group": { - "name": "logging" - }, - "labels": [], - "name": "My First Project", - "type": "MetricFilter", - "uid": "nodal-time-474015-p5" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended that a metric filter and alarm be established for Cloud Storage Bucket IAM changes.", - "references": [ - "https://cloud.google.com/monitoring/alerts" - ] - }, - "risk_details": "Monitoring changes to cloud storage bucket permissions may reduce the time needed to detect and correct permissions on sensitive cloud storage buckets and objects inside the bucket.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There are no log metric filters or alerts associated in project nodal-time-474015-p5.", - "metadata": { - "event_code": "logging_log_metric_filter_and_alert_for_custom_role_changes_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "There are no log metric filters or alerts associated in project nodal-time-474015-p5.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "2.6" - ], - "SOC2": [ - "cc_2_1", - "cc_5_2", - "cc_7_2", - "cc_7_3", - "cc_7_4", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "ENS-RD2022": [ - "opc.acc.1.r1.gcp.iam.2" - ], - "PCI-4.0": [ - "7.3.1.12", - "7.3.2.13" - ], - "MITRE-ATTACK": [ - "T1485", - "T1499", - "T1496" - ], - "CIS-2.0": [ - "2.6" - ], - "NIS2": [ - "1.1.2", - "2.1.2.h", - "2.2.1", - "3.2.1", - "3.2.3.b", - "3.2.3.d", - "3.2.3.f", - "3.2.4", - "3.4.1", - "3.6.2", - "6.4.1", - "7.2.b", - "11.2.2.e", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "1.3.6" - ], - "CIS-4.0": [ - "2.6" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.LB.CN05.AR01", - "CCC.LB.CN09.AR01", - "CCC.Logging.CN06.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Monitor.CN02.AR01", - "CCC.Monitor.CN05.AR01", - "CCC.Vector.CN05.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR02", - "CCC.Core.CN04.AR03", - "CCC.Core.CN07.AR01", - "CCC.Core.CN07.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure That the Log Metric Filter and Alerts Exist for Custom Role Changes.", - "title": "Ensure That the Log Metric Filter and Alerts Exist for Custom Role Changes.", - "types": [], - "uid": "prowler-gcp-logging_log_metric_filter_and_alert_for_custom_role_changes_enabled-nodal-time-474015-p5-global-My First Project" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "number": 784623368087, - "id": "nodal-time-474015-p5", - "name": "My First Project", - "organization": null, - "labels": {}, - "lifecycle_state": "ACTIVE" - } - }, - "group": { - "name": "logging" - }, - "labels": [], - "name": "My First Project", - "type": "MetricFilter", - "uid": "nodal-time-474015-p5" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended that a metric filter and alarm be established for changes to Identity and Access Management (IAM) role creation, deletion and updating activities.", - "references": [ - "https://cloud.google.com/monitoring/alerts" - ] - }, - "risk_details": "Google Cloud IAM provides predefined roles that give granular access to specific Google Cloud Platform resources and prevent unwanted access to other resources.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There are no log metric filters or alerts associated in project nodal-time-474015-p5.", - "metadata": { - "event_code": "logging_log_metric_filter_and_alert_for_project_ownership_changes_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "There are no log metric filters or alerts associated in project nodal-time-474015-p5.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "2.4" - ], - "SOC2": [ - "cc_2_1", - "cc_3_3", - "cc_5_2", - "cc_7_2", - "cc_7_3", - "cc_7_4", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "ENS-RD2022": [ - "opc.acc.1.r1.gcp.iam.2", - "op.acc.3.r1.gcp.iam.1" - ], - "MITRE-ATTACK": [ - "T1485", - "T1499", - "T1496" - ], - "CIS-2.0": [ - "2.4" - ], - "NIS2": [ - "1.1.2", - "2.1.2.h", - "2.2.1", - "3.2.1", - "3.2.3.b", - "3.2.3.f", - "3.2.4", - "3.4.1", - "3.6.2", - "6.4.1", - "7.2.b", - "11.2.2.e", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "1.3.4" - ], - "CIS-4.0": [ - "2.4" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.LB.CN05.AR01", - "CCC.Logging.CN06.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Monitor.CN02.AR01", - "CCC.Monitor.CN05.AR01", - "CCC.Vector.CN05.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR02", - "CCC.Core.CN04.AR03", - "CCC.Core.CN07.AR01", - "CCC.Core.CN07.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure Log Metric Filter and Alerts Exist for Project Ownership Assignments/Changes.", - "title": "Ensure Log Metric Filter and Alerts Exist for Project Ownership Assignments/Changes.", - "types": [], - "uid": "prowler-gcp-logging_log_metric_filter_and_alert_for_project_ownership_changes_enabled-nodal-time-474015-p5-global-My First Project" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "number": 784623368087, - "id": "nodal-time-474015-p5", - "name": "My First Project", - "organization": null, - "labels": {}, - "lifecycle_state": "ACTIVE" - } - }, - "group": { - "name": "logging" - }, - "labels": [], - "name": "My First Project", - "type": "MetricFilter", - "uid": "nodal-time-474015-p5" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "Using Google Cloud alerting policies to detect ownership assignments/changes will help you maintain the right access permissions for each IAM member created within your project, follow the security principle of least privilege, and prevent any accidental or intentional changes that may lead to unauthorized actions.", - "references": [ - "https://cloud.google.com/monitoring/alerts" - ] - }, - "risk_details": "Project ownership has the highest level of privileges on a GCP project. These privileges include viewer permissions on all GCP services inside the project, permission to modify the state of all GCP services within the project, set up billing and manage roles and permissions for the project and all the resources inside the project.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There are no log metric filters or alerts associated in project nodal-time-474015-p5.", - "metadata": { - "event_code": "logging_log_metric_filter_and_alert_for_sql_instance_configuration_changes_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "There are no log metric filters or alerts associated in project nodal-time-474015-p5.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "2.11" - ], - "SOC2": [ - "cc_2_1", - "cc_3_3", - "cc_5_2", - "cc_7_2", - "cc_7_3", - "cc_7_4", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "ENS-RD2022": [ - "mp.s.4.r1.gcp.app.1" - ], - "PCI-4.0": [ - "10.2.1.1.9", - "10.2.1.3.22", - "10.2.2.22", - "10.4.2.3", - "10.7.1.4", - "A3.3.1.4" - ], - "MITRE-ATTACK": [ - "T1485", - "T1499", - "T1496" - ], - "CIS-2.0": [ - "2.11" - ], - "NIS2": [ - "1.1.2", - "2.1.2.h", - "2.2.1", - "3.2.1", - "3.2.3.b", - "3.2.3.f", - "3.2.4", - "3.4.1", - "3.6.2", - "6.4.1", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.6" - ], - "CIS-4.0": [ - "2.11" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.LB.CN09.AR01", - "CCC.Logging.CN06.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Monitor.CN02.AR01", - "CCC.Monitor.CN05.AR01", - "CCC.Vector.CN05.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR02", - "CCC.Core.CN04.AR03", - "CCC.Core.CN07.AR01", - "CCC.Core.CN07.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure That the Log Metric Filter and Alerts Exist for SQL Instance Configuration Changes.", - "title": "Ensure That the Log Metric Filter and Alerts Exist for SQL Instance Configuration Changes.", - "types": [], - "uid": "prowler-gcp-logging_log_metric_filter_and_alert_for_sql_instance_configuration_changes_enabled-nodal-time-474015-p5-global-My First Project" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "number": 784623368087, - "id": "nodal-time-474015-p5", - "name": "My First Project", - "organization": null, - "labels": {}, - "lifecycle_state": "ACTIVE" - } - }, - "group": { - "name": "logging" - }, - "labels": [], - "name": "My First Project", - "type": "MetricFilter", - "uid": "nodal-time-474015-p5" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended that a metric filter and alarm be established for SQL instance configuration changes.", - "references": [ - "https://cloud.google.com/monitoring/alerts" - ] - }, - "risk_details": "Monitoring changes to SQL instance configuration changes may reduce the time needed to detect and correct misconfigurations done on the SQL server.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There are no log metric filters or alerts associated in project nodal-time-474015-p5.", - "metadata": { - "event_code": "logging_log_metric_filter_and_alert_for_vpc_firewall_rule_changes_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "There are no log metric filters or alerts associated in project nodal-time-474015-p5.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "2.7" - ], - "SOC2": [ - "cc_2_1", - "cc_5_2", - "cc_7_2", - "cc_7_3", - "cc_7_4", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "ENS-RD2022": [ - "op.exp.8.gcp.nt.1", - "op.exp.8.r1.gcp.nt.1" - ], - "PCI-4.0": [ - "1.3.2.27", - "10.2.1.1.9", - "10.2.1.1.24", - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.21", - "10.3.1.29", - "10.4.1.1.7", - "10.4.2.7", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "10.6.3.41", - "10.7.1.4", - "10.7.1.8", - "5.3.4.8", - "5.3.4.24", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "MITRE-ATTACK": [ - "T1485", - "T1499", - "T1496" - ], - "CIS-2.0": [ - "2.7" - ], - "NIS2": [ - "1.1.2", - "2.1.2.g", - "2.1.2.h", - "2.2.1", - "3.2.1", - "3.2.3.b", - "3.2.3.f", - "3.2.3.g", - "3.2.4", - "3.4.1", - "3.6.2", - "6.4.1", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.2" - ], - "CIS-4.0": [ - "2.7" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.LB.CN01.AR01", - "CCC.LB.CN05.AR01", - "CCC.LB.CN09.AR01", - "CCC.Logging.CN06.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Monitor.CN02.AR01", - "CCC.Monitor.CN05.AR01", - "CCC.Vector.CN05.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR02", - "CCC.Core.CN04.AR03", - "CCC.Core.CN07.AR01", - "CCC.Core.CN07.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure That the Log Metric Filter and Alerts Exist for VPC Network Firewall Rule Changes.", - "title": "Ensure That the Log Metric Filter and Alerts Exist for VPC Network Firewall Rule Changes.", - "types": [], - "uid": "prowler-gcp-logging_log_metric_filter_and_alert_for_vpc_firewall_rule_changes_enabled-nodal-time-474015-p5-global-My First Project" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "number": 784623368087, - "id": "nodal-time-474015-p5", - "name": "My First Project", - "organization": null, - "labels": {}, - "lifecycle_state": "ACTIVE" - } - }, - "group": { - "name": "logging" - }, - "labels": [], - "name": "My First Project", - "type": "MetricFilter", - "uid": "nodal-time-474015-p5" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended that a metric filter and alarm be established for Virtual Private Cloud (VPC) Network Firewall rule changes.", - "references": [ - "https://cloud.google.com/monitoring/alerts" - ] - }, - "risk_details": "Monitoring for Create or Update Firewall rule events gives insight to network access changes and may reduce the time it takes to detect suspicious activity.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There are no log metric filters or alerts associated in project nodal-time-474015-p5.", - "metadata": { - "event_code": "logging_log_metric_filter_and_alert_for_vpc_network_changes_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "There are no log metric filters or alerts associated in project nodal-time-474015-p5.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "2.9" - ], - "SOC2": [ - "cc_2_1", - "cc_3_3", - "cc_5_2", - "cc_7_2", - "cc_7_3", - "cc_7_4", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.8.gcp.nt.1", - "op.exp.8.r1.gcp.nt.1", - "mp.com.4.r4.gcp.net.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.34" - ], - "MITRE-ATTACK": [ - "T1485", - "T1499", - "T1496" - ], - "CIS-2.0": [ - "2.9" - ], - "NIS2": [ - "1.1.2", - "2.1.2.e", - "2.1.2.g", - "2.1.2.h", - "2.2.1", - "2.3.1", - "3.2.1", - "3.2.3.b", - "3.2.3.f", - "3.2.4", - "3.4.1", - "3.6.2", - "6.4.1", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.4" - ], - "CIS-4.0": [ - "2.9" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.LB.CN01.AR01", - "CCC.LB.CN04.AR01", - "CCC.LB.CN05.AR01", - "CCC.LB.CN09.AR01", - "CCC.Logging.CN06.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Monitor.CN02.AR01", - "CCC.Monitor.CN05.AR01", - "CCC.Vector.CN05.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR02", - "CCC.Core.CN04.AR03", - "CCC.Core.CN07.AR01", - "CCC.Core.CN07.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure That the Log Metric Filter and Alerts Exist for VPC Network Changes.", - "title": "Ensure That the Log Metric Filter and Alerts Exist for VPC Network Changes.", - "types": [], - "uid": "prowler-gcp-logging_log_metric_filter_and_alert_for_vpc_network_changes_enabled-nodal-time-474015-p5-global-My First Project" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "number": 784623368087, - "id": "nodal-time-474015-p5", - "name": "My First Project", - "organization": null, - "labels": {}, - "lifecycle_state": "ACTIVE" - } - }, - "group": { - "name": "logging" - }, - "labels": [], - "name": "My First Project", - "type": "MetricFilter", - "uid": "nodal-time-474015-p5" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended that a metric filter and alarm be established for Virtual Private Cloud (VPC) network changes.", - "references": [ - "https://cloud.google.com/monitoring/alerts" - ] - }, - "risk_details": "Monitoring changes to a VPC will help ensure VPC traffic flow is not getting impacted.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There are no log metric filters or alerts associated in project nodal-time-474015-p5.", - "metadata": { - "event_code": "logging_log_metric_filter_and_alert_for_vpc_network_route_changes_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "There are no log metric filters or alerts associated in project nodal-time-474015-p5.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "2.8" - ], - "SOC2": [ - "cc_2_1", - "cc_3_3", - "cc_5_2", - "cc_7_2", - "cc_7_3", - "cc_7_4", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.8.gcp.nt.1", - "op.exp.8.r1.gcp.nt.1" - ], - "PCI-4.0": [ - "1.5.1.18", - "10.2.1.5.21", - "10.2.1.21" - ], - "MITRE-ATTACK": [ - "T1485", - "T1499", - "T1496" - ], - "CIS-2.0": [ - "2.8" - ], - "NIS2": [ - "1.1.2", - "2.1.2.e", - "2.1.2.g", - "2.1.2.h", - "2.2.1", - "2.3.1", - "3.2.1", - "3.2.3.b", - "3.2.3.f", - "3.2.4", - "3.4.1", - "3.6.2", - "6.4.1", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.3" - ], - "CIS-4.0": [ - "2.8" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.LB.CN01.AR01", - "CCC.LB.CN04.AR01", - "CCC.LB.CN05.AR01", - "CCC.LB.CN09.AR01", - "CCC.Logging.CN06.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Monitor.CN02.AR01", - "CCC.Monitor.CN05.AR01", - "CCC.Vector.CN05.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR02", - "CCC.Core.CN04.AR03", - "CCC.Core.CN07.AR01", - "CCC.Core.CN07.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure That the Log Metric Filter and Alerts Exist for VPC Network Route Changes.", - "title": "Ensure That the Log Metric Filter and Alerts Exist for VPC Network Route Changes.", - "types": [], - "uid": "prowler-gcp-logging_log_metric_filter_and_alert_for_vpc_network_route_changes_enabled-nodal-time-474015-p5-global-My First Project" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "number": 784623368087, - "id": "nodal-time-474015-p5", - "name": "My First Project", - "organization": null, - "labels": {}, - "lifecycle_state": "ACTIVE" - } - }, - "group": { - "name": "logging" - }, - "labels": [], - "name": "My First Project", - "type": "MetricFilter", - "uid": "nodal-time-474015-p5" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended that a metric filter and alarm be established for Virtual Private Cloud (VPC) network route changes.", - "references": [ - "https://cloud.google.com/monitoring/alerts" - ] - }, - "risk_details": "Monitoring changes to route tables will help ensure that all VPC traffic flows through an expected path.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There are no logging sinks to export copies of all the log entries in project nodal-time-474015-p5.", - "metadata": { - "event_code": "logging_sink_created", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "There are no logging sinks to export copies of all the log entries in project nodal-time-474015-p5.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_2_1", - "cc_5_2", - "cc_7_2", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "ENS-RD2022": [ - "op.exp.8.r5.gcp.cl.1", - "op.ext.3.gcp.log.2" - ], - "PCI-4.0": [ - "10.5.1.3", - "11.5.2.4", - "12.10.5.4", - "A3.3.1.6", - "A3.5.1.6" - ], - "MITRE-ATTACK": [ - "T1562", - "T1049" - ], - "CIS-2.0": [ - "2.2" - ], - "NIS2": [ - "2.1.2.h", - "3.2.1", - "3.2.5", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "CCC": [ - "CCC.AuditLog.CN01.AR01", - "CCC.AuditLog.CN01.AR02", - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN03.AR02", - "CCC.AuditLog.CN04.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.AuditLog.CN06.AR01", - "CCC.AuditLog.CN07.AR01", - "CCC.DataWar.CN03.AR01", - "CCC.GenAI.CN03.AR01", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.LB.CN01.AR01", - "CCC.LB.CN01.AR02", - "CCC.LB.CN06.AR01", - "CCC.LB.CN04.AR01", - "CCC.LB.CN05.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Logging.CN05.AR01", - "CCC.Logging.CN06.AR01", - "CCC.ObjStor.CN06.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Monitor.CN02.AR01", - "CCC.Monitor.CN05.AR01", - "CCC.Vector.CN05.AR01", - "CCC.Core.CN09.AR01", - "CCC.Core.CN09.AR02", - "CCC.Core.CN09.AR03", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR02", - "CCC.Core.CN04.AR03", - "CCC.Core.CN07.AR01", - "CCC.Core.CN07.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure there is at least one sink used to export copies of all the log entries.", - "title": "Ensure there is at least one sink used to export copies of all the log entries.", - "types": [], - "uid": "prowler-gcp-logging_sink_created-nodal-time-474015-p5-global-My First Project" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "number": 784623368087, - "id": "nodal-time-474015-p5", - "name": "My First Project", - "organization": null, - "labels": {}, - "lifecycle_state": "ACTIVE" - } - }, - "group": { - "name": "logging" - }, - "labels": [], - "name": "My First Project", - "type": "Sink", - "uid": "nodal-time-474015-p5" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended to create a sink that will export copies of all the log entries. This can help aggregate logs from multiple projects and export them to a Security Information and Event Management (SIEM).", - "references": [ - "https://cloud.google.com/logging/docs/export" - ] - }, - "risk_details": "If sinks are not created, logs would be deleted after the configured retention period, and would not be backed up.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - } -] diff --git a/website/src/data/test-results/finos-labs-ccc-cfi-compliance/gcp-network/results/gcp-network-delta.ocsf.json b/website/src/data/test-results/finos-labs-ccc-cfi-compliance/gcp-network/results/gcp-network-delta.ocsf.json deleted file mode 100644 index 095888e8..00000000 --- a/website/src/data/test-results/finos-labs-ccc-cfi-compliance/gcp-network/results/gcp-network-delta.ocsf.json +++ /dev/null @@ -1,6953 +0,0 @@ -[ - { - "message": "Network my-auto-mode-network does not have DNS logging enabled.", - "metadata": { - "event_code": "compute_network_dns_logging_enabled", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Network my-auto-mode-network does not have DNS logging enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_6_6", - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.8.gcp.nt.1", - "mp.com.2.r2.gcp.scc.1", - "mp.com.3.r3.gcp.scc.1" - ], - "PCI-4.0": [ - "1.3.2.44", - "1.4.1.9", - "1.4.2.42", - "1.4.4.9", - "10.2.1.1.6", - "10.2.1.1.29", - "10.2.1.2.6", - "10.2.1.2.12", - "10.2.1.2.21", - "10.2.1.2.26", - "10.2.1.3.6", - "10.2.1.3.21", - "10.2.1.3.26", - "10.2.1.4.6", - "10.2.1.4.21", - "10.2.1.4.26", - "10.2.1.5.6", - "10.2.1.5.26", - "10.2.1.6.6", - "10.2.1.6.21", - "10.2.1.6.26", - "10.2.1.7.6", - "10.2.1.7.12", - "10.2.1.7.26", - "10.2.1.6", - "10.2.1.26", - "10.2.2.6", - "10.2.2.21", - "10.2.2.26", - "10.3.1.6", - "10.3.1.12", - "10.3.1.26", - "10.5.1.9", - "10.6.3.6", - "10.6.3.14", - "10.6.3.26", - "10.6.3.32", - "5.3.4.6", - "5.3.4.24", - "5.3.4.31", - "A1.2.1.6", - "A1.2.1.25", - "A1.2.1.30" - ], - "MITRE-ATTACK": [ - "T1046" - ], - "CIS-2.0": [ - "2.12" - ], - "NIS2": [ - "1.1.1.c", - "1.2.1", - "2.1.2.e", - "2.1.2.g", - "2.1.2.h", - "2.2.1", - "2.3.1", - "3.2.1", - "3.2.3.a", - "3.2.3.d", - "3.6.2", - "6.2.1", - "6.7.2.i", - "6.7.2.l", - "7.2.b", - "9.2.a", - "11.1.1", - "11.5.2.d", - "12.2.2.c" - ], - "CCC": [ - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure that Cloud DNS logging is enabled for all your Virtual Private Cloud (VPC) networks using DNS server policies. Cloud DNS logging records queries that the name servers resolve for your Google Cloud VPC networks, as well as queries from external entities directly to a public DNS zone. Recorded queries can come from virtual machine (VM) instances, GKE containers running in the same VPC network, peering zones, or other Google Cloud resources provisioned within your VPC.", - "title": "Enable Cloud DNS Logging for VPC Networks", - "types": [], - "uid": "prowler-gcp-compute_network_dns_logging_enabled-nodal-time-474015-p5-global-my-auto-mode-network" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "my-auto-mode-network", - "id": "7882304364714953002", - "subnet_mode": "auto", - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "my-auto-mode-network", - "type": "Network", - "uid": "7882304364714953002" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "Cloud DNS logging records the queries from the name servers within your VPC to Stackdriver. Logged queries can come from Compute Engine VMs, GKE containers, or other GCP resources provisioned within the VPC.", - "references": [ - "https://cloud.google.com/dns/docs/monitoring" - ] - }, - "risk_details": "Cloud DNS logging is disabled by default on each Google Cloud VPC network. By enabling monitoring of Cloud DNS logs, you can increase visibility into the DNS names requested by the clients within your VPC network. Cloud DNS logs can be monitored for anomalous domain names and evaluated against threat intelligence.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Network my-auto-mode-network is not legacy.", - "metadata": { - "event_code": "compute_network_not_legacy", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Network my-auto-mode-network is not legacy.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.2" - ], - "ISO27001-2022": [ - "A.8.20" - ], - "MITRE-ATTACK": [ - "T1498", - "T1046" - ], - "CIS-2.0": [ - "3.2" - ], - "NIS2": [ - "1.1.1.c", - "1.2.1", - "2.1.2.e", - "2.1.2.g", - "2.2.1", - "2.3.1", - "6.2.1", - "11.1.1" - ], - "ProwlerThreatScore-1.0": [ - "2.1.2" - ], - "CIS-4.0": [ - "3.2" - ], - "CCC": [ - "CCC.MLDE.CN08.AR01", - "CCC.MLDE.CN08.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "In order to prevent use of legacy networks, a project should not have a legacy network configured. As of now, Legacy Networks are gradually being phased out, and you can no longer create projects with them. This recommendation is to check older projects to ensure that they are not using Legacy Networks.", - "title": "Ensure Legacy Networks Do Not Exist", - "types": [], - "uid": "prowler-gcp-compute_network_not_legacy-nodal-time-474015-p5-global-my-auto-mode-network" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "my-auto-mode-network", - "id": "7882304364714953002", - "subnet_mode": "auto", - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "my-auto-mode-network", - "type": "Network", - "uid": "7882304364714953002" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "Ensure that your Google Cloud Platform (GCP) projects are not using legacy networks as this type of network is no longer recommended for production environments because it does not support advanced networking features. Instead, it is strongly recommended to use Virtual Private Cloud (VPC) networks for existing and future GCP projects.", - "references": [ - "https://cloud.google.com/vpc/docs/using-legacy#deleting_a_legacy_network" - ] - }, - "risk_details": "Google Cloud legacy networks have a single global IPv4 range which cannot be divided into subnets, and a single gateway IP address for the whole network. Legacy networks do not support several Google Cloud networking features such as subnets, alias IP ranges, multiple network interfaces, Cloud NAT (Network Address Translation), Virtual Private Cloud (VPC) Peering, and private access options for GCP services. Legacy networks are not recommended for high network traffic projects and are subject to a single point of contention or failure.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet my-auto-mode-network in network my-auto-mode-network does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet my-auto-mode-network in network my-auto-mode-network does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-asia-northeast2-my-auto-mode-network" - }, - "resources": [ - { - "region": "asia-northeast2", - "data": { - "details": "", - "metadata": { - "name": "my-auto-mode-network", - "id": "5382528459507009827", - "network": "my-auto-mode-network", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "asia-northeast2" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "my-auto-mode-network", - "type": "Subnet", - "uid": "5382528459507009827" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "asia-northeast2" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet my-auto-mode-network in network my-auto-mode-network does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet my-auto-mode-network in network my-auto-mode-network does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-us-south1-my-auto-mode-network" - }, - "resources": [ - { - "region": "us-south1", - "data": { - "details": "", - "metadata": { - "name": "my-auto-mode-network", - "id": "4585507886579878179", - "network": "my-auto-mode-network", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "us-south1" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "my-auto-mode-network", - "type": "Subnet", - "uid": "4585507886579878179" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-south1" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet my-auto-mode-network in network my-auto-mode-network does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet my-auto-mode-network in network my-auto-mode-network does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-northamerica-northeast2-my-auto-mode-network" - }, - "resources": [ - { - "region": "northamerica-northeast2", - "data": { - "details": "", - "metadata": { - "name": "my-auto-mode-network", - "id": "2517471164936784163", - "network": "my-auto-mode-network", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "northamerica-northeast2" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "my-auto-mode-network", - "type": "Subnet", - "uid": "2517471164936784163" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "northamerica-northeast2" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet my-auto-mode-network in network my-auto-mode-network does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet my-auto-mode-network in network my-auto-mode-network does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-us-west4-my-auto-mode-network" - }, - "resources": [ - { - "region": "us-west4", - "data": { - "details": "", - "metadata": { - "name": "my-auto-mode-network", - "id": "6333766653605087523", - "network": "my-auto-mode-network", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "us-west4" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "my-auto-mode-network", - "type": "Subnet", - "uid": "6333766653605087523" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-west4" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet my-auto-mode-network in network my-auto-mode-network does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet my-auto-mode-network in network my-auto-mode-network does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-us-central1-my-auto-mode-network" - }, - "resources": [ - { - "region": "us-central1", - "data": { - "details": "", - "metadata": { - "name": "my-auto-mode-network", - "id": "989426765725731107", - "network": "my-auto-mode-network", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "us-central1" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "my-auto-mode-network", - "type": "Subnet", - "uid": "989426765725731107" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-central1" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet my-auto-mode-network in network my-auto-mode-network does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet my-auto-mode-network in network my-auto-mode-network does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-northamerica-south1-my-auto-mode-network" - }, - "resources": [ - { - "region": "northamerica-south1", - "data": { - "details": "", - "metadata": { - "name": "my-auto-mode-network", - "id": "7329228270524205347", - "network": "my-auto-mode-network", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "northamerica-south1" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "my-auto-mode-network", - "type": "Subnet", - "uid": "7329228270524205347" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "northamerica-south1" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet my-auto-mode-network in network my-auto-mode-network does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet my-auto-mode-network in network my-auto-mode-network does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-us-west3-my-auto-mode-network" - }, - "resources": [ - { - "region": "us-west3", - "data": { - "details": "", - "metadata": { - "name": "my-auto-mode-network", - "id": "1350990663324829987", - "network": "my-auto-mode-network", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "us-west3" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "my-auto-mode-network", - "type": "Subnet", - "uid": "1350990663324829987" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-west3" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet my-auto-mode-network in network my-auto-mode-network does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet my-auto-mode-network in network my-auto-mode-network does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-asia-east1-my-auto-mode-network" - }, - "resources": [ - { - "region": "asia-east1", - "data": { - "details": "", - "metadata": { - "name": "my-auto-mode-network", - "id": "7418966166155594019", - "network": "my-auto-mode-network", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "asia-east1" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "my-auto-mode-network", - "type": "Subnet", - "uid": "7418966166155594019" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "asia-east1" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet my-auto-mode-network in network my-auto-mode-network does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet my-auto-mode-network in network my-auto-mode-network does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-africa-south1-my-auto-mode-network" - }, - "resources": [ - { - "region": "africa-south1", - "data": { - "details": "", - "metadata": { - "name": "my-auto-mode-network", - "id": "5337094517333461283", - "network": "my-auto-mode-network", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "africa-south1" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "my-auto-mode-network", - "type": "Subnet", - "uid": "5337094517333461283" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "africa-south1" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet my-auto-mode-network in network my-auto-mode-network does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet my-auto-mode-network in network my-auto-mode-network does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-us-west1-my-auto-mode-network" - }, - "resources": [ - { - "region": "us-west1", - "data": { - "details": "", - "metadata": { - "name": "my-auto-mode-network", - "id": "5258729269900118307", - "network": "my-auto-mode-network", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "us-west1" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "my-auto-mode-network", - "type": "Subnet", - "uid": "5258729269900118307" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-west1" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet my-auto-mode-network in network my-auto-mode-network does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet my-auto-mode-network in network my-auto-mode-network does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-us-west2-my-auto-mode-network" - }, - "resources": [ - { - "region": "us-west2", - "data": { - "details": "", - "metadata": { - "name": "my-auto-mode-network", - "id": "5617727019029137699", - "network": "my-auto-mode-network", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "us-west2" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "my-auto-mode-network", - "type": "Subnet", - "uid": "5617727019029137699" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-west2" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet my-auto-mode-network in network my-auto-mode-network does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet my-auto-mode-network in network my-auto-mode-network does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-asia-northeast3-my-auto-mode-network" - }, - "resources": [ - { - "region": "asia-northeast3", - "data": { - "details": "", - "metadata": { - "name": "my-auto-mode-network", - "id": "5639285641731148067", - "network": "my-auto-mode-network", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "asia-northeast3" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "my-auto-mode-network", - "type": "Subnet", - "uid": "5639285641731148067" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "asia-northeast3" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet my-auto-mode-network in network my-auto-mode-network does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet my-auto-mode-network in network my-auto-mode-network does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-northamerica-northeast1-my-auto-mode-network" - }, - "resources": [ - { - "region": "northamerica-northeast1", - "data": { - "details": "", - "metadata": { - "name": "my-auto-mode-network", - "id": "1657963056985573667", - "network": "my-auto-mode-network", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "northamerica-northeast1" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "my-auto-mode-network", - "type": "Subnet", - "uid": "1657963056985573667" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "northamerica-northeast1" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet my-auto-mode-network in network my-auto-mode-network does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet my-auto-mode-network in network my-auto-mode-network does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-us-east4-my-auto-mode-network" - }, - "resources": [ - { - "region": "us-east4", - "data": { - "details": "", - "metadata": { - "name": "my-auto-mode-network", - "id": "6281437725553363235", - "network": "my-auto-mode-network", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "us-east4" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "my-auto-mode-network", - "type": "Subnet", - "uid": "6281437725553363235" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-east4" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet my-auto-mode-network in network my-auto-mode-network does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet my-auto-mode-network in network my-auto-mode-network does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-europe-west4-my-auto-mode-network" - }, - "resources": [ - { - "region": "europe-west4", - "data": { - "details": "", - "metadata": { - "name": "my-auto-mode-network", - "id": "3792494857442330915", - "network": "my-auto-mode-network", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "europe-west4" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "my-auto-mode-network", - "type": "Subnet", - "uid": "3792494857442330915" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "europe-west4" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet my-auto-mode-network in network my-auto-mode-network does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet my-auto-mode-network in network my-auto-mode-network does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-europe-west3-my-auto-mode-network" - }, - "resources": [ - { - "region": "europe-west3", - "data": { - "details": "", - "metadata": { - "name": "my-auto-mode-network", - "id": "1302189221978081571", - "network": "my-auto-mode-network", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "europe-west3" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "my-auto-mode-network", - "type": "Subnet", - "uid": "1302189221978081571" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "europe-west3" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet my-auto-mode-network in network my-auto-mode-network does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet my-auto-mode-network in network my-auto-mode-network does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-europe-southwest1-my-auto-mode-network" - }, - "resources": [ - { - "region": "europe-southwest1", - "data": { - "details": "", - "metadata": { - "name": "my-auto-mode-network", - "id": "7896974598608554275", - "network": "my-auto-mode-network", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "europe-southwest1" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "my-auto-mode-network", - "type": "Subnet", - "uid": "7896974598608554275" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "europe-southwest1" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet my-auto-mode-network in network my-auto-mode-network does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet my-auto-mode-network in network my-auto-mode-network does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-europe-west2-my-auto-mode-network" - }, - "resources": [ - { - "region": "europe-west2", - "data": { - "details": "", - "metadata": { - "name": "my-auto-mode-network", - "id": "296939310166870307", - "network": "my-auto-mode-network", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "europe-west2" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "my-auto-mode-network", - "type": "Subnet", - "uid": "296939310166870307" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "europe-west2" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet my-auto-mode-network in network my-auto-mode-network does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet my-auto-mode-network in network my-auto-mode-network does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-europe-west6-my-auto-mode-network" - }, - "resources": [ - { - "region": "europe-west6", - "data": { - "details": "", - "metadata": { - "name": "my-auto-mode-network", - "id": "8430378969489508643", - "network": "my-auto-mode-network", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "europe-west6" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "my-auto-mode-network", - "type": "Subnet", - "uid": "8430378969489508643" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "europe-west6" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet my-auto-mode-network in network my-auto-mode-network does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet my-auto-mode-network in network my-auto-mode-network does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-us-east5-my-auto-mode-network" - }, - "resources": [ - { - "region": "us-east5", - "data": { - "details": "", - "metadata": { - "name": "my-auto-mode-network", - "id": "5540315868515830051", - "network": "my-auto-mode-network", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "us-east5" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "my-auto-mode-network", - "type": "Subnet", - "uid": "5540315868515830051" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-east5" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet my-auto-mode-network in network my-auto-mode-network does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet my-auto-mode-network in network my-auto-mode-network does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-asia-south1-my-auto-mode-network" - }, - "resources": [ - { - "region": "asia-south1", - "data": { - "details": "", - "metadata": { - "name": "my-auto-mode-network", - "id": "5729154426490882338", - "network": "my-auto-mode-network", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "asia-south1" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "my-auto-mode-network", - "type": "Subnet", - "uid": "5729154426490882338" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "asia-south1" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet my-auto-mode-network in network my-auto-mode-network does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet my-auto-mode-network in network my-auto-mode-network does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-us-east1-my-auto-mode-network" - }, - "resources": [ - { - "region": "us-east1", - "data": { - "details": "", - "metadata": { - "name": "my-auto-mode-network", - "id": "5660097635908356387", - "network": "my-auto-mode-network", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "us-east1" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "my-auto-mode-network", - "type": "Subnet", - "uid": "5660097635908356387" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-east1" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet my-auto-mode-network in network my-auto-mode-network does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet my-auto-mode-network in network my-auto-mode-network does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-me-west1-my-auto-mode-network" - }, - "resources": [ - { - "region": "me-west1", - "data": { - "details": "", - "metadata": { - "name": "my-auto-mode-network", - "id": "7650255777157384483", - "network": "my-auto-mode-network", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "me-west1" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "my-auto-mode-network", - "type": "Subnet", - "uid": "7650255777157384483" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "me-west1" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet my-auto-mode-network in network my-auto-mode-network does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet my-auto-mode-network in network my-auto-mode-network does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-asia-south2-my-auto-mode-network" - }, - "resources": [ - { - "region": "asia-south2", - "data": { - "details": "", - "metadata": { - "name": "my-auto-mode-network", - "id": "3383054087516358946", - "network": "my-auto-mode-network", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "asia-south2" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "my-auto-mode-network", - "type": "Subnet", - "uid": "3383054087516358946" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "asia-south2" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet my-auto-mode-network in network my-auto-mode-network does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet my-auto-mode-network in network my-auto-mode-network does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-southamerica-west1-my-auto-mode-network" - }, - "resources": [ - { - "region": "southamerica-west1", - "data": { - "details": "", - "metadata": { - "name": "my-auto-mode-network", - "id": "5300207383985293602", - "network": "my-auto-mode-network", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "southamerica-west1" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "my-auto-mode-network", - "type": "Subnet", - "uid": "5300207383985293602" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "southamerica-west1" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet my-auto-mode-network in network my-auto-mode-network does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet my-auto-mode-network in network my-auto-mode-network does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-europe-north2-my-auto-mode-network" - }, - "resources": [ - { - "region": "europe-north2", - "data": { - "details": "", - "metadata": { - "name": "my-auto-mode-network", - "id": "5675017759589173539", - "network": "my-auto-mode-network", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "europe-north2" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "my-auto-mode-network", - "type": "Subnet", - "uid": "5675017759589173539" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "europe-north2" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet my-auto-mode-network in network my-auto-mode-network does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet my-auto-mode-network in network my-auto-mode-network does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-asia-northeast1-my-auto-mode-network" - }, - "resources": [ - { - "region": "asia-northeast1", - "data": { - "details": "", - "metadata": { - "name": "my-auto-mode-network", - "id": "6448791379645073699", - "network": "my-auto-mode-network", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "asia-northeast1" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "my-auto-mode-network", - "type": "Subnet", - "uid": "6448791379645073699" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "asia-northeast1" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet my-auto-mode-network in network my-auto-mode-network does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet my-auto-mode-network in network my-auto-mode-network does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-europe-west1-my-auto-mode-network" - }, - "resources": [ - { - "region": "europe-west1", - "data": { - "details": "", - "metadata": { - "name": "my-auto-mode-network", - "id": "6016379114575399203", - "network": "my-auto-mode-network", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "europe-west1" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "my-auto-mode-network", - "type": "Subnet", - "uid": "6016379114575399203" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "europe-west1" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet my-auto-mode-network in network my-auto-mode-network does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet my-auto-mode-network in network my-auto-mode-network does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-europe-west9-my-auto-mode-network" - }, - "resources": [ - { - "region": "europe-west9", - "data": { - "details": "", - "metadata": { - "name": "my-auto-mode-network", - "id": "5381244156911323427", - "network": "my-auto-mode-network", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "europe-west9" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "my-auto-mode-network", - "type": "Subnet", - "uid": "5381244156911323427" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "europe-west9" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet my-auto-mode-network in network my-auto-mode-network does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet my-auto-mode-network in network my-auto-mode-network does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-europe-west12-my-auto-mode-network" - }, - "resources": [ - { - "region": "europe-west12", - "data": { - "details": "", - "metadata": { - "name": "my-auto-mode-network", - "id": "3212626551100705058", - "network": "my-auto-mode-network", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "europe-west12" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "my-auto-mode-network", - "type": "Subnet", - "uid": "3212626551100705058" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "europe-west12" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet my-auto-mode-network in network my-auto-mode-network does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet my-auto-mode-network in network my-auto-mode-network does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-europe-central2-my-auto-mode-network" - }, - "resources": [ - { - "region": "europe-central2", - "data": { - "details": "", - "metadata": { - "name": "my-auto-mode-network", - "id": "4030368752093137187", - "network": "my-auto-mode-network", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "europe-central2" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "my-auto-mode-network", - "type": "Subnet", - "uid": "4030368752093137187" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "europe-central2" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet my-auto-mode-network in network my-auto-mode-network does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet my-auto-mode-network in network my-auto-mode-network does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-australia-southeast2-my-auto-mode-network" - }, - "resources": [ - { - "region": "australia-southeast2", - "data": { - "details": "", - "metadata": { - "name": "my-auto-mode-network", - "id": "7995795735890659617", - "network": "my-auto-mode-network", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "australia-southeast2" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "my-auto-mode-network", - "type": "Subnet", - "uid": "7995795735890659617" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "australia-southeast2" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet my-auto-mode-network in network my-auto-mode-network does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet my-auto-mode-network in network my-auto-mode-network does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-asia-southeast2-my-auto-mode-network" - }, - "resources": [ - { - "region": "asia-southeast2", - "data": { - "details": "", - "metadata": { - "name": "my-auto-mode-network", - "id": "5565608540079950115", - "network": "my-auto-mode-network", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "asia-southeast2" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "my-auto-mode-network", - "type": "Subnet", - "uid": "5565608540079950115" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "asia-southeast2" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet my-auto-mode-network in network my-auto-mode-network does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet my-auto-mode-network in network my-auto-mode-network does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-australia-southeast1-my-auto-mode-network" - }, - "resources": [ - { - "region": "australia-southeast1", - "data": { - "details": "", - "metadata": { - "name": "my-auto-mode-network", - "id": "2912428282938427682", - "network": "my-auto-mode-network", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "australia-southeast1" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "my-auto-mode-network", - "type": "Subnet", - "uid": "2912428282938427682" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "australia-southeast1" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet my-auto-mode-network in network my-auto-mode-network does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet my-auto-mode-network in network my-auto-mode-network does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-europe-west10-my-auto-mode-network" - }, - "resources": [ - { - "region": "europe-west10", - "data": { - "details": "", - "metadata": { - "name": "my-auto-mode-network", - "id": "7985414817116096803", - "network": "my-auto-mode-network", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "europe-west10" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "my-auto-mode-network", - "type": "Subnet", - "uid": "7985414817116096803" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "europe-west10" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet my-auto-mode-network in network my-auto-mode-network does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet my-auto-mode-network in network my-auto-mode-network does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-asia-southeast1-my-auto-mode-network" - }, - "resources": [ - { - "region": "asia-southeast1", - "data": { - "details": "", - "metadata": { - "name": "my-auto-mode-network", - "id": "5582712280968628515", - "network": "my-auto-mode-network", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "asia-southeast1" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "my-auto-mode-network", - "type": "Subnet", - "uid": "5582712280968628515" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "asia-southeast1" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet my-auto-mode-network in network my-auto-mode-network does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet my-auto-mode-network in network my-auto-mode-network does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-europe-west8-my-auto-mode-network" - }, - "resources": [ - { - "region": "europe-west8", - "data": { - "details": "", - "metadata": { - "name": "my-auto-mode-network", - "id": "3747226911459805474", - "network": "my-auto-mode-network", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "europe-west8" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "my-auto-mode-network", - "type": "Subnet", - "uid": "3747226911459805474" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "europe-west8" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet my-auto-mode-network in network my-auto-mode-network does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet my-auto-mode-network in network my-auto-mode-network does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-me-central1-my-auto-mode-network" - }, - "resources": [ - { - "region": "me-central1", - "data": { - "details": "", - "metadata": { - "name": "my-auto-mode-network", - "id": "5978380323431942435", - "network": "my-auto-mode-network", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "me-central1" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "my-auto-mode-network", - "type": "Subnet", - "uid": "5978380323431942435" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "me-central1" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet my-auto-mode-network in network my-auto-mode-network does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet my-auto-mode-network in network my-auto-mode-network does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-southamerica-east1-my-auto-mode-network" - }, - "resources": [ - { - "region": "southamerica-east1", - "data": { - "details": "", - "metadata": { - "name": "my-auto-mode-network", - "id": "612290845719693601", - "network": "my-auto-mode-network", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "southamerica-east1" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "my-auto-mode-network", - "type": "Subnet", - "uid": "612290845719693601" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "southamerica-east1" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet my-auto-mode-network in network my-auto-mode-network does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet my-auto-mode-network in network my-auto-mode-network does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-europe-north1-my-auto-mode-network" - }, - "resources": [ - { - "region": "europe-north1", - "data": { - "details": "", - "metadata": { - "name": "my-auto-mode-network", - "id": "5273743466249619747", - "network": "my-auto-mode-network", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "europe-north1" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "my-auto-mode-network", - "type": "Subnet", - "uid": "5273743466249619747" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "europe-north1" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet my-auto-mode-network in network my-auto-mode-network does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet my-auto-mode-network in network my-auto-mode-network does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901102, - "created_time_dt": "2025-10-19T19:11:42.971907", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-asia-east2-my-auto-mode-network" - }, - "resources": [ - { - "region": "asia-east2", - "data": { - "details": "", - "metadata": { - "name": "my-auto-mode-network", - "id": "9109773367570368801", - "network": "my-auto-mode-network", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "asia-east2" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "my-auto-mode-network", - "type": "Subnet", - "uid": "9109773367570368801" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "asia-east2" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901102, - "time_dt": "2025-10-19T19:11:42.971907", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - } -] diff --git a/website/src/data/test-results/finos-labs-ccc-cfi-compliance/gcp-sql-database/config/gcp-sql-database.json b/website/src/data/test-results/finos-labs-ccc-cfi-compliance/gcp-sql-database/config/gcp-sql-database.json deleted file mode 100644 index 3f2899f7..00000000 --- a/website/src/data/test-results/finos-labs-ccc-cfi-compliance/gcp-sql-database/config/gcp-sql-database.json +++ /dev/null @@ -1,9 +0,0 @@ -{ - "id": "gcp-sql-database", - "provider": "gcp", - "service": "database", - "name": "CCC Google Cloud SQL Database Terraform Module", - "description": "This module creates secure Google Cloud SQL databases with encryption, networking, monitoring, and advanced security features.", - "path": "remote/gcp/sqldatabase", - "git": "https://github.com/terraform-google-modules/terraform-google-sql-db" -} \ No newline at end of file diff --git a/website/src/data/test-results/finos-labs-ccc-cfi-compliance/gcp-sql-database/results/gcp-sql-database-baseline.ocsf.json b/website/src/data/test-results/finos-labs-ccc-cfi-compliance/gcp-sql-database/results/gcp-sql-database-baseline.ocsf.json deleted file mode 100644 index 91445f07..00000000 --- a/website/src/data/test-results/finos-labs-ccc-cfi-compliance/gcp-sql-database/results/gcp-sql-database-baseline.ocsf.json +++ /dev/null @@ -1,23865 +0,0 @@ -[ - { - "message": "AR Container Analysis is not enabled in project nodal-time-474015-p5.", - "metadata": { - "event_code": "artifacts_container_analysis_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "AR Container Analysis is not enabled in project nodal-time-474015-p5.", - "status_id": 1, - "unmapped": { - "related_url": "https://cloud.google.com/artifact-analysis/docs", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "By default, AR Container Analysis is disabled.", - "compliance": { - "SOC2": [ - "cc_3_1" - ], - "ENS-RD2022": [ - "op.exp.4.r4.gcp.log.1", - "op.mon.3.gcp.scc.1" - ], - "PCI-4.0": [ - "11.3.1.2.1", - "11.3.1.3.3", - "11.3.1.3" - ], - "MITRE-ATTACK": [ - "T1525" - ], - "NIS2": [ - "5.1.4.f", - "5.1.7.d", - "6.1.2.b", - "6.6.1.a", - "6.9.2", - "9.2.a" - ], - "CCC": [ - "CCC.CntrReg.CN01.AR01", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.MLDE.CN05.AR01", - "CCC.MLDE.CN05.AR02", - "CCC.MLDE.CN06.AR01" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901392, - "created_time_dt": "2025-10-19T19:16:32.422645", - "desc": "Scan images stored in Google Container Registry (GCR) for vulnerabilities using AR Container Analysis or a third-party provider. This helps identify and mitigate security risks associated with known vulnerabilities in container images.", - "title": "Ensure Image Vulnerability Analysis using AR Container Analysis or a third-party provider", - "types": [ - "Security", - "Configuration" - ], - "uid": "prowler-gcp-artifacts_container_analysis_enabled-nodal-time-474015-p5-global-AR Container Analysis" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "number": 784623368087, - "id": "nodal-time-474015-p5", - "name": "My First Project", - "organization": null, - "labels": {}, - "lifecycle_state": "ACTIVE" - } - }, - "group": { - "name": "artifacts" - }, - "labels": [], - "name": "AR Container Analysis", - "type": "Service", - "uid": "containeranalysis.googleapis.com" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "Enable vulnerability scanning for images stored in Artifact Registry using AR Container Analysis or a third-party provider.", - "references": [ - "https://cloud.google.com/artifact-analysis/docs/container-scanning-overview" - ] - }, - "risk_details": "Without image vulnerability scanning, container images stored in Artifact Registry may contain known vulnerabilities, increasing the risk of exploitation by malicious actors.", - "time": 1760901392, - "time_dt": "2025-10-19T19:16:32.422645", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Bucket cfi-logs-bucket-1fba850e is not publicly accessible.", - "metadata": { - "event_code": "cloudstorage_bucket_public_access", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Bucket cfi-logs-bucket-1fba850e is not publicly accessible.", - "status_id": 1, - "unmapped": { - "related_url": "https://www.trendmicro.com/cloudoneconformity/knowledge-base/gcp/CloudStorage/publicly-accessible-storage-buckets.html", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "5.1" - ], - "SOC2": [ - "cc_6_1" - ], - "ISO27001-2022": [ - "A.8.1", - "A.8.12" - ], - "ENS-RD2022": [ - "op.mon.3.r5.gcp.dm.1" - ], - "PCI-4.0": [ - "1.2.5.15", - "1.2.8.30", - "1.2.8.32", - "1.2.8.33", - "1.2.8.34", - "1.2.8.35", - "1.3.1.32", - "1.3.1.34", - "1.3.1.35", - "1.3.1.37", - "1.3.1.38", - "1.3.1.39", - "1.3.2.34", - "1.3.2.35", - "1.3.2.36", - "1.3.2.37", - "1.3.2.38", - "1.3.2.39", - "1.4.2.32", - "1.4.2.33", - "1.4.2.35", - "1.4.2.36", - "1.4.2.37", - "1.5.1.30", - "1.5.1.32", - "1.5.1.33", - "1.5.1.34", - "1.5.1.35", - "10.3.2.8", - "10.3.2.11", - "10.3.2.18", - "10.3.2.19", - "10.3.2.21", - "10.3.2.23", - "10.3.2.24", - "10.3.2.26", - "10.3.3.23", - "10.3.4.8", - "10.6.3.33", - "10.6.3.35", - "2.2.5.15", - "3.5.1.3.8", - "3.5.1.3.23", - "3.5.1.3.24", - "3.5.1.3.26", - "3.5.1.3.28", - "3.5.1.3.29", - "4.2.1.19", - "7.2.1.24", - "7.2.1.25", - "7.2.1.26", - "7.2.1.27", - "7.2.2.2", - "7.2.2.24", - "7.2.2.25", - "7.2.2.26", - "7.2.2.27", - "7.2.5.2", - "7.2.5.18", - "7.2.5.19", - "7.2.5.20", - "7.2.5.21", - "7.2.6.4", - "7.2.6.5", - "7.3.1.18", - "7.3.1.19", - "7.3.1.20", - "7.3.1.21", - "7.3.2.18", - "7.3.2.19", - "7.3.2.20", - "7.3.2.21", - "7.3.3.18", - "7.3.3.19", - "7.3.3.20", - "7.3.3.21", - "8.2.7.18", - "8.2.7.19", - "8.2.7.20", - "8.2.7.21", - "8.2.8.20", - "8.2.8.21", - "8.2.8.22", - "8.2.8.23", - "8.3.2.48", - "8.3.4.18", - "8.3.4.19", - "8.3.4.20", - "A1.1.2.4", - "A1.1.2.7", - "A1.1.2.14", - "A1.1.2.17", - "A1.1.2.19", - "A1.1.2.20", - "A1.1.2.22", - "A1.1.3.30", - "A1.1.3.31", - "A1.1.3.32", - "A1.1.3.33", - "A1.1.3.34", - "A1.1.3.35", - "A1.2.1.31", - "A3.4.1.4", - "A3.4.1.16", - "A3.4.1.19", - "A3.4.1.21", - "A3.4.1.22", - "A3.4.1.25" - ], - "MITRE-ATTACK": [ - "T1190" - ], - "CIS-2.0": [ - "5.1" - ], - "ProwlerThreatScore-1.0": [ - "2.2.1" - ], - "CIS-4.0": [ - "5.1" - ], - "CCC": [ - "CCC.AuditLog.CN04.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.AuditLog.CN10.AR01", - "CCC.AuditLog.CN10.AR02", - "CCC.Build.CN03.AR01", - "CCC.GenAI.CN03.AR01", - "CCC.GenAI.CN04.AR01", - "CCC.GenAI.CN08.AR01", - "CCC.Logging.CN05.AR01", - "CCC.Logging.CN05.AR02", - "CCC.MLDE.CN08.AR02", - "CCC.SvlsComp.CN01.AR01", - "CCC.Core.CN01.AR03", - "CCC.Core.CN03.AR02", - "CCC.Core.CN03.AR04", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901392, - "created_time_dt": "2025-10-19T19:16:32.422645", - "desc": "Ensure That Cloud Storage Bucket Is Not Anonymously or Publicly Accessible", - "title": "Ensure That Cloud Storage Bucket Is Not Anonymously or Publicly Accessible", - "types": [], - "uid": "prowler-gcp-cloudstorage_bucket_public_access-nodal-time-474015-p5-US-CENTRAL1-cfi-logs-bucket-1fba850e" - }, - "resources": [ - { - "region": "US-CENTRAL1", - "data": { - "details": "", - "metadata": { - "name": "cfi-logs-bucket-1fba850e", - "id": "cfi-logs-bucket-1fba850e", - "region": "US-CENTRAL1", - "uniform_bucket_level_access": true, - "public": false, - "project_id": "nodal-time-474015-p5", - "retention_policy": null - } - }, - "group": { - "name": "cloudstorage" - }, - "labels": [], - "name": "cfi-logs-bucket-1fba850e", - "type": "Bucket", - "uid": "cfi-logs-bucket-1fba850e" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "US-CENTRAL1" - }, - "remediation": { - "desc": "It is recommended that IAM policy on Cloud Storage bucket does not allows anonymous or public access.", - "references": [ - "https://cloud.google.com/storage/docs/access-control/iam-reference" - ] - }, - "risk_details": "Allowing anonymous or public access grants permissions to anyone to access bucket content. Such access might not be desired if you are storing any sensitive data. Hence, ensure that anonymous or public access to a bucket is not allowed.", - "time": 1760901392, - "time_dt": "2025-10-19T19:16:32.422645", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Bucket cfi-logs-bucket-7a427af0 is not publicly accessible.", - "metadata": { - "event_code": "cloudstorage_bucket_public_access", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Bucket cfi-logs-bucket-7a427af0 is not publicly accessible.", - "status_id": 1, - "unmapped": { - "related_url": "https://www.trendmicro.com/cloudoneconformity/knowledge-base/gcp/CloudStorage/publicly-accessible-storage-buckets.html", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "5.1" - ], - "SOC2": [ - "cc_6_1" - ], - "ISO27001-2022": [ - "A.8.1", - "A.8.12" - ], - "ENS-RD2022": [ - "op.mon.3.r5.gcp.dm.1" - ], - "PCI-4.0": [ - "1.2.5.15", - "1.2.8.30", - "1.2.8.32", - "1.2.8.33", - "1.2.8.34", - "1.2.8.35", - "1.3.1.32", - "1.3.1.34", - "1.3.1.35", - "1.3.1.37", - "1.3.1.38", - "1.3.1.39", - "1.3.2.34", - "1.3.2.35", - "1.3.2.36", - "1.3.2.37", - "1.3.2.38", - "1.3.2.39", - "1.4.2.32", - "1.4.2.33", - "1.4.2.35", - "1.4.2.36", - "1.4.2.37", - "1.5.1.30", - "1.5.1.32", - "1.5.1.33", - "1.5.1.34", - "1.5.1.35", - "10.3.2.8", - "10.3.2.11", - "10.3.2.18", - "10.3.2.19", - "10.3.2.21", - "10.3.2.23", - "10.3.2.24", - "10.3.2.26", - "10.3.3.23", - "10.3.4.8", - "10.6.3.33", - "10.6.3.35", - "2.2.5.15", - "3.5.1.3.8", - "3.5.1.3.23", - "3.5.1.3.24", - "3.5.1.3.26", - "3.5.1.3.28", - "3.5.1.3.29", - "4.2.1.19", - "7.2.1.24", - "7.2.1.25", - "7.2.1.26", - "7.2.1.27", - "7.2.2.2", - "7.2.2.24", - "7.2.2.25", - "7.2.2.26", - "7.2.2.27", - "7.2.5.2", - "7.2.5.18", - "7.2.5.19", - "7.2.5.20", - "7.2.5.21", - "7.2.6.4", - "7.2.6.5", - "7.3.1.18", - "7.3.1.19", - "7.3.1.20", - "7.3.1.21", - "7.3.2.18", - "7.3.2.19", - "7.3.2.20", - "7.3.2.21", - "7.3.3.18", - "7.3.3.19", - "7.3.3.20", - "7.3.3.21", - "8.2.7.18", - "8.2.7.19", - "8.2.7.20", - "8.2.7.21", - "8.2.8.20", - "8.2.8.21", - "8.2.8.22", - "8.2.8.23", - "8.3.2.48", - "8.3.4.18", - "8.3.4.19", - "8.3.4.20", - "A1.1.2.4", - "A1.1.2.7", - "A1.1.2.14", - "A1.1.2.17", - "A1.1.2.19", - "A1.1.2.20", - "A1.1.2.22", - "A1.1.3.30", - "A1.1.3.31", - "A1.1.3.32", - "A1.1.3.33", - "A1.1.3.34", - "A1.1.3.35", - "A1.2.1.31", - "A3.4.1.4", - "A3.4.1.16", - "A3.4.1.19", - "A3.4.1.21", - "A3.4.1.22", - "A3.4.1.25" - ], - "MITRE-ATTACK": [ - "T1190" - ], - "CIS-2.0": [ - "5.1" - ], - "ProwlerThreatScore-1.0": [ - "2.2.1" - ], - "CIS-4.0": [ - "5.1" - ], - "CCC": [ - "CCC.AuditLog.CN04.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.AuditLog.CN10.AR01", - "CCC.AuditLog.CN10.AR02", - "CCC.Build.CN03.AR01", - "CCC.GenAI.CN03.AR01", - "CCC.GenAI.CN04.AR01", - "CCC.GenAI.CN08.AR01", - "CCC.Logging.CN05.AR01", - "CCC.Logging.CN05.AR02", - "CCC.MLDE.CN08.AR02", - "CCC.SvlsComp.CN01.AR01", - "CCC.Core.CN01.AR03", - "CCC.Core.CN03.AR02", - "CCC.Core.CN03.AR04", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901392, - "created_time_dt": "2025-10-19T19:16:32.422645", - "desc": "Ensure That Cloud Storage Bucket Is Not Anonymously or Publicly Accessible", - "title": "Ensure That Cloud Storage Bucket Is Not Anonymously or Publicly Accessible", - "types": [], - "uid": "prowler-gcp-cloudstorage_bucket_public_access-nodal-time-474015-p5-US-CENTRAL1-cfi-logs-bucket-7a427af0" - }, - "resources": [ - { - "region": "US-CENTRAL1", - "data": { - "details": "", - "metadata": { - "name": "cfi-logs-bucket-7a427af0", - "id": "cfi-logs-bucket-7a427af0", - "region": "US-CENTRAL1", - "uniform_bucket_level_access": true, - "public": false, - "project_id": "nodal-time-474015-p5", - "retention_policy": null - } - }, - "group": { - "name": "cloudstorage" - }, - "labels": [], - "name": "cfi-logs-bucket-7a427af0", - "type": "Bucket", - "uid": "cfi-logs-bucket-7a427af0" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "US-CENTRAL1" - }, - "remediation": { - "desc": "It is recommended that IAM policy on Cloud Storage bucket does not allows anonymous or public access.", - "references": [ - "https://cloud.google.com/storage/docs/access-control/iam-reference" - ] - }, - "risk_details": "Allowing anonymous or public access grants permissions to anyone to access bucket content. Such access might not be desired if you are storing any sensitive data. Hence, ensure that anonymous or public access to a bucket is not allowed.", - "time": 1760901392, - "time_dt": "2025-10-19T19:16:32.422645", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Bucket cfi-logs-bucket-a1aaa547 is not publicly accessible.", - "metadata": { - "event_code": "cloudstorage_bucket_public_access", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Bucket cfi-logs-bucket-a1aaa547 is not publicly accessible.", - "status_id": 1, - "unmapped": { - "related_url": "https://www.trendmicro.com/cloudoneconformity/knowledge-base/gcp/CloudStorage/publicly-accessible-storage-buckets.html", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "5.1" - ], - "SOC2": [ - "cc_6_1" - ], - "ISO27001-2022": [ - "A.8.1", - "A.8.12" - ], - "ENS-RD2022": [ - "op.mon.3.r5.gcp.dm.1" - ], - "PCI-4.0": [ - "1.2.5.15", - "1.2.8.30", - "1.2.8.32", - "1.2.8.33", - "1.2.8.34", - "1.2.8.35", - "1.3.1.32", - "1.3.1.34", - "1.3.1.35", - "1.3.1.37", - "1.3.1.38", - "1.3.1.39", - "1.3.2.34", - "1.3.2.35", - "1.3.2.36", - "1.3.2.37", - "1.3.2.38", - "1.3.2.39", - "1.4.2.32", - "1.4.2.33", - "1.4.2.35", - "1.4.2.36", - "1.4.2.37", - "1.5.1.30", - "1.5.1.32", - "1.5.1.33", - "1.5.1.34", - "1.5.1.35", - "10.3.2.8", - "10.3.2.11", - "10.3.2.18", - "10.3.2.19", - "10.3.2.21", - "10.3.2.23", - "10.3.2.24", - "10.3.2.26", - "10.3.3.23", - "10.3.4.8", - "10.6.3.33", - "10.6.3.35", - "2.2.5.15", - "3.5.1.3.8", - "3.5.1.3.23", - "3.5.1.3.24", - "3.5.1.3.26", - "3.5.1.3.28", - "3.5.1.3.29", - "4.2.1.19", - "7.2.1.24", - "7.2.1.25", - "7.2.1.26", - "7.2.1.27", - "7.2.2.2", - "7.2.2.24", - "7.2.2.25", - "7.2.2.26", - "7.2.2.27", - "7.2.5.2", - "7.2.5.18", - "7.2.5.19", - "7.2.5.20", - "7.2.5.21", - "7.2.6.4", - "7.2.6.5", - "7.3.1.18", - "7.3.1.19", - "7.3.1.20", - "7.3.1.21", - "7.3.2.18", - "7.3.2.19", - "7.3.2.20", - "7.3.2.21", - "7.3.3.18", - "7.3.3.19", - "7.3.3.20", - "7.3.3.21", - "8.2.7.18", - "8.2.7.19", - "8.2.7.20", - "8.2.7.21", - "8.2.8.20", - "8.2.8.21", - "8.2.8.22", - "8.2.8.23", - "8.3.2.48", - "8.3.4.18", - "8.3.4.19", - "8.3.4.20", - "A1.1.2.4", - "A1.1.2.7", - "A1.1.2.14", - "A1.1.2.17", - "A1.1.2.19", - "A1.1.2.20", - "A1.1.2.22", - "A1.1.3.30", - "A1.1.3.31", - "A1.1.3.32", - "A1.1.3.33", - "A1.1.3.34", - "A1.1.3.35", - "A1.2.1.31", - "A3.4.1.4", - "A3.4.1.16", - "A3.4.1.19", - "A3.4.1.21", - "A3.4.1.22", - "A3.4.1.25" - ], - "MITRE-ATTACK": [ - "T1190" - ], - "CIS-2.0": [ - "5.1" - ], - "ProwlerThreatScore-1.0": [ - "2.2.1" - ], - "CIS-4.0": [ - "5.1" - ], - "CCC": [ - "CCC.AuditLog.CN04.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.AuditLog.CN10.AR01", - "CCC.AuditLog.CN10.AR02", - "CCC.Build.CN03.AR01", - "CCC.GenAI.CN03.AR01", - "CCC.GenAI.CN04.AR01", - "CCC.GenAI.CN08.AR01", - "CCC.Logging.CN05.AR01", - "CCC.Logging.CN05.AR02", - "CCC.MLDE.CN08.AR02", - "CCC.SvlsComp.CN01.AR01", - "CCC.Core.CN01.AR03", - "CCC.Core.CN03.AR02", - "CCC.Core.CN03.AR04", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901392, - "created_time_dt": "2025-10-19T19:16:32.422645", - "desc": "Ensure That Cloud Storage Bucket Is Not Anonymously or Publicly Accessible", - "title": "Ensure That Cloud Storage Bucket Is Not Anonymously or Publicly Accessible", - "types": [], - "uid": "prowler-gcp-cloudstorage_bucket_public_access-nodal-time-474015-p5-US-CENTRAL1-cfi-logs-bucket-a1aaa547" - }, - "resources": [ - { - "region": "US-CENTRAL1", - "data": { - "details": "", - "metadata": { - "name": "cfi-logs-bucket-a1aaa547", - "id": "cfi-logs-bucket-a1aaa547", - "region": "US-CENTRAL1", - "uniform_bucket_level_access": true, - "public": false, - "project_id": "nodal-time-474015-p5", - "retention_policy": null - } - }, - "group": { - "name": "cloudstorage" - }, - "labels": [], - "name": "cfi-logs-bucket-a1aaa547", - "type": "Bucket", - "uid": "cfi-logs-bucket-a1aaa547" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "US-CENTRAL1" - }, - "remediation": { - "desc": "It is recommended that IAM policy on Cloud Storage bucket does not allows anonymous or public access.", - "references": [ - "https://cloud.google.com/storage/docs/access-control/iam-reference" - ] - }, - "risk_details": "Allowing anonymous or public access grants permissions to anyone to access bucket content. Such access might not be desired if you are storing any sensitive data. Hence, ensure that anonymous or public access to a bucket is not allowed.", - "time": 1760901392, - "time_dt": "2025-10-19T19:16:32.422645", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Bucket cfi-logs-bucket-1fba850e has uniform Bucket Level Access enabled.", - "metadata": { - "event_code": "cloudstorage_bucket_uniform_bucket_level_access", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Bucket cfi-logs-bucket-1fba850e has uniform Bucket Level Access enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "5.2" - ], - "PCI-4.0": [ - "1.2.5.15", - "1.2.8.33", - "1.2.8.34", - "1.2.8.35", - "1.3.1.34", - "1.3.1.37", - "1.3.1.38", - "1.3.1.39", - "1.3.2.34", - "1.3.2.37", - "1.3.2.38", - "1.3.2.39", - "1.4.2.32", - "1.4.2.35", - "1.4.2.36", - "1.4.2.37", - "1.5.1.30", - "1.5.1.33", - "1.5.1.34", - "1.5.1.35", - "10.3.2.11", - "10.3.2.18", - "10.3.2.21", - "10.3.2.23", - "10.3.2.24", - "10.3.2.26", - "10.3.3.23", - "10.3.4.8", - "10.6.3.33", - "10.6.3.35", - "2.2.5.15", - "2.2.7.19", - "3.5.1.3.23", - "3.5.1.3.26", - "3.5.1.3.28", - "3.5.1.3.29", - "3.5.1.30", - "4.2.1.1.27", - "4.2.1.19", - "7.2.1.24", - "7.2.1.25", - "7.2.1.26", - "7.2.1.27", - "7.2.2.24", - "7.2.2.25", - "7.2.2.26", - "7.2.2.27", - "7.2.5.18", - "7.2.5.19", - "7.2.5.20", - "7.2.5.21", - "7.2.6.4", - "7.2.6.5", - "7.3.1.18", - "7.3.1.19", - "7.3.1.20", - "7.3.1.21", - "7.3.2.18", - "7.3.2.19", - "7.3.2.20", - "7.3.2.21", - "7.3.3.18", - "7.3.3.19", - "7.3.3.20", - "7.3.3.21", - "8.2.7.18", - "8.2.7.19", - "8.2.7.20", - "8.2.7.21", - "8.2.8.20", - "8.2.8.21", - "8.2.8.22", - "8.2.8.23", - "8.3.2.48", - "8.3.4.18", - "8.3.4.19", - "8.3.4.20", - "8.3.4.21", - "A1.1.2.14", - "A1.1.2.17", - "A1.1.2.19", - "A1.1.2.20", - "A1.1.3.30", - "A1.1.3.33", - "A1.1.3.34", - "A1.1.3.35", - "A1.2.1.31", - "A3.4.1.16", - "A3.4.1.19", - "A3.4.1.21", - "A3.4.1.22" - ], - "CIS-2.0": [ - "5.2" - ], - "CIS-4.0": [ - "5.2" - ], - "CCC": [ - "CCC.AuditLog.CN04.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.AuditLog.CN10.AR01", - "CCC.AuditLog.CN10.AR02", - "CCC.GenAI.CN03.AR01", - "CCC.GenAI.CN04.AR01", - "CCC.Logging.CN05.AR01", - "CCC.Logging.CN05.AR02", - "CCC.ObjStor.CN02.AR01", - "CCC.ObjStor.CN02.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901392, - "created_time_dt": "2025-10-19T19:16:32.422645", - "desc": "Ensure That Cloud Storage Buckets Have Uniform Bucket-Level Access Enabled", - "title": "Ensure That Cloud Storage Buckets Have Uniform Bucket-Level Access Enabled", - "types": [], - "uid": "prowler-gcp-cloudstorage_bucket_uniform_bucket_level_access-nodal-time-474015-p5-US-CENTRAL1-cfi-logs-bucket-1fba850e" - }, - "resources": [ - { - "region": "US-CENTRAL1", - "data": { - "details": "", - "metadata": { - "name": "cfi-logs-bucket-1fba850e", - "id": "cfi-logs-bucket-1fba850e", - "region": "US-CENTRAL1", - "uniform_bucket_level_access": true, - "public": false, - "project_id": "nodal-time-474015-p5", - "retention_policy": null - } - }, - "group": { - "name": "cloudstorage" - }, - "labels": [], - "name": "cfi-logs-bucket-1fba850e", - "type": "Bucket", - "uid": "cfi-logs-bucket-1fba850e" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "US-CENTRAL1" - }, - "remediation": { - "desc": "It is recommended that uniform bucket-level access is enabled on Cloud Storage buckets.", - "references": [ - "https://cloud.google.com/storage/docs/using-uniform-bucket-level-access" - ] - }, - "risk_details": "Enabling uniform bucket-level access guarantees that if a Storage bucket is not publicly accessible, no object in the bucket is publicly accessible either.", - "time": 1760901392, - "time_dt": "2025-10-19T19:16:32.422645", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Bucket cfi-logs-bucket-7a427af0 has uniform Bucket Level Access enabled.", - "metadata": { - "event_code": "cloudstorage_bucket_uniform_bucket_level_access", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Bucket cfi-logs-bucket-7a427af0 has uniform Bucket Level Access enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "5.2" - ], - "PCI-4.0": [ - "1.2.5.15", - "1.2.8.33", - "1.2.8.34", - "1.2.8.35", - "1.3.1.34", - "1.3.1.37", - "1.3.1.38", - "1.3.1.39", - "1.3.2.34", - "1.3.2.37", - "1.3.2.38", - "1.3.2.39", - "1.4.2.32", - "1.4.2.35", - "1.4.2.36", - "1.4.2.37", - "1.5.1.30", - "1.5.1.33", - "1.5.1.34", - "1.5.1.35", - "10.3.2.11", - "10.3.2.18", - "10.3.2.21", - "10.3.2.23", - "10.3.2.24", - "10.3.2.26", - "10.3.3.23", - "10.3.4.8", - "10.6.3.33", - "10.6.3.35", - "2.2.5.15", - "2.2.7.19", - "3.5.1.3.23", - "3.5.1.3.26", - "3.5.1.3.28", - "3.5.1.3.29", - "3.5.1.30", - "4.2.1.1.27", - "4.2.1.19", - "7.2.1.24", - "7.2.1.25", - "7.2.1.26", - "7.2.1.27", - "7.2.2.24", - "7.2.2.25", - "7.2.2.26", - "7.2.2.27", - "7.2.5.18", - "7.2.5.19", - "7.2.5.20", - "7.2.5.21", - "7.2.6.4", - "7.2.6.5", - "7.3.1.18", - "7.3.1.19", - "7.3.1.20", - "7.3.1.21", - "7.3.2.18", - "7.3.2.19", - "7.3.2.20", - "7.3.2.21", - "7.3.3.18", - "7.3.3.19", - "7.3.3.20", - "7.3.3.21", - "8.2.7.18", - "8.2.7.19", - "8.2.7.20", - "8.2.7.21", - "8.2.8.20", - "8.2.8.21", - "8.2.8.22", - "8.2.8.23", - "8.3.2.48", - "8.3.4.18", - "8.3.4.19", - "8.3.4.20", - "8.3.4.21", - "A1.1.2.14", - "A1.1.2.17", - "A1.1.2.19", - "A1.1.2.20", - "A1.1.3.30", - "A1.1.3.33", - "A1.1.3.34", - "A1.1.3.35", - "A1.2.1.31", - "A3.4.1.16", - "A3.4.1.19", - "A3.4.1.21", - "A3.4.1.22" - ], - "CIS-2.0": [ - "5.2" - ], - "CIS-4.0": [ - "5.2" - ], - "CCC": [ - "CCC.AuditLog.CN04.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.AuditLog.CN10.AR01", - "CCC.AuditLog.CN10.AR02", - "CCC.GenAI.CN03.AR01", - "CCC.GenAI.CN04.AR01", - "CCC.Logging.CN05.AR01", - "CCC.Logging.CN05.AR02", - "CCC.ObjStor.CN02.AR01", - "CCC.ObjStor.CN02.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901392, - "created_time_dt": "2025-10-19T19:16:32.422645", - "desc": "Ensure That Cloud Storage Buckets Have Uniform Bucket-Level Access Enabled", - "title": "Ensure That Cloud Storage Buckets Have Uniform Bucket-Level Access Enabled", - "types": [], - "uid": "prowler-gcp-cloudstorage_bucket_uniform_bucket_level_access-nodal-time-474015-p5-US-CENTRAL1-cfi-logs-bucket-7a427af0" - }, - "resources": [ - { - "region": "US-CENTRAL1", - "data": { - "details": "", - "metadata": { - "name": "cfi-logs-bucket-7a427af0", - "id": "cfi-logs-bucket-7a427af0", - "region": "US-CENTRAL1", - "uniform_bucket_level_access": true, - "public": false, - "project_id": "nodal-time-474015-p5", - "retention_policy": null - } - }, - "group": { - "name": "cloudstorage" - }, - "labels": [], - "name": "cfi-logs-bucket-7a427af0", - "type": "Bucket", - "uid": "cfi-logs-bucket-7a427af0" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "US-CENTRAL1" - }, - "remediation": { - "desc": "It is recommended that uniform bucket-level access is enabled on Cloud Storage buckets.", - "references": [ - "https://cloud.google.com/storage/docs/using-uniform-bucket-level-access" - ] - }, - "risk_details": "Enabling uniform bucket-level access guarantees that if a Storage bucket is not publicly accessible, no object in the bucket is publicly accessible either.", - "time": 1760901392, - "time_dt": "2025-10-19T19:16:32.422645", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Bucket cfi-logs-bucket-a1aaa547 has uniform Bucket Level Access enabled.", - "metadata": { - "event_code": "cloudstorage_bucket_uniform_bucket_level_access", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Bucket cfi-logs-bucket-a1aaa547 has uniform Bucket Level Access enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "5.2" - ], - "PCI-4.0": [ - "1.2.5.15", - "1.2.8.33", - "1.2.8.34", - "1.2.8.35", - "1.3.1.34", - "1.3.1.37", - "1.3.1.38", - "1.3.1.39", - "1.3.2.34", - "1.3.2.37", - "1.3.2.38", - "1.3.2.39", - "1.4.2.32", - "1.4.2.35", - "1.4.2.36", - "1.4.2.37", - "1.5.1.30", - "1.5.1.33", - "1.5.1.34", - "1.5.1.35", - "10.3.2.11", - "10.3.2.18", - "10.3.2.21", - "10.3.2.23", - "10.3.2.24", - "10.3.2.26", - "10.3.3.23", - "10.3.4.8", - "10.6.3.33", - "10.6.3.35", - "2.2.5.15", - "2.2.7.19", - "3.5.1.3.23", - "3.5.1.3.26", - "3.5.1.3.28", - "3.5.1.3.29", - "3.5.1.30", - "4.2.1.1.27", - "4.2.1.19", - "7.2.1.24", - "7.2.1.25", - "7.2.1.26", - "7.2.1.27", - "7.2.2.24", - "7.2.2.25", - "7.2.2.26", - "7.2.2.27", - "7.2.5.18", - "7.2.5.19", - "7.2.5.20", - "7.2.5.21", - "7.2.6.4", - "7.2.6.5", - "7.3.1.18", - "7.3.1.19", - "7.3.1.20", - "7.3.1.21", - "7.3.2.18", - "7.3.2.19", - "7.3.2.20", - "7.3.2.21", - "7.3.3.18", - "7.3.3.19", - "7.3.3.20", - "7.3.3.21", - "8.2.7.18", - "8.2.7.19", - "8.2.7.20", - "8.2.7.21", - "8.2.8.20", - "8.2.8.21", - "8.2.8.22", - "8.2.8.23", - "8.3.2.48", - "8.3.4.18", - "8.3.4.19", - "8.3.4.20", - "8.3.4.21", - "A1.1.2.14", - "A1.1.2.17", - "A1.1.2.19", - "A1.1.2.20", - "A1.1.3.30", - "A1.1.3.33", - "A1.1.3.34", - "A1.1.3.35", - "A1.2.1.31", - "A3.4.1.16", - "A3.4.1.19", - "A3.4.1.21", - "A3.4.1.22" - ], - "CIS-2.0": [ - "5.2" - ], - "CIS-4.0": [ - "5.2" - ], - "CCC": [ - "CCC.AuditLog.CN04.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.AuditLog.CN10.AR01", - "CCC.AuditLog.CN10.AR02", - "CCC.GenAI.CN03.AR01", - "CCC.GenAI.CN04.AR01", - "CCC.Logging.CN05.AR01", - "CCC.Logging.CN05.AR02", - "CCC.ObjStor.CN02.AR01", - "CCC.ObjStor.CN02.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901392, - "created_time_dt": "2025-10-19T19:16:32.422645", - "desc": "Ensure That Cloud Storage Buckets Have Uniform Bucket-Level Access Enabled", - "title": "Ensure That Cloud Storage Buckets Have Uniform Bucket-Level Access Enabled", - "types": [], - "uid": "prowler-gcp-cloudstorage_bucket_uniform_bucket_level_access-nodal-time-474015-p5-US-CENTRAL1-cfi-logs-bucket-a1aaa547" - }, - "resources": [ - { - "region": "US-CENTRAL1", - "data": { - "details": "", - "metadata": { - "name": "cfi-logs-bucket-a1aaa547", - "id": "cfi-logs-bucket-a1aaa547", - "region": "US-CENTRAL1", - "uniform_bucket_level_access": true, - "public": false, - "project_id": "nodal-time-474015-p5", - "retention_policy": null - } - }, - "group": { - "name": "cloudstorage" - }, - "labels": [], - "name": "cfi-logs-bucket-a1aaa547", - "type": "Bucket", - "uid": "cfi-logs-bucket-a1aaa547" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "US-CENTRAL1" - }, - "remediation": { - "desc": "It is recommended that uniform bucket-level access is enabled on Cloud Storage buckets.", - "references": [ - "https://cloud.google.com/storage/docs/using-uniform-bucket-level-access" - ] - }, - "risk_details": "Enabling uniform bucket-level access guarantees that if a Storage bucket is not publicly accessible, no object in the bucket is publicly accessible either.", - "time": 1760901392, - "time_dt": "2025-10-19T19:16:32.422645", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Firewall default-allow-icmp does not expose port 3389 (RDP) to the internet.", - "metadata": { - "event_code": "compute_firewall_rdp_access_from_the_internet_allowed", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "PASS", - "status_detail": "Firewall default-allow-icmp does not expose port 3389 (RDP) to the internet.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.7" - ], - "SOC2": [ - "cc_6_6", - "cc_6_7" - ], - "ISO27001-2022": [ - "A.8.20" - ], - "ENS-RD2022": [ - "mp.com.1.gcp.fw.1" - ], - "PCI-4.0": [ - "1.2.5.17", - "1.2.8.21", - "1.2.8.41", - "1.3.1.24", - "1.3.2.24", - "1.3.2.45", - "1.4.2.19", - "1.4.2.22", - "1.5.1.21", - "1.5.1.40", - "10.3.2.12", - "2.2.5.17", - "3.5.1.3.14", - "A1.1.2.8", - "A1.1.3.16", - "A1.1.3.21", - "A1.1.3.40" - ], - "MITRE-ATTACK": [ - "T1190", - "T1199", - "T1048", - "T1498", - "T1046" - ], - "CIS-2.0": [ - "3.7" - ], - "NIS2": [ - "1.1.1.c", - "1.2.1", - "2.1.2.e", - "2.1.2.g", - "2.2.1", - "2.3.1", - "6.7.2.b", - "6.7.2.i", - "11.1.1", - "12.2.2.c" - ], - "ProwlerThreatScore-1.0": [ - "2.1.5" - ], - "CIS-4.0": [ - "3.7" - ], - "CCC": [ - "CCC.Build.CN03.AR01", - "CCC.DataWar.CN03.AR01", - "CCC.GenAI.CN04.AR01", - "CCC.MLDE.CN03.AR02", - "CCC.MLDE.CN04.AR02", - "CCC.MLDE.CN05.AR02", - "CCC.MLDE.CN07.AR01", - "CCC.MLDE.CN07.AR02", - "CCC.MLDE.CN08.AR01", - "CCC.MLDE.CN08.AR02", - "CCC.SvlsComp.CN01.AR01", - "CCC.Core.CN01.AR03", - "CCC.Core.CN01.AR07", - "CCC.Core.CN03.AR02", - "CCC.Core.CN03.AR04", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901392, - "created_time_dt": "2025-10-19T19:16:32.422645", - "desc": "GCP `Firewall Rules` are specific to a `VPC Network`. Each rule either `allows` or `denies` traffic when its conditions are met. Its conditions allow users to specify the type of traffic, such as ports and protocols, and the source or destination of the traffic, including IP addresses, subnets, and instances. Firewall rules are defined at the VPC network level and are specific to the network in which they are defined. The rules themselves cannot be shared among networks. Firewall rules only support IPv4 traffic. When specifying a source for an ingress rule or a destination for an egress rule by address, an `IPv4` address or `IPv4 block in CIDR` notation can be used. Generic `(0.0.0.0/0)` incoming traffic from the Internet to a VPC or VM instance using `RDP` on `Port 3389` can be avoided.", - "title": "Ensure That RDP Access Is Restricted From the Internet", - "types": [], - "uid": "prowler-gcp-compute_firewall_rdp_access_from_the_internet_allowed-nodal-time-474015-p5-global-default-allow-icmp" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "default-allow-icmp", - "id": "613284056905897095", - "source_ranges": [ - "0.0.0.0/0" - ], - "direction": "INGRESS", - "allowed_rules": [ - { - "IPProtocol": "icmp" - } - ], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default-allow-icmp", - "type": "FirewallRule", - "uid": "613284056905897095" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "Ensure that Google Cloud Virtual Private Cloud (VPC) firewall rules do not allow unrestricted access (i.e. 0.0.0.0/0) on TCP port 3389 in order to restrict Remote Desktop Protocol (RDP) traffic to trusted IP addresses or IP ranges only and reduce the attack surface. TCP port 3389 is used for secure remote GUI login to Windows VM instances by connecting a RDP client application with an RDP server.", - "references": [ - "https://cloud.google.com/vpc/docs/using-firewalls" - ] - }, - "risk_details": "Allowing unrestricted Remote Desktop Protocol (RDP) access can increase opportunities for malicious activities such as hacking, Man-In-The-Middle attacks (MITM) and Pass-The-Hash (PTH) attacks.", - "time": 1760901392, - "time_dt": "2025-10-19T19:16:32.422645", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Firewall default-allow-internal does not expose port 3389 (RDP) to the internet.", - "metadata": { - "event_code": "compute_firewall_rdp_access_from_the_internet_allowed", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "PASS", - "status_detail": "Firewall default-allow-internal does not expose port 3389 (RDP) to the internet.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.7" - ], - "SOC2": [ - "cc_6_6", - "cc_6_7" - ], - "ISO27001-2022": [ - "A.8.20" - ], - "ENS-RD2022": [ - "mp.com.1.gcp.fw.1" - ], - "PCI-4.0": [ - "1.2.5.17", - "1.2.8.21", - "1.2.8.41", - "1.3.1.24", - "1.3.2.24", - "1.3.2.45", - "1.4.2.19", - "1.4.2.22", - "1.5.1.21", - "1.5.1.40", - "10.3.2.12", - "2.2.5.17", - "3.5.1.3.14", - "A1.1.2.8", - "A1.1.3.16", - "A1.1.3.21", - "A1.1.3.40" - ], - "MITRE-ATTACK": [ - "T1190", - "T1199", - "T1048", - "T1498", - "T1046" - ], - "CIS-2.0": [ - "3.7" - ], - "NIS2": [ - "1.1.1.c", - "1.2.1", - "2.1.2.e", - "2.1.2.g", - "2.2.1", - "2.3.1", - "6.7.2.b", - "6.7.2.i", - "11.1.1", - "12.2.2.c" - ], - "ProwlerThreatScore-1.0": [ - "2.1.5" - ], - "CIS-4.0": [ - "3.7" - ], - "CCC": [ - "CCC.Build.CN03.AR01", - "CCC.DataWar.CN03.AR01", - "CCC.GenAI.CN04.AR01", - "CCC.MLDE.CN03.AR02", - "CCC.MLDE.CN04.AR02", - "CCC.MLDE.CN05.AR02", - "CCC.MLDE.CN07.AR01", - "CCC.MLDE.CN07.AR02", - "CCC.MLDE.CN08.AR01", - "CCC.MLDE.CN08.AR02", - "CCC.SvlsComp.CN01.AR01", - "CCC.Core.CN01.AR03", - "CCC.Core.CN01.AR07", - "CCC.Core.CN03.AR02", - "CCC.Core.CN03.AR04", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901392, - "created_time_dt": "2025-10-19T19:16:32.422645", - "desc": "GCP `Firewall Rules` are specific to a `VPC Network`. Each rule either `allows` or `denies` traffic when its conditions are met. Its conditions allow users to specify the type of traffic, such as ports and protocols, and the source or destination of the traffic, including IP addresses, subnets, and instances. Firewall rules are defined at the VPC network level and are specific to the network in which they are defined. The rules themselves cannot be shared among networks. Firewall rules only support IPv4 traffic. When specifying a source for an ingress rule or a destination for an egress rule by address, an `IPv4` address or `IPv4 block in CIDR` notation can be used. Generic `(0.0.0.0/0)` incoming traffic from the Internet to a VPC or VM instance using `RDP` on `Port 3389` can be avoided.", - "title": "Ensure That RDP Access Is Restricted From the Internet", - "types": [], - "uid": "prowler-gcp-compute_firewall_rdp_access_from_the_internet_allowed-nodal-time-474015-p5-global-default-allow-internal" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "default-allow-internal", - "id": "7344732286417982599", - "source_ranges": [ - "10.128.0.0/9" - ], - "direction": "INGRESS", - "allowed_rules": [ - { - "IPProtocol": "tcp", - "ports": [ - "0-65535" - ] - }, - { - "IPProtocol": "udp", - "ports": [ - "0-65535" - ] - }, - { - "IPProtocol": "icmp" - } - ], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default-allow-internal", - "type": "FirewallRule", - "uid": "7344732286417982599" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "Ensure that Google Cloud Virtual Private Cloud (VPC) firewall rules do not allow unrestricted access (i.e. 0.0.0.0/0) on TCP port 3389 in order to restrict Remote Desktop Protocol (RDP) traffic to trusted IP addresses or IP ranges only and reduce the attack surface. TCP port 3389 is used for secure remote GUI login to Windows VM instances by connecting a RDP client application with an RDP server.", - "references": [ - "https://cloud.google.com/vpc/docs/using-firewalls" - ] - }, - "risk_details": "Allowing unrestricted Remote Desktop Protocol (RDP) access can increase opportunities for malicious activities such as hacking, Man-In-The-Middle attacks (MITM) and Pass-The-Hash (PTH) attacks.", - "time": 1760901392, - "time_dt": "2025-10-19T19:16:32.422645", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Firewall default-allow-rdp does exposes port 3389 (RDP) to the internet.", - "metadata": { - "event_code": "compute_firewall_rdp_access_from_the_internet_allowed", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "FAIL", - "status_detail": "Firewall default-allow-rdp does exposes port 3389 (RDP) to the internet.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.7" - ], - "SOC2": [ - "cc_6_6", - "cc_6_7" - ], - "ISO27001-2022": [ - "A.8.20" - ], - "ENS-RD2022": [ - "mp.com.1.gcp.fw.1" - ], - "PCI-4.0": [ - "1.2.5.17", - "1.2.8.21", - "1.2.8.41", - "1.3.1.24", - "1.3.2.24", - "1.3.2.45", - "1.4.2.19", - "1.4.2.22", - "1.5.1.21", - "1.5.1.40", - "10.3.2.12", - "2.2.5.17", - "3.5.1.3.14", - "A1.1.2.8", - "A1.1.3.16", - "A1.1.3.21", - "A1.1.3.40" - ], - "MITRE-ATTACK": [ - "T1190", - "T1199", - "T1048", - "T1498", - "T1046" - ], - "CIS-2.0": [ - "3.7" - ], - "NIS2": [ - "1.1.1.c", - "1.2.1", - "2.1.2.e", - "2.1.2.g", - "2.2.1", - "2.3.1", - "6.7.2.b", - "6.7.2.i", - "11.1.1", - "12.2.2.c" - ], - "ProwlerThreatScore-1.0": [ - "2.1.5" - ], - "CIS-4.0": [ - "3.7" - ], - "CCC": [ - "CCC.Build.CN03.AR01", - "CCC.DataWar.CN03.AR01", - "CCC.GenAI.CN04.AR01", - "CCC.MLDE.CN03.AR02", - "CCC.MLDE.CN04.AR02", - "CCC.MLDE.CN05.AR02", - "CCC.MLDE.CN07.AR01", - "CCC.MLDE.CN07.AR02", - "CCC.MLDE.CN08.AR01", - "CCC.MLDE.CN08.AR02", - "CCC.SvlsComp.CN01.AR01", - "CCC.Core.CN01.AR03", - "CCC.Core.CN01.AR07", - "CCC.Core.CN03.AR02", - "CCC.Core.CN03.AR04", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901392, - "created_time_dt": "2025-10-19T19:16:32.422645", - "desc": "GCP `Firewall Rules` are specific to a `VPC Network`. Each rule either `allows` or `denies` traffic when its conditions are met. Its conditions allow users to specify the type of traffic, such as ports and protocols, and the source or destination of the traffic, including IP addresses, subnets, and instances. Firewall rules are defined at the VPC network level and are specific to the network in which they are defined. The rules themselves cannot be shared among networks. Firewall rules only support IPv4 traffic. When specifying a source for an ingress rule or a destination for an egress rule by address, an `IPv4` address or `IPv4 block in CIDR` notation can be used. Generic `(0.0.0.0/0)` incoming traffic from the Internet to a VPC or VM instance using `RDP` on `Port 3389` can be avoided.", - "title": "Ensure That RDP Access Is Restricted From the Internet", - "types": [], - "uid": "prowler-gcp-compute_firewall_rdp_access_from_the_internet_allowed-nodal-time-474015-p5-global-default-allow-rdp" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "default-allow-rdp", - "id": "438688946219209863", - "source_ranges": [ - "0.0.0.0/0" - ], - "direction": "INGRESS", - "allowed_rules": [ - { - "IPProtocol": "tcp", - "ports": [ - "3389" - ] - } - ], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default-allow-rdp", - "type": "FirewallRule", - "uid": "438688946219209863" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "Ensure that Google Cloud Virtual Private Cloud (VPC) firewall rules do not allow unrestricted access (i.e. 0.0.0.0/0) on TCP port 3389 in order to restrict Remote Desktop Protocol (RDP) traffic to trusted IP addresses or IP ranges only and reduce the attack surface. TCP port 3389 is used for secure remote GUI login to Windows VM instances by connecting a RDP client application with an RDP server.", - "references": [ - "https://cloud.google.com/vpc/docs/using-firewalls" - ] - }, - "risk_details": "Allowing unrestricted Remote Desktop Protocol (RDP) access can increase opportunities for malicious activities such as hacking, Man-In-The-Middle attacks (MITM) and Pass-The-Hash (PTH) attacks.", - "time": 1760901392, - "time_dt": "2025-10-19T19:16:32.422645", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Firewall default-allow-ssh does not expose port 3389 (RDP) to the internet.", - "metadata": { - "event_code": "compute_firewall_rdp_access_from_the_internet_allowed", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "PASS", - "status_detail": "Firewall default-allow-ssh does not expose port 3389 (RDP) to the internet.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.7" - ], - "SOC2": [ - "cc_6_6", - "cc_6_7" - ], - "ISO27001-2022": [ - "A.8.20" - ], - "ENS-RD2022": [ - "mp.com.1.gcp.fw.1" - ], - "PCI-4.0": [ - "1.2.5.17", - "1.2.8.21", - "1.2.8.41", - "1.3.1.24", - "1.3.2.24", - "1.3.2.45", - "1.4.2.19", - "1.4.2.22", - "1.5.1.21", - "1.5.1.40", - "10.3.2.12", - "2.2.5.17", - "3.5.1.3.14", - "A1.1.2.8", - "A1.1.3.16", - "A1.1.3.21", - "A1.1.3.40" - ], - "MITRE-ATTACK": [ - "T1190", - "T1199", - "T1048", - "T1498", - "T1046" - ], - "CIS-2.0": [ - "3.7" - ], - "NIS2": [ - "1.1.1.c", - "1.2.1", - "2.1.2.e", - "2.1.2.g", - "2.2.1", - "2.3.1", - "6.7.2.b", - "6.7.2.i", - "11.1.1", - "12.2.2.c" - ], - "ProwlerThreatScore-1.0": [ - "2.1.5" - ], - "CIS-4.0": [ - "3.7" - ], - "CCC": [ - "CCC.Build.CN03.AR01", - "CCC.DataWar.CN03.AR01", - "CCC.GenAI.CN04.AR01", - "CCC.MLDE.CN03.AR02", - "CCC.MLDE.CN04.AR02", - "CCC.MLDE.CN05.AR02", - "CCC.MLDE.CN07.AR01", - "CCC.MLDE.CN07.AR02", - "CCC.MLDE.CN08.AR01", - "CCC.MLDE.CN08.AR02", - "CCC.SvlsComp.CN01.AR01", - "CCC.Core.CN01.AR03", - "CCC.Core.CN01.AR07", - "CCC.Core.CN03.AR02", - "CCC.Core.CN03.AR04", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901392, - "created_time_dt": "2025-10-19T19:16:32.422645", - "desc": "GCP `Firewall Rules` are specific to a `VPC Network`. Each rule either `allows` or `denies` traffic when its conditions are met. Its conditions allow users to specify the type of traffic, such as ports and protocols, and the source or destination of the traffic, including IP addresses, subnets, and instances. Firewall rules are defined at the VPC network level and are specific to the network in which they are defined. The rules themselves cannot be shared among networks. Firewall rules only support IPv4 traffic. When specifying a source for an ingress rule or a destination for an egress rule by address, an `IPv4` address or `IPv4 block in CIDR` notation can be used. Generic `(0.0.0.0/0)` incoming traffic from the Internet to a VPC or VM instance using `RDP` on `Port 3389` can be avoided.", - "title": "Ensure That RDP Access Is Restricted From the Internet", - "types": [], - "uid": "prowler-gcp-compute_firewall_rdp_access_from_the_internet_allowed-nodal-time-474015-p5-global-default-allow-ssh" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "default-allow-ssh", - "id": "4612266095473677447", - "source_ranges": [ - "0.0.0.0/0" - ], - "direction": "INGRESS", - "allowed_rules": [ - { - "IPProtocol": "tcp", - "ports": [ - "22" - ] - } - ], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default-allow-ssh", - "type": "FirewallRule", - "uid": "4612266095473677447" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "Ensure that Google Cloud Virtual Private Cloud (VPC) firewall rules do not allow unrestricted access (i.e. 0.0.0.0/0) on TCP port 3389 in order to restrict Remote Desktop Protocol (RDP) traffic to trusted IP addresses or IP ranges only and reduce the attack surface. TCP port 3389 is used for secure remote GUI login to Windows VM instances by connecting a RDP client application with an RDP server.", - "references": [ - "https://cloud.google.com/vpc/docs/using-firewalls" - ] - }, - "risk_details": "Allowing unrestricted Remote Desktop Protocol (RDP) access can increase opportunities for malicious activities such as hacking, Man-In-The-Middle attacks (MITM) and Pass-The-Hash (PTH) attacks.", - "time": 1760901392, - "time_dt": "2025-10-19T19:16:32.422645", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Firewall default-allow-icmp does not expose port 22 (SSH) to the internet.", - "metadata": { - "event_code": "compute_firewall_ssh_access_from_the_internet_allowed", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "PASS", - "status_detail": "Firewall default-allow-icmp does not expose port 22 (SSH) to the internet.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.6" - ], - "SOC2": [ - "cc_6_6", - "cc_6_7" - ], - "ISO27001-2022": [ - "A.8.20" - ], - "ENS-RD2022": [ - "mp.com.1.gcp.fw.2" - ], - "PCI-4.0": [ - "1.2.5.17", - "1.2.8.16", - "1.2.8.17", - "1.2.8.21", - "1.2.8.25", - "1.2.8.40", - "1.2.8.41", - "1.3.1.18", - "1.3.1.19", - "1.3.1.24", - "1.3.2.15", - "1.3.2.18", - "1.3.2.19", - "1.3.2.24", - "1.3.2.45", - "1.4.2.17", - "1.4.2.18", - "1.4.2.19", - "1.4.2.22", - "1.4.2.24", - "1.5.1.16", - "1.5.1.17", - "1.5.1.21", - "1.5.1.40", - "10.3.2.12", - "2.2.5.17", - "3.5.1.3.14", - "A1.1.2.8", - "A1.1.3.16", - "A1.1.3.17", - "A1.1.3.21", - "A1.1.3.23", - "A1.1.3.40", - "A3.4.1.8" - ], - "MITRE-ATTACK": [ - "T1190", - "T1199", - "T1048", - "T1498", - "T1046" - ], - "CIS-2.0": [ - "3.6" - ], - "NIS2": [ - "1.1.1.c", - "1.2.1", - "2.1.2.e", - "2.1.2.g", - "2.2.1", - "2.3.1", - "6.7.2.b", - "6.7.2.i", - "11.1.1", - "11.6.2.a", - "11.7.2", - "12.2.2.c" - ], - "ProwlerThreatScore-1.0": [ - "2.1.4" - ], - "CIS-4.0": [ - "3.6" - ], - "CCC": [ - "CCC.Build.CN03.AR01", - "CCC.DataWar.CN03.AR01", - "CCC.GenAI.CN04.AR01", - "CCC.MLDE.CN03.AR01", - "CCC.MLDE.CN03.AR02", - "CCC.MLDE.CN04.AR02", - "CCC.MLDE.CN05.AR02", - "CCC.MLDE.CN07.AR01", - "CCC.MLDE.CN07.AR02", - "CCC.MLDE.CN08.AR01", - "CCC.MLDE.CN08.AR02", - "CCC.SvlsComp.CN01.AR01", - "CCC.Core.CN01.AR02", - "CCC.Core.CN01.AR03", - "CCC.Core.CN01.AR07", - "CCC.Core.CN03.AR02", - "CCC.Core.CN03.AR04", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901392, - "created_time_dt": "2025-10-19T19:16:32.422645", - "desc": "GCP `Firewall Rules` are specific to a `VPC Network`. Each rule either `allows` or `denies` traffic when its conditions are met. Its conditions allow the user to specify the type of traffic, such as ports and protocols, and the source or destination of the traffic, including IP addresses, subnets, and instances. Firewall rules are defined at the VPC network level and are specific to the network in which they are defined. The rules themselves cannot be shared among networks. Firewall rules only support IPv4 traffic. When specifying a source for an ingress rule or a destination for an egress rule by address, only an `IPv4` address or `IPv4 block in CIDR` notation can be used. Generic `(0.0.0.0/0)` incoming traffic from the internet to VPC or VM instance using `SSH` on `Port 22` can be avoided.", - "title": "Ensure That SSH Access Is Restricted From the Internet", - "types": [], - "uid": "prowler-gcp-compute_firewall_ssh_access_from_the_internet_allowed-nodal-time-474015-p5-global-default-allow-icmp" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "default-allow-icmp", - "id": "613284056905897095", - "source_ranges": [ - "0.0.0.0/0" - ], - "direction": "INGRESS", - "allowed_rules": [ - { - "IPProtocol": "icmp" - } - ], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default-allow-icmp", - "type": "FirewallRule", - "uid": "613284056905897095" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "Check your Google Cloud Virtual Private Cloud (VPC) firewall rules for inbound rules that allow unrestricted access (i.e. 0.0.0.0/0) on TCP port 22 and restrict the access to trusted IP addresses or IP ranges only in order to implement the principle of least privilege and reduce the attack surface. TCP port 22 is used for secure remote login by connecting an SSH client application with an SSH server. It is strongly recommended to configure your Google Cloud VPC firewall rules to limit inbound traffic on TCP port 22 to known IP addresses only.", - "references": [ - "https://cloud.google.com/vpc/docs/using-firewalls" - ] - }, - "risk_details": "Exposing Secure Shell (SSH) port 22 to the Internet can increase opportunities for malicious activities such as hacking, Man-In-The-Middle attacks (MITM) and brute-force attacks.", - "time": 1760901392, - "time_dt": "2025-10-19T19:16:32.422645", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Firewall default-allow-internal does not expose port 22 (SSH) to the internet.", - "metadata": { - "event_code": "compute_firewall_ssh_access_from_the_internet_allowed", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "PASS", - "status_detail": "Firewall default-allow-internal does not expose port 22 (SSH) to the internet.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.6" - ], - "SOC2": [ - "cc_6_6", - "cc_6_7" - ], - "ISO27001-2022": [ - "A.8.20" - ], - "ENS-RD2022": [ - "mp.com.1.gcp.fw.2" - ], - "PCI-4.0": [ - "1.2.5.17", - "1.2.8.16", - "1.2.8.17", - "1.2.8.21", - "1.2.8.25", - "1.2.8.40", - "1.2.8.41", - "1.3.1.18", - "1.3.1.19", - "1.3.1.24", - "1.3.2.15", - "1.3.2.18", - "1.3.2.19", - "1.3.2.24", - "1.3.2.45", - "1.4.2.17", - "1.4.2.18", - "1.4.2.19", - "1.4.2.22", - "1.4.2.24", - "1.5.1.16", - "1.5.1.17", - "1.5.1.21", - "1.5.1.40", - "10.3.2.12", - "2.2.5.17", - "3.5.1.3.14", - "A1.1.2.8", - "A1.1.3.16", - "A1.1.3.17", - "A1.1.3.21", - "A1.1.3.23", - "A1.1.3.40", - "A3.4.1.8" - ], - "MITRE-ATTACK": [ - "T1190", - "T1199", - "T1048", - "T1498", - "T1046" - ], - "CIS-2.0": [ - "3.6" - ], - "NIS2": [ - "1.1.1.c", - "1.2.1", - "2.1.2.e", - "2.1.2.g", - "2.2.1", - "2.3.1", - "6.7.2.b", - "6.7.2.i", - "11.1.1", - "11.6.2.a", - "11.7.2", - "12.2.2.c" - ], - "ProwlerThreatScore-1.0": [ - "2.1.4" - ], - "CIS-4.0": [ - "3.6" - ], - "CCC": [ - "CCC.Build.CN03.AR01", - "CCC.DataWar.CN03.AR01", - "CCC.GenAI.CN04.AR01", - "CCC.MLDE.CN03.AR01", - "CCC.MLDE.CN03.AR02", - "CCC.MLDE.CN04.AR02", - "CCC.MLDE.CN05.AR02", - "CCC.MLDE.CN07.AR01", - "CCC.MLDE.CN07.AR02", - "CCC.MLDE.CN08.AR01", - "CCC.MLDE.CN08.AR02", - "CCC.SvlsComp.CN01.AR01", - "CCC.Core.CN01.AR02", - "CCC.Core.CN01.AR03", - "CCC.Core.CN01.AR07", - "CCC.Core.CN03.AR02", - "CCC.Core.CN03.AR04", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901392, - "created_time_dt": "2025-10-19T19:16:32.422645", - "desc": "GCP `Firewall Rules` are specific to a `VPC Network`. Each rule either `allows` or `denies` traffic when its conditions are met. Its conditions allow the user to specify the type of traffic, such as ports and protocols, and the source or destination of the traffic, including IP addresses, subnets, and instances. Firewall rules are defined at the VPC network level and are specific to the network in which they are defined. The rules themselves cannot be shared among networks. Firewall rules only support IPv4 traffic. When specifying a source for an ingress rule or a destination for an egress rule by address, only an `IPv4` address or `IPv4 block in CIDR` notation can be used. Generic `(0.0.0.0/0)` incoming traffic from the internet to VPC or VM instance using `SSH` on `Port 22` can be avoided.", - "title": "Ensure That SSH Access Is Restricted From the Internet", - "types": [], - "uid": "prowler-gcp-compute_firewall_ssh_access_from_the_internet_allowed-nodal-time-474015-p5-global-default-allow-internal" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "default-allow-internal", - "id": "7344732286417982599", - "source_ranges": [ - "10.128.0.0/9" - ], - "direction": "INGRESS", - "allowed_rules": [ - { - "IPProtocol": "tcp", - "ports": [ - "0-65535" - ] - }, - { - "IPProtocol": "udp", - "ports": [ - "0-65535" - ] - }, - { - "IPProtocol": "icmp" - } - ], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default-allow-internal", - "type": "FirewallRule", - "uid": "7344732286417982599" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "Check your Google Cloud Virtual Private Cloud (VPC) firewall rules for inbound rules that allow unrestricted access (i.e. 0.0.0.0/0) on TCP port 22 and restrict the access to trusted IP addresses or IP ranges only in order to implement the principle of least privilege and reduce the attack surface. TCP port 22 is used for secure remote login by connecting an SSH client application with an SSH server. It is strongly recommended to configure your Google Cloud VPC firewall rules to limit inbound traffic on TCP port 22 to known IP addresses only.", - "references": [ - "https://cloud.google.com/vpc/docs/using-firewalls" - ] - }, - "risk_details": "Exposing Secure Shell (SSH) port 22 to the Internet can increase opportunities for malicious activities such as hacking, Man-In-The-Middle attacks (MITM) and brute-force attacks.", - "time": 1760901392, - "time_dt": "2025-10-19T19:16:32.422645", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Firewall default-allow-rdp does not expose port 22 (SSH) to the internet.", - "metadata": { - "event_code": "compute_firewall_ssh_access_from_the_internet_allowed", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "PASS", - "status_detail": "Firewall default-allow-rdp does not expose port 22 (SSH) to the internet.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.6" - ], - "SOC2": [ - "cc_6_6", - "cc_6_7" - ], - "ISO27001-2022": [ - "A.8.20" - ], - "ENS-RD2022": [ - "mp.com.1.gcp.fw.2" - ], - "PCI-4.0": [ - "1.2.5.17", - "1.2.8.16", - "1.2.8.17", - "1.2.8.21", - "1.2.8.25", - "1.2.8.40", - "1.2.8.41", - "1.3.1.18", - "1.3.1.19", - "1.3.1.24", - "1.3.2.15", - "1.3.2.18", - "1.3.2.19", - "1.3.2.24", - "1.3.2.45", - "1.4.2.17", - "1.4.2.18", - "1.4.2.19", - "1.4.2.22", - "1.4.2.24", - "1.5.1.16", - "1.5.1.17", - "1.5.1.21", - "1.5.1.40", - "10.3.2.12", - "2.2.5.17", - "3.5.1.3.14", - "A1.1.2.8", - "A1.1.3.16", - "A1.1.3.17", - "A1.1.3.21", - "A1.1.3.23", - "A1.1.3.40", - "A3.4.1.8" - ], - "MITRE-ATTACK": [ - "T1190", - "T1199", - "T1048", - "T1498", - "T1046" - ], - "CIS-2.0": [ - "3.6" - ], - "NIS2": [ - "1.1.1.c", - "1.2.1", - "2.1.2.e", - "2.1.2.g", - "2.2.1", - "2.3.1", - "6.7.2.b", - "6.7.2.i", - "11.1.1", - "11.6.2.a", - "11.7.2", - "12.2.2.c" - ], - "ProwlerThreatScore-1.0": [ - "2.1.4" - ], - "CIS-4.0": [ - "3.6" - ], - "CCC": [ - "CCC.Build.CN03.AR01", - "CCC.DataWar.CN03.AR01", - "CCC.GenAI.CN04.AR01", - "CCC.MLDE.CN03.AR01", - "CCC.MLDE.CN03.AR02", - "CCC.MLDE.CN04.AR02", - "CCC.MLDE.CN05.AR02", - "CCC.MLDE.CN07.AR01", - "CCC.MLDE.CN07.AR02", - "CCC.MLDE.CN08.AR01", - "CCC.MLDE.CN08.AR02", - "CCC.SvlsComp.CN01.AR01", - "CCC.Core.CN01.AR02", - "CCC.Core.CN01.AR03", - "CCC.Core.CN01.AR07", - "CCC.Core.CN03.AR02", - "CCC.Core.CN03.AR04", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901392, - "created_time_dt": "2025-10-19T19:16:32.422645", - "desc": "GCP `Firewall Rules` are specific to a `VPC Network`. Each rule either `allows` or `denies` traffic when its conditions are met. Its conditions allow the user to specify the type of traffic, such as ports and protocols, and the source or destination of the traffic, including IP addresses, subnets, and instances. Firewall rules are defined at the VPC network level and are specific to the network in which they are defined. The rules themselves cannot be shared among networks. Firewall rules only support IPv4 traffic. When specifying a source for an ingress rule or a destination for an egress rule by address, only an `IPv4` address or `IPv4 block in CIDR` notation can be used. Generic `(0.0.0.0/0)` incoming traffic from the internet to VPC or VM instance using `SSH` on `Port 22` can be avoided.", - "title": "Ensure That SSH Access Is Restricted From the Internet", - "types": [], - "uid": "prowler-gcp-compute_firewall_ssh_access_from_the_internet_allowed-nodal-time-474015-p5-global-default-allow-rdp" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "default-allow-rdp", - "id": "438688946219209863", - "source_ranges": [ - "0.0.0.0/0" - ], - "direction": "INGRESS", - "allowed_rules": [ - { - "IPProtocol": "tcp", - "ports": [ - "3389" - ] - } - ], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default-allow-rdp", - "type": "FirewallRule", - "uid": "438688946219209863" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "Check your Google Cloud Virtual Private Cloud (VPC) firewall rules for inbound rules that allow unrestricted access (i.e. 0.0.0.0/0) on TCP port 22 and restrict the access to trusted IP addresses or IP ranges only in order to implement the principle of least privilege and reduce the attack surface. TCP port 22 is used for secure remote login by connecting an SSH client application with an SSH server. It is strongly recommended to configure your Google Cloud VPC firewall rules to limit inbound traffic on TCP port 22 to known IP addresses only.", - "references": [ - "https://cloud.google.com/vpc/docs/using-firewalls" - ] - }, - "risk_details": "Exposing Secure Shell (SSH) port 22 to the Internet can increase opportunities for malicious activities such as hacking, Man-In-The-Middle attacks (MITM) and brute-force attacks.", - "time": 1760901392, - "time_dt": "2025-10-19T19:16:32.422645", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Firewall default-allow-ssh does exposes port 22 (SSH) to the internet.", - "metadata": { - "event_code": "compute_firewall_ssh_access_from_the_internet_allowed", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "FAIL", - "status_detail": "Firewall default-allow-ssh does exposes port 22 (SSH) to the internet.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.6" - ], - "SOC2": [ - "cc_6_6", - "cc_6_7" - ], - "ISO27001-2022": [ - "A.8.20" - ], - "ENS-RD2022": [ - "mp.com.1.gcp.fw.2" - ], - "PCI-4.0": [ - "1.2.5.17", - "1.2.8.16", - "1.2.8.17", - "1.2.8.21", - "1.2.8.25", - "1.2.8.40", - "1.2.8.41", - "1.3.1.18", - "1.3.1.19", - "1.3.1.24", - "1.3.2.15", - "1.3.2.18", - "1.3.2.19", - "1.3.2.24", - "1.3.2.45", - "1.4.2.17", - "1.4.2.18", - "1.4.2.19", - "1.4.2.22", - "1.4.2.24", - "1.5.1.16", - "1.5.1.17", - "1.5.1.21", - "1.5.1.40", - "10.3.2.12", - "2.2.5.17", - "3.5.1.3.14", - "A1.1.2.8", - "A1.1.3.16", - "A1.1.3.17", - "A1.1.3.21", - "A1.1.3.23", - "A1.1.3.40", - "A3.4.1.8" - ], - "MITRE-ATTACK": [ - "T1190", - "T1199", - "T1048", - "T1498", - "T1046" - ], - "CIS-2.0": [ - "3.6" - ], - "NIS2": [ - "1.1.1.c", - "1.2.1", - "2.1.2.e", - "2.1.2.g", - "2.2.1", - "2.3.1", - "6.7.2.b", - "6.7.2.i", - "11.1.1", - "11.6.2.a", - "11.7.2", - "12.2.2.c" - ], - "ProwlerThreatScore-1.0": [ - "2.1.4" - ], - "CIS-4.0": [ - "3.6" - ], - "CCC": [ - "CCC.Build.CN03.AR01", - "CCC.DataWar.CN03.AR01", - "CCC.GenAI.CN04.AR01", - "CCC.MLDE.CN03.AR01", - "CCC.MLDE.CN03.AR02", - "CCC.MLDE.CN04.AR02", - "CCC.MLDE.CN05.AR02", - "CCC.MLDE.CN07.AR01", - "CCC.MLDE.CN07.AR02", - "CCC.MLDE.CN08.AR01", - "CCC.MLDE.CN08.AR02", - "CCC.SvlsComp.CN01.AR01", - "CCC.Core.CN01.AR02", - "CCC.Core.CN01.AR03", - "CCC.Core.CN01.AR07", - "CCC.Core.CN03.AR02", - "CCC.Core.CN03.AR04", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901392, - "created_time_dt": "2025-10-19T19:16:32.422645", - "desc": "GCP `Firewall Rules` are specific to a `VPC Network`. Each rule either `allows` or `denies` traffic when its conditions are met. Its conditions allow the user to specify the type of traffic, such as ports and protocols, and the source or destination of the traffic, including IP addresses, subnets, and instances. Firewall rules are defined at the VPC network level and are specific to the network in which they are defined. The rules themselves cannot be shared among networks. Firewall rules only support IPv4 traffic. When specifying a source for an ingress rule or a destination for an egress rule by address, only an `IPv4` address or `IPv4 block in CIDR` notation can be used. Generic `(0.0.0.0/0)` incoming traffic from the internet to VPC or VM instance using `SSH` on `Port 22` can be avoided.", - "title": "Ensure That SSH Access Is Restricted From the Internet", - "types": [], - "uid": "prowler-gcp-compute_firewall_ssh_access_from_the_internet_allowed-nodal-time-474015-p5-global-default-allow-ssh" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "default-allow-ssh", - "id": "4612266095473677447", - "source_ranges": [ - "0.0.0.0/0" - ], - "direction": "INGRESS", - "allowed_rules": [ - { - "IPProtocol": "tcp", - "ports": [ - "22" - ] - } - ], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default-allow-ssh", - "type": "FirewallRule", - "uid": "4612266095473677447" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "Check your Google Cloud Virtual Private Cloud (VPC) firewall rules for inbound rules that allow unrestricted access (i.e. 0.0.0.0/0) on TCP port 22 and restrict the access to trusted IP addresses or IP ranges only in order to implement the principle of least privilege and reduce the attack surface. TCP port 22 is used for secure remote login by connecting an SSH client application with an SSH server. It is strongly recommended to configure your Google Cloud VPC firewall rules to limit inbound traffic on TCP port 22 to known IP addresses only.", - "references": [ - "https://cloud.google.com/vpc/docs/using-firewalls" - ] - }, - "risk_details": "Exposing Secure Shell (SSH) port 22 to the Internet can increase opportunities for malicious activities such as hacking, Man-In-The-Middle attacks (MITM) and brute-force attacks.", - "time": 1760901392, - "time_dt": "2025-10-19T19:16:32.422645", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Default network is in use in project nodal-time-474015-p5.", - "metadata": { - "event_code": "compute_network_default_in_use", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Default network is in use in project nodal-time-474015-p5.", - "status_id": 1, - "unmapped": { - "related_url": "https://www.trendmicro.com/cloudoneconformity/knowledge-base/gcp/CloudVPC/default-vpc-in-use.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.1" - ], - "ISO27001-2022": [ - "A.8.20" - ], - "ENS-RD2022": [ - "mp.com.3.r1.gcp.net.1", - "mp.com.4.gcp.vpc.1", - "mp.com.4.r1.gcp.net.1" - ], - "PCI-4.0": [ - "1.4.2.19" - ], - "MITRE-ATTACK": [ - "T1046" - ], - "CIS-2.0": [ - "3.1" - ], - "NIS2": [ - "1.1.1.c", - "1.2.1", - "2.1.2.e", - "2.1.2.g", - "2.2.1", - "2.3.1", - "5.1.2.a", - "6.2.1" - ], - "ProwlerThreatScore-1.0": [ - "2.1.1" - ], - "CIS-4.0": [ - "3.1" - ], - "CCC": [ - "CCC.MLDE.CN08.AR01", - "CCC.MLDE.CN08.AR02", - "CCC.VPC.CN01.AR01" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901392, - "created_time_dt": "2025-10-19T19:16:32.422645", - "desc": "Ensure that the default network does not exist", - "title": "Ensure that the default network does not exist", - "types": [], - "uid": "prowler-gcp-compute_network_default_in_use-nodal-time-474015-p5-global-default" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "1894544973933139113", - "subnet_mode": "auto", - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Network", - "uid": "default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "When an organization deletes the default network, it may need to migrate or service onto a new network.", - "references": [ - "https://cloud.google.com/vpc/docs/using-vpc" - ] - }, - "risk_details": "The default network has a preconfigured network configuration and automatically generates insecure firewall rules.", - "time": 1760901392, - "time_dt": "2025-10-19T19:16:32.422645", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Network default does not have DNS logging enabled.", - "metadata": { - "event_code": "compute_network_dns_logging_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Network default does not have DNS logging enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_6_6", - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.8.gcp.nt.1", - "mp.com.2.r2.gcp.scc.1", - "mp.com.3.r3.gcp.scc.1" - ], - "PCI-4.0": [ - "1.3.2.44", - "1.4.1.9", - "1.4.2.42", - "1.4.4.9", - "10.2.1.1.6", - "10.2.1.1.29", - "10.2.1.2.6", - "10.2.1.2.12", - "10.2.1.2.21", - "10.2.1.2.26", - "10.2.1.3.6", - "10.2.1.3.21", - "10.2.1.3.26", - "10.2.1.4.6", - "10.2.1.4.21", - "10.2.1.4.26", - "10.2.1.5.6", - "10.2.1.5.26", - "10.2.1.6.6", - "10.2.1.6.21", - "10.2.1.6.26", - "10.2.1.7.6", - "10.2.1.7.12", - "10.2.1.7.26", - "10.2.1.6", - "10.2.1.26", - "10.2.2.6", - "10.2.2.21", - "10.2.2.26", - "10.3.1.6", - "10.3.1.12", - "10.3.1.26", - "10.5.1.9", - "10.6.3.6", - "10.6.3.14", - "10.6.3.26", - "10.6.3.32", - "5.3.4.6", - "5.3.4.24", - "5.3.4.31", - "A1.2.1.6", - "A1.2.1.25", - "A1.2.1.30" - ], - "MITRE-ATTACK": [ - "T1046" - ], - "CIS-2.0": [ - "2.12" - ], - "NIS2": [ - "1.1.1.c", - "1.2.1", - "2.1.2.e", - "2.1.2.g", - "2.1.2.h", - "2.2.1", - "2.3.1", - "3.2.1", - "3.2.3.a", - "3.2.3.d", - "3.6.2", - "6.2.1", - "6.7.2.i", - "6.7.2.l", - "7.2.b", - "9.2.a", - "11.1.1", - "11.5.2.d", - "12.2.2.c" - ], - "CCC": [ - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901392, - "created_time_dt": "2025-10-19T19:16:32.422645", - "desc": "Ensure that Cloud DNS logging is enabled for all your Virtual Private Cloud (VPC) networks using DNS server policies. Cloud DNS logging records queries that the name servers resolve for your Google Cloud VPC networks, as well as queries from external entities directly to a public DNS zone. Recorded queries can come from virtual machine (VM) instances, GKE containers running in the same VPC network, peering zones, or other Google Cloud resources provisioned within your VPC.", - "title": "Enable Cloud DNS Logging for VPC Networks", - "types": [], - "uid": "prowler-gcp-compute_network_dns_logging_enabled-nodal-time-474015-p5-global-default" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "1894544973933139113", - "subnet_mode": "auto", - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Network", - "uid": "1894544973933139113" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "Cloud DNS logging records the queries from the name servers within your VPC to Stackdriver. Logged queries can come from Compute Engine VMs, GKE containers, or other GCP resources provisioned within the VPC.", - "references": [ - "https://cloud.google.com/dns/docs/monitoring" - ] - }, - "risk_details": "Cloud DNS logging is disabled by default on each Google Cloud VPC network. By enabling monitoring of Cloud DNS logs, you can increase visibility into the DNS names requested by the clients within your VPC network. Cloud DNS logs can be monitored for anomalous domain names and evaluated against threat intelligence.", - "time": 1760901392, - "time_dt": "2025-10-19T19:16:32.422645", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Network simple-workbench does not have DNS logging enabled.", - "metadata": { - "event_code": "compute_network_dns_logging_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Network simple-workbench does not have DNS logging enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_6_6", - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.8.gcp.nt.1", - "mp.com.2.r2.gcp.scc.1", - "mp.com.3.r3.gcp.scc.1" - ], - "PCI-4.0": [ - "1.3.2.44", - "1.4.1.9", - "1.4.2.42", - "1.4.4.9", - "10.2.1.1.6", - "10.2.1.1.29", - "10.2.1.2.6", - "10.2.1.2.12", - "10.2.1.2.21", - "10.2.1.2.26", - "10.2.1.3.6", - "10.2.1.3.21", - "10.2.1.3.26", - "10.2.1.4.6", - "10.2.1.4.21", - "10.2.1.4.26", - "10.2.1.5.6", - "10.2.1.5.26", - "10.2.1.6.6", - "10.2.1.6.21", - "10.2.1.6.26", - "10.2.1.7.6", - "10.2.1.7.12", - "10.2.1.7.26", - "10.2.1.6", - "10.2.1.26", - "10.2.2.6", - "10.2.2.21", - "10.2.2.26", - "10.3.1.6", - "10.3.1.12", - "10.3.1.26", - "10.5.1.9", - "10.6.3.6", - "10.6.3.14", - "10.6.3.26", - "10.6.3.32", - "5.3.4.6", - "5.3.4.24", - "5.3.4.31", - "A1.2.1.6", - "A1.2.1.25", - "A1.2.1.30" - ], - "MITRE-ATTACK": [ - "T1046" - ], - "CIS-2.0": [ - "2.12" - ], - "NIS2": [ - "1.1.1.c", - "1.2.1", - "2.1.2.e", - "2.1.2.g", - "2.1.2.h", - "2.2.1", - "2.3.1", - "3.2.1", - "3.2.3.a", - "3.2.3.d", - "3.6.2", - "6.2.1", - "6.7.2.i", - "6.7.2.l", - "7.2.b", - "9.2.a", - "11.1.1", - "11.5.2.d", - "12.2.2.c" - ], - "CCC": [ - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901392, - "created_time_dt": "2025-10-19T19:16:32.422645", - "desc": "Ensure that Cloud DNS logging is enabled for all your Virtual Private Cloud (VPC) networks using DNS server policies. Cloud DNS logging records queries that the name servers resolve for your Google Cloud VPC networks, as well as queries from external entities directly to a public DNS zone. Recorded queries can come from virtual machine (VM) instances, GKE containers running in the same VPC network, peering zones, or other Google Cloud resources provisioned within your VPC.", - "title": "Enable Cloud DNS Logging for VPC Networks", - "types": [], - "uid": "prowler-gcp-compute_network_dns_logging_enabled-nodal-time-474015-p5-global-simple-workbench" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "simple-workbench", - "id": "6879006949331747071", - "subnet_mode": "custom", - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "simple-workbench", - "type": "Network", - "uid": "6879006949331747071" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "Cloud DNS logging records the queries from the name servers within your VPC to Stackdriver. Logged queries can come from Compute Engine VMs, GKE containers, or other GCP resources provisioned within the VPC.", - "references": [ - "https://cloud.google.com/dns/docs/monitoring" - ] - }, - "risk_details": "Cloud DNS logging is disabled by default on each Google Cloud VPC network. By enabling monitoring of Cloud DNS logs, you can increase visibility into the DNS names requested by the clients within your VPC network. Cloud DNS logs can be monitored for anomalous domain names and evaluated against threat intelligence.", - "time": 1760901392, - "time_dt": "2025-10-19T19:16:32.422645", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Network default is not legacy.", - "metadata": { - "event_code": "compute_network_not_legacy", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Network default is not legacy.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.2" - ], - "ISO27001-2022": [ - "A.8.20" - ], - "MITRE-ATTACK": [ - "T1498", - "T1046" - ], - "CIS-2.0": [ - "3.2" - ], - "NIS2": [ - "1.1.1.c", - "1.2.1", - "2.1.2.e", - "2.1.2.g", - "2.2.1", - "2.3.1", - "6.2.1", - "11.1.1" - ], - "ProwlerThreatScore-1.0": [ - "2.1.2" - ], - "CIS-4.0": [ - "3.2" - ], - "CCC": [ - "CCC.MLDE.CN08.AR01", - "CCC.MLDE.CN08.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901392, - "created_time_dt": "2025-10-19T19:16:32.422645", - "desc": "In order to prevent use of legacy networks, a project should not have a legacy network configured. As of now, Legacy Networks are gradually being phased out, and you can no longer create projects with them. This recommendation is to check older projects to ensure that they are not using Legacy Networks.", - "title": "Ensure Legacy Networks Do Not Exist", - "types": [], - "uid": "prowler-gcp-compute_network_not_legacy-nodal-time-474015-p5-global-default" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "1894544973933139113", - "subnet_mode": "auto", - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Network", - "uid": "1894544973933139113" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "Ensure that your Google Cloud Platform (GCP) projects are not using legacy networks as this type of network is no longer recommended for production environments because it does not support advanced networking features. Instead, it is strongly recommended to use Virtual Private Cloud (VPC) networks for existing and future GCP projects.", - "references": [ - "https://cloud.google.com/vpc/docs/using-legacy#deleting_a_legacy_network" - ] - }, - "risk_details": "Google Cloud legacy networks have a single global IPv4 range which cannot be divided into subnets, and a single gateway IP address for the whole network. Legacy networks do not support several Google Cloud networking features such as subnets, alias IP ranges, multiple network interfaces, Cloud NAT (Network Address Translation), Virtual Private Cloud (VPC) Peering, and private access options for GCP services. Legacy networks are not recommended for high network traffic projects and are subject to a single point of contention or failure.", - "time": 1760901392, - "time_dt": "2025-10-19T19:16:32.422645", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Network simple-workbench is not legacy.", - "metadata": { - "event_code": "compute_network_not_legacy", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Network simple-workbench is not legacy.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.2" - ], - "ISO27001-2022": [ - "A.8.20" - ], - "MITRE-ATTACK": [ - "T1498", - "T1046" - ], - "CIS-2.0": [ - "3.2" - ], - "NIS2": [ - "1.1.1.c", - "1.2.1", - "2.1.2.e", - "2.1.2.g", - "2.2.1", - "2.3.1", - "6.2.1", - "11.1.1" - ], - "ProwlerThreatScore-1.0": [ - "2.1.2" - ], - "CIS-4.0": [ - "3.2" - ], - "CCC": [ - "CCC.MLDE.CN08.AR01", - "CCC.MLDE.CN08.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901392, - "created_time_dt": "2025-10-19T19:16:32.422645", - "desc": "In order to prevent use of legacy networks, a project should not have a legacy network configured. As of now, Legacy Networks are gradually being phased out, and you can no longer create projects with them. This recommendation is to check older projects to ensure that they are not using Legacy Networks.", - "title": "Ensure Legacy Networks Do Not Exist", - "types": [], - "uid": "prowler-gcp-compute_network_not_legacy-nodal-time-474015-p5-global-simple-workbench" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "simple-workbench", - "id": "6879006949331747071", - "subnet_mode": "custom", - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "simple-workbench", - "type": "Network", - "uid": "6879006949331747071" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "Ensure that your Google Cloud Platform (GCP) projects are not using legacy networks as this type of network is no longer recommended for production environments because it does not support advanced networking features. Instead, it is strongly recommended to use Virtual Private Cloud (VPC) networks for existing and future GCP projects.", - "references": [ - "https://cloud.google.com/vpc/docs/using-legacy#deleting_a_legacy_network" - ] - }, - "risk_details": "Google Cloud legacy networks have a single global IPv4 range which cannot be divided into subnets, and a single gateway IP address for the whole network. Legacy networks do not support several Google Cloud networking features such as subnets, alias IP ranges, multiple network interfaces, Cloud NAT (Network Address Translation), Virtual Private Cloud (VPC) Peering, and private access options for GCP services. Legacy networks are not recommended for high network traffic projects and are subject to a single point of contention or failure.", - "time": 1760901392, - "time_dt": "2025-10-19T19:16:32.422645", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Project nodal-time-474015-p5 does not have OS Login enabled.", - "metadata": { - "event_code": "compute_project_os_login_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "Project nodal-time-474015-p5 does not have OS Login enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "4.4" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16" - ], - "ENS-RD2022": [ - "op.ext.3.gcp.log.1" - ], - "CIS-2.0": [ - "4.4" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.2.3.d", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "CIS-4.0": [ - "4.4" - ], - "CCC": [ - "CCC.MLDE.CN03.AR01", - "CCC.MLDE.CN03.AR02", - "CCC.Core.CN03.AR04", - "CCC.Core.CN05.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901392, - "created_time_dt": "2025-10-19T19:16:32.422645", - "desc": "Ensure that the OS Login feature is enabled at the Google Cloud Platform (GCP) project level in order to provide you with centralized and automated SSH key pair management.", - "title": "Ensure Os Login Is Enabled for a Project", - "types": [], - "uid": "prowler-gcp-compute_project_os_login_enabled-nodal-time-474015-p5-global-My First Project" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "number": 784623368087, - "id": "nodal-time-474015-p5", - "name": "My First Project", - "organization": null, - "labels": {}, - "lifecycle_state": "ACTIVE" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "My First Project", - "type": "GCPProject", - "uid": "nodal-time-474015-p5" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "Ensure that the OS Login feature is enabled at the Google Cloud Platform (GCP) project level in order to provide you with centralized and automated SSH key pair management.", - "references": [ - "https://cloud.google.com/compute/confidential-vm/docs/creating-cvm-instance:https://cloud.google.com/compute/confidential-vm/docs/about-cvm:https://cloud.google.com/confidential-computing:https://cloud.google.com/blog/products/identity-security/introducing-google-cloud-confidential-computing-with-confidential-vms" - ] - }, - "risk_details": "Enabling OS Login feature ensures that the SSH keys used to connect to VM instances are mapped with Google Cloud IAM users. Revoking access to corresponding IAM users will revoke all the SSH keys associated with these users, therefore it facilitates centralized SSH key pair management, which is extremely useful in handling compromised or stolen SSH key pairs and/or revocation of external/third-party/vendor users.", - "time": 1760901392, - "time_dt": "2025-10-19T19:16:32.422645", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901392, - "created_time_dt": "2025-10-19T19:16:32.422645", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-us-west2-default" - }, - "resources": [ - { - "region": "us-west2", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "24288970830075042", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "us-west2" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "24288970830075042" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-west2" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901392, - "time_dt": "2025-10-19T19:16:32.422645", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901392, - "created_time_dt": "2025-10-19T19:16:32.422645", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-us-east4-default" - }, - "resources": [ - { - "region": "us-east4", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "2543292856211690658", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "us-east4" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "2543292856211690658" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-east4" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901392, - "time_dt": "2025-10-19T19:16:32.422645", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901392, - "created_time_dt": "2025-10-19T19:16:32.422645", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-southamerica-west1-default" - }, - "resources": [ - { - "region": "southamerica-west1", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "608650311179523233", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "southamerica-west1" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "608650311179523233" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "southamerica-west1" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901392, - "time_dt": "2025-10-19T19:16:32.422645", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901392, - "created_time_dt": "2025-10-19T19:16:32.422645", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-us-east5-default" - }, - "resources": [ - { - "region": "us-east5", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "1401430415650673826", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "us-east5" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "1401430415650673826" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-east5" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901392, - "time_dt": "2025-10-19T19:16:32.422645", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901392, - "created_time_dt": "2025-10-19T19:16:32.422645", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-asia-northeast3-default" - }, - "resources": [ - { - "region": "asia-northeast3", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "9096168126651389090", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "asia-northeast3" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "9096168126651389090" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "asia-northeast3" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901392, - "time_dt": "2025-10-19T19:16:32.422645", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901392, - "created_time_dt": "2025-10-19T19:16:32.422645", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-asia-northeast2-default" - }, - "resources": [ - { - "region": "asia-northeast2", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "508768411464586402", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "asia-northeast2" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "508768411464586402" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "asia-northeast2" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901392, - "time_dt": "2025-10-19T19:16:32.422645", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901392, - "created_time_dt": "2025-10-19T19:16:32.422645", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-europe-west12-default" - }, - "resources": [ - { - "region": "europe-west12", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "5525328356797142178", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "europe-west12" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "5525328356797142178" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "europe-west12" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901392, - "time_dt": "2025-10-19T19:16:32.422645", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901392, - "created_time_dt": "2025-10-19T19:16:32.422645", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-europe-west9-default" - }, - "resources": [ - { - "region": "europe-west9", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "1074046580757714082", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "europe-west9" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "1074046580757714082" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "europe-west9" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901392, - "time_dt": "2025-10-19T19:16:32.422645", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901392, - "created_time_dt": "2025-10-19T19:16:32.422645", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-us-west3-default" - }, - "resources": [ - { - "region": "us-west3", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "5329755272922092706", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "us-west3" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "5329755272922092706" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-west3" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901392, - "time_dt": "2025-10-19T19:16:32.422645", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901392, - "created_time_dt": "2025-10-19T19:16:32.422645", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-me-central1-default" - }, - "resources": [ - { - "region": "me-central1", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "8693862684678509730", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "me-central1" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "8693862684678509730" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "me-central1" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901392, - "time_dt": "2025-10-19T19:16:32.422645", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901392, - "created_time_dt": "2025-10-19T19:16:32.422645", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-europe-west3-default" - }, - "resources": [ - { - "region": "europe-west3", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "5772105379350140066", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "europe-west3" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "5772105379350140066" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "europe-west3" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901392, - "time_dt": "2025-10-19T19:16:32.422645", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901392, - "created_time_dt": "2025-10-19T19:16:32.422645", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-us-central1-default" - }, - "resources": [ - { - "region": "us-central1", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "7706237583483294882", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "us-central1" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "7706237583483294882" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-central1" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901392, - "time_dt": "2025-10-19T19:16:32.422645", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet simple-subnet-01 in network simple-workbench does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet simple-subnet-01 in network simple-workbench does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901392, - "created_time_dt": "2025-10-19T19:16:32.422645", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-us-central1-simple-subnet-01" - }, - "resources": [ - { - "region": "us-central1", - "data": { - "details": "", - "metadata": { - "name": "simple-subnet-01", - "id": "8482275995630223604", - "network": "simple-workbench", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "us-central1" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "simple-subnet-01", - "type": "Subnet", - "uid": "8482275995630223604" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-central1" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901392, - "time_dt": "2025-10-19T19:16:32.422645", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901392, - "created_time_dt": "2025-10-19T19:16:32.422645", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-europe-west6-default" - }, - "resources": [ - { - "region": "europe-west6", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "3716081487960429730", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "europe-west6" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "3716081487960429730" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "europe-west6" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901392, - "time_dt": "2025-10-19T19:16:32.422645", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901392, - "created_time_dt": "2025-10-19T19:16:32.422645", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-us-south1-default" - }, - "resources": [ - { - "region": "us-south1", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "1314274851926135970", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "us-south1" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "1314274851926135970" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-south1" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901392, - "time_dt": "2025-10-19T19:16:32.422645", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901392, - "created_time_dt": "2025-10-19T19:16:32.422645", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-us-west4-default" - }, - "resources": [ - { - "region": "us-west4", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "7215612770497680546", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "us-west4" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "7215612770497680546" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-west4" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901392, - "time_dt": "2025-10-19T19:16:32.422645", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901392, - "created_time_dt": "2025-10-19T19:16:32.422645", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-us-west1-default" - }, - "resources": [ - { - "region": "us-west1", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "8333568044404659362", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "us-west1" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "8333568044404659362" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-west1" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901392, - "time_dt": "2025-10-19T19:16:32.422645", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901392, - "created_time_dt": "2025-10-19T19:16:32.422645", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-asia-southeast2-default" - }, - "resources": [ - { - "region": "asia-southeast2", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "1491739310004196514", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "asia-southeast2" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "1491739310004196514" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "asia-southeast2" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901392, - "time_dt": "2025-10-19T19:16:32.422645", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901392, - "created_time_dt": "2025-10-19T19:16:32.422645", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-northamerica-northeast2-default" - }, - "resources": [ - { - "region": "northamerica-northeast2", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "483380030849242274", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "northamerica-northeast2" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "483380030849242274" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "northamerica-northeast2" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901392, - "time_dt": "2025-10-19T19:16:32.422645", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901392, - "created_time_dt": "2025-10-19T19:16:32.422645", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-us-east1-default" - }, - "resources": [ - { - "region": "us-east1", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "355354730862040226", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "us-east1" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "355354730862040226" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-east1" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901392, - "time_dt": "2025-10-19T19:16:32.422645", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901392, - "created_time_dt": "2025-10-19T19:16:32.422645", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-asia-northeast1-default" - }, - "resources": [ - { - "region": "asia-northeast1", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "7315669883403457698", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "asia-northeast1" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "7315669883403457698" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "asia-northeast1" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901392, - "time_dt": "2025-10-19T19:16:32.422645", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901392, - "created_time_dt": "2025-10-19T19:16:32.422645", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-europe-west10-default" - }, - "resources": [ - { - "region": "europe-west10", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "4896835085019993250", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "europe-west10" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "4896835085019993250" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "europe-west10" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901392, - "time_dt": "2025-10-19T19:16:32.422645", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901392, - "created_time_dt": "2025-10-19T19:16:32.422645", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-asia-southeast1-default" - }, - "resources": [ - { - "region": "asia-southeast1", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "4056355735184430242", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "asia-southeast1" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "4056355735184430242" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "asia-southeast1" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901392, - "time_dt": "2025-10-19T19:16:32.422645", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901392, - "created_time_dt": "2025-10-19T19:16:32.422645", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-australia-southeast2-default" - }, - "resources": [ - { - "region": "australia-southeast2", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "4285468416242439330", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "australia-southeast2" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "4285468416242439330" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "australia-southeast2" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901392, - "time_dt": "2025-10-19T19:16:32.422645", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901392, - "created_time_dt": "2025-10-19T19:16:32.422645", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-northamerica-south1-default" - }, - "resources": [ - { - "region": "northamerica-south1", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "7144258258311140514", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "northamerica-south1" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "7144258258311140514" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "northamerica-south1" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901392, - "time_dt": "2025-10-19T19:16:32.422645", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901392, - "created_time_dt": "2025-10-19T19:16:32.422645", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-europe-west2-default" - }, - "resources": [ - { - "region": "europe-west2", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "1891634321841280162", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "europe-west2" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "1891634321841280162" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "europe-west2" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901392, - "time_dt": "2025-10-19T19:16:32.422645", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901392, - "created_time_dt": "2025-10-19T19:16:32.422645", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-asia-east1-default" - }, - "resources": [ - { - "region": "asia-east1", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "5813254284192076962", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "asia-east1" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "5813254284192076962" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "asia-east1" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901392, - "time_dt": "2025-10-19T19:16:32.422645", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901392, - "created_time_dt": "2025-10-19T19:16:32.422645", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-europe-west4-default" - }, - "resources": [ - { - "region": "europe-west4", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "5555571983192249506", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "europe-west4" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "5555571983192249506" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "europe-west4" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901392, - "time_dt": "2025-10-19T19:16:32.422645", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901392, - "created_time_dt": "2025-10-19T19:16:32.422645", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-northamerica-northeast1-default" - }, - "resources": [ - { - "region": "northamerica-northeast1", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "3188169212019954850", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "northamerica-northeast1" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "3188169212019954850" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "northamerica-northeast1" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901392, - "time_dt": "2025-10-19T19:16:32.422645", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901392, - "created_time_dt": "2025-10-19T19:16:32.422645", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-europe-north1-default" - }, - "resources": [ - { - "region": "europe-north1", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "6168370688555570338", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "europe-north1" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "6168370688555570338" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "europe-north1" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901392, - "time_dt": "2025-10-19T19:16:32.422645", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901392, - "created_time_dt": "2025-10-19T19:16:32.422645", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-europe-central2-default" - }, - "resources": [ - { - "region": "europe-central2", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "4980955262212461730", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "europe-central2" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "4980955262212461730" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "europe-central2" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901392, - "time_dt": "2025-10-19T19:16:32.422645", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901392, - "created_time_dt": "2025-10-19T19:16:32.422645", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-europe-southwest1-default" - }, - "resources": [ - { - "region": "europe-southwest1", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "1089352323782235298", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "europe-southwest1" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "1089352323782235298" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "europe-southwest1" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901392, - "time_dt": "2025-10-19T19:16:32.422645", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901392, - "created_time_dt": "2025-10-19T19:16:32.422645", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-asia-east2-default" - }, - "resources": [ - { - "region": "asia-east2", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "6078557433428006050", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "asia-east2" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "6078557433428006050" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "asia-east2" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901392, - "time_dt": "2025-10-19T19:16:32.422645", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901392, - "created_time_dt": "2025-10-19T19:16:32.422645", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-southamerica-east1-default" - }, - "resources": [ - { - "region": "southamerica-east1", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "5608727104037934242", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "southamerica-east1" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "5608727104037934242" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "southamerica-east1" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901392, - "time_dt": "2025-10-19T19:16:32.422645", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901392, - "created_time_dt": "2025-10-19T19:16:32.422645", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-europe-west8-default" - }, - "resources": [ - { - "region": "europe-west8", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "8540268486600512674", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "europe-west8" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "8540268486600512674" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "europe-west8" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901392, - "time_dt": "2025-10-19T19:16:32.422645", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901392, - "created_time_dt": "2025-10-19T19:16:32.422645", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-europe-west1-default" - }, - "resources": [ - { - "region": "europe-west1", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "3398545940062753954", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "europe-west1" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "3398545940062753954" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "europe-west1" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901392, - "time_dt": "2025-10-19T19:16:32.422645", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901392, - "created_time_dt": "2025-10-19T19:16:32.422645", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-me-west1-default" - }, - "resources": [ - { - "region": "me-west1", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "5036744520860521634", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "me-west1" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "5036744520860521634" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "me-west1" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901392, - "time_dt": "2025-10-19T19:16:32.422645", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901392, - "created_time_dt": "2025-10-19T19:16:32.422645", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-australia-southeast1-default" - }, - "resources": [ - { - "region": "australia-southeast1", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "5526634061214864546", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "australia-southeast1" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "5526634061214864546" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "australia-southeast1" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901392, - "time_dt": "2025-10-19T19:16:32.422645", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901392, - "created_time_dt": "2025-10-19T19:16:32.422645", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-europe-north2-default" - }, - "resources": [ - { - "region": "europe-north2", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "1953758124674995362", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "europe-north2" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "1953758124674995362" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "europe-north2" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901392, - "time_dt": "2025-10-19T19:16:32.422645", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901392, - "created_time_dt": "2025-10-19T19:16:32.422645", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-asia-south2-default" - }, - "resources": [ - { - "region": "asia-south2", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "3652760235359687842", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "asia-south2" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "3652760235359687842" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "asia-south2" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901392, - "time_dt": "2025-10-19T19:16:32.422645", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901392, - "created_time_dt": "2025-10-19T19:16:32.422645", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-asia-south1-default" - }, - "resources": [ - { - "region": "asia-south1", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "7023929475293861026", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "asia-south1" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "7023929475293861026" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "asia-south1" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901392, - "time_dt": "2025-10-19T19:16:32.422645", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901392, - "created_time_dt": "2025-10-19T19:16:32.422645", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-africa-south1-default" - }, - "resources": [ - { - "region": "africa-south1", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "3728776852941657249", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "africa-south1" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "3728776852941657249" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "africa-south1" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760901392, - "time_dt": "2025-10-19T19:16:32.422645", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "GCR Container Scanning is not enabled in project nodal-time-474015-p5.", - "metadata": { - "event_code": "gcr_container_scanning_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "GCR Container Scanning is not enabled in project nodal-time-474015-p5.", - "status_id": 1, - "unmapped": { - "related_url": "https://cloud.google.com/container-registry/docs/container-analysis", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "By default, GCR Container Scanning is disabled.", - "compliance": { - "SOC2": [ - "cc_3_1", - "cc_3_2" - ], - "ENS-RD2022": [ - "op.mon.1.r1.gcp.scc.1", - "op.mon.1.r2.gcp.scc.1", - "op.mon.3.gcp.scc.1" - ], - "PCI-4.0": [ - "11.3.1.2.1", - "11.3.1.3.3", - "11.3.1.3" - ], - "NIS2": [ - "2.2.1", - "5.1.4.f", - "5.1.7.d", - "6.6.1.a", - "6.9.2" - ], - "CCC": [ - "CCC.CntrReg.CN01.AR01", - "CCC.GenAI.CN04.AR01", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.MLDE.CN05.AR01", - "CCC.MLDE.CN05.AR02", - "CCC.MLDE.CN06.AR01" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901392, - "created_time_dt": "2025-10-19T19:16:32.422645", - "desc": "Scan images stored in Google Container Registry (GCR) for vulnerabilities using GCR Container Scanning or a third-party provider. This helps identify and mitigate security risks associated with known vulnerabilities in container images.", - "title": "Ensure Image Vulnerability Scanning using GCR Container Scanning or a third-party provider", - "types": [ - "Security", - "Configuration" - ], - "uid": "prowler-gcp-gcr_container_scanning_enabled-nodal-time-474015-p5-global-GCR Container Scanning" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "number": 784623368087, - "id": "nodal-time-474015-p5", - "name": "My First Project", - "organization": null, - "labels": {}, - "lifecycle_state": "ACTIVE" - } - }, - "group": { - "name": "gcr" - }, - "labels": [], - "name": "GCR Container Scanning", - "type": "Service", - "uid": "containerscanning.googleapis.com" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "Enable vulnerability scanning for images stored in GCR using GCR Container Scanning or a third-party provider.", - "references": [ - "https://cloud.google.com/container-registry/docs/container-best-practices" - ] - }, - "risk_details": "Without image vulnerability scanning, container images stored in GCR may contain known vulnerabilities, increasing the risk of exploitation by malicious actors.", - "time": 1760901392, - "time_dt": "2025-10-19T19:16:32.422645", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Audit Logs are not enabled for project nodal-time-474015-p5.", - "metadata": { - "event_code": "iam_audit_logs_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Audit Logs are not enabled for project nodal-time-474015-p5.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "2.1" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16" - ], - "ENS-RD2022": [ - "opc.acc.1.r1.gcp.iam.2", - "op.acc.6.r5.gcp.cl.1", - "op.acc.6.r9.gcp.api.1" - ], - "PCI-4.0": [ - "1.5.1.31", - "10.2.1.1.7", - "10.2.1.1.10", - "10.2.1.1.20", - "10.2.1.1.25", - "10.2.1.1.36", - "10.2.1.2.1", - "10.2.1.2.7", - "10.2.1.2.8", - "10.2.1.2.19", - "10.2.1.2.24", - "10.2.1.3.7", - "10.2.1.3.8", - "10.2.1.3.11", - "10.2.1.3.17", - "10.2.1.3.19", - "10.2.1.4.1", - "10.2.1.4.7", - "10.2.1.4.8", - "10.2.1.4.19", - "10.2.1.4.24", - "10.2.1.5.1", - "10.2.1.5.7", - "10.2.1.5.19", - "10.2.1.5.24", - "10.2.1.6.7", - "10.2.1.6.8", - "10.2.1.6.24", - "10.2.1.7.7", - "10.2.1.7.8", - "10.2.1.7.19", - "10.2.1.7.24", - "10.2.1.1", - "10.2.1.7", - "10.2.1.8", - "10.2.1.11", - "10.2.1.17", - "10.2.1.18", - "10.2.1.19", - "10.2.1.24", - "10.2.1.30", - "10.2.2.1", - "10.2.2.7", - "10.2.2.8", - "10.2.2.18", - "10.2.2.24", - "10.3.1.7", - "10.3.1.8", - "10.3.1.24", - "10.3.2.2", - "10.3.2.5", - "10.3.3.4", - "10.3.3.7", - "10.3.4.3", - "10.3.4.6", - "10.4.1.1.3", - "10.5.1.3", - "10.6.3.7", - "10.6.3.10", - "10.6.3.22", - "10.6.3.24", - "10.6.3.41", - "11.5.2.4", - "11.6.1.4", - "12.10.5.4", - "5.3.4.7", - "5.3.4.8", - "5.3.4.9", - "5.3.4.20", - "5.3.4.21", - "5.3.4.22", - "7.2.1.15", - "7.2.2.15", - "7.2.5.11", - "7.3.1.11", - "7.3.2.11", - "7.3.3.11", - "8.2.8.13", - "A1.2.1.1", - "A1.2.1.7", - "A1.2.1.8", - "A1.2.1.10", - "A1.2.1.12", - "A1.2.1.28", - "A3.3.1.6", - "A3.5.1.6" - ], - "CIS-2.0": [ - "2.1" - ], - "NIS2": [ - "3.1.3", - "3.2.1", - "3.2.3.c", - "3.2.3.d", - "3.2.3.e", - "3.6.2", - "7.2.b", - "11.2.2.e", - "11.2.2.f", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "1.3.3" - ], - "CIS-4.0": [ - "2.1" - ], - "CCC": [ - "CCC.AuditLog.CN01.AR01", - "CCC.AuditLog.CN01.AR02", - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.AuditLog.CN07.AR01", - "CCC.DataWar.CN03.AR01", - "CCC.GenAI.CN03.AR01", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.LB.CN04.AR01", - "CCC.LB.CN05.AR01", - "CCC.LB.CN09.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.MLDE.CN01.AR01", - "CCC.MLDE.CN03.AR02", - "CCC.Monitor.CN01.AR01", - "CCC.Monitor.CN02.AR01", - "CCC.Vector.CN05.AR01", - "CCC.Core.CN09.AR01", - "CCC.Core.CN09.AR02", - "CCC.Core.CN03.AR04", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR02", - "CCC.Core.CN04.AR03", - "CCC.Core.CN07.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901392, - "created_time_dt": "2025-10-19T19:16:32.422645", - "desc": "Ensure that Google Cloud Audit Logs feature is configured to track Data Access logs for all Google Cloud Platform (GCP) services and users, in order to enhance overall access security and meet compliance requirements. Once configured, the feature can record all admin related activities, as well as all the read and write access requests to user data.", - "title": "Configure Google Cloud Audit Logs to Track All Activities", - "types": [], - "uid": "prowler-gcp-iam_audit_logs_enabled-nodal-time-474015-p5-global-My First Project" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "number": 784623368087, - "id": "nodal-time-474015-p5", - "name": "My First Project", - "organization": null, - "labels": {}, - "lifecycle_state": "ACTIVE" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "My First Project", - "type": "GCPProject", - "uid": "nodal-time-474015-p5" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended that Cloud Audit Logging is configured to track all admin activities and read, write access to user data.", - "references": [ - "https://cloud.google.com/logging/docs/audit/" - ] - }, - "risk_details": "In order to maintain an effective Google Cloud audit configuration for your project, folder, and organization, all 3 types of Data Access logs (ADMIN_READ, DATA_READ and DATA_WRITE) must be enabled for all supported GCP services. Also, Data Access logs should be captured for all IAM users, without exempting any of them. Exemptions let you control which users generate audit logs. When you add an exempted user to your log configuration, audit logs are not created for that user, for the selected log type(s). Data Access audit logs are disabled by default and must be explicitly enabled based on your business requirements.", - "time": 1760901392, - "time_dt": "2025-10-19T19:16:32.422645", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Cloud Asset Inventory is enabled in project nodal-time-474015-p5.", - "metadata": { - "event_code": "iam_cloud_asset_inventory_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Cloud Asset Inventory is enabled in project nodal-time-474015-p5.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "2.13" - ], - "SOC2": [ - "cc_1_3", - "cc_3_4", - "cc_4_2", - "cc_6_8", - "cc_7_1", - "cc_7_3", - "cc_8_1" - ], - "ISO27001-2022": [ - "A.5.1", - "A.5.19", - "A.5.21", - "A.5.25", - "A.5.28", - "A.5.29", - "A.8.7", - "A.8.9" - ], - "ENS-RD2022": [ - "op.exp.1.gcp.scc.1", - "op.exp.1.r2.gcp.cai.1", - "op.exp.1.r3.gcp.cai.1" - ], - "MITRE-ATTACK": [ - "T1098", - "T1580" - ], - "CIS-2.0": [ - "2.13" - ], - "NIS2": [ - "3.1.3" - ], - "ProwlerThreatScore-1.0": [ - "3.3.1" - ], - "CIS-4.0": [ - "2.13" - ], - "CCC": [ - "CCC.GenAI.CN03.AR01", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.Core.CN05.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901392, - "created_time_dt": "2025-10-19T19:16:32.422645", - "desc": "GCP Cloud Asset Inventory is services that provides a historical view of GCP resources and IAM policies through a time-series database. The information recorded includes metadata on Google Cloud resources, metadata on policies set on Google Cloud projects or resources, and runtime information gathered within a Google Cloud resource.", - "title": "Ensure Cloud Asset Inventory Is Enabled", - "types": [], - "uid": "prowler-gcp-iam_cloud_asset_inventory_enabled-nodal-time-474015-p5-global-Cloud Asset Inventory" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "number": 784623368087, - "id": "nodal-time-474015-p5", - "name": "My First Project", - "organization": null, - "labels": {}, - "lifecycle_state": "ACTIVE" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "Cloud Asset Inventory", - "type": "Service", - "uid": "cloudasset.googleapis.com" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "Ensure that Cloud Asset Inventory is enabled for all your GCP projects in order to efficiently manage the history and the inventory of your cloud resources. Google Cloud Asset Inventory is a fully managed metadata inventory service that allows you to view, monitor, analyze, and gain insights for your Google Cloud and Anthos assets. Cloud Asset Inventory is disabled by default in each GCP project.", - "references": [ - "https://cloud.google.com/asset-inventory/docs" - ] - }, - "risk_details": "Gaining insight into Google Cloud resources and policies is vital for tasks such as DevOps, security analytics, multi-cluster and fleet management, auditing, and governance. With Cloud Asset Inventory you can discover, monitor, and analyze all GCP assets in one place, achieving a better understanding of all your cloud assets across projects and services.", - "time": 1760901392, - "time_dt": "2025-10-19T19:16:32.422645", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No IAM Users assigned to service roles at project level nodal-time-474015-p5.", - "metadata": { - "event_code": "iam_no_service_roles_at_project_level", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "No IAM Users assigned to service roles at project level nodal-time-474015-p5.", - "status_id": 1, - "unmapped": { - "related_url": "https://www.trendmicro.com/cloudoneconformity/knowledge-base/gcp/CloudIAM/check-for-iam-users-with-service-roles.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.6" - ], - "SOC2": [ - "cc_1_3" - ], - "ISO27001-2022": [ - "A.5.3", - "A.5.15", - "A.8.2" - ], - "ENS-RD2022": [ - "op.acc.1.r1.gcp.iam.1" - ], - "PCI-4.0": [ - "1.5.1.31", - "7.2.1.16", - "7.2.1.19", - "7.2.2.17", - "7.2.2.19", - "7.2.5.7", - "7.2.5.10", - "7.2.5.13", - "7.3.1.7", - "7.3.1.12", - "7.3.1.13", - "7.3.2.13", - "7.3.3.10", - "7.3.3.12", - "7.3.3.13", - "8.2.2.6", - "8.2.7.11", - "8.2.7.13", - "8.2.8.9", - "8.2.8.15", - "8.3.4.11", - "8.3.4.12", - "8.3.4.13" - ], - "MITRE-ATTACK": [ - "T1078", - "T1098", - "T1556", - "T1578", - "T1550", - "T1606", - "T1040", - "T1580", - "T1538", - "T1069" - ], - "CIS-2.0": [ - "1.6" - ], - "NIS2": [ - "6.2.2.b", - "6.7.2.g", - "11.1.2.c", - "11.2.2.d", - "11.3.1", - "11.3.2.b" - ], - "ProwlerThreatScore-1.0": [ - "1.3.1" - ], - "CIS-4.0": [ - "1.6" - ], - "CCC": [ - "CCC.DataWar.CN03.AR01", - "CCC.GenAI.CN06.AR01", - "CCC.LB.CN04.AR01", - "CCC.LB.CN05.AR01", - "CCC.LB.CN09.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.MLDE.CN03.AR02", - "CCC.Monitor.CN06.AR01", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901392, - "created_time_dt": "2025-10-19T19:16:32.422645", - "desc": "It is recommended to assign the `Service Account User (iam.serviceAccountUser)` and `Service Account Token Creator (iam.serviceAccountTokenCreator)` roles to a user for a specific service account rather than assigning the role to a user at project level.", - "title": "Ensure That IAM Users Are Not Assigned the Service Account User or Service Account Token Creator Roles at Project Level", - "types": [], - "uid": "prowler-gcp-iam_no_service_roles_at_project_level-nodal-time-474015-p5-global-My First Project" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "number": 784623368087, - "id": "nodal-time-474015-p5", - "name": "My First Project", - "organization": null, - "labels": {}, - "lifecycle_state": "ACTIVE" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "My First Project", - "type": "IAM Policy", - "uid": "nodal-time-474015-p5" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "Ensure that the Service Account User and Service Account Token Creator roles are assigned to a user for a specific GCP service account rather than to a user at the GCP project level, in order to implement the principle of least privilege (POLP). The principle of least privilege (also known as the principle of minimal privilege) is the practice of providing every user the minimal amount of access required to perform its tasks. Google Cloud Platform (GCP) IAM users should not have assigned the Service Account User or Service Account Token Creator roles at the GCP project level. Instead, these roles should be allocated to a user associated with a specific service account, providing that user access to the service account only.", - "references": [ - "https://cloud.google.com/iam/docs/granting-changing-revoking-access" - ] - }, - "risk_details": "The Service Account User (iam.serviceAccountUser) role allows an IAM user to attach a service account to a long-running job service such as an App Engine App or Dataflow Job, whereas the Service Account Token Creator (iam.serviceAccountTokenCreator) role allows a user to directly impersonate the identity of a service account.", - "time": 1760901392, - "time_dt": "2025-10-19T19:16:32.422645", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Principle of separation of duties was enforced for KMS-Related Roles in project nodal-time-474015-p5.", - "metadata": { - "event_code": "iam_role_kms_enforce_separation_of_duties", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Principle of separation of duties was enforced for KMS-Related Roles in project nodal-time-474015-p5.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.8", - "1.11" - ], - "SOC2": [ - "cc_1_3", - "cc_6_3" - ], - "ISO27001-2022": [ - "A.5.3", - "A.5.15", - "A.8.2" - ], - "ENS-RD2022": [ - "op.acc.3.gcp.org.1" - ], - "PCI-4.0": [ - "3.5.1.1.8", - "3.5.1.3.16", - "3.6.1.2.8", - "3.6.1.3.8", - "3.6.1.4.8", - "3.6.1.8", - "3.7.1.9", - "3.7.2.8", - "3.7.4.5", - "3.7.4.9", - "3.7.6.8", - "3.7.7.8", - "4.2.1.1.21", - "7.2.1.10", - "7.2.2.10", - "7.2.3.6", - "7.2.5.6", - "7.3.1.6", - "7.3.2.6", - "7.3.3.5", - "7.3.3.6", - "8.2.7.5", - "8.2.7.6", - "8.2.8.8", - "8.3.4.6" - ], - "MITRE-ATTACK": [ - "T1078", - "T1098", - "T1556", - "T1578", - "T1550", - "T1606", - "T1040", - "T1087", - "T1580", - "T1538", - "T1069" - ], - "CIS-2.0": [ - "1.11" - ], - "NIS2": [ - "1.2.4", - "3.1.3", - "6.2.2.b", - "6.7.2.e", - "11.1.2.c", - "11.2.2.a", - "11.2.2.d", - "11.3.1", - "11.3.2.b", - "11.3.2.c", - "11.3.2.d", - "11.4.2.b", - "11.4.2.c", - "11.6.1" - ], - "ProwlerThreatScore-1.0": [ - "1.2.5", - "1.3.2" - ], - "CIS-4.0": [ - "1.8", - "1.11" - ], - "CCC": [ - "CCC.DataWar.CN03.AR01", - "CCC.KeyMgmt.CN02.AR01", - "CCC.LB.CN05.AR01", - "CCC.LB.CN09.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901392, - "created_time_dt": "2025-10-19T19:16:32.422645", - "desc": "Ensure that separation of duties is enforced for all Cloud Key Management Service (KMS) related roles. The principle of separation of duties (also known as segregation of duties) has as its primary objective the prevention of fraud and human error. This objective is achieved by dismantling the tasks and the associated privileges for a specific business process among multiple users/identities. Google Cloud provides predefined roles that can be used to implement the principle of separation of duties, where it is needed. The predefined Cloud KMS Admin role is meant for users to manage KMS keys but not to use them. The Cloud KMS CryptoKey Encrypter/Decrypter roles are meant for services who can use keys to encrypt and decrypt data, but not to manage them. To adhere to cloud security best practices, your IAM users should not have the Admin role and any of the CryptoKey Encrypter/Decrypter roles assigned at the same time.", - "title": "Enforce Separation of Duties for KMS-Related Roles", - "types": [], - "uid": "prowler-gcp-iam_role_kms_enforce_separation_of_duties-nodal-time-474015-p5-global-My First Project" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "number": 784623368087, - "id": "nodal-time-474015-p5", - "name": "My First Project", - "organization": null, - "labels": {}, - "lifecycle_state": "ACTIVE" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "My First Project", - "type": "IAMRole", - "uid": "nodal-time-474015-p5" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended that the principle of 'Separation of Duties' is enforced while assigning KMS related roles to users.", - "references": [ - "https://cloud.google.com/kms/docs/separation-of-duties" - ] - }, - "risk_details": "The principle of separation of duties can be enforced in order to eliminate the need for the IAM user/identity that has all the permissions needed to perform unwanted actions, such as using a cryptographic key to access and decrypt data which the user should not normally have access to.", - "time": 1760901392, - "time_dt": "2025-10-19T19:16:32.422645", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Principle of separation of duties was not enforced for Service-Account Related Roles in project nodal-time-474015-p5 in members deleted:serviceAccount:gha-deployer@nodal-time-474015-p5.iam.gserviceaccount.com?uid=104781589807131914461,serviceAccount:gha-deployer@nodal-time-474015-p5.iam.gserviceaccount.com.", - "metadata": { - "event_code": "iam_role_sa_enforce_separation_of_duties", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Principle of separation of duties was not enforced for Service-Account Related Roles in project nodal-time-474015-p5 in members deleted:serviceAccount:gha-deployer@nodal-time-474015-p5.iam.gserviceaccount.com?uid=104781589807131914461,serviceAccount:gha-deployer@nodal-time-474015-p5.iam.gserviceaccount.com.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_1_3", - "cc_6_3" - ], - "ISO27001-2022": [ - "A.5.3", - "A.5.15", - "A.5.18", - "A.8.2" - ], - "ENS-RD2022": [ - "op.acc.3.gcp.org.1" - ], - "PCI-4.0": [ - "7.2.1.16", - "7.2.1.19", - "7.2.2.19", - "7.2.5.13", - "7.3.1.7", - "7.3.1.12", - "7.3.1.13", - "7.3.3.12", - "8.2.7.11", - "8.2.7.13", - "8.3.4.11" - ], - "MITRE-ATTACK": [ - "T1078", - "T1098", - "T1556", - "T1578", - "T1550", - "T1606", - "T1040", - "T1087", - "T1580", - "T1538", - "T1069" - ], - "CIS-2.0": [ - "1.8" - ], - "NIS2": [ - "1.2.4", - "3.1.3", - "6.2.2.b", - "11.1.2.c", - "11.2.2.a", - "11.2.2.d", - "11.3.1", - "11.3.2.b", - "11.3.2.c", - "11.3.2.d", - "11.4.2.b", - "11.4.2.c" - ], - "CCC": [ - "CCC.DataWar.CN03.AR01", - "CCC.LB.CN04.AR01", - "CCC.LB.CN05.AR01", - "CCC.LB.CN09.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901392, - "created_time_dt": "2025-10-19T19:16:32.422645", - "desc": "Ensure that separation of duties (also known as segregation of duties - SoD) is enforced for all Google Cloud Platform (GCP) service-account related roles. The security principle of separation of duties has as its primary objective the prevention of fraud and human error. This objective is achieved by disbanding the tasks and associated privileges for a specific business process among multiple users/members. To follow security best practices, your GCP service accounts should not have the Service Account Admin and Service Account User roles assigned at the same time.", - "title": "Enforce Separation of Duties for Service-Account Related Roles", - "types": [], - "uid": "prowler-gcp-iam_role_sa_enforce_separation_of_duties-nodal-time-474015-p5-global-My First Project" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "number": 784623368087, - "id": "nodal-time-474015-p5", - "name": "My First Project", - "organization": null, - "labels": {}, - "lifecycle_state": "ACTIVE" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "My First Project", - "type": "IAMRole", - "uid": "nodal-time-474015-p5" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "Ensure that separation of duties (also known as segregation of duties - SoD) is enforced for all Google Cloud Platform (GCP) service-account related roles. The security principle of separation of duties has as its primary objective the prevention of fraud and human error. This objective is achieved by disbanding the tasks and associated privileges for a specific business process among multiple users/members. To follow security best practices, your GCP service accounts should not have the Service Account Admin and Service Account User roles assigned at the same time.", - "references": [ - "https://cloud.google.com/iam/docs/understanding-roles" - ] - }, - "risk_details": "The principle of separation of duties should be enforced in order to eliminate the need for high-privileged IAM members, as the permissions granted to these members can allow them to perform malicious or unwanted actions.", - "time": 1760901392, - "time_dt": "2025-10-19T19:16:32.422645", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Account gha-deployer@nodal-time-474015-p5.iam.gserviceaccount.com has administrative privileges with roles/serviceusage.serviceUsageAdmin.", - "metadata": { - "event_code": "iam_sa_no_administrative_privileges", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Account gha-deployer@nodal-time-474015-p5.iam.gserviceaccount.com has administrative privileges with roles/serviceusage.serviceUsageAdmin.", - "status_id": 1, - "unmapped": { - "related_url": "https://www.trendmicro.com/cloudoneconformity/knowledge-base/gcp/CloudIAM/restrict-admin-access-for-service-accounts.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.5" - ], - "SOC2": [ - "cc_1_3", - "cc_6_3" - ], - "ISO27001-2022": [ - "A.5.15", - "A.5.18", - "A.8.2", - "A.8.3" - ], - "ENS-RD2022": [ - "op.acc.3.gcp.iam.1", - "opc.acc.4.gcp.iam.1" - ], - "PCI-4.0": [ - "1.5.1.31", - "7.2.1.5", - "7.2.1.11", - "7.2.1.14", - "7.2.1.15", - "7.2.1.16", - "7.2.1.19", - "7.2.2.5", - "7.2.2.14", - "7.2.2.15", - "7.2.2.16", - "7.2.2.17", - "7.2.2.19", - "7.2.3.7", - "7.2.5.3", - "7.2.5.7", - "7.2.5.10", - "7.2.5.11", - "7.2.5.12", - "7.2.5.13", - "7.3.1.3", - "7.3.1.7", - "7.3.1.10", - "7.3.1.11", - "7.3.1.12", - "7.3.1.13", - "7.3.2.3", - "7.3.2.7", - "7.3.2.8", - "7.3.2.10", - "7.3.2.11", - "7.3.2.13", - "7.3.3.3", - "7.3.3.7", - "7.3.3.10", - "7.3.3.11", - "7.3.3.12", - "7.3.3.13", - "8.2.1.4", - "8.2.2.6", - "8.2.5.4", - "8.2.7.3", - "8.2.7.10", - "8.2.7.11", - "8.2.7.13", - "8.2.8.5", - "8.2.8.9", - "8.2.8.12", - "8.2.8.13", - "8.2.8.15", - "8.3.4.3", - "8.3.4.10", - "8.3.4.11", - "8.3.4.12", - "8.3.4.13" - ], - "MITRE-ATTACK": [ - "T1078", - "T1098", - "T1556", - "T1578", - "T1550", - "T1606", - "T1040", - "T1087", - "T1580", - "T1538", - "T1069" - ], - "CIS-2.0": [ - "1.5" - ], - "NIS2": [ - "3.2.3.e", - "6.2.2.b", - "6.7.2.e", - "6.7.2.g", - "11.1.2.c", - "11.2.2.a", - "11.2.2.d", - "11.3.1", - "11.3.2.b", - "11.3.2.c", - "11.3.2.d", - "11.4.2.a", - "11.4.2.c" - ], - "ProwlerThreatScore-1.0": [ - "1.2.2" - ], - "CIS-4.0": [ - "1.5" - ], - "CCC": [ - "CCC.DataWar.CN03.AR01", - "CCC.GenAI.CN06.AR01", - "CCC.LB.CN04.AR01", - "CCC.LB.CN05.AR01", - "CCC.LB.CN09.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.MLDE.CN03.AR02", - "CCC.Monitor.CN06.AR01", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901392, - "created_time_dt": "2025-10-19T19:16:32.422645", - "desc": "Ensure Service Account does not have admin privileges", - "title": "Ensure Service Account does not have admin privileges", - "types": [], - "uid": "prowler-gcp-iam_sa_no_administrative_privileges-nodal-time-474015-p5-global-projects/nodal-time-474015-p5/serviceAccounts/gha-deployer@nodal-time-474015-p5.iam.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/gha-deployer@nodal-time-474015-p5.iam.gserviceaccount.com", - "email": "gha-deployer@nodal-time-474015-p5.iam.gserviceaccount.com", - "display_name": "GitHub Actions Deployer", - "keys": [ - { - "name": "3f2a81ba4bce0b39089b85a2e7678d09d2d183f6", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-16T22:26:26", - "valid_before": "2027-10-28T08:50:15" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "114112078080729873885" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "projects/nodal-time-474015-p5/serviceAccounts/gha-deployer@nodal-time-474015-p5.iam.gserviceaccount.com", - "type": "ServiceAccount", - "uid": "gha-deployer@nodal-time-474015-p5.iam.gserviceaccount.com" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "Ensure that your Google Cloud user-managed service accounts are not using privileged (administrator) roles, in order to implement the principle of least privilege and prevent any accidental or intentional modifications that may lead to data leaks and/or data loss.", - "references": [ - "https://cloud.google.com/iam/docs/manage-access-service-accounts" - ] - }, - "risk_details": "Enrolling ServiceAccount with Admin rights gives full access to an assigned application or a VM. A ServiceAccount Access holder can perform critical actions, such as delete and update change settings, without user intervention.", - "time": 1760901392, - "time_dt": "2025-10-19T19:16:32.422645", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com has no administrative privileges.", - "metadata": { - "event_code": "iam_sa_no_administrative_privileges", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com has no administrative privileges.", - "status_id": 1, - "unmapped": { - "related_url": "https://www.trendmicro.com/cloudoneconformity/knowledge-base/gcp/CloudIAM/restrict-admin-access-for-service-accounts.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.5" - ], - "SOC2": [ - "cc_1_3", - "cc_6_3" - ], - "ISO27001-2022": [ - "A.5.15", - "A.5.18", - "A.8.2", - "A.8.3" - ], - "ENS-RD2022": [ - "op.acc.3.gcp.iam.1", - "opc.acc.4.gcp.iam.1" - ], - "PCI-4.0": [ - "1.5.1.31", - "7.2.1.5", - "7.2.1.11", - "7.2.1.14", - "7.2.1.15", - "7.2.1.16", - "7.2.1.19", - "7.2.2.5", - "7.2.2.14", - "7.2.2.15", - "7.2.2.16", - "7.2.2.17", - "7.2.2.19", - "7.2.3.7", - "7.2.5.3", - "7.2.5.7", - "7.2.5.10", - "7.2.5.11", - "7.2.5.12", - "7.2.5.13", - "7.3.1.3", - "7.3.1.7", - "7.3.1.10", - "7.3.1.11", - "7.3.1.12", - "7.3.1.13", - "7.3.2.3", - "7.3.2.7", - "7.3.2.8", - "7.3.2.10", - "7.3.2.11", - "7.3.2.13", - "7.3.3.3", - "7.3.3.7", - "7.3.3.10", - "7.3.3.11", - "7.3.3.12", - "7.3.3.13", - "8.2.1.4", - "8.2.2.6", - "8.2.5.4", - "8.2.7.3", - "8.2.7.10", - "8.2.7.11", - "8.2.7.13", - "8.2.8.5", - "8.2.8.9", - "8.2.8.12", - "8.2.8.13", - "8.2.8.15", - "8.3.4.3", - "8.3.4.10", - "8.3.4.11", - "8.3.4.12", - "8.3.4.13" - ], - "MITRE-ATTACK": [ - "T1078", - "T1098", - "T1556", - "T1578", - "T1550", - "T1606", - "T1040", - "T1087", - "T1580", - "T1538", - "T1069" - ], - "CIS-2.0": [ - "1.5" - ], - "NIS2": [ - "3.2.3.e", - "6.2.2.b", - "6.7.2.e", - "6.7.2.g", - "11.1.2.c", - "11.2.2.a", - "11.2.2.d", - "11.3.1", - "11.3.2.b", - "11.3.2.c", - "11.3.2.d", - "11.4.2.a", - "11.4.2.c" - ], - "ProwlerThreatScore-1.0": [ - "1.2.2" - ], - "CIS-4.0": [ - "1.5" - ], - "CCC": [ - "CCC.DataWar.CN03.AR01", - "CCC.GenAI.CN06.AR01", - "CCC.LB.CN04.AR01", - "CCC.LB.CN05.AR01", - "CCC.LB.CN09.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.MLDE.CN03.AR02", - "CCC.Monitor.CN06.AR01", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901392, - "created_time_dt": "2025-10-19T19:16:32.422645", - "desc": "Ensure Service Account does not have admin privileges", - "title": "Ensure Service Account does not have admin privileges", - "types": [], - "uid": "prowler-gcp-iam_sa_no_administrative_privileges-nodal-time-474015-p5-global-projects/nodal-time-474015-p5/serviceAccounts/test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "email": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "display_name": "CCC Test User: test-user-trusted", - "keys": [ - { - "name": "2be636359d12f2e126e0d77f6dfaa3ba883c97c6", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-12T13:15:46", - "valid_before": "2025-10-29T13:15:46" - }, - { - "name": "b42bff156412b21c8615812a79d72ba55d6bafb4", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:44", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "24a51f6716e116e4b0c095d727d4a101242b82a2", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "a9ef76bd9a4bf65183c4eca79577351caf8a8b9c", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:47", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "3ec34a6521569dd67684f27f37d1d6ab56db09dc", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:43", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c450c6187eeddc932b29ffd3d0f3e675bf53af62", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:45", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "da1ab7a5db1c4c450463dd8897ce39f496b0ad66", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "f69cf03d448314cf03036f08165420dfe98b3992", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:50", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "ce51dbe0ea021fb2e8124f86d8842546246040c1", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:51", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "9fb92292efcb6cf783f5b7ef3bc67a293bea8a33", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:52", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c0604742fabec0b925df21e0606a25c9e007f571", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:38:22", - "valid_before": "9999-12-31T23:59:59" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "101453138596815216260" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "projects/nodal-time-474015-p5/serviceAccounts/test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "type": "ServiceAccount", - "uid": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "Ensure that your Google Cloud user-managed service accounts are not using privileged (administrator) roles, in order to implement the principle of least privilege and prevent any accidental or intentional modifications that may lead to data leaks and/or data loss.", - "references": [ - "https://cloud.google.com/iam/docs/manage-access-service-accounts" - ] - }, - "risk_details": "Enrolling ServiceAccount with Admin rights gives full access to an assigned application or a VM. A ServiceAccount Access holder can perform critical actions, such as delete and update change settings, without user intervention.", - "time": 1760901392, - "time_dt": "2025-10-19T19:16:32.422645", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Account 784623368087-compute@developer.gserviceaccount.com has administrative privileges with roles/editor.", - "metadata": { - "event_code": "iam_sa_no_administrative_privileges", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Account 784623368087-compute@developer.gserviceaccount.com has administrative privileges with roles/editor.", - "status_id": 1, - "unmapped": { - "related_url": "https://www.trendmicro.com/cloudoneconformity/knowledge-base/gcp/CloudIAM/restrict-admin-access-for-service-accounts.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.5" - ], - "SOC2": [ - "cc_1_3", - "cc_6_3" - ], - "ISO27001-2022": [ - "A.5.15", - "A.5.18", - "A.8.2", - "A.8.3" - ], - "ENS-RD2022": [ - "op.acc.3.gcp.iam.1", - "opc.acc.4.gcp.iam.1" - ], - "PCI-4.0": [ - "1.5.1.31", - "7.2.1.5", - "7.2.1.11", - "7.2.1.14", - "7.2.1.15", - "7.2.1.16", - "7.2.1.19", - "7.2.2.5", - "7.2.2.14", - "7.2.2.15", - "7.2.2.16", - "7.2.2.17", - "7.2.2.19", - "7.2.3.7", - "7.2.5.3", - "7.2.5.7", - "7.2.5.10", - "7.2.5.11", - "7.2.5.12", - "7.2.5.13", - "7.3.1.3", - "7.3.1.7", - "7.3.1.10", - "7.3.1.11", - "7.3.1.12", - "7.3.1.13", - "7.3.2.3", - "7.3.2.7", - "7.3.2.8", - "7.3.2.10", - "7.3.2.11", - "7.3.2.13", - "7.3.3.3", - "7.3.3.7", - "7.3.3.10", - "7.3.3.11", - "7.3.3.12", - "7.3.3.13", - "8.2.1.4", - "8.2.2.6", - "8.2.5.4", - "8.2.7.3", - "8.2.7.10", - "8.2.7.11", - "8.2.7.13", - "8.2.8.5", - "8.2.8.9", - "8.2.8.12", - "8.2.8.13", - "8.2.8.15", - "8.3.4.3", - "8.3.4.10", - "8.3.4.11", - "8.3.4.12", - "8.3.4.13" - ], - "MITRE-ATTACK": [ - "T1078", - "T1098", - "T1556", - "T1578", - "T1550", - "T1606", - "T1040", - "T1087", - "T1580", - "T1538", - "T1069" - ], - "CIS-2.0": [ - "1.5" - ], - "NIS2": [ - "3.2.3.e", - "6.2.2.b", - "6.7.2.e", - "6.7.2.g", - "11.1.2.c", - "11.2.2.a", - "11.2.2.d", - "11.3.1", - "11.3.2.b", - "11.3.2.c", - "11.3.2.d", - "11.4.2.a", - "11.4.2.c" - ], - "ProwlerThreatScore-1.0": [ - "1.2.2" - ], - "CIS-4.0": [ - "1.5" - ], - "CCC": [ - "CCC.DataWar.CN03.AR01", - "CCC.GenAI.CN06.AR01", - "CCC.LB.CN04.AR01", - "CCC.LB.CN05.AR01", - "CCC.LB.CN09.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.MLDE.CN03.AR02", - "CCC.Monitor.CN06.AR01", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901392, - "created_time_dt": "2025-10-19T19:16:32.422645", - "desc": "Ensure Service Account does not have admin privileges", - "title": "Ensure Service Account does not have admin privileges", - "types": [], - "uid": "prowler-gcp-iam_sa_no_administrative_privileges-nodal-time-474015-p5-global-projects/nodal-time-474015-p5/serviceAccounts/784623368087-compute@developer.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/784623368087-compute@developer.gserviceaccount.com", - "email": "784623368087-compute@developer.gserviceaccount.com", - "display_name": "Compute Engine default service account", - "keys": [ - { - "name": "202c306e41b020fefe81250bea563d31c07138e3", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-06T10:25:01", - "valid_before": "2025-10-23T10:25:01" - }, - { - "name": "93b9e85d69bcb0503b5a7696d8b3bf5855a91d37", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-15T10:25:01", - "valid_before": "2025-10-31T10:25:01" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "111974737467208838860" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "projects/nodal-time-474015-p5/serviceAccounts/784623368087-compute@developer.gserviceaccount.com", - "type": "ServiceAccount", - "uid": "784623368087-compute@developer.gserviceaccount.com" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "Ensure that your Google Cloud user-managed service accounts are not using privileged (administrator) roles, in order to implement the principle of least privilege and prevent any accidental or intentional modifications that may lead to data leaks and/or data loss.", - "references": [ - "https://cloud.google.com/iam/docs/manage-access-service-accounts" - ] - }, - "risk_details": "Enrolling ServiceAccount with Admin rights gives full access to an assigned application or a VM. A ServiceAccount Access holder can perform critical actions, such as delete and update change settings, without user intervention.", - "time": 1760901392, - "time_dt": "2025-10-19T19:16:32.422645", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Account vertex-ai-workbench-sa@nodal-time-474015-p5.iam.gserviceaccount.com has no administrative privileges.", - "metadata": { - "event_code": "iam_sa_no_administrative_privileges", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Account vertex-ai-workbench-sa@nodal-time-474015-p5.iam.gserviceaccount.com has no administrative privileges.", - "status_id": 1, - "unmapped": { - "related_url": "https://www.trendmicro.com/cloudoneconformity/knowledge-base/gcp/CloudIAM/restrict-admin-access-for-service-accounts.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.5" - ], - "SOC2": [ - "cc_1_3", - "cc_6_3" - ], - "ISO27001-2022": [ - "A.5.15", - "A.5.18", - "A.8.2", - "A.8.3" - ], - "ENS-RD2022": [ - "op.acc.3.gcp.iam.1", - "opc.acc.4.gcp.iam.1" - ], - "PCI-4.0": [ - "1.5.1.31", - "7.2.1.5", - "7.2.1.11", - "7.2.1.14", - "7.2.1.15", - "7.2.1.16", - "7.2.1.19", - "7.2.2.5", - "7.2.2.14", - "7.2.2.15", - "7.2.2.16", - "7.2.2.17", - "7.2.2.19", - "7.2.3.7", - "7.2.5.3", - "7.2.5.7", - "7.2.5.10", - "7.2.5.11", - "7.2.5.12", - "7.2.5.13", - "7.3.1.3", - "7.3.1.7", - "7.3.1.10", - "7.3.1.11", - "7.3.1.12", - "7.3.1.13", - "7.3.2.3", - "7.3.2.7", - "7.3.2.8", - "7.3.2.10", - "7.3.2.11", - "7.3.2.13", - "7.3.3.3", - "7.3.3.7", - "7.3.3.10", - "7.3.3.11", - "7.3.3.12", - "7.3.3.13", - "8.2.1.4", - "8.2.2.6", - "8.2.5.4", - "8.2.7.3", - "8.2.7.10", - "8.2.7.11", - "8.2.7.13", - "8.2.8.5", - "8.2.8.9", - "8.2.8.12", - "8.2.8.13", - "8.2.8.15", - "8.3.4.3", - "8.3.4.10", - "8.3.4.11", - "8.3.4.12", - "8.3.4.13" - ], - "MITRE-ATTACK": [ - "T1078", - "T1098", - "T1556", - "T1578", - "T1550", - "T1606", - "T1040", - "T1087", - "T1580", - "T1538", - "T1069" - ], - "CIS-2.0": [ - "1.5" - ], - "NIS2": [ - "3.2.3.e", - "6.2.2.b", - "6.7.2.e", - "6.7.2.g", - "11.1.2.c", - "11.2.2.a", - "11.2.2.d", - "11.3.1", - "11.3.2.b", - "11.3.2.c", - "11.3.2.d", - "11.4.2.a", - "11.4.2.c" - ], - "ProwlerThreatScore-1.0": [ - "1.2.2" - ], - "CIS-4.0": [ - "1.5" - ], - "CCC": [ - "CCC.DataWar.CN03.AR01", - "CCC.GenAI.CN06.AR01", - "CCC.LB.CN04.AR01", - "CCC.LB.CN05.AR01", - "CCC.LB.CN09.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.MLDE.CN03.AR02", - "CCC.Monitor.CN06.AR01", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901392, - "created_time_dt": "2025-10-19T19:16:32.422645", - "desc": "Ensure Service Account does not have admin privileges", - "title": "Ensure Service Account does not have admin privileges", - "types": [], - "uid": "prowler-gcp-iam_sa_no_administrative_privileges-nodal-time-474015-p5-global-projects/nodal-time-474015-p5/serviceAccounts/vertex-ai-workbench-sa@nodal-time-474015-p5.iam.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/vertex-ai-workbench-sa@nodal-time-474015-p5.iam.gserviceaccount.com", - "email": "vertex-ai-workbench-sa@nodal-time-474015-p5.iam.gserviceaccount.com", - "display_name": "Vertex AI Workbench Service Account", - "keys": [ - { - "name": "92e39887344dae71e19dc25c005a53a68ceb62cb", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-16T23:21:52", - "valid_before": "2027-10-29T23:07:36" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "108352930858191263233" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "projects/nodal-time-474015-p5/serviceAccounts/vertex-ai-workbench-sa@nodal-time-474015-p5.iam.gserviceaccount.com", - "type": "ServiceAccount", - "uid": "vertex-ai-workbench-sa@nodal-time-474015-p5.iam.gserviceaccount.com" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "Ensure that your Google Cloud user-managed service accounts are not using privileged (administrator) roles, in order to implement the principle of least privilege and prevent any accidental or intentional modifications that may lead to data leaks and/or data loss.", - "references": [ - "https://cloud.google.com/iam/docs/manage-access-service-accounts" - ] - }, - "risk_details": "Enrolling ServiceAccount with Admin rights gives full access to an assigned application or a VM. A ServiceAccount Access holder can perform critical actions, such as delete and update change settings, without user intervention.", - "time": 1760901392, - "time_dt": "2025-10-19T19:16:32.422645", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Account gha-deployer@nodal-time-474015-p5.iam.gserviceaccount.com does not have user-managed keys.", - "metadata": { - "event_code": "iam_sa_no_user_managed_keys", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Account gha-deployer@nodal-time-474015-p5.iam.gserviceaccount.com does not have user-managed keys.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.4" - ], - "SOC2": [ - "cc_1_3" - ], - "ISO27001-2022": [ - "A.5.15", - "A.8.2" - ], - "ENS-RD2022": [ - "op.acc.2.gcp.rbak.1", - "op.acc.3.gcp.iam.1" - ], - "PCI-4.0": [ - "3.5.1.1.8", - "3.5.1.3.16", - "3.6.1.3.8", - "3.6.1.4.8", - "3.7.2.8", - "3.7.7.8", - "7.2.1.10", - "7.2.5.1.2", - "7.3.1.6", - "7.3.1.7", - "7.3.2.7", - "7.3.3.6", - "8.2.1.1", - "8.2.1.4", - "8.2.2.6", - "8.2.5.4" - ], - "MITRE-ATTACK": [ - "T1078", - "T1098", - "T1556", - "T1578", - "T1550", - "T1580", - "T1538", - "T1069" - ], - "CIS-2.0": [ - "1.4" - ], - "NIS2": [ - "6.2.2.b", - "9.2.c", - "9.2.c.i", - "9.2.c.xii", - "11.1.2.c", - "11.2.2.a", - "11.2.2.d", - "11.3.1", - "11.3.2.a", - "11.3.2.c", - "11.3.2.d", - "11.4.2.c", - "11.5.4" - ], - "CIS-4.0": [ - "1.4" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901392, - "created_time_dt": "2025-10-19T19:16:32.422645", - "desc": "Ensure That There Are Only GCP-Managed Service Account Keys for Each Service Account", - "title": "Ensure That There Are Only GCP-Managed Service Account Keys for Each Service Account", - "types": [], - "uid": "prowler-gcp-iam_sa_no_user_managed_keys-nodal-time-474015-p5-global-projects/nodal-time-474015-p5/serviceAccounts/gha-deployer@nodal-time-474015-p5.iam.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/gha-deployer@nodal-time-474015-p5.iam.gserviceaccount.com", - "email": "gha-deployer@nodal-time-474015-p5.iam.gserviceaccount.com", - "display_name": "GitHub Actions Deployer", - "keys": [ - { - "name": "3f2a81ba4bce0b39089b85a2e7678d09d2d183f6", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-16T22:26:26", - "valid_before": "2027-10-28T08:50:15" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "114112078080729873885" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "projects/nodal-time-474015-p5/serviceAccounts/gha-deployer@nodal-time-474015-p5.iam.gserviceaccount.com", - "type": "ServiceAccountKey", - "uid": "gha-deployer@nodal-time-474015-p5.iam.gserviceaccount.com" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended to prevent user-managed service account keys.", - "references": [ - "https://cloud.google.com/iam/docs/creating-managing-service-account-keys" - ] - }, - "risk_details": "Anyone who has access to the keys will be able to access resources through the service account. GCP-managed keys are used by Cloud Platform services such as App Engine and Compute Engine. These keys cannot be downloaded. Google will keep the keys and automatically rotate them on an approximately weekly basis. User-managed keys are created, downloadable, and managed by users.", - "time": 1760901392, - "time_dt": "2025-10-19T19:16:32.422645", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com has user-managed keys.", - "metadata": { - "event_code": "iam_sa_no_user_managed_keys", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com has user-managed keys.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.4" - ], - "SOC2": [ - "cc_1_3" - ], - "ISO27001-2022": [ - "A.5.15", - "A.8.2" - ], - "ENS-RD2022": [ - "op.acc.2.gcp.rbak.1", - "op.acc.3.gcp.iam.1" - ], - "PCI-4.0": [ - "3.5.1.1.8", - "3.5.1.3.16", - "3.6.1.3.8", - "3.6.1.4.8", - "3.7.2.8", - "3.7.7.8", - "7.2.1.10", - "7.2.5.1.2", - "7.3.1.6", - "7.3.1.7", - "7.3.2.7", - "7.3.3.6", - "8.2.1.1", - "8.2.1.4", - "8.2.2.6", - "8.2.5.4" - ], - "MITRE-ATTACK": [ - "T1078", - "T1098", - "T1556", - "T1578", - "T1550", - "T1580", - "T1538", - "T1069" - ], - "CIS-2.0": [ - "1.4" - ], - "NIS2": [ - "6.2.2.b", - "9.2.c", - "9.2.c.i", - "9.2.c.xii", - "11.1.2.c", - "11.2.2.a", - "11.2.2.d", - "11.3.1", - "11.3.2.a", - "11.3.2.c", - "11.3.2.d", - "11.4.2.c", - "11.5.4" - ], - "CIS-4.0": [ - "1.4" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901392, - "created_time_dt": "2025-10-19T19:16:32.422645", - "desc": "Ensure That There Are Only GCP-Managed Service Account Keys for Each Service Account", - "title": "Ensure That There Are Only GCP-Managed Service Account Keys for Each Service Account", - "types": [], - "uid": "prowler-gcp-iam_sa_no_user_managed_keys-nodal-time-474015-p5-global-projects/nodal-time-474015-p5/serviceAccounts/test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "email": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "display_name": "CCC Test User: test-user-trusted", - "keys": [ - { - "name": "2be636359d12f2e126e0d77f6dfaa3ba883c97c6", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-12T13:15:46", - "valid_before": "2025-10-29T13:15:46" - }, - { - "name": "b42bff156412b21c8615812a79d72ba55d6bafb4", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:44", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "24a51f6716e116e4b0c095d727d4a101242b82a2", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "a9ef76bd9a4bf65183c4eca79577351caf8a8b9c", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:47", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "3ec34a6521569dd67684f27f37d1d6ab56db09dc", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:43", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c450c6187eeddc932b29ffd3d0f3e675bf53af62", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:45", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "da1ab7a5db1c4c450463dd8897ce39f496b0ad66", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "f69cf03d448314cf03036f08165420dfe98b3992", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:50", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "ce51dbe0ea021fb2e8124f86d8842546246040c1", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:51", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "9fb92292efcb6cf783f5b7ef3bc67a293bea8a33", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:52", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c0604742fabec0b925df21e0606a25c9e007f571", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:38:22", - "valid_before": "9999-12-31T23:59:59" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "101453138596815216260" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "projects/nodal-time-474015-p5/serviceAccounts/test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "type": "ServiceAccountKey", - "uid": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended to prevent user-managed service account keys.", - "references": [ - "https://cloud.google.com/iam/docs/creating-managing-service-account-keys" - ] - }, - "risk_details": "Anyone who has access to the keys will be able to access resources through the service account. GCP-managed keys are used by Cloud Platform services such as App Engine and Compute Engine. These keys cannot be downloaded. Google will keep the keys and automatically rotate them on an approximately weekly basis. User-managed keys are created, downloadable, and managed by users.", - "time": 1760901392, - "time_dt": "2025-10-19T19:16:32.422645", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Account 784623368087-compute@developer.gserviceaccount.com does not have user-managed keys.", - "metadata": { - "event_code": "iam_sa_no_user_managed_keys", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Account 784623368087-compute@developer.gserviceaccount.com does not have user-managed keys.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.4" - ], - "SOC2": [ - "cc_1_3" - ], - "ISO27001-2022": [ - "A.5.15", - "A.8.2" - ], - "ENS-RD2022": [ - "op.acc.2.gcp.rbak.1", - "op.acc.3.gcp.iam.1" - ], - "PCI-4.0": [ - "3.5.1.1.8", - "3.5.1.3.16", - "3.6.1.3.8", - "3.6.1.4.8", - "3.7.2.8", - "3.7.7.8", - "7.2.1.10", - "7.2.5.1.2", - "7.3.1.6", - "7.3.1.7", - "7.3.2.7", - "7.3.3.6", - "8.2.1.1", - "8.2.1.4", - "8.2.2.6", - "8.2.5.4" - ], - "MITRE-ATTACK": [ - "T1078", - "T1098", - "T1556", - "T1578", - "T1550", - "T1580", - "T1538", - "T1069" - ], - "CIS-2.0": [ - "1.4" - ], - "NIS2": [ - "6.2.2.b", - "9.2.c", - "9.2.c.i", - "9.2.c.xii", - "11.1.2.c", - "11.2.2.a", - "11.2.2.d", - "11.3.1", - "11.3.2.a", - "11.3.2.c", - "11.3.2.d", - "11.4.2.c", - "11.5.4" - ], - "CIS-4.0": [ - "1.4" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901392, - "created_time_dt": "2025-10-19T19:16:32.422645", - "desc": "Ensure That There Are Only GCP-Managed Service Account Keys for Each Service Account", - "title": "Ensure That There Are Only GCP-Managed Service Account Keys for Each Service Account", - "types": [], - "uid": "prowler-gcp-iam_sa_no_user_managed_keys-nodal-time-474015-p5-global-projects/nodal-time-474015-p5/serviceAccounts/784623368087-compute@developer.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/784623368087-compute@developer.gserviceaccount.com", - "email": "784623368087-compute@developer.gserviceaccount.com", - "display_name": "Compute Engine default service account", - "keys": [ - { - "name": "202c306e41b020fefe81250bea563d31c07138e3", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-06T10:25:01", - "valid_before": "2025-10-23T10:25:01" - }, - { - "name": "93b9e85d69bcb0503b5a7696d8b3bf5855a91d37", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-15T10:25:01", - "valid_before": "2025-10-31T10:25:01" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "111974737467208838860" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "projects/nodal-time-474015-p5/serviceAccounts/784623368087-compute@developer.gserviceaccount.com", - "type": "ServiceAccountKey", - "uid": "784623368087-compute@developer.gserviceaccount.com" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended to prevent user-managed service account keys.", - "references": [ - "https://cloud.google.com/iam/docs/creating-managing-service-account-keys" - ] - }, - "risk_details": "Anyone who has access to the keys will be able to access resources through the service account. GCP-managed keys are used by Cloud Platform services such as App Engine and Compute Engine. These keys cannot be downloaded. Google will keep the keys and automatically rotate them on an approximately weekly basis. User-managed keys are created, downloadable, and managed by users.", - "time": 1760901392, - "time_dt": "2025-10-19T19:16:32.422645", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Account vertex-ai-workbench-sa@nodal-time-474015-p5.iam.gserviceaccount.com does not have user-managed keys.", - "metadata": { - "event_code": "iam_sa_no_user_managed_keys", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Account vertex-ai-workbench-sa@nodal-time-474015-p5.iam.gserviceaccount.com does not have user-managed keys.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.4" - ], - "SOC2": [ - "cc_1_3" - ], - "ISO27001-2022": [ - "A.5.15", - "A.8.2" - ], - "ENS-RD2022": [ - "op.acc.2.gcp.rbak.1", - "op.acc.3.gcp.iam.1" - ], - "PCI-4.0": [ - "3.5.1.1.8", - "3.5.1.3.16", - "3.6.1.3.8", - "3.6.1.4.8", - "3.7.2.8", - "3.7.7.8", - "7.2.1.10", - "7.2.5.1.2", - "7.3.1.6", - "7.3.1.7", - "7.3.2.7", - "7.3.3.6", - "8.2.1.1", - "8.2.1.4", - "8.2.2.6", - "8.2.5.4" - ], - "MITRE-ATTACK": [ - "T1078", - "T1098", - "T1556", - "T1578", - "T1550", - "T1580", - "T1538", - "T1069" - ], - "CIS-2.0": [ - "1.4" - ], - "NIS2": [ - "6.2.2.b", - "9.2.c", - "9.2.c.i", - "9.2.c.xii", - "11.1.2.c", - "11.2.2.a", - "11.2.2.d", - "11.3.1", - "11.3.2.a", - "11.3.2.c", - "11.3.2.d", - "11.4.2.c", - "11.5.4" - ], - "CIS-4.0": [ - "1.4" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901392, - "created_time_dt": "2025-10-19T19:16:32.422645", - "desc": "Ensure That There Are Only GCP-Managed Service Account Keys for Each Service Account", - "title": "Ensure That There Are Only GCP-Managed Service Account Keys for Each Service Account", - "types": [], - "uid": "prowler-gcp-iam_sa_no_user_managed_keys-nodal-time-474015-p5-global-projects/nodal-time-474015-p5/serviceAccounts/vertex-ai-workbench-sa@nodal-time-474015-p5.iam.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/vertex-ai-workbench-sa@nodal-time-474015-p5.iam.gserviceaccount.com", - "email": "vertex-ai-workbench-sa@nodal-time-474015-p5.iam.gserviceaccount.com", - "display_name": "Vertex AI Workbench Service Account", - "keys": [ - { - "name": "92e39887344dae71e19dc25c005a53a68ceb62cb", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-16T23:21:52", - "valid_before": "2027-10-29T23:07:36" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "108352930858191263233" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "projects/nodal-time-474015-p5/serviceAccounts/vertex-ai-workbench-sa@nodal-time-474015-p5.iam.gserviceaccount.com", - "type": "ServiceAccountKey", - "uid": "vertex-ai-workbench-sa@nodal-time-474015-p5.iam.gserviceaccount.com" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended to prevent user-managed service account keys.", - "references": [ - "https://cloud.google.com/iam/docs/creating-managing-service-account-keys" - ] - }, - "risk_details": "Anyone who has access to the keys will be able to access resources through the service account. GCP-managed keys are used by Cloud Platform services such as App Engine and Compute Engine. These keys cannot be downloaded. Google will keep the keys and automatically rotate them on an approximately weekly basis. User-managed keys are created, downloadable, and managed by users.", - "time": 1760901392, - "time_dt": "2025-10-19T19:16:32.422645", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User-managed key b42bff156412b21c8615812a79d72ba55d6bafb4 for account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was rotated over the last 90 days (6 days ago).", - "metadata": { - "event_code": "iam_sa_user_managed_key_rotate_90_days", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "PASS", - "status_detail": "User-managed key b42bff156412b21c8615812a79d72ba55d6bafb4 for account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was rotated over the last 90 days (6 days ago).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.7" - ], - "ISO27001-2022": [ - "A.5.16" - ], - "ENS-RD2022": [ - "op.acc.6.r1.gcp.ip.1" - ], - "PCI-4.0": [ - "3.7.5.2", - "7.2.5.1.2", - "8.3.10.1.1", - "8.3.5.1", - "8.3.7.1", - "8.3.9.1", - "8.6.3.1" - ], - "MITRE-ATTACK": [ - "T1078", - "T1098" - ], - "CIS-2.0": [ - "1.7" - ], - "NIS2": [ - "9.2.c", - "9.2.c.i", - "9.2.c.ii", - "9.2.c.v", - "9.2.c.vi", - "9.2.c.vii", - "9.2.c.xii", - "11.5.4", - "11.6.2.c", - "12.2.2.a", - "12.2.2.b" - ], - "ProwlerThreatScore-1.0": [ - "1.1.1" - ], - "CIS-4.0": [ - "1.7" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901392, - "created_time_dt": "2025-10-19T19:16:32.422645", - "desc": "Ensure User-Managed/External Keys for Service Accounts Are Rotated Every 90 Days", - "title": "Ensure User-Managed/External Keys for Service Accounts Are Rotated Every 90 Days", - "types": [], - "uid": "prowler-gcp-iam_sa_user_managed_key_rotate_90_days-nodal-time-474015-p5-global-test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "email": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "display_name": "CCC Test User: test-user-trusted", - "keys": [ - { - "name": "2be636359d12f2e126e0d77f6dfaa3ba883c97c6", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-12T13:15:46", - "valid_before": "2025-10-29T13:15:46" - }, - { - "name": "b42bff156412b21c8615812a79d72ba55d6bafb4", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:44", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "24a51f6716e116e4b0c095d727d4a101242b82a2", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "a9ef76bd9a4bf65183c4eca79577351caf8a8b9c", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:47", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "3ec34a6521569dd67684f27f37d1d6ab56db09dc", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:43", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c450c6187eeddc932b29ffd3d0f3e675bf53af62", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:45", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "da1ab7a5db1c4c450463dd8897ce39f496b0ad66", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "f69cf03d448314cf03036f08165420dfe98b3992", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:50", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "ce51dbe0ea021fb2e8124f86d8842546246040c1", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:51", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "9fb92292efcb6cf783f5b7ef3bc67a293bea8a33", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:52", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c0604742fabec0b925df21e0606a25c9e007f571", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:38:22", - "valid_before": "9999-12-31T23:59:59" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "101453138596815216260" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "type": "ServiceAccountKey", - "uid": "b42bff156412b21c8615812a79d72ba55d6bafb4" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended that all Service Account keys are regularly rotated.", - "references": [ - "https://cloud.google.com/iam/docs/creating-managing-service-account-keys" - ] - }, - "risk_details": "Service Account keys should be rotated to ensure that data cannot be accessed with an old key that might have been lost, cracked, or stolen.", - "time": 1760901392, - "time_dt": "2025-10-19T19:16:32.422645", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User-managed key 24a51f6716e116e4b0c095d727d4a101242b82a2 for account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was rotated over the last 90 days (6 days ago).", - "metadata": { - "event_code": "iam_sa_user_managed_key_rotate_90_days", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "PASS", - "status_detail": "User-managed key 24a51f6716e116e4b0c095d727d4a101242b82a2 for account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was rotated over the last 90 days (6 days ago).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.7" - ], - "ISO27001-2022": [ - "A.5.16" - ], - "ENS-RD2022": [ - "op.acc.6.r1.gcp.ip.1" - ], - "PCI-4.0": [ - "3.7.5.2", - "7.2.5.1.2", - "8.3.10.1.1", - "8.3.5.1", - "8.3.7.1", - "8.3.9.1", - "8.6.3.1" - ], - "MITRE-ATTACK": [ - "T1078", - "T1098" - ], - "CIS-2.0": [ - "1.7" - ], - "NIS2": [ - "9.2.c", - "9.2.c.i", - "9.2.c.ii", - "9.2.c.v", - "9.2.c.vi", - "9.2.c.vii", - "9.2.c.xii", - "11.5.4", - "11.6.2.c", - "12.2.2.a", - "12.2.2.b" - ], - "ProwlerThreatScore-1.0": [ - "1.1.1" - ], - "CIS-4.0": [ - "1.7" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901392, - "created_time_dt": "2025-10-19T19:16:32.422645", - "desc": "Ensure User-Managed/External Keys for Service Accounts Are Rotated Every 90 Days", - "title": "Ensure User-Managed/External Keys for Service Accounts Are Rotated Every 90 Days", - "types": [], - "uid": "prowler-gcp-iam_sa_user_managed_key_rotate_90_days-nodal-time-474015-p5-global-test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "email": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "display_name": "CCC Test User: test-user-trusted", - "keys": [ - { - "name": "2be636359d12f2e126e0d77f6dfaa3ba883c97c6", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-12T13:15:46", - "valid_before": "2025-10-29T13:15:46" - }, - { - "name": "b42bff156412b21c8615812a79d72ba55d6bafb4", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:44", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "24a51f6716e116e4b0c095d727d4a101242b82a2", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "a9ef76bd9a4bf65183c4eca79577351caf8a8b9c", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:47", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "3ec34a6521569dd67684f27f37d1d6ab56db09dc", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:43", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c450c6187eeddc932b29ffd3d0f3e675bf53af62", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:45", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "da1ab7a5db1c4c450463dd8897ce39f496b0ad66", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "f69cf03d448314cf03036f08165420dfe98b3992", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:50", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "ce51dbe0ea021fb2e8124f86d8842546246040c1", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:51", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "9fb92292efcb6cf783f5b7ef3bc67a293bea8a33", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:52", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c0604742fabec0b925df21e0606a25c9e007f571", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:38:22", - "valid_before": "9999-12-31T23:59:59" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "101453138596815216260" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "type": "ServiceAccountKey", - "uid": "24a51f6716e116e4b0c095d727d4a101242b82a2" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended that all Service Account keys are regularly rotated.", - "references": [ - "https://cloud.google.com/iam/docs/creating-managing-service-account-keys" - ] - }, - "risk_details": "Service Account keys should be rotated to ensure that data cannot be accessed with an old key that might have been lost, cracked, or stolen.", - "time": 1760901392, - "time_dt": "2025-10-19T19:16:32.422645", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User-managed key a9ef76bd9a4bf65183c4eca79577351caf8a8b9c for account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was rotated over the last 90 days (6 days ago).", - "metadata": { - "event_code": "iam_sa_user_managed_key_rotate_90_days", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "PASS", - "status_detail": "User-managed key a9ef76bd9a4bf65183c4eca79577351caf8a8b9c for account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was rotated over the last 90 days (6 days ago).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.7" - ], - "ISO27001-2022": [ - "A.5.16" - ], - "ENS-RD2022": [ - "op.acc.6.r1.gcp.ip.1" - ], - "PCI-4.0": [ - "3.7.5.2", - "7.2.5.1.2", - "8.3.10.1.1", - "8.3.5.1", - "8.3.7.1", - "8.3.9.1", - "8.6.3.1" - ], - "MITRE-ATTACK": [ - "T1078", - "T1098" - ], - "CIS-2.0": [ - "1.7" - ], - "NIS2": [ - "9.2.c", - "9.2.c.i", - "9.2.c.ii", - "9.2.c.v", - "9.2.c.vi", - "9.2.c.vii", - "9.2.c.xii", - "11.5.4", - "11.6.2.c", - "12.2.2.a", - "12.2.2.b" - ], - "ProwlerThreatScore-1.0": [ - "1.1.1" - ], - "CIS-4.0": [ - "1.7" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901392, - "created_time_dt": "2025-10-19T19:16:32.422645", - "desc": "Ensure User-Managed/External Keys for Service Accounts Are Rotated Every 90 Days", - "title": "Ensure User-Managed/External Keys for Service Accounts Are Rotated Every 90 Days", - "types": [], - "uid": "prowler-gcp-iam_sa_user_managed_key_rotate_90_days-nodal-time-474015-p5-global-test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "email": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "display_name": "CCC Test User: test-user-trusted", - "keys": [ - { - "name": "2be636359d12f2e126e0d77f6dfaa3ba883c97c6", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-12T13:15:46", - "valid_before": "2025-10-29T13:15:46" - }, - { - "name": "b42bff156412b21c8615812a79d72ba55d6bafb4", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:44", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "24a51f6716e116e4b0c095d727d4a101242b82a2", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "a9ef76bd9a4bf65183c4eca79577351caf8a8b9c", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:47", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "3ec34a6521569dd67684f27f37d1d6ab56db09dc", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:43", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c450c6187eeddc932b29ffd3d0f3e675bf53af62", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:45", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "da1ab7a5db1c4c450463dd8897ce39f496b0ad66", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "f69cf03d448314cf03036f08165420dfe98b3992", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:50", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "ce51dbe0ea021fb2e8124f86d8842546246040c1", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:51", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "9fb92292efcb6cf783f5b7ef3bc67a293bea8a33", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:52", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c0604742fabec0b925df21e0606a25c9e007f571", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:38:22", - "valid_before": "9999-12-31T23:59:59" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "101453138596815216260" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "type": "ServiceAccountKey", - "uid": "a9ef76bd9a4bf65183c4eca79577351caf8a8b9c" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended that all Service Account keys are regularly rotated.", - "references": [ - "https://cloud.google.com/iam/docs/creating-managing-service-account-keys" - ] - }, - "risk_details": "Service Account keys should be rotated to ensure that data cannot be accessed with an old key that might have been lost, cracked, or stolen.", - "time": 1760901392, - "time_dt": "2025-10-19T19:16:32.422645", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User-managed key 3ec34a6521569dd67684f27f37d1d6ab56db09dc for account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was rotated over the last 90 days (4 days ago).", - "metadata": { - "event_code": "iam_sa_user_managed_key_rotate_90_days", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "PASS", - "status_detail": "User-managed key 3ec34a6521569dd67684f27f37d1d6ab56db09dc for account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was rotated over the last 90 days (4 days ago).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.7" - ], - "ISO27001-2022": [ - "A.5.16" - ], - "ENS-RD2022": [ - "op.acc.6.r1.gcp.ip.1" - ], - "PCI-4.0": [ - "3.7.5.2", - "7.2.5.1.2", - "8.3.10.1.1", - "8.3.5.1", - "8.3.7.1", - "8.3.9.1", - "8.6.3.1" - ], - "MITRE-ATTACK": [ - "T1078", - "T1098" - ], - "CIS-2.0": [ - "1.7" - ], - "NIS2": [ - "9.2.c", - "9.2.c.i", - "9.2.c.ii", - "9.2.c.v", - "9.2.c.vi", - "9.2.c.vii", - "9.2.c.xii", - "11.5.4", - "11.6.2.c", - "12.2.2.a", - "12.2.2.b" - ], - "ProwlerThreatScore-1.0": [ - "1.1.1" - ], - "CIS-4.0": [ - "1.7" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901392, - "created_time_dt": "2025-10-19T19:16:32.422645", - "desc": "Ensure User-Managed/External Keys for Service Accounts Are Rotated Every 90 Days", - "title": "Ensure User-Managed/External Keys for Service Accounts Are Rotated Every 90 Days", - "types": [], - "uid": "prowler-gcp-iam_sa_user_managed_key_rotate_90_days-nodal-time-474015-p5-global-test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "email": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "display_name": "CCC Test User: test-user-trusted", - "keys": [ - { - "name": "2be636359d12f2e126e0d77f6dfaa3ba883c97c6", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-12T13:15:46", - "valid_before": "2025-10-29T13:15:46" - }, - { - "name": "b42bff156412b21c8615812a79d72ba55d6bafb4", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:44", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "24a51f6716e116e4b0c095d727d4a101242b82a2", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "a9ef76bd9a4bf65183c4eca79577351caf8a8b9c", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:47", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "3ec34a6521569dd67684f27f37d1d6ab56db09dc", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:43", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c450c6187eeddc932b29ffd3d0f3e675bf53af62", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:45", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "da1ab7a5db1c4c450463dd8897ce39f496b0ad66", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "f69cf03d448314cf03036f08165420dfe98b3992", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:50", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "ce51dbe0ea021fb2e8124f86d8842546246040c1", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:51", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "9fb92292efcb6cf783f5b7ef3bc67a293bea8a33", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:52", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c0604742fabec0b925df21e0606a25c9e007f571", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:38:22", - "valid_before": "9999-12-31T23:59:59" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "101453138596815216260" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "type": "ServiceAccountKey", - "uid": "3ec34a6521569dd67684f27f37d1d6ab56db09dc" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended that all Service Account keys are regularly rotated.", - "references": [ - "https://cloud.google.com/iam/docs/creating-managing-service-account-keys" - ] - }, - "risk_details": "Service Account keys should be rotated to ensure that data cannot be accessed with an old key that might have been lost, cracked, or stolen.", - "time": 1760901392, - "time_dt": "2025-10-19T19:16:32.422645", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User-managed key c450c6187eeddc932b29ffd3d0f3e675bf53af62 for account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was rotated over the last 90 days (4 days ago).", - "metadata": { - "event_code": "iam_sa_user_managed_key_rotate_90_days", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "PASS", - "status_detail": "User-managed key c450c6187eeddc932b29ffd3d0f3e675bf53af62 for account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was rotated over the last 90 days (4 days ago).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.7" - ], - "ISO27001-2022": [ - "A.5.16" - ], - "ENS-RD2022": [ - "op.acc.6.r1.gcp.ip.1" - ], - "PCI-4.0": [ - "3.7.5.2", - "7.2.5.1.2", - "8.3.10.1.1", - "8.3.5.1", - "8.3.7.1", - "8.3.9.1", - "8.6.3.1" - ], - "MITRE-ATTACK": [ - "T1078", - "T1098" - ], - "CIS-2.0": [ - "1.7" - ], - "NIS2": [ - "9.2.c", - "9.2.c.i", - "9.2.c.ii", - "9.2.c.v", - "9.2.c.vi", - "9.2.c.vii", - "9.2.c.xii", - "11.5.4", - "11.6.2.c", - "12.2.2.a", - "12.2.2.b" - ], - "ProwlerThreatScore-1.0": [ - "1.1.1" - ], - "CIS-4.0": [ - "1.7" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901392, - "created_time_dt": "2025-10-19T19:16:32.422645", - "desc": "Ensure User-Managed/External Keys for Service Accounts Are Rotated Every 90 Days", - "title": "Ensure User-Managed/External Keys for Service Accounts Are Rotated Every 90 Days", - "types": [], - "uid": "prowler-gcp-iam_sa_user_managed_key_rotate_90_days-nodal-time-474015-p5-global-test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "email": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "display_name": "CCC Test User: test-user-trusted", - "keys": [ - { - "name": "2be636359d12f2e126e0d77f6dfaa3ba883c97c6", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-12T13:15:46", - "valid_before": "2025-10-29T13:15:46" - }, - { - "name": "b42bff156412b21c8615812a79d72ba55d6bafb4", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:44", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "24a51f6716e116e4b0c095d727d4a101242b82a2", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "a9ef76bd9a4bf65183c4eca79577351caf8a8b9c", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:47", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "3ec34a6521569dd67684f27f37d1d6ab56db09dc", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:43", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c450c6187eeddc932b29ffd3d0f3e675bf53af62", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:45", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "da1ab7a5db1c4c450463dd8897ce39f496b0ad66", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "f69cf03d448314cf03036f08165420dfe98b3992", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:50", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "ce51dbe0ea021fb2e8124f86d8842546246040c1", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:51", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "9fb92292efcb6cf783f5b7ef3bc67a293bea8a33", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:52", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c0604742fabec0b925df21e0606a25c9e007f571", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:38:22", - "valid_before": "9999-12-31T23:59:59" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "101453138596815216260" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "type": "ServiceAccountKey", - "uid": "c450c6187eeddc932b29ffd3d0f3e675bf53af62" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended that all Service Account keys are regularly rotated.", - "references": [ - "https://cloud.google.com/iam/docs/creating-managing-service-account-keys" - ] - }, - "risk_details": "Service Account keys should be rotated to ensure that data cannot be accessed with an old key that might have been lost, cracked, or stolen.", - "time": 1760901392, - "time_dt": "2025-10-19T19:16:32.422645", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User-managed key da1ab7a5db1c4c450463dd8897ce39f496b0ad66 for account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was rotated over the last 90 days (4 days ago).", - "metadata": { - "event_code": "iam_sa_user_managed_key_rotate_90_days", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "PASS", - "status_detail": "User-managed key da1ab7a5db1c4c450463dd8897ce39f496b0ad66 for account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was rotated over the last 90 days (4 days ago).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.7" - ], - "ISO27001-2022": [ - "A.5.16" - ], - "ENS-RD2022": [ - "op.acc.6.r1.gcp.ip.1" - ], - "PCI-4.0": [ - "3.7.5.2", - "7.2.5.1.2", - "8.3.10.1.1", - "8.3.5.1", - "8.3.7.1", - "8.3.9.1", - "8.6.3.1" - ], - "MITRE-ATTACK": [ - "T1078", - "T1098" - ], - "CIS-2.0": [ - "1.7" - ], - "NIS2": [ - "9.2.c", - "9.2.c.i", - "9.2.c.ii", - "9.2.c.v", - "9.2.c.vi", - "9.2.c.vii", - "9.2.c.xii", - "11.5.4", - "11.6.2.c", - "12.2.2.a", - "12.2.2.b" - ], - "ProwlerThreatScore-1.0": [ - "1.1.1" - ], - "CIS-4.0": [ - "1.7" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901392, - "created_time_dt": "2025-10-19T19:16:32.422645", - "desc": "Ensure User-Managed/External Keys for Service Accounts Are Rotated Every 90 Days", - "title": "Ensure User-Managed/External Keys for Service Accounts Are Rotated Every 90 Days", - "types": [], - "uid": "prowler-gcp-iam_sa_user_managed_key_rotate_90_days-nodal-time-474015-p5-global-test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "email": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "display_name": "CCC Test User: test-user-trusted", - "keys": [ - { - "name": "2be636359d12f2e126e0d77f6dfaa3ba883c97c6", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-12T13:15:46", - "valid_before": "2025-10-29T13:15:46" - }, - { - "name": "b42bff156412b21c8615812a79d72ba55d6bafb4", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:44", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "24a51f6716e116e4b0c095d727d4a101242b82a2", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "a9ef76bd9a4bf65183c4eca79577351caf8a8b9c", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:47", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "3ec34a6521569dd67684f27f37d1d6ab56db09dc", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:43", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c450c6187eeddc932b29ffd3d0f3e675bf53af62", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:45", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "da1ab7a5db1c4c450463dd8897ce39f496b0ad66", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "f69cf03d448314cf03036f08165420dfe98b3992", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:50", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "ce51dbe0ea021fb2e8124f86d8842546246040c1", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:51", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "9fb92292efcb6cf783f5b7ef3bc67a293bea8a33", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:52", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c0604742fabec0b925df21e0606a25c9e007f571", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:38:22", - "valid_before": "9999-12-31T23:59:59" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "101453138596815216260" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "type": "ServiceAccountKey", - "uid": "da1ab7a5db1c4c450463dd8897ce39f496b0ad66" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended that all Service Account keys are regularly rotated.", - "references": [ - "https://cloud.google.com/iam/docs/creating-managing-service-account-keys" - ] - }, - "risk_details": "Service Account keys should be rotated to ensure that data cannot be accessed with an old key that might have been lost, cracked, or stolen.", - "time": 1760901392, - "time_dt": "2025-10-19T19:16:32.422645", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User-managed key f69cf03d448314cf03036f08165420dfe98b3992 for account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was rotated over the last 90 days (4 days ago).", - "metadata": { - "event_code": "iam_sa_user_managed_key_rotate_90_days", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "PASS", - "status_detail": "User-managed key f69cf03d448314cf03036f08165420dfe98b3992 for account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was rotated over the last 90 days (4 days ago).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.7" - ], - "ISO27001-2022": [ - "A.5.16" - ], - "ENS-RD2022": [ - "op.acc.6.r1.gcp.ip.1" - ], - "PCI-4.0": [ - "3.7.5.2", - "7.2.5.1.2", - "8.3.10.1.1", - "8.3.5.1", - "8.3.7.1", - "8.3.9.1", - "8.6.3.1" - ], - "MITRE-ATTACK": [ - "T1078", - "T1098" - ], - "CIS-2.0": [ - "1.7" - ], - "NIS2": [ - "9.2.c", - "9.2.c.i", - "9.2.c.ii", - "9.2.c.v", - "9.2.c.vi", - "9.2.c.vii", - "9.2.c.xii", - "11.5.4", - "11.6.2.c", - "12.2.2.a", - "12.2.2.b" - ], - "ProwlerThreatScore-1.0": [ - "1.1.1" - ], - "CIS-4.0": [ - "1.7" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901392, - "created_time_dt": "2025-10-19T19:16:32.422645", - "desc": "Ensure User-Managed/External Keys for Service Accounts Are Rotated Every 90 Days", - "title": "Ensure User-Managed/External Keys for Service Accounts Are Rotated Every 90 Days", - "types": [], - "uid": "prowler-gcp-iam_sa_user_managed_key_rotate_90_days-nodal-time-474015-p5-global-test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "email": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "display_name": "CCC Test User: test-user-trusted", - "keys": [ - { - "name": "2be636359d12f2e126e0d77f6dfaa3ba883c97c6", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-12T13:15:46", - "valid_before": "2025-10-29T13:15:46" - }, - { - "name": "b42bff156412b21c8615812a79d72ba55d6bafb4", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:44", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "24a51f6716e116e4b0c095d727d4a101242b82a2", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "a9ef76bd9a4bf65183c4eca79577351caf8a8b9c", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:47", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "3ec34a6521569dd67684f27f37d1d6ab56db09dc", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:43", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c450c6187eeddc932b29ffd3d0f3e675bf53af62", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:45", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "da1ab7a5db1c4c450463dd8897ce39f496b0ad66", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "f69cf03d448314cf03036f08165420dfe98b3992", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:50", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "ce51dbe0ea021fb2e8124f86d8842546246040c1", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:51", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "9fb92292efcb6cf783f5b7ef3bc67a293bea8a33", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:52", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c0604742fabec0b925df21e0606a25c9e007f571", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:38:22", - "valid_before": "9999-12-31T23:59:59" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "101453138596815216260" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "type": "ServiceAccountKey", - "uid": "f69cf03d448314cf03036f08165420dfe98b3992" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended that all Service Account keys are regularly rotated.", - "references": [ - "https://cloud.google.com/iam/docs/creating-managing-service-account-keys" - ] - }, - "risk_details": "Service Account keys should be rotated to ensure that data cannot be accessed with an old key that might have been lost, cracked, or stolen.", - "time": 1760901392, - "time_dt": "2025-10-19T19:16:32.422645", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User-managed key ce51dbe0ea021fb2e8124f86d8842546246040c1 for account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was rotated over the last 90 days (4 days ago).", - "metadata": { - "event_code": "iam_sa_user_managed_key_rotate_90_days", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "PASS", - "status_detail": "User-managed key ce51dbe0ea021fb2e8124f86d8842546246040c1 for account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was rotated over the last 90 days (4 days ago).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.7" - ], - "ISO27001-2022": [ - "A.5.16" - ], - "ENS-RD2022": [ - "op.acc.6.r1.gcp.ip.1" - ], - "PCI-4.0": [ - "3.7.5.2", - "7.2.5.1.2", - "8.3.10.1.1", - "8.3.5.1", - "8.3.7.1", - "8.3.9.1", - "8.6.3.1" - ], - "MITRE-ATTACK": [ - "T1078", - "T1098" - ], - "CIS-2.0": [ - "1.7" - ], - "NIS2": [ - "9.2.c", - "9.2.c.i", - "9.2.c.ii", - "9.2.c.v", - "9.2.c.vi", - "9.2.c.vii", - "9.2.c.xii", - "11.5.4", - "11.6.2.c", - "12.2.2.a", - "12.2.2.b" - ], - "ProwlerThreatScore-1.0": [ - "1.1.1" - ], - "CIS-4.0": [ - "1.7" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901392, - "created_time_dt": "2025-10-19T19:16:32.422645", - "desc": "Ensure User-Managed/External Keys for Service Accounts Are Rotated Every 90 Days", - "title": "Ensure User-Managed/External Keys for Service Accounts Are Rotated Every 90 Days", - "types": [], - "uid": "prowler-gcp-iam_sa_user_managed_key_rotate_90_days-nodal-time-474015-p5-global-test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "email": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "display_name": "CCC Test User: test-user-trusted", - "keys": [ - { - "name": "2be636359d12f2e126e0d77f6dfaa3ba883c97c6", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-12T13:15:46", - "valid_before": "2025-10-29T13:15:46" - }, - { - "name": "b42bff156412b21c8615812a79d72ba55d6bafb4", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:44", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "24a51f6716e116e4b0c095d727d4a101242b82a2", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "a9ef76bd9a4bf65183c4eca79577351caf8a8b9c", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:47", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "3ec34a6521569dd67684f27f37d1d6ab56db09dc", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:43", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c450c6187eeddc932b29ffd3d0f3e675bf53af62", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:45", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "da1ab7a5db1c4c450463dd8897ce39f496b0ad66", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "f69cf03d448314cf03036f08165420dfe98b3992", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:50", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "ce51dbe0ea021fb2e8124f86d8842546246040c1", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:51", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "9fb92292efcb6cf783f5b7ef3bc67a293bea8a33", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:52", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c0604742fabec0b925df21e0606a25c9e007f571", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:38:22", - "valid_before": "9999-12-31T23:59:59" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "101453138596815216260" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "type": "ServiceAccountKey", - "uid": "ce51dbe0ea021fb2e8124f86d8842546246040c1" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended that all Service Account keys are regularly rotated.", - "references": [ - "https://cloud.google.com/iam/docs/creating-managing-service-account-keys" - ] - }, - "risk_details": "Service Account keys should be rotated to ensure that data cannot be accessed with an old key that might have been lost, cracked, or stolen.", - "time": 1760901392, - "time_dt": "2025-10-19T19:16:32.422645", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User-managed key 9fb92292efcb6cf783f5b7ef3bc67a293bea8a33 for account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was rotated over the last 90 days (4 days ago).", - "metadata": { - "event_code": "iam_sa_user_managed_key_rotate_90_days", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "PASS", - "status_detail": "User-managed key 9fb92292efcb6cf783f5b7ef3bc67a293bea8a33 for account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was rotated over the last 90 days (4 days ago).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.7" - ], - "ISO27001-2022": [ - "A.5.16" - ], - "ENS-RD2022": [ - "op.acc.6.r1.gcp.ip.1" - ], - "PCI-4.0": [ - "3.7.5.2", - "7.2.5.1.2", - "8.3.10.1.1", - "8.3.5.1", - "8.3.7.1", - "8.3.9.1", - "8.6.3.1" - ], - "MITRE-ATTACK": [ - "T1078", - "T1098" - ], - "CIS-2.0": [ - "1.7" - ], - "NIS2": [ - "9.2.c", - "9.2.c.i", - "9.2.c.ii", - "9.2.c.v", - "9.2.c.vi", - "9.2.c.vii", - "9.2.c.xii", - "11.5.4", - "11.6.2.c", - "12.2.2.a", - "12.2.2.b" - ], - "ProwlerThreatScore-1.0": [ - "1.1.1" - ], - "CIS-4.0": [ - "1.7" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901392, - "created_time_dt": "2025-10-19T19:16:32.422645", - "desc": "Ensure User-Managed/External Keys for Service Accounts Are Rotated Every 90 Days", - "title": "Ensure User-Managed/External Keys for Service Accounts Are Rotated Every 90 Days", - "types": [], - "uid": "prowler-gcp-iam_sa_user_managed_key_rotate_90_days-nodal-time-474015-p5-global-test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "email": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "display_name": "CCC Test User: test-user-trusted", - "keys": [ - { - "name": "2be636359d12f2e126e0d77f6dfaa3ba883c97c6", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-12T13:15:46", - "valid_before": "2025-10-29T13:15:46" - }, - { - "name": "b42bff156412b21c8615812a79d72ba55d6bafb4", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:44", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "24a51f6716e116e4b0c095d727d4a101242b82a2", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "a9ef76bd9a4bf65183c4eca79577351caf8a8b9c", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:47", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "3ec34a6521569dd67684f27f37d1d6ab56db09dc", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:43", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c450c6187eeddc932b29ffd3d0f3e675bf53af62", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:45", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "da1ab7a5db1c4c450463dd8897ce39f496b0ad66", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "f69cf03d448314cf03036f08165420dfe98b3992", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:50", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "ce51dbe0ea021fb2e8124f86d8842546246040c1", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:51", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "9fb92292efcb6cf783f5b7ef3bc67a293bea8a33", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:52", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c0604742fabec0b925df21e0606a25c9e007f571", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:38:22", - "valid_before": "9999-12-31T23:59:59" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "101453138596815216260" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "type": "ServiceAccountKey", - "uid": "9fb92292efcb6cf783f5b7ef3bc67a293bea8a33" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended that all Service Account keys are regularly rotated.", - "references": [ - "https://cloud.google.com/iam/docs/creating-managing-service-account-keys" - ] - }, - "risk_details": "Service Account keys should be rotated to ensure that data cannot be accessed with an old key that might have been lost, cracked, or stolen.", - "time": 1760901392, - "time_dt": "2025-10-19T19:16:32.422645", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User-managed key c0604742fabec0b925df21e0606a25c9e007f571 for account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was rotated over the last 90 days (4 days ago).", - "metadata": { - "event_code": "iam_sa_user_managed_key_rotate_90_days", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "PASS", - "status_detail": "User-managed key c0604742fabec0b925df21e0606a25c9e007f571 for account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was rotated over the last 90 days (4 days ago).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.7" - ], - "ISO27001-2022": [ - "A.5.16" - ], - "ENS-RD2022": [ - "op.acc.6.r1.gcp.ip.1" - ], - "PCI-4.0": [ - "3.7.5.2", - "7.2.5.1.2", - "8.3.10.1.1", - "8.3.5.1", - "8.3.7.1", - "8.3.9.1", - "8.6.3.1" - ], - "MITRE-ATTACK": [ - "T1078", - "T1098" - ], - "CIS-2.0": [ - "1.7" - ], - "NIS2": [ - "9.2.c", - "9.2.c.i", - "9.2.c.ii", - "9.2.c.v", - "9.2.c.vi", - "9.2.c.vii", - "9.2.c.xii", - "11.5.4", - "11.6.2.c", - "12.2.2.a", - "12.2.2.b" - ], - "ProwlerThreatScore-1.0": [ - "1.1.1" - ], - "CIS-4.0": [ - "1.7" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901392, - "created_time_dt": "2025-10-19T19:16:32.422645", - "desc": "Ensure User-Managed/External Keys for Service Accounts Are Rotated Every 90 Days", - "title": "Ensure User-Managed/External Keys for Service Accounts Are Rotated Every 90 Days", - "types": [], - "uid": "prowler-gcp-iam_sa_user_managed_key_rotate_90_days-nodal-time-474015-p5-global-test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "email": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "display_name": "CCC Test User: test-user-trusted", - "keys": [ - { - "name": "2be636359d12f2e126e0d77f6dfaa3ba883c97c6", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-12T13:15:46", - "valid_before": "2025-10-29T13:15:46" - }, - { - "name": "b42bff156412b21c8615812a79d72ba55d6bafb4", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:44", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "24a51f6716e116e4b0c095d727d4a101242b82a2", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "a9ef76bd9a4bf65183c4eca79577351caf8a8b9c", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:47", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "3ec34a6521569dd67684f27f37d1d6ab56db09dc", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:43", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c450c6187eeddc932b29ffd3d0f3e675bf53af62", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:45", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "da1ab7a5db1c4c450463dd8897ce39f496b0ad66", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "f69cf03d448314cf03036f08165420dfe98b3992", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:50", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "ce51dbe0ea021fb2e8124f86d8842546246040c1", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:51", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "9fb92292efcb6cf783f5b7ef3bc67a293bea8a33", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:52", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c0604742fabec0b925df21e0606a25c9e007f571", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:38:22", - "valid_before": "9999-12-31T23:59:59" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "101453138596815216260" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "type": "ServiceAccountKey", - "uid": "c0604742fabec0b925df21e0606a25c9e007f571" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended that all Service Account keys are regularly rotated.", - "references": [ - "https://cloud.google.com/iam/docs/creating-managing-service-account-keys" - ] - }, - "risk_details": "Service Account keys should be rotated to ensure that data cannot be accessed with an old key that might have been lost, cracked, or stolen.", - "time": 1760901392, - "time_dt": "2025-10-19T19:16:32.422645", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User-managed key b42bff156412b21c8615812a79d72ba55d6bafb4 for Service Account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was not used over the last 180 days.", - "metadata": { - "event_code": "iam_sa_user_managed_key_unused", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "User-managed key b42bff156412b21c8615812a79d72ba55d6bafb4 for Service Account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was not used over the last 180 days.", - "status_id": 1, - "unmapped": { - "related_url": "https://cloud.google.com/iam/docs/service-account-overview#identify-unused", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_1_3", - "cc_6_3" - ], - "MITRE-ATTACK": [ - "T1078" - ], - "NIS2": [ - "6.2.2.b", - "9.2.c", - "9.2.c.i", - "9.2.c.vii", - "9.2.c.xii", - "11.5.4" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901392, - "created_time_dt": "2025-10-19T19:16:32.422645", - "desc": "Ensure That There Are No Unused Service Account Keys for Each Service Account.", - "title": "Ensure That There Are No Unused Service Account Keys for Each Service Account", - "types": [], - "uid": "prowler-gcp-iam_sa_user_managed_key_unused-nodal-time-474015-p5-global-test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "email": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "display_name": "CCC Test User: test-user-trusted", - "keys": [ - { - "name": "2be636359d12f2e126e0d77f6dfaa3ba883c97c6", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-12T13:15:46", - "valid_before": "2025-10-29T13:15:46" - }, - { - "name": "b42bff156412b21c8615812a79d72ba55d6bafb4", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:44", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "24a51f6716e116e4b0c095d727d4a101242b82a2", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "a9ef76bd9a4bf65183c4eca79577351caf8a8b9c", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:47", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "3ec34a6521569dd67684f27f37d1d6ab56db09dc", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:43", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c450c6187eeddc932b29ffd3d0f3e675bf53af62", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:45", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "da1ab7a5db1c4c450463dd8897ce39f496b0ad66", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "f69cf03d448314cf03036f08165420dfe98b3992", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:50", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "ce51dbe0ea021fb2e8124f86d8842546246040c1", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:51", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "9fb92292efcb6cf783f5b7ef3bc67a293bea8a33", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:52", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c0604742fabec0b925df21e0606a25c9e007f571", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:38:22", - "valid_before": "9999-12-31T23:59:59" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "101453138596815216260" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "type": "ServiceAccountKey", - "uid": "b42bff156412b21c8615812a79d72ba55d6bafb4" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended to prevent user-managed service account keys.", - "references": [ - "https://cloud.google.com/iam/docs/creating-managing-service-account-keys" - ] - }, - "risk_details": "Anyone who has access to the keys will be able to access resources through the service account. GCP-managed keys are used by Cloud Platform services such as App Engine and Compute Engine. These keys cannot be downloaded. Google will keep the keys and automatically rotate them on an approximately weekly basis. User-managed keys are created, downloadable, and managed by users.", - "time": 1760901392, - "time_dt": "2025-10-19T19:16:32.422645", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User-managed key 24a51f6716e116e4b0c095d727d4a101242b82a2 for Service Account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was not used over the last 180 days.", - "metadata": { - "event_code": "iam_sa_user_managed_key_unused", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "User-managed key 24a51f6716e116e4b0c095d727d4a101242b82a2 for Service Account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was not used over the last 180 days.", - "status_id": 1, - "unmapped": { - "related_url": "https://cloud.google.com/iam/docs/service-account-overview#identify-unused", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_1_3", - "cc_6_3" - ], - "MITRE-ATTACK": [ - "T1078" - ], - "NIS2": [ - "6.2.2.b", - "9.2.c", - "9.2.c.i", - "9.2.c.vii", - "9.2.c.xii", - "11.5.4" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901392, - "created_time_dt": "2025-10-19T19:16:32.422645", - "desc": "Ensure That There Are No Unused Service Account Keys for Each Service Account.", - "title": "Ensure That There Are No Unused Service Account Keys for Each Service Account", - "types": [], - "uid": "prowler-gcp-iam_sa_user_managed_key_unused-nodal-time-474015-p5-global-test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "email": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "display_name": "CCC Test User: test-user-trusted", - "keys": [ - { - "name": "2be636359d12f2e126e0d77f6dfaa3ba883c97c6", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-12T13:15:46", - "valid_before": "2025-10-29T13:15:46" - }, - { - "name": "b42bff156412b21c8615812a79d72ba55d6bafb4", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:44", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "24a51f6716e116e4b0c095d727d4a101242b82a2", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "a9ef76bd9a4bf65183c4eca79577351caf8a8b9c", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:47", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "3ec34a6521569dd67684f27f37d1d6ab56db09dc", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:43", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c450c6187eeddc932b29ffd3d0f3e675bf53af62", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:45", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "da1ab7a5db1c4c450463dd8897ce39f496b0ad66", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "f69cf03d448314cf03036f08165420dfe98b3992", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:50", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "ce51dbe0ea021fb2e8124f86d8842546246040c1", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:51", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "9fb92292efcb6cf783f5b7ef3bc67a293bea8a33", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:52", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c0604742fabec0b925df21e0606a25c9e007f571", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:38:22", - "valid_before": "9999-12-31T23:59:59" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "101453138596815216260" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "type": "ServiceAccountKey", - "uid": "24a51f6716e116e4b0c095d727d4a101242b82a2" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended to prevent user-managed service account keys.", - "references": [ - "https://cloud.google.com/iam/docs/creating-managing-service-account-keys" - ] - }, - "risk_details": "Anyone who has access to the keys will be able to access resources through the service account. GCP-managed keys are used by Cloud Platform services such as App Engine and Compute Engine. These keys cannot be downloaded. Google will keep the keys and automatically rotate them on an approximately weekly basis. User-managed keys are created, downloadable, and managed by users.", - "time": 1760901392, - "time_dt": "2025-10-19T19:16:32.422645", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User-managed key a9ef76bd9a4bf65183c4eca79577351caf8a8b9c for Service Account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was not used over the last 180 days.", - "metadata": { - "event_code": "iam_sa_user_managed_key_unused", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "User-managed key a9ef76bd9a4bf65183c4eca79577351caf8a8b9c for Service Account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was not used over the last 180 days.", - "status_id": 1, - "unmapped": { - "related_url": "https://cloud.google.com/iam/docs/service-account-overview#identify-unused", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_1_3", - "cc_6_3" - ], - "MITRE-ATTACK": [ - "T1078" - ], - "NIS2": [ - "6.2.2.b", - "9.2.c", - "9.2.c.i", - "9.2.c.vii", - "9.2.c.xii", - "11.5.4" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901392, - "created_time_dt": "2025-10-19T19:16:32.422645", - "desc": "Ensure That There Are No Unused Service Account Keys for Each Service Account.", - "title": "Ensure That There Are No Unused Service Account Keys for Each Service Account", - "types": [], - "uid": "prowler-gcp-iam_sa_user_managed_key_unused-nodal-time-474015-p5-global-test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "email": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "display_name": "CCC Test User: test-user-trusted", - "keys": [ - { - "name": "2be636359d12f2e126e0d77f6dfaa3ba883c97c6", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-12T13:15:46", - "valid_before": "2025-10-29T13:15:46" - }, - { - "name": "b42bff156412b21c8615812a79d72ba55d6bafb4", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:44", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "24a51f6716e116e4b0c095d727d4a101242b82a2", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "a9ef76bd9a4bf65183c4eca79577351caf8a8b9c", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:47", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "3ec34a6521569dd67684f27f37d1d6ab56db09dc", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:43", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c450c6187eeddc932b29ffd3d0f3e675bf53af62", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:45", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "da1ab7a5db1c4c450463dd8897ce39f496b0ad66", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "f69cf03d448314cf03036f08165420dfe98b3992", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:50", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "ce51dbe0ea021fb2e8124f86d8842546246040c1", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:51", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "9fb92292efcb6cf783f5b7ef3bc67a293bea8a33", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:52", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c0604742fabec0b925df21e0606a25c9e007f571", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:38:22", - "valid_before": "9999-12-31T23:59:59" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "101453138596815216260" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "type": "ServiceAccountKey", - "uid": "a9ef76bd9a4bf65183c4eca79577351caf8a8b9c" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended to prevent user-managed service account keys.", - "references": [ - "https://cloud.google.com/iam/docs/creating-managing-service-account-keys" - ] - }, - "risk_details": "Anyone who has access to the keys will be able to access resources through the service account. GCP-managed keys are used by Cloud Platform services such as App Engine and Compute Engine. These keys cannot be downloaded. Google will keep the keys and automatically rotate them on an approximately weekly basis. User-managed keys are created, downloadable, and managed by users.", - "time": 1760901392, - "time_dt": "2025-10-19T19:16:32.422645", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User-managed key 3ec34a6521569dd67684f27f37d1d6ab56db09dc for Service Account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was not used over the last 180 days.", - "metadata": { - "event_code": "iam_sa_user_managed_key_unused", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "User-managed key 3ec34a6521569dd67684f27f37d1d6ab56db09dc for Service Account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was not used over the last 180 days.", - "status_id": 1, - "unmapped": { - "related_url": "https://cloud.google.com/iam/docs/service-account-overview#identify-unused", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_1_3", - "cc_6_3" - ], - "MITRE-ATTACK": [ - "T1078" - ], - "NIS2": [ - "6.2.2.b", - "9.2.c", - "9.2.c.i", - "9.2.c.vii", - "9.2.c.xii", - "11.5.4" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901392, - "created_time_dt": "2025-10-19T19:16:32.422645", - "desc": "Ensure That There Are No Unused Service Account Keys for Each Service Account.", - "title": "Ensure That There Are No Unused Service Account Keys for Each Service Account", - "types": [], - "uid": "prowler-gcp-iam_sa_user_managed_key_unused-nodal-time-474015-p5-global-test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "email": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "display_name": "CCC Test User: test-user-trusted", - "keys": [ - { - "name": "2be636359d12f2e126e0d77f6dfaa3ba883c97c6", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-12T13:15:46", - "valid_before": "2025-10-29T13:15:46" - }, - { - "name": "b42bff156412b21c8615812a79d72ba55d6bafb4", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:44", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "24a51f6716e116e4b0c095d727d4a101242b82a2", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "a9ef76bd9a4bf65183c4eca79577351caf8a8b9c", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:47", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "3ec34a6521569dd67684f27f37d1d6ab56db09dc", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:43", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c450c6187eeddc932b29ffd3d0f3e675bf53af62", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:45", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "da1ab7a5db1c4c450463dd8897ce39f496b0ad66", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "f69cf03d448314cf03036f08165420dfe98b3992", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:50", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "ce51dbe0ea021fb2e8124f86d8842546246040c1", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:51", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "9fb92292efcb6cf783f5b7ef3bc67a293bea8a33", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:52", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c0604742fabec0b925df21e0606a25c9e007f571", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:38:22", - "valid_before": "9999-12-31T23:59:59" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "101453138596815216260" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "type": "ServiceAccountKey", - "uid": "3ec34a6521569dd67684f27f37d1d6ab56db09dc" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended to prevent user-managed service account keys.", - "references": [ - "https://cloud.google.com/iam/docs/creating-managing-service-account-keys" - ] - }, - "risk_details": "Anyone who has access to the keys will be able to access resources through the service account. GCP-managed keys are used by Cloud Platform services such as App Engine and Compute Engine. These keys cannot be downloaded. Google will keep the keys and automatically rotate them on an approximately weekly basis. User-managed keys are created, downloadable, and managed by users.", - "time": 1760901392, - "time_dt": "2025-10-19T19:16:32.422645", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User-managed key c450c6187eeddc932b29ffd3d0f3e675bf53af62 for Service Account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was not used over the last 180 days.", - "metadata": { - "event_code": "iam_sa_user_managed_key_unused", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "User-managed key c450c6187eeddc932b29ffd3d0f3e675bf53af62 for Service Account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was not used over the last 180 days.", - "status_id": 1, - "unmapped": { - "related_url": "https://cloud.google.com/iam/docs/service-account-overview#identify-unused", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_1_3", - "cc_6_3" - ], - "MITRE-ATTACK": [ - "T1078" - ], - "NIS2": [ - "6.2.2.b", - "9.2.c", - "9.2.c.i", - "9.2.c.vii", - "9.2.c.xii", - "11.5.4" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901392, - "created_time_dt": "2025-10-19T19:16:32.422645", - "desc": "Ensure That There Are No Unused Service Account Keys for Each Service Account.", - "title": "Ensure That There Are No Unused Service Account Keys for Each Service Account", - "types": [], - "uid": "prowler-gcp-iam_sa_user_managed_key_unused-nodal-time-474015-p5-global-test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "email": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "display_name": "CCC Test User: test-user-trusted", - "keys": [ - { - "name": "2be636359d12f2e126e0d77f6dfaa3ba883c97c6", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-12T13:15:46", - "valid_before": "2025-10-29T13:15:46" - }, - { - "name": "b42bff156412b21c8615812a79d72ba55d6bafb4", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:44", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "24a51f6716e116e4b0c095d727d4a101242b82a2", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "a9ef76bd9a4bf65183c4eca79577351caf8a8b9c", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:47", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "3ec34a6521569dd67684f27f37d1d6ab56db09dc", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:43", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c450c6187eeddc932b29ffd3d0f3e675bf53af62", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:45", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "da1ab7a5db1c4c450463dd8897ce39f496b0ad66", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "f69cf03d448314cf03036f08165420dfe98b3992", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:50", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "ce51dbe0ea021fb2e8124f86d8842546246040c1", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:51", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "9fb92292efcb6cf783f5b7ef3bc67a293bea8a33", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:52", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c0604742fabec0b925df21e0606a25c9e007f571", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:38:22", - "valid_before": "9999-12-31T23:59:59" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "101453138596815216260" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "type": "ServiceAccountKey", - "uid": "c450c6187eeddc932b29ffd3d0f3e675bf53af62" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended to prevent user-managed service account keys.", - "references": [ - "https://cloud.google.com/iam/docs/creating-managing-service-account-keys" - ] - }, - "risk_details": "Anyone who has access to the keys will be able to access resources through the service account. GCP-managed keys are used by Cloud Platform services such as App Engine and Compute Engine. These keys cannot be downloaded. Google will keep the keys and automatically rotate them on an approximately weekly basis. User-managed keys are created, downloadable, and managed by users.", - "time": 1760901392, - "time_dt": "2025-10-19T19:16:32.422645", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User-managed key da1ab7a5db1c4c450463dd8897ce39f496b0ad66 for Service Account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was not used over the last 180 days.", - "metadata": { - "event_code": "iam_sa_user_managed_key_unused", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "User-managed key da1ab7a5db1c4c450463dd8897ce39f496b0ad66 for Service Account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was not used over the last 180 days.", - "status_id": 1, - "unmapped": { - "related_url": "https://cloud.google.com/iam/docs/service-account-overview#identify-unused", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_1_3", - "cc_6_3" - ], - "MITRE-ATTACK": [ - "T1078" - ], - "NIS2": [ - "6.2.2.b", - "9.2.c", - "9.2.c.i", - "9.2.c.vii", - "9.2.c.xii", - "11.5.4" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901392, - "created_time_dt": "2025-10-19T19:16:32.422645", - "desc": "Ensure That There Are No Unused Service Account Keys for Each Service Account.", - "title": "Ensure That There Are No Unused Service Account Keys for Each Service Account", - "types": [], - "uid": "prowler-gcp-iam_sa_user_managed_key_unused-nodal-time-474015-p5-global-test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "email": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "display_name": "CCC Test User: test-user-trusted", - "keys": [ - { - "name": "2be636359d12f2e126e0d77f6dfaa3ba883c97c6", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-12T13:15:46", - "valid_before": "2025-10-29T13:15:46" - }, - { - "name": "b42bff156412b21c8615812a79d72ba55d6bafb4", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:44", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "24a51f6716e116e4b0c095d727d4a101242b82a2", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "a9ef76bd9a4bf65183c4eca79577351caf8a8b9c", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:47", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "3ec34a6521569dd67684f27f37d1d6ab56db09dc", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:43", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c450c6187eeddc932b29ffd3d0f3e675bf53af62", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:45", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "da1ab7a5db1c4c450463dd8897ce39f496b0ad66", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "f69cf03d448314cf03036f08165420dfe98b3992", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:50", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "ce51dbe0ea021fb2e8124f86d8842546246040c1", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:51", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "9fb92292efcb6cf783f5b7ef3bc67a293bea8a33", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:52", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c0604742fabec0b925df21e0606a25c9e007f571", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:38:22", - "valid_before": "9999-12-31T23:59:59" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "101453138596815216260" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "type": "ServiceAccountKey", - "uid": "da1ab7a5db1c4c450463dd8897ce39f496b0ad66" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended to prevent user-managed service account keys.", - "references": [ - "https://cloud.google.com/iam/docs/creating-managing-service-account-keys" - ] - }, - "risk_details": "Anyone who has access to the keys will be able to access resources through the service account. GCP-managed keys are used by Cloud Platform services such as App Engine and Compute Engine. These keys cannot be downloaded. Google will keep the keys and automatically rotate them on an approximately weekly basis. User-managed keys are created, downloadable, and managed by users.", - "time": 1760901392, - "time_dt": "2025-10-19T19:16:32.422645", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User-managed key f69cf03d448314cf03036f08165420dfe98b3992 for Service Account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was not used over the last 180 days.", - "metadata": { - "event_code": "iam_sa_user_managed_key_unused", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "User-managed key f69cf03d448314cf03036f08165420dfe98b3992 for Service Account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was not used over the last 180 days.", - "status_id": 1, - "unmapped": { - "related_url": "https://cloud.google.com/iam/docs/service-account-overview#identify-unused", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_1_3", - "cc_6_3" - ], - "MITRE-ATTACK": [ - "T1078" - ], - "NIS2": [ - "6.2.2.b", - "9.2.c", - "9.2.c.i", - "9.2.c.vii", - "9.2.c.xii", - "11.5.4" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901392, - "created_time_dt": "2025-10-19T19:16:32.422645", - "desc": "Ensure That There Are No Unused Service Account Keys for Each Service Account.", - "title": "Ensure That There Are No Unused Service Account Keys for Each Service Account", - "types": [], - "uid": "prowler-gcp-iam_sa_user_managed_key_unused-nodal-time-474015-p5-global-test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "email": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "display_name": "CCC Test User: test-user-trusted", - "keys": [ - { - "name": "2be636359d12f2e126e0d77f6dfaa3ba883c97c6", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-12T13:15:46", - "valid_before": "2025-10-29T13:15:46" - }, - { - "name": "b42bff156412b21c8615812a79d72ba55d6bafb4", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:44", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "24a51f6716e116e4b0c095d727d4a101242b82a2", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "a9ef76bd9a4bf65183c4eca79577351caf8a8b9c", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:47", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "3ec34a6521569dd67684f27f37d1d6ab56db09dc", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:43", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c450c6187eeddc932b29ffd3d0f3e675bf53af62", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:45", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "da1ab7a5db1c4c450463dd8897ce39f496b0ad66", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "f69cf03d448314cf03036f08165420dfe98b3992", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:50", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "ce51dbe0ea021fb2e8124f86d8842546246040c1", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:51", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "9fb92292efcb6cf783f5b7ef3bc67a293bea8a33", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:52", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c0604742fabec0b925df21e0606a25c9e007f571", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:38:22", - "valid_before": "9999-12-31T23:59:59" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "101453138596815216260" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "type": "ServiceAccountKey", - "uid": "f69cf03d448314cf03036f08165420dfe98b3992" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended to prevent user-managed service account keys.", - "references": [ - "https://cloud.google.com/iam/docs/creating-managing-service-account-keys" - ] - }, - "risk_details": "Anyone who has access to the keys will be able to access resources through the service account. GCP-managed keys are used by Cloud Platform services such as App Engine and Compute Engine. These keys cannot be downloaded. Google will keep the keys and automatically rotate them on an approximately weekly basis. User-managed keys are created, downloadable, and managed by users.", - "time": 1760901392, - "time_dt": "2025-10-19T19:16:32.422645", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User-managed key ce51dbe0ea021fb2e8124f86d8842546246040c1 for Service Account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was not used over the last 180 days.", - "metadata": { - "event_code": "iam_sa_user_managed_key_unused", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "User-managed key ce51dbe0ea021fb2e8124f86d8842546246040c1 for Service Account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was not used over the last 180 days.", - "status_id": 1, - "unmapped": { - "related_url": "https://cloud.google.com/iam/docs/service-account-overview#identify-unused", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_1_3", - "cc_6_3" - ], - "MITRE-ATTACK": [ - "T1078" - ], - "NIS2": [ - "6.2.2.b", - "9.2.c", - "9.2.c.i", - "9.2.c.vii", - "9.2.c.xii", - "11.5.4" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901392, - "created_time_dt": "2025-10-19T19:16:32.422645", - "desc": "Ensure That There Are No Unused Service Account Keys for Each Service Account.", - "title": "Ensure That There Are No Unused Service Account Keys for Each Service Account", - "types": [], - "uid": "prowler-gcp-iam_sa_user_managed_key_unused-nodal-time-474015-p5-global-test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "email": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "display_name": "CCC Test User: test-user-trusted", - "keys": [ - { - "name": "2be636359d12f2e126e0d77f6dfaa3ba883c97c6", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-12T13:15:46", - "valid_before": "2025-10-29T13:15:46" - }, - { - "name": "b42bff156412b21c8615812a79d72ba55d6bafb4", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:44", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "24a51f6716e116e4b0c095d727d4a101242b82a2", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "a9ef76bd9a4bf65183c4eca79577351caf8a8b9c", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:47", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "3ec34a6521569dd67684f27f37d1d6ab56db09dc", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:43", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c450c6187eeddc932b29ffd3d0f3e675bf53af62", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:45", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "da1ab7a5db1c4c450463dd8897ce39f496b0ad66", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "f69cf03d448314cf03036f08165420dfe98b3992", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:50", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "ce51dbe0ea021fb2e8124f86d8842546246040c1", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:51", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "9fb92292efcb6cf783f5b7ef3bc67a293bea8a33", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:52", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c0604742fabec0b925df21e0606a25c9e007f571", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:38:22", - "valid_before": "9999-12-31T23:59:59" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "101453138596815216260" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "type": "ServiceAccountKey", - "uid": "ce51dbe0ea021fb2e8124f86d8842546246040c1" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended to prevent user-managed service account keys.", - "references": [ - "https://cloud.google.com/iam/docs/creating-managing-service-account-keys" - ] - }, - "risk_details": "Anyone who has access to the keys will be able to access resources through the service account. GCP-managed keys are used by Cloud Platform services such as App Engine and Compute Engine. These keys cannot be downloaded. Google will keep the keys and automatically rotate them on an approximately weekly basis. User-managed keys are created, downloadable, and managed by users.", - "time": 1760901392, - "time_dt": "2025-10-19T19:16:32.422645", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User-managed key 9fb92292efcb6cf783f5b7ef3bc67a293bea8a33 for Service Account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was not used over the last 180 days.", - "metadata": { - "event_code": "iam_sa_user_managed_key_unused", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "User-managed key 9fb92292efcb6cf783f5b7ef3bc67a293bea8a33 for Service Account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was not used over the last 180 days.", - "status_id": 1, - "unmapped": { - "related_url": "https://cloud.google.com/iam/docs/service-account-overview#identify-unused", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_1_3", - "cc_6_3" - ], - "MITRE-ATTACK": [ - "T1078" - ], - "NIS2": [ - "6.2.2.b", - "9.2.c", - "9.2.c.i", - "9.2.c.vii", - "9.2.c.xii", - "11.5.4" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901392, - "created_time_dt": "2025-10-19T19:16:32.422645", - "desc": "Ensure That There Are No Unused Service Account Keys for Each Service Account.", - "title": "Ensure That There Are No Unused Service Account Keys for Each Service Account", - "types": [], - "uid": "prowler-gcp-iam_sa_user_managed_key_unused-nodal-time-474015-p5-global-test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "email": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "display_name": "CCC Test User: test-user-trusted", - "keys": [ - { - "name": "2be636359d12f2e126e0d77f6dfaa3ba883c97c6", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-12T13:15:46", - "valid_before": "2025-10-29T13:15:46" - }, - { - "name": "b42bff156412b21c8615812a79d72ba55d6bafb4", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:44", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "24a51f6716e116e4b0c095d727d4a101242b82a2", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "a9ef76bd9a4bf65183c4eca79577351caf8a8b9c", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:47", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "3ec34a6521569dd67684f27f37d1d6ab56db09dc", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:43", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c450c6187eeddc932b29ffd3d0f3e675bf53af62", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:45", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "da1ab7a5db1c4c450463dd8897ce39f496b0ad66", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "f69cf03d448314cf03036f08165420dfe98b3992", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:50", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "ce51dbe0ea021fb2e8124f86d8842546246040c1", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:51", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "9fb92292efcb6cf783f5b7ef3bc67a293bea8a33", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:52", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c0604742fabec0b925df21e0606a25c9e007f571", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:38:22", - "valid_before": "9999-12-31T23:59:59" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "101453138596815216260" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "type": "ServiceAccountKey", - "uid": "9fb92292efcb6cf783f5b7ef3bc67a293bea8a33" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended to prevent user-managed service account keys.", - "references": [ - "https://cloud.google.com/iam/docs/creating-managing-service-account-keys" - ] - }, - "risk_details": "Anyone who has access to the keys will be able to access resources through the service account. GCP-managed keys are used by Cloud Platform services such as App Engine and Compute Engine. These keys cannot be downloaded. Google will keep the keys and automatically rotate them on an approximately weekly basis. User-managed keys are created, downloadable, and managed by users.", - "time": 1760901392, - "time_dt": "2025-10-19T19:16:32.422645", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User-managed key c0604742fabec0b925df21e0606a25c9e007f571 for Service Account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was not used over the last 180 days.", - "metadata": { - "event_code": "iam_sa_user_managed_key_unused", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "User-managed key c0604742fabec0b925df21e0606a25c9e007f571 for Service Account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was not used over the last 180 days.", - "status_id": 1, - "unmapped": { - "related_url": "https://cloud.google.com/iam/docs/service-account-overview#identify-unused", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_1_3", - "cc_6_3" - ], - "MITRE-ATTACK": [ - "T1078" - ], - "NIS2": [ - "6.2.2.b", - "9.2.c", - "9.2.c.i", - "9.2.c.vii", - "9.2.c.xii", - "11.5.4" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901392, - "created_time_dt": "2025-10-19T19:16:32.422645", - "desc": "Ensure That There Are No Unused Service Account Keys for Each Service Account.", - "title": "Ensure That There Are No Unused Service Account Keys for Each Service Account", - "types": [], - "uid": "prowler-gcp-iam_sa_user_managed_key_unused-nodal-time-474015-p5-global-test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "email": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "display_name": "CCC Test User: test-user-trusted", - "keys": [ - { - "name": "2be636359d12f2e126e0d77f6dfaa3ba883c97c6", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-12T13:15:46", - "valid_before": "2025-10-29T13:15:46" - }, - { - "name": "b42bff156412b21c8615812a79d72ba55d6bafb4", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:44", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "24a51f6716e116e4b0c095d727d4a101242b82a2", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "a9ef76bd9a4bf65183c4eca79577351caf8a8b9c", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:47", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "3ec34a6521569dd67684f27f37d1d6ab56db09dc", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:43", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c450c6187eeddc932b29ffd3d0f3e675bf53af62", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:45", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "da1ab7a5db1c4c450463dd8897ce39f496b0ad66", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "f69cf03d448314cf03036f08165420dfe98b3992", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:50", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "ce51dbe0ea021fb2e8124f86d8842546246040c1", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:51", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "9fb92292efcb6cf783f5b7ef3bc67a293bea8a33", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:52", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c0604742fabec0b925df21e0606a25c9e007f571", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:38:22", - "valid_before": "9999-12-31T23:59:59" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "101453138596815216260" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "type": "ServiceAccountKey", - "uid": "c0604742fabec0b925df21e0606a25c9e007f571" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended to prevent user-managed service account keys.", - "references": [ - "https://cloud.google.com/iam/docs/creating-managing-service-account-keys" - ] - }, - "risk_details": "Anyone who has access to the keys will be able to access resources through the service account. GCP-managed keys are used by Cloud Platform services such as App Engine and Compute Engine. These keys cannot be downloaded. Google will keep the keys and automatically rotate them on an approximately weekly basis. User-managed keys are created, downloadable, and managed by users.", - "time": 1760901392, - "time_dt": "2025-10-19T19:16:32.422645", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Service Account gha-deployer@nodal-time-474015-p5.iam.gserviceaccount.com was used over the last 180 days.", - "metadata": { - "event_code": "iam_service_account_unused", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Service Account gha-deployer@nodal-time-474015-p5.iam.gserviceaccount.com was used over the last 180 days.", - "status_id": 1, - "unmapped": { - "related_url": "https://cloud.google.com/iam/docs/service-account-overview#identify-unused", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "MITRE-ATTACK": [ - "T1078" - ], - "NIS2": [ - "6.2.2.b", - "11.1.2.c", - "11.2.2.a", - "11.2.2.d", - "11.3.1", - "11.3.2.a", - "11.3.2.c", - "11.4.2.a", - "11.4.2.c", - "11.5.4" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901392, - "created_time_dt": "2025-10-19T19:16:32.422645", - "desc": "Ensure That There Are No Unused Service Accounts.", - "title": "Ensure That There Are No Unused Service Accounts", - "types": [], - "uid": "prowler-gcp-iam_service_account_unused-nodal-time-474015-p5-global-projects/nodal-time-474015-p5/serviceAccounts/gha-deployer@nodal-time-474015-p5.iam.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/gha-deployer@nodal-time-474015-p5.iam.gserviceaccount.com", - "email": "gha-deployer@nodal-time-474015-p5.iam.gserviceaccount.com", - "display_name": "GitHub Actions Deployer", - "keys": [ - { - "name": "3f2a81ba4bce0b39089b85a2e7678d09d2d183f6", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-16T22:26:26", - "valid_before": "2027-10-28T08:50:15" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "114112078080729873885" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "projects/nodal-time-474015-p5/serviceAccounts/gha-deployer@nodal-time-474015-p5.iam.gserviceaccount.com", - "type": "ServiceAccount", - "uid": "gha-deployer@nodal-time-474015-p5.iam.gserviceaccount.com" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended to disable or remove unused Service Accounts.", - "references": [ - "https://cloud.google.com/iam/docs/service-account-overview#identify-unused" - ] - }, - "risk_details": "A malicious actor could make use of privilege escalation or impersonation to access an unused Service Account that is over-privileged.", - "time": 1760901392, - "time_dt": "2025-10-19T19:16:32.422645", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Service Account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was not used over the last 180 days.", - "metadata": { - "event_code": "iam_service_account_unused", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Service Account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was not used over the last 180 days.", - "status_id": 1, - "unmapped": { - "related_url": "https://cloud.google.com/iam/docs/service-account-overview#identify-unused", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "MITRE-ATTACK": [ - "T1078" - ], - "NIS2": [ - "6.2.2.b", - "11.1.2.c", - "11.2.2.a", - "11.2.2.d", - "11.3.1", - "11.3.2.a", - "11.3.2.c", - "11.4.2.a", - "11.4.2.c", - "11.5.4" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901392, - "created_time_dt": "2025-10-19T19:16:32.422645", - "desc": "Ensure That There Are No Unused Service Accounts.", - "title": "Ensure That There Are No Unused Service Accounts", - "types": [], - "uid": "prowler-gcp-iam_service_account_unused-nodal-time-474015-p5-global-projects/nodal-time-474015-p5/serviceAccounts/test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "email": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "display_name": "CCC Test User: test-user-trusted", - "keys": [ - { - "name": "2be636359d12f2e126e0d77f6dfaa3ba883c97c6", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-12T13:15:46", - "valid_before": "2025-10-29T13:15:46" - }, - { - "name": "b42bff156412b21c8615812a79d72ba55d6bafb4", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:44", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "24a51f6716e116e4b0c095d727d4a101242b82a2", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "a9ef76bd9a4bf65183c4eca79577351caf8a8b9c", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:47", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "3ec34a6521569dd67684f27f37d1d6ab56db09dc", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:43", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c450c6187eeddc932b29ffd3d0f3e675bf53af62", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:45", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "da1ab7a5db1c4c450463dd8897ce39f496b0ad66", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "f69cf03d448314cf03036f08165420dfe98b3992", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:50", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "ce51dbe0ea021fb2e8124f86d8842546246040c1", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:51", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "9fb92292efcb6cf783f5b7ef3bc67a293bea8a33", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:52", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c0604742fabec0b925df21e0606a25c9e007f571", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:38:22", - "valid_before": "9999-12-31T23:59:59" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "101453138596815216260" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "projects/nodal-time-474015-p5/serviceAccounts/test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "type": "ServiceAccount", - "uid": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended to disable or remove unused Service Accounts.", - "references": [ - "https://cloud.google.com/iam/docs/service-account-overview#identify-unused" - ] - }, - "risk_details": "A malicious actor could make use of privilege escalation or impersonation to access an unused Service Account that is over-privileged.", - "time": 1760901392, - "time_dt": "2025-10-19T19:16:32.422645", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Service Account 784623368087-compute@developer.gserviceaccount.com was not used over the last 180 days.", - "metadata": { - "event_code": "iam_service_account_unused", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Service Account 784623368087-compute@developer.gserviceaccount.com was not used over the last 180 days.", - "status_id": 1, - "unmapped": { - "related_url": "https://cloud.google.com/iam/docs/service-account-overview#identify-unused", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "MITRE-ATTACK": [ - "T1078" - ], - "NIS2": [ - "6.2.2.b", - "11.1.2.c", - "11.2.2.a", - "11.2.2.d", - "11.3.1", - "11.3.2.a", - "11.3.2.c", - "11.4.2.a", - "11.4.2.c", - "11.5.4" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901392, - "created_time_dt": "2025-10-19T19:16:32.422645", - "desc": "Ensure That There Are No Unused Service Accounts.", - "title": "Ensure That There Are No Unused Service Accounts", - "types": [], - "uid": "prowler-gcp-iam_service_account_unused-nodal-time-474015-p5-global-projects/nodal-time-474015-p5/serviceAccounts/784623368087-compute@developer.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/784623368087-compute@developer.gserviceaccount.com", - "email": "784623368087-compute@developer.gserviceaccount.com", - "display_name": "Compute Engine default service account", - "keys": [ - { - "name": "202c306e41b020fefe81250bea563d31c07138e3", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-06T10:25:01", - "valid_before": "2025-10-23T10:25:01" - }, - { - "name": "93b9e85d69bcb0503b5a7696d8b3bf5855a91d37", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-15T10:25:01", - "valid_before": "2025-10-31T10:25:01" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "111974737467208838860" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "projects/nodal-time-474015-p5/serviceAccounts/784623368087-compute@developer.gserviceaccount.com", - "type": "ServiceAccount", - "uid": "784623368087-compute@developer.gserviceaccount.com" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended to disable or remove unused Service Accounts.", - "references": [ - "https://cloud.google.com/iam/docs/service-account-overview#identify-unused" - ] - }, - "risk_details": "A malicious actor could make use of privilege escalation or impersonation to access an unused Service Account that is over-privileged.", - "time": 1760901392, - "time_dt": "2025-10-19T19:16:32.422645", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Service Account vertex-ai-workbench-sa@nodal-time-474015-p5.iam.gserviceaccount.com was not used over the last 180 days.", - "metadata": { - "event_code": "iam_service_account_unused", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Service Account vertex-ai-workbench-sa@nodal-time-474015-p5.iam.gserviceaccount.com was not used over the last 180 days.", - "status_id": 1, - "unmapped": { - "related_url": "https://cloud.google.com/iam/docs/service-account-overview#identify-unused", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "MITRE-ATTACK": [ - "T1078" - ], - "NIS2": [ - "6.2.2.b", - "11.1.2.c", - "11.2.2.a", - "11.2.2.d", - "11.3.1", - "11.3.2.a", - "11.3.2.c", - "11.4.2.a", - "11.4.2.c", - "11.5.4" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901392, - "created_time_dt": "2025-10-19T19:16:32.422645", - "desc": "Ensure That There Are No Unused Service Accounts.", - "title": "Ensure That There Are No Unused Service Accounts", - "types": [], - "uid": "prowler-gcp-iam_service_account_unused-nodal-time-474015-p5-global-projects/nodal-time-474015-p5/serviceAccounts/vertex-ai-workbench-sa@nodal-time-474015-p5.iam.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/vertex-ai-workbench-sa@nodal-time-474015-p5.iam.gserviceaccount.com", - "email": "vertex-ai-workbench-sa@nodal-time-474015-p5.iam.gserviceaccount.com", - "display_name": "Vertex AI Workbench Service Account", - "keys": [ - { - "name": "92e39887344dae71e19dc25c005a53a68ceb62cb", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-16T23:21:52", - "valid_before": "2027-10-29T23:07:36" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "108352930858191263233" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "projects/nodal-time-474015-p5/serviceAccounts/vertex-ai-workbench-sa@nodal-time-474015-p5.iam.gserviceaccount.com", - "type": "ServiceAccount", - "uid": "vertex-ai-workbench-sa@nodal-time-474015-p5.iam.gserviceaccount.com" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended to disable or remove unused Service Accounts.", - "references": [ - "https://cloud.google.com/iam/docs/service-account-overview#identify-unused" - ] - }, - "risk_details": "A malicious actor could make use of privilege escalation or impersonation to access an unused Service Account that is over-privileged.", - "time": 1760901392, - "time_dt": "2025-10-19T19:16:32.422645", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Key cfi-bucket-key-13fa4761 is not exposed to Public.", - "metadata": { - "event_code": "kms_key_not_publicly_accessible", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Key cfi-bucket-key-13fa4761 is not exposed to Public.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.9" - ], - "ISO27001-2022": [ - "A.8.1", - "A.8.12", - "A.8.24" - ], - "ENS-RD2022": [ - "op.exp.10.gcp.kms.1" - ], - "PCI-4.0": [ - "10.3.3.6", - "3.5.1.1.7", - "3.5.1.1.8", - "3.5.1.3.15", - "3.5.1.3.16", - "3.5.1.5", - "3.5.1.15", - "3.5.1.16", - "3.5.1.17", - "3.5.1.31", - "3.5.1.32", - "3.5.1.35", - "3.6.1.2.7", - "3.6.1.2.8", - "3.6.1.3.7", - "3.6.1.3.8", - "3.6.1.4.7", - "3.6.1.4.8", - "3.6.1.7", - "3.6.1.8", - "3.7.1.8", - "3.7.1.9", - "3.7.2.7", - "3.7.2.8", - "3.7.4.5", - "3.7.4.8", - "3.7.4.9", - "3.7.5.2", - "3.7.6.7", - "3.7.6.8", - "3.7.7.7", - "3.7.7.8", - "4.2.1.1.20", - "4.2.1.1.21", - "7.2.1.9", - "7.2.1.10", - "7.2.2.9", - "7.2.2.10", - "7.2.3.5", - "7.2.3.6", - "7.2.5.5", - "7.2.5.6", - "7.3.1.5", - "7.3.1.6", - "7.3.2.5", - "7.3.2.6", - "7.3.3.5", - "7.3.3.6", - "8.2.7.5", - "8.2.7.6", - "8.2.8.7", - "8.2.8.8", - "8.3.2.9", - "8.3.2.24", - "8.3.2.50", - "8.3.2.51", - "8.3.2.53", - "8.3.2.54", - "8.3.4.5", - "8.3.4.6", - "A1.2.1.11" - ], - "MITRE-ATTACK": [ - "T1190" - ], - "CIS-2.0": [ - "1.9" - ], - "NIS2": [ - "9.2.c", - "9.2.c.i", - "9.2.c.iv", - "9.2.c.vi", - "9.2.c.xii", - "11.4.2.c", - "11.6.1" - ], - "ProwlerThreatScore-1.0": [ - "1.2.3" - ], - "CIS-4.0": [ - "1.9" - ], - "CCC": [ - "CCC.GenAI.CN03.AR01", - "CCC.GenAI.CN04.AR01", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR01", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN02.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04", - "CCC.Core.CN11.AR05", - "CCC.Core.CN11.AR06", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901392, - "created_time_dt": "2025-10-19T19:16:32.422645", - "desc": "Check for Publicly Accessible Cloud KMS Keys", - "title": "Check for Publicly Accessible Cloud KMS Keys", - "types": [], - "uid": "prowler-gcp-kms_key_not_publicly_accessible-nodal-time-474015-p5-us-central1-cfi-bucket-key-13fa4761" - }, - "resources": [ - { - "region": "us-central1", - "data": { - "details": "", - "metadata": { - "id": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-13fa4761/cryptoKeys/cfi-bucket-key-13fa4761", - "name": "cfi-bucket-key-13fa4761", - "location": "us-central1", - "rotation_period": null, - "next_rotation_time": null, - "key_ring": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-13fa4761", - "members": [], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "cfi-bucket-key-13fa4761", - "type": "CryptoKey", - "uid": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-13fa4761/cryptoKeys/cfi-bucket-key-13fa4761" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-central1" - }, - "remediation": { - "desc": "To deny access from anonymous and public users, remove the bindings for 'allUsers' and 'allAuthenticatedUsers' members from the KMS key's IAM policy.", - "references": [ - "https://cloud.google.com/kms/docs/iam" - ] - }, - "risk_details": "Ensure that the IAM policy associated with your Cloud Key Management Service (KMS) keys is restricting anonymous and/or public access", - "time": 1760901392, - "time_dt": "2025-10-19T19:16:32.422645", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Key cfi-bucket-key-1c7d7a2a is not exposed to Public.", - "metadata": { - "event_code": "kms_key_not_publicly_accessible", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Key cfi-bucket-key-1c7d7a2a is not exposed to Public.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.9" - ], - "ISO27001-2022": [ - "A.8.1", - "A.8.12", - "A.8.24" - ], - "ENS-RD2022": [ - "op.exp.10.gcp.kms.1" - ], - "PCI-4.0": [ - "10.3.3.6", - "3.5.1.1.7", - "3.5.1.1.8", - "3.5.1.3.15", - "3.5.1.3.16", - "3.5.1.5", - "3.5.1.15", - "3.5.1.16", - "3.5.1.17", - "3.5.1.31", - "3.5.1.32", - "3.5.1.35", - "3.6.1.2.7", - "3.6.1.2.8", - "3.6.1.3.7", - "3.6.1.3.8", - "3.6.1.4.7", - "3.6.1.4.8", - "3.6.1.7", - "3.6.1.8", - "3.7.1.8", - "3.7.1.9", - "3.7.2.7", - "3.7.2.8", - "3.7.4.5", - "3.7.4.8", - "3.7.4.9", - "3.7.5.2", - "3.7.6.7", - "3.7.6.8", - "3.7.7.7", - "3.7.7.8", - "4.2.1.1.20", - "4.2.1.1.21", - "7.2.1.9", - "7.2.1.10", - "7.2.2.9", - "7.2.2.10", - "7.2.3.5", - "7.2.3.6", - "7.2.5.5", - "7.2.5.6", - "7.3.1.5", - "7.3.1.6", - "7.3.2.5", - "7.3.2.6", - "7.3.3.5", - "7.3.3.6", - "8.2.7.5", - "8.2.7.6", - "8.2.8.7", - "8.2.8.8", - "8.3.2.9", - "8.3.2.24", - "8.3.2.50", - "8.3.2.51", - "8.3.2.53", - "8.3.2.54", - "8.3.4.5", - "8.3.4.6", - "A1.2.1.11" - ], - "MITRE-ATTACK": [ - "T1190" - ], - "CIS-2.0": [ - "1.9" - ], - "NIS2": [ - "9.2.c", - "9.2.c.i", - "9.2.c.iv", - "9.2.c.vi", - "9.2.c.xii", - "11.4.2.c", - "11.6.1" - ], - "ProwlerThreatScore-1.0": [ - "1.2.3" - ], - "CIS-4.0": [ - "1.9" - ], - "CCC": [ - "CCC.GenAI.CN03.AR01", - "CCC.GenAI.CN04.AR01", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR01", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN02.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04", - "CCC.Core.CN11.AR05", - "CCC.Core.CN11.AR06", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901392, - "created_time_dt": "2025-10-19T19:16:32.422645", - "desc": "Check for Publicly Accessible Cloud KMS Keys", - "title": "Check for Publicly Accessible Cloud KMS Keys", - "types": [], - "uid": "prowler-gcp-kms_key_not_publicly_accessible-nodal-time-474015-p5-us-central1-cfi-bucket-key-1c7d7a2a" - }, - "resources": [ - { - "region": "us-central1", - "data": { - "details": "", - "metadata": { - "id": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-1c7d7a2a/cryptoKeys/cfi-bucket-key-1c7d7a2a", - "name": "cfi-bucket-key-1c7d7a2a", - "location": "us-central1", - "rotation_period": null, - "next_rotation_time": null, - "key_ring": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-1c7d7a2a", - "members": [], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "cfi-bucket-key-1c7d7a2a", - "type": "CryptoKey", - "uid": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-1c7d7a2a/cryptoKeys/cfi-bucket-key-1c7d7a2a" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-central1" - }, - "remediation": { - "desc": "To deny access from anonymous and public users, remove the bindings for 'allUsers' and 'allAuthenticatedUsers' members from the KMS key's IAM policy.", - "references": [ - "https://cloud.google.com/kms/docs/iam" - ] - }, - "risk_details": "Ensure that the IAM policy associated with your Cloud Key Management Service (KMS) keys is restricting anonymous and/or public access", - "time": 1760901392, - "time_dt": "2025-10-19T19:16:32.422645", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Key cfi-bucket-key-1fba850e is not exposed to Public.", - "metadata": { - "event_code": "kms_key_not_publicly_accessible", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Key cfi-bucket-key-1fba850e is not exposed to Public.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.9" - ], - "ISO27001-2022": [ - "A.8.1", - "A.8.12", - "A.8.24" - ], - "ENS-RD2022": [ - "op.exp.10.gcp.kms.1" - ], - "PCI-4.0": [ - "10.3.3.6", - "3.5.1.1.7", - "3.5.1.1.8", - "3.5.1.3.15", - "3.5.1.3.16", - "3.5.1.5", - "3.5.1.15", - "3.5.1.16", - "3.5.1.17", - "3.5.1.31", - "3.5.1.32", - "3.5.1.35", - "3.6.1.2.7", - "3.6.1.2.8", - "3.6.1.3.7", - "3.6.1.3.8", - "3.6.1.4.7", - "3.6.1.4.8", - "3.6.1.7", - "3.6.1.8", - "3.7.1.8", - "3.7.1.9", - "3.7.2.7", - "3.7.2.8", - "3.7.4.5", - "3.7.4.8", - "3.7.4.9", - "3.7.5.2", - "3.7.6.7", - "3.7.6.8", - "3.7.7.7", - "3.7.7.8", - "4.2.1.1.20", - "4.2.1.1.21", - "7.2.1.9", - "7.2.1.10", - "7.2.2.9", - "7.2.2.10", - "7.2.3.5", - "7.2.3.6", - "7.2.5.5", - "7.2.5.6", - "7.3.1.5", - "7.3.1.6", - "7.3.2.5", - "7.3.2.6", - "7.3.3.5", - "7.3.3.6", - "8.2.7.5", - "8.2.7.6", - "8.2.8.7", - "8.2.8.8", - "8.3.2.9", - "8.3.2.24", - "8.3.2.50", - "8.3.2.51", - "8.3.2.53", - "8.3.2.54", - "8.3.4.5", - "8.3.4.6", - "A1.2.1.11" - ], - "MITRE-ATTACK": [ - "T1190" - ], - "CIS-2.0": [ - "1.9" - ], - "NIS2": [ - "9.2.c", - "9.2.c.i", - "9.2.c.iv", - "9.2.c.vi", - "9.2.c.xii", - "11.4.2.c", - "11.6.1" - ], - "ProwlerThreatScore-1.0": [ - "1.2.3" - ], - "CIS-4.0": [ - "1.9" - ], - "CCC": [ - "CCC.GenAI.CN03.AR01", - "CCC.GenAI.CN04.AR01", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR01", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN02.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04", - "CCC.Core.CN11.AR05", - "CCC.Core.CN11.AR06", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901392, - "created_time_dt": "2025-10-19T19:16:32.422645", - "desc": "Check for Publicly Accessible Cloud KMS Keys", - "title": "Check for Publicly Accessible Cloud KMS Keys", - "types": [], - "uid": "prowler-gcp-kms_key_not_publicly_accessible-nodal-time-474015-p5-us-central1-cfi-bucket-key-1fba850e" - }, - "resources": [ - { - "region": "us-central1", - "data": { - "details": "", - "metadata": { - "id": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-1fba850e/cryptoKeys/cfi-bucket-key-1fba850e", - "name": "cfi-bucket-key-1fba850e", - "location": "us-central1", - "rotation_period": "2592000s", - "next_rotation_time": "2025-11-15T23:25:31.957183Z", - "key_ring": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-1fba850e", - "members": [], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "cfi-bucket-key-1fba850e", - "type": "CryptoKey", - "uid": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-1fba850e/cryptoKeys/cfi-bucket-key-1fba850e" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-central1" - }, - "remediation": { - "desc": "To deny access from anonymous and public users, remove the bindings for 'allUsers' and 'allAuthenticatedUsers' members from the KMS key's IAM policy.", - "references": [ - "https://cloud.google.com/kms/docs/iam" - ] - }, - "risk_details": "Ensure that the IAM policy associated with your Cloud Key Management Service (KMS) keys is restricting anonymous and/or public access", - "time": 1760901392, - "time_dt": "2025-10-19T19:16:32.422645", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Key cfi-bucket-key-4cd10935 is not exposed to Public.", - "metadata": { - "event_code": "kms_key_not_publicly_accessible", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Key cfi-bucket-key-4cd10935 is not exposed to Public.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.9" - ], - "ISO27001-2022": [ - "A.8.1", - "A.8.12", - "A.8.24" - ], - "ENS-RD2022": [ - "op.exp.10.gcp.kms.1" - ], - "PCI-4.0": [ - "10.3.3.6", - "3.5.1.1.7", - "3.5.1.1.8", - "3.5.1.3.15", - "3.5.1.3.16", - "3.5.1.5", - "3.5.1.15", - "3.5.1.16", - "3.5.1.17", - "3.5.1.31", - "3.5.1.32", - "3.5.1.35", - "3.6.1.2.7", - "3.6.1.2.8", - "3.6.1.3.7", - "3.6.1.3.8", - "3.6.1.4.7", - "3.6.1.4.8", - "3.6.1.7", - "3.6.1.8", - "3.7.1.8", - "3.7.1.9", - "3.7.2.7", - "3.7.2.8", - "3.7.4.5", - "3.7.4.8", - "3.7.4.9", - "3.7.5.2", - "3.7.6.7", - "3.7.6.8", - "3.7.7.7", - "3.7.7.8", - "4.2.1.1.20", - "4.2.1.1.21", - "7.2.1.9", - "7.2.1.10", - "7.2.2.9", - "7.2.2.10", - "7.2.3.5", - "7.2.3.6", - "7.2.5.5", - "7.2.5.6", - "7.3.1.5", - "7.3.1.6", - "7.3.2.5", - "7.3.2.6", - "7.3.3.5", - "7.3.3.6", - "8.2.7.5", - "8.2.7.6", - "8.2.8.7", - "8.2.8.8", - "8.3.2.9", - "8.3.2.24", - "8.3.2.50", - "8.3.2.51", - "8.3.2.53", - "8.3.2.54", - "8.3.4.5", - "8.3.4.6", - "A1.2.1.11" - ], - "MITRE-ATTACK": [ - "T1190" - ], - "CIS-2.0": [ - "1.9" - ], - "NIS2": [ - "9.2.c", - "9.2.c.i", - "9.2.c.iv", - "9.2.c.vi", - "9.2.c.xii", - "11.4.2.c", - "11.6.1" - ], - "ProwlerThreatScore-1.0": [ - "1.2.3" - ], - "CIS-4.0": [ - "1.9" - ], - "CCC": [ - "CCC.GenAI.CN03.AR01", - "CCC.GenAI.CN04.AR01", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR01", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN02.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04", - "CCC.Core.CN11.AR05", - "CCC.Core.CN11.AR06", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901392, - "created_time_dt": "2025-10-19T19:16:32.422645", - "desc": "Check for Publicly Accessible Cloud KMS Keys", - "title": "Check for Publicly Accessible Cloud KMS Keys", - "types": [], - "uid": "prowler-gcp-kms_key_not_publicly_accessible-nodal-time-474015-p5-us-central1-cfi-bucket-key-4cd10935" - }, - "resources": [ - { - "region": "us-central1", - "data": { - "details": "", - "metadata": { - "id": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-4cd10935/cryptoKeys/cfi-bucket-key-4cd10935", - "name": "cfi-bucket-key-4cd10935", - "location": "us-central1", - "rotation_period": null, - "next_rotation_time": null, - "key_ring": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-4cd10935", - "members": [], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "cfi-bucket-key-4cd10935", - "type": "CryptoKey", - "uid": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-4cd10935/cryptoKeys/cfi-bucket-key-4cd10935" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-central1" - }, - "remediation": { - "desc": "To deny access from anonymous and public users, remove the bindings for 'allUsers' and 'allAuthenticatedUsers' members from the KMS key's IAM policy.", - "references": [ - "https://cloud.google.com/kms/docs/iam" - ] - }, - "risk_details": "Ensure that the IAM policy associated with your Cloud Key Management Service (KMS) keys is restricting anonymous and/or public access", - "time": 1760901392, - "time_dt": "2025-10-19T19:16:32.422645", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Key cfi-bucket-key-7a427af0 is not exposed to Public.", - "metadata": { - "event_code": "kms_key_not_publicly_accessible", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Key cfi-bucket-key-7a427af0 is not exposed to Public.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.9" - ], - "ISO27001-2022": [ - "A.8.1", - "A.8.12", - "A.8.24" - ], - "ENS-RD2022": [ - "op.exp.10.gcp.kms.1" - ], - "PCI-4.0": [ - "10.3.3.6", - "3.5.1.1.7", - "3.5.1.1.8", - "3.5.1.3.15", - "3.5.1.3.16", - "3.5.1.5", - "3.5.1.15", - "3.5.1.16", - "3.5.1.17", - "3.5.1.31", - "3.5.1.32", - "3.5.1.35", - "3.6.1.2.7", - "3.6.1.2.8", - "3.6.1.3.7", - "3.6.1.3.8", - "3.6.1.4.7", - "3.6.1.4.8", - "3.6.1.7", - "3.6.1.8", - "3.7.1.8", - "3.7.1.9", - "3.7.2.7", - "3.7.2.8", - "3.7.4.5", - "3.7.4.8", - "3.7.4.9", - "3.7.5.2", - "3.7.6.7", - "3.7.6.8", - "3.7.7.7", - "3.7.7.8", - "4.2.1.1.20", - "4.2.1.1.21", - "7.2.1.9", - "7.2.1.10", - "7.2.2.9", - "7.2.2.10", - "7.2.3.5", - "7.2.3.6", - "7.2.5.5", - "7.2.5.6", - "7.3.1.5", - "7.3.1.6", - "7.3.2.5", - "7.3.2.6", - "7.3.3.5", - "7.3.3.6", - "8.2.7.5", - "8.2.7.6", - "8.2.8.7", - "8.2.8.8", - "8.3.2.9", - "8.3.2.24", - "8.3.2.50", - "8.3.2.51", - "8.3.2.53", - "8.3.2.54", - "8.3.4.5", - "8.3.4.6", - "A1.2.1.11" - ], - "MITRE-ATTACK": [ - "T1190" - ], - "CIS-2.0": [ - "1.9" - ], - "NIS2": [ - "9.2.c", - "9.2.c.i", - "9.2.c.iv", - "9.2.c.vi", - "9.2.c.xii", - "11.4.2.c", - "11.6.1" - ], - "ProwlerThreatScore-1.0": [ - "1.2.3" - ], - "CIS-4.0": [ - "1.9" - ], - "CCC": [ - "CCC.GenAI.CN03.AR01", - "CCC.GenAI.CN04.AR01", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR01", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN02.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04", - "CCC.Core.CN11.AR05", - "CCC.Core.CN11.AR06", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901392, - "created_time_dt": "2025-10-19T19:16:32.422645", - "desc": "Check for Publicly Accessible Cloud KMS Keys", - "title": "Check for Publicly Accessible Cloud KMS Keys", - "types": [], - "uid": "prowler-gcp-kms_key_not_publicly_accessible-nodal-time-474015-p5-us-central1-cfi-bucket-key-7a427af0" - }, - "resources": [ - { - "region": "us-central1", - "data": { - "details": "", - "metadata": { - "id": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-7a427af0/cryptoKeys/cfi-bucket-key-7a427af0", - "name": "cfi-bucket-key-7a427af0", - "location": "us-central1", - "rotation_period": "2592000s", - "next_rotation_time": "2025-11-16T15:28:10.344444Z", - "key_ring": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-7a427af0", - "members": [], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "cfi-bucket-key-7a427af0", - "type": "CryptoKey", - "uid": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-7a427af0/cryptoKeys/cfi-bucket-key-7a427af0" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-central1" - }, - "remediation": { - "desc": "To deny access from anonymous and public users, remove the bindings for 'allUsers' and 'allAuthenticatedUsers' members from the KMS key's IAM policy.", - "references": [ - "https://cloud.google.com/kms/docs/iam" - ] - }, - "risk_details": "Ensure that the IAM policy associated with your Cloud Key Management Service (KMS) keys is restricting anonymous and/or public access", - "time": 1760901392, - "time_dt": "2025-10-19T19:16:32.422645", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Key cfi-bucket-key-a03be2ac is not exposed to Public.", - "metadata": { - "event_code": "kms_key_not_publicly_accessible", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Key cfi-bucket-key-a03be2ac is not exposed to Public.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.9" - ], - "ISO27001-2022": [ - "A.8.1", - "A.8.12", - "A.8.24" - ], - "ENS-RD2022": [ - "op.exp.10.gcp.kms.1" - ], - "PCI-4.0": [ - "10.3.3.6", - "3.5.1.1.7", - "3.5.1.1.8", - "3.5.1.3.15", - "3.5.1.3.16", - "3.5.1.5", - "3.5.1.15", - "3.5.1.16", - "3.5.1.17", - "3.5.1.31", - "3.5.1.32", - "3.5.1.35", - "3.6.1.2.7", - "3.6.1.2.8", - "3.6.1.3.7", - "3.6.1.3.8", - "3.6.1.4.7", - "3.6.1.4.8", - "3.6.1.7", - "3.6.1.8", - "3.7.1.8", - "3.7.1.9", - "3.7.2.7", - "3.7.2.8", - "3.7.4.5", - "3.7.4.8", - "3.7.4.9", - "3.7.5.2", - "3.7.6.7", - "3.7.6.8", - "3.7.7.7", - "3.7.7.8", - "4.2.1.1.20", - "4.2.1.1.21", - "7.2.1.9", - "7.2.1.10", - "7.2.2.9", - "7.2.2.10", - "7.2.3.5", - "7.2.3.6", - "7.2.5.5", - "7.2.5.6", - "7.3.1.5", - "7.3.1.6", - "7.3.2.5", - "7.3.2.6", - "7.3.3.5", - "7.3.3.6", - "8.2.7.5", - "8.2.7.6", - "8.2.8.7", - "8.2.8.8", - "8.3.2.9", - "8.3.2.24", - "8.3.2.50", - "8.3.2.51", - "8.3.2.53", - "8.3.2.54", - "8.3.4.5", - "8.3.4.6", - "A1.2.1.11" - ], - "MITRE-ATTACK": [ - "T1190" - ], - "CIS-2.0": [ - "1.9" - ], - "NIS2": [ - "9.2.c", - "9.2.c.i", - "9.2.c.iv", - "9.2.c.vi", - "9.2.c.xii", - "11.4.2.c", - "11.6.1" - ], - "ProwlerThreatScore-1.0": [ - "1.2.3" - ], - "CIS-4.0": [ - "1.9" - ], - "CCC": [ - "CCC.GenAI.CN03.AR01", - "CCC.GenAI.CN04.AR01", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR01", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN02.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04", - "CCC.Core.CN11.AR05", - "CCC.Core.CN11.AR06", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901392, - "created_time_dt": "2025-10-19T19:16:32.422645", - "desc": "Check for Publicly Accessible Cloud KMS Keys", - "title": "Check for Publicly Accessible Cloud KMS Keys", - "types": [], - "uid": "prowler-gcp-kms_key_not_publicly_accessible-nodal-time-474015-p5-us-central1-cfi-bucket-key-a03be2ac" - }, - "resources": [ - { - "region": "us-central1", - "data": { - "details": "", - "metadata": { - "id": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-a03be2ac/cryptoKeys/cfi-bucket-key-a03be2ac", - "name": "cfi-bucket-key-a03be2ac", - "location": "us-central1", - "rotation_period": null, - "next_rotation_time": null, - "key_ring": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-a03be2ac", - "members": [], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "cfi-bucket-key-a03be2ac", - "type": "CryptoKey", - "uid": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-a03be2ac/cryptoKeys/cfi-bucket-key-a03be2ac" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-central1" - }, - "remediation": { - "desc": "To deny access from anonymous and public users, remove the bindings for 'allUsers' and 'allAuthenticatedUsers' members from the KMS key's IAM policy.", - "references": [ - "https://cloud.google.com/kms/docs/iam" - ] - }, - "risk_details": "Ensure that the IAM policy associated with your Cloud Key Management Service (KMS) keys is restricting anonymous and/or public access", - "time": 1760901392, - "time_dt": "2025-10-19T19:16:32.422645", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Key cfi-bucket-key-a1aaa547 is not exposed to Public.", - "metadata": { - "event_code": "kms_key_not_publicly_accessible", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Key cfi-bucket-key-a1aaa547 is not exposed to Public.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.9" - ], - "ISO27001-2022": [ - "A.8.1", - "A.8.12", - "A.8.24" - ], - "ENS-RD2022": [ - "op.exp.10.gcp.kms.1" - ], - "PCI-4.0": [ - "10.3.3.6", - "3.5.1.1.7", - "3.5.1.1.8", - "3.5.1.3.15", - "3.5.1.3.16", - "3.5.1.5", - "3.5.1.15", - "3.5.1.16", - "3.5.1.17", - "3.5.1.31", - "3.5.1.32", - "3.5.1.35", - "3.6.1.2.7", - "3.6.1.2.8", - "3.6.1.3.7", - "3.6.1.3.8", - "3.6.1.4.7", - "3.6.1.4.8", - "3.6.1.7", - "3.6.1.8", - "3.7.1.8", - "3.7.1.9", - "3.7.2.7", - "3.7.2.8", - "3.7.4.5", - "3.7.4.8", - "3.7.4.9", - "3.7.5.2", - "3.7.6.7", - "3.7.6.8", - "3.7.7.7", - "3.7.7.8", - "4.2.1.1.20", - "4.2.1.1.21", - "7.2.1.9", - "7.2.1.10", - "7.2.2.9", - "7.2.2.10", - "7.2.3.5", - "7.2.3.6", - "7.2.5.5", - "7.2.5.6", - "7.3.1.5", - "7.3.1.6", - "7.3.2.5", - "7.3.2.6", - "7.3.3.5", - "7.3.3.6", - "8.2.7.5", - "8.2.7.6", - "8.2.8.7", - "8.2.8.8", - "8.3.2.9", - "8.3.2.24", - "8.3.2.50", - "8.3.2.51", - "8.3.2.53", - "8.3.2.54", - "8.3.4.5", - "8.3.4.6", - "A1.2.1.11" - ], - "MITRE-ATTACK": [ - "T1190" - ], - "CIS-2.0": [ - "1.9" - ], - "NIS2": [ - "9.2.c", - "9.2.c.i", - "9.2.c.iv", - "9.2.c.vi", - "9.2.c.xii", - "11.4.2.c", - "11.6.1" - ], - "ProwlerThreatScore-1.0": [ - "1.2.3" - ], - "CIS-4.0": [ - "1.9" - ], - "CCC": [ - "CCC.GenAI.CN03.AR01", - "CCC.GenAI.CN04.AR01", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR01", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN02.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04", - "CCC.Core.CN11.AR05", - "CCC.Core.CN11.AR06", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901392, - "created_time_dt": "2025-10-19T19:16:32.422645", - "desc": "Check for Publicly Accessible Cloud KMS Keys", - "title": "Check for Publicly Accessible Cloud KMS Keys", - "types": [], - "uid": "prowler-gcp-kms_key_not_publicly_accessible-nodal-time-474015-p5-us-central1-cfi-bucket-key-a1aaa547" - }, - "resources": [ - { - "region": "us-central1", - "data": { - "details": "", - "metadata": { - "id": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-a1aaa547/cryptoKeys/cfi-bucket-key-a1aaa547", - "name": "cfi-bucket-key-a1aaa547", - "location": "us-central1", - "rotation_period": "2592000s", - "next_rotation_time": "2025-11-16T00:25:56.259471Z", - "key_ring": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-a1aaa547", - "members": [], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "cfi-bucket-key-a1aaa547", - "type": "CryptoKey", - "uid": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-a1aaa547/cryptoKeys/cfi-bucket-key-a1aaa547" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-central1" - }, - "remediation": { - "desc": "To deny access from anonymous and public users, remove the bindings for 'allUsers' and 'allAuthenticatedUsers' members from the KMS key's IAM policy.", - "references": [ - "https://cloud.google.com/kms/docs/iam" - ] - }, - "risk_details": "Ensure that the IAM policy associated with your Cloud Key Management Service (KMS) keys is restricting anonymous and/or public access", - "time": 1760901392, - "time_dt": "2025-10-19T19:16:32.422645", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Key cfi-bucket-key-e7619e1f is not exposed to Public.", - "metadata": { - "event_code": "kms_key_not_publicly_accessible", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Key cfi-bucket-key-e7619e1f is not exposed to Public.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.9" - ], - "ISO27001-2022": [ - "A.8.1", - "A.8.12", - "A.8.24" - ], - "ENS-RD2022": [ - "op.exp.10.gcp.kms.1" - ], - "PCI-4.0": [ - "10.3.3.6", - "3.5.1.1.7", - "3.5.1.1.8", - "3.5.1.3.15", - "3.5.1.3.16", - "3.5.1.5", - "3.5.1.15", - "3.5.1.16", - "3.5.1.17", - "3.5.1.31", - "3.5.1.32", - "3.5.1.35", - "3.6.1.2.7", - "3.6.1.2.8", - "3.6.1.3.7", - "3.6.1.3.8", - "3.6.1.4.7", - "3.6.1.4.8", - "3.6.1.7", - "3.6.1.8", - "3.7.1.8", - "3.7.1.9", - "3.7.2.7", - "3.7.2.8", - "3.7.4.5", - "3.7.4.8", - "3.7.4.9", - "3.7.5.2", - "3.7.6.7", - "3.7.6.8", - "3.7.7.7", - "3.7.7.8", - "4.2.1.1.20", - "4.2.1.1.21", - "7.2.1.9", - "7.2.1.10", - "7.2.2.9", - "7.2.2.10", - "7.2.3.5", - "7.2.3.6", - "7.2.5.5", - "7.2.5.6", - "7.3.1.5", - "7.3.1.6", - "7.3.2.5", - "7.3.2.6", - "7.3.3.5", - "7.3.3.6", - "8.2.7.5", - "8.2.7.6", - "8.2.8.7", - "8.2.8.8", - "8.3.2.9", - "8.3.2.24", - "8.3.2.50", - "8.3.2.51", - "8.3.2.53", - "8.3.2.54", - "8.3.4.5", - "8.3.4.6", - "A1.2.1.11" - ], - "MITRE-ATTACK": [ - "T1190" - ], - "CIS-2.0": [ - "1.9" - ], - "NIS2": [ - "9.2.c", - "9.2.c.i", - "9.2.c.iv", - "9.2.c.vi", - "9.2.c.xii", - "11.4.2.c", - "11.6.1" - ], - "ProwlerThreatScore-1.0": [ - "1.2.3" - ], - "CIS-4.0": [ - "1.9" - ], - "CCC": [ - "CCC.GenAI.CN03.AR01", - "CCC.GenAI.CN04.AR01", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR01", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN02.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04", - "CCC.Core.CN11.AR05", - "CCC.Core.CN11.AR06", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901392, - "created_time_dt": "2025-10-19T19:16:32.422645", - "desc": "Check for Publicly Accessible Cloud KMS Keys", - "title": "Check for Publicly Accessible Cloud KMS Keys", - "types": [], - "uid": "prowler-gcp-kms_key_not_publicly_accessible-nodal-time-474015-p5-us-central1-cfi-bucket-key-e7619e1f" - }, - "resources": [ - { - "region": "us-central1", - "data": { - "details": "", - "metadata": { - "id": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-e7619e1f/cryptoKeys/cfi-bucket-key-e7619e1f", - "name": "cfi-bucket-key-e7619e1f", - "location": "us-central1", - "rotation_period": null, - "next_rotation_time": null, - "key_ring": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-e7619e1f", - "members": [], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "cfi-bucket-key-e7619e1f", - "type": "CryptoKey", - "uid": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-e7619e1f/cryptoKeys/cfi-bucket-key-e7619e1f" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-central1" - }, - "remediation": { - "desc": "To deny access from anonymous and public users, remove the bindings for 'allUsers' and 'allAuthenticatedUsers' members from the KMS key's IAM policy.", - "references": [ - "https://cloud.google.com/kms/docs/iam" - ] - }, - "risk_details": "Ensure that the IAM policy associated with your Cloud Key Management Service (KMS) keys is restricting anonymous and/or public access", - "time": 1760901392, - "time_dt": "2025-10-19T19:16:32.422645", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Key cfi-bucket-key-f5bc86ea is not exposed to Public.", - "metadata": { - "event_code": "kms_key_not_publicly_accessible", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Key cfi-bucket-key-f5bc86ea is not exposed to Public.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.9" - ], - "ISO27001-2022": [ - "A.8.1", - "A.8.12", - "A.8.24" - ], - "ENS-RD2022": [ - "op.exp.10.gcp.kms.1" - ], - "PCI-4.0": [ - "10.3.3.6", - "3.5.1.1.7", - "3.5.1.1.8", - "3.5.1.3.15", - "3.5.1.3.16", - "3.5.1.5", - "3.5.1.15", - "3.5.1.16", - "3.5.1.17", - "3.5.1.31", - "3.5.1.32", - "3.5.1.35", - "3.6.1.2.7", - "3.6.1.2.8", - "3.6.1.3.7", - "3.6.1.3.8", - "3.6.1.4.7", - "3.6.1.4.8", - "3.6.1.7", - "3.6.1.8", - "3.7.1.8", - "3.7.1.9", - "3.7.2.7", - "3.7.2.8", - "3.7.4.5", - "3.7.4.8", - "3.7.4.9", - "3.7.5.2", - "3.7.6.7", - "3.7.6.8", - "3.7.7.7", - "3.7.7.8", - "4.2.1.1.20", - "4.2.1.1.21", - "7.2.1.9", - "7.2.1.10", - "7.2.2.9", - "7.2.2.10", - "7.2.3.5", - "7.2.3.6", - "7.2.5.5", - "7.2.5.6", - "7.3.1.5", - "7.3.1.6", - "7.3.2.5", - "7.3.2.6", - "7.3.3.5", - "7.3.3.6", - "8.2.7.5", - "8.2.7.6", - "8.2.8.7", - "8.2.8.8", - "8.3.2.9", - "8.3.2.24", - "8.3.2.50", - "8.3.2.51", - "8.3.2.53", - "8.3.2.54", - "8.3.4.5", - "8.3.4.6", - "A1.2.1.11" - ], - "MITRE-ATTACK": [ - "T1190" - ], - "CIS-2.0": [ - "1.9" - ], - "NIS2": [ - "9.2.c", - "9.2.c.i", - "9.2.c.iv", - "9.2.c.vi", - "9.2.c.xii", - "11.4.2.c", - "11.6.1" - ], - "ProwlerThreatScore-1.0": [ - "1.2.3" - ], - "CIS-4.0": [ - "1.9" - ], - "CCC": [ - "CCC.GenAI.CN03.AR01", - "CCC.GenAI.CN04.AR01", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR01", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN02.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04", - "CCC.Core.CN11.AR05", - "CCC.Core.CN11.AR06", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901392, - "created_time_dt": "2025-10-19T19:16:32.422645", - "desc": "Check for Publicly Accessible Cloud KMS Keys", - "title": "Check for Publicly Accessible Cloud KMS Keys", - "types": [], - "uid": "prowler-gcp-kms_key_not_publicly_accessible-nodal-time-474015-p5-us-central1-cfi-bucket-key-f5bc86ea" - }, - "resources": [ - { - "region": "us-central1", - "data": { - "details": "", - "metadata": { - "id": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-f5bc86ea/cryptoKeys/cfi-bucket-key-f5bc86ea", - "name": "cfi-bucket-key-f5bc86ea", - "location": "us-central1", - "rotation_period": null, - "next_rotation_time": null, - "key_ring": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-f5bc86ea", - "members": [], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "cfi-bucket-key-f5bc86ea", - "type": "CryptoKey", - "uid": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-f5bc86ea/cryptoKeys/cfi-bucket-key-f5bc86ea" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-central1" - }, - "remediation": { - "desc": "To deny access from anonymous and public users, remove the bindings for 'allUsers' and 'allAuthenticatedUsers' members from the KMS key's IAM policy.", - "references": [ - "https://cloud.google.com/kms/docs/iam" - ] - }, - "risk_details": "Ensure that the IAM policy associated with your Cloud Key Management Service (KMS) keys is restricting anonymous and/or public access", - "time": 1760901392, - "time_dt": "2025-10-19T19:16:32.422645", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Key cfi-bucket-key-13fa4761 is not rotated every 90 days or less and the next rotation time is in more than 90 days.", - "metadata": { - "event_code": "kms_key_rotation_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "Key cfi-bucket-key-13fa4761 is not rotated every 90 days or less and the next rotation time is in more than 90 days.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.10" - ], - "ISO27001-2022": [ - "A.5.16", - "A.8.12", - "A.8.24" - ], - "ENS-RD2022": [ - "op.acc.6.r1.gcp.ip.1" - ], - "PCI-4.0": [ - "10.3.3.6", - "3.5.1.1.7", - "3.5.1.1.8", - "3.5.1.1.9", - "3.5.1.3.15", - "3.5.1.3.16", - "3.5.1.3.17", - "3.5.1.5", - "3.5.1.15", - "3.5.1.31", - "3.5.1.32", - "3.6.1.2.7", - "3.6.1.2.8", - "3.6.1.2.9", - "3.6.1.3.8", - "3.6.1.3.9", - "3.6.1.4.7", - "3.6.1.4.8", - "3.6.1.4.9", - "3.6.1.7", - "3.6.1.8", - "3.6.1.9", - "3.7.1.9", - "3.7.1.10", - "3.7.2.8", - "3.7.2.9", - "3.7.4.5", - "3.7.4.9", - "3.7.4.10", - "3.7.5.2", - "3.7.6.7", - "3.7.6.8", - "3.7.6.9", - "3.7.7.8", - "3.7.7.9", - "4.2.1.1.20", - "4.2.1.1.21", - "4.2.1.1.22", - "7.2.1.10", - "7.2.2.10", - "7.2.3.5", - "7.2.3.6", - "7.2.5.5", - "7.2.5.6", - "7.3.1.5", - "7.3.1.6", - "7.3.2.6", - "7.3.3.5", - "7.3.3.6", - "8.2.7.5", - "8.2.7.6", - "8.2.8.8", - "8.3.10.1.1", - "8.3.2.9", - "8.3.2.22", - "8.3.2.50", - "8.3.2.51", - "8.3.4.6", - "8.3.5.1", - "8.3.7.1", - "8.3.9.1", - "8.6.3.1", - "A1.2.1.11" - ], - "CIS-2.0": [ - "1.10" - ], - "NIS2": [ - "9.2.c", - "9.2.c.i", - "9.2.c.ii", - "9.2.c.v", - "9.2.c.vi", - "9.2.c.xii", - "11.4.2.c", - "11.6.1", - "11.6.2.c", - "12.2.2.a", - "12.2.2.b" - ], - "ProwlerThreatScore-1.0": [ - "1.2.4" - ], - "CIS-4.0": [ - "1.10" - ], - "CCC": [ - "CCC.GenAI.CN08.AR01", - "CCC.KeyMgmt.CN03.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR01", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.Core.CN13.AR03", - "CCC.Core.CN02.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04", - "CCC.Core.CN11.AR05", - "CCC.Core.CN11.AR06", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901392, - "created_time_dt": "2025-10-19T19:16:32.422645", - "desc": "Ensure KMS keys are rotated within a period of 90 days", - "title": "Ensure KMS keys are rotated within a period of 90 days", - "types": [], - "uid": "prowler-gcp-kms_key_rotation_enabled-nodal-time-474015-p5-us-central1-cfi-bucket-key-13fa4761" - }, - "resources": [ - { - "region": "us-central1", - "data": { - "details": "", - "metadata": { - "id": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-13fa4761/cryptoKeys/cfi-bucket-key-13fa4761", - "name": "cfi-bucket-key-13fa4761", - "location": "us-central1", - "rotation_period": null, - "next_rotation_time": null, - "key_ring": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-13fa4761", - "members": [], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "cfi-bucket-key-13fa4761", - "type": "CryptoKey", - "uid": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-13fa4761/cryptoKeys/cfi-bucket-key-13fa4761" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-central1" - }, - "remediation": { - "desc": "After a successful key rotation, the older key version is required in order to decrypt the data encrypted by that previous key version.", - "references": [ - "https://cloud.google.com/iam/docs/manage-access-service-accounts" - ] - }, - "risk_details": "Ensure that all your Cloud Key Management Service (KMS) keys are rotated within a period of 90 days in order to meet security and compliance requirements", - "time": 1760901392, - "time_dt": "2025-10-19T19:16:32.422645", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Key cfi-bucket-key-1c7d7a2a is not rotated every 90 days or less and the next rotation time is in more than 90 days.", - "metadata": { - "event_code": "kms_key_rotation_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "Key cfi-bucket-key-1c7d7a2a is not rotated every 90 days or less and the next rotation time is in more than 90 days.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.10" - ], - "ISO27001-2022": [ - "A.5.16", - "A.8.12", - "A.8.24" - ], - "ENS-RD2022": [ - "op.acc.6.r1.gcp.ip.1" - ], - "PCI-4.0": [ - "10.3.3.6", - "3.5.1.1.7", - "3.5.1.1.8", - "3.5.1.1.9", - "3.5.1.3.15", - "3.5.1.3.16", - "3.5.1.3.17", - "3.5.1.5", - "3.5.1.15", - "3.5.1.31", - "3.5.1.32", - "3.6.1.2.7", - "3.6.1.2.8", - "3.6.1.2.9", - "3.6.1.3.8", - "3.6.1.3.9", - "3.6.1.4.7", - "3.6.1.4.8", - "3.6.1.4.9", - "3.6.1.7", - "3.6.1.8", - "3.6.1.9", - "3.7.1.9", - "3.7.1.10", - "3.7.2.8", - "3.7.2.9", - "3.7.4.5", - "3.7.4.9", - "3.7.4.10", - "3.7.5.2", - "3.7.6.7", - "3.7.6.8", - "3.7.6.9", - "3.7.7.8", - "3.7.7.9", - "4.2.1.1.20", - "4.2.1.1.21", - "4.2.1.1.22", - "7.2.1.10", - "7.2.2.10", - "7.2.3.5", - "7.2.3.6", - "7.2.5.5", - "7.2.5.6", - "7.3.1.5", - "7.3.1.6", - "7.3.2.6", - "7.3.3.5", - "7.3.3.6", - "8.2.7.5", - "8.2.7.6", - "8.2.8.8", - "8.3.10.1.1", - "8.3.2.9", - "8.3.2.22", - "8.3.2.50", - "8.3.2.51", - "8.3.4.6", - "8.3.5.1", - "8.3.7.1", - "8.3.9.1", - "8.6.3.1", - "A1.2.1.11" - ], - "CIS-2.0": [ - "1.10" - ], - "NIS2": [ - "9.2.c", - "9.2.c.i", - "9.2.c.ii", - "9.2.c.v", - "9.2.c.vi", - "9.2.c.xii", - "11.4.2.c", - "11.6.1", - "11.6.2.c", - "12.2.2.a", - "12.2.2.b" - ], - "ProwlerThreatScore-1.0": [ - "1.2.4" - ], - "CIS-4.0": [ - "1.10" - ], - "CCC": [ - "CCC.GenAI.CN08.AR01", - "CCC.KeyMgmt.CN03.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR01", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.Core.CN13.AR03", - "CCC.Core.CN02.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04", - "CCC.Core.CN11.AR05", - "CCC.Core.CN11.AR06", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901392, - "created_time_dt": "2025-10-19T19:16:32.422645", - "desc": "Ensure KMS keys are rotated within a period of 90 days", - "title": "Ensure KMS keys are rotated within a period of 90 days", - "types": [], - "uid": "prowler-gcp-kms_key_rotation_enabled-nodal-time-474015-p5-us-central1-cfi-bucket-key-1c7d7a2a" - }, - "resources": [ - { - "region": "us-central1", - "data": { - "details": "", - "metadata": { - "id": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-1c7d7a2a/cryptoKeys/cfi-bucket-key-1c7d7a2a", - "name": "cfi-bucket-key-1c7d7a2a", - "location": "us-central1", - "rotation_period": null, - "next_rotation_time": null, - "key_ring": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-1c7d7a2a", - "members": [], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "cfi-bucket-key-1c7d7a2a", - "type": "CryptoKey", - "uid": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-1c7d7a2a/cryptoKeys/cfi-bucket-key-1c7d7a2a" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-central1" - }, - "remediation": { - "desc": "After a successful key rotation, the older key version is required in order to decrypt the data encrypted by that previous key version.", - "references": [ - "https://cloud.google.com/iam/docs/manage-access-service-accounts" - ] - }, - "risk_details": "Ensure that all your Cloud Key Management Service (KMS) keys are rotated within a period of 90 days in order to meet security and compliance requirements", - "time": 1760901392, - "time_dt": "2025-10-19T19:16:32.422645", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Key cfi-bucket-key-1fba850e is rotated every 90 days or less and the next rotation time is in less than 90 days.", - "metadata": { - "event_code": "kms_key_rotation_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "PASS", - "status_detail": "Key cfi-bucket-key-1fba850e is rotated every 90 days or less and the next rotation time is in less than 90 days.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.10" - ], - "ISO27001-2022": [ - "A.5.16", - "A.8.12", - "A.8.24" - ], - "ENS-RD2022": [ - "op.acc.6.r1.gcp.ip.1" - ], - "PCI-4.0": [ - "10.3.3.6", - "3.5.1.1.7", - "3.5.1.1.8", - "3.5.1.1.9", - "3.5.1.3.15", - "3.5.1.3.16", - "3.5.1.3.17", - "3.5.1.5", - "3.5.1.15", - "3.5.1.31", - "3.5.1.32", - "3.6.1.2.7", - "3.6.1.2.8", - "3.6.1.2.9", - "3.6.1.3.8", - "3.6.1.3.9", - "3.6.1.4.7", - "3.6.1.4.8", - "3.6.1.4.9", - "3.6.1.7", - "3.6.1.8", - "3.6.1.9", - "3.7.1.9", - "3.7.1.10", - "3.7.2.8", - "3.7.2.9", - "3.7.4.5", - "3.7.4.9", - "3.7.4.10", - "3.7.5.2", - "3.7.6.7", - "3.7.6.8", - "3.7.6.9", - "3.7.7.8", - "3.7.7.9", - "4.2.1.1.20", - "4.2.1.1.21", - "4.2.1.1.22", - "7.2.1.10", - "7.2.2.10", - "7.2.3.5", - "7.2.3.6", - "7.2.5.5", - "7.2.5.6", - "7.3.1.5", - "7.3.1.6", - "7.3.2.6", - "7.3.3.5", - "7.3.3.6", - "8.2.7.5", - "8.2.7.6", - "8.2.8.8", - "8.3.10.1.1", - "8.3.2.9", - "8.3.2.22", - "8.3.2.50", - "8.3.2.51", - "8.3.4.6", - "8.3.5.1", - "8.3.7.1", - "8.3.9.1", - "8.6.3.1", - "A1.2.1.11" - ], - "CIS-2.0": [ - "1.10" - ], - "NIS2": [ - "9.2.c", - "9.2.c.i", - "9.2.c.ii", - "9.2.c.v", - "9.2.c.vi", - "9.2.c.xii", - "11.4.2.c", - "11.6.1", - "11.6.2.c", - "12.2.2.a", - "12.2.2.b" - ], - "ProwlerThreatScore-1.0": [ - "1.2.4" - ], - "CIS-4.0": [ - "1.10" - ], - "CCC": [ - "CCC.GenAI.CN08.AR01", - "CCC.KeyMgmt.CN03.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR01", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.Core.CN13.AR03", - "CCC.Core.CN02.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04", - "CCC.Core.CN11.AR05", - "CCC.Core.CN11.AR06", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901392, - "created_time_dt": "2025-10-19T19:16:32.422645", - "desc": "Ensure KMS keys are rotated within a period of 90 days", - "title": "Ensure KMS keys are rotated within a period of 90 days", - "types": [], - "uid": "prowler-gcp-kms_key_rotation_enabled-nodal-time-474015-p5-us-central1-cfi-bucket-key-1fba850e" - }, - "resources": [ - { - "region": "us-central1", - "data": { - "details": "", - "metadata": { - "id": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-1fba850e/cryptoKeys/cfi-bucket-key-1fba850e", - "name": "cfi-bucket-key-1fba850e", - "location": "us-central1", - "rotation_period": "2592000s", - "next_rotation_time": "2025-11-15T23:25:31.957183Z", - "key_ring": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-1fba850e", - "members": [], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "cfi-bucket-key-1fba850e", - "type": "CryptoKey", - "uid": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-1fba850e/cryptoKeys/cfi-bucket-key-1fba850e" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-central1" - }, - "remediation": { - "desc": "After a successful key rotation, the older key version is required in order to decrypt the data encrypted by that previous key version.", - "references": [ - "https://cloud.google.com/iam/docs/manage-access-service-accounts" - ] - }, - "risk_details": "Ensure that all your Cloud Key Management Service (KMS) keys are rotated within a period of 90 days in order to meet security and compliance requirements", - "time": 1760901392, - "time_dt": "2025-10-19T19:16:32.422645", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Key cfi-bucket-key-4cd10935 is not rotated every 90 days or less and the next rotation time is in more than 90 days.", - "metadata": { - "event_code": "kms_key_rotation_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "Key cfi-bucket-key-4cd10935 is not rotated every 90 days or less and the next rotation time is in more than 90 days.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.10" - ], - "ISO27001-2022": [ - "A.5.16", - "A.8.12", - "A.8.24" - ], - "ENS-RD2022": [ - "op.acc.6.r1.gcp.ip.1" - ], - "PCI-4.0": [ - "10.3.3.6", - "3.5.1.1.7", - "3.5.1.1.8", - "3.5.1.1.9", - "3.5.1.3.15", - "3.5.1.3.16", - "3.5.1.3.17", - "3.5.1.5", - "3.5.1.15", - "3.5.1.31", - "3.5.1.32", - "3.6.1.2.7", - "3.6.1.2.8", - "3.6.1.2.9", - "3.6.1.3.8", - "3.6.1.3.9", - "3.6.1.4.7", - "3.6.1.4.8", - "3.6.1.4.9", - "3.6.1.7", - "3.6.1.8", - "3.6.1.9", - "3.7.1.9", - "3.7.1.10", - "3.7.2.8", - "3.7.2.9", - "3.7.4.5", - "3.7.4.9", - "3.7.4.10", - "3.7.5.2", - "3.7.6.7", - "3.7.6.8", - "3.7.6.9", - "3.7.7.8", - "3.7.7.9", - "4.2.1.1.20", - "4.2.1.1.21", - "4.2.1.1.22", - "7.2.1.10", - "7.2.2.10", - "7.2.3.5", - "7.2.3.6", - "7.2.5.5", - "7.2.5.6", - "7.3.1.5", - "7.3.1.6", - "7.3.2.6", - "7.3.3.5", - "7.3.3.6", - "8.2.7.5", - "8.2.7.6", - "8.2.8.8", - "8.3.10.1.1", - "8.3.2.9", - "8.3.2.22", - "8.3.2.50", - "8.3.2.51", - "8.3.4.6", - "8.3.5.1", - "8.3.7.1", - "8.3.9.1", - "8.6.3.1", - "A1.2.1.11" - ], - "CIS-2.0": [ - "1.10" - ], - "NIS2": [ - "9.2.c", - "9.2.c.i", - "9.2.c.ii", - "9.2.c.v", - "9.2.c.vi", - "9.2.c.xii", - "11.4.2.c", - "11.6.1", - "11.6.2.c", - "12.2.2.a", - "12.2.2.b" - ], - "ProwlerThreatScore-1.0": [ - "1.2.4" - ], - "CIS-4.0": [ - "1.10" - ], - "CCC": [ - "CCC.GenAI.CN08.AR01", - "CCC.KeyMgmt.CN03.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR01", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.Core.CN13.AR03", - "CCC.Core.CN02.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04", - "CCC.Core.CN11.AR05", - "CCC.Core.CN11.AR06", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901392, - "created_time_dt": "2025-10-19T19:16:32.422645", - "desc": "Ensure KMS keys are rotated within a period of 90 days", - "title": "Ensure KMS keys are rotated within a period of 90 days", - "types": [], - "uid": "prowler-gcp-kms_key_rotation_enabled-nodal-time-474015-p5-us-central1-cfi-bucket-key-4cd10935" - }, - "resources": [ - { - "region": "us-central1", - "data": { - "details": "", - "metadata": { - "id": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-4cd10935/cryptoKeys/cfi-bucket-key-4cd10935", - "name": "cfi-bucket-key-4cd10935", - "location": "us-central1", - "rotation_period": null, - "next_rotation_time": null, - "key_ring": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-4cd10935", - "members": [], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "cfi-bucket-key-4cd10935", - "type": "CryptoKey", - "uid": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-4cd10935/cryptoKeys/cfi-bucket-key-4cd10935" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-central1" - }, - "remediation": { - "desc": "After a successful key rotation, the older key version is required in order to decrypt the data encrypted by that previous key version.", - "references": [ - "https://cloud.google.com/iam/docs/manage-access-service-accounts" - ] - }, - "risk_details": "Ensure that all your Cloud Key Management Service (KMS) keys are rotated within a period of 90 days in order to meet security and compliance requirements", - "time": 1760901392, - "time_dt": "2025-10-19T19:16:32.422645", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Key cfi-bucket-key-7a427af0 is rotated every 90 days or less and the next rotation time is in less than 90 days.", - "metadata": { - "event_code": "kms_key_rotation_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "PASS", - "status_detail": "Key cfi-bucket-key-7a427af0 is rotated every 90 days or less and the next rotation time is in less than 90 days.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.10" - ], - "ISO27001-2022": [ - "A.5.16", - "A.8.12", - "A.8.24" - ], - "ENS-RD2022": [ - "op.acc.6.r1.gcp.ip.1" - ], - "PCI-4.0": [ - "10.3.3.6", - "3.5.1.1.7", - "3.5.1.1.8", - "3.5.1.1.9", - "3.5.1.3.15", - "3.5.1.3.16", - "3.5.1.3.17", - "3.5.1.5", - "3.5.1.15", - "3.5.1.31", - "3.5.1.32", - "3.6.1.2.7", - "3.6.1.2.8", - "3.6.1.2.9", - "3.6.1.3.8", - "3.6.1.3.9", - "3.6.1.4.7", - "3.6.1.4.8", - "3.6.1.4.9", - "3.6.1.7", - "3.6.1.8", - "3.6.1.9", - "3.7.1.9", - "3.7.1.10", - "3.7.2.8", - "3.7.2.9", - "3.7.4.5", - "3.7.4.9", - "3.7.4.10", - "3.7.5.2", - "3.7.6.7", - "3.7.6.8", - "3.7.6.9", - "3.7.7.8", - "3.7.7.9", - "4.2.1.1.20", - "4.2.1.1.21", - "4.2.1.1.22", - "7.2.1.10", - "7.2.2.10", - "7.2.3.5", - "7.2.3.6", - "7.2.5.5", - "7.2.5.6", - "7.3.1.5", - "7.3.1.6", - "7.3.2.6", - "7.3.3.5", - "7.3.3.6", - "8.2.7.5", - "8.2.7.6", - "8.2.8.8", - "8.3.10.1.1", - "8.3.2.9", - "8.3.2.22", - "8.3.2.50", - "8.3.2.51", - "8.3.4.6", - "8.3.5.1", - "8.3.7.1", - "8.3.9.1", - "8.6.3.1", - "A1.2.1.11" - ], - "CIS-2.0": [ - "1.10" - ], - "NIS2": [ - "9.2.c", - "9.2.c.i", - "9.2.c.ii", - "9.2.c.v", - "9.2.c.vi", - "9.2.c.xii", - "11.4.2.c", - "11.6.1", - "11.6.2.c", - "12.2.2.a", - "12.2.2.b" - ], - "ProwlerThreatScore-1.0": [ - "1.2.4" - ], - "CIS-4.0": [ - "1.10" - ], - "CCC": [ - "CCC.GenAI.CN08.AR01", - "CCC.KeyMgmt.CN03.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR01", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.Core.CN13.AR03", - "CCC.Core.CN02.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04", - "CCC.Core.CN11.AR05", - "CCC.Core.CN11.AR06", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901392, - "created_time_dt": "2025-10-19T19:16:32.422645", - "desc": "Ensure KMS keys are rotated within a period of 90 days", - "title": "Ensure KMS keys are rotated within a period of 90 days", - "types": [], - "uid": "prowler-gcp-kms_key_rotation_enabled-nodal-time-474015-p5-us-central1-cfi-bucket-key-7a427af0" - }, - "resources": [ - { - "region": "us-central1", - "data": { - "details": "", - "metadata": { - "id": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-7a427af0/cryptoKeys/cfi-bucket-key-7a427af0", - "name": "cfi-bucket-key-7a427af0", - "location": "us-central1", - "rotation_period": "2592000s", - "next_rotation_time": "2025-11-16T15:28:10.344444Z", - "key_ring": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-7a427af0", - "members": [], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "cfi-bucket-key-7a427af0", - "type": "CryptoKey", - "uid": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-7a427af0/cryptoKeys/cfi-bucket-key-7a427af0" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-central1" - }, - "remediation": { - "desc": "After a successful key rotation, the older key version is required in order to decrypt the data encrypted by that previous key version.", - "references": [ - "https://cloud.google.com/iam/docs/manage-access-service-accounts" - ] - }, - "risk_details": "Ensure that all your Cloud Key Management Service (KMS) keys are rotated within a period of 90 days in order to meet security and compliance requirements", - "time": 1760901392, - "time_dt": "2025-10-19T19:16:32.422645", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Key cfi-bucket-key-a03be2ac is not rotated every 90 days or less and the next rotation time is in more than 90 days.", - "metadata": { - "event_code": "kms_key_rotation_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "Key cfi-bucket-key-a03be2ac is not rotated every 90 days or less and the next rotation time is in more than 90 days.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.10" - ], - "ISO27001-2022": [ - "A.5.16", - "A.8.12", - "A.8.24" - ], - "ENS-RD2022": [ - "op.acc.6.r1.gcp.ip.1" - ], - "PCI-4.0": [ - "10.3.3.6", - "3.5.1.1.7", - "3.5.1.1.8", - "3.5.1.1.9", - "3.5.1.3.15", - "3.5.1.3.16", - "3.5.1.3.17", - "3.5.1.5", - "3.5.1.15", - "3.5.1.31", - "3.5.1.32", - "3.6.1.2.7", - "3.6.1.2.8", - "3.6.1.2.9", - "3.6.1.3.8", - "3.6.1.3.9", - "3.6.1.4.7", - "3.6.1.4.8", - "3.6.1.4.9", - "3.6.1.7", - "3.6.1.8", - "3.6.1.9", - "3.7.1.9", - "3.7.1.10", - "3.7.2.8", - "3.7.2.9", - "3.7.4.5", - "3.7.4.9", - "3.7.4.10", - "3.7.5.2", - "3.7.6.7", - "3.7.6.8", - "3.7.6.9", - "3.7.7.8", - "3.7.7.9", - "4.2.1.1.20", - "4.2.1.1.21", - "4.2.1.1.22", - "7.2.1.10", - "7.2.2.10", - "7.2.3.5", - "7.2.3.6", - "7.2.5.5", - "7.2.5.6", - "7.3.1.5", - "7.3.1.6", - "7.3.2.6", - "7.3.3.5", - "7.3.3.6", - "8.2.7.5", - "8.2.7.6", - "8.2.8.8", - "8.3.10.1.1", - "8.3.2.9", - "8.3.2.22", - "8.3.2.50", - "8.3.2.51", - "8.3.4.6", - "8.3.5.1", - "8.3.7.1", - "8.3.9.1", - "8.6.3.1", - "A1.2.1.11" - ], - "CIS-2.0": [ - "1.10" - ], - "NIS2": [ - "9.2.c", - "9.2.c.i", - "9.2.c.ii", - "9.2.c.v", - "9.2.c.vi", - "9.2.c.xii", - "11.4.2.c", - "11.6.1", - "11.6.2.c", - "12.2.2.a", - "12.2.2.b" - ], - "ProwlerThreatScore-1.0": [ - "1.2.4" - ], - "CIS-4.0": [ - "1.10" - ], - "CCC": [ - "CCC.GenAI.CN08.AR01", - "CCC.KeyMgmt.CN03.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR01", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.Core.CN13.AR03", - "CCC.Core.CN02.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04", - "CCC.Core.CN11.AR05", - "CCC.Core.CN11.AR06", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901392, - "created_time_dt": "2025-10-19T19:16:32.422645", - "desc": "Ensure KMS keys are rotated within a period of 90 days", - "title": "Ensure KMS keys are rotated within a period of 90 days", - "types": [], - "uid": "prowler-gcp-kms_key_rotation_enabled-nodal-time-474015-p5-us-central1-cfi-bucket-key-a03be2ac" - }, - "resources": [ - { - "region": "us-central1", - "data": { - "details": "", - "metadata": { - "id": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-a03be2ac/cryptoKeys/cfi-bucket-key-a03be2ac", - "name": "cfi-bucket-key-a03be2ac", - "location": "us-central1", - "rotation_period": null, - "next_rotation_time": null, - "key_ring": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-a03be2ac", - "members": [], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "cfi-bucket-key-a03be2ac", - "type": "CryptoKey", - "uid": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-a03be2ac/cryptoKeys/cfi-bucket-key-a03be2ac" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-central1" - }, - "remediation": { - "desc": "After a successful key rotation, the older key version is required in order to decrypt the data encrypted by that previous key version.", - "references": [ - "https://cloud.google.com/iam/docs/manage-access-service-accounts" - ] - }, - "risk_details": "Ensure that all your Cloud Key Management Service (KMS) keys are rotated within a period of 90 days in order to meet security and compliance requirements", - "time": 1760901392, - "time_dt": "2025-10-19T19:16:32.422645", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Key cfi-bucket-key-a1aaa547 is rotated every 90 days or less and the next rotation time is in less than 90 days.", - "metadata": { - "event_code": "kms_key_rotation_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "PASS", - "status_detail": "Key cfi-bucket-key-a1aaa547 is rotated every 90 days or less and the next rotation time is in less than 90 days.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.10" - ], - "ISO27001-2022": [ - "A.5.16", - "A.8.12", - "A.8.24" - ], - "ENS-RD2022": [ - "op.acc.6.r1.gcp.ip.1" - ], - "PCI-4.0": [ - "10.3.3.6", - "3.5.1.1.7", - "3.5.1.1.8", - "3.5.1.1.9", - "3.5.1.3.15", - "3.5.1.3.16", - "3.5.1.3.17", - "3.5.1.5", - "3.5.1.15", - "3.5.1.31", - "3.5.1.32", - "3.6.1.2.7", - "3.6.1.2.8", - "3.6.1.2.9", - "3.6.1.3.8", - "3.6.1.3.9", - "3.6.1.4.7", - "3.6.1.4.8", - "3.6.1.4.9", - "3.6.1.7", - "3.6.1.8", - "3.6.1.9", - "3.7.1.9", - "3.7.1.10", - "3.7.2.8", - "3.7.2.9", - "3.7.4.5", - "3.7.4.9", - "3.7.4.10", - "3.7.5.2", - "3.7.6.7", - "3.7.6.8", - "3.7.6.9", - "3.7.7.8", - "3.7.7.9", - "4.2.1.1.20", - "4.2.1.1.21", - "4.2.1.1.22", - "7.2.1.10", - "7.2.2.10", - "7.2.3.5", - "7.2.3.6", - "7.2.5.5", - "7.2.5.6", - "7.3.1.5", - "7.3.1.6", - "7.3.2.6", - "7.3.3.5", - "7.3.3.6", - "8.2.7.5", - "8.2.7.6", - "8.2.8.8", - "8.3.10.1.1", - "8.3.2.9", - "8.3.2.22", - "8.3.2.50", - "8.3.2.51", - "8.3.4.6", - "8.3.5.1", - "8.3.7.1", - "8.3.9.1", - "8.6.3.1", - "A1.2.1.11" - ], - "CIS-2.0": [ - "1.10" - ], - "NIS2": [ - "9.2.c", - "9.2.c.i", - "9.2.c.ii", - "9.2.c.v", - "9.2.c.vi", - "9.2.c.xii", - "11.4.2.c", - "11.6.1", - "11.6.2.c", - "12.2.2.a", - "12.2.2.b" - ], - "ProwlerThreatScore-1.0": [ - "1.2.4" - ], - "CIS-4.0": [ - "1.10" - ], - "CCC": [ - "CCC.GenAI.CN08.AR01", - "CCC.KeyMgmt.CN03.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR01", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.Core.CN13.AR03", - "CCC.Core.CN02.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04", - "CCC.Core.CN11.AR05", - "CCC.Core.CN11.AR06", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901392, - "created_time_dt": "2025-10-19T19:16:32.422645", - "desc": "Ensure KMS keys are rotated within a period of 90 days", - "title": "Ensure KMS keys are rotated within a period of 90 days", - "types": [], - "uid": "prowler-gcp-kms_key_rotation_enabled-nodal-time-474015-p5-us-central1-cfi-bucket-key-a1aaa547" - }, - "resources": [ - { - "region": "us-central1", - "data": { - "details": "", - "metadata": { - "id": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-a1aaa547/cryptoKeys/cfi-bucket-key-a1aaa547", - "name": "cfi-bucket-key-a1aaa547", - "location": "us-central1", - "rotation_period": "2592000s", - "next_rotation_time": "2025-11-16T00:25:56.259471Z", - "key_ring": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-a1aaa547", - "members": [], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "cfi-bucket-key-a1aaa547", - "type": "CryptoKey", - "uid": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-a1aaa547/cryptoKeys/cfi-bucket-key-a1aaa547" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-central1" - }, - "remediation": { - "desc": "After a successful key rotation, the older key version is required in order to decrypt the data encrypted by that previous key version.", - "references": [ - "https://cloud.google.com/iam/docs/manage-access-service-accounts" - ] - }, - "risk_details": "Ensure that all your Cloud Key Management Service (KMS) keys are rotated within a period of 90 days in order to meet security and compliance requirements", - "time": 1760901392, - "time_dt": "2025-10-19T19:16:32.422645", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Key cfi-bucket-key-e7619e1f is not rotated every 90 days or less and the next rotation time is in more than 90 days.", - "metadata": { - "event_code": "kms_key_rotation_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "Key cfi-bucket-key-e7619e1f is not rotated every 90 days or less and the next rotation time is in more than 90 days.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.10" - ], - "ISO27001-2022": [ - "A.5.16", - "A.8.12", - "A.8.24" - ], - "ENS-RD2022": [ - "op.acc.6.r1.gcp.ip.1" - ], - "PCI-4.0": [ - "10.3.3.6", - "3.5.1.1.7", - "3.5.1.1.8", - "3.5.1.1.9", - "3.5.1.3.15", - "3.5.1.3.16", - "3.5.1.3.17", - "3.5.1.5", - "3.5.1.15", - "3.5.1.31", - "3.5.1.32", - "3.6.1.2.7", - "3.6.1.2.8", - "3.6.1.2.9", - "3.6.1.3.8", - "3.6.1.3.9", - "3.6.1.4.7", - "3.6.1.4.8", - "3.6.1.4.9", - "3.6.1.7", - "3.6.1.8", - "3.6.1.9", - "3.7.1.9", - "3.7.1.10", - "3.7.2.8", - "3.7.2.9", - "3.7.4.5", - "3.7.4.9", - "3.7.4.10", - "3.7.5.2", - "3.7.6.7", - "3.7.6.8", - "3.7.6.9", - "3.7.7.8", - "3.7.7.9", - "4.2.1.1.20", - "4.2.1.1.21", - "4.2.1.1.22", - "7.2.1.10", - "7.2.2.10", - "7.2.3.5", - "7.2.3.6", - "7.2.5.5", - "7.2.5.6", - "7.3.1.5", - "7.3.1.6", - "7.3.2.6", - "7.3.3.5", - "7.3.3.6", - "8.2.7.5", - "8.2.7.6", - "8.2.8.8", - "8.3.10.1.1", - "8.3.2.9", - "8.3.2.22", - "8.3.2.50", - "8.3.2.51", - "8.3.4.6", - "8.3.5.1", - "8.3.7.1", - "8.3.9.1", - "8.6.3.1", - "A1.2.1.11" - ], - "CIS-2.0": [ - "1.10" - ], - "NIS2": [ - "9.2.c", - "9.2.c.i", - "9.2.c.ii", - "9.2.c.v", - "9.2.c.vi", - "9.2.c.xii", - "11.4.2.c", - "11.6.1", - "11.6.2.c", - "12.2.2.a", - "12.2.2.b" - ], - "ProwlerThreatScore-1.0": [ - "1.2.4" - ], - "CIS-4.0": [ - "1.10" - ], - "CCC": [ - "CCC.GenAI.CN08.AR01", - "CCC.KeyMgmt.CN03.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR01", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.Core.CN13.AR03", - "CCC.Core.CN02.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04", - "CCC.Core.CN11.AR05", - "CCC.Core.CN11.AR06", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901392, - "created_time_dt": "2025-10-19T19:16:32.422645", - "desc": "Ensure KMS keys are rotated within a period of 90 days", - "title": "Ensure KMS keys are rotated within a period of 90 days", - "types": [], - "uid": "prowler-gcp-kms_key_rotation_enabled-nodal-time-474015-p5-us-central1-cfi-bucket-key-e7619e1f" - }, - "resources": [ - { - "region": "us-central1", - "data": { - "details": "", - "metadata": { - "id": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-e7619e1f/cryptoKeys/cfi-bucket-key-e7619e1f", - "name": "cfi-bucket-key-e7619e1f", - "location": "us-central1", - "rotation_period": null, - "next_rotation_time": null, - "key_ring": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-e7619e1f", - "members": [], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "cfi-bucket-key-e7619e1f", - "type": "CryptoKey", - "uid": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-e7619e1f/cryptoKeys/cfi-bucket-key-e7619e1f" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-central1" - }, - "remediation": { - "desc": "After a successful key rotation, the older key version is required in order to decrypt the data encrypted by that previous key version.", - "references": [ - "https://cloud.google.com/iam/docs/manage-access-service-accounts" - ] - }, - "risk_details": "Ensure that all your Cloud Key Management Service (KMS) keys are rotated within a period of 90 days in order to meet security and compliance requirements", - "time": 1760901392, - "time_dt": "2025-10-19T19:16:32.422645", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Key cfi-bucket-key-f5bc86ea is not rotated every 90 days or less and the next rotation time is in more than 90 days.", - "metadata": { - "event_code": "kms_key_rotation_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "Key cfi-bucket-key-f5bc86ea is not rotated every 90 days or less and the next rotation time is in more than 90 days.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.10" - ], - "ISO27001-2022": [ - "A.5.16", - "A.8.12", - "A.8.24" - ], - "ENS-RD2022": [ - "op.acc.6.r1.gcp.ip.1" - ], - "PCI-4.0": [ - "10.3.3.6", - "3.5.1.1.7", - "3.5.1.1.8", - "3.5.1.1.9", - "3.5.1.3.15", - "3.5.1.3.16", - "3.5.1.3.17", - "3.5.1.5", - "3.5.1.15", - "3.5.1.31", - "3.5.1.32", - "3.6.1.2.7", - "3.6.1.2.8", - "3.6.1.2.9", - "3.6.1.3.8", - "3.6.1.3.9", - "3.6.1.4.7", - "3.6.1.4.8", - "3.6.1.4.9", - "3.6.1.7", - "3.6.1.8", - "3.6.1.9", - "3.7.1.9", - "3.7.1.10", - "3.7.2.8", - "3.7.2.9", - "3.7.4.5", - "3.7.4.9", - "3.7.4.10", - "3.7.5.2", - "3.7.6.7", - "3.7.6.8", - "3.7.6.9", - "3.7.7.8", - "3.7.7.9", - "4.2.1.1.20", - "4.2.1.1.21", - "4.2.1.1.22", - "7.2.1.10", - "7.2.2.10", - "7.2.3.5", - "7.2.3.6", - "7.2.5.5", - "7.2.5.6", - "7.3.1.5", - "7.3.1.6", - "7.3.2.6", - "7.3.3.5", - "7.3.3.6", - "8.2.7.5", - "8.2.7.6", - "8.2.8.8", - "8.3.10.1.1", - "8.3.2.9", - "8.3.2.22", - "8.3.2.50", - "8.3.2.51", - "8.3.4.6", - "8.3.5.1", - "8.3.7.1", - "8.3.9.1", - "8.6.3.1", - "A1.2.1.11" - ], - "CIS-2.0": [ - "1.10" - ], - "NIS2": [ - "9.2.c", - "9.2.c.i", - "9.2.c.ii", - "9.2.c.v", - "9.2.c.vi", - "9.2.c.xii", - "11.4.2.c", - "11.6.1", - "11.6.2.c", - "12.2.2.a", - "12.2.2.b" - ], - "ProwlerThreatScore-1.0": [ - "1.2.4" - ], - "CIS-4.0": [ - "1.10" - ], - "CCC": [ - "CCC.GenAI.CN08.AR01", - "CCC.KeyMgmt.CN03.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR01", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.Core.CN13.AR03", - "CCC.Core.CN02.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04", - "CCC.Core.CN11.AR05", - "CCC.Core.CN11.AR06", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901392, - "created_time_dt": "2025-10-19T19:16:32.422645", - "desc": "Ensure KMS keys are rotated within a period of 90 days", - "title": "Ensure KMS keys are rotated within a period of 90 days", - "types": [], - "uid": "prowler-gcp-kms_key_rotation_enabled-nodal-time-474015-p5-us-central1-cfi-bucket-key-f5bc86ea" - }, - "resources": [ - { - "region": "us-central1", - "data": { - "details": "", - "metadata": { - "id": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-f5bc86ea/cryptoKeys/cfi-bucket-key-f5bc86ea", - "name": "cfi-bucket-key-f5bc86ea", - "location": "us-central1", - "rotation_period": null, - "next_rotation_time": null, - "key_ring": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-f5bc86ea", - "members": [], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "cfi-bucket-key-f5bc86ea", - "type": "CryptoKey", - "uid": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-f5bc86ea/cryptoKeys/cfi-bucket-key-f5bc86ea" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-central1" - }, - "remediation": { - "desc": "After a successful key rotation, the older key version is required in order to decrypt the data encrypted by that previous key version.", - "references": [ - "https://cloud.google.com/iam/docs/manage-access-service-accounts" - ] - }, - "risk_details": "Ensure that all your Cloud Key Management Service (KMS) keys are rotated within a period of 90 days in order to meet security and compliance requirements", - "time": 1760901392, - "time_dt": "2025-10-19T19:16:32.422645", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There are no log metric filters or alerts associated in project nodal-time-474015-p5.", - "metadata": { - "event_code": "logging_log_metric_filter_and_alert_for_audit_configuration_changes_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "There are no log metric filters or alerts associated in project nodal-time-474015-p5.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "2.5" - ], - "SOC2": [ - "cc_2_1", - "cc_5_2", - "cc_7_2", - "cc_7_3", - "cc_7_4", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "ENS-RD2022": [ - "op.exp.1.r2.gcp.cai.1", - "op.exp.4.r4.gcp.log.1", - "op.mon.3.r6.gcp.scc.1" - ], - "PCI-4.0": [ - "10.2.1.1.7", - "10.2.1.1.10", - "10.2.1.1.20", - "10.2.1.1.36", - "10.2.1.2.7", - "10.2.1.2.8", - "10.2.1.3.7", - "10.2.1.3.8", - "10.2.1.3.17", - "10.2.1.4.7", - "10.2.1.4.8", - "10.2.1.5.7", - "10.2.1.6.7", - "10.2.1.7.7", - "10.2.1.7", - "10.2.1.17", - "10.2.1.18", - "10.2.2.7", - "10.2.2.8", - "10.2.2.15", - "10.2.2.18", - "10.3.1.7", - "10.3.1.8", - "10.3.2.2", - "10.3.3.4", - "10.3.4.3", - "10.3.4.6", - "10.5.1.3", - "10.6.3.7", - "10.6.3.10", - "10.6.3.22", - "10.6.3.24", - "10.6.3.41", - "11.5.2.4", - "11.6.1.4", - "12.10.5.3", - "12.10.5.4", - "5.3.4.8", - "5.3.4.20", - "5.3.4.21", - "A1.2.1.7", - "A1.2.1.8", - "A1.2.1.12", - "A3.3.1.6", - "A3.5.1.6" - ], - "MITRE-ATTACK": [ - "T1485", - "T1499", - "T1496" - ], - "CIS-2.0": [ - "2.5" - ], - "NIS2": [ - "1.1.2", - "2.1.2.h", - "2.2.1", - "3.2.1", - "3.2.3.b", - "3.2.3.f", - "3.2.4", - "3.4.1", - "3.6.2", - "6.4.1", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "1.3.5" - ], - "CIS-4.0": [ - "2.5" - ], - "CCC": [ - "CCC.AuditLog.CN01.AR01", - "CCC.AuditLog.CN01.AR02", - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN03.AR02", - "CCC.DataWar.CN03.AR01", - "CCC.GenAI.CN03.AR01", - "CCC.LB.CN01.AR01", - "CCC.LB.CN05.AR01", - "CCC.LB.CN09.AR01", - "CCC.Logging.CN06.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Monitor.CN02.AR01", - "CCC.Monitor.CN05.AR01", - "CCC.Vector.CN05.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR02", - "CCC.Core.CN04.AR03", - "CCC.Core.CN07.AR01", - "CCC.Core.CN07.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901392, - "created_time_dt": "2025-10-19T19:16:32.422645", - "desc": "Ensure That the Log Metric Filter and Alerts Exist for Audit Configuration Changes.", - "title": "Ensure That the Log Metric Filter and Alerts Exist for Audit Configuration Changes.", - "types": [], - "uid": "prowler-gcp-logging_log_metric_filter_and_alert_for_audit_configuration_changes_enabled-nodal-time-474015-p5-global-My First Project" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "number": 784623368087, - "id": "nodal-time-474015-p5", - "name": "My First Project", - "organization": null, - "labels": {}, - "lifecycle_state": "ACTIVE" - } - }, - "group": { - "name": "logging" - }, - "labels": [], - "name": "My First Project", - "type": "MetricFilter", - "uid": "nodal-time-474015-p5" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "By using Google Cloud alerting policies to detect audit configuration changes, you make sure that the recommended state of audit configuration is well maintained so that all the activities performed within your GCP project are available for security analysis and auditing at any point in time.", - "references": [ - "https://cloud.google.com/monitoring/alerts" - ] - }, - "risk_details": "Admin Activity audit logs and Data Access audit logs produced by the Google Cloud Audit Logs service can be extremely useful for security analysis, resource change tracking, and compliance auditing.", - "time": 1760901392, - "time_dt": "2025-10-19T19:16:32.422645", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There are no log metric filters or alerts associated in project nodal-time-474015-p5.", - "metadata": { - "event_code": "logging_log_metric_filter_and_alert_for_bucket_permission_changes_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "There are no log metric filters or alerts associated in project nodal-time-474015-p5.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "2.10" - ], - "SOC2": [ - "cc_2_1", - "cc_3_3", - "cc_5_2", - "cc_7_2", - "cc_7_3", - "cc_7_4", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "ENS-RD2022": [ - "op.exp.1.r2.gcp.cai.1" - ], - "PCI-4.0": [ - "10.2.1.1.7", - "10.2.1.1.9", - "10.2.1.1.30", - "10.2.1.2.7", - "10.2.1.2.27", - "10.2.1.3.7", - "10.2.1.4.27", - "10.2.1.5.7", - "10.2.1.5.27", - "10.2.1.6.7", - "10.2.1.6.27", - "10.2.1.7.7", - "10.2.1.7.27", - "10.2.1.7", - "10.2.1.27", - "10.2.2.7", - "10.2.2.27", - "10.3.1.7", - "10.3.1.27", - "10.4.1.1.2", - "10.4.1.2", - "10.4.2.3", - "10.6.3.7", - "10.6.3.9", - "10.6.3.34", - "10.6.3.41", - "10.7.1.4", - "10.7.2.4", - "11.5.2.5", - "12.10.5.3", - "5.3.4.7", - "5.3.4.32", - "7.2.2.2", - "A1.2.1.7", - "A1.2.1.32", - "A3.3.1.4", - "A3.5.1.4" - ], - "MITRE-ATTACK": [ - "T1485", - "T1499", - "T1496" - ], - "CIS-2.0": [ - "2.10" - ], - "NIS2": [ - "1.1.2", - "2.1.2.h", - "2.2.1", - "3.2.1", - "3.2.3.b", - "3.2.3.f", - "3.2.4", - "3.4.1", - "3.6.2", - "6.2.2.b", - "6.4.1", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.5" - ], - "CIS-4.0": [ - "2.10" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.Logging.CN06.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Monitor.CN02.AR01", - "CCC.Monitor.CN05.AR01", - "CCC.Vector.CN05.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR02", - "CCC.Core.CN04.AR03", - "CCC.Core.CN07.AR01", - "CCC.Core.CN07.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901392, - "created_time_dt": "2025-10-19T19:16:32.422645", - "desc": "Ensure That the Log Metric Filter and Alerts Exist for Cloud Storage IAM Permission Changes.", - "title": "Ensure That the Log Metric Filter and Alerts Exist for Cloud Storage IAM Permission Changes.", - "types": [], - "uid": "prowler-gcp-logging_log_metric_filter_and_alert_for_bucket_permission_changes_enabled-nodal-time-474015-p5-global-My First Project" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "number": 784623368087, - "id": "nodal-time-474015-p5", - "name": "My First Project", - "organization": null, - "labels": {}, - "lifecycle_state": "ACTIVE" - } - }, - "group": { - "name": "logging" - }, - "labels": [], - "name": "My First Project", - "type": "MetricFilter", - "uid": "nodal-time-474015-p5" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended that a metric filter and alarm be established for Cloud Storage Bucket IAM changes.", - "references": [ - "https://cloud.google.com/monitoring/alerts" - ] - }, - "risk_details": "Monitoring changes to cloud storage bucket permissions may reduce the time needed to detect and correct permissions on sensitive cloud storage buckets and objects inside the bucket.", - "time": 1760901392, - "time_dt": "2025-10-19T19:16:32.422645", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There are no log metric filters or alerts associated in project nodal-time-474015-p5.", - "metadata": { - "event_code": "logging_log_metric_filter_and_alert_for_custom_role_changes_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "There are no log metric filters or alerts associated in project nodal-time-474015-p5.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "2.6" - ], - "SOC2": [ - "cc_2_1", - "cc_5_2", - "cc_7_2", - "cc_7_3", - "cc_7_4", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "ENS-RD2022": [ - "opc.acc.1.r1.gcp.iam.2" - ], - "PCI-4.0": [ - "7.3.1.12", - "7.3.2.13" - ], - "MITRE-ATTACK": [ - "T1485", - "T1499", - "T1496" - ], - "CIS-2.0": [ - "2.6" - ], - "NIS2": [ - "1.1.2", - "2.1.2.h", - "2.2.1", - "3.2.1", - "3.2.3.b", - "3.2.3.d", - "3.2.3.f", - "3.2.4", - "3.4.1", - "3.6.2", - "6.4.1", - "7.2.b", - "11.2.2.e", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "1.3.6" - ], - "CIS-4.0": [ - "2.6" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.LB.CN05.AR01", - "CCC.LB.CN09.AR01", - "CCC.Logging.CN06.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Monitor.CN02.AR01", - "CCC.Monitor.CN05.AR01", - "CCC.Vector.CN05.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR02", - "CCC.Core.CN04.AR03", - "CCC.Core.CN07.AR01", - "CCC.Core.CN07.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901392, - "created_time_dt": "2025-10-19T19:16:32.422645", - "desc": "Ensure That the Log Metric Filter and Alerts Exist for Custom Role Changes.", - "title": "Ensure That the Log Metric Filter and Alerts Exist for Custom Role Changes.", - "types": [], - "uid": "prowler-gcp-logging_log_metric_filter_and_alert_for_custom_role_changes_enabled-nodal-time-474015-p5-global-My First Project" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "number": 784623368087, - "id": "nodal-time-474015-p5", - "name": "My First Project", - "organization": null, - "labels": {}, - "lifecycle_state": "ACTIVE" - } - }, - "group": { - "name": "logging" - }, - "labels": [], - "name": "My First Project", - "type": "MetricFilter", - "uid": "nodal-time-474015-p5" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended that a metric filter and alarm be established for changes to Identity and Access Management (IAM) role creation, deletion and updating activities.", - "references": [ - "https://cloud.google.com/monitoring/alerts" - ] - }, - "risk_details": "Google Cloud IAM provides predefined roles that give granular access to specific Google Cloud Platform resources and prevent unwanted access to other resources.", - "time": 1760901392, - "time_dt": "2025-10-19T19:16:32.422645", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There are no log metric filters or alerts associated in project nodal-time-474015-p5.", - "metadata": { - "event_code": "logging_log_metric_filter_and_alert_for_project_ownership_changes_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "There are no log metric filters or alerts associated in project nodal-time-474015-p5.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "2.4" - ], - "SOC2": [ - "cc_2_1", - "cc_3_3", - "cc_5_2", - "cc_7_2", - "cc_7_3", - "cc_7_4", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "ENS-RD2022": [ - "opc.acc.1.r1.gcp.iam.2", - "op.acc.3.r1.gcp.iam.1" - ], - "MITRE-ATTACK": [ - "T1485", - "T1499", - "T1496" - ], - "CIS-2.0": [ - "2.4" - ], - "NIS2": [ - "1.1.2", - "2.1.2.h", - "2.2.1", - "3.2.1", - "3.2.3.b", - "3.2.3.f", - "3.2.4", - "3.4.1", - "3.6.2", - "6.4.1", - "7.2.b", - "11.2.2.e", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "1.3.4" - ], - "CIS-4.0": [ - "2.4" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.LB.CN05.AR01", - "CCC.Logging.CN06.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Monitor.CN02.AR01", - "CCC.Monitor.CN05.AR01", - "CCC.Vector.CN05.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR02", - "CCC.Core.CN04.AR03", - "CCC.Core.CN07.AR01", - "CCC.Core.CN07.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901392, - "created_time_dt": "2025-10-19T19:16:32.422645", - "desc": "Ensure Log Metric Filter and Alerts Exist for Project Ownership Assignments/Changes.", - "title": "Ensure Log Metric Filter and Alerts Exist for Project Ownership Assignments/Changes.", - "types": [], - "uid": "prowler-gcp-logging_log_metric_filter_and_alert_for_project_ownership_changes_enabled-nodal-time-474015-p5-global-My First Project" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "number": 784623368087, - "id": "nodal-time-474015-p5", - "name": "My First Project", - "organization": null, - "labels": {}, - "lifecycle_state": "ACTIVE" - } - }, - "group": { - "name": "logging" - }, - "labels": [], - "name": "My First Project", - "type": "MetricFilter", - "uid": "nodal-time-474015-p5" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "Using Google Cloud alerting policies to detect ownership assignments/changes will help you maintain the right access permissions for each IAM member created within your project, follow the security principle of least privilege, and prevent any accidental or intentional changes that may lead to unauthorized actions.", - "references": [ - "https://cloud.google.com/monitoring/alerts" - ] - }, - "risk_details": "Project ownership has the highest level of privileges on a GCP project. These privileges include viewer permissions on all GCP services inside the project, permission to modify the state of all GCP services within the project, set up billing and manage roles and permissions for the project and all the resources inside the project.", - "time": 1760901392, - "time_dt": "2025-10-19T19:16:32.422645", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There are no log metric filters or alerts associated in project nodal-time-474015-p5.", - "metadata": { - "event_code": "logging_log_metric_filter_and_alert_for_sql_instance_configuration_changes_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "There are no log metric filters or alerts associated in project nodal-time-474015-p5.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "2.11" - ], - "SOC2": [ - "cc_2_1", - "cc_3_3", - "cc_5_2", - "cc_7_2", - "cc_7_3", - "cc_7_4", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "ENS-RD2022": [ - "mp.s.4.r1.gcp.app.1" - ], - "PCI-4.0": [ - "10.2.1.1.9", - "10.2.1.3.22", - "10.2.2.22", - "10.4.2.3", - "10.7.1.4", - "A3.3.1.4" - ], - "MITRE-ATTACK": [ - "T1485", - "T1499", - "T1496" - ], - "CIS-2.0": [ - "2.11" - ], - "NIS2": [ - "1.1.2", - "2.1.2.h", - "2.2.1", - "3.2.1", - "3.2.3.b", - "3.2.3.f", - "3.2.4", - "3.4.1", - "3.6.2", - "6.4.1", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.6" - ], - "CIS-4.0": [ - "2.11" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.LB.CN09.AR01", - "CCC.Logging.CN06.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Monitor.CN02.AR01", - "CCC.Monitor.CN05.AR01", - "CCC.Vector.CN05.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR02", - "CCC.Core.CN04.AR03", - "CCC.Core.CN07.AR01", - "CCC.Core.CN07.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901392, - "created_time_dt": "2025-10-19T19:16:32.422645", - "desc": "Ensure That the Log Metric Filter and Alerts Exist for SQL Instance Configuration Changes.", - "title": "Ensure That the Log Metric Filter and Alerts Exist for SQL Instance Configuration Changes.", - "types": [], - "uid": "prowler-gcp-logging_log_metric_filter_and_alert_for_sql_instance_configuration_changes_enabled-nodal-time-474015-p5-global-My First Project" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "number": 784623368087, - "id": "nodal-time-474015-p5", - "name": "My First Project", - "organization": null, - "labels": {}, - "lifecycle_state": "ACTIVE" - } - }, - "group": { - "name": "logging" - }, - "labels": [], - "name": "My First Project", - "type": "MetricFilter", - "uid": "nodal-time-474015-p5" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended that a metric filter and alarm be established for SQL instance configuration changes.", - "references": [ - "https://cloud.google.com/monitoring/alerts" - ] - }, - "risk_details": "Monitoring changes to SQL instance configuration changes may reduce the time needed to detect and correct misconfigurations done on the SQL server.", - "time": 1760901392, - "time_dt": "2025-10-19T19:16:32.422645", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There are no log metric filters or alerts associated in project nodal-time-474015-p5.", - "metadata": { - "event_code": "logging_log_metric_filter_and_alert_for_vpc_firewall_rule_changes_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "There are no log metric filters or alerts associated in project nodal-time-474015-p5.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "2.7" - ], - "SOC2": [ - "cc_2_1", - "cc_5_2", - "cc_7_2", - "cc_7_3", - "cc_7_4", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "ENS-RD2022": [ - "op.exp.8.gcp.nt.1", - "op.exp.8.r1.gcp.nt.1" - ], - "PCI-4.0": [ - "1.3.2.27", - "10.2.1.1.9", - "10.2.1.1.24", - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.21", - "10.3.1.29", - "10.4.1.1.7", - "10.4.2.7", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "10.6.3.41", - "10.7.1.4", - "10.7.1.8", - "5.3.4.8", - "5.3.4.24", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "MITRE-ATTACK": [ - "T1485", - "T1499", - "T1496" - ], - "CIS-2.0": [ - "2.7" - ], - "NIS2": [ - "1.1.2", - "2.1.2.g", - "2.1.2.h", - "2.2.1", - "3.2.1", - "3.2.3.b", - "3.2.3.f", - "3.2.3.g", - "3.2.4", - "3.4.1", - "3.6.2", - "6.4.1", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.2" - ], - "CIS-4.0": [ - "2.7" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.LB.CN01.AR01", - "CCC.LB.CN05.AR01", - "CCC.LB.CN09.AR01", - "CCC.Logging.CN06.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Monitor.CN02.AR01", - "CCC.Monitor.CN05.AR01", - "CCC.Vector.CN05.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR02", - "CCC.Core.CN04.AR03", - "CCC.Core.CN07.AR01", - "CCC.Core.CN07.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901392, - "created_time_dt": "2025-10-19T19:16:32.422645", - "desc": "Ensure That the Log Metric Filter and Alerts Exist for VPC Network Firewall Rule Changes.", - "title": "Ensure That the Log Metric Filter and Alerts Exist for VPC Network Firewall Rule Changes.", - "types": [], - "uid": "prowler-gcp-logging_log_metric_filter_and_alert_for_vpc_firewall_rule_changes_enabled-nodal-time-474015-p5-global-My First Project" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "number": 784623368087, - "id": "nodal-time-474015-p5", - "name": "My First Project", - "organization": null, - "labels": {}, - "lifecycle_state": "ACTIVE" - } - }, - "group": { - "name": "logging" - }, - "labels": [], - "name": "My First Project", - "type": "MetricFilter", - "uid": "nodal-time-474015-p5" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended that a metric filter and alarm be established for Virtual Private Cloud (VPC) Network Firewall rule changes.", - "references": [ - "https://cloud.google.com/monitoring/alerts" - ] - }, - "risk_details": "Monitoring for Create or Update Firewall rule events gives insight to network access changes and may reduce the time it takes to detect suspicious activity.", - "time": 1760901392, - "time_dt": "2025-10-19T19:16:32.422645", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There are no log metric filters or alerts associated in project nodal-time-474015-p5.", - "metadata": { - "event_code": "logging_log_metric_filter_and_alert_for_vpc_network_changes_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "There are no log metric filters or alerts associated in project nodal-time-474015-p5.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "2.9" - ], - "SOC2": [ - "cc_2_1", - "cc_3_3", - "cc_5_2", - "cc_7_2", - "cc_7_3", - "cc_7_4", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.8.gcp.nt.1", - "op.exp.8.r1.gcp.nt.1", - "mp.com.4.r4.gcp.net.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.34" - ], - "MITRE-ATTACK": [ - "T1485", - "T1499", - "T1496" - ], - "CIS-2.0": [ - "2.9" - ], - "NIS2": [ - "1.1.2", - "2.1.2.e", - "2.1.2.g", - "2.1.2.h", - "2.2.1", - "2.3.1", - "3.2.1", - "3.2.3.b", - "3.2.3.f", - "3.2.4", - "3.4.1", - "3.6.2", - "6.4.1", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.4" - ], - "CIS-4.0": [ - "2.9" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.LB.CN01.AR01", - "CCC.LB.CN04.AR01", - "CCC.LB.CN05.AR01", - "CCC.LB.CN09.AR01", - "CCC.Logging.CN06.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Monitor.CN02.AR01", - "CCC.Monitor.CN05.AR01", - "CCC.Vector.CN05.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR02", - "CCC.Core.CN04.AR03", - "CCC.Core.CN07.AR01", - "CCC.Core.CN07.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901392, - "created_time_dt": "2025-10-19T19:16:32.422645", - "desc": "Ensure That the Log Metric Filter and Alerts Exist for VPC Network Changes.", - "title": "Ensure That the Log Metric Filter and Alerts Exist for VPC Network Changes.", - "types": [], - "uid": "prowler-gcp-logging_log_metric_filter_and_alert_for_vpc_network_changes_enabled-nodal-time-474015-p5-global-My First Project" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "number": 784623368087, - "id": "nodal-time-474015-p5", - "name": "My First Project", - "organization": null, - "labels": {}, - "lifecycle_state": "ACTIVE" - } - }, - "group": { - "name": "logging" - }, - "labels": [], - "name": "My First Project", - "type": "MetricFilter", - "uid": "nodal-time-474015-p5" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended that a metric filter and alarm be established for Virtual Private Cloud (VPC) network changes.", - "references": [ - "https://cloud.google.com/monitoring/alerts" - ] - }, - "risk_details": "Monitoring changes to a VPC will help ensure VPC traffic flow is not getting impacted.", - "time": 1760901392, - "time_dt": "2025-10-19T19:16:32.422645", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There are no log metric filters or alerts associated in project nodal-time-474015-p5.", - "metadata": { - "event_code": "logging_log_metric_filter_and_alert_for_vpc_network_route_changes_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "There are no log metric filters or alerts associated in project nodal-time-474015-p5.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "2.8" - ], - "SOC2": [ - "cc_2_1", - "cc_3_3", - "cc_5_2", - "cc_7_2", - "cc_7_3", - "cc_7_4", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.8.gcp.nt.1", - "op.exp.8.r1.gcp.nt.1" - ], - "PCI-4.0": [ - "1.5.1.18", - "10.2.1.5.21", - "10.2.1.21" - ], - "MITRE-ATTACK": [ - "T1485", - "T1499", - "T1496" - ], - "CIS-2.0": [ - "2.8" - ], - "NIS2": [ - "1.1.2", - "2.1.2.e", - "2.1.2.g", - "2.1.2.h", - "2.2.1", - "2.3.1", - "3.2.1", - "3.2.3.b", - "3.2.3.f", - "3.2.4", - "3.4.1", - "3.6.2", - "6.4.1", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.3" - ], - "CIS-4.0": [ - "2.8" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.LB.CN01.AR01", - "CCC.LB.CN04.AR01", - "CCC.LB.CN05.AR01", - "CCC.LB.CN09.AR01", - "CCC.Logging.CN06.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Monitor.CN02.AR01", - "CCC.Monitor.CN05.AR01", - "CCC.Vector.CN05.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR02", - "CCC.Core.CN04.AR03", - "CCC.Core.CN07.AR01", - "CCC.Core.CN07.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901392, - "created_time_dt": "2025-10-19T19:16:32.422645", - "desc": "Ensure That the Log Metric Filter and Alerts Exist for VPC Network Route Changes.", - "title": "Ensure That the Log Metric Filter and Alerts Exist for VPC Network Route Changes.", - "types": [], - "uid": "prowler-gcp-logging_log_metric_filter_and_alert_for_vpc_network_route_changes_enabled-nodal-time-474015-p5-global-My First Project" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "number": 784623368087, - "id": "nodal-time-474015-p5", - "name": "My First Project", - "organization": null, - "labels": {}, - "lifecycle_state": "ACTIVE" - } - }, - "group": { - "name": "logging" - }, - "labels": [], - "name": "My First Project", - "type": "MetricFilter", - "uid": "nodal-time-474015-p5" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended that a metric filter and alarm be established for Virtual Private Cloud (VPC) network route changes.", - "references": [ - "https://cloud.google.com/monitoring/alerts" - ] - }, - "risk_details": "Monitoring changes to route tables will help ensure that all VPC traffic flows through an expected path.", - "time": 1760901392, - "time_dt": "2025-10-19T19:16:32.422645", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There are no logging sinks to export copies of all the log entries in project nodal-time-474015-p5.", - "metadata": { - "event_code": "logging_sink_created", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "There are no logging sinks to export copies of all the log entries in project nodal-time-474015-p5.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_2_1", - "cc_5_2", - "cc_7_2", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "ENS-RD2022": [ - "op.exp.8.r5.gcp.cl.1", - "op.ext.3.gcp.log.2" - ], - "PCI-4.0": [ - "10.5.1.3", - "11.5.2.4", - "12.10.5.4", - "A3.3.1.6", - "A3.5.1.6" - ], - "MITRE-ATTACK": [ - "T1562", - "T1049" - ], - "CIS-2.0": [ - "2.2" - ], - "NIS2": [ - "2.1.2.h", - "3.2.1", - "3.2.5", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "CCC": [ - "CCC.AuditLog.CN01.AR01", - "CCC.AuditLog.CN01.AR02", - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN03.AR02", - "CCC.AuditLog.CN04.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.AuditLog.CN06.AR01", - "CCC.AuditLog.CN07.AR01", - "CCC.DataWar.CN03.AR01", - "CCC.GenAI.CN03.AR01", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.LB.CN01.AR01", - "CCC.LB.CN01.AR02", - "CCC.LB.CN06.AR01", - "CCC.LB.CN04.AR01", - "CCC.LB.CN05.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Logging.CN05.AR01", - "CCC.Logging.CN06.AR01", - "CCC.ObjStor.CN06.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Monitor.CN02.AR01", - "CCC.Monitor.CN05.AR01", - "CCC.Vector.CN05.AR01", - "CCC.Core.CN09.AR01", - "CCC.Core.CN09.AR02", - "CCC.Core.CN09.AR03", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR02", - "CCC.Core.CN04.AR03", - "CCC.Core.CN07.AR01", - "CCC.Core.CN07.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760901392, - "created_time_dt": "2025-10-19T19:16:32.422645", - "desc": "Ensure there is at least one sink used to export copies of all the log entries.", - "title": "Ensure there is at least one sink used to export copies of all the log entries.", - "types": [], - "uid": "prowler-gcp-logging_sink_created-nodal-time-474015-p5-global-My First Project" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "number": 784623368087, - "id": "nodal-time-474015-p5", - "name": "My First Project", - "organization": null, - "labels": {}, - "lifecycle_state": "ACTIVE" - } - }, - "group": { - "name": "logging" - }, - "labels": [], - "name": "My First Project", - "type": "Sink", - "uid": "nodal-time-474015-p5" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended to create a sink that will export copies of all the log entries. This can help aggregate logs from multiple projects and export them to a Security Information and Event Management (SIEM).", - "references": [ - "https://cloud.google.com/logging/docs/export" - ] - }, - "risk_details": "If sinks are not created, logs would be deleted after the configured retention period, and would not be backed up.", - "time": 1760901392, - "time_dt": "2025-10-19T19:16:32.422645", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - } -] diff --git a/website/src/data/test-results/finos-labs-ccc-cfi-compliance/gcp-sql-database/results/gcp-sql-database-complete.ocsf.json b/website/src/data/test-results/finos-labs-ccc-cfi-compliance/gcp-sql-database/results/gcp-sql-database-complete.ocsf.json deleted file mode 100644 index 5c18f155..00000000 --- a/website/src/data/test-results/finos-labs-ccc-cfi-compliance/gcp-sql-database/results/gcp-sql-database-complete.ocsf.json +++ /dev/null @@ -1,27939 +0,0 @@ -[ - { - "message": "AR Container Analysis is not enabled in project nodal-time-474015-p5.", - "metadata": { - "event_code": "artifacts_container_analysis_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "AR Container Analysis is not enabled in project nodal-time-474015-p5.", - "status_id": 1, - "unmapped": { - "related_url": "https://cloud.google.com/artifact-analysis/docs", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "By default, AR Container Analysis is disabled.", - "compliance": { - "SOC2": [ - "cc_3_1" - ], - "ENS-RD2022": [ - "op.exp.4.r4.gcp.log.1", - "op.mon.3.gcp.scc.1" - ], - "PCI-4.0": [ - "11.3.1.2.1", - "11.3.1.3.3", - "11.3.1.3" - ], - "MITRE-ATTACK": [ - "T1525" - ], - "NIS2": [ - "5.1.4.f", - "5.1.7.d", - "6.1.2.b", - "6.6.1.a", - "6.9.2", - "9.2.a" - ], - "CCC": [ - "CCC.CntrReg.CN01.AR01", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.MLDE.CN05.AR01", - "CCC.MLDE.CN05.AR02", - "CCC.MLDE.CN06.AR01" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "Scan images stored in Google Container Registry (GCR) for vulnerabilities using AR Container Analysis or a third-party provider. This helps identify and mitigate security risks associated with known vulnerabilities in container images.", - "title": "Ensure Image Vulnerability Analysis using AR Container Analysis or a third-party provider", - "types": [ - "Security", - "Configuration" - ], - "uid": "prowler-gcp-artifacts_container_analysis_enabled-nodal-time-474015-p5-global-AR Container Analysis" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "number": 784623368087, - "id": "nodal-time-474015-p5", - "name": "My First Project", - "organization": null, - "labels": {}, - "lifecycle_state": "ACTIVE" - } - }, - "group": { - "name": "artifacts" - }, - "labels": [], - "name": "AR Container Analysis", - "type": "Service", - "uid": "containeranalysis.googleapis.com" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "Enable vulnerability scanning for images stored in Artifact Registry using AR Container Analysis or a third-party provider.", - "references": [ - "https://cloud.google.com/artifact-analysis/docs/container-scanning-overview" - ] - }, - "risk_details": "Without image vulnerability scanning, container images stored in Artifact Registry may contain known vulnerabilities, increasing the risk of exploitation by malicious actors.", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Database Instance tf-pg-psc-81f580c4 has automated backups configured.", - "metadata": { - "event_code": "cloudsql_instance_automated_backups", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Database Instance tf-pg-psc-81f580c4 has automated backups configured.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "6.7" - ], - "SOC2": [ - "cc_7_4", - "cc_7_5" - ], - "ISO27001-2022": [ - "A.8.13" - ], - "ENS-RD2022": [ - "mp.info.6.gcp.bk.1", - "mp.info.6.r2.gcp.bk.1" - ], - "PCI-4.0": [ - "1.5.1.27", - "10.3.2.16", - "10.3.3.1", - "10.3.3.8", - "10.3.3.14", - "10.3.3.20", - "10.3.3.21", - "3.5.1.3.21", - "3.5.1.22", - "3.5.1.23", - "3.5.1.26", - "3.5.1.27", - "6.3.3.10", - "8.3.2.38", - "8.3.2.43", - "8.3.2.44", - "A1.1.2.12", - "A3.4.1.14" - ], - "CIS-2.0": [ - "6.7" - ], - "NIS2": [ - "4.1.1", - "4.1.2.f", - "4.1.2.g", - "4.1.4", - "4.2.2.b", - "4.2.2.e", - "12.1.2.c" - ], - "CIS-4.0": [ - "6.7" - ], - "CCC": [ - "CCC.Core.CN08.AR01", - "CCC.Core.CN14.AR01", - "CCC.Core.CN14.AR02", - "CCC.Core.CN14.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "Ensure That Cloud SQL Database Instances Are Configured With Automated Backups", - "title": "Ensure That Cloud SQL Database Instances Are Configured With Automated Backups", - "types": [], - "uid": "prowler-gcp-cloudsql_instance_automated_backups-nodal-time-474015-p5-us-central1-tf-pg-psc-81f580c4" - }, - "resources": [ - { - "region": "us-central1", - "data": { - "details": "", - "metadata": { - "name": "tf-pg-psc-81f580c4", - "version": "POSTGRES_15", - "ip_addresses": [], - "region": "us-central1", - "public_ip": false, - "authorized_networks": [], - "require_ssl": false, - "ssl_mode": "ALLOW_UNENCRYPTED_AND_ENCRYPTED", - "automated_backups": true, - "flags": [ - { - "name": "autovacuum", - "value": "off" - } - ], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "cloudsql" - }, - "labels": [], - "name": "tf-pg-psc-81f580c4", - "type": "DatabaseInstance", - "uid": "tf-pg-psc-81f580c4" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-central1" - }, - "remediation": { - "desc": "It is recommended to have all SQL database instances set to enable automated backups.", - "references": [ - "https://cloud.google.com/sql/docs/postgres/configure-ssl-instance/" - ] - }, - "risk_details": "Backups provide a way to restore a Cloud SQL instance to recover lost data or recover from a problem with that instance. Automated backups need to be set for any instance that contains data that should be protected from loss or damage. This recommendation is applicable for SQL Server, PostgreSql, MySql generation 1 and MySql generation 2 instances.", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Database Instance tf-pg-psc-81f580c4-replica-test-psc0 does not have automated backups configured.", - "metadata": { - "event_code": "cloudsql_instance_automated_backups", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Database Instance tf-pg-psc-81f580c4-replica-test-psc0 does not have automated backups configured.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "6.7" - ], - "SOC2": [ - "cc_7_4", - "cc_7_5" - ], - "ISO27001-2022": [ - "A.8.13" - ], - "ENS-RD2022": [ - "mp.info.6.gcp.bk.1", - "mp.info.6.r2.gcp.bk.1" - ], - "PCI-4.0": [ - "1.5.1.27", - "10.3.2.16", - "10.3.3.1", - "10.3.3.8", - "10.3.3.14", - "10.3.3.20", - "10.3.3.21", - "3.5.1.3.21", - "3.5.1.22", - "3.5.1.23", - "3.5.1.26", - "3.5.1.27", - "6.3.3.10", - "8.3.2.38", - "8.3.2.43", - "8.3.2.44", - "A1.1.2.12", - "A3.4.1.14" - ], - "CIS-2.0": [ - "6.7" - ], - "NIS2": [ - "4.1.1", - "4.1.2.f", - "4.1.2.g", - "4.1.4", - "4.2.2.b", - "4.2.2.e", - "12.1.2.c" - ], - "CIS-4.0": [ - "6.7" - ], - "CCC": [ - "CCC.Core.CN08.AR01", - "CCC.Core.CN14.AR01", - "CCC.Core.CN14.AR02", - "CCC.Core.CN14.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "Ensure That Cloud SQL Database Instances Are Configured With Automated Backups", - "title": "Ensure That Cloud SQL Database Instances Are Configured With Automated Backups", - "types": [], - "uid": "prowler-gcp-cloudsql_instance_automated_backups-nodal-time-474015-p5-us-central1-tf-pg-psc-81f580c4-replica-test-psc0" - }, - "resources": [ - { - "region": "us-central1", - "data": { - "details": "", - "metadata": { - "name": "tf-pg-psc-81f580c4-replica-test-psc0", - "version": "POSTGRES_15", - "ip_addresses": [], - "region": "us-central1", - "public_ip": false, - "authorized_networks": [], - "require_ssl": false, - "ssl_mode": "ALLOW_UNENCRYPTED_AND_ENCRYPTED", - "automated_backups": false, - "flags": [ - { - "name": "autovacuum", - "value": "off" - } - ], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "cloudsql" - }, - "labels": [], - "name": "tf-pg-psc-81f580c4-replica-test-psc0", - "type": "DatabaseInstance", - "uid": "tf-pg-psc-81f580c4-replica-test-psc0" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-central1" - }, - "remediation": { - "desc": "It is recommended to have all SQL database instances set to enable automated backups.", - "references": [ - "https://cloud.google.com/sql/docs/postgres/configure-ssl-instance/" - ] - }, - "risk_details": "Backups provide a way to restore a Cloud SQL instance to recover lost data or recover from a problem with that instance. Automated backups need to be set for any instance that contains data that should be protected from loss or damage. This recommendation is applicable for SQL Server, PostgreSql, MySql generation 1 and MySql generation 2 instances.", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "PostgreSQL Instance tf-pg-psc-81f580c4 does not have 'cloudsql.enable_pgaudit' flag set to 'on'.", - "metadata": { - "event_code": "cloudsql_instance_postgres_enable_pgaudit_flag", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "PostgreSQL Instance tf-pg-psc-81f580c4 does not have 'cloudsql.enable_pgaudit' flag set to 'on'.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "6.2.8" - ], - "PCI-4.0": [ - "10.2.2.8", - "10.3.1.8", - "10.3.2.2" - ], - "CIS-2.0": [ - "6.2.8" - ], - "ProwlerThreatScore-1.0": [ - "3.1.15" - ], - "CIS-4.0": [ - "6.2.8" - ], - "CCC": [ - "CCC.DataWar.CN03.AR01" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "Ensure That 'cloudsql.enable_pgaudit' Database Flag for each Cloud Sql Postgresql Instance Is Set to 'on' For Centralized Logging", - "title": "Ensure That 'cloudsql.enable_pgaudit' Database Flag for each Cloud Sql Postgresql Instance Is Set to 'on' For Centralized Logging", - "types": [], - "uid": "prowler-gcp-cloudsql_instance_postgres_enable_pgaudit_flag-nodal-time-474015-p5-us-central1-tf-pg-psc-81f580c4" - }, - "resources": [ - { - "region": "us-central1", - "data": { - "details": "", - "metadata": { - "name": "tf-pg-psc-81f580c4", - "version": "POSTGRES_15", - "ip_addresses": [], - "region": "us-central1", - "public_ip": false, - "authorized_networks": [], - "require_ssl": false, - "ssl_mode": "ALLOW_UNENCRYPTED_AND_ENCRYPTED", - "automated_backups": true, - "flags": [ - { - "name": "autovacuum", - "value": "off" - } - ], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "cloudsql" - }, - "labels": [], - "name": "tf-pg-psc-81f580c4", - "type": "DatabaseInstance", - "uid": "tf-pg-psc-81f580c4" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-central1" - }, - "remediation": { - "desc": "As numerous other recommendations in this section consist of turning on flags for logging purposes, your organization will need a way to manage these logs. You may have a solution already in place. If you do not, consider installing and enabling the open source pgaudit extension within PostgreSQL and enabling its corresponding flag of cloudsql.enable_pgaudit. This flag and installing the extension enables database auditing in PostgreSQL through the open-source pgAudit extension. This extension provides detailed session and object logging to comply with government, financial, & ISO standards and provides auditing capabilities to mitigate threats by monitoring security events on the instance. Enabling the flag and settings later in this recommendation will send these logs to Google Logs Explorer so that you can access them in a central location.", - "references": [ - "https://cloud.google.com/sql/docs/postgres/flags" - ] - }, - "risk_details": "Ensure cloudsql.enable_pgaudit database flag for Cloud SQL PostgreSQL instance is set to on to allow for centralized logging.", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "PostgreSQL Instance tf-pg-psc-81f580c4-replica-test-psc0 does not have 'cloudsql.enable_pgaudit' flag set to 'on'.", - "metadata": { - "event_code": "cloudsql_instance_postgres_enable_pgaudit_flag", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "PostgreSQL Instance tf-pg-psc-81f580c4-replica-test-psc0 does not have 'cloudsql.enable_pgaudit' flag set to 'on'.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "6.2.8" - ], - "PCI-4.0": [ - "10.2.2.8", - "10.3.1.8", - "10.3.2.2" - ], - "CIS-2.0": [ - "6.2.8" - ], - "ProwlerThreatScore-1.0": [ - "3.1.15" - ], - "CIS-4.0": [ - "6.2.8" - ], - "CCC": [ - "CCC.DataWar.CN03.AR01" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "Ensure That 'cloudsql.enable_pgaudit' Database Flag for each Cloud Sql Postgresql Instance Is Set to 'on' For Centralized Logging", - "title": "Ensure That 'cloudsql.enable_pgaudit' Database Flag for each Cloud Sql Postgresql Instance Is Set to 'on' For Centralized Logging", - "types": [], - "uid": "prowler-gcp-cloudsql_instance_postgres_enable_pgaudit_flag-nodal-time-474015-p5-us-central1-tf-pg-psc-81f580c4-replica-test-psc0" - }, - "resources": [ - { - "region": "us-central1", - "data": { - "details": "", - "metadata": { - "name": "tf-pg-psc-81f580c4-replica-test-psc0", - "version": "POSTGRES_15", - "ip_addresses": [], - "region": "us-central1", - "public_ip": false, - "authorized_networks": [], - "require_ssl": false, - "ssl_mode": "ALLOW_UNENCRYPTED_AND_ENCRYPTED", - "automated_backups": false, - "flags": [ - { - "name": "autovacuum", - "value": "off" - } - ], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "cloudsql" - }, - "labels": [], - "name": "tf-pg-psc-81f580c4-replica-test-psc0", - "type": "DatabaseInstance", - "uid": "tf-pg-psc-81f580c4-replica-test-psc0" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-central1" - }, - "remediation": { - "desc": "As numerous other recommendations in this section consist of turning on flags for logging purposes, your organization will need a way to manage these logs. You may have a solution already in place. If you do not, consider installing and enabling the open source pgaudit extension within PostgreSQL and enabling its corresponding flag of cloudsql.enable_pgaudit. This flag and installing the extension enables database auditing in PostgreSQL through the open-source pgAudit extension. This extension provides detailed session and object logging to comply with government, financial, & ISO standards and provides auditing capabilities to mitigate threats by monitoring security events on the instance. Enabling the flag and settings later in this recommendation will send these logs to Google Logs Explorer so that you can access them in a central location.", - "references": [ - "https://cloud.google.com/sql/docs/postgres/flags" - ] - }, - "risk_details": "Ensure cloudsql.enable_pgaudit database flag for Cloud SQL PostgreSQL instance is set to on to allow for centralized logging.", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "PostgreSQL Instance tf-pg-psc-81f580c4 does not have 'log_connections' flag set to 'on'.", - "metadata": { - "event_code": "cloudsql_instance_postgres_log_connections_flag", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "PostgreSQL Instance tf-pg-psc-81f580c4 does not have 'log_connections' flag set to 'on'.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "6.2.2" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16" - ], - "ENS-RD2022": [ - "op.ext.4.gcp.acc.1" - ], - "PCI-4.0": [ - "10.2.1.1.12", - "10.2.1.1.23", - "10.2.1.1.25", - "10.2.1.1.26", - "10.2.1.2.20", - "10.2.1.2.22", - "10.2.1.2.23", - "10.2.1.3.22", - "10.2.1.3.23", - "10.2.1.4.20", - "10.2.1.4.22", - "10.2.1.4.23", - "10.2.1.5.20", - "10.2.1.5.22", - "10.2.1.5.23", - "10.2.1.6.20", - "10.2.1.6.22", - "10.2.1.6.23", - "10.2.1.7.20", - "10.2.1.7.22", - "10.2.1.7.23", - "10.2.1.10", - "10.2.1.22", - "10.2.1.23", - "10.2.2.22", - "10.2.2.23", - "10.3.1.10", - "10.3.1.22", - "10.3.1.23", - "10.3.3.4", - "10.6.3.25", - "10.6.3.28", - "10.6.3.29", - "5.3.4.23", - "5.3.4.27", - "5.3.4.28", - "A1.2.1.26", - "A1.2.1.27" - ], - "CIS-2.0": [ - "6.2.2" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.2.3.d", - "3.2.3.e", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.9" - ], - "CIS-4.0": [ - "6.2.2" - ], - "CCC": [ - "CCC.DataWar.CN03.AR01" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "Ensure That the Log_connections Database Flag for Cloud SQL PostgreSQL Instance Is Set to On", - "title": "Ensure That the Log_connections Database Flag for Cloud SQL PostgreSQL Instance Is Set to On", - "types": [], - "uid": "prowler-gcp-cloudsql_instance_postgres_log_connections_flag-nodal-time-474015-p5-us-central1-tf-pg-psc-81f580c4" - }, - "resources": [ - { - "region": "us-central1", - "data": { - "details": "", - "metadata": { - "name": "tf-pg-psc-81f580c4", - "version": "POSTGRES_15", - "ip_addresses": [], - "region": "us-central1", - "public_ip": false, - "authorized_networks": [], - "require_ssl": false, - "ssl_mode": "ALLOW_UNENCRYPTED_AND_ENCRYPTED", - "automated_backups": true, - "flags": [ - { - "name": "autovacuum", - "value": "off" - } - ], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "cloudsql" - }, - "labels": [], - "name": "tf-pg-psc-81f580c4", - "type": "DatabaseInstance", - "uid": "tf-pg-psc-81f580c4" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-central1" - }, - "remediation": { - "desc": "PostgreSQL does not log attempted connections by default. Enabling the log_connections setting will create log entries for each attempted connection as well as successful completion of client authentication which can be useful in troubleshooting issues and to determine any unusual connection attempts to the server.", - "references": [ - "https://cloud.google.com/sql/docs/postgres/flags" - ] - }, - "risk_details": "Enabling the log_connections setting causes each attempted connection to the server to be logged, along with successful completion of client authentication. This parameter cannot be changed after the session starts.", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "PostgreSQL Instance tf-pg-psc-81f580c4-replica-test-psc0 does not have 'log_connections' flag set to 'on'.", - "metadata": { - "event_code": "cloudsql_instance_postgres_log_connections_flag", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "PostgreSQL Instance tf-pg-psc-81f580c4-replica-test-psc0 does not have 'log_connections' flag set to 'on'.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "6.2.2" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16" - ], - "ENS-RD2022": [ - "op.ext.4.gcp.acc.1" - ], - "PCI-4.0": [ - "10.2.1.1.12", - "10.2.1.1.23", - "10.2.1.1.25", - "10.2.1.1.26", - "10.2.1.2.20", - "10.2.1.2.22", - "10.2.1.2.23", - "10.2.1.3.22", - "10.2.1.3.23", - "10.2.1.4.20", - "10.2.1.4.22", - "10.2.1.4.23", - "10.2.1.5.20", - "10.2.1.5.22", - "10.2.1.5.23", - "10.2.1.6.20", - "10.2.1.6.22", - "10.2.1.6.23", - "10.2.1.7.20", - "10.2.1.7.22", - "10.2.1.7.23", - "10.2.1.10", - "10.2.1.22", - "10.2.1.23", - "10.2.2.22", - "10.2.2.23", - "10.3.1.10", - "10.3.1.22", - "10.3.1.23", - "10.3.3.4", - "10.6.3.25", - "10.6.3.28", - "10.6.3.29", - "5.3.4.23", - "5.3.4.27", - "5.3.4.28", - "A1.2.1.26", - "A1.2.1.27" - ], - "CIS-2.0": [ - "6.2.2" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.2.3.d", - "3.2.3.e", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.9" - ], - "CIS-4.0": [ - "6.2.2" - ], - "CCC": [ - "CCC.DataWar.CN03.AR01" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "Ensure That the Log_connections Database Flag for Cloud SQL PostgreSQL Instance Is Set to On", - "title": "Ensure That the Log_connections Database Flag for Cloud SQL PostgreSQL Instance Is Set to On", - "types": [], - "uid": "prowler-gcp-cloudsql_instance_postgres_log_connections_flag-nodal-time-474015-p5-us-central1-tf-pg-psc-81f580c4-replica-test-psc0" - }, - "resources": [ - { - "region": "us-central1", - "data": { - "details": "", - "metadata": { - "name": "tf-pg-psc-81f580c4-replica-test-psc0", - "version": "POSTGRES_15", - "ip_addresses": [], - "region": "us-central1", - "public_ip": false, - "authorized_networks": [], - "require_ssl": false, - "ssl_mode": "ALLOW_UNENCRYPTED_AND_ENCRYPTED", - "automated_backups": false, - "flags": [ - { - "name": "autovacuum", - "value": "off" - } - ], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "cloudsql" - }, - "labels": [], - "name": "tf-pg-psc-81f580c4-replica-test-psc0", - "type": "DatabaseInstance", - "uid": "tf-pg-psc-81f580c4-replica-test-psc0" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-central1" - }, - "remediation": { - "desc": "PostgreSQL does not log attempted connections by default. Enabling the log_connections setting will create log entries for each attempted connection as well as successful completion of client authentication which can be useful in troubleshooting issues and to determine any unusual connection attempts to the server.", - "references": [ - "https://cloud.google.com/sql/docs/postgres/flags" - ] - }, - "risk_details": "Enabling the log_connections setting causes each attempted connection to the server to be logged, along with successful completion of client authentication. This parameter cannot be changed after the session starts.", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "PostgreSQL Instance tf-pg-psc-81f580c4 does not have 'log_disconnections' flag set to 'on'.", - "metadata": { - "event_code": "cloudsql_instance_postgres_log_disconnections_flag", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "PostgreSQL Instance tf-pg-psc-81f580c4 does not have 'log_disconnections' flag set to 'on'.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "6.2.3" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16" - ], - "ENS-RD2022": [ - "op.ext.4.gcp.acc.1" - ], - "PCI-4.0": [ - "10.2.1.1.26", - "10.2.1.2.22", - "10.2.1.2.23", - "10.2.1.3.23", - "10.2.1.4.22", - "10.2.1.4.23", - "10.2.1.5.23", - "10.2.1.6.23", - "10.2.1.7.23", - "10.2.1.22", - "10.2.1.23", - "10.2.2.23", - "10.3.1.23", - "10.6.3.29", - "5.3.4.27", - "5.3.4.28", - "A1.2.1.27" - ], - "CIS-2.0": [ - "6.2.3" - ], - "NIS2": [ - "3.2.1", - "3.2.3.d", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.10" - ], - "CIS-4.0": [ - "6.2.3" - ], - "CCC": [ - "CCC.DataWar.CN03.AR01" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "Ensure That the log_disconnections Database Flag for Cloud SQL PostgreSQL Instance Is Set to On", - "title": "Ensure That the log_disconnections Database Flag for Cloud SQL PostgreSQL Instance Is Set to On", - "types": [], - "uid": "prowler-gcp-cloudsql_instance_postgres_log_disconnections_flag-nodal-time-474015-p5-us-central1-tf-pg-psc-81f580c4" - }, - "resources": [ - { - "region": "us-central1", - "data": { - "details": "", - "metadata": { - "name": "tf-pg-psc-81f580c4", - "version": "POSTGRES_15", - "ip_addresses": [], - "region": "us-central1", - "public_ip": false, - "authorized_networks": [], - "require_ssl": false, - "ssl_mode": "ALLOW_UNENCRYPTED_AND_ENCRYPTED", - "automated_backups": true, - "flags": [ - { - "name": "autovacuum", - "value": "off" - } - ], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "cloudsql" - }, - "labels": [], - "name": "tf-pg-psc-81f580c4", - "type": "DatabaseInstance", - "uid": "tf-pg-psc-81f580c4" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-central1" - }, - "remediation": { - "desc": "Enabling the log_disconnections setting logs the end of each session, including the session duration.", - "references": [ - "https://cloud.google.com/sql/docs/postgres/flags" - ] - }, - "risk_details": "PostgreSQL does not log session details such as duration and session end by default. Enabling the log_disconnections setting will create log entries at the end of each session which can be useful in troubleshooting issues and determine any unusual activity across a time period.", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "PostgreSQL Instance tf-pg-psc-81f580c4-replica-test-psc0 does not have 'log_disconnections' flag set to 'on'.", - "metadata": { - "event_code": "cloudsql_instance_postgres_log_disconnections_flag", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "PostgreSQL Instance tf-pg-psc-81f580c4-replica-test-psc0 does not have 'log_disconnections' flag set to 'on'.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "6.2.3" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16" - ], - "ENS-RD2022": [ - "op.ext.4.gcp.acc.1" - ], - "PCI-4.0": [ - "10.2.1.1.26", - "10.2.1.2.22", - "10.2.1.2.23", - "10.2.1.3.23", - "10.2.1.4.22", - "10.2.1.4.23", - "10.2.1.5.23", - "10.2.1.6.23", - "10.2.1.7.23", - "10.2.1.22", - "10.2.1.23", - "10.2.2.23", - "10.3.1.23", - "10.6.3.29", - "5.3.4.27", - "5.3.4.28", - "A1.2.1.27" - ], - "CIS-2.0": [ - "6.2.3" - ], - "NIS2": [ - "3.2.1", - "3.2.3.d", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.10" - ], - "CIS-4.0": [ - "6.2.3" - ], - "CCC": [ - "CCC.DataWar.CN03.AR01" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "Ensure That the log_disconnections Database Flag for Cloud SQL PostgreSQL Instance Is Set to On", - "title": "Ensure That the log_disconnections Database Flag for Cloud SQL PostgreSQL Instance Is Set to On", - "types": [], - "uid": "prowler-gcp-cloudsql_instance_postgres_log_disconnections_flag-nodal-time-474015-p5-us-central1-tf-pg-psc-81f580c4-replica-test-psc0" - }, - "resources": [ - { - "region": "us-central1", - "data": { - "details": "", - "metadata": { - "name": "tf-pg-psc-81f580c4-replica-test-psc0", - "version": "POSTGRES_15", - "ip_addresses": [], - "region": "us-central1", - "public_ip": false, - "authorized_networks": [], - "require_ssl": false, - "ssl_mode": "ALLOW_UNENCRYPTED_AND_ENCRYPTED", - "automated_backups": false, - "flags": [ - { - "name": "autovacuum", - "value": "off" - } - ], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "cloudsql" - }, - "labels": [], - "name": "tf-pg-psc-81f580c4-replica-test-psc0", - "type": "DatabaseInstance", - "uid": "tf-pg-psc-81f580c4-replica-test-psc0" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-central1" - }, - "remediation": { - "desc": "Enabling the log_disconnections setting logs the end of each session, including the session duration.", - "references": [ - "https://cloud.google.com/sql/docs/postgres/flags" - ] - }, - "risk_details": "PostgreSQL does not log session details such as duration and session end by default. Enabling the log_disconnections setting will create log entries at the end of each session which can be useful in troubleshooting issues and determine any unusual activity across a time period.", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "PostgreSQL Instance tf-pg-psc-81f580c4 has 'log_error_verbosity' flag set to 'default'.", - "metadata": { - "event_code": "cloudsql_instance_postgres_log_error_verbosity_flag", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "PostgreSQL Instance tf-pg-psc-81f580c4 has 'log_error_verbosity' flag set to 'default'.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "6.2.1" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16" - ], - "PCI-4.0": [ - "10.2.1.1.12", - "10.2.1.1.23", - "10.2.1.2.20", - "10.2.1.4.20", - "10.2.1.5.20", - "10.2.1.6.20", - "10.2.1.6.22", - "10.2.1.7.10", - "10.2.1.7.20", - "10.2.1.10", - "10.3.1.10", - "10.3.1.22", - "10.6.3.12", - "10.6.3.25", - "5.3.4.23", - "5.3.4.28", - "A1.2.1.26" - ], - "CIS-2.0": [ - "6.2.1" - ], - "NIS2": [ - "3.2.1", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "CIS-4.0": [ - "6.2.1" - ], - "CCC": [ - "CCC.DataWar.CN03.AR01" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "Ensure Log_error_verbosity Database Flag for Cloud SQL PostgreSQL Instance Is Set to DEFAULT or Stricter", - "title": "Ensure Log_error_verbosity Database Flag for Cloud SQL PostgreSQL Instance Is Set to DEFAULT or Stricter", - "types": [], - "uid": "prowler-gcp-cloudsql_instance_postgres_log_error_verbosity_flag-nodal-time-474015-p5-us-central1-tf-pg-psc-81f580c4" - }, - "resources": [ - { - "region": "us-central1", - "data": { - "details": "", - "metadata": { - "name": "tf-pg-psc-81f580c4", - "version": "POSTGRES_15", - "ip_addresses": [], - "region": "us-central1", - "public_ip": false, - "authorized_networks": [], - "require_ssl": false, - "ssl_mode": "ALLOW_UNENCRYPTED_AND_ENCRYPTED", - "automated_backups": true, - "flags": [ - { - "name": "autovacuum", - "value": "off" - } - ], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "cloudsql" - }, - "labels": [], - "name": "tf-pg-psc-81f580c4", - "type": "DatabaseInstance", - "uid": "tf-pg-psc-81f580c4" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-central1" - }, - "remediation": { - "desc": "Auditing helps in troubleshooting operational problems and also permits forensic analysis. If log_error_verbosity is not set to the correct value, too many details or too few details may be logged. This flag should be configured with a value of 'DEFAULT' or stricter. This recommendation is applicable to PostgreSQL database instances.", - "references": [ - "https://cloud.google.com/sql/docs/postgres/flags" - ] - }, - "risk_details": "The log_error_verbosity flag controls the verbosity/details of messages logged.TERSE excludes the logging of DETAIL, HINT, QUERY, and CONTEXT error information. VERBOSE output includes the SQLSTATE error code, source code file name, function name, and line number that generated the error. Ensure an appropriate value is set to 'DEFAULT' or stricter.", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "PostgreSQL Instance tf-pg-psc-81f580c4-replica-test-psc0 has 'log_error_verbosity' flag set to 'default'.", - "metadata": { - "event_code": "cloudsql_instance_postgres_log_error_verbosity_flag", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "PostgreSQL Instance tf-pg-psc-81f580c4-replica-test-psc0 has 'log_error_verbosity' flag set to 'default'.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "6.2.1" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16" - ], - "PCI-4.0": [ - "10.2.1.1.12", - "10.2.1.1.23", - "10.2.1.2.20", - "10.2.1.4.20", - "10.2.1.5.20", - "10.2.1.6.20", - "10.2.1.6.22", - "10.2.1.7.10", - "10.2.1.7.20", - "10.2.1.10", - "10.3.1.10", - "10.3.1.22", - "10.6.3.12", - "10.6.3.25", - "5.3.4.23", - "5.3.4.28", - "A1.2.1.26" - ], - "CIS-2.0": [ - "6.2.1" - ], - "NIS2": [ - "3.2.1", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "CIS-4.0": [ - "6.2.1" - ], - "CCC": [ - "CCC.DataWar.CN03.AR01" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "Ensure Log_error_verbosity Database Flag for Cloud SQL PostgreSQL Instance Is Set to DEFAULT or Stricter", - "title": "Ensure Log_error_verbosity Database Flag for Cloud SQL PostgreSQL Instance Is Set to DEFAULT or Stricter", - "types": [], - "uid": "prowler-gcp-cloudsql_instance_postgres_log_error_verbosity_flag-nodal-time-474015-p5-us-central1-tf-pg-psc-81f580c4-replica-test-psc0" - }, - "resources": [ - { - "region": "us-central1", - "data": { - "details": "", - "metadata": { - "name": "tf-pg-psc-81f580c4-replica-test-psc0", - "version": "POSTGRES_15", - "ip_addresses": [], - "region": "us-central1", - "public_ip": false, - "authorized_networks": [], - "require_ssl": false, - "ssl_mode": "ALLOW_UNENCRYPTED_AND_ENCRYPTED", - "automated_backups": false, - "flags": [ - { - "name": "autovacuum", - "value": "off" - } - ], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "cloudsql" - }, - "labels": [], - "name": "tf-pg-psc-81f580c4-replica-test-psc0", - "type": "DatabaseInstance", - "uid": "tf-pg-psc-81f580c4-replica-test-psc0" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-central1" - }, - "remediation": { - "desc": "Auditing helps in troubleshooting operational problems and also permits forensic analysis. If log_error_verbosity is not set to the correct value, too many details or too few details may be logged. This flag should be configured with a value of 'DEFAULT' or stricter. This recommendation is applicable to PostgreSQL database instances.", - "references": [ - "https://cloud.google.com/sql/docs/postgres/flags" - ] - }, - "risk_details": "The log_error_verbosity flag controls the verbosity/details of messages logged.TERSE excludes the logging of DETAIL, HINT, QUERY, and CONTEXT error information. VERBOSE output includes the SQLSTATE error code, source code file name, function name, and line number that generated the error. Ensure an appropriate value is set to 'DEFAULT' or stricter.", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "PostgreSQL Instance tf-pg-psc-81f580c4 has 'log_min_duration_statement' flag set to '-1'.", - "metadata": { - "event_code": "cloudsql_instance_postgres_log_min_duration_statement_flag", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "PostgreSQL Instance tf-pg-psc-81f580c4 has 'log_min_duration_statement' flag set to '-1'.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "6.2.7" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16" - ], - "CIS-2.0": [ - "6.2.7" - ], - "NIS2": [ - "3.2.1", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.14" - ], - "CIS-4.0": [ - "6.2.7" - ], - "CCC": [ - "CCC.DataWar.CN03.AR01" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "Ensure that the Log_min_duration_statement Flag for a Cloud SQL PostgreSQL Instance Is Set to -1", - "title": "Ensure that the Log_min_duration_statement Flag for a Cloud SQL PostgreSQL Instance Is Set to -1", - "types": [], - "uid": "prowler-gcp-cloudsql_instance_postgres_log_min_duration_statement_flag-nodal-time-474015-p5-us-central1-tf-pg-psc-81f580c4" - }, - "resources": [ - { - "region": "us-central1", - "data": { - "details": "", - "metadata": { - "name": "tf-pg-psc-81f580c4", - "version": "POSTGRES_15", - "ip_addresses": [], - "region": "us-central1", - "public_ip": false, - "authorized_networks": [], - "require_ssl": false, - "ssl_mode": "ALLOW_UNENCRYPTED_AND_ENCRYPTED", - "automated_backups": true, - "flags": [ - { - "name": "autovacuum", - "value": "off" - } - ], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "cloudsql" - }, - "labels": [], - "name": "tf-pg-psc-81f580c4", - "type": "DatabaseInstance", - "uid": "tf-pg-psc-81f580c4" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-central1" - }, - "remediation": { - "desc": "Logging SQL statements may include sensitive information that should not be recorded in logs. This recommendation is applicable to PostgreSQL database instances.", - "references": [ - "https://cloud.google.com/sql/docs/postgres/flags" - ] - }, - "risk_details": "The log_min_duration_statement flag defines the minimum amount of execution time of a statement in milliseconds where the total duration of the statement is logged. Ensure that log_min_duration_statement is disabled, i.e., a value of -1 is set.", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "PostgreSQL Instance tf-pg-psc-81f580c4-replica-test-psc0 has 'log_min_duration_statement' flag set to '-1'.", - "metadata": { - "event_code": "cloudsql_instance_postgres_log_min_duration_statement_flag", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "PostgreSQL Instance tf-pg-psc-81f580c4-replica-test-psc0 has 'log_min_duration_statement' flag set to '-1'.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "6.2.7" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16" - ], - "CIS-2.0": [ - "6.2.7" - ], - "NIS2": [ - "3.2.1", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.14" - ], - "CIS-4.0": [ - "6.2.7" - ], - "CCC": [ - "CCC.DataWar.CN03.AR01" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "Ensure that the Log_min_duration_statement Flag for a Cloud SQL PostgreSQL Instance Is Set to -1", - "title": "Ensure that the Log_min_duration_statement Flag for a Cloud SQL PostgreSQL Instance Is Set to -1", - "types": [], - "uid": "prowler-gcp-cloudsql_instance_postgres_log_min_duration_statement_flag-nodal-time-474015-p5-us-central1-tf-pg-psc-81f580c4-replica-test-psc0" - }, - "resources": [ - { - "region": "us-central1", - "data": { - "details": "", - "metadata": { - "name": "tf-pg-psc-81f580c4-replica-test-psc0", - "version": "POSTGRES_15", - "ip_addresses": [], - "region": "us-central1", - "public_ip": false, - "authorized_networks": [], - "require_ssl": false, - "ssl_mode": "ALLOW_UNENCRYPTED_AND_ENCRYPTED", - "automated_backups": false, - "flags": [ - { - "name": "autovacuum", - "value": "off" - } - ], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "cloudsql" - }, - "labels": [], - "name": "tf-pg-psc-81f580c4-replica-test-psc0", - "type": "DatabaseInstance", - "uid": "tf-pg-psc-81f580c4-replica-test-psc0" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-central1" - }, - "remediation": { - "desc": "Logging SQL statements may include sensitive information that should not be recorded in logs. This recommendation is applicable to PostgreSQL database instances.", - "references": [ - "https://cloud.google.com/sql/docs/postgres/flags" - ] - }, - "risk_details": "The log_min_duration_statement flag defines the minimum amount of execution time of a statement in milliseconds where the total duration of the statement is logged. Ensure that log_min_duration_statement is disabled, i.e., a value of -1 is set.", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "PostgreSQL Instance tf-pg-psc-81f580c4 has 'log_min_error_statement' flag set minimum to 'error'.", - "metadata": { - "event_code": "cloudsql_instance_postgres_log_min_error_statement_flag", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "PostgreSQL Instance tf-pg-psc-81f580c4 has 'log_min_error_statement' flag set minimum to 'error'.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "6.2.6" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16" - ], - "PCI-4.0": [ - "10.2.1.1.12", - "10.2.1.1.23", - "10.2.1.1.25", - "10.2.1.1.26", - "10.2.1.2.20", - "10.2.1.2.22", - "10.2.1.2.23", - "10.2.1.3.23", - "10.2.1.4.10", - "10.2.1.4.20", - "10.2.1.4.22", - "10.2.1.4.23", - "10.2.1.5.10", - "10.2.1.5.20", - "10.2.1.5.22", - "10.2.1.5.23", - "10.2.1.6.20", - "10.2.1.6.22", - "10.2.1.6.23", - "10.2.1.7.10", - "10.2.1.7.20", - "10.2.1.7.22", - "10.2.1.7.23", - "10.2.1.10", - "10.2.1.22", - "10.2.1.23", - "10.2.2.15", - "10.2.2.22", - "10.2.2.23", - "10.3.1.10", - "10.3.1.22", - "10.3.1.23", - "10.3.2.2", - "10.3.3.4", - "10.3.4.3", - "10.6.3.12", - "10.6.3.25", - "10.6.3.28", - "10.6.3.29", - "5.3.4.8", - "5.3.4.23", - "5.3.4.27", - "A1.2.1.26", - "A1.2.1.27" - ], - "CIS-2.0": [ - "6.2.6" - ], - "NIS2": [ - "3.2.1", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.13" - ], - "CIS-4.0": [ - "6.2.6" - ], - "CCC": [ - "CCC.DataWar.CN03.AR01" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "Ensure that the Log_min_error_statement Flag for a Cloud SQL PostgreSQL Instance Is Set Appropriately", - "title": "Ensure that the Log_min_error_statement Flag for a Cloud SQL PostgreSQL Instance Is Set Appropriately", - "types": [], - "uid": "prowler-gcp-cloudsql_instance_postgres_log_min_error_statement_flag-nodal-time-474015-p5-us-central1-tf-pg-psc-81f580c4" - }, - "resources": [ - { - "region": "us-central1", - "data": { - "details": "", - "metadata": { - "name": "tf-pg-psc-81f580c4", - "version": "POSTGRES_15", - "ip_addresses": [], - "region": "us-central1", - "public_ip": false, - "authorized_networks": [], - "require_ssl": false, - "ssl_mode": "ALLOW_UNENCRYPTED_AND_ENCRYPTED", - "automated_backups": true, - "flags": [ - { - "name": "autovacuum", - "value": "off" - } - ], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "cloudsql" - }, - "labels": [], - "name": "tf-pg-psc-81f580c4", - "type": "DatabaseInstance", - "uid": "tf-pg-psc-81f580c4" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-central1" - }, - "remediation": { - "desc": "Auditing helps in troubleshooting operational problems and also permits forensic analysis. If log_min_error_statement is not set to the correct value, messages may not be classified as error messages appropriately. Considering general log messages as error messages would make is difficult to find actual errors and considering only stricter severity levels as error messages may skip actual errors to log their SQL statements. The log_min_error_statement flag should be set to ERROR or stricter.", - "references": [ - "https://cloud.google.com/sql/docs/postgres/flags" - ] - }, - "risk_details": "The log_min_error_statement flag defines the minimum message severity level that are considered as an error statement. Messages for error statements are logged with the SQL statement. Valid values include DEBUG5, DEBUG4, DEBUG3, DEBUG2, DEBUG1, INFO, NOTICE, WARNING, ERROR, LOG, FATAL, and PANIC. Each severity level includes the subsequent levels mentioned above. Ensure a value of ERROR or stricter is set.", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "PostgreSQL Instance tf-pg-psc-81f580c4-replica-test-psc0 has 'log_min_error_statement' flag set minimum to 'error'.", - "metadata": { - "event_code": "cloudsql_instance_postgres_log_min_error_statement_flag", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "PostgreSQL Instance tf-pg-psc-81f580c4-replica-test-psc0 has 'log_min_error_statement' flag set minimum to 'error'.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "6.2.6" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16" - ], - "PCI-4.0": [ - "10.2.1.1.12", - "10.2.1.1.23", - "10.2.1.1.25", - "10.2.1.1.26", - "10.2.1.2.20", - "10.2.1.2.22", - "10.2.1.2.23", - "10.2.1.3.23", - "10.2.1.4.10", - "10.2.1.4.20", - "10.2.1.4.22", - "10.2.1.4.23", - "10.2.1.5.10", - "10.2.1.5.20", - "10.2.1.5.22", - "10.2.1.5.23", - "10.2.1.6.20", - "10.2.1.6.22", - "10.2.1.6.23", - "10.2.1.7.10", - "10.2.1.7.20", - "10.2.1.7.22", - "10.2.1.7.23", - "10.2.1.10", - "10.2.1.22", - "10.2.1.23", - "10.2.2.15", - "10.2.2.22", - "10.2.2.23", - "10.3.1.10", - "10.3.1.22", - "10.3.1.23", - "10.3.2.2", - "10.3.3.4", - "10.3.4.3", - "10.6.3.12", - "10.6.3.25", - "10.6.3.28", - "10.6.3.29", - "5.3.4.8", - "5.3.4.23", - "5.3.4.27", - "A1.2.1.26", - "A1.2.1.27" - ], - "CIS-2.0": [ - "6.2.6" - ], - "NIS2": [ - "3.2.1", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.13" - ], - "CIS-4.0": [ - "6.2.6" - ], - "CCC": [ - "CCC.DataWar.CN03.AR01" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "Ensure that the Log_min_error_statement Flag for a Cloud SQL PostgreSQL Instance Is Set Appropriately", - "title": "Ensure that the Log_min_error_statement Flag for a Cloud SQL PostgreSQL Instance Is Set Appropriately", - "types": [], - "uid": "prowler-gcp-cloudsql_instance_postgres_log_min_error_statement_flag-nodal-time-474015-p5-us-central1-tf-pg-psc-81f580c4-replica-test-psc0" - }, - "resources": [ - { - "region": "us-central1", - "data": { - "details": "", - "metadata": { - "name": "tf-pg-psc-81f580c4-replica-test-psc0", - "version": "POSTGRES_15", - "ip_addresses": [], - "region": "us-central1", - "public_ip": false, - "authorized_networks": [], - "require_ssl": false, - "ssl_mode": "ALLOW_UNENCRYPTED_AND_ENCRYPTED", - "automated_backups": false, - "flags": [ - { - "name": "autovacuum", - "value": "off" - } - ], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "cloudsql" - }, - "labels": [], - "name": "tf-pg-psc-81f580c4-replica-test-psc0", - "type": "DatabaseInstance", - "uid": "tf-pg-psc-81f580c4-replica-test-psc0" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-central1" - }, - "remediation": { - "desc": "Auditing helps in troubleshooting operational problems and also permits forensic analysis. If log_min_error_statement is not set to the correct value, messages may not be classified as error messages appropriately. Considering general log messages as error messages would make is difficult to find actual errors and considering only stricter severity levels as error messages may skip actual errors to log their SQL statements. The log_min_error_statement flag should be set to ERROR or stricter.", - "references": [ - "https://cloud.google.com/sql/docs/postgres/flags" - ] - }, - "risk_details": "The log_min_error_statement flag defines the minimum message severity level that are considered as an error statement. Messages for error statements are logged with the SQL statement. Valid values include DEBUG5, DEBUG4, DEBUG3, DEBUG2, DEBUG1, INFO, NOTICE, WARNING, ERROR, LOG, FATAL, and PANIC. Each severity level includes the subsequent levels mentioned above. Ensure a value of ERROR or stricter is set.", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "PostgreSQL Instance tf-pg-psc-81f580c4 does not have 'log_min_messages' flag set.", - "metadata": { - "event_code": "cloudsql_instance_postgres_log_min_messages_flag", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "PostgreSQL Instance tf-pg-psc-81f580c4 does not have 'log_min_messages' flag set.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "6.2.5" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16" - ], - "PCI-4.0": [ - "10.2.1.1.12", - "10.2.1.1.26", - "10.2.1.2.22", - "10.2.1.2.23", - "10.2.1.3.23", - "10.2.1.4.10", - "10.2.1.4.22", - "10.2.1.4.23", - "10.2.1.5.10", - "10.2.1.5.23", - "10.2.1.6.23", - "10.2.1.7.10", - "10.2.1.7.20", - "10.2.1.7.23", - "10.2.1.10", - "10.2.1.22", - "10.2.1.23", - "10.2.2.15", - "10.2.2.23", - "10.3.1.10", - "10.3.1.22", - "10.3.1.23", - "10.6.3.12", - "10.6.3.29", - "5.3.4.27", - "5.3.4.28", - "A1.2.1.26", - "A1.2.1.27" - ], - "CIS-2.0": [ - "6.2.5" - ], - "NIS2": [ - "3.2.1", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.12" - ], - "CIS-4.0": [ - "6.2.5" - ], - "CCC": [ - "CCC.DataWar.CN03.AR01" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "Ensure that the Log_min_messages Flag for a Cloud SQL PostgreSQL Instance Is Set Appropriately", - "title": "Ensure that the Log_min_messages Flag for a Cloud SQL PostgreSQL Instance Is Set Appropriately", - "types": [], - "uid": "prowler-gcp-cloudsql_instance_postgres_log_min_messages_flag-nodal-time-474015-p5-us-central1-tf-pg-psc-81f580c4" - }, - "resources": [ - { - "region": "us-central1", - "data": { - "details": "", - "metadata": { - "name": "tf-pg-psc-81f580c4", - "version": "POSTGRES_15", - "ip_addresses": [], - "region": "us-central1", - "public_ip": false, - "authorized_networks": [], - "require_ssl": false, - "ssl_mode": "ALLOW_UNENCRYPTED_AND_ENCRYPTED", - "automated_backups": true, - "flags": [ - { - "name": "autovacuum", - "value": "off" - } - ], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "cloudsql" - }, - "labels": [], - "name": "tf-pg-psc-81f580c4", - "type": "DatabaseInstance", - "uid": "tf-pg-psc-81f580c4" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-central1" - }, - "remediation": { - "desc": "The log_min_messages flag defines the minimum message severity level that is considered as an error statement. Messages for error statements are logged with the SQL statement. Valid values include DEBUG5, DEBUG4, DEBUG3, DEBUG2, DEBUG1, INFO, NOTICE, WARNING, ERROR, LOG, FATAL, and PANIC. Each severity level includes the subsequent levels mentioned above. ERROR is considered the best practice setting. Changes should only be made in accordance with the organization's logging policy.", - "references": [ - "https://cloud.google.com/sql/docs/postgres/flags" - ] - }, - "risk_details": "Auditing helps in troubleshooting operational problems and also permits forensic analysis. If log_min_messages is not set to the correct value, messages may not be classified as error messages appropriately. An organization will need to decide their own threshold for logging log_min_messages flag.", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "PostgreSQL Instance tf-pg-psc-81f580c4-replica-test-psc0 does not have 'log_min_messages' flag set.", - "metadata": { - "event_code": "cloudsql_instance_postgres_log_min_messages_flag", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "PostgreSQL Instance tf-pg-psc-81f580c4-replica-test-psc0 does not have 'log_min_messages' flag set.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "6.2.5" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16" - ], - "PCI-4.0": [ - "10.2.1.1.12", - "10.2.1.1.26", - "10.2.1.2.22", - "10.2.1.2.23", - "10.2.1.3.23", - "10.2.1.4.10", - "10.2.1.4.22", - "10.2.1.4.23", - "10.2.1.5.10", - "10.2.1.5.23", - "10.2.1.6.23", - "10.2.1.7.10", - "10.2.1.7.20", - "10.2.1.7.23", - "10.2.1.10", - "10.2.1.22", - "10.2.1.23", - "10.2.2.15", - "10.2.2.23", - "10.3.1.10", - "10.3.1.22", - "10.3.1.23", - "10.6.3.12", - "10.6.3.29", - "5.3.4.27", - "5.3.4.28", - "A1.2.1.26", - "A1.2.1.27" - ], - "CIS-2.0": [ - "6.2.5" - ], - "NIS2": [ - "3.2.1", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.12" - ], - "CIS-4.0": [ - "6.2.5" - ], - "CCC": [ - "CCC.DataWar.CN03.AR01" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "Ensure that the Log_min_messages Flag for a Cloud SQL PostgreSQL Instance Is Set Appropriately", - "title": "Ensure that the Log_min_messages Flag for a Cloud SQL PostgreSQL Instance Is Set Appropriately", - "types": [], - "uid": "prowler-gcp-cloudsql_instance_postgres_log_min_messages_flag-nodal-time-474015-p5-us-central1-tf-pg-psc-81f580c4-replica-test-psc0" - }, - "resources": [ - { - "region": "us-central1", - "data": { - "details": "", - "metadata": { - "name": "tf-pg-psc-81f580c4-replica-test-psc0", - "version": "POSTGRES_15", - "ip_addresses": [], - "region": "us-central1", - "public_ip": false, - "authorized_networks": [], - "require_ssl": false, - "ssl_mode": "ALLOW_UNENCRYPTED_AND_ENCRYPTED", - "automated_backups": false, - "flags": [ - { - "name": "autovacuum", - "value": "off" - } - ], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "cloudsql" - }, - "labels": [], - "name": "tf-pg-psc-81f580c4-replica-test-psc0", - "type": "DatabaseInstance", - "uid": "tf-pg-psc-81f580c4-replica-test-psc0" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-central1" - }, - "remediation": { - "desc": "The log_min_messages flag defines the minimum message severity level that is considered as an error statement. Messages for error statements are logged with the SQL statement. Valid values include DEBUG5, DEBUG4, DEBUG3, DEBUG2, DEBUG1, INFO, NOTICE, WARNING, ERROR, LOG, FATAL, and PANIC. Each severity level includes the subsequent levels mentioned above. ERROR is considered the best practice setting. Changes should only be made in accordance with the organization's logging policy.", - "references": [ - "https://cloud.google.com/sql/docs/postgres/flags" - ] - }, - "risk_details": "Auditing helps in troubleshooting operational problems and also permits forensic analysis. If log_min_messages is not set to the correct value, messages may not be classified as error messages appropriately. An organization will need to decide their own threshold for logging log_min_messages flag.", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "PostgreSQL Instance tf-pg-psc-81f580c4 does not have 'log_statement' flag set to 'ddl'.", - "metadata": { - "event_code": "cloudsql_instance_postgres_log_statement_flag", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "PostgreSQL Instance tf-pg-psc-81f580c4 does not have 'log_statement' flag set to 'ddl'.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "6.2.4" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16" - ], - "PCI-4.0": [ - "10.2.1.1.23", - "10.2.1.2.20", - "10.2.1.4.20", - "10.2.1.5.20", - "10.2.1.6.20", - "10.6.3.25", - "5.3.4.23" - ], - "CIS-2.0": [ - "6.2.4" - ], - "NIS2": [ - "3.2.1", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.11" - ], - "CIS-4.0": [ - "6.2.4" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "Ensure That the Log_statement Database Flag for Cloud SQL PostgreSQL Instance Is Set Appropriately", - "title": "Ensure That the Log_statement Database Flag for Cloud SQL PostgreSQL Instance Is Set Appropriately", - "types": [], - "uid": "prowler-gcp-cloudsql_instance_postgres_log_statement_flag-nodal-time-474015-p5-us-central1-tf-pg-psc-81f580c4" - }, - "resources": [ - { - "region": "us-central1", - "data": { - "details": "", - "metadata": { - "name": "tf-pg-psc-81f580c4", - "version": "POSTGRES_15", - "ip_addresses": [], - "region": "us-central1", - "public_ip": false, - "authorized_networks": [], - "require_ssl": false, - "ssl_mode": "ALLOW_UNENCRYPTED_AND_ENCRYPTED", - "automated_backups": true, - "flags": [ - { - "name": "autovacuum", - "value": "off" - } - ], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "cloudsql" - }, - "labels": [], - "name": "tf-pg-psc-81f580c4", - "type": "DatabaseInstance", - "uid": "tf-pg-psc-81f580c4" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-central1" - }, - "remediation": { - "desc": "The value ddl logs all data definition statements. A value of 'ddl' is recommended unless otherwise directed by your organization's logging policy.", - "references": [ - "https://cloud.google.com/sql/docs/postgres/flags" - ] - }, - "risk_details": "Auditing helps in forensic analysis. If log_statement is not set to the correct value, too many statements may be logged leading to issues in finding the relevant information from the logs, or too few statements may be logged with relevant information missing from the logs.", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "PostgreSQL Instance tf-pg-psc-81f580c4-replica-test-psc0 does not have 'log_statement' flag set to 'ddl'.", - "metadata": { - "event_code": "cloudsql_instance_postgres_log_statement_flag", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "PostgreSQL Instance tf-pg-psc-81f580c4-replica-test-psc0 does not have 'log_statement' flag set to 'ddl'.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "6.2.4" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16" - ], - "PCI-4.0": [ - "10.2.1.1.23", - "10.2.1.2.20", - "10.2.1.4.20", - "10.2.1.5.20", - "10.2.1.6.20", - "10.6.3.25", - "5.3.4.23" - ], - "CIS-2.0": [ - "6.2.4" - ], - "NIS2": [ - "3.2.1", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.11" - ], - "CIS-4.0": [ - "6.2.4" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "Ensure That the Log_statement Database Flag for Cloud SQL PostgreSQL Instance Is Set Appropriately", - "title": "Ensure That the Log_statement Database Flag for Cloud SQL PostgreSQL Instance Is Set Appropriately", - "types": [], - "uid": "prowler-gcp-cloudsql_instance_postgres_log_statement_flag-nodal-time-474015-p5-us-central1-tf-pg-psc-81f580c4-replica-test-psc0" - }, - "resources": [ - { - "region": "us-central1", - "data": { - "details": "", - "metadata": { - "name": "tf-pg-psc-81f580c4-replica-test-psc0", - "version": "POSTGRES_15", - "ip_addresses": [], - "region": "us-central1", - "public_ip": false, - "authorized_networks": [], - "require_ssl": false, - "ssl_mode": "ALLOW_UNENCRYPTED_AND_ENCRYPTED", - "automated_backups": false, - "flags": [ - { - "name": "autovacuum", - "value": "off" - } - ], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "cloudsql" - }, - "labels": [], - "name": "tf-pg-psc-81f580c4-replica-test-psc0", - "type": "DatabaseInstance", - "uid": "tf-pg-psc-81f580c4-replica-test-psc0" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-central1" - }, - "remediation": { - "desc": "The value ddl logs all data definition statements. A value of 'ddl' is recommended unless otherwise directed by your organization's logging policy.", - "references": [ - "https://cloud.google.com/sql/docs/postgres/flags" - ] - }, - "risk_details": "Auditing helps in forensic analysis. If log_statement is not set to the correct value, too many statements may be logged leading to issues in finding the relevant information from the logs, or too few statements may be logged with relevant information missing from the logs.", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Database Instance tf-pg-psc-81f580c4 does not have private IP assignments.", - "metadata": { - "event_code": "cloudsql_instance_private_ip_assignment", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Database Instance tf-pg-psc-81f580c4 does not have private IP assignments.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.com.4.gcp.vpc.1" - ], - "PCI-4.0": [ - "1.2.8.28", - "1.3.1.30", - "1.3.1.31", - "1.3.2.31", - "1.4.2.8", - "1.4.2.28", - "1.4.2.29", - "1.5.1.28", - "10.3.2.15", - "3.5.1.3.20", - "A1.1.2.11", - "A1.1.3.28", - "A3.4.1.13" - ], - "CIS-2.0": [ - "6.2.9" - ], - "NIS2": [ - "12.2.2.c" - ], - "CCC": [ - "CCC.DataWar.CN03.AR01", - "CCC.MLDE.CN07.AR02", - "CCC.MLDE.CN08.AR01", - "CCC.MLDE.CN08.AR02", - "CCC.SvlsComp.CN01.AR01", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "Ensure Instance IP assignment is set to private", - "title": "Ensure Instance IP assignment is set to private", - "types": [], - "uid": "prowler-gcp-cloudsql_instance_private_ip_assignment-nodal-time-474015-p5-us-central1-tf-pg-psc-81f580c4" - }, - "resources": [ - { - "region": "us-central1", - "data": { - "details": "", - "metadata": { - "name": "tf-pg-psc-81f580c4", - "version": "POSTGRES_15", - "ip_addresses": [], - "region": "us-central1", - "public_ip": false, - "authorized_networks": [], - "require_ssl": false, - "ssl_mode": "ALLOW_UNENCRYPTED_AND_ENCRYPTED", - "automated_backups": true, - "flags": [ - { - "name": "autovacuum", - "value": "off" - } - ], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "cloudsql" - }, - "labels": [], - "name": "tf-pg-psc-81f580c4", - "type": "DatabaseInstance", - "uid": "tf-pg-psc-81f580c4" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-central1" - }, - "remediation": { - "desc": "Setting databases access only to private will reduce attack surface.", - "references": [ - "https://cloud.google.com/sql/docs/mysql/configure-private-ip" - ] - }, - "risk_details": "Instance addresses can be public IP or private IP. Public IP means that the instance is accessible through the public internet. In contrast, instances using only private IP are not accessible through the public internet, but are accessible through a Virtual Private Cloud (VPC). Limiting network access to your database will limit potential attacks.", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Database Instance tf-pg-psc-81f580c4-replica-test-psc0 does not have private IP assignments.", - "metadata": { - "event_code": "cloudsql_instance_private_ip_assignment", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Database Instance tf-pg-psc-81f580c4-replica-test-psc0 does not have private IP assignments.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.com.4.gcp.vpc.1" - ], - "PCI-4.0": [ - "1.2.8.28", - "1.3.1.30", - "1.3.1.31", - "1.3.2.31", - "1.4.2.8", - "1.4.2.28", - "1.4.2.29", - "1.5.1.28", - "10.3.2.15", - "3.5.1.3.20", - "A1.1.2.11", - "A1.1.3.28", - "A3.4.1.13" - ], - "CIS-2.0": [ - "6.2.9" - ], - "NIS2": [ - "12.2.2.c" - ], - "CCC": [ - "CCC.DataWar.CN03.AR01", - "CCC.MLDE.CN07.AR02", - "CCC.MLDE.CN08.AR01", - "CCC.MLDE.CN08.AR02", - "CCC.SvlsComp.CN01.AR01", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "Ensure Instance IP assignment is set to private", - "title": "Ensure Instance IP assignment is set to private", - "types": [], - "uid": "prowler-gcp-cloudsql_instance_private_ip_assignment-nodal-time-474015-p5-us-central1-tf-pg-psc-81f580c4-replica-test-psc0" - }, - "resources": [ - { - "region": "us-central1", - "data": { - "details": "", - "metadata": { - "name": "tf-pg-psc-81f580c4-replica-test-psc0", - "version": "POSTGRES_15", - "ip_addresses": [], - "region": "us-central1", - "public_ip": false, - "authorized_networks": [], - "require_ssl": false, - "ssl_mode": "ALLOW_UNENCRYPTED_AND_ENCRYPTED", - "automated_backups": false, - "flags": [ - { - "name": "autovacuum", - "value": "off" - } - ], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "cloudsql" - }, - "labels": [], - "name": "tf-pg-psc-81f580c4-replica-test-psc0", - "type": "DatabaseInstance", - "uid": "tf-pg-psc-81f580c4-replica-test-psc0" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-central1" - }, - "remediation": { - "desc": "Setting databases access only to private will reduce attack surface.", - "references": [ - "https://cloud.google.com/sql/docs/mysql/configure-private-ip" - ] - }, - "risk_details": "Instance addresses can be public IP or private IP. Public IP means that the instance is accessible through the public internet. In contrast, instances using only private IP are not accessible through the public internet, but are accessible through a Virtual Private Cloud (VPC). Limiting network access to your database will limit potential attacks.", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Database Instance tf-pg-psc-81f580c4 does not whitelist all Public IP Addresses.", - "metadata": { - "event_code": "cloudsql_instance_public_access", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Database Instance tf-pg-psc-81f580c4 does not whitelist all Public IP Addresses.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "6.5", - "6.6" - ], - "SOC2": [ - "cc_6_2" - ], - "ISO27001-2022": [ - "A.8.1" - ], - "ENS-RD2022": [ - "op.mon.3.r5.gcp.dm.1" - ], - "PCI-4.0": [ - "1.2.8.27", - "1.2.8.28", - "1.2.8.32", - "1.3.1.30", - "1.3.1.31", - "1.3.1.35", - "1.3.2.30", - "1.3.2.31", - "1.3.2.35", - "1.3.2.36", - "1.4.2.8", - "1.4.2.28", - "1.4.2.29", - "1.4.5.1", - "1.5.1.27", - "1.5.1.28", - "10.3.2.14", - "10.3.2.15", - "10.3.2.16", - "3.5.1.3.19", - "3.5.1.3.20", - "3.5.1.3.21", - "3.5.1.3.24", - "7.2.2.22", - "7.3.1.16", - "7.3.1.17", - "7.3.2.17", - "7.3.3.16", - "7.3.3.17", - "8.2.7.14", - "8.2.7.16", - "A1.1.2.2", - "A1.1.2.10", - "A1.1.2.11", - "A1.1.2.12", - "A1.1.3.16", - "A1.1.3.27", - "A1.1.3.28", - "A1.1.3.31", - "A1.1.3.32", - "A3.4.1.12", - "A3.4.1.13", - "A3.4.1.14", - "A3.4.1.25" - ], - "MITRE-ATTACK": [ - "T1190" - ], - "CIS-2.0": [ - "6.5" - ], - "ProwlerThreatScore-1.0": [ - "2.2.5", - "2.2.6" - ], - "CIS-4.0": [ - "6.5", - "6.6" - ], - "CCC": [ - "CCC.Build.CN03.AR01", - "CCC.GenAI.CN04.AR01", - "CCC.MLDE.CN07.AR02", - "CCC.MLDE.CN08.AR01", - "CCC.MLDE.CN08.AR02", - "CCC.SvlsComp.CN01.AR01", - "CCC.Core.CN01.AR03", - "CCC.Core.CN03.AR04", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "Ensure That Cloud SQL Database Instances Do Not Implicitly Whitelist All Public IP Addresses ", - "title": "Ensure That Cloud SQL Database Instances Do Not Implicitly Whitelist All Public IP Addresses ", - "types": [], - "uid": "prowler-gcp-cloudsql_instance_public_access-nodal-time-474015-p5-us-central1-tf-pg-psc-81f580c4" - }, - "resources": [ - { - "region": "us-central1", - "data": { - "details": "", - "metadata": { - "name": "tf-pg-psc-81f580c4", - "version": "POSTGRES_15", - "ip_addresses": [], - "region": "us-central1", - "public_ip": false, - "authorized_networks": [], - "require_ssl": false, - "ssl_mode": "ALLOW_UNENCRYPTED_AND_ENCRYPTED", - "automated_backups": true, - "flags": [ - { - "name": "autovacuum", - "value": "off" - } - ], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "cloudsql" - }, - "labels": [], - "name": "tf-pg-psc-81f580c4", - "type": "DatabaseInstance", - "uid": "tf-pg-psc-81f580c4" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-central1" - }, - "remediation": { - "desc": "Database Server should accept connections only from trusted Network(s)/IP(s) and restrict access from public IP addresses.", - "references": [ - "https://cloud.google.com/sql/docs/mysql/connection-org-policy" - ] - }, - "risk_details": "To minimize attack surface on a Database server instance, only trusted/known and required IP(s) should be white-listed to connect to it. An authorized network should not have IPs/networks configured to 0.0.0.0/0 which will allow access to the instance from anywhere in the world. Note that authorized networks apply only to instances with public IPs.", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Database Instance tf-pg-psc-81f580c4-replica-test-psc0 does not whitelist all Public IP Addresses.", - "metadata": { - "event_code": "cloudsql_instance_public_access", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Database Instance tf-pg-psc-81f580c4-replica-test-psc0 does not whitelist all Public IP Addresses.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "6.5", - "6.6" - ], - "SOC2": [ - "cc_6_2" - ], - "ISO27001-2022": [ - "A.8.1" - ], - "ENS-RD2022": [ - "op.mon.3.r5.gcp.dm.1" - ], - "PCI-4.0": [ - "1.2.8.27", - "1.2.8.28", - "1.2.8.32", - "1.3.1.30", - "1.3.1.31", - "1.3.1.35", - "1.3.2.30", - "1.3.2.31", - "1.3.2.35", - "1.3.2.36", - "1.4.2.8", - "1.4.2.28", - "1.4.2.29", - "1.4.5.1", - "1.5.1.27", - "1.5.1.28", - "10.3.2.14", - "10.3.2.15", - "10.3.2.16", - "3.5.1.3.19", - "3.5.1.3.20", - "3.5.1.3.21", - "3.5.1.3.24", - "7.2.2.22", - "7.3.1.16", - "7.3.1.17", - "7.3.2.17", - "7.3.3.16", - "7.3.3.17", - "8.2.7.14", - "8.2.7.16", - "A1.1.2.2", - "A1.1.2.10", - "A1.1.2.11", - "A1.1.2.12", - "A1.1.3.16", - "A1.1.3.27", - "A1.1.3.28", - "A1.1.3.31", - "A1.1.3.32", - "A3.4.1.12", - "A3.4.1.13", - "A3.4.1.14", - "A3.4.1.25" - ], - "MITRE-ATTACK": [ - "T1190" - ], - "CIS-2.0": [ - "6.5" - ], - "ProwlerThreatScore-1.0": [ - "2.2.5", - "2.2.6" - ], - "CIS-4.0": [ - "6.5", - "6.6" - ], - "CCC": [ - "CCC.Build.CN03.AR01", - "CCC.GenAI.CN04.AR01", - "CCC.MLDE.CN07.AR02", - "CCC.MLDE.CN08.AR01", - "CCC.MLDE.CN08.AR02", - "CCC.SvlsComp.CN01.AR01", - "CCC.Core.CN01.AR03", - "CCC.Core.CN03.AR04", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "Ensure That Cloud SQL Database Instances Do Not Implicitly Whitelist All Public IP Addresses ", - "title": "Ensure That Cloud SQL Database Instances Do Not Implicitly Whitelist All Public IP Addresses ", - "types": [], - "uid": "prowler-gcp-cloudsql_instance_public_access-nodal-time-474015-p5-us-central1-tf-pg-psc-81f580c4-replica-test-psc0" - }, - "resources": [ - { - "region": "us-central1", - "data": { - "details": "", - "metadata": { - "name": "tf-pg-psc-81f580c4-replica-test-psc0", - "version": "POSTGRES_15", - "ip_addresses": [], - "region": "us-central1", - "public_ip": false, - "authorized_networks": [], - "require_ssl": false, - "ssl_mode": "ALLOW_UNENCRYPTED_AND_ENCRYPTED", - "automated_backups": false, - "flags": [ - { - "name": "autovacuum", - "value": "off" - } - ], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "cloudsql" - }, - "labels": [], - "name": "tf-pg-psc-81f580c4-replica-test-psc0", - "type": "DatabaseInstance", - "uid": "tf-pg-psc-81f580c4-replica-test-psc0" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-central1" - }, - "remediation": { - "desc": "Database Server should accept connections only from trusted Network(s)/IP(s) and restrict access from public IP addresses.", - "references": [ - "https://cloud.google.com/sql/docs/mysql/connection-org-policy" - ] - }, - "risk_details": "To minimize attack surface on a Database server instance, only trusted/known and required IP(s) should be white-listed to connect to it. An authorized network should not have IPs/networks configured to 0.0.0.0/0 which will allow access to the instance from anywhere in the world. Note that authorized networks apply only to instances with public IPs.", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Database Instance tf-pg-psc-81f580c4 does not have a public IP.", - "metadata": { - "event_code": "cloudsql_instance_public_ip", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Database Instance tf-pg-psc-81f580c4 does not have a public IP.", - "status_id": 1, - "unmapped": { - "related_url": "https://www.trendmicro.com/cloudoneconformity/knowledge-base/gcp/CloudSQL/sql-database-instances-with-public-ips.html", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ISO27001-2022": [ - "A.8.1" - ], - "ENS-RD2022": [ - "mp.com.4.gcp.vpc.1" - ], - "PCI-4.0": [ - "1.2.8.28", - "1.3.1.30", - "1.3.1.31", - "1.3.2.31", - "1.4.2.8", - "1.4.2.28", - "1.4.2.29", - "1.5.1.28", - "10.3.2.14", - "10.3.2.15", - "10.3.2.16", - "3.5.1.3.19", - "3.5.1.3.20", - "3.5.1.3.21", - "A1.1.2.10", - "A1.1.2.11", - "A1.1.2.12", - "A1.1.3.27", - "A1.1.3.28", - "A3.4.1.12", - "A3.4.1.13", - "A3.4.1.14" - ], - "MITRE-ATTACK": [ - "T1190" - ], - "CIS-2.0": [ - "6.6" - ], - "CCC": [ - "CCC.Build.CN03.AR01", - "CCC.DataWar.CN03.AR01", - "CCC.MLDE.CN07.AR02", - "CCC.MLDE.CN08.AR01", - "CCC.MLDE.CN08.AR02", - "CCC.SvlsComp.CN01.AR01", - "CCC.Core.CN01.AR03", - "CCC.Core.CN03.AR02", - "CCC.Core.CN03.AR04", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "Check for Cloud SQL Database Instances with Public IPs", - "title": "Check for Cloud SQL Database Instances with Public IPs", - "types": [], - "uid": "prowler-gcp-cloudsql_instance_public_ip-nodal-time-474015-p5-us-central1-tf-pg-psc-81f580c4" - }, - "resources": [ - { - "region": "us-central1", - "data": { - "details": "", - "metadata": { - "name": "tf-pg-psc-81f580c4", - "version": "POSTGRES_15", - "ip_addresses": [], - "region": "us-central1", - "public_ip": false, - "authorized_networks": [], - "require_ssl": false, - "ssl_mode": "ALLOW_UNENCRYPTED_AND_ENCRYPTED", - "automated_backups": true, - "flags": [ - { - "name": "autovacuum", - "value": "off" - } - ], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "cloudsql" - }, - "labels": [], - "name": "tf-pg-psc-81f580c4", - "type": "DatabaseInstance", - "uid": "tf-pg-psc-81f580c4" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-central1" - }, - "remediation": { - "desc": "To lower the organization's attack surface, Cloud SQL databases should not have public IPs. Private IPs provide improved network security and lower latency for your application.", - "references": [ - "https://cloud.google.com/sql/docs/mysql/configure-private-ip" - ] - }, - "risk_details": "To lower the organization's attack surface, Cloud SQL databases should not have public IPs. Private IPs provide improved network security and lower latency for your application.", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Database Instance tf-pg-psc-81f580c4-replica-test-psc0 does not have a public IP.", - "metadata": { - "event_code": "cloudsql_instance_public_ip", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Database Instance tf-pg-psc-81f580c4-replica-test-psc0 does not have a public IP.", - "status_id": 1, - "unmapped": { - "related_url": "https://www.trendmicro.com/cloudoneconformity/knowledge-base/gcp/CloudSQL/sql-database-instances-with-public-ips.html", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ISO27001-2022": [ - "A.8.1" - ], - "ENS-RD2022": [ - "mp.com.4.gcp.vpc.1" - ], - "PCI-4.0": [ - "1.2.8.28", - "1.3.1.30", - "1.3.1.31", - "1.3.2.31", - "1.4.2.8", - "1.4.2.28", - "1.4.2.29", - "1.5.1.28", - "10.3.2.14", - "10.3.2.15", - "10.3.2.16", - "3.5.1.3.19", - "3.5.1.3.20", - "3.5.1.3.21", - "A1.1.2.10", - "A1.1.2.11", - "A1.1.2.12", - "A1.1.3.27", - "A1.1.3.28", - "A3.4.1.12", - "A3.4.1.13", - "A3.4.1.14" - ], - "MITRE-ATTACK": [ - "T1190" - ], - "CIS-2.0": [ - "6.6" - ], - "CCC": [ - "CCC.Build.CN03.AR01", - "CCC.DataWar.CN03.AR01", - "CCC.MLDE.CN07.AR02", - "CCC.MLDE.CN08.AR01", - "CCC.MLDE.CN08.AR02", - "CCC.SvlsComp.CN01.AR01", - "CCC.Core.CN01.AR03", - "CCC.Core.CN03.AR02", - "CCC.Core.CN03.AR04", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "Check for Cloud SQL Database Instances with Public IPs", - "title": "Check for Cloud SQL Database Instances with Public IPs", - "types": [], - "uid": "prowler-gcp-cloudsql_instance_public_ip-nodal-time-474015-p5-us-central1-tf-pg-psc-81f580c4-replica-test-psc0" - }, - "resources": [ - { - "region": "us-central1", - "data": { - "details": "", - "metadata": { - "name": "tf-pg-psc-81f580c4-replica-test-psc0", - "version": "POSTGRES_15", - "ip_addresses": [], - "region": "us-central1", - "public_ip": false, - "authorized_networks": [], - "require_ssl": false, - "ssl_mode": "ALLOW_UNENCRYPTED_AND_ENCRYPTED", - "automated_backups": false, - "flags": [ - { - "name": "autovacuum", - "value": "off" - } - ], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "cloudsql" - }, - "labels": [], - "name": "tf-pg-psc-81f580c4-replica-test-psc0", - "type": "DatabaseInstance", - "uid": "tf-pg-psc-81f580c4-replica-test-psc0" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-central1" - }, - "remediation": { - "desc": "To lower the organization's attack surface, Cloud SQL databases should not have public IPs. Private IPs provide improved network security and lower latency for your application.", - "references": [ - "https://cloud.google.com/sql/docs/mysql/configure-private-ip" - ] - }, - "risk_details": "To lower the organization's attack surface, Cloud SQL databases should not have public IPs. Private IPs provide improved network security and lower latency for your application.", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Database Instance tf-pg-psc-81f580c4 does not require SSL connections.", - "metadata": { - "event_code": "cloudsql_instance_ssl_connections", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Database Instance tf-pg-psc-81f580c4 does not require SSL connections.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "6.4" - ], - "SOC2": [ - "cc_6_7" - ], - "ISO27001-2022": [ - "A.8.12" - ], - "ENS-RD2022": [ - "op.acc.6.r3.gcp.iam.2" - ], - "PCI-4.0": [ - "1.2.5.14", - "1.2.8.28", - "1.3.1.30", - "1.3.1.31", - "1.3.2.31", - "1.4.2.28", - "1.4.2.29", - "10.2.1.3.22", - "10.3.2.15", - "2.2.5.14", - "2.2.7.6", - "2.2.7.18", - "3.5.1.22", - "3.5.1.23", - "3.5.1.25", - "3.5.1.26", - "3.5.1.27", - "4.2.1.1.10", - "4.2.1.1.26", - "4.2.1.6", - "4.2.1.7", - "4.2.1.18", - "7.2.1.22", - "7.2.2.20", - "7.2.2.22", - "7.2.5.16", - "7.2.5.17", - "7.3.1.14", - "7.3.2.17", - "7.3.3.14", - "7.3.3.17", - "8.2.7.14", - "8.2.7.16", - "8.2.7.17", - "8.2.8.16", - "8.3.2.15", - "8.3.2.38", - "8.3.2.42", - "8.3.2.43", - "8.3.2.44", - "8.3.2.47", - "A1.1.2.11" - ], - "MITRE-ATTACK": [ - "T1040", - "T1530" - ], - "CIS-2.0": [ - "6.4" - ], - "NIS2": [ - "12.2.2.c" - ], - "ProwlerThreatScore-1.0": [ - "4.1.2" - ], - "CIS-4.0": [ - "6.4" - ], - "CCC": [ - "CCC.Core.CN01.AR01", - "CCC.Core.CN01.AR03", - "CCC.Core.CN01.AR08" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "Ensure That the Cloud SQL Database Instance Requires All Incoming Connections To Use SSL", - "title": "Ensure That the Cloud SQL Database Instance Requires All Incoming Connections To Use SSL", - "types": [], - "uid": "prowler-gcp-cloudsql_instance_ssl_connections-nodal-time-474015-p5-us-central1-tf-pg-psc-81f580c4" - }, - "resources": [ - { - "region": "us-central1", - "data": { - "details": "", - "metadata": { - "name": "tf-pg-psc-81f580c4", - "version": "POSTGRES_15", - "ip_addresses": [], - "region": "us-central1", - "public_ip": false, - "authorized_networks": [], - "require_ssl": false, - "ssl_mode": "ALLOW_UNENCRYPTED_AND_ENCRYPTED", - "automated_backups": true, - "flags": [ - { - "name": "autovacuum", - "value": "off" - } - ], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "cloudsql" - }, - "labels": [], - "name": "tf-pg-psc-81f580c4", - "type": "DatabaseInstance", - "uid": "tf-pg-psc-81f580c4" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-central1" - }, - "remediation": { - "desc": "It is recommended to enforce all incoming connections to SQL database instance to use SSL.", - "references": [ - "https://cloud.google.com/sql/docs/postgres/configure-ssl-instance/" - ] - }, - "risk_details": "SQL database connections if successfully trapped (MITM), can reveal sensitive data like credentials, database queries, query outputs etc. For security, it is recommended to always use SSL encryption when connecting to your instance. This recommendation is applicable for Postgresql, MySql generation 1, MySql generation 2 and SQL Server 2017 instances.", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Database Instance tf-pg-psc-81f580c4-replica-test-psc0 does not require SSL connections.", - "metadata": { - "event_code": "cloudsql_instance_ssl_connections", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Database Instance tf-pg-psc-81f580c4-replica-test-psc0 does not require SSL connections.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "6.4" - ], - "SOC2": [ - "cc_6_7" - ], - "ISO27001-2022": [ - "A.8.12" - ], - "ENS-RD2022": [ - "op.acc.6.r3.gcp.iam.2" - ], - "PCI-4.0": [ - "1.2.5.14", - "1.2.8.28", - "1.3.1.30", - "1.3.1.31", - "1.3.2.31", - "1.4.2.28", - "1.4.2.29", - "10.2.1.3.22", - "10.3.2.15", - "2.2.5.14", - "2.2.7.6", - "2.2.7.18", - "3.5.1.22", - "3.5.1.23", - "3.5.1.25", - "3.5.1.26", - "3.5.1.27", - "4.2.1.1.10", - "4.2.1.1.26", - "4.2.1.6", - "4.2.1.7", - "4.2.1.18", - "7.2.1.22", - "7.2.2.20", - "7.2.2.22", - "7.2.5.16", - "7.2.5.17", - "7.3.1.14", - "7.3.2.17", - "7.3.3.14", - "7.3.3.17", - "8.2.7.14", - "8.2.7.16", - "8.2.7.17", - "8.2.8.16", - "8.3.2.15", - "8.3.2.38", - "8.3.2.42", - "8.3.2.43", - "8.3.2.44", - "8.3.2.47", - "A1.1.2.11" - ], - "MITRE-ATTACK": [ - "T1040", - "T1530" - ], - "CIS-2.0": [ - "6.4" - ], - "NIS2": [ - "12.2.2.c" - ], - "ProwlerThreatScore-1.0": [ - "4.1.2" - ], - "CIS-4.0": [ - "6.4" - ], - "CCC": [ - "CCC.Core.CN01.AR01", - "CCC.Core.CN01.AR03", - "CCC.Core.CN01.AR08" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "Ensure That the Cloud SQL Database Instance Requires All Incoming Connections To Use SSL", - "title": "Ensure That the Cloud SQL Database Instance Requires All Incoming Connections To Use SSL", - "types": [], - "uid": "prowler-gcp-cloudsql_instance_ssl_connections-nodal-time-474015-p5-us-central1-tf-pg-psc-81f580c4-replica-test-psc0" - }, - "resources": [ - { - "region": "us-central1", - "data": { - "details": "", - "metadata": { - "name": "tf-pg-psc-81f580c4-replica-test-psc0", - "version": "POSTGRES_15", - "ip_addresses": [], - "region": "us-central1", - "public_ip": false, - "authorized_networks": [], - "require_ssl": false, - "ssl_mode": "ALLOW_UNENCRYPTED_AND_ENCRYPTED", - "automated_backups": false, - "flags": [ - { - "name": "autovacuum", - "value": "off" - } - ], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "cloudsql" - }, - "labels": [], - "name": "tf-pg-psc-81f580c4-replica-test-psc0", - "type": "DatabaseInstance", - "uid": "tf-pg-psc-81f580c4-replica-test-psc0" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-central1" - }, - "remediation": { - "desc": "It is recommended to enforce all incoming connections to SQL database instance to use SSL.", - "references": [ - "https://cloud.google.com/sql/docs/postgres/configure-ssl-instance/" - ] - }, - "risk_details": "SQL database connections if successfully trapped (MITM), can reveal sensitive data like credentials, database queries, query outputs etc. For security, it is recommended to always use SSL encryption when connecting to your instance. This recommendation is applicable for Postgresql, MySql generation 1, MySql generation 2 and SQL Server 2017 instances.", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Bucket cfi-logs-bucket-1fba850e is not publicly accessible.", - "metadata": { - "event_code": "cloudstorage_bucket_public_access", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Bucket cfi-logs-bucket-1fba850e is not publicly accessible.", - "status_id": 1, - "unmapped": { - "related_url": "https://www.trendmicro.com/cloudoneconformity/knowledge-base/gcp/CloudStorage/publicly-accessible-storage-buckets.html", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "5.1" - ], - "SOC2": [ - "cc_6_1" - ], - "ISO27001-2022": [ - "A.8.1", - "A.8.12" - ], - "ENS-RD2022": [ - "op.mon.3.r5.gcp.dm.1" - ], - "PCI-4.0": [ - "1.2.5.15", - "1.2.8.30", - "1.2.8.32", - "1.2.8.33", - "1.2.8.34", - "1.2.8.35", - "1.3.1.32", - "1.3.1.34", - "1.3.1.35", - "1.3.1.37", - "1.3.1.38", - "1.3.1.39", - "1.3.2.34", - "1.3.2.35", - "1.3.2.36", - "1.3.2.37", - "1.3.2.38", - "1.3.2.39", - "1.4.2.32", - "1.4.2.33", - "1.4.2.35", - "1.4.2.36", - "1.4.2.37", - "1.5.1.30", - "1.5.1.32", - "1.5.1.33", - "1.5.1.34", - "1.5.1.35", - "10.3.2.8", - "10.3.2.11", - "10.3.2.18", - "10.3.2.19", - "10.3.2.21", - "10.3.2.23", - "10.3.2.24", - "10.3.2.26", - "10.3.3.23", - "10.3.4.8", - "10.6.3.33", - "10.6.3.35", - "2.2.5.15", - "3.5.1.3.8", - "3.5.1.3.23", - "3.5.1.3.24", - "3.5.1.3.26", - "3.5.1.3.28", - "3.5.1.3.29", - "4.2.1.19", - "7.2.1.24", - "7.2.1.25", - "7.2.1.26", - "7.2.1.27", - "7.2.2.2", - "7.2.2.24", - "7.2.2.25", - "7.2.2.26", - "7.2.2.27", - "7.2.5.2", - "7.2.5.18", - "7.2.5.19", - "7.2.5.20", - "7.2.5.21", - "7.2.6.4", - "7.2.6.5", - "7.3.1.18", - "7.3.1.19", - "7.3.1.20", - "7.3.1.21", - "7.3.2.18", - "7.3.2.19", - "7.3.2.20", - "7.3.2.21", - "7.3.3.18", - "7.3.3.19", - "7.3.3.20", - "7.3.3.21", - "8.2.7.18", - "8.2.7.19", - "8.2.7.20", - "8.2.7.21", - "8.2.8.20", - "8.2.8.21", - "8.2.8.22", - "8.2.8.23", - "8.3.2.48", - "8.3.4.18", - "8.3.4.19", - "8.3.4.20", - "A1.1.2.4", - "A1.1.2.7", - "A1.1.2.14", - "A1.1.2.17", - "A1.1.2.19", - "A1.1.2.20", - "A1.1.2.22", - "A1.1.3.30", - "A1.1.3.31", - "A1.1.3.32", - "A1.1.3.33", - "A1.1.3.34", - "A1.1.3.35", - "A1.2.1.31", - "A3.4.1.4", - "A3.4.1.16", - "A3.4.1.19", - "A3.4.1.21", - "A3.4.1.22", - "A3.4.1.25" - ], - "MITRE-ATTACK": [ - "T1190" - ], - "CIS-2.0": [ - "5.1" - ], - "ProwlerThreatScore-1.0": [ - "2.2.1" - ], - "CIS-4.0": [ - "5.1" - ], - "CCC": [ - "CCC.AuditLog.CN04.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.AuditLog.CN10.AR01", - "CCC.AuditLog.CN10.AR02", - "CCC.Build.CN03.AR01", - "CCC.GenAI.CN03.AR01", - "CCC.GenAI.CN04.AR01", - "CCC.GenAI.CN08.AR01", - "CCC.Logging.CN05.AR01", - "CCC.Logging.CN05.AR02", - "CCC.MLDE.CN08.AR02", - "CCC.SvlsComp.CN01.AR01", - "CCC.Core.CN01.AR03", - "CCC.Core.CN03.AR02", - "CCC.Core.CN03.AR04", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "Ensure That Cloud Storage Bucket Is Not Anonymously or Publicly Accessible", - "title": "Ensure That Cloud Storage Bucket Is Not Anonymously or Publicly Accessible", - "types": [], - "uid": "prowler-gcp-cloudstorage_bucket_public_access-nodal-time-474015-p5-US-CENTRAL1-cfi-logs-bucket-1fba850e" - }, - "resources": [ - { - "region": "US-CENTRAL1", - "data": { - "details": "", - "metadata": { - "name": "cfi-logs-bucket-1fba850e", - "id": "cfi-logs-bucket-1fba850e", - "region": "US-CENTRAL1", - "uniform_bucket_level_access": true, - "public": false, - "project_id": "nodal-time-474015-p5", - "retention_policy": null - } - }, - "group": { - "name": "cloudstorage" - }, - "labels": [], - "name": "cfi-logs-bucket-1fba850e", - "type": "Bucket", - "uid": "cfi-logs-bucket-1fba850e" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "US-CENTRAL1" - }, - "remediation": { - "desc": "It is recommended that IAM policy on Cloud Storage bucket does not allows anonymous or public access.", - "references": [ - "https://cloud.google.com/storage/docs/access-control/iam-reference" - ] - }, - "risk_details": "Allowing anonymous or public access grants permissions to anyone to access bucket content. Such access might not be desired if you are storing any sensitive data. Hence, ensure that anonymous or public access to a bucket is not allowed.", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Bucket cfi-logs-bucket-7a427af0 is not publicly accessible.", - "metadata": { - "event_code": "cloudstorage_bucket_public_access", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Bucket cfi-logs-bucket-7a427af0 is not publicly accessible.", - "status_id": 1, - "unmapped": { - "related_url": "https://www.trendmicro.com/cloudoneconformity/knowledge-base/gcp/CloudStorage/publicly-accessible-storage-buckets.html", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "5.1" - ], - "SOC2": [ - "cc_6_1" - ], - "ISO27001-2022": [ - "A.8.1", - "A.8.12" - ], - "ENS-RD2022": [ - "op.mon.3.r5.gcp.dm.1" - ], - "PCI-4.0": [ - "1.2.5.15", - "1.2.8.30", - "1.2.8.32", - "1.2.8.33", - "1.2.8.34", - "1.2.8.35", - "1.3.1.32", - "1.3.1.34", - "1.3.1.35", - "1.3.1.37", - "1.3.1.38", - "1.3.1.39", - "1.3.2.34", - "1.3.2.35", - "1.3.2.36", - "1.3.2.37", - "1.3.2.38", - "1.3.2.39", - "1.4.2.32", - "1.4.2.33", - "1.4.2.35", - "1.4.2.36", - "1.4.2.37", - "1.5.1.30", - "1.5.1.32", - "1.5.1.33", - "1.5.1.34", - "1.5.1.35", - "10.3.2.8", - "10.3.2.11", - "10.3.2.18", - "10.3.2.19", - "10.3.2.21", - "10.3.2.23", - "10.3.2.24", - "10.3.2.26", - "10.3.3.23", - "10.3.4.8", - "10.6.3.33", - "10.6.3.35", - "2.2.5.15", - "3.5.1.3.8", - "3.5.1.3.23", - "3.5.1.3.24", - "3.5.1.3.26", - "3.5.1.3.28", - "3.5.1.3.29", - "4.2.1.19", - "7.2.1.24", - "7.2.1.25", - "7.2.1.26", - "7.2.1.27", - "7.2.2.2", - "7.2.2.24", - "7.2.2.25", - "7.2.2.26", - "7.2.2.27", - "7.2.5.2", - "7.2.5.18", - "7.2.5.19", - "7.2.5.20", - "7.2.5.21", - "7.2.6.4", - "7.2.6.5", - "7.3.1.18", - "7.3.1.19", - "7.3.1.20", - "7.3.1.21", - "7.3.2.18", - "7.3.2.19", - "7.3.2.20", - "7.3.2.21", - "7.3.3.18", - "7.3.3.19", - "7.3.3.20", - "7.3.3.21", - "8.2.7.18", - "8.2.7.19", - "8.2.7.20", - "8.2.7.21", - "8.2.8.20", - "8.2.8.21", - "8.2.8.22", - "8.2.8.23", - "8.3.2.48", - "8.3.4.18", - "8.3.4.19", - "8.3.4.20", - "A1.1.2.4", - "A1.1.2.7", - "A1.1.2.14", - "A1.1.2.17", - "A1.1.2.19", - "A1.1.2.20", - "A1.1.2.22", - "A1.1.3.30", - "A1.1.3.31", - "A1.1.3.32", - "A1.1.3.33", - "A1.1.3.34", - "A1.1.3.35", - "A1.2.1.31", - "A3.4.1.4", - "A3.4.1.16", - "A3.4.1.19", - "A3.4.1.21", - "A3.4.1.22", - "A3.4.1.25" - ], - "MITRE-ATTACK": [ - "T1190" - ], - "CIS-2.0": [ - "5.1" - ], - "ProwlerThreatScore-1.0": [ - "2.2.1" - ], - "CIS-4.0": [ - "5.1" - ], - "CCC": [ - "CCC.AuditLog.CN04.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.AuditLog.CN10.AR01", - "CCC.AuditLog.CN10.AR02", - "CCC.Build.CN03.AR01", - "CCC.GenAI.CN03.AR01", - "CCC.GenAI.CN04.AR01", - "CCC.GenAI.CN08.AR01", - "CCC.Logging.CN05.AR01", - "CCC.Logging.CN05.AR02", - "CCC.MLDE.CN08.AR02", - "CCC.SvlsComp.CN01.AR01", - "CCC.Core.CN01.AR03", - "CCC.Core.CN03.AR02", - "CCC.Core.CN03.AR04", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "Ensure That Cloud Storage Bucket Is Not Anonymously or Publicly Accessible", - "title": "Ensure That Cloud Storage Bucket Is Not Anonymously or Publicly Accessible", - "types": [], - "uid": "prowler-gcp-cloudstorage_bucket_public_access-nodal-time-474015-p5-US-CENTRAL1-cfi-logs-bucket-7a427af0" - }, - "resources": [ - { - "region": "US-CENTRAL1", - "data": { - "details": "", - "metadata": { - "name": "cfi-logs-bucket-7a427af0", - "id": "cfi-logs-bucket-7a427af0", - "region": "US-CENTRAL1", - "uniform_bucket_level_access": true, - "public": false, - "project_id": "nodal-time-474015-p5", - "retention_policy": null - } - }, - "group": { - "name": "cloudstorage" - }, - "labels": [], - "name": "cfi-logs-bucket-7a427af0", - "type": "Bucket", - "uid": "cfi-logs-bucket-7a427af0" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "US-CENTRAL1" - }, - "remediation": { - "desc": "It is recommended that IAM policy on Cloud Storage bucket does not allows anonymous or public access.", - "references": [ - "https://cloud.google.com/storage/docs/access-control/iam-reference" - ] - }, - "risk_details": "Allowing anonymous or public access grants permissions to anyone to access bucket content. Such access might not be desired if you are storing any sensitive data. Hence, ensure that anonymous or public access to a bucket is not allowed.", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Bucket cfi-logs-bucket-a1aaa547 is not publicly accessible.", - "metadata": { - "event_code": "cloudstorage_bucket_public_access", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Bucket cfi-logs-bucket-a1aaa547 is not publicly accessible.", - "status_id": 1, - "unmapped": { - "related_url": "https://www.trendmicro.com/cloudoneconformity/knowledge-base/gcp/CloudStorage/publicly-accessible-storage-buckets.html", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "5.1" - ], - "SOC2": [ - "cc_6_1" - ], - "ISO27001-2022": [ - "A.8.1", - "A.8.12" - ], - "ENS-RD2022": [ - "op.mon.3.r5.gcp.dm.1" - ], - "PCI-4.0": [ - "1.2.5.15", - "1.2.8.30", - "1.2.8.32", - "1.2.8.33", - "1.2.8.34", - "1.2.8.35", - "1.3.1.32", - "1.3.1.34", - "1.3.1.35", - "1.3.1.37", - "1.3.1.38", - "1.3.1.39", - "1.3.2.34", - "1.3.2.35", - "1.3.2.36", - "1.3.2.37", - "1.3.2.38", - "1.3.2.39", - "1.4.2.32", - "1.4.2.33", - "1.4.2.35", - "1.4.2.36", - "1.4.2.37", - "1.5.1.30", - "1.5.1.32", - "1.5.1.33", - "1.5.1.34", - "1.5.1.35", - "10.3.2.8", - "10.3.2.11", - "10.3.2.18", - "10.3.2.19", - "10.3.2.21", - "10.3.2.23", - "10.3.2.24", - "10.3.2.26", - "10.3.3.23", - "10.3.4.8", - "10.6.3.33", - "10.6.3.35", - "2.2.5.15", - "3.5.1.3.8", - "3.5.1.3.23", - "3.5.1.3.24", - "3.5.1.3.26", - "3.5.1.3.28", - "3.5.1.3.29", - "4.2.1.19", - "7.2.1.24", - "7.2.1.25", - "7.2.1.26", - "7.2.1.27", - "7.2.2.2", - "7.2.2.24", - "7.2.2.25", - "7.2.2.26", - "7.2.2.27", - "7.2.5.2", - "7.2.5.18", - "7.2.5.19", - "7.2.5.20", - "7.2.5.21", - "7.2.6.4", - "7.2.6.5", - "7.3.1.18", - "7.3.1.19", - "7.3.1.20", - "7.3.1.21", - "7.3.2.18", - "7.3.2.19", - "7.3.2.20", - "7.3.2.21", - "7.3.3.18", - "7.3.3.19", - "7.3.3.20", - "7.3.3.21", - "8.2.7.18", - "8.2.7.19", - "8.2.7.20", - "8.2.7.21", - "8.2.8.20", - "8.2.8.21", - "8.2.8.22", - "8.2.8.23", - "8.3.2.48", - "8.3.4.18", - "8.3.4.19", - "8.3.4.20", - "A1.1.2.4", - "A1.1.2.7", - "A1.1.2.14", - "A1.1.2.17", - "A1.1.2.19", - "A1.1.2.20", - "A1.1.2.22", - "A1.1.3.30", - "A1.1.3.31", - "A1.1.3.32", - "A1.1.3.33", - "A1.1.3.34", - "A1.1.3.35", - "A1.2.1.31", - "A3.4.1.4", - "A3.4.1.16", - "A3.4.1.19", - "A3.4.1.21", - "A3.4.1.22", - "A3.4.1.25" - ], - "MITRE-ATTACK": [ - "T1190" - ], - "CIS-2.0": [ - "5.1" - ], - "ProwlerThreatScore-1.0": [ - "2.2.1" - ], - "CIS-4.0": [ - "5.1" - ], - "CCC": [ - "CCC.AuditLog.CN04.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.AuditLog.CN10.AR01", - "CCC.AuditLog.CN10.AR02", - "CCC.Build.CN03.AR01", - "CCC.GenAI.CN03.AR01", - "CCC.GenAI.CN04.AR01", - "CCC.GenAI.CN08.AR01", - "CCC.Logging.CN05.AR01", - "CCC.Logging.CN05.AR02", - "CCC.MLDE.CN08.AR02", - "CCC.SvlsComp.CN01.AR01", - "CCC.Core.CN01.AR03", - "CCC.Core.CN03.AR02", - "CCC.Core.CN03.AR04", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "Ensure That Cloud Storage Bucket Is Not Anonymously or Publicly Accessible", - "title": "Ensure That Cloud Storage Bucket Is Not Anonymously or Publicly Accessible", - "types": [], - "uid": "prowler-gcp-cloudstorage_bucket_public_access-nodal-time-474015-p5-US-CENTRAL1-cfi-logs-bucket-a1aaa547" - }, - "resources": [ - { - "region": "US-CENTRAL1", - "data": { - "details": "", - "metadata": { - "name": "cfi-logs-bucket-a1aaa547", - "id": "cfi-logs-bucket-a1aaa547", - "region": "US-CENTRAL1", - "uniform_bucket_level_access": true, - "public": false, - "project_id": "nodal-time-474015-p5", - "retention_policy": null - } - }, - "group": { - "name": "cloudstorage" - }, - "labels": [], - "name": "cfi-logs-bucket-a1aaa547", - "type": "Bucket", - "uid": "cfi-logs-bucket-a1aaa547" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "US-CENTRAL1" - }, - "remediation": { - "desc": "It is recommended that IAM policy on Cloud Storage bucket does not allows anonymous or public access.", - "references": [ - "https://cloud.google.com/storage/docs/access-control/iam-reference" - ] - }, - "risk_details": "Allowing anonymous or public access grants permissions to anyone to access bucket content. Such access might not be desired if you are storing any sensitive data. Hence, ensure that anonymous or public access to a bucket is not allowed.", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Bucket cfi-logs-bucket-1fba850e has uniform Bucket Level Access enabled.", - "metadata": { - "event_code": "cloudstorage_bucket_uniform_bucket_level_access", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Bucket cfi-logs-bucket-1fba850e has uniform Bucket Level Access enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "5.2" - ], - "PCI-4.0": [ - "1.2.5.15", - "1.2.8.33", - "1.2.8.34", - "1.2.8.35", - "1.3.1.34", - "1.3.1.37", - "1.3.1.38", - "1.3.1.39", - "1.3.2.34", - "1.3.2.37", - "1.3.2.38", - "1.3.2.39", - "1.4.2.32", - "1.4.2.35", - "1.4.2.36", - "1.4.2.37", - "1.5.1.30", - "1.5.1.33", - "1.5.1.34", - "1.5.1.35", - "10.3.2.11", - "10.3.2.18", - "10.3.2.21", - "10.3.2.23", - "10.3.2.24", - "10.3.2.26", - "10.3.3.23", - "10.3.4.8", - "10.6.3.33", - "10.6.3.35", - "2.2.5.15", - "2.2.7.19", - "3.5.1.3.23", - "3.5.1.3.26", - "3.5.1.3.28", - "3.5.1.3.29", - "3.5.1.30", - "4.2.1.1.27", - "4.2.1.19", - "7.2.1.24", - "7.2.1.25", - "7.2.1.26", - "7.2.1.27", - "7.2.2.24", - "7.2.2.25", - "7.2.2.26", - "7.2.2.27", - "7.2.5.18", - "7.2.5.19", - "7.2.5.20", - "7.2.5.21", - "7.2.6.4", - "7.2.6.5", - "7.3.1.18", - "7.3.1.19", - "7.3.1.20", - "7.3.1.21", - "7.3.2.18", - "7.3.2.19", - "7.3.2.20", - "7.3.2.21", - "7.3.3.18", - "7.3.3.19", - "7.3.3.20", - "7.3.3.21", - "8.2.7.18", - "8.2.7.19", - "8.2.7.20", - "8.2.7.21", - "8.2.8.20", - "8.2.8.21", - "8.2.8.22", - "8.2.8.23", - "8.3.2.48", - "8.3.4.18", - "8.3.4.19", - "8.3.4.20", - "8.3.4.21", - "A1.1.2.14", - "A1.1.2.17", - "A1.1.2.19", - "A1.1.2.20", - "A1.1.3.30", - "A1.1.3.33", - "A1.1.3.34", - "A1.1.3.35", - "A1.2.1.31", - "A3.4.1.16", - "A3.4.1.19", - "A3.4.1.21", - "A3.4.1.22" - ], - "CIS-2.0": [ - "5.2" - ], - "CIS-4.0": [ - "5.2" - ], - "CCC": [ - "CCC.AuditLog.CN04.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.AuditLog.CN10.AR01", - "CCC.AuditLog.CN10.AR02", - "CCC.GenAI.CN03.AR01", - "CCC.GenAI.CN04.AR01", - "CCC.Logging.CN05.AR01", - "CCC.Logging.CN05.AR02", - "CCC.ObjStor.CN02.AR01", - "CCC.ObjStor.CN02.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "Ensure That Cloud Storage Buckets Have Uniform Bucket-Level Access Enabled", - "title": "Ensure That Cloud Storage Buckets Have Uniform Bucket-Level Access Enabled", - "types": [], - "uid": "prowler-gcp-cloudstorage_bucket_uniform_bucket_level_access-nodal-time-474015-p5-US-CENTRAL1-cfi-logs-bucket-1fba850e" - }, - "resources": [ - { - "region": "US-CENTRAL1", - "data": { - "details": "", - "metadata": { - "name": "cfi-logs-bucket-1fba850e", - "id": "cfi-logs-bucket-1fba850e", - "region": "US-CENTRAL1", - "uniform_bucket_level_access": true, - "public": false, - "project_id": "nodal-time-474015-p5", - "retention_policy": null - } - }, - "group": { - "name": "cloudstorage" - }, - "labels": [], - "name": "cfi-logs-bucket-1fba850e", - "type": "Bucket", - "uid": "cfi-logs-bucket-1fba850e" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "US-CENTRAL1" - }, - "remediation": { - "desc": "It is recommended that uniform bucket-level access is enabled on Cloud Storage buckets.", - "references": [ - "https://cloud.google.com/storage/docs/using-uniform-bucket-level-access" - ] - }, - "risk_details": "Enabling uniform bucket-level access guarantees that if a Storage bucket is not publicly accessible, no object in the bucket is publicly accessible either.", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Bucket cfi-logs-bucket-7a427af0 has uniform Bucket Level Access enabled.", - "metadata": { - "event_code": "cloudstorage_bucket_uniform_bucket_level_access", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Bucket cfi-logs-bucket-7a427af0 has uniform Bucket Level Access enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "5.2" - ], - "PCI-4.0": [ - "1.2.5.15", - "1.2.8.33", - "1.2.8.34", - "1.2.8.35", - "1.3.1.34", - "1.3.1.37", - "1.3.1.38", - "1.3.1.39", - "1.3.2.34", - "1.3.2.37", - "1.3.2.38", - "1.3.2.39", - "1.4.2.32", - "1.4.2.35", - "1.4.2.36", - "1.4.2.37", - "1.5.1.30", - "1.5.1.33", - "1.5.1.34", - "1.5.1.35", - "10.3.2.11", - "10.3.2.18", - "10.3.2.21", - "10.3.2.23", - "10.3.2.24", - "10.3.2.26", - "10.3.3.23", - "10.3.4.8", - "10.6.3.33", - "10.6.3.35", - "2.2.5.15", - "2.2.7.19", - "3.5.1.3.23", - "3.5.1.3.26", - "3.5.1.3.28", - "3.5.1.3.29", - "3.5.1.30", - "4.2.1.1.27", - "4.2.1.19", - "7.2.1.24", - "7.2.1.25", - "7.2.1.26", - "7.2.1.27", - "7.2.2.24", - "7.2.2.25", - "7.2.2.26", - "7.2.2.27", - "7.2.5.18", - "7.2.5.19", - "7.2.5.20", - "7.2.5.21", - "7.2.6.4", - "7.2.6.5", - "7.3.1.18", - "7.3.1.19", - "7.3.1.20", - "7.3.1.21", - "7.3.2.18", - "7.3.2.19", - "7.3.2.20", - "7.3.2.21", - "7.3.3.18", - "7.3.3.19", - "7.3.3.20", - "7.3.3.21", - "8.2.7.18", - "8.2.7.19", - "8.2.7.20", - "8.2.7.21", - "8.2.8.20", - "8.2.8.21", - "8.2.8.22", - "8.2.8.23", - "8.3.2.48", - "8.3.4.18", - "8.3.4.19", - "8.3.4.20", - "8.3.4.21", - "A1.1.2.14", - "A1.1.2.17", - "A1.1.2.19", - "A1.1.2.20", - "A1.1.3.30", - "A1.1.3.33", - "A1.1.3.34", - "A1.1.3.35", - "A1.2.1.31", - "A3.4.1.16", - "A3.4.1.19", - "A3.4.1.21", - "A3.4.1.22" - ], - "CIS-2.0": [ - "5.2" - ], - "CIS-4.0": [ - "5.2" - ], - "CCC": [ - "CCC.AuditLog.CN04.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.AuditLog.CN10.AR01", - "CCC.AuditLog.CN10.AR02", - "CCC.GenAI.CN03.AR01", - "CCC.GenAI.CN04.AR01", - "CCC.Logging.CN05.AR01", - "CCC.Logging.CN05.AR02", - "CCC.ObjStor.CN02.AR01", - "CCC.ObjStor.CN02.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "Ensure That Cloud Storage Buckets Have Uniform Bucket-Level Access Enabled", - "title": "Ensure That Cloud Storage Buckets Have Uniform Bucket-Level Access Enabled", - "types": [], - "uid": "prowler-gcp-cloudstorage_bucket_uniform_bucket_level_access-nodal-time-474015-p5-US-CENTRAL1-cfi-logs-bucket-7a427af0" - }, - "resources": [ - { - "region": "US-CENTRAL1", - "data": { - "details": "", - "metadata": { - "name": "cfi-logs-bucket-7a427af0", - "id": "cfi-logs-bucket-7a427af0", - "region": "US-CENTRAL1", - "uniform_bucket_level_access": true, - "public": false, - "project_id": "nodal-time-474015-p5", - "retention_policy": null - } - }, - "group": { - "name": "cloudstorage" - }, - "labels": [], - "name": "cfi-logs-bucket-7a427af0", - "type": "Bucket", - "uid": "cfi-logs-bucket-7a427af0" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "US-CENTRAL1" - }, - "remediation": { - "desc": "It is recommended that uniform bucket-level access is enabled on Cloud Storage buckets.", - "references": [ - "https://cloud.google.com/storage/docs/using-uniform-bucket-level-access" - ] - }, - "risk_details": "Enabling uniform bucket-level access guarantees that if a Storage bucket is not publicly accessible, no object in the bucket is publicly accessible either.", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Bucket cfi-logs-bucket-a1aaa547 has uniform Bucket Level Access enabled.", - "metadata": { - "event_code": "cloudstorage_bucket_uniform_bucket_level_access", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Bucket cfi-logs-bucket-a1aaa547 has uniform Bucket Level Access enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "5.2" - ], - "PCI-4.0": [ - "1.2.5.15", - "1.2.8.33", - "1.2.8.34", - "1.2.8.35", - "1.3.1.34", - "1.3.1.37", - "1.3.1.38", - "1.3.1.39", - "1.3.2.34", - "1.3.2.37", - "1.3.2.38", - "1.3.2.39", - "1.4.2.32", - "1.4.2.35", - "1.4.2.36", - "1.4.2.37", - "1.5.1.30", - "1.5.1.33", - "1.5.1.34", - "1.5.1.35", - "10.3.2.11", - "10.3.2.18", - "10.3.2.21", - "10.3.2.23", - "10.3.2.24", - "10.3.2.26", - "10.3.3.23", - "10.3.4.8", - "10.6.3.33", - "10.6.3.35", - "2.2.5.15", - "2.2.7.19", - "3.5.1.3.23", - "3.5.1.3.26", - "3.5.1.3.28", - "3.5.1.3.29", - "3.5.1.30", - "4.2.1.1.27", - "4.2.1.19", - "7.2.1.24", - "7.2.1.25", - "7.2.1.26", - "7.2.1.27", - "7.2.2.24", - "7.2.2.25", - "7.2.2.26", - "7.2.2.27", - "7.2.5.18", - "7.2.5.19", - "7.2.5.20", - "7.2.5.21", - "7.2.6.4", - "7.2.6.5", - "7.3.1.18", - "7.3.1.19", - "7.3.1.20", - "7.3.1.21", - "7.3.2.18", - "7.3.2.19", - "7.3.2.20", - "7.3.2.21", - "7.3.3.18", - "7.3.3.19", - "7.3.3.20", - "7.3.3.21", - "8.2.7.18", - "8.2.7.19", - "8.2.7.20", - "8.2.7.21", - "8.2.8.20", - "8.2.8.21", - "8.2.8.22", - "8.2.8.23", - "8.3.2.48", - "8.3.4.18", - "8.3.4.19", - "8.3.4.20", - "8.3.4.21", - "A1.1.2.14", - "A1.1.2.17", - "A1.1.2.19", - "A1.1.2.20", - "A1.1.3.30", - "A1.1.3.33", - "A1.1.3.34", - "A1.1.3.35", - "A1.2.1.31", - "A3.4.1.16", - "A3.4.1.19", - "A3.4.1.21", - "A3.4.1.22" - ], - "CIS-2.0": [ - "5.2" - ], - "CIS-4.0": [ - "5.2" - ], - "CCC": [ - "CCC.AuditLog.CN04.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.AuditLog.CN10.AR01", - "CCC.AuditLog.CN10.AR02", - "CCC.GenAI.CN03.AR01", - "CCC.GenAI.CN04.AR01", - "CCC.Logging.CN05.AR01", - "CCC.Logging.CN05.AR02", - "CCC.ObjStor.CN02.AR01", - "CCC.ObjStor.CN02.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "Ensure That Cloud Storage Buckets Have Uniform Bucket-Level Access Enabled", - "title": "Ensure That Cloud Storage Buckets Have Uniform Bucket-Level Access Enabled", - "types": [], - "uid": "prowler-gcp-cloudstorage_bucket_uniform_bucket_level_access-nodal-time-474015-p5-US-CENTRAL1-cfi-logs-bucket-a1aaa547" - }, - "resources": [ - { - "region": "US-CENTRAL1", - "data": { - "details": "", - "metadata": { - "name": "cfi-logs-bucket-a1aaa547", - "id": "cfi-logs-bucket-a1aaa547", - "region": "US-CENTRAL1", - "uniform_bucket_level_access": true, - "public": false, - "project_id": "nodal-time-474015-p5", - "retention_policy": null - } - }, - "group": { - "name": "cloudstorage" - }, - "labels": [], - "name": "cfi-logs-bucket-a1aaa547", - "type": "Bucket", - "uid": "cfi-logs-bucket-a1aaa547" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "US-CENTRAL1" - }, - "remediation": { - "desc": "It is recommended that uniform bucket-level access is enabled on Cloud Storage buckets.", - "references": [ - "https://cloud.google.com/storage/docs/using-uniform-bucket-level-access" - ] - }, - "risk_details": "Enabling uniform bucket-level access guarantees that if a Storage bucket is not publicly accessible, no object in the bucket is publicly accessible either.", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Firewall default-allow-icmp does not expose port 3389 (RDP) to the internet.", - "metadata": { - "event_code": "compute_firewall_rdp_access_from_the_internet_allowed", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "PASS", - "status_detail": "Firewall default-allow-icmp does not expose port 3389 (RDP) to the internet.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.7" - ], - "SOC2": [ - "cc_6_6", - "cc_6_7" - ], - "ISO27001-2022": [ - "A.8.20" - ], - "ENS-RD2022": [ - "mp.com.1.gcp.fw.1" - ], - "PCI-4.0": [ - "1.2.5.17", - "1.2.8.21", - "1.2.8.41", - "1.3.1.24", - "1.3.2.24", - "1.3.2.45", - "1.4.2.19", - "1.4.2.22", - "1.5.1.21", - "1.5.1.40", - "10.3.2.12", - "2.2.5.17", - "3.5.1.3.14", - "A1.1.2.8", - "A1.1.3.16", - "A1.1.3.21", - "A1.1.3.40" - ], - "MITRE-ATTACK": [ - "T1190", - "T1199", - "T1048", - "T1498", - "T1046" - ], - "CIS-2.0": [ - "3.7" - ], - "NIS2": [ - "1.1.1.c", - "1.2.1", - "2.1.2.e", - "2.1.2.g", - "2.2.1", - "2.3.1", - "6.7.2.b", - "6.7.2.i", - "11.1.1", - "12.2.2.c" - ], - "ProwlerThreatScore-1.0": [ - "2.1.5" - ], - "CIS-4.0": [ - "3.7" - ], - "CCC": [ - "CCC.Build.CN03.AR01", - "CCC.DataWar.CN03.AR01", - "CCC.GenAI.CN04.AR01", - "CCC.MLDE.CN03.AR02", - "CCC.MLDE.CN04.AR02", - "CCC.MLDE.CN05.AR02", - "CCC.MLDE.CN07.AR01", - "CCC.MLDE.CN07.AR02", - "CCC.MLDE.CN08.AR01", - "CCC.MLDE.CN08.AR02", - "CCC.SvlsComp.CN01.AR01", - "CCC.Core.CN01.AR03", - "CCC.Core.CN01.AR07", - "CCC.Core.CN03.AR02", - "CCC.Core.CN03.AR04", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "GCP `Firewall Rules` are specific to a `VPC Network`. Each rule either `allows` or `denies` traffic when its conditions are met. Its conditions allow users to specify the type of traffic, such as ports and protocols, and the source or destination of the traffic, including IP addresses, subnets, and instances. Firewall rules are defined at the VPC network level and are specific to the network in which they are defined. The rules themselves cannot be shared among networks. Firewall rules only support IPv4 traffic. When specifying a source for an ingress rule or a destination for an egress rule by address, an `IPv4` address or `IPv4 block in CIDR` notation can be used. Generic `(0.0.0.0/0)` incoming traffic from the Internet to a VPC or VM instance using `RDP` on `Port 3389` can be avoided.", - "title": "Ensure That RDP Access Is Restricted From the Internet", - "types": [], - "uid": "prowler-gcp-compute_firewall_rdp_access_from_the_internet_allowed-nodal-time-474015-p5-global-default-allow-icmp" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "default-allow-icmp", - "id": "613284056905897095", - "source_ranges": [ - "0.0.0.0/0" - ], - "direction": "INGRESS", - "allowed_rules": [ - { - "IPProtocol": "icmp" - } - ], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default-allow-icmp", - "type": "FirewallRule", - "uid": "613284056905897095" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "Ensure that Google Cloud Virtual Private Cloud (VPC) firewall rules do not allow unrestricted access (i.e. 0.0.0.0/0) on TCP port 3389 in order to restrict Remote Desktop Protocol (RDP) traffic to trusted IP addresses or IP ranges only and reduce the attack surface. TCP port 3389 is used for secure remote GUI login to Windows VM instances by connecting a RDP client application with an RDP server.", - "references": [ - "https://cloud.google.com/vpc/docs/using-firewalls" - ] - }, - "risk_details": "Allowing unrestricted Remote Desktop Protocol (RDP) access can increase opportunities for malicious activities such as hacking, Man-In-The-Middle attacks (MITM) and Pass-The-Hash (PTH) attacks.", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Firewall default-allow-internal does not expose port 3389 (RDP) to the internet.", - "metadata": { - "event_code": "compute_firewall_rdp_access_from_the_internet_allowed", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "PASS", - "status_detail": "Firewall default-allow-internal does not expose port 3389 (RDP) to the internet.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.7" - ], - "SOC2": [ - "cc_6_6", - "cc_6_7" - ], - "ISO27001-2022": [ - "A.8.20" - ], - "ENS-RD2022": [ - "mp.com.1.gcp.fw.1" - ], - "PCI-4.0": [ - "1.2.5.17", - "1.2.8.21", - "1.2.8.41", - "1.3.1.24", - "1.3.2.24", - "1.3.2.45", - "1.4.2.19", - "1.4.2.22", - "1.5.1.21", - "1.5.1.40", - "10.3.2.12", - "2.2.5.17", - "3.5.1.3.14", - "A1.1.2.8", - "A1.1.3.16", - "A1.1.3.21", - "A1.1.3.40" - ], - "MITRE-ATTACK": [ - "T1190", - "T1199", - "T1048", - "T1498", - "T1046" - ], - "CIS-2.0": [ - "3.7" - ], - "NIS2": [ - "1.1.1.c", - "1.2.1", - "2.1.2.e", - "2.1.2.g", - "2.2.1", - "2.3.1", - "6.7.2.b", - "6.7.2.i", - "11.1.1", - "12.2.2.c" - ], - "ProwlerThreatScore-1.0": [ - "2.1.5" - ], - "CIS-4.0": [ - "3.7" - ], - "CCC": [ - "CCC.Build.CN03.AR01", - "CCC.DataWar.CN03.AR01", - "CCC.GenAI.CN04.AR01", - "CCC.MLDE.CN03.AR02", - "CCC.MLDE.CN04.AR02", - "CCC.MLDE.CN05.AR02", - "CCC.MLDE.CN07.AR01", - "CCC.MLDE.CN07.AR02", - "CCC.MLDE.CN08.AR01", - "CCC.MLDE.CN08.AR02", - "CCC.SvlsComp.CN01.AR01", - "CCC.Core.CN01.AR03", - "CCC.Core.CN01.AR07", - "CCC.Core.CN03.AR02", - "CCC.Core.CN03.AR04", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "GCP `Firewall Rules` are specific to a `VPC Network`. Each rule either `allows` or `denies` traffic when its conditions are met. Its conditions allow users to specify the type of traffic, such as ports and protocols, and the source or destination of the traffic, including IP addresses, subnets, and instances. Firewall rules are defined at the VPC network level and are specific to the network in which they are defined. The rules themselves cannot be shared among networks. Firewall rules only support IPv4 traffic. When specifying a source for an ingress rule or a destination for an egress rule by address, an `IPv4` address or `IPv4 block in CIDR` notation can be used. Generic `(0.0.0.0/0)` incoming traffic from the Internet to a VPC or VM instance using `RDP` on `Port 3389` can be avoided.", - "title": "Ensure That RDP Access Is Restricted From the Internet", - "types": [], - "uid": "prowler-gcp-compute_firewall_rdp_access_from_the_internet_allowed-nodal-time-474015-p5-global-default-allow-internal" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "default-allow-internal", - "id": "7344732286417982599", - "source_ranges": [ - "10.128.0.0/9" - ], - "direction": "INGRESS", - "allowed_rules": [ - { - "IPProtocol": "tcp", - "ports": [ - "0-65535" - ] - }, - { - "IPProtocol": "udp", - "ports": [ - "0-65535" - ] - }, - { - "IPProtocol": "icmp" - } - ], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default-allow-internal", - "type": "FirewallRule", - "uid": "7344732286417982599" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "Ensure that Google Cloud Virtual Private Cloud (VPC) firewall rules do not allow unrestricted access (i.e. 0.0.0.0/0) on TCP port 3389 in order to restrict Remote Desktop Protocol (RDP) traffic to trusted IP addresses or IP ranges only and reduce the attack surface. TCP port 3389 is used for secure remote GUI login to Windows VM instances by connecting a RDP client application with an RDP server.", - "references": [ - "https://cloud.google.com/vpc/docs/using-firewalls" - ] - }, - "risk_details": "Allowing unrestricted Remote Desktop Protocol (RDP) access can increase opportunities for malicious activities such as hacking, Man-In-The-Middle attacks (MITM) and Pass-The-Hash (PTH) attacks.", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Firewall default-allow-rdp does exposes port 3389 (RDP) to the internet.", - "metadata": { - "event_code": "compute_firewall_rdp_access_from_the_internet_allowed", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "FAIL", - "status_detail": "Firewall default-allow-rdp does exposes port 3389 (RDP) to the internet.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.7" - ], - "SOC2": [ - "cc_6_6", - "cc_6_7" - ], - "ISO27001-2022": [ - "A.8.20" - ], - "ENS-RD2022": [ - "mp.com.1.gcp.fw.1" - ], - "PCI-4.0": [ - "1.2.5.17", - "1.2.8.21", - "1.2.8.41", - "1.3.1.24", - "1.3.2.24", - "1.3.2.45", - "1.4.2.19", - "1.4.2.22", - "1.5.1.21", - "1.5.1.40", - "10.3.2.12", - "2.2.5.17", - "3.5.1.3.14", - "A1.1.2.8", - "A1.1.3.16", - "A1.1.3.21", - "A1.1.3.40" - ], - "MITRE-ATTACK": [ - "T1190", - "T1199", - "T1048", - "T1498", - "T1046" - ], - "CIS-2.0": [ - "3.7" - ], - "NIS2": [ - "1.1.1.c", - "1.2.1", - "2.1.2.e", - "2.1.2.g", - "2.2.1", - "2.3.1", - "6.7.2.b", - "6.7.2.i", - "11.1.1", - "12.2.2.c" - ], - "ProwlerThreatScore-1.0": [ - "2.1.5" - ], - "CIS-4.0": [ - "3.7" - ], - "CCC": [ - "CCC.Build.CN03.AR01", - "CCC.DataWar.CN03.AR01", - "CCC.GenAI.CN04.AR01", - "CCC.MLDE.CN03.AR02", - "CCC.MLDE.CN04.AR02", - "CCC.MLDE.CN05.AR02", - "CCC.MLDE.CN07.AR01", - "CCC.MLDE.CN07.AR02", - "CCC.MLDE.CN08.AR01", - "CCC.MLDE.CN08.AR02", - "CCC.SvlsComp.CN01.AR01", - "CCC.Core.CN01.AR03", - "CCC.Core.CN01.AR07", - "CCC.Core.CN03.AR02", - "CCC.Core.CN03.AR04", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "GCP `Firewall Rules` are specific to a `VPC Network`. Each rule either `allows` or `denies` traffic when its conditions are met. Its conditions allow users to specify the type of traffic, such as ports and protocols, and the source or destination of the traffic, including IP addresses, subnets, and instances. Firewall rules are defined at the VPC network level and are specific to the network in which they are defined. The rules themselves cannot be shared among networks. Firewall rules only support IPv4 traffic. When specifying a source for an ingress rule or a destination for an egress rule by address, an `IPv4` address or `IPv4 block in CIDR` notation can be used. Generic `(0.0.0.0/0)` incoming traffic from the Internet to a VPC or VM instance using `RDP` on `Port 3389` can be avoided.", - "title": "Ensure That RDP Access Is Restricted From the Internet", - "types": [], - "uid": "prowler-gcp-compute_firewall_rdp_access_from_the_internet_allowed-nodal-time-474015-p5-global-default-allow-rdp" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "default-allow-rdp", - "id": "438688946219209863", - "source_ranges": [ - "0.0.0.0/0" - ], - "direction": "INGRESS", - "allowed_rules": [ - { - "IPProtocol": "tcp", - "ports": [ - "3389" - ] - } - ], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default-allow-rdp", - "type": "FirewallRule", - "uid": "438688946219209863" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "Ensure that Google Cloud Virtual Private Cloud (VPC) firewall rules do not allow unrestricted access (i.e. 0.0.0.0/0) on TCP port 3389 in order to restrict Remote Desktop Protocol (RDP) traffic to trusted IP addresses or IP ranges only and reduce the attack surface. TCP port 3389 is used for secure remote GUI login to Windows VM instances by connecting a RDP client application with an RDP server.", - "references": [ - "https://cloud.google.com/vpc/docs/using-firewalls" - ] - }, - "risk_details": "Allowing unrestricted Remote Desktop Protocol (RDP) access can increase opportunities for malicious activities such as hacking, Man-In-The-Middle attacks (MITM) and Pass-The-Hash (PTH) attacks.", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Firewall default-allow-ssh does not expose port 3389 (RDP) to the internet.", - "metadata": { - "event_code": "compute_firewall_rdp_access_from_the_internet_allowed", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "PASS", - "status_detail": "Firewall default-allow-ssh does not expose port 3389 (RDP) to the internet.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.7" - ], - "SOC2": [ - "cc_6_6", - "cc_6_7" - ], - "ISO27001-2022": [ - "A.8.20" - ], - "ENS-RD2022": [ - "mp.com.1.gcp.fw.1" - ], - "PCI-4.0": [ - "1.2.5.17", - "1.2.8.21", - "1.2.8.41", - "1.3.1.24", - "1.3.2.24", - "1.3.2.45", - "1.4.2.19", - "1.4.2.22", - "1.5.1.21", - "1.5.1.40", - "10.3.2.12", - "2.2.5.17", - "3.5.1.3.14", - "A1.1.2.8", - "A1.1.3.16", - "A1.1.3.21", - "A1.1.3.40" - ], - "MITRE-ATTACK": [ - "T1190", - "T1199", - "T1048", - "T1498", - "T1046" - ], - "CIS-2.0": [ - "3.7" - ], - "NIS2": [ - "1.1.1.c", - "1.2.1", - "2.1.2.e", - "2.1.2.g", - "2.2.1", - "2.3.1", - "6.7.2.b", - "6.7.2.i", - "11.1.1", - "12.2.2.c" - ], - "ProwlerThreatScore-1.0": [ - "2.1.5" - ], - "CIS-4.0": [ - "3.7" - ], - "CCC": [ - "CCC.Build.CN03.AR01", - "CCC.DataWar.CN03.AR01", - "CCC.GenAI.CN04.AR01", - "CCC.MLDE.CN03.AR02", - "CCC.MLDE.CN04.AR02", - "CCC.MLDE.CN05.AR02", - "CCC.MLDE.CN07.AR01", - "CCC.MLDE.CN07.AR02", - "CCC.MLDE.CN08.AR01", - "CCC.MLDE.CN08.AR02", - "CCC.SvlsComp.CN01.AR01", - "CCC.Core.CN01.AR03", - "CCC.Core.CN01.AR07", - "CCC.Core.CN03.AR02", - "CCC.Core.CN03.AR04", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "GCP `Firewall Rules` are specific to a `VPC Network`. Each rule either `allows` or `denies` traffic when its conditions are met. Its conditions allow users to specify the type of traffic, such as ports and protocols, and the source or destination of the traffic, including IP addresses, subnets, and instances. Firewall rules are defined at the VPC network level and are specific to the network in which they are defined. The rules themselves cannot be shared among networks. Firewall rules only support IPv4 traffic. When specifying a source for an ingress rule or a destination for an egress rule by address, an `IPv4` address or `IPv4 block in CIDR` notation can be used. Generic `(0.0.0.0/0)` incoming traffic from the Internet to a VPC or VM instance using `RDP` on `Port 3389` can be avoided.", - "title": "Ensure That RDP Access Is Restricted From the Internet", - "types": [], - "uid": "prowler-gcp-compute_firewall_rdp_access_from_the_internet_allowed-nodal-time-474015-p5-global-default-allow-ssh" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "default-allow-ssh", - "id": "4612266095473677447", - "source_ranges": [ - "0.0.0.0/0" - ], - "direction": "INGRESS", - "allowed_rules": [ - { - "IPProtocol": "tcp", - "ports": [ - "22" - ] - } - ], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default-allow-ssh", - "type": "FirewallRule", - "uid": "4612266095473677447" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "Ensure that Google Cloud Virtual Private Cloud (VPC) firewall rules do not allow unrestricted access (i.e. 0.0.0.0/0) on TCP port 3389 in order to restrict Remote Desktop Protocol (RDP) traffic to trusted IP addresses or IP ranges only and reduce the attack surface. TCP port 3389 is used for secure remote GUI login to Windows VM instances by connecting a RDP client application with an RDP server.", - "references": [ - "https://cloud.google.com/vpc/docs/using-firewalls" - ] - }, - "risk_details": "Allowing unrestricted Remote Desktop Protocol (RDP) access can increase opportunities for malicious activities such as hacking, Man-In-The-Middle attacks (MITM) and Pass-The-Hash (PTH) attacks.", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Firewall default-allow-icmp does not expose port 22 (SSH) to the internet.", - "metadata": { - "event_code": "compute_firewall_ssh_access_from_the_internet_allowed", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "PASS", - "status_detail": "Firewall default-allow-icmp does not expose port 22 (SSH) to the internet.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.6" - ], - "SOC2": [ - "cc_6_6", - "cc_6_7" - ], - "ISO27001-2022": [ - "A.8.20" - ], - "ENS-RD2022": [ - "mp.com.1.gcp.fw.2" - ], - "PCI-4.0": [ - "1.2.5.17", - "1.2.8.16", - "1.2.8.17", - "1.2.8.21", - "1.2.8.25", - "1.2.8.40", - "1.2.8.41", - "1.3.1.18", - "1.3.1.19", - "1.3.1.24", - "1.3.2.15", - "1.3.2.18", - "1.3.2.19", - "1.3.2.24", - "1.3.2.45", - "1.4.2.17", - "1.4.2.18", - "1.4.2.19", - "1.4.2.22", - "1.4.2.24", - "1.5.1.16", - "1.5.1.17", - "1.5.1.21", - "1.5.1.40", - "10.3.2.12", - "2.2.5.17", - "3.5.1.3.14", - "A1.1.2.8", - "A1.1.3.16", - "A1.1.3.17", - "A1.1.3.21", - "A1.1.3.23", - "A1.1.3.40", - "A3.4.1.8" - ], - "MITRE-ATTACK": [ - "T1190", - "T1199", - "T1048", - "T1498", - "T1046" - ], - "CIS-2.0": [ - "3.6" - ], - "NIS2": [ - "1.1.1.c", - "1.2.1", - "2.1.2.e", - "2.1.2.g", - "2.2.1", - "2.3.1", - "6.7.2.b", - "6.7.2.i", - "11.1.1", - "11.6.2.a", - "11.7.2", - "12.2.2.c" - ], - "ProwlerThreatScore-1.0": [ - "2.1.4" - ], - "CIS-4.0": [ - "3.6" - ], - "CCC": [ - "CCC.Build.CN03.AR01", - "CCC.DataWar.CN03.AR01", - "CCC.GenAI.CN04.AR01", - "CCC.MLDE.CN03.AR01", - "CCC.MLDE.CN03.AR02", - "CCC.MLDE.CN04.AR02", - "CCC.MLDE.CN05.AR02", - "CCC.MLDE.CN07.AR01", - "CCC.MLDE.CN07.AR02", - "CCC.MLDE.CN08.AR01", - "CCC.MLDE.CN08.AR02", - "CCC.SvlsComp.CN01.AR01", - "CCC.Core.CN01.AR02", - "CCC.Core.CN01.AR03", - "CCC.Core.CN01.AR07", - "CCC.Core.CN03.AR02", - "CCC.Core.CN03.AR04", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "GCP `Firewall Rules` are specific to a `VPC Network`. Each rule either `allows` or `denies` traffic when its conditions are met. Its conditions allow the user to specify the type of traffic, such as ports and protocols, and the source or destination of the traffic, including IP addresses, subnets, and instances. Firewall rules are defined at the VPC network level and are specific to the network in which they are defined. The rules themselves cannot be shared among networks. Firewall rules only support IPv4 traffic. When specifying a source for an ingress rule or a destination for an egress rule by address, only an `IPv4` address or `IPv4 block in CIDR` notation can be used. Generic `(0.0.0.0/0)` incoming traffic from the internet to VPC or VM instance using `SSH` on `Port 22` can be avoided.", - "title": "Ensure That SSH Access Is Restricted From the Internet", - "types": [], - "uid": "prowler-gcp-compute_firewall_ssh_access_from_the_internet_allowed-nodal-time-474015-p5-global-default-allow-icmp" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "default-allow-icmp", - "id": "613284056905897095", - "source_ranges": [ - "0.0.0.0/0" - ], - "direction": "INGRESS", - "allowed_rules": [ - { - "IPProtocol": "icmp" - } - ], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default-allow-icmp", - "type": "FirewallRule", - "uid": "613284056905897095" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "Check your Google Cloud Virtual Private Cloud (VPC) firewall rules for inbound rules that allow unrestricted access (i.e. 0.0.0.0/0) on TCP port 22 and restrict the access to trusted IP addresses or IP ranges only in order to implement the principle of least privilege and reduce the attack surface. TCP port 22 is used for secure remote login by connecting an SSH client application with an SSH server. It is strongly recommended to configure your Google Cloud VPC firewall rules to limit inbound traffic on TCP port 22 to known IP addresses only.", - "references": [ - "https://cloud.google.com/vpc/docs/using-firewalls" - ] - }, - "risk_details": "Exposing Secure Shell (SSH) port 22 to the Internet can increase opportunities for malicious activities such as hacking, Man-In-The-Middle attacks (MITM) and brute-force attacks.", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Firewall default-allow-internal does not expose port 22 (SSH) to the internet.", - "metadata": { - "event_code": "compute_firewall_ssh_access_from_the_internet_allowed", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "PASS", - "status_detail": "Firewall default-allow-internal does not expose port 22 (SSH) to the internet.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.6" - ], - "SOC2": [ - "cc_6_6", - "cc_6_7" - ], - "ISO27001-2022": [ - "A.8.20" - ], - "ENS-RD2022": [ - "mp.com.1.gcp.fw.2" - ], - "PCI-4.0": [ - "1.2.5.17", - "1.2.8.16", - "1.2.8.17", - "1.2.8.21", - "1.2.8.25", - "1.2.8.40", - "1.2.8.41", - "1.3.1.18", - "1.3.1.19", - "1.3.1.24", - "1.3.2.15", - "1.3.2.18", - "1.3.2.19", - "1.3.2.24", - "1.3.2.45", - "1.4.2.17", - "1.4.2.18", - "1.4.2.19", - "1.4.2.22", - "1.4.2.24", - "1.5.1.16", - "1.5.1.17", - "1.5.1.21", - "1.5.1.40", - "10.3.2.12", - "2.2.5.17", - "3.5.1.3.14", - "A1.1.2.8", - "A1.1.3.16", - "A1.1.3.17", - "A1.1.3.21", - "A1.1.3.23", - "A1.1.3.40", - "A3.4.1.8" - ], - "MITRE-ATTACK": [ - "T1190", - "T1199", - "T1048", - "T1498", - "T1046" - ], - "CIS-2.0": [ - "3.6" - ], - "NIS2": [ - "1.1.1.c", - "1.2.1", - "2.1.2.e", - "2.1.2.g", - "2.2.1", - "2.3.1", - "6.7.2.b", - "6.7.2.i", - "11.1.1", - "11.6.2.a", - "11.7.2", - "12.2.2.c" - ], - "ProwlerThreatScore-1.0": [ - "2.1.4" - ], - "CIS-4.0": [ - "3.6" - ], - "CCC": [ - "CCC.Build.CN03.AR01", - "CCC.DataWar.CN03.AR01", - "CCC.GenAI.CN04.AR01", - "CCC.MLDE.CN03.AR01", - "CCC.MLDE.CN03.AR02", - "CCC.MLDE.CN04.AR02", - "CCC.MLDE.CN05.AR02", - "CCC.MLDE.CN07.AR01", - "CCC.MLDE.CN07.AR02", - "CCC.MLDE.CN08.AR01", - "CCC.MLDE.CN08.AR02", - "CCC.SvlsComp.CN01.AR01", - "CCC.Core.CN01.AR02", - "CCC.Core.CN01.AR03", - "CCC.Core.CN01.AR07", - "CCC.Core.CN03.AR02", - "CCC.Core.CN03.AR04", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "GCP `Firewall Rules` are specific to a `VPC Network`. Each rule either `allows` or `denies` traffic when its conditions are met. Its conditions allow the user to specify the type of traffic, such as ports and protocols, and the source or destination of the traffic, including IP addresses, subnets, and instances. Firewall rules are defined at the VPC network level and are specific to the network in which they are defined. The rules themselves cannot be shared among networks. Firewall rules only support IPv4 traffic. When specifying a source for an ingress rule or a destination for an egress rule by address, only an `IPv4` address or `IPv4 block in CIDR` notation can be used. Generic `(0.0.0.0/0)` incoming traffic from the internet to VPC or VM instance using `SSH` on `Port 22` can be avoided.", - "title": "Ensure That SSH Access Is Restricted From the Internet", - "types": [], - "uid": "prowler-gcp-compute_firewall_ssh_access_from_the_internet_allowed-nodal-time-474015-p5-global-default-allow-internal" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "default-allow-internal", - "id": "7344732286417982599", - "source_ranges": [ - "10.128.0.0/9" - ], - "direction": "INGRESS", - "allowed_rules": [ - { - "IPProtocol": "tcp", - "ports": [ - "0-65535" - ] - }, - { - "IPProtocol": "udp", - "ports": [ - "0-65535" - ] - }, - { - "IPProtocol": "icmp" - } - ], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default-allow-internal", - "type": "FirewallRule", - "uid": "7344732286417982599" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "Check your Google Cloud Virtual Private Cloud (VPC) firewall rules for inbound rules that allow unrestricted access (i.e. 0.0.0.0/0) on TCP port 22 and restrict the access to trusted IP addresses or IP ranges only in order to implement the principle of least privilege and reduce the attack surface. TCP port 22 is used for secure remote login by connecting an SSH client application with an SSH server. It is strongly recommended to configure your Google Cloud VPC firewall rules to limit inbound traffic on TCP port 22 to known IP addresses only.", - "references": [ - "https://cloud.google.com/vpc/docs/using-firewalls" - ] - }, - "risk_details": "Exposing Secure Shell (SSH) port 22 to the Internet can increase opportunities for malicious activities such as hacking, Man-In-The-Middle attacks (MITM) and brute-force attacks.", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Firewall default-allow-rdp does not expose port 22 (SSH) to the internet.", - "metadata": { - "event_code": "compute_firewall_ssh_access_from_the_internet_allowed", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "PASS", - "status_detail": "Firewall default-allow-rdp does not expose port 22 (SSH) to the internet.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.6" - ], - "SOC2": [ - "cc_6_6", - "cc_6_7" - ], - "ISO27001-2022": [ - "A.8.20" - ], - "ENS-RD2022": [ - "mp.com.1.gcp.fw.2" - ], - "PCI-4.0": [ - "1.2.5.17", - "1.2.8.16", - "1.2.8.17", - "1.2.8.21", - "1.2.8.25", - "1.2.8.40", - "1.2.8.41", - "1.3.1.18", - "1.3.1.19", - "1.3.1.24", - "1.3.2.15", - "1.3.2.18", - "1.3.2.19", - "1.3.2.24", - "1.3.2.45", - "1.4.2.17", - "1.4.2.18", - "1.4.2.19", - "1.4.2.22", - "1.4.2.24", - "1.5.1.16", - "1.5.1.17", - "1.5.1.21", - "1.5.1.40", - "10.3.2.12", - "2.2.5.17", - "3.5.1.3.14", - "A1.1.2.8", - "A1.1.3.16", - "A1.1.3.17", - "A1.1.3.21", - "A1.1.3.23", - "A1.1.3.40", - "A3.4.1.8" - ], - "MITRE-ATTACK": [ - "T1190", - "T1199", - "T1048", - "T1498", - "T1046" - ], - "CIS-2.0": [ - "3.6" - ], - "NIS2": [ - "1.1.1.c", - "1.2.1", - "2.1.2.e", - "2.1.2.g", - "2.2.1", - "2.3.1", - "6.7.2.b", - "6.7.2.i", - "11.1.1", - "11.6.2.a", - "11.7.2", - "12.2.2.c" - ], - "ProwlerThreatScore-1.0": [ - "2.1.4" - ], - "CIS-4.0": [ - "3.6" - ], - "CCC": [ - "CCC.Build.CN03.AR01", - "CCC.DataWar.CN03.AR01", - "CCC.GenAI.CN04.AR01", - "CCC.MLDE.CN03.AR01", - "CCC.MLDE.CN03.AR02", - "CCC.MLDE.CN04.AR02", - "CCC.MLDE.CN05.AR02", - "CCC.MLDE.CN07.AR01", - "CCC.MLDE.CN07.AR02", - "CCC.MLDE.CN08.AR01", - "CCC.MLDE.CN08.AR02", - "CCC.SvlsComp.CN01.AR01", - "CCC.Core.CN01.AR02", - "CCC.Core.CN01.AR03", - "CCC.Core.CN01.AR07", - "CCC.Core.CN03.AR02", - "CCC.Core.CN03.AR04", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "GCP `Firewall Rules` are specific to a `VPC Network`. Each rule either `allows` or `denies` traffic when its conditions are met. Its conditions allow the user to specify the type of traffic, such as ports and protocols, and the source or destination of the traffic, including IP addresses, subnets, and instances. Firewall rules are defined at the VPC network level and are specific to the network in which they are defined. The rules themselves cannot be shared among networks. Firewall rules only support IPv4 traffic. When specifying a source for an ingress rule or a destination for an egress rule by address, only an `IPv4` address or `IPv4 block in CIDR` notation can be used. Generic `(0.0.0.0/0)` incoming traffic from the internet to VPC or VM instance using `SSH` on `Port 22` can be avoided.", - "title": "Ensure That SSH Access Is Restricted From the Internet", - "types": [], - "uid": "prowler-gcp-compute_firewall_ssh_access_from_the_internet_allowed-nodal-time-474015-p5-global-default-allow-rdp" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "default-allow-rdp", - "id": "438688946219209863", - "source_ranges": [ - "0.0.0.0/0" - ], - "direction": "INGRESS", - "allowed_rules": [ - { - "IPProtocol": "tcp", - "ports": [ - "3389" - ] - } - ], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default-allow-rdp", - "type": "FirewallRule", - "uid": "438688946219209863" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "Check your Google Cloud Virtual Private Cloud (VPC) firewall rules for inbound rules that allow unrestricted access (i.e. 0.0.0.0/0) on TCP port 22 and restrict the access to trusted IP addresses or IP ranges only in order to implement the principle of least privilege and reduce the attack surface. TCP port 22 is used for secure remote login by connecting an SSH client application with an SSH server. It is strongly recommended to configure your Google Cloud VPC firewall rules to limit inbound traffic on TCP port 22 to known IP addresses only.", - "references": [ - "https://cloud.google.com/vpc/docs/using-firewalls" - ] - }, - "risk_details": "Exposing Secure Shell (SSH) port 22 to the Internet can increase opportunities for malicious activities such as hacking, Man-In-The-Middle attacks (MITM) and brute-force attacks.", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Firewall default-allow-ssh does exposes port 22 (SSH) to the internet.", - "metadata": { - "event_code": "compute_firewall_ssh_access_from_the_internet_allowed", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "FAIL", - "status_detail": "Firewall default-allow-ssh does exposes port 22 (SSH) to the internet.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.6" - ], - "SOC2": [ - "cc_6_6", - "cc_6_7" - ], - "ISO27001-2022": [ - "A.8.20" - ], - "ENS-RD2022": [ - "mp.com.1.gcp.fw.2" - ], - "PCI-4.0": [ - "1.2.5.17", - "1.2.8.16", - "1.2.8.17", - "1.2.8.21", - "1.2.8.25", - "1.2.8.40", - "1.2.8.41", - "1.3.1.18", - "1.3.1.19", - "1.3.1.24", - "1.3.2.15", - "1.3.2.18", - "1.3.2.19", - "1.3.2.24", - "1.3.2.45", - "1.4.2.17", - "1.4.2.18", - "1.4.2.19", - "1.4.2.22", - "1.4.2.24", - "1.5.1.16", - "1.5.1.17", - "1.5.1.21", - "1.5.1.40", - "10.3.2.12", - "2.2.5.17", - "3.5.1.3.14", - "A1.1.2.8", - "A1.1.3.16", - "A1.1.3.17", - "A1.1.3.21", - "A1.1.3.23", - "A1.1.3.40", - "A3.4.1.8" - ], - "MITRE-ATTACK": [ - "T1190", - "T1199", - "T1048", - "T1498", - "T1046" - ], - "CIS-2.0": [ - "3.6" - ], - "NIS2": [ - "1.1.1.c", - "1.2.1", - "2.1.2.e", - "2.1.2.g", - "2.2.1", - "2.3.1", - "6.7.2.b", - "6.7.2.i", - "11.1.1", - "11.6.2.a", - "11.7.2", - "12.2.2.c" - ], - "ProwlerThreatScore-1.0": [ - "2.1.4" - ], - "CIS-4.0": [ - "3.6" - ], - "CCC": [ - "CCC.Build.CN03.AR01", - "CCC.DataWar.CN03.AR01", - "CCC.GenAI.CN04.AR01", - "CCC.MLDE.CN03.AR01", - "CCC.MLDE.CN03.AR02", - "CCC.MLDE.CN04.AR02", - "CCC.MLDE.CN05.AR02", - "CCC.MLDE.CN07.AR01", - "CCC.MLDE.CN07.AR02", - "CCC.MLDE.CN08.AR01", - "CCC.MLDE.CN08.AR02", - "CCC.SvlsComp.CN01.AR01", - "CCC.Core.CN01.AR02", - "CCC.Core.CN01.AR03", - "CCC.Core.CN01.AR07", - "CCC.Core.CN03.AR02", - "CCC.Core.CN03.AR04", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "GCP `Firewall Rules` are specific to a `VPC Network`. Each rule either `allows` or `denies` traffic when its conditions are met. Its conditions allow the user to specify the type of traffic, such as ports and protocols, and the source or destination of the traffic, including IP addresses, subnets, and instances. Firewall rules are defined at the VPC network level and are specific to the network in which they are defined. The rules themselves cannot be shared among networks. Firewall rules only support IPv4 traffic. When specifying a source for an ingress rule or a destination for an egress rule by address, only an `IPv4` address or `IPv4 block in CIDR` notation can be used. Generic `(0.0.0.0/0)` incoming traffic from the internet to VPC or VM instance using `SSH` on `Port 22` can be avoided.", - "title": "Ensure That SSH Access Is Restricted From the Internet", - "types": [], - "uid": "prowler-gcp-compute_firewall_ssh_access_from_the_internet_allowed-nodal-time-474015-p5-global-default-allow-ssh" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "default-allow-ssh", - "id": "4612266095473677447", - "source_ranges": [ - "0.0.0.0/0" - ], - "direction": "INGRESS", - "allowed_rules": [ - { - "IPProtocol": "tcp", - "ports": [ - "22" - ] - } - ], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default-allow-ssh", - "type": "FirewallRule", - "uid": "4612266095473677447" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "Check your Google Cloud Virtual Private Cloud (VPC) firewall rules for inbound rules that allow unrestricted access (i.e. 0.0.0.0/0) on TCP port 22 and restrict the access to trusted IP addresses or IP ranges only in order to implement the principle of least privilege and reduce the attack surface. TCP port 22 is used for secure remote login by connecting an SSH client application with an SSH server. It is strongly recommended to configure your Google Cloud VPC firewall rules to limit inbound traffic on TCP port 22 to known IP addresses only.", - "references": [ - "https://cloud.google.com/vpc/docs/using-firewalls" - ] - }, - "risk_details": "Exposing Secure Shell (SSH) port 22 to the Internet can increase opportunities for malicious activities such as hacking, Man-In-The-Middle attacks (MITM) and brute-force attacks.", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Default network is in use in project nodal-time-474015-p5.", - "metadata": { - "event_code": "compute_network_default_in_use", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Default network is in use in project nodal-time-474015-p5.", - "status_id": 1, - "unmapped": { - "related_url": "https://www.trendmicro.com/cloudoneconformity/knowledge-base/gcp/CloudVPC/default-vpc-in-use.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.1" - ], - "ISO27001-2022": [ - "A.8.20" - ], - "ENS-RD2022": [ - "mp.com.3.r1.gcp.net.1", - "mp.com.4.gcp.vpc.1", - "mp.com.4.r1.gcp.net.1" - ], - "PCI-4.0": [ - "1.4.2.19" - ], - "MITRE-ATTACK": [ - "T1046" - ], - "CIS-2.0": [ - "3.1" - ], - "NIS2": [ - "1.1.1.c", - "1.2.1", - "2.1.2.e", - "2.1.2.g", - "2.2.1", - "2.3.1", - "5.1.2.a", - "6.2.1" - ], - "ProwlerThreatScore-1.0": [ - "2.1.1" - ], - "CIS-4.0": [ - "3.1" - ], - "CCC": [ - "CCC.MLDE.CN08.AR01", - "CCC.MLDE.CN08.AR02", - "CCC.VPC.CN01.AR01" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "Ensure that the default network does not exist", - "title": "Ensure that the default network does not exist", - "types": [], - "uid": "prowler-gcp-compute_network_default_in_use-nodal-time-474015-p5-global-default" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "1894544973933139113", - "subnet_mode": "auto", - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Network", - "uid": "default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "When an organization deletes the default network, it may need to migrate or service onto a new network.", - "references": [ - "https://cloud.google.com/vpc/docs/using-vpc" - ] - }, - "risk_details": "The default network has a preconfigured network configuration and automatically generates insecure firewall rules.", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Network default does not have DNS logging enabled.", - "metadata": { - "event_code": "compute_network_dns_logging_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Network default does not have DNS logging enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_6_6", - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.8.gcp.nt.1", - "mp.com.2.r2.gcp.scc.1", - "mp.com.3.r3.gcp.scc.1" - ], - "PCI-4.0": [ - "1.3.2.44", - "1.4.1.9", - "1.4.2.42", - "1.4.4.9", - "10.2.1.1.6", - "10.2.1.1.29", - "10.2.1.2.6", - "10.2.1.2.12", - "10.2.1.2.21", - "10.2.1.2.26", - "10.2.1.3.6", - "10.2.1.3.21", - "10.2.1.3.26", - "10.2.1.4.6", - "10.2.1.4.21", - "10.2.1.4.26", - "10.2.1.5.6", - "10.2.1.5.26", - "10.2.1.6.6", - "10.2.1.6.21", - "10.2.1.6.26", - "10.2.1.7.6", - "10.2.1.7.12", - "10.2.1.7.26", - "10.2.1.6", - "10.2.1.26", - "10.2.2.6", - "10.2.2.21", - "10.2.2.26", - "10.3.1.6", - "10.3.1.12", - "10.3.1.26", - "10.5.1.9", - "10.6.3.6", - "10.6.3.14", - "10.6.3.26", - "10.6.3.32", - "5.3.4.6", - "5.3.4.24", - "5.3.4.31", - "A1.2.1.6", - "A1.2.1.25", - "A1.2.1.30" - ], - "MITRE-ATTACK": [ - "T1046" - ], - "CIS-2.0": [ - "2.12" - ], - "NIS2": [ - "1.1.1.c", - "1.2.1", - "2.1.2.e", - "2.1.2.g", - "2.1.2.h", - "2.2.1", - "2.3.1", - "3.2.1", - "3.2.3.a", - "3.2.3.d", - "3.6.2", - "6.2.1", - "6.7.2.i", - "6.7.2.l", - "7.2.b", - "9.2.a", - "11.1.1", - "11.5.2.d", - "12.2.2.c" - ], - "CCC": [ - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "Ensure that Cloud DNS logging is enabled for all your Virtual Private Cloud (VPC) networks using DNS server policies. Cloud DNS logging records queries that the name servers resolve for your Google Cloud VPC networks, as well as queries from external entities directly to a public DNS zone. Recorded queries can come from virtual machine (VM) instances, GKE containers running in the same VPC network, peering zones, or other Google Cloud resources provisioned within your VPC.", - "title": "Enable Cloud DNS Logging for VPC Networks", - "types": [], - "uid": "prowler-gcp-compute_network_dns_logging_enabled-nodal-time-474015-p5-global-default" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "1894544973933139113", - "subnet_mode": "auto", - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Network", - "uid": "1894544973933139113" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "Cloud DNS logging records the queries from the name servers within your VPC to Stackdriver. Logged queries can come from Compute Engine VMs, GKE containers, or other GCP resources provisioned within the VPC.", - "references": [ - "https://cloud.google.com/dns/docs/monitoring" - ] - }, - "risk_details": "Cloud DNS logging is disabled by default on each Google Cloud VPC network. By enabling monitoring of Cloud DNS logs, you can increase visibility into the DNS names requested by the clients within your VPC network. Cloud DNS logs can be monitored for anomalous domain names and evaluated against threat intelligence.", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Network simple-workbench does not have DNS logging enabled.", - "metadata": { - "event_code": "compute_network_dns_logging_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Network simple-workbench does not have DNS logging enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_6_6", - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.8.gcp.nt.1", - "mp.com.2.r2.gcp.scc.1", - "mp.com.3.r3.gcp.scc.1" - ], - "PCI-4.0": [ - "1.3.2.44", - "1.4.1.9", - "1.4.2.42", - "1.4.4.9", - "10.2.1.1.6", - "10.2.1.1.29", - "10.2.1.2.6", - "10.2.1.2.12", - "10.2.1.2.21", - "10.2.1.2.26", - "10.2.1.3.6", - "10.2.1.3.21", - "10.2.1.3.26", - "10.2.1.4.6", - "10.2.1.4.21", - "10.2.1.4.26", - "10.2.1.5.6", - "10.2.1.5.26", - "10.2.1.6.6", - "10.2.1.6.21", - "10.2.1.6.26", - "10.2.1.7.6", - "10.2.1.7.12", - "10.2.1.7.26", - "10.2.1.6", - "10.2.1.26", - "10.2.2.6", - "10.2.2.21", - "10.2.2.26", - "10.3.1.6", - "10.3.1.12", - "10.3.1.26", - "10.5.1.9", - "10.6.3.6", - "10.6.3.14", - "10.6.3.26", - "10.6.3.32", - "5.3.4.6", - "5.3.4.24", - "5.3.4.31", - "A1.2.1.6", - "A1.2.1.25", - "A1.2.1.30" - ], - "MITRE-ATTACK": [ - "T1046" - ], - "CIS-2.0": [ - "2.12" - ], - "NIS2": [ - "1.1.1.c", - "1.2.1", - "2.1.2.e", - "2.1.2.g", - "2.1.2.h", - "2.2.1", - "2.3.1", - "3.2.1", - "3.2.3.a", - "3.2.3.d", - "3.6.2", - "6.2.1", - "6.7.2.i", - "6.7.2.l", - "7.2.b", - "9.2.a", - "11.1.1", - "11.5.2.d", - "12.2.2.c" - ], - "CCC": [ - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "Ensure that Cloud DNS logging is enabled for all your Virtual Private Cloud (VPC) networks using DNS server policies. Cloud DNS logging records queries that the name servers resolve for your Google Cloud VPC networks, as well as queries from external entities directly to a public DNS zone. Recorded queries can come from virtual machine (VM) instances, GKE containers running in the same VPC network, peering zones, or other Google Cloud resources provisioned within your VPC.", - "title": "Enable Cloud DNS Logging for VPC Networks", - "types": [], - "uid": "prowler-gcp-compute_network_dns_logging_enabled-nodal-time-474015-p5-global-simple-workbench" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "simple-workbench", - "id": "6879006949331747071", - "subnet_mode": "custom", - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "simple-workbench", - "type": "Network", - "uid": "6879006949331747071" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "Cloud DNS logging records the queries from the name servers within your VPC to Stackdriver. Logged queries can come from Compute Engine VMs, GKE containers, or other GCP resources provisioned within the VPC.", - "references": [ - "https://cloud.google.com/dns/docs/monitoring" - ] - }, - "risk_details": "Cloud DNS logging is disabled by default on each Google Cloud VPC network. By enabling monitoring of Cloud DNS logs, you can increase visibility into the DNS names requested by the clients within your VPC network. Cloud DNS logs can be monitored for anomalous domain names and evaluated against threat intelligence.", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Network default is not legacy.", - "metadata": { - "event_code": "compute_network_not_legacy", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Network default is not legacy.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.2" - ], - "ISO27001-2022": [ - "A.8.20" - ], - "MITRE-ATTACK": [ - "T1498", - "T1046" - ], - "CIS-2.0": [ - "3.2" - ], - "NIS2": [ - "1.1.1.c", - "1.2.1", - "2.1.2.e", - "2.1.2.g", - "2.2.1", - "2.3.1", - "6.2.1", - "11.1.1" - ], - "ProwlerThreatScore-1.0": [ - "2.1.2" - ], - "CIS-4.0": [ - "3.2" - ], - "CCC": [ - "CCC.MLDE.CN08.AR01", - "CCC.MLDE.CN08.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "In order to prevent use of legacy networks, a project should not have a legacy network configured. As of now, Legacy Networks are gradually being phased out, and you can no longer create projects with them. This recommendation is to check older projects to ensure that they are not using Legacy Networks.", - "title": "Ensure Legacy Networks Do Not Exist", - "types": [], - "uid": "prowler-gcp-compute_network_not_legacy-nodal-time-474015-p5-global-default" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "1894544973933139113", - "subnet_mode": "auto", - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Network", - "uid": "1894544973933139113" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "Ensure that your Google Cloud Platform (GCP) projects are not using legacy networks as this type of network is no longer recommended for production environments because it does not support advanced networking features. Instead, it is strongly recommended to use Virtual Private Cloud (VPC) networks for existing and future GCP projects.", - "references": [ - "https://cloud.google.com/vpc/docs/using-legacy#deleting_a_legacy_network" - ] - }, - "risk_details": "Google Cloud legacy networks have a single global IPv4 range which cannot be divided into subnets, and a single gateway IP address for the whole network. Legacy networks do not support several Google Cloud networking features such as subnets, alias IP ranges, multiple network interfaces, Cloud NAT (Network Address Translation), Virtual Private Cloud (VPC) Peering, and private access options for GCP services. Legacy networks are not recommended for high network traffic projects and are subject to a single point of contention or failure.", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Network simple-workbench is not legacy.", - "metadata": { - "event_code": "compute_network_not_legacy", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Network simple-workbench is not legacy.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.2" - ], - "ISO27001-2022": [ - "A.8.20" - ], - "MITRE-ATTACK": [ - "T1498", - "T1046" - ], - "CIS-2.0": [ - "3.2" - ], - "NIS2": [ - "1.1.1.c", - "1.2.1", - "2.1.2.e", - "2.1.2.g", - "2.2.1", - "2.3.1", - "6.2.1", - "11.1.1" - ], - "ProwlerThreatScore-1.0": [ - "2.1.2" - ], - "CIS-4.0": [ - "3.2" - ], - "CCC": [ - "CCC.MLDE.CN08.AR01", - "CCC.MLDE.CN08.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "In order to prevent use of legacy networks, a project should not have a legacy network configured. As of now, Legacy Networks are gradually being phased out, and you can no longer create projects with them. This recommendation is to check older projects to ensure that they are not using Legacy Networks.", - "title": "Ensure Legacy Networks Do Not Exist", - "types": [], - "uid": "prowler-gcp-compute_network_not_legacy-nodal-time-474015-p5-global-simple-workbench" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "simple-workbench", - "id": "6879006949331747071", - "subnet_mode": "custom", - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "simple-workbench", - "type": "Network", - "uid": "6879006949331747071" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "Ensure that your Google Cloud Platform (GCP) projects are not using legacy networks as this type of network is no longer recommended for production environments because it does not support advanced networking features. Instead, it is strongly recommended to use Virtual Private Cloud (VPC) networks for existing and future GCP projects.", - "references": [ - "https://cloud.google.com/vpc/docs/using-legacy#deleting_a_legacy_network" - ] - }, - "risk_details": "Google Cloud legacy networks have a single global IPv4 range which cannot be divided into subnets, and a single gateway IP address for the whole network. Legacy networks do not support several Google Cloud networking features such as subnets, alias IP ranges, multiple network interfaces, Cloud NAT (Network Address Translation), Virtual Private Cloud (VPC) Peering, and private access options for GCP services. Legacy networks are not recommended for high network traffic projects and are subject to a single point of contention or failure.", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Project nodal-time-474015-p5 does not have OS Login enabled.", - "metadata": { - "event_code": "compute_project_os_login_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "Project nodal-time-474015-p5 does not have OS Login enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "4.4" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16" - ], - "ENS-RD2022": [ - "op.ext.3.gcp.log.1" - ], - "CIS-2.0": [ - "4.4" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.2.3.d", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "CIS-4.0": [ - "4.4" - ], - "CCC": [ - "CCC.MLDE.CN03.AR01", - "CCC.MLDE.CN03.AR02", - "CCC.Core.CN03.AR04", - "CCC.Core.CN05.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "Ensure that the OS Login feature is enabled at the Google Cloud Platform (GCP) project level in order to provide you with centralized and automated SSH key pair management.", - "title": "Ensure Os Login Is Enabled for a Project", - "types": [], - "uid": "prowler-gcp-compute_project_os_login_enabled-nodal-time-474015-p5-global-My First Project" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "number": 784623368087, - "id": "nodal-time-474015-p5", - "name": "My First Project", - "organization": null, - "labels": {}, - "lifecycle_state": "ACTIVE" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "My First Project", - "type": "GCPProject", - "uid": "nodal-time-474015-p5" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "Ensure that the OS Login feature is enabled at the Google Cloud Platform (GCP) project level in order to provide you with centralized and automated SSH key pair management.", - "references": [ - "https://cloud.google.com/compute/confidential-vm/docs/creating-cvm-instance:https://cloud.google.com/compute/confidential-vm/docs/about-cvm:https://cloud.google.com/confidential-computing:https://cloud.google.com/blog/products/identity-security/introducing-google-cloud-confidential-computing-with-confidential-vms" - ] - }, - "risk_details": "Enabling OS Login feature ensures that the SSH keys used to connect to VM instances are mapped with Google Cloud IAM users. Revoking access to corresponding IAM users will revoke all the SSH keys associated with these users, therefore it facilitates centralized SSH key pair management, which is extremely useful in handling compromised or stolen SSH key pairs and/or revocation of external/third-party/vendor users.", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-northamerica-northeast2-default" - }, - "resources": [ - { - "region": "northamerica-northeast2", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "483380030849242274", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "northamerica-northeast2" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "483380030849242274" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "northamerica-northeast2" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-europe-west3-default" - }, - "resources": [ - { - "region": "europe-west3", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "5772105379350140066", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "europe-west3" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "5772105379350140066" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "europe-west3" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-us-east4-default" - }, - "resources": [ - { - "region": "us-east4", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "2543292856211690658", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "us-east4" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "2543292856211690658" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-east4" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-us-west2-default" - }, - "resources": [ - { - "region": "us-west2", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "24288970830075042", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "us-west2" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "24288970830075042" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-west2" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-asia-southeast1-default" - }, - "resources": [ - { - "region": "asia-southeast1", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "4056355735184430242", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "asia-southeast1" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "4056355735184430242" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "asia-southeast1" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-us-west4-default" - }, - "resources": [ - { - "region": "us-west4", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "7215612770497680546", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "us-west4" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "7215612770497680546" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-west4" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-us-central1-default" - }, - "resources": [ - { - "region": "us-central1", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "7706237583483294882", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "us-central1" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "7706237583483294882" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-central1" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet simple-subnet-01 in network simple-workbench does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet simple-subnet-01 in network simple-workbench does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-us-central1-simple-subnet-01" - }, - "resources": [ - { - "region": "us-central1", - "data": { - "details": "", - "metadata": { - "name": "simple-subnet-01", - "id": "8482275995630223604", - "network": "simple-workbench", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "us-central1" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "simple-subnet-01", - "type": "Subnet", - "uid": "8482275995630223604" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-central1" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-asia-northeast2-default" - }, - "resources": [ - { - "region": "asia-northeast2", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "508768411464586402", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "asia-northeast2" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "508768411464586402" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "asia-northeast2" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-us-west3-default" - }, - "resources": [ - { - "region": "us-west3", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "5329755272922092706", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "us-west3" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "5329755272922092706" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-west3" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-europe-west8-default" - }, - "resources": [ - { - "region": "europe-west8", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "8540268486600512674", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "europe-west8" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "8540268486600512674" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "europe-west8" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-us-west1-default" - }, - "resources": [ - { - "region": "us-west1", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "8333568044404659362", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "us-west1" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "8333568044404659362" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-west1" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-us-east1-default" - }, - "resources": [ - { - "region": "us-east1", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "355354730862040226", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "us-east1" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "355354730862040226" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-east1" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-us-south1-default" - }, - "resources": [ - { - "region": "us-south1", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "1314274851926135970", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "us-south1" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "1314274851926135970" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-south1" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-southamerica-west1-default" - }, - "resources": [ - { - "region": "southamerica-west1", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "608650311179523233", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "southamerica-west1" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "608650311179523233" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "southamerica-west1" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-australia-southeast1-default" - }, - "resources": [ - { - "region": "australia-southeast1", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "5526634061214864546", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "australia-southeast1" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "5526634061214864546" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "australia-southeast1" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-europe-west4-default" - }, - "resources": [ - { - "region": "europe-west4", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "5555571983192249506", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "europe-west4" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "5555571983192249506" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "europe-west4" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-asia-east2-default" - }, - "resources": [ - { - "region": "asia-east2", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "6078557433428006050", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "asia-east2" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "6078557433428006050" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "asia-east2" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-northamerica-northeast1-default" - }, - "resources": [ - { - "region": "northamerica-northeast1", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "3188169212019954850", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "northamerica-northeast1" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "3188169212019954850" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "northamerica-northeast1" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-europe-central2-default" - }, - "resources": [ - { - "region": "europe-central2", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "4980955262212461730", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "europe-central2" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "4980955262212461730" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "europe-central2" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-northamerica-south1-default" - }, - "resources": [ - { - "region": "northamerica-south1", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "7144258258311140514", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "northamerica-south1" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "7144258258311140514" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "northamerica-south1" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-europe-southwest1-default" - }, - "resources": [ - { - "region": "europe-southwest1", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "1089352323782235298", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "europe-southwest1" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "1089352323782235298" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "europe-southwest1" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-australia-southeast2-default" - }, - "resources": [ - { - "region": "australia-southeast2", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "4285468416242439330", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "australia-southeast2" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "4285468416242439330" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "australia-southeast2" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-us-east5-default" - }, - "resources": [ - { - "region": "us-east5", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "1401430415650673826", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "us-east5" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "1401430415650673826" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-east5" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-asia-northeast1-default" - }, - "resources": [ - { - "region": "asia-northeast1", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "7315669883403457698", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "asia-northeast1" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "7315669883403457698" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "asia-northeast1" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-europe-west6-default" - }, - "resources": [ - { - "region": "europe-west6", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "3716081487960429730", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "europe-west6" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "3716081487960429730" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "europe-west6" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-europe-west9-default" - }, - "resources": [ - { - "region": "europe-west9", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "1074046580757714082", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "europe-west9" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "1074046580757714082" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "europe-west9" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-asia-east1-default" - }, - "resources": [ - { - "region": "asia-east1", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "5813254284192076962", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "asia-east1" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "5813254284192076962" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "asia-east1" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-europe-west12-default" - }, - "resources": [ - { - "region": "europe-west12", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "5525328356797142178", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "europe-west12" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "5525328356797142178" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "europe-west12" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-me-west1-default" - }, - "resources": [ - { - "region": "me-west1", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "5036744520860521634", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "me-west1" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "5036744520860521634" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "me-west1" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-europe-west2-default" - }, - "resources": [ - { - "region": "europe-west2", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "1891634321841280162", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "europe-west2" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "1891634321841280162" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "europe-west2" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-europe-west1-default" - }, - "resources": [ - { - "region": "europe-west1", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "3398545940062753954", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "europe-west1" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "3398545940062753954" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "europe-west1" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-asia-northeast3-default" - }, - "resources": [ - { - "region": "asia-northeast3", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "9096168126651389090", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "asia-northeast3" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "9096168126651389090" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "asia-northeast3" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-europe-west10-default" - }, - "resources": [ - { - "region": "europe-west10", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "4896835085019993250", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "europe-west10" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "4896835085019993250" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "europe-west10" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-europe-north1-default" - }, - "resources": [ - { - "region": "europe-north1", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "6168370688555570338", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "europe-north1" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "6168370688555570338" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "europe-north1" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-europe-north2-default" - }, - "resources": [ - { - "region": "europe-north2", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "1953758124674995362", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "europe-north2" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "1953758124674995362" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "europe-north2" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-southamerica-east1-default" - }, - "resources": [ - { - "region": "southamerica-east1", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "5608727104037934242", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "southamerica-east1" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "5608727104037934242" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "southamerica-east1" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-asia-southeast2-default" - }, - "resources": [ - { - "region": "asia-southeast2", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "1491739310004196514", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "asia-southeast2" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "1491739310004196514" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "asia-southeast2" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-asia-south1-default" - }, - "resources": [ - { - "region": "asia-south1", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "7023929475293861026", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "asia-south1" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "7023929475293861026" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "asia-south1" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-africa-south1-default" - }, - "resources": [ - { - "region": "africa-south1", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "3728776852941657249", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "africa-south1" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "3728776852941657249" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "africa-south1" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-me-central1-default" - }, - "resources": [ - { - "region": "me-central1", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "8693862684678509730", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "me-central1" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "8693862684678509730" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "me-central1" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Subnet default in network default does not have flow logs enabled.", - "metadata": { - "event_code": "compute_subnet_flow_logs_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Subnet default in network default does not have flow logs enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "3.8" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.6.r4.gcp.nt.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "CIS-2.0": [ - "3.8" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "CIS-4.0": [ - "3.8" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "title": "Enable VPC Flow Logs for VPC Subnets", - "types": [], - "uid": "prowler-gcp-compute_subnet_flow_logs_enabled-nodal-time-474015-p5-asia-south2-default" - }, - "resources": [ - { - "region": "asia-south2", - "data": { - "details": "", - "metadata": { - "name": "default", - "id": "3652760235359687842", - "network": "default", - "project_id": "nodal-time-474015-p5", - "flow_logs": false, - "region": "asia-south2" - } - }, - "group": { - "name": "compute" - }, - "labels": [], - "name": "default", - "type": "Subnet", - "uid": "3652760235359687842" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "asia-south2" - }, - "remediation": { - "desc": "Ensure that VPC Flow Logs is enabled for every subnet created within your production Virtual Private Cloud (VPC) network. Flow Logs is a logging feature that enables users to capture information about the IP traffic (accepted, rejected, or all traffic) going to and from the network interfaces (ENIs) available within your VPC subnets.", - "references": [ - "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" - ] - }, - "risk_details": "By default, the VPC Flow Logs feature is disabled when a new VPC network subnet is created. Once enabled, VPC Flow Logs will start collecting network traffic data to and from your Virtual Private Cloud (VPC) subnets, logging data that can be useful for understanding network usage, network traffic expense optimization, network forensics, and real-time security analysis. To enhance Google Cloud VPC network visibility and security it is strongly recommended to enable Flow Logs for every business-critical or production VPC subnet.", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "GCR Container Scanning is not enabled in project nodal-time-474015-p5.", - "metadata": { - "event_code": "gcr_container_scanning_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "GCR Container Scanning is not enabled in project nodal-time-474015-p5.", - "status_id": 1, - "unmapped": { - "related_url": "https://cloud.google.com/container-registry/docs/container-analysis", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "By default, GCR Container Scanning is disabled.", - "compliance": { - "SOC2": [ - "cc_3_1", - "cc_3_2" - ], - "ENS-RD2022": [ - "op.mon.1.r1.gcp.scc.1", - "op.mon.1.r2.gcp.scc.1", - "op.mon.3.gcp.scc.1" - ], - "PCI-4.0": [ - "11.3.1.2.1", - "11.3.1.3.3", - "11.3.1.3" - ], - "NIS2": [ - "2.2.1", - "5.1.4.f", - "5.1.7.d", - "6.6.1.a", - "6.9.2" - ], - "CCC": [ - "CCC.CntrReg.CN01.AR01", - "CCC.GenAI.CN04.AR01", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.MLDE.CN05.AR01", - "CCC.MLDE.CN05.AR02", - "CCC.MLDE.CN06.AR01" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "Scan images stored in Google Container Registry (GCR) for vulnerabilities using GCR Container Scanning or a third-party provider. This helps identify and mitigate security risks associated with known vulnerabilities in container images.", - "title": "Ensure Image Vulnerability Scanning using GCR Container Scanning or a third-party provider", - "types": [ - "Security", - "Configuration" - ], - "uid": "prowler-gcp-gcr_container_scanning_enabled-nodal-time-474015-p5-global-GCR Container Scanning" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "number": 784623368087, - "id": "nodal-time-474015-p5", - "name": "My First Project", - "organization": null, - "labels": {}, - "lifecycle_state": "ACTIVE" - } - }, - "group": { - "name": "gcr" - }, - "labels": [], - "name": "GCR Container Scanning", - "type": "Service", - "uid": "containerscanning.googleapis.com" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "Enable vulnerability scanning for images stored in GCR using GCR Container Scanning or a third-party provider.", - "references": [ - "https://cloud.google.com/container-registry/docs/container-best-practices" - ] - }, - "risk_details": "Without image vulnerability scanning, container images stored in GCR may contain known vulnerabilities, increasing the risk of exploitation by malicious actors.", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Audit Logs are not enabled for project nodal-time-474015-p5.", - "metadata": { - "event_code": "iam_audit_logs_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Audit Logs are not enabled for project nodal-time-474015-p5.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "2.1" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16" - ], - "ENS-RD2022": [ - "opc.acc.1.r1.gcp.iam.2", - "op.acc.6.r5.gcp.cl.1", - "op.acc.6.r9.gcp.api.1" - ], - "PCI-4.0": [ - "1.5.1.31", - "10.2.1.1.7", - "10.2.1.1.10", - "10.2.1.1.20", - "10.2.1.1.25", - "10.2.1.1.36", - "10.2.1.2.1", - "10.2.1.2.7", - "10.2.1.2.8", - "10.2.1.2.19", - "10.2.1.2.24", - "10.2.1.3.7", - "10.2.1.3.8", - "10.2.1.3.11", - "10.2.1.3.17", - "10.2.1.3.19", - "10.2.1.4.1", - "10.2.1.4.7", - "10.2.1.4.8", - "10.2.1.4.19", - "10.2.1.4.24", - "10.2.1.5.1", - "10.2.1.5.7", - "10.2.1.5.19", - "10.2.1.5.24", - "10.2.1.6.7", - "10.2.1.6.8", - "10.2.1.6.24", - "10.2.1.7.7", - "10.2.1.7.8", - "10.2.1.7.19", - "10.2.1.7.24", - "10.2.1.1", - "10.2.1.7", - "10.2.1.8", - "10.2.1.11", - "10.2.1.17", - "10.2.1.18", - "10.2.1.19", - "10.2.1.24", - "10.2.1.30", - "10.2.2.1", - "10.2.2.7", - "10.2.2.8", - "10.2.2.18", - "10.2.2.24", - "10.3.1.7", - "10.3.1.8", - "10.3.1.24", - "10.3.2.2", - "10.3.2.5", - "10.3.3.4", - "10.3.3.7", - "10.3.4.3", - "10.3.4.6", - "10.4.1.1.3", - "10.5.1.3", - "10.6.3.7", - "10.6.3.10", - "10.6.3.22", - "10.6.3.24", - "10.6.3.41", - "11.5.2.4", - "11.6.1.4", - "12.10.5.4", - "5.3.4.7", - "5.3.4.8", - "5.3.4.9", - "5.3.4.20", - "5.3.4.21", - "5.3.4.22", - "7.2.1.15", - "7.2.2.15", - "7.2.5.11", - "7.3.1.11", - "7.3.2.11", - "7.3.3.11", - "8.2.8.13", - "A1.2.1.1", - "A1.2.1.7", - "A1.2.1.8", - "A1.2.1.10", - "A1.2.1.12", - "A1.2.1.28", - "A3.3.1.6", - "A3.5.1.6" - ], - "CIS-2.0": [ - "2.1" - ], - "NIS2": [ - "3.1.3", - "3.2.1", - "3.2.3.c", - "3.2.3.d", - "3.2.3.e", - "3.6.2", - "7.2.b", - "11.2.2.e", - "11.2.2.f", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "1.3.3" - ], - "CIS-4.0": [ - "2.1" - ], - "CCC": [ - "CCC.AuditLog.CN01.AR01", - "CCC.AuditLog.CN01.AR02", - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.AuditLog.CN07.AR01", - "CCC.DataWar.CN03.AR01", - "CCC.GenAI.CN03.AR01", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.LB.CN04.AR01", - "CCC.LB.CN05.AR01", - "CCC.LB.CN09.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.MLDE.CN01.AR01", - "CCC.MLDE.CN03.AR02", - "CCC.Monitor.CN01.AR01", - "CCC.Monitor.CN02.AR01", - "CCC.Vector.CN05.AR01", - "CCC.Core.CN09.AR01", - "CCC.Core.CN09.AR02", - "CCC.Core.CN03.AR04", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR02", - "CCC.Core.CN04.AR03", - "CCC.Core.CN07.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "Ensure that Google Cloud Audit Logs feature is configured to track Data Access logs for all Google Cloud Platform (GCP) services and users, in order to enhance overall access security and meet compliance requirements. Once configured, the feature can record all admin related activities, as well as all the read and write access requests to user data.", - "title": "Configure Google Cloud Audit Logs to Track All Activities", - "types": [], - "uid": "prowler-gcp-iam_audit_logs_enabled-nodal-time-474015-p5-global-My First Project" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "number": 784623368087, - "id": "nodal-time-474015-p5", - "name": "My First Project", - "organization": null, - "labels": {}, - "lifecycle_state": "ACTIVE" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "My First Project", - "type": "GCPProject", - "uid": "nodal-time-474015-p5" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended that Cloud Audit Logging is configured to track all admin activities and read, write access to user data.", - "references": [ - "https://cloud.google.com/logging/docs/audit/" - ] - }, - "risk_details": "In order to maintain an effective Google Cloud audit configuration for your project, folder, and organization, all 3 types of Data Access logs (ADMIN_READ, DATA_READ and DATA_WRITE) must be enabled for all supported GCP services. Also, Data Access logs should be captured for all IAM users, without exempting any of them. Exemptions let you control which users generate audit logs. When you add an exempted user to your log configuration, audit logs are not created for that user, for the selected log type(s). Data Access audit logs are disabled by default and must be explicitly enabled based on your business requirements.", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Cloud Asset Inventory is enabled in project nodal-time-474015-p5.", - "metadata": { - "event_code": "iam_cloud_asset_inventory_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Cloud Asset Inventory is enabled in project nodal-time-474015-p5.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "2.13" - ], - "SOC2": [ - "cc_1_3", - "cc_3_4", - "cc_4_2", - "cc_6_8", - "cc_7_1", - "cc_7_3", - "cc_8_1" - ], - "ISO27001-2022": [ - "A.5.1", - "A.5.19", - "A.5.21", - "A.5.25", - "A.5.28", - "A.5.29", - "A.8.7", - "A.8.9" - ], - "ENS-RD2022": [ - "op.exp.1.gcp.scc.1", - "op.exp.1.r2.gcp.cai.1", - "op.exp.1.r3.gcp.cai.1" - ], - "MITRE-ATTACK": [ - "T1098", - "T1580" - ], - "CIS-2.0": [ - "2.13" - ], - "NIS2": [ - "3.1.3" - ], - "ProwlerThreatScore-1.0": [ - "3.3.1" - ], - "CIS-4.0": [ - "2.13" - ], - "CCC": [ - "CCC.GenAI.CN03.AR01", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.Core.CN05.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "GCP Cloud Asset Inventory is services that provides a historical view of GCP resources and IAM policies through a time-series database. The information recorded includes metadata on Google Cloud resources, metadata on policies set on Google Cloud projects or resources, and runtime information gathered within a Google Cloud resource.", - "title": "Ensure Cloud Asset Inventory Is Enabled", - "types": [], - "uid": "prowler-gcp-iam_cloud_asset_inventory_enabled-nodal-time-474015-p5-global-Cloud Asset Inventory" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "number": 784623368087, - "id": "nodal-time-474015-p5", - "name": "My First Project", - "organization": null, - "labels": {}, - "lifecycle_state": "ACTIVE" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "Cloud Asset Inventory", - "type": "Service", - "uid": "cloudasset.googleapis.com" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "Ensure that Cloud Asset Inventory is enabled for all your GCP projects in order to efficiently manage the history and the inventory of your cloud resources. Google Cloud Asset Inventory is a fully managed metadata inventory service that allows you to view, monitor, analyze, and gain insights for your Google Cloud and Anthos assets. Cloud Asset Inventory is disabled by default in each GCP project.", - "references": [ - "https://cloud.google.com/asset-inventory/docs" - ] - }, - "risk_details": "Gaining insight into Google Cloud resources and policies is vital for tasks such as DevOps, security analytics, multi-cluster and fleet management, auditing, and governance. With Cloud Asset Inventory you can discover, monitor, and analyze all GCP assets in one place, achieving a better understanding of all your cloud assets across projects and services.", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No IAM Users assigned to service roles at project level nodal-time-474015-p5.", - "metadata": { - "event_code": "iam_no_service_roles_at_project_level", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "No IAM Users assigned to service roles at project level nodal-time-474015-p5.", - "status_id": 1, - "unmapped": { - "related_url": "https://www.trendmicro.com/cloudoneconformity/knowledge-base/gcp/CloudIAM/check-for-iam-users-with-service-roles.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.6" - ], - "SOC2": [ - "cc_1_3" - ], - "ISO27001-2022": [ - "A.5.3", - "A.5.15", - "A.8.2" - ], - "ENS-RD2022": [ - "op.acc.1.r1.gcp.iam.1" - ], - "PCI-4.0": [ - "1.5.1.31", - "7.2.1.16", - "7.2.1.19", - "7.2.2.17", - "7.2.2.19", - "7.2.5.7", - "7.2.5.10", - "7.2.5.13", - "7.3.1.7", - "7.3.1.12", - "7.3.1.13", - "7.3.2.13", - "7.3.3.10", - "7.3.3.12", - "7.3.3.13", - "8.2.2.6", - "8.2.7.11", - "8.2.7.13", - "8.2.8.9", - "8.2.8.15", - "8.3.4.11", - "8.3.4.12", - "8.3.4.13" - ], - "MITRE-ATTACK": [ - "T1078", - "T1098", - "T1556", - "T1578", - "T1550", - "T1606", - "T1040", - "T1580", - "T1538", - "T1069" - ], - "CIS-2.0": [ - "1.6" - ], - "NIS2": [ - "6.2.2.b", - "6.7.2.g", - "11.1.2.c", - "11.2.2.d", - "11.3.1", - "11.3.2.b" - ], - "ProwlerThreatScore-1.0": [ - "1.3.1" - ], - "CIS-4.0": [ - "1.6" - ], - "CCC": [ - "CCC.DataWar.CN03.AR01", - "CCC.GenAI.CN06.AR01", - "CCC.LB.CN04.AR01", - "CCC.LB.CN05.AR01", - "CCC.LB.CN09.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.MLDE.CN03.AR02", - "CCC.Monitor.CN06.AR01", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "It is recommended to assign the `Service Account User (iam.serviceAccountUser)` and `Service Account Token Creator (iam.serviceAccountTokenCreator)` roles to a user for a specific service account rather than assigning the role to a user at project level.", - "title": "Ensure That IAM Users Are Not Assigned the Service Account User or Service Account Token Creator Roles at Project Level", - "types": [], - "uid": "prowler-gcp-iam_no_service_roles_at_project_level-nodal-time-474015-p5-global-My First Project" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "number": 784623368087, - "id": "nodal-time-474015-p5", - "name": "My First Project", - "organization": null, - "labels": {}, - "lifecycle_state": "ACTIVE" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "My First Project", - "type": "IAM Policy", - "uid": "nodal-time-474015-p5" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "Ensure that the Service Account User and Service Account Token Creator roles are assigned to a user for a specific GCP service account rather than to a user at the GCP project level, in order to implement the principle of least privilege (POLP). The principle of least privilege (also known as the principle of minimal privilege) is the practice of providing every user the minimal amount of access required to perform its tasks. Google Cloud Platform (GCP) IAM users should not have assigned the Service Account User or Service Account Token Creator roles at the GCP project level. Instead, these roles should be allocated to a user associated with a specific service account, providing that user access to the service account only.", - "references": [ - "https://cloud.google.com/iam/docs/granting-changing-revoking-access" - ] - }, - "risk_details": "The Service Account User (iam.serviceAccountUser) role allows an IAM user to attach a service account to a long-running job service such as an App Engine App or Dataflow Job, whereas the Service Account Token Creator (iam.serviceAccountTokenCreator) role allows a user to directly impersonate the identity of a service account.", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Principle of separation of duties was enforced for KMS-Related Roles in project nodal-time-474015-p5.", - "metadata": { - "event_code": "iam_role_kms_enforce_separation_of_duties", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Principle of separation of duties was enforced for KMS-Related Roles in project nodal-time-474015-p5.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.8", - "1.11" - ], - "SOC2": [ - "cc_1_3", - "cc_6_3" - ], - "ISO27001-2022": [ - "A.5.3", - "A.5.15", - "A.8.2" - ], - "ENS-RD2022": [ - "op.acc.3.gcp.org.1" - ], - "PCI-4.0": [ - "3.5.1.1.8", - "3.5.1.3.16", - "3.6.1.2.8", - "3.6.1.3.8", - "3.6.1.4.8", - "3.6.1.8", - "3.7.1.9", - "3.7.2.8", - "3.7.4.5", - "3.7.4.9", - "3.7.6.8", - "3.7.7.8", - "4.2.1.1.21", - "7.2.1.10", - "7.2.2.10", - "7.2.3.6", - "7.2.5.6", - "7.3.1.6", - "7.3.2.6", - "7.3.3.5", - "7.3.3.6", - "8.2.7.5", - "8.2.7.6", - "8.2.8.8", - "8.3.4.6" - ], - "MITRE-ATTACK": [ - "T1078", - "T1098", - "T1556", - "T1578", - "T1550", - "T1606", - "T1040", - "T1087", - "T1580", - "T1538", - "T1069" - ], - "CIS-2.0": [ - "1.11" - ], - "NIS2": [ - "1.2.4", - "3.1.3", - "6.2.2.b", - "6.7.2.e", - "11.1.2.c", - "11.2.2.a", - "11.2.2.d", - "11.3.1", - "11.3.2.b", - "11.3.2.c", - "11.3.2.d", - "11.4.2.b", - "11.4.2.c", - "11.6.1" - ], - "ProwlerThreatScore-1.0": [ - "1.2.5", - "1.3.2" - ], - "CIS-4.0": [ - "1.8", - "1.11" - ], - "CCC": [ - "CCC.DataWar.CN03.AR01", - "CCC.KeyMgmt.CN02.AR01", - "CCC.LB.CN05.AR01", - "CCC.LB.CN09.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "Ensure that separation of duties is enforced for all Cloud Key Management Service (KMS) related roles. The principle of separation of duties (also known as segregation of duties) has as its primary objective the prevention of fraud and human error. This objective is achieved by dismantling the tasks and the associated privileges for a specific business process among multiple users/identities. Google Cloud provides predefined roles that can be used to implement the principle of separation of duties, where it is needed. The predefined Cloud KMS Admin role is meant for users to manage KMS keys but not to use them. The Cloud KMS CryptoKey Encrypter/Decrypter roles are meant for services who can use keys to encrypt and decrypt data, but not to manage them. To adhere to cloud security best practices, your IAM users should not have the Admin role and any of the CryptoKey Encrypter/Decrypter roles assigned at the same time.", - "title": "Enforce Separation of Duties for KMS-Related Roles", - "types": [], - "uid": "prowler-gcp-iam_role_kms_enforce_separation_of_duties-nodal-time-474015-p5-global-My First Project" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "number": 784623368087, - "id": "nodal-time-474015-p5", - "name": "My First Project", - "organization": null, - "labels": {}, - "lifecycle_state": "ACTIVE" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "My First Project", - "type": "IAMRole", - "uid": "nodal-time-474015-p5" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended that the principle of 'Separation of Duties' is enforced while assigning KMS related roles to users.", - "references": [ - "https://cloud.google.com/kms/docs/separation-of-duties" - ] - }, - "risk_details": "The principle of separation of duties can be enforced in order to eliminate the need for the IAM user/identity that has all the permissions needed to perform unwanted actions, such as using a cryptographic key to access and decrypt data which the user should not normally have access to.", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Principle of separation of duties was not enforced for Service-Account Related Roles in project nodal-time-474015-p5 in members deleted:serviceAccount:gha-deployer@nodal-time-474015-p5.iam.gserviceaccount.com?uid=104781589807131914461,serviceAccount:gha-deployer@nodal-time-474015-p5.iam.gserviceaccount.com.", - "metadata": { - "event_code": "iam_role_sa_enforce_separation_of_duties", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Principle of separation of duties was not enforced for Service-Account Related Roles in project nodal-time-474015-p5 in members deleted:serviceAccount:gha-deployer@nodal-time-474015-p5.iam.gserviceaccount.com?uid=104781589807131914461,serviceAccount:gha-deployer@nodal-time-474015-p5.iam.gserviceaccount.com.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_1_3", - "cc_6_3" - ], - "ISO27001-2022": [ - "A.5.3", - "A.5.15", - "A.5.18", - "A.8.2" - ], - "ENS-RD2022": [ - "op.acc.3.gcp.org.1" - ], - "PCI-4.0": [ - "7.2.1.16", - "7.2.1.19", - "7.2.2.19", - "7.2.5.13", - "7.3.1.7", - "7.3.1.12", - "7.3.1.13", - "7.3.3.12", - "8.2.7.11", - "8.2.7.13", - "8.3.4.11" - ], - "MITRE-ATTACK": [ - "T1078", - "T1098", - "T1556", - "T1578", - "T1550", - "T1606", - "T1040", - "T1087", - "T1580", - "T1538", - "T1069" - ], - "CIS-2.0": [ - "1.8" - ], - "NIS2": [ - "1.2.4", - "3.1.3", - "6.2.2.b", - "11.1.2.c", - "11.2.2.a", - "11.2.2.d", - "11.3.1", - "11.3.2.b", - "11.3.2.c", - "11.3.2.d", - "11.4.2.b", - "11.4.2.c" - ], - "CCC": [ - "CCC.DataWar.CN03.AR01", - "CCC.LB.CN04.AR01", - "CCC.LB.CN05.AR01", - "CCC.LB.CN09.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "Ensure that separation of duties (also known as segregation of duties - SoD) is enforced for all Google Cloud Platform (GCP) service-account related roles. The security principle of separation of duties has as its primary objective the prevention of fraud and human error. This objective is achieved by disbanding the tasks and associated privileges for a specific business process among multiple users/members. To follow security best practices, your GCP service accounts should not have the Service Account Admin and Service Account User roles assigned at the same time.", - "title": "Enforce Separation of Duties for Service-Account Related Roles", - "types": [], - "uid": "prowler-gcp-iam_role_sa_enforce_separation_of_duties-nodal-time-474015-p5-global-My First Project" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "number": 784623368087, - "id": "nodal-time-474015-p5", - "name": "My First Project", - "organization": null, - "labels": {}, - "lifecycle_state": "ACTIVE" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "My First Project", - "type": "IAMRole", - "uid": "nodal-time-474015-p5" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "Ensure that separation of duties (also known as segregation of duties - SoD) is enforced for all Google Cloud Platform (GCP) service-account related roles. The security principle of separation of duties has as its primary objective the prevention of fraud and human error. This objective is achieved by disbanding the tasks and associated privileges for a specific business process among multiple users/members. To follow security best practices, your GCP service accounts should not have the Service Account Admin and Service Account User roles assigned at the same time.", - "references": [ - "https://cloud.google.com/iam/docs/understanding-roles" - ] - }, - "risk_details": "The principle of separation of duties should be enforced in order to eliminate the need for high-privileged IAM members, as the permissions granted to these members can allow them to perform malicious or unwanted actions.", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Account gha-deployer@nodal-time-474015-p5.iam.gserviceaccount.com has administrative privileges with roles/serviceusage.serviceUsageAdmin.", - "metadata": { - "event_code": "iam_sa_no_administrative_privileges", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Account gha-deployer@nodal-time-474015-p5.iam.gserviceaccount.com has administrative privileges with roles/serviceusage.serviceUsageAdmin.", - "status_id": 1, - "unmapped": { - "related_url": "https://www.trendmicro.com/cloudoneconformity/knowledge-base/gcp/CloudIAM/restrict-admin-access-for-service-accounts.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.5" - ], - "SOC2": [ - "cc_1_3", - "cc_6_3" - ], - "ISO27001-2022": [ - "A.5.15", - "A.5.18", - "A.8.2", - "A.8.3" - ], - "ENS-RD2022": [ - "op.acc.3.gcp.iam.1", - "opc.acc.4.gcp.iam.1" - ], - "PCI-4.0": [ - "1.5.1.31", - "7.2.1.5", - "7.2.1.11", - "7.2.1.14", - "7.2.1.15", - "7.2.1.16", - "7.2.1.19", - "7.2.2.5", - "7.2.2.14", - "7.2.2.15", - "7.2.2.16", - "7.2.2.17", - "7.2.2.19", - "7.2.3.7", - "7.2.5.3", - "7.2.5.7", - "7.2.5.10", - "7.2.5.11", - "7.2.5.12", - "7.2.5.13", - "7.3.1.3", - "7.3.1.7", - "7.3.1.10", - "7.3.1.11", - "7.3.1.12", - "7.3.1.13", - "7.3.2.3", - "7.3.2.7", - "7.3.2.8", - "7.3.2.10", - "7.3.2.11", - "7.3.2.13", - "7.3.3.3", - "7.3.3.7", - "7.3.3.10", - "7.3.3.11", - "7.3.3.12", - "7.3.3.13", - "8.2.1.4", - "8.2.2.6", - "8.2.5.4", - "8.2.7.3", - "8.2.7.10", - "8.2.7.11", - "8.2.7.13", - "8.2.8.5", - "8.2.8.9", - "8.2.8.12", - "8.2.8.13", - "8.2.8.15", - "8.3.4.3", - "8.3.4.10", - "8.3.4.11", - "8.3.4.12", - "8.3.4.13" - ], - "MITRE-ATTACK": [ - "T1078", - "T1098", - "T1556", - "T1578", - "T1550", - "T1606", - "T1040", - "T1087", - "T1580", - "T1538", - "T1069" - ], - "CIS-2.0": [ - "1.5" - ], - "NIS2": [ - "3.2.3.e", - "6.2.2.b", - "6.7.2.e", - "6.7.2.g", - "11.1.2.c", - "11.2.2.a", - "11.2.2.d", - "11.3.1", - "11.3.2.b", - "11.3.2.c", - "11.3.2.d", - "11.4.2.a", - "11.4.2.c" - ], - "ProwlerThreatScore-1.0": [ - "1.2.2" - ], - "CIS-4.0": [ - "1.5" - ], - "CCC": [ - "CCC.DataWar.CN03.AR01", - "CCC.GenAI.CN06.AR01", - "CCC.LB.CN04.AR01", - "CCC.LB.CN05.AR01", - "CCC.LB.CN09.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.MLDE.CN03.AR02", - "CCC.Monitor.CN06.AR01", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "Ensure Service Account does not have admin privileges", - "title": "Ensure Service Account does not have admin privileges", - "types": [], - "uid": "prowler-gcp-iam_sa_no_administrative_privileges-nodal-time-474015-p5-global-projects/nodal-time-474015-p5/serviceAccounts/gha-deployer@nodal-time-474015-p5.iam.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/gha-deployer@nodal-time-474015-p5.iam.gserviceaccount.com", - "email": "gha-deployer@nodal-time-474015-p5.iam.gserviceaccount.com", - "display_name": "GitHub Actions Deployer", - "keys": [ - { - "name": "3f2a81ba4bce0b39089b85a2e7678d09d2d183f6", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-16T22:26:26", - "valid_before": "2027-10-28T08:50:15" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "114112078080729873885" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "projects/nodal-time-474015-p5/serviceAccounts/gha-deployer@nodal-time-474015-p5.iam.gserviceaccount.com", - "type": "ServiceAccount", - "uid": "gha-deployer@nodal-time-474015-p5.iam.gserviceaccount.com" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "Ensure that your Google Cloud user-managed service accounts are not using privileged (administrator) roles, in order to implement the principle of least privilege and prevent any accidental or intentional modifications that may lead to data leaks and/or data loss.", - "references": [ - "https://cloud.google.com/iam/docs/manage-access-service-accounts" - ] - }, - "risk_details": "Enrolling ServiceAccount with Admin rights gives full access to an assigned application or a VM. A ServiceAccount Access holder can perform critical actions, such as delete and update change settings, without user intervention.", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com has no administrative privileges.", - "metadata": { - "event_code": "iam_sa_no_administrative_privileges", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com has no administrative privileges.", - "status_id": 1, - "unmapped": { - "related_url": "https://www.trendmicro.com/cloudoneconformity/knowledge-base/gcp/CloudIAM/restrict-admin-access-for-service-accounts.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.5" - ], - "SOC2": [ - "cc_1_3", - "cc_6_3" - ], - "ISO27001-2022": [ - "A.5.15", - "A.5.18", - "A.8.2", - "A.8.3" - ], - "ENS-RD2022": [ - "op.acc.3.gcp.iam.1", - "opc.acc.4.gcp.iam.1" - ], - "PCI-4.0": [ - "1.5.1.31", - "7.2.1.5", - "7.2.1.11", - "7.2.1.14", - "7.2.1.15", - "7.2.1.16", - "7.2.1.19", - "7.2.2.5", - "7.2.2.14", - "7.2.2.15", - "7.2.2.16", - "7.2.2.17", - "7.2.2.19", - "7.2.3.7", - "7.2.5.3", - "7.2.5.7", - "7.2.5.10", - "7.2.5.11", - "7.2.5.12", - "7.2.5.13", - "7.3.1.3", - "7.3.1.7", - "7.3.1.10", - "7.3.1.11", - "7.3.1.12", - "7.3.1.13", - "7.3.2.3", - "7.3.2.7", - "7.3.2.8", - "7.3.2.10", - "7.3.2.11", - "7.3.2.13", - "7.3.3.3", - "7.3.3.7", - "7.3.3.10", - "7.3.3.11", - "7.3.3.12", - "7.3.3.13", - "8.2.1.4", - "8.2.2.6", - "8.2.5.4", - "8.2.7.3", - "8.2.7.10", - "8.2.7.11", - "8.2.7.13", - "8.2.8.5", - "8.2.8.9", - "8.2.8.12", - "8.2.8.13", - "8.2.8.15", - "8.3.4.3", - "8.3.4.10", - "8.3.4.11", - "8.3.4.12", - "8.3.4.13" - ], - "MITRE-ATTACK": [ - "T1078", - "T1098", - "T1556", - "T1578", - "T1550", - "T1606", - "T1040", - "T1087", - "T1580", - "T1538", - "T1069" - ], - "CIS-2.0": [ - "1.5" - ], - "NIS2": [ - "3.2.3.e", - "6.2.2.b", - "6.7.2.e", - "6.7.2.g", - "11.1.2.c", - "11.2.2.a", - "11.2.2.d", - "11.3.1", - "11.3.2.b", - "11.3.2.c", - "11.3.2.d", - "11.4.2.a", - "11.4.2.c" - ], - "ProwlerThreatScore-1.0": [ - "1.2.2" - ], - "CIS-4.0": [ - "1.5" - ], - "CCC": [ - "CCC.DataWar.CN03.AR01", - "CCC.GenAI.CN06.AR01", - "CCC.LB.CN04.AR01", - "CCC.LB.CN05.AR01", - "CCC.LB.CN09.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.MLDE.CN03.AR02", - "CCC.Monitor.CN06.AR01", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "Ensure Service Account does not have admin privileges", - "title": "Ensure Service Account does not have admin privileges", - "types": [], - "uid": "prowler-gcp-iam_sa_no_administrative_privileges-nodal-time-474015-p5-global-projects/nodal-time-474015-p5/serviceAccounts/test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "email": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "display_name": "CCC Test User: test-user-trusted", - "keys": [ - { - "name": "2be636359d12f2e126e0d77f6dfaa3ba883c97c6", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-12T13:15:46", - "valid_before": "2025-10-29T13:15:46" - }, - { - "name": "b42bff156412b21c8615812a79d72ba55d6bafb4", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:44", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "24a51f6716e116e4b0c095d727d4a101242b82a2", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "a9ef76bd9a4bf65183c4eca79577351caf8a8b9c", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:47", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "3ec34a6521569dd67684f27f37d1d6ab56db09dc", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:43", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c450c6187eeddc932b29ffd3d0f3e675bf53af62", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:45", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "da1ab7a5db1c4c450463dd8897ce39f496b0ad66", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "f69cf03d448314cf03036f08165420dfe98b3992", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:50", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "ce51dbe0ea021fb2e8124f86d8842546246040c1", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:51", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "9fb92292efcb6cf783f5b7ef3bc67a293bea8a33", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:52", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c0604742fabec0b925df21e0606a25c9e007f571", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:38:22", - "valid_before": "9999-12-31T23:59:59" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "101453138596815216260" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "projects/nodal-time-474015-p5/serviceAccounts/test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "type": "ServiceAccount", - "uid": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "Ensure that your Google Cloud user-managed service accounts are not using privileged (administrator) roles, in order to implement the principle of least privilege and prevent any accidental or intentional modifications that may lead to data leaks and/or data loss.", - "references": [ - "https://cloud.google.com/iam/docs/manage-access-service-accounts" - ] - }, - "risk_details": "Enrolling ServiceAccount with Admin rights gives full access to an assigned application or a VM. A ServiceAccount Access holder can perform critical actions, such as delete and update change settings, without user intervention.", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Account 784623368087-compute@developer.gserviceaccount.com has administrative privileges with roles/editor.", - "metadata": { - "event_code": "iam_sa_no_administrative_privileges", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Account 784623368087-compute@developer.gserviceaccount.com has administrative privileges with roles/editor.", - "status_id": 1, - "unmapped": { - "related_url": "https://www.trendmicro.com/cloudoneconformity/knowledge-base/gcp/CloudIAM/restrict-admin-access-for-service-accounts.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.5" - ], - "SOC2": [ - "cc_1_3", - "cc_6_3" - ], - "ISO27001-2022": [ - "A.5.15", - "A.5.18", - "A.8.2", - "A.8.3" - ], - "ENS-RD2022": [ - "op.acc.3.gcp.iam.1", - "opc.acc.4.gcp.iam.1" - ], - "PCI-4.0": [ - "1.5.1.31", - "7.2.1.5", - "7.2.1.11", - "7.2.1.14", - "7.2.1.15", - "7.2.1.16", - "7.2.1.19", - "7.2.2.5", - "7.2.2.14", - "7.2.2.15", - "7.2.2.16", - "7.2.2.17", - "7.2.2.19", - "7.2.3.7", - "7.2.5.3", - "7.2.5.7", - "7.2.5.10", - "7.2.5.11", - "7.2.5.12", - "7.2.5.13", - "7.3.1.3", - "7.3.1.7", - "7.3.1.10", - "7.3.1.11", - "7.3.1.12", - "7.3.1.13", - "7.3.2.3", - "7.3.2.7", - "7.3.2.8", - "7.3.2.10", - "7.3.2.11", - "7.3.2.13", - "7.3.3.3", - "7.3.3.7", - "7.3.3.10", - "7.3.3.11", - "7.3.3.12", - "7.3.3.13", - "8.2.1.4", - "8.2.2.6", - "8.2.5.4", - "8.2.7.3", - "8.2.7.10", - "8.2.7.11", - "8.2.7.13", - "8.2.8.5", - "8.2.8.9", - "8.2.8.12", - "8.2.8.13", - "8.2.8.15", - "8.3.4.3", - "8.3.4.10", - "8.3.4.11", - "8.3.4.12", - "8.3.4.13" - ], - "MITRE-ATTACK": [ - "T1078", - "T1098", - "T1556", - "T1578", - "T1550", - "T1606", - "T1040", - "T1087", - "T1580", - "T1538", - "T1069" - ], - "CIS-2.0": [ - "1.5" - ], - "NIS2": [ - "3.2.3.e", - "6.2.2.b", - "6.7.2.e", - "6.7.2.g", - "11.1.2.c", - "11.2.2.a", - "11.2.2.d", - "11.3.1", - "11.3.2.b", - "11.3.2.c", - "11.3.2.d", - "11.4.2.a", - "11.4.2.c" - ], - "ProwlerThreatScore-1.0": [ - "1.2.2" - ], - "CIS-4.0": [ - "1.5" - ], - "CCC": [ - "CCC.DataWar.CN03.AR01", - "CCC.GenAI.CN06.AR01", - "CCC.LB.CN04.AR01", - "CCC.LB.CN05.AR01", - "CCC.LB.CN09.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.MLDE.CN03.AR02", - "CCC.Monitor.CN06.AR01", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "Ensure Service Account does not have admin privileges", - "title": "Ensure Service Account does not have admin privileges", - "types": [], - "uid": "prowler-gcp-iam_sa_no_administrative_privileges-nodal-time-474015-p5-global-projects/nodal-time-474015-p5/serviceAccounts/784623368087-compute@developer.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/784623368087-compute@developer.gserviceaccount.com", - "email": "784623368087-compute@developer.gserviceaccount.com", - "display_name": "Compute Engine default service account", - "keys": [ - { - "name": "202c306e41b020fefe81250bea563d31c07138e3", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-06T10:25:01", - "valid_before": "2025-10-23T10:25:01" - }, - { - "name": "93b9e85d69bcb0503b5a7696d8b3bf5855a91d37", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-15T10:25:01", - "valid_before": "2025-10-31T10:25:01" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "111974737467208838860" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "projects/nodal-time-474015-p5/serviceAccounts/784623368087-compute@developer.gserviceaccount.com", - "type": "ServiceAccount", - "uid": "784623368087-compute@developer.gserviceaccount.com" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "Ensure that your Google Cloud user-managed service accounts are not using privileged (administrator) roles, in order to implement the principle of least privilege and prevent any accidental or intentional modifications that may lead to data leaks and/or data loss.", - "references": [ - "https://cloud.google.com/iam/docs/manage-access-service-accounts" - ] - }, - "risk_details": "Enrolling ServiceAccount with Admin rights gives full access to an assigned application or a VM. A ServiceAccount Access holder can perform critical actions, such as delete and update change settings, without user intervention.", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Account vertex-ai-workbench-sa@nodal-time-474015-p5.iam.gserviceaccount.com has no administrative privileges.", - "metadata": { - "event_code": "iam_sa_no_administrative_privileges", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Account vertex-ai-workbench-sa@nodal-time-474015-p5.iam.gserviceaccount.com has no administrative privileges.", - "status_id": 1, - "unmapped": { - "related_url": "https://www.trendmicro.com/cloudoneconformity/knowledge-base/gcp/CloudIAM/restrict-admin-access-for-service-accounts.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.5" - ], - "SOC2": [ - "cc_1_3", - "cc_6_3" - ], - "ISO27001-2022": [ - "A.5.15", - "A.5.18", - "A.8.2", - "A.8.3" - ], - "ENS-RD2022": [ - "op.acc.3.gcp.iam.1", - "opc.acc.4.gcp.iam.1" - ], - "PCI-4.0": [ - "1.5.1.31", - "7.2.1.5", - "7.2.1.11", - "7.2.1.14", - "7.2.1.15", - "7.2.1.16", - "7.2.1.19", - "7.2.2.5", - "7.2.2.14", - "7.2.2.15", - "7.2.2.16", - "7.2.2.17", - "7.2.2.19", - "7.2.3.7", - "7.2.5.3", - "7.2.5.7", - "7.2.5.10", - "7.2.5.11", - "7.2.5.12", - "7.2.5.13", - "7.3.1.3", - "7.3.1.7", - "7.3.1.10", - "7.3.1.11", - "7.3.1.12", - "7.3.1.13", - "7.3.2.3", - "7.3.2.7", - "7.3.2.8", - "7.3.2.10", - "7.3.2.11", - "7.3.2.13", - "7.3.3.3", - "7.3.3.7", - "7.3.3.10", - "7.3.3.11", - "7.3.3.12", - "7.3.3.13", - "8.2.1.4", - "8.2.2.6", - "8.2.5.4", - "8.2.7.3", - "8.2.7.10", - "8.2.7.11", - "8.2.7.13", - "8.2.8.5", - "8.2.8.9", - "8.2.8.12", - "8.2.8.13", - "8.2.8.15", - "8.3.4.3", - "8.3.4.10", - "8.3.4.11", - "8.3.4.12", - "8.3.4.13" - ], - "MITRE-ATTACK": [ - "T1078", - "T1098", - "T1556", - "T1578", - "T1550", - "T1606", - "T1040", - "T1087", - "T1580", - "T1538", - "T1069" - ], - "CIS-2.0": [ - "1.5" - ], - "NIS2": [ - "3.2.3.e", - "6.2.2.b", - "6.7.2.e", - "6.7.2.g", - "11.1.2.c", - "11.2.2.a", - "11.2.2.d", - "11.3.1", - "11.3.2.b", - "11.3.2.c", - "11.3.2.d", - "11.4.2.a", - "11.4.2.c" - ], - "ProwlerThreatScore-1.0": [ - "1.2.2" - ], - "CIS-4.0": [ - "1.5" - ], - "CCC": [ - "CCC.DataWar.CN03.AR01", - "CCC.GenAI.CN06.AR01", - "CCC.LB.CN04.AR01", - "CCC.LB.CN05.AR01", - "CCC.LB.CN09.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.MLDE.CN03.AR02", - "CCC.Monitor.CN06.AR01", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "Ensure Service Account does not have admin privileges", - "title": "Ensure Service Account does not have admin privileges", - "types": [], - "uid": "prowler-gcp-iam_sa_no_administrative_privileges-nodal-time-474015-p5-global-projects/nodal-time-474015-p5/serviceAccounts/vertex-ai-workbench-sa@nodal-time-474015-p5.iam.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/vertex-ai-workbench-sa@nodal-time-474015-p5.iam.gserviceaccount.com", - "email": "vertex-ai-workbench-sa@nodal-time-474015-p5.iam.gserviceaccount.com", - "display_name": "Vertex AI Workbench Service Account", - "keys": [ - { - "name": "92e39887344dae71e19dc25c005a53a68ceb62cb", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-16T23:21:52", - "valid_before": "2027-10-29T23:07:36" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "108352930858191263233" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "projects/nodal-time-474015-p5/serviceAccounts/vertex-ai-workbench-sa@nodal-time-474015-p5.iam.gserviceaccount.com", - "type": "ServiceAccount", - "uid": "vertex-ai-workbench-sa@nodal-time-474015-p5.iam.gserviceaccount.com" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "Ensure that your Google Cloud user-managed service accounts are not using privileged (administrator) roles, in order to implement the principle of least privilege and prevent any accidental or intentional modifications that may lead to data leaks and/or data loss.", - "references": [ - "https://cloud.google.com/iam/docs/manage-access-service-accounts" - ] - }, - "risk_details": "Enrolling ServiceAccount with Admin rights gives full access to an assigned application or a VM. A ServiceAccount Access holder can perform critical actions, such as delete and update change settings, without user intervention.", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Account gha-deployer@nodal-time-474015-p5.iam.gserviceaccount.com does not have user-managed keys.", - "metadata": { - "event_code": "iam_sa_no_user_managed_keys", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Account gha-deployer@nodal-time-474015-p5.iam.gserviceaccount.com does not have user-managed keys.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.4" - ], - "SOC2": [ - "cc_1_3" - ], - "ISO27001-2022": [ - "A.5.15", - "A.8.2" - ], - "ENS-RD2022": [ - "op.acc.2.gcp.rbak.1", - "op.acc.3.gcp.iam.1" - ], - "PCI-4.0": [ - "3.5.1.1.8", - "3.5.1.3.16", - "3.6.1.3.8", - "3.6.1.4.8", - "3.7.2.8", - "3.7.7.8", - "7.2.1.10", - "7.2.5.1.2", - "7.3.1.6", - "7.3.1.7", - "7.3.2.7", - "7.3.3.6", - "8.2.1.1", - "8.2.1.4", - "8.2.2.6", - "8.2.5.4" - ], - "MITRE-ATTACK": [ - "T1078", - "T1098", - "T1556", - "T1578", - "T1550", - "T1580", - "T1538", - "T1069" - ], - "CIS-2.0": [ - "1.4" - ], - "NIS2": [ - "6.2.2.b", - "9.2.c", - "9.2.c.i", - "9.2.c.xii", - "11.1.2.c", - "11.2.2.a", - "11.2.2.d", - "11.3.1", - "11.3.2.a", - "11.3.2.c", - "11.3.2.d", - "11.4.2.c", - "11.5.4" - ], - "CIS-4.0": [ - "1.4" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "Ensure That There Are Only GCP-Managed Service Account Keys for Each Service Account", - "title": "Ensure That There Are Only GCP-Managed Service Account Keys for Each Service Account", - "types": [], - "uid": "prowler-gcp-iam_sa_no_user_managed_keys-nodal-time-474015-p5-global-projects/nodal-time-474015-p5/serviceAccounts/gha-deployer@nodal-time-474015-p5.iam.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/gha-deployer@nodal-time-474015-p5.iam.gserviceaccount.com", - "email": "gha-deployer@nodal-time-474015-p5.iam.gserviceaccount.com", - "display_name": "GitHub Actions Deployer", - "keys": [ - { - "name": "3f2a81ba4bce0b39089b85a2e7678d09d2d183f6", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-16T22:26:26", - "valid_before": "2027-10-28T08:50:15" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "114112078080729873885" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "projects/nodal-time-474015-p5/serviceAccounts/gha-deployer@nodal-time-474015-p5.iam.gserviceaccount.com", - "type": "ServiceAccountKey", - "uid": "gha-deployer@nodal-time-474015-p5.iam.gserviceaccount.com" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended to prevent user-managed service account keys.", - "references": [ - "https://cloud.google.com/iam/docs/creating-managing-service-account-keys" - ] - }, - "risk_details": "Anyone who has access to the keys will be able to access resources through the service account. GCP-managed keys are used by Cloud Platform services such as App Engine and Compute Engine. These keys cannot be downloaded. Google will keep the keys and automatically rotate them on an approximately weekly basis. User-managed keys are created, downloadable, and managed by users.", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com has user-managed keys.", - "metadata": { - "event_code": "iam_sa_no_user_managed_keys", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com has user-managed keys.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.4" - ], - "SOC2": [ - "cc_1_3" - ], - "ISO27001-2022": [ - "A.5.15", - "A.8.2" - ], - "ENS-RD2022": [ - "op.acc.2.gcp.rbak.1", - "op.acc.3.gcp.iam.1" - ], - "PCI-4.0": [ - "3.5.1.1.8", - "3.5.1.3.16", - "3.6.1.3.8", - "3.6.1.4.8", - "3.7.2.8", - "3.7.7.8", - "7.2.1.10", - "7.2.5.1.2", - "7.3.1.6", - "7.3.1.7", - "7.3.2.7", - "7.3.3.6", - "8.2.1.1", - "8.2.1.4", - "8.2.2.6", - "8.2.5.4" - ], - "MITRE-ATTACK": [ - "T1078", - "T1098", - "T1556", - "T1578", - "T1550", - "T1580", - "T1538", - "T1069" - ], - "CIS-2.0": [ - "1.4" - ], - "NIS2": [ - "6.2.2.b", - "9.2.c", - "9.2.c.i", - "9.2.c.xii", - "11.1.2.c", - "11.2.2.a", - "11.2.2.d", - "11.3.1", - "11.3.2.a", - "11.3.2.c", - "11.3.2.d", - "11.4.2.c", - "11.5.4" - ], - "CIS-4.0": [ - "1.4" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "Ensure That There Are Only GCP-Managed Service Account Keys for Each Service Account", - "title": "Ensure That There Are Only GCP-Managed Service Account Keys for Each Service Account", - "types": [], - "uid": "prowler-gcp-iam_sa_no_user_managed_keys-nodal-time-474015-p5-global-projects/nodal-time-474015-p5/serviceAccounts/test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "email": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "display_name": "CCC Test User: test-user-trusted", - "keys": [ - { - "name": "2be636359d12f2e126e0d77f6dfaa3ba883c97c6", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-12T13:15:46", - "valid_before": "2025-10-29T13:15:46" - }, - { - "name": "b42bff156412b21c8615812a79d72ba55d6bafb4", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:44", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "24a51f6716e116e4b0c095d727d4a101242b82a2", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "a9ef76bd9a4bf65183c4eca79577351caf8a8b9c", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:47", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "3ec34a6521569dd67684f27f37d1d6ab56db09dc", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:43", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c450c6187eeddc932b29ffd3d0f3e675bf53af62", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:45", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "da1ab7a5db1c4c450463dd8897ce39f496b0ad66", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "f69cf03d448314cf03036f08165420dfe98b3992", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:50", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "ce51dbe0ea021fb2e8124f86d8842546246040c1", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:51", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "9fb92292efcb6cf783f5b7ef3bc67a293bea8a33", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:52", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c0604742fabec0b925df21e0606a25c9e007f571", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:38:22", - "valid_before": "9999-12-31T23:59:59" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "101453138596815216260" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "projects/nodal-time-474015-p5/serviceAccounts/test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "type": "ServiceAccountKey", - "uid": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended to prevent user-managed service account keys.", - "references": [ - "https://cloud.google.com/iam/docs/creating-managing-service-account-keys" - ] - }, - "risk_details": "Anyone who has access to the keys will be able to access resources through the service account. GCP-managed keys are used by Cloud Platform services such as App Engine and Compute Engine. These keys cannot be downloaded. Google will keep the keys and automatically rotate them on an approximately weekly basis. User-managed keys are created, downloadable, and managed by users.", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Account 784623368087-compute@developer.gserviceaccount.com does not have user-managed keys.", - "metadata": { - "event_code": "iam_sa_no_user_managed_keys", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Account 784623368087-compute@developer.gserviceaccount.com does not have user-managed keys.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.4" - ], - "SOC2": [ - "cc_1_3" - ], - "ISO27001-2022": [ - "A.5.15", - "A.8.2" - ], - "ENS-RD2022": [ - "op.acc.2.gcp.rbak.1", - "op.acc.3.gcp.iam.1" - ], - "PCI-4.0": [ - "3.5.1.1.8", - "3.5.1.3.16", - "3.6.1.3.8", - "3.6.1.4.8", - "3.7.2.8", - "3.7.7.8", - "7.2.1.10", - "7.2.5.1.2", - "7.3.1.6", - "7.3.1.7", - "7.3.2.7", - "7.3.3.6", - "8.2.1.1", - "8.2.1.4", - "8.2.2.6", - "8.2.5.4" - ], - "MITRE-ATTACK": [ - "T1078", - "T1098", - "T1556", - "T1578", - "T1550", - "T1580", - "T1538", - "T1069" - ], - "CIS-2.0": [ - "1.4" - ], - "NIS2": [ - "6.2.2.b", - "9.2.c", - "9.2.c.i", - "9.2.c.xii", - "11.1.2.c", - "11.2.2.a", - "11.2.2.d", - "11.3.1", - "11.3.2.a", - "11.3.2.c", - "11.3.2.d", - "11.4.2.c", - "11.5.4" - ], - "CIS-4.0": [ - "1.4" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "Ensure That There Are Only GCP-Managed Service Account Keys for Each Service Account", - "title": "Ensure That There Are Only GCP-Managed Service Account Keys for Each Service Account", - "types": [], - "uid": "prowler-gcp-iam_sa_no_user_managed_keys-nodal-time-474015-p5-global-projects/nodal-time-474015-p5/serviceAccounts/784623368087-compute@developer.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/784623368087-compute@developer.gserviceaccount.com", - "email": "784623368087-compute@developer.gserviceaccount.com", - "display_name": "Compute Engine default service account", - "keys": [ - { - "name": "202c306e41b020fefe81250bea563d31c07138e3", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-06T10:25:01", - "valid_before": "2025-10-23T10:25:01" - }, - { - "name": "93b9e85d69bcb0503b5a7696d8b3bf5855a91d37", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-15T10:25:01", - "valid_before": "2025-10-31T10:25:01" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "111974737467208838860" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "projects/nodal-time-474015-p5/serviceAccounts/784623368087-compute@developer.gserviceaccount.com", - "type": "ServiceAccountKey", - "uid": "784623368087-compute@developer.gserviceaccount.com" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended to prevent user-managed service account keys.", - "references": [ - "https://cloud.google.com/iam/docs/creating-managing-service-account-keys" - ] - }, - "risk_details": "Anyone who has access to the keys will be able to access resources through the service account. GCP-managed keys are used by Cloud Platform services such as App Engine and Compute Engine. These keys cannot be downloaded. Google will keep the keys and automatically rotate them on an approximately weekly basis. User-managed keys are created, downloadable, and managed by users.", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Account vertex-ai-workbench-sa@nodal-time-474015-p5.iam.gserviceaccount.com does not have user-managed keys.", - "metadata": { - "event_code": "iam_sa_no_user_managed_keys", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Account vertex-ai-workbench-sa@nodal-time-474015-p5.iam.gserviceaccount.com does not have user-managed keys.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.4" - ], - "SOC2": [ - "cc_1_3" - ], - "ISO27001-2022": [ - "A.5.15", - "A.8.2" - ], - "ENS-RD2022": [ - "op.acc.2.gcp.rbak.1", - "op.acc.3.gcp.iam.1" - ], - "PCI-4.0": [ - "3.5.1.1.8", - "3.5.1.3.16", - "3.6.1.3.8", - "3.6.1.4.8", - "3.7.2.8", - "3.7.7.8", - "7.2.1.10", - "7.2.5.1.2", - "7.3.1.6", - "7.3.1.7", - "7.3.2.7", - "7.3.3.6", - "8.2.1.1", - "8.2.1.4", - "8.2.2.6", - "8.2.5.4" - ], - "MITRE-ATTACK": [ - "T1078", - "T1098", - "T1556", - "T1578", - "T1550", - "T1580", - "T1538", - "T1069" - ], - "CIS-2.0": [ - "1.4" - ], - "NIS2": [ - "6.2.2.b", - "9.2.c", - "9.2.c.i", - "9.2.c.xii", - "11.1.2.c", - "11.2.2.a", - "11.2.2.d", - "11.3.1", - "11.3.2.a", - "11.3.2.c", - "11.3.2.d", - "11.4.2.c", - "11.5.4" - ], - "CIS-4.0": [ - "1.4" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "Ensure That There Are Only GCP-Managed Service Account Keys for Each Service Account", - "title": "Ensure That There Are Only GCP-Managed Service Account Keys for Each Service Account", - "types": [], - "uid": "prowler-gcp-iam_sa_no_user_managed_keys-nodal-time-474015-p5-global-projects/nodal-time-474015-p5/serviceAccounts/vertex-ai-workbench-sa@nodal-time-474015-p5.iam.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/vertex-ai-workbench-sa@nodal-time-474015-p5.iam.gserviceaccount.com", - "email": "vertex-ai-workbench-sa@nodal-time-474015-p5.iam.gserviceaccount.com", - "display_name": "Vertex AI Workbench Service Account", - "keys": [ - { - "name": "92e39887344dae71e19dc25c005a53a68ceb62cb", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-16T23:21:52", - "valid_before": "2027-10-29T23:07:36" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "108352930858191263233" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "projects/nodal-time-474015-p5/serviceAccounts/vertex-ai-workbench-sa@nodal-time-474015-p5.iam.gserviceaccount.com", - "type": "ServiceAccountKey", - "uid": "vertex-ai-workbench-sa@nodal-time-474015-p5.iam.gserviceaccount.com" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended to prevent user-managed service account keys.", - "references": [ - "https://cloud.google.com/iam/docs/creating-managing-service-account-keys" - ] - }, - "risk_details": "Anyone who has access to the keys will be able to access resources through the service account. GCP-managed keys are used by Cloud Platform services such as App Engine and Compute Engine. These keys cannot be downloaded. Google will keep the keys and automatically rotate them on an approximately weekly basis. User-managed keys are created, downloadable, and managed by users.", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User-managed key b42bff156412b21c8615812a79d72ba55d6bafb4 for account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was rotated over the last 90 days (6 days ago).", - "metadata": { - "event_code": "iam_sa_user_managed_key_rotate_90_days", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "PASS", - "status_detail": "User-managed key b42bff156412b21c8615812a79d72ba55d6bafb4 for account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was rotated over the last 90 days (6 days ago).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.7" - ], - "ISO27001-2022": [ - "A.5.16" - ], - "ENS-RD2022": [ - "op.acc.6.r1.gcp.ip.1" - ], - "PCI-4.0": [ - "3.7.5.2", - "7.2.5.1.2", - "8.3.10.1.1", - "8.3.5.1", - "8.3.7.1", - "8.3.9.1", - "8.6.3.1" - ], - "MITRE-ATTACK": [ - "T1078", - "T1098" - ], - "CIS-2.0": [ - "1.7" - ], - "NIS2": [ - "9.2.c", - "9.2.c.i", - "9.2.c.ii", - "9.2.c.v", - "9.2.c.vi", - "9.2.c.vii", - "9.2.c.xii", - "11.5.4", - "11.6.2.c", - "12.2.2.a", - "12.2.2.b" - ], - "ProwlerThreatScore-1.0": [ - "1.1.1" - ], - "CIS-4.0": [ - "1.7" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "Ensure User-Managed/External Keys for Service Accounts Are Rotated Every 90 Days", - "title": "Ensure User-Managed/External Keys for Service Accounts Are Rotated Every 90 Days", - "types": [], - "uid": "prowler-gcp-iam_sa_user_managed_key_rotate_90_days-nodal-time-474015-p5-global-test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "email": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "display_name": "CCC Test User: test-user-trusted", - "keys": [ - { - "name": "2be636359d12f2e126e0d77f6dfaa3ba883c97c6", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-12T13:15:46", - "valid_before": "2025-10-29T13:15:46" - }, - { - "name": "b42bff156412b21c8615812a79d72ba55d6bafb4", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:44", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "24a51f6716e116e4b0c095d727d4a101242b82a2", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "a9ef76bd9a4bf65183c4eca79577351caf8a8b9c", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:47", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "3ec34a6521569dd67684f27f37d1d6ab56db09dc", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:43", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c450c6187eeddc932b29ffd3d0f3e675bf53af62", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:45", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "da1ab7a5db1c4c450463dd8897ce39f496b0ad66", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "f69cf03d448314cf03036f08165420dfe98b3992", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:50", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "ce51dbe0ea021fb2e8124f86d8842546246040c1", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:51", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "9fb92292efcb6cf783f5b7ef3bc67a293bea8a33", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:52", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c0604742fabec0b925df21e0606a25c9e007f571", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:38:22", - "valid_before": "9999-12-31T23:59:59" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "101453138596815216260" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "type": "ServiceAccountKey", - "uid": "b42bff156412b21c8615812a79d72ba55d6bafb4" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended that all Service Account keys are regularly rotated.", - "references": [ - "https://cloud.google.com/iam/docs/creating-managing-service-account-keys" - ] - }, - "risk_details": "Service Account keys should be rotated to ensure that data cannot be accessed with an old key that might have been lost, cracked, or stolen.", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User-managed key 24a51f6716e116e4b0c095d727d4a101242b82a2 for account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was rotated over the last 90 days (6 days ago).", - "metadata": { - "event_code": "iam_sa_user_managed_key_rotate_90_days", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "PASS", - "status_detail": "User-managed key 24a51f6716e116e4b0c095d727d4a101242b82a2 for account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was rotated over the last 90 days (6 days ago).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.7" - ], - "ISO27001-2022": [ - "A.5.16" - ], - "ENS-RD2022": [ - "op.acc.6.r1.gcp.ip.1" - ], - "PCI-4.0": [ - "3.7.5.2", - "7.2.5.1.2", - "8.3.10.1.1", - "8.3.5.1", - "8.3.7.1", - "8.3.9.1", - "8.6.3.1" - ], - "MITRE-ATTACK": [ - "T1078", - "T1098" - ], - "CIS-2.0": [ - "1.7" - ], - "NIS2": [ - "9.2.c", - "9.2.c.i", - "9.2.c.ii", - "9.2.c.v", - "9.2.c.vi", - "9.2.c.vii", - "9.2.c.xii", - "11.5.4", - "11.6.2.c", - "12.2.2.a", - "12.2.2.b" - ], - "ProwlerThreatScore-1.0": [ - "1.1.1" - ], - "CIS-4.0": [ - "1.7" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "Ensure User-Managed/External Keys for Service Accounts Are Rotated Every 90 Days", - "title": "Ensure User-Managed/External Keys for Service Accounts Are Rotated Every 90 Days", - "types": [], - "uid": "prowler-gcp-iam_sa_user_managed_key_rotate_90_days-nodal-time-474015-p5-global-test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "email": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "display_name": "CCC Test User: test-user-trusted", - "keys": [ - { - "name": "2be636359d12f2e126e0d77f6dfaa3ba883c97c6", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-12T13:15:46", - "valid_before": "2025-10-29T13:15:46" - }, - { - "name": "b42bff156412b21c8615812a79d72ba55d6bafb4", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:44", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "24a51f6716e116e4b0c095d727d4a101242b82a2", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "a9ef76bd9a4bf65183c4eca79577351caf8a8b9c", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:47", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "3ec34a6521569dd67684f27f37d1d6ab56db09dc", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:43", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c450c6187eeddc932b29ffd3d0f3e675bf53af62", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:45", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "da1ab7a5db1c4c450463dd8897ce39f496b0ad66", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "f69cf03d448314cf03036f08165420dfe98b3992", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:50", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "ce51dbe0ea021fb2e8124f86d8842546246040c1", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:51", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "9fb92292efcb6cf783f5b7ef3bc67a293bea8a33", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:52", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c0604742fabec0b925df21e0606a25c9e007f571", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:38:22", - "valid_before": "9999-12-31T23:59:59" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "101453138596815216260" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "type": "ServiceAccountKey", - "uid": "24a51f6716e116e4b0c095d727d4a101242b82a2" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended that all Service Account keys are regularly rotated.", - "references": [ - "https://cloud.google.com/iam/docs/creating-managing-service-account-keys" - ] - }, - "risk_details": "Service Account keys should be rotated to ensure that data cannot be accessed with an old key that might have been lost, cracked, or stolen.", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User-managed key a9ef76bd9a4bf65183c4eca79577351caf8a8b9c for account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was rotated over the last 90 days (6 days ago).", - "metadata": { - "event_code": "iam_sa_user_managed_key_rotate_90_days", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "PASS", - "status_detail": "User-managed key a9ef76bd9a4bf65183c4eca79577351caf8a8b9c for account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was rotated over the last 90 days (6 days ago).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.7" - ], - "ISO27001-2022": [ - "A.5.16" - ], - "ENS-RD2022": [ - "op.acc.6.r1.gcp.ip.1" - ], - "PCI-4.0": [ - "3.7.5.2", - "7.2.5.1.2", - "8.3.10.1.1", - "8.3.5.1", - "8.3.7.1", - "8.3.9.1", - "8.6.3.1" - ], - "MITRE-ATTACK": [ - "T1078", - "T1098" - ], - "CIS-2.0": [ - "1.7" - ], - "NIS2": [ - "9.2.c", - "9.2.c.i", - "9.2.c.ii", - "9.2.c.v", - "9.2.c.vi", - "9.2.c.vii", - "9.2.c.xii", - "11.5.4", - "11.6.2.c", - "12.2.2.a", - "12.2.2.b" - ], - "ProwlerThreatScore-1.0": [ - "1.1.1" - ], - "CIS-4.0": [ - "1.7" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "Ensure User-Managed/External Keys for Service Accounts Are Rotated Every 90 Days", - "title": "Ensure User-Managed/External Keys for Service Accounts Are Rotated Every 90 Days", - "types": [], - "uid": "prowler-gcp-iam_sa_user_managed_key_rotate_90_days-nodal-time-474015-p5-global-test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "email": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "display_name": "CCC Test User: test-user-trusted", - "keys": [ - { - "name": "2be636359d12f2e126e0d77f6dfaa3ba883c97c6", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-12T13:15:46", - "valid_before": "2025-10-29T13:15:46" - }, - { - "name": "b42bff156412b21c8615812a79d72ba55d6bafb4", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:44", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "24a51f6716e116e4b0c095d727d4a101242b82a2", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "a9ef76bd9a4bf65183c4eca79577351caf8a8b9c", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:47", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "3ec34a6521569dd67684f27f37d1d6ab56db09dc", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:43", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c450c6187eeddc932b29ffd3d0f3e675bf53af62", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:45", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "da1ab7a5db1c4c450463dd8897ce39f496b0ad66", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "f69cf03d448314cf03036f08165420dfe98b3992", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:50", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "ce51dbe0ea021fb2e8124f86d8842546246040c1", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:51", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "9fb92292efcb6cf783f5b7ef3bc67a293bea8a33", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:52", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c0604742fabec0b925df21e0606a25c9e007f571", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:38:22", - "valid_before": "9999-12-31T23:59:59" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "101453138596815216260" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "type": "ServiceAccountKey", - "uid": "a9ef76bd9a4bf65183c4eca79577351caf8a8b9c" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended that all Service Account keys are regularly rotated.", - "references": [ - "https://cloud.google.com/iam/docs/creating-managing-service-account-keys" - ] - }, - "risk_details": "Service Account keys should be rotated to ensure that data cannot be accessed with an old key that might have been lost, cracked, or stolen.", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User-managed key 3ec34a6521569dd67684f27f37d1d6ab56db09dc for account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was rotated over the last 90 days (4 days ago).", - "metadata": { - "event_code": "iam_sa_user_managed_key_rotate_90_days", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "PASS", - "status_detail": "User-managed key 3ec34a6521569dd67684f27f37d1d6ab56db09dc for account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was rotated over the last 90 days (4 days ago).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.7" - ], - "ISO27001-2022": [ - "A.5.16" - ], - "ENS-RD2022": [ - "op.acc.6.r1.gcp.ip.1" - ], - "PCI-4.0": [ - "3.7.5.2", - "7.2.5.1.2", - "8.3.10.1.1", - "8.3.5.1", - "8.3.7.1", - "8.3.9.1", - "8.6.3.1" - ], - "MITRE-ATTACK": [ - "T1078", - "T1098" - ], - "CIS-2.0": [ - "1.7" - ], - "NIS2": [ - "9.2.c", - "9.2.c.i", - "9.2.c.ii", - "9.2.c.v", - "9.2.c.vi", - "9.2.c.vii", - "9.2.c.xii", - "11.5.4", - "11.6.2.c", - "12.2.2.a", - "12.2.2.b" - ], - "ProwlerThreatScore-1.0": [ - "1.1.1" - ], - "CIS-4.0": [ - "1.7" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "Ensure User-Managed/External Keys for Service Accounts Are Rotated Every 90 Days", - "title": "Ensure User-Managed/External Keys for Service Accounts Are Rotated Every 90 Days", - "types": [], - "uid": "prowler-gcp-iam_sa_user_managed_key_rotate_90_days-nodal-time-474015-p5-global-test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "email": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "display_name": "CCC Test User: test-user-trusted", - "keys": [ - { - "name": "2be636359d12f2e126e0d77f6dfaa3ba883c97c6", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-12T13:15:46", - "valid_before": "2025-10-29T13:15:46" - }, - { - "name": "b42bff156412b21c8615812a79d72ba55d6bafb4", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:44", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "24a51f6716e116e4b0c095d727d4a101242b82a2", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "a9ef76bd9a4bf65183c4eca79577351caf8a8b9c", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:47", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "3ec34a6521569dd67684f27f37d1d6ab56db09dc", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:43", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c450c6187eeddc932b29ffd3d0f3e675bf53af62", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:45", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "da1ab7a5db1c4c450463dd8897ce39f496b0ad66", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "f69cf03d448314cf03036f08165420dfe98b3992", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:50", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "ce51dbe0ea021fb2e8124f86d8842546246040c1", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:51", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "9fb92292efcb6cf783f5b7ef3bc67a293bea8a33", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:52", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c0604742fabec0b925df21e0606a25c9e007f571", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:38:22", - "valid_before": "9999-12-31T23:59:59" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "101453138596815216260" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "type": "ServiceAccountKey", - "uid": "3ec34a6521569dd67684f27f37d1d6ab56db09dc" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended that all Service Account keys are regularly rotated.", - "references": [ - "https://cloud.google.com/iam/docs/creating-managing-service-account-keys" - ] - }, - "risk_details": "Service Account keys should be rotated to ensure that data cannot be accessed with an old key that might have been lost, cracked, or stolen.", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User-managed key c450c6187eeddc932b29ffd3d0f3e675bf53af62 for account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was rotated over the last 90 days (4 days ago).", - "metadata": { - "event_code": "iam_sa_user_managed_key_rotate_90_days", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "PASS", - "status_detail": "User-managed key c450c6187eeddc932b29ffd3d0f3e675bf53af62 for account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was rotated over the last 90 days (4 days ago).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.7" - ], - "ISO27001-2022": [ - "A.5.16" - ], - "ENS-RD2022": [ - "op.acc.6.r1.gcp.ip.1" - ], - "PCI-4.0": [ - "3.7.5.2", - "7.2.5.1.2", - "8.3.10.1.1", - "8.3.5.1", - "8.3.7.1", - "8.3.9.1", - "8.6.3.1" - ], - "MITRE-ATTACK": [ - "T1078", - "T1098" - ], - "CIS-2.0": [ - "1.7" - ], - "NIS2": [ - "9.2.c", - "9.2.c.i", - "9.2.c.ii", - "9.2.c.v", - "9.2.c.vi", - "9.2.c.vii", - "9.2.c.xii", - "11.5.4", - "11.6.2.c", - "12.2.2.a", - "12.2.2.b" - ], - "ProwlerThreatScore-1.0": [ - "1.1.1" - ], - "CIS-4.0": [ - "1.7" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "Ensure User-Managed/External Keys for Service Accounts Are Rotated Every 90 Days", - "title": "Ensure User-Managed/External Keys for Service Accounts Are Rotated Every 90 Days", - "types": [], - "uid": "prowler-gcp-iam_sa_user_managed_key_rotate_90_days-nodal-time-474015-p5-global-test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "email": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "display_name": "CCC Test User: test-user-trusted", - "keys": [ - { - "name": "2be636359d12f2e126e0d77f6dfaa3ba883c97c6", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-12T13:15:46", - "valid_before": "2025-10-29T13:15:46" - }, - { - "name": "b42bff156412b21c8615812a79d72ba55d6bafb4", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:44", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "24a51f6716e116e4b0c095d727d4a101242b82a2", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "a9ef76bd9a4bf65183c4eca79577351caf8a8b9c", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:47", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "3ec34a6521569dd67684f27f37d1d6ab56db09dc", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:43", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c450c6187eeddc932b29ffd3d0f3e675bf53af62", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:45", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "da1ab7a5db1c4c450463dd8897ce39f496b0ad66", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "f69cf03d448314cf03036f08165420dfe98b3992", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:50", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "ce51dbe0ea021fb2e8124f86d8842546246040c1", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:51", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "9fb92292efcb6cf783f5b7ef3bc67a293bea8a33", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:52", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c0604742fabec0b925df21e0606a25c9e007f571", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:38:22", - "valid_before": "9999-12-31T23:59:59" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "101453138596815216260" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "type": "ServiceAccountKey", - "uid": "c450c6187eeddc932b29ffd3d0f3e675bf53af62" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended that all Service Account keys are regularly rotated.", - "references": [ - "https://cloud.google.com/iam/docs/creating-managing-service-account-keys" - ] - }, - "risk_details": "Service Account keys should be rotated to ensure that data cannot be accessed with an old key that might have been lost, cracked, or stolen.", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User-managed key da1ab7a5db1c4c450463dd8897ce39f496b0ad66 for account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was rotated over the last 90 days (4 days ago).", - "metadata": { - "event_code": "iam_sa_user_managed_key_rotate_90_days", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "PASS", - "status_detail": "User-managed key da1ab7a5db1c4c450463dd8897ce39f496b0ad66 for account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was rotated over the last 90 days (4 days ago).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.7" - ], - "ISO27001-2022": [ - "A.5.16" - ], - "ENS-RD2022": [ - "op.acc.6.r1.gcp.ip.1" - ], - "PCI-4.0": [ - "3.7.5.2", - "7.2.5.1.2", - "8.3.10.1.1", - "8.3.5.1", - "8.3.7.1", - "8.3.9.1", - "8.6.3.1" - ], - "MITRE-ATTACK": [ - "T1078", - "T1098" - ], - "CIS-2.0": [ - "1.7" - ], - "NIS2": [ - "9.2.c", - "9.2.c.i", - "9.2.c.ii", - "9.2.c.v", - "9.2.c.vi", - "9.2.c.vii", - "9.2.c.xii", - "11.5.4", - "11.6.2.c", - "12.2.2.a", - "12.2.2.b" - ], - "ProwlerThreatScore-1.0": [ - "1.1.1" - ], - "CIS-4.0": [ - "1.7" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "Ensure User-Managed/External Keys for Service Accounts Are Rotated Every 90 Days", - "title": "Ensure User-Managed/External Keys for Service Accounts Are Rotated Every 90 Days", - "types": [], - "uid": "prowler-gcp-iam_sa_user_managed_key_rotate_90_days-nodal-time-474015-p5-global-test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "email": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "display_name": "CCC Test User: test-user-trusted", - "keys": [ - { - "name": "2be636359d12f2e126e0d77f6dfaa3ba883c97c6", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-12T13:15:46", - "valid_before": "2025-10-29T13:15:46" - }, - { - "name": "b42bff156412b21c8615812a79d72ba55d6bafb4", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:44", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "24a51f6716e116e4b0c095d727d4a101242b82a2", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "a9ef76bd9a4bf65183c4eca79577351caf8a8b9c", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:47", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "3ec34a6521569dd67684f27f37d1d6ab56db09dc", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:43", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c450c6187eeddc932b29ffd3d0f3e675bf53af62", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:45", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "da1ab7a5db1c4c450463dd8897ce39f496b0ad66", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "f69cf03d448314cf03036f08165420dfe98b3992", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:50", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "ce51dbe0ea021fb2e8124f86d8842546246040c1", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:51", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "9fb92292efcb6cf783f5b7ef3bc67a293bea8a33", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:52", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c0604742fabec0b925df21e0606a25c9e007f571", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:38:22", - "valid_before": "9999-12-31T23:59:59" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "101453138596815216260" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "type": "ServiceAccountKey", - "uid": "da1ab7a5db1c4c450463dd8897ce39f496b0ad66" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended that all Service Account keys are regularly rotated.", - "references": [ - "https://cloud.google.com/iam/docs/creating-managing-service-account-keys" - ] - }, - "risk_details": "Service Account keys should be rotated to ensure that data cannot be accessed with an old key that might have been lost, cracked, or stolen.", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User-managed key f69cf03d448314cf03036f08165420dfe98b3992 for account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was rotated over the last 90 days (4 days ago).", - "metadata": { - "event_code": "iam_sa_user_managed_key_rotate_90_days", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "PASS", - "status_detail": "User-managed key f69cf03d448314cf03036f08165420dfe98b3992 for account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was rotated over the last 90 days (4 days ago).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.7" - ], - "ISO27001-2022": [ - "A.5.16" - ], - "ENS-RD2022": [ - "op.acc.6.r1.gcp.ip.1" - ], - "PCI-4.0": [ - "3.7.5.2", - "7.2.5.1.2", - "8.3.10.1.1", - "8.3.5.1", - "8.3.7.1", - "8.3.9.1", - "8.6.3.1" - ], - "MITRE-ATTACK": [ - "T1078", - "T1098" - ], - "CIS-2.0": [ - "1.7" - ], - "NIS2": [ - "9.2.c", - "9.2.c.i", - "9.2.c.ii", - "9.2.c.v", - "9.2.c.vi", - "9.2.c.vii", - "9.2.c.xii", - "11.5.4", - "11.6.2.c", - "12.2.2.a", - "12.2.2.b" - ], - "ProwlerThreatScore-1.0": [ - "1.1.1" - ], - "CIS-4.0": [ - "1.7" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "Ensure User-Managed/External Keys for Service Accounts Are Rotated Every 90 Days", - "title": "Ensure User-Managed/External Keys for Service Accounts Are Rotated Every 90 Days", - "types": [], - "uid": "prowler-gcp-iam_sa_user_managed_key_rotate_90_days-nodal-time-474015-p5-global-test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "email": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "display_name": "CCC Test User: test-user-trusted", - "keys": [ - { - "name": "2be636359d12f2e126e0d77f6dfaa3ba883c97c6", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-12T13:15:46", - "valid_before": "2025-10-29T13:15:46" - }, - { - "name": "b42bff156412b21c8615812a79d72ba55d6bafb4", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:44", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "24a51f6716e116e4b0c095d727d4a101242b82a2", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "a9ef76bd9a4bf65183c4eca79577351caf8a8b9c", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:47", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "3ec34a6521569dd67684f27f37d1d6ab56db09dc", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:43", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c450c6187eeddc932b29ffd3d0f3e675bf53af62", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:45", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "da1ab7a5db1c4c450463dd8897ce39f496b0ad66", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "f69cf03d448314cf03036f08165420dfe98b3992", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:50", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "ce51dbe0ea021fb2e8124f86d8842546246040c1", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:51", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "9fb92292efcb6cf783f5b7ef3bc67a293bea8a33", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:52", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c0604742fabec0b925df21e0606a25c9e007f571", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:38:22", - "valid_before": "9999-12-31T23:59:59" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "101453138596815216260" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "type": "ServiceAccountKey", - "uid": "f69cf03d448314cf03036f08165420dfe98b3992" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended that all Service Account keys are regularly rotated.", - "references": [ - "https://cloud.google.com/iam/docs/creating-managing-service-account-keys" - ] - }, - "risk_details": "Service Account keys should be rotated to ensure that data cannot be accessed with an old key that might have been lost, cracked, or stolen.", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User-managed key ce51dbe0ea021fb2e8124f86d8842546246040c1 for account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was rotated over the last 90 days (4 days ago).", - "metadata": { - "event_code": "iam_sa_user_managed_key_rotate_90_days", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "PASS", - "status_detail": "User-managed key ce51dbe0ea021fb2e8124f86d8842546246040c1 for account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was rotated over the last 90 days (4 days ago).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.7" - ], - "ISO27001-2022": [ - "A.5.16" - ], - "ENS-RD2022": [ - "op.acc.6.r1.gcp.ip.1" - ], - "PCI-4.0": [ - "3.7.5.2", - "7.2.5.1.2", - "8.3.10.1.1", - "8.3.5.1", - "8.3.7.1", - "8.3.9.1", - "8.6.3.1" - ], - "MITRE-ATTACK": [ - "T1078", - "T1098" - ], - "CIS-2.0": [ - "1.7" - ], - "NIS2": [ - "9.2.c", - "9.2.c.i", - "9.2.c.ii", - "9.2.c.v", - "9.2.c.vi", - "9.2.c.vii", - "9.2.c.xii", - "11.5.4", - "11.6.2.c", - "12.2.2.a", - "12.2.2.b" - ], - "ProwlerThreatScore-1.0": [ - "1.1.1" - ], - "CIS-4.0": [ - "1.7" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "Ensure User-Managed/External Keys for Service Accounts Are Rotated Every 90 Days", - "title": "Ensure User-Managed/External Keys for Service Accounts Are Rotated Every 90 Days", - "types": [], - "uid": "prowler-gcp-iam_sa_user_managed_key_rotate_90_days-nodal-time-474015-p5-global-test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "email": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "display_name": "CCC Test User: test-user-trusted", - "keys": [ - { - "name": "2be636359d12f2e126e0d77f6dfaa3ba883c97c6", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-12T13:15:46", - "valid_before": "2025-10-29T13:15:46" - }, - { - "name": "b42bff156412b21c8615812a79d72ba55d6bafb4", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:44", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "24a51f6716e116e4b0c095d727d4a101242b82a2", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "a9ef76bd9a4bf65183c4eca79577351caf8a8b9c", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:47", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "3ec34a6521569dd67684f27f37d1d6ab56db09dc", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:43", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c450c6187eeddc932b29ffd3d0f3e675bf53af62", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:45", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "da1ab7a5db1c4c450463dd8897ce39f496b0ad66", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "f69cf03d448314cf03036f08165420dfe98b3992", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:50", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "ce51dbe0ea021fb2e8124f86d8842546246040c1", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:51", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "9fb92292efcb6cf783f5b7ef3bc67a293bea8a33", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:52", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c0604742fabec0b925df21e0606a25c9e007f571", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:38:22", - "valid_before": "9999-12-31T23:59:59" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "101453138596815216260" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "type": "ServiceAccountKey", - "uid": "ce51dbe0ea021fb2e8124f86d8842546246040c1" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended that all Service Account keys are regularly rotated.", - "references": [ - "https://cloud.google.com/iam/docs/creating-managing-service-account-keys" - ] - }, - "risk_details": "Service Account keys should be rotated to ensure that data cannot be accessed with an old key that might have been lost, cracked, or stolen.", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User-managed key 9fb92292efcb6cf783f5b7ef3bc67a293bea8a33 for account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was rotated over the last 90 days (4 days ago).", - "metadata": { - "event_code": "iam_sa_user_managed_key_rotate_90_days", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "PASS", - "status_detail": "User-managed key 9fb92292efcb6cf783f5b7ef3bc67a293bea8a33 for account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was rotated over the last 90 days (4 days ago).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.7" - ], - "ISO27001-2022": [ - "A.5.16" - ], - "ENS-RD2022": [ - "op.acc.6.r1.gcp.ip.1" - ], - "PCI-4.0": [ - "3.7.5.2", - "7.2.5.1.2", - "8.3.10.1.1", - "8.3.5.1", - "8.3.7.1", - "8.3.9.1", - "8.6.3.1" - ], - "MITRE-ATTACK": [ - "T1078", - "T1098" - ], - "CIS-2.0": [ - "1.7" - ], - "NIS2": [ - "9.2.c", - "9.2.c.i", - "9.2.c.ii", - "9.2.c.v", - "9.2.c.vi", - "9.2.c.vii", - "9.2.c.xii", - "11.5.4", - "11.6.2.c", - "12.2.2.a", - "12.2.2.b" - ], - "ProwlerThreatScore-1.0": [ - "1.1.1" - ], - "CIS-4.0": [ - "1.7" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "Ensure User-Managed/External Keys for Service Accounts Are Rotated Every 90 Days", - "title": "Ensure User-Managed/External Keys for Service Accounts Are Rotated Every 90 Days", - "types": [], - "uid": "prowler-gcp-iam_sa_user_managed_key_rotate_90_days-nodal-time-474015-p5-global-test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "email": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "display_name": "CCC Test User: test-user-trusted", - "keys": [ - { - "name": "2be636359d12f2e126e0d77f6dfaa3ba883c97c6", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-12T13:15:46", - "valid_before": "2025-10-29T13:15:46" - }, - { - "name": "b42bff156412b21c8615812a79d72ba55d6bafb4", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:44", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "24a51f6716e116e4b0c095d727d4a101242b82a2", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "a9ef76bd9a4bf65183c4eca79577351caf8a8b9c", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:47", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "3ec34a6521569dd67684f27f37d1d6ab56db09dc", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:43", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c450c6187eeddc932b29ffd3d0f3e675bf53af62", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:45", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "da1ab7a5db1c4c450463dd8897ce39f496b0ad66", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "f69cf03d448314cf03036f08165420dfe98b3992", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:50", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "ce51dbe0ea021fb2e8124f86d8842546246040c1", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:51", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "9fb92292efcb6cf783f5b7ef3bc67a293bea8a33", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:52", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c0604742fabec0b925df21e0606a25c9e007f571", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:38:22", - "valid_before": "9999-12-31T23:59:59" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "101453138596815216260" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "type": "ServiceAccountKey", - "uid": "9fb92292efcb6cf783f5b7ef3bc67a293bea8a33" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended that all Service Account keys are regularly rotated.", - "references": [ - "https://cloud.google.com/iam/docs/creating-managing-service-account-keys" - ] - }, - "risk_details": "Service Account keys should be rotated to ensure that data cannot be accessed with an old key that might have been lost, cracked, or stolen.", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User-managed key c0604742fabec0b925df21e0606a25c9e007f571 for account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was rotated over the last 90 days (4 days ago).", - "metadata": { - "event_code": "iam_sa_user_managed_key_rotate_90_days", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "PASS", - "status_detail": "User-managed key c0604742fabec0b925df21e0606a25c9e007f571 for account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was rotated over the last 90 days (4 days ago).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.7" - ], - "ISO27001-2022": [ - "A.5.16" - ], - "ENS-RD2022": [ - "op.acc.6.r1.gcp.ip.1" - ], - "PCI-4.0": [ - "3.7.5.2", - "7.2.5.1.2", - "8.3.10.1.1", - "8.3.5.1", - "8.3.7.1", - "8.3.9.1", - "8.6.3.1" - ], - "MITRE-ATTACK": [ - "T1078", - "T1098" - ], - "CIS-2.0": [ - "1.7" - ], - "NIS2": [ - "9.2.c", - "9.2.c.i", - "9.2.c.ii", - "9.2.c.v", - "9.2.c.vi", - "9.2.c.vii", - "9.2.c.xii", - "11.5.4", - "11.6.2.c", - "12.2.2.a", - "12.2.2.b" - ], - "ProwlerThreatScore-1.0": [ - "1.1.1" - ], - "CIS-4.0": [ - "1.7" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "Ensure User-Managed/External Keys for Service Accounts Are Rotated Every 90 Days", - "title": "Ensure User-Managed/External Keys for Service Accounts Are Rotated Every 90 Days", - "types": [], - "uid": "prowler-gcp-iam_sa_user_managed_key_rotate_90_days-nodal-time-474015-p5-global-test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "email": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "display_name": "CCC Test User: test-user-trusted", - "keys": [ - { - "name": "2be636359d12f2e126e0d77f6dfaa3ba883c97c6", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-12T13:15:46", - "valid_before": "2025-10-29T13:15:46" - }, - { - "name": "b42bff156412b21c8615812a79d72ba55d6bafb4", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:44", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "24a51f6716e116e4b0c095d727d4a101242b82a2", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "a9ef76bd9a4bf65183c4eca79577351caf8a8b9c", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:47", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "3ec34a6521569dd67684f27f37d1d6ab56db09dc", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:43", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c450c6187eeddc932b29ffd3d0f3e675bf53af62", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:45", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "da1ab7a5db1c4c450463dd8897ce39f496b0ad66", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "f69cf03d448314cf03036f08165420dfe98b3992", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:50", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "ce51dbe0ea021fb2e8124f86d8842546246040c1", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:51", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "9fb92292efcb6cf783f5b7ef3bc67a293bea8a33", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:52", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c0604742fabec0b925df21e0606a25c9e007f571", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:38:22", - "valid_before": "9999-12-31T23:59:59" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "101453138596815216260" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "type": "ServiceAccountKey", - "uid": "c0604742fabec0b925df21e0606a25c9e007f571" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended that all Service Account keys are regularly rotated.", - "references": [ - "https://cloud.google.com/iam/docs/creating-managing-service-account-keys" - ] - }, - "risk_details": "Service Account keys should be rotated to ensure that data cannot be accessed with an old key that might have been lost, cracked, or stolen.", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User-managed key b42bff156412b21c8615812a79d72ba55d6bafb4 for Service Account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was not used over the last 180 days.", - "metadata": { - "event_code": "iam_sa_user_managed_key_unused", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "User-managed key b42bff156412b21c8615812a79d72ba55d6bafb4 for Service Account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was not used over the last 180 days.", - "status_id": 1, - "unmapped": { - "related_url": "https://cloud.google.com/iam/docs/service-account-overview#identify-unused", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_1_3", - "cc_6_3" - ], - "MITRE-ATTACK": [ - "T1078" - ], - "NIS2": [ - "6.2.2.b", - "9.2.c", - "9.2.c.i", - "9.2.c.vii", - "9.2.c.xii", - "11.5.4" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "Ensure That There Are No Unused Service Account Keys for Each Service Account.", - "title": "Ensure That There Are No Unused Service Account Keys for Each Service Account", - "types": [], - "uid": "prowler-gcp-iam_sa_user_managed_key_unused-nodal-time-474015-p5-global-test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "email": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "display_name": "CCC Test User: test-user-trusted", - "keys": [ - { - "name": "2be636359d12f2e126e0d77f6dfaa3ba883c97c6", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-12T13:15:46", - "valid_before": "2025-10-29T13:15:46" - }, - { - "name": "b42bff156412b21c8615812a79d72ba55d6bafb4", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:44", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "24a51f6716e116e4b0c095d727d4a101242b82a2", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "a9ef76bd9a4bf65183c4eca79577351caf8a8b9c", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:47", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "3ec34a6521569dd67684f27f37d1d6ab56db09dc", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:43", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c450c6187eeddc932b29ffd3d0f3e675bf53af62", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:45", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "da1ab7a5db1c4c450463dd8897ce39f496b0ad66", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "f69cf03d448314cf03036f08165420dfe98b3992", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:50", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "ce51dbe0ea021fb2e8124f86d8842546246040c1", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:51", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "9fb92292efcb6cf783f5b7ef3bc67a293bea8a33", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:52", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c0604742fabec0b925df21e0606a25c9e007f571", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:38:22", - "valid_before": "9999-12-31T23:59:59" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "101453138596815216260" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "type": "ServiceAccountKey", - "uid": "b42bff156412b21c8615812a79d72ba55d6bafb4" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended to prevent user-managed service account keys.", - "references": [ - "https://cloud.google.com/iam/docs/creating-managing-service-account-keys" - ] - }, - "risk_details": "Anyone who has access to the keys will be able to access resources through the service account. GCP-managed keys are used by Cloud Platform services such as App Engine and Compute Engine. These keys cannot be downloaded. Google will keep the keys and automatically rotate them on an approximately weekly basis. User-managed keys are created, downloadable, and managed by users.", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User-managed key 24a51f6716e116e4b0c095d727d4a101242b82a2 for Service Account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was not used over the last 180 days.", - "metadata": { - "event_code": "iam_sa_user_managed_key_unused", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "User-managed key 24a51f6716e116e4b0c095d727d4a101242b82a2 for Service Account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was not used over the last 180 days.", - "status_id": 1, - "unmapped": { - "related_url": "https://cloud.google.com/iam/docs/service-account-overview#identify-unused", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_1_3", - "cc_6_3" - ], - "MITRE-ATTACK": [ - "T1078" - ], - "NIS2": [ - "6.2.2.b", - "9.2.c", - "9.2.c.i", - "9.2.c.vii", - "9.2.c.xii", - "11.5.4" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "Ensure That There Are No Unused Service Account Keys for Each Service Account.", - "title": "Ensure That There Are No Unused Service Account Keys for Each Service Account", - "types": [], - "uid": "prowler-gcp-iam_sa_user_managed_key_unused-nodal-time-474015-p5-global-test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "email": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "display_name": "CCC Test User: test-user-trusted", - "keys": [ - { - "name": "2be636359d12f2e126e0d77f6dfaa3ba883c97c6", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-12T13:15:46", - "valid_before": "2025-10-29T13:15:46" - }, - { - "name": "b42bff156412b21c8615812a79d72ba55d6bafb4", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:44", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "24a51f6716e116e4b0c095d727d4a101242b82a2", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "a9ef76bd9a4bf65183c4eca79577351caf8a8b9c", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:47", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "3ec34a6521569dd67684f27f37d1d6ab56db09dc", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:43", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c450c6187eeddc932b29ffd3d0f3e675bf53af62", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:45", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "da1ab7a5db1c4c450463dd8897ce39f496b0ad66", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "f69cf03d448314cf03036f08165420dfe98b3992", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:50", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "ce51dbe0ea021fb2e8124f86d8842546246040c1", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:51", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "9fb92292efcb6cf783f5b7ef3bc67a293bea8a33", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:52", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c0604742fabec0b925df21e0606a25c9e007f571", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:38:22", - "valid_before": "9999-12-31T23:59:59" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "101453138596815216260" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "type": "ServiceAccountKey", - "uid": "24a51f6716e116e4b0c095d727d4a101242b82a2" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended to prevent user-managed service account keys.", - "references": [ - "https://cloud.google.com/iam/docs/creating-managing-service-account-keys" - ] - }, - "risk_details": "Anyone who has access to the keys will be able to access resources through the service account. GCP-managed keys are used by Cloud Platform services such as App Engine and Compute Engine. These keys cannot be downloaded. Google will keep the keys and automatically rotate them on an approximately weekly basis. User-managed keys are created, downloadable, and managed by users.", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User-managed key a9ef76bd9a4bf65183c4eca79577351caf8a8b9c for Service Account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was not used over the last 180 days.", - "metadata": { - "event_code": "iam_sa_user_managed_key_unused", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "User-managed key a9ef76bd9a4bf65183c4eca79577351caf8a8b9c for Service Account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was not used over the last 180 days.", - "status_id": 1, - "unmapped": { - "related_url": "https://cloud.google.com/iam/docs/service-account-overview#identify-unused", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_1_3", - "cc_6_3" - ], - "MITRE-ATTACK": [ - "T1078" - ], - "NIS2": [ - "6.2.2.b", - "9.2.c", - "9.2.c.i", - "9.2.c.vii", - "9.2.c.xii", - "11.5.4" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "Ensure That There Are No Unused Service Account Keys for Each Service Account.", - "title": "Ensure That There Are No Unused Service Account Keys for Each Service Account", - "types": [], - "uid": "prowler-gcp-iam_sa_user_managed_key_unused-nodal-time-474015-p5-global-test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "email": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "display_name": "CCC Test User: test-user-trusted", - "keys": [ - { - "name": "2be636359d12f2e126e0d77f6dfaa3ba883c97c6", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-12T13:15:46", - "valid_before": "2025-10-29T13:15:46" - }, - { - "name": "b42bff156412b21c8615812a79d72ba55d6bafb4", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:44", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "24a51f6716e116e4b0c095d727d4a101242b82a2", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "a9ef76bd9a4bf65183c4eca79577351caf8a8b9c", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:47", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "3ec34a6521569dd67684f27f37d1d6ab56db09dc", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:43", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c450c6187eeddc932b29ffd3d0f3e675bf53af62", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:45", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "da1ab7a5db1c4c450463dd8897ce39f496b0ad66", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "f69cf03d448314cf03036f08165420dfe98b3992", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:50", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "ce51dbe0ea021fb2e8124f86d8842546246040c1", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:51", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "9fb92292efcb6cf783f5b7ef3bc67a293bea8a33", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:52", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c0604742fabec0b925df21e0606a25c9e007f571", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:38:22", - "valid_before": "9999-12-31T23:59:59" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "101453138596815216260" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "type": "ServiceAccountKey", - "uid": "a9ef76bd9a4bf65183c4eca79577351caf8a8b9c" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended to prevent user-managed service account keys.", - "references": [ - "https://cloud.google.com/iam/docs/creating-managing-service-account-keys" - ] - }, - "risk_details": "Anyone who has access to the keys will be able to access resources through the service account. GCP-managed keys are used by Cloud Platform services such as App Engine and Compute Engine. These keys cannot be downloaded. Google will keep the keys and automatically rotate them on an approximately weekly basis. User-managed keys are created, downloadable, and managed by users.", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User-managed key 3ec34a6521569dd67684f27f37d1d6ab56db09dc for Service Account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was not used over the last 180 days.", - "metadata": { - "event_code": "iam_sa_user_managed_key_unused", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "User-managed key 3ec34a6521569dd67684f27f37d1d6ab56db09dc for Service Account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was not used over the last 180 days.", - "status_id": 1, - "unmapped": { - "related_url": "https://cloud.google.com/iam/docs/service-account-overview#identify-unused", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_1_3", - "cc_6_3" - ], - "MITRE-ATTACK": [ - "T1078" - ], - "NIS2": [ - "6.2.2.b", - "9.2.c", - "9.2.c.i", - "9.2.c.vii", - "9.2.c.xii", - "11.5.4" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "Ensure That There Are No Unused Service Account Keys for Each Service Account.", - "title": "Ensure That There Are No Unused Service Account Keys for Each Service Account", - "types": [], - "uid": "prowler-gcp-iam_sa_user_managed_key_unused-nodal-time-474015-p5-global-test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "email": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "display_name": "CCC Test User: test-user-trusted", - "keys": [ - { - "name": "2be636359d12f2e126e0d77f6dfaa3ba883c97c6", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-12T13:15:46", - "valid_before": "2025-10-29T13:15:46" - }, - { - "name": "b42bff156412b21c8615812a79d72ba55d6bafb4", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:44", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "24a51f6716e116e4b0c095d727d4a101242b82a2", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "a9ef76bd9a4bf65183c4eca79577351caf8a8b9c", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:47", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "3ec34a6521569dd67684f27f37d1d6ab56db09dc", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:43", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c450c6187eeddc932b29ffd3d0f3e675bf53af62", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:45", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "da1ab7a5db1c4c450463dd8897ce39f496b0ad66", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "f69cf03d448314cf03036f08165420dfe98b3992", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:50", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "ce51dbe0ea021fb2e8124f86d8842546246040c1", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:51", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "9fb92292efcb6cf783f5b7ef3bc67a293bea8a33", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:52", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c0604742fabec0b925df21e0606a25c9e007f571", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:38:22", - "valid_before": "9999-12-31T23:59:59" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "101453138596815216260" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "type": "ServiceAccountKey", - "uid": "3ec34a6521569dd67684f27f37d1d6ab56db09dc" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended to prevent user-managed service account keys.", - "references": [ - "https://cloud.google.com/iam/docs/creating-managing-service-account-keys" - ] - }, - "risk_details": "Anyone who has access to the keys will be able to access resources through the service account. GCP-managed keys are used by Cloud Platform services such as App Engine and Compute Engine. These keys cannot be downloaded. Google will keep the keys and automatically rotate them on an approximately weekly basis. User-managed keys are created, downloadable, and managed by users.", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User-managed key c450c6187eeddc932b29ffd3d0f3e675bf53af62 for Service Account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was not used over the last 180 days.", - "metadata": { - "event_code": "iam_sa_user_managed_key_unused", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "User-managed key c450c6187eeddc932b29ffd3d0f3e675bf53af62 for Service Account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was not used over the last 180 days.", - "status_id": 1, - "unmapped": { - "related_url": "https://cloud.google.com/iam/docs/service-account-overview#identify-unused", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_1_3", - "cc_6_3" - ], - "MITRE-ATTACK": [ - "T1078" - ], - "NIS2": [ - "6.2.2.b", - "9.2.c", - "9.2.c.i", - "9.2.c.vii", - "9.2.c.xii", - "11.5.4" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "Ensure That There Are No Unused Service Account Keys for Each Service Account.", - "title": "Ensure That There Are No Unused Service Account Keys for Each Service Account", - "types": [], - "uid": "prowler-gcp-iam_sa_user_managed_key_unused-nodal-time-474015-p5-global-test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "email": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "display_name": "CCC Test User: test-user-trusted", - "keys": [ - { - "name": "2be636359d12f2e126e0d77f6dfaa3ba883c97c6", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-12T13:15:46", - "valid_before": "2025-10-29T13:15:46" - }, - { - "name": "b42bff156412b21c8615812a79d72ba55d6bafb4", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:44", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "24a51f6716e116e4b0c095d727d4a101242b82a2", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "a9ef76bd9a4bf65183c4eca79577351caf8a8b9c", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:47", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "3ec34a6521569dd67684f27f37d1d6ab56db09dc", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:43", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c450c6187eeddc932b29ffd3d0f3e675bf53af62", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:45", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "da1ab7a5db1c4c450463dd8897ce39f496b0ad66", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "f69cf03d448314cf03036f08165420dfe98b3992", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:50", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "ce51dbe0ea021fb2e8124f86d8842546246040c1", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:51", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "9fb92292efcb6cf783f5b7ef3bc67a293bea8a33", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:52", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c0604742fabec0b925df21e0606a25c9e007f571", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:38:22", - "valid_before": "9999-12-31T23:59:59" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "101453138596815216260" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "type": "ServiceAccountKey", - "uid": "c450c6187eeddc932b29ffd3d0f3e675bf53af62" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended to prevent user-managed service account keys.", - "references": [ - "https://cloud.google.com/iam/docs/creating-managing-service-account-keys" - ] - }, - "risk_details": "Anyone who has access to the keys will be able to access resources through the service account. GCP-managed keys are used by Cloud Platform services such as App Engine and Compute Engine. These keys cannot be downloaded. Google will keep the keys and automatically rotate them on an approximately weekly basis. User-managed keys are created, downloadable, and managed by users.", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User-managed key da1ab7a5db1c4c450463dd8897ce39f496b0ad66 for Service Account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was not used over the last 180 days.", - "metadata": { - "event_code": "iam_sa_user_managed_key_unused", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "User-managed key da1ab7a5db1c4c450463dd8897ce39f496b0ad66 for Service Account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was not used over the last 180 days.", - "status_id": 1, - "unmapped": { - "related_url": "https://cloud.google.com/iam/docs/service-account-overview#identify-unused", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_1_3", - "cc_6_3" - ], - "MITRE-ATTACK": [ - "T1078" - ], - "NIS2": [ - "6.2.2.b", - "9.2.c", - "9.2.c.i", - "9.2.c.vii", - "9.2.c.xii", - "11.5.4" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "Ensure That There Are No Unused Service Account Keys for Each Service Account.", - "title": "Ensure That There Are No Unused Service Account Keys for Each Service Account", - "types": [], - "uid": "prowler-gcp-iam_sa_user_managed_key_unused-nodal-time-474015-p5-global-test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "email": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "display_name": "CCC Test User: test-user-trusted", - "keys": [ - { - "name": "2be636359d12f2e126e0d77f6dfaa3ba883c97c6", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-12T13:15:46", - "valid_before": "2025-10-29T13:15:46" - }, - { - "name": "b42bff156412b21c8615812a79d72ba55d6bafb4", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:44", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "24a51f6716e116e4b0c095d727d4a101242b82a2", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "a9ef76bd9a4bf65183c4eca79577351caf8a8b9c", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:47", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "3ec34a6521569dd67684f27f37d1d6ab56db09dc", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:43", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c450c6187eeddc932b29ffd3d0f3e675bf53af62", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:45", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "da1ab7a5db1c4c450463dd8897ce39f496b0ad66", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "f69cf03d448314cf03036f08165420dfe98b3992", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:50", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "ce51dbe0ea021fb2e8124f86d8842546246040c1", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:51", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "9fb92292efcb6cf783f5b7ef3bc67a293bea8a33", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:52", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c0604742fabec0b925df21e0606a25c9e007f571", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:38:22", - "valid_before": "9999-12-31T23:59:59" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "101453138596815216260" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "type": "ServiceAccountKey", - "uid": "da1ab7a5db1c4c450463dd8897ce39f496b0ad66" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended to prevent user-managed service account keys.", - "references": [ - "https://cloud.google.com/iam/docs/creating-managing-service-account-keys" - ] - }, - "risk_details": "Anyone who has access to the keys will be able to access resources through the service account. GCP-managed keys are used by Cloud Platform services such as App Engine and Compute Engine. These keys cannot be downloaded. Google will keep the keys and automatically rotate them on an approximately weekly basis. User-managed keys are created, downloadable, and managed by users.", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User-managed key f69cf03d448314cf03036f08165420dfe98b3992 for Service Account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was not used over the last 180 days.", - "metadata": { - "event_code": "iam_sa_user_managed_key_unused", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "User-managed key f69cf03d448314cf03036f08165420dfe98b3992 for Service Account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was not used over the last 180 days.", - "status_id": 1, - "unmapped": { - "related_url": "https://cloud.google.com/iam/docs/service-account-overview#identify-unused", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_1_3", - "cc_6_3" - ], - "MITRE-ATTACK": [ - "T1078" - ], - "NIS2": [ - "6.2.2.b", - "9.2.c", - "9.2.c.i", - "9.2.c.vii", - "9.2.c.xii", - "11.5.4" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "Ensure That There Are No Unused Service Account Keys for Each Service Account.", - "title": "Ensure That There Are No Unused Service Account Keys for Each Service Account", - "types": [], - "uid": "prowler-gcp-iam_sa_user_managed_key_unused-nodal-time-474015-p5-global-test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "email": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "display_name": "CCC Test User: test-user-trusted", - "keys": [ - { - "name": "2be636359d12f2e126e0d77f6dfaa3ba883c97c6", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-12T13:15:46", - "valid_before": "2025-10-29T13:15:46" - }, - { - "name": "b42bff156412b21c8615812a79d72ba55d6bafb4", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:44", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "24a51f6716e116e4b0c095d727d4a101242b82a2", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "a9ef76bd9a4bf65183c4eca79577351caf8a8b9c", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:47", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "3ec34a6521569dd67684f27f37d1d6ab56db09dc", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:43", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c450c6187eeddc932b29ffd3d0f3e675bf53af62", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:45", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "da1ab7a5db1c4c450463dd8897ce39f496b0ad66", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "f69cf03d448314cf03036f08165420dfe98b3992", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:50", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "ce51dbe0ea021fb2e8124f86d8842546246040c1", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:51", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "9fb92292efcb6cf783f5b7ef3bc67a293bea8a33", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:52", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c0604742fabec0b925df21e0606a25c9e007f571", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:38:22", - "valid_before": "9999-12-31T23:59:59" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "101453138596815216260" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "type": "ServiceAccountKey", - "uid": "f69cf03d448314cf03036f08165420dfe98b3992" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended to prevent user-managed service account keys.", - "references": [ - "https://cloud.google.com/iam/docs/creating-managing-service-account-keys" - ] - }, - "risk_details": "Anyone who has access to the keys will be able to access resources through the service account. GCP-managed keys are used by Cloud Platform services such as App Engine and Compute Engine. These keys cannot be downloaded. Google will keep the keys and automatically rotate them on an approximately weekly basis. User-managed keys are created, downloadable, and managed by users.", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User-managed key ce51dbe0ea021fb2e8124f86d8842546246040c1 for Service Account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was not used over the last 180 days.", - "metadata": { - "event_code": "iam_sa_user_managed_key_unused", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "User-managed key ce51dbe0ea021fb2e8124f86d8842546246040c1 for Service Account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was not used over the last 180 days.", - "status_id": 1, - "unmapped": { - "related_url": "https://cloud.google.com/iam/docs/service-account-overview#identify-unused", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_1_3", - "cc_6_3" - ], - "MITRE-ATTACK": [ - "T1078" - ], - "NIS2": [ - "6.2.2.b", - "9.2.c", - "9.2.c.i", - "9.2.c.vii", - "9.2.c.xii", - "11.5.4" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "Ensure That There Are No Unused Service Account Keys for Each Service Account.", - "title": "Ensure That There Are No Unused Service Account Keys for Each Service Account", - "types": [], - "uid": "prowler-gcp-iam_sa_user_managed_key_unused-nodal-time-474015-p5-global-test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "email": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "display_name": "CCC Test User: test-user-trusted", - "keys": [ - { - "name": "2be636359d12f2e126e0d77f6dfaa3ba883c97c6", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-12T13:15:46", - "valid_before": "2025-10-29T13:15:46" - }, - { - "name": "b42bff156412b21c8615812a79d72ba55d6bafb4", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:44", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "24a51f6716e116e4b0c095d727d4a101242b82a2", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "a9ef76bd9a4bf65183c4eca79577351caf8a8b9c", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:47", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "3ec34a6521569dd67684f27f37d1d6ab56db09dc", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:43", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c450c6187eeddc932b29ffd3d0f3e675bf53af62", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:45", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "da1ab7a5db1c4c450463dd8897ce39f496b0ad66", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "f69cf03d448314cf03036f08165420dfe98b3992", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:50", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "ce51dbe0ea021fb2e8124f86d8842546246040c1", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:51", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "9fb92292efcb6cf783f5b7ef3bc67a293bea8a33", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:52", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c0604742fabec0b925df21e0606a25c9e007f571", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:38:22", - "valid_before": "9999-12-31T23:59:59" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "101453138596815216260" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "type": "ServiceAccountKey", - "uid": "ce51dbe0ea021fb2e8124f86d8842546246040c1" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended to prevent user-managed service account keys.", - "references": [ - "https://cloud.google.com/iam/docs/creating-managing-service-account-keys" - ] - }, - "risk_details": "Anyone who has access to the keys will be able to access resources through the service account. GCP-managed keys are used by Cloud Platform services such as App Engine and Compute Engine. These keys cannot be downloaded. Google will keep the keys and automatically rotate them on an approximately weekly basis. User-managed keys are created, downloadable, and managed by users.", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User-managed key 9fb92292efcb6cf783f5b7ef3bc67a293bea8a33 for Service Account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was not used over the last 180 days.", - "metadata": { - "event_code": "iam_sa_user_managed_key_unused", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "User-managed key 9fb92292efcb6cf783f5b7ef3bc67a293bea8a33 for Service Account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was not used over the last 180 days.", - "status_id": 1, - "unmapped": { - "related_url": "https://cloud.google.com/iam/docs/service-account-overview#identify-unused", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_1_3", - "cc_6_3" - ], - "MITRE-ATTACK": [ - "T1078" - ], - "NIS2": [ - "6.2.2.b", - "9.2.c", - "9.2.c.i", - "9.2.c.vii", - "9.2.c.xii", - "11.5.4" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "Ensure That There Are No Unused Service Account Keys for Each Service Account.", - "title": "Ensure That There Are No Unused Service Account Keys for Each Service Account", - "types": [], - "uid": "prowler-gcp-iam_sa_user_managed_key_unused-nodal-time-474015-p5-global-test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "email": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "display_name": "CCC Test User: test-user-trusted", - "keys": [ - { - "name": "2be636359d12f2e126e0d77f6dfaa3ba883c97c6", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-12T13:15:46", - "valid_before": "2025-10-29T13:15:46" - }, - { - "name": "b42bff156412b21c8615812a79d72ba55d6bafb4", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:44", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "24a51f6716e116e4b0c095d727d4a101242b82a2", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "a9ef76bd9a4bf65183c4eca79577351caf8a8b9c", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:47", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "3ec34a6521569dd67684f27f37d1d6ab56db09dc", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:43", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c450c6187eeddc932b29ffd3d0f3e675bf53af62", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:45", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "da1ab7a5db1c4c450463dd8897ce39f496b0ad66", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "f69cf03d448314cf03036f08165420dfe98b3992", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:50", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "ce51dbe0ea021fb2e8124f86d8842546246040c1", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:51", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "9fb92292efcb6cf783f5b7ef3bc67a293bea8a33", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:52", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c0604742fabec0b925df21e0606a25c9e007f571", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:38:22", - "valid_before": "9999-12-31T23:59:59" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "101453138596815216260" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "type": "ServiceAccountKey", - "uid": "9fb92292efcb6cf783f5b7ef3bc67a293bea8a33" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended to prevent user-managed service account keys.", - "references": [ - "https://cloud.google.com/iam/docs/creating-managing-service-account-keys" - ] - }, - "risk_details": "Anyone who has access to the keys will be able to access resources through the service account. GCP-managed keys are used by Cloud Platform services such as App Engine and Compute Engine. These keys cannot be downloaded. Google will keep the keys and automatically rotate them on an approximately weekly basis. User-managed keys are created, downloadable, and managed by users.", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User-managed key c0604742fabec0b925df21e0606a25c9e007f571 for Service Account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was not used over the last 180 days.", - "metadata": { - "event_code": "iam_sa_user_managed_key_unused", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "User-managed key c0604742fabec0b925df21e0606a25c9e007f571 for Service Account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was not used over the last 180 days.", - "status_id": 1, - "unmapped": { - "related_url": "https://cloud.google.com/iam/docs/service-account-overview#identify-unused", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_1_3", - "cc_6_3" - ], - "MITRE-ATTACK": [ - "T1078" - ], - "NIS2": [ - "6.2.2.b", - "9.2.c", - "9.2.c.i", - "9.2.c.vii", - "9.2.c.xii", - "11.5.4" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "Ensure That There Are No Unused Service Account Keys for Each Service Account.", - "title": "Ensure That There Are No Unused Service Account Keys for Each Service Account", - "types": [], - "uid": "prowler-gcp-iam_sa_user_managed_key_unused-nodal-time-474015-p5-global-test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "email": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "display_name": "CCC Test User: test-user-trusted", - "keys": [ - { - "name": "2be636359d12f2e126e0d77f6dfaa3ba883c97c6", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-12T13:15:46", - "valid_before": "2025-10-29T13:15:46" - }, - { - "name": "b42bff156412b21c8615812a79d72ba55d6bafb4", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:44", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "24a51f6716e116e4b0c095d727d4a101242b82a2", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "a9ef76bd9a4bf65183c4eca79577351caf8a8b9c", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:47", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "3ec34a6521569dd67684f27f37d1d6ab56db09dc", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:43", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c450c6187eeddc932b29ffd3d0f3e675bf53af62", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:45", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "da1ab7a5db1c4c450463dd8897ce39f496b0ad66", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "f69cf03d448314cf03036f08165420dfe98b3992", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:50", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "ce51dbe0ea021fb2e8124f86d8842546246040c1", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:51", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "9fb92292efcb6cf783f5b7ef3bc67a293bea8a33", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:52", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c0604742fabec0b925df21e0606a25c9e007f571", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:38:22", - "valid_before": "9999-12-31T23:59:59" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "101453138596815216260" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "type": "ServiceAccountKey", - "uid": "c0604742fabec0b925df21e0606a25c9e007f571" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended to prevent user-managed service account keys.", - "references": [ - "https://cloud.google.com/iam/docs/creating-managing-service-account-keys" - ] - }, - "risk_details": "Anyone who has access to the keys will be able to access resources through the service account. GCP-managed keys are used by Cloud Platform services such as App Engine and Compute Engine. These keys cannot be downloaded. Google will keep the keys and automatically rotate them on an approximately weekly basis. User-managed keys are created, downloadable, and managed by users.", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Service Account gha-deployer@nodal-time-474015-p5.iam.gserviceaccount.com was used over the last 180 days.", - "metadata": { - "event_code": "iam_service_account_unused", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Service Account gha-deployer@nodal-time-474015-p5.iam.gserviceaccount.com was used over the last 180 days.", - "status_id": 1, - "unmapped": { - "related_url": "https://cloud.google.com/iam/docs/service-account-overview#identify-unused", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "MITRE-ATTACK": [ - "T1078" - ], - "NIS2": [ - "6.2.2.b", - "11.1.2.c", - "11.2.2.a", - "11.2.2.d", - "11.3.1", - "11.3.2.a", - "11.3.2.c", - "11.4.2.a", - "11.4.2.c", - "11.5.4" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "Ensure That There Are No Unused Service Accounts.", - "title": "Ensure That There Are No Unused Service Accounts", - "types": [], - "uid": "prowler-gcp-iam_service_account_unused-nodal-time-474015-p5-global-projects/nodal-time-474015-p5/serviceAccounts/gha-deployer@nodal-time-474015-p5.iam.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/gha-deployer@nodal-time-474015-p5.iam.gserviceaccount.com", - "email": "gha-deployer@nodal-time-474015-p5.iam.gserviceaccount.com", - "display_name": "GitHub Actions Deployer", - "keys": [ - { - "name": "3f2a81ba4bce0b39089b85a2e7678d09d2d183f6", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-16T22:26:26", - "valid_before": "2027-10-28T08:50:15" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "114112078080729873885" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "projects/nodal-time-474015-p5/serviceAccounts/gha-deployer@nodal-time-474015-p5.iam.gserviceaccount.com", - "type": "ServiceAccount", - "uid": "gha-deployer@nodal-time-474015-p5.iam.gserviceaccount.com" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended to disable or remove unused Service Accounts.", - "references": [ - "https://cloud.google.com/iam/docs/service-account-overview#identify-unused" - ] - }, - "risk_details": "A malicious actor could make use of privilege escalation or impersonation to access an unused Service Account that is over-privileged.", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Service Account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was not used over the last 180 days.", - "metadata": { - "event_code": "iam_service_account_unused", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Service Account test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com was not used over the last 180 days.", - "status_id": 1, - "unmapped": { - "related_url": "https://cloud.google.com/iam/docs/service-account-overview#identify-unused", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "MITRE-ATTACK": [ - "T1078" - ], - "NIS2": [ - "6.2.2.b", - "11.1.2.c", - "11.2.2.a", - "11.2.2.d", - "11.3.1", - "11.3.2.a", - "11.3.2.c", - "11.4.2.a", - "11.4.2.c", - "11.5.4" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "Ensure That There Are No Unused Service Accounts.", - "title": "Ensure That There Are No Unused Service Accounts", - "types": [], - "uid": "prowler-gcp-iam_service_account_unused-nodal-time-474015-p5-global-projects/nodal-time-474015-p5/serviceAccounts/test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "email": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "display_name": "CCC Test User: test-user-trusted", - "keys": [ - { - "name": "2be636359d12f2e126e0d77f6dfaa3ba883c97c6", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-12T13:15:46", - "valid_before": "2025-10-29T13:15:46" - }, - { - "name": "b42bff156412b21c8615812a79d72ba55d6bafb4", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:44", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "24a51f6716e116e4b0c095d727d4a101242b82a2", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "a9ef76bd9a4bf65183c4eca79577351caf8a8b9c", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-13T13:15:47", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "3ec34a6521569dd67684f27f37d1d6ab56db09dc", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:43", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c450c6187eeddc932b29ffd3d0f3e675bf53af62", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:45", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "da1ab7a5db1c4c450463dd8897ce39f496b0ad66", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T11:59:46", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "f69cf03d448314cf03036f08165420dfe98b3992", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:50", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "ce51dbe0ea021fb2e8124f86d8842546246040c1", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:51", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "9fb92292efcb6cf783f5b7ef3bc67a293bea8a33", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:04:52", - "valid_before": "9999-12-31T23:59:59" - }, - { - "name": "c0604742fabec0b925df21e0606a25c9e007f571", - "origin": "GOOGLE_PROVIDED", - "type": "USER_MANAGED", - "valid_after": "2025-10-15T12:38:22", - "valid_before": "9999-12-31T23:59:59" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "101453138596815216260" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "projects/nodal-time-474015-p5/serviceAccounts/test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com", - "type": "ServiceAccount", - "uid": "test-user-trusted@nodal-time-474015-p5.iam.gserviceaccount.com" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended to disable or remove unused Service Accounts.", - "references": [ - "https://cloud.google.com/iam/docs/service-account-overview#identify-unused" - ] - }, - "risk_details": "A malicious actor could make use of privilege escalation or impersonation to access an unused Service Account that is over-privileged.", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Service Account 784623368087-compute@developer.gserviceaccount.com was not used over the last 180 days.", - "metadata": { - "event_code": "iam_service_account_unused", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Service Account 784623368087-compute@developer.gserviceaccount.com was not used over the last 180 days.", - "status_id": 1, - "unmapped": { - "related_url": "https://cloud.google.com/iam/docs/service-account-overview#identify-unused", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "MITRE-ATTACK": [ - "T1078" - ], - "NIS2": [ - "6.2.2.b", - "11.1.2.c", - "11.2.2.a", - "11.2.2.d", - "11.3.1", - "11.3.2.a", - "11.3.2.c", - "11.4.2.a", - "11.4.2.c", - "11.5.4" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "Ensure That There Are No Unused Service Accounts.", - "title": "Ensure That There Are No Unused Service Accounts", - "types": [], - "uid": "prowler-gcp-iam_service_account_unused-nodal-time-474015-p5-global-projects/nodal-time-474015-p5/serviceAccounts/784623368087-compute@developer.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/784623368087-compute@developer.gserviceaccount.com", - "email": "784623368087-compute@developer.gserviceaccount.com", - "display_name": "Compute Engine default service account", - "keys": [ - { - "name": "202c306e41b020fefe81250bea563d31c07138e3", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-06T10:25:01", - "valid_before": "2025-10-23T10:25:01" - }, - { - "name": "93b9e85d69bcb0503b5a7696d8b3bf5855a91d37", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-15T10:25:01", - "valid_before": "2025-10-31T10:25:01" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "111974737467208838860" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "projects/nodal-time-474015-p5/serviceAccounts/784623368087-compute@developer.gserviceaccount.com", - "type": "ServiceAccount", - "uid": "784623368087-compute@developer.gserviceaccount.com" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended to disable or remove unused Service Accounts.", - "references": [ - "https://cloud.google.com/iam/docs/service-account-overview#identify-unused" - ] - }, - "risk_details": "A malicious actor could make use of privilege escalation or impersonation to access an unused Service Account that is over-privileged.", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Service Account vertex-ai-workbench-sa@nodal-time-474015-p5.iam.gserviceaccount.com was not used over the last 180 days.", - "metadata": { - "event_code": "iam_service_account_unused", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Service Account vertex-ai-workbench-sa@nodal-time-474015-p5.iam.gserviceaccount.com was not used over the last 180 days.", - "status_id": 1, - "unmapped": { - "related_url": "https://cloud.google.com/iam/docs/service-account-overview#identify-unused", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "MITRE-ATTACK": [ - "T1078" - ], - "NIS2": [ - "6.2.2.b", - "11.1.2.c", - "11.2.2.a", - "11.2.2.d", - "11.3.1", - "11.3.2.a", - "11.3.2.c", - "11.4.2.a", - "11.4.2.c", - "11.5.4" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "Ensure That There Are No Unused Service Accounts.", - "title": "Ensure That There Are No Unused Service Accounts", - "types": [], - "uid": "prowler-gcp-iam_service_account_unused-nodal-time-474015-p5-global-projects/nodal-time-474015-p5/serviceAccounts/vertex-ai-workbench-sa@nodal-time-474015-p5.iam.gserviceaccount.com" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "name": "projects/nodal-time-474015-p5/serviceAccounts/vertex-ai-workbench-sa@nodal-time-474015-p5.iam.gserviceaccount.com", - "email": "vertex-ai-workbench-sa@nodal-time-474015-p5.iam.gserviceaccount.com", - "display_name": "Vertex AI Workbench Service Account", - "keys": [ - { - "name": "92e39887344dae71e19dc25c005a53a68ceb62cb", - "origin": "GOOGLE_PROVIDED", - "type": "SYSTEM_MANAGED", - "valid_after": "2025-10-16T23:21:52", - "valid_before": "2027-10-29T23:07:36" - } - ], - "project_id": "nodal-time-474015-p5", - "uniqueId": "108352930858191263233" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "projects/nodal-time-474015-p5/serviceAccounts/vertex-ai-workbench-sa@nodal-time-474015-p5.iam.gserviceaccount.com", - "type": "ServiceAccount", - "uid": "vertex-ai-workbench-sa@nodal-time-474015-p5.iam.gserviceaccount.com" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended to disable or remove unused Service Accounts.", - "references": [ - "https://cloud.google.com/iam/docs/service-account-overview#identify-unused" - ] - }, - "risk_details": "A malicious actor could make use of privilege escalation or impersonation to access an unused Service Account that is over-privileged.", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Key cfi-bucket-key-13fa4761 is not exposed to Public.", - "metadata": { - "event_code": "kms_key_not_publicly_accessible", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Key cfi-bucket-key-13fa4761 is not exposed to Public.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.9" - ], - "ISO27001-2022": [ - "A.8.1", - "A.8.12", - "A.8.24" - ], - "ENS-RD2022": [ - "op.exp.10.gcp.kms.1" - ], - "PCI-4.0": [ - "10.3.3.6", - "3.5.1.1.7", - "3.5.1.1.8", - "3.5.1.3.15", - "3.5.1.3.16", - "3.5.1.5", - "3.5.1.15", - "3.5.1.16", - "3.5.1.17", - "3.5.1.31", - "3.5.1.32", - "3.5.1.35", - "3.6.1.2.7", - "3.6.1.2.8", - "3.6.1.3.7", - "3.6.1.3.8", - "3.6.1.4.7", - "3.6.1.4.8", - "3.6.1.7", - "3.6.1.8", - "3.7.1.8", - "3.7.1.9", - "3.7.2.7", - "3.7.2.8", - "3.7.4.5", - "3.7.4.8", - "3.7.4.9", - "3.7.5.2", - "3.7.6.7", - "3.7.6.8", - "3.7.7.7", - "3.7.7.8", - "4.2.1.1.20", - "4.2.1.1.21", - "7.2.1.9", - "7.2.1.10", - "7.2.2.9", - "7.2.2.10", - "7.2.3.5", - "7.2.3.6", - "7.2.5.5", - "7.2.5.6", - "7.3.1.5", - "7.3.1.6", - "7.3.2.5", - "7.3.2.6", - "7.3.3.5", - "7.3.3.6", - "8.2.7.5", - "8.2.7.6", - "8.2.8.7", - "8.2.8.8", - "8.3.2.9", - "8.3.2.24", - "8.3.2.50", - "8.3.2.51", - "8.3.2.53", - "8.3.2.54", - "8.3.4.5", - "8.3.4.6", - "A1.2.1.11" - ], - "MITRE-ATTACK": [ - "T1190" - ], - "CIS-2.0": [ - "1.9" - ], - "NIS2": [ - "9.2.c", - "9.2.c.i", - "9.2.c.iv", - "9.2.c.vi", - "9.2.c.xii", - "11.4.2.c", - "11.6.1" - ], - "ProwlerThreatScore-1.0": [ - "1.2.3" - ], - "CIS-4.0": [ - "1.9" - ], - "CCC": [ - "CCC.GenAI.CN03.AR01", - "CCC.GenAI.CN04.AR01", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR01", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN02.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04", - "CCC.Core.CN11.AR05", - "CCC.Core.CN11.AR06", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "Check for Publicly Accessible Cloud KMS Keys", - "title": "Check for Publicly Accessible Cloud KMS Keys", - "types": [], - "uid": "prowler-gcp-kms_key_not_publicly_accessible-nodal-time-474015-p5-us-central1-cfi-bucket-key-13fa4761" - }, - "resources": [ - { - "region": "us-central1", - "data": { - "details": "", - "metadata": { - "id": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-13fa4761/cryptoKeys/cfi-bucket-key-13fa4761", - "name": "cfi-bucket-key-13fa4761", - "location": "us-central1", - "rotation_period": null, - "next_rotation_time": null, - "key_ring": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-13fa4761", - "members": [], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "cfi-bucket-key-13fa4761", - "type": "CryptoKey", - "uid": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-13fa4761/cryptoKeys/cfi-bucket-key-13fa4761" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-central1" - }, - "remediation": { - "desc": "To deny access from anonymous and public users, remove the bindings for 'allUsers' and 'allAuthenticatedUsers' members from the KMS key's IAM policy.", - "references": [ - "https://cloud.google.com/kms/docs/iam" - ] - }, - "risk_details": "Ensure that the IAM policy associated with your Cloud Key Management Service (KMS) keys is restricting anonymous and/or public access", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Key cfi-bucket-key-1c7d7a2a is not exposed to Public.", - "metadata": { - "event_code": "kms_key_not_publicly_accessible", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Key cfi-bucket-key-1c7d7a2a is not exposed to Public.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.9" - ], - "ISO27001-2022": [ - "A.8.1", - "A.8.12", - "A.8.24" - ], - "ENS-RD2022": [ - "op.exp.10.gcp.kms.1" - ], - "PCI-4.0": [ - "10.3.3.6", - "3.5.1.1.7", - "3.5.1.1.8", - "3.5.1.3.15", - "3.5.1.3.16", - "3.5.1.5", - "3.5.1.15", - "3.5.1.16", - "3.5.1.17", - "3.5.1.31", - "3.5.1.32", - "3.5.1.35", - "3.6.1.2.7", - "3.6.1.2.8", - "3.6.1.3.7", - "3.6.1.3.8", - "3.6.1.4.7", - "3.6.1.4.8", - "3.6.1.7", - "3.6.1.8", - "3.7.1.8", - "3.7.1.9", - "3.7.2.7", - "3.7.2.8", - "3.7.4.5", - "3.7.4.8", - "3.7.4.9", - "3.7.5.2", - "3.7.6.7", - "3.7.6.8", - "3.7.7.7", - "3.7.7.8", - "4.2.1.1.20", - "4.2.1.1.21", - "7.2.1.9", - "7.2.1.10", - "7.2.2.9", - "7.2.2.10", - "7.2.3.5", - "7.2.3.6", - "7.2.5.5", - "7.2.5.6", - "7.3.1.5", - "7.3.1.6", - "7.3.2.5", - "7.3.2.6", - "7.3.3.5", - "7.3.3.6", - "8.2.7.5", - "8.2.7.6", - "8.2.8.7", - "8.2.8.8", - "8.3.2.9", - "8.3.2.24", - "8.3.2.50", - "8.3.2.51", - "8.3.2.53", - "8.3.2.54", - "8.3.4.5", - "8.3.4.6", - "A1.2.1.11" - ], - "MITRE-ATTACK": [ - "T1190" - ], - "CIS-2.0": [ - "1.9" - ], - "NIS2": [ - "9.2.c", - "9.2.c.i", - "9.2.c.iv", - "9.2.c.vi", - "9.2.c.xii", - "11.4.2.c", - "11.6.1" - ], - "ProwlerThreatScore-1.0": [ - "1.2.3" - ], - "CIS-4.0": [ - "1.9" - ], - "CCC": [ - "CCC.GenAI.CN03.AR01", - "CCC.GenAI.CN04.AR01", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR01", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN02.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04", - "CCC.Core.CN11.AR05", - "CCC.Core.CN11.AR06", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "Check for Publicly Accessible Cloud KMS Keys", - "title": "Check for Publicly Accessible Cloud KMS Keys", - "types": [], - "uid": "prowler-gcp-kms_key_not_publicly_accessible-nodal-time-474015-p5-us-central1-cfi-bucket-key-1c7d7a2a" - }, - "resources": [ - { - "region": "us-central1", - "data": { - "details": "", - "metadata": { - "id": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-1c7d7a2a/cryptoKeys/cfi-bucket-key-1c7d7a2a", - "name": "cfi-bucket-key-1c7d7a2a", - "location": "us-central1", - "rotation_period": null, - "next_rotation_time": null, - "key_ring": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-1c7d7a2a", - "members": [], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "cfi-bucket-key-1c7d7a2a", - "type": "CryptoKey", - "uid": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-1c7d7a2a/cryptoKeys/cfi-bucket-key-1c7d7a2a" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-central1" - }, - "remediation": { - "desc": "To deny access from anonymous and public users, remove the bindings for 'allUsers' and 'allAuthenticatedUsers' members from the KMS key's IAM policy.", - "references": [ - "https://cloud.google.com/kms/docs/iam" - ] - }, - "risk_details": "Ensure that the IAM policy associated with your Cloud Key Management Service (KMS) keys is restricting anonymous and/or public access", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Key cfi-bucket-key-1fba850e is not exposed to Public.", - "metadata": { - "event_code": "kms_key_not_publicly_accessible", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Key cfi-bucket-key-1fba850e is not exposed to Public.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.9" - ], - "ISO27001-2022": [ - "A.8.1", - "A.8.12", - "A.8.24" - ], - "ENS-RD2022": [ - "op.exp.10.gcp.kms.1" - ], - "PCI-4.0": [ - "10.3.3.6", - "3.5.1.1.7", - "3.5.1.1.8", - "3.5.1.3.15", - "3.5.1.3.16", - "3.5.1.5", - "3.5.1.15", - "3.5.1.16", - "3.5.1.17", - "3.5.1.31", - "3.5.1.32", - "3.5.1.35", - "3.6.1.2.7", - "3.6.1.2.8", - "3.6.1.3.7", - "3.6.1.3.8", - "3.6.1.4.7", - "3.6.1.4.8", - "3.6.1.7", - "3.6.1.8", - "3.7.1.8", - "3.7.1.9", - "3.7.2.7", - "3.7.2.8", - "3.7.4.5", - "3.7.4.8", - "3.7.4.9", - "3.7.5.2", - "3.7.6.7", - "3.7.6.8", - "3.7.7.7", - "3.7.7.8", - "4.2.1.1.20", - "4.2.1.1.21", - "7.2.1.9", - "7.2.1.10", - "7.2.2.9", - "7.2.2.10", - "7.2.3.5", - "7.2.3.6", - "7.2.5.5", - "7.2.5.6", - "7.3.1.5", - "7.3.1.6", - "7.3.2.5", - "7.3.2.6", - "7.3.3.5", - "7.3.3.6", - "8.2.7.5", - "8.2.7.6", - "8.2.8.7", - "8.2.8.8", - "8.3.2.9", - "8.3.2.24", - "8.3.2.50", - "8.3.2.51", - "8.3.2.53", - "8.3.2.54", - "8.3.4.5", - "8.3.4.6", - "A1.2.1.11" - ], - "MITRE-ATTACK": [ - "T1190" - ], - "CIS-2.0": [ - "1.9" - ], - "NIS2": [ - "9.2.c", - "9.2.c.i", - "9.2.c.iv", - "9.2.c.vi", - "9.2.c.xii", - "11.4.2.c", - "11.6.1" - ], - "ProwlerThreatScore-1.0": [ - "1.2.3" - ], - "CIS-4.0": [ - "1.9" - ], - "CCC": [ - "CCC.GenAI.CN03.AR01", - "CCC.GenAI.CN04.AR01", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR01", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN02.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04", - "CCC.Core.CN11.AR05", - "CCC.Core.CN11.AR06", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "Check for Publicly Accessible Cloud KMS Keys", - "title": "Check for Publicly Accessible Cloud KMS Keys", - "types": [], - "uid": "prowler-gcp-kms_key_not_publicly_accessible-nodal-time-474015-p5-us-central1-cfi-bucket-key-1fba850e" - }, - "resources": [ - { - "region": "us-central1", - "data": { - "details": "", - "metadata": { - "id": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-1fba850e/cryptoKeys/cfi-bucket-key-1fba850e", - "name": "cfi-bucket-key-1fba850e", - "location": "us-central1", - "rotation_period": "2592000s", - "next_rotation_time": "2025-11-15T23:25:31.957183Z", - "key_ring": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-1fba850e", - "members": [], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "cfi-bucket-key-1fba850e", - "type": "CryptoKey", - "uid": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-1fba850e/cryptoKeys/cfi-bucket-key-1fba850e" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-central1" - }, - "remediation": { - "desc": "To deny access from anonymous and public users, remove the bindings for 'allUsers' and 'allAuthenticatedUsers' members from the KMS key's IAM policy.", - "references": [ - "https://cloud.google.com/kms/docs/iam" - ] - }, - "risk_details": "Ensure that the IAM policy associated with your Cloud Key Management Service (KMS) keys is restricting anonymous and/or public access", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Key cfi-bucket-key-4cd10935 is not exposed to Public.", - "metadata": { - "event_code": "kms_key_not_publicly_accessible", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Key cfi-bucket-key-4cd10935 is not exposed to Public.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.9" - ], - "ISO27001-2022": [ - "A.8.1", - "A.8.12", - "A.8.24" - ], - "ENS-RD2022": [ - "op.exp.10.gcp.kms.1" - ], - "PCI-4.0": [ - "10.3.3.6", - "3.5.1.1.7", - "3.5.1.1.8", - "3.5.1.3.15", - "3.5.1.3.16", - "3.5.1.5", - "3.5.1.15", - "3.5.1.16", - "3.5.1.17", - "3.5.1.31", - "3.5.1.32", - "3.5.1.35", - "3.6.1.2.7", - "3.6.1.2.8", - "3.6.1.3.7", - "3.6.1.3.8", - "3.6.1.4.7", - "3.6.1.4.8", - "3.6.1.7", - "3.6.1.8", - "3.7.1.8", - "3.7.1.9", - "3.7.2.7", - "3.7.2.8", - "3.7.4.5", - "3.7.4.8", - "3.7.4.9", - "3.7.5.2", - "3.7.6.7", - "3.7.6.8", - "3.7.7.7", - "3.7.7.8", - "4.2.1.1.20", - "4.2.1.1.21", - "7.2.1.9", - "7.2.1.10", - "7.2.2.9", - "7.2.2.10", - "7.2.3.5", - "7.2.3.6", - "7.2.5.5", - "7.2.5.6", - "7.3.1.5", - "7.3.1.6", - "7.3.2.5", - "7.3.2.6", - "7.3.3.5", - "7.3.3.6", - "8.2.7.5", - "8.2.7.6", - "8.2.8.7", - "8.2.8.8", - "8.3.2.9", - "8.3.2.24", - "8.3.2.50", - "8.3.2.51", - "8.3.2.53", - "8.3.2.54", - "8.3.4.5", - "8.3.4.6", - "A1.2.1.11" - ], - "MITRE-ATTACK": [ - "T1190" - ], - "CIS-2.0": [ - "1.9" - ], - "NIS2": [ - "9.2.c", - "9.2.c.i", - "9.2.c.iv", - "9.2.c.vi", - "9.2.c.xii", - "11.4.2.c", - "11.6.1" - ], - "ProwlerThreatScore-1.0": [ - "1.2.3" - ], - "CIS-4.0": [ - "1.9" - ], - "CCC": [ - "CCC.GenAI.CN03.AR01", - "CCC.GenAI.CN04.AR01", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR01", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN02.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04", - "CCC.Core.CN11.AR05", - "CCC.Core.CN11.AR06", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "Check for Publicly Accessible Cloud KMS Keys", - "title": "Check for Publicly Accessible Cloud KMS Keys", - "types": [], - "uid": "prowler-gcp-kms_key_not_publicly_accessible-nodal-time-474015-p5-us-central1-cfi-bucket-key-4cd10935" - }, - "resources": [ - { - "region": "us-central1", - "data": { - "details": "", - "metadata": { - "id": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-4cd10935/cryptoKeys/cfi-bucket-key-4cd10935", - "name": "cfi-bucket-key-4cd10935", - "location": "us-central1", - "rotation_period": null, - "next_rotation_time": null, - "key_ring": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-4cd10935", - "members": [], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "cfi-bucket-key-4cd10935", - "type": "CryptoKey", - "uid": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-4cd10935/cryptoKeys/cfi-bucket-key-4cd10935" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-central1" - }, - "remediation": { - "desc": "To deny access from anonymous and public users, remove the bindings for 'allUsers' and 'allAuthenticatedUsers' members from the KMS key's IAM policy.", - "references": [ - "https://cloud.google.com/kms/docs/iam" - ] - }, - "risk_details": "Ensure that the IAM policy associated with your Cloud Key Management Service (KMS) keys is restricting anonymous and/or public access", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Key cfi-bucket-key-7a427af0 is not exposed to Public.", - "metadata": { - "event_code": "kms_key_not_publicly_accessible", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Key cfi-bucket-key-7a427af0 is not exposed to Public.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.9" - ], - "ISO27001-2022": [ - "A.8.1", - "A.8.12", - "A.8.24" - ], - "ENS-RD2022": [ - "op.exp.10.gcp.kms.1" - ], - "PCI-4.0": [ - "10.3.3.6", - "3.5.1.1.7", - "3.5.1.1.8", - "3.5.1.3.15", - "3.5.1.3.16", - "3.5.1.5", - "3.5.1.15", - "3.5.1.16", - "3.5.1.17", - "3.5.1.31", - "3.5.1.32", - "3.5.1.35", - "3.6.1.2.7", - "3.6.1.2.8", - "3.6.1.3.7", - "3.6.1.3.8", - "3.6.1.4.7", - "3.6.1.4.8", - "3.6.1.7", - "3.6.1.8", - "3.7.1.8", - "3.7.1.9", - "3.7.2.7", - "3.7.2.8", - "3.7.4.5", - "3.7.4.8", - "3.7.4.9", - "3.7.5.2", - "3.7.6.7", - "3.7.6.8", - "3.7.7.7", - "3.7.7.8", - "4.2.1.1.20", - "4.2.1.1.21", - "7.2.1.9", - "7.2.1.10", - "7.2.2.9", - "7.2.2.10", - "7.2.3.5", - "7.2.3.6", - "7.2.5.5", - "7.2.5.6", - "7.3.1.5", - "7.3.1.6", - "7.3.2.5", - "7.3.2.6", - "7.3.3.5", - "7.3.3.6", - "8.2.7.5", - "8.2.7.6", - "8.2.8.7", - "8.2.8.8", - "8.3.2.9", - "8.3.2.24", - "8.3.2.50", - "8.3.2.51", - "8.3.2.53", - "8.3.2.54", - "8.3.4.5", - "8.3.4.6", - "A1.2.1.11" - ], - "MITRE-ATTACK": [ - "T1190" - ], - "CIS-2.0": [ - "1.9" - ], - "NIS2": [ - "9.2.c", - "9.2.c.i", - "9.2.c.iv", - "9.2.c.vi", - "9.2.c.xii", - "11.4.2.c", - "11.6.1" - ], - "ProwlerThreatScore-1.0": [ - "1.2.3" - ], - "CIS-4.0": [ - "1.9" - ], - "CCC": [ - "CCC.GenAI.CN03.AR01", - "CCC.GenAI.CN04.AR01", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR01", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN02.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04", - "CCC.Core.CN11.AR05", - "CCC.Core.CN11.AR06", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "Check for Publicly Accessible Cloud KMS Keys", - "title": "Check for Publicly Accessible Cloud KMS Keys", - "types": [], - "uid": "prowler-gcp-kms_key_not_publicly_accessible-nodal-time-474015-p5-us-central1-cfi-bucket-key-7a427af0" - }, - "resources": [ - { - "region": "us-central1", - "data": { - "details": "", - "metadata": { - "id": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-7a427af0/cryptoKeys/cfi-bucket-key-7a427af0", - "name": "cfi-bucket-key-7a427af0", - "location": "us-central1", - "rotation_period": "2592000s", - "next_rotation_time": "2025-11-16T15:28:10.344444Z", - "key_ring": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-7a427af0", - "members": [], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "cfi-bucket-key-7a427af0", - "type": "CryptoKey", - "uid": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-7a427af0/cryptoKeys/cfi-bucket-key-7a427af0" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-central1" - }, - "remediation": { - "desc": "To deny access from anonymous and public users, remove the bindings for 'allUsers' and 'allAuthenticatedUsers' members from the KMS key's IAM policy.", - "references": [ - "https://cloud.google.com/kms/docs/iam" - ] - }, - "risk_details": "Ensure that the IAM policy associated with your Cloud Key Management Service (KMS) keys is restricting anonymous and/or public access", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Key cfi-bucket-key-a03be2ac is not exposed to Public.", - "metadata": { - "event_code": "kms_key_not_publicly_accessible", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Key cfi-bucket-key-a03be2ac is not exposed to Public.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.9" - ], - "ISO27001-2022": [ - "A.8.1", - "A.8.12", - "A.8.24" - ], - "ENS-RD2022": [ - "op.exp.10.gcp.kms.1" - ], - "PCI-4.0": [ - "10.3.3.6", - "3.5.1.1.7", - "3.5.1.1.8", - "3.5.1.3.15", - "3.5.1.3.16", - "3.5.1.5", - "3.5.1.15", - "3.5.1.16", - "3.5.1.17", - "3.5.1.31", - "3.5.1.32", - "3.5.1.35", - "3.6.1.2.7", - "3.6.1.2.8", - "3.6.1.3.7", - "3.6.1.3.8", - "3.6.1.4.7", - "3.6.1.4.8", - "3.6.1.7", - "3.6.1.8", - "3.7.1.8", - "3.7.1.9", - "3.7.2.7", - "3.7.2.8", - "3.7.4.5", - "3.7.4.8", - "3.7.4.9", - "3.7.5.2", - "3.7.6.7", - "3.7.6.8", - "3.7.7.7", - "3.7.7.8", - "4.2.1.1.20", - "4.2.1.1.21", - "7.2.1.9", - "7.2.1.10", - "7.2.2.9", - "7.2.2.10", - "7.2.3.5", - "7.2.3.6", - "7.2.5.5", - "7.2.5.6", - "7.3.1.5", - "7.3.1.6", - "7.3.2.5", - "7.3.2.6", - "7.3.3.5", - "7.3.3.6", - "8.2.7.5", - "8.2.7.6", - "8.2.8.7", - "8.2.8.8", - "8.3.2.9", - "8.3.2.24", - "8.3.2.50", - "8.3.2.51", - "8.3.2.53", - "8.3.2.54", - "8.3.4.5", - "8.3.4.6", - "A1.2.1.11" - ], - "MITRE-ATTACK": [ - "T1190" - ], - "CIS-2.0": [ - "1.9" - ], - "NIS2": [ - "9.2.c", - "9.2.c.i", - "9.2.c.iv", - "9.2.c.vi", - "9.2.c.xii", - "11.4.2.c", - "11.6.1" - ], - "ProwlerThreatScore-1.0": [ - "1.2.3" - ], - "CIS-4.0": [ - "1.9" - ], - "CCC": [ - "CCC.GenAI.CN03.AR01", - "CCC.GenAI.CN04.AR01", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR01", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN02.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04", - "CCC.Core.CN11.AR05", - "CCC.Core.CN11.AR06", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "Check for Publicly Accessible Cloud KMS Keys", - "title": "Check for Publicly Accessible Cloud KMS Keys", - "types": [], - "uid": "prowler-gcp-kms_key_not_publicly_accessible-nodal-time-474015-p5-us-central1-cfi-bucket-key-a03be2ac" - }, - "resources": [ - { - "region": "us-central1", - "data": { - "details": "", - "metadata": { - "id": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-a03be2ac/cryptoKeys/cfi-bucket-key-a03be2ac", - "name": "cfi-bucket-key-a03be2ac", - "location": "us-central1", - "rotation_period": null, - "next_rotation_time": null, - "key_ring": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-a03be2ac", - "members": [], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "cfi-bucket-key-a03be2ac", - "type": "CryptoKey", - "uid": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-a03be2ac/cryptoKeys/cfi-bucket-key-a03be2ac" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-central1" - }, - "remediation": { - "desc": "To deny access from anonymous and public users, remove the bindings for 'allUsers' and 'allAuthenticatedUsers' members from the KMS key's IAM policy.", - "references": [ - "https://cloud.google.com/kms/docs/iam" - ] - }, - "risk_details": "Ensure that the IAM policy associated with your Cloud Key Management Service (KMS) keys is restricting anonymous and/or public access", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Key cfi-bucket-key-a1aaa547 is not exposed to Public.", - "metadata": { - "event_code": "kms_key_not_publicly_accessible", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Key cfi-bucket-key-a1aaa547 is not exposed to Public.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.9" - ], - "ISO27001-2022": [ - "A.8.1", - "A.8.12", - "A.8.24" - ], - "ENS-RD2022": [ - "op.exp.10.gcp.kms.1" - ], - "PCI-4.0": [ - "10.3.3.6", - "3.5.1.1.7", - "3.5.1.1.8", - "3.5.1.3.15", - "3.5.1.3.16", - "3.5.1.5", - "3.5.1.15", - "3.5.1.16", - "3.5.1.17", - "3.5.1.31", - "3.5.1.32", - "3.5.1.35", - "3.6.1.2.7", - "3.6.1.2.8", - "3.6.1.3.7", - "3.6.1.3.8", - "3.6.1.4.7", - "3.6.1.4.8", - "3.6.1.7", - "3.6.1.8", - "3.7.1.8", - "3.7.1.9", - "3.7.2.7", - "3.7.2.8", - "3.7.4.5", - "3.7.4.8", - "3.7.4.9", - "3.7.5.2", - "3.7.6.7", - "3.7.6.8", - "3.7.7.7", - "3.7.7.8", - "4.2.1.1.20", - "4.2.1.1.21", - "7.2.1.9", - "7.2.1.10", - "7.2.2.9", - "7.2.2.10", - "7.2.3.5", - "7.2.3.6", - "7.2.5.5", - "7.2.5.6", - "7.3.1.5", - "7.3.1.6", - "7.3.2.5", - "7.3.2.6", - "7.3.3.5", - "7.3.3.6", - "8.2.7.5", - "8.2.7.6", - "8.2.8.7", - "8.2.8.8", - "8.3.2.9", - "8.3.2.24", - "8.3.2.50", - "8.3.2.51", - "8.3.2.53", - "8.3.2.54", - "8.3.4.5", - "8.3.4.6", - "A1.2.1.11" - ], - "MITRE-ATTACK": [ - "T1190" - ], - "CIS-2.0": [ - "1.9" - ], - "NIS2": [ - "9.2.c", - "9.2.c.i", - "9.2.c.iv", - "9.2.c.vi", - "9.2.c.xii", - "11.4.2.c", - "11.6.1" - ], - "ProwlerThreatScore-1.0": [ - "1.2.3" - ], - "CIS-4.0": [ - "1.9" - ], - "CCC": [ - "CCC.GenAI.CN03.AR01", - "CCC.GenAI.CN04.AR01", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR01", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN02.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04", - "CCC.Core.CN11.AR05", - "CCC.Core.CN11.AR06", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "Check for Publicly Accessible Cloud KMS Keys", - "title": "Check for Publicly Accessible Cloud KMS Keys", - "types": [], - "uid": "prowler-gcp-kms_key_not_publicly_accessible-nodal-time-474015-p5-us-central1-cfi-bucket-key-a1aaa547" - }, - "resources": [ - { - "region": "us-central1", - "data": { - "details": "", - "metadata": { - "id": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-a1aaa547/cryptoKeys/cfi-bucket-key-a1aaa547", - "name": "cfi-bucket-key-a1aaa547", - "location": "us-central1", - "rotation_period": "2592000s", - "next_rotation_time": "2025-11-16T00:25:56.259471Z", - "key_ring": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-a1aaa547", - "members": [], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "cfi-bucket-key-a1aaa547", - "type": "CryptoKey", - "uid": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-a1aaa547/cryptoKeys/cfi-bucket-key-a1aaa547" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-central1" - }, - "remediation": { - "desc": "To deny access from anonymous and public users, remove the bindings for 'allUsers' and 'allAuthenticatedUsers' members from the KMS key's IAM policy.", - "references": [ - "https://cloud.google.com/kms/docs/iam" - ] - }, - "risk_details": "Ensure that the IAM policy associated with your Cloud Key Management Service (KMS) keys is restricting anonymous and/or public access", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Key cfi-bucket-key-e7619e1f is not exposed to Public.", - "metadata": { - "event_code": "kms_key_not_publicly_accessible", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Key cfi-bucket-key-e7619e1f is not exposed to Public.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.9" - ], - "ISO27001-2022": [ - "A.8.1", - "A.8.12", - "A.8.24" - ], - "ENS-RD2022": [ - "op.exp.10.gcp.kms.1" - ], - "PCI-4.0": [ - "10.3.3.6", - "3.5.1.1.7", - "3.5.1.1.8", - "3.5.1.3.15", - "3.5.1.3.16", - "3.5.1.5", - "3.5.1.15", - "3.5.1.16", - "3.5.1.17", - "3.5.1.31", - "3.5.1.32", - "3.5.1.35", - "3.6.1.2.7", - "3.6.1.2.8", - "3.6.1.3.7", - "3.6.1.3.8", - "3.6.1.4.7", - "3.6.1.4.8", - "3.6.1.7", - "3.6.1.8", - "3.7.1.8", - "3.7.1.9", - "3.7.2.7", - "3.7.2.8", - "3.7.4.5", - "3.7.4.8", - "3.7.4.9", - "3.7.5.2", - "3.7.6.7", - "3.7.6.8", - "3.7.7.7", - "3.7.7.8", - "4.2.1.1.20", - "4.2.1.1.21", - "7.2.1.9", - "7.2.1.10", - "7.2.2.9", - "7.2.2.10", - "7.2.3.5", - "7.2.3.6", - "7.2.5.5", - "7.2.5.6", - "7.3.1.5", - "7.3.1.6", - "7.3.2.5", - "7.3.2.6", - "7.3.3.5", - "7.3.3.6", - "8.2.7.5", - "8.2.7.6", - "8.2.8.7", - "8.2.8.8", - "8.3.2.9", - "8.3.2.24", - "8.3.2.50", - "8.3.2.51", - "8.3.2.53", - "8.3.2.54", - "8.3.4.5", - "8.3.4.6", - "A1.2.1.11" - ], - "MITRE-ATTACK": [ - "T1190" - ], - "CIS-2.0": [ - "1.9" - ], - "NIS2": [ - "9.2.c", - "9.2.c.i", - "9.2.c.iv", - "9.2.c.vi", - "9.2.c.xii", - "11.4.2.c", - "11.6.1" - ], - "ProwlerThreatScore-1.0": [ - "1.2.3" - ], - "CIS-4.0": [ - "1.9" - ], - "CCC": [ - "CCC.GenAI.CN03.AR01", - "CCC.GenAI.CN04.AR01", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR01", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN02.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04", - "CCC.Core.CN11.AR05", - "CCC.Core.CN11.AR06", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "Check for Publicly Accessible Cloud KMS Keys", - "title": "Check for Publicly Accessible Cloud KMS Keys", - "types": [], - "uid": "prowler-gcp-kms_key_not_publicly_accessible-nodal-time-474015-p5-us-central1-cfi-bucket-key-e7619e1f" - }, - "resources": [ - { - "region": "us-central1", - "data": { - "details": "", - "metadata": { - "id": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-e7619e1f/cryptoKeys/cfi-bucket-key-e7619e1f", - "name": "cfi-bucket-key-e7619e1f", - "location": "us-central1", - "rotation_period": null, - "next_rotation_time": null, - "key_ring": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-e7619e1f", - "members": [], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "cfi-bucket-key-e7619e1f", - "type": "CryptoKey", - "uid": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-e7619e1f/cryptoKeys/cfi-bucket-key-e7619e1f" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-central1" - }, - "remediation": { - "desc": "To deny access from anonymous and public users, remove the bindings for 'allUsers' and 'allAuthenticatedUsers' members from the KMS key's IAM policy.", - "references": [ - "https://cloud.google.com/kms/docs/iam" - ] - }, - "risk_details": "Ensure that the IAM policy associated with your Cloud Key Management Service (KMS) keys is restricting anonymous and/or public access", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Key cfi-bucket-key-f5bc86ea is not exposed to Public.", - "metadata": { - "event_code": "kms_key_not_publicly_accessible", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Key cfi-bucket-key-f5bc86ea is not exposed to Public.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.9" - ], - "ISO27001-2022": [ - "A.8.1", - "A.8.12", - "A.8.24" - ], - "ENS-RD2022": [ - "op.exp.10.gcp.kms.1" - ], - "PCI-4.0": [ - "10.3.3.6", - "3.5.1.1.7", - "3.5.1.1.8", - "3.5.1.3.15", - "3.5.1.3.16", - "3.5.1.5", - "3.5.1.15", - "3.5.1.16", - "3.5.1.17", - "3.5.1.31", - "3.5.1.32", - "3.5.1.35", - "3.6.1.2.7", - "3.6.1.2.8", - "3.6.1.3.7", - "3.6.1.3.8", - "3.6.1.4.7", - "3.6.1.4.8", - "3.6.1.7", - "3.6.1.8", - "3.7.1.8", - "3.7.1.9", - "3.7.2.7", - "3.7.2.8", - "3.7.4.5", - "3.7.4.8", - "3.7.4.9", - "3.7.5.2", - "3.7.6.7", - "3.7.6.8", - "3.7.7.7", - "3.7.7.8", - "4.2.1.1.20", - "4.2.1.1.21", - "7.2.1.9", - "7.2.1.10", - "7.2.2.9", - "7.2.2.10", - "7.2.3.5", - "7.2.3.6", - "7.2.5.5", - "7.2.5.6", - "7.3.1.5", - "7.3.1.6", - "7.3.2.5", - "7.3.2.6", - "7.3.3.5", - "7.3.3.6", - "8.2.7.5", - "8.2.7.6", - "8.2.8.7", - "8.2.8.8", - "8.3.2.9", - "8.3.2.24", - "8.3.2.50", - "8.3.2.51", - "8.3.2.53", - "8.3.2.54", - "8.3.4.5", - "8.3.4.6", - "A1.2.1.11" - ], - "MITRE-ATTACK": [ - "T1190" - ], - "CIS-2.0": [ - "1.9" - ], - "NIS2": [ - "9.2.c", - "9.2.c.i", - "9.2.c.iv", - "9.2.c.vi", - "9.2.c.xii", - "11.4.2.c", - "11.6.1" - ], - "ProwlerThreatScore-1.0": [ - "1.2.3" - ], - "CIS-4.0": [ - "1.9" - ], - "CCC": [ - "CCC.GenAI.CN03.AR01", - "CCC.GenAI.CN04.AR01", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR01", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN02.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04", - "CCC.Core.CN11.AR05", - "CCC.Core.CN11.AR06", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "Check for Publicly Accessible Cloud KMS Keys", - "title": "Check for Publicly Accessible Cloud KMS Keys", - "types": [], - "uid": "prowler-gcp-kms_key_not_publicly_accessible-nodal-time-474015-p5-us-central1-cfi-bucket-key-f5bc86ea" - }, - "resources": [ - { - "region": "us-central1", - "data": { - "details": "", - "metadata": { - "id": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-f5bc86ea/cryptoKeys/cfi-bucket-key-f5bc86ea", - "name": "cfi-bucket-key-f5bc86ea", - "location": "us-central1", - "rotation_period": null, - "next_rotation_time": null, - "key_ring": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-f5bc86ea", - "members": [], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "cfi-bucket-key-f5bc86ea", - "type": "CryptoKey", - "uid": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-f5bc86ea/cryptoKeys/cfi-bucket-key-f5bc86ea" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-central1" - }, - "remediation": { - "desc": "To deny access from anonymous and public users, remove the bindings for 'allUsers' and 'allAuthenticatedUsers' members from the KMS key's IAM policy.", - "references": [ - "https://cloud.google.com/kms/docs/iam" - ] - }, - "risk_details": "Ensure that the IAM policy associated with your Cloud Key Management Service (KMS) keys is restricting anonymous and/or public access", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Key cfi-bucket-key-13fa4761 is not rotated every 90 days or less and the next rotation time is in more than 90 days.", - "metadata": { - "event_code": "kms_key_rotation_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "Key cfi-bucket-key-13fa4761 is not rotated every 90 days or less and the next rotation time is in more than 90 days.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.10" - ], - "ISO27001-2022": [ - "A.5.16", - "A.8.12", - "A.8.24" - ], - "ENS-RD2022": [ - "op.acc.6.r1.gcp.ip.1" - ], - "PCI-4.0": [ - "10.3.3.6", - "3.5.1.1.7", - "3.5.1.1.8", - "3.5.1.1.9", - "3.5.1.3.15", - "3.5.1.3.16", - "3.5.1.3.17", - "3.5.1.5", - "3.5.1.15", - "3.5.1.31", - "3.5.1.32", - "3.6.1.2.7", - "3.6.1.2.8", - "3.6.1.2.9", - "3.6.1.3.8", - "3.6.1.3.9", - "3.6.1.4.7", - "3.6.1.4.8", - "3.6.1.4.9", - "3.6.1.7", - "3.6.1.8", - "3.6.1.9", - "3.7.1.9", - "3.7.1.10", - "3.7.2.8", - "3.7.2.9", - "3.7.4.5", - "3.7.4.9", - "3.7.4.10", - "3.7.5.2", - "3.7.6.7", - "3.7.6.8", - "3.7.6.9", - "3.7.7.8", - "3.7.7.9", - "4.2.1.1.20", - "4.2.1.1.21", - "4.2.1.1.22", - "7.2.1.10", - "7.2.2.10", - "7.2.3.5", - "7.2.3.6", - "7.2.5.5", - "7.2.5.6", - "7.3.1.5", - "7.3.1.6", - "7.3.2.6", - "7.3.3.5", - "7.3.3.6", - "8.2.7.5", - "8.2.7.6", - "8.2.8.8", - "8.3.10.1.1", - "8.3.2.9", - "8.3.2.22", - "8.3.2.50", - "8.3.2.51", - "8.3.4.6", - "8.3.5.1", - "8.3.7.1", - "8.3.9.1", - "8.6.3.1", - "A1.2.1.11" - ], - "CIS-2.0": [ - "1.10" - ], - "NIS2": [ - "9.2.c", - "9.2.c.i", - "9.2.c.ii", - "9.2.c.v", - "9.2.c.vi", - "9.2.c.xii", - "11.4.2.c", - "11.6.1", - "11.6.2.c", - "12.2.2.a", - "12.2.2.b" - ], - "ProwlerThreatScore-1.0": [ - "1.2.4" - ], - "CIS-4.0": [ - "1.10" - ], - "CCC": [ - "CCC.GenAI.CN08.AR01", - "CCC.KeyMgmt.CN03.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR01", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.Core.CN13.AR03", - "CCC.Core.CN02.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04", - "CCC.Core.CN11.AR05", - "CCC.Core.CN11.AR06", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "Ensure KMS keys are rotated within a period of 90 days", - "title": "Ensure KMS keys are rotated within a period of 90 days", - "types": [], - "uid": "prowler-gcp-kms_key_rotation_enabled-nodal-time-474015-p5-us-central1-cfi-bucket-key-13fa4761" - }, - "resources": [ - { - "region": "us-central1", - "data": { - "details": "", - "metadata": { - "id": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-13fa4761/cryptoKeys/cfi-bucket-key-13fa4761", - "name": "cfi-bucket-key-13fa4761", - "location": "us-central1", - "rotation_period": null, - "next_rotation_time": null, - "key_ring": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-13fa4761", - "members": [], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "cfi-bucket-key-13fa4761", - "type": "CryptoKey", - "uid": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-13fa4761/cryptoKeys/cfi-bucket-key-13fa4761" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-central1" - }, - "remediation": { - "desc": "After a successful key rotation, the older key version is required in order to decrypt the data encrypted by that previous key version.", - "references": [ - "https://cloud.google.com/iam/docs/manage-access-service-accounts" - ] - }, - "risk_details": "Ensure that all your Cloud Key Management Service (KMS) keys are rotated within a period of 90 days in order to meet security and compliance requirements", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Key cfi-bucket-key-1c7d7a2a is not rotated every 90 days or less and the next rotation time is in more than 90 days.", - "metadata": { - "event_code": "kms_key_rotation_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "Key cfi-bucket-key-1c7d7a2a is not rotated every 90 days or less and the next rotation time is in more than 90 days.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.10" - ], - "ISO27001-2022": [ - "A.5.16", - "A.8.12", - "A.8.24" - ], - "ENS-RD2022": [ - "op.acc.6.r1.gcp.ip.1" - ], - "PCI-4.0": [ - "10.3.3.6", - "3.5.1.1.7", - "3.5.1.1.8", - "3.5.1.1.9", - "3.5.1.3.15", - "3.5.1.3.16", - "3.5.1.3.17", - "3.5.1.5", - "3.5.1.15", - "3.5.1.31", - "3.5.1.32", - "3.6.1.2.7", - "3.6.1.2.8", - "3.6.1.2.9", - "3.6.1.3.8", - "3.6.1.3.9", - "3.6.1.4.7", - "3.6.1.4.8", - "3.6.1.4.9", - "3.6.1.7", - "3.6.1.8", - "3.6.1.9", - "3.7.1.9", - "3.7.1.10", - "3.7.2.8", - "3.7.2.9", - "3.7.4.5", - "3.7.4.9", - "3.7.4.10", - "3.7.5.2", - "3.7.6.7", - "3.7.6.8", - "3.7.6.9", - "3.7.7.8", - "3.7.7.9", - "4.2.1.1.20", - "4.2.1.1.21", - "4.2.1.1.22", - "7.2.1.10", - "7.2.2.10", - "7.2.3.5", - "7.2.3.6", - "7.2.5.5", - "7.2.5.6", - "7.3.1.5", - "7.3.1.6", - "7.3.2.6", - "7.3.3.5", - "7.3.3.6", - "8.2.7.5", - "8.2.7.6", - "8.2.8.8", - "8.3.10.1.1", - "8.3.2.9", - "8.3.2.22", - "8.3.2.50", - "8.3.2.51", - "8.3.4.6", - "8.3.5.1", - "8.3.7.1", - "8.3.9.1", - "8.6.3.1", - "A1.2.1.11" - ], - "CIS-2.0": [ - "1.10" - ], - "NIS2": [ - "9.2.c", - "9.2.c.i", - "9.2.c.ii", - "9.2.c.v", - "9.2.c.vi", - "9.2.c.xii", - "11.4.2.c", - "11.6.1", - "11.6.2.c", - "12.2.2.a", - "12.2.2.b" - ], - "ProwlerThreatScore-1.0": [ - "1.2.4" - ], - "CIS-4.0": [ - "1.10" - ], - "CCC": [ - "CCC.GenAI.CN08.AR01", - "CCC.KeyMgmt.CN03.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR01", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.Core.CN13.AR03", - "CCC.Core.CN02.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04", - "CCC.Core.CN11.AR05", - "CCC.Core.CN11.AR06", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "Ensure KMS keys are rotated within a period of 90 days", - "title": "Ensure KMS keys are rotated within a period of 90 days", - "types": [], - "uid": "prowler-gcp-kms_key_rotation_enabled-nodal-time-474015-p5-us-central1-cfi-bucket-key-1c7d7a2a" - }, - "resources": [ - { - "region": "us-central1", - "data": { - "details": "", - "metadata": { - "id": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-1c7d7a2a/cryptoKeys/cfi-bucket-key-1c7d7a2a", - "name": "cfi-bucket-key-1c7d7a2a", - "location": "us-central1", - "rotation_period": null, - "next_rotation_time": null, - "key_ring": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-1c7d7a2a", - "members": [], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "cfi-bucket-key-1c7d7a2a", - "type": "CryptoKey", - "uid": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-1c7d7a2a/cryptoKeys/cfi-bucket-key-1c7d7a2a" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-central1" - }, - "remediation": { - "desc": "After a successful key rotation, the older key version is required in order to decrypt the data encrypted by that previous key version.", - "references": [ - "https://cloud.google.com/iam/docs/manage-access-service-accounts" - ] - }, - "risk_details": "Ensure that all your Cloud Key Management Service (KMS) keys are rotated within a period of 90 days in order to meet security and compliance requirements", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Key cfi-bucket-key-1fba850e is rotated every 90 days or less and the next rotation time is in less than 90 days.", - "metadata": { - "event_code": "kms_key_rotation_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "PASS", - "status_detail": "Key cfi-bucket-key-1fba850e is rotated every 90 days or less and the next rotation time is in less than 90 days.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.10" - ], - "ISO27001-2022": [ - "A.5.16", - "A.8.12", - "A.8.24" - ], - "ENS-RD2022": [ - "op.acc.6.r1.gcp.ip.1" - ], - "PCI-4.0": [ - "10.3.3.6", - "3.5.1.1.7", - "3.5.1.1.8", - "3.5.1.1.9", - "3.5.1.3.15", - "3.5.1.3.16", - "3.5.1.3.17", - "3.5.1.5", - "3.5.1.15", - "3.5.1.31", - "3.5.1.32", - "3.6.1.2.7", - "3.6.1.2.8", - "3.6.1.2.9", - "3.6.1.3.8", - "3.6.1.3.9", - "3.6.1.4.7", - "3.6.1.4.8", - "3.6.1.4.9", - "3.6.1.7", - "3.6.1.8", - "3.6.1.9", - "3.7.1.9", - "3.7.1.10", - "3.7.2.8", - "3.7.2.9", - "3.7.4.5", - "3.7.4.9", - "3.7.4.10", - "3.7.5.2", - "3.7.6.7", - "3.7.6.8", - "3.7.6.9", - "3.7.7.8", - "3.7.7.9", - "4.2.1.1.20", - "4.2.1.1.21", - "4.2.1.1.22", - "7.2.1.10", - "7.2.2.10", - "7.2.3.5", - "7.2.3.6", - "7.2.5.5", - "7.2.5.6", - "7.3.1.5", - "7.3.1.6", - "7.3.2.6", - "7.3.3.5", - "7.3.3.6", - "8.2.7.5", - "8.2.7.6", - "8.2.8.8", - "8.3.10.1.1", - "8.3.2.9", - "8.3.2.22", - "8.3.2.50", - "8.3.2.51", - "8.3.4.6", - "8.3.5.1", - "8.3.7.1", - "8.3.9.1", - "8.6.3.1", - "A1.2.1.11" - ], - "CIS-2.0": [ - "1.10" - ], - "NIS2": [ - "9.2.c", - "9.2.c.i", - "9.2.c.ii", - "9.2.c.v", - "9.2.c.vi", - "9.2.c.xii", - "11.4.2.c", - "11.6.1", - "11.6.2.c", - "12.2.2.a", - "12.2.2.b" - ], - "ProwlerThreatScore-1.0": [ - "1.2.4" - ], - "CIS-4.0": [ - "1.10" - ], - "CCC": [ - "CCC.GenAI.CN08.AR01", - "CCC.KeyMgmt.CN03.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR01", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.Core.CN13.AR03", - "CCC.Core.CN02.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04", - "CCC.Core.CN11.AR05", - "CCC.Core.CN11.AR06", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "Ensure KMS keys are rotated within a period of 90 days", - "title": "Ensure KMS keys are rotated within a period of 90 days", - "types": [], - "uid": "prowler-gcp-kms_key_rotation_enabled-nodal-time-474015-p5-us-central1-cfi-bucket-key-1fba850e" - }, - "resources": [ - { - "region": "us-central1", - "data": { - "details": "", - "metadata": { - "id": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-1fba850e/cryptoKeys/cfi-bucket-key-1fba850e", - "name": "cfi-bucket-key-1fba850e", - "location": "us-central1", - "rotation_period": "2592000s", - "next_rotation_time": "2025-11-15T23:25:31.957183Z", - "key_ring": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-1fba850e", - "members": [], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "cfi-bucket-key-1fba850e", - "type": "CryptoKey", - "uid": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-1fba850e/cryptoKeys/cfi-bucket-key-1fba850e" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-central1" - }, - "remediation": { - "desc": "After a successful key rotation, the older key version is required in order to decrypt the data encrypted by that previous key version.", - "references": [ - "https://cloud.google.com/iam/docs/manage-access-service-accounts" - ] - }, - "risk_details": "Ensure that all your Cloud Key Management Service (KMS) keys are rotated within a period of 90 days in order to meet security and compliance requirements", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Key cfi-bucket-key-4cd10935 is not rotated every 90 days or less and the next rotation time is in more than 90 days.", - "metadata": { - "event_code": "kms_key_rotation_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "Key cfi-bucket-key-4cd10935 is not rotated every 90 days or less and the next rotation time is in more than 90 days.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.10" - ], - "ISO27001-2022": [ - "A.5.16", - "A.8.12", - "A.8.24" - ], - "ENS-RD2022": [ - "op.acc.6.r1.gcp.ip.1" - ], - "PCI-4.0": [ - "10.3.3.6", - "3.5.1.1.7", - "3.5.1.1.8", - "3.5.1.1.9", - "3.5.1.3.15", - "3.5.1.3.16", - "3.5.1.3.17", - "3.5.1.5", - "3.5.1.15", - "3.5.1.31", - "3.5.1.32", - "3.6.1.2.7", - "3.6.1.2.8", - "3.6.1.2.9", - "3.6.1.3.8", - "3.6.1.3.9", - "3.6.1.4.7", - "3.6.1.4.8", - "3.6.1.4.9", - "3.6.1.7", - "3.6.1.8", - "3.6.1.9", - "3.7.1.9", - "3.7.1.10", - "3.7.2.8", - "3.7.2.9", - "3.7.4.5", - "3.7.4.9", - "3.7.4.10", - "3.7.5.2", - "3.7.6.7", - "3.7.6.8", - "3.7.6.9", - "3.7.7.8", - "3.7.7.9", - "4.2.1.1.20", - "4.2.1.1.21", - "4.2.1.1.22", - "7.2.1.10", - "7.2.2.10", - "7.2.3.5", - "7.2.3.6", - "7.2.5.5", - "7.2.5.6", - "7.3.1.5", - "7.3.1.6", - "7.3.2.6", - "7.3.3.5", - "7.3.3.6", - "8.2.7.5", - "8.2.7.6", - "8.2.8.8", - "8.3.10.1.1", - "8.3.2.9", - "8.3.2.22", - "8.3.2.50", - "8.3.2.51", - "8.3.4.6", - "8.3.5.1", - "8.3.7.1", - "8.3.9.1", - "8.6.3.1", - "A1.2.1.11" - ], - "CIS-2.0": [ - "1.10" - ], - "NIS2": [ - "9.2.c", - "9.2.c.i", - "9.2.c.ii", - "9.2.c.v", - "9.2.c.vi", - "9.2.c.xii", - "11.4.2.c", - "11.6.1", - "11.6.2.c", - "12.2.2.a", - "12.2.2.b" - ], - "ProwlerThreatScore-1.0": [ - "1.2.4" - ], - "CIS-4.0": [ - "1.10" - ], - "CCC": [ - "CCC.GenAI.CN08.AR01", - "CCC.KeyMgmt.CN03.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR01", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.Core.CN13.AR03", - "CCC.Core.CN02.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04", - "CCC.Core.CN11.AR05", - "CCC.Core.CN11.AR06", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "Ensure KMS keys are rotated within a period of 90 days", - "title": "Ensure KMS keys are rotated within a period of 90 days", - "types": [], - "uid": "prowler-gcp-kms_key_rotation_enabled-nodal-time-474015-p5-us-central1-cfi-bucket-key-4cd10935" - }, - "resources": [ - { - "region": "us-central1", - "data": { - "details": "", - "metadata": { - "id": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-4cd10935/cryptoKeys/cfi-bucket-key-4cd10935", - "name": "cfi-bucket-key-4cd10935", - "location": "us-central1", - "rotation_period": null, - "next_rotation_time": null, - "key_ring": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-4cd10935", - "members": [], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "cfi-bucket-key-4cd10935", - "type": "CryptoKey", - "uid": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-4cd10935/cryptoKeys/cfi-bucket-key-4cd10935" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-central1" - }, - "remediation": { - "desc": "After a successful key rotation, the older key version is required in order to decrypt the data encrypted by that previous key version.", - "references": [ - "https://cloud.google.com/iam/docs/manage-access-service-accounts" - ] - }, - "risk_details": "Ensure that all your Cloud Key Management Service (KMS) keys are rotated within a period of 90 days in order to meet security and compliance requirements", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Key cfi-bucket-key-7a427af0 is rotated every 90 days or less and the next rotation time is in less than 90 days.", - "metadata": { - "event_code": "kms_key_rotation_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "PASS", - "status_detail": "Key cfi-bucket-key-7a427af0 is rotated every 90 days or less and the next rotation time is in less than 90 days.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.10" - ], - "ISO27001-2022": [ - "A.5.16", - "A.8.12", - "A.8.24" - ], - "ENS-RD2022": [ - "op.acc.6.r1.gcp.ip.1" - ], - "PCI-4.0": [ - "10.3.3.6", - "3.5.1.1.7", - "3.5.1.1.8", - "3.5.1.1.9", - "3.5.1.3.15", - "3.5.1.3.16", - "3.5.1.3.17", - "3.5.1.5", - "3.5.1.15", - "3.5.1.31", - "3.5.1.32", - "3.6.1.2.7", - "3.6.1.2.8", - "3.6.1.2.9", - "3.6.1.3.8", - "3.6.1.3.9", - "3.6.1.4.7", - "3.6.1.4.8", - "3.6.1.4.9", - "3.6.1.7", - "3.6.1.8", - "3.6.1.9", - "3.7.1.9", - "3.7.1.10", - "3.7.2.8", - "3.7.2.9", - "3.7.4.5", - "3.7.4.9", - "3.7.4.10", - "3.7.5.2", - "3.7.6.7", - "3.7.6.8", - "3.7.6.9", - "3.7.7.8", - "3.7.7.9", - "4.2.1.1.20", - "4.2.1.1.21", - "4.2.1.1.22", - "7.2.1.10", - "7.2.2.10", - "7.2.3.5", - "7.2.3.6", - "7.2.5.5", - "7.2.5.6", - "7.3.1.5", - "7.3.1.6", - "7.3.2.6", - "7.3.3.5", - "7.3.3.6", - "8.2.7.5", - "8.2.7.6", - "8.2.8.8", - "8.3.10.1.1", - "8.3.2.9", - "8.3.2.22", - "8.3.2.50", - "8.3.2.51", - "8.3.4.6", - "8.3.5.1", - "8.3.7.1", - "8.3.9.1", - "8.6.3.1", - "A1.2.1.11" - ], - "CIS-2.0": [ - "1.10" - ], - "NIS2": [ - "9.2.c", - "9.2.c.i", - "9.2.c.ii", - "9.2.c.v", - "9.2.c.vi", - "9.2.c.xii", - "11.4.2.c", - "11.6.1", - "11.6.2.c", - "12.2.2.a", - "12.2.2.b" - ], - "ProwlerThreatScore-1.0": [ - "1.2.4" - ], - "CIS-4.0": [ - "1.10" - ], - "CCC": [ - "CCC.GenAI.CN08.AR01", - "CCC.KeyMgmt.CN03.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR01", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.Core.CN13.AR03", - "CCC.Core.CN02.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04", - "CCC.Core.CN11.AR05", - "CCC.Core.CN11.AR06", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "Ensure KMS keys are rotated within a period of 90 days", - "title": "Ensure KMS keys are rotated within a period of 90 days", - "types": [], - "uid": "prowler-gcp-kms_key_rotation_enabled-nodal-time-474015-p5-us-central1-cfi-bucket-key-7a427af0" - }, - "resources": [ - { - "region": "us-central1", - "data": { - "details": "", - "metadata": { - "id": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-7a427af0/cryptoKeys/cfi-bucket-key-7a427af0", - "name": "cfi-bucket-key-7a427af0", - "location": "us-central1", - "rotation_period": "2592000s", - "next_rotation_time": "2025-11-16T15:28:10.344444Z", - "key_ring": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-7a427af0", - "members": [], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "cfi-bucket-key-7a427af0", - "type": "CryptoKey", - "uid": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-7a427af0/cryptoKeys/cfi-bucket-key-7a427af0" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-central1" - }, - "remediation": { - "desc": "After a successful key rotation, the older key version is required in order to decrypt the data encrypted by that previous key version.", - "references": [ - "https://cloud.google.com/iam/docs/manage-access-service-accounts" - ] - }, - "risk_details": "Ensure that all your Cloud Key Management Service (KMS) keys are rotated within a period of 90 days in order to meet security and compliance requirements", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Key cfi-bucket-key-a03be2ac is not rotated every 90 days or less and the next rotation time is in more than 90 days.", - "metadata": { - "event_code": "kms_key_rotation_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "Key cfi-bucket-key-a03be2ac is not rotated every 90 days or less and the next rotation time is in more than 90 days.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.10" - ], - "ISO27001-2022": [ - "A.5.16", - "A.8.12", - "A.8.24" - ], - "ENS-RD2022": [ - "op.acc.6.r1.gcp.ip.1" - ], - "PCI-4.0": [ - "10.3.3.6", - "3.5.1.1.7", - "3.5.1.1.8", - "3.5.1.1.9", - "3.5.1.3.15", - "3.5.1.3.16", - "3.5.1.3.17", - "3.5.1.5", - "3.5.1.15", - "3.5.1.31", - "3.5.1.32", - "3.6.1.2.7", - "3.6.1.2.8", - "3.6.1.2.9", - "3.6.1.3.8", - "3.6.1.3.9", - "3.6.1.4.7", - "3.6.1.4.8", - "3.6.1.4.9", - "3.6.1.7", - "3.6.1.8", - "3.6.1.9", - "3.7.1.9", - "3.7.1.10", - "3.7.2.8", - "3.7.2.9", - "3.7.4.5", - "3.7.4.9", - "3.7.4.10", - "3.7.5.2", - "3.7.6.7", - "3.7.6.8", - "3.7.6.9", - "3.7.7.8", - "3.7.7.9", - "4.2.1.1.20", - "4.2.1.1.21", - "4.2.1.1.22", - "7.2.1.10", - "7.2.2.10", - "7.2.3.5", - "7.2.3.6", - "7.2.5.5", - "7.2.5.6", - "7.3.1.5", - "7.3.1.6", - "7.3.2.6", - "7.3.3.5", - "7.3.3.6", - "8.2.7.5", - "8.2.7.6", - "8.2.8.8", - "8.3.10.1.1", - "8.3.2.9", - "8.3.2.22", - "8.3.2.50", - "8.3.2.51", - "8.3.4.6", - "8.3.5.1", - "8.3.7.1", - "8.3.9.1", - "8.6.3.1", - "A1.2.1.11" - ], - "CIS-2.0": [ - "1.10" - ], - "NIS2": [ - "9.2.c", - "9.2.c.i", - "9.2.c.ii", - "9.2.c.v", - "9.2.c.vi", - "9.2.c.xii", - "11.4.2.c", - "11.6.1", - "11.6.2.c", - "12.2.2.a", - "12.2.2.b" - ], - "ProwlerThreatScore-1.0": [ - "1.2.4" - ], - "CIS-4.0": [ - "1.10" - ], - "CCC": [ - "CCC.GenAI.CN08.AR01", - "CCC.KeyMgmt.CN03.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR01", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.Core.CN13.AR03", - "CCC.Core.CN02.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04", - "CCC.Core.CN11.AR05", - "CCC.Core.CN11.AR06", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "Ensure KMS keys are rotated within a period of 90 days", - "title": "Ensure KMS keys are rotated within a period of 90 days", - "types": [], - "uid": "prowler-gcp-kms_key_rotation_enabled-nodal-time-474015-p5-us-central1-cfi-bucket-key-a03be2ac" - }, - "resources": [ - { - "region": "us-central1", - "data": { - "details": "", - "metadata": { - "id": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-a03be2ac/cryptoKeys/cfi-bucket-key-a03be2ac", - "name": "cfi-bucket-key-a03be2ac", - "location": "us-central1", - "rotation_period": null, - "next_rotation_time": null, - "key_ring": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-a03be2ac", - "members": [], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "cfi-bucket-key-a03be2ac", - "type": "CryptoKey", - "uid": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-a03be2ac/cryptoKeys/cfi-bucket-key-a03be2ac" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-central1" - }, - "remediation": { - "desc": "After a successful key rotation, the older key version is required in order to decrypt the data encrypted by that previous key version.", - "references": [ - "https://cloud.google.com/iam/docs/manage-access-service-accounts" - ] - }, - "risk_details": "Ensure that all your Cloud Key Management Service (KMS) keys are rotated within a period of 90 days in order to meet security and compliance requirements", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Key cfi-bucket-key-a1aaa547 is rotated every 90 days or less and the next rotation time is in less than 90 days.", - "metadata": { - "event_code": "kms_key_rotation_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "PASS", - "status_detail": "Key cfi-bucket-key-a1aaa547 is rotated every 90 days or less and the next rotation time is in less than 90 days.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.10" - ], - "ISO27001-2022": [ - "A.5.16", - "A.8.12", - "A.8.24" - ], - "ENS-RD2022": [ - "op.acc.6.r1.gcp.ip.1" - ], - "PCI-4.0": [ - "10.3.3.6", - "3.5.1.1.7", - "3.5.1.1.8", - "3.5.1.1.9", - "3.5.1.3.15", - "3.5.1.3.16", - "3.5.1.3.17", - "3.5.1.5", - "3.5.1.15", - "3.5.1.31", - "3.5.1.32", - "3.6.1.2.7", - "3.6.1.2.8", - "3.6.1.2.9", - "3.6.1.3.8", - "3.6.1.3.9", - "3.6.1.4.7", - "3.6.1.4.8", - "3.6.1.4.9", - "3.6.1.7", - "3.6.1.8", - "3.6.1.9", - "3.7.1.9", - "3.7.1.10", - "3.7.2.8", - "3.7.2.9", - "3.7.4.5", - "3.7.4.9", - "3.7.4.10", - "3.7.5.2", - "3.7.6.7", - "3.7.6.8", - "3.7.6.9", - "3.7.7.8", - "3.7.7.9", - "4.2.1.1.20", - "4.2.1.1.21", - "4.2.1.1.22", - "7.2.1.10", - "7.2.2.10", - "7.2.3.5", - "7.2.3.6", - "7.2.5.5", - "7.2.5.6", - "7.3.1.5", - "7.3.1.6", - "7.3.2.6", - "7.3.3.5", - "7.3.3.6", - "8.2.7.5", - "8.2.7.6", - "8.2.8.8", - "8.3.10.1.1", - "8.3.2.9", - "8.3.2.22", - "8.3.2.50", - "8.3.2.51", - "8.3.4.6", - "8.3.5.1", - "8.3.7.1", - "8.3.9.1", - "8.6.3.1", - "A1.2.1.11" - ], - "CIS-2.0": [ - "1.10" - ], - "NIS2": [ - "9.2.c", - "9.2.c.i", - "9.2.c.ii", - "9.2.c.v", - "9.2.c.vi", - "9.2.c.xii", - "11.4.2.c", - "11.6.1", - "11.6.2.c", - "12.2.2.a", - "12.2.2.b" - ], - "ProwlerThreatScore-1.0": [ - "1.2.4" - ], - "CIS-4.0": [ - "1.10" - ], - "CCC": [ - "CCC.GenAI.CN08.AR01", - "CCC.KeyMgmt.CN03.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR01", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.Core.CN13.AR03", - "CCC.Core.CN02.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04", - "CCC.Core.CN11.AR05", - "CCC.Core.CN11.AR06", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "Ensure KMS keys are rotated within a period of 90 days", - "title": "Ensure KMS keys are rotated within a period of 90 days", - "types": [], - "uid": "prowler-gcp-kms_key_rotation_enabled-nodal-time-474015-p5-us-central1-cfi-bucket-key-a1aaa547" - }, - "resources": [ - { - "region": "us-central1", - "data": { - "details": "", - "metadata": { - "id": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-a1aaa547/cryptoKeys/cfi-bucket-key-a1aaa547", - "name": "cfi-bucket-key-a1aaa547", - "location": "us-central1", - "rotation_period": "2592000s", - "next_rotation_time": "2025-11-16T00:25:56.259471Z", - "key_ring": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-a1aaa547", - "members": [], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "cfi-bucket-key-a1aaa547", - "type": "CryptoKey", - "uid": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-a1aaa547/cryptoKeys/cfi-bucket-key-a1aaa547" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-central1" - }, - "remediation": { - "desc": "After a successful key rotation, the older key version is required in order to decrypt the data encrypted by that previous key version.", - "references": [ - "https://cloud.google.com/iam/docs/manage-access-service-accounts" - ] - }, - "risk_details": "Ensure that all your Cloud Key Management Service (KMS) keys are rotated within a period of 90 days in order to meet security and compliance requirements", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Key cfi-bucket-key-e7619e1f is not rotated every 90 days or less and the next rotation time is in more than 90 days.", - "metadata": { - "event_code": "kms_key_rotation_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "Key cfi-bucket-key-e7619e1f is not rotated every 90 days or less and the next rotation time is in more than 90 days.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.10" - ], - "ISO27001-2022": [ - "A.5.16", - "A.8.12", - "A.8.24" - ], - "ENS-RD2022": [ - "op.acc.6.r1.gcp.ip.1" - ], - "PCI-4.0": [ - "10.3.3.6", - "3.5.1.1.7", - "3.5.1.1.8", - "3.5.1.1.9", - "3.5.1.3.15", - "3.5.1.3.16", - "3.5.1.3.17", - "3.5.1.5", - "3.5.1.15", - "3.5.1.31", - "3.5.1.32", - "3.6.1.2.7", - "3.6.1.2.8", - "3.6.1.2.9", - "3.6.1.3.8", - "3.6.1.3.9", - "3.6.1.4.7", - "3.6.1.4.8", - "3.6.1.4.9", - "3.6.1.7", - "3.6.1.8", - "3.6.1.9", - "3.7.1.9", - "3.7.1.10", - "3.7.2.8", - "3.7.2.9", - "3.7.4.5", - "3.7.4.9", - "3.7.4.10", - "3.7.5.2", - "3.7.6.7", - "3.7.6.8", - "3.7.6.9", - "3.7.7.8", - "3.7.7.9", - "4.2.1.1.20", - "4.2.1.1.21", - "4.2.1.1.22", - "7.2.1.10", - "7.2.2.10", - "7.2.3.5", - "7.2.3.6", - "7.2.5.5", - "7.2.5.6", - "7.3.1.5", - "7.3.1.6", - "7.3.2.6", - "7.3.3.5", - "7.3.3.6", - "8.2.7.5", - "8.2.7.6", - "8.2.8.8", - "8.3.10.1.1", - "8.3.2.9", - "8.3.2.22", - "8.3.2.50", - "8.3.2.51", - "8.3.4.6", - "8.3.5.1", - "8.3.7.1", - "8.3.9.1", - "8.6.3.1", - "A1.2.1.11" - ], - "CIS-2.0": [ - "1.10" - ], - "NIS2": [ - "9.2.c", - "9.2.c.i", - "9.2.c.ii", - "9.2.c.v", - "9.2.c.vi", - "9.2.c.xii", - "11.4.2.c", - "11.6.1", - "11.6.2.c", - "12.2.2.a", - "12.2.2.b" - ], - "ProwlerThreatScore-1.0": [ - "1.2.4" - ], - "CIS-4.0": [ - "1.10" - ], - "CCC": [ - "CCC.GenAI.CN08.AR01", - "CCC.KeyMgmt.CN03.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR01", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.Core.CN13.AR03", - "CCC.Core.CN02.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04", - "CCC.Core.CN11.AR05", - "CCC.Core.CN11.AR06", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "Ensure KMS keys are rotated within a period of 90 days", - "title": "Ensure KMS keys are rotated within a period of 90 days", - "types": [], - "uid": "prowler-gcp-kms_key_rotation_enabled-nodal-time-474015-p5-us-central1-cfi-bucket-key-e7619e1f" - }, - "resources": [ - { - "region": "us-central1", - "data": { - "details": "", - "metadata": { - "id": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-e7619e1f/cryptoKeys/cfi-bucket-key-e7619e1f", - "name": "cfi-bucket-key-e7619e1f", - "location": "us-central1", - "rotation_period": null, - "next_rotation_time": null, - "key_ring": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-e7619e1f", - "members": [], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "cfi-bucket-key-e7619e1f", - "type": "CryptoKey", - "uid": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-e7619e1f/cryptoKeys/cfi-bucket-key-e7619e1f" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-central1" - }, - "remediation": { - "desc": "After a successful key rotation, the older key version is required in order to decrypt the data encrypted by that previous key version.", - "references": [ - "https://cloud.google.com/iam/docs/manage-access-service-accounts" - ] - }, - "risk_details": "Ensure that all your Cloud Key Management Service (KMS) keys are rotated within a period of 90 days in order to meet security and compliance requirements", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Key cfi-bucket-key-f5bc86ea is not rotated every 90 days or less and the next rotation time is in more than 90 days.", - "metadata": { - "event_code": "kms_key_rotation_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "Key cfi-bucket-key-f5bc86ea is not rotated every 90 days or less and the next rotation time is in more than 90 days.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.10" - ], - "ISO27001-2022": [ - "A.5.16", - "A.8.12", - "A.8.24" - ], - "ENS-RD2022": [ - "op.acc.6.r1.gcp.ip.1" - ], - "PCI-4.0": [ - "10.3.3.6", - "3.5.1.1.7", - "3.5.1.1.8", - "3.5.1.1.9", - "3.5.1.3.15", - "3.5.1.3.16", - "3.5.1.3.17", - "3.5.1.5", - "3.5.1.15", - "3.5.1.31", - "3.5.1.32", - "3.6.1.2.7", - "3.6.1.2.8", - "3.6.1.2.9", - "3.6.1.3.8", - "3.6.1.3.9", - "3.6.1.4.7", - "3.6.1.4.8", - "3.6.1.4.9", - "3.6.1.7", - "3.6.1.8", - "3.6.1.9", - "3.7.1.9", - "3.7.1.10", - "3.7.2.8", - "3.7.2.9", - "3.7.4.5", - "3.7.4.9", - "3.7.4.10", - "3.7.5.2", - "3.7.6.7", - "3.7.6.8", - "3.7.6.9", - "3.7.7.8", - "3.7.7.9", - "4.2.1.1.20", - "4.2.1.1.21", - "4.2.1.1.22", - "7.2.1.10", - "7.2.2.10", - "7.2.3.5", - "7.2.3.6", - "7.2.5.5", - "7.2.5.6", - "7.3.1.5", - "7.3.1.6", - "7.3.2.6", - "7.3.3.5", - "7.3.3.6", - "8.2.7.5", - "8.2.7.6", - "8.2.8.8", - "8.3.10.1.1", - "8.3.2.9", - "8.3.2.22", - "8.3.2.50", - "8.3.2.51", - "8.3.4.6", - "8.3.5.1", - "8.3.7.1", - "8.3.9.1", - "8.6.3.1", - "A1.2.1.11" - ], - "CIS-2.0": [ - "1.10" - ], - "NIS2": [ - "9.2.c", - "9.2.c.i", - "9.2.c.ii", - "9.2.c.v", - "9.2.c.vi", - "9.2.c.xii", - "11.4.2.c", - "11.6.1", - "11.6.2.c", - "12.2.2.a", - "12.2.2.b" - ], - "ProwlerThreatScore-1.0": [ - "1.2.4" - ], - "CIS-4.0": [ - "1.10" - ], - "CCC": [ - "CCC.GenAI.CN08.AR01", - "CCC.KeyMgmt.CN03.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR01", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.Core.CN13.AR03", - "CCC.Core.CN02.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04", - "CCC.Core.CN11.AR05", - "CCC.Core.CN11.AR06", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "Ensure KMS keys are rotated within a period of 90 days", - "title": "Ensure KMS keys are rotated within a period of 90 days", - "types": [], - "uid": "prowler-gcp-kms_key_rotation_enabled-nodal-time-474015-p5-us-central1-cfi-bucket-key-f5bc86ea" - }, - "resources": [ - { - "region": "us-central1", - "data": { - "details": "", - "metadata": { - "id": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-f5bc86ea/cryptoKeys/cfi-bucket-key-f5bc86ea", - "name": "cfi-bucket-key-f5bc86ea", - "location": "us-central1", - "rotation_period": null, - "next_rotation_time": null, - "key_ring": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-f5bc86ea", - "members": [], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "cfi-bucket-key-f5bc86ea", - "type": "CryptoKey", - "uid": "projects/nodal-time-474015-p5/locations/us-central1/keyRings/cfi-bucket-keyring-f5bc86ea/cryptoKeys/cfi-bucket-key-f5bc86ea" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-central1" - }, - "remediation": { - "desc": "After a successful key rotation, the older key version is required in order to decrypt the data encrypted by that previous key version.", - "references": [ - "https://cloud.google.com/iam/docs/manage-access-service-accounts" - ] - }, - "risk_details": "Ensure that all your Cloud Key Management Service (KMS) keys are rotated within a period of 90 days in order to meet security and compliance requirements", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There are no log metric filters or alerts associated in project nodal-time-474015-p5.", - "metadata": { - "event_code": "logging_log_metric_filter_and_alert_for_audit_configuration_changes_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "There are no log metric filters or alerts associated in project nodal-time-474015-p5.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "2.5" - ], - "SOC2": [ - "cc_2_1", - "cc_5_2", - "cc_7_2", - "cc_7_3", - "cc_7_4", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "ENS-RD2022": [ - "op.exp.1.r2.gcp.cai.1", - "op.exp.4.r4.gcp.log.1", - "op.mon.3.r6.gcp.scc.1" - ], - "PCI-4.0": [ - "10.2.1.1.7", - "10.2.1.1.10", - "10.2.1.1.20", - "10.2.1.1.36", - "10.2.1.2.7", - "10.2.1.2.8", - "10.2.1.3.7", - "10.2.1.3.8", - "10.2.1.3.17", - "10.2.1.4.7", - "10.2.1.4.8", - "10.2.1.5.7", - "10.2.1.6.7", - "10.2.1.7.7", - "10.2.1.7", - "10.2.1.17", - "10.2.1.18", - "10.2.2.7", - "10.2.2.8", - "10.2.2.15", - "10.2.2.18", - "10.3.1.7", - "10.3.1.8", - "10.3.2.2", - "10.3.3.4", - "10.3.4.3", - "10.3.4.6", - "10.5.1.3", - "10.6.3.7", - "10.6.3.10", - "10.6.3.22", - "10.6.3.24", - "10.6.3.41", - "11.5.2.4", - "11.6.1.4", - "12.10.5.3", - "12.10.5.4", - "5.3.4.8", - "5.3.4.20", - "5.3.4.21", - "A1.2.1.7", - "A1.2.1.8", - "A1.2.1.12", - "A3.3.1.6", - "A3.5.1.6" - ], - "MITRE-ATTACK": [ - "T1485", - "T1499", - "T1496" - ], - "CIS-2.0": [ - "2.5" - ], - "NIS2": [ - "1.1.2", - "2.1.2.h", - "2.2.1", - "3.2.1", - "3.2.3.b", - "3.2.3.f", - "3.2.4", - "3.4.1", - "3.6.2", - "6.4.1", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "1.3.5" - ], - "CIS-4.0": [ - "2.5" - ], - "CCC": [ - "CCC.AuditLog.CN01.AR01", - "CCC.AuditLog.CN01.AR02", - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN03.AR02", - "CCC.DataWar.CN03.AR01", - "CCC.GenAI.CN03.AR01", - "CCC.LB.CN01.AR01", - "CCC.LB.CN05.AR01", - "CCC.LB.CN09.AR01", - "CCC.Logging.CN06.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Monitor.CN02.AR01", - "CCC.Monitor.CN05.AR01", - "CCC.Vector.CN05.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR02", - "CCC.Core.CN04.AR03", - "CCC.Core.CN07.AR01", - "CCC.Core.CN07.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "Ensure That the Log Metric Filter and Alerts Exist for Audit Configuration Changes.", - "title": "Ensure That the Log Metric Filter and Alerts Exist for Audit Configuration Changes.", - "types": [], - "uid": "prowler-gcp-logging_log_metric_filter_and_alert_for_audit_configuration_changes_enabled-nodal-time-474015-p5-global-My First Project" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "number": 784623368087, - "id": "nodal-time-474015-p5", - "name": "My First Project", - "organization": null, - "labels": {}, - "lifecycle_state": "ACTIVE" - } - }, - "group": { - "name": "logging" - }, - "labels": [], - "name": "My First Project", - "type": "MetricFilter", - "uid": "nodal-time-474015-p5" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "By using Google Cloud alerting policies to detect audit configuration changes, you make sure that the recommended state of audit configuration is well maintained so that all the activities performed within your GCP project are available for security analysis and auditing at any point in time.", - "references": [ - "https://cloud.google.com/monitoring/alerts" - ] - }, - "risk_details": "Admin Activity audit logs and Data Access audit logs produced by the Google Cloud Audit Logs service can be extremely useful for security analysis, resource change tracking, and compliance auditing.", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There are no log metric filters or alerts associated in project nodal-time-474015-p5.", - "metadata": { - "event_code": "logging_log_metric_filter_and_alert_for_bucket_permission_changes_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "There are no log metric filters or alerts associated in project nodal-time-474015-p5.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "2.10" - ], - "SOC2": [ - "cc_2_1", - "cc_3_3", - "cc_5_2", - "cc_7_2", - "cc_7_3", - "cc_7_4", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "ENS-RD2022": [ - "op.exp.1.r2.gcp.cai.1" - ], - "PCI-4.0": [ - "10.2.1.1.7", - "10.2.1.1.9", - "10.2.1.1.30", - "10.2.1.2.7", - "10.2.1.2.27", - "10.2.1.3.7", - "10.2.1.4.27", - "10.2.1.5.7", - "10.2.1.5.27", - "10.2.1.6.7", - "10.2.1.6.27", - "10.2.1.7.7", - "10.2.1.7.27", - "10.2.1.7", - "10.2.1.27", - "10.2.2.7", - "10.2.2.27", - "10.3.1.7", - "10.3.1.27", - "10.4.1.1.2", - "10.4.1.2", - "10.4.2.3", - "10.6.3.7", - "10.6.3.9", - "10.6.3.34", - "10.6.3.41", - "10.7.1.4", - "10.7.2.4", - "11.5.2.5", - "12.10.5.3", - "5.3.4.7", - "5.3.4.32", - "7.2.2.2", - "A1.2.1.7", - "A1.2.1.32", - "A3.3.1.4", - "A3.5.1.4" - ], - "MITRE-ATTACK": [ - "T1485", - "T1499", - "T1496" - ], - "CIS-2.0": [ - "2.10" - ], - "NIS2": [ - "1.1.2", - "2.1.2.h", - "2.2.1", - "3.2.1", - "3.2.3.b", - "3.2.3.f", - "3.2.4", - "3.4.1", - "3.6.2", - "6.2.2.b", - "6.4.1", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.5" - ], - "CIS-4.0": [ - "2.10" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.Logging.CN06.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Monitor.CN02.AR01", - "CCC.Monitor.CN05.AR01", - "CCC.Vector.CN05.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR02", - "CCC.Core.CN04.AR03", - "CCC.Core.CN07.AR01", - "CCC.Core.CN07.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "Ensure That the Log Metric Filter and Alerts Exist for Cloud Storage IAM Permission Changes.", - "title": "Ensure That the Log Metric Filter and Alerts Exist for Cloud Storage IAM Permission Changes.", - "types": [], - "uid": "prowler-gcp-logging_log_metric_filter_and_alert_for_bucket_permission_changes_enabled-nodal-time-474015-p5-global-My First Project" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "number": 784623368087, - "id": "nodal-time-474015-p5", - "name": "My First Project", - "organization": null, - "labels": {}, - "lifecycle_state": "ACTIVE" - } - }, - "group": { - "name": "logging" - }, - "labels": [], - "name": "My First Project", - "type": "MetricFilter", - "uid": "nodal-time-474015-p5" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended that a metric filter and alarm be established for Cloud Storage Bucket IAM changes.", - "references": [ - "https://cloud.google.com/monitoring/alerts" - ] - }, - "risk_details": "Monitoring changes to cloud storage bucket permissions may reduce the time needed to detect and correct permissions on sensitive cloud storage buckets and objects inside the bucket.", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There are no log metric filters or alerts associated in project nodal-time-474015-p5.", - "metadata": { - "event_code": "logging_log_metric_filter_and_alert_for_custom_role_changes_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "There are no log metric filters or alerts associated in project nodal-time-474015-p5.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "2.6" - ], - "SOC2": [ - "cc_2_1", - "cc_5_2", - "cc_7_2", - "cc_7_3", - "cc_7_4", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "ENS-RD2022": [ - "opc.acc.1.r1.gcp.iam.2" - ], - "PCI-4.0": [ - "7.3.1.12", - "7.3.2.13" - ], - "MITRE-ATTACK": [ - "T1485", - "T1499", - "T1496" - ], - "CIS-2.0": [ - "2.6" - ], - "NIS2": [ - "1.1.2", - "2.1.2.h", - "2.2.1", - "3.2.1", - "3.2.3.b", - "3.2.3.d", - "3.2.3.f", - "3.2.4", - "3.4.1", - "3.6.2", - "6.4.1", - "7.2.b", - "11.2.2.e", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "1.3.6" - ], - "CIS-4.0": [ - "2.6" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.LB.CN05.AR01", - "CCC.LB.CN09.AR01", - "CCC.Logging.CN06.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Monitor.CN02.AR01", - "CCC.Monitor.CN05.AR01", - "CCC.Vector.CN05.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR02", - "CCC.Core.CN04.AR03", - "CCC.Core.CN07.AR01", - "CCC.Core.CN07.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "Ensure That the Log Metric Filter and Alerts Exist for Custom Role Changes.", - "title": "Ensure That the Log Metric Filter and Alerts Exist for Custom Role Changes.", - "types": [], - "uid": "prowler-gcp-logging_log_metric_filter_and_alert_for_custom_role_changes_enabled-nodal-time-474015-p5-global-My First Project" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "number": 784623368087, - "id": "nodal-time-474015-p5", - "name": "My First Project", - "organization": null, - "labels": {}, - "lifecycle_state": "ACTIVE" - } - }, - "group": { - "name": "logging" - }, - "labels": [], - "name": "My First Project", - "type": "MetricFilter", - "uid": "nodal-time-474015-p5" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended that a metric filter and alarm be established for changes to Identity and Access Management (IAM) role creation, deletion and updating activities.", - "references": [ - "https://cloud.google.com/monitoring/alerts" - ] - }, - "risk_details": "Google Cloud IAM provides predefined roles that give granular access to specific Google Cloud Platform resources and prevent unwanted access to other resources.", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There are no log metric filters or alerts associated in project nodal-time-474015-p5.", - "metadata": { - "event_code": "logging_log_metric_filter_and_alert_for_project_ownership_changes_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "There are no log metric filters or alerts associated in project nodal-time-474015-p5.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "2.4" - ], - "SOC2": [ - "cc_2_1", - "cc_3_3", - "cc_5_2", - "cc_7_2", - "cc_7_3", - "cc_7_4", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "ENS-RD2022": [ - "opc.acc.1.r1.gcp.iam.2", - "op.acc.3.r1.gcp.iam.1" - ], - "MITRE-ATTACK": [ - "T1485", - "T1499", - "T1496" - ], - "CIS-2.0": [ - "2.4" - ], - "NIS2": [ - "1.1.2", - "2.1.2.h", - "2.2.1", - "3.2.1", - "3.2.3.b", - "3.2.3.f", - "3.2.4", - "3.4.1", - "3.6.2", - "6.4.1", - "7.2.b", - "11.2.2.e", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "1.3.4" - ], - "CIS-4.0": [ - "2.4" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.LB.CN05.AR01", - "CCC.Logging.CN06.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Monitor.CN02.AR01", - "CCC.Monitor.CN05.AR01", - "CCC.Vector.CN05.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR02", - "CCC.Core.CN04.AR03", - "CCC.Core.CN07.AR01", - "CCC.Core.CN07.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "Ensure Log Metric Filter and Alerts Exist for Project Ownership Assignments/Changes.", - "title": "Ensure Log Metric Filter and Alerts Exist for Project Ownership Assignments/Changes.", - "types": [], - "uid": "prowler-gcp-logging_log_metric_filter_and_alert_for_project_ownership_changes_enabled-nodal-time-474015-p5-global-My First Project" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "number": 784623368087, - "id": "nodal-time-474015-p5", - "name": "My First Project", - "organization": null, - "labels": {}, - "lifecycle_state": "ACTIVE" - } - }, - "group": { - "name": "logging" - }, - "labels": [], - "name": "My First Project", - "type": "MetricFilter", - "uid": "nodal-time-474015-p5" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "Using Google Cloud alerting policies to detect ownership assignments/changes will help you maintain the right access permissions for each IAM member created within your project, follow the security principle of least privilege, and prevent any accidental or intentional changes that may lead to unauthorized actions.", - "references": [ - "https://cloud.google.com/monitoring/alerts" - ] - }, - "risk_details": "Project ownership has the highest level of privileges on a GCP project. These privileges include viewer permissions on all GCP services inside the project, permission to modify the state of all GCP services within the project, set up billing and manage roles and permissions for the project and all the resources inside the project.", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There are no log metric filters or alerts associated in project nodal-time-474015-p5.", - "metadata": { - "event_code": "logging_log_metric_filter_and_alert_for_sql_instance_configuration_changes_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "There are no log metric filters or alerts associated in project nodal-time-474015-p5.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "2.11" - ], - "SOC2": [ - "cc_2_1", - "cc_3_3", - "cc_5_2", - "cc_7_2", - "cc_7_3", - "cc_7_4", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "ENS-RD2022": [ - "mp.s.4.r1.gcp.app.1" - ], - "PCI-4.0": [ - "10.2.1.1.9", - "10.2.1.3.22", - "10.2.2.22", - "10.4.2.3", - "10.7.1.4", - "A3.3.1.4" - ], - "MITRE-ATTACK": [ - "T1485", - "T1499", - "T1496" - ], - "CIS-2.0": [ - "2.11" - ], - "NIS2": [ - "1.1.2", - "2.1.2.h", - "2.2.1", - "3.2.1", - "3.2.3.b", - "3.2.3.f", - "3.2.4", - "3.4.1", - "3.6.2", - "6.4.1", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.6" - ], - "CIS-4.0": [ - "2.11" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.LB.CN09.AR01", - "CCC.Logging.CN06.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Monitor.CN02.AR01", - "CCC.Monitor.CN05.AR01", - "CCC.Vector.CN05.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR02", - "CCC.Core.CN04.AR03", - "CCC.Core.CN07.AR01", - "CCC.Core.CN07.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "Ensure That the Log Metric Filter and Alerts Exist for SQL Instance Configuration Changes.", - "title": "Ensure That the Log Metric Filter and Alerts Exist for SQL Instance Configuration Changes.", - "types": [], - "uid": "prowler-gcp-logging_log_metric_filter_and_alert_for_sql_instance_configuration_changes_enabled-nodal-time-474015-p5-global-My First Project" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "number": 784623368087, - "id": "nodal-time-474015-p5", - "name": "My First Project", - "organization": null, - "labels": {}, - "lifecycle_state": "ACTIVE" - } - }, - "group": { - "name": "logging" - }, - "labels": [], - "name": "My First Project", - "type": "MetricFilter", - "uid": "nodal-time-474015-p5" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended that a metric filter and alarm be established for SQL instance configuration changes.", - "references": [ - "https://cloud.google.com/monitoring/alerts" - ] - }, - "risk_details": "Monitoring changes to SQL instance configuration changes may reduce the time needed to detect and correct misconfigurations done on the SQL server.", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There are no log metric filters or alerts associated in project nodal-time-474015-p5.", - "metadata": { - "event_code": "logging_log_metric_filter_and_alert_for_vpc_firewall_rule_changes_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "There are no log metric filters or alerts associated in project nodal-time-474015-p5.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "2.7" - ], - "SOC2": [ - "cc_2_1", - "cc_5_2", - "cc_7_2", - "cc_7_3", - "cc_7_4", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "ENS-RD2022": [ - "op.exp.8.gcp.nt.1", - "op.exp.8.r1.gcp.nt.1" - ], - "PCI-4.0": [ - "1.3.2.27", - "10.2.1.1.9", - "10.2.1.1.24", - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.21", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.21", - "10.3.1.29", - "10.4.1.1.7", - "10.4.2.7", - "10.6.3.14", - "10.6.3.26", - "10.6.3.39", - "10.6.3.41", - "10.7.1.4", - "10.7.1.8", - "5.3.4.8", - "5.3.4.24", - "5.3.4.34", - "A1.2.1.25", - "A1.2.1.34" - ], - "MITRE-ATTACK": [ - "T1485", - "T1499", - "T1496" - ], - "CIS-2.0": [ - "2.7" - ], - "NIS2": [ - "1.1.2", - "2.1.2.g", - "2.1.2.h", - "2.2.1", - "3.2.1", - "3.2.3.b", - "3.2.3.f", - "3.2.3.g", - "3.2.4", - "3.4.1", - "3.6.2", - "6.4.1", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.2" - ], - "CIS-4.0": [ - "2.7" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.LB.CN01.AR01", - "CCC.LB.CN05.AR01", - "CCC.LB.CN09.AR01", - "CCC.Logging.CN06.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Monitor.CN02.AR01", - "CCC.Monitor.CN05.AR01", - "CCC.Vector.CN05.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR02", - "CCC.Core.CN04.AR03", - "CCC.Core.CN07.AR01", - "CCC.Core.CN07.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "Ensure That the Log Metric Filter and Alerts Exist for VPC Network Firewall Rule Changes.", - "title": "Ensure That the Log Metric Filter and Alerts Exist for VPC Network Firewall Rule Changes.", - "types": [], - "uid": "prowler-gcp-logging_log_metric_filter_and_alert_for_vpc_firewall_rule_changes_enabled-nodal-time-474015-p5-global-My First Project" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "number": 784623368087, - "id": "nodal-time-474015-p5", - "name": "My First Project", - "organization": null, - "labels": {}, - "lifecycle_state": "ACTIVE" - } - }, - "group": { - "name": "logging" - }, - "labels": [], - "name": "My First Project", - "type": "MetricFilter", - "uid": "nodal-time-474015-p5" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended that a metric filter and alarm be established for Virtual Private Cloud (VPC) Network Firewall rule changes.", - "references": [ - "https://cloud.google.com/monitoring/alerts" - ] - }, - "risk_details": "Monitoring for Create or Update Firewall rule events gives insight to network access changes and may reduce the time it takes to detect suspicious activity.", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There are no log metric filters or alerts associated in project nodal-time-474015-p5.", - "metadata": { - "event_code": "logging_log_metric_filter_and_alert_for_vpc_network_changes_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "There are no log metric filters or alerts associated in project nodal-time-474015-p5.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "2.9" - ], - "SOC2": [ - "cc_2_1", - "cc_3_3", - "cc_5_2", - "cc_7_2", - "cc_7_3", - "cc_7_4", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.8.gcp.nt.1", - "op.exp.8.r1.gcp.nt.1", - "mp.com.4.r4.gcp.net.1" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.21", - "10.2.1.2.29", - "10.2.1.3.21", - "10.2.1.3.29", - "10.2.1.4.21", - "10.2.1.4.29", - "10.2.1.5.21", - "10.2.1.5.29", - "10.2.1.6.21", - "10.2.1.6.29", - "10.2.1.7.29", - "10.2.1.21", - "10.2.1.29", - "10.2.2.21", - "10.2.2.29", - "10.3.1.29", - "10.6.3.26", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.34" - ], - "MITRE-ATTACK": [ - "T1485", - "T1499", - "T1496" - ], - "CIS-2.0": [ - "2.9" - ], - "NIS2": [ - "1.1.2", - "2.1.2.e", - "2.1.2.g", - "2.1.2.h", - "2.2.1", - "2.3.1", - "3.2.1", - "3.2.3.b", - "3.2.3.f", - "3.2.4", - "3.4.1", - "3.6.2", - "6.4.1", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.4" - ], - "CIS-4.0": [ - "2.9" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.LB.CN01.AR01", - "CCC.LB.CN04.AR01", - "CCC.LB.CN05.AR01", - "CCC.LB.CN09.AR01", - "CCC.Logging.CN06.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Monitor.CN02.AR01", - "CCC.Monitor.CN05.AR01", - "CCC.Vector.CN05.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR02", - "CCC.Core.CN04.AR03", - "CCC.Core.CN07.AR01", - "CCC.Core.CN07.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "Ensure That the Log Metric Filter and Alerts Exist for VPC Network Changes.", - "title": "Ensure That the Log Metric Filter and Alerts Exist for VPC Network Changes.", - "types": [], - "uid": "prowler-gcp-logging_log_metric_filter_and_alert_for_vpc_network_changes_enabled-nodal-time-474015-p5-global-My First Project" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "number": 784623368087, - "id": "nodal-time-474015-p5", - "name": "My First Project", - "organization": null, - "labels": {}, - "lifecycle_state": "ACTIVE" - } - }, - "group": { - "name": "logging" - }, - "labels": [], - "name": "My First Project", - "type": "MetricFilter", - "uid": "nodal-time-474015-p5" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended that a metric filter and alarm be established for Virtual Private Cloud (VPC) network changes.", - "references": [ - "https://cloud.google.com/monitoring/alerts" - ] - }, - "risk_details": "Monitoring changes to a VPC will help ensure VPC traffic flow is not getting impacted.", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There are no log metric filters or alerts associated in project nodal-time-474015-p5.", - "metadata": { - "event_code": "logging_log_metric_filter_and_alert_for_vpc_network_route_changes_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "There are no log metric filters or alerts associated in project nodal-time-474015-p5.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "2.8" - ], - "SOC2": [ - "cc_2_1", - "cc_3_3", - "cc_5_2", - "cc_7_2", - "cc_7_3", - "cc_7_4", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "ENS-RD2022": [ - "op.exp.8.gcp.nt.1", - "op.exp.8.r1.gcp.nt.1" - ], - "PCI-4.0": [ - "1.5.1.18", - "10.2.1.5.21", - "10.2.1.21" - ], - "MITRE-ATTACK": [ - "T1485", - "T1499", - "T1496" - ], - "CIS-2.0": [ - "2.8" - ], - "NIS2": [ - "1.1.2", - "2.1.2.e", - "2.1.2.g", - "2.1.2.h", - "2.2.1", - "2.3.1", - "3.2.1", - "3.2.3.b", - "3.2.3.f", - "3.2.4", - "3.4.1", - "3.6.2", - "6.4.1", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.3" - ], - "CIS-4.0": [ - "2.8" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.LB.CN01.AR01", - "CCC.LB.CN04.AR01", - "CCC.LB.CN05.AR01", - "CCC.LB.CN09.AR01", - "CCC.Logging.CN06.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Monitor.CN02.AR01", - "CCC.Monitor.CN05.AR01", - "CCC.Vector.CN05.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR02", - "CCC.Core.CN04.AR03", - "CCC.Core.CN07.AR01", - "CCC.Core.CN07.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "Ensure That the Log Metric Filter and Alerts Exist for VPC Network Route Changes.", - "title": "Ensure That the Log Metric Filter and Alerts Exist for VPC Network Route Changes.", - "types": [], - "uid": "prowler-gcp-logging_log_metric_filter_and_alert_for_vpc_network_route_changes_enabled-nodal-time-474015-p5-global-My First Project" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "number": 784623368087, - "id": "nodal-time-474015-p5", - "name": "My First Project", - "organization": null, - "labels": {}, - "lifecycle_state": "ACTIVE" - } - }, - "group": { - "name": "logging" - }, - "labels": [], - "name": "My First Project", - "type": "MetricFilter", - "uid": "nodal-time-474015-p5" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended that a metric filter and alarm be established for Virtual Private Cloud (VPC) network route changes.", - "references": [ - "https://cloud.google.com/monitoring/alerts" - ] - }, - "risk_details": "Monitoring changes to route tables will help ensure that all VPC traffic flows through an expected path.", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There are no logging sinks to export copies of all the log entries in project nodal-time-474015-p5.", - "metadata": { - "event_code": "logging_sink_created", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "There are no logging sinks to export copies of all the log entries in project nodal-time-474015-p5.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_2_1", - "cc_5_2", - "cc_7_2", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "ENS-RD2022": [ - "op.exp.8.r5.gcp.cl.1", - "op.ext.3.gcp.log.2" - ], - "PCI-4.0": [ - "10.5.1.3", - "11.5.2.4", - "12.10.5.4", - "A3.3.1.6", - "A3.5.1.6" - ], - "MITRE-ATTACK": [ - "T1562", - "T1049" - ], - "CIS-2.0": [ - "2.2" - ], - "NIS2": [ - "2.1.2.h", - "3.2.1", - "3.2.5", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "CCC": [ - "CCC.AuditLog.CN01.AR01", - "CCC.AuditLog.CN01.AR02", - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN03.AR02", - "CCC.AuditLog.CN04.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.AuditLog.CN06.AR01", - "CCC.AuditLog.CN07.AR01", - "CCC.DataWar.CN03.AR01", - "CCC.GenAI.CN03.AR01", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.LB.CN01.AR01", - "CCC.LB.CN01.AR02", - "CCC.LB.CN06.AR01", - "CCC.LB.CN04.AR01", - "CCC.LB.CN05.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Logging.CN05.AR01", - "CCC.Logging.CN06.AR01", - "CCC.ObjStor.CN06.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Monitor.CN02.AR01", - "CCC.Monitor.CN05.AR01", - "CCC.Vector.CN05.AR01", - "CCC.Core.CN09.AR01", - "CCC.Core.CN09.AR02", - "CCC.Core.CN09.AR03", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR02", - "CCC.Core.CN04.AR03", - "CCC.Core.CN07.AR01", - "CCC.Core.CN07.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "Ensure there is at least one sink used to export copies of all the log entries.", - "title": "Ensure there is at least one sink used to export copies of all the log entries.", - "types": [], - "uid": "prowler-gcp-logging_sink_created-nodal-time-474015-p5-global-My First Project" - }, - "resources": [ - { - "region": "global", - "data": { - "details": "", - "metadata": { - "number": 784623368087, - "id": "nodal-time-474015-p5", - "name": "My First Project", - "organization": null, - "labels": {}, - "lifecycle_state": "ACTIVE" - } - }, - "group": { - "name": "logging" - }, - "labels": [], - "name": "My First Project", - "type": "Sink", - "uid": "nodal-time-474015-p5" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "global" - }, - "remediation": { - "desc": "It is recommended to create a sink that will export copies of all the log entries. This can help aggregate logs from multiple projects and export them to a Security Information and Event Management (SIEM).", - "references": [ - "https://cloud.google.com/logging/docs/export" - ] - }, - "risk_details": "If sinks are not created, logs would be deleted after the configured retention period, and would not be backed up.", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - } -] diff --git a/website/src/data/test-results/finos-labs-ccc-cfi-compliance/gcp-sql-database/results/gcp-sql-database-delta.ocsf.json b/website/src/data/test-results/finos-labs-ccc-cfi-compliance/gcp-sql-database/results/gcp-sql-database-delta.ocsf.json deleted file mode 100644 index 99012805..00000000 --- a/website/src/data/test-results/finos-labs-ccc-cfi-compliance/gcp-sql-database/results/gcp-sql-database-delta.ocsf.json +++ /dev/null @@ -1,4076 +0,0 @@ -[ - { - "message": "Database Instance tf-pg-psc-81f580c4 has automated backups configured.", - "metadata": { - "event_code": "cloudsql_instance_automated_backups", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Database Instance tf-pg-psc-81f580c4 has automated backups configured.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "6.7" - ], - "SOC2": [ - "cc_7_4", - "cc_7_5" - ], - "ISO27001-2022": [ - "A.8.13" - ], - "ENS-RD2022": [ - "mp.info.6.gcp.bk.1", - "mp.info.6.r2.gcp.bk.1" - ], - "PCI-4.0": [ - "1.5.1.27", - "10.3.2.16", - "10.3.3.1", - "10.3.3.8", - "10.3.3.14", - "10.3.3.20", - "10.3.3.21", - "3.5.1.3.21", - "3.5.1.22", - "3.5.1.23", - "3.5.1.26", - "3.5.1.27", - "6.3.3.10", - "8.3.2.38", - "8.3.2.43", - "8.3.2.44", - "A1.1.2.12", - "A3.4.1.14" - ], - "CIS-2.0": [ - "6.7" - ], - "NIS2": [ - "4.1.1", - "4.1.2.f", - "4.1.2.g", - "4.1.4", - "4.2.2.b", - "4.2.2.e", - "12.1.2.c" - ], - "CIS-4.0": [ - "6.7" - ], - "CCC": [ - "CCC.Core.CN08.AR01", - "CCC.Core.CN14.AR01", - "CCC.Core.CN14.AR02", - "CCC.Core.CN14.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "Ensure That Cloud SQL Database Instances Are Configured With Automated Backups", - "title": "Ensure That Cloud SQL Database Instances Are Configured With Automated Backups", - "types": [], - "uid": "prowler-gcp-cloudsql_instance_automated_backups-nodal-time-474015-p5-us-central1-tf-pg-psc-81f580c4" - }, - "resources": [ - { - "region": "us-central1", - "data": { - "details": "", - "metadata": { - "name": "tf-pg-psc-81f580c4", - "version": "POSTGRES_15", - "ip_addresses": [], - "region": "us-central1", - "public_ip": false, - "authorized_networks": [], - "require_ssl": false, - "ssl_mode": "ALLOW_UNENCRYPTED_AND_ENCRYPTED", - "automated_backups": true, - "flags": [ - { - "name": "autovacuum", - "value": "off" - } - ], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "cloudsql" - }, - "labels": [], - "name": "tf-pg-psc-81f580c4", - "type": "DatabaseInstance", - "uid": "tf-pg-psc-81f580c4" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-central1" - }, - "remediation": { - "desc": "It is recommended to have all SQL database instances set to enable automated backups.", - "references": [ - "https://cloud.google.com/sql/docs/postgres/configure-ssl-instance/" - ] - }, - "risk_details": "Backups provide a way to restore a Cloud SQL instance to recover lost data or recover from a problem with that instance. Automated backups need to be set for any instance that contains data that should be protected from loss or damage. This recommendation is applicable for SQL Server, PostgreSql, MySql generation 1 and MySql generation 2 instances.", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Database Instance tf-pg-psc-81f580c4-replica-test-psc0 does not have automated backups configured.", - "metadata": { - "event_code": "cloudsql_instance_automated_backups", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Database Instance tf-pg-psc-81f580c4-replica-test-psc0 does not have automated backups configured.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "6.7" - ], - "SOC2": [ - "cc_7_4", - "cc_7_5" - ], - "ISO27001-2022": [ - "A.8.13" - ], - "ENS-RD2022": [ - "mp.info.6.gcp.bk.1", - "mp.info.6.r2.gcp.bk.1" - ], - "PCI-4.0": [ - "1.5.1.27", - "10.3.2.16", - "10.3.3.1", - "10.3.3.8", - "10.3.3.14", - "10.3.3.20", - "10.3.3.21", - "3.5.1.3.21", - "3.5.1.22", - "3.5.1.23", - "3.5.1.26", - "3.5.1.27", - "6.3.3.10", - "8.3.2.38", - "8.3.2.43", - "8.3.2.44", - "A1.1.2.12", - "A3.4.1.14" - ], - "CIS-2.0": [ - "6.7" - ], - "NIS2": [ - "4.1.1", - "4.1.2.f", - "4.1.2.g", - "4.1.4", - "4.2.2.b", - "4.2.2.e", - "12.1.2.c" - ], - "CIS-4.0": [ - "6.7" - ], - "CCC": [ - "CCC.Core.CN08.AR01", - "CCC.Core.CN14.AR01", - "CCC.Core.CN14.AR02", - "CCC.Core.CN14.AR02" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "Ensure That Cloud SQL Database Instances Are Configured With Automated Backups", - "title": "Ensure That Cloud SQL Database Instances Are Configured With Automated Backups", - "types": [], - "uid": "prowler-gcp-cloudsql_instance_automated_backups-nodal-time-474015-p5-us-central1-tf-pg-psc-81f580c4-replica-test-psc0" - }, - "resources": [ - { - "region": "us-central1", - "data": { - "details": "", - "metadata": { - "name": "tf-pg-psc-81f580c4-replica-test-psc0", - "version": "POSTGRES_15", - "ip_addresses": [], - "region": "us-central1", - "public_ip": false, - "authorized_networks": [], - "require_ssl": false, - "ssl_mode": "ALLOW_UNENCRYPTED_AND_ENCRYPTED", - "automated_backups": false, - "flags": [ - { - "name": "autovacuum", - "value": "off" - } - ], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "cloudsql" - }, - "labels": [], - "name": "tf-pg-psc-81f580c4-replica-test-psc0", - "type": "DatabaseInstance", - "uid": "tf-pg-psc-81f580c4-replica-test-psc0" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-central1" - }, - "remediation": { - "desc": "It is recommended to have all SQL database instances set to enable automated backups.", - "references": [ - "https://cloud.google.com/sql/docs/postgres/configure-ssl-instance/" - ] - }, - "risk_details": "Backups provide a way to restore a Cloud SQL instance to recover lost data or recover from a problem with that instance. Automated backups need to be set for any instance that contains data that should be protected from loss or damage. This recommendation is applicable for SQL Server, PostgreSql, MySql generation 1 and MySql generation 2 instances.", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "PostgreSQL Instance tf-pg-psc-81f580c4 does not have 'cloudsql.enable_pgaudit' flag set to 'on'.", - "metadata": { - "event_code": "cloudsql_instance_postgres_enable_pgaudit_flag", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "PostgreSQL Instance tf-pg-psc-81f580c4 does not have 'cloudsql.enable_pgaudit' flag set to 'on'.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "6.2.8" - ], - "PCI-4.0": [ - "10.2.2.8", - "10.3.1.8", - "10.3.2.2" - ], - "CIS-2.0": [ - "6.2.8" - ], - "ProwlerThreatScore-1.0": [ - "3.1.15" - ], - "CIS-4.0": [ - "6.2.8" - ], - "CCC": [ - "CCC.DataWar.CN03.AR01" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "Ensure That 'cloudsql.enable_pgaudit' Database Flag for each Cloud Sql Postgresql Instance Is Set to 'on' For Centralized Logging", - "title": "Ensure That 'cloudsql.enable_pgaudit' Database Flag for each Cloud Sql Postgresql Instance Is Set to 'on' For Centralized Logging", - "types": [], - "uid": "prowler-gcp-cloudsql_instance_postgres_enable_pgaudit_flag-nodal-time-474015-p5-us-central1-tf-pg-psc-81f580c4" - }, - "resources": [ - { - "region": "us-central1", - "data": { - "details": "", - "metadata": { - "name": "tf-pg-psc-81f580c4", - "version": "POSTGRES_15", - "ip_addresses": [], - "region": "us-central1", - "public_ip": false, - "authorized_networks": [], - "require_ssl": false, - "ssl_mode": "ALLOW_UNENCRYPTED_AND_ENCRYPTED", - "automated_backups": true, - "flags": [ - { - "name": "autovacuum", - "value": "off" - } - ], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "cloudsql" - }, - "labels": [], - "name": "tf-pg-psc-81f580c4", - "type": "DatabaseInstance", - "uid": "tf-pg-psc-81f580c4" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-central1" - }, - "remediation": { - "desc": "As numerous other recommendations in this section consist of turning on flags for logging purposes, your organization will need a way to manage these logs. You may have a solution already in place. If you do not, consider installing and enabling the open source pgaudit extension within PostgreSQL and enabling its corresponding flag of cloudsql.enable_pgaudit. This flag and installing the extension enables database auditing in PostgreSQL through the open-source pgAudit extension. This extension provides detailed session and object logging to comply with government, financial, & ISO standards and provides auditing capabilities to mitigate threats by monitoring security events on the instance. Enabling the flag and settings later in this recommendation will send these logs to Google Logs Explorer so that you can access them in a central location.", - "references": [ - "https://cloud.google.com/sql/docs/postgres/flags" - ] - }, - "risk_details": "Ensure cloudsql.enable_pgaudit database flag for Cloud SQL PostgreSQL instance is set to on to allow for centralized logging.", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "PostgreSQL Instance tf-pg-psc-81f580c4-replica-test-psc0 does not have 'cloudsql.enable_pgaudit' flag set to 'on'.", - "metadata": { - "event_code": "cloudsql_instance_postgres_enable_pgaudit_flag", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "PostgreSQL Instance tf-pg-psc-81f580c4-replica-test-psc0 does not have 'cloudsql.enable_pgaudit' flag set to 'on'.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "6.2.8" - ], - "PCI-4.0": [ - "10.2.2.8", - "10.3.1.8", - "10.3.2.2" - ], - "CIS-2.0": [ - "6.2.8" - ], - "ProwlerThreatScore-1.0": [ - "3.1.15" - ], - "CIS-4.0": [ - "6.2.8" - ], - "CCC": [ - "CCC.DataWar.CN03.AR01" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "Ensure That 'cloudsql.enable_pgaudit' Database Flag for each Cloud Sql Postgresql Instance Is Set to 'on' For Centralized Logging", - "title": "Ensure That 'cloudsql.enable_pgaudit' Database Flag for each Cloud Sql Postgresql Instance Is Set to 'on' For Centralized Logging", - "types": [], - "uid": "prowler-gcp-cloudsql_instance_postgres_enable_pgaudit_flag-nodal-time-474015-p5-us-central1-tf-pg-psc-81f580c4-replica-test-psc0" - }, - "resources": [ - { - "region": "us-central1", - "data": { - "details": "", - "metadata": { - "name": "tf-pg-psc-81f580c4-replica-test-psc0", - "version": "POSTGRES_15", - "ip_addresses": [], - "region": "us-central1", - "public_ip": false, - "authorized_networks": [], - "require_ssl": false, - "ssl_mode": "ALLOW_UNENCRYPTED_AND_ENCRYPTED", - "automated_backups": false, - "flags": [ - { - "name": "autovacuum", - "value": "off" - } - ], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "cloudsql" - }, - "labels": [], - "name": "tf-pg-psc-81f580c4-replica-test-psc0", - "type": "DatabaseInstance", - "uid": "tf-pg-psc-81f580c4-replica-test-psc0" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-central1" - }, - "remediation": { - "desc": "As numerous other recommendations in this section consist of turning on flags for logging purposes, your organization will need a way to manage these logs. You may have a solution already in place. If you do not, consider installing and enabling the open source pgaudit extension within PostgreSQL and enabling its corresponding flag of cloudsql.enable_pgaudit. This flag and installing the extension enables database auditing in PostgreSQL through the open-source pgAudit extension. This extension provides detailed session and object logging to comply with government, financial, & ISO standards and provides auditing capabilities to mitigate threats by monitoring security events on the instance. Enabling the flag and settings later in this recommendation will send these logs to Google Logs Explorer so that you can access them in a central location.", - "references": [ - "https://cloud.google.com/sql/docs/postgres/flags" - ] - }, - "risk_details": "Ensure cloudsql.enable_pgaudit database flag for Cloud SQL PostgreSQL instance is set to on to allow for centralized logging.", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "PostgreSQL Instance tf-pg-psc-81f580c4 does not have 'log_connections' flag set to 'on'.", - "metadata": { - "event_code": "cloudsql_instance_postgres_log_connections_flag", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "PostgreSQL Instance tf-pg-psc-81f580c4 does not have 'log_connections' flag set to 'on'.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "6.2.2" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16" - ], - "ENS-RD2022": [ - "op.ext.4.gcp.acc.1" - ], - "PCI-4.0": [ - "10.2.1.1.12", - "10.2.1.1.23", - "10.2.1.1.25", - "10.2.1.1.26", - "10.2.1.2.20", - "10.2.1.2.22", - "10.2.1.2.23", - "10.2.1.3.22", - "10.2.1.3.23", - "10.2.1.4.20", - "10.2.1.4.22", - "10.2.1.4.23", - "10.2.1.5.20", - "10.2.1.5.22", - "10.2.1.5.23", - "10.2.1.6.20", - "10.2.1.6.22", - "10.2.1.6.23", - "10.2.1.7.20", - "10.2.1.7.22", - "10.2.1.7.23", - "10.2.1.10", - "10.2.1.22", - "10.2.1.23", - "10.2.2.22", - "10.2.2.23", - "10.3.1.10", - "10.3.1.22", - "10.3.1.23", - "10.3.3.4", - "10.6.3.25", - "10.6.3.28", - "10.6.3.29", - "5.3.4.23", - "5.3.4.27", - "5.3.4.28", - "A1.2.1.26", - "A1.2.1.27" - ], - "CIS-2.0": [ - "6.2.2" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.2.3.d", - "3.2.3.e", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.9" - ], - "CIS-4.0": [ - "6.2.2" - ], - "CCC": [ - "CCC.DataWar.CN03.AR01" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "Ensure That the Log_connections Database Flag for Cloud SQL PostgreSQL Instance Is Set to On", - "title": "Ensure That the Log_connections Database Flag for Cloud SQL PostgreSQL Instance Is Set to On", - "types": [], - "uid": "prowler-gcp-cloudsql_instance_postgres_log_connections_flag-nodal-time-474015-p5-us-central1-tf-pg-psc-81f580c4" - }, - "resources": [ - { - "region": "us-central1", - "data": { - "details": "", - "metadata": { - "name": "tf-pg-psc-81f580c4", - "version": "POSTGRES_15", - "ip_addresses": [], - "region": "us-central1", - "public_ip": false, - "authorized_networks": [], - "require_ssl": false, - "ssl_mode": "ALLOW_UNENCRYPTED_AND_ENCRYPTED", - "automated_backups": true, - "flags": [ - { - "name": "autovacuum", - "value": "off" - } - ], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "cloudsql" - }, - "labels": [], - "name": "tf-pg-psc-81f580c4", - "type": "DatabaseInstance", - "uid": "tf-pg-psc-81f580c4" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-central1" - }, - "remediation": { - "desc": "PostgreSQL does not log attempted connections by default. Enabling the log_connections setting will create log entries for each attempted connection as well as successful completion of client authentication which can be useful in troubleshooting issues and to determine any unusual connection attempts to the server.", - "references": [ - "https://cloud.google.com/sql/docs/postgres/flags" - ] - }, - "risk_details": "Enabling the log_connections setting causes each attempted connection to the server to be logged, along with successful completion of client authentication. This parameter cannot be changed after the session starts.", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "PostgreSQL Instance tf-pg-psc-81f580c4-replica-test-psc0 does not have 'log_connections' flag set to 'on'.", - "metadata": { - "event_code": "cloudsql_instance_postgres_log_connections_flag", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "PostgreSQL Instance tf-pg-psc-81f580c4-replica-test-psc0 does not have 'log_connections' flag set to 'on'.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "6.2.2" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16" - ], - "ENS-RD2022": [ - "op.ext.4.gcp.acc.1" - ], - "PCI-4.0": [ - "10.2.1.1.12", - "10.2.1.1.23", - "10.2.1.1.25", - "10.2.1.1.26", - "10.2.1.2.20", - "10.2.1.2.22", - "10.2.1.2.23", - "10.2.1.3.22", - "10.2.1.3.23", - "10.2.1.4.20", - "10.2.1.4.22", - "10.2.1.4.23", - "10.2.1.5.20", - "10.2.1.5.22", - "10.2.1.5.23", - "10.2.1.6.20", - "10.2.1.6.22", - "10.2.1.6.23", - "10.2.1.7.20", - "10.2.1.7.22", - "10.2.1.7.23", - "10.2.1.10", - "10.2.1.22", - "10.2.1.23", - "10.2.2.22", - "10.2.2.23", - "10.3.1.10", - "10.3.1.22", - "10.3.1.23", - "10.3.3.4", - "10.6.3.25", - "10.6.3.28", - "10.6.3.29", - "5.3.4.23", - "5.3.4.27", - "5.3.4.28", - "A1.2.1.26", - "A1.2.1.27" - ], - "CIS-2.0": [ - "6.2.2" - ], - "NIS2": [ - "3.2.1", - "3.2.3.a", - "3.2.3.c", - "3.2.3.d", - "3.2.3.e", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.9" - ], - "CIS-4.0": [ - "6.2.2" - ], - "CCC": [ - "CCC.DataWar.CN03.AR01" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "Ensure That the Log_connections Database Flag for Cloud SQL PostgreSQL Instance Is Set to On", - "title": "Ensure That the Log_connections Database Flag for Cloud SQL PostgreSQL Instance Is Set to On", - "types": [], - "uid": "prowler-gcp-cloudsql_instance_postgres_log_connections_flag-nodal-time-474015-p5-us-central1-tf-pg-psc-81f580c4-replica-test-psc0" - }, - "resources": [ - { - "region": "us-central1", - "data": { - "details": "", - "metadata": { - "name": "tf-pg-psc-81f580c4-replica-test-psc0", - "version": "POSTGRES_15", - "ip_addresses": [], - "region": "us-central1", - "public_ip": false, - "authorized_networks": [], - "require_ssl": false, - "ssl_mode": "ALLOW_UNENCRYPTED_AND_ENCRYPTED", - "automated_backups": false, - "flags": [ - { - "name": "autovacuum", - "value": "off" - } - ], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "cloudsql" - }, - "labels": [], - "name": "tf-pg-psc-81f580c4-replica-test-psc0", - "type": "DatabaseInstance", - "uid": "tf-pg-psc-81f580c4-replica-test-psc0" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-central1" - }, - "remediation": { - "desc": "PostgreSQL does not log attempted connections by default. Enabling the log_connections setting will create log entries for each attempted connection as well as successful completion of client authentication which can be useful in troubleshooting issues and to determine any unusual connection attempts to the server.", - "references": [ - "https://cloud.google.com/sql/docs/postgres/flags" - ] - }, - "risk_details": "Enabling the log_connections setting causes each attempted connection to the server to be logged, along with successful completion of client authentication. This parameter cannot be changed after the session starts.", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "PostgreSQL Instance tf-pg-psc-81f580c4 does not have 'log_disconnections' flag set to 'on'.", - "metadata": { - "event_code": "cloudsql_instance_postgres_log_disconnections_flag", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "PostgreSQL Instance tf-pg-psc-81f580c4 does not have 'log_disconnections' flag set to 'on'.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "6.2.3" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16" - ], - "ENS-RD2022": [ - "op.ext.4.gcp.acc.1" - ], - "PCI-4.0": [ - "10.2.1.1.26", - "10.2.1.2.22", - "10.2.1.2.23", - "10.2.1.3.23", - "10.2.1.4.22", - "10.2.1.4.23", - "10.2.1.5.23", - "10.2.1.6.23", - "10.2.1.7.23", - "10.2.1.22", - "10.2.1.23", - "10.2.2.23", - "10.3.1.23", - "10.6.3.29", - "5.3.4.27", - "5.3.4.28", - "A1.2.1.27" - ], - "CIS-2.0": [ - "6.2.3" - ], - "NIS2": [ - "3.2.1", - "3.2.3.d", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.10" - ], - "CIS-4.0": [ - "6.2.3" - ], - "CCC": [ - "CCC.DataWar.CN03.AR01" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "Ensure That the log_disconnections Database Flag for Cloud SQL PostgreSQL Instance Is Set to On", - "title": "Ensure That the log_disconnections Database Flag for Cloud SQL PostgreSQL Instance Is Set to On", - "types": [], - "uid": "prowler-gcp-cloudsql_instance_postgres_log_disconnections_flag-nodal-time-474015-p5-us-central1-tf-pg-psc-81f580c4" - }, - "resources": [ - { - "region": "us-central1", - "data": { - "details": "", - "metadata": { - "name": "tf-pg-psc-81f580c4", - "version": "POSTGRES_15", - "ip_addresses": [], - "region": "us-central1", - "public_ip": false, - "authorized_networks": [], - "require_ssl": false, - "ssl_mode": "ALLOW_UNENCRYPTED_AND_ENCRYPTED", - "automated_backups": true, - "flags": [ - { - "name": "autovacuum", - "value": "off" - } - ], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "cloudsql" - }, - "labels": [], - "name": "tf-pg-psc-81f580c4", - "type": "DatabaseInstance", - "uid": "tf-pg-psc-81f580c4" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-central1" - }, - "remediation": { - "desc": "Enabling the log_disconnections setting logs the end of each session, including the session duration.", - "references": [ - "https://cloud.google.com/sql/docs/postgres/flags" - ] - }, - "risk_details": "PostgreSQL does not log session details such as duration and session end by default. Enabling the log_disconnections setting will create log entries at the end of each session which can be useful in troubleshooting issues and determine any unusual activity across a time period.", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "PostgreSQL Instance tf-pg-psc-81f580c4-replica-test-psc0 does not have 'log_disconnections' flag set to 'on'.", - "metadata": { - "event_code": "cloudsql_instance_postgres_log_disconnections_flag", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "PostgreSQL Instance tf-pg-psc-81f580c4-replica-test-psc0 does not have 'log_disconnections' flag set to 'on'.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "6.2.3" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16" - ], - "ENS-RD2022": [ - "op.ext.4.gcp.acc.1" - ], - "PCI-4.0": [ - "10.2.1.1.26", - "10.2.1.2.22", - "10.2.1.2.23", - "10.2.1.3.23", - "10.2.1.4.22", - "10.2.1.4.23", - "10.2.1.5.23", - "10.2.1.6.23", - "10.2.1.7.23", - "10.2.1.22", - "10.2.1.23", - "10.2.2.23", - "10.3.1.23", - "10.6.3.29", - "5.3.4.27", - "5.3.4.28", - "A1.2.1.27" - ], - "CIS-2.0": [ - "6.2.3" - ], - "NIS2": [ - "3.2.1", - "3.2.3.d", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.10" - ], - "CIS-4.0": [ - "6.2.3" - ], - "CCC": [ - "CCC.DataWar.CN03.AR01" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "Ensure That the log_disconnections Database Flag for Cloud SQL PostgreSQL Instance Is Set to On", - "title": "Ensure That the log_disconnections Database Flag for Cloud SQL PostgreSQL Instance Is Set to On", - "types": [], - "uid": "prowler-gcp-cloudsql_instance_postgres_log_disconnections_flag-nodal-time-474015-p5-us-central1-tf-pg-psc-81f580c4-replica-test-psc0" - }, - "resources": [ - { - "region": "us-central1", - "data": { - "details": "", - "metadata": { - "name": "tf-pg-psc-81f580c4-replica-test-psc0", - "version": "POSTGRES_15", - "ip_addresses": [], - "region": "us-central1", - "public_ip": false, - "authorized_networks": [], - "require_ssl": false, - "ssl_mode": "ALLOW_UNENCRYPTED_AND_ENCRYPTED", - "automated_backups": false, - "flags": [ - { - "name": "autovacuum", - "value": "off" - } - ], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "cloudsql" - }, - "labels": [], - "name": "tf-pg-psc-81f580c4-replica-test-psc0", - "type": "DatabaseInstance", - "uid": "tf-pg-psc-81f580c4-replica-test-psc0" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-central1" - }, - "remediation": { - "desc": "Enabling the log_disconnections setting logs the end of each session, including the session duration.", - "references": [ - "https://cloud.google.com/sql/docs/postgres/flags" - ] - }, - "risk_details": "PostgreSQL does not log session details such as duration and session end by default. Enabling the log_disconnections setting will create log entries at the end of each session which can be useful in troubleshooting issues and determine any unusual activity across a time period.", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "PostgreSQL Instance tf-pg-psc-81f580c4 has 'log_error_verbosity' flag set to 'default'.", - "metadata": { - "event_code": "cloudsql_instance_postgres_log_error_verbosity_flag", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "PostgreSQL Instance tf-pg-psc-81f580c4 has 'log_error_verbosity' flag set to 'default'.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "6.2.1" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16" - ], - "PCI-4.0": [ - "10.2.1.1.12", - "10.2.1.1.23", - "10.2.1.2.20", - "10.2.1.4.20", - "10.2.1.5.20", - "10.2.1.6.20", - "10.2.1.6.22", - "10.2.1.7.10", - "10.2.1.7.20", - "10.2.1.10", - "10.3.1.10", - "10.3.1.22", - "10.6.3.12", - "10.6.3.25", - "5.3.4.23", - "5.3.4.28", - "A1.2.1.26" - ], - "CIS-2.0": [ - "6.2.1" - ], - "NIS2": [ - "3.2.1", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "CIS-4.0": [ - "6.2.1" - ], - "CCC": [ - "CCC.DataWar.CN03.AR01" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "Ensure Log_error_verbosity Database Flag for Cloud SQL PostgreSQL Instance Is Set to DEFAULT or Stricter", - "title": "Ensure Log_error_verbosity Database Flag for Cloud SQL PostgreSQL Instance Is Set to DEFAULT or Stricter", - "types": [], - "uid": "prowler-gcp-cloudsql_instance_postgres_log_error_verbosity_flag-nodal-time-474015-p5-us-central1-tf-pg-psc-81f580c4" - }, - "resources": [ - { - "region": "us-central1", - "data": { - "details": "", - "metadata": { - "name": "tf-pg-psc-81f580c4", - "version": "POSTGRES_15", - "ip_addresses": [], - "region": "us-central1", - "public_ip": false, - "authorized_networks": [], - "require_ssl": false, - "ssl_mode": "ALLOW_UNENCRYPTED_AND_ENCRYPTED", - "automated_backups": true, - "flags": [ - { - "name": "autovacuum", - "value": "off" - } - ], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "cloudsql" - }, - "labels": [], - "name": "tf-pg-psc-81f580c4", - "type": "DatabaseInstance", - "uid": "tf-pg-psc-81f580c4" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-central1" - }, - "remediation": { - "desc": "Auditing helps in troubleshooting operational problems and also permits forensic analysis. If log_error_verbosity is not set to the correct value, too many details or too few details may be logged. This flag should be configured with a value of 'DEFAULT' or stricter. This recommendation is applicable to PostgreSQL database instances.", - "references": [ - "https://cloud.google.com/sql/docs/postgres/flags" - ] - }, - "risk_details": "The log_error_verbosity flag controls the verbosity/details of messages logged.TERSE excludes the logging of DETAIL, HINT, QUERY, and CONTEXT error information. VERBOSE output includes the SQLSTATE error code, source code file name, function name, and line number that generated the error. Ensure an appropriate value is set to 'DEFAULT' or stricter.", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "PostgreSQL Instance tf-pg-psc-81f580c4-replica-test-psc0 has 'log_error_verbosity' flag set to 'default'.", - "metadata": { - "event_code": "cloudsql_instance_postgres_log_error_verbosity_flag", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "PostgreSQL Instance tf-pg-psc-81f580c4-replica-test-psc0 has 'log_error_verbosity' flag set to 'default'.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "6.2.1" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16" - ], - "PCI-4.0": [ - "10.2.1.1.12", - "10.2.1.1.23", - "10.2.1.2.20", - "10.2.1.4.20", - "10.2.1.5.20", - "10.2.1.6.20", - "10.2.1.6.22", - "10.2.1.7.10", - "10.2.1.7.20", - "10.2.1.10", - "10.3.1.10", - "10.3.1.22", - "10.6.3.12", - "10.6.3.25", - "5.3.4.23", - "5.3.4.28", - "A1.2.1.26" - ], - "CIS-2.0": [ - "6.2.1" - ], - "NIS2": [ - "3.2.1", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "CIS-4.0": [ - "6.2.1" - ], - "CCC": [ - "CCC.DataWar.CN03.AR01" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "Ensure Log_error_verbosity Database Flag for Cloud SQL PostgreSQL Instance Is Set to DEFAULT or Stricter", - "title": "Ensure Log_error_verbosity Database Flag for Cloud SQL PostgreSQL Instance Is Set to DEFAULT or Stricter", - "types": [], - "uid": "prowler-gcp-cloudsql_instance_postgres_log_error_verbosity_flag-nodal-time-474015-p5-us-central1-tf-pg-psc-81f580c4-replica-test-psc0" - }, - "resources": [ - { - "region": "us-central1", - "data": { - "details": "", - "metadata": { - "name": "tf-pg-psc-81f580c4-replica-test-psc0", - "version": "POSTGRES_15", - "ip_addresses": [], - "region": "us-central1", - "public_ip": false, - "authorized_networks": [], - "require_ssl": false, - "ssl_mode": "ALLOW_UNENCRYPTED_AND_ENCRYPTED", - "automated_backups": false, - "flags": [ - { - "name": "autovacuum", - "value": "off" - } - ], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "cloudsql" - }, - "labels": [], - "name": "tf-pg-psc-81f580c4-replica-test-psc0", - "type": "DatabaseInstance", - "uid": "tf-pg-psc-81f580c4-replica-test-psc0" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-central1" - }, - "remediation": { - "desc": "Auditing helps in troubleshooting operational problems and also permits forensic analysis. If log_error_verbosity is not set to the correct value, too many details or too few details may be logged. This flag should be configured with a value of 'DEFAULT' or stricter. This recommendation is applicable to PostgreSQL database instances.", - "references": [ - "https://cloud.google.com/sql/docs/postgres/flags" - ] - }, - "risk_details": "The log_error_verbosity flag controls the verbosity/details of messages logged.TERSE excludes the logging of DETAIL, HINT, QUERY, and CONTEXT error information. VERBOSE output includes the SQLSTATE error code, source code file name, function name, and line number that generated the error. Ensure an appropriate value is set to 'DEFAULT' or stricter.", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "PostgreSQL Instance tf-pg-psc-81f580c4 has 'log_min_duration_statement' flag set to '-1'.", - "metadata": { - "event_code": "cloudsql_instance_postgres_log_min_duration_statement_flag", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "PostgreSQL Instance tf-pg-psc-81f580c4 has 'log_min_duration_statement' flag set to '-1'.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "6.2.7" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16" - ], - "CIS-2.0": [ - "6.2.7" - ], - "NIS2": [ - "3.2.1", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.14" - ], - "CIS-4.0": [ - "6.2.7" - ], - "CCC": [ - "CCC.DataWar.CN03.AR01" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "Ensure that the Log_min_duration_statement Flag for a Cloud SQL PostgreSQL Instance Is Set to -1", - "title": "Ensure that the Log_min_duration_statement Flag for a Cloud SQL PostgreSQL Instance Is Set to -1", - "types": [], - "uid": "prowler-gcp-cloudsql_instance_postgres_log_min_duration_statement_flag-nodal-time-474015-p5-us-central1-tf-pg-psc-81f580c4" - }, - "resources": [ - { - "region": "us-central1", - "data": { - "details": "", - "metadata": { - "name": "tf-pg-psc-81f580c4", - "version": "POSTGRES_15", - "ip_addresses": [], - "region": "us-central1", - "public_ip": false, - "authorized_networks": [], - "require_ssl": false, - "ssl_mode": "ALLOW_UNENCRYPTED_AND_ENCRYPTED", - "automated_backups": true, - "flags": [ - { - "name": "autovacuum", - "value": "off" - } - ], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "cloudsql" - }, - "labels": [], - "name": "tf-pg-psc-81f580c4", - "type": "DatabaseInstance", - "uid": "tf-pg-psc-81f580c4" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-central1" - }, - "remediation": { - "desc": "Logging SQL statements may include sensitive information that should not be recorded in logs. This recommendation is applicable to PostgreSQL database instances.", - "references": [ - "https://cloud.google.com/sql/docs/postgres/flags" - ] - }, - "risk_details": "The log_min_duration_statement flag defines the minimum amount of execution time of a statement in milliseconds where the total duration of the statement is logged. Ensure that log_min_duration_statement is disabled, i.e., a value of -1 is set.", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "PostgreSQL Instance tf-pg-psc-81f580c4-replica-test-psc0 has 'log_min_duration_statement' flag set to '-1'.", - "metadata": { - "event_code": "cloudsql_instance_postgres_log_min_duration_statement_flag", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "PostgreSQL Instance tf-pg-psc-81f580c4-replica-test-psc0 has 'log_min_duration_statement' flag set to '-1'.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "6.2.7" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16" - ], - "CIS-2.0": [ - "6.2.7" - ], - "NIS2": [ - "3.2.1", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.14" - ], - "CIS-4.0": [ - "6.2.7" - ], - "CCC": [ - "CCC.DataWar.CN03.AR01" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "Ensure that the Log_min_duration_statement Flag for a Cloud SQL PostgreSQL Instance Is Set to -1", - "title": "Ensure that the Log_min_duration_statement Flag for a Cloud SQL PostgreSQL Instance Is Set to -1", - "types": [], - "uid": "prowler-gcp-cloudsql_instance_postgres_log_min_duration_statement_flag-nodal-time-474015-p5-us-central1-tf-pg-psc-81f580c4-replica-test-psc0" - }, - "resources": [ - { - "region": "us-central1", - "data": { - "details": "", - "metadata": { - "name": "tf-pg-psc-81f580c4-replica-test-psc0", - "version": "POSTGRES_15", - "ip_addresses": [], - "region": "us-central1", - "public_ip": false, - "authorized_networks": [], - "require_ssl": false, - "ssl_mode": "ALLOW_UNENCRYPTED_AND_ENCRYPTED", - "automated_backups": false, - "flags": [ - { - "name": "autovacuum", - "value": "off" - } - ], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "cloudsql" - }, - "labels": [], - "name": "tf-pg-psc-81f580c4-replica-test-psc0", - "type": "DatabaseInstance", - "uid": "tf-pg-psc-81f580c4-replica-test-psc0" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-central1" - }, - "remediation": { - "desc": "Logging SQL statements may include sensitive information that should not be recorded in logs. This recommendation is applicable to PostgreSQL database instances.", - "references": [ - "https://cloud.google.com/sql/docs/postgres/flags" - ] - }, - "risk_details": "The log_min_duration_statement flag defines the minimum amount of execution time of a statement in milliseconds where the total duration of the statement is logged. Ensure that log_min_duration_statement is disabled, i.e., a value of -1 is set.", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "PostgreSQL Instance tf-pg-psc-81f580c4 has 'log_min_error_statement' flag set minimum to 'error'.", - "metadata": { - "event_code": "cloudsql_instance_postgres_log_min_error_statement_flag", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "PostgreSQL Instance tf-pg-psc-81f580c4 has 'log_min_error_statement' flag set minimum to 'error'.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "6.2.6" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16" - ], - "PCI-4.0": [ - "10.2.1.1.12", - "10.2.1.1.23", - "10.2.1.1.25", - "10.2.1.1.26", - "10.2.1.2.20", - "10.2.1.2.22", - "10.2.1.2.23", - "10.2.1.3.23", - "10.2.1.4.10", - "10.2.1.4.20", - "10.2.1.4.22", - "10.2.1.4.23", - "10.2.1.5.10", - "10.2.1.5.20", - "10.2.1.5.22", - "10.2.1.5.23", - "10.2.1.6.20", - "10.2.1.6.22", - "10.2.1.6.23", - "10.2.1.7.10", - "10.2.1.7.20", - "10.2.1.7.22", - "10.2.1.7.23", - "10.2.1.10", - "10.2.1.22", - "10.2.1.23", - "10.2.2.15", - "10.2.2.22", - "10.2.2.23", - "10.3.1.10", - "10.3.1.22", - "10.3.1.23", - "10.3.2.2", - "10.3.3.4", - "10.3.4.3", - "10.6.3.12", - "10.6.3.25", - "10.6.3.28", - "10.6.3.29", - "5.3.4.8", - "5.3.4.23", - "5.3.4.27", - "A1.2.1.26", - "A1.2.1.27" - ], - "CIS-2.0": [ - "6.2.6" - ], - "NIS2": [ - "3.2.1", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.13" - ], - "CIS-4.0": [ - "6.2.6" - ], - "CCC": [ - "CCC.DataWar.CN03.AR01" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "Ensure that the Log_min_error_statement Flag for a Cloud SQL PostgreSQL Instance Is Set Appropriately", - "title": "Ensure that the Log_min_error_statement Flag for a Cloud SQL PostgreSQL Instance Is Set Appropriately", - "types": [], - "uid": "prowler-gcp-cloudsql_instance_postgres_log_min_error_statement_flag-nodal-time-474015-p5-us-central1-tf-pg-psc-81f580c4" - }, - "resources": [ - { - "region": "us-central1", - "data": { - "details": "", - "metadata": { - "name": "tf-pg-psc-81f580c4", - "version": "POSTGRES_15", - "ip_addresses": [], - "region": "us-central1", - "public_ip": false, - "authorized_networks": [], - "require_ssl": false, - "ssl_mode": "ALLOW_UNENCRYPTED_AND_ENCRYPTED", - "automated_backups": true, - "flags": [ - { - "name": "autovacuum", - "value": "off" - } - ], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "cloudsql" - }, - "labels": [], - "name": "tf-pg-psc-81f580c4", - "type": "DatabaseInstance", - "uid": "tf-pg-psc-81f580c4" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-central1" - }, - "remediation": { - "desc": "Auditing helps in troubleshooting operational problems and also permits forensic analysis. If log_min_error_statement is not set to the correct value, messages may not be classified as error messages appropriately. Considering general log messages as error messages would make is difficult to find actual errors and considering only stricter severity levels as error messages may skip actual errors to log their SQL statements. The log_min_error_statement flag should be set to ERROR or stricter.", - "references": [ - "https://cloud.google.com/sql/docs/postgres/flags" - ] - }, - "risk_details": "The log_min_error_statement flag defines the minimum message severity level that are considered as an error statement. Messages for error statements are logged with the SQL statement. Valid values include DEBUG5, DEBUG4, DEBUG3, DEBUG2, DEBUG1, INFO, NOTICE, WARNING, ERROR, LOG, FATAL, and PANIC. Each severity level includes the subsequent levels mentioned above. Ensure a value of ERROR or stricter is set.", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "PostgreSQL Instance tf-pg-psc-81f580c4-replica-test-psc0 has 'log_min_error_statement' flag set minimum to 'error'.", - "metadata": { - "event_code": "cloudsql_instance_postgres_log_min_error_statement_flag", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "PostgreSQL Instance tf-pg-psc-81f580c4-replica-test-psc0 has 'log_min_error_statement' flag set minimum to 'error'.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "6.2.6" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16" - ], - "PCI-4.0": [ - "10.2.1.1.12", - "10.2.1.1.23", - "10.2.1.1.25", - "10.2.1.1.26", - "10.2.1.2.20", - "10.2.1.2.22", - "10.2.1.2.23", - "10.2.1.3.23", - "10.2.1.4.10", - "10.2.1.4.20", - "10.2.1.4.22", - "10.2.1.4.23", - "10.2.1.5.10", - "10.2.1.5.20", - "10.2.1.5.22", - "10.2.1.5.23", - "10.2.1.6.20", - "10.2.1.6.22", - "10.2.1.6.23", - "10.2.1.7.10", - "10.2.1.7.20", - "10.2.1.7.22", - "10.2.1.7.23", - "10.2.1.10", - "10.2.1.22", - "10.2.1.23", - "10.2.2.15", - "10.2.2.22", - "10.2.2.23", - "10.3.1.10", - "10.3.1.22", - "10.3.1.23", - "10.3.2.2", - "10.3.3.4", - "10.3.4.3", - "10.6.3.12", - "10.6.3.25", - "10.6.3.28", - "10.6.3.29", - "5.3.4.8", - "5.3.4.23", - "5.3.4.27", - "A1.2.1.26", - "A1.2.1.27" - ], - "CIS-2.0": [ - "6.2.6" - ], - "NIS2": [ - "3.2.1", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.13" - ], - "CIS-4.0": [ - "6.2.6" - ], - "CCC": [ - "CCC.DataWar.CN03.AR01" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "Ensure that the Log_min_error_statement Flag for a Cloud SQL PostgreSQL Instance Is Set Appropriately", - "title": "Ensure that the Log_min_error_statement Flag for a Cloud SQL PostgreSQL Instance Is Set Appropriately", - "types": [], - "uid": "prowler-gcp-cloudsql_instance_postgres_log_min_error_statement_flag-nodal-time-474015-p5-us-central1-tf-pg-psc-81f580c4-replica-test-psc0" - }, - "resources": [ - { - "region": "us-central1", - "data": { - "details": "", - "metadata": { - "name": "tf-pg-psc-81f580c4-replica-test-psc0", - "version": "POSTGRES_15", - "ip_addresses": [], - "region": "us-central1", - "public_ip": false, - "authorized_networks": [], - "require_ssl": false, - "ssl_mode": "ALLOW_UNENCRYPTED_AND_ENCRYPTED", - "automated_backups": false, - "flags": [ - { - "name": "autovacuum", - "value": "off" - } - ], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "cloudsql" - }, - "labels": [], - "name": "tf-pg-psc-81f580c4-replica-test-psc0", - "type": "DatabaseInstance", - "uid": "tf-pg-psc-81f580c4-replica-test-psc0" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-central1" - }, - "remediation": { - "desc": "Auditing helps in troubleshooting operational problems and also permits forensic analysis. If log_min_error_statement is not set to the correct value, messages may not be classified as error messages appropriately. Considering general log messages as error messages would make is difficult to find actual errors and considering only stricter severity levels as error messages may skip actual errors to log their SQL statements. The log_min_error_statement flag should be set to ERROR or stricter.", - "references": [ - "https://cloud.google.com/sql/docs/postgres/flags" - ] - }, - "risk_details": "The log_min_error_statement flag defines the minimum message severity level that are considered as an error statement. Messages for error statements are logged with the SQL statement. Valid values include DEBUG5, DEBUG4, DEBUG3, DEBUG2, DEBUG1, INFO, NOTICE, WARNING, ERROR, LOG, FATAL, and PANIC. Each severity level includes the subsequent levels mentioned above. Ensure a value of ERROR or stricter is set.", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "PostgreSQL Instance tf-pg-psc-81f580c4 does not have 'log_min_messages' flag set.", - "metadata": { - "event_code": "cloudsql_instance_postgres_log_min_messages_flag", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "PostgreSQL Instance tf-pg-psc-81f580c4 does not have 'log_min_messages' flag set.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "6.2.5" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16" - ], - "PCI-4.0": [ - "10.2.1.1.12", - "10.2.1.1.26", - "10.2.1.2.22", - "10.2.1.2.23", - "10.2.1.3.23", - "10.2.1.4.10", - "10.2.1.4.22", - "10.2.1.4.23", - "10.2.1.5.10", - "10.2.1.5.23", - "10.2.1.6.23", - "10.2.1.7.10", - "10.2.1.7.20", - "10.2.1.7.23", - "10.2.1.10", - "10.2.1.22", - "10.2.1.23", - "10.2.2.15", - "10.2.2.23", - "10.3.1.10", - "10.3.1.22", - "10.3.1.23", - "10.6.3.12", - "10.6.3.29", - "5.3.4.27", - "5.3.4.28", - "A1.2.1.26", - "A1.2.1.27" - ], - "CIS-2.0": [ - "6.2.5" - ], - "NIS2": [ - "3.2.1", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.12" - ], - "CIS-4.0": [ - "6.2.5" - ], - "CCC": [ - "CCC.DataWar.CN03.AR01" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "Ensure that the Log_min_messages Flag for a Cloud SQL PostgreSQL Instance Is Set Appropriately", - "title": "Ensure that the Log_min_messages Flag for a Cloud SQL PostgreSQL Instance Is Set Appropriately", - "types": [], - "uid": "prowler-gcp-cloudsql_instance_postgres_log_min_messages_flag-nodal-time-474015-p5-us-central1-tf-pg-psc-81f580c4" - }, - "resources": [ - { - "region": "us-central1", - "data": { - "details": "", - "metadata": { - "name": "tf-pg-psc-81f580c4", - "version": "POSTGRES_15", - "ip_addresses": [], - "region": "us-central1", - "public_ip": false, - "authorized_networks": [], - "require_ssl": false, - "ssl_mode": "ALLOW_UNENCRYPTED_AND_ENCRYPTED", - "automated_backups": true, - "flags": [ - { - "name": "autovacuum", - "value": "off" - } - ], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "cloudsql" - }, - "labels": [], - "name": "tf-pg-psc-81f580c4", - "type": "DatabaseInstance", - "uid": "tf-pg-psc-81f580c4" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-central1" - }, - "remediation": { - "desc": "The log_min_messages flag defines the minimum message severity level that is considered as an error statement. Messages for error statements are logged with the SQL statement. Valid values include DEBUG5, DEBUG4, DEBUG3, DEBUG2, DEBUG1, INFO, NOTICE, WARNING, ERROR, LOG, FATAL, and PANIC. Each severity level includes the subsequent levels mentioned above. ERROR is considered the best practice setting. Changes should only be made in accordance with the organization's logging policy.", - "references": [ - "https://cloud.google.com/sql/docs/postgres/flags" - ] - }, - "risk_details": "Auditing helps in troubleshooting operational problems and also permits forensic analysis. If log_min_messages is not set to the correct value, messages may not be classified as error messages appropriately. An organization will need to decide their own threshold for logging log_min_messages flag.", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "PostgreSQL Instance tf-pg-psc-81f580c4-replica-test-psc0 does not have 'log_min_messages' flag set.", - "metadata": { - "event_code": "cloudsql_instance_postgres_log_min_messages_flag", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "PostgreSQL Instance tf-pg-psc-81f580c4-replica-test-psc0 does not have 'log_min_messages' flag set.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "6.2.5" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16" - ], - "PCI-4.0": [ - "10.2.1.1.12", - "10.2.1.1.26", - "10.2.1.2.22", - "10.2.1.2.23", - "10.2.1.3.23", - "10.2.1.4.10", - "10.2.1.4.22", - "10.2.1.4.23", - "10.2.1.5.10", - "10.2.1.5.23", - "10.2.1.6.23", - "10.2.1.7.10", - "10.2.1.7.20", - "10.2.1.7.23", - "10.2.1.10", - "10.2.1.22", - "10.2.1.23", - "10.2.2.15", - "10.2.2.23", - "10.3.1.10", - "10.3.1.22", - "10.3.1.23", - "10.6.3.12", - "10.6.3.29", - "5.3.4.27", - "5.3.4.28", - "A1.2.1.26", - "A1.2.1.27" - ], - "CIS-2.0": [ - "6.2.5" - ], - "NIS2": [ - "3.2.1", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.12" - ], - "CIS-4.0": [ - "6.2.5" - ], - "CCC": [ - "CCC.DataWar.CN03.AR01" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "Ensure that the Log_min_messages Flag for a Cloud SQL PostgreSQL Instance Is Set Appropriately", - "title": "Ensure that the Log_min_messages Flag for a Cloud SQL PostgreSQL Instance Is Set Appropriately", - "types": [], - "uid": "prowler-gcp-cloudsql_instance_postgres_log_min_messages_flag-nodal-time-474015-p5-us-central1-tf-pg-psc-81f580c4-replica-test-psc0" - }, - "resources": [ - { - "region": "us-central1", - "data": { - "details": "", - "metadata": { - "name": "tf-pg-psc-81f580c4-replica-test-psc0", - "version": "POSTGRES_15", - "ip_addresses": [], - "region": "us-central1", - "public_ip": false, - "authorized_networks": [], - "require_ssl": false, - "ssl_mode": "ALLOW_UNENCRYPTED_AND_ENCRYPTED", - "automated_backups": false, - "flags": [ - { - "name": "autovacuum", - "value": "off" - } - ], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "cloudsql" - }, - "labels": [], - "name": "tf-pg-psc-81f580c4-replica-test-psc0", - "type": "DatabaseInstance", - "uid": "tf-pg-psc-81f580c4-replica-test-psc0" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-central1" - }, - "remediation": { - "desc": "The log_min_messages flag defines the minimum message severity level that is considered as an error statement. Messages for error statements are logged with the SQL statement. Valid values include DEBUG5, DEBUG4, DEBUG3, DEBUG2, DEBUG1, INFO, NOTICE, WARNING, ERROR, LOG, FATAL, and PANIC. Each severity level includes the subsequent levels mentioned above. ERROR is considered the best practice setting. Changes should only be made in accordance with the organization's logging policy.", - "references": [ - "https://cloud.google.com/sql/docs/postgres/flags" - ] - }, - "risk_details": "Auditing helps in troubleshooting operational problems and also permits forensic analysis. If log_min_messages is not set to the correct value, messages may not be classified as error messages appropriately. An organization will need to decide their own threshold for logging log_min_messages flag.", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "PostgreSQL Instance tf-pg-psc-81f580c4 does not have 'log_statement' flag set to 'ddl'.", - "metadata": { - "event_code": "cloudsql_instance_postgres_log_statement_flag", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "PostgreSQL Instance tf-pg-psc-81f580c4 does not have 'log_statement' flag set to 'ddl'.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "6.2.4" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16" - ], - "PCI-4.0": [ - "10.2.1.1.23", - "10.2.1.2.20", - "10.2.1.4.20", - "10.2.1.5.20", - "10.2.1.6.20", - "10.6.3.25", - "5.3.4.23" - ], - "CIS-2.0": [ - "6.2.4" - ], - "NIS2": [ - "3.2.1", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.11" - ], - "CIS-4.0": [ - "6.2.4" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "Ensure That the Log_statement Database Flag for Cloud SQL PostgreSQL Instance Is Set Appropriately", - "title": "Ensure That the Log_statement Database Flag for Cloud SQL PostgreSQL Instance Is Set Appropriately", - "types": [], - "uid": "prowler-gcp-cloudsql_instance_postgres_log_statement_flag-nodal-time-474015-p5-us-central1-tf-pg-psc-81f580c4" - }, - "resources": [ - { - "region": "us-central1", - "data": { - "details": "", - "metadata": { - "name": "tf-pg-psc-81f580c4", - "version": "POSTGRES_15", - "ip_addresses": [], - "region": "us-central1", - "public_ip": false, - "authorized_networks": [], - "require_ssl": false, - "ssl_mode": "ALLOW_UNENCRYPTED_AND_ENCRYPTED", - "automated_backups": true, - "flags": [ - { - "name": "autovacuum", - "value": "off" - } - ], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "cloudsql" - }, - "labels": [], - "name": "tf-pg-psc-81f580c4", - "type": "DatabaseInstance", - "uid": "tf-pg-psc-81f580c4" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-central1" - }, - "remediation": { - "desc": "The value ddl logs all data definition statements. A value of 'ddl' is recommended unless otherwise directed by your organization's logging policy.", - "references": [ - "https://cloud.google.com/sql/docs/postgres/flags" - ] - }, - "risk_details": "Auditing helps in forensic analysis. If log_statement is not set to the correct value, too many statements may be logged leading to issues in finding the relevant information from the logs, or too few statements may be logged with relevant information missing from the logs.", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "PostgreSQL Instance tf-pg-psc-81f580c4-replica-test-psc0 does not have 'log_statement' flag set to 'ddl'.", - "metadata": { - "event_code": "cloudsql_instance_postgres_log_statement_flag", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "PostgreSQL Instance tf-pg-psc-81f580c4-replica-test-psc0 does not have 'log_statement' flag set to 'ddl'.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "6.2.4" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "ISO27001-2022": [ - "A.8.16" - ], - "PCI-4.0": [ - "10.2.1.1.23", - "10.2.1.2.20", - "10.2.1.4.20", - "10.2.1.5.20", - "10.2.1.6.20", - "10.6.3.25", - "5.3.4.23" - ], - "CIS-2.0": [ - "6.2.4" - ], - "NIS2": [ - "3.2.1", - "3.6.2", - "7.2.b", - "11.5.2.d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.11" - ], - "CIS-4.0": [ - "6.2.4" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "Ensure That the Log_statement Database Flag for Cloud SQL PostgreSQL Instance Is Set Appropriately", - "title": "Ensure That the Log_statement Database Flag for Cloud SQL PostgreSQL Instance Is Set Appropriately", - "types": [], - "uid": "prowler-gcp-cloudsql_instance_postgres_log_statement_flag-nodal-time-474015-p5-us-central1-tf-pg-psc-81f580c4-replica-test-psc0" - }, - "resources": [ - { - "region": "us-central1", - "data": { - "details": "", - "metadata": { - "name": "tf-pg-psc-81f580c4-replica-test-psc0", - "version": "POSTGRES_15", - "ip_addresses": [], - "region": "us-central1", - "public_ip": false, - "authorized_networks": [], - "require_ssl": false, - "ssl_mode": "ALLOW_UNENCRYPTED_AND_ENCRYPTED", - "automated_backups": false, - "flags": [ - { - "name": "autovacuum", - "value": "off" - } - ], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "cloudsql" - }, - "labels": [], - "name": "tf-pg-psc-81f580c4-replica-test-psc0", - "type": "DatabaseInstance", - "uid": "tf-pg-psc-81f580c4-replica-test-psc0" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-central1" - }, - "remediation": { - "desc": "The value ddl logs all data definition statements. A value of 'ddl' is recommended unless otherwise directed by your organization's logging policy.", - "references": [ - "https://cloud.google.com/sql/docs/postgres/flags" - ] - }, - "risk_details": "Auditing helps in forensic analysis. If log_statement is not set to the correct value, too many statements may be logged leading to issues in finding the relevant information from the logs, or too few statements may be logged with relevant information missing from the logs.", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Database Instance tf-pg-psc-81f580c4 does not have private IP assignments.", - "metadata": { - "event_code": "cloudsql_instance_private_ip_assignment", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Database Instance tf-pg-psc-81f580c4 does not have private IP assignments.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.com.4.gcp.vpc.1" - ], - "PCI-4.0": [ - "1.2.8.28", - "1.3.1.30", - "1.3.1.31", - "1.3.2.31", - "1.4.2.8", - "1.4.2.28", - "1.4.2.29", - "1.5.1.28", - "10.3.2.15", - "3.5.1.3.20", - "A1.1.2.11", - "A1.1.3.28", - "A3.4.1.13" - ], - "CIS-2.0": [ - "6.2.9" - ], - "NIS2": [ - "12.2.2.c" - ], - "CCC": [ - "CCC.DataWar.CN03.AR01", - "CCC.MLDE.CN07.AR02", - "CCC.MLDE.CN08.AR01", - "CCC.MLDE.CN08.AR02", - "CCC.SvlsComp.CN01.AR01", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "Ensure Instance IP assignment is set to private", - "title": "Ensure Instance IP assignment is set to private", - "types": [], - "uid": "prowler-gcp-cloudsql_instance_private_ip_assignment-nodal-time-474015-p5-us-central1-tf-pg-psc-81f580c4" - }, - "resources": [ - { - "region": "us-central1", - "data": { - "details": "", - "metadata": { - "name": "tf-pg-psc-81f580c4", - "version": "POSTGRES_15", - "ip_addresses": [], - "region": "us-central1", - "public_ip": false, - "authorized_networks": [], - "require_ssl": false, - "ssl_mode": "ALLOW_UNENCRYPTED_AND_ENCRYPTED", - "automated_backups": true, - "flags": [ - { - "name": "autovacuum", - "value": "off" - } - ], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "cloudsql" - }, - "labels": [], - "name": "tf-pg-psc-81f580c4", - "type": "DatabaseInstance", - "uid": "tf-pg-psc-81f580c4" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-central1" - }, - "remediation": { - "desc": "Setting databases access only to private will reduce attack surface.", - "references": [ - "https://cloud.google.com/sql/docs/mysql/configure-private-ip" - ] - }, - "risk_details": "Instance addresses can be public IP or private IP. Public IP means that the instance is accessible through the public internet. In contrast, instances using only private IP are not accessible through the public internet, but are accessible through a Virtual Private Cloud (VPC). Limiting network access to your database will limit potential attacks.", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Database Instance tf-pg-psc-81f580c4-replica-test-psc0 does not have private IP assignments.", - "metadata": { - "event_code": "cloudsql_instance_private_ip_assignment", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Database Instance tf-pg-psc-81f580c4-replica-test-psc0 does not have private IP assignments.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.com.4.gcp.vpc.1" - ], - "PCI-4.0": [ - "1.2.8.28", - "1.3.1.30", - "1.3.1.31", - "1.3.2.31", - "1.4.2.8", - "1.4.2.28", - "1.4.2.29", - "1.5.1.28", - "10.3.2.15", - "3.5.1.3.20", - "A1.1.2.11", - "A1.1.3.28", - "A3.4.1.13" - ], - "CIS-2.0": [ - "6.2.9" - ], - "NIS2": [ - "12.2.2.c" - ], - "CCC": [ - "CCC.DataWar.CN03.AR01", - "CCC.MLDE.CN07.AR02", - "CCC.MLDE.CN08.AR01", - "CCC.MLDE.CN08.AR02", - "CCC.SvlsComp.CN01.AR01", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "Ensure Instance IP assignment is set to private", - "title": "Ensure Instance IP assignment is set to private", - "types": [], - "uid": "prowler-gcp-cloudsql_instance_private_ip_assignment-nodal-time-474015-p5-us-central1-tf-pg-psc-81f580c4-replica-test-psc0" - }, - "resources": [ - { - "region": "us-central1", - "data": { - "details": "", - "metadata": { - "name": "tf-pg-psc-81f580c4-replica-test-psc0", - "version": "POSTGRES_15", - "ip_addresses": [], - "region": "us-central1", - "public_ip": false, - "authorized_networks": [], - "require_ssl": false, - "ssl_mode": "ALLOW_UNENCRYPTED_AND_ENCRYPTED", - "automated_backups": false, - "flags": [ - { - "name": "autovacuum", - "value": "off" - } - ], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "cloudsql" - }, - "labels": [], - "name": "tf-pg-psc-81f580c4-replica-test-psc0", - "type": "DatabaseInstance", - "uid": "tf-pg-psc-81f580c4-replica-test-psc0" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-central1" - }, - "remediation": { - "desc": "Setting databases access only to private will reduce attack surface.", - "references": [ - "https://cloud.google.com/sql/docs/mysql/configure-private-ip" - ] - }, - "risk_details": "Instance addresses can be public IP or private IP. Public IP means that the instance is accessible through the public internet. In contrast, instances using only private IP are not accessible through the public internet, but are accessible through a Virtual Private Cloud (VPC). Limiting network access to your database will limit potential attacks.", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Database Instance tf-pg-psc-81f580c4 does not whitelist all Public IP Addresses.", - "metadata": { - "event_code": "cloudsql_instance_public_access", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Database Instance tf-pg-psc-81f580c4 does not whitelist all Public IP Addresses.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "6.5", - "6.6" - ], - "SOC2": [ - "cc_6_2" - ], - "ISO27001-2022": [ - "A.8.1" - ], - "ENS-RD2022": [ - "op.mon.3.r5.gcp.dm.1" - ], - "PCI-4.0": [ - "1.2.8.27", - "1.2.8.28", - "1.2.8.32", - "1.3.1.30", - "1.3.1.31", - "1.3.1.35", - "1.3.2.30", - "1.3.2.31", - "1.3.2.35", - "1.3.2.36", - "1.4.2.8", - "1.4.2.28", - "1.4.2.29", - "1.4.5.1", - "1.5.1.27", - "1.5.1.28", - "10.3.2.14", - "10.3.2.15", - "10.3.2.16", - "3.5.1.3.19", - "3.5.1.3.20", - "3.5.1.3.21", - "3.5.1.3.24", - "7.2.2.22", - "7.3.1.16", - "7.3.1.17", - "7.3.2.17", - "7.3.3.16", - "7.3.3.17", - "8.2.7.14", - "8.2.7.16", - "A1.1.2.2", - "A1.1.2.10", - "A1.1.2.11", - "A1.1.2.12", - "A1.1.3.16", - "A1.1.3.27", - "A1.1.3.28", - "A1.1.3.31", - "A1.1.3.32", - "A3.4.1.12", - "A3.4.1.13", - "A3.4.1.14", - "A3.4.1.25" - ], - "MITRE-ATTACK": [ - "T1190" - ], - "CIS-2.0": [ - "6.5" - ], - "ProwlerThreatScore-1.0": [ - "2.2.5", - "2.2.6" - ], - "CIS-4.0": [ - "6.5", - "6.6" - ], - "CCC": [ - "CCC.Build.CN03.AR01", - "CCC.GenAI.CN04.AR01", - "CCC.MLDE.CN07.AR02", - "CCC.MLDE.CN08.AR01", - "CCC.MLDE.CN08.AR02", - "CCC.SvlsComp.CN01.AR01", - "CCC.Core.CN01.AR03", - "CCC.Core.CN03.AR04", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "Ensure That Cloud SQL Database Instances Do Not Implicitly Whitelist All Public IP Addresses ", - "title": "Ensure That Cloud SQL Database Instances Do Not Implicitly Whitelist All Public IP Addresses ", - "types": [], - "uid": "prowler-gcp-cloudsql_instance_public_access-nodal-time-474015-p5-us-central1-tf-pg-psc-81f580c4" - }, - "resources": [ - { - "region": "us-central1", - "data": { - "details": "", - "metadata": { - "name": "tf-pg-psc-81f580c4", - "version": "POSTGRES_15", - "ip_addresses": [], - "region": "us-central1", - "public_ip": false, - "authorized_networks": [], - "require_ssl": false, - "ssl_mode": "ALLOW_UNENCRYPTED_AND_ENCRYPTED", - "automated_backups": true, - "flags": [ - { - "name": "autovacuum", - "value": "off" - } - ], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "cloudsql" - }, - "labels": [], - "name": "tf-pg-psc-81f580c4", - "type": "DatabaseInstance", - "uid": "tf-pg-psc-81f580c4" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-central1" - }, - "remediation": { - "desc": "Database Server should accept connections only from trusted Network(s)/IP(s) and restrict access from public IP addresses.", - "references": [ - "https://cloud.google.com/sql/docs/mysql/connection-org-policy" - ] - }, - "risk_details": "To minimize attack surface on a Database server instance, only trusted/known and required IP(s) should be white-listed to connect to it. An authorized network should not have IPs/networks configured to 0.0.0.0/0 which will allow access to the instance from anywhere in the world. Note that authorized networks apply only to instances with public IPs.", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Database Instance tf-pg-psc-81f580c4-replica-test-psc0 does not whitelist all Public IP Addresses.", - "metadata": { - "event_code": "cloudsql_instance_public_access", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Database Instance tf-pg-psc-81f580c4-replica-test-psc0 does not whitelist all Public IP Addresses.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "6.5", - "6.6" - ], - "SOC2": [ - "cc_6_2" - ], - "ISO27001-2022": [ - "A.8.1" - ], - "ENS-RD2022": [ - "op.mon.3.r5.gcp.dm.1" - ], - "PCI-4.0": [ - "1.2.8.27", - "1.2.8.28", - "1.2.8.32", - "1.3.1.30", - "1.3.1.31", - "1.3.1.35", - "1.3.2.30", - "1.3.2.31", - "1.3.2.35", - "1.3.2.36", - "1.4.2.8", - "1.4.2.28", - "1.4.2.29", - "1.4.5.1", - "1.5.1.27", - "1.5.1.28", - "10.3.2.14", - "10.3.2.15", - "10.3.2.16", - "3.5.1.3.19", - "3.5.1.3.20", - "3.5.1.3.21", - "3.5.1.3.24", - "7.2.2.22", - "7.3.1.16", - "7.3.1.17", - "7.3.2.17", - "7.3.3.16", - "7.3.3.17", - "8.2.7.14", - "8.2.7.16", - "A1.1.2.2", - "A1.1.2.10", - "A1.1.2.11", - "A1.1.2.12", - "A1.1.3.16", - "A1.1.3.27", - "A1.1.3.28", - "A1.1.3.31", - "A1.1.3.32", - "A3.4.1.12", - "A3.4.1.13", - "A3.4.1.14", - "A3.4.1.25" - ], - "MITRE-ATTACK": [ - "T1190" - ], - "CIS-2.0": [ - "6.5" - ], - "ProwlerThreatScore-1.0": [ - "2.2.5", - "2.2.6" - ], - "CIS-4.0": [ - "6.5", - "6.6" - ], - "CCC": [ - "CCC.Build.CN03.AR01", - "CCC.GenAI.CN04.AR01", - "CCC.MLDE.CN07.AR02", - "CCC.MLDE.CN08.AR01", - "CCC.MLDE.CN08.AR02", - "CCC.SvlsComp.CN01.AR01", - "CCC.Core.CN01.AR03", - "CCC.Core.CN03.AR04", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "Ensure That Cloud SQL Database Instances Do Not Implicitly Whitelist All Public IP Addresses ", - "title": "Ensure That Cloud SQL Database Instances Do Not Implicitly Whitelist All Public IP Addresses ", - "types": [], - "uid": "prowler-gcp-cloudsql_instance_public_access-nodal-time-474015-p5-us-central1-tf-pg-psc-81f580c4-replica-test-psc0" - }, - "resources": [ - { - "region": "us-central1", - "data": { - "details": "", - "metadata": { - "name": "tf-pg-psc-81f580c4-replica-test-psc0", - "version": "POSTGRES_15", - "ip_addresses": [], - "region": "us-central1", - "public_ip": false, - "authorized_networks": [], - "require_ssl": false, - "ssl_mode": "ALLOW_UNENCRYPTED_AND_ENCRYPTED", - "automated_backups": false, - "flags": [ - { - "name": "autovacuum", - "value": "off" - } - ], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "cloudsql" - }, - "labels": [], - "name": "tf-pg-psc-81f580c4-replica-test-psc0", - "type": "DatabaseInstance", - "uid": "tf-pg-psc-81f580c4-replica-test-psc0" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-central1" - }, - "remediation": { - "desc": "Database Server should accept connections only from trusted Network(s)/IP(s) and restrict access from public IP addresses.", - "references": [ - "https://cloud.google.com/sql/docs/mysql/connection-org-policy" - ] - }, - "risk_details": "To minimize attack surface on a Database server instance, only trusted/known and required IP(s) should be white-listed to connect to it. An authorized network should not have IPs/networks configured to 0.0.0.0/0 which will allow access to the instance from anywhere in the world. Note that authorized networks apply only to instances with public IPs.", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Database Instance tf-pg-psc-81f580c4 does not have a public IP.", - "metadata": { - "event_code": "cloudsql_instance_public_ip", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Database Instance tf-pg-psc-81f580c4 does not have a public IP.", - "status_id": 1, - "unmapped": { - "related_url": "https://www.trendmicro.com/cloudoneconformity/knowledge-base/gcp/CloudSQL/sql-database-instances-with-public-ips.html", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ISO27001-2022": [ - "A.8.1" - ], - "ENS-RD2022": [ - "mp.com.4.gcp.vpc.1" - ], - "PCI-4.0": [ - "1.2.8.28", - "1.3.1.30", - "1.3.1.31", - "1.3.2.31", - "1.4.2.8", - "1.4.2.28", - "1.4.2.29", - "1.5.1.28", - "10.3.2.14", - "10.3.2.15", - "10.3.2.16", - "3.5.1.3.19", - "3.5.1.3.20", - "3.5.1.3.21", - "A1.1.2.10", - "A1.1.2.11", - "A1.1.2.12", - "A1.1.3.27", - "A1.1.3.28", - "A3.4.1.12", - "A3.4.1.13", - "A3.4.1.14" - ], - "MITRE-ATTACK": [ - "T1190" - ], - "CIS-2.0": [ - "6.6" - ], - "CCC": [ - "CCC.Build.CN03.AR01", - "CCC.DataWar.CN03.AR01", - "CCC.MLDE.CN07.AR02", - "CCC.MLDE.CN08.AR01", - "CCC.MLDE.CN08.AR02", - "CCC.SvlsComp.CN01.AR01", - "CCC.Core.CN01.AR03", - "CCC.Core.CN03.AR02", - "CCC.Core.CN03.AR04", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "Check for Cloud SQL Database Instances with Public IPs", - "title": "Check for Cloud SQL Database Instances with Public IPs", - "types": [], - "uid": "prowler-gcp-cloudsql_instance_public_ip-nodal-time-474015-p5-us-central1-tf-pg-psc-81f580c4" - }, - "resources": [ - { - "region": "us-central1", - "data": { - "details": "", - "metadata": { - "name": "tf-pg-psc-81f580c4", - "version": "POSTGRES_15", - "ip_addresses": [], - "region": "us-central1", - "public_ip": false, - "authorized_networks": [], - "require_ssl": false, - "ssl_mode": "ALLOW_UNENCRYPTED_AND_ENCRYPTED", - "automated_backups": true, - "flags": [ - { - "name": "autovacuum", - "value": "off" - } - ], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "cloudsql" - }, - "labels": [], - "name": "tf-pg-psc-81f580c4", - "type": "DatabaseInstance", - "uid": "tf-pg-psc-81f580c4" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-central1" - }, - "remediation": { - "desc": "To lower the organization's attack surface, Cloud SQL databases should not have public IPs. Private IPs provide improved network security and lower latency for your application.", - "references": [ - "https://cloud.google.com/sql/docs/mysql/configure-private-ip" - ] - }, - "risk_details": "To lower the organization's attack surface, Cloud SQL databases should not have public IPs. Private IPs provide improved network security and lower latency for your application.", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Database Instance tf-pg-psc-81f580c4-replica-test-psc0 does not have a public IP.", - "metadata": { - "event_code": "cloudsql_instance_public_ip", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Database Instance tf-pg-psc-81f580c4-replica-test-psc0 does not have a public IP.", - "status_id": 1, - "unmapped": { - "related_url": "https://www.trendmicro.com/cloudoneconformity/knowledge-base/gcp/CloudSQL/sql-database-instances-with-public-ips.html", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ISO27001-2022": [ - "A.8.1" - ], - "ENS-RD2022": [ - "mp.com.4.gcp.vpc.1" - ], - "PCI-4.0": [ - "1.2.8.28", - "1.3.1.30", - "1.3.1.31", - "1.3.2.31", - "1.4.2.8", - "1.4.2.28", - "1.4.2.29", - "1.5.1.28", - "10.3.2.14", - "10.3.2.15", - "10.3.2.16", - "3.5.1.3.19", - "3.5.1.3.20", - "3.5.1.3.21", - "A1.1.2.10", - "A1.1.2.11", - "A1.1.2.12", - "A1.1.3.27", - "A1.1.3.28", - "A3.4.1.12", - "A3.4.1.13", - "A3.4.1.14" - ], - "MITRE-ATTACK": [ - "T1190" - ], - "CIS-2.0": [ - "6.6" - ], - "CCC": [ - "CCC.Build.CN03.AR01", - "CCC.DataWar.CN03.AR01", - "CCC.MLDE.CN07.AR02", - "CCC.MLDE.CN08.AR01", - "CCC.MLDE.CN08.AR02", - "CCC.SvlsComp.CN01.AR01", - "CCC.Core.CN01.AR03", - "CCC.Core.CN03.AR02", - "CCC.Core.CN03.AR04", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR06" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "Check for Cloud SQL Database Instances with Public IPs", - "title": "Check for Cloud SQL Database Instances with Public IPs", - "types": [], - "uid": "prowler-gcp-cloudsql_instance_public_ip-nodal-time-474015-p5-us-central1-tf-pg-psc-81f580c4-replica-test-psc0" - }, - "resources": [ - { - "region": "us-central1", - "data": { - "details": "", - "metadata": { - "name": "tf-pg-psc-81f580c4-replica-test-psc0", - "version": "POSTGRES_15", - "ip_addresses": [], - "region": "us-central1", - "public_ip": false, - "authorized_networks": [], - "require_ssl": false, - "ssl_mode": "ALLOW_UNENCRYPTED_AND_ENCRYPTED", - "automated_backups": false, - "flags": [ - { - "name": "autovacuum", - "value": "off" - } - ], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "cloudsql" - }, - "labels": [], - "name": "tf-pg-psc-81f580c4-replica-test-psc0", - "type": "DatabaseInstance", - "uid": "tf-pg-psc-81f580c4-replica-test-psc0" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-central1" - }, - "remediation": { - "desc": "To lower the organization's attack surface, Cloud SQL databases should not have public IPs. Private IPs provide improved network security and lower latency for your application.", - "references": [ - "https://cloud.google.com/sql/docs/mysql/configure-private-ip" - ] - }, - "risk_details": "To lower the organization's attack surface, Cloud SQL databases should not have public IPs. Private IPs provide improved network security and lower latency for your application.", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Database Instance tf-pg-psc-81f580c4 does not require SSL connections.", - "metadata": { - "event_code": "cloudsql_instance_ssl_connections", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Database Instance tf-pg-psc-81f580c4 does not require SSL connections.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "6.4" - ], - "SOC2": [ - "cc_6_7" - ], - "ISO27001-2022": [ - "A.8.12" - ], - "ENS-RD2022": [ - "op.acc.6.r3.gcp.iam.2" - ], - "PCI-4.0": [ - "1.2.5.14", - "1.2.8.28", - "1.3.1.30", - "1.3.1.31", - "1.3.2.31", - "1.4.2.28", - "1.4.2.29", - "10.2.1.3.22", - "10.3.2.15", - "2.2.5.14", - "2.2.7.6", - "2.2.7.18", - "3.5.1.22", - "3.5.1.23", - "3.5.1.25", - "3.5.1.26", - "3.5.1.27", - "4.2.1.1.10", - "4.2.1.1.26", - "4.2.1.6", - "4.2.1.7", - "4.2.1.18", - "7.2.1.22", - "7.2.2.20", - "7.2.2.22", - "7.2.5.16", - "7.2.5.17", - "7.3.1.14", - "7.3.2.17", - "7.3.3.14", - "7.3.3.17", - "8.2.7.14", - "8.2.7.16", - "8.2.7.17", - "8.2.8.16", - "8.3.2.15", - "8.3.2.38", - "8.3.2.42", - "8.3.2.43", - "8.3.2.44", - "8.3.2.47", - "A1.1.2.11" - ], - "MITRE-ATTACK": [ - "T1040", - "T1530" - ], - "CIS-2.0": [ - "6.4" - ], - "NIS2": [ - "12.2.2.c" - ], - "ProwlerThreatScore-1.0": [ - "4.1.2" - ], - "CIS-4.0": [ - "6.4" - ], - "CCC": [ - "CCC.Core.CN01.AR01", - "CCC.Core.CN01.AR03", - "CCC.Core.CN01.AR08" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "Ensure That the Cloud SQL Database Instance Requires All Incoming Connections To Use SSL", - "title": "Ensure That the Cloud SQL Database Instance Requires All Incoming Connections To Use SSL", - "types": [], - "uid": "prowler-gcp-cloudsql_instance_ssl_connections-nodal-time-474015-p5-us-central1-tf-pg-psc-81f580c4" - }, - "resources": [ - { - "region": "us-central1", - "data": { - "details": "", - "metadata": { - "name": "tf-pg-psc-81f580c4", - "version": "POSTGRES_15", - "ip_addresses": [], - "region": "us-central1", - "public_ip": false, - "authorized_networks": [], - "require_ssl": false, - "ssl_mode": "ALLOW_UNENCRYPTED_AND_ENCRYPTED", - "automated_backups": true, - "flags": [ - { - "name": "autovacuum", - "value": "off" - } - ], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "cloudsql" - }, - "labels": [], - "name": "tf-pg-psc-81f580c4", - "type": "DatabaseInstance", - "uid": "tf-pg-psc-81f580c4" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-central1" - }, - "remediation": { - "desc": "It is recommended to enforce all incoming connections to SQL database instance to use SSL.", - "references": [ - "https://cloud.google.com/sql/docs/postgres/configure-ssl-instance/" - ] - }, - "risk_details": "SQL database connections if successfully trapped (MITM), can reveal sensitive data like credentials, database queries, query outputs etc. For security, it is recommended to always use SSL encryption when connecting to your instance. This recommendation is applicable for Postgresql, MySql generation 1, MySql generation 2 and SQL Server 2017 instances.", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Database Instance tf-pg-psc-81f580c4-replica-test-psc0 does not require SSL connections.", - "metadata": { - "event_code": "cloudsql_instance_ssl_connections", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Database Instance tf-pg-psc-81f580c4-replica-test-psc0 does not require SSL connections.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "6.4" - ], - "SOC2": [ - "cc_6_7" - ], - "ISO27001-2022": [ - "A.8.12" - ], - "ENS-RD2022": [ - "op.acc.6.r3.gcp.iam.2" - ], - "PCI-4.0": [ - "1.2.5.14", - "1.2.8.28", - "1.3.1.30", - "1.3.1.31", - "1.3.2.31", - "1.4.2.28", - "1.4.2.29", - "10.2.1.3.22", - "10.3.2.15", - "2.2.5.14", - "2.2.7.6", - "2.2.7.18", - "3.5.1.22", - "3.5.1.23", - "3.5.1.25", - "3.5.1.26", - "3.5.1.27", - "4.2.1.1.10", - "4.2.1.1.26", - "4.2.1.6", - "4.2.1.7", - "4.2.1.18", - "7.2.1.22", - "7.2.2.20", - "7.2.2.22", - "7.2.5.16", - "7.2.5.17", - "7.3.1.14", - "7.3.2.17", - "7.3.3.14", - "7.3.3.17", - "8.2.7.14", - "8.2.7.16", - "8.2.7.17", - "8.2.8.16", - "8.3.2.15", - "8.3.2.38", - "8.3.2.42", - "8.3.2.43", - "8.3.2.44", - "8.3.2.47", - "A1.1.2.11" - ], - "MITRE-ATTACK": [ - "T1040", - "T1530" - ], - "CIS-2.0": [ - "6.4" - ], - "NIS2": [ - "12.2.2.c" - ], - "ProwlerThreatScore-1.0": [ - "4.1.2" - ], - "CIS-4.0": [ - "6.4" - ], - "CCC": [ - "CCC.Core.CN01.AR01", - "CCC.Core.CN01.AR03", - "CCC.Core.CN01.AR08" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902094, - "created_time_dt": "2025-10-19T19:28:14.629523", - "desc": "Ensure That the Cloud SQL Database Instance Requires All Incoming Connections To Use SSL", - "title": "Ensure That the Cloud SQL Database Instance Requires All Incoming Connections To Use SSL", - "types": [], - "uid": "prowler-gcp-cloudsql_instance_ssl_connections-nodal-time-474015-p5-us-central1-tf-pg-psc-81f580c4-replica-test-psc0" - }, - "resources": [ - { - "region": "us-central1", - "data": { - "details": "", - "metadata": { - "name": "tf-pg-psc-81f580c4-replica-test-psc0", - "version": "POSTGRES_15", - "ip_addresses": [], - "region": "us-central1", - "public_ip": false, - "authorized_networks": [], - "require_ssl": false, - "ssl_mode": "ALLOW_UNENCRYPTED_AND_ENCRYPTED", - "automated_backups": false, - "flags": [ - { - "name": "autovacuum", - "value": "off" - } - ], - "project_id": "nodal-time-474015-p5" - } - }, - "group": { - "name": "cloudsql" - }, - "labels": [], - "name": "tf-pg-psc-81f580c4-replica-test-psc0", - "type": "DatabaseInstance", - "uid": "tf-pg-psc-81f580c4-replica-test-psc0" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "My First Project", - "type": "GCP Account", - "type_id": 5, - "uid": "nodal-time-474015-p5", - "labels": [] - }, - "org": {}, - "provider": "gcp", - "region": "us-central1" - }, - "remediation": { - "desc": "It is recommended to enforce all incoming connections to SQL database instance to use SSL.", - "references": [ - "https://cloud.google.com/sql/docs/postgres/configure-ssl-instance/" - ] - }, - "risk_details": "SQL database connections if successfully trapped (MITM), can reveal sensitive data like credentials, database queries, query outputs etc. For security, it is recommended to always use SSL encryption when connecting to your instance. This recommendation is applicable for Postgresql, MySql generation 1, MySql generation 2 and SQL Server 2017 instances.", - "time": 1760902094, - "time_dt": "2025-10-19T19:28:14.629523", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - } -] diff --git a/website/src/data/test-results/finos-labs-ccc-cfi-compliance/repository.json b/website/src/data/test-results/finos-labs-ccc-cfi-compliance/repository.json index 0701e217..4dda7416 100644 --- a/website/src/data/test-results/finos-labs-ccc-cfi-compliance/repository.json +++ b/website/src/data/test-results/finos-labs-ccc-cfi-compliance/repository.json @@ -2,8 +2,8 @@ "name": "ccc-cfi-compliance", "url": "https://github.com/finos-labs/ccc-cfi-compliance", "description": "CCC CFI Compliance from FINOS Labs", - "downloaded_at": "2025-10-19T21:38:16.610Z", - "workflow_run_id": 18633357206, + "downloaded_at": "2026-02-26T12:49:15.343Z", + "workflow_run_id": 22440814518, "workflow_status": "completed", - "workflow_conclusion": "failure" + "workflow_conclusion": "success" } \ No newline at end of file diff --git a/website/src/data/test-results/finos-labs-ccc-cfi-compliance/secure-aws-bucket/config/secure-aws-bucket.json b/website/src/data/test-results/finos-labs-ccc-cfi-compliance/secure-aws-bucket/config/secure-aws-bucket.json deleted file mode 100644 index 315dc049..00000000 --- a/website/src/data/test-results/finos-labs-ccc-cfi-compliance/secure-aws-bucket/config/secure-aws-bucket.json +++ /dev/null @@ -1,9 +0,0 @@ -{ - "id": "secure-aws-bucket", - "provider": "aws", - "service": "s3", - "name": "CCC S3 Bucket Terraform Module", - "description": "This module creates a secure S3 bucket with encryption and logging enabled. It also creates a KMS key for the bucket.", - "path": "examples/complete/aws", - "git": "https://github.com/finos/cfi-s3-module" -} \ No newline at end of file diff --git a/website/src/data/test-results/finos-labs-ccc-cfi-compliance/secure-aws-bucket/results/secure-aws-bucket-baseline.ocsf.json b/website/src/data/test-results/finos-labs-ccc-cfi-compliance/secure-aws-bucket/results/secure-aws-bucket-baseline.ocsf.json deleted file mode 100644 index 3427d67c..00000000 --- a/website/src/data/test-results/finos-labs-ccc-cfi-compliance/secure-aws-bucket/results/secure-aws-bucket-baseline.ocsf.json +++ /dev/null @@ -1,115793 +0,0 @@ -[ - { - "message": "IAM Access Analyzer in account 211203495394 is not enabled.", - "metadata": { - "event_code": "accessanalyzer_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "IAM Access Analyzer in account 211203495394 is not enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "identity-access", - "trust-boundaries" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-manage-external.html", - "https://aws.amazon.com/iam/access-analyzer/", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/API_CreateAnalyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-external.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/Welcome.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-internal.html" - ], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-01.04B", - "IAM-06.01AC", - "IAM-10.01B", - "IAM-10.02B", - "INQ-04.01AC", - "PSS-08.03B", - "PSS-09.01AC" - ], - "CIS-3.0": [ - "1.20" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.20" - ], - "CIS-5.0": [ - "1.19" - ], - "CIS-1.4": [ - "1.20" - ], - "CCC": [ - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN05.AR04" - ], - "ProwlerThreatScore-1.0": [ - "1.2.6" - ], - "CIS-1.5": [ - "1.20" - ], - "ISO27001-2022": [ - "A.8.3" - ], - "AWS-Account-Security-Onboarding": [ - "Enabled security services", - "Create analyzers in each active regions", - "Verify that events are present in SecurityHub aggregated view" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-2.0": [ - "1.20" - ], - "NIS2": [ - "3.2.3.e", - "11.1.1", - "11.2.1", - "11.2.2.e" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "**IAM Access Analyzer** presence and status are evaluated per account and Region. An analyzer in `ACTIVE` state indicates continuous analysis of supported resources and IAM activity to identify external, internal, and unused access.", - "title": "IAM Access Analyzer is enabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices" - ], - "uid": "prowler-aws-accessanalyzer_enabled-211203495394-ap-northeast-1-analyzer/unknown" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-northeast-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:accessanalyzer:ap-northeast-1:211203495394:analyzer/unknown", - "name": "analyzer/unknown", - "status": "NOT_AVAILABLE", - "findings": [], - "tags": [], - "type": "", - "region": "ap-northeast-1" - } - }, - "group": { - "name": "accessanalyzer" - }, - "labels": [], - "name": "analyzer/unknown", - "type": "Other", - "uid": "arn:aws:accessanalyzer:ap-northeast-1:211203495394:analyzer/unknown" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-northeast-1" - }, - "remediation": { - "desc": "Enable **IAM Access Analyzer** across all accounts and active Regions (*or organization-wide*). Operate on least privilege: continuously review findings, remove unintended access, and trim unused permissions. Use archive rules sparingly, integrate reviews into change/CI/CD workflows, and enforce separation of duties on policy changes.", - "references": [ - "https://hub.prowler.com/check/accessanalyzer_enabled" - ] - }, - "risk_details": "Without an active analyzer, visibility into unintended public, cross-account, or risky internal access is lost. Adversaries can exploit exposed S3, snapshots, KMS keys, or permissive role trusts for data exfiltration and escalation. Unused permissions persist, enlarging the attack surface. This degrades confidentiality and integrity.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "IAM Access Analyzer in account 211203495394 is not enabled.", - "metadata": { - "event_code": "accessanalyzer_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "IAM Access Analyzer in account 211203495394 is not enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "identity-access", - "trust-boundaries" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-manage-external.html", - "https://aws.amazon.com/iam/access-analyzer/", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/API_CreateAnalyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-external.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/Welcome.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-internal.html" - ], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-01.04B", - "IAM-06.01AC", - "IAM-10.01B", - "IAM-10.02B", - "INQ-04.01AC", - "PSS-08.03B", - "PSS-09.01AC" - ], - "CIS-3.0": [ - "1.20" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.20" - ], - "CIS-5.0": [ - "1.19" - ], - "CIS-1.4": [ - "1.20" - ], - "CCC": [ - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN05.AR04" - ], - "ProwlerThreatScore-1.0": [ - "1.2.6" - ], - "CIS-1.5": [ - "1.20" - ], - "ISO27001-2022": [ - "A.8.3" - ], - "AWS-Account-Security-Onboarding": [ - "Enabled security services", - "Create analyzers in each active regions", - "Verify that events are present in SecurityHub aggregated view" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-2.0": [ - "1.20" - ], - "NIS2": [ - "3.2.3.e", - "11.1.1", - "11.2.1", - "11.2.2.e" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "**IAM Access Analyzer** presence and status are evaluated per account and Region. An analyzer in `ACTIVE` state indicates continuous analysis of supported resources and IAM activity to identify external, internal, and unused access.", - "title": "IAM Access Analyzer is enabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices" - ], - "uid": "prowler-aws-accessanalyzer_enabled-211203495394-ap-northeast-2-analyzer/unknown" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-northeast-2", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:accessanalyzer:ap-northeast-2:211203495394:analyzer/unknown", - "name": "analyzer/unknown", - "status": "NOT_AVAILABLE", - "findings": [], - "tags": [], - "type": "", - "region": "ap-northeast-2" - } - }, - "group": { - "name": "accessanalyzer" - }, - "labels": [], - "name": "analyzer/unknown", - "type": "Other", - "uid": "arn:aws:accessanalyzer:ap-northeast-2:211203495394:analyzer/unknown" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-northeast-2" - }, - "remediation": { - "desc": "Enable **IAM Access Analyzer** across all accounts and active Regions (*or organization-wide*). Operate on least privilege: continuously review findings, remove unintended access, and trim unused permissions. Use archive rules sparingly, integrate reviews into change/CI/CD workflows, and enforce separation of duties on policy changes.", - "references": [ - "https://hub.prowler.com/check/accessanalyzer_enabled" - ] - }, - "risk_details": "Without an active analyzer, visibility into unintended public, cross-account, or risky internal access is lost. Adversaries can exploit exposed S3, snapshots, KMS keys, or permissive role trusts for data exfiltration and escalation. Unused permissions persist, enlarging the attack surface. This degrades confidentiality and integrity.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "IAM Access Analyzer in account 211203495394 is not enabled.", - "metadata": { - "event_code": "accessanalyzer_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "IAM Access Analyzer in account 211203495394 is not enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "identity-access", - "trust-boundaries" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-manage-external.html", - "https://aws.amazon.com/iam/access-analyzer/", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/API_CreateAnalyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-external.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/Welcome.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-internal.html" - ], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-01.04B", - "IAM-06.01AC", - "IAM-10.01B", - "IAM-10.02B", - "INQ-04.01AC", - "PSS-08.03B", - "PSS-09.01AC" - ], - "CIS-3.0": [ - "1.20" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.20" - ], - "CIS-5.0": [ - "1.19" - ], - "CIS-1.4": [ - "1.20" - ], - "CCC": [ - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN05.AR04" - ], - "ProwlerThreatScore-1.0": [ - "1.2.6" - ], - "CIS-1.5": [ - "1.20" - ], - "ISO27001-2022": [ - "A.8.3" - ], - "AWS-Account-Security-Onboarding": [ - "Enabled security services", - "Create analyzers in each active regions", - "Verify that events are present in SecurityHub aggregated view" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-2.0": [ - "1.20" - ], - "NIS2": [ - "3.2.3.e", - "11.1.1", - "11.2.1", - "11.2.2.e" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "**IAM Access Analyzer** presence and status are evaluated per account and Region. An analyzer in `ACTIVE` state indicates continuous analysis of supported resources and IAM activity to identify external, internal, and unused access.", - "title": "IAM Access Analyzer is enabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices" - ], - "uid": "prowler-aws-accessanalyzer_enabled-211203495394-ap-northeast-3-analyzer/unknown" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-northeast-3", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:accessanalyzer:ap-northeast-3:211203495394:analyzer/unknown", - "name": "analyzer/unknown", - "status": "NOT_AVAILABLE", - "findings": [], - "tags": [], - "type": "", - "region": "ap-northeast-3" - } - }, - "group": { - "name": "accessanalyzer" - }, - "labels": [], - "name": "analyzer/unknown", - "type": "Other", - "uid": "arn:aws:accessanalyzer:ap-northeast-3:211203495394:analyzer/unknown" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-northeast-3" - }, - "remediation": { - "desc": "Enable **IAM Access Analyzer** across all accounts and active Regions (*or organization-wide*). Operate on least privilege: continuously review findings, remove unintended access, and trim unused permissions. Use archive rules sparingly, integrate reviews into change/CI/CD workflows, and enforce separation of duties on policy changes.", - "references": [ - "https://hub.prowler.com/check/accessanalyzer_enabled" - ] - }, - "risk_details": "Without an active analyzer, visibility into unintended public, cross-account, or risky internal access is lost. Adversaries can exploit exposed S3, snapshots, KMS keys, or permissive role trusts for data exfiltration and escalation. Unused permissions persist, enlarging the attack surface. This degrades confidentiality and integrity.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "IAM Access Analyzer in account 211203495394 is not enabled.", - "metadata": { - "event_code": "accessanalyzer_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "IAM Access Analyzer in account 211203495394 is not enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "identity-access", - "trust-boundaries" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-manage-external.html", - "https://aws.amazon.com/iam/access-analyzer/", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/API_CreateAnalyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-external.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/Welcome.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-internal.html" - ], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-01.04B", - "IAM-06.01AC", - "IAM-10.01B", - "IAM-10.02B", - "INQ-04.01AC", - "PSS-08.03B", - "PSS-09.01AC" - ], - "CIS-3.0": [ - "1.20" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.20" - ], - "CIS-5.0": [ - "1.19" - ], - "CIS-1.4": [ - "1.20" - ], - "CCC": [ - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN05.AR04" - ], - "ProwlerThreatScore-1.0": [ - "1.2.6" - ], - "CIS-1.5": [ - "1.20" - ], - "ISO27001-2022": [ - "A.8.3" - ], - "AWS-Account-Security-Onboarding": [ - "Enabled security services", - "Create analyzers in each active regions", - "Verify that events are present in SecurityHub aggregated view" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-2.0": [ - "1.20" - ], - "NIS2": [ - "3.2.3.e", - "11.1.1", - "11.2.1", - "11.2.2.e" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "**IAM Access Analyzer** presence and status are evaluated per account and Region. An analyzer in `ACTIVE` state indicates continuous analysis of supported resources and IAM activity to identify external, internal, and unused access.", - "title": "IAM Access Analyzer is enabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices" - ], - "uid": "prowler-aws-accessanalyzer_enabled-211203495394-ap-south-1-analyzer/unknown" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-south-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:accessanalyzer:ap-south-1:211203495394:analyzer/unknown", - "name": "analyzer/unknown", - "status": "NOT_AVAILABLE", - "findings": [], - "tags": [], - "type": "", - "region": "ap-south-1" - } - }, - "group": { - "name": "accessanalyzer" - }, - "labels": [], - "name": "analyzer/unknown", - "type": "Other", - "uid": "arn:aws:accessanalyzer:ap-south-1:211203495394:analyzer/unknown" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-south-1" - }, - "remediation": { - "desc": "Enable **IAM Access Analyzer** across all accounts and active Regions (*or organization-wide*). Operate on least privilege: continuously review findings, remove unintended access, and trim unused permissions. Use archive rules sparingly, integrate reviews into change/CI/CD workflows, and enforce separation of duties on policy changes.", - "references": [ - "https://hub.prowler.com/check/accessanalyzer_enabled" - ] - }, - "risk_details": "Without an active analyzer, visibility into unintended public, cross-account, or risky internal access is lost. Adversaries can exploit exposed S3, snapshots, KMS keys, or permissive role trusts for data exfiltration and escalation. Unused permissions persist, enlarging the attack surface. This degrades confidentiality and integrity.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "IAM Access Analyzer in account 211203495394 is not enabled.", - "metadata": { - "event_code": "accessanalyzer_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "IAM Access Analyzer in account 211203495394 is not enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "identity-access", - "trust-boundaries" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-manage-external.html", - "https://aws.amazon.com/iam/access-analyzer/", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/API_CreateAnalyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-external.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/Welcome.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-internal.html" - ], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-01.04B", - "IAM-06.01AC", - "IAM-10.01B", - "IAM-10.02B", - "INQ-04.01AC", - "PSS-08.03B", - "PSS-09.01AC" - ], - "CIS-3.0": [ - "1.20" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.20" - ], - "CIS-5.0": [ - "1.19" - ], - "CIS-1.4": [ - "1.20" - ], - "CCC": [ - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN05.AR04" - ], - "ProwlerThreatScore-1.0": [ - "1.2.6" - ], - "CIS-1.5": [ - "1.20" - ], - "ISO27001-2022": [ - "A.8.3" - ], - "AWS-Account-Security-Onboarding": [ - "Enabled security services", - "Create analyzers in each active regions", - "Verify that events are present in SecurityHub aggregated view" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-2.0": [ - "1.20" - ], - "NIS2": [ - "3.2.3.e", - "11.1.1", - "11.2.1", - "11.2.2.e" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "**IAM Access Analyzer** presence and status are evaluated per account and Region. An analyzer in `ACTIVE` state indicates continuous analysis of supported resources and IAM activity to identify external, internal, and unused access.", - "title": "IAM Access Analyzer is enabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices" - ], - "uid": "prowler-aws-accessanalyzer_enabled-211203495394-ap-southeast-1-analyzer/unknown" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-southeast-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:accessanalyzer:ap-southeast-1:211203495394:analyzer/unknown", - "name": "analyzer/unknown", - "status": "NOT_AVAILABLE", - "findings": [], - "tags": [], - "type": "", - "region": "ap-southeast-1" - } - }, - "group": { - "name": "accessanalyzer" - }, - "labels": [], - "name": "analyzer/unknown", - "type": "Other", - "uid": "arn:aws:accessanalyzer:ap-southeast-1:211203495394:analyzer/unknown" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-southeast-1" - }, - "remediation": { - "desc": "Enable **IAM Access Analyzer** across all accounts and active Regions (*or organization-wide*). Operate on least privilege: continuously review findings, remove unintended access, and trim unused permissions. Use archive rules sparingly, integrate reviews into change/CI/CD workflows, and enforce separation of duties on policy changes.", - "references": [ - "https://hub.prowler.com/check/accessanalyzer_enabled" - ] - }, - "risk_details": "Without an active analyzer, visibility into unintended public, cross-account, or risky internal access is lost. Adversaries can exploit exposed S3, snapshots, KMS keys, or permissive role trusts for data exfiltration and escalation. Unused permissions persist, enlarging the attack surface. This degrades confidentiality and integrity.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "IAM Access Analyzer in account 211203495394 is not enabled.", - "metadata": { - "event_code": "accessanalyzer_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "IAM Access Analyzer in account 211203495394 is not enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "identity-access", - "trust-boundaries" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-manage-external.html", - "https://aws.amazon.com/iam/access-analyzer/", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/API_CreateAnalyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-external.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/Welcome.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-internal.html" - ], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-01.04B", - "IAM-06.01AC", - "IAM-10.01B", - "IAM-10.02B", - "INQ-04.01AC", - "PSS-08.03B", - "PSS-09.01AC" - ], - "CIS-3.0": [ - "1.20" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.20" - ], - "CIS-5.0": [ - "1.19" - ], - "CIS-1.4": [ - "1.20" - ], - "CCC": [ - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN05.AR04" - ], - "ProwlerThreatScore-1.0": [ - "1.2.6" - ], - "CIS-1.5": [ - "1.20" - ], - "ISO27001-2022": [ - "A.8.3" - ], - "AWS-Account-Security-Onboarding": [ - "Enabled security services", - "Create analyzers in each active regions", - "Verify that events are present in SecurityHub aggregated view" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-2.0": [ - "1.20" - ], - "NIS2": [ - "3.2.3.e", - "11.1.1", - "11.2.1", - "11.2.2.e" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "**IAM Access Analyzer** presence and status are evaluated per account and Region. An analyzer in `ACTIVE` state indicates continuous analysis of supported resources and IAM activity to identify external, internal, and unused access.", - "title": "IAM Access Analyzer is enabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices" - ], - "uid": "prowler-aws-accessanalyzer_enabled-211203495394-ap-southeast-2-analyzer/unknown" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-southeast-2", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:accessanalyzer:ap-southeast-2:211203495394:analyzer/unknown", - "name": "analyzer/unknown", - "status": "NOT_AVAILABLE", - "findings": [], - "tags": [], - "type": "", - "region": "ap-southeast-2" - } - }, - "group": { - "name": "accessanalyzer" - }, - "labels": [], - "name": "analyzer/unknown", - "type": "Other", - "uid": "arn:aws:accessanalyzer:ap-southeast-2:211203495394:analyzer/unknown" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-southeast-2" - }, - "remediation": { - "desc": "Enable **IAM Access Analyzer** across all accounts and active Regions (*or organization-wide*). Operate on least privilege: continuously review findings, remove unintended access, and trim unused permissions. Use archive rules sparingly, integrate reviews into change/CI/CD workflows, and enforce separation of duties on policy changes.", - "references": [ - "https://hub.prowler.com/check/accessanalyzer_enabled" - ] - }, - "risk_details": "Without an active analyzer, visibility into unintended public, cross-account, or risky internal access is lost. Adversaries can exploit exposed S3, snapshots, KMS keys, or permissive role trusts for data exfiltration and escalation. Unused permissions persist, enlarging the attack surface. This degrades confidentiality and integrity.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "IAM Access Analyzer in account 211203495394 is not enabled.", - "metadata": { - "event_code": "accessanalyzer_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "IAM Access Analyzer in account 211203495394 is not enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "identity-access", - "trust-boundaries" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-manage-external.html", - "https://aws.amazon.com/iam/access-analyzer/", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/API_CreateAnalyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-external.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/Welcome.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-internal.html" - ], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-01.04B", - "IAM-06.01AC", - "IAM-10.01B", - "IAM-10.02B", - "INQ-04.01AC", - "PSS-08.03B", - "PSS-09.01AC" - ], - "CIS-3.0": [ - "1.20" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.20" - ], - "CIS-5.0": [ - "1.19" - ], - "CIS-1.4": [ - "1.20" - ], - "CCC": [ - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN05.AR04" - ], - "ProwlerThreatScore-1.0": [ - "1.2.6" - ], - "CIS-1.5": [ - "1.20" - ], - "ISO27001-2022": [ - "A.8.3" - ], - "AWS-Account-Security-Onboarding": [ - "Enabled security services", - "Create analyzers in each active regions", - "Verify that events are present in SecurityHub aggregated view" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-2.0": [ - "1.20" - ], - "NIS2": [ - "3.2.3.e", - "11.1.1", - "11.2.1", - "11.2.2.e" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "**IAM Access Analyzer** presence and status are evaluated per account and Region. An analyzer in `ACTIVE` state indicates continuous analysis of supported resources and IAM activity to identify external, internal, and unused access.", - "title": "IAM Access Analyzer is enabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices" - ], - "uid": "prowler-aws-accessanalyzer_enabled-211203495394-ca-central-1-analyzer/unknown" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ca-central-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:accessanalyzer:ca-central-1:211203495394:analyzer/unknown", - "name": "analyzer/unknown", - "status": "NOT_AVAILABLE", - "findings": [], - "tags": [], - "type": "", - "region": "ca-central-1" - } - }, - "group": { - "name": "accessanalyzer" - }, - "labels": [], - "name": "analyzer/unknown", - "type": "Other", - "uid": "arn:aws:accessanalyzer:ca-central-1:211203495394:analyzer/unknown" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ca-central-1" - }, - "remediation": { - "desc": "Enable **IAM Access Analyzer** across all accounts and active Regions (*or organization-wide*). Operate on least privilege: continuously review findings, remove unintended access, and trim unused permissions. Use archive rules sparingly, integrate reviews into change/CI/CD workflows, and enforce separation of duties on policy changes.", - "references": [ - "https://hub.prowler.com/check/accessanalyzer_enabled" - ] - }, - "risk_details": "Without an active analyzer, visibility into unintended public, cross-account, or risky internal access is lost. Adversaries can exploit exposed S3, snapshots, KMS keys, or permissive role trusts for data exfiltration and escalation. Unused permissions persist, enlarging the attack surface. This degrades confidentiality and integrity.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "IAM Access Analyzer in account 211203495394 is not enabled.", - "metadata": { - "event_code": "accessanalyzer_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "IAM Access Analyzer in account 211203495394 is not enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "identity-access", - "trust-boundaries" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-manage-external.html", - "https://aws.amazon.com/iam/access-analyzer/", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/API_CreateAnalyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-external.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/Welcome.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-internal.html" - ], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-01.04B", - "IAM-06.01AC", - "IAM-10.01B", - "IAM-10.02B", - "INQ-04.01AC", - "PSS-08.03B", - "PSS-09.01AC" - ], - "CIS-3.0": [ - "1.20" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.20" - ], - "CIS-5.0": [ - "1.19" - ], - "CIS-1.4": [ - "1.20" - ], - "CCC": [ - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN05.AR04" - ], - "ProwlerThreatScore-1.0": [ - "1.2.6" - ], - "CIS-1.5": [ - "1.20" - ], - "ISO27001-2022": [ - "A.8.3" - ], - "AWS-Account-Security-Onboarding": [ - "Enabled security services", - "Create analyzers in each active regions", - "Verify that events are present in SecurityHub aggregated view" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-2.0": [ - "1.20" - ], - "NIS2": [ - "3.2.3.e", - "11.1.1", - "11.2.1", - "11.2.2.e" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "**IAM Access Analyzer** presence and status are evaluated per account and Region. An analyzer in `ACTIVE` state indicates continuous analysis of supported resources and IAM activity to identify external, internal, and unused access.", - "title": "IAM Access Analyzer is enabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices" - ], - "uid": "prowler-aws-accessanalyzer_enabled-211203495394-eu-central-1-analyzer/unknown" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-central-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:accessanalyzer:eu-central-1:211203495394:analyzer/unknown", - "name": "analyzer/unknown", - "status": "NOT_AVAILABLE", - "findings": [], - "tags": [], - "type": "", - "region": "eu-central-1" - } - }, - "group": { - "name": "accessanalyzer" - }, - "labels": [], - "name": "analyzer/unknown", - "type": "Other", - "uid": "arn:aws:accessanalyzer:eu-central-1:211203495394:analyzer/unknown" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-central-1" - }, - "remediation": { - "desc": "Enable **IAM Access Analyzer** across all accounts and active Regions (*or organization-wide*). Operate on least privilege: continuously review findings, remove unintended access, and trim unused permissions. Use archive rules sparingly, integrate reviews into change/CI/CD workflows, and enforce separation of duties on policy changes.", - "references": [ - "https://hub.prowler.com/check/accessanalyzer_enabled" - ] - }, - "risk_details": "Without an active analyzer, visibility into unintended public, cross-account, or risky internal access is lost. Adversaries can exploit exposed S3, snapshots, KMS keys, or permissive role trusts for data exfiltration and escalation. Unused permissions persist, enlarging the attack surface. This degrades confidentiality and integrity.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "IAM Access Analyzer in account 211203495394 is not enabled.", - "metadata": { - "event_code": "accessanalyzer_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "IAM Access Analyzer in account 211203495394 is not enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "identity-access", - "trust-boundaries" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-manage-external.html", - "https://aws.amazon.com/iam/access-analyzer/", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/API_CreateAnalyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-external.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/Welcome.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-internal.html" - ], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-01.04B", - "IAM-06.01AC", - "IAM-10.01B", - "IAM-10.02B", - "INQ-04.01AC", - "PSS-08.03B", - "PSS-09.01AC" - ], - "CIS-3.0": [ - "1.20" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.20" - ], - "CIS-5.0": [ - "1.19" - ], - "CIS-1.4": [ - "1.20" - ], - "CCC": [ - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN05.AR04" - ], - "ProwlerThreatScore-1.0": [ - "1.2.6" - ], - "CIS-1.5": [ - "1.20" - ], - "ISO27001-2022": [ - "A.8.3" - ], - "AWS-Account-Security-Onboarding": [ - "Enabled security services", - "Create analyzers in each active regions", - "Verify that events are present in SecurityHub aggregated view" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-2.0": [ - "1.20" - ], - "NIS2": [ - "3.2.3.e", - "11.1.1", - "11.2.1", - "11.2.2.e" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "**IAM Access Analyzer** presence and status are evaluated per account and Region. An analyzer in `ACTIVE` state indicates continuous analysis of supported resources and IAM activity to identify external, internal, and unused access.", - "title": "IAM Access Analyzer is enabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices" - ], - "uid": "prowler-aws-accessanalyzer_enabled-211203495394-eu-north-1-analyzer/unknown" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-north-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:accessanalyzer:eu-north-1:211203495394:analyzer/unknown", - "name": "analyzer/unknown", - "status": "NOT_AVAILABLE", - "findings": [], - "tags": [], - "type": "", - "region": "eu-north-1" - } - }, - "group": { - "name": "accessanalyzer" - }, - "labels": [], - "name": "analyzer/unknown", - "type": "Other", - "uid": "arn:aws:accessanalyzer:eu-north-1:211203495394:analyzer/unknown" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-north-1" - }, - "remediation": { - "desc": "Enable **IAM Access Analyzer** across all accounts and active Regions (*or organization-wide*). Operate on least privilege: continuously review findings, remove unintended access, and trim unused permissions. Use archive rules sparingly, integrate reviews into change/CI/CD workflows, and enforce separation of duties on policy changes.", - "references": [ - "https://hub.prowler.com/check/accessanalyzer_enabled" - ] - }, - "risk_details": "Without an active analyzer, visibility into unintended public, cross-account, or risky internal access is lost. Adversaries can exploit exposed S3, snapshots, KMS keys, or permissive role trusts for data exfiltration and escalation. Unused permissions persist, enlarging the attack surface. This degrades confidentiality and integrity.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "IAM Access Analyzer in account 211203495394 is not enabled.", - "metadata": { - "event_code": "accessanalyzer_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "IAM Access Analyzer in account 211203495394 is not enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "identity-access", - "trust-boundaries" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-manage-external.html", - "https://aws.amazon.com/iam/access-analyzer/", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/API_CreateAnalyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-external.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/Welcome.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-internal.html" - ], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-01.04B", - "IAM-06.01AC", - "IAM-10.01B", - "IAM-10.02B", - "INQ-04.01AC", - "PSS-08.03B", - "PSS-09.01AC" - ], - "CIS-3.0": [ - "1.20" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.20" - ], - "CIS-5.0": [ - "1.19" - ], - "CIS-1.4": [ - "1.20" - ], - "CCC": [ - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN05.AR04" - ], - "ProwlerThreatScore-1.0": [ - "1.2.6" - ], - "CIS-1.5": [ - "1.20" - ], - "ISO27001-2022": [ - "A.8.3" - ], - "AWS-Account-Security-Onboarding": [ - "Enabled security services", - "Create analyzers in each active regions", - "Verify that events are present in SecurityHub aggregated view" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-2.0": [ - "1.20" - ], - "NIS2": [ - "3.2.3.e", - "11.1.1", - "11.2.1", - "11.2.2.e" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "**IAM Access Analyzer** presence and status are evaluated per account and Region. An analyzer in `ACTIVE` state indicates continuous analysis of supported resources and IAM activity to identify external, internal, and unused access.", - "title": "IAM Access Analyzer is enabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices" - ], - "uid": "prowler-aws-accessanalyzer_enabled-211203495394-eu-west-1-analyzer/unknown" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:accessanalyzer:eu-west-1:211203495394:analyzer/unknown", - "name": "analyzer/unknown", - "status": "NOT_AVAILABLE", - "findings": [], - "tags": [], - "type": "", - "region": "eu-west-1" - } - }, - "group": { - "name": "accessanalyzer" - }, - "labels": [], - "name": "analyzer/unknown", - "type": "Other", - "uid": "arn:aws:accessanalyzer:eu-west-1:211203495394:analyzer/unknown" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Enable **IAM Access Analyzer** across all accounts and active Regions (*or organization-wide*). Operate on least privilege: continuously review findings, remove unintended access, and trim unused permissions. Use archive rules sparingly, integrate reviews into change/CI/CD workflows, and enforce separation of duties on policy changes.", - "references": [ - "https://hub.prowler.com/check/accessanalyzer_enabled" - ] - }, - "risk_details": "Without an active analyzer, visibility into unintended public, cross-account, or risky internal access is lost. Adversaries can exploit exposed S3, snapshots, KMS keys, or permissive role trusts for data exfiltration and escalation. Unused permissions persist, enlarging the attack surface. This degrades confidentiality and integrity.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "IAM Access Analyzer in account 211203495394 is not enabled.", - "metadata": { - "event_code": "accessanalyzer_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "IAM Access Analyzer in account 211203495394 is not enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "identity-access", - "trust-boundaries" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-manage-external.html", - "https://aws.amazon.com/iam/access-analyzer/", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/API_CreateAnalyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-external.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/Welcome.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-internal.html" - ], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-01.04B", - "IAM-06.01AC", - "IAM-10.01B", - "IAM-10.02B", - "INQ-04.01AC", - "PSS-08.03B", - "PSS-09.01AC" - ], - "CIS-3.0": [ - "1.20" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.20" - ], - "CIS-5.0": [ - "1.19" - ], - "CIS-1.4": [ - "1.20" - ], - "CCC": [ - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN05.AR04" - ], - "ProwlerThreatScore-1.0": [ - "1.2.6" - ], - "CIS-1.5": [ - "1.20" - ], - "ISO27001-2022": [ - "A.8.3" - ], - "AWS-Account-Security-Onboarding": [ - "Enabled security services", - "Create analyzers in each active regions", - "Verify that events are present in SecurityHub aggregated view" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-2.0": [ - "1.20" - ], - "NIS2": [ - "3.2.3.e", - "11.1.1", - "11.2.1", - "11.2.2.e" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "**IAM Access Analyzer** presence and status are evaluated per account and Region. An analyzer in `ACTIVE` state indicates continuous analysis of supported resources and IAM activity to identify external, internal, and unused access.", - "title": "IAM Access Analyzer is enabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices" - ], - "uid": "prowler-aws-accessanalyzer_enabled-211203495394-eu-west-2-analyzer/unknown" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-2", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:accessanalyzer:eu-west-2:211203495394:analyzer/unknown", - "name": "analyzer/unknown", - "status": "NOT_AVAILABLE", - "findings": [], - "tags": [], - "type": "", - "region": "eu-west-2" - } - }, - "group": { - "name": "accessanalyzer" - }, - "labels": [], - "name": "analyzer/unknown", - "type": "Other", - "uid": "arn:aws:accessanalyzer:eu-west-2:211203495394:analyzer/unknown" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-2" - }, - "remediation": { - "desc": "Enable **IAM Access Analyzer** across all accounts and active Regions (*or organization-wide*). Operate on least privilege: continuously review findings, remove unintended access, and trim unused permissions. Use archive rules sparingly, integrate reviews into change/CI/CD workflows, and enforce separation of duties on policy changes.", - "references": [ - "https://hub.prowler.com/check/accessanalyzer_enabled" - ] - }, - "risk_details": "Without an active analyzer, visibility into unintended public, cross-account, or risky internal access is lost. Adversaries can exploit exposed S3, snapshots, KMS keys, or permissive role trusts for data exfiltration and escalation. Unused permissions persist, enlarging the attack surface. This degrades confidentiality and integrity.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "IAM Access Analyzer in account 211203495394 is not enabled.", - "metadata": { - "event_code": "accessanalyzer_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "IAM Access Analyzer in account 211203495394 is not enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "identity-access", - "trust-boundaries" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-manage-external.html", - "https://aws.amazon.com/iam/access-analyzer/", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/API_CreateAnalyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-external.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/Welcome.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-internal.html" - ], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-01.04B", - "IAM-06.01AC", - "IAM-10.01B", - "IAM-10.02B", - "INQ-04.01AC", - "PSS-08.03B", - "PSS-09.01AC" - ], - "CIS-3.0": [ - "1.20" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.20" - ], - "CIS-5.0": [ - "1.19" - ], - "CIS-1.4": [ - "1.20" - ], - "CCC": [ - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN05.AR04" - ], - "ProwlerThreatScore-1.0": [ - "1.2.6" - ], - "CIS-1.5": [ - "1.20" - ], - "ISO27001-2022": [ - "A.8.3" - ], - "AWS-Account-Security-Onboarding": [ - "Enabled security services", - "Create analyzers in each active regions", - "Verify that events are present in SecurityHub aggregated view" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-2.0": [ - "1.20" - ], - "NIS2": [ - "3.2.3.e", - "11.1.1", - "11.2.1", - "11.2.2.e" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "**IAM Access Analyzer** presence and status are evaluated per account and Region. An analyzer in `ACTIVE` state indicates continuous analysis of supported resources and IAM activity to identify external, internal, and unused access.", - "title": "IAM Access Analyzer is enabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices" - ], - "uid": "prowler-aws-accessanalyzer_enabled-211203495394-eu-west-3-analyzer/unknown" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-3", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:accessanalyzer:eu-west-3:211203495394:analyzer/unknown", - "name": "analyzer/unknown", - "status": "NOT_AVAILABLE", - "findings": [], - "tags": [], - "type": "", - "region": "eu-west-3" - } - }, - "group": { - "name": "accessanalyzer" - }, - "labels": [], - "name": "analyzer/unknown", - "type": "Other", - "uid": "arn:aws:accessanalyzer:eu-west-3:211203495394:analyzer/unknown" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-3" - }, - "remediation": { - "desc": "Enable **IAM Access Analyzer** across all accounts and active Regions (*or organization-wide*). Operate on least privilege: continuously review findings, remove unintended access, and trim unused permissions. Use archive rules sparingly, integrate reviews into change/CI/CD workflows, and enforce separation of duties on policy changes.", - "references": [ - "https://hub.prowler.com/check/accessanalyzer_enabled" - ] - }, - "risk_details": "Without an active analyzer, visibility into unintended public, cross-account, or risky internal access is lost. Adversaries can exploit exposed S3, snapshots, KMS keys, or permissive role trusts for data exfiltration and escalation. Unused permissions persist, enlarging the attack surface. This degrades confidentiality and integrity.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "IAM Access Analyzer in account 211203495394 is not enabled.", - "metadata": { - "event_code": "accessanalyzer_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "IAM Access Analyzer in account 211203495394 is not enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "identity-access", - "trust-boundaries" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-manage-external.html", - "https://aws.amazon.com/iam/access-analyzer/", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/API_CreateAnalyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-external.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/Welcome.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-internal.html" - ], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-01.04B", - "IAM-06.01AC", - "IAM-10.01B", - "IAM-10.02B", - "INQ-04.01AC", - "PSS-08.03B", - "PSS-09.01AC" - ], - "CIS-3.0": [ - "1.20" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.20" - ], - "CIS-5.0": [ - "1.19" - ], - "CIS-1.4": [ - "1.20" - ], - "CCC": [ - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN05.AR04" - ], - "ProwlerThreatScore-1.0": [ - "1.2.6" - ], - "CIS-1.5": [ - "1.20" - ], - "ISO27001-2022": [ - "A.8.3" - ], - "AWS-Account-Security-Onboarding": [ - "Enabled security services", - "Create analyzers in each active regions", - "Verify that events are present in SecurityHub aggregated view" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-2.0": [ - "1.20" - ], - "NIS2": [ - "3.2.3.e", - "11.1.1", - "11.2.1", - "11.2.2.e" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "**IAM Access Analyzer** presence and status are evaluated per account and Region. An analyzer in `ACTIVE` state indicates continuous analysis of supported resources and IAM activity to identify external, internal, and unused access.", - "title": "IAM Access Analyzer is enabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices" - ], - "uid": "prowler-aws-accessanalyzer_enabled-211203495394-sa-east-1-analyzer/unknown" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "sa-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:accessanalyzer:sa-east-1:211203495394:analyzer/unknown", - "name": "analyzer/unknown", - "status": "NOT_AVAILABLE", - "findings": [], - "tags": [], - "type": "", - "region": "sa-east-1" - } - }, - "group": { - "name": "accessanalyzer" - }, - "labels": [], - "name": "analyzer/unknown", - "type": "Other", - "uid": "arn:aws:accessanalyzer:sa-east-1:211203495394:analyzer/unknown" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "sa-east-1" - }, - "remediation": { - "desc": "Enable **IAM Access Analyzer** across all accounts and active Regions (*or organization-wide*). Operate on least privilege: continuously review findings, remove unintended access, and trim unused permissions. Use archive rules sparingly, integrate reviews into change/CI/CD workflows, and enforce separation of duties on policy changes.", - "references": [ - "https://hub.prowler.com/check/accessanalyzer_enabled" - ] - }, - "risk_details": "Without an active analyzer, visibility into unintended public, cross-account, or risky internal access is lost. Adversaries can exploit exposed S3, snapshots, KMS keys, or permissive role trusts for data exfiltration and escalation. Unused permissions persist, enlarging the attack surface. This degrades confidentiality and integrity.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "IAM Access Analyzer in account 211203495394 is not enabled.", - "metadata": { - "event_code": "accessanalyzer_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "IAM Access Analyzer in account 211203495394 is not enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "identity-access", - "trust-boundaries" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-manage-external.html", - "https://aws.amazon.com/iam/access-analyzer/", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/API_CreateAnalyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-external.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/Welcome.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-internal.html" - ], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-01.04B", - "IAM-06.01AC", - "IAM-10.01B", - "IAM-10.02B", - "INQ-04.01AC", - "PSS-08.03B", - "PSS-09.01AC" - ], - "CIS-3.0": [ - "1.20" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.20" - ], - "CIS-5.0": [ - "1.19" - ], - "CIS-1.4": [ - "1.20" - ], - "CCC": [ - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN05.AR04" - ], - "ProwlerThreatScore-1.0": [ - "1.2.6" - ], - "CIS-1.5": [ - "1.20" - ], - "ISO27001-2022": [ - "A.8.3" - ], - "AWS-Account-Security-Onboarding": [ - "Enabled security services", - "Create analyzers in each active regions", - "Verify that events are present in SecurityHub aggregated view" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-2.0": [ - "1.20" - ], - "NIS2": [ - "3.2.3.e", - "11.1.1", - "11.2.1", - "11.2.2.e" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "**IAM Access Analyzer** presence and status are evaluated per account and Region. An analyzer in `ACTIVE` state indicates continuous analysis of supported resources and IAM activity to identify external, internal, and unused access.", - "title": "IAM Access Analyzer is enabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices" - ], - "uid": "prowler-aws-accessanalyzer_enabled-211203495394-us-east-1-analyzer/unknown" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:accessanalyzer:us-east-1:211203495394:analyzer/unknown", - "name": "analyzer/unknown", - "status": "NOT_AVAILABLE", - "findings": [], - "tags": [], - "type": "", - "region": "us-east-1" - } - }, - "group": { - "name": "accessanalyzer" - }, - "labels": [], - "name": "analyzer/unknown", - "type": "Other", - "uid": "arn:aws:accessanalyzer:us-east-1:211203495394:analyzer/unknown" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Enable **IAM Access Analyzer** across all accounts and active Regions (*or organization-wide*). Operate on least privilege: continuously review findings, remove unintended access, and trim unused permissions. Use archive rules sparingly, integrate reviews into change/CI/CD workflows, and enforce separation of duties on policy changes.", - "references": [ - "https://hub.prowler.com/check/accessanalyzer_enabled" - ] - }, - "risk_details": "Without an active analyzer, visibility into unintended public, cross-account, or risky internal access is lost. Adversaries can exploit exposed S3, snapshots, KMS keys, or permissive role trusts for data exfiltration and escalation. Unused permissions persist, enlarging the attack surface. This degrades confidentiality and integrity.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "IAM Access Analyzer in account 211203495394 is not enabled.", - "metadata": { - "event_code": "accessanalyzer_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "IAM Access Analyzer in account 211203495394 is not enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "identity-access", - "trust-boundaries" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-manage-external.html", - "https://aws.amazon.com/iam/access-analyzer/", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/API_CreateAnalyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-external.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/Welcome.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-internal.html" - ], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-01.04B", - "IAM-06.01AC", - "IAM-10.01B", - "IAM-10.02B", - "INQ-04.01AC", - "PSS-08.03B", - "PSS-09.01AC" - ], - "CIS-3.0": [ - "1.20" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.20" - ], - "CIS-5.0": [ - "1.19" - ], - "CIS-1.4": [ - "1.20" - ], - "CCC": [ - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN05.AR04" - ], - "ProwlerThreatScore-1.0": [ - "1.2.6" - ], - "CIS-1.5": [ - "1.20" - ], - "ISO27001-2022": [ - "A.8.3" - ], - "AWS-Account-Security-Onboarding": [ - "Enabled security services", - "Create analyzers in each active regions", - "Verify that events are present in SecurityHub aggregated view" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-2.0": [ - "1.20" - ], - "NIS2": [ - "3.2.3.e", - "11.1.1", - "11.2.1", - "11.2.2.e" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "**IAM Access Analyzer** presence and status are evaluated per account and Region. An analyzer in `ACTIVE` state indicates continuous analysis of supported resources and IAM activity to identify external, internal, and unused access.", - "title": "IAM Access Analyzer is enabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices" - ], - "uid": "prowler-aws-accessanalyzer_enabled-211203495394-us-east-2-analyzer/unknown" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-2", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:accessanalyzer:us-east-2:211203495394:analyzer/unknown", - "name": "analyzer/unknown", - "status": "NOT_AVAILABLE", - "findings": [], - "tags": [], - "type": "", - "region": "us-east-2" - } - }, - "group": { - "name": "accessanalyzer" - }, - "labels": [], - "name": "analyzer/unknown", - "type": "Other", - "uid": "arn:aws:accessanalyzer:us-east-2:211203495394:analyzer/unknown" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-2" - }, - "remediation": { - "desc": "Enable **IAM Access Analyzer** across all accounts and active Regions (*or organization-wide*). Operate on least privilege: continuously review findings, remove unintended access, and trim unused permissions. Use archive rules sparingly, integrate reviews into change/CI/CD workflows, and enforce separation of duties on policy changes.", - "references": [ - "https://hub.prowler.com/check/accessanalyzer_enabled" - ] - }, - "risk_details": "Without an active analyzer, visibility into unintended public, cross-account, or risky internal access is lost. Adversaries can exploit exposed S3, snapshots, KMS keys, or permissive role trusts for data exfiltration and escalation. Unused permissions persist, enlarging the attack surface. This degrades confidentiality and integrity.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "IAM Access Analyzer in account 211203495394 is not enabled.", - "metadata": { - "event_code": "accessanalyzer_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "IAM Access Analyzer in account 211203495394 is not enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "identity-access", - "trust-boundaries" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-manage-external.html", - "https://aws.amazon.com/iam/access-analyzer/", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/API_CreateAnalyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-external.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/Welcome.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-internal.html" - ], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-01.04B", - "IAM-06.01AC", - "IAM-10.01B", - "IAM-10.02B", - "INQ-04.01AC", - "PSS-08.03B", - "PSS-09.01AC" - ], - "CIS-3.0": [ - "1.20" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.20" - ], - "CIS-5.0": [ - "1.19" - ], - "CIS-1.4": [ - "1.20" - ], - "CCC": [ - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN05.AR04" - ], - "ProwlerThreatScore-1.0": [ - "1.2.6" - ], - "CIS-1.5": [ - "1.20" - ], - "ISO27001-2022": [ - "A.8.3" - ], - "AWS-Account-Security-Onboarding": [ - "Enabled security services", - "Create analyzers in each active regions", - "Verify that events are present in SecurityHub aggregated view" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-2.0": [ - "1.20" - ], - "NIS2": [ - "3.2.3.e", - "11.1.1", - "11.2.1", - "11.2.2.e" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "**IAM Access Analyzer** presence and status are evaluated per account and Region. An analyzer in `ACTIVE` state indicates continuous analysis of supported resources and IAM activity to identify external, internal, and unused access.", - "title": "IAM Access Analyzer is enabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices" - ], - "uid": "prowler-aws-accessanalyzer_enabled-211203495394-us-west-1-analyzer/unknown" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:accessanalyzer:us-west-1:211203495394:analyzer/unknown", - "name": "analyzer/unknown", - "status": "NOT_AVAILABLE", - "findings": [], - "tags": [], - "type": "", - "region": "us-west-1" - } - }, - "group": { - "name": "accessanalyzer" - }, - "labels": [], - "name": "analyzer/unknown", - "type": "Other", - "uid": "arn:aws:accessanalyzer:us-west-1:211203495394:analyzer/unknown" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-west-1" - }, - "remediation": { - "desc": "Enable **IAM Access Analyzer** across all accounts and active Regions (*or organization-wide*). Operate on least privilege: continuously review findings, remove unintended access, and trim unused permissions. Use archive rules sparingly, integrate reviews into change/CI/CD workflows, and enforce separation of duties on policy changes.", - "references": [ - "https://hub.prowler.com/check/accessanalyzer_enabled" - ] - }, - "risk_details": "Without an active analyzer, visibility into unintended public, cross-account, or risky internal access is lost. Adversaries can exploit exposed S3, snapshots, KMS keys, or permissive role trusts for data exfiltration and escalation. Unused permissions persist, enlarging the attack surface. This degrades confidentiality and integrity.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "IAM Access Analyzer in account 211203495394 is not enabled.", - "metadata": { - "event_code": "accessanalyzer_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "IAM Access Analyzer in account 211203495394 is not enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "identity-access", - "trust-boundaries" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-manage-external.html", - "https://aws.amazon.com/iam/access-analyzer/", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/API_CreateAnalyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-external.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/Welcome.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-internal.html" - ], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-01.04B", - "IAM-06.01AC", - "IAM-10.01B", - "IAM-10.02B", - "INQ-04.01AC", - "PSS-08.03B", - "PSS-09.01AC" - ], - "CIS-3.0": [ - "1.20" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.20" - ], - "CIS-5.0": [ - "1.19" - ], - "CIS-1.4": [ - "1.20" - ], - "CCC": [ - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN05.AR04" - ], - "ProwlerThreatScore-1.0": [ - "1.2.6" - ], - "CIS-1.5": [ - "1.20" - ], - "ISO27001-2022": [ - "A.8.3" - ], - "AWS-Account-Security-Onboarding": [ - "Enabled security services", - "Create analyzers in each active regions", - "Verify that events are present in SecurityHub aggregated view" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-2.0": [ - "1.20" - ], - "NIS2": [ - "3.2.3.e", - "11.1.1", - "11.2.1", - "11.2.2.e" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "**IAM Access Analyzer** presence and status are evaluated per account and Region. An analyzer in `ACTIVE` state indicates continuous analysis of supported resources and IAM activity to identify external, internal, and unused access.", - "title": "IAM Access Analyzer is enabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices" - ], - "uid": "prowler-aws-accessanalyzer_enabled-211203495394-us-west-2-analyzer/unknown" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-west-2", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:accessanalyzer:us-west-2:211203495394:analyzer/unknown", - "name": "analyzer/unknown", - "status": "NOT_AVAILABLE", - "findings": [], - "tags": [], - "type": "", - "region": "us-west-2" - } - }, - "group": { - "name": "accessanalyzer" - }, - "labels": [], - "name": "analyzer/unknown", - "type": "Other", - "uid": "arn:aws:accessanalyzer:us-west-2:211203495394:analyzer/unknown" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-west-2" - }, - "remediation": { - "desc": "Enable **IAM Access Analyzer** across all accounts and active Regions (*or organization-wide*). Operate on least privilege: continuously review findings, remove unintended access, and trim unused permissions. Use archive rules sparingly, integrate reviews into change/CI/CD workflows, and enforce separation of duties on policy changes.", - "references": [ - "https://hub.prowler.com/check/accessanalyzer_enabled" - ] - }, - "risk_details": "Without an active analyzer, visibility into unintended public, cross-account, or risky internal access is lost. Adversaries can exploit exposed S3, snapshots, KMS keys, or permissive role trusts for data exfiltration and escalation. Unused permissions persist, enlarging the attack surface. This degrades confidentiality and integrity.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Login to the AWS Console. Choose your account name on the top right of the window -> My Account -> Contact Information.", - "metadata": { - "event_code": "account_maintain_current_contact_details", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "MANUAL", - "status_detail": "Login to the AWS Console. Choose your account name on the top right of the window -> My Account -> Contact Information.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://docs.prowler.com/checks/aws/iam-policies/iam_18-maintain-contact-details#aws-console", - "https://repost.aws/knowledge-center/update-phone-number", - "https://support.stax.io/docs/accounts/update-aws-account-contact-details", - "https://maartenbruntink.nl/blog/2022/09/26/aws-account-hygiene-101-mass-updating-alternate-account-contacts/", - "https://docs.aws.amazon.com/security-ir/latest/userguide/update-account-contact-info.html", - "https://docs.aws.amazon.com/accounts/latest/reference/manage-acct-update-contact-primary.html", - "https://repost.aws/knowledge-center/add-update-billing-contact", - "https://aws.amazon.com/blogs/security/update-the-alternate-security-contact-across-your-aws-accounts-for-timely-security-notifications/", - "https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_update_contacts.html", - "https://docs.aws.amazon.com/accounts/latest/reference/manage-acct-update-contact-alternate.html" - ], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-03.01AS", - "IAM-06.06B", - "SSO-05.06B", - "SIM-01.03B", - "INQ-02.01B" - ], - "CIS-3.0": [ - "1.1" - ], - "ENS-RD2022": [ - "op.ext.7.aws.am.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2" - ], - "CIS-4.0.1": [ - "1.1" - ], - "CIS-5.0": [ - "1.1" - ], - "CIS-1.4": [ - "1.1" - ], - "CIS-1.5": [ - "1.1" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC03-BP03", - "SEC10-BP01" - ], - "ISO27001-2022": [ - "A.5.5" - ], - "AWS-Account-Security-Onboarding": [ - "Billing, emergency, security contacts" - ], - "KISA-ISMS-P-2023": [ - "2.10.2" - ], - "CIS-2.0": [ - "1.1" - ], - "NIS2": [ - "2.2.3", - "3.5.3.a", - "5.1.7.b" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "**AWS account contact information** is current for the **primary contact** and the **alternate contacts** for `security`, `billing`, and `operations`, with accurate email addresses and phone numbers.", - "title": "AWS account contact information is current", - "types": [ - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices" - ], - "uid": "prowler-aws-account_maintain_current_contact_details-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "account" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:iam::211203495394:root" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Adopt:\n- **Primary** and **alternate contacts** for `security`, `billing`, `operations`\n- Shared, monitored aliases and SMS-capable phone numbers (non-personal)\n- Centralized management across accounts with periodic reviews\n- **Least privilege** for who can modify contact data\n- Regular reachability tests and documented ownership", - "references": [ - "https://hub.prowler.com/check/account_maintain_current_contact_details" - ] - }, - "risk_details": "Outdated or single-person contacts delay **security notifications**, slow **incident response**, and complicate **account recovery**.\n\nAWS may throttle services during abuse mitigation, reducing **availability**. Missed alerts enable ongoing misuse, risking **data exfiltration** and unauthorized changes (**integrity**).", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "SECURITY, BILLING and OPERATIONS contacts not found or they are not different between each other and between ROOT contact.", - "metadata": { - "event_code": "account_maintain_different_contact_details_to_security_billing_and_operations", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "SECURITY, BILLING and OPERATIONS contacts not found or they are not different between each other and between ROOT contact.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "resilience" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/account_alternate_contact", - "https://docs.prowler.com/checks/aws/iam-policies/iam_18-maintain-contact-details#aws-console", - "https://docs.aws.amazon.com/accounts/latest/reference/manage-acct-update-contact-alternate.html", - "https://builder.aws.com/content/2qRw97fe8JFwfk2AbpJ3sYNpNvM/aws-bulk-update-alternate-contacts-across-organization", - "https://github.com/aws-samples/aws-account-alternate-contact-with-terraform", - "https://trendmicro.com/cloudoneconformity/knowledge-base/aws/IAM/account-security-alternate-contacts.html", - "https://repost.aws/articles/ARDFbpt-bvQ8iuErnqVVcCXQ/managing-aws-organization-alternate-contacts-via-csv" - ], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-04.03B", - "IAM-06.06B", - "SSO-05.06B", - "SIM-01.03B", - "INQ-02.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2" - ], - "ISO27001-2022": [ - "A.5.6" - ], - "KISA-ISMS-P-2023": [ - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "**AWS account alternate contacts** are defined for **Security**, **Billing**, and **Operations** with `name`, `email`, and `phone`. The finding evaluates that all three exist, are distinct from one another, and differ from the **primary (root) contact**.", - "title": "AWS account has distinct Security, Billing, and Operations contact details, different from each other and from the root contact", - "types": [ - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-account_maintain_different_contact_details_to_security_billing_and_operations-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "account" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:iam::211203495394:root" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Maintain distinct, monitored **Security**, **Billing**, and **Operations** alternate contacts that differ from the root contact.\n- Use team aliases and 24x7 phones\n- Review and test contact paths regularly\n- Centralize at org level for consistency\n\nApplies **operational resilience** and **separation of duties**.", - "references": [ - "https://hub.prowler.com/check/account_maintain_different_contact_details_to_security_billing_and_operations" - ] - }, - "risk_details": "Missing or shared contacts can delay response to abuse alerts, credential compromise, or billing anomalies, reducing **availability** (possible AWS traffic throttling) and raising **confidentiality** and **integrity** risk through extended exposure. If AWS cannot reach you, urgent mitigation may disrupt service.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Login to the AWS Console. Choose your account name on the top right of the window -> My Account -> Alternate Contacts -> Security Section.", - "metadata": { - "event_code": "account_security_contact_information_is_registered", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "MANUAL", - "status_detail": "Login to the AWS Console. Choose your account name on the top right of the window -> My Account -> Alternate Contacts -> Security Section.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/account_alternate_contact", - "https://docs.prowler.com/checks/aws/iam-policies/iam_19/", - "https://support.icompaas.com/support/solutions/articles/62000234161-1-2-ensure-security-contact-information-is-registered-manual-", - "https://www.plerion.com/cloud-knowledge-base/ensure-security-contact-information-is-registered", - "https://repost.aws/articles/ARDFbpt-bvQ8iuErnqVVcCXQ/managing-aws-organization-alternate-contacts-via-csv" - ], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-06.01B", - "SSO-05.06B", - "SIM-01.03B" - ], - "CIS-3.0": [ - "1.2" - ], - "ENS-RD2022": [ - "op.ext.7.aws.am.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2" - ], - "CIS-4.0.1": [ - "1.2" - ], - "PCI-4.0": [ - "A1.2.3.1" - ], - "CIS-5.0": [ - "1.2" - ], - "CIS-1.4": [ - "1.2" - ], - "AWS-Foundational-Security-Best-Practices": [ - "Account.1" - ], - "CIS-1.5": [ - "1.2" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC03-BP03", - "SEC10-BP01" - ], - "ISO27001-2022": [ - "A.5.5" - ], - "AWS-Account-Security-Onboarding": [ - "Billing, emergency, security contacts" - ], - "KISA-ISMS-P-2023": [ - "2.10.2" - ], - "CIS-2.0": [ - "1.2" - ], - "NIS2": [ - "1.1.1.a", - "1.2.3", - "2.2.1", - "3.1.2.d", - "3.5.3.a", - "5.1.7.b" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Account settings contain a **Security alternate contact** in Alternate Contacts (name, `EmailAddress`, `PhoneNumber`) for targeted AWS security notifications.", - "title": "AWS account has security alternate contact registered", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices" - ], - "uid": "prowler-aws-account_security_contact_information_is_registered-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "account" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:iam::211203495394:root" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Define and maintain a **Security alternate contact**:\n- Use a monitored alias (e.g., `security@domain`) and team phone\n- Apply to every account (prefer Org-wide automation)\n- Review after org/personnel changes and test delivery\n- Document ownership and escalation paths\nAlign with **incident response** and **least privilege** principles.", - "references": [ - "https://hub.prowler.com/check/account_security_contact_information_is_registered" - ] - }, - "risk_details": "Missing or outdated **security contact** can delay or prevent AWS advisories from reaching responders, increasing risk to:\n- Confidentiality: data exfiltration from undetected compromise\n- Integrity: unauthorized changes persist longer\n- Availability: resource abuse (e.g., cryptomining) and outages", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Login to the AWS Console as root. Choose your account name on the top right of the window -> My Account -> Configure Security Challenge Questions.", - "metadata": { - "event_code": "account_security_questions_are_registered_in_the_aws_account", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "MANUAL", - "status_detail": "Login to the AWS Console as root. Choose your account name on the top right of the window -> My Account -> Configure Security Challenge Questions.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://docs.prowler.com/checks/aws/iam-policies/iam_15", - "https://www.trendmicro.com/cloudoneconformity/knowledge-base/aws/IAM/security-challenge-questions.html" - ], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.3" - ], - "ENS-RD2022": [ - "op.ext.7.aws.am.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.3", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.3" - ], - "CIS-1.4": [ - "1.3" - ], - "CIS-1.5": [ - "1.3" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC03-BP03", - "SEC10-BP01" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.3", - "2.10.2" - ], - "CIS-2.0": [ - "1.3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "[DEPRECATED] **AWS account root** configuration may include legacy **security challenge questions** for support identity verification. This evaluates whether those questions are set on the account. *New configuration is discontinued by AWS and remaining support for this feature is time-limited.*", - "title": "[DEPRECATED] AWS root user has security challenge questions configured", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices" - ], - "uid": "prowler-aws-account_security_questions_are_registered_in_the_aws_account-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "account" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:iam::211203495394:root" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Favor stronger recovery instead of KBA:\n- Enforce **MFA for root** and minimize root use\n- Keep **alternate contacts** and root email current and protected\n- Establish a tightly controlled **break-glass role**, applying least privilege and separation of duties\n- Document and test recovery procedures; monitor root activity", - "references": [ - "https://hub.prowler.com/check/account_security_questions_are_registered_in_the_aws_account" - ] - }, - "risk_details": "Absence of these questions can limit support-assisted recovery if root credentials or MFA are lost, reducing **availability** and slowing **incident response**. Reliance on KBA also weakens **confidentiality** due to **social engineering**. Treat this as a recovery gap and adopt stronger, phishing-resistant factors.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No Backup Vault exist.", - "metadata": { - "event_code": "backup_vaults_exist", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "No Backup Vault exist.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "resilience" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://docs.aws.amazon.com/aws-backup/latest/devguide/vaults.html" - ], - "notes": "", - "compliance": { - "C5-2025": [ - "OPS-06.01B", - "OPS-07.01B", - "OPS-08.01B", - "OPS-09.02B", - "CRY-16.02B", - "DEV-11.02B", - "BCM-01.01B", - "BCM-01.02B", - "BCM-02.01B" - ], - "ENS-RD2022": [ - "mp.info.6.aws.bcku.1" - ], - "AWS-Foundational-Technical-Review": [ - "BAR-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.3", - "2.12.1" - ], - "CCC": [ - "CCC.Core.CN08.AR01", - "CCC.Core.CN14.AR02", - "CCC.Core.CN14.AR02" - ], - "ISO27001-2022": [ - "A.8.13" - ], - "KISA-ISMS-P-2023": [ - "2.9.3", - "2.12.1" - ], - "NIS2": [ - "3.6.2", - "4.1.2.f", - "4.1.2.g", - "4.2.2.b", - "4.2.2.e", - "12.1.2.c", - "12.2.2.b" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "**AWS Backup** in the account/region includes at least one **backup vault** that stores and organizes recovery points for use by backup plans and copies.", - "title": "At least one AWS Backup vault exists", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices" - ], - "uid": "prowler-aws-backup_vaults_exist-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "backup" - }, - "labels": [], - "name": "211203495394", - "type": "AwsBackupBackupVault", - "uid": "arn:aws:backup:us-east-1:211203495394:backup-vault" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Create and maintain a **backup vault** in each required region. Enforce **least privilege** access, encrypt with **KMS CMKs**, and enable **Vault Lock** to prevent tampering. Use lifecycle rules and cross-region/cross-account copies, and regularly test restores for **defense in depth**.", - "references": [ - "https://hub.prowler.com/check/backup_vaults_exist" - ] - }, - "risk_details": "Without a vault, recovery points cannot be created or retained in AWS Backup, degrading **availability** and **integrity**. Data may be irrecoverable after deletion, ransomware, or misconfiguration, and RPO/RTO targets may be missed during incidents.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Bedrock Model Invocation Logging is disabled.", - "metadata": { - "event_code": "bedrock_model_invocation_logging_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Bedrock Model Invocation Logging is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html", - "categories": [ - "logging", - "forensics-ready", - "gen-ai" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_a_1_1" - ], - "C5-2025": [ - "AM-01.01AC", - "OPS-11.02AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "SSO-05.01AC", - "PSS-04.05B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.2" - ], - "CCC": [ - "CCC.GenAI.CN01.AR01", - "CCC.GenAI.CN02.AR02", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.MLDE.CN05.AR01" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.2" - ], - "NIS2": [ - "3.2.3.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure that model invocation logging is enabled for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "title": "Ensure that model invocation logging is enabled for Amazon Bedrock.", - "types": [], - "uid": "prowler-aws-bedrock_model_invocation_logging_enabled-211203495394-ap-northeast-1-model-invocation-logging" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-northeast-1", - "data": { - "details": "", - "metadata": { - "enabled": false, - "cloudwatch_log_group": null, - "s3_bucket": null - } - }, - "group": { - "name": "bedrock" - }, - "labels": [], - "name": "model-invocation-logging", - "type": "Other", - "uid": "arn:aws:bedrock:ap-northeast-1:211203495394:model-invocation-logging" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-northeast-1" - }, - "remediation": { - "desc": "Enable model invocation logging for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "references": [ - "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html#model-invocation-logging-console" - ] - }, - "risk_details": "In Amazon Bedrock, model invocation logging enables you to collect the invocation request and response data, along with metadata, for all 'Converse', 'ConverseStream', 'InvokeModel', and 'InvokeModelWithResponseStream' API calls in your AWS account. Each log entry includes important details such as the timestamp, request ID, model ID, and token usage. Invocation logs can be utilized for troubleshooting, performance enhancements, abuse detection, and security auditing. By default, model invocation logging is disabled.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Bedrock Model Invocation Logging is disabled.", - "metadata": { - "event_code": "bedrock_model_invocation_logging_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Bedrock Model Invocation Logging is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html", - "categories": [ - "logging", - "forensics-ready", - "gen-ai" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_a_1_1" - ], - "C5-2025": [ - "AM-01.01AC", - "OPS-11.02AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "SSO-05.01AC", - "PSS-04.05B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.2" - ], - "CCC": [ - "CCC.GenAI.CN01.AR01", - "CCC.GenAI.CN02.AR02", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.MLDE.CN05.AR01" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.2" - ], - "NIS2": [ - "3.2.3.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure that model invocation logging is enabled for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "title": "Ensure that model invocation logging is enabled for Amazon Bedrock.", - "types": [], - "uid": "prowler-aws-bedrock_model_invocation_logging_enabled-211203495394-ap-northeast-2-model-invocation-logging" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-northeast-2", - "data": { - "details": "", - "metadata": { - "enabled": false, - "cloudwatch_log_group": null, - "s3_bucket": null - } - }, - "group": { - "name": "bedrock" - }, - "labels": [], - "name": "model-invocation-logging", - "type": "Other", - "uid": "arn:aws:bedrock:ap-northeast-2:211203495394:model-invocation-logging" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-northeast-2" - }, - "remediation": { - "desc": "Enable model invocation logging for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "references": [ - "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html#model-invocation-logging-console" - ] - }, - "risk_details": "In Amazon Bedrock, model invocation logging enables you to collect the invocation request and response data, along with metadata, for all 'Converse', 'ConverseStream', 'InvokeModel', and 'InvokeModelWithResponseStream' API calls in your AWS account. Each log entry includes important details such as the timestamp, request ID, model ID, and token usage. Invocation logs can be utilized for troubleshooting, performance enhancements, abuse detection, and security auditing. By default, model invocation logging is disabled.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Bedrock Model Invocation Logging is disabled.", - "metadata": { - "event_code": "bedrock_model_invocation_logging_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Bedrock Model Invocation Logging is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html", - "categories": [ - "logging", - "forensics-ready", - "gen-ai" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_a_1_1" - ], - "C5-2025": [ - "AM-01.01AC", - "OPS-11.02AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "SSO-05.01AC", - "PSS-04.05B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.2" - ], - "CCC": [ - "CCC.GenAI.CN01.AR01", - "CCC.GenAI.CN02.AR02", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.MLDE.CN05.AR01" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.2" - ], - "NIS2": [ - "3.2.3.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure that model invocation logging is enabled for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "title": "Ensure that model invocation logging is enabled for Amazon Bedrock.", - "types": [], - "uid": "prowler-aws-bedrock_model_invocation_logging_enabled-211203495394-ap-northeast-3-model-invocation-logging" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-northeast-3", - "data": { - "details": "", - "metadata": { - "enabled": false, - "cloudwatch_log_group": null, - "s3_bucket": null - } - }, - "group": { - "name": "bedrock" - }, - "labels": [], - "name": "model-invocation-logging", - "type": "Other", - "uid": "arn:aws:bedrock:ap-northeast-3:211203495394:model-invocation-logging" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-northeast-3" - }, - "remediation": { - "desc": "Enable model invocation logging for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "references": [ - "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html#model-invocation-logging-console" - ] - }, - "risk_details": "In Amazon Bedrock, model invocation logging enables you to collect the invocation request and response data, along with metadata, for all 'Converse', 'ConverseStream', 'InvokeModel', and 'InvokeModelWithResponseStream' API calls in your AWS account. Each log entry includes important details such as the timestamp, request ID, model ID, and token usage. Invocation logs can be utilized for troubleshooting, performance enhancements, abuse detection, and security auditing. By default, model invocation logging is disabled.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Bedrock Model Invocation Logging is disabled.", - "metadata": { - "event_code": "bedrock_model_invocation_logging_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Bedrock Model Invocation Logging is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html", - "categories": [ - "logging", - "forensics-ready", - "gen-ai" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_a_1_1" - ], - "C5-2025": [ - "AM-01.01AC", - "OPS-11.02AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "SSO-05.01AC", - "PSS-04.05B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.2" - ], - "CCC": [ - "CCC.GenAI.CN01.AR01", - "CCC.GenAI.CN02.AR02", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.MLDE.CN05.AR01" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.2" - ], - "NIS2": [ - "3.2.3.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure that model invocation logging is enabled for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "title": "Ensure that model invocation logging is enabled for Amazon Bedrock.", - "types": [], - "uid": "prowler-aws-bedrock_model_invocation_logging_enabled-211203495394-ap-south-1-model-invocation-logging" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-south-1", - "data": { - "details": "", - "metadata": { - "enabled": false, - "cloudwatch_log_group": null, - "s3_bucket": null - } - }, - "group": { - "name": "bedrock" - }, - "labels": [], - "name": "model-invocation-logging", - "type": "Other", - "uid": "arn:aws:bedrock:ap-south-1:211203495394:model-invocation-logging" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-south-1" - }, - "remediation": { - "desc": "Enable model invocation logging for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "references": [ - "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html#model-invocation-logging-console" - ] - }, - "risk_details": "In Amazon Bedrock, model invocation logging enables you to collect the invocation request and response data, along with metadata, for all 'Converse', 'ConverseStream', 'InvokeModel', and 'InvokeModelWithResponseStream' API calls in your AWS account. Each log entry includes important details such as the timestamp, request ID, model ID, and token usage. Invocation logs can be utilized for troubleshooting, performance enhancements, abuse detection, and security auditing. By default, model invocation logging is disabled.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Bedrock Model Invocation Logging is disabled.", - "metadata": { - "event_code": "bedrock_model_invocation_logging_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Bedrock Model Invocation Logging is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html", - "categories": [ - "logging", - "forensics-ready", - "gen-ai" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_a_1_1" - ], - "C5-2025": [ - "AM-01.01AC", - "OPS-11.02AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "SSO-05.01AC", - "PSS-04.05B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.2" - ], - "CCC": [ - "CCC.GenAI.CN01.AR01", - "CCC.GenAI.CN02.AR02", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.MLDE.CN05.AR01" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.2" - ], - "NIS2": [ - "3.2.3.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure that model invocation logging is enabled for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "title": "Ensure that model invocation logging is enabled for Amazon Bedrock.", - "types": [], - "uid": "prowler-aws-bedrock_model_invocation_logging_enabled-211203495394-ap-southeast-1-model-invocation-logging" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-southeast-1", - "data": { - "details": "", - "metadata": { - "enabled": false, - "cloudwatch_log_group": null, - "s3_bucket": null - } - }, - "group": { - "name": "bedrock" - }, - "labels": [], - "name": "model-invocation-logging", - "type": "Other", - "uid": "arn:aws:bedrock:ap-southeast-1:211203495394:model-invocation-logging" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-southeast-1" - }, - "remediation": { - "desc": "Enable model invocation logging for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "references": [ - "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html#model-invocation-logging-console" - ] - }, - "risk_details": "In Amazon Bedrock, model invocation logging enables you to collect the invocation request and response data, along with metadata, for all 'Converse', 'ConverseStream', 'InvokeModel', and 'InvokeModelWithResponseStream' API calls in your AWS account. Each log entry includes important details such as the timestamp, request ID, model ID, and token usage. Invocation logs can be utilized for troubleshooting, performance enhancements, abuse detection, and security auditing. By default, model invocation logging is disabled.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Bedrock Model Invocation Logging is disabled.", - "metadata": { - "event_code": "bedrock_model_invocation_logging_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Bedrock Model Invocation Logging is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html", - "categories": [ - "logging", - "forensics-ready", - "gen-ai" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_a_1_1" - ], - "C5-2025": [ - "AM-01.01AC", - "OPS-11.02AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "SSO-05.01AC", - "PSS-04.05B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.2" - ], - "CCC": [ - "CCC.GenAI.CN01.AR01", - "CCC.GenAI.CN02.AR02", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.MLDE.CN05.AR01" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.2" - ], - "NIS2": [ - "3.2.3.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure that model invocation logging is enabled for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "title": "Ensure that model invocation logging is enabled for Amazon Bedrock.", - "types": [], - "uid": "prowler-aws-bedrock_model_invocation_logging_enabled-211203495394-ap-southeast-2-model-invocation-logging" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-southeast-2", - "data": { - "details": "", - "metadata": { - "enabled": false, - "cloudwatch_log_group": null, - "s3_bucket": null - } - }, - "group": { - "name": "bedrock" - }, - "labels": [], - "name": "model-invocation-logging", - "type": "Other", - "uid": "arn:aws:bedrock:ap-southeast-2:211203495394:model-invocation-logging" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-southeast-2" - }, - "remediation": { - "desc": "Enable model invocation logging for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "references": [ - "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html#model-invocation-logging-console" - ] - }, - "risk_details": "In Amazon Bedrock, model invocation logging enables you to collect the invocation request and response data, along with metadata, for all 'Converse', 'ConverseStream', 'InvokeModel', and 'InvokeModelWithResponseStream' API calls in your AWS account. Each log entry includes important details such as the timestamp, request ID, model ID, and token usage. Invocation logs can be utilized for troubleshooting, performance enhancements, abuse detection, and security auditing. By default, model invocation logging is disabled.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Bedrock Model Invocation Logging is disabled.", - "metadata": { - "event_code": "bedrock_model_invocation_logging_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Bedrock Model Invocation Logging is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html", - "categories": [ - "logging", - "forensics-ready", - "gen-ai" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_a_1_1" - ], - "C5-2025": [ - "AM-01.01AC", - "OPS-11.02AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "SSO-05.01AC", - "PSS-04.05B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.2" - ], - "CCC": [ - "CCC.GenAI.CN01.AR01", - "CCC.GenAI.CN02.AR02", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.MLDE.CN05.AR01" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.2" - ], - "NIS2": [ - "3.2.3.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure that model invocation logging is enabled for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "title": "Ensure that model invocation logging is enabled for Amazon Bedrock.", - "types": [], - "uid": "prowler-aws-bedrock_model_invocation_logging_enabled-211203495394-ca-central-1-model-invocation-logging" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ca-central-1", - "data": { - "details": "", - "metadata": { - "enabled": false, - "cloudwatch_log_group": null, - "s3_bucket": null - } - }, - "group": { - "name": "bedrock" - }, - "labels": [], - "name": "model-invocation-logging", - "type": "Other", - "uid": "arn:aws:bedrock:ca-central-1:211203495394:model-invocation-logging" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ca-central-1" - }, - "remediation": { - "desc": "Enable model invocation logging for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "references": [ - "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html#model-invocation-logging-console" - ] - }, - "risk_details": "In Amazon Bedrock, model invocation logging enables you to collect the invocation request and response data, along with metadata, for all 'Converse', 'ConverseStream', 'InvokeModel', and 'InvokeModelWithResponseStream' API calls in your AWS account. Each log entry includes important details such as the timestamp, request ID, model ID, and token usage. Invocation logs can be utilized for troubleshooting, performance enhancements, abuse detection, and security auditing. By default, model invocation logging is disabled.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Bedrock Model Invocation Logging is disabled.", - "metadata": { - "event_code": "bedrock_model_invocation_logging_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Bedrock Model Invocation Logging is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html", - "categories": [ - "logging", - "forensics-ready", - "gen-ai" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_a_1_1" - ], - "C5-2025": [ - "AM-01.01AC", - "OPS-11.02AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "SSO-05.01AC", - "PSS-04.05B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.2" - ], - "CCC": [ - "CCC.GenAI.CN01.AR01", - "CCC.GenAI.CN02.AR02", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.MLDE.CN05.AR01" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.2" - ], - "NIS2": [ - "3.2.3.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure that model invocation logging is enabled for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "title": "Ensure that model invocation logging is enabled for Amazon Bedrock.", - "types": [], - "uid": "prowler-aws-bedrock_model_invocation_logging_enabled-211203495394-eu-central-1-model-invocation-logging" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-central-1", - "data": { - "details": "", - "metadata": { - "enabled": false, - "cloudwatch_log_group": null, - "s3_bucket": null - } - }, - "group": { - "name": "bedrock" - }, - "labels": [], - "name": "model-invocation-logging", - "type": "Other", - "uid": "arn:aws:bedrock:eu-central-1:211203495394:model-invocation-logging" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-central-1" - }, - "remediation": { - "desc": "Enable model invocation logging for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "references": [ - "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html#model-invocation-logging-console" - ] - }, - "risk_details": "In Amazon Bedrock, model invocation logging enables you to collect the invocation request and response data, along with metadata, for all 'Converse', 'ConverseStream', 'InvokeModel', and 'InvokeModelWithResponseStream' API calls in your AWS account. Each log entry includes important details such as the timestamp, request ID, model ID, and token usage. Invocation logs can be utilized for troubleshooting, performance enhancements, abuse detection, and security auditing. By default, model invocation logging is disabled.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Bedrock Model Invocation Logging is disabled.", - "metadata": { - "event_code": "bedrock_model_invocation_logging_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Bedrock Model Invocation Logging is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html", - "categories": [ - "logging", - "forensics-ready", - "gen-ai" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_a_1_1" - ], - "C5-2025": [ - "AM-01.01AC", - "OPS-11.02AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "SSO-05.01AC", - "PSS-04.05B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.2" - ], - "CCC": [ - "CCC.GenAI.CN01.AR01", - "CCC.GenAI.CN02.AR02", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.MLDE.CN05.AR01" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.2" - ], - "NIS2": [ - "3.2.3.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure that model invocation logging is enabled for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "title": "Ensure that model invocation logging is enabled for Amazon Bedrock.", - "types": [], - "uid": "prowler-aws-bedrock_model_invocation_logging_enabled-211203495394-eu-north-1-model-invocation-logging" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-north-1", - "data": { - "details": "", - "metadata": { - "enabled": false, - "cloudwatch_log_group": null, - "s3_bucket": null - } - }, - "group": { - "name": "bedrock" - }, - "labels": [], - "name": "model-invocation-logging", - "type": "Other", - "uid": "arn:aws:bedrock:eu-north-1:211203495394:model-invocation-logging" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-north-1" - }, - "remediation": { - "desc": "Enable model invocation logging for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "references": [ - "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html#model-invocation-logging-console" - ] - }, - "risk_details": "In Amazon Bedrock, model invocation logging enables you to collect the invocation request and response data, along with metadata, for all 'Converse', 'ConverseStream', 'InvokeModel', and 'InvokeModelWithResponseStream' API calls in your AWS account. Each log entry includes important details such as the timestamp, request ID, model ID, and token usage. Invocation logs can be utilized for troubleshooting, performance enhancements, abuse detection, and security auditing. By default, model invocation logging is disabled.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Bedrock Model Invocation Logging is disabled.", - "metadata": { - "event_code": "bedrock_model_invocation_logging_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Bedrock Model Invocation Logging is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html", - "categories": [ - "logging", - "forensics-ready", - "gen-ai" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_a_1_1" - ], - "C5-2025": [ - "AM-01.01AC", - "OPS-11.02AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "SSO-05.01AC", - "PSS-04.05B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.2" - ], - "CCC": [ - "CCC.GenAI.CN01.AR01", - "CCC.GenAI.CN02.AR02", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.MLDE.CN05.AR01" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.2" - ], - "NIS2": [ - "3.2.3.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure that model invocation logging is enabled for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "title": "Ensure that model invocation logging is enabled for Amazon Bedrock.", - "types": [], - "uid": "prowler-aws-bedrock_model_invocation_logging_enabled-211203495394-eu-west-1-model-invocation-logging" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "enabled": false, - "cloudwatch_log_group": null, - "s3_bucket": null - } - }, - "group": { - "name": "bedrock" - }, - "labels": [], - "name": "model-invocation-logging", - "type": "Other", - "uid": "arn:aws:bedrock:eu-west-1:211203495394:model-invocation-logging" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Enable model invocation logging for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "references": [ - "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html#model-invocation-logging-console" - ] - }, - "risk_details": "In Amazon Bedrock, model invocation logging enables you to collect the invocation request and response data, along with metadata, for all 'Converse', 'ConverseStream', 'InvokeModel', and 'InvokeModelWithResponseStream' API calls in your AWS account. Each log entry includes important details such as the timestamp, request ID, model ID, and token usage. Invocation logs can be utilized for troubleshooting, performance enhancements, abuse detection, and security auditing. By default, model invocation logging is disabled.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Bedrock Model Invocation Logging is disabled.", - "metadata": { - "event_code": "bedrock_model_invocation_logging_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Bedrock Model Invocation Logging is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html", - "categories": [ - "logging", - "forensics-ready", - "gen-ai" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_a_1_1" - ], - "C5-2025": [ - "AM-01.01AC", - "OPS-11.02AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "SSO-05.01AC", - "PSS-04.05B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.2" - ], - "CCC": [ - "CCC.GenAI.CN01.AR01", - "CCC.GenAI.CN02.AR02", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.MLDE.CN05.AR01" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.2" - ], - "NIS2": [ - "3.2.3.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure that model invocation logging is enabled for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "title": "Ensure that model invocation logging is enabled for Amazon Bedrock.", - "types": [], - "uid": "prowler-aws-bedrock_model_invocation_logging_enabled-211203495394-eu-west-2-model-invocation-logging" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-2", - "data": { - "details": "", - "metadata": { - "enabled": false, - "cloudwatch_log_group": null, - "s3_bucket": null - } - }, - "group": { - "name": "bedrock" - }, - "labels": [], - "name": "model-invocation-logging", - "type": "Other", - "uid": "arn:aws:bedrock:eu-west-2:211203495394:model-invocation-logging" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-2" - }, - "remediation": { - "desc": "Enable model invocation logging for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "references": [ - "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html#model-invocation-logging-console" - ] - }, - "risk_details": "In Amazon Bedrock, model invocation logging enables you to collect the invocation request and response data, along with metadata, for all 'Converse', 'ConverseStream', 'InvokeModel', and 'InvokeModelWithResponseStream' API calls in your AWS account. Each log entry includes important details such as the timestamp, request ID, model ID, and token usage. Invocation logs can be utilized for troubleshooting, performance enhancements, abuse detection, and security auditing. By default, model invocation logging is disabled.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Bedrock Model Invocation Logging is disabled.", - "metadata": { - "event_code": "bedrock_model_invocation_logging_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Bedrock Model Invocation Logging is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html", - "categories": [ - "logging", - "forensics-ready", - "gen-ai" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_a_1_1" - ], - "C5-2025": [ - "AM-01.01AC", - "OPS-11.02AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "SSO-05.01AC", - "PSS-04.05B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.2" - ], - "CCC": [ - "CCC.GenAI.CN01.AR01", - "CCC.GenAI.CN02.AR02", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.MLDE.CN05.AR01" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.2" - ], - "NIS2": [ - "3.2.3.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure that model invocation logging is enabled for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "title": "Ensure that model invocation logging is enabled for Amazon Bedrock.", - "types": [], - "uid": "prowler-aws-bedrock_model_invocation_logging_enabled-211203495394-eu-west-3-model-invocation-logging" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-3", - "data": { - "details": "", - "metadata": { - "enabled": false, - "cloudwatch_log_group": null, - "s3_bucket": null - } - }, - "group": { - "name": "bedrock" - }, - "labels": [], - "name": "model-invocation-logging", - "type": "Other", - "uid": "arn:aws:bedrock:eu-west-3:211203495394:model-invocation-logging" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-3" - }, - "remediation": { - "desc": "Enable model invocation logging for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "references": [ - "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html#model-invocation-logging-console" - ] - }, - "risk_details": "In Amazon Bedrock, model invocation logging enables you to collect the invocation request and response data, along with metadata, for all 'Converse', 'ConverseStream', 'InvokeModel', and 'InvokeModelWithResponseStream' API calls in your AWS account. Each log entry includes important details such as the timestamp, request ID, model ID, and token usage. Invocation logs can be utilized for troubleshooting, performance enhancements, abuse detection, and security auditing. By default, model invocation logging is disabled.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Bedrock Model Invocation Logging is disabled.", - "metadata": { - "event_code": "bedrock_model_invocation_logging_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Bedrock Model Invocation Logging is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html", - "categories": [ - "logging", - "forensics-ready", - "gen-ai" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_a_1_1" - ], - "C5-2025": [ - "AM-01.01AC", - "OPS-11.02AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "SSO-05.01AC", - "PSS-04.05B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.2" - ], - "CCC": [ - "CCC.GenAI.CN01.AR01", - "CCC.GenAI.CN02.AR02", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.MLDE.CN05.AR01" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.2" - ], - "NIS2": [ - "3.2.3.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure that model invocation logging is enabled for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "title": "Ensure that model invocation logging is enabled for Amazon Bedrock.", - "types": [], - "uid": "prowler-aws-bedrock_model_invocation_logging_enabled-211203495394-sa-east-1-model-invocation-logging" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "sa-east-1", - "data": { - "details": "", - "metadata": { - "enabled": false, - "cloudwatch_log_group": null, - "s3_bucket": null - } - }, - "group": { - "name": "bedrock" - }, - "labels": [], - "name": "model-invocation-logging", - "type": "Other", - "uid": "arn:aws:bedrock:sa-east-1:211203495394:model-invocation-logging" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "sa-east-1" - }, - "remediation": { - "desc": "Enable model invocation logging for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "references": [ - "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html#model-invocation-logging-console" - ] - }, - "risk_details": "In Amazon Bedrock, model invocation logging enables you to collect the invocation request and response data, along with metadata, for all 'Converse', 'ConverseStream', 'InvokeModel', and 'InvokeModelWithResponseStream' API calls in your AWS account. Each log entry includes important details such as the timestamp, request ID, model ID, and token usage. Invocation logs can be utilized for troubleshooting, performance enhancements, abuse detection, and security auditing. By default, model invocation logging is disabled.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Bedrock Model Invocation Logging is disabled.", - "metadata": { - "event_code": "bedrock_model_invocation_logging_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Bedrock Model Invocation Logging is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html", - "categories": [ - "logging", - "forensics-ready", - "gen-ai" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_a_1_1" - ], - "C5-2025": [ - "AM-01.01AC", - "OPS-11.02AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "SSO-05.01AC", - "PSS-04.05B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.2" - ], - "CCC": [ - "CCC.GenAI.CN01.AR01", - "CCC.GenAI.CN02.AR02", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.MLDE.CN05.AR01" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.2" - ], - "NIS2": [ - "3.2.3.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure that model invocation logging is enabled for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "title": "Ensure that model invocation logging is enabled for Amazon Bedrock.", - "types": [], - "uid": "prowler-aws-bedrock_model_invocation_logging_enabled-211203495394-us-east-1-model-invocation-logging" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "enabled": false, - "cloudwatch_log_group": null, - "s3_bucket": null - } - }, - "group": { - "name": "bedrock" - }, - "labels": [], - "name": "model-invocation-logging", - "type": "Other", - "uid": "arn:aws:bedrock:us-east-1:211203495394:model-invocation-logging" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Enable model invocation logging for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "references": [ - "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html#model-invocation-logging-console" - ] - }, - "risk_details": "In Amazon Bedrock, model invocation logging enables you to collect the invocation request and response data, along with metadata, for all 'Converse', 'ConverseStream', 'InvokeModel', and 'InvokeModelWithResponseStream' API calls in your AWS account. Each log entry includes important details such as the timestamp, request ID, model ID, and token usage. Invocation logs can be utilized for troubleshooting, performance enhancements, abuse detection, and security auditing. By default, model invocation logging is disabled.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Bedrock Model Invocation Logging is disabled.", - "metadata": { - "event_code": "bedrock_model_invocation_logging_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Bedrock Model Invocation Logging is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html", - "categories": [ - "logging", - "forensics-ready", - "gen-ai" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_a_1_1" - ], - "C5-2025": [ - "AM-01.01AC", - "OPS-11.02AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "SSO-05.01AC", - "PSS-04.05B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.2" - ], - "CCC": [ - "CCC.GenAI.CN01.AR01", - "CCC.GenAI.CN02.AR02", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.MLDE.CN05.AR01" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.2" - ], - "NIS2": [ - "3.2.3.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure that model invocation logging is enabled for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "title": "Ensure that model invocation logging is enabled for Amazon Bedrock.", - "types": [], - "uid": "prowler-aws-bedrock_model_invocation_logging_enabled-211203495394-us-east-2-model-invocation-logging" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-2", - "data": { - "details": "", - "metadata": { - "enabled": false, - "cloudwatch_log_group": null, - "s3_bucket": null - } - }, - "group": { - "name": "bedrock" - }, - "labels": [], - "name": "model-invocation-logging", - "type": "Other", - "uid": "arn:aws:bedrock:us-east-2:211203495394:model-invocation-logging" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-2" - }, - "remediation": { - "desc": "Enable model invocation logging for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "references": [ - "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html#model-invocation-logging-console" - ] - }, - "risk_details": "In Amazon Bedrock, model invocation logging enables you to collect the invocation request and response data, along with metadata, for all 'Converse', 'ConverseStream', 'InvokeModel', and 'InvokeModelWithResponseStream' API calls in your AWS account. Each log entry includes important details such as the timestamp, request ID, model ID, and token usage. Invocation logs can be utilized for troubleshooting, performance enhancements, abuse detection, and security auditing. By default, model invocation logging is disabled.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Bedrock Model Invocation Logging is disabled.", - "metadata": { - "event_code": "bedrock_model_invocation_logging_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Bedrock Model Invocation Logging is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html", - "categories": [ - "logging", - "forensics-ready", - "gen-ai" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_a_1_1" - ], - "C5-2025": [ - "AM-01.01AC", - "OPS-11.02AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "SSO-05.01AC", - "PSS-04.05B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.2" - ], - "CCC": [ - "CCC.GenAI.CN01.AR01", - "CCC.GenAI.CN02.AR02", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.MLDE.CN05.AR01" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.2" - ], - "NIS2": [ - "3.2.3.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure that model invocation logging is enabled for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "title": "Ensure that model invocation logging is enabled for Amazon Bedrock.", - "types": [], - "uid": "prowler-aws-bedrock_model_invocation_logging_enabled-211203495394-us-west-1-model-invocation-logging" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-west-1", - "data": { - "details": "", - "metadata": { - "enabled": false, - "cloudwatch_log_group": null, - "s3_bucket": null - } - }, - "group": { - "name": "bedrock" - }, - "labels": [], - "name": "model-invocation-logging", - "type": "Other", - "uid": "arn:aws:bedrock:us-west-1:211203495394:model-invocation-logging" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-west-1" - }, - "remediation": { - "desc": "Enable model invocation logging for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "references": [ - "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html#model-invocation-logging-console" - ] - }, - "risk_details": "In Amazon Bedrock, model invocation logging enables you to collect the invocation request and response data, along with metadata, for all 'Converse', 'ConverseStream', 'InvokeModel', and 'InvokeModelWithResponseStream' API calls in your AWS account. Each log entry includes important details such as the timestamp, request ID, model ID, and token usage. Invocation logs can be utilized for troubleshooting, performance enhancements, abuse detection, and security auditing. By default, model invocation logging is disabled.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Bedrock Model Invocation Logging is disabled.", - "metadata": { - "event_code": "bedrock_model_invocation_logging_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Bedrock Model Invocation Logging is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html", - "categories": [ - "logging", - "forensics-ready", - "gen-ai" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_a_1_1" - ], - "C5-2025": [ - "AM-01.01AC", - "OPS-11.02AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "SSO-05.01AC", - "PSS-04.05B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.2" - ], - "CCC": [ - "CCC.GenAI.CN01.AR01", - "CCC.GenAI.CN02.AR02", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.MLDE.CN05.AR01" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.2" - ], - "NIS2": [ - "3.2.3.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure that model invocation logging is enabled for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "title": "Ensure that model invocation logging is enabled for Amazon Bedrock.", - "types": [], - "uid": "prowler-aws-bedrock_model_invocation_logging_enabled-211203495394-us-west-2-model-invocation-logging" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-west-2", - "data": { - "details": "", - "metadata": { - "enabled": false, - "cloudwatch_log_group": null, - "s3_bucket": null - } - }, - "group": { - "name": "bedrock" - }, - "labels": [], - "name": "model-invocation-logging", - "type": "Other", - "uid": "arn:aws:bedrock:us-west-2:211203495394:model-invocation-logging" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-west-2" - }, - "remediation": { - "desc": "Enable model invocation logging for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "references": [ - "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html#model-invocation-logging-console" - ] - }, - "risk_details": "In Amazon Bedrock, model invocation logging enables you to collect the invocation request and response data, along with metadata, for all 'Converse', 'ConverseStream', 'InvokeModel', and 'InvokeModelWithResponseStream' API calls in your AWS account. Each log entry includes important details such as the timestamp, request ID, model ID, and token usage. Invocation logs can be utilized for troubleshooting, performance enhancements, abuse detection, and security auditing. By default, model invocation logging is disabled.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled with logging were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled with logging were found.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_12", - "3_3_1", - "3_3_2", - "3_3_3", - "3_4_1", - "3_6_1", - "3_6_2", - "3_13_1", - "3_13_2", - "3_14_6", - "3_14_7" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_4" - ], - "HIPAA": [ - "164_308_a_1_ii_d", - "164_308_a_3_ii_a", - "164_308_a_6_ii", - "164_312_b", - "164_312_e_2_i" - ], - "SOC2": [ - "cc_2_1", - "cc_7_2", - "cc_a_1_1" - ], - "C5-2025": [ - "OIS-05.01B", - "OIS-05.02B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-15.03B", - "IAM-07.04B", - "DEV-08.02B", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-12.03AC" - ], - "NIST-CSF-1.1": [ - "ae_1", - "ae_3", - "ae_4", - "cm_1", - "cm_3", - "cm_6", - "cm_7", - "am_3", - "ac_6", - "ds_5", - "ma_2", - "pt_1" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-4", - "ac-2-g", - "au-2-a-d", - "au-3", - "au-6-1-3", - "au-12-a-c", - "ca-7-a-b", - "si-4-16", - "si-4-2", - "si-4-4", - "si-4-5" - ], - "CIS-3.0": [ - "3.1" - ], - "NIST-800-53-Revision-5": [ - "ac_2_4", - "ac_3_1", - "ac_3_10", - "ac_4_26", - "ac_6_9", - "au_2_b", - "au_3_1", - "au_3_a", - "au_3_b", - "au_3_c", - "au_3_d", - "au_3_e", - "au_3_f", - "au_6_3", - "au_6_4", - "au_6_6", - "au_6_9", - "au_8_b", - "au_10", - "au_12_a", - "au_12_c", - "au_12_1", - "au_12_2", - "au_12_3", - "au_12_4", - "au_14_a", - "au_14_b", - "au_14_3", - "ca_7_b", - "cm_5_1_b", - "cm_6_a", - "cm_9_b", - "ia_3_3_b", - "ma_4_1_a", - "pm_14_a_1", - "pm_14_b", - "pm_31", - "sc_7_9_b", - "si_1_1_c", - "si_3_8_b", - "si_4_2", - "si_4_17", - "si_4_20", - "si_7_8", - "si_10_1_c" - ], - "ENS-RD2022": [ - "op.acc.6.r5.aws.iam.1", - "op.exp.5.aws.ct.1", - "op.exp.8.aws.ct.1", - "op.exp.8.aws.ct.6", - "op.exp.9.aws.ct.1", - "op.mon.1.aws.ct.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "CIS-4.0.1": [ - "3.1" - ], - "PCI-4.0": [ - "10.2.1.1.22", - "10.2.1.2.19", - "10.2.1.3.19", - "10.2.1.4.19", - "10.2.1.5.19", - "10.2.1.6.19", - "10.2.1.7.19", - "10.2.1.19", - "10.2.2.19", - "10.3.1.19", - "10.6.3.24", - "5.3.4.22", - "A1.2.1.23" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "au-2", - "ca-7" - ], - "FFIEC": [ - "d2-ma-ma-b-1", - "d2-ma-ma-b-2", - "d3-dc-an-b-3", - "d3-dc-an-b-4", - "d3-dc-an-b-5", - "d3-dc-ev-b-1", - "d3-dc-ev-b-3", - "d3-pc-im-b-3", - "d3-pc-im-b-7", - "d5-dr-de-b-3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "3.2", - "3.2.3", - "3.4", - "3.4.d", - "10.1", - "10.2", - "10.2.1", - "10.2.2", - "10.2.3", - "10.2.4", - "10.2.6", - "10.2.7", - "10.3", - "10.3.1", - "10.3.2", - "10.3.3", - "10.3.4", - "10.3.5", - "10.3.6", - "10.5", - "10.5.4" - ], - "CIS-5.0": [ - "3.1" - ], - "CIS-1.4": [ - "3.1" - ], - "GxP-EU-Annex-11": [ - "1-risk-management", - "4.2-validation-documentation-change-control" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Logging.CN05.AR01", - "CCC.Core.CN08.AR01", - "CCC.Core.CN09.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR03" - ], - "GxP-21-CFR-Part-11": [ - "11.10-e", - "11.10-k", - "11.300-d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "CloudTrail.1" - ], - "CIS-1.5": [ - "3.1" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02", - "SEC04-BP03" - ], - "NIST-800-53-Revision-4": [ - "ac_2_4", - "ac_2", - "au_2", - "au_3", - "au_12", - "cm_2" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "CIS-2.0": [ - "3.1" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure CloudTrail is enabled in all regions", - "title": "Ensure CloudTrail is enabled in all regions", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled-211203495394-ap-northeast-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-northeast-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:ap-northeast-1:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-northeast-1" - }, - "remediation": { - "desc": "Ensure Logging is set to ON on all regions (even if they are not being used at the moment.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrailconcepts.html#cloudtrail-concepts-management-events" - ] - }, - "risk_details": "AWS CloudTrail is a web service that records AWS API calls for your account and delivers log files to you. The recorded information includes the identity of the API caller, the time of the API call, the source IP address of the API caller, the request parameters, and the response elements returned by the AWS service.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled with logging were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled with logging were found.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_12", - "3_3_1", - "3_3_2", - "3_3_3", - "3_4_1", - "3_6_1", - "3_6_2", - "3_13_1", - "3_13_2", - "3_14_6", - "3_14_7" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_4" - ], - "HIPAA": [ - "164_308_a_1_ii_d", - "164_308_a_3_ii_a", - "164_308_a_6_ii", - "164_312_b", - "164_312_e_2_i" - ], - "SOC2": [ - "cc_2_1", - "cc_7_2", - "cc_a_1_1" - ], - "C5-2025": [ - "OIS-05.01B", - "OIS-05.02B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-15.03B", - "IAM-07.04B", - "DEV-08.02B", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-12.03AC" - ], - "NIST-CSF-1.1": [ - "ae_1", - "ae_3", - "ae_4", - "cm_1", - "cm_3", - "cm_6", - "cm_7", - "am_3", - "ac_6", - "ds_5", - "ma_2", - "pt_1" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-4", - "ac-2-g", - "au-2-a-d", - "au-3", - "au-6-1-3", - "au-12-a-c", - "ca-7-a-b", - "si-4-16", - "si-4-2", - "si-4-4", - "si-4-5" - ], - "CIS-3.0": [ - "3.1" - ], - "NIST-800-53-Revision-5": [ - "ac_2_4", - "ac_3_1", - "ac_3_10", - "ac_4_26", - "ac_6_9", - "au_2_b", - "au_3_1", - "au_3_a", - "au_3_b", - "au_3_c", - "au_3_d", - "au_3_e", - "au_3_f", - "au_6_3", - "au_6_4", - "au_6_6", - "au_6_9", - "au_8_b", - "au_10", - "au_12_a", - "au_12_c", - "au_12_1", - "au_12_2", - "au_12_3", - "au_12_4", - "au_14_a", - "au_14_b", - "au_14_3", - "ca_7_b", - "cm_5_1_b", - "cm_6_a", - "cm_9_b", - "ia_3_3_b", - "ma_4_1_a", - "pm_14_a_1", - "pm_14_b", - "pm_31", - "sc_7_9_b", - "si_1_1_c", - "si_3_8_b", - "si_4_2", - "si_4_17", - "si_4_20", - "si_7_8", - "si_10_1_c" - ], - "ENS-RD2022": [ - "op.acc.6.r5.aws.iam.1", - "op.exp.5.aws.ct.1", - "op.exp.8.aws.ct.1", - "op.exp.8.aws.ct.6", - "op.exp.9.aws.ct.1", - "op.mon.1.aws.ct.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "CIS-4.0.1": [ - "3.1" - ], - "PCI-4.0": [ - "10.2.1.1.22", - "10.2.1.2.19", - "10.2.1.3.19", - "10.2.1.4.19", - "10.2.1.5.19", - "10.2.1.6.19", - "10.2.1.7.19", - "10.2.1.19", - "10.2.2.19", - "10.3.1.19", - "10.6.3.24", - "5.3.4.22", - "A1.2.1.23" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "au-2", - "ca-7" - ], - "FFIEC": [ - "d2-ma-ma-b-1", - "d2-ma-ma-b-2", - "d3-dc-an-b-3", - "d3-dc-an-b-4", - "d3-dc-an-b-5", - "d3-dc-ev-b-1", - "d3-dc-ev-b-3", - "d3-pc-im-b-3", - "d3-pc-im-b-7", - "d5-dr-de-b-3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "3.2", - "3.2.3", - "3.4", - "3.4.d", - "10.1", - "10.2", - "10.2.1", - "10.2.2", - "10.2.3", - "10.2.4", - "10.2.6", - "10.2.7", - "10.3", - "10.3.1", - "10.3.2", - "10.3.3", - "10.3.4", - "10.3.5", - "10.3.6", - "10.5", - "10.5.4" - ], - "CIS-5.0": [ - "3.1" - ], - "CIS-1.4": [ - "3.1" - ], - "GxP-EU-Annex-11": [ - "1-risk-management", - "4.2-validation-documentation-change-control" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Logging.CN05.AR01", - "CCC.Core.CN08.AR01", - "CCC.Core.CN09.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR03" - ], - "GxP-21-CFR-Part-11": [ - "11.10-e", - "11.10-k", - "11.300-d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "CloudTrail.1" - ], - "CIS-1.5": [ - "3.1" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02", - "SEC04-BP03" - ], - "NIST-800-53-Revision-4": [ - "ac_2_4", - "ac_2", - "au_2", - "au_3", - "au_12", - "cm_2" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "CIS-2.0": [ - "3.1" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure CloudTrail is enabled in all regions", - "title": "Ensure CloudTrail is enabled in all regions", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled-211203495394-ap-northeast-2-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-northeast-2", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:ap-northeast-2:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-northeast-2" - }, - "remediation": { - "desc": "Ensure Logging is set to ON on all regions (even if they are not being used at the moment.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrailconcepts.html#cloudtrail-concepts-management-events" - ] - }, - "risk_details": "AWS CloudTrail is a web service that records AWS API calls for your account and delivers log files to you. The recorded information includes the identity of the API caller, the time of the API call, the source IP address of the API caller, the request parameters, and the response elements returned by the AWS service.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled with logging were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled with logging were found.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_12", - "3_3_1", - "3_3_2", - "3_3_3", - "3_4_1", - "3_6_1", - "3_6_2", - "3_13_1", - "3_13_2", - "3_14_6", - "3_14_7" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_4" - ], - "HIPAA": [ - "164_308_a_1_ii_d", - "164_308_a_3_ii_a", - "164_308_a_6_ii", - "164_312_b", - "164_312_e_2_i" - ], - "SOC2": [ - "cc_2_1", - "cc_7_2", - "cc_a_1_1" - ], - "C5-2025": [ - "OIS-05.01B", - "OIS-05.02B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-15.03B", - "IAM-07.04B", - "DEV-08.02B", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-12.03AC" - ], - "NIST-CSF-1.1": [ - "ae_1", - "ae_3", - "ae_4", - "cm_1", - "cm_3", - "cm_6", - "cm_7", - "am_3", - "ac_6", - "ds_5", - "ma_2", - "pt_1" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-4", - "ac-2-g", - "au-2-a-d", - "au-3", - "au-6-1-3", - "au-12-a-c", - "ca-7-a-b", - "si-4-16", - "si-4-2", - "si-4-4", - "si-4-5" - ], - "CIS-3.0": [ - "3.1" - ], - "NIST-800-53-Revision-5": [ - "ac_2_4", - "ac_3_1", - "ac_3_10", - "ac_4_26", - "ac_6_9", - "au_2_b", - "au_3_1", - "au_3_a", - "au_3_b", - "au_3_c", - "au_3_d", - "au_3_e", - "au_3_f", - "au_6_3", - "au_6_4", - "au_6_6", - "au_6_9", - "au_8_b", - "au_10", - "au_12_a", - "au_12_c", - "au_12_1", - "au_12_2", - "au_12_3", - "au_12_4", - "au_14_a", - "au_14_b", - "au_14_3", - "ca_7_b", - "cm_5_1_b", - "cm_6_a", - "cm_9_b", - "ia_3_3_b", - "ma_4_1_a", - "pm_14_a_1", - "pm_14_b", - "pm_31", - "sc_7_9_b", - "si_1_1_c", - "si_3_8_b", - "si_4_2", - "si_4_17", - "si_4_20", - "si_7_8", - "si_10_1_c" - ], - "ENS-RD2022": [ - "op.acc.6.r5.aws.iam.1", - "op.exp.5.aws.ct.1", - "op.exp.8.aws.ct.1", - "op.exp.8.aws.ct.6", - "op.exp.9.aws.ct.1", - "op.mon.1.aws.ct.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "CIS-4.0.1": [ - "3.1" - ], - "PCI-4.0": [ - "10.2.1.1.22", - "10.2.1.2.19", - "10.2.1.3.19", - "10.2.1.4.19", - "10.2.1.5.19", - "10.2.1.6.19", - "10.2.1.7.19", - "10.2.1.19", - "10.2.2.19", - "10.3.1.19", - "10.6.3.24", - "5.3.4.22", - "A1.2.1.23" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "au-2", - "ca-7" - ], - "FFIEC": [ - "d2-ma-ma-b-1", - "d2-ma-ma-b-2", - "d3-dc-an-b-3", - "d3-dc-an-b-4", - "d3-dc-an-b-5", - "d3-dc-ev-b-1", - "d3-dc-ev-b-3", - "d3-pc-im-b-3", - "d3-pc-im-b-7", - "d5-dr-de-b-3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "3.2", - "3.2.3", - "3.4", - "3.4.d", - "10.1", - "10.2", - "10.2.1", - "10.2.2", - "10.2.3", - "10.2.4", - "10.2.6", - "10.2.7", - "10.3", - "10.3.1", - "10.3.2", - "10.3.3", - "10.3.4", - "10.3.5", - "10.3.6", - "10.5", - "10.5.4" - ], - "CIS-5.0": [ - "3.1" - ], - "CIS-1.4": [ - "3.1" - ], - "GxP-EU-Annex-11": [ - "1-risk-management", - "4.2-validation-documentation-change-control" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Logging.CN05.AR01", - "CCC.Core.CN08.AR01", - "CCC.Core.CN09.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR03" - ], - "GxP-21-CFR-Part-11": [ - "11.10-e", - "11.10-k", - "11.300-d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "CloudTrail.1" - ], - "CIS-1.5": [ - "3.1" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02", - "SEC04-BP03" - ], - "NIST-800-53-Revision-4": [ - "ac_2_4", - "ac_2", - "au_2", - "au_3", - "au_12", - "cm_2" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "CIS-2.0": [ - "3.1" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure CloudTrail is enabled in all regions", - "title": "Ensure CloudTrail is enabled in all regions", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled-211203495394-ap-northeast-3-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-northeast-3", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:ap-northeast-3:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-northeast-3" - }, - "remediation": { - "desc": "Ensure Logging is set to ON on all regions (even if they are not being used at the moment.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrailconcepts.html#cloudtrail-concepts-management-events" - ] - }, - "risk_details": "AWS CloudTrail is a web service that records AWS API calls for your account and delivers log files to you. The recorded information includes the identity of the API caller, the time of the API call, the source IP address of the API caller, the request parameters, and the response elements returned by the AWS service.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled with logging were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled with logging were found.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_12", - "3_3_1", - "3_3_2", - "3_3_3", - "3_4_1", - "3_6_1", - "3_6_2", - "3_13_1", - "3_13_2", - "3_14_6", - "3_14_7" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_4" - ], - "HIPAA": [ - "164_308_a_1_ii_d", - "164_308_a_3_ii_a", - "164_308_a_6_ii", - "164_312_b", - "164_312_e_2_i" - ], - "SOC2": [ - "cc_2_1", - "cc_7_2", - "cc_a_1_1" - ], - "C5-2025": [ - "OIS-05.01B", - "OIS-05.02B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-15.03B", - "IAM-07.04B", - "DEV-08.02B", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-12.03AC" - ], - "NIST-CSF-1.1": [ - "ae_1", - "ae_3", - "ae_4", - "cm_1", - "cm_3", - "cm_6", - "cm_7", - "am_3", - "ac_6", - "ds_5", - "ma_2", - "pt_1" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-4", - "ac-2-g", - "au-2-a-d", - "au-3", - "au-6-1-3", - "au-12-a-c", - "ca-7-a-b", - "si-4-16", - "si-4-2", - "si-4-4", - "si-4-5" - ], - "CIS-3.0": [ - "3.1" - ], - "NIST-800-53-Revision-5": [ - "ac_2_4", - "ac_3_1", - "ac_3_10", - "ac_4_26", - "ac_6_9", - "au_2_b", - "au_3_1", - "au_3_a", - "au_3_b", - "au_3_c", - "au_3_d", - "au_3_e", - "au_3_f", - "au_6_3", - "au_6_4", - "au_6_6", - "au_6_9", - "au_8_b", - "au_10", - "au_12_a", - "au_12_c", - "au_12_1", - "au_12_2", - "au_12_3", - "au_12_4", - "au_14_a", - "au_14_b", - "au_14_3", - "ca_7_b", - "cm_5_1_b", - "cm_6_a", - "cm_9_b", - "ia_3_3_b", - "ma_4_1_a", - "pm_14_a_1", - "pm_14_b", - "pm_31", - "sc_7_9_b", - "si_1_1_c", - "si_3_8_b", - "si_4_2", - "si_4_17", - "si_4_20", - "si_7_8", - "si_10_1_c" - ], - "ENS-RD2022": [ - "op.acc.6.r5.aws.iam.1", - "op.exp.5.aws.ct.1", - "op.exp.8.aws.ct.1", - "op.exp.8.aws.ct.6", - "op.exp.9.aws.ct.1", - "op.mon.1.aws.ct.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "CIS-4.0.1": [ - "3.1" - ], - "PCI-4.0": [ - "10.2.1.1.22", - "10.2.1.2.19", - "10.2.1.3.19", - "10.2.1.4.19", - "10.2.1.5.19", - "10.2.1.6.19", - "10.2.1.7.19", - "10.2.1.19", - "10.2.2.19", - "10.3.1.19", - "10.6.3.24", - "5.3.4.22", - "A1.2.1.23" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "au-2", - "ca-7" - ], - "FFIEC": [ - "d2-ma-ma-b-1", - "d2-ma-ma-b-2", - "d3-dc-an-b-3", - "d3-dc-an-b-4", - "d3-dc-an-b-5", - "d3-dc-ev-b-1", - "d3-dc-ev-b-3", - "d3-pc-im-b-3", - "d3-pc-im-b-7", - "d5-dr-de-b-3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "3.2", - "3.2.3", - "3.4", - "3.4.d", - "10.1", - "10.2", - "10.2.1", - "10.2.2", - "10.2.3", - "10.2.4", - "10.2.6", - "10.2.7", - "10.3", - "10.3.1", - "10.3.2", - "10.3.3", - "10.3.4", - "10.3.5", - "10.3.6", - "10.5", - "10.5.4" - ], - "CIS-5.0": [ - "3.1" - ], - "CIS-1.4": [ - "3.1" - ], - "GxP-EU-Annex-11": [ - "1-risk-management", - "4.2-validation-documentation-change-control" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Logging.CN05.AR01", - "CCC.Core.CN08.AR01", - "CCC.Core.CN09.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR03" - ], - "GxP-21-CFR-Part-11": [ - "11.10-e", - "11.10-k", - "11.300-d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "CloudTrail.1" - ], - "CIS-1.5": [ - "3.1" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02", - "SEC04-BP03" - ], - "NIST-800-53-Revision-4": [ - "ac_2_4", - "ac_2", - "au_2", - "au_3", - "au_12", - "cm_2" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "CIS-2.0": [ - "3.1" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure CloudTrail is enabled in all regions", - "title": "Ensure CloudTrail is enabled in all regions", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled-211203495394-ap-south-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-south-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:ap-south-1:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-south-1" - }, - "remediation": { - "desc": "Ensure Logging is set to ON on all regions (even if they are not being used at the moment.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrailconcepts.html#cloudtrail-concepts-management-events" - ] - }, - "risk_details": "AWS CloudTrail is a web service that records AWS API calls for your account and delivers log files to you. The recorded information includes the identity of the API caller, the time of the API call, the source IP address of the API caller, the request parameters, and the response elements returned by the AWS service.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled with logging were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled with logging were found.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_12", - "3_3_1", - "3_3_2", - "3_3_3", - "3_4_1", - "3_6_1", - "3_6_2", - "3_13_1", - "3_13_2", - "3_14_6", - "3_14_7" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_4" - ], - "HIPAA": [ - "164_308_a_1_ii_d", - "164_308_a_3_ii_a", - "164_308_a_6_ii", - "164_312_b", - "164_312_e_2_i" - ], - "SOC2": [ - "cc_2_1", - "cc_7_2", - "cc_a_1_1" - ], - "C5-2025": [ - "OIS-05.01B", - "OIS-05.02B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-15.03B", - "IAM-07.04B", - "DEV-08.02B", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-12.03AC" - ], - "NIST-CSF-1.1": [ - "ae_1", - "ae_3", - "ae_4", - "cm_1", - "cm_3", - "cm_6", - "cm_7", - "am_3", - "ac_6", - "ds_5", - "ma_2", - "pt_1" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-4", - "ac-2-g", - "au-2-a-d", - "au-3", - "au-6-1-3", - "au-12-a-c", - "ca-7-a-b", - "si-4-16", - "si-4-2", - "si-4-4", - "si-4-5" - ], - "CIS-3.0": [ - "3.1" - ], - "NIST-800-53-Revision-5": [ - "ac_2_4", - "ac_3_1", - "ac_3_10", - "ac_4_26", - "ac_6_9", - "au_2_b", - "au_3_1", - "au_3_a", - "au_3_b", - "au_3_c", - "au_3_d", - "au_3_e", - "au_3_f", - "au_6_3", - "au_6_4", - "au_6_6", - "au_6_9", - "au_8_b", - "au_10", - "au_12_a", - "au_12_c", - "au_12_1", - "au_12_2", - "au_12_3", - "au_12_4", - "au_14_a", - "au_14_b", - "au_14_3", - "ca_7_b", - "cm_5_1_b", - "cm_6_a", - "cm_9_b", - "ia_3_3_b", - "ma_4_1_a", - "pm_14_a_1", - "pm_14_b", - "pm_31", - "sc_7_9_b", - "si_1_1_c", - "si_3_8_b", - "si_4_2", - "si_4_17", - "si_4_20", - "si_7_8", - "si_10_1_c" - ], - "ENS-RD2022": [ - "op.acc.6.r5.aws.iam.1", - "op.exp.5.aws.ct.1", - "op.exp.8.aws.ct.1", - "op.exp.8.aws.ct.6", - "op.exp.9.aws.ct.1", - "op.mon.1.aws.ct.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "CIS-4.0.1": [ - "3.1" - ], - "PCI-4.0": [ - "10.2.1.1.22", - "10.2.1.2.19", - "10.2.1.3.19", - "10.2.1.4.19", - "10.2.1.5.19", - "10.2.1.6.19", - "10.2.1.7.19", - "10.2.1.19", - "10.2.2.19", - "10.3.1.19", - "10.6.3.24", - "5.3.4.22", - "A1.2.1.23" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "au-2", - "ca-7" - ], - "FFIEC": [ - "d2-ma-ma-b-1", - "d2-ma-ma-b-2", - "d3-dc-an-b-3", - "d3-dc-an-b-4", - "d3-dc-an-b-5", - "d3-dc-ev-b-1", - "d3-dc-ev-b-3", - "d3-pc-im-b-3", - "d3-pc-im-b-7", - "d5-dr-de-b-3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "3.2", - "3.2.3", - "3.4", - "3.4.d", - "10.1", - "10.2", - "10.2.1", - "10.2.2", - "10.2.3", - "10.2.4", - "10.2.6", - "10.2.7", - "10.3", - "10.3.1", - "10.3.2", - "10.3.3", - "10.3.4", - "10.3.5", - "10.3.6", - "10.5", - "10.5.4" - ], - "CIS-5.0": [ - "3.1" - ], - "CIS-1.4": [ - "3.1" - ], - "GxP-EU-Annex-11": [ - "1-risk-management", - "4.2-validation-documentation-change-control" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Logging.CN05.AR01", - "CCC.Core.CN08.AR01", - "CCC.Core.CN09.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR03" - ], - "GxP-21-CFR-Part-11": [ - "11.10-e", - "11.10-k", - "11.300-d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "CloudTrail.1" - ], - "CIS-1.5": [ - "3.1" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02", - "SEC04-BP03" - ], - "NIST-800-53-Revision-4": [ - "ac_2_4", - "ac_2", - "au_2", - "au_3", - "au_12", - "cm_2" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "CIS-2.0": [ - "3.1" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure CloudTrail is enabled in all regions", - "title": "Ensure CloudTrail is enabled in all regions", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled-211203495394-ap-southeast-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-southeast-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:ap-southeast-1:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-southeast-1" - }, - "remediation": { - "desc": "Ensure Logging is set to ON on all regions (even if they are not being used at the moment.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrailconcepts.html#cloudtrail-concepts-management-events" - ] - }, - "risk_details": "AWS CloudTrail is a web service that records AWS API calls for your account and delivers log files to you. The recorded information includes the identity of the API caller, the time of the API call, the source IP address of the API caller, the request parameters, and the response elements returned by the AWS service.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled with logging were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled with logging were found.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_12", - "3_3_1", - "3_3_2", - "3_3_3", - "3_4_1", - "3_6_1", - "3_6_2", - "3_13_1", - "3_13_2", - "3_14_6", - "3_14_7" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_4" - ], - "HIPAA": [ - "164_308_a_1_ii_d", - "164_308_a_3_ii_a", - "164_308_a_6_ii", - "164_312_b", - "164_312_e_2_i" - ], - "SOC2": [ - "cc_2_1", - "cc_7_2", - "cc_a_1_1" - ], - "C5-2025": [ - "OIS-05.01B", - "OIS-05.02B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-15.03B", - "IAM-07.04B", - "DEV-08.02B", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-12.03AC" - ], - "NIST-CSF-1.1": [ - "ae_1", - "ae_3", - "ae_4", - "cm_1", - "cm_3", - "cm_6", - "cm_7", - "am_3", - "ac_6", - "ds_5", - "ma_2", - "pt_1" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-4", - "ac-2-g", - "au-2-a-d", - "au-3", - "au-6-1-3", - "au-12-a-c", - "ca-7-a-b", - "si-4-16", - "si-4-2", - "si-4-4", - "si-4-5" - ], - "CIS-3.0": [ - "3.1" - ], - "NIST-800-53-Revision-5": [ - "ac_2_4", - "ac_3_1", - "ac_3_10", - "ac_4_26", - "ac_6_9", - "au_2_b", - "au_3_1", - "au_3_a", - "au_3_b", - "au_3_c", - "au_3_d", - "au_3_e", - "au_3_f", - "au_6_3", - "au_6_4", - "au_6_6", - "au_6_9", - "au_8_b", - "au_10", - "au_12_a", - "au_12_c", - "au_12_1", - "au_12_2", - "au_12_3", - "au_12_4", - "au_14_a", - "au_14_b", - "au_14_3", - "ca_7_b", - "cm_5_1_b", - "cm_6_a", - "cm_9_b", - "ia_3_3_b", - "ma_4_1_a", - "pm_14_a_1", - "pm_14_b", - "pm_31", - "sc_7_9_b", - "si_1_1_c", - "si_3_8_b", - "si_4_2", - "si_4_17", - "si_4_20", - "si_7_8", - "si_10_1_c" - ], - "ENS-RD2022": [ - "op.acc.6.r5.aws.iam.1", - "op.exp.5.aws.ct.1", - "op.exp.8.aws.ct.1", - "op.exp.8.aws.ct.6", - "op.exp.9.aws.ct.1", - "op.mon.1.aws.ct.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "CIS-4.0.1": [ - "3.1" - ], - "PCI-4.0": [ - "10.2.1.1.22", - "10.2.1.2.19", - "10.2.1.3.19", - "10.2.1.4.19", - "10.2.1.5.19", - "10.2.1.6.19", - "10.2.1.7.19", - "10.2.1.19", - "10.2.2.19", - "10.3.1.19", - "10.6.3.24", - "5.3.4.22", - "A1.2.1.23" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "au-2", - "ca-7" - ], - "FFIEC": [ - "d2-ma-ma-b-1", - "d2-ma-ma-b-2", - "d3-dc-an-b-3", - "d3-dc-an-b-4", - "d3-dc-an-b-5", - "d3-dc-ev-b-1", - "d3-dc-ev-b-3", - "d3-pc-im-b-3", - "d3-pc-im-b-7", - "d5-dr-de-b-3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "3.2", - "3.2.3", - "3.4", - "3.4.d", - "10.1", - "10.2", - "10.2.1", - "10.2.2", - "10.2.3", - "10.2.4", - "10.2.6", - "10.2.7", - "10.3", - "10.3.1", - "10.3.2", - "10.3.3", - "10.3.4", - "10.3.5", - "10.3.6", - "10.5", - "10.5.4" - ], - "CIS-5.0": [ - "3.1" - ], - "CIS-1.4": [ - "3.1" - ], - "GxP-EU-Annex-11": [ - "1-risk-management", - "4.2-validation-documentation-change-control" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Logging.CN05.AR01", - "CCC.Core.CN08.AR01", - "CCC.Core.CN09.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR03" - ], - "GxP-21-CFR-Part-11": [ - "11.10-e", - "11.10-k", - "11.300-d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "CloudTrail.1" - ], - "CIS-1.5": [ - "3.1" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02", - "SEC04-BP03" - ], - "NIST-800-53-Revision-4": [ - "ac_2_4", - "ac_2", - "au_2", - "au_3", - "au_12", - "cm_2" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "CIS-2.0": [ - "3.1" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure CloudTrail is enabled in all regions", - "title": "Ensure CloudTrail is enabled in all regions", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled-211203495394-ap-southeast-2-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-southeast-2", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:ap-southeast-2:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-southeast-2" - }, - "remediation": { - "desc": "Ensure Logging is set to ON on all regions (even if they are not being used at the moment.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrailconcepts.html#cloudtrail-concepts-management-events" - ] - }, - "risk_details": "AWS CloudTrail is a web service that records AWS API calls for your account and delivers log files to you. The recorded information includes the identity of the API caller, the time of the API call, the source IP address of the API caller, the request parameters, and the response elements returned by the AWS service.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled with logging were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled with logging were found.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_12", - "3_3_1", - "3_3_2", - "3_3_3", - "3_4_1", - "3_6_1", - "3_6_2", - "3_13_1", - "3_13_2", - "3_14_6", - "3_14_7" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_4" - ], - "HIPAA": [ - "164_308_a_1_ii_d", - "164_308_a_3_ii_a", - "164_308_a_6_ii", - "164_312_b", - "164_312_e_2_i" - ], - "SOC2": [ - "cc_2_1", - "cc_7_2", - "cc_a_1_1" - ], - "C5-2025": [ - "OIS-05.01B", - "OIS-05.02B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-15.03B", - "IAM-07.04B", - "DEV-08.02B", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-12.03AC" - ], - "NIST-CSF-1.1": [ - "ae_1", - "ae_3", - "ae_4", - "cm_1", - "cm_3", - "cm_6", - "cm_7", - "am_3", - "ac_6", - "ds_5", - "ma_2", - "pt_1" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-4", - "ac-2-g", - "au-2-a-d", - "au-3", - "au-6-1-3", - "au-12-a-c", - "ca-7-a-b", - "si-4-16", - "si-4-2", - "si-4-4", - "si-4-5" - ], - "CIS-3.0": [ - "3.1" - ], - "NIST-800-53-Revision-5": [ - "ac_2_4", - "ac_3_1", - "ac_3_10", - "ac_4_26", - "ac_6_9", - "au_2_b", - "au_3_1", - "au_3_a", - "au_3_b", - "au_3_c", - "au_3_d", - "au_3_e", - "au_3_f", - "au_6_3", - "au_6_4", - "au_6_6", - "au_6_9", - "au_8_b", - "au_10", - "au_12_a", - "au_12_c", - "au_12_1", - "au_12_2", - "au_12_3", - "au_12_4", - "au_14_a", - "au_14_b", - "au_14_3", - "ca_7_b", - "cm_5_1_b", - "cm_6_a", - "cm_9_b", - "ia_3_3_b", - "ma_4_1_a", - "pm_14_a_1", - "pm_14_b", - "pm_31", - "sc_7_9_b", - "si_1_1_c", - "si_3_8_b", - "si_4_2", - "si_4_17", - "si_4_20", - "si_7_8", - "si_10_1_c" - ], - "ENS-RD2022": [ - "op.acc.6.r5.aws.iam.1", - "op.exp.5.aws.ct.1", - "op.exp.8.aws.ct.1", - "op.exp.8.aws.ct.6", - "op.exp.9.aws.ct.1", - "op.mon.1.aws.ct.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "CIS-4.0.1": [ - "3.1" - ], - "PCI-4.0": [ - "10.2.1.1.22", - "10.2.1.2.19", - "10.2.1.3.19", - "10.2.1.4.19", - "10.2.1.5.19", - "10.2.1.6.19", - "10.2.1.7.19", - "10.2.1.19", - "10.2.2.19", - "10.3.1.19", - "10.6.3.24", - "5.3.4.22", - "A1.2.1.23" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "au-2", - "ca-7" - ], - "FFIEC": [ - "d2-ma-ma-b-1", - "d2-ma-ma-b-2", - "d3-dc-an-b-3", - "d3-dc-an-b-4", - "d3-dc-an-b-5", - "d3-dc-ev-b-1", - "d3-dc-ev-b-3", - "d3-pc-im-b-3", - "d3-pc-im-b-7", - "d5-dr-de-b-3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "3.2", - "3.2.3", - "3.4", - "3.4.d", - "10.1", - "10.2", - "10.2.1", - "10.2.2", - "10.2.3", - "10.2.4", - "10.2.6", - "10.2.7", - "10.3", - "10.3.1", - "10.3.2", - "10.3.3", - "10.3.4", - "10.3.5", - "10.3.6", - "10.5", - "10.5.4" - ], - "CIS-5.0": [ - "3.1" - ], - "CIS-1.4": [ - "3.1" - ], - "GxP-EU-Annex-11": [ - "1-risk-management", - "4.2-validation-documentation-change-control" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Logging.CN05.AR01", - "CCC.Core.CN08.AR01", - "CCC.Core.CN09.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR03" - ], - "GxP-21-CFR-Part-11": [ - "11.10-e", - "11.10-k", - "11.300-d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "CloudTrail.1" - ], - "CIS-1.5": [ - "3.1" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02", - "SEC04-BP03" - ], - "NIST-800-53-Revision-4": [ - "ac_2_4", - "ac_2", - "au_2", - "au_3", - "au_12", - "cm_2" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "CIS-2.0": [ - "3.1" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure CloudTrail is enabled in all regions", - "title": "Ensure CloudTrail is enabled in all regions", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled-211203495394-ca-central-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ca-central-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:ca-central-1:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ca-central-1" - }, - "remediation": { - "desc": "Ensure Logging is set to ON on all regions (even if they are not being used at the moment.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrailconcepts.html#cloudtrail-concepts-management-events" - ] - }, - "risk_details": "AWS CloudTrail is a web service that records AWS API calls for your account and delivers log files to you. The recorded information includes the identity of the API caller, the time of the API call, the source IP address of the API caller, the request parameters, and the response elements returned by the AWS service.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled with logging were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled with logging were found.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_12", - "3_3_1", - "3_3_2", - "3_3_3", - "3_4_1", - "3_6_1", - "3_6_2", - "3_13_1", - "3_13_2", - "3_14_6", - "3_14_7" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_4" - ], - "HIPAA": [ - "164_308_a_1_ii_d", - "164_308_a_3_ii_a", - "164_308_a_6_ii", - "164_312_b", - "164_312_e_2_i" - ], - "SOC2": [ - "cc_2_1", - "cc_7_2", - "cc_a_1_1" - ], - "C5-2025": [ - "OIS-05.01B", - "OIS-05.02B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-15.03B", - "IAM-07.04B", - "DEV-08.02B", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-12.03AC" - ], - "NIST-CSF-1.1": [ - "ae_1", - "ae_3", - "ae_4", - "cm_1", - "cm_3", - "cm_6", - "cm_7", - "am_3", - "ac_6", - "ds_5", - "ma_2", - "pt_1" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-4", - "ac-2-g", - "au-2-a-d", - "au-3", - "au-6-1-3", - "au-12-a-c", - "ca-7-a-b", - "si-4-16", - "si-4-2", - "si-4-4", - "si-4-5" - ], - "CIS-3.0": [ - "3.1" - ], - "NIST-800-53-Revision-5": [ - "ac_2_4", - "ac_3_1", - "ac_3_10", - "ac_4_26", - "ac_6_9", - "au_2_b", - "au_3_1", - "au_3_a", - "au_3_b", - "au_3_c", - "au_3_d", - "au_3_e", - "au_3_f", - "au_6_3", - "au_6_4", - "au_6_6", - "au_6_9", - "au_8_b", - "au_10", - "au_12_a", - "au_12_c", - "au_12_1", - "au_12_2", - "au_12_3", - "au_12_4", - "au_14_a", - "au_14_b", - "au_14_3", - "ca_7_b", - "cm_5_1_b", - "cm_6_a", - "cm_9_b", - "ia_3_3_b", - "ma_4_1_a", - "pm_14_a_1", - "pm_14_b", - "pm_31", - "sc_7_9_b", - "si_1_1_c", - "si_3_8_b", - "si_4_2", - "si_4_17", - "si_4_20", - "si_7_8", - "si_10_1_c" - ], - "ENS-RD2022": [ - "op.acc.6.r5.aws.iam.1", - "op.exp.5.aws.ct.1", - "op.exp.8.aws.ct.1", - "op.exp.8.aws.ct.6", - "op.exp.9.aws.ct.1", - "op.mon.1.aws.ct.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "CIS-4.0.1": [ - "3.1" - ], - "PCI-4.0": [ - "10.2.1.1.22", - "10.2.1.2.19", - "10.2.1.3.19", - "10.2.1.4.19", - "10.2.1.5.19", - "10.2.1.6.19", - "10.2.1.7.19", - "10.2.1.19", - "10.2.2.19", - "10.3.1.19", - "10.6.3.24", - "5.3.4.22", - "A1.2.1.23" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "au-2", - "ca-7" - ], - "FFIEC": [ - "d2-ma-ma-b-1", - "d2-ma-ma-b-2", - "d3-dc-an-b-3", - "d3-dc-an-b-4", - "d3-dc-an-b-5", - "d3-dc-ev-b-1", - "d3-dc-ev-b-3", - "d3-pc-im-b-3", - "d3-pc-im-b-7", - "d5-dr-de-b-3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "3.2", - "3.2.3", - "3.4", - "3.4.d", - "10.1", - "10.2", - "10.2.1", - "10.2.2", - "10.2.3", - "10.2.4", - "10.2.6", - "10.2.7", - "10.3", - "10.3.1", - "10.3.2", - "10.3.3", - "10.3.4", - "10.3.5", - "10.3.6", - "10.5", - "10.5.4" - ], - "CIS-5.0": [ - "3.1" - ], - "CIS-1.4": [ - "3.1" - ], - "GxP-EU-Annex-11": [ - "1-risk-management", - "4.2-validation-documentation-change-control" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Logging.CN05.AR01", - "CCC.Core.CN08.AR01", - "CCC.Core.CN09.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR03" - ], - "GxP-21-CFR-Part-11": [ - "11.10-e", - "11.10-k", - "11.300-d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "CloudTrail.1" - ], - "CIS-1.5": [ - "3.1" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02", - "SEC04-BP03" - ], - "NIST-800-53-Revision-4": [ - "ac_2_4", - "ac_2", - "au_2", - "au_3", - "au_12", - "cm_2" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "CIS-2.0": [ - "3.1" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure CloudTrail is enabled in all regions", - "title": "Ensure CloudTrail is enabled in all regions", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled-211203495394-eu-central-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-central-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:eu-central-1:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-central-1" - }, - "remediation": { - "desc": "Ensure Logging is set to ON on all regions (even if they are not being used at the moment.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrailconcepts.html#cloudtrail-concepts-management-events" - ] - }, - "risk_details": "AWS CloudTrail is a web service that records AWS API calls for your account and delivers log files to you. The recorded information includes the identity of the API caller, the time of the API call, the source IP address of the API caller, the request parameters, and the response elements returned by the AWS service.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled with logging were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled with logging were found.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_12", - "3_3_1", - "3_3_2", - "3_3_3", - "3_4_1", - "3_6_1", - "3_6_2", - "3_13_1", - "3_13_2", - "3_14_6", - "3_14_7" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_4" - ], - "HIPAA": [ - "164_308_a_1_ii_d", - "164_308_a_3_ii_a", - "164_308_a_6_ii", - "164_312_b", - "164_312_e_2_i" - ], - "SOC2": [ - "cc_2_1", - "cc_7_2", - "cc_a_1_1" - ], - "C5-2025": [ - "OIS-05.01B", - "OIS-05.02B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-15.03B", - "IAM-07.04B", - "DEV-08.02B", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-12.03AC" - ], - "NIST-CSF-1.1": [ - "ae_1", - "ae_3", - "ae_4", - "cm_1", - "cm_3", - "cm_6", - "cm_7", - "am_3", - "ac_6", - "ds_5", - "ma_2", - "pt_1" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-4", - "ac-2-g", - "au-2-a-d", - "au-3", - "au-6-1-3", - "au-12-a-c", - "ca-7-a-b", - "si-4-16", - "si-4-2", - "si-4-4", - "si-4-5" - ], - "CIS-3.0": [ - "3.1" - ], - "NIST-800-53-Revision-5": [ - "ac_2_4", - "ac_3_1", - "ac_3_10", - "ac_4_26", - "ac_6_9", - "au_2_b", - "au_3_1", - "au_3_a", - "au_3_b", - "au_3_c", - "au_3_d", - "au_3_e", - "au_3_f", - "au_6_3", - "au_6_4", - "au_6_6", - "au_6_9", - "au_8_b", - "au_10", - "au_12_a", - "au_12_c", - "au_12_1", - "au_12_2", - "au_12_3", - "au_12_4", - "au_14_a", - "au_14_b", - "au_14_3", - "ca_7_b", - "cm_5_1_b", - "cm_6_a", - "cm_9_b", - "ia_3_3_b", - "ma_4_1_a", - "pm_14_a_1", - "pm_14_b", - "pm_31", - "sc_7_9_b", - "si_1_1_c", - "si_3_8_b", - "si_4_2", - "si_4_17", - "si_4_20", - "si_7_8", - "si_10_1_c" - ], - "ENS-RD2022": [ - "op.acc.6.r5.aws.iam.1", - "op.exp.5.aws.ct.1", - "op.exp.8.aws.ct.1", - "op.exp.8.aws.ct.6", - "op.exp.9.aws.ct.1", - "op.mon.1.aws.ct.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "CIS-4.0.1": [ - "3.1" - ], - "PCI-4.0": [ - "10.2.1.1.22", - "10.2.1.2.19", - "10.2.1.3.19", - "10.2.1.4.19", - "10.2.1.5.19", - "10.2.1.6.19", - "10.2.1.7.19", - "10.2.1.19", - "10.2.2.19", - "10.3.1.19", - "10.6.3.24", - "5.3.4.22", - "A1.2.1.23" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "au-2", - "ca-7" - ], - "FFIEC": [ - "d2-ma-ma-b-1", - "d2-ma-ma-b-2", - "d3-dc-an-b-3", - "d3-dc-an-b-4", - "d3-dc-an-b-5", - "d3-dc-ev-b-1", - "d3-dc-ev-b-3", - "d3-pc-im-b-3", - "d3-pc-im-b-7", - "d5-dr-de-b-3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "3.2", - "3.2.3", - "3.4", - "3.4.d", - "10.1", - "10.2", - "10.2.1", - "10.2.2", - "10.2.3", - "10.2.4", - "10.2.6", - "10.2.7", - "10.3", - "10.3.1", - "10.3.2", - "10.3.3", - "10.3.4", - "10.3.5", - "10.3.6", - "10.5", - "10.5.4" - ], - "CIS-5.0": [ - "3.1" - ], - "CIS-1.4": [ - "3.1" - ], - "GxP-EU-Annex-11": [ - "1-risk-management", - "4.2-validation-documentation-change-control" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Logging.CN05.AR01", - "CCC.Core.CN08.AR01", - "CCC.Core.CN09.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR03" - ], - "GxP-21-CFR-Part-11": [ - "11.10-e", - "11.10-k", - "11.300-d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "CloudTrail.1" - ], - "CIS-1.5": [ - "3.1" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02", - "SEC04-BP03" - ], - "NIST-800-53-Revision-4": [ - "ac_2_4", - "ac_2", - "au_2", - "au_3", - "au_12", - "cm_2" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "CIS-2.0": [ - "3.1" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure CloudTrail is enabled in all regions", - "title": "Ensure CloudTrail is enabled in all regions", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled-211203495394-eu-north-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-north-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:eu-north-1:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-north-1" - }, - "remediation": { - "desc": "Ensure Logging is set to ON on all regions (even if they are not being used at the moment.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrailconcepts.html#cloudtrail-concepts-management-events" - ] - }, - "risk_details": "AWS CloudTrail is a web service that records AWS API calls for your account and delivers log files to you. The recorded information includes the identity of the API caller, the time of the API call, the source IP address of the API caller, the request parameters, and the response elements returned by the AWS service.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled with logging were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled with logging were found.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_12", - "3_3_1", - "3_3_2", - "3_3_3", - "3_4_1", - "3_6_1", - "3_6_2", - "3_13_1", - "3_13_2", - "3_14_6", - "3_14_7" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_4" - ], - "HIPAA": [ - "164_308_a_1_ii_d", - "164_308_a_3_ii_a", - "164_308_a_6_ii", - "164_312_b", - "164_312_e_2_i" - ], - "SOC2": [ - "cc_2_1", - "cc_7_2", - "cc_a_1_1" - ], - "C5-2025": [ - "OIS-05.01B", - "OIS-05.02B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-15.03B", - "IAM-07.04B", - "DEV-08.02B", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-12.03AC" - ], - "NIST-CSF-1.1": [ - "ae_1", - "ae_3", - "ae_4", - "cm_1", - "cm_3", - "cm_6", - "cm_7", - "am_3", - "ac_6", - "ds_5", - "ma_2", - "pt_1" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-4", - "ac-2-g", - "au-2-a-d", - "au-3", - "au-6-1-3", - "au-12-a-c", - "ca-7-a-b", - "si-4-16", - "si-4-2", - "si-4-4", - "si-4-5" - ], - "CIS-3.0": [ - "3.1" - ], - "NIST-800-53-Revision-5": [ - "ac_2_4", - "ac_3_1", - "ac_3_10", - "ac_4_26", - "ac_6_9", - "au_2_b", - "au_3_1", - "au_3_a", - "au_3_b", - "au_3_c", - "au_3_d", - "au_3_e", - "au_3_f", - "au_6_3", - "au_6_4", - "au_6_6", - "au_6_9", - "au_8_b", - "au_10", - "au_12_a", - "au_12_c", - "au_12_1", - "au_12_2", - "au_12_3", - "au_12_4", - "au_14_a", - "au_14_b", - "au_14_3", - "ca_7_b", - "cm_5_1_b", - "cm_6_a", - "cm_9_b", - "ia_3_3_b", - "ma_4_1_a", - "pm_14_a_1", - "pm_14_b", - "pm_31", - "sc_7_9_b", - "si_1_1_c", - "si_3_8_b", - "si_4_2", - "si_4_17", - "si_4_20", - "si_7_8", - "si_10_1_c" - ], - "ENS-RD2022": [ - "op.acc.6.r5.aws.iam.1", - "op.exp.5.aws.ct.1", - "op.exp.8.aws.ct.1", - "op.exp.8.aws.ct.6", - "op.exp.9.aws.ct.1", - "op.mon.1.aws.ct.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "CIS-4.0.1": [ - "3.1" - ], - "PCI-4.0": [ - "10.2.1.1.22", - "10.2.1.2.19", - "10.2.1.3.19", - "10.2.1.4.19", - "10.2.1.5.19", - "10.2.1.6.19", - "10.2.1.7.19", - "10.2.1.19", - "10.2.2.19", - "10.3.1.19", - "10.6.3.24", - "5.3.4.22", - "A1.2.1.23" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "au-2", - "ca-7" - ], - "FFIEC": [ - "d2-ma-ma-b-1", - "d2-ma-ma-b-2", - "d3-dc-an-b-3", - "d3-dc-an-b-4", - "d3-dc-an-b-5", - "d3-dc-ev-b-1", - "d3-dc-ev-b-3", - "d3-pc-im-b-3", - "d3-pc-im-b-7", - "d5-dr-de-b-3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "3.2", - "3.2.3", - "3.4", - "3.4.d", - "10.1", - "10.2", - "10.2.1", - "10.2.2", - "10.2.3", - "10.2.4", - "10.2.6", - "10.2.7", - "10.3", - "10.3.1", - "10.3.2", - "10.3.3", - "10.3.4", - "10.3.5", - "10.3.6", - "10.5", - "10.5.4" - ], - "CIS-5.0": [ - "3.1" - ], - "CIS-1.4": [ - "3.1" - ], - "GxP-EU-Annex-11": [ - "1-risk-management", - "4.2-validation-documentation-change-control" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Logging.CN05.AR01", - "CCC.Core.CN08.AR01", - "CCC.Core.CN09.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR03" - ], - "GxP-21-CFR-Part-11": [ - "11.10-e", - "11.10-k", - "11.300-d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "CloudTrail.1" - ], - "CIS-1.5": [ - "3.1" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02", - "SEC04-BP03" - ], - "NIST-800-53-Revision-4": [ - "ac_2_4", - "ac_2", - "au_2", - "au_3", - "au_12", - "cm_2" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "CIS-2.0": [ - "3.1" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure CloudTrail is enabled in all regions", - "title": "Ensure CloudTrail is enabled in all regions", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled-211203495394-eu-west-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:eu-west-1:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Ensure Logging is set to ON on all regions (even if they are not being used at the moment.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrailconcepts.html#cloudtrail-concepts-management-events" - ] - }, - "risk_details": "AWS CloudTrail is a web service that records AWS API calls for your account and delivers log files to you. The recorded information includes the identity of the API caller, the time of the API call, the source IP address of the API caller, the request parameters, and the response elements returned by the AWS service.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled with logging were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled with logging were found.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_12", - "3_3_1", - "3_3_2", - "3_3_3", - "3_4_1", - "3_6_1", - "3_6_2", - "3_13_1", - "3_13_2", - "3_14_6", - "3_14_7" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_4" - ], - "HIPAA": [ - "164_308_a_1_ii_d", - "164_308_a_3_ii_a", - "164_308_a_6_ii", - "164_312_b", - "164_312_e_2_i" - ], - "SOC2": [ - "cc_2_1", - "cc_7_2", - "cc_a_1_1" - ], - "C5-2025": [ - "OIS-05.01B", - "OIS-05.02B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-15.03B", - "IAM-07.04B", - "DEV-08.02B", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-12.03AC" - ], - "NIST-CSF-1.1": [ - "ae_1", - "ae_3", - "ae_4", - "cm_1", - "cm_3", - "cm_6", - "cm_7", - "am_3", - "ac_6", - "ds_5", - "ma_2", - "pt_1" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-4", - "ac-2-g", - "au-2-a-d", - "au-3", - "au-6-1-3", - "au-12-a-c", - "ca-7-a-b", - "si-4-16", - "si-4-2", - "si-4-4", - "si-4-5" - ], - "CIS-3.0": [ - "3.1" - ], - "NIST-800-53-Revision-5": [ - "ac_2_4", - "ac_3_1", - "ac_3_10", - "ac_4_26", - "ac_6_9", - "au_2_b", - "au_3_1", - "au_3_a", - "au_3_b", - "au_3_c", - "au_3_d", - "au_3_e", - "au_3_f", - "au_6_3", - "au_6_4", - "au_6_6", - "au_6_9", - "au_8_b", - "au_10", - "au_12_a", - "au_12_c", - "au_12_1", - "au_12_2", - "au_12_3", - "au_12_4", - "au_14_a", - "au_14_b", - "au_14_3", - "ca_7_b", - "cm_5_1_b", - "cm_6_a", - "cm_9_b", - "ia_3_3_b", - "ma_4_1_a", - "pm_14_a_1", - "pm_14_b", - "pm_31", - "sc_7_9_b", - "si_1_1_c", - "si_3_8_b", - "si_4_2", - "si_4_17", - "si_4_20", - "si_7_8", - "si_10_1_c" - ], - "ENS-RD2022": [ - "op.acc.6.r5.aws.iam.1", - "op.exp.5.aws.ct.1", - "op.exp.8.aws.ct.1", - "op.exp.8.aws.ct.6", - "op.exp.9.aws.ct.1", - "op.mon.1.aws.ct.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "CIS-4.0.1": [ - "3.1" - ], - "PCI-4.0": [ - "10.2.1.1.22", - "10.2.1.2.19", - "10.2.1.3.19", - "10.2.1.4.19", - "10.2.1.5.19", - "10.2.1.6.19", - "10.2.1.7.19", - "10.2.1.19", - "10.2.2.19", - "10.3.1.19", - "10.6.3.24", - "5.3.4.22", - "A1.2.1.23" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "au-2", - "ca-7" - ], - "FFIEC": [ - "d2-ma-ma-b-1", - "d2-ma-ma-b-2", - "d3-dc-an-b-3", - "d3-dc-an-b-4", - "d3-dc-an-b-5", - "d3-dc-ev-b-1", - "d3-dc-ev-b-3", - "d3-pc-im-b-3", - "d3-pc-im-b-7", - "d5-dr-de-b-3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "3.2", - "3.2.3", - "3.4", - "3.4.d", - "10.1", - "10.2", - "10.2.1", - "10.2.2", - "10.2.3", - "10.2.4", - "10.2.6", - "10.2.7", - "10.3", - "10.3.1", - "10.3.2", - "10.3.3", - "10.3.4", - "10.3.5", - "10.3.6", - "10.5", - "10.5.4" - ], - "CIS-5.0": [ - "3.1" - ], - "CIS-1.4": [ - "3.1" - ], - "GxP-EU-Annex-11": [ - "1-risk-management", - "4.2-validation-documentation-change-control" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Logging.CN05.AR01", - "CCC.Core.CN08.AR01", - "CCC.Core.CN09.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR03" - ], - "GxP-21-CFR-Part-11": [ - "11.10-e", - "11.10-k", - "11.300-d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "CloudTrail.1" - ], - "CIS-1.5": [ - "3.1" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02", - "SEC04-BP03" - ], - "NIST-800-53-Revision-4": [ - "ac_2_4", - "ac_2", - "au_2", - "au_3", - "au_12", - "cm_2" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "CIS-2.0": [ - "3.1" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure CloudTrail is enabled in all regions", - "title": "Ensure CloudTrail is enabled in all regions", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled-211203495394-eu-west-2-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-2", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:eu-west-2:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-2" - }, - "remediation": { - "desc": "Ensure Logging is set to ON on all regions (even if they are not being used at the moment.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrailconcepts.html#cloudtrail-concepts-management-events" - ] - }, - "risk_details": "AWS CloudTrail is a web service that records AWS API calls for your account and delivers log files to you. The recorded information includes the identity of the API caller, the time of the API call, the source IP address of the API caller, the request parameters, and the response elements returned by the AWS service.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled with logging were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled with logging were found.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_12", - "3_3_1", - "3_3_2", - "3_3_3", - "3_4_1", - "3_6_1", - "3_6_2", - "3_13_1", - "3_13_2", - "3_14_6", - "3_14_7" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_4" - ], - "HIPAA": [ - "164_308_a_1_ii_d", - "164_308_a_3_ii_a", - "164_308_a_6_ii", - "164_312_b", - "164_312_e_2_i" - ], - "SOC2": [ - "cc_2_1", - "cc_7_2", - "cc_a_1_1" - ], - "C5-2025": [ - "OIS-05.01B", - "OIS-05.02B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-15.03B", - "IAM-07.04B", - "DEV-08.02B", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-12.03AC" - ], - "NIST-CSF-1.1": [ - "ae_1", - "ae_3", - "ae_4", - "cm_1", - "cm_3", - "cm_6", - "cm_7", - "am_3", - "ac_6", - "ds_5", - "ma_2", - "pt_1" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-4", - "ac-2-g", - "au-2-a-d", - "au-3", - "au-6-1-3", - "au-12-a-c", - "ca-7-a-b", - "si-4-16", - "si-4-2", - "si-4-4", - "si-4-5" - ], - "CIS-3.0": [ - "3.1" - ], - "NIST-800-53-Revision-5": [ - "ac_2_4", - "ac_3_1", - "ac_3_10", - "ac_4_26", - "ac_6_9", - "au_2_b", - "au_3_1", - "au_3_a", - "au_3_b", - "au_3_c", - "au_3_d", - "au_3_e", - "au_3_f", - "au_6_3", - "au_6_4", - "au_6_6", - "au_6_9", - "au_8_b", - "au_10", - "au_12_a", - "au_12_c", - "au_12_1", - "au_12_2", - "au_12_3", - "au_12_4", - "au_14_a", - "au_14_b", - "au_14_3", - "ca_7_b", - "cm_5_1_b", - "cm_6_a", - "cm_9_b", - "ia_3_3_b", - "ma_4_1_a", - "pm_14_a_1", - "pm_14_b", - "pm_31", - "sc_7_9_b", - "si_1_1_c", - "si_3_8_b", - "si_4_2", - "si_4_17", - "si_4_20", - "si_7_8", - "si_10_1_c" - ], - "ENS-RD2022": [ - "op.acc.6.r5.aws.iam.1", - "op.exp.5.aws.ct.1", - "op.exp.8.aws.ct.1", - "op.exp.8.aws.ct.6", - "op.exp.9.aws.ct.1", - "op.mon.1.aws.ct.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "CIS-4.0.1": [ - "3.1" - ], - "PCI-4.0": [ - "10.2.1.1.22", - "10.2.1.2.19", - "10.2.1.3.19", - "10.2.1.4.19", - "10.2.1.5.19", - "10.2.1.6.19", - "10.2.1.7.19", - "10.2.1.19", - "10.2.2.19", - "10.3.1.19", - "10.6.3.24", - "5.3.4.22", - "A1.2.1.23" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "au-2", - "ca-7" - ], - "FFIEC": [ - "d2-ma-ma-b-1", - "d2-ma-ma-b-2", - "d3-dc-an-b-3", - "d3-dc-an-b-4", - "d3-dc-an-b-5", - "d3-dc-ev-b-1", - "d3-dc-ev-b-3", - "d3-pc-im-b-3", - "d3-pc-im-b-7", - "d5-dr-de-b-3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "3.2", - "3.2.3", - "3.4", - "3.4.d", - "10.1", - "10.2", - "10.2.1", - "10.2.2", - "10.2.3", - "10.2.4", - "10.2.6", - "10.2.7", - "10.3", - "10.3.1", - "10.3.2", - "10.3.3", - "10.3.4", - "10.3.5", - "10.3.6", - "10.5", - "10.5.4" - ], - "CIS-5.0": [ - "3.1" - ], - "CIS-1.4": [ - "3.1" - ], - "GxP-EU-Annex-11": [ - "1-risk-management", - "4.2-validation-documentation-change-control" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Logging.CN05.AR01", - "CCC.Core.CN08.AR01", - "CCC.Core.CN09.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR03" - ], - "GxP-21-CFR-Part-11": [ - "11.10-e", - "11.10-k", - "11.300-d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "CloudTrail.1" - ], - "CIS-1.5": [ - "3.1" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02", - "SEC04-BP03" - ], - "NIST-800-53-Revision-4": [ - "ac_2_4", - "ac_2", - "au_2", - "au_3", - "au_12", - "cm_2" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "CIS-2.0": [ - "3.1" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure CloudTrail is enabled in all regions", - "title": "Ensure CloudTrail is enabled in all regions", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled-211203495394-eu-west-3-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-3", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:eu-west-3:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-3" - }, - "remediation": { - "desc": "Ensure Logging is set to ON on all regions (even if they are not being used at the moment.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrailconcepts.html#cloudtrail-concepts-management-events" - ] - }, - "risk_details": "AWS CloudTrail is a web service that records AWS API calls for your account and delivers log files to you. The recorded information includes the identity of the API caller, the time of the API call, the source IP address of the API caller, the request parameters, and the response elements returned by the AWS service.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled with logging were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled with logging were found.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_12", - "3_3_1", - "3_3_2", - "3_3_3", - "3_4_1", - "3_6_1", - "3_6_2", - "3_13_1", - "3_13_2", - "3_14_6", - "3_14_7" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_4" - ], - "HIPAA": [ - "164_308_a_1_ii_d", - "164_308_a_3_ii_a", - "164_308_a_6_ii", - "164_312_b", - "164_312_e_2_i" - ], - "SOC2": [ - "cc_2_1", - "cc_7_2", - "cc_a_1_1" - ], - "C5-2025": [ - "OIS-05.01B", - "OIS-05.02B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-15.03B", - "IAM-07.04B", - "DEV-08.02B", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-12.03AC" - ], - "NIST-CSF-1.1": [ - "ae_1", - "ae_3", - "ae_4", - "cm_1", - "cm_3", - "cm_6", - "cm_7", - "am_3", - "ac_6", - "ds_5", - "ma_2", - "pt_1" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-4", - "ac-2-g", - "au-2-a-d", - "au-3", - "au-6-1-3", - "au-12-a-c", - "ca-7-a-b", - "si-4-16", - "si-4-2", - "si-4-4", - "si-4-5" - ], - "CIS-3.0": [ - "3.1" - ], - "NIST-800-53-Revision-5": [ - "ac_2_4", - "ac_3_1", - "ac_3_10", - "ac_4_26", - "ac_6_9", - "au_2_b", - "au_3_1", - "au_3_a", - "au_3_b", - "au_3_c", - "au_3_d", - "au_3_e", - "au_3_f", - "au_6_3", - "au_6_4", - "au_6_6", - "au_6_9", - "au_8_b", - "au_10", - "au_12_a", - "au_12_c", - "au_12_1", - "au_12_2", - "au_12_3", - "au_12_4", - "au_14_a", - "au_14_b", - "au_14_3", - "ca_7_b", - "cm_5_1_b", - "cm_6_a", - "cm_9_b", - "ia_3_3_b", - "ma_4_1_a", - "pm_14_a_1", - "pm_14_b", - "pm_31", - "sc_7_9_b", - "si_1_1_c", - "si_3_8_b", - "si_4_2", - "si_4_17", - "si_4_20", - "si_7_8", - "si_10_1_c" - ], - "ENS-RD2022": [ - "op.acc.6.r5.aws.iam.1", - "op.exp.5.aws.ct.1", - "op.exp.8.aws.ct.1", - "op.exp.8.aws.ct.6", - "op.exp.9.aws.ct.1", - "op.mon.1.aws.ct.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "CIS-4.0.1": [ - "3.1" - ], - "PCI-4.0": [ - "10.2.1.1.22", - "10.2.1.2.19", - "10.2.1.3.19", - "10.2.1.4.19", - "10.2.1.5.19", - "10.2.1.6.19", - "10.2.1.7.19", - "10.2.1.19", - "10.2.2.19", - "10.3.1.19", - "10.6.3.24", - "5.3.4.22", - "A1.2.1.23" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "au-2", - "ca-7" - ], - "FFIEC": [ - "d2-ma-ma-b-1", - "d2-ma-ma-b-2", - "d3-dc-an-b-3", - "d3-dc-an-b-4", - "d3-dc-an-b-5", - "d3-dc-ev-b-1", - "d3-dc-ev-b-3", - "d3-pc-im-b-3", - "d3-pc-im-b-7", - "d5-dr-de-b-3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "3.2", - "3.2.3", - "3.4", - "3.4.d", - "10.1", - "10.2", - "10.2.1", - "10.2.2", - "10.2.3", - "10.2.4", - "10.2.6", - "10.2.7", - "10.3", - "10.3.1", - "10.3.2", - "10.3.3", - "10.3.4", - "10.3.5", - "10.3.6", - "10.5", - "10.5.4" - ], - "CIS-5.0": [ - "3.1" - ], - "CIS-1.4": [ - "3.1" - ], - "GxP-EU-Annex-11": [ - "1-risk-management", - "4.2-validation-documentation-change-control" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Logging.CN05.AR01", - "CCC.Core.CN08.AR01", - "CCC.Core.CN09.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR03" - ], - "GxP-21-CFR-Part-11": [ - "11.10-e", - "11.10-k", - "11.300-d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "CloudTrail.1" - ], - "CIS-1.5": [ - "3.1" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02", - "SEC04-BP03" - ], - "NIST-800-53-Revision-4": [ - "ac_2_4", - "ac_2", - "au_2", - "au_3", - "au_12", - "cm_2" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "CIS-2.0": [ - "3.1" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure CloudTrail is enabled in all regions", - "title": "Ensure CloudTrail is enabled in all regions", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled-211203495394-sa-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "sa-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:sa-east-1:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "sa-east-1" - }, - "remediation": { - "desc": "Ensure Logging is set to ON on all regions (even if they are not being used at the moment.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrailconcepts.html#cloudtrail-concepts-management-events" - ] - }, - "risk_details": "AWS CloudTrail is a web service that records AWS API calls for your account and delivers log files to you. The recorded information includes the identity of the API caller, the time of the API call, the source IP address of the API caller, the request parameters, and the response elements returned by the AWS service.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled with logging were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled with logging were found.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_12", - "3_3_1", - "3_3_2", - "3_3_3", - "3_4_1", - "3_6_1", - "3_6_2", - "3_13_1", - "3_13_2", - "3_14_6", - "3_14_7" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_4" - ], - "HIPAA": [ - "164_308_a_1_ii_d", - "164_308_a_3_ii_a", - "164_308_a_6_ii", - "164_312_b", - "164_312_e_2_i" - ], - "SOC2": [ - "cc_2_1", - "cc_7_2", - "cc_a_1_1" - ], - "C5-2025": [ - "OIS-05.01B", - "OIS-05.02B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-15.03B", - "IAM-07.04B", - "DEV-08.02B", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-12.03AC" - ], - "NIST-CSF-1.1": [ - "ae_1", - "ae_3", - "ae_4", - "cm_1", - "cm_3", - "cm_6", - "cm_7", - "am_3", - "ac_6", - "ds_5", - "ma_2", - "pt_1" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-4", - "ac-2-g", - "au-2-a-d", - "au-3", - "au-6-1-3", - "au-12-a-c", - "ca-7-a-b", - "si-4-16", - "si-4-2", - "si-4-4", - "si-4-5" - ], - "CIS-3.0": [ - "3.1" - ], - "NIST-800-53-Revision-5": [ - "ac_2_4", - "ac_3_1", - "ac_3_10", - "ac_4_26", - "ac_6_9", - "au_2_b", - "au_3_1", - "au_3_a", - "au_3_b", - "au_3_c", - "au_3_d", - "au_3_e", - "au_3_f", - "au_6_3", - "au_6_4", - "au_6_6", - "au_6_9", - "au_8_b", - "au_10", - "au_12_a", - "au_12_c", - "au_12_1", - "au_12_2", - "au_12_3", - "au_12_4", - "au_14_a", - "au_14_b", - "au_14_3", - "ca_7_b", - "cm_5_1_b", - "cm_6_a", - "cm_9_b", - "ia_3_3_b", - "ma_4_1_a", - "pm_14_a_1", - "pm_14_b", - "pm_31", - "sc_7_9_b", - "si_1_1_c", - "si_3_8_b", - "si_4_2", - "si_4_17", - "si_4_20", - "si_7_8", - "si_10_1_c" - ], - "ENS-RD2022": [ - "op.acc.6.r5.aws.iam.1", - "op.exp.5.aws.ct.1", - "op.exp.8.aws.ct.1", - "op.exp.8.aws.ct.6", - "op.exp.9.aws.ct.1", - "op.mon.1.aws.ct.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "CIS-4.0.1": [ - "3.1" - ], - "PCI-4.0": [ - "10.2.1.1.22", - "10.2.1.2.19", - "10.2.1.3.19", - "10.2.1.4.19", - "10.2.1.5.19", - "10.2.1.6.19", - "10.2.1.7.19", - "10.2.1.19", - "10.2.2.19", - "10.3.1.19", - "10.6.3.24", - "5.3.4.22", - "A1.2.1.23" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "au-2", - "ca-7" - ], - "FFIEC": [ - "d2-ma-ma-b-1", - "d2-ma-ma-b-2", - "d3-dc-an-b-3", - "d3-dc-an-b-4", - "d3-dc-an-b-5", - "d3-dc-ev-b-1", - "d3-dc-ev-b-3", - "d3-pc-im-b-3", - "d3-pc-im-b-7", - "d5-dr-de-b-3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "3.2", - "3.2.3", - "3.4", - "3.4.d", - "10.1", - "10.2", - "10.2.1", - "10.2.2", - "10.2.3", - "10.2.4", - "10.2.6", - "10.2.7", - "10.3", - "10.3.1", - "10.3.2", - "10.3.3", - "10.3.4", - "10.3.5", - "10.3.6", - "10.5", - "10.5.4" - ], - "CIS-5.0": [ - "3.1" - ], - "CIS-1.4": [ - "3.1" - ], - "GxP-EU-Annex-11": [ - "1-risk-management", - "4.2-validation-documentation-change-control" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Logging.CN05.AR01", - "CCC.Core.CN08.AR01", - "CCC.Core.CN09.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR03" - ], - "GxP-21-CFR-Part-11": [ - "11.10-e", - "11.10-k", - "11.300-d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "CloudTrail.1" - ], - "CIS-1.5": [ - "3.1" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02", - "SEC04-BP03" - ], - "NIST-800-53-Revision-4": [ - "ac_2_4", - "ac_2", - "au_2", - "au_3", - "au_12", - "cm_2" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "CIS-2.0": [ - "3.1" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure CloudTrail is enabled in all regions", - "title": "Ensure CloudTrail is enabled in all regions", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:us-east-1:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Ensure Logging is set to ON on all regions (even if they are not being used at the moment.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrailconcepts.html#cloudtrail-concepts-management-events" - ] - }, - "risk_details": "AWS CloudTrail is a web service that records AWS API calls for your account and delivers log files to you. The recorded information includes the identity of the API caller, the time of the API call, the source IP address of the API caller, the request parameters, and the response elements returned by the AWS service.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled with logging were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled with logging were found.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_12", - "3_3_1", - "3_3_2", - "3_3_3", - "3_4_1", - "3_6_1", - "3_6_2", - "3_13_1", - "3_13_2", - "3_14_6", - "3_14_7" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_4" - ], - "HIPAA": [ - "164_308_a_1_ii_d", - "164_308_a_3_ii_a", - "164_308_a_6_ii", - "164_312_b", - "164_312_e_2_i" - ], - "SOC2": [ - "cc_2_1", - "cc_7_2", - "cc_a_1_1" - ], - "C5-2025": [ - "OIS-05.01B", - "OIS-05.02B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-15.03B", - "IAM-07.04B", - "DEV-08.02B", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-12.03AC" - ], - "NIST-CSF-1.1": [ - "ae_1", - "ae_3", - "ae_4", - "cm_1", - "cm_3", - "cm_6", - "cm_7", - "am_3", - "ac_6", - "ds_5", - "ma_2", - "pt_1" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-4", - "ac-2-g", - "au-2-a-d", - "au-3", - "au-6-1-3", - "au-12-a-c", - "ca-7-a-b", - "si-4-16", - "si-4-2", - "si-4-4", - "si-4-5" - ], - "CIS-3.0": [ - "3.1" - ], - "NIST-800-53-Revision-5": [ - "ac_2_4", - "ac_3_1", - "ac_3_10", - "ac_4_26", - "ac_6_9", - "au_2_b", - "au_3_1", - "au_3_a", - "au_3_b", - "au_3_c", - "au_3_d", - "au_3_e", - "au_3_f", - "au_6_3", - "au_6_4", - "au_6_6", - "au_6_9", - "au_8_b", - "au_10", - "au_12_a", - "au_12_c", - "au_12_1", - "au_12_2", - "au_12_3", - "au_12_4", - "au_14_a", - "au_14_b", - "au_14_3", - "ca_7_b", - "cm_5_1_b", - "cm_6_a", - "cm_9_b", - "ia_3_3_b", - "ma_4_1_a", - "pm_14_a_1", - "pm_14_b", - "pm_31", - "sc_7_9_b", - "si_1_1_c", - "si_3_8_b", - "si_4_2", - "si_4_17", - "si_4_20", - "si_7_8", - "si_10_1_c" - ], - "ENS-RD2022": [ - "op.acc.6.r5.aws.iam.1", - "op.exp.5.aws.ct.1", - "op.exp.8.aws.ct.1", - "op.exp.8.aws.ct.6", - "op.exp.9.aws.ct.1", - "op.mon.1.aws.ct.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "CIS-4.0.1": [ - "3.1" - ], - "PCI-4.0": [ - "10.2.1.1.22", - "10.2.1.2.19", - "10.2.1.3.19", - "10.2.1.4.19", - "10.2.1.5.19", - "10.2.1.6.19", - "10.2.1.7.19", - "10.2.1.19", - "10.2.2.19", - "10.3.1.19", - "10.6.3.24", - "5.3.4.22", - "A1.2.1.23" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "au-2", - "ca-7" - ], - "FFIEC": [ - "d2-ma-ma-b-1", - "d2-ma-ma-b-2", - "d3-dc-an-b-3", - "d3-dc-an-b-4", - "d3-dc-an-b-5", - "d3-dc-ev-b-1", - "d3-dc-ev-b-3", - "d3-pc-im-b-3", - "d3-pc-im-b-7", - "d5-dr-de-b-3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "3.2", - "3.2.3", - "3.4", - "3.4.d", - "10.1", - "10.2", - "10.2.1", - "10.2.2", - "10.2.3", - "10.2.4", - "10.2.6", - "10.2.7", - "10.3", - "10.3.1", - "10.3.2", - "10.3.3", - "10.3.4", - "10.3.5", - "10.3.6", - "10.5", - "10.5.4" - ], - "CIS-5.0": [ - "3.1" - ], - "CIS-1.4": [ - "3.1" - ], - "GxP-EU-Annex-11": [ - "1-risk-management", - "4.2-validation-documentation-change-control" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Logging.CN05.AR01", - "CCC.Core.CN08.AR01", - "CCC.Core.CN09.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR03" - ], - "GxP-21-CFR-Part-11": [ - "11.10-e", - "11.10-k", - "11.300-d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "CloudTrail.1" - ], - "CIS-1.5": [ - "3.1" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02", - "SEC04-BP03" - ], - "NIST-800-53-Revision-4": [ - "ac_2_4", - "ac_2", - "au_2", - "au_3", - "au_12", - "cm_2" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "CIS-2.0": [ - "3.1" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure CloudTrail is enabled in all regions", - "title": "Ensure CloudTrail is enabled in all regions", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled-211203495394-us-east-2-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-2", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:us-east-2:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-2" - }, - "remediation": { - "desc": "Ensure Logging is set to ON on all regions (even if they are not being used at the moment.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrailconcepts.html#cloudtrail-concepts-management-events" - ] - }, - "risk_details": "AWS CloudTrail is a web service that records AWS API calls for your account and delivers log files to you. The recorded information includes the identity of the API caller, the time of the API call, the source IP address of the API caller, the request parameters, and the response elements returned by the AWS service.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled with logging were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled with logging were found.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_12", - "3_3_1", - "3_3_2", - "3_3_3", - "3_4_1", - "3_6_1", - "3_6_2", - "3_13_1", - "3_13_2", - "3_14_6", - "3_14_7" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_4" - ], - "HIPAA": [ - "164_308_a_1_ii_d", - "164_308_a_3_ii_a", - "164_308_a_6_ii", - "164_312_b", - "164_312_e_2_i" - ], - "SOC2": [ - "cc_2_1", - "cc_7_2", - "cc_a_1_1" - ], - "C5-2025": [ - "OIS-05.01B", - "OIS-05.02B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-15.03B", - "IAM-07.04B", - "DEV-08.02B", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-12.03AC" - ], - "NIST-CSF-1.1": [ - "ae_1", - "ae_3", - "ae_4", - "cm_1", - "cm_3", - "cm_6", - "cm_7", - "am_3", - "ac_6", - "ds_5", - "ma_2", - "pt_1" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-4", - "ac-2-g", - "au-2-a-d", - "au-3", - "au-6-1-3", - "au-12-a-c", - "ca-7-a-b", - "si-4-16", - "si-4-2", - "si-4-4", - "si-4-5" - ], - "CIS-3.0": [ - "3.1" - ], - "NIST-800-53-Revision-5": [ - "ac_2_4", - "ac_3_1", - "ac_3_10", - "ac_4_26", - "ac_6_9", - "au_2_b", - "au_3_1", - "au_3_a", - "au_3_b", - "au_3_c", - "au_3_d", - "au_3_e", - "au_3_f", - "au_6_3", - "au_6_4", - "au_6_6", - "au_6_9", - "au_8_b", - "au_10", - "au_12_a", - "au_12_c", - "au_12_1", - "au_12_2", - "au_12_3", - "au_12_4", - "au_14_a", - "au_14_b", - "au_14_3", - "ca_7_b", - "cm_5_1_b", - "cm_6_a", - "cm_9_b", - "ia_3_3_b", - "ma_4_1_a", - "pm_14_a_1", - "pm_14_b", - "pm_31", - "sc_7_9_b", - "si_1_1_c", - "si_3_8_b", - "si_4_2", - "si_4_17", - "si_4_20", - "si_7_8", - "si_10_1_c" - ], - "ENS-RD2022": [ - "op.acc.6.r5.aws.iam.1", - "op.exp.5.aws.ct.1", - "op.exp.8.aws.ct.1", - "op.exp.8.aws.ct.6", - "op.exp.9.aws.ct.1", - "op.mon.1.aws.ct.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "CIS-4.0.1": [ - "3.1" - ], - "PCI-4.0": [ - "10.2.1.1.22", - "10.2.1.2.19", - "10.2.1.3.19", - "10.2.1.4.19", - "10.2.1.5.19", - "10.2.1.6.19", - "10.2.1.7.19", - "10.2.1.19", - "10.2.2.19", - "10.3.1.19", - "10.6.3.24", - "5.3.4.22", - "A1.2.1.23" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "au-2", - "ca-7" - ], - "FFIEC": [ - "d2-ma-ma-b-1", - "d2-ma-ma-b-2", - "d3-dc-an-b-3", - "d3-dc-an-b-4", - "d3-dc-an-b-5", - "d3-dc-ev-b-1", - "d3-dc-ev-b-3", - "d3-pc-im-b-3", - "d3-pc-im-b-7", - "d5-dr-de-b-3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "3.2", - "3.2.3", - "3.4", - "3.4.d", - "10.1", - "10.2", - "10.2.1", - "10.2.2", - "10.2.3", - "10.2.4", - "10.2.6", - "10.2.7", - "10.3", - "10.3.1", - "10.3.2", - "10.3.3", - "10.3.4", - "10.3.5", - "10.3.6", - "10.5", - "10.5.4" - ], - "CIS-5.0": [ - "3.1" - ], - "CIS-1.4": [ - "3.1" - ], - "GxP-EU-Annex-11": [ - "1-risk-management", - "4.2-validation-documentation-change-control" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Logging.CN05.AR01", - "CCC.Core.CN08.AR01", - "CCC.Core.CN09.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR03" - ], - "GxP-21-CFR-Part-11": [ - "11.10-e", - "11.10-k", - "11.300-d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "CloudTrail.1" - ], - "CIS-1.5": [ - "3.1" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02", - "SEC04-BP03" - ], - "NIST-800-53-Revision-4": [ - "ac_2_4", - "ac_2", - "au_2", - "au_3", - "au_12", - "cm_2" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "CIS-2.0": [ - "3.1" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure CloudTrail is enabled in all regions", - "title": "Ensure CloudTrail is enabled in all regions", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled-211203495394-us-west-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-west-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:us-west-1:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-west-1" - }, - "remediation": { - "desc": "Ensure Logging is set to ON on all regions (even if they are not being used at the moment.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrailconcepts.html#cloudtrail-concepts-management-events" - ] - }, - "risk_details": "AWS CloudTrail is a web service that records AWS API calls for your account and delivers log files to you. The recorded information includes the identity of the API caller, the time of the API call, the source IP address of the API caller, the request parameters, and the response elements returned by the AWS service.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled with logging were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled with logging were found.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_12", - "3_3_1", - "3_3_2", - "3_3_3", - "3_4_1", - "3_6_1", - "3_6_2", - "3_13_1", - "3_13_2", - "3_14_6", - "3_14_7" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_4" - ], - "HIPAA": [ - "164_308_a_1_ii_d", - "164_308_a_3_ii_a", - "164_308_a_6_ii", - "164_312_b", - "164_312_e_2_i" - ], - "SOC2": [ - "cc_2_1", - "cc_7_2", - "cc_a_1_1" - ], - "C5-2025": [ - "OIS-05.01B", - "OIS-05.02B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-15.03B", - "IAM-07.04B", - "DEV-08.02B", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-12.03AC" - ], - "NIST-CSF-1.1": [ - "ae_1", - "ae_3", - "ae_4", - "cm_1", - "cm_3", - "cm_6", - "cm_7", - "am_3", - "ac_6", - "ds_5", - "ma_2", - "pt_1" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-4", - "ac-2-g", - "au-2-a-d", - "au-3", - "au-6-1-3", - "au-12-a-c", - "ca-7-a-b", - "si-4-16", - "si-4-2", - "si-4-4", - "si-4-5" - ], - "CIS-3.0": [ - "3.1" - ], - "NIST-800-53-Revision-5": [ - "ac_2_4", - "ac_3_1", - "ac_3_10", - "ac_4_26", - "ac_6_9", - "au_2_b", - "au_3_1", - "au_3_a", - "au_3_b", - "au_3_c", - "au_3_d", - "au_3_e", - "au_3_f", - "au_6_3", - "au_6_4", - "au_6_6", - "au_6_9", - "au_8_b", - "au_10", - "au_12_a", - "au_12_c", - "au_12_1", - "au_12_2", - "au_12_3", - "au_12_4", - "au_14_a", - "au_14_b", - "au_14_3", - "ca_7_b", - "cm_5_1_b", - "cm_6_a", - "cm_9_b", - "ia_3_3_b", - "ma_4_1_a", - "pm_14_a_1", - "pm_14_b", - "pm_31", - "sc_7_9_b", - "si_1_1_c", - "si_3_8_b", - "si_4_2", - "si_4_17", - "si_4_20", - "si_7_8", - "si_10_1_c" - ], - "ENS-RD2022": [ - "op.acc.6.r5.aws.iam.1", - "op.exp.5.aws.ct.1", - "op.exp.8.aws.ct.1", - "op.exp.8.aws.ct.6", - "op.exp.9.aws.ct.1", - "op.mon.1.aws.ct.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "CIS-4.0.1": [ - "3.1" - ], - "PCI-4.0": [ - "10.2.1.1.22", - "10.2.1.2.19", - "10.2.1.3.19", - "10.2.1.4.19", - "10.2.1.5.19", - "10.2.1.6.19", - "10.2.1.7.19", - "10.2.1.19", - "10.2.2.19", - "10.3.1.19", - "10.6.3.24", - "5.3.4.22", - "A1.2.1.23" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "au-2", - "ca-7" - ], - "FFIEC": [ - "d2-ma-ma-b-1", - "d2-ma-ma-b-2", - "d3-dc-an-b-3", - "d3-dc-an-b-4", - "d3-dc-an-b-5", - "d3-dc-ev-b-1", - "d3-dc-ev-b-3", - "d3-pc-im-b-3", - "d3-pc-im-b-7", - "d5-dr-de-b-3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "3.2", - "3.2.3", - "3.4", - "3.4.d", - "10.1", - "10.2", - "10.2.1", - "10.2.2", - "10.2.3", - "10.2.4", - "10.2.6", - "10.2.7", - "10.3", - "10.3.1", - "10.3.2", - "10.3.3", - "10.3.4", - "10.3.5", - "10.3.6", - "10.5", - "10.5.4" - ], - "CIS-5.0": [ - "3.1" - ], - "CIS-1.4": [ - "3.1" - ], - "GxP-EU-Annex-11": [ - "1-risk-management", - "4.2-validation-documentation-change-control" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Logging.CN05.AR01", - "CCC.Core.CN08.AR01", - "CCC.Core.CN09.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR03" - ], - "GxP-21-CFR-Part-11": [ - "11.10-e", - "11.10-k", - "11.300-d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "CloudTrail.1" - ], - "CIS-1.5": [ - "3.1" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02", - "SEC04-BP03" - ], - "NIST-800-53-Revision-4": [ - "ac_2_4", - "ac_2", - "au_2", - "au_3", - "au_12", - "cm_2" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "CIS-2.0": [ - "3.1" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure CloudTrail is enabled in all regions", - "title": "Ensure CloudTrail is enabled in all regions", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled-211203495394-us-west-2-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-west-2", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:us-west-2:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-west-2" - }, - "remediation": { - "desc": "Ensure Logging is set to ON on all regions (even if they are not being used at the moment.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrailconcepts.html#cloudtrail-concepts-management-events" - ] - }, - "risk_details": "AWS CloudTrail is a web service that records AWS API calls for your account and delivers log files to you. The recorded information includes the identity of the API caller, the time of the API call, the source IP address of the API caller, the request parameters, and the response elements returned by the AWS service.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled and logging management events were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled_logging_management_events", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled and logging management events were found.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.prowler.com/checks/aws/logging-policies/logging_14", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-05.02B", - "AM-01.01AC", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-11.02AC", - "OPS-12.01B", - "OPS-13.02B", - "OPS-13.01AC", - "OPS-13.03AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "IAM-07.04B", - "DEV-08.02B", - "SSO-05.01AC", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-04.05B", - "PSS-12.02AC", - "PSS-12.03AC" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR02" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "NIS2": [ - "3.1.2.a", - "3.2.3.c", - "3.4.2.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure CloudTrail logging management events in All Regions", - "title": "Ensure CloudTrail logging management events in All Regions", - "types": [ - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled_logging_management_events-211203495394-ap-northeast-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-northeast-1", - "data": { - "details": "", - "metadata": { - "arn:aws:cloudtrail:us-west-1:211203495394:trail": { - "region": "us-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-2:211203495394:trail": { - "region": "us-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-east-1:211203495394:trail": { - "region": "us-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-1:211203495394:trail": { - "region": "ap-northeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-2:211203495394:trail": { - "region": "ap-southeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-2:211203495394:trail": { - "region": "eu-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:sa-east-1:211203495394:trail": { - "region": "sa-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-3:211203495394:trail": { - "region": "ap-northeast-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-2:211203495394:trail": { - "region": "ap-northeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-1:211203495394:trail": { - "region": "eu-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-east-2:211203495394:trail": { - "region": "us-east-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ca-central-1:211203495394:trail": { - "region": "ca-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-3:211203495394:trail": { - "region": "eu-west-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-central-1:211203495394:trail": { - "region": "eu-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-north-1:211203495394:trail": { - "region": "eu-north-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-south-1:211203495394:trail": { - "region": "ap-south-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-1:211203495394:trail": { - "region": "ap-southeast-1", - "data_events": [], - "tags": [] - } - } - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:ap-northeast-1:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-northeast-1" - }, - "remediation": { - "desc": "Enable CloudTrail logging management events in All Regions", - "references": [ - "https://docs.prowler.com/checks/aws/logging-policies/logging_14" - ] - }, - "risk_details": "AWS CloudTrail enables governance, compliance, operational auditing, and risk auditing of your AWS account. To meet FTR requirements, you must have management events enabled for all AWS accounts and in all regions and aggregate these logs into an Amazon Simple Storage Service (Amazon S3) bucket owned by a separate AWS account.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled and logging management events were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled_logging_management_events", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled and logging management events were found.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.prowler.com/checks/aws/logging-policies/logging_14", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-05.02B", - "AM-01.01AC", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-11.02AC", - "OPS-12.01B", - "OPS-13.02B", - "OPS-13.01AC", - "OPS-13.03AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "IAM-07.04B", - "DEV-08.02B", - "SSO-05.01AC", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-04.05B", - "PSS-12.02AC", - "PSS-12.03AC" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR02" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "NIS2": [ - "3.1.2.a", - "3.2.3.c", - "3.4.2.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure CloudTrail logging management events in All Regions", - "title": "Ensure CloudTrail logging management events in All Regions", - "types": [ - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled_logging_management_events-211203495394-ap-northeast-2-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-northeast-2", - "data": { - "details": "", - "metadata": { - "arn:aws:cloudtrail:us-west-1:211203495394:trail": { - "region": "us-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-2:211203495394:trail": { - "region": "us-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-east-1:211203495394:trail": { - "region": "us-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-1:211203495394:trail": { - "region": "ap-northeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-2:211203495394:trail": { - "region": "ap-southeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-2:211203495394:trail": { - "region": "eu-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:sa-east-1:211203495394:trail": { - "region": "sa-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-3:211203495394:trail": { - "region": "ap-northeast-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-2:211203495394:trail": { - "region": "ap-northeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-1:211203495394:trail": { - "region": "eu-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-east-2:211203495394:trail": { - "region": "us-east-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ca-central-1:211203495394:trail": { - "region": "ca-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-3:211203495394:trail": { - "region": "eu-west-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-central-1:211203495394:trail": { - "region": "eu-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-north-1:211203495394:trail": { - "region": "eu-north-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-south-1:211203495394:trail": { - "region": "ap-south-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-1:211203495394:trail": { - "region": "ap-southeast-1", - "data_events": [], - "tags": [] - } - } - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:ap-northeast-2:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-northeast-2" - }, - "remediation": { - "desc": "Enable CloudTrail logging management events in All Regions", - "references": [ - "https://docs.prowler.com/checks/aws/logging-policies/logging_14" - ] - }, - "risk_details": "AWS CloudTrail enables governance, compliance, operational auditing, and risk auditing of your AWS account. To meet FTR requirements, you must have management events enabled for all AWS accounts and in all regions and aggregate these logs into an Amazon Simple Storage Service (Amazon S3) bucket owned by a separate AWS account.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled and logging management events were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled_logging_management_events", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled and logging management events were found.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.prowler.com/checks/aws/logging-policies/logging_14", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-05.02B", - "AM-01.01AC", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-11.02AC", - "OPS-12.01B", - "OPS-13.02B", - "OPS-13.01AC", - "OPS-13.03AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "IAM-07.04B", - "DEV-08.02B", - "SSO-05.01AC", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-04.05B", - "PSS-12.02AC", - "PSS-12.03AC" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR02" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "NIS2": [ - "3.1.2.a", - "3.2.3.c", - "3.4.2.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure CloudTrail logging management events in All Regions", - "title": "Ensure CloudTrail logging management events in All Regions", - "types": [ - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled_logging_management_events-211203495394-ap-northeast-3-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-northeast-3", - "data": { - "details": "", - "metadata": { - "arn:aws:cloudtrail:us-west-1:211203495394:trail": { - "region": "us-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-2:211203495394:trail": { - "region": "us-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-east-1:211203495394:trail": { - "region": "us-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-1:211203495394:trail": { - "region": "ap-northeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-2:211203495394:trail": { - "region": "ap-southeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-2:211203495394:trail": { - "region": "eu-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:sa-east-1:211203495394:trail": { - "region": "sa-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-3:211203495394:trail": { - "region": "ap-northeast-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-2:211203495394:trail": { - "region": "ap-northeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-1:211203495394:trail": { - "region": "eu-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-east-2:211203495394:trail": { - "region": "us-east-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ca-central-1:211203495394:trail": { - "region": "ca-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-3:211203495394:trail": { - "region": "eu-west-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-central-1:211203495394:trail": { - "region": "eu-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-north-1:211203495394:trail": { - "region": "eu-north-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-south-1:211203495394:trail": { - "region": "ap-south-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-1:211203495394:trail": { - "region": "ap-southeast-1", - "data_events": [], - "tags": [] - } - } - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:ap-northeast-3:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-northeast-3" - }, - "remediation": { - "desc": "Enable CloudTrail logging management events in All Regions", - "references": [ - "https://docs.prowler.com/checks/aws/logging-policies/logging_14" - ] - }, - "risk_details": "AWS CloudTrail enables governance, compliance, operational auditing, and risk auditing of your AWS account. To meet FTR requirements, you must have management events enabled for all AWS accounts and in all regions and aggregate these logs into an Amazon Simple Storage Service (Amazon S3) bucket owned by a separate AWS account.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled and logging management events were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled_logging_management_events", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled and logging management events were found.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.prowler.com/checks/aws/logging-policies/logging_14", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-05.02B", - "AM-01.01AC", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-11.02AC", - "OPS-12.01B", - "OPS-13.02B", - "OPS-13.01AC", - "OPS-13.03AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "IAM-07.04B", - "DEV-08.02B", - "SSO-05.01AC", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-04.05B", - "PSS-12.02AC", - "PSS-12.03AC" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR02" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "NIS2": [ - "3.1.2.a", - "3.2.3.c", - "3.4.2.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure CloudTrail logging management events in All Regions", - "title": "Ensure CloudTrail logging management events in All Regions", - "types": [ - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled_logging_management_events-211203495394-ap-south-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-south-1", - "data": { - "details": "", - "metadata": { - "arn:aws:cloudtrail:us-west-1:211203495394:trail": { - "region": "us-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-2:211203495394:trail": { - "region": "us-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-east-1:211203495394:trail": { - "region": "us-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-1:211203495394:trail": { - "region": "ap-northeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-2:211203495394:trail": { - "region": "ap-southeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-2:211203495394:trail": { - "region": "eu-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:sa-east-1:211203495394:trail": { - "region": "sa-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-3:211203495394:trail": { - "region": "ap-northeast-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-2:211203495394:trail": { - "region": "ap-northeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-1:211203495394:trail": { - "region": "eu-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-east-2:211203495394:trail": { - "region": "us-east-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ca-central-1:211203495394:trail": { - "region": "ca-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-3:211203495394:trail": { - "region": "eu-west-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-central-1:211203495394:trail": { - "region": "eu-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-north-1:211203495394:trail": { - "region": "eu-north-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-south-1:211203495394:trail": { - "region": "ap-south-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-1:211203495394:trail": { - "region": "ap-southeast-1", - "data_events": [], - "tags": [] - } - } - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:ap-south-1:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-south-1" - }, - "remediation": { - "desc": "Enable CloudTrail logging management events in All Regions", - "references": [ - "https://docs.prowler.com/checks/aws/logging-policies/logging_14" - ] - }, - "risk_details": "AWS CloudTrail enables governance, compliance, operational auditing, and risk auditing of your AWS account. To meet FTR requirements, you must have management events enabled for all AWS accounts and in all regions and aggregate these logs into an Amazon Simple Storage Service (Amazon S3) bucket owned by a separate AWS account.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled and logging management events were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled_logging_management_events", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled and logging management events were found.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.prowler.com/checks/aws/logging-policies/logging_14", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-05.02B", - "AM-01.01AC", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-11.02AC", - "OPS-12.01B", - "OPS-13.02B", - "OPS-13.01AC", - "OPS-13.03AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "IAM-07.04B", - "DEV-08.02B", - "SSO-05.01AC", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-04.05B", - "PSS-12.02AC", - "PSS-12.03AC" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR02" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "NIS2": [ - "3.1.2.a", - "3.2.3.c", - "3.4.2.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure CloudTrail logging management events in All Regions", - "title": "Ensure CloudTrail logging management events in All Regions", - "types": [ - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled_logging_management_events-211203495394-ap-southeast-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-southeast-1", - "data": { - "details": "", - "metadata": { - "arn:aws:cloudtrail:us-west-1:211203495394:trail": { - "region": "us-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-2:211203495394:trail": { - "region": "us-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-east-1:211203495394:trail": { - "region": "us-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-1:211203495394:trail": { - "region": "ap-northeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-2:211203495394:trail": { - "region": "ap-southeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-2:211203495394:trail": { - "region": "eu-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:sa-east-1:211203495394:trail": { - "region": "sa-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-3:211203495394:trail": { - "region": "ap-northeast-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-2:211203495394:trail": { - "region": "ap-northeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-1:211203495394:trail": { - "region": "eu-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-east-2:211203495394:trail": { - "region": "us-east-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ca-central-1:211203495394:trail": { - "region": "ca-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-3:211203495394:trail": { - "region": "eu-west-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-central-1:211203495394:trail": { - "region": "eu-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-north-1:211203495394:trail": { - "region": "eu-north-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-south-1:211203495394:trail": { - "region": "ap-south-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-1:211203495394:trail": { - "region": "ap-southeast-1", - "data_events": [], - "tags": [] - } - } - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:ap-southeast-1:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-southeast-1" - }, - "remediation": { - "desc": "Enable CloudTrail logging management events in All Regions", - "references": [ - "https://docs.prowler.com/checks/aws/logging-policies/logging_14" - ] - }, - "risk_details": "AWS CloudTrail enables governance, compliance, operational auditing, and risk auditing of your AWS account. To meet FTR requirements, you must have management events enabled for all AWS accounts and in all regions and aggregate these logs into an Amazon Simple Storage Service (Amazon S3) bucket owned by a separate AWS account.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled and logging management events were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled_logging_management_events", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled and logging management events were found.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.prowler.com/checks/aws/logging-policies/logging_14", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-05.02B", - "AM-01.01AC", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-11.02AC", - "OPS-12.01B", - "OPS-13.02B", - "OPS-13.01AC", - "OPS-13.03AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "IAM-07.04B", - "DEV-08.02B", - "SSO-05.01AC", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-04.05B", - "PSS-12.02AC", - "PSS-12.03AC" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR02" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "NIS2": [ - "3.1.2.a", - "3.2.3.c", - "3.4.2.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure CloudTrail logging management events in All Regions", - "title": "Ensure CloudTrail logging management events in All Regions", - "types": [ - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled_logging_management_events-211203495394-ap-southeast-2-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-southeast-2", - "data": { - "details": "", - "metadata": { - "arn:aws:cloudtrail:us-west-1:211203495394:trail": { - "region": "us-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-2:211203495394:trail": { - "region": "us-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-east-1:211203495394:trail": { - "region": "us-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-1:211203495394:trail": { - "region": "ap-northeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-2:211203495394:trail": { - "region": "ap-southeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-2:211203495394:trail": { - "region": "eu-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:sa-east-1:211203495394:trail": { - "region": "sa-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-3:211203495394:trail": { - "region": "ap-northeast-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-2:211203495394:trail": { - "region": "ap-northeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-1:211203495394:trail": { - "region": "eu-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-east-2:211203495394:trail": { - "region": "us-east-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ca-central-1:211203495394:trail": { - "region": "ca-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-3:211203495394:trail": { - "region": "eu-west-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-central-1:211203495394:trail": { - "region": "eu-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-north-1:211203495394:trail": { - "region": "eu-north-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-south-1:211203495394:trail": { - "region": "ap-south-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-1:211203495394:trail": { - "region": "ap-southeast-1", - "data_events": [], - "tags": [] - } - } - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:ap-southeast-2:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-southeast-2" - }, - "remediation": { - "desc": "Enable CloudTrail logging management events in All Regions", - "references": [ - "https://docs.prowler.com/checks/aws/logging-policies/logging_14" - ] - }, - "risk_details": "AWS CloudTrail enables governance, compliance, operational auditing, and risk auditing of your AWS account. To meet FTR requirements, you must have management events enabled for all AWS accounts and in all regions and aggregate these logs into an Amazon Simple Storage Service (Amazon S3) bucket owned by a separate AWS account.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled and logging management events were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled_logging_management_events", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled and logging management events were found.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.prowler.com/checks/aws/logging-policies/logging_14", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-05.02B", - "AM-01.01AC", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-11.02AC", - "OPS-12.01B", - "OPS-13.02B", - "OPS-13.01AC", - "OPS-13.03AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "IAM-07.04B", - "DEV-08.02B", - "SSO-05.01AC", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-04.05B", - "PSS-12.02AC", - "PSS-12.03AC" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR02" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "NIS2": [ - "3.1.2.a", - "3.2.3.c", - "3.4.2.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure CloudTrail logging management events in All Regions", - "title": "Ensure CloudTrail logging management events in All Regions", - "types": [ - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled_logging_management_events-211203495394-ca-central-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ca-central-1", - "data": { - "details": "", - "metadata": { - "arn:aws:cloudtrail:us-west-1:211203495394:trail": { - "region": "us-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-2:211203495394:trail": { - "region": "us-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-east-1:211203495394:trail": { - "region": "us-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-1:211203495394:trail": { - "region": "ap-northeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-2:211203495394:trail": { - "region": "ap-southeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-2:211203495394:trail": { - "region": "eu-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:sa-east-1:211203495394:trail": { - "region": "sa-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-3:211203495394:trail": { - "region": "ap-northeast-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-2:211203495394:trail": { - "region": "ap-northeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-1:211203495394:trail": { - "region": "eu-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-east-2:211203495394:trail": { - "region": "us-east-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ca-central-1:211203495394:trail": { - "region": "ca-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-3:211203495394:trail": { - "region": "eu-west-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-central-1:211203495394:trail": { - "region": "eu-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-north-1:211203495394:trail": { - "region": "eu-north-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-south-1:211203495394:trail": { - "region": "ap-south-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-1:211203495394:trail": { - "region": "ap-southeast-1", - "data_events": [], - "tags": [] - } - } - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:ca-central-1:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ca-central-1" - }, - "remediation": { - "desc": "Enable CloudTrail logging management events in All Regions", - "references": [ - "https://docs.prowler.com/checks/aws/logging-policies/logging_14" - ] - }, - "risk_details": "AWS CloudTrail enables governance, compliance, operational auditing, and risk auditing of your AWS account. To meet FTR requirements, you must have management events enabled for all AWS accounts and in all regions and aggregate these logs into an Amazon Simple Storage Service (Amazon S3) bucket owned by a separate AWS account.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled and logging management events were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled_logging_management_events", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled and logging management events were found.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.prowler.com/checks/aws/logging-policies/logging_14", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-05.02B", - "AM-01.01AC", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-11.02AC", - "OPS-12.01B", - "OPS-13.02B", - "OPS-13.01AC", - "OPS-13.03AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "IAM-07.04B", - "DEV-08.02B", - "SSO-05.01AC", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-04.05B", - "PSS-12.02AC", - "PSS-12.03AC" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR02" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "NIS2": [ - "3.1.2.a", - "3.2.3.c", - "3.4.2.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure CloudTrail logging management events in All Regions", - "title": "Ensure CloudTrail logging management events in All Regions", - "types": [ - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled_logging_management_events-211203495394-eu-central-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-central-1", - "data": { - "details": "", - "metadata": { - "arn:aws:cloudtrail:us-west-1:211203495394:trail": { - "region": "us-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-2:211203495394:trail": { - "region": "us-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-east-1:211203495394:trail": { - "region": "us-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-1:211203495394:trail": { - "region": "ap-northeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-2:211203495394:trail": { - "region": "ap-southeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-2:211203495394:trail": { - "region": "eu-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:sa-east-1:211203495394:trail": { - "region": "sa-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-3:211203495394:trail": { - "region": "ap-northeast-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-2:211203495394:trail": { - "region": "ap-northeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-1:211203495394:trail": { - "region": "eu-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-east-2:211203495394:trail": { - "region": "us-east-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ca-central-1:211203495394:trail": { - "region": "ca-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-3:211203495394:trail": { - "region": "eu-west-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-central-1:211203495394:trail": { - "region": "eu-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-north-1:211203495394:trail": { - "region": "eu-north-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-south-1:211203495394:trail": { - "region": "ap-south-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-1:211203495394:trail": { - "region": "ap-southeast-1", - "data_events": [], - "tags": [] - } - } - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:eu-central-1:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-central-1" - }, - "remediation": { - "desc": "Enable CloudTrail logging management events in All Regions", - "references": [ - "https://docs.prowler.com/checks/aws/logging-policies/logging_14" - ] - }, - "risk_details": "AWS CloudTrail enables governance, compliance, operational auditing, and risk auditing of your AWS account. To meet FTR requirements, you must have management events enabled for all AWS accounts and in all regions and aggregate these logs into an Amazon Simple Storage Service (Amazon S3) bucket owned by a separate AWS account.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled and logging management events were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled_logging_management_events", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled and logging management events were found.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.prowler.com/checks/aws/logging-policies/logging_14", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-05.02B", - "AM-01.01AC", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-11.02AC", - "OPS-12.01B", - "OPS-13.02B", - "OPS-13.01AC", - "OPS-13.03AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "IAM-07.04B", - "DEV-08.02B", - "SSO-05.01AC", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-04.05B", - "PSS-12.02AC", - "PSS-12.03AC" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR02" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "NIS2": [ - "3.1.2.a", - "3.2.3.c", - "3.4.2.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure CloudTrail logging management events in All Regions", - "title": "Ensure CloudTrail logging management events in All Regions", - "types": [ - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled_logging_management_events-211203495394-eu-north-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-north-1", - "data": { - "details": "", - "metadata": { - "arn:aws:cloudtrail:us-west-1:211203495394:trail": { - "region": "us-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-2:211203495394:trail": { - "region": "us-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-east-1:211203495394:trail": { - "region": "us-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-1:211203495394:trail": { - "region": "ap-northeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-2:211203495394:trail": { - "region": "ap-southeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-2:211203495394:trail": { - "region": "eu-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:sa-east-1:211203495394:trail": { - "region": "sa-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-3:211203495394:trail": { - "region": "ap-northeast-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-2:211203495394:trail": { - "region": "ap-northeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-1:211203495394:trail": { - "region": "eu-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-east-2:211203495394:trail": { - "region": "us-east-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ca-central-1:211203495394:trail": { - "region": "ca-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-3:211203495394:trail": { - "region": "eu-west-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-central-1:211203495394:trail": { - "region": "eu-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-north-1:211203495394:trail": { - "region": "eu-north-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-south-1:211203495394:trail": { - "region": "ap-south-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-1:211203495394:trail": { - "region": "ap-southeast-1", - "data_events": [], - "tags": [] - } - } - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:eu-north-1:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-north-1" - }, - "remediation": { - "desc": "Enable CloudTrail logging management events in All Regions", - "references": [ - "https://docs.prowler.com/checks/aws/logging-policies/logging_14" - ] - }, - "risk_details": "AWS CloudTrail enables governance, compliance, operational auditing, and risk auditing of your AWS account. To meet FTR requirements, you must have management events enabled for all AWS accounts and in all regions and aggregate these logs into an Amazon Simple Storage Service (Amazon S3) bucket owned by a separate AWS account.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled and logging management events were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled_logging_management_events", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled and logging management events were found.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.prowler.com/checks/aws/logging-policies/logging_14", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-05.02B", - "AM-01.01AC", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-11.02AC", - "OPS-12.01B", - "OPS-13.02B", - "OPS-13.01AC", - "OPS-13.03AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "IAM-07.04B", - "DEV-08.02B", - "SSO-05.01AC", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-04.05B", - "PSS-12.02AC", - "PSS-12.03AC" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR02" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "NIS2": [ - "3.1.2.a", - "3.2.3.c", - "3.4.2.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure CloudTrail logging management events in All Regions", - "title": "Ensure CloudTrail logging management events in All Regions", - "types": [ - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled_logging_management_events-211203495394-eu-west-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn:aws:cloudtrail:us-west-1:211203495394:trail": { - "region": "us-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-2:211203495394:trail": { - "region": "us-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-east-1:211203495394:trail": { - "region": "us-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-1:211203495394:trail": { - "region": "ap-northeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-2:211203495394:trail": { - "region": "ap-southeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-2:211203495394:trail": { - "region": "eu-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:sa-east-1:211203495394:trail": { - "region": "sa-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-3:211203495394:trail": { - "region": "ap-northeast-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-2:211203495394:trail": { - "region": "ap-northeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-1:211203495394:trail": { - "region": "eu-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-east-2:211203495394:trail": { - "region": "us-east-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ca-central-1:211203495394:trail": { - "region": "ca-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-3:211203495394:trail": { - "region": "eu-west-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-central-1:211203495394:trail": { - "region": "eu-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-north-1:211203495394:trail": { - "region": "eu-north-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-south-1:211203495394:trail": { - "region": "ap-south-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-1:211203495394:trail": { - "region": "ap-southeast-1", - "data_events": [], - "tags": [] - } - } - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:eu-west-1:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Enable CloudTrail logging management events in All Regions", - "references": [ - "https://docs.prowler.com/checks/aws/logging-policies/logging_14" - ] - }, - "risk_details": "AWS CloudTrail enables governance, compliance, operational auditing, and risk auditing of your AWS account. To meet FTR requirements, you must have management events enabled for all AWS accounts and in all regions and aggregate these logs into an Amazon Simple Storage Service (Amazon S3) bucket owned by a separate AWS account.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled and logging management events were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled_logging_management_events", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled and logging management events were found.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.prowler.com/checks/aws/logging-policies/logging_14", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-05.02B", - "AM-01.01AC", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-11.02AC", - "OPS-12.01B", - "OPS-13.02B", - "OPS-13.01AC", - "OPS-13.03AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "IAM-07.04B", - "DEV-08.02B", - "SSO-05.01AC", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-04.05B", - "PSS-12.02AC", - "PSS-12.03AC" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR02" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "NIS2": [ - "3.1.2.a", - "3.2.3.c", - "3.4.2.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure CloudTrail logging management events in All Regions", - "title": "Ensure CloudTrail logging management events in All Regions", - "types": [ - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled_logging_management_events-211203495394-eu-west-2-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-2", - "data": { - "details": "", - "metadata": { - "arn:aws:cloudtrail:us-west-1:211203495394:trail": { - "region": "us-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-2:211203495394:trail": { - "region": "us-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-east-1:211203495394:trail": { - "region": "us-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-1:211203495394:trail": { - "region": "ap-northeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-2:211203495394:trail": { - "region": "ap-southeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-2:211203495394:trail": { - "region": "eu-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:sa-east-1:211203495394:trail": { - "region": "sa-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-3:211203495394:trail": { - "region": "ap-northeast-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-2:211203495394:trail": { - "region": "ap-northeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-1:211203495394:trail": { - "region": "eu-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-east-2:211203495394:trail": { - "region": "us-east-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ca-central-1:211203495394:trail": { - "region": "ca-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-3:211203495394:trail": { - "region": "eu-west-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-central-1:211203495394:trail": { - "region": "eu-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-north-1:211203495394:trail": { - "region": "eu-north-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-south-1:211203495394:trail": { - "region": "ap-south-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-1:211203495394:trail": { - "region": "ap-southeast-1", - "data_events": [], - "tags": [] - } - } - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:eu-west-2:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-2" - }, - "remediation": { - "desc": "Enable CloudTrail logging management events in All Regions", - "references": [ - "https://docs.prowler.com/checks/aws/logging-policies/logging_14" - ] - }, - "risk_details": "AWS CloudTrail enables governance, compliance, operational auditing, and risk auditing of your AWS account. To meet FTR requirements, you must have management events enabled for all AWS accounts and in all regions and aggregate these logs into an Amazon Simple Storage Service (Amazon S3) bucket owned by a separate AWS account.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled and logging management events were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled_logging_management_events", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled and logging management events were found.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.prowler.com/checks/aws/logging-policies/logging_14", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-05.02B", - "AM-01.01AC", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-11.02AC", - "OPS-12.01B", - "OPS-13.02B", - "OPS-13.01AC", - "OPS-13.03AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "IAM-07.04B", - "DEV-08.02B", - "SSO-05.01AC", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-04.05B", - "PSS-12.02AC", - "PSS-12.03AC" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR02" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "NIS2": [ - "3.1.2.a", - "3.2.3.c", - "3.4.2.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure CloudTrail logging management events in All Regions", - "title": "Ensure CloudTrail logging management events in All Regions", - "types": [ - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled_logging_management_events-211203495394-eu-west-3-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-3", - "data": { - "details": "", - "metadata": { - "arn:aws:cloudtrail:us-west-1:211203495394:trail": { - "region": "us-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-2:211203495394:trail": { - "region": "us-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-east-1:211203495394:trail": { - "region": "us-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-1:211203495394:trail": { - "region": "ap-northeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-2:211203495394:trail": { - "region": "ap-southeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-2:211203495394:trail": { - "region": "eu-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:sa-east-1:211203495394:trail": { - "region": "sa-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-3:211203495394:trail": { - "region": "ap-northeast-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-2:211203495394:trail": { - "region": "ap-northeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-1:211203495394:trail": { - "region": "eu-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-east-2:211203495394:trail": { - "region": "us-east-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ca-central-1:211203495394:trail": { - "region": "ca-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-3:211203495394:trail": { - "region": "eu-west-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-central-1:211203495394:trail": { - "region": "eu-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-north-1:211203495394:trail": { - "region": "eu-north-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-south-1:211203495394:trail": { - "region": "ap-south-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-1:211203495394:trail": { - "region": "ap-southeast-1", - "data_events": [], - "tags": [] - } - } - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:eu-west-3:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-3" - }, - "remediation": { - "desc": "Enable CloudTrail logging management events in All Regions", - "references": [ - "https://docs.prowler.com/checks/aws/logging-policies/logging_14" - ] - }, - "risk_details": "AWS CloudTrail enables governance, compliance, operational auditing, and risk auditing of your AWS account. To meet FTR requirements, you must have management events enabled for all AWS accounts and in all regions and aggregate these logs into an Amazon Simple Storage Service (Amazon S3) bucket owned by a separate AWS account.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled and logging management events were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled_logging_management_events", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled and logging management events were found.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.prowler.com/checks/aws/logging-policies/logging_14", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-05.02B", - "AM-01.01AC", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-11.02AC", - "OPS-12.01B", - "OPS-13.02B", - "OPS-13.01AC", - "OPS-13.03AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "IAM-07.04B", - "DEV-08.02B", - "SSO-05.01AC", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-04.05B", - "PSS-12.02AC", - "PSS-12.03AC" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR02" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "NIS2": [ - "3.1.2.a", - "3.2.3.c", - "3.4.2.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure CloudTrail logging management events in All Regions", - "title": "Ensure CloudTrail logging management events in All Regions", - "types": [ - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled_logging_management_events-211203495394-sa-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "sa-east-1", - "data": { - "details": "", - "metadata": { - "arn:aws:cloudtrail:us-west-1:211203495394:trail": { - "region": "us-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-2:211203495394:trail": { - "region": "us-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-east-1:211203495394:trail": { - "region": "us-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-1:211203495394:trail": { - "region": "ap-northeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-2:211203495394:trail": { - "region": "ap-southeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-2:211203495394:trail": { - "region": "eu-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:sa-east-1:211203495394:trail": { - "region": "sa-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-3:211203495394:trail": { - "region": "ap-northeast-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-2:211203495394:trail": { - "region": "ap-northeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-1:211203495394:trail": { - "region": "eu-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-east-2:211203495394:trail": { - "region": "us-east-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ca-central-1:211203495394:trail": { - "region": "ca-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-3:211203495394:trail": { - "region": "eu-west-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-central-1:211203495394:trail": { - "region": "eu-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-north-1:211203495394:trail": { - "region": "eu-north-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-south-1:211203495394:trail": { - "region": "ap-south-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-1:211203495394:trail": { - "region": "ap-southeast-1", - "data_events": [], - "tags": [] - } - } - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:sa-east-1:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "sa-east-1" - }, - "remediation": { - "desc": "Enable CloudTrail logging management events in All Regions", - "references": [ - "https://docs.prowler.com/checks/aws/logging-policies/logging_14" - ] - }, - "risk_details": "AWS CloudTrail enables governance, compliance, operational auditing, and risk auditing of your AWS account. To meet FTR requirements, you must have management events enabled for all AWS accounts and in all regions and aggregate these logs into an Amazon Simple Storage Service (Amazon S3) bucket owned by a separate AWS account.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled and logging management events were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled_logging_management_events", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled and logging management events were found.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.prowler.com/checks/aws/logging-policies/logging_14", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-05.02B", - "AM-01.01AC", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-11.02AC", - "OPS-12.01B", - "OPS-13.02B", - "OPS-13.01AC", - "OPS-13.03AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "IAM-07.04B", - "DEV-08.02B", - "SSO-05.01AC", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-04.05B", - "PSS-12.02AC", - "PSS-12.03AC" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR02" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "NIS2": [ - "3.1.2.a", - "3.2.3.c", - "3.4.2.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure CloudTrail logging management events in All Regions", - "title": "Ensure CloudTrail logging management events in All Regions", - "types": [ - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled_logging_management_events-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn:aws:cloudtrail:us-west-1:211203495394:trail": { - "region": "us-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-2:211203495394:trail": { - "region": "us-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-east-1:211203495394:trail": { - "region": "us-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-1:211203495394:trail": { - "region": "ap-northeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-2:211203495394:trail": { - "region": "ap-southeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-2:211203495394:trail": { - "region": "eu-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:sa-east-1:211203495394:trail": { - "region": "sa-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-3:211203495394:trail": { - "region": "ap-northeast-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-2:211203495394:trail": { - "region": "ap-northeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-1:211203495394:trail": { - "region": "eu-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-east-2:211203495394:trail": { - "region": "us-east-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ca-central-1:211203495394:trail": { - "region": "ca-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-3:211203495394:trail": { - "region": "eu-west-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-central-1:211203495394:trail": { - "region": "eu-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-north-1:211203495394:trail": { - "region": "eu-north-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-south-1:211203495394:trail": { - "region": "ap-south-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-1:211203495394:trail": { - "region": "ap-southeast-1", - "data_events": [], - "tags": [] - } - } - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:us-east-1:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Enable CloudTrail logging management events in All Regions", - "references": [ - "https://docs.prowler.com/checks/aws/logging-policies/logging_14" - ] - }, - "risk_details": "AWS CloudTrail enables governance, compliance, operational auditing, and risk auditing of your AWS account. To meet FTR requirements, you must have management events enabled for all AWS accounts and in all regions and aggregate these logs into an Amazon Simple Storage Service (Amazon S3) bucket owned by a separate AWS account.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled and logging management events were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled_logging_management_events", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled and logging management events were found.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.prowler.com/checks/aws/logging-policies/logging_14", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-05.02B", - "AM-01.01AC", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-11.02AC", - "OPS-12.01B", - "OPS-13.02B", - "OPS-13.01AC", - "OPS-13.03AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "IAM-07.04B", - "DEV-08.02B", - "SSO-05.01AC", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-04.05B", - "PSS-12.02AC", - "PSS-12.03AC" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR02" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "NIS2": [ - "3.1.2.a", - "3.2.3.c", - "3.4.2.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure CloudTrail logging management events in All Regions", - "title": "Ensure CloudTrail logging management events in All Regions", - "types": [ - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled_logging_management_events-211203495394-us-east-2-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-2", - "data": { - "details": "", - "metadata": { - "arn:aws:cloudtrail:us-west-1:211203495394:trail": { - "region": "us-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-2:211203495394:trail": { - "region": "us-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-east-1:211203495394:trail": { - "region": "us-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-1:211203495394:trail": { - "region": "ap-northeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-2:211203495394:trail": { - "region": "ap-southeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-2:211203495394:trail": { - "region": "eu-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:sa-east-1:211203495394:trail": { - "region": "sa-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-3:211203495394:trail": { - "region": "ap-northeast-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-2:211203495394:trail": { - "region": "ap-northeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-1:211203495394:trail": { - "region": "eu-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-east-2:211203495394:trail": { - "region": "us-east-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ca-central-1:211203495394:trail": { - "region": "ca-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-3:211203495394:trail": { - "region": "eu-west-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-central-1:211203495394:trail": { - "region": "eu-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-north-1:211203495394:trail": { - "region": "eu-north-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-south-1:211203495394:trail": { - "region": "ap-south-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-1:211203495394:trail": { - "region": "ap-southeast-1", - "data_events": [], - "tags": [] - } - } - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:us-east-2:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-2" - }, - "remediation": { - "desc": "Enable CloudTrail logging management events in All Regions", - "references": [ - "https://docs.prowler.com/checks/aws/logging-policies/logging_14" - ] - }, - "risk_details": "AWS CloudTrail enables governance, compliance, operational auditing, and risk auditing of your AWS account. To meet FTR requirements, you must have management events enabled for all AWS accounts and in all regions and aggregate these logs into an Amazon Simple Storage Service (Amazon S3) bucket owned by a separate AWS account.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled and logging management events were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled_logging_management_events", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled and logging management events were found.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.prowler.com/checks/aws/logging-policies/logging_14", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-05.02B", - "AM-01.01AC", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-11.02AC", - "OPS-12.01B", - "OPS-13.02B", - "OPS-13.01AC", - "OPS-13.03AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "IAM-07.04B", - "DEV-08.02B", - "SSO-05.01AC", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-04.05B", - "PSS-12.02AC", - "PSS-12.03AC" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR02" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "NIS2": [ - "3.1.2.a", - "3.2.3.c", - "3.4.2.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure CloudTrail logging management events in All Regions", - "title": "Ensure CloudTrail logging management events in All Regions", - "types": [ - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled_logging_management_events-211203495394-us-west-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-west-1", - "data": { - "details": "", - "metadata": { - "arn:aws:cloudtrail:us-west-1:211203495394:trail": { - "region": "us-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-2:211203495394:trail": { - "region": "us-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-east-1:211203495394:trail": { - "region": "us-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-1:211203495394:trail": { - "region": "ap-northeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-2:211203495394:trail": { - "region": "ap-southeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-2:211203495394:trail": { - "region": "eu-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:sa-east-1:211203495394:trail": { - "region": "sa-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-3:211203495394:trail": { - "region": "ap-northeast-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-2:211203495394:trail": { - "region": "ap-northeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-1:211203495394:trail": { - "region": "eu-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-east-2:211203495394:trail": { - "region": "us-east-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ca-central-1:211203495394:trail": { - "region": "ca-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-3:211203495394:trail": { - "region": "eu-west-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-central-1:211203495394:trail": { - "region": "eu-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-north-1:211203495394:trail": { - "region": "eu-north-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-south-1:211203495394:trail": { - "region": "ap-south-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-1:211203495394:trail": { - "region": "ap-southeast-1", - "data_events": [], - "tags": [] - } - } - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:us-west-1:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-west-1" - }, - "remediation": { - "desc": "Enable CloudTrail logging management events in All Regions", - "references": [ - "https://docs.prowler.com/checks/aws/logging-policies/logging_14" - ] - }, - "risk_details": "AWS CloudTrail enables governance, compliance, operational auditing, and risk auditing of your AWS account. To meet FTR requirements, you must have management events enabled for all AWS accounts and in all regions and aggregate these logs into an Amazon Simple Storage Service (Amazon S3) bucket owned by a separate AWS account.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled and logging management events were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled_logging_management_events", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled and logging management events were found.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.prowler.com/checks/aws/logging-policies/logging_14", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-05.02B", - "AM-01.01AC", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-11.02AC", - "OPS-12.01B", - "OPS-13.02B", - "OPS-13.01AC", - "OPS-13.03AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "IAM-07.04B", - "DEV-08.02B", - "SSO-05.01AC", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-04.05B", - "PSS-12.02AC", - "PSS-12.03AC" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR02" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "NIS2": [ - "3.1.2.a", - "3.2.3.c", - "3.4.2.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure CloudTrail logging management events in All Regions", - "title": "Ensure CloudTrail logging management events in All Regions", - "types": [ - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled_logging_management_events-211203495394-us-west-2-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-west-2", - "data": { - "details": "", - "metadata": { - "arn:aws:cloudtrail:us-west-1:211203495394:trail": { - "region": "us-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-2:211203495394:trail": { - "region": "us-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-east-1:211203495394:trail": { - "region": "us-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-1:211203495394:trail": { - "region": "ap-northeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-2:211203495394:trail": { - "region": "ap-southeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-2:211203495394:trail": { - "region": "eu-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:sa-east-1:211203495394:trail": { - "region": "sa-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-3:211203495394:trail": { - "region": "ap-northeast-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-2:211203495394:trail": { - "region": "ap-northeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-1:211203495394:trail": { - "region": "eu-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-east-2:211203495394:trail": { - "region": "us-east-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ca-central-1:211203495394:trail": { - "region": "ca-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-3:211203495394:trail": { - "region": "eu-west-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-central-1:211203495394:trail": { - "region": "eu-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-north-1:211203495394:trail": { - "region": "eu-north-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-south-1:211203495394:trail": { - "region": "ap-south-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-1:211203495394:trail": { - "region": "ap-southeast-1", - "data_events": [], - "tags": [] - } - } - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:us-west-2:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-west-2" - }, - "remediation": { - "desc": "Enable CloudTrail logging management events in All Regions", - "references": [ - "https://docs.prowler.com/checks/aws/logging-policies/logging_14" - ] - }, - "risk_details": "AWS CloudTrail enables governance, compliance, operational auditing, and risk auditing of your AWS account. To meet FTR requirements, you must have management events enabled for all AWS accounts and in all regions and aggregate these logs into an Amazon Simple Storage Service (Amazon S3) bucket owned by a separate AWS account.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails have a data event to record all S3 object-level API operations.", - "metadata": { - "event_code": "cloudtrail_s3_dataevents_read_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails have a data event to record all S3 object-level API operations.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_12", - "3_3_1", - "3_3_2", - "3_3_3", - "3_13_1", - "3_14_6", - "3_14_7" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_4" - ], - "HIPAA": [ - "164_308_a_1_ii_d", - "164_308_a_3_ii_a", - "164_308_a_6_ii", - "164_312_a_2_i", - "164_312_b", - "164_312_e_2_i" - ], - "SOC2": [ - "cc_2_1", - "cc_7_2" - ], - "C5-2025": [ - "AM-01.01AC", - "OPS-11.02AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "IAM-07.04B", - "SSO-05.01AC", - "SIM-03.07B", - "COM-04.01AC", - "PSS-04.05B", - "PSS-12.03AC" - ], - "NIST-CSF-1.1": [ - "ae_3", - "ae_4", - "cm_1", - "cm_3", - "cm_6", - "cm_7", - "ds_5" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-4", - "ac-2-g", - "au-2-a-d", - "au-3", - "au-6-1-3", - "au-12-a-c", - "ca-7-a-b", - "si-4-16", - "si-4-2", - "si-4-4", - "si-4-5" - ], - "CIS-3.0": [ - "3.9" - ], - "NIST-800-53-Revision-5": [ - "ac_2_4", - "ac_3_1", - "ac_3_10", - "ac_4_26", - "ac_6_9", - "au_2_b", - "au_3_a", - "au_3_b", - "au_3_c", - "au_3_d", - "au_3_e", - "au_3_f", - "au_6_3", - "au_6_4", - "au_6_6", - "au_6_9", - "au_8_b", - "au_10", - "au_12_a", - "au_12_c", - "au_12_1", - "au_12_2", - "au_12_3", - "au_12_4", - "au_14_a", - "au_14_b", - "au_14_3", - "ca_7_b", - "cm_5_1_b", - "cm_6_a", - "cm_9_b", - "ia_3_3_b", - "ma_4_1_a", - "pm_14_a_1", - "pm_14_b", - "pm_31", - "sc_7_9_b", - "si_1_1_c", - "si_3_8_b", - "si_4_2", - "si_4_17", - "si_4_20", - "si_7_8", - "si_10_1_c" - ], - "ENS-RD2022": [ - "op.exp.8.r1.aws.ct.2", - "op.exp.8.r1.aws.ct.3", - "op.exp.8.r1.aws.ct.4" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "3.9" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "au-2", - "ca-7" - ], - "FFIEC": [ - "d2-ma-ma-b-1", - "d2-ma-ma-b-2", - "d3-dc-an-b-3", - "d3-dc-an-b-4", - "d3-dc-ev-b-1", - "d5-dr-de-b-3" - ], - "GDPR": [ - "article_30" - ], - "PCI-3.2.1": [ - "10.1", - "10.2", - "10.2.1", - "10.2.2", - "10.2.3", - "10.2.4", - "10.2.6", - "10.2.7", - "10.3", - "10.3.1", - "10.3.2", - "10.3.3", - "10.3.4", - "10.3.5", - "10.3.6", - "10.5", - "10.5.4" - ], - "CIS-5.0": [ - "3.9" - ], - "CIS-1.4": [ - "3.11" - ], - "GxP-EU-Annex-11": [ - "8.2-printouts-data-changes", - "9-audit-trails", - "12.4-security-audit-trail" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.ObjStor.CN06.AR01", - "CCC.Core.CN09.AR01", - "CCC.Core.CN09.AR02", - "CCC.Core.CN09.AR03", - "CCC.Core.CN04.AR02", - "CCC.Core.CN04.AR03" - ], - "GxP-21-CFR-Part-11": [ - "11.10-e", - "11.10-k" - ], - "ProwlerThreatScore-1.0": [ - "3.1.6" - ], - "CIS-1.5": [ - "3.11" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP01" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "NIST-800-53-Revision-4": [ - "ac_2", - "au_2", - "au_3", - "au_12" - ], - "AWS-Account-Security-Onboarding": [ - "Confirm that logs are present in S3 bucket and SIEM" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CIS-2.0": [ - "3.11" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ], - "NIS2": [ - "3.2.3.c", - "3.2.3.g", - "3.4.2.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure that all your AWS CloudTrail trails are configured to log Data events in order to record S3 object-level API operations, such as GetObject, DeleteObject and PutObject, for individual S3 buckets or for all current and future S3 buckets provisioned in your AWS account.", - "title": "Check if S3 buckets have Object-level logging for read events is enabled in CloudTrail.", - "types": [ - "Logging and Monitoring" - ], - "uid": "prowler-aws-cloudtrail_s3_dataevents_read_enabled-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn:aws:cloudtrail:us-west-1:211203495394:trail": { - "region": "us-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-2:211203495394:trail": { - "region": "us-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-east-1:211203495394:trail": { - "region": "us-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-1:211203495394:trail": { - "region": "ap-northeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-2:211203495394:trail": { - "region": "ap-southeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-2:211203495394:trail": { - "region": "eu-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:sa-east-1:211203495394:trail": { - "region": "sa-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-3:211203495394:trail": { - "region": "ap-northeast-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-2:211203495394:trail": { - "region": "ap-northeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-1:211203495394:trail": { - "region": "eu-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-east-2:211203495394:trail": { - "region": "us-east-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ca-central-1:211203495394:trail": { - "region": "ca-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-3:211203495394:trail": { - "region": "eu-west-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-central-1:211203495394:trail": { - "region": "eu-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-north-1:211203495394:trail": { - "region": "eu-north-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-south-1:211203495394:trail": { - "region": "ap-south-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-1:211203495394:trail": { - "region": "ap-southeast-1", - "data_events": [], - "tags": [] - } - } - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:us-east-1:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Enable logs. Create an S3 lifecycle policy. Define use cases, metrics and automated responses where applicable.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/enable-cloudtrail-logging-for-s3.html" - ] - }, - "risk_details": "If logs are not enabled, monitoring of service use and threat analysis is not possible.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails have a data event to record all S3 object-level API operations.", - "metadata": { - "event_code": "cloudtrail_s3_dataevents_write_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails have a data event to record all S3 object-level API operations.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_12", - "3_3_1", - "3_3_2", - "3_3_3", - "3_13_1", - "3_14_6", - "3_14_7" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_4" - ], - "HIPAA": [ - "164_308_a_1_ii_d", - "164_308_a_3_ii_a", - "164_308_a_6_ii", - "164_312_a_2_i", - "164_312_b", - "164_312_e_2_i" - ], - "SOC2": [ - "cc_2_1", - "cc_7_2" - ], - "C5-2025": [ - "OPS-11.02AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "IAM-07.04B", - "SSO-05.01AC", - "SIM-03.07B", - "COM-04.01AC", - "PSS-04.05B", - "PSS-12.03AC" - ], - "NIST-CSF-1.1": [ - "ae_3", - "ae_4", - "cm_1", - "cm_3", - "cm_6", - "cm_7", - "ds_5" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-4", - "ac-2-g", - "au-2-a-d", - "au-3", - "au-6-1-3", - "au-12-a-c", - "ca-7-a-b", - "si-4-16", - "si-4-2", - "si-4-4", - "si-4-5" - ], - "CIS-3.0": [ - "3.8" - ], - "NIST-800-53-Revision-5": [ - "ac_2_4", - "ac_3_1", - "ac_3_10", - "ac_4_26", - "ac_6_9", - "au_2_b", - "au_3_a", - "au_3_b", - "au_3_c", - "au_3_d", - "au_3_e", - "au_3_f", - "au_6_3", - "au_6_4", - "au_6_6", - "au_6_9", - "au_8_b", - "au_10", - "au_12_a", - "au_12_c", - "au_12_1", - "au_12_2", - "au_12_3", - "au_12_4", - "au_14_a", - "au_14_b", - "au_14_3", - "ca_7_b", - "cm_5_1_b", - "cm_6_a", - "cm_9_b", - "ia_3_3_b", - "ma_4_1_a", - "pm_14_a_1", - "pm_14_b", - "pm_31", - "sc_7_9_b", - "si_1_1_c", - "si_3_8_b", - "si_4_2", - "si_4_17", - "si_4_20", - "si_7_8", - "si_10_1_c" - ], - "ENS-RD2022": [ - "op.exp.8.aws.ct.4", - "op.exp.8.r1.aws.ct.2", - "op.exp.8.r1.aws.ct.3", - "op.exp.8.r1.aws.ct.4" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "3.8" - ], - "PCI-4.0": [ - "10.2.1.1.7", - "10.2.1.2.7", - "10.2.1.3.7", - "10.2.1.4.7", - "10.2.1.5.7", - "10.2.1.6.7", - "10.2.1.7.7", - "10.2.1.7", - "10.2.2.7", - "10.3.1.7", - "10.6.3.7", - "5.3.4.7", - "A1.2.1.7" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "au-2", - "ca-7" - ], - "FFIEC": [ - "d2-ma-ma-b-1", - "d2-ma-ma-b-2", - "d3-dc-an-b-3", - "d3-dc-an-b-4", - "d3-dc-ev-b-1", - "d5-dr-de-b-3" - ], - "GDPR": [ - "article_30" - ], - "CIS-5.0": [ - "3.8" - ], - "CIS-1.4": [ - "3.10" - ], - "GxP-EU-Annex-11": [ - "8.2-printouts-data-changes", - "9-audit-trails", - "12.4-security-audit-trail" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Core.CN09.AR01", - "CCC.Core.CN09.AR02", - "CCC.Core.CN09.AR03", - "CCC.Core.CN04.AR02", - "CCC.Core.CN04.AR03" - ], - "GxP-21-CFR-Part-11": [ - "11.10-e", - "11.10-k" - ], - "ProwlerThreatScore-1.0": [ - "3.1.5" - ], - "CIS-1.5": [ - "3.10" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP01" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "NIST-800-53-Revision-4": [ - "ac_2", - "au_2", - "au_3", - "au_12" - ], - "AWS-Account-Security-Onboarding": [ - "Send S3 access logs for critical buckets to separate S3 bucket", - "Confirm that logs are present in S3 bucket and SIEM" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CIS-2.0": [ - "3.10" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ], - "NIS2": [ - "3.2.3.c", - "3.2.3.g" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure that all your AWS CloudTrail trails are configured to log Data events in order to record S3 object-level API operations, such as GetObject, DeleteObject and PutObject, for individual S3 buckets or for all current and future S3 buckets provisioned in your AWS account.", - "title": "Check if S3 buckets have Object-level logging for write events is enabled in CloudTrail.", - "types": [ - "Logging and Monitoring" - ], - "uid": "prowler-aws-cloudtrail_s3_dataevents_write_enabled-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn:aws:cloudtrail:us-west-1:211203495394:trail": { - "region": "us-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-2:211203495394:trail": { - "region": "us-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-east-1:211203495394:trail": { - "region": "us-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-1:211203495394:trail": { - "region": "ap-northeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-2:211203495394:trail": { - "region": "ap-southeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-2:211203495394:trail": { - "region": "eu-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:sa-east-1:211203495394:trail": { - "region": "sa-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-3:211203495394:trail": { - "region": "ap-northeast-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-2:211203495394:trail": { - "region": "ap-northeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-1:211203495394:trail": { - "region": "eu-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-east-2:211203495394:trail": { - "region": "us-east-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ca-central-1:211203495394:trail": { - "region": "ca-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-3:211203495394:trail": { - "region": "eu-west-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-central-1:211203495394:trail": { - "region": "eu-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-north-1:211203495394:trail": { - "region": "eu-north-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-south-1:211203495394:trail": { - "region": "ap-south-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-1:211203495394:trail": { - "region": "ap-southeast-1", - "data_events": [], - "tags": [] - } - } - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:us-east-1:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Enable logs. Create an S3 lifecycle policy. Define use cases, metrics and automated responses where applicable.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/enable-cloudtrail-logging-for-s3.html" - ] - }, - "risk_details": "If logs are not enabled, monitoring of service use and threat analysis is not possible.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudWatch log groups found with metric filters or alarms associated.", - "metadata": { - "event_code": "cloudwatch_changes_to_network_acls_alarm_configured", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudWatch log groups found with metric filters or alarms associated.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Logging and Monitoring", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_6_1", - "3_6_2", - "3_12_4" - ], - "HIPAA": [ - "164_308_a_6_i" - ], - "SOC2": [ - "cc_5_2", - "cc_7_2", - "cc_7_3", - "cc_7_4" - ], - "C5-2025": [ - "OIS-04.03B", - "OIS-04.01AC", - "OIS-04.02AC", - "HR-03.02AC", - "AM-09.03AC", - "OPS-11.02AC", - "OPS-13.03AC", - "OPS-26.05B", - "OPS-26.01AS", - "OPS-26.06B", - "PSS-04.01B" - ], - "NIST-CSF-1.1": [ - "ae_5", - "cm_2", - "cm_5", - "cp_4", - "ra_5" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-4", - "au-6-1-3", - "au-7-1", - "ca-7-a-b", - "ir-4-1", - "ir-4-1", - "si-4-2", - "si-4-4", - "si-4-5", - "si-4-a-b-c" - ], - "CIS-3.0": [ - "4.11" - ], - "NIST-800-53-Revision-5": [ - "au_6_1", - "au_6_5", - "au_12_3", - "au_14_a", - "au_14_b", - "ca_2_2", - "ca_7", - "ca_7_b", - "pm_14_a_1", - "pm_14_b", - "pm_31", - "sc_36_1_a", - "si_2_a", - "si_4_12", - "si_5_1", - "si_5_b" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "4.11" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "ca-7", - "ir-4" - ], - "FFIEC": [ - "d5-dr-de-b-1", - "d5-dr-de-b-3" - ], - "CIS-5.0": [ - "4.11" - ], - "CIS-1.4": [ - "4.11" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR02", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN02.AR01", - "CCC.Core.CN09.AR03", - "CCC.Core.CN04.AR01" - ], - "ProwlerThreatScore-1.0": [ - "3.3.12" - ], - "CIS-1.5": [ - "4.11" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP04" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "NIST-800-53-Revision-4": [ - "ac_2_4", - "au_6_1", - "au_6_3", - "au_7_1", - "ca_7", - "ir_4_1", - "si_4_2", - "si_4_4", - "si_4_5", - "si_4" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1496" - ], - "CIS-2.0": [ - "4.11" - ], - "NIS2": [ - "2.2.3", - "3.2.3.a", - "3.2.3.c", - "3.2.3.f", - "6.4.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure a log metric filter and alarm exist for changes to Network Access Control Lists (NACL).", - "title": "Ensure a log metric filter and alarm exist for changes to Network Access Control Lists (NACL).", - "types": [ - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudwatch_changes_to_network_acls_alarm_configured-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudwatch" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudWatchAlarm", - "uid": "arn:aws:logs:us-east-1:211203495394:log-group" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "It is recommended that a metric filter and alarm be established for unauthorized requests.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html" - ] - }, - "risk_details": "Monitoring unauthorized API calls will help reveal application errors and may reduce time to detect malicious activity.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudWatch log groups found with metric filters or alarms associated.", - "metadata": { - "event_code": "cloudwatch_changes_to_network_gateways_alarm_configured", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudWatch log groups found with metric filters or alarms associated.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Logging and Monitoring", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_6_1", - "3_6_2", - "3_12_4" - ], - "HIPAA": [ - "164_308_a_6_i" - ], - "SOC2": [ - "cc_5_2", - "cc_7_2", - "cc_7_3", - "cc_7_4" - ], - "C5-2025": [ - "OIS-04.03B", - "OIS-04.01AC", - "OIS-04.02AC", - "HR-03.02AC", - "AM-09.03AC", - "OPS-11.02AC", - "OPS-13.03AC", - "OPS-26.05B", - "OPS-26.01AS", - "OPS-26.06B", - "COS-03.02B", - "PSS-04.01B" - ], - "NIST-CSF-1.1": [ - "ae_5", - "cm_2", - "cm_5", - "cp_4", - "ra_5" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-4", - "au-6-1-3", - "au-7-1", - "ca-7-a-b", - "ir-4-1", - "ir-4-1", - "si-4-2", - "si-4-4", - "si-4-5", - "si-4-a-b-c" - ], - "CIS-3.0": [ - "4.12" - ], - "NIST-800-53-Revision-5": [ - "au_6_1", - "au_6_5", - "au_12_3", - "au_14_a", - "au_14_b", - "ca_2_2", - "ca_7", - "ca_7_b", - "pm_14_a_1", - "pm_14_b", - "pm_31", - "sc_36_1_a", - "si_2_a", - "si_4_12", - "si_5_1", - "si_5_b" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "4.12" - ], - "FedRAMP-Low-Revision-4": [ - "ir-4" - ], - "FFIEC": [ - "d5-dr-de-b-1", - "d5-dr-de-b-3" - ], - "CIS-5.0": [ - "4.12" - ], - "CIS-1.4": [ - "4.12" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR02", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN02.AR01", - "CCC.Core.CN09.AR03", - "CCC.Core.CN04.AR01" - ], - "ProwlerThreatScore-1.0": [ - "3.3.13" - ], - "CIS-1.5": [ - "4.12" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP04" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "NIST-800-53-Revision-4": [ - "ac_2_4", - "au_6_1", - "au_6_3", - "au_7_1", - "ca_7", - "ir_4_1", - "si_4_2", - "si_4_4", - "si_4_5", - "si_4" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1496" - ], - "CIS-2.0": [ - "4.12" - ], - "NIS2": [ - "2.2.3", - "3.2.3.a", - "3.2.3.c", - "3.2.3.f", - "3.2.4", - "6.4.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure a log metric filter and alarm exist for changes to network gateways.", - "title": "Ensure a log metric filter and alarm exist for changes to network gateways.", - "types": [ - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudwatch_changes_to_network_gateways_alarm_configured-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudwatch" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudWatchAlarm", - "uid": "arn:aws:logs:us-east-1:211203495394:log-group" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "It is recommended that a metric filter and alarm be established for unauthorized requests.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html" - ] - }, - "risk_details": "Monitoring unauthorized API calls will help reveal application errors and may reduce time to detect malicious activity.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudWatch log groups found with metric filters or alarms associated.", - "metadata": { - "event_code": "cloudwatch_changes_to_network_route_tables_alarm_configured", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudWatch log groups found with metric filters or alarms associated.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_6_1", - "3_6_2", - "3_12_4" - ], - "HIPAA": [ - "164_308_a_6_i" - ], - "SOC2": [ - "cc_5_2", - "cc_7_2", - "cc_7_3", - "cc_7_4" - ], - "C5-2025": [ - "OIS-04.03B", - "OIS-04.01AC", - "OIS-04.02AC", - "HR-03.02AC", - "AM-09.03AC", - "OPS-13.03AC", - "OPS-26.06B", - "COS-03.02B", - "PSS-04.01B" - ], - "NIST-CSF-1.1": [ - "ae_5", - "cm_2", - "cm_5", - "cp_4", - "ra_5" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-4", - "au-6-1-3", - "au-7-1", - "ca-7-a-b", - "ir-4-1", - "ir-4-1", - "si-4-2", - "si-4-4", - "si-4-5", - "si-4-a-b-c" - ], - "CIS-3.0": [ - "4.13" - ], - "NIST-800-53-Revision-5": [ - "au_6_1", - "au_6_5", - "au_12_3", - "au_14_a", - "au_14_b", - "ca_2_2", - "ca_7", - "ca_7_b", - "pm_14_a_1", - "pm_14_b", - "pm_31", - "sc_36_1_a", - "si_2_a", - "si_4_12", - "si_5_1", - "si_5_b" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "4.13" - ], - "FedRAMP-Low-Revision-4": [ - "ir-4" - ], - "FFIEC": [ - "d5-dr-de-b-1", - "d5-dr-de-b-3" - ], - "CIS-5.0": [ - "4.13" - ], - "CIS-1.4": [ - "4.13" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR02", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN02.AR01", - "CCC.Core.CN09.AR03", - "CCC.Core.CN04.AR01" - ], - "ProwlerThreatScore-1.0": [ - "3.3.14" - ], - "CIS-1.5": [ - "4.13" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP04" - ], - "NIST-800-53-Revision-4": [ - "ac_2_4", - "au_6_1", - "au_6_3", - "au_7_1", - "ca_7", - "ir_4_1", - "si_4_2", - "si_4_4", - "si_4_5", - "si_4" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1496" - ], - "CIS-2.0": [ - "4.13" - ], - "NIS2": [ - "2.2.3", - "3.2.3.a", - "3.2.3.f", - "3.2.4", - "6.4.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Real-time monitoring of API calls can be achieved by directing Cloud Trail Logs to CloudWatch Logs, or an external Security information and event management (SIEM)environment, and establishing corresponding metric filters and alarms. Routing tablesare used to route network traffic between subnets and to network gateways. It isrecommended that a metric filter and alarm be established for changes to route tables.", - "title": "Ensure route table changes are monitored", - "types": [ - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudwatch_changes_to_network_route_tables_alarm_configured-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudwatch" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudWatchAlarm", - "uid": "arn:aws:logs:us-east-1:211203495394:log-group" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "If you are using CloudTrails and CloudWatch, perform the following to setup the metric filter, alarm, SNS topic, and subscription: 1. Create a metric filter based on filter pattern provided which checks for route table changes and the taken from audit step 1. aws logs put-metric-filter --log-group-name -- filter-name `` --metric-transformations metricName= `` ,metricNamespace='CISBenchmark',metricValue=1 --filter-pattern '{($.eventSource = ec2.amazonaws.com) && (($.eventName = CreateRoute) || ($.eventName = CreateRouteTable) || ($.eventName = ReplaceRoute) || ($.eventName = ReplaceRouteTableAssociation) || ($.eventName = DeleteRouteTable) || ($.eventName = DeleteRoute) || ($.eventName = DisassociateRouteTable)) }' Note: You can choose your own metricName and metricNamespace strings. Using the same metricNamespace for all Foundations Benchmark metrics will group them together. 2. Create an SNS topic that the alarm will notify aws sns create-topic --name Note: you can execute this command once and then re-use the same topic for all monitoring alarms. 3. Create an SNS subscription to the topic created in step 2 aws sns subscribe --topic-arn --protocol - -notification-endpoint Note: you can execute this command once and then re-use the SNS subscription for all monitoring alarms. 4. Create an alarm that is associated with the CloudWatch Logs Metric Filter created in step 1 and an SNS topic created in step 2 aws cloudwatch put-metric-alarm --alarm-name `` --metric-name `` --statistic Sum --period 300 - -threshold 1 --comparison-operator GreaterThanOrEqualToThreshold -- evaluation-periods 1 --namespace 'CISBenchmark' --alarm-actions ", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html" - ] - }, - "risk_details": "CloudWatch is an AWS native service that allows you to ob serve and monitor resources and applications. CloudTrail Logs can also be sent to an external Security informationand event management (SIEM) environment for monitoring and alerting.Monitoring changes to route tables will help ensure that all VPC traffic flows through anexpected path and prevent any accidental or intentional modifications that may lead touncontrolled network traffic. An alarm should be triggered every time an AWS API call isperformed to create, replace, delete, or disassociate a Route Table.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudWatch log groups found with metric filters or alarms associated.", - "metadata": { - "event_code": "cloudwatch_changes_to_vpcs_alarm_configured", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudWatch log groups found with metric filters or alarms associated.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Logging and Monitoring", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_6_1", - "3_6_2", - "3_12_4" - ], - "HIPAA": [ - "164_308_a_6_i" - ], - "SOC2": [ - "cc_5_2", - "cc_7_2", - "cc_7_3", - "cc_7_4" - ], - "C5-2025": [ - "OIS-04.03B", - "OIS-04.01AC", - "OIS-04.02AC", - "HR-03.02AC", - "AM-09.03AC", - "OPS-11.02AC", - "OPS-13.03AC", - "OPS-26.05B", - "OPS-26.01AS", - "OPS-26.06B", - "COS-03.02B", - "PSS-04.01B" - ], - "NIST-CSF-1.1": [ - "ae_5", - "cm_2", - "cm_5", - "cp_4", - "ra_5" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-4", - "au-6-1-3", - "au-7-1", - "ca-7-a-b", - "ir-4-1", - "ir-4-1", - "si-4-2", - "si-4-4", - "si-4-5", - "si-4-a-b-c" - ], - "CIS-3.0": [ - "4.14" - ], - "NIST-800-53-Revision-5": [ - "au_6_1", - "au_6_5", - "au_12_3", - "au_14_a", - "au_14_b", - "ca_2_2", - "ca_7", - "ca_7_b", - "pm_14_a_1", - "pm_14_b", - "pm_31", - "sc_36_1_a", - "si_2_a", - "si_4_12", - "si_5_1", - "si_5_b" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "4.14" - ], - "FedRAMP-Low-Revision-4": [ - "ir-4" - ], - "FFIEC": [ - "d5-dr-de-b-1", - "d5-dr-de-b-3" - ], - "CIS-5.0": [ - "4.14" - ], - "CIS-1.4": [ - "4.14" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR02", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN02.AR01", - "CCC.Core.CN09.AR03", - "CCC.Core.CN04.AR01" - ], - "ProwlerThreatScore-1.0": [ - "3.3.15" - ], - "CIS-1.5": [ - "4.14" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP04" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "NIST-800-53-Revision-4": [ - "ac_2_4", - "au_6_1", - "au_6_3", - "au_7_1", - "ca_7", - "ir_4_1", - "si_4_2", - "si_4_4", - "si_4_5", - "si_4" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1496" - ], - "CIS-2.0": [ - "4.14" - ], - "NIS2": [ - "2.2.3", - "3.2.3.c", - "3.2.3.f", - "3.2.4", - "6.4.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure a log metric filter and alarm exist for VPC changes.", - "title": "Ensure a log metric filter and alarm exist for VPC changes.", - "types": [ - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudwatch_changes_to_vpcs_alarm_configured-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudwatch" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudWatchAlarm", - "uid": "arn:aws:logs:us-east-1:211203495394:log-group" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "It is recommended that a metric filter and alarm be established for unauthorized requests.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html" - ] - }, - "risk_details": "Monitoring unauthorized API calls will help reveal application errors and may reduce time to detect malicious activity.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "CloudWatch doesn't allow cross-account sharing.", - "metadata": { - "event_code": "cloudwatch_cross_account_sharing_disabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "CloudWatch doesn't allow cross-account sharing.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/Cross-Account-Cross-Region.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-04.01AC", - "PSS-04.01B" - ], - "ENS-RD2022": [ - "op.acc.4.aws.iam.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.2", - "2.10.1", - "2.10.2" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC03-BP01" - ], - "KISA-ISMS-P-2023": [ - "2.6.2", - "2.10.1", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Check if CloudWatch has allowed cross-account sharing.", - "title": "Check if CloudWatch has allowed cross-account sharing.", - "types": [ - "Logging and Monitoring" - ], - "uid": "prowler-aws-cloudwatch_cross_account_sharing_disabled-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudwatch" - }, - "labels": [], - "name": "211203495394", - "type": "AwsAccount", - "uid": "arn:aws:iam:us-east-1:211203495394:role" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Grant usage permission on a per-resource basis to enforce least privilege and Zero Trust principles.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/Cross-Account-Cross-Region.html" - ] - }, - "risk_details": "Cross-Account access to CloudWatch could increase the risk of compromising information between accounts.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Log Group /aws/rds/cluster/ex-rds/postgresql does not have AWS KMS keys associated.", - "metadata": { - "event_code": "cloudwatch_log_group_kms_encryption_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Log Group /aws/rds/cluster/ex-rds/postgresql does not have AWS KMS keys associated.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/cli/latest/reference/logs/associate-kms-key.html", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_3_8", - "3_13_11", - "3_13_16" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_1_3" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_308_a_4_ii_a", - "164_312_a_2_iv", - "164_312_e_2_ii" - ], - "SOC2": [ - "cc_7_3" - ], - "C5-2025": [ - "OIS-04.01AC", - "OIS-08.02B", - "AM-01.01AC", - "OPS-11.02AC", - "OPS-13.03B", - "OPS-14.03B", - "OPS-26.05B", - "OPS-26.01AS", - "OPS-31.01B", - "IAM-07.03B", - "CRY-01.02AC", - "CRY-05.02B", - "CRY-05.01AC", - "PSS-04.01B", - "PSS-04.04B", - "PSS-12.02B" - ], - "NIST-CSF-1.1": [ - "ds_1" - ], - "FedRamp-Moderate-Revision-4": [ - "au-9", - "sc-28" - ], - "NIST-800-53-Revision-5": [ - "au_9_3", - "cp_9_d", - "sc_8_3", - "sc_8_4", - "sc_13_a", - "sc_28_1", - "si_19_4" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "PCI-4.0": [ - "10.3.2.3", - "10.3.3.5", - "10.3.4.4", - "3.5.1.4", - "8.3.2.8", - "A1.2.1.9" - ], - "FedRAMP-Low-Revision-4": [ - "au-9" - ], - "GDPR": [ - "article_32" - ], - "PCI-3.2.1": [ - "3.4", - "3.4.1", - "3.4.1.a", - "3.4.1.c", - "3.4.a", - "3.4.b", - "3.4.d", - "8.2", - "8.2.1", - "8.2.1.a" - ], - "GxP-EU-Annex-11": [ - "7.1-data-storage-damage-protection" - ], - "CCC": [ - "CCC.Monitor.CN04.AR01", - "CCC.Core.CN09.AR03", - "CCC.Core.CN02.AR01", - "CCC.Core.CN04.AR03" - ], - "GxP-21-CFR-Part-11": [ - "11.30" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP02" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.15", - "A.8.16", - "A.8.24" - ], - "NIST-800-53-Revision-4": [ - "au_9", - "sc_28" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1040" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Check if CloudWatch log groups are protected by AWS KMS.", - "title": "Check if CloudWatch log groups are protected by AWS KMS.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-cloudwatch_log_group_kms_encryption_enabled-211203495394-eu-west-1-/aws/rds/cluster/ex-rds/postgresql" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:logs:eu-west-1:211203495394:log-group:/aws/rds/cluster/ex-rds/postgresql:*", - "name": "/aws/rds/cluster/ex-rds/postgresql", - "retention_days": 7, - "never_expire": false, - "kms_id": null, - "region": "eu-west-1", - "log_streams": {}, - "tags": [] - } - }, - "group": { - "name": "cloudwatch" - }, - "labels": [], - "name": "/aws/rds/cluster/ex-rds/postgresql", - "type": "Other", - "uid": "arn:aws:logs:eu-west-1:211203495394:log-group:/aws/rds/cluster/ex-rds/postgresql:*" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Associate KMS Key with Cloudwatch log group.", - "references": [ - "https://docs.aws.amazon.com/cli/latest/reference/logs/associate-kms-key.html" - ] - }, - "risk_details": "Using customer managed KMS to encrypt CloudWatch log group provide additional confidentiality and control over the log data.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Log Group /aws/vpc-flow-log/vpc-007d791b9b857543e does not have AWS KMS keys associated.", - "metadata": { - "event_code": "cloudwatch_log_group_kms_encryption_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Log Group /aws/vpc-flow-log/vpc-007d791b9b857543e does not have AWS KMS keys associated.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/cli/latest/reference/logs/associate-kms-key.html", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_3_8", - "3_13_11", - "3_13_16" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_1_3" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_308_a_4_ii_a", - "164_312_a_2_iv", - "164_312_e_2_ii" - ], - "SOC2": [ - "cc_7_3" - ], - "C5-2025": [ - "OIS-04.01AC", - "OIS-08.02B", - "AM-01.01AC", - "OPS-11.02AC", - "OPS-13.03B", - "OPS-14.03B", - "OPS-26.05B", - "OPS-26.01AS", - "OPS-31.01B", - "IAM-07.03B", - "CRY-01.02AC", - "CRY-05.02B", - "CRY-05.01AC", - "PSS-04.01B", - "PSS-04.04B", - "PSS-12.02B" - ], - "NIST-CSF-1.1": [ - "ds_1" - ], - "FedRamp-Moderate-Revision-4": [ - "au-9", - "sc-28" - ], - "NIST-800-53-Revision-5": [ - "au_9_3", - "cp_9_d", - "sc_8_3", - "sc_8_4", - "sc_13_a", - "sc_28_1", - "si_19_4" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "PCI-4.0": [ - "10.3.2.3", - "10.3.3.5", - "10.3.4.4", - "3.5.1.4", - "8.3.2.8", - "A1.2.1.9" - ], - "FedRAMP-Low-Revision-4": [ - "au-9" - ], - "GDPR": [ - "article_32" - ], - "PCI-3.2.1": [ - "3.4", - "3.4.1", - "3.4.1.a", - "3.4.1.c", - "3.4.a", - "3.4.b", - "3.4.d", - "8.2", - "8.2.1", - "8.2.1.a" - ], - "GxP-EU-Annex-11": [ - "7.1-data-storage-damage-protection" - ], - "CCC": [ - "CCC.Monitor.CN04.AR01", - "CCC.Core.CN09.AR03", - "CCC.Core.CN02.AR01", - "CCC.Core.CN04.AR03" - ], - "GxP-21-CFR-Part-11": [ - "11.30" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP02" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.15", - "A.8.16", - "A.8.24" - ], - "NIST-800-53-Revision-4": [ - "au_9", - "sc_28" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1040" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Check if CloudWatch log groups are protected by AWS KMS.", - "title": "Check if CloudWatch log groups are protected by AWS KMS.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-cloudwatch_log_group_kms_encryption_enabled-211203495394-eu-west-1-/aws/vpc-flow-log/vpc-007d791b9b857543e" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:logs:eu-west-1:211203495394:log-group:/aws/vpc-flow-log/vpc-007d791b9b857543e:*", - "name": "/aws/vpc-flow-log/vpc-007d791b9b857543e", - "retention_days": 9999, - "never_expire": true, - "kms_id": null, - "region": "eu-west-1", - "log_streams": { - "eni-0cd4fcd4819d5a0b7-all": [ - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899031000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899031 1760899115 - NODATA", - "ingestionTime": 1760899139926, - "eventId": "39269360610670476915885218594189694963071457059547512832" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899046000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899046 1760899127 - NODATA", - "ingestionTime": 1760899149250, - "eventId": "39269360945181654893844565728497413038571606956274024448" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899064000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899064 1760899142 - NODATA", - "ingestionTime": 1760899171015, - "eventId": "39269361346595068467395782302452507265231831869047177216" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899065000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899065 1760899140 - NODATA", - "ingestionTime": 1760899161481, - "eventId": "39269361368895813665926405432462355128969412946093211648" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899074000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899074 1760899154 - NODATA", - "ingestionTime": 1760899180685, - "eventId": "39269361569602520452702013729500161457508911822151876608" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899087000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899087 1760899164 - NODATA", - "ingestionTime": 1760899188926, - "eventId": "39269361859512208033600114579426962274716549575521730560" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899093000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899093 1760899177 - NODATA", - "ingestionTime": 1760899202942, - "eventId": "39269361993316679224783853445585976414341769780327874560" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899096000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899096 1760899173 - NODATA", - "ingestionTime": 1760899189534, - "eventId": "39269362060218914820375722853983829530393030289362518016" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899107000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899107 1760899183 - NODATA", - "ingestionTime": 1760899208282, - "eventId": "39269362305527112004212577433541251354104638611981205504" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899120000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899120 1760899194 - NODATA", - "ingestionTime": 1760899249444, - "eventId": "39269362595436799585110678323267367353868490709992013824" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899124000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899124 1760899204 - NODATA", - "ingestionTime": 1760899231189, - "eventId": "39269362684639780379233170867341403349163730796893896704" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899145000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899145 1760899226 - NODATA", - "ingestionTime": 1760899248783, - "eventId": "39269363152955429548376256860861233320174442224344956928" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899153000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899153 1760899239 - NODATA", - "ingestionTime": 1760899262856, - "eventId": "39269363331361391136621242010160382151535307798841524224" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899156000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899156 1760899233 - NODATA", - "ingestionTime": 1760899251214, - "eventId": "39269363398263626732213111420693427286550341112125521920" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899167000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899167 1760899245 - NODATA", - "ingestionTime": 1760899267593, - "eventId": "39269363643571823916049965997386872465211874059378688000" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899181000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899181 1760899254 - NODATA", - "ingestionTime": 1760899309470, - "eventId": "39269363955782256695478690029513573287107439005186064384" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899184000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899184 1760899260 - NODATA", - "ingestionTime": 1760899280418, - "eventId": "39269364022684492291070559418998784362727835457823440896" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899187000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899187 1760899266 - NODATA", - "ingestionTime": 1760899289733, - "eventId": "39269364089586727886662428854866949624521773410794864640" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899194000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899194 1760899275 - NODATA", - "ingestionTime": 1760899299733, - "eventId": "39269364245691944276376790857706543416476686971921301504" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899204000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899204 1760899286 - NODATA", - "ingestionTime": 1760899309875, - "eventId": "39269364468699396261683022285324313923175968945211310080" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899213000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899213 1760899293 - NODATA", - "ingestionTime": 1760899319552, - "eventId": "39269364669406103048458630570844658358774455533122027520" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899215000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899215 1760899293 - NODATA", - "ingestionTime": 1760899311165, - "eventId": "39269364714007593445519876843776711888539935711792070656" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899227000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899227 1760899304 - NODATA", - "ingestionTime": 1760899327528, - "eventId": "39269364981616535827887354561987052343875666657387479040" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899241000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899241 1760899314 - NODATA", - "ingestionTime": 1760899369674, - "eventId": "39269365293826968607316078594438607167353915397586354176" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899245000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899245 1760899321 - NODATA", - "ingestionTime": 1760899340795, - "eventId": "39269365383029949401438571125668891064507806525688119296" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899247000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899247 1760899325 - NODATA", - "ingestionTime": 1760899349747, - "eventId": "39269365427631439798499817419562686664009994535042416640" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899248000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899248 1760899335 - NODATA", - "ingestionTime": 1760899361737, - "eventId": "39269365449932184997030440575593663755083845328799662080" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899263000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899263 1760899343 - NODATA", - "ingestionTime": 1760899367618, - "eventId": "39269365784443362974989787705738802661146729846819127296" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899271000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899271 1760899355 - NODATA", - "ingestionTime": 1760899379484, - "eventId": "39269365962849324563234772852369513371529050589700489216" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899276000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899276 1760899352 - NODATA", - "ingestionTime": 1760899371708, - "eventId": "39269366074353050555887888550647785025367173779549388800" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899287000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899287 1760899364 - NODATA", - "ingestionTime": 1760899389077, - "eventId": "39269366319661247739724743128538737171054749321939386368" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899303000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899303 1760899375 - NODATA", - "ingestionTime": 1760899431081, - "eventId": "39269366676473170916214713443889494423911819403013455872" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899305000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899305 1760899381 - NODATA", - "ingestionTime": 1760899400414, - "eventId": "39269366721074661313275959689886924638672932144373039104" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899307000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899307 1760899386 - NODATA", - "ingestionTime": 1760899408511, - "eventId": "39269366765676151710337205982746961466829488763300806656" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899314000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899314 1760899394 - NODATA", - "ingestionTime": 1760899420747, - "eventId": "39269366921781368100051567988289637575888457293160448000" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899322000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899322 1760899403 - NODATA", - "ingestionTime": 1760899428007, - "eventId": "39269367100187329688296553129352064058383779008465076224" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899334000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899334 1760899412 - NODATA", - "ingestionTime": 1760899429660, - "eventId": "39269367367796272070664030829778877118210560333827080192" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899336000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899336 1760899417 - NODATA", - "ingestionTime": 1760899442053, - "eventId": "39269367412397762467725277127832967444140093911955144704" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899349000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899349 1760899424 - NODATA", - "ingestionTime": 1760899449340, - "eventId": "39269367702307450048623377976606737167794200106263445504" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899361000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899361 1760899432 - NODATA", - "ingestionTime": 1760899491027, - "eventId": "39269367969916392430990855725431353246427732075437621248" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899363000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899363 1760899441 - NODATA", - "ingestionTime": 1760899460257, - "eventId": "39269368014517882828052101971304249414101267847896170496" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899365000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899365 1760899446 - NODATA", - "ingestionTime": 1760899468665, - "eventId": "39269368059119373225113348264540584396392034426105430016" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899375000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899375 1760899455 - NODATA", - "ingestionTime": 1760899481555, - "eventId": "39269368282126825210419579695480504500212685656322080768" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899383000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899383 1760899467 - NODATA", - "ingestionTime": 1760899487567, - "eventId": "39269368460532786798664564835034776331022815284839055360" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899393000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899393 1760899476 - NODATA", - "ingestionTime": 1760899500793, - "eventId": "39269368683540238783970796266381102896276266334347132928" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899398000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899398 1760899475 - NODATA", - "ingestionTime": 1760899489169, - "eventId": "39269368795043964776623911960006811116316914335348031488" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899409000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899409 1760899487 - NODATA", - "ingestionTime": 1760899507600, - "eventId": "39269369040352161960460766539181708866508225546449846272" - } - ], - "eni-0eee78be32276dc65-all": [ - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899032000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899032 1760899109 - NODATA", - "ingestionTime": 1760899134945, - "eventId": "39269360632971222114415841729703527226207967234779774976" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899043000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899043 1760899120 - NODATA", - "ingestionTime": 1760899144884, - "eventId": "39269360878279419298252696298611781813145246086503727104" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899052000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899052 1760899132 - NODATA", - "ingestionTime": 1760899154887, - "eventId": "39269361078986126085028304584526361316447343074608021504" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899063000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899063 1760899141 - NODATA", - "ingestionTime": 1760899164127, - "eventId": "39269361324294323268865159152589586655311491293203202048" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899066000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899066 1760899146 - NODATA", - "ingestionTime": 1760899173383, - "eventId": "39269361391196558864457028588387002206051139308865585152" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899070000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899070 1760899140 - NODATA", - "ingestionTime": 1760899156170, - "eventId": "39269361480399539658579521133720174781408048766989828096" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899074000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899074 1760899155 - NODATA", - "ingestionTime": 1760899186448, - "eventId": "39269361569602520452702013736466909309389429082721353728" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899096000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899096 1760899175 - NODATA", - "ingestionTime": 1760899197470, - "eventId": "39269362060218914820375722863577669461616015304736112640" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899107000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899107 1760899182 - NODATA", - "ingestionTime": 1760899205402, - "eventId": "39269362305527112004212577430059792118031670795614355456" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899124000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899124 1760899200 - NODATA", - "ingestionTime": 1760899224570, - "eventId": "39269362684639780379233170859339700182272340779870912512" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899127000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899127 1760899206 - NODATA", - "ingestionTime": 1760899231868, - "eventId": "39269362751542015974825040292769706477577608203599740928" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899130000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899130 1760899200 - NODATA", - "ingestionTime": 1760899216262, - "eventId": "39269362818444251570416909698510075089137464840133804032" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899133000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899133 1760899215 - NODATA", - "ingestionTime": 1760899246210, - "eventId": "39269362885346487166008779159322407412871585528894324736" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899153000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899153 1760899230 - NODATA", - "ingestionTime": 1760899251400, - "eventId": "39269363331361391136621241996311121221405119004043444224" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899157000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899157 1760899235 - NODATA", - "ingestionTime": 1760899258021, - "eventId": "39269363420564371930743734570458344598590417900065914880" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899167000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899167 1760899242 - NODATA", - "ingestionTime": 1760899266548, - "eventId": "39269363643571823916049965996123562950678726130113904640" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899174000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899174 1760899250 - NODATA", - "ingestionTime": 1760899275556, - "eventId": "39269363799677040305764327997764003167285750075715420160" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899183000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899183 1760899262 - NODATA", - "ingestionTime": 1760899284289, - "eventId": "39269364000383747092539936282143032915656252264968749056" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899187000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899187 1760899266 - NODATA", - "ingestionTime": 1760899291413, - "eventId": "39269364089586727886662428856898380600297619606114140160" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899190000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899190 1760899260 - NODATA", - "ingestionTime": 1760899276225, - "eventId": "39269364156488963482254298263144306458468370593886044160" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899193000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899193 1760899277 - NODATA", - "ingestionTime": 1760899303806, - "eventId": "39269364223391199077846167721094564420197117221625790464" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899196000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899196 1760899260 - NODATA", - "ingestionTime": 1760899334586, - "eventId": "39269364290293434673438037182912416456716008702408523776" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899213000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899213 1760899289 - NODATA", - "ingestionTime": 1760899311121, - "eventId": "39269364669406103048458630560652132630159455450075103232" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899216000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899216 1760899295 - NODATA", - "ingestionTime": 1760899318499, - "eventId": "39269364736308338644050499994179034332937535505210343424" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899227000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899227 1760899305 - NODATA", - "ingestionTime": 1760899326390, - "eventId": "39269364981616535827887354560611681081931410087592263680" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899232 1760899310 - NODATA", - "ingestionTime": 1760899336203, - "eventId": "39269365093120261820540470280153350599481452527376269312" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899243000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899243 1760899323 - NODATA", - "ingestionTime": 1760899343742, - "eventId": "39269365338428459004377324846160248388421245006660304896" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899249000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899249 1760899320 - NODATA", - "ingestionTime": 1760899336117, - "eventId": "39269365472232930195561063686156260435021330376417148928" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899249000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899249 1760899327 - NODATA", - "ingestionTime": 1760899352321, - "eventId": "39269365472232930195561063705745793873400791408967090176" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899251000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899251 1760899336 - NODATA", - "ingestionTime": 1760899367212, - "eventId": "39269365516834420592622310006819254946281577326604779520" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899274000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899274 1760899353 - NODATA", - "ingestionTime": 1760899373962, - "eventId": "39269366029751560158826642270301412512888178252004589568" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899274000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899274 1760899355 - NODATA", - "ingestionTime": 1760899379402, - "eventId": "39269366029751560158826642276877930662977506319400042496" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899284000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899284 1760899362 - NODATA", - "ingestionTime": 1760899386982, - "eventId": "39269366252759012144132873701398387328881161898128637952" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899294000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899294 1760899372 - NODATA", - "ingestionTime": 1760899394477, - "eventId": "39269366475766464129439105125816695702172340211787300864" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899303000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899303 1760899383 - NODATA", - "ingestionTime": 1760899405478, - "eventId": "39269366676473170916214713412937602135678394228114522112" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899308000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899308 1760899386 - NODATA", - "ingestionTime": 1760899413706, - "eventId": "39269366787976896908867829130563046940109806326346612736" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899310000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899310 1760899380 - NODATA", - "ingestionTime": 1760899397821, - "eventId": "39269366832578387305929075394430702698688020571642724352" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899314000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899314 1760899397 - NODATA", - "ingestionTime": 1760899425864, - "eventId": "39269366921781368100051567994475576217536599340043665408" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899334000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899334 1760899415 - NODATA", - "ingestionTime": 1760899441656, - "eventId": "39269367367796272070664030844281469904033722035045597184" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899335000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899335 1760899410 - NODATA", - "ingestionTime": 1760899430876, - "eventId": "39269367390097017269194653972784979191565215734678749184" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899347000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899347 1760899423 - NODATA", - "ingestionTime": 1760899447684, - "eventId": "39269367657705959651562131691532913759489711811767500800" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899354000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899354 1760899432 - NODATA", - "ingestionTime": 1760899456589, - "eventId": "39269367813811176041276493693048475725746690637326057472" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899363000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899363 1760899442 - NODATA", - "ingestionTime": 1760899463202, - "eventId": "39269368014517882828052101974864753397017949679660957696" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899367000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899367 1760899446 - NODATA", - "ingestionTime": 1760899472723, - "eventId": "39269368103720863622174594552517552425934392550237077504" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899371000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899371 1760899440 - NODATA", - "ingestionTime": 1760899455859, - "eventId": "39269368192923844416297087098273510881125605169948065792" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899375000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899375 1760899457 - NODATA", - "ingestionTime": 1760899487495, - "eventId": "39269368282126825210419579702662044707283407383455531008" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899392000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899392 1760899469 - NODATA", - "ingestionTime": 1760899490579, - "eventId": "39269368661239493585440173112497448504418584276237156352" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899394000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899394 1760899475 - NODATA", - "ingestionTime": 1760899499905, - "eventId": "39269368705840983982501419406842983598809204891447328768" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899404000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899404 1760899481 - NODATA", - "ingestionTime": 1760899505766, - "eventId": "39269368928848435967807650829285727947167171314158731264" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899410000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899410 1760899487 - NODATA", - "ingestionTime": 1760899518280, - "eventId": "39269369062652907158991389693628934917572999196216262656" - } - ], - "eni-0c1065c914ddc0b88-all": [ - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899033000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899033 1760899111 - NODATA", - "ingestionTime": 1760899131705, - "eventId": "39269360655271967312946464867322652502059743183076327424" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899040000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899040 1760899118 - NODATA", - "ingestionTime": 1760899137950, - "eventId": "39269360811377183702660826865622290103622366602256842752" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899046000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899046 1760899124 - NODATA", - "ingestionTime": 1760899144556, - "eventId": "39269360945181654893844565722822361767392100902754582528" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899056000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899056 1760899132 - NODATA", - "ingestionTime": 1760899177328, - "eventId": "39269361168189106879150797177798657782901584726127869952" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899063000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899063 1760899143 - NODATA", - "ingestionTime": 1760899169949, - "eventId": "39269361324294323268865159159627891617325295385041436672" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899064000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899064 1760899140 - NODATA", - "ingestionTime": 1760899159431, - "eventId": "39269361346595068467395782288448135197190114468420583424" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899074000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899074 1760899156 - NODATA", - "ingestionTime": 1760899175275, - "eventId": "39269361569602520452702013722959486324680047180535889920" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899083000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899083 1760899166 - NODATA", - "ingestionTime": 1760899185928, - "eventId": "39269361770309227239477622009659656615414527865242583040" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899092000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899092 1760899165 - NODATA", - "ingestionTime": 1760899176075, - "eventId": "39269361971015934026253230271570081934998595329796538368" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899096000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899096 1760899172 - NODATA", - "ingestionTime": 1760899192224, - "eventId": "39269362060218914820375722857235374222277287158040035328" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899098000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899098 1760899176 - NODATA", - "ingestionTime": 1760899199417, - "eventId": "39269362104820405217436969149003084469614423673101156352" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899104000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899104 1760899183 - NODATA", - "ingestionTime": 1760899206138, - "eventId": "39269362238624876408620708006342405502528195376838868992" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899120000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899120 1760899191 - NODATA", - "ingestionTime": 1760899236584, - "eventId": "39269362595436799585110678307720767915257233185726332928" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899125000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899125 1760899200 - NODATA", - "ingestionTime": 1760899220918, - "eventId": "39269362706940525577763793996460255943460832392201109504" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899128000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899128 1760899204 - NODATA", - "ingestionTime": 1760899231844, - "eventId": "39269362773842761173355663434276318502510064397876527104" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899135000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899135 1760899213 - NODATA", - "ingestionTime": 1760899237314, - "eventId": "39269362929947977563070025431638968432093462264361123840" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899141000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899141 1760899224 - NODATA", - "ingestionTime": 1760899246469, - "eventId": "39269363063752448754253764291921197519833887840925450240" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899153000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899153 1760899221 - NODATA", - "ingestionTime": 1760899236692, - "eventId": "39269363331361391136621241978529841373228806547492372480" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899156000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899156 1760899232 - NODATA", - "ingestionTime": 1760899254316, - "eventId": "39269363398263626732213111424443243766834742078299963392" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899158000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899158 1760899236 - NODATA", - "ingestionTime": 1760899261035, - "eventId": "39269363442865117129274357715637800582458712370902073344" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899178000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899178 1760899252 - NODATA", - "ingestionTime": 1760899297290, - "eventId": "39269363888880021099886820590181698295679974565315739648" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899182000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899182 1760899260 - NODATA", - "ingestionTime": 1760899280382, - "eventId": "39269363978083001894009313135883871550789736714335223808" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899187000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899187 1760899265 - NODATA", - "ingestionTime": 1760899292137, - "eventId": "39269364089586727886662428857773429136984229455763341312" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899195000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899195 1760899273 - NODATA", - "ingestionTime": 1760899296711, - "eventId": "39269364267992689474907413995588979756838792680283045888" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899203000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899203 1760899285 - NODATA", - "ingestionTime": 1760899308052, - "eventId": "39269364446398651063152399141585090918819749021377363968" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899212000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899212 1760899281 - NODATA", - "ingestionTime": 1760899298603, - "eventId": "39269364647105357849928007403983341063954283086051934208" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899215000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899215 1760899291 - NODATA", - "ingestionTime": 1760899314667, - "eventId": "39269364714007593445519876848010854729212200078675476480" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899218000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899218 1760899297 - NODATA", - "ingestionTime": 1760899318310, - "eventId": "39269364780909829041111746277021645179191239808600047616" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899226000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899226 1760899304 - NODATA", - "ingestionTime": 1760899326316, - "eventId": "39269364959315790629356731418986118130536925037518389248" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899237000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899237 1760899311 - NODATA", - "ingestionTime": 1760899357590, - "eventId": "39269365204623987813193586013687306980555969919094620160" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899245000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899245 1760899320 - NODATA", - "ingestionTime": 1760899339320, - "eventId": "39269365383029949401438571123885830990629396754181455872" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899246000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899246 1760899324 - NODATA", - "ingestionTime": 1760899349453, - "eventId": "39269365405330694599969194277671333444670725721594920960" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899253000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899253 1760899332 - NODATA", - "ingestionTime": 1760899355965, - "eventId": "39269365561435910989683556276294226634700045831045709824" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899260000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899260 1760899342 - NODATA", - "ingestionTime": 1760899367285, - "eventId": "39269365717541127379397918280729457563060667479143677952" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899271000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899271 1760899340 - NODATA", - "ingestionTime": 1760899358012, - "eventId": "39269365962849324563234772826411456326433139600299589632" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899277000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899277 1760899358 - NODATA", - "ingestionTime": 1760899379932, - "eventId": "39269366096653795754418511702125555646941690228634025984" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899280000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899280 1760899354 - NODATA", - "ingestionTime": 1760899373791, - "eventId": "39269366163556031350010381119308943134728694973349036032" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899287000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899287 1760899365 - NODATA", - "ingestionTime": 1760899387122, - "eventId": "39269366319661247739724743126174945862220594307798401024" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899296000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899296 1760899370 - NODATA", - "ingestionTime": 1760899417363, - "eventId": "39269366520367954526500351436555808711909606142480023552" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899303000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899303 1760899380 - NODATA", - "ingestionTime": 1760899401909, - "eventId": "39269366676473170916214713408623065001550703702154543104" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899307000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899307 1760899383 - NODATA", - "ingestionTime": 1760899409238, - "eventId": "39269366765676151710337205983626119966033254102925901824" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899314000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899314 1760899394 - NODATA", - "ingestionTime": 1760899415337, - "eventId": "39269366921781368100051567981749449595694558573866647552" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899324000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899324 1760899407 - NODATA", - "ingestionTime": 1760899426496, - "eventId": "39269367144788820085357799410596776768436318073229869056" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899330000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899330 1760899401 - NODATA", - "ingestionTime": 1760899416680, - "eventId": "39269367278593291276541538247944144611040782249052209152" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899332000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899332 1760899411 - NODATA", - "ingestionTime": 1760899433019, - "eventId": "39269367323194781673602784550768585739390411542126460928" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899336000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899336 1760899417 - NODATA", - "ingestionTime": 1760899441788, - "eventId": "39269367412397762467725277127512237825223402116720689152" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899346000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899346 1760899426 - NODATA", - "ingestionTime": 1760899445148, - "eventId": "39269367635405214453031508546931419772956448249760251904" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899359000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899359 1760899432 - NODATA", - "ingestionTime": 1760899476491, - "eventId": "39269367925314902033929609424786991761781626531123036160" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899362000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899362 1760899441 - NODATA", - "ingestionTime": 1760899460671, - "eventId": "39269367992217137629521478830269449240112434646753738752" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899366000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899366 1760899443 - NODATA", - "ingestionTime": 1760899468688, - "eventId": "39269368081420118423643971406103859309591387589274501120" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899376000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899376 1760899453 - NODATA", - "ingestionTime": 1760899476785, - "eventId": "39269368304427570408950202831249919970625624526780694528" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899384000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899384 1760899466 - NODATA", - "ingestionTime": 1760899488248, - "eventId": "39269368482833531997195187977393757885480410767471214592" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899393000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899393 1760899463 - NODATA", - "ingestionTime": 1760899476616, - "eventId": "39269368683540238783970796237152821956634466018501394432" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899396000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899396 1760899472 - NODATA", - "ingestionTime": 1760899492814, - "eventId": "39269368750442474379562665681342390226297253743843213312" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899398000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899398 1760899476 - NODATA", - "ingestionTime": 1760899499578, - "eventId": "39269368795043964776623911972590426561877822674179457024" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899404000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899404 1760899483 - NODATA", - "ingestionTime": 1760899507248, - "eventId": "39269368928848435967807650831077445246919319457277739008" - } - ], - "eni-0b032bdd6415e28d2-all": [ - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899035000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899035 1760899113 - NODATA", - "ingestionTime": 1760899133136, - "eventId": "39269360699873457710007711152123610062180414944395264000" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899038000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899038 1760899114 - NODATA", - "ingestionTime": 1760899141191, - "eventId": "39269360766775693305599580586468728036916112958741348352" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899050000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899050 1760899123 - NODATA", - "ingestionTime": 1760899146046, - "eventId": "39269361034384635687967058290766595601835303791956525056" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899058000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899058 1760899131 - NODATA", - "ingestionTime": 1760899159863, - "eventId": "39269361212790597276212043439756002440073202307487825920" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899063000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899063 1760899141 - NODATA", - "ingestionTime": 1760899167762, - "eventId": "39269361324294323268865159156984140043621645568457375744" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899068000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899068 1760899140 - NODATA", - "ingestionTime": 1760899157657, - "eventId": "39269361435798049261518274852446799470266395671291756544" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899068000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899068 1760899151 - NODATA", - "ingestionTime": 1760899175983, - "eventId": "39269361435798049261518274874601161818209012954061209600" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899095000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899095 1760899173 - NODATA", - "ingestionTime": 1760899195345, - "eventId": "39269362037918169621845099719473117068327781693816504320" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899098000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899098 1760899177 - NODATA", - "ingestionTime": 1760899204131, - "eventId": "39269362104820405217436969154701463979111391750678577152" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899106000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899106 1760899186 - NODATA", - "ingestionTime": 1760899211311, - "eventId": "39269362283226366805681954295667591380534219155025690624" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899114000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899114 1760899186 - NODATA", - "ingestionTime": 1760899204393, - "eventId": "39269362461632328393926939419589915749741929816441094144" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899122000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899122 1760899203 - NODATA", - "ingestionTime": 1760899228656, - "eventId": "39269362640038289982171924581207850598435590163328860160" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899125000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899125 1760899194 - NODATA", - "ingestionTime": 1760899249065, - "eventId": "39269362706940525577763794030487974742181412238673444864" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899127000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899127 1760899200 - NODATA", - "ingestionTime": 1760899220738, - "eventId": "39269362751542015974825040279314179297414635168363315200" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899132000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899132 1760899213 - NODATA", - "ingestionTime": 1760899241591, - "eventId": "39269362863045741967478156012202532532736419493011783680" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899143000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899143 1760899223 - NODATA", - "ingestionTime": 1760899253281, - "eventId": "39269363108353939151315010583227663416625814834351243264" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899156000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899156 1760899234 - NODATA", - "ingestionTime": 1760899255488, - "eventId": "39269363398263626732213111425859902023189279008363118592" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899159000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899159 1760899237 - NODATA", - "ingestionTime": 1760899264361, - "eventId": "39269363465165862327804980861194073115574920556078891008" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899168000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899168 1760899246 - NODATA", - "ingestionTime": 1760899269260, - "eventId": "39269363665872569114580589140938428252512150847914049536" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899179000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899179 1760899253 - NODATA", - "ingestionTime": 1760899287510, - "eventId": "39269363911180766298417443719894074932119288698675789824" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899184000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899184 1760899263 - NODATA", - "ingestionTime": 1760899286796, - "eventId": "39269364022684492291070559426709282053852418506933469184" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899189000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899189 1760899260 - NODATA", - "ingestionTime": 1760899280283, - "eventId": "39269364134188218283723675126514426166813898814862065664" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899190000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899190 1760899270 - NODATA", - "ingestionTime": 1760899299057, - "eventId": "39269364156488963482254298290746226088810990608511533056" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899196000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899196 1760899280 - NODATA", - "ingestionTime": 1760899311828, - "eventId": "39269364290293434673438037155400062015818871861690368000" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899215000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899215 1760899294 - NODATA", - "ingestionTime": 1760899324767, - "eventId": "39269364714007593445519876860221022069360705824598065152" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899216000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899216 1760899291 - NODATA", - "ingestionTime": 1760899311774, - "eventId": "39269364736308338644050499986049101087749757179034533888" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899228000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899228 1760899305 - NODATA", - "ingestionTime": 1760899327496, - "eventId": "39269365003917281026417977703483983765827058252031524864" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899236000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899236 1760899313 - NODATA", - "ingestionTime": 1760899372153, - "eventId": "39269365182323242614662962889757246868346573266567036928" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899242000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899242 1760899322 - NODATA", - "ingestionTime": 1760899351210, - "eventId": "39269365316127713805846701713652516863299726898767265792" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899245000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899245 1760899316 - NODATA", - "ingestionTime": 1760899326734, - "eventId": "39269365383029949401438571108670116921054093554823528448" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899246000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899246 1760899320 - NODATA", - "ingestionTime": 1760899342709, - "eventId": "39269365405330694599969194269518376122630654525933879296" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899252000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899252 1760899335 - NODATA", - "ingestionTime": 1760899360418, - "eventId": "39269365539135165791152933140142033914622429515450417152" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899264000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899264 1760899343 - NODATA", - "ingestionTime": 1760899373218, - "eventId": "39269365806744108173520410854044313792513119479803084800" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899275000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899275 1760899355 - NODATA", - "ingestionTime": 1760899375908, - "eventId": "39269366052052305357357265414189441517385877666894970880" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899279000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899279 1760899352 - NODATA", - "ingestionTime": 1760899369219, - "eventId": "39269366141255286151479757972246010380988764276406026240" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899281000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899281 1760899359 - NODATA", - "ingestionTime": 1760899386093, - "eventId": "39269366185856776548541004275716839020567135377730371584" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899291000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899291 1760899368 - NODATA", - "ingestionTime": 1760899396136, - "eventId": "39269366408864228533847235703215102353670681361569349632" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899305000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899305 1760899382 - NODATA", - "ingestionTime": 1760899411018, - "eventId": "39269366721074661313275959702706255481084640795688894464" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899307000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899307 1760899380 - NODATA", - "ingestionTime": 1760899401309, - "eventId": "39269366765676151710337205974040218737002706934304473088" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899307000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899307 1760899377 - NODATA", - "ingestionTime": 1760899407058, - "eventId": "39269366765676151710337205980990486288538753834262528000" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899310000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899310 1760899393 - NODATA", - "ingestionTime": 1760899419461, - "eventId": "39269366832578387305929075420592256492361369792011894784" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899324000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899324 1760899404 - NODATA", - "ingestionTime": 1760899433640, - "eventId": "39269367144788820085357799419233581698511609406149165056" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899335000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899335 1760899412 - NODATA", - "ingestionTime": 1760899433908, - "eventId": "39269367390097017269194653976450088980403729997574832128" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899339000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899339 1760899418 - NODATA", - "ingestionTime": 1760899443512, - "eventId": "39269367479299998063317146554203490059711429749104771072" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899352000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899352 1760899428 - NODATA", - "ingestionTime": 1760899450328, - "eventId": "39269367769209685644215247402407859453740699287278387200" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899361000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899361 1760899433 - NODATA", - "ingestionTime": 1760899454519, - "eventId": "39269367969916392430990855681296183876299316157353951232" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899366000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899366 1760899444 - NODATA", - "ingestionTime": 1760899474591, - "eventId": "39269368081420118423643971413240484439095664219683618816" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899367000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899367 1760899442 - NODATA", - "ingestionTime": 1760899465925, - "eventId": "39269368103720863622174594544299428355023128143241412608" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899368000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899368 1760899453 - NODATA", - "ingestionTime": 1760899486443, - "eventId": "39269368126021608820705217710640157343359909657957302272" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899371000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899371 1760899440 - NODATA", - "ingestionTime": 1760899453355, - "eventId": "39269368192923844416297087095246106187430342297292636160" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899394000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899394 1760899469 - NODATA", - "ingestionTime": 1760899492226, - "eventId": "39269368705840983982501419397559717026373074890956865536" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899395000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899395 1760899474 - NODATA", - "ingestionTime": 1760899499679, - "eventId": "39269368728141729181032042548105768502328698924799033344" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899401000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899401 1760899480 - NODATA", - "ingestionTime": 1760899505761, - "eventId": "39269368861946200372215781404672778473133206005118402560" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899411000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899411 1760899487 - NODATA", - "ingestionTime": 1760899516510, - "eventId": "39269369084953652357522012833024672600503351423856934912" - } - ], - "eni-0412563bcfde47c07-all": [ - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899035000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899035 1760899115 - NODATA", - "ingestionTime": 1760899136495, - "eventId": "39269360699873457710007711156184720977592577186848636928" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899040000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899040 1760899119 - NODATA", - "ingestionTime": 1760899143305, - "eventId": "39269360811377183702660826872095664712709160858448297984" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899053000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899053 1760899129 - NODATA", - "ingestionTime": 1760899149871, - "eventId": "39269361101286871283558927719998164556081147111036944384" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899061000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899061 1760899143 - NODATA", - "ingestionTime": 1760899171229, - "eventId": "39269361279692832871803912878103970731973143505727586304" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899065000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899065 1760899134 - NODATA", - "ingestionTime": 1760899159080, - "eventId": "39269361368895813665926405429559601888144427773353132032" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899067000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899067 1760899140 - NODATA", - "ingestionTime": 1760899158188, - "eventId": "39269361413497304062987651711552518719516224710275825664" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899069000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899069 1760899153 - NODATA", - "ingestionTime": 1760899183464, - "eventId": "39269361458098794460048898025181141301956577880678137856" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899079000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899079 1760899147 - NODATA", - "ingestionTime": 1760899160601, - "eventId": "39269361681106246445355129412898811658073252175123316736" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899087000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899087 1760899166 - NODATA", - "ingestionTime": 1760899189376, - "eventId": "39269361859512208033600114579970893901776463807182798848" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899097000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899097 1760899176 - NODATA", - "ingestionTime": 1760899197279, - "eventId": "39269362082519660018906346004882537813687509194151165952" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899101000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899101 1760899179 - NODATA", - "ingestionTime": 1760899207385, - "eventId": "39269362171722640813028838583242579865759321101520076800" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899110000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899110 1760899188 - NODATA", - "ingestionTime": 1760899210660, - "eventId": "39269362372429347599804446861023392143998122008465309696" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899125000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899125 1760899194 - NODATA", - "ingestionTime": 1760899218812, - "eventId": "39269362706940525577763793993914106303142960102158041088" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899127000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899127 1760899203 - NODATA", - "ingestionTime": 1760899219418, - "eventId": "39269362751542015974825040277718476328369986825337700352" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899128000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899128 1760899200 - NODATA", - "ingestionTime": 1760899219120, - "eventId": "39269362773842761173355663418894165674178680573615538176" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899128000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899128 1760899205 - NODATA", - "ingestionTime": 1760899229665, - "eventId": "39269362773842761173355663431641781566952475279059255296" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899131000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899131 1760899216 - NODATA", - "ingestionTime": 1760899246092, - "eventId": "39269362840744996768947532876108041980772891761732091904" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899154000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899154 1760899229 - NODATA", - "ingestionTime": 1760899251163, - "eventId": "39269363353662136335151865137560078513468959389785718784" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899156000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899156 1760899234 - NODATA", - "ingestionTime": 1760899255712, - "eventId": "39269363398263626732213111426130916777394430857751101440" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899161000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899161 1760899240 - NODATA", - "ingestionTime": 1760899263829, - "eventId": "39269363509767352724866227143622613852783293494349135872" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899165000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899165 1760899246 - NODATA", - "ingestionTime": 1760899273641, - "eventId": "39269363598970333518988719721627354493523822240846249984" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899185000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899185 1760899255 - NODATA", - "ingestionTime": 1760899281581, - "eventId": "39269364044985237489601182561940566582802392043117805568" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899187000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899187 1760899274 - NODATA", - "ingestionTime": 1760899303013, - "eventId": "39269364089586727886662428870921814201369867240798355456" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899189000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899189 1760899265 - NODATA", - "ingestionTime": 1760899290113, - "eventId": "39269364134188218283723675138397685858692808796273704960" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899190000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899190 1760899260 - NODATA", - "ingestionTime": 1760899280671, - "eventId": "39269364156488963482254298268519062333023165200494231552" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899193000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899193 1760899263 - NODATA", - "ingestionTime": 1760899278795, - "eventId": "39269364223391199077846167690858269798831755613942710272" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899207000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899207 1760899286 - NODATA", - "ingestionTime": 1760899310638, - "eventId": "39269364535601631857274891710854073565882969999478882304" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899215000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899215 1760899292 - NODATA", - "ingestionTime": 1760899315726, - "eventId": "39269364714007593445519876849290783883655349661687152640" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899221000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899221 1760899301 - NODATA", - "ingestionTime": 1760899327482, - "eventId": "39269364847812064636703615712717370070625663115083776000" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899229000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899229 1760899308 - NODATA", - "ingestionTime": 1760899331997, - "eventId": "39269365026218026224948600850461253750180961257934094336" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899246000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899246 1760899320 - NODATA", - "ingestionTime": 1760899337920, - "eventId": "39269365405330694599969194263728842467517601889384857600" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899248000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899248 1760899316 - NODATA", - "ingestionTime": 1760899340670, - "eventId": "39269365449932184997030440550125147054714641578971234304" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899248000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899248 1760899326 - NODATA", - "ingestionTime": 1760899350749, - "eventId": "39269365449932184997030440562310038574271999808824475648" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899248000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899248 1760899334 - NODATA", - "ingestionTime": 1760899362257, - "eventId": "39269365449932184997030440576222135510589021884186427392" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899250000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899250 1760899322 - NODATA", - "ingestionTime": 1760899338788, - "eventId": "39269365494533675394091686830921152320352927561249128448" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899270000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899270 1760899347 - NODATA", - "ingestionTime": 1760899368708, - "eventId": "39269365940548579364704149697806783144105333794766585856" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899275000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899275 1760899355 - NODATA", - "ingestionTime": 1760899377918, - "eventId": "39269366052052305357357265416619650568836686043098578944" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899282000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899282 1760899359 - NODATA", - "ingestionTime": 1760899382772, - "eventId": "39269366208157521747071627413237592563353248892668477440" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899289000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899289 1760899368 - NODATA", - "ingestionTime": 1760899393097, - "eventId": "39269366364262738136785989416469683496947752941870645248" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899306000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899306 1760899383 - NODATA", - "ingestionTime": 1760899410529, - "eventId": "39269366743375406511806582843650936186411307196496478208" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899307000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899307 1760899377 - NODATA", - "ingestionTime": 1760899397968, - "eventId": "39269366765676151710337205970001456823899431732343996416" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899307000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899307 1760899380 - NODATA", - "ingestionTime": 1760899400607, - "eventId": "39269366765676151710337205973191896492119022919563018240" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899309000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899309 1760899396 - NODATA", - "ingestionTime": 1760899423126, - "eventId": "39269366810277642107398452283487031653564659198874484736" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899316000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899316 1760899382 - NODATA", - "ingestionTime": 1760899399106, - "eventId": "39269366966382858497112814245198916281112315683434004480" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899331000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899331 1760899406 - NODATA", - "ingestionTime": 1760899430913, - "eventId": "39269367300894036475072161406686974765064859028356005888" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899335000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899335 1760899415 - NODATA", - "ingestionTime": 1760899437272, - "eventId": "39269367390097017269194653980516978150189752716098142208" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899339000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899339 1760899418 - NODATA", - "ingestionTime": 1760899447124, - "eventId": "39269367479299998063317146558570512292617288860634185728" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899351000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899351 1760899427 - NODATA", - "ingestionTime": 1760899454220, - "eventId": "39269367746908940445684624265577228552990440521160261632" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899366000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899366 1760899439 - NODATA", - "ingestionTime": 1760899459961, - "eventId": "39269368081420118423643971395553591908768001739518377984" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899369000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899369 1760899440 - NODATA", - "ingestionTime": 1760899457693, - "eventId": "39269368148322354019235840817419132639093943126178463744" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899369000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899369 1760899444 - NODATA", - "ingestionTime": 1760899469981, - "eventId": "39269368148322354019235840832274191397035876158754783232" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899369000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899369 1760899454 - NODATA", - "ingestionTime": 1760899484008, - "eventId": "39269368148322354019235840849232080110616189955149922304" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899374000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899374 1760899441 - NODATA", - "ingestionTime": 1760899460296, - "eventId": "39269368259826080011888956528244589978217412339484983296" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899392000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899392 1760899467 - NODATA", - "ingestionTime": 1760899489716, - "eventId": "39269368661239493585440173111454201356029973516445417472" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899395000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899395 1760899475 - NODATA", - "ingestionTime": 1760899496760, - "eventId": "39269368728141729181032042544576516340573757947585167360" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899402000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899402 1760899481 - NODATA", - "ingestionTime": 1760899503957, - "eventId": "39269368884246945570746404544027514969411264622420295680" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899413000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899413 1760899488 - NODATA", - "ingestionTime": 1760899511503, - "eventId": "39269369129555142754583259110043103669214552903807205376" - } - ], - "eni-0affc8cb976d281e4-all": [ - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899035000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899035 1760899116 - NODATA", - "ingestionTime": 1760899138840, - "eventId": "39269360699873457710007711159019469104701397634533228544" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899046000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899046 1760899125 - NODATA", - "ingestionTime": 1760899146967, - "eventId": "39269360945181654893844565725737606527934368011554914304" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899060000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899060 1760899132 - NODATA", - "ingestionTime": 1760899190646, - "eventId": "39269361257392087673273289760042133263107400332285378560" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899066000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899066 1760899146 - NODATA", - "ingestionTime": 1760899167560, - "eventId": "39269361391196558864457028581347041359969927984593829888" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899074000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899074 1760899154 - NODATA", - "ingestionTime": 1760899179105, - "eventId": "39269361569602520452702013727590210801973350606697005056" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899087000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899087 1760899164 - NODATA", - "ingestionTime": 1760899192244, - "eventId": "39269361859512208033600114583438176555824605694748459008" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899094000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899094 1760899177 - NODATA", - "ingestionTime": 1760899198599, - "eventId": "39269362015617424423314476581871073057489942101635956736" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899096000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899096 1760899173 - NODATA", - "ingestionTime": 1760899189115, - "eventId": "39269362060218914820375722853477185278320939846186958848" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899109000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899109 1760899185 - NODATA", - "ingestionTime": 1760899210726, - "eventId": "39269362350128602401273823719567361138346684332021776384" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899122000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899122 1760899194 - NODATA", - "ingestionTime": 1760899250823, - "eventId": "39269362640038289982171924608006329965051610956954140672" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899124000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899124 1760899206 - NODATA", - "ingestionTime": 1760899227914, - "eventId": "39269362684639780379233170863382549457541174480434364416" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899126000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899126 1760899200 - NODATA", - "ingestionTime": 1760899219338, - "eventId": "39269362729241270776294417136085999322452702428389244928" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899144000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899144 1760899226 - NODATA", - "ingestionTime": 1760899247368, - "eventId": "39269363130654684349845633717615132665541153038186250240" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899153000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899153 1760899235 - NODATA", - "ingestionTime": 1760899261725, - "eventId": "39269363331361391136621242008792839945762262059483660288" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899167000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899167 1760899245 - NODATA", - "ingestionTime": 1760899268996, - "eventId": "39269363643571823916049965999083152685223837249222017024" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899182000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899182 1760899254 - NODATA", - "ingestionTime": 1760899310544, - "eventId": "39269363978083001894009313172347560528882751266101002240" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899184000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899184 1760899260 - NODATA", - "ingestionTime": 1760899281322, - "eventId": "39269364022684492291070559420091896183115699813441011712" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899186000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899186 1760899266 - NODATA", - "ingestionTime": 1760899287931, - "eventId": "39269364067285982688131805711152844471674574293835710464" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899194000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899194 1760899275 - NODATA", - "ingestionTime": 1760899299457, - "eventId": "39269364245691944276376790857372500237716647776452476928" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899204000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899204 1760899285 - NODATA", - "ingestionTime": 1760899309818, - "eventId": "39269364468699396261683022285255354161015274794248699904" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899213000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899213 1760899295 - NODATA", - "ingestionTime": 1760899320882, - "eventId": "39269364669406103048458630572452503370674395929094586368" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899215000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899215 1760899293 - NODATA", - "ingestionTime": 1760899311810, - "eventId": "39269364714007593445519876844556444173706942228705116160" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899229000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899229 1760899309 - NODATA", - "ingestionTime": 1760899328555, - "eventId": "39269365026218026224948600846300242377921950412429459456" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899241000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899241 1760899325 - NODATA", - "ingestionTime": 1760899348957, - "eventId": "39269365293826968607316078569393086186336604020860649472" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899241000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899241 1760899314 - NODATA", - "ingestionTime": 1760899372605, - "eventId": "39269365293826968607316078597982298375350150780347219968" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899245000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899245 1760899321 - NODATA", - "ingestionTime": 1760899340200, - "eventId": "39269365383029949401438571124949559171644792505665978368" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899251000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899251 1760899335 - NODATA", - "ingestionTime": 1760899359866, - "eventId": "39269365516834420592622309997938463861202851147023974400" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899266000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899266 1760899345 - NODATA", - "ingestionTime": 1760899367752, - "eventId": "39269365851345598570581657130508151919096926587179171840" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899272000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899272 1760899359 - NODATA", - "ingestionTime": 1760899383256, - "eventId": "39269365985150069761765395998465481644863673480582332416" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899276000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899276 1760899352 - NODATA", - "ingestionTime": 1760899370378, - "eventId": "39269366074353050555887888549039652693215533761524727808" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899288000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899288 1760899366 - NODATA", - "ingestionTime": 1760899388583, - "eventId": "39269366341961992938255366269476998944118616763606564864" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899303000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899303 1760899381 - NODATA", - "ingestionTime": 1760899400318, - "eventId": "39269366676473170916214713406699804785352071340302925824" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899303000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899303 1760899375 - NODATA", - "ingestionTime": 1760899429510, - "eventId": "39269366676473170916214713441990338386303280666812350464" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899307000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899307 1760899384 - NODATA", - "ingestionTime": 1760899411298, - "eventId": "39269366765676151710337205986116559650590329171965837312" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899312000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899312 1760899394 - NODATA", - "ingestionTime": 1760899422796, - "eventId": "39269366877179877702990321707695130867012944863901057024" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899322000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899322 1760899403 - NODATA", - "ingestionTime": 1760899428577, - "eventId": "39269367100187329688296553130041479120048520123150827520" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899334000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899334 1760899412 - NODATA", - "ingestionTime": 1760899432439, - "eventId": "39269367367796272070664030833138720654446275223893245952" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899334000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899334 1760899414 - NODATA", - "ingestionTime": 1760899439881, - "eventId": "39269367367796272070664030842135296708003520290717499392" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899347000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899347 1760899424 - NODATA", - "ingestionTime": 1760899451070, - "eventId": "39269367657705959651562131695626595798239555883438637056" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899361000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899361 1760899435 - NODATA", - "ingestionTime": 1760899490451, - "eventId": "39269367969916392430990855724735341148002908163555328000" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899364000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899364 1760899441 - NODATA", - "ingestionTime": 1760899459187, - "eventId": "39269368036818628026582725111546443776056460041485942784" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899366000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899366 1760899447 - NODATA", - "ingestionTime": 1760899471147, - "eventId": "39269368081420118423643971409076505618835547023528493056" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899370000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899370 1760899452 - NODATA", - "ingestionTime": 1760899479024, - "eventId": "39269368170623099217766463984742283714993043411306807296" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899382000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899382 1760899467 - NODATA", - "ingestionTime": 1760899488669, - "eventId": "39269368438232041600133941694831139681884182062797881344" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899394000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899394 1760899475 - NODATA", - "ingestionTime": 1760899502220, - "eventId": "39269368705840983982501419409641737709798658672228827136" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899398000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899398 1760899473 - NODATA", - "ingestionTime": 1760899489665, - "eventId": "39269368795043964776623911960606453012996625068128206848" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899409000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899409 1760899486 - NODATA", - "ingestionTime": 1760899512065, - "eventId": "39269369040352161960460766544579612106892416237728497664" - } - ], - "eni-0cc527ecbe7a26eaf-all": [ - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899035000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899035 1760899117 - NODATA", - "ingestionTime": 1760899142936, - "eventId": "39269360699873457710007711163971510559320265101743685632" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899036000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899036 1760899114 - NODATA", - "ingestionTime": 1760899134414, - "eventId": "39269360722174202908538334295204820463313948714318168064" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899050000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899050 1760899129 - NODATA", - "ingestionTime": 1760899152727, - "eventId": "39269361034384635687967058298843497727773204937133850624" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899063000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899063 1760899133 - NODATA", - "ingestionTime": 1760899185523, - "eventId": "39269361324294323268865159178455904111196628287686770688" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899065000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899065 1760899140 - NODATA", - "ingestionTime": 1760899158843, - "eventId": "39269361368895813665926405429273417399856208608128204800" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899066000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899066 1760899145 - NODATA", - "ingestionTime": 1760899168245, - "eventId": "39269361391196558864457028582175509246823037858524626944" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899072000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899072 1760899154 - NODATA", - "ingestionTime": 1760899181163, - "eventId": "39269361525001030055640767447006181139772869756776218624" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899090000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899090 1760899170 - NODATA", - "ingestionTime": 1760899193900, - "eventId": "39269361926414443629191984010047495961379235145155215360" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899092000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899092 1760899177 - NODATA", - "ingestionTime": 1760899202749, - "eventId": "39269361971015934026253230303816785979875019549754589184" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899110000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899110 1760899188 - NODATA", - "ingestionTime": 1760899210860, - "eventId": "39269362372429347599804446861265377207808753828176592896" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899125000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899125 1760899204 - NODATA", - "ingestionTime": 1760899230989, - "eventId": "39269362706940525577763794008635558579997690313193750528" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899126000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899126 1760899200 - NODATA", - "ingestionTime": 1760899219830, - "eventId": "39269362729241270776294417136680824586241537371595341824" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899127000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899127 1760899212 - NODATA", - "ingestionTime": 1760899242326, - "eventId": "39269362751542015974825040305412561063885034823646773248" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899146000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899146 1760899226 - NODATA", - "ingestionTime": 1760899246152, - "eventId": "39269363175256174746906879999216657007477593368650383360" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899152000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899152 1760899231 - NODATA", - "ingestionTime": 1760899253019, - "eventId": "39269363309060645938090618856732243219578704771989635072" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899156000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899156 1760899237 - NODATA", - "ingestionTime": 1760899263736, - "eventId": "39269363398263626732213111435831655263089646910124851200" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899170000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899170 1760899247 - NODATA", - "ingestionTime": 1760899271074, - "eventId": "39269363710474059511641835426202440992731308715443683328" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899184000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899184 1760899260 - NODATA", - "ingestionTime": 1760899279688, - "eventId": "39269364022684492291070559418116119557759800710406471680" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899186000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899186 1760899257 - NODATA", - "ingestionTime": 1760899306262, - "eventId": "39269364067285982688131805733313731667256371536065331200" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899188000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899188 1760899266 - NODATA", - "ingestionTime": 1760899288672, - "eventId": "39269364111887473085193051995119913844343400534901653504" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899194000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899194 1760899275 - NODATA", - "ingestionTime": 1760899299252, - "eventId": "39269364245691944276376790857125149363662073314597076992" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899204000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899204 1760899285 - NODATA", - "ingestionTime": 1760899309280, - "eventId": "39269364468699396261683022284605296878582061744064102400" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899214000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899214 1760899291 - NODATA", - "ingestionTime": 1760899314311, - "eventId": "39269364691706848246989253706044751639540719357729177600" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899215000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899215 1760899296 - NODATA", - "ingestionTime": 1760899324087, - "eventId": "39269364714007593445519876859398939631364402504914436096" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899232 1760899310 - NODATA", - "ingestionTime": 1760899334354, - "eventId": "39269365093120261820540470277918148826862523982991851520" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899245000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899245 1760899320 - NODATA", - "ingestionTime": 1760899341889, - "eventId": "39269365383029949401438571126991283198097922654519689216" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899245000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899245 1760899325 - NODATA", - "ingestionTime": 1760899348539, - "eventId": "39269365383029949401438571135031132663793566278058115072" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899246000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899246 1760899316 - NODATA", - "ingestionTime": 1760899366160, - "eventId": "39269365405330694599969194297869179122661927007680724992" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899253000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899253 1760899335 - NODATA", - "ingestionTime": 1760899360237, - "eventId": "39269365561435910989683556281458718788128809122697052160" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899263000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899263 1760899343 - NODATA", - "ingestionTime": 1760899367744, - "eventId": "39269365784443362974989787705891158615048326713479266304" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899275000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899275 1760899352 - NODATA", - "ingestionTime": 1760899372061, - "eventId": "39269366052052305357357265409538549045672232196748017664" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899275000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899275 1760899358 - NODATA", - "ingestionTime": 1760899383656, - "eventId": "39269366052052305357357265423556517543661022486787260416" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899290000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899290 1760899367 - NODATA", - "ingestionTime": 1760899391461, - "eventId": "39269366386563483335316612556027451863182680765922607104" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899303000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899303 1760899381 - NODATA", - "ingestionTime": 1760899403625, - "eventId": "39269366676473170916214713410697222888582558342587351040" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899307000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899307 1760899384 - NODATA", - "ingestionTime": 1760899411002, - "eventId": "39269366765676151710337205985758614282112731246506541056" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899314000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899314 1760899394 - NODATA", - "ingestionTime": 1760899419972, - "eventId": "39269366921781368100051567987352686539192809824210518016" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899324000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899324 1760899404 - NODATA", - "ingestionTime": 1760899426887, - "eventId": "39269367144788820085357799411069452063340406770065408000" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899334000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899334 1760899412 - NODATA", - "ingestionTime": 1760899434439, - "eventId": "39269367367796272070664030835556822797651854308072357888" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899334000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899334 1760899417 - NODATA", - "ingestionTime": 1760899446456, - "eventId": "39269367367796272070664030850084056944309412406590767104" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899351000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899351 1760899427 - NODATA", - "ingestionTime": 1760899451312, - "eventId": "39269367746908940445684624262062177639914816024458821632" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899364000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899364 1760899441 - NODATA", - "ingestionTime": 1760899459035, - "eventId": "39269368036818628026582725111362754830102764013299433472" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899364000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899364 1760899446 - NODATA", - "ingestionTime": 1760899470289, - "eventId": "39269368036818628026582725124967908315929005802571956224" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899368000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899368 1760899437 - NODATA", - "ingestionTime": 1760899486041, - "eventId": "39269368126021608820705217710153819616007802450744442880" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899370000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899370 1760899452 - NODATA", - "ingestionTime": 1760899480164, - "eventId": "39269368170623099217766463986120228458155453978742292480" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899383000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899383 1760899466 - NODATA", - "ingestionTime": 1760899488206, - "eventId": "39269368460532786798664564835806916203379451258122797056" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899393000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899393 1760899476 - NODATA", - "ingestionTime": 1760899506645, - "eventId": "39269368683540238783970796273455606208662299519439011840" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899397000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899397 1760899475 - NODATA", - "ingestionTime": 1760899493621, - "eventId": "39269368772743219578093288823853465559792739857376215040" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899410000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899410 1760899488 - NODATA", - "ingestionTime": 1760899512938, - "eventId": "39269369062652907158991389687170444069467983195855192064" - } - ], - "eni-00e49c1a350a96c62-all": [ - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899037000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899037 1760899114 - NODATA", - "ingestionTime": 1760899138767, - "eventId": "39269360744474948107068957442002873060395970223357362176" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899049000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899049 1760899123 - NODATA", - "ingestionTime": 1760899145913, - "eventId": "39269361012083890489436435149070146485244488969436200960" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899057000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899057 1760899130 - NODATA", - "ingestionTime": 1760899154890, - "eventId": "39269361190489852077681420292208780129801594305213628416" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899063000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899063 1760899143 - NODATA", - "ingestionTime": 1760899165282, - "eventId": "39269361324294323268865159153986206642563145982672568320" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899068000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899068 1760899140 - NODATA", - "ingestionTime": 1760899155203, - "eventId": "39269361435798049261518274849479695499931155809958887424" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899069000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899069 1760899149 - NODATA", - "ingestionTime": 1760899172925, - "eventId": "39269361458098794460048898012440441311275205415884881920" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899074000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899074 1760899158 - NODATA", - "ingestionTime": 1760899188149, - "eventId": "39269361569602520452702013738523382166437444405447360512" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899094000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899094 1760899173 - NODATA", - "ingestionTime": 1760899193854, - "eventId": "39269362015617424423314476576134577772443043769486868480" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899098000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899098 1760899175 - NODATA", - "ingestionTime": 1760899198765, - "eventId": "39269362104820405217436969148214454073853692019531972608" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899106000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899106 1760899183 - NODATA", - "ingestionTime": 1760899205855, - "eventId": "39269362283226366805681954289071863715341114358247981056" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899116000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899116 1760899190 - NODATA", - "ingestionTime": 1760899218900, - "eventId": "39269362506233818790988185720199514343819175426755985408" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899124000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899124 1760899200 - NODATA", - "ingestionTime": 1760899223152, - "eventId": "39269362684639780379233170857625462746990168067807838208" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899129000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899129 1760899207 - NODATA", - "ingestionTime": 1760899233704, - "eventId": "39269362796143506371886286578060267268971733818706690048" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899130000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899130 1760899200 - NODATA", - "ingestionTime": 1760899216597, - "eventId": "39269362818444251570416909698915159185654638900559478784" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899132000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899132 1760899217 - NODATA", - "ingestionTime": 1760899249116, - "eventId": "39269362863045741967478156021299470001702103957709324288" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899157000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899157 1760899233 - NODATA", - "ingestionTime": 1760899250348, - "eventId": "39269363420564371930743734561181793392594438106193985536" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899158000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899158 1760899235 - NODATA", - "ingestionTime": 1760899257916, - "eventId": "39269363442865117129274357711867073227048333308284895232" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899167000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899167 1760899242 - NODATA", - "ingestionTime": 1760899266443, - "eventId": "39269363643571823916049965995997165200773008274068602880" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899176000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899176 1760899252 - NODATA", - "ingestionTime": 1760899278154, - "eventId": "39269363844278530702825574283975957584885667444695433216" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899183000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899183 1760899261 - NODATA", - "ingestionTime": 1760899283120, - "eventId": "39269364000383747092539936280729434656590907773135814656" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899187000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899187 1760899267 - NODATA", - "ingestionTime": 1760899294600, - "eventId": "39269364089586727886662428860750732039464946026079584256" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899190000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899190 1760899260 - NODATA", - "ingestionTime": 1760899275302, - "eventId": "39269364156488963482254298262028409321693380740057726976" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899193000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899193 1760899277 - NODATA", - "ingestionTime": 1760899306056, - "eventId": "39269364223391199077846167723814463848546217742214758400" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899213000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899213 1760899292 - NODATA", - "ingestionTime": 1760899313242, - "eventId": "39269364669406103048458630563216446915861083943820525568" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899217000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899217 1760899294 - NODATA", - "ingestionTime": 1760899321674, - "eventId": "39269364758609083842581123139552769844370962991551938560" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899228000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899228 1760899304 - NODATA", - "ingestionTime": 1760899325244, - "eventId": "39269365003917281026417977700761979083052749898730242048" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899234000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899234 1760899313 - NODATA", - "ingestionTime": 1760899337001, - "eventId": "39269365137721752217601716564189390859907730233102761984" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899243000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899243 1760899323 - NODATA", - "ingestionTime": 1760899342968, - "eventId": "39269365338428459004377324845224710968490708577878147072" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899247000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899247 1760899320 - NODATA", - "ingestionTime": 1760899337957, - "eventId": "39269365427631439798499817405309310435025331773548134400" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899250000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899250 1760899327 - NODATA", - "ingestionTime": 1760899354215, - "eventId": "39269365494533675394091686849571300684571434120473935872" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899256000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899256 1760899339 - NODATA", - "ingestionTime": 1760899366733, - "eventId": "39269365628338146585275425713918766977677100855991992320" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899274000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899274 1760899355 - NODATA", - "ingestionTime": 1760899383193, - "eventId": "39269366029751560158826642281460692452759301299789365248" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899275000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899275 1760899350 - NODATA", - "ingestionTime": 1760899372605, - "eventId": "39269366052052305357357265410196231221786162162004131840" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899289000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899289 1760899364 - NODATA", - "ingestionTime": 1760899386545, - "eventId": "39269366364262738136785989408548697493435601619971342336" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899296000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899296 1760899369 - NODATA", - "ingestionTime": 1760899397522, - "eventId": "39269366520367954526500351412569071531243907951461466112" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899303000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899303 1760899381 - NODATA", - "ingestionTime": 1760899403322, - "eventId": "39269366676473170916214713410331080053193532204739461120" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899310000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899310 1760899380 - NODATA", - "ingestionTime": 1760899396685, - "eventId": "39269366832578387305929075393057588744809773639408222208" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899310000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899310 1760899391 - NODATA", - "ingestionTime": 1760899414626, - "eventId": "39269366832578387305929075414746681071818916868380557312" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899312000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899312 1760899397 - NODATA", - "ingestionTime": 1760899426265, - "eventId": "39269366877179877702990321711888984629719983476018970624" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899334000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899334 1760899415 - NODATA", - "ingestionTime": 1760899439060, - "eventId": "39269367367796272070664030841142937958575332058401079296" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899335000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899335 1760899411 - NODATA", - "ingestionTime": 1760899430946, - "eventId": "39269367390097017269194653972869353730141055293073653760" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899348000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899348 1760899422 - NODATA", - "ingestionTime": 1760899445836, - "eventId": "39269367680006704850092754830834442177159248388842323968" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899358000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899358 1760899431 - NODATA", - "ingestionTime": 1760899455982, - "eventId": "39269367903014156835398986258457400930997965156061413376" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899363000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899363 1760899448 - NODATA", - "ingestionTime": 1760899475444, - "eventId": "39269368014517882828052101989664297898907338176166625280" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899364000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899364 1760899440 - NODATA", - "ingestionTime": 1760899465105, - "eventId": "39269368036818628026582725118701199232259355164586803200" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899371000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899371 1760899440 - NODATA", - "ingestionTime": 1760899457014, - "eventId": "39269368192923844416297087099669576687152167684464902144" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899377000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899377 1760899459 - NODATA", - "ingestionTime": 1760899490171, - "eventId": "39269368326728315607480825988968463538789249157613486080" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899393000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899393 1760899469 - NODATA", - "ingestionTime": 1760899490033, - "eventId": "39269368683540238783970796253372651980199477280652132352" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899393000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899393 1760899475 - NODATA", - "ingestionTime": 1760899500599, - "eventId": "39269368683540238783970796266146224296626452138420731904" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899409000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899409 1760899484 - NODATA", - "ingestionTime": 1760899505136, - "eventId": "39269369040352161960460766536202630897021212831417696256" - } - ], - "eni-0fa50413d12043097-all": [ - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899040000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899040 1760899115 - NODATA", - "ingestionTime": 1760899140262, - "eventId": "39269360811377183702660826868416985984503058815102287872" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899042000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899042 1760899121 - NODATA", - "ingestionTime": 1760899143376, - "eventId": "39269360855978674099722073155253169520247183234716467200" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899052000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899052 1760899128 - NODATA", - "ingestionTime": 1760899152591, - "eventId": "39269361078986126085028304581750881363540677418497605632" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899064000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899064 1760899140 - NODATA", - "ingestionTime": 1760899162154, - "eventId": "39269361346595068467395782291739961430735159900244934656" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899066000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899066 1760899144 - NODATA", - "ingestionTime": 1760899169498, - "eventId": "39269361391196558864457028583690118502832229354569924608" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899073000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899073 1760899154 - NODATA", - "ingestionTime": 1760899179003, - "eventId": "39269361547301775254171390585930848990670403554094546944" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899092000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899092 1760899171 - NODATA", - "ingestionTime": 1760899190986, - "eventId": "39269361971015934026253230289595803506801529278806687744" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899098000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899098 1760899181 - NODATA", - "ingestionTime": 1760899207867, - "eventId": "39269362104820405217436969159218344953622183587375808512" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899112000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899112 1760899188 - NODATA", - "ingestionTime": 1760899214794, - "eventId": "39269362417030837996865693149092557063885044642170601472" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899126000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899126 1760899200 - NODATA", - "ingestionTime": 1760899218363, - "eventId": "39269362729241270776294417134907160818739660973908819968" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899127000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899127 1760899204 - NODATA", - "ingestionTime": 1760899228143, - "eventId": "39269362751542015974825040288266516288111335930212450304" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899130000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899130 1760899196 - NODATA", - "ingestionTime": 1760899236269, - "eventId": "39269362818444251570416909722696919918440077319402749952" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899136000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899136 1760899216 - NODATA", - "ingestionTime": 1760899235291, - "eventId": "39269362952248722761600648570728909971269331639508271104" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899138000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899138 1760899219 - NODATA", - "ingestionTime": 1760899250086, - "eventId": "39269362996850213158661894871686954858411832487192231936" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899153000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899153 1760899230 - NODATA", - "ingestionTime": 1760899254654, - "eventId": "39269363331361391136621242000244768455551793757717463040" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899161000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899161 1760899237 - NODATA", - "ingestionTime": 1760899257334, - "eventId": "39269363509767352724866227135770221742737076997653921792" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899164000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899164 1760899241 - NODATA", - "ingestionTime": 1760899265939, - "eventId": "39269363576669588320458096570780569355098770852205232128" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899174000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899174 1760899249 - NODATA", - "ingestionTime": 1760899273397, - "eventId": "39269363799677040305764327995154046397828555294498422784" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899184000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899184 1760899260 - NODATA", - "ingestionTime": 1760899281771, - "eventId": "39269364022684492291070559420634279420924730337580023808" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899187000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899187 1760899265 - NODATA", - "ingestionTime": 1760899288795, - "eventId": "39269364089586727886662428853733110355927812841166798848" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899196000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899196 1760899273 - NODATA", - "ingestionTime": 1760899296003, - "eventId": "39269364290293434673438037136268631779257380741103878144" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899198000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899198 1760899278 - NODATA", - "ingestionTime": 1760899306553, - "eventId": "39269364334894925070499283432094430904808367107227451392" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899213000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899213 1760899289 - NODATA", - "ingestionTime": 1760899312120, - "eventId": "39269364669406103048458630561859774536441580822616932352" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899219000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899219 1760899295 - NODATA", - "ingestionTime": 1760899317268, - "eventId": "39269364803210574239642369417297713069416572112904192000" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899219000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899219 1760899301 - NODATA", - "ingestionTime": 1760899322768, - "eventId": "39269364803210574239642369423946845989658433766276726784" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899234000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899234 1760899311 - NODATA", - "ingestionTime": 1760899332678, - "eventId": "39269365137721752217601716558963471053914458804630847488" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899245000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899245 1760899320 - NODATA", - "ingestionTime": 1760899339367, - "eventId": "39269365383029949401438571123942486092557966856190361600" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899247000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899247 1760899324 - NODATA", - "ingestionTime": 1760899348309, - "eventId": "39269365427631439798499817417824354360108782591454478336" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899253000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899253 1760899332 - NODATA", - "ingestionTime": 1760899355678, - "eventId": "39269365561435910989683556275947266384107891177478815744" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899261000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899261 1760899342 - NODATA", - "ingestionTime": 1760899366693, - "eventId": "39269365739841872577928541421549487378245342185086910464" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899273000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899273 1760899350 - NODATA", - "ingestionTime": 1760899372128, - "eventId": "39269366007450814960296019126548532389304577255380680704" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899281000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899281 1760899356 - NODATA", - "ingestionTime": 1760899377874, - "eventId": "39269366185856776548541004265780822088761543221054603264" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899284000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899284 1760899364 - NODATA", - "ingestionTime": 1760899385324, - "eventId": "39269366252759012144132873699394307557598695465524264960" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899292000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899292 1760899368 - NODATA", - "ingestionTime": 1760899394142, - "eventId": "39269366431164973732377858842340359302581975791635333120" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899303000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899303 1760899380 - NODATA", - "ingestionTime": 1760899400005, - "eventId": "39269366676473170916214713406321216800965289140896202752" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899307000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899307 1760899383 - NODATA", - "ingestionTime": 1760899409949, - "eventId": "39269366765676151710337205984485811763750024473813581824" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899313000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899313 1760899378 - NODATA", - "ingestionTime": 1760899414160, - "eventId": "39269366899480622901520944838790532611734763965527949312" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899314000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899314 1760899394 - NODATA", - "ingestionTime": 1760899419381, - "eventId": "39269366921781368100051567986638388512800638442458775552" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899317000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899317 1760899401 - NODATA", - "ingestionTime": 1760899428481, - "eventId": "39269366988683603695643437422246304878471566233588793344" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899334000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899334 1760899410 - NODATA", - "ingestionTime": 1760899430659, - "eventId": "39269367367796272070664030830986961116563222632212791296" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899340000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899340 1760899416 - NODATA", - "ingestionTime": 1760899436518, - "eventId": "39269367501600743261847769687284398395473853959957053440" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899345000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899345 1760899422 - NODATA", - "ingestionTime": 1760899447444, - "eventId": "39269367613104469254500885408171291853138687591527874560" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899354000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899354 1760899429 - NODATA", - "ingestionTime": 1760899453567, - "eventId": "39269367813811176041276493689395293155195266907628961792" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899364000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899364 1760899441 - NODATA", - "ingestionTime": 1760899458468, - "eventId": "39269368036818628026582725110677664820832133703468122112" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899370000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899370 1760899445 - NODATA", - "ingestionTime": 1760899471928, - "eventId": "39269368170623099217766463976163577497656700642295021568" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899375000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899375 1760899454 - NODATA", - "ingestionTime": 1760899475464, - "eventId": "39269368282126825210419579688117181201629642247446134784" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899377000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899377 1760899460 - NODATA", - "ingestionTime": 1760899486979, - "eventId": "39269368326728315607480825985109618256405191504821223424" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899391000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899391 1760899470 - NODATA", - "ingestionTime": 1760899491571, - "eventId": "39269368638938748386909549972160630771095970562797076480" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899398000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899398 1760899476 - NODATA", - "ingestionTime": 1760899496786, - "eventId": "39269368795043964776623911969215202050450603886724448256" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899398000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899398 1760899480 - NODATA", - "ingestionTime": 1760899504483, - "eventId": "39269368795043964776623911978520527272550776449095237632" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899410000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899410 1760899487 - NODATA", - "ingestionTime": 1760899514868, - "eventId": "39269369062652907158991389689503736367846913633824866304" - } - ], - "eni-0ab252a7dc8378f9e-all": [ - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899043000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899043 1760899121 - NODATA", - "ingestionTime": 1760899144743, - "eventId": "39269360878279419298252696298441346294757840151857463296" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899055000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899055 1760899132 - NODATA", - "ingestionTime": 1760899168235, - "eventId": "39269361145888361680620174025270253239837550314553278464" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899063000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899063 1760899140 - NODATA", - "ingestionTime": 1760899163640, - "eventId": "39269361324294323268865159152001029709603810370906947584" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899063000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899063 1760899143 - NODATA", - "ingestionTime": 1760899168077, - "eventId": "39269361324294323268865159157365264056044858698275160064" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899074000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899074 1760899156 - NODATA", - "ingestionTime": 1760899176432, - "eventId": "39269361569602520452702013724358474785221923001425002496" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899083000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899083 1760899165 - NODATA", - "ingestionTime": 1760899187057, - "eventId": "39269361770309227239477622011024815587615914795180752896" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899087000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899087 1760899153 - NODATA", - "ingestionTime": 1760899167556, - "eventId": "39269361859512208033600114553592653372149707506846400512" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899092000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899092 1760899170 - NODATA", - "ingestionTime": 1760899192280, - "eventId": "39269361971015934026253230291160278927375725344553107456" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899099000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899099 1760899177 - NODATA", - "ingestionTime": 1760899198187, - "eventId": "39269362127121150415967592289051716776414009852387983360" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899103000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899103 1760899183 - NODATA", - "ingestionTime": 1760899206246, - "eventId": "39269362216324131210090084864937018834584512701592240128" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899116000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899116 1760899191 - NODATA", - "ingestionTime": 1760899232074, - "eventId": "39269362506233818790988185736125476421465966948702420992" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899126000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899126 1760899200 - NODATA", - "ingestionTime": 1760899219781, - "eventId": "39269362729241270776294417136621410518674911340285657088" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899127000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899127 1760899204 - NODATA", - "ingestionTime": 1760899228166, - "eventId": "39269362751542015974825040288294114353006436868741267456" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899135000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899135 1760899216 - NODATA", - "ingestionTime": 1760899236537, - "eventId": "39269362929947977563070025430699906144758538369638989824" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899143000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899143 1760899223 - NODATA", - "ingestionTime": 1760899246487, - "eventId": "39269363108353939151315010575014091586148403225718226944" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899152000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899152 1760899218 - NODATA", - "ingestionTime": 1760899228230, - "eventId": "39269363309060645938090618826764277432324953379863986176" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899154000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899154 1760899230 - NODATA", - "ingestionTime": 1760899251910, - "eventId": "39269363353662136335151865138463170581794388689786109952" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899159000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899159 1760899237 - NODATA", - "ingestionTime": 1760899258836, - "eventId": "39269363465165862327804980854514963320757161567338037248" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899164000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899164 1760899243 - NODATA", - "ingestionTime": 1760899267297, - "eventId": "39269363576669588320458096572421907225632428613003575296" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899175000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899175 1760899249 - NODATA", - "ingestionTime": 1760899289057, - "eventId": "39269363821977785504294951155621307693113204263044317184" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899182000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899182 1760899260 - NODATA", - "ingestionTime": 1760899284104, - "eventId": "39269363978083001894009313140383662044320238584828002304" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899188000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899188 1760899264 - NODATA", - "ingestionTime": 1760899289384, - "eventId": "39269364111887473085193051995981173248009206015046909952" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899194000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899194 1760899273 - NODATA", - "ingestionTime": 1760899297876, - "eventId": "39269364245691944276376790855461696834132070243219472384" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899201000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899201 1760899281 - NODATA", - "ingestionTime": 1760899306426, - "eventId": "39269364401797160666091152856547997110764227965170089984" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899212000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899212 1760899290 - NODATA", - "ingestionTime": 1760899311990, - "eventId": "39269364647105357849928007420167105058361158249298591744" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899220000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899220 1760899296 - NODATA", - "ingestionTime": 1760899318981, - "eventId": "39269364825511319438172992560904692599124508662111862784" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899225000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899225 1760899305 - NODATA", - "ingestionTime": 1760899326405, - "eventId": "39269364937015045430826108277557866612080981738167205888" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899234000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899234 1760899311 - NODATA", - "ingestionTime": 1760899349607, - "eventId": "39269365137721752217601716579429045015788236565383872512" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899244000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899244 1760899320 - NODATA", - "ingestionTime": 1760899340539, - "eventId": "39269365360729204202907947983824034257365336815361916928" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899246000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899246 1760899324 - NODATA", - "ingestionTime": 1760899349659, - "eventId": "39269365405330694599969194277920420845905191734063595520" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899255000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899255 1760899333 - NODATA", - "ingestionTime": 1760899355340, - "eventId": "39269365606037401386744802558609859740341295972286267392" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899258000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899258 1760899342 - NODATA", - "ingestionTime": 1760899370852, - "eventId": "39269365672939636982336672001969956859553818871193468928" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899264000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899264 1760899332 - NODATA", - "ingestionTime": 1760899350205, - "eventId": "39269365806744108173520410826223332584796236243615940608" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899273000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899273 1760899351 - NODATA", - "ingestionTime": 1760899371460, - "eventId": "39269366007450814960296019125740775862889849020409970688" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899280000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899280 1760899356 - NODATA", - "ingestionTime": 1760899380041, - "eventId": "39269366163556031350010381126864519046676932443778842624" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899285000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899285 1760899363 - NODATA", - "ingestionTime": 1760899385191, - "eventId": "39269366275059757342663496840769274361216909335960289280" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899294000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899294 1760899369 - NODATA", - "ingestionTime": 1760899408748, - "eventId": "39269366475766464129439105143069271520703015093635448832" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899303000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899303 1760899380 - NODATA", - "ingestionTime": 1760899403298, - "eventId": "39269366676473170916214713410301864753488679959076405248" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899307000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899307 1760899385 - NODATA", - "ingestionTime": 1760899409389, - "eventId": "39269366765676151710337205983808376335481471422902829056" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899314000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899314 1760899393 - NODATA", - "ingestionTime": 1760899417527, - "eventId": "39269366921781368100051567984396803465274466565072355328" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899322000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899322 1760899404 - NODATA", - "ingestionTime": 1760899425908, - "eventId": "39269367100187329688296553126814732094305494235156250624" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899325000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899325 1760899394 - NODATA", - "ingestionTime": 1760899407513, - "eventId": "39269367167089565283888422529183595729306489697859207168" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899334000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899334 1760899411 - NODATA", - "ingestionTime": 1760899432182, - "eventId": "39269367367796272070664030832828069171568725790328619008" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899338000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899338 1760899417 - NODATA", - "ingestionTime": 1760899441926, - "eventId": "39269367456999252864786523410750437457893915410264948736" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899347000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899347 1760899423 - NODATA", - "ingestionTime": 1760899448300, - "eventId": "39269367657705959651562131692277680343019782573063667712" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899357000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899357 1760899431 - NODATA", - "ingestionTime": 1760899468795, - "eventId": "39269367880713411636868363132411672098214393367238672384" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899364000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899364 1760899441 - NODATA", - "ingestionTime": 1760899460562, - "eventId": "39269368036818628026582725113209034936779570569075097600" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899370000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899370 1760899445 - NODATA", - "ingestionTime": 1760899469949, - "eventId": "39269368170623099217766463973771603933568241784363286528" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899379000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899379 1760899454 - NODATA", - "ingestionTime": 1760899478804, - "eventId": "39269368371329806004542072258297942518344252529592041472" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899384000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899384 1760899454 - NODATA", - "ingestionTime": 1760899468911, - "eventId": "39269368482833531997195187954016642404155879694547550208" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899384000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899384 1760899466 - NODATA", - "ingestionTime": 1760899486220, - "eventId": "39269368482833531997195187974941804250215427335835811840" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899396000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899396 1760899472 - NODATA", - "ingestionTime": 1760899492248, - "eventId": "39269368750442474379562665680657565911081339579250507776" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899400000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899400 1760899478 - NODATA", - "ingestionTime": 1760899500150, - "eventId": "39269368839645455173685158256353497648806873134796832768" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899403000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899403 1760899482 - NODATA", - "ingestionTime": 1760899507126, - "eventId": "39269368906547690769277027689394005336431475869869670400" - } - ], - "eni-0d52b90c56c30aaaf-all": [ - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899047000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899047 1760899125 - NODATA", - "ingestionTime": 1760899147882, - "eventId": "39269360967482400092375188868379387488249224545389772800" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899060000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899060 1760899131 - NODATA", - "ingestionTime": 1760899156440, - "eventId": "39269361257392087673273289718689448193884824360186019840" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899064000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899064 1760899142 - NODATA", - "ingestionTime": 1760899162528, - "eventId": "39269361346595068467395782292192150158971810428482420736" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899069000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899069 1760899147 - NODATA", - "ingestionTime": 1760899172082, - "eventId": "39269361458098794460048898011420986728738606749298458624" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899075000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899075 1760899154 - NODATA", - "ingestionTime": 1760899179557, - "eventId": "39269361591903265651232636869672220334830881519077687296" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899085000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899085 1760899165 - NODATA", - "ingestionTime": 1760899188478, - "eventId": "39269361814910717636538868295814303201759959957510815744" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899095000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899095 1760899172 - NODATA", - "ingestionTime": 1760899194879, - "eventId": "39269362037918169621845099718909715757515917376757170176" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899107000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899107 1760899185 - NODATA", - "ingestionTime": 1760899206508, - "eventId": "39269362305527112004212577431396849746611502212074307584" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899121000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899121 1760899192 - NODATA", - "ingestionTime": 1760899214474, - "eventId": "39269362617737544783641301422527240192386104119123574784" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899123000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899123 1760899201 - NODATA", - "ingestionTime": 1760899222492, - "eventId": "39269362662339035180702547715291594383117768292878319616" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899130000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899130 1760899208 - NODATA", - "ingestionTime": 1760899233348, - "eventId": "39269362818444251570416909719166094403420838251948867584" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899134000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899134 1760899217 - NODATA", - "ingestionTime": 1760899237905, - "eventId": "39269362907647232364539402290818007128969998725776801792" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899148000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899148 1760899227 - NODATA", - "ingestionTime": 1760899249387, - "eventId": "39269363219857665143968126286198786333524041780303036416" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899158000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899158 1760899239 - NODATA", - "ingestionTime": 1760899261413, - "eventId": "39269363442865117129274357716094800437411500094429528064" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899160000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899160 1760899234 - NODATA", - "ingestionTime": 1760899253536, - "eventId": "39269363487466607526335603989642999868426518943790465024" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899169000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899169 1760899246 - NODATA", - "ingestionTime": 1760899268102, - "eventId": "39269363688173314313111212281074160052015497532470460416" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899180000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899180 1760899252 - NODATA", - "ingestionTime": 1760899274719, - "eventId": "39269363933481511496948066845966343222172770892652806144" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899180000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899180 1760899260 - NODATA", - "ingestionTime": 1760899282079, - "eventId": "39269363933481511496948066854863770950199002917434556416" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899182000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899182 1760899266 - NODATA", - "ingestionTime": 1760899293227, - "eventId": "39269363978083001894009313151412646716540168025258590208" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899190000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899190 1760899260 - NODATA", - "ingestionTime": 1760899274490, - "eventId": "39269364156488963482254298261046844228847478003796869120" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899197000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899197 1760899278 - NODATA", - "ingestionTime": 1760899300413, - "eventId": "39269364312594179871968660283135671277550524372656193536" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899206000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899206 1760899285 - NODATA", - "ingestionTime": 1760899307559, - "eventId": "39269364513300886658744268565595883298524412475948466176" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899217000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899217 1760899298 - NODATA", - "ingestionTime": 1760899321757, - "eventId": "39269364758609083842581123139653540981407932788203454464" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899218000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899218 1760899294 - NODATA", - "ingestionTime": 1760899314944, - "eventId": "39269364780909829041111746272952618045972927612869541888" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899228000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899228 1760899306 - NODATA", - "ingestionTime": 1760899328418, - "eventId": "39269365003917281026417977704598914236157516870803456000" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899237000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899237 1760899311 - NODATA", - "ingestionTime": 1760899335203, - "eventId": "39269365204623987813193585986622672787194287678300815360" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899244000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899244 1760899323 - NODATA", - "ingestionTime": 1760899343217, - "eventId": "39269365360729204202907947987061312010472019627786567680" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899251000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899251 1760899320 - NODATA", - "ingestionTime": 1760899334785, - "eventId": "39269365516834420592622309967617577569085590337844543488" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899251000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899251 1760899327 - NODATA", - "ingestionTime": 1760899352809, - "eventId": "39269365516834420592622309989407348570651703606137323520" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899258000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899258 1760899338 - NODATA", - "ingestionTime": 1760899361689, - "eventId": "39269365672939636982336671990892702359840102315135926272" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899268000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899268 1760899345 - NODATA", - "ingestionTime": 1760899370695, - "eventId": "39269365895947088967642903417137343406143451131925561344" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899277000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899277 1760899357 - NODATA", - "ingestionTime": 1760899383557, - "eventId": "39269366096653795754418511706508067602588769954444738560" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899279000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899279 1760899354 - NODATA", - "ingestionTime": 1760899375789, - "eventId": "39269366141255286151479757980188263671694646889969090560" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899288000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899288 1760899366 - NODATA", - "ingestionTime": 1760899388348, - "eventId": "39269366341961992938255366269192792323452373303055679488" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899300000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899300 1760899376 - NODATA", - "ingestionTime": 1760899395510, - "eventId": "39269366609570935320622843976279590850532930483845660672" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899303000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899303 1760899380 - NODATA", - "ingestionTime": 1760899402603, - "eventId": "39269366676473170916214713409461765483202400075214487552" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899306000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899306 1760899386 - NODATA", - "ingestionTime": 1760899412895, - "eventId": "39269366743375406511806582846511427624322751494860505088" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899310000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899310 1760899380 - NODATA", - "ingestionTime": 1760899395134, - "eventId": "39269366832578387305929075391182663628086837781737963520" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899317000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899317 1760899395 - NODATA", - "ingestionTime": 1760899418476, - "eventId": "39269366988683603695643437410151409985647474216352808960" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899327000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899327 1760899406 - NODATA", - "ingestionTime": 1760899427961, - "eventId": "39269367211691055680949668836975322305628309890832662528" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899337000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899337 1760899418 - NODATA", - "ingestionTime": 1760899441419, - "eventId": "39269367434698507666255900268602047290802914714464485376" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899339000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899339 1760899413 - NODATA", - "ingestionTime": 1760899434885, - "eventId": "39269367479299998063317146543774332908299324003100655616" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899347000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899347 1760899425 - NODATA", - "ingestionTime": 1760899448149, - "eventId": "39269367657705959651562131692095166344766109020749955072" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899359000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899359 1760899432 - NODATA", - "ingestionTime": 1760899455891, - "eventId": "39269367925314902033929609399883347029227605362739380224" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899363000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899363 1760899441 - NODATA", - "ingestionTime": 1760899464135, - "eventId": "39269368014517882828052101975992624387814190561399472128" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899370000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899370 1760899448 - NODATA", - "ingestionTime": 1760899472247, - "eventId": "39269368170623099217766463976549679571305673638122553344" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899372000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899372 1760899441 - NODATA", - "ingestionTime": 1760899454756, - "eventId": "39269368215224589614827710238475764050073513625449529344" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899378000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899378 1760899456 - NODATA", - "ingestionTime": 1760899479346, - "eventId": "39269368349029060806011449117417562346652554701689978880" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899384000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899384 1760899466 - NODATA", - "ingestionTime": 1760899487743, - "eventId": "39269368482833531997195187976783303479786335592399568896" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899398000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899398 1760899478 - NODATA", - "ingestionTime": 1760899501644, - "eventId": "39269368795043964776623911975088452917773045617133158400" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899399000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899399 1760899474 - NODATA", - "ingestionTime": 1760899494757, - "eventId": "39269368817344709975154535108298415284889564861552066560" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899406000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899406 1760899485 - NODATA", - "ingestionTime": 1760899508568, - "eventId": "39269368973449926364868897115744601996530808388858806272" - } - ], - "eni-0c663685d7a12552e-all": [ - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899049000, - "message": "2 211203495394 eni-0c663685d7a12552e - - - - - - - 1760899049 1760899080 - NODATA", - "ingestionTime": 1760899108302, - "eventId": "39269361012083890489436435103601333327618873734687293440" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899082000, - "message": "2 211203495394 eni-0c663685d7a12552e - - - - - - - 1760899082 1760899113 - NODATA", - "ingestionTime": 1760899132564, - "eventId": "39269361748008482040946998803610793217379998222267121664" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899082000, - "message": "2 211203495394 eni-0c663685d7a12552e - - - - - - - 1760899082 1760899113 - NODATA", - "ingestionTime": 1760899140789, - "eventId": "39269361748008482040946998813554652559287219887603974144" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899091000, - "message": "2 211203495394 eni-0c663685d7a12552e - - - - - - - 1760899091 1760899122 - NODATA", - "ingestionTime": 1760899148802, - "eventId": "39269361948715188827722607097063154459454311630899052544" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899109000, - "message": "2 211203495394 eni-0c663685d7a12552e - - - - - - - 1760899109 1760899140 - NODATA", - "ingestionTime": 1760899166694, - "eventId": "39269362350128602401273823666335815046678932194937012224" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899116000, - "message": "2 211203495394 eni-0c663685d7a12552e - - - - - - - 1760899116 1760899147 - NODATA", - "ingestionTime": 1760899170187, - "eventId": "39269362506233818790988185661308757080951528467498336256" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899162000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.157 10.0.4.186 11746 80 6 3 180 1760899162 1760899178 ACCEPT OK", - "ingestionTime": 1760899205483, - "eventId": "39269363532068097923396850214622116377285153352668872704" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899162000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.42.79 10.0.4.186 61890 80 6 3 180 1760899162 1760899178 ACCEPT OK", - "ingestionTime": 1760899205483, - "eventId": "39269363532068097923396850214622116377285153352668872705" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899162000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.18.159 10.0.4.186 30506 80 6 3 180 1760899162 1760899178 ACCEPT OK", - "ingestionTime": 1760899205483, - "eventId": "39269363532068097923396850214622116377285153352668872706" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899162000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.223 10.0.4.186 51838 21 6 4 240 1760899162 1760899178 ACCEPT OK", - "ingestionTime": 1760899205483, - "eventId": "39269363532068097923396850214622116377285153352668872707" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899167000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.53 10.0.4.186 51186 80 6 1 60 1760899167 1760899168 ACCEPT OK", - "ingestionTime": 1760899196244, - "eventId": "39269363643571823916049965911131435251312323702065594368" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899168000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.34.110 10.0.4.186 62602 80 6 3 180 1760899168 1760899168 ACCEPT OK", - "ingestionTime": 1760899186752, - "eventId": "39269363665872569114580589041192263286404541704439988224" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899174000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.42.79 10.0.4.186 58950 80 6 3 180 1760899174 1760899202 ACCEPT OK", - "ingestionTime": 1760899227465, - "eventId": "39269363799677040305764327939625335514440771602895929344" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899174000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.50.103 10.0.4.186 61628 21 6 4 240 1760899174 1760899202 ACCEPT OK", - "ingestionTime": 1760899227465, - "eventId": "39269363799677040305764327939625335514440771602895929345" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899174000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.34.110 10.0.4.186 28840 80 6 3 180 1760899174 1760899202 ACCEPT OK", - "ingestionTime": 1760899227465, - "eventId": "39269363799677040305764327939625335514440771602895929346" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899174000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.236 10.0.4.186 31192 80 6 3 180 1760899174 1760899202 ACCEPT OK", - "ingestionTime": 1760899227465, - "eventId": "39269363799677040305764327939625335514440771602895929347" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899174000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.53 10.0.4.186 18756 80 6 3 180 1760899174 1760899202 ACCEPT OK", - "ingestionTime": 1760899227465, - "eventId": "39269363799677040305764327939625335514440771602895929348" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899174000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.18.159 10.0.4.186 21192 80 6 3 180 1760899174 1760899202 ACCEPT OK", - "ingestionTime": 1760899227465, - "eventId": "39269363799677040305764327939625335514440771602895929349" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899174000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.10.34 10.0.4.186 27324 80 6 3 180 1760899174 1760899202 ACCEPT OK", - "ingestionTime": 1760899227465, - "eventId": "39269363799677040305764327939625335514440771602895929350" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899174000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 60254 80 6 3 180 1760899174 1760899202 ACCEPT OK", - "ingestionTime": 1760899227465, - "eventId": "39269363799677040305764327939625335514440771602895929351" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899174000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 64846 21 6 4 240 1760899174 1760899202 ACCEPT OK", - "ingestionTime": 1760899227465, - "eventId": "39269363799677040305764327939625335514440771602895929352" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899178000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.126 10.0.4.186 58248 21 6 2 120 1760899178 1760899198 ACCEPT OK", - "ingestionTime": 1760899219438, - "eventId": "39269363888880021099886820496064163309696336621526056960" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899178000, - "message": "2 211203495394 eni-0c663685d7a12552e - - - - - - - 1760899178 1760899198 - SKIPDATA", - "ingestionTime": 1760899219438, - "eventId": "39269363888880021099886820496064163309696336621526056961" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899179000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.53 10.0.4.186 12938 80 6 3 180 1760899179 1760899198 ACCEPT OK", - "ingestionTime": 1760899224181, - "eventId": "39269363911180766298417443643333850736109110331867136000" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899179000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.121 10.0.4.186 35548 80 6 2 120 1760899179 1760899198 ACCEPT OK", - "ingestionTime": 1760899224181, - "eventId": "39269363911180766298417443643333850736109110331867136001" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899179000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.50.153 10.0.4.186 63002 80 6 3 180 1760899179 1760899198 ACCEPT OK", - "ingestionTime": 1760899224181, - "eventId": "39269363911180766298417443643333850736109110331867136002" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899179000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.236 10.0.4.186 25612 80 6 3 180 1760899179 1760899198 ACCEPT OK", - "ingestionTime": 1760899224181, - "eventId": "39269363911180766298417443643333850736109110331867136003" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899179000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.46.102 10.0.4.186 64300 80 6 3 180 1760899179 1760899198 ACCEPT OK", - "ingestionTime": 1760899224181, - "eventId": "39269363911180766298417443643333850736109110331867136004" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899179000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.65 10.0.4.186 59962 21 6 4 240 1760899179 1760899198 ACCEPT OK", - "ingestionTime": 1760899224181, - "eventId": "39269363911180766298417443643333850736109110331867136005" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899179000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.236 10.0.4.186 23106 80 6 3 180 1760899179 1760899198 ACCEPT OK", - "ingestionTime": 1760899224181, - "eventId": "39269363911180766298417443643333850736109110331867136006" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899180000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.46.102 10.0.4.186 48432 80 6 3 180 1760899180 1760899203 ACCEPT OK", - "ingestionTime": 1760899228401, - "eventId": "39269363933481511496948066789971124609989122462542594048" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899180000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.6.212 10.0.4.186 58270 80 6 3 180 1760899180 1760899203 ACCEPT OK", - "ingestionTime": 1760899228401, - "eventId": "39269363933481511496948066789971124609989122462542594049" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899180000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.50.153 10.0.4.186 49854 80 6 3 180 1760899180 1760899203 ACCEPT OK", - "ingestionTime": 1760899228401, - "eventId": "39269363933481511496948066789971124609989122462542594050" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899180000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.157 10.0.4.186 23738 80 6 2 120 1760899180 1760899203 ACCEPT OK", - "ingestionTime": 1760899228401, - "eventId": "39269363933481511496948066789971124609989122462542594051" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899180000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.42.79 10.0.4.186 32716 80 6 3 180 1760899180 1760899203 ACCEPT OK", - "ingestionTime": 1760899228401, - "eventId": "39269363933481511496948066789971124609989122462542594052" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899180000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.22.186 10.0.4.186 13690 80 6 3 180 1760899180 1760899203 ACCEPT OK", - "ingestionTime": 1760899228401, - "eventId": "39269363933481511496948066789971124609989122462542594053" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899180000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.6.212 10.0.4.186 25162 80 6 3 180 1760899180 1760899203 ACCEPT OK", - "ingestionTime": 1760899228401, - "eventId": "39269363933481511496948066789971124609989122462542594054" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899180000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.2.130 10.0.4.186 23936 80 6 3 180 1760899180 1760899203 ACCEPT OK", - "ingestionTime": 1760899228401, - "eventId": "39269363933481511496948066789971124609989122462542594055" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899180000, - "message": "2 211203495394 eni-0c663685d7a12552e 147.185.133.187 10.0.4.186 51796 22127 6 1 44 1760899180 1760899203 ACCEPT OK", - "ingestionTime": 1760899228401, - "eventId": "39269363933481511496948066789971124609989122462542594056" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899185000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.46.163 10.0.4.186 63332 21 6 4 240 1760899185 1760899211 ACCEPT OK", - "ingestionTime": 1760899234349, - "eventId": "39269364044985237489601182504840751540501141175370186752" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899185000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 44282 80 6 3 180 1760899185 1760899211 ACCEPT OK", - "ingestionTime": 1760899234349, - "eventId": "39269364044985237489601182504840751540501141175370186753" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899185000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.10.34 10.0.4.186 23342 80 6 3 180 1760899185 1760899211 ACCEPT OK", - "ingestionTime": 1760899234349, - "eventId": "39269364044985237489601182504840751540501141175370186754" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899185000, - "message": "2 211203495394 eni-0c663685d7a12552e 106.75.132.124 10.0.4.186 58914 16030 6 1 44 1760899185 1760899211 ACCEPT OK", - "ingestionTime": 1760899234349, - "eventId": "39269364044985237489601182504840751540501141175370186755" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899185000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.157 10.0.4.186 19302 80 6 3 180 1760899185 1760899211 ACCEPT OK", - "ingestionTime": 1760899234349, - "eventId": "39269364044985237489601182504840751540501141175370186756" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899185000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.126 10.0.4.186 21326 21 6 4 240 1760899185 1760899211 ACCEPT OK", - "ingestionTime": 1760899234349, - "eventId": "39269364044985237489601182504840751540501141175370186757" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899185000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.2.31 10.0.4.186 50342 21 6 4 240 1760899185 1760899211 ACCEPT OK", - "ingestionTime": 1760899234349, - "eventId": "39269364044985237489601182504840751540501141175370186758" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899185000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.34.110 10.0.4.186 23068 80 6 3 180 1760899185 1760899211 ACCEPT OK", - "ingestionTime": 1760899234349, - "eventId": "39269364044985237489601182504840751540501141175370186759" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899202000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.22.186 10.0.4.186 17032 80 6 3 180 1760899202 1760899227 ACCEPT OK", - "ingestionTime": 1760899250498, - "eventId": "39269364424097905864621775930470839600126213347255517184" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899202000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.38.30 10.0.4.186 62372 21 6 4 240 1760899202 1760899227 ACCEPT OK", - "ingestionTime": 1760899250498, - "eventId": "39269364424097905864621775930470839600126213347255517185" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899202000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.10.34 10.0.4.186 41180 80 6 3 180 1760899202 1760899227 ACCEPT OK", - "ingestionTime": 1760899250498, - "eventId": "39269364424097905864621775930470839600126213347255517186" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899202000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.223 10.0.4.186 31518 21 6 1 60 1760899202 1760899227 ACCEPT OK", - "ingestionTime": 1760899250498, - "eventId": "39269364424097905864621775930470839600126213347255517187" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899202000, - "message": "2 211203495394 eni-0c663685d7a12552e - - - - - - - 1760899202 1760899227 - SKIPDATA", - "ingestionTime": 1760899250498, - "eventId": "39269364424097905864621775930470839600126213347255517188" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899203000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.18.2 10.0.4.186 15264 21 6 4 240 1760899203 1760899231 ACCEPT OK", - "ingestionTime": 1760899256537, - "eventId": "39269364446398651063152399079306998401830121570508734464" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899203000, - "message": "2 211203495394 eni-0c663685d7a12552e 147.185.132.112 10.0.4.186 55662 1000 6 1 44 1760899203 1760899231 ACCEPT OK", - "ingestionTime": 1760899256537, - "eventId": "39269364446398651063152399079306998401830121570508734465" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899203000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.53 10.0.4.186 51810 80 6 3 180 1760899203 1760899231 ACCEPT OK", - "ingestionTime": 1760899256537, - "eventId": "39269364446398651063152399079306998401830121570508734466" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899203000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.42.79 10.0.4.186 52632 80 6 3 180 1760899203 1760899231 ACCEPT OK", - "ingestionTime": 1760899256537, - "eventId": "39269364446398651063152399079306998401830121570508734467" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899203000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.6.212 10.0.4.186 20720 80 6 3 180 1760899203 1760899231 ACCEPT OK", - "ingestionTime": 1760899256537, - "eventId": "39269364446398651063152399079306998401830121570508734468" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899203000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.53 10.0.4.186 14584 80 6 3 180 1760899203 1760899231 ACCEPT OK", - "ingestionTime": 1760899256537, - "eventId": "39269364446398651063152399079306998401830121570508734469" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899204000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.121 10.0.4.186 56998 80 6 3 180 1760899204 1760899229 ACCEPT OK", - "ingestionTime": 1760899254653, - "eventId": "39269364468699396261683022218565255383966816229444222976" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899204000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.38.30 10.0.4.186 47540 21 6 4 240 1760899204 1760899229 ACCEPT OK", - "ingestionTime": 1760899254653, - "eventId": "39269364468699396261683022218565255383966816229444222977" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899204000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.174 10.0.4.186 49866 80 6 3 180 1760899204 1760899229 ACCEPT OK", - "ingestionTime": 1760899254653, - "eventId": "39269364468699396261683022218565255383966816229444222978" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899204000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.22.186 10.0.4.186 43784 80 6 3 180 1760899204 1760899229 ACCEPT OK", - "ingestionTime": 1760899254653, - "eventId": "39269364468699396261683022218565255383966816229444222979" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899204000, - "message": "2 211203495394 eni-0c663685d7a12552e 20.55.98.221 10.0.4.186 34398 9043 6 1 40 1760899204 1760899229 ACCEPT OK", - "ingestionTime": 1760899254653, - "eventId": "39269364468699396261683022218565255383966816229444222980" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899204000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.38.48 10.0.4.186 57822 80 6 3 180 1760899204 1760899229 ACCEPT OK", - "ingestionTime": 1760899254653, - "eventId": "39269364468699396261683022218565255383966816229444222981" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899204000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.174 10.0.4.186 39476 80 6 2 120 1760899204 1760899229 ACCEPT OK", - "ingestionTime": 1760899254653, - "eventId": "39269364468699396261683022218565255383966816229444222982" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899204000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.236 10.0.4.186 38986 80 6 3 180 1760899204 1760899229 ACCEPT OK", - "ingestionTime": 1760899254653, - "eventId": "39269364468699396261683022218565255383966816229444222983" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899204000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.174 10.0.4.186 65242 80 6 2 120 1760899204 1760899229 ACCEPT OK", - "ingestionTime": 1760899254653, - "eventId": "39269364468699396261683022218565255383966816229444222984" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899206000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.34.56 10.0.4.186 33810 21 6 4 240 1760899206 1760899233 ACCEPT OK", - "ingestionTime": 1760899270180, - "eventId": "39269364513300886658744268520407384442036666873718505472" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899206000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.236 10.0.4.186 48444 80 6 3 180 1760899206 1760899233 ACCEPT OK", - "ingestionTime": 1760899270180, - "eventId": "39269364513300886658744268520407384442036666873718505473" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899206000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.46.102 10.0.4.186 45660 80 6 3 180 1760899206 1760899233 ACCEPT OK", - "ingestionTime": 1760899270180, - "eventId": "39269364513300886658744268520407384442036666873718505474" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899206000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 31386 80 6 2 120 1760899206 1760899233 ACCEPT OK", - "ingestionTime": 1760899270180, - "eventId": "39269364513300886658744268520407384442036666873718505475" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899206000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.65 10.0.4.186 26686 21 6 4 240 1760899206 1760899233 ACCEPT OK", - "ingestionTime": 1760899270180, - "eventId": "39269364513300886658744268520407384442036666873718505476" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899206000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.236 10.0.4.186 46464 80 6 3 180 1760899206 1760899233 ACCEPT OK", - "ingestionTime": 1760899270180, - "eventId": "39269364513300886658744268520407384442036666873718505477" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899206000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 22492 21 6 4 240 1760899206 1760899233 ACCEPT OK", - "ingestionTime": 1760899270180, - "eventId": "39269364513300886658744268520407384442036666873718505478" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899206000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.10.12 10.0.4.186 37402 21 6 4 240 1760899206 1760899233 ACCEPT OK", - "ingestionTime": 1760899270180, - "eventId": "39269364513300886658744268520407384442036666873718505479" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899206000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.2.130 10.0.4.186 24724 80 6 3 180 1760899206 1760899233 ACCEPT OK", - "ingestionTime": 1760899270180, - "eventId": "39269364513300886658744268520407384442036666873718505480" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899206000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.18.159 10.0.4.186 26010 80 6 1 60 1760899206 1760899233 ACCEPT OK", - "ingestionTime": 1760899270180, - "eventId": "39269364513300886658744268520407384442036666873718505481" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899213000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.2.130 10.0.4.186 20214 80 6 3 180 1760899213 1760899230 ACCEPT OK", - "ingestionTime": 1760899264747, - "eventId": "39269364669406103048458630504589803011738388876469927936" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899213000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.174 10.0.4.186 58154 80 6 3 180 1760899213 1760899230 ACCEPT OK", - "ingestionTime": 1760899264747, - "eventId": "39269364669406103048458630504589803011738388876469927937" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899213000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.53 10.0.4.186 28818 80 6 3 180 1760899213 1760899230 ACCEPT OK", - "ingestionTime": 1760899264747, - "eventId": "39269364669406103048458630504589803011738388876469927938" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899213000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.18.159 10.0.4.186 9466 80 6 3 180 1760899213 1760899230 ACCEPT OK", - "ingestionTime": 1760899264747, - "eventId": "39269364669406103048458630504589803011738388876469927939" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899213000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.121 10.0.4.186 46052 80 6 3 180 1760899213 1760899230 ACCEPT OK", - "ingestionTime": 1760899264747, - "eventId": "39269364669406103048458630504589803011738388876469927940" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899213000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.174 10.0.4.186 37932 80 6 3 180 1760899213 1760899230 ACCEPT OK", - "ingestionTime": 1760899264747, - "eventId": "39269364669406103048458630504589803011738388876469927941" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899213000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.6.1 10.0.4.186 19968 21 6 4 240 1760899213 1760899230 ACCEPT OK", - "ingestionTime": 1760899264747, - "eventId": "39269364669406103048458630504589803011738388876469927942" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.34.110 10.0.4.186 11524 80 6 3 180 1760899232 1760899257 ACCEPT OK", - "ingestionTime": 1760899285448, - "eventId": "39269365093120261820540470218794089633773079118103052288" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.157 10.0.4.186 18592 80 6 3 180 1760899232 1760899257 ACCEPT OK", - "ingestionTime": 1760899285448, - "eventId": "39269365093120261820540470218794089633773079118103052289" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.6.212 10.0.4.186 14624 80 6 3 180 1760899232 1760899257 ACCEPT OK", - "ingestionTime": 1760899285448, - "eventId": "39269365093120261820540470218794089633773079118103052290" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.2.130 10.0.4.186 33664 80 6 3 180 1760899232 1760899257 ACCEPT OK", - "ingestionTime": 1760899285448, - "eventId": "39269365093120261820540470218794089633773079118103052291" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.121 10.0.4.186 45696 80 6 1 60 1760899232 1760899257 ACCEPT OK", - "ingestionTime": 1760899285448, - "eventId": "39269365093120261820540470218794089633773079118103052292" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.18.159 10.0.4.186 40504 80 6 3 180 1760899232 1760899257 ACCEPT OK", - "ingestionTime": 1760899285448, - "eventId": "39269365093120261820540470218794089633773079118103052293" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.38.48 10.0.4.186 57692 80 6 3 180 1760899232 1760899257 ACCEPT OK", - "ingestionTime": 1760899285448, - "eventId": "39269365093120261820540470218794089633773079118103052294" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0c663685d7a12552e - - - - - - - 1760899232 1760899257 - SKIPDATA", - "ingestionTime": 1760899285448, - "eventId": "39269365093120261820540470218794089633773079118103052295" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.22.186 10.0.4.186 25492 80 6 3 180 1760899232 1760899258 ACCEPT OK", - "ingestionTime": 1760899289700, - "eventId": "39269365093120261820540470223934830587421978269470359552" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.2.130 10.0.4.186 43258 80 6 3 180 1760899232 1760899258 ACCEPT OK", - "ingestionTime": 1760899289700, - "eventId": "39269365093120261820540470223934830587421978269470359553" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.9 10.0.4.186 61000 21 6 4 240 1760899232 1760899258 ACCEPT OK", - "ingestionTime": 1760899289700, - "eventId": "39269365093120261820540470223934830587421978269470359554" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0c663685d7a12552e 205.210.31.152 10.0.4.186 54664 990 6 1 44 1760899232 1760899258 ACCEPT OK", - "ingestionTime": 1760899289700, - "eventId": "39269365093120261820540470223934830587421978269470359555" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.121 10.0.4.186 35548 80 6 1 60 1760899232 1760899258 ACCEPT OK", - "ingestionTime": 1760899289700, - "eventId": "39269365093120261820540470223934830587421978269470359556" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.10.34 10.0.4.186 59684 80 6 3 180 1760899232 1760899258 ACCEPT OK", - "ingestionTime": 1760899289700, - "eventId": "39269365093120261820540470223934830587421978269470359557" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 36584 80 6 3 180 1760899232 1760899258 ACCEPT OK", - "ingestionTime": 1760899289700, - "eventId": "39269365093120261820540470223934830587421978269470359558" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.34.110 10.0.4.186 58110 80 6 3 180 1760899232 1760899258 ACCEPT OK", - "ingestionTime": 1760899289700, - "eventId": "39269365093120261820540470223934830587421978269470359559" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.50.103 10.0.4.186 44360 21 6 4 240 1760899232 1760899258 ACCEPT OK", - "ingestionTime": 1760899289700, - "eventId": "39269365093120261820540470223934830587421978269470359560" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.18.159 10.0.4.186 20358 80 6 3 180 1760899232 1760899258 ACCEPT OK", - "ingestionTime": 1760899289700, - "eventId": "39269365093120261820540470223934830587421978269470359561" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.10.12 10.0.4.186 30734 21 6 4 240 1760899232 1760899258 ACCEPT OK", - "ingestionTime": 1760899289700, - "eventId": "39269365093120261820540470223934830587421978269470359562" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.6.212 10.0.4.186 56320 80 6 3 180 1760899232 1760899258 ACCEPT OK", - "ingestionTime": 1760899289700, - "eventId": "39269365093120261820540470223934830587421978269470359563" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.9 10.0.4.186 60778 21 6 4 240 1760899232 1760899258 ACCEPT OK", - "ingestionTime": 1760899289700, - "eventId": "39269365093120261820540470223934830587421978269470359564" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899234000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.174 10.0.4.186 61920 80 6 3 180 1760899234 1760899259 ACCEPT OK", - "ingestionTime": 1760899285660, - "eventId": "39269365137721752217601716502122007999983747994912948224" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899234000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.46.102 10.0.4.186 9896 80 6 3 180 1760899234 1760899259 ACCEPT OK", - "ingestionTime": 1760899285660, - "eventId": "39269365137721752217601716502122007999983747994912948225" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899234000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.42.79 10.0.4.186 29784 21 6 4 240 1760899234 1760899259 ACCEPT OK", - "ingestionTime": 1760899285660, - "eventId": "39269365137721752217601716502122007999983747994912948226" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899234000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.223 10.0.4.186 39582 21 6 4 240 1760899234 1760899259 ACCEPT OK", - "ingestionTime": 1760899285660, - "eventId": "39269365137721752217601716502122007999983747994912948227" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899234000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.121 10.0.4.186 26504 80 6 3 180 1760899234 1760899259 ACCEPT OK", - "ingestionTime": 1760899285660, - "eventId": "39269365137721752217601716502122007999983747994912948228" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899234000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.53 10.0.4.186 63958 80 6 3 180 1760899234 1760899259 ACCEPT OK", - "ingestionTime": 1760899285660, - "eventId": "39269365137721752217601716502122007999983747994912948229" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899234000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.157 10.0.4.186 15152 80 6 3 180 1760899234 1760899259 ACCEPT OK", - "ingestionTime": 1760899285660, - "eventId": "39269365137721752217601716502122007999983747994912948230" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899234000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.157 10.0.4.186 32292 80 6 3 180 1760899234 1760899259 ACCEPT OK", - "ingestionTime": 1760899285660, - "eventId": "39269365137721752217601716502122007999983747994912948231" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899234000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.65 10.0.4.186 64704 21 6 4 240 1760899234 1760899259 ACCEPT OK", - "ingestionTime": 1760899285660, - "eventId": "39269365137721752217601716502122007999983747994912948232" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899234000, - "message": "2 211203495394 eni-0c663685d7a12552e 92.63.197.66 10.0.4.186 8080 6529 6 1 40 1760899234 1760899259 ACCEPT OK", - "ingestionTime": 1760899285660, - "eventId": "39269365137721752217601716502122007999983747994912948233" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899234000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.50.103 10.0.4.186 26690 21 6 4 240 1760899234 1760899259 ACCEPT OK", - "ingestionTime": 1760899285660, - "eventId": "39269365137721752217601716502122007999983747994912948234" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899234000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.22.186 10.0.4.186 47724 80 6 2 120 1760899234 1760899259 ACCEPT OK", - "ingestionTime": 1760899285660, - "eventId": "39269365137721752217601716502122007999983747994912948235" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899234000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.50.153 10.0.4.186 37506 80 6 3 180 1760899234 1760899259 ACCEPT OK", - "ingestionTime": 1760899285660, - "eventId": "39269365137721752217601716502122007999983747994912948236" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899234000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.34.56 10.0.4.186 40154 21 6 3 180 1760899234 1760899259 ACCEPT OK", - "ingestionTime": 1760899285660, - "eventId": "39269365137721752217601716502122007999983747994912948237" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899241000, - "message": "2 211203495394 eni-0c663685d7a12552e 35.203.211.22 10.0.4.186 57261 28009 6 1 44 1760899241 1760899271 ACCEPT OK", - "ingestionTime": 1760899292689, - "eventId": "39269365293826968607316078501369387829456268394566909952" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899241000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.38.48 10.0.4.186 45308 80 6 3 180 1760899241 1760899271 ACCEPT OK", - "ingestionTime": 1760899292689, - "eventId": "39269365293826968607316078501369387829456268394566909953" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899241000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.50.153 10.0.4.186 45524 80 6 3 180 1760899241 1760899271 ACCEPT OK", - "ingestionTime": 1760899292689, - "eventId": "39269365293826968607316078501369387829456268394566909954" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899241000, - "message": "2 211203495394 eni-0c663685d7a12552e 104.237.144.186 10.0.4.186 61000 443 6 1 40 1760899241 1760899271 ACCEPT OK", - "ingestionTime": 1760899292689, - "eventId": "39269365293826968607316078501369387829456268394566909955" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899241000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.236 10.0.4.186 16088 80 6 3 180 1760899241 1760899271 ACCEPT OK", - "ingestionTime": 1760899292689, - "eventId": "39269365293826968607316078501369387829456268394566909956" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899241000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 50098 80 6 3 180 1760899241 1760899271 ACCEPT OK", - "ingestionTime": 1760899292689, - "eventId": "39269365293826968607316078501369387829456268394566909957" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899241000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.174 10.0.4.186 13406 80 6 3 180 1760899241 1760899271 ACCEPT OK", - "ingestionTime": 1760899292689, - "eventId": "39269365293826968607316078501369387829456268394566909958" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899241000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.6.1 10.0.4.186 38794 21 6 4 240 1760899241 1760899271 ACCEPT OK", - "ingestionTime": 1760899292689, - "eventId": "39269365293826968607316078501369387829456268394566909959" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899241000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.2.130 10.0.4.186 64922 80 6 3 180 1760899241 1760899271 ACCEPT OK", - "ingestionTime": 1760899292689, - "eventId": "39269365293826968607316078501369387829456268394566909960" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899241000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.2.31 10.0.4.186 10732 21 6 4 240 1760899241 1760899271 ACCEPT OK", - "ingestionTime": 1760899292689, - "eventId": "39269365293826968607316078501369387829456268394566909961" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899241000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.174 10.0.4.186 28496 80 6 2 120 1760899241 1760899271 ACCEPT OK", - "ingestionTime": 1760899292689, - "eventId": "39269365293826968607316078501369387829456268394566909962" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899266000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.46.163 10.0.4.186 14348 21 6 4 240 1760899266 1760899289 ACCEPT OK", - "ingestionTime": 1760899317595, - "eventId": "39269365851345598570581657069872125075764465110652747776" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899266000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.42.79 10.0.4.186 52754 80 6 3 180 1760899266 1760899289 ACCEPT OK", - "ingestionTime": 1760899317595, - "eventId": "39269365851345598570581657069872125075764465110652747777" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899266000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.10.34 10.0.4.186 39232 80 6 1 60 1760899266 1760899289 ACCEPT OK", - "ingestionTime": 1760899317595, - "eventId": "39269365851345598570581657069872125075764465110652747778" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899266000, - "message": "2 211203495394 eni-0c663685d7a12552e 147.185.133.252 10.0.4.186 56557 9202 6 1 44 1760899266 1760899289 ACCEPT OK", - "ingestionTime": 1760899317595, - "eventId": "39269365851345598570581657069872125075764465110652747779" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899266000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.126 10.0.4.186 42982 21 6 4 240 1760899266 1760899289 ACCEPT OK", - "ingestionTime": 1760899317595, - "eventId": "39269365851345598570581657069872125075764465110652747780" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899266000, - "message": "2 211203495394 eni-0c663685d7a12552e - - - - - - - 1760899266 1760899289 - SKIPDATA", - "ingestionTime": 1760899317595, - "eventId": "39269365851345598570581657069872125075764465110652747781" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899266000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.2.31 10.0.4.186 39548 21 6 4 240 1760899266 1760899292 ACCEPT OK", - "ingestionTime": 1760899318688, - "eventId": "39269365851345598570581657071193168064314455622888390656" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899266000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.18.159 10.0.4.186 60954 80 6 3 180 1760899266 1760899292 ACCEPT OK", - "ingestionTime": 1760899318688, - "eventId": "39269365851345598570581657071193168064314455622888390657" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899266000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.121 10.0.4.186 42456 80 6 3 180 1760899266 1760899292 ACCEPT OK", - "ingestionTime": 1760899318688, - "eventId": "39269365851345598570581657071193168064314455622888390658" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899266000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.34.56 10.0.4.186 59042 21 6 4 240 1760899266 1760899292 ACCEPT OK", - "ingestionTime": 1760899318688, - "eventId": "39269365851345598570581657071193168064314455622888390659" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899266000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.157 10.0.4.186 14264 80 6 3 180 1760899266 1760899292 ACCEPT OK", - "ingestionTime": 1760899318688, - "eventId": "39269365851345598570581657071193168064314455622888390660" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899266000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.6.212 10.0.4.186 54860 80 6 3 180 1760899266 1760899292 ACCEPT OK", - "ingestionTime": 1760899318688, - "eventId": "39269365851345598570581657071193168064314455622888390661" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899266000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.22.186 10.0.4.186 57124 80 6 3 180 1760899266 1760899292 ACCEPT OK", - "ingestionTime": 1760899318688, - "eventId": "39269365851345598570581657071193168064314455622888390662" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899266000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.38.30 10.0.4.186 13064 21 6 4 240 1760899266 1760899292 ACCEPT OK", - "ingestionTime": 1760899318688, - "eventId": "39269365851345598570581657071193168064314455622888390663" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899266000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.10.34 10.0.4.186 64866 80 6 3 180 1760899266 1760899292 ACCEPT OK", - "ingestionTime": 1760899318688, - "eventId": "39269365851345598570581657071193168064314455622888390664" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899266000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.174 10.0.4.186 65242 80 6 1 60 1760899266 1760899292 ACCEPT OK", - "ingestionTime": 1760899318688, - "eventId": "39269365851345598570581657071193168064314455622888390665" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899266000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.174 10.0.4.186 35662 80 6 3 180 1760899266 1760899292 ACCEPT OK", - "ingestionTime": 1760899318688, - "eventId": "39269365851345598570581657071193168064314455622888390666" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899267000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.10.34 10.0.4.186 11826 80 6 3 180 1760899267 1760899292 ACCEPT OK", - "ingestionTime": 1760899315018, - "eventId": "39269365873646343769112280208292498433226453413528928256" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899267000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 34372 80 6 2 120 1760899267 1760899292 ACCEPT OK", - "ingestionTime": 1760899315018, - "eventId": "39269365873646343769112280208292498433226453413528928257" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899267000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.42.79 10.0.4.186 23486 80 6 3 180 1760899267 1760899292 ACCEPT OK", - "ingestionTime": 1760899315018, - "eventId": "39269365873646343769112280208292498433226453413528928258" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899267000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.10.34 10.0.4.186 45170 80 6 3 180 1760899267 1760899292 ACCEPT OK", - "ingestionTime": 1760899315018, - "eventId": "39269365873646343769112280208292498433226453413528928259" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899267000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.50.153 10.0.4.186 59316 80 6 3 180 1760899267 1760899292 ACCEPT OK", - "ingestionTime": 1760899315018, - "eventId": "39269365873646343769112280208292498433226453413528928260" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899267000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.34.110 10.0.4.186 41556 80 6 3 180 1760899267 1760899292 ACCEPT OK", - "ingestionTime": 1760899315018, - "eventId": "39269365873646343769112280208292498433226453413528928261" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899267000, - "message": "2 211203495394 eni-0c663685d7a12552e 165.154.173.104 10.0.4.186 45123 15200 6 1 40 1760899267 1760899292 ACCEPT OK", - "ingestionTime": 1760899315018, - "eventId": "39269365873646343769112280208292498433226453413528928262" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899267000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.42.79 10.0.4.186 57032 80 6 3 180 1760899267 1760899292 ACCEPT OK", - "ingestionTime": 1760899315018, - "eventId": "39269365873646343769112280208292498433226453413528928263" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899267000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.9 10.0.4.186 63148 21 6 4 240 1760899267 1760899292 ACCEPT OK", - "ingestionTime": 1760899315018, - "eventId": "39269365873646343769112280208292498433226453413528928264" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899267000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.121 10.0.4.186 27420 80 6 3 180 1760899267 1760899292 ACCEPT OK", - "ingestionTime": 1760899315018, - "eventId": "39269365873646343769112280208292498433226453413528928265" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899267000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.6.212 10.0.4.186 52372 80 6 3 180 1760899267 1760899292 ACCEPT OK", - "ingestionTime": 1760899315018, - "eventId": "39269365873646343769112280208292498433226453413528928266" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899268000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.2.130 10.0.4.186 50536 80 6 2 120 1760899268 1760899295 ACCEPT OK", - "ingestionTime": 1760899314622, - "eventId": "39269365895947088967642903349349050755686339000491442176" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899268000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 35356 21 6 4 240 1760899268 1760899295 ACCEPT OK", - "ingestionTime": 1760899314622, - "eventId": "39269365895947088967642903349349050755686339000491442177" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899268000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 31386 80 6 1 60 1760899268 1760899295 ACCEPT OK", - "ingestionTime": 1760899314622, - "eventId": "39269365895947088967642903349349050755686339000491442178" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899268000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.2.130 10.0.4.186 60380 80 6 3 180 1760899268 1760899295 ACCEPT OK", - "ingestionTime": 1760899314622, - "eventId": "39269365895947088967642903349349050755686339000491442179" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899268000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.38.48 10.0.4.186 34026 80 6 3 180 1760899268 1760899295 ACCEPT OK", - "ingestionTime": 1760899314622, - "eventId": "39269365895947088967642903349349050755686339000491442180" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899268000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.6.1 10.0.4.186 38404 21 6 4 240 1760899268 1760899295 ACCEPT OK", - "ingestionTime": 1760899314622, - "eventId": "39269365895947088967642903349349050755686339000491442181" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899268000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.42.79 10.0.4.186 16084 80 6 3 180 1760899268 1760899295 ACCEPT OK", - "ingestionTime": 1760899314622, - "eventId": "39269365895947088967642903349349050755686339000491442182" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899268000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.34.110 10.0.4.186 26236 80 6 3 180 1760899268 1760899295 ACCEPT OK", - "ingestionTime": 1760899314622, - "eventId": "39269365895947088967642903349349050755686339000491442183" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899268000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.46.102 10.0.4.186 11320 80 6 3 180 1760899268 1760899295 ACCEPT OK", - "ingestionTime": 1760899314622, - "eventId": "39269365895947088967642903349349050755686339000491442184" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899268000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.22.145 10.0.4.186 64576 21 6 3 180 1760899268 1760899295 ACCEPT OK", - "ingestionTime": 1760899314622, - "eventId": "39269365895947088967642903349349050755686339000491442185" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899268000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.174 10.0.4.186 13916 80 6 3 180 1760899268 1760899295 ACCEPT OK", - "ingestionTime": 1760899314622, - "eventId": "39269365895947088967642903349349050755686339000491442186" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899268000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.42.79 10.0.4.186 30326 21 6 4 240 1760899268 1760899295 ACCEPT OK", - "ingestionTime": 1760899314622, - "eventId": "39269365895947088967642903349349050755686339000491442187" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899268000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.38.48 10.0.4.186 41588 80 6 3 180 1760899268 1760899295 ACCEPT OK", - "ingestionTime": 1760899314622, - "eventId": "39269365895947088967642903349349050755686339000491442188" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899268000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.18.159 10.0.4.186 26010 80 6 2 120 1760899268 1760899295 ACCEPT OK", - "ingestionTime": 1760899314622, - "eventId": "39269365895947088967642903349349050755686339000491442189" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899275000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.50.153 10.0.4.186 37620 80 6 3 180 1760899275 1760899291 ACCEPT OK", - "ingestionTime": 1760899337373, - "eventId": "39269366052052305357357265367603453834478211298574204928" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899275000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.50.153 10.0.4.186 60708 80 6 3 180 1760899275 1760899291 ACCEPT OK", - "ingestionTime": 1760899337373, - "eventId": "39269366052052305357357265367603453834478211298574204929" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899275000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.46.163 10.0.4.186 11788 21 6 4 240 1760899275 1760899291 ACCEPT OK", - "ingestionTime": 1760899337373, - "eventId": "39269366052052305357357265367603453834478211298574204930" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899275000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.53 10.0.4.186 28350 80 6 3 180 1760899275 1760899291 ACCEPT OK", - "ingestionTime": 1760899337373, - "eventId": "39269366052052305357357265367603453834478211298574204931" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899275000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.121 10.0.4.186 60280 80 6 3 180 1760899275 1760899291 ACCEPT OK", - "ingestionTime": 1760899337373, - "eventId": "39269366052052305357357265367603453834478211298574204932" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899275000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 61052 80 6 3 180 1760899275 1760899291 ACCEPT OK", - "ingestionTime": 1760899337373, - "eventId": "39269366052052305357357265367603453834478211298574204933" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899275000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.38.30 10.0.4.186 35410 21 6 4 240 1760899275 1760899291 ACCEPT OK", - "ingestionTime": 1760899337373, - "eventId": "39269366052052305357357265367603453834478211298574204934" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899291000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.53 10.0.4.186 52400 80 6 3 180 1760899291 1760899311 ACCEPT OK", - "ingestionTime": 1760899356139, - "eventId": "39269366408864228533847235654861795305509758642954043392" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899291000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.6.212 10.0.4.186 39206 80 6 3 180 1760899291 1760899311 ACCEPT OK", - "ingestionTime": 1760899356139, - "eventId": "39269366408864228533847235654861795305509758642954043393" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899291000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.157 10.0.4.186 51290 80 6 3 180 1760899291 1760899311 ACCEPT OK", - "ingestionTime": 1760899356139, - "eventId": "39269366408864228533847235654861795305509758642954043394" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899291000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.53 10.0.4.186 33590 80 6 3 180 1760899291 1760899311 ACCEPT OK", - "ingestionTime": 1760899356139, - "eventId": "39269366408864228533847235654861795305509758642954043395" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899291000, - "message": "2 211203495394 eni-0c663685d7a12552e - - - - - - - 1760899291 1760899311 - SKIPDATA", - "ingestionTime": 1760899356139, - "eventId": "39269366408864228533847235654861795305509758642954043396" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899294000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.121 10.0.4.186 18552 80 6 2 120 1760899294 1760899320 ACCEPT OK", - "ingestionTime": 1760899346084, - "eventId": "39269366475766464129439105067313058939020123168656850944" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899294000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.46.102 10.0.4.186 14244 80 6 3 180 1760899294 1760899320 ACCEPT OK", - "ingestionTime": 1760899346084, - "eventId": "39269366475766464129439105067313058939020123168656850945" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899294000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.65 10.0.4.186 50030 21 6 4 240 1760899294 1760899320 ACCEPT OK", - "ingestionTime": 1760899346084, - "eventId": "39269366475766464129439105067313058939020123168656850946" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899294000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.42.79 10.0.4.186 30508 80 6 3 180 1760899294 1760899320 ACCEPT OK", - "ingestionTime": 1760899346084, - "eventId": "39269366475766464129439105067313058939020123168656850947" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899294000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.157 10.0.4.186 23936 80 6 3 180 1760899294 1760899320 ACCEPT OK", - "ingestionTime": 1760899346084, - "eventId": "39269366475766464129439105067313058939020123168656850948" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899294000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.121 10.0.4.186 14100 80 6 3 180 1760899294 1760899320 ACCEPT OK", - "ingestionTime": 1760899346084, - "eventId": "39269366475766464129439105067313058939020123168656850949" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899294000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.38.48 10.0.4.186 22180 80 6 3 180 1760899294 1760899320 ACCEPT OK", - "ingestionTime": 1760899346084, - "eventId": "39269366475766464129439105067313058939020123168656850950" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899294000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.2.130 10.0.4.186 17822 80 6 3 180 1760899294 1760899320 ACCEPT OK", - "ingestionTime": 1760899346084, - "eventId": "39269366475766464129439105067313058939020123168656850951" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899294000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.50.153 10.0.4.186 29332 80 6 3 180 1760899294 1760899320 ACCEPT OK", - "ingestionTime": 1760899346084, - "eventId": "39269366475766464129439105067313058939020123168656850952" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899297000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.22.186 10.0.4.186 46686 80 6 3 180 1760899297 1760899324 ACCEPT OK", - "ingestionTime": 1760899348621, - "eventId": "39269366542668699725030974494987187254788599016975499264" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899297000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.100 10.0.4.186 57958 21 6 4 240 1760899297 1760899324 ACCEPT OK", - "ingestionTime": 1760899348621, - "eventId": "39269366542668699725030974494987187254788599016975499265" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899297000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.10.12 10.0.4.186 41254 21 6 4 240 1760899297 1760899324 ACCEPT OK", - "ingestionTime": 1760899348621, - "eventId": "39269366542668699725030974494987187254788599016975499266" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899297000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.22.186 10.0.4.186 59878 80 6 3 180 1760899297 1760899324 ACCEPT OK", - "ingestionTime": 1760899348621, - "eventId": "39269366542668699725030974494987187254788599016975499267" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899297000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.18.159 10.0.4.186 14756 80 6 3 180 1760899297 1760899324 ACCEPT OK", - "ingestionTime": 1760899348621, - "eventId": "39269366542668699725030974494987187254788599016975499268" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899297000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.53 10.0.4.186 52246 80 6 3 180 1760899297 1760899324 ACCEPT OK", - "ingestionTime": 1760899348621, - "eventId": "39269366542668699725030974494987187254788599016975499269" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899297000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 52902 80 6 3 180 1760899297 1760899324 ACCEPT OK", - "ingestionTime": 1760899348621, - "eventId": "39269366542668699725030974494987187254788599016975499270" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899297000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.236 10.0.4.186 26402 80 6 3 180 1760899297 1760899324 ACCEPT OK", - "ingestionTime": 1760899348621, - "eventId": "39269366542668699725030974494987187254788599016975499271" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899297000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.38.48 10.0.4.186 21660 80 6 3 180 1760899297 1760899324 ACCEPT OK", - "ingestionTime": 1760899348621, - "eventId": "39269366542668699725030974494987187254788599016975499272" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899297000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.9 10.0.4.186 57706 21 6 4 240 1760899297 1760899324 ACCEPT OK", - "ingestionTime": 1760899348621, - "eventId": "39269366542668699725030974494987187254788599016975499273" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899297000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.38.48 10.0.4.186 40040 80 6 3 180 1760899297 1760899324 ACCEPT OK", - "ingestionTime": 1760899348621, - "eventId": "39269366542668699725030974494987187254788599016975499274" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899299000, - "message": "2 211203495394 eni-0c663685d7a12552e 205.210.31.138 10.0.4.186 50578 7547 6 1 44 1760899299 1760899320 ACCEPT OK", - "ingestionTime": 1760899345032, - "eventId": "39269366587270190122092220773720038958585659558241894400" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899299000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.34.110 10.0.4.186 58372 80 6 3 180 1760899299 1760899320 ACCEPT OK", - "ingestionTime": 1760899345032, - "eventId": "39269366587270190122092220773720038958585659558241894401" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899299000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.46.102 10.0.4.186 22358 80 6 3 180 1760899299 1760899320 ACCEPT OK", - "ingestionTime": 1760899345032, - "eventId": "39269366587270190122092220773720038958585659558241894402" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899299000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.46.102 10.0.4.186 16878 80 6 3 180 1760899299 1760899320 ACCEPT OK", - "ingestionTime": 1760899345032, - "eventId": "39269366587270190122092220773720038958585659558241894403" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899299000, - "message": "2 211203495394 eni-0c663685d7a12552e 35.203.210.85 10.0.4.186 55174 1502 6 1 44 1760899299 1760899320 ACCEPT OK", - "ingestionTime": 1760899345032, - "eventId": "39269366587270190122092220773720038958585659558241894404" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899299000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.6.212 10.0.4.186 45734 80 6 3 180 1760899299 1760899320 ACCEPT OK", - "ingestionTime": 1760899345032, - "eventId": "39269366587270190122092220773720038958585659558241894405" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899299000, - "message": "2 211203495394 eni-0c663685d7a12552e 35.203.210.123 10.0.4.186 56280 11084 6 1 44 1760899299 1760899320 ACCEPT OK", - "ingestionTime": 1760899345032, - "eventId": "39269366587270190122092220773720038958585659558241894406" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899299000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.157 10.0.4.186 64764 80 6 3 180 1760899299 1760899320 ACCEPT OK", - "ingestionTime": 1760899345032, - "eventId": "39269366587270190122092220773720038958585659558241894407" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899299000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.236 10.0.4.186 49614 80 6 3 180 1760899299 1760899320 ACCEPT OK", - "ingestionTime": 1760899345032, - "eventId": "39269366587270190122092220773720038958585659558241894408" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899299000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.18.2 10.0.4.186 27514 21 6 4 240 1760899299 1760899320 ACCEPT OK", - "ingestionTime": 1760899345032, - "eventId": "39269366587270190122092220773720038958585659558241894409" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899299000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.10.34 10.0.4.186 44044 80 6 3 180 1760899299 1760899320 ACCEPT OK", - "ingestionTime": 1760899345032, - "eventId": "39269366587270190122092220773720038958585659558241894410" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899299000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.10.34 10.0.4.186 41366 80 6 3 180 1760899299 1760899320 ACCEPT OK", - "ingestionTime": 1760899345032, - "eventId": "39269366587270190122092220773720038958585659558241894411" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899299000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.22.186 10.0.4.186 47724 80 6 1 60 1760899299 1760899320 ACCEPT OK", - "ingestionTime": 1760899345032, - "eventId": "39269366587270190122092220773720038958585659558241894412" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899299000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.236 10.0.4.186 56174 80 6 3 180 1760899299 1760899320 ACCEPT OK", - "ingestionTime": 1760899345032, - "eventId": "39269366587270190122092220773720038958585659558241894413" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899299000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.2.130 10.0.4.186 37518 80 6 3 180 1760899299 1760899320 ACCEPT OK", - "ingestionTime": 1760899345032, - "eventId": "39269366587270190122092220773720038958585659558241894414" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899299000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.34.56 10.0.4.186 40154 21 6 1 60 1760899299 1760899320 ACCEPT OK", - "ingestionTime": 1760899345032, - "eventId": "39269366587270190122092220773720038958585659558241894415" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899312000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.174 10.0.4.186 32546 80 6 3 180 1760899312 1760899328 ACCEPT OK", - "ingestionTime": 1760899367580, - "eventId": "39269366877179877702990321640943465721827609125627559936" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899312000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.6.1 10.0.4.186 45958 21 6 4 240 1760899312 1760899328 ACCEPT OK", - "ingestionTime": 1760899367580, - "eventId": "39269366877179877702990321640943465721827609125627559937" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899312000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.50.153 10.0.4.186 59358 80 6 3 180 1760899312 1760899328 ACCEPT OK", - "ingestionTime": 1760899367580, - "eventId": "39269366877179877702990321640943465721827609125627559938" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899312000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.53 10.0.4.186 48134 80 6 3 180 1760899312 1760899328 ACCEPT OK", - "ingestionTime": 1760899367580, - "eventId": "39269366877179877702990321640943465721827609125627559939" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899312000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.223 10.0.4.186 36966 21 6 4 240 1760899312 1760899328 ACCEPT OK", - "ingestionTime": 1760899367580, - "eventId": "39269366877179877702990321640943465721827609125627559940" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899323000, - "message": "2 211203495394 eni-0c663685d7a12552e 13.214.173.166 10.0.4.186 0 0 1 1 28 1760899323 1760899350 ACCEPT OK", - "ingestionTime": 1760899369733, - "eventId": "39269367122488074886827176200439152160092688428093407232" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899323000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.18.159 10.0.4.186 49060 80 6 3 180 1760899323 1760899350 ACCEPT OK", - "ingestionTime": 1760899369733, - "eventId": "39269367122488074886827176200439152160092688428093407233" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899323000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.34.110 10.0.4.186 21004 80 6 3 180 1760899323 1760899350 ACCEPT OK", - "ingestionTime": 1760899369733, - "eventId": "39269367122488074886827176200439152160092688428093407234" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899323000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.236 10.0.4.186 29018 80 6 3 180 1760899323 1760899350 ACCEPT OK", - "ingestionTime": 1760899369733, - "eventId": "39269367122488074886827176200439152160092688428093407235" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899323000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.174 10.0.4.186 15302 80 6 3 180 1760899323 1760899350 ACCEPT OK", - "ingestionTime": 1760899369733, - "eventId": "39269367122488074886827176200439152160092688428093407236" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899323000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.2.130 10.0.4.186 15122 80 6 3 180 1760899323 1760899350 ACCEPT OK", - "ingestionTime": 1760899369733, - "eventId": "39269367122488074886827176200439152160092688428093407237" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899323000, - "message": "2 211203495394 eni-0c663685d7a12552e - - - - - - - 1760899323 1760899350 - SKIPDATA", - "ingestionTime": 1760899369733, - "eventId": "39269367122488074886827176200439152160092688428093407238" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899324000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.34.56 10.0.4.186 52034 21 6 4 240 1760899324 1760899350 ACCEPT OK", - "ingestionTime": 1760899381515, - "eventId": "39269367144788820085357799356217906366988921572040507392" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899324000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.121 10.0.4.186 28464 80 6 3 180 1760899324 1760899350 ACCEPT OK", - "ingestionTime": 1760899381515, - "eventId": "39269367144788820085357799356217906366988921572040507393" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899324000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.34.56 10.0.4.186 61844 21 6 2 120 1760899324 1760899350 ACCEPT OK", - "ingestionTime": 1760899381515, - "eventId": "39269367144788820085357799356217906366988921572040507394" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899324000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.50.103 10.0.4.186 37012 21 6 4 240 1760899324 1760899350 ACCEPT OK", - "ingestionTime": 1760899381515, - "eventId": "39269367144788820085357799356217906366988921572040507395" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899324000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.10.34 10.0.4.186 65418 80 6 3 180 1760899324 1760899350 ACCEPT OK", - "ingestionTime": 1760899381515, - "eventId": "39269367144788820085357799356217906366988921572040507396" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899324000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.50.153 10.0.4.186 27682 80 6 3 180 1760899324 1760899350 ACCEPT OK", - "ingestionTime": 1760899381515, - "eventId": "39269367144788820085357799356217906366988921572040507397" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899324000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.38.30 10.0.4.186 45390 21 6 4 240 1760899324 1760899350 ACCEPT OK", - "ingestionTime": 1760899381515, - "eventId": "39269367144788820085357799356217906366988921572040507398" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899324000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 50814 80 6 3 180 1760899324 1760899350 ACCEPT OK", - "ingestionTime": 1760899381515, - "eventId": "39269367144788820085357799356217906366988921572040507399" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899324000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 41210 80 6 3 180 1760899324 1760899350 ACCEPT OK", - "ingestionTime": 1760899381515, - "eventId": "39269367144788820085357799356217906366988921572040507400" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899324000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 38070 80 6 3 180 1760899324 1760899350 ACCEPT OK", - "ingestionTime": 1760899381515, - "eventId": "39269367144788820085357799356217906366988921572040507401" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899324000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.18.159 10.0.4.186 9706 80 6 3 180 1760899324 1760899350 ACCEPT OK", - "ingestionTime": 1760899381515, - "eventId": "39269367144788820085357799356217906366988921572040507402" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899325000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.6.212 10.0.4.186 50430 80 6 3 180 1760899325 1760899343 ACCEPT OK", - "ingestionTime": 1760899376838, - "eventId": "39269367167089565283888422492099880415774954362776715264" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899325000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.42.79 10.0.4.186 18182 21 6 4 240 1760899325 1760899343 ACCEPT OK", - "ingestionTime": 1760899376838, - "eventId": "39269367167089565283888422492099880415774954362776715265" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899325000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.22.186 10.0.4.186 47948 80 6 3 180 1760899325 1760899343 ACCEPT OK", - "ingestionTime": 1760899376838, - "eventId": "39269367167089565283888422492099880415774954362776715266" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899325000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 34372 80 6 1 60 1760899325 1760899343 ACCEPT OK", - "ingestionTime": 1760899376838, - "eventId": "39269367167089565283888422492099880415774954362776715267" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899325000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.18.159 10.0.4.186 26294 80 6 3 180 1760899325 1760899343 ACCEPT OK", - "ingestionTime": 1760899376838, - "eventId": "39269367167089565283888422492099880415774954362776715268" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899325000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.18.159 10.0.4.186 11968 80 6 3 180 1760899325 1760899343 ACCEPT OK", - "ingestionTime": 1760899376838, - "eventId": "39269367167089565283888422492099880415774954362776715269" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899325000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.46.102 10.0.4.186 28368 80 6 3 180 1760899325 1760899343 ACCEPT OK", - "ingestionTime": 1760899376838, - "eventId": "39269367167089565283888422492099880415774954362776715270" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899325000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.38.48 10.0.4.186 19342 80 6 3 180 1760899325 1760899343 ACCEPT OK", - "ingestionTime": 1760899376838, - "eventId": "39269367167089565283888422492099880415774954362776715271" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899325000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.18.2 10.0.4.186 29372 21 6 4 240 1760899325 1760899343 ACCEPT OK", - "ingestionTime": 1760899376838, - "eventId": "39269367167089565283888422492099880415774954362776715272" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899325000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 46546 80 6 3 180 1760899325 1760899343 ACCEPT OK", - "ingestionTime": 1760899376838, - "eventId": "39269367167089565283888422492099880415774954362776715273" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899325000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.50.153 10.0.4.186 23346 80 6 3 180 1760899325 1760899343 ACCEPT OK", - "ingestionTime": 1760899376838, - "eventId": "39269367167089565283888422492099880415774954362776715274" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899327000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.121 10.0.4.186 58710 80 6 3 180 1760899327 1760899355 ACCEPT OK", - "ingestionTime": 1760899377777, - "eventId": "39269367211691055680949668776306210749227841375661588480" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899327000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.223 10.0.4.186 44376 21 6 4 240 1760899327 1760899355 ACCEPT OK", - "ingestionTime": 1760899377777, - "eventId": "39269367211691055680949668776306210749227841375661588481" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899327000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.2.130 10.0.4.186 50536 80 6 1 60 1760899327 1760899355 ACCEPT OK", - "ingestionTime": 1760899377777, - "eventId": "39269367211691055680949668776306210749227841375661588482" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899327000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.236 10.0.4.186 57464 80 6 3 180 1760899327 1760899355 ACCEPT OK", - "ingestionTime": 1760899377777, - "eventId": "39269367211691055680949668776306210749227841375661588483" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899327000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.50.103 10.0.4.186 23402 21 6 4 240 1760899327 1760899355 ACCEPT OK", - "ingestionTime": 1760899377777, - "eventId": "39269367211691055680949668776306210749227841375661588484" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899327000, - "message": "2 211203495394 eni-0c663685d7a12552e 162.216.150.86 10.0.4.186 55131 57357 6 1 44 1760899327 1760899355 ACCEPT OK", - "ingestionTime": 1760899377777, - "eventId": "39269367211691055680949668776306210749227841375661588485" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899327000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.34.110 10.0.4.186 53474 80 6 3 180 1760899327 1760899355 ACCEPT OK", - "ingestionTime": 1760899377777, - "eventId": "39269367211691055680949668776306210749227841375661588486" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899327000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.46.102 10.0.4.186 56830 80 6 3 180 1760899327 1760899355 ACCEPT OK", - "ingestionTime": 1760899377777, - "eventId": "39269367211691055680949668776306210749227841375661588487" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899327000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.100 10.0.4.186 20716 21 6 4 240 1760899327 1760899355 ACCEPT OK", - "ingestionTime": 1760899377777, - "eventId": "39269367211691055680949668776306210749227841375661588488" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899327000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.18.2 10.0.4.186 21308 21 6 4 240 1760899327 1760899355 ACCEPT OK", - "ingestionTime": 1760899377777, - "eventId": "39269367211691055680949668776306210749227841375661588489" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899327000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.22.145 10.0.4.186 64576 21 6 1 60 1760899327 1760899355 ACCEPT OK", - "ingestionTime": 1760899377777, - "eventId": "39269367211691055680949668776306210749227841375661588490" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899327000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.53 10.0.4.186 54428 80 6 3 180 1760899327 1760899355 ACCEPT OK", - "ingestionTime": 1760899377777, - "eventId": "39269367211691055680949668776306210749227841375661588491" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899327000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.22.186 10.0.4.186 56326 80 6 3 180 1760899327 1760899355 ACCEPT OK", - "ingestionTime": 1760899377777, - "eventId": "39269367211691055680949668776306210749227841375661588492" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899327000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 11346 80 6 1 60 1760899327 1760899355 ACCEPT OK", - "ingestionTime": 1760899377777, - "eventId": "39269367211691055680949668776306210749227841375661588493" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899327000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.38.48 10.0.4.186 54058 80 6 3 180 1760899327 1760899355 ACCEPT OK", - "ingestionTime": 1760899377777, - "eventId": "39269367211691055680949668776306210749227841375661588494" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899331000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.174 10.0.4.186 28496 80 6 1 60 1760899331 1760899360 ACCEPT OK", - "ingestionTime": 1760899382740, - "eventId": "39269367300894036475072161348448949631126678245174607872" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899331000, - "message": "2 211203495394 eni-0c663685d7a12552e 87.120.191.93 10.0.4.186 51632 80 6 1 40 1760899331 1760899360 ACCEPT OK", - "ingestionTime": 1760899382740, - "eventId": "39269367300894036475072161348448949631126678245174607873" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899331000, - "message": "2 211203495394 eni-0c663685d7a12552e 41.59.173.249 10.0.4.186 44087 23 6 1 60 1760899331 1760899360 ACCEPT OK", - "ingestionTime": 1760899382740, - "eventId": "39269367300894036475072161348448949631126678245174607874" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899331000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.174 10.0.4.186 39996 80 6 3 180 1760899331 1760899360 ACCEPT OK", - "ingestionTime": 1760899382740, - "eventId": "39269367300894036475072161348448949631126678245174607875" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899331000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.157 10.0.4.186 59438 80 6 3 180 1760899331 1760899360 ACCEPT OK", - "ingestionTime": 1760899382740, - "eventId": "39269367300894036475072161348448949631126678245174607876" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899331000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.6.212 10.0.4.186 61964 80 6 3 180 1760899331 1760899360 ACCEPT OK", - "ingestionTime": 1760899382740, - "eventId": "39269367300894036475072161348448949631126678245174607877" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899331000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.9 10.0.4.186 15392 21 6 4 240 1760899331 1760899360 ACCEPT OK", - "ingestionTime": 1760899382740, - "eventId": "39269367300894036475072161348448949631126678245174607878" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899331000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.10.12 10.0.4.186 11790 21 6 4 240 1760899331 1760899360 ACCEPT OK", - "ingestionTime": 1760899382740, - "eventId": "39269367300894036475072161348448949631126678245174607879" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899331000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.22.186 10.0.4.186 37404 80 6 3 180 1760899331 1760899360 ACCEPT OK", - "ingestionTime": 1760899382740, - "eventId": "39269367300894036475072161348448949631126678245174607880" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899331000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.65 10.0.4.186 46602 21 6 4 240 1760899331 1760899360 ACCEPT OK", - "ingestionTime": 1760899382740, - "eventId": "39269367300894036475072161348448949631126678245174607881" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899352000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.22.186 10.0.4.186 25578 80 6 3 180 1760899352 1760899374 ACCEPT OK", - "ingestionTime": 1760899408802, - "eventId": "39269367769209685644215247352206373185917490583177330688" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899352000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.10.34 10.0.4.186 49716 80 6 3 180 1760899352 1760899374 ACCEPT OK", - "ingestionTime": 1760899408802, - "eventId": "39269367769209685644215247352206373185917490583177330689" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899352000, - "message": "2 211203495394 eni-0c663685d7a12552e - - - - - - - 1760899352 1760899374 - SKIPDATA", - "ingestionTime": 1760899408802, - "eventId": "39269367769209685644215247352206373185917490583177330690" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899354000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.18.159 10.0.4.186 47440 80 6 3 180 1760899354 1760899378 ACCEPT OK", - "ingestionTime": 1760899412440, - "eventId": "39269367813811176041276493639675932908351685245456547840" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899354000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 12744 21 6 4 240 1760899354 1760899378 ACCEPT OK", - "ingestionTime": 1760899412440, - "eventId": "39269367813811176041276493639675932908351685245456547841" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899354000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.121 10.0.4.186 19934 80 6 3 180 1760899354 1760899378 ACCEPT OK", - "ingestionTime": 1760899412440, - "eventId": "39269367813811176041276493639675932908351685245456547842" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899354000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.50.153 10.0.4.186 55776 80 6 3 180 1760899354 1760899378 ACCEPT OK", - "ingestionTime": 1760899412440, - "eventId": "39269367813811176041276493639675932908351685245456547843" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899354000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.121 10.0.4.186 18552 80 6 1 60 1760899354 1760899379 ACCEPT OK", - "ingestionTime": 1760899412903, - "eventId": "39269367813811176041276493640235400035658293895875198976" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899354000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.121 10.0.4.186 22126 80 6 3 180 1760899354 1760899379 ACCEPT OK", - "ingestionTime": 1760899412903, - "eventId": "39269367813811176041276493640235400035658293895875198977" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899354000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.22.186 10.0.4.186 10576 80 6 3 180 1760899354 1760899379 ACCEPT OK", - "ingestionTime": 1760899412903, - "eventId": "39269367813811176041276493640235400035658293895875198978" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899354000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.42.79 10.0.4.186 24392 80 6 3 180 1760899354 1760899379 ACCEPT OK", - "ingestionTime": 1760899412903, - "eventId": "39269367813811176041276493640235400035658293895875198979" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899354000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.174 10.0.4.186 33602 80 6 3 180 1760899354 1760899379 ACCEPT OK", - "ingestionTime": 1760899412903, - "eventId": "39269367813811176041276493640235400035658293895875198980" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899354000, - "message": "2 211203495394 eni-0c663685d7a12552e 92.63.197.66 10.0.4.186 8080 6224 6 1 40 1760899354 1760899379 ACCEPT OK", - "ingestionTime": 1760899412903, - "eventId": "39269367813811176041276493640235400035658293895875198981" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899354000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.6.212 10.0.4.186 18116 80 6 3 180 1760899354 1760899379 ACCEPT OK", - "ingestionTime": 1760899412903, - "eventId": "39269367813811176041276493640235400035658293895875198982" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899354000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.46.102 10.0.4.186 35388 80 6 3 180 1760899354 1760899379 ACCEPT OK", - "ingestionTime": 1760899412903, - "eventId": "39269367813811176041276493640235400035658293895875198983" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899354000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.38.30 10.0.4.186 43842 21 6 4 240 1760899354 1760899379 ACCEPT OK", - "ingestionTime": 1760899412903, - "eventId": "39269367813811176041276493640235400035658293895875198984" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899354000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.50.153 10.0.4.186 27478 80 6 3 180 1760899354 1760899379 ACCEPT OK", - "ingestionTime": 1760899412903, - "eventId": "39269367813811176041276493640235400035658293895875198985" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899358000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.10.34 10.0.4.186 37470 80 6 3 180 1760899358 1760899384 ACCEPT OK", - "ingestionTime": 1760899408496, - "eventId": "39269367903014156835398986201050591227621666028279234560" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899358000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.42.79 10.0.4.186 59854 80 6 3 180 1760899358 1760899384 ACCEPT OK", - "ingestionTime": 1760899408496, - "eventId": "39269367903014156835398986201050591227621666028279234561" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899358000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.53 10.0.4.186 35168 80 6 3 180 1760899358 1760899384 ACCEPT OK", - "ingestionTime": 1760899408496, - "eventId": "39269367903014156835398986201050591227621666028279234562" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899358000, - "message": "2 211203495394 eni-0c663685d7a12552e 91.196.152.225 10.0.4.186 48508 14430 6 1 60 1760899358 1760899384 ACCEPT OK", - "ingestionTime": 1760899408496, - "eventId": "39269367903014156835398986201050591227621666028279234563" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899358000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.126 10.0.4.186 52196 21 6 4 240 1760899358 1760899384 ACCEPT OK", - "ingestionTime": 1760899408496, - "eventId": "39269367903014156835398986201050591227621666028279234564" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899358000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.42.79 10.0.4.186 37160 21 6 4 240 1760899358 1760899384 ACCEPT OK", - "ingestionTime": 1760899408496, - "eventId": "39269367903014156835398986201050591227621666028279234565" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899358000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.236 10.0.4.186 48292 80 6 3 180 1760899358 1760899384 ACCEPT OK", - "ingestionTime": 1760899408496, - "eventId": "39269367903014156835398986201050591227621666028279234566" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899358000, - "message": "2 211203495394 eni-0c663685d7a12552e 35.203.210.253 10.0.4.186 54329 9606 6 1 44 1760899358 1760899384 ACCEPT OK", - "ingestionTime": 1760899408496, - "eventId": "39269367903014156835398986201050591227621666028279234567" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899358000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.18.159 10.0.4.186 55998 80 6 3 180 1760899358 1760899384 ACCEPT OK", - "ingestionTime": 1760899408496, - "eventId": "39269367903014156835398986201050591227621666028279234568" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899358000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.18.159 10.0.4.186 13248 80 6 3 180 1760899358 1760899384 ACCEPT OK", - "ingestionTime": 1760899408496, - "eventId": "39269367903014156835398986201050591227621666028279234569" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899358000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.22.186 10.0.4.186 27354 80 6 3 180 1760899358 1760899384 ACCEPT OK", - "ingestionTime": 1760899408496, - "eventId": "39269367903014156835398986201050591227621666028279234570" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899358000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.22.186 10.0.4.186 18188 80 6 2 120 1760899358 1760899384 ACCEPT OK", - "ingestionTime": 1760899408496, - "eventId": "39269367903014156835398986201050591227621666028279234571" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899358000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.42.79 10.0.4.186 15930 80 6 3 180 1760899358 1760899384 ACCEPT OK", - "ingestionTime": 1760899408496, - "eventId": "39269367903014156835398986201050591227621666028279234572" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899363000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.157 10.0.4.186 14392 80 6 3 180 1760899363 1760899388 ACCEPT OK", - "ingestionTime": 1760899420016, - "eventId": "39269368014517882828052101922655979963925164507745746944" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899363000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.10.12 10.0.4.186 16508 21 6 3 180 1760899363 1760899388 ACCEPT OK", - "ingestionTime": 1760899420016, - "eventId": "39269368014517882828052101922655979963925164507745746945" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899363000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.22.145 10.0.4.186 45642 21 6 4 240 1760899363 1760899388 ACCEPT OK", - "ingestionTime": 1760899420016, - "eventId": "39269368014517882828052101922655979963925164507745746946" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899363000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.174 10.0.4.186 65378 80 6 3 180 1760899363 1760899388 ACCEPT OK", - "ingestionTime": 1760899420016, - "eventId": "39269368014517882828052101922655979963925164507745746947" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899363000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.126 10.0.4.186 48818 21 6 4 240 1760899363 1760899388 ACCEPT OK", - "ingestionTime": 1760899420016, - "eventId": "39269368014517882828052101922655979963925164507745746948" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899363000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.50.103 10.0.4.186 57706 21 6 4 240 1760899363 1760899388 ACCEPT OK", - "ingestionTime": 1760899420016, - "eventId": "39269368014517882828052101922655979963925164507745746949" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899363000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.65 10.0.4.186 11464 21 6 4 240 1760899363 1760899388 ACCEPT OK", - "ingestionTime": 1760899420016, - "eventId": "39269368014517882828052101922655979963925164507745746950" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899363000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.100 10.0.4.186 34208 21 6 4 240 1760899363 1760899388 ACCEPT OK", - "ingestionTime": 1760899420016, - "eventId": "39269368014517882828052101922655979963925164507745746951" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899363000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.46.102 10.0.4.186 31380 80 6 3 180 1760899363 1760899388 ACCEPT OK", - "ingestionTime": 1760899420016, - "eventId": "39269368014517882828052101922655979963925164507745746952" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899363000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.157 10.0.4.186 18816 80 6 3 180 1760899363 1760899388 ACCEPT OK", - "ingestionTime": 1760899420016, - "eventId": "39269368014517882828052101922655979963925164507745746953" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899382000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.2.31 10.0.4.186 36286 21 6 4 240 1760899382 1760899406 ACCEPT OK", - "ingestionTime": 1760899428549, - "eventId": "39269368438232041600133941622150274088155816644489117696" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899382000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.2.130 10.0.4.186 25478 80 6 3 180 1760899382 1760899406 ACCEPT OK", - "ingestionTime": 1760899428549, - "eventId": "39269368438232041600133941622150274088155816644489117697" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899382000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.46.163 10.0.4.186 29340 21 6 4 240 1760899382 1760899406 ACCEPT OK", - "ingestionTime": 1760899428549, - "eventId": "39269368438232041600133941622150274088155816644489117698" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899382000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.53 10.0.4.186 53794 80 6 3 180 1760899382 1760899406 ACCEPT OK", - "ingestionTime": 1760899428549, - "eventId": "39269368438232041600133941622150274088155816644489117699" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899382000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 42022 80 6 3 180 1760899382 1760899406 ACCEPT OK", - "ingestionTime": 1760899428549, - "eventId": "39269368438232041600133941622150274088155816644489117700" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899382000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.42.79 10.0.4.186 13670 21 6 3 180 1760899382 1760899406 ACCEPT OK", - "ingestionTime": 1760899428549, - "eventId": "39269368438232041600133941622150274088155816644489117701" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899382000, - "message": "2 211203495394 eni-0c663685d7a12552e - - - - - - - 1760899382 1760899406 - SKIPDATA", - "ingestionTime": 1760899428549, - "eventId": "39269368438232041600133941622150274088155816644489117702" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899383000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.22.145 10.0.4.186 37698 21 6 4 240 1760899383 1760899410 ACCEPT OK", - "ingestionTime": 1760899435363, - "eventId": "39269368460532786798664564771924077711599893038972338176" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899383000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.100 10.0.4.186 63386 21 6 4 240 1760899383 1760899410 ACCEPT OK", - "ingestionTime": 1760899435363, - "eventId": "39269368460532786798664564771924077711599893038972338177" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899383000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.6.1 10.0.4.186 24506 21 6 4 240 1760899383 1760899410 ACCEPT OK", - "ingestionTime": 1760899435363, - "eventId": "39269368460532786798664564771924077711599893038972338178" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899383000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.34.56 10.0.4.186 13550 21 6 4 240 1760899383 1760899410 ACCEPT OK", - "ingestionTime": 1760899435363, - "eventId": "39269368460532786798664564771924077711599893038972338179" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899383000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.50.153 10.0.4.186 61784 80 6 3 180 1760899383 1760899410 ACCEPT OK", - "ingestionTime": 1760899435363, - "eventId": "39269368460532786798664564771924077711599893038972338180" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899383000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.42.79 10.0.4.186 31186 80 6 3 180 1760899383 1760899410 ACCEPT OK", - "ingestionTime": 1760899435363, - "eventId": "39269368460532786798664564771924077711599893038972338181" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899383000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.34.56 10.0.4.186 61844 21 6 2 120 1760899383 1760899410 ACCEPT OK", - "ingestionTime": 1760899435363, - "eventId": "39269368460532786798664564771924077711599893038972338182" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899383000, - "message": "2 211203495394 eni-0c663685d7a12552e 147.185.132.26 10.0.4.186 56968 9530 6 1 44 1760899383 1760899410 ACCEPT OK", - "ingestionTime": 1760899435363, - "eventId": "39269368460532786798664564771924077711599893038972338183" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899383000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.100 10.0.4.186 44220 21 6 2 120 1760899383 1760899410 ACCEPT OK", - "ingestionTime": 1760899435363, - "eventId": "39269368460532786798664564771924077711599893038972338184" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899383000, - "message": "2 211203495394 eni-0c663685d7a12552e 162.216.150.181 10.0.4.186 49778 9108 6 1 44 1760899383 1760899410 ACCEPT OK", - "ingestionTime": 1760899435363, - "eventId": "39269368460532786798664564771924077711599893038972338185" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899383000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.174 10.0.4.186 21902 80 6 3 180 1760899383 1760899410 ACCEPT OK", - "ingestionTime": 1760899435363, - "eventId": "39269368460532786798664564771924077711599893038972338186" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899383000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.65 10.0.4.186 61022 21 6 4 240 1760899383 1760899410 ACCEPT OK", - "ingestionTime": 1760899435363, - "eventId": "39269368460532786798664564771924077711599893038972338187" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899387000, - "message": "2 211203495394 eni-0c663685d7a12552e 40.124.175.174 10.0.4.186 48441 993 6 1 52 1760899387 1760899410 ACCEPT OK", - "ingestionTime": 1760899431153, - "eventId": "39269368549735767592787057332977025247197197492447477760" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899387000, - "message": "2 211203495394 eni-0c663685d7a12552e 147.185.132.182 10.0.4.186 54893 7706 6 1 44 1760899387 1760899410 ACCEPT OK", - "ingestionTime": 1760899431153, - "eventId": "39269368549735767592787057332977025247197197492447477761" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899387000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.6.212 10.0.4.186 54974 80 6 3 180 1760899387 1760899410 ACCEPT OK", - "ingestionTime": 1760899431153, - "eventId": "39269368549735767592787057332977025247197197492447477762" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899387000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.126 10.0.4.186 44314 21 6 4 240 1760899387 1760899410 ACCEPT OK", - "ingestionTime": 1760899431153, - "eventId": "39269368549735767592787057332977025247197197492447477763" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899387000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.18.159 10.0.4.186 19256 80 6 3 180 1760899387 1760899410 ACCEPT OK", - "ingestionTime": 1760899431153, - "eventId": "39269368549735767592787057332977025247197197492447477764" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899387000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.236 10.0.4.186 45020 80 6 2 120 1760899387 1760899416 ACCEPT OK", - "ingestionTime": 1760899434149, - "eventId": "39269368549735767592787057336599182057567182487830134784" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899387000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.2.31 10.0.4.186 30032 21 6 4 240 1760899387 1760899416 ACCEPT OK", - "ingestionTime": 1760899434149, - "eventId": "39269368549735767592787057336599182057567182487830134785" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899387000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.46.163 10.0.4.186 63082 21 6 4 240 1760899387 1760899416 ACCEPT OK", - "ingestionTime": 1760899434149, - "eventId": "39269368549735767592787057336599182057567182487830134786" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899387000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.38.48 10.0.4.186 36934 80 6 3 180 1760899387 1760899416 ACCEPT OK", - "ingestionTime": 1760899434149, - "eventId": "39269368549735767592787057336599182057567182487830134787" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899387000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.10.34 10.0.4.186 62370 80 6 3 180 1760899387 1760899416 ACCEPT OK", - "ingestionTime": 1760899434149, - "eventId": "39269368549735767592787057336599182057567182487830134788" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899387000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.157 10.0.4.186 13408 80 6 3 180 1760899387 1760899416 ACCEPT OK", - "ingestionTime": 1760899434149, - "eventId": "39269368549735767592787057336599182057567182487830134789" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899387000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.2.130 10.0.4.186 21982 80 6 3 180 1760899387 1760899416 ACCEPT OK", - "ingestionTime": 1760899434149, - "eventId": "39269368549735767592787057336599182057567182487830134790" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899387000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 11346 80 6 2 120 1760899387 1760899416 ACCEPT OK", - "ingestionTime": 1760899434149, - "eventId": "39269368549735767592787057336599182057567182487830134791" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899387000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 32590 80 6 3 180 1760899387 1760899416 ACCEPT OK", - "ingestionTime": 1760899434149, - "eventId": "39269368549735767592787057336599182057567182487830134792" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899394000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.42.79 10.0.4.186 42266 80 6 3 180 1760899394 1760899421 ACCEPT OK", - "ingestionTime": 1760899455104, - "eventId": "39269368705840983982501419352682204274414774293099839488" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899394000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.42.79 10.0.4.186 54384 80 6 3 180 1760899394 1760899421 ACCEPT OK", - "ingestionTime": 1760899455104, - "eventId": "39269368705840983982501419352682204274414774293099839489" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899394000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.157 10.0.4.186 37458 80 6 3 180 1760899394 1760899421 ACCEPT OK", - "ingestionTime": 1760899455104, - "eventId": "39269368705840983982501419352682204274414774293099839490" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899394000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.53 10.0.4.186 39936 80 6 3 180 1760899394 1760899421 ACCEPT OK", - "ingestionTime": 1760899455104, - "eventId": "39269368705840983982501419352682204274414774293099839491" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899394000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.38.48 10.0.4.186 24968 80 6 3 180 1760899394 1760899421 ACCEPT OK", - "ingestionTime": 1760899455104, - "eventId": "39269368705840983982501419352682204274414774293099839492" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899394000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 63412 80 6 3 180 1760899394 1760899421 ACCEPT OK", - "ingestionTime": 1760899455104, - "eventId": "39269368705840983982501419352682204274414774293099839493" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899394000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.6.212 10.0.4.186 34598 80 6 3 180 1760899394 1760899421 ACCEPT OK", - "ingestionTime": 1760899455104, - "eventId": "39269368705840983982501419352682204274414774293099839494" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899394000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.53 10.0.4.186 48400 80 6 3 180 1760899394 1760899421 ACCEPT OK", - "ingestionTime": 1760899455104, - "eventId": "39269368705840983982501419352682204274414774293099839495" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899394000, - "message": "2 211203495394 eni-0c663685d7a12552e 205.210.31.140 10.0.4.186 50762 1443 6 1 44 1760899394 1760899421 ACCEPT OK", - "ingestionTime": 1760899455104, - "eventId": "39269368705840983982501419352682204274414774293099839496" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899394000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.236 10.0.4.186 13368 80 6 3 180 1760899394 1760899421 ACCEPT OK", - "ingestionTime": 1760899455104, - "eventId": "39269368705840983982501419352682204274414774293099839497" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899394000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.2.130 10.0.4.186 15050 80 6 3 180 1760899394 1760899421 ACCEPT OK", - "ingestionTime": 1760899455104, - "eventId": "39269368705840983982501419352682204274414774293099839498" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899394000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.157 10.0.4.186 26108 80 6 3 180 1760899394 1760899421 ACCEPT OK", - "ingestionTime": 1760899455104, - "eventId": "39269368705840983982501419352682204274414774293099839499" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899394000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.22.145 10.0.4.186 45052 21 6 4 240 1760899394 1760899421 ACCEPT OK", - "ingestionTime": 1760899455104, - "eventId": "39269368705840983982501419352682204274414774293099839500" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899414000, - "message": "2 211203495394 eni-0c663685d7a12552e 95.214.53.196 10.0.4.186 40742 16379 6 1 40 1760899414 1760899437 ACCEPT OK", - "ingestionTime": 1760899458154, - "eventId": "39269369151855887953113882187083579791881746227358859264" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899414000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 48250 80 6 3 180 1760899414 1760899437 ACCEPT OK", - "ingestionTime": 1760899458154, - "eventId": "39269369151855887953113882187083579791881746227358859265" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899414000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.34.110 10.0.4.186 63068 80 6 1 60 1760899414 1760899437 ACCEPT OK", - "ingestionTime": 1760899458154, - "eventId": "39269369151855887953113882187083579791881746227358859266" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899414000, - "message": "2 211203495394 eni-0c663685d7a12552e - - - - - - - 1760899414 1760899437 - SKIPDATA", - "ingestionTime": 1760899458154, - "eventId": "39269369151855887953113882187083579791881746227358859267" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899414000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.38.30 10.0.4.186 15034 21 6 4 240 1760899414 1760899438 ACCEPT OK", - "ingestionTime": 1760899467683, - "eventId": "39269369151855887953113882198603628849459116683788746752" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899414000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.10.34 10.0.4.186 20028 80 6 3 180 1760899414 1760899438 ACCEPT OK", - "ingestionTime": 1760899467683, - "eventId": "39269369151855887953113882198603628849459116683788746753" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899414000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.53 10.0.4.186 16406 80 6 3 180 1760899414 1760899438 ACCEPT OK", - "ingestionTime": 1760899467683, - "eventId": "39269369151855887953113882198603628849459116683788746754" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899414000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.2.31 10.0.4.186 24550 21 6 4 240 1760899414 1760899438 ACCEPT OK", - "ingestionTime": 1760899467683, - "eventId": "39269369151855887953113882198603628849459116683788746755" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899414000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.42.79 10.0.4.186 62060 21 6 3 180 1760899414 1760899438 ACCEPT OK", - "ingestionTime": 1760899467683, - "eventId": "39269369151855887953113882198603628849459116683788746756" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899414000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.121 10.0.4.186 60596 80 6 3 180 1760899414 1760899438 ACCEPT OK", - "ingestionTime": 1760899467683, - "eventId": "39269369151855887953113882198603628849459116683788746757" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899414000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.34.110 10.0.4.186 35718 80 6 3 180 1760899414 1760899438 ACCEPT OK", - "ingestionTime": 1760899467683, - "eventId": "39269369151855887953113882198603628849459116683788746758" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899414000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.9 10.0.4.186 16994 21 6 3 180 1760899414 1760899438 ACCEPT OK", - "ingestionTime": 1760899467683, - "eventId": "39269369151855887953113882198603628849459116683788746759" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899414000, - "message": "2 211203495394 eni-0c663685d7a12552e 47.74.55.112 10.0.4.186 57188 12320 6 1 52 1760899414 1760899438 ACCEPT OK", - "ingestionTime": 1760899467683, - "eventId": "39269369151855887953113882198603628849459116683788746760" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899414000, - "message": "2 211203495394 eni-0c663685d7a12552e 162.216.150.55 10.0.4.186 51355 34473 6 1 44 1760899414 1760899438 ACCEPT OK", - "ingestionTime": 1760899467683, - "eventId": "39269369151855887953113882198603628849459116683788746761" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899414000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 16338 80 6 3 180 1760899414 1760899438 ACCEPT OK", - "ingestionTime": 1760899467683, - "eventId": "39269369151855887953113882198603628849459116683788746762" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899414000, - "message": "2 211203495394 eni-0c663685d7a12552e 162.216.149.61 10.0.4.186 55176 49010 6 1 44 1760899414 1760899438 ACCEPT OK", - "ingestionTime": 1760899467683, - "eventId": "39269369151855887953113882198603628849459116683788746763" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899415000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.50.153 10.0.4.186 33922 80 6 3 180 1760899415 1760899441 ACCEPT OK", - "ingestionTime": 1760899465450, - "eventId": "39269369174156633151644505337439453974580325074051334144" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899415000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.38.48 10.0.4.186 38080 80 6 3 180 1760899415 1760899441 ACCEPT OK", - "ingestionTime": 1760899465450, - "eventId": "39269369174156633151644505337439453974580325074051334145" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899415000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.53 10.0.4.186 47416 80 6 3 180 1760899415 1760899441 ACCEPT OK", - "ingestionTime": 1760899465450, - "eventId": "39269369174156633151644505337439453974580325074051334146" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899415000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.46.102 10.0.4.186 30120 80 6 3 180 1760899415 1760899441 ACCEPT OK", - "ingestionTime": 1760899465450, - "eventId": "39269369174156633151644505337439453974580325074051334147" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899415000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.34.110 10.0.4.186 61568 80 6 3 180 1760899415 1760899441 ACCEPT OK", - "ingestionTime": 1760899465450, - "eventId": "39269369174156633151644505337439453974580325074051334148" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899415000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.6.212 10.0.4.186 38820 80 6 3 180 1760899415 1760899441 ACCEPT OK", - "ingestionTime": 1760899465450, - "eventId": "39269369174156633151644505337439453974580325074051334149" - } - ], - "eni-0b0549e20044315f3-all": [ - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899050000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899050 1760899129 - NODATA", - "ingestionTime": 1760899149148, - "eventId": "39269361034384635687967058294516883796158603200468746240" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899063000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899063 1760899133 - NODATA", - "ingestionTime": 1760899191042, - "eventId": "39269361324294323268865159185128106407086387132881174528" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899065000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899065 1760899140 - NODATA", - "ingestionTime": 1760899158751, - "eventId": "39269361368895813665926405429162124440841377838471249920" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899066000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899066 1760899145 - NODATA", - "ingestionTime": 1760899169059, - "eventId": "39269361391196558864457028583159222796051983380536492032" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899072000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899072 1760899154 - NODATA", - "ingestionTime": 1760899183447, - "eventId": "39269361525001030055640767449767568231817834522370572288" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899083000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899083 1760899163 - NODATA", - "ingestionTime": 1760899191130, - "eventId": "39269361770309227239477622015948951614231990473462448128" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899095000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899095 1760899177 - NODATA", - "ingestionTime": 1760899203123, - "eventId": "39269362037918169621845099728876158476315828073130033152" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899096000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899096 1760899173 - NODATA", - "ingestionTime": 1760899191541, - "eventId": "39269362060218914820375722856410123339823436258297708544" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899110000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899110 1760899188 - NODATA", - "ingestionTime": 1760899209964, - "eventId": "39269362372429347599804446860182095577718871838885019648" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899124000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899124 1760899206 - NODATA", - "ingestionTime": 1760899229535, - "eventId": "39269362684639780379233170865342036892205695946093232128" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899125000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899125 1760899199 - NODATA", - "ingestionTime": 1760899251421, - "eventId": "39269362706940525577763794033336149004260622706450890752" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899126000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899126 1760899200 - NODATA", - "ingestionTime": 1760899220164, - "eventId": "39269362729241270776294417137084416047159533537171668992" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899127000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899127 1760899212 - NODATA", - "ingestionTime": 1760899241060, - "eventId": "39269362751542015974825040303882188022904222112626704384" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899154000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899154 1760899233 - NODATA", - "ingestionTime": 1760899251092, - "eventId": "39269363353662136335151865137474306632162095644831449088" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899154000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899154 1760899237 - NODATA", - "ingestionTime": 1760899265367, - "eventId": "39269363353662136335151865154731662239795841721343803392" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899181000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899181 1760899266 - NODATA", - "ingestionTime": 1760899288254, - "eventId": "39269363955782256695478690003864747195775111898944765952" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899184000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899184 1760899260 - NODATA", - "ingestionTime": 1760899279934, - "eventId": "39269364022684492291070559418413938563523123583808634880" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899191000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899191 1760899257 - NODATA", - "ingestionTime": 1760899310499, - "eventId": "39269364178789708680784921446114574291045297137749393408" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899193000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899193 1760899271 - NODATA", - "ingestionTime": 1760899300873, - "eventId": "39269364223391199077846167717549072416822564465518444544" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899203000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899203 1760899284 - NODATA", - "ingestionTime": 1760899308384, - "eventId": "39269364446398651063152399141986190306426909080998117376" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899213000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899213 1760899293 - NODATA", - "ingestionTime": 1760899313680, - "eventId": "39269364669406103048458630563745762218163735798362669056" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899215000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899215 1760899297 - NODATA", - "ingestionTime": 1760899323453, - "eventId": "39269364714007593445519876858632206622956850636010291200" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899231000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899231 1760899308 - NODATA", - "ingestionTime": 1760899331321, - "eventId": "39269365070819516622009847132715303195827357368140234752" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899245000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899245 1760899320 - NODATA", - "ingestionTime": 1760899339052, - "eventId": "39269365383029949401438571123561746374130011920953245696" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899246000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899246 1760899325 - NODATA", - "ingestionTime": 1760899350892, - "eventId": "39269365405330694599969194279411208772642910370836054016" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899246000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899246 1760899316 - NODATA", - "ingestionTime": 1760899371391, - "eventId": "39269365405330694599969194304192910118520948369194024960" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899248000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899248 1760899335 - NODATA", - "ingestionTime": 1760899363230, - "eventId": "39269365449932184997030440577398219863041560501072035840" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899264000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899264 1760899344 - NODATA", - "ingestionTime": 1760899368928, - "eventId": "39269365806744108173520410848858081852441394865298800640" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899273000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899273 1760899356 - NODATA", - "ingestionTime": 1760899385617, - "eventId": "39269366007450814960296019142855830900426629503072272384" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899275000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899275 1760899352 - NODATA", - "ingestionTime": 1760899371464, - "eventId": "39269366052052305357357265408817078540645514115318808576" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899291000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899291 1760899367 - NODATA", - "ingestionTime": 1760899390402, - "eventId": "39269366408864228533847235696283450762548894208316080128" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899303000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899303 1760899380 - NODATA", - "ingestionTime": 1760899399395, - "eventId": "39269366676473170916214713405583375986398277744453156864" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899307000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899307 1760899384 - NODATA", - "ingestionTime": 1760899410029, - "eventId": "39269366765676151710337205984582080515597986510266630144" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899310000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899310 1760899379 - NODATA", - "ingestionTime": 1760899433219, - "eventId": "39269366832578387305929075437224527699752125344533053440" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899314000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899314 1760899394 - NODATA", - "ingestionTime": 1760899418894, - "eventId": "39269366921781368100051567986049717306332660931861872640" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899322000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899322 1760899403 - NODATA", - "ingestionTime": 1760899428250, - "eventId": "39269367100187329688296553129645846721084489476922867712" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899335000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899335 1760899412 - NODATA", - "ingestionTime": 1760899433229, - "eventId": "39269367390097017269194653975629748732390472004675108864" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899335000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899335 1760899418 - NODATA", - "ingestionTime": 1760899444045, - "eventId": "39269367390097017269194653988704937156474046665124282368" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899351000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899351 1760899426 - NODATA", - "ingestionTime": 1760899450863, - "eventId": "39269367746908940445684624261519183700000033952722321408" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899363000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899363 1760899441 - NODATA", - "ingestionTime": 1760899461247, - "eventId": "39269368014517882828052101972501331045545810129543692288" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899364000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899364 1760899446 - NODATA", - "ingestionTime": 1760899468555, - "eventId": "39269368036818628026582725122871818569149878791262961664" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899367000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899367 1760899437 - NODATA", - "ingestionTime": 1760899492360, - "eventId": "39269368103720863622174594576257299469602032595912818688" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899371000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899371 1760899451 - NODATA", - "ingestionTime": 1760899479465, - "eventId": "39269368192923844416297087126810934162937552827837972480" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899383000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899383 1760899467 - NODATA", - "ingestionTime": 1760899490099, - "eventId": "39269368460532786798664564838095442697030093502723784704" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899394000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899394 1760899478 - NODATA", - "ingestionTime": 1760899502794, - "eventId": "39269368705840983982501419410335527383627721259566039040" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899399000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899399 1760899475 - NODATA", - "ingestionTime": 1760899493057, - "eventId": "39269368817344709975154535106242973873413473154290745344" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899409000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899409 1760899488 - NODATA", - "ingestionTime": 1760899515333, - "eventId": "39269369040352161960460766548530326175156119273020653568" - } - ] - }, - "tags": [] - } - }, - "group": { - "name": "cloudwatch" - }, - "labels": [], - "name": "/aws/vpc-flow-log/vpc-007d791b9b857543e", - "type": "Other", - "uid": "arn:aws:logs:eu-west-1:211203495394:log-group:/aws/vpc-flow-log/vpc-007d791b9b857543e:*" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Associate KMS Key with Cloudwatch log group.", - "references": [ - "https://docs.aws.amazon.com/cli/latest/reference/logs/associate-kms-key.html" - ] - }, - "risk_details": "Using customer managed KMS to encrypt CloudWatch log group provide additional confidentiality and control over the log data.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No secrets found in /aws/rds/cluster/ex-rds/postgresql log group.", - "metadata": { - "event_code": "cloudwatch_log_group_no_secrets_in_logs", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "No secrets found in /aws/rds/cluster/ex-rds/postgresql log group.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html", - "categories": [ - "secrets" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "AM-01.01AC", - "OPS-11.01AC", - "OPS-11.02AC", - "OPS-13.03B", - "OPS-26.05B", - "OPS-26.01AS", - "PSS-04.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "CCC": [ - "CCC.GenAI.CN04.AR01" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1552" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Check if secrets exists in CloudWatch logs", - "title": "Check if secrets exists in CloudWatch logs.", - "types": [ - "Protect", - "Secure development" - ], - "uid": "prowler-aws-cloudwatch_log_group_no_secrets_in_logs-211203495394-eu-west-1-/aws/rds/cluster/ex-rds/postgresql" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:logs:eu-west-1:211203495394:log-group:/aws/rds/cluster/ex-rds/postgresql:*", - "name": "/aws/rds/cluster/ex-rds/postgresql", - "retention_days": 7, - "never_expire": false, - "kms_id": null, - "region": "eu-west-1", - "log_streams": {}, - "tags": [] - } - }, - "group": { - "name": "cloudwatch" - }, - "labels": [], - "name": "/aws/rds/cluster/ex-rds/postgresql", - "type": "Other", - "uid": "arn:aws:logs:eu-west-1:211203495394:log-group:/aws/rds/cluster/ex-rds/postgresql:*" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "It is recommended that sensitive information is not logged to CloudWatch logs. Alternatively, sensitive data may be masked using a protection policy", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/mask-sensitive-log-data.html" - ] - }, - "risk_details": "Storing sensitive data in CloudWatch logs could allow an attacker with read-only access to escalate their privileges or gain unauthorised access to systems.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No secrets found in /aws/vpc-flow-log/vpc-007d791b9b857543e log group.", - "metadata": { - "event_code": "cloudwatch_log_group_no_secrets_in_logs", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "No secrets found in /aws/vpc-flow-log/vpc-007d791b9b857543e log group.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html", - "categories": [ - "secrets" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "AM-01.01AC", - "OPS-11.01AC", - "OPS-11.02AC", - "OPS-13.03B", - "OPS-26.05B", - "OPS-26.01AS", - "PSS-04.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "CCC": [ - "CCC.GenAI.CN04.AR01" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1552" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Check if secrets exists in CloudWatch logs", - "title": "Check if secrets exists in CloudWatch logs.", - "types": [ - "Protect", - "Secure development" - ], - "uid": "prowler-aws-cloudwatch_log_group_no_secrets_in_logs-211203495394-eu-west-1-/aws/vpc-flow-log/vpc-007d791b9b857543e" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:logs:eu-west-1:211203495394:log-group:/aws/vpc-flow-log/vpc-007d791b9b857543e:*", - "name": "/aws/vpc-flow-log/vpc-007d791b9b857543e", - "retention_days": 9999, - "never_expire": true, - "kms_id": null, - "region": "eu-west-1", - "log_streams": { - "eni-0cd4fcd4819d5a0b7-all": [ - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899031000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899031 1760899115 - NODATA", - "ingestionTime": 1760899139926, - "eventId": "39269360610670476915885218594189694963071457059547512832" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899046000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899046 1760899127 - NODATA", - "ingestionTime": 1760899149250, - "eventId": "39269360945181654893844565728497413038571606956274024448" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899064000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899064 1760899142 - NODATA", - "ingestionTime": 1760899171015, - "eventId": "39269361346595068467395782302452507265231831869047177216" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899065000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899065 1760899140 - NODATA", - "ingestionTime": 1760899161481, - "eventId": "39269361368895813665926405432462355128969412946093211648" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899074000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899074 1760899154 - NODATA", - "ingestionTime": 1760899180685, - "eventId": "39269361569602520452702013729500161457508911822151876608" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899087000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899087 1760899164 - NODATA", - "ingestionTime": 1760899188926, - "eventId": "39269361859512208033600114579426962274716549575521730560" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899093000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899093 1760899177 - NODATA", - "ingestionTime": 1760899202942, - "eventId": "39269361993316679224783853445585976414341769780327874560" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899096000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899096 1760899173 - NODATA", - "ingestionTime": 1760899189534, - "eventId": "39269362060218914820375722853983829530393030289362518016" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899107000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899107 1760899183 - NODATA", - "ingestionTime": 1760899208282, - "eventId": "39269362305527112004212577433541251354104638611981205504" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899120000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899120 1760899194 - NODATA", - "ingestionTime": 1760899249444, - "eventId": "39269362595436799585110678323267367353868490709992013824" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899124000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899124 1760899204 - NODATA", - "ingestionTime": 1760899231189, - "eventId": "39269362684639780379233170867341403349163730796893896704" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899145000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899145 1760899226 - NODATA", - "ingestionTime": 1760899248783, - "eventId": "39269363152955429548376256860861233320174442224344956928" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899153000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899153 1760899239 - NODATA", - "ingestionTime": 1760899262856, - "eventId": "39269363331361391136621242010160382151535307798841524224" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899156000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899156 1760899233 - NODATA", - "ingestionTime": 1760899251214, - "eventId": "39269363398263626732213111420693427286550341112125521920" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899167000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899167 1760899245 - NODATA", - "ingestionTime": 1760899267593, - "eventId": "39269363643571823916049965997386872465211874059378688000" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899181000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899181 1760899254 - NODATA", - "ingestionTime": 1760899309470, - "eventId": "39269363955782256695478690029513573287107439005186064384" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899184000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899184 1760899260 - NODATA", - "ingestionTime": 1760899280418, - "eventId": "39269364022684492291070559418998784362727835457823440896" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899187000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899187 1760899266 - NODATA", - "ingestionTime": 1760899289733, - "eventId": "39269364089586727886662428854866949624521773410794864640" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899194000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899194 1760899275 - NODATA", - "ingestionTime": 1760899299733, - "eventId": "39269364245691944276376790857706543416476686971921301504" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899204000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899204 1760899286 - NODATA", - "ingestionTime": 1760899309875, - "eventId": "39269364468699396261683022285324313923175968945211310080" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899213000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899213 1760899293 - NODATA", - "ingestionTime": 1760899319552, - "eventId": "39269364669406103048458630570844658358774455533122027520" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899215000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899215 1760899293 - NODATA", - "ingestionTime": 1760899311165, - "eventId": "39269364714007593445519876843776711888539935711792070656" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899227000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899227 1760899304 - NODATA", - "ingestionTime": 1760899327528, - "eventId": "39269364981616535827887354561987052343875666657387479040" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899241000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899241 1760899314 - NODATA", - "ingestionTime": 1760899369674, - "eventId": "39269365293826968607316078594438607167353915397586354176" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899245000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899245 1760899321 - NODATA", - "ingestionTime": 1760899340795, - "eventId": "39269365383029949401438571125668891064507806525688119296" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899247000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899247 1760899325 - NODATA", - "ingestionTime": 1760899349747, - "eventId": "39269365427631439798499817419562686664009994535042416640" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899248000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899248 1760899335 - NODATA", - "ingestionTime": 1760899361737, - "eventId": "39269365449932184997030440575593663755083845328799662080" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899263000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899263 1760899343 - NODATA", - "ingestionTime": 1760899367618, - "eventId": "39269365784443362974989787705738802661146729846819127296" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899271000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899271 1760899355 - NODATA", - "ingestionTime": 1760899379484, - "eventId": "39269365962849324563234772852369513371529050589700489216" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899276000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899276 1760899352 - NODATA", - "ingestionTime": 1760899371708, - "eventId": "39269366074353050555887888550647785025367173779549388800" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899287000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899287 1760899364 - NODATA", - "ingestionTime": 1760899389077, - "eventId": "39269366319661247739724743128538737171054749321939386368" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899303000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899303 1760899375 - NODATA", - "ingestionTime": 1760899431081, - "eventId": "39269366676473170916214713443889494423911819403013455872" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899305000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899305 1760899381 - NODATA", - "ingestionTime": 1760899400414, - "eventId": "39269366721074661313275959689886924638672932144373039104" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899307000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899307 1760899386 - NODATA", - "ingestionTime": 1760899408511, - "eventId": "39269366765676151710337205982746961466829488763300806656" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899314000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899314 1760899394 - NODATA", - "ingestionTime": 1760899420747, - "eventId": "39269366921781368100051567988289637575888457293160448000" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899322000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899322 1760899403 - NODATA", - "ingestionTime": 1760899428007, - "eventId": "39269367100187329688296553129352064058383779008465076224" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899334000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899334 1760899412 - NODATA", - "ingestionTime": 1760899429660, - "eventId": "39269367367796272070664030829778877118210560333827080192" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899336000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899336 1760899417 - NODATA", - "ingestionTime": 1760899442053, - "eventId": "39269367412397762467725277127832967444140093911955144704" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899349000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899349 1760899424 - NODATA", - "ingestionTime": 1760899449340, - "eventId": "39269367702307450048623377976606737167794200106263445504" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899361000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899361 1760899432 - NODATA", - "ingestionTime": 1760899491027, - "eventId": "39269367969916392430990855725431353246427732075437621248" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899363000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899363 1760899441 - NODATA", - "ingestionTime": 1760899460257, - "eventId": "39269368014517882828052101971304249414101267847896170496" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899365000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899365 1760899446 - NODATA", - "ingestionTime": 1760899468665, - "eventId": "39269368059119373225113348264540584396392034426105430016" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899375000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899375 1760899455 - NODATA", - "ingestionTime": 1760899481555, - "eventId": "39269368282126825210419579695480504500212685656322080768" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899383000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899383 1760899467 - NODATA", - "ingestionTime": 1760899487567, - "eventId": "39269368460532786798664564835034776331022815284839055360" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899393000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899393 1760899476 - NODATA", - "ingestionTime": 1760899500793, - "eventId": "39269368683540238783970796266381102896276266334347132928" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899398000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899398 1760899475 - NODATA", - "ingestionTime": 1760899489169, - "eventId": "39269368795043964776623911960006811116316914335348031488" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899409000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899409 1760899487 - NODATA", - "ingestionTime": 1760899507600, - "eventId": "39269369040352161960460766539181708866508225546449846272" - } - ], - "eni-0eee78be32276dc65-all": [ - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899032000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899032 1760899109 - NODATA", - "ingestionTime": 1760899134945, - "eventId": "39269360632971222114415841729703527226207967234779774976" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899043000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899043 1760899120 - NODATA", - "ingestionTime": 1760899144884, - "eventId": "39269360878279419298252696298611781813145246086503727104" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899052000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899052 1760899132 - NODATA", - "ingestionTime": 1760899154887, - "eventId": "39269361078986126085028304584526361316447343074608021504" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899063000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899063 1760899141 - NODATA", - "ingestionTime": 1760899164127, - "eventId": "39269361324294323268865159152589586655311491293203202048" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899066000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899066 1760899146 - NODATA", - "ingestionTime": 1760899173383, - "eventId": "39269361391196558864457028588387002206051139308865585152" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899070000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899070 1760899140 - NODATA", - "ingestionTime": 1760899156170, - "eventId": "39269361480399539658579521133720174781408048766989828096" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899074000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899074 1760899155 - NODATA", - "ingestionTime": 1760899186448, - "eventId": "39269361569602520452702013736466909309389429082721353728" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899096000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899096 1760899175 - NODATA", - "ingestionTime": 1760899197470, - "eventId": "39269362060218914820375722863577669461616015304736112640" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899107000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899107 1760899182 - NODATA", - "ingestionTime": 1760899205402, - "eventId": "39269362305527112004212577430059792118031670795614355456" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899124000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899124 1760899200 - NODATA", - "ingestionTime": 1760899224570, - "eventId": "39269362684639780379233170859339700182272340779870912512" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899127000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899127 1760899206 - NODATA", - "ingestionTime": 1760899231868, - "eventId": "39269362751542015974825040292769706477577608203599740928" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899130000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899130 1760899200 - NODATA", - "ingestionTime": 1760899216262, - "eventId": "39269362818444251570416909698510075089137464840133804032" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899133000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899133 1760899215 - NODATA", - "ingestionTime": 1760899246210, - "eventId": "39269362885346487166008779159322407412871585528894324736" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899153000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899153 1760899230 - NODATA", - "ingestionTime": 1760899251400, - "eventId": "39269363331361391136621241996311121221405119004043444224" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899157000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899157 1760899235 - NODATA", - "ingestionTime": 1760899258021, - "eventId": "39269363420564371930743734570458344598590417900065914880" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899167000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899167 1760899242 - NODATA", - "ingestionTime": 1760899266548, - "eventId": "39269363643571823916049965996123562950678726130113904640" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899174000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899174 1760899250 - NODATA", - "ingestionTime": 1760899275556, - "eventId": "39269363799677040305764327997764003167285750075715420160" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899183000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899183 1760899262 - NODATA", - "ingestionTime": 1760899284289, - "eventId": "39269364000383747092539936282143032915656252264968749056" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899187000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899187 1760899266 - NODATA", - "ingestionTime": 1760899291413, - "eventId": "39269364089586727886662428856898380600297619606114140160" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899190000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899190 1760899260 - NODATA", - "ingestionTime": 1760899276225, - "eventId": "39269364156488963482254298263144306458468370593886044160" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899193000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899193 1760899277 - NODATA", - "ingestionTime": 1760899303806, - "eventId": "39269364223391199077846167721094564420197117221625790464" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899196000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899196 1760899260 - NODATA", - "ingestionTime": 1760899334586, - "eventId": "39269364290293434673438037182912416456716008702408523776" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899213000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899213 1760899289 - NODATA", - "ingestionTime": 1760899311121, - "eventId": "39269364669406103048458630560652132630159455450075103232" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899216000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899216 1760899295 - NODATA", - "ingestionTime": 1760899318499, - "eventId": "39269364736308338644050499994179034332937535505210343424" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899227000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899227 1760899305 - NODATA", - "ingestionTime": 1760899326390, - "eventId": "39269364981616535827887354560611681081931410087592263680" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899232 1760899310 - NODATA", - "ingestionTime": 1760899336203, - "eventId": "39269365093120261820540470280153350599481452527376269312" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899243000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899243 1760899323 - NODATA", - "ingestionTime": 1760899343742, - "eventId": "39269365338428459004377324846160248388421245006660304896" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899249000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899249 1760899320 - NODATA", - "ingestionTime": 1760899336117, - "eventId": "39269365472232930195561063686156260435021330376417148928" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899249000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899249 1760899327 - NODATA", - "ingestionTime": 1760899352321, - "eventId": "39269365472232930195561063705745793873400791408967090176" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899251000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899251 1760899336 - NODATA", - "ingestionTime": 1760899367212, - "eventId": "39269365516834420592622310006819254946281577326604779520" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899274000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899274 1760899353 - NODATA", - "ingestionTime": 1760899373962, - "eventId": "39269366029751560158826642270301412512888178252004589568" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899274000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899274 1760899355 - NODATA", - "ingestionTime": 1760899379402, - "eventId": "39269366029751560158826642276877930662977506319400042496" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899284000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899284 1760899362 - NODATA", - "ingestionTime": 1760899386982, - "eventId": "39269366252759012144132873701398387328881161898128637952" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899294000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899294 1760899372 - NODATA", - "ingestionTime": 1760899394477, - "eventId": "39269366475766464129439105125816695702172340211787300864" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899303000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899303 1760899383 - NODATA", - "ingestionTime": 1760899405478, - "eventId": "39269366676473170916214713412937602135678394228114522112" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899308000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899308 1760899386 - NODATA", - "ingestionTime": 1760899413706, - "eventId": "39269366787976896908867829130563046940109806326346612736" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899310000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899310 1760899380 - NODATA", - "ingestionTime": 1760899397821, - "eventId": "39269366832578387305929075394430702698688020571642724352" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899314000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899314 1760899397 - NODATA", - "ingestionTime": 1760899425864, - "eventId": "39269366921781368100051567994475576217536599340043665408" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899334000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899334 1760899415 - NODATA", - "ingestionTime": 1760899441656, - "eventId": "39269367367796272070664030844281469904033722035045597184" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899335000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899335 1760899410 - NODATA", - "ingestionTime": 1760899430876, - "eventId": "39269367390097017269194653972784979191565215734678749184" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899347000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899347 1760899423 - NODATA", - "ingestionTime": 1760899447684, - "eventId": "39269367657705959651562131691532913759489711811767500800" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899354000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899354 1760899432 - NODATA", - "ingestionTime": 1760899456589, - "eventId": "39269367813811176041276493693048475725746690637326057472" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899363000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899363 1760899442 - NODATA", - "ingestionTime": 1760899463202, - "eventId": "39269368014517882828052101974864753397017949679660957696" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899367000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899367 1760899446 - NODATA", - "ingestionTime": 1760899472723, - "eventId": "39269368103720863622174594552517552425934392550237077504" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899371000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899371 1760899440 - NODATA", - "ingestionTime": 1760899455859, - "eventId": "39269368192923844416297087098273510881125605169948065792" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899375000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899375 1760899457 - NODATA", - "ingestionTime": 1760899487495, - "eventId": "39269368282126825210419579702662044707283407383455531008" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899392000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899392 1760899469 - NODATA", - "ingestionTime": 1760899490579, - "eventId": "39269368661239493585440173112497448504418584276237156352" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899394000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899394 1760899475 - NODATA", - "ingestionTime": 1760899499905, - "eventId": "39269368705840983982501419406842983598809204891447328768" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899404000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899404 1760899481 - NODATA", - "ingestionTime": 1760899505766, - "eventId": "39269368928848435967807650829285727947167171314158731264" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899410000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899410 1760899487 - NODATA", - "ingestionTime": 1760899518280, - "eventId": "39269369062652907158991389693628934917572999196216262656" - } - ], - "eni-0c1065c914ddc0b88-all": [ - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899033000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899033 1760899111 - NODATA", - "ingestionTime": 1760899131705, - "eventId": "39269360655271967312946464867322652502059743183076327424" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899040000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899040 1760899118 - NODATA", - "ingestionTime": 1760899137950, - "eventId": "39269360811377183702660826865622290103622366602256842752" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899046000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899046 1760899124 - NODATA", - "ingestionTime": 1760899144556, - "eventId": "39269360945181654893844565722822361767392100902754582528" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899056000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899056 1760899132 - NODATA", - "ingestionTime": 1760899177328, - "eventId": "39269361168189106879150797177798657782901584726127869952" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899063000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899063 1760899143 - NODATA", - "ingestionTime": 1760899169949, - "eventId": "39269361324294323268865159159627891617325295385041436672" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899064000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899064 1760899140 - NODATA", - "ingestionTime": 1760899159431, - "eventId": "39269361346595068467395782288448135197190114468420583424" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899074000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899074 1760899156 - NODATA", - "ingestionTime": 1760899175275, - "eventId": "39269361569602520452702013722959486324680047180535889920" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899083000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899083 1760899166 - NODATA", - "ingestionTime": 1760899185928, - "eventId": "39269361770309227239477622009659656615414527865242583040" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899092000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899092 1760899165 - NODATA", - "ingestionTime": 1760899176075, - "eventId": "39269361971015934026253230271570081934998595329796538368" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899096000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899096 1760899172 - NODATA", - "ingestionTime": 1760899192224, - "eventId": "39269362060218914820375722857235374222277287158040035328" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899098000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899098 1760899176 - NODATA", - "ingestionTime": 1760899199417, - "eventId": "39269362104820405217436969149003084469614423673101156352" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899104000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899104 1760899183 - NODATA", - "ingestionTime": 1760899206138, - "eventId": "39269362238624876408620708006342405502528195376838868992" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899120000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899120 1760899191 - NODATA", - "ingestionTime": 1760899236584, - "eventId": "39269362595436799585110678307720767915257233185726332928" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899125000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899125 1760899200 - NODATA", - "ingestionTime": 1760899220918, - "eventId": "39269362706940525577763793996460255943460832392201109504" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899128000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899128 1760899204 - NODATA", - "ingestionTime": 1760899231844, - "eventId": "39269362773842761173355663434276318502510064397876527104" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899135000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899135 1760899213 - NODATA", - "ingestionTime": 1760899237314, - "eventId": "39269362929947977563070025431638968432093462264361123840" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899141000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899141 1760899224 - NODATA", - "ingestionTime": 1760899246469, - "eventId": "39269363063752448754253764291921197519833887840925450240" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899153000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899153 1760899221 - NODATA", - "ingestionTime": 1760899236692, - "eventId": "39269363331361391136621241978529841373228806547492372480" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899156000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899156 1760899232 - NODATA", - "ingestionTime": 1760899254316, - "eventId": "39269363398263626732213111424443243766834742078299963392" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899158000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899158 1760899236 - NODATA", - "ingestionTime": 1760899261035, - "eventId": "39269363442865117129274357715637800582458712370902073344" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899178000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899178 1760899252 - NODATA", - "ingestionTime": 1760899297290, - "eventId": "39269363888880021099886820590181698295679974565315739648" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899182000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899182 1760899260 - NODATA", - "ingestionTime": 1760899280382, - "eventId": "39269363978083001894009313135883871550789736714335223808" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899187000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899187 1760899265 - NODATA", - "ingestionTime": 1760899292137, - "eventId": "39269364089586727886662428857773429136984229455763341312" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899195000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899195 1760899273 - NODATA", - "ingestionTime": 1760899296711, - "eventId": "39269364267992689474907413995588979756838792680283045888" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899203000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899203 1760899285 - NODATA", - "ingestionTime": 1760899308052, - "eventId": "39269364446398651063152399141585090918819749021377363968" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899212000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899212 1760899281 - NODATA", - "ingestionTime": 1760899298603, - "eventId": "39269364647105357849928007403983341063954283086051934208" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899215000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899215 1760899291 - NODATA", - "ingestionTime": 1760899314667, - "eventId": "39269364714007593445519876848010854729212200078675476480" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899218000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899218 1760899297 - NODATA", - "ingestionTime": 1760899318310, - "eventId": "39269364780909829041111746277021645179191239808600047616" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899226000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899226 1760899304 - NODATA", - "ingestionTime": 1760899326316, - "eventId": "39269364959315790629356731418986118130536925037518389248" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899237000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899237 1760899311 - NODATA", - "ingestionTime": 1760899357590, - "eventId": "39269365204623987813193586013687306980555969919094620160" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899245000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899245 1760899320 - NODATA", - "ingestionTime": 1760899339320, - "eventId": "39269365383029949401438571123885830990629396754181455872" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899246000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899246 1760899324 - NODATA", - "ingestionTime": 1760899349453, - "eventId": "39269365405330694599969194277671333444670725721594920960" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899253000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899253 1760899332 - NODATA", - "ingestionTime": 1760899355965, - "eventId": "39269365561435910989683556276294226634700045831045709824" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899260000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899260 1760899342 - NODATA", - "ingestionTime": 1760899367285, - "eventId": "39269365717541127379397918280729457563060667479143677952" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899271000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899271 1760899340 - NODATA", - "ingestionTime": 1760899358012, - "eventId": "39269365962849324563234772826411456326433139600299589632" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899277000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899277 1760899358 - NODATA", - "ingestionTime": 1760899379932, - "eventId": "39269366096653795754418511702125555646941690228634025984" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899280000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899280 1760899354 - NODATA", - "ingestionTime": 1760899373791, - "eventId": "39269366163556031350010381119308943134728694973349036032" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899287000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899287 1760899365 - NODATA", - "ingestionTime": 1760899387122, - "eventId": "39269366319661247739724743126174945862220594307798401024" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899296000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899296 1760899370 - NODATA", - "ingestionTime": 1760899417363, - "eventId": "39269366520367954526500351436555808711909606142480023552" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899303000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899303 1760899380 - NODATA", - "ingestionTime": 1760899401909, - "eventId": "39269366676473170916214713408623065001550703702154543104" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899307000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899307 1760899383 - NODATA", - "ingestionTime": 1760899409238, - "eventId": "39269366765676151710337205983626119966033254102925901824" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899314000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899314 1760899394 - NODATA", - "ingestionTime": 1760899415337, - "eventId": "39269366921781368100051567981749449595694558573866647552" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899324000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899324 1760899407 - NODATA", - "ingestionTime": 1760899426496, - "eventId": "39269367144788820085357799410596776768436318073229869056" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899330000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899330 1760899401 - NODATA", - "ingestionTime": 1760899416680, - "eventId": "39269367278593291276541538247944144611040782249052209152" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899332000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899332 1760899411 - NODATA", - "ingestionTime": 1760899433019, - "eventId": "39269367323194781673602784550768585739390411542126460928" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899336000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899336 1760899417 - NODATA", - "ingestionTime": 1760899441788, - "eventId": "39269367412397762467725277127512237825223402116720689152" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899346000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899346 1760899426 - NODATA", - "ingestionTime": 1760899445148, - "eventId": "39269367635405214453031508546931419772956448249760251904" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899359000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899359 1760899432 - NODATA", - "ingestionTime": 1760899476491, - "eventId": "39269367925314902033929609424786991761781626531123036160" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899362000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899362 1760899441 - NODATA", - "ingestionTime": 1760899460671, - "eventId": "39269367992217137629521478830269449240112434646753738752" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899366000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899366 1760899443 - NODATA", - "ingestionTime": 1760899468688, - "eventId": "39269368081420118423643971406103859309591387589274501120" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899376000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899376 1760899453 - NODATA", - "ingestionTime": 1760899476785, - "eventId": "39269368304427570408950202831249919970625624526780694528" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899384000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899384 1760899466 - NODATA", - "ingestionTime": 1760899488248, - "eventId": "39269368482833531997195187977393757885480410767471214592" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899393000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899393 1760899463 - NODATA", - "ingestionTime": 1760899476616, - "eventId": "39269368683540238783970796237152821956634466018501394432" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899396000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899396 1760899472 - NODATA", - "ingestionTime": 1760899492814, - "eventId": "39269368750442474379562665681342390226297253743843213312" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899398000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899398 1760899476 - NODATA", - "ingestionTime": 1760899499578, - "eventId": "39269368795043964776623911972590426561877822674179457024" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899404000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899404 1760899483 - NODATA", - "ingestionTime": 1760899507248, - "eventId": "39269368928848435967807650831077445246919319457277739008" - } - ], - "eni-0b032bdd6415e28d2-all": [ - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899035000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899035 1760899113 - NODATA", - "ingestionTime": 1760899133136, - "eventId": "39269360699873457710007711152123610062180414944395264000" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899038000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899038 1760899114 - NODATA", - "ingestionTime": 1760899141191, - "eventId": "39269360766775693305599580586468728036916112958741348352" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899050000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899050 1760899123 - NODATA", - "ingestionTime": 1760899146046, - "eventId": "39269361034384635687967058290766595601835303791956525056" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899058000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899058 1760899131 - NODATA", - "ingestionTime": 1760899159863, - "eventId": "39269361212790597276212043439756002440073202307487825920" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899063000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899063 1760899141 - NODATA", - "ingestionTime": 1760899167762, - "eventId": "39269361324294323268865159156984140043621645568457375744" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899068000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899068 1760899140 - NODATA", - "ingestionTime": 1760899157657, - "eventId": "39269361435798049261518274852446799470266395671291756544" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899068000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899068 1760899151 - NODATA", - "ingestionTime": 1760899175983, - "eventId": "39269361435798049261518274874601161818209012954061209600" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899095000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899095 1760899173 - NODATA", - "ingestionTime": 1760899195345, - "eventId": "39269362037918169621845099719473117068327781693816504320" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899098000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899098 1760899177 - NODATA", - "ingestionTime": 1760899204131, - "eventId": "39269362104820405217436969154701463979111391750678577152" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899106000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899106 1760899186 - NODATA", - "ingestionTime": 1760899211311, - "eventId": "39269362283226366805681954295667591380534219155025690624" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899114000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899114 1760899186 - NODATA", - "ingestionTime": 1760899204393, - "eventId": "39269362461632328393926939419589915749741929816441094144" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899122000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899122 1760899203 - NODATA", - "ingestionTime": 1760899228656, - "eventId": "39269362640038289982171924581207850598435590163328860160" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899125000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899125 1760899194 - NODATA", - "ingestionTime": 1760899249065, - "eventId": "39269362706940525577763794030487974742181412238673444864" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899127000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899127 1760899200 - NODATA", - "ingestionTime": 1760899220738, - "eventId": "39269362751542015974825040279314179297414635168363315200" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899132000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899132 1760899213 - NODATA", - "ingestionTime": 1760899241591, - "eventId": "39269362863045741967478156012202532532736419493011783680" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899143000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899143 1760899223 - NODATA", - "ingestionTime": 1760899253281, - "eventId": "39269363108353939151315010583227663416625814834351243264" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899156000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899156 1760899234 - NODATA", - "ingestionTime": 1760899255488, - "eventId": "39269363398263626732213111425859902023189279008363118592" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899159000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899159 1760899237 - NODATA", - "ingestionTime": 1760899264361, - "eventId": "39269363465165862327804980861194073115574920556078891008" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899168000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899168 1760899246 - NODATA", - "ingestionTime": 1760899269260, - "eventId": "39269363665872569114580589140938428252512150847914049536" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899179000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899179 1760899253 - NODATA", - "ingestionTime": 1760899287510, - "eventId": "39269363911180766298417443719894074932119288698675789824" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899184000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899184 1760899263 - NODATA", - "ingestionTime": 1760899286796, - "eventId": "39269364022684492291070559426709282053852418506933469184" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899189000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899189 1760899260 - NODATA", - "ingestionTime": 1760899280283, - "eventId": "39269364134188218283723675126514426166813898814862065664" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899190000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899190 1760899270 - NODATA", - "ingestionTime": 1760899299057, - "eventId": "39269364156488963482254298290746226088810990608511533056" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899196000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899196 1760899280 - NODATA", - "ingestionTime": 1760899311828, - "eventId": "39269364290293434673438037155400062015818871861690368000" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899215000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899215 1760899294 - NODATA", - "ingestionTime": 1760899324767, - "eventId": "39269364714007593445519876860221022069360705824598065152" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899216000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899216 1760899291 - NODATA", - "ingestionTime": 1760899311774, - "eventId": "39269364736308338644050499986049101087749757179034533888" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899228000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899228 1760899305 - NODATA", - "ingestionTime": 1760899327496, - "eventId": "39269365003917281026417977703483983765827058252031524864" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899236000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899236 1760899313 - NODATA", - "ingestionTime": 1760899372153, - "eventId": "39269365182323242614662962889757246868346573266567036928" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899242000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899242 1760899322 - NODATA", - "ingestionTime": 1760899351210, - "eventId": "39269365316127713805846701713652516863299726898767265792" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899245000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899245 1760899316 - NODATA", - "ingestionTime": 1760899326734, - "eventId": "39269365383029949401438571108670116921054093554823528448" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899246000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899246 1760899320 - NODATA", - "ingestionTime": 1760899342709, - "eventId": "39269365405330694599969194269518376122630654525933879296" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899252000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899252 1760899335 - NODATA", - "ingestionTime": 1760899360418, - "eventId": "39269365539135165791152933140142033914622429515450417152" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899264000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899264 1760899343 - NODATA", - "ingestionTime": 1760899373218, - "eventId": "39269365806744108173520410854044313792513119479803084800" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899275000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899275 1760899355 - NODATA", - "ingestionTime": 1760899375908, - "eventId": "39269366052052305357357265414189441517385877666894970880" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899279000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899279 1760899352 - NODATA", - "ingestionTime": 1760899369219, - "eventId": "39269366141255286151479757972246010380988764276406026240" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899281000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899281 1760899359 - NODATA", - "ingestionTime": 1760899386093, - "eventId": "39269366185856776548541004275716839020567135377730371584" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899291000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899291 1760899368 - NODATA", - "ingestionTime": 1760899396136, - "eventId": "39269366408864228533847235703215102353670681361569349632" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899305000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899305 1760899382 - NODATA", - "ingestionTime": 1760899411018, - "eventId": "39269366721074661313275959702706255481084640795688894464" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899307000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899307 1760899380 - NODATA", - "ingestionTime": 1760899401309, - "eventId": "39269366765676151710337205974040218737002706934304473088" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899307000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899307 1760899377 - NODATA", - "ingestionTime": 1760899407058, - "eventId": "39269366765676151710337205980990486288538753834262528000" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899310000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899310 1760899393 - NODATA", - "ingestionTime": 1760899419461, - "eventId": "39269366832578387305929075420592256492361369792011894784" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899324000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899324 1760899404 - NODATA", - "ingestionTime": 1760899433640, - "eventId": "39269367144788820085357799419233581698511609406149165056" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899335000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899335 1760899412 - NODATA", - "ingestionTime": 1760899433908, - "eventId": "39269367390097017269194653976450088980403729997574832128" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899339000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899339 1760899418 - NODATA", - "ingestionTime": 1760899443512, - "eventId": "39269367479299998063317146554203490059711429749104771072" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899352000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899352 1760899428 - NODATA", - "ingestionTime": 1760899450328, - "eventId": "39269367769209685644215247402407859453740699287278387200" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899361000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899361 1760899433 - NODATA", - "ingestionTime": 1760899454519, - "eventId": "39269367969916392430990855681296183876299316157353951232" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899366000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899366 1760899444 - NODATA", - "ingestionTime": 1760899474591, - "eventId": "39269368081420118423643971413240484439095664219683618816" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899367000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899367 1760899442 - NODATA", - "ingestionTime": 1760899465925, - "eventId": "39269368103720863622174594544299428355023128143241412608" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899368000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899368 1760899453 - NODATA", - "ingestionTime": 1760899486443, - "eventId": "39269368126021608820705217710640157343359909657957302272" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899371000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899371 1760899440 - NODATA", - "ingestionTime": 1760899453355, - "eventId": "39269368192923844416297087095246106187430342297292636160" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899394000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899394 1760899469 - NODATA", - "ingestionTime": 1760899492226, - "eventId": "39269368705840983982501419397559717026373074890956865536" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899395000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899395 1760899474 - NODATA", - "ingestionTime": 1760899499679, - "eventId": "39269368728141729181032042548105768502328698924799033344" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899401000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899401 1760899480 - NODATA", - "ingestionTime": 1760899505761, - "eventId": "39269368861946200372215781404672778473133206005118402560" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899411000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899411 1760899487 - NODATA", - "ingestionTime": 1760899516510, - "eventId": "39269369084953652357522012833024672600503351423856934912" - } - ], - "eni-0412563bcfde47c07-all": [ - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899035000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899035 1760899115 - NODATA", - "ingestionTime": 1760899136495, - "eventId": "39269360699873457710007711156184720977592577186848636928" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899040000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899040 1760899119 - NODATA", - "ingestionTime": 1760899143305, - "eventId": "39269360811377183702660826872095664712709160858448297984" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899053000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899053 1760899129 - NODATA", - "ingestionTime": 1760899149871, - "eventId": "39269361101286871283558927719998164556081147111036944384" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899061000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899061 1760899143 - NODATA", - "ingestionTime": 1760899171229, - "eventId": "39269361279692832871803912878103970731973143505727586304" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899065000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899065 1760899134 - NODATA", - "ingestionTime": 1760899159080, - "eventId": "39269361368895813665926405429559601888144427773353132032" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899067000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899067 1760899140 - NODATA", - "ingestionTime": 1760899158188, - "eventId": "39269361413497304062987651711552518719516224710275825664" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899069000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899069 1760899153 - NODATA", - "ingestionTime": 1760899183464, - "eventId": "39269361458098794460048898025181141301956577880678137856" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899079000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899079 1760899147 - NODATA", - "ingestionTime": 1760899160601, - "eventId": "39269361681106246445355129412898811658073252175123316736" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899087000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899087 1760899166 - NODATA", - "ingestionTime": 1760899189376, - "eventId": "39269361859512208033600114579970893901776463807182798848" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899097000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899097 1760899176 - NODATA", - "ingestionTime": 1760899197279, - "eventId": "39269362082519660018906346004882537813687509194151165952" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899101000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899101 1760899179 - NODATA", - "ingestionTime": 1760899207385, - "eventId": "39269362171722640813028838583242579865759321101520076800" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899110000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899110 1760899188 - NODATA", - "ingestionTime": 1760899210660, - "eventId": "39269362372429347599804446861023392143998122008465309696" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899125000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899125 1760899194 - NODATA", - "ingestionTime": 1760899218812, - "eventId": "39269362706940525577763793993914106303142960102158041088" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899127000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899127 1760899203 - NODATA", - "ingestionTime": 1760899219418, - "eventId": "39269362751542015974825040277718476328369986825337700352" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899128000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899128 1760899200 - NODATA", - "ingestionTime": 1760899219120, - "eventId": "39269362773842761173355663418894165674178680573615538176" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899128000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899128 1760899205 - NODATA", - "ingestionTime": 1760899229665, - "eventId": "39269362773842761173355663431641781566952475279059255296" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899131000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899131 1760899216 - NODATA", - "ingestionTime": 1760899246092, - "eventId": "39269362840744996768947532876108041980772891761732091904" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899154000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899154 1760899229 - NODATA", - "ingestionTime": 1760899251163, - "eventId": "39269363353662136335151865137560078513468959389785718784" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899156000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899156 1760899234 - NODATA", - "ingestionTime": 1760899255712, - "eventId": "39269363398263626732213111426130916777394430857751101440" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899161000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899161 1760899240 - NODATA", - "ingestionTime": 1760899263829, - "eventId": "39269363509767352724866227143622613852783293494349135872" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899165000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899165 1760899246 - NODATA", - "ingestionTime": 1760899273641, - "eventId": "39269363598970333518988719721627354493523822240846249984" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899185000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899185 1760899255 - NODATA", - "ingestionTime": 1760899281581, - "eventId": "39269364044985237489601182561940566582802392043117805568" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899187000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899187 1760899274 - NODATA", - "ingestionTime": 1760899303013, - "eventId": "39269364089586727886662428870921814201369867240798355456" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899189000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899189 1760899265 - NODATA", - "ingestionTime": 1760899290113, - "eventId": "39269364134188218283723675138397685858692808796273704960" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899190000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899190 1760899260 - NODATA", - "ingestionTime": 1760899280671, - "eventId": "39269364156488963482254298268519062333023165200494231552" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899193000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899193 1760899263 - NODATA", - "ingestionTime": 1760899278795, - "eventId": "39269364223391199077846167690858269798831755613942710272" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899207000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899207 1760899286 - NODATA", - "ingestionTime": 1760899310638, - "eventId": "39269364535601631857274891710854073565882969999478882304" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899215000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899215 1760899292 - NODATA", - "ingestionTime": 1760899315726, - "eventId": "39269364714007593445519876849290783883655349661687152640" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899221000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899221 1760899301 - NODATA", - "ingestionTime": 1760899327482, - "eventId": "39269364847812064636703615712717370070625663115083776000" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899229000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899229 1760899308 - NODATA", - "ingestionTime": 1760899331997, - "eventId": "39269365026218026224948600850461253750180961257934094336" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899246000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899246 1760899320 - NODATA", - "ingestionTime": 1760899337920, - "eventId": "39269365405330694599969194263728842467517601889384857600" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899248000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899248 1760899316 - NODATA", - "ingestionTime": 1760899340670, - "eventId": "39269365449932184997030440550125147054714641578971234304" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899248000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899248 1760899326 - NODATA", - "ingestionTime": 1760899350749, - "eventId": "39269365449932184997030440562310038574271999808824475648" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899248000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899248 1760899334 - NODATA", - "ingestionTime": 1760899362257, - "eventId": "39269365449932184997030440576222135510589021884186427392" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899250000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899250 1760899322 - NODATA", - "ingestionTime": 1760899338788, - "eventId": "39269365494533675394091686830921152320352927561249128448" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899270000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899270 1760899347 - NODATA", - "ingestionTime": 1760899368708, - "eventId": "39269365940548579364704149697806783144105333794766585856" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899275000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899275 1760899355 - NODATA", - "ingestionTime": 1760899377918, - "eventId": "39269366052052305357357265416619650568836686043098578944" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899282000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899282 1760899359 - NODATA", - "ingestionTime": 1760899382772, - "eventId": "39269366208157521747071627413237592563353248892668477440" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899289000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899289 1760899368 - NODATA", - "ingestionTime": 1760899393097, - "eventId": "39269366364262738136785989416469683496947752941870645248" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899306000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899306 1760899383 - NODATA", - "ingestionTime": 1760899410529, - "eventId": "39269366743375406511806582843650936186411307196496478208" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899307000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899307 1760899377 - NODATA", - "ingestionTime": 1760899397968, - "eventId": "39269366765676151710337205970001456823899431732343996416" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899307000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899307 1760899380 - NODATA", - "ingestionTime": 1760899400607, - "eventId": "39269366765676151710337205973191896492119022919563018240" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899309000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899309 1760899396 - NODATA", - "ingestionTime": 1760899423126, - "eventId": "39269366810277642107398452283487031653564659198874484736" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899316000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899316 1760899382 - NODATA", - "ingestionTime": 1760899399106, - "eventId": "39269366966382858497112814245198916281112315683434004480" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899331000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899331 1760899406 - NODATA", - "ingestionTime": 1760899430913, - "eventId": "39269367300894036475072161406686974765064859028356005888" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899335000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899335 1760899415 - NODATA", - "ingestionTime": 1760899437272, - "eventId": "39269367390097017269194653980516978150189752716098142208" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899339000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899339 1760899418 - NODATA", - "ingestionTime": 1760899447124, - "eventId": "39269367479299998063317146558570512292617288860634185728" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899351000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899351 1760899427 - NODATA", - "ingestionTime": 1760899454220, - "eventId": "39269367746908940445684624265577228552990440521160261632" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899366000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899366 1760899439 - NODATA", - "ingestionTime": 1760899459961, - "eventId": "39269368081420118423643971395553591908768001739518377984" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899369000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899369 1760899440 - NODATA", - "ingestionTime": 1760899457693, - "eventId": "39269368148322354019235840817419132639093943126178463744" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899369000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899369 1760899444 - NODATA", - "ingestionTime": 1760899469981, - "eventId": "39269368148322354019235840832274191397035876158754783232" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899369000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899369 1760899454 - NODATA", - "ingestionTime": 1760899484008, - "eventId": "39269368148322354019235840849232080110616189955149922304" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899374000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899374 1760899441 - NODATA", - "ingestionTime": 1760899460296, - "eventId": "39269368259826080011888956528244589978217412339484983296" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899392000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899392 1760899467 - NODATA", - "ingestionTime": 1760899489716, - "eventId": "39269368661239493585440173111454201356029973516445417472" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899395000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899395 1760899475 - NODATA", - "ingestionTime": 1760899496760, - "eventId": "39269368728141729181032042544576516340573757947585167360" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899402000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899402 1760899481 - NODATA", - "ingestionTime": 1760899503957, - "eventId": "39269368884246945570746404544027514969411264622420295680" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899413000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899413 1760899488 - NODATA", - "ingestionTime": 1760899511503, - "eventId": "39269369129555142754583259110043103669214552903807205376" - } - ], - "eni-0affc8cb976d281e4-all": [ - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899035000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899035 1760899116 - NODATA", - "ingestionTime": 1760899138840, - "eventId": "39269360699873457710007711159019469104701397634533228544" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899046000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899046 1760899125 - NODATA", - "ingestionTime": 1760899146967, - "eventId": "39269360945181654893844565725737606527934368011554914304" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899060000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899060 1760899132 - NODATA", - "ingestionTime": 1760899190646, - "eventId": "39269361257392087673273289760042133263107400332285378560" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899066000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899066 1760899146 - NODATA", - "ingestionTime": 1760899167560, - "eventId": "39269361391196558864457028581347041359969927984593829888" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899074000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899074 1760899154 - NODATA", - "ingestionTime": 1760899179105, - "eventId": "39269361569602520452702013727590210801973350606697005056" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899087000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899087 1760899164 - NODATA", - "ingestionTime": 1760899192244, - "eventId": "39269361859512208033600114583438176555824605694748459008" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899094000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899094 1760899177 - NODATA", - "ingestionTime": 1760899198599, - "eventId": "39269362015617424423314476581871073057489942101635956736" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899096000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899096 1760899173 - NODATA", - "ingestionTime": 1760899189115, - "eventId": "39269362060218914820375722853477185278320939846186958848" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899109000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899109 1760899185 - NODATA", - "ingestionTime": 1760899210726, - "eventId": "39269362350128602401273823719567361138346684332021776384" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899122000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899122 1760899194 - NODATA", - "ingestionTime": 1760899250823, - "eventId": "39269362640038289982171924608006329965051610956954140672" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899124000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899124 1760899206 - NODATA", - "ingestionTime": 1760899227914, - "eventId": "39269362684639780379233170863382549457541174480434364416" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899126000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899126 1760899200 - NODATA", - "ingestionTime": 1760899219338, - "eventId": "39269362729241270776294417136085999322452702428389244928" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899144000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899144 1760899226 - NODATA", - "ingestionTime": 1760899247368, - "eventId": "39269363130654684349845633717615132665541153038186250240" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899153000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899153 1760899235 - NODATA", - "ingestionTime": 1760899261725, - "eventId": "39269363331361391136621242008792839945762262059483660288" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899167000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899167 1760899245 - NODATA", - "ingestionTime": 1760899268996, - "eventId": "39269363643571823916049965999083152685223837249222017024" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899182000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899182 1760899254 - NODATA", - "ingestionTime": 1760899310544, - "eventId": "39269363978083001894009313172347560528882751266101002240" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899184000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899184 1760899260 - NODATA", - "ingestionTime": 1760899281322, - "eventId": "39269364022684492291070559420091896183115699813441011712" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899186000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899186 1760899266 - NODATA", - "ingestionTime": 1760899287931, - "eventId": "39269364067285982688131805711152844471674574293835710464" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899194000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899194 1760899275 - NODATA", - "ingestionTime": 1760899299457, - "eventId": "39269364245691944276376790857372500237716647776452476928" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899204000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899204 1760899285 - NODATA", - "ingestionTime": 1760899309818, - "eventId": "39269364468699396261683022285255354161015274794248699904" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899213000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899213 1760899295 - NODATA", - "ingestionTime": 1760899320882, - "eventId": "39269364669406103048458630572452503370674395929094586368" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899215000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899215 1760899293 - NODATA", - "ingestionTime": 1760899311810, - "eventId": "39269364714007593445519876844556444173706942228705116160" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899229000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899229 1760899309 - NODATA", - "ingestionTime": 1760899328555, - "eventId": "39269365026218026224948600846300242377921950412429459456" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899241000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899241 1760899325 - NODATA", - "ingestionTime": 1760899348957, - "eventId": "39269365293826968607316078569393086186336604020860649472" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899241000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899241 1760899314 - NODATA", - "ingestionTime": 1760899372605, - "eventId": "39269365293826968607316078597982298375350150780347219968" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899245000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899245 1760899321 - NODATA", - "ingestionTime": 1760899340200, - "eventId": "39269365383029949401438571124949559171644792505665978368" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899251000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899251 1760899335 - NODATA", - "ingestionTime": 1760899359866, - "eventId": "39269365516834420592622309997938463861202851147023974400" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899266000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899266 1760899345 - NODATA", - "ingestionTime": 1760899367752, - "eventId": "39269365851345598570581657130508151919096926587179171840" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899272000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899272 1760899359 - NODATA", - "ingestionTime": 1760899383256, - "eventId": "39269365985150069761765395998465481644863673480582332416" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899276000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899276 1760899352 - NODATA", - "ingestionTime": 1760899370378, - "eventId": "39269366074353050555887888549039652693215533761524727808" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899288000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899288 1760899366 - NODATA", - "ingestionTime": 1760899388583, - "eventId": "39269366341961992938255366269476998944118616763606564864" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899303000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899303 1760899381 - NODATA", - "ingestionTime": 1760899400318, - "eventId": "39269366676473170916214713406699804785352071340302925824" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899303000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899303 1760899375 - NODATA", - "ingestionTime": 1760899429510, - "eventId": "39269366676473170916214713441990338386303280666812350464" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899307000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899307 1760899384 - NODATA", - "ingestionTime": 1760899411298, - "eventId": "39269366765676151710337205986116559650590329171965837312" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899312000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899312 1760899394 - NODATA", - "ingestionTime": 1760899422796, - "eventId": "39269366877179877702990321707695130867012944863901057024" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899322000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899322 1760899403 - NODATA", - "ingestionTime": 1760899428577, - "eventId": "39269367100187329688296553130041479120048520123150827520" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899334000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899334 1760899412 - NODATA", - "ingestionTime": 1760899432439, - "eventId": "39269367367796272070664030833138720654446275223893245952" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899334000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899334 1760899414 - NODATA", - "ingestionTime": 1760899439881, - "eventId": "39269367367796272070664030842135296708003520290717499392" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899347000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899347 1760899424 - NODATA", - "ingestionTime": 1760899451070, - "eventId": "39269367657705959651562131695626595798239555883438637056" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899361000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899361 1760899435 - NODATA", - "ingestionTime": 1760899490451, - "eventId": "39269367969916392430990855724735341148002908163555328000" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899364000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899364 1760899441 - NODATA", - "ingestionTime": 1760899459187, - "eventId": "39269368036818628026582725111546443776056460041485942784" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899366000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899366 1760899447 - NODATA", - "ingestionTime": 1760899471147, - "eventId": "39269368081420118423643971409076505618835547023528493056" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899370000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899370 1760899452 - NODATA", - "ingestionTime": 1760899479024, - "eventId": "39269368170623099217766463984742283714993043411306807296" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899382000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899382 1760899467 - NODATA", - "ingestionTime": 1760899488669, - "eventId": "39269368438232041600133941694831139681884182062797881344" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899394000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899394 1760899475 - NODATA", - "ingestionTime": 1760899502220, - "eventId": "39269368705840983982501419409641737709798658672228827136" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899398000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899398 1760899473 - NODATA", - "ingestionTime": 1760899489665, - "eventId": "39269368795043964776623911960606453012996625068128206848" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899409000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899409 1760899486 - NODATA", - "ingestionTime": 1760899512065, - "eventId": "39269369040352161960460766544579612106892416237728497664" - } - ], - "eni-0cc527ecbe7a26eaf-all": [ - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899035000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899035 1760899117 - NODATA", - "ingestionTime": 1760899142936, - "eventId": "39269360699873457710007711163971510559320265101743685632" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899036000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899036 1760899114 - NODATA", - "ingestionTime": 1760899134414, - "eventId": "39269360722174202908538334295204820463313948714318168064" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899050000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899050 1760899129 - NODATA", - "ingestionTime": 1760899152727, - "eventId": "39269361034384635687967058298843497727773204937133850624" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899063000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899063 1760899133 - NODATA", - "ingestionTime": 1760899185523, - "eventId": "39269361324294323268865159178455904111196628287686770688" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899065000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899065 1760899140 - NODATA", - "ingestionTime": 1760899158843, - "eventId": "39269361368895813665926405429273417399856208608128204800" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899066000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899066 1760899145 - NODATA", - "ingestionTime": 1760899168245, - "eventId": "39269361391196558864457028582175509246823037858524626944" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899072000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899072 1760899154 - NODATA", - "ingestionTime": 1760899181163, - "eventId": "39269361525001030055640767447006181139772869756776218624" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899090000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899090 1760899170 - NODATA", - "ingestionTime": 1760899193900, - "eventId": "39269361926414443629191984010047495961379235145155215360" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899092000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899092 1760899177 - NODATA", - "ingestionTime": 1760899202749, - "eventId": "39269361971015934026253230303816785979875019549754589184" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899110000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899110 1760899188 - NODATA", - "ingestionTime": 1760899210860, - "eventId": "39269362372429347599804446861265377207808753828176592896" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899125000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899125 1760899204 - NODATA", - "ingestionTime": 1760899230989, - "eventId": "39269362706940525577763794008635558579997690313193750528" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899126000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899126 1760899200 - NODATA", - "ingestionTime": 1760899219830, - "eventId": "39269362729241270776294417136680824586241537371595341824" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899127000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899127 1760899212 - NODATA", - "ingestionTime": 1760899242326, - "eventId": "39269362751542015974825040305412561063885034823646773248" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899146000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899146 1760899226 - NODATA", - "ingestionTime": 1760899246152, - "eventId": "39269363175256174746906879999216657007477593368650383360" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899152000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899152 1760899231 - NODATA", - "ingestionTime": 1760899253019, - "eventId": "39269363309060645938090618856732243219578704771989635072" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899156000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899156 1760899237 - NODATA", - "ingestionTime": 1760899263736, - "eventId": "39269363398263626732213111435831655263089646910124851200" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899170000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899170 1760899247 - NODATA", - "ingestionTime": 1760899271074, - "eventId": "39269363710474059511641835426202440992731308715443683328" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899184000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899184 1760899260 - NODATA", - "ingestionTime": 1760899279688, - "eventId": "39269364022684492291070559418116119557759800710406471680" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899186000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899186 1760899257 - NODATA", - "ingestionTime": 1760899306262, - "eventId": "39269364067285982688131805733313731667256371536065331200" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899188000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899188 1760899266 - NODATA", - "ingestionTime": 1760899288672, - "eventId": "39269364111887473085193051995119913844343400534901653504" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899194000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899194 1760899275 - NODATA", - "ingestionTime": 1760899299252, - "eventId": "39269364245691944276376790857125149363662073314597076992" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899204000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899204 1760899285 - NODATA", - "ingestionTime": 1760899309280, - "eventId": "39269364468699396261683022284605296878582061744064102400" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899214000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899214 1760899291 - NODATA", - "ingestionTime": 1760899314311, - "eventId": "39269364691706848246989253706044751639540719357729177600" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899215000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899215 1760899296 - NODATA", - "ingestionTime": 1760899324087, - "eventId": "39269364714007593445519876859398939631364402504914436096" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899232 1760899310 - NODATA", - "ingestionTime": 1760899334354, - "eventId": "39269365093120261820540470277918148826862523982991851520" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899245000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899245 1760899320 - NODATA", - "ingestionTime": 1760899341889, - "eventId": "39269365383029949401438571126991283198097922654519689216" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899245000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899245 1760899325 - NODATA", - "ingestionTime": 1760899348539, - "eventId": "39269365383029949401438571135031132663793566278058115072" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899246000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899246 1760899316 - NODATA", - "ingestionTime": 1760899366160, - "eventId": "39269365405330694599969194297869179122661927007680724992" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899253000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899253 1760899335 - NODATA", - "ingestionTime": 1760899360237, - "eventId": "39269365561435910989683556281458718788128809122697052160" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899263000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899263 1760899343 - NODATA", - "ingestionTime": 1760899367744, - "eventId": "39269365784443362974989787705891158615048326713479266304" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899275000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899275 1760899352 - NODATA", - "ingestionTime": 1760899372061, - "eventId": "39269366052052305357357265409538549045672232196748017664" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899275000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899275 1760899358 - NODATA", - "ingestionTime": 1760899383656, - "eventId": "39269366052052305357357265423556517543661022486787260416" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899290000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899290 1760899367 - NODATA", - "ingestionTime": 1760899391461, - "eventId": "39269366386563483335316612556027451863182680765922607104" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899303000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899303 1760899381 - NODATA", - "ingestionTime": 1760899403625, - "eventId": "39269366676473170916214713410697222888582558342587351040" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899307000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899307 1760899384 - NODATA", - "ingestionTime": 1760899411002, - "eventId": "39269366765676151710337205985758614282112731246506541056" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899314000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899314 1760899394 - NODATA", - "ingestionTime": 1760899419972, - "eventId": "39269366921781368100051567987352686539192809824210518016" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899324000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899324 1760899404 - NODATA", - "ingestionTime": 1760899426887, - "eventId": "39269367144788820085357799411069452063340406770065408000" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899334000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899334 1760899412 - NODATA", - "ingestionTime": 1760899434439, - "eventId": "39269367367796272070664030835556822797651854308072357888" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899334000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899334 1760899417 - NODATA", - "ingestionTime": 1760899446456, - "eventId": "39269367367796272070664030850084056944309412406590767104" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899351000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899351 1760899427 - NODATA", - "ingestionTime": 1760899451312, - "eventId": "39269367746908940445684624262062177639914816024458821632" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899364000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899364 1760899441 - NODATA", - "ingestionTime": 1760899459035, - "eventId": "39269368036818628026582725111362754830102764013299433472" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899364000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899364 1760899446 - NODATA", - "ingestionTime": 1760899470289, - "eventId": "39269368036818628026582725124967908315929005802571956224" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899368000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899368 1760899437 - NODATA", - "ingestionTime": 1760899486041, - "eventId": "39269368126021608820705217710153819616007802450744442880" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899370000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899370 1760899452 - NODATA", - "ingestionTime": 1760899480164, - "eventId": "39269368170623099217766463986120228458155453978742292480" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899383000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899383 1760899466 - NODATA", - "ingestionTime": 1760899488206, - "eventId": "39269368460532786798664564835806916203379451258122797056" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899393000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899393 1760899476 - NODATA", - "ingestionTime": 1760899506645, - "eventId": "39269368683540238783970796273455606208662299519439011840" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899397000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899397 1760899475 - NODATA", - "ingestionTime": 1760899493621, - "eventId": "39269368772743219578093288823853465559792739857376215040" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899410000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899410 1760899488 - NODATA", - "ingestionTime": 1760899512938, - "eventId": "39269369062652907158991389687170444069467983195855192064" - } - ], - "eni-00e49c1a350a96c62-all": [ - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899037000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899037 1760899114 - NODATA", - "ingestionTime": 1760899138767, - "eventId": "39269360744474948107068957442002873060395970223357362176" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899049000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899049 1760899123 - NODATA", - "ingestionTime": 1760899145913, - "eventId": "39269361012083890489436435149070146485244488969436200960" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899057000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899057 1760899130 - NODATA", - "ingestionTime": 1760899154890, - "eventId": "39269361190489852077681420292208780129801594305213628416" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899063000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899063 1760899143 - NODATA", - "ingestionTime": 1760899165282, - "eventId": "39269361324294323268865159153986206642563145982672568320" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899068000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899068 1760899140 - NODATA", - "ingestionTime": 1760899155203, - "eventId": "39269361435798049261518274849479695499931155809958887424" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899069000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899069 1760899149 - NODATA", - "ingestionTime": 1760899172925, - "eventId": "39269361458098794460048898012440441311275205415884881920" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899074000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899074 1760899158 - NODATA", - "ingestionTime": 1760899188149, - "eventId": "39269361569602520452702013738523382166437444405447360512" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899094000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899094 1760899173 - NODATA", - "ingestionTime": 1760899193854, - "eventId": "39269362015617424423314476576134577772443043769486868480" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899098000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899098 1760899175 - NODATA", - "ingestionTime": 1760899198765, - "eventId": "39269362104820405217436969148214454073853692019531972608" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899106000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899106 1760899183 - NODATA", - "ingestionTime": 1760899205855, - "eventId": "39269362283226366805681954289071863715341114358247981056" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899116000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899116 1760899190 - NODATA", - "ingestionTime": 1760899218900, - "eventId": "39269362506233818790988185720199514343819175426755985408" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899124000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899124 1760899200 - NODATA", - "ingestionTime": 1760899223152, - "eventId": "39269362684639780379233170857625462746990168067807838208" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899129000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899129 1760899207 - NODATA", - "ingestionTime": 1760899233704, - "eventId": "39269362796143506371886286578060267268971733818706690048" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899130000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899130 1760899200 - NODATA", - "ingestionTime": 1760899216597, - "eventId": "39269362818444251570416909698915159185654638900559478784" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899132000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899132 1760899217 - NODATA", - "ingestionTime": 1760899249116, - "eventId": "39269362863045741967478156021299470001702103957709324288" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899157000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899157 1760899233 - NODATA", - "ingestionTime": 1760899250348, - "eventId": "39269363420564371930743734561181793392594438106193985536" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899158000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899158 1760899235 - NODATA", - "ingestionTime": 1760899257916, - "eventId": "39269363442865117129274357711867073227048333308284895232" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899167000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899167 1760899242 - NODATA", - "ingestionTime": 1760899266443, - "eventId": "39269363643571823916049965995997165200773008274068602880" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899176000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899176 1760899252 - NODATA", - "ingestionTime": 1760899278154, - "eventId": "39269363844278530702825574283975957584885667444695433216" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899183000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899183 1760899261 - NODATA", - "ingestionTime": 1760899283120, - "eventId": "39269364000383747092539936280729434656590907773135814656" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899187000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899187 1760899267 - NODATA", - "ingestionTime": 1760899294600, - "eventId": "39269364089586727886662428860750732039464946026079584256" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899190000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899190 1760899260 - NODATA", - "ingestionTime": 1760899275302, - "eventId": "39269364156488963482254298262028409321693380740057726976" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899193000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899193 1760899277 - NODATA", - "ingestionTime": 1760899306056, - "eventId": "39269364223391199077846167723814463848546217742214758400" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899213000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899213 1760899292 - NODATA", - "ingestionTime": 1760899313242, - "eventId": "39269364669406103048458630563216446915861083943820525568" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899217000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899217 1760899294 - NODATA", - "ingestionTime": 1760899321674, - "eventId": "39269364758609083842581123139552769844370962991551938560" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899228000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899228 1760899304 - NODATA", - "ingestionTime": 1760899325244, - "eventId": "39269365003917281026417977700761979083052749898730242048" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899234000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899234 1760899313 - NODATA", - "ingestionTime": 1760899337001, - "eventId": "39269365137721752217601716564189390859907730233102761984" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899243000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899243 1760899323 - NODATA", - "ingestionTime": 1760899342968, - "eventId": "39269365338428459004377324845224710968490708577878147072" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899247000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899247 1760899320 - NODATA", - "ingestionTime": 1760899337957, - "eventId": "39269365427631439798499817405309310435025331773548134400" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899250000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899250 1760899327 - NODATA", - "ingestionTime": 1760899354215, - "eventId": "39269365494533675394091686849571300684571434120473935872" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899256000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899256 1760899339 - NODATA", - "ingestionTime": 1760899366733, - "eventId": "39269365628338146585275425713918766977677100855991992320" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899274000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899274 1760899355 - NODATA", - "ingestionTime": 1760899383193, - "eventId": "39269366029751560158826642281460692452759301299789365248" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899275000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899275 1760899350 - NODATA", - "ingestionTime": 1760899372605, - "eventId": "39269366052052305357357265410196231221786162162004131840" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899289000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899289 1760899364 - NODATA", - "ingestionTime": 1760899386545, - "eventId": "39269366364262738136785989408548697493435601619971342336" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899296000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899296 1760899369 - NODATA", - "ingestionTime": 1760899397522, - "eventId": "39269366520367954526500351412569071531243907951461466112" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899303000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899303 1760899381 - NODATA", - "ingestionTime": 1760899403322, - "eventId": "39269366676473170916214713410331080053193532204739461120" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899310000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899310 1760899380 - NODATA", - "ingestionTime": 1760899396685, - "eventId": "39269366832578387305929075393057588744809773639408222208" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899310000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899310 1760899391 - NODATA", - "ingestionTime": 1760899414626, - "eventId": "39269366832578387305929075414746681071818916868380557312" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899312000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899312 1760899397 - NODATA", - "ingestionTime": 1760899426265, - "eventId": "39269366877179877702990321711888984629719983476018970624" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899334000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899334 1760899415 - NODATA", - "ingestionTime": 1760899439060, - "eventId": "39269367367796272070664030841142937958575332058401079296" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899335000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899335 1760899411 - NODATA", - "ingestionTime": 1760899430946, - "eventId": "39269367390097017269194653972869353730141055293073653760" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899348000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899348 1760899422 - NODATA", - "ingestionTime": 1760899445836, - "eventId": "39269367680006704850092754830834442177159248388842323968" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899358000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899358 1760899431 - NODATA", - "ingestionTime": 1760899455982, - "eventId": "39269367903014156835398986258457400930997965156061413376" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899363000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899363 1760899448 - NODATA", - "ingestionTime": 1760899475444, - "eventId": "39269368014517882828052101989664297898907338176166625280" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899364000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899364 1760899440 - NODATA", - "ingestionTime": 1760899465105, - "eventId": "39269368036818628026582725118701199232259355164586803200" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899371000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899371 1760899440 - NODATA", - "ingestionTime": 1760899457014, - "eventId": "39269368192923844416297087099669576687152167684464902144" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899377000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899377 1760899459 - NODATA", - "ingestionTime": 1760899490171, - "eventId": "39269368326728315607480825988968463538789249157613486080" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899393000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899393 1760899469 - NODATA", - "ingestionTime": 1760899490033, - "eventId": "39269368683540238783970796253372651980199477280652132352" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899393000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899393 1760899475 - NODATA", - "ingestionTime": 1760899500599, - "eventId": "39269368683540238783970796266146224296626452138420731904" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899409000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899409 1760899484 - NODATA", - "ingestionTime": 1760899505136, - "eventId": "39269369040352161960460766536202630897021212831417696256" - } - ], - "eni-0fa50413d12043097-all": [ - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899040000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899040 1760899115 - NODATA", - "ingestionTime": 1760899140262, - "eventId": "39269360811377183702660826868416985984503058815102287872" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899042000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899042 1760899121 - NODATA", - "ingestionTime": 1760899143376, - "eventId": "39269360855978674099722073155253169520247183234716467200" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899052000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899052 1760899128 - NODATA", - "ingestionTime": 1760899152591, - "eventId": "39269361078986126085028304581750881363540677418497605632" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899064000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899064 1760899140 - NODATA", - "ingestionTime": 1760899162154, - "eventId": "39269361346595068467395782291739961430735159900244934656" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899066000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899066 1760899144 - NODATA", - "ingestionTime": 1760899169498, - "eventId": "39269361391196558864457028583690118502832229354569924608" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899073000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899073 1760899154 - NODATA", - "ingestionTime": 1760899179003, - "eventId": "39269361547301775254171390585930848990670403554094546944" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899092000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899092 1760899171 - NODATA", - "ingestionTime": 1760899190986, - "eventId": "39269361971015934026253230289595803506801529278806687744" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899098000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899098 1760899181 - NODATA", - "ingestionTime": 1760899207867, - "eventId": "39269362104820405217436969159218344953622183587375808512" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899112000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899112 1760899188 - NODATA", - "ingestionTime": 1760899214794, - "eventId": "39269362417030837996865693149092557063885044642170601472" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899126000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899126 1760899200 - NODATA", - "ingestionTime": 1760899218363, - "eventId": "39269362729241270776294417134907160818739660973908819968" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899127000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899127 1760899204 - NODATA", - "ingestionTime": 1760899228143, - "eventId": "39269362751542015974825040288266516288111335930212450304" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899130000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899130 1760899196 - NODATA", - "ingestionTime": 1760899236269, - "eventId": "39269362818444251570416909722696919918440077319402749952" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899136000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899136 1760899216 - NODATA", - "ingestionTime": 1760899235291, - "eventId": "39269362952248722761600648570728909971269331639508271104" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899138000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899138 1760899219 - NODATA", - "ingestionTime": 1760899250086, - "eventId": "39269362996850213158661894871686954858411832487192231936" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899153000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899153 1760899230 - NODATA", - "ingestionTime": 1760899254654, - "eventId": "39269363331361391136621242000244768455551793757717463040" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899161000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899161 1760899237 - NODATA", - "ingestionTime": 1760899257334, - "eventId": "39269363509767352724866227135770221742737076997653921792" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899164000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899164 1760899241 - NODATA", - "ingestionTime": 1760899265939, - "eventId": "39269363576669588320458096570780569355098770852205232128" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899174000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899174 1760899249 - NODATA", - "ingestionTime": 1760899273397, - "eventId": "39269363799677040305764327995154046397828555294498422784" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899184000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899184 1760899260 - NODATA", - "ingestionTime": 1760899281771, - "eventId": "39269364022684492291070559420634279420924730337580023808" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899187000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899187 1760899265 - NODATA", - "ingestionTime": 1760899288795, - "eventId": "39269364089586727886662428853733110355927812841166798848" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899196000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899196 1760899273 - NODATA", - "ingestionTime": 1760899296003, - "eventId": "39269364290293434673438037136268631779257380741103878144" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899198000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899198 1760899278 - NODATA", - "ingestionTime": 1760899306553, - "eventId": "39269364334894925070499283432094430904808367107227451392" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899213000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899213 1760899289 - NODATA", - "ingestionTime": 1760899312120, - "eventId": "39269364669406103048458630561859774536441580822616932352" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899219000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899219 1760899295 - NODATA", - "ingestionTime": 1760899317268, - "eventId": "39269364803210574239642369417297713069416572112904192000" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899219000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899219 1760899301 - NODATA", - "ingestionTime": 1760899322768, - "eventId": "39269364803210574239642369423946845989658433766276726784" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899234000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899234 1760899311 - NODATA", - "ingestionTime": 1760899332678, - "eventId": "39269365137721752217601716558963471053914458804630847488" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899245000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899245 1760899320 - NODATA", - "ingestionTime": 1760899339367, - "eventId": "39269365383029949401438571123942486092557966856190361600" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899247000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899247 1760899324 - NODATA", - "ingestionTime": 1760899348309, - "eventId": "39269365427631439798499817417824354360108782591454478336" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899253000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899253 1760899332 - NODATA", - "ingestionTime": 1760899355678, - "eventId": "39269365561435910989683556275947266384107891177478815744" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899261000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899261 1760899342 - NODATA", - "ingestionTime": 1760899366693, - "eventId": "39269365739841872577928541421549487378245342185086910464" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899273000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899273 1760899350 - NODATA", - "ingestionTime": 1760899372128, - "eventId": "39269366007450814960296019126548532389304577255380680704" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899281000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899281 1760899356 - NODATA", - "ingestionTime": 1760899377874, - "eventId": "39269366185856776548541004265780822088761543221054603264" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899284000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899284 1760899364 - NODATA", - "ingestionTime": 1760899385324, - "eventId": "39269366252759012144132873699394307557598695465524264960" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899292000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899292 1760899368 - NODATA", - "ingestionTime": 1760899394142, - "eventId": "39269366431164973732377858842340359302581975791635333120" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899303000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899303 1760899380 - NODATA", - "ingestionTime": 1760899400005, - "eventId": "39269366676473170916214713406321216800965289140896202752" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899307000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899307 1760899383 - NODATA", - "ingestionTime": 1760899409949, - "eventId": "39269366765676151710337205984485811763750024473813581824" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899313000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899313 1760899378 - NODATA", - "ingestionTime": 1760899414160, - "eventId": "39269366899480622901520944838790532611734763965527949312" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899314000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899314 1760899394 - NODATA", - "ingestionTime": 1760899419381, - "eventId": "39269366921781368100051567986638388512800638442458775552" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899317000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899317 1760899401 - NODATA", - "ingestionTime": 1760899428481, - "eventId": "39269366988683603695643437422246304878471566233588793344" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899334000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899334 1760899410 - NODATA", - "ingestionTime": 1760899430659, - "eventId": "39269367367796272070664030830986961116563222632212791296" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899340000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899340 1760899416 - NODATA", - "ingestionTime": 1760899436518, - "eventId": "39269367501600743261847769687284398395473853959957053440" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899345000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899345 1760899422 - NODATA", - "ingestionTime": 1760899447444, - "eventId": "39269367613104469254500885408171291853138687591527874560" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899354000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899354 1760899429 - NODATA", - "ingestionTime": 1760899453567, - "eventId": "39269367813811176041276493689395293155195266907628961792" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899364000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899364 1760899441 - NODATA", - "ingestionTime": 1760899458468, - "eventId": "39269368036818628026582725110677664820832133703468122112" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899370000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899370 1760899445 - NODATA", - "ingestionTime": 1760899471928, - "eventId": "39269368170623099217766463976163577497656700642295021568" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899375000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899375 1760899454 - NODATA", - "ingestionTime": 1760899475464, - "eventId": "39269368282126825210419579688117181201629642247446134784" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899377000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899377 1760899460 - NODATA", - "ingestionTime": 1760899486979, - "eventId": "39269368326728315607480825985109618256405191504821223424" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899391000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899391 1760899470 - NODATA", - "ingestionTime": 1760899491571, - "eventId": "39269368638938748386909549972160630771095970562797076480" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899398000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899398 1760899476 - NODATA", - "ingestionTime": 1760899496786, - "eventId": "39269368795043964776623911969215202050450603886724448256" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899398000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899398 1760899480 - NODATA", - "ingestionTime": 1760899504483, - "eventId": "39269368795043964776623911978520527272550776449095237632" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899410000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899410 1760899487 - NODATA", - "ingestionTime": 1760899514868, - "eventId": "39269369062652907158991389689503736367846913633824866304" - } - ], - "eni-0ab252a7dc8378f9e-all": [ - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899043000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899043 1760899121 - NODATA", - "ingestionTime": 1760899144743, - "eventId": "39269360878279419298252696298441346294757840151857463296" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899055000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899055 1760899132 - NODATA", - "ingestionTime": 1760899168235, - "eventId": "39269361145888361680620174025270253239837550314553278464" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899063000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899063 1760899140 - NODATA", - "ingestionTime": 1760899163640, - "eventId": "39269361324294323268865159152001029709603810370906947584" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899063000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899063 1760899143 - NODATA", - "ingestionTime": 1760899168077, - "eventId": "39269361324294323268865159157365264056044858698275160064" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899074000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899074 1760899156 - NODATA", - "ingestionTime": 1760899176432, - "eventId": "39269361569602520452702013724358474785221923001425002496" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899083000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899083 1760899165 - NODATA", - "ingestionTime": 1760899187057, - "eventId": "39269361770309227239477622011024815587615914795180752896" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899087000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899087 1760899153 - NODATA", - "ingestionTime": 1760899167556, - "eventId": "39269361859512208033600114553592653372149707506846400512" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899092000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899092 1760899170 - NODATA", - "ingestionTime": 1760899192280, - "eventId": "39269361971015934026253230291160278927375725344553107456" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899099000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899099 1760899177 - NODATA", - "ingestionTime": 1760899198187, - "eventId": "39269362127121150415967592289051716776414009852387983360" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899103000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899103 1760899183 - NODATA", - "ingestionTime": 1760899206246, - "eventId": "39269362216324131210090084864937018834584512701592240128" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899116000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899116 1760899191 - NODATA", - "ingestionTime": 1760899232074, - "eventId": "39269362506233818790988185736125476421465966948702420992" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899126000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899126 1760899200 - NODATA", - "ingestionTime": 1760899219781, - "eventId": "39269362729241270776294417136621410518674911340285657088" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899127000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899127 1760899204 - NODATA", - "ingestionTime": 1760899228166, - "eventId": "39269362751542015974825040288294114353006436868741267456" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899135000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899135 1760899216 - NODATA", - "ingestionTime": 1760899236537, - "eventId": "39269362929947977563070025430699906144758538369638989824" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899143000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899143 1760899223 - NODATA", - "ingestionTime": 1760899246487, - "eventId": "39269363108353939151315010575014091586148403225718226944" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899152000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899152 1760899218 - NODATA", - "ingestionTime": 1760899228230, - "eventId": "39269363309060645938090618826764277432324953379863986176" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899154000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899154 1760899230 - NODATA", - "ingestionTime": 1760899251910, - "eventId": "39269363353662136335151865138463170581794388689786109952" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899159000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899159 1760899237 - NODATA", - "ingestionTime": 1760899258836, - "eventId": "39269363465165862327804980854514963320757161567338037248" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899164000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899164 1760899243 - NODATA", - "ingestionTime": 1760899267297, - "eventId": "39269363576669588320458096572421907225632428613003575296" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899175000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899175 1760899249 - NODATA", - "ingestionTime": 1760899289057, - "eventId": "39269363821977785504294951155621307693113204263044317184" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899182000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899182 1760899260 - NODATA", - "ingestionTime": 1760899284104, - "eventId": "39269363978083001894009313140383662044320238584828002304" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899188000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899188 1760899264 - NODATA", - "ingestionTime": 1760899289384, - "eventId": "39269364111887473085193051995981173248009206015046909952" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899194000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899194 1760899273 - NODATA", - "ingestionTime": 1760899297876, - "eventId": "39269364245691944276376790855461696834132070243219472384" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899201000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899201 1760899281 - NODATA", - "ingestionTime": 1760899306426, - "eventId": "39269364401797160666091152856547997110764227965170089984" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899212000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899212 1760899290 - NODATA", - "ingestionTime": 1760899311990, - "eventId": "39269364647105357849928007420167105058361158249298591744" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899220000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899220 1760899296 - NODATA", - "ingestionTime": 1760899318981, - "eventId": "39269364825511319438172992560904692599124508662111862784" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899225000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899225 1760899305 - NODATA", - "ingestionTime": 1760899326405, - "eventId": "39269364937015045430826108277557866612080981738167205888" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899234000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899234 1760899311 - NODATA", - "ingestionTime": 1760899349607, - "eventId": "39269365137721752217601716579429045015788236565383872512" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899244000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899244 1760899320 - NODATA", - "ingestionTime": 1760899340539, - "eventId": "39269365360729204202907947983824034257365336815361916928" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899246000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899246 1760899324 - NODATA", - "ingestionTime": 1760899349659, - "eventId": "39269365405330694599969194277920420845905191734063595520" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899255000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899255 1760899333 - NODATA", - "ingestionTime": 1760899355340, - "eventId": "39269365606037401386744802558609859740341295972286267392" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899258000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899258 1760899342 - NODATA", - "ingestionTime": 1760899370852, - "eventId": "39269365672939636982336672001969956859553818871193468928" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899264000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899264 1760899332 - NODATA", - "ingestionTime": 1760899350205, - "eventId": "39269365806744108173520410826223332584796236243615940608" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899273000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899273 1760899351 - NODATA", - "ingestionTime": 1760899371460, - "eventId": "39269366007450814960296019125740775862889849020409970688" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899280000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899280 1760899356 - NODATA", - "ingestionTime": 1760899380041, - "eventId": "39269366163556031350010381126864519046676932443778842624" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899285000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899285 1760899363 - NODATA", - "ingestionTime": 1760899385191, - "eventId": "39269366275059757342663496840769274361216909335960289280" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899294000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899294 1760899369 - NODATA", - "ingestionTime": 1760899408748, - "eventId": "39269366475766464129439105143069271520703015093635448832" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899303000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899303 1760899380 - NODATA", - "ingestionTime": 1760899403298, - "eventId": "39269366676473170916214713410301864753488679959076405248" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899307000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899307 1760899385 - NODATA", - "ingestionTime": 1760899409389, - "eventId": "39269366765676151710337205983808376335481471422902829056" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899314000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899314 1760899393 - NODATA", - "ingestionTime": 1760899417527, - "eventId": "39269366921781368100051567984396803465274466565072355328" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899322000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899322 1760899404 - NODATA", - "ingestionTime": 1760899425908, - "eventId": "39269367100187329688296553126814732094305494235156250624" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899325000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899325 1760899394 - NODATA", - "ingestionTime": 1760899407513, - "eventId": "39269367167089565283888422529183595729306489697859207168" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899334000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899334 1760899411 - NODATA", - "ingestionTime": 1760899432182, - "eventId": "39269367367796272070664030832828069171568725790328619008" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899338000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899338 1760899417 - NODATA", - "ingestionTime": 1760899441926, - "eventId": "39269367456999252864786523410750437457893915410264948736" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899347000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899347 1760899423 - NODATA", - "ingestionTime": 1760899448300, - "eventId": "39269367657705959651562131692277680343019782573063667712" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899357000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899357 1760899431 - NODATA", - "ingestionTime": 1760899468795, - "eventId": "39269367880713411636868363132411672098214393367238672384" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899364000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899364 1760899441 - NODATA", - "ingestionTime": 1760899460562, - "eventId": "39269368036818628026582725113209034936779570569075097600" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899370000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899370 1760899445 - NODATA", - "ingestionTime": 1760899469949, - "eventId": "39269368170623099217766463973771603933568241784363286528" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899379000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899379 1760899454 - NODATA", - "ingestionTime": 1760899478804, - "eventId": "39269368371329806004542072258297942518344252529592041472" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899384000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899384 1760899454 - NODATA", - "ingestionTime": 1760899468911, - "eventId": "39269368482833531997195187954016642404155879694547550208" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899384000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899384 1760899466 - NODATA", - "ingestionTime": 1760899486220, - "eventId": "39269368482833531997195187974941804250215427335835811840" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899396000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899396 1760899472 - NODATA", - "ingestionTime": 1760899492248, - "eventId": "39269368750442474379562665680657565911081339579250507776" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899400000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899400 1760899478 - NODATA", - "ingestionTime": 1760899500150, - "eventId": "39269368839645455173685158256353497648806873134796832768" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899403000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899403 1760899482 - NODATA", - "ingestionTime": 1760899507126, - "eventId": "39269368906547690769277027689394005336431475869869670400" - } - ], - "eni-0d52b90c56c30aaaf-all": [ - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899047000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899047 1760899125 - NODATA", - "ingestionTime": 1760899147882, - "eventId": "39269360967482400092375188868379387488249224545389772800" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899060000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899060 1760899131 - NODATA", - "ingestionTime": 1760899156440, - "eventId": "39269361257392087673273289718689448193884824360186019840" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899064000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899064 1760899142 - NODATA", - "ingestionTime": 1760899162528, - "eventId": "39269361346595068467395782292192150158971810428482420736" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899069000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899069 1760899147 - NODATA", - "ingestionTime": 1760899172082, - "eventId": "39269361458098794460048898011420986728738606749298458624" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899075000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899075 1760899154 - NODATA", - "ingestionTime": 1760899179557, - "eventId": "39269361591903265651232636869672220334830881519077687296" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899085000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899085 1760899165 - NODATA", - "ingestionTime": 1760899188478, - "eventId": "39269361814910717636538868295814303201759959957510815744" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899095000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899095 1760899172 - NODATA", - "ingestionTime": 1760899194879, - "eventId": "39269362037918169621845099718909715757515917376757170176" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899107000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899107 1760899185 - NODATA", - "ingestionTime": 1760899206508, - "eventId": "39269362305527112004212577431396849746611502212074307584" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899121000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899121 1760899192 - NODATA", - "ingestionTime": 1760899214474, - "eventId": "39269362617737544783641301422527240192386104119123574784" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899123000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899123 1760899201 - NODATA", - "ingestionTime": 1760899222492, - "eventId": "39269362662339035180702547715291594383117768292878319616" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899130000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899130 1760899208 - NODATA", - "ingestionTime": 1760899233348, - "eventId": "39269362818444251570416909719166094403420838251948867584" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899134000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899134 1760899217 - NODATA", - "ingestionTime": 1760899237905, - "eventId": "39269362907647232364539402290818007128969998725776801792" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899148000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899148 1760899227 - NODATA", - "ingestionTime": 1760899249387, - "eventId": "39269363219857665143968126286198786333524041780303036416" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899158000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899158 1760899239 - NODATA", - "ingestionTime": 1760899261413, - "eventId": "39269363442865117129274357716094800437411500094429528064" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899160000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899160 1760899234 - NODATA", - "ingestionTime": 1760899253536, - "eventId": "39269363487466607526335603989642999868426518943790465024" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899169000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899169 1760899246 - NODATA", - "ingestionTime": 1760899268102, - "eventId": "39269363688173314313111212281074160052015497532470460416" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899180000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899180 1760899252 - NODATA", - "ingestionTime": 1760899274719, - "eventId": "39269363933481511496948066845966343222172770892652806144" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899180000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899180 1760899260 - NODATA", - "ingestionTime": 1760899282079, - "eventId": "39269363933481511496948066854863770950199002917434556416" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899182000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899182 1760899266 - NODATA", - "ingestionTime": 1760899293227, - "eventId": "39269363978083001894009313151412646716540168025258590208" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899190000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899190 1760899260 - NODATA", - "ingestionTime": 1760899274490, - "eventId": "39269364156488963482254298261046844228847478003796869120" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899197000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899197 1760899278 - NODATA", - "ingestionTime": 1760899300413, - "eventId": "39269364312594179871968660283135671277550524372656193536" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899206000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899206 1760899285 - NODATA", - "ingestionTime": 1760899307559, - "eventId": "39269364513300886658744268565595883298524412475948466176" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899217000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899217 1760899298 - NODATA", - "ingestionTime": 1760899321757, - "eventId": "39269364758609083842581123139653540981407932788203454464" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899218000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899218 1760899294 - NODATA", - "ingestionTime": 1760899314944, - "eventId": "39269364780909829041111746272952618045972927612869541888" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899228000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899228 1760899306 - NODATA", - "ingestionTime": 1760899328418, - "eventId": "39269365003917281026417977704598914236157516870803456000" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899237000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899237 1760899311 - NODATA", - "ingestionTime": 1760899335203, - "eventId": "39269365204623987813193585986622672787194287678300815360" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899244000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899244 1760899323 - NODATA", - "ingestionTime": 1760899343217, - "eventId": "39269365360729204202907947987061312010472019627786567680" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899251000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899251 1760899320 - NODATA", - "ingestionTime": 1760899334785, - "eventId": "39269365516834420592622309967617577569085590337844543488" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899251000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899251 1760899327 - NODATA", - "ingestionTime": 1760899352809, - "eventId": "39269365516834420592622309989407348570651703606137323520" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899258000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899258 1760899338 - NODATA", - "ingestionTime": 1760899361689, - "eventId": "39269365672939636982336671990892702359840102315135926272" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899268000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899268 1760899345 - NODATA", - "ingestionTime": 1760899370695, - "eventId": "39269365895947088967642903417137343406143451131925561344" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899277000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899277 1760899357 - NODATA", - "ingestionTime": 1760899383557, - "eventId": "39269366096653795754418511706508067602588769954444738560" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899279000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899279 1760899354 - NODATA", - "ingestionTime": 1760899375789, - "eventId": "39269366141255286151479757980188263671694646889969090560" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899288000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899288 1760899366 - NODATA", - "ingestionTime": 1760899388348, - "eventId": "39269366341961992938255366269192792323452373303055679488" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899300000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899300 1760899376 - NODATA", - "ingestionTime": 1760899395510, - "eventId": "39269366609570935320622843976279590850532930483845660672" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899303000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899303 1760899380 - NODATA", - "ingestionTime": 1760899402603, - "eventId": "39269366676473170916214713409461765483202400075214487552" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899306000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899306 1760899386 - NODATA", - "ingestionTime": 1760899412895, - "eventId": "39269366743375406511806582846511427624322751494860505088" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899310000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899310 1760899380 - NODATA", - "ingestionTime": 1760899395134, - "eventId": "39269366832578387305929075391182663628086837781737963520" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899317000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899317 1760899395 - NODATA", - "ingestionTime": 1760899418476, - "eventId": "39269366988683603695643437410151409985647474216352808960" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899327000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899327 1760899406 - NODATA", - "ingestionTime": 1760899427961, - "eventId": "39269367211691055680949668836975322305628309890832662528" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899337000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899337 1760899418 - NODATA", - "ingestionTime": 1760899441419, - "eventId": "39269367434698507666255900268602047290802914714464485376" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899339000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899339 1760899413 - NODATA", - "ingestionTime": 1760899434885, - "eventId": "39269367479299998063317146543774332908299324003100655616" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899347000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899347 1760899425 - NODATA", - "ingestionTime": 1760899448149, - "eventId": "39269367657705959651562131692095166344766109020749955072" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899359000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899359 1760899432 - NODATA", - "ingestionTime": 1760899455891, - "eventId": "39269367925314902033929609399883347029227605362739380224" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899363000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899363 1760899441 - NODATA", - "ingestionTime": 1760899464135, - "eventId": "39269368014517882828052101975992624387814190561399472128" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899370000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899370 1760899448 - NODATA", - "ingestionTime": 1760899472247, - "eventId": "39269368170623099217766463976549679571305673638122553344" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899372000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899372 1760899441 - NODATA", - "ingestionTime": 1760899454756, - "eventId": "39269368215224589614827710238475764050073513625449529344" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899378000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899378 1760899456 - NODATA", - "ingestionTime": 1760899479346, - "eventId": "39269368349029060806011449117417562346652554701689978880" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899384000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899384 1760899466 - NODATA", - "ingestionTime": 1760899487743, - "eventId": "39269368482833531997195187976783303479786335592399568896" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899398000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899398 1760899478 - NODATA", - "ingestionTime": 1760899501644, - "eventId": "39269368795043964776623911975088452917773045617133158400" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899399000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899399 1760899474 - NODATA", - "ingestionTime": 1760899494757, - "eventId": "39269368817344709975154535108298415284889564861552066560" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899406000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899406 1760899485 - NODATA", - "ingestionTime": 1760899508568, - "eventId": "39269368973449926364868897115744601996530808388858806272" - } - ], - "eni-0c663685d7a12552e-all": [ - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899049000, - "message": "2 211203495394 eni-0c663685d7a12552e - - - - - - - 1760899049 1760899080 - NODATA", - "ingestionTime": 1760899108302, - "eventId": "39269361012083890489436435103601333327618873734687293440" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899082000, - "message": "2 211203495394 eni-0c663685d7a12552e - - - - - - - 1760899082 1760899113 - NODATA", - "ingestionTime": 1760899132564, - "eventId": "39269361748008482040946998803610793217379998222267121664" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899082000, - "message": "2 211203495394 eni-0c663685d7a12552e - - - - - - - 1760899082 1760899113 - NODATA", - "ingestionTime": 1760899140789, - "eventId": "39269361748008482040946998813554652559287219887603974144" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899091000, - "message": "2 211203495394 eni-0c663685d7a12552e - - - - - - - 1760899091 1760899122 - NODATA", - "ingestionTime": 1760899148802, - "eventId": "39269361948715188827722607097063154459454311630899052544" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899109000, - "message": "2 211203495394 eni-0c663685d7a12552e - - - - - - - 1760899109 1760899140 - NODATA", - "ingestionTime": 1760899166694, - "eventId": "39269362350128602401273823666335815046678932194937012224" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899116000, - "message": "2 211203495394 eni-0c663685d7a12552e - - - - - - - 1760899116 1760899147 - NODATA", - "ingestionTime": 1760899170187, - "eventId": "39269362506233818790988185661308757080951528467498336256" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899162000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.157 10.0.4.186 11746 80 6 3 180 1760899162 1760899178 ACCEPT OK", - "ingestionTime": 1760899205483, - "eventId": "39269363532068097923396850214622116377285153352668872704" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899162000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.42.79 10.0.4.186 61890 80 6 3 180 1760899162 1760899178 ACCEPT OK", - "ingestionTime": 1760899205483, - "eventId": "39269363532068097923396850214622116377285153352668872705" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899162000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.18.159 10.0.4.186 30506 80 6 3 180 1760899162 1760899178 ACCEPT OK", - "ingestionTime": 1760899205483, - "eventId": "39269363532068097923396850214622116377285153352668872706" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899162000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.223 10.0.4.186 51838 21 6 4 240 1760899162 1760899178 ACCEPT OK", - "ingestionTime": 1760899205483, - "eventId": "39269363532068097923396850214622116377285153352668872707" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899167000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.53 10.0.4.186 51186 80 6 1 60 1760899167 1760899168 ACCEPT OK", - "ingestionTime": 1760899196244, - "eventId": "39269363643571823916049965911131435251312323702065594368" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899168000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.34.110 10.0.4.186 62602 80 6 3 180 1760899168 1760899168 ACCEPT OK", - "ingestionTime": 1760899186752, - "eventId": "39269363665872569114580589041192263286404541704439988224" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899174000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.42.79 10.0.4.186 58950 80 6 3 180 1760899174 1760899202 ACCEPT OK", - "ingestionTime": 1760899227465, - "eventId": "39269363799677040305764327939625335514440771602895929344" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899174000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.50.103 10.0.4.186 61628 21 6 4 240 1760899174 1760899202 ACCEPT OK", - "ingestionTime": 1760899227465, - "eventId": "39269363799677040305764327939625335514440771602895929345" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899174000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.34.110 10.0.4.186 28840 80 6 3 180 1760899174 1760899202 ACCEPT OK", - "ingestionTime": 1760899227465, - "eventId": "39269363799677040305764327939625335514440771602895929346" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899174000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.236 10.0.4.186 31192 80 6 3 180 1760899174 1760899202 ACCEPT OK", - "ingestionTime": 1760899227465, - "eventId": "39269363799677040305764327939625335514440771602895929347" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899174000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.53 10.0.4.186 18756 80 6 3 180 1760899174 1760899202 ACCEPT OK", - "ingestionTime": 1760899227465, - "eventId": "39269363799677040305764327939625335514440771602895929348" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899174000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.18.159 10.0.4.186 21192 80 6 3 180 1760899174 1760899202 ACCEPT OK", - "ingestionTime": 1760899227465, - "eventId": "39269363799677040305764327939625335514440771602895929349" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899174000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.10.34 10.0.4.186 27324 80 6 3 180 1760899174 1760899202 ACCEPT OK", - "ingestionTime": 1760899227465, - "eventId": "39269363799677040305764327939625335514440771602895929350" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899174000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 60254 80 6 3 180 1760899174 1760899202 ACCEPT OK", - "ingestionTime": 1760899227465, - "eventId": "39269363799677040305764327939625335514440771602895929351" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899174000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 64846 21 6 4 240 1760899174 1760899202 ACCEPT OK", - "ingestionTime": 1760899227465, - "eventId": "39269363799677040305764327939625335514440771602895929352" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899178000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.126 10.0.4.186 58248 21 6 2 120 1760899178 1760899198 ACCEPT OK", - "ingestionTime": 1760899219438, - "eventId": "39269363888880021099886820496064163309696336621526056960" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899178000, - "message": "2 211203495394 eni-0c663685d7a12552e - - - - - - - 1760899178 1760899198 - SKIPDATA", - "ingestionTime": 1760899219438, - "eventId": "39269363888880021099886820496064163309696336621526056961" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899179000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.53 10.0.4.186 12938 80 6 3 180 1760899179 1760899198 ACCEPT OK", - "ingestionTime": 1760899224181, - "eventId": "39269363911180766298417443643333850736109110331867136000" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899179000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.121 10.0.4.186 35548 80 6 2 120 1760899179 1760899198 ACCEPT OK", - "ingestionTime": 1760899224181, - "eventId": "39269363911180766298417443643333850736109110331867136001" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899179000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.50.153 10.0.4.186 63002 80 6 3 180 1760899179 1760899198 ACCEPT OK", - "ingestionTime": 1760899224181, - "eventId": "39269363911180766298417443643333850736109110331867136002" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899179000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.236 10.0.4.186 25612 80 6 3 180 1760899179 1760899198 ACCEPT OK", - "ingestionTime": 1760899224181, - "eventId": "39269363911180766298417443643333850736109110331867136003" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899179000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.46.102 10.0.4.186 64300 80 6 3 180 1760899179 1760899198 ACCEPT OK", - "ingestionTime": 1760899224181, - "eventId": "39269363911180766298417443643333850736109110331867136004" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899179000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.65 10.0.4.186 59962 21 6 4 240 1760899179 1760899198 ACCEPT OK", - "ingestionTime": 1760899224181, - "eventId": "39269363911180766298417443643333850736109110331867136005" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899179000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.236 10.0.4.186 23106 80 6 3 180 1760899179 1760899198 ACCEPT OK", - "ingestionTime": 1760899224181, - "eventId": "39269363911180766298417443643333850736109110331867136006" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899180000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.46.102 10.0.4.186 48432 80 6 3 180 1760899180 1760899203 ACCEPT OK", - "ingestionTime": 1760899228401, - "eventId": "39269363933481511496948066789971124609989122462542594048" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899180000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.6.212 10.0.4.186 58270 80 6 3 180 1760899180 1760899203 ACCEPT OK", - "ingestionTime": 1760899228401, - "eventId": "39269363933481511496948066789971124609989122462542594049" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899180000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.50.153 10.0.4.186 49854 80 6 3 180 1760899180 1760899203 ACCEPT OK", - "ingestionTime": 1760899228401, - "eventId": "39269363933481511496948066789971124609989122462542594050" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899180000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.157 10.0.4.186 23738 80 6 2 120 1760899180 1760899203 ACCEPT OK", - "ingestionTime": 1760899228401, - "eventId": "39269363933481511496948066789971124609989122462542594051" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899180000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.42.79 10.0.4.186 32716 80 6 3 180 1760899180 1760899203 ACCEPT OK", - "ingestionTime": 1760899228401, - "eventId": "39269363933481511496948066789971124609989122462542594052" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899180000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.22.186 10.0.4.186 13690 80 6 3 180 1760899180 1760899203 ACCEPT OK", - "ingestionTime": 1760899228401, - "eventId": "39269363933481511496948066789971124609989122462542594053" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899180000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.6.212 10.0.4.186 25162 80 6 3 180 1760899180 1760899203 ACCEPT OK", - "ingestionTime": 1760899228401, - "eventId": "39269363933481511496948066789971124609989122462542594054" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899180000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.2.130 10.0.4.186 23936 80 6 3 180 1760899180 1760899203 ACCEPT OK", - "ingestionTime": 1760899228401, - "eventId": "39269363933481511496948066789971124609989122462542594055" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899180000, - "message": "2 211203495394 eni-0c663685d7a12552e 147.185.133.187 10.0.4.186 51796 22127 6 1 44 1760899180 1760899203 ACCEPT OK", - "ingestionTime": 1760899228401, - "eventId": "39269363933481511496948066789971124609989122462542594056" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899185000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.46.163 10.0.4.186 63332 21 6 4 240 1760899185 1760899211 ACCEPT OK", - "ingestionTime": 1760899234349, - "eventId": "39269364044985237489601182504840751540501141175370186752" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899185000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 44282 80 6 3 180 1760899185 1760899211 ACCEPT OK", - "ingestionTime": 1760899234349, - "eventId": "39269364044985237489601182504840751540501141175370186753" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899185000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.10.34 10.0.4.186 23342 80 6 3 180 1760899185 1760899211 ACCEPT OK", - "ingestionTime": 1760899234349, - "eventId": "39269364044985237489601182504840751540501141175370186754" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899185000, - "message": "2 211203495394 eni-0c663685d7a12552e 106.75.132.124 10.0.4.186 58914 16030 6 1 44 1760899185 1760899211 ACCEPT OK", - "ingestionTime": 1760899234349, - "eventId": "39269364044985237489601182504840751540501141175370186755" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899185000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.157 10.0.4.186 19302 80 6 3 180 1760899185 1760899211 ACCEPT OK", - "ingestionTime": 1760899234349, - "eventId": "39269364044985237489601182504840751540501141175370186756" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899185000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.126 10.0.4.186 21326 21 6 4 240 1760899185 1760899211 ACCEPT OK", - "ingestionTime": 1760899234349, - "eventId": "39269364044985237489601182504840751540501141175370186757" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899185000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.2.31 10.0.4.186 50342 21 6 4 240 1760899185 1760899211 ACCEPT OK", - "ingestionTime": 1760899234349, - "eventId": "39269364044985237489601182504840751540501141175370186758" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899185000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.34.110 10.0.4.186 23068 80 6 3 180 1760899185 1760899211 ACCEPT OK", - "ingestionTime": 1760899234349, - "eventId": "39269364044985237489601182504840751540501141175370186759" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899202000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.22.186 10.0.4.186 17032 80 6 3 180 1760899202 1760899227 ACCEPT OK", - "ingestionTime": 1760899250498, - "eventId": "39269364424097905864621775930470839600126213347255517184" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899202000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.38.30 10.0.4.186 62372 21 6 4 240 1760899202 1760899227 ACCEPT OK", - "ingestionTime": 1760899250498, - "eventId": "39269364424097905864621775930470839600126213347255517185" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899202000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.10.34 10.0.4.186 41180 80 6 3 180 1760899202 1760899227 ACCEPT OK", - "ingestionTime": 1760899250498, - "eventId": "39269364424097905864621775930470839600126213347255517186" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899202000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.223 10.0.4.186 31518 21 6 1 60 1760899202 1760899227 ACCEPT OK", - "ingestionTime": 1760899250498, - "eventId": "39269364424097905864621775930470839600126213347255517187" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899202000, - "message": "2 211203495394 eni-0c663685d7a12552e - - - - - - - 1760899202 1760899227 - SKIPDATA", - "ingestionTime": 1760899250498, - "eventId": "39269364424097905864621775930470839600126213347255517188" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899203000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.18.2 10.0.4.186 15264 21 6 4 240 1760899203 1760899231 ACCEPT OK", - "ingestionTime": 1760899256537, - "eventId": "39269364446398651063152399079306998401830121570508734464" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899203000, - "message": "2 211203495394 eni-0c663685d7a12552e 147.185.132.112 10.0.4.186 55662 1000 6 1 44 1760899203 1760899231 ACCEPT OK", - "ingestionTime": 1760899256537, - "eventId": "39269364446398651063152399079306998401830121570508734465" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899203000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.53 10.0.4.186 51810 80 6 3 180 1760899203 1760899231 ACCEPT OK", - "ingestionTime": 1760899256537, - "eventId": "39269364446398651063152399079306998401830121570508734466" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899203000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.42.79 10.0.4.186 52632 80 6 3 180 1760899203 1760899231 ACCEPT OK", - "ingestionTime": 1760899256537, - "eventId": "39269364446398651063152399079306998401830121570508734467" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899203000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.6.212 10.0.4.186 20720 80 6 3 180 1760899203 1760899231 ACCEPT OK", - "ingestionTime": 1760899256537, - "eventId": "39269364446398651063152399079306998401830121570508734468" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899203000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.53 10.0.4.186 14584 80 6 3 180 1760899203 1760899231 ACCEPT OK", - "ingestionTime": 1760899256537, - "eventId": "39269364446398651063152399079306998401830121570508734469" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899204000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.121 10.0.4.186 56998 80 6 3 180 1760899204 1760899229 ACCEPT OK", - "ingestionTime": 1760899254653, - "eventId": "39269364468699396261683022218565255383966816229444222976" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899204000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.38.30 10.0.4.186 47540 21 6 4 240 1760899204 1760899229 ACCEPT OK", - "ingestionTime": 1760899254653, - "eventId": "39269364468699396261683022218565255383966816229444222977" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899204000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.174 10.0.4.186 49866 80 6 3 180 1760899204 1760899229 ACCEPT OK", - "ingestionTime": 1760899254653, - "eventId": "39269364468699396261683022218565255383966816229444222978" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899204000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.22.186 10.0.4.186 43784 80 6 3 180 1760899204 1760899229 ACCEPT OK", - "ingestionTime": 1760899254653, - "eventId": "39269364468699396261683022218565255383966816229444222979" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899204000, - "message": "2 211203495394 eni-0c663685d7a12552e 20.55.98.221 10.0.4.186 34398 9043 6 1 40 1760899204 1760899229 ACCEPT OK", - "ingestionTime": 1760899254653, - "eventId": "39269364468699396261683022218565255383966816229444222980" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899204000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.38.48 10.0.4.186 57822 80 6 3 180 1760899204 1760899229 ACCEPT OK", - "ingestionTime": 1760899254653, - "eventId": "39269364468699396261683022218565255383966816229444222981" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899204000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.174 10.0.4.186 39476 80 6 2 120 1760899204 1760899229 ACCEPT OK", - "ingestionTime": 1760899254653, - "eventId": "39269364468699396261683022218565255383966816229444222982" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899204000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.236 10.0.4.186 38986 80 6 3 180 1760899204 1760899229 ACCEPT OK", - "ingestionTime": 1760899254653, - "eventId": "39269364468699396261683022218565255383966816229444222983" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899204000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.174 10.0.4.186 65242 80 6 2 120 1760899204 1760899229 ACCEPT OK", - "ingestionTime": 1760899254653, - "eventId": "39269364468699396261683022218565255383966816229444222984" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899206000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.34.56 10.0.4.186 33810 21 6 4 240 1760899206 1760899233 ACCEPT OK", - "ingestionTime": 1760899270180, - "eventId": "39269364513300886658744268520407384442036666873718505472" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899206000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.236 10.0.4.186 48444 80 6 3 180 1760899206 1760899233 ACCEPT OK", - "ingestionTime": 1760899270180, - "eventId": "39269364513300886658744268520407384442036666873718505473" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899206000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.46.102 10.0.4.186 45660 80 6 3 180 1760899206 1760899233 ACCEPT OK", - "ingestionTime": 1760899270180, - "eventId": "39269364513300886658744268520407384442036666873718505474" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899206000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 31386 80 6 2 120 1760899206 1760899233 ACCEPT OK", - "ingestionTime": 1760899270180, - "eventId": "39269364513300886658744268520407384442036666873718505475" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899206000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.65 10.0.4.186 26686 21 6 4 240 1760899206 1760899233 ACCEPT OK", - "ingestionTime": 1760899270180, - "eventId": "39269364513300886658744268520407384442036666873718505476" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899206000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.236 10.0.4.186 46464 80 6 3 180 1760899206 1760899233 ACCEPT OK", - "ingestionTime": 1760899270180, - "eventId": "39269364513300886658744268520407384442036666873718505477" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899206000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 22492 21 6 4 240 1760899206 1760899233 ACCEPT OK", - "ingestionTime": 1760899270180, - "eventId": "39269364513300886658744268520407384442036666873718505478" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899206000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.10.12 10.0.4.186 37402 21 6 4 240 1760899206 1760899233 ACCEPT OK", - "ingestionTime": 1760899270180, - "eventId": "39269364513300886658744268520407384442036666873718505479" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899206000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.2.130 10.0.4.186 24724 80 6 3 180 1760899206 1760899233 ACCEPT OK", - "ingestionTime": 1760899270180, - "eventId": "39269364513300886658744268520407384442036666873718505480" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899206000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.18.159 10.0.4.186 26010 80 6 1 60 1760899206 1760899233 ACCEPT OK", - "ingestionTime": 1760899270180, - "eventId": "39269364513300886658744268520407384442036666873718505481" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899213000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.2.130 10.0.4.186 20214 80 6 3 180 1760899213 1760899230 ACCEPT OK", - "ingestionTime": 1760899264747, - "eventId": "39269364669406103048458630504589803011738388876469927936" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899213000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.174 10.0.4.186 58154 80 6 3 180 1760899213 1760899230 ACCEPT OK", - "ingestionTime": 1760899264747, - "eventId": "39269364669406103048458630504589803011738388876469927937" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899213000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.53 10.0.4.186 28818 80 6 3 180 1760899213 1760899230 ACCEPT OK", - "ingestionTime": 1760899264747, - "eventId": "39269364669406103048458630504589803011738388876469927938" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899213000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.18.159 10.0.4.186 9466 80 6 3 180 1760899213 1760899230 ACCEPT OK", - "ingestionTime": 1760899264747, - "eventId": "39269364669406103048458630504589803011738388876469927939" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899213000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.121 10.0.4.186 46052 80 6 3 180 1760899213 1760899230 ACCEPT OK", - "ingestionTime": 1760899264747, - "eventId": "39269364669406103048458630504589803011738388876469927940" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899213000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.174 10.0.4.186 37932 80 6 3 180 1760899213 1760899230 ACCEPT OK", - "ingestionTime": 1760899264747, - "eventId": "39269364669406103048458630504589803011738388876469927941" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899213000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.6.1 10.0.4.186 19968 21 6 4 240 1760899213 1760899230 ACCEPT OK", - "ingestionTime": 1760899264747, - "eventId": "39269364669406103048458630504589803011738388876469927942" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.34.110 10.0.4.186 11524 80 6 3 180 1760899232 1760899257 ACCEPT OK", - "ingestionTime": 1760899285448, - "eventId": "39269365093120261820540470218794089633773079118103052288" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.157 10.0.4.186 18592 80 6 3 180 1760899232 1760899257 ACCEPT OK", - "ingestionTime": 1760899285448, - "eventId": "39269365093120261820540470218794089633773079118103052289" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.6.212 10.0.4.186 14624 80 6 3 180 1760899232 1760899257 ACCEPT OK", - "ingestionTime": 1760899285448, - "eventId": "39269365093120261820540470218794089633773079118103052290" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.2.130 10.0.4.186 33664 80 6 3 180 1760899232 1760899257 ACCEPT OK", - "ingestionTime": 1760899285448, - "eventId": "39269365093120261820540470218794089633773079118103052291" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.121 10.0.4.186 45696 80 6 1 60 1760899232 1760899257 ACCEPT OK", - "ingestionTime": 1760899285448, - "eventId": "39269365093120261820540470218794089633773079118103052292" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.18.159 10.0.4.186 40504 80 6 3 180 1760899232 1760899257 ACCEPT OK", - "ingestionTime": 1760899285448, - "eventId": "39269365093120261820540470218794089633773079118103052293" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.38.48 10.0.4.186 57692 80 6 3 180 1760899232 1760899257 ACCEPT OK", - "ingestionTime": 1760899285448, - "eventId": "39269365093120261820540470218794089633773079118103052294" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0c663685d7a12552e - - - - - - - 1760899232 1760899257 - SKIPDATA", - "ingestionTime": 1760899285448, - "eventId": "39269365093120261820540470218794089633773079118103052295" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.22.186 10.0.4.186 25492 80 6 3 180 1760899232 1760899258 ACCEPT OK", - "ingestionTime": 1760899289700, - "eventId": "39269365093120261820540470223934830587421978269470359552" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.2.130 10.0.4.186 43258 80 6 3 180 1760899232 1760899258 ACCEPT OK", - "ingestionTime": 1760899289700, - "eventId": "39269365093120261820540470223934830587421978269470359553" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.9 10.0.4.186 61000 21 6 4 240 1760899232 1760899258 ACCEPT OK", - "ingestionTime": 1760899289700, - "eventId": "39269365093120261820540470223934830587421978269470359554" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0c663685d7a12552e 205.210.31.152 10.0.4.186 54664 990 6 1 44 1760899232 1760899258 ACCEPT OK", - "ingestionTime": 1760899289700, - "eventId": "39269365093120261820540470223934830587421978269470359555" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.121 10.0.4.186 35548 80 6 1 60 1760899232 1760899258 ACCEPT OK", - "ingestionTime": 1760899289700, - "eventId": "39269365093120261820540470223934830587421978269470359556" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.10.34 10.0.4.186 59684 80 6 3 180 1760899232 1760899258 ACCEPT OK", - "ingestionTime": 1760899289700, - "eventId": "39269365093120261820540470223934830587421978269470359557" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 36584 80 6 3 180 1760899232 1760899258 ACCEPT OK", - "ingestionTime": 1760899289700, - "eventId": "39269365093120261820540470223934830587421978269470359558" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.34.110 10.0.4.186 58110 80 6 3 180 1760899232 1760899258 ACCEPT OK", - "ingestionTime": 1760899289700, - "eventId": "39269365093120261820540470223934830587421978269470359559" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.50.103 10.0.4.186 44360 21 6 4 240 1760899232 1760899258 ACCEPT OK", - "ingestionTime": 1760899289700, - "eventId": "39269365093120261820540470223934830587421978269470359560" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.18.159 10.0.4.186 20358 80 6 3 180 1760899232 1760899258 ACCEPT OK", - "ingestionTime": 1760899289700, - "eventId": "39269365093120261820540470223934830587421978269470359561" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.10.12 10.0.4.186 30734 21 6 4 240 1760899232 1760899258 ACCEPT OK", - "ingestionTime": 1760899289700, - "eventId": "39269365093120261820540470223934830587421978269470359562" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.6.212 10.0.4.186 56320 80 6 3 180 1760899232 1760899258 ACCEPT OK", - "ingestionTime": 1760899289700, - "eventId": "39269365093120261820540470223934830587421978269470359563" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.9 10.0.4.186 60778 21 6 4 240 1760899232 1760899258 ACCEPT OK", - "ingestionTime": 1760899289700, - "eventId": "39269365093120261820540470223934830587421978269470359564" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899234000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.174 10.0.4.186 61920 80 6 3 180 1760899234 1760899259 ACCEPT OK", - "ingestionTime": 1760899285660, - "eventId": "39269365137721752217601716502122007999983747994912948224" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899234000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.46.102 10.0.4.186 9896 80 6 3 180 1760899234 1760899259 ACCEPT OK", - "ingestionTime": 1760899285660, - "eventId": "39269365137721752217601716502122007999983747994912948225" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899234000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.42.79 10.0.4.186 29784 21 6 4 240 1760899234 1760899259 ACCEPT OK", - "ingestionTime": 1760899285660, - "eventId": "39269365137721752217601716502122007999983747994912948226" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899234000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.223 10.0.4.186 39582 21 6 4 240 1760899234 1760899259 ACCEPT OK", - "ingestionTime": 1760899285660, - "eventId": "39269365137721752217601716502122007999983747994912948227" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899234000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.121 10.0.4.186 26504 80 6 3 180 1760899234 1760899259 ACCEPT OK", - "ingestionTime": 1760899285660, - "eventId": "39269365137721752217601716502122007999983747994912948228" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899234000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.53 10.0.4.186 63958 80 6 3 180 1760899234 1760899259 ACCEPT OK", - "ingestionTime": 1760899285660, - "eventId": "39269365137721752217601716502122007999983747994912948229" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899234000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.157 10.0.4.186 15152 80 6 3 180 1760899234 1760899259 ACCEPT OK", - "ingestionTime": 1760899285660, - "eventId": "39269365137721752217601716502122007999983747994912948230" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899234000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.157 10.0.4.186 32292 80 6 3 180 1760899234 1760899259 ACCEPT OK", - "ingestionTime": 1760899285660, - "eventId": "39269365137721752217601716502122007999983747994912948231" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899234000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.65 10.0.4.186 64704 21 6 4 240 1760899234 1760899259 ACCEPT OK", - "ingestionTime": 1760899285660, - "eventId": "39269365137721752217601716502122007999983747994912948232" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899234000, - "message": "2 211203495394 eni-0c663685d7a12552e 92.63.197.66 10.0.4.186 8080 6529 6 1 40 1760899234 1760899259 ACCEPT OK", - "ingestionTime": 1760899285660, - "eventId": "39269365137721752217601716502122007999983747994912948233" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899234000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.50.103 10.0.4.186 26690 21 6 4 240 1760899234 1760899259 ACCEPT OK", - "ingestionTime": 1760899285660, - "eventId": "39269365137721752217601716502122007999983747994912948234" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899234000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.22.186 10.0.4.186 47724 80 6 2 120 1760899234 1760899259 ACCEPT OK", - "ingestionTime": 1760899285660, - "eventId": "39269365137721752217601716502122007999983747994912948235" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899234000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.50.153 10.0.4.186 37506 80 6 3 180 1760899234 1760899259 ACCEPT OK", - "ingestionTime": 1760899285660, - "eventId": "39269365137721752217601716502122007999983747994912948236" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899234000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.34.56 10.0.4.186 40154 21 6 3 180 1760899234 1760899259 ACCEPT OK", - "ingestionTime": 1760899285660, - "eventId": "39269365137721752217601716502122007999983747994912948237" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899241000, - "message": "2 211203495394 eni-0c663685d7a12552e 35.203.211.22 10.0.4.186 57261 28009 6 1 44 1760899241 1760899271 ACCEPT OK", - "ingestionTime": 1760899292689, - "eventId": "39269365293826968607316078501369387829456268394566909952" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899241000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.38.48 10.0.4.186 45308 80 6 3 180 1760899241 1760899271 ACCEPT OK", - "ingestionTime": 1760899292689, - "eventId": "39269365293826968607316078501369387829456268394566909953" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899241000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.50.153 10.0.4.186 45524 80 6 3 180 1760899241 1760899271 ACCEPT OK", - "ingestionTime": 1760899292689, - "eventId": "39269365293826968607316078501369387829456268394566909954" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899241000, - "message": "2 211203495394 eni-0c663685d7a12552e 104.237.144.186 10.0.4.186 61000 443 6 1 40 1760899241 1760899271 ACCEPT OK", - "ingestionTime": 1760899292689, - "eventId": "39269365293826968607316078501369387829456268394566909955" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899241000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.236 10.0.4.186 16088 80 6 3 180 1760899241 1760899271 ACCEPT OK", - "ingestionTime": 1760899292689, - "eventId": "39269365293826968607316078501369387829456268394566909956" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899241000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 50098 80 6 3 180 1760899241 1760899271 ACCEPT OK", - "ingestionTime": 1760899292689, - "eventId": "39269365293826968607316078501369387829456268394566909957" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899241000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.174 10.0.4.186 13406 80 6 3 180 1760899241 1760899271 ACCEPT OK", - "ingestionTime": 1760899292689, - "eventId": "39269365293826968607316078501369387829456268394566909958" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899241000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.6.1 10.0.4.186 38794 21 6 4 240 1760899241 1760899271 ACCEPT OK", - "ingestionTime": 1760899292689, - "eventId": "39269365293826968607316078501369387829456268394566909959" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899241000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.2.130 10.0.4.186 64922 80 6 3 180 1760899241 1760899271 ACCEPT OK", - "ingestionTime": 1760899292689, - "eventId": "39269365293826968607316078501369387829456268394566909960" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899241000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.2.31 10.0.4.186 10732 21 6 4 240 1760899241 1760899271 ACCEPT OK", - "ingestionTime": 1760899292689, - "eventId": "39269365293826968607316078501369387829456268394566909961" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899241000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.174 10.0.4.186 28496 80 6 2 120 1760899241 1760899271 ACCEPT OK", - "ingestionTime": 1760899292689, - "eventId": "39269365293826968607316078501369387829456268394566909962" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899266000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.46.163 10.0.4.186 14348 21 6 4 240 1760899266 1760899289 ACCEPT OK", - "ingestionTime": 1760899317595, - "eventId": "39269365851345598570581657069872125075764465110652747776" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899266000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.42.79 10.0.4.186 52754 80 6 3 180 1760899266 1760899289 ACCEPT OK", - "ingestionTime": 1760899317595, - "eventId": "39269365851345598570581657069872125075764465110652747777" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899266000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.10.34 10.0.4.186 39232 80 6 1 60 1760899266 1760899289 ACCEPT OK", - "ingestionTime": 1760899317595, - "eventId": "39269365851345598570581657069872125075764465110652747778" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899266000, - "message": "2 211203495394 eni-0c663685d7a12552e 147.185.133.252 10.0.4.186 56557 9202 6 1 44 1760899266 1760899289 ACCEPT OK", - "ingestionTime": 1760899317595, - "eventId": "39269365851345598570581657069872125075764465110652747779" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899266000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.126 10.0.4.186 42982 21 6 4 240 1760899266 1760899289 ACCEPT OK", - "ingestionTime": 1760899317595, - "eventId": "39269365851345598570581657069872125075764465110652747780" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899266000, - "message": "2 211203495394 eni-0c663685d7a12552e - - - - - - - 1760899266 1760899289 - SKIPDATA", - "ingestionTime": 1760899317595, - "eventId": "39269365851345598570581657069872125075764465110652747781" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899266000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.2.31 10.0.4.186 39548 21 6 4 240 1760899266 1760899292 ACCEPT OK", - "ingestionTime": 1760899318688, - "eventId": "39269365851345598570581657071193168064314455622888390656" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899266000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.18.159 10.0.4.186 60954 80 6 3 180 1760899266 1760899292 ACCEPT OK", - "ingestionTime": 1760899318688, - "eventId": "39269365851345598570581657071193168064314455622888390657" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899266000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.121 10.0.4.186 42456 80 6 3 180 1760899266 1760899292 ACCEPT OK", - "ingestionTime": 1760899318688, - "eventId": "39269365851345598570581657071193168064314455622888390658" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899266000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.34.56 10.0.4.186 59042 21 6 4 240 1760899266 1760899292 ACCEPT OK", - "ingestionTime": 1760899318688, - "eventId": "39269365851345598570581657071193168064314455622888390659" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899266000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.157 10.0.4.186 14264 80 6 3 180 1760899266 1760899292 ACCEPT OK", - "ingestionTime": 1760899318688, - "eventId": "39269365851345598570581657071193168064314455622888390660" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899266000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.6.212 10.0.4.186 54860 80 6 3 180 1760899266 1760899292 ACCEPT OK", - "ingestionTime": 1760899318688, - "eventId": "39269365851345598570581657071193168064314455622888390661" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899266000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.22.186 10.0.4.186 57124 80 6 3 180 1760899266 1760899292 ACCEPT OK", - "ingestionTime": 1760899318688, - "eventId": "39269365851345598570581657071193168064314455622888390662" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899266000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.38.30 10.0.4.186 13064 21 6 4 240 1760899266 1760899292 ACCEPT OK", - "ingestionTime": 1760899318688, - "eventId": "39269365851345598570581657071193168064314455622888390663" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899266000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.10.34 10.0.4.186 64866 80 6 3 180 1760899266 1760899292 ACCEPT OK", - "ingestionTime": 1760899318688, - "eventId": "39269365851345598570581657071193168064314455622888390664" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899266000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.174 10.0.4.186 65242 80 6 1 60 1760899266 1760899292 ACCEPT OK", - "ingestionTime": 1760899318688, - "eventId": "39269365851345598570581657071193168064314455622888390665" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899266000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.174 10.0.4.186 35662 80 6 3 180 1760899266 1760899292 ACCEPT OK", - "ingestionTime": 1760899318688, - "eventId": "39269365851345598570581657071193168064314455622888390666" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899267000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.10.34 10.0.4.186 11826 80 6 3 180 1760899267 1760899292 ACCEPT OK", - "ingestionTime": 1760899315018, - "eventId": "39269365873646343769112280208292498433226453413528928256" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899267000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 34372 80 6 2 120 1760899267 1760899292 ACCEPT OK", - "ingestionTime": 1760899315018, - "eventId": "39269365873646343769112280208292498433226453413528928257" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899267000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.42.79 10.0.4.186 23486 80 6 3 180 1760899267 1760899292 ACCEPT OK", - "ingestionTime": 1760899315018, - "eventId": "39269365873646343769112280208292498433226453413528928258" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899267000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.10.34 10.0.4.186 45170 80 6 3 180 1760899267 1760899292 ACCEPT OK", - "ingestionTime": 1760899315018, - "eventId": "39269365873646343769112280208292498433226453413528928259" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899267000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.50.153 10.0.4.186 59316 80 6 3 180 1760899267 1760899292 ACCEPT OK", - "ingestionTime": 1760899315018, - "eventId": "39269365873646343769112280208292498433226453413528928260" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899267000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.34.110 10.0.4.186 41556 80 6 3 180 1760899267 1760899292 ACCEPT OK", - "ingestionTime": 1760899315018, - "eventId": "39269365873646343769112280208292498433226453413528928261" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899267000, - "message": "2 211203495394 eni-0c663685d7a12552e 165.154.173.104 10.0.4.186 45123 15200 6 1 40 1760899267 1760899292 ACCEPT OK", - "ingestionTime": 1760899315018, - "eventId": "39269365873646343769112280208292498433226453413528928262" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899267000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.42.79 10.0.4.186 57032 80 6 3 180 1760899267 1760899292 ACCEPT OK", - "ingestionTime": 1760899315018, - "eventId": "39269365873646343769112280208292498433226453413528928263" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899267000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.9 10.0.4.186 63148 21 6 4 240 1760899267 1760899292 ACCEPT OK", - "ingestionTime": 1760899315018, - "eventId": "39269365873646343769112280208292498433226453413528928264" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899267000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.121 10.0.4.186 27420 80 6 3 180 1760899267 1760899292 ACCEPT OK", - "ingestionTime": 1760899315018, - "eventId": "39269365873646343769112280208292498433226453413528928265" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899267000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.6.212 10.0.4.186 52372 80 6 3 180 1760899267 1760899292 ACCEPT OK", - "ingestionTime": 1760899315018, - "eventId": "39269365873646343769112280208292498433226453413528928266" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899268000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.2.130 10.0.4.186 50536 80 6 2 120 1760899268 1760899295 ACCEPT OK", - "ingestionTime": 1760899314622, - "eventId": "39269365895947088967642903349349050755686339000491442176" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899268000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 35356 21 6 4 240 1760899268 1760899295 ACCEPT OK", - "ingestionTime": 1760899314622, - "eventId": "39269365895947088967642903349349050755686339000491442177" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899268000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 31386 80 6 1 60 1760899268 1760899295 ACCEPT OK", - "ingestionTime": 1760899314622, - "eventId": "39269365895947088967642903349349050755686339000491442178" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899268000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.2.130 10.0.4.186 60380 80 6 3 180 1760899268 1760899295 ACCEPT OK", - "ingestionTime": 1760899314622, - "eventId": "39269365895947088967642903349349050755686339000491442179" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899268000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.38.48 10.0.4.186 34026 80 6 3 180 1760899268 1760899295 ACCEPT OK", - "ingestionTime": 1760899314622, - "eventId": "39269365895947088967642903349349050755686339000491442180" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899268000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.6.1 10.0.4.186 38404 21 6 4 240 1760899268 1760899295 ACCEPT OK", - "ingestionTime": 1760899314622, - "eventId": "39269365895947088967642903349349050755686339000491442181" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899268000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.42.79 10.0.4.186 16084 80 6 3 180 1760899268 1760899295 ACCEPT OK", - "ingestionTime": 1760899314622, - "eventId": "39269365895947088967642903349349050755686339000491442182" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899268000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.34.110 10.0.4.186 26236 80 6 3 180 1760899268 1760899295 ACCEPT OK", - "ingestionTime": 1760899314622, - "eventId": "39269365895947088967642903349349050755686339000491442183" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899268000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.46.102 10.0.4.186 11320 80 6 3 180 1760899268 1760899295 ACCEPT OK", - "ingestionTime": 1760899314622, - "eventId": "39269365895947088967642903349349050755686339000491442184" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899268000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.22.145 10.0.4.186 64576 21 6 3 180 1760899268 1760899295 ACCEPT OK", - "ingestionTime": 1760899314622, - "eventId": "39269365895947088967642903349349050755686339000491442185" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899268000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.174 10.0.4.186 13916 80 6 3 180 1760899268 1760899295 ACCEPT OK", - "ingestionTime": 1760899314622, - "eventId": "39269365895947088967642903349349050755686339000491442186" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899268000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.42.79 10.0.4.186 30326 21 6 4 240 1760899268 1760899295 ACCEPT OK", - "ingestionTime": 1760899314622, - "eventId": "39269365895947088967642903349349050755686339000491442187" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899268000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.38.48 10.0.4.186 41588 80 6 3 180 1760899268 1760899295 ACCEPT OK", - "ingestionTime": 1760899314622, - "eventId": "39269365895947088967642903349349050755686339000491442188" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899268000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.18.159 10.0.4.186 26010 80 6 2 120 1760899268 1760899295 ACCEPT OK", - "ingestionTime": 1760899314622, - "eventId": "39269365895947088967642903349349050755686339000491442189" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899275000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.50.153 10.0.4.186 37620 80 6 3 180 1760899275 1760899291 ACCEPT OK", - "ingestionTime": 1760899337373, - "eventId": "39269366052052305357357265367603453834478211298574204928" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899275000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.50.153 10.0.4.186 60708 80 6 3 180 1760899275 1760899291 ACCEPT OK", - "ingestionTime": 1760899337373, - "eventId": "39269366052052305357357265367603453834478211298574204929" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899275000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.46.163 10.0.4.186 11788 21 6 4 240 1760899275 1760899291 ACCEPT OK", - "ingestionTime": 1760899337373, - "eventId": "39269366052052305357357265367603453834478211298574204930" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899275000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.53 10.0.4.186 28350 80 6 3 180 1760899275 1760899291 ACCEPT OK", - "ingestionTime": 1760899337373, - "eventId": "39269366052052305357357265367603453834478211298574204931" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899275000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.121 10.0.4.186 60280 80 6 3 180 1760899275 1760899291 ACCEPT OK", - "ingestionTime": 1760899337373, - "eventId": "39269366052052305357357265367603453834478211298574204932" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899275000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 61052 80 6 3 180 1760899275 1760899291 ACCEPT OK", - "ingestionTime": 1760899337373, - "eventId": "39269366052052305357357265367603453834478211298574204933" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899275000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.38.30 10.0.4.186 35410 21 6 4 240 1760899275 1760899291 ACCEPT OK", - "ingestionTime": 1760899337373, - "eventId": "39269366052052305357357265367603453834478211298574204934" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899291000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.53 10.0.4.186 52400 80 6 3 180 1760899291 1760899311 ACCEPT OK", - "ingestionTime": 1760899356139, - "eventId": "39269366408864228533847235654861795305509758642954043392" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899291000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.6.212 10.0.4.186 39206 80 6 3 180 1760899291 1760899311 ACCEPT OK", - "ingestionTime": 1760899356139, - "eventId": "39269366408864228533847235654861795305509758642954043393" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899291000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.157 10.0.4.186 51290 80 6 3 180 1760899291 1760899311 ACCEPT OK", - "ingestionTime": 1760899356139, - "eventId": "39269366408864228533847235654861795305509758642954043394" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899291000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.53 10.0.4.186 33590 80 6 3 180 1760899291 1760899311 ACCEPT OK", - "ingestionTime": 1760899356139, - "eventId": "39269366408864228533847235654861795305509758642954043395" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899291000, - "message": "2 211203495394 eni-0c663685d7a12552e - - - - - - - 1760899291 1760899311 - SKIPDATA", - "ingestionTime": 1760899356139, - "eventId": "39269366408864228533847235654861795305509758642954043396" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899294000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.121 10.0.4.186 18552 80 6 2 120 1760899294 1760899320 ACCEPT OK", - "ingestionTime": 1760899346084, - "eventId": "39269366475766464129439105067313058939020123168656850944" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899294000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.46.102 10.0.4.186 14244 80 6 3 180 1760899294 1760899320 ACCEPT OK", - "ingestionTime": 1760899346084, - "eventId": "39269366475766464129439105067313058939020123168656850945" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899294000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.65 10.0.4.186 50030 21 6 4 240 1760899294 1760899320 ACCEPT OK", - "ingestionTime": 1760899346084, - "eventId": "39269366475766464129439105067313058939020123168656850946" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899294000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.42.79 10.0.4.186 30508 80 6 3 180 1760899294 1760899320 ACCEPT OK", - "ingestionTime": 1760899346084, - "eventId": "39269366475766464129439105067313058939020123168656850947" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899294000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.157 10.0.4.186 23936 80 6 3 180 1760899294 1760899320 ACCEPT OK", - "ingestionTime": 1760899346084, - "eventId": "39269366475766464129439105067313058939020123168656850948" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899294000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.121 10.0.4.186 14100 80 6 3 180 1760899294 1760899320 ACCEPT OK", - "ingestionTime": 1760899346084, - "eventId": "39269366475766464129439105067313058939020123168656850949" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899294000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.38.48 10.0.4.186 22180 80 6 3 180 1760899294 1760899320 ACCEPT OK", - "ingestionTime": 1760899346084, - "eventId": "39269366475766464129439105067313058939020123168656850950" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899294000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.2.130 10.0.4.186 17822 80 6 3 180 1760899294 1760899320 ACCEPT OK", - "ingestionTime": 1760899346084, - "eventId": "39269366475766464129439105067313058939020123168656850951" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899294000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.50.153 10.0.4.186 29332 80 6 3 180 1760899294 1760899320 ACCEPT OK", - "ingestionTime": 1760899346084, - "eventId": "39269366475766464129439105067313058939020123168656850952" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899297000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.22.186 10.0.4.186 46686 80 6 3 180 1760899297 1760899324 ACCEPT OK", - "ingestionTime": 1760899348621, - "eventId": "39269366542668699725030974494987187254788599016975499264" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899297000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.100 10.0.4.186 57958 21 6 4 240 1760899297 1760899324 ACCEPT OK", - "ingestionTime": 1760899348621, - "eventId": "39269366542668699725030974494987187254788599016975499265" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899297000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.10.12 10.0.4.186 41254 21 6 4 240 1760899297 1760899324 ACCEPT OK", - "ingestionTime": 1760899348621, - "eventId": "39269366542668699725030974494987187254788599016975499266" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899297000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.22.186 10.0.4.186 59878 80 6 3 180 1760899297 1760899324 ACCEPT OK", - "ingestionTime": 1760899348621, - "eventId": "39269366542668699725030974494987187254788599016975499267" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899297000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.18.159 10.0.4.186 14756 80 6 3 180 1760899297 1760899324 ACCEPT OK", - "ingestionTime": 1760899348621, - "eventId": "39269366542668699725030974494987187254788599016975499268" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899297000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.53 10.0.4.186 52246 80 6 3 180 1760899297 1760899324 ACCEPT OK", - "ingestionTime": 1760899348621, - "eventId": "39269366542668699725030974494987187254788599016975499269" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899297000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 52902 80 6 3 180 1760899297 1760899324 ACCEPT OK", - "ingestionTime": 1760899348621, - "eventId": "39269366542668699725030974494987187254788599016975499270" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899297000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.236 10.0.4.186 26402 80 6 3 180 1760899297 1760899324 ACCEPT OK", - "ingestionTime": 1760899348621, - "eventId": "39269366542668699725030974494987187254788599016975499271" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899297000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.38.48 10.0.4.186 21660 80 6 3 180 1760899297 1760899324 ACCEPT OK", - "ingestionTime": 1760899348621, - "eventId": "39269366542668699725030974494987187254788599016975499272" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899297000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.9 10.0.4.186 57706 21 6 4 240 1760899297 1760899324 ACCEPT OK", - "ingestionTime": 1760899348621, - "eventId": "39269366542668699725030974494987187254788599016975499273" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899297000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.38.48 10.0.4.186 40040 80 6 3 180 1760899297 1760899324 ACCEPT OK", - "ingestionTime": 1760899348621, - "eventId": "39269366542668699725030974494987187254788599016975499274" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899299000, - "message": "2 211203495394 eni-0c663685d7a12552e 205.210.31.138 10.0.4.186 50578 7547 6 1 44 1760899299 1760899320 ACCEPT OK", - "ingestionTime": 1760899345032, - "eventId": "39269366587270190122092220773720038958585659558241894400" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899299000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.34.110 10.0.4.186 58372 80 6 3 180 1760899299 1760899320 ACCEPT OK", - "ingestionTime": 1760899345032, - "eventId": "39269366587270190122092220773720038958585659558241894401" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899299000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.46.102 10.0.4.186 22358 80 6 3 180 1760899299 1760899320 ACCEPT OK", - "ingestionTime": 1760899345032, - "eventId": "39269366587270190122092220773720038958585659558241894402" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899299000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.46.102 10.0.4.186 16878 80 6 3 180 1760899299 1760899320 ACCEPT OK", - "ingestionTime": 1760899345032, - "eventId": "39269366587270190122092220773720038958585659558241894403" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899299000, - "message": "2 211203495394 eni-0c663685d7a12552e 35.203.210.85 10.0.4.186 55174 1502 6 1 44 1760899299 1760899320 ACCEPT OK", - "ingestionTime": 1760899345032, - "eventId": "39269366587270190122092220773720038958585659558241894404" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899299000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.6.212 10.0.4.186 45734 80 6 3 180 1760899299 1760899320 ACCEPT OK", - "ingestionTime": 1760899345032, - "eventId": "39269366587270190122092220773720038958585659558241894405" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899299000, - "message": "2 211203495394 eni-0c663685d7a12552e 35.203.210.123 10.0.4.186 56280 11084 6 1 44 1760899299 1760899320 ACCEPT OK", - "ingestionTime": 1760899345032, - "eventId": "39269366587270190122092220773720038958585659558241894406" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899299000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.157 10.0.4.186 64764 80 6 3 180 1760899299 1760899320 ACCEPT OK", - "ingestionTime": 1760899345032, - "eventId": "39269366587270190122092220773720038958585659558241894407" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899299000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.236 10.0.4.186 49614 80 6 3 180 1760899299 1760899320 ACCEPT OK", - "ingestionTime": 1760899345032, - "eventId": "39269366587270190122092220773720038958585659558241894408" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899299000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.18.2 10.0.4.186 27514 21 6 4 240 1760899299 1760899320 ACCEPT OK", - "ingestionTime": 1760899345032, - "eventId": "39269366587270190122092220773720038958585659558241894409" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899299000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.10.34 10.0.4.186 44044 80 6 3 180 1760899299 1760899320 ACCEPT OK", - "ingestionTime": 1760899345032, - "eventId": "39269366587270190122092220773720038958585659558241894410" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899299000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.10.34 10.0.4.186 41366 80 6 3 180 1760899299 1760899320 ACCEPT OK", - "ingestionTime": 1760899345032, - "eventId": "39269366587270190122092220773720038958585659558241894411" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899299000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.22.186 10.0.4.186 47724 80 6 1 60 1760899299 1760899320 ACCEPT OK", - "ingestionTime": 1760899345032, - "eventId": "39269366587270190122092220773720038958585659558241894412" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899299000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.236 10.0.4.186 56174 80 6 3 180 1760899299 1760899320 ACCEPT OK", - "ingestionTime": 1760899345032, - "eventId": "39269366587270190122092220773720038958585659558241894413" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899299000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.2.130 10.0.4.186 37518 80 6 3 180 1760899299 1760899320 ACCEPT OK", - "ingestionTime": 1760899345032, - "eventId": "39269366587270190122092220773720038958585659558241894414" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899299000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.34.56 10.0.4.186 40154 21 6 1 60 1760899299 1760899320 ACCEPT OK", - "ingestionTime": 1760899345032, - "eventId": "39269366587270190122092220773720038958585659558241894415" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899312000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.174 10.0.4.186 32546 80 6 3 180 1760899312 1760899328 ACCEPT OK", - "ingestionTime": 1760899367580, - "eventId": "39269366877179877702990321640943465721827609125627559936" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899312000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.6.1 10.0.4.186 45958 21 6 4 240 1760899312 1760899328 ACCEPT OK", - "ingestionTime": 1760899367580, - "eventId": "39269366877179877702990321640943465721827609125627559937" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899312000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.50.153 10.0.4.186 59358 80 6 3 180 1760899312 1760899328 ACCEPT OK", - "ingestionTime": 1760899367580, - "eventId": "39269366877179877702990321640943465721827609125627559938" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899312000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.53 10.0.4.186 48134 80 6 3 180 1760899312 1760899328 ACCEPT OK", - "ingestionTime": 1760899367580, - "eventId": "39269366877179877702990321640943465721827609125627559939" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899312000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.223 10.0.4.186 36966 21 6 4 240 1760899312 1760899328 ACCEPT OK", - "ingestionTime": 1760899367580, - "eventId": "39269366877179877702990321640943465721827609125627559940" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899323000, - "message": "2 211203495394 eni-0c663685d7a12552e 13.214.173.166 10.0.4.186 0 0 1 1 28 1760899323 1760899350 ACCEPT OK", - "ingestionTime": 1760899369733, - "eventId": "39269367122488074886827176200439152160092688428093407232" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899323000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.18.159 10.0.4.186 49060 80 6 3 180 1760899323 1760899350 ACCEPT OK", - "ingestionTime": 1760899369733, - "eventId": "39269367122488074886827176200439152160092688428093407233" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899323000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.34.110 10.0.4.186 21004 80 6 3 180 1760899323 1760899350 ACCEPT OK", - "ingestionTime": 1760899369733, - "eventId": "39269367122488074886827176200439152160092688428093407234" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899323000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.236 10.0.4.186 29018 80 6 3 180 1760899323 1760899350 ACCEPT OK", - "ingestionTime": 1760899369733, - "eventId": "39269367122488074886827176200439152160092688428093407235" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899323000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.174 10.0.4.186 15302 80 6 3 180 1760899323 1760899350 ACCEPT OK", - "ingestionTime": 1760899369733, - "eventId": "39269367122488074886827176200439152160092688428093407236" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899323000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.2.130 10.0.4.186 15122 80 6 3 180 1760899323 1760899350 ACCEPT OK", - "ingestionTime": 1760899369733, - "eventId": "39269367122488074886827176200439152160092688428093407237" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899323000, - "message": "2 211203495394 eni-0c663685d7a12552e - - - - - - - 1760899323 1760899350 - SKIPDATA", - "ingestionTime": 1760899369733, - "eventId": "39269367122488074886827176200439152160092688428093407238" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899324000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.34.56 10.0.4.186 52034 21 6 4 240 1760899324 1760899350 ACCEPT OK", - "ingestionTime": 1760899381515, - "eventId": "39269367144788820085357799356217906366988921572040507392" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899324000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.121 10.0.4.186 28464 80 6 3 180 1760899324 1760899350 ACCEPT OK", - "ingestionTime": 1760899381515, - "eventId": "39269367144788820085357799356217906366988921572040507393" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899324000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.34.56 10.0.4.186 61844 21 6 2 120 1760899324 1760899350 ACCEPT OK", - "ingestionTime": 1760899381515, - "eventId": "39269367144788820085357799356217906366988921572040507394" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899324000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.50.103 10.0.4.186 37012 21 6 4 240 1760899324 1760899350 ACCEPT OK", - "ingestionTime": 1760899381515, - "eventId": "39269367144788820085357799356217906366988921572040507395" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899324000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.10.34 10.0.4.186 65418 80 6 3 180 1760899324 1760899350 ACCEPT OK", - "ingestionTime": 1760899381515, - "eventId": "39269367144788820085357799356217906366988921572040507396" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899324000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.50.153 10.0.4.186 27682 80 6 3 180 1760899324 1760899350 ACCEPT OK", - "ingestionTime": 1760899381515, - "eventId": "39269367144788820085357799356217906366988921572040507397" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899324000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.38.30 10.0.4.186 45390 21 6 4 240 1760899324 1760899350 ACCEPT OK", - "ingestionTime": 1760899381515, - "eventId": "39269367144788820085357799356217906366988921572040507398" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899324000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 50814 80 6 3 180 1760899324 1760899350 ACCEPT OK", - "ingestionTime": 1760899381515, - "eventId": "39269367144788820085357799356217906366988921572040507399" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899324000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 41210 80 6 3 180 1760899324 1760899350 ACCEPT OK", - "ingestionTime": 1760899381515, - "eventId": "39269367144788820085357799356217906366988921572040507400" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899324000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 38070 80 6 3 180 1760899324 1760899350 ACCEPT OK", - "ingestionTime": 1760899381515, - "eventId": "39269367144788820085357799356217906366988921572040507401" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899324000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.18.159 10.0.4.186 9706 80 6 3 180 1760899324 1760899350 ACCEPT OK", - "ingestionTime": 1760899381515, - "eventId": "39269367144788820085357799356217906366988921572040507402" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899325000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.6.212 10.0.4.186 50430 80 6 3 180 1760899325 1760899343 ACCEPT OK", - "ingestionTime": 1760899376838, - "eventId": "39269367167089565283888422492099880415774954362776715264" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899325000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.42.79 10.0.4.186 18182 21 6 4 240 1760899325 1760899343 ACCEPT OK", - "ingestionTime": 1760899376838, - "eventId": "39269367167089565283888422492099880415774954362776715265" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899325000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.22.186 10.0.4.186 47948 80 6 3 180 1760899325 1760899343 ACCEPT OK", - "ingestionTime": 1760899376838, - "eventId": "39269367167089565283888422492099880415774954362776715266" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899325000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 34372 80 6 1 60 1760899325 1760899343 ACCEPT OK", - "ingestionTime": 1760899376838, - "eventId": "39269367167089565283888422492099880415774954362776715267" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899325000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.18.159 10.0.4.186 26294 80 6 3 180 1760899325 1760899343 ACCEPT OK", - "ingestionTime": 1760899376838, - "eventId": "39269367167089565283888422492099880415774954362776715268" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899325000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.18.159 10.0.4.186 11968 80 6 3 180 1760899325 1760899343 ACCEPT OK", - "ingestionTime": 1760899376838, - "eventId": "39269367167089565283888422492099880415774954362776715269" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899325000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.46.102 10.0.4.186 28368 80 6 3 180 1760899325 1760899343 ACCEPT OK", - "ingestionTime": 1760899376838, - "eventId": "39269367167089565283888422492099880415774954362776715270" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899325000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.38.48 10.0.4.186 19342 80 6 3 180 1760899325 1760899343 ACCEPT OK", - "ingestionTime": 1760899376838, - "eventId": "39269367167089565283888422492099880415774954362776715271" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899325000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.18.2 10.0.4.186 29372 21 6 4 240 1760899325 1760899343 ACCEPT OK", - "ingestionTime": 1760899376838, - "eventId": "39269367167089565283888422492099880415774954362776715272" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899325000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 46546 80 6 3 180 1760899325 1760899343 ACCEPT OK", - "ingestionTime": 1760899376838, - "eventId": "39269367167089565283888422492099880415774954362776715273" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899325000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.50.153 10.0.4.186 23346 80 6 3 180 1760899325 1760899343 ACCEPT OK", - "ingestionTime": 1760899376838, - "eventId": "39269367167089565283888422492099880415774954362776715274" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899327000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.121 10.0.4.186 58710 80 6 3 180 1760899327 1760899355 ACCEPT OK", - "ingestionTime": 1760899377777, - "eventId": "39269367211691055680949668776306210749227841375661588480" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899327000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.223 10.0.4.186 44376 21 6 4 240 1760899327 1760899355 ACCEPT OK", - "ingestionTime": 1760899377777, - "eventId": "39269367211691055680949668776306210749227841375661588481" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899327000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.2.130 10.0.4.186 50536 80 6 1 60 1760899327 1760899355 ACCEPT OK", - "ingestionTime": 1760899377777, - "eventId": "39269367211691055680949668776306210749227841375661588482" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899327000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.236 10.0.4.186 57464 80 6 3 180 1760899327 1760899355 ACCEPT OK", - "ingestionTime": 1760899377777, - "eventId": "39269367211691055680949668776306210749227841375661588483" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899327000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.50.103 10.0.4.186 23402 21 6 4 240 1760899327 1760899355 ACCEPT OK", - "ingestionTime": 1760899377777, - "eventId": "39269367211691055680949668776306210749227841375661588484" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899327000, - "message": "2 211203495394 eni-0c663685d7a12552e 162.216.150.86 10.0.4.186 55131 57357 6 1 44 1760899327 1760899355 ACCEPT OK", - "ingestionTime": 1760899377777, - "eventId": "39269367211691055680949668776306210749227841375661588485" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899327000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.34.110 10.0.4.186 53474 80 6 3 180 1760899327 1760899355 ACCEPT OK", - "ingestionTime": 1760899377777, - "eventId": "39269367211691055680949668776306210749227841375661588486" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899327000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.46.102 10.0.4.186 56830 80 6 3 180 1760899327 1760899355 ACCEPT OK", - "ingestionTime": 1760899377777, - "eventId": "39269367211691055680949668776306210749227841375661588487" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899327000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.100 10.0.4.186 20716 21 6 4 240 1760899327 1760899355 ACCEPT OK", - "ingestionTime": 1760899377777, - "eventId": "39269367211691055680949668776306210749227841375661588488" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899327000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.18.2 10.0.4.186 21308 21 6 4 240 1760899327 1760899355 ACCEPT OK", - "ingestionTime": 1760899377777, - "eventId": "39269367211691055680949668776306210749227841375661588489" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899327000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.22.145 10.0.4.186 64576 21 6 1 60 1760899327 1760899355 ACCEPT OK", - "ingestionTime": 1760899377777, - "eventId": "39269367211691055680949668776306210749227841375661588490" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899327000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.53 10.0.4.186 54428 80 6 3 180 1760899327 1760899355 ACCEPT OK", - "ingestionTime": 1760899377777, - "eventId": "39269367211691055680949668776306210749227841375661588491" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899327000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.22.186 10.0.4.186 56326 80 6 3 180 1760899327 1760899355 ACCEPT OK", - "ingestionTime": 1760899377777, - "eventId": "39269367211691055680949668776306210749227841375661588492" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899327000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 11346 80 6 1 60 1760899327 1760899355 ACCEPT OK", - "ingestionTime": 1760899377777, - "eventId": "39269367211691055680949668776306210749227841375661588493" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899327000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.38.48 10.0.4.186 54058 80 6 3 180 1760899327 1760899355 ACCEPT OK", - "ingestionTime": 1760899377777, - "eventId": "39269367211691055680949668776306210749227841375661588494" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899331000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.174 10.0.4.186 28496 80 6 1 60 1760899331 1760899360 ACCEPT OK", - "ingestionTime": 1760899382740, - "eventId": "39269367300894036475072161348448949631126678245174607872" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899331000, - "message": "2 211203495394 eni-0c663685d7a12552e 87.120.191.93 10.0.4.186 51632 80 6 1 40 1760899331 1760899360 ACCEPT OK", - "ingestionTime": 1760899382740, - "eventId": "39269367300894036475072161348448949631126678245174607873" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899331000, - "message": "2 211203495394 eni-0c663685d7a12552e 41.59.173.249 10.0.4.186 44087 23 6 1 60 1760899331 1760899360 ACCEPT OK", - "ingestionTime": 1760899382740, - "eventId": "39269367300894036475072161348448949631126678245174607874" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899331000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.174 10.0.4.186 39996 80 6 3 180 1760899331 1760899360 ACCEPT OK", - "ingestionTime": 1760899382740, - "eventId": "39269367300894036475072161348448949631126678245174607875" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899331000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.157 10.0.4.186 59438 80 6 3 180 1760899331 1760899360 ACCEPT OK", - "ingestionTime": 1760899382740, - "eventId": "39269367300894036475072161348448949631126678245174607876" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899331000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.6.212 10.0.4.186 61964 80 6 3 180 1760899331 1760899360 ACCEPT OK", - "ingestionTime": 1760899382740, - "eventId": "39269367300894036475072161348448949631126678245174607877" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899331000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.9 10.0.4.186 15392 21 6 4 240 1760899331 1760899360 ACCEPT OK", - "ingestionTime": 1760899382740, - "eventId": "39269367300894036475072161348448949631126678245174607878" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899331000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.10.12 10.0.4.186 11790 21 6 4 240 1760899331 1760899360 ACCEPT OK", - "ingestionTime": 1760899382740, - "eventId": "39269367300894036475072161348448949631126678245174607879" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899331000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.22.186 10.0.4.186 37404 80 6 3 180 1760899331 1760899360 ACCEPT OK", - "ingestionTime": 1760899382740, - "eventId": "39269367300894036475072161348448949631126678245174607880" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899331000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.65 10.0.4.186 46602 21 6 4 240 1760899331 1760899360 ACCEPT OK", - "ingestionTime": 1760899382740, - "eventId": "39269367300894036475072161348448949631126678245174607881" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899352000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.22.186 10.0.4.186 25578 80 6 3 180 1760899352 1760899374 ACCEPT OK", - "ingestionTime": 1760899408802, - "eventId": "39269367769209685644215247352206373185917490583177330688" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899352000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.10.34 10.0.4.186 49716 80 6 3 180 1760899352 1760899374 ACCEPT OK", - "ingestionTime": 1760899408802, - "eventId": "39269367769209685644215247352206373185917490583177330689" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899352000, - "message": "2 211203495394 eni-0c663685d7a12552e - - - - - - - 1760899352 1760899374 - SKIPDATA", - "ingestionTime": 1760899408802, - "eventId": "39269367769209685644215247352206373185917490583177330690" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899354000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.18.159 10.0.4.186 47440 80 6 3 180 1760899354 1760899378 ACCEPT OK", - "ingestionTime": 1760899412440, - "eventId": "39269367813811176041276493639675932908351685245456547840" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899354000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 12744 21 6 4 240 1760899354 1760899378 ACCEPT OK", - "ingestionTime": 1760899412440, - "eventId": "39269367813811176041276493639675932908351685245456547841" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899354000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.121 10.0.4.186 19934 80 6 3 180 1760899354 1760899378 ACCEPT OK", - "ingestionTime": 1760899412440, - "eventId": "39269367813811176041276493639675932908351685245456547842" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899354000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.50.153 10.0.4.186 55776 80 6 3 180 1760899354 1760899378 ACCEPT OK", - "ingestionTime": 1760899412440, - "eventId": "39269367813811176041276493639675932908351685245456547843" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899354000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.121 10.0.4.186 18552 80 6 1 60 1760899354 1760899379 ACCEPT OK", - "ingestionTime": 1760899412903, - "eventId": "39269367813811176041276493640235400035658293895875198976" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899354000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.121 10.0.4.186 22126 80 6 3 180 1760899354 1760899379 ACCEPT OK", - "ingestionTime": 1760899412903, - "eventId": "39269367813811176041276493640235400035658293895875198977" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899354000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.22.186 10.0.4.186 10576 80 6 3 180 1760899354 1760899379 ACCEPT OK", - "ingestionTime": 1760899412903, - "eventId": "39269367813811176041276493640235400035658293895875198978" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899354000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.42.79 10.0.4.186 24392 80 6 3 180 1760899354 1760899379 ACCEPT OK", - "ingestionTime": 1760899412903, - "eventId": "39269367813811176041276493640235400035658293895875198979" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899354000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.174 10.0.4.186 33602 80 6 3 180 1760899354 1760899379 ACCEPT OK", - "ingestionTime": 1760899412903, - "eventId": "39269367813811176041276493640235400035658293895875198980" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899354000, - "message": "2 211203495394 eni-0c663685d7a12552e 92.63.197.66 10.0.4.186 8080 6224 6 1 40 1760899354 1760899379 ACCEPT OK", - "ingestionTime": 1760899412903, - "eventId": "39269367813811176041276493640235400035658293895875198981" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899354000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.6.212 10.0.4.186 18116 80 6 3 180 1760899354 1760899379 ACCEPT OK", - "ingestionTime": 1760899412903, - "eventId": "39269367813811176041276493640235400035658293895875198982" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899354000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.46.102 10.0.4.186 35388 80 6 3 180 1760899354 1760899379 ACCEPT OK", - "ingestionTime": 1760899412903, - "eventId": "39269367813811176041276493640235400035658293895875198983" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899354000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.38.30 10.0.4.186 43842 21 6 4 240 1760899354 1760899379 ACCEPT OK", - "ingestionTime": 1760899412903, - "eventId": "39269367813811176041276493640235400035658293895875198984" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899354000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.50.153 10.0.4.186 27478 80 6 3 180 1760899354 1760899379 ACCEPT OK", - "ingestionTime": 1760899412903, - "eventId": "39269367813811176041276493640235400035658293895875198985" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899358000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.10.34 10.0.4.186 37470 80 6 3 180 1760899358 1760899384 ACCEPT OK", - "ingestionTime": 1760899408496, - "eventId": "39269367903014156835398986201050591227621666028279234560" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899358000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.42.79 10.0.4.186 59854 80 6 3 180 1760899358 1760899384 ACCEPT OK", - "ingestionTime": 1760899408496, - "eventId": "39269367903014156835398986201050591227621666028279234561" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899358000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.53 10.0.4.186 35168 80 6 3 180 1760899358 1760899384 ACCEPT OK", - "ingestionTime": 1760899408496, - "eventId": "39269367903014156835398986201050591227621666028279234562" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899358000, - "message": "2 211203495394 eni-0c663685d7a12552e 91.196.152.225 10.0.4.186 48508 14430 6 1 60 1760899358 1760899384 ACCEPT OK", - "ingestionTime": 1760899408496, - "eventId": "39269367903014156835398986201050591227621666028279234563" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899358000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.126 10.0.4.186 52196 21 6 4 240 1760899358 1760899384 ACCEPT OK", - "ingestionTime": 1760899408496, - "eventId": "39269367903014156835398986201050591227621666028279234564" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899358000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.42.79 10.0.4.186 37160 21 6 4 240 1760899358 1760899384 ACCEPT OK", - "ingestionTime": 1760899408496, - "eventId": "39269367903014156835398986201050591227621666028279234565" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899358000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.236 10.0.4.186 48292 80 6 3 180 1760899358 1760899384 ACCEPT OK", - "ingestionTime": 1760899408496, - "eventId": "39269367903014156835398986201050591227621666028279234566" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899358000, - "message": "2 211203495394 eni-0c663685d7a12552e 35.203.210.253 10.0.4.186 54329 9606 6 1 44 1760899358 1760899384 ACCEPT OK", - "ingestionTime": 1760899408496, - "eventId": "39269367903014156835398986201050591227621666028279234567" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899358000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.18.159 10.0.4.186 55998 80 6 3 180 1760899358 1760899384 ACCEPT OK", - "ingestionTime": 1760899408496, - "eventId": "39269367903014156835398986201050591227621666028279234568" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899358000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.18.159 10.0.4.186 13248 80 6 3 180 1760899358 1760899384 ACCEPT OK", - "ingestionTime": 1760899408496, - "eventId": "39269367903014156835398986201050591227621666028279234569" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899358000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.22.186 10.0.4.186 27354 80 6 3 180 1760899358 1760899384 ACCEPT OK", - "ingestionTime": 1760899408496, - "eventId": "39269367903014156835398986201050591227621666028279234570" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899358000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.22.186 10.0.4.186 18188 80 6 2 120 1760899358 1760899384 ACCEPT OK", - "ingestionTime": 1760899408496, - "eventId": "39269367903014156835398986201050591227621666028279234571" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899358000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.42.79 10.0.4.186 15930 80 6 3 180 1760899358 1760899384 ACCEPT OK", - "ingestionTime": 1760899408496, - "eventId": "39269367903014156835398986201050591227621666028279234572" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899363000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.157 10.0.4.186 14392 80 6 3 180 1760899363 1760899388 ACCEPT OK", - "ingestionTime": 1760899420016, - "eventId": "39269368014517882828052101922655979963925164507745746944" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899363000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.10.12 10.0.4.186 16508 21 6 3 180 1760899363 1760899388 ACCEPT OK", - "ingestionTime": 1760899420016, - "eventId": "39269368014517882828052101922655979963925164507745746945" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899363000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.22.145 10.0.4.186 45642 21 6 4 240 1760899363 1760899388 ACCEPT OK", - "ingestionTime": 1760899420016, - "eventId": "39269368014517882828052101922655979963925164507745746946" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899363000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.174 10.0.4.186 65378 80 6 3 180 1760899363 1760899388 ACCEPT OK", - "ingestionTime": 1760899420016, - "eventId": "39269368014517882828052101922655979963925164507745746947" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899363000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.126 10.0.4.186 48818 21 6 4 240 1760899363 1760899388 ACCEPT OK", - "ingestionTime": 1760899420016, - "eventId": "39269368014517882828052101922655979963925164507745746948" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899363000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.50.103 10.0.4.186 57706 21 6 4 240 1760899363 1760899388 ACCEPT OK", - "ingestionTime": 1760899420016, - "eventId": "39269368014517882828052101922655979963925164507745746949" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899363000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.65 10.0.4.186 11464 21 6 4 240 1760899363 1760899388 ACCEPT OK", - "ingestionTime": 1760899420016, - "eventId": "39269368014517882828052101922655979963925164507745746950" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899363000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.100 10.0.4.186 34208 21 6 4 240 1760899363 1760899388 ACCEPT OK", - "ingestionTime": 1760899420016, - "eventId": "39269368014517882828052101922655979963925164507745746951" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899363000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.46.102 10.0.4.186 31380 80 6 3 180 1760899363 1760899388 ACCEPT OK", - "ingestionTime": 1760899420016, - "eventId": "39269368014517882828052101922655979963925164507745746952" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899363000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.157 10.0.4.186 18816 80 6 3 180 1760899363 1760899388 ACCEPT OK", - "ingestionTime": 1760899420016, - "eventId": "39269368014517882828052101922655979963925164507745746953" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899382000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.2.31 10.0.4.186 36286 21 6 4 240 1760899382 1760899406 ACCEPT OK", - "ingestionTime": 1760899428549, - "eventId": "39269368438232041600133941622150274088155816644489117696" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899382000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.2.130 10.0.4.186 25478 80 6 3 180 1760899382 1760899406 ACCEPT OK", - "ingestionTime": 1760899428549, - "eventId": "39269368438232041600133941622150274088155816644489117697" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899382000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.46.163 10.0.4.186 29340 21 6 4 240 1760899382 1760899406 ACCEPT OK", - "ingestionTime": 1760899428549, - "eventId": "39269368438232041600133941622150274088155816644489117698" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899382000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.53 10.0.4.186 53794 80 6 3 180 1760899382 1760899406 ACCEPT OK", - "ingestionTime": 1760899428549, - "eventId": "39269368438232041600133941622150274088155816644489117699" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899382000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 42022 80 6 3 180 1760899382 1760899406 ACCEPT OK", - "ingestionTime": 1760899428549, - "eventId": "39269368438232041600133941622150274088155816644489117700" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899382000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.42.79 10.0.4.186 13670 21 6 3 180 1760899382 1760899406 ACCEPT OK", - "ingestionTime": 1760899428549, - "eventId": "39269368438232041600133941622150274088155816644489117701" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899382000, - "message": "2 211203495394 eni-0c663685d7a12552e - - - - - - - 1760899382 1760899406 - SKIPDATA", - "ingestionTime": 1760899428549, - "eventId": "39269368438232041600133941622150274088155816644489117702" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899383000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.22.145 10.0.4.186 37698 21 6 4 240 1760899383 1760899410 ACCEPT OK", - "ingestionTime": 1760899435363, - "eventId": "39269368460532786798664564771924077711599893038972338176" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899383000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.100 10.0.4.186 63386 21 6 4 240 1760899383 1760899410 ACCEPT OK", - "ingestionTime": 1760899435363, - "eventId": "39269368460532786798664564771924077711599893038972338177" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899383000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.6.1 10.0.4.186 24506 21 6 4 240 1760899383 1760899410 ACCEPT OK", - "ingestionTime": 1760899435363, - "eventId": "39269368460532786798664564771924077711599893038972338178" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899383000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.34.56 10.0.4.186 13550 21 6 4 240 1760899383 1760899410 ACCEPT OK", - "ingestionTime": 1760899435363, - "eventId": "39269368460532786798664564771924077711599893038972338179" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899383000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.50.153 10.0.4.186 61784 80 6 3 180 1760899383 1760899410 ACCEPT OK", - "ingestionTime": 1760899435363, - "eventId": "39269368460532786798664564771924077711599893038972338180" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899383000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.42.79 10.0.4.186 31186 80 6 3 180 1760899383 1760899410 ACCEPT OK", - "ingestionTime": 1760899435363, - "eventId": "39269368460532786798664564771924077711599893038972338181" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899383000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.34.56 10.0.4.186 61844 21 6 2 120 1760899383 1760899410 ACCEPT OK", - "ingestionTime": 1760899435363, - "eventId": "39269368460532786798664564771924077711599893038972338182" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899383000, - "message": "2 211203495394 eni-0c663685d7a12552e 147.185.132.26 10.0.4.186 56968 9530 6 1 44 1760899383 1760899410 ACCEPT OK", - "ingestionTime": 1760899435363, - "eventId": "39269368460532786798664564771924077711599893038972338183" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899383000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.100 10.0.4.186 44220 21 6 2 120 1760899383 1760899410 ACCEPT OK", - "ingestionTime": 1760899435363, - "eventId": "39269368460532786798664564771924077711599893038972338184" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899383000, - "message": "2 211203495394 eni-0c663685d7a12552e 162.216.150.181 10.0.4.186 49778 9108 6 1 44 1760899383 1760899410 ACCEPT OK", - "ingestionTime": 1760899435363, - "eventId": "39269368460532786798664564771924077711599893038972338185" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899383000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.174 10.0.4.186 21902 80 6 3 180 1760899383 1760899410 ACCEPT OK", - "ingestionTime": 1760899435363, - "eventId": "39269368460532786798664564771924077711599893038972338186" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899383000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.65 10.0.4.186 61022 21 6 4 240 1760899383 1760899410 ACCEPT OK", - "ingestionTime": 1760899435363, - "eventId": "39269368460532786798664564771924077711599893038972338187" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899387000, - "message": "2 211203495394 eni-0c663685d7a12552e 40.124.175.174 10.0.4.186 48441 993 6 1 52 1760899387 1760899410 ACCEPT OK", - "ingestionTime": 1760899431153, - "eventId": "39269368549735767592787057332977025247197197492447477760" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899387000, - "message": "2 211203495394 eni-0c663685d7a12552e 147.185.132.182 10.0.4.186 54893 7706 6 1 44 1760899387 1760899410 ACCEPT OK", - "ingestionTime": 1760899431153, - "eventId": "39269368549735767592787057332977025247197197492447477761" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899387000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.6.212 10.0.4.186 54974 80 6 3 180 1760899387 1760899410 ACCEPT OK", - "ingestionTime": 1760899431153, - "eventId": "39269368549735767592787057332977025247197197492447477762" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899387000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.126 10.0.4.186 44314 21 6 4 240 1760899387 1760899410 ACCEPT OK", - "ingestionTime": 1760899431153, - "eventId": "39269368549735767592787057332977025247197197492447477763" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899387000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.18.159 10.0.4.186 19256 80 6 3 180 1760899387 1760899410 ACCEPT OK", - "ingestionTime": 1760899431153, - "eventId": "39269368549735767592787057332977025247197197492447477764" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899387000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.236 10.0.4.186 45020 80 6 2 120 1760899387 1760899416 ACCEPT OK", - "ingestionTime": 1760899434149, - "eventId": "39269368549735767592787057336599182057567182487830134784" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899387000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.2.31 10.0.4.186 30032 21 6 4 240 1760899387 1760899416 ACCEPT OK", - "ingestionTime": 1760899434149, - "eventId": "39269368549735767592787057336599182057567182487830134785" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899387000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.46.163 10.0.4.186 63082 21 6 4 240 1760899387 1760899416 ACCEPT OK", - "ingestionTime": 1760899434149, - "eventId": "39269368549735767592787057336599182057567182487830134786" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899387000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.38.48 10.0.4.186 36934 80 6 3 180 1760899387 1760899416 ACCEPT OK", - "ingestionTime": 1760899434149, - "eventId": "39269368549735767592787057336599182057567182487830134787" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899387000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.10.34 10.0.4.186 62370 80 6 3 180 1760899387 1760899416 ACCEPT OK", - "ingestionTime": 1760899434149, - "eventId": "39269368549735767592787057336599182057567182487830134788" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899387000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.157 10.0.4.186 13408 80 6 3 180 1760899387 1760899416 ACCEPT OK", - "ingestionTime": 1760899434149, - "eventId": "39269368549735767592787057336599182057567182487830134789" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899387000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.2.130 10.0.4.186 21982 80 6 3 180 1760899387 1760899416 ACCEPT OK", - "ingestionTime": 1760899434149, - "eventId": "39269368549735767592787057336599182057567182487830134790" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899387000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 11346 80 6 2 120 1760899387 1760899416 ACCEPT OK", - "ingestionTime": 1760899434149, - "eventId": "39269368549735767592787057336599182057567182487830134791" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899387000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 32590 80 6 3 180 1760899387 1760899416 ACCEPT OK", - "ingestionTime": 1760899434149, - "eventId": "39269368549735767592787057336599182057567182487830134792" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899394000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.42.79 10.0.4.186 42266 80 6 3 180 1760899394 1760899421 ACCEPT OK", - "ingestionTime": 1760899455104, - "eventId": "39269368705840983982501419352682204274414774293099839488" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899394000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.42.79 10.0.4.186 54384 80 6 3 180 1760899394 1760899421 ACCEPT OK", - "ingestionTime": 1760899455104, - "eventId": "39269368705840983982501419352682204274414774293099839489" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899394000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.157 10.0.4.186 37458 80 6 3 180 1760899394 1760899421 ACCEPT OK", - "ingestionTime": 1760899455104, - "eventId": "39269368705840983982501419352682204274414774293099839490" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899394000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.53 10.0.4.186 39936 80 6 3 180 1760899394 1760899421 ACCEPT OK", - "ingestionTime": 1760899455104, - "eventId": "39269368705840983982501419352682204274414774293099839491" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899394000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.38.48 10.0.4.186 24968 80 6 3 180 1760899394 1760899421 ACCEPT OK", - "ingestionTime": 1760899455104, - "eventId": "39269368705840983982501419352682204274414774293099839492" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899394000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 63412 80 6 3 180 1760899394 1760899421 ACCEPT OK", - "ingestionTime": 1760899455104, - "eventId": "39269368705840983982501419352682204274414774293099839493" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899394000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.6.212 10.0.4.186 34598 80 6 3 180 1760899394 1760899421 ACCEPT OK", - "ingestionTime": 1760899455104, - "eventId": "39269368705840983982501419352682204274414774293099839494" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899394000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.53 10.0.4.186 48400 80 6 3 180 1760899394 1760899421 ACCEPT OK", - "ingestionTime": 1760899455104, - "eventId": "39269368705840983982501419352682204274414774293099839495" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899394000, - "message": "2 211203495394 eni-0c663685d7a12552e 205.210.31.140 10.0.4.186 50762 1443 6 1 44 1760899394 1760899421 ACCEPT OK", - "ingestionTime": 1760899455104, - "eventId": "39269368705840983982501419352682204274414774293099839496" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899394000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.236 10.0.4.186 13368 80 6 3 180 1760899394 1760899421 ACCEPT OK", - "ingestionTime": 1760899455104, - "eventId": "39269368705840983982501419352682204274414774293099839497" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899394000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.2.130 10.0.4.186 15050 80 6 3 180 1760899394 1760899421 ACCEPT OK", - "ingestionTime": 1760899455104, - "eventId": "39269368705840983982501419352682204274414774293099839498" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899394000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.157 10.0.4.186 26108 80 6 3 180 1760899394 1760899421 ACCEPT OK", - "ingestionTime": 1760899455104, - "eventId": "39269368705840983982501419352682204274414774293099839499" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899394000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.22.145 10.0.4.186 45052 21 6 4 240 1760899394 1760899421 ACCEPT OK", - "ingestionTime": 1760899455104, - "eventId": "39269368705840983982501419352682204274414774293099839500" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899414000, - "message": "2 211203495394 eni-0c663685d7a12552e 95.214.53.196 10.0.4.186 40742 16379 6 1 40 1760899414 1760899437 ACCEPT OK", - "ingestionTime": 1760899458154, - "eventId": "39269369151855887953113882187083579791881746227358859264" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899414000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 48250 80 6 3 180 1760899414 1760899437 ACCEPT OK", - "ingestionTime": 1760899458154, - "eventId": "39269369151855887953113882187083579791881746227358859265" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899414000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.34.110 10.0.4.186 63068 80 6 1 60 1760899414 1760899437 ACCEPT OK", - "ingestionTime": 1760899458154, - "eventId": "39269369151855887953113882187083579791881746227358859266" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899414000, - "message": "2 211203495394 eni-0c663685d7a12552e - - - - - - - 1760899414 1760899437 - SKIPDATA", - "ingestionTime": 1760899458154, - "eventId": "39269369151855887953113882187083579791881746227358859267" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899414000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.38.30 10.0.4.186 15034 21 6 4 240 1760899414 1760899438 ACCEPT OK", - "ingestionTime": 1760899467683, - "eventId": "39269369151855887953113882198603628849459116683788746752" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899414000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.10.34 10.0.4.186 20028 80 6 3 180 1760899414 1760899438 ACCEPT OK", - "ingestionTime": 1760899467683, - "eventId": "39269369151855887953113882198603628849459116683788746753" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899414000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.53 10.0.4.186 16406 80 6 3 180 1760899414 1760899438 ACCEPT OK", - "ingestionTime": 1760899467683, - "eventId": "39269369151855887953113882198603628849459116683788746754" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899414000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.2.31 10.0.4.186 24550 21 6 4 240 1760899414 1760899438 ACCEPT OK", - "ingestionTime": 1760899467683, - "eventId": "39269369151855887953113882198603628849459116683788746755" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899414000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.42.79 10.0.4.186 62060 21 6 3 180 1760899414 1760899438 ACCEPT OK", - "ingestionTime": 1760899467683, - "eventId": "39269369151855887953113882198603628849459116683788746756" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899414000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.121 10.0.4.186 60596 80 6 3 180 1760899414 1760899438 ACCEPT OK", - "ingestionTime": 1760899467683, - "eventId": "39269369151855887953113882198603628849459116683788746757" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899414000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.34.110 10.0.4.186 35718 80 6 3 180 1760899414 1760899438 ACCEPT OK", - "ingestionTime": 1760899467683, - "eventId": "39269369151855887953113882198603628849459116683788746758" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899414000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.9 10.0.4.186 16994 21 6 3 180 1760899414 1760899438 ACCEPT OK", - "ingestionTime": 1760899467683, - "eventId": "39269369151855887953113882198603628849459116683788746759" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899414000, - "message": "2 211203495394 eni-0c663685d7a12552e 47.74.55.112 10.0.4.186 57188 12320 6 1 52 1760899414 1760899438 ACCEPT OK", - "ingestionTime": 1760899467683, - "eventId": "39269369151855887953113882198603628849459116683788746760" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899414000, - "message": "2 211203495394 eni-0c663685d7a12552e 162.216.150.55 10.0.4.186 51355 34473 6 1 44 1760899414 1760899438 ACCEPT OK", - "ingestionTime": 1760899467683, - "eventId": "39269369151855887953113882198603628849459116683788746761" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899414000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 16338 80 6 3 180 1760899414 1760899438 ACCEPT OK", - "ingestionTime": 1760899467683, - "eventId": "39269369151855887953113882198603628849459116683788746762" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899414000, - "message": "2 211203495394 eni-0c663685d7a12552e 162.216.149.61 10.0.4.186 55176 49010 6 1 44 1760899414 1760899438 ACCEPT OK", - "ingestionTime": 1760899467683, - "eventId": "39269369151855887953113882198603628849459116683788746763" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899415000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.50.153 10.0.4.186 33922 80 6 3 180 1760899415 1760899441 ACCEPT OK", - "ingestionTime": 1760899465450, - "eventId": "39269369174156633151644505337439453974580325074051334144" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899415000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.38.48 10.0.4.186 38080 80 6 3 180 1760899415 1760899441 ACCEPT OK", - "ingestionTime": 1760899465450, - "eventId": "39269369174156633151644505337439453974580325074051334145" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899415000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.53 10.0.4.186 47416 80 6 3 180 1760899415 1760899441 ACCEPT OK", - "ingestionTime": 1760899465450, - "eventId": "39269369174156633151644505337439453974580325074051334146" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899415000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.46.102 10.0.4.186 30120 80 6 3 180 1760899415 1760899441 ACCEPT OK", - "ingestionTime": 1760899465450, - "eventId": "39269369174156633151644505337439453974580325074051334147" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899415000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.34.110 10.0.4.186 61568 80 6 3 180 1760899415 1760899441 ACCEPT OK", - "ingestionTime": 1760899465450, - "eventId": "39269369174156633151644505337439453974580325074051334148" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899415000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.6.212 10.0.4.186 38820 80 6 3 180 1760899415 1760899441 ACCEPT OK", - "ingestionTime": 1760899465450, - "eventId": "39269369174156633151644505337439453974580325074051334149" - } - ], - "eni-0b0549e20044315f3-all": [ - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899050000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899050 1760899129 - NODATA", - "ingestionTime": 1760899149148, - "eventId": "39269361034384635687967058294516883796158603200468746240" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899063000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899063 1760899133 - NODATA", - "ingestionTime": 1760899191042, - "eventId": "39269361324294323268865159185128106407086387132881174528" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899065000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899065 1760899140 - NODATA", - "ingestionTime": 1760899158751, - "eventId": "39269361368895813665926405429162124440841377838471249920" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899066000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899066 1760899145 - NODATA", - "ingestionTime": 1760899169059, - "eventId": "39269361391196558864457028583159222796051983380536492032" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899072000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899072 1760899154 - NODATA", - "ingestionTime": 1760899183447, - "eventId": "39269361525001030055640767449767568231817834522370572288" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899083000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899083 1760899163 - NODATA", - "ingestionTime": 1760899191130, - "eventId": "39269361770309227239477622015948951614231990473462448128" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899095000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899095 1760899177 - NODATA", - "ingestionTime": 1760899203123, - "eventId": "39269362037918169621845099728876158476315828073130033152" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899096000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899096 1760899173 - NODATA", - "ingestionTime": 1760899191541, - "eventId": "39269362060218914820375722856410123339823436258297708544" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899110000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899110 1760899188 - NODATA", - "ingestionTime": 1760899209964, - "eventId": "39269362372429347599804446860182095577718871838885019648" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899124000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899124 1760899206 - NODATA", - "ingestionTime": 1760899229535, - "eventId": "39269362684639780379233170865342036892205695946093232128" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899125000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899125 1760899199 - NODATA", - "ingestionTime": 1760899251421, - "eventId": "39269362706940525577763794033336149004260622706450890752" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899126000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899126 1760899200 - NODATA", - "ingestionTime": 1760899220164, - "eventId": "39269362729241270776294417137084416047159533537171668992" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899127000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899127 1760899212 - NODATA", - "ingestionTime": 1760899241060, - "eventId": "39269362751542015974825040303882188022904222112626704384" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899154000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899154 1760899233 - NODATA", - "ingestionTime": 1760899251092, - "eventId": "39269363353662136335151865137474306632162095644831449088" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899154000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899154 1760899237 - NODATA", - "ingestionTime": 1760899265367, - "eventId": "39269363353662136335151865154731662239795841721343803392" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899181000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899181 1760899266 - NODATA", - "ingestionTime": 1760899288254, - "eventId": "39269363955782256695478690003864747195775111898944765952" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899184000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899184 1760899260 - NODATA", - "ingestionTime": 1760899279934, - "eventId": "39269364022684492291070559418413938563523123583808634880" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899191000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899191 1760899257 - NODATA", - "ingestionTime": 1760899310499, - "eventId": "39269364178789708680784921446114574291045297137749393408" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899193000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899193 1760899271 - NODATA", - "ingestionTime": 1760899300873, - "eventId": "39269364223391199077846167717549072416822564465518444544" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899203000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899203 1760899284 - NODATA", - "ingestionTime": 1760899308384, - "eventId": "39269364446398651063152399141986190306426909080998117376" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899213000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899213 1760899293 - NODATA", - "ingestionTime": 1760899313680, - "eventId": "39269364669406103048458630563745762218163735798362669056" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899215000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899215 1760899297 - NODATA", - "ingestionTime": 1760899323453, - "eventId": "39269364714007593445519876858632206622956850636010291200" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899231000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899231 1760899308 - NODATA", - "ingestionTime": 1760899331321, - "eventId": "39269365070819516622009847132715303195827357368140234752" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899245000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899245 1760899320 - NODATA", - "ingestionTime": 1760899339052, - "eventId": "39269365383029949401438571123561746374130011920953245696" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899246000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899246 1760899325 - NODATA", - "ingestionTime": 1760899350892, - "eventId": "39269365405330694599969194279411208772642910370836054016" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899246000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899246 1760899316 - NODATA", - "ingestionTime": 1760899371391, - "eventId": "39269365405330694599969194304192910118520948369194024960" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899248000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899248 1760899335 - NODATA", - "ingestionTime": 1760899363230, - "eventId": "39269365449932184997030440577398219863041560501072035840" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899264000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899264 1760899344 - NODATA", - "ingestionTime": 1760899368928, - "eventId": "39269365806744108173520410848858081852441394865298800640" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899273000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899273 1760899356 - NODATA", - "ingestionTime": 1760899385617, - "eventId": "39269366007450814960296019142855830900426629503072272384" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899275000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899275 1760899352 - NODATA", - "ingestionTime": 1760899371464, - "eventId": "39269366052052305357357265408817078540645514115318808576" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899291000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899291 1760899367 - NODATA", - "ingestionTime": 1760899390402, - "eventId": "39269366408864228533847235696283450762548894208316080128" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899303000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899303 1760899380 - NODATA", - "ingestionTime": 1760899399395, - "eventId": "39269366676473170916214713405583375986398277744453156864" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899307000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899307 1760899384 - NODATA", - "ingestionTime": 1760899410029, - "eventId": "39269366765676151710337205984582080515597986510266630144" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899310000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899310 1760899379 - NODATA", - "ingestionTime": 1760899433219, - "eventId": "39269366832578387305929075437224527699752125344533053440" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899314000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899314 1760899394 - NODATA", - "ingestionTime": 1760899418894, - "eventId": "39269366921781368100051567986049717306332660931861872640" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899322000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899322 1760899403 - NODATA", - "ingestionTime": 1760899428250, - "eventId": "39269367100187329688296553129645846721084489476922867712" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899335000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899335 1760899412 - NODATA", - "ingestionTime": 1760899433229, - "eventId": "39269367390097017269194653975629748732390472004675108864" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899335000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899335 1760899418 - NODATA", - "ingestionTime": 1760899444045, - "eventId": "39269367390097017269194653988704937156474046665124282368" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899351000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899351 1760899426 - NODATA", - "ingestionTime": 1760899450863, - "eventId": "39269367746908940445684624261519183700000033952722321408" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899363000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899363 1760899441 - NODATA", - "ingestionTime": 1760899461247, - "eventId": "39269368014517882828052101972501331045545810129543692288" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899364000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899364 1760899446 - NODATA", - "ingestionTime": 1760899468555, - "eventId": "39269368036818628026582725122871818569149878791262961664" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899367000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899367 1760899437 - NODATA", - "ingestionTime": 1760899492360, - "eventId": "39269368103720863622174594576257299469602032595912818688" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899371000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899371 1760899451 - NODATA", - "ingestionTime": 1760899479465, - "eventId": "39269368192923844416297087126810934162937552827837972480" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899383000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899383 1760899467 - NODATA", - "ingestionTime": 1760899490099, - "eventId": "39269368460532786798664564838095442697030093502723784704" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899394000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899394 1760899478 - NODATA", - "ingestionTime": 1760899502794, - "eventId": "39269368705840983982501419410335527383627721259566039040" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899399000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899399 1760899475 - NODATA", - "ingestionTime": 1760899493057, - "eventId": "39269368817344709975154535106242973873413473154290745344" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899409000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899409 1760899488 - NODATA", - "ingestionTime": 1760899515333, - "eventId": "39269369040352161960460766548530326175156119273020653568" - } - ] - }, - "tags": [] - } - }, - "group": { - "name": "cloudwatch" - }, - "labels": [], - "name": "/aws/vpc-flow-log/vpc-007d791b9b857543e", - "type": "Other", - "uid": "arn:aws:logs:eu-west-1:211203495394:log-group:/aws/vpc-flow-log/vpc-007d791b9b857543e:*" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "It is recommended that sensitive information is not logged to CloudWatch logs. Alternatively, sensitive data may be masked using a protection policy", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/mask-sensitive-log-data.html" - ] - }, - "risk_details": "Storing sensitive data in CloudWatch logs could allow an attacker with read-only access to escalate their privileges or gain unauthorised access to systems.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Log Group /aws/rds/cluster/ex-rds/postgresql is not publicly accessible.", - "metadata": { - "event_code": "cloudwatch_log_group_not_publicly_accessible", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Log Group /aws/rds/cluster/ex-rds/postgresql is not publicly accessible.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/iam-access-control-overview-cwl.html", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "AM-01.01AC", - "PS-03.02B", - "OPS-11.02AC", - "OPS-26.05B", - "OPS-26.01AS", - "IAM-10.01B", - "COS-02.01B", - "PSS-04.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.1", - "2.10.1", - "2.10.2" - ], - "CCC": [ - "CCC.AuditLog.CN09.AR01", - "CCC.AuditLog.CN04.AR01", - "CCC.Monitor.CN04.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN09.AR02", - "CCC.Core.CN09.AR03", - "CCC.Core.CN04.AR03" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "KISA-ISMS-P-2023": [ - "2.6.1", - "2.10.1", - "2.10.2" - ], - "NIS2": [ - "3.2.3.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "This check ensures that no CloudWatch Log Groups are publicly accessible by checking for resource policies that allow access from any entity (Principal: '*'). Publicly exposed log groups pose a serious security risk as sensitive log data could be accessed by unauthorized parties.", - "title": "Ensure that CloudWatch Log Groups are not publicly accessible", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices" - ], - "uid": "prowler-aws-cloudwatch_log_group_not_publicly_accessible-211203495394-eu-west-1-/aws/rds/cluster/ex-rds/postgresql" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:logs:eu-west-1:211203495394:log-group:/aws/rds/cluster/ex-rds/postgresql:*", - "name": "/aws/rds/cluster/ex-rds/postgresql", - "retention_days": 7, - "never_expire": false, - "kms_id": null, - "region": "eu-west-1", - "log_streams": {}, - "tags": [] - } - }, - "group": { - "name": "cloudwatch" - }, - "labels": [], - "name": "/aws/rds/cluster/ex-rds/postgresql", - "type": "Other", - "uid": "arn:aws:logs:eu-west-1:211203495394:log-group:/aws/rds/cluster/ex-rds/postgresql:*" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Ensure that CloudWatch Log Groups are not publicly accessible. Review and remove any resource policies that allow public access (Principal: '*') to log groups.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/iam-access-control-overview-cwl.html" - ] - }, - "risk_details": "Publicly accessible CloudWatch Log Groups can expose sensitive information, leading to data breaches or unauthorized access. It is important to ensure that log groups are only accessible by trusted entities.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Log Group /aws/vpc-flow-log/vpc-007d791b9b857543e is not publicly accessible.", - "metadata": { - "event_code": "cloudwatch_log_group_not_publicly_accessible", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Log Group /aws/vpc-flow-log/vpc-007d791b9b857543e is not publicly accessible.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/iam-access-control-overview-cwl.html", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "AM-01.01AC", - "PS-03.02B", - "OPS-11.02AC", - "OPS-26.05B", - "OPS-26.01AS", - "IAM-10.01B", - "COS-02.01B", - "PSS-04.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.1", - "2.10.1", - "2.10.2" - ], - "CCC": [ - "CCC.AuditLog.CN09.AR01", - "CCC.AuditLog.CN04.AR01", - "CCC.Monitor.CN04.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN09.AR02", - "CCC.Core.CN09.AR03", - "CCC.Core.CN04.AR03" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "KISA-ISMS-P-2023": [ - "2.6.1", - "2.10.1", - "2.10.2" - ], - "NIS2": [ - "3.2.3.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "This check ensures that no CloudWatch Log Groups are publicly accessible by checking for resource policies that allow access from any entity (Principal: '*'). Publicly exposed log groups pose a serious security risk as sensitive log data could be accessed by unauthorized parties.", - "title": "Ensure that CloudWatch Log Groups are not publicly accessible", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices" - ], - "uid": "prowler-aws-cloudwatch_log_group_not_publicly_accessible-211203495394-eu-west-1-/aws/vpc-flow-log/vpc-007d791b9b857543e" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:logs:eu-west-1:211203495394:log-group:/aws/vpc-flow-log/vpc-007d791b9b857543e:*", - "name": "/aws/vpc-flow-log/vpc-007d791b9b857543e", - "retention_days": 9999, - "never_expire": true, - "kms_id": null, - "region": "eu-west-1", - "log_streams": { - "eni-0cd4fcd4819d5a0b7-all": [ - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899031000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899031 1760899115 - NODATA", - "ingestionTime": 1760899139926, - "eventId": "39269360610670476915885218594189694963071457059547512832" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899046000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899046 1760899127 - NODATA", - "ingestionTime": 1760899149250, - "eventId": "39269360945181654893844565728497413038571606956274024448" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899064000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899064 1760899142 - NODATA", - "ingestionTime": 1760899171015, - "eventId": "39269361346595068467395782302452507265231831869047177216" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899065000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899065 1760899140 - NODATA", - "ingestionTime": 1760899161481, - "eventId": "39269361368895813665926405432462355128969412946093211648" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899074000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899074 1760899154 - NODATA", - "ingestionTime": 1760899180685, - "eventId": "39269361569602520452702013729500161457508911822151876608" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899087000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899087 1760899164 - NODATA", - "ingestionTime": 1760899188926, - "eventId": "39269361859512208033600114579426962274716549575521730560" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899093000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899093 1760899177 - NODATA", - "ingestionTime": 1760899202942, - "eventId": "39269361993316679224783853445585976414341769780327874560" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899096000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899096 1760899173 - NODATA", - "ingestionTime": 1760899189534, - "eventId": "39269362060218914820375722853983829530393030289362518016" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899107000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899107 1760899183 - NODATA", - "ingestionTime": 1760899208282, - "eventId": "39269362305527112004212577433541251354104638611981205504" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899120000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899120 1760899194 - NODATA", - "ingestionTime": 1760899249444, - "eventId": "39269362595436799585110678323267367353868490709992013824" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899124000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899124 1760899204 - NODATA", - "ingestionTime": 1760899231189, - "eventId": "39269362684639780379233170867341403349163730796893896704" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899145000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899145 1760899226 - NODATA", - "ingestionTime": 1760899248783, - "eventId": "39269363152955429548376256860861233320174442224344956928" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899153000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899153 1760899239 - NODATA", - "ingestionTime": 1760899262856, - "eventId": "39269363331361391136621242010160382151535307798841524224" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899156000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899156 1760899233 - NODATA", - "ingestionTime": 1760899251214, - "eventId": "39269363398263626732213111420693427286550341112125521920" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899167000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899167 1760899245 - NODATA", - "ingestionTime": 1760899267593, - "eventId": "39269363643571823916049965997386872465211874059378688000" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899181000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899181 1760899254 - NODATA", - "ingestionTime": 1760899309470, - "eventId": "39269363955782256695478690029513573287107439005186064384" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899184000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899184 1760899260 - NODATA", - "ingestionTime": 1760899280418, - "eventId": "39269364022684492291070559418998784362727835457823440896" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899187000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899187 1760899266 - NODATA", - "ingestionTime": 1760899289733, - "eventId": "39269364089586727886662428854866949624521773410794864640" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899194000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899194 1760899275 - NODATA", - "ingestionTime": 1760899299733, - "eventId": "39269364245691944276376790857706543416476686971921301504" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899204000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899204 1760899286 - NODATA", - "ingestionTime": 1760899309875, - "eventId": "39269364468699396261683022285324313923175968945211310080" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899213000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899213 1760899293 - NODATA", - "ingestionTime": 1760899319552, - "eventId": "39269364669406103048458630570844658358774455533122027520" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899215000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899215 1760899293 - NODATA", - "ingestionTime": 1760899311165, - "eventId": "39269364714007593445519876843776711888539935711792070656" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899227000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899227 1760899304 - NODATA", - "ingestionTime": 1760899327528, - "eventId": "39269364981616535827887354561987052343875666657387479040" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899241000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899241 1760899314 - NODATA", - "ingestionTime": 1760899369674, - "eventId": "39269365293826968607316078594438607167353915397586354176" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899245000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899245 1760899321 - NODATA", - "ingestionTime": 1760899340795, - "eventId": "39269365383029949401438571125668891064507806525688119296" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899247000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899247 1760899325 - NODATA", - "ingestionTime": 1760899349747, - "eventId": "39269365427631439798499817419562686664009994535042416640" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899248000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899248 1760899335 - NODATA", - "ingestionTime": 1760899361737, - "eventId": "39269365449932184997030440575593663755083845328799662080" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899263000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899263 1760899343 - NODATA", - "ingestionTime": 1760899367618, - "eventId": "39269365784443362974989787705738802661146729846819127296" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899271000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899271 1760899355 - NODATA", - "ingestionTime": 1760899379484, - "eventId": "39269365962849324563234772852369513371529050589700489216" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899276000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899276 1760899352 - NODATA", - "ingestionTime": 1760899371708, - "eventId": "39269366074353050555887888550647785025367173779549388800" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899287000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899287 1760899364 - NODATA", - "ingestionTime": 1760899389077, - "eventId": "39269366319661247739724743128538737171054749321939386368" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899303000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899303 1760899375 - NODATA", - "ingestionTime": 1760899431081, - "eventId": "39269366676473170916214713443889494423911819403013455872" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899305000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899305 1760899381 - NODATA", - "ingestionTime": 1760899400414, - "eventId": "39269366721074661313275959689886924638672932144373039104" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899307000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899307 1760899386 - NODATA", - "ingestionTime": 1760899408511, - "eventId": "39269366765676151710337205982746961466829488763300806656" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899314000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899314 1760899394 - NODATA", - "ingestionTime": 1760899420747, - "eventId": "39269366921781368100051567988289637575888457293160448000" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899322000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899322 1760899403 - NODATA", - "ingestionTime": 1760899428007, - "eventId": "39269367100187329688296553129352064058383779008465076224" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899334000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899334 1760899412 - NODATA", - "ingestionTime": 1760899429660, - "eventId": "39269367367796272070664030829778877118210560333827080192" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899336000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899336 1760899417 - NODATA", - "ingestionTime": 1760899442053, - "eventId": "39269367412397762467725277127832967444140093911955144704" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899349000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899349 1760899424 - NODATA", - "ingestionTime": 1760899449340, - "eventId": "39269367702307450048623377976606737167794200106263445504" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899361000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899361 1760899432 - NODATA", - "ingestionTime": 1760899491027, - "eventId": "39269367969916392430990855725431353246427732075437621248" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899363000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899363 1760899441 - NODATA", - "ingestionTime": 1760899460257, - "eventId": "39269368014517882828052101971304249414101267847896170496" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899365000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899365 1760899446 - NODATA", - "ingestionTime": 1760899468665, - "eventId": "39269368059119373225113348264540584396392034426105430016" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899375000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899375 1760899455 - NODATA", - "ingestionTime": 1760899481555, - "eventId": "39269368282126825210419579695480504500212685656322080768" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899383000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899383 1760899467 - NODATA", - "ingestionTime": 1760899487567, - "eventId": "39269368460532786798664564835034776331022815284839055360" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899393000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899393 1760899476 - NODATA", - "ingestionTime": 1760899500793, - "eventId": "39269368683540238783970796266381102896276266334347132928" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899398000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899398 1760899475 - NODATA", - "ingestionTime": 1760899489169, - "eventId": "39269368795043964776623911960006811116316914335348031488" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899409000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899409 1760899487 - NODATA", - "ingestionTime": 1760899507600, - "eventId": "39269369040352161960460766539181708866508225546449846272" - } - ], - "eni-0eee78be32276dc65-all": [ - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899032000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899032 1760899109 - NODATA", - "ingestionTime": 1760899134945, - "eventId": "39269360632971222114415841729703527226207967234779774976" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899043000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899043 1760899120 - NODATA", - "ingestionTime": 1760899144884, - "eventId": "39269360878279419298252696298611781813145246086503727104" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899052000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899052 1760899132 - NODATA", - "ingestionTime": 1760899154887, - "eventId": "39269361078986126085028304584526361316447343074608021504" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899063000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899063 1760899141 - NODATA", - "ingestionTime": 1760899164127, - "eventId": "39269361324294323268865159152589586655311491293203202048" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899066000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899066 1760899146 - NODATA", - "ingestionTime": 1760899173383, - "eventId": "39269361391196558864457028588387002206051139308865585152" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899070000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899070 1760899140 - NODATA", - "ingestionTime": 1760899156170, - "eventId": "39269361480399539658579521133720174781408048766989828096" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899074000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899074 1760899155 - NODATA", - "ingestionTime": 1760899186448, - "eventId": "39269361569602520452702013736466909309389429082721353728" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899096000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899096 1760899175 - NODATA", - "ingestionTime": 1760899197470, - "eventId": "39269362060218914820375722863577669461616015304736112640" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899107000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899107 1760899182 - NODATA", - "ingestionTime": 1760899205402, - "eventId": "39269362305527112004212577430059792118031670795614355456" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899124000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899124 1760899200 - NODATA", - "ingestionTime": 1760899224570, - "eventId": "39269362684639780379233170859339700182272340779870912512" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899127000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899127 1760899206 - NODATA", - "ingestionTime": 1760899231868, - "eventId": "39269362751542015974825040292769706477577608203599740928" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899130000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899130 1760899200 - NODATA", - "ingestionTime": 1760899216262, - "eventId": "39269362818444251570416909698510075089137464840133804032" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899133000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899133 1760899215 - NODATA", - "ingestionTime": 1760899246210, - "eventId": "39269362885346487166008779159322407412871585528894324736" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899153000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899153 1760899230 - NODATA", - "ingestionTime": 1760899251400, - "eventId": "39269363331361391136621241996311121221405119004043444224" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899157000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899157 1760899235 - NODATA", - "ingestionTime": 1760899258021, - "eventId": "39269363420564371930743734570458344598590417900065914880" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899167000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899167 1760899242 - NODATA", - "ingestionTime": 1760899266548, - "eventId": "39269363643571823916049965996123562950678726130113904640" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899174000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899174 1760899250 - NODATA", - "ingestionTime": 1760899275556, - "eventId": "39269363799677040305764327997764003167285750075715420160" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899183000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899183 1760899262 - NODATA", - "ingestionTime": 1760899284289, - "eventId": "39269364000383747092539936282143032915656252264968749056" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899187000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899187 1760899266 - NODATA", - "ingestionTime": 1760899291413, - "eventId": "39269364089586727886662428856898380600297619606114140160" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899190000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899190 1760899260 - NODATA", - "ingestionTime": 1760899276225, - "eventId": "39269364156488963482254298263144306458468370593886044160" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899193000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899193 1760899277 - NODATA", - "ingestionTime": 1760899303806, - "eventId": "39269364223391199077846167721094564420197117221625790464" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899196000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899196 1760899260 - NODATA", - "ingestionTime": 1760899334586, - "eventId": "39269364290293434673438037182912416456716008702408523776" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899213000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899213 1760899289 - NODATA", - "ingestionTime": 1760899311121, - "eventId": "39269364669406103048458630560652132630159455450075103232" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899216000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899216 1760899295 - NODATA", - "ingestionTime": 1760899318499, - "eventId": "39269364736308338644050499994179034332937535505210343424" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899227000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899227 1760899305 - NODATA", - "ingestionTime": 1760899326390, - "eventId": "39269364981616535827887354560611681081931410087592263680" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899232 1760899310 - NODATA", - "ingestionTime": 1760899336203, - "eventId": "39269365093120261820540470280153350599481452527376269312" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899243000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899243 1760899323 - NODATA", - "ingestionTime": 1760899343742, - "eventId": "39269365338428459004377324846160248388421245006660304896" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899249000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899249 1760899320 - NODATA", - "ingestionTime": 1760899336117, - "eventId": "39269365472232930195561063686156260435021330376417148928" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899249000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899249 1760899327 - NODATA", - "ingestionTime": 1760899352321, - "eventId": "39269365472232930195561063705745793873400791408967090176" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899251000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899251 1760899336 - NODATA", - "ingestionTime": 1760899367212, - "eventId": "39269365516834420592622310006819254946281577326604779520" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899274000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899274 1760899353 - NODATA", - "ingestionTime": 1760899373962, - "eventId": "39269366029751560158826642270301412512888178252004589568" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899274000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899274 1760899355 - NODATA", - "ingestionTime": 1760899379402, - "eventId": "39269366029751560158826642276877930662977506319400042496" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899284000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899284 1760899362 - NODATA", - "ingestionTime": 1760899386982, - "eventId": "39269366252759012144132873701398387328881161898128637952" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899294000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899294 1760899372 - NODATA", - "ingestionTime": 1760899394477, - "eventId": "39269366475766464129439105125816695702172340211787300864" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899303000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899303 1760899383 - NODATA", - "ingestionTime": 1760899405478, - "eventId": "39269366676473170916214713412937602135678394228114522112" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899308000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899308 1760899386 - NODATA", - "ingestionTime": 1760899413706, - "eventId": "39269366787976896908867829130563046940109806326346612736" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899310000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899310 1760899380 - NODATA", - "ingestionTime": 1760899397821, - "eventId": "39269366832578387305929075394430702698688020571642724352" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899314000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899314 1760899397 - NODATA", - "ingestionTime": 1760899425864, - "eventId": "39269366921781368100051567994475576217536599340043665408" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899334000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899334 1760899415 - NODATA", - "ingestionTime": 1760899441656, - "eventId": "39269367367796272070664030844281469904033722035045597184" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899335000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899335 1760899410 - NODATA", - "ingestionTime": 1760899430876, - "eventId": "39269367390097017269194653972784979191565215734678749184" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899347000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899347 1760899423 - NODATA", - "ingestionTime": 1760899447684, - "eventId": "39269367657705959651562131691532913759489711811767500800" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899354000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899354 1760899432 - NODATA", - "ingestionTime": 1760899456589, - "eventId": "39269367813811176041276493693048475725746690637326057472" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899363000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899363 1760899442 - NODATA", - "ingestionTime": 1760899463202, - "eventId": "39269368014517882828052101974864753397017949679660957696" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899367000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899367 1760899446 - NODATA", - "ingestionTime": 1760899472723, - "eventId": "39269368103720863622174594552517552425934392550237077504" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899371000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899371 1760899440 - NODATA", - "ingestionTime": 1760899455859, - "eventId": "39269368192923844416297087098273510881125605169948065792" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899375000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899375 1760899457 - NODATA", - "ingestionTime": 1760899487495, - "eventId": "39269368282126825210419579702662044707283407383455531008" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899392000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899392 1760899469 - NODATA", - "ingestionTime": 1760899490579, - "eventId": "39269368661239493585440173112497448504418584276237156352" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899394000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899394 1760899475 - NODATA", - "ingestionTime": 1760899499905, - "eventId": "39269368705840983982501419406842983598809204891447328768" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899404000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899404 1760899481 - NODATA", - "ingestionTime": 1760899505766, - "eventId": "39269368928848435967807650829285727947167171314158731264" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899410000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899410 1760899487 - NODATA", - "ingestionTime": 1760899518280, - "eventId": "39269369062652907158991389693628934917572999196216262656" - } - ], - "eni-0c1065c914ddc0b88-all": [ - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899033000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899033 1760899111 - NODATA", - "ingestionTime": 1760899131705, - "eventId": "39269360655271967312946464867322652502059743183076327424" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899040000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899040 1760899118 - NODATA", - "ingestionTime": 1760899137950, - "eventId": "39269360811377183702660826865622290103622366602256842752" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899046000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899046 1760899124 - NODATA", - "ingestionTime": 1760899144556, - "eventId": "39269360945181654893844565722822361767392100902754582528" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899056000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899056 1760899132 - NODATA", - "ingestionTime": 1760899177328, - "eventId": "39269361168189106879150797177798657782901584726127869952" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899063000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899063 1760899143 - NODATA", - "ingestionTime": 1760899169949, - "eventId": "39269361324294323268865159159627891617325295385041436672" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899064000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899064 1760899140 - NODATA", - "ingestionTime": 1760899159431, - "eventId": "39269361346595068467395782288448135197190114468420583424" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899074000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899074 1760899156 - NODATA", - "ingestionTime": 1760899175275, - "eventId": "39269361569602520452702013722959486324680047180535889920" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899083000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899083 1760899166 - NODATA", - "ingestionTime": 1760899185928, - "eventId": "39269361770309227239477622009659656615414527865242583040" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899092000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899092 1760899165 - NODATA", - "ingestionTime": 1760899176075, - "eventId": "39269361971015934026253230271570081934998595329796538368" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899096000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899096 1760899172 - NODATA", - "ingestionTime": 1760899192224, - "eventId": "39269362060218914820375722857235374222277287158040035328" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899098000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899098 1760899176 - NODATA", - "ingestionTime": 1760899199417, - "eventId": "39269362104820405217436969149003084469614423673101156352" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899104000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899104 1760899183 - NODATA", - "ingestionTime": 1760899206138, - "eventId": "39269362238624876408620708006342405502528195376838868992" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899120000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899120 1760899191 - NODATA", - "ingestionTime": 1760899236584, - "eventId": "39269362595436799585110678307720767915257233185726332928" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899125000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899125 1760899200 - NODATA", - "ingestionTime": 1760899220918, - "eventId": "39269362706940525577763793996460255943460832392201109504" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899128000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899128 1760899204 - NODATA", - "ingestionTime": 1760899231844, - "eventId": "39269362773842761173355663434276318502510064397876527104" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899135000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899135 1760899213 - NODATA", - "ingestionTime": 1760899237314, - "eventId": "39269362929947977563070025431638968432093462264361123840" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899141000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899141 1760899224 - NODATA", - "ingestionTime": 1760899246469, - "eventId": "39269363063752448754253764291921197519833887840925450240" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899153000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899153 1760899221 - NODATA", - "ingestionTime": 1760899236692, - "eventId": "39269363331361391136621241978529841373228806547492372480" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899156000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899156 1760899232 - NODATA", - "ingestionTime": 1760899254316, - "eventId": "39269363398263626732213111424443243766834742078299963392" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899158000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899158 1760899236 - NODATA", - "ingestionTime": 1760899261035, - "eventId": "39269363442865117129274357715637800582458712370902073344" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899178000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899178 1760899252 - NODATA", - "ingestionTime": 1760899297290, - "eventId": "39269363888880021099886820590181698295679974565315739648" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899182000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899182 1760899260 - NODATA", - "ingestionTime": 1760899280382, - "eventId": "39269363978083001894009313135883871550789736714335223808" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899187000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899187 1760899265 - NODATA", - "ingestionTime": 1760899292137, - "eventId": "39269364089586727886662428857773429136984229455763341312" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899195000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899195 1760899273 - NODATA", - "ingestionTime": 1760899296711, - "eventId": "39269364267992689474907413995588979756838792680283045888" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899203000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899203 1760899285 - NODATA", - "ingestionTime": 1760899308052, - "eventId": "39269364446398651063152399141585090918819749021377363968" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899212000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899212 1760899281 - NODATA", - "ingestionTime": 1760899298603, - "eventId": "39269364647105357849928007403983341063954283086051934208" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899215000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899215 1760899291 - NODATA", - "ingestionTime": 1760899314667, - "eventId": "39269364714007593445519876848010854729212200078675476480" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899218000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899218 1760899297 - NODATA", - "ingestionTime": 1760899318310, - "eventId": "39269364780909829041111746277021645179191239808600047616" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899226000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899226 1760899304 - NODATA", - "ingestionTime": 1760899326316, - "eventId": "39269364959315790629356731418986118130536925037518389248" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899237000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899237 1760899311 - NODATA", - "ingestionTime": 1760899357590, - "eventId": "39269365204623987813193586013687306980555969919094620160" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899245000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899245 1760899320 - NODATA", - "ingestionTime": 1760899339320, - "eventId": "39269365383029949401438571123885830990629396754181455872" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899246000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899246 1760899324 - NODATA", - "ingestionTime": 1760899349453, - "eventId": "39269365405330694599969194277671333444670725721594920960" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899253000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899253 1760899332 - NODATA", - "ingestionTime": 1760899355965, - "eventId": "39269365561435910989683556276294226634700045831045709824" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899260000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899260 1760899342 - NODATA", - "ingestionTime": 1760899367285, - "eventId": "39269365717541127379397918280729457563060667479143677952" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899271000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899271 1760899340 - NODATA", - "ingestionTime": 1760899358012, - "eventId": "39269365962849324563234772826411456326433139600299589632" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899277000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899277 1760899358 - NODATA", - "ingestionTime": 1760899379932, - "eventId": "39269366096653795754418511702125555646941690228634025984" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899280000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899280 1760899354 - NODATA", - "ingestionTime": 1760899373791, - "eventId": "39269366163556031350010381119308943134728694973349036032" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899287000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899287 1760899365 - NODATA", - "ingestionTime": 1760899387122, - "eventId": "39269366319661247739724743126174945862220594307798401024" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899296000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899296 1760899370 - NODATA", - "ingestionTime": 1760899417363, - "eventId": "39269366520367954526500351436555808711909606142480023552" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899303000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899303 1760899380 - NODATA", - "ingestionTime": 1760899401909, - "eventId": "39269366676473170916214713408623065001550703702154543104" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899307000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899307 1760899383 - NODATA", - "ingestionTime": 1760899409238, - "eventId": "39269366765676151710337205983626119966033254102925901824" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899314000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899314 1760899394 - NODATA", - "ingestionTime": 1760899415337, - "eventId": "39269366921781368100051567981749449595694558573866647552" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899324000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899324 1760899407 - NODATA", - "ingestionTime": 1760899426496, - "eventId": "39269367144788820085357799410596776768436318073229869056" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899330000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899330 1760899401 - NODATA", - "ingestionTime": 1760899416680, - "eventId": "39269367278593291276541538247944144611040782249052209152" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899332000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899332 1760899411 - NODATA", - "ingestionTime": 1760899433019, - "eventId": "39269367323194781673602784550768585739390411542126460928" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899336000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899336 1760899417 - NODATA", - "ingestionTime": 1760899441788, - "eventId": "39269367412397762467725277127512237825223402116720689152" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899346000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899346 1760899426 - NODATA", - "ingestionTime": 1760899445148, - "eventId": "39269367635405214453031508546931419772956448249760251904" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899359000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899359 1760899432 - NODATA", - "ingestionTime": 1760899476491, - "eventId": "39269367925314902033929609424786991761781626531123036160" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899362000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899362 1760899441 - NODATA", - "ingestionTime": 1760899460671, - "eventId": "39269367992217137629521478830269449240112434646753738752" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899366000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899366 1760899443 - NODATA", - "ingestionTime": 1760899468688, - "eventId": "39269368081420118423643971406103859309591387589274501120" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899376000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899376 1760899453 - NODATA", - "ingestionTime": 1760899476785, - "eventId": "39269368304427570408950202831249919970625624526780694528" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899384000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899384 1760899466 - NODATA", - "ingestionTime": 1760899488248, - "eventId": "39269368482833531997195187977393757885480410767471214592" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899393000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899393 1760899463 - NODATA", - "ingestionTime": 1760899476616, - "eventId": "39269368683540238783970796237152821956634466018501394432" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899396000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899396 1760899472 - NODATA", - "ingestionTime": 1760899492814, - "eventId": "39269368750442474379562665681342390226297253743843213312" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899398000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899398 1760899476 - NODATA", - "ingestionTime": 1760899499578, - "eventId": "39269368795043964776623911972590426561877822674179457024" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899404000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899404 1760899483 - NODATA", - "ingestionTime": 1760899507248, - "eventId": "39269368928848435967807650831077445246919319457277739008" - } - ], - "eni-0b032bdd6415e28d2-all": [ - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899035000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899035 1760899113 - NODATA", - "ingestionTime": 1760899133136, - "eventId": "39269360699873457710007711152123610062180414944395264000" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899038000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899038 1760899114 - NODATA", - "ingestionTime": 1760899141191, - "eventId": "39269360766775693305599580586468728036916112958741348352" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899050000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899050 1760899123 - NODATA", - "ingestionTime": 1760899146046, - "eventId": "39269361034384635687967058290766595601835303791956525056" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899058000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899058 1760899131 - NODATA", - "ingestionTime": 1760899159863, - "eventId": "39269361212790597276212043439756002440073202307487825920" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899063000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899063 1760899141 - NODATA", - "ingestionTime": 1760899167762, - "eventId": "39269361324294323268865159156984140043621645568457375744" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899068000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899068 1760899140 - NODATA", - "ingestionTime": 1760899157657, - "eventId": "39269361435798049261518274852446799470266395671291756544" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899068000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899068 1760899151 - NODATA", - "ingestionTime": 1760899175983, - "eventId": "39269361435798049261518274874601161818209012954061209600" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899095000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899095 1760899173 - NODATA", - "ingestionTime": 1760899195345, - "eventId": "39269362037918169621845099719473117068327781693816504320" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899098000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899098 1760899177 - NODATA", - "ingestionTime": 1760899204131, - "eventId": "39269362104820405217436969154701463979111391750678577152" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899106000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899106 1760899186 - NODATA", - "ingestionTime": 1760899211311, - "eventId": "39269362283226366805681954295667591380534219155025690624" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899114000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899114 1760899186 - NODATA", - "ingestionTime": 1760899204393, - "eventId": "39269362461632328393926939419589915749741929816441094144" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899122000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899122 1760899203 - NODATA", - "ingestionTime": 1760899228656, - "eventId": "39269362640038289982171924581207850598435590163328860160" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899125000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899125 1760899194 - NODATA", - "ingestionTime": 1760899249065, - "eventId": "39269362706940525577763794030487974742181412238673444864" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899127000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899127 1760899200 - NODATA", - "ingestionTime": 1760899220738, - "eventId": "39269362751542015974825040279314179297414635168363315200" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899132000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899132 1760899213 - NODATA", - "ingestionTime": 1760899241591, - "eventId": "39269362863045741967478156012202532532736419493011783680" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899143000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899143 1760899223 - NODATA", - "ingestionTime": 1760899253281, - "eventId": "39269363108353939151315010583227663416625814834351243264" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899156000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899156 1760899234 - NODATA", - "ingestionTime": 1760899255488, - "eventId": "39269363398263626732213111425859902023189279008363118592" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899159000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899159 1760899237 - NODATA", - "ingestionTime": 1760899264361, - "eventId": "39269363465165862327804980861194073115574920556078891008" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899168000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899168 1760899246 - NODATA", - "ingestionTime": 1760899269260, - "eventId": "39269363665872569114580589140938428252512150847914049536" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899179000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899179 1760899253 - NODATA", - "ingestionTime": 1760899287510, - "eventId": "39269363911180766298417443719894074932119288698675789824" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899184000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899184 1760899263 - NODATA", - "ingestionTime": 1760899286796, - "eventId": "39269364022684492291070559426709282053852418506933469184" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899189000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899189 1760899260 - NODATA", - "ingestionTime": 1760899280283, - "eventId": "39269364134188218283723675126514426166813898814862065664" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899190000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899190 1760899270 - NODATA", - "ingestionTime": 1760899299057, - "eventId": "39269364156488963482254298290746226088810990608511533056" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899196000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899196 1760899280 - NODATA", - "ingestionTime": 1760899311828, - "eventId": "39269364290293434673438037155400062015818871861690368000" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899215000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899215 1760899294 - NODATA", - "ingestionTime": 1760899324767, - "eventId": "39269364714007593445519876860221022069360705824598065152" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899216000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899216 1760899291 - NODATA", - "ingestionTime": 1760899311774, - "eventId": "39269364736308338644050499986049101087749757179034533888" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899228000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899228 1760899305 - NODATA", - "ingestionTime": 1760899327496, - "eventId": "39269365003917281026417977703483983765827058252031524864" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899236000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899236 1760899313 - NODATA", - "ingestionTime": 1760899372153, - "eventId": "39269365182323242614662962889757246868346573266567036928" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899242000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899242 1760899322 - NODATA", - "ingestionTime": 1760899351210, - "eventId": "39269365316127713805846701713652516863299726898767265792" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899245000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899245 1760899316 - NODATA", - "ingestionTime": 1760899326734, - "eventId": "39269365383029949401438571108670116921054093554823528448" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899246000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899246 1760899320 - NODATA", - "ingestionTime": 1760899342709, - "eventId": "39269365405330694599969194269518376122630654525933879296" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899252000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899252 1760899335 - NODATA", - "ingestionTime": 1760899360418, - "eventId": "39269365539135165791152933140142033914622429515450417152" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899264000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899264 1760899343 - NODATA", - "ingestionTime": 1760899373218, - "eventId": "39269365806744108173520410854044313792513119479803084800" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899275000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899275 1760899355 - NODATA", - "ingestionTime": 1760899375908, - "eventId": "39269366052052305357357265414189441517385877666894970880" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899279000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899279 1760899352 - NODATA", - "ingestionTime": 1760899369219, - "eventId": "39269366141255286151479757972246010380988764276406026240" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899281000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899281 1760899359 - NODATA", - "ingestionTime": 1760899386093, - "eventId": "39269366185856776548541004275716839020567135377730371584" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899291000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899291 1760899368 - NODATA", - "ingestionTime": 1760899396136, - "eventId": "39269366408864228533847235703215102353670681361569349632" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899305000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899305 1760899382 - NODATA", - "ingestionTime": 1760899411018, - "eventId": "39269366721074661313275959702706255481084640795688894464" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899307000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899307 1760899380 - NODATA", - "ingestionTime": 1760899401309, - "eventId": "39269366765676151710337205974040218737002706934304473088" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899307000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899307 1760899377 - NODATA", - "ingestionTime": 1760899407058, - "eventId": "39269366765676151710337205980990486288538753834262528000" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899310000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899310 1760899393 - NODATA", - "ingestionTime": 1760899419461, - "eventId": "39269366832578387305929075420592256492361369792011894784" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899324000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899324 1760899404 - NODATA", - "ingestionTime": 1760899433640, - "eventId": "39269367144788820085357799419233581698511609406149165056" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899335000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899335 1760899412 - NODATA", - "ingestionTime": 1760899433908, - "eventId": "39269367390097017269194653976450088980403729997574832128" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899339000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899339 1760899418 - NODATA", - "ingestionTime": 1760899443512, - "eventId": "39269367479299998063317146554203490059711429749104771072" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899352000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899352 1760899428 - NODATA", - "ingestionTime": 1760899450328, - "eventId": "39269367769209685644215247402407859453740699287278387200" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899361000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899361 1760899433 - NODATA", - "ingestionTime": 1760899454519, - "eventId": "39269367969916392430990855681296183876299316157353951232" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899366000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899366 1760899444 - NODATA", - "ingestionTime": 1760899474591, - "eventId": "39269368081420118423643971413240484439095664219683618816" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899367000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899367 1760899442 - NODATA", - "ingestionTime": 1760899465925, - "eventId": "39269368103720863622174594544299428355023128143241412608" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899368000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899368 1760899453 - NODATA", - "ingestionTime": 1760899486443, - "eventId": "39269368126021608820705217710640157343359909657957302272" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899371000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899371 1760899440 - NODATA", - "ingestionTime": 1760899453355, - "eventId": "39269368192923844416297087095246106187430342297292636160" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899394000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899394 1760899469 - NODATA", - "ingestionTime": 1760899492226, - "eventId": "39269368705840983982501419397559717026373074890956865536" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899395000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899395 1760899474 - NODATA", - "ingestionTime": 1760899499679, - "eventId": "39269368728141729181032042548105768502328698924799033344" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899401000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899401 1760899480 - NODATA", - "ingestionTime": 1760899505761, - "eventId": "39269368861946200372215781404672778473133206005118402560" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899411000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899411 1760899487 - NODATA", - "ingestionTime": 1760899516510, - "eventId": "39269369084953652357522012833024672600503351423856934912" - } - ], - "eni-0412563bcfde47c07-all": [ - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899035000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899035 1760899115 - NODATA", - "ingestionTime": 1760899136495, - "eventId": "39269360699873457710007711156184720977592577186848636928" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899040000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899040 1760899119 - NODATA", - "ingestionTime": 1760899143305, - "eventId": "39269360811377183702660826872095664712709160858448297984" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899053000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899053 1760899129 - NODATA", - "ingestionTime": 1760899149871, - "eventId": "39269361101286871283558927719998164556081147111036944384" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899061000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899061 1760899143 - NODATA", - "ingestionTime": 1760899171229, - "eventId": "39269361279692832871803912878103970731973143505727586304" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899065000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899065 1760899134 - NODATA", - "ingestionTime": 1760899159080, - "eventId": "39269361368895813665926405429559601888144427773353132032" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899067000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899067 1760899140 - NODATA", - "ingestionTime": 1760899158188, - "eventId": "39269361413497304062987651711552518719516224710275825664" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899069000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899069 1760899153 - NODATA", - "ingestionTime": 1760899183464, - "eventId": "39269361458098794460048898025181141301956577880678137856" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899079000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899079 1760899147 - NODATA", - "ingestionTime": 1760899160601, - "eventId": "39269361681106246445355129412898811658073252175123316736" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899087000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899087 1760899166 - NODATA", - "ingestionTime": 1760899189376, - "eventId": "39269361859512208033600114579970893901776463807182798848" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899097000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899097 1760899176 - NODATA", - "ingestionTime": 1760899197279, - "eventId": "39269362082519660018906346004882537813687509194151165952" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899101000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899101 1760899179 - NODATA", - "ingestionTime": 1760899207385, - "eventId": "39269362171722640813028838583242579865759321101520076800" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899110000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899110 1760899188 - NODATA", - "ingestionTime": 1760899210660, - "eventId": "39269362372429347599804446861023392143998122008465309696" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899125000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899125 1760899194 - NODATA", - "ingestionTime": 1760899218812, - "eventId": "39269362706940525577763793993914106303142960102158041088" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899127000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899127 1760899203 - NODATA", - "ingestionTime": 1760899219418, - "eventId": "39269362751542015974825040277718476328369986825337700352" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899128000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899128 1760899200 - NODATA", - "ingestionTime": 1760899219120, - "eventId": "39269362773842761173355663418894165674178680573615538176" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899128000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899128 1760899205 - NODATA", - "ingestionTime": 1760899229665, - "eventId": "39269362773842761173355663431641781566952475279059255296" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899131000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899131 1760899216 - NODATA", - "ingestionTime": 1760899246092, - "eventId": "39269362840744996768947532876108041980772891761732091904" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899154000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899154 1760899229 - NODATA", - "ingestionTime": 1760899251163, - "eventId": "39269363353662136335151865137560078513468959389785718784" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899156000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899156 1760899234 - NODATA", - "ingestionTime": 1760899255712, - "eventId": "39269363398263626732213111426130916777394430857751101440" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899161000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899161 1760899240 - NODATA", - "ingestionTime": 1760899263829, - "eventId": "39269363509767352724866227143622613852783293494349135872" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899165000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899165 1760899246 - NODATA", - "ingestionTime": 1760899273641, - "eventId": "39269363598970333518988719721627354493523822240846249984" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899185000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899185 1760899255 - NODATA", - "ingestionTime": 1760899281581, - "eventId": "39269364044985237489601182561940566582802392043117805568" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899187000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899187 1760899274 - NODATA", - "ingestionTime": 1760899303013, - "eventId": "39269364089586727886662428870921814201369867240798355456" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899189000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899189 1760899265 - NODATA", - "ingestionTime": 1760899290113, - "eventId": "39269364134188218283723675138397685858692808796273704960" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899190000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899190 1760899260 - NODATA", - "ingestionTime": 1760899280671, - "eventId": "39269364156488963482254298268519062333023165200494231552" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899193000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899193 1760899263 - NODATA", - "ingestionTime": 1760899278795, - "eventId": "39269364223391199077846167690858269798831755613942710272" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899207000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899207 1760899286 - NODATA", - "ingestionTime": 1760899310638, - "eventId": "39269364535601631857274891710854073565882969999478882304" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899215000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899215 1760899292 - NODATA", - "ingestionTime": 1760899315726, - "eventId": "39269364714007593445519876849290783883655349661687152640" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899221000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899221 1760899301 - NODATA", - "ingestionTime": 1760899327482, - "eventId": "39269364847812064636703615712717370070625663115083776000" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899229000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899229 1760899308 - NODATA", - "ingestionTime": 1760899331997, - "eventId": "39269365026218026224948600850461253750180961257934094336" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899246000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899246 1760899320 - NODATA", - "ingestionTime": 1760899337920, - "eventId": "39269365405330694599969194263728842467517601889384857600" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899248000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899248 1760899316 - NODATA", - "ingestionTime": 1760899340670, - "eventId": "39269365449932184997030440550125147054714641578971234304" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899248000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899248 1760899326 - NODATA", - "ingestionTime": 1760899350749, - "eventId": "39269365449932184997030440562310038574271999808824475648" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899248000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899248 1760899334 - NODATA", - "ingestionTime": 1760899362257, - "eventId": "39269365449932184997030440576222135510589021884186427392" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899250000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899250 1760899322 - NODATA", - "ingestionTime": 1760899338788, - "eventId": "39269365494533675394091686830921152320352927561249128448" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899270000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899270 1760899347 - NODATA", - "ingestionTime": 1760899368708, - "eventId": "39269365940548579364704149697806783144105333794766585856" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899275000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899275 1760899355 - NODATA", - "ingestionTime": 1760899377918, - "eventId": "39269366052052305357357265416619650568836686043098578944" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899282000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899282 1760899359 - NODATA", - "ingestionTime": 1760899382772, - "eventId": "39269366208157521747071627413237592563353248892668477440" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899289000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899289 1760899368 - NODATA", - "ingestionTime": 1760899393097, - "eventId": "39269366364262738136785989416469683496947752941870645248" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899306000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899306 1760899383 - NODATA", - "ingestionTime": 1760899410529, - "eventId": "39269366743375406511806582843650936186411307196496478208" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899307000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899307 1760899377 - NODATA", - "ingestionTime": 1760899397968, - "eventId": "39269366765676151710337205970001456823899431732343996416" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899307000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899307 1760899380 - NODATA", - "ingestionTime": 1760899400607, - "eventId": "39269366765676151710337205973191896492119022919563018240" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899309000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899309 1760899396 - NODATA", - "ingestionTime": 1760899423126, - "eventId": "39269366810277642107398452283487031653564659198874484736" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899316000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899316 1760899382 - NODATA", - "ingestionTime": 1760899399106, - "eventId": "39269366966382858497112814245198916281112315683434004480" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899331000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899331 1760899406 - NODATA", - "ingestionTime": 1760899430913, - "eventId": "39269367300894036475072161406686974765064859028356005888" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899335000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899335 1760899415 - NODATA", - "ingestionTime": 1760899437272, - "eventId": "39269367390097017269194653980516978150189752716098142208" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899339000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899339 1760899418 - NODATA", - "ingestionTime": 1760899447124, - "eventId": "39269367479299998063317146558570512292617288860634185728" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899351000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899351 1760899427 - NODATA", - "ingestionTime": 1760899454220, - "eventId": "39269367746908940445684624265577228552990440521160261632" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899366000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899366 1760899439 - NODATA", - "ingestionTime": 1760899459961, - "eventId": "39269368081420118423643971395553591908768001739518377984" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899369000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899369 1760899440 - NODATA", - "ingestionTime": 1760899457693, - "eventId": "39269368148322354019235840817419132639093943126178463744" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899369000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899369 1760899444 - NODATA", - "ingestionTime": 1760899469981, - "eventId": "39269368148322354019235840832274191397035876158754783232" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899369000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899369 1760899454 - NODATA", - "ingestionTime": 1760899484008, - "eventId": "39269368148322354019235840849232080110616189955149922304" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899374000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899374 1760899441 - NODATA", - "ingestionTime": 1760899460296, - "eventId": "39269368259826080011888956528244589978217412339484983296" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899392000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899392 1760899467 - NODATA", - "ingestionTime": 1760899489716, - "eventId": "39269368661239493585440173111454201356029973516445417472" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899395000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899395 1760899475 - NODATA", - "ingestionTime": 1760899496760, - "eventId": "39269368728141729181032042544576516340573757947585167360" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899402000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899402 1760899481 - NODATA", - "ingestionTime": 1760899503957, - "eventId": "39269368884246945570746404544027514969411264622420295680" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899413000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899413 1760899488 - NODATA", - "ingestionTime": 1760899511503, - "eventId": "39269369129555142754583259110043103669214552903807205376" - } - ], - "eni-0affc8cb976d281e4-all": [ - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899035000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899035 1760899116 - NODATA", - "ingestionTime": 1760899138840, - "eventId": "39269360699873457710007711159019469104701397634533228544" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899046000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899046 1760899125 - NODATA", - "ingestionTime": 1760899146967, - "eventId": "39269360945181654893844565725737606527934368011554914304" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899060000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899060 1760899132 - NODATA", - "ingestionTime": 1760899190646, - "eventId": "39269361257392087673273289760042133263107400332285378560" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899066000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899066 1760899146 - NODATA", - "ingestionTime": 1760899167560, - "eventId": "39269361391196558864457028581347041359969927984593829888" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899074000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899074 1760899154 - NODATA", - "ingestionTime": 1760899179105, - "eventId": "39269361569602520452702013727590210801973350606697005056" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899087000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899087 1760899164 - NODATA", - "ingestionTime": 1760899192244, - "eventId": "39269361859512208033600114583438176555824605694748459008" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899094000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899094 1760899177 - NODATA", - "ingestionTime": 1760899198599, - "eventId": "39269362015617424423314476581871073057489942101635956736" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899096000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899096 1760899173 - NODATA", - "ingestionTime": 1760899189115, - "eventId": "39269362060218914820375722853477185278320939846186958848" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899109000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899109 1760899185 - NODATA", - "ingestionTime": 1760899210726, - "eventId": "39269362350128602401273823719567361138346684332021776384" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899122000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899122 1760899194 - NODATA", - "ingestionTime": 1760899250823, - "eventId": "39269362640038289982171924608006329965051610956954140672" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899124000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899124 1760899206 - NODATA", - "ingestionTime": 1760899227914, - "eventId": "39269362684639780379233170863382549457541174480434364416" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899126000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899126 1760899200 - NODATA", - "ingestionTime": 1760899219338, - "eventId": "39269362729241270776294417136085999322452702428389244928" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899144000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899144 1760899226 - NODATA", - "ingestionTime": 1760899247368, - "eventId": "39269363130654684349845633717615132665541153038186250240" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899153000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899153 1760899235 - NODATA", - "ingestionTime": 1760899261725, - "eventId": "39269363331361391136621242008792839945762262059483660288" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899167000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899167 1760899245 - NODATA", - "ingestionTime": 1760899268996, - "eventId": "39269363643571823916049965999083152685223837249222017024" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899182000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899182 1760899254 - NODATA", - "ingestionTime": 1760899310544, - "eventId": "39269363978083001894009313172347560528882751266101002240" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899184000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899184 1760899260 - NODATA", - "ingestionTime": 1760899281322, - "eventId": "39269364022684492291070559420091896183115699813441011712" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899186000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899186 1760899266 - NODATA", - "ingestionTime": 1760899287931, - "eventId": "39269364067285982688131805711152844471674574293835710464" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899194000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899194 1760899275 - NODATA", - "ingestionTime": 1760899299457, - "eventId": "39269364245691944276376790857372500237716647776452476928" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899204000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899204 1760899285 - NODATA", - "ingestionTime": 1760899309818, - "eventId": "39269364468699396261683022285255354161015274794248699904" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899213000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899213 1760899295 - NODATA", - "ingestionTime": 1760899320882, - "eventId": "39269364669406103048458630572452503370674395929094586368" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899215000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899215 1760899293 - NODATA", - "ingestionTime": 1760899311810, - "eventId": "39269364714007593445519876844556444173706942228705116160" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899229000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899229 1760899309 - NODATA", - "ingestionTime": 1760899328555, - "eventId": "39269365026218026224948600846300242377921950412429459456" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899241000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899241 1760899325 - NODATA", - "ingestionTime": 1760899348957, - "eventId": "39269365293826968607316078569393086186336604020860649472" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899241000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899241 1760899314 - NODATA", - "ingestionTime": 1760899372605, - "eventId": "39269365293826968607316078597982298375350150780347219968" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899245000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899245 1760899321 - NODATA", - "ingestionTime": 1760899340200, - "eventId": "39269365383029949401438571124949559171644792505665978368" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899251000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899251 1760899335 - NODATA", - "ingestionTime": 1760899359866, - "eventId": "39269365516834420592622309997938463861202851147023974400" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899266000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899266 1760899345 - NODATA", - "ingestionTime": 1760899367752, - "eventId": "39269365851345598570581657130508151919096926587179171840" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899272000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899272 1760899359 - NODATA", - "ingestionTime": 1760899383256, - "eventId": "39269365985150069761765395998465481644863673480582332416" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899276000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899276 1760899352 - NODATA", - "ingestionTime": 1760899370378, - "eventId": "39269366074353050555887888549039652693215533761524727808" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899288000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899288 1760899366 - NODATA", - "ingestionTime": 1760899388583, - "eventId": "39269366341961992938255366269476998944118616763606564864" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899303000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899303 1760899381 - NODATA", - "ingestionTime": 1760899400318, - "eventId": "39269366676473170916214713406699804785352071340302925824" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899303000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899303 1760899375 - NODATA", - "ingestionTime": 1760899429510, - "eventId": "39269366676473170916214713441990338386303280666812350464" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899307000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899307 1760899384 - NODATA", - "ingestionTime": 1760899411298, - "eventId": "39269366765676151710337205986116559650590329171965837312" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899312000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899312 1760899394 - NODATA", - "ingestionTime": 1760899422796, - "eventId": "39269366877179877702990321707695130867012944863901057024" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899322000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899322 1760899403 - NODATA", - "ingestionTime": 1760899428577, - "eventId": "39269367100187329688296553130041479120048520123150827520" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899334000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899334 1760899412 - NODATA", - "ingestionTime": 1760899432439, - "eventId": "39269367367796272070664030833138720654446275223893245952" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899334000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899334 1760899414 - NODATA", - "ingestionTime": 1760899439881, - "eventId": "39269367367796272070664030842135296708003520290717499392" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899347000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899347 1760899424 - NODATA", - "ingestionTime": 1760899451070, - "eventId": "39269367657705959651562131695626595798239555883438637056" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899361000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899361 1760899435 - NODATA", - "ingestionTime": 1760899490451, - "eventId": "39269367969916392430990855724735341148002908163555328000" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899364000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899364 1760899441 - NODATA", - "ingestionTime": 1760899459187, - "eventId": "39269368036818628026582725111546443776056460041485942784" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899366000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899366 1760899447 - NODATA", - "ingestionTime": 1760899471147, - "eventId": "39269368081420118423643971409076505618835547023528493056" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899370000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899370 1760899452 - NODATA", - "ingestionTime": 1760899479024, - "eventId": "39269368170623099217766463984742283714993043411306807296" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899382000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899382 1760899467 - NODATA", - "ingestionTime": 1760899488669, - "eventId": "39269368438232041600133941694831139681884182062797881344" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899394000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899394 1760899475 - NODATA", - "ingestionTime": 1760899502220, - "eventId": "39269368705840983982501419409641737709798658672228827136" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899398000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899398 1760899473 - NODATA", - "ingestionTime": 1760899489665, - "eventId": "39269368795043964776623911960606453012996625068128206848" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899409000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899409 1760899486 - NODATA", - "ingestionTime": 1760899512065, - "eventId": "39269369040352161960460766544579612106892416237728497664" - } - ], - "eni-0cc527ecbe7a26eaf-all": [ - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899035000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899035 1760899117 - NODATA", - "ingestionTime": 1760899142936, - "eventId": "39269360699873457710007711163971510559320265101743685632" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899036000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899036 1760899114 - NODATA", - "ingestionTime": 1760899134414, - "eventId": "39269360722174202908538334295204820463313948714318168064" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899050000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899050 1760899129 - NODATA", - "ingestionTime": 1760899152727, - "eventId": "39269361034384635687967058298843497727773204937133850624" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899063000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899063 1760899133 - NODATA", - "ingestionTime": 1760899185523, - "eventId": "39269361324294323268865159178455904111196628287686770688" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899065000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899065 1760899140 - NODATA", - "ingestionTime": 1760899158843, - "eventId": "39269361368895813665926405429273417399856208608128204800" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899066000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899066 1760899145 - NODATA", - "ingestionTime": 1760899168245, - "eventId": "39269361391196558864457028582175509246823037858524626944" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899072000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899072 1760899154 - NODATA", - "ingestionTime": 1760899181163, - "eventId": "39269361525001030055640767447006181139772869756776218624" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899090000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899090 1760899170 - NODATA", - "ingestionTime": 1760899193900, - "eventId": "39269361926414443629191984010047495961379235145155215360" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899092000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899092 1760899177 - NODATA", - "ingestionTime": 1760899202749, - "eventId": "39269361971015934026253230303816785979875019549754589184" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899110000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899110 1760899188 - NODATA", - "ingestionTime": 1760899210860, - "eventId": "39269362372429347599804446861265377207808753828176592896" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899125000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899125 1760899204 - NODATA", - "ingestionTime": 1760899230989, - "eventId": "39269362706940525577763794008635558579997690313193750528" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899126000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899126 1760899200 - NODATA", - "ingestionTime": 1760899219830, - "eventId": "39269362729241270776294417136680824586241537371595341824" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899127000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899127 1760899212 - NODATA", - "ingestionTime": 1760899242326, - "eventId": "39269362751542015974825040305412561063885034823646773248" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899146000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899146 1760899226 - NODATA", - "ingestionTime": 1760899246152, - "eventId": "39269363175256174746906879999216657007477593368650383360" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899152000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899152 1760899231 - NODATA", - "ingestionTime": 1760899253019, - "eventId": "39269363309060645938090618856732243219578704771989635072" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899156000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899156 1760899237 - NODATA", - "ingestionTime": 1760899263736, - "eventId": "39269363398263626732213111435831655263089646910124851200" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899170000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899170 1760899247 - NODATA", - "ingestionTime": 1760899271074, - "eventId": "39269363710474059511641835426202440992731308715443683328" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899184000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899184 1760899260 - NODATA", - "ingestionTime": 1760899279688, - "eventId": "39269364022684492291070559418116119557759800710406471680" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899186000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899186 1760899257 - NODATA", - "ingestionTime": 1760899306262, - "eventId": "39269364067285982688131805733313731667256371536065331200" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899188000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899188 1760899266 - NODATA", - "ingestionTime": 1760899288672, - "eventId": "39269364111887473085193051995119913844343400534901653504" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899194000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899194 1760899275 - NODATA", - "ingestionTime": 1760899299252, - "eventId": "39269364245691944276376790857125149363662073314597076992" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899204000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899204 1760899285 - NODATA", - "ingestionTime": 1760899309280, - "eventId": "39269364468699396261683022284605296878582061744064102400" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899214000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899214 1760899291 - NODATA", - "ingestionTime": 1760899314311, - "eventId": "39269364691706848246989253706044751639540719357729177600" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899215000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899215 1760899296 - NODATA", - "ingestionTime": 1760899324087, - "eventId": "39269364714007593445519876859398939631364402504914436096" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899232 1760899310 - NODATA", - "ingestionTime": 1760899334354, - "eventId": "39269365093120261820540470277918148826862523982991851520" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899245000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899245 1760899320 - NODATA", - "ingestionTime": 1760899341889, - "eventId": "39269365383029949401438571126991283198097922654519689216" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899245000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899245 1760899325 - NODATA", - "ingestionTime": 1760899348539, - "eventId": "39269365383029949401438571135031132663793566278058115072" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899246000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899246 1760899316 - NODATA", - "ingestionTime": 1760899366160, - "eventId": "39269365405330694599969194297869179122661927007680724992" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899253000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899253 1760899335 - NODATA", - "ingestionTime": 1760899360237, - "eventId": "39269365561435910989683556281458718788128809122697052160" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899263000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899263 1760899343 - NODATA", - "ingestionTime": 1760899367744, - "eventId": "39269365784443362974989787705891158615048326713479266304" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899275000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899275 1760899352 - NODATA", - "ingestionTime": 1760899372061, - "eventId": "39269366052052305357357265409538549045672232196748017664" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899275000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899275 1760899358 - NODATA", - "ingestionTime": 1760899383656, - "eventId": "39269366052052305357357265423556517543661022486787260416" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899290000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899290 1760899367 - NODATA", - "ingestionTime": 1760899391461, - "eventId": "39269366386563483335316612556027451863182680765922607104" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899303000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899303 1760899381 - NODATA", - "ingestionTime": 1760899403625, - "eventId": "39269366676473170916214713410697222888582558342587351040" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899307000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899307 1760899384 - NODATA", - "ingestionTime": 1760899411002, - "eventId": "39269366765676151710337205985758614282112731246506541056" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899314000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899314 1760899394 - NODATA", - "ingestionTime": 1760899419972, - "eventId": "39269366921781368100051567987352686539192809824210518016" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899324000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899324 1760899404 - NODATA", - "ingestionTime": 1760899426887, - "eventId": "39269367144788820085357799411069452063340406770065408000" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899334000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899334 1760899412 - NODATA", - "ingestionTime": 1760899434439, - "eventId": "39269367367796272070664030835556822797651854308072357888" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899334000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899334 1760899417 - NODATA", - "ingestionTime": 1760899446456, - "eventId": "39269367367796272070664030850084056944309412406590767104" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899351000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899351 1760899427 - NODATA", - "ingestionTime": 1760899451312, - "eventId": "39269367746908940445684624262062177639914816024458821632" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899364000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899364 1760899441 - NODATA", - "ingestionTime": 1760899459035, - "eventId": "39269368036818628026582725111362754830102764013299433472" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899364000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899364 1760899446 - NODATA", - "ingestionTime": 1760899470289, - "eventId": "39269368036818628026582725124967908315929005802571956224" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899368000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899368 1760899437 - NODATA", - "ingestionTime": 1760899486041, - "eventId": "39269368126021608820705217710153819616007802450744442880" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899370000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899370 1760899452 - NODATA", - "ingestionTime": 1760899480164, - "eventId": "39269368170623099217766463986120228458155453978742292480" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899383000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899383 1760899466 - NODATA", - "ingestionTime": 1760899488206, - "eventId": "39269368460532786798664564835806916203379451258122797056" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899393000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899393 1760899476 - NODATA", - "ingestionTime": 1760899506645, - "eventId": "39269368683540238783970796273455606208662299519439011840" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899397000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899397 1760899475 - NODATA", - "ingestionTime": 1760899493621, - "eventId": "39269368772743219578093288823853465559792739857376215040" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899410000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899410 1760899488 - NODATA", - "ingestionTime": 1760899512938, - "eventId": "39269369062652907158991389687170444069467983195855192064" - } - ], - "eni-00e49c1a350a96c62-all": [ - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899037000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899037 1760899114 - NODATA", - "ingestionTime": 1760899138767, - "eventId": "39269360744474948107068957442002873060395970223357362176" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899049000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899049 1760899123 - NODATA", - "ingestionTime": 1760899145913, - "eventId": "39269361012083890489436435149070146485244488969436200960" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899057000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899057 1760899130 - NODATA", - "ingestionTime": 1760899154890, - "eventId": "39269361190489852077681420292208780129801594305213628416" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899063000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899063 1760899143 - NODATA", - "ingestionTime": 1760899165282, - "eventId": "39269361324294323268865159153986206642563145982672568320" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899068000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899068 1760899140 - NODATA", - "ingestionTime": 1760899155203, - "eventId": "39269361435798049261518274849479695499931155809958887424" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899069000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899069 1760899149 - NODATA", - "ingestionTime": 1760899172925, - "eventId": "39269361458098794460048898012440441311275205415884881920" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899074000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899074 1760899158 - NODATA", - "ingestionTime": 1760899188149, - "eventId": "39269361569602520452702013738523382166437444405447360512" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899094000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899094 1760899173 - NODATA", - "ingestionTime": 1760899193854, - "eventId": "39269362015617424423314476576134577772443043769486868480" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899098000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899098 1760899175 - NODATA", - "ingestionTime": 1760899198765, - "eventId": "39269362104820405217436969148214454073853692019531972608" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899106000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899106 1760899183 - NODATA", - "ingestionTime": 1760899205855, - "eventId": "39269362283226366805681954289071863715341114358247981056" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899116000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899116 1760899190 - NODATA", - "ingestionTime": 1760899218900, - "eventId": "39269362506233818790988185720199514343819175426755985408" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899124000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899124 1760899200 - NODATA", - "ingestionTime": 1760899223152, - "eventId": "39269362684639780379233170857625462746990168067807838208" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899129000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899129 1760899207 - NODATA", - "ingestionTime": 1760899233704, - "eventId": "39269362796143506371886286578060267268971733818706690048" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899130000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899130 1760899200 - NODATA", - "ingestionTime": 1760899216597, - "eventId": "39269362818444251570416909698915159185654638900559478784" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899132000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899132 1760899217 - NODATA", - "ingestionTime": 1760899249116, - "eventId": "39269362863045741967478156021299470001702103957709324288" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899157000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899157 1760899233 - NODATA", - "ingestionTime": 1760899250348, - "eventId": "39269363420564371930743734561181793392594438106193985536" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899158000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899158 1760899235 - NODATA", - "ingestionTime": 1760899257916, - "eventId": "39269363442865117129274357711867073227048333308284895232" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899167000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899167 1760899242 - NODATA", - "ingestionTime": 1760899266443, - "eventId": "39269363643571823916049965995997165200773008274068602880" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899176000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899176 1760899252 - NODATA", - "ingestionTime": 1760899278154, - "eventId": "39269363844278530702825574283975957584885667444695433216" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899183000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899183 1760899261 - NODATA", - "ingestionTime": 1760899283120, - "eventId": "39269364000383747092539936280729434656590907773135814656" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899187000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899187 1760899267 - NODATA", - "ingestionTime": 1760899294600, - "eventId": "39269364089586727886662428860750732039464946026079584256" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899190000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899190 1760899260 - NODATA", - "ingestionTime": 1760899275302, - "eventId": "39269364156488963482254298262028409321693380740057726976" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899193000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899193 1760899277 - NODATA", - "ingestionTime": 1760899306056, - "eventId": "39269364223391199077846167723814463848546217742214758400" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899213000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899213 1760899292 - NODATA", - "ingestionTime": 1760899313242, - "eventId": "39269364669406103048458630563216446915861083943820525568" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899217000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899217 1760899294 - NODATA", - "ingestionTime": 1760899321674, - "eventId": "39269364758609083842581123139552769844370962991551938560" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899228000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899228 1760899304 - NODATA", - "ingestionTime": 1760899325244, - "eventId": "39269365003917281026417977700761979083052749898730242048" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899234000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899234 1760899313 - NODATA", - "ingestionTime": 1760899337001, - "eventId": "39269365137721752217601716564189390859907730233102761984" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899243000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899243 1760899323 - NODATA", - "ingestionTime": 1760899342968, - "eventId": "39269365338428459004377324845224710968490708577878147072" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899247000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899247 1760899320 - NODATA", - "ingestionTime": 1760899337957, - "eventId": "39269365427631439798499817405309310435025331773548134400" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899250000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899250 1760899327 - NODATA", - "ingestionTime": 1760899354215, - "eventId": "39269365494533675394091686849571300684571434120473935872" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899256000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899256 1760899339 - NODATA", - "ingestionTime": 1760899366733, - "eventId": "39269365628338146585275425713918766977677100855991992320" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899274000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899274 1760899355 - NODATA", - "ingestionTime": 1760899383193, - "eventId": "39269366029751560158826642281460692452759301299789365248" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899275000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899275 1760899350 - NODATA", - "ingestionTime": 1760899372605, - "eventId": "39269366052052305357357265410196231221786162162004131840" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899289000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899289 1760899364 - NODATA", - "ingestionTime": 1760899386545, - "eventId": "39269366364262738136785989408548697493435601619971342336" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899296000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899296 1760899369 - NODATA", - "ingestionTime": 1760899397522, - "eventId": "39269366520367954526500351412569071531243907951461466112" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899303000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899303 1760899381 - NODATA", - "ingestionTime": 1760899403322, - "eventId": "39269366676473170916214713410331080053193532204739461120" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899310000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899310 1760899380 - NODATA", - "ingestionTime": 1760899396685, - "eventId": "39269366832578387305929075393057588744809773639408222208" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899310000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899310 1760899391 - NODATA", - "ingestionTime": 1760899414626, - "eventId": "39269366832578387305929075414746681071818916868380557312" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899312000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899312 1760899397 - NODATA", - "ingestionTime": 1760899426265, - "eventId": "39269366877179877702990321711888984629719983476018970624" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899334000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899334 1760899415 - NODATA", - "ingestionTime": 1760899439060, - "eventId": "39269367367796272070664030841142937958575332058401079296" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899335000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899335 1760899411 - NODATA", - "ingestionTime": 1760899430946, - "eventId": "39269367390097017269194653972869353730141055293073653760" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899348000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899348 1760899422 - NODATA", - "ingestionTime": 1760899445836, - "eventId": "39269367680006704850092754830834442177159248388842323968" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899358000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899358 1760899431 - NODATA", - "ingestionTime": 1760899455982, - "eventId": "39269367903014156835398986258457400930997965156061413376" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899363000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899363 1760899448 - NODATA", - "ingestionTime": 1760899475444, - "eventId": "39269368014517882828052101989664297898907338176166625280" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899364000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899364 1760899440 - NODATA", - "ingestionTime": 1760899465105, - "eventId": "39269368036818628026582725118701199232259355164586803200" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899371000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899371 1760899440 - NODATA", - "ingestionTime": 1760899457014, - "eventId": "39269368192923844416297087099669576687152167684464902144" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899377000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899377 1760899459 - NODATA", - "ingestionTime": 1760899490171, - "eventId": "39269368326728315607480825988968463538789249157613486080" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899393000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899393 1760899469 - NODATA", - "ingestionTime": 1760899490033, - "eventId": "39269368683540238783970796253372651980199477280652132352" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899393000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899393 1760899475 - NODATA", - "ingestionTime": 1760899500599, - "eventId": "39269368683540238783970796266146224296626452138420731904" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899409000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899409 1760899484 - NODATA", - "ingestionTime": 1760899505136, - "eventId": "39269369040352161960460766536202630897021212831417696256" - } - ], - "eni-0fa50413d12043097-all": [ - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899040000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899040 1760899115 - NODATA", - "ingestionTime": 1760899140262, - "eventId": "39269360811377183702660826868416985984503058815102287872" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899042000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899042 1760899121 - NODATA", - "ingestionTime": 1760899143376, - "eventId": "39269360855978674099722073155253169520247183234716467200" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899052000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899052 1760899128 - NODATA", - "ingestionTime": 1760899152591, - "eventId": "39269361078986126085028304581750881363540677418497605632" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899064000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899064 1760899140 - NODATA", - "ingestionTime": 1760899162154, - "eventId": "39269361346595068467395782291739961430735159900244934656" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899066000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899066 1760899144 - NODATA", - "ingestionTime": 1760899169498, - "eventId": "39269361391196558864457028583690118502832229354569924608" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899073000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899073 1760899154 - NODATA", - "ingestionTime": 1760899179003, - "eventId": "39269361547301775254171390585930848990670403554094546944" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899092000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899092 1760899171 - NODATA", - "ingestionTime": 1760899190986, - "eventId": "39269361971015934026253230289595803506801529278806687744" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899098000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899098 1760899181 - NODATA", - "ingestionTime": 1760899207867, - "eventId": "39269362104820405217436969159218344953622183587375808512" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899112000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899112 1760899188 - NODATA", - "ingestionTime": 1760899214794, - "eventId": "39269362417030837996865693149092557063885044642170601472" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899126000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899126 1760899200 - NODATA", - "ingestionTime": 1760899218363, - "eventId": "39269362729241270776294417134907160818739660973908819968" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899127000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899127 1760899204 - NODATA", - "ingestionTime": 1760899228143, - "eventId": "39269362751542015974825040288266516288111335930212450304" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899130000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899130 1760899196 - NODATA", - "ingestionTime": 1760899236269, - "eventId": "39269362818444251570416909722696919918440077319402749952" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899136000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899136 1760899216 - NODATA", - "ingestionTime": 1760899235291, - "eventId": "39269362952248722761600648570728909971269331639508271104" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899138000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899138 1760899219 - NODATA", - "ingestionTime": 1760899250086, - "eventId": "39269362996850213158661894871686954858411832487192231936" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899153000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899153 1760899230 - NODATA", - "ingestionTime": 1760899254654, - "eventId": "39269363331361391136621242000244768455551793757717463040" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899161000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899161 1760899237 - NODATA", - "ingestionTime": 1760899257334, - "eventId": "39269363509767352724866227135770221742737076997653921792" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899164000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899164 1760899241 - NODATA", - "ingestionTime": 1760899265939, - "eventId": "39269363576669588320458096570780569355098770852205232128" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899174000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899174 1760899249 - NODATA", - "ingestionTime": 1760899273397, - "eventId": "39269363799677040305764327995154046397828555294498422784" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899184000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899184 1760899260 - NODATA", - "ingestionTime": 1760899281771, - "eventId": "39269364022684492291070559420634279420924730337580023808" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899187000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899187 1760899265 - NODATA", - "ingestionTime": 1760899288795, - "eventId": "39269364089586727886662428853733110355927812841166798848" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899196000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899196 1760899273 - NODATA", - "ingestionTime": 1760899296003, - "eventId": "39269364290293434673438037136268631779257380741103878144" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899198000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899198 1760899278 - NODATA", - "ingestionTime": 1760899306553, - "eventId": "39269364334894925070499283432094430904808367107227451392" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899213000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899213 1760899289 - NODATA", - "ingestionTime": 1760899312120, - "eventId": "39269364669406103048458630561859774536441580822616932352" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899219000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899219 1760899295 - NODATA", - "ingestionTime": 1760899317268, - "eventId": "39269364803210574239642369417297713069416572112904192000" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899219000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899219 1760899301 - NODATA", - "ingestionTime": 1760899322768, - "eventId": "39269364803210574239642369423946845989658433766276726784" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899234000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899234 1760899311 - NODATA", - "ingestionTime": 1760899332678, - "eventId": "39269365137721752217601716558963471053914458804630847488" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899245000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899245 1760899320 - NODATA", - "ingestionTime": 1760899339367, - "eventId": "39269365383029949401438571123942486092557966856190361600" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899247000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899247 1760899324 - NODATA", - "ingestionTime": 1760899348309, - "eventId": "39269365427631439798499817417824354360108782591454478336" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899253000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899253 1760899332 - NODATA", - "ingestionTime": 1760899355678, - "eventId": "39269365561435910989683556275947266384107891177478815744" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899261000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899261 1760899342 - NODATA", - "ingestionTime": 1760899366693, - "eventId": "39269365739841872577928541421549487378245342185086910464" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899273000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899273 1760899350 - NODATA", - "ingestionTime": 1760899372128, - "eventId": "39269366007450814960296019126548532389304577255380680704" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899281000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899281 1760899356 - NODATA", - "ingestionTime": 1760899377874, - "eventId": "39269366185856776548541004265780822088761543221054603264" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899284000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899284 1760899364 - NODATA", - "ingestionTime": 1760899385324, - "eventId": "39269366252759012144132873699394307557598695465524264960" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899292000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899292 1760899368 - NODATA", - "ingestionTime": 1760899394142, - "eventId": "39269366431164973732377858842340359302581975791635333120" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899303000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899303 1760899380 - NODATA", - "ingestionTime": 1760899400005, - "eventId": "39269366676473170916214713406321216800965289140896202752" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899307000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899307 1760899383 - NODATA", - "ingestionTime": 1760899409949, - "eventId": "39269366765676151710337205984485811763750024473813581824" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899313000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899313 1760899378 - NODATA", - "ingestionTime": 1760899414160, - "eventId": "39269366899480622901520944838790532611734763965527949312" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899314000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899314 1760899394 - NODATA", - "ingestionTime": 1760899419381, - "eventId": "39269366921781368100051567986638388512800638442458775552" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899317000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899317 1760899401 - NODATA", - "ingestionTime": 1760899428481, - "eventId": "39269366988683603695643437422246304878471566233588793344" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899334000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899334 1760899410 - NODATA", - "ingestionTime": 1760899430659, - "eventId": "39269367367796272070664030830986961116563222632212791296" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899340000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899340 1760899416 - NODATA", - "ingestionTime": 1760899436518, - "eventId": "39269367501600743261847769687284398395473853959957053440" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899345000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899345 1760899422 - NODATA", - "ingestionTime": 1760899447444, - "eventId": "39269367613104469254500885408171291853138687591527874560" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899354000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899354 1760899429 - NODATA", - "ingestionTime": 1760899453567, - "eventId": "39269367813811176041276493689395293155195266907628961792" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899364000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899364 1760899441 - NODATA", - "ingestionTime": 1760899458468, - "eventId": "39269368036818628026582725110677664820832133703468122112" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899370000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899370 1760899445 - NODATA", - "ingestionTime": 1760899471928, - "eventId": "39269368170623099217766463976163577497656700642295021568" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899375000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899375 1760899454 - NODATA", - "ingestionTime": 1760899475464, - "eventId": "39269368282126825210419579688117181201629642247446134784" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899377000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899377 1760899460 - NODATA", - "ingestionTime": 1760899486979, - "eventId": "39269368326728315607480825985109618256405191504821223424" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899391000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899391 1760899470 - NODATA", - "ingestionTime": 1760899491571, - "eventId": "39269368638938748386909549972160630771095970562797076480" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899398000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899398 1760899476 - NODATA", - "ingestionTime": 1760899496786, - "eventId": "39269368795043964776623911969215202050450603886724448256" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899398000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899398 1760899480 - NODATA", - "ingestionTime": 1760899504483, - "eventId": "39269368795043964776623911978520527272550776449095237632" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899410000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899410 1760899487 - NODATA", - "ingestionTime": 1760899514868, - "eventId": "39269369062652907158991389689503736367846913633824866304" - } - ], - "eni-0ab252a7dc8378f9e-all": [ - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899043000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899043 1760899121 - NODATA", - "ingestionTime": 1760899144743, - "eventId": "39269360878279419298252696298441346294757840151857463296" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899055000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899055 1760899132 - NODATA", - "ingestionTime": 1760899168235, - "eventId": "39269361145888361680620174025270253239837550314553278464" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899063000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899063 1760899140 - NODATA", - "ingestionTime": 1760899163640, - "eventId": "39269361324294323268865159152001029709603810370906947584" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899063000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899063 1760899143 - NODATA", - "ingestionTime": 1760899168077, - "eventId": "39269361324294323268865159157365264056044858698275160064" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899074000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899074 1760899156 - NODATA", - "ingestionTime": 1760899176432, - "eventId": "39269361569602520452702013724358474785221923001425002496" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899083000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899083 1760899165 - NODATA", - "ingestionTime": 1760899187057, - "eventId": "39269361770309227239477622011024815587615914795180752896" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899087000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899087 1760899153 - NODATA", - "ingestionTime": 1760899167556, - "eventId": "39269361859512208033600114553592653372149707506846400512" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899092000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899092 1760899170 - NODATA", - "ingestionTime": 1760899192280, - "eventId": "39269361971015934026253230291160278927375725344553107456" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899099000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899099 1760899177 - NODATA", - "ingestionTime": 1760899198187, - "eventId": "39269362127121150415967592289051716776414009852387983360" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899103000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899103 1760899183 - NODATA", - "ingestionTime": 1760899206246, - "eventId": "39269362216324131210090084864937018834584512701592240128" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899116000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899116 1760899191 - NODATA", - "ingestionTime": 1760899232074, - "eventId": "39269362506233818790988185736125476421465966948702420992" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899126000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899126 1760899200 - NODATA", - "ingestionTime": 1760899219781, - "eventId": "39269362729241270776294417136621410518674911340285657088" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899127000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899127 1760899204 - NODATA", - "ingestionTime": 1760899228166, - "eventId": "39269362751542015974825040288294114353006436868741267456" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899135000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899135 1760899216 - NODATA", - "ingestionTime": 1760899236537, - "eventId": "39269362929947977563070025430699906144758538369638989824" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899143000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899143 1760899223 - NODATA", - "ingestionTime": 1760899246487, - "eventId": "39269363108353939151315010575014091586148403225718226944" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899152000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899152 1760899218 - NODATA", - "ingestionTime": 1760899228230, - "eventId": "39269363309060645938090618826764277432324953379863986176" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899154000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899154 1760899230 - NODATA", - "ingestionTime": 1760899251910, - "eventId": "39269363353662136335151865138463170581794388689786109952" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899159000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899159 1760899237 - NODATA", - "ingestionTime": 1760899258836, - "eventId": "39269363465165862327804980854514963320757161567338037248" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899164000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899164 1760899243 - NODATA", - "ingestionTime": 1760899267297, - "eventId": "39269363576669588320458096572421907225632428613003575296" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899175000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899175 1760899249 - NODATA", - "ingestionTime": 1760899289057, - "eventId": "39269363821977785504294951155621307693113204263044317184" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899182000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899182 1760899260 - NODATA", - "ingestionTime": 1760899284104, - "eventId": "39269363978083001894009313140383662044320238584828002304" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899188000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899188 1760899264 - NODATA", - "ingestionTime": 1760899289384, - "eventId": "39269364111887473085193051995981173248009206015046909952" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899194000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899194 1760899273 - NODATA", - "ingestionTime": 1760899297876, - "eventId": "39269364245691944276376790855461696834132070243219472384" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899201000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899201 1760899281 - NODATA", - "ingestionTime": 1760899306426, - "eventId": "39269364401797160666091152856547997110764227965170089984" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899212000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899212 1760899290 - NODATA", - "ingestionTime": 1760899311990, - "eventId": "39269364647105357849928007420167105058361158249298591744" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899220000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899220 1760899296 - NODATA", - "ingestionTime": 1760899318981, - "eventId": "39269364825511319438172992560904692599124508662111862784" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899225000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899225 1760899305 - NODATA", - "ingestionTime": 1760899326405, - "eventId": "39269364937015045430826108277557866612080981738167205888" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899234000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899234 1760899311 - NODATA", - "ingestionTime": 1760899349607, - "eventId": "39269365137721752217601716579429045015788236565383872512" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899244000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899244 1760899320 - NODATA", - "ingestionTime": 1760899340539, - "eventId": "39269365360729204202907947983824034257365336815361916928" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899246000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899246 1760899324 - NODATA", - "ingestionTime": 1760899349659, - "eventId": "39269365405330694599969194277920420845905191734063595520" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899255000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899255 1760899333 - NODATA", - "ingestionTime": 1760899355340, - "eventId": "39269365606037401386744802558609859740341295972286267392" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899258000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899258 1760899342 - NODATA", - "ingestionTime": 1760899370852, - "eventId": "39269365672939636982336672001969956859553818871193468928" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899264000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899264 1760899332 - NODATA", - "ingestionTime": 1760899350205, - "eventId": "39269365806744108173520410826223332584796236243615940608" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899273000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899273 1760899351 - NODATA", - "ingestionTime": 1760899371460, - "eventId": "39269366007450814960296019125740775862889849020409970688" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899280000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899280 1760899356 - NODATA", - "ingestionTime": 1760899380041, - "eventId": "39269366163556031350010381126864519046676932443778842624" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899285000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899285 1760899363 - NODATA", - "ingestionTime": 1760899385191, - "eventId": "39269366275059757342663496840769274361216909335960289280" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899294000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899294 1760899369 - NODATA", - "ingestionTime": 1760899408748, - "eventId": "39269366475766464129439105143069271520703015093635448832" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899303000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899303 1760899380 - NODATA", - "ingestionTime": 1760899403298, - "eventId": "39269366676473170916214713410301864753488679959076405248" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899307000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899307 1760899385 - NODATA", - "ingestionTime": 1760899409389, - "eventId": "39269366765676151710337205983808376335481471422902829056" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899314000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899314 1760899393 - NODATA", - "ingestionTime": 1760899417527, - "eventId": "39269366921781368100051567984396803465274466565072355328" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899322000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899322 1760899404 - NODATA", - "ingestionTime": 1760899425908, - "eventId": "39269367100187329688296553126814732094305494235156250624" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899325000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899325 1760899394 - NODATA", - "ingestionTime": 1760899407513, - "eventId": "39269367167089565283888422529183595729306489697859207168" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899334000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899334 1760899411 - NODATA", - "ingestionTime": 1760899432182, - "eventId": "39269367367796272070664030832828069171568725790328619008" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899338000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899338 1760899417 - NODATA", - "ingestionTime": 1760899441926, - "eventId": "39269367456999252864786523410750437457893915410264948736" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899347000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899347 1760899423 - NODATA", - "ingestionTime": 1760899448300, - "eventId": "39269367657705959651562131692277680343019782573063667712" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899357000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899357 1760899431 - NODATA", - "ingestionTime": 1760899468795, - "eventId": "39269367880713411636868363132411672098214393367238672384" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899364000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899364 1760899441 - NODATA", - "ingestionTime": 1760899460562, - "eventId": "39269368036818628026582725113209034936779570569075097600" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899370000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899370 1760899445 - NODATA", - "ingestionTime": 1760899469949, - "eventId": "39269368170623099217766463973771603933568241784363286528" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899379000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899379 1760899454 - NODATA", - "ingestionTime": 1760899478804, - "eventId": "39269368371329806004542072258297942518344252529592041472" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899384000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899384 1760899454 - NODATA", - "ingestionTime": 1760899468911, - "eventId": "39269368482833531997195187954016642404155879694547550208" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899384000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899384 1760899466 - NODATA", - "ingestionTime": 1760899486220, - "eventId": "39269368482833531997195187974941804250215427335835811840" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899396000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899396 1760899472 - NODATA", - "ingestionTime": 1760899492248, - "eventId": "39269368750442474379562665680657565911081339579250507776" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899400000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899400 1760899478 - NODATA", - "ingestionTime": 1760899500150, - "eventId": "39269368839645455173685158256353497648806873134796832768" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899403000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899403 1760899482 - NODATA", - "ingestionTime": 1760899507126, - "eventId": "39269368906547690769277027689394005336431475869869670400" - } - ], - "eni-0d52b90c56c30aaaf-all": [ - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899047000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899047 1760899125 - NODATA", - "ingestionTime": 1760899147882, - "eventId": "39269360967482400092375188868379387488249224545389772800" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899060000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899060 1760899131 - NODATA", - "ingestionTime": 1760899156440, - "eventId": "39269361257392087673273289718689448193884824360186019840" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899064000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899064 1760899142 - NODATA", - "ingestionTime": 1760899162528, - "eventId": "39269361346595068467395782292192150158971810428482420736" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899069000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899069 1760899147 - NODATA", - "ingestionTime": 1760899172082, - "eventId": "39269361458098794460048898011420986728738606749298458624" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899075000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899075 1760899154 - NODATA", - "ingestionTime": 1760899179557, - "eventId": "39269361591903265651232636869672220334830881519077687296" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899085000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899085 1760899165 - NODATA", - "ingestionTime": 1760899188478, - "eventId": "39269361814910717636538868295814303201759959957510815744" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899095000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899095 1760899172 - NODATA", - "ingestionTime": 1760899194879, - "eventId": "39269362037918169621845099718909715757515917376757170176" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899107000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899107 1760899185 - NODATA", - "ingestionTime": 1760899206508, - "eventId": "39269362305527112004212577431396849746611502212074307584" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899121000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899121 1760899192 - NODATA", - "ingestionTime": 1760899214474, - "eventId": "39269362617737544783641301422527240192386104119123574784" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899123000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899123 1760899201 - NODATA", - "ingestionTime": 1760899222492, - "eventId": "39269362662339035180702547715291594383117768292878319616" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899130000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899130 1760899208 - NODATA", - "ingestionTime": 1760899233348, - "eventId": "39269362818444251570416909719166094403420838251948867584" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899134000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899134 1760899217 - NODATA", - "ingestionTime": 1760899237905, - "eventId": "39269362907647232364539402290818007128969998725776801792" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899148000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899148 1760899227 - NODATA", - "ingestionTime": 1760899249387, - "eventId": "39269363219857665143968126286198786333524041780303036416" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899158000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899158 1760899239 - NODATA", - "ingestionTime": 1760899261413, - "eventId": "39269363442865117129274357716094800437411500094429528064" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899160000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899160 1760899234 - NODATA", - "ingestionTime": 1760899253536, - "eventId": "39269363487466607526335603989642999868426518943790465024" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899169000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899169 1760899246 - NODATA", - "ingestionTime": 1760899268102, - "eventId": "39269363688173314313111212281074160052015497532470460416" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899180000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899180 1760899252 - NODATA", - "ingestionTime": 1760899274719, - "eventId": "39269363933481511496948066845966343222172770892652806144" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899180000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899180 1760899260 - NODATA", - "ingestionTime": 1760899282079, - "eventId": "39269363933481511496948066854863770950199002917434556416" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899182000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899182 1760899266 - NODATA", - "ingestionTime": 1760899293227, - "eventId": "39269363978083001894009313151412646716540168025258590208" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899190000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899190 1760899260 - NODATA", - "ingestionTime": 1760899274490, - "eventId": "39269364156488963482254298261046844228847478003796869120" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899197000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899197 1760899278 - NODATA", - "ingestionTime": 1760899300413, - "eventId": "39269364312594179871968660283135671277550524372656193536" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899206000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899206 1760899285 - NODATA", - "ingestionTime": 1760899307559, - "eventId": "39269364513300886658744268565595883298524412475948466176" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899217000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899217 1760899298 - NODATA", - "ingestionTime": 1760899321757, - "eventId": "39269364758609083842581123139653540981407932788203454464" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899218000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899218 1760899294 - NODATA", - "ingestionTime": 1760899314944, - "eventId": "39269364780909829041111746272952618045972927612869541888" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899228000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899228 1760899306 - NODATA", - "ingestionTime": 1760899328418, - "eventId": "39269365003917281026417977704598914236157516870803456000" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899237000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899237 1760899311 - NODATA", - "ingestionTime": 1760899335203, - "eventId": "39269365204623987813193585986622672787194287678300815360" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899244000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899244 1760899323 - NODATA", - "ingestionTime": 1760899343217, - "eventId": "39269365360729204202907947987061312010472019627786567680" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899251000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899251 1760899320 - NODATA", - "ingestionTime": 1760899334785, - "eventId": "39269365516834420592622309967617577569085590337844543488" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899251000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899251 1760899327 - NODATA", - "ingestionTime": 1760899352809, - "eventId": "39269365516834420592622309989407348570651703606137323520" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899258000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899258 1760899338 - NODATA", - "ingestionTime": 1760899361689, - "eventId": "39269365672939636982336671990892702359840102315135926272" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899268000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899268 1760899345 - NODATA", - "ingestionTime": 1760899370695, - "eventId": "39269365895947088967642903417137343406143451131925561344" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899277000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899277 1760899357 - NODATA", - "ingestionTime": 1760899383557, - "eventId": "39269366096653795754418511706508067602588769954444738560" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899279000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899279 1760899354 - NODATA", - "ingestionTime": 1760899375789, - "eventId": "39269366141255286151479757980188263671694646889969090560" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899288000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899288 1760899366 - NODATA", - "ingestionTime": 1760899388348, - "eventId": "39269366341961992938255366269192792323452373303055679488" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899300000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899300 1760899376 - NODATA", - "ingestionTime": 1760899395510, - "eventId": "39269366609570935320622843976279590850532930483845660672" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899303000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899303 1760899380 - NODATA", - "ingestionTime": 1760899402603, - "eventId": "39269366676473170916214713409461765483202400075214487552" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899306000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899306 1760899386 - NODATA", - "ingestionTime": 1760899412895, - "eventId": "39269366743375406511806582846511427624322751494860505088" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899310000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899310 1760899380 - NODATA", - "ingestionTime": 1760899395134, - "eventId": "39269366832578387305929075391182663628086837781737963520" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899317000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899317 1760899395 - NODATA", - "ingestionTime": 1760899418476, - "eventId": "39269366988683603695643437410151409985647474216352808960" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899327000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899327 1760899406 - NODATA", - "ingestionTime": 1760899427961, - "eventId": "39269367211691055680949668836975322305628309890832662528" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899337000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899337 1760899418 - NODATA", - "ingestionTime": 1760899441419, - "eventId": "39269367434698507666255900268602047290802914714464485376" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899339000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899339 1760899413 - NODATA", - "ingestionTime": 1760899434885, - "eventId": "39269367479299998063317146543774332908299324003100655616" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899347000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899347 1760899425 - NODATA", - "ingestionTime": 1760899448149, - "eventId": "39269367657705959651562131692095166344766109020749955072" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899359000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899359 1760899432 - NODATA", - "ingestionTime": 1760899455891, - "eventId": "39269367925314902033929609399883347029227605362739380224" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899363000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899363 1760899441 - NODATA", - "ingestionTime": 1760899464135, - "eventId": "39269368014517882828052101975992624387814190561399472128" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899370000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899370 1760899448 - NODATA", - "ingestionTime": 1760899472247, - "eventId": "39269368170623099217766463976549679571305673638122553344" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899372000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899372 1760899441 - NODATA", - "ingestionTime": 1760899454756, - "eventId": "39269368215224589614827710238475764050073513625449529344" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899378000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899378 1760899456 - NODATA", - "ingestionTime": 1760899479346, - "eventId": "39269368349029060806011449117417562346652554701689978880" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899384000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899384 1760899466 - NODATA", - "ingestionTime": 1760899487743, - "eventId": "39269368482833531997195187976783303479786335592399568896" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899398000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899398 1760899478 - NODATA", - "ingestionTime": 1760899501644, - "eventId": "39269368795043964776623911975088452917773045617133158400" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899399000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899399 1760899474 - NODATA", - "ingestionTime": 1760899494757, - "eventId": "39269368817344709975154535108298415284889564861552066560" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899406000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899406 1760899485 - NODATA", - "ingestionTime": 1760899508568, - "eventId": "39269368973449926364868897115744601996530808388858806272" - } - ], - "eni-0c663685d7a12552e-all": [ - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899049000, - "message": "2 211203495394 eni-0c663685d7a12552e - - - - - - - 1760899049 1760899080 - NODATA", - "ingestionTime": 1760899108302, - "eventId": "39269361012083890489436435103601333327618873734687293440" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899082000, - "message": "2 211203495394 eni-0c663685d7a12552e - - - - - - - 1760899082 1760899113 - NODATA", - "ingestionTime": 1760899132564, - "eventId": "39269361748008482040946998803610793217379998222267121664" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899082000, - "message": "2 211203495394 eni-0c663685d7a12552e - - - - - - - 1760899082 1760899113 - NODATA", - "ingestionTime": 1760899140789, - "eventId": "39269361748008482040946998813554652559287219887603974144" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899091000, - "message": "2 211203495394 eni-0c663685d7a12552e - - - - - - - 1760899091 1760899122 - NODATA", - "ingestionTime": 1760899148802, - "eventId": "39269361948715188827722607097063154459454311630899052544" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899109000, - "message": "2 211203495394 eni-0c663685d7a12552e - - - - - - - 1760899109 1760899140 - NODATA", - "ingestionTime": 1760899166694, - "eventId": "39269362350128602401273823666335815046678932194937012224" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899116000, - "message": "2 211203495394 eni-0c663685d7a12552e - - - - - - - 1760899116 1760899147 - NODATA", - "ingestionTime": 1760899170187, - "eventId": "39269362506233818790988185661308757080951528467498336256" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899162000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.157 10.0.4.186 11746 80 6 3 180 1760899162 1760899178 ACCEPT OK", - "ingestionTime": 1760899205483, - "eventId": "39269363532068097923396850214622116377285153352668872704" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899162000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.42.79 10.0.4.186 61890 80 6 3 180 1760899162 1760899178 ACCEPT OK", - "ingestionTime": 1760899205483, - "eventId": "39269363532068097923396850214622116377285153352668872705" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899162000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.18.159 10.0.4.186 30506 80 6 3 180 1760899162 1760899178 ACCEPT OK", - "ingestionTime": 1760899205483, - "eventId": "39269363532068097923396850214622116377285153352668872706" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899162000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.223 10.0.4.186 51838 21 6 4 240 1760899162 1760899178 ACCEPT OK", - "ingestionTime": 1760899205483, - "eventId": "39269363532068097923396850214622116377285153352668872707" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899167000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.53 10.0.4.186 51186 80 6 1 60 1760899167 1760899168 ACCEPT OK", - "ingestionTime": 1760899196244, - "eventId": "39269363643571823916049965911131435251312323702065594368" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899168000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.34.110 10.0.4.186 62602 80 6 3 180 1760899168 1760899168 ACCEPT OK", - "ingestionTime": 1760899186752, - "eventId": "39269363665872569114580589041192263286404541704439988224" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899174000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.42.79 10.0.4.186 58950 80 6 3 180 1760899174 1760899202 ACCEPT OK", - "ingestionTime": 1760899227465, - "eventId": "39269363799677040305764327939625335514440771602895929344" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899174000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.50.103 10.0.4.186 61628 21 6 4 240 1760899174 1760899202 ACCEPT OK", - "ingestionTime": 1760899227465, - "eventId": "39269363799677040305764327939625335514440771602895929345" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899174000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.34.110 10.0.4.186 28840 80 6 3 180 1760899174 1760899202 ACCEPT OK", - "ingestionTime": 1760899227465, - "eventId": "39269363799677040305764327939625335514440771602895929346" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899174000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.236 10.0.4.186 31192 80 6 3 180 1760899174 1760899202 ACCEPT OK", - "ingestionTime": 1760899227465, - "eventId": "39269363799677040305764327939625335514440771602895929347" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899174000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.53 10.0.4.186 18756 80 6 3 180 1760899174 1760899202 ACCEPT OK", - "ingestionTime": 1760899227465, - "eventId": "39269363799677040305764327939625335514440771602895929348" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899174000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.18.159 10.0.4.186 21192 80 6 3 180 1760899174 1760899202 ACCEPT OK", - "ingestionTime": 1760899227465, - "eventId": "39269363799677040305764327939625335514440771602895929349" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899174000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.10.34 10.0.4.186 27324 80 6 3 180 1760899174 1760899202 ACCEPT OK", - "ingestionTime": 1760899227465, - "eventId": "39269363799677040305764327939625335514440771602895929350" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899174000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 60254 80 6 3 180 1760899174 1760899202 ACCEPT OK", - "ingestionTime": 1760899227465, - "eventId": "39269363799677040305764327939625335514440771602895929351" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899174000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 64846 21 6 4 240 1760899174 1760899202 ACCEPT OK", - "ingestionTime": 1760899227465, - "eventId": "39269363799677040305764327939625335514440771602895929352" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899178000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.126 10.0.4.186 58248 21 6 2 120 1760899178 1760899198 ACCEPT OK", - "ingestionTime": 1760899219438, - "eventId": "39269363888880021099886820496064163309696336621526056960" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899178000, - "message": "2 211203495394 eni-0c663685d7a12552e - - - - - - - 1760899178 1760899198 - SKIPDATA", - "ingestionTime": 1760899219438, - "eventId": "39269363888880021099886820496064163309696336621526056961" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899179000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.53 10.0.4.186 12938 80 6 3 180 1760899179 1760899198 ACCEPT OK", - "ingestionTime": 1760899224181, - "eventId": "39269363911180766298417443643333850736109110331867136000" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899179000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.121 10.0.4.186 35548 80 6 2 120 1760899179 1760899198 ACCEPT OK", - "ingestionTime": 1760899224181, - "eventId": "39269363911180766298417443643333850736109110331867136001" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899179000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.50.153 10.0.4.186 63002 80 6 3 180 1760899179 1760899198 ACCEPT OK", - "ingestionTime": 1760899224181, - "eventId": "39269363911180766298417443643333850736109110331867136002" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899179000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.236 10.0.4.186 25612 80 6 3 180 1760899179 1760899198 ACCEPT OK", - "ingestionTime": 1760899224181, - "eventId": "39269363911180766298417443643333850736109110331867136003" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899179000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.46.102 10.0.4.186 64300 80 6 3 180 1760899179 1760899198 ACCEPT OK", - "ingestionTime": 1760899224181, - "eventId": "39269363911180766298417443643333850736109110331867136004" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899179000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.65 10.0.4.186 59962 21 6 4 240 1760899179 1760899198 ACCEPT OK", - "ingestionTime": 1760899224181, - "eventId": "39269363911180766298417443643333850736109110331867136005" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899179000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.236 10.0.4.186 23106 80 6 3 180 1760899179 1760899198 ACCEPT OK", - "ingestionTime": 1760899224181, - "eventId": "39269363911180766298417443643333850736109110331867136006" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899180000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.46.102 10.0.4.186 48432 80 6 3 180 1760899180 1760899203 ACCEPT OK", - "ingestionTime": 1760899228401, - "eventId": "39269363933481511496948066789971124609989122462542594048" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899180000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.6.212 10.0.4.186 58270 80 6 3 180 1760899180 1760899203 ACCEPT OK", - "ingestionTime": 1760899228401, - "eventId": "39269363933481511496948066789971124609989122462542594049" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899180000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.50.153 10.0.4.186 49854 80 6 3 180 1760899180 1760899203 ACCEPT OK", - "ingestionTime": 1760899228401, - "eventId": "39269363933481511496948066789971124609989122462542594050" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899180000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.157 10.0.4.186 23738 80 6 2 120 1760899180 1760899203 ACCEPT OK", - "ingestionTime": 1760899228401, - "eventId": "39269363933481511496948066789971124609989122462542594051" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899180000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.42.79 10.0.4.186 32716 80 6 3 180 1760899180 1760899203 ACCEPT OK", - "ingestionTime": 1760899228401, - "eventId": "39269363933481511496948066789971124609989122462542594052" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899180000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.22.186 10.0.4.186 13690 80 6 3 180 1760899180 1760899203 ACCEPT OK", - "ingestionTime": 1760899228401, - "eventId": "39269363933481511496948066789971124609989122462542594053" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899180000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.6.212 10.0.4.186 25162 80 6 3 180 1760899180 1760899203 ACCEPT OK", - "ingestionTime": 1760899228401, - "eventId": "39269363933481511496948066789971124609989122462542594054" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899180000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.2.130 10.0.4.186 23936 80 6 3 180 1760899180 1760899203 ACCEPT OK", - "ingestionTime": 1760899228401, - "eventId": "39269363933481511496948066789971124609989122462542594055" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899180000, - "message": "2 211203495394 eni-0c663685d7a12552e 147.185.133.187 10.0.4.186 51796 22127 6 1 44 1760899180 1760899203 ACCEPT OK", - "ingestionTime": 1760899228401, - "eventId": "39269363933481511496948066789971124609989122462542594056" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899185000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.46.163 10.0.4.186 63332 21 6 4 240 1760899185 1760899211 ACCEPT OK", - "ingestionTime": 1760899234349, - "eventId": "39269364044985237489601182504840751540501141175370186752" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899185000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 44282 80 6 3 180 1760899185 1760899211 ACCEPT OK", - "ingestionTime": 1760899234349, - "eventId": "39269364044985237489601182504840751540501141175370186753" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899185000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.10.34 10.0.4.186 23342 80 6 3 180 1760899185 1760899211 ACCEPT OK", - "ingestionTime": 1760899234349, - "eventId": "39269364044985237489601182504840751540501141175370186754" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899185000, - "message": "2 211203495394 eni-0c663685d7a12552e 106.75.132.124 10.0.4.186 58914 16030 6 1 44 1760899185 1760899211 ACCEPT OK", - "ingestionTime": 1760899234349, - "eventId": "39269364044985237489601182504840751540501141175370186755" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899185000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.157 10.0.4.186 19302 80 6 3 180 1760899185 1760899211 ACCEPT OK", - "ingestionTime": 1760899234349, - "eventId": "39269364044985237489601182504840751540501141175370186756" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899185000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.126 10.0.4.186 21326 21 6 4 240 1760899185 1760899211 ACCEPT OK", - "ingestionTime": 1760899234349, - "eventId": "39269364044985237489601182504840751540501141175370186757" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899185000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.2.31 10.0.4.186 50342 21 6 4 240 1760899185 1760899211 ACCEPT OK", - "ingestionTime": 1760899234349, - "eventId": "39269364044985237489601182504840751540501141175370186758" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899185000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.34.110 10.0.4.186 23068 80 6 3 180 1760899185 1760899211 ACCEPT OK", - "ingestionTime": 1760899234349, - "eventId": "39269364044985237489601182504840751540501141175370186759" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899202000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.22.186 10.0.4.186 17032 80 6 3 180 1760899202 1760899227 ACCEPT OK", - "ingestionTime": 1760899250498, - "eventId": "39269364424097905864621775930470839600126213347255517184" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899202000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.38.30 10.0.4.186 62372 21 6 4 240 1760899202 1760899227 ACCEPT OK", - "ingestionTime": 1760899250498, - "eventId": "39269364424097905864621775930470839600126213347255517185" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899202000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.10.34 10.0.4.186 41180 80 6 3 180 1760899202 1760899227 ACCEPT OK", - "ingestionTime": 1760899250498, - "eventId": "39269364424097905864621775930470839600126213347255517186" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899202000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.223 10.0.4.186 31518 21 6 1 60 1760899202 1760899227 ACCEPT OK", - "ingestionTime": 1760899250498, - "eventId": "39269364424097905864621775930470839600126213347255517187" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899202000, - "message": "2 211203495394 eni-0c663685d7a12552e - - - - - - - 1760899202 1760899227 - SKIPDATA", - "ingestionTime": 1760899250498, - "eventId": "39269364424097905864621775930470839600126213347255517188" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899203000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.18.2 10.0.4.186 15264 21 6 4 240 1760899203 1760899231 ACCEPT OK", - "ingestionTime": 1760899256537, - "eventId": "39269364446398651063152399079306998401830121570508734464" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899203000, - "message": "2 211203495394 eni-0c663685d7a12552e 147.185.132.112 10.0.4.186 55662 1000 6 1 44 1760899203 1760899231 ACCEPT OK", - "ingestionTime": 1760899256537, - "eventId": "39269364446398651063152399079306998401830121570508734465" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899203000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.53 10.0.4.186 51810 80 6 3 180 1760899203 1760899231 ACCEPT OK", - "ingestionTime": 1760899256537, - "eventId": "39269364446398651063152399079306998401830121570508734466" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899203000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.42.79 10.0.4.186 52632 80 6 3 180 1760899203 1760899231 ACCEPT OK", - "ingestionTime": 1760899256537, - "eventId": "39269364446398651063152399079306998401830121570508734467" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899203000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.6.212 10.0.4.186 20720 80 6 3 180 1760899203 1760899231 ACCEPT OK", - "ingestionTime": 1760899256537, - "eventId": "39269364446398651063152399079306998401830121570508734468" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899203000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.53 10.0.4.186 14584 80 6 3 180 1760899203 1760899231 ACCEPT OK", - "ingestionTime": 1760899256537, - "eventId": "39269364446398651063152399079306998401830121570508734469" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899204000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.121 10.0.4.186 56998 80 6 3 180 1760899204 1760899229 ACCEPT OK", - "ingestionTime": 1760899254653, - "eventId": "39269364468699396261683022218565255383966816229444222976" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899204000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.38.30 10.0.4.186 47540 21 6 4 240 1760899204 1760899229 ACCEPT OK", - "ingestionTime": 1760899254653, - "eventId": "39269364468699396261683022218565255383966816229444222977" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899204000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.174 10.0.4.186 49866 80 6 3 180 1760899204 1760899229 ACCEPT OK", - "ingestionTime": 1760899254653, - "eventId": "39269364468699396261683022218565255383966816229444222978" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899204000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.22.186 10.0.4.186 43784 80 6 3 180 1760899204 1760899229 ACCEPT OK", - "ingestionTime": 1760899254653, - "eventId": "39269364468699396261683022218565255383966816229444222979" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899204000, - "message": "2 211203495394 eni-0c663685d7a12552e 20.55.98.221 10.0.4.186 34398 9043 6 1 40 1760899204 1760899229 ACCEPT OK", - "ingestionTime": 1760899254653, - "eventId": "39269364468699396261683022218565255383966816229444222980" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899204000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.38.48 10.0.4.186 57822 80 6 3 180 1760899204 1760899229 ACCEPT OK", - "ingestionTime": 1760899254653, - "eventId": "39269364468699396261683022218565255383966816229444222981" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899204000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.174 10.0.4.186 39476 80 6 2 120 1760899204 1760899229 ACCEPT OK", - "ingestionTime": 1760899254653, - "eventId": "39269364468699396261683022218565255383966816229444222982" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899204000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.236 10.0.4.186 38986 80 6 3 180 1760899204 1760899229 ACCEPT OK", - "ingestionTime": 1760899254653, - "eventId": "39269364468699396261683022218565255383966816229444222983" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899204000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.174 10.0.4.186 65242 80 6 2 120 1760899204 1760899229 ACCEPT OK", - "ingestionTime": 1760899254653, - "eventId": "39269364468699396261683022218565255383966816229444222984" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899206000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.34.56 10.0.4.186 33810 21 6 4 240 1760899206 1760899233 ACCEPT OK", - "ingestionTime": 1760899270180, - "eventId": "39269364513300886658744268520407384442036666873718505472" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899206000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.236 10.0.4.186 48444 80 6 3 180 1760899206 1760899233 ACCEPT OK", - "ingestionTime": 1760899270180, - "eventId": "39269364513300886658744268520407384442036666873718505473" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899206000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.46.102 10.0.4.186 45660 80 6 3 180 1760899206 1760899233 ACCEPT OK", - "ingestionTime": 1760899270180, - "eventId": "39269364513300886658744268520407384442036666873718505474" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899206000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 31386 80 6 2 120 1760899206 1760899233 ACCEPT OK", - "ingestionTime": 1760899270180, - "eventId": "39269364513300886658744268520407384442036666873718505475" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899206000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.65 10.0.4.186 26686 21 6 4 240 1760899206 1760899233 ACCEPT OK", - "ingestionTime": 1760899270180, - "eventId": "39269364513300886658744268520407384442036666873718505476" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899206000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.236 10.0.4.186 46464 80 6 3 180 1760899206 1760899233 ACCEPT OK", - "ingestionTime": 1760899270180, - "eventId": "39269364513300886658744268520407384442036666873718505477" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899206000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 22492 21 6 4 240 1760899206 1760899233 ACCEPT OK", - "ingestionTime": 1760899270180, - "eventId": "39269364513300886658744268520407384442036666873718505478" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899206000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.10.12 10.0.4.186 37402 21 6 4 240 1760899206 1760899233 ACCEPT OK", - "ingestionTime": 1760899270180, - "eventId": "39269364513300886658744268520407384442036666873718505479" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899206000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.2.130 10.0.4.186 24724 80 6 3 180 1760899206 1760899233 ACCEPT OK", - "ingestionTime": 1760899270180, - "eventId": "39269364513300886658744268520407384442036666873718505480" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899206000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.18.159 10.0.4.186 26010 80 6 1 60 1760899206 1760899233 ACCEPT OK", - "ingestionTime": 1760899270180, - "eventId": "39269364513300886658744268520407384442036666873718505481" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899213000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.2.130 10.0.4.186 20214 80 6 3 180 1760899213 1760899230 ACCEPT OK", - "ingestionTime": 1760899264747, - "eventId": "39269364669406103048458630504589803011738388876469927936" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899213000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.174 10.0.4.186 58154 80 6 3 180 1760899213 1760899230 ACCEPT OK", - "ingestionTime": 1760899264747, - "eventId": "39269364669406103048458630504589803011738388876469927937" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899213000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.53 10.0.4.186 28818 80 6 3 180 1760899213 1760899230 ACCEPT OK", - "ingestionTime": 1760899264747, - "eventId": "39269364669406103048458630504589803011738388876469927938" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899213000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.18.159 10.0.4.186 9466 80 6 3 180 1760899213 1760899230 ACCEPT OK", - "ingestionTime": 1760899264747, - "eventId": "39269364669406103048458630504589803011738388876469927939" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899213000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.121 10.0.4.186 46052 80 6 3 180 1760899213 1760899230 ACCEPT OK", - "ingestionTime": 1760899264747, - "eventId": "39269364669406103048458630504589803011738388876469927940" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899213000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.174 10.0.4.186 37932 80 6 3 180 1760899213 1760899230 ACCEPT OK", - "ingestionTime": 1760899264747, - "eventId": "39269364669406103048458630504589803011738388876469927941" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899213000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.6.1 10.0.4.186 19968 21 6 4 240 1760899213 1760899230 ACCEPT OK", - "ingestionTime": 1760899264747, - "eventId": "39269364669406103048458630504589803011738388876469927942" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.34.110 10.0.4.186 11524 80 6 3 180 1760899232 1760899257 ACCEPT OK", - "ingestionTime": 1760899285448, - "eventId": "39269365093120261820540470218794089633773079118103052288" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.157 10.0.4.186 18592 80 6 3 180 1760899232 1760899257 ACCEPT OK", - "ingestionTime": 1760899285448, - "eventId": "39269365093120261820540470218794089633773079118103052289" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.6.212 10.0.4.186 14624 80 6 3 180 1760899232 1760899257 ACCEPT OK", - "ingestionTime": 1760899285448, - "eventId": "39269365093120261820540470218794089633773079118103052290" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.2.130 10.0.4.186 33664 80 6 3 180 1760899232 1760899257 ACCEPT OK", - "ingestionTime": 1760899285448, - "eventId": "39269365093120261820540470218794089633773079118103052291" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.121 10.0.4.186 45696 80 6 1 60 1760899232 1760899257 ACCEPT OK", - "ingestionTime": 1760899285448, - "eventId": "39269365093120261820540470218794089633773079118103052292" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.18.159 10.0.4.186 40504 80 6 3 180 1760899232 1760899257 ACCEPT OK", - "ingestionTime": 1760899285448, - "eventId": "39269365093120261820540470218794089633773079118103052293" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.38.48 10.0.4.186 57692 80 6 3 180 1760899232 1760899257 ACCEPT OK", - "ingestionTime": 1760899285448, - "eventId": "39269365093120261820540470218794089633773079118103052294" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0c663685d7a12552e - - - - - - - 1760899232 1760899257 - SKIPDATA", - "ingestionTime": 1760899285448, - "eventId": "39269365093120261820540470218794089633773079118103052295" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.22.186 10.0.4.186 25492 80 6 3 180 1760899232 1760899258 ACCEPT OK", - "ingestionTime": 1760899289700, - "eventId": "39269365093120261820540470223934830587421978269470359552" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.2.130 10.0.4.186 43258 80 6 3 180 1760899232 1760899258 ACCEPT OK", - "ingestionTime": 1760899289700, - "eventId": "39269365093120261820540470223934830587421978269470359553" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.9 10.0.4.186 61000 21 6 4 240 1760899232 1760899258 ACCEPT OK", - "ingestionTime": 1760899289700, - "eventId": "39269365093120261820540470223934830587421978269470359554" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0c663685d7a12552e 205.210.31.152 10.0.4.186 54664 990 6 1 44 1760899232 1760899258 ACCEPT OK", - "ingestionTime": 1760899289700, - "eventId": "39269365093120261820540470223934830587421978269470359555" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.121 10.0.4.186 35548 80 6 1 60 1760899232 1760899258 ACCEPT OK", - "ingestionTime": 1760899289700, - "eventId": "39269365093120261820540470223934830587421978269470359556" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.10.34 10.0.4.186 59684 80 6 3 180 1760899232 1760899258 ACCEPT OK", - "ingestionTime": 1760899289700, - "eventId": "39269365093120261820540470223934830587421978269470359557" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 36584 80 6 3 180 1760899232 1760899258 ACCEPT OK", - "ingestionTime": 1760899289700, - "eventId": "39269365093120261820540470223934830587421978269470359558" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.34.110 10.0.4.186 58110 80 6 3 180 1760899232 1760899258 ACCEPT OK", - "ingestionTime": 1760899289700, - "eventId": "39269365093120261820540470223934830587421978269470359559" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.50.103 10.0.4.186 44360 21 6 4 240 1760899232 1760899258 ACCEPT OK", - "ingestionTime": 1760899289700, - "eventId": "39269365093120261820540470223934830587421978269470359560" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.18.159 10.0.4.186 20358 80 6 3 180 1760899232 1760899258 ACCEPT OK", - "ingestionTime": 1760899289700, - "eventId": "39269365093120261820540470223934830587421978269470359561" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.10.12 10.0.4.186 30734 21 6 4 240 1760899232 1760899258 ACCEPT OK", - "ingestionTime": 1760899289700, - "eventId": "39269365093120261820540470223934830587421978269470359562" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.6.212 10.0.4.186 56320 80 6 3 180 1760899232 1760899258 ACCEPT OK", - "ingestionTime": 1760899289700, - "eventId": "39269365093120261820540470223934830587421978269470359563" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.9 10.0.4.186 60778 21 6 4 240 1760899232 1760899258 ACCEPT OK", - "ingestionTime": 1760899289700, - "eventId": "39269365093120261820540470223934830587421978269470359564" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899234000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.174 10.0.4.186 61920 80 6 3 180 1760899234 1760899259 ACCEPT OK", - "ingestionTime": 1760899285660, - "eventId": "39269365137721752217601716502122007999983747994912948224" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899234000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.46.102 10.0.4.186 9896 80 6 3 180 1760899234 1760899259 ACCEPT OK", - "ingestionTime": 1760899285660, - "eventId": "39269365137721752217601716502122007999983747994912948225" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899234000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.42.79 10.0.4.186 29784 21 6 4 240 1760899234 1760899259 ACCEPT OK", - "ingestionTime": 1760899285660, - "eventId": "39269365137721752217601716502122007999983747994912948226" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899234000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.223 10.0.4.186 39582 21 6 4 240 1760899234 1760899259 ACCEPT OK", - "ingestionTime": 1760899285660, - "eventId": "39269365137721752217601716502122007999983747994912948227" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899234000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.121 10.0.4.186 26504 80 6 3 180 1760899234 1760899259 ACCEPT OK", - "ingestionTime": 1760899285660, - "eventId": "39269365137721752217601716502122007999983747994912948228" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899234000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.53 10.0.4.186 63958 80 6 3 180 1760899234 1760899259 ACCEPT OK", - "ingestionTime": 1760899285660, - "eventId": "39269365137721752217601716502122007999983747994912948229" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899234000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.157 10.0.4.186 15152 80 6 3 180 1760899234 1760899259 ACCEPT OK", - "ingestionTime": 1760899285660, - "eventId": "39269365137721752217601716502122007999983747994912948230" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899234000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.157 10.0.4.186 32292 80 6 3 180 1760899234 1760899259 ACCEPT OK", - "ingestionTime": 1760899285660, - "eventId": "39269365137721752217601716502122007999983747994912948231" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899234000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.65 10.0.4.186 64704 21 6 4 240 1760899234 1760899259 ACCEPT OK", - "ingestionTime": 1760899285660, - "eventId": "39269365137721752217601716502122007999983747994912948232" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899234000, - "message": "2 211203495394 eni-0c663685d7a12552e 92.63.197.66 10.0.4.186 8080 6529 6 1 40 1760899234 1760899259 ACCEPT OK", - "ingestionTime": 1760899285660, - "eventId": "39269365137721752217601716502122007999983747994912948233" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899234000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.50.103 10.0.4.186 26690 21 6 4 240 1760899234 1760899259 ACCEPT OK", - "ingestionTime": 1760899285660, - "eventId": "39269365137721752217601716502122007999983747994912948234" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899234000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.22.186 10.0.4.186 47724 80 6 2 120 1760899234 1760899259 ACCEPT OK", - "ingestionTime": 1760899285660, - "eventId": "39269365137721752217601716502122007999983747994912948235" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899234000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.50.153 10.0.4.186 37506 80 6 3 180 1760899234 1760899259 ACCEPT OK", - "ingestionTime": 1760899285660, - "eventId": "39269365137721752217601716502122007999983747994912948236" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899234000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.34.56 10.0.4.186 40154 21 6 3 180 1760899234 1760899259 ACCEPT OK", - "ingestionTime": 1760899285660, - "eventId": "39269365137721752217601716502122007999983747994912948237" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899241000, - "message": "2 211203495394 eni-0c663685d7a12552e 35.203.211.22 10.0.4.186 57261 28009 6 1 44 1760899241 1760899271 ACCEPT OK", - "ingestionTime": 1760899292689, - "eventId": "39269365293826968607316078501369387829456268394566909952" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899241000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.38.48 10.0.4.186 45308 80 6 3 180 1760899241 1760899271 ACCEPT OK", - "ingestionTime": 1760899292689, - "eventId": "39269365293826968607316078501369387829456268394566909953" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899241000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.50.153 10.0.4.186 45524 80 6 3 180 1760899241 1760899271 ACCEPT OK", - "ingestionTime": 1760899292689, - "eventId": "39269365293826968607316078501369387829456268394566909954" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899241000, - "message": "2 211203495394 eni-0c663685d7a12552e 104.237.144.186 10.0.4.186 61000 443 6 1 40 1760899241 1760899271 ACCEPT OK", - "ingestionTime": 1760899292689, - "eventId": "39269365293826968607316078501369387829456268394566909955" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899241000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.236 10.0.4.186 16088 80 6 3 180 1760899241 1760899271 ACCEPT OK", - "ingestionTime": 1760899292689, - "eventId": "39269365293826968607316078501369387829456268394566909956" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899241000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 50098 80 6 3 180 1760899241 1760899271 ACCEPT OK", - "ingestionTime": 1760899292689, - "eventId": "39269365293826968607316078501369387829456268394566909957" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899241000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.174 10.0.4.186 13406 80 6 3 180 1760899241 1760899271 ACCEPT OK", - "ingestionTime": 1760899292689, - "eventId": "39269365293826968607316078501369387829456268394566909958" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899241000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.6.1 10.0.4.186 38794 21 6 4 240 1760899241 1760899271 ACCEPT OK", - "ingestionTime": 1760899292689, - "eventId": "39269365293826968607316078501369387829456268394566909959" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899241000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.2.130 10.0.4.186 64922 80 6 3 180 1760899241 1760899271 ACCEPT OK", - "ingestionTime": 1760899292689, - "eventId": "39269365293826968607316078501369387829456268394566909960" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899241000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.2.31 10.0.4.186 10732 21 6 4 240 1760899241 1760899271 ACCEPT OK", - "ingestionTime": 1760899292689, - "eventId": "39269365293826968607316078501369387829456268394566909961" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899241000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.174 10.0.4.186 28496 80 6 2 120 1760899241 1760899271 ACCEPT OK", - "ingestionTime": 1760899292689, - "eventId": "39269365293826968607316078501369387829456268394566909962" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899266000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.46.163 10.0.4.186 14348 21 6 4 240 1760899266 1760899289 ACCEPT OK", - "ingestionTime": 1760899317595, - "eventId": "39269365851345598570581657069872125075764465110652747776" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899266000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.42.79 10.0.4.186 52754 80 6 3 180 1760899266 1760899289 ACCEPT OK", - "ingestionTime": 1760899317595, - "eventId": "39269365851345598570581657069872125075764465110652747777" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899266000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.10.34 10.0.4.186 39232 80 6 1 60 1760899266 1760899289 ACCEPT OK", - "ingestionTime": 1760899317595, - "eventId": "39269365851345598570581657069872125075764465110652747778" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899266000, - "message": "2 211203495394 eni-0c663685d7a12552e 147.185.133.252 10.0.4.186 56557 9202 6 1 44 1760899266 1760899289 ACCEPT OK", - "ingestionTime": 1760899317595, - "eventId": "39269365851345598570581657069872125075764465110652747779" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899266000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.126 10.0.4.186 42982 21 6 4 240 1760899266 1760899289 ACCEPT OK", - "ingestionTime": 1760899317595, - "eventId": "39269365851345598570581657069872125075764465110652747780" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899266000, - "message": "2 211203495394 eni-0c663685d7a12552e - - - - - - - 1760899266 1760899289 - SKIPDATA", - "ingestionTime": 1760899317595, - "eventId": "39269365851345598570581657069872125075764465110652747781" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899266000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.2.31 10.0.4.186 39548 21 6 4 240 1760899266 1760899292 ACCEPT OK", - "ingestionTime": 1760899318688, - "eventId": "39269365851345598570581657071193168064314455622888390656" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899266000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.18.159 10.0.4.186 60954 80 6 3 180 1760899266 1760899292 ACCEPT OK", - "ingestionTime": 1760899318688, - "eventId": "39269365851345598570581657071193168064314455622888390657" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899266000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.121 10.0.4.186 42456 80 6 3 180 1760899266 1760899292 ACCEPT OK", - "ingestionTime": 1760899318688, - "eventId": "39269365851345598570581657071193168064314455622888390658" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899266000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.34.56 10.0.4.186 59042 21 6 4 240 1760899266 1760899292 ACCEPT OK", - "ingestionTime": 1760899318688, - "eventId": "39269365851345598570581657071193168064314455622888390659" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899266000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.157 10.0.4.186 14264 80 6 3 180 1760899266 1760899292 ACCEPT OK", - "ingestionTime": 1760899318688, - "eventId": "39269365851345598570581657071193168064314455622888390660" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899266000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.6.212 10.0.4.186 54860 80 6 3 180 1760899266 1760899292 ACCEPT OK", - "ingestionTime": 1760899318688, - "eventId": "39269365851345598570581657071193168064314455622888390661" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899266000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.22.186 10.0.4.186 57124 80 6 3 180 1760899266 1760899292 ACCEPT OK", - "ingestionTime": 1760899318688, - "eventId": "39269365851345598570581657071193168064314455622888390662" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899266000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.38.30 10.0.4.186 13064 21 6 4 240 1760899266 1760899292 ACCEPT OK", - "ingestionTime": 1760899318688, - "eventId": "39269365851345598570581657071193168064314455622888390663" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899266000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.10.34 10.0.4.186 64866 80 6 3 180 1760899266 1760899292 ACCEPT OK", - "ingestionTime": 1760899318688, - "eventId": "39269365851345598570581657071193168064314455622888390664" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899266000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.174 10.0.4.186 65242 80 6 1 60 1760899266 1760899292 ACCEPT OK", - "ingestionTime": 1760899318688, - "eventId": "39269365851345598570581657071193168064314455622888390665" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899266000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.174 10.0.4.186 35662 80 6 3 180 1760899266 1760899292 ACCEPT OK", - "ingestionTime": 1760899318688, - "eventId": "39269365851345598570581657071193168064314455622888390666" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899267000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.10.34 10.0.4.186 11826 80 6 3 180 1760899267 1760899292 ACCEPT OK", - "ingestionTime": 1760899315018, - "eventId": "39269365873646343769112280208292498433226453413528928256" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899267000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 34372 80 6 2 120 1760899267 1760899292 ACCEPT OK", - "ingestionTime": 1760899315018, - "eventId": "39269365873646343769112280208292498433226453413528928257" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899267000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.42.79 10.0.4.186 23486 80 6 3 180 1760899267 1760899292 ACCEPT OK", - "ingestionTime": 1760899315018, - "eventId": "39269365873646343769112280208292498433226453413528928258" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899267000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.10.34 10.0.4.186 45170 80 6 3 180 1760899267 1760899292 ACCEPT OK", - "ingestionTime": 1760899315018, - "eventId": "39269365873646343769112280208292498433226453413528928259" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899267000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.50.153 10.0.4.186 59316 80 6 3 180 1760899267 1760899292 ACCEPT OK", - "ingestionTime": 1760899315018, - "eventId": "39269365873646343769112280208292498433226453413528928260" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899267000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.34.110 10.0.4.186 41556 80 6 3 180 1760899267 1760899292 ACCEPT OK", - "ingestionTime": 1760899315018, - "eventId": "39269365873646343769112280208292498433226453413528928261" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899267000, - "message": "2 211203495394 eni-0c663685d7a12552e 165.154.173.104 10.0.4.186 45123 15200 6 1 40 1760899267 1760899292 ACCEPT OK", - "ingestionTime": 1760899315018, - "eventId": "39269365873646343769112280208292498433226453413528928262" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899267000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.42.79 10.0.4.186 57032 80 6 3 180 1760899267 1760899292 ACCEPT OK", - "ingestionTime": 1760899315018, - "eventId": "39269365873646343769112280208292498433226453413528928263" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899267000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.9 10.0.4.186 63148 21 6 4 240 1760899267 1760899292 ACCEPT OK", - "ingestionTime": 1760899315018, - "eventId": "39269365873646343769112280208292498433226453413528928264" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899267000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.121 10.0.4.186 27420 80 6 3 180 1760899267 1760899292 ACCEPT OK", - "ingestionTime": 1760899315018, - "eventId": "39269365873646343769112280208292498433226453413528928265" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899267000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.6.212 10.0.4.186 52372 80 6 3 180 1760899267 1760899292 ACCEPT OK", - "ingestionTime": 1760899315018, - "eventId": "39269365873646343769112280208292498433226453413528928266" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899268000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.2.130 10.0.4.186 50536 80 6 2 120 1760899268 1760899295 ACCEPT OK", - "ingestionTime": 1760899314622, - "eventId": "39269365895947088967642903349349050755686339000491442176" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899268000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 35356 21 6 4 240 1760899268 1760899295 ACCEPT OK", - "ingestionTime": 1760899314622, - "eventId": "39269365895947088967642903349349050755686339000491442177" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899268000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 31386 80 6 1 60 1760899268 1760899295 ACCEPT OK", - "ingestionTime": 1760899314622, - "eventId": "39269365895947088967642903349349050755686339000491442178" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899268000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.2.130 10.0.4.186 60380 80 6 3 180 1760899268 1760899295 ACCEPT OK", - "ingestionTime": 1760899314622, - "eventId": "39269365895947088967642903349349050755686339000491442179" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899268000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.38.48 10.0.4.186 34026 80 6 3 180 1760899268 1760899295 ACCEPT OK", - "ingestionTime": 1760899314622, - "eventId": "39269365895947088967642903349349050755686339000491442180" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899268000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.6.1 10.0.4.186 38404 21 6 4 240 1760899268 1760899295 ACCEPT OK", - "ingestionTime": 1760899314622, - "eventId": "39269365895947088967642903349349050755686339000491442181" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899268000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.42.79 10.0.4.186 16084 80 6 3 180 1760899268 1760899295 ACCEPT OK", - "ingestionTime": 1760899314622, - "eventId": "39269365895947088967642903349349050755686339000491442182" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899268000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.34.110 10.0.4.186 26236 80 6 3 180 1760899268 1760899295 ACCEPT OK", - "ingestionTime": 1760899314622, - "eventId": "39269365895947088967642903349349050755686339000491442183" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899268000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.46.102 10.0.4.186 11320 80 6 3 180 1760899268 1760899295 ACCEPT OK", - "ingestionTime": 1760899314622, - "eventId": "39269365895947088967642903349349050755686339000491442184" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899268000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.22.145 10.0.4.186 64576 21 6 3 180 1760899268 1760899295 ACCEPT OK", - "ingestionTime": 1760899314622, - "eventId": "39269365895947088967642903349349050755686339000491442185" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899268000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.174 10.0.4.186 13916 80 6 3 180 1760899268 1760899295 ACCEPT OK", - "ingestionTime": 1760899314622, - "eventId": "39269365895947088967642903349349050755686339000491442186" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899268000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.42.79 10.0.4.186 30326 21 6 4 240 1760899268 1760899295 ACCEPT OK", - "ingestionTime": 1760899314622, - "eventId": "39269365895947088967642903349349050755686339000491442187" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899268000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.38.48 10.0.4.186 41588 80 6 3 180 1760899268 1760899295 ACCEPT OK", - "ingestionTime": 1760899314622, - "eventId": "39269365895947088967642903349349050755686339000491442188" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899268000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.18.159 10.0.4.186 26010 80 6 2 120 1760899268 1760899295 ACCEPT OK", - "ingestionTime": 1760899314622, - "eventId": "39269365895947088967642903349349050755686339000491442189" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899275000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.50.153 10.0.4.186 37620 80 6 3 180 1760899275 1760899291 ACCEPT OK", - "ingestionTime": 1760899337373, - "eventId": "39269366052052305357357265367603453834478211298574204928" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899275000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.50.153 10.0.4.186 60708 80 6 3 180 1760899275 1760899291 ACCEPT OK", - "ingestionTime": 1760899337373, - "eventId": "39269366052052305357357265367603453834478211298574204929" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899275000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.46.163 10.0.4.186 11788 21 6 4 240 1760899275 1760899291 ACCEPT OK", - "ingestionTime": 1760899337373, - "eventId": "39269366052052305357357265367603453834478211298574204930" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899275000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.53 10.0.4.186 28350 80 6 3 180 1760899275 1760899291 ACCEPT OK", - "ingestionTime": 1760899337373, - "eventId": "39269366052052305357357265367603453834478211298574204931" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899275000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.121 10.0.4.186 60280 80 6 3 180 1760899275 1760899291 ACCEPT OK", - "ingestionTime": 1760899337373, - "eventId": "39269366052052305357357265367603453834478211298574204932" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899275000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 61052 80 6 3 180 1760899275 1760899291 ACCEPT OK", - "ingestionTime": 1760899337373, - "eventId": "39269366052052305357357265367603453834478211298574204933" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899275000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.38.30 10.0.4.186 35410 21 6 4 240 1760899275 1760899291 ACCEPT OK", - "ingestionTime": 1760899337373, - "eventId": "39269366052052305357357265367603453834478211298574204934" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899291000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.53 10.0.4.186 52400 80 6 3 180 1760899291 1760899311 ACCEPT OK", - "ingestionTime": 1760899356139, - "eventId": "39269366408864228533847235654861795305509758642954043392" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899291000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.6.212 10.0.4.186 39206 80 6 3 180 1760899291 1760899311 ACCEPT OK", - "ingestionTime": 1760899356139, - "eventId": "39269366408864228533847235654861795305509758642954043393" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899291000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.157 10.0.4.186 51290 80 6 3 180 1760899291 1760899311 ACCEPT OK", - "ingestionTime": 1760899356139, - "eventId": "39269366408864228533847235654861795305509758642954043394" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899291000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.53 10.0.4.186 33590 80 6 3 180 1760899291 1760899311 ACCEPT OK", - "ingestionTime": 1760899356139, - "eventId": "39269366408864228533847235654861795305509758642954043395" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899291000, - "message": "2 211203495394 eni-0c663685d7a12552e - - - - - - - 1760899291 1760899311 - SKIPDATA", - "ingestionTime": 1760899356139, - "eventId": "39269366408864228533847235654861795305509758642954043396" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899294000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.121 10.0.4.186 18552 80 6 2 120 1760899294 1760899320 ACCEPT OK", - "ingestionTime": 1760899346084, - "eventId": "39269366475766464129439105067313058939020123168656850944" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899294000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.46.102 10.0.4.186 14244 80 6 3 180 1760899294 1760899320 ACCEPT OK", - "ingestionTime": 1760899346084, - "eventId": "39269366475766464129439105067313058939020123168656850945" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899294000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.65 10.0.4.186 50030 21 6 4 240 1760899294 1760899320 ACCEPT OK", - "ingestionTime": 1760899346084, - "eventId": "39269366475766464129439105067313058939020123168656850946" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899294000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.42.79 10.0.4.186 30508 80 6 3 180 1760899294 1760899320 ACCEPT OK", - "ingestionTime": 1760899346084, - "eventId": "39269366475766464129439105067313058939020123168656850947" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899294000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.157 10.0.4.186 23936 80 6 3 180 1760899294 1760899320 ACCEPT OK", - "ingestionTime": 1760899346084, - "eventId": "39269366475766464129439105067313058939020123168656850948" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899294000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.121 10.0.4.186 14100 80 6 3 180 1760899294 1760899320 ACCEPT OK", - "ingestionTime": 1760899346084, - "eventId": "39269366475766464129439105067313058939020123168656850949" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899294000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.38.48 10.0.4.186 22180 80 6 3 180 1760899294 1760899320 ACCEPT OK", - "ingestionTime": 1760899346084, - "eventId": "39269366475766464129439105067313058939020123168656850950" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899294000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.2.130 10.0.4.186 17822 80 6 3 180 1760899294 1760899320 ACCEPT OK", - "ingestionTime": 1760899346084, - "eventId": "39269366475766464129439105067313058939020123168656850951" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899294000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.50.153 10.0.4.186 29332 80 6 3 180 1760899294 1760899320 ACCEPT OK", - "ingestionTime": 1760899346084, - "eventId": "39269366475766464129439105067313058939020123168656850952" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899297000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.22.186 10.0.4.186 46686 80 6 3 180 1760899297 1760899324 ACCEPT OK", - "ingestionTime": 1760899348621, - "eventId": "39269366542668699725030974494987187254788599016975499264" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899297000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.100 10.0.4.186 57958 21 6 4 240 1760899297 1760899324 ACCEPT OK", - "ingestionTime": 1760899348621, - "eventId": "39269366542668699725030974494987187254788599016975499265" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899297000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.10.12 10.0.4.186 41254 21 6 4 240 1760899297 1760899324 ACCEPT OK", - "ingestionTime": 1760899348621, - "eventId": "39269366542668699725030974494987187254788599016975499266" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899297000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.22.186 10.0.4.186 59878 80 6 3 180 1760899297 1760899324 ACCEPT OK", - "ingestionTime": 1760899348621, - "eventId": "39269366542668699725030974494987187254788599016975499267" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899297000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.18.159 10.0.4.186 14756 80 6 3 180 1760899297 1760899324 ACCEPT OK", - "ingestionTime": 1760899348621, - "eventId": "39269366542668699725030974494987187254788599016975499268" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899297000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.53 10.0.4.186 52246 80 6 3 180 1760899297 1760899324 ACCEPT OK", - "ingestionTime": 1760899348621, - "eventId": "39269366542668699725030974494987187254788599016975499269" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899297000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 52902 80 6 3 180 1760899297 1760899324 ACCEPT OK", - "ingestionTime": 1760899348621, - "eventId": "39269366542668699725030974494987187254788599016975499270" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899297000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.236 10.0.4.186 26402 80 6 3 180 1760899297 1760899324 ACCEPT OK", - "ingestionTime": 1760899348621, - "eventId": "39269366542668699725030974494987187254788599016975499271" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899297000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.38.48 10.0.4.186 21660 80 6 3 180 1760899297 1760899324 ACCEPT OK", - "ingestionTime": 1760899348621, - "eventId": "39269366542668699725030974494987187254788599016975499272" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899297000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.9 10.0.4.186 57706 21 6 4 240 1760899297 1760899324 ACCEPT OK", - "ingestionTime": 1760899348621, - "eventId": "39269366542668699725030974494987187254788599016975499273" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899297000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.38.48 10.0.4.186 40040 80 6 3 180 1760899297 1760899324 ACCEPT OK", - "ingestionTime": 1760899348621, - "eventId": "39269366542668699725030974494987187254788599016975499274" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899299000, - "message": "2 211203495394 eni-0c663685d7a12552e 205.210.31.138 10.0.4.186 50578 7547 6 1 44 1760899299 1760899320 ACCEPT OK", - "ingestionTime": 1760899345032, - "eventId": "39269366587270190122092220773720038958585659558241894400" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899299000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.34.110 10.0.4.186 58372 80 6 3 180 1760899299 1760899320 ACCEPT OK", - "ingestionTime": 1760899345032, - "eventId": "39269366587270190122092220773720038958585659558241894401" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899299000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.46.102 10.0.4.186 22358 80 6 3 180 1760899299 1760899320 ACCEPT OK", - "ingestionTime": 1760899345032, - "eventId": "39269366587270190122092220773720038958585659558241894402" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899299000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.46.102 10.0.4.186 16878 80 6 3 180 1760899299 1760899320 ACCEPT OK", - "ingestionTime": 1760899345032, - "eventId": "39269366587270190122092220773720038958585659558241894403" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899299000, - "message": "2 211203495394 eni-0c663685d7a12552e 35.203.210.85 10.0.4.186 55174 1502 6 1 44 1760899299 1760899320 ACCEPT OK", - "ingestionTime": 1760899345032, - "eventId": "39269366587270190122092220773720038958585659558241894404" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899299000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.6.212 10.0.4.186 45734 80 6 3 180 1760899299 1760899320 ACCEPT OK", - "ingestionTime": 1760899345032, - "eventId": "39269366587270190122092220773720038958585659558241894405" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899299000, - "message": "2 211203495394 eni-0c663685d7a12552e 35.203.210.123 10.0.4.186 56280 11084 6 1 44 1760899299 1760899320 ACCEPT OK", - "ingestionTime": 1760899345032, - "eventId": "39269366587270190122092220773720038958585659558241894406" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899299000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.157 10.0.4.186 64764 80 6 3 180 1760899299 1760899320 ACCEPT OK", - "ingestionTime": 1760899345032, - "eventId": "39269366587270190122092220773720038958585659558241894407" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899299000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.236 10.0.4.186 49614 80 6 3 180 1760899299 1760899320 ACCEPT OK", - "ingestionTime": 1760899345032, - "eventId": "39269366587270190122092220773720038958585659558241894408" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899299000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.18.2 10.0.4.186 27514 21 6 4 240 1760899299 1760899320 ACCEPT OK", - "ingestionTime": 1760899345032, - "eventId": "39269366587270190122092220773720038958585659558241894409" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899299000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.10.34 10.0.4.186 44044 80 6 3 180 1760899299 1760899320 ACCEPT OK", - "ingestionTime": 1760899345032, - "eventId": "39269366587270190122092220773720038958585659558241894410" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899299000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.10.34 10.0.4.186 41366 80 6 3 180 1760899299 1760899320 ACCEPT OK", - "ingestionTime": 1760899345032, - "eventId": "39269366587270190122092220773720038958585659558241894411" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899299000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.22.186 10.0.4.186 47724 80 6 1 60 1760899299 1760899320 ACCEPT OK", - "ingestionTime": 1760899345032, - "eventId": "39269366587270190122092220773720038958585659558241894412" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899299000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.236 10.0.4.186 56174 80 6 3 180 1760899299 1760899320 ACCEPT OK", - "ingestionTime": 1760899345032, - "eventId": "39269366587270190122092220773720038958585659558241894413" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899299000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.2.130 10.0.4.186 37518 80 6 3 180 1760899299 1760899320 ACCEPT OK", - "ingestionTime": 1760899345032, - "eventId": "39269366587270190122092220773720038958585659558241894414" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899299000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.34.56 10.0.4.186 40154 21 6 1 60 1760899299 1760899320 ACCEPT OK", - "ingestionTime": 1760899345032, - "eventId": "39269366587270190122092220773720038958585659558241894415" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899312000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.174 10.0.4.186 32546 80 6 3 180 1760899312 1760899328 ACCEPT OK", - "ingestionTime": 1760899367580, - "eventId": "39269366877179877702990321640943465721827609125627559936" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899312000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.6.1 10.0.4.186 45958 21 6 4 240 1760899312 1760899328 ACCEPT OK", - "ingestionTime": 1760899367580, - "eventId": "39269366877179877702990321640943465721827609125627559937" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899312000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.50.153 10.0.4.186 59358 80 6 3 180 1760899312 1760899328 ACCEPT OK", - "ingestionTime": 1760899367580, - "eventId": "39269366877179877702990321640943465721827609125627559938" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899312000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.53 10.0.4.186 48134 80 6 3 180 1760899312 1760899328 ACCEPT OK", - "ingestionTime": 1760899367580, - "eventId": "39269366877179877702990321640943465721827609125627559939" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899312000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.223 10.0.4.186 36966 21 6 4 240 1760899312 1760899328 ACCEPT OK", - "ingestionTime": 1760899367580, - "eventId": "39269366877179877702990321640943465721827609125627559940" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899323000, - "message": "2 211203495394 eni-0c663685d7a12552e 13.214.173.166 10.0.4.186 0 0 1 1 28 1760899323 1760899350 ACCEPT OK", - "ingestionTime": 1760899369733, - "eventId": "39269367122488074886827176200439152160092688428093407232" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899323000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.18.159 10.0.4.186 49060 80 6 3 180 1760899323 1760899350 ACCEPT OK", - "ingestionTime": 1760899369733, - "eventId": "39269367122488074886827176200439152160092688428093407233" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899323000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.34.110 10.0.4.186 21004 80 6 3 180 1760899323 1760899350 ACCEPT OK", - "ingestionTime": 1760899369733, - "eventId": "39269367122488074886827176200439152160092688428093407234" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899323000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.236 10.0.4.186 29018 80 6 3 180 1760899323 1760899350 ACCEPT OK", - "ingestionTime": 1760899369733, - "eventId": "39269367122488074886827176200439152160092688428093407235" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899323000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.174 10.0.4.186 15302 80 6 3 180 1760899323 1760899350 ACCEPT OK", - "ingestionTime": 1760899369733, - "eventId": "39269367122488074886827176200439152160092688428093407236" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899323000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.2.130 10.0.4.186 15122 80 6 3 180 1760899323 1760899350 ACCEPT OK", - "ingestionTime": 1760899369733, - "eventId": "39269367122488074886827176200439152160092688428093407237" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899323000, - "message": "2 211203495394 eni-0c663685d7a12552e - - - - - - - 1760899323 1760899350 - SKIPDATA", - "ingestionTime": 1760899369733, - "eventId": "39269367122488074886827176200439152160092688428093407238" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899324000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.34.56 10.0.4.186 52034 21 6 4 240 1760899324 1760899350 ACCEPT OK", - "ingestionTime": 1760899381515, - "eventId": "39269367144788820085357799356217906366988921572040507392" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899324000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.121 10.0.4.186 28464 80 6 3 180 1760899324 1760899350 ACCEPT OK", - "ingestionTime": 1760899381515, - "eventId": "39269367144788820085357799356217906366988921572040507393" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899324000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.34.56 10.0.4.186 61844 21 6 2 120 1760899324 1760899350 ACCEPT OK", - "ingestionTime": 1760899381515, - "eventId": "39269367144788820085357799356217906366988921572040507394" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899324000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.50.103 10.0.4.186 37012 21 6 4 240 1760899324 1760899350 ACCEPT OK", - "ingestionTime": 1760899381515, - "eventId": "39269367144788820085357799356217906366988921572040507395" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899324000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.10.34 10.0.4.186 65418 80 6 3 180 1760899324 1760899350 ACCEPT OK", - "ingestionTime": 1760899381515, - "eventId": "39269367144788820085357799356217906366988921572040507396" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899324000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.50.153 10.0.4.186 27682 80 6 3 180 1760899324 1760899350 ACCEPT OK", - "ingestionTime": 1760899381515, - "eventId": "39269367144788820085357799356217906366988921572040507397" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899324000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.38.30 10.0.4.186 45390 21 6 4 240 1760899324 1760899350 ACCEPT OK", - "ingestionTime": 1760899381515, - "eventId": "39269367144788820085357799356217906366988921572040507398" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899324000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 50814 80 6 3 180 1760899324 1760899350 ACCEPT OK", - "ingestionTime": 1760899381515, - "eventId": "39269367144788820085357799356217906366988921572040507399" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899324000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 41210 80 6 3 180 1760899324 1760899350 ACCEPT OK", - "ingestionTime": 1760899381515, - "eventId": "39269367144788820085357799356217906366988921572040507400" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899324000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 38070 80 6 3 180 1760899324 1760899350 ACCEPT OK", - "ingestionTime": 1760899381515, - "eventId": "39269367144788820085357799356217906366988921572040507401" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899324000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.18.159 10.0.4.186 9706 80 6 3 180 1760899324 1760899350 ACCEPT OK", - "ingestionTime": 1760899381515, - "eventId": "39269367144788820085357799356217906366988921572040507402" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899325000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.6.212 10.0.4.186 50430 80 6 3 180 1760899325 1760899343 ACCEPT OK", - "ingestionTime": 1760899376838, - "eventId": "39269367167089565283888422492099880415774954362776715264" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899325000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.42.79 10.0.4.186 18182 21 6 4 240 1760899325 1760899343 ACCEPT OK", - "ingestionTime": 1760899376838, - "eventId": "39269367167089565283888422492099880415774954362776715265" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899325000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.22.186 10.0.4.186 47948 80 6 3 180 1760899325 1760899343 ACCEPT OK", - "ingestionTime": 1760899376838, - "eventId": "39269367167089565283888422492099880415774954362776715266" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899325000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 34372 80 6 1 60 1760899325 1760899343 ACCEPT OK", - "ingestionTime": 1760899376838, - "eventId": "39269367167089565283888422492099880415774954362776715267" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899325000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.18.159 10.0.4.186 26294 80 6 3 180 1760899325 1760899343 ACCEPT OK", - "ingestionTime": 1760899376838, - "eventId": "39269367167089565283888422492099880415774954362776715268" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899325000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.18.159 10.0.4.186 11968 80 6 3 180 1760899325 1760899343 ACCEPT OK", - "ingestionTime": 1760899376838, - "eventId": "39269367167089565283888422492099880415774954362776715269" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899325000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.46.102 10.0.4.186 28368 80 6 3 180 1760899325 1760899343 ACCEPT OK", - "ingestionTime": 1760899376838, - "eventId": "39269367167089565283888422492099880415774954362776715270" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899325000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.38.48 10.0.4.186 19342 80 6 3 180 1760899325 1760899343 ACCEPT OK", - "ingestionTime": 1760899376838, - "eventId": "39269367167089565283888422492099880415774954362776715271" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899325000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.18.2 10.0.4.186 29372 21 6 4 240 1760899325 1760899343 ACCEPT OK", - "ingestionTime": 1760899376838, - "eventId": "39269367167089565283888422492099880415774954362776715272" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899325000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 46546 80 6 3 180 1760899325 1760899343 ACCEPT OK", - "ingestionTime": 1760899376838, - "eventId": "39269367167089565283888422492099880415774954362776715273" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899325000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.50.153 10.0.4.186 23346 80 6 3 180 1760899325 1760899343 ACCEPT OK", - "ingestionTime": 1760899376838, - "eventId": "39269367167089565283888422492099880415774954362776715274" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899327000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.121 10.0.4.186 58710 80 6 3 180 1760899327 1760899355 ACCEPT OK", - "ingestionTime": 1760899377777, - "eventId": "39269367211691055680949668776306210749227841375661588480" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899327000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.223 10.0.4.186 44376 21 6 4 240 1760899327 1760899355 ACCEPT OK", - "ingestionTime": 1760899377777, - "eventId": "39269367211691055680949668776306210749227841375661588481" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899327000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.2.130 10.0.4.186 50536 80 6 1 60 1760899327 1760899355 ACCEPT OK", - "ingestionTime": 1760899377777, - "eventId": "39269367211691055680949668776306210749227841375661588482" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899327000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.236 10.0.4.186 57464 80 6 3 180 1760899327 1760899355 ACCEPT OK", - "ingestionTime": 1760899377777, - "eventId": "39269367211691055680949668776306210749227841375661588483" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899327000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.50.103 10.0.4.186 23402 21 6 4 240 1760899327 1760899355 ACCEPT OK", - "ingestionTime": 1760899377777, - "eventId": "39269367211691055680949668776306210749227841375661588484" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899327000, - "message": "2 211203495394 eni-0c663685d7a12552e 162.216.150.86 10.0.4.186 55131 57357 6 1 44 1760899327 1760899355 ACCEPT OK", - "ingestionTime": 1760899377777, - "eventId": "39269367211691055680949668776306210749227841375661588485" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899327000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.34.110 10.0.4.186 53474 80 6 3 180 1760899327 1760899355 ACCEPT OK", - "ingestionTime": 1760899377777, - "eventId": "39269367211691055680949668776306210749227841375661588486" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899327000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.46.102 10.0.4.186 56830 80 6 3 180 1760899327 1760899355 ACCEPT OK", - "ingestionTime": 1760899377777, - "eventId": "39269367211691055680949668776306210749227841375661588487" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899327000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.100 10.0.4.186 20716 21 6 4 240 1760899327 1760899355 ACCEPT OK", - "ingestionTime": 1760899377777, - "eventId": "39269367211691055680949668776306210749227841375661588488" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899327000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.18.2 10.0.4.186 21308 21 6 4 240 1760899327 1760899355 ACCEPT OK", - "ingestionTime": 1760899377777, - "eventId": "39269367211691055680949668776306210749227841375661588489" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899327000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.22.145 10.0.4.186 64576 21 6 1 60 1760899327 1760899355 ACCEPT OK", - "ingestionTime": 1760899377777, - "eventId": "39269367211691055680949668776306210749227841375661588490" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899327000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.53 10.0.4.186 54428 80 6 3 180 1760899327 1760899355 ACCEPT OK", - "ingestionTime": 1760899377777, - "eventId": "39269367211691055680949668776306210749227841375661588491" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899327000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.22.186 10.0.4.186 56326 80 6 3 180 1760899327 1760899355 ACCEPT OK", - "ingestionTime": 1760899377777, - "eventId": "39269367211691055680949668776306210749227841375661588492" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899327000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 11346 80 6 1 60 1760899327 1760899355 ACCEPT OK", - "ingestionTime": 1760899377777, - "eventId": "39269367211691055680949668776306210749227841375661588493" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899327000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.38.48 10.0.4.186 54058 80 6 3 180 1760899327 1760899355 ACCEPT OK", - "ingestionTime": 1760899377777, - "eventId": "39269367211691055680949668776306210749227841375661588494" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899331000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.174 10.0.4.186 28496 80 6 1 60 1760899331 1760899360 ACCEPT OK", - "ingestionTime": 1760899382740, - "eventId": "39269367300894036475072161348448949631126678245174607872" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899331000, - "message": "2 211203495394 eni-0c663685d7a12552e 87.120.191.93 10.0.4.186 51632 80 6 1 40 1760899331 1760899360 ACCEPT OK", - "ingestionTime": 1760899382740, - "eventId": "39269367300894036475072161348448949631126678245174607873" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899331000, - "message": "2 211203495394 eni-0c663685d7a12552e 41.59.173.249 10.0.4.186 44087 23 6 1 60 1760899331 1760899360 ACCEPT OK", - "ingestionTime": 1760899382740, - "eventId": "39269367300894036475072161348448949631126678245174607874" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899331000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.174 10.0.4.186 39996 80 6 3 180 1760899331 1760899360 ACCEPT OK", - "ingestionTime": 1760899382740, - "eventId": "39269367300894036475072161348448949631126678245174607875" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899331000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.157 10.0.4.186 59438 80 6 3 180 1760899331 1760899360 ACCEPT OK", - "ingestionTime": 1760899382740, - "eventId": "39269367300894036475072161348448949631126678245174607876" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899331000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.6.212 10.0.4.186 61964 80 6 3 180 1760899331 1760899360 ACCEPT OK", - "ingestionTime": 1760899382740, - "eventId": "39269367300894036475072161348448949631126678245174607877" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899331000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.9 10.0.4.186 15392 21 6 4 240 1760899331 1760899360 ACCEPT OK", - "ingestionTime": 1760899382740, - "eventId": "39269367300894036475072161348448949631126678245174607878" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899331000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.10.12 10.0.4.186 11790 21 6 4 240 1760899331 1760899360 ACCEPT OK", - "ingestionTime": 1760899382740, - "eventId": "39269367300894036475072161348448949631126678245174607879" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899331000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.22.186 10.0.4.186 37404 80 6 3 180 1760899331 1760899360 ACCEPT OK", - "ingestionTime": 1760899382740, - "eventId": "39269367300894036475072161348448949631126678245174607880" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899331000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.65 10.0.4.186 46602 21 6 4 240 1760899331 1760899360 ACCEPT OK", - "ingestionTime": 1760899382740, - "eventId": "39269367300894036475072161348448949631126678245174607881" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899352000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.22.186 10.0.4.186 25578 80 6 3 180 1760899352 1760899374 ACCEPT OK", - "ingestionTime": 1760899408802, - "eventId": "39269367769209685644215247352206373185917490583177330688" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899352000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.10.34 10.0.4.186 49716 80 6 3 180 1760899352 1760899374 ACCEPT OK", - "ingestionTime": 1760899408802, - "eventId": "39269367769209685644215247352206373185917490583177330689" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899352000, - "message": "2 211203495394 eni-0c663685d7a12552e - - - - - - - 1760899352 1760899374 - SKIPDATA", - "ingestionTime": 1760899408802, - "eventId": "39269367769209685644215247352206373185917490583177330690" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899354000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.18.159 10.0.4.186 47440 80 6 3 180 1760899354 1760899378 ACCEPT OK", - "ingestionTime": 1760899412440, - "eventId": "39269367813811176041276493639675932908351685245456547840" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899354000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 12744 21 6 4 240 1760899354 1760899378 ACCEPT OK", - "ingestionTime": 1760899412440, - "eventId": "39269367813811176041276493639675932908351685245456547841" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899354000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.121 10.0.4.186 19934 80 6 3 180 1760899354 1760899378 ACCEPT OK", - "ingestionTime": 1760899412440, - "eventId": "39269367813811176041276493639675932908351685245456547842" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899354000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.50.153 10.0.4.186 55776 80 6 3 180 1760899354 1760899378 ACCEPT OK", - "ingestionTime": 1760899412440, - "eventId": "39269367813811176041276493639675932908351685245456547843" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899354000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.121 10.0.4.186 18552 80 6 1 60 1760899354 1760899379 ACCEPT OK", - "ingestionTime": 1760899412903, - "eventId": "39269367813811176041276493640235400035658293895875198976" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899354000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.121 10.0.4.186 22126 80 6 3 180 1760899354 1760899379 ACCEPT OK", - "ingestionTime": 1760899412903, - "eventId": "39269367813811176041276493640235400035658293895875198977" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899354000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.22.186 10.0.4.186 10576 80 6 3 180 1760899354 1760899379 ACCEPT OK", - "ingestionTime": 1760899412903, - "eventId": "39269367813811176041276493640235400035658293895875198978" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899354000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.42.79 10.0.4.186 24392 80 6 3 180 1760899354 1760899379 ACCEPT OK", - "ingestionTime": 1760899412903, - "eventId": "39269367813811176041276493640235400035658293895875198979" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899354000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.174 10.0.4.186 33602 80 6 3 180 1760899354 1760899379 ACCEPT OK", - "ingestionTime": 1760899412903, - "eventId": "39269367813811176041276493640235400035658293895875198980" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899354000, - "message": "2 211203495394 eni-0c663685d7a12552e 92.63.197.66 10.0.4.186 8080 6224 6 1 40 1760899354 1760899379 ACCEPT OK", - "ingestionTime": 1760899412903, - "eventId": "39269367813811176041276493640235400035658293895875198981" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899354000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.6.212 10.0.4.186 18116 80 6 3 180 1760899354 1760899379 ACCEPT OK", - "ingestionTime": 1760899412903, - "eventId": "39269367813811176041276493640235400035658293895875198982" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899354000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.46.102 10.0.4.186 35388 80 6 3 180 1760899354 1760899379 ACCEPT OK", - "ingestionTime": 1760899412903, - "eventId": "39269367813811176041276493640235400035658293895875198983" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899354000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.38.30 10.0.4.186 43842 21 6 4 240 1760899354 1760899379 ACCEPT OK", - "ingestionTime": 1760899412903, - "eventId": "39269367813811176041276493640235400035658293895875198984" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899354000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.50.153 10.0.4.186 27478 80 6 3 180 1760899354 1760899379 ACCEPT OK", - "ingestionTime": 1760899412903, - "eventId": "39269367813811176041276493640235400035658293895875198985" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899358000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.10.34 10.0.4.186 37470 80 6 3 180 1760899358 1760899384 ACCEPT OK", - "ingestionTime": 1760899408496, - "eventId": "39269367903014156835398986201050591227621666028279234560" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899358000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.42.79 10.0.4.186 59854 80 6 3 180 1760899358 1760899384 ACCEPT OK", - "ingestionTime": 1760899408496, - "eventId": "39269367903014156835398986201050591227621666028279234561" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899358000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.53 10.0.4.186 35168 80 6 3 180 1760899358 1760899384 ACCEPT OK", - "ingestionTime": 1760899408496, - "eventId": "39269367903014156835398986201050591227621666028279234562" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899358000, - "message": "2 211203495394 eni-0c663685d7a12552e 91.196.152.225 10.0.4.186 48508 14430 6 1 60 1760899358 1760899384 ACCEPT OK", - "ingestionTime": 1760899408496, - "eventId": "39269367903014156835398986201050591227621666028279234563" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899358000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.126 10.0.4.186 52196 21 6 4 240 1760899358 1760899384 ACCEPT OK", - "ingestionTime": 1760899408496, - "eventId": "39269367903014156835398986201050591227621666028279234564" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899358000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.42.79 10.0.4.186 37160 21 6 4 240 1760899358 1760899384 ACCEPT OK", - "ingestionTime": 1760899408496, - "eventId": "39269367903014156835398986201050591227621666028279234565" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899358000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.236 10.0.4.186 48292 80 6 3 180 1760899358 1760899384 ACCEPT OK", - "ingestionTime": 1760899408496, - "eventId": "39269367903014156835398986201050591227621666028279234566" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899358000, - "message": "2 211203495394 eni-0c663685d7a12552e 35.203.210.253 10.0.4.186 54329 9606 6 1 44 1760899358 1760899384 ACCEPT OK", - "ingestionTime": 1760899408496, - "eventId": "39269367903014156835398986201050591227621666028279234567" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899358000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.18.159 10.0.4.186 55998 80 6 3 180 1760899358 1760899384 ACCEPT OK", - "ingestionTime": 1760899408496, - "eventId": "39269367903014156835398986201050591227621666028279234568" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899358000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.18.159 10.0.4.186 13248 80 6 3 180 1760899358 1760899384 ACCEPT OK", - "ingestionTime": 1760899408496, - "eventId": "39269367903014156835398986201050591227621666028279234569" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899358000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.22.186 10.0.4.186 27354 80 6 3 180 1760899358 1760899384 ACCEPT OK", - "ingestionTime": 1760899408496, - "eventId": "39269367903014156835398986201050591227621666028279234570" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899358000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.22.186 10.0.4.186 18188 80 6 2 120 1760899358 1760899384 ACCEPT OK", - "ingestionTime": 1760899408496, - "eventId": "39269367903014156835398986201050591227621666028279234571" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899358000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.42.79 10.0.4.186 15930 80 6 3 180 1760899358 1760899384 ACCEPT OK", - "ingestionTime": 1760899408496, - "eventId": "39269367903014156835398986201050591227621666028279234572" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899363000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.157 10.0.4.186 14392 80 6 3 180 1760899363 1760899388 ACCEPT OK", - "ingestionTime": 1760899420016, - "eventId": "39269368014517882828052101922655979963925164507745746944" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899363000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.10.12 10.0.4.186 16508 21 6 3 180 1760899363 1760899388 ACCEPT OK", - "ingestionTime": 1760899420016, - "eventId": "39269368014517882828052101922655979963925164507745746945" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899363000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.22.145 10.0.4.186 45642 21 6 4 240 1760899363 1760899388 ACCEPT OK", - "ingestionTime": 1760899420016, - "eventId": "39269368014517882828052101922655979963925164507745746946" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899363000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.174 10.0.4.186 65378 80 6 3 180 1760899363 1760899388 ACCEPT OK", - "ingestionTime": 1760899420016, - "eventId": "39269368014517882828052101922655979963925164507745746947" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899363000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.126 10.0.4.186 48818 21 6 4 240 1760899363 1760899388 ACCEPT OK", - "ingestionTime": 1760899420016, - "eventId": "39269368014517882828052101922655979963925164507745746948" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899363000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.50.103 10.0.4.186 57706 21 6 4 240 1760899363 1760899388 ACCEPT OK", - "ingestionTime": 1760899420016, - "eventId": "39269368014517882828052101922655979963925164507745746949" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899363000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.65 10.0.4.186 11464 21 6 4 240 1760899363 1760899388 ACCEPT OK", - "ingestionTime": 1760899420016, - "eventId": "39269368014517882828052101922655979963925164507745746950" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899363000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.100 10.0.4.186 34208 21 6 4 240 1760899363 1760899388 ACCEPT OK", - "ingestionTime": 1760899420016, - "eventId": "39269368014517882828052101922655979963925164507745746951" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899363000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.46.102 10.0.4.186 31380 80 6 3 180 1760899363 1760899388 ACCEPT OK", - "ingestionTime": 1760899420016, - "eventId": "39269368014517882828052101922655979963925164507745746952" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899363000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.157 10.0.4.186 18816 80 6 3 180 1760899363 1760899388 ACCEPT OK", - "ingestionTime": 1760899420016, - "eventId": "39269368014517882828052101922655979963925164507745746953" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899382000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.2.31 10.0.4.186 36286 21 6 4 240 1760899382 1760899406 ACCEPT OK", - "ingestionTime": 1760899428549, - "eventId": "39269368438232041600133941622150274088155816644489117696" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899382000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.2.130 10.0.4.186 25478 80 6 3 180 1760899382 1760899406 ACCEPT OK", - "ingestionTime": 1760899428549, - "eventId": "39269368438232041600133941622150274088155816644489117697" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899382000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.46.163 10.0.4.186 29340 21 6 4 240 1760899382 1760899406 ACCEPT OK", - "ingestionTime": 1760899428549, - "eventId": "39269368438232041600133941622150274088155816644489117698" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899382000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.53 10.0.4.186 53794 80 6 3 180 1760899382 1760899406 ACCEPT OK", - "ingestionTime": 1760899428549, - "eventId": "39269368438232041600133941622150274088155816644489117699" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899382000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 42022 80 6 3 180 1760899382 1760899406 ACCEPT OK", - "ingestionTime": 1760899428549, - "eventId": "39269368438232041600133941622150274088155816644489117700" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899382000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.42.79 10.0.4.186 13670 21 6 3 180 1760899382 1760899406 ACCEPT OK", - "ingestionTime": 1760899428549, - "eventId": "39269368438232041600133941622150274088155816644489117701" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899382000, - "message": "2 211203495394 eni-0c663685d7a12552e - - - - - - - 1760899382 1760899406 - SKIPDATA", - "ingestionTime": 1760899428549, - "eventId": "39269368438232041600133941622150274088155816644489117702" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899383000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.22.145 10.0.4.186 37698 21 6 4 240 1760899383 1760899410 ACCEPT OK", - "ingestionTime": 1760899435363, - "eventId": "39269368460532786798664564771924077711599893038972338176" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899383000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.100 10.0.4.186 63386 21 6 4 240 1760899383 1760899410 ACCEPT OK", - "ingestionTime": 1760899435363, - "eventId": "39269368460532786798664564771924077711599893038972338177" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899383000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.6.1 10.0.4.186 24506 21 6 4 240 1760899383 1760899410 ACCEPT OK", - "ingestionTime": 1760899435363, - "eventId": "39269368460532786798664564771924077711599893038972338178" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899383000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.34.56 10.0.4.186 13550 21 6 4 240 1760899383 1760899410 ACCEPT OK", - "ingestionTime": 1760899435363, - "eventId": "39269368460532786798664564771924077711599893038972338179" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899383000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.50.153 10.0.4.186 61784 80 6 3 180 1760899383 1760899410 ACCEPT OK", - "ingestionTime": 1760899435363, - "eventId": "39269368460532786798664564771924077711599893038972338180" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899383000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.42.79 10.0.4.186 31186 80 6 3 180 1760899383 1760899410 ACCEPT OK", - "ingestionTime": 1760899435363, - "eventId": "39269368460532786798664564771924077711599893038972338181" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899383000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.34.56 10.0.4.186 61844 21 6 2 120 1760899383 1760899410 ACCEPT OK", - "ingestionTime": 1760899435363, - "eventId": "39269368460532786798664564771924077711599893038972338182" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899383000, - "message": "2 211203495394 eni-0c663685d7a12552e 147.185.132.26 10.0.4.186 56968 9530 6 1 44 1760899383 1760899410 ACCEPT OK", - "ingestionTime": 1760899435363, - "eventId": "39269368460532786798664564771924077711599893038972338183" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899383000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.100 10.0.4.186 44220 21 6 2 120 1760899383 1760899410 ACCEPT OK", - "ingestionTime": 1760899435363, - "eventId": "39269368460532786798664564771924077711599893038972338184" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899383000, - "message": "2 211203495394 eni-0c663685d7a12552e 162.216.150.181 10.0.4.186 49778 9108 6 1 44 1760899383 1760899410 ACCEPT OK", - "ingestionTime": 1760899435363, - "eventId": "39269368460532786798664564771924077711599893038972338185" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899383000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.174 10.0.4.186 21902 80 6 3 180 1760899383 1760899410 ACCEPT OK", - "ingestionTime": 1760899435363, - "eventId": "39269368460532786798664564771924077711599893038972338186" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899383000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.65 10.0.4.186 61022 21 6 4 240 1760899383 1760899410 ACCEPT OK", - "ingestionTime": 1760899435363, - "eventId": "39269368460532786798664564771924077711599893038972338187" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899387000, - "message": "2 211203495394 eni-0c663685d7a12552e 40.124.175.174 10.0.4.186 48441 993 6 1 52 1760899387 1760899410 ACCEPT OK", - "ingestionTime": 1760899431153, - "eventId": "39269368549735767592787057332977025247197197492447477760" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899387000, - "message": "2 211203495394 eni-0c663685d7a12552e 147.185.132.182 10.0.4.186 54893 7706 6 1 44 1760899387 1760899410 ACCEPT OK", - "ingestionTime": 1760899431153, - "eventId": "39269368549735767592787057332977025247197197492447477761" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899387000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.6.212 10.0.4.186 54974 80 6 3 180 1760899387 1760899410 ACCEPT OK", - "ingestionTime": 1760899431153, - "eventId": "39269368549735767592787057332977025247197197492447477762" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899387000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.126 10.0.4.186 44314 21 6 4 240 1760899387 1760899410 ACCEPT OK", - "ingestionTime": 1760899431153, - "eventId": "39269368549735767592787057332977025247197197492447477763" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899387000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.18.159 10.0.4.186 19256 80 6 3 180 1760899387 1760899410 ACCEPT OK", - "ingestionTime": 1760899431153, - "eventId": "39269368549735767592787057332977025247197197492447477764" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899387000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.236 10.0.4.186 45020 80 6 2 120 1760899387 1760899416 ACCEPT OK", - "ingestionTime": 1760899434149, - "eventId": "39269368549735767592787057336599182057567182487830134784" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899387000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.2.31 10.0.4.186 30032 21 6 4 240 1760899387 1760899416 ACCEPT OK", - "ingestionTime": 1760899434149, - "eventId": "39269368549735767592787057336599182057567182487830134785" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899387000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.46.163 10.0.4.186 63082 21 6 4 240 1760899387 1760899416 ACCEPT OK", - "ingestionTime": 1760899434149, - "eventId": "39269368549735767592787057336599182057567182487830134786" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899387000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.38.48 10.0.4.186 36934 80 6 3 180 1760899387 1760899416 ACCEPT OK", - "ingestionTime": 1760899434149, - "eventId": "39269368549735767592787057336599182057567182487830134787" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899387000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.10.34 10.0.4.186 62370 80 6 3 180 1760899387 1760899416 ACCEPT OK", - "ingestionTime": 1760899434149, - "eventId": "39269368549735767592787057336599182057567182487830134788" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899387000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.157 10.0.4.186 13408 80 6 3 180 1760899387 1760899416 ACCEPT OK", - "ingestionTime": 1760899434149, - "eventId": "39269368549735767592787057336599182057567182487830134789" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899387000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.2.130 10.0.4.186 21982 80 6 3 180 1760899387 1760899416 ACCEPT OK", - "ingestionTime": 1760899434149, - "eventId": "39269368549735767592787057336599182057567182487830134790" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899387000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 11346 80 6 2 120 1760899387 1760899416 ACCEPT OK", - "ingestionTime": 1760899434149, - "eventId": "39269368549735767592787057336599182057567182487830134791" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899387000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 32590 80 6 3 180 1760899387 1760899416 ACCEPT OK", - "ingestionTime": 1760899434149, - "eventId": "39269368549735767592787057336599182057567182487830134792" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899394000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.42.79 10.0.4.186 42266 80 6 3 180 1760899394 1760899421 ACCEPT OK", - "ingestionTime": 1760899455104, - "eventId": "39269368705840983982501419352682204274414774293099839488" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899394000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.42.79 10.0.4.186 54384 80 6 3 180 1760899394 1760899421 ACCEPT OK", - "ingestionTime": 1760899455104, - "eventId": "39269368705840983982501419352682204274414774293099839489" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899394000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.157 10.0.4.186 37458 80 6 3 180 1760899394 1760899421 ACCEPT OK", - "ingestionTime": 1760899455104, - "eventId": "39269368705840983982501419352682204274414774293099839490" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899394000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.53 10.0.4.186 39936 80 6 3 180 1760899394 1760899421 ACCEPT OK", - "ingestionTime": 1760899455104, - "eventId": "39269368705840983982501419352682204274414774293099839491" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899394000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.38.48 10.0.4.186 24968 80 6 3 180 1760899394 1760899421 ACCEPT OK", - "ingestionTime": 1760899455104, - "eventId": "39269368705840983982501419352682204274414774293099839492" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899394000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 63412 80 6 3 180 1760899394 1760899421 ACCEPT OK", - "ingestionTime": 1760899455104, - "eventId": "39269368705840983982501419352682204274414774293099839493" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899394000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.6.212 10.0.4.186 34598 80 6 3 180 1760899394 1760899421 ACCEPT OK", - "ingestionTime": 1760899455104, - "eventId": "39269368705840983982501419352682204274414774293099839494" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899394000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.53 10.0.4.186 48400 80 6 3 180 1760899394 1760899421 ACCEPT OK", - "ingestionTime": 1760899455104, - "eventId": "39269368705840983982501419352682204274414774293099839495" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899394000, - "message": "2 211203495394 eni-0c663685d7a12552e 205.210.31.140 10.0.4.186 50762 1443 6 1 44 1760899394 1760899421 ACCEPT OK", - "ingestionTime": 1760899455104, - "eventId": "39269368705840983982501419352682204274414774293099839496" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899394000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.236 10.0.4.186 13368 80 6 3 180 1760899394 1760899421 ACCEPT OK", - "ingestionTime": 1760899455104, - "eventId": "39269368705840983982501419352682204274414774293099839497" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899394000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.2.130 10.0.4.186 15050 80 6 3 180 1760899394 1760899421 ACCEPT OK", - "ingestionTime": 1760899455104, - "eventId": "39269368705840983982501419352682204274414774293099839498" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899394000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.157 10.0.4.186 26108 80 6 3 180 1760899394 1760899421 ACCEPT OK", - "ingestionTime": 1760899455104, - "eventId": "39269368705840983982501419352682204274414774293099839499" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899394000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.22.145 10.0.4.186 45052 21 6 4 240 1760899394 1760899421 ACCEPT OK", - "ingestionTime": 1760899455104, - "eventId": "39269368705840983982501419352682204274414774293099839500" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899414000, - "message": "2 211203495394 eni-0c663685d7a12552e 95.214.53.196 10.0.4.186 40742 16379 6 1 40 1760899414 1760899437 ACCEPT OK", - "ingestionTime": 1760899458154, - "eventId": "39269369151855887953113882187083579791881746227358859264" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899414000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 48250 80 6 3 180 1760899414 1760899437 ACCEPT OK", - "ingestionTime": 1760899458154, - "eventId": "39269369151855887953113882187083579791881746227358859265" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899414000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.34.110 10.0.4.186 63068 80 6 1 60 1760899414 1760899437 ACCEPT OK", - "ingestionTime": 1760899458154, - "eventId": "39269369151855887953113882187083579791881746227358859266" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899414000, - "message": "2 211203495394 eni-0c663685d7a12552e - - - - - - - 1760899414 1760899437 - SKIPDATA", - "ingestionTime": 1760899458154, - "eventId": "39269369151855887953113882187083579791881746227358859267" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899414000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.38.30 10.0.4.186 15034 21 6 4 240 1760899414 1760899438 ACCEPT OK", - "ingestionTime": 1760899467683, - "eventId": "39269369151855887953113882198603628849459116683788746752" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899414000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.10.34 10.0.4.186 20028 80 6 3 180 1760899414 1760899438 ACCEPT OK", - "ingestionTime": 1760899467683, - "eventId": "39269369151855887953113882198603628849459116683788746753" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899414000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.53 10.0.4.186 16406 80 6 3 180 1760899414 1760899438 ACCEPT OK", - "ingestionTime": 1760899467683, - "eventId": "39269369151855887953113882198603628849459116683788746754" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899414000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.2.31 10.0.4.186 24550 21 6 4 240 1760899414 1760899438 ACCEPT OK", - "ingestionTime": 1760899467683, - "eventId": "39269369151855887953113882198603628849459116683788746755" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899414000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.42.79 10.0.4.186 62060 21 6 3 180 1760899414 1760899438 ACCEPT OK", - "ingestionTime": 1760899467683, - "eventId": "39269369151855887953113882198603628849459116683788746756" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899414000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.121 10.0.4.186 60596 80 6 3 180 1760899414 1760899438 ACCEPT OK", - "ingestionTime": 1760899467683, - "eventId": "39269369151855887953113882198603628849459116683788746757" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899414000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.34.110 10.0.4.186 35718 80 6 3 180 1760899414 1760899438 ACCEPT OK", - "ingestionTime": 1760899467683, - "eventId": "39269369151855887953113882198603628849459116683788746758" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899414000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.9 10.0.4.186 16994 21 6 3 180 1760899414 1760899438 ACCEPT OK", - "ingestionTime": 1760899467683, - "eventId": "39269369151855887953113882198603628849459116683788746759" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899414000, - "message": "2 211203495394 eni-0c663685d7a12552e 47.74.55.112 10.0.4.186 57188 12320 6 1 52 1760899414 1760899438 ACCEPT OK", - "ingestionTime": 1760899467683, - "eventId": "39269369151855887953113882198603628849459116683788746760" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899414000, - "message": "2 211203495394 eni-0c663685d7a12552e 162.216.150.55 10.0.4.186 51355 34473 6 1 44 1760899414 1760899438 ACCEPT OK", - "ingestionTime": 1760899467683, - "eventId": "39269369151855887953113882198603628849459116683788746761" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899414000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 16338 80 6 3 180 1760899414 1760899438 ACCEPT OK", - "ingestionTime": 1760899467683, - "eventId": "39269369151855887953113882198603628849459116683788746762" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899414000, - "message": "2 211203495394 eni-0c663685d7a12552e 162.216.149.61 10.0.4.186 55176 49010 6 1 44 1760899414 1760899438 ACCEPT OK", - "ingestionTime": 1760899467683, - "eventId": "39269369151855887953113882198603628849459116683788746763" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899415000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.50.153 10.0.4.186 33922 80 6 3 180 1760899415 1760899441 ACCEPT OK", - "ingestionTime": 1760899465450, - "eventId": "39269369174156633151644505337439453974580325074051334144" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899415000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.38.48 10.0.4.186 38080 80 6 3 180 1760899415 1760899441 ACCEPT OK", - "ingestionTime": 1760899465450, - "eventId": "39269369174156633151644505337439453974580325074051334145" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899415000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.53 10.0.4.186 47416 80 6 3 180 1760899415 1760899441 ACCEPT OK", - "ingestionTime": 1760899465450, - "eventId": "39269369174156633151644505337439453974580325074051334146" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899415000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.46.102 10.0.4.186 30120 80 6 3 180 1760899415 1760899441 ACCEPT OK", - "ingestionTime": 1760899465450, - "eventId": "39269369174156633151644505337439453974580325074051334147" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899415000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.34.110 10.0.4.186 61568 80 6 3 180 1760899415 1760899441 ACCEPT OK", - "ingestionTime": 1760899465450, - "eventId": "39269369174156633151644505337439453974580325074051334148" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899415000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.6.212 10.0.4.186 38820 80 6 3 180 1760899415 1760899441 ACCEPT OK", - "ingestionTime": 1760899465450, - "eventId": "39269369174156633151644505337439453974580325074051334149" - } - ], - "eni-0b0549e20044315f3-all": [ - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899050000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899050 1760899129 - NODATA", - "ingestionTime": 1760899149148, - "eventId": "39269361034384635687967058294516883796158603200468746240" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899063000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899063 1760899133 - NODATA", - "ingestionTime": 1760899191042, - "eventId": "39269361324294323268865159185128106407086387132881174528" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899065000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899065 1760899140 - NODATA", - "ingestionTime": 1760899158751, - "eventId": "39269361368895813665926405429162124440841377838471249920" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899066000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899066 1760899145 - NODATA", - "ingestionTime": 1760899169059, - "eventId": "39269361391196558864457028583159222796051983380536492032" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899072000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899072 1760899154 - NODATA", - "ingestionTime": 1760899183447, - "eventId": "39269361525001030055640767449767568231817834522370572288" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899083000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899083 1760899163 - NODATA", - "ingestionTime": 1760899191130, - "eventId": "39269361770309227239477622015948951614231990473462448128" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899095000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899095 1760899177 - NODATA", - "ingestionTime": 1760899203123, - "eventId": "39269362037918169621845099728876158476315828073130033152" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899096000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899096 1760899173 - NODATA", - "ingestionTime": 1760899191541, - "eventId": "39269362060218914820375722856410123339823436258297708544" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899110000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899110 1760899188 - NODATA", - "ingestionTime": 1760899209964, - "eventId": "39269362372429347599804446860182095577718871838885019648" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899124000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899124 1760899206 - NODATA", - "ingestionTime": 1760899229535, - "eventId": "39269362684639780379233170865342036892205695946093232128" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899125000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899125 1760899199 - NODATA", - "ingestionTime": 1760899251421, - "eventId": "39269362706940525577763794033336149004260622706450890752" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899126000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899126 1760899200 - NODATA", - "ingestionTime": 1760899220164, - "eventId": "39269362729241270776294417137084416047159533537171668992" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899127000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899127 1760899212 - NODATA", - "ingestionTime": 1760899241060, - "eventId": "39269362751542015974825040303882188022904222112626704384" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899154000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899154 1760899233 - NODATA", - "ingestionTime": 1760899251092, - "eventId": "39269363353662136335151865137474306632162095644831449088" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899154000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899154 1760899237 - NODATA", - "ingestionTime": 1760899265367, - "eventId": "39269363353662136335151865154731662239795841721343803392" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899181000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899181 1760899266 - NODATA", - "ingestionTime": 1760899288254, - "eventId": "39269363955782256695478690003864747195775111898944765952" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899184000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899184 1760899260 - NODATA", - "ingestionTime": 1760899279934, - "eventId": "39269364022684492291070559418413938563523123583808634880" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899191000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899191 1760899257 - NODATA", - "ingestionTime": 1760899310499, - "eventId": "39269364178789708680784921446114574291045297137749393408" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899193000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899193 1760899271 - NODATA", - "ingestionTime": 1760899300873, - "eventId": "39269364223391199077846167717549072416822564465518444544" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899203000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899203 1760899284 - NODATA", - "ingestionTime": 1760899308384, - "eventId": "39269364446398651063152399141986190306426909080998117376" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899213000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899213 1760899293 - NODATA", - "ingestionTime": 1760899313680, - "eventId": "39269364669406103048458630563745762218163735798362669056" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899215000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899215 1760899297 - NODATA", - "ingestionTime": 1760899323453, - "eventId": "39269364714007593445519876858632206622956850636010291200" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899231000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899231 1760899308 - NODATA", - "ingestionTime": 1760899331321, - "eventId": "39269365070819516622009847132715303195827357368140234752" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899245000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899245 1760899320 - NODATA", - "ingestionTime": 1760899339052, - "eventId": "39269365383029949401438571123561746374130011920953245696" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899246000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899246 1760899325 - NODATA", - "ingestionTime": 1760899350892, - "eventId": "39269365405330694599969194279411208772642910370836054016" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899246000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899246 1760899316 - NODATA", - "ingestionTime": 1760899371391, - "eventId": "39269365405330694599969194304192910118520948369194024960" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899248000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899248 1760899335 - NODATA", - "ingestionTime": 1760899363230, - "eventId": "39269365449932184997030440577398219863041560501072035840" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899264000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899264 1760899344 - NODATA", - "ingestionTime": 1760899368928, - "eventId": "39269365806744108173520410848858081852441394865298800640" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899273000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899273 1760899356 - NODATA", - "ingestionTime": 1760899385617, - "eventId": "39269366007450814960296019142855830900426629503072272384" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899275000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899275 1760899352 - NODATA", - "ingestionTime": 1760899371464, - "eventId": "39269366052052305357357265408817078540645514115318808576" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899291000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899291 1760899367 - NODATA", - "ingestionTime": 1760899390402, - "eventId": "39269366408864228533847235696283450762548894208316080128" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899303000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899303 1760899380 - NODATA", - "ingestionTime": 1760899399395, - "eventId": "39269366676473170916214713405583375986398277744453156864" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899307000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899307 1760899384 - NODATA", - "ingestionTime": 1760899410029, - "eventId": "39269366765676151710337205984582080515597986510266630144" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899310000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899310 1760899379 - NODATA", - "ingestionTime": 1760899433219, - "eventId": "39269366832578387305929075437224527699752125344533053440" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899314000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899314 1760899394 - NODATA", - "ingestionTime": 1760899418894, - "eventId": "39269366921781368100051567986049717306332660931861872640" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899322000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899322 1760899403 - NODATA", - "ingestionTime": 1760899428250, - "eventId": "39269367100187329688296553129645846721084489476922867712" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899335000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899335 1760899412 - NODATA", - "ingestionTime": 1760899433229, - "eventId": "39269367390097017269194653975629748732390472004675108864" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899335000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899335 1760899418 - NODATA", - "ingestionTime": 1760899444045, - "eventId": "39269367390097017269194653988704937156474046665124282368" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899351000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899351 1760899426 - NODATA", - "ingestionTime": 1760899450863, - "eventId": "39269367746908940445684624261519183700000033952722321408" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899363000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899363 1760899441 - NODATA", - "ingestionTime": 1760899461247, - "eventId": "39269368014517882828052101972501331045545810129543692288" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899364000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899364 1760899446 - NODATA", - "ingestionTime": 1760899468555, - "eventId": "39269368036818628026582725122871818569149878791262961664" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899367000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899367 1760899437 - NODATA", - "ingestionTime": 1760899492360, - "eventId": "39269368103720863622174594576257299469602032595912818688" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899371000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899371 1760899451 - NODATA", - "ingestionTime": 1760899479465, - "eventId": "39269368192923844416297087126810934162937552827837972480" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899383000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899383 1760899467 - NODATA", - "ingestionTime": 1760899490099, - "eventId": "39269368460532786798664564838095442697030093502723784704" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899394000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899394 1760899478 - NODATA", - "ingestionTime": 1760899502794, - "eventId": "39269368705840983982501419410335527383627721259566039040" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899399000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899399 1760899475 - NODATA", - "ingestionTime": 1760899493057, - "eventId": "39269368817344709975154535106242973873413473154290745344" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899409000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899409 1760899488 - NODATA", - "ingestionTime": 1760899515333, - "eventId": "39269369040352161960460766548530326175156119273020653568" - } - ] - }, - "tags": [] - } - }, - "group": { - "name": "cloudwatch" - }, - "labels": [], - "name": "/aws/vpc-flow-log/vpc-007d791b9b857543e", - "type": "Other", - "uid": "arn:aws:logs:eu-west-1:211203495394:log-group:/aws/vpc-flow-log/vpc-007d791b9b857543e:*" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Ensure that CloudWatch Log Groups are not publicly accessible. Review and remove any resource policies that allow public access (Principal: '*') to log groups.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/iam-access-control-overview-cwl.html" - ] - }, - "risk_details": "Publicly accessible CloudWatch Log Groups can expose sensitive information, leading to data breaches or unauthorized access. It is important to ensure that log groups are only accessible by trusted entities.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Log Group /aws/rds/cluster/ex-rds/postgresql has less than 365 days retention period (7 days).", - "metadata": { - "event_code": "cloudwatch_log_group_retention_policy_specific_days_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Log Group /aws/rds/cluster/ex-rds/postgresql has less than 365 days retention period (7 days).", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/AWS_Logs.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_3_1", - "3_6_1", - "3_6_2" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_4" - ], - "HIPAA": [ - "164_312_b" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_c_1_2" - ], - "C5-2025": [ - "AM-01.01AC", - "OPS-11.02AC", - "OPS-14.01B", - "OPS-14.02B", - "OPS-26.05B", - "OPS-26.01AS", - "PI-03.02B", - "PSS-04.01B" - ], - "FedRamp-Moderate-Revision-4": [ - "au-6-1-3", - "au-11", - "si-12" - ], - "NIST-800-53-Revision-5": [ - "ac_16_b", - "au_6_3", - "au_6_4", - "au_6_6", - "au_6_9", - "au_10", - "au_11", - "au_11_1", - "au_12_1", - "au_12_2", - "au_12_3", - "au_14_a", - "au_14_b", - "ca_7_b", - "pm_14_a_1", - "pm_14_b", - "pm_21_b", - "pm_31", - "sc_28_2", - "si_4_17", - "si_12" - ], - "ENS-RD2022": [ - "op.exp.8.r3.aws.cw.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "PCI-4.0": [ - "10.5.1.4", - "3.2.1.3", - "3.3.1.1.3", - "3.3.1.3.3", - "3.3.2.3", - "3.3.3.3", - "5.3.4.11" - ], - "FedRAMP-Low-Revision-4": [ - "au-11" - ], - "FFIEC": [ - "d2-ma-ma-b-1" - ], - "PCI-3.2.1": [ - "10.1", - "10.7", - "10.7.b", - "10.7.c" - ], - "CCC": [ - "CCC.Logging.CN02.AR01", - "CCC.Logging.CN02.AR02" - ], - "GxP-21-CFR-Part-11": [ - "11.10-c", - "11.10-e" - ], - "ProwlerThreatScore-1.0": [ - "3.2.2" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC03-BP06" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "NIST-800-53-Revision-4": [ - "au_11", - "si_12" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "NIS2": [ - "1.1.1.h", - "3.2.3.c", - "3.2.5", - "4.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Check if CloudWatch Log Groups have a retention policy of specific days.", - "title": "Check if CloudWatch Log Groups have a retention policy of specific days.", - "types": [ - "Data Retention" - ], - "uid": "prowler-aws-cloudwatch_log_group_retention_policy_specific_days_enabled-211203495394-eu-west-1-/aws/rds/cluster/ex-rds/postgresql" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:logs:eu-west-1:211203495394:log-group:/aws/rds/cluster/ex-rds/postgresql:*", - "name": "/aws/rds/cluster/ex-rds/postgresql", - "retention_days": 7, - "never_expire": false, - "kms_id": null, - "region": "eu-west-1", - "log_streams": {}, - "tags": [] - } - }, - "group": { - "name": "cloudwatch" - }, - "labels": [], - "name": "/aws/rds/cluster/ex-rds/postgresql", - "type": "AwsLogsLogGroup", - "uid": "arn:aws:logs:eu-west-1:211203495394:log-group:/aws/rds/cluster/ex-rds/postgresql:*" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Add Log Retention policy of specific days to log groups. This will persist logs and traces for a long time.", - "references": [ - "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/AWS_Logs.html" - ] - }, - "risk_details": "If log groups have a low retention policy of less than specific days, crucial logs and data can be lost.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Log Group /aws/vpc-flow-log/vpc-007d791b9b857543e comply with 365 days retention period since it never expires.", - "metadata": { - "event_code": "cloudwatch_log_group_retention_policy_specific_days_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Log Group /aws/vpc-flow-log/vpc-007d791b9b857543e comply with 365 days retention period since it never expires.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/AWS_Logs.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_3_1", - "3_6_1", - "3_6_2" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_4" - ], - "HIPAA": [ - "164_312_b" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_c_1_2" - ], - "C5-2025": [ - "AM-01.01AC", - "OPS-11.02AC", - "OPS-14.01B", - "OPS-14.02B", - "OPS-26.05B", - "OPS-26.01AS", - "PI-03.02B", - "PSS-04.01B" - ], - "FedRamp-Moderate-Revision-4": [ - "au-6-1-3", - "au-11", - "si-12" - ], - "NIST-800-53-Revision-5": [ - "ac_16_b", - "au_6_3", - "au_6_4", - "au_6_6", - "au_6_9", - "au_10", - "au_11", - "au_11_1", - "au_12_1", - "au_12_2", - "au_12_3", - "au_14_a", - "au_14_b", - "ca_7_b", - "pm_14_a_1", - "pm_14_b", - "pm_21_b", - "pm_31", - "sc_28_2", - "si_4_17", - "si_12" - ], - "ENS-RD2022": [ - "op.exp.8.r3.aws.cw.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "PCI-4.0": [ - "10.5.1.4", - "3.2.1.3", - "3.3.1.1.3", - "3.3.1.3.3", - "3.3.2.3", - "3.3.3.3", - "5.3.4.11" - ], - "FedRAMP-Low-Revision-4": [ - "au-11" - ], - "FFIEC": [ - "d2-ma-ma-b-1" - ], - "PCI-3.2.1": [ - "10.1", - "10.7", - "10.7.b", - "10.7.c" - ], - "CCC": [ - "CCC.Logging.CN02.AR01", - "CCC.Logging.CN02.AR02" - ], - "GxP-21-CFR-Part-11": [ - "11.10-c", - "11.10-e" - ], - "ProwlerThreatScore-1.0": [ - "3.2.2" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC03-BP06" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "NIST-800-53-Revision-4": [ - "au_11", - "si_12" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "NIS2": [ - "1.1.1.h", - "3.2.3.c", - "3.2.5", - "4.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Check if CloudWatch Log Groups have a retention policy of specific days.", - "title": "Check if CloudWatch Log Groups have a retention policy of specific days.", - "types": [ - "Data Retention" - ], - "uid": "prowler-aws-cloudwatch_log_group_retention_policy_specific_days_enabled-211203495394-eu-west-1-/aws/vpc-flow-log/vpc-007d791b9b857543e" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:logs:eu-west-1:211203495394:log-group:/aws/vpc-flow-log/vpc-007d791b9b857543e:*", - "name": "/aws/vpc-flow-log/vpc-007d791b9b857543e", - "retention_days": 9999, - "never_expire": true, - "kms_id": null, - "region": "eu-west-1", - "log_streams": { - "eni-0cd4fcd4819d5a0b7-all": [ - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899031000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899031 1760899115 - NODATA", - "ingestionTime": 1760899139926, - "eventId": "39269360610670476915885218594189694963071457059547512832" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899046000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899046 1760899127 - NODATA", - "ingestionTime": 1760899149250, - "eventId": "39269360945181654893844565728497413038571606956274024448" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899064000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899064 1760899142 - NODATA", - "ingestionTime": 1760899171015, - "eventId": "39269361346595068467395782302452507265231831869047177216" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899065000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899065 1760899140 - NODATA", - "ingestionTime": 1760899161481, - "eventId": "39269361368895813665926405432462355128969412946093211648" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899074000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899074 1760899154 - NODATA", - "ingestionTime": 1760899180685, - "eventId": "39269361569602520452702013729500161457508911822151876608" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899087000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899087 1760899164 - NODATA", - "ingestionTime": 1760899188926, - "eventId": "39269361859512208033600114579426962274716549575521730560" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899093000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899093 1760899177 - NODATA", - "ingestionTime": 1760899202942, - "eventId": "39269361993316679224783853445585976414341769780327874560" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899096000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899096 1760899173 - NODATA", - "ingestionTime": 1760899189534, - "eventId": "39269362060218914820375722853983829530393030289362518016" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899107000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899107 1760899183 - NODATA", - "ingestionTime": 1760899208282, - "eventId": "39269362305527112004212577433541251354104638611981205504" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899120000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899120 1760899194 - NODATA", - "ingestionTime": 1760899249444, - "eventId": "39269362595436799585110678323267367353868490709992013824" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899124000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899124 1760899204 - NODATA", - "ingestionTime": 1760899231189, - "eventId": "39269362684639780379233170867341403349163730796893896704" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899145000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899145 1760899226 - NODATA", - "ingestionTime": 1760899248783, - "eventId": "39269363152955429548376256860861233320174442224344956928" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899153000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899153 1760899239 - NODATA", - "ingestionTime": 1760899262856, - "eventId": "39269363331361391136621242010160382151535307798841524224" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899156000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899156 1760899233 - NODATA", - "ingestionTime": 1760899251214, - "eventId": "39269363398263626732213111420693427286550341112125521920" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899167000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899167 1760899245 - NODATA", - "ingestionTime": 1760899267593, - "eventId": "39269363643571823916049965997386872465211874059378688000" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899181000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899181 1760899254 - NODATA", - "ingestionTime": 1760899309470, - "eventId": "39269363955782256695478690029513573287107439005186064384" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899184000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899184 1760899260 - NODATA", - "ingestionTime": 1760899280418, - "eventId": "39269364022684492291070559418998784362727835457823440896" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899187000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899187 1760899266 - NODATA", - "ingestionTime": 1760899289733, - "eventId": "39269364089586727886662428854866949624521773410794864640" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899194000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899194 1760899275 - NODATA", - "ingestionTime": 1760899299733, - "eventId": "39269364245691944276376790857706543416476686971921301504" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899204000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899204 1760899286 - NODATA", - "ingestionTime": 1760899309875, - "eventId": "39269364468699396261683022285324313923175968945211310080" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899213000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899213 1760899293 - NODATA", - "ingestionTime": 1760899319552, - "eventId": "39269364669406103048458630570844658358774455533122027520" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899215000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899215 1760899293 - NODATA", - "ingestionTime": 1760899311165, - "eventId": "39269364714007593445519876843776711888539935711792070656" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899227000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899227 1760899304 - NODATA", - "ingestionTime": 1760899327528, - "eventId": "39269364981616535827887354561987052343875666657387479040" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899241000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899241 1760899314 - NODATA", - "ingestionTime": 1760899369674, - "eventId": "39269365293826968607316078594438607167353915397586354176" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899245000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899245 1760899321 - NODATA", - "ingestionTime": 1760899340795, - "eventId": "39269365383029949401438571125668891064507806525688119296" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899247000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899247 1760899325 - NODATA", - "ingestionTime": 1760899349747, - "eventId": "39269365427631439798499817419562686664009994535042416640" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899248000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899248 1760899335 - NODATA", - "ingestionTime": 1760899361737, - "eventId": "39269365449932184997030440575593663755083845328799662080" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899263000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899263 1760899343 - NODATA", - "ingestionTime": 1760899367618, - "eventId": "39269365784443362974989787705738802661146729846819127296" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899271000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899271 1760899355 - NODATA", - "ingestionTime": 1760899379484, - "eventId": "39269365962849324563234772852369513371529050589700489216" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899276000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899276 1760899352 - NODATA", - "ingestionTime": 1760899371708, - "eventId": "39269366074353050555887888550647785025367173779549388800" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899287000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899287 1760899364 - NODATA", - "ingestionTime": 1760899389077, - "eventId": "39269366319661247739724743128538737171054749321939386368" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899303000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899303 1760899375 - NODATA", - "ingestionTime": 1760899431081, - "eventId": "39269366676473170916214713443889494423911819403013455872" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899305000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899305 1760899381 - NODATA", - "ingestionTime": 1760899400414, - "eventId": "39269366721074661313275959689886924638672932144373039104" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899307000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899307 1760899386 - NODATA", - "ingestionTime": 1760899408511, - "eventId": "39269366765676151710337205982746961466829488763300806656" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899314000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899314 1760899394 - NODATA", - "ingestionTime": 1760899420747, - "eventId": "39269366921781368100051567988289637575888457293160448000" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899322000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899322 1760899403 - NODATA", - "ingestionTime": 1760899428007, - "eventId": "39269367100187329688296553129352064058383779008465076224" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899334000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899334 1760899412 - NODATA", - "ingestionTime": 1760899429660, - "eventId": "39269367367796272070664030829778877118210560333827080192" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899336000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899336 1760899417 - NODATA", - "ingestionTime": 1760899442053, - "eventId": "39269367412397762467725277127832967444140093911955144704" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899349000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899349 1760899424 - NODATA", - "ingestionTime": 1760899449340, - "eventId": "39269367702307450048623377976606737167794200106263445504" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899361000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899361 1760899432 - NODATA", - "ingestionTime": 1760899491027, - "eventId": "39269367969916392430990855725431353246427732075437621248" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899363000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899363 1760899441 - NODATA", - "ingestionTime": 1760899460257, - "eventId": "39269368014517882828052101971304249414101267847896170496" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899365000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899365 1760899446 - NODATA", - "ingestionTime": 1760899468665, - "eventId": "39269368059119373225113348264540584396392034426105430016" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899375000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899375 1760899455 - NODATA", - "ingestionTime": 1760899481555, - "eventId": "39269368282126825210419579695480504500212685656322080768" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899383000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899383 1760899467 - NODATA", - "ingestionTime": 1760899487567, - "eventId": "39269368460532786798664564835034776331022815284839055360" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899393000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899393 1760899476 - NODATA", - "ingestionTime": 1760899500793, - "eventId": "39269368683540238783970796266381102896276266334347132928" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899398000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899398 1760899475 - NODATA", - "ingestionTime": 1760899489169, - "eventId": "39269368795043964776623911960006811116316914335348031488" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899409000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899409 1760899487 - NODATA", - "ingestionTime": 1760899507600, - "eventId": "39269369040352161960460766539181708866508225546449846272" - } - ], - "eni-0eee78be32276dc65-all": [ - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899032000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899032 1760899109 - NODATA", - "ingestionTime": 1760899134945, - "eventId": "39269360632971222114415841729703527226207967234779774976" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899043000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899043 1760899120 - NODATA", - "ingestionTime": 1760899144884, - "eventId": "39269360878279419298252696298611781813145246086503727104" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899052000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899052 1760899132 - NODATA", - "ingestionTime": 1760899154887, - "eventId": "39269361078986126085028304584526361316447343074608021504" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899063000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899063 1760899141 - NODATA", - "ingestionTime": 1760899164127, - "eventId": "39269361324294323268865159152589586655311491293203202048" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899066000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899066 1760899146 - NODATA", - "ingestionTime": 1760899173383, - "eventId": "39269361391196558864457028588387002206051139308865585152" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899070000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899070 1760899140 - NODATA", - "ingestionTime": 1760899156170, - "eventId": "39269361480399539658579521133720174781408048766989828096" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899074000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899074 1760899155 - NODATA", - "ingestionTime": 1760899186448, - "eventId": "39269361569602520452702013736466909309389429082721353728" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899096000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899096 1760899175 - NODATA", - "ingestionTime": 1760899197470, - "eventId": "39269362060218914820375722863577669461616015304736112640" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899107000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899107 1760899182 - NODATA", - "ingestionTime": 1760899205402, - "eventId": "39269362305527112004212577430059792118031670795614355456" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899124000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899124 1760899200 - NODATA", - "ingestionTime": 1760899224570, - "eventId": "39269362684639780379233170859339700182272340779870912512" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899127000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899127 1760899206 - NODATA", - "ingestionTime": 1760899231868, - "eventId": "39269362751542015974825040292769706477577608203599740928" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899130000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899130 1760899200 - NODATA", - "ingestionTime": 1760899216262, - "eventId": "39269362818444251570416909698510075089137464840133804032" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899133000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899133 1760899215 - NODATA", - "ingestionTime": 1760899246210, - "eventId": "39269362885346487166008779159322407412871585528894324736" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899153000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899153 1760899230 - NODATA", - "ingestionTime": 1760899251400, - "eventId": "39269363331361391136621241996311121221405119004043444224" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899157000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899157 1760899235 - NODATA", - "ingestionTime": 1760899258021, - "eventId": "39269363420564371930743734570458344598590417900065914880" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899167000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899167 1760899242 - NODATA", - "ingestionTime": 1760899266548, - "eventId": "39269363643571823916049965996123562950678726130113904640" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899174000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899174 1760899250 - NODATA", - "ingestionTime": 1760899275556, - "eventId": "39269363799677040305764327997764003167285750075715420160" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899183000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899183 1760899262 - NODATA", - "ingestionTime": 1760899284289, - "eventId": "39269364000383747092539936282143032915656252264968749056" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899187000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899187 1760899266 - NODATA", - "ingestionTime": 1760899291413, - "eventId": "39269364089586727886662428856898380600297619606114140160" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899190000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899190 1760899260 - NODATA", - "ingestionTime": 1760899276225, - "eventId": "39269364156488963482254298263144306458468370593886044160" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899193000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899193 1760899277 - NODATA", - "ingestionTime": 1760899303806, - "eventId": "39269364223391199077846167721094564420197117221625790464" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899196000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899196 1760899260 - NODATA", - "ingestionTime": 1760899334586, - "eventId": "39269364290293434673438037182912416456716008702408523776" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899213000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899213 1760899289 - NODATA", - "ingestionTime": 1760899311121, - "eventId": "39269364669406103048458630560652132630159455450075103232" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899216000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899216 1760899295 - NODATA", - "ingestionTime": 1760899318499, - "eventId": "39269364736308338644050499994179034332937535505210343424" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899227000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899227 1760899305 - NODATA", - "ingestionTime": 1760899326390, - "eventId": "39269364981616535827887354560611681081931410087592263680" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899232 1760899310 - NODATA", - "ingestionTime": 1760899336203, - "eventId": "39269365093120261820540470280153350599481452527376269312" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899243000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899243 1760899323 - NODATA", - "ingestionTime": 1760899343742, - "eventId": "39269365338428459004377324846160248388421245006660304896" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899249000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899249 1760899320 - NODATA", - "ingestionTime": 1760899336117, - "eventId": "39269365472232930195561063686156260435021330376417148928" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899249000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899249 1760899327 - NODATA", - "ingestionTime": 1760899352321, - "eventId": "39269365472232930195561063705745793873400791408967090176" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899251000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899251 1760899336 - NODATA", - "ingestionTime": 1760899367212, - "eventId": "39269365516834420592622310006819254946281577326604779520" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899274000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899274 1760899353 - NODATA", - "ingestionTime": 1760899373962, - "eventId": "39269366029751560158826642270301412512888178252004589568" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899274000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899274 1760899355 - NODATA", - "ingestionTime": 1760899379402, - "eventId": "39269366029751560158826642276877930662977506319400042496" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899284000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899284 1760899362 - NODATA", - "ingestionTime": 1760899386982, - "eventId": "39269366252759012144132873701398387328881161898128637952" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899294000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899294 1760899372 - NODATA", - "ingestionTime": 1760899394477, - "eventId": "39269366475766464129439105125816695702172340211787300864" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899303000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899303 1760899383 - NODATA", - "ingestionTime": 1760899405478, - "eventId": "39269366676473170916214713412937602135678394228114522112" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899308000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899308 1760899386 - NODATA", - "ingestionTime": 1760899413706, - "eventId": "39269366787976896908867829130563046940109806326346612736" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899310000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899310 1760899380 - NODATA", - "ingestionTime": 1760899397821, - "eventId": "39269366832578387305929075394430702698688020571642724352" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899314000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899314 1760899397 - NODATA", - "ingestionTime": 1760899425864, - "eventId": "39269366921781368100051567994475576217536599340043665408" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899334000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899334 1760899415 - NODATA", - "ingestionTime": 1760899441656, - "eventId": "39269367367796272070664030844281469904033722035045597184" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899335000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899335 1760899410 - NODATA", - "ingestionTime": 1760899430876, - "eventId": "39269367390097017269194653972784979191565215734678749184" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899347000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899347 1760899423 - NODATA", - "ingestionTime": 1760899447684, - "eventId": "39269367657705959651562131691532913759489711811767500800" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899354000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899354 1760899432 - NODATA", - "ingestionTime": 1760899456589, - "eventId": "39269367813811176041276493693048475725746690637326057472" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899363000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899363 1760899442 - NODATA", - "ingestionTime": 1760899463202, - "eventId": "39269368014517882828052101974864753397017949679660957696" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899367000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899367 1760899446 - NODATA", - "ingestionTime": 1760899472723, - "eventId": "39269368103720863622174594552517552425934392550237077504" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899371000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899371 1760899440 - NODATA", - "ingestionTime": 1760899455859, - "eventId": "39269368192923844416297087098273510881125605169948065792" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899375000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899375 1760899457 - NODATA", - "ingestionTime": 1760899487495, - "eventId": "39269368282126825210419579702662044707283407383455531008" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899392000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899392 1760899469 - NODATA", - "ingestionTime": 1760899490579, - "eventId": "39269368661239493585440173112497448504418584276237156352" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899394000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899394 1760899475 - NODATA", - "ingestionTime": 1760899499905, - "eventId": "39269368705840983982501419406842983598809204891447328768" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899404000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899404 1760899481 - NODATA", - "ingestionTime": 1760899505766, - "eventId": "39269368928848435967807650829285727947167171314158731264" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899410000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899410 1760899487 - NODATA", - "ingestionTime": 1760899518280, - "eventId": "39269369062652907158991389693628934917572999196216262656" - } - ], - "eni-0c1065c914ddc0b88-all": [ - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899033000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899033 1760899111 - NODATA", - "ingestionTime": 1760899131705, - "eventId": "39269360655271967312946464867322652502059743183076327424" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899040000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899040 1760899118 - NODATA", - "ingestionTime": 1760899137950, - "eventId": "39269360811377183702660826865622290103622366602256842752" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899046000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899046 1760899124 - NODATA", - "ingestionTime": 1760899144556, - "eventId": "39269360945181654893844565722822361767392100902754582528" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899056000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899056 1760899132 - NODATA", - "ingestionTime": 1760899177328, - "eventId": "39269361168189106879150797177798657782901584726127869952" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899063000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899063 1760899143 - NODATA", - "ingestionTime": 1760899169949, - "eventId": "39269361324294323268865159159627891617325295385041436672" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899064000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899064 1760899140 - NODATA", - "ingestionTime": 1760899159431, - "eventId": "39269361346595068467395782288448135197190114468420583424" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899074000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899074 1760899156 - NODATA", - "ingestionTime": 1760899175275, - "eventId": "39269361569602520452702013722959486324680047180535889920" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899083000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899083 1760899166 - NODATA", - "ingestionTime": 1760899185928, - "eventId": "39269361770309227239477622009659656615414527865242583040" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899092000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899092 1760899165 - NODATA", - "ingestionTime": 1760899176075, - "eventId": "39269361971015934026253230271570081934998595329796538368" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899096000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899096 1760899172 - NODATA", - "ingestionTime": 1760899192224, - "eventId": "39269362060218914820375722857235374222277287158040035328" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899098000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899098 1760899176 - NODATA", - "ingestionTime": 1760899199417, - "eventId": "39269362104820405217436969149003084469614423673101156352" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899104000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899104 1760899183 - NODATA", - "ingestionTime": 1760899206138, - "eventId": "39269362238624876408620708006342405502528195376838868992" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899120000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899120 1760899191 - NODATA", - "ingestionTime": 1760899236584, - "eventId": "39269362595436799585110678307720767915257233185726332928" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899125000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899125 1760899200 - NODATA", - "ingestionTime": 1760899220918, - "eventId": "39269362706940525577763793996460255943460832392201109504" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899128000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899128 1760899204 - NODATA", - "ingestionTime": 1760899231844, - "eventId": "39269362773842761173355663434276318502510064397876527104" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899135000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899135 1760899213 - NODATA", - "ingestionTime": 1760899237314, - "eventId": "39269362929947977563070025431638968432093462264361123840" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899141000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899141 1760899224 - NODATA", - "ingestionTime": 1760899246469, - "eventId": "39269363063752448754253764291921197519833887840925450240" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899153000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899153 1760899221 - NODATA", - "ingestionTime": 1760899236692, - "eventId": "39269363331361391136621241978529841373228806547492372480" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899156000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899156 1760899232 - NODATA", - "ingestionTime": 1760899254316, - "eventId": "39269363398263626732213111424443243766834742078299963392" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899158000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899158 1760899236 - NODATA", - "ingestionTime": 1760899261035, - "eventId": "39269363442865117129274357715637800582458712370902073344" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899178000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899178 1760899252 - NODATA", - "ingestionTime": 1760899297290, - "eventId": "39269363888880021099886820590181698295679974565315739648" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899182000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899182 1760899260 - NODATA", - "ingestionTime": 1760899280382, - "eventId": "39269363978083001894009313135883871550789736714335223808" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899187000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899187 1760899265 - NODATA", - "ingestionTime": 1760899292137, - "eventId": "39269364089586727886662428857773429136984229455763341312" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899195000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899195 1760899273 - NODATA", - "ingestionTime": 1760899296711, - "eventId": "39269364267992689474907413995588979756838792680283045888" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899203000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899203 1760899285 - NODATA", - "ingestionTime": 1760899308052, - "eventId": "39269364446398651063152399141585090918819749021377363968" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899212000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899212 1760899281 - NODATA", - "ingestionTime": 1760899298603, - "eventId": "39269364647105357849928007403983341063954283086051934208" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899215000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899215 1760899291 - NODATA", - "ingestionTime": 1760899314667, - "eventId": "39269364714007593445519876848010854729212200078675476480" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899218000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899218 1760899297 - NODATA", - "ingestionTime": 1760899318310, - "eventId": "39269364780909829041111746277021645179191239808600047616" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899226000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899226 1760899304 - NODATA", - "ingestionTime": 1760899326316, - "eventId": "39269364959315790629356731418986118130536925037518389248" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899237000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899237 1760899311 - NODATA", - "ingestionTime": 1760899357590, - "eventId": "39269365204623987813193586013687306980555969919094620160" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899245000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899245 1760899320 - NODATA", - "ingestionTime": 1760899339320, - "eventId": "39269365383029949401438571123885830990629396754181455872" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899246000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899246 1760899324 - NODATA", - "ingestionTime": 1760899349453, - "eventId": "39269365405330694599969194277671333444670725721594920960" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899253000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899253 1760899332 - NODATA", - "ingestionTime": 1760899355965, - "eventId": "39269365561435910989683556276294226634700045831045709824" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899260000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899260 1760899342 - NODATA", - "ingestionTime": 1760899367285, - "eventId": "39269365717541127379397918280729457563060667479143677952" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899271000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899271 1760899340 - NODATA", - "ingestionTime": 1760899358012, - "eventId": "39269365962849324563234772826411456326433139600299589632" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899277000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899277 1760899358 - NODATA", - "ingestionTime": 1760899379932, - "eventId": "39269366096653795754418511702125555646941690228634025984" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899280000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899280 1760899354 - NODATA", - "ingestionTime": 1760899373791, - "eventId": "39269366163556031350010381119308943134728694973349036032" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899287000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899287 1760899365 - NODATA", - "ingestionTime": 1760899387122, - "eventId": "39269366319661247739724743126174945862220594307798401024" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899296000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899296 1760899370 - NODATA", - "ingestionTime": 1760899417363, - "eventId": "39269366520367954526500351436555808711909606142480023552" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899303000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899303 1760899380 - NODATA", - "ingestionTime": 1760899401909, - "eventId": "39269366676473170916214713408623065001550703702154543104" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899307000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899307 1760899383 - NODATA", - "ingestionTime": 1760899409238, - "eventId": "39269366765676151710337205983626119966033254102925901824" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899314000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899314 1760899394 - NODATA", - "ingestionTime": 1760899415337, - "eventId": "39269366921781368100051567981749449595694558573866647552" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899324000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899324 1760899407 - NODATA", - "ingestionTime": 1760899426496, - "eventId": "39269367144788820085357799410596776768436318073229869056" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899330000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899330 1760899401 - NODATA", - "ingestionTime": 1760899416680, - "eventId": "39269367278593291276541538247944144611040782249052209152" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899332000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899332 1760899411 - NODATA", - "ingestionTime": 1760899433019, - "eventId": "39269367323194781673602784550768585739390411542126460928" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899336000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899336 1760899417 - NODATA", - "ingestionTime": 1760899441788, - "eventId": "39269367412397762467725277127512237825223402116720689152" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899346000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899346 1760899426 - NODATA", - "ingestionTime": 1760899445148, - "eventId": "39269367635405214453031508546931419772956448249760251904" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899359000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899359 1760899432 - NODATA", - "ingestionTime": 1760899476491, - "eventId": "39269367925314902033929609424786991761781626531123036160" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899362000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899362 1760899441 - NODATA", - "ingestionTime": 1760899460671, - "eventId": "39269367992217137629521478830269449240112434646753738752" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899366000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899366 1760899443 - NODATA", - "ingestionTime": 1760899468688, - "eventId": "39269368081420118423643971406103859309591387589274501120" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899376000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899376 1760899453 - NODATA", - "ingestionTime": 1760899476785, - "eventId": "39269368304427570408950202831249919970625624526780694528" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899384000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899384 1760899466 - NODATA", - "ingestionTime": 1760899488248, - "eventId": "39269368482833531997195187977393757885480410767471214592" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899393000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899393 1760899463 - NODATA", - "ingestionTime": 1760899476616, - "eventId": "39269368683540238783970796237152821956634466018501394432" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899396000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899396 1760899472 - NODATA", - "ingestionTime": 1760899492814, - "eventId": "39269368750442474379562665681342390226297253743843213312" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899398000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899398 1760899476 - NODATA", - "ingestionTime": 1760899499578, - "eventId": "39269368795043964776623911972590426561877822674179457024" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899404000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899404 1760899483 - NODATA", - "ingestionTime": 1760899507248, - "eventId": "39269368928848435967807650831077445246919319457277739008" - } - ], - "eni-0b032bdd6415e28d2-all": [ - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899035000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899035 1760899113 - NODATA", - "ingestionTime": 1760899133136, - "eventId": "39269360699873457710007711152123610062180414944395264000" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899038000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899038 1760899114 - NODATA", - "ingestionTime": 1760899141191, - "eventId": "39269360766775693305599580586468728036916112958741348352" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899050000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899050 1760899123 - NODATA", - "ingestionTime": 1760899146046, - "eventId": "39269361034384635687967058290766595601835303791956525056" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899058000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899058 1760899131 - NODATA", - "ingestionTime": 1760899159863, - "eventId": "39269361212790597276212043439756002440073202307487825920" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899063000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899063 1760899141 - NODATA", - "ingestionTime": 1760899167762, - "eventId": "39269361324294323268865159156984140043621645568457375744" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899068000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899068 1760899140 - NODATA", - "ingestionTime": 1760899157657, - "eventId": "39269361435798049261518274852446799470266395671291756544" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899068000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899068 1760899151 - NODATA", - "ingestionTime": 1760899175983, - "eventId": "39269361435798049261518274874601161818209012954061209600" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899095000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899095 1760899173 - NODATA", - "ingestionTime": 1760899195345, - "eventId": "39269362037918169621845099719473117068327781693816504320" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899098000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899098 1760899177 - NODATA", - "ingestionTime": 1760899204131, - "eventId": "39269362104820405217436969154701463979111391750678577152" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899106000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899106 1760899186 - NODATA", - "ingestionTime": 1760899211311, - "eventId": "39269362283226366805681954295667591380534219155025690624" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899114000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899114 1760899186 - NODATA", - "ingestionTime": 1760899204393, - "eventId": "39269362461632328393926939419589915749741929816441094144" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899122000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899122 1760899203 - NODATA", - "ingestionTime": 1760899228656, - "eventId": "39269362640038289982171924581207850598435590163328860160" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899125000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899125 1760899194 - NODATA", - "ingestionTime": 1760899249065, - "eventId": "39269362706940525577763794030487974742181412238673444864" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899127000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899127 1760899200 - NODATA", - "ingestionTime": 1760899220738, - "eventId": "39269362751542015974825040279314179297414635168363315200" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899132000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899132 1760899213 - NODATA", - "ingestionTime": 1760899241591, - "eventId": "39269362863045741967478156012202532532736419493011783680" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899143000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899143 1760899223 - NODATA", - "ingestionTime": 1760899253281, - "eventId": "39269363108353939151315010583227663416625814834351243264" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899156000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899156 1760899234 - NODATA", - "ingestionTime": 1760899255488, - "eventId": "39269363398263626732213111425859902023189279008363118592" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899159000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899159 1760899237 - NODATA", - "ingestionTime": 1760899264361, - "eventId": "39269363465165862327804980861194073115574920556078891008" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899168000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899168 1760899246 - NODATA", - "ingestionTime": 1760899269260, - "eventId": "39269363665872569114580589140938428252512150847914049536" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899179000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899179 1760899253 - NODATA", - "ingestionTime": 1760899287510, - "eventId": "39269363911180766298417443719894074932119288698675789824" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899184000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899184 1760899263 - NODATA", - "ingestionTime": 1760899286796, - "eventId": "39269364022684492291070559426709282053852418506933469184" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899189000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899189 1760899260 - NODATA", - "ingestionTime": 1760899280283, - "eventId": "39269364134188218283723675126514426166813898814862065664" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899190000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899190 1760899270 - NODATA", - "ingestionTime": 1760899299057, - "eventId": "39269364156488963482254298290746226088810990608511533056" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899196000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899196 1760899280 - NODATA", - "ingestionTime": 1760899311828, - "eventId": "39269364290293434673438037155400062015818871861690368000" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899215000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899215 1760899294 - NODATA", - "ingestionTime": 1760899324767, - "eventId": "39269364714007593445519876860221022069360705824598065152" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899216000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899216 1760899291 - NODATA", - "ingestionTime": 1760899311774, - "eventId": "39269364736308338644050499986049101087749757179034533888" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899228000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899228 1760899305 - NODATA", - "ingestionTime": 1760899327496, - "eventId": "39269365003917281026417977703483983765827058252031524864" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899236000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899236 1760899313 - NODATA", - "ingestionTime": 1760899372153, - "eventId": "39269365182323242614662962889757246868346573266567036928" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899242000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899242 1760899322 - NODATA", - "ingestionTime": 1760899351210, - "eventId": "39269365316127713805846701713652516863299726898767265792" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899245000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899245 1760899316 - NODATA", - "ingestionTime": 1760899326734, - "eventId": "39269365383029949401438571108670116921054093554823528448" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899246000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899246 1760899320 - NODATA", - "ingestionTime": 1760899342709, - "eventId": "39269365405330694599969194269518376122630654525933879296" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899252000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899252 1760899335 - NODATA", - "ingestionTime": 1760899360418, - "eventId": "39269365539135165791152933140142033914622429515450417152" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899264000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899264 1760899343 - NODATA", - "ingestionTime": 1760899373218, - "eventId": "39269365806744108173520410854044313792513119479803084800" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899275000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899275 1760899355 - NODATA", - "ingestionTime": 1760899375908, - "eventId": "39269366052052305357357265414189441517385877666894970880" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899279000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899279 1760899352 - NODATA", - "ingestionTime": 1760899369219, - "eventId": "39269366141255286151479757972246010380988764276406026240" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899281000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899281 1760899359 - NODATA", - "ingestionTime": 1760899386093, - "eventId": "39269366185856776548541004275716839020567135377730371584" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899291000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899291 1760899368 - NODATA", - "ingestionTime": 1760899396136, - "eventId": "39269366408864228533847235703215102353670681361569349632" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899305000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899305 1760899382 - NODATA", - "ingestionTime": 1760899411018, - "eventId": "39269366721074661313275959702706255481084640795688894464" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899307000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899307 1760899380 - NODATA", - "ingestionTime": 1760899401309, - "eventId": "39269366765676151710337205974040218737002706934304473088" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899307000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899307 1760899377 - NODATA", - "ingestionTime": 1760899407058, - "eventId": "39269366765676151710337205980990486288538753834262528000" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899310000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899310 1760899393 - NODATA", - "ingestionTime": 1760899419461, - "eventId": "39269366832578387305929075420592256492361369792011894784" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899324000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899324 1760899404 - NODATA", - "ingestionTime": 1760899433640, - "eventId": "39269367144788820085357799419233581698511609406149165056" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899335000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899335 1760899412 - NODATA", - "ingestionTime": 1760899433908, - "eventId": "39269367390097017269194653976450088980403729997574832128" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899339000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899339 1760899418 - NODATA", - "ingestionTime": 1760899443512, - "eventId": "39269367479299998063317146554203490059711429749104771072" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899352000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899352 1760899428 - NODATA", - "ingestionTime": 1760899450328, - "eventId": "39269367769209685644215247402407859453740699287278387200" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899361000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899361 1760899433 - NODATA", - "ingestionTime": 1760899454519, - "eventId": "39269367969916392430990855681296183876299316157353951232" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899366000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899366 1760899444 - NODATA", - "ingestionTime": 1760899474591, - "eventId": "39269368081420118423643971413240484439095664219683618816" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899367000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899367 1760899442 - NODATA", - "ingestionTime": 1760899465925, - "eventId": "39269368103720863622174594544299428355023128143241412608" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899368000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899368 1760899453 - NODATA", - "ingestionTime": 1760899486443, - "eventId": "39269368126021608820705217710640157343359909657957302272" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899371000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899371 1760899440 - NODATA", - "ingestionTime": 1760899453355, - "eventId": "39269368192923844416297087095246106187430342297292636160" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899394000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899394 1760899469 - NODATA", - "ingestionTime": 1760899492226, - "eventId": "39269368705840983982501419397559717026373074890956865536" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899395000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899395 1760899474 - NODATA", - "ingestionTime": 1760899499679, - "eventId": "39269368728141729181032042548105768502328698924799033344" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899401000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899401 1760899480 - NODATA", - "ingestionTime": 1760899505761, - "eventId": "39269368861946200372215781404672778473133206005118402560" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899411000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899411 1760899487 - NODATA", - "ingestionTime": 1760899516510, - "eventId": "39269369084953652357522012833024672600503351423856934912" - } - ], - "eni-0412563bcfde47c07-all": [ - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899035000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899035 1760899115 - NODATA", - "ingestionTime": 1760899136495, - "eventId": "39269360699873457710007711156184720977592577186848636928" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899040000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899040 1760899119 - NODATA", - "ingestionTime": 1760899143305, - "eventId": "39269360811377183702660826872095664712709160858448297984" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899053000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899053 1760899129 - NODATA", - "ingestionTime": 1760899149871, - "eventId": "39269361101286871283558927719998164556081147111036944384" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899061000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899061 1760899143 - NODATA", - "ingestionTime": 1760899171229, - "eventId": "39269361279692832871803912878103970731973143505727586304" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899065000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899065 1760899134 - NODATA", - "ingestionTime": 1760899159080, - "eventId": "39269361368895813665926405429559601888144427773353132032" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899067000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899067 1760899140 - NODATA", - "ingestionTime": 1760899158188, - "eventId": "39269361413497304062987651711552518719516224710275825664" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899069000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899069 1760899153 - NODATA", - "ingestionTime": 1760899183464, - "eventId": "39269361458098794460048898025181141301956577880678137856" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899079000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899079 1760899147 - NODATA", - "ingestionTime": 1760899160601, - "eventId": "39269361681106246445355129412898811658073252175123316736" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899087000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899087 1760899166 - NODATA", - "ingestionTime": 1760899189376, - "eventId": "39269361859512208033600114579970893901776463807182798848" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899097000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899097 1760899176 - NODATA", - "ingestionTime": 1760899197279, - "eventId": "39269362082519660018906346004882537813687509194151165952" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899101000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899101 1760899179 - NODATA", - "ingestionTime": 1760899207385, - "eventId": "39269362171722640813028838583242579865759321101520076800" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899110000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899110 1760899188 - NODATA", - "ingestionTime": 1760899210660, - "eventId": "39269362372429347599804446861023392143998122008465309696" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899125000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899125 1760899194 - NODATA", - "ingestionTime": 1760899218812, - "eventId": "39269362706940525577763793993914106303142960102158041088" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899127000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899127 1760899203 - NODATA", - "ingestionTime": 1760899219418, - "eventId": "39269362751542015974825040277718476328369986825337700352" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899128000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899128 1760899200 - NODATA", - "ingestionTime": 1760899219120, - "eventId": "39269362773842761173355663418894165674178680573615538176" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899128000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899128 1760899205 - NODATA", - "ingestionTime": 1760899229665, - "eventId": "39269362773842761173355663431641781566952475279059255296" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899131000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899131 1760899216 - NODATA", - "ingestionTime": 1760899246092, - "eventId": "39269362840744996768947532876108041980772891761732091904" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899154000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899154 1760899229 - NODATA", - "ingestionTime": 1760899251163, - "eventId": "39269363353662136335151865137560078513468959389785718784" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899156000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899156 1760899234 - NODATA", - "ingestionTime": 1760899255712, - "eventId": "39269363398263626732213111426130916777394430857751101440" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899161000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899161 1760899240 - NODATA", - "ingestionTime": 1760899263829, - "eventId": "39269363509767352724866227143622613852783293494349135872" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899165000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899165 1760899246 - NODATA", - "ingestionTime": 1760899273641, - "eventId": "39269363598970333518988719721627354493523822240846249984" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899185000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899185 1760899255 - NODATA", - "ingestionTime": 1760899281581, - "eventId": "39269364044985237489601182561940566582802392043117805568" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899187000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899187 1760899274 - NODATA", - "ingestionTime": 1760899303013, - "eventId": "39269364089586727886662428870921814201369867240798355456" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899189000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899189 1760899265 - NODATA", - "ingestionTime": 1760899290113, - "eventId": "39269364134188218283723675138397685858692808796273704960" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899190000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899190 1760899260 - NODATA", - "ingestionTime": 1760899280671, - "eventId": "39269364156488963482254298268519062333023165200494231552" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899193000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899193 1760899263 - NODATA", - "ingestionTime": 1760899278795, - "eventId": "39269364223391199077846167690858269798831755613942710272" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899207000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899207 1760899286 - NODATA", - "ingestionTime": 1760899310638, - "eventId": "39269364535601631857274891710854073565882969999478882304" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899215000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899215 1760899292 - NODATA", - "ingestionTime": 1760899315726, - "eventId": "39269364714007593445519876849290783883655349661687152640" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899221000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899221 1760899301 - NODATA", - "ingestionTime": 1760899327482, - "eventId": "39269364847812064636703615712717370070625663115083776000" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899229000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899229 1760899308 - NODATA", - "ingestionTime": 1760899331997, - "eventId": "39269365026218026224948600850461253750180961257934094336" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899246000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899246 1760899320 - NODATA", - "ingestionTime": 1760899337920, - "eventId": "39269365405330694599969194263728842467517601889384857600" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899248000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899248 1760899316 - NODATA", - "ingestionTime": 1760899340670, - "eventId": "39269365449932184997030440550125147054714641578971234304" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899248000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899248 1760899326 - NODATA", - "ingestionTime": 1760899350749, - "eventId": "39269365449932184997030440562310038574271999808824475648" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899248000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899248 1760899334 - NODATA", - "ingestionTime": 1760899362257, - "eventId": "39269365449932184997030440576222135510589021884186427392" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899250000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899250 1760899322 - NODATA", - "ingestionTime": 1760899338788, - "eventId": "39269365494533675394091686830921152320352927561249128448" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899270000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899270 1760899347 - NODATA", - "ingestionTime": 1760899368708, - "eventId": "39269365940548579364704149697806783144105333794766585856" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899275000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899275 1760899355 - NODATA", - "ingestionTime": 1760899377918, - "eventId": "39269366052052305357357265416619650568836686043098578944" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899282000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899282 1760899359 - NODATA", - "ingestionTime": 1760899382772, - "eventId": "39269366208157521747071627413237592563353248892668477440" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899289000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899289 1760899368 - NODATA", - "ingestionTime": 1760899393097, - "eventId": "39269366364262738136785989416469683496947752941870645248" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899306000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899306 1760899383 - NODATA", - "ingestionTime": 1760899410529, - "eventId": "39269366743375406511806582843650936186411307196496478208" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899307000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899307 1760899377 - NODATA", - "ingestionTime": 1760899397968, - "eventId": "39269366765676151710337205970001456823899431732343996416" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899307000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899307 1760899380 - NODATA", - "ingestionTime": 1760899400607, - "eventId": "39269366765676151710337205973191896492119022919563018240" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899309000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899309 1760899396 - NODATA", - "ingestionTime": 1760899423126, - "eventId": "39269366810277642107398452283487031653564659198874484736" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899316000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899316 1760899382 - NODATA", - "ingestionTime": 1760899399106, - "eventId": "39269366966382858497112814245198916281112315683434004480" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899331000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899331 1760899406 - NODATA", - "ingestionTime": 1760899430913, - "eventId": "39269367300894036475072161406686974765064859028356005888" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899335000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899335 1760899415 - NODATA", - "ingestionTime": 1760899437272, - "eventId": "39269367390097017269194653980516978150189752716098142208" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899339000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899339 1760899418 - NODATA", - "ingestionTime": 1760899447124, - "eventId": "39269367479299998063317146558570512292617288860634185728" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899351000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899351 1760899427 - NODATA", - "ingestionTime": 1760899454220, - "eventId": "39269367746908940445684624265577228552990440521160261632" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899366000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899366 1760899439 - NODATA", - "ingestionTime": 1760899459961, - "eventId": "39269368081420118423643971395553591908768001739518377984" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899369000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899369 1760899440 - NODATA", - "ingestionTime": 1760899457693, - "eventId": "39269368148322354019235840817419132639093943126178463744" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899369000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899369 1760899444 - NODATA", - "ingestionTime": 1760899469981, - "eventId": "39269368148322354019235840832274191397035876158754783232" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899369000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899369 1760899454 - NODATA", - "ingestionTime": 1760899484008, - "eventId": "39269368148322354019235840849232080110616189955149922304" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899374000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899374 1760899441 - NODATA", - "ingestionTime": 1760899460296, - "eventId": "39269368259826080011888956528244589978217412339484983296" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899392000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899392 1760899467 - NODATA", - "ingestionTime": 1760899489716, - "eventId": "39269368661239493585440173111454201356029973516445417472" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899395000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899395 1760899475 - NODATA", - "ingestionTime": 1760899496760, - "eventId": "39269368728141729181032042544576516340573757947585167360" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899402000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899402 1760899481 - NODATA", - "ingestionTime": 1760899503957, - "eventId": "39269368884246945570746404544027514969411264622420295680" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899413000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899413 1760899488 - NODATA", - "ingestionTime": 1760899511503, - "eventId": "39269369129555142754583259110043103669214552903807205376" - } - ], - "eni-0affc8cb976d281e4-all": [ - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899035000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899035 1760899116 - NODATA", - "ingestionTime": 1760899138840, - "eventId": "39269360699873457710007711159019469104701397634533228544" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899046000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899046 1760899125 - NODATA", - "ingestionTime": 1760899146967, - "eventId": "39269360945181654893844565725737606527934368011554914304" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899060000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899060 1760899132 - NODATA", - "ingestionTime": 1760899190646, - "eventId": "39269361257392087673273289760042133263107400332285378560" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899066000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899066 1760899146 - NODATA", - "ingestionTime": 1760899167560, - "eventId": "39269361391196558864457028581347041359969927984593829888" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899074000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899074 1760899154 - NODATA", - "ingestionTime": 1760899179105, - "eventId": "39269361569602520452702013727590210801973350606697005056" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899087000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899087 1760899164 - NODATA", - "ingestionTime": 1760899192244, - "eventId": "39269361859512208033600114583438176555824605694748459008" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899094000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899094 1760899177 - NODATA", - "ingestionTime": 1760899198599, - "eventId": "39269362015617424423314476581871073057489942101635956736" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899096000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899096 1760899173 - NODATA", - "ingestionTime": 1760899189115, - "eventId": "39269362060218914820375722853477185278320939846186958848" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899109000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899109 1760899185 - NODATA", - "ingestionTime": 1760899210726, - "eventId": "39269362350128602401273823719567361138346684332021776384" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899122000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899122 1760899194 - NODATA", - "ingestionTime": 1760899250823, - "eventId": "39269362640038289982171924608006329965051610956954140672" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899124000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899124 1760899206 - NODATA", - "ingestionTime": 1760899227914, - "eventId": "39269362684639780379233170863382549457541174480434364416" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899126000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899126 1760899200 - NODATA", - "ingestionTime": 1760899219338, - "eventId": "39269362729241270776294417136085999322452702428389244928" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899144000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899144 1760899226 - NODATA", - "ingestionTime": 1760899247368, - "eventId": "39269363130654684349845633717615132665541153038186250240" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899153000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899153 1760899235 - NODATA", - "ingestionTime": 1760899261725, - "eventId": "39269363331361391136621242008792839945762262059483660288" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899167000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899167 1760899245 - NODATA", - "ingestionTime": 1760899268996, - "eventId": "39269363643571823916049965999083152685223837249222017024" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899182000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899182 1760899254 - NODATA", - "ingestionTime": 1760899310544, - "eventId": "39269363978083001894009313172347560528882751266101002240" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899184000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899184 1760899260 - NODATA", - "ingestionTime": 1760899281322, - "eventId": "39269364022684492291070559420091896183115699813441011712" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899186000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899186 1760899266 - NODATA", - "ingestionTime": 1760899287931, - "eventId": "39269364067285982688131805711152844471674574293835710464" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899194000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899194 1760899275 - NODATA", - "ingestionTime": 1760899299457, - "eventId": "39269364245691944276376790857372500237716647776452476928" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899204000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899204 1760899285 - NODATA", - "ingestionTime": 1760899309818, - "eventId": "39269364468699396261683022285255354161015274794248699904" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899213000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899213 1760899295 - NODATA", - "ingestionTime": 1760899320882, - "eventId": "39269364669406103048458630572452503370674395929094586368" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899215000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899215 1760899293 - NODATA", - "ingestionTime": 1760899311810, - "eventId": "39269364714007593445519876844556444173706942228705116160" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899229000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899229 1760899309 - NODATA", - "ingestionTime": 1760899328555, - "eventId": "39269365026218026224948600846300242377921950412429459456" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899241000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899241 1760899325 - NODATA", - "ingestionTime": 1760899348957, - "eventId": "39269365293826968607316078569393086186336604020860649472" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899241000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899241 1760899314 - NODATA", - "ingestionTime": 1760899372605, - "eventId": "39269365293826968607316078597982298375350150780347219968" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899245000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899245 1760899321 - NODATA", - "ingestionTime": 1760899340200, - "eventId": "39269365383029949401438571124949559171644792505665978368" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899251000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899251 1760899335 - NODATA", - "ingestionTime": 1760899359866, - "eventId": "39269365516834420592622309997938463861202851147023974400" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899266000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899266 1760899345 - NODATA", - "ingestionTime": 1760899367752, - "eventId": "39269365851345598570581657130508151919096926587179171840" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899272000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899272 1760899359 - NODATA", - "ingestionTime": 1760899383256, - "eventId": "39269365985150069761765395998465481644863673480582332416" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899276000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899276 1760899352 - NODATA", - "ingestionTime": 1760899370378, - "eventId": "39269366074353050555887888549039652693215533761524727808" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899288000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899288 1760899366 - NODATA", - "ingestionTime": 1760899388583, - "eventId": "39269366341961992938255366269476998944118616763606564864" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899303000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899303 1760899381 - NODATA", - "ingestionTime": 1760899400318, - "eventId": "39269366676473170916214713406699804785352071340302925824" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899303000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899303 1760899375 - NODATA", - "ingestionTime": 1760899429510, - "eventId": "39269366676473170916214713441990338386303280666812350464" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899307000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899307 1760899384 - NODATA", - "ingestionTime": 1760899411298, - "eventId": "39269366765676151710337205986116559650590329171965837312" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899312000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899312 1760899394 - NODATA", - "ingestionTime": 1760899422796, - "eventId": "39269366877179877702990321707695130867012944863901057024" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899322000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899322 1760899403 - NODATA", - "ingestionTime": 1760899428577, - "eventId": "39269367100187329688296553130041479120048520123150827520" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899334000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899334 1760899412 - NODATA", - "ingestionTime": 1760899432439, - "eventId": "39269367367796272070664030833138720654446275223893245952" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899334000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899334 1760899414 - NODATA", - "ingestionTime": 1760899439881, - "eventId": "39269367367796272070664030842135296708003520290717499392" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899347000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899347 1760899424 - NODATA", - "ingestionTime": 1760899451070, - "eventId": "39269367657705959651562131695626595798239555883438637056" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899361000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899361 1760899435 - NODATA", - "ingestionTime": 1760899490451, - "eventId": "39269367969916392430990855724735341148002908163555328000" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899364000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899364 1760899441 - NODATA", - "ingestionTime": 1760899459187, - "eventId": "39269368036818628026582725111546443776056460041485942784" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899366000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899366 1760899447 - NODATA", - "ingestionTime": 1760899471147, - "eventId": "39269368081420118423643971409076505618835547023528493056" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899370000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899370 1760899452 - NODATA", - "ingestionTime": 1760899479024, - "eventId": "39269368170623099217766463984742283714993043411306807296" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899382000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899382 1760899467 - NODATA", - "ingestionTime": 1760899488669, - "eventId": "39269368438232041600133941694831139681884182062797881344" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899394000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899394 1760899475 - NODATA", - "ingestionTime": 1760899502220, - "eventId": "39269368705840983982501419409641737709798658672228827136" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899398000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899398 1760899473 - NODATA", - "ingestionTime": 1760899489665, - "eventId": "39269368795043964776623911960606453012996625068128206848" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899409000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899409 1760899486 - NODATA", - "ingestionTime": 1760899512065, - "eventId": "39269369040352161960460766544579612106892416237728497664" - } - ], - "eni-0cc527ecbe7a26eaf-all": [ - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899035000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899035 1760899117 - NODATA", - "ingestionTime": 1760899142936, - "eventId": "39269360699873457710007711163971510559320265101743685632" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899036000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899036 1760899114 - NODATA", - "ingestionTime": 1760899134414, - "eventId": "39269360722174202908538334295204820463313948714318168064" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899050000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899050 1760899129 - NODATA", - "ingestionTime": 1760899152727, - "eventId": "39269361034384635687967058298843497727773204937133850624" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899063000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899063 1760899133 - NODATA", - "ingestionTime": 1760899185523, - "eventId": "39269361324294323268865159178455904111196628287686770688" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899065000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899065 1760899140 - NODATA", - "ingestionTime": 1760899158843, - "eventId": "39269361368895813665926405429273417399856208608128204800" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899066000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899066 1760899145 - NODATA", - "ingestionTime": 1760899168245, - "eventId": "39269361391196558864457028582175509246823037858524626944" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899072000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899072 1760899154 - NODATA", - "ingestionTime": 1760899181163, - "eventId": "39269361525001030055640767447006181139772869756776218624" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899090000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899090 1760899170 - NODATA", - "ingestionTime": 1760899193900, - "eventId": "39269361926414443629191984010047495961379235145155215360" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899092000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899092 1760899177 - NODATA", - "ingestionTime": 1760899202749, - "eventId": "39269361971015934026253230303816785979875019549754589184" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899110000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899110 1760899188 - NODATA", - "ingestionTime": 1760899210860, - "eventId": "39269362372429347599804446861265377207808753828176592896" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899125000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899125 1760899204 - NODATA", - "ingestionTime": 1760899230989, - "eventId": "39269362706940525577763794008635558579997690313193750528" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899126000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899126 1760899200 - NODATA", - "ingestionTime": 1760899219830, - "eventId": "39269362729241270776294417136680824586241537371595341824" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899127000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899127 1760899212 - NODATA", - "ingestionTime": 1760899242326, - "eventId": "39269362751542015974825040305412561063885034823646773248" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899146000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899146 1760899226 - NODATA", - "ingestionTime": 1760899246152, - "eventId": "39269363175256174746906879999216657007477593368650383360" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899152000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899152 1760899231 - NODATA", - "ingestionTime": 1760899253019, - "eventId": "39269363309060645938090618856732243219578704771989635072" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899156000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899156 1760899237 - NODATA", - "ingestionTime": 1760899263736, - "eventId": "39269363398263626732213111435831655263089646910124851200" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899170000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899170 1760899247 - NODATA", - "ingestionTime": 1760899271074, - "eventId": "39269363710474059511641835426202440992731308715443683328" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899184000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899184 1760899260 - NODATA", - "ingestionTime": 1760899279688, - "eventId": "39269364022684492291070559418116119557759800710406471680" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899186000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899186 1760899257 - NODATA", - "ingestionTime": 1760899306262, - "eventId": "39269364067285982688131805733313731667256371536065331200" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899188000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899188 1760899266 - NODATA", - "ingestionTime": 1760899288672, - "eventId": "39269364111887473085193051995119913844343400534901653504" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899194000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899194 1760899275 - NODATA", - "ingestionTime": 1760899299252, - "eventId": "39269364245691944276376790857125149363662073314597076992" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899204000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899204 1760899285 - NODATA", - "ingestionTime": 1760899309280, - "eventId": "39269364468699396261683022284605296878582061744064102400" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899214000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899214 1760899291 - NODATA", - "ingestionTime": 1760899314311, - "eventId": "39269364691706848246989253706044751639540719357729177600" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899215000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899215 1760899296 - NODATA", - "ingestionTime": 1760899324087, - "eventId": "39269364714007593445519876859398939631364402504914436096" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899232 1760899310 - NODATA", - "ingestionTime": 1760899334354, - "eventId": "39269365093120261820540470277918148826862523982991851520" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899245000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899245 1760899320 - NODATA", - "ingestionTime": 1760899341889, - "eventId": "39269365383029949401438571126991283198097922654519689216" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899245000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899245 1760899325 - NODATA", - "ingestionTime": 1760899348539, - "eventId": "39269365383029949401438571135031132663793566278058115072" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899246000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899246 1760899316 - NODATA", - "ingestionTime": 1760899366160, - "eventId": "39269365405330694599969194297869179122661927007680724992" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899253000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899253 1760899335 - NODATA", - "ingestionTime": 1760899360237, - "eventId": "39269365561435910989683556281458718788128809122697052160" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899263000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899263 1760899343 - NODATA", - "ingestionTime": 1760899367744, - "eventId": "39269365784443362974989787705891158615048326713479266304" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899275000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899275 1760899352 - NODATA", - "ingestionTime": 1760899372061, - "eventId": "39269366052052305357357265409538549045672232196748017664" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899275000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899275 1760899358 - NODATA", - "ingestionTime": 1760899383656, - "eventId": "39269366052052305357357265423556517543661022486787260416" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899290000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899290 1760899367 - NODATA", - "ingestionTime": 1760899391461, - "eventId": "39269366386563483335316612556027451863182680765922607104" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899303000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899303 1760899381 - NODATA", - "ingestionTime": 1760899403625, - "eventId": "39269366676473170916214713410697222888582558342587351040" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899307000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899307 1760899384 - NODATA", - "ingestionTime": 1760899411002, - "eventId": "39269366765676151710337205985758614282112731246506541056" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899314000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899314 1760899394 - NODATA", - "ingestionTime": 1760899419972, - "eventId": "39269366921781368100051567987352686539192809824210518016" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899324000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899324 1760899404 - NODATA", - "ingestionTime": 1760899426887, - "eventId": "39269367144788820085357799411069452063340406770065408000" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899334000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899334 1760899412 - NODATA", - "ingestionTime": 1760899434439, - "eventId": "39269367367796272070664030835556822797651854308072357888" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899334000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899334 1760899417 - NODATA", - "ingestionTime": 1760899446456, - "eventId": "39269367367796272070664030850084056944309412406590767104" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899351000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899351 1760899427 - NODATA", - "ingestionTime": 1760899451312, - "eventId": "39269367746908940445684624262062177639914816024458821632" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899364000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899364 1760899441 - NODATA", - "ingestionTime": 1760899459035, - "eventId": "39269368036818628026582725111362754830102764013299433472" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899364000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899364 1760899446 - NODATA", - "ingestionTime": 1760899470289, - "eventId": "39269368036818628026582725124967908315929005802571956224" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899368000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899368 1760899437 - NODATA", - "ingestionTime": 1760899486041, - "eventId": "39269368126021608820705217710153819616007802450744442880" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899370000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899370 1760899452 - NODATA", - "ingestionTime": 1760899480164, - "eventId": "39269368170623099217766463986120228458155453978742292480" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899383000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899383 1760899466 - NODATA", - "ingestionTime": 1760899488206, - "eventId": "39269368460532786798664564835806916203379451258122797056" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899393000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899393 1760899476 - NODATA", - "ingestionTime": 1760899506645, - "eventId": "39269368683540238783970796273455606208662299519439011840" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899397000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899397 1760899475 - NODATA", - "ingestionTime": 1760899493621, - "eventId": "39269368772743219578093288823853465559792739857376215040" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899410000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899410 1760899488 - NODATA", - "ingestionTime": 1760899512938, - "eventId": "39269369062652907158991389687170444069467983195855192064" - } - ], - "eni-00e49c1a350a96c62-all": [ - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899037000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899037 1760899114 - NODATA", - "ingestionTime": 1760899138767, - "eventId": "39269360744474948107068957442002873060395970223357362176" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899049000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899049 1760899123 - NODATA", - "ingestionTime": 1760899145913, - "eventId": "39269361012083890489436435149070146485244488969436200960" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899057000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899057 1760899130 - NODATA", - "ingestionTime": 1760899154890, - "eventId": "39269361190489852077681420292208780129801594305213628416" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899063000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899063 1760899143 - NODATA", - "ingestionTime": 1760899165282, - "eventId": "39269361324294323268865159153986206642563145982672568320" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899068000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899068 1760899140 - NODATA", - "ingestionTime": 1760899155203, - "eventId": "39269361435798049261518274849479695499931155809958887424" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899069000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899069 1760899149 - NODATA", - "ingestionTime": 1760899172925, - "eventId": "39269361458098794460048898012440441311275205415884881920" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899074000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899074 1760899158 - NODATA", - "ingestionTime": 1760899188149, - "eventId": "39269361569602520452702013738523382166437444405447360512" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899094000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899094 1760899173 - NODATA", - "ingestionTime": 1760899193854, - "eventId": "39269362015617424423314476576134577772443043769486868480" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899098000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899098 1760899175 - NODATA", - "ingestionTime": 1760899198765, - "eventId": "39269362104820405217436969148214454073853692019531972608" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899106000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899106 1760899183 - NODATA", - "ingestionTime": 1760899205855, - "eventId": "39269362283226366805681954289071863715341114358247981056" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899116000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899116 1760899190 - NODATA", - "ingestionTime": 1760899218900, - "eventId": "39269362506233818790988185720199514343819175426755985408" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899124000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899124 1760899200 - NODATA", - "ingestionTime": 1760899223152, - "eventId": "39269362684639780379233170857625462746990168067807838208" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899129000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899129 1760899207 - NODATA", - "ingestionTime": 1760899233704, - "eventId": "39269362796143506371886286578060267268971733818706690048" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899130000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899130 1760899200 - NODATA", - "ingestionTime": 1760899216597, - "eventId": "39269362818444251570416909698915159185654638900559478784" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899132000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899132 1760899217 - NODATA", - "ingestionTime": 1760899249116, - "eventId": "39269362863045741967478156021299470001702103957709324288" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899157000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899157 1760899233 - NODATA", - "ingestionTime": 1760899250348, - "eventId": "39269363420564371930743734561181793392594438106193985536" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899158000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899158 1760899235 - NODATA", - "ingestionTime": 1760899257916, - "eventId": "39269363442865117129274357711867073227048333308284895232" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899167000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899167 1760899242 - NODATA", - "ingestionTime": 1760899266443, - "eventId": "39269363643571823916049965995997165200773008274068602880" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899176000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899176 1760899252 - NODATA", - "ingestionTime": 1760899278154, - "eventId": "39269363844278530702825574283975957584885667444695433216" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899183000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899183 1760899261 - NODATA", - "ingestionTime": 1760899283120, - "eventId": "39269364000383747092539936280729434656590907773135814656" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899187000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899187 1760899267 - NODATA", - "ingestionTime": 1760899294600, - "eventId": "39269364089586727886662428860750732039464946026079584256" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899190000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899190 1760899260 - NODATA", - "ingestionTime": 1760899275302, - "eventId": "39269364156488963482254298262028409321693380740057726976" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899193000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899193 1760899277 - NODATA", - "ingestionTime": 1760899306056, - "eventId": "39269364223391199077846167723814463848546217742214758400" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899213000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899213 1760899292 - NODATA", - "ingestionTime": 1760899313242, - "eventId": "39269364669406103048458630563216446915861083943820525568" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899217000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899217 1760899294 - NODATA", - "ingestionTime": 1760899321674, - "eventId": "39269364758609083842581123139552769844370962991551938560" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899228000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899228 1760899304 - NODATA", - "ingestionTime": 1760899325244, - "eventId": "39269365003917281026417977700761979083052749898730242048" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899234000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899234 1760899313 - NODATA", - "ingestionTime": 1760899337001, - "eventId": "39269365137721752217601716564189390859907730233102761984" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899243000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899243 1760899323 - NODATA", - "ingestionTime": 1760899342968, - "eventId": "39269365338428459004377324845224710968490708577878147072" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899247000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899247 1760899320 - NODATA", - "ingestionTime": 1760899337957, - "eventId": "39269365427631439798499817405309310435025331773548134400" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899250000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899250 1760899327 - NODATA", - "ingestionTime": 1760899354215, - "eventId": "39269365494533675394091686849571300684571434120473935872" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899256000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899256 1760899339 - NODATA", - "ingestionTime": 1760899366733, - "eventId": "39269365628338146585275425713918766977677100855991992320" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899274000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899274 1760899355 - NODATA", - "ingestionTime": 1760899383193, - "eventId": "39269366029751560158826642281460692452759301299789365248" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899275000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899275 1760899350 - NODATA", - "ingestionTime": 1760899372605, - "eventId": "39269366052052305357357265410196231221786162162004131840" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899289000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899289 1760899364 - NODATA", - "ingestionTime": 1760899386545, - "eventId": "39269366364262738136785989408548697493435601619971342336" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899296000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899296 1760899369 - NODATA", - "ingestionTime": 1760899397522, - "eventId": "39269366520367954526500351412569071531243907951461466112" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899303000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899303 1760899381 - NODATA", - "ingestionTime": 1760899403322, - "eventId": "39269366676473170916214713410331080053193532204739461120" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899310000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899310 1760899380 - NODATA", - "ingestionTime": 1760899396685, - "eventId": "39269366832578387305929075393057588744809773639408222208" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899310000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899310 1760899391 - NODATA", - "ingestionTime": 1760899414626, - "eventId": "39269366832578387305929075414746681071818916868380557312" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899312000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899312 1760899397 - NODATA", - "ingestionTime": 1760899426265, - "eventId": "39269366877179877702990321711888984629719983476018970624" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899334000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899334 1760899415 - NODATA", - "ingestionTime": 1760899439060, - "eventId": "39269367367796272070664030841142937958575332058401079296" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899335000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899335 1760899411 - NODATA", - "ingestionTime": 1760899430946, - "eventId": "39269367390097017269194653972869353730141055293073653760" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899348000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899348 1760899422 - NODATA", - "ingestionTime": 1760899445836, - "eventId": "39269367680006704850092754830834442177159248388842323968" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899358000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899358 1760899431 - NODATA", - "ingestionTime": 1760899455982, - "eventId": "39269367903014156835398986258457400930997965156061413376" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899363000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899363 1760899448 - NODATA", - "ingestionTime": 1760899475444, - "eventId": "39269368014517882828052101989664297898907338176166625280" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899364000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899364 1760899440 - NODATA", - "ingestionTime": 1760899465105, - "eventId": "39269368036818628026582725118701199232259355164586803200" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899371000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899371 1760899440 - NODATA", - "ingestionTime": 1760899457014, - "eventId": "39269368192923844416297087099669576687152167684464902144" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899377000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899377 1760899459 - NODATA", - "ingestionTime": 1760899490171, - "eventId": "39269368326728315607480825988968463538789249157613486080" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899393000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899393 1760899469 - NODATA", - "ingestionTime": 1760899490033, - "eventId": "39269368683540238783970796253372651980199477280652132352" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899393000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899393 1760899475 - NODATA", - "ingestionTime": 1760899500599, - "eventId": "39269368683540238783970796266146224296626452138420731904" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899409000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899409 1760899484 - NODATA", - "ingestionTime": 1760899505136, - "eventId": "39269369040352161960460766536202630897021212831417696256" - } - ], - "eni-0fa50413d12043097-all": [ - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899040000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899040 1760899115 - NODATA", - "ingestionTime": 1760899140262, - "eventId": "39269360811377183702660826868416985984503058815102287872" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899042000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899042 1760899121 - NODATA", - "ingestionTime": 1760899143376, - "eventId": "39269360855978674099722073155253169520247183234716467200" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899052000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899052 1760899128 - NODATA", - "ingestionTime": 1760899152591, - "eventId": "39269361078986126085028304581750881363540677418497605632" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899064000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899064 1760899140 - NODATA", - "ingestionTime": 1760899162154, - "eventId": "39269361346595068467395782291739961430735159900244934656" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899066000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899066 1760899144 - NODATA", - "ingestionTime": 1760899169498, - "eventId": "39269361391196558864457028583690118502832229354569924608" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899073000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899073 1760899154 - NODATA", - "ingestionTime": 1760899179003, - "eventId": "39269361547301775254171390585930848990670403554094546944" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899092000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899092 1760899171 - NODATA", - "ingestionTime": 1760899190986, - "eventId": "39269361971015934026253230289595803506801529278806687744" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899098000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899098 1760899181 - NODATA", - "ingestionTime": 1760899207867, - "eventId": "39269362104820405217436969159218344953622183587375808512" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899112000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899112 1760899188 - NODATA", - "ingestionTime": 1760899214794, - "eventId": "39269362417030837996865693149092557063885044642170601472" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899126000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899126 1760899200 - NODATA", - "ingestionTime": 1760899218363, - "eventId": "39269362729241270776294417134907160818739660973908819968" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899127000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899127 1760899204 - NODATA", - "ingestionTime": 1760899228143, - "eventId": "39269362751542015974825040288266516288111335930212450304" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899130000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899130 1760899196 - NODATA", - "ingestionTime": 1760899236269, - "eventId": "39269362818444251570416909722696919918440077319402749952" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899136000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899136 1760899216 - NODATA", - "ingestionTime": 1760899235291, - "eventId": "39269362952248722761600648570728909971269331639508271104" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899138000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899138 1760899219 - NODATA", - "ingestionTime": 1760899250086, - "eventId": "39269362996850213158661894871686954858411832487192231936" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899153000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899153 1760899230 - NODATA", - "ingestionTime": 1760899254654, - "eventId": "39269363331361391136621242000244768455551793757717463040" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899161000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899161 1760899237 - NODATA", - "ingestionTime": 1760899257334, - "eventId": "39269363509767352724866227135770221742737076997653921792" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899164000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899164 1760899241 - NODATA", - "ingestionTime": 1760899265939, - "eventId": "39269363576669588320458096570780569355098770852205232128" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899174000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899174 1760899249 - NODATA", - "ingestionTime": 1760899273397, - "eventId": "39269363799677040305764327995154046397828555294498422784" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899184000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899184 1760899260 - NODATA", - "ingestionTime": 1760899281771, - "eventId": "39269364022684492291070559420634279420924730337580023808" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899187000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899187 1760899265 - NODATA", - "ingestionTime": 1760899288795, - "eventId": "39269364089586727886662428853733110355927812841166798848" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899196000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899196 1760899273 - NODATA", - "ingestionTime": 1760899296003, - "eventId": "39269364290293434673438037136268631779257380741103878144" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899198000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899198 1760899278 - NODATA", - "ingestionTime": 1760899306553, - "eventId": "39269364334894925070499283432094430904808367107227451392" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899213000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899213 1760899289 - NODATA", - "ingestionTime": 1760899312120, - "eventId": "39269364669406103048458630561859774536441580822616932352" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899219000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899219 1760899295 - NODATA", - "ingestionTime": 1760899317268, - "eventId": "39269364803210574239642369417297713069416572112904192000" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899219000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899219 1760899301 - NODATA", - "ingestionTime": 1760899322768, - "eventId": "39269364803210574239642369423946845989658433766276726784" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899234000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899234 1760899311 - NODATA", - "ingestionTime": 1760899332678, - "eventId": "39269365137721752217601716558963471053914458804630847488" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899245000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899245 1760899320 - NODATA", - "ingestionTime": 1760899339367, - "eventId": "39269365383029949401438571123942486092557966856190361600" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899247000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899247 1760899324 - NODATA", - "ingestionTime": 1760899348309, - "eventId": "39269365427631439798499817417824354360108782591454478336" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899253000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899253 1760899332 - NODATA", - "ingestionTime": 1760899355678, - "eventId": "39269365561435910989683556275947266384107891177478815744" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899261000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899261 1760899342 - NODATA", - "ingestionTime": 1760899366693, - "eventId": "39269365739841872577928541421549487378245342185086910464" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899273000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899273 1760899350 - NODATA", - "ingestionTime": 1760899372128, - "eventId": "39269366007450814960296019126548532389304577255380680704" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899281000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899281 1760899356 - NODATA", - "ingestionTime": 1760899377874, - "eventId": "39269366185856776548541004265780822088761543221054603264" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899284000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899284 1760899364 - NODATA", - "ingestionTime": 1760899385324, - "eventId": "39269366252759012144132873699394307557598695465524264960" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899292000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899292 1760899368 - NODATA", - "ingestionTime": 1760899394142, - "eventId": "39269366431164973732377858842340359302581975791635333120" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899303000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899303 1760899380 - NODATA", - "ingestionTime": 1760899400005, - "eventId": "39269366676473170916214713406321216800965289140896202752" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899307000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899307 1760899383 - NODATA", - "ingestionTime": 1760899409949, - "eventId": "39269366765676151710337205984485811763750024473813581824" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899313000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899313 1760899378 - NODATA", - "ingestionTime": 1760899414160, - "eventId": "39269366899480622901520944838790532611734763965527949312" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899314000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899314 1760899394 - NODATA", - "ingestionTime": 1760899419381, - "eventId": "39269366921781368100051567986638388512800638442458775552" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899317000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899317 1760899401 - NODATA", - "ingestionTime": 1760899428481, - "eventId": "39269366988683603695643437422246304878471566233588793344" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899334000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899334 1760899410 - NODATA", - "ingestionTime": 1760899430659, - "eventId": "39269367367796272070664030830986961116563222632212791296" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899340000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899340 1760899416 - NODATA", - "ingestionTime": 1760899436518, - "eventId": "39269367501600743261847769687284398395473853959957053440" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899345000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899345 1760899422 - NODATA", - "ingestionTime": 1760899447444, - "eventId": "39269367613104469254500885408171291853138687591527874560" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899354000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899354 1760899429 - NODATA", - "ingestionTime": 1760899453567, - "eventId": "39269367813811176041276493689395293155195266907628961792" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899364000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899364 1760899441 - NODATA", - "ingestionTime": 1760899458468, - "eventId": "39269368036818628026582725110677664820832133703468122112" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899370000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899370 1760899445 - NODATA", - "ingestionTime": 1760899471928, - "eventId": "39269368170623099217766463976163577497656700642295021568" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899375000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899375 1760899454 - NODATA", - "ingestionTime": 1760899475464, - "eventId": "39269368282126825210419579688117181201629642247446134784" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899377000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899377 1760899460 - NODATA", - "ingestionTime": 1760899486979, - "eventId": "39269368326728315607480825985109618256405191504821223424" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899391000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899391 1760899470 - NODATA", - "ingestionTime": 1760899491571, - "eventId": "39269368638938748386909549972160630771095970562797076480" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899398000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899398 1760899476 - NODATA", - "ingestionTime": 1760899496786, - "eventId": "39269368795043964776623911969215202050450603886724448256" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899398000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899398 1760899480 - NODATA", - "ingestionTime": 1760899504483, - "eventId": "39269368795043964776623911978520527272550776449095237632" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899410000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899410 1760899487 - NODATA", - "ingestionTime": 1760899514868, - "eventId": "39269369062652907158991389689503736367846913633824866304" - } - ], - "eni-0ab252a7dc8378f9e-all": [ - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899043000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899043 1760899121 - NODATA", - "ingestionTime": 1760899144743, - "eventId": "39269360878279419298252696298441346294757840151857463296" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899055000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899055 1760899132 - NODATA", - "ingestionTime": 1760899168235, - "eventId": "39269361145888361680620174025270253239837550314553278464" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899063000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899063 1760899140 - NODATA", - "ingestionTime": 1760899163640, - "eventId": "39269361324294323268865159152001029709603810370906947584" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899063000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899063 1760899143 - NODATA", - "ingestionTime": 1760899168077, - "eventId": "39269361324294323268865159157365264056044858698275160064" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899074000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899074 1760899156 - NODATA", - "ingestionTime": 1760899176432, - "eventId": "39269361569602520452702013724358474785221923001425002496" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899083000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899083 1760899165 - NODATA", - "ingestionTime": 1760899187057, - "eventId": "39269361770309227239477622011024815587615914795180752896" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899087000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899087 1760899153 - NODATA", - "ingestionTime": 1760899167556, - "eventId": "39269361859512208033600114553592653372149707506846400512" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899092000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899092 1760899170 - NODATA", - "ingestionTime": 1760899192280, - "eventId": "39269361971015934026253230291160278927375725344553107456" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899099000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899099 1760899177 - NODATA", - "ingestionTime": 1760899198187, - "eventId": "39269362127121150415967592289051716776414009852387983360" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899103000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899103 1760899183 - NODATA", - "ingestionTime": 1760899206246, - "eventId": "39269362216324131210090084864937018834584512701592240128" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899116000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899116 1760899191 - NODATA", - "ingestionTime": 1760899232074, - "eventId": "39269362506233818790988185736125476421465966948702420992" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899126000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899126 1760899200 - NODATA", - "ingestionTime": 1760899219781, - "eventId": "39269362729241270776294417136621410518674911340285657088" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899127000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899127 1760899204 - NODATA", - "ingestionTime": 1760899228166, - "eventId": "39269362751542015974825040288294114353006436868741267456" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899135000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899135 1760899216 - NODATA", - "ingestionTime": 1760899236537, - "eventId": "39269362929947977563070025430699906144758538369638989824" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899143000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899143 1760899223 - NODATA", - "ingestionTime": 1760899246487, - "eventId": "39269363108353939151315010575014091586148403225718226944" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899152000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899152 1760899218 - NODATA", - "ingestionTime": 1760899228230, - "eventId": "39269363309060645938090618826764277432324953379863986176" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899154000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899154 1760899230 - NODATA", - "ingestionTime": 1760899251910, - "eventId": "39269363353662136335151865138463170581794388689786109952" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899159000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899159 1760899237 - NODATA", - "ingestionTime": 1760899258836, - "eventId": "39269363465165862327804980854514963320757161567338037248" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899164000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899164 1760899243 - NODATA", - "ingestionTime": 1760899267297, - "eventId": "39269363576669588320458096572421907225632428613003575296" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899175000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899175 1760899249 - NODATA", - "ingestionTime": 1760899289057, - "eventId": "39269363821977785504294951155621307693113204263044317184" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899182000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899182 1760899260 - NODATA", - "ingestionTime": 1760899284104, - "eventId": "39269363978083001894009313140383662044320238584828002304" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899188000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899188 1760899264 - NODATA", - "ingestionTime": 1760899289384, - "eventId": "39269364111887473085193051995981173248009206015046909952" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899194000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899194 1760899273 - NODATA", - "ingestionTime": 1760899297876, - "eventId": "39269364245691944276376790855461696834132070243219472384" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899201000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899201 1760899281 - NODATA", - "ingestionTime": 1760899306426, - "eventId": "39269364401797160666091152856547997110764227965170089984" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899212000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899212 1760899290 - NODATA", - "ingestionTime": 1760899311990, - "eventId": "39269364647105357849928007420167105058361158249298591744" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899220000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899220 1760899296 - NODATA", - "ingestionTime": 1760899318981, - "eventId": "39269364825511319438172992560904692599124508662111862784" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899225000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899225 1760899305 - NODATA", - "ingestionTime": 1760899326405, - "eventId": "39269364937015045430826108277557866612080981738167205888" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899234000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899234 1760899311 - NODATA", - "ingestionTime": 1760899349607, - "eventId": "39269365137721752217601716579429045015788236565383872512" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899244000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899244 1760899320 - NODATA", - "ingestionTime": 1760899340539, - "eventId": "39269365360729204202907947983824034257365336815361916928" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899246000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899246 1760899324 - NODATA", - "ingestionTime": 1760899349659, - "eventId": "39269365405330694599969194277920420845905191734063595520" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899255000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899255 1760899333 - NODATA", - "ingestionTime": 1760899355340, - "eventId": "39269365606037401386744802558609859740341295972286267392" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899258000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899258 1760899342 - NODATA", - "ingestionTime": 1760899370852, - "eventId": "39269365672939636982336672001969956859553818871193468928" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899264000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899264 1760899332 - NODATA", - "ingestionTime": 1760899350205, - "eventId": "39269365806744108173520410826223332584796236243615940608" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899273000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899273 1760899351 - NODATA", - "ingestionTime": 1760899371460, - "eventId": "39269366007450814960296019125740775862889849020409970688" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899280000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899280 1760899356 - NODATA", - "ingestionTime": 1760899380041, - "eventId": "39269366163556031350010381126864519046676932443778842624" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899285000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899285 1760899363 - NODATA", - "ingestionTime": 1760899385191, - "eventId": "39269366275059757342663496840769274361216909335960289280" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899294000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899294 1760899369 - NODATA", - "ingestionTime": 1760899408748, - "eventId": "39269366475766464129439105143069271520703015093635448832" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899303000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899303 1760899380 - NODATA", - "ingestionTime": 1760899403298, - "eventId": "39269366676473170916214713410301864753488679959076405248" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899307000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899307 1760899385 - NODATA", - "ingestionTime": 1760899409389, - "eventId": "39269366765676151710337205983808376335481471422902829056" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899314000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899314 1760899393 - NODATA", - "ingestionTime": 1760899417527, - "eventId": "39269366921781368100051567984396803465274466565072355328" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899322000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899322 1760899404 - NODATA", - "ingestionTime": 1760899425908, - "eventId": "39269367100187329688296553126814732094305494235156250624" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899325000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899325 1760899394 - NODATA", - "ingestionTime": 1760899407513, - "eventId": "39269367167089565283888422529183595729306489697859207168" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899334000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899334 1760899411 - NODATA", - "ingestionTime": 1760899432182, - "eventId": "39269367367796272070664030832828069171568725790328619008" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899338000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899338 1760899417 - NODATA", - "ingestionTime": 1760899441926, - "eventId": "39269367456999252864786523410750437457893915410264948736" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899347000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899347 1760899423 - NODATA", - "ingestionTime": 1760899448300, - "eventId": "39269367657705959651562131692277680343019782573063667712" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899357000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899357 1760899431 - NODATA", - "ingestionTime": 1760899468795, - "eventId": "39269367880713411636868363132411672098214393367238672384" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899364000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899364 1760899441 - NODATA", - "ingestionTime": 1760899460562, - "eventId": "39269368036818628026582725113209034936779570569075097600" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899370000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899370 1760899445 - NODATA", - "ingestionTime": 1760899469949, - "eventId": "39269368170623099217766463973771603933568241784363286528" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899379000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899379 1760899454 - NODATA", - "ingestionTime": 1760899478804, - "eventId": "39269368371329806004542072258297942518344252529592041472" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899384000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899384 1760899454 - NODATA", - "ingestionTime": 1760899468911, - "eventId": "39269368482833531997195187954016642404155879694547550208" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899384000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899384 1760899466 - NODATA", - "ingestionTime": 1760899486220, - "eventId": "39269368482833531997195187974941804250215427335835811840" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899396000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899396 1760899472 - NODATA", - "ingestionTime": 1760899492248, - "eventId": "39269368750442474379562665680657565911081339579250507776" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899400000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899400 1760899478 - NODATA", - "ingestionTime": 1760899500150, - "eventId": "39269368839645455173685158256353497648806873134796832768" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899403000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899403 1760899482 - NODATA", - "ingestionTime": 1760899507126, - "eventId": "39269368906547690769277027689394005336431475869869670400" - } - ], - "eni-0d52b90c56c30aaaf-all": [ - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899047000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899047 1760899125 - NODATA", - "ingestionTime": 1760899147882, - "eventId": "39269360967482400092375188868379387488249224545389772800" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899060000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899060 1760899131 - NODATA", - "ingestionTime": 1760899156440, - "eventId": "39269361257392087673273289718689448193884824360186019840" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899064000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899064 1760899142 - NODATA", - "ingestionTime": 1760899162528, - "eventId": "39269361346595068467395782292192150158971810428482420736" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899069000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899069 1760899147 - NODATA", - "ingestionTime": 1760899172082, - "eventId": "39269361458098794460048898011420986728738606749298458624" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899075000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899075 1760899154 - NODATA", - "ingestionTime": 1760899179557, - "eventId": "39269361591903265651232636869672220334830881519077687296" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899085000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899085 1760899165 - NODATA", - "ingestionTime": 1760899188478, - "eventId": "39269361814910717636538868295814303201759959957510815744" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899095000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899095 1760899172 - NODATA", - "ingestionTime": 1760899194879, - "eventId": "39269362037918169621845099718909715757515917376757170176" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899107000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899107 1760899185 - NODATA", - "ingestionTime": 1760899206508, - "eventId": "39269362305527112004212577431396849746611502212074307584" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899121000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899121 1760899192 - NODATA", - "ingestionTime": 1760899214474, - "eventId": "39269362617737544783641301422527240192386104119123574784" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899123000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899123 1760899201 - NODATA", - "ingestionTime": 1760899222492, - "eventId": "39269362662339035180702547715291594383117768292878319616" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899130000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899130 1760899208 - NODATA", - "ingestionTime": 1760899233348, - "eventId": "39269362818444251570416909719166094403420838251948867584" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899134000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899134 1760899217 - NODATA", - "ingestionTime": 1760899237905, - "eventId": "39269362907647232364539402290818007128969998725776801792" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899148000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899148 1760899227 - NODATA", - "ingestionTime": 1760899249387, - "eventId": "39269363219857665143968126286198786333524041780303036416" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899158000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899158 1760899239 - NODATA", - "ingestionTime": 1760899261413, - "eventId": "39269363442865117129274357716094800437411500094429528064" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899160000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899160 1760899234 - NODATA", - "ingestionTime": 1760899253536, - "eventId": "39269363487466607526335603989642999868426518943790465024" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899169000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899169 1760899246 - NODATA", - "ingestionTime": 1760899268102, - "eventId": "39269363688173314313111212281074160052015497532470460416" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899180000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899180 1760899252 - NODATA", - "ingestionTime": 1760899274719, - "eventId": "39269363933481511496948066845966343222172770892652806144" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899180000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899180 1760899260 - NODATA", - "ingestionTime": 1760899282079, - "eventId": "39269363933481511496948066854863770950199002917434556416" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899182000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899182 1760899266 - NODATA", - "ingestionTime": 1760899293227, - "eventId": "39269363978083001894009313151412646716540168025258590208" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899190000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899190 1760899260 - NODATA", - "ingestionTime": 1760899274490, - "eventId": "39269364156488963482254298261046844228847478003796869120" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899197000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899197 1760899278 - NODATA", - "ingestionTime": 1760899300413, - "eventId": "39269364312594179871968660283135671277550524372656193536" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899206000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899206 1760899285 - NODATA", - "ingestionTime": 1760899307559, - "eventId": "39269364513300886658744268565595883298524412475948466176" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899217000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899217 1760899298 - NODATA", - "ingestionTime": 1760899321757, - "eventId": "39269364758609083842581123139653540981407932788203454464" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899218000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899218 1760899294 - NODATA", - "ingestionTime": 1760899314944, - "eventId": "39269364780909829041111746272952618045972927612869541888" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899228000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899228 1760899306 - NODATA", - "ingestionTime": 1760899328418, - "eventId": "39269365003917281026417977704598914236157516870803456000" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899237000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899237 1760899311 - NODATA", - "ingestionTime": 1760899335203, - "eventId": "39269365204623987813193585986622672787194287678300815360" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899244000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899244 1760899323 - NODATA", - "ingestionTime": 1760899343217, - "eventId": "39269365360729204202907947987061312010472019627786567680" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899251000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899251 1760899320 - NODATA", - "ingestionTime": 1760899334785, - "eventId": "39269365516834420592622309967617577569085590337844543488" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899251000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899251 1760899327 - NODATA", - "ingestionTime": 1760899352809, - "eventId": "39269365516834420592622309989407348570651703606137323520" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899258000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899258 1760899338 - NODATA", - "ingestionTime": 1760899361689, - "eventId": "39269365672939636982336671990892702359840102315135926272" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899268000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899268 1760899345 - NODATA", - "ingestionTime": 1760899370695, - "eventId": "39269365895947088967642903417137343406143451131925561344" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899277000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899277 1760899357 - NODATA", - "ingestionTime": 1760899383557, - "eventId": "39269366096653795754418511706508067602588769954444738560" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899279000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899279 1760899354 - NODATA", - "ingestionTime": 1760899375789, - "eventId": "39269366141255286151479757980188263671694646889969090560" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899288000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899288 1760899366 - NODATA", - "ingestionTime": 1760899388348, - "eventId": "39269366341961992938255366269192792323452373303055679488" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899300000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899300 1760899376 - NODATA", - "ingestionTime": 1760899395510, - "eventId": "39269366609570935320622843976279590850532930483845660672" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899303000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899303 1760899380 - NODATA", - "ingestionTime": 1760899402603, - "eventId": "39269366676473170916214713409461765483202400075214487552" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899306000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899306 1760899386 - NODATA", - "ingestionTime": 1760899412895, - "eventId": "39269366743375406511806582846511427624322751494860505088" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899310000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899310 1760899380 - NODATA", - "ingestionTime": 1760899395134, - "eventId": "39269366832578387305929075391182663628086837781737963520" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899317000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899317 1760899395 - NODATA", - "ingestionTime": 1760899418476, - "eventId": "39269366988683603695643437410151409985647474216352808960" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899327000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899327 1760899406 - NODATA", - "ingestionTime": 1760899427961, - "eventId": "39269367211691055680949668836975322305628309890832662528" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899337000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899337 1760899418 - NODATA", - "ingestionTime": 1760899441419, - "eventId": "39269367434698507666255900268602047290802914714464485376" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899339000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899339 1760899413 - NODATA", - "ingestionTime": 1760899434885, - "eventId": "39269367479299998063317146543774332908299324003100655616" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899347000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899347 1760899425 - NODATA", - "ingestionTime": 1760899448149, - "eventId": "39269367657705959651562131692095166344766109020749955072" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899359000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899359 1760899432 - NODATA", - "ingestionTime": 1760899455891, - "eventId": "39269367925314902033929609399883347029227605362739380224" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899363000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899363 1760899441 - NODATA", - "ingestionTime": 1760899464135, - "eventId": "39269368014517882828052101975992624387814190561399472128" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899370000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899370 1760899448 - NODATA", - "ingestionTime": 1760899472247, - "eventId": "39269368170623099217766463976549679571305673638122553344" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899372000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899372 1760899441 - NODATA", - "ingestionTime": 1760899454756, - "eventId": "39269368215224589614827710238475764050073513625449529344" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899378000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899378 1760899456 - NODATA", - "ingestionTime": 1760899479346, - "eventId": "39269368349029060806011449117417562346652554701689978880" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899384000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899384 1760899466 - NODATA", - "ingestionTime": 1760899487743, - "eventId": "39269368482833531997195187976783303479786335592399568896" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899398000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899398 1760899478 - NODATA", - "ingestionTime": 1760899501644, - "eventId": "39269368795043964776623911975088452917773045617133158400" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899399000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899399 1760899474 - NODATA", - "ingestionTime": 1760899494757, - "eventId": "39269368817344709975154535108298415284889564861552066560" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899406000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899406 1760899485 - NODATA", - "ingestionTime": 1760899508568, - "eventId": "39269368973449926364868897115744601996530808388858806272" - } - ], - "eni-0c663685d7a12552e-all": [ - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899049000, - "message": "2 211203495394 eni-0c663685d7a12552e - - - - - - - 1760899049 1760899080 - NODATA", - "ingestionTime": 1760899108302, - "eventId": "39269361012083890489436435103601333327618873734687293440" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899082000, - "message": "2 211203495394 eni-0c663685d7a12552e - - - - - - - 1760899082 1760899113 - NODATA", - "ingestionTime": 1760899132564, - "eventId": "39269361748008482040946998803610793217379998222267121664" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899082000, - "message": "2 211203495394 eni-0c663685d7a12552e - - - - - - - 1760899082 1760899113 - NODATA", - "ingestionTime": 1760899140789, - "eventId": "39269361748008482040946998813554652559287219887603974144" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899091000, - "message": "2 211203495394 eni-0c663685d7a12552e - - - - - - - 1760899091 1760899122 - NODATA", - "ingestionTime": 1760899148802, - "eventId": "39269361948715188827722607097063154459454311630899052544" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899109000, - "message": "2 211203495394 eni-0c663685d7a12552e - - - - - - - 1760899109 1760899140 - NODATA", - "ingestionTime": 1760899166694, - "eventId": "39269362350128602401273823666335815046678932194937012224" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899116000, - "message": "2 211203495394 eni-0c663685d7a12552e - - - - - - - 1760899116 1760899147 - NODATA", - "ingestionTime": 1760899170187, - "eventId": "39269362506233818790988185661308757080951528467498336256" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899162000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.157 10.0.4.186 11746 80 6 3 180 1760899162 1760899178 ACCEPT OK", - "ingestionTime": 1760899205483, - "eventId": "39269363532068097923396850214622116377285153352668872704" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899162000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.42.79 10.0.4.186 61890 80 6 3 180 1760899162 1760899178 ACCEPT OK", - "ingestionTime": 1760899205483, - "eventId": "39269363532068097923396850214622116377285153352668872705" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899162000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.18.159 10.0.4.186 30506 80 6 3 180 1760899162 1760899178 ACCEPT OK", - "ingestionTime": 1760899205483, - "eventId": "39269363532068097923396850214622116377285153352668872706" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899162000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.223 10.0.4.186 51838 21 6 4 240 1760899162 1760899178 ACCEPT OK", - "ingestionTime": 1760899205483, - "eventId": "39269363532068097923396850214622116377285153352668872707" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899167000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.53 10.0.4.186 51186 80 6 1 60 1760899167 1760899168 ACCEPT OK", - "ingestionTime": 1760899196244, - "eventId": "39269363643571823916049965911131435251312323702065594368" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899168000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.34.110 10.0.4.186 62602 80 6 3 180 1760899168 1760899168 ACCEPT OK", - "ingestionTime": 1760899186752, - "eventId": "39269363665872569114580589041192263286404541704439988224" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899174000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.42.79 10.0.4.186 58950 80 6 3 180 1760899174 1760899202 ACCEPT OK", - "ingestionTime": 1760899227465, - "eventId": "39269363799677040305764327939625335514440771602895929344" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899174000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.50.103 10.0.4.186 61628 21 6 4 240 1760899174 1760899202 ACCEPT OK", - "ingestionTime": 1760899227465, - "eventId": "39269363799677040305764327939625335514440771602895929345" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899174000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.34.110 10.0.4.186 28840 80 6 3 180 1760899174 1760899202 ACCEPT OK", - "ingestionTime": 1760899227465, - "eventId": "39269363799677040305764327939625335514440771602895929346" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899174000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.236 10.0.4.186 31192 80 6 3 180 1760899174 1760899202 ACCEPT OK", - "ingestionTime": 1760899227465, - "eventId": "39269363799677040305764327939625335514440771602895929347" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899174000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.53 10.0.4.186 18756 80 6 3 180 1760899174 1760899202 ACCEPT OK", - "ingestionTime": 1760899227465, - "eventId": "39269363799677040305764327939625335514440771602895929348" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899174000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.18.159 10.0.4.186 21192 80 6 3 180 1760899174 1760899202 ACCEPT OK", - "ingestionTime": 1760899227465, - "eventId": "39269363799677040305764327939625335514440771602895929349" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899174000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.10.34 10.0.4.186 27324 80 6 3 180 1760899174 1760899202 ACCEPT OK", - "ingestionTime": 1760899227465, - "eventId": "39269363799677040305764327939625335514440771602895929350" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899174000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 60254 80 6 3 180 1760899174 1760899202 ACCEPT OK", - "ingestionTime": 1760899227465, - "eventId": "39269363799677040305764327939625335514440771602895929351" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899174000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 64846 21 6 4 240 1760899174 1760899202 ACCEPT OK", - "ingestionTime": 1760899227465, - "eventId": "39269363799677040305764327939625335514440771602895929352" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899178000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.126 10.0.4.186 58248 21 6 2 120 1760899178 1760899198 ACCEPT OK", - "ingestionTime": 1760899219438, - "eventId": "39269363888880021099886820496064163309696336621526056960" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899178000, - "message": "2 211203495394 eni-0c663685d7a12552e - - - - - - - 1760899178 1760899198 - SKIPDATA", - "ingestionTime": 1760899219438, - "eventId": "39269363888880021099886820496064163309696336621526056961" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899179000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.53 10.0.4.186 12938 80 6 3 180 1760899179 1760899198 ACCEPT OK", - "ingestionTime": 1760899224181, - "eventId": "39269363911180766298417443643333850736109110331867136000" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899179000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.121 10.0.4.186 35548 80 6 2 120 1760899179 1760899198 ACCEPT OK", - "ingestionTime": 1760899224181, - "eventId": "39269363911180766298417443643333850736109110331867136001" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899179000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.50.153 10.0.4.186 63002 80 6 3 180 1760899179 1760899198 ACCEPT OK", - "ingestionTime": 1760899224181, - "eventId": "39269363911180766298417443643333850736109110331867136002" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899179000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.236 10.0.4.186 25612 80 6 3 180 1760899179 1760899198 ACCEPT OK", - "ingestionTime": 1760899224181, - "eventId": "39269363911180766298417443643333850736109110331867136003" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899179000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.46.102 10.0.4.186 64300 80 6 3 180 1760899179 1760899198 ACCEPT OK", - "ingestionTime": 1760899224181, - "eventId": "39269363911180766298417443643333850736109110331867136004" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899179000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.65 10.0.4.186 59962 21 6 4 240 1760899179 1760899198 ACCEPT OK", - "ingestionTime": 1760899224181, - "eventId": "39269363911180766298417443643333850736109110331867136005" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899179000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.236 10.0.4.186 23106 80 6 3 180 1760899179 1760899198 ACCEPT OK", - "ingestionTime": 1760899224181, - "eventId": "39269363911180766298417443643333850736109110331867136006" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899180000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.46.102 10.0.4.186 48432 80 6 3 180 1760899180 1760899203 ACCEPT OK", - "ingestionTime": 1760899228401, - "eventId": "39269363933481511496948066789971124609989122462542594048" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899180000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.6.212 10.0.4.186 58270 80 6 3 180 1760899180 1760899203 ACCEPT OK", - "ingestionTime": 1760899228401, - "eventId": "39269363933481511496948066789971124609989122462542594049" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899180000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.50.153 10.0.4.186 49854 80 6 3 180 1760899180 1760899203 ACCEPT OK", - "ingestionTime": 1760899228401, - "eventId": "39269363933481511496948066789971124609989122462542594050" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899180000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.157 10.0.4.186 23738 80 6 2 120 1760899180 1760899203 ACCEPT OK", - "ingestionTime": 1760899228401, - "eventId": "39269363933481511496948066789971124609989122462542594051" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899180000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.42.79 10.0.4.186 32716 80 6 3 180 1760899180 1760899203 ACCEPT OK", - "ingestionTime": 1760899228401, - "eventId": "39269363933481511496948066789971124609989122462542594052" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899180000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.22.186 10.0.4.186 13690 80 6 3 180 1760899180 1760899203 ACCEPT OK", - "ingestionTime": 1760899228401, - "eventId": "39269363933481511496948066789971124609989122462542594053" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899180000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.6.212 10.0.4.186 25162 80 6 3 180 1760899180 1760899203 ACCEPT OK", - "ingestionTime": 1760899228401, - "eventId": "39269363933481511496948066789971124609989122462542594054" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899180000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.2.130 10.0.4.186 23936 80 6 3 180 1760899180 1760899203 ACCEPT OK", - "ingestionTime": 1760899228401, - "eventId": "39269363933481511496948066789971124609989122462542594055" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899180000, - "message": "2 211203495394 eni-0c663685d7a12552e 147.185.133.187 10.0.4.186 51796 22127 6 1 44 1760899180 1760899203 ACCEPT OK", - "ingestionTime": 1760899228401, - "eventId": "39269363933481511496948066789971124609989122462542594056" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899185000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.46.163 10.0.4.186 63332 21 6 4 240 1760899185 1760899211 ACCEPT OK", - "ingestionTime": 1760899234349, - "eventId": "39269364044985237489601182504840751540501141175370186752" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899185000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 44282 80 6 3 180 1760899185 1760899211 ACCEPT OK", - "ingestionTime": 1760899234349, - "eventId": "39269364044985237489601182504840751540501141175370186753" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899185000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.10.34 10.0.4.186 23342 80 6 3 180 1760899185 1760899211 ACCEPT OK", - "ingestionTime": 1760899234349, - "eventId": "39269364044985237489601182504840751540501141175370186754" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899185000, - "message": "2 211203495394 eni-0c663685d7a12552e 106.75.132.124 10.0.4.186 58914 16030 6 1 44 1760899185 1760899211 ACCEPT OK", - "ingestionTime": 1760899234349, - "eventId": "39269364044985237489601182504840751540501141175370186755" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899185000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.157 10.0.4.186 19302 80 6 3 180 1760899185 1760899211 ACCEPT OK", - "ingestionTime": 1760899234349, - "eventId": "39269364044985237489601182504840751540501141175370186756" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899185000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.126 10.0.4.186 21326 21 6 4 240 1760899185 1760899211 ACCEPT OK", - "ingestionTime": 1760899234349, - "eventId": "39269364044985237489601182504840751540501141175370186757" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899185000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.2.31 10.0.4.186 50342 21 6 4 240 1760899185 1760899211 ACCEPT OK", - "ingestionTime": 1760899234349, - "eventId": "39269364044985237489601182504840751540501141175370186758" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899185000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.34.110 10.0.4.186 23068 80 6 3 180 1760899185 1760899211 ACCEPT OK", - "ingestionTime": 1760899234349, - "eventId": "39269364044985237489601182504840751540501141175370186759" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899202000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.22.186 10.0.4.186 17032 80 6 3 180 1760899202 1760899227 ACCEPT OK", - "ingestionTime": 1760899250498, - "eventId": "39269364424097905864621775930470839600126213347255517184" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899202000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.38.30 10.0.4.186 62372 21 6 4 240 1760899202 1760899227 ACCEPT OK", - "ingestionTime": 1760899250498, - "eventId": "39269364424097905864621775930470839600126213347255517185" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899202000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.10.34 10.0.4.186 41180 80 6 3 180 1760899202 1760899227 ACCEPT OK", - "ingestionTime": 1760899250498, - "eventId": "39269364424097905864621775930470839600126213347255517186" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899202000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.223 10.0.4.186 31518 21 6 1 60 1760899202 1760899227 ACCEPT OK", - "ingestionTime": 1760899250498, - "eventId": "39269364424097905864621775930470839600126213347255517187" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899202000, - "message": "2 211203495394 eni-0c663685d7a12552e - - - - - - - 1760899202 1760899227 - SKIPDATA", - "ingestionTime": 1760899250498, - "eventId": "39269364424097905864621775930470839600126213347255517188" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899203000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.18.2 10.0.4.186 15264 21 6 4 240 1760899203 1760899231 ACCEPT OK", - "ingestionTime": 1760899256537, - "eventId": "39269364446398651063152399079306998401830121570508734464" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899203000, - "message": "2 211203495394 eni-0c663685d7a12552e 147.185.132.112 10.0.4.186 55662 1000 6 1 44 1760899203 1760899231 ACCEPT OK", - "ingestionTime": 1760899256537, - "eventId": "39269364446398651063152399079306998401830121570508734465" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899203000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.53 10.0.4.186 51810 80 6 3 180 1760899203 1760899231 ACCEPT OK", - "ingestionTime": 1760899256537, - "eventId": "39269364446398651063152399079306998401830121570508734466" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899203000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.42.79 10.0.4.186 52632 80 6 3 180 1760899203 1760899231 ACCEPT OK", - "ingestionTime": 1760899256537, - "eventId": "39269364446398651063152399079306998401830121570508734467" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899203000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.6.212 10.0.4.186 20720 80 6 3 180 1760899203 1760899231 ACCEPT OK", - "ingestionTime": 1760899256537, - "eventId": "39269364446398651063152399079306998401830121570508734468" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899203000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.53 10.0.4.186 14584 80 6 3 180 1760899203 1760899231 ACCEPT OK", - "ingestionTime": 1760899256537, - "eventId": "39269364446398651063152399079306998401830121570508734469" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899204000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.121 10.0.4.186 56998 80 6 3 180 1760899204 1760899229 ACCEPT OK", - "ingestionTime": 1760899254653, - "eventId": "39269364468699396261683022218565255383966816229444222976" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899204000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.38.30 10.0.4.186 47540 21 6 4 240 1760899204 1760899229 ACCEPT OK", - "ingestionTime": 1760899254653, - "eventId": "39269364468699396261683022218565255383966816229444222977" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899204000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.174 10.0.4.186 49866 80 6 3 180 1760899204 1760899229 ACCEPT OK", - "ingestionTime": 1760899254653, - "eventId": "39269364468699396261683022218565255383966816229444222978" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899204000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.22.186 10.0.4.186 43784 80 6 3 180 1760899204 1760899229 ACCEPT OK", - "ingestionTime": 1760899254653, - "eventId": "39269364468699396261683022218565255383966816229444222979" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899204000, - "message": "2 211203495394 eni-0c663685d7a12552e 20.55.98.221 10.0.4.186 34398 9043 6 1 40 1760899204 1760899229 ACCEPT OK", - "ingestionTime": 1760899254653, - "eventId": "39269364468699396261683022218565255383966816229444222980" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899204000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.38.48 10.0.4.186 57822 80 6 3 180 1760899204 1760899229 ACCEPT OK", - "ingestionTime": 1760899254653, - "eventId": "39269364468699396261683022218565255383966816229444222981" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899204000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.174 10.0.4.186 39476 80 6 2 120 1760899204 1760899229 ACCEPT OK", - "ingestionTime": 1760899254653, - "eventId": "39269364468699396261683022218565255383966816229444222982" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899204000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.236 10.0.4.186 38986 80 6 3 180 1760899204 1760899229 ACCEPT OK", - "ingestionTime": 1760899254653, - "eventId": "39269364468699396261683022218565255383966816229444222983" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899204000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.174 10.0.4.186 65242 80 6 2 120 1760899204 1760899229 ACCEPT OK", - "ingestionTime": 1760899254653, - "eventId": "39269364468699396261683022218565255383966816229444222984" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899206000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.34.56 10.0.4.186 33810 21 6 4 240 1760899206 1760899233 ACCEPT OK", - "ingestionTime": 1760899270180, - "eventId": "39269364513300886658744268520407384442036666873718505472" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899206000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.236 10.0.4.186 48444 80 6 3 180 1760899206 1760899233 ACCEPT OK", - "ingestionTime": 1760899270180, - "eventId": "39269364513300886658744268520407384442036666873718505473" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899206000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.46.102 10.0.4.186 45660 80 6 3 180 1760899206 1760899233 ACCEPT OK", - "ingestionTime": 1760899270180, - "eventId": "39269364513300886658744268520407384442036666873718505474" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899206000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 31386 80 6 2 120 1760899206 1760899233 ACCEPT OK", - "ingestionTime": 1760899270180, - "eventId": "39269364513300886658744268520407384442036666873718505475" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899206000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.65 10.0.4.186 26686 21 6 4 240 1760899206 1760899233 ACCEPT OK", - "ingestionTime": 1760899270180, - "eventId": "39269364513300886658744268520407384442036666873718505476" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899206000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.236 10.0.4.186 46464 80 6 3 180 1760899206 1760899233 ACCEPT OK", - "ingestionTime": 1760899270180, - "eventId": "39269364513300886658744268520407384442036666873718505477" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899206000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 22492 21 6 4 240 1760899206 1760899233 ACCEPT OK", - "ingestionTime": 1760899270180, - "eventId": "39269364513300886658744268520407384442036666873718505478" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899206000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.10.12 10.0.4.186 37402 21 6 4 240 1760899206 1760899233 ACCEPT OK", - "ingestionTime": 1760899270180, - "eventId": "39269364513300886658744268520407384442036666873718505479" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899206000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.2.130 10.0.4.186 24724 80 6 3 180 1760899206 1760899233 ACCEPT OK", - "ingestionTime": 1760899270180, - "eventId": "39269364513300886658744268520407384442036666873718505480" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899206000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.18.159 10.0.4.186 26010 80 6 1 60 1760899206 1760899233 ACCEPT OK", - "ingestionTime": 1760899270180, - "eventId": "39269364513300886658744268520407384442036666873718505481" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899213000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.2.130 10.0.4.186 20214 80 6 3 180 1760899213 1760899230 ACCEPT OK", - "ingestionTime": 1760899264747, - "eventId": "39269364669406103048458630504589803011738388876469927936" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899213000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.174 10.0.4.186 58154 80 6 3 180 1760899213 1760899230 ACCEPT OK", - "ingestionTime": 1760899264747, - "eventId": "39269364669406103048458630504589803011738388876469927937" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899213000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.53 10.0.4.186 28818 80 6 3 180 1760899213 1760899230 ACCEPT OK", - "ingestionTime": 1760899264747, - "eventId": "39269364669406103048458630504589803011738388876469927938" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899213000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.18.159 10.0.4.186 9466 80 6 3 180 1760899213 1760899230 ACCEPT OK", - "ingestionTime": 1760899264747, - "eventId": "39269364669406103048458630504589803011738388876469927939" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899213000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.121 10.0.4.186 46052 80 6 3 180 1760899213 1760899230 ACCEPT OK", - "ingestionTime": 1760899264747, - "eventId": "39269364669406103048458630504589803011738388876469927940" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899213000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.174 10.0.4.186 37932 80 6 3 180 1760899213 1760899230 ACCEPT OK", - "ingestionTime": 1760899264747, - "eventId": "39269364669406103048458630504589803011738388876469927941" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899213000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.6.1 10.0.4.186 19968 21 6 4 240 1760899213 1760899230 ACCEPT OK", - "ingestionTime": 1760899264747, - "eventId": "39269364669406103048458630504589803011738388876469927942" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.34.110 10.0.4.186 11524 80 6 3 180 1760899232 1760899257 ACCEPT OK", - "ingestionTime": 1760899285448, - "eventId": "39269365093120261820540470218794089633773079118103052288" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.157 10.0.4.186 18592 80 6 3 180 1760899232 1760899257 ACCEPT OK", - "ingestionTime": 1760899285448, - "eventId": "39269365093120261820540470218794089633773079118103052289" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.6.212 10.0.4.186 14624 80 6 3 180 1760899232 1760899257 ACCEPT OK", - "ingestionTime": 1760899285448, - "eventId": "39269365093120261820540470218794089633773079118103052290" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.2.130 10.0.4.186 33664 80 6 3 180 1760899232 1760899257 ACCEPT OK", - "ingestionTime": 1760899285448, - "eventId": "39269365093120261820540470218794089633773079118103052291" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.121 10.0.4.186 45696 80 6 1 60 1760899232 1760899257 ACCEPT OK", - "ingestionTime": 1760899285448, - "eventId": "39269365093120261820540470218794089633773079118103052292" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.18.159 10.0.4.186 40504 80 6 3 180 1760899232 1760899257 ACCEPT OK", - "ingestionTime": 1760899285448, - "eventId": "39269365093120261820540470218794089633773079118103052293" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.38.48 10.0.4.186 57692 80 6 3 180 1760899232 1760899257 ACCEPT OK", - "ingestionTime": 1760899285448, - "eventId": "39269365093120261820540470218794089633773079118103052294" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0c663685d7a12552e - - - - - - - 1760899232 1760899257 - SKIPDATA", - "ingestionTime": 1760899285448, - "eventId": "39269365093120261820540470218794089633773079118103052295" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.22.186 10.0.4.186 25492 80 6 3 180 1760899232 1760899258 ACCEPT OK", - "ingestionTime": 1760899289700, - "eventId": "39269365093120261820540470223934830587421978269470359552" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.2.130 10.0.4.186 43258 80 6 3 180 1760899232 1760899258 ACCEPT OK", - "ingestionTime": 1760899289700, - "eventId": "39269365093120261820540470223934830587421978269470359553" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.9 10.0.4.186 61000 21 6 4 240 1760899232 1760899258 ACCEPT OK", - "ingestionTime": 1760899289700, - "eventId": "39269365093120261820540470223934830587421978269470359554" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0c663685d7a12552e 205.210.31.152 10.0.4.186 54664 990 6 1 44 1760899232 1760899258 ACCEPT OK", - "ingestionTime": 1760899289700, - "eventId": "39269365093120261820540470223934830587421978269470359555" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.121 10.0.4.186 35548 80 6 1 60 1760899232 1760899258 ACCEPT OK", - "ingestionTime": 1760899289700, - "eventId": "39269365093120261820540470223934830587421978269470359556" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.10.34 10.0.4.186 59684 80 6 3 180 1760899232 1760899258 ACCEPT OK", - "ingestionTime": 1760899289700, - "eventId": "39269365093120261820540470223934830587421978269470359557" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 36584 80 6 3 180 1760899232 1760899258 ACCEPT OK", - "ingestionTime": 1760899289700, - "eventId": "39269365093120261820540470223934830587421978269470359558" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.34.110 10.0.4.186 58110 80 6 3 180 1760899232 1760899258 ACCEPT OK", - "ingestionTime": 1760899289700, - "eventId": "39269365093120261820540470223934830587421978269470359559" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.50.103 10.0.4.186 44360 21 6 4 240 1760899232 1760899258 ACCEPT OK", - "ingestionTime": 1760899289700, - "eventId": "39269365093120261820540470223934830587421978269470359560" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.18.159 10.0.4.186 20358 80 6 3 180 1760899232 1760899258 ACCEPT OK", - "ingestionTime": 1760899289700, - "eventId": "39269365093120261820540470223934830587421978269470359561" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.10.12 10.0.4.186 30734 21 6 4 240 1760899232 1760899258 ACCEPT OK", - "ingestionTime": 1760899289700, - "eventId": "39269365093120261820540470223934830587421978269470359562" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.6.212 10.0.4.186 56320 80 6 3 180 1760899232 1760899258 ACCEPT OK", - "ingestionTime": 1760899289700, - "eventId": "39269365093120261820540470223934830587421978269470359563" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.9 10.0.4.186 60778 21 6 4 240 1760899232 1760899258 ACCEPT OK", - "ingestionTime": 1760899289700, - "eventId": "39269365093120261820540470223934830587421978269470359564" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899234000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.174 10.0.4.186 61920 80 6 3 180 1760899234 1760899259 ACCEPT OK", - "ingestionTime": 1760899285660, - "eventId": "39269365137721752217601716502122007999983747994912948224" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899234000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.46.102 10.0.4.186 9896 80 6 3 180 1760899234 1760899259 ACCEPT OK", - "ingestionTime": 1760899285660, - "eventId": "39269365137721752217601716502122007999983747994912948225" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899234000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.42.79 10.0.4.186 29784 21 6 4 240 1760899234 1760899259 ACCEPT OK", - "ingestionTime": 1760899285660, - "eventId": "39269365137721752217601716502122007999983747994912948226" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899234000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.223 10.0.4.186 39582 21 6 4 240 1760899234 1760899259 ACCEPT OK", - "ingestionTime": 1760899285660, - "eventId": "39269365137721752217601716502122007999983747994912948227" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899234000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.121 10.0.4.186 26504 80 6 3 180 1760899234 1760899259 ACCEPT OK", - "ingestionTime": 1760899285660, - "eventId": "39269365137721752217601716502122007999983747994912948228" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899234000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.53 10.0.4.186 63958 80 6 3 180 1760899234 1760899259 ACCEPT OK", - "ingestionTime": 1760899285660, - "eventId": "39269365137721752217601716502122007999983747994912948229" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899234000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.157 10.0.4.186 15152 80 6 3 180 1760899234 1760899259 ACCEPT OK", - "ingestionTime": 1760899285660, - "eventId": "39269365137721752217601716502122007999983747994912948230" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899234000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.157 10.0.4.186 32292 80 6 3 180 1760899234 1760899259 ACCEPT OK", - "ingestionTime": 1760899285660, - "eventId": "39269365137721752217601716502122007999983747994912948231" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899234000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.65 10.0.4.186 64704 21 6 4 240 1760899234 1760899259 ACCEPT OK", - "ingestionTime": 1760899285660, - "eventId": "39269365137721752217601716502122007999983747994912948232" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899234000, - "message": "2 211203495394 eni-0c663685d7a12552e 92.63.197.66 10.0.4.186 8080 6529 6 1 40 1760899234 1760899259 ACCEPT OK", - "ingestionTime": 1760899285660, - "eventId": "39269365137721752217601716502122007999983747994912948233" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899234000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.50.103 10.0.4.186 26690 21 6 4 240 1760899234 1760899259 ACCEPT OK", - "ingestionTime": 1760899285660, - "eventId": "39269365137721752217601716502122007999983747994912948234" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899234000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.22.186 10.0.4.186 47724 80 6 2 120 1760899234 1760899259 ACCEPT OK", - "ingestionTime": 1760899285660, - "eventId": "39269365137721752217601716502122007999983747994912948235" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899234000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.50.153 10.0.4.186 37506 80 6 3 180 1760899234 1760899259 ACCEPT OK", - "ingestionTime": 1760899285660, - "eventId": "39269365137721752217601716502122007999983747994912948236" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899234000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.34.56 10.0.4.186 40154 21 6 3 180 1760899234 1760899259 ACCEPT OK", - "ingestionTime": 1760899285660, - "eventId": "39269365137721752217601716502122007999983747994912948237" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899241000, - "message": "2 211203495394 eni-0c663685d7a12552e 35.203.211.22 10.0.4.186 57261 28009 6 1 44 1760899241 1760899271 ACCEPT OK", - "ingestionTime": 1760899292689, - "eventId": "39269365293826968607316078501369387829456268394566909952" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899241000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.38.48 10.0.4.186 45308 80 6 3 180 1760899241 1760899271 ACCEPT OK", - "ingestionTime": 1760899292689, - "eventId": "39269365293826968607316078501369387829456268394566909953" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899241000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.50.153 10.0.4.186 45524 80 6 3 180 1760899241 1760899271 ACCEPT OK", - "ingestionTime": 1760899292689, - "eventId": "39269365293826968607316078501369387829456268394566909954" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899241000, - "message": "2 211203495394 eni-0c663685d7a12552e 104.237.144.186 10.0.4.186 61000 443 6 1 40 1760899241 1760899271 ACCEPT OK", - "ingestionTime": 1760899292689, - "eventId": "39269365293826968607316078501369387829456268394566909955" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899241000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.236 10.0.4.186 16088 80 6 3 180 1760899241 1760899271 ACCEPT OK", - "ingestionTime": 1760899292689, - "eventId": "39269365293826968607316078501369387829456268394566909956" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899241000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 50098 80 6 3 180 1760899241 1760899271 ACCEPT OK", - "ingestionTime": 1760899292689, - "eventId": "39269365293826968607316078501369387829456268394566909957" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899241000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.174 10.0.4.186 13406 80 6 3 180 1760899241 1760899271 ACCEPT OK", - "ingestionTime": 1760899292689, - "eventId": "39269365293826968607316078501369387829456268394566909958" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899241000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.6.1 10.0.4.186 38794 21 6 4 240 1760899241 1760899271 ACCEPT OK", - "ingestionTime": 1760899292689, - "eventId": "39269365293826968607316078501369387829456268394566909959" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899241000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.2.130 10.0.4.186 64922 80 6 3 180 1760899241 1760899271 ACCEPT OK", - "ingestionTime": 1760899292689, - "eventId": "39269365293826968607316078501369387829456268394566909960" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899241000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.2.31 10.0.4.186 10732 21 6 4 240 1760899241 1760899271 ACCEPT OK", - "ingestionTime": 1760899292689, - "eventId": "39269365293826968607316078501369387829456268394566909961" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899241000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.174 10.0.4.186 28496 80 6 2 120 1760899241 1760899271 ACCEPT OK", - "ingestionTime": 1760899292689, - "eventId": "39269365293826968607316078501369387829456268394566909962" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899266000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.46.163 10.0.4.186 14348 21 6 4 240 1760899266 1760899289 ACCEPT OK", - "ingestionTime": 1760899317595, - "eventId": "39269365851345598570581657069872125075764465110652747776" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899266000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.42.79 10.0.4.186 52754 80 6 3 180 1760899266 1760899289 ACCEPT OK", - "ingestionTime": 1760899317595, - "eventId": "39269365851345598570581657069872125075764465110652747777" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899266000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.10.34 10.0.4.186 39232 80 6 1 60 1760899266 1760899289 ACCEPT OK", - "ingestionTime": 1760899317595, - "eventId": "39269365851345598570581657069872125075764465110652747778" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899266000, - "message": "2 211203495394 eni-0c663685d7a12552e 147.185.133.252 10.0.4.186 56557 9202 6 1 44 1760899266 1760899289 ACCEPT OK", - "ingestionTime": 1760899317595, - "eventId": "39269365851345598570581657069872125075764465110652747779" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899266000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.126 10.0.4.186 42982 21 6 4 240 1760899266 1760899289 ACCEPT OK", - "ingestionTime": 1760899317595, - "eventId": "39269365851345598570581657069872125075764465110652747780" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899266000, - "message": "2 211203495394 eni-0c663685d7a12552e - - - - - - - 1760899266 1760899289 - SKIPDATA", - "ingestionTime": 1760899317595, - "eventId": "39269365851345598570581657069872125075764465110652747781" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899266000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.2.31 10.0.4.186 39548 21 6 4 240 1760899266 1760899292 ACCEPT OK", - "ingestionTime": 1760899318688, - "eventId": "39269365851345598570581657071193168064314455622888390656" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899266000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.18.159 10.0.4.186 60954 80 6 3 180 1760899266 1760899292 ACCEPT OK", - "ingestionTime": 1760899318688, - "eventId": "39269365851345598570581657071193168064314455622888390657" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899266000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.121 10.0.4.186 42456 80 6 3 180 1760899266 1760899292 ACCEPT OK", - "ingestionTime": 1760899318688, - "eventId": "39269365851345598570581657071193168064314455622888390658" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899266000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.34.56 10.0.4.186 59042 21 6 4 240 1760899266 1760899292 ACCEPT OK", - "ingestionTime": 1760899318688, - "eventId": "39269365851345598570581657071193168064314455622888390659" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899266000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.157 10.0.4.186 14264 80 6 3 180 1760899266 1760899292 ACCEPT OK", - "ingestionTime": 1760899318688, - "eventId": "39269365851345598570581657071193168064314455622888390660" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899266000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.6.212 10.0.4.186 54860 80 6 3 180 1760899266 1760899292 ACCEPT OK", - "ingestionTime": 1760899318688, - "eventId": "39269365851345598570581657071193168064314455622888390661" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899266000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.22.186 10.0.4.186 57124 80 6 3 180 1760899266 1760899292 ACCEPT OK", - "ingestionTime": 1760899318688, - "eventId": "39269365851345598570581657071193168064314455622888390662" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899266000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.38.30 10.0.4.186 13064 21 6 4 240 1760899266 1760899292 ACCEPT OK", - "ingestionTime": 1760899318688, - "eventId": "39269365851345598570581657071193168064314455622888390663" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899266000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.10.34 10.0.4.186 64866 80 6 3 180 1760899266 1760899292 ACCEPT OK", - "ingestionTime": 1760899318688, - "eventId": "39269365851345598570581657071193168064314455622888390664" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899266000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.174 10.0.4.186 65242 80 6 1 60 1760899266 1760899292 ACCEPT OK", - "ingestionTime": 1760899318688, - "eventId": "39269365851345598570581657071193168064314455622888390665" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899266000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.174 10.0.4.186 35662 80 6 3 180 1760899266 1760899292 ACCEPT OK", - "ingestionTime": 1760899318688, - "eventId": "39269365851345598570581657071193168064314455622888390666" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899267000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.10.34 10.0.4.186 11826 80 6 3 180 1760899267 1760899292 ACCEPT OK", - "ingestionTime": 1760899315018, - "eventId": "39269365873646343769112280208292498433226453413528928256" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899267000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 34372 80 6 2 120 1760899267 1760899292 ACCEPT OK", - "ingestionTime": 1760899315018, - "eventId": "39269365873646343769112280208292498433226453413528928257" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899267000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.42.79 10.0.4.186 23486 80 6 3 180 1760899267 1760899292 ACCEPT OK", - "ingestionTime": 1760899315018, - "eventId": "39269365873646343769112280208292498433226453413528928258" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899267000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.10.34 10.0.4.186 45170 80 6 3 180 1760899267 1760899292 ACCEPT OK", - "ingestionTime": 1760899315018, - "eventId": "39269365873646343769112280208292498433226453413528928259" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899267000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.50.153 10.0.4.186 59316 80 6 3 180 1760899267 1760899292 ACCEPT OK", - "ingestionTime": 1760899315018, - "eventId": "39269365873646343769112280208292498433226453413528928260" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899267000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.34.110 10.0.4.186 41556 80 6 3 180 1760899267 1760899292 ACCEPT OK", - "ingestionTime": 1760899315018, - "eventId": "39269365873646343769112280208292498433226453413528928261" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899267000, - "message": "2 211203495394 eni-0c663685d7a12552e 165.154.173.104 10.0.4.186 45123 15200 6 1 40 1760899267 1760899292 ACCEPT OK", - "ingestionTime": 1760899315018, - "eventId": "39269365873646343769112280208292498433226453413528928262" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899267000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.42.79 10.0.4.186 57032 80 6 3 180 1760899267 1760899292 ACCEPT OK", - "ingestionTime": 1760899315018, - "eventId": "39269365873646343769112280208292498433226453413528928263" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899267000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.9 10.0.4.186 63148 21 6 4 240 1760899267 1760899292 ACCEPT OK", - "ingestionTime": 1760899315018, - "eventId": "39269365873646343769112280208292498433226453413528928264" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899267000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.121 10.0.4.186 27420 80 6 3 180 1760899267 1760899292 ACCEPT OK", - "ingestionTime": 1760899315018, - "eventId": "39269365873646343769112280208292498433226453413528928265" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899267000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.6.212 10.0.4.186 52372 80 6 3 180 1760899267 1760899292 ACCEPT OK", - "ingestionTime": 1760899315018, - "eventId": "39269365873646343769112280208292498433226453413528928266" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899268000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.2.130 10.0.4.186 50536 80 6 2 120 1760899268 1760899295 ACCEPT OK", - "ingestionTime": 1760899314622, - "eventId": "39269365895947088967642903349349050755686339000491442176" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899268000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 35356 21 6 4 240 1760899268 1760899295 ACCEPT OK", - "ingestionTime": 1760899314622, - "eventId": "39269365895947088967642903349349050755686339000491442177" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899268000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 31386 80 6 1 60 1760899268 1760899295 ACCEPT OK", - "ingestionTime": 1760899314622, - "eventId": "39269365895947088967642903349349050755686339000491442178" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899268000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.2.130 10.0.4.186 60380 80 6 3 180 1760899268 1760899295 ACCEPT OK", - "ingestionTime": 1760899314622, - "eventId": "39269365895947088967642903349349050755686339000491442179" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899268000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.38.48 10.0.4.186 34026 80 6 3 180 1760899268 1760899295 ACCEPT OK", - "ingestionTime": 1760899314622, - "eventId": "39269365895947088967642903349349050755686339000491442180" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899268000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.6.1 10.0.4.186 38404 21 6 4 240 1760899268 1760899295 ACCEPT OK", - "ingestionTime": 1760899314622, - "eventId": "39269365895947088967642903349349050755686339000491442181" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899268000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.42.79 10.0.4.186 16084 80 6 3 180 1760899268 1760899295 ACCEPT OK", - "ingestionTime": 1760899314622, - "eventId": "39269365895947088967642903349349050755686339000491442182" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899268000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.34.110 10.0.4.186 26236 80 6 3 180 1760899268 1760899295 ACCEPT OK", - "ingestionTime": 1760899314622, - "eventId": "39269365895947088967642903349349050755686339000491442183" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899268000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.46.102 10.0.4.186 11320 80 6 3 180 1760899268 1760899295 ACCEPT OK", - "ingestionTime": 1760899314622, - "eventId": "39269365895947088967642903349349050755686339000491442184" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899268000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.22.145 10.0.4.186 64576 21 6 3 180 1760899268 1760899295 ACCEPT OK", - "ingestionTime": 1760899314622, - "eventId": "39269365895947088967642903349349050755686339000491442185" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899268000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.174 10.0.4.186 13916 80 6 3 180 1760899268 1760899295 ACCEPT OK", - "ingestionTime": 1760899314622, - "eventId": "39269365895947088967642903349349050755686339000491442186" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899268000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.42.79 10.0.4.186 30326 21 6 4 240 1760899268 1760899295 ACCEPT OK", - "ingestionTime": 1760899314622, - "eventId": "39269365895947088967642903349349050755686339000491442187" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899268000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.38.48 10.0.4.186 41588 80 6 3 180 1760899268 1760899295 ACCEPT OK", - "ingestionTime": 1760899314622, - "eventId": "39269365895947088967642903349349050755686339000491442188" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899268000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.18.159 10.0.4.186 26010 80 6 2 120 1760899268 1760899295 ACCEPT OK", - "ingestionTime": 1760899314622, - "eventId": "39269365895947088967642903349349050755686339000491442189" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899275000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.50.153 10.0.4.186 37620 80 6 3 180 1760899275 1760899291 ACCEPT OK", - "ingestionTime": 1760899337373, - "eventId": "39269366052052305357357265367603453834478211298574204928" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899275000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.50.153 10.0.4.186 60708 80 6 3 180 1760899275 1760899291 ACCEPT OK", - "ingestionTime": 1760899337373, - "eventId": "39269366052052305357357265367603453834478211298574204929" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899275000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.46.163 10.0.4.186 11788 21 6 4 240 1760899275 1760899291 ACCEPT OK", - "ingestionTime": 1760899337373, - "eventId": "39269366052052305357357265367603453834478211298574204930" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899275000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.53 10.0.4.186 28350 80 6 3 180 1760899275 1760899291 ACCEPT OK", - "ingestionTime": 1760899337373, - "eventId": "39269366052052305357357265367603453834478211298574204931" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899275000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.121 10.0.4.186 60280 80 6 3 180 1760899275 1760899291 ACCEPT OK", - "ingestionTime": 1760899337373, - "eventId": "39269366052052305357357265367603453834478211298574204932" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899275000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 61052 80 6 3 180 1760899275 1760899291 ACCEPT OK", - "ingestionTime": 1760899337373, - "eventId": "39269366052052305357357265367603453834478211298574204933" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899275000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.38.30 10.0.4.186 35410 21 6 4 240 1760899275 1760899291 ACCEPT OK", - "ingestionTime": 1760899337373, - "eventId": "39269366052052305357357265367603453834478211298574204934" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899291000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.53 10.0.4.186 52400 80 6 3 180 1760899291 1760899311 ACCEPT OK", - "ingestionTime": 1760899356139, - "eventId": "39269366408864228533847235654861795305509758642954043392" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899291000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.6.212 10.0.4.186 39206 80 6 3 180 1760899291 1760899311 ACCEPT OK", - "ingestionTime": 1760899356139, - "eventId": "39269366408864228533847235654861795305509758642954043393" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899291000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.157 10.0.4.186 51290 80 6 3 180 1760899291 1760899311 ACCEPT OK", - "ingestionTime": 1760899356139, - "eventId": "39269366408864228533847235654861795305509758642954043394" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899291000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.53 10.0.4.186 33590 80 6 3 180 1760899291 1760899311 ACCEPT OK", - "ingestionTime": 1760899356139, - "eventId": "39269366408864228533847235654861795305509758642954043395" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899291000, - "message": "2 211203495394 eni-0c663685d7a12552e - - - - - - - 1760899291 1760899311 - SKIPDATA", - "ingestionTime": 1760899356139, - "eventId": "39269366408864228533847235654861795305509758642954043396" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899294000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.121 10.0.4.186 18552 80 6 2 120 1760899294 1760899320 ACCEPT OK", - "ingestionTime": 1760899346084, - "eventId": "39269366475766464129439105067313058939020123168656850944" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899294000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.46.102 10.0.4.186 14244 80 6 3 180 1760899294 1760899320 ACCEPT OK", - "ingestionTime": 1760899346084, - "eventId": "39269366475766464129439105067313058939020123168656850945" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899294000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.65 10.0.4.186 50030 21 6 4 240 1760899294 1760899320 ACCEPT OK", - "ingestionTime": 1760899346084, - "eventId": "39269366475766464129439105067313058939020123168656850946" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899294000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.42.79 10.0.4.186 30508 80 6 3 180 1760899294 1760899320 ACCEPT OK", - "ingestionTime": 1760899346084, - "eventId": "39269366475766464129439105067313058939020123168656850947" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899294000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.157 10.0.4.186 23936 80 6 3 180 1760899294 1760899320 ACCEPT OK", - "ingestionTime": 1760899346084, - "eventId": "39269366475766464129439105067313058939020123168656850948" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899294000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.121 10.0.4.186 14100 80 6 3 180 1760899294 1760899320 ACCEPT OK", - "ingestionTime": 1760899346084, - "eventId": "39269366475766464129439105067313058939020123168656850949" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899294000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.38.48 10.0.4.186 22180 80 6 3 180 1760899294 1760899320 ACCEPT OK", - "ingestionTime": 1760899346084, - "eventId": "39269366475766464129439105067313058939020123168656850950" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899294000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.2.130 10.0.4.186 17822 80 6 3 180 1760899294 1760899320 ACCEPT OK", - "ingestionTime": 1760899346084, - "eventId": "39269366475766464129439105067313058939020123168656850951" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899294000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.50.153 10.0.4.186 29332 80 6 3 180 1760899294 1760899320 ACCEPT OK", - "ingestionTime": 1760899346084, - "eventId": "39269366475766464129439105067313058939020123168656850952" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899297000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.22.186 10.0.4.186 46686 80 6 3 180 1760899297 1760899324 ACCEPT OK", - "ingestionTime": 1760899348621, - "eventId": "39269366542668699725030974494987187254788599016975499264" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899297000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.100 10.0.4.186 57958 21 6 4 240 1760899297 1760899324 ACCEPT OK", - "ingestionTime": 1760899348621, - "eventId": "39269366542668699725030974494987187254788599016975499265" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899297000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.10.12 10.0.4.186 41254 21 6 4 240 1760899297 1760899324 ACCEPT OK", - "ingestionTime": 1760899348621, - "eventId": "39269366542668699725030974494987187254788599016975499266" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899297000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.22.186 10.0.4.186 59878 80 6 3 180 1760899297 1760899324 ACCEPT OK", - "ingestionTime": 1760899348621, - "eventId": "39269366542668699725030974494987187254788599016975499267" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899297000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.18.159 10.0.4.186 14756 80 6 3 180 1760899297 1760899324 ACCEPT OK", - "ingestionTime": 1760899348621, - "eventId": "39269366542668699725030974494987187254788599016975499268" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899297000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.53 10.0.4.186 52246 80 6 3 180 1760899297 1760899324 ACCEPT OK", - "ingestionTime": 1760899348621, - "eventId": "39269366542668699725030974494987187254788599016975499269" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899297000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 52902 80 6 3 180 1760899297 1760899324 ACCEPT OK", - "ingestionTime": 1760899348621, - "eventId": "39269366542668699725030974494987187254788599016975499270" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899297000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.236 10.0.4.186 26402 80 6 3 180 1760899297 1760899324 ACCEPT OK", - "ingestionTime": 1760899348621, - "eventId": "39269366542668699725030974494987187254788599016975499271" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899297000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.38.48 10.0.4.186 21660 80 6 3 180 1760899297 1760899324 ACCEPT OK", - "ingestionTime": 1760899348621, - "eventId": "39269366542668699725030974494987187254788599016975499272" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899297000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.9 10.0.4.186 57706 21 6 4 240 1760899297 1760899324 ACCEPT OK", - "ingestionTime": 1760899348621, - "eventId": "39269366542668699725030974494987187254788599016975499273" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899297000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.38.48 10.0.4.186 40040 80 6 3 180 1760899297 1760899324 ACCEPT OK", - "ingestionTime": 1760899348621, - "eventId": "39269366542668699725030974494987187254788599016975499274" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899299000, - "message": "2 211203495394 eni-0c663685d7a12552e 205.210.31.138 10.0.4.186 50578 7547 6 1 44 1760899299 1760899320 ACCEPT OK", - "ingestionTime": 1760899345032, - "eventId": "39269366587270190122092220773720038958585659558241894400" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899299000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.34.110 10.0.4.186 58372 80 6 3 180 1760899299 1760899320 ACCEPT OK", - "ingestionTime": 1760899345032, - "eventId": "39269366587270190122092220773720038958585659558241894401" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899299000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.46.102 10.0.4.186 22358 80 6 3 180 1760899299 1760899320 ACCEPT OK", - "ingestionTime": 1760899345032, - "eventId": "39269366587270190122092220773720038958585659558241894402" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899299000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.46.102 10.0.4.186 16878 80 6 3 180 1760899299 1760899320 ACCEPT OK", - "ingestionTime": 1760899345032, - "eventId": "39269366587270190122092220773720038958585659558241894403" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899299000, - "message": "2 211203495394 eni-0c663685d7a12552e 35.203.210.85 10.0.4.186 55174 1502 6 1 44 1760899299 1760899320 ACCEPT OK", - "ingestionTime": 1760899345032, - "eventId": "39269366587270190122092220773720038958585659558241894404" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899299000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.6.212 10.0.4.186 45734 80 6 3 180 1760899299 1760899320 ACCEPT OK", - "ingestionTime": 1760899345032, - "eventId": "39269366587270190122092220773720038958585659558241894405" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899299000, - "message": "2 211203495394 eni-0c663685d7a12552e 35.203.210.123 10.0.4.186 56280 11084 6 1 44 1760899299 1760899320 ACCEPT OK", - "ingestionTime": 1760899345032, - "eventId": "39269366587270190122092220773720038958585659558241894406" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899299000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.157 10.0.4.186 64764 80 6 3 180 1760899299 1760899320 ACCEPT OK", - "ingestionTime": 1760899345032, - "eventId": "39269366587270190122092220773720038958585659558241894407" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899299000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.236 10.0.4.186 49614 80 6 3 180 1760899299 1760899320 ACCEPT OK", - "ingestionTime": 1760899345032, - "eventId": "39269366587270190122092220773720038958585659558241894408" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899299000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.18.2 10.0.4.186 27514 21 6 4 240 1760899299 1760899320 ACCEPT OK", - "ingestionTime": 1760899345032, - "eventId": "39269366587270190122092220773720038958585659558241894409" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899299000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.10.34 10.0.4.186 44044 80 6 3 180 1760899299 1760899320 ACCEPT OK", - "ingestionTime": 1760899345032, - "eventId": "39269366587270190122092220773720038958585659558241894410" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899299000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.10.34 10.0.4.186 41366 80 6 3 180 1760899299 1760899320 ACCEPT OK", - "ingestionTime": 1760899345032, - "eventId": "39269366587270190122092220773720038958585659558241894411" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899299000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.22.186 10.0.4.186 47724 80 6 1 60 1760899299 1760899320 ACCEPT OK", - "ingestionTime": 1760899345032, - "eventId": "39269366587270190122092220773720038958585659558241894412" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899299000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.236 10.0.4.186 56174 80 6 3 180 1760899299 1760899320 ACCEPT OK", - "ingestionTime": 1760899345032, - "eventId": "39269366587270190122092220773720038958585659558241894413" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899299000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.2.130 10.0.4.186 37518 80 6 3 180 1760899299 1760899320 ACCEPT OK", - "ingestionTime": 1760899345032, - "eventId": "39269366587270190122092220773720038958585659558241894414" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899299000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.34.56 10.0.4.186 40154 21 6 1 60 1760899299 1760899320 ACCEPT OK", - "ingestionTime": 1760899345032, - "eventId": "39269366587270190122092220773720038958585659558241894415" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899312000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.174 10.0.4.186 32546 80 6 3 180 1760899312 1760899328 ACCEPT OK", - "ingestionTime": 1760899367580, - "eventId": "39269366877179877702990321640943465721827609125627559936" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899312000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.6.1 10.0.4.186 45958 21 6 4 240 1760899312 1760899328 ACCEPT OK", - "ingestionTime": 1760899367580, - "eventId": "39269366877179877702990321640943465721827609125627559937" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899312000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.50.153 10.0.4.186 59358 80 6 3 180 1760899312 1760899328 ACCEPT OK", - "ingestionTime": 1760899367580, - "eventId": "39269366877179877702990321640943465721827609125627559938" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899312000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.53 10.0.4.186 48134 80 6 3 180 1760899312 1760899328 ACCEPT OK", - "ingestionTime": 1760899367580, - "eventId": "39269366877179877702990321640943465721827609125627559939" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899312000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.223 10.0.4.186 36966 21 6 4 240 1760899312 1760899328 ACCEPT OK", - "ingestionTime": 1760899367580, - "eventId": "39269366877179877702990321640943465721827609125627559940" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899323000, - "message": "2 211203495394 eni-0c663685d7a12552e 13.214.173.166 10.0.4.186 0 0 1 1 28 1760899323 1760899350 ACCEPT OK", - "ingestionTime": 1760899369733, - "eventId": "39269367122488074886827176200439152160092688428093407232" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899323000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.18.159 10.0.4.186 49060 80 6 3 180 1760899323 1760899350 ACCEPT OK", - "ingestionTime": 1760899369733, - "eventId": "39269367122488074886827176200439152160092688428093407233" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899323000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.34.110 10.0.4.186 21004 80 6 3 180 1760899323 1760899350 ACCEPT OK", - "ingestionTime": 1760899369733, - "eventId": "39269367122488074886827176200439152160092688428093407234" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899323000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.236 10.0.4.186 29018 80 6 3 180 1760899323 1760899350 ACCEPT OK", - "ingestionTime": 1760899369733, - "eventId": "39269367122488074886827176200439152160092688428093407235" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899323000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.174 10.0.4.186 15302 80 6 3 180 1760899323 1760899350 ACCEPT OK", - "ingestionTime": 1760899369733, - "eventId": "39269367122488074886827176200439152160092688428093407236" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899323000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.2.130 10.0.4.186 15122 80 6 3 180 1760899323 1760899350 ACCEPT OK", - "ingestionTime": 1760899369733, - "eventId": "39269367122488074886827176200439152160092688428093407237" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899323000, - "message": "2 211203495394 eni-0c663685d7a12552e - - - - - - - 1760899323 1760899350 - SKIPDATA", - "ingestionTime": 1760899369733, - "eventId": "39269367122488074886827176200439152160092688428093407238" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899324000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.34.56 10.0.4.186 52034 21 6 4 240 1760899324 1760899350 ACCEPT OK", - "ingestionTime": 1760899381515, - "eventId": "39269367144788820085357799356217906366988921572040507392" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899324000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.121 10.0.4.186 28464 80 6 3 180 1760899324 1760899350 ACCEPT OK", - "ingestionTime": 1760899381515, - "eventId": "39269367144788820085357799356217906366988921572040507393" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899324000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.34.56 10.0.4.186 61844 21 6 2 120 1760899324 1760899350 ACCEPT OK", - "ingestionTime": 1760899381515, - "eventId": "39269367144788820085357799356217906366988921572040507394" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899324000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.50.103 10.0.4.186 37012 21 6 4 240 1760899324 1760899350 ACCEPT OK", - "ingestionTime": 1760899381515, - "eventId": "39269367144788820085357799356217906366988921572040507395" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899324000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.10.34 10.0.4.186 65418 80 6 3 180 1760899324 1760899350 ACCEPT OK", - "ingestionTime": 1760899381515, - "eventId": "39269367144788820085357799356217906366988921572040507396" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899324000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.50.153 10.0.4.186 27682 80 6 3 180 1760899324 1760899350 ACCEPT OK", - "ingestionTime": 1760899381515, - "eventId": "39269367144788820085357799356217906366988921572040507397" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899324000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.38.30 10.0.4.186 45390 21 6 4 240 1760899324 1760899350 ACCEPT OK", - "ingestionTime": 1760899381515, - "eventId": "39269367144788820085357799356217906366988921572040507398" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899324000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 50814 80 6 3 180 1760899324 1760899350 ACCEPT OK", - "ingestionTime": 1760899381515, - "eventId": "39269367144788820085357799356217906366988921572040507399" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899324000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 41210 80 6 3 180 1760899324 1760899350 ACCEPT OK", - "ingestionTime": 1760899381515, - "eventId": "39269367144788820085357799356217906366988921572040507400" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899324000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 38070 80 6 3 180 1760899324 1760899350 ACCEPT OK", - "ingestionTime": 1760899381515, - "eventId": "39269367144788820085357799356217906366988921572040507401" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899324000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.18.159 10.0.4.186 9706 80 6 3 180 1760899324 1760899350 ACCEPT OK", - "ingestionTime": 1760899381515, - "eventId": "39269367144788820085357799356217906366988921572040507402" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899325000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.6.212 10.0.4.186 50430 80 6 3 180 1760899325 1760899343 ACCEPT OK", - "ingestionTime": 1760899376838, - "eventId": "39269367167089565283888422492099880415774954362776715264" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899325000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.42.79 10.0.4.186 18182 21 6 4 240 1760899325 1760899343 ACCEPT OK", - "ingestionTime": 1760899376838, - "eventId": "39269367167089565283888422492099880415774954362776715265" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899325000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.22.186 10.0.4.186 47948 80 6 3 180 1760899325 1760899343 ACCEPT OK", - "ingestionTime": 1760899376838, - "eventId": "39269367167089565283888422492099880415774954362776715266" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899325000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 34372 80 6 1 60 1760899325 1760899343 ACCEPT OK", - "ingestionTime": 1760899376838, - "eventId": "39269367167089565283888422492099880415774954362776715267" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899325000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.18.159 10.0.4.186 26294 80 6 3 180 1760899325 1760899343 ACCEPT OK", - "ingestionTime": 1760899376838, - "eventId": "39269367167089565283888422492099880415774954362776715268" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899325000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.18.159 10.0.4.186 11968 80 6 3 180 1760899325 1760899343 ACCEPT OK", - "ingestionTime": 1760899376838, - "eventId": "39269367167089565283888422492099880415774954362776715269" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899325000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.46.102 10.0.4.186 28368 80 6 3 180 1760899325 1760899343 ACCEPT OK", - "ingestionTime": 1760899376838, - "eventId": "39269367167089565283888422492099880415774954362776715270" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899325000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.38.48 10.0.4.186 19342 80 6 3 180 1760899325 1760899343 ACCEPT OK", - "ingestionTime": 1760899376838, - "eventId": "39269367167089565283888422492099880415774954362776715271" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899325000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.18.2 10.0.4.186 29372 21 6 4 240 1760899325 1760899343 ACCEPT OK", - "ingestionTime": 1760899376838, - "eventId": "39269367167089565283888422492099880415774954362776715272" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899325000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 46546 80 6 3 180 1760899325 1760899343 ACCEPT OK", - "ingestionTime": 1760899376838, - "eventId": "39269367167089565283888422492099880415774954362776715273" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899325000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.50.153 10.0.4.186 23346 80 6 3 180 1760899325 1760899343 ACCEPT OK", - "ingestionTime": 1760899376838, - "eventId": "39269367167089565283888422492099880415774954362776715274" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899327000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.121 10.0.4.186 58710 80 6 3 180 1760899327 1760899355 ACCEPT OK", - "ingestionTime": 1760899377777, - "eventId": "39269367211691055680949668776306210749227841375661588480" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899327000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.223 10.0.4.186 44376 21 6 4 240 1760899327 1760899355 ACCEPT OK", - "ingestionTime": 1760899377777, - "eventId": "39269367211691055680949668776306210749227841375661588481" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899327000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.2.130 10.0.4.186 50536 80 6 1 60 1760899327 1760899355 ACCEPT OK", - "ingestionTime": 1760899377777, - "eventId": "39269367211691055680949668776306210749227841375661588482" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899327000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.236 10.0.4.186 57464 80 6 3 180 1760899327 1760899355 ACCEPT OK", - "ingestionTime": 1760899377777, - "eventId": "39269367211691055680949668776306210749227841375661588483" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899327000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.50.103 10.0.4.186 23402 21 6 4 240 1760899327 1760899355 ACCEPT OK", - "ingestionTime": 1760899377777, - "eventId": "39269367211691055680949668776306210749227841375661588484" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899327000, - "message": "2 211203495394 eni-0c663685d7a12552e 162.216.150.86 10.0.4.186 55131 57357 6 1 44 1760899327 1760899355 ACCEPT OK", - "ingestionTime": 1760899377777, - "eventId": "39269367211691055680949668776306210749227841375661588485" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899327000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.34.110 10.0.4.186 53474 80 6 3 180 1760899327 1760899355 ACCEPT OK", - "ingestionTime": 1760899377777, - "eventId": "39269367211691055680949668776306210749227841375661588486" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899327000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.46.102 10.0.4.186 56830 80 6 3 180 1760899327 1760899355 ACCEPT OK", - "ingestionTime": 1760899377777, - "eventId": "39269367211691055680949668776306210749227841375661588487" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899327000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.100 10.0.4.186 20716 21 6 4 240 1760899327 1760899355 ACCEPT OK", - "ingestionTime": 1760899377777, - "eventId": "39269367211691055680949668776306210749227841375661588488" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899327000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.18.2 10.0.4.186 21308 21 6 4 240 1760899327 1760899355 ACCEPT OK", - "ingestionTime": 1760899377777, - "eventId": "39269367211691055680949668776306210749227841375661588489" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899327000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.22.145 10.0.4.186 64576 21 6 1 60 1760899327 1760899355 ACCEPT OK", - "ingestionTime": 1760899377777, - "eventId": "39269367211691055680949668776306210749227841375661588490" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899327000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.53 10.0.4.186 54428 80 6 3 180 1760899327 1760899355 ACCEPT OK", - "ingestionTime": 1760899377777, - "eventId": "39269367211691055680949668776306210749227841375661588491" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899327000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.22.186 10.0.4.186 56326 80 6 3 180 1760899327 1760899355 ACCEPT OK", - "ingestionTime": 1760899377777, - "eventId": "39269367211691055680949668776306210749227841375661588492" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899327000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 11346 80 6 1 60 1760899327 1760899355 ACCEPT OK", - "ingestionTime": 1760899377777, - "eventId": "39269367211691055680949668776306210749227841375661588493" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899327000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.38.48 10.0.4.186 54058 80 6 3 180 1760899327 1760899355 ACCEPT OK", - "ingestionTime": 1760899377777, - "eventId": "39269367211691055680949668776306210749227841375661588494" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899331000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.174 10.0.4.186 28496 80 6 1 60 1760899331 1760899360 ACCEPT OK", - "ingestionTime": 1760899382740, - "eventId": "39269367300894036475072161348448949631126678245174607872" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899331000, - "message": "2 211203495394 eni-0c663685d7a12552e 87.120.191.93 10.0.4.186 51632 80 6 1 40 1760899331 1760899360 ACCEPT OK", - "ingestionTime": 1760899382740, - "eventId": "39269367300894036475072161348448949631126678245174607873" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899331000, - "message": "2 211203495394 eni-0c663685d7a12552e 41.59.173.249 10.0.4.186 44087 23 6 1 60 1760899331 1760899360 ACCEPT OK", - "ingestionTime": 1760899382740, - "eventId": "39269367300894036475072161348448949631126678245174607874" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899331000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.174 10.0.4.186 39996 80 6 3 180 1760899331 1760899360 ACCEPT OK", - "ingestionTime": 1760899382740, - "eventId": "39269367300894036475072161348448949631126678245174607875" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899331000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.157 10.0.4.186 59438 80 6 3 180 1760899331 1760899360 ACCEPT OK", - "ingestionTime": 1760899382740, - "eventId": "39269367300894036475072161348448949631126678245174607876" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899331000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.6.212 10.0.4.186 61964 80 6 3 180 1760899331 1760899360 ACCEPT OK", - "ingestionTime": 1760899382740, - "eventId": "39269367300894036475072161348448949631126678245174607877" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899331000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.9 10.0.4.186 15392 21 6 4 240 1760899331 1760899360 ACCEPT OK", - "ingestionTime": 1760899382740, - "eventId": "39269367300894036475072161348448949631126678245174607878" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899331000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.10.12 10.0.4.186 11790 21 6 4 240 1760899331 1760899360 ACCEPT OK", - "ingestionTime": 1760899382740, - "eventId": "39269367300894036475072161348448949631126678245174607879" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899331000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.22.186 10.0.4.186 37404 80 6 3 180 1760899331 1760899360 ACCEPT OK", - "ingestionTime": 1760899382740, - "eventId": "39269367300894036475072161348448949631126678245174607880" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899331000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.65 10.0.4.186 46602 21 6 4 240 1760899331 1760899360 ACCEPT OK", - "ingestionTime": 1760899382740, - "eventId": "39269367300894036475072161348448949631126678245174607881" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899352000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.22.186 10.0.4.186 25578 80 6 3 180 1760899352 1760899374 ACCEPT OK", - "ingestionTime": 1760899408802, - "eventId": "39269367769209685644215247352206373185917490583177330688" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899352000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.10.34 10.0.4.186 49716 80 6 3 180 1760899352 1760899374 ACCEPT OK", - "ingestionTime": 1760899408802, - "eventId": "39269367769209685644215247352206373185917490583177330689" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899352000, - "message": "2 211203495394 eni-0c663685d7a12552e - - - - - - - 1760899352 1760899374 - SKIPDATA", - "ingestionTime": 1760899408802, - "eventId": "39269367769209685644215247352206373185917490583177330690" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899354000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.18.159 10.0.4.186 47440 80 6 3 180 1760899354 1760899378 ACCEPT OK", - "ingestionTime": 1760899412440, - "eventId": "39269367813811176041276493639675932908351685245456547840" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899354000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 12744 21 6 4 240 1760899354 1760899378 ACCEPT OK", - "ingestionTime": 1760899412440, - "eventId": "39269367813811176041276493639675932908351685245456547841" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899354000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.121 10.0.4.186 19934 80 6 3 180 1760899354 1760899378 ACCEPT OK", - "ingestionTime": 1760899412440, - "eventId": "39269367813811176041276493639675932908351685245456547842" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899354000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.50.153 10.0.4.186 55776 80 6 3 180 1760899354 1760899378 ACCEPT OK", - "ingestionTime": 1760899412440, - "eventId": "39269367813811176041276493639675932908351685245456547843" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899354000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.121 10.0.4.186 18552 80 6 1 60 1760899354 1760899379 ACCEPT OK", - "ingestionTime": 1760899412903, - "eventId": "39269367813811176041276493640235400035658293895875198976" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899354000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.121 10.0.4.186 22126 80 6 3 180 1760899354 1760899379 ACCEPT OK", - "ingestionTime": 1760899412903, - "eventId": "39269367813811176041276493640235400035658293895875198977" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899354000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.22.186 10.0.4.186 10576 80 6 3 180 1760899354 1760899379 ACCEPT OK", - "ingestionTime": 1760899412903, - "eventId": "39269367813811176041276493640235400035658293895875198978" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899354000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.42.79 10.0.4.186 24392 80 6 3 180 1760899354 1760899379 ACCEPT OK", - "ingestionTime": 1760899412903, - "eventId": "39269367813811176041276493640235400035658293895875198979" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899354000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.174 10.0.4.186 33602 80 6 3 180 1760899354 1760899379 ACCEPT OK", - "ingestionTime": 1760899412903, - "eventId": "39269367813811176041276493640235400035658293895875198980" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899354000, - "message": "2 211203495394 eni-0c663685d7a12552e 92.63.197.66 10.0.4.186 8080 6224 6 1 40 1760899354 1760899379 ACCEPT OK", - "ingestionTime": 1760899412903, - "eventId": "39269367813811176041276493640235400035658293895875198981" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899354000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.6.212 10.0.4.186 18116 80 6 3 180 1760899354 1760899379 ACCEPT OK", - "ingestionTime": 1760899412903, - "eventId": "39269367813811176041276493640235400035658293895875198982" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899354000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.46.102 10.0.4.186 35388 80 6 3 180 1760899354 1760899379 ACCEPT OK", - "ingestionTime": 1760899412903, - "eventId": "39269367813811176041276493640235400035658293895875198983" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899354000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.38.30 10.0.4.186 43842 21 6 4 240 1760899354 1760899379 ACCEPT OK", - "ingestionTime": 1760899412903, - "eventId": "39269367813811176041276493640235400035658293895875198984" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899354000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.50.153 10.0.4.186 27478 80 6 3 180 1760899354 1760899379 ACCEPT OK", - "ingestionTime": 1760899412903, - "eventId": "39269367813811176041276493640235400035658293895875198985" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899358000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.10.34 10.0.4.186 37470 80 6 3 180 1760899358 1760899384 ACCEPT OK", - "ingestionTime": 1760899408496, - "eventId": "39269367903014156835398986201050591227621666028279234560" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899358000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.42.79 10.0.4.186 59854 80 6 3 180 1760899358 1760899384 ACCEPT OK", - "ingestionTime": 1760899408496, - "eventId": "39269367903014156835398986201050591227621666028279234561" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899358000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.53 10.0.4.186 35168 80 6 3 180 1760899358 1760899384 ACCEPT OK", - "ingestionTime": 1760899408496, - "eventId": "39269367903014156835398986201050591227621666028279234562" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899358000, - "message": "2 211203495394 eni-0c663685d7a12552e 91.196.152.225 10.0.4.186 48508 14430 6 1 60 1760899358 1760899384 ACCEPT OK", - "ingestionTime": 1760899408496, - "eventId": "39269367903014156835398986201050591227621666028279234563" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899358000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.126 10.0.4.186 52196 21 6 4 240 1760899358 1760899384 ACCEPT OK", - "ingestionTime": 1760899408496, - "eventId": "39269367903014156835398986201050591227621666028279234564" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899358000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.42.79 10.0.4.186 37160 21 6 4 240 1760899358 1760899384 ACCEPT OK", - "ingestionTime": 1760899408496, - "eventId": "39269367903014156835398986201050591227621666028279234565" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899358000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.236 10.0.4.186 48292 80 6 3 180 1760899358 1760899384 ACCEPT OK", - "ingestionTime": 1760899408496, - "eventId": "39269367903014156835398986201050591227621666028279234566" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899358000, - "message": "2 211203495394 eni-0c663685d7a12552e 35.203.210.253 10.0.4.186 54329 9606 6 1 44 1760899358 1760899384 ACCEPT OK", - "ingestionTime": 1760899408496, - "eventId": "39269367903014156835398986201050591227621666028279234567" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899358000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.18.159 10.0.4.186 55998 80 6 3 180 1760899358 1760899384 ACCEPT OK", - "ingestionTime": 1760899408496, - "eventId": "39269367903014156835398986201050591227621666028279234568" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899358000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.18.159 10.0.4.186 13248 80 6 3 180 1760899358 1760899384 ACCEPT OK", - "ingestionTime": 1760899408496, - "eventId": "39269367903014156835398986201050591227621666028279234569" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899358000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.22.186 10.0.4.186 27354 80 6 3 180 1760899358 1760899384 ACCEPT OK", - "ingestionTime": 1760899408496, - "eventId": "39269367903014156835398986201050591227621666028279234570" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899358000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.22.186 10.0.4.186 18188 80 6 2 120 1760899358 1760899384 ACCEPT OK", - "ingestionTime": 1760899408496, - "eventId": "39269367903014156835398986201050591227621666028279234571" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899358000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.42.79 10.0.4.186 15930 80 6 3 180 1760899358 1760899384 ACCEPT OK", - "ingestionTime": 1760899408496, - "eventId": "39269367903014156835398986201050591227621666028279234572" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899363000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.157 10.0.4.186 14392 80 6 3 180 1760899363 1760899388 ACCEPT OK", - "ingestionTime": 1760899420016, - "eventId": "39269368014517882828052101922655979963925164507745746944" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899363000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.10.12 10.0.4.186 16508 21 6 3 180 1760899363 1760899388 ACCEPT OK", - "ingestionTime": 1760899420016, - "eventId": "39269368014517882828052101922655979963925164507745746945" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899363000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.22.145 10.0.4.186 45642 21 6 4 240 1760899363 1760899388 ACCEPT OK", - "ingestionTime": 1760899420016, - "eventId": "39269368014517882828052101922655979963925164507745746946" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899363000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.174 10.0.4.186 65378 80 6 3 180 1760899363 1760899388 ACCEPT OK", - "ingestionTime": 1760899420016, - "eventId": "39269368014517882828052101922655979963925164507745746947" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899363000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.126 10.0.4.186 48818 21 6 4 240 1760899363 1760899388 ACCEPT OK", - "ingestionTime": 1760899420016, - "eventId": "39269368014517882828052101922655979963925164507745746948" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899363000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.50.103 10.0.4.186 57706 21 6 4 240 1760899363 1760899388 ACCEPT OK", - "ingestionTime": 1760899420016, - "eventId": "39269368014517882828052101922655979963925164507745746949" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899363000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.65 10.0.4.186 11464 21 6 4 240 1760899363 1760899388 ACCEPT OK", - "ingestionTime": 1760899420016, - "eventId": "39269368014517882828052101922655979963925164507745746950" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899363000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.100 10.0.4.186 34208 21 6 4 240 1760899363 1760899388 ACCEPT OK", - "ingestionTime": 1760899420016, - "eventId": "39269368014517882828052101922655979963925164507745746951" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899363000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.46.102 10.0.4.186 31380 80 6 3 180 1760899363 1760899388 ACCEPT OK", - "ingestionTime": 1760899420016, - "eventId": "39269368014517882828052101922655979963925164507745746952" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899363000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.157 10.0.4.186 18816 80 6 3 180 1760899363 1760899388 ACCEPT OK", - "ingestionTime": 1760899420016, - "eventId": "39269368014517882828052101922655979963925164507745746953" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899382000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.2.31 10.0.4.186 36286 21 6 4 240 1760899382 1760899406 ACCEPT OK", - "ingestionTime": 1760899428549, - "eventId": "39269368438232041600133941622150274088155816644489117696" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899382000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.2.130 10.0.4.186 25478 80 6 3 180 1760899382 1760899406 ACCEPT OK", - "ingestionTime": 1760899428549, - "eventId": "39269368438232041600133941622150274088155816644489117697" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899382000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.46.163 10.0.4.186 29340 21 6 4 240 1760899382 1760899406 ACCEPT OK", - "ingestionTime": 1760899428549, - "eventId": "39269368438232041600133941622150274088155816644489117698" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899382000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.53 10.0.4.186 53794 80 6 3 180 1760899382 1760899406 ACCEPT OK", - "ingestionTime": 1760899428549, - "eventId": "39269368438232041600133941622150274088155816644489117699" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899382000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 42022 80 6 3 180 1760899382 1760899406 ACCEPT OK", - "ingestionTime": 1760899428549, - "eventId": "39269368438232041600133941622150274088155816644489117700" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899382000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.42.79 10.0.4.186 13670 21 6 3 180 1760899382 1760899406 ACCEPT OK", - "ingestionTime": 1760899428549, - "eventId": "39269368438232041600133941622150274088155816644489117701" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899382000, - "message": "2 211203495394 eni-0c663685d7a12552e - - - - - - - 1760899382 1760899406 - SKIPDATA", - "ingestionTime": 1760899428549, - "eventId": "39269368438232041600133941622150274088155816644489117702" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899383000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.22.145 10.0.4.186 37698 21 6 4 240 1760899383 1760899410 ACCEPT OK", - "ingestionTime": 1760899435363, - "eventId": "39269368460532786798664564771924077711599893038972338176" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899383000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.100 10.0.4.186 63386 21 6 4 240 1760899383 1760899410 ACCEPT OK", - "ingestionTime": 1760899435363, - "eventId": "39269368460532786798664564771924077711599893038972338177" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899383000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.6.1 10.0.4.186 24506 21 6 4 240 1760899383 1760899410 ACCEPT OK", - "ingestionTime": 1760899435363, - "eventId": "39269368460532786798664564771924077711599893038972338178" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899383000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.34.56 10.0.4.186 13550 21 6 4 240 1760899383 1760899410 ACCEPT OK", - "ingestionTime": 1760899435363, - "eventId": "39269368460532786798664564771924077711599893038972338179" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899383000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.50.153 10.0.4.186 61784 80 6 3 180 1760899383 1760899410 ACCEPT OK", - "ingestionTime": 1760899435363, - "eventId": "39269368460532786798664564771924077711599893038972338180" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899383000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.42.79 10.0.4.186 31186 80 6 3 180 1760899383 1760899410 ACCEPT OK", - "ingestionTime": 1760899435363, - "eventId": "39269368460532786798664564771924077711599893038972338181" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899383000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.34.56 10.0.4.186 61844 21 6 2 120 1760899383 1760899410 ACCEPT OK", - "ingestionTime": 1760899435363, - "eventId": "39269368460532786798664564771924077711599893038972338182" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899383000, - "message": "2 211203495394 eni-0c663685d7a12552e 147.185.132.26 10.0.4.186 56968 9530 6 1 44 1760899383 1760899410 ACCEPT OK", - "ingestionTime": 1760899435363, - "eventId": "39269368460532786798664564771924077711599893038972338183" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899383000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.100 10.0.4.186 44220 21 6 2 120 1760899383 1760899410 ACCEPT OK", - "ingestionTime": 1760899435363, - "eventId": "39269368460532786798664564771924077711599893038972338184" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899383000, - "message": "2 211203495394 eni-0c663685d7a12552e 162.216.150.181 10.0.4.186 49778 9108 6 1 44 1760899383 1760899410 ACCEPT OK", - "ingestionTime": 1760899435363, - "eventId": "39269368460532786798664564771924077711599893038972338185" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899383000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.174 10.0.4.186 21902 80 6 3 180 1760899383 1760899410 ACCEPT OK", - "ingestionTime": 1760899435363, - "eventId": "39269368460532786798664564771924077711599893038972338186" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899383000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.65 10.0.4.186 61022 21 6 4 240 1760899383 1760899410 ACCEPT OK", - "ingestionTime": 1760899435363, - "eventId": "39269368460532786798664564771924077711599893038972338187" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899387000, - "message": "2 211203495394 eni-0c663685d7a12552e 40.124.175.174 10.0.4.186 48441 993 6 1 52 1760899387 1760899410 ACCEPT OK", - "ingestionTime": 1760899431153, - "eventId": "39269368549735767592787057332977025247197197492447477760" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899387000, - "message": "2 211203495394 eni-0c663685d7a12552e 147.185.132.182 10.0.4.186 54893 7706 6 1 44 1760899387 1760899410 ACCEPT OK", - "ingestionTime": 1760899431153, - "eventId": "39269368549735767592787057332977025247197197492447477761" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899387000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.6.212 10.0.4.186 54974 80 6 3 180 1760899387 1760899410 ACCEPT OK", - "ingestionTime": 1760899431153, - "eventId": "39269368549735767592787057332977025247197197492447477762" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899387000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.126 10.0.4.186 44314 21 6 4 240 1760899387 1760899410 ACCEPT OK", - "ingestionTime": 1760899431153, - "eventId": "39269368549735767592787057332977025247197197492447477763" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899387000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.18.159 10.0.4.186 19256 80 6 3 180 1760899387 1760899410 ACCEPT OK", - "ingestionTime": 1760899431153, - "eventId": "39269368549735767592787057332977025247197197492447477764" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899387000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.236 10.0.4.186 45020 80 6 2 120 1760899387 1760899416 ACCEPT OK", - "ingestionTime": 1760899434149, - "eventId": "39269368549735767592787057336599182057567182487830134784" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899387000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.2.31 10.0.4.186 30032 21 6 4 240 1760899387 1760899416 ACCEPT OK", - "ingestionTime": 1760899434149, - "eventId": "39269368549735767592787057336599182057567182487830134785" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899387000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.46.163 10.0.4.186 63082 21 6 4 240 1760899387 1760899416 ACCEPT OK", - "ingestionTime": 1760899434149, - "eventId": "39269368549735767592787057336599182057567182487830134786" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899387000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.38.48 10.0.4.186 36934 80 6 3 180 1760899387 1760899416 ACCEPT OK", - "ingestionTime": 1760899434149, - "eventId": "39269368549735767592787057336599182057567182487830134787" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899387000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.10.34 10.0.4.186 62370 80 6 3 180 1760899387 1760899416 ACCEPT OK", - "ingestionTime": 1760899434149, - "eventId": "39269368549735767592787057336599182057567182487830134788" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899387000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.157 10.0.4.186 13408 80 6 3 180 1760899387 1760899416 ACCEPT OK", - "ingestionTime": 1760899434149, - "eventId": "39269368549735767592787057336599182057567182487830134789" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899387000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.2.130 10.0.4.186 21982 80 6 3 180 1760899387 1760899416 ACCEPT OK", - "ingestionTime": 1760899434149, - "eventId": "39269368549735767592787057336599182057567182487830134790" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899387000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 11346 80 6 2 120 1760899387 1760899416 ACCEPT OK", - "ingestionTime": 1760899434149, - "eventId": "39269368549735767592787057336599182057567182487830134791" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899387000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 32590 80 6 3 180 1760899387 1760899416 ACCEPT OK", - "ingestionTime": 1760899434149, - "eventId": "39269368549735767592787057336599182057567182487830134792" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899394000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.42.79 10.0.4.186 42266 80 6 3 180 1760899394 1760899421 ACCEPT OK", - "ingestionTime": 1760899455104, - "eventId": "39269368705840983982501419352682204274414774293099839488" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899394000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.42.79 10.0.4.186 54384 80 6 3 180 1760899394 1760899421 ACCEPT OK", - "ingestionTime": 1760899455104, - "eventId": "39269368705840983982501419352682204274414774293099839489" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899394000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.157 10.0.4.186 37458 80 6 3 180 1760899394 1760899421 ACCEPT OK", - "ingestionTime": 1760899455104, - "eventId": "39269368705840983982501419352682204274414774293099839490" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899394000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.53 10.0.4.186 39936 80 6 3 180 1760899394 1760899421 ACCEPT OK", - "ingestionTime": 1760899455104, - "eventId": "39269368705840983982501419352682204274414774293099839491" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899394000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.38.48 10.0.4.186 24968 80 6 3 180 1760899394 1760899421 ACCEPT OK", - "ingestionTime": 1760899455104, - "eventId": "39269368705840983982501419352682204274414774293099839492" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899394000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 63412 80 6 3 180 1760899394 1760899421 ACCEPT OK", - "ingestionTime": 1760899455104, - "eventId": "39269368705840983982501419352682204274414774293099839493" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899394000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.6.212 10.0.4.186 34598 80 6 3 180 1760899394 1760899421 ACCEPT OK", - "ingestionTime": 1760899455104, - "eventId": "39269368705840983982501419352682204274414774293099839494" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899394000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.53 10.0.4.186 48400 80 6 3 180 1760899394 1760899421 ACCEPT OK", - "ingestionTime": 1760899455104, - "eventId": "39269368705840983982501419352682204274414774293099839495" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899394000, - "message": "2 211203495394 eni-0c663685d7a12552e 205.210.31.140 10.0.4.186 50762 1443 6 1 44 1760899394 1760899421 ACCEPT OK", - "ingestionTime": 1760899455104, - "eventId": "39269368705840983982501419352682204274414774293099839496" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899394000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.236 10.0.4.186 13368 80 6 3 180 1760899394 1760899421 ACCEPT OK", - "ingestionTime": 1760899455104, - "eventId": "39269368705840983982501419352682204274414774293099839497" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899394000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.2.130 10.0.4.186 15050 80 6 3 180 1760899394 1760899421 ACCEPT OK", - "ingestionTime": 1760899455104, - "eventId": "39269368705840983982501419352682204274414774293099839498" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899394000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.157 10.0.4.186 26108 80 6 3 180 1760899394 1760899421 ACCEPT OK", - "ingestionTime": 1760899455104, - "eventId": "39269368705840983982501419352682204274414774293099839499" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899394000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.22.145 10.0.4.186 45052 21 6 4 240 1760899394 1760899421 ACCEPT OK", - "ingestionTime": 1760899455104, - "eventId": "39269368705840983982501419352682204274414774293099839500" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899414000, - "message": "2 211203495394 eni-0c663685d7a12552e 95.214.53.196 10.0.4.186 40742 16379 6 1 40 1760899414 1760899437 ACCEPT OK", - "ingestionTime": 1760899458154, - "eventId": "39269369151855887953113882187083579791881746227358859264" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899414000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 48250 80 6 3 180 1760899414 1760899437 ACCEPT OK", - "ingestionTime": 1760899458154, - "eventId": "39269369151855887953113882187083579791881746227358859265" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899414000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.34.110 10.0.4.186 63068 80 6 1 60 1760899414 1760899437 ACCEPT OK", - "ingestionTime": 1760899458154, - "eventId": "39269369151855887953113882187083579791881746227358859266" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899414000, - "message": "2 211203495394 eni-0c663685d7a12552e - - - - - - - 1760899414 1760899437 - SKIPDATA", - "ingestionTime": 1760899458154, - "eventId": "39269369151855887953113882187083579791881746227358859267" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899414000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.38.30 10.0.4.186 15034 21 6 4 240 1760899414 1760899438 ACCEPT OK", - "ingestionTime": 1760899467683, - "eventId": "39269369151855887953113882198603628849459116683788746752" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899414000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.10.34 10.0.4.186 20028 80 6 3 180 1760899414 1760899438 ACCEPT OK", - "ingestionTime": 1760899467683, - "eventId": "39269369151855887953113882198603628849459116683788746753" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899414000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.53 10.0.4.186 16406 80 6 3 180 1760899414 1760899438 ACCEPT OK", - "ingestionTime": 1760899467683, - "eventId": "39269369151855887953113882198603628849459116683788746754" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899414000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.2.31 10.0.4.186 24550 21 6 4 240 1760899414 1760899438 ACCEPT OK", - "ingestionTime": 1760899467683, - "eventId": "39269369151855887953113882198603628849459116683788746755" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899414000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.42.79 10.0.4.186 62060 21 6 3 180 1760899414 1760899438 ACCEPT OK", - "ingestionTime": 1760899467683, - "eventId": "39269369151855887953113882198603628849459116683788746756" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899414000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.121 10.0.4.186 60596 80 6 3 180 1760899414 1760899438 ACCEPT OK", - "ingestionTime": 1760899467683, - "eventId": "39269369151855887953113882198603628849459116683788746757" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899414000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.34.110 10.0.4.186 35718 80 6 3 180 1760899414 1760899438 ACCEPT OK", - "ingestionTime": 1760899467683, - "eventId": "39269369151855887953113882198603628849459116683788746758" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899414000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.9 10.0.4.186 16994 21 6 3 180 1760899414 1760899438 ACCEPT OK", - "ingestionTime": 1760899467683, - "eventId": "39269369151855887953113882198603628849459116683788746759" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899414000, - "message": "2 211203495394 eni-0c663685d7a12552e 47.74.55.112 10.0.4.186 57188 12320 6 1 52 1760899414 1760899438 ACCEPT OK", - "ingestionTime": 1760899467683, - "eventId": "39269369151855887953113882198603628849459116683788746760" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899414000, - "message": "2 211203495394 eni-0c663685d7a12552e 162.216.150.55 10.0.4.186 51355 34473 6 1 44 1760899414 1760899438 ACCEPT OK", - "ingestionTime": 1760899467683, - "eventId": "39269369151855887953113882198603628849459116683788746761" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899414000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 16338 80 6 3 180 1760899414 1760899438 ACCEPT OK", - "ingestionTime": 1760899467683, - "eventId": "39269369151855887953113882198603628849459116683788746762" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899414000, - "message": "2 211203495394 eni-0c663685d7a12552e 162.216.149.61 10.0.4.186 55176 49010 6 1 44 1760899414 1760899438 ACCEPT OK", - "ingestionTime": 1760899467683, - "eventId": "39269369151855887953113882198603628849459116683788746763" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899415000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.50.153 10.0.4.186 33922 80 6 3 180 1760899415 1760899441 ACCEPT OK", - "ingestionTime": 1760899465450, - "eventId": "39269369174156633151644505337439453974580325074051334144" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899415000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.38.48 10.0.4.186 38080 80 6 3 180 1760899415 1760899441 ACCEPT OK", - "ingestionTime": 1760899465450, - "eventId": "39269369174156633151644505337439453974580325074051334145" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899415000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.53 10.0.4.186 47416 80 6 3 180 1760899415 1760899441 ACCEPT OK", - "ingestionTime": 1760899465450, - "eventId": "39269369174156633151644505337439453974580325074051334146" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899415000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.46.102 10.0.4.186 30120 80 6 3 180 1760899415 1760899441 ACCEPT OK", - "ingestionTime": 1760899465450, - "eventId": "39269369174156633151644505337439453974580325074051334147" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899415000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.34.110 10.0.4.186 61568 80 6 3 180 1760899415 1760899441 ACCEPT OK", - "ingestionTime": 1760899465450, - "eventId": "39269369174156633151644505337439453974580325074051334148" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899415000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.6.212 10.0.4.186 38820 80 6 3 180 1760899415 1760899441 ACCEPT OK", - "ingestionTime": 1760899465450, - "eventId": "39269369174156633151644505337439453974580325074051334149" - } - ], - "eni-0b0549e20044315f3-all": [ - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899050000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899050 1760899129 - NODATA", - "ingestionTime": 1760899149148, - "eventId": "39269361034384635687967058294516883796158603200468746240" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899063000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899063 1760899133 - NODATA", - "ingestionTime": 1760899191042, - "eventId": "39269361324294323268865159185128106407086387132881174528" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899065000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899065 1760899140 - NODATA", - "ingestionTime": 1760899158751, - "eventId": "39269361368895813665926405429162124440841377838471249920" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899066000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899066 1760899145 - NODATA", - "ingestionTime": 1760899169059, - "eventId": "39269361391196558864457028583159222796051983380536492032" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899072000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899072 1760899154 - NODATA", - "ingestionTime": 1760899183447, - "eventId": "39269361525001030055640767449767568231817834522370572288" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899083000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899083 1760899163 - NODATA", - "ingestionTime": 1760899191130, - "eventId": "39269361770309227239477622015948951614231990473462448128" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899095000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899095 1760899177 - NODATA", - "ingestionTime": 1760899203123, - "eventId": "39269362037918169621845099728876158476315828073130033152" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899096000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899096 1760899173 - NODATA", - "ingestionTime": 1760899191541, - "eventId": "39269362060218914820375722856410123339823436258297708544" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899110000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899110 1760899188 - NODATA", - "ingestionTime": 1760899209964, - "eventId": "39269362372429347599804446860182095577718871838885019648" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899124000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899124 1760899206 - NODATA", - "ingestionTime": 1760899229535, - "eventId": "39269362684639780379233170865342036892205695946093232128" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899125000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899125 1760899199 - NODATA", - "ingestionTime": 1760899251421, - "eventId": "39269362706940525577763794033336149004260622706450890752" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899126000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899126 1760899200 - NODATA", - "ingestionTime": 1760899220164, - "eventId": "39269362729241270776294417137084416047159533537171668992" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899127000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899127 1760899212 - NODATA", - "ingestionTime": 1760899241060, - "eventId": "39269362751542015974825040303882188022904222112626704384" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899154000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899154 1760899233 - NODATA", - "ingestionTime": 1760899251092, - "eventId": "39269363353662136335151865137474306632162095644831449088" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899154000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899154 1760899237 - NODATA", - "ingestionTime": 1760899265367, - "eventId": "39269363353662136335151865154731662239795841721343803392" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899181000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899181 1760899266 - NODATA", - "ingestionTime": 1760899288254, - "eventId": "39269363955782256695478690003864747195775111898944765952" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899184000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899184 1760899260 - NODATA", - "ingestionTime": 1760899279934, - "eventId": "39269364022684492291070559418413938563523123583808634880" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899191000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899191 1760899257 - NODATA", - "ingestionTime": 1760899310499, - "eventId": "39269364178789708680784921446114574291045297137749393408" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899193000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899193 1760899271 - NODATA", - "ingestionTime": 1760899300873, - "eventId": "39269364223391199077846167717549072416822564465518444544" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899203000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899203 1760899284 - NODATA", - "ingestionTime": 1760899308384, - "eventId": "39269364446398651063152399141986190306426909080998117376" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899213000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899213 1760899293 - NODATA", - "ingestionTime": 1760899313680, - "eventId": "39269364669406103048458630563745762218163735798362669056" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899215000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899215 1760899297 - NODATA", - "ingestionTime": 1760899323453, - "eventId": "39269364714007593445519876858632206622956850636010291200" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899231000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899231 1760899308 - NODATA", - "ingestionTime": 1760899331321, - "eventId": "39269365070819516622009847132715303195827357368140234752" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899245000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899245 1760899320 - NODATA", - "ingestionTime": 1760899339052, - "eventId": "39269365383029949401438571123561746374130011920953245696" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899246000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899246 1760899325 - NODATA", - "ingestionTime": 1760899350892, - "eventId": "39269365405330694599969194279411208772642910370836054016" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899246000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899246 1760899316 - NODATA", - "ingestionTime": 1760899371391, - "eventId": "39269365405330694599969194304192910118520948369194024960" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899248000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899248 1760899335 - NODATA", - "ingestionTime": 1760899363230, - "eventId": "39269365449932184997030440577398219863041560501072035840" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899264000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899264 1760899344 - NODATA", - "ingestionTime": 1760899368928, - "eventId": "39269365806744108173520410848858081852441394865298800640" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899273000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899273 1760899356 - NODATA", - "ingestionTime": 1760899385617, - "eventId": "39269366007450814960296019142855830900426629503072272384" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899275000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899275 1760899352 - NODATA", - "ingestionTime": 1760899371464, - "eventId": "39269366052052305357357265408817078540645514115318808576" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899291000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899291 1760899367 - NODATA", - "ingestionTime": 1760899390402, - "eventId": "39269366408864228533847235696283450762548894208316080128" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899303000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899303 1760899380 - NODATA", - "ingestionTime": 1760899399395, - "eventId": "39269366676473170916214713405583375986398277744453156864" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899307000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899307 1760899384 - NODATA", - "ingestionTime": 1760899410029, - "eventId": "39269366765676151710337205984582080515597986510266630144" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899310000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899310 1760899379 - NODATA", - "ingestionTime": 1760899433219, - "eventId": "39269366832578387305929075437224527699752125344533053440" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899314000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899314 1760899394 - NODATA", - "ingestionTime": 1760899418894, - "eventId": "39269366921781368100051567986049717306332660931861872640" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899322000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899322 1760899403 - NODATA", - "ingestionTime": 1760899428250, - "eventId": "39269367100187329688296553129645846721084489476922867712" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899335000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899335 1760899412 - NODATA", - "ingestionTime": 1760899433229, - "eventId": "39269367390097017269194653975629748732390472004675108864" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899335000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899335 1760899418 - NODATA", - "ingestionTime": 1760899444045, - "eventId": "39269367390097017269194653988704937156474046665124282368" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899351000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899351 1760899426 - NODATA", - "ingestionTime": 1760899450863, - "eventId": "39269367746908940445684624261519183700000033952722321408" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899363000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899363 1760899441 - NODATA", - "ingestionTime": 1760899461247, - "eventId": "39269368014517882828052101972501331045545810129543692288" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899364000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899364 1760899446 - NODATA", - "ingestionTime": 1760899468555, - "eventId": "39269368036818628026582725122871818569149878791262961664" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899367000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899367 1760899437 - NODATA", - "ingestionTime": 1760899492360, - "eventId": "39269368103720863622174594576257299469602032595912818688" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899371000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899371 1760899451 - NODATA", - "ingestionTime": 1760899479465, - "eventId": "39269368192923844416297087126810934162937552827837972480" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899383000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899383 1760899467 - NODATA", - "ingestionTime": 1760899490099, - "eventId": "39269368460532786798664564838095442697030093502723784704" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899394000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899394 1760899478 - NODATA", - "ingestionTime": 1760899502794, - "eventId": "39269368705840983982501419410335527383627721259566039040" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899399000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899399 1760899475 - NODATA", - "ingestionTime": 1760899493057, - "eventId": "39269368817344709975154535106242973873413473154290745344" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899409000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899409 1760899488 - NODATA", - "ingestionTime": 1760899515333, - "eventId": "39269369040352161960460766548530326175156119273020653568" - } - ] - }, - "tags": [] - } - }, - "group": { - "name": "cloudwatch" - }, - "labels": [], - "name": "/aws/vpc-flow-log/vpc-007d791b9b857543e", - "type": "AwsLogsLogGroup", - "uid": "arn:aws:logs:eu-west-1:211203495394:log-group:/aws/vpc-flow-log/vpc-007d791b9b857543e:*" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Add Log Retention policy of specific days to log groups. This will persist logs and traces for a long time.", - "references": [ - "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/AWS_Logs.html" - ] - }, - "risk_details": "If log groups have a low retention policy of less than specific days, crucial logs and data can be lost.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudWatch log groups found with metric filters or alarms associated.", - "metadata": { - "event_code": "cloudwatch_log_metric_filter_and_alarm_for_aws_config_configuration_changes_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudWatch log groups found with metric filters or alarms associated.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Logging and Monitoring", - "compliance": { - "SOC2": [ - "cc_5_2" - ], - "C5-2025": [ - "OIS-04.03B", - "OIS-04.01AC", - "OIS-04.02AC", - "HR-03.02AC", - "AM-01.01AC", - "AM-09.03AC", - "OPS-11.02AC", - "OPS-13.03AC", - "OPS-26.05B", - "OPS-26.01AS", - "OPS-26.06B", - "PSS-04.01B" - ], - "NIST-CSF-1.1": [ - "cm_2", - "ra_5", - "sc_4" - ], - "CIS-3.0": [ - "4.9" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "4.9" - ], - "GDPR": [ - "article_25" - ], - "CIS-5.0": [ - "4.9" - ], - "CIS-1.4": [ - "4.9" - ], - "CCC": [ - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.Core.CN04.AR01" - ], - "ProwlerThreatScore-1.0": [ - "3.3.10" - ], - "CIS-1.5": [ - "4.9" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP04" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "KISA-ISMS-P-2023": [ - "2.10.1", - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1496" - ], - "CIS-2.0": [ - "4.9" - ], - "NIS2": [ - "2.2.3", - "3.2.3.c", - "3.2.3.f", - "3.2.3.g", - "3.5.4", - "7.2.b" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure a log metric filter and alarm exist for AWS Config configuration changes.", - "title": "Ensure a log metric filter and alarm exist for AWS Config configuration changes.", - "types": [ - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudwatch_log_metric_filter_and_alarm_for_aws_config_configuration_changes_enabled-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudwatch" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudWatchAlarm", - "uid": "arn:aws:logs:us-east-1:211203495394:log-group" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "It is recommended that a metric filter and alarm be established for unauthorized requests.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html" - ] - }, - "risk_details": "Monitoring unauthorized API calls will help reveal application errors and may reduce time to detect malicious activity.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudWatch log groups found with metric filters or alarms associated.", - "metadata": { - "event_code": "cloudwatch_log_metric_filter_and_alarm_for_cloudtrail_configuration_changes_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudWatch log groups found with metric filters or alarms associated.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Logging and Monitoring", - "compliance": { - "SOC2": [ - "cc_5_2" - ], - "C5-2025": [ - "OIS-04.03B", - "OIS-04.01AC", - "OIS-04.02AC", - "HR-03.02AC", - "AM-01.01AC", - "AM-09.03AC", - "OPS-11.02AC", - "OPS-13.03AC", - "OPS-26.05B", - "OPS-26.01AS", - "OPS-26.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-04.01B" - ], - "NIST-CSF-1.1": [ - "cm_2", - "ra_5", - "sc_4" - ], - "CIS-3.0": [ - "4.5" - ], - "ENS-RD2022": [ - "op.exp.8.aws.ct.2", - "op.exp.8.r1.aws.ct.2", - "op.exp.8.r1.aws.ct.3" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "4.5" - ], - "GDPR": [ - "article_25" - ], - "CIS-5.0": [ - "4.5" - ], - "CIS-1.4": [ - "4.5" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN03.AR02", - "CCC.LB.CN04.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Monitor.CN02.AR01", - "CCC.Core.CN09.AR02", - "CCC.Core.CN09.AR03", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR03" - ], - "ProwlerThreatScore-1.0": [ - "3.3.6" - ], - "CIS-1.5": [ - "4.5" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP04" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "AWS-Account-Security-Onboarding": [ - "Critical alert on cloudtrail settings changes" - ], - "KISA-ISMS-P-2023": [ - "2.10.1", - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1496" - ], - "CIS-2.0": [ - "4.5" - ], - "CISA": [ - "your-data-2" - ], - "NIS2": [ - "2.2.3", - "3.2.3.c", - "3.2.3.f", - "3.2.3.g", - "3.2.4", - "3.5.4", - "7.2.b" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure a log metric filter and alarm exist for CloudTrail configuration changes.", - "title": "Ensure a log metric filter and alarm exist for CloudTrail configuration changes.", - "types": [ - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudwatch_log_metric_filter_and_alarm_for_cloudtrail_configuration_changes_enabled-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudwatch" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudWatchAlarm", - "uid": "arn:aws:logs:us-east-1:211203495394:log-group" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "It is recommended that a metric filter and alarm be established for unauthorized requests.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html" - ] - }, - "risk_details": "Monitoring unauthorized API calls will help reveal application errors and may reduce time to detect malicious activity.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudWatch log groups found with metric filters or alarms associated.", - "metadata": { - "event_code": "cloudwatch_log_metric_filter_authentication_failures", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudWatch log groups found with metric filters or alarms associated.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Logging and Monitoring", - "compliance": { - "HIPAA": [ - "164_308_a_5_ii_c", - "164_308_a_6_i", - "164_308_a_6_ii" - ], - "C5-2025": [ - "OIS-04.01AC", - "OIS-04.02AC", - "HR-03.02AC", - "AM-01.01AC", - "AM-09.03AC", - "OPS-11.02AC", - "OPS-26.05B", - "OPS-26.01AS", - "OPS-26.06B", - "IAM-03.01AC", - "PSS-04.01B" - ], - "NIST-CSF-1.1": [ - "cm_2", - "ra_5", - "sc_4" - ], - "CIS-3.0": [ - "4.6" - ], - "ENS-RD2022": [ - "op.exp.8.aws.ct.5" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "4.6" - ], - "GDPR": [ - "article_25" - ], - "CIS-5.0": [ - "4.6" - ], - "CIS-1.4": [ - "4.6" - ], - "CCC": [ - "CCC.Monitor.CN02.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR03" - ], - "ProwlerThreatScore-1.0": [ - "3.3.7" - ], - "CIS-1.5": [ - "4.6" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP04" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "AWS-Account-Security-Onboarding": [ - "Alert on rise of ConsoleLoginFailures events" - ], - "KISA-ISMS-P-2023": [ - "2.10.1", - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1496" - ], - "CIS-2.0": [ - "4.6" - ], - "NIS2": [ - "3.2.3.c", - "3.2.3.d", - "3.2.3.g", - "3.5.4", - "7.2.b" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure a log metric filter and alarm exist for AWS Management Console authentication failures.", - "title": "Ensure a log metric filter and alarm exist for AWS Management Console authentication failures.", - "types": [ - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudwatch_log_metric_filter_authentication_failures-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudwatch" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudWatchAlarm", - "uid": "arn:aws:logs:us-east-1:211203495394:log-group" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "It is recommended that a metric filter and alarm be established for unauthorized requests.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html" - ] - }, - "risk_details": "Monitoring unauthorized API calls will help reveal application errors and may reduce time to detect malicious activity.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudWatch log groups found with metric filters or alarms associated.", - "metadata": { - "event_code": "cloudwatch_log_metric_filter_aws_organizations_changes", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudWatch log groups found with metric filters or alarms associated.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Logging and Monitoring", - "compliance": { - "SOC2": [ - "cc_5_2" - ], - "C5-2025": [ - "OIS-04.03B", - "OIS-04.01AC", - "OIS-04.02AC", - "HR-03.02AC", - "AM-01.01AC", - "AM-09.03AC", - "OPS-11.02AC", - "OPS-26.05B", - "OPS-26.01AS", - "OPS-26.06B", - "PSS-04.01B" - ], - "CIS-3.0": [ - "4.15" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "4.15" - ], - "CIS-5.0": [ - "4.15" - ], - "CIS-1.4": [ - "4.15" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR02" - ], - "ProwlerThreatScore-1.0": [ - "3.3.16" - ], - "CIS-1.5": [ - "4.15" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP04" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "KISA-ISMS-P-2023": [ - "2.10.1", - "2.10.2", - "2.11.3" - ], - "MITRE-ATTACK": [ - "T1496" - ], - "CIS-2.0": [ - "4.15" - ], - "NIS2": [ - "2.2.3", - "3.2.2", - "3.2.3.b", - "3.2.3.c", - "3.2.3.f", - "3.2.3.g", - "3.5.4", - "7.2.b", - "11.5.2.d" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure a log metric filter and alarm exist for AWS Organizations changes.", - "title": "Ensure a log metric filter and alarm exist for AWS Organizations changes.", - "types": [ - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudwatch_log_metric_filter_aws_organizations_changes-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudwatch" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudWatchAlarm", - "uid": "arn:aws:logs:us-east-1:211203495394:log-group" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "It is recommended that a metric filter and alarm be established for unauthorized requests.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html" - ] - }, - "risk_details": "Monitoring unauthorized API calls will help reveal application errors and may reduce time to detect malicious activity.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudWatch log groups found with metric filters or alarms associated.", - "metadata": { - "event_code": "cloudwatch_log_metric_filter_disable_or_scheduled_deletion_of_kms_cmk", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudWatch log groups found with metric filters or alarms associated.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Logging and Monitoring", - "compliance": { - "C5-2025": [ - "OIS-04.02AC", - "OIS-08.02B", - "HR-03.02AC", - "AM-01.01AC", - "AM-07.02B", - "AM-09.03AC", - "OPS-11.02AC", - "OPS-26.05B", - "OPS-26.01AS", - "OPS-26.06B", - "CRY-05.02B", - "PSS-04.01B" - ], - "NIST-CSF-1.1": [ - "cm_2", - "ra_5", - "sc_4" - ], - "CIS-3.0": [ - "4.7" - ], - "ENS-RD2022": [ - "op.exp.10.aws.cmk.4", - "op.exp.10.aws.cmk.5" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "4.7" - ], - "GDPR": [ - "article_25" - ], - "CIS-5.0": [ - "4.7" - ], - "CIS-1.4": [ - "4.7" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR02", - "CCC.Core.CN04.AR01" - ], - "ProwlerThreatScore-1.0": [ - "3.3.8" - ], - "CIS-1.5": [ - "4.7" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP04" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "KISA-ISMS-P-2023": [ - "2.10.1", - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.10.1", - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1485", - "T1496" - ], - "CIS-2.0": [ - "4.7" - ], - "NIS2": [ - "3.2.3.c", - "3.2.3.g", - "3.5.4", - "7.2.b" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure a log metric filter and alarm exist for disabling or scheduled deletion of customer created KMS CMKs.", - "title": "Ensure a log metric filter and alarm exist for disabling or scheduled deletion of customer created KMS CMKs.", - "types": [ - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudwatch_log_metric_filter_disable_or_scheduled_deletion_of_kms_cmk-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudwatch" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudWatchAlarm", - "uid": "arn:aws:logs:us-east-1:211203495394:log-group" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "It is recommended that a metric filter and alarm be established for unauthorized requests.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html" - ] - }, - "risk_details": "Monitoring unauthorized API calls will help reveal application errors and may reduce time to detect malicious activity.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudWatch log groups found with metric filters or alarms associated.", - "metadata": { - "event_code": "cloudwatch_log_metric_filter_for_s3_bucket_policy_changes", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudWatch log groups found with metric filters or alarms associated.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Logging and Monitoring", - "compliance": { - "SOC2": [ - "cc_5_2" - ], - "C5-2025": [ - "OIS-04.03B", - "OIS-04.01AC", - "OIS-04.02AC", - "HR-03.02AC", - "AM-01.01AC", - "AM-09.03AC", - "OPS-11.02AC", - "OPS-26.05B", - "OPS-26.01AS", - "OPS-26.06B", - "PSS-04.01B" - ], - "NIST-CSF-1.1": [ - "cm_2", - "ra_5", - "sc_4" - ], - "CIS-3.0": [ - "4.8" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "4.8" - ], - "GDPR": [ - "article_25" - ], - "CIS-5.0": [ - "4.8" - ], - "CIS-1.4": [ - "4.8" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR02", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.Core.CN04.AR01" - ], - "ProwlerThreatScore-1.0": [ - "3.3.9" - ], - "CIS-1.5": [ - "4.8" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP04" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "KISA-ISMS-P-2023": [ - "2.10.1", - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1496" - ], - "CIS-2.0": [ - "4.8" - ], - "NIS2": [ - "2.2.3", - "3.2.3.b", - "3.2.3.c", - "3.2.3.f", - "3.2.3.g", - "3.5.4", - "7.2.b" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure a log metric filter and alarm exist for S3 bucket policy changes.", - "title": "Ensure a log metric filter and alarm exist for S3 bucket policy changes.", - "types": [ - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudwatch_log_metric_filter_for_s3_bucket_policy_changes-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudwatch" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudWatchAlarm", - "uid": "arn:aws:logs:us-east-1:211203495394:log-group" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "It is recommended that a metric filter and alarm be established for unauthorized requests.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html" - ] - }, - "risk_details": "Monitoring unauthorized API calls will help reveal application errors and may reduce time to detect malicious activity.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudWatch log groups found with metric filters or alarms associated.", - "metadata": { - "event_code": "cloudwatch_log_metric_filter_policy_changes", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudWatch log groups found with metric filters or alarms associated.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Logging and Monitoring", - "compliance": { - "SOC2": [ - "cc_5_2" - ], - "C5-2025": [ - "OIS-04.03B", - "OIS-04.01AC", - "OIS-04.02AC", - "HR-03.02AC", - "AM-01.01AC", - "AM-09.03AC", - "OPS-11.02AC", - "OPS-26.05B", - "OPS-26.01AS", - "OPS-26.06B", - "PSS-04.01B" - ], - "NIST-CSF-1.1": [ - "cm_2", - "ra_5", - "sc_4" - ], - "CIS-3.0": [ - "4.4" - ], - "ENS-RD2022": [ - "op.exp.8.aws.ct.5" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "4.4" - ], - "GDPR": [ - "article_25" - ], - "PCI-3.2.1": [ - "8.1", - "8.1.2" - ], - "CIS-5.0": [ - "4.4" - ], - "CIS-1.4": [ - "4.4" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.Core.CN04.AR01" - ], - "ProwlerThreatScore-1.0": [ - "3.3.5" - ], - "CIS-1.5": [ - "4.4" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP04" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "KISA-ISMS-P-2023": [ - "2.10.1", - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1496" - ], - "CIS-2.0": [ - "4.4" - ], - "NIS2": [ - "2.2.3", - "3.2.2", - "3.2.3.b", - "3.2.3.c", - "3.2.3.f", - "3.2.3.g", - "3.5.4", - "7.2.b", - "11.5.2.d" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure a log metric filter and alarm exist for IAM policy changes.", - "title": "Ensure a log metric filter and alarm exist for IAM policy changes.", - "types": [ - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudwatch_log_metric_filter_policy_changes-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudwatch" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudWatchAlarm", - "uid": "arn:aws:logs:us-east-1:211203495394:log-group" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "It is recommended that a metric filter and alarm be established for unauthorized requests.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html" - ] - }, - "risk_details": "Monitoring unauthorized API calls will help reveal application errors and may reduce time to detect malicious activity.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudWatch log groups found with metric filters or alarms associated.", - "metadata": { - "event_code": "cloudwatch_log_metric_filter_root_usage", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudWatch log groups found with metric filters or alarms associated.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Logging and Monitoring", - "compliance": { - "HIPAA": [ - "164_308_a_6_i", - "164_308_a_6_ii" - ], - "C5-2025": [ - "OIS-04.01AC", - "OIS-04.02AC", - "HR-03.02AC", - "AM-01.01AC", - "AM-09.03AC", - "OPS-11.02AC", - "OPS-26.05B", - "OPS-26.01AS", - "OPS-26.06B", - "IAM-03.01B", - "IAM-03.03B", - "IAM-06.04B", - "IAM-06.05B", - "PSS-04.01B" - ], - "NIST-CSF-1.1": [ - "cm_2", - "ra_5", - "sc_4" - ], - "CIS-3.0": [ - "4.3" - ], - "ENS-RD2022": [ - "op.exp.8.aws.ct.5", - "op.exp.8.aws.cw.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "4.3" - ], - "GDPR": [ - "article_25" - ], - "PCI-3.2.1": [ - "7.2", - "7.2.1" - ], - "CIS-5.0": [ - "4.3" - ], - "CIS-1.4": [ - "4.3" - ], - "CCC": [ - "CCC.Core.CN04.AR01" - ], - "ProwlerThreatScore-1.0": [ - "3.3.4" - ], - "CIS-1.5": [ - "4.3" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP04" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "AWS-Account-Security-Onboarding": [ - "Critical alert on every root user activity" - ], - "KISA-ISMS-P-2023": [ - "2.10.1", - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1496" - ], - "CIS-2.0": [ - "4.3" - ], - "NIS2": [ - "2.3.1", - "3.2.1", - "3.2.2", - "3.2.3.c", - "3.2.3.e", - "3.2.3.g", - "3.5.4", - "7.2.b", - "9.2.c.vii" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure a log metric filter and alarm exist for usage of root account.", - "title": "Ensure a log metric filter and alarm exist for usage of root account.", - "types": [ - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudwatch_log_metric_filter_root_usage-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudwatch" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudWatchAlarm", - "uid": "arn:aws:logs:us-east-1:211203495394:log-group" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "It is recommended that a metric filter and alarm be established for unauthorized requests.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html" - ] - }, - "risk_details": "Monitoring unauthorized API calls will help reveal application errors and may reduce time to detect malicious activity.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudWatch log groups found with metric filters or alarms associated.", - "metadata": { - "event_code": "cloudwatch_log_metric_filter_security_group_changes", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudWatch log groups found with metric filters or alarms associated.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Logging and Monitoring", - "compliance": { - "SOC2": [ - "cc_5_2" - ], - "C5-2025": [ - "OIS-04.03B", - "OIS-04.01AC", - "OIS-04.02AC", - "HR-03.02AC", - "AM-01.01AC", - "AM-09.03AC", - "OPS-11.02AC", - "OPS-26.05B", - "OPS-26.01AS", - "OPS-26.06B", - "PSS-04.01B" - ], - "NIST-CSF-1.1": [ - "cm_2", - "ra_5", - "sc_4" - ], - "CIS-3.0": [ - "4.10" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "4.10" - ], - "GDPR": [ - "article_25" - ], - "CIS-5.0": [ - "4.10" - ], - "CIS-1.4": [ - "4.10" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.Core.CN04.AR01" - ], - "ProwlerThreatScore-1.0": [ - "3.3.11" - ], - "CIS-1.5": [ - "4.10" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP04" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "KISA-ISMS-P-2023": [ - "2.10.1", - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1496" - ], - "CIS-2.0": [ - "4.10" - ], - "NIS2": [ - "2.2.3", - "3.2.2", - "3.2.3.b", - "3.2.3.c", - "3.2.3.f", - "3.2.3.g", - "3.5.4", - "11.5.2.d" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure a log metric filter and alarm exist for security group changes.", - "title": "Ensure a log metric filter and alarm exist for security group changes.", - "types": [ - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudwatch_log_metric_filter_security_group_changes-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudwatch" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudWatchAlarm", - "uid": "arn:aws:logs:us-east-1:211203495394:log-group" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "It is recommended that a metric filter and alarm be established for unauthorized requests.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html" - ] - }, - "risk_details": "Monitoring unauthorized API calls will help reveal application errors and may reduce time to detect malicious activity.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudWatch log groups found with metric filters or alarms associated.", - "metadata": { - "event_code": "cloudwatch_log_metric_filter_sign_in_without_mfa", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudWatch log groups found with metric filters or alarms associated.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Logging and Monitoring", - "compliance": { - "C5-2025": [ - "OIS-04.01AC", - "OIS-04.02AC", - "HR-03.02AC", - "AM-01.01AC", - "AM-09.03AC", - "OPS-11.02AC", - "OPS-16.01B", - "OPS-26.05B", - "OPS-26.01AS", - "OPS-26.06B", - "IAM-03.01AC", - "IAM-09.02B", - "IAM-09.01AC", - "PSS-04.01B", - "PSS-05.01B", - "PSS-07.02B" - ], - "NIST-CSF-1.1": [ - "cm_2", - "ra_5", - "sc_4" - ], - "CIS-3.0": [ - "4.2" - ], - "ENS-RD2022": [ - "op.exp.8.aws.ct.5" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "4.2" - ], - "GDPR": [ - "article_25" - ], - "CIS-5.0": [ - "4.2" - ], - "CIS-1.4": [ - "4.2" - ], - "CCC": [ - "CCC.Core.CN04.AR01" - ], - "ProwlerThreatScore-1.0": [ - "3.3.3" - ], - "CIS-1.5": [ - "4.2" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP04" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "KISA-ISMS-P-2023": [ - "2.10.1", - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1496" - ], - "CIS-2.0": [ - "4.2" - ], - "NIS2": [ - "3.2.3.c", - "3.2.3.d", - "3.2.3.g", - "3.5.4", - "9.2.c.vii", - "11.7.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure a log metric filter and alarm exist for Management Console sign-in without MFA.", - "title": "Ensure a log metric filter and alarm exist for Management Console sign-in without MFA.", - "types": [ - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudwatch_log_metric_filter_sign_in_without_mfa-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudwatch" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudWatchAlarm", - "uid": "arn:aws:logs:us-east-1:211203495394:log-group" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "It is recommended that a metric filter and alarm be established for unauthorized requests.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html" - ] - }, - "risk_details": "Monitoring unauthorized API calls will help reveal application errors and may reduce time to detect malicious activity.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudWatch log groups found with metric filters or alarms associated.", - "metadata": { - "event_code": "cloudwatch_log_metric_filter_unauthorized_api_calls", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudWatch log groups found with metric filters or alarms associated.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Logging and Monitoring", - "compliance": { - "C5-2025": [ - "OIS-04.01AC", - "OIS-04.02AC", - "HR-03.02AC", - "AM-01.01AC", - "AM-09.03AC", - "OPS-11.02AC", - "OPS-26.05B", - "OPS-26.01AS", - "OPS-26.06B", - "IAM-06.05B", - "PSS-04.01B" - ], - "NIST-CSF-1.1": [ - "cm_2", - "ra_5", - "sc_4" - ], - "CIS-3.0": [ - "4.1" - ], - "ENS-RD2022": [ - "op.exp.8.aws.ct.5" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "4.1" - ], - "GDPR": [ - "article_25" - ], - "CIS-5.0": [ - "4.1" - ], - "CIS-1.4": [ - "4.1" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.Core.CN04.AR01" - ], - "ProwlerThreatScore-1.0": [ - "3.3.2" - ], - "CIS-1.5": [ - "4.1" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP04" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "KISA-ISMS-P-2023": [ - "2.10.1", - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1496" - ], - "CIS-2.0": [ - "4.1" - ], - "NIS2": [ - "3.2.3.c", - "3.2.3.g", - "3.2.4", - "3.4.2.c", - "3.5.4" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure a log metric filter and alarm exist for unauthorized API calls.", - "title": "Ensure a log metric filter and alarm exist for unauthorized API calls.", - "types": [ - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudwatch_log_metric_filter_unauthorized_api_calls-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudwatch" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudWatchAlarm", - "uid": "arn:aws:logs:us-east-1:211203495394:log-group" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "It is recommended that a metric filter and alarm be established for unauthorized requests.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html" - ] - }, - "risk_details": "Monitoring unauthorized API calls will help reveal application errors and may reduce time to detect malicious activity.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "AWS Config recorder 211203495394 is disabled.", - "metadata": { - "event_code": "config_recorder_all_regions_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "AWS Config recorder 211203495394 is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "logging", - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://repost.aws/es/questions/QUGcgeerhcTamRkwgdwh_tLQ/enable-aws-config", - "https://www.tenable.com/audits/items/CIS_Amazon_Web_Services_Foundations_v1.5.0_L2.audit:6a5136528bd329139e5969f8f1e5ffbc", - "https://aws.amazon.com/blogs/mt/aws-config-best-practices/" - ], - "notes": "", - "compliance": { - "HIPAA": [ - "164_308_a_1_ii_a" - ], - "SOC2": [ - "cc_2_1", - "cc_3_1", - "cc_3_4", - "cc_8_1" - ], - "C5-2025": [ - "OIS-05.01B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "DEV-08.02B" - ], - "NIST-CSF-1.1": [ - "cm_2", - "am_1", - "ra_5", - "sc_4", - "ip_12" - ], - "CIS-3.0": [ - "3.3" - ], - "ENS-RD2022": [ - "op.exp.1.aws.cfg.1", - "op.exp.1.aws.cfg.2", - "op.exp.3.aws.cfg.1", - "op.exp.3.r3.aws.cfg.1", - "op.mon.3.r2.aws.cfg.1", - "op.mon.3.r6.aws.cfg.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "3.3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "2.4", - "2.4.a", - "10.5", - "10.5.2", - "11.5", - "11.5.a", - "11.5.b" - ], - "CIS-5.0": [ - "3.3" - ], - "CIS-1.4": [ - "3.5" - ], - "GxP-EU-Annex-11": [ - "10-change-and-configuration-management", - "4.5-validation-development-quality", - "4.6-validation-quality-performance" - ], - "ProwlerThreatScore-1.0": [ - "3.3.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "Config.1" - ], - "CIS-1.5": [ - "3.5" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.22" - ], - "AWS-Account-Security-Onboarding": [ - "Enable continuous recording for most of the resources", - "Confirm that records are present in central aggregator" - ], - "KISA-ISMS-P-2023": [ - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1190", - "T1078", - "T1204", - "T1098", - "T1136", - "T1525", - "T1562", - "T1110", - "T1040", - "T1119", - "T1530", - "T1485", - "T1486", - "T1491", - "T1499", - "T1496", - "T1498" - ], - "CIS-2.0": [ - "3.5" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "**AWS accounts** have **AWS Config recorders** active and healthy in each Region. It identifies Regions with no recorder, a disabled recorder, or a recorder in a failure state.", - "title": "AWS Config recorder is enabled and not in failure state or disabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-config_recorder_all_regions_enabled-211203495394-ap-northeast-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-northeast-1", - "data": { - "details": "", - "metadata": { - "name": "211203495394", - "role_arn": "", - "recording": null, - "last_status": null, - "region": "ap-northeast-1" - } - }, - "group": { - "name": "config" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:config:ap-northeast-1:211203495394:recorder" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-northeast-1" - }, - "remediation": { - "desc": "Enable **AWS Config** in every Region with continuous recording and maintain healthy recorder status.", - "references": [ - "https://hub.prowler.com/check/config_recorder_all_regions_enabled" - ] - }, - "risk_details": "**Gaps in Config recording** create **blind spots**. Changes in unmonitored Regions aren't captured, weakening **integrity** and **auditability**. Adversaries can alter resources or stage assets unnoticed, enabling misconfigurations and delaying **incident response**.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "AWS Config recorder 211203495394 is disabled.", - "metadata": { - "event_code": "config_recorder_all_regions_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "AWS Config recorder 211203495394 is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "logging", - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://repost.aws/es/questions/QUGcgeerhcTamRkwgdwh_tLQ/enable-aws-config", - "https://www.tenable.com/audits/items/CIS_Amazon_Web_Services_Foundations_v1.5.0_L2.audit:6a5136528bd329139e5969f8f1e5ffbc", - "https://aws.amazon.com/blogs/mt/aws-config-best-practices/" - ], - "notes": "", - "compliance": { - "HIPAA": [ - "164_308_a_1_ii_a" - ], - "SOC2": [ - "cc_2_1", - "cc_3_1", - "cc_3_4", - "cc_8_1" - ], - "C5-2025": [ - "OIS-05.01B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "DEV-08.02B" - ], - "NIST-CSF-1.1": [ - "cm_2", - "am_1", - "ra_5", - "sc_4", - "ip_12" - ], - "CIS-3.0": [ - "3.3" - ], - "ENS-RD2022": [ - "op.exp.1.aws.cfg.1", - "op.exp.1.aws.cfg.2", - "op.exp.3.aws.cfg.1", - "op.exp.3.r3.aws.cfg.1", - "op.mon.3.r2.aws.cfg.1", - "op.mon.3.r6.aws.cfg.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "3.3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "2.4", - "2.4.a", - "10.5", - "10.5.2", - "11.5", - "11.5.a", - "11.5.b" - ], - "CIS-5.0": [ - "3.3" - ], - "CIS-1.4": [ - "3.5" - ], - "GxP-EU-Annex-11": [ - "10-change-and-configuration-management", - "4.5-validation-development-quality", - "4.6-validation-quality-performance" - ], - "ProwlerThreatScore-1.0": [ - "3.3.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "Config.1" - ], - "CIS-1.5": [ - "3.5" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.22" - ], - "AWS-Account-Security-Onboarding": [ - "Enable continuous recording for most of the resources", - "Confirm that records are present in central aggregator" - ], - "KISA-ISMS-P-2023": [ - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1190", - "T1078", - "T1204", - "T1098", - "T1136", - "T1525", - "T1562", - "T1110", - "T1040", - "T1119", - "T1530", - "T1485", - "T1486", - "T1491", - "T1499", - "T1496", - "T1498" - ], - "CIS-2.0": [ - "3.5" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "**AWS accounts** have **AWS Config recorders** active and healthy in each Region. It identifies Regions with no recorder, a disabled recorder, or a recorder in a failure state.", - "title": "AWS Config recorder is enabled and not in failure state or disabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-config_recorder_all_regions_enabled-211203495394-ap-northeast-2-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-northeast-2", - "data": { - "details": "", - "metadata": { - "name": "211203495394", - "role_arn": "", - "recording": null, - "last_status": null, - "region": "ap-northeast-2" - } - }, - "group": { - "name": "config" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:config:ap-northeast-2:211203495394:recorder" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-northeast-2" - }, - "remediation": { - "desc": "Enable **AWS Config** in every Region with continuous recording and maintain healthy recorder status.", - "references": [ - "https://hub.prowler.com/check/config_recorder_all_regions_enabled" - ] - }, - "risk_details": "**Gaps in Config recording** create **blind spots**. Changes in unmonitored Regions aren't captured, weakening **integrity** and **auditability**. Adversaries can alter resources or stage assets unnoticed, enabling misconfigurations and delaying **incident response**.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "AWS Config recorder 211203495394 is disabled.", - "metadata": { - "event_code": "config_recorder_all_regions_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "AWS Config recorder 211203495394 is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "logging", - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://repost.aws/es/questions/QUGcgeerhcTamRkwgdwh_tLQ/enable-aws-config", - "https://www.tenable.com/audits/items/CIS_Amazon_Web_Services_Foundations_v1.5.0_L2.audit:6a5136528bd329139e5969f8f1e5ffbc", - "https://aws.amazon.com/blogs/mt/aws-config-best-practices/" - ], - "notes": "", - "compliance": { - "HIPAA": [ - "164_308_a_1_ii_a" - ], - "SOC2": [ - "cc_2_1", - "cc_3_1", - "cc_3_4", - "cc_8_1" - ], - "C5-2025": [ - "OIS-05.01B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "DEV-08.02B" - ], - "NIST-CSF-1.1": [ - "cm_2", - "am_1", - "ra_5", - "sc_4", - "ip_12" - ], - "CIS-3.0": [ - "3.3" - ], - "ENS-RD2022": [ - "op.exp.1.aws.cfg.1", - "op.exp.1.aws.cfg.2", - "op.exp.3.aws.cfg.1", - "op.exp.3.r3.aws.cfg.1", - "op.mon.3.r2.aws.cfg.1", - "op.mon.3.r6.aws.cfg.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "3.3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "2.4", - "2.4.a", - "10.5", - "10.5.2", - "11.5", - "11.5.a", - "11.5.b" - ], - "CIS-5.0": [ - "3.3" - ], - "CIS-1.4": [ - "3.5" - ], - "GxP-EU-Annex-11": [ - "10-change-and-configuration-management", - "4.5-validation-development-quality", - "4.6-validation-quality-performance" - ], - "ProwlerThreatScore-1.0": [ - "3.3.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "Config.1" - ], - "CIS-1.5": [ - "3.5" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.22" - ], - "AWS-Account-Security-Onboarding": [ - "Enable continuous recording for most of the resources", - "Confirm that records are present in central aggregator" - ], - "KISA-ISMS-P-2023": [ - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1190", - "T1078", - "T1204", - "T1098", - "T1136", - "T1525", - "T1562", - "T1110", - "T1040", - "T1119", - "T1530", - "T1485", - "T1486", - "T1491", - "T1499", - "T1496", - "T1498" - ], - "CIS-2.0": [ - "3.5" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "**AWS accounts** have **AWS Config recorders** active and healthy in each Region. It identifies Regions with no recorder, a disabled recorder, or a recorder in a failure state.", - "title": "AWS Config recorder is enabled and not in failure state or disabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-config_recorder_all_regions_enabled-211203495394-ap-northeast-3-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-northeast-3", - "data": { - "details": "", - "metadata": { - "name": "211203495394", - "role_arn": "", - "recording": null, - "last_status": null, - "region": "ap-northeast-3" - } - }, - "group": { - "name": "config" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:config:ap-northeast-3:211203495394:recorder" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-northeast-3" - }, - "remediation": { - "desc": "Enable **AWS Config** in every Region with continuous recording and maintain healthy recorder status.", - "references": [ - "https://hub.prowler.com/check/config_recorder_all_regions_enabled" - ] - }, - "risk_details": "**Gaps in Config recording** create **blind spots**. Changes in unmonitored Regions aren't captured, weakening **integrity** and **auditability**. Adversaries can alter resources or stage assets unnoticed, enabling misconfigurations and delaying **incident response**.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "AWS Config recorder 211203495394 is disabled.", - "metadata": { - "event_code": "config_recorder_all_regions_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "AWS Config recorder 211203495394 is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "logging", - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://repost.aws/es/questions/QUGcgeerhcTamRkwgdwh_tLQ/enable-aws-config", - "https://www.tenable.com/audits/items/CIS_Amazon_Web_Services_Foundations_v1.5.0_L2.audit:6a5136528bd329139e5969f8f1e5ffbc", - "https://aws.amazon.com/blogs/mt/aws-config-best-practices/" - ], - "notes": "", - "compliance": { - "HIPAA": [ - "164_308_a_1_ii_a" - ], - "SOC2": [ - "cc_2_1", - "cc_3_1", - "cc_3_4", - "cc_8_1" - ], - "C5-2025": [ - "OIS-05.01B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "DEV-08.02B" - ], - "NIST-CSF-1.1": [ - "cm_2", - "am_1", - "ra_5", - "sc_4", - "ip_12" - ], - "CIS-3.0": [ - "3.3" - ], - "ENS-RD2022": [ - "op.exp.1.aws.cfg.1", - "op.exp.1.aws.cfg.2", - "op.exp.3.aws.cfg.1", - "op.exp.3.r3.aws.cfg.1", - "op.mon.3.r2.aws.cfg.1", - "op.mon.3.r6.aws.cfg.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "3.3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "2.4", - "2.4.a", - "10.5", - "10.5.2", - "11.5", - "11.5.a", - "11.5.b" - ], - "CIS-5.0": [ - "3.3" - ], - "CIS-1.4": [ - "3.5" - ], - "GxP-EU-Annex-11": [ - "10-change-and-configuration-management", - "4.5-validation-development-quality", - "4.6-validation-quality-performance" - ], - "ProwlerThreatScore-1.0": [ - "3.3.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "Config.1" - ], - "CIS-1.5": [ - "3.5" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.22" - ], - "AWS-Account-Security-Onboarding": [ - "Enable continuous recording for most of the resources", - "Confirm that records are present in central aggregator" - ], - "KISA-ISMS-P-2023": [ - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1190", - "T1078", - "T1204", - "T1098", - "T1136", - "T1525", - "T1562", - "T1110", - "T1040", - "T1119", - "T1530", - "T1485", - "T1486", - "T1491", - "T1499", - "T1496", - "T1498" - ], - "CIS-2.0": [ - "3.5" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "**AWS accounts** have **AWS Config recorders** active and healthy in each Region. It identifies Regions with no recorder, a disabled recorder, or a recorder in a failure state.", - "title": "AWS Config recorder is enabled and not in failure state or disabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-config_recorder_all_regions_enabled-211203495394-ap-south-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-south-1", - "data": { - "details": "", - "metadata": { - "name": "211203495394", - "role_arn": "", - "recording": null, - "last_status": null, - "region": "ap-south-1" - } - }, - "group": { - "name": "config" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:config:ap-south-1:211203495394:recorder" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-south-1" - }, - "remediation": { - "desc": "Enable **AWS Config** in every Region with continuous recording and maintain healthy recorder status.", - "references": [ - "https://hub.prowler.com/check/config_recorder_all_regions_enabled" - ] - }, - "risk_details": "**Gaps in Config recording** create **blind spots**. Changes in unmonitored Regions aren't captured, weakening **integrity** and **auditability**. Adversaries can alter resources or stage assets unnoticed, enabling misconfigurations and delaying **incident response**.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "AWS Config recorder 211203495394 is disabled.", - "metadata": { - "event_code": "config_recorder_all_regions_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "AWS Config recorder 211203495394 is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "logging", - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://repost.aws/es/questions/QUGcgeerhcTamRkwgdwh_tLQ/enable-aws-config", - "https://www.tenable.com/audits/items/CIS_Amazon_Web_Services_Foundations_v1.5.0_L2.audit:6a5136528bd329139e5969f8f1e5ffbc", - "https://aws.amazon.com/blogs/mt/aws-config-best-practices/" - ], - "notes": "", - "compliance": { - "HIPAA": [ - "164_308_a_1_ii_a" - ], - "SOC2": [ - "cc_2_1", - "cc_3_1", - "cc_3_4", - "cc_8_1" - ], - "C5-2025": [ - "OIS-05.01B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "DEV-08.02B" - ], - "NIST-CSF-1.1": [ - "cm_2", - "am_1", - "ra_5", - "sc_4", - "ip_12" - ], - "CIS-3.0": [ - "3.3" - ], - "ENS-RD2022": [ - "op.exp.1.aws.cfg.1", - "op.exp.1.aws.cfg.2", - "op.exp.3.aws.cfg.1", - "op.exp.3.r3.aws.cfg.1", - "op.mon.3.r2.aws.cfg.1", - "op.mon.3.r6.aws.cfg.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "3.3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "2.4", - "2.4.a", - "10.5", - "10.5.2", - "11.5", - "11.5.a", - "11.5.b" - ], - "CIS-5.0": [ - "3.3" - ], - "CIS-1.4": [ - "3.5" - ], - "GxP-EU-Annex-11": [ - "10-change-and-configuration-management", - "4.5-validation-development-quality", - "4.6-validation-quality-performance" - ], - "ProwlerThreatScore-1.0": [ - "3.3.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "Config.1" - ], - "CIS-1.5": [ - "3.5" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.22" - ], - "AWS-Account-Security-Onboarding": [ - "Enable continuous recording for most of the resources", - "Confirm that records are present in central aggregator" - ], - "KISA-ISMS-P-2023": [ - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1190", - "T1078", - "T1204", - "T1098", - "T1136", - "T1525", - "T1562", - "T1110", - "T1040", - "T1119", - "T1530", - "T1485", - "T1486", - "T1491", - "T1499", - "T1496", - "T1498" - ], - "CIS-2.0": [ - "3.5" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "**AWS accounts** have **AWS Config recorders** active and healthy in each Region. It identifies Regions with no recorder, a disabled recorder, or a recorder in a failure state.", - "title": "AWS Config recorder is enabled and not in failure state or disabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-config_recorder_all_regions_enabled-211203495394-ap-southeast-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-southeast-1", - "data": { - "details": "", - "metadata": { - "name": "211203495394", - "role_arn": "", - "recording": null, - "last_status": null, - "region": "ap-southeast-1" - } - }, - "group": { - "name": "config" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:config:ap-southeast-1:211203495394:recorder" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-southeast-1" - }, - "remediation": { - "desc": "Enable **AWS Config** in every Region with continuous recording and maintain healthy recorder status.", - "references": [ - "https://hub.prowler.com/check/config_recorder_all_regions_enabled" - ] - }, - "risk_details": "**Gaps in Config recording** create **blind spots**. Changes in unmonitored Regions aren't captured, weakening **integrity** and **auditability**. Adversaries can alter resources or stage assets unnoticed, enabling misconfigurations and delaying **incident response**.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "AWS Config recorder 211203495394 is disabled.", - "metadata": { - "event_code": "config_recorder_all_regions_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "AWS Config recorder 211203495394 is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "logging", - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://repost.aws/es/questions/QUGcgeerhcTamRkwgdwh_tLQ/enable-aws-config", - "https://www.tenable.com/audits/items/CIS_Amazon_Web_Services_Foundations_v1.5.0_L2.audit:6a5136528bd329139e5969f8f1e5ffbc", - "https://aws.amazon.com/blogs/mt/aws-config-best-practices/" - ], - "notes": "", - "compliance": { - "HIPAA": [ - "164_308_a_1_ii_a" - ], - "SOC2": [ - "cc_2_1", - "cc_3_1", - "cc_3_4", - "cc_8_1" - ], - "C5-2025": [ - "OIS-05.01B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "DEV-08.02B" - ], - "NIST-CSF-1.1": [ - "cm_2", - "am_1", - "ra_5", - "sc_4", - "ip_12" - ], - "CIS-3.0": [ - "3.3" - ], - "ENS-RD2022": [ - "op.exp.1.aws.cfg.1", - "op.exp.1.aws.cfg.2", - "op.exp.3.aws.cfg.1", - "op.exp.3.r3.aws.cfg.1", - "op.mon.3.r2.aws.cfg.1", - "op.mon.3.r6.aws.cfg.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "3.3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "2.4", - "2.4.a", - "10.5", - "10.5.2", - "11.5", - "11.5.a", - "11.5.b" - ], - "CIS-5.0": [ - "3.3" - ], - "CIS-1.4": [ - "3.5" - ], - "GxP-EU-Annex-11": [ - "10-change-and-configuration-management", - "4.5-validation-development-quality", - "4.6-validation-quality-performance" - ], - "ProwlerThreatScore-1.0": [ - "3.3.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "Config.1" - ], - "CIS-1.5": [ - "3.5" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.22" - ], - "AWS-Account-Security-Onboarding": [ - "Enable continuous recording for most of the resources", - "Confirm that records are present in central aggregator" - ], - "KISA-ISMS-P-2023": [ - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1190", - "T1078", - "T1204", - "T1098", - "T1136", - "T1525", - "T1562", - "T1110", - "T1040", - "T1119", - "T1530", - "T1485", - "T1486", - "T1491", - "T1499", - "T1496", - "T1498" - ], - "CIS-2.0": [ - "3.5" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "**AWS accounts** have **AWS Config recorders** active and healthy in each Region. It identifies Regions with no recorder, a disabled recorder, or a recorder in a failure state.", - "title": "AWS Config recorder is enabled and not in failure state or disabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-config_recorder_all_regions_enabled-211203495394-ap-southeast-2-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-southeast-2", - "data": { - "details": "", - "metadata": { - "name": "211203495394", - "role_arn": "", - "recording": null, - "last_status": null, - "region": "ap-southeast-2" - } - }, - "group": { - "name": "config" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:config:ap-southeast-2:211203495394:recorder" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-southeast-2" - }, - "remediation": { - "desc": "Enable **AWS Config** in every Region with continuous recording and maintain healthy recorder status.", - "references": [ - "https://hub.prowler.com/check/config_recorder_all_regions_enabled" - ] - }, - "risk_details": "**Gaps in Config recording** create **blind spots**. Changes in unmonitored Regions aren't captured, weakening **integrity** and **auditability**. Adversaries can alter resources or stage assets unnoticed, enabling misconfigurations and delaying **incident response**.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "AWS Config recorder 211203495394 is disabled.", - "metadata": { - "event_code": "config_recorder_all_regions_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "AWS Config recorder 211203495394 is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "logging", - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://repost.aws/es/questions/QUGcgeerhcTamRkwgdwh_tLQ/enable-aws-config", - "https://www.tenable.com/audits/items/CIS_Amazon_Web_Services_Foundations_v1.5.0_L2.audit:6a5136528bd329139e5969f8f1e5ffbc", - "https://aws.amazon.com/blogs/mt/aws-config-best-practices/" - ], - "notes": "", - "compliance": { - "HIPAA": [ - "164_308_a_1_ii_a" - ], - "SOC2": [ - "cc_2_1", - "cc_3_1", - "cc_3_4", - "cc_8_1" - ], - "C5-2025": [ - "OIS-05.01B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "DEV-08.02B" - ], - "NIST-CSF-1.1": [ - "cm_2", - "am_1", - "ra_5", - "sc_4", - "ip_12" - ], - "CIS-3.0": [ - "3.3" - ], - "ENS-RD2022": [ - "op.exp.1.aws.cfg.1", - "op.exp.1.aws.cfg.2", - "op.exp.3.aws.cfg.1", - "op.exp.3.r3.aws.cfg.1", - "op.mon.3.r2.aws.cfg.1", - "op.mon.3.r6.aws.cfg.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "3.3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "2.4", - "2.4.a", - "10.5", - "10.5.2", - "11.5", - "11.5.a", - "11.5.b" - ], - "CIS-5.0": [ - "3.3" - ], - "CIS-1.4": [ - "3.5" - ], - "GxP-EU-Annex-11": [ - "10-change-and-configuration-management", - "4.5-validation-development-quality", - "4.6-validation-quality-performance" - ], - "ProwlerThreatScore-1.0": [ - "3.3.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "Config.1" - ], - "CIS-1.5": [ - "3.5" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.22" - ], - "AWS-Account-Security-Onboarding": [ - "Enable continuous recording for most of the resources", - "Confirm that records are present in central aggregator" - ], - "KISA-ISMS-P-2023": [ - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1190", - "T1078", - "T1204", - "T1098", - "T1136", - "T1525", - "T1562", - "T1110", - "T1040", - "T1119", - "T1530", - "T1485", - "T1486", - "T1491", - "T1499", - "T1496", - "T1498" - ], - "CIS-2.0": [ - "3.5" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "**AWS accounts** have **AWS Config recorders** active and healthy in each Region. It identifies Regions with no recorder, a disabled recorder, or a recorder in a failure state.", - "title": "AWS Config recorder is enabled and not in failure state or disabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-config_recorder_all_regions_enabled-211203495394-ca-central-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ca-central-1", - "data": { - "details": "", - "metadata": { - "name": "211203495394", - "role_arn": "", - "recording": null, - "last_status": null, - "region": "ca-central-1" - } - }, - "group": { - "name": "config" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:config:ca-central-1:211203495394:recorder" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ca-central-1" - }, - "remediation": { - "desc": "Enable **AWS Config** in every Region with continuous recording and maintain healthy recorder status.", - "references": [ - "https://hub.prowler.com/check/config_recorder_all_regions_enabled" - ] - }, - "risk_details": "**Gaps in Config recording** create **blind spots**. Changes in unmonitored Regions aren't captured, weakening **integrity** and **auditability**. Adversaries can alter resources or stage assets unnoticed, enabling misconfigurations and delaying **incident response**.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "AWS Config recorder 211203495394 is disabled.", - "metadata": { - "event_code": "config_recorder_all_regions_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "AWS Config recorder 211203495394 is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "logging", - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://repost.aws/es/questions/QUGcgeerhcTamRkwgdwh_tLQ/enable-aws-config", - "https://www.tenable.com/audits/items/CIS_Amazon_Web_Services_Foundations_v1.5.0_L2.audit:6a5136528bd329139e5969f8f1e5ffbc", - "https://aws.amazon.com/blogs/mt/aws-config-best-practices/" - ], - "notes": "", - "compliance": { - "HIPAA": [ - "164_308_a_1_ii_a" - ], - "SOC2": [ - "cc_2_1", - "cc_3_1", - "cc_3_4", - "cc_8_1" - ], - "C5-2025": [ - "OIS-05.01B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "DEV-08.02B" - ], - "NIST-CSF-1.1": [ - "cm_2", - "am_1", - "ra_5", - "sc_4", - "ip_12" - ], - "CIS-3.0": [ - "3.3" - ], - "ENS-RD2022": [ - "op.exp.1.aws.cfg.1", - "op.exp.1.aws.cfg.2", - "op.exp.3.aws.cfg.1", - "op.exp.3.r3.aws.cfg.1", - "op.mon.3.r2.aws.cfg.1", - "op.mon.3.r6.aws.cfg.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "3.3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "2.4", - "2.4.a", - "10.5", - "10.5.2", - "11.5", - "11.5.a", - "11.5.b" - ], - "CIS-5.0": [ - "3.3" - ], - "CIS-1.4": [ - "3.5" - ], - "GxP-EU-Annex-11": [ - "10-change-and-configuration-management", - "4.5-validation-development-quality", - "4.6-validation-quality-performance" - ], - "ProwlerThreatScore-1.0": [ - "3.3.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "Config.1" - ], - "CIS-1.5": [ - "3.5" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.22" - ], - "AWS-Account-Security-Onboarding": [ - "Enable continuous recording for most of the resources", - "Confirm that records are present in central aggregator" - ], - "KISA-ISMS-P-2023": [ - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1190", - "T1078", - "T1204", - "T1098", - "T1136", - "T1525", - "T1562", - "T1110", - "T1040", - "T1119", - "T1530", - "T1485", - "T1486", - "T1491", - "T1499", - "T1496", - "T1498" - ], - "CIS-2.0": [ - "3.5" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "**AWS accounts** have **AWS Config recorders** active and healthy in each Region. It identifies Regions with no recorder, a disabled recorder, or a recorder in a failure state.", - "title": "AWS Config recorder is enabled and not in failure state or disabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-config_recorder_all_regions_enabled-211203495394-eu-central-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-central-1", - "data": { - "details": "", - "metadata": { - "name": "211203495394", - "role_arn": "", - "recording": null, - "last_status": null, - "region": "eu-central-1" - } - }, - "group": { - "name": "config" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:config:eu-central-1:211203495394:recorder" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-central-1" - }, - "remediation": { - "desc": "Enable **AWS Config** in every Region with continuous recording and maintain healthy recorder status.", - "references": [ - "https://hub.prowler.com/check/config_recorder_all_regions_enabled" - ] - }, - "risk_details": "**Gaps in Config recording** create **blind spots**. Changes in unmonitored Regions aren't captured, weakening **integrity** and **auditability**. Adversaries can alter resources or stage assets unnoticed, enabling misconfigurations and delaying **incident response**.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "AWS Config recorder 211203495394 is disabled.", - "metadata": { - "event_code": "config_recorder_all_regions_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "AWS Config recorder 211203495394 is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "logging", - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://repost.aws/es/questions/QUGcgeerhcTamRkwgdwh_tLQ/enable-aws-config", - "https://www.tenable.com/audits/items/CIS_Amazon_Web_Services_Foundations_v1.5.0_L2.audit:6a5136528bd329139e5969f8f1e5ffbc", - "https://aws.amazon.com/blogs/mt/aws-config-best-practices/" - ], - "notes": "", - "compliance": { - "HIPAA": [ - "164_308_a_1_ii_a" - ], - "SOC2": [ - "cc_2_1", - "cc_3_1", - "cc_3_4", - "cc_8_1" - ], - "C5-2025": [ - "OIS-05.01B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "DEV-08.02B" - ], - "NIST-CSF-1.1": [ - "cm_2", - "am_1", - "ra_5", - "sc_4", - "ip_12" - ], - "CIS-3.0": [ - "3.3" - ], - "ENS-RD2022": [ - "op.exp.1.aws.cfg.1", - "op.exp.1.aws.cfg.2", - "op.exp.3.aws.cfg.1", - "op.exp.3.r3.aws.cfg.1", - "op.mon.3.r2.aws.cfg.1", - "op.mon.3.r6.aws.cfg.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "3.3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "2.4", - "2.4.a", - "10.5", - "10.5.2", - "11.5", - "11.5.a", - "11.5.b" - ], - "CIS-5.0": [ - "3.3" - ], - "CIS-1.4": [ - "3.5" - ], - "GxP-EU-Annex-11": [ - "10-change-and-configuration-management", - "4.5-validation-development-quality", - "4.6-validation-quality-performance" - ], - "ProwlerThreatScore-1.0": [ - "3.3.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "Config.1" - ], - "CIS-1.5": [ - "3.5" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.22" - ], - "AWS-Account-Security-Onboarding": [ - "Enable continuous recording for most of the resources", - "Confirm that records are present in central aggregator" - ], - "KISA-ISMS-P-2023": [ - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1190", - "T1078", - "T1204", - "T1098", - "T1136", - "T1525", - "T1562", - "T1110", - "T1040", - "T1119", - "T1530", - "T1485", - "T1486", - "T1491", - "T1499", - "T1496", - "T1498" - ], - "CIS-2.0": [ - "3.5" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "**AWS accounts** have **AWS Config recorders** active and healthy in each Region. It identifies Regions with no recorder, a disabled recorder, or a recorder in a failure state.", - "title": "AWS Config recorder is enabled and not in failure state or disabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-config_recorder_all_regions_enabled-211203495394-eu-north-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-north-1", - "data": { - "details": "", - "metadata": { - "name": "211203495394", - "role_arn": "", - "recording": null, - "last_status": null, - "region": "eu-north-1" - } - }, - "group": { - "name": "config" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:config:eu-north-1:211203495394:recorder" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-north-1" - }, - "remediation": { - "desc": "Enable **AWS Config** in every Region with continuous recording and maintain healthy recorder status.", - "references": [ - "https://hub.prowler.com/check/config_recorder_all_regions_enabled" - ] - }, - "risk_details": "**Gaps in Config recording** create **blind spots**. Changes in unmonitored Regions aren't captured, weakening **integrity** and **auditability**. Adversaries can alter resources or stage assets unnoticed, enabling misconfigurations and delaying **incident response**.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "AWS Config recorder 211203495394 is disabled.", - "metadata": { - "event_code": "config_recorder_all_regions_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "AWS Config recorder 211203495394 is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "logging", - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://repost.aws/es/questions/QUGcgeerhcTamRkwgdwh_tLQ/enable-aws-config", - "https://www.tenable.com/audits/items/CIS_Amazon_Web_Services_Foundations_v1.5.0_L2.audit:6a5136528bd329139e5969f8f1e5ffbc", - "https://aws.amazon.com/blogs/mt/aws-config-best-practices/" - ], - "notes": "", - "compliance": { - "HIPAA": [ - "164_308_a_1_ii_a" - ], - "SOC2": [ - "cc_2_1", - "cc_3_1", - "cc_3_4", - "cc_8_1" - ], - "C5-2025": [ - "OIS-05.01B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "DEV-08.02B" - ], - "NIST-CSF-1.1": [ - "cm_2", - "am_1", - "ra_5", - "sc_4", - "ip_12" - ], - "CIS-3.0": [ - "3.3" - ], - "ENS-RD2022": [ - "op.exp.1.aws.cfg.1", - "op.exp.1.aws.cfg.2", - "op.exp.3.aws.cfg.1", - "op.exp.3.r3.aws.cfg.1", - "op.mon.3.r2.aws.cfg.1", - "op.mon.3.r6.aws.cfg.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "3.3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "2.4", - "2.4.a", - "10.5", - "10.5.2", - "11.5", - "11.5.a", - "11.5.b" - ], - "CIS-5.0": [ - "3.3" - ], - "CIS-1.4": [ - "3.5" - ], - "GxP-EU-Annex-11": [ - "10-change-and-configuration-management", - "4.5-validation-development-quality", - "4.6-validation-quality-performance" - ], - "ProwlerThreatScore-1.0": [ - "3.3.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "Config.1" - ], - "CIS-1.5": [ - "3.5" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.22" - ], - "AWS-Account-Security-Onboarding": [ - "Enable continuous recording for most of the resources", - "Confirm that records are present in central aggregator" - ], - "KISA-ISMS-P-2023": [ - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1190", - "T1078", - "T1204", - "T1098", - "T1136", - "T1525", - "T1562", - "T1110", - "T1040", - "T1119", - "T1530", - "T1485", - "T1486", - "T1491", - "T1499", - "T1496", - "T1498" - ], - "CIS-2.0": [ - "3.5" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "**AWS accounts** have **AWS Config recorders** active and healthy in each Region. It identifies Regions with no recorder, a disabled recorder, or a recorder in a failure state.", - "title": "AWS Config recorder is enabled and not in failure state or disabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-config_recorder_all_regions_enabled-211203495394-eu-west-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "name": "211203495394", - "role_arn": "", - "recording": null, - "last_status": null, - "region": "eu-west-1" - } - }, - "group": { - "name": "config" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:config:eu-west-1:211203495394:recorder" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Enable **AWS Config** in every Region with continuous recording and maintain healthy recorder status.", - "references": [ - "https://hub.prowler.com/check/config_recorder_all_regions_enabled" - ] - }, - "risk_details": "**Gaps in Config recording** create **blind spots**. Changes in unmonitored Regions aren't captured, weakening **integrity** and **auditability**. Adversaries can alter resources or stage assets unnoticed, enabling misconfigurations and delaying **incident response**.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "AWS Config recorder 211203495394 is disabled.", - "metadata": { - "event_code": "config_recorder_all_regions_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "AWS Config recorder 211203495394 is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "logging", - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://repost.aws/es/questions/QUGcgeerhcTamRkwgdwh_tLQ/enable-aws-config", - "https://www.tenable.com/audits/items/CIS_Amazon_Web_Services_Foundations_v1.5.0_L2.audit:6a5136528bd329139e5969f8f1e5ffbc", - "https://aws.amazon.com/blogs/mt/aws-config-best-practices/" - ], - "notes": "", - "compliance": { - "HIPAA": [ - "164_308_a_1_ii_a" - ], - "SOC2": [ - "cc_2_1", - "cc_3_1", - "cc_3_4", - "cc_8_1" - ], - "C5-2025": [ - "OIS-05.01B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "DEV-08.02B" - ], - "NIST-CSF-1.1": [ - "cm_2", - "am_1", - "ra_5", - "sc_4", - "ip_12" - ], - "CIS-3.0": [ - "3.3" - ], - "ENS-RD2022": [ - "op.exp.1.aws.cfg.1", - "op.exp.1.aws.cfg.2", - "op.exp.3.aws.cfg.1", - "op.exp.3.r3.aws.cfg.1", - "op.mon.3.r2.aws.cfg.1", - "op.mon.3.r6.aws.cfg.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "3.3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "2.4", - "2.4.a", - "10.5", - "10.5.2", - "11.5", - "11.5.a", - "11.5.b" - ], - "CIS-5.0": [ - "3.3" - ], - "CIS-1.4": [ - "3.5" - ], - "GxP-EU-Annex-11": [ - "10-change-and-configuration-management", - "4.5-validation-development-quality", - "4.6-validation-quality-performance" - ], - "ProwlerThreatScore-1.0": [ - "3.3.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "Config.1" - ], - "CIS-1.5": [ - "3.5" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.22" - ], - "AWS-Account-Security-Onboarding": [ - "Enable continuous recording for most of the resources", - "Confirm that records are present in central aggregator" - ], - "KISA-ISMS-P-2023": [ - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1190", - "T1078", - "T1204", - "T1098", - "T1136", - "T1525", - "T1562", - "T1110", - "T1040", - "T1119", - "T1530", - "T1485", - "T1486", - "T1491", - "T1499", - "T1496", - "T1498" - ], - "CIS-2.0": [ - "3.5" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "**AWS accounts** have **AWS Config recorders** active and healthy in each Region. It identifies Regions with no recorder, a disabled recorder, or a recorder in a failure state.", - "title": "AWS Config recorder is enabled and not in failure state or disabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-config_recorder_all_regions_enabled-211203495394-eu-west-2-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-2", - "data": { - "details": "", - "metadata": { - "name": "211203495394", - "role_arn": "", - "recording": null, - "last_status": null, - "region": "eu-west-2" - } - }, - "group": { - "name": "config" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:config:eu-west-2:211203495394:recorder" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-2" - }, - "remediation": { - "desc": "Enable **AWS Config** in every Region with continuous recording and maintain healthy recorder status.", - "references": [ - "https://hub.prowler.com/check/config_recorder_all_regions_enabled" - ] - }, - "risk_details": "**Gaps in Config recording** create **blind spots**. Changes in unmonitored Regions aren't captured, weakening **integrity** and **auditability**. Adversaries can alter resources or stage assets unnoticed, enabling misconfigurations and delaying **incident response**.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "AWS Config recorder 211203495394 is disabled.", - "metadata": { - "event_code": "config_recorder_all_regions_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "AWS Config recorder 211203495394 is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "logging", - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://repost.aws/es/questions/QUGcgeerhcTamRkwgdwh_tLQ/enable-aws-config", - "https://www.tenable.com/audits/items/CIS_Amazon_Web_Services_Foundations_v1.5.0_L2.audit:6a5136528bd329139e5969f8f1e5ffbc", - "https://aws.amazon.com/blogs/mt/aws-config-best-practices/" - ], - "notes": "", - "compliance": { - "HIPAA": [ - "164_308_a_1_ii_a" - ], - "SOC2": [ - "cc_2_1", - "cc_3_1", - "cc_3_4", - "cc_8_1" - ], - "C5-2025": [ - "OIS-05.01B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "DEV-08.02B" - ], - "NIST-CSF-1.1": [ - "cm_2", - "am_1", - "ra_5", - "sc_4", - "ip_12" - ], - "CIS-3.0": [ - "3.3" - ], - "ENS-RD2022": [ - "op.exp.1.aws.cfg.1", - "op.exp.1.aws.cfg.2", - "op.exp.3.aws.cfg.1", - "op.exp.3.r3.aws.cfg.1", - "op.mon.3.r2.aws.cfg.1", - "op.mon.3.r6.aws.cfg.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "3.3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "2.4", - "2.4.a", - "10.5", - "10.5.2", - "11.5", - "11.5.a", - "11.5.b" - ], - "CIS-5.0": [ - "3.3" - ], - "CIS-1.4": [ - "3.5" - ], - "GxP-EU-Annex-11": [ - "10-change-and-configuration-management", - "4.5-validation-development-quality", - "4.6-validation-quality-performance" - ], - "ProwlerThreatScore-1.0": [ - "3.3.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "Config.1" - ], - "CIS-1.5": [ - "3.5" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.22" - ], - "AWS-Account-Security-Onboarding": [ - "Enable continuous recording for most of the resources", - "Confirm that records are present in central aggregator" - ], - "KISA-ISMS-P-2023": [ - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1190", - "T1078", - "T1204", - "T1098", - "T1136", - "T1525", - "T1562", - "T1110", - "T1040", - "T1119", - "T1530", - "T1485", - "T1486", - "T1491", - "T1499", - "T1496", - "T1498" - ], - "CIS-2.0": [ - "3.5" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "**AWS accounts** have **AWS Config recorders** active and healthy in each Region. It identifies Regions with no recorder, a disabled recorder, or a recorder in a failure state.", - "title": "AWS Config recorder is enabled and not in failure state or disabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-config_recorder_all_regions_enabled-211203495394-eu-west-3-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-3", - "data": { - "details": "", - "metadata": { - "name": "211203495394", - "role_arn": "", - "recording": null, - "last_status": null, - "region": "eu-west-3" - } - }, - "group": { - "name": "config" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:config:eu-west-3:211203495394:recorder" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-3" - }, - "remediation": { - "desc": "Enable **AWS Config** in every Region with continuous recording and maintain healthy recorder status.", - "references": [ - "https://hub.prowler.com/check/config_recorder_all_regions_enabled" - ] - }, - "risk_details": "**Gaps in Config recording** create **blind spots**. Changes in unmonitored Regions aren't captured, weakening **integrity** and **auditability**. Adversaries can alter resources or stage assets unnoticed, enabling misconfigurations and delaying **incident response**.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "AWS Config recorder 211203495394 is disabled.", - "metadata": { - "event_code": "config_recorder_all_regions_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "AWS Config recorder 211203495394 is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "logging", - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://repost.aws/es/questions/QUGcgeerhcTamRkwgdwh_tLQ/enable-aws-config", - "https://www.tenable.com/audits/items/CIS_Amazon_Web_Services_Foundations_v1.5.0_L2.audit:6a5136528bd329139e5969f8f1e5ffbc", - "https://aws.amazon.com/blogs/mt/aws-config-best-practices/" - ], - "notes": "", - "compliance": { - "HIPAA": [ - "164_308_a_1_ii_a" - ], - "SOC2": [ - "cc_2_1", - "cc_3_1", - "cc_3_4", - "cc_8_1" - ], - "C5-2025": [ - "OIS-05.01B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "DEV-08.02B" - ], - "NIST-CSF-1.1": [ - "cm_2", - "am_1", - "ra_5", - "sc_4", - "ip_12" - ], - "CIS-3.0": [ - "3.3" - ], - "ENS-RD2022": [ - "op.exp.1.aws.cfg.1", - "op.exp.1.aws.cfg.2", - "op.exp.3.aws.cfg.1", - "op.exp.3.r3.aws.cfg.1", - "op.mon.3.r2.aws.cfg.1", - "op.mon.3.r6.aws.cfg.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "3.3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "2.4", - "2.4.a", - "10.5", - "10.5.2", - "11.5", - "11.5.a", - "11.5.b" - ], - "CIS-5.0": [ - "3.3" - ], - "CIS-1.4": [ - "3.5" - ], - "GxP-EU-Annex-11": [ - "10-change-and-configuration-management", - "4.5-validation-development-quality", - "4.6-validation-quality-performance" - ], - "ProwlerThreatScore-1.0": [ - "3.3.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "Config.1" - ], - "CIS-1.5": [ - "3.5" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.22" - ], - "AWS-Account-Security-Onboarding": [ - "Enable continuous recording for most of the resources", - "Confirm that records are present in central aggregator" - ], - "KISA-ISMS-P-2023": [ - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1190", - "T1078", - "T1204", - "T1098", - "T1136", - "T1525", - "T1562", - "T1110", - "T1040", - "T1119", - "T1530", - "T1485", - "T1486", - "T1491", - "T1499", - "T1496", - "T1498" - ], - "CIS-2.0": [ - "3.5" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "**AWS accounts** have **AWS Config recorders** active and healthy in each Region. It identifies Regions with no recorder, a disabled recorder, or a recorder in a failure state.", - "title": "AWS Config recorder is enabled and not in failure state or disabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-config_recorder_all_regions_enabled-211203495394-sa-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "sa-east-1", - "data": { - "details": "", - "metadata": { - "name": "211203495394", - "role_arn": "", - "recording": null, - "last_status": null, - "region": "sa-east-1" - } - }, - "group": { - "name": "config" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:config:sa-east-1:211203495394:recorder" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "sa-east-1" - }, - "remediation": { - "desc": "Enable **AWS Config** in every Region with continuous recording and maintain healthy recorder status.", - "references": [ - "https://hub.prowler.com/check/config_recorder_all_regions_enabled" - ] - }, - "risk_details": "**Gaps in Config recording** create **blind spots**. Changes in unmonitored Regions aren't captured, weakening **integrity** and **auditability**. Adversaries can alter resources or stage assets unnoticed, enabling misconfigurations and delaying **incident response**.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "AWS Config recorder 211203495394 is disabled.", - "metadata": { - "event_code": "config_recorder_all_regions_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "AWS Config recorder 211203495394 is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "logging", - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://repost.aws/es/questions/QUGcgeerhcTamRkwgdwh_tLQ/enable-aws-config", - "https://www.tenable.com/audits/items/CIS_Amazon_Web_Services_Foundations_v1.5.0_L2.audit:6a5136528bd329139e5969f8f1e5ffbc", - "https://aws.amazon.com/blogs/mt/aws-config-best-practices/" - ], - "notes": "", - "compliance": { - "HIPAA": [ - "164_308_a_1_ii_a" - ], - "SOC2": [ - "cc_2_1", - "cc_3_1", - "cc_3_4", - "cc_8_1" - ], - "C5-2025": [ - "OIS-05.01B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "DEV-08.02B" - ], - "NIST-CSF-1.1": [ - "cm_2", - "am_1", - "ra_5", - "sc_4", - "ip_12" - ], - "CIS-3.0": [ - "3.3" - ], - "ENS-RD2022": [ - "op.exp.1.aws.cfg.1", - "op.exp.1.aws.cfg.2", - "op.exp.3.aws.cfg.1", - "op.exp.3.r3.aws.cfg.1", - "op.mon.3.r2.aws.cfg.1", - "op.mon.3.r6.aws.cfg.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "3.3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "2.4", - "2.4.a", - "10.5", - "10.5.2", - "11.5", - "11.5.a", - "11.5.b" - ], - "CIS-5.0": [ - "3.3" - ], - "CIS-1.4": [ - "3.5" - ], - "GxP-EU-Annex-11": [ - "10-change-and-configuration-management", - "4.5-validation-development-quality", - "4.6-validation-quality-performance" - ], - "ProwlerThreatScore-1.0": [ - "3.3.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "Config.1" - ], - "CIS-1.5": [ - "3.5" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.22" - ], - "AWS-Account-Security-Onboarding": [ - "Enable continuous recording for most of the resources", - "Confirm that records are present in central aggregator" - ], - "KISA-ISMS-P-2023": [ - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1190", - "T1078", - "T1204", - "T1098", - "T1136", - "T1525", - "T1562", - "T1110", - "T1040", - "T1119", - "T1530", - "T1485", - "T1486", - "T1491", - "T1499", - "T1496", - "T1498" - ], - "CIS-2.0": [ - "3.5" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "**AWS accounts** have **AWS Config recorders** active and healthy in each Region. It identifies Regions with no recorder, a disabled recorder, or a recorder in a failure state.", - "title": "AWS Config recorder is enabled and not in failure state or disabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-config_recorder_all_regions_enabled-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "211203495394", - "role_arn": "", - "recording": null, - "last_status": null, - "region": "us-east-1" - } - }, - "group": { - "name": "config" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:config:us-east-1:211203495394:recorder" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Enable **AWS Config** in every Region with continuous recording and maintain healthy recorder status.", - "references": [ - "https://hub.prowler.com/check/config_recorder_all_regions_enabled" - ] - }, - "risk_details": "**Gaps in Config recording** create **blind spots**. Changes in unmonitored Regions aren't captured, weakening **integrity** and **auditability**. Adversaries can alter resources or stage assets unnoticed, enabling misconfigurations and delaying **incident response**.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "AWS Config recorder 211203495394 is disabled.", - "metadata": { - "event_code": "config_recorder_all_regions_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "AWS Config recorder 211203495394 is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "logging", - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://repost.aws/es/questions/QUGcgeerhcTamRkwgdwh_tLQ/enable-aws-config", - "https://www.tenable.com/audits/items/CIS_Amazon_Web_Services_Foundations_v1.5.0_L2.audit:6a5136528bd329139e5969f8f1e5ffbc", - "https://aws.amazon.com/blogs/mt/aws-config-best-practices/" - ], - "notes": "", - "compliance": { - "HIPAA": [ - "164_308_a_1_ii_a" - ], - "SOC2": [ - "cc_2_1", - "cc_3_1", - "cc_3_4", - "cc_8_1" - ], - "C5-2025": [ - "OIS-05.01B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "DEV-08.02B" - ], - "NIST-CSF-1.1": [ - "cm_2", - "am_1", - "ra_5", - "sc_4", - "ip_12" - ], - "CIS-3.0": [ - "3.3" - ], - "ENS-RD2022": [ - "op.exp.1.aws.cfg.1", - "op.exp.1.aws.cfg.2", - "op.exp.3.aws.cfg.1", - "op.exp.3.r3.aws.cfg.1", - "op.mon.3.r2.aws.cfg.1", - "op.mon.3.r6.aws.cfg.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "3.3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "2.4", - "2.4.a", - "10.5", - "10.5.2", - "11.5", - "11.5.a", - "11.5.b" - ], - "CIS-5.0": [ - "3.3" - ], - "CIS-1.4": [ - "3.5" - ], - "GxP-EU-Annex-11": [ - "10-change-and-configuration-management", - "4.5-validation-development-quality", - "4.6-validation-quality-performance" - ], - "ProwlerThreatScore-1.0": [ - "3.3.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "Config.1" - ], - "CIS-1.5": [ - "3.5" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.22" - ], - "AWS-Account-Security-Onboarding": [ - "Enable continuous recording for most of the resources", - "Confirm that records are present in central aggregator" - ], - "KISA-ISMS-P-2023": [ - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1190", - "T1078", - "T1204", - "T1098", - "T1136", - "T1525", - "T1562", - "T1110", - "T1040", - "T1119", - "T1530", - "T1485", - "T1486", - "T1491", - "T1499", - "T1496", - "T1498" - ], - "CIS-2.0": [ - "3.5" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "**AWS accounts** have **AWS Config recorders** active and healthy in each Region. It identifies Regions with no recorder, a disabled recorder, or a recorder in a failure state.", - "title": "AWS Config recorder is enabled and not in failure state or disabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-config_recorder_all_regions_enabled-211203495394-us-east-2-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-2", - "data": { - "details": "", - "metadata": { - "name": "211203495394", - "role_arn": "", - "recording": null, - "last_status": null, - "region": "us-east-2" - } - }, - "group": { - "name": "config" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:config:us-east-2:211203495394:recorder" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-2" - }, - "remediation": { - "desc": "Enable **AWS Config** in every Region with continuous recording and maintain healthy recorder status.", - "references": [ - "https://hub.prowler.com/check/config_recorder_all_regions_enabled" - ] - }, - "risk_details": "**Gaps in Config recording** create **blind spots**. Changes in unmonitored Regions aren't captured, weakening **integrity** and **auditability**. Adversaries can alter resources or stage assets unnoticed, enabling misconfigurations and delaying **incident response**.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "AWS Config recorder 211203495394 is disabled.", - "metadata": { - "event_code": "config_recorder_all_regions_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "AWS Config recorder 211203495394 is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "logging", - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://repost.aws/es/questions/QUGcgeerhcTamRkwgdwh_tLQ/enable-aws-config", - "https://www.tenable.com/audits/items/CIS_Amazon_Web_Services_Foundations_v1.5.0_L2.audit:6a5136528bd329139e5969f8f1e5ffbc", - "https://aws.amazon.com/blogs/mt/aws-config-best-practices/" - ], - "notes": "", - "compliance": { - "HIPAA": [ - "164_308_a_1_ii_a" - ], - "SOC2": [ - "cc_2_1", - "cc_3_1", - "cc_3_4", - "cc_8_1" - ], - "C5-2025": [ - "OIS-05.01B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "DEV-08.02B" - ], - "NIST-CSF-1.1": [ - "cm_2", - "am_1", - "ra_5", - "sc_4", - "ip_12" - ], - "CIS-3.0": [ - "3.3" - ], - "ENS-RD2022": [ - "op.exp.1.aws.cfg.1", - "op.exp.1.aws.cfg.2", - "op.exp.3.aws.cfg.1", - "op.exp.3.r3.aws.cfg.1", - "op.mon.3.r2.aws.cfg.1", - "op.mon.3.r6.aws.cfg.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "3.3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "2.4", - "2.4.a", - "10.5", - "10.5.2", - "11.5", - "11.5.a", - "11.5.b" - ], - "CIS-5.0": [ - "3.3" - ], - "CIS-1.4": [ - "3.5" - ], - "GxP-EU-Annex-11": [ - "10-change-and-configuration-management", - "4.5-validation-development-quality", - "4.6-validation-quality-performance" - ], - "ProwlerThreatScore-1.0": [ - "3.3.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "Config.1" - ], - "CIS-1.5": [ - "3.5" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.22" - ], - "AWS-Account-Security-Onboarding": [ - "Enable continuous recording for most of the resources", - "Confirm that records are present in central aggregator" - ], - "KISA-ISMS-P-2023": [ - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1190", - "T1078", - "T1204", - "T1098", - "T1136", - "T1525", - "T1562", - "T1110", - "T1040", - "T1119", - "T1530", - "T1485", - "T1486", - "T1491", - "T1499", - "T1496", - "T1498" - ], - "CIS-2.0": [ - "3.5" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "**AWS accounts** have **AWS Config recorders** active and healthy in each Region. It identifies Regions with no recorder, a disabled recorder, or a recorder in a failure state.", - "title": "AWS Config recorder is enabled and not in failure state or disabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-config_recorder_all_regions_enabled-211203495394-us-west-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-west-1", - "data": { - "details": "", - "metadata": { - "name": "211203495394", - "role_arn": "", - "recording": null, - "last_status": null, - "region": "us-west-1" - } - }, - "group": { - "name": "config" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:config:us-west-1:211203495394:recorder" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-west-1" - }, - "remediation": { - "desc": "Enable **AWS Config** in every Region with continuous recording and maintain healthy recorder status.", - "references": [ - "https://hub.prowler.com/check/config_recorder_all_regions_enabled" - ] - }, - "risk_details": "**Gaps in Config recording** create **blind spots**. Changes in unmonitored Regions aren't captured, weakening **integrity** and **auditability**. Adversaries can alter resources or stage assets unnoticed, enabling misconfigurations and delaying **incident response**.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "AWS Config recorder 211203495394 is disabled.", - "metadata": { - "event_code": "config_recorder_all_regions_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "AWS Config recorder 211203495394 is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "logging", - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://repost.aws/es/questions/QUGcgeerhcTamRkwgdwh_tLQ/enable-aws-config", - "https://www.tenable.com/audits/items/CIS_Amazon_Web_Services_Foundations_v1.5.0_L2.audit:6a5136528bd329139e5969f8f1e5ffbc", - "https://aws.amazon.com/blogs/mt/aws-config-best-practices/" - ], - "notes": "", - "compliance": { - "HIPAA": [ - "164_308_a_1_ii_a" - ], - "SOC2": [ - "cc_2_1", - "cc_3_1", - "cc_3_4", - "cc_8_1" - ], - "C5-2025": [ - "OIS-05.01B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "DEV-08.02B" - ], - "NIST-CSF-1.1": [ - "cm_2", - "am_1", - "ra_5", - "sc_4", - "ip_12" - ], - "CIS-3.0": [ - "3.3" - ], - "ENS-RD2022": [ - "op.exp.1.aws.cfg.1", - "op.exp.1.aws.cfg.2", - "op.exp.3.aws.cfg.1", - "op.exp.3.r3.aws.cfg.1", - "op.mon.3.r2.aws.cfg.1", - "op.mon.3.r6.aws.cfg.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "3.3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "2.4", - "2.4.a", - "10.5", - "10.5.2", - "11.5", - "11.5.a", - "11.5.b" - ], - "CIS-5.0": [ - "3.3" - ], - "CIS-1.4": [ - "3.5" - ], - "GxP-EU-Annex-11": [ - "10-change-and-configuration-management", - "4.5-validation-development-quality", - "4.6-validation-quality-performance" - ], - "ProwlerThreatScore-1.0": [ - "3.3.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "Config.1" - ], - "CIS-1.5": [ - "3.5" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.22" - ], - "AWS-Account-Security-Onboarding": [ - "Enable continuous recording for most of the resources", - "Confirm that records are present in central aggregator" - ], - "KISA-ISMS-P-2023": [ - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1190", - "T1078", - "T1204", - "T1098", - "T1136", - "T1525", - "T1562", - "T1110", - "T1040", - "T1119", - "T1530", - "T1485", - "T1486", - "T1491", - "T1499", - "T1496", - "T1498" - ], - "CIS-2.0": [ - "3.5" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "**AWS accounts** have **AWS Config recorders** active and healthy in each Region. It identifies Regions with no recorder, a disabled recorder, or a recorder in a failure state.", - "title": "AWS Config recorder is enabled and not in failure state or disabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-config_recorder_all_regions_enabled-211203495394-us-west-2-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-west-2", - "data": { - "details": "", - "metadata": { - "name": "211203495394", - "role_arn": "", - "recording": null, - "last_status": null, - "region": "us-west-2" - } - }, - "group": { - "name": "config" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:config:us-west-2:211203495394:recorder" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-west-2" - }, - "remediation": { - "desc": "Enable **AWS Config** in every Region with continuous recording and maintain healthy recorder status.", - "references": [ - "https://hub.prowler.com/check/config_recorder_all_regions_enabled" - ] - }, - "risk_details": "**Gaps in Config recording** create **blind spots**. Changes in unmonitored Regions aren't captured, weakening **integrity** and **auditability**. Adversaries can alter resources or stage assets unnoticed, enabling misconfigurations and delaying **incident response**.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Elastic IP 176.34.139.236 is associated with an instance or network interface.", - "metadata": { - "event_code": "ec2_elastic_ip_unassigned", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "PASS", - "status_detail": "Elastic IP 176.34.139.236 is associated with an instance or network interface.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_4_1" - ], - "NIST-CSF-1.1": [ - "ds_3" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.2" - ], - "FFIEC": [ - "d1-g-it-b-1" - ], - "PCI-3.2.1": [ - "2.4" - ], - "AWS-Foundational-Security-Best-Practices": [ - "EC2.12" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC03-BP06" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "KISA-ISMS-P-2023": [ - "2.9.2" - ], - "CISA": [ - "your-systems-1", - "your-surroundings-1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Check if there is any unassigned Elastic IP.", - "title": "Check if there is any unassigned Elastic IP.", - "types": [ - "Infrastructure Security" - ], - "uid": "prowler-aws-ec2_elastic_ip_unassigned-211203495394-eu-west-1-176.34.139.236" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "public_ip": "176.34.139.236", - "association_id": "eipassoc-0472f6d1c3af36ba0", - "arn": "arn:aws:ec2:eu-west-1:211203495394:eip-allocation/eipalloc-0828a6be7b08e1d0e", - "allocation_id": "eipalloc-0828a6be7b08e1d0e", - "region": "eu-west-1", - "tags": [ - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Name", - "Value": "ex-vpc-eu-west-1a" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - } - ] - } - }, - "group": { - "name": "ec2" - }, - "labels": [ - "Example:ex-vpc", - "GithubRepo:terraform-aws-vpc", - "Name:ex-vpc-eu-west-1a", - "GithubOrg:terraform-aws-modules" - ], - "name": "176.34.139.236", - "type": "AwsEc2Eip", - "uid": "arn:aws:ec2:eu-west-1:211203495394:eip-allocation/eipalloc-0828a6be7b08e1d0e" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Ensure Elastic IPs are not unassigned.", - "references": [ - "https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/elastic-ip-addresses-eip.html" - ] - }, - "risk_details": "Unassigned Elastic IPs may result in extra cost.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Network ACL acl-003cdd347f8609cc2 has every port open to the Internet.", - "metadata": { - "event_code": "ec2_networkacl_allow_ingress_any_port", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Network ACL acl-003cdd347f8609cc2 has every port open to the Internet.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Infrastructure Security", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_1", - "3_1_2", - "3_1_3", - "3_1_14", - "3_1_20", - "3_4_1", - "3_4_7", - "3_13_1", - "3_13_2", - "3_13_5", - "3_13_6" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_1_3", - "annex_i_5_1" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_312_e_1" - ], - "SOC2": [ - "cc_6_6" - ], - "C5-2025": [ - "PI-01.01AC" - ], - "NIST-CSF-1.1": [ - "ae_1", - "ac_3", - "ac_5", - "pt_4" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-4", - "ac-17-1", - "ac-21-b", - "cm-2", - "sc-4", - "sc-7-3", - "sc-7" - ], - "CIS-3.0": [ - "5.1" - ], - "NIST-800-53-Revision-5": [ - "ac_4_21", - "ac_17_b", - "ac_17_1", - "ac_17_4_a", - "ac_17_9", - "ac_17_10", - "cm_2_a", - "cm_2_2", - "cm_6_a", - "cm_7_b", - "cm_8_6", - "cm_9_b", - "sc_7_5", - "sc_7_7", - "sc_7_11", - "sc_7_12", - "sc_7_16", - "sc_7_21", - "sc_7_24_b", - "sc_7_25", - "sc_7_26", - "sc_7_27", - "sc_7_28", - "sc_7_a", - "sc_7_c" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.1", - "2.10.2" - ], - "CIS-4.0.1": [ - "5.2" - ], - "FedRAMP-Low-Revision-4": [ - "ac-17", - "cm-2", - "sc-7" - ], - "FFIEC": [ - "d3-pc-am-b-10", - "d3-pc-im-b-1", - "d3-pc-im-b-2", - "d3-pc-im-b-6", - "d4-c-co-b-2" - ], - "CIS-5.0": [ - "5.2" - ], - "CIS-1.4": [ - "5.1" - ], - "CCC": [ - "CCC.MLDE.CN07.AR02", - "CCC.Core.CN05.AR05" - ], - "GxP-21-CFR-Part-11": [ - "11.10-d", - "11.10-g", - "11.10-k" - ], - "ProwlerThreatScore-1.0": [ - "2.1.3" - ], - "CIS-1.5": [ - "5.1" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP03" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "NIST-800-53-Revision-4": [ - "ac_4", - "cm_2", - "sc_7_3", - "sc_7" - ], - "KISA-ISMS-P-2023": [ - "2.6.1", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1199", - "T1048", - "T1499", - "T1498", - "T1046" - ], - "CIS-2.0": [ - "5.1" - ], - "CISA": [ - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure no Network ACLs allow ingress from 0.0.0.0/0 to any port.", - "title": "Ensure no Network ACLs allow ingress from 0.0.0.0/0 to any port.", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-ec2_networkacl_allow_ingress_any_port-211203495394-eu-west-1-acl-003cdd347f8609cc2" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "acl-003cdd347f8609cc2", - "arn": "arn:aws:ec2:eu-west-1:211203495394:network-acl/acl-003cdd347f8609cc2", - "name": "", - "region": "eu-west-1", - "entries": [ - { - "CidrBlock": "0.0.0.0/0", - "Egress": true, - "Protocol": "-1", - "RuleAction": "allow", - "RuleNumber": 100 - }, - { - "CidrBlock": "0.0.0.0/0", - "Egress": true, - "Protocol": "-1", - "RuleAction": "deny", - "RuleNumber": 32767 - }, - { - "CidrBlock": "0.0.0.0/0", - "Egress": false, - "Protocol": "-1", - "RuleAction": "allow", - "RuleNumber": 100 - }, - { - "CidrBlock": "0.0.0.0/0", - "Egress": false, - "Protocol": "-1", - "RuleAction": "deny", - "RuleNumber": 32767 - } - ], - "default": true, - "in_use": true, - "tags": [] - } - }, - "group": { - "name": "ec2" - }, - "labels": [], - "name": "acl-003cdd347f8609cc2", - "type": "AwsEc2NetworkAcl", - "uid": "arn:aws:ec2:eu-west-1:211203495394:network-acl/acl-003cdd347f8609cc2" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required.", - "references": [ - "https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html" - ] - }, - "risk_details": "Even having a perimeter firewall, having network acls open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Network ACL ex-rds-default has every port open to the Internet.", - "metadata": { - "event_code": "ec2_networkacl_allow_ingress_any_port", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Network ACL ex-rds-default has every port open to the Internet.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Infrastructure Security", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_1", - "3_1_2", - "3_1_3", - "3_1_14", - "3_1_20", - "3_4_1", - "3_4_7", - "3_13_1", - "3_13_2", - "3_13_5", - "3_13_6" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_1_3", - "annex_i_5_1" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_312_e_1" - ], - "SOC2": [ - "cc_6_6" - ], - "C5-2025": [ - "PI-01.01AC" - ], - "NIST-CSF-1.1": [ - "ae_1", - "ac_3", - "ac_5", - "pt_4" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-4", - "ac-17-1", - "ac-21-b", - "cm-2", - "sc-4", - "sc-7-3", - "sc-7" - ], - "CIS-3.0": [ - "5.1" - ], - "NIST-800-53-Revision-5": [ - "ac_4_21", - "ac_17_b", - "ac_17_1", - "ac_17_4_a", - "ac_17_9", - "ac_17_10", - "cm_2_a", - "cm_2_2", - "cm_6_a", - "cm_7_b", - "cm_8_6", - "cm_9_b", - "sc_7_5", - "sc_7_7", - "sc_7_11", - "sc_7_12", - "sc_7_16", - "sc_7_21", - "sc_7_24_b", - "sc_7_25", - "sc_7_26", - "sc_7_27", - "sc_7_28", - "sc_7_a", - "sc_7_c" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.1", - "2.10.2" - ], - "CIS-4.0.1": [ - "5.2" - ], - "FedRAMP-Low-Revision-4": [ - "ac-17", - "cm-2", - "sc-7" - ], - "FFIEC": [ - "d3-pc-am-b-10", - "d3-pc-im-b-1", - "d3-pc-im-b-2", - "d3-pc-im-b-6", - "d4-c-co-b-2" - ], - "CIS-5.0": [ - "5.2" - ], - "CIS-1.4": [ - "5.1" - ], - "CCC": [ - "CCC.MLDE.CN07.AR02", - "CCC.Core.CN05.AR05" - ], - "GxP-21-CFR-Part-11": [ - "11.10-d", - "11.10-g", - "11.10-k" - ], - "ProwlerThreatScore-1.0": [ - "2.1.3" - ], - "CIS-1.5": [ - "5.1" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP03" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "NIST-800-53-Revision-4": [ - "ac_4", - "cm_2", - "sc_7_3", - "sc_7" - ], - "KISA-ISMS-P-2023": [ - "2.6.1", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1199", - "T1048", - "T1499", - "T1498", - "T1046" - ], - "CIS-2.0": [ - "5.1" - ], - "CISA": [ - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure no Network ACLs allow ingress from 0.0.0.0/0 to any port.", - "title": "Ensure no Network ACLs allow ingress from 0.0.0.0/0 to any port.", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-ec2_networkacl_allow_ingress_any_port-211203495394-eu-west-1-acl-082a37cbcfccab639" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "acl-082a37cbcfccab639", - "arn": "arn:aws:ec2:eu-west-1:211203495394:network-acl/acl-082a37cbcfccab639", - "name": "ex-rds-default", - "region": "eu-west-1", - "entries": [ - { - "CidrBlock": "0.0.0.0/0", - "Egress": true, - "Protocol": "-1", - "RuleAction": "allow", - "RuleNumber": 100 - }, - { - "Egress": true, - "Ipv6CidrBlock": "::/0", - "Protocol": "-1", - "RuleAction": "allow", - "RuleNumber": 101 - }, - { - "CidrBlock": "0.0.0.0/0", - "Egress": true, - "Protocol": "-1", - "RuleAction": "deny", - "RuleNumber": 32767 - }, - { - "CidrBlock": "0.0.0.0/0", - "Egress": false, - "Protocol": "-1", - "RuleAction": "allow", - "RuleNumber": 100 - }, - { - "Egress": false, - "Ipv6CidrBlock": "::/0", - "Protocol": "-1", - "RuleAction": "allow", - "RuleNumber": 101 - }, - { - "CidrBlock": "0.0.0.0/0", - "Egress": false, - "Protocol": "-1", - "RuleAction": "deny", - "RuleNumber": 32767 - } - ], - "default": true, - "in_use": true, - "tags": [ - { - "Key": "GithubRepo", - "Value": "terraform-aws-rds-aurora" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Name", - "Value": "ex-rds-default" - }, - { - "Key": "Example", - "Value": "ex-rds" - } - ] - } - }, - "group": { - "name": "ec2" - }, - "labels": [ - "GithubRepo:terraform-aws-rds-aurora", - "GithubOrg:terraform-aws-modules", - "Name:ex-rds-default", - "Example:ex-rds" - ], - "name": "acl-082a37cbcfccab639", - "type": "AwsEc2NetworkAcl", - "uid": "arn:aws:ec2:eu-west-1:211203495394:network-acl/acl-082a37cbcfccab639" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required.", - "references": [ - "https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html" - ] - }, - "risk_details": "Even having a perimeter firewall, having network acls open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Network ACL acl-003cdd347f8609cc2 has SSH port 22 open to the Internet.", - "metadata": { - "event_code": "ec2_networkacl_allow_ingress_tcp_port_22", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Network ACL acl-003cdd347f8609cc2 has SSH port 22 open to the Internet.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_6_6" - ], - "C5-2025": [ - "PI-01.01AC" - ], - "CIS-3.0": [ - "5.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.1", - "2.6.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "5.2" - ], - "PCI-3.2.1": [ - "1.2", - "1.2.1", - "1.2.1.a", - "1.2.1.b", - "1.2.1.c", - "1.2.3", - "1.2.3.b", - "1.3", - "1.3.2" - ], - "CIS-5.0": [ - "5.2" - ], - "CIS-1.4": [ - "5.1" - ], - "CCC": [ - "CCC.MLDE.CN04.AR02", - "CCC.MLDE.CN07.AR02", - "CCC.Core.CN01.AR02", - "CCC.Core.CN05.AR05" - ], - "ProwlerThreatScore-1.0": [ - "2.1.3" - ], - "AWS-Foundational-Security-Best-Practices": [ - "EC2.21" - ], - "CIS-1.5": [ - "5.1" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP02", - "SEC05-BP03" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "KISA-ISMS-P-2023": [ - "2.6.1", - "2.6.6", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1199", - "T1048", - "T1499", - "T1498", - "T1046" - ], - "CIS-2.0": [ - "5.1" - ], - "NIS2": [ - "6.7.2.g" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure no Network ACLs allow ingress from 0.0.0.0/0 to SSH port 22", - "title": "Ensure no Network ACLs allow ingress from 0.0.0.0/0 to SSH port 22", - "types": [ - "Infrastructure Security" - ], - "uid": "prowler-aws-ec2_networkacl_allow_ingress_tcp_port_22-211203495394-eu-west-1-acl-003cdd347f8609cc2" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "acl-003cdd347f8609cc2", - "arn": "arn:aws:ec2:eu-west-1:211203495394:network-acl/acl-003cdd347f8609cc2", - "name": "", - "region": "eu-west-1", - "entries": [ - { - "CidrBlock": "0.0.0.0/0", - "Egress": true, - "Protocol": "-1", - "RuleAction": "allow", - "RuleNumber": 100 - }, - { - "CidrBlock": "0.0.0.0/0", - "Egress": true, - "Protocol": "-1", - "RuleAction": "deny", - "RuleNumber": 32767 - }, - { - "CidrBlock": "0.0.0.0/0", - "Egress": false, - "Protocol": "-1", - "RuleAction": "allow", - "RuleNumber": 100 - }, - { - "CidrBlock": "0.0.0.0/0", - "Egress": false, - "Protocol": "-1", - "RuleAction": "deny", - "RuleNumber": 32767 - } - ], - "default": true, - "in_use": true, - "tags": [] - } - }, - "group": { - "name": "ec2" - }, - "labels": [], - "name": "acl-003cdd347f8609cc2", - "type": "AwsEc2NetworkAcl", - "uid": "arn:aws:ec2:eu-west-1:211203495394:network-acl/acl-003cdd347f8609cc2" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required.", - "references": [ - "https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html" - ] - }, - "risk_details": "Even having a perimeter firewall, having network acls open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Network ACL ex-rds-default has SSH port 22 open to the Internet.", - "metadata": { - "event_code": "ec2_networkacl_allow_ingress_tcp_port_22", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Network ACL ex-rds-default has SSH port 22 open to the Internet.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_6_6" - ], - "C5-2025": [ - "PI-01.01AC" - ], - "CIS-3.0": [ - "5.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.1", - "2.6.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "5.2" - ], - "PCI-3.2.1": [ - "1.2", - "1.2.1", - "1.2.1.a", - "1.2.1.b", - "1.2.1.c", - "1.2.3", - "1.2.3.b", - "1.3", - "1.3.2" - ], - "CIS-5.0": [ - "5.2" - ], - "CIS-1.4": [ - "5.1" - ], - "CCC": [ - "CCC.MLDE.CN04.AR02", - "CCC.MLDE.CN07.AR02", - "CCC.Core.CN01.AR02", - "CCC.Core.CN05.AR05" - ], - "ProwlerThreatScore-1.0": [ - "2.1.3" - ], - "AWS-Foundational-Security-Best-Practices": [ - "EC2.21" - ], - "CIS-1.5": [ - "5.1" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP02", - "SEC05-BP03" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "KISA-ISMS-P-2023": [ - "2.6.1", - "2.6.6", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1199", - "T1048", - "T1499", - "T1498", - "T1046" - ], - "CIS-2.0": [ - "5.1" - ], - "NIS2": [ - "6.7.2.g" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure no Network ACLs allow ingress from 0.0.0.0/0 to SSH port 22", - "title": "Ensure no Network ACLs allow ingress from 0.0.0.0/0 to SSH port 22", - "types": [ - "Infrastructure Security" - ], - "uid": "prowler-aws-ec2_networkacl_allow_ingress_tcp_port_22-211203495394-eu-west-1-acl-082a37cbcfccab639" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "acl-082a37cbcfccab639", - "arn": "arn:aws:ec2:eu-west-1:211203495394:network-acl/acl-082a37cbcfccab639", - "name": "ex-rds-default", - "region": "eu-west-1", - "entries": [ - { - "CidrBlock": "0.0.0.0/0", - "Egress": true, - "Protocol": "-1", - "RuleAction": "allow", - "RuleNumber": 100 - }, - { - "Egress": true, - "Ipv6CidrBlock": "::/0", - "Protocol": "-1", - "RuleAction": "allow", - "RuleNumber": 101 - }, - { - "CidrBlock": "0.0.0.0/0", - "Egress": true, - "Protocol": "-1", - "RuleAction": "deny", - "RuleNumber": 32767 - }, - { - "CidrBlock": "0.0.0.0/0", - "Egress": false, - "Protocol": "-1", - "RuleAction": "allow", - "RuleNumber": 100 - }, - { - "Egress": false, - "Ipv6CidrBlock": "::/0", - "Protocol": "-1", - "RuleAction": "allow", - "RuleNumber": 101 - }, - { - "CidrBlock": "0.0.0.0/0", - "Egress": false, - "Protocol": "-1", - "RuleAction": "deny", - "RuleNumber": 32767 - } - ], - "default": true, - "in_use": true, - "tags": [ - { - "Key": "GithubRepo", - "Value": "terraform-aws-rds-aurora" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Name", - "Value": "ex-rds-default" - }, - { - "Key": "Example", - "Value": "ex-rds" - } - ] - } - }, - "group": { - "name": "ec2" - }, - "labels": [ - "GithubRepo:terraform-aws-rds-aurora", - "GithubOrg:terraform-aws-modules", - "Name:ex-rds-default", - "Example:ex-rds" - ], - "name": "acl-082a37cbcfccab639", - "type": "AwsEc2NetworkAcl", - "uid": "arn:aws:ec2:eu-west-1:211203495394:network-acl/acl-082a37cbcfccab639" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required.", - "references": [ - "https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html" - ] - }, - "risk_details": "Even having a perimeter firewall, having network acls open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Network ACL acl-003cdd347f8609cc2 has Microsoft RDP port 3389 open to the Internet.", - "metadata": { - "event_code": "ec2_networkacl_allow_ingress_tcp_port_3389", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Network ACL acl-003cdd347f8609cc2 has Microsoft RDP port 3389 open to the Internet.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_6_6" - ], - "C5-2025": [ - "PI-01.01AC" - ], - "CIS-3.0": [ - "5.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.1", - "2.6.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "5.2" - ], - "PCI-4.0": [ - "1.2.8.21", - "1.3.1.24", - "1.3.2.24", - "1.4.2.22", - "1.5.1.21", - "A1.1.3.21" - ], - "PCI-3.2.1": [ - "1.2", - "1.2.1", - "1.2.1.a", - "1.2.1.b", - "1.2.1.c", - "1.2.3", - "1.2.3.b", - "1.3", - "1.3.2" - ], - "CIS-5.0": [ - "5.2" - ], - "CIS-1.4": [ - "5.1" - ], - "CCC": [ - "CCC.MLDE.CN07.AR02", - "CCC.Core.CN05.AR05" - ], - "ProwlerThreatScore-1.0": [ - "2.1.3" - ], - "AWS-Foundational-Security-Best-Practices": [ - "EC2.21" - ], - "CIS-1.5": [ - "5.1" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP03" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "KISA-ISMS-P-2023": [ - "2.6.1", - "2.6.6", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1199", - "T1048", - "T1499", - "T1498", - "T1046" - ], - "CIS-2.0": [ - "5.1" - ], - "NIS2": [ - "6.7.2.g" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure no Network ACLs allow ingress from 0.0.0.0/0 to Microsoft RDP port 3389", - "title": "Ensure no Network ACLs allow ingress from 0.0.0.0/0 to Microsoft RDP port 3389", - "types": [ - "Infrastructure Security" - ], - "uid": "prowler-aws-ec2_networkacl_allow_ingress_tcp_port_3389-211203495394-eu-west-1-acl-003cdd347f8609cc2" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "acl-003cdd347f8609cc2", - "arn": "arn:aws:ec2:eu-west-1:211203495394:network-acl/acl-003cdd347f8609cc2", - "name": "", - "region": "eu-west-1", - "entries": [ - { - "CidrBlock": "0.0.0.0/0", - "Egress": true, - "Protocol": "-1", - "RuleAction": "allow", - "RuleNumber": 100 - }, - { - "CidrBlock": "0.0.0.0/0", - "Egress": true, - "Protocol": "-1", - "RuleAction": "deny", - "RuleNumber": 32767 - }, - { - "CidrBlock": "0.0.0.0/0", - "Egress": false, - "Protocol": "-1", - "RuleAction": "allow", - "RuleNumber": 100 - }, - { - "CidrBlock": "0.0.0.0/0", - "Egress": false, - "Protocol": "-1", - "RuleAction": "deny", - "RuleNumber": 32767 - } - ], - "default": true, - "in_use": true, - "tags": [] - } - }, - "group": { - "name": "ec2" - }, - "labels": [], - "name": "acl-003cdd347f8609cc2", - "type": "AwsEc2NetworkAcl", - "uid": "arn:aws:ec2:eu-west-1:211203495394:network-acl/acl-003cdd347f8609cc2" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required.", - "references": [ - "https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html" - ] - }, - "risk_details": "Even having a perimeter firewall, having network acls open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Network ACL ex-rds-default has Microsoft RDP port 3389 open to the Internet.", - "metadata": { - "event_code": "ec2_networkacl_allow_ingress_tcp_port_3389", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Network ACL ex-rds-default has Microsoft RDP port 3389 open to the Internet.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_6_6" - ], - "C5-2025": [ - "PI-01.01AC" - ], - "CIS-3.0": [ - "5.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.1", - "2.6.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "5.2" - ], - "PCI-4.0": [ - "1.2.8.21", - "1.3.1.24", - "1.3.2.24", - "1.4.2.22", - "1.5.1.21", - "A1.1.3.21" - ], - "PCI-3.2.1": [ - "1.2", - "1.2.1", - "1.2.1.a", - "1.2.1.b", - "1.2.1.c", - "1.2.3", - "1.2.3.b", - "1.3", - "1.3.2" - ], - "CIS-5.0": [ - "5.2" - ], - "CIS-1.4": [ - "5.1" - ], - "CCC": [ - "CCC.MLDE.CN07.AR02", - "CCC.Core.CN05.AR05" - ], - "ProwlerThreatScore-1.0": [ - "2.1.3" - ], - "AWS-Foundational-Security-Best-Practices": [ - "EC2.21" - ], - "CIS-1.5": [ - "5.1" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP03" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "KISA-ISMS-P-2023": [ - "2.6.1", - "2.6.6", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1199", - "T1048", - "T1499", - "T1498", - "T1046" - ], - "CIS-2.0": [ - "5.1" - ], - "NIS2": [ - "6.7.2.g" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure no Network ACLs allow ingress from 0.0.0.0/0 to Microsoft RDP port 3389", - "title": "Ensure no Network ACLs allow ingress from 0.0.0.0/0 to Microsoft RDP port 3389", - "types": [ - "Infrastructure Security" - ], - "uid": "prowler-aws-ec2_networkacl_allow_ingress_tcp_port_3389-211203495394-eu-west-1-acl-082a37cbcfccab639" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "acl-082a37cbcfccab639", - "arn": "arn:aws:ec2:eu-west-1:211203495394:network-acl/acl-082a37cbcfccab639", - "name": "ex-rds-default", - "region": "eu-west-1", - "entries": [ - { - "CidrBlock": "0.0.0.0/0", - "Egress": true, - "Protocol": "-1", - "RuleAction": "allow", - "RuleNumber": 100 - }, - { - "Egress": true, - "Ipv6CidrBlock": "::/0", - "Protocol": "-1", - "RuleAction": "allow", - "RuleNumber": 101 - }, - { - "CidrBlock": "0.0.0.0/0", - "Egress": true, - "Protocol": "-1", - "RuleAction": "deny", - "RuleNumber": 32767 - }, - { - "CidrBlock": "0.0.0.0/0", - "Egress": false, - "Protocol": "-1", - "RuleAction": "allow", - "RuleNumber": 100 - }, - { - "Egress": false, - "Ipv6CidrBlock": "::/0", - "Protocol": "-1", - "RuleAction": "allow", - "RuleNumber": 101 - }, - { - "CidrBlock": "0.0.0.0/0", - "Egress": false, - "Protocol": "-1", - "RuleAction": "deny", - "RuleNumber": 32767 - } - ], - "default": true, - "in_use": true, - "tags": [ - { - "Key": "GithubRepo", - "Value": "terraform-aws-rds-aurora" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Name", - "Value": "ex-rds-default" - }, - { - "Key": "Example", - "Value": "ex-rds" - } - ] - } - }, - "group": { - "name": "ec2" - }, - "labels": [ - "GithubRepo:terraform-aws-rds-aurora", - "GithubOrg:terraform-aws-modules", - "Name:ex-rds-default", - "Example:ex-rds" - ], - "name": "acl-082a37cbcfccab639", - "type": "AwsEc2NetworkAcl", - "uid": "arn:aws:ec2:eu-west-1:211203495394:network-acl/acl-082a37cbcfccab639" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required.", - "references": [ - "https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html" - ] - }, - "risk_details": "Even having a perimeter firewall, having network acls open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Security group ex-vpc-vpc-endpoints-20251019183704849500000005 (sg-029c322294e89e3d0) does not have all ports open to the Internet.", - "metadata": { - "event_code": "ec2_securitygroup_allow_ingress_from_internet_to_all_ports", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "PASS", - "status_detail": "Security group ex-vpc-vpc-endpoints-20251019183704849500000005 (sg-029c322294e89e3d0) does not have all ports open to the Internet.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_6_6" - ], - "C5-2025": [ - "PI-01.01AC" - ], - "CIS-3.0": [ - "5.2", - "5.3" - ], - "ENS-RD2022": [ - "mp.com.1.aws.sg.2" - ], - "AWS-Foundational-Technical-Review": [ - "NETSEC-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.1", - "2.6.2", - "2.6.4", - "2.6.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "5.3", - "5.4" - ], - "PCI-3.2.1": [ - "1.1", - "1.1.4", - "1.1.4.c", - "1.2", - "1.2.1", - "1.2.1.a", - "1.2.1.b", - "1.2.1.c", - "1.2.3", - "1.2.3.b", - "1.3", - "1.3.2", - "1.3.5" - ], - "CIS-5.0": [ - "5.3", - "5.4" - ], - "CIS-1.4": [ - "5.2" - ], - "CCC": [ - "CCC.MLDE.CN04.AR01", - "CCC.MLDE.CN04.AR02", - "CCC.MLDE.CN07.AR01", - "CCC.MLDE.CN07.AR02", - "CCC.VPC.CN01.AR01", - "CCC.Core.CN01.AR02", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR05" - ], - "ProwlerThreatScore-1.0": [ - "2.1.4" - ], - "CIS-1.5": [ - "5.2", - "5.3" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP03" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "KISA-ISMS-P-2023": [ - "2.6.1", - "2.6.2", - "2.6.4", - "2.6.6", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1199", - "T1048", - "T1499", - "T1498", - "T1046" - ], - "CIS-2.0": [ - "5.2", - "5.3" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to all ports.", - "title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to all ports.", - "types": [ - "Infrastructure Security" - ], - "uid": "prowler-aws-ec2_securitygroup_allow_ingress_from_internet_to_all_ports-211203495394-eu-west-1-sg-029c322294e89e3d0" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "ex-vpc-vpc-endpoints-20251019183704849500000005", - "metadata": { - "name": "ex-vpc-vpc-endpoints-20251019183704849500000005", - "region": "eu-west-1", - "arn": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-029c322294e89e3d0", - "id": "sg-029c322294e89e3d0", - "vpc_id": "vpc-007d791b9b857543e", - "associated_sgs": [], - "network_interfaces": [ - { - "id": "eni-0d52b90c56c30aaaf", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0543d816a10754034", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.10", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0c1065c914ddc0b88", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0f63eab8e95aa977f", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.100", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0fa50413d12043097", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0c9f85f08db46cc47", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.143", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0ab252a7dc8378f9e", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-09dd4c839f588ef37", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.180", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0affc8cb976d281e4", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-02d80e2d22cb22d04", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.178", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0b0549e20044315f3", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0c5c806199955154b", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.60", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0cc527ecbe7a26eaf", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0fbed747547fe0b21", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.9", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0cd4fcd4819d5a0b7", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-01492c978b95da32f", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.10", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-00e49c1a350a96c62", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-05a60d3e43687578c", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.107", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0412563bcfde47c07", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0a5da01736971c566", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.10", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0eee78be32276dc65", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0cce8dafaabedfaa6", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.114", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0b032bdd6415e28d2", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-069213b1daba0d2fa", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.130", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - } - ], - "ingress_rules": [ - { - "IpProtocol": "tcp", - "FromPort": 443, - "ToPort": 443, - "UserIdGroupPairs": [], - "IpRanges": [ - { - "Description": "HTTPS from VPC", - "CidrIp": "10.0.0.0/16" - } - ], - "Ipv6Ranges": [], - "PrefixListIds": [] - } - ], - "egress_rules": [], - "tags": [ - { - "Key": "Project", - "Value": "Secret" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Name", - "Value": "ex-vpc-vpc-endpoints-" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Endpoint", - "Value": "true" - }, - { - "Key": "Example", - "Value": "ex-vpc" - } - ] - } - }, - "group": { - "name": "ec2" - }, - "labels": [ - "Project:Secret", - "GithubOrg:terraform-aws-modules", - "Name:ex-vpc-vpc-endpoints-", - "GithubRepo:terraform-aws-vpc", - "Endpoint:true", - "Example:ex-vpc" - ], - "name": "sg-029c322294e89e3d0", - "type": "AwsEc2SecurityGroup", - "uid": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-029c322294e89e3d0" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", - "references": [ - "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" - ] - }, - "risk_details": "If Security groups are not properly configured the attack surface is increased. An attacker could exploit this misconfiguration to gain unauthorized access to resources.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Security group ex-vpc-rds20251019183702376100000002 (sg-0a8033bb48cc40a41) does not have all ports open to the Internet.", - "metadata": { - "event_code": "ec2_securitygroup_allow_ingress_from_internet_to_all_ports", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "PASS", - "status_detail": "Security group ex-vpc-rds20251019183702376100000002 (sg-0a8033bb48cc40a41) does not have all ports open to the Internet.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_6_6" - ], - "C5-2025": [ - "PI-01.01AC" - ], - "CIS-3.0": [ - "5.2", - "5.3" - ], - "ENS-RD2022": [ - "mp.com.1.aws.sg.2" - ], - "AWS-Foundational-Technical-Review": [ - "NETSEC-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.1", - "2.6.2", - "2.6.4", - "2.6.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "5.3", - "5.4" - ], - "PCI-3.2.1": [ - "1.1", - "1.1.4", - "1.1.4.c", - "1.2", - "1.2.1", - "1.2.1.a", - "1.2.1.b", - "1.2.1.c", - "1.2.3", - "1.2.3.b", - "1.3", - "1.3.2", - "1.3.5" - ], - "CIS-5.0": [ - "5.3", - "5.4" - ], - "CIS-1.4": [ - "5.2" - ], - "CCC": [ - "CCC.MLDE.CN04.AR01", - "CCC.MLDE.CN04.AR02", - "CCC.MLDE.CN07.AR01", - "CCC.MLDE.CN07.AR02", - "CCC.VPC.CN01.AR01", - "CCC.Core.CN01.AR02", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR05" - ], - "ProwlerThreatScore-1.0": [ - "2.1.4" - ], - "CIS-1.5": [ - "5.2", - "5.3" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP03" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "KISA-ISMS-P-2023": [ - "2.6.1", - "2.6.2", - "2.6.4", - "2.6.6", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1199", - "T1048", - "T1499", - "T1498", - "T1046" - ], - "CIS-2.0": [ - "5.2", - "5.3" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to all ports.", - "title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to all ports.", - "types": [ - "Infrastructure Security" - ], - "uid": "prowler-aws-ec2_securitygroup_allow_ingress_from_internet_to_all_ports-211203495394-eu-west-1-sg-0a8033bb48cc40a41" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "ex-vpc-rds20251019183702376100000002", - "metadata": { - "name": "ex-vpc-rds20251019183702376100000002", - "region": "eu-west-1", - "arn": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-0a8033bb48cc40a41", - "id": "sg-0a8033bb48cc40a41", - "vpc_id": "vpc-007d791b9b857543e", - "associated_sgs": [], - "network_interfaces": [ - { - "id": "eni-0c1065c914ddc0b88", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0f63eab8e95aa977f", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.100", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0b0549e20044315f3", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0c5c806199955154b", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.60", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-00e49c1a350a96c62", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-05a60d3e43687578c", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.107", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - } - ], - "ingress_rules": [ - { - "IpProtocol": "tcp", - "FromPort": 5432, - "ToPort": 5432, - "UserIdGroupPairs": [], - "IpRanges": [ - { - "Description": "TLS from VPC", - "CidrIp": "10.0.0.0/16" - } - ], - "Ipv6Ranges": [], - "PrefixListIds": [] - } - ], - "egress_rules": [], - "tags": [ - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - } - ] - } - }, - "group": { - "name": "ec2" - }, - "labels": [ - "GithubOrg:terraform-aws-modules", - "Example:ex-vpc", - "GithubRepo:terraform-aws-vpc" - ], - "name": "sg-0a8033bb48cc40a41", - "type": "AwsEc2SecurityGroup", - "uid": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-0a8033bb48cc40a41" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", - "references": [ - "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" - ] - }, - "risk_details": "If Security groups are not properly configured the attack surface is increased. An attacker could exploit this misconfiguration to gain unauthorized access to resources.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Security group ex-vpc-vpc-endpoints-20251019183704849500000005 (sg-029c322294e89e3d0) does not have any port open to the Internet.", - "metadata": { - "event_code": "ec2_securitygroup_allow_ingress_from_internet_to_any_port", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Security group ex-vpc-vpc-endpoints-20251019183704849500000005 (sg-029c322294e89e3d0) does not have any port open to the Internet.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_6_6" - ], - "C5-2025": [ - "PI-01.01AC" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.1", - "2.6.2", - "2.6.4", - "2.6.6", - "2.10.2" - ], - "PCI-4.0": [ - "1.2.5.17", - "1.2.8.41", - "1.3.1.45", - "1.3.2.45", - "1.4.2.43", - "1.5.1.40", - "2.2.5.17", - "A1.1.3.40" - ], - "CCC": [ - "CCC.VPC.CN01.AR01" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "KISA-ISMS-P-2023": [ - "2.6.1", - "2.6.2", - "2.6.4", - "2.6.6", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port and not attached to a network interface with not allowed network interface types or instance owners. By default, the allowed network interface types are 'api_gateway_managed' and 'vpc_endpoint', and the allowed instance owners are 'amazon-elb', you can customize these values by setting the 'ec2_allowed_interface_types' and 'ec2_allowed_instance_owners' variables.", - "title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port.", - "types": [ - "Infrastructure Security" - ], - "uid": "prowler-aws-ec2_securitygroup_allow_ingress_from_internet_to_any_port-211203495394-eu-west-1-sg-029c322294e89e3d0" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "ex-vpc-vpc-endpoints-20251019183704849500000005", - "metadata": { - "name": "ex-vpc-vpc-endpoints-20251019183704849500000005", - "region": "eu-west-1", - "arn": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-029c322294e89e3d0", - "id": "sg-029c322294e89e3d0", - "vpc_id": "vpc-007d791b9b857543e", - "associated_sgs": [], - "network_interfaces": [ - { - "id": "eni-0d52b90c56c30aaaf", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0543d816a10754034", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.10", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0c1065c914ddc0b88", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0f63eab8e95aa977f", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.100", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0fa50413d12043097", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0c9f85f08db46cc47", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.143", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0ab252a7dc8378f9e", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-09dd4c839f588ef37", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.180", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0affc8cb976d281e4", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-02d80e2d22cb22d04", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.178", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0b0549e20044315f3", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0c5c806199955154b", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.60", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0cc527ecbe7a26eaf", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0fbed747547fe0b21", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.9", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0cd4fcd4819d5a0b7", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-01492c978b95da32f", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.10", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-00e49c1a350a96c62", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-05a60d3e43687578c", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.107", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0412563bcfde47c07", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0a5da01736971c566", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.10", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0eee78be32276dc65", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0cce8dafaabedfaa6", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.114", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0b032bdd6415e28d2", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-069213b1daba0d2fa", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.130", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - } - ], - "ingress_rules": [ - { - "IpProtocol": "tcp", - "FromPort": 443, - "ToPort": 443, - "UserIdGroupPairs": [], - "IpRanges": [ - { - "Description": "HTTPS from VPC", - "CidrIp": "10.0.0.0/16" - } - ], - "Ipv6Ranges": [], - "PrefixListIds": [] - } - ], - "egress_rules": [], - "tags": [ - { - "Key": "Project", - "Value": "Secret" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Name", - "Value": "ex-vpc-vpc-endpoints-" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Endpoint", - "Value": "true" - }, - { - "Key": "Example", - "Value": "ex-vpc" - } - ] - } - }, - "group": { - "name": "ec2" - }, - "labels": [ - "Project:Secret", - "GithubOrg:terraform-aws-modules", - "Name:ex-vpc-vpc-endpoints-", - "GithubRepo:terraform-aws-vpc", - "Endpoint:true", - "Example:ex-vpc" - ], - "name": "sg-029c322294e89e3d0", - "type": "AwsEc2SecurityGroup", - "uid": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-029c322294e89e3d0" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", - "references": [ - "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" - ] - }, - "risk_details": "The security group allows all traffic from the internet to any port. This could allow an attacker to access the instance.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Security group ex-vpc-rds20251019183702376100000002 (sg-0a8033bb48cc40a41) does not have any port open to the Internet.", - "metadata": { - "event_code": "ec2_securitygroup_allow_ingress_from_internet_to_any_port", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Security group ex-vpc-rds20251019183702376100000002 (sg-0a8033bb48cc40a41) does not have any port open to the Internet.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_6_6" - ], - "C5-2025": [ - "PI-01.01AC" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.1", - "2.6.2", - "2.6.4", - "2.6.6", - "2.10.2" - ], - "PCI-4.0": [ - "1.2.5.17", - "1.2.8.41", - "1.3.1.45", - "1.3.2.45", - "1.4.2.43", - "1.5.1.40", - "2.2.5.17", - "A1.1.3.40" - ], - "CCC": [ - "CCC.VPC.CN01.AR01" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "KISA-ISMS-P-2023": [ - "2.6.1", - "2.6.2", - "2.6.4", - "2.6.6", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port and not attached to a network interface with not allowed network interface types or instance owners. By default, the allowed network interface types are 'api_gateway_managed' and 'vpc_endpoint', and the allowed instance owners are 'amazon-elb', you can customize these values by setting the 'ec2_allowed_interface_types' and 'ec2_allowed_instance_owners' variables.", - "title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port.", - "types": [ - "Infrastructure Security" - ], - "uid": "prowler-aws-ec2_securitygroup_allow_ingress_from_internet_to_any_port-211203495394-eu-west-1-sg-0a8033bb48cc40a41" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "ex-vpc-rds20251019183702376100000002", - "metadata": { - "name": "ex-vpc-rds20251019183702376100000002", - "region": "eu-west-1", - "arn": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-0a8033bb48cc40a41", - "id": "sg-0a8033bb48cc40a41", - "vpc_id": "vpc-007d791b9b857543e", - "associated_sgs": [], - "network_interfaces": [ - { - "id": "eni-0c1065c914ddc0b88", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0f63eab8e95aa977f", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.100", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0b0549e20044315f3", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0c5c806199955154b", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.60", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-00e49c1a350a96c62", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-05a60d3e43687578c", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.107", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - } - ], - "ingress_rules": [ - { - "IpProtocol": "tcp", - "FromPort": 5432, - "ToPort": 5432, - "UserIdGroupPairs": [], - "IpRanges": [ - { - "Description": "TLS from VPC", - "CidrIp": "10.0.0.0/16" - } - ], - "Ipv6Ranges": [], - "PrefixListIds": [] - } - ], - "egress_rules": [], - "tags": [ - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - } - ] - } - }, - "group": { - "name": "ec2" - }, - "labels": [ - "GithubOrg:terraform-aws-modules", - "Example:ex-vpc", - "GithubRepo:terraform-aws-vpc" - ], - "name": "sg-0a8033bb48cc40a41", - "type": "AwsEc2SecurityGroup", - "uid": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-0a8033bb48cc40a41" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", - "references": [ - "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" - ] - }, - "risk_details": "The security group allows all traffic from the internet to any port. This could allow an attacker to access the instance.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Security group ex-vpc-vpc-endpoints-20251019183704849500000005 (sg-029c322294e89e3d0) does not have any high-risk port open to the Internet.", - "metadata": { - "event_code": "ec2_securitygroup_allow_ingress_from_internet_to_high_risk_tcp_ports", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "PASS", - "status_detail": "Security group ex-vpc-vpc-endpoints-20251019183704849500000005 (sg-029c322294e89e3d0) does not have any high-risk port open to the Internet.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_6_6" - ], - "C5-2025": [ - "OIS-05.03B", - "PI-01.01AC" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.1", - "2.6.2", - "2.6.4", - "2.6.6", - "2.10.2" - ], - "ProwlerThreatScore-1.0": [ - "2.1.7" - ], - "AWS-Foundational-Security-Best-Practices": [ - "EC2.19" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "KISA-ISMS-P-2023": [ - "2.6.1", - "2.6.2", - "2.6.4", - "2.6.6", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to ports 25(SMTP), 110(POP3), 135(RCP), 143(IMAP), 445(CIFS), 3000(Go, Node.js, and Ruby web developemnt frameworks), 4333(ahsp), 5000(Python web development frameworks), 5500(fcp-addr-srvr1), 8080(proxy), 8088(legacy HTTP port).", - "title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to high risk ports.", - "types": [ - "Infrastructure Security" - ], - "uid": "prowler-aws-ec2_securitygroup_allow_ingress_from_internet_to_high_risk_tcp_ports-211203495394-eu-west-1-sg-029c322294e89e3d0" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "ex-vpc-vpc-endpoints-20251019183704849500000005", - "metadata": { - "name": "ex-vpc-vpc-endpoints-20251019183704849500000005", - "region": "eu-west-1", - "arn": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-029c322294e89e3d0", - "id": "sg-029c322294e89e3d0", - "vpc_id": "vpc-007d791b9b857543e", - "associated_sgs": [], - "network_interfaces": [ - { - "id": "eni-0d52b90c56c30aaaf", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0543d816a10754034", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.10", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0c1065c914ddc0b88", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0f63eab8e95aa977f", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.100", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0fa50413d12043097", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0c9f85f08db46cc47", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.143", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0ab252a7dc8378f9e", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-09dd4c839f588ef37", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.180", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0affc8cb976d281e4", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-02d80e2d22cb22d04", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.178", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0b0549e20044315f3", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0c5c806199955154b", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.60", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0cc527ecbe7a26eaf", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0fbed747547fe0b21", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.9", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0cd4fcd4819d5a0b7", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-01492c978b95da32f", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.10", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-00e49c1a350a96c62", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-05a60d3e43687578c", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.107", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0412563bcfde47c07", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0a5da01736971c566", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.10", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0eee78be32276dc65", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0cce8dafaabedfaa6", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.114", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0b032bdd6415e28d2", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-069213b1daba0d2fa", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.130", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - } - ], - "ingress_rules": [ - { - "IpProtocol": "tcp", - "FromPort": 443, - "ToPort": 443, - "UserIdGroupPairs": [], - "IpRanges": [ - { - "Description": "HTTPS from VPC", - "CidrIp": "10.0.0.0/16" - } - ], - "Ipv6Ranges": [], - "PrefixListIds": [] - } - ], - "egress_rules": [], - "tags": [ - { - "Key": "Project", - "Value": "Secret" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Name", - "Value": "ex-vpc-vpc-endpoints-" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Endpoint", - "Value": "true" - }, - { - "Key": "Example", - "Value": "ex-vpc" - } - ] - } - }, - "group": { - "name": "ec2" - }, - "labels": [ - "Project:Secret", - "GithubOrg:terraform-aws-modules", - "Name:ex-vpc-vpc-endpoints-", - "GithubRepo:terraform-aws-vpc", - "Endpoint:true", - "Example:ex-vpc" - ], - "name": "sg-029c322294e89e3d0", - "type": "AwsEc2SecurityGroup", - "uid": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-029c322294e89e3d0" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", - "references": [ - "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" - ] - }, - "risk_details": "If Security groups are not properly configured the attack surface is increased.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Security group ex-vpc-rds20251019183702376100000002 (sg-0a8033bb48cc40a41) does not have any high-risk port open to the Internet.", - "metadata": { - "event_code": "ec2_securitygroup_allow_ingress_from_internet_to_high_risk_tcp_ports", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "PASS", - "status_detail": "Security group ex-vpc-rds20251019183702376100000002 (sg-0a8033bb48cc40a41) does not have any high-risk port open to the Internet.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_6_6" - ], - "C5-2025": [ - "OIS-05.03B", - "PI-01.01AC" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.1", - "2.6.2", - "2.6.4", - "2.6.6", - "2.10.2" - ], - "ProwlerThreatScore-1.0": [ - "2.1.7" - ], - "AWS-Foundational-Security-Best-Practices": [ - "EC2.19" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "KISA-ISMS-P-2023": [ - "2.6.1", - "2.6.2", - "2.6.4", - "2.6.6", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to ports 25(SMTP), 110(POP3), 135(RCP), 143(IMAP), 445(CIFS), 3000(Go, Node.js, and Ruby web developemnt frameworks), 4333(ahsp), 5000(Python web development frameworks), 5500(fcp-addr-srvr1), 8080(proxy), 8088(legacy HTTP port).", - "title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to high risk ports.", - "types": [ - "Infrastructure Security" - ], - "uid": "prowler-aws-ec2_securitygroup_allow_ingress_from_internet_to_high_risk_tcp_ports-211203495394-eu-west-1-sg-0a8033bb48cc40a41" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "ex-vpc-rds20251019183702376100000002", - "metadata": { - "name": "ex-vpc-rds20251019183702376100000002", - "region": "eu-west-1", - "arn": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-0a8033bb48cc40a41", - "id": "sg-0a8033bb48cc40a41", - "vpc_id": "vpc-007d791b9b857543e", - "associated_sgs": [], - "network_interfaces": [ - { - "id": "eni-0c1065c914ddc0b88", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0f63eab8e95aa977f", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.100", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0b0549e20044315f3", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0c5c806199955154b", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.60", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-00e49c1a350a96c62", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-05a60d3e43687578c", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.107", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - } - ], - "ingress_rules": [ - { - "IpProtocol": "tcp", - "FromPort": 5432, - "ToPort": 5432, - "UserIdGroupPairs": [], - "IpRanges": [ - { - "Description": "TLS from VPC", - "CidrIp": "10.0.0.0/16" - } - ], - "Ipv6Ranges": [], - "PrefixListIds": [] - } - ], - "egress_rules": [], - "tags": [ - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - } - ] - } - }, - "group": { - "name": "ec2" - }, - "labels": [ - "GithubOrg:terraform-aws-modules", - "Example:ex-vpc", - "GithubRepo:terraform-aws-vpc" - ], - "name": "sg-0a8033bb48cc40a41", - "type": "AwsEc2SecurityGroup", - "uid": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-0a8033bb48cc40a41" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", - "references": [ - "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" - ] - }, - "risk_details": "If Security groups are not properly configured the attack surface is increased.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Security group ex-vpc-vpc-endpoints-20251019183704849500000005 (sg-029c322294e89e3d0) does not have SSH port 22 open to the Internet.", - "metadata": { - "event_code": "ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Security group ex-vpc-vpc-endpoints-20251019183704849500000005 (sg-029c322294e89e3d0) does not have SSH port 22 open to the Internet.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_1", - "3_1_2", - "3_1_3", - "3_1_14", - "3_1_20", - "3_4_7", - "3_13_1", - "3_13_2", - "3_13_5", - "3_13_6" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_5_1", - "annex_i_7_3" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_312_e_1" - ], - "SOC2": [ - "cc_6_6", - "cc_7_2" - ], - "C5-2025": [ - "PI-01.01AC" - ], - "NIST-CSF-1.1": [ - "ae_1", - "ac_3", - "ac_5", - "ds_7", - "pt_4" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-4", - "ac-17-1", - "cm-2", - "sc-4", - "sc-7-3", - "sc-7" - ], - "CIS-3.0": [ - "5.2", - "5.3" - ], - "NIST-800-53-Revision-5": [ - "ac_17_b", - "ac_17_1", - "ac_17_9", - "ac_17_10", - "cm_9_b", - "sc_7_7", - "sc_7_11", - "sc_7_12", - "sc_7_16", - "sc_7_21", - "sc_7_24_b", - "sc_7_25", - "sc_7_26", - "sc_7_27", - "sc_7_28", - "sc_7_a", - "sc_7_c" - ], - "AWS-Foundational-Technical-Review": [ - "NETSEC-001" - ], - "AWS-Audit-Manager-Control-Tower-Guardrails": [ - "2.0.2" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.1", - "2.6.2", - "2.6.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "5.3", - "5.4" - ], - "PCI-4.0": [ - "1.2.8.17", - "1.3.1.19", - "1.3.2.19", - "1.4.2.18", - "1.5.1.17", - "A1.1.3.17" - ], - "FedRAMP-Low-Revision-4": [ - "ac-17", - "cm-2", - "sc-7" - ], - "FFIEC": [ - "d3-pc-am-b-10", - "d3-pc-im-b-1", - "d3-pc-im-b-2", - "d3-pc-im-b-6", - "d4-c-co-b-2" - ], - "PCI-3.2.1": [ - "1.2", - "1.2.1", - "1.2.1.a", - "1.2.1.b", - "1.2.1.c", - "1.3", - "1.3.1", - "2.2", - "2.2.2" - ], - "CIS-5.0": [ - "5.3", - "5.4" - ], - "CIS-1.4": [ - "5.2" - ], - "CCC": [ - "CCC.MLDE.CN04.AR01", - "CCC.MLDE.CN04.AR02", - "CCC.MLDE.CN07.AR02", - "CCC.Core.CN01.AR02", - "CCC.Core.CN05.AR05" - ], - "GxP-21-CFR-Part-11": [ - "11.10-d", - "11.10-g" - ], - "ProwlerThreatScore-1.0": [ - "2.1.4", - "2.1.7" - ], - "AWS-Foundational-Security-Best-Practices": [ - "EC2.13" - ], - "CIS-1.5": [ - "5.2", - "5.3" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP03" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "NIST-800-53-Revision-4": [ - "ac_4", - "sc_7_3", - "sc_7" - ], - "KISA-ISMS-P-2023": [ - "2.6.1", - "2.6.2", - "2.6.6", - "2.10.2" - ], - "ISO27001-2013": [ - "A.12.6", - "A.13.1" - ], - "MITRE-ATTACK": [ - "T1199", - "T1048", - "T1499", - "T1498", - "T1046" - ], - "CIS-2.0": [ - "5.2", - "5.3" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22.", - "title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22.", - "types": [ - "Infrastructure Security" - ], - "uid": "prowler-aws-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22-211203495394-eu-west-1-sg-029c322294e89e3d0" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "ex-vpc-vpc-endpoints-20251019183704849500000005", - "metadata": { - "name": "ex-vpc-vpc-endpoints-20251019183704849500000005", - "region": "eu-west-1", - "arn": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-029c322294e89e3d0", - "id": "sg-029c322294e89e3d0", - "vpc_id": "vpc-007d791b9b857543e", - "associated_sgs": [], - "network_interfaces": [ - { - "id": "eni-0d52b90c56c30aaaf", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0543d816a10754034", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.10", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0c1065c914ddc0b88", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0f63eab8e95aa977f", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.100", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0fa50413d12043097", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0c9f85f08db46cc47", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.143", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0ab252a7dc8378f9e", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-09dd4c839f588ef37", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.180", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0affc8cb976d281e4", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-02d80e2d22cb22d04", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.178", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0b0549e20044315f3", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0c5c806199955154b", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.60", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0cc527ecbe7a26eaf", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0fbed747547fe0b21", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.9", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0cd4fcd4819d5a0b7", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-01492c978b95da32f", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.10", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-00e49c1a350a96c62", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-05a60d3e43687578c", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.107", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0412563bcfde47c07", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0a5da01736971c566", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.10", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0eee78be32276dc65", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0cce8dafaabedfaa6", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.114", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0b032bdd6415e28d2", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-069213b1daba0d2fa", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.130", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - } - ], - "ingress_rules": [ - { - "IpProtocol": "tcp", - "FromPort": 443, - "ToPort": 443, - "UserIdGroupPairs": [], - "IpRanges": [ - { - "Description": "HTTPS from VPC", - "CidrIp": "10.0.0.0/16" - } - ], - "Ipv6Ranges": [], - "PrefixListIds": [] - } - ], - "egress_rules": [], - "tags": [ - { - "Key": "Project", - "Value": "Secret" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Name", - "Value": "ex-vpc-vpc-endpoints-" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Endpoint", - "Value": "true" - }, - { - "Key": "Example", - "Value": "ex-vpc" - } - ] - } - }, - "group": { - "name": "ec2" - }, - "labels": [ - "Project:Secret", - "GithubOrg:terraform-aws-modules", - "Name:ex-vpc-vpc-endpoints-", - "GithubRepo:terraform-aws-vpc", - "Endpoint:true", - "Example:ex-vpc" - ], - "name": "sg-029c322294e89e3d0", - "type": "AwsEc2SecurityGroup", - "uid": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-029c322294e89e3d0" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", - "references": [ - "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" - ] - }, - "risk_details": "If Security groups are not properly configured the attack surface is increased.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Security group ex-vpc-rds20251019183702376100000002 (sg-0a8033bb48cc40a41) does not have SSH port 22 open to the Internet.", - "metadata": { - "event_code": "ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Security group ex-vpc-rds20251019183702376100000002 (sg-0a8033bb48cc40a41) does not have SSH port 22 open to the Internet.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_1", - "3_1_2", - "3_1_3", - "3_1_14", - "3_1_20", - "3_4_7", - "3_13_1", - "3_13_2", - "3_13_5", - "3_13_6" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_5_1", - "annex_i_7_3" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_312_e_1" - ], - "SOC2": [ - "cc_6_6", - "cc_7_2" - ], - "C5-2025": [ - "PI-01.01AC" - ], - "NIST-CSF-1.1": [ - "ae_1", - "ac_3", - "ac_5", - "ds_7", - "pt_4" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-4", - "ac-17-1", - "cm-2", - "sc-4", - "sc-7-3", - "sc-7" - ], - "CIS-3.0": [ - "5.2", - "5.3" - ], - "NIST-800-53-Revision-5": [ - "ac_17_b", - "ac_17_1", - "ac_17_9", - "ac_17_10", - "cm_9_b", - "sc_7_7", - "sc_7_11", - "sc_7_12", - "sc_7_16", - "sc_7_21", - "sc_7_24_b", - "sc_7_25", - "sc_7_26", - "sc_7_27", - "sc_7_28", - "sc_7_a", - "sc_7_c" - ], - "AWS-Foundational-Technical-Review": [ - "NETSEC-001" - ], - "AWS-Audit-Manager-Control-Tower-Guardrails": [ - "2.0.2" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.1", - "2.6.2", - "2.6.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "5.3", - "5.4" - ], - "PCI-4.0": [ - "1.2.8.17", - "1.3.1.19", - "1.3.2.19", - "1.4.2.18", - "1.5.1.17", - "A1.1.3.17" - ], - "FedRAMP-Low-Revision-4": [ - "ac-17", - "cm-2", - "sc-7" - ], - "FFIEC": [ - "d3-pc-am-b-10", - "d3-pc-im-b-1", - "d3-pc-im-b-2", - "d3-pc-im-b-6", - "d4-c-co-b-2" - ], - "PCI-3.2.1": [ - "1.2", - "1.2.1", - "1.2.1.a", - "1.2.1.b", - "1.2.1.c", - "1.3", - "1.3.1", - "2.2", - "2.2.2" - ], - "CIS-5.0": [ - "5.3", - "5.4" - ], - "CIS-1.4": [ - "5.2" - ], - "CCC": [ - "CCC.MLDE.CN04.AR01", - "CCC.MLDE.CN04.AR02", - "CCC.MLDE.CN07.AR02", - "CCC.Core.CN01.AR02", - "CCC.Core.CN05.AR05" - ], - "GxP-21-CFR-Part-11": [ - "11.10-d", - "11.10-g" - ], - "ProwlerThreatScore-1.0": [ - "2.1.4", - "2.1.7" - ], - "AWS-Foundational-Security-Best-Practices": [ - "EC2.13" - ], - "CIS-1.5": [ - "5.2", - "5.3" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP03" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "NIST-800-53-Revision-4": [ - "ac_4", - "sc_7_3", - "sc_7" - ], - "KISA-ISMS-P-2023": [ - "2.6.1", - "2.6.2", - "2.6.6", - "2.10.2" - ], - "ISO27001-2013": [ - "A.12.6", - "A.13.1" - ], - "MITRE-ATTACK": [ - "T1199", - "T1048", - "T1499", - "T1498", - "T1046" - ], - "CIS-2.0": [ - "5.2", - "5.3" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22.", - "title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22.", - "types": [ - "Infrastructure Security" - ], - "uid": "prowler-aws-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22-211203495394-eu-west-1-sg-0a8033bb48cc40a41" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "ex-vpc-rds20251019183702376100000002", - "metadata": { - "name": "ex-vpc-rds20251019183702376100000002", - "region": "eu-west-1", - "arn": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-0a8033bb48cc40a41", - "id": "sg-0a8033bb48cc40a41", - "vpc_id": "vpc-007d791b9b857543e", - "associated_sgs": [], - "network_interfaces": [ - { - "id": "eni-0c1065c914ddc0b88", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0f63eab8e95aa977f", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.100", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0b0549e20044315f3", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0c5c806199955154b", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.60", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-00e49c1a350a96c62", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-05a60d3e43687578c", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.107", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - } - ], - "ingress_rules": [ - { - "IpProtocol": "tcp", - "FromPort": 5432, - "ToPort": 5432, - "UserIdGroupPairs": [], - "IpRanges": [ - { - "Description": "TLS from VPC", - "CidrIp": "10.0.0.0/16" - } - ], - "Ipv6Ranges": [], - "PrefixListIds": [] - } - ], - "egress_rules": [], - "tags": [ - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - } - ] - } - }, - "group": { - "name": "ec2" - }, - "labels": [ - "GithubOrg:terraform-aws-modules", - "Example:ex-vpc", - "GithubRepo:terraform-aws-vpc" - ], - "name": "sg-0a8033bb48cc40a41", - "type": "AwsEc2SecurityGroup", - "uid": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-0a8033bb48cc40a41" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", - "references": [ - "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" - ] - }, - "risk_details": "If Security groups are not properly configured the attack surface is increased.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Security group ex-vpc-vpc-endpoints-20251019183704849500000005 (sg-029c322294e89e3d0) does not have Microsoft RDP port 3389 open to the Internet.", - "metadata": { - "event_code": "ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Security group ex-vpc-vpc-endpoints-20251019183704849500000005 (sg-029c322294e89e3d0) does not have Microsoft RDP port 3389 open to the Internet.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "RBI-Cyber-Security-Framework": [ - "annex_i_1_3" - ], - "SOC2": [ - "cc_6_6" - ], - "C5-2025": [ - "PI-01.01AC" - ], - "CIS-3.0": [ - "5.2", - "5.3" - ], - "AWS-Foundational-Technical-Review": [ - "NETSEC-001" - ], - "AWS-Audit-Manager-Control-Tower-Guardrails": [ - "2.0.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.1", - "2.6.2", - "2.6.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "5.3", - "5.4" - ], - "CIS-5.0": [ - "5.3", - "5.4" - ], - "CIS-1.4": [ - "5.2" - ], - "CCC": [ - "CCC.MLDE.CN04.AR01", - "CCC.MLDE.CN07.AR02", - "CCC.Core.CN05.AR05" - ], - "ProwlerThreatScore-1.0": [ - "2.1.4", - "2.1.7" - ], - "AWS-Foundational-Security-Best-Practices": [ - "EC2.14" - ], - "CIS-1.5": [ - "5.2", - "5.3" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP03" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "KISA-ISMS-P-2023": [ - "2.6.1", - "2.6.2", - "2.6.6", - "2.10.2" - ], - "ISO27001-2013": [ - "A.12.6", - "A.13.1" - ], - "MITRE-ATTACK": [ - "T1199", - "T1048", - "T1499", - "T1498", - "T1046" - ], - "CIS-2.0": [ - "5.2", - "5.3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389.", - "title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389.", - "types": [ - "Infrastructure Security" - ], - "uid": "prowler-aws-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389-211203495394-eu-west-1-sg-029c322294e89e3d0" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "ex-vpc-vpc-endpoints-20251019183704849500000005", - "metadata": { - "name": "ex-vpc-vpc-endpoints-20251019183704849500000005", - "region": "eu-west-1", - "arn": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-029c322294e89e3d0", - "id": "sg-029c322294e89e3d0", - "vpc_id": "vpc-007d791b9b857543e", - "associated_sgs": [], - "network_interfaces": [ - { - "id": "eni-0d52b90c56c30aaaf", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0543d816a10754034", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.10", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0c1065c914ddc0b88", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0f63eab8e95aa977f", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.100", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0fa50413d12043097", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0c9f85f08db46cc47", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.143", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0ab252a7dc8378f9e", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-09dd4c839f588ef37", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.180", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0affc8cb976d281e4", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-02d80e2d22cb22d04", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.178", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0b0549e20044315f3", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0c5c806199955154b", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.60", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0cc527ecbe7a26eaf", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0fbed747547fe0b21", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.9", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0cd4fcd4819d5a0b7", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-01492c978b95da32f", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.10", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-00e49c1a350a96c62", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-05a60d3e43687578c", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.107", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0412563bcfde47c07", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0a5da01736971c566", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.10", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0eee78be32276dc65", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0cce8dafaabedfaa6", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.114", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0b032bdd6415e28d2", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-069213b1daba0d2fa", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.130", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - } - ], - "ingress_rules": [ - { - "IpProtocol": "tcp", - "FromPort": 443, - "ToPort": 443, - "UserIdGroupPairs": [], - "IpRanges": [ - { - "Description": "HTTPS from VPC", - "CidrIp": "10.0.0.0/16" - } - ], - "Ipv6Ranges": [], - "PrefixListIds": [] - } - ], - "egress_rules": [], - "tags": [ - { - "Key": "Project", - "Value": "Secret" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Name", - "Value": "ex-vpc-vpc-endpoints-" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Endpoint", - "Value": "true" - }, - { - "Key": "Example", - "Value": "ex-vpc" - } - ] - } - }, - "group": { - "name": "ec2" - }, - "labels": [ - "Project:Secret", - "GithubOrg:terraform-aws-modules", - "Name:ex-vpc-vpc-endpoints-", - "GithubRepo:terraform-aws-vpc", - "Endpoint:true", - "Example:ex-vpc" - ], - "name": "sg-029c322294e89e3d0", - "type": "AwsEc2SecurityGroup", - "uid": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-029c322294e89e3d0" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", - "references": [ - "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" - ] - }, - "risk_details": "If Security groups are not properly configured the attack surface is increased.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Security group ex-vpc-rds20251019183702376100000002 (sg-0a8033bb48cc40a41) does not have Microsoft RDP port 3389 open to the Internet.", - "metadata": { - "event_code": "ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Security group ex-vpc-rds20251019183702376100000002 (sg-0a8033bb48cc40a41) does not have Microsoft RDP port 3389 open to the Internet.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "RBI-Cyber-Security-Framework": [ - "annex_i_1_3" - ], - "SOC2": [ - "cc_6_6" - ], - "C5-2025": [ - "PI-01.01AC" - ], - "CIS-3.0": [ - "5.2", - "5.3" - ], - "AWS-Foundational-Technical-Review": [ - "NETSEC-001" - ], - "AWS-Audit-Manager-Control-Tower-Guardrails": [ - "2.0.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.1", - "2.6.2", - "2.6.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "5.3", - "5.4" - ], - "CIS-5.0": [ - "5.3", - "5.4" - ], - "CIS-1.4": [ - "5.2" - ], - "CCC": [ - "CCC.MLDE.CN04.AR01", - "CCC.MLDE.CN07.AR02", - "CCC.Core.CN05.AR05" - ], - "ProwlerThreatScore-1.0": [ - "2.1.4", - "2.1.7" - ], - "AWS-Foundational-Security-Best-Practices": [ - "EC2.14" - ], - "CIS-1.5": [ - "5.2", - "5.3" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP03" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "KISA-ISMS-P-2023": [ - "2.6.1", - "2.6.2", - "2.6.6", - "2.10.2" - ], - "ISO27001-2013": [ - "A.12.6", - "A.13.1" - ], - "MITRE-ATTACK": [ - "T1199", - "T1048", - "T1499", - "T1498", - "T1046" - ], - "CIS-2.0": [ - "5.2", - "5.3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389.", - "title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389.", - "types": [ - "Infrastructure Security" - ], - "uid": "prowler-aws-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389-211203495394-eu-west-1-sg-0a8033bb48cc40a41" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "ex-vpc-rds20251019183702376100000002", - "metadata": { - "name": "ex-vpc-rds20251019183702376100000002", - "region": "eu-west-1", - "arn": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-0a8033bb48cc40a41", - "id": "sg-0a8033bb48cc40a41", - "vpc_id": "vpc-007d791b9b857543e", - "associated_sgs": [], - "network_interfaces": [ - { - "id": "eni-0c1065c914ddc0b88", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0f63eab8e95aa977f", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.100", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0b0549e20044315f3", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0c5c806199955154b", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.60", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-00e49c1a350a96c62", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-05a60d3e43687578c", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.107", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - } - ], - "ingress_rules": [ - { - "IpProtocol": "tcp", - "FromPort": 5432, - "ToPort": 5432, - "UserIdGroupPairs": [], - "IpRanges": [ - { - "Description": "TLS from VPC", - "CidrIp": "10.0.0.0/16" - } - ], - "Ipv6Ranges": [], - "PrefixListIds": [] - } - ], - "egress_rules": [], - "tags": [ - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - } - ] - } - }, - "group": { - "name": "ec2" - }, - "labels": [ - "GithubOrg:terraform-aws-modules", - "Example:ex-vpc", - "GithubRepo:terraform-aws-vpc" - ], - "name": "sg-0a8033bb48cc40a41", - "type": "AwsEc2SecurityGroup", - "uid": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-0a8033bb48cc40a41" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", - "references": [ - "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" - ] - }, - "risk_details": "If Security groups are not properly configured the attack surface is increased.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Security group ex-vpc-vpc-endpoints-20251019183704849500000005 (sg-029c322294e89e3d0) does not have Casandra ports 7199, 8888 and 9160 open to the Internet.", - "metadata": { - "event_code": "ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Security group ex-vpc-vpc-endpoints-20251019183704849500000005 (sg-029c322294e89e3d0) does not have Casandra ports 7199, 8888 and 9160 open to the Internet.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_6_6" - ], - "C5-2025": [ - "PI-01.01AC" - ], - "AWS-Foundational-Technical-Review": [ - "NETSEC-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.1", - "2.6.4", - "2.10.2" - ], - "ProwlerThreatScore-1.0": [ - "2.1.7" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP03" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "KISA-ISMS-P-2023": [ - "2.6.1", - "2.6.4", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1199", - "T1048", - "T1499", - "T1498", - "T1046" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888.", - "title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888.", - "types": [ - "Infrastructure Security" - ], - "uid": "prowler-aws-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888-211203495394-eu-west-1-sg-029c322294e89e3d0" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "ex-vpc-vpc-endpoints-20251019183704849500000005", - "metadata": { - "name": "ex-vpc-vpc-endpoints-20251019183704849500000005", - "region": "eu-west-1", - "arn": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-029c322294e89e3d0", - "id": "sg-029c322294e89e3d0", - "vpc_id": "vpc-007d791b9b857543e", - "associated_sgs": [], - "network_interfaces": [ - { - "id": "eni-0d52b90c56c30aaaf", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0543d816a10754034", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.10", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0c1065c914ddc0b88", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0f63eab8e95aa977f", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.100", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0fa50413d12043097", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0c9f85f08db46cc47", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.143", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0ab252a7dc8378f9e", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-09dd4c839f588ef37", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.180", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0affc8cb976d281e4", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-02d80e2d22cb22d04", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.178", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0b0549e20044315f3", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0c5c806199955154b", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.60", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0cc527ecbe7a26eaf", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0fbed747547fe0b21", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.9", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0cd4fcd4819d5a0b7", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-01492c978b95da32f", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.10", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-00e49c1a350a96c62", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-05a60d3e43687578c", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.107", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0412563bcfde47c07", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0a5da01736971c566", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.10", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0eee78be32276dc65", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0cce8dafaabedfaa6", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.114", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0b032bdd6415e28d2", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-069213b1daba0d2fa", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.130", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - } - ], - "ingress_rules": [ - { - "IpProtocol": "tcp", - "FromPort": 443, - "ToPort": 443, - "UserIdGroupPairs": [], - "IpRanges": [ - { - "Description": "HTTPS from VPC", - "CidrIp": "10.0.0.0/16" - } - ], - "Ipv6Ranges": [], - "PrefixListIds": [] - } - ], - "egress_rules": [], - "tags": [ - { - "Key": "Project", - "Value": "Secret" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Name", - "Value": "ex-vpc-vpc-endpoints-" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Endpoint", - "Value": "true" - }, - { - "Key": "Example", - "Value": "ex-vpc" - } - ] - } - }, - "group": { - "name": "ec2" - }, - "labels": [ - "Project:Secret", - "GithubOrg:terraform-aws-modules", - "Name:ex-vpc-vpc-endpoints-", - "GithubRepo:terraform-aws-vpc", - "Endpoint:true", - "Example:ex-vpc" - ], - "name": "sg-029c322294e89e3d0", - "type": "AwsEc2SecurityGroup", - "uid": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-029c322294e89e3d0" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", - "references": [ - "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" - ] - }, - "risk_details": "If Security groups are not properly configured the attack surface is increased.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Security group ex-vpc-rds20251019183702376100000002 (sg-0a8033bb48cc40a41) does not have Casandra ports 7199, 8888 and 9160 open to the Internet.", - "metadata": { - "event_code": "ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Security group ex-vpc-rds20251019183702376100000002 (sg-0a8033bb48cc40a41) does not have Casandra ports 7199, 8888 and 9160 open to the Internet.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_6_6" - ], - "C5-2025": [ - "PI-01.01AC" - ], - "AWS-Foundational-Technical-Review": [ - "NETSEC-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.1", - "2.6.4", - "2.10.2" - ], - "ProwlerThreatScore-1.0": [ - "2.1.7" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP03" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "KISA-ISMS-P-2023": [ - "2.6.1", - "2.6.4", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1199", - "T1048", - "T1499", - "T1498", - "T1046" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888.", - "title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888.", - "types": [ - "Infrastructure Security" - ], - "uid": "prowler-aws-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888-211203495394-eu-west-1-sg-0a8033bb48cc40a41" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "ex-vpc-rds20251019183702376100000002", - "metadata": { - "name": "ex-vpc-rds20251019183702376100000002", - "region": "eu-west-1", - "arn": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-0a8033bb48cc40a41", - "id": "sg-0a8033bb48cc40a41", - "vpc_id": "vpc-007d791b9b857543e", - "associated_sgs": [], - "network_interfaces": [ - { - "id": "eni-0c1065c914ddc0b88", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0f63eab8e95aa977f", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.100", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0b0549e20044315f3", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0c5c806199955154b", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.60", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-00e49c1a350a96c62", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-05a60d3e43687578c", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.107", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - } - ], - "ingress_rules": [ - { - "IpProtocol": "tcp", - "FromPort": 5432, - "ToPort": 5432, - "UserIdGroupPairs": [], - "IpRanges": [ - { - "Description": "TLS from VPC", - "CidrIp": "10.0.0.0/16" - } - ], - "Ipv6Ranges": [], - "PrefixListIds": [] - } - ], - "egress_rules": [], - "tags": [ - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - } - ] - } - }, - "group": { - "name": "ec2" - }, - "labels": [ - "GithubOrg:terraform-aws-modules", - "Example:ex-vpc", - "GithubRepo:terraform-aws-vpc" - ], - "name": "sg-0a8033bb48cc40a41", - "type": "AwsEc2SecurityGroup", - "uid": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-0a8033bb48cc40a41" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", - "references": [ - "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" - ] - }, - "risk_details": "If Security groups are not properly configured the attack surface is increased.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Security group ex-vpc-vpc-endpoints-20251019183704849500000005 (sg-029c322294e89e3d0) does not have Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet.", - "metadata": { - "event_code": "ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Security group ex-vpc-vpc-endpoints-20251019183704849500000005 (sg-029c322294e89e3d0) does not have Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_6_6" - ], - "C5-2025": [ - "PI-01.01AC" - ], - "AWS-Foundational-Technical-Review": [ - "NETSEC-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.1", - "2.6.2", - "2.10.2" - ], - "CCC": [ - "CCC.MLDE.CN07.AR02" - ], - "ProwlerThreatScore-1.0": [ - "2.1.7" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP03" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "KISA-ISMS-P-2023": [ - "2.6.1", - "2.6.2", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1199", - "T1048", - "T1499", - "T1498", - "T1046" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports.", - "title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports.", - "types": [ - "Infrastructure Security" - ], - "uid": "prowler-aws-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601-211203495394-eu-west-1-sg-029c322294e89e3d0" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "ex-vpc-vpc-endpoints-20251019183704849500000005", - "metadata": { - "name": "ex-vpc-vpc-endpoints-20251019183704849500000005", - "region": "eu-west-1", - "arn": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-029c322294e89e3d0", - "id": "sg-029c322294e89e3d0", - "vpc_id": "vpc-007d791b9b857543e", - "associated_sgs": [], - "network_interfaces": [ - { - "id": "eni-0d52b90c56c30aaaf", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0543d816a10754034", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.10", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0c1065c914ddc0b88", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0f63eab8e95aa977f", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.100", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0fa50413d12043097", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0c9f85f08db46cc47", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.143", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0ab252a7dc8378f9e", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-09dd4c839f588ef37", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.180", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0affc8cb976d281e4", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-02d80e2d22cb22d04", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.178", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0b0549e20044315f3", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0c5c806199955154b", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.60", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0cc527ecbe7a26eaf", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0fbed747547fe0b21", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.9", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0cd4fcd4819d5a0b7", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-01492c978b95da32f", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.10", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-00e49c1a350a96c62", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-05a60d3e43687578c", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.107", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0412563bcfde47c07", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0a5da01736971c566", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.10", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0eee78be32276dc65", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0cce8dafaabedfaa6", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.114", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0b032bdd6415e28d2", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-069213b1daba0d2fa", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.130", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - } - ], - "ingress_rules": [ - { - "IpProtocol": "tcp", - "FromPort": 443, - "ToPort": 443, - "UserIdGroupPairs": [], - "IpRanges": [ - { - "Description": "HTTPS from VPC", - "CidrIp": "10.0.0.0/16" - } - ], - "Ipv6Ranges": [], - "PrefixListIds": [] - } - ], - "egress_rules": [], - "tags": [ - { - "Key": "Project", - "Value": "Secret" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Name", - "Value": "ex-vpc-vpc-endpoints-" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Endpoint", - "Value": "true" - }, - { - "Key": "Example", - "Value": "ex-vpc" - } - ] - } - }, - "group": { - "name": "ec2" - }, - "labels": [ - "Project:Secret", - "GithubOrg:terraform-aws-modules", - "Name:ex-vpc-vpc-endpoints-", - "GithubRepo:terraform-aws-vpc", - "Endpoint:true", - "Example:ex-vpc" - ], - "name": "sg-029c322294e89e3d0", - "type": "AwsEc2SecurityGroup", - "uid": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-029c322294e89e3d0" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", - "references": [ - "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" - ] - }, - "risk_details": "If Security groups are not properly configured the attack surface is increased.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Security group ex-vpc-rds20251019183702376100000002 (sg-0a8033bb48cc40a41) does not have Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet.", - "metadata": { - "event_code": "ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Security group ex-vpc-rds20251019183702376100000002 (sg-0a8033bb48cc40a41) does not have Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_6_6" - ], - "C5-2025": [ - "PI-01.01AC" - ], - "AWS-Foundational-Technical-Review": [ - "NETSEC-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.1", - "2.6.2", - "2.10.2" - ], - "CCC": [ - "CCC.MLDE.CN07.AR02" - ], - "ProwlerThreatScore-1.0": [ - "2.1.7" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP03" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "KISA-ISMS-P-2023": [ - "2.6.1", - "2.6.2", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1199", - "T1048", - "T1499", - "T1498", - "T1046" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports.", - "title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports.", - "types": [ - "Infrastructure Security" - ], - "uid": "prowler-aws-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601-211203495394-eu-west-1-sg-0a8033bb48cc40a41" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "ex-vpc-rds20251019183702376100000002", - "metadata": { - "name": "ex-vpc-rds20251019183702376100000002", - "region": "eu-west-1", - "arn": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-0a8033bb48cc40a41", - "id": "sg-0a8033bb48cc40a41", - "vpc_id": "vpc-007d791b9b857543e", - "associated_sgs": [], - "network_interfaces": [ - { - "id": "eni-0c1065c914ddc0b88", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0f63eab8e95aa977f", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.100", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0b0549e20044315f3", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0c5c806199955154b", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.60", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-00e49c1a350a96c62", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-05a60d3e43687578c", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.107", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - } - ], - "ingress_rules": [ - { - "IpProtocol": "tcp", - "FromPort": 5432, - "ToPort": 5432, - "UserIdGroupPairs": [], - "IpRanges": [ - { - "Description": "TLS from VPC", - "CidrIp": "10.0.0.0/16" - } - ], - "Ipv6Ranges": [], - "PrefixListIds": [] - } - ], - "egress_rules": [], - "tags": [ - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - } - ] - } - }, - "group": { - "name": "ec2" - }, - "labels": [ - "GithubOrg:terraform-aws-modules", - "Example:ex-vpc", - "GithubRepo:terraform-aws-vpc" - ], - "name": "sg-0a8033bb48cc40a41", - "type": "AwsEc2SecurityGroup", - "uid": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-0a8033bb48cc40a41" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", - "references": [ - "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" - ] - }, - "risk_details": "If Security groups are not properly configured the attack surface is increased.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Security group ex-vpc-vpc-endpoints-20251019183704849500000005 (sg-029c322294e89e3d0) does not have FTP ports 20 and 21 open to the Internet.", - "metadata": { - "event_code": "ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_ftp_20_21", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Security group ex-vpc-vpc-endpoints-20251019183704849500000005 (sg-029c322294e89e3d0) does not have FTP ports 20 and 21 open to the Internet.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "RBI-Cyber-Security-Framework": [ - "annex_i_1_3" - ], - "SOC2": [ - "cc_6_6" - ], - "C5-2025": [ - "PI-01.01AC" - ], - "AWS-Foundational-Technical-Review": [ - "NETSEC-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.1", - "2.6.2", - "2.6.6", - "2.10.2" - ], - "CCC": [ - "CCC.MLDE.CN07.AR02", - "CCC.Core.CN01.AR03" - ], - "ProwlerThreatScore-1.0": [ - "2.1.7" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP03" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "KISA-ISMS-P-2023": [ - "2.6.1", - "2.6.2", - "2.6.6", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1199", - "T1048", - "T1499", - "T1498", - "T1046" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21.", - "title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21.", - "types": [ - "Infrastructure Security" - ], - "uid": "prowler-aws-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_ftp_20_21-211203495394-eu-west-1-sg-029c322294e89e3d0" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "ex-vpc-vpc-endpoints-20251019183704849500000005", - "metadata": { - "name": "ex-vpc-vpc-endpoints-20251019183704849500000005", - "region": "eu-west-1", - "arn": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-029c322294e89e3d0", - "id": "sg-029c322294e89e3d0", - "vpc_id": "vpc-007d791b9b857543e", - "associated_sgs": [], - "network_interfaces": [ - { - "id": "eni-0d52b90c56c30aaaf", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0543d816a10754034", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.10", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0c1065c914ddc0b88", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0f63eab8e95aa977f", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.100", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0fa50413d12043097", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0c9f85f08db46cc47", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.143", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0ab252a7dc8378f9e", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-09dd4c839f588ef37", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.180", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0affc8cb976d281e4", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-02d80e2d22cb22d04", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.178", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0b0549e20044315f3", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0c5c806199955154b", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.60", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0cc527ecbe7a26eaf", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0fbed747547fe0b21", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.9", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0cd4fcd4819d5a0b7", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-01492c978b95da32f", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.10", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-00e49c1a350a96c62", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-05a60d3e43687578c", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.107", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0412563bcfde47c07", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0a5da01736971c566", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.10", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0eee78be32276dc65", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0cce8dafaabedfaa6", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.114", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0b032bdd6415e28d2", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-069213b1daba0d2fa", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.130", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - } - ], - "ingress_rules": [ - { - "IpProtocol": "tcp", - "FromPort": 443, - "ToPort": 443, - "UserIdGroupPairs": [], - "IpRanges": [ - { - "Description": "HTTPS from VPC", - "CidrIp": "10.0.0.0/16" - } - ], - "Ipv6Ranges": [], - "PrefixListIds": [] - } - ], - "egress_rules": [], - "tags": [ - { - "Key": "Project", - "Value": "Secret" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Name", - "Value": "ex-vpc-vpc-endpoints-" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Endpoint", - "Value": "true" - }, - { - "Key": "Example", - "Value": "ex-vpc" - } - ] - } - }, - "group": { - "name": "ec2" - }, - "labels": [ - "Project:Secret", - "GithubOrg:terraform-aws-modules", - "Name:ex-vpc-vpc-endpoints-", - "GithubRepo:terraform-aws-vpc", - "Endpoint:true", - "Example:ex-vpc" - ], - "name": "sg-029c322294e89e3d0", - "type": "AwsEc2SecurityGroup", - "uid": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-029c322294e89e3d0" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", - "references": [ - "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" - ] - }, - "risk_details": "If Security groups are not properly configured the attack surface is increased.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Security group ex-vpc-rds20251019183702376100000002 (sg-0a8033bb48cc40a41) does not have FTP ports 20 and 21 open to the Internet.", - "metadata": { - "event_code": "ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_ftp_20_21", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Security group ex-vpc-rds20251019183702376100000002 (sg-0a8033bb48cc40a41) does not have FTP ports 20 and 21 open to the Internet.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "RBI-Cyber-Security-Framework": [ - "annex_i_1_3" - ], - "SOC2": [ - "cc_6_6" - ], - "C5-2025": [ - "PI-01.01AC" - ], - "AWS-Foundational-Technical-Review": [ - "NETSEC-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.1", - "2.6.2", - "2.6.6", - "2.10.2" - ], - "CCC": [ - "CCC.MLDE.CN07.AR02", - "CCC.Core.CN01.AR03" - ], - "ProwlerThreatScore-1.0": [ - "2.1.7" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP03" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "KISA-ISMS-P-2023": [ - "2.6.1", - "2.6.2", - "2.6.6", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1199", - "T1048", - "T1499", - "T1498", - "T1046" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21.", - "title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21.", - "types": [ - "Infrastructure Security" - ], - "uid": "prowler-aws-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_ftp_20_21-211203495394-eu-west-1-sg-0a8033bb48cc40a41" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "ex-vpc-rds20251019183702376100000002", - "metadata": { - "name": "ex-vpc-rds20251019183702376100000002", - "region": "eu-west-1", - "arn": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-0a8033bb48cc40a41", - "id": "sg-0a8033bb48cc40a41", - "vpc_id": "vpc-007d791b9b857543e", - "associated_sgs": [], - "network_interfaces": [ - { - "id": "eni-0c1065c914ddc0b88", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0f63eab8e95aa977f", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.100", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0b0549e20044315f3", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0c5c806199955154b", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.60", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-00e49c1a350a96c62", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-05a60d3e43687578c", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.107", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - } - ], - "ingress_rules": [ - { - "IpProtocol": "tcp", - "FromPort": 5432, - "ToPort": 5432, - "UserIdGroupPairs": [], - "IpRanges": [ - { - "Description": "TLS from VPC", - "CidrIp": "10.0.0.0/16" - } - ], - "Ipv6Ranges": [], - "PrefixListIds": [] - } - ], - "egress_rules": [], - "tags": [ - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - } - ] - } - }, - "group": { - "name": "ec2" - }, - "labels": [ - "GithubOrg:terraform-aws-modules", - "Example:ex-vpc", - "GithubRepo:terraform-aws-vpc" - ], - "name": "sg-0a8033bb48cc40a41", - "type": "AwsEc2SecurityGroup", - "uid": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-0a8033bb48cc40a41" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", - "references": [ - "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" - ] - }, - "risk_details": "If Security groups are not properly configured the attack surface is increased.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Security group ex-vpc-vpc-endpoints-20251019183704849500000005 (sg-029c322294e89e3d0) does not have Kafka port 9092 open to the Internet.", - "metadata": { - "event_code": "ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Security group ex-vpc-vpc-endpoints-20251019183704849500000005 (sg-029c322294e89e3d0) does not have Kafka port 9092 open to the Internet.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_6_6" - ], - "C5-2025": [ - "PI-01.01AC" - ], - "AWS-Foundational-Technical-Review": [ - "NETSEC-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.1", - "2.6.2", - "2.10.2" - ], - "ProwlerThreatScore-1.0": [ - "2.1.7" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP03" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "KISA-ISMS-P-2023": [ - "2.6.1", - "2.6.2", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1199", - "T1048", - "T1499", - "T1498", - "T1046" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092.", - "title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092.", - "types": [ - "Infrastructure Security" - ], - "uid": "prowler-aws-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092-211203495394-eu-west-1-sg-029c322294e89e3d0" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "ex-vpc-vpc-endpoints-20251019183704849500000005", - "metadata": { - "name": "ex-vpc-vpc-endpoints-20251019183704849500000005", - "region": "eu-west-1", - "arn": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-029c322294e89e3d0", - "id": "sg-029c322294e89e3d0", - "vpc_id": "vpc-007d791b9b857543e", - "associated_sgs": [], - "network_interfaces": [ - { - "id": "eni-0d52b90c56c30aaaf", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0543d816a10754034", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.10", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0c1065c914ddc0b88", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0f63eab8e95aa977f", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.100", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0fa50413d12043097", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0c9f85f08db46cc47", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.143", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0ab252a7dc8378f9e", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-09dd4c839f588ef37", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.180", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0affc8cb976d281e4", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-02d80e2d22cb22d04", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.178", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0b0549e20044315f3", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0c5c806199955154b", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.60", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0cc527ecbe7a26eaf", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0fbed747547fe0b21", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.9", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0cd4fcd4819d5a0b7", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-01492c978b95da32f", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.10", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-00e49c1a350a96c62", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-05a60d3e43687578c", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.107", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0412563bcfde47c07", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0a5da01736971c566", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.10", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0eee78be32276dc65", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0cce8dafaabedfaa6", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.114", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0b032bdd6415e28d2", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-069213b1daba0d2fa", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.130", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - } - ], - "ingress_rules": [ - { - "IpProtocol": "tcp", - "FromPort": 443, - "ToPort": 443, - "UserIdGroupPairs": [], - "IpRanges": [ - { - "Description": "HTTPS from VPC", - "CidrIp": "10.0.0.0/16" - } - ], - "Ipv6Ranges": [], - "PrefixListIds": [] - } - ], - "egress_rules": [], - "tags": [ - { - "Key": "Project", - "Value": "Secret" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Name", - "Value": "ex-vpc-vpc-endpoints-" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Endpoint", - "Value": "true" - }, - { - "Key": "Example", - "Value": "ex-vpc" - } - ] - } - }, - "group": { - "name": "ec2" - }, - "labels": [ - "Project:Secret", - "GithubOrg:terraform-aws-modules", - "Name:ex-vpc-vpc-endpoints-", - "GithubRepo:terraform-aws-vpc", - "Endpoint:true", - "Example:ex-vpc" - ], - "name": "sg-029c322294e89e3d0", - "type": "AwsEc2SecurityGroup", - "uid": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-029c322294e89e3d0" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", - "references": [ - "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" - ] - }, - "risk_details": "If Security groups are not properly configured the attack surface is increased.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Security group ex-vpc-rds20251019183702376100000002 (sg-0a8033bb48cc40a41) does not have Kafka port 9092 open to the Internet.", - "metadata": { - "event_code": "ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Security group ex-vpc-rds20251019183702376100000002 (sg-0a8033bb48cc40a41) does not have Kafka port 9092 open to the Internet.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_6_6" - ], - "C5-2025": [ - "PI-01.01AC" - ], - "AWS-Foundational-Technical-Review": [ - "NETSEC-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.1", - "2.6.2", - "2.10.2" - ], - "ProwlerThreatScore-1.0": [ - "2.1.7" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP03" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "KISA-ISMS-P-2023": [ - "2.6.1", - "2.6.2", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1199", - "T1048", - "T1499", - "T1498", - "T1046" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092.", - "title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092.", - "types": [ - "Infrastructure Security" - ], - "uid": "prowler-aws-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092-211203495394-eu-west-1-sg-0a8033bb48cc40a41" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "ex-vpc-rds20251019183702376100000002", - "metadata": { - "name": "ex-vpc-rds20251019183702376100000002", - "region": "eu-west-1", - "arn": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-0a8033bb48cc40a41", - "id": "sg-0a8033bb48cc40a41", - "vpc_id": "vpc-007d791b9b857543e", - "associated_sgs": [], - "network_interfaces": [ - { - "id": "eni-0c1065c914ddc0b88", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0f63eab8e95aa977f", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.100", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0b0549e20044315f3", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0c5c806199955154b", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.60", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-00e49c1a350a96c62", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-05a60d3e43687578c", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.107", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - } - ], - "ingress_rules": [ - { - "IpProtocol": "tcp", - "FromPort": 5432, - "ToPort": 5432, - "UserIdGroupPairs": [], - "IpRanges": [ - { - "Description": "TLS from VPC", - "CidrIp": "10.0.0.0/16" - } - ], - "Ipv6Ranges": [], - "PrefixListIds": [] - } - ], - "egress_rules": [], - "tags": [ - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - } - ] - } - }, - "group": { - "name": "ec2" - }, - "labels": [ - "GithubOrg:terraform-aws-modules", - "Example:ex-vpc", - "GithubRepo:terraform-aws-vpc" - ], - "name": "sg-0a8033bb48cc40a41", - "type": "AwsEc2SecurityGroup", - "uid": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-0a8033bb48cc40a41" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", - "references": [ - "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" - ] - }, - "risk_details": "If Security groups are not properly configured the attack surface is increased.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Security group ex-vpc-vpc-endpoints-20251019183704849500000005 (sg-029c322294e89e3d0) does not have Memcached port 11211 open to the Internet.", - "metadata": { - "event_code": "ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Security group ex-vpc-vpc-endpoints-20251019183704849500000005 (sg-029c322294e89e3d0) does not have Memcached port 11211 open to the Internet.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_6_6" - ], - "C5-2025": [ - "PI-01.01AC" - ], - "AWS-Foundational-Technical-Review": [ - "NETSEC-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.1", - "2.6.4", - "2.10.2" - ], - "CCC": [ - "CCC.MLDE.CN07.AR02" - ], - "ProwlerThreatScore-1.0": [ - "2.1.7" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP03" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "KISA-ISMS-P-2023": [ - "2.6.1", - "2.6.4", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1199", - "T1048", - "T1499", - "T1498", - "T1046" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211.", - "title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211.", - "types": [ - "Infrastructure Security" - ], - "uid": "prowler-aws-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211-211203495394-eu-west-1-sg-029c322294e89e3d0" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "ex-vpc-vpc-endpoints-20251019183704849500000005", - "metadata": { - "name": "ex-vpc-vpc-endpoints-20251019183704849500000005", - "region": "eu-west-1", - "arn": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-029c322294e89e3d0", - "id": "sg-029c322294e89e3d0", - "vpc_id": "vpc-007d791b9b857543e", - "associated_sgs": [], - "network_interfaces": [ - { - "id": "eni-0d52b90c56c30aaaf", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0543d816a10754034", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.10", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0c1065c914ddc0b88", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0f63eab8e95aa977f", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.100", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0fa50413d12043097", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0c9f85f08db46cc47", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.143", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0ab252a7dc8378f9e", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-09dd4c839f588ef37", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.180", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0affc8cb976d281e4", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-02d80e2d22cb22d04", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.178", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0b0549e20044315f3", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0c5c806199955154b", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.60", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0cc527ecbe7a26eaf", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0fbed747547fe0b21", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.9", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0cd4fcd4819d5a0b7", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-01492c978b95da32f", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.10", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-00e49c1a350a96c62", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-05a60d3e43687578c", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.107", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0412563bcfde47c07", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0a5da01736971c566", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.10", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0eee78be32276dc65", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0cce8dafaabedfaa6", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.114", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0b032bdd6415e28d2", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-069213b1daba0d2fa", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.130", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - } - ], - "ingress_rules": [ - { - "IpProtocol": "tcp", - "FromPort": 443, - "ToPort": 443, - "UserIdGroupPairs": [], - "IpRanges": [ - { - "Description": "HTTPS from VPC", - "CidrIp": "10.0.0.0/16" - } - ], - "Ipv6Ranges": [], - "PrefixListIds": [] - } - ], - "egress_rules": [], - "tags": [ - { - "Key": "Project", - "Value": "Secret" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Name", - "Value": "ex-vpc-vpc-endpoints-" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Endpoint", - "Value": "true" - }, - { - "Key": "Example", - "Value": "ex-vpc" - } - ] - } - }, - "group": { - "name": "ec2" - }, - "labels": [ - "Project:Secret", - "GithubOrg:terraform-aws-modules", - "Name:ex-vpc-vpc-endpoints-", - "GithubRepo:terraform-aws-vpc", - "Endpoint:true", - "Example:ex-vpc" - ], - "name": "sg-029c322294e89e3d0", - "type": "AwsEc2SecurityGroup", - "uid": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-029c322294e89e3d0" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", - "references": [ - "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" - ] - }, - "risk_details": "If Security groups are not properly configured the attack surface is increased.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Security group ex-vpc-rds20251019183702376100000002 (sg-0a8033bb48cc40a41) does not have Memcached port 11211 open to the Internet.", - "metadata": { - "event_code": "ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Security group ex-vpc-rds20251019183702376100000002 (sg-0a8033bb48cc40a41) does not have Memcached port 11211 open to the Internet.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_6_6" - ], - "C5-2025": [ - "PI-01.01AC" - ], - "AWS-Foundational-Technical-Review": [ - "NETSEC-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.1", - "2.6.4", - "2.10.2" - ], - "CCC": [ - "CCC.MLDE.CN07.AR02" - ], - "ProwlerThreatScore-1.0": [ - "2.1.7" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP03" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "KISA-ISMS-P-2023": [ - "2.6.1", - "2.6.4", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1199", - "T1048", - "T1499", - "T1498", - "T1046" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211.", - "title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211.", - "types": [ - "Infrastructure Security" - ], - "uid": "prowler-aws-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211-211203495394-eu-west-1-sg-0a8033bb48cc40a41" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "ex-vpc-rds20251019183702376100000002", - "metadata": { - "name": "ex-vpc-rds20251019183702376100000002", - "region": "eu-west-1", - "arn": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-0a8033bb48cc40a41", - "id": "sg-0a8033bb48cc40a41", - "vpc_id": "vpc-007d791b9b857543e", - "associated_sgs": [], - "network_interfaces": [ - { - "id": "eni-0c1065c914ddc0b88", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0f63eab8e95aa977f", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.100", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0b0549e20044315f3", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0c5c806199955154b", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.60", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-00e49c1a350a96c62", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-05a60d3e43687578c", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.107", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - } - ], - "ingress_rules": [ - { - "IpProtocol": "tcp", - "FromPort": 5432, - "ToPort": 5432, - "UserIdGroupPairs": [], - "IpRanges": [ - { - "Description": "TLS from VPC", - "CidrIp": "10.0.0.0/16" - } - ], - "Ipv6Ranges": [], - "PrefixListIds": [] - } - ], - "egress_rules": [], - "tags": [ - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - } - ] - } - }, - "group": { - "name": "ec2" - }, - "labels": [ - "GithubOrg:terraform-aws-modules", - "Example:ex-vpc", - "GithubRepo:terraform-aws-vpc" - ], - "name": "sg-0a8033bb48cc40a41", - "type": "AwsEc2SecurityGroup", - "uid": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-0a8033bb48cc40a41" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", - "references": [ - "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" - ] - }, - "risk_details": "If Security groups are not properly configured the attack surface is increased.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Security group ex-vpc-vpc-endpoints-20251019183704849500000005 (sg-029c322294e89e3d0) does not have MongoDB ports 27017 and 27018 open to the Internet.", - "metadata": { - "event_code": "ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mongodb_27017_27018", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Security group ex-vpc-vpc-endpoints-20251019183704849500000005 (sg-029c322294e89e3d0) does not have MongoDB ports 27017 and 27018 open to the Internet.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_6_6" - ], - "C5-2025": [ - "PI-01.01AC" - ], - "AWS-Foundational-Technical-Review": [ - "NETSEC-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.1", - "2.6.4", - "2.10.2" - ], - "ProwlerThreatScore-1.0": [ - "2.1.7" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP03" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "KISA-ISMS-P-2023": [ - "2.6.1", - "2.6.4", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1199", - "T1048", - "T1499", - "T1498", - "T1046" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018.", - "title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018.", - "types": [ - "Infrastructure Security" - ], - "uid": "prowler-aws-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mongodb_27017_27018-211203495394-eu-west-1-sg-029c322294e89e3d0" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "ex-vpc-vpc-endpoints-20251019183704849500000005", - "metadata": { - "name": "ex-vpc-vpc-endpoints-20251019183704849500000005", - "region": "eu-west-1", - "arn": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-029c322294e89e3d0", - "id": "sg-029c322294e89e3d0", - "vpc_id": "vpc-007d791b9b857543e", - "associated_sgs": [], - "network_interfaces": [ - { - "id": "eni-0d52b90c56c30aaaf", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0543d816a10754034", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.10", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0c1065c914ddc0b88", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0f63eab8e95aa977f", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.100", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0fa50413d12043097", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0c9f85f08db46cc47", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.143", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0ab252a7dc8378f9e", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-09dd4c839f588ef37", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.180", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0affc8cb976d281e4", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-02d80e2d22cb22d04", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.178", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0b0549e20044315f3", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0c5c806199955154b", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.60", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0cc527ecbe7a26eaf", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0fbed747547fe0b21", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.9", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0cd4fcd4819d5a0b7", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-01492c978b95da32f", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.10", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-00e49c1a350a96c62", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-05a60d3e43687578c", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.107", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0412563bcfde47c07", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0a5da01736971c566", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.10", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0eee78be32276dc65", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0cce8dafaabedfaa6", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.114", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0b032bdd6415e28d2", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-069213b1daba0d2fa", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.130", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - } - ], - "ingress_rules": [ - { - "IpProtocol": "tcp", - "FromPort": 443, - "ToPort": 443, - "UserIdGroupPairs": [], - "IpRanges": [ - { - "Description": "HTTPS from VPC", - "CidrIp": "10.0.0.0/16" - } - ], - "Ipv6Ranges": [], - "PrefixListIds": [] - } - ], - "egress_rules": [], - "tags": [ - { - "Key": "Project", - "Value": "Secret" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Name", - "Value": "ex-vpc-vpc-endpoints-" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Endpoint", - "Value": "true" - }, - { - "Key": "Example", - "Value": "ex-vpc" - } - ] - } - }, - "group": { - "name": "ec2" - }, - "labels": [ - "Project:Secret", - "GithubOrg:terraform-aws-modules", - "Name:ex-vpc-vpc-endpoints-", - "GithubRepo:terraform-aws-vpc", - "Endpoint:true", - "Example:ex-vpc" - ], - "name": "sg-029c322294e89e3d0", - "type": "AwsEc2SecurityGroup", - "uid": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-029c322294e89e3d0" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", - "references": [ - "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" - ] - }, - "risk_details": "If Security groups are not properly configured the attack surface is increased.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Security group ex-vpc-rds20251019183702376100000002 (sg-0a8033bb48cc40a41) does not have MongoDB ports 27017 and 27018 open to the Internet.", - "metadata": { - "event_code": "ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mongodb_27017_27018", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Security group ex-vpc-rds20251019183702376100000002 (sg-0a8033bb48cc40a41) does not have MongoDB ports 27017 and 27018 open to the Internet.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_6_6" - ], - "C5-2025": [ - "PI-01.01AC" - ], - "AWS-Foundational-Technical-Review": [ - "NETSEC-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.1", - "2.6.4", - "2.10.2" - ], - "ProwlerThreatScore-1.0": [ - "2.1.7" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP03" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "KISA-ISMS-P-2023": [ - "2.6.1", - "2.6.4", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1199", - "T1048", - "T1499", - "T1498", - "T1046" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018.", - "title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018.", - "types": [ - "Infrastructure Security" - ], - "uid": "prowler-aws-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mongodb_27017_27018-211203495394-eu-west-1-sg-0a8033bb48cc40a41" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "ex-vpc-rds20251019183702376100000002", - "metadata": { - "name": "ex-vpc-rds20251019183702376100000002", - "region": "eu-west-1", - "arn": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-0a8033bb48cc40a41", - "id": "sg-0a8033bb48cc40a41", - "vpc_id": "vpc-007d791b9b857543e", - "associated_sgs": [], - "network_interfaces": [ - { - "id": "eni-0c1065c914ddc0b88", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0f63eab8e95aa977f", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.100", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0b0549e20044315f3", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0c5c806199955154b", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.60", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-00e49c1a350a96c62", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-05a60d3e43687578c", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.107", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - } - ], - "ingress_rules": [ - { - "IpProtocol": "tcp", - "FromPort": 5432, - "ToPort": 5432, - "UserIdGroupPairs": [], - "IpRanges": [ - { - "Description": "TLS from VPC", - "CidrIp": "10.0.0.0/16" - } - ], - "Ipv6Ranges": [], - "PrefixListIds": [] - } - ], - "egress_rules": [], - "tags": [ - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - } - ] - } - }, - "group": { - "name": "ec2" - }, - "labels": [ - "GithubOrg:terraform-aws-modules", - "Example:ex-vpc", - "GithubRepo:terraform-aws-vpc" - ], - "name": "sg-0a8033bb48cc40a41", - "type": "AwsEc2SecurityGroup", - "uid": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-0a8033bb48cc40a41" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", - "references": [ - "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" - ] - }, - "risk_details": "If Security groups are not properly configured the attack surface is increased.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Security group ex-vpc-vpc-endpoints-20251019183704849500000005 (sg-029c322294e89e3d0) does not have MySQL port 3306 open to the Internet.", - "metadata": { - "event_code": "ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Security group ex-vpc-vpc-endpoints-20251019183704849500000005 (sg-029c322294e89e3d0) does not have MySQL port 3306 open to the Internet.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "RBI-Cyber-Security-Framework": [ - "annex_i_1_3" - ], - "SOC2": [ - "cc_6_6" - ], - "C5-2025": [ - "PI-01.01AC" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.1", - "2.6.4", - "2.10.2" - ], - "CCC": [ - "CCC.MLDE.CN07.AR02" - ], - "ProwlerThreatScore-1.0": [ - "2.1.7" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP03" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "KISA-ISMS-P-2023": [ - "2.6.1", - "2.6.4", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1199", - "T1048", - "T1499", - "T1498", - "T1046" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306.", - "title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306.", - "types": [ - "Infrastructure Security" - ], - "uid": "prowler-aws-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306-211203495394-eu-west-1-sg-029c322294e89e3d0" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "ex-vpc-vpc-endpoints-20251019183704849500000005", - "metadata": { - "name": "ex-vpc-vpc-endpoints-20251019183704849500000005", - "region": "eu-west-1", - "arn": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-029c322294e89e3d0", - "id": "sg-029c322294e89e3d0", - "vpc_id": "vpc-007d791b9b857543e", - "associated_sgs": [], - "network_interfaces": [ - { - "id": "eni-0d52b90c56c30aaaf", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0543d816a10754034", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.10", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0c1065c914ddc0b88", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0f63eab8e95aa977f", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.100", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0fa50413d12043097", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0c9f85f08db46cc47", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.143", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0ab252a7dc8378f9e", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-09dd4c839f588ef37", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.180", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0affc8cb976d281e4", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-02d80e2d22cb22d04", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.178", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0b0549e20044315f3", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0c5c806199955154b", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.60", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0cc527ecbe7a26eaf", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0fbed747547fe0b21", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.9", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0cd4fcd4819d5a0b7", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-01492c978b95da32f", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.10", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-00e49c1a350a96c62", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-05a60d3e43687578c", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.107", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0412563bcfde47c07", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0a5da01736971c566", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.10", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0eee78be32276dc65", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0cce8dafaabedfaa6", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.114", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0b032bdd6415e28d2", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-069213b1daba0d2fa", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.130", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - } - ], - "ingress_rules": [ - { - "IpProtocol": "tcp", - "FromPort": 443, - "ToPort": 443, - "UserIdGroupPairs": [], - "IpRanges": [ - { - "Description": "HTTPS from VPC", - "CidrIp": "10.0.0.0/16" - } - ], - "Ipv6Ranges": [], - "PrefixListIds": [] - } - ], - "egress_rules": [], - "tags": [ - { - "Key": "Project", - "Value": "Secret" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Name", - "Value": "ex-vpc-vpc-endpoints-" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Endpoint", - "Value": "true" - }, - { - "Key": "Example", - "Value": "ex-vpc" - } - ] - } - }, - "group": { - "name": "ec2" - }, - "labels": [ - "Project:Secret", - "GithubOrg:terraform-aws-modules", - "Name:ex-vpc-vpc-endpoints-", - "GithubRepo:terraform-aws-vpc", - "Endpoint:true", - "Example:ex-vpc" - ], - "name": "sg-029c322294e89e3d0", - "type": "AwsEc2SecurityGroup", - "uid": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-029c322294e89e3d0" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", - "references": [ - "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" - ] - }, - "risk_details": "If Security groups are not properly configured the attack surface is increased.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Security group ex-vpc-rds20251019183702376100000002 (sg-0a8033bb48cc40a41) does not have MySQL port 3306 open to the Internet.", - "metadata": { - "event_code": "ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Security group ex-vpc-rds20251019183702376100000002 (sg-0a8033bb48cc40a41) does not have MySQL port 3306 open to the Internet.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "RBI-Cyber-Security-Framework": [ - "annex_i_1_3" - ], - "SOC2": [ - "cc_6_6" - ], - "C5-2025": [ - "PI-01.01AC" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.1", - "2.6.4", - "2.10.2" - ], - "CCC": [ - "CCC.MLDE.CN07.AR02" - ], - "ProwlerThreatScore-1.0": [ - "2.1.7" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP03" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "KISA-ISMS-P-2023": [ - "2.6.1", - "2.6.4", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1199", - "T1048", - "T1499", - "T1498", - "T1046" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306.", - "title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306.", - "types": [ - "Infrastructure Security" - ], - "uid": "prowler-aws-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306-211203495394-eu-west-1-sg-0a8033bb48cc40a41" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "ex-vpc-rds20251019183702376100000002", - "metadata": { - "name": "ex-vpc-rds20251019183702376100000002", - "region": "eu-west-1", - "arn": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-0a8033bb48cc40a41", - "id": "sg-0a8033bb48cc40a41", - "vpc_id": "vpc-007d791b9b857543e", - "associated_sgs": [], - "network_interfaces": [ - { - "id": "eni-0c1065c914ddc0b88", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0f63eab8e95aa977f", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.100", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0b0549e20044315f3", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0c5c806199955154b", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.60", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-00e49c1a350a96c62", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-05a60d3e43687578c", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.107", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - } - ], - "ingress_rules": [ - { - "IpProtocol": "tcp", - "FromPort": 5432, - "ToPort": 5432, - "UserIdGroupPairs": [], - "IpRanges": [ - { - "Description": "TLS from VPC", - "CidrIp": "10.0.0.0/16" - } - ], - "Ipv6Ranges": [], - "PrefixListIds": [] - } - ], - "egress_rules": [], - "tags": [ - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - } - ] - } - }, - "group": { - "name": "ec2" - }, - "labels": [ - "GithubOrg:terraform-aws-modules", - "Example:ex-vpc", - "GithubRepo:terraform-aws-vpc" - ], - "name": "sg-0a8033bb48cc40a41", - "type": "AwsEc2SecurityGroup", - "uid": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-0a8033bb48cc40a41" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", - "references": [ - "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" - ] - }, - "risk_details": "If Security groups are not properly configured the attack surface is increased.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Security group ex-vpc-vpc-endpoints-20251019183704849500000005 (sg-029c322294e89e3d0) does not have Oracle ports 1521 and 2483 open to the Internet.", - "metadata": { - "event_code": "ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Security group ex-vpc-vpc-endpoints-20251019183704849500000005 (sg-029c322294e89e3d0) does not have Oracle ports 1521 and 2483 open to the Internet.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_6_6" - ], - "C5-2025": [ - "PI-01.01AC" - ], - "AWS-Foundational-Technical-Review": [ - "NETSEC-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.1", - "2.6.4", - "2.10.2" - ], - "CCC": [ - "CCC.MLDE.CN07.AR02" - ], - "ProwlerThreatScore-1.0": [ - "2.1.7" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP03" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "KISA-ISMS-P-2023": [ - "2.6.1", - "2.6.4", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1199", - "T1048", - "T1499", - "T1498", - "T1046" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483.", - "title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483.", - "types": [ - "Infrastructure Security" - ], - "uid": "prowler-aws-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483-211203495394-eu-west-1-sg-029c322294e89e3d0" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "ex-vpc-vpc-endpoints-20251019183704849500000005", - "metadata": { - "name": "ex-vpc-vpc-endpoints-20251019183704849500000005", - "region": "eu-west-1", - "arn": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-029c322294e89e3d0", - "id": "sg-029c322294e89e3d0", - "vpc_id": "vpc-007d791b9b857543e", - "associated_sgs": [], - "network_interfaces": [ - { - "id": "eni-0d52b90c56c30aaaf", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0543d816a10754034", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.10", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0c1065c914ddc0b88", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0f63eab8e95aa977f", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.100", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0fa50413d12043097", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0c9f85f08db46cc47", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.143", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0ab252a7dc8378f9e", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-09dd4c839f588ef37", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.180", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0affc8cb976d281e4", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-02d80e2d22cb22d04", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.178", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0b0549e20044315f3", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0c5c806199955154b", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.60", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0cc527ecbe7a26eaf", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0fbed747547fe0b21", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.9", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0cd4fcd4819d5a0b7", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-01492c978b95da32f", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.10", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-00e49c1a350a96c62", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-05a60d3e43687578c", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.107", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0412563bcfde47c07", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0a5da01736971c566", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.10", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0eee78be32276dc65", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0cce8dafaabedfaa6", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.114", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0b032bdd6415e28d2", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-069213b1daba0d2fa", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.130", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - } - ], - "ingress_rules": [ - { - "IpProtocol": "tcp", - "FromPort": 443, - "ToPort": 443, - "UserIdGroupPairs": [], - "IpRanges": [ - { - "Description": "HTTPS from VPC", - "CidrIp": "10.0.0.0/16" - } - ], - "Ipv6Ranges": [], - "PrefixListIds": [] - } - ], - "egress_rules": [], - "tags": [ - { - "Key": "Project", - "Value": "Secret" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Name", - "Value": "ex-vpc-vpc-endpoints-" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Endpoint", - "Value": "true" - }, - { - "Key": "Example", - "Value": "ex-vpc" - } - ] - } - }, - "group": { - "name": "ec2" - }, - "labels": [ - "Project:Secret", - "GithubOrg:terraform-aws-modules", - "Name:ex-vpc-vpc-endpoints-", - "GithubRepo:terraform-aws-vpc", - "Endpoint:true", - "Example:ex-vpc" - ], - "name": "sg-029c322294e89e3d0", - "type": "AwsEc2SecurityGroup", - "uid": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-029c322294e89e3d0" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", - "references": [ - "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" - ] - }, - "risk_details": "If Security groups are not properly configured the attack surface is increased.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Security group ex-vpc-rds20251019183702376100000002 (sg-0a8033bb48cc40a41) does not have Oracle ports 1521 and 2483 open to the Internet.", - "metadata": { - "event_code": "ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Security group ex-vpc-rds20251019183702376100000002 (sg-0a8033bb48cc40a41) does not have Oracle ports 1521 and 2483 open to the Internet.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_6_6" - ], - "C5-2025": [ - "PI-01.01AC" - ], - "AWS-Foundational-Technical-Review": [ - "NETSEC-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.1", - "2.6.4", - "2.10.2" - ], - "CCC": [ - "CCC.MLDE.CN07.AR02" - ], - "ProwlerThreatScore-1.0": [ - "2.1.7" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP03" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "KISA-ISMS-P-2023": [ - "2.6.1", - "2.6.4", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1199", - "T1048", - "T1499", - "T1498", - "T1046" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483.", - "title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483.", - "types": [ - "Infrastructure Security" - ], - "uid": "prowler-aws-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483-211203495394-eu-west-1-sg-0a8033bb48cc40a41" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "ex-vpc-rds20251019183702376100000002", - "metadata": { - "name": "ex-vpc-rds20251019183702376100000002", - "region": "eu-west-1", - "arn": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-0a8033bb48cc40a41", - "id": "sg-0a8033bb48cc40a41", - "vpc_id": "vpc-007d791b9b857543e", - "associated_sgs": [], - "network_interfaces": [ - { - "id": "eni-0c1065c914ddc0b88", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0f63eab8e95aa977f", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.100", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0b0549e20044315f3", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0c5c806199955154b", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.60", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-00e49c1a350a96c62", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-05a60d3e43687578c", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.107", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - } - ], - "ingress_rules": [ - { - "IpProtocol": "tcp", - "FromPort": 5432, - "ToPort": 5432, - "UserIdGroupPairs": [], - "IpRanges": [ - { - "Description": "TLS from VPC", - "CidrIp": "10.0.0.0/16" - } - ], - "Ipv6Ranges": [], - "PrefixListIds": [] - } - ], - "egress_rules": [], - "tags": [ - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - } - ] - } - }, - "group": { - "name": "ec2" - }, - "labels": [ - "GithubOrg:terraform-aws-modules", - "Example:ex-vpc", - "GithubRepo:terraform-aws-vpc" - ], - "name": "sg-0a8033bb48cc40a41", - "type": "AwsEc2SecurityGroup", - "uid": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-0a8033bb48cc40a41" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", - "references": [ - "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" - ] - }, - "risk_details": "If Security groups are not properly configured the attack surface is increased.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Security group ex-vpc-vpc-endpoints-20251019183704849500000005 (sg-029c322294e89e3d0) does not have Postgres port 5432 open to the Internet.", - "metadata": { - "event_code": "ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Security group ex-vpc-vpc-endpoints-20251019183704849500000005 (sg-029c322294e89e3d0) does not have Postgres port 5432 open to the Internet.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_6_6" - ], - "C5-2025": [ - "PI-01.01AC" - ], - "AWS-Foundational-Technical-Review": [ - "NETSEC-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.1", - "2.6.4", - "2.10.2" - ], - "CCC": [ - "CCC.MLDE.CN07.AR02" - ], - "ProwlerThreatScore-1.0": [ - "2.1.7" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP03" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "KISA-ISMS-P-2023": [ - "2.6.1", - "2.6.4", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1199", - "T1048", - "T1499", - "T1498", - "T1046" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432.", - "title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432.", - "types": [ - "Infrastructure Security" - ], - "uid": "prowler-aws-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432-211203495394-eu-west-1-sg-029c322294e89e3d0" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "ex-vpc-vpc-endpoints-20251019183704849500000005", - "metadata": { - "name": "ex-vpc-vpc-endpoints-20251019183704849500000005", - "region": "eu-west-1", - "arn": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-029c322294e89e3d0", - "id": "sg-029c322294e89e3d0", - "vpc_id": "vpc-007d791b9b857543e", - "associated_sgs": [], - "network_interfaces": [ - { - "id": "eni-0d52b90c56c30aaaf", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0543d816a10754034", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.10", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0c1065c914ddc0b88", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0f63eab8e95aa977f", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.100", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0fa50413d12043097", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0c9f85f08db46cc47", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.143", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0ab252a7dc8378f9e", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-09dd4c839f588ef37", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.180", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0affc8cb976d281e4", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-02d80e2d22cb22d04", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.178", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0b0549e20044315f3", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0c5c806199955154b", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.60", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0cc527ecbe7a26eaf", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0fbed747547fe0b21", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.9", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0cd4fcd4819d5a0b7", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-01492c978b95da32f", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.10", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-00e49c1a350a96c62", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-05a60d3e43687578c", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.107", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0412563bcfde47c07", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0a5da01736971c566", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.10", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0eee78be32276dc65", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0cce8dafaabedfaa6", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.114", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0b032bdd6415e28d2", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-069213b1daba0d2fa", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.130", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - } - ], - "ingress_rules": [ - { - "IpProtocol": "tcp", - "FromPort": 443, - "ToPort": 443, - "UserIdGroupPairs": [], - "IpRanges": [ - { - "Description": "HTTPS from VPC", - "CidrIp": "10.0.0.0/16" - } - ], - "Ipv6Ranges": [], - "PrefixListIds": [] - } - ], - "egress_rules": [], - "tags": [ - { - "Key": "Project", - "Value": "Secret" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Name", - "Value": "ex-vpc-vpc-endpoints-" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Endpoint", - "Value": "true" - }, - { - "Key": "Example", - "Value": "ex-vpc" - } - ] - } - }, - "group": { - "name": "ec2" - }, - "labels": [ - "Project:Secret", - "GithubOrg:terraform-aws-modules", - "Name:ex-vpc-vpc-endpoints-", - "GithubRepo:terraform-aws-vpc", - "Endpoint:true", - "Example:ex-vpc" - ], - "name": "sg-029c322294e89e3d0", - "type": "AwsEc2SecurityGroup", - "uid": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-029c322294e89e3d0" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", - "references": [ - "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" - ] - }, - "risk_details": "If Security groups are not properly configured the attack surface is increased.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Security group ex-vpc-rds20251019183702376100000002 (sg-0a8033bb48cc40a41) does not have Postgres port 5432 open to the Internet.", - "metadata": { - "event_code": "ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Security group ex-vpc-rds20251019183702376100000002 (sg-0a8033bb48cc40a41) does not have Postgres port 5432 open to the Internet.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_6_6" - ], - "C5-2025": [ - "PI-01.01AC" - ], - "AWS-Foundational-Technical-Review": [ - "NETSEC-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.1", - "2.6.4", - "2.10.2" - ], - "CCC": [ - "CCC.MLDE.CN07.AR02" - ], - "ProwlerThreatScore-1.0": [ - "2.1.7" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP03" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "KISA-ISMS-P-2023": [ - "2.6.1", - "2.6.4", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1199", - "T1048", - "T1499", - "T1498", - "T1046" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432.", - "title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432.", - "types": [ - "Infrastructure Security" - ], - "uid": "prowler-aws-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432-211203495394-eu-west-1-sg-0a8033bb48cc40a41" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "ex-vpc-rds20251019183702376100000002", - "metadata": { - "name": "ex-vpc-rds20251019183702376100000002", - "region": "eu-west-1", - "arn": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-0a8033bb48cc40a41", - "id": "sg-0a8033bb48cc40a41", - "vpc_id": "vpc-007d791b9b857543e", - "associated_sgs": [], - "network_interfaces": [ - { - "id": "eni-0c1065c914ddc0b88", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0f63eab8e95aa977f", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.100", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0b0549e20044315f3", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0c5c806199955154b", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.60", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-00e49c1a350a96c62", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-05a60d3e43687578c", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.107", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - } - ], - "ingress_rules": [ - { - "IpProtocol": "tcp", - "FromPort": 5432, - "ToPort": 5432, - "UserIdGroupPairs": [], - "IpRanges": [ - { - "Description": "TLS from VPC", - "CidrIp": "10.0.0.0/16" - } - ], - "Ipv6Ranges": [], - "PrefixListIds": [] - } - ], - "egress_rules": [], - "tags": [ - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - } - ] - } - }, - "group": { - "name": "ec2" - }, - "labels": [ - "GithubOrg:terraform-aws-modules", - "Example:ex-vpc", - "GithubRepo:terraform-aws-vpc" - ], - "name": "sg-0a8033bb48cc40a41", - "type": "AwsEc2SecurityGroup", - "uid": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-0a8033bb48cc40a41" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", - "references": [ - "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" - ] - }, - "risk_details": "If Security groups are not properly configured the attack surface is increased.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Security group ex-vpc-vpc-endpoints-20251019183704849500000005 (sg-029c322294e89e3d0) does not have Redis port 6379 open to the Internet.", - "metadata": { - "event_code": "ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Security group ex-vpc-vpc-endpoints-20251019183704849500000005 (sg-029c322294e89e3d0) does not have Redis port 6379 open to the Internet.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_6_6" - ], - "C5-2025": [ - "PI-01.01AC" - ], - "AWS-Foundational-Technical-Review": [ - "NETSEC-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.1", - "2.6.4", - "2.10.2" - ], - "CCC": [ - "CCC.MLDE.CN07.AR02" - ], - "ProwlerThreatScore-1.0": [ - "2.1.7" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP03" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "KISA-ISMS-P-2023": [ - "2.6.1", - "2.6.4", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1199", - "T1048", - "T1499", - "T1498", - "T1046" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379.", - "title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379.", - "types": [ - "Infrastructure Security" - ], - "uid": "prowler-aws-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379-211203495394-eu-west-1-sg-029c322294e89e3d0" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "ex-vpc-vpc-endpoints-20251019183704849500000005", - "metadata": { - "name": "ex-vpc-vpc-endpoints-20251019183704849500000005", - "region": "eu-west-1", - "arn": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-029c322294e89e3d0", - "id": "sg-029c322294e89e3d0", - "vpc_id": "vpc-007d791b9b857543e", - "associated_sgs": [], - "network_interfaces": [ - { - "id": "eni-0d52b90c56c30aaaf", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0543d816a10754034", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.10", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0c1065c914ddc0b88", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0f63eab8e95aa977f", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.100", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0fa50413d12043097", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0c9f85f08db46cc47", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.143", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0ab252a7dc8378f9e", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-09dd4c839f588ef37", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.180", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0affc8cb976d281e4", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-02d80e2d22cb22d04", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.178", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0b0549e20044315f3", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0c5c806199955154b", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.60", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0cc527ecbe7a26eaf", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0fbed747547fe0b21", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.9", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0cd4fcd4819d5a0b7", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-01492c978b95da32f", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.10", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-00e49c1a350a96c62", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-05a60d3e43687578c", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.107", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0412563bcfde47c07", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0a5da01736971c566", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.10", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0eee78be32276dc65", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0cce8dafaabedfaa6", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.114", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0b032bdd6415e28d2", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-069213b1daba0d2fa", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.130", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - } - ], - "ingress_rules": [ - { - "IpProtocol": "tcp", - "FromPort": 443, - "ToPort": 443, - "UserIdGroupPairs": [], - "IpRanges": [ - { - "Description": "HTTPS from VPC", - "CidrIp": "10.0.0.0/16" - } - ], - "Ipv6Ranges": [], - "PrefixListIds": [] - } - ], - "egress_rules": [], - "tags": [ - { - "Key": "Project", - "Value": "Secret" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Name", - "Value": "ex-vpc-vpc-endpoints-" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Endpoint", - "Value": "true" - }, - { - "Key": "Example", - "Value": "ex-vpc" - } - ] - } - }, - "group": { - "name": "ec2" - }, - "labels": [ - "Project:Secret", - "GithubOrg:terraform-aws-modules", - "Name:ex-vpc-vpc-endpoints-", - "GithubRepo:terraform-aws-vpc", - "Endpoint:true", - "Example:ex-vpc" - ], - "name": "sg-029c322294e89e3d0", - "type": "AwsEc2SecurityGroup", - "uid": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-029c322294e89e3d0" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", - "references": [ - "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" - ] - }, - "risk_details": "If Security groups are not properly configured the attack surface is increased.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Security group ex-vpc-rds20251019183702376100000002 (sg-0a8033bb48cc40a41) does not have Redis port 6379 open to the Internet.", - "metadata": { - "event_code": "ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Security group ex-vpc-rds20251019183702376100000002 (sg-0a8033bb48cc40a41) does not have Redis port 6379 open to the Internet.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_6_6" - ], - "C5-2025": [ - "PI-01.01AC" - ], - "AWS-Foundational-Technical-Review": [ - "NETSEC-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.1", - "2.6.4", - "2.10.2" - ], - "CCC": [ - "CCC.MLDE.CN07.AR02" - ], - "ProwlerThreatScore-1.0": [ - "2.1.7" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP03" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "KISA-ISMS-P-2023": [ - "2.6.1", - "2.6.4", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1199", - "T1048", - "T1499", - "T1498", - "T1046" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379.", - "title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379.", - "types": [ - "Infrastructure Security" - ], - "uid": "prowler-aws-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379-211203495394-eu-west-1-sg-0a8033bb48cc40a41" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "ex-vpc-rds20251019183702376100000002", - "metadata": { - "name": "ex-vpc-rds20251019183702376100000002", - "region": "eu-west-1", - "arn": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-0a8033bb48cc40a41", - "id": "sg-0a8033bb48cc40a41", - "vpc_id": "vpc-007d791b9b857543e", - "associated_sgs": [], - "network_interfaces": [ - { - "id": "eni-0c1065c914ddc0b88", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0f63eab8e95aa977f", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.100", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0b0549e20044315f3", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0c5c806199955154b", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.60", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-00e49c1a350a96c62", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-05a60d3e43687578c", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.107", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - } - ], - "ingress_rules": [ - { - "IpProtocol": "tcp", - "FromPort": 5432, - "ToPort": 5432, - "UserIdGroupPairs": [], - "IpRanges": [ - { - "Description": "TLS from VPC", - "CidrIp": "10.0.0.0/16" - } - ], - "Ipv6Ranges": [], - "PrefixListIds": [] - } - ], - "egress_rules": [], - "tags": [ - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - } - ] - } - }, - "group": { - "name": "ec2" - }, - "labels": [ - "GithubOrg:terraform-aws-modules", - "Example:ex-vpc", - "GithubRepo:terraform-aws-vpc" - ], - "name": "sg-0a8033bb48cc40a41", - "type": "AwsEc2SecurityGroup", - "uid": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-0a8033bb48cc40a41" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", - "references": [ - "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" - ] - }, - "risk_details": "If Security groups are not properly configured the attack surface is increased.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Security group ex-vpc-vpc-endpoints-20251019183704849500000005 (sg-029c322294e89e3d0) does not have Microsoft SQL Server ports 1433 and 1434 open to the Internet.", - "metadata": { - "event_code": "ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Security group ex-vpc-vpc-endpoints-20251019183704849500000005 (sg-029c322294e89e3d0) does not have Microsoft SQL Server ports 1433 and 1434 open to the Internet.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_6_6" - ], - "C5-2025": [ - "PI-01.01AC" - ], - "AWS-Foundational-Technical-Review": [ - "NETSEC-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.1", - "2.6.4", - "2.10.2" - ], - "ProwlerThreatScore-1.0": [ - "2.1.7" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP03" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "KISA-ISMS-P-2023": [ - "2.6.1", - "2.6.4", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1199", - "T1048", - "T1499", - "T1498", - "T1046" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434.", - "title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434.", - "types": [ - "Infrastructure Security" - ], - "uid": "prowler-aws-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434-211203495394-eu-west-1-sg-029c322294e89e3d0" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "ex-vpc-vpc-endpoints-20251019183704849500000005", - "metadata": { - "name": "ex-vpc-vpc-endpoints-20251019183704849500000005", - "region": "eu-west-1", - "arn": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-029c322294e89e3d0", - "id": "sg-029c322294e89e3d0", - "vpc_id": "vpc-007d791b9b857543e", - "associated_sgs": [], - "network_interfaces": [ - { - "id": "eni-0d52b90c56c30aaaf", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0543d816a10754034", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.10", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0c1065c914ddc0b88", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0f63eab8e95aa977f", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.100", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0fa50413d12043097", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0c9f85f08db46cc47", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.143", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0ab252a7dc8378f9e", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-09dd4c839f588ef37", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.180", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0affc8cb976d281e4", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-02d80e2d22cb22d04", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.178", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0b0549e20044315f3", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0c5c806199955154b", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.60", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0cc527ecbe7a26eaf", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0fbed747547fe0b21", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.9", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0cd4fcd4819d5a0b7", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-01492c978b95da32f", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.10", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-00e49c1a350a96c62", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-05a60d3e43687578c", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.107", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0412563bcfde47c07", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0a5da01736971c566", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.10", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0eee78be32276dc65", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0cce8dafaabedfaa6", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.114", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0b032bdd6415e28d2", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-069213b1daba0d2fa", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.130", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - } - ], - "ingress_rules": [ - { - "IpProtocol": "tcp", - "FromPort": 443, - "ToPort": 443, - "UserIdGroupPairs": [], - "IpRanges": [ - { - "Description": "HTTPS from VPC", - "CidrIp": "10.0.0.0/16" - } - ], - "Ipv6Ranges": [], - "PrefixListIds": [] - } - ], - "egress_rules": [], - "tags": [ - { - "Key": "Project", - "Value": "Secret" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Name", - "Value": "ex-vpc-vpc-endpoints-" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Endpoint", - "Value": "true" - }, - { - "Key": "Example", - "Value": "ex-vpc" - } - ] - } - }, - "group": { - "name": "ec2" - }, - "labels": [ - "Project:Secret", - "GithubOrg:terraform-aws-modules", - "Name:ex-vpc-vpc-endpoints-", - "GithubRepo:terraform-aws-vpc", - "Endpoint:true", - "Example:ex-vpc" - ], - "name": "sg-029c322294e89e3d0", - "type": "AwsEc2SecurityGroup", - "uid": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-029c322294e89e3d0" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", - "references": [ - "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" - ] - }, - "risk_details": "If Security groups are not properly configured the attack surface is increased.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Security group ex-vpc-rds20251019183702376100000002 (sg-0a8033bb48cc40a41) does not have Microsoft SQL Server ports 1433 and 1434 open to the Internet.", - "metadata": { - "event_code": "ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Security group ex-vpc-rds20251019183702376100000002 (sg-0a8033bb48cc40a41) does not have Microsoft SQL Server ports 1433 and 1434 open to the Internet.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_6_6" - ], - "C5-2025": [ - "PI-01.01AC" - ], - "AWS-Foundational-Technical-Review": [ - "NETSEC-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.1", - "2.6.4", - "2.10.2" - ], - "ProwlerThreatScore-1.0": [ - "2.1.7" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP03" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "KISA-ISMS-P-2023": [ - "2.6.1", - "2.6.4", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1199", - "T1048", - "T1499", - "T1498", - "T1046" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434.", - "title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434.", - "types": [ - "Infrastructure Security" - ], - "uid": "prowler-aws-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434-211203495394-eu-west-1-sg-0a8033bb48cc40a41" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "ex-vpc-rds20251019183702376100000002", - "metadata": { - "name": "ex-vpc-rds20251019183702376100000002", - "region": "eu-west-1", - "arn": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-0a8033bb48cc40a41", - "id": "sg-0a8033bb48cc40a41", - "vpc_id": "vpc-007d791b9b857543e", - "associated_sgs": [], - "network_interfaces": [ - { - "id": "eni-0c1065c914ddc0b88", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0f63eab8e95aa977f", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.100", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0b0549e20044315f3", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0c5c806199955154b", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.60", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-00e49c1a350a96c62", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-05a60d3e43687578c", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.107", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - } - ], - "ingress_rules": [ - { - "IpProtocol": "tcp", - "FromPort": 5432, - "ToPort": 5432, - "UserIdGroupPairs": [], - "IpRanges": [ - { - "Description": "TLS from VPC", - "CidrIp": "10.0.0.0/16" - } - ], - "Ipv6Ranges": [], - "PrefixListIds": [] - } - ], - "egress_rules": [], - "tags": [ - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - } - ] - } - }, - "group": { - "name": "ec2" - }, - "labels": [ - "GithubOrg:terraform-aws-modules", - "Example:ex-vpc", - "GithubRepo:terraform-aws-vpc" - ], - "name": "sg-0a8033bb48cc40a41", - "type": "AwsEc2SecurityGroup", - "uid": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-0a8033bb48cc40a41" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", - "references": [ - "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" - ] - }, - "risk_details": "If Security groups are not properly configured the attack surface is increased.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Security group ex-vpc-vpc-endpoints-20251019183704849500000005 (sg-029c322294e89e3d0) does not have Telnet port 23 open to the Internet.", - "metadata": { - "event_code": "ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Security group ex-vpc-vpc-endpoints-20251019183704849500000005 (sg-029c322294e89e3d0) does not have Telnet port 23 open to the Internet.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_6_6" - ], - "C5-2025": [ - "PI-01.01AC" - ], - "AWS-Foundational-Technical-Review": [ - "NETSEC-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.1", - "2.6.2", - "2.6.6", - "2.10.2" - ], - "CCC": [ - "CCC.Core.CN01.AR03" - ], - "ProwlerThreatScore-1.0": [ - "2.1.7" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP03" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "KISA-ISMS-P-2023": [ - "2.6.1", - "2.6.2", - "2.6.6", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1199", - "T1048", - "T1499", - "T1498", - "T1046" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23.", - "title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23.", - "types": [ - "Infrastructure Security" - ], - "uid": "prowler-aws-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23-211203495394-eu-west-1-sg-029c322294e89e3d0" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "ex-vpc-vpc-endpoints-20251019183704849500000005", - "metadata": { - "name": "ex-vpc-vpc-endpoints-20251019183704849500000005", - "region": "eu-west-1", - "arn": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-029c322294e89e3d0", - "id": "sg-029c322294e89e3d0", - "vpc_id": "vpc-007d791b9b857543e", - "associated_sgs": [], - "network_interfaces": [ - { - "id": "eni-0d52b90c56c30aaaf", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0543d816a10754034", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.10", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0c1065c914ddc0b88", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0f63eab8e95aa977f", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.100", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0fa50413d12043097", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0c9f85f08db46cc47", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.143", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0ab252a7dc8378f9e", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-09dd4c839f588ef37", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.180", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0affc8cb976d281e4", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-02d80e2d22cb22d04", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.178", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0b0549e20044315f3", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0c5c806199955154b", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.60", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0cc527ecbe7a26eaf", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0fbed747547fe0b21", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.9", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0cd4fcd4819d5a0b7", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-01492c978b95da32f", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.10", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-00e49c1a350a96c62", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-05a60d3e43687578c", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.107", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0412563bcfde47c07", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0a5da01736971c566", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.10", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0eee78be32276dc65", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0cce8dafaabedfaa6", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.114", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0b032bdd6415e28d2", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-069213b1daba0d2fa", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.130", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - } - ], - "ingress_rules": [ - { - "IpProtocol": "tcp", - "FromPort": 443, - "ToPort": 443, - "UserIdGroupPairs": [], - "IpRanges": [ - { - "Description": "HTTPS from VPC", - "CidrIp": "10.0.0.0/16" - } - ], - "Ipv6Ranges": [], - "PrefixListIds": [] - } - ], - "egress_rules": [], - "tags": [ - { - "Key": "Project", - "Value": "Secret" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Name", - "Value": "ex-vpc-vpc-endpoints-" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Endpoint", - "Value": "true" - }, - { - "Key": "Example", - "Value": "ex-vpc" - } - ] - } - }, - "group": { - "name": "ec2" - }, - "labels": [ - "Project:Secret", - "GithubOrg:terraform-aws-modules", - "Name:ex-vpc-vpc-endpoints-", - "GithubRepo:terraform-aws-vpc", - "Endpoint:true", - "Example:ex-vpc" - ], - "name": "sg-029c322294e89e3d0", - "type": "AwsEc2SecurityGroup", - "uid": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-029c322294e89e3d0" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", - "references": [ - "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" - ] - }, - "risk_details": "If Security groups are not properly configured the attack surface is increased.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Security group ex-vpc-rds20251019183702376100000002 (sg-0a8033bb48cc40a41) does not have Telnet port 23 open to the Internet.", - "metadata": { - "event_code": "ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Security group ex-vpc-rds20251019183702376100000002 (sg-0a8033bb48cc40a41) does not have Telnet port 23 open to the Internet.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_6_6" - ], - "C5-2025": [ - "PI-01.01AC" - ], - "AWS-Foundational-Technical-Review": [ - "NETSEC-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.1", - "2.6.2", - "2.6.6", - "2.10.2" - ], - "CCC": [ - "CCC.Core.CN01.AR03" - ], - "ProwlerThreatScore-1.0": [ - "2.1.7" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP03" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "KISA-ISMS-P-2023": [ - "2.6.1", - "2.6.2", - "2.6.6", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1199", - "T1048", - "T1499", - "T1498", - "T1046" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23.", - "title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23.", - "types": [ - "Infrastructure Security" - ], - "uid": "prowler-aws-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23-211203495394-eu-west-1-sg-0a8033bb48cc40a41" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "ex-vpc-rds20251019183702376100000002", - "metadata": { - "name": "ex-vpc-rds20251019183702376100000002", - "region": "eu-west-1", - "arn": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-0a8033bb48cc40a41", - "id": "sg-0a8033bb48cc40a41", - "vpc_id": "vpc-007d791b9b857543e", - "associated_sgs": [], - "network_interfaces": [ - { - "id": "eni-0c1065c914ddc0b88", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0f63eab8e95aa977f", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.100", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0b0549e20044315f3", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0c5c806199955154b", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.60", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-00e49c1a350a96c62", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-05a60d3e43687578c", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.107", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - } - ], - "ingress_rules": [ - { - "IpProtocol": "tcp", - "FromPort": 5432, - "ToPort": 5432, - "UserIdGroupPairs": [], - "IpRanges": [ - { - "Description": "TLS from VPC", - "CidrIp": "10.0.0.0/16" - } - ], - "Ipv6Ranges": [], - "PrefixListIds": [] - } - ], - "egress_rules": [], - "tags": [ - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - } - ] - } - }, - "group": { - "name": "ec2" - }, - "labels": [ - "GithubOrg:terraform-aws-modules", - "Example:ex-vpc", - "GithubRepo:terraform-aws-vpc" - ], - "name": "sg-0a8033bb48cc40a41", - "type": "AwsEc2SecurityGroup", - "uid": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-0a8033bb48cc40a41" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", - "references": [ - "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" - ] - }, - "risk_details": "If Security groups are not properly configured the attack surface is increased.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Security group ex-vpc-vpc-endpoints-20251019183704849500000005 (sg-029c322294e89e3d0) has no potential wide-open non-RFC1918 address.", - "metadata": { - "event_code": "ec2_securitygroup_allow_wide_open_public_ipv4", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Security group ex-vpc-vpc-endpoints-20251019183704849500000005 (sg-029c322294e89e3d0) has no potential wide-open non-RFC1918 address.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_6_6" - ], - "C5-2025": [ - "PS-03.02B" - ], - "AWS-Foundational-Technical-Review": [ - "NETSEC-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.1", - "2.10.2" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC03-BP07" - ], - "ISO27001-2022": [ - "A.8.1", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "KISA-ISMS-P-2023": [ - "2.6.1", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure no security groups allow ingress and egress from wide-open IP address with a mask between 0 and 24.", - "title": "Ensure no security groups allow ingress and egress from wide-open IP address with a mask between 0 and 24.", - "types": [ - "Infrastructure Security" - ], - "uid": "prowler-aws-ec2_securitygroup_allow_wide_open_public_ipv4-211203495394-eu-west-1-sg-029c322294e89e3d0" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "ex-vpc-vpc-endpoints-20251019183704849500000005", - "metadata": { - "name": "ex-vpc-vpc-endpoints-20251019183704849500000005", - "region": "eu-west-1", - "arn": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-029c322294e89e3d0", - "id": "sg-029c322294e89e3d0", - "vpc_id": "vpc-007d791b9b857543e", - "associated_sgs": [], - "network_interfaces": [ - { - "id": "eni-0d52b90c56c30aaaf", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0543d816a10754034", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.10", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0c1065c914ddc0b88", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0f63eab8e95aa977f", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.100", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0fa50413d12043097", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0c9f85f08db46cc47", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.143", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0ab252a7dc8378f9e", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-09dd4c839f588ef37", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.180", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0affc8cb976d281e4", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-02d80e2d22cb22d04", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.178", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0b0549e20044315f3", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0c5c806199955154b", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.60", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0cc527ecbe7a26eaf", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0fbed747547fe0b21", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.9", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0cd4fcd4819d5a0b7", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-01492c978b95da32f", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.10", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-00e49c1a350a96c62", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-05a60d3e43687578c", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.107", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0412563bcfde47c07", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0a5da01736971c566", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.10", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0eee78be32276dc65", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0cce8dafaabedfaa6", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.114", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0b032bdd6415e28d2", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-069213b1daba0d2fa", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.130", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - } - ], - "ingress_rules": [ - { - "IpProtocol": "tcp", - "FromPort": 443, - "ToPort": 443, - "UserIdGroupPairs": [], - "IpRanges": [ - { - "Description": "HTTPS from VPC", - "CidrIp": "10.0.0.0/16" - } - ], - "Ipv6Ranges": [], - "PrefixListIds": [] - } - ], - "egress_rules": [], - "tags": [ - { - "Key": "Project", - "Value": "Secret" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Name", - "Value": "ex-vpc-vpc-endpoints-" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Endpoint", - "Value": "true" - }, - { - "Key": "Example", - "Value": "ex-vpc" - } - ] - } - }, - "group": { - "name": "ec2" - }, - "labels": [ - "Project:Secret", - "GithubOrg:terraform-aws-modules", - "Name:ex-vpc-vpc-endpoints-", - "GithubRepo:terraform-aws-vpc", - "Endpoint:true", - "Example:ex-vpc" - ], - "name": "sg-029c322294e89e3d0", - "type": "AwsEc2SecurityGroup", - "uid": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-029c322294e89e3d0" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", - "references": [ - "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" - ] - }, - "risk_details": "If Security groups are not properly configured the attack surface is increased.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Security group ex-vpc-rds20251019183702376100000002 (sg-0a8033bb48cc40a41) has no potential wide-open non-RFC1918 address.", - "metadata": { - "event_code": "ec2_securitygroup_allow_wide_open_public_ipv4", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Security group ex-vpc-rds20251019183702376100000002 (sg-0a8033bb48cc40a41) has no potential wide-open non-RFC1918 address.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_6_6" - ], - "C5-2025": [ - "PS-03.02B" - ], - "AWS-Foundational-Technical-Review": [ - "NETSEC-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.1", - "2.10.2" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC03-BP07" - ], - "ISO27001-2022": [ - "A.8.1", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "KISA-ISMS-P-2023": [ - "2.6.1", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure no security groups allow ingress and egress from wide-open IP address with a mask between 0 and 24.", - "title": "Ensure no security groups allow ingress and egress from wide-open IP address with a mask between 0 and 24.", - "types": [ - "Infrastructure Security" - ], - "uid": "prowler-aws-ec2_securitygroup_allow_wide_open_public_ipv4-211203495394-eu-west-1-sg-0a8033bb48cc40a41" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "ex-vpc-rds20251019183702376100000002", - "metadata": { - "name": "ex-vpc-rds20251019183702376100000002", - "region": "eu-west-1", - "arn": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-0a8033bb48cc40a41", - "id": "sg-0a8033bb48cc40a41", - "vpc_id": "vpc-007d791b9b857543e", - "associated_sgs": [], - "network_interfaces": [ - { - "id": "eni-0c1065c914ddc0b88", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0f63eab8e95aa977f", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.100", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0b0549e20044315f3", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0c5c806199955154b", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.60", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-00e49c1a350a96c62", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-05a60d3e43687578c", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.107", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - } - ], - "ingress_rules": [ - { - "IpProtocol": "tcp", - "FromPort": 5432, - "ToPort": 5432, - "UserIdGroupPairs": [], - "IpRanges": [ - { - "Description": "TLS from VPC", - "CidrIp": "10.0.0.0/16" - } - ], - "Ipv6Ranges": [], - "PrefixListIds": [] - } - ], - "egress_rules": [], - "tags": [ - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - } - ] - } - }, - "group": { - "name": "ec2" - }, - "labels": [ - "GithubOrg:terraform-aws-modules", - "Example:ex-vpc", - "GithubRepo:terraform-aws-vpc" - ], - "name": "sg-0a8033bb48cc40a41", - "type": "AwsEc2SecurityGroup", - "uid": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-0a8033bb48cc40a41" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", - "references": [ - "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" - ] - }, - "risk_details": "If Security groups are not properly configured the attack surface is increased.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Security group ex-vpc-vpc-endpoints-20251019183704849500000005 (sg-029c322294e89e3d0) was not created using the EC2 Launch Wizard.", - "metadata": { - "event_code": "ec2_securitygroup_from_launch_wizard", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Security group ex-vpc-vpc-endpoints-20251019183704849500000005 (sg-029c322294e89e3d0) was not created using the EC2 Launch Wizard.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.com.1.aws.sg.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP03" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "KISA-ISMS-P-2023": [ - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Security Groups created by EC2 Launch Wizard.", - "title": "Security Groups created by EC2 Launch Wizard.", - "types": [ - "Infrastructure Security" - ], - "uid": "prowler-aws-ec2_securitygroup_from_launch_wizard-211203495394-eu-west-1-sg-029c322294e89e3d0" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "ex-vpc-vpc-endpoints-20251019183704849500000005", - "metadata": { - "name": "ex-vpc-vpc-endpoints-20251019183704849500000005", - "region": "eu-west-1", - "arn": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-029c322294e89e3d0", - "id": "sg-029c322294e89e3d0", - "vpc_id": "vpc-007d791b9b857543e", - "associated_sgs": [], - "network_interfaces": [ - { - "id": "eni-0d52b90c56c30aaaf", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0543d816a10754034", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.10", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0c1065c914ddc0b88", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0f63eab8e95aa977f", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.100", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0fa50413d12043097", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0c9f85f08db46cc47", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.143", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0ab252a7dc8378f9e", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-09dd4c839f588ef37", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.180", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0affc8cb976d281e4", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-02d80e2d22cb22d04", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.178", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0b0549e20044315f3", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0c5c806199955154b", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.60", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0cc527ecbe7a26eaf", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0fbed747547fe0b21", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.9", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0cd4fcd4819d5a0b7", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-01492c978b95da32f", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.10", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-00e49c1a350a96c62", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-05a60d3e43687578c", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.107", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0412563bcfde47c07", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0a5da01736971c566", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.10", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0eee78be32276dc65", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0cce8dafaabedfaa6", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.114", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0b032bdd6415e28d2", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-069213b1daba0d2fa", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.130", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - } - ], - "ingress_rules": [ - { - "IpProtocol": "tcp", - "FromPort": 443, - "ToPort": 443, - "UserIdGroupPairs": [], - "IpRanges": [ - { - "Description": "HTTPS from VPC", - "CidrIp": "10.0.0.0/16" - } - ], - "Ipv6Ranges": [], - "PrefixListIds": [] - } - ], - "egress_rules": [], - "tags": [ - { - "Key": "Project", - "Value": "Secret" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Name", - "Value": "ex-vpc-vpc-endpoints-" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Endpoint", - "Value": "true" - }, - { - "Key": "Example", - "Value": "ex-vpc" - } - ] - } - }, - "group": { - "name": "ec2" - }, - "labels": [ - "Project:Secret", - "GithubOrg:terraform-aws-modules", - "Name:ex-vpc-vpc-endpoints-", - "GithubRepo:terraform-aws-vpc", - "Endpoint:true", - "Example:ex-vpc" - ], - "name": "sg-029c322294e89e3d0", - "type": "AwsEc2SecurityGroup", - "uid": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-029c322294e89e3d0" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group.", - "references": [ - "https://docs.aws.amazon.com/eks/latest/userguide/sec-group-reqs.html" - ] - }, - "risk_details": "Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Security group default (sg-0be54092870e08359) was not created using the EC2 Launch Wizard.", - "metadata": { - "event_code": "ec2_securitygroup_from_launch_wizard", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Security group default (sg-0be54092870e08359) was not created using the EC2 Launch Wizard.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.com.1.aws.sg.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP03" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "KISA-ISMS-P-2023": [ - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Security Groups created by EC2 Launch Wizard.", - "title": "Security Groups created by EC2 Launch Wizard.", - "types": [ - "Infrastructure Security" - ], - "uid": "prowler-aws-ec2_securitygroup_from_launch_wizard-211203495394-eu-west-1-sg-0be54092870e08359" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "default", - "metadata": { - "name": "default", - "region": "eu-west-1", - "arn": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-0be54092870e08359", - "id": "sg-0be54092870e08359", - "vpc_id": "vpc-007d791b9b857543e", - "associated_sgs": [ - "sg-0be54092870e08359" - ], - "network_interfaces": [], - "ingress_rules": [ - { - "IpProtocol": "-1", - "UserIdGroupPairs": [ - { - "UserId": "211203495394", - "GroupId": "sg-0be54092870e08359" - } - ], - "IpRanges": [], - "Ipv6Ranges": [], - "PrefixListIds": [] - } - ], - "egress_rules": [ - { - "IpProtocol": "-1", - "UserIdGroupPairs": [], - "IpRanges": [ - { - "CidrIp": "0.0.0.0/0" - } - ], - "Ipv6Ranges": [], - "PrefixListIds": [] - } - ], - "tags": null - } - }, - "group": { - "name": "ec2" - }, - "labels": [], - "name": "sg-0be54092870e08359", - "type": "AwsEc2SecurityGroup", - "uid": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-0be54092870e08359" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group.", - "references": [ - "https://docs.aws.amazon.com/eks/latest/userguide/sec-group-reqs.html" - ] - }, - "risk_details": "Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Security group ex-vpc-rds20251019183702376100000002 (sg-0a8033bb48cc40a41) was not created using the EC2 Launch Wizard.", - "metadata": { - "event_code": "ec2_securitygroup_from_launch_wizard", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Security group ex-vpc-rds20251019183702376100000002 (sg-0a8033bb48cc40a41) was not created using the EC2 Launch Wizard.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.com.1.aws.sg.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP03" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "KISA-ISMS-P-2023": [ - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Security Groups created by EC2 Launch Wizard.", - "title": "Security Groups created by EC2 Launch Wizard.", - "types": [ - "Infrastructure Security" - ], - "uid": "prowler-aws-ec2_securitygroup_from_launch_wizard-211203495394-eu-west-1-sg-0a8033bb48cc40a41" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "ex-vpc-rds20251019183702376100000002", - "metadata": { - "name": "ex-vpc-rds20251019183702376100000002", - "region": "eu-west-1", - "arn": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-0a8033bb48cc40a41", - "id": "sg-0a8033bb48cc40a41", - "vpc_id": "vpc-007d791b9b857543e", - "associated_sgs": [], - "network_interfaces": [ - { - "id": "eni-0c1065c914ddc0b88", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0f63eab8e95aa977f", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.100", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0b0549e20044315f3", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0c5c806199955154b", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.60", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-00e49c1a350a96c62", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-05a60d3e43687578c", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.107", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - } - ], - "ingress_rules": [ - { - "IpProtocol": "tcp", - "FromPort": 5432, - "ToPort": 5432, - "UserIdGroupPairs": [], - "IpRanges": [ - { - "Description": "TLS from VPC", - "CidrIp": "10.0.0.0/16" - } - ], - "Ipv6Ranges": [], - "PrefixListIds": [] - } - ], - "egress_rules": [], - "tags": [ - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - } - ] - } - }, - "group": { - "name": "ec2" - }, - "labels": [ - "GithubOrg:terraform-aws-modules", - "Example:ex-vpc", - "GithubRepo:terraform-aws-vpc" - ], - "name": "sg-0a8033bb48cc40a41", - "type": "AwsEc2SecurityGroup", - "uid": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-0a8033bb48cc40a41" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group.", - "references": [ - "https://docs.aws.amazon.com/eks/latest/userguide/sec-group-reqs.html" - ] - }, - "risk_details": "Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Security group ex-rds-20251019171856241300000005 (sg-0c3aaf7337434df0c) was not created using the EC2 Launch Wizard.", - "metadata": { - "event_code": "ec2_securitygroup_from_launch_wizard", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Security group ex-rds-20251019171856241300000005 (sg-0c3aaf7337434df0c) was not created using the EC2 Launch Wizard.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.com.1.aws.sg.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP03" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "KISA-ISMS-P-2023": [ - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Security Groups created by EC2 Launch Wizard.", - "title": "Security Groups created by EC2 Launch Wizard.", - "types": [ - "Infrastructure Security" - ], - "uid": "prowler-aws-ec2_securitygroup_from_launch_wizard-211203495394-eu-west-1-sg-0c3aaf7337434df0c" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "ex-rds-20251019171856241300000005", - "metadata": { - "name": "ex-rds-20251019171856241300000005", - "region": "eu-west-1", - "arn": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-0c3aaf7337434df0c", - "id": "sg-0c3aaf7337434df0c", - "vpc_id": "vpc-0db221deba515d6c7", - "associated_sgs": [], - "network_interfaces": [], - "ingress_rules": [ - { - "IpProtocol": "tcp", - "FromPort": 5432, - "ToPort": 5432, - "UserIdGroupPairs": [], - "IpRanges": [ - { - "CidrIp": "10.0.3.0/24" - }, - { - "CidrIp": "10.0.4.0/24" - }, - { - "CidrIp": "10.0.5.0/24" - } - ], - "Ipv6Ranges": [], - "PrefixListIds": [] - } - ], - "egress_rules": [ - { - "IpProtocol": "tcp", - "FromPort": 5432, - "ToPort": 5432, - "UserIdGroupPairs": [], - "IpRanges": [ - { - "Description": "Egress to corporate printer closet", - "CidrIp": "10.33.0.0/28" - } - ], - "Ipv6Ranges": [], - "PrefixListIds": [] - } - ], - "tags": [ - { - "Key": "Name", - "Value": "ex-rds" - }, - { - "Key": "Example", - "Value": "ex-rds" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-rds-aurora" - } - ] - } - }, - "group": { - "name": "ec2" - }, - "labels": [ - "Name:ex-rds", - "Example:ex-rds", - "GithubOrg:terraform-aws-modules", - "GithubRepo:terraform-aws-rds-aurora" - ], - "name": "sg-0c3aaf7337434df0c", - "type": "AwsEc2SecurityGroup", - "uid": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-0c3aaf7337434df0c" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group.", - "references": [ - "https://docs.aws.amazon.com/eks/latest/userguide/sec-group-reqs.html" - ] - }, - "risk_details": "Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Security group default (sg-098d463ddc66b09b5) was not created using the EC2 Launch Wizard.", - "metadata": { - "event_code": "ec2_securitygroup_from_launch_wizard", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Security group default (sg-098d463ddc66b09b5) was not created using the EC2 Launch Wizard.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.com.1.aws.sg.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP03" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "KISA-ISMS-P-2023": [ - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Security Groups created by EC2 Launch Wizard.", - "title": "Security Groups created by EC2 Launch Wizard.", - "types": [ - "Infrastructure Security" - ], - "uid": "prowler-aws-ec2_securitygroup_from_launch_wizard-211203495394-eu-west-1-sg-098d463ddc66b09b5" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "default", - "metadata": { - "name": "default", - "region": "eu-west-1", - "arn": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-098d463ddc66b09b5", - "id": "sg-098d463ddc66b09b5", - "vpc_id": "vpc-0db221deba515d6c7", - "associated_sgs": [], - "network_interfaces": [], - "ingress_rules": [], - "egress_rules": [], - "tags": [ - { - "Key": "Example", - "Value": "ex-rds" - }, - { - "Key": "Name", - "Value": "ex-rds-default" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-rds-aurora" - } - ] - } - }, - "group": { - "name": "ec2" - }, - "labels": [ - "Example:ex-rds", - "Name:ex-rds-default", - "GithubOrg:terraform-aws-modules", - "GithubRepo:terraform-aws-rds-aurora" - ], - "name": "sg-098d463ddc66b09b5", - "type": "AwsEc2SecurityGroup", - "uid": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-098d463ddc66b09b5" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group.", - "references": [ - "https://docs.aws.amazon.com/eks/latest/userguide/sec-group-reqs.html" - ] - }, - "risk_details": "Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Security group ex-vpc-vpc-endpoints-20251019183704849500000005 (sg-029c322294e89e3d0) it is being used.", - "metadata": { - "event_code": "ec2_securitygroup_not_used", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "PASS", - "status_detail": "Security group ex-vpc-vpc-endpoints-20251019183704849500000005 (sg-029c322294e89e3d0) it is being used.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.com.1.aws.sg.3" - ], - "AWS-Foundational-Technical-Review": [ - "NETSEC-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2" - ], - "AWS-Foundational-Security-Best-Practices": [ - "EC2.22" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP03" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "KISA-ISMS-P-2023": [ - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure there are no Security Groups not being used.", - "title": "Ensure there are no Security Groups not being used.", - "types": [ - "Infrastructure Security" - ], - "uid": "prowler-aws-ec2_securitygroup_not_used-211203495394-eu-west-1-sg-029c322294e89e3d0" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "ex-vpc-vpc-endpoints-20251019183704849500000005", - "metadata": { - "name": "ex-vpc-vpc-endpoints-20251019183704849500000005", - "region": "eu-west-1", - "arn": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-029c322294e89e3d0", - "id": "sg-029c322294e89e3d0", - "vpc_id": "vpc-007d791b9b857543e", - "associated_sgs": [], - "network_interfaces": [ - { - "id": "eni-0d52b90c56c30aaaf", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0543d816a10754034", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.10", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0c1065c914ddc0b88", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0f63eab8e95aa977f", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.100", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0fa50413d12043097", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0c9f85f08db46cc47", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.143", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0ab252a7dc8378f9e", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-09dd4c839f588ef37", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.180", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0affc8cb976d281e4", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-02d80e2d22cb22d04", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.178", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0b0549e20044315f3", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0c5c806199955154b", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.60", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0cc527ecbe7a26eaf", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0fbed747547fe0b21", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.9", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0cd4fcd4819d5a0b7", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-01492c978b95da32f", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.10", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-00e49c1a350a96c62", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-05a60d3e43687578c", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.107", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0412563bcfde47c07", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0a5da01736971c566", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.10", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0eee78be32276dc65", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0cce8dafaabedfaa6", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.114", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0b032bdd6415e28d2", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-069213b1daba0d2fa", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.130", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - } - ], - "ingress_rules": [ - { - "IpProtocol": "tcp", - "FromPort": 443, - "ToPort": 443, - "UserIdGroupPairs": [], - "IpRanges": [ - { - "Description": "HTTPS from VPC", - "CidrIp": "10.0.0.0/16" - } - ], - "Ipv6Ranges": [], - "PrefixListIds": [] - } - ], - "egress_rules": [], - "tags": [ - { - "Key": "Project", - "Value": "Secret" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Name", - "Value": "ex-vpc-vpc-endpoints-" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Endpoint", - "Value": "true" - }, - { - "Key": "Example", - "Value": "ex-vpc" - } - ] - } - }, - "group": { - "name": "ec2" - }, - "labels": [ - "Project:Secret", - "GithubOrg:terraform-aws-modules", - "Name:ex-vpc-vpc-endpoints-", - "GithubRepo:terraform-aws-vpc", - "Endpoint:true", - "Example:ex-vpc" - ], - "name": "sg-029c322294e89e3d0", - "type": "AwsEc2SecurityGroup", - "uid": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-029c322294e89e3d0" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "List all the security groups and then use the cli to check if they are attached to an instance.", - "references": [ - "https://aws.amazon.com/premiumsupport/knowledge-center/ec2-find-security-group-resources/" - ] - }, - "risk_details": "Having clear definition and scope for Security Groups creates a better administration environment.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Security group ex-vpc-rds20251019183702376100000002 (sg-0a8033bb48cc40a41) it is being used.", - "metadata": { - "event_code": "ec2_securitygroup_not_used", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "PASS", - "status_detail": "Security group ex-vpc-rds20251019183702376100000002 (sg-0a8033bb48cc40a41) it is being used.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.com.1.aws.sg.3" - ], - "AWS-Foundational-Technical-Review": [ - "NETSEC-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2" - ], - "AWS-Foundational-Security-Best-Practices": [ - "EC2.22" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP03" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "KISA-ISMS-P-2023": [ - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure there are no Security Groups not being used.", - "title": "Ensure there are no Security Groups not being used.", - "types": [ - "Infrastructure Security" - ], - "uid": "prowler-aws-ec2_securitygroup_not_used-211203495394-eu-west-1-sg-0a8033bb48cc40a41" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "ex-vpc-rds20251019183702376100000002", - "metadata": { - "name": "ex-vpc-rds20251019183702376100000002", - "region": "eu-west-1", - "arn": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-0a8033bb48cc40a41", - "id": "sg-0a8033bb48cc40a41", - "vpc_id": "vpc-007d791b9b857543e", - "associated_sgs": [], - "network_interfaces": [ - { - "id": "eni-0c1065c914ddc0b88", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0f63eab8e95aa977f", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.100", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0b0549e20044315f3", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0c5c806199955154b", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.60", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-00e49c1a350a96c62", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-05a60d3e43687578c", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.107", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - } - ], - "ingress_rules": [ - { - "IpProtocol": "tcp", - "FromPort": 5432, - "ToPort": 5432, - "UserIdGroupPairs": [], - "IpRanges": [ - { - "Description": "TLS from VPC", - "CidrIp": "10.0.0.0/16" - } - ], - "Ipv6Ranges": [], - "PrefixListIds": [] - } - ], - "egress_rules": [], - "tags": [ - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - } - ] - } - }, - "group": { - "name": "ec2" - }, - "labels": [ - "GithubOrg:terraform-aws-modules", - "Example:ex-vpc", - "GithubRepo:terraform-aws-vpc" - ], - "name": "sg-0a8033bb48cc40a41", - "type": "AwsEc2SecurityGroup", - "uid": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-0a8033bb48cc40a41" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "List all the security groups and then use the cli to check if they are attached to an instance.", - "references": [ - "https://aws.amazon.com/premiumsupport/knowledge-center/ec2-find-security-group-resources/" - ] - }, - "risk_details": "Having clear definition and scope for Security Groups creates a better administration environment.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Security group ex-rds-20251019171856241300000005 (sg-0c3aaf7337434df0c) it is not being used.", - "metadata": { - "event_code": "ec2_securitygroup_not_used", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "Security group ex-rds-20251019171856241300000005 (sg-0c3aaf7337434df0c) it is not being used.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.com.1.aws.sg.3" - ], - "AWS-Foundational-Technical-Review": [ - "NETSEC-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2" - ], - "AWS-Foundational-Security-Best-Practices": [ - "EC2.22" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP03" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "KISA-ISMS-P-2023": [ - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure there are no Security Groups not being used.", - "title": "Ensure there are no Security Groups not being used.", - "types": [ - "Infrastructure Security" - ], - "uid": "prowler-aws-ec2_securitygroup_not_used-211203495394-eu-west-1-sg-0c3aaf7337434df0c" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "ex-rds-20251019171856241300000005", - "metadata": { - "name": "ex-rds-20251019171856241300000005", - "region": "eu-west-1", - "arn": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-0c3aaf7337434df0c", - "id": "sg-0c3aaf7337434df0c", - "vpc_id": "vpc-0db221deba515d6c7", - "associated_sgs": [], - "network_interfaces": [], - "ingress_rules": [ - { - "IpProtocol": "tcp", - "FromPort": 5432, - "ToPort": 5432, - "UserIdGroupPairs": [], - "IpRanges": [ - { - "CidrIp": "10.0.3.0/24" - }, - { - "CidrIp": "10.0.4.0/24" - }, - { - "CidrIp": "10.0.5.0/24" - } - ], - "Ipv6Ranges": [], - "PrefixListIds": [] - } - ], - "egress_rules": [ - { - "IpProtocol": "tcp", - "FromPort": 5432, - "ToPort": 5432, - "UserIdGroupPairs": [], - "IpRanges": [ - { - "Description": "Egress to corporate printer closet", - "CidrIp": "10.33.0.0/28" - } - ], - "Ipv6Ranges": [], - "PrefixListIds": [] - } - ], - "tags": [ - { - "Key": "Name", - "Value": "ex-rds" - }, - { - "Key": "Example", - "Value": "ex-rds" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-rds-aurora" - } - ] - } - }, - "group": { - "name": "ec2" - }, - "labels": [ - "Name:ex-rds", - "Example:ex-rds", - "GithubOrg:terraform-aws-modules", - "GithubRepo:terraform-aws-rds-aurora" - ], - "name": "sg-0c3aaf7337434df0c", - "type": "AwsEc2SecurityGroup", - "uid": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-0c3aaf7337434df0c" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "List all the security groups and then use the cli to check if they are attached to an instance.", - "references": [ - "https://aws.amazon.com/premiumsupport/knowledge-center/ec2-find-security-group-resources/" - ] - }, - "risk_details": "Having clear definition and scope for Security Groups creates a better administration environment.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Security group ex-vpc-vpc-endpoints-20251019183704849500000005 (sg-029c322294e89e3d0) has 1 inbound rules and 0 outbound rules.", - "metadata": { - "event_code": "ec2_securitygroup_with_many_ingress_egress_rules", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Security group ex-vpc-vpc-endpoints-20251019183704849500000005 (sg-029c322294e89e3d0) has 1 inbound rules and 0 outbound rules.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "AWS-Foundational-Technical-Review": [ - "NETSEC-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP03" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "KISA-ISMS-P-2023": [ - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Find security groups with more than 50 ingress or egress rules.", - "title": "Find security groups with more than 50 ingress or egress rules.", - "types": [ - "Infrastructure Security" - ], - "uid": "prowler-aws-ec2_securitygroup_with_many_ingress_egress_rules-211203495394-eu-west-1-sg-029c322294e89e3d0" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "ex-vpc-vpc-endpoints-20251019183704849500000005", - "metadata": { - "name": "ex-vpc-vpc-endpoints-20251019183704849500000005", - "region": "eu-west-1", - "arn": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-029c322294e89e3d0", - "id": "sg-029c322294e89e3d0", - "vpc_id": "vpc-007d791b9b857543e", - "associated_sgs": [], - "network_interfaces": [ - { - "id": "eni-0d52b90c56c30aaaf", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0543d816a10754034", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.10", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0c1065c914ddc0b88", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0f63eab8e95aa977f", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.100", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0fa50413d12043097", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0c9f85f08db46cc47", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.143", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0ab252a7dc8378f9e", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-09dd4c839f588ef37", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.180", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0affc8cb976d281e4", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-02d80e2d22cb22d04", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.178", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0b0549e20044315f3", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0c5c806199955154b", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.60", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0cc527ecbe7a26eaf", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0fbed747547fe0b21", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.9", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0cd4fcd4819d5a0b7", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-01492c978b95da32f", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.10", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-00e49c1a350a96c62", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-05a60d3e43687578c", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.107", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0412563bcfde47c07", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0a5da01736971c566", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.10", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0eee78be32276dc65", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0cce8dafaabedfaa6", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.114", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0b032bdd6415e28d2", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-069213b1daba0d2fa", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.130", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - } - ], - "ingress_rules": [ - { - "IpProtocol": "tcp", - "FromPort": 443, - "ToPort": 443, - "UserIdGroupPairs": [], - "IpRanges": [ - { - "Description": "HTTPS from VPC", - "CidrIp": "10.0.0.0/16" - } - ], - "Ipv6Ranges": [], - "PrefixListIds": [] - } - ], - "egress_rules": [], - "tags": [ - { - "Key": "Project", - "Value": "Secret" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Name", - "Value": "ex-vpc-vpc-endpoints-" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Endpoint", - "Value": "true" - }, - { - "Key": "Example", - "Value": "ex-vpc" - } - ] - } - }, - "group": { - "name": "ec2" - }, - "labels": [ - "Project:Secret", - "GithubOrg:terraform-aws-modules", - "Name:ex-vpc-vpc-endpoints-", - "GithubRepo:terraform-aws-vpc", - "Endpoint:true", - "Example:ex-vpc" - ], - "name": "sg-029c322294e89e3d0", - "type": "AwsEc2SecurityGroup", - "uid": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-029c322294e89e3d0" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", - "references": [ - "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" - ] - }, - "risk_details": "If Security groups are not properly configured the attack surface is increased.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Security group default (sg-0be54092870e08359) has 1 inbound rules and 1 outbound rules.", - "metadata": { - "event_code": "ec2_securitygroup_with_many_ingress_egress_rules", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Security group default (sg-0be54092870e08359) has 1 inbound rules and 1 outbound rules.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "AWS-Foundational-Technical-Review": [ - "NETSEC-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP03" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "KISA-ISMS-P-2023": [ - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Find security groups with more than 50 ingress or egress rules.", - "title": "Find security groups with more than 50 ingress or egress rules.", - "types": [ - "Infrastructure Security" - ], - "uid": "prowler-aws-ec2_securitygroup_with_many_ingress_egress_rules-211203495394-eu-west-1-sg-0be54092870e08359" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "default", - "metadata": { - "name": "default", - "region": "eu-west-1", - "arn": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-0be54092870e08359", - "id": "sg-0be54092870e08359", - "vpc_id": "vpc-007d791b9b857543e", - "associated_sgs": [ - "sg-0be54092870e08359" - ], - "network_interfaces": [], - "ingress_rules": [ - { - "IpProtocol": "-1", - "UserIdGroupPairs": [ - { - "UserId": "211203495394", - "GroupId": "sg-0be54092870e08359" - } - ], - "IpRanges": [], - "Ipv6Ranges": [], - "PrefixListIds": [] - } - ], - "egress_rules": [ - { - "IpProtocol": "-1", - "UserIdGroupPairs": [], - "IpRanges": [ - { - "CidrIp": "0.0.0.0/0" - } - ], - "Ipv6Ranges": [], - "PrefixListIds": [] - } - ], - "tags": null - } - }, - "group": { - "name": "ec2" - }, - "labels": [], - "name": "sg-0be54092870e08359", - "type": "AwsEc2SecurityGroup", - "uid": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-0be54092870e08359" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", - "references": [ - "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" - ] - }, - "risk_details": "If Security groups are not properly configured the attack surface is increased.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Security group ex-vpc-rds20251019183702376100000002 (sg-0a8033bb48cc40a41) has 1 inbound rules and 0 outbound rules.", - "metadata": { - "event_code": "ec2_securitygroup_with_many_ingress_egress_rules", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Security group ex-vpc-rds20251019183702376100000002 (sg-0a8033bb48cc40a41) has 1 inbound rules and 0 outbound rules.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "AWS-Foundational-Technical-Review": [ - "NETSEC-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP03" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "KISA-ISMS-P-2023": [ - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Find security groups with more than 50 ingress or egress rules.", - "title": "Find security groups with more than 50 ingress or egress rules.", - "types": [ - "Infrastructure Security" - ], - "uid": "prowler-aws-ec2_securitygroup_with_many_ingress_egress_rules-211203495394-eu-west-1-sg-0a8033bb48cc40a41" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "ex-vpc-rds20251019183702376100000002", - "metadata": { - "name": "ex-vpc-rds20251019183702376100000002", - "region": "eu-west-1", - "arn": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-0a8033bb48cc40a41", - "id": "sg-0a8033bb48cc40a41", - "vpc_id": "vpc-007d791b9b857543e", - "associated_sgs": [], - "network_interfaces": [ - { - "id": "eni-0c1065c914ddc0b88", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0f63eab8e95aa977f", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.100", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0b0549e20044315f3", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0c5c806199955154b", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.60", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-00e49c1a350a96c62", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-05a60d3e43687578c", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.107", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - } - ], - "ingress_rules": [ - { - "IpProtocol": "tcp", - "FromPort": 5432, - "ToPort": 5432, - "UserIdGroupPairs": [], - "IpRanges": [ - { - "Description": "TLS from VPC", - "CidrIp": "10.0.0.0/16" - } - ], - "Ipv6Ranges": [], - "PrefixListIds": [] - } - ], - "egress_rules": [], - "tags": [ - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - } - ] - } - }, - "group": { - "name": "ec2" - }, - "labels": [ - "GithubOrg:terraform-aws-modules", - "Example:ex-vpc", - "GithubRepo:terraform-aws-vpc" - ], - "name": "sg-0a8033bb48cc40a41", - "type": "AwsEc2SecurityGroup", - "uid": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-0a8033bb48cc40a41" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", - "references": [ - "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" - ] - }, - "risk_details": "If Security groups are not properly configured the attack surface is increased.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Security group ex-rds-20251019171856241300000005 (sg-0c3aaf7337434df0c) has 1 inbound rules and 1 outbound rules.", - "metadata": { - "event_code": "ec2_securitygroup_with_many_ingress_egress_rules", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Security group ex-rds-20251019171856241300000005 (sg-0c3aaf7337434df0c) has 1 inbound rules and 1 outbound rules.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "AWS-Foundational-Technical-Review": [ - "NETSEC-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP03" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "KISA-ISMS-P-2023": [ - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Find security groups with more than 50 ingress or egress rules.", - "title": "Find security groups with more than 50 ingress or egress rules.", - "types": [ - "Infrastructure Security" - ], - "uid": "prowler-aws-ec2_securitygroup_with_many_ingress_egress_rules-211203495394-eu-west-1-sg-0c3aaf7337434df0c" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "ex-rds-20251019171856241300000005", - "metadata": { - "name": "ex-rds-20251019171856241300000005", - "region": "eu-west-1", - "arn": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-0c3aaf7337434df0c", - "id": "sg-0c3aaf7337434df0c", - "vpc_id": "vpc-0db221deba515d6c7", - "associated_sgs": [], - "network_interfaces": [], - "ingress_rules": [ - { - "IpProtocol": "tcp", - "FromPort": 5432, - "ToPort": 5432, - "UserIdGroupPairs": [], - "IpRanges": [ - { - "CidrIp": "10.0.3.0/24" - }, - { - "CidrIp": "10.0.4.0/24" - }, - { - "CidrIp": "10.0.5.0/24" - } - ], - "Ipv6Ranges": [], - "PrefixListIds": [] - } - ], - "egress_rules": [ - { - "IpProtocol": "tcp", - "FromPort": 5432, - "ToPort": 5432, - "UserIdGroupPairs": [], - "IpRanges": [ - { - "Description": "Egress to corporate printer closet", - "CidrIp": "10.33.0.0/28" - } - ], - "Ipv6Ranges": [], - "PrefixListIds": [] - } - ], - "tags": [ - { - "Key": "Name", - "Value": "ex-rds" - }, - { - "Key": "Example", - "Value": "ex-rds" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-rds-aurora" - } - ] - } - }, - "group": { - "name": "ec2" - }, - "labels": [ - "Name:ex-rds", - "Example:ex-rds", - "GithubOrg:terraform-aws-modules", - "GithubRepo:terraform-aws-rds-aurora" - ], - "name": "sg-0c3aaf7337434df0c", - "type": "AwsEc2SecurityGroup", - "uid": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-0c3aaf7337434df0c" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", - "references": [ - "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" - ] - }, - "risk_details": "If Security groups are not properly configured the attack surface is increased.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Security group default (sg-098d463ddc66b09b5) has 0 inbound rules and 0 outbound rules.", - "metadata": { - "event_code": "ec2_securitygroup_with_many_ingress_egress_rules", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Security group default (sg-098d463ddc66b09b5) has 0 inbound rules and 0 outbound rules.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "AWS-Foundational-Technical-Review": [ - "NETSEC-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP03" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "KISA-ISMS-P-2023": [ - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Find security groups with more than 50 ingress or egress rules.", - "title": "Find security groups with more than 50 ingress or egress rules.", - "types": [ - "Infrastructure Security" - ], - "uid": "prowler-aws-ec2_securitygroup_with_many_ingress_egress_rules-211203495394-eu-west-1-sg-098d463ddc66b09b5" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "default", - "metadata": { - "name": "default", - "region": "eu-west-1", - "arn": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-098d463ddc66b09b5", - "id": "sg-098d463ddc66b09b5", - "vpc_id": "vpc-0db221deba515d6c7", - "associated_sgs": [], - "network_interfaces": [], - "ingress_rules": [], - "egress_rules": [], - "tags": [ - { - "Key": "Example", - "Value": "ex-rds" - }, - { - "Key": "Name", - "Value": "ex-rds-default" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-rds-aurora" - } - ] - } - }, - "group": { - "name": "ec2" - }, - "labels": [ - "Example:ex-rds", - "Name:ex-rds-default", - "GithubOrg:terraform-aws-modules", - "GithubRepo:terraform-aws-rds-aurora" - ], - "name": "sg-098d463ddc66b09b5", - "type": "AwsEc2SecurityGroup", - "uid": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-098d463ddc66b09b5" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", - "references": [ - "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" - ] - }, - "risk_details": "If Security groups are not properly configured the attack surface is increased.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default does not allow cross-account access.", - "metadata": { - "event_code": "eventbridge_bus_cross_account_access", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default does not allow cross-account access.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OPS-13.03AC", - "IAM-10.01B", - "COS-04.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "CCC": [ - "CCC.Core.CN05.AR03" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "title": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "types": [], - "uid": "prowler-aws-eventbridge_bus_cross_account_access-211203495394-ap-northeast-1-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-northeast-1", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:ap-northeast-1:211203495394:event-bus/default", - "region": "ap-northeast-1", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:ap-northeast-1:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-northeast-1" - }, - "remediation": { - "desc": "To remediate this issue, remove the unknown cross-account access for delivery of events from the AWS EventBridge event bus.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If an AWS EventBridge event bus allows unknown cross-account access for delivery of events, it can lead to unauthorized access to the event bus and its events.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default does not allow cross-account access.", - "metadata": { - "event_code": "eventbridge_bus_cross_account_access", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default does not allow cross-account access.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OPS-13.03AC", - "IAM-10.01B", - "COS-04.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "CCC": [ - "CCC.Core.CN05.AR03" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "title": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "types": [], - "uid": "prowler-aws-eventbridge_bus_cross_account_access-211203495394-ap-northeast-2-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-northeast-2", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:ap-northeast-2:211203495394:event-bus/default", - "region": "ap-northeast-2", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:ap-northeast-2:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-northeast-2" - }, - "remediation": { - "desc": "To remediate this issue, remove the unknown cross-account access for delivery of events from the AWS EventBridge event bus.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If an AWS EventBridge event bus allows unknown cross-account access for delivery of events, it can lead to unauthorized access to the event bus and its events.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default does not allow cross-account access.", - "metadata": { - "event_code": "eventbridge_bus_cross_account_access", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default does not allow cross-account access.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OPS-13.03AC", - "IAM-10.01B", - "COS-04.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "CCC": [ - "CCC.Core.CN05.AR03" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "title": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "types": [], - "uid": "prowler-aws-eventbridge_bus_cross_account_access-211203495394-ap-northeast-3-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-northeast-3", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:ap-northeast-3:211203495394:event-bus/default", - "region": "ap-northeast-3", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:ap-northeast-3:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-northeast-3" - }, - "remediation": { - "desc": "To remediate this issue, remove the unknown cross-account access for delivery of events from the AWS EventBridge event bus.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If an AWS EventBridge event bus allows unknown cross-account access for delivery of events, it can lead to unauthorized access to the event bus and its events.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default does not allow cross-account access.", - "metadata": { - "event_code": "eventbridge_bus_cross_account_access", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default does not allow cross-account access.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OPS-13.03AC", - "IAM-10.01B", - "COS-04.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "CCC": [ - "CCC.Core.CN05.AR03" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "title": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "types": [], - "uid": "prowler-aws-eventbridge_bus_cross_account_access-211203495394-ap-south-1-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-south-1", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:ap-south-1:211203495394:event-bus/default", - "region": "ap-south-1", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:ap-south-1:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-south-1" - }, - "remediation": { - "desc": "To remediate this issue, remove the unknown cross-account access for delivery of events from the AWS EventBridge event bus.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If an AWS EventBridge event bus allows unknown cross-account access for delivery of events, it can lead to unauthorized access to the event bus and its events.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default does not allow cross-account access.", - "metadata": { - "event_code": "eventbridge_bus_cross_account_access", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default does not allow cross-account access.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OPS-13.03AC", - "IAM-10.01B", - "COS-04.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "CCC": [ - "CCC.Core.CN05.AR03" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "title": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "types": [], - "uid": "prowler-aws-eventbridge_bus_cross_account_access-211203495394-ap-southeast-1-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-southeast-1", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:ap-southeast-1:211203495394:event-bus/default", - "region": "ap-southeast-1", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:ap-southeast-1:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-southeast-1" - }, - "remediation": { - "desc": "To remediate this issue, remove the unknown cross-account access for delivery of events from the AWS EventBridge event bus.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If an AWS EventBridge event bus allows unknown cross-account access for delivery of events, it can lead to unauthorized access to the event bus and its events.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default does not allow cross-account access.", - "metadata": { - "event_code": "eventbridge_bus_cross_account_access", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default does not allow cross-account access.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OPS-13.03AC", - "IAM-10.01B", - "COS-04.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "CCC": [ - "CCC.Core.CN05.AR03" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "title": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "types": [], - "uid": "prowler-aws-eventbridge_bus_cross_account_access-211203495394-ap-southeast-2-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-southeast-2", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:ap-southeast-2:211203495394:event-bus/default", - "region": "ap-southeast-2", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:ap-southeast-2:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-southeast-2" - }, - "remediation": { - "desc": "To remediate this issue, remove the unknown cross-account access for delivery of events from the AWS EventBridge event bus.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If an AWS EventBridge event bus allows unknown cross-account access for delivery of events, it can lead to unauthorized access to the event bus and its events.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default does not allow cross-account access.", - "metadata": { - "event_code": "eventbridge_bus_cross_account_access", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default does not allow cross-account access.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OPS-13.03AC", - "IAM-10.01B", - "COS-04.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "CCC": [ - "CCC.Core.CN05.AR03" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "title": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "types": [], - "uid": "prowler-aws-eventbridge_bus_cross_account_access-211203495394-ca-central-1-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ca-central-1", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:ca-central-1:211203495394:event-bus/default", - "region": "ca-central-1", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:ca-central-1:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ca-central-1" - }, - "remediation": { - "desc": "To remediate this issue, remove the unknown cross-account access for delivery of events from the AWS EventBridge event bus.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If an AWS EventBridge event bus allows unknown cross-account access for delivery of events, it can lead to unauthorized access to the event bus and its events.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default does not allow cross-account access.", - "metadata": { - "event_code": "eventbridge_bus_cross_account_access", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default does not allow cross-account access.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OPS-13.03AC", - "IAM-10.01B", - "COS-04.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "CCC": [ - "CCC.Core.CN05.AR03" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "title": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "types": [], - "uid": "prowler-aws-eventbridge_bus_cross_account_access-211203495394-eu-central-1-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-central-1", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:eu-central-1:211203495394:event-bus/default", - "region": "eu-central-1", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:eu-central-1:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-central-1" - }, - "remediation": { - "desc": "To remediate this issue, remove the unknown cross-account access for delivery of events from the AWS EventBridge event bus.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If an AWS EventBridge event bus allows unknown cross-account access for delivery of events, it can lead to unauthorized access to the event bus and its events.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default does not allow cross-account access.", - "metadata": { - "event_code": "eventbridge_bus_cross_account_access", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default does not allow cross-account access.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OPS-13.03AC", - "IAM-10.01B", - "COS-04.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "CCC": [ - "CCC.Core.CN05.AR03" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "title": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "types": [], - "uid": "prowler-aws-eventbridge_bus_cross_account_access-211203495394-eu-north-1-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-north-1", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:eu-north-1:211203495394:event-bus/default", - "region": "eu-north-1", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:eu-north-1:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-north-1" - }, - "remediation": { - "desc": "To remediate this issue, remove the unknown cross-account access for delivery of events from the AWS EventBridge event bus.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If an AWS EventBridge event bus allows unknown cross-account access for delivery of events, it can lead to unauthorized access to the event bus and its events.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default does not allow cross-account access.", - "metadata": { - "event_code": "eventbridge_bus_cross_account_access", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default does not allow cross-account access.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OPS-13.03AC", - "IAM-10.01B", - "COS-04.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "CCC": [ - "CCC.Core.CN05.AR03" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "title": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "types": [], - "uid": "prowler-aws-eventbridge_bus_cross_account_access-211203495394-eu-west-1-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:eu-west-1:211203495394:event-bus/default", - "region": "eu-west-1", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:eu-west-1:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "To remediate this issue, remove the unknown cross-account access for delivery of events from the AWS EventBridge event bus.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If an AWS EventBridge event bus allows unknown cross-account access for delivery of events, it can lead to unauthorized access to the event bus and its events.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default does not allow cross-account access.", - "metadata": { - "event_code": "eventbridge_bus_cross_account_access", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default does not allow cross-account access.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OPS-13.03AC", - "IAM-10.01B", - "COS-04.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "CCC": [ - "CCC.Core.CN05.AR03" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "title": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "types": [], - "uid": "prowler-aws-eventbridge_bus_cross_account_access-211203495394-eu-west-2-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-2", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:eu-west-2:211203495394:event-bus/default", - "region": "eu-west-2", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:eu-west-2:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-2" - }, - "remediation": { - "desc": "To remediate this issue, remove the unknown cross-account access for delivery of events from the AWS EventBridge event bus.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If an AWS EventBridge event bus allows unknown cross-account access for delivery of events, it can lead to unauthorized access to the event bus and its events.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default does not allow cross-account access.", - "metadata": { - "event_code": "eventbridge_bus_cross_account_access", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default does not allow cross-account access.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OPS-13.03AC", - "IAM-10.01B", - "COS-04.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "CCC": [ - "CCC.Core.CN05.AR03" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "title": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "types": [], - "uid": "prowler-aws-eventbridge_bus_cross_account_access-211203495394-eu-west-3-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-3", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:eu-west-3:211203495394:event-bus/default", - "region": "eu-west-3", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:eu-west-3:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-3" - }, - "remediation": { - "desc": "To remediate this issue, remove the unknown cross-account access for delivery of events from the AWS EventBridge event bus.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If an AWS EventBridge event bus allows unknown cross-account access for delivery of events, it can lead to unauthorized access to the event bus and its events.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default does not allow cross-account access.", - "metadata": { - "event_code": "eventbridge_bus_cross_account_access", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default does not allow cross-account access.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OPS-13.03AC", - "IAM-10.01B", - "COS-04.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "CCC": [ - "CCC.Core.CN05.AR03" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "title": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "types": [], - "uid": "prowler-aws-eventbridge_bus_cross_account_access-211203495394-sa-east-1-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "sa-east-1", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:sa-east-1:211203495394:event-bus/default", - "region": "sa-east-1", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:sa-east-1:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "sa-east-1" - }, - "remediation": { - "desc": "To remediate this issue, remove the unknown cross-account access for delivery of events from the AWS EventBridge event bus.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If an AWS EventBridge event bus allows unknown cross-account access for delivery of events, it can lead to unauthorized access to the event bus and its events.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default does not allow cross-account access.", - "metadata": { - "event_code": "eventbridge_bus_cross_account_access", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default does not allow cross-account access.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OPS-13.03AC", - "IAM-10.01B", - "COS-04.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "CCC": [ - "CCC.Core.CN05.AR03" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "title": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "types": [], - "uid": "prowler-aws-eventbridge_bus_cross_account_access-211203495394-us-east-1-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:us-east-1:211203495394:event-bus/default", - "region": "us-east-1", - "kms_key_id": null, - "policy": {}, - "tags": [ - { - "Key": "Preexisting", - "Value": "20251012" - } - ] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [ - "Preexisting:20251012" - ], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:us-east-1:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "To remediate this issue, remove the unknown cross-account access for delivery of events from the AWS EventBridge event bus.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If an AWS EventBridge event bus allows unknown cross-account access for delivery of events, it can lead to unauthorized access to the event bus and its events.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default does not allow cross-account access.", - "metadata": { - "event_code": "eventbridge_bus_cross_account_access", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default does not allow cross-account access.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OPS-13.03AC", - "IAM-10.01B", - "COS-04.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "CCC": [ - "CCC.Core.CN05.AR03" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "title": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "types": [], - "uid": "prowler-aws-eventbridge_bus_cross_account_access-211203495394-us-east-2-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-2", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:us-east-2:211203495394:event-bus/default", - "region": "us-east-2", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:us-east-2:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-2" - }, - "remediation": { - "desc": "To remediate this issue, remove the unknown cross-account access for delivery of events from the AWS EventBridge event bus.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If an AWS EventBridge event bus allows unknown cross-account access for delivery of events, it can lead to unauthorized access to the event bus and its events.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default does not allow cross-account access.", - "metadata": { - "event_code": "eventbridge_bus_cross_account_access", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default does not allow cross-account access.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OPS-13.03AC", - "IAM-10.01B", - "COS-04.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "CCC": [ - "CCC.Core.CN05.AR03" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "title": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "types": [], - "uid": "prowler-aws-eventbridge_bus_cross_account_access-211203495394-us-west-1-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-west-1", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:us-west-1:211203495394:event-bus/default", - "region": "us-west-1", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:us-west-1:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-west-1" - }, - "remediation": { - "desc": "To remediate this issue, remove the unknown cross-account access for delivery of events from the AWS EventBridge event bus.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If an AWS EventBridge event bus allows unknown cross-account access for delivery of events, it can lead to unauthorized access to the event bus and its events.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default does not allow cross-account access.", - "metadata": { - "event_code": "eventbridge_bus_cross_account_access", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default does not allow cross-account access.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OPS-13.03AC", - "IAM-10.01B", - "COS-04.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "CCC": [ - "CCC.Core.CN05.AR03" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "title": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "types": [], - "uid": "prowler-aws-eventbridge_bus_cross_account_access-211203495394-us-west-2-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-west-2", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:us-west-2:211203495394:event-bus/default", - "region": "us-west-2", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:us-west-2:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-west-2" - }, - "remediation": { - "desc": "To remediate this issue, remove the unknown cross-account access for delivery of events from the AWS EventBridge event bus.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If an AWS EventBridge event bus allows unknown cross-account access for delivery of events, it can lead to unauthorized access to the event bus and its events.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default is not exposed to everyone.", - "metadata": { - "event_code": "eventbridge_bus_exposed", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default is not exposed to everyone.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "KISA-ISMS-P-2023-korean": [ - "2.6.2", - "2.10.2" - ], - "ProwlerThreatScore-1.0": [ - "2.3.13" - ], - "KISA-ISMS-P-2023": [ - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure that your AWS EventBridge event bus is not exposed to everyone.", - "title": "Ensure that your AWS EventBridge event bus is not exposed to everyone", - "types": [], - "uid": "prowler-aws-eventbridge_bus_exposed-211203495394-ap-northeast-1-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-northeast-1", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:ap-northeast-1:211203495394:event-bus/default", - "region": "ap-northeast-1", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:ap-northeast-1:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-northeast-1" - }, - "remediation": { - "desc": "To restrict access to your AWS EventBridge event bus, remove the permission that allows everyone to access it.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If your AWS EventBridge event bus is exposed to everyone, unauthorized users can access your event bus and potentially view or modify your events.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default is not exposed to everyone.", - "metadata": { - "event_code": "eventbridge_bus_exposed", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default is not exposed to everyone.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "KISA-ISMS-P-2023-korean": [ - "2.6.2", - "2.10.2" - ], - "ProwlerThreatScore-1.0": [ - "2.3.13" - ], - "KISA-ISMS-P-2023": [ - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure that your AWS EventBridge event bus is not exposed to everyone.", - "title": "Ensure that your AWS EventBridge event bus is not exposed to everyone", - "types": [], - "uid": "prowler-aws-eventbridge_bus_exposed-211203495394-ap-northeast-2-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-northeast-2", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:ap-northeast-2:211203495394:event-bus/default", - "region": "ap-northeast-2", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:ap-northeast-2:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-northeast-2" - }, - "remediation": { - "desc": "To restrict access to your AWS EventBridge event bus, remove the permission that allows everyone to access it.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If your AWS EventBridge event bus is exposed to everyone, unauthorized users can access your event bus and potentially view or modify your events.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default is not exposed to everyone.", - "metadata": { - "event_code": "eventbridge_bus_exposed", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default is not exposed to everyone.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "KISA-ISMS-P-2023-korean": [ - "2.6.2", - "2.10.2" - ], - "ProwlerThreatScore-1.0": [ - "2.3.13" - ], - "KISA-ISMS-P-2023": [ - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure that your AWS EventBridge event bus is not exposed to everyone.", - "title": "Ensure that your AWS EventBridge event bus is not exposed to everyone", - "types": [], - "uid": "prowler-aws-eventbridge_bus_exposed-211203495394-ap-northeast-3-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-northeast-3", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:ap-northeast-3:211203495394:event-bus/default", - "region": "ap-northeast-3", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:ap-northeast-3:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-northeast-3" - }, - "remediation": { - "desc": "To restrict access to your AWS EventBridge event bus, remove the permission that allows everyone to access it.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If your AWS EventBridge event bus is exposed to everyone, unauthorized users can access your event bus and potentially view or modify your events.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default is not exposed to everyone.", - "metadata": { - "event_code": "eventbridge_bus_exposed", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default is not exposed to everyone.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "KISA-ISMS-P-2023-korean": [ - "2.6.2", - "2.10.2" - ], - "ProwlerThreatScore-1.0": [ - "2.3.13" - ], - "KISA-ISMS-P-2023": [ - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure that your AWS EventBridge event bus is not exposed to everyone.", - "title": "Ensure that your AWS EventBridge event bus is not exposed to everyone", - "types": [], - "uid": "prowler-aws-eventbridge_bus_exposed-211203495394-ap-south-1-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-south-1", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:ap-south-1:211203495394:event-bus/default", - "region": "ap-south-1", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:ap-south-1:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-south-1" - }, - "remediation": { - "desc": "To restrict access to your AWS EventBridge event bus, remove the permission that allows everyone to access it.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If your AWS EventBridge event bus is exposed to everyone, unauthorized users can access your event bus and potentially view or modify your events.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default is not exposed to everyone.", - "metadata": { - "event_code": "eventbridge_bus_exposed", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default is not exposed to everyone.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "KISA-ISMS-P-2023-korean": [ - "2.6.2", - "2.10.2" - ], - "ProwlerThreatScore-1.0": [ - "2.3.13" - ], - "KISA-ISMS-P-2023": [ - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure that your AWS EventBridge event bus is not exposed to everyone.", - "title": "Ensure that your AWS EventBridge event bus is not exposed to everyone", - "types": [], - "uid": "prowler-aws-eventbridge_bus_exposed-211203495394-ap-southeast-1-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-southeast-1", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:ap-southeast-1:211203495394:event-bus/default", - "region": "ap-southeast-1", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:ap-southeast-1:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-southeast-1" - }, - "remediation": { - "desc": "To restrict access to your AWS EventBridge event bus, remove the permission that allows everyone to access it.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If your AWS EventBridge event bus is exposed to everyone, unauthorized users can access your event bus and potentially view or modify your events.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default is not exposed to everyone.", - "metadata": { - "event_code": "eventbridge_bus_exposed", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default is not exposed to everyone.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "KISA-ISMS-P-2023-korean": [ - "2.6.2", - "2.10.2" - ], - "ProwlerThreatScore-1.0": [ - "2.3.13" - ], - "KISA-ISMS-P-2023": [ - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure that your AWS EventBridge event bus is not exposed to everyone.", - "title": "Ensure that your AWS EventBridge event bus is not exposed to everyone", - "types": [], - "uid": "prowler-aws-eventbridge_bus_exposed-211203495394-ap-southeast-2-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-southeast-2", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:ap-southeast-2:211203495394:event-bus/default", - "region": "ap-southeast-2", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:ap-southeast-2:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-southeast-2" - }, - "remediation": { - "desc": "To restrict access to your AWS EventBridge event bus, remove the permission that allows everyone to access it.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If your AWS EventBridge event bus is exposed to everyone, unauthorized users can access your event bus and potentially view or modify your events.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default is not exposed to everyone.", - "metadata": { - "event_code": "eventbridge_bus_exposed", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default is not exposed to everyone.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "KISA-ISMS-P-2023-korean": [ - "2.6.2", - "2.10.2" - ], - "ProwlerThreatScore-1.0": [ - "2.3.13" - ], - "KISA-ISMS-P-2023": [ - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure that your AWS EventBridge event bus is not exposed to everyone.", - "title": "Ensure that your AWS EventBridge event bus is not exposed to everyone", - "types": [], - "uid": "prowler-aws-eventbridge_bus_exposed-211203495394-ca-central-1-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ca-central-1", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:ca-central-1:211203495394:event-bus/default", - "region": "ca-central-1", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:ca-central-1:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ca-central-1" - }, - "remediation": { - "desc": "To restrict access to your AWS EventBridge event bus, remove the permission that allows everyone to access it.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If your AWS EventBridge event bus is exposed to everyone, unauthorized users can access your event bus and potentially view or modify your events.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default is not exposed to everyone.", - "metadata": { - "event_code": "eventbridge_bus_exposed", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default is not exposed to everyone.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "KISA-ISMS-P-2023-korean": [ - "2.6.2", - "2.10.2" - ], - "ProwlerThreatScore-1.0": [ - "2.3.13" - ], - "KISA-ISMS-P-2023": [ - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure that your AWS EventBridge event bus is not exposed to everyone.", - "title": "Ensure that your AWS EventBridge event bus is not exposed to everyone", - "types": [], - "uid": "prowler-aws-eventbridge_bus_exposed-211203495394-eu-central-1-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-central-1", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:eu-central-1:211203495394:event-bus/default", - "region": "eu-central-1", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:eu-central-1:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-central-1" - }, - "remediation": { - "desc": "To restrict access to your AWS EventBridge event bus, remove the permission that allows everyone to access it.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If your AWS EventBridge event bus is exposed to everyone, unauthorized users can access your event bus and potentially view or modify your events.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default is not exposed to everyone.", - "metadata": { - "event_code": "eventbridge_bus_exposed", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default is not exposed to everyone.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "KISA-ISMS-P-2023-korean": [ - "2.6.2", - "2.10.2" - ], - "ProwlerThreatScore-1.0": [ - "2.3.13" - ], - "KISA-ISMS-P-2023": [ - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure that your AWS EventBridge event bus is not exposed to everyone.", - "title": "Ensure that your AWS EventBridge event bus is not exposed to everyone", - "types": [], - "uid": "prowler-aws-eventbridge_bus_exposed-211203495394-eu-north-1-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-north-1", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:eu-north-1:211203495394:event-bus/default", - "region": "eu-north-1", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:eu-north-1:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-north-1" - }, - "remediation": { - "desc": "To restrict access to your AWS EventBridge event bus, remove the permission that allows everyone to access it.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If your AWS EventBridge event bus is exposed to everyone, unauthorized users can access your event bus and potentially view or modify your events.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default is not exposed to everyone.", - "metadata": { - "event_code": "eventbridge_bus_exposed", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default is not exposed to everyone.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "KISA-ISMS-P-2023-korean": [ - "2.6.2", - "2.10.2" - ], - "ProwlerThreatScore-1.0": [ - "2.3.13" - ], - "KISA-ISMS-P-2023": [ - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure that your AWS EventBridge event bus is not exposed to everyone.", - "title": "Ensure that your AWS EventBridge event bus is not exposed to everyone", - "types": [], - "uid": "prowler-aws-eventbridge_bus_exposed-211203495394-eu-west-1-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:eu-west-1:211203495394:event-bus/default", - "region": "eu-west-1", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:eu-west-1:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "To restrict access to your AWS EventBridge event bus, remove the permission that allows everyone to access it.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If your AWS EventBridge event bus is exposed to everyone, unauthorized users can access your event bus and potentially view or modify your events.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default is not exposed to everyone.", - "metadata": { - "event_code": "eventbridge_bus_exposed", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default is not exposed to everyone.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "KISA-ISMS-P-2023-korean": [ - "2.6.2", - "2.10.2" - ], - "ProwlerThreatScore-1.0": [ - "2.3.13" - ], - "KISA-ISMS-P-2023": [ - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure that your AWS EventBridge event bus is not exposed to everyone.", - "title": "Ensure that your AWS EventBridge event bus is not exposed to everyone", - "types": [], - "uid": "prowler-aws-eventbridge_bus_exposed-211203495394-eu-west-2-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-2", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:eu-west-2:211203495394:event-bus/default", - "region": "eu-west-2", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:eu-west-2:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-2" - }, - "remediation": { - "desc": "To restrict access to your AWS EventBridge event bus, remove the permission that allows everyone to access it.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If your AWS EventBridge event bus is exposed to everyone, unauthorized users can access your event bus and potentially view or modify your events.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default is not exposed to everyone.", - "metadata": { - "event_code": "eventbridge_bus_exposed", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default is not exposed to everyone.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "KISA-ISMS-P-2023-korean": [ - "2.6.2", - "2.10.2" - ], - "ProwlerThreatScore-1.0": [ - "2.3.13" - ], - "KISA-ISMS-P-2023": [ - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure that your AWS EventBridge event bus is not exposed to everyone.", - "title": "Ensure that your AWS EventBridge event bus is not exposed to everyone", - "types": [], - "uid": "prowler-aws-eventbridge_bus_exposed-211203495394-eu-west-3-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-3", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:eu-west-3:211203495394:event-bus/default", - "region": "eu-west-3", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:eu-west-3:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-3" - }, - "remediation": { - "desc": "To restrict access to your AWS EventBridge event bus, remove the permission that allows everyone to access it.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If your AWS EventBridge event bus is exposed to everyone, unauthorized users can access your event bus and potentially view or modify your events.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default is not exposed to everyone.", - "metadata": { - "event_code": "eventbridge_bus_exposed", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default is not exposed to everyone.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "KISA-ISMS-P-2023-korean": [ - "2.6.2", - "2.10.2" - ], - "ProwlerThreatScore-1.0": [ - "2.3.13" - ], - "KISA-ISMS-P-2023": [ - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure that your AWS EventBridge event bus is not exposed to everyone.", - "title": "Ensure that your AWS EventBridge event bus is not exposed to everyone", - "types": [], - "uid": "prowler-aws-eventbridge_bus_exposed-211203495394-sa-east-1-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "sa-east-1", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:sa-east-1:211203495394:event-bus/default", - "region": "sa-east-1", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:sa-east-1:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "sa-east-1" - }, - "remediation": { - "desc": "To restrict access to your AWS EventBridge event bus, remove the permission that allows everyone to access it.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If your AWS EventBridge event bus is exposed to everyone, unauthorized users can access your event bus and potentially view or modify your events.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default is not exposed to everyone.", - "metadata": { - "event_code": "eventbridge_bus_exposed", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default is not exposed to everyone.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "KISA-ISMS-P-2023-korean": [ - "2.6.2", - "2.10.2" - ], - "ProwlerThreatScore-1.0": [ - "2.3.13" - ], - "KISA-ISMS-P-2023": [ - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure that your AWS EventBridge event bus is not exposed to everyone.", - "title": "Ensure that your AWS EventBridge event bus is not exposed to everyone", - "types": [], - "uid": "prowler-aws-eventbridge_bus_exposed-211203495394-us-east-1-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:us-east-1:211203495394:event-bus/default", - "region": "us-east-1", - "kms_key_id": null, - "policy": {}, - "tags": [ - { - "Key": "Preexisting", - "Value": "20251012" - } - ] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [ - "Preexisting:20251012" - ], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:us-east-1:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "To restrict access to your AWS EventBridge event bus, remove the permission that allows everyone to access it.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If your AWS EventBridge event bus is exposed to everyone, unauthorized users can access your event bus and potentially view or modify your events.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default is not exposed to everyone.", - "metadata": { - "event_code": "eventbridge_bus_exposed", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default is not exposed to everyone.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "KISA-ISMS-P-2023-korean": [ - "2.6.2", - "2.10.2" - ], - "ProwlerThreatScore-1.0": [ - "2.3.13" - ], - "KISA-ISMS-P-2023": [ - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure that your AWS EventBridge event bus is not exposed to everyone.", - "title": "Ensure that your AWS EventBridge event bus is not exposed to everyone", - "types": [], - "uid": "prowler-aws-eventbridge_bus_exposed-211203495394-us-east-2-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-2", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:us-east-2:211203495394:event-bus/default", - "region": "us-east-2", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:us-east-2:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-2" - }, - "remediation": { - "desc": "To restrict access to your AWS EventBridge event bus, remove the permission that allows everyone to access it.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If your AWS EventBridge event bus is exposed to everyone, unauthorized users can access your event bus and potentially view or modify your events.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default is not exposed to everyone.", - "metadata": { - "event_code": "eventbridge_bus_exposed", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default is not exposed to everyone.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "KISA-ISMS-P-2023-korean": [ - "2.6.2", - "2.10.2" - ], - "ProwlerThreatScore-1.0": [ - "2.3.13" - ], - "KISA-ISMS-P-2023": [ - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure that your AWS EventBridge event bus is not exposed to everyone.", - "title": "Ensure that your AWS EventBridge event bus is not exposed to everyone", - "types": [], - "uid": "prowler-aws-eventbridge_bus_exposed-211203495394-us-west-1-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-west-1", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:us-west-1:211203495394:event-bus/default", - "region": "us-west-1", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:us-west-1:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-west-1" - }, - "remediation": { - "desc": "To restrict access to your AWS EventBridge event bus, remove the permission that allows everyone to access it.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If your AWS EventBridge event bus is exposed to everyone, unauthorized users can access your event bus and potentially view or modify your events.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default is not exposed to everyone.", - "metadata": { - "event_code": "eventbridge_bus_exposed", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default is not exposed to everyone.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "KISA-ISMS-P-2023-korean": [ - "2.6.2", - "2.10.2" - ], - "ProwlerThreatScore-1.0": [ - "2.3.13" - ], - "KISA-ISMS-P-2023": [ - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure that your AWS EventBridge event bus is not exposed to everyone.", - "title": "Ensure that your AWS EventBridge event bus is not exposed to everyone", - "types": [], - "uid": "prowler-aws-eventbridge_bus_exposed-211203495394-us-west-2-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-west-2", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:us-west-2:211203495394:event-bus/default", - "region": "us-west-2", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:us-west-2:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-west-2" - }, - "remediation": { - "desc": "To restrict access to your AWS EventBridge event bus, remove the permission that allows everyone to access it.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If your AWS EventBridge event bus is exposed to everyone, unauthorized users can access your event bus and potentially view or modify your events.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "FMS without any compliant policy for account 211203495394.", - "metadata": { - "event_code": "fms_policy_compliant", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "FMS without any compliant policy for account 211203495394.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/waf/latest/developerguide/getting-started-fms-intro.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "SP-01.04B", - "HR-01.01B", - "IAM-01.01B", - "IAM-01.04B" - ], - "ENS-RD2022": [ - "mp.com.1.aws.nfw.2" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.1", - "2.10.2" - ], - "KISA-ISMS-P-2023": [ - "2.10.1", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "This check ensures all FMS policies inside an admin account are compliant", - "title": "Ensure that all FMS policies inside an admin account are compliant", - "types": [], - "uid": "prowler-aws-fms_policy_compliant-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "fms" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:fms:us-east-1:211203495394:policy" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Ensure FMS is enabled and all the policies are compliant across your AWS accounts", - "references": [ - "https://docs.aws.amazon.com/waf/latest/developerguide/getting-started-fms-intro.html" - ] - }, - "risk_details": "If FMS policies are not compliant, means there are resources unprotected by the policies", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Root user in the account wasn't accessed in the last 1 days.", - "metadata": { - "event_code": "iam_avoid_root_usage", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Root user in the account wasn't accessed in the last 1 days.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-03.01B", - "IAM-03.03B", - "IAM-06.02B", - "IAM-06.04B" - ], - "CIS-3.0": [ - "1.7" - ], - "ENS-RD2022": [ - "op.acc.2.aws.iam.4", - "op.acc.4.aws.iam.7" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.7" - ], - "CIS-5.0": [ - "1.6" - ], - "CIS-1.4": [ - "1.7" - ], - "CCC": [ - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN05.AR02" - ], - "ProwlerThreatScore-1.0": [ - "1.2.5" - ], - "CIS-1.5": [ - "1.7" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC02-BP01" - ], - "ISO27001-2022": [ - "A.5.15" - ], - "AWS-Account-Security-Onboarding": [ - "Block root user" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.10.2" - ], - "ISO27001-2013": [ - "A.9.2", - "A.9.4" - ], - "MITRE-ATTACK": [ - "T1078", - "T1098" - ], - "CIS-2.0": [ - "1.7" - ], - "NIS2": [ - "6.7.2.e", - "11.3.2.b", - "11.3.2.c", - "11.4.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Avoid the use of the root account", - "title": "Avoid the use of the root accounts", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_avoid_root_usage-211203495394-us-east-1-" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "user": "", - "arn": "arn:aws:iam::211203495394:root", - "user_creation_time": "2025-10-03T16:10:08Z", - "password_enabled": "true", - "password_last_used": "2025-10-15T00:42:44Z", - "password_last_changed": "2025-10-03T16:10:08Z", - "password_next_rotation": "not_supported", - "mfa_active": "true", - "access_key_1_active": "false", - "access_key_1_last_rotated": "N/A", - "access_key_1_last_used_date": "N/A", - "access_key_1_last_used_region": "N/A", - "access_key_1_last_used_service": "N/A", - "access_key_2_active": "false", - "access_key_2_last_rotated": "N/A", - "access_key_2_last_used_date": "N/A", - "access_key_2_last_used_region": "N/A", - "access_key_2_last_used_service": "N/A", - "cert_1_active": "false", - "cert_1_last_rotated": "N/A", - "cert_2_active": "false", - "cert_2_last_rotated": "N/A" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "", - "type": "AwsIamUser", - "uid": "arn:aws:iam::211203495394:root" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Follow the remediation instructions of the Ensure IAM policies are attached only to groups or roles recommendation.", - "references": [ - "http://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html" - ] - }, - "risk_details": "The root account has unrestricted access to all resources in the AWS account. It is highly recommended that the use of this account be avoided.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "AWS policy ElastiCacheServiceRolePolicy is attached but does not allow '*:*' administrative privileges.", - "metadata": { - "event_code": "iam_aws_attached_policy_no_administrative_privileges", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "AWS policy ElastiCacheServiceRolePolicy is attached but does not allow '*:*' administrative privileges.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "CAF Security Epic: IAM", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_1", - "3_1_2", - "3_1_4", - "3_1_5", - "3_1_6", - "3_1_7", - "3_4_6", - "3_13_3" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_1" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_308_a_3_i", - "164_308_a_3_ii_b", - "164_308_a_4_i", - "164_308_a_4_ii_b", - "164_308_a_4_ii_c", - "164_312_a_1" - ], - "SOC2": [ - "cc_1_3", - "cc_6_3" - ], - "C5-2025": [ - "OIS-04.03B", - "OIS-04.01AC", - "SP-01.04B", - "HR-01.01B", - "IAM-01.01B", - "IAM-01.04B" - ], - "NIST-CSF-1.1": [ - "ac_1", - "ac_4", - "pt_3" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-1", - "ac-2-f", - "ac-2-j", - "ac-3", - "ac-5-c", - "ac-6-10", - "ac-6", - "sc-2" - ], - "CIS-3.0": [ - "1.16" - ], - "NIST-800-53-Revision-5": [ - "ac_2_1", - "ac_2_6", - "ac_2_i_2", - "ac_3", - "ac_3_3", - "ac_3_3_a", - "ac_3_3_b_1", - "ac_3_3_b_2", - "ac_3_3_b_3", - "ac_3_3_b_4", - "ac_3_3_b_5", - "ac_3_3_c", - "ac_3_4", - "ac_3_4_a", - "ac_3_4_b", - "ac_3_4_c", - "ac_3_4_d", - "ac_3_4_e", - "ac_3_7", - "ac_3_8", - "ac_3_12_a", - "ac_3_13", - "ac_3_15_a", - "ac_3_15_b", - "ac_4_28", - "ac_5_b", - "ac_6", - "ac_6_2", - "ac_6_3", - "ac_6_10", - "ac_24", - "cm_5_1_a", - "cm_6_a", - "cm_9_b", - "mp_2", - "sc_23_3", - "sc_25" - ], - "ENS-RD2022": [ - "op.acc.4.aws.iam.1", - "op.acc.4.aws.iam.2", - "op.acc.4.aws.iam.9", - "op.exp.8.r4.aws.ct.8" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.16" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "ac-3" - ], - "FFIEC": [ - "d3-pc-am-b-1", - "d3-pc-am-b-16", - "d3-pc-am-b-2", - "d3-pc-am-b-3", - "d3-pc-am-b-6", - "d3-pc-im-b-7" - ], - "GDPR": [ - "article_25" - ], - "CIS-5.0": [ - "1.15" - ], - "CIS-1.4": [ - "1.16" - ], - "CCC": [ - "CCC.LB.CN05.AR01", - "CCC.Core.CN05.AR02" - ], - "GxP-21-CFR-Part-11": [ - "11.10-d", - "11.10-g" - ], - "ProwlerThreatScore-1.0": [ - "1.3.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "IAM.1" - ], - "CIS-1.5": [ - "1.16" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC03-BP02" - ], - "ISO27001-2022": [ - "A.5.18", - "A.8.2" - ], - "NIST-800-53-Revision-4": [ - "ac_2", - "ac_3", - "ac_5", - "ac_6", - "sc_2" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1078", - "T1648", - "T1098", - "T1578", - "T1550", - "T1040", - "T1580", - "T1538", - "T1619", - "T1201" - ], - "CIS-2.0": [ - "1.16" - ], - "CISA": [ - "your-systems-3", - "your-surroundings-3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure IAM AWS-Managed policies that allow full \"*:*\" administrative privileges are not attached", - "title": "Ensure IAM AWS-Managed policies that allow full \"*:*\" administrative privileges are not attached", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_aws_attached_policy_no_administrative_privileges-211203495394-us-east-1-ElastiCacheServiceRolePolicy" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "ElastiCacheServiceRolePolicy", - "arn": "arn:aws:iam::aws:policy/aws-service-role/ElastiCacheServiceRolePolicy", - "entity": "ANPAIML5LIBUZBVCSF7PI", - "version_id": "v4", - "type": "AWS", - "attached": true, - "document": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "ElastiCacheManagementActions", - "Effect": "Allow", - "Action": [ - "ec2:AuthorizeSecurityGroupIngress", - "ec2:CreateNetworkInterface", - "ec2:CreateSecurityGroup", - "ec2:DeleteNetworkInterface", - "ec2:DeleteSecurityGroup", - "ec2:DescribeAvailabilityZones", - "ec2:DescribeNetworkInterfaces", - "ec2:DescribeSecurityGroups", - "ec2:DescribeSubnets", - "ec2:DescribeVpcs", - "ec2:DescribeVpcEndpoints", - "ec2:ModifyNetworkInterfaceAttribute", - "ec2:RevokeSecurityGroupIngress", - "cloudwatch:PutMetricData", - "outposts:GetOutpost", - "outposts:GetOutpostInstanceTypes", - "outposts:ListOutposts", - "outposts:ListSites" - ], - "Resource": "*" - }, - { - "Sid": "CreateDeleteVPCEndpoints", - "Effect": "Allow", - "Action": [ - "ec2:CreateVpcEndpoint", - "ec2:DeleteVpcEndpoints" - ], - "Resource": "arn:aws:ec2:*:*:vpc-endpoint/*", - "Condition": { - "StringLike": { - "ec2:VpceServiceName": "com.amazonaws.elasticache.serverless.*" - } - } - }, - { - "Sid": "TagVPCEndpointsOnCreation", - "Effect": "Allow", - "Action": [ - "ec2:CreateTags" - ], - "Resource": "arn:aws:ec2:*:*:vpc-endpoint/*", - "Condition": { - "StringEquals": { - "ec2:CreateAction": "CreateVpcEndpoint", - "aws:RequestTag/AmazonElastiCacheManaged": "true" - } - } - }, - { - "Sid": "ModifyVpcEndpoints", - "Effect": "Allow", - "Action": [ - "ec2:ModifyVpcEndpoint" - ], - "Resource": "arn:aws:ec2:*:*:vpc-endpoint/*", - "Condition": { - "StringEquals": { - "ec2:ResourceTag/AmazonElastiCacheManaged": "true" - } - } - }, - { - "Sid": "AllowAccessToElastiCacheTaggedVpcEndpoints", - "Effect": "Allow", - "Action": [ - "ec2:CreateVpcEndpoint", - "ec2:ModifyVpcEndpoint" - ], - "NotResource": "arn:aws:ec2:*:*:vpc-endpoint/*" - } - ] - }, - "tags": [] - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "ElastiCacheServiceRolePolicy", - "type": "AwsIamPolicy", - "uid": "arn:aws:iam::aws:policy/aws-service-role/ElastiCacheServiceRolePolicy" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "It is more secure to start with a minimum set of permissions and grant additional permissions as necessary, rather than starting with permissions that are too lenient and then trying to tighten them later. List policies an analyze if permissions are the least possible to conduct business activities.", - "references": [ - "http://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html" - ] - }, - "risk_details": "IAM policies are the means by which privileges are granted to users, groups, or roles. It is recommended and considered a standard security advice to grant least privilegeβ€”that is, granting only the permissions required to perform a task. Determine what users need to do and then craft policies for them that let the users perform only those tasks instead of allowing full administrative privileges. Providing full administrative privileges instead of restricting to the minimum set of permissions that the user is required to do exposes the resources to potentially unwanted actions.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "AWS policy AWSTrustedAdvisorServiceRolePolicy is attached but does not allow '*:*' administrative privileges.", - "metadata": { - "event_code": "iam_aws_attached_policy_no_administrative_privileges", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "AWS policy AWSTrustedAdvisorServiceRolePolicy is attached but does not allow '*:*' administrative privileges.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "CAF Security Epic: IAM", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_1", - "3_1_2", - "3_1_4", - "3_1_5", - "3_1_6", - "3_1_7", - "3_4_6", - "3_13_3" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_1" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_308_a_3_i", - "164_308_a_3_ii_b", - "164_308_a_4_i", - "164_308_a_4_ii_b", - "164_308_a_4_ii_c", - "164_312_a_1" - ], - "SOC2": [ - "cc_1_3", - "cc_6_3" - ], - "C5-2025": [ - "OIS-04.03B", - "OIS-04.01AC", - "SP-01.04B", - "HR-01.01B", - "IAM-01.01B", - "IAM-01.04B" - ], - "NIST-CSF-1.1": [ - "ac_1", - "ac_4", - "pt_3" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-1", - "ac-2-f", - "ac-2-j", - "ac-3", - "ac-5-c", - "ac-6-10", - "ac-6", - "sc-2" - ], - "CIS-3.0": [ - "1.16" - ], - "NIST-800-53-Revision-5": [ - "ac_2_1", - "ac_2_6", - "ac_2_i_2", - "ac_3", - "ac_3_3", - "ac_3_3_a", - "ac_3_3_b_1", - "ac_3_3_b_2", - "ac_3_3_b_3", - "ac_3_3_b_4", - "ac_3_3_b_5", - "ac_3_3_c", - "ac_3_4", - "ac_3_4_a", - "ac_3_4_b", - "ac_3_4_c", - "ac_3_4_d", - "ac_3_4_e", - "ac_3_7", - "ac_3_8", - "ac_3_12_a", - "ac_3_13", - "ac_3_15_a", - "ac_3_15_b", - "ac_4_28", - "ac_5_b", - "ac_6", - "ac_6_2", - "ac_6_3", - "ac_6_10", - "ac_24", - "cm_5_1_a", - "cm_6_a", - "cm_9_b", - "mp_2", - "sc_23_3", - "sc_25" - ], - "ENS-RD2022": [ - "op.acc.4.aws.iam.1", - "op.acc.4.aws.iam.2", - "op.acc.4.aws.iam.9", - "op.exp.8.r4.aws.ct.8" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.16" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "ac-3" - ], - "FFIEC": [ - "d3-pc-am-b-1", - "d3-pc-am-b-16", - "d3-pc-am-b-2", - "d3-pc-am-b-3", - "d3-pc-am-b-6", - "d3-pc-im-b-7" - ], - "GDPR": [ - "article_25" - ], - "CIS-5.0": [ - "1.15" - ], - "CIS-1.4": [ - "1.16" - ], - "CCC": [ - "CCC.LB.CN05.AR01", - "CCC.Core.CN05.AR02" - ], - "GxP-21-CFR-Part-11": [ - "11.10-d", - "11.10-g" - ], - "ProwlerThreatScore-1.0": [ - "1.3.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "IAM.1" - ], - "CIS-1.5": [ - "1.16" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC03-BP02" - ], - "ISO27001-2022": [ - "A.5.18", - "A.8.2" - ], - "NIST-800-53-Revision-4": [ - "ac_2", - "ac_3", - "ac_5", - "ac_6", - "sc_2" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1078", - "T1648", - "T1098", - "T1578", - "T1550", - "T1040", - "T1580", - "T1538", - "T1619", - "T1201" - ], - "CIS-2.0": [ - "1.16" - ], - "CISA": [ - "your-systems-3", - "your-surroundings-3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure IAM AWS-Managed policies that allow full \"*:*\" administrative privileges are not attached", - "title": "Ensure IAM AWS-Managed policies that allow full \"*:*\" administrative privileges are not attached", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_aws_attached_policy_no_administrative_privileges-211203495394-us-east-1-AWSTrustedAdvisorServiceRolePolicy" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "AWSTrustedAdvisorServiceRolePolicy", - "arn": "arn:aws:iam::aws:policy/aws-service-role/AWSTrustedAdvisorServiceRolePolicy", - "entity": "ANPAJH4QJ2WMHBOB47BUE", - "version_id": "v14", - "type": "AWS", - "attached": true, - "document": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "TrustedAdvisorServiceRolePermissions", - "Effect": "Allow", - "Action": [ - "access-analyzer:ListAnalyzers", - "autoscaling:DescribeAccountLimits", - "autoscaling:DescribeAutoScalingGroups", - "autoscaling:DescribeLaunchConfigurations", - "ce:GetReservationPurchaseRecommendation", - "ce:GetSavingsPlansPurchaseRecommendation", - "cloudformation:DescribeAccountLimits", - "cloudformation:DescribeStacks", - "cloudformation:ListStacks", - "cloudfront:ListDistributions", - "cloudtrail:DescribeTrails", - "cloudtrail:GetTrailStatus", - "cloudtrail:GetTrail", - "cloudtrail:ListTrails", - "cloudtrail:GetEventSelectors", - "cloudwatch:GetMetricStatistics", - "cloudwatch:ListMetrics", - "dax:DescribeClusters", - "dynamodb:DescribeLimits", - "dynamodb:DescribeTable", - "dynamodb:ListTables", - "ec2:DescribeAddresses", - "ec2:DescribeReservedInstances", - "ec2:DescribeInstances", - "ec2:DescribeVpcs", - "ec2:DescribeInternetGateways", - "ec2:DescribeImages", - "ec2:DescribeNatGateways", - "ec2:DescribeVolumes", - "ec2:DescribeSecurityGroups", - "ec2:DescribeSubnets", - "ec2:DescribeRegions", - "ec2:DescribeReservedInstancesOfferings", - "ec2:DescribeRouteTables", - "ec2:DescribeSnapshots", - "ec2:DescribeVpcEndpoints", - "ec2:DescribeVpnConnections", - "ec2:DescribeVpnGateways", - "ec2:DescribeLaunchTemplateVersions", - "ec2:GetManagedPrefixListEntries", - "ecs:DescribeTaskDefinition", - "ecs:ListTaskDefinitions", - "elasticloadbalancing:DescribeAccountLimits", - "elasticloadbalancing:DescribeInstanceHealth", - "elasticloadbalancing:DescribeLoadBalancerAttributes", - "elasticloadbalancing:DescribeLoadBalancerPolicies", - "elasticloadbalancing:DescribeLoadBalancerPolicyTypes", - "elasticloadbalancing:DescribeLoadBalancers", - "elasticloadbalancing:DescribeListeners", - "elasticloadbalancing:DescribeRules", - "elasticloadbalancing:DescribeTargetGroups", - "elasticloadbalancing:DescribeTargetHealth", - "iam:GenerateCredentialReport", - "iam:GetAccountPasswordPolicy", - "iam:GetAccountSummary", - "iam:GetCredentialReport", - "iam:GetServerCertificate", - "iam:ListServerCertificates", - "iam:ListSAMLProviders", - "kinesis:DescribeLimits", - "kafka:DescribeClusterV2", - "kafka:ListClustersV2", - "kafka:ListNodes", - "network-firewall:ListFirewalls", - "network-firewall:DescribeFirewall", - "outposts:ListAssets", - "outposts:GetOutpost", - "outposts:ListOutposts", - "rds:DescribeAccountAttributes", - "rds:DescribeDBClusters", - "rds:DescribeDBEngineVersions", - "rds:DescribeDBInstances", - "rds:DescribeDBParameterGroups", - "rds:DescribeDBParameters", - "rds:DescribeDBSecurityGroups", - "rds:DescribeDBSnapshots", - "rds:DescribeDBSubnetGroups", - "rds:DescribeEngineDefaultParameters", - "rds:DescribeEvents", - "rds:DescribeOptionGroupOptions", - "rds:DescribeOptionGroups", - "rds:DescribeOrderableDBInstanceOptions", - "rds:DescribeReservedDBInstances", - "rds:DescribeReservedDBInstancesOfferings", - "rds:ListTagsForResource", - "redshift:DescribeClusters", - "redshift:DescribeReservedNodeOfferings", - "redshift:DescribeReservedNodes", - "route53:GetAccountLimit", - "route53:GetHealthCheck", - "route53:GetHostedZone", - "route53:ListHealthChecks", - "route53:ListHostedZones", - "route53:ListHostedZonesByName", - "route53:ListResourceRecordSets", - "route53resolver:ListResolverEndpoints", - "route53resolver:ListResolverEndpointIpAddresses", - "s3:GetAccountPublicAccessBlock", - "s3:GetBucketAcl", - "s3:GetBucketPolicy", - "s3:GetBucketPolicyStatus", - "s3:GetBucketLocation", - "s3:GetBucketLogging", - "s3:GetBucketVersioning", - "s3:GetBucketPublicAccessBlock", - "s3:GetLifecycleConfiguration", - "s3:ListBucket", - "s3:ListAllMyBuckets", - "ses:GetSendQuota", - "sqs:GetQueueAttributes", - "sqs:ListQueues" - ], - "Resource": "*" - } - ] - }, - "tags": [] - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "AWSTrustedAdvisorServiceRolePolicy", - "type": "AwsIamPolicy", - "uid": "arn:aws:iam::aws:policy/aws-service-role/AWSTrustedAdvisorServiceRolePolicy" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "It is more secure to start with a minimum set of permissions and grant additional permissions as necessary, rather than starting with permissions that are too lenient and then trying to tighten them later. List policies an analyze if permissions are the least possible to conduct business activities.", - "references": [ - "http://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html" - ] - }, - "risk_details": "IAM policies are the means by which privileges are granted to users, groups, or roles. It is recommended and considered a standard security advice to grant least privilegeβ€”that is, granting only the permissions required to perform a task. Determine what users need to do and then craft policies for them that let the users perform only those tasks instead of allowing full administrative privileges. Providing full administrative privileges instead of restricting to the minimum set of permissions that the user is required to do exposes the resources to potentially unwanted actions.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "AWS policy AdministratorAccess is attached and allows '*:*' administrative privileges.", - "metadata": { - "event_code": "iam_aws_attached_policy_no_administrative_privileges", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "AWS policy AdministratorAccess is attached and allows '*:*' administrative privileges.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "CAF Security Epic: IAM", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_1", - "3_1_2", - "3_1_4", - "3_1_5", - "3_1_6", - "3_1_7", - "3_4_6", - "3_13_3" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_1" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_308_a_3_i", - "164_308_a_3_ii_b", - "164_308_a_4_i", - "164_308_a_4_ii_b", - "164_308_a_4_ii_c", - "164_312_a_1" - ], - "SOC2": [ - "cc_1_3", - "cc_6_3" - ], - "C5-2025": [ - "OIS-04.03B", - "OIS-04.01AC", - "SP-01.04B", - "HR-01.01B", - "IAM-01.01B", - "IAM-01.04B" - ], - "NIST-CSF-1.1": [ - "ac_1", - "ac_4", - "pt_3" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-1", - "ac-2-f", - "ac-2-j", - "ac-3", - "ac-5-c", - "ac-6-10", - "ac-6", - "sc-2" - ], - "CIS-3.0": [ - "1.16" - ], - "NIST-800-53-Revision-5": [ - "ac_2_1", - "ac_2_6", - "ac_2_i_2", - "ac_3", - "ac_3_3", - "ac_3_3_a", - "ac_3_3_b_1", - "ac_3_3_b_2", - "ac_3_3_b_3", - "ac_3_3_b_4", - "ac_3_3_b_5", - "ac_3_3_c", - "ac_3_4", - "ac_3_4_a", - "ac_3_4_b", - "ac_3_4_c", - "ac_3_4_d", - "ac_3_4_e", - "ac_3_7", - "ac_3_8", - "ac_3_12_a", - "ac_3_13", - "ac_3_15_a", - "ac_3_15_b", - "ac_4_28", - "ac_5_b", - "ac_6", - "ac_6_2", - "ac_6_3", - "ac_6_10", - "ac_24", - "cm_5_1_a", - "cm_6_a", - "cm_9_b", - "mp_2", - "sc_23_3", - "sc_25" - ], - "ENS-RD2022": [ - "op.acc.4.aws.iam.1", - "op.acc.4.aws.iam.2", - "op.acc.4.aws.iam.9", - "op.exp.8.r4.aws.ct.8" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.16" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "ac-3" - ], - "FFIEC": [ - "d3-pc-am-b-1", - "d3-pc-am-b-16", - "d3-pc-am-b-2", - "d3-pc-am-b-3", - "d3-pc-am-b-6", - "d3-pc-im-b-7" - ], - "GDPR": [ - "article_25" - ], - "CIS-5.0": [ - "1.15" - ], - "CIS-1.4": [ - "1.16" - ], - "CCC": [ - "CCC.LB.CN05.AR01", - "CCC.Core.CN05.AR02" - ], - "GxP-21-CFR-Part-11": [ - "11.10-d", - "11.10-g" - ], - "ProwlerThreatScore-1.0": [ - "1.3.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "IAM.1" - ], - "CIS-1.5": [ - "1.16" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC03-BP02" - ], - "ISO27001-2022": [ - "A.5.18", - "A.8.2" - ], - "NIST-800-53-Revision-4": [ - "ac_2", - "ac_3", - "ac_5", - "ac_6", - "sc_2" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1078", - "T1648", - "T1098", - "T1578", - "T1550", - "T1040", - "T1580", - "T1538", - "T1619", - "T1201" - ], - "CIS-2.0": [ - "1.16" - ], - "CISA": [ - "your-systems-3", - "your-surroundings-3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure IAM AWS-Managed policies that allow full \"*:*\" administrative privileges are not attached", - "title": "Ensure IAM AWS-Managed policies that allow full \"*:*\" administrative privileges are not attached", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_aws_attached_policy_no_administrative_privileges-211203495394-us-east-1-AdministratorAccess" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "AdministratorAccess", - "arn": "arn:aws:iam::aws:policy/AdministratorAccess", - "entity": "ANPAIWMBCKSKIEE64ZLYK", - "version_id": "v1", - "type": "AWS", - "attached": true, - "document": { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Action": "*", - "Resource": "*" - } - ] - }, - "tags": [] - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "AdministratorAccess", - "type": "AwsIamPolicy", - "uid": "arn:aws:iam::aws:policy/AdministratorAccess" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "It is more secure to start with a minimum set of permissions and grant additional permissions as necessary, rather than starting with permissions that are too lenient and then trying to tighten them later. List policies an analyze if permissions are the least possible to conduct business activities.", - "references": [ - "http://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html" - ] - }, - "risk_details": "IAM policies are the means by which privileges are granted to users, groups, or roles. It is recommended and considered a standard security advice to grant least privilegeβ€”that is, granting only the permissions required to perform a task. Determine what users need to do and then craft policies for them that let the users perform only those tasks instead of allowing full administrative privileges. Providing full administrative privileges instead of restricting to the minimum set of permissions that the user is required to do exposes the resources to potentially unwanted actions.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "AWS policy AWSSupportServiceRolePolicy is attached but does not allow '*:*' administrative privileges.", - "metadata": { - "event_code": "iam_aws_attached_policy_no_administrative_privileges", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "AWS policy AWSSupportServiceRolePolicy is attached but does not allow '*:*' administrative privileges.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "CAF Security Epic: IAM", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_1", - "3_1_2", - "3_1_4", - "3_1_5", - "3_1_6", - "3_1_7", - "3_4_6", - "3_13_3" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_1" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_308_a_3_i", - "164_308_a_3_ii_b", - "164_308_a_4_i", - "164_308_a_4_ii_b", - "164_308_a_4_ii_c", - "164_312_a_1" - ], - "SOC2": [ - "cc_1_3", - "cc_6_3" - ], - "C5-2025": [ - "OIS-04.03B", - "OIS-04.01AC", - "SP-01.04B", - "HR-01.01B", - "IAM-01.01B", - "IAM-01.04B" - ], - "NIST-CSF-1.1": [ - "ac_1", - "ac_4", - "pt_3" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-1", - "ac-2-f", - "ac-2-j", - "ac-3", - "ac-5-c", - "ac-6-10", - "ac-6", - "sc-2" - ], - "CIS-3.0": [ - "1.16" - ], - "NIST-800-53-Revision-5": [ - "ac_2_1", - "ac_2_6", - "ac_2_i_2", - "ac_3", - "ac_3_3", - "ac_3_3_a", - "ac_3_3_b_1", - "ac_3_3_b_2", - "ac_3_3_b_3", - "ac_3_3_b_4", - "ac_3_3_b_5", - "ac_3_3_c", - "ac_3_4", - "ac_3_4_a", - "ac_3_4_b", - "ac_3_4_c", - "ac_3_4_d", - "ac_3_4_e", - "ac_3_7", - "ac_3_8", - "ac_3_12_a", - "ac_3_13", - "ac_3_15_a", - "ac_3_15_b", - "ac_4_28", - "ac_5_b", - "ac_6", - "ac_6_2", - "ac_6_3", - "ac_6_10", - "ac_24", - "cm_5_1_a", - "cm_6_a", - "cm_9_b", - "mp_2", - "sc_23_3", - "sc_25" - ], - "ENS-RD2022": [ - "op.acc.4.aws.iam.1", - "op.acc.4.aws.iam.2", - "op.acc.4.aws.iam.9", - "op.exp.8.r4.aws.ct.8" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.16" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "ac-3" - ], - "FFIEC": [ - "d3-pc-am-b-1", - "d3-pc-am-b-16", - "d3-pc-am-b-2", - "d3-pc-am-b-3", - "d3-pc-am-b-6", - "d3-pc-im-b-7" - ], - "GDPR": [ - "article_25" - ], - "CIS-5.0": [ - "1.15" - ], - "CIS-1.4": [ - "1.16" - ], - "CCC": [ - "CCC.LB.CN05.AR01", - "CCC.Core.CN05.AR02" - ], - "GxP-21-CFR-Part-11": [ - "11.10-d", - "11.10-g" - ], - "ProwlerThreatScore-1.0": [ - "1.3.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "IAM.1" - ], - "CIS-1.5": [ - "1.16" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC03-BP02" - ], - "ISO27001-2022": [ - "A.5.18", - "A.8.2" - ], - "NIST-800-53-Revision-4": [ - "ac_2", - "ac_3", - "ac_5", - "ac_6", - "sc_2" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1078", - "T1648", - "T1098", - "T1578", - "T1550", - "T1040", - "T1580", - "T1538", - "T1619", - "T1201" - ], - "CIS-2.0": [ - "1.16" - ], - "CISA": [ - "your-systems-3", - "your-surroundings-3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure IAM AWS-Managed policies that allow full \"*:*\" administrative privileges are not attached", - "title": "Ensure IAM AWS-Managed policies that allow full \"*:*\" administrative privileges are not attached", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_aws_attached_policy_no_administrative_privileges-211203495394-us-east-1-AWSSupportServiceRolePolicy" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "AWSSupportServiceRolePolicy", - "arn": "arn:aws:iam::aws:policy/aws-service-role/AWSSupportServiceRolePolicy", - "entity": "ANPAJ7W6266ELXF5MISDS", - "version_id": "v42", - "type": "AWS", - "attached": true, - "document": { - "Statement": [ - { - "Sid": "AWSSupportAPIGatewayAccess", - "Action": [ - "apigateway:GET" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:apigateway:*::/account", - "arn:aws:apigateway:*::/apis", - "arn:aws:apigateway:*::/apis/*", - "arn:aws:apigateway:*::/apis/*/authorizers", - "arn:aws:apigateway:*::/apis/*/authorizers/*", - "arn:aws:apigateway:*::/apis/*/deployments", - "arn:aws:apigateway:*::/apis/*/deployments/*", - "arn:aws:apigateway:*::/apis/*/integrations", - "arn:aws:apigateway:*::/apis/*/integrations/*", - "arn:aws:apigateway:*::/apis/*/integrations/*/integrationresponses", - "arn:aws:apigateway:*::/apis/*/integrations/*/integrationresponses/*", - "arn:aws:apigateway:*::/apis/*/models", - "arn:aws:apigateway:*::/apis/*/models/*", - "arn:aws:apigateway:*::/apis/*/routes", - "arn:aws:apigateway:*::/apis/*/routes/*", - "arn:aws:apigateway:*::/apis/*/routes/*/routeresponses", - "arn:aws:apigateway:*::/apis/*/routes/*/routeresponses/*", - "arn:aws:apigateway:*::/apis/*/stages", - "arn:aws:apigateway:*::/apis/*/stages/*", - "arn:aws:apigateway:*::/clientcertificates", - "arn:aws:apigateway:*::/clientcertificates/*", - "arn:aws:apigateway:*::/domainnames", - "arn:aws:apigateway:*::/domainnames/*", - "arn:aws:apigateway:*::/domainnames/*/apimappings", - "arn:aws:apigateway:*::/domainnames/*/apimappings/*", - "arn:aws:apigateway:*::/domainnames/*/basepathmappings", - "arn:aws:apigateway:*::/domainnames/*/basepathmappings/*", - "arn:aws:apigateway:*::/restapis", - "arn:aws:apigateway:*::/restapis/*", - "arn:aws:apigateway:*::/restapis/*/authorizers", - "arn:aws:apigateway:*::/restapis/*/authorizers/*", - "arn:aws:apigateway:*::/restapis/*/deployments", - "arn:aws:apigateway:*::/restapis/*/deployments/*", - "arn:aws:apigateway:*::/restapis/*/models", - "arn:aws:apigateway:*::/restapis/*/models/*", - "arn:aws:apigateway:*::/restapis/*/models/*/default_template", - "arn:aws:apigateway:*::/restapis/*/resources", - "arn:aws:apigateway:*::/restapis/*/resources/*", - "arn:aws:apigateway:*::/restapis/*/resources/*/methods/*/integration/responses/*", - "arn:aws:apigateway:*::/restapis/*/resources/*/methods/*/responses/*", - "arn:aws:apigateway:*::/restapis/*/stages/*/sdks/*", - "arn:aws:apigateway:*::/restapis/*/resources/*/methods/*", - "arn:aws:apigateway:*::/restapis/*/resources/*/methods/*/integration", - "arn:aws:apigateway:*::/restapis/*/stages", - "arn:aws:apigateway:*::/restapis/*/stages/*", - "arn:aws:apigateway:*::/usageplans", - "arn:aws:apigateway:*::/usageplans/*", - "arn:aws:apigateway:*::/vpclinks", - "arn:aws:apigateway:*::/vpclinks/*" - ] - }, - { - "Sid": "AWSSupportDeleteRoleAccess", - "Action": [ - "iam:DeleteRole" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:iam::*:role/aws-service-role/support.amazonaws.com/AWSServiceRoleForSupport" - ] - }, - { - "Sid": "AWSSupportActionsGroup1", - "Action": [ - "access-analyzer:getAccessPreview", - "access-analyzer:getAnalyzedResource", - "access-analyzer:getAnalyzer", - "access-analyzer:getArchiveRule", - "access-analyzer:getFinding", - "access-analyzer:getGeneratedPolicy", - "access-analyzer:listAccessPreviewFindings", - "access-analyzer:listAccessPreviews", - "access-analyzer:listAnalyzedResources", - "access-analyzer:listAnalyzers", - "access-analyzer:listArchiveRules", - "access-analyzer:listFindings", - "access-analyzer:listPolicyGenerations", - "account:getRegionOptStatus", - "account:listRegions", - "acm-pca:describeCertificateAuthority", - "acm-pca:describeCertificateAuthorityAuditReport", - "acm-pca:getCertificate", - "acm-pca:getCertificateAuthorityCertificate", - "acm-pca:getCertificateAuthorityCsr", - "acm-pca:listCertificateAuthorities", - "acm-pca:listTags", - "acm:describeCertificate", - "acm:getAccountConfiguration", - "acm:getCertificate", - "acm:listCertificates", - "acm:listTagsForCertificate", - "aiops:getInvestigationGroup", - "aiops:getInvestigationGroupPolicy", - "aiops:listInvestigationGroups", - "airflow:getEnvironment", - "airflow:listEnvironments", - "airflow:listTagsForResource", - "amplify:getApp", - "amplify:getBackendEnvironment", - "amplify:getBranch", - "amplify:getDomainAssociation", - "amplify:getJob", - "amplify:getWebhook", - "amplify:listApps", - "amplify:listBackendEnvironments", - "amplify:listBranches", - "amplify:listDomainAssociations", - "amplify:listWebhooks", - "amplifyuibuilder:exportComponents", - "amplifyuibuilder:exportThemes", - "aoss:batchGetCollection", - "aoss:batchGetEffectiveLifecyclePolicy", - "aoss:batchGetLifecyclePolicy", - "aoss:batchGetVpcEndpoint", - "aoss:getAccessPolicy", - "aoss:getAccountSettings", - "aoss:getPoliciesStats", - "aoss:getSecurityConfig", - "aoss:getSecurityPolicy", - "aoss:listAccessPolicies", - "aoss:listCollections", - "aoss:listLifecyclePolicies", - "aoss:listSecurityConfigs", - "aoss:listSecurityPolicies", - "aoss:listTagsForResource", - "aoss:listVpcEndpoints", - "appconfig:getApplication", - "appconfig:getConfigurationProfile", - "appconfig:getDeployment", - "appconfig:getDeploymentStrategy", - "appconfig:getEnvironment", - "appconfig:getExtension", - "appconfig:getExtensionAssociation", - "appconfig:listApplications", - "appconfig:listConfigurationProfiles", - "appconfig:listDeployments", - "appconfig:listDeploymentStrategies", - "appconfig:listEnvironments", - "appconfig:listExtensionAssociations", - "appconfig:listExtensions", - "appconfig:listHostedConfigurationVersions", - "appflow:describeConnectorEntity", - "appflow:describeConnectorProfiles", - "appflow:describeConnectors", - "appflow:describeFlow", - "appflow:describeFlowExecutionRecords", - "appflow:listConnectorEntities", - "appflow:listFlows", - "application-autoscaling:describeScalableTargets", - "application-autoscaling:describeScalingActivities", - "application-autoscaling:describeScalingPolicies", - "application-autoscaling:describeScheduledActions", - "application-signals:getService", - "application-signals:getServiceLevelObjective", - "application-signals:listServiceDependencies", - "application-signals:listServiceDependents", - "application-signals:listServiceLevelObjectives", - "application-signals:listServiceOperations", - "application-signals:listServices", - "applicationinsights:describeApplication", - "applicationinsights:describeComponent", - "applicationinsights:describeComponentConfiguration", - "applicationinsights:describeComponentConfigurationRecommendation", - "applicationinsights:describeLogPattern", - "applicationinsights:describeObservation", - "applicationinsights:describeProblem", - "applicationinsights:describeProblemObservations", - "applicationinsights:listApplications", - "applicationinsights:listComponents", - "applicationinsights:listConfigurationHistory", - "applicationinsights:listLogPatterns", - "applicationinsights:listLogPatternSets", - "applicationinsights:listProblems", - "appmesh:describeGatewayRoute", - "appmesh:describeMesh", - "appmesh:describeRoute", - "appmesh:describeVirtualGateway", - "appmesh:describeVirtualNode", - "appmesh:describeVirtualRouter", - "appmesh:describeVirtualService", - "appmesh:listGatewayRoutes", - "appmesh:listMeshes", - "appmesh:listRoutes", - "appmesh:listTagsForResource", - "appmesh:listVirtualGateways", - "appmesh:listVirtualNodes", - "appmesh:listVirtualRouters", - "appmesh:listVirtualServices", - "apprunner:describeAutoScalingConfiguration", - "apprunner:describeCustomDomains", - "apprunner:describeObservabilityConfiguration", - "apprunner:describeOperation", - "apprunner:describeService", - "apprunner:describeVpcConnector", - "apprunner:describeVpcIngressConnection", - "apprunner:listAutoScalingConfigurations", - "apprunner:listConnections", - "apprunner:listObservabilityConfigurations", - "apprunner:listOperations", - "apprunner:listServices", - "apprunner:listTagsForResource", - "apprunner:listVpcConnectors", - "apprunner:listVpcIngressConnections", - "appstream:describeAppBlockBuilderAppBlockAssociations", - "appstream:describeAppBlockBuilders", - "appstream:describeAppBlocks", - "appstream:describeApplicationFleetAssociations", - "appstream:describeApplications", - "appstream:describeDirectoryConfigs", - "appstream:describeEntitlements", - "appstream:describeFleets", - "appstream:describeImageBuilders", - "appstream:describeImagePermissions", - "appstream:describeImages", - "appstream:describeSessions", - "appstream:describeStacks", - "appstream:describeUsageReportSubscriptions", - "appstream:describeUsers", - "appstream:describeUserStackAssociations", - "appstream:listAssociatedFleets", - "appstream:listAssociatedStacks", - "appstream:listEntitledApplications", - "appstream:listTagsForResource", - "appsync:getApi", - "appsync:getApiAssociation", - "appsync:getApiCache", - "appsync:getChannelNamespace", - "appsync:getDataSource", - "appsync:getDomainName", - "appsync:getFunction", - "appsync:getGraphqlApi", - "appsync:getIntrospectionSchema", - "appsync:getResolver", - "appsync:getSchemaCreationStatus", - "appsync:getSourceApiAssociation", - "appsync:getType", - "appsync:listApis", - "appsync:listChannelNamespaces", - "appsync:listDataSources", - "appsync:listDomainNames", - "appsync:listFunctions", - "appsync:listGraphqlApis", - "appsync:listResolvers", - "appsync:listResolversByFunction", - "appsync:listSourceApiAssociations", - "appsync:listTypes", - "appsync:listTypesByAssociation", - "aps:describeAlertManagerDefinition", - "aps:describeRuleGroupsNamespace", - "aps:describeScraper", - "aps:describeWorkspace", - "aps:listRuleGroupsNamespaces", - "aps:listScrapers", - "aps:listWorkspaces", - "athena:batchGetNamedQuery", - "athena:batchGetQueryExecution", - "athena:getCalculationExecution", - "athena:getCalculationExecutionStatus", - "athena:getCapacityAssignmentConfiguration", - "athena:getCapacityReservation", - "athena:getDataCatalog", - "athena:getNamedQuery", - "athena:getNotebookMetadata", - "athena:getQueryExecution", - "athena:getQueryRuntimeStatistics", - "athena:getSession", - "athena:getSessionStatus", - "athena:getWorkGroup", - "athena:listApplicationDPUSizes", - "athena:listCalculationExecutions", - "athena:listCapacityReservations", - "athena:listDataCatalogs", - "athena:listEngineVersions", - "athena:listExecutors", - "athena:listNamedQueries", - "athena:listNotebookMetadata", - "athena:listNotebookSessions", - "athena:listQueryExecutions", - "athena:listSessions", - "athena:listTagsForResource", - "athena:listWorkGroups", - "auditmanager:getAccountStatus", - "auditmanager:getDelegations", - "auditmanager:listAssessmentFrameworks", - "auditmanager:listAssessmentReports", - "auditmanager:listAssessments", - "auditmanager:listControls", - "auditmanager:listKeywordsForDataSource", - "auditmanager:listNotifications", - "autoscaling-plans:describeScalingPlanResources", - "autoscaling-plans:describeScalingPlans", - "autoscaling-plans:getScalingPlanResourceForecastData", - "autoscaling:describeAccountLimits", - "autoscaling:describeAdjustmentTypes", - "autoscaling:describeAutoScalingGroups", - "autoscaling:describeAutoScalingInstances", - "autoscaling:describeAutoScalingNotificationTypes", - "autoscaling:describeInstanceRefreshes", - "autoscaling:describeLaunchConfigurations", - "autoscaling:describeLifecycleHooks", - "autoscaling:describeLifecycleHookTypes", - "autoscaling:describeLoadBalancers", - "autoscaling:describeLoadBalancerTargetGroups", - "autoscaling:describeMetricCollectionTypes", - "autoscaling:describeNotificationConfigurations", - "autoscaling:describePolicies", - "autoscaling:describeScalingActivities", - "autoscaling:describeScalingProcessTypes", - "autoscaling:describeScheduledActions", - "autoscaling:describeTags", - "autoscaling:describeTerminationPolicyTypes", - "autoscaling:describeTrafficSources", - "autoscaling:describeWarmPool", - "backup-gateway:getBandwidthRateLimitSchedule", - "backup-gateway:getGateway", - "backup-gateway:getHypervisor", - "backup-gateway:getHypervisorPropertyMappings", - "backup-gateway:getVirtualMachine", - "backup-gateway:listGateways", - "backup-gateway:listHypervisors", - "backup-gateway:listVirtualMachines", - "backup-search:listSearchJobBackups", - "backup-search:listSearchJobs", - "backup:describeBackupJob", - "backup:describeBackupVault", - "backup:describeCopyJob", - "backup:describeFramework", - "backup:describeGlobalSettings", - "backup:describeProtectedResource", - "backup:describeRecoveryPoint", - "backup:describeRegionSettings", - "backup:describeReportJob", - "backup:describeReportPlan", - "backup:describeRestoreJob", - "backup:getBackupPlan", - "backup:getBackupPlanFromJSON", - "backup:getBackupPlanFromTemplate", - "backup:getBackupSelection", - "backup:getBackupVaultAccessPolicy", - "backup:getBackupVaultNotifications", - "backup:getLegalHold", - "backup:getRecoveryPointRestoreMetadata", - "backup:getRecoveryPointIndexDetails", - "backup:getRestoreJobMetadata", - "backup:getRestoreTestingInferredMetadata", - "backup:getRestoreTestingPlan", - "backup:getRestoreTestingSelection", - "backup:getSupportedResourceTypes", - "backup:listBackupJobs", - "backup:listBackupPlans", - "backup:listBackupPlanTemplates", - "backup:listBackupPlanVersions", - "backup:listBackupSelections", - "backup:listBackupVaults", - "backup:listCopyJobs", - "backup:listFrameworks", - "backup:listIndexedRecoveryPoints", - "backup:listLegalHolds", - "backup:listProtectedResources", - "backup:listRecoveryPointsByBackupVault", - "backup:listRecoveryPointsByLegalHold", - "backup:listRecoveryPointsByResource", - "backup:listReportJobs", - "backup:listReportPlans", - "backup:listRestoreJobs", - "backup:listRestoreJobsByProtectedResource", - "backup:listRestoreTestingPlans", - "backup:listRestoreTestingSelections", - "backup:listTags", - "batch:describeComputeEnvironments", - "batch:describeJobDefinitions", - "batch:describeJobQueues", - "batch:describeJobs", - "batch:describeSchedulingPolicies", - "batch:listJobs", - "bedrock:getAgent", - "bedrock:getAgentActionGroup", - "bedrock:getAgentAlias", - "bedrock:getAgentKnowledgeBase", - "bedrock:getAgentVersion", - "bedrock:getCustomModel", - "bedrock:getDataSource", - "bedrock:getEvaluationJob", - "bedrock:getFlow", - "bedrock:getFlowAlias", - "bedrock:getFlowVersion", - "bedrock:getFoundationModel", - "bedrock:getGuardrail", - "bedrock:getImportedModel", - "bedrock:getInferenceProfile", - "bedrock:getIngestionJob", - "bedrock:getKnowledgeBase", - "bedrock:getMarketplaceModelEndpoint", - "bedrock:getModelCopyJob", - "bedrock:getModelCustomizationJob", - "bedrock:getModelImportJob", - "bedrock:getModelInvocationJob", - "bedrock:getModelInvocationLoggingConfiguration", - "bedrock:getPrompt", - "bedrock:getPromptRouter", - "bedrock:getProvisionedModelThroughput", - "bedrock:listAgentActionGroups", - "bedrock:listAgentAliases", - "bedrock:listAgentKnowledgeBases", - "bedrock:listAgents", - "bedrock:listAgentVersions", - "bedrock:listCustomModels", - "bedrock:listDataSources", - "bedrock:listEvaluationJobs", - "bedrock:listFlowAliases", - "bedrock:listFlows", - "bedrock:listFlowVersions", - "bedrock:listFoundationModels", - "bedrock:listGuardrails", - "bedrock:listImportedModels", - "bedrock:listInferenceProfiles", - "bedrock:listIngestionJobs", - "bedrock:listKnowledgeBases", - "bedrock:listMarketplaceModelEndpoints", - "bedrock:listModelCopyJobs", - "bedrock:listModelCustomizationJobs", - "bedrock:listModelImportJobs", - "bedrock:listModelInvocationJobs", - "bedrock:listPromptRouters", - "bedrock:listPrompts", - "bedrock:listProvisionedModelThroughputs", - "braket:getDevice", - "braket:getQuantumTask", - "braket:searchDevices", - "braket:searchQuantumTasks", - "budgets:viewBudget", - "ce:getCostAndUsage", - "ce:getCostAndUsageWithResources", - "ce:getCostForecast", - "ce:getDimensionValues", - "ce:getReservationCoverage", - "ce:getReservationPurchaseRecommendation", - "ce:getReservationUtilization", - "ce:getRightsizingRecommendation", - "ce:getSavingsPlansCoverage", - "ce:getSavingsPlansPurchaseRecommendation", - "ce:getSavingsPlansUtilization", - "ce:getSavingsPlansUtilizationDetails", - "ce:getTags", - "chime:describeAppInstance", - "chime:getAttendee", - "chime:getGlobalSettings", - "chime:getMediaCapturePipeline", - "chime:getMediaPipeline", - "chime:getMeeting", - "chime:getProxySession", - "chime:getSipMediaApplication", - "chime:getSipRule", - "chime:getVoiceConnector", - "chime:getVoiceConnectorGroup", - "chime:getVoiceConnectorLoggingConfiguration", - "chime:listAppInstances", - "chime:listAttendees", - "chime:listChannelBans", - "chime:listChannels", - "chime:listChannelsModeratedByAppInstanceUser", - "chime:listMediaCapturePipelines", - "chime:listMediaPipelines", - "chime:listMeetings", - "chime:listSipMediaApplications", - "chime:listSipRules", - "chime:listVoiceConnectorGroups", - "chime:listVoiceConnectors", - "cleanrooms:batchGetCollaborationAnalysisTemplate", - "cleanrooms:batchGetSchema", - "cleanrooms:getAnalysisTemplate", - "cleanrooms:getCollaboration", - "cleanrooms:getCollaborationAnalysisTemplate", - "cleanrooms:getConfiguredTable", - "cleanrooms:getConfiguredTableAssociation", - "cleanrooms:getMembership", - "cleanrooms:getSchema", - "cleanrooms:listAnalysisTemplates", - "cleanrooms:listCollaborationAnalysisTemplates", - "cleanrooms:listCollaborations", - "cleanrooms:listConfiguredTableAssociations", - "cleanrooms:listConfiguredTables", - "cleanrooms:listMembers", - "cleanrooms:listMemberships", - "cleanrooms:listSchemas", - "cloud9:describeEnvironmentMemberships", - "cloud9:describeEnvironments", - "cloud9:listEnvironments", - "clouddirectory:getDirectory", - "clouddirectory:listDirectories", - "cloudformation:batchDescribeTypeConfigurations", - "cloudformation:describeAccountLimits", - "cloudformation:describeChangeSet", - "cloudformation:describeChangeSetHooks", - "cloudformation:describePublisher", - "cloudformation:describeStackDriftDetectionStatus", - "cloudformation:describeStackEvents", - "cloudformation:describeStackInstance", - "cloudformation:describeStackResource", - "cloudformation:describeStackResourceDrifts", - "cloudformation:describeStackResources", - "cloudformation:describeStacks", - "cloudformation:describeStackSet", - "cloudformation:describeStackSetOperation", - "cloudformation:describeType", - "cloudformation:describeTypeRegistration", - "cloudformation:estimateTemplateCost", - "cloudformation:getResource", - "cloudformation:getStackPolicy", - "cloudformation:getTemplate", - "cloudformation:getTemplateSummary", - "cloudformation:listChangeSets", - "cloudformation:listExports", - "cloudformation:listImports", - "cloudformation:listResources", - "cloudformation:listStackInstances", - "cloudformation:listStackResources", - "cloudformation:listStacks", - "cloudformation:listStackSetOperationResults", - "cloudformation:listStackSetOperations", - "cloudformation:listStackSets", - "cloudformation:listTypeRegistrations", - "cloudformation:listTypes", - "cloudformation:listTypeVersions", - "cloudfront:describeFunction", - "cloudfront:describeKeyValueStore", - "cloudfront:getAnycastIpList", - "cloudfront:getCachePolicy", - "cloudfront:getCachePolicyConfig", - "cloudfront:getCloudFrontOriginAccessIdentity", - "cloudfront:getCloudFrontOriginAccessIdentityConfig", - "cloudfront:getContinuousDeploymentPolicy", - "cloudfront:getContinuousDeploymentPolicyConfig", - "cloudfront:getDistribution", - "cloudfront:getDistributionConfig", - "cloudfront:getInvalidation", - "cloudfront:getKeyGroup", - "cloudfront:getKeyGroupConfig", - "cloudfront:getMonitoringSubscription", - "cloudfront:getOriginAccessControl", - "cloudfront:getOriginAccessControlConfig", - "cloudfront:getOriginRequestPolicy", - "cloudfront:getOriginRequestPolicyConfig", - "cloudfront:getPublicKey", - "cloudfront:getPublicKeyConfig", - "cloudfront:getRealtimeLogConfig", - "cloudfront:getResponseHeadersPolicy", - "cloudfront:getResponseHeadersPolicyConfig", - "cloudfront:getStreamingDistribution", - "cloudfront:getStreamingDistributionConfig", - "cloudfront:getVpcOrigin", - "cloudfront:listAnycastIpLists", - "cloudfront:listCachePolicies", - "cloudfront:listCloudFrontOriginAccessIdentities", - "cloudfront:listConflictingAliases", - "cloudfront:listContinuousDeploymentPolicies", - "cloudfront:listDistributions", - "cloudfront:listDistributionsByAnycastIpListId", - "cloudfront:listDistributionsByCachePolicyId", - "cloudfront:listDistributionsByKeyGroup", - "cloudfront:listDistributionsByOriginRequestPolicyId", - "cloudfront:listDistributionsByRealtimeLogConfig", - "cloudfront:listDistributionsByResponseHeadersPolicyId", - "cloudfront:listDistributionsByVpcOriginId", - "cloudfront:listDistributionsByWebACLId", - "cloudfront:listFunctions", - "cloudfront:listInvalidations", - "cloudfront:listKeyGroups", - "cloudfront:listKeyValueStores", - "cloudfront:listOriginAccessControls", - "cloudfront:listOriginRequestPolicies", - "cloudfront:listPublicKeys", - "cloudfront:listRealtimeLogConfigs", - "cloudfront:listResponseHeadersPolicies", - "cloudfront:listStreamingDistributions", - "cloudfront:listVpcOrigins", - "cloudhsm:describeBackups", - "cloudhsm:describeClusters", - "cloudsearch:describeAnalysisSchemes", - "cloudsearch:describeAvailabilityOptions", - "cloudsearch:describeDomains", - "cloudsearch:describeExpressions", - "cloudsearch:describeIndexFields", - "cloudsearch:describeScalingParameters", - "cloudsearch:describeServiceAccessPolicies", - "cloudsearch:describeSuggesters", - "cloudsearch:listDomainNames", - "cloudtrail:describeTrails", - "cloudtrail:getEventSelectors", - "cloudtrail:getInsightSelectors", - "cloudtrail:getTrail", - "cloudtrail:getTrailStatus", - "cloudtrail:listPublicKeys", - "cloudtrail:listTags", - "cloudtrail:listTrails", - "cloudtrail:lookupEvents", - "cloudwatch:describeAlarmHistory", - "cloudwatch:describeAlarms", - "cloudwatch:describeAlarmsForMetric", - "cloudwatch:describeAnomalyDetectors", - "cloudwatch:describeInsightRules", - "cloudwatch:getDashboard", - "cloudwatch:getInsightRuleReport", - "cloudwatch:getMetricData", - "cloudwatch:getMetricStatistics", - "cloudwatch:getMetricStream", - "cloudWatch:getMetricWidgetImage", - "cloudwatch:listDashboards", - "cloudwatch:listManagedInsightRules", - "cloudwatch:listMetrics", - "cloudwatch:listMetricStreams", - "codeartifact:describeDomain", - "codeartifact:describePackageVersion", - "codeartifact:describeRepository", - "codeartifact:getDomainPermissionsPolicy", - "codeartifact:getRepositoryEndpoint", - "codeartifact:getRepositoryPermissionsPolicy", - "codeartifact:listDomains", - "codeartifact:listPackages", - "codeartifact:listPackageVersionAssets", - "codeartifact:listPackageVersions", - "codeartifact:listRepositories", - "codeartifact:listRepositoriesInDomain", - "codebuild:batchGetBuildBatches", - "codebuild:batchGetBuilds", - "codebuild:batchGetFleets", - "codebuild:batchGetProjects", - "codebuild:listBuildBatches", - "codebuild:listBuildBatchesForProject", - "codebuild:listBuilds", - "codebuild:listBuildsForProject", - "codebuild:listCuratedEnvironmentImages", - "codebuild:listFleets", - "codebuild:listProjects", - "codebuild:listSourceCredentials", - "codecommit:batchGetRepositories", - "codecommit:getBranch", - "codecommit:getRepository", - "codecommit:getRepositoryTriggers", - "codecommit:listBranches", - "codecommit:listRepositories", - "codeconnections:getConnection", - "codeconnections:getHost", - "codeconnections:getRepositoryLink", - "codeconnections:getRepositorySyncStatus", - "codeconnections:getResourceSyncStatus", - "codeconnections:getSyncBlockerSummary", - "codeconnections:getSyncConfiguration", - "codeconnections:listConnections", - "codeconnections:listHosts", - "codeconnections:listRepositoryLinks", - "codeconnections:listRepositorySyncDefinitions", - "codeconnections:listSyncConfigurations", - "codedeploy:batchGetApplicationRevisions", - "codedeploy:batchGetApplications", - "codedeploy:batchGetDeploymentGroups", - "codedeploy:batchGetDeploymentInstances", - "codedeploy:batchGetDeployments", - "codedeploy:batchGetDeploymentTargets", - "codedeploy:batchGetOnPremisesInstances", - "codedeploy:getApplication", - "codedeploy:getApplicationRevision", - "codedeploy:getDeployment", - "codedeploy:getDeploymentConfig", - "codedeploy:getDeploymentGroup", - "codedeploy:getDeploymentInstance", - "codedeploy:getDeploymentTarget", - "codedeploy:getOnPremisesInstance", - "codedeploy:listApplicationRevisions", - "codedeploy:listApplications", - "codedeploy:listDeploymentConfigs", - "codedeploy:listDeploymentGroups", - "codedeploy:listDeploymentInstances", - "codedeploy:listDeployments", - "codedeploy:listDeploymentTargets", - "codedeploy:listGitHubAccountTokenNames", - "codedeploy:listOnPremisesInstances", - "codepipeline:getJobDetails", - "codepipeline:getPipeline", - "codepipeline:getPipelineExecution", - "codepipeline:getPipelineState", - "codepipeline:listActionExecutions", - "codepipeline:listActionTypes", - "codepipeline:listPipelineExecutions", - "codepipeline:listPipelines", - "codepipeline:listRuleExecutions", - "codepipeline:listWebhooks", - "codestar-connections:getConnection", - "codestar-connections:getHost", - "codestar-connections:listConnections", - "codestar-connections:listHosts", - "codestar:describeProject", - "codestar:listProjects", - "codestar:listResources", - "codestar:listTeamMembers", - "codestar:listUserProfiles", - "cognito-identity:describeIdentity", - "cognito-identity:describeIdentityPool", - "cognito-identity:getIdentityPoolAnalytics", - "cognito-identity:getIdentityPoolDailyAnalytics", - "cognito-identity:getIdentityPoolRoles", - "cognito-identity:getIdentityProviderDailyAnalytics", - "cognito-identity:listIdentities", - "cognito-identity:listIdentityPools", - "cognito-identity:lookupDeveloperIdentity", - "cognito-idp:describeIdentityProvider", - "cognito-idp:describeResourceServer", - "cognito-idp:describeRiskConfiguration", - "cognito-idp:describeUserImportJob", - "cognito-idp:describeUserPool", - "cognito-idp:describeUserPoolClient", - "cognito-idp:describeUserPoolDomain", - "cognito-idp:getCSVHeader", - "cognito-idp:getGroup", - "cognito-idp:getLogDeliveryConfiguration", - "cognito-idp:getUICustomization", - "cognito-idp:getUserPoolMfaConfig", - "cognito-idp:listGroups", - "cognito-idp:listIdentityProviders", - "cognito-idp:listResourceServers", - "cognito-idp:listUserImportJobs", - "cognito-idp:listUserPoolClients", - "cognito-idp:listUserPools", - "cognito-sync:describeDataset", - "cognito-sync:describeIdentityPoolUsage", - "cognito-sync:describeIdentityUsage", - "cognito-sync:getCognitoEvents", - "cognito-sync:getIdentityPoolConfiguration", - "cognito-sync:listDatasets", - "cognito-sync:listIdentityPoolUsage", - "comprehend:describeDocumentClassificationJob", - "comprehend:describeDocumentClassifier", - "comprehend:describeDominantLanguageDetectionJob", - "comprehend:describeEndpoint", - "comprehend:describeEntitiesDetectionJob", - "comprehend:describeEntityRecognizer", - "comprehend:describeEventsDetectionJob", - "comprehend:describeFlywheel", - "comprehend:describeFlywheelIteration", - "comprehend:describeKeyPhrasesDetectionJob", - "comprehend:describePiiEntitiesDetectionJob", - "comprehend:describeSentimentDetectionJob", - "comprehend:describeTargetedSentimentDetectionJob", - "comprehend:describeTopicsDetectionJob", - "comprehend:listDocumentClassificationJobs", - "comprehend:listDocumentClassifiers", - "comprehend:listDominantLanguageDetectionJobs", - "comprehend:listEndpoints", - "comprehend:listEntitiesDetectionJobs", - "comprehend:listEntityRecognizers", - "comprehend:listEventsDetectionJobs", - "comprehend:listFlywheelIterationHistory", - "comprehend:listFlywheels", - "comprehend:listKeyPhrasesDetectionJobs", - "comprehend:listPiiEntitiesDetectionJobs", - "comprehend:listSentimentDetectionJobs", - "comprehend:listTargetedSentimentDetectionJobs", - "comprehend:listTopicsDetectionJobs", - "compute-optimizer:getAutoScalingGroupRecommendations", - "compute-optimizer:getEBSVolumeRecommendations", - "compute-optimizer:getEC2InstanceRecommendations", - "compute-optimizer:getEC2RecommendationProjectedMetrics", - "compute-optimizer:getECSServiceRecommendationProjectedMetrics", - "compute-optimizer:getECSServiceRecommendations", - "compute-optimizer:getEnrollmentStatus", - "compute-optimizer:getRecommendationSummaries", - "config:batchGetAggregateResourceConfig", - "config:batchGetResourceConfig", - "config:describeAggregateComplianceByConfigRules", - "config:describeAggregationAuthorizations", - "config:describeComplianceByConfigRule", - "config:describeComplianceByResource", - "config:describeConfigRuleEvaluationStatus", - "config:describeConfigRules", - "config:describeConfigurationAggregators", - "config:describeConfigurationAggregatorSourcesStatus", - "config:describeConfigurationRecorders", - "config:describeConfigurationRecorderStatus", - "config:describeConformancePackCompliance", - "config:describeConformancePacks", - "config:describeConformancePackStatus", - "config:describeDeliveryChannels", - "config:describeDeliveryChannelStatus", - "config:describeOrganizationConfigRules", - "config:describeOrganizationConfigRuleStatuses", - "config:describeOrganizationConformancePacks", - "config:describeOrganizationConformancePackStatuses", - "config:describePendingAggregationRequests", - "config:describeRemediationConfigurations", - "config:describeRemediationExceptions", - "config:describeRemediationExecutionStatus", - "config:describeRetentionConfigurations", - "config:getAggregateComplianceDetailsByConfigRule", - "config:getAggregateConfigRuleComplianceSummary", - "config:getAggregateDiscoveredResourceCounts", - "config:getAggregateResourceConfig", - "config:getComplianceDetailsByConfigRule", - "config:getComplianceDetailsByResource", - "config:getComplianceSummaryByConfigRule", - "config:getComplianceSummaryByResourceType", - "config:getConformancePackComplianceDetails", - "config:getConformancePackComplianceSummary", - "config:getDiscoveredResourceCounts", - "config:getOrganizationConfigRuleDetailedStatus", - "config:getOrganizationConformancePackDetailedStatus", - "config:getResourceConfigHistory", - "config:listAggregateDiscoveredResources", - "config:listDiscoveredResources", - "config:listTagsForResource", - "config:selectAggregateResourceConfig", - "config:selectResourceConfig", - "connect:describeContact", - "connect:describePhoneNumber", - "connect:describeQueue", - "connect:describeQuickConnect", - "connect:describeRoutingProfile", - "connect:describeUser", - "connect:describeUserHierarchyStructure", - "connect:getCurrentMetricData", - "connect:getMetricData", - "connect:getMetricDataV2", - "connect:listContactEvaluations", - "connect:listEvaluationForms", - "connect:listEvaluationFormVersions", - "connect:listPhoneNumbersV2", - "connect:listQueueQuickConnects", - "connect:listQueues", - "connect:listQuickConnects", - "connect:listRoutingProfileQueues", - "connect:listRoutingProfiles", - "connect:listSecurityProfiles", - "connect:listUsers", - "connect:listViews", - "connect:listViewVersions", - "connect:searchQueues", - "connect:searchRoutingProfiles", - "connect:searchUsers", - "controltower:describeAccountFactoryConfig", - "controltower:describeCoreService", - "controltower:describeGuardrail", - "controltower:describeGuardrailForTarget", - "controltower:describeManagedAccount", - "controltower:describeSingleSignOn", - "controltower:getAvailableUpdates", - "controltower:getHomeRegion", - "controltower:getLandingZone", - "controltower:getLandingZoneStatus", - "controltower:listDirectoryGroups", - "controltower:listEnabledControls", - "controltower:listGuardrailsForTarget", - "controltower:listGuardrailViolations", - "controltower:listLandingZones", - "controltower:listManagedAccounts", - "controltower:listManagedAccountsForGuardrail", - "controltower:listManagedAccountsForParent", - "controltower:listManagedOrganizationalUnits", - "controltower:listManagedOrganizationalUnitsForGuardrail", - "cost-optimization-hub:getPreferences", - "cost-optimization-hub:getRecommendation", - "cost-optimization-hub:listEnrollmentStatuses", - "cost-optimization-hub:listRecommendations", - "cost-optimization-hub:listRecommendationSummaries", - "databrew:describeDataset", - "databrew:describeJob", - "databrew:describeProject", - "databrew:describeRecipe", - "databrew:listDatasets", - "databrew:listJobRuns", - "databrew:listJobs", - "databrew:listProjects", - "databrew:listRecipes", - "databrew:listRecipeVersions", - "databrew:listTagsForResource", - "datapipeline:describeObjects", - "datapipeline:describePipelines", - "datapipeline:getPipelineDefinition", - "datapipeline:listPipelines", - "datapipeline:queryObjects", - "datasync:describeAgent", - "datasync:describeLocationAzureBlob", - "datasync:describeLocationEfs", - "datasync:describeLocationFsxLustre", - "datasync:describeLocationFsxOntap", - "datasync:describeLocationFsxOpenZfs", - "datasync:describeLocationFsxWindows", - "datasync:describeLocationHdfs", - "datasync:describeLocationNfs", - "datasync:describeLocationObjectStorage", - "datasync:describeLocationS3", - "datasync:describeLocationSmb", - "datasync:describeTask", - "datasync:describeTaskExecution", - "datasync:listAgents", - "datasync:listLocations", - "datasync:listTaskExecutions", - "datasync:listTasks", - "datazone:getAsset", - "datazone:getAssetType", - "datazone:getDataSource", - "datazone:getDataSourceRun", - "datazone:getDomain", - "datazone:getEnvironment", - "datazone:getEnvironmentBlueprint", - "datazone:getEnvironmentBlueprintConfiguration", - "datazone:getEnvironmentProfile", - "datazone:getFormType", - "datazone:getGlossary", - "datazone:getGlossaryTerm", - "datazone:getGroupProfile", - "datazone:getListing", - "datazone:getMetadataGenerationRun", - "datazone:getProject", - "datazone:getSubscription", - "datazone:getSubscriptionGrant", - "datazone:getSubscriptionRequestDetails", - "datazone:getSubscriptionTarget", - "datazone:getUserProfile", - "datazone:listAssetRevisions", - "datazone:listDataSourceRunActivities", - "datazone:listDataSourceRuns", - "datazone:listDataSources", - "datazone:listDomains", - "datazone:listEnvironmentBlueprintConfigurations", - "datazone:listEnvironmentBlueprints", - "datazone:listEnvironmentProfiles", - "datazone:listEnvironments", - "datazone:listMetadataGenerationRuns", - "datazone:listProjectMemberships", - "datazone:listProjects", - "datazone:listSubscriptionGrants", - "datazone:listSubscriptionRequests", - "datazone:listSubscriptions", - "datazone:listSubscriptionTargets", - "datazone:searchGroupProfiles", - "datazone:searchUserProfiles", - "dax:describeClusters", - "dax:describeDefaultParameters", - "dax:describeEvents", - "dax:describeParameterGroups", - "dax:describeParameters", - "dax:describeSubnetGroups", - "deadline:listAvailableMeteredProducts", - "deadline:listBudgets", - "deadline:listFarmMembers", - "deadline:listFarms", - "deadline:listFleetMembers", - "deadline:listFleets", - "deadline:listJobMembers", - "deadline:listJobs", - "deadline:listLicenseEndpoints", - "deadline:listMeteredProducts", - "deadline:listMonitors", - "deadline:listQueueEnvironments", - "deadline:listQueueFleetAssociations", - "deadline:listQueueMembers", - "deadline:listQueues", - "deadline:listStorageProfiles", - "deadline:listWorkers", - "detective:getMembers", - "detective:listGraphs", - "detective:listInvitations", - "detective:listMembers", - "devicefarm:getAccountSettings", - "devicefarm:getDevice", - "devicefarm:getDevicePool", - "devicefarm:getDevicePoolCompatibility", - "devicefarm:getJob", - "devicefarm:getProject", - "devicefarm:getRemoteAccessSession", - "devicefarm:getRun", - "devicefarm:getSuite", - "devicefarm:getTest", - "devicefarm:getTestGridProject", - "devicefarm:getTestGridSession", - "devicefarm:getUpload", - "devicefarm:listArtifacts", - "devicefarm:listDevicePools", - "devicefarm:listDevices", - "devicefarm:listJobs", - "devicefarm:listProjects", - "devicefarm:listRemoteAccessSessions", - "devicefarm:listRuns", - "devicefarm:listSamples", - "devicefarm:listSuites", - "devicefarm:listTestGridProjects", - "devicefarm:listTestGridSessionActions", - "devicefarm:listTestGridSessionArtifacts", - "devicefarm:listTestGridSessions", - "devicefarm:listTests", - "devicefarm:listUniqueProblems", - "devicefarm:listUploads", - "directconnect:describeConnectionLoa", - "directconnect:describeConnections", - "directconnect:describeConnectionsOnInterconnect", - "directconnect:describeCustomerMetadata", - "directconnect:describeDirectConnectGatewayAssociationProposals", - "directconnect:describeDirectConnectGatewayAssociations", - "directconnect:describeDirectConnectGatewayAttachments", - "directconnect:describeDirectConnectGateways", - "directconnect:describeHostedConnections", - "directconnect:describeInterconnectLoa", - "directconnect:describeInterconnects", - "directconnect:describeLags", - "directconnect:describeLoa", - "directconnect:describeLocations", - "directconnect:describeRouterConfiguration", - "directconnect:describeVirtualGateways", - "directconnect:describeVirtualInterfaces", - "directconnect:listVirtualInterfaceTestHistory", - "dlm:getLifecyclePolicies", - "dlm:getLifecyclePolicy", - "dms:describeAccountAttributes", - "dms:describeApplicableIndividualAssessments", - "dms:describeConnections", - "dms:describeEndpoints", - "dms:describeEndpointSettings", - "dms:describeEndpointTypes", - "dms:describeEventCategories", - "dms:describeEvents", - "dms:describeEventSubscriptions", - "dms:describeFleetAdvisorCollectors", - "dms:describeFleetAdvisorDatabases", - "dms:describeFleetAdvisorLsaAnalysis", - "dms:describeFleetAdvisorSchemaObjectSummary", - "dms:describeFleetAdvisorSchemas", - "dms:describeOrderableReplicationInstances", - "dms:describePendingMaintenanceActions", - "dms:describeRefreshSchemasStatus", - "dms:describeReplicationInstances", - "dms:describeReplicationInstanceTaskLogs", - "dms:describeReplicationSubnetGroups", - "dms:describeReplicationTaskAssessmentResults", - "dms:describeReplicationTaskAssessmentRuns", - "dms:describeReplicationTaskIndividualAssessments", - "dms:describeReplicationTasks", - "dms:describeSchemas", - "dms:describeTableStatistics", - "docdb-elastic:getCluster", - "docdb-elastic:getClusterSnapshot", - "docdb-elastic:listClusters", - "docdb-elastic:listClusterSnapshots", - "drs:describeJobLogItems", - "drs:describeJobs", - "drs:describeLaunchConfigurationTemplates", - "drs:describeRecoveryInstances", - "drs:describeRecoverySnapshots", - "drs:describeReplicationConfigurationTemplates", - "drs:describeSourceNetworks", - "drs:describeSourceServers", - "drs:getLaunchConfiguration", - "drs:getReplicationConfiguration", - "drs:listExtensibleSourceServers", - "drs:listLaunchActions", - "drs:listStagingAccounts", - "ds:describeClientAuthenticationSettings", - "ds:describeConditionalForwarders", - "ds:describeDirectories", - "ds:describeDomainControllers", - "ds:describeEventTopics", - "ds:describeHybridADUpdate", - "ds:describeLDAPSSettings", - "ds:describeSharedDirectories", - "ds:describeSnapshots", - "ds:describeTrusts", - "ds:getDirectoryLimits", - "ds:getSnapshotLimits", - "ds:listIpRoutes", - "ds:listSchemaExtensions", - "ds:listTagsForResource", - "dynamodb:describeBackup", - "dynamodb:describeContinuousBackups", - "dynamodb:describeContributorInsights", - "dynamodb:describeExport", - "dynamodb:describeGlobalTable", - "dynamodb:describeImport", - "dynamodb:describeKinesisStreamingDestination", - "dynamodb:describeLimits", - "dynamodb:describeStream", - "dynamodb:describeTable", - "dynamodb:describeTimeToLive", - "dynamodb:getResourcePolicy", - "dynamodb:listBackups", - "dynamodb:listContributorInsights", - "dynamodb:listExports", - "dynamodb:listGlobalTables", - "dynamodb:listImports", - "dynamodb:listStreams", - "dynamodb:listTables", - "dynamodb:listTagsOfResource", - "ec2:describeAccountAttributes", - "ec2:describeAddresses", - "ec2:describeAddressesAttribute", - "ec2:describeAddressTransfers", - "ec2:describeAggregateIdFormat", - "ec2:describeAvailabilityZones", - "ec2:describeBundleTasks", - "ec2:describeByoipCidrs", - "ec2:describeCapacityBlockOfferings", - "ec2:describeCapacityReservationFleets", - "ec2:describeCapacityReservations", - "ec2:describeCarrierGateways", - "ec2:describeClassicLinkInstances", - "ec2:describeClientVpnAuthorizationRules", - "ec2:describeClientVpnConnections", - "ec2:describeClientVpnEndpoints", - "ec2:describeClientVpnRoutes", - "ec2:describeClientVpnTargetNetworks", - "ec2:describeCoipPools", - "ec2:describeConversionTasks", - "ec2:describeCustomerGateways", - "ec2:describeDhcpOptions", - "ec2:describeEgressOnlyInternetGateways", - "ec2:describeExportImageTasks", - "ec2:describeExportTasks", - "ec2:describeFastLaunchImages", - "ec2:describeFastSnapshotRestores", - "ec2:describeFleetHistory", - "ec2:describeFleetInstances", - "ec2:describeFleets", - "ec2:describeFlowLogs", - "ec2:describeFpgaImageAttribute", - "ec2:describeFpgaImages", - "ec2:describeHostReservationOfferings", - "ec2:describeHostReservations", - "ec2:describeHosts", - "ec2:describeIamInstanceProfileAssociations", - "ec2:describeIdentityIdFormat", - "ec2:describeIdFormat", - "ec2:describeImageAttribute", - "ec2:describeImages", - "ec2:describeImportImageTasks", - "ec2:describeImportSnapshotTasks", - "ec2:describeInstanceAttribute", - "ec2:describeInstanceConnectEndpoints", - "ec2:describeInstanceCreditSpecifications", - "ec2:describeInstanceEventNotificationAttributes", - "ec2:describeInstanceEventWindows", - "ec2:describeInstances", - "ec2:describeInstanceStatus", - "ec2:describeInstanceTypeOfferings", - "ec2:describeInstanceTypes", - "ec2:describeInternetGateways", - "ec2:describeIpamByoasn", - "ec2:describeIpamExternalResourceVerificationTokens", - "ec2:describeIpamPools", - "ec2:describeIpamResourceDiscoveries", - "ec2:describeIpamResourceDiscoveryAssociations", - "ec2:describeIpams", - "ec2:describeIpamScopes", - "ec2:describeIpv6Pools", - "ec2:describeKeyPairs", - "ec2:describeLaunchTemplates", - "ec2:describeLaunchTemplateVersions", - "ec2:describeLocalGatewayRouteTables", - "ec2:describeLocalGatewayRouteTableVirtualInterfaceGroupAssociations", - "ec2:describeLocalGatewayRouteTableVpcAssociations", - "ec2:describeLocalGateways", - "ec2:describeLocalGatewayVirtualInterfaceGroups", - "ec2:describeLocalGatewayVirtualInterfaces", - "ec2:describeManagedPrefixLists", - "ec2:describeMovingAddresses", - "ec2:describeNatGateways", - "ec2:describeNetworkAcls", - "ec2:describeNetworkInsightsAccessScopeAnalyses", - "ec2:describeNetworkInsightsAccessScopes", - "ec2:describeNetworkInsightsAnalyses", - "ec2:describeNetworkInsightsPaths", - "ec2:describeNetworkInterfaceAttribute", - "ec2:describeNetworkInterfaces", - "ec2:describePlacementGroups", - "ec2:describePrefixLists", - "ec2:describePrincipalIdFormat", - "ec2:describePublicIpv4Pools", - "ec2:describeRegions", - "ec2:describeReplaceRootVolumeTasks", - "ec2:describeReservedInstances", - "ec2:describeReservedInstancesListings", - "ec2:describeReservedInstancesModifications", - "ec2:describeReservedInstancesOfferings", - "ec2:describeRouteServerEndpoints", - "ec2:describeRouteServerPeers", - "ec2:describeRouteServers", - "ec2:describeRouteTables", - "ec2:describeScheduledInstanceAvailability", - "ec2:describeScheduledInstances", - "ec2:describeSecurityGroupReferences", - "ec2:describeSecurityGroupRules", - "ec2:describeSecurityGroups", - "ec2:describeServiceLinkVirtualInterfaces", - "ec2:describeSnapshotAttribute", - "ec2:describeSnapshots", - "ec2:describeSnapshotTierStatus", - "ec2:describeSpotDatafeedSubscription", - "ec2:describeSpotFleetInstances", - "ec2:describeSpotFleetRequestHistory", - "ec2:describeSpotFleetRequests", - "ec2:describeSpotInstanceRequests", - "ec2:describeSpotPriceHistory", - "ec2:describeStaleSecurityGroups", - "ec2:describeStoreImageTasks", - "ec2:describeSubnets", - "ec2:describeTags", - "ec2:describeTrafficMirrorFilterRules", - "ec2:describeTrafficMirrorFilters", - "ec2:describeTrafficMirrorSessions", - "ec2:describeTrafficMirrorTargets", - "ec2:describeTransitGatewayAttachments", - "ec2:describeTransitGatewayConnectPeers", - "ec2:describeTransitGatewayMulticastDomains", - "ec2:describeTransitGatewayPeeringAttachments", - "ec2:describeTransitGatewayPolicyTables", - "ec2:describeTransitGatewayRouteTableAnnouncements", - "ec2:describeTransitGatewayRouteTables", - "ec2:describeTransitGateways", - "ec2:describeTransitGatewayVpcAttachments", - "ec2:describeVerifiedAccessEndpoints", - "ec2:describeVerifiedAccessGroups", - "ec2:describeVerifiedAccessInstanceLoggingConfigurations", - "ec2:describeVerifiedAccessInstances", - "ec2:describeVerifiedAccessTrustProviders", - "ec2:describeVolumeAttribute", - "ec2:describeVolumes", - "ec2:describeVolumesModifications", - "ec2:describeVolumeStatus", - "ec2:describeVpcAttribute", - "ec2:describeVpcBlockPublicAccessExclusions", - "ec2:describeVpcBlockPublicAccessOptions", - "ec2:describeVpcClassicLink", - "ec2:describeVpcClassicLinkDnsSupport", - "ec2:describeVpcEndpointAssociations", - "ec2:describeVpcEndpointConnectionNotifications", - "ec2:describeVpcEndpointConnections", - "ec2:describeVpcEndpoints", - "ec2:describeVpcEndpointServiceConfigurations", - "ec2:describeVpcEndpointServicePermissions", - "ec2:describeVpcEndpointServices", - "ec2:describeVpcPeeringConnections", - "ec2:describeVpcs", - "ec2:describeVpnConnections", - "ec2:describeVpnGateways", - "ec2:getAssociatedEnclaveCertificateIamRoles", - "ec2:getAssociatedIpv6PoolCidrs", - "ec2:getCapacityReservationUsage", - "ec2:getCoipPoolUsage", - "ec2:getConsoleOutput", - "ec2:getConsoleScreenshot", - "ec2:getDefaultCreditSpecification", - "ec2:getEbsDefaultKmsKeyId", - "ec2:getEbsEncryptionByDefault", - "ec2:getGroupsForCapacityReservation", - "ec2:getHostReservationPurchasePreview", - "ec2:getImageBlockPublicAccessState", - "ec2:getInstanceTypesFromInstanceRequirements", - "ec2:getIpamAddressHistory", - "ec2:getIpamDiscoveredAccounts", - "ec2:getIpamDiscoveredPublicAddresses", - "ec2:getIpamDiscoveredResourceCidrs", - "ec2:getIpamPoolAllocations", - "ec2:getIpamPoolCidrs", - "ec2:getIpamResourceCidrs", - "ec2:getLaunchTemplateData", - "ec2:getManagedPrefixListAssociations", - "ec2:getManagedPrefixListEntries", - "ec2:getNetworkInsightsAccessScopeContent", - "ec2:getReservedInstancesExchangeQuote", - "ec2:getRouteServerAssociations", - "ec2:getRouteServerPropagations", - "ec2:getRouteServerRoutingDatabase", - "ec2:getSerialConsoleAccessStatus", - "ec2:getSpotPlacementScores", - "ec2:getSubnetCidrReservations", - "ec2:getTransitGatewayMulticastDomainAssociations", - "ec2:getTransitGatewayPrefixListReferences", - "ec2:getVerifiedAccessEndpointPolicy", - "ec2:getVerifiedAccessGroupPolicy", - "ec2:listImagesInRecycleBin", - "ec2:listSnapshotsInRecycleBin", - "ec2:searchLocalGatewayRoutes", - "ec2:searchTransitGatewayMulticastGroups", - "ec2:searchTransitGatewayRoutes", - "ecr-public:describeImages", - "ecr-public:describeImageTags", - "ecr-public:describeRegistries", - "ecr-public:describeRepositories", - "ecr-public:getRegistryCatalogData", - "ecr-public:getRepositoryCatalogData", - "ecr-public:getRepositoryPolicy", - "ecr-public:listTagsForResource", - "ecr:batchCheckLayerAvailability", - "ecr:batchGetRepositoryScanningConfiguration", - "ecr:describeImageReplicationStatus", - "ecr:describeImages", - "ecr:describeImageScanFindings", - "ecr:describePullThroughCacheRules", - "ecr:describeRegistry", - "ecr:describeRepositories", - "ecr:getLifecyclePolicy", - "ecr:getLifecyclePolicyPreview", - "ecr:getRegistryPolicy", - "ecr:getRegistryScanningConfiguration", - "ecr:getRepositoryPolicy", - "ecr:listImages", - "ecr:listTagsForResource", - "ecs:describeCapacityProviders", - "ecs:describeClusters", - "ecs:describeContainerInstances", - "ecs:describeServiceDeployments", - "ecs:describeServiceRevisions", - "ecs:describeServices", - "ecs:describeTaskDefinition", - "ecs:describeTasks", - "ecs:describeTaskSets", - "ecs:getTaskProtection", - "ecs:listAccountSettings", - "ecs:listAttributes", - "ecs:listClusters", - "ecs:listContainerInstances", - "ecs:listServiceDeployments", - "ecs:listServices", - "ecs:listServicesByNamespace", - "ecs:listTagsForResource", - "ecs:listTaskDefinitionFamilies", - "ecs:listTaskDefinitions", - "ecs:listTasks" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Sid": "AWSSupportActionsGroup2", - "Action": [ - "eks:describeAccessEntry", - "eks:describeAddon", - "eks:describeAddonConfiguration", - "eks:describeAddonVersions", - "eks:describeCluster", - "eks:describeEksAnywhereSubscription", - "eks:describeFargateProfile", - "eks:describeIdentityProviderConfig", - "eks:describeInsight", - "eks:describeNodegroup", - "eks:describePodIdentityAssociation", - "eks:describeUpdate", - "eks:listAccessEntries", - "eks:listAccessPolicies", - "eks:listAddons", - "eks:listAssociatedAccessPolicies", - "eks:listClusters", - "eks:listEksAnywhereSubscriptions", - "eks:listFargateProfiles", - "eks:listIdentityProviderConfigs", - "eks:listInsights", - "eks:listNodegroups", - "eks:listPodIdentityAssociations", - "eks:listUpdates", - "elasticache:describeCacheClusters", - "elasticache:describeCacheEngineVersions", - "elasticache:describeCacheParameterGroups", - "elasticache:describeCacheParameters", - "elasticache:describeCacheSecurityGroups", - "elasticache:describeCacheSubnetGroups", - "elasticache:describeEngineDefaultParameters", - "elasticache:describeEvents", - "elasticache:describeGlobalReplicationGroups", - "elasticache:describeReplicationGroups", - "elasticache:describeReservedCacheNodes", - "elasticache:describeReservedCacheNodesOfferings", - "elasticache:describeServerlessCaches", - "elasticache:describeServerlessCacheSnapshots", - "elasticache:describeServiceUpdates", - "elasticache:describeSnapshots", - "elasticache:describeUpdateActions", - "elasticache:describeUserGroups", - "elasticache:describeUsers", - "elasticache:listAllowedNodeTypeModifications", - "elasticache:listTagsForResource", - "elasticbeanstalk:checkDNSAvailability", - "elasticbeanstalk:describeAccountAttributes", - "elasticbeanstalk:describeApplications", - "elasticbeanstalk:describeApplicationVersions", - "elasticbeanstalk:describeConfigurationOptions", - "elasticbeanstalk:describeEnvironmentHealth", - "elasticbeanstalk:describeEnvironmentManagedActionHistory", - "elasticbeanstalk:describeEnvironmentManagedActions", - "elasticbeanstalk:describeEnvironmentResources", - "elasticbeanstalk:describeEnvironments", - "elasticbeanstalk:describeEvents", - "elasticbeanstalk:describeInstancesHealth", - "elasticbeanstalk:describePlatformVersion", - "elasticbeanstalk:listAvailableSolutionStacks", - "elasticbeanstalk:listPlatformBranches", - "elasticbeanstalk:listPlatformVersions", - "elasticbeanstalk:validateConfigurationSettings", - "elasticfilesystem:describeAccessPoints", - "elasticfilesystem:describeBackupPolicy", - "elasticfilesystem:describeFileSystemPolicy", - "elasticfilesystem:describeFileSystems", - "elasticfilesystem:describeLifecycleConfiguration", - "elasticfilesystem:describeMountTargets", - "elasticfilesystem:describeMountTargetSecurityGroups", - "elasticfilesystem:describeReplicationConfigurations", - "elasticfilesystem:describeTags", - "elasticfilesystem:listTagsForResource", - "elasticloadbalancing:describeAccountLimits", - "elasticloadbalancing:describeInstanceHealth", - "elasticloadbalancing:describeListenerCertificates", - "elasticloadbalancing:describeListeners", - "elasticloadbalancing:describeLoadBalancerAttributes", - "elasticloadbalancing:describeLoadBalancerPolicies", - "elasticloadbalancing:describeLoadBalancerPolicyTypes", - "elasticloadbalancing:describeLoadBalancers", - "elasticloadbalancing:describeRules", - "elasticloadbalancing:describeSSLPolicies", - "elasticloadbalancing:describeTags", - "elasticloadbalancing:describeTargetGroupAttributes", - "elasticloadbalancing:describeTargetGroups", - "elasticloadbalancing:describeTargetHealth", - "elasticloadbalancing:describeTrustStoreAssociations", - "elasticloadbalancing:describeTrustStoreRevocations", - "elasticloadbalancing:describeTrustStores", - "elasticmapreduce:describeCluster", - "elasticmapreduce:describeNotebookExecution", - "elasticmapreduce:describeReleaseLabel", - "elasticmapreduce:describeSecurityConfiguration", - "elasticmapreduce:describeStep", - "elasticmapreduce:describeStudio", - "elasticmapreduce:getAutoTerminationPolicy", - "elasticmapreduce:getBlockPublicAccessConfiguration", - "elasticmapreduce:getManagedScalingPolicy", - "elasticmapreduce:getStudioSessionMapping", - "elasticmapreduce:listBootstrapActions", - "elasticmapreduce:listClusters", - "elasticmapreduce:listInstanceFleets", - "elasticmapreduce:listInstanceGroups", - "elasticmapreduce:listInstances", - "elasticmapreduce:listNotebookExecutions", - "elasticmapreduce:listReleaseLabels", - "elasticmapreduce:listSecurityConfigurations", - "elasticmapreduce:listSteps", - "elasticmapreduce:listStudios", - "elasticmapreduce:listStudioSessionMappings", - "elastictranscoder:listJobsByPipeline", - "elastictranscoder:listJobsByStatus", - "elastictranscoder:listPipelines", - "elastictranscoder:listPresets", - "elastictranscoder:readPipeline", - "elastictranscoder:readPreset", - "emr-containers:describeJobRun", - "emr-containers:describeJobTemplate", - "emr-containers:describeManagedEndpoint", - "emr-containers:describeVirtualCluster", - "emr-containers:listJobRuns", - "emr-containers:listJobTemplates", - "emr-containers:listManagedEndpoints", - "emr-containers:listVirtualClusters", - "emr-serverless:getApplication", - "emr-serverless:getJobRun", - "emr-serverless:listApplications", - "es:describeDomain", - "es:describeDomainAutoTunes", - "es:describeDomainChangeProgress", - "es:describeDomainConfig", - "es:describeDomainHealth", - "es:describeDomainNodes", - "es:describeDomains", - "es:describeDryRunProgress", - "es:describeElasticsearchDomain", - "es:describeElasticsearchDomainConfig", - "es:describeElasticsearchDomains", - "es:getDomainMaintenanceStatus", - "es:describeInboundConnections", - "es:describeInstanceTypeLimits", - "es:describeOutboundConnections", - "es:describePackages", - "es:describeReservedInstanceOfferings", - "es:describeReservedInstances", - "es:describeVpcEndpoints", - "es:getCompatibleVersions", - "es:getPackageVersionHistory", - "es:getUpgradeHistory", - "es:getUpgradeStatus", - "es:listDomainMaintenances", - "es:listDomainNames", - "es:listDomainsForPackage", - "es:listInstanceTypeDetails", - "es:listPackagesForDomain", - "es:listScheduledActions", - "es:listTags", - "es:listVersions", - "es:listVpcEndpointAccess", - "es:listVpcEndpoints", - "es:listVpcEndpointsForDomain", - "events:describeApiDestination", - "events:describeArchive", - "events:describeConnection", - "events:describeEndpoint", - "events:describeEventBus", - "events:describeEventSource", - "events:describePartnerEventSource", - "events:describeReplay", - "events:describeRule", - "events:listApiDestinations", - "events:listArchives", - "events:listConnections", - "events:listEndpoints", - "events:listEventBuses", - "events:listEventSources", - "events:listPartnerEventSourceAccounts", - "events:listPartnerEventSources", - "events:listReplays", - "events:listRuleNamesByTarget", - "events:listRules", - "events:listTargetsByRule", - "events:testEventPattern", - "evidently:getExperiment", - "evidently:getFeature", - "evidently:getLaunch", - "evidently:getProject", - "evidently:getSegment", - "evidently:listExperiments", - "evidently:listFeatures", - "evidently:listLaunches", - "evidently:listProjects", - "evidently:listSegmentReferences", - "evidently:listSegments", - "firehose:describeDeliveryStream", - "firehose:listDeliveryStreams", - "fis:getAction", - "fis:getExperiment", - "fis:getExperimentTargetAccountConfiguration", - "fis:getExperimentTemplate", - "fis:getSafetyLever", - "fis:getTargetAccountConfiguration", - "fis:listActions", - "fis:listExperimentResolvedTargets", - "fis:listExperimentTargetAccountConfigurations", - "fis:listExperiments", - "fis:listExperimentTemplates", - "fis:listTargetAccountConfigurations", - "fms:getAdminAccount", - "fms:getAdminScope", - "fms:getAppsList", - "fms:getComplianceDetail", - "fms:getNotificationChannel", - "fms:getProtocolsList", - "fms:getPolicy", - "fms:getProtectionStatus", - "fms:getResourceSet", - "fms:getThirdPartyFirewallAssociationStatus", - "fms:getViolationDetails", - "fms:listAdminAccountsForOrganization", - "fms:listAdminsManagingAccount", - "fms:listAppsLists", - "fms:listComplianceStatus", - "fms:listDiscoveredResources", - "fms:listMemberAccounts", - "fms:listProtocolsLists", - "fms:listPolicies", - "fms:listResourceSetResources", - "fms:listResourceSets", - "fms:listThirdPartyFirewallFirewallPolicies", - "forecast:describeDataset", - "forecast:describeDatasetGroup", - "forecast:describeDatasetImportJob", - "forecast:describeForecast", - "forecast:describeForecastExportJob", - "forecast:describePredictor", - "forecast:getAccuracyMetrics", - "forecast:listDatasetGroups", - "forecast:listDatasetImportJobs", - "forecast:listDatasets", - "forecast:listForecastExportJobs", - "forecast:listForecasts", - "forecast:listPredictors", - "freetier:getFreeTierUsage", - "fsx:describeBackups", - "fsx:describeDataRepositoryAssociations", - "fsx:describeDataRepositoryTasks", - "fsx:describeFileCaches", - "fsx:describeFileSystems", - "fsx:describeS3AccessPointAttachments", - "fsx:describeSnapshots", - "fsx:describeStorageVirtualMachines", - "fsx:describeVolumes", - "fsx:listTagsForResource", - "gamelift:describeAlias", - "gamelift:describeBuild", - "gamelift:describeEC2InstanceLimits", - "gamelift:describeFleetAttributes", - "gamelift:describeFleetCapacity", - "gamelift:describeFleetEvents", - "gamelift:describeFleetLocationAttributes", - "gamelift:describeFleetLocationCapacity", - "gamelift:describeFleetLocationUtilization", - "gamelift:describeFleetPortSettings", - "gamelift:describeFleetUtilization", - "gamelift:describeGameServer", - "gamelift:describeGameServerGroup", - "gamelift:describeGameSessionDetails", - "gamelift:describeGameSessionPlacement", - "gamelift:describeGameSessionQueues", - "gamelift:describeGameSessions", - "gamelift:describeInstances", - "gamelift:describeMatchmaking", - "gamelift:describeMatchmakingConfigurations", - "gamelift:describeMatchmakingRuleSets", - "gamelift:describePlayerSessions", - "gamelift:describeRuntimeConfiguration", - "gamelift:describeScalingPolicies", - "gamelift:describeScript", - "gamelift:listAliases", - "gamelift:listBuilds", - "gamelift:listFleets", - "gamelift:listGameServerGroups", - "gamelift:listGameServers", - "gamelift:listScripts", - "gamelift:resolveAlias", - "glacier:describeJob", - "glacier:describeVault", - "glacier:getDataRetrievalPolicy", - "glacier:getVaultAccessPolicy", - "glacier:getVaultLock", - "glacier:getVaultNotifications", - "glacier:listJobs", - "glacier:listTagsForVault", - "glacier:listVaults", - "globalaccelerator:describeAccelerator", - "globalaccelerator:describeAcceleratorAttributes", - "globalaccelerator:describeCrossAccountAttachment", - "globalaccelerator:describeCustomRoutingAccelerator", - "globalaccelerator:describeCustomRoutingAcceleratorAttributes", - "globalaccelerator:describeCustomRoutingEndpointGroup", - "globalaccelerator:describeCustomRoutingListener", - "globalaccelerator:describeEndpointGroup", - "globalaccelerator:describeListener", - "globalaccelerator:listAccelerators", - "globalaccelerator:listByoipCidrs", - "globalaccelerator:listCrossAccountAttachments", - "globalaccelerator:listCrossAccountResourceAccounts", - "globalaccelerator:listCrossAccountResources", - "globalaccelerator:listCustomRoutingAccelerators", - "globalaccelerator:listCustomRoutingEndpointGroups", - "globalaccelerator:listCustomRoutingListeners", - "globalaccelerator:listCustomRoutingPortMappings", - "globalaccelerator:listCustomRoutingPortMappingsByDestination", - "globalaccelerator:listEndpointGroups", - "globalaccelerator:listListeners", - "glue:batchGetBlueprints", - "glue:batchGetCrawlers", - "glue:batchGetDevEndpoints", - "glue:batchGetJobs", - "glue:batchGetPartition", - "glue:batchGetTriggers", - "glue:batchGetWorkflows", - "glue:checkSchemaVersionValidity", - "glue:batchGetTableOptimizer", - "glue:getBlueprint", - "glue:getBlueprintRun", - "glue:getBlueprintRuns", - "glue:getCatalogImportStatus", - "glue:getClassifier", - "glue:getClassifiers", - "glue:getColumnStatisticsForPartition", - "glue:getColumnStatisticsForTable", - "glue:getColumnStatisticsTaskRun", - "glue:getColumnStatisticsTaskRuns", - "glue:getCrawler", - "glue:getCrawlerMetrics", - "glue:getCrawlers", - "glue:getCustomEntityType", - "glue:getDatabase", - "glue:getDatabases", - "glue:getDataCatalogEncryptionSettings", - "glue:getDataflowGraph", - "glue:getDataQualityResult", - "glue:getDataQualityRuleRecommendationRun", - "glue:getDataQualityRuleset", - "glue:getDataQualityRulesetEvaluationRun", - "glue:getDevEndpoint", - "glue:getDevEndpoints", - "glue:getJob", - "glue:getJobBookmark", - "glue:getJobRun", - "glue:getJobRuns", - "glue:getJobs", - "glue:getMapping", - "glue:getMLTaskRun", - "glue:getMLTaskRuns", - "glue:getMLTransform", - "glue:getMLTransforms", - "glue:getPartition", - "glue:getPartitionIndexes", - "glue:getPartitions", - "glue:getRegistry", - "glue:getResourcePolicies", - "glue:getResourcePolicy", - "glue:getSchema", - "glue:getSchemaByDefinition", - "glue:getSchemaVersion", - "glue:getSchemaVersionsDiff", - "glue:getSecurityConfiguration", - "glue:getSecurityConfigurations", - "glue:getSession", - "glue:getStatement", - "glue:getTable", - "glue:getTableOptimizer", - "glue:getTables", - "glue:getTableVersions", - "glue:getTrigger", - "glue:getTriggers", - "glue:getUserDefinedFunction", - "glue:getUserDefinedFunctions", - "glue:getWorkflow", - "glue:getWorkflowRun", - "glue:getWorkflowRuns", - "glue:listColumnStatisticsTaskRuns", - "glue:listCrawlers", - "glue:listCrawls", - "glue:listDataQualityResults", - "glue:listDataQualityRuleRecommendationRuns", - "glue:listDataQualityRulesetEvaluationRuns", - "glue:listDataQualityRulesets", - "glue:listDevEndpoints", - "glue:listMLTransforms", - "glue:listRegistries", - "glue:listSchemas", - "glue:listSchemaVersions", - "glue:listSessions", - "glue:listStatements", - "glue:listTableOptimizerRuns", - "glue:listTriggers", - "glue:querySchemaVersionMetadata", - "glue:getTableVersion", - "grafana:describeWorkspace", - "grafana:describeWorkspaceAuthentication", - "grafana:listPermissions", - "grafana:listVersions", - "grafana:listWorkspaces", - "greengrass:getConnectivityInfo", - "greengrass:getCoreDefinition", - "greengrass:getCoreDefinitionVersion", - "greengrass:getDeploymentStatus", - "greengrass:getDeviceDefinition", - "greengrass:getDeviceDefinitionVersion", - "greengrass:getFunctionDefinition", - "greengrass:getFunctionDefinitionVersion", - "greengrass:getGroup", - "greengrass:getGroupCertificateAuthority", - "greengrass:getGroupVersion", - "greengrass:getLoggerDefinition", - "greengrass:getLoggerDefinitionVersion", - "greengrass:getResourceDefinitionVersion", - "greengrass:getServiceRoleForAccount", - "greengrass:getSubscriptionDefinition", - "greengrass:getSubscriptionDefinitionVersion", - "greengrass:listCoreDefinitions", - "greengrass:listCoreDefinitionVersions", - "greengrass:listDeployments", - "greengrass:listDeviceDefinitions", - "greengrass:listDeviceDefinitionVersions", - "greengrass:listFunctionDefinitions", - "greengrass:listFunctionDefinitionVersions", - "greengrass:listGroups", - "greengrass:listGroupVersions", - "greengrass:listLoggerDefinitions", - "greengrass:listLoggerDefinitionVersions", - "greengrass:listResourceDefinitions", - "greengrass:listResourceDefinitionVersions", - "greengrass:listSubscriptionDefinitions", - "greengrass:listSubscriptionDefinitionVersions", - "guardduty:describeMalwareScans", - "guardduty:describePublishingDestination", - "guardduty:getCoverageStatistics", - "guardduty:getDetector", - "guardduty:getFindings", - "guardduty:getFindingsStatistics", - "guardduty:getInvitationsCount", - "guardduty:getIPSet", - "guardduty:getMalwareScanSettings", - "guardduty:getMasterAccount", - "guardduty:getMemberDetectors", - "guardduty:getMembers", - "guardduty:getOrganizationStatistics", - "guardduty:getRemainingFreeTrialDays", - "guardduty:getThreatIntelSet", - "guardduty:listCoverage", - "guardduty:listDetectors", - "guardduty:listFindings", - "guardduty:listInvitations", - "guardduty:listIPSets", - "guardduty:listMembers", - "guardduty:listThreatIntelSets", - "health:describeAffectedAccountsForOrganization", - "health:describeAffectedEntities", - "health:describeAffectedEntitiesForOrganization", - "health:describeEntityAggregates", - "health:describeEntityAggregatesForOrganization", - "health:describeEventAggregates", - "health:describeEventDetails", - "health:describeEventDetailsForOrganization", - "health:describeEvents", - "health:describeEventsForOrganization", - "health:describeEventTypes", - "health:describeHealthServiceStatusForOrganization", - "iam:getAccessKeyLastUsed", - "iam:getAccountAuthorizationDetails", - "iam:getAccountPasswordPolicy", - "iam:getAccountSummary", - "iam:getContextKeysForCustomPolicy", - "iam:getContextKeysForPrincipalPolicy", - "iam:getCredentialReport", - "iam:getGroup", - "iam:getGroupPolicy", - "iam:getInstanceProfile", - "iam:getLoginProfile", - "iam:getMFADevice", - "iam:getOpenIDConnectProvider", - "iam:getPolicy", - "iam:getPolicyVersion", - "iam:getRole", - "iam:getRolePolicy", - "iam:getSAMLProvider", - "iam:getServerCertificate", - "iam:getServiceLinkedRoleDeletionStatus", - "iam:getSSHPublicKey", - "iam:getUser", - "iam:getUserPolicy", - "iam:listAccessKeys", - "iam:listAccountAliases", - "iam:listAttachedGroupPolicies", - "iam:listAttachedRolePolicies", - "iam:listAttachedUserPolicies", - "iam:listEntitiesForPolicy", - "iam:listGroupPolicies", - "iam:listGroups", - "iam:listGroupsForUser", - "iam:listInstanceProfiles", - "iam:listInstanceProfilesForRole", - "iam:listMFADevices", - "iam:listOpenIDConnectProviders", - "iam:listPolicies", - "iam:listPolicyVersions", - "iam:listRolePolicies", - "iam:listRoles", - "iam:listSAMLProviders", - "iam:listServerCertificates", - "iam:listServiceSpecificCredentials", - "iam:listSigningCertificates", - "iam:listSSHPublicKeys", - "iam:listUserPolicies", - "iam:listUsers", - "iam:listVirtualMFADevices", - "iam:simulateCustomPolicy", - "iam:simulatePrincipalPolicy", - "identitystore:describeGroup", - "identitystore:describeGroupMembership", - "identitystore:getGroupId", - "identitystore:getGroupMembershipId", - "identitystore:getUserId", - "identitystore:isMemberInGroups", - "identitystore:listGroupMemberships", - "identitystore:listGroupMembershipsForMember", - "identitystore:listGroups", - "imagebuilder:getComponent", - "imagebuilder:getComponentPolicy", - "imagebuilder:getContainerRecipe", - "imagebuilder:getContainerRecipePolicy", - "imagebuilder:getDistributionConfiguration", - "imagebuilder:getImage", - "imagebuilder:getImagePipeline", - "imagebuilder:getImagePolicy", - "imagebuilder:getImageRecipe", - "imagebuilder:getImageRecipePolicy", - "imagebuilder:getInfrastructureConfiguration", - "imagebuilder:getLifecycleExecution", - "imagebuilder:getLifecyclePolicy", - "imagebuilder:getWorkflow", - "imagebuilder:getWorkflowExecution", - "imagebuilder:getWorkflowStepExecution", - "imagebuilder:listComponentBuildVersions", - "imagebuilder:listComponents", - "imagebuilder:listContainerRecipes", - "imagebuilder:listDistributionConfigurations", - "imagebuilder:listImageBuildVersions", - "imagebuilder:listImagePipelineImages", - "imagebuilder:listImagePipelines", - "imagebuilder:listImageRecipes", - "imagebuilder:listImages", - "imagebuilder:listImageScanFindingAggregations", - "imagebuilder:listInfrastructureConfigurations", - "imagebuilder:listLifecycleExecutionResources", - "imagebuilder:listLifecycleExecutions", - "imagebuilder:listLifecyclePolicies", - "imagebuilder:listTagsForResource", - "imagebuilder:listWorkflowBuildVersions", - "imagebuilder:listWorkflowExecutions", - "imagebuilder:listWorkflows", - "imagebuilder:listWaitingWorkflowSteps", - "imagebuilder:listWorkflowStepExecutions", - "inspector-scan:scanSbom", - "inspector:describeAssessmentRuns", - "inspector:describeAssessmentTargets", - "inspector:describeAssessmentTemplates", - "inspector:describeCrossAccountAccessRole", - "inspector:describeResourceGroups", - "inspector:describeRulesPackages", - "inspector:getTelemetryMetadata", - "inspector:listAssessmentRunAgents", - "inspector:listAssessmentRuns", - "inspector:listAssessmentTargets", - "inspector:listAssessmentTemplates", - "inspector:listEventSubscriptions", - "inspector:listRulesPackages", - "inspector:listTagsForResource", - "inspector2:batchGetAccountStatus", - "inspector2:batchGetFreeTrialInfo", - "inspector2:describeOrganizationConfiguration", - "inspector2:getConfiguration", - "inspector2:getDelegatedAdminAccount", - "inspector2:getEc2DeepInspectionConfiguration", - "inspector2:getMember", - "inspector2:getSbomExport", - "inspector2:listCisScanConfigurations", - "inspector2:listCisScanResultsAggregatedByChecks", - "inspector2:listCisScanResultsAggregatedByTargetResource", - "inspector2:listCisScans", - "inspector2:listCoverage", - "inspector2:listDelegatedAdminAccounts", - "inspector2:listFilters", - "inspector2:listFindings", - "inspector2:listMembers", - "inspector2:listUsageTotals", - "internetmonitor:getHealthEvent", - "internetmonitor:getMonitor", - "internetmonitor:listHealthEvents", - "internetmonitor:listMonitors", - "invoicing:listInvoiceSummaries", - "iot:describeAuthorizer", - "iot:describeCACertificate", - "iot:describeCertificate", - "iot:describeDefaultAuthorizer", - "iot:describeDomainConfiguration", - "iot:describeEndpoint", - "iot:describeIndex", - "iot:describeJobExecution", - "iot:describeThing", - "iot:describeThingGroup", - "iot:describeTunnel", - "iot:getEffectivePolicies", - "iot:getIndexingConfiguration", - "iot:getLoggingOptions", - "iot:getPolicy", - "iot:getPolicyVersion", - "iot:getTopicRule", - "iot:getV2LoggingOptions", - "iot:listAttachedPolicies", - "iot:listAuthorizers", - "iot:listCACertificates", - "iot:listCertificates", - "iot:listCertificatesByCA", - "iot:listCommandExecutions", - "iot:listCommands", - "iot:listDomainConfigurations", - "iot:listJobExecutionsForJob", - "iot:listJobExecutionsForThing", - "iot:listJobs", - "iot:listNamedShadowsForThing", - "iot:listOutgoingCertificates", - "iot:listPackages", - "iot:listPackageVersions", - "iot:listPolicies", - "iot:listPolicyPrincipals", - "iot:listPolicyVersions", - "iot:listPrincipalPolicies", - "iot:listPrincipalThings", - "iot:listRoleAliases", - "iot:listTargetsForPolicy", - "iot:listThingGroups", - "iot:listThingGroupsForThing", - "iot:listThingPrincipals", - "iot:listThingRegistrationTasks", - "iot:listThings", - "iot:listThingsInThingGroup", - "iot:listThingTypes", - "iot:listTopicRules", - "iot:listTunnels", - "iot:listV2LoggingLevels", - "iotevents:describeDetector", - "iotevents:describeDetectorModel", - "iotevents:describeInput", - "iotevents:describeLoggingOptions", - "iotevents:listDetectorModels", - "iotevents:listDetectorModelVersions", - "iotevents:listDetectors", - "iotevents:listInputs", - "iotfleetwise:getCampaign", - "iotfleetwise:getDecoderManifest", - "iotfleetwise:getEncryptionConfiguration", - "iotfleetwise:getFleet", - "iotfleetwise:getLoggingOptions", - "iotfleetwise:getModelManifest", - "iotfleetwise:getRegisterAccountStatus", - "iotfleetwise:getSignalCatalog", - "iotfleetwise:getStateTemplate", - "iotfleetwise:getVehicle", - "iotfleetwise:getVehicleStatus", - "iotfleetwise:listCampaigns", - "iotfleetwise:listDecoderManifestNetworkInterfaces", - "iotfleetwise:listDecoderManifests", - "iotfleetwise:listDecoderManifestSignals", - "iotfleetwise:listFleets", - "iotfleetwise:listFleetsForVehicle", - "iotfleetwise:listModelManifestNodes", - "iotfleetwise:listModelManifests", - "iotfleetwise:listSignalCatalogNodes", - "iotfleetwise:listSignalCatalogs", - "iotfleetwise:listStateTemplates", - "iotfleetwise:listVehicles", - "iotfleetwise:listVehiclesInFleet", - "iotsitewise:describeAccessPolicy", - "iotsitewise:describeAsset", - "iotsitewise:describeAssetModel", - "iotsitewise:describeAssetProperty", - "iotsitewise:describeDashboard", - "iotsitewise:describeGateway", - "iotsitewise:describeGatewayCapabilityConfiguration", - "iotsitewise:describeLoggingOptions", - "iotsitewise:describePortal", - "iotsitewise:describeProject", - "iotsitewise:listAccessPolicies", - "iotsitewise:listAssetModels", - "iotsitewise:listAssets", - "iotsitewise:listAssociatedAssets", - "iotsitewise:listDashboards", - "iotsitewise:listGateways", - "iotsitewise:listPortals", - "iotsitewise:listProjectAssets", - "iotsitewise:listProjects", - "iottwinmaker:getComponentType", - "iottwinmaker:getEntity", - "iottwinmaker:getPricingPlan", - "iottwinmaker:getScene", - "iottwinmaker:getSyncJob", - "iottwinmaker:getWorkspace", - "iottwinmaker:listComponentTypes", - "iottwinmaker:listEntities", - "iottwinmaker:listScenes", - "iottwinmaker:listSyncJobs", - "iottwinmaker:listSyncResources", - "iottwinmaker:listWorkspaces", - "iotwireless:getDestination", - "iotwireless:getDeviceProfile", - "iotwireless:getPartnerAccount", - "iotwireless:getServiceEndpoint", - "iotwireless:getServiceProfile", - "iotwireless:getWirelessDevice", - "iotwireless:getWirelessDeviceStatistics", - "iotwireless:getWirelessGateway", - "iotwireless:getWirelessGatewayCertificate", - "iotwireless:getWirelessGatewayFirmwareInformation", - "iotwireless:getWirelessGatewayStatistics", - "iotwireless:getWirelessGatewayTask", - "iotwireless:getWirelessGatewayTaskDefinition", - "iotwireless:listDestinations", - "iotwireless:listDeviceProfiles", - "iotwireless:listPartnerAccounts", - "iotwireless:listServiceProfiles", - "iotwireless:listTagsForResource", - "iotwireless:listWirelessDevices", - "iotwireless:listWirelessGateways", - "iotwireless:listWirelessGatewayTaskDefinitions", - "ivs:getChannel", - "ivs:getRecordingConfiguration", - "ivs:getStream", - "ivs:getStreamSession", - "ivs:listChannels", - "ivs:listPlaybackKeyPairs", - "ivs:listRecordingConfigurations", - "ivs:listStreamKeys", - "ivs:listStreams", - "ivs:listStreamSessions", - "kafka:describeCluster", - "kafka:describeClusterOperation", - "kafka:describeClusterOperationV2", - "kafka:describeClusterV2", - "kafka:describeConfiguration", - "kafka:describeConfigurationRevision", - "kafka:describeReplicator", - "kafka:describeVpcConnection", - "kafka:getBootstrapBrokers", - "kafka:getClusterPolicy", - "kafka:listClientVpcConnections", - "kafka:listClusterOperations", - "kafka:listClusterOperationsV2", - "kafka:listClusters", - "kafka:listClustersV2", - "kafka:listConfigurationRevisions", - "kafka:listConfigurations", - "kafka:listNodes", - "kafka:listReplicators", - "kafka:listScramSecrets", - "kafka:listVpcConnections", - "kafkaconnect:describeConnector", - "kafkaconnect:describeCustomPlugin", - "kafkaconnect:describeWorkerConfiguration", - "kafkaconnect:listConnectors", - "kafkaconnect:listCustomPlugins", - "kafkaconnect:listWorkerConfigurations", - "kendra:describeDataSource", - "kendra:describeFaq", - "kendra:describeIndex", - "kendra:listDataSources", - "kendra:listFaqs", - "kendra:listIndices", - "kinesis:describeStream", - "kinesis:describeStreamConsumer", - "kinesis:describeStreamSummary", - "kinesis:listShards", - "kinesis:listStreamConsumers", - "kinesis:listStreams", - "kinesis:listTagsForStream", - "kinesisanalytics:describeApplication", - "kinesisanalytics:describeApplicationOperation", - "kinesisanalytics:describeApplicationSnapshot", - "kinesisanalytics:listApplicationOperations", - "kinesisanalytics:listApplications", - "kinesisanalytics:listApplicationSnapshots", - "kinesisanalytics:listApplicationVersions", - "kinesisvideo:describeImageGenerationConfiguration", - "kinesisvideo:describeNotificationConfiguration", - "kinesisvideo:describeSignalingChannel", - "kinesisvideo:describeStream", - "kinesisvideo:getDataEndpoint", - "kinesisvideo:getIceServerConfig", - "kinesisvideo:getSignalingChannelEndpoint", - "kinesisvideo:listSignalingChannels", - "kinesisvideo:listStreams", - "kms:describeKey", - "kms:getKeyPolicy", - "kms:getKeyRotationStatus", - "kms:listAliases", - "kms:listGrants", - "kms:listKeyPolicies", - "kms:listKeys", - "kms:listResourceTags", - "kms:listRetirableGrants", - "lakeformation:describeLakeFormationIdentityCenterConfiguration", - "lakeformation:describeResource", - "lakeformation:describeTransaction", - "lakeformation:getDataLakePrincipal", - "lakeformation:getDataLakeSettings", - "lakeformation:getEffectivePermissionsForPath", - "lakeformation:getLFTag", - "lakeformation:getLFTagExpression", - "lakeformation:getQueryState", - "lakeformation:getQueryStatistics", - "lakeformation:getResourceLFTags", - "lakeformation:listLFTagExpressions", - "lakeformation:listLFTags", - "lakeformation:listLakeFormationOptIns", - "lakeformation:listPermissions", - "lakeformation:listResources", - "lakeformation:searchDatabasesByLFTags", - "lakeformation:searchTablesByLFTags", - "lambda:getAccountSettings", - "lambda:getAlias", - "lambda:getCodeSigningConfig", - "lambda:getEventSourceMapping", - "lambda:getFunction", - "lambda:getFunctionCodeSigningConfig", - "lambda:getFunctionConcurrency", - "lambda:getFunctionConfiguration", - "lambda:getFunctionEventInvokeConfig", - "lambda:getFunctionRecursionConfig", - "lambda:getFunctionUrlConfig", - "lambda:getLayerVersion", - "lambda:getLayerVersionPolicy", - "lambda:getPolicy", - "lambda:getProvisionedConcurrencyConfig", - "lambda:getRuntimeManagementConfig", - "lambda:listAliases", - "lambda:listCodeSigningConfigs", - "lambda:listEventSourceMappings", - "lambda:listFunctionEventInvokeConfigs", - "lambda:listFunctions", - "lambda:listFunctionsByCodeSigningConfig", - "lambda:listFunctionUrlConfigs", - "lambda:listLayers", - "lambda:listLayerVersions", - "lambda:listProvisionedConcurrencyConfigs", - "lambda:listTags", - "lambda:listVersionsByFunction", - "launchwizard:describeProvisionedApp", - "launchwizard:describeProvisioningEvents", - "launchwizard:listDeploymentEvents", - "launchwizard:listDeployments", - "launchwizard:listProvisionedApps", - "lex:describeBot", - "lex:describeBotAlias", - "lex:describeBotLocale", - "lex:describeBotRecommendation", - "lex:describeBotVersion", - "lex:describeCustomVocabularyMetadata", - "lex:describeExport", - "lex:describeImport", - "lex:describeIntent", - "lex:describeResourcePolicy", - "lex:describeSlot", - "lex:describeSlotType", - "lex:getBot", - "lex:getBotAlias", - "lex:getBotAliases", - "lex:getBotChannelAssociation", - "lex:getBotChannelAssociations", - "lex:getBots", - "lex:getBotVersions", - "lex:getBuiltinIntent", - "lex:getBuiltinIntents", - "lex:getBuiltinSlotTypes", - "lex:getIntent", - "lex:getIntents", - "lex:getIntentVersions", - "lex:getSlotType", - "lex:getSlotTypes", - "lex:getSlotTypeVersions", - "lex:listBotAliases", - "lex:listBotLocales", - "lex:listBotRecommendations", - "lex:listBots", - "lex:listBotVersions", - "lex:listExports", - "lex:listImports", - "lex:listIntents", - "lex:listRecommendedIntents", - "lex:listSlots", - "lex:listSlotTypes", - "license-manager:getLicenseConfiguration", - "license-manager:getServiceSettings", - "license-manager:listAssociationsForLicenseConfiguration", - "license-manager:listFailuresForLicenseConfigurationOperations", - "license-manager:listLicenseConfigurations", - "license-manager:listLicenseSpecificationsForResource", - "license-manager:listResourceInventory", - "license-manager:listUsageForLicenseConfiguration", - "lightsail:getActiveNames", - "lightsail:getAlarms", - "lightsail:getAutoSnapshots", - "lightsail:getBlueprints", - "lightsail:getBucketBundles", - "lightsail:getBucketMetricData", - "lightsail:getBuckets", - "lightsail:getBundles", - "lightsail:getCertificates", - "lightsail:getContainerImages", - "lightsail:getContainerServiceDeployments", - "lightsail:getContainerServiceMetricData", - "lightsail:getContainerServicePowers", - "lightsail:getContainerServices", - "lightsail:getDisk", - "lightsail:getDisks", - "lightsail:getDiskSnapshot", - "lightsail:getDiskSnapshots", - "lightsail:getDistributionBundles", - "lightsail:getDistributionMetricData", - "lightsail:getDistributions", - "lightsail:getDomain", - "lightsail:getDomains", - "lightsail:getExportSnapshotRecords", - "lightsail:getInstance", - "lightsail:getInstanceMetricData", - "lightsail:getInstancePortStates", - "lightsail:getInstances", - "lightsail:getInstanceSnapshot", - "lightsail:getInstanceSnapshots", - "lightsail:getInstanceState", - "lightsail:getKeyPair", - "lightsail:getKeyPairs", - "lightsail:getLoadBalancer", - "lightsail:getLoadBalancerMetricData", - "lightsail:getLoadBalancers", - "lightsail:getLoadBalancerTlsCertificates", - "lightsail:getOperation", - "lightsail:getOperations", - "lightsail:getOperationsForResource", - "lightsail:getRegions", - "lightsail:getRelationalDatabase", - "lightsail:getRelationalDatabaseMetricData", - "lightsail:getRelationalDatabases", - "lightsail:getRelationalDatabaseSnapshot", - "lightsail:getRelationalDatabaseSnapshots", - "lightsail:getStaticIp", - "lightsail:getStaticIps", - "lightsail:isVpcPeered", - "logs:describeAccountPolicies", - "logs:describeDeliveries", - "logs:describeDeliveryDestinations", - "logs:describeDeliverySources", - "logs:describeDestinations", - "logs:describeExportTasks", - "logs:describeFieldIndexes", - "logs:describeIndexPolicies", - "logs:describeLogGroups", - "logs:describeLogStreams", - "logs:describeMetricFilters", - "logs:describeQueries", - "logs:describeQueryDefinitions", - "logs:describeResourcePolicies", - "logs:describeSubscriptionFilters", - "logs:getDataProtectionPolicy", - "logs:getDelivery", - "logs:getDeliveryDestination", - "logs:getDeliveryDestinationPolicy", - "logs:getDeliverySource", - "logs:getIntegration", - "logs:getLogAnomalyDetector", - "logs:getLogDelivery", - "logs:getLogGroupFields", - "logs:getTransformer", - "logs:listAnomalies", - "logs:listIntegrations", - "logs:listLogAnomalyDetectors", - "logs:listLogDeliveries", - "logs:listLogGroupsForQuery", - "logs:testMetricFilter", - "lookoutequipment:describeDataIngestionJob", - "lookoutequipment:describeDataset", - "lookoutequipment:describeInferenceScheduler", - "lookoutequipment:describeModel", - "lookoutequipment:listDataIngestionJobs", - "lookoutequipment:listDatasets", - "lookoutequipment:listInferenceExecutions", - "lookoutequipment:listInferenceSchedulers", - "lookoutequipment:listModels", - "lookoutmetrics:describeAlert", - "lookoutmetrics:describeAnomalyDetectionExecutions", - "lookoutmetrics:describeAnomalyDetector", - "lookoutmetrics:describeMetricSet", - "lookoutmetrics:getAnomalyGroup", - "lookoutmetrics:getDataQualityMetrics", - "lookoutmetrics:getFeedback", - "lookoutmetrics:getSampleData", - "lookoutmetrics:listAlerts", - "lookoutmetrics:listAnomalyDetectors", - "lookoutmetrics:listAnomalyGroupSummaries", - "lookoutmetrics:listAnomalyGroupTimeSeries", - "lookoutmetrics:listMetricSets", - "lookoutmetrics:listTagsForResource", - "m2:getApplication", - "m2:getApplicationVersion", - "m2:getBatchJobExecution", - "m2:getDataSetDetails", - "m2:getDataSetImportTask", - "m2:getDeployment", - "m2:getEnvironment", - "m2:listApplications", - "m2:listApplicationVersions", - "m2:listBatchJobDefinitions", - "m2:listBatchJobExecutions", - "m2:listDataSetImportHistory", - "m2:listDataSets", - "m2:listDeployments", - "m2:listEngineVersions", - "m2:listEnvironments", - "machinelearning:describeBatchPredictions", - "machinelearning:describeDataSources", - "machinelearning:describeEvaluations", - "machinelearning:describeMLModels", - "machinelearning:getBatchPrediction", - "machinelearning:getDataSource", - "machinelearning:getEvaluation", - "machinelearning:getMLModel", - "macie2:getClassificationExportConfiguration", - "macie2:getCustomDataIdentifier", - "macie2:getFindings", - "macie2:getFindingStatistics", - "macie2:listClassificationJobs", - "macie2:listCustomDataIdentifiers", - "macie2:listFindings", - "managedblockchain:getMember", - "managedblockchain:getNetwork", - "managedblockchain:getNode", - "managedblockchain:listMembers", - "managedblockchain:listNetworks", - "managedblockchain:listNodes", - "mediaconnect:describeFlow", - "mediaconnect:listEntitlements", - "mediaconnect:listFlows", - "mediaconvert:describeEndpoints", - "mediaconvert:getJob", - "mediaconvert:getJobTemplate", - "mediaconvert:getPreset", - "mediaconvert:getQueue", - "mediaconvert:listJobs", - "mediaconvert:listJobTemplates", - "medialive:describeChannel", - "medialive:describeInput", - "medialive:describeInputDevice", - "medialive:describeInputSecurityGroup", - "medialive:describeMultiplex", - "medialive:describeOffering", - "medialive:describeReservation", - "medialive:describeSchedule", - "medialive:getCloudWatchAlarmTemplate", - "medialive:getCloudWatchAlarmTemplateGroup", - "medialive:getEventBridgeRuleTemplate", - "medialive:getEventBridgeRuleTemplateGroup", - "medialive:getSignalMap", - "medialive:listChannels", - "medialive:listCloudWatchAlarmTemplateGroups", - "medialive:listCloudWatchAlarmTemplates", - "medialive:listEventBridgeRuleTemplateGroups", - "medialive:listEventBridgeRuleTemplates", - "medialive:listInputDevices", - "medialive:listInputs", - "medialive:listInputSecurityGroups", - "medialive:listMultiplexes", - "medialive:listOfferings", - "medialive:listReservations", - "medialive:listSignalMaps", - "mediapackage:describeChannel", - "mediapackage:describeOriginEndpoint", - "mediapackage:listChannels", - "mediapackage:listOriginEndpoints", - "mediastore:describeContainer", - "mediastore:getContainerPolicy", - "mediastore:getCorsPolicy", - "mediastore:listContainers", - "mediatailor:getPlaybackConfiguration", - "mediatailor:listPlaybackConfigurations", - "medical-imaging:getDatastore", - "medical-imaging:listDatastores", - "mgn:describeJobLogItems", - "mgn:describeJobs", - "mgn:describeLaunchConfigurationTemplates", - "mgn:describeReplicationConfigurationTemplates", - "mgn:describeSourceServers", - "mgn:describeVcenterClients", - "mgn:getLaunchConfiguration", - "mgn:getReplicationConfiguration", - "mgn:listApplications", - "mgn:listSourceServerActions", - "mgn:listTemplateActions", - "mgn:listWaves", - "mobiletargeting:getAdmChannel", - "mobiletargeting:getApnsChannel", - "mobiletargeting:getApnsSandboxChannel", - "mobiletargeting:getApnsVoipChannel", - "mobiletargeting:getApnsVoipSandboxChannel", - "mobiletargeting:getApp", - "mobiletargeting:getApplicationSettings", - "mobiletargeting:getApps", - "mobiletargeting:getBaiduChannel", - "mobiletargeting:getCampaign", - "mobiletargeting:getCampaignActivities", - "mobiletargeting:getCampaigns", - "mobiletargeting:getCampaignVersion", - "mobiletargeting:getCampaignVersions", - "mobiletargeting:getEmailChannel", - "mobiletargeting:getEndpoint", - "mobiletargeting:getEventStream", - "mobiletargeting:getExportJob", - "mobiletargeting:getExportJobs", - "mobiletargeting:getGcmChannel", - "mobiletargeting:getImportJob", - "mobiletargeting:getImportJobs", - "mobiletargeting:getJourney", - "mobiletargeting:getJourneyExecutionActivityMetrics", - "mobiletargeting:getJourneyExecutionMetrics", - "mobiletargeting:getJourneyRunExecutionActivityMetrics", - "mobiletargeting:getJourneyRunExecutionMetrics", - "mobiletargeting:getJourneyRuns", - "mobiletargeting:getSegment", - "mobiletargeting:getSegmentImportJobs", - "mobiletargeting:getSegments", - "mobiletargeting:getSegmentVersion", - "mobiletargeting:getSegmentVersions", - "mobiletargeting:getSmsChannel", - "mobiletargeting:listJourneys", - "mobiletargeting:phoneNumberValidate", - "mq:describeBroker", - "mq:describeConfiguration", - "mq:describeConfigurationRevision", - "mq:describeUser", - "mq:listBrokers", - "mq:listConfigurationRevisions", - "mq:listConfigurations", - "mq:listUsers", - "network-firewall:describeFirewall", - "network-firewall:describeFirewallPolicy", - "network-firewall:describeFlowOperation", - "network-firewall:describeLoggingConfiguration", - "network-firewall:describeResourcePolicy", - "network-firewall:describeRuleGroup", - "network-firewall:describeRuleGroupMetadata", - "network-firewall:describeTlsInspectionConfiguration", - "network-firewall:listAnalysisReports", - "network-firewall:listFirewallPolicies", - "network-firewall:listFirewalls", - "network-firewall:listFlowOperationResults", - "network-firewall:listFlowOperations", - "network-firewall:listRuleGroups", - "network-firewall:listTlsInspectionConfigurations", - "networkflowmonitor:getMonitor", - "networkflowmonitor:getScope", - "networkflowmonitor:listMonitors", - "networkflowmonitor:listScopes", - "networkmanager:describeGlobalNetworks", - "networkmanager:getConnectAttachment", - "networkmanager:getConnections", - "networkmanager:getConnectPeer", - "networkmanager:getConnectPeerAssociations", - "networkmanager:getCoreNetwork", - "networkmanager:getCoreNetworkChangeEvents", - "networkmanager:getCoreNetworkChangeSet", - "networkmanager:getCoreNetworkPolicy", - "networkmanager:getCustomerGatewayAssociations", - "networkmanager:getDevices", - "networkmanager:getDirectConnectGatewayAttachment", - "networkmanager:getLinkAssociations", - "networkmanager:getLinks", - "networkmanager:getNetworkResourceCounts", - "networkmanager:getNetworkResourceRelationships", - "networkmanager:getNetworkResources", - "networkmanager:getNetworkRoutes", - "networkmanager:getNetworkTelemetry", - "networkmanager:getResourcePolicy", - "networkmanager:getRouteAnalysis", - "networkmanager:getSites", - "networkmanager:getSiteToSiteVpnAttachment", - "networkmanager:getTransitGatewayConnectPeerAssociations", - "networkmanager:getTransitGatewayPeering", - "networkmanager:getTransitGatewayRegistrations", - "networkmanager:getTransitGatewayRouteTableAttachment", - "networkmanager:getVpcAttachment", - "networkmanager:listAttachments", - "networkmanager:listConnectPeers", - "networkmanager:listCoreNetworkPolicyVersions", - "networkmanager:listCoreNetworks", - "networkmanager:listOrganizationServiceAccessStatus", - "networkmanager:listPeerings", - "networkmanager:listTagsForResource", - "networkmonitor:getMonitor", - "networkmonitor:getProbe", - "networkmonitor:listMonitors", - "notifications-contacts:getEmailContact", - "notifications-contacts:listEmailContacts", - "notifications:getEventRule", - "notifications:getNotificationConfiguration", - "notifications:getNotificationEvent", - "notifications:listChannels", - "notifications:listEventRules", - "notifications:listNotificationConfigurations", - "notifications:listNotificationEvents", - "notifications:listNotificationHubs" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Sid": "AWSSupportActionsGroup3", - "Action": [ - "oam:getLink", - "oam:getSink", - "oam:getSinkPolicy", - "oam:listAttachedLinks", - "oam:listLinks", - "oam:listSinks", - "observabilityadmin:getTelemetryEvaluationStatus", - "observabilityadmin:getTelemetryEvaluationStatusForOrganization", - "observabilityadmin:listResourceTelemetry", - "observabilityadmin:listResourceTelemetryForOrganization", - "odb:getOciOnboardingStatus", - "odb:getOdbNetwork", - "odb:getOdbPeeringConnection", - "odb:listOdbNetworks", - "odb:listOdbPeeringConnections", - "omics:getAnnotationImportJob", - "omics:getAnnotationStore", - "omics:getReadSetImportJob", - "omics:getReadSetMetadata", - "omics:getReference", - "omics:getReferenceImportJob", - "omics:getReferenceMetadata", - "omics:getReferenceStore", - "omics:getRun", - "omics:getRunGroup", - "omics:getSequenceStore", - "omics:getVariantImportJob", - "omics:getVariantStore", - "omics:getWorkflow", - "omics:listAnnotationImportJobs", - "omics:listAnnotationStores", - "omics:listMultipartReadSetUploads", - "omics:listReadSetImportJobs", - "omics:listReadSets", - "omics:listReadSetUploadParts", - "omics:listReferenceImportJobs", - "omics:listReferences", - "omics:listReferenceStores", - "omics:listRunGroups", - "omics:listRuns", - "omics:listRunTasks", - "omics:listSequenceStores", - "omics:listVariantImportJobs", - "omics:listVariantStores", - "omics:listWorkflows", - "opsworks-cm:describeAccountAttributes", - "opsworks-cm:describeBackups", - "opsworks-cm:describeEvents", - "opsworks-cm:describeNodeAssociationStatus", - "opsworks-cm:describeServers", - "opsworks:describeAgentVersions", - "opsworks:describeApps", - "opsworks:describeCommands", - "opsworks:describeDeployments", - "opsworks:describeEcsClusters", - "opsworks:describeElasticIps", - "opsworks:describeElasticLoadBalancers", - "opsworks:describeInstances", - "opsworks:describeLayers", - "opsworks:describeLoadBasedAutoScaling", - "opsworks:describeMyUserProfile", - "opsworks:describePermissions", - "opsworks:describeRaidArrays", - "opsworks:describeRdsDbInstances", - "opsworks:describeServiceErrors", - "opsworks:describeStackProvisioningParameters", - "opsworks:describeStacks", - "opsworks:describeStackSummary", - "opsworks:describeTimeBasedAutoScaling", - "opsworks:describeUserProfiles", - "opsworks:describeVolumes", - "opsworks:getHostnameSuggestion", - "organizations:describeAccount", - "organizations:describeCreateAccountStatus", - "organizations:describeEffectivePolicy", - "organizations:describeHandshake", - "organizations:describeOrganization", - "organizations:describePolicy", - "organizations:describeResourcePolicy", - "organizations:listAccounts", - "organizations:listAWSServiceAccessForOrganization", - "organizations:listCreateAccountStatus", - "organizations:listDelegatedAdministrators", - "organizations:listDelegatedServicesForAccount", - "organizations:listHandshakesForAccount", - "organizations:listHandshakesForOrganization", - "organizations:listPoliciesForTarget", - "organizations:listTagsForResource", - "organizations:listTargetsForPolicy", - "osis:getPipeline", - "osis:getPipelineBlueprint", - "osis:getPipelineChangeProgress", - "osis:listPipelineBlueprints", - "osis:listPipelines", - "osis:validatePipeline", - "outposts:getCapacityTask", - "outposts:getCatalogItem", - "outposts:getConnection", - "outposts:getOrder", - "outposts:getOutpost", - "outposts:getOutpostInstanceTypes", - "outposts:getOutpostSupportedInstanceTypes", - "outposts:getSite", - "outposts:listAssets", - "outposts:listAssetInstances", - "outposts:listBlockingInstancesForCapacityTask", - "outposts:listCapacityTasks", - "outposts:listCatalogItems", - "outposts:listOrders", - "outposts:listOutposts", - "outposts:listSites", - "pcs:getCluster", - "pcs:getComputeNodeGroup", - "pcs:getQueue", - "pcs:listClusters", - "pcs:listComputeNodeGroups", - "pcs:listQueues", - "personalize:describeAlgorithm", - "personalize:describeBatchInferenceJob", - "personalize:describeBatchSegmentJob", - "personalize:describeCampaign", - "personalize:describeDataset", - "personalize:describeDatasetExportJob", - "personalize:describeDatasetGroup", - "personalize:describeDatasetImportJob", - "personalize:describeEventTracker", - "personalize:describeFeatureTransformation", - "personalize:describeFilter", - "personalize:describeRecipe", - "personalize:describeRecommender", - "personalize:describeSchema", - "personalize:describeSolution", - "personalize:describeSolutionVersion", - "personalize:getPersonalizedRanking", - "personalize:getRecommendations", - "personalize:getSolutionMetrics", - "personalize:listBatchInferenceJobs", - "personalize:listBatchSegmentJobs", - "personalize:listCampaigns", - "personalize:listDatasetExportJobs", - "personalize:listDatasetGroups", - "personalize:listDatasetImportJobs", - "personalize:listDatasets", - "personalize:listEventTrackers", - "personalize:listRecipes", - "personalize:listRecommenders", - "personalize:listSchemas", - "personalize:listSolutions", - "personalize:listSolutionVersions", - "pipes:describePipe", - "pipes:listPipes", - "pipes:listTagsForResource", - "polly:describeVoices", - "polly:getLexicon", - "polly:listLexicons", - "pricing:describeServices", - "pricing:getAttributeValues", - "pricing:getProducts", - "private-networks:getDeviceIdentifier", - "private-networks:getNetwork", - "private-networks:getNetworkResource", - "private-networks:listDeviceIdentifiers", - "private-networks:listNetworkResources", - "private-networks:listNetworks", - "qbusiness:getApplication", - "qbusiness:getDataSource", - "qbusiness:getIndex", - "qbusiness:getRetriever", - "qbusiness:getWebExperience", - "qbusiness:listApplications", - "qbusiness:listDataSources", - "qbusiness:listDataSourceSyncJobs", - "qbusiness:listIndices", - "qbusiness:listRetrievers", - "qbusiness:listWebExperiences", - "quicksight:describeAccountCustomization", - "quicksight:describeAccountSettings", - "quicksight:describeAccountSubscription", - "quicksight:describeAnalysis", - "quicksight:describeAnalysisPermissions", - "quicksight:describeDashboard", - "quicksight:describeDashboardPermissions", - "quicksight:describeDataSet", - "quicksight:describeDataSetPermissions", - "quicksight:describeDataSetRefreshProperties", - "quicksight:describeDataSource", - "quicksight:describeDataSourcePermissions", - "quicksight:describeFolder", - "quicksight:describeFolderPermissions", - "quicksight:describeFolderResolvedPermissions", - "quicksight:describeGroup", - "quicksight:describeGroupMembership", - "quicksight:describeIAMPolicyAssignment", - "quicksight:describeIngestion", - "quicksight:describeIpRestriction", - "quicksight:describeNamespace", - "quicksight:describeRefreshSchedule", - "quicksight:describeTemplate", - "quicksight:describeTemplateAlias", - "quicksight:describeTemplatePermissions", - "quicksight:describeTheme", - "quicksight:describeThemeAlias", - "quicksight:describeThemePermissions", - "quicksight:describeTopic", - "quicksight:describeTopicPermissions", - "quicksight:describeTopicRefresh", - "quicksight:describeTopicRefreshSchedule", - "quicksight:describeUser", - "quicksight:describeVPCConnection", - "quicksight:listAnalyses", - "quicksight:listDashboards", - "quicksight:listDashboardVersions", - "quicksight:listDataSets", - "quicksight:listDataSources", - "quicksight:listFolderMembers", - "quicksight:listFolders", - "quicksight:listGroupMemberships", - "quicksight:listGroups", - "quicksight:listIAMPolicyAssignments", - "quicksight:listIAMPolicyAssignmentsForUser", - "quicksight:listIngestions", - "quicksight:listNamespaces", - "quicksight:listRefreshSchedules", - "quicksight:listTemplateAliases", - "quicksight:listTemplates", - "quicksight:listTemplateVersions", - "quicksight:listThemeAliases", - "quicksight:listThemes", - "quicksight:listThemeVersions", - "quicksight:listTopicRefreshSchedules", - "quicksight:listTopics", - "quicksight:listUserGroups", - "quicksight:listUsers", - "quicksight:listVPCConnections", - "quicksight:searchAnalyses", - "quicksight:searchDashboards", - "quicksight:searchDataSets", - "quicksight:searchDataSources", - "quicksight:searchFolders", - "quicksight:searchGroups", - "ram:getPermission", - "ram:getResourceShareAssociations", - "ram:getResourceShareInvitations", - "ram:getResourceShares", - "ram:listPendingInvitationResources", - "ram:listPrincipals", - "ram:listResources", - "ram:listResourceSharePermissions", - "rbin:getRule", - "rbin:listRules", - "rds:describeAccountAttributes", - "rds:describeBlueGreenDeployments", - "rds:describeCertificates", - "rds:describeDBClusterEndpoints", - "rds:describeDBClusterParameterGroups", - "rds:describeDBClusterParameters", - "rds:describeDBClusters", - "rds:describeDBClusterSnapshots", - "rds:describeDBEngineVersions", - "rds:describeDBInstanceAutomatedBackups", - "rds:describeDBInstances", - "rds:describeDBLogFiles", - "rds:describeDBParameterGroups", - "rds:describeDBParameters", - "rds:describeDBSecurityGroups", - "rds:describeDBSnapshotAttributes", - "rds:describeDBSnapshots", - "rds:describeDBSubnetGroups", - "rds:describeEngineDefaultClusterParameters", - "rds:describeEngineDefaultParameters", - "rds:describeEventCategories", - "rds:describeEvents", - "rds:describeEventSubscriptions", - "rds:describeExportTasks", - "rds:describeGlobalClusters", - "rds:describeIntegrations", - "rds:describeOptionGroupOptions", - "rds:describeOptionGroups", - "rds:describeOrderableDBInstanceOptions", - "rds:describePendingMaintenanceActions", - "rds:describeReservedDBInstances", - "rds:describeReservedDBInstancesOfferings", - "rds:describeSourceRegions", - "rds:describeValidDBInstanceModifications", - "rds:listTagsForResource", - "redshift-data:describeStatement", - "redshift-data:listStatements", - "redshift-serverless:getCustomDomainAssociation", - "redshift-serverless:getEndpointAccess", - "redshift-serverless:getNamespace", - "redshift-serverless:getRecoveryPoint", - "redshift-serverless:getScheduledAction", - "redshift-serverless:getSnapshot", - "redshift-serverless:getTableRestoreStatus", - "redshift-serverless:getUsageLimit", - "redshift-serverless:getWorkgroup", - "redshift-serverless:listCustomDomainAssociations", - "redshift-serverless:listEndpointAccess", - "redshift-serverless:listNamespaces", - "redshift-serverless:listRecoveryPoints", - "redshift-serverless:listSnapshotCopyConfigurations", - "redshift-serverless:listSnapshots", - "redshift-serverless:listTableRestoreStatus", - "redshift-serverless:listUsageLimits", - "redshift-serverless:listWorkgroups", - "redshift:describeClusterDbRevisions", - "redshift:describeClusterParameterGroups", - "redshift:describeClusterParameters", - "redshift:describeClusters", - "redshift:describeClusterSecurityGroups", - "redshift:describeClusterSnapshots", - "redshift:describeClusterSubnetGroups", - "redshift:describeClusterTracks", - "redshift:describeClusterVersions", - "redshift:describeCustomDomainAssociations", - "redshift:describeDataShares", - "redshift:describeDataSharesForConsumer", - "redshift:describeDataSharesForProducer", - "redshift:describeDefaultClusterParameters", - "redshift:describeEndpointAccess", - "redshift:describeEndpointAuthorization", - "redshift:describeEventCategories", - "redshift:describeEvents", - "redshift:describeEventSubscriptions", - "redshift:describeHsmClientCertificates", - "redshift:describeHsmConfigurations", - "redshift:describeInboundIntegrations", - "redshift:describeLoggingStatus", - "redshift:describeNodeConfigurationOptions", - "redshift:describeOrderableClusterOptions", - "redshift:describeRedshiftIdcApplications", - "redshift:describeReservedNodeOfferings", - "redshift:describeReservedNodes", - "redshift:describeResize", - "redshift:describeSnapshotCopyGrants", - "redshift:describeSnapshotSchedules", - "redshift:describeStorage", - "redshift:describeTableRestoreStatus", - "redshift:describeTags", - "redshift:describeUsageLimits", - "rekognition:listCollections", - "rekognition:listFaces", - "resiliencehub:describeApp", - "resiliencehub:describeAppAssessment", - "resiliencehub:describeAppVersion", - "resiliencehub:describeAppVersionAppComponent", - "resiliencehub:describeAppVersionResource", - "resiliencehub:describeAppVersionResourcesResolutionStatus", - "resiliencehub:describeAppVersionTemplate", - "resiliencehub:describeDraftAppVersionResourcesImportStatus", - "resiliencehub:describeResiliencyPolicy", - "resiliencehub:describeResourceGroupingRecommendationTask", - "resiliencehub:listAlarmRecommendations", - "resiliencehub:listAppAssessmentComplianceDrifts", - "resiliencehub:listAppAssessmentResourceDrifts", - "resiliencehub:listAppAssessments", - "resiliencehub:listAppComponentCompliances", - "resiliencehub:listAppComponentRecommendations", - "resiliencehub:listAppInputSources", - "resiliencehub:listApps", - "resiliencehub:listAppVersionAppComponents", - "resiliencehub:listAppVersionResourceMappings", - "resiliencehub:listAppVersionResources", - "resiliencehub:listAppVersions", - "resiliencehub:listRecommendationTemplates", - "resiliencehub:listResiliencyPolicies", - "resiliencehub:listResourceGroupingRecommendations", - "resiliencehub:listSopRecommendations", - "resiliencehub:listSuggestedResiliencyPolicies", - "resiliencehub:listTestRecommendations", - "resiliencehub:listUnsupportedAppVersionResources", - "resource-explorer-2:getAccountLevelServiceConfiguration", - "resource-explorer-2:getIndex", - "resource-explorer-2:getView", - "resource-explorer-2:listIndexes", - "resource-explorer-2:listViews", - "resource-explorer-2:search", - "resource-groups:getGroup", - "resource-groups:getGroupQuery", - "resource-groups:getTags", - "resource-groups:listGroupResources", - "resource-groups:listGroups", - "resource-groups:searchResources", - "robomaker:batchDescribeSimulationJob", - "robomaker:describeDeploymentJob", - "robomaker:describeFleet", - "robomaker:describeRobot", - "robomaker:describeRobotApplication", - "robomaker:describeSimulationApplication", - "robomaker:describeSimulationJob", - "robomaker:listDeploymentJobs", - "robomaker:listFleets", - "robomaker:listRobotApplications", - "robomaker:listRobots", - "robomaker:listSimulationApplications", - "robomaker:listSimulationJobs", - "rolesanywhere:getProfile", - "rolesanywhere:getTrustAnchor", - "rolesanywhere:listProfiles", - "rolesanywhere:listTrustAnchors", - "route53-recovery-cluster:getRoutingControlState", - "route53-recovery-cluster:listRoutingControls", - "route53-recovery-control-config:describeControlPanel", - "route53-recovery-control-config:describeRoutingControl", - "route53-recovery-control-config:describeSafetyRule", - "route53-recovery-control-config:listControlPanels", - "route53-recovery-control-config:listRoutingControls", - "route53-recovery-control-config:listSafetyRules", - "route53-recovery-readiness:getCell", - "route53-recovery-readiness:getCellReadinessSummary", - "route53-recovery-readiness:getReadinessCheck", - "route53-recovery-readiness:getReadinessCheckResourceStatus", - "route53-recovery-readiness:getReadinessCheckStatus", - "route53-recovery-readiness:getRecoveryGroup", - "route53-recovery-readiness:getRecoveryGroupReadinessSummary", - "route53-recovery-readiness:listCells", - "route53-recovery-readiness:listReadinessChecks", - "route53-recovery-readiness:listRecoveryGroups", - "route53-recovery-readiness:listResourceSets", - "route53:getAccountLimit", - "route53:getChange", - "route53:getCheckerIpRanges", - "route53:getDNSSEC", - "route53:getGeoLocation", - "route53:getHealthCheck", - "route53:getHealthCheckCount", - "route53:getHealthCheckLastFailureReason", - "route53:getHealthCheckStatus", - "route53:getHostedZone", - "route53:getHostedZoneCount", - "route53:getHostedZoneLimit", - "route53:getQueryLoggingConfig", - "route53:getReusableDelegationSet", - "route53:getTrafficPolicy", - "route53:getTrafficPolicyInstance", - "route53:getTrafficPolicyInstanceCount", - "route53:listCidrBlocks", - "route53:listCidrCollections", - "route53:listCidrLocations", - "route53:listGeoLocations", - "route53:listHealthChecks", - "route53:listHostedZones", - "route53:listHostedZonesByName", - "route53:listHostedZonesByVpc", - "route53:listQueryLoggingConfigs", - "route53:listResourceRecordSets", - "route53:listReusableDelegationSets", - "route53:listTrafficPolicies", - "route53:listTrafficPolicyInstances", - "route53:listTrafficPolicyInstancesByHostedZone", - "route53:listTrafficPolicyInstancesByPolicy", - "route53:listTrafficPolicyVersions", - "route53:listVPCAssociationAuthorizations", - "route53domains:checkDomainAvailability", - "route53domains:getContactReachabilityStatus", - "route53domains:getDomainDetail", - "route53domains:getOperationDetail", - "route53domains:listDomains", - "route53domains:listOperations", - "route53domains:listPrices", - "route53domains:listTagsForDomain", - "route53domains:viewBilling", - "route53profiles:getProfile", - "route53profiles:getProfileAssociation", - "route53profiles:getProfileResourceAssociation", - "route53profiles:listProfileAssociations", - "route53profiles:listProfileResourceAssociations", - "route53profiles:listProfiles", - "route53profiles:listTagsForResource", - "route53resolver:getFirewallConfig", - "route53resolver:getFirewallDomainList", - "route53resolver:getFirewallRuleGroup", - "route53resolver:getFirewallRuleGroupAssociation", - "route53resolver:getFirewallRuleGroupPolicy", - "route53resolver:getOutpostResolver", - "route53resolver:getResolverDnssecConfig", - "route53resolver:getResolverQueryLogConfig", - "route53resolver:getResolverQueryLogConfigAssociation", - "route53resolver:getResolverQueryLogConfigPolicy", - "route53resolver:getResolverRule", - "route53resolver:getResolverRuleAssociation", - "route53resolver:getResolverRulePolicy", - "route53resolver:listFirewallConfigs", - "route53resolver:listFirewallDomainLists", - "route53resolver:listFirewallDomains", - "route53resolver:listFirewallRuleGroupAssociations", - "route53resolver:listFirewallRuleGroups", - "route53resolver:listFirewallRules", - "route53resolver:listOutpostResolvers", - "route53resolver:listResolverConfigs", - "route53resolver:listResolverDnssecConfigs", - "route53resolver:listResolverEndpointIpAddresses", - "route53resolver:listResolverEndpoints", - "route53resolver:listResolverQueryLogConfigAssociations", - "route53resolver:listResolverQueryLogConfigs", - "route53resolver:listResolverRuleAssociations", - "route53resolver:listResolverRules", - "route53resolver:listTagsForResource", - "rum:batchGetRumMetricDefinitions", - "rum:getAppMonitor", - "rum:listAppMonitors", - "rum:listRumMetricsDestinations", - "s3-outposts:listEndpoints", - "s3-outposts:listOutpostsWithS3", - "s3-outposts:listRegionalBuckets", - "s3-outposts:listSharedEndpoints", - "s3:describeJob", - "s3:describeMultiRegionAccessPointOperation", - "s3:getAccelerateConfiguration", - "s3:getAccessGrant", - "s3:getAccessGrantsInstance", - "s3:getAccessGrantsInstanceResourcePolicy", - "s3:getAccessGrantsLocation", - "s3:getAccessPoint", - "s3:getAccessPointConfigurationForObjectLambda", - "s3:getAccessPointForObjectLambda", - "s3:getAccessPointPolicy", - "s3:getAccessPointPolicyForObjectLambda", - "s3:getAccessPointPolicyStatus", - "s3:getAccessPointPolicyStatusForObjectLambda", - "s3:getAccountPublicAccessBlock", - "s3:getAnalyticsConfiguration", - "s3:getBucketAcl", - "s3:getBucketCORS", - "s3:getBucketLocation", - "s3:getBucketLogging", - "s3:getBucketNotification", - "s3:getBucketObjectLockConfiguration", - "s3:getBucketOwnershipControls", - "s3:getBucketPolicy", - "s3:getBucketPolicyStatus", - "s3:getBucketPublicAccessBlock", - "s3:getBucketRequestPayment", - "s3:getBucketVersioning", - "s3:getBucketWebsite", - "s3:getEncryptionConfiguration", - "s3:getIntelligentTieringConfiguration", - "s3:getInventoryConfiguration", - "s3:getLifecycleConfiguration", - "s3:getMetricsConfiguration", - "s3:getMultiRegionAccessPoint", - "s3:getMultiRegionAccessPointPolicy", - "s3:getMultiRegionAccessPointPolicyStatus", - "s3:getMultiRegionAccessPointRoutes", - "s3:getObjectAcl", - "s3:getObjectLegalHold", - "s3:getObjectRetention", - "s3:getReplicationConfiguration", - "s3:getStorageLensConfiguration", - "s3:listAccessGrants", - "s3:listAccessGrantsInstances", - "s3:listAccessGrantsLocations", - "s3:listAccessPoints", - "s3:listAccessPointsForObjectLambda", - "s3:listAllMyBuckets", - "s3:listBucket", - "s3:listBucketMultipartUploads", - "s3:listBucketVersions", - "s3:listJobs", - "s3:listMultipartUploadParts", - "s3:listMultiRegionAccessPoints", - "s3:listStorageLensConfigurations", - "s3express:getBucketPolicy", - "s3express:listAllMyDirectoryBuckets", - "s3tables:getNamespace", - "s3tables:getTable", - "s3tables:getTableBucket", - "s3tables:getTableBucketMaintenanceConfiguration", - "s3tables:getTableBucketPolicy", - "s3tables:getTableMaintenanceJobStatus", - "s3tables:getTableMetadataLocation", - "s3tables:getTablePolicy", - "s3tables:listNamespaces", - "s3tables:listTableBuckets", - "s3tables:listTables", - "sagemaker:describeAction", - "sagemaker:describeAlgorithm", - "sagemaker:describeApp", - "sagemaker:describeAppImageConfig", - "sagemaker:describeArtifact", - "sagemaker:describeAutoMLJob", - "sagemaker:describeCluster", - "sagemaker:describeClusterNode", - "sagemaker:describeCodeRepository", - "sagemaker:describeCompilationJob", - "sagemaker:describeContext", - "sagemaker:describeDataQualityJobDefinition", - "sagemaker:describeDevice", - "sagemaker:describeDeviceFleet", - "sagemaker:describeDomain", - "sagemaker:describeEdgeDeploymentPlan", - "sagemaker:describeEdgePackagingJob", - "sagemaker:describeEndpoint", - "sagemaker:describeEndpointConfig", - "sagemaker:describeExperiment", - "sagemaker:describeFeatureGroup", - "sagemaker:describeFeatureMetadata", - "sagemaker:describeFlowDefinition", - "sagemaker:describeHub", - "sagemaker:describeHubContent", - "sagemaker:describeHumanTaskUi", - "sagemaker:describeHyperParameterTuningJob", - "sagemaker:describeImage", - "sagemaker:describeImageVersion", - "sagemaker:describeInferenceComponent", - "sagemaker:describeInferenceExperiment", - "sagemaker:describeInferenceRecommendationsJob", - "sagemaker:describeLabelingJob", - "sagemaker:describeMlflowTrackingServer", - "sagemaker:describeModel", - "sagemaker:describeModelBiasJobDefinition", - "sagemaker:describeModelCard", - "sagemaker:describeModelCardExportJob", - "sagemaker:describeModelExplainabilityJobDefinition", - "sagemaker:describeModelPackage", - "sagemaker:describeModelPackageGroup", - "sagemaker:describeModelQualityJobDefinition", - "sagemaker:describeMonitoringSchedule", - "sagemaker:describeNotebookInstance", - "sagemaker:describeNotebookInstanceLifecycleConfig", - "sagemaker:describePipeline", - "sagemaker:describePipelineDefinitionForExecution", - "sagemaker:describePipelineExecution", - "sagemaker:describeProcessingJob", - "sagemaker:describeProject", - "sagemaker:describeSpace", - "sagemaker:describeStudioLifecycleConfig", - "sagemaker:describeSubscribedWorkteam", - "sagemaker:describeTrainingJob", - "sagemaker:describeTransformJob", - "sagemaker:describeTrial", - "sagemaker:describeTrialComponent", - "sagemaker:describeUserProfile", - "sagemaker:describeWorkforce", - "sagemaker:describeWorkteam", - "sagemaker:getDeviceFleetReport", - "sagemaker:getModelPackageGroupPolicy", - "sagemaker:getSagemakerServicecatalogPortfolioStatus", - "sagemaker:listActions", - "sagemaker:listAlgorithms", - "sagemaker:listAliases", - "sagemaker:listAppImageConfigs", - "sagemaker:listApps", - "sagemaker:listArtifacts", - "sagemaker:listAssociations", - "sagemaker:listAutoMLJobs", - "sagemaker:listCandidatesForAutoMLJob", - "sagemaker:listClusterNodes", - "sagemaker:listClusters", - "sagemaker:listCodeRepositories", - "sagemaker:listCompilationJobs", - "sagemaker:listContexts", - "sagemaker:listDataQualityJobDefinitions", - "sagemaker:listDeviceFleets", - "sagemaker:listDevices", - "sagemaker:listDomains", - "sagemaker:listEdgeDeploymentPlans", - "sagemaker:listEdgePackagingJobs", - "sagemaker:listEndpointConfigs", - "sagemaker:listEndpoints", - "sagemaker:listExperiments", - "sagemaker:listFeatureGroups", - "sagemaker:listFlowDefinitions", - "sagemaker:listHubContents", - "sagemaker:listHubContentVersions", - "sagemaker:listHubs", - "sagemaker:listHumanTaskUis", - "sagemaker:listHyperParameterTuningJobs", - "sagemaker:listImages", - "sagemaker:listImageVersions", - "sagemaker:listInferenceComponents", - "sagemaker:listInferenceExperiments", - "sagemaker:listInferenceRecommendationsJobs", - "sagemaker:listInferenceRecommendationsJobSteps", - "sagemaker:listLabelingJobs", - "sagemaker:listLabelingJobsForWorkteam", - "sagemaker:listLineageGroups", - "sagemaker:listMlflowTrackingServers", - "sagemaker:listModelBiasJobDefinitions", - "sagemaker:listModelCardExportJobs", - "sagemaker:listModelCards", - "sagemaker:listModelCardVersions", - "sagemaker:listModelExplainabilityJobDefinitions", - "sagemaker:listModelMetadata", - "sagemaker:listModelPackageGroups", - "sagemaker:listModelPackages", - "sagemaker:listModelQualityJobDefinitions", - "sagemaker:listModels", - "sagemaker:listMonitoringAlertHistory", - "sagemaker:listMonitoringAlerts", - "sagemaker:listMonitoringExecutions", - "sagemaker:listMonitoringSchedules", - "sagemaker:listNotebookInstanceLifecycleConfigs", - "sagemaker:listNotebookInstances", - "sagemaker:listPipelineExecutions", - "sagemaker:listPipelineExecutionSteps", - "sagemaker:listPipelineParametersForExecution", - "sagemaker:listPipelines", - "sagemaker:listProcessingJobs", - "sagemaker:listProjects", - "sagemaker:listSpaces", - "sagemaker:listStageDevices", - "sagemaker:listStudioLifecycleConfigs", - "sagemaker:listSubscribedWorkteams", - "sagemaker:listTags", - "sagemaker:listTrainingJobs", - "sagemaker:listTrainingJobsForHyperParameterTuningJob", - "sagemaker:listTransformJobs", - "sagemaker:listTrialComponents", - "sagemaker:listTrials", - "sagemaker:listUserProfiles", - "sagemaker:listWorkforces", - "sagemaker:listWorkteams", - "savingsplans:describeSavingsPlans", - "scheduler:getSchedule", - "scheduler:getScheduleGroup", - "scheduler:listScheduleGroups", - "scheduler:listSchedules", - "schemas:describeCodeBinding", - "schemas:describeDiscoverer", - "schemas:describeRegistry", - "schemas:describeSchema", - "schemas:getCodeBindingSource", - "schemas:getDiscoveredSchema", - "schemas:getResourcePolicy", - "schemas:listDiscoverers", - "schemas:listRegistries", - "schemas:listSchemas", - "schemas:listSchemaVersions", - "sdb:domainMetadata", - "sdb:listDomains", - "secretsmanager:describeSecret", - "secretsmanager:getResourcePolicy", - "secretsmanager:listSecrets", - "secretsmanager:listSecretVersionIds", - "securityhub:batchGetConfigurationPolicyAssociations", - "securityhub:describeOrganizationConfiguration", - "securityhub:getConfigurationPolicy", - "securityhub:getConfigurationPolicyAssociation", - "securityhub:getEnabledStandards", - "securityhub:getFindingAggregator", - "securityhub:getFindings", - "securityhub:getInsightResults", - "securityhub:getInsights", - "securityhub:getMasterAccount", - "securityhub:getMembers", - "securityhub:listConfigurationPolicies", - "securityhub:listConfigurationPolicyAssociations", - "securityhub:listEnabledProductsForImport", - "securityhub:listFindingAggregators", - "securityhub:listInvitations", - "securityhub:listMembers", - "securitylake:getDataLakeExceptionSubscription", - "securitylake:getDataLakeOrganizationConfiguration", - "securitylake:getDataLakeSources", - "securitylake:getSubscriber", - "securitylake:listDataLakeExceptions", - "securitylake:listDataLakes", - "securitylake:listLogSources", - "securitylake:listSubscribers", - "serverlessrepo:getApplication", - "serverlessrepo:getApplicationPolicy", - "serverlessrepo:getCloudFormationTemplate", - "serverlessrepo:listApplicationDependencies", - "serverlessrepo:listApplications", - "serverlessrepo:listApplicationVersions", - "servicecatalog:describeConstraint", - "servicecatalog:describePortfolio", - "servicecatalog:describeProduct", - "servicecatalog:describeProductAsAdmin", - "servicecatalog:describeProductView", - "servicecatalog:describeProvisioningArtifact", - "servicecatalog:describeProvisioningParameters", - "servicecatalog:describeRecord", - "servicecatalog:listAcceptedPortfolioShares", - "servicecatalog:listConstraintsForPortfolio", - "servicecatalog:listLaunchPaths", - "servicecatalog:listPortfolioAccess", - "servicecatalog:listPortfolios", - "servicecatalog:listPortfoliosForProduct", - "servicecatalog:listPrincipalsForPortfolio", - "servicecatalog:listProvisioningArtifacts", - "servicecatalog:listRecordHistory", - "servicecatalog:scanProvisionedProducts", - "servicecatalog:searchProducts", - "servicequotas:getAssociationForServiceQuotaTemplate", - "servicequotas:getAWSDefaultServiceQuota", - "servicequotas:getRequestedServiceQuotaChange", - "servicequotas:getServiceQuota", - "servicequotas:getServiceQuotaIncreaseRequestFromTemplate", - "servicequotas:listAWSDefaultServiceQuotas", - "servicequotas:listRequestedServiceQuotaChangeHistory", - "servicequotas:listRequestedServiceQuotaChangeHistoryByQuota", - "servicequotas:listServiceQuotaIncreaseRequestsInTemplate", - "servicequotas:listServiceQuotas", - "servicequotas:listServices", - "ses:describeActiveReceiptRuleSet", - "ses:describeConfigurationSet", - "ses:describeReceiptRule", - "ses:describeReceiptRuleSet", - "ses:getAccount", - "ses:getAccountSendingEnabled", - "ses:getAddonInstance", - "ses:getAddonSubscription", - "ses:getArchive", - "ses:getArchiveExport", - "ses:getArchiveSearch", - "ses:getBlacklistReports", - "ses:getConfigurationSet", - "ses:getConfigurationSetEventDestinations", - "ses:getContactList", - "ses:getDedicatedIp", - "ses:getDedicatedIpPool", - "ses:getDedicatedIps", - "ses:getDeliverabilityDashboardOptions", - "ses:getDeliverabilityTestReport", - "ses:getDomainDeliverabilityCampaign", - "ses:getDomainStatisticsReport", - "ses:getEmailIdentity", - "ses:getIdentityDkimAttributes", - "ses:getIdentityMailFromDomainAttributes", - "ses:getIdentityNotificationAttributes", - "ses:getIdentityPolicies", - "ses:getIdentityVerificationAttributes", - "ses:getImportJob", - "ses:getIngressPoint", - "ses:getRelay", - "ses:getRuleSet", - "ses:getTrafficPolicy", - "ses:getSendQuota", - "ses:getSendStatistics", - "ses:listConfigurationSets", - "ses:listAddonInstances", - "ses:listAddonSubscriptions", - "ses:listArchiveExports", - "ses:listArchives", - "ses:listArchiveSearches", - "ses:listContactLists", - "ses:listContacts", - "ses:listCustomVerificationEmailTemplates", - "ses:listDedicatedIpPools", - "ses:listDeliverabilityTestReports", - "ses:listDomainDeliverabilityCampaigns", - "ses:listEmailIdentities", - "ses:listEmailTemplates", - "ses:listIdentities", - "ses:listIdentityPolicies", - "ses:listImportJobs", - "ses:listIngressPoints", - "ses:listReceiptFilters", - "ses:listReceiptRuleSets", - "ses:listRelays", - "ses:listRuleSets", - "ses:listRecommendations", - "ses:listTagsForResource", - "ses:listTemplates", - "ses:listTrafficPolicies", - "ses:listVerifiedEmailAddresses", - "shield:describeAttack", - "shield:describeProtection", - "shield:describeSubscription", - "shield:listAttacks", - "shield:listProtections", - "sms-voice:getConfigurationSetEventDestinations", - "sms:getConnectors", - "sms:getReplicationJobs", - "sms:getReplicationRuns", - "sms:getServers", - "snowball:describeAddress", - "snowball:describeAddresses", - "snowball:describeJob", - "snowball:getSnowballUsage", - "snowball:listJobs", - "snowball:listServiceVersions", - "sns:checkIfPhoneNumberIsOptedOut", - "sns:getDataProtectionPolicy", - "sns:getEndpointAttributes", - "sns:getPlatformApplicationAttributes", - "sns:getSMSAttributes", - "sns:getSMSSandboxAccountStatus", - "sns:getSubscriptionAttributes", - "sns:getTopicAttributes", - "sns:listEndpointsByPlatformApplication", - "sns:listOriginationNumbers", - "sns:listPhoneNumbersOptedOut", - "sns:listPlatformApplications", - "sns:listSMSSandboxPhoneNumbers", - "sns:listSubscriptions", - "sns:listSubscriptionsByTopic", - "sns:listTopics", - "sqs:getQueueAttributes", - "sqs:getQueueUrl", - "sqs:listDeadLetterSourceQueues", - "sqs:listMessageMoveTasks", - "sqs:listQueues", - "ssm-contacts:describeEngagement", - "ssm-contacts:describePage", - "ssm-contacts:getContact", - "ssm-contacts:getContactChannel", - "ssm-contacts:getContactPolicy", - "ssm-contacts:getRotation", - "ssm-contacts:getRotationOverride", - "ssm-contacts:listContactChannels", - "ssm-contacts:listContacts", - "ssm-contacts:listEngagements", - "ssm-contacts:listPageReceipts", - "ssm-contacts:listPageResolutions", - "ssm-contacts:listPagesByContact", - "ssm-contacts:listPagesByEngagement", - "ssm-contacts:listPreviewRotationShifts", - "ssm-contacts:listRotationOverrides", - "ssm-contacts:listRotations", - "ssm-contacts:listRotationShifts", - "ssm-incidents:batchGetIncidentFindings", - "ssm-incidents:getIncidentRecord", - "ssm-incidents:getReplicationSet", - "ssm-incidents:getResourcePolicies", - "ssm-incidents:getResponsePlan", - "ssm-incidents:getTimelineEvent", - "ssm-incidents:listIncidentFindings", - "ssm-incidents:listIncidentRecords", - "ssm-incidents:listRelatedItems", - "ssm-incidents:listReplicationSets", - "ssm-incidents:listResponsePlans", - "ssm-incidents:listTimelineEvents", - "ssm-quicksetup:getConfiguration", - "ssm-quicksetup:getConfigurationManager", - "ssm-quicksetup:getServiceSettings", - "ssm-quicksetup:listConfigurationManagers", - "ssm-quicksetup:listConfigurations", - "ssm-quicksetup:listQuickSetupTypes", - "ssm-sap:getApplication", - "ssm-sap:getComponent", - "ssm-sap:getDatabase", - "ssm-sap:getOperation", - "ssm-sap:getResourcePermission", - "ssm-sap:listApplications", - "ssm-sap:listComponents", - "ssm-sap:listDatabases", - "ssm-sap:listOperations", - "ssm:describeActivations", - "ssm:describeAssociation", - "ssm:describeAssociationExecutions", - "ssm:describeAssociationExecutionTargets", - "ssm:describeAutomationExecutions", - "ssm:describeAutomationStepExecutions", - "ssm:describeAvailablePatches", - "ssm:describeDocument", - "ssm:describeDocumentPermission", - "ssm:describeEffectiveInstanceAssociations", - "ssm:describeEffectivePatchesForPatchBaseline", - "ssm:describeInstanceAssociationsStatus", - "ssm:describeInstanceInformation", - "ssm:describeInstancePatches", - "ssm:describeInstancePatchStates", - "ssm:describeInstancePatchStatesForPatchGroup", - "ssm:describeInstanceProperties", - "ssm:describeInventoryDeletions", - "ssm:describeMaintenanceWindowExecutions", - "ssm:describeMaintenanceWindowExecutionTaskInvocations", - "ssm:describeMaintenanceWindowExecutionTasks", - "ssm:describeMaintenanceWindows", - "ssm:describeMaintenanceWindowSchedule", - "ssm:describeMaintenanceWindowsForTarget", - "ssm:describeMaintenanceWindowTargets", - "ssm:describeMaintenanceWindowTasks", - "ssm:describeOpsItems", - "ssm:describeParameters", - "ssm:describePatchBaselines", - "ssm:describePatchGroups", - "ssm:describePatchGroupState", - "ssm:describePatchProperties", - "ssm:describeSessions", - "ssm:getAutomationExecution", - "ssm:getCalendarState", - "ssm:getCommandInvocation", - "ssm:getConnectionStatus", - "ssm:getDefaultPatchBaseline", - "ssm:getDeployablePatchSnapshotForInstance", - "ssm:getInventorySchema", - "ssm:getMaintenanceWindow", - "ssm:getMaintenanceWindowExecution", - "ssm:getMaintenanceWindowExecutionTask", - "ssm:getMaintenanceWindowExecutionTaskInvocation", - "ssm:getMaintenanceWindowTask", - "ssm:getOpsItem", - "ssm:getOpsMetadata", - "ssm:getOpsSummary", - "ssm:getPatchBaseline", - "ssm:getPatchBaselineForPatchGroup", - "ssm:getResourcePolicies", - "ssm:getServiceSetting", - "ssm:listAssociations", - "ssm:listAssociationVersions", - "ssm:listCommandInvocations", - "ssm:listCommands", - "ssm:listComplianceItems", - "ssm:listComplianceSummaries", - "ssm:listDocumentMetadataHistory", - "ssm:listDocuments", - "ssm:listDocumentVersions", - "ssm:listNodes", - "ssm:listNodesSummary", - "ssm:listOpsItemEvents", - "ssm:listOpsItemRelatedItems", - "ssm:listOpsMetadata", - "ssm:listResourceComplianceSummaries", - "ssm:listResourceDataSync", - "ssm:listTagsForResource", - "sso:describeApplication", - "sso:describeApplicationAssignment", - "sso:describeApplicationProvider", - "sso:describeAccountAssignmentCreationStatus", - "sso:describeAccountAssignmentDeletionStatus", - "sso:describeInstance", - "sso:describeInstanceAccessControlAttributeConfiguration", - "sso:describePermissionSet", - "sso:describePermissionSetProvisioningStatus", - "sso:describeTrustedTokenIssuer", - "sso:getApplicationAccessScope", - "sso:getApplicationAssignmentConfiguration", - "sso:getApplicationAuthenticationMethod", - "sso:getApplicationGrant", - "sso:getApplicationInstance", - "sso:getApplicationTemplate", - "sso:getInlinePolicyForPermissionSet", - "sso:getManagedApplicationInstance", - "sso:getPermissionsBoundaryForPermissionSet", - "sso:getSharedSsoConfiguration", - "sso:listApplicationAccessScopes", - "sso:listApplicationAssignments", - "sso:listApplicationAuthenticationMethods", - "sso:listApplicationGrants", - "sso:listApplicationInstances", - "sso:listApplicationProviders", - "sso:listApplications", - "sso:listApplicationTemplates", - "sso:listAccountAssignmentCreationStatus", - "sso:listAccountAssignmentDeletionStatus", - "sso:listAccountAssignments", - "sso:listAccountAssignmentsForPrincipal", - "sso:listAccountsForProvisionedPermissionSet", - "sso:listApplicationAssignmentsForPrincipal", - "sso:listCustomerManagedPolicyReferencesInPermissionSet", - "sso:listDirectoryAssociations", - "sso:listInstances", - "sso:listManagedPoliciesInPermissionSet", - "sso:listPermissionSetProvisioningStatus", - "sso:listPermissionSets", - "sso:listPermissionSetsProvisionedToAccount", - "sso:listProfileAssociations", - "sso:listTrustedTokenIssuers", - "states:describeActivity", - "states:describeExecution", - "states:describeMapRun", - "states:describeStateMachine", - "states:describeStateMachineAlias", - "states:describeStateMachineForExecution", - "states:getExecutionHistory", - "states:listActivities", - "states:listExecutions", - "states:listMapRuns", - "states:listStateMachineAliases", - "states:listStateMachines", - "states:listStateMachineVersions", - "storagegateway:describeBandwidthRateLimit", - "storagegateway:describeCache", - "storagegateway:describeCachediSCSIVolumes", - "storagegateway:describeFileSystemAssociations", - "storagegateway:describeGatewayInformation", - "storagegateway:describeMaintenanceStartTime", - "storagegateway:describeNFSFileShares", - "storagegateway:describeSMBFileShares", - "storagegateway:describeSMBSettings", - "storagegateway:describeSnapshotSchedule", - "storagegateway:describeStorediSCSIVolumes", - "storagegateway:describeTapeArchives", - "storagegateway:describeTapeRecoveryPoints", - "storagegateway:describeTapes", - "storagegateway:describeUploadBuffer", - "storagegateway:describeVTLDevices", - "storagegateway:describeWorkingStorage", - "storagegateway:listAutomaticTapeCreationPolicies", - "storagegateway:listFileShares", - "storagegateway:listFileSystemAssociations", - "storagegateway:listGateways", - "storagegateway:listLocalDisks", - "storagegateway:listTagsForResource", - "storagegateway:listTapes", - "storagegateway:listVolumeInitiators", - "storagegateway:listVolumeRecoveryPoints", - "storagegateway:listVolumes", - "sts:getCallerIdentity", - "swf:countClosedWorkflowExecutions", - "swf:countOpenWorkflowExecutions", - "swf:countPendingActivityTasks", - "swf:countPendingDecisionTasks", - "swf:describeActivityType", - "swf:describeDomain", - "swf:describeWorkflowExecution", - "swf:describeWorkflowType", - "swf:getWorkflowExecutionHistory", - "swf:listActivityTypes", - "swf:listClosedWorkflowExecutions", - "swf:listDomains", - "swf:listOpenWorkflowExecutions", - "swf:listWorkflowTypes", - "synthetics:describeCanaries", - "synthetics:describeCanariesLastRun", - "synthetics:describeRuntimeVersions", - "synthetics:getCanary", - "synthetics:getCanaryRuns", - "synthetics:getGroup", - "synthetics:listAssociatedGroups", - "synthetics:listGroupResources", - "synthetics:listGroups", - "thinclient:getDevice", - "thinclient:getEnvironment", - "thinclient:getSoftwareSet", - "thinclient:listDevices", - "thinclient:listEnvironments", - "thinclient:listSoftwareSets", - "timestream:describeAccountSettings", - "timestream:describeBatchLoadTask", - "timestream:describeDatabase", - "timestream:describeEndpoints", - "timestream:describeScheduledQuery", - "timestream:describeTable", - "timestream:listBatchLoadTasks", - "timestream:listDatabases", - "timestream:listScheduledQueries", - "timestream:listTables", - "tiros:createQuery", - "tiros:getQueryAnswer", - "tiros:getQueryExplanation", - "tnb:getSolFunctionInstance", - "tnb:getSolFunctionPackage", - "tnb:getSolNetworkInstance", - "tnb:getSolNetworkOperation", - "tnb:getSolNetworkPackage", - "tnb:listSolFunctionInstances", - "tnb:listSolFunctionPackages", - "tnb:listSolNetworkInstances", - "tnb:listSolNetworkOperations", - "tnb:listSolNetworkPackages", - "transcribe:describeLanguageModel", - "transcribe:getCallAnalyticsCategory", - "transcribe:getCallAnalyticsJob", - "transcribe:getMedicalTranscriptionJob", - "transcribe:getMedicalVocabulary", - "transcribe:getTranscriptionJob", - "transcribe:getVocabulary", - "transcribe:getVocabularyFilter", - "transcribe:listCallAnalyticsCategories", - "transcribe:listCallAnalyticsJobs", - "transcribe:listLanguageModels", - "transcribe:listMedicalTranscriptionJobs", - "transcribe:listMedicalVocabularies", - "transcribe:listTranscriptionJobs", - "transcribe:listVocabularies", - "transcribe:listVocabularyFilters", - "transfer:describeAccess", - "transfer:describeAgreement", - "transfer:describeConnector", - "transfer:describeExecution", - "transfer:describeProfile", - "transfer:describeServer", - "transfer:describeUser", - "transfer:describeWebApp", - "transfer:describeWebAppCustomization", - "transfer:describeWorkflow", - "transfer:listAccesses", - "transfer:listAgreements", - "transfer:listConnectors", - "transfer:listExecutions", - "transfer:listHostKeys", - "transfer:listProfiles", - "transfer:listServers", - "transfer:listTagsForResource", - "transfer:listUsers", - "transfer:listWebApps", - "transfer:listWorkflows", - "transfer:sendWorkflowStepState", - "trustedadvisor:getOrganizationRecommendation", - "trustedadvisor:getRecommendation", - "trustedadvisor:listChecks", - "trustedadvisor:listOrganizationRecommendationAccounts", - "trustedadvisor:listOrganizationRecommendationResources", - "trustedadvisor:listOrganizationRecommendations", - "trustedadvisor:listRecommendationResources", - "trustedadvisor:listRecommendations", - "verifiedpermissions:getIdentitySource", - "verifiedpermissions:getPolicy", - "verifiedpermissions:getPolicyStore", - "verifiedpermissions:getPolicyTemplate", - "verifiedpermissions:getSchema", - "verifiedpermissions:listIdentitySources", - "verifiedpermissions:listPolicies", - "verifiedpermissions:listPolicyStores", - "verifiedpermissions:listPolicyTemplates", - "vpc-lattice:getAccessLogSubscription", - "vpc-lattice:getAuthPolicy", - "vpc-lattice:getListener", - "vpc-lattice:getResourceConfiguration", - "vpc-lattice:getResourceGateway", - "vpc-lattice:getResourcePolicy", - "vpc-lattice:getRule", - "vpc-lattice:getService", - "vpc-lattice:getServiceNetwork", - "vpc-lattice:getServiceNetworkResourceAssociation", - "vpc-lattice:getServiceNetworkServiceAssociation", - "vpc-lattice:getServiceNetworkVpcAssociation", - "vpc-lattice:getTargetGroup", - "vpc-lattice:listAccessLogSubscriptions", - "vpc-lattice:listListeners", - "vpc-lattice:listResourceConfigurations", - "vpc-lattice:listResourceGateways", - "vpc-lattice:listRules", - "vpc-lattice:listServiceNetworks", - "vpc-lattice:listServiceNetworkResourceAssociations", - "vpc-lattice:listServiceNetworkServiceAssociations", - "vpc-lattice:listServiceNetworkVpcAssociations", - "vpc-lattice:listServices", - "vpc-lattice:listTargetGroups", - "vpc-lattice:listTargets", - "waf-regional:getByteMatchSet", - "waf-regional:getChangeTokenStatus", - "waf-regional:getGeoMatchSet", - "waf-regional:getIPSet", - "waf-regional:getLoggingConfiguration", - "waf-regional:getRateBasedRule", - "waf-regional:getRegexMatchSet", - "waf-regional:getRegexPatternSet", - "waf-regional:getRule", - "waf-regional:getRuleGroup", - "waf-regional:getSqlInjectionMatchSet", - "waf-regional:getWebACL", - "waf-regional:getWebACLForResource", - "waf-regional:listActivatedRulesInRuleGroup", - "waf-regional:listByteMatchSets", - "waf-regional:listGeoMatchSets", - "waf-regional:listIPSets", - "waf-regional:listLoggingConfigurations", - "waf-regional:listRateBasedRules", - "waf-regional:listRegexMatchSets", - "waf-regional:listRegexPatternSets", - "waf-regional:listResourcesForWebACL", - "waf-regional:listRuleGroups", - "waf-regional:listRules", - "waf-regional:listSqlInjectionMatchSets", - "waf-regional:listWebACLs", - "waf:getByteMatchSet", - "waf:getChangeTokenStatus", - "waf:getGeoMatchSet", - "waf:getIPSet", - "waf:getLoggingConfiguration", - "waf:getRateBasedRule", - "waf:getRegexMatchSet", - "waf:getRegexPatternSet", - "waf:getRule", - "waf:getRuleGroup", - "waf:getSampledRequests", - "waf:getSizeConstraintSet", - "waf:getSqlInjectionMatchSet", - "waf:getWebACL", - "waf:getXssMatchSet", - "waf:listActivatedRulesInRuleGroup", - "waf:listByteMatchSets", - "waf:listGeoMatchSets", - "waf:listIPSets", - "waf:listLoggingConfigurations", - "waf:listRateBasedRules", - "waf:listRegexMatchSets", - "waf:listRegexPatternSets", - "waf:listRuleGroups", - "waf:listRules", - "waf:listSizeConstraintSets", - "waf:listSqlInjectionMatchSets", - "waf:listWebACLs", - "waf:listXssMatchSets", - "wafv2:checkCapacity", - "wafv2:describeManagedRuleGroup", - "wafv2:getIPSet", - "wafv2:getLoggingConfiguration", - "wafv2:getPermissionPolicy", - "wafv2:getRateBasedStatementManagedKeys", - "wafv2:getRegexPatternSet", - "wafv2:getRuleGroup", - "wafv2:getSampledRequests", - "wafv2:getWebACL", - "wafv2:getWebACLForResource", - "wafv2:listAvailableManagedRuleGroups", - "wafv2:listIPSets", - "wafv2:listLoggingConfigurations", - "wafv2:listRegexPatternSets", - "wafv2:listResourcesForWebACL", - "wafv2:listRuleGroups", - "wafv2:listTagsForResource", - "wafv2:listWebACLs", - "workdocs:checkAlias", - "workdocs:describeAvailableDirectories", - "workdocs:describeInstances", - "workmail:describeGroup", - "workmail:describeOrganization", - "workmail:describeResource", - "workmail:describeUser", - "workmail:listAliases", - "workmail:listGroupMembers", - "workmail:listGroups", - "workmail:listMailboxPermissions", - "workmail:listOrganizations", - "workmail:listResourceDelegates", - "workmail:listResources", - "workmail:listUsers", - "workspaces-web:getBrowserSettings", - "workspaces-web:getIdentityProvider", - "workspaces-web:getNetworkSettings", - "workspaces-web:getPortal", - "workspaces-web:getPortalServiceProviderMetadata", - "workspaces-web:getTrustStoreCertificate", - "workspaces-web:getUserSettings", - "workspaces-web:listBrowserSettings", - "workspaces-web:listIdentityProviders", - "workspaces-web:listNetworkSettings", - "workspaces-web:listPortals", - "workspaces-web:listTagsForResource", - "workspaces-web:listTrustStoreCertificates", - "workspaces-web:listTrustStores", - "workspaces-web:listUserSettings", - "workspaces:describeAccount", - "workspaces:describeAccountModifications", - "workspaces:describeApplicationAssociations", - "workspaces:describeIpGroups", - "workspaces:describeTags", - "workspaces:describeWorkspaceAssociations", - "workspaces:describeWorkspaceBundles", - "workspaces:describeWorkspaceDirectories", - "workspaces:describeWorkspaceImages", - "workspaces:describeWorkspaces", - "workspaces:describeWorkspaceSnapshots", - "workspaces:describeWorkspacesConnectionStatus", - "workspaces:describeWorkspacesPools", - "workspaces:describeWorkspacesPoolSessions", - "xray:getEncryptionConfig", - "xray:getGroup", - "xray:getGroups", - "xray:getInsightImpactGraph", - "xray:getSamplingRules", - "xray:getSamplingStatisticSummaries", - "xray:getSamplingTargets", - "xray:getServiceGraph", - "xray:getTimeSeriesServiceStatistics", - "xray:getTraceGraph", - "xray:listResourcePolicies" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - } - ], - "Version": "2012-10-17" - }, - "tags": [] - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "AWSSupportServiceRolePolicy", - "type": "AwsIamPolicy", - "uid": "arn:aws:iam::aws:policy/aws-service-role/AWSSupportServiceRolePolicy" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "It is more secure to start with a minimum set of permissions and grant additional permissions as necessary, rather than starting with permissions that are too lenient and then trying to tighten them later. List policies an analyze if permissions are the least possible to conduct business activities.", - "references": [ - "http://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html" - ] - }, - "risk_details": "IAM policies are the means by which privileges are granted to users, groups, or roles. It is recommended and considered a standard security advice to grant least privilegeβ€”that is, granting only the permissions required to perform a task. Determine what users need to do and then craft policies for them that let the users perform only those tasks instead of allowing full administrative privileges. Providing full administrative privileges instead of restricting to the minimum set of permissions that the user is required to do exposes the resources to potentially unwanted actions.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "AWS policy AmazonRDSEnhancedMonitoringRole is attached but does not allow '*:*' administrative privileges.", - "metadata": { - "event_code": "iam_aws_attached_policy_no_administrative_privileges", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "AWS policy AmazonRDSEnhancedMonitoringRole is attached but does not allow '*:*' administrative privileges.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "CAF Security Epic: IAM", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_1", - "3_1_2", - "3_1_4", - "3_1_5", - "3_1_6", - "3_1_7", - "3_4_6", - "3_13_3" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_1" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_308_a_3_i", - "164_308_a_3_ii_b", - "164_308_a_4_i", - "164_308_a_4_ii_b", - "164_308_a_4_ii_c", - "164_312_a_1" - ], - "SOC2": [ - "cc_1_3", - "cc_6_3" - ], - "C5-2025": [ - "OIS-04.03B", - "OIS-04.01AC", - "SP-01.04B", - "HR-01.01B", - "IAM-01.01B", - "IAM-01.04B" - ], - "NIST-CSF-1.1": [ - "ac_1", - "ac_4", - "pt_3" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-1", - "ac-2-f", - "ac-2-j", - "ac-3", - "ac-5-c", - "ac-6-10", - "ac-6", - "sc-2" - ], - "CIS-3.0": [ - "1.16" - ], - "NIST-800-53-Revision-5": [ - "ac_2_1", - "ac_2_6", - "ac_2_i_2", - "ac_3", - "ac_3_3", - "ac_3_3_a", - "ac_3_3_b_1", - "ac_3_3_b_2", - "ac_3_3_b_3", - "ac_3_3_b_4", - "ac_3_3_b_5", - "ac_3_3_c", - "ac_3_4", - "ac_3_4_a", - "ac_3_4_b", - "ac_3_4_c", - "ac_3_4_d", - "ac_3_4_e", - "ac_3_7", - "ac_3_8", - "ac_3_12_a", - "ac_3_13", - "ac_3_15_a", - "ac_3_15_b", - "ac_4_28", - "ac_5_b", - "ac_6", - "ac_6_2", - "ac_6_3", - "ac_6_10", - "ac_24", - "cm_5_1_a", - "cm_6_a", - "cm_9_b", - "mp_2", - "sc_23_3", - "sc_25" - ], - "ENS-RD2022": [ - "op.acc.4.aws.iam.1", - "op.acc.4.aws.iam.2", - "op.acc.4.aws.iam.9", - "op.exp.8.r4.aws.ct.8" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.16" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "ac-3" - ], - "FFIEC": [ - "d3-pc-am-b-1", - "d3-pc-am-b-16", - "d3-pc-am-b-2", - "d3-pc-am-b-3", - "d3-pc-am-b-6", - "d3-pc-im-b-7" - ], - "GDPR": [ - "article_25" - ], - "CIS-5.0": [ - "1.15" - ], - "CIS-1.4": [ - "1.16" - ], - "CCC": [ - "CCC.LB.CN05.AR01", - "CCC.Core.CN05.AR02" - ], - "GxP-21-CFR-Part-11": [ - "11.10-d", - "11.10-g" - ], - "ProwlerThreatScore-1.0": [ - "1.3.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "IAM.1" - ], - "CIS-1.5": [ - "1.16" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC03-BP02" - ], - "ISO27001-2022": [ - "A.5.18", - "A.8.2" - ], - "NIST-800-53-Revision-4": [ - "ac_2", - "ac_3", - "ac_5", - "ac_6", - "sc_2" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1078", - "T1648", - "T1098", - "T1578", - "T1550", - "T1040", - "T1580", - "T1538", - "T1619", - "T1201" - ], - "CIS-2.0": [ - "1.16" - ], - "CISA": [ - "your-systems-3", - "your-surroundings-3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure IAM AWS-Managed policies that allow full \"*:*\" administrative privileges are not attached", - "title": "Ensure IAM AWS-Managed policies that allow full \"*:*\" administrative privileges are not attached", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_aws_attached_policy_no_administrative_privileges-211203495394-us-east-1-AmazonRDSEnhancedMonitoringRole" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "AmazonRDSEnhancedMonitoringRole", - "arn": "arn:aws:iam::aws:policy/service-role/AmazonRDSEnhancedMonitoringRole", - "entity": "ANPAJV7BS425S4PTSSVGK", - "version_id": "v1", - "type": "AWS", - "attached": true, - "document": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "EnableCreationAndManagementOfRDSCloudwatchLogGroups", - "Effect": "Allow", - "Action": [ - "logs:CreateLogGroup", - "logs:PutRetentionPolicy" - ], - "Resource": [ - "arn:aws:logs:*:*:log-group:RDS*" - ] - }, - { - "Sid": "EnableCreationAndManagementOfRDSCloudwatchLogStreams", - "Effect": "Allow", - "Action": [ - "logs:CreateLogStream", - "logs:PutLogEvents", - "logs:DescribeLogStreams", - "logs:GetLogEvents" - ], - "Resource": [ - "arn:aws:logs:*:*:log-group:RDS*:log-stream:*" - ] - } - ] - }, - "tags": [] - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "AmazonRDSEnhancedMonitoringRole", - "type": "AwsIamPolicy", - "uid": "arn:aws:iam::aws:policy/service-role/AmazonRDSEnhancedMonitoringRole" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "It is more secure to start with a minimum set of permissions and grant additional permissions as necessary, rather than starting with permissions that are too lenient and then trying to tighten them later. List policies an analyze if permissions are the least possible to conduct business activities.", - "references": [ - "http://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html" - ] - }, - "risk_details": "IAM policies are the means by which privileges are granted to users, groups, or roles. It is recommended and considered a standard security advice to grant least privilegeβ€”that is, granting only the permissions required to perform a task. Determine what users need to do and then craft policies for them that let the users perform only those tasks instead of allowing full administrative privileges. Providing full administrative privileges instead of restricting to the minimum set of permissions that the user is required to do exposes the resources to potentially unwanted actions.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "AWS policy AWSResourceExplorerServiceRolePolicy is attached but does not allow '*:*' administrative privileges.", - "metadata": { - "event_code": "iam_aws_attached_policy_no_administrative_privileges", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "AWS policy AWSResourceExplorerServiceRolePolicy is attached but does not allow '*:*' administrative privileges.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "CAF Security Epic: IAM", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_1", - "3_1_2", - "3_1_4", - "3_1_5", - "3_1_6", - "3_1_7", - "3_4_6", - "3_13_3" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_1" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_308_a_3_i", - "164_308_a_3_ii_b", - "164_308_a_4_i", - "164_308_a_4_ii_b", - "164_308_a_4_ii_c", - "164_312_a_1" - ], - "SOC2": [ - "cc_1_3", - "cc_6_3" - ], - "C5-2025": [ - "OIS-04.03B", - "OIS-04.01AC", - "SP-01.04B", - "HR-01.01B", - "IAM-01.01B", - "IAM-01.04B" - ], - "NIST-CSF-1.1": [ - "ac_1", - "ac_4", - "pt_3" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-1", - "ac-2-f", - "ac-2-j", - "ac-3", - "ac-5-c", - "ac-6-10", - "ac-6", - "sc-2" - ], - "CIS-3.0": [ - "1.16" - ], - "NIST-800-53-Revision-5": [ - "ac_2_1", - "ac_2_6", - "ac_2_i_2", - "ac_3", - "ac_3_3", - "ac_3_3_a", - "ac_3_3_b_1", - "ac_3_3_b_2", - "ac_3_3_b_3", - "ac_3_3_b_4", - "ac_3_3_b_5", - "ac_3_3_c", - "ac_3_4", - "ac_3_4_a", - "ac_3_4_b", - "ac_3_4_c", - "ac_3_4_d", - "ac_3_4_e", - "ac_3_7", - "ac_3_8", - "ac_3_12_a", - "ac_3_13", - "ac_3_15_a", - "ac_3_15_b", - "ac_4_28", - "ac_5_b", - "ac_6", - "ac_6_2", - "ac_6_3", - "ac_6_10", - "ac_24", - "cm_5_1_a", - "cm_6_a", - "cm_9_b", - "mp_2", - "sc_23_3", - "sc_25" - ], - "ENS-RD2022": [ - "op.acc.4.aws.iam.1", - "op.acc.4.aws.iam.2", - "op.acc.4.aws.iam.9", - "op.exp.8.r4.aws.ct.8" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.16" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "ac-3" - ], - "FFIEC": [ - "d3-pc-am-b-1", - "d3-pc-am-b-16", - "d3-pc-am-b-2", - "d3-pc-am-b-3", - "d3-pc-am-b-6", - "d3-pc-im-b-7" - ], - "GDPR": [ - "article_25" - ], - "CIS-5.0": [ - "1.15" - ], - "CIS-1.4": [ - "1.16" - ], - "CCC": [ - "CCC.LB.CN05.AR01", - "CCC.Core.CN05.AR02" - ], - "GxP-21-CFR-Part-11": [ - "11.10-d", - "11.10-g" - ], - "ProwlerThreatScore-1.0": [ - "1.3.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "IAM.1" - ], - "CIS-1.5": [ - "1.16" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC03-BP02" - ], - "ISO27001-2022": [ - "A.5.18", - "A.8.2" - ], - "NIST-800-53-Revision-4": [ - "ac_2", - "ac_3", - "ac_5", - "ac_6", - "sc_2" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1078", - "T1648", - "T1098", - "T1578", - "T1550", - "T1040", - "T1580", - "T1538", - "T1619", - "T1201" - ], - "CIS-2.0": [ - "1.16" - ], - "CISA": [ - "your-systems-3", - "your-surroundings-3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure IAM AWS-Managed policies that allow full \"*:*\" administrative privileges are not attached", - "title": "Ensure IAM AWS-Managed policies that allow full \"*:*\" administrative privileges are not attached", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_aws_attached_policy_no_administrative_privileges-211203495394-us-east-1-AWSResourceExplorerServiceRolePolicy" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "AWSResourceExplorerServiceRolePolicy", - "arn": "arn:aws:iam::aws:policy/aws-service-role/AWSResourceExplorerServiceRolePolicy", - "entity": "ANPAZKAPJZG4K2H54PAUL", - "version_id": "v19", - "type": "AWS", - "attached": true, - "document": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "ResourceExplorerAccess", - "Effect": "Allow", - "Action": [ - "resource-explorer-2:UpdateIndexType", - "resource-explorer-2:CreateIndex", - "resource-explorer-2:CreateView", - "resource-explorer-2:AssociateDefaultView", - "resource-explorer-2:DeleteIndex" - ], - "Resource": "*" - }, - { - "Sid": "OrganizationsAccess", - "Effect": "Allow", - "Action": [ - "organizations:DescribeAccount", - "organizations:DescribeOrganization", - "organizations:ListAWSServiceAccessForOrganization", - "organizations:ListAccounts", - "organizations:ListDelegatedAdministrators", - "organizations:ListOrganizationalUnitsForParent", - "organizations:ListRoots" - ], - "Resource": "*" - }, - { - "Sid": "CloudTrailEventsAccess", - "Effect": "Allow", - "Action": [ - "cloudtrail:CreateServiceLinkedChannel", - "cloudtrail:GetServiceLinkedChannel" - ], - "Resource": "arn:aws:cloudtrail:*:*:channel/aws-service-channel/resource-explorer-2/*" - }, - { - "Sid": "ApiGatewayAccess", - "Effect": "Allow", - "Action": "apigateway:GET", - "Resource": [ - "arn:aws:apigateway:*::/restapis", - "arn:aws:apigateway:*::/restapis/*", - "arn:aws:apigateway:*::/restapis/*/deployments", - "arn:aws:apigateway:*::/restapis/*/resources", - "arn:aws:apigateway:*::/restapis/*/resources/*", - "arn:aws:apigateway:*::/restapis/*/resources/*/methods/*", - "arn:aws:apigateway:*::/restapis/*/stages", - "arn:aws:apigateway:*::/restapis/*/stages/*", - "arn:aws:apigateway:*::/vpclinks", - "arn:aws:apigateway:*::/apis", - "arn:aws:apigateway:*::/apis/*/routes", - "arn:aws:apigateway:*::/apis/*/stages", - "arn:aws:apigateway:*::/apis/*", - "arn:aws:apigateway:*::/apis/*/routes/*", - "arn:aws:apigateway:*::/apis/*/stages/*" - ] - }, - { - "Sid": "ResourceInventoryAccess", - "Effect": "Allow", - "Action": [ - "access-analyzer:ListAnalyzers", - "acm-pca:ListCertificateAuthorities", - "acm:ListCertificates", - "airflow:ListEnvironments", - "amplify:ListApps", - "amplify:ListBranches", - "amplify:ListDomainAssociations", - "aoss:ListCollections", - "app-integrations:ListApplications", - "app-integrations:ListEventIntegrations", - "appconfig:ListApplications", - "appconfig:ListDeploymentStrategies", - "appconfig:ListEnvironments", - "appconfig:ListExtensionAssociations", - "appflow:ListFlows", - "appmesh:ListGatewayRoutes", - "appmesh:ListMeshes", - "appmesh:ListRoutes", - "appmesh:ListVirtualGateways", - "appmesh:ListVirtualNodes", - "appmesh:ListVirtualRouters", - "appmesh:ListVirtualServices", - "apprunner:ListAutoScalingConfigurations", - "apprunner:ListConnections", - "apprunner:ListServices", - "apprunner:ListVpcConnectors", - "appstream:DescribeAppBlocks", - "appstream:DescribeApplications", - "appstream:DescribeFleets", - "appstream:DescribeImageBuilders", - "appstream:DescribeStacks", - "appsync:ListGraphqlApis", - "aps:ListRuleGroupsNamespaces", - "aps:ListWorkspaces", - "athena:ListDataCatalogs", - "athena:ListWorkGroups", - "auditmanager:GetAccountStatus", - "auditmanager:ListAssessments", - "autoscaling:DescribeAutoScalingGroups", - "backup-gateway:ListHypervisors", - "backup:ListBackupPlans", - "backup:ListBackupVaults", - "backup:ListReportPlans", - "batch:DescribeComputeEnvironments", - "batch:DescribeJobDefinitions", - "batch:DescribeJobQueues", - "batch:ListSchedulingPolicies", - "bedrock:ListAgentAliases", - "bedrock:ListAgents", - "bedrock:ListDataAutomationProjects", - "bedrock:ListFlows", - "bedrock:ListGuardrails", - "bedrock:ListInferenceProfiles", - "bedrock:ListKnowledgeBases", - "bedrock:ListPromptRouters", - "bedrock:ListPrompts", - "ce:GetAnomalyMonitors", - "ce:GetAnomalySubscriptions", - "chime:ListAppInstanceBots", - "chime:ListAppInstanceUsers", - "chime:ListAppInstances", - "chime:ListMediaInsightsPipelineConfigurations", - "chime:ListMediaPipelineKinesisVideoStreamPools", - "chime:ListMediaPipelines", - "chime:ListSipMediaApplications", - "chime:ListVoiceConnectors", - "cloud9:ListEnvironments", - "cloudformation:ListResources", - "cloudformation:ListStackSets", - "cloudformation:ListStacks", - "cloudfront:ListCachePolicies", - "cloudfront:ListCloudFrontOriginAccessIdentities", - "cloudfront:ListContinuousDeploymentPolicies", - "cloudfront:ListDistributions", - "cloudfront:ListFieldLevelEncryptionConfigs", - "cloudfront:ListFieldLevelEncryptionProfiles", - "cloudfront:ListFunctions", - "cloudfront:ListOriginAccessControls", - "cloudfront:ListOriginRequestPolicies", - "cloudfront:ListRealtimeLogConfigs", - "cloudfront:ListResponseHeadersPolicies", - "cloudtrail:ListChannels", - "cloudtrail:ListDashboards", - "cloudtrail:ListEventDataStores", - "cloudtrail:ListTrails", - "cloudwatch:DescribeAlarms", - "cloudwatch:DescribeInsightRules", - "cloudwatch:ListDashboards", - "cloudwatch:ListMetricStreams", - "codeartifact:ListDomains", - "codeartifact:ListRepositories", - "codebuild:ListProjects", - "codecommit:ListRepositories", - "codeconnections:ListConnections", - "codedeploy:ListApplications", - "codedeploy:ListDeploymentConfigs", - "codeguru-profiler:ListProfilingGroups", - "codeguru-reviewer:ListRepositoryAssociations", - "codepipeline:ListPipelines", - "codepipeline:ListWebhooks", - "codestar-connections:ListConnections", - "cognito-identity:ListIdentityPools", - "cognito-idp:ListUserPools", - "comprehend:ListDocumentClassifiers", - "comprehend:ListEntityRecognizers", - "comprehend:ListFlywheels", - "config:DescribeConfigRules", - "connect:ListEvaluationForms", - "connect:ListHoursOfOperations", - "connect:ListInstanceAttributes", - "connect:ListInstances", - "connect:ListPhoneNumbersV2", - "connect:ListPrompts", - "connect:ListQuickConnects", - "connect:ListRoutingProfileQueues", - "connect:ListRoutingProfiles", - "connect:ListRules", - "connect:ListSecurityProfiles", - "connect:ListTaskTemplates", - "connect:ListUsers", - "databrew:ListDatasets", - "databrew:ListJobs", - "databrew:ListProjects", - "databrew:ListRecipes", - "databrew:ListRulesets", - "databrew:ListSchedules", - "dataexchange:ListDataSets", - "datapipeline:ListPipelines", - "datasync:ListLocations", - "datasync:ListTasks", - "dax:DescribeClusters", - "detective:ListGraphs", - "devicefarm:ListInstanceProfiles", - "devicefarm:ListProjects", - "devicefarm:ListTestGridProjects", - "directconnect:DescribeDirectConnectGateways", - "dms:DescribeCertificates", - "dms:DescribeEndpoints", - "dms:DescribeEventSubscriptions", - "dms:DescribeReplicationInstances", - "dms:DescribeReplicationSubnetGroups", - "dms:DescribeReplicationTasks", - "ds:DescribeDirectories", - "dynamodb:ListTables", - "ec2:DescribeAddresses", - "ec2:DescribeCapacityReservationFleets", - "ec2:DescribeCapacityReservations", - "ec2:DescribeCarrierGateways", - "ec2:DescribeClientVpnEndpoints", - "ec2:DescribeCustomerGateways", - "ec2:DescribeDhcpOptions", - "ec2:DescribeEgressOnlyInternetGateways", - "ec2:DescribeFleets", - "ec2:DescribeFlowLogs", - "ec2:DescribeFpgaImages", - "ec2:DescribeHostReservations", - "ec2:DescribeHosts", - "ec2:DescribeImages", - "ec2:DescribeInstanceConnectEndpoints", - "ec2:DescribeInstanceEventWindows", - "ec2:DescribeInstances", - "ec2:DescribeInternetGateways", - "ec2:DescribeIpamPools", - "ec2:DescribeIpamResourceDiscoveries", - "ec2:DescribeIpamResourceDiscoveryAssociations", - "ec2:DescribeIpamScopes", - "ec2:DescribeIpams", - "ec2:DescribeKeyPairs", - "ec2:DescribeLaunchTemplates", - "ec2:DescribeManagedPrefixLists", - "ec2:DescribeNatGateways", - "ec2:DescribeNetworkAcls", - "ec2:DescribeNetworkInsightsAccessScopeAnalyses", - "ec2:DescribeNetworkInsightsAccessScopes", - "ec2:DescribeNetworkInsightsAnalyses", - "ec2:DescribeNetworkInsightsPaths", - "ec2:DescribeNetworkInterfaces", - "ec2:DescribePlacementGroups", - "ec2:DescribePublicIpv4Pools", - "ec2:DescribeReservedInstances", - "ec2:DescribeRouteTables", - "ec2:DescribeSecurityGroupRules", - "ec2:DescribeSecurityGroups", - "ec2:DescribeSnapshots", - "ec2:DescribeSpotFleetRequests", - "ec2:DescribeSpotInstanceRequests", - "ec2:DescribeSubnets", - "ec2:DescribeTrafficMirrorFilters", - "ec2:DescribeTrafficMirrorSessions", - "ec2:DescribeTrafficMirrorTargets", - "ec2:DescribeTransitGatewayAttachments", - "ec2:DescribeTransitGatewayConnectPeers", - "ec2:DescribeTransitGatewayMulticastDomains", - "ec2:DescribeTransitGatewayPolicyTables", - "ec2:DescribeTransitGatewayRouteTableAnnouncements", - "ec2:DescribeTransitGatewayRouteTables", - "ec2:DescribeTransitGateways", - "ec2:DescribeVerifiedAccessEndpoints", - "ec2:DescribeVerifiedAccessGroups", - "ec2:DescribeVerifiedAccessInstances", - "ec2:DescribeVerifiedAccessTrustProviders", - "ec2:DescribeVolumes", - "ec2:DescribeVpcBlockPublicAccessExclusions", - "ec2:DescribeVpcEndpointServiceConfigurations", - "ec2:DescribeVpcEndpoints", - "ec2:DescribeVpcPeeringConnections", - "ec2:DescribeVpcs", - "ec2:DescribeVpnConnections", - "ec2:DescribeVpnGateways", - "ec2:GetSubnetCidrReservations", - "ecr-public:DescribeRepositories", - "ecr:DescribeRepositories", - "ecs:DescribeCapacityProviders", - "ecs:DescribeServices", - "ecs:ListClusters", - "ecs:ListContainerInstances", - "ecs:ListServices", - "ecs:ListTaskDefinitions", - "eks:DescribeAccessEntry", - "eks:DescribeAddon", - "eks:DescribeFargateProfile", - "eks:DescribeIdentityProviderConfig", - "eks:DescribeNodegroup", - "eks:ListAccessEntries", - "eks:ListAddons", - "eks:ListClusters", - "eks:ListEksAnywhereSubscriptions", - "eks:ListFargateProfiles", - "eks:ListIdentityProviderConfigs", - "eks:ListNodegroups", - "eks:ListPodIdentityAssociations", - "elasticache:DescribeCacheClusters", - "elasticache:DescribeCacheParameterGroups", - "elasticache:DescribeCacheSubnetGroups", - "elasticache:DescribeGlobalReplicationGroups", - "elasticache:DescribeReplicationGroups", - "elasticache:DescribeReservedCacheNodes", - "elasticache:DescribeSnapshots", - "elasticache:DescribeUserGroups", - "elasticache:DescribeUsers", - "elasticbeanstalk:DescribeApplicationVersions", - "elasticbeanstalk:DescribeApplications", - "elasticbeanstalk:DescribeEnvironments", - "elasticfilesystem:DescribeAccessPoints", - "elasticfilesystem:DescribeFileSystems", - "elasticloadbalancing:DescribeListeners", - "elasticloadbalancing:DescribeLoadBalancers", - "elasticloadbalancing:DescribeRules", - "elasticloadbalancing:DescribeTargetGroups", - "elasticmapreduce:ListClusters", - "emr-containers:ListJobTemplates", - "emr-containers:ListManagedEndpoints", - "emr-containers:ListSecurityConfigurations", - "emr-containers:ListVirtualClusters", - "emr-serverless:ListApplications", - "es:ListDomainNames", - "events:ListApiDestinations", - "events:ListArchives", - "events:ListConnections", - "events:ListEndpoints", - "events:ListEventBuses", - "events:ListRules", - "evidently:ListExperiments", - "evidently:ListFeatures", - "evidently:ListLaunches", - "evidently:ListProjects", - "finspace:ListEnvironments", - "firehose:ListDeliveryStreams", - "fis:ListExperimentTemplates", - "fms:ListPolicies", - "fms:ListProtocolsLists", - "forecast:ListDatasetGroups", - "forecast:ListDatasetImportJobs", - "forecast:ListDatasets", - "forecast:ListForecastExportJobs", - "forecast:ListForecasts", - "forecast:ListPredictorBacktestExportJobs", - "forecast:ListPredictors", - "frauddetector:GetDetectors", - "frauddetector:GetEntityTypes", - "frauddetector:GetEventTypes", - "frauddetector:GetExternalModels", - "frauddetector:GetLabels", - "frauddetector:GetModels", - "frauddetector:GetOutcomes", - "frauddetector:GetVariables", - "fsx:DescribeBackups", - "fsx:DescribeFileSystems", - "gamelift:DescribeGameSessionQueues", - "gamelift:DescribeMatchmakingConfigurations", - "gamelift:DescribeMatchmakingRuleSets", - "gamelift:ListAliases", - "gamelift:ListBuilds", - "gamelift:ListLocations", - "gamelift:ListScripts", - "geo:ListMaps", - "geo:ListPlaceIndexes", - "geo:ListTrackers", - "glacier:ListVaults", - "globalaccelerator:ListAccelerators", - "globalaccelerator:ListEndpointGroups", - "globalaccelerator:ListListeners", - "glue:GetCrawlers", - "glue:GetDatabases", - "glue:GetJobs", - "glue:GetTables", - "glue:GetTriggers", - "glue:ListDataQualityRulesets", - "glue:ListMLTransforms", - "glue:ListRegistries", - "grafana:ListWorkspaces", - "greengrass:ListComponentVersions", - "greengrass:ListComponents", - "greengrass:ListConnectorDefinitions", - "greengrass:ListCoreDefinitions", - "greengrass:ListDeviceDefinitions", - "greengrass:ListFunctionDefinitions", - "greengrass:ListGroups", - "greengrass:ListLoggerDefinitions", - "greengrass:ListResourceDefinitions", - "greengrass:ListSubscriptionDefinitions", - "groundstation:ListConfigs", - "groundstation:ListDataflowEndpointGroups", - "groundstation:ListMissionProfiles", - "guardduty:ListDetectors", - "guardduty:ListFilters", - "guardduty:ListIPSets", - "guardduty:ListMalwareProtectionPlans", - "guardduty:ListPublishingDestinations", - "guardduty:ListThreatIntelSets", - "healthlake:ListFHIRDatastores", - "iam:ListGroups", - "iam:ListInstanceProfiles", - "iam:ListOpenIDConnectProviders", - "iam:ListPolicies", - "iam:ListRoles", - "iam:ListSAMLProviders", - "iam:ListServerCertificates", - "iam:ListUsers", - "iam:ListVirtualMFADevices", - "imagebuilder:ListComponentBuildVersions", - "imagebuilder:ListComponents", - "imagebuilder:ListContainerRecipes", - "imagebuilder:ListDistributionConfigurations", - "imagebuilder:ListImageBuildVersions", - "imagebuilder:ListImagePipelines", - "imagebuilder:ListImageRecipes", - "imagebuilder:ListImages", - "imagebuilder:ListInfrastructureConfigurations", - "inspector2:ListFilters", - "inspector:ListAssessmentTemplates", - "iot:ListAuthorizers", - "iot:ListBillingGroups", - "iot:ListCACertificates", - "iot:ListCertificates", - "iot:ListFleetMetrics", - "iot:ListJobTemplates", - "iot:ListMitigationActions", - "iot:ListPolicies", - "iot:ListProvisioningTemplates", - "iot:ListRoleAliases", - "iot:ListScheduledAudits", - "iot:ListSecurityProfiles", - "iot:ListThingGroups", - "iot:ListThingTypes", - "iot:ListThings", - "iot:ListTopicRuleDestinations", - "iot:ListTopicRules", - "iotanalytics:ListChannels", - "iotanalytics:ListDatasets", - "iotanalytics:ListDatastores", - "iotanalytics:ListPipelines", - "iotdeviceadvisor:ListSuiteDefinitions", - "iotevents:ListAlarmModels", - "iotevents:ListDetectorModels", - "iotevents:ListInputs", - "iotfleethub:ListApplications", - "iotfleetwise:ListDecoderManifests", - "iotfleetwise:ListModelManifests", - "iotfleetwise:ListSignalCatalogs", - "iotfleetwise:ListVehicles", - "iotsitewise:ListAccessPolicies", - "iotsitewise:ListAssetModels", - "iotsitewise:ListAssets", - "iotsitewise:ListDashboards", - "iotsitewise:ListGateways", - "iotsitewise:ListPortals", - "iotsitewise:ListProjects", - "iottwinmaker:ListComponentTypes", - "iottwinmaker:ListEntities", - "iottwinmaker:ListSyncJobs", - "iottwinmaker:ListWorkspaces", - "iotwireless:ListDestinations", - "iotwireless:ListDeviceProfiles", - "iotwireless:ListFuotaTasks", - "iotwireless:ListMulticastGroups", - "iotwireless:ListPartnerAccounts", - "iotwireless:ListServiceProfiles", - "iotwireless:ListWirelessDevices", - "iotwireless:ListWirelessGatewayTaskDefinitions", - "iotwireless:ListWirelessGateways", - "ivs:ListChannels", - "ivs:ListEncoderConfigurations", - "ivs:ListIngestConfigurations", - "ivs:ListPlaybackKeyPairs", - "ivs:ListPlaybackRestrictionPolicies", - "ivs:ListRecordingConfigurations", - "ivs:ListStorageConfigurations", - "ivs:ListStreamKeys", - "ivschat:ListLoggingConfigurations", - "ivschat:ListRooms", - "kafka:ListClusters", - "kafka:ListConfigurations", - "kendra:ListAccessControlConfigurations", - "kendra:ListDataSources", - "kendra:ListExperiences", - "kendra:ListFaqs", - "kendra:ListFeaturedResultsSets", - "kendra:ListIndices", - "kendra:ListQuerySuggestionsBlockLists", - "kendra:ListThesauri", - "kinesis:ListStreams", - "kinesisanalytics:ListApplications", - "kinesisvideo:ListSignalingChannels", - "kinesisvideo:ListStreams", - "kms:ListKeys", - "lambda:ListCodeSigningConfigs", - "lambda:ListEventSourceMappings", - "lambda:ListFunctions", - "lex:ListBotAliases", - "lex:ListBots", - "license-manager:ListDistributedGrants", - "lightsail:GetBuckets", - "lightsail:GetCertificates", - "lightsail:GetContainerServices", - "lightsail:GetDisks", - "logs:DescribeDestinations", - "logs:DescribeLogGroups", - "logs:ListTagsForResource", - "lookoutmetrics:ListAlerts", - "lookoutmetrics:ListAnomalyDetectors", - "lookoutvision:ListProjects", - "m2:ListEnvironments", - "macie2:ListAllowLists", - "macie2:ListCustomDataIdentifiers", - "macie2:ListFindingsFilters", - "managedblockchain:ListAccessors", - "mediapackage-vod:ListAssets", - "mediapackage-vod:ListPackagingConfigurations", - "mediapackage-vod:ListPackagingGroups", - "mediapackage:ListChannels", - "mediapackage:ListOriginEndpoints", - "mediastore:ListContainers", - "mediatailor:ListChannels", - "mediatailor:ListLiveSources", - "mediatailor:ListPlaybackConfigurations", - "mediatailor:ListSourceLocations", - "mediatailor:ListVodSources", - "memorydb:DescribeACLs", - "memorydb:DescribeClusters", - "memorydb:DescribeParameterGroups", - "memorydb:DescribeSnapshots", - "memorydb:DescribeSubnetGroups", - "memorydb:DescribeUsers", - "mobiletargeting:GetApps", - "mobiletargeting:GetCampaigns", - "mobiletargeting:GetSegments", - "mobiletargeting:ListTemplates", - "mq:ListBrokers", - "mq:ListConfigurations", - "network-firewall:ListFirewallPolicies", - "network-firewall:ListFirewalls", - "network-firewall:ListRuleGroups", - "networkmanager:DescribeGlobalNetworks", - "networkmanager:GetDevices", - "networkmanager:GetLinks", - "networkmanager:ListAttachments", - "networkmanager:ListCoreNetworks", - "oam:ListSinks", - "omics:ListReferenceStores", - "omics:ListRunGroups", - "omics:ListWorkflows", - "outposts:ListSites", - "organizations:DescribeResourcePolicy", - "organizations:ListPolicies", - "panorama:ListPackages", - "partnercentral:ListEngagementInvitations", - "partnercentral:ListEngagements", - "partnercentral:ListOpportunities", - "partnercentral:ListResourceSnapshotJobs", - "partnercentral:ListResourceSnapshots", - "personalize:ListDatasetGroups", - "personalize:ListDatasets", - "personalize:ListSchemas", - "personalize:ListSolutions", - "pipes:ListPipes", - "profile:ListDomains", - "profile:ListIntegrations", - "profile:ListProfileObjectTypes", - "proton:ListEnvironmentAccountConnections", - "proton:ListEnvironmentTemplates", - "proton:ListServiceTemplates", - "qldb:ListJournalKinesisStreamsForLedger", - "qldb:ListLedgers", - "quicksight:DescribeAccountSubscription", - "quicksight:ListDataSets", - "quicksight:ListDataSources", - "quicksight:ListTemplates", - "quicksight:ListThemes", - "ram:GetResourceShares", - "rds:DescribeBlueGreenDeployments", - "rds:DescribeDBClusterEndpoints", - "rds:DescribeDBClusterParameterGroups", - "rds:DescribeDBClusterSnapshots", - "rds:DescribeDBClusters", - "rds:DescribeDBEngineVersions", - "rds:DescribeDBInstanceAutomatedBackups", - "rds:DescribeDBInstances", - "rds:DescribeDBParameterGroups", - "rds:DescribeDBProxies", - "rds:DescribeDBProxyEndpoints", - "rds:DescribeDBSecurityGroups", - "rds:DescribeDBSnapshots", - "rds:DescribeDBSubnetGroups", - "rds:DescribeEventSubscriptions", - "rds:DescribeGlobalClusters", - "rds:DescribeOptionGroups", - "rds:DescribeReservedDBInstances", - "redshift:DescribeClusterParameterGroups", - "redshift:DescribeClusterSnapshots", - "redshift:DescribeClusterSubnetGroups", - "redshift:DescribeClusters", - "redshift:DescribeEventSubscriptions", - "redshift:DescribeHsmClientCertificates", - "redshift:DescribeSnapshotCopyGrants", - "redshift:DescribeSnapshotSchedules", - "redshift:DescribeUsageLimits", - "refactor-spaces:ListApplications", - "refactor-spaces:ListEnvironments", - "refactor-spaces:ListRoutes", - "refactor-spaces:ListServices", - "rekognition:DescribeProjects", - "resiliencehub:ListApps", - "resiliencehub:ListResiliencyPolicies", - "resource-explorer-2:GetIndex", - "resource-explorer-2:ListViews", - "resource-groups:ListGroups", - "route53-recovery-control-config:ListClusters", - "route53-recovery-control-config:ListControlPanels", - "route53-recovery-control-config:ListRoutingControls", - "route53-recovery-control-config:ListSafetyRules", - "route53-recovery-readiness:ListCells", - "route53-recovery-readiness:ListReadinessChecks", - "route53-recovery-readiness:ListRecoveryGroups", - "route53-recovery-readiness:ListResourceSets", - "route53:ListHealthChecks", - "route53:ListHostedZones", - "route53domains:ListDomains", - "route53resolver:ListFirewallDomainLists", - "route53resolver:ListFirewallRuleGroupAssociations", - "route53resolver:ListFirewallRuleGroups", - "route53resolver:ListResolverEndpoints", - "route53resolver:ListResolverQueryLogConfigs", - "route53resolver:ListResolverRules", - "rum:ListAppMonitors", - "s3:GetBucketLocation", - "s3:ListAccessPoints", - "s3:ListAllMyBuckets", - "s3:ListBucket", - "s3:ListMultiRegionAccessPoints", - "s3:ListStorageLensConfigurations", - "s3:ListStorageLensGroups", - "s3express:ListAllMyDirectoryBuckets", - "sagemaker:ListActions", - "sagemaker:ListAlgorithms", - "sagemaker:ListAppImageConfigs", - "sagemaker:ListApps", - "sagemaker:ListArtifacts", - "sagemaker:ListClusters", - "sagemaker:ListCodeRepositories", - "sagemaker:ListContexts", - "sagemaker:ListDomains", - "sagemaker:ListEndpointConfigs", - "sagemaker:ListEndpoints", - "sagemaker:ListExperiments", - "sagemaker:ListFeatureGroups", - "sagemaker:ListFlowDefinitions", - "sagemaker:ListHubContents", - "sagemaker:ListHubs", - "sagemaker:ListHumanTaskUis", - "sagemaker:ListImageVersions", - "sagemaker:ListImages", - "sagemaker:ListInferenceComponents", - "sagemaker:ListInferenceExperiments", - "sagemaker:ListMlflowTrackingServers", - "sagemaker:ListModelCardVersions", - "sagemaker:ListModelCards", - "sagemaker:ListModelPackageGroups", - "sagemaker:ListModelPackages", - "sagemaker:ListModels", - "sagemaker:ListMonitoringSchedules", - "sagemaker:ListNotebookInstanceLifecycleConfigs", - "sagemaker:ListNotebookInstances", - "sagemaker:ListPipelines", - "sagemaker:ListProjects", - "sagemaker:ListSpaces", - "sagemaker:ListStudioLifecycleConfigs", - "sagemaker:ListTrialComponents", - "sagemaker:ListTrials", - "sagemaker:ListUserProfiles", - "sagemaker:ListWorkforces", - "sagemaker:ListWorkteams", - "scheduler:ListScheduleGroups", - "schemas:ListDiscoverers", - "secretsmanager:ListSecrets", - "servicecatalog:ListApplications", - "servicecatalog:ListAttributeGroups", - "servicediscovery:ListServices", - "ses:ListConfigurationSets", - "ses:ListContactLists", - "ses:ListDedicatedIpPools", - "ses:ListEmailIdentities", - "shield:ListProtectionGroups", - "shield:ListProtections", - "signer:ListSigningProfiles", - "sns:ListTopics", - "sqs:ListQueues", - "ssm-incidents:ListResponsePlans", - "ssm:DescribeInstanceInformation", - "ssm:DescribeMaintenanceWindowTargets", - "ssm:DescribeMaintenanceWindowTasks", - "ssm:DescribeMaintenanceWindows", - "ssm:DescribeParameters", - "ssm:DescribeSessions", - "ssm:ListAssociations", - "ssm:ListDocuments", - "ssm:ListResourceDataSync", - "states:ListActivities", - "states:ListStateMachines", - "storagegateway:ListGateways", - "synthetics:DescribeCanaries", - "synthetics:ListGroups", - "transfer:ListAgreements", - "transfer:ListCertificates", - "transfer:ListConnectors", - "transfer:ListProfiles", - "transfer:ListServers", - "transfer:ListUsers", - "transfer:ListWorkflows", - "verifiedpermissions:ListPolicyStores", - "vpc-lattice:ListListeners", - "vpc-lattice:ListServiceNetworkServiceAssociations", - "vpc-lattice:ListServiceNetworks", - "vpc-lattice:ListServices", - "vpc-lattice:ListTargetGroups", - "wafv2:ListIPSets", - "wafv2:ListRegexPatternSets", - "wafv2:ListRuleGroups", - "wafv2:ListWebACLs", - "wisdom:ListAssistantAssociations", - "wisdom:ListAssistants", - "wisdom:ListContents", - "wisdom:ListKnowledgeBases", - "workspaces-web:ListPortals", - "workspaces:DescribeConnectionAliases", - "workspaces:DescribeWorkspaces" - ], - "Resource": "*" - }, - { - "Sid": "PermissionsForReadGetResources", - "Effect": "Allow", - "Action": [ - "cloudformation:GetResource", - "cloudfront:GetDistribution", - "cloudfront:GetDistributionConfig", - "dynamodb:DescribeContinuousBackups", - "dynamodb:DescribeContributorInsights", - "dynamodb:DescribeKinesisStreamingDestination", - "dynamodb:DescribeTable", - "dynamodb:GetResourcePolicy", - "dynamodb:ListTagsOfResource", - "ecs:ListTagsForResource", - "elasticloadbalancing:DescribeCapacityReservation", - "elasticloadbalancing:DescribeLoadBalancerAttributes", - "elasticloadbalancing:DescribeLoadBalancerPolicies", - "elasticloadbalancing:DescribeLoadBalancerPolicyTypes", - "elasticloadbalancing:DescribeTags", - "elasticloadbalancing:DescribeTargetGroupAttributes", - "elasticloadbalancing:DescribeTargetHealth", - "events:DescribeRule", - "events:ListTargetsByRule", - "iam:GetRole", - "iam:GetRolePolicy", - "iam:ListAttachedRolePolicies", - "iam:ListRolePolicies", - "kinesis:DescribeStreamSummary", - "kinesis:ListTagsForStream", - "lambda:GetEventSourceMapping", - "lambda:GetFunction", - "lambda:GetFunctionCodeSigningConfig", - "lambda:GetFunctionRecursionConfig", - "lambda:ListTags", - "logs:DescribeIndexPolicies", - "logs:GetDataProtectionPolicy", - "s3:GetAccelerateConfiguration", - "s3:GetAnalyticsConfiguration", - "s3:GetBucketCORS", - "s3:GetBucketLogging", - "s3:GetBucketMetadataTableConfiguration", - "s3:GetBucketNotification", - "s3:GetBucketObjectLockConfiguration", - "s3:GetBucketOwnershipControls", - "s3:GetBucketPublicAccessBlock", - "s3:GetBucketTagging", - "s3:GetBucketVersioning", - "s3:GetBucketWebsite", - "s3:GetEncryptionConfiguration", - "s3:GetIntelligentTieringConfiguration", - "s3:GetInventoryConfiguration", - "s3:GetLifecycleConfiguration", - "s3:GetMetricsConfiguration", - "s3:GetReplicationConfiguration", - "sns:GetDataProtectionPolicy", - "sns:GetTopicAttributes", - "sns:ListSubscriptionsByTopic", - "sns:ListTagsForResource", - "sqs:GetQueueAttributes", - "sqs:ListQueueTags" - ], - "Resource": "*" - } - ] - }, - "tags": [] - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "AWSResourceExplorerServiceRolePolicy", - "type": "AwsIamPolicy", - "uid": "arn:aws:iam::aws:policy/aws-service-role/AWSResourceExplorerServiceRolePolicy" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "It is more secure to start with a minimum set of permissions and grant additional permissions as necessary, rather than starting with permissions that are too lenient and then trying to tighten them later. List policies an analyze if permissions are the least possible to conduct business activities.", - "references": [ - "http://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html" - ] - }, - "risk_details": "IAM policies are the means by which privileges are granted to users, groups, or roles. It is recommended and considered a standard security advice to grant least privilegeβ€”that is, granting only the permissions required to perform a task. Determine what users need to do and then craft policies for them that let the users perform only those tasks instead of allowing full administrative privileges. Providing full administrative privileges instead of restricting to the minimum set of permissions that the user is required to do exposes the resources to potentially unwanted actions.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No SAML Providers found.", - "metadata": { - "event_code": "iam_check_saml_providers_sts", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "No SAML Providers found.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.21" - ], - "ENS-RD2022": [ - "op.acc.1.aws.iam.2" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.3", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.21" - ], - "CIS-5.0": [ - "1.20" - ], - "CIS-1.4": [ - "1.21" - ], - "CCC": [ - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR06" - ], - "ProwlerThreatScore-1.0": [ - "1.2.7" - ], - "CIS-1.5": [ - "1.21" - ], - "KISA-ISMS-P-2023": [ - "2.5.3", - "2.10.2" - ], - "CIS-2.0": [ - "1.21" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Check if there are SAML Providers then STS can be used", - "title": "Check if there are SAML Providers then STS can be used", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_check_saml_providers_sts-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:iam::211203495394:root" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Enable SAML provider and use temporary credentials. You can use temporary security credentials to make programmatic requests for AWS resources using the AWS CLI or AWS API (using the AWS SDKs ). The temporary credentials provide the same permissions that you have with use long-term security credentials such as IAM user credentials. In case of not having SAML provider capabilities prevent usage of long-lived credentials.", - "references": [ - "https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRoleWithSAML.html" - ] - }, - "risk_details": "Without SAML provider users with AWS CLI or AWS API access can use IAM static credentials. SAML helps users to assume role by default each time they authenticate.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Custom policy vpc-flow-log-to-cloudwatch-20251019183706984700000008 is attached but does not allow '*:*' administrative privileges.", - "metadata": { - "event_code": "iam_customer_attached_policy_no_administrative_privileges", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Custom policy vpc-flow-log-to-cloudwatch-20251019183706984700000008 is attached but does not allow '*:*' administrative privileges.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "CAF Security Epic: IAM", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_1", - "3_1_2", - "3_1_4", - "3_1_5", - "3_1_6", - "3_1_7", - "3_4_6", - "3_13_3" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_1" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_308_a_3_i", - "164_308_a_3_ii_b", - "164_308_a_4_i", - "164_308_a_4_ii_b", - "164_308_a_4_ii_c", - "164_312_a_1" - ], - "SOC2": [ - "cc_1_3", - "cc_6_3" - ], - "C5-2025": [ - "OIS-04.01AC", - "SP-01.04B", - "HR-01.01B", - "IAM-01.01B", - "IAM-01.04B", - "IAM-06.01B" - ], - "NIST-CSF-1.1": [ - "ac_1", - "ac_4", - "pt_3" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-1", - "ac-2-f", - "ac-2-j", - "ac-3", - "ac-5-c", - "ac-6-10", - "ac-6", - "sc-2" - ], - "CIS-3.0": [ - "1.16" - ], - "NIST-800-53-Revision-5": [ - "ac_2_1", - "ac_2_6", - "ac_2_i_2", - "ac_3", - "ac_3_3", - "ac_3_3_a", - "ac_3_3_b_1", - "ac_3_3_b_2", - "ac_3_3_b_3", - "ac_3_3_b_4", - "ac_3_3_b_5", - "ac_3_3_c", - "ac_3_4", - "ac_3_4_a", - "ac_3_4_b", - "ac_3_4_c", - "ac_3_4_d", - "ac_3_4_e", - "ac_3_7", - "ac_3_8", - "ac_3_12_a", - "ac_3_13", - "ac_3_15_a", - "ac_3_15_b", - "ac_4_28", - "ac_5_b", - "ac_6", - "ac_6_2", - "ac_6_3", - "ac_6_10", - "ac_24", - "cm_5_1_a", - "cm_6_a", - "cm_9_b", - "mp_2", - "sc_23_3", - "sc_25" - ], - "ENS-RD2022": [ - "op.acc.4.aws.iam.1", - "op.acc.4.aws.iam.2", - "op.acc.4.aws.iam.9", - "op.exp.8.r4.aws.ct.8", - "op.exp.8.r4.aws.ct.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.16" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "ac-3" - ], - "FFIEC": [ - "d3-pc-am-b-1", - "d3-pc-am-b-16", - "d3-pc-am-b-2", - "d3-pc-am-b-3", - "d3-pc-am-b-6", - "d3-pc-im-b-7" - ], - "GDPR": [ - "article_25" - ], - "CIS-5.0": [ - "1.15" - ], - "CIS-1.4": [ - "1.16" - ], - "CCC": [ - "CCC.LB.CN05.AR01", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN05.AR02" - ], - "GxP-21-CFR-Part-11": [ - "11.10-d", - "11.10-g" - ], - "ProwlerThreatScore-1.0": [ - "1.3.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "IAM.1" - ], - "CIS-1.5": [ - "1.16" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC03-BP02", - "SEC03-BP04" - ], - "ISO27001-2022": [ - "A.5.18", - "A.8.2" - ], - "NIST-800-53-Revision-4": [ - "ac_2", - "ac_3", - "ac_5", - "ac_6", - "sc_2" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1078", - "T1648", - "T1098", - "T1578", - "T1550", - "T1040", - "T1580", - "T1538", - "T1619", - "T1201" - ], - "CIS-2.0": [ - "1.16" - ], - "CISA": [ - "your-systems-3", - "your-surroundings-3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure IAM Customer-Managed policies that allow full \"*:*\" administrative privileges are not attached", - "title": "Ensure IAM Customer-Managed policies that allow full \"*:*\" administrative privileges are not attached", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_customer_attached_policy_no_administrative_privileges-211203495394-us-east-1-vpc-flow-log-to-cloudwatch-20251019183706984700000008" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "vpc-flow-log-to-cloudwatch-20251019183706984700000008", - "arn": "arn:aws:iam::211203495394:policy/vpc-flow-log-to-cloudwatch-20251019183706984700000008", - "entity": "ANPATCLFVSXRGIQVNTVU5", - "version_id": "v1", - "type": "Custom", - "attached": true, - "document": { - "Statement": [ - { - "Action": [ - "logs:PutLogEvents", - "logs:DescribeLogStreams", - "logs:DescribeLogGroups", - "logs:CreateLogStream" - ], - "Effect": "Allow", - "Resource": "arn:aws:logs:eu-west-1:211203495394:log-group:/aws/vpc-flow-log/vpc-007d791b9b857543e:*", - "Sid": "AWSVPCFlowLogsPushToCloudWatch" - } - ], - "Version": "2012-10-17" - }, - "tags": [ - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Example", - "Value": "ex-vpc" - } - ] - } - }, - "group": { - "name": "iam" - }, - "labels": [ - "GithubRepo:terraform-aws-vpc", - "GithubOrg:terraform-aws-modules", - "Example:ex-vpc" - ], - "name": "vpc-flow-log-to-cloudwatch-20251019183706984700000008", - "type": "AwsIamPolicy", - "uid": "arn:aws:iam::211203495394:policy/vpc-flow-log-to-cloudwatch-20251019183706984700000008" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "It is more secure to start with a minimum set of permissions and grant additional permissions as necessary, rather than starting with permissions that are too lenient and then trying to tighten them later. List policies an analyze if permissions are the least possible to conduct business activities.", - "references": [ - "http://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html" - ] - }, - "risk_details": "IAM policies are the means by which privileges are granted to users, groups, or roles. It is recommended and considered a standard security advice to grant least privilegeβ€”that is, granting only the permissions required to perform a task. Determine what users need to do and then craft policies for them that let the users perform only those tasks instead of allowing full administrative privileges. Providing full administrative privileges instead of restricting to the minimum set of permissions that the user is required to do exposes the resources to potentially unwanted actions.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Inline policy CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-read attached to user test-user-trusted does not allow privilege escalation.", - "metadata": { - "event_code": "iam_inline_policy_allows_privilege_escalation", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Inline policy CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-read attached to user test-user-trusted does not allow privilege escalation.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_3_3" - ], - "C5-2025": [ - "SP-01.04B", - "AM-09.04AC" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.LB.CN05.AR01", - "CCC.Monitor.CN05.AR01", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR04" - ], - "ProwlerThreatScore-1.0": [ - "1.3.3" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure no Inline IAM policies allow actions that may lead into Privilege Escalation", - "title": "Ensure no IAM Inline policies allow actions that may lead into Privilege Escalation", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards" - ], - "uid": "prowler-aws-iam_inline_policy_allows_privilege_escalation-211203495394-us-east-1-test-user-trusted/CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-read" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-read", - "arn": "arn:aws:iam::211203495394:user/test-user-trusted", - "entity": "test-user-trusted", - "version_id": "v1", - "type": "Inline", - "attached": true, - "document": { - "Statement": [ - { - "Action": [ - "s3:GetObject", - "s3:ListBucket", - "rds:DescribeDBInstances", - "ec2:Describe*" - ], - "Effect": "Allow", - "Resource": "arn:aws:s3:us-east-1:211203495394:storage-lens/default-account-dashboard" - } - ], - "Version": "2012-10-17" - }, - "tags": [] - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "test-user-trusted/CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-read", - "type": "AwsIamPolicy", - "uid": "arn:aws:iam::211203495394:user/test-user-trusted" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Grant usage permission on a per-resource basis and applying least privilege principle.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#grant-least-privilege" - ] - }, - "risk_details": "Users with some IAM permissions are allowed to elevate their privileges up to administrator rights.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Inline policy CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-write attached to user test-user-trusted does not allow privilege escalation.", - "metadata": { - "event_code": "iam_inline_policy_allows_privilege_escalation", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Inline policy CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-write attached to user test-user-trusted does not allow privilege escalation.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_3_3" - ], - "C5-2025": [ - "SP-01.04B", - "AM-09.04AC" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.LB.CN05.AR01", - "CCC.Monitor.CN05.AR01", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR04" - ], - "ProwlerThreatScore-1.0": [ - "1.3.3" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure no Inline IAM policies allow actions that may lead into Privilege Escalation", - "title": "Ensure no IAM Inline policies allow actions that may lead into Privilege Escalation", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards" - ], - "uid": "prowler-aws-iam_inline_policy_allows_privilege_escalation-211203495394-us-east-1-test-user-trusted/CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-write" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-write", - "arn": "arn:aws:iam::211203495394:user/test-user-trusted", - "entity": "test-user-trusted", - "version_id": "v1", - "type": "Inline", - "attached": true, - "document": { - "Statement": [ - { - "Action": [ - "s3:GetObject", - "s3:PutObject", - "s3:DeleteObject", - "s3:ListBucket", - "rds:DescribeDBInstances", - "rds:ModifyDBInstance", - "ec2:Describe*" - ], - "Effect": "Allow", - "Resource": "arn:aws:s3:us-east-1:211203495394:storage-lens/default-account-dashboard" - } - ], - "Version": "2012-10-17" - }, - "tags": [] - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "test-user-trusted/CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-write", - "type": "AwsIamPolicy", - "uid": "arn:aws:iam::211203495394:user/test-user-trusted" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Grant usage permission on a per-resource basis and applying least privilege principle.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#grant-least-privilege" - ] - }, - "risk_details": "Users with some IAM permissions are allowed to elevate their privileges up to administrator rights.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Inline policy CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-read attached to user test-user-trusted does not allow '*:*' administrative privileges.", - "metadata": { - "event_code": "iam_inline_policy_no_administrative_privileges", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Inline policy CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-read attached to user test-user-trusted does not allow '*:*' administrative privileges.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "CAF Security Epic: IAM", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_1", - "3_1_2", - "3_1_4", - "3_1_5", - "3_1_6", - "3_1_7", - "3_4_6", - "3_13_3" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_1" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_308_a_3_i", - "164_308_a_3_ii_b", - "164_308_a_4_i", - "164_308_a_4_ii_b", - "164_308_a_4_ii_c", - "164_312_a_1" - ], - "SOC2": [ - "cc_1_3", - "cc_6_3" - ], - "C5-2025": [ - "OIS-04.01AC", - "SP-01.04B", - "HR-01.01B", - "IAM-01.01B", - "IAM-01.04B" - ], - "NIST-CSF-1.1": [ - "ac_1", - "ac_4", - "pt_3" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-1", - "ac-2-f", - "ac-2-j", - "ac-3", - "ac-5-c", - "ac-6-10", - "ac-6", - "sc-2" - ], - "NIST-800-53-Revision-5": [ - "ac_2_1", - "ac_2_6", - "ac_2_i_2", - "ac_3", - "ac_3_3", - "ac_3_3_a", - "ac_3_3_b_1", - "ac_3_3_b_2", - "ac_3_3_b_3", - "ac_3_3_b_4", - "ac_3_3_b_5", - "ac_3_3_c", - "ac_3_4", - "ac_3_4_a", - "ac_3_4_b", - "ac_3_4_c", - "ac_3_4_d", - "ac_3_4_e", - "ac_3_7", - "ac_3_8", - "ac_3_12_a", - "ac_3_13", - "ac_3_15_a", - "ac_3_15_b", - "ac_4_28", - "ac_5_b", - "ac_6", - "ac_6_2", - "ac_6_3", - "ac_6_10", - "ac_24", - "cm_5_1_a", - "cm_6_a", - "cm_9_b", - "mp_2", - "sc_23_3", - "sc_25" - ], - "ENS-RD2022": [ - "op.acc.4.aws.iam.1", - "op.acc.4.aws.iam.2", - "op.acc.4.aws.iam.9", - "op.exp.8.r4.aws.ct.8" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "ac-3" - ], - "FFIEC": [ - "d3-pc-am-b-1", - "d3-pc-am-b-16", - "d3-pc-am-b-2", - "d3-pc-am-b-3", - "d3-pc-am-b-6", - "d3-pc-im-b-7" - ], - "GDPR": [ - "article_25" - ], - "CCC": [ - "CCC.LB.CN05.AR01" - ], - "GxP-21-CFR-Part-11": [ - "11.10-d", - "11.10-g" - ], - "AWS-Foundational-Security-Best-Practices": [ - "IAM.1" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC03-BP02" - ], - "ISO27001-2022": [ - "A.5.18", - "A.8.2" - ], - "NIST-800-53-Revision-4": [ - "ac_2", - "ac_3", - "ac_5", - "ac_6", - "sc_2" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1078", - "T1648", - "T1098", - "T1578", - "T1550", - "T1040", - "T1580", - "T1538", - "T1619", - "T1201" - ], - "CISA": [ - "your-systems-3", - "your-surroundings-3" - ], - "NIS2": [ - "6.7.2.e", - "11.3.2.c", - "11.4.2.b" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure inline policies that allow full \"*:*\" administrative privileges are not associated to IAM identities", - "title": "Ensure IAM inline policies that allow full \"*:*\" administrative privileges are not associated to IAM identities", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_inline_policy_no_administrative_privileges-211203495394-us-east-1-test-user-trusted/CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-read" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-read", - "arn": "arn:aws:iam::211203495394:user/test-user-trusted", - "entity": "test-user-trusted", - "version_id": "v1", - "type": "Inline", - "attached": true, - "document": { - "Statement": [ - { - "Action": [ - "s3:GetObject", - "s3:ListBucket", - "rds:DescribeDBInstances", - "ec2:Describe*" - ], - "Effect": "Allow", - "Resource": "arn:aws:s3:us-east-1:211203495394:storage-lens/default-account-dashboard" - } - ], - "Version": "2012-10-17" - }, - "tags": [] - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "test-user-trusted/CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-read", - "type": "AwsIamPolicy", - "uid": "arn:aws:iam::211203495394:user/test-user-trusted" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "It is more secure to start with a minimum set of permissions and grant additional permissions as necessary, rather than starting with permissions that are too lenient and then trying to tighten them later. List policies an analyze if permissions are the least possible to conduct business activities.", - "references": [ - "http://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html" - ] - }, - "risk_details": "IAM policies are the means by which privileges are granted to users, groups or roles. It is recommended and considered a standard security advice to grant least privilegeβ€”that is, granting only the permissions required to perform a task. Determine what users need to do and then craft policies for them that let the users perform only those tasks instead of allowing full administrative privileges. Providing full administrative privileges instead of restricting to the minimum set of permissions that the user is required to do exposes the resources to potentially unwanted actions.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Inline policy CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-write attached to user test-user-trusted does not allow '*:*' administrative privileges.", - "metadata": { - "event_code": "iam_inline_policy_no_administrative_privileges", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Inline policy CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-write attached to user test-user-trusted does not allow '*:*' administrative privileges.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "CAF Security Epic: IAM", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_1", - "3_1_2", - "3_1_4", - "3_1_5", - "3_1_6", - "3_1_7", - "3_4_6", - "3_13_3" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_1" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_308_a_3_i", - "164_308_a_3_ii_b", - "164_308_a_4_i", - "164_308_a_4_ii_b", - "164_308_a_4_ii_c", - "164_312_a_1" - ], - "SOC2": [ - "cc_1_3", - "cc_6_3" - ], - "C5-2025": [ - "OIS-04.01AC", - "SP-01.04B", - "HR-01.01B", - "IAM-01.01B", - "IAM-01.04B" - ], - "NIST-CSF-1.1": [ - "ac_1", - "ac_4", - "pt_3" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-1", - "ac-2-f", - "ac-2-j", - "ac-3", - "ac-5-c", - "ac-6-10", - "ac-6", - "sc-2" - ], - "NIST-800-53-Revision-5": [ - "ac_2_1", - "ac_2_6", - "ac_2_i_2", - "ac_3", - "ac_3_3", - "ac_3_3_a", - "ac_3_3_b_1", - "ac_3_3_b_2", - "ac_3_3_b_3", - "ac_3_3_b_4", - "ac_3_3_b_5", - "ac_3_3_c", - "ac_3_4", - "ac_3_4_a", - "ac_3_4_b", - "ac_3_4_c", - "ac_3_4_d", - "ac_3_4_e", - "ac_3_7", - "ac_3_8", - "ac_3_12_a", - "ac_3_13", - "ac_3_15_a", - "ac_3_15_b", - "ac_4_28", - "ac_5_b", - "ac_6", - "ac_6_2", - "ac_6_3", - "ac_6_10", - "ac_24", - "cm_5_1_a", - "cm_6_a", - "cm_9_b", - "mp_2", - "sc_23_3", - "sc_25" - ], - "ENS-RD2022": [ - "op.acc.4.aws.iam.1", - "op.acc.4.aws.iam.2", - "op.acc.4.aws.iam.9", - "op.exp.8.r4.aws.ct.8" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "ac-3" - ], - "FFIEC": [ - "d3-pc-am-b-1", - "d3-pc-am-b-16", - "d3-pc-am-b-2", - "d3-pc-am-b-3", - "d3-pc-am-b-6", - "d3-pc-im-b-7" - ], - "GDPR": [ - "article_25" - ], - "CCC": [ - "CCC.LB.CN05.AR01" - ], - "GxP-21-CFR-Part-11": [ - "11.10-d", - "11.10-g" - ], - "AWS-Foundational-Security-Best-Practices": [ - "IAM.1" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC03-BP02" - ], - "ISO27001-2022": [ - "A.5.18", - "A.8.2" - ], - "NIST-800-53-Revision-4": [ - "ac_2", - "ac_3", - "ac_5", - "ac_6", - "sc_2" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1078", - "T1648", - "T1098", - "T1578", - "T1550", - "T1040", - "T1580", - "T1538", - "T1619", - "T1201" - ], - "CISA": [ - "your-systems-3", - "your-surroundings-3" - ], - "NIS2": [ - "6.7.2.e", - "11.3.2.c", - "11.4.2.b" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure inline policies that allow full \"*:*\" administrative privileges are not associated to IAM identities", - "title": "Ensure IAM inline policies that allow full \"*:*\" administrative privileges are not associated to IAM identities", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_inline_policy_no_administrative_privileges-211203495394-us-east-1-test-user-trusted/CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-write" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-write", - "arn": "arn:aws:iam::211203495394:user/test-user-trusted", - "entity": "test-user-trusted", - "version_id": "v1", - "type": "Inline", - "attached": true, - "document": { - "Statement": [ - { - "Action": [ - "s3:GetObject", - "s3:PutObject", - "s3:DeleteObject", - "s3:ListBucket", - "rds:DescribeDBInstances", - "rds:ModifyDBInstance", - "ec2:Describe*" - ], - "Effect": "Allow", - "Resource": "arn:aws:s3:us-east-1:211203495394:storage-lens/default-account-dashboard" - } - ], - "Version": "2012-10-17" - }, - "tags": [] - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "test-user-trusted/CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-write", - "type": "AwsIamPolicy", - "uid": "arn:aws:iam::211203495394:user/test-user-trusted" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "It is more secure to start with a minimum set of permissions and grant additional permissions as necessary, rather than starting with permissions that are too lenient and then trying to tighten them later. List policies an analyze if permissions are the least possible to conduct business activities.", - "references": [ - "http://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html" - ] - }, - "risk_details": "IAM policies are the means by which privileges are granted to users, groups or roles. It is recommended and considered a standard security advice to grant least privilegeβ€”that is, granting only the permissions required to perform a task. Determine what users need to do and then craft policies for them that let the users perform only those tasks instead of allowing full administrative privileges. Providing full administrative privileges instead of restricting to the minimum set of permissions that the user is required to do exposes the resources to potentially unwanted actions.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Inline policy CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-read attached to user test-user-trusted does not allow 'cloudtrail:*' privileges.", - "metadata": { - "event_code": "iam_inline_policy_no_full_access_to_cloudtrail", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Inline policy CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-read attached to user test-user-trusted does not allow 'cloudtrail:*' privileges.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-10.01B", - "SIM-03.07B", - "COM-04.01AC" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.LB.CN05.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN05.AR01", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR04" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure IAM inline policies that allow full \"cloudtrail:*\" privileges are not created", - "title": "Ensure IAM inline policies that allow full \"cloudtrail:*\" privileges are not created", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_inline_policy_no_full_access_to_cloudtrail-211203495394-us-east-1-test-user-trusted/CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-read" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-read", - "arn": "arn:aws:iam::211203495394:user/test-user-trusted", - "entity": "test-user-trusted", - "version_id": "v1", - "type": "Inline", - "attached": true, - "document": { - "Statement": [ - { - "Action": [ - "s3:GetObject", - "s3:ListBucket", - "rds:DescribeDBInstances", - "ec2:Describe*" - ], - "Effect": "Allow", - "Resource": "arn:aws:s3:us-east-1:211203495394:storage-lens/default-account-dashboard" - } - ], - "Version": "2012-10-17" - }, - "tags": [] - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "test-user-trusted/CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-read", - "type": "AwsIamPolicy", - "uid": "arn:aws:iam::211203495394:user/test-user-trusted" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "It is more secure to start with a minimum set of permissions and grant additional permissions as necessary, rather than starting with permissions that are too lenient and then trying to tighten them later. List policies an analyze if permissions are the least possible to conduct business activities.", - "references": [ - "http://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html" - ] - }, - "risk_details": "CloudTrail is a critical service and IAM policies should follow least privilege model for this service in particular", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Inline policy CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-write attached to user test-user-trusted does not allow 'cloudtrail:*' privileges.", - "metadata": { - "event_code": "iam_inline_policy_no_full_access_to_cloudtrail", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Inline policy CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-write attached to user test-user-trusted does not allow 'cloudtrail:*' privileges.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-10.01B", - "SIM-03.07B", - "COM-04.01AC" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.LB.CN05.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN05.AR01", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR04" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure IAM inline policies that allow full \"cloudtrail:*\" privileges are not created", - "title": "Ensure IAM inline policies that allow full \"cloudtrail:*\" privileges are not created", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_inline_policy_no_full_access_to_cloudtrail-211203495394-us-east-1-test-user-trusted/CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-write" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-write", - "arn": "arn:aws:iam::211203495394:user/test-user-trusted", - "entity": "test-user-trusted", - "version_id": "v1", - "type": "Inline", - "attached": true, - "document": { - "Statement": [ - { - "Action": [ - "s3:GetObject", - "s3:PutObject", - "s3:DeleteObject", - "s3:ListBucket", - "rds:DescribeDBInstances", - "rds:ModifyDBInstance", - "ec2:Describe*" - ], - "Effect": "Allow", - "Resource": "arn:aws:s3:us-east-1:211203495394:storage-lens/default-account-dashboard" - } - ], - "Version": "2012-10-17" - }, - "tags": [] - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "test-user-trusted/CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-write", - "type": "AwsIamPolicy", - "uid": "arn:aws:iam::211203495394:user/test-user-trusted" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "It is more secure to start with a minimum set of permissions and grant additional permissions as necessary, rather than starting with permissions that are too lenient and then trying to tighten them later. List policies an analyze if permissions are the least possible to conduct business activities.", - "references": [ - "http://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html" - ] - }, - "risk_details": "CloudTrail is a critical service and IAM policies should follow least privilege model for this service in particular", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Inline policy CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-read attached to user test-user-trusted does not allow 'kms:*' privileges.", - "metadata": { - "event_code": "iam_inline_policy_no_full_access_to_kms", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Inline policy CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-read attached to user test-user-trusted does not allow 'kms:*' privileges.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "IAM-10.01B", - "CRY-05.02B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "PCI-4.0": [ - "3.5.1.1.8", - "3.5.1.3.16", - "3.6.1.2.8", - "3.6.1.3.8", - "3.6.1.4.8", - "3.6.1.8", - "3.7.1.9", - "3.7.2.8", - "3.7.4.9", - "3.7.6.8", - "3.7.7.8", - "4.2.1.1.21", - "7.2.1.10", - "7.2.2.10", - "7.2.3.6", - "7.2.5.6", - "7.3.1.6", - "7.3.2.6", - "7.3.3.6", - "8.2.7.6", - "8.2.8.8", - "8.3.4.6" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.KeyMgmt.CN02.AR01", - "CCC.LB.CN05.AR01", - "CCC.ObjStor.CN01.AR02", - "CCC.ObjStor.CN01.AR04", - "CCC.MLDE.CN01.AR01", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR04" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure IAM inline policies that allow full \"kms:*\" privileges are not created", - "title": "Ensure IAM inline policies that allow full \"kms:*\" privileges are not created", - "types": [ - "Software and Configuration Checks" - ], - "uid": "prowler-aws-iam_inline_policy_no_full_access_to_kms-211203495394-us-east-1-test-user-trusted/CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-read" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-read", - "arn": "arn:aws:iam::211203495394:user/test-user-trusted", - "entity": "test-user-trusted", - "version_id": "v1", - "type": "Inline", - "attached": true, - "document": { - "Statement": [ - { - "Action": [ - "s3:GetObject", - "s3:ListBucket", - "rds:DescribeDBInstances", - "ec2:Describe*" - ], - "Effect": "Allow", - "Resource": "arn:aws:s3:us-east-1:211203495394:storage-lens/default-account-dashboard" - } - ], - "Version": "2012-10-17" - }, - "tags": [] - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "test-user-trusted/CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-read", - "type": "AwsIamPolicy", - "uid": "arn:aws:iam::211203495394:user/test-user-trusted" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "It is more secure to start with a minimum set of permissions and grant additional permissions as necessary, rather than starting with permissions that are too lenient and then trying to tighten them later. List policies an analyze if permissions are the least possible to conduct business activities.", - "references": [ - "http://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html" - ] - }, - "risk_details": "KMS is a critical service and IAM policies should follow least privilege model for this service in particular", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Inline policy CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-write attached to user test-user-trusted does not allow 'kms:*' privileges.", - "metadata": { - "event_code": "iam_inline_policy_no_full_access_to_kms", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Inline policy CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-write attached to user test-user-trusted does not allow 'kms:*' privileges.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "IAM-10.01B", - "CRY-05.02B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "PCI-4.0": [ - "3.5.1.1.8", - "3.5.1.3.16", - "3.6.1.2.8", - "3.6.1.3.8", - "3.6.1.4.8", - "3.6.1.8", - "3.7.1.9", - "3.7.2.8", - "3.7.4.9", - "3.7.6.8", - "3.7.7.8", - "4.2.1.1.21", - "7.2.1.10", - "7.2.2.10", - "7.2.3.6", - "7.2.5.6", - "7.3.1.6", - "7.3.2.6", - "7.3.3.6", - "8.2.7.6", - "8.2.8.8", - "8.3.4.6" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.KeyMgmt.CN02.AR01", - "CCC.LB.CN05.AR01", - "CCC.ObjStor.CN01.AR02", - "CCC.ObjStor.CN01.AR04", - "CCC.MLDE.CN01.AR01", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR04" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure IAM inline policies that allow full \"kms:*\" privileges are not created", - "title": "Ensure IAM inline policies that allow full \"kms:*\" privileges are not created", - "types": [ - "Software and Configuration Checks" - ], - "uid": "prowler-aws-iam_inline_policy_no_full_access_to_kms-211203495394-us-east-1-test-user-trusted/CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-write" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-write", - "arn": "arn:aws:iam::211203495394:user/test-user-trusted", - "entity": "test-user-trusted", - "version_id": "v1", - "type": "Inline", - "attached": true, - "document": { - "Statement": [ - { - "Action": [ - "s3:GetObject", - "s3:PutObject", - "s3:DeleteObject", - "s3:ListBucket", - "rds:DescribeDBInstances", - "rds:ModifyDBInstance", - "ec2:Describe*" - ], - "Effect": "Allow", - "Resource": "arn:aws:s3:us-east-1:211203495394:storage-lens/default-account-dashboard" - } - ], - "Version": "2012-10-17" - }, - "tags": [] - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "test-user-trusted/CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-write", - "type": "AwsIamPolicy", - "uid": "arn:aws:iam::211203495394:user/test-user-trusted" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "It is more secure to start with a minimum set of permissions and grant additional permissions as necessary, rather than starting with permissions that are too lenient and then trying to tighten them later. List policies an analyze if permissions are the least possible to conduct business activities.", - "references": [ - "http://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html" - ] - }, - "risk_details": "KMS is a critical service and IAM policies should follow least privilege model for this service in particular", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Custom Policy vpc-flow-log-to-cloudwatch-20251019183706984700000008 does not allow permissive STS Role assumption.", - "metadata": { - "event_code": "iam_no_custom_policy_permissive_role_assumption", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Custom Policy vpc-flow-log-to-cloudwatch-20251019183706984700000008 does not allow permissive STS Role assumption.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_permissions-to-switch.html#roles-usingrole-createpolicy", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "CAF Security Epic: IAM", - "compliance": { - "C5-2025": [ - "IAM-01.01B", - "IAM-01.04B", - "IAM-06.02B" - ], - "ENS-RD2022": [ - "op.acc.4.aws.iam.1", - "op.acc.4.aws.iam.2", - "op.exp.8.r4.aws.ct.8", - "op.exp.8.r4.aws.ct.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CCC": [ - "CCC.Vector.CN02.AR01" - ], - "AWS-Account-Security-Onboarding": [ - "Predefine IAM Roles" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1078", - "T1098", - "T1606", - "T1040", - "T1580" - ], - "CISA": [ - "your-systems-3", - "your-surroundings-3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure that no custom IAM policies exist which allow permissive role assumption (e.g. sts:AssumeRole on *)", - "title": "Ensure that no custom IAM policies exist which allow permissive role assumption (e.g. sts:AssumeRole on *)", - "types": [ - "Software and Configuration Checks" - ], - "uid": "prowler-aws-iam_no_custom_policy_permissive_role_assumption-211203495394-us-east-1-vpc-flow-log-to-cloudwatch-20251019183706984700000008" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "vpc-flow-log-to-cloudwatch-20251019183706984700000008", - "arn": "arn:aws:iam::211203495394:policy/vpc-flow-log-to-cloudwatch-20251019183706984700000008", - "entity": "ANPATCLFVSXRGIQVNTVU5", - "version_id": "v1", - "type": "Custom", - "attached": true, - "document": { - "Statement": [ - { - "Action": [ - "logs:PutLogEvents", - "logs:DescribeLogStreams", - "logs:DescribeLogGroups", - "logs:CreateLogStream" - ], - "Effect": "Allow", - "Resource": "arn:aws:logs:eu-west-1:211203495394:log-group:/aws/vpc-flow-log/vpc-007d791b9b857543e:*", - "Sid": "AWSVPCFlowLogsPushToCloudWatch" - } - ], - "Version": "2012-10-17" - }, - "tags": [ - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Example", - "Value": "ex-vpc" - } - ] - } - }, - "group": { - "name": "iam" - }, - "labels": [ - "GithubRepo:terraform-aws-vpc", - "GithubOrg:terraform-aws-modules", - "Example:ex-vpc" - ], - "name": "vpc-flow-log-to-cloudwatch-20251019183706984700000008", - "type": "AwsIamPolicy", - "uid": "arn:aws:iam::211203495394:policy/vpc-flow-log-to-cloudwatch-20251019183706984700000008" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Use the least privilege principle when granting permissions.", - "references": [ - "https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRole.html" - ] - }, - "risk_details": "If not restricted unintended access could happen.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Root account does not have access keys.", - "metadata": { - "event_code": "iam_no_root_access_key", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "PASS", - "status_detail": "Root account does not have access keys.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_1", - "3_1_2", - "3_1_4", - "3_1_5", - "3_1_6", - "3_1_7", - "3_4_6" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_1" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_308_a_3_i", - "164_308_a_3_ii_b", - "164_308_a_4_ii_c", - "164_312_a_2_i" - ], - "C5-2025": [ - "IAM-03.01B", - "IAM-03.03B", - "IAM-06.02B", - "IAM-10.01B", - "CRY-03.01B" - ], - "NIST-CSF-1.1": [ - "ac_1", - "ac_4", - "pt_3" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-1", - "ac-2-f", - "ac-2-j", - "ac-3", - "ac-5-c", - "ac-6-10", - "ac-6", - "ia-2" - ], - "CIS-3.0": [ - "1.4" - ], - "NIST-800-53-Revision-5": [ - "ac_2_1", - "ac_2_6", - "ac_3_3", - "ac_3_3_a", - "ac_3_3_b_1", - "ac_3_3_b_2", - "ac_3_3_b_3", - "ac_3_3_b_4", - "ac_3_3_b_5", - "ac_3_3_c", - "ac_3_4", - "ac_3_4_a", - "ac_3_4_b", - "ac_3_4_c", - "ac_3_4_d", - "ac_3_4_e", - "ac_3_7", - "ac_3_8", - "ac_3_12_a", - "ac_3_13", - "ac_3_15_a", - "ac_3_15_b", - "ac_4_28", - "ac_6", - "ac_6_2", - "ac_6_10", - "ac_24", - "cm_5_1_a", - "cm_6_a", - "cm_9_b", - "ia_2", - "ia_4_b", - "ia_4_4", - "ia_4_8", - "ia_5_8", - "mp_2", - "sc_23_3", - "sc_25" - ], - "ENS-RD2022": [ - "op.acc.4.aws.iam.7" - ], - "AWS-Foundational-Technical-Review": [ - "ARC-004" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.5", - "2.7.2", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.4" - ], - "PCI-4.0": [ - "7.2.1.17", - "7.2.2.17", - "7.2.3.8", - "8.2.1.4", - "8.2.2.6", - "8.2.4.4", - "8.2.5.4", - "8.3.11.4" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "ac-3", - "ia-2" - ], - "FFIEC": [ - "d3-pc-am-b-1", - "d3-pc-am-b-3", - "d3-pc-am-b-8" - ], - "GDPR": [ - "article_25" - ], - "CIS-5.0": [ - "1.3" - ], - "CIS-1.4": [ - "1.4" - ], - "CCC": [ - "CCC.Core.CN05.AR06" - ], - "GxP-21-CFR-Part-11": [ - "11.10-d", - "11.10-g", - "11.200" - ], - "ProwlerThreatScore-1.0": [ - "1.1.13" - ], - "AWS-Foundational-Security-Best-Practices": [ - "IAM.4" - ], - "CIS-1.5": [ - "1.4" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC01-BP02" - ], - "ISO27001-2022": [ - "A.5.15" - ], - "NIST-800-53-Revision-4": [ - "ac_2", - "ac_3", - "ac_6_10", - "ac_6" - ], - "AWS-Account-Security-Onboarding": [ - "Block root user" - ], - "KISA-ISMS-P-2023": [ - "2.5.5", - "2.7.2", - "2.10.2" - ], - "ISO27001-2013": [ - "A.9.2", - "A.9.4" - ], - "MITRE-ATTACK": [ - "T1078", - "T1550" - ], - "CIS-2.0": [ - "1.4" - ], - "CISA": [ - "your-systems-3", - "your-surroundings-3" - ], - "NIS2": [ - "9.2.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure no root account access key exists", - "title": "Ensure no root account access key exists", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_no_root_access_key-211203495394-us-east-1-" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "user": "", - "arn": "arn:aws:iam::211203495394:root", - "user_creation_time": "2025-10-03T16:10:08Z", - "password_enabled": "true", - "password_last_used": "2025-10-15T00:42:44Z", - "password_last_changed": "2025-10-03T16:10:08Z", - "password_next_rotation": "not_supported", - "mfa_active": "true", - "access_key_1_active": "false", - "access_key_1_last_rotated": "N/A", - "access_key_1_last_used_date": "N/A", - "access_key_1_last_used_region": "N/A", - "access_key_1_last_used_service": "N/A", - "access_key_2_active": "false", - "access_key_2_last_rotated": "N/A", - "access_key_2_last_used_date": "N/A", - "access_key_2_last_used_region": "N/A", - "access_key_2_last_used_service": "N/A", - "cert_1_active": "false", - "cert_1_last_rotated": "N/A", - "cert_2_active": "false", - "cert_2_last_rotated": "N/A" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "", - "type": "AwsIamAccessKey", - "uid": "arn:aws:iam::211203495394:root" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Use the credential report to check the user and ensure the access_key_1_active and access_key_2_active fields are set to FALSE. If using AWS Organizations, consider enabling Centralized Root Management and removing individual root credentials.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_getting-report.html" - ] - }, - "risk_details": "The root account is the most privileged user in an AWS account. AWS Access Keys provide programmatic access to a given AWS account. It is recommended that all access keys associated with the root account be removed. Removing access keys associated with the root account limits vectors by which the account can be compromised. Removing the root access keys encourages the creation and use of role based accounts that are least privileged.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Password expiration is not set.", - "metadata": { - "event_code": "iam_password_policy_expires_passwords_within_90_days_or_less", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Password expiration is not set.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_5_5", - "3_5_6", - "3_5_7", - "3_5_8" - ], - "C5-2025": [ - "IAM-03.02B", - "IAM-08.03B", - "IAM-08.05B", - "PSS-07.01B" - ], - "ENS-RD2022": [ - "op.acc.6.aws.iam.3" - ], - "AWS-Foundational-Technical-Review": [ - "IAM-003" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.4", - "2.10.2" - ], - "PCI-4.0": [ - "8.3.6.1", - "8.6.3.2" - ], - "CCC": [ - "CCC.Core.CN05.AR02" - ], - "ProwlerThreatScore-1.0": [ - "1.1.12" - ], - "AWS-Foundational-Security-Best-Practices": [ - "IAM.7", - "IAM.10" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC03-BP06" - ], - "ISO27001-2022": [ - "A.5.15" - ], - "KISA-ISMS-P-2023": [ - "2.5.4", - "2.10.2" - ], - "ISO27001-2013": [ - "A.9.2", - "A.9.3", - "A.9.4" - ], - "MITRE-ATTACK": [ - "T1078", - "T1110" - ], - "NIS2": [ - "1.1.1.d", - "1.1.2", - "9.2.c.v", - "11.6.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure IAM password policy expires passwords within 90 days or less", - "title": "Ensure IAM password policy expires passwords within 90 days or less", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_password_policy_expires_passwords_within_90_days_or_less-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "length": 8, - "symbols": false, - "numbers": false, - "uppercase": false, - "lowercase": false, - "allow_change": true, - "expiration": false, - "max_age": null, - "reuse_prevention": null, - "hard_expiry": null - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:iam:us-east-1:211203495394:password-policy" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Ensure Password expiration period (in days): is set to 90 or less.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_passwords_account-policy.html" - ] - }, - "risk_details": "Password policies are used to enforce password complexity requirements. IAM password policies can be used to ensure password are comprised of different character sets. It is recommended that the password policy require at least one uppercase letter.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "IAM password policy does not require at least one lowercase letter.", - "metadata": { - "event_code": "iam_password_policy_lowercase", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "IAM password policy does not require at least one lowercase letter.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_5_7" - ], - "HIPAA": [ - "164_308_a_5_ii_d" - ], - "C5-2025": [ - "IAM-08.03B", - "PSS-07.01B" - ], - "ENS-RD2022": [ - "op.acc.6.r1.aws.iam.1" - ], - "AWS-Foundational-Technical-Review": [ - "IAM-003" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.4", - "2.10.2" - ], - "FFIEC": [ - "d3-pc-am-b-6", - "d3-pc-am-b-7" - ], - "GDPR": [ - "article_25" - ], - "CCC": [ - "CCC.Core.CN05.AR02" - ], - "GxP-21-CFR-Part-11": [ - "11.10-d", - "11.10-g", - "11.200", - "11.300-b" - ], - "ProwlerThreatScore-1.0": [ - "1.1.8" - ], - "AWS-Foundational-Security-Best-Practices": [ - "IAM.7", - "IAM.10" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC02-BP01" - ], - "ISO27001-2022": [ - "A.5.15" - ], - "KISA-ISMS-P-2023": [ - "2.5.4", - "2.10.2" - ], - "ISO27001-2013": [ - "A.9.2", - "A.9.3", - "A.9.4" - ], - "MITRE-ATTACK": [ - "T1078", - "T1110" - ], - "CISA": [ - "your-systems-3", - "your-surroundings-4" - ], - "NIS2": [ - "9.2.c.v", - "11.6.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure IAM password policy requires at least one uppercase letter", - "title": "Ensure IAM password policy require at least one lowercase letter", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_password_policy_lowercase-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "length": 8, - "symbols": false, - "numbers": false, - "uppercase": false, - "lowercase": false, - "allow_change": true, - "expiration": false, - "max_age": null, - "reuse_prevention": null, - "hard_expiry": null - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:iam:us-east-1:211203495394:password-policy" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Ensure \"Requires at least one lowercase letter\" is checked under \"Password Policy\".", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_passwords_account-policy.html" - ] - }, - "risk_details": "Password policies are used to enforce password complexity requirements. IAM password policies can be used to ensure password are comprised of different character sets. It is recommended that the password policy require at least one lowercase letter.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "IAM password policy does not require minimum length of 14 characters.", - "metadata": { - "event_code": "iam_password_policy_minimum_length_14", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "IAM password policy does not require minimum length of 14 characters.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_5_7" - ], - "HIPAA": [ - "164_308_a_5_ii_d" - ], - "C5-2025": [ - "IAM-08.03B", - "PSS-07.01B" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-1", - "ac-2-f", - "ac-2-j", - "ac-2-3", - "ac-5-c", - "ia-2", - "ia-5-1-a-d-e", - "ia-5-4" - ], - "CIS-3.0": [ - "1.8" - ], - "NIST-800-53-Revision-5": [ - "ac_2_1", - "ac_2_3_a", - "ac_2_3_b", - "ac_2_3_c", - "ac_2_3_d", - "ac_2_3", - "ac_2_d_1", - "ac_3_3", - "ac_3_3_a", - "ac_3_3_b_1", - "ac_3_3_b_2", - "ac_3_3_b_3", - "ac_3_3_b_4", - "ac_3_3_b_5", - "ac_3_3_c", - "ac_3_4", - "ac_3_4_a", - "ac_3_4_b", - "ac_3_4_c", - "ac_3_4_d", - "ac_3_4_e", - "ac_3_8", - "ac_3_12_a", - "ac_3_13", - "ac_3_15_a", - "ac_3_15_b", - "ac_4_28", - "ac_7_4", - "ac_7_4_a", - "ac_24", - "cm_5_1_a", - "cm_6_a", - "cm_9_b", - "cm_12_b", - "ia_4_d", - "ia_5", - "ia_5_b", - "ia_5_c", - "ia_5_d", - "ia_5_f", - "ia_5_h", - "ia_5_1_f", - "ia_5_1_g", - "ia_5_1_h", - "ia_5_1_h", - "ia_5_18_a", - "ia_5_18_b", - "ia_8_2_b", - "ma_4_c", - "sc_23_3" - ], - "ENS-RD2022": [ - "op.acc.6.r1.aws.iam.1" - ], - "AWS-Foundational-Technical-Review": [ - "IAM-003" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.4", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.8" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "ia-2" - ], - "FFIEC": [ - "d3-pc-am-b-6", - "d3-pc-am-b-7" - ], - "GDPR": [ - "article_25" - ], - "CIS-5.0": [ - "1.7" - ], - "CIS-1.4": [ - "1.8" - ], - "CCC": [ - "CCC.Core.CN05.AR02" - ], - "GxP-21-CFR-Part-11": [ - "11.10-d", - "11.10-g", - "11.200", - "11.300-b" - ], - "ProwlerThreatScore-1.0": [ - "1.1.4" - ], - "AWS-Foundational-Security-Best-Practices": [ - "IAM.7", - "IAM.10" - ], - "CIS-1.5": [ - "1.8" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC02-BP01" - ], - "ISO27001-2022": [ - "A.5.15" - ], - "KISA-ISMS-P-2023": [ - "2.5.4", - "2.10.2" - ], - "ISO27001-2013": [ - "A.9.2", - "A.9.3", - "A.9.4" - ], - "MITRE-ATTACK": [ - "T1078", - "T1110" - ], - "CIS-2.0": [ - "1.8" - ], - "CISA": [ - "your-systems-3", - "your-surroundings-4" - ], - "NIS2": [ - "9.2.c.v" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure IAM password policy requires minimum length of 14 or greater", - "title": "Ensure IAM password policy requires minimum length of 14 or greater", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_password_policy_minimum_length_14-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "length": 8, - "symbols": false, - "numbers": false, - "uppercase": false, - "lowercase": false, - "allow_change": true, - "expiration": false, - "max_age": null, - "reuse_prevention": null, - "hard_expiry": null - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:iam:us-east-1:211203495394:password-policy" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Ensure \"Minimum password length\" is checked under \"Password Policy\".", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_passwords_account-policy.html" - ] - }, - "risk_details": "Password policies are used to enforce password complexity requirements. IAM password policies can be used to ensure password are comprised of different character sets. It is recommended that the password policy require minimum length of 14 or greater.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "IAM password policy does not require at least one number.", - "metadata": { - "event_code": "iam_password_policy_number", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "IAM password policy does not require at least one number.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_5_7" - ], - "HIPAA": [ - "164_308_a_5_ii_d" - ], - "C5-2025": [ - "IAM-08.03B", - "IAM-08.05B", - "PSS-07.01B" - ], - "ENS-RD2022": [ - "op.acc.6.r1.aws.iam.1" - ], - "AWS-Foundational-Technical-Review": [ - "IAM-003" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.4", - "2.10.2" - ], - "FFIEC": [ - "d3-pc-am-b-6", - "d3-pc-am-b-7" - ], - "GDPR": [ - "article_25" - ], - "CCC": [ - "CCC.Core.CN05.AR02" - ], - "GxP-21-CFR-Part-11": [ - "11.10-d", - "11.10-g", - "11.200", - "11.300-b" - ], - "ProwlerThreatScore-1.0": [ - "1.1.6" - ], - "AWS-Foundational-Security-Best-Practices": [ - "IAM.7", - "IAM.10" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC02-BP01" - ], - "ISO27001-2022": [ - "A.5.15" - ], - "KISA-ISMS-P-2023": [ - "2.5.4", - "2.10.2" - ], - "ISO27001-2013": [ - "A.9.2", - "A.9.3", - "A.9.4" - ], - "MITRE-ATTACK": [ - "T1078", - "T1110" - ], - "CISA": [ - "your-systems-3", - "your-surroundings-4" - ], - "NIS2": [ - "9.2.c.v" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure IAM password policy require at least one number", - "title": "Ensure IAM password policy require at least one number", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_password_policy_number-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "length": 8, - "symbols": false, - "numbers": false, - "uppercase": false, - "lowercase": false, - "allow_change": true, - "expiration": false, - "max_age": null, - "reuse_prevention": null, - "hard_expiry": null - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:iam:us-east-1:211203495394:password-policy" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Ensure \"Require at least one number\" is checked under \"Password Policy\".", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_passwords_account-policy.html" - ] - }, - "risk_details": "Password policies are used to enforce password complexity requirements. IAM password policies can be used to ensure password are comprised of different character sets. It is recommended that the password policy require at least one number.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "IAM password policy reuse prevention is less than 24 or not set.", - "metadata": { - "event_code": "iam_password_policy_reuse_24", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "IAM password policy reuse prevention is less than 24 or not set.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_5_5", - "3_5_6", - "3_5_7", - "3_5_8" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_2" - ], - "HIPAA": [ - "164_308_a_4_ii_c", - "164_308_a_5_ii_d", - "164_312_d" - ], - "C5-2025": [ - "IAM-01.03B", - "IAM-03.02B", - "IAM-03.03B", - "IAM-03.01AS", - "IAM-08.03B", - "IAM-08.05B", - "IAM-08.07B", - "PSS-07.01B" - ], - "NIST-CSF-1.1": [ - "ac_1" - ], - "CIS-3.0": [ - "1.9" - ], - "ENS-RD2022": [ - "op.acc.6.r1.aws.iam.1" - ], - "AWS-Foundational-Technical-Review": [ - "IAM-003" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.4", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.9" - ], - "GDPR": [ - "article_25" - ], - "PCI-3.2.1": [ - "8.1", - "8.1.4", - "8.2", - "8.2.3", - "8.2.3.a", - "8.2.3.b", - "8.2.4", - "8.2.4.a", - "8.2.4.b", - "8.2.5", - "8.2.5.a", - "8.2.5.b" - ], - "CIS-5.0": [ - "1.8" - ], - "CIS-1.4": [ - "1.9" - ], - "CCC": [ - "CCC.Core.CN05.AR02" - ], - "ProwlerThreatScore-1.0": [ - "1.1.5" - ], - "AWS-Foundational-Security-Best-Practices": [ - "IAM.7", - "IAM.10" - ], - "CIS-1.5": [ - "1.9" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC02-BP01" - ], - "ISO27001-2022": [ - "A.5.15" - ], - "NIST-800-53-Revision-4": [ - "ac_2_1", - "ac_2", - "ia_2", - "ia_5_1", - "ia_5_4" - ], - "KISA-ISMS-P-2023": [ - "2.5.4", - "2.10.2" - ], - "ISO27001-2013": [ - "A.9.2", - "A.9.3", - "A.9.4" - ], - "MITRE-ATTACK": [ - "T1078", - "T1110" - ], - "CIS-2.0": [ - "1.9" - ], - "NIS2": [ - "9.2.c.v" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure IAM password policy prevents password reuse: 24 or greater", - "title": "Ensure IAM password policy prevents password reuse: 24 or greater", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_password_policy_reuse_24-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "length": 8, - "symbols": false, - "numbers": false, - "uppercase": false, - "lowercase": false, - "allow_change": true, - "expiration": false, - "max_age": null, - "reuse_prevention": null, - "hard_expiry": null - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:iam:us-east-1:211203495394:password-policy" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Ensure \"Number of passwords to remember\" is set to 24.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_passwords_account-policy.html" - ] - }, - "risk_details": "Password policies are used to enforce password complexity requirements. IAM password policies can be used to ensure password are comprised of different character sets. It is recommended that the password policy prevents at least password reuse of 24 or greater.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "IAM password policy does not require at least one symbol.", - "metadata": { - "event_code": "iam_password_policy_symbol", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "IAM password policy does not require at least one symbol.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_5_7" - ], - "HIPAA": [ - "164_308_a_5_ii_d" - ], - "C5-2025": [ - "IAM-08.03B", - "PSS-07.01B" - ], - "ENS-RD2022": [ - "op.acc.6.r1.aws.iam.1" - ], - "AWS-Foundational-Technical-Review": [ - "IAM-003" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.4", - "2.10.2" - ], - "FFIEC": [ - "d3-pc-am-b-6", - "d3-pc-am-b-7" - ], - "GDPR": [ - "article_25" - ], - "CCC": [ - "CCC.Core.CN05.AR02" - ], - "GxP-21-CFR-Part-11": [ - "11.10-d", - "11.10-g", - "11.200", - "11.300-b" - ], - "ProwlerThreatScore-1.0": [ - "1.1.7" - ], - "AWS-Foundational-Security-Best-Practices": [ - "IAM.7", - "IAM.10" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC02-BP01" - ], - "ISO27001-2022": [ - "A.5.15" - ], - "KISA-ISMS-P-2023": [ - "2.5.4", - "2.10.2" - ], - "ISO27001-2013": [ - "A.9.2", - "A.9.3", - "A.9.4" - ], - "MITRE-ATTACK": [ - "T1078", - "T1110" - ], - "CISA": [ - "your-systems-3", - "your-surroundings-4" - ], - "NIS2": [ - "9.2.c.v" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure IAM password policy require at least one symbol", - "title": "Ensure IAM password policy require at least one symbol", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_password_policy_symbol-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "length": 8, - "symbols": false, - "numbers": false, - "uppercase": false, - "lowercase": false, - "allow_change": true, - "expiration": false, - "max_age": null, - "reuse_prevention": null, - "hard_expiry": null - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:iam:us-east-1:211203495394:password-policy" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Ensure \"Require at least one non-alphanumeric character\" is checked under \"Password Policy\".", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_passwords_account-policy.html" - ] - }, - "risk_details": "Password policies are used to enforce password complexity requirements. IAM password policies can be used to ensure password are comprised of different character sets. It is recommended that the password policy require at least one non-alphanumeric character.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "IAM password policy does not require at least one uppercase letter.", - "metadata": { - "event_code": "iam_password_policy_uppercase", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "IAM password policy does not require at least one uppercase letter.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_5_7" - ], - "HIPAA": [ - "164_308_a_5_ii_d" - ], - "C5-2025": [ - "IAM-08.03B", - "IAM-08.05B", - "PSS-07.01B" - ], - "ENS-RD2022": [ - "op.acc.6.r1.aws.iam.1" - ], - "AWS-Foundational-Technical-Review": [ - "IAM-003" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.4", - "2.10.2" - ], - "FFIEC": [ - "d3-pc-am-b-6", - "d3-pc-am-b-7" - ], - "GDPR": [ - "article_25" - ], - "CCC": [ - "CCC.Core.CN05.AR02" - ], - "GxP-21-CFR-Part-11": [ - "11.10-d", - "11.10-g", - "11.200", - "11.300-b" - ], - "ProwlerThreatScore-1.0": [ - "1.1.9" - ], - "AWS-Foundational-Security-Best-Practices": [ - "IAM.7", - "IAM.10" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC02-BP01" - ], - "ISO27001-2022": [ - "A.5.15" - ], - "KISA-ISMS-P-2023": [ - "2.5.4", - "2.10.2" - ], - "ISO27001-2013": [ - "A.9.2", - "A.9.3", - "A.9.4" - ], - "MITRE-ATTACK": [ - "T1078", - "T1110" - ], - "CISA": [ - "your-systems-3", - "your-surroundings-4" - ], - "NIS2": [ - "9.2.c.v" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure IAM password policy requires at least one uppercase letter", - "title": "Ensure IAM password policy requires at least one uppercase letter", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_password_policy_uppercase-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "length": 8, - "symbols": false, - "numbers": false, - "uppercase": false, - "lowercase": false, - "allow_change": true, - "expiration": false, - "max_age": null, - "reuse_prevention": null, - "hard_expiry": null - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:iam:us-east-1:211203495394:password-policy" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Ensure \"Requires at least one uppercase letter\" is checked under \"Password Policy\".", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_passwords_account-policy.html" - ] - }, - "risk_details": "Password policies are used to enforce password complexity requirements. IAM password policies can be used to ensure password are comprised of different character sets. It is recommended that the password policy require at least one uppercase letter.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Custom Policy arn:aws:iam::211203495394:policy/vpc-flow-log-to-cloudwatch-20251019183706984700000008 does not allow privilege escalation.", - "metadata": { - "event_code": "iam_policy_allows_privilege_escalation", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Custom Policy arn:aws:iam::211203495394:policy/vpc-flow-log-to-cloudwatch-20251019183706984700000008 does not allow privilege escalation.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "CAF Security Epic: IAM", - "compliance": { - "C5-2025": [ - "IAM-06.01B" - ], - "ENS-RD2022": [ - "op.acc.4.aws.iam.1", - "op.acc.4.aws.iam.2", - "op.exp.8.r4.aws.ct.8", - "op.exp.8.r4.aws.ct.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.LB.CN05.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN05.AR02" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC02-BP06" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1078", - "T1648", - "T1098", - "T1578", - "T1550", - "T1606", - "T1040", - "T1580", - "T1619", - "T1201" - ], - "NIS2": [ - "11.2.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure no Customer Managed IAM policies allow actions that may lead into Privilege Escalation", - "title": "Ensure no Customer Managed IAM policies allow actions that may lead into Privilege Escalation", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_policy_allows_privilege_escalation-211203495394-us-east-1-vpc-flow-log-to-cloudwatch-20251019183706984700000008" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "vpc-flow-log-to-cloudwatch-20251019183706984700000008", - "arn": "arn:aws:iam::211203495394:policy/vpc-flow-log-to-cloudwatch-20251019183706984700000008", - "entity": "ANPATCLFVSXRGIQVNTVU5", - "version_id": "v1", - "type": "Custom", - "attached": true, - "document": { - "Statement": [ - { - "Action": [ - "logs:PutLogEvents", - "logs:DescribeLogStreams", - "logs:DescribeLogGroups", - "logs:CreateLogStream" - ], - "Effect": "Allow", - "Resource": "arn:aws:logs:eu-west-1:211203495394:log-group:/aws/vpc-flow-log/vpc-007d791b9b857543e:*", - "Sid": "AWSVPCFlowLogsPushToCloudWatch" - } - ], - "Version": "2012-10-17" - }, - "tags": [ - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Example", - "Value": "ex-vpc" - } - ] - } - }, - "group": { - "name": "iam" - }, - "labels": [ - "GithubRepo:terraform-aws-vpc", - "GithubOrg:terraform-aws-modules", - "Example:ex-vpc" - ], - "name": "vpc-flow-log-to-cloudwatch-20251019183706984700000008", - "type": "AwsIamPolicy", - "uid": "arn:aws:iam::211203495394:policy/vpc-flow-log-to-cloudwatch-20251019183706984700000008" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Grant usage permission on a per-resource basis and applying least privilege principle.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#grant-least-privilege" - ] - }, - "risk_details": "Users with some IAM permissions are allowed to elevate their privileges up to administrator rights.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User terraform-user has the policy AdministratorAccess attached.", - "metadata": { - "event_code": "iam_policy_attached_only_to_group_or_roles", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "User terraform-user has the policy AdministratorAccess attached.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "CAF Security Epic: IAM", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_4_6" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_1" - ], - "SOC2": [ - "cc_1_3" - ], - "C5-2025": [ - "IAM-01.01B", - "IAM-01.04B", - "PSS-09.01AC" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-1", - "ac-2-f", - "ac-2-j", - "ac-3", - "ac-5-c", - "sc-2" - ], - "CIS-3.0": [ - "1.15" - ], - "NIST-800-53-Revision-5": [ - "ac_2_1", - "ac_2_6", - "ac_2_i_2", - "ac_3", - "ac_3_3", - "ac_3_3_a", - "ac_3_3_b_1", - "ac_3_3_b_2", - "ac_3_3_b_3", - "ac_3_3_b_4", - "ac_3_3_b_5", - "ac_3_3_c", - "ac_3_4", - "ac_3_4_a", - "ac_3_4_b", - "ac_3_4_c", - "ac_3_4_d", - "ac_3_4_e", - "ac_3_7", - "ac_3_8", - "ac_3_12_a", - "ac_3_13", - "ac_3_15_a", - "ac_3_15_b", - "ac_4_28", - "ac_6", - "ac_6_3", - "ac_24", - "cm_5_1_a", - "cm_6_a", - "cm_9_b", - "mp_2", - "sc_23_3" - ], - "ENS-RD2022": [ - "op.exp.8.r4.aws.ct.8", - "op.exp.8.r4.aws.ct.1" - ], - "AWS-Foundational-Technical-Review": [ - "IAM-006", - "IAM-0012" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.15" - ], - "PCI-4.0": [ - "7.2.1.12", - "7.2.1.13", - "7.2.2.12", - "7.2.2.13", - "7.2.5.8", - "7.2.5.9", - "7.3.1.8", - "7.3.1.9", - "7.3.2.8", - "7.3.2.9", - "7.3.3.8", - "7.3.3.9", - "8.2.1.3", - "8.2.2.5", - "8.2.4.3", - "8.2.5.3", - "8.2.7.8", - "8.2.7.9", - "8.2.8.10", - "8.2.8.11", - "8.3.11.3", - "8.3.4.8", - "8.3.4.9" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "ac-3" - ], - "FFIEC": [ - "d3-pc-am-b-1", - "d3-pc-im-b-7" - ], - "CIS-5.0": [ - "1.14" - ], - "CIS-1.4": [ - "1.15" - ], - "CCC": [ - "CCC.LB.CN04.AR01", - "CCC.LB.CN05.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN05.AR01", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR06" - ], - "GxP-21-CFR-Part-11": [ - "11.10-d", - "11.10-g" - ], - "ProwlerThreatScore-1.0": [ - "1.2.1", - "1.2.2" - ], - "CIS-1.5": [ - "1.15" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC02-BP06" - ], - "ISO27001-2022": [ - "A.5.15" - ], - "NIST-800-53-Revision-4": [ - "ac_6" - ], - "AWS-Account-Security-Onboarding": [ - "Predefine IAM Roles" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.6", - "2.10.2" - ], - "ISO27001-2013": [ - "A.9.2", - "A.9.4" - ], - "CIS-2.0": [ - "1.15" - ], - "NIS2": [ - "1.2.1", - "2.1.2.f", - "11.2.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure IAM policies are attached only to groups or roles", - "title": "Ensure IAM policies are attached only to groups or roles", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_policy_attached_only_to_group_or_roles-211203495394-us-east-1-terraform-user/AdministratorAccess" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "terraform-user", - "arn": "arn:aws:iam::211203495394:user/terraform-user", - "mfa_devices": [], - "password_last_used": null, - "console_access": false, - "attached_policies": [ - { - "PolicyName": "AdministratorAccess", - "PolicyArn": "arn:aws:iam::aws:policy/AdministratorAccess" - } - ], - "inline_policies": [], - "tags": [ - { - "Key": "CCC_INFRA_DONT_DELETE", - "Value": "True" - }, - { - "Key": "Preexisting", - "Value": "20251012" - } - ] - } - }, - "group": { - "name": "iam" - }, - "labels": [ - "CCC_INFRA_DONT_DELETE:True", - "Preexisting:20251012" - ], - "name": "terraform-user/AdministratorAccess", - "type": "AwsIamPolicy", - "uid": "arn:aws:iam::211203495394:user/terraform-user" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Remove any policy attached directly to the user. Use groups or roles instead.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html" - ] - }, - "risk_details": "By default IAM users, groups, and roles have no access to AWS resources. IAM policies are the means by which privileges are granted to users, groups, or roles. It is recommended that IAM policies be applied directly to groups and roles but not users. Assigning privileges at the group or role level reduces the complexity of access management as the number of users grow. Reducing access management complexity may in-turn reduce opportunity for a principal to inadvertently receive or retain excessive privileges.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User test-user-trusted has the inline policy CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-read attached.", - "metadata": { - "event_code": "iam_policy_attached_only_to_group_or_roles", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "User test-user-trusted has the inline policy CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-read attached.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "CAF Security Epic: IAM", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_4_6" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_1" - ], - "SOC2": [ - "cc_1_3" - ], - "C5-2025": [ - "IAM-01.01B", - "IAM-01.04B", - "PSS-09.01AC" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-1", - "ac-2-f", - "ac-2-j", - "ac-3", - "ac-5-c", - "sc-2" - ], - "CIS-3.0": [ - "1.15" - ], - "NIST-800-53-Revision-5": [ - "ac_2_1", - "ac_2_6", - "ac_2_i_2", - "ac_3", - "ac_3_3", - "ac_3_3_a", - "ac_3_3_b_1", - "ac_3_3_b_2", - "ac_3_3_b_3", - "ac_3_3_b_4", - "ac_3_3_b_5", - "ac_3_3_c", - "ac_3_4", - "ac_3_4_a", - "ac_3_4_b", - "ac_3_4_c", - "ac_3_4_d", - "ac_3_4_e", - "ac_3_7", - "ac_3_8", - "ac_3_12_a", - "ac_3_13", - "ac_3_15_a", - "ac_3_15_b", - "ac_4_28", - "ac_6", - "ac_6_3", - "ac_24", - "cm_5_1_a", - "cm_6_a", - "cm_9_b", - "mp_2", - "sc_23_3" - ], - "ENS-RD2022": [ - "op.exp.8.r4.aws.ct.8", - "op.exp.8.r4.aws.ct.1" - ], - "AWS-Foundational-Technical-Review": [ - "IAM-006", - "IAM-0012" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.15" - ], - "PCI-4.0": [ - "7.2.1.12", - "7.2.1.13", - "7.2.2.12", - "7.2.2.13", - "7.2.5.8", - "7.2.5.9", - "7.3.1.8", - "7.3.1.9", - "7.3.2.8", - "7.3.2.9", - "7.3.3.8", - "7.3.3.9", - "8.2.1.3", - "8.2.2.5", - "8.2.4.3", - "8.2.5.3", - "8.2.7.8", - "8.2.7.9", - "8.2.8.10", - "8.2.8.11", - "8.3.11.3", - "8.3.4.8", - "8.3.4.9" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "ac-3" - ], - "FFIEC": [ - "d3-pc-am-b-1", - "d3-pc-im-b-7" - ], - "CIS-5.0": [ - "1.14" - ], - "CIS-1.4": [ - "1.15" - ], - "CCC": [ - "CCC.LB.CN04.AR01", - "CCC.LB.CN05.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN05.AR01", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR06" - ], - "GxP-21-CFR-Part-11": [ - "11.10-d", - "11.10-g" - ], - "ProwlerThreatScore-1.0": [ - "1.2.1", - "1.2.2" - ], - "CIS-1.5": [ - "1.15" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC02-BP06" - ], - "ISO27001-2022": [ - "A.5.15" - ], - "NIST-800-53-Revision-4": [ - "ac_6" - ], - "AWS-Account-Security-Onboarding": [ - "Predefine IAM Roles" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.6", - "2.10.2" - ], - "ISO27001-2013": [ - "A.9.2", - "A.9.4" - ], - "CIS-2.0": [ - "1.15" - ], - "NIS2": [ - "1.2.1", - "2.1.2.f", - "11.2.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure IAM policies are attached only to groups or roles", - "title": "Ensure IAM policies are attached only to groups or roles", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_policy_attached_only_to_group_or_roles-211203495394-us-east-1-test-user-trusted/CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-read" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "test-user-trusted", - "arn": "arn:aws:iam::211203495394:user/test-user-trusted", - "mfa_devices": [], - "password_last_used": null, - "console_access": false, - "attached_policies": [], - "inline_policies": [ - "CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-read", - "CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-write" - ], - "tags": [ - { - "Key": "Purpose", - "Value": "CCC-Testing" - }, - { - "Key": "ManagedBy", - "Value": "CCC-CFI-Compliance-Framework" - } - ] - } - }, - "group": { - "name": "iam" - }, - "labels": [ - "Purpose:CCC-Testing", - "ManagedBy:CCC-CFI-Compliance-Framework" - ], - "name": "test-user-trusted/CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-read", - "type": "AwsIamPolicy", - "uid": "arn:aws:iam::211203495394:user/test-user-trusted" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Remove any policy attached directly to the user. Use groups or roles instead.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html" - ] - }, - "risk_details": "By default IAM users, groups, and roles have no access to AWS resources. IAM policies are the means by which privileges are granted to users, groups, or roles. It is recommended that IAM policies be applied directly to groups and roles but not users. Assigning privileges at the group or role level reduces the complexity of access management as the number of users grow. Reducing access management complexity may in-turn reduce opportunity for a principal to inadvertently receive or retain excessive privileges.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User test-user-trusted has the inline policy CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-write attached.", - "metadata": { - "event_code": "iam_policy_attached_only_to_group_or_roles", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "User test-user-trusted has the inline policy CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-write attached.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "CAF Security Epic: IAM", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_4_6" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_1" - ], - "SOC2": [ - "cc_1_3" - ], - "C5-2025": [ - "IAM-01.01B", - "IAM-01.04B", - "PSS-09.01AC" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-1", - "ac-2-f", - "ac-2-j", - "ac-3", - "ac-5-c", - "sc-2" - ], - "CIS-3.0": [ - "1.15" - ], - "NIST-800-53-Revision-5": [ - "ac_2_1", - "ac_2_6", - "ac_2_i_2", - "ac_3", - "ac_3_3", - "ac_3_3_a", - "ac_3_3_b_1", - "ac_3_3_b_2", - "ac_3_3_b_3", - "ac_3_3_b_4", - "ac_3_3_b_5", - "ac_3_3_c", - "ac_3_4", - "ac_3_4_a", - "ac_3_4_b", - "ac_3_4_c", - "ac_3_4_d", - "ac_3_4_e", - "ac_3_7", - "ac_3_8", - "ac_3_12_a", - "ac_3_13", - "ac_3_15_a", - "ac_3_15_b", - "ac_4_28", - "ac_6", - "ac_6_3", - "ac_24", - "cm_5_1_a", - "cm_6_a", - "cm_9_b", - "mp_2", - "sc_23_3" - ], - "ENS-RD2022": [ - "op.exp.8.r4.aws.ct.8", - "op.exp.8.r4.aws.ct.1" - ], - "AWS-Foundational-Technical-Review": [ - "IAM-006", - "IAM-0012" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.15" - ], - "PCI-4.0": [ - "7.2.1.12", - "7.2.1.13", - "7.2.2.12", - "7.2.2.13", - "7.2.5.8", - "7.2.5.9", - "7.3.1.8", - "7.3.1.9", - "7.3.2.8", - "7.3.2.9", - "7.3.3.8", - "7.3.3.9", - "8.2.1.3", - "8.2.2.5", - "8.2.4.3", - "8.2.5.3", - "8.2.7.8", - "8.2.7.9", - "8.2.8.10", - "8.2.8.11", - "8.3.11.3", - "8.3.4.8", - "8.3.4.9" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "ac-3" - ], - "FFIEC": [ - "d3-pc-am-b-1", - "d3-pc-im-b-7" - ], - "CIS-5.0": [ - "1.14" - ], - "CIS-1.4": [ - "1.15" - ], - "CCC": [ - "CCC.LB.CN04.AR01", - "CCC.LB.CN05.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN05.AR01", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR06" - ], - "GxP-21-CFR-Part-11": [ - "11.10-d", - "11.10-g" - ], - "ProwlerThreatScore-1.0": [ - "1.2.1", - "1.2.2" - ], - "CIS-1.5": [ - "1.15" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC02-BP06" - ], - "ISO27001-2022": [ - "A.5.15" - ], - "NIST-800-53-Revision-4": [ - "ac_6" - ], - "AWS-Account-Security-Onboarding": [ - "Predefine IAM Roles" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.6", - "2.10.2" - ], - "ISO27001-2013": [ - "A.9.2", - "A.9.4" - ], - "CIS-2.0": [ - "1.15" - ], - "NIS2": [ - "1.2.1", - "2.1.2.f", - "11.2.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure IAM policies are attached only to groups or roles", - "title": "Ensure IAM policies are attached only to groups or roles", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_policy_attached_only_to_group_or_roles-211203495394-us-east-1-test-user-trusted/CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-write" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "test-user-trusted", - "arn": "arn:aws:iam::211203495394:user/test-user-trusted", - "mfa_devices": [], - "password_last_used": null, - "console_access": false, - "attached_policies": [], - "inline_policies": [ - "CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-read", - "CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-write" - ], - "tags": [ - { - "Key": "Purpose", - "Value": "CCC-Testing" - }, - { - "Key": "ManagedBy", - "Value": "CCC-CFI-Compliance-Framework" - } - ] - } - }, - "group": { - "name": "iam" - }, - "labels": [ - "Purpose:CCC-Testing", - "ManagedBy:CCC-CFI-Compliance-Framework" - ], - "name": "test-user-trusted/CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-write", - "type": "AwsIamPolicy", - "uid": "arn:aws:iam::211203495394:user/test-user-trusted" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Remove any policy attached directly to the user. Use groups or roles instead.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html" - ] - }, - "risk_details": "By default IAM users, groups, and roles have no access to AWS resources. IAM policies are the means by which privileges are granted to users, groups, or roles. It is recommended that IAM policies be applied directly to groups and roles but not users. Assigning privileges at the group or role level reduces the complexity of access management as the number of users grow. Reducing access management complexity may in-turn reduce opportunity for a principal to inadvertently receive or retain excessive privileges.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "AWS CloudShellFullAccess policy is not attached to any IAM entity.", - "metadata": { - "event_code": "iam_policy_cloudshell_admin_not_attached", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "AWS CloudShellFullAccess policy is not attached to any IAM entity.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/config/latest/developerguide/iam-policy-blacklisted-check.html", - "categories": [ - "trustboundaries" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-02.01B", - "SP-01.04B", - "HR-01.01B", - "IAM-01.01B", - "IAM-01.04B", - "IAM-06.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.22" - ], - "PCI-4.0": [ - "7.2.1.14", - "7.2.1.15", - "7.2.1.16", - "7.2.2.14", - "7.2.2.15", - "7.2.2.16", - "7.2.3.7", - "7.2.5.10", - "7.2.5.11", - "7.2.5.12", - "7.3.1.10", - "7.3.1.11", - "7.3.1.12", - "7.3.2.10", - "7.3.2.11", - "7.3.2.12", - "7.3.3.10", - "7.3.3.11", - "7.3.3.12", - "8.2.7.10", - "8.2.7.11", - "8.2.7.12", - "8.2.8.12", - "8.2.8.13", - "8.2.8.14", - "8.3.4.10", - "8.3.4.11", - "8.3.4.12" - ], - "CIS-5.0": [ - "1.21" - ], - "ProwlerThreatScore-1.0": [ - "1.3.2" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-2.0": [ - "1.22" - ], - "NIS2": [ - "1.2.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "This control checks whether an IAM identity (user, role, or group) has the AWS managed policy AWSCloudShellFullAccess attached. The control fails if an IAM identity has the AWSCloudShellFullAccess policy attached.", - "title": "Check if IAM identities (users,groups,roles) have the AWSCloudShellFullAccess policy attached.", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_policy_cloudshell_admin_not_attached-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "Users": [], - "Groups": [], - "Roles": [] - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "211203495394", - "type": "AwsIamPolicy", - "uid": "arn:aws:iam::aws:policy/AWSCloudShellFullAccess" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Detach the AWSCloudShellFullAccess policy from the IAM identity to restrict excessive permissions and adhere to the principle of least privilege.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_manage-attach-detach.html" - ] - }, - "risk_details": "Attaching the AWSCloudShellFullAccess policy to IAM identities grants broad permissions, including internet access and file transfer capabilities, which can lead to security risks such as data exfiltration. The principle of least privilege should be followed to avoid excessive permissions.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Custom Policy vpc-flow-log-to-cloudwatch-20251019183706984700000008 does not allow 'cloudtrail:*' privileges.", - "metadata": { - "event_code": "iam_policy_no_full_access_to_cloudtrail", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Custom Policy vpc-flow-log-to-cloudwatch-20251019183706984700000008 does not allow 'cloudtrail:*' privileges.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_3_3" - ], - "C5-2025": [ - "IAM-10.01B", - "SIM-03.07B" - ], - "ENS-RD2022": [ - "op.exp.8.r4.aws.ct.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.LB.CN05.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR04" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1078", - "T1648", - "T1098", - "T1578", - "T1550", - "T1580" - ], - "NIS2": [ - "11.2.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure IAM policies that allow full \"cloudtrail:*\" privileges are not created", - "title": "Ensure IAM policies that allow full \"cloudtrail:*\" privileges are not created", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_policy_no_full_access_to_cloudtrail-211203495394-us-east-1-vpc-flow-log-to-cloudwatch-20251019183706984700000008" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "vpc-flow-log-to-cloudwatch-20251019183706984700000008", - "arn": "arn:aws:iam::211203495394:policy/vpc-flow-log-to-cloudwatch-20251019183706984700000008", - "entity": "ANPATCLFVSXRGIQVNTVU5", - "version_id": "v1", - "type": "Custom", - "attached": true, - "document": { - "Statement": [ - { - "Action": [ - "logs:PutLogEvents", - "logs:DescribeLogStreams", - "logs:DescribeLogGroups", - "logs:CreateLogStream" - ], - "Effect": "Allow", - "Resource": "arn:aws:logs:eu-west-1:211203495394:log-group:/aws/vpc-flow-log/vpc-007d791b9b857543e:*", - "Sid": "AWSVPCFlowLogsPushToCloudWatch" - } - ], - "Version": "2012-10-17" - }, - "tags": [ - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Example", - "Value": "ex-vpc" - } - ] - } - }, - "group": { - "name": "iam" - }, - "labels": [ - "GithubRepo:terraform-aws-vpc", - "GithubOrg:terraform-aws-modules", - "Example:ex-vpc" - ], - "name": "vpc-flow-log-to-cloudwatch-20251019183706984700000008", - "type": "AwsIamPolicy", - "uid": "arn:aws:iam::211203495394:policy/vpc-flow-log-to-cloudwatch-20251019183706984700000008" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "It is more secure to start with a minimum set of permissions and grant additional permissions as necessary, rather than starting with permissions that are too lenient and then trying to tighten them later. List policies an analyze if permissions are the least possible to conduct business activities.", - "references": [ - "http://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html" - ] - }, - "risk_details": "CloudTrail is a critical service and IAM policies should follow least privilege model for this service in particular", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Custom Policy vpc-flow-log-to-cloudwatch-20251019183706984700000008 does not allow 'kms:*' privileges.", - "metadata": { - "event_code": "iam_policy_no_full_access_to_kms", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Custom Policy vpc-flow-log-to-cloudwatch-20251019183706984700000008 does not allow 'kms:*' privileges.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "IAM-10.01B", - "CRY-05.02B" - ], - "ENS-RD2022": [ - "op.exp.10.aws.cmk.1", - "op.exp.10.aws.cmk.2" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "PCI-4.0": [ - "3.5.1.1.7", - "3.5.1.3.15", - "3.6.1.2.7", - "3.6.1.3.7", - "3.6.1.4.7", - "3.6.1.7", - "3.7.1.8", - "3.7.2.7", - "3.7.4.8", - "3.7.6.7", - "3.7.7.7", - "4.2.1.1.20", - "7.2.1.9", - "7.2.2.9", - "7.2.3.5", - "7.2.5.5", - "7.3.1.5", - "7.3.2.5", - "7.3.3.5", - "8.2.7.5", - "8.2.8.7", - "8.3.4.5" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.LB.CN05.AR01", - "CCC.ObjStor.CN01.AR01", - "CCC.ObjStor.CN01.AR02", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR04" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1078", - "T1648", - "T1098", - "T1578", - "T1550", - "T1580" - ], - "NIS2": [ - "11.2.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure IAM policies that allow full \"kms:*\" privileges are not created", - "title": "Ensure IAM policies that allow full \"kms:*\" privileges are not created", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_policy_no_full_access_to_kms-211203495394-us-east-1-vpc-flow-log-to-cloudwatch-20251019183706984700000008" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "vpc-flow-log-to-cloudwatch-20251019183706984700000008", - "arn": "arn:aws:iam::211203495394:policy/vpc-flow-log-to-cloudwatch-20251019183706984700000008", - "entity": "ANPATCLFVSXRGIQVNTVU5", - "version_id": "v1", - "type": "Custom", - "attached": true, - "document": { - "Statement": [ - { - "Action": [ - "logs:PutLogEvents", - "logs:DescribeLogStreams", - "logs:DescribeLogGroups", - "logs:CreateLogStream" - ], - "Effect": "Allow", - "Resource": "arn:aws:logs:eu-west-1:211203495394:log-group:/aws/vpc-flow-log/vpc-007d791b9b857543e:*", - "Sid": "AWSVPCFlowLogsPushToCloudWatch" - } - ], - "Version": "2012-10-17" - }, - "tags": [ - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Example", - "Value": "ex-vpc" - } - ] - } - }, - "group": { - "name": "iam" - }, - "labels": [ - "GithubRepo:terraform-aws-vpc", - "GithubOrg:terraform-aws-modules", - "Example:ex-vpc" - ], - "name": "vpc-flow-log-to-cloudwatch-20251019183706984700000008", - "type": "AwsIamPolicy", - "uid": "arn:aws:iam::211203495394:policy/vpc-flow-log-to-cloudwatch-20251019183706984700000008" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "It is more secure to start with a minimum set of permissions and grant additional permissions as necessary, rather than starting with permissions that are too lenient and then trying to tighten them later. List policies an analyze if permissions are the least possible to conduct business activities.", - "references": [ - "http://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html" - ] - }, - "risk_details": "KMS is a critical service and IAM policies should follow least privilege model for this service in particular", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "IAM Role TerraformRole has AdministratorAccess policy attached.", - "metadata": { - "event_code": "iam_role_administratoraccess_policy", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "IAM Role TerraformRole has AdministratorAccess policy attached.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_job-functions.html#jf_administrator", - "categories": [ - "trustboundaries" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "CAF Security Epic: IAM", - "compliance": { - "C5-2025": [ - "OIS-02.01B", - "OIS-04.03B", - "SP-01.04B", - "HR-01.01B", - "HR-04.01B", - "IAM-01.01B", - "IAM-01.04B", - "IAM-03.01B", - "IAM-06.01B", - "IAM-10.01B" - ], - "AWS-Foundational-Technical-Review": [ - "IAM-0012" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.LB.CN04.AR01", - "CCC.LB.CN05.AR01", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "NIS2": [ - "1.2.1", - "11.3.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure IAM Roles do not have AdministratorAccess policy attached", - "title": "Ensure IAM Roles do not have AdministratorAccess policy attached", - "types": [], - "uid": "prowler-aws-iam_role_administratoraccess_policy-211203495394-us-east-1-TerraformRole" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "TerraformRole", - "arn": "arn:aws:iam::211203495394:role/TerraformRole", - "assume_role_policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Principal": { - "Federated": "arn:aws:iam::211203495394:oidc-provider/token.actions.githubusercontent.com" - }, - "Action": "sts:AssumeRoleWithWebIdentity", - "Condition": { - "StringEquals": { - "token.actions.githubusercontent.com:aud": "sts.amazonaws.com" - }, - "StringLike": { - "token.actions.githubusercontent.com:sub": [ - "repo:finos-labs/ccc-cfi-compliance:ref:refs/heads/*", - "repo:finos-labs/ccc-cfi-compliance:ref:refs/tags/*", - "repo:finos-labs/ccc-cfi-compliance:pull_request", - "repo:finos-labs/ccc-cfi-compliance:environment:*" - ] - } - } - } - ] - }, - "is_service_role": false, - "attached_policies": [ - { - "PolicyName": "AdministratorAccess", - "PolicyArn": "arn:aws:iam::aws:policy/AdministratorAccess" - } - ], - "inline_policies": [], - "tags": [ - { - "Key": "CCC_INFRA_DONT_DELETE", - "Value": "True" - }, - { - "Key": "Preexisting", - "Value": "20251012" - } - ] - } - }, - "group": { - "name": "iam" - }, - "labels": [ - "CCC_INFRA_DONT_DELETE:True", - "Preexisting:20251012" - ], - "name": "TerraformRole", - "type": "AwsIamRole", - "uid": "arn:aws:iam::211203495394:role/TerraformRole" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Apply the principle of least privilege. Instead of AdministratorAccess, assign only the permissions necessary for specific roles and tasks. Create custom IAM policies with minimal permissions based on the principle of least privilege.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#grant-least-privilege" - ] - }, - "risk_details": "The AWS-managed AdministratorAccess policy grants all actions for all AWS services and for all resources in the account and as such exposes the customer to a significant data leakage threat. It should be granted very conservatively. For granting access to 3rd party vendors, consider using alternative managed policies, such as ViewOnlyAccess or SecurityAudit.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "IAM Role TerraformRole does not have ReadOnlyAccess policy.", - "metadata": { - "event_code": "iam_role_cross_account_readonlyaccess_policy", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "IAM Role TerraformRole does not have ReadOnlyAccess policy.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_job-functions.html#awsmp_readonlyaccess", - "categories": [ - "trustboundaries" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "CAF Security Epic: IAM", - "compliance": { - "C5-2025": [ - "OIS-04.03B", - "IAM-01.01B", - "IAM-01.04B", - "IAM-06.02B", - "IAM-10.01B", - "PSS-09.01AC" - ], - "AWS-Foundational-Technical-Review": [ - "IAM-0012" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.6", - "2.10.2" - ], - "CCC": [ - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR06" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.6", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1078" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure IAM Roles do not have ReadOnlyAccess access for external AWS accounts", - "title": "Ensure IAM Roles do not have ReadOnlyAccess access for external AWS accounts", - "types": [], - "uid": "prowler-aws-iam_role_cross_account_readonlyaccess_policy-211203495394-us-east-1-TerraformRole" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "TerraformRole", - "arn": "arn:aws:iam::211203495394:role/TerraformRole", - "assume_role_policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Principal": { - "Federated": "arn:aws:iam::211203495394:oidc-provider/token.actions.githubusercontent.com" - }, - "Action": "sts:AssumeRoleWithWebIdentity", - "Condition": { - "StringEquals": { - "token.actions.githubusercontent.com:aud": "sts.amazonaws.com" - }, - "StringLike": { - "token.actions.githubusercontent.com:sub": [ - "repo:finos-labs/ccc-cfi-compliance:ref:refs/heads/*", - "repo:finos-labs/ccc-cfi-compliance:ref:refs/tags/*", - "repo:finos-labs/ccc-cfi-compliance:pull_request", - "repo:finos-labs/ccc-cfi-compliance:environment:*" - ] - } - } - } - ] - }, - "is_service_role": false, - "attached_policies": [ - { - "PolicyName": "AdministratorAccess", - "PolicyArn": "arn:aws:iam::aws:policy/AdministratorAccess" - } - ], - "inline_policies": [], - "tags": [ - { - "Key": "CCC_INFRA_DONT_DELETE", - "Value": "True" - }, - { - "Key": "Preexisting", - "Value": "20251012" - } - ] - } - }, - "group": { - "name": "iam" - }, - "labels": [ - "CCC_INFRA_DONT_DELETE:True", - "Preexisting:20251012" - ], - "name": "TerraformRole", - "type": "AwsIamRole", - "uid": "arn:aws:iam::211203495394:role/TerraformRole" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Remove the AWS-managed ReadOnlyAccess policy from all roles that have a trust policy, including third-party cloud accounts, or remove third-party cloud accounts from the trust policy of all roles that need the ReadOnlyAccess policy.", - "references": [ - "https://docs.securestate.vmware.com/rule-docs/aws-iam-role-cross-account-readonlyaccess-policy" - ] - }, - "risk_details": "The AWS-managed ReadOnlyAccess policy is highly potent and exposes the customer to a significant data leakage threat. It should be granted very conservatively. For granting access to 3rd party vendors, consider using alternative managed policies, such as ViewOnlyAccess or SecurityAudit.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "IAM Service Role terraform-20251019171843685600000002 does not prevent against a cross-service confused deputy attack.", - "metadata": { - "event_code": "iam_role_cross_service_confused_deputy_prevention", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "IAM Service Role terraform-20251019171843685600000002 does not prevent against a cross-service confused deputy attack.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "trustboundaries" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-01.01B", - "IAM-01.04B" - ], - "ENS-RD2022": [ - "op.exp.8.r4.aws.ct.8", - "op.exp.8.r4.aws.ct.1" - ], - "AWS-Foundational-Technical-Review": [ - "IAM-0012" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.6", - "2.10.2" - ], - "CCC": [ - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR06" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC02-BP04" - ], - "AWS-Account-Security-Onboarding": [ - "Predefine IAM Roles" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.6", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1078" - ], - "NIS2": [ - "3.1.2.c", - "6.8.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure IAM Service Roles prevents against a cross-service confused deputy attack", - "title": "Ensure IAM Service Roles prevents against a cross-service confused deputy attack", - "types": [], - "uid": "prowler-aws-iam_role_cross_service_confused_deputy_prevention-211203495394-us-east-1-terraform-20251019171843685600000002" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "terraform-20251019171843685600000002", - "arn": "arn:aws:iam::211203495394:role/terraform-20251019171843685600000002", - "assume_role_policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Principal": { - "Service": "monitoring.rds.amazonaws.com" - }, - "Action": "sts:AssumeRole" - } - ] - }, - "is_service_role": true, - "attached_policies": [ - { - "PolicyName": "AmazonRDSEnhancedMonitoringRole", - "PolicyArn": "arn:aws:iam::aws:policy/service-role/AmazonRDSEnhancedMonitoringRole" - } - ], - "inline_policies": [], - "tags": [ - { - "Key": "GithubRepo", - "Value": "terraform-aws-rds-aurora" - }, - { - "Key": "Example", - "Value": "ex-rds" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - } - ] - } - }, - "group": { - "name": "iam" - }, - "labels": [ - "GithubRepo:terraform-aws-rds-aurora", - "Example:ex-rds", - "GithubOrg:terraform-aws-modules" - ], - "name": "terraform-20251019171843685600000002", - "type": "AwsIamRole", - "uid": "arn:aws:iam::211203495394:role/terraform-20251019171843685600000002" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "To mitigate cross-service confused deputy attacks, it's recommended to use the aws:SourceArn and aws:SourceAccount global condition context keys in your IAM role trust policies. If the role doesn't support these fields, consider implementing alternative security measures, such as defining more restrictive resource-based policies or using service-specific trust policies, to limit the role's permissions and exposure. For detailed guidance, refer to AWS's documentation on preventing cross-service confused deputy issues.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/confused-deputy.html#cross-service-confused-deputy-prevention" - ] - }, - "risk_details": "Allow attackers to gain unauthorized access to resources", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "IAM Service Role vpc-complete-example-role does not prevent against a cross-service confused deputy attack.", - "metadata": { - "event_code": "iam_role_cross_service_confused_deputy_prevention", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "IAM Service Role vpc-complete-example-role does not prevent against a cross-service confused deputy attack.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "trustboundaries" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-01.01B", - "IAM-01.04B" - ], - "ENS-RD2022": [ - "op.exp.8.r4.aws.ct.8", - "op.exp.8.r4.aws.ct.1" - ], - "AWS-Foundational-Technical-Review": [ - "IAM-0012" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.6", - "2.10.2" - ], - "CCC": [ - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR06" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC02-BP04" - ], - "AWS-Account-Security-Onboarding": [ - "Predefine IAM Roles" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.6", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1078" - ], - "NIS2": [ - "3.1.2.c", - "6.8.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure IAM Service Roles prevents against a cross-service confused deputy attack", - "title": "Ensure IAM Service Roles prevents against a cross-service confused deputy attack", - "types": [], - "uid": "prowler-aws-iam_role_cross_service_confused_deputy_prevention-211203495394-us-east-1-vpc-complete-example-role" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "vpc-complete-example-role", - "arn": "arn:aws:iam::211203495394:role/vpc-complete-example-role", - "assume_role_policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "AWSVPCFlowLogsAssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "vpc-flow-logs.amazonaws.com" - }, - "Action": "sts:AssumeRole" - } - ] - }, - "is_service_role": true, - "attached_policies": [ - { - "PolicyName": "vpc-flow-log-to-cloudwatch-20251019183706984700000008", - "PolicyArn": "arn:aws:iam::211203495394:policy/vpc-flow-log-to-cloudwatch-20251019183706984700000008" - } - ], - "inline_policies": [], - "tags": [ - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - } - ] - } - }, - "group": { - "name": "iam" - }, - "labels": [ - "GithubOrg:terraform-aws-modules", - "Example:ex-vpc", - "GithubRepo:terraform-aws-vpc" - ], - "name": "vpc-complete-example-role", - "type": "AwsIamRole", - "uid": "arn:aws:iam::211203495394:role/vpc-complete-example-role" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "To mitigate cross-service confused deputy attacks, it's recommended to use the aws:SourceArn and aws:SourceAccount global condition context keys in your IAM role trust policies. If the role doesn't support these fields, consider implementing alternative security measures, such as defining more restrictive resource-based policies or using service-specific trust policies, to limit the role's permissions and exposure. For detailed guidance, refer to AWS's documentation on preventing cross-service confused deputy issues.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/confused-deputy.html#cross-service-confused-deputy-prevention" - ] - }, - "risk_details": "Allow attackers to gain unauthorized access to resources", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Root account has a virtual MFA instead of a hardware MFA device enabled.", - "metadata": { - "event_code": "iam_root_hardware_mfa_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "FAIL", - "status_detail": "Root account has a virtual MFA instead of a hardware MFA device enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_1", - "3_1_2", - "3_5_3" - ], - "HIPAA": [ - "164_308_a_3_ii_a", - "164_312_d" - ], - "C5-2025": [ - "OPS-16.01B", - "IAM-08.05B", - "IAM-09.02B", - "IAM-09.01AC", - "PSS-05.01B", - "PSS-07.02B" - ], - "NIST-CSF-1.1": [ - "ac_3", - "ac_7" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-1", - "ac-2-f", - "ia-2-1-2", - "ia-2-1" - ], - "CIS-3.0": [ - "1.6" - ], - "NIST-800-53-Revision-5": [ - "ac_2_1", - "ac_3_2", - "ac_3_3", - "ac_3_3_a", - "ac_3_3_b_1", - "ac_3_3_b_2", - "ac_3_3_b_3", - "ac_3_3_b_4", - "ac_3_3_b_5", - "ac_3_3_c", - "ac_3_4", - "ac_3_4_a", - "ac_3_4_b", - "ac_3_4_c", - "ac_3_4_d", - "ac_3_4_e", - "ac_3_8", - "ac_3_12_a", - "ac_3_13", - "ac_3_15_a", - "ac_3_15_b", - "ac_4_28", - "ac_7_4", - "ac_7_4_a", - "ac_24", - "cm_5_1_a", - "cm_6_a", - "cm_9_b", - "ia_2_1", - "ia_2_2", - "ia_2_6", - "ia_2_6_a", - "ia_2_8", - "sc_23_3" - ], - "ENS-RD2022": [ - "op.acc.6.r4.aws.iam.1" - ], - "AWS-Foundational-Technical-Review": [ - "ARC-003", - "IAM-001", - "IAM-0012" - ], - "AWS-Audit-Manager-Control-Tower-Guardrails": [ - "3.0.3" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.3", - "2.5.5", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.6" - ], - "PCI-4.0": [ - "8.4.1.3", - "8.4.2.3", - "8.4.3.3" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "ia-2" - ], - "FFIEC": [ - "d3-pc-am-b-15", - "d3-pc-am-b-3", - "d3-pc-am-b-6" - ], - "GDPR": [ - "article_25" - ], - "CIS-5.0": [ - "1.5" - ], - "CIS-1.4": [ - "1.6" - ], - "CCC": [ - "CCC.Core.CN03.AR01", - "CCC.Core.CN03.AR02", - "CCC.Core.CN03.AR03", - "CCC.Core.CN03.AR04", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR06" - ], - "GxP-21-CFR-Part-11": [ - "11.10-d", - "11.10-g", - "11.200" - ], - "ProwlerThreatScore-1.0": [ - "1.1.2" - ], - "AWS-Foundational-Security-Best-Practices": [ - "IAM.6" - ], - "CIS-1.5": [ - "1.6" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC01-BP02" - ], - "NIST-800-53-Revision-4": [ - "ia_2_1", - "ia_2_11" - ], - "AWS-Account-Security-Onboarding": [ - "Root user - distribution email + MFA" - ], - "KISA-ISMS-P-2023": [ - "2.5.3", - "2.5.5", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1078", - "T1098", - "T1556", - "T1550", - "T1110", - "T1040" - ], - "CIS-2.0": [ - "1.6" - ], - "CISA": [ - "your-systems-3", - "your-surroundings-2" - ], - "NIS2": [ - "11.6.1", - "11.7.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure only hardware MFA is enabled for the root account", - "title": "Ensure only hardware MFA is enabled for the root account", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_root_hardware_mfa_enabled-211203495394-us-east-1-" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "user": "", - "arn": "arn:aws:iam::211203495394:root", - "user_creation_time": "2025-10-03T16:10:08Z", - "password_enabled": "true", - "password_last_used": "2025-10-15T00:42:44Z", - "password_last_changed": "2025-10-03T16:10:08Z", - "password_next_rotation": "not_supported", - "mfa_active": "true", - "access_key_1_active": "false", - "access_key_1_last_rotated": "N/A", - "access_key_1_last_used_date": "N/A", - "access_key_1_last_used_region": "N/A", - "access_key_1_last_used_service": "N/A", - "access_key_2_active": "false", - "access_key_2_last_rotated": "N/A", - "access_key_2_last_used_date": "N/A", - "access_key_2_last_used_region": "N/A", - "access_key_2_last_used_service": "N/A", - "cert_1_active": "false", - "cert_1_last_rotated": "N/A", - "cert_2_active": "false", - "cert_2_last_rotated": "N/A" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "", - "type": "AwsIamUser", - "uid": "arn:aws:iam::211203495394:mfa" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Using IAM console navigate to Dashboard and expand Activate MFA on your root account. If using AWS Organizations, consider enabling Centralized Root Management and removing individual root credentials.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_root-user.html#id_root-user_manage_mfa" - ] - }, - "risk_details": "The root account is the most privileged user in an AWS account. MFA adds an extra layer of protection on top of a user name and password. With MFA enabled when a user signs in to an AWS website they will be prompted for their user name and password as well as for an authentication code from their AWS MFA device. For Level 2 it is recommended that the root account be protected with only a hardware MFA.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "MFA is enabled for root account.", - "metadata": { - "event_code": "iam_root_mfa_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "PASS", - "status_detail": "MFA is enabled for root account.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_1", - "3_1_2", - "3_5_2", - "3_5_3" - ], - "HIPAA": [ - "164_308_a_3_ii_a", - "164_312_d" - ], - "C5-2025": [ - "OPS-16.01B", - "IAM-04.06B", - "IAM-06.09B", - "IAM-08.05B", - "IAM-09.02B", - "IAM-09.01AC", - "PSS-05.01B", - "PSS-05.02B", - "PSS-07.02B" - ], - "NIST-CSF-1.1": [ - "ac_3", - "ac_7" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-1", - "ac-2-f", - "ac-2-j", - "ia-2-1-2", - "ia-2-1" - ], - "CIS-3.0": [ - "1.5" - ], - "NIST-800-53-Revision-5": [ - "ac_2_1", - "ac_3_2", - "ac_3_3", - "ac_3_3_a", - "ac_3_3_b_1", - "ac_3_3_b_2", - "ac_3_3_b_3", - "ac_3_3_b_4", - "ac_3_3_b_5", - "ac_3_3_c", - "ac_3_4", - "ac_3_4_a", - "ac_3_4_b", - "ac_3_4_c", - "ac_3_4_d", - "ac_3_4_e", - "ac_3_8", - "ac_3_12_a", - "ac_3_13", - "ac_3_15_a", - "ac_3_15_b", - "ac_4_28", - "ac_7_4", - "ac_7_4_a", - "ac_24", - "cm_6_a", - "cm_9_b", - "ia_2_1", - "ia_2_2", - "ia_2_6", - "ia_2_6_a", - "ia_2_8", - "sc_23_3" - ], - "ENS-RD2022": [ - "op.acc.6.r2.aws.iam.1" - ], - "AWS-Foundational-Technical-Review": [ - "ARC-003", - "IAM-001", - "IAM-0012" - ], - "AWS-Audit-Manager-Control-Tower-Guardrails": [ - "3.0.1", - "3.0.2", - "3.0.3" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.3", - "2.5.5", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.5" - ], - "PCI-4.0": [ - "8.4.1.4", - "8.4.2.4", - "8.4.3.4" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "ia-2" - ], - "FFIEC": [ - "d3-pc-am-b-15", - "d3-pc-am-b-3", - "d3-pc-am-b-6" - ], - "GDPR": [ - "article_25" - ], - "CIS-5.0": [ - "1.4" - ], - "CIS-1.4": [ - "1.5" - ], - "CCC": [ - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN05.AR01", - "CCC.Core.CN03.AR01", - "CCC.Core.CN03.AR02", - "CCC.Core.CN03.AR03", - "CCC.Core.CN03.AR04", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR06" - ], - "GxP-21-CFR-Part-11": [ - "11.10-d", - "11.10-g", - "11.200" - ], - "ProwlerThreatScore-1.0": [ - "1.1.1" - ], - "CIS-1.5": [ - "1.5" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC01-BP02" - ], - "ISO27001-2022": [ - "A.5.15", - "A.5.17", - "A.8.5" - ], - "NIST-800-53-Revision-4": [ - "ac_2", - "ia_2_1", - "ia_2_11" - ], - "AWS-Account-Security-Onboarding": [ - "Root user - distribution email + MFA" - ], - "KISA-ISMS-P-2023": [ - "2.5.3", - "2.5.5", - "2.10.2" - ], - "ISO27001-2013": [ - "A.9.2", - "A.9.4" - ], - "MITRE-ATTACK": [ - "T1078", - "T1098", - "T1556", - "T1550", - "T1110", - "T1040" - ], - "CIS-2.0": [ - "1.5" - ], - "CISA": [ - "your-systems-3", - "your-surroundings-2", - "booting-up-thing-to-do-first-2" - ], - "NIS2": [ - "11.3.2.a", - "11.6.1", - "11.7.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure MFA is enabled for the root account", - "title": "Ensure MFA is enabled for the root account", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_root_mfa_enabled-211203495394-us-east-1-" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "user": "", - "arn": "arn:aws:iam::211203495394:root", - "user_creation_time": "2025-10-03T16:10:08Z", - "password_enabled": "true", - "password_last_used": "2025-10-15T00:42:44Z", - "password_last_changed": "2025-10-03T16:10:08Z", - "password_next_rotation": "not_supported", - "mfa_active": "true", - "access_key_1_active": "false", - "access_key_1_last_rotated": "N/A", - "access_key_1_last_used_date": "N/A", - "access_key_1_last_used_region": "N/A", - "access_key_1_last_used_service": "N/A", - "access_key_2_active": "false", - "access_key_2_last_rotated": "N/A", - "access_key_2_last_used_date": "N/A", - "access_key_2_last_used_region": "N/A", - "access_key_2_last_used_service": "N/A", - "cert_1_active": "false", - "cert_1_last_rotated": "N/A", - "cert_2_active": "false", - "cert_2_last_rotated": "N/A" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "", - "type": "AwsIamUser", - "uid": "arn:aws:iam::211203495394:root" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Using IAM console navigate to Dashboard and expand Activate MFA on your root account. If using AWS Organizations, consider enabling Centralized Root Management and removing individual root credentials.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_root-user.html#id_root-user_manage_mfa" - ] - }, - "risk_details": "The root account is the most privileged user in an AWS account. MFA adds an extra layer of protection on top of a user name and password. With MFA enabled when a user signs in to an AWS website they will be prompted for their user name and password as well as for an authentication code from their AWS MFA device. When virtual MFA is used for root accounts it is recommended that the device used is NOT a personal device but rather a dedicated mobile device (tablet or phone) that is managed to be kept charged and secured independent of any individual personal devices. (non-personal virtual MFA) This lessens the risks of losing access to the MFA due to device loss / trade-in or if the individual owning the device is no longer employed at the company.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User does not have access keys.", - "metadata": { - "event_code": "iam_rotate_access_key_90_days", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "User does not have access keys.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "HIPAA": [ - "164_308_a_3_ii_c", - "164_308_a_4_ii_c", - "164_308_a_5_ii_d" - ], - "C5-2025": [ - "IAM-10.01B", - "CRY-03.01B", - "CRY-09.02B" - ], - "NIST-CSF-1.1": [ - "ac_1" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-1", - "ac-2-f", - "ac-2-j" - ], - "CIS-3.0": [ - "1.14" - ], - "NIST-800-53-Revision-5": [ - "ac_2_1", - "ac_3_3", - "ac_3_3_a", - "ac_3_3_b_1", - "ac_3_3_b_2", - "ac_3_3_b_3", - "ac_3_3_b_4", - "ac_3_3_b_5", - "ac_3_3_c", - "ac_3_4", - "ac_3_4_a", - "ac_3_4_b", - "ac_3_4_c", - "ac_3_4_d", - "ac_3_4_e", - "ac_3_8", - "ac_3_12_a", - "ac_3_13", - "ac_3_15_a", - "ac_3_15_b", - "ac_4_28", - "ac_24", - "cm_5_1_a", - "cm_6_a", - "cm_9_b", - "sc_23_3" - ], - "ENS-RD2022": [ - "op.acc.6.aws.iam.2", - "op.acc.6.aws.iam.3" - ], - "AWS-Foundational-Technical-Review": [ - "IAM-002", - "IAM-0012" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.14" - ], - "PCI-4.0": [ - "8.3.10.1.1", - "8.3.5.1", - "8.3.7.1", - "8.3.9.1", - "8.6.3.1" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2" - ], - "FFIEC": [ - "d3-pc-am-b-6" - ], - "GDPR": [ - "article_25" - ], - "CIS-5.0": [ - "1.13" - ], - "CIS-1.4": [ - "1.14" - ], - "CCC": [ - "CCC.ObjStor.CN05.AR02" - ], - "GxP-21-CFR-Part-11": [ - "11.10-d", - "11.10-g", - "11.200", - "11.300-b" - ], - "ProwlerThreatScore-1.0": [ - "1.1.11" - ], - "AWS-Foundational-Security-Best-Practices": [ - "IAM.3" - ], - "CIS-1.5": [ - "1.14" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC02-BP02", - "SEC02-BP05" - ], - "ISO27001-2022": [ - "A.5.15" - ], - "NIST-800-53-Revision-4": [ - "ac_2_1", - "ac_2" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.2" - ], - "ISO27001-2013": [ - "A.9.2", - "A.9.3", - "A.9.4" - ], - "MITRE-ATTACK": [ - "T1078", - "T1550", - "T1110" - ], - "CIS-2.0": [ - "1.14" - ], - "CISA": [ - "your-systems-3" - ], - "NIS2": [ - "1.1.1.d", - "1.1.2", - "2.1.4", - "2.3.1", - "3.1.3", - "6.2.4", - "9.2.c", - "9.2.c.xii", - "11.6.2.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure access keys are rotated every 90 days or less", - "title": "Ensure access keys are rotated every 90 days or less", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_rotate_access_key_90_days-211203495394-us-east-1-" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "user": "", - "arn": "arn:aws:iam::211203495394:root", - "user_creation_time": "2025-10-03T16:10:08Z", - "password_enabled": "true", - "password_last_used": "2025-10-15T00:42:44Z", - "password_last_changed": "2025-10-03T16:10:08Z", - "password_next_rotation": "not_supported", - "mfa_active": "true", - "access_key_1_active": "false", - "access_key_1_last_rotated": "N/A", - "access_key_1_last_used_date": "N/A", - "access_key_1_last_used_region": "N/A", - "access_key_1_last_used_service": "N/A", - "access_key_2_active": "false", - "access_key_2_last_rotated": "N/A", - "access_key_2_last_used_date": "N/A", - "access_key_2_last_used_region": "N/A", - "access_key_2_last_used_service": "N/A", - "cert_1_active": "false", - "cert_1_last_rotated": "N/A", - "cert_2_active": "false", - "cert_2_last_rotated": "N/A" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "", - "type": "AwsIamAccessKey", - "uid": "arn:aws:iam::211203495394:root" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Use the credential report to ensure access_key_X_last_rotated is less than 90 days ago.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_getting-report.html" - ] - }, - "risk_details": "Access keys consist of an access key ID and secret access key which are used to sign programmatic requests that you make to AWS. AWS users need their own access keys to make programmatic calls to AWS from the AWS Command Line Interface (AWS CLI)- Tools for Windows PowerShell- the AWS SDKs- or direct HTTP calls using the APIs for individual AWS services. It is recommended that all access keys be regularly rotated.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User terraform-user does not have access keys older than 90 days.", - "metadata": { - "event_code": "iam_rotate_access_key_90_days", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "User terraform-user does not have access keys older than 90 days.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "HIPAA": [ - "164_308_a_3_ii_c", - "164_308_a_4_ii_c", - "164_308_a_5_ii_d" - ], - "C5-2025": [ - "IAM-10.01B", - "CRY-03.01B", - "CRY-09.02B" - ], - "NIST-CSF-1.1": [ - "ac_1" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-1", - "ac-2-f", - "ac-2-j" - ], - "CIS-3.0": [ - "1.14" - ], - "NIST-800-53-Revision-5": [ - "ac_2_1", - "ac_3_3", - "ac_3_3_a", - "ac_3_3_b_1", - "ac_3_3_b_2", - "ac_3_3_b_3", - "ac_3_3_b_4", - "ac_3_3_b_5", - "ac_3_3_c", - "ac_3_4", - "ac_3_4_a", - "ac_3_4_b", - "ac_3_4_c", - "ac_3_4_d", - "ac_3_4_e", - "ac_3_8", - "ac_3_12_a", - "ac_3_13", - "ac_3_15_a", - "ac_3_15_b", - "ac_4_28", - "ac_24", - "cm_5_1_a", - "cm_6_a", - "cm_9_b", - "sc_23_3" - ], - "ENS-RD2022": [ - "op.acc.6.aws.iam.2", - "op.acc.6.aws.iam.3" - ], - "AWS-Foundational-Technical-Review": [ - "IAM-002", - "IAM-0012" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.14" - ], - "PCI-4.0": [ - "8.3.10.1.1", - "8.3.5.1", - "8.3.7.1", - "8.3.9.1", - "8.6.3.1" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2" - ], - "FFIEC": [ - "d3-pc-am-b-6" - ], - "GDPR": [ - "article_25" - ], - "CIS-5.0": [ - "1.13" - ], - "CIS-1.4": [ - "1.14" - ], - "CCC": [ - "CCC.ObjStor.CN05.AR02" - ], - "GxP-21-CFR-Part-11": [ - "11.10-d", - "11.10-g", - "11.200", - "11.300-b" - ], - "ProwlerThreatScore-1.0": [ - "1.1.11" - ], - "AWS-Foundational-Security-Best-Practices": [ - "IAM.3" - ], - "CIS-1.5": [ - "1.14" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC02-BP02", - "SEC02-BP05" - ], - "ISO27001-2022": [ - "A.5.15" - ], - "NIST-800-53-Revision-4": [ - "ac_2_1", - "ac_2" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.2" - ], - "ISO27001-2013": [ - "A.9.2", - "A.9.3", - "A.9.4" - ], - "MITRE-ATTACK": [ - "T1078", - "T1550", - "T1110" - ], - "CIS-2.0": [ - "1.14" - ], - "CISA": [ - "your-systems-3" - ], - "NIS2": [ - "1.1.1.d", - "1.1.2", - "2.1.4", - "2.3.1", - "3.1.3", - "6.2.4", - "9.2.c", - "9.2.c.xii", - "11.6.2.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure access keys are rotated every 90 days or less", - "title": "Ensure access keys are rotated every 90 days or less", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_rotate_access_key_90_days-211203495394-us-east-1-terraform-user" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "user": "terraform-user", - "arn": "arn:aws:iam::211203495394:user/terraform-user", - "user_creation_time": "2025-10-06T15:56:43Z", - "password_enabled": "false", - "password_last_used": "N/A", - "password_last_changed": "N/A", - "password_next_rotation": "N/A", - "mfa_active": "false", - "access_key_1_active": "true", - "access_key_1_last_rotated": "2025-10-06T15:57:15Z", - "access_key_1_last_used_date": "2025-10-15T11:07:00Z", - "access_key_1_last_used_region": "ap-northeast-1", - "access_key_1_last_used_service": "ec2", - "access_key_2_active": "false", - "access_key_2_last_rotated": "N/A", - "access_key_2_last_used_date": "N/A", - "access_key_2_last_used_region": "N/A", - "access_key_2_last_used_service": "N/A", - "cert_1_active": "false", - "cert_1_last_rotated": "N/A", - "cert_2_active": "false", - "cert_2_last_rotated": "N/A" - } - }, - "group": { - "name": "iam" - }, - "labels": [ - "CCC_INFRA_DONT_DELETE:True", - "Preexisting:20251012" - ], - "name": "terraform-user", - "type": "AwsIamAccessKey", - "uid": "arn:aws:iam::211203495394:user/terraform-user" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Use the credential report to ensure access_key_X_last_rotated is less than 90 days ago.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_getting-report.html" - ] - }, - "risk_details": "Access keys consist of an access key ID and secret access key which are used to sign programmatic requests that you make to AWS. AWS users need their own access keys to make programmatic calls to AWS from the AWS Command Line Interface (AWS CLI)- Tools for Windows PowerShell- the AWS SDKs- or direct HTTP calls using the APIs for individual AWS services. It is recommended that all access keys be regularly rotated.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "SecurityAudit policy is not attached to any role.", - "metadata": { - "event_code": "iam_securityaudit_role_created", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "SecurityAudit policy is not attached to any role.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-02.01B", - "OIS-02.02B", - "OIS-04.01B", - "HR-04.01B", - "IAM-01.01B", - "IAM-01.04B", - "IAM-05.02B", - "IAM-06.06B", - "DEV-15.01B", - "SIM-01.02B", - "SIM-01.03B", - "COM-02.02B", - "COM-03.02B", - "INQ-02.01B", - "PSS-09.01AC" - ], - "ENS-RD2022": [ - "op.acc.3.r2.aws.iam.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "ISO27001-2022": [ - "A.5.3" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "NIS2": [ - "1.2.4", - "2.1.1", - "2.1.2.a", - "2.1.2.e", - "2.1.2.f", - "2.2.1", - "2.3.1", - "3.1.2.c", - "3.1.3", - "6.2.2.a", - "7.2.d", - "7.2.e", - "7.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure a Security Audit role has been created to conduct security audits", - "title": "Ensure a Security Audit role has been created to conduct security audits", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_securityaudit_role_created-211203495394-us-east-1-SecurityAudit" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "SecurityAudit", - "type": "AwsIamRole", - "uid": "arn:aws:iam::aws:policy/SecurityAudit" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Create an IAM role for conduct security audits with AWS.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_job-functions.html#jf_security-auditor" - ] - }, - "risk_details": "Creating an IAM role with a security audit policy provides a clear separation of duties between the security team and other teams within the organization. This helps to ensure that security-related activities are performed by authorized individuals with the appropriate expertise and access permissions.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "AWS Support Access policy is not attached to any role.", - "metadata": { - "event_code": "iam_support_role_created", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "AWS Support Access policy is not attached to any role.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "CAF Security Epic: IAM", - "compliance": { - "C5-2025": [ - "OIS-02.01B", - "OIS-02.02B", - "HR-04.01B", - "OPS-13.02B", - "OPS-13.03AC", - "OPS-17.02B", - "OPS-24.01B", - "OPS-24.02B", - "IAM-01.01B", - "IAM-01.04B", - "IAM-06.06B", - "DEV-15.01B", - "SSO-05.06B", - "SIM-01.02B", - "SIM-01.03B" - ], - "CIS-3.0": [ - "1.17" - ], - "ENS-RD2022": [ - "op.acc.3.r1.aws.iam.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2", - "2.11.1" - ], - "CIS-4.0.1": [ - "1.17" - ], - "GDPR": [ - "article_25" - ], - "CIS-5.0": [ - "1.16" - ], - "CIS-1.4": [ - "1.17" - ], - "ProwlerThreatScore-1.0": [ - "1.2.3" - ], - "CIS-1.5": [ - "1.17" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC10-BP01" - ], - "AWS-Account-Security-Onboarding": [ - "Predefine IAM Roles" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2", - "2.11.1" - ], - "CIS-2.0": [ - "1.17" - ], - "NIS2": [ - "2.1.1", - "2.1.2.a", - "2.2.1", - "3.1.2.d", - "4.3.2.a", - "5.1.7.b" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure a support role has been created to manage incidents with AWS Support", - "title": "Ensure a support role has been created to manage incidents with AWS Support", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_support_role_created-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "211203495394", - "type": "AwsIamRole", - "uid": "arn:aws:iam::aws:policy/AWSSupportAccess" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Create an IAM role for managing incidents with AWS.", - "references": [ - "https://docs.aws.amazon.com/awssupport/latest/user/using-service-linked-roles-sup.html" - ] - }, - "risk_details": "AWS provides a support center that can be used for incident notification and response, as well as technical support and customer services. Create an IAM Role to allow authorized users to manage incidents with AWS Support.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User does not have access keys.", - "metadata": { - "event_code": "iam_user_accesskey_unused", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "User does not have access keys.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_1", - "3_1_2", - "3_1_4", - "3_1_5", - "3_5_6", - "3_5_7", - "3_5_8" - ], - "HIPAA": [ - "164_308_a_3_ii_b", - "164_308_a_4_ii_c", - "164_308_a_5_ii_d" - ], - "SOC2": [ - "cc_1_3" - ], - "C5-2025": [ - "IAM-03.02B", - "IAM-03.03B", - "IAM-03.01AS", - "IAM-05.04B", - "IAM-10.01B", - "CRY-03.01B" - ], - "NIST-CSF-1.1": [ - "ac_1", - "ac_4" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-1", - "ac-2-f", - "ac-2-j", - "ac-2-3", - "ac-3", - "ac-5-c", - "ac-6" - ], - "CIS-3.0": [ - "1.12" - ], - "NIST-800-53-Revision-5": [ - "ac_2_1", - "ac_2_3_a", - "ac_2_3_b", - "ac_2_3_c", - "ac_2_3_d", - "ac_2_3", - "ac_2_6", - "ac_2_g", - "ac_2_j", - "ac_3", - "ac_3_3", - "ac_3_3_a", - "ac_3_3_b_1", - "ac_3_3_b_2", - "ac_3_3_b_3", - "ac_3_3_b_4", - "ac_3_3_b_5", - "ac_3_3_c", - "ac_3_4", - "ac_3_4_a", - "ac_3_4_b", - "ac_3_4_c", - "ac_3_4_d", - "ac_3_4_e", - "ac_3_7", - "ac_3_8", - "ac_3_12_a", - "ac_3_13", - "ac_3_15_a", - "ac_3_15_b", - "ac_4_28", - "ac_6", - "ac_24", - "cm_5_1_a", - "cm_6_a", - "cm_9_b", - "mp_2", - "sc_23_3" - ], - "ENS-RD2022": [ - "op.acc.6.aws.iam.2", - "op.acc.6.aws.iam.3", - "op.acc.6.r7.aws.iam.1" - ], - "AWS-Foundational-Technical-Review": [ - "IAM-002", - "IAM-0012" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.12" - ], - "PCI-4.0": [ - "7.2.4.2", - "7.2.5.1.2", - "8.2.6.2", - "A3.4.1.10" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "ac-3" - ], - "FFIEC": [ - "d3-pc-am-b-6" - ], - "GDPR": [ - "article_25" - ], - "PCI-3.2.1": [ - "8.1", - "8.1.4" - ], - "CIS-5.0": [ - "1.11" - ], - "CIS-1.4": [ - "1.12" - ], - "GxP-21-CFR-Part-11": [ - "11.10-d", - "11.10-g", - "11.300-b" - ], - "ProwlerThreatScore-1.0": [ - "1.1.10" - ], - "AWS-Foundational-Security-Best-Practices": [ - "IAM.8", - "IAM.22", - "IAM.26" - ], - "CIS-1.5": [ - "1.12" - ], - "ISO27001-2022": [ - "A.5.15" - ], - "NIST-800-53-Revision-4": [ - "ac_2_1", - "ac_2_3", - "ac_2", - "ac_3", - "ac_6" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.2" - ], - "ISO27001-2013": [ - "A.9.2", - "A.9.3", - "A.9.4" - ], - "MITRE-ATTACK": [ - "T1078", - "T1550", - "T1110" - ], - "CIS-2.0": [ - "1.12" - ], - "CISA": [ - "your-systems-3" - ], - "NIS2": [ - "11.5.4" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure unused User Access Keys are disabled", - "title": "Ensure unused User Access Keys are disabled", - "types": [ - "Software and Configuration Checks" - ], - "uid": "prowler-aws-iam_user_accesskey_unused-211203495394-us-east-1-" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "user": "", - "arn": "arn:aws:iam::211203495394:root", - "user_creation_time": "2025-10-03T16:10:08Z", - "password_enabled": "true", - "password_last_used": "2025-10-15T00:42:44Z", - "password_last_changed": "2025-10-03T16:10:08Z", - "password_next_rotation": "not_supported", - "mfa_active": "true", - "access_key_1_active": "false", - "access_key_1_last_rotated": "N/A", - "access_key_1_last_used_date": "N/A", - "access_key_1_last_used_region": "N/A", - "access_key_1_last_used_service": "N/A", - "access_key_2_active": "false", - "access_key_2_last_rotated": "N/A", - "access_key_2_last_used_date": "N/A", - "access_key_2_last_used_region": "N/A", - "access_key_2_last_used_service": "N/A", - "cert_1_active": "false", - "cert_1_last_rotated": "N/A", - "cert_2_active": "false", - "cert_2_last_rotated": "N/A" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "", - "type": "AwsIamUser", - "uid": "arn:aws:iam::211203495394:root" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Find the credentials that they were using and ensure that they are no longer operational. Ideally, you delete credentials if they are no longer needed. You can always recreate them at a later date if the need arises. At the very least, you should change the password or deactivate the access keys so that the former users no longer have access.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_finding-unused.html" - ] - }, - "risk_details": "To increase the security of your AWS account, remove IAM user credentials (that is, passwords and access keys) that are not needed. For example, when users leave your organization or no longer need AWS access.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User terraform-user does not have unused access keys for 45 days.", - "metadata": { - "event_code": "iam_user_accesskey_unused", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "User terraform-user does not have unused access keys for 45 days.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_1", - "3_1_2", - "3_1_4", - "3_1_5", - "3_5_6", - "3_5_7", - "3_5_8" - ], - "HIPAA": [ - "164_308_a_3_ii_b", - "164_308_a_4_ii_c", - "164_308_a_5_ii_d" - ], - "SOC2": [ - "cc_1_3" - ], - "C5-2025": [ - "IAM-03.02B", - "IAM-03.03B", - "IAM-03.01AS", - "IAM-05.04B", - "IAM-10.01B", - "CRY-03.01B" - ], - "NIST-CSF-1.1": [ - "ac_1", - "ac_4" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-1", - "ac-2-f", - "ac-2-j", - "ac-2-3", - "ac-3", - "ac-5-c", - "ac-6" - ], - "CIS-3.0": [ - "1.12" - ], - "NIST-800-53-Revision-5": [ - "ac_2_1", - "ac_2_3_a", - "ac_2_3_b", - "ac_2_3_c", - "ac_2_3_d", - "ac_2_3", - "ac_2_6", - "ac_2_g", - "ac_2_j", - "ac_3", - "ac_3_3", - "ac_3_3_a", - "ac_3_3_b_1", - "ac_3_3_b_2", - "ac_3_3_b_3", - "ac_3_3_b_4", - "ac_3_3_b_5", - "ac_3_3_c", - "ac_3_4", - "ac_3_4_a", - "ac_3_4_b", - "ac_3_4_c", - "ac_3_4_d", - "ac_3_4_e", - "ac_3_7", - "ac_3_8", - "ac_3_12_a", - "ac_3_13", - "ac_3_15_a", - "ac_3_15_b", - "ac_4_28", - "ac_6", - "ac_24", - "cm_5_1_a", - "cm_6_a", - "cm_9_b", - "mp_2", - "sc_23_3" - ], - "ENS-RD2022": [ - "op.acc.6.aws.iam.2", - "op.acc.6.aws.iam.3", - "op.acc.6.r7.aws.iam.1" - ], - "AWS-Foundational-Technical-Review": [ - "IAM-002", - "IAM-0012" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.12" - ], - "PCI-4.0": [ - "7.2.4.2", - "7.2.5.1.2", - "8.2.6.2", - "A3.4.1.10" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "ac-3" - ], - "FFIEC": [ - "d3-pc-am-b-6" - ], - "GDPR": [ - "article_25" - ], - "PCI-3.2.1": [ - "8.1", - "8.1.4" - ], - "CIS-5.0": [ - "1.11" - ], - "CIS-1.4": [ - "1.12" - ], - "GxP-21-CFR-Part-11": [ - "11.10-d", - "11.10-g", - "11.300-b" - ], - "ProwlerThreatScore-1.0": [ - "1.1.10" - ], - "AWS-Foundational-Security-Best-Practices": [ - "IAM.8", - "IAM.22", - "IAM.26" - ], - "CIS-1.5": [ - "1.12" - ], - "ISO27001-2022": [ - "A.5.15" - ], - "NIST-800-53-Revision-4": [ - "ac_2_1", - "ac_2_3", - "ac_2", - "ac_3", - "ac_6" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.2" - ], - "ISO27001-2013": [ - "A.9.2", - "A.9.3", - "A.9.4" - ], - "MITRE-ATTACK": [ - "T1078", - "T1550", - "T1110" - ], - "CIS-2.0": [ - "1.12" - ], - "CISA": [ - "your-systems-3" - ], - "NIS2": [ - "11.5.4" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure unused User Access Keys are disabled", - "title": "Ensure unused User Access Keys are disabled", - "types": [ - "Software and Configuration Checks" - ], - "uid": "prowler-aws-iam_user_accesskey_unused-211203495394-us-east-1-terraform-user" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "user": "terraform-user", - "arn": "arn:aws:iam::211203495394:user/terraform-user", - "user_creation_time": "2025-10-06T15:56:43Z", - "password_enabled": "false", - "password_last_used": "N/A", - "password_last_changed": "N/A", - "password_next_rotation": "N/A", - "mfa_active": "false", - "access_key_1_active": "true", - "access_key_1_last_rotated": "2025-10-06T15:57:15Z", - "access_key_1_last_used_date": "2025-10-15T11:07:00Z", - "access_key_1_last_used_region": "ap-northeast-1", - "access_key_1_last_used_service": "ec2", - "access_key_2_active": "false", - "access_key_2_last_rotated": "N/A", - "access_key_2_last_used_date": "N/A", - "access_key_2_last_used_region": "N/A", - "access_key_2_last_used_service": "N/A", - "cert_1_active": "false", - "cert_1_last_rotated": "N/A", - "cert_2_active": "false", - "cert_2_last_rotated": "N/A" - } - }, - "group": { - "name": "iam" - }, - "labels": [ - "CCC_INFRA_DONT_DELETE:True", - "Preexisting:20251012" - ], - "name": "terraform-user", - "type": "AwsIamUser", - "uid": "arn:aws:iam::211203495394:user/terraform-user" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Find the credentials that they were using and ensure that they are no longer operational. Ideally, you delete credentials if they are no longer needed. You can always recreate them at a later date if the need arises. At the very least, you should change the password or deactivate the access keys so that the former users no longer have access.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_finding-unused.html" - ] - }, - "risk_details": "To increase the security of your AWS account, remove IAM user credentials (that is, passwords and access keys) that are not needed. For example, when users leave your organization or no longer need AWS access.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "IAM User terraform-user has AdministratorAccess policy attached.", - "metadata": { - "event_code": "iam_user_administrator_access_policy", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "IAM User terraform-user has AdministratorAccess policy attached.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-04.03B", - "SP-01.04B", - "HR-01.01B", - "IAM-01.01B", - "IAM-01.04B", - "IAM-10.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "PCI-4.0": [ - "7.2.1.19", - "7.2.2.19", - "7.2.5.13", - "7.3.1.13", - "7.3.2.13", - "7.3.3.13", - "8.2.7.13", - "8.2.8.15", - "8.3.4.13" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.LB.CN04.AR01", - "CCC.LB.CN05.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR04" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "This check ensures that no IAM users in your AWS account have the 'AdministratorAccess' policy attached. IAM users with this policy have unrestricted access to all AWS services and resources, which poses a significant security risk if misused.", - "title": "Ensure No IAM Users Have Administrator Access Policy", - "types": [], - "uid": "prowler-aws-iam_user_administrator_access_policy-211203495394-us-east-1-terraform-user" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "terraform-user", - "arn": "arn:aws:iam::211203495394:user/terraform-user", - "mfa_devices": [], - "password_last_used": null, - "console_access": false, - "attached_policies": [ - { - "PolicyName": "AdministratorAccess", - "PolicyArn": "arn:aws:iam::aws:policy/AdministratorAccess" - } - ], - "inline_policies": [], - "tags": [ - { - "Key": "CCC_INFRA_DONT_DELETE", - "Value": "True" - }, - { - "Key": "Preexisting", - "Value": "20251012" - } - ] - } - }, - "group": { - "name": "iam" - }, - "labels": [ - "CCC_INFRA_DONT_DELETE:True", - "Preexisting:20251012" - ], - "name": "terraform-user", - "type": "AwsIamUser", - "uid": "arn:aws:iam::211203495394:user/terraform-user" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Replace the 'AdministratorAccess' policy with more specific permissions that follow the Principle of Least Privilege. Consider implementing IAM roles such as 'IAM Master' and 'IAM Manager' to manage permissions more securely.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html" - ] - }, - "risk_details": "IAM users with administrator-level permissions can perform any action on any resource in your AWS environment. If these permissions are granted to users unnecessarily or to individuals without sufficient knowledge, it can lead to security vulnerabilities, data leaks, data loss, or unexpected charges.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "IAM User test-user-trusted does not have AdministratorAccess policy.", - "metadata": { - "event_code": "iam_user_administrator_access_policy", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "IAM User test-user-trusted does not have AdministratorAccess policy.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-04.03B", - "SP-01.04B", - "HR-01.01B", - "IAM-01.01B", - "IAM-01.04B", - "IAM-10.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "PCI-4.0": [ - "7.2.1.19", - "7.2.2.19", - "7.2.5.13", - "7.3.1.13", - "7.3.2.13", - "7.3.3.13", - "8.2.7.13", - "8.2.8.15", - "8.3.4.13" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.LB.CN04.AR01", - "CCC.LB.CN05.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR04" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "This check ensures that no IAM users in your AWS account have the 'AdministratorAccess' policy attached. IAM users with this policy have unrestricted access to all AWS services and resources, which poses a significant security risk if misused.", - "title": "Ensure No IAM Users Have Administrator Access Policy", - "types": [], - "uid": "prowler-aws-iam_user_administrator_access_policy-211203495394-us-east-1-test-user-trusted" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "test-user-trusted", - "arn": "arn:aws:iam::211203495394:user/test-user-trusted", - "mfa_devices": [], - "password_last_used": null, - "console_access": false, - "attached_policies": [], - "inline_policies": [ - "CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-read", - "CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-write" - ], - "tags": [ - { - "Key": "Purpose", - "Value": "CCC-Testing" - }, - { - "Key": "ManagedBy", - "Value": "CCC-CFI-Compliance-Framework" - } - ] - } - }, - "group": { - "name": "iam" - }, - "labels": [ - "Purpose:CCC-Testing", - "ManagedBy:CCC-CFI-Compliance-Framework" - ], - "name": "test-user-trusted", - "type": "AwsIamUser", - "uid": "arn:aws:iam::211203495394:user/test-user-trusted" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Replace the 'AdministratorAccess' policy with more specific permissions that follow the Principle of Least Privilege. Consider implementing IAM roles such as 'IAM Master' and 'IAM Manager' to manage permissions more securely.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html" - ] - }, - "risk_details": "IAM users with administrator-level permissions can perform any action on any resource in your AWS environment. If these permissions are granted to users unnecessarily or to individuals without sufficient knowledge, it can lead to security vulnerabilities, data leaks, data loss, or unexpected charges.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User terraform-user does not have console access enabled or is unused.", - "metadata": { - "event_code": "iam_user_console_access_unused", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "User terraform-user does not have console access enabled or is unused.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_1", - "3_1_2", - "3_1_4", - "3_1_5", - "3_5_6", - "3_5_7", - "3_5_8" - ], - "HIPAA": [ - "164_308_a_3_ii_b", - "164_308_a_4_ii_c", - "164_308_a_5_ii_d" - ], - "SOC2": [ - "cc_1_3" - ], - "C5-2025": [ - "OPS-05.02AC", - "IAM-03.02B", - "IAM-03.03B", - "IAM-03.01AS", - "IAM-05.04B", - "IAM-10.01B" - ], - "NIST-CSF-1.1": [ - "ac_1", - "ac_4" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-1", - "ac-2-f", - "ac-2-j", - "ac-2-3", - "ac-3", - "ac-5-c", - "ac-6" - ], - "CIS-3.0": [ - "1.12" - ], - "NIST-800-53-Revision-5": [ - "ac_2_1", - "ac_2_3_a", - "ac_2_3_b", - "ac_2_3_c", - "ac_2_3_d", - "ac_2_3", - "ac_2_6", - "ac_2_g", - "ac_2_j", - "ac_3", - "ac_3_3", - "ac_3_3_a", - "ac_3_3_b_1", - "ac_3_3_b_2", - "ac_3_3_b_3", - "ac_3_3_b_4", - "ac_3_3_b_5", - "ac_3_3_c", - "ac_3_4", - "ac_3_4_a", - "ac_3_4_b", - "ac_3_4_c", - "ac_3_4_d", - "ac_3_4_e", - "ac_3_7", - "ac_3_8", - "ac_3_12_a", - "ac_3_13", - "ac_3_15_a", - "ac_3_15_b", - "ac_4_28", - "ac_6", - "ac_24", - "cm_5_1_a", - "cm_6_a", - "cm_9_b", - "mp_2", - "sc_23_3" - ], - "ENS-RD2022": [ - "op.acc.6.aws.iam.2", - "op.acc.6.aws.iam.3", - "op.acc.6.r7.aws.iam.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.3", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.12" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "ac-3" - ], - "FFIEC": [ - "d3-pc-am-b-6" - ], - "GDPR": [ - "article_25" - ], - "PCI-3.2.1": [ - "8.1", - "8.1.4" - ], - "CIS-5.0": [ - "1.11" - ], - "CIS-1.4": [ - "1.12" - ], - "GxP-21-CFR-Part-11": [ - "11.10-d", - "11.10-g", - "11.300-b" - ], - "ProwlerThreatScore-1.0": [ - "1.1.10" - ], - "AWS-Foundational-Security-Best-Practices": [ - "IAM.8", - "IAM.22", - "IAM.26" - ], - "CIS-1.5": [ - "1.12" - ], - "ISO27001-2022": [ - "A.5.15" - ], - "NIST-800-53-Revision-4": [ - "ac_2_1", - "ac_2_3", - "ac_2", - "ac_3", - "ac_6" - ], - "KISA-ISMS-P-2023": [ - "2.5.3", - "2.10.2" - ], - "ISO27001-2013": [ - "A.9.2", - "A.9.3", - "A.9.4" - ], - "MITRE-ATTACK": [ - "T1078", - "T1550", - "T1110" - ], - "CIS-2.0": [ - "1.12" - ], - "CISA": [ - "your-systems-3" - ], - "NIS2": [ - "11.3.2.d", - "11.5.4" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure unused user console access are disabled", - "title": "Ensure unused user console access are disabled", - "types": [ - "Software and Configuration Checks" - ], - "uid": "prowler-aws-iam_user_console_access_unused-211203495394-us-east-1-terraform-user" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "terraform-user", - "arn": "arn:aws:iam::211203495394:user/terraform-user", - "mfa_devices": [], - "password_last_used": null, - "console_access": false, - "attached_policies": [ - { - "PolicyName": "AdministratorAccess", - "PolicyArn": "arn:aws:iam::aws:policy/AdministratorAccess" - } - ], - "inline_policies": [], - "tags": [ - { - "Key": "CCC_INFRA_DONT_DELETE", - "Value": "True" - }, - { - "Key": "Preexisting", - "Value": "20251012" - } - ] - } - }, - "group": { - "name": "iam" - }, - "labels": [ - "CCC_INFRA_DONT_DELETE:True", - "Preexisting:20251012" - ], - "name": "terraform-user", - "type": "AwsIamUser", - "uid": "arn:aws:iam::211203495394:user/terraform-user" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Find the credentials that they were using and ensure that they are no longer operational. Ideally, you delete credentials if they are no longer needed. You can always recreate them at a later date if the need arises. At the very least, you should change the password or deactivate the access keys so that the former users no longer have access.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_finding-unused.html" - ] - }, - "risk_details": "To increase the security of your AWS account, remove IAM user credentials (that is, passwords and access keys) that are not needed. For example, when users leave your organization or no longer need AWS access.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User test-user-trusted does not have console access enabled or is unused.", - "metadata": { - "event_code": "iam_user_console_access_unused", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "User test-user-trusted does not have console access enabled or is unused.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_1", - "3_1_2", - "3_1_4", - "3_1_5", - "3_5_6", - "3_5_7", - "3_5_8" - ], - "HIPAA": [ - "164_308_a_3_ii_b", - "164_308_a_4_ii_c", - "164_308_a_5_ii_d" - ], - "SOC2": [ - "cc_1_3" - ], - "C5-2025": [ - "OPS-05.02AC", - "IAM-03.02B", - "IAM-03.03B", - "IAM-03.01AS", - "IAM-05.04B", - "IAM-10.01B" - ], - "NIST-CSF-1.1": [ - "ac_1", - "ac_4" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-1", - "ac-2-f", - "ac-2-j", - "ac-2-3", - "ac-3", - "ac-5-c", - "ac-6" - ], - "CIS-3.0": [ - "1.12" - ], - "NIST-800-53-Revision-5": [ - "ac_2_1", - "ac_2_3_a", - "ac_2_3_b", - "ac_2_3_c", - "ac_2_3_d", - "ac_2_3", - "ac_2_6", - "ac_2_g", - "ac_2_j", - "ac_3", - "ac_3_3", - "ac_3_3_a", - "ac_3_3_b_1", - "ac_3_3_b_2", - "ac_3_3_b_3", - "ac_3_3_b_4", - "ac_3_3_b_5", - "ac_3_3_c", - "ac_3_4", - "ac_3_4_a", - "ac_3_4_b", - "ac_3_4_c", - "ac_3_4_d", - "ac_3_4_e", - "ac_3_7", - "ac_3_8", - "ac_3_12_a", - "ac_3_13", - "ac_3_15_a", - "ac_3_15_b", - "ac_4_28", - "ac_6", - "ac_24", - "cm_5_1_a", - "cm_6_a", - "cm_9_b", - "mp_2", - "sc_23_3" - ], - "ENS-RD2022": [ - "op.acc.6.aws.iam.2", - "op.acc.6.aws.iam.3", - "op.acc.6.r7.aws.iam.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.3", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.12" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "ac-3" - ], - "FFIEC": [ - "d3-pc-am-b-6" - ], - "GDPR": [ - "article_25" - ], - "PCI-3.2.1": [ - "8.1", - "8.1.4" - ], - "CIS-5.0": [ - "1.11" - ], - "CIS-1.4": [ - "1.12" - ], - "GxP-21-CFR-Part-11": [ - "11.10-d", - "11.10-g", - "11.300-b" - ], - "ProwlerThreatScore-1.0": [ - "1.1.10" - ], - "AWS-Foundational-Security-Best-Practices": [ - "IAM.8", - "IAM.22", - "IAM.26" - ], - "CIS-1.5": [ - "1.12" - ], - "ISO27001-2022": [ - "A.5.15" - ], - "NIST-800-53-Revision-4": [ - "ac_2_1", - "ac_2_3", - "ac_2", - "ac_3", - "ac_6" - ], - "KISA-ISMS-P-2023": [ - "2.5.3", - "2.10.2" - ], - "ISO27001-2013": [ - "A.9.2", - "A.9.3", - "A.9.4" - ], - "MITRE-ATTACK": [ - "T1078", - "T1550", - "T1110" - ], - "CIS-2.0": [ - "1.12" - ], - "CISA": [ - "your-systems-3" - ], - "NIS2": [ - "11.3.2.d", - "11.5.4" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure unused user console access are disabled", - "title": "Ensure unused user console access are disabled", - "types": [ - "Software and Configuration Checks" - ], - "uid": "prowler-aws-iam_user_console_access_unused-211203495394-us-east-1-test-user-trusted" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "test-user-trusted", - "arn": "arn:aws:iam::211203495394:user/test-user-trusted", - "mfa_devices": [], - "password_last_used": null, - "console_access": false, - "attached_policies": [], - "inline_policies": [ - "CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-read", - "CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-write" - ], - "tags": [ - { - "Key": "Purpose", - "Value": "CCC-Testing" - }, - { - "Key": "ManagedBy", - "Value": "CCC-CFI-Compliance-Framework" - } - ] - } - }, - "group": { - "name": "iam" - }, - "labels": [ - "Purpose:CCC-Testing", - "ManagedBy:CCC-CFI-Compliance-Framework" - ], - "name": "test-user-trusted", - "type": "AwsIamUser", - "uid": "arn:aws:iam::211203495394:user/test-user-trusted" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Find the credentials that they were using and ensure that they are no longer operational. Ideally, you delete credentials if they are no longer needed. You can always recreate them at a later date if the need arises. At the very least, you should change the password or deactivate the access keys so that the former users no longer have access.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_finding-unused.html" - ] - }, - "risk_details": "To increase the security of your AWS account, remove IAM user credentials (that is, passwords and access keys) that are not needed. For example, when users leave your organization or no longer need AWS access.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User terraform-user does not have any type of MFA enabled.", - "metadata": { - "event_code": "iam_user_hardware_mfa_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "User terraform-user does not have any type of MFA enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OPS-16.01B", - "IAM-08.05B", - "IAM-09.02B", - "IAM-09.01AC", - "PSS-05.01B", - "PSS-07.02B" - ], - "AWS-Foundational-Technical-Review": [ - "IAM-001", - "IAM-0012" - ], - "AWS-Audit-Manager-Control-Tower-Guardrails": [ - "3.0.1", - "3.0.2" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.3", - "2.10.2" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2" - ], - "CCC": [ - "CCC.Core.CN03.AR03", - "CCC.Core.CN03.AR04", - "CCC.Core.CN05.AR06" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC02-BP01" - ], - "ISO27001-2022": [ - "A.8.5" - ], - "KISA-ISMS-P-2023": [ - "2.5.3", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1078", - "T1098", - "T1556", - "T1550", - "T1110", - "T1040" - ], - "CISA": [ - "booting-up-thing-to-do-first-2" - ], - "NIS2": [ - "11.7.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Check if IAM users have Hardware MFA enabled.", - "title": "Check if IAM users have Hardware MFA enabled.", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_user_hardware_mfa_enabled-211203495394-us-east-1-terraform-user" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "terraform-user", - "arn": "arn:aws:iam::211203495394:user/terraform-user", - "mfa_devices": [], - "password_last_used": null, - "console_access": false, - "attached_policies": [ - { - "PolicyName": "AdministratorAccess", - "PolicyArn": "arn:aws:iam::aws:policy/AdministratorAccess" - } - ], - "inline_policies": [], - "tags": [ - { - "Key": "CCC_INFRA_DONT_DELETE", - "Value": "True" - }, - { - "Key": "Preexisting", - "Value": "20251012" - } - ] - } - }, - "group": { - "name": "iam" - }, - "labels": [ - "CCC_INFRA_DONT_DELETE:True", - "Preexisting:20251012" - ], - "name": "terraform-user", - "type": "AwsIamUser", - "uid": "arn:aws:iam::211203495394:user/terraform-user" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Enable hardware MFA device for an IAM user from the AWS Management Console, the command line, or the IAM API.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_mfa_enable_physical.html" - ] - }, - "risk_details": "Hardware MFA is preferred over virtual MFA.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User test-user-trusted does not have any type of MFA enabled.", - "metadata": { - "event_code": "iam_user_hardware_mfa_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "User test-user-trusted does not have any type of MFA enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OPS-16.01B", - "IAM-08.05B", - "IAM-09.02B", - "IAM-09.01AC", - "PSS-05.01B", - "PSS-07.02B" - ], - "AWS-Foundational-Technical-Review": [ - "IAM-001", - "IAM-0012" - ], - "AWS-Audit-Manager-Control-Tower-Guardrails": [ - "3.0.1", - "3.0.2" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.3", - "2.10.2" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2" - ], - "CCC": [ - "CCC.Core.CN03.AR03", - "CCC.Core.CN03.AR04", - "CCC.Core.CN05.AR06" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC02-BP01" - ], - "ISO27001-2022": [ - "A.8.5" - ], - "KISA-ISMS-P-2023": [ - "2.5.3", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1078", - "T1098", - "T1556", - "T1550", - "T1110", - "T1040" - ], - "CISA": [ - "booting-up-thing-to-do-first-2" - ], - "NIS2": [ - "11.7.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Check if IAM users have Hardware MFA enabled.", - "title": "Check if IAM users have Hardware MFA enabled.", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_user_hardware_mfa_enabled-211203495394-us-east-1-test-user-trusted" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "test-user-trusted", - "arn": "arn:aws:iam::211203495394:user/test-user-trusted", - "mfa_devices": [], - "password_last_used": null, - "console_access": false, - "attached_policies": [], - "inline_policies": [ - "CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-read", - "CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-write" - ], - "tags": [ - { - "Key": "Purpose", - "Value": "CCC-Testing" - }, - { - "Key": "ManagedBy", - "Value": "CCC-CFI-Compliance-Framework" - } - ] - } - }, - "group": { - "name": "iam" - }, - "labels": [ - "Purpose:CCC-Testing", - "ManagedBy:CCC-CFI-Compliance-Framework" - ], - "name": "test-user-trusted", - "type": "AwsIamUser", - "uid": "arn:aws:iam::211203495394:user/test-user-trusted" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Enable hardware MFA device for an IAM user from the AWS Management Console, the command line, or the IAM API.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_mfa_enable_physical.html" - ] - }, - "risk_details": "Hardware MFA is preferred over virtual MFA.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User terraform-user does not have Console Password enabled.", - "metadata": { - "event_code": "iam_user_mfa_enabled_console_access", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "User terraform-user does not have Console Password enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_1", - "3_1_2", - "3_1_14", - "3_5_2", - "3_5_3" - ], - "HIPAA": [ - "164_308_a_3_ii_a", - "164_312_a_1", - "164_312_d" - ], - "C5-2025": [ - "OPS-05.02AC", - "OPS-16.01B", - "IAM-04.06B", - "IAM-06.09B", - "IAM-08.02B", - "IAM-08.05B", - "IAM-09.02B", - "IAM-09.01AC", - "IAM-10.01B", - "PSS-05.01B", - "PSS-07.01B", - "PSS-07.02B" - ], - "NIST-CSF-1.1": [ - "ac_3", - "ac_7" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-1", - "ac-2-f", - "ac-2-j", - "ia-2-1-2", - "ia-2-1" - ], - "CIS-3.0": [ - "1.10" - ], - "NIST-800-53-Revision-5": [ - "ac_2_1", - "ac_3_2", - "ac_3_3", - "ac_3_3_a", - "ac_3_3_b_1", - "ac_3_3_b_2", - "ac_3_3_b_3", - "ac_3_3_b_4", - "ac_3_3_b_5", - "ac_3_3_c", - "ac_3_4", - "ac_3_4_a", - "ac_3_4_b", - "ac_3_4_c", - "ac_3_4_d", - "ac_3_4_e", - "ac_3_8", - "ac_3_12_a", - "ac_3_13", - "ac_3_15_a", - "ac_3_15_b", - "ac_4_28", - "ac_7_4", - "ac_7_4_a", - "ac_24", - "cm_5_1_a", - "cm_6_a", - "cm_9_b", - "ia_2_1", - "ia_2_2", - "ia_2_6", - "ia_2_6_a", - "ia_2_8", - "sc_23_3" - ], - "ENS-RD2022": [ - "op.acc.6.r2.aws.iam.1", - "op.acc.6.r4.aws.iam.1", - "op.acc.6.r8.aws.iam.1" - ], - "AWS-Foundational-Technical-Review": [ - "IAM-001", - "IAM-0012" - ], - "AWS-Audit-Manager-Control-Tower-Guardrails": [ - "3.0.1", - "3.0.2", - "3.0.3" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.3", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.10" - ], - "PCI-4.0": [ - "8.4.1.1", - "8.4.1.2", - "8.4.2.1", - "8.4.2.2", - "8.4.3.1", - "8.4.3.2" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "ia-2" - ], - "FFIEC": [ - "d3-pc-am-b-15", - "d3-pc-am-b-6" - ], - "GDPR": [ - "article_25" - ], - "PCI-3.2.1": [ - "8.3", - "8.3.1", - "8.3.1.a", - "8.3.2", - "8.3.2.a", - "8.6", - "8.6.c" - ], - "CIS-5.0": [ - "1.9" - ], - "CIS-1.4": [ - "1.10" - ], - "CCC": [ - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN03.AR01", - "CCC.Core.CN03.AR02", - "CCC.Core.CN03.AR03", - "CCC.Core.CN03.AR04", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR06" - ], - "GxP-21-CFR-Part-11": [ - "11.10-d", - "11.10-g", - "11.200" - ], - "ProwlerThreatScore-1.0": [ - "1.1.3" - ], - "AWS-Foundational-Security-Best-Practices": [ - "IAM.5", - "IAM.19" - ], - "CIS-1.5": [ - "1.10" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC02-BP01" - ], - "ISO27001-2022": [ - "A.5.15", - "A.5.17", - "A.8.5" - ], - "NIST-800-53-Revision-4": [ - "ia_2_1", - "ia_2_2", - "ia_2_11" - ], - "KISA-ISMS-P-2023": [ - "2.5.3", - "2.10.2" - ], - "ISO27001-2013": [ - "A.9.2", - "A.9.3", - "A.9.4" - ], - "MITRE-ATTACK": [ - "T1078", - "T1098", - "T1556", - "T1550", - "T1110", - "T1040", - "T1538" - ], - "CIS-2.0": [ - "1.10" - ], - "CISA": [ - "your-systems-3", - "your-surroundings-2", - "booting-up-thing-to-do-first-2" - ], - "NIS2": [ - "11.1.2.c", - "11.3.2.a", - "11.4.2.c", - "11.6.1", - "11.7.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password.", - "title": "Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password.", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_user_mfa_enabled_console_access-211203495394-us-east-1-terraform-user" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "user": "terraform-user", - "arn": "arn:aws:iam::211203495394:user/terraform-user", - "user_creation_time": "2025-10-06T15:56:43Z", - "password_enabled": "false", - "password_last_used": "N/A", - "password_last_changed": "N/A", - "password_next_rotation": "N/A", - "mfa_active": "false", - "access_key_1_active": "true", - "access_key_1_last_rotated": "2025-10-06T15:57:15Z", - "access_key_1_last_used_date": "2025-10-15T11:07:00Z", - "access_key_1_last_used_region": "ap-northeast-1", - "access_key_1_last_used_service": "ec2", - "access_key_2_active": "false", - "access_key_2_last_rotated": "N/A", - "access_key_2_last_used_date": "N/A", - "access_key_2_last_used_region": "N/A", - "access_key_2_last_used_service": "N/A", - "cert_1_active": "false", - "cert_1_last_rotated": "N/A", - "cert_2_active": "false", - "cert_2_last_rotated": "N/A" - } - }, - "group": { - "name": "iam" - }, - "labels": [ - "CCC_INFRA_DONT_DELETE:True", - "Preexisting:20251012" - ], - "name": "terraform-user", - "type": "AwsIamUser", - "uid": "arn:aws:iam::211203495394:user/terraform-user" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Enable MFA for the user's account. MFA is a simple best practice that adds an extra layer of protection on top of your user name and password. Recommended to use hardware keys over virtual MFA.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_mfa_enable_virtual.html" - ] - }, - "risk_details": "Unauthorized access to this critical account if password is not secure or it is disclosed in any way.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User does not have access keys or uses the access keys configured.", - "metadata": { - "event_code": "iam_user_no_setup_initial_access_key", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "User does not have access keys or uses the access keys configured.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "CAF Security Epic: IAM", - "compliance": { - "C5-2025": [ - "OPS-05.02AC", - "IAM-10.01B", - "CRY-03.01B", - "PSS-07.01B" - ], - "CIS-3.0": [ - "1.11" - ], - "ENS-RD2022": [ - "op.acc.6.aws.iam.4" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.11" - ], - "CIS-5.0": [ - "1.1" - ], - "CIS-1.4": [ - "1.11" - ], - "CIS-1.5": [ - "1.11" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC02-BP01" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1078", - "T1550" - ], - "CIS-2.0": [ - "1.11" - ], - "NIS2": [ - "9.2.c", - "9.2.c.iii" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Do not setup access keys during initial user setup for all IAM users that have a console password", - "title": "Do not setup access keys during initial user setup for all IAM users that have a console password", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_user_no_setup_initial_access_key-211203495394-us-east-1-" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "user": "", - "arn": "arn:aws:iam::211203495394:root", - "user_creation_time": "2025-10-03T16:10:08Z", - "password_enabled": "true", - "password_last_used": "2025-10-15T00:42:44Z", - "password_last_changed": "2025-10-03T16:10:08Z", - "password_next_rotation": "not_supported", - "mfa_active": "true", - "access_key_1_active": "false", - "access_key_1_last_rotated": "N/A", - "access_key_1_last_used_date": "N/A", - "access_key_1_last_used_region": "N/A", - "access_key_1_last_used_service": "N/A", - "access_key_2_active": "false", - "access_key_2_last_rotated": "N/A", - "access_key_2_last_used_date": "N/A", - "access_key_2_last_used_region": "N/A", - "access_key_2_last_used_service": "N/A", - "cert_1_active": "false", - "cert_1_last_rotated": "N/A", - "cert_2_active": "false", - "cert_2_last_rotated": "N/A" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "", - "type": "AwsIamAccessKey", - "uid": "arn:aws:iam::211203495394:root" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "From the IAM console: generate credential report and disable not required keys.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_getting-report.html" - ] - }, - "risk_details": "AWS console defaults the checkbox for creating access keys to enabled. This results in many access keys being generated unnecessarily. In addition to unnecessary credentials, it also generates unnecessary management work in auditing and rotating these keys. Requiring that additional steps be taken by the user after their profile has been created will give a stronger indication of intent that access keys are (a) necessary for their work and (b) once the access key is established on an account that the keys may be in use somewhere in the organization.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User terraform-user does not have access keys or uses the access keys configured.", - "metadata": { - "event_code": "iam_user_no_setup_initial_access_key", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "User terraform-user does not have access keys or uses the access keys configured.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "CAF Security Epic: IAM", - "compliance": { - "C5-2025": [ - "OPS-05.02AC", - "IAM-10.01B", - "CRY-03.01B", - "PSS-07.01B" - ], - "CIS-3.0": [ - "1.11" - ], - "ENS-RD2022": [ - "op.acc.6.aws.iam.4" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.11" - ], - "CIS-5.0": [ - "1.1" - ], - "CIS-1.4": [ - "1.11" - ], - "CIS-1.5": [ - "1.11" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC02-BP01" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1078", - "T1550" - ], - "CIS-2.0": [ - "1.11" - ], - "NIS2": [ - "9.2.c", - "9.2.c.iii" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Do not setup access keys during initial user setup for all IAM users that have a console password", - "title": "Do not setup access keys during initial user setup for all IAM users that have a console password", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_user_no_setup_initial_access_key-211203495394-us-east-1-terraform-user" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "user": "terraform-user", - "arn": "arn:aws:iam::211203495394:user/terraform-user", - "user_creation_time": "2025-10-06T15:56:43Z", - "password_enabled": "false", - "password_last_used": "N/A", - "password_last_changed": "N/A", - "password_next_rotation": "N/A", - "mfa_active": "false", - "access_key_1_active": "true", - "access_key_1_last_rotated": "2025-10-06T15:57:15Z", - "access_key_1_last_used_date": "2025-10-15T11:07:00Z", - "access_key_1_last_used_region": "ap-northeast-1", - "access_key_1_last_used_service": "ec2", - "access_key_2_active": "false", - "access_key_2_last_rotated": "N/A", - "access_key_2_last_used_date": "N/A", - "access_key_2_last_used_region": "N/A", - "access_key_2_last_used_service": "N/A", - "cert_1_active": "false", - "cert_1_last_rotated": "N/A", - "cert_2_active": "false", - "cert_2_last_rotated": "N/A" - } - }, - "group": { - "name": "iam" - }, - "labels": [ - "CCC_INFRA_DONT_DELETE:True", - "Preexisting:20251012" - ], - "name": "terraform-user", - "type": "AwsIamAccessKey", - "uid": "arn:aws:iam::211203495394:user/terraform-user" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "From the IAM console: generate credential report and disable not required keys.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_getting-report.html" - ] - }, - "risk_details": "AWS console defaults the checkbox for creating access keys to enabled. This results in many access keys being generated unnecessarily. In addition to unnecessary credentials, it also generates unnecessary management work in auditing and rotating these keys. Requiring that additional steps be taken by the user after their profile has been created will give a stronger indication of intent that access keys are (a) necessary for their work and (b) once the access key is established on an account that the keys may be in use somewhere in the organization.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User does not have 2 active access keys.", - "metadata": { - "event_code": "iam_user_two_active_access_key", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "User does not have 2 active access keys.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-10.01B", - "CRY-03.01B" - ], - "CIS-3.0": [ - "1.13" - ], - "ENS-RD2022": [ - "op.acc.6.aws.iam.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.13" - ], - "CIS-5.0": [ - "1.12" - ], - "CIS-1.4": [ - "1.13" - ], - "CIS-1.5": [ - "1.13" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC02-BP01" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1078", - "T1550" - ], - "CIS-2.0": [ - "1.13" - ], - "NIS2": [ - "9.2.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Check if IAM users have two active access keys", - "title": "Check if IAM users have two active access keys", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_user_two_active_access_key-211203495394-us-east-1-" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "user": "", - "arn": "arn:aws:iam::211203495394:root", - "user_creation_time": "2025-10-03T16:10:08Z", - "password_enabled": "true", - "password_last_used": "2025-10-15T00:42:44Z", - "password_last_changed": "2025-10-03T16:10:08Z", - "password_next_rotation": "not_supported", - "mfa_active": "true", - "access_key_1_active": "false", - "access_key_1_last_rotated": "N/A", - "access_key_1_last_used_date": "N/A", - "access_key_1_last_used_region": "N/A", - "access_key_1_last_used_service": "N/A", - "access_key_2_active": "false", - "access_key_2_last_rotated": "N/A", - "access_key_2_last_used_date": "N/A", - "access_key_2_last_used_region": "N/A", - "access_key_2_last_used_service": "N/A", - "cert_1_active": "false", - "cert_1_last_rotated": "N/A", - "cert_2_active": "false", - "cert_2_last_rotated": "N/A" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "", - "type": "AwsIamUser", - "uid": "arn:aws:iam::211203495394:root" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Avoid using long lived access keys.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListAccessKeys.html" - ] - }, - "risk_details": "Access Keys could be lost or stolen. It creates a critical risk.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User terraform-user does not have 2 active access keys.", - "metadata": { - "event_code": "iam_user_two_active_access_key", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "User terraform-user does not have 2 active access keys.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-10.01B", - "CRY-03.01B" - ], - "CIS-3.0": [ - "1.13" - ], - "ENS-RD2022": [ - "op.acc.6.aws.iam.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.13" - ], - "CIS-5.0": [ - "1.12" - ], - "CIS-1.4": [ - "1.13" - ], - "CIS-1.5": [ - "1.13" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC02-BP01" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1078", - "T1550" - ], - "CIS-2.0": [ - "1.13" - ], - "NIS2": [ - "9.2.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Check if IAM users have two active access keys", - "title": "Check if IAM users have two active access keys", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_user_two_active_access_key-211203495394-us-east-1-terraform-user" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "user": "terraform-user", - "arn": "arn:aws:iam::211203495394:user/terraform-user", - "user_creation_time": "2025-10-06T15:56:43Z", - "password_enabled": "false", - "password_last_used": "N/A", - "password_last_changed": "N/A", - "password_next_rotation": "N/A", - "mfa_active": "false", - "access_key_1_active": "true", - "access_key_1_last_rotated": "2025-10-06T15:57:15Z", - "access_key_1_last_used_date": "2025-10-15T11:07:00Z", - "access_key_1_last_used_region": "ap-northeast-1", - "access_key_1_last_used_service": "ec2", - "access_key_2_active": "false", - "access_key_2_last_rotated": "N/A", - "access_key_2_last_used_date": "N/A", - "access_key_2_last_used_region": "N/A", - "access_key_2_last_used_service": "N/A", - "cert_1_active": "false", - "cert_1_last_rotated": "N/A", - "cert_2_active": "false", - "cert_2_last_rotated": "N/A" - } - }, - "group": { - "name": "iam" - }, - "labels": [ - "CCC_INFRA_DONT_DELETE:True", - "Preexisting:20251012" - ], - "name": "terraform-user", - "type": "AwsIamUser", - "uid": "arn:aws:iam::211203495394:user/terraform-user" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Avoid using long lived access keys.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListAccessKeys.html" - ] - }, - "risk_details": "Access Keys could be lost or stolen. It creates a critical risk.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User terraform-user has long lived credentials with access to other services than IAM or STS.", - "metadata": { - "event_code": "iam_user_with_temporary_credentials", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "User terraform-user has long lived credentials with access to other services than IAM or STS.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-01.01B", - "IAM-01.04B", - "IAM-03.01B", - "IAM-03.03B", - "IAM-03.01AS", - "IAM-06.01B", - "IAM-08.02B" - ], - "AWS-Foundational-Technical-Review": [ - "IAM-002", - "IAM-0012" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.3", - "2.10.2" - ], - "KISA-ISMS-P-2023": [ - "2.5.3", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure users make use of temporary credentials assuming IAM roles", - "title": "Ensure users make use of temporary credentials assuming IAM roles", - "types": [ - "Infrastructure Security" - ], - "uid": "prowler-aws-iam_user_with_temporary_credentials-211203495394-us-east-1-terraform-user" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "terraform-user", - "arn": "arn:aws:iam::211203495394:user/terraform-user" - } - }, - "group": { - "name": "iam" - }, - "labels": [ - "CCC_INFRA_DONT_DELETE:True", - "Preexisting:20251012" - ], - "name": "terraform-user", - "type": "AwsIamUser", - "uid": "arn:aws:iam::211203495394:user/terraform-user" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "As a best practice, use temporary security credentials (IAM roles) instead of creating long-term credentials like access keys, and don't create AWS account root user access keys.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html" - ] - }, - "risk_details": "As a best practice, use temporary security credentials (IAM roles) instead of creating long-term credentials like access keys, and don't create AWS account root user access keys.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User test-user-trusted has long lived credentials with access to other services than IAM or STS.", - "metadata": { - "event_code": "iam_user_with_temporary_credentials", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "User test-user-trusted has long lived credentials with access to other services than IAM or STS.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-01.01B", - "IAM-01.04B", - "IAM-03.01B", - "IAM-03.03B", - "IAM-03.01AS", - "IAM-06.01B", - "IAM-08.02B" - ], - "AWS-Foundational-Technical-Review": [ - "IAM-002", - "IAM-0012" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.3", - "2.10.2" - ], - "KISA-ISMS-P-2023": [ - "2.5.3", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure users make use of temporary credentials assuming IAM roles", - "title": "Ensure users make use of temporary credentials assuming IAM roles", - "types": [ - "Infrastructure Security" - ], - "uid": "prowler-aws-iam_user_with_temporary_credentials-211203495394-us-east-1-test-user-trusted" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "test-user-trusted", - "arn": "arn:aws:iam::211203495394:user/test-user-trusted" - } - }, - "group": { - "name": "iam" - }, - "labels": [ - "Purpose:CCC-Testing", - "ManagedBy:CCC-CFI-Compliance-Framework" - ], - "name": "test-user-trusted", - "type": "AwsIamUser", - "uid": "arn:aws:iam::211203495394:user/test-user-trusted" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "As a best practice, use temporary security credentials (IAM roles) instead of creating long-term credentials like access keys, and don't create AWS account root user access keys.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html" - ] - }, - "risk_details": "As a best practice, use temporary security credentials (IAM roles) instead of creating long-term credentials like access keys, and don't create AWS account root user access keys.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 1b7c736d-854c-475a-a8a5-df95b3d7a4df is not being used but it has scheduled deletion.", - "metadata": { - "event_code": "kms_cmk_are_used", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "KMS CMK 1b7c736d-854c-475a-a8a5-df95b3d7a4df is not being used but it has scheduled deletion.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "CCC": [ - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP01" - ], - "ISO27001-2022": [ - "A.8.5", - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.1", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Check if there are CMK KMS keys not used.", - "title": "Check if there are CMK KMS keys not used.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-kms_cmk_are_used-211203495394-eu-west-1-1b7c736d-854c-475a-a8a5-df95b3d7a4df" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "1b7c736d-854c-475a-a8a5-df95b3d7a4df", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/1b7c736d-854c-475a-a8a5-df95b3d7a4df", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Id": "key-default-1", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [] - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "1b7c736d-854c-475a-a8a5-df95b3d7a4df", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/1b7c736d-854c-475a-a8a5-df95b3d7a4df" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Before deleting a customer master key (CMK), you might want to know how many cipher-texts were encrypted under that key.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-determining-usage.html" - ] - }, - "risk_details": "Unused keys may increase service cost.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 1f7c04ae-50f9-4bd6-b725-433368271fbd is not being used but it has scheduled deletion.", - "metadata": { - "event_code": "kms_cmk_are_used", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "KMS CMK 1f7c04ae-50f9-4bd6-b725-433368271fbd is not being used but it has scheduled deletion.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "CCC": [ - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP01" - ], - "ISO27001-2022": [ - "A.8.5", - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.1", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Check if there are CMK KMS keys not used.", - "title": "Check if there are CMK KMS keys not used.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-kms_cmk_are_used-211203495394-eu-west-1-1f7c04ae-50f9-4bd6-b725-433368271fbd" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "1f7c04ae-50f9-4bd6-b725-433368271fbd", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/1f7c04ae-50f9-4bd6-b725-433368271fbd", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Id": "key-default-1", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [] - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "1f7c04ae-50f9-4bd6-b725-433368271fbd", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/1f7c04ae-50f9-4bd6-b725-433368271fbd" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Before deleting a customer master key (CMK), you might want to know how many cipher-texts were encrypted under that key.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-determining-usage.html" - ] - }, - "risk_details": "Unused keys may increase service cost.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 29586687-b1be-4c1b-a758-1f2878050364 is not being used but it has scheduled deletion.", - "metadata": { - "event_code": "kms_cmk_are_used", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "KMS CMK 29586687-b1be-4c1b-a758-1f2878050364 is not being used but it has scheduled deletion.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "CCC": [ - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP01" - ], - "ISO27001-2022": [ - "A.8.5", - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.1", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Check if there are CMK KMS keys not used.", - "title": "Check if there are CMK KMS keys not used.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-kms_cmk_are_used-211203495394-eu-west-1-29586687-b1be-4c1b-a758-1f2878050364" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "29586687-b1be-4c1b-a758-1f2878050364", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/29586687-b1be-4c1b-a758-1f2878050364", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "Default", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [ - { - "TagKey": "Example", - "TagValue": "ex-rds" - }, - { - "TagKey": "GithubOrg", - "TagValue": "terraform-aws-modules" - }, - { - "TagKey": "GithubRepo", - "TagValue": "terraform-aws-rds-aurora" - } - ] - } - }, - "group": { - "name": "kms" - }, - "labels": [ - "TagKey:GithubRepo", - "TagValue:terraform-aws-rds-aurora" - ], - "name": "29586687-b1be-4c1b-a758-1f2878050364", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/29586687-b1be-4c1b-a758-1f2878050364" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Before deleting a customer master key (CMK), you might want to know how many cipher-texts were encrypted under that key.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-determining-usage.html" - ] - }, - "risk_details": "Unused keys may increase service cost.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 34307c6a-e2e3-4f56-8543-fa92dd73df4f is not being used but it has scheduled deletion.", - "metadata": { - "event_code": "kms_cmk_are_used", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "KMS CMK 34307c6a-e2e3-4f56-8543-fa92dd73df4f is not being used but it has scheduled deletion.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "CCC": [ - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP01" - ], - "ISO27001-2022": [ - "A.8.5", - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.1", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Check if there are CMK KMS keys not used.", - "title": "Check if there are CMK KMS keys not used.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-kms_cmk_are_used-211203495394-eu-west-1-34307c6a-e2e3-4f56-8543-fa92dd73df4f" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "34307c6a-e2e3-4f56-8543-fa92dd73df4f", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/34307c6a-e2e3-4f56-8543-fa92dd73df4f", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Id": "key-default-1", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [] - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "34307c6a-e2e3-4f56-8543-fa92dd73df4f", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/34307c6a-e2e3-4f56-8543-fa92dd73df4f" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Before deleting a customer master key (CMK), you might want to know how many cipher-texts were encrypted under that key.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-determining-usage.html" - ] - }, - "risk_details": "Unused keys may increase service cost.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 3c96a820-bc6c-4059-9a8e-3a283bf8c4f5 is not being used but it has scheduled deletion.", - "metadata": { - "event_code": "kms_cmk_are_used", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "KMS CMK 3c96a820-bc6c-4059-9a8e-3a283bf8c4f5 is not being used but it has scheduled deletion.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "CCC": [ - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP01" - ], - "ISO27001-2022": [ - "A.8.5", - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.1", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Check if there are CMK KMS keys not used.", - "title": "Check if there are CMK KMS keys not used.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-kms_cmk_are_used-211203495394-eu-west-1-3c96a820-bc6c-4059-9a8e-3a283bf8c4f5" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "3c96a820-bc6c-4059-9a8e-3a283bf8c4f5", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/3c96a820-bc6c-4059-9a8e-3a283bf8c4f5", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Id": "key-default-1", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [] - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "3c96a820-bc6c-4059-9a8e-3a283bf8c4f5", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/3c96a820-bc6c-4059-9a8e-3a283bf8c4f5" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Before deleting a customer master key (CMK), you might want to know how many cipher-texts were encrypted under that key.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-determining-usage.html" - ] - }, - "risk_details": "Unused keys may increase service cost.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 4cac849c-0540-454c-9d3c-cd040cfab4a9 is not being used but it has scheduled deletion.", - "metadata": { - "event_code": "kms_cmk_are_used", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "KMS CMK 4cac849c-0540-454c-9d3c-cd040cfab4a9 is not being used but it has scheduled deletion.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "CCC": [ - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP01" - ], - "ISO27001-2022": [ - "A.8.5", - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.1", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Check if there are CMK KMS keys not used.", - "title": "Check if there are CMK KMS keys not used.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-kms_cmk_are_used-211203495394-eu-west-1-4cac849c-0540-454c-9d3c-cd040cfab4a9" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "4cac849c-0540-454c-9d3c-cd040cfab4a9", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/4cac849c-0540-454c-9d3c-cd040cfab4a9", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Id": "key-default-1", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [] - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "4cac849c-0540-454c-9d3c-cd040cfab4a9", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/4cac849c-0540-454c-9d3c-cd040cfab4a9" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Before deleting a customer master key (CMK), you might want to know how many cipher-texts were encrypted under that key.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-determining-usage.html" - ] - }, - "risk_details": "Unused keys may increase service cost.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 51726887-02ae-44f3-a044-7e70d96761f9 is not being used but it has scheduled deletion.", - "metadata": { - "event_code": "kms_cmk_are_used", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "KMS CMK 51726887-02ae-44f3-a044-7e70d96761f9 is not being used but it has scheduled deletion.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "CCC": [ - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP01" - ], - "ISO27001-2022": [ - "A.8.5", - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.1", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Check if there are CMK KMS keys not used.", - "title": "Check if there are CMK KMS keys not used.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-kms_cmk_are_used-211203495394-eu-west-1-51726887-02ae-44f3-a044-7e70d96761f9" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "51726887-02ae-44f3-a044-7e70d96761f9", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/51726887-02ae-44f3-a044-7e70d96761f9", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "Default", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [ - { - "TagKey": "Example", - "TagValue": "ex-rds" - }, - { - "TagKey": "GithubOrg", - "TagValue": "terraform-aws-modules" - }, - { - "TagKey": "GithubRepo", - "TagValue": "terraform-aws-rds-aurora" - } - ] - } - }, - "group": { - "name": "kms" - }, - "labels": [ - "TagKey:GithubRepo", - "TagValue:terraform-aws-rds-aurora" - ], - "name": "51726887-02ae-44f3-a044-7e70d96761f9", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/51726887-02ae-44f3-a044-7e70d96761f9" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Before deleting a customer master key (CMK), you might want to know how many cipher-texts were encrypted under that key.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-determining-usage.html" - ] - }, - "risk_details": "Unused keys may increase service cost.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 6ce7a755-4867-4c6a-966c-896a1edcc078 is not being used but it has scheduled deletion.", - "metadata": { - "event_code": "kms_cmk_are_used", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "KMS CMK 6ce7a755-4867-4c6a-966c-896a1edcc078 is not being used but it has scheduled deletion.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "CCC": [ - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP01" - ], - "ISO27001-2022": [ - "A.8.5", - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.1", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Check if there are CMK KMS keys not used.", - "title": "Check if there are CMK KMS keys not used.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-kms_cmk_are_used-211203495394-eu-west-1-6ce7a755-4867-4c6a-966c-896a1edcc078" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "6ce7a755-4867-4c6a-966c-896a1edcc078", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/6ce7a755-4867-4c6a-966c-896a1edcc078", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Id": "key-default-1", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [] - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "6ce7a755-4867-4c6a-966c-896a1edcc078", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/6ce7a755-4867-4c6a-966c-896a1edcc078" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Before deleting a customer master key (CMK), you might want to know how many cipher-texts were encrypted under that key.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-determining-usage.html" - ] - }, - "risk_details": "Unused keys may increase service cost.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 737fb7a4-e9f8-4ab4-87a8-aac87372f1c4 is not being used but it has scheduled deletion.", - "metadata": { - "event_code": "kms_cmk_are_used", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "KMS CMK 737fb7a4-e9f8-4ab4-87a8-aac87372f1c4 is not being used but it has scheduled deletion.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "CCC": [ - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP01" - ], - "ISO27001-2022": [ - "A.8.5", - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.1", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Check if there are CMK KMS keys not used.", - "title": "Check if there are CMK KMS keys not used.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-kms_cmk_are_used-211203495394-eu-west-1-737fb7a4-e9f8-4ab4-87a8-aac87372f1c4" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "737fb7a4-e9f8-4ab4-87a8-aac87372f1c4", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/737fb7a4-e9f8-4ab4-87a8-aac87372f1c4", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Id": "key-default-1", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [] - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "737fb7a4-e9f8-4ab4-87a8-aac87372f1c4", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/737fb7a4-e9f8-4ab4-87a8-aac87372f1c4" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Before deleting a customer master key (CMK), you might want to know how many cipher-texts were encrypted under that key.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-determining-usage.html" - ] - }, - "risk_details": "Unused keys may increase service cost.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 7becded9-6105-409d-9ddc-1ec9ad37781a is not being used but it has scheduled deletion.", - "metadata": { - "event_code": "kms_cmk_are_used", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "KMS CMK 7becded9-6105-409d-9ddc-1ec9ad37781a is not being used but it has scheduled deletion.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "CCC": [ - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP01" - ], - "ISO27001-2022": [ - "A.8.5", - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.1", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Check if there are CMK KMS keys not used.", - "title": "Check if there are CMK KMS keys not used.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-kms_cmk_are_used-211203495394-eu-west-1-7becded9-6105-409d-9ddc-1ec9ad37781a" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "7becded9-6105-409d-9ddc-1ec9ad37781a", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/7becded9-6105-409d-9ddc-1ec9ad37781a", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "Default", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [ - { - "TagKey": "Example", - "TagValue": "ex-rds" - }, - { - "TagKey": "GithubOrg", - "TagValue": "terraform-aws-modules" - }, - { - "TagKey": "GithubRepo", - "TagValue": "terraform-aws-rds-aurora" - } - ] - } - }, - "group": { - "name": "kms" - }, - "labels": [ - "TagKey:GithubRepo", - "TagValue:terraform-aws-rds-aurora" - ], - "name": "7becded9-6105-409d-9ddc-1ec9ad37781a", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/7becded9-6105-409d-9ddc-1ec9ad37781a" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Before deleting a customer master key (CMK), you might want to know how many cipher-texts were encrypted under that key.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-determining-usage.html" - ] - }, - "risk_details": "Unused keys may increase service cost.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 84910ea5-e87b-4175-a70d-317307443c9b is not being used but it has scheduled deletion.", - "metadata": { - "event_code": "kms_cmk_are_used", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "KMS CMK 84910ea5-e87b-4175-a70d-317307443c9b is not being used but it has scheduled deletion.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "CCC": [ - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP01" - ], - "ISO27001-2022": [ - "A.8.5", - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.1", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Check if there are CMK KMS keys not used.", - "title": "Check if there are CMK KMS keys not used.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-kms_cmk_are_used-211203495394-eu-west-1-84910ea5-e87b-4175-a70d-317307443c9b" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "84910ea5-e87b-4175-a70d-317307443c9b", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/84910ea5-e87b-4175-a70d-317307443c9b", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Id": "key-default-1", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [] - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "84910ea5-e87b-4175-a70d-317307443c9b", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/84910ea5-e87b-4175-a70d-317307443c9b" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Before deleting a customer master key (CMK), you might want to know how many cipher-texts were encrypted under that key.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-determining-usage.html" - ] - }, - "risk_details": "Unused keys may increase service cost.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 8775e1db-1bd3-430a-859e-3f4c2add845f is not being used but it has scheduled deletion.", - "metadata": { - "event_code": "kms_cmk_are_used", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "KMS CMK 8775e1db-1bd3-430a-859e-3f4c2add845f is not being used but it has scheduled deletion.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "CCC": [ - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP01" - ], - "ISO27001-2022": [ - "A.8.5", - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.1", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Check if there are CMK KMS keys not used.", - "title": "Check if there are CMK KMS keys not used.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-kms_cmk_are_used-211203495394-eu-west-1-8775e1db-1bd3-430a-859e-3f4c2add845f" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "8775e1db-1bd3-430a-859e-3f4c2add845f", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/8775e1db-1bd3-430a-859e-3f4c2add845f", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Id": "key-default-1", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [] - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "8775e1db-1bd3-430a-859e-3f4c2add845f", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/8775e1db-1bd3-430a-859e-3f4c2add845f" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Before deleting a customer master key (CMK), you might want to know how many cipher-texts were encrypted under that key.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-determining-usage.html" - ] - }, - "risk_details": "Unused keys may increase service cost.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 99ad2e00-15a1-4135-b8fb-dd5accf3652f is not being used but it has scheduled deletion.", - "metadata": { - "event_code": "kms_cmk_are_used", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "KMS CMK 99ad2e00-15a1-4135-b8fb-dd5accf3652f is not being used but it has scheduled deletion.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "CCC": [ - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP01" - ], - "ISO27001-2022": [ - "A.8.5", - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.1", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Check if there are CMK KMS keys not used.", - "title": "Check if there are CMK KMS keys not used.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-kms_cmk_are_used-211203495394-eu-west-1-99ad2e00-15a1-4135-b8fb-dd5accf3652f" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "99ad2e00-15a1-4135-b8fb-dd5accf3652f", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/99ad2e00-15a1-4135-b8fb-dd5accf3652f", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Id": "key-default-1", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [] - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "99ad2e00-15a1-4135-b8fb-dd5accf3652f", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/99ad2e00-15a1-4135-b8fb-dd5accf3652f" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Before deleting a customer master key (CMK), you might want to know how many cipher-texts were encrypted under that key.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-determining-usage.html" - ] - }, - "risk_details": "Unused keys may increase service cost.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 9df09165-d3c4-46c5-954f-a66bcb65f64f is not being used but it has scheduled deletion.", - "metadata": { - "event_code": "kms_cmk_are_used", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "KMS CMK 9df09165-d3c4-46c5-954f-a66bcb65f64f is not being used but it has scheduled deletion.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "CCC": [ - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP01" - ], - "ISO27001-2022": [ - "A.8.5", - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.1", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Check if there are CMK KMS keys not used.", - "title": "Check if there are CMK KMS keys not used.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-kms_cmk_are_used-211203495394-eu-west-1-9df09165-d3c4-46c5-954f-a66bcb65f64f" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "9df09165-d3c4-46c5-954f-a66bcb65f64f", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/9df09165-d3c4-46c5-954f-a66bcb65f64f", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Id": "key-default-1", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [] - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "9df09165-d3c4-46c5-954f-a66bcb65f64f", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/9df09165-d3c4-46c5-954f-a66bcb65f64f" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Before deleting a customer master key (CMK), you might want to know how many cipher-texts were encrypted under that key.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-determining-usage.html" - ] - }, - "risk_details": "Unused keys may increase service cost.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK b6fe9898-8d78-4d6f-aeeb-2f2083ab7552 is not being used but it has scheduled deletion.", - "metadata": { - "event_code": "kms_cmk_are_used", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "KMS CMK b6fe9898-8d78-4d6f-aeeb-2f2083ab7552 is not being used but it has scheduled deletion.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "CCC": [ - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP01" - ], - "ISO27001-2022": [ - "A.8.5", - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.1", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Check if there are CMK KMS keys not used.", - "title": "Check if there are CMK KMS keys not used.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-kms_cmk_are_used-211203495394-eu-west-1-b6fe9898-8d78-4d6f-aeeb-2f2083ab7552" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "b6fe9898-8d78-4d6f-aeeb-2f2083ab7552", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/b6fe9898-8d78-4d6f-aeeb-2f2083ab7552", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Id": "key-default-1", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [] - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "b6fe9898-8d78-4d6f-aeeb-2f2083ab7552", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/b6fe9898-8d78-4d6f-aeeb-2f2083ab7552" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Before deleting a customer master key (CMK), you might want to know how many cipher-texts were encrypted under that key.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-determining-usage.html" - ] - }, - "risk_details": "Unused keys may increase service cost.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK c28e1f44-d1bb-40d8-beef-21efdcb66bb7 is not being used but it has scheduled deletion.", - "metadata": { - "event_code": "kms_cmk_are_used", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "KMS CMK c28e1f44-d1bb-40d8-beef-21efdcb66bb7 is not being used but it has scheduled deletion.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "CCC": [ - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP01" - ], - "ISO27001-2022": [ - "A.8.5", - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.1", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Check if there are CMK KMS keys not used.", - "title": "Check if there are CMK KMS keys not used.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-kms_cmk_are_used-211203495394-eu-west-1-c28e1f44-d1bb-40d8-beef-21efdcb66bb7" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "c28e1f44-d1bb-40d8-beef-21efdcb66bb7", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/c28e1f44-d1bb-40d8-beef-21efdcb66bb7", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "Default", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [ - { - "TagKey": "Example", - "TagValue": "ex-rds" - }, - { - "TagKey": "GithubOrg", - "TagValue": "terraform-aws-modules" - }, - { - "TagKey": "GithubRepo", - "TagValue": "terraform-aws-rds-aurora" - } - ] - } - }, - "group": { - "name": "kms" - }, - "labels": [ - "TagKey:GithubRepo", - "TagValue:terraform-aws-rds-aurora" - ], - "name": "c28e1f44-d1bb-40d8-beef-21efdcb66bb7", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/c28e1f44-d1bb-40d8-beef-21efdcb66bb7" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Before deleting a customer master key (CMK), you might want to know how many cipher-texts were encrypted under that key.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-determining-usage.html" - ] - }, - "risk_details": "Unused keys may increase service cost.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK c45a036b-843a-48be-9621-57e49da9e4f6 is not being used but it has scheduled deletion.", - "metadata": { - "event_code": "kms_cmk_are_used", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "KMS CMK c45a036b-843a-48be-9621-57e49da9e4f6 is not being used but it has scheduled deletion.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "CCC": [ - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP01" - ], - "ISO27001-2022": [ - "A.8.5", - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.1", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Check if there are CMK KMS keys not used.", - "title": "Check if there are CMK KMS keys not used.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-kms_cmk_are_used-211203495394-eu-west-1-c45a036b-843a-48be-9621-57e49da9e4f6" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "c45a036b-843a-48be-9621-57e49da9e4f6", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/c45a036b-843a-48be-9621-57e49da9e4f6", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "Default", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [ - { - "TagKey": "Example", - "TagValue": "ex-rds" - }, - { - "TagKey": "GithubOrg", - "TagValue": "terraform-aws-modules" - }, - { - "TagKey": "GithubRepo", - "TagValue": "terraform-aws-rds-aurora" - } - ] - } - }, - "group": { - "name": "kms" - }, - "labels": [ - "TagKey:GithubRepo", - "TagValue:terraform-aws-rds-aurora" - ], - "name": "c45a036b-843a-48be-9621-57e49da9e4f6", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/c45a036b-843a-48be-9621-57e49da9e4f6" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Before deleting a customer master key (CMK), you might want to know how many cipher-texts were encrypted under that key.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-determining-usage.html" - ] - }, - "risk_details": "Unused keys may increase service cost.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK cdbd7090-6c87-4e56-b755-fddf82d253ef is not being used but it has scheduled deletion.", - "metadata": { - "event_code": "kms_cmk_are_used", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "KMS CMK cdbd7090-6c87-4e56-b755-fddf82d253ef is not being used but it has scheduled deletion.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "CCC": [ - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP01" - ], - "ISO27001-2022": [ - "A.8.5", - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.1", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Check if there are CMK KMS keys not used.", - "title": "Check if there are CMK KMS keys not used.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-kms_cmk_are_used-211203495394-eu-west-1-cdbd7090-6c87-4e56-b755-fddf82d253ef" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "cdbd7090-6c87-4e56-b755-fddf82d253ef", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/cdbd7090-6c87-4e56-b755-fddf82d253ef", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Id": "key-default-1", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [] - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "cdbd7090-6c87-4e56-b755-fddf82d253ef", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/cdbd7090-6c87-4e56-b755-fddf82d253ef" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Before deleting a customer master key (CMK), you might want to know how many cipher-texts were encrypted under that key.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-determining-usage.html" - ] - }, - "risk_details": "Unused keys may increase service cost.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK cf944303-41d3-401c-b296-00cbbb3d5ca4 is not being used but it has scheduled deletion.", - "metadata": { - "event_code": "kms_cmk_are_used", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "KMS CMK cf944303-41d3-401c-b296-00cbbb3d5ca4 is not being used but it has scheduled deletion.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "CCC": [ - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP01" - ], - "ISO27001-2022": [ - "A.8.5", - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.1", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Check if there are CMK KMS keys not used.", - "title": "Check if there are CMK KMS keys not used.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-kms_cmk_are_used-211203495394-eu-west-1-cf944303-41d3-401c-b296-00cbbb3d5ca4" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "cf944303-41d3-401c-b296-00cbbb3d5ca4", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/cf944303-41d3-401c-b296-00cbbb3d5ca4", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Id": "key-default-1", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [] - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "cf944303-41d3-401c-b296-00cbbb3d5ca4", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/cf944303-41d3-401c-b296-00cbbb3d5ca4" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Before deleting a customer master key (CMK), you might want to know how many cipher-texts were encrypted under that key.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-determining-usage.html" - ] - }, - "risk_details": "Unused keys may increase service cost.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK db617ef7-813a-45f5-b3e3-65c57fdf56a3 is being used.", - "metadata": { - "event_code": "kms_cmk_are_used", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "KMS CMK db617ef7-813a-45f5-b3e3-65c57fdf56a3 is being used.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "CCC": [ - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP01" - ], - "ISO27001-2022": [ - "A.8.5", - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.1", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Check if there are CMK KMS keys not used.", - "title": "Check if there are CMK KMS keys not used.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-kms_cmk_are_used-211203495394-eu-west-1-db617ef7-813a-45f5-b3e3-65c57fdf56a3" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "db617ef7-813a-45f5-b3e3-65c57fdf56a3", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/db617ef7-813a-45f5-b3e3-65c57fdf56a3", - "state": "Enabled", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": true, - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "Default", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [ - { - "TagKey": "Example", - "TagValue": "ex-rds" - }, - { - "TagKey": "GithubOrg", - "TagValue": "terraform-aws-modules" - }, - { - "TagKey": "GithubRepo", - "TagValue": "terraform-aws-rds-aurora" - } - ] - } - }, - "group": { - "name": "kms" - }, - "labels": [ - "TagKey:GithubRepo", - "TagValue:terraform-aws-rds-aurora" - ], - "name": "db617ef7-813a-45f5-b3e3-65c57fdf56a3", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/db617ef7-813a-45f5-b3e3-65c57fdf56a3" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Before deleting a customer master key (CMK), you might want to know how many cipher-texts were encrypted under that key.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-determining-usage.html" - ] - }, - "risk_details": "Unused keys may increase service cost.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 939cf539-5ce7-4c5f-a055-b2eb4fe5d9be is not being used but it has scheduled deletion.", - "metadata": { - "event_code": "kms_cmk_are_used", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "KMS CMK 939cf539-5ce7-4c5f-a055-b2eb4fe5d9be is not being used but it has scheduled deletion.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "CCC": [ - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP01" - ], - "ISO27001-2022": [ - "A.8.5", - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.1", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Check if there are CMK KMS keys not used.", - "title": "Check if there are CMK KMS keys not used.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-kms_cmk_are_used-211203495394-us-east-1-939cf539-5ce7-4c5f-a055-b2eb4fe5d9be" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "id": "939cf539-5ce7-4c5f-a055-b2eb4fe5d9be", - "arn": "arn:aws:kms:us-east-1:211203495394:key/939cf539-5ce7-4c5f-a055-b2eb4fe5d9be", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - }, - { - "Sid": "Allow CloudWatch Logs", - "Effect": "Allow", - "Principal": { - "Service": "logs.us-east-1.amazonaws.com" - }, - "Action": [ - "kms:Encrypt*", - "kms:Decrypt*", - "kms:ReEncrypt*", - "kms:GenerateDataKey*", - "kms:Describe*" - ], - "Resource": "*", - "Condition": { - "ArnLike": { - "kms:EncryptionContext:aws:logs:arn": "arn:aws:logs:us-east-1:211203495394:log-group:/aws/s3/*" - } - } - }, - { - "Sid": "Allow Key Users", - "Effect": "Allow", - "Principal": { - "AWS": [ - "arn:aws:iam::211203495394:root", - "arn:aws:iam::211203495394:user/terraform-user" - ] - }, - "Action": [ - "kms:Encrypt", - "kms:Decrypt", - "kms:ReEncrypt*", - "kms:GenerateDataKey*", - "kms:DescribeKey" - ], - "Resource": "*", - "Condition": { - "ArnLike": { - "kms:EncryptionContext:aws:logs:arn": "arn:aws:logs:us-east-1:211203495394:log-group:/aws/s3/*" - } - } - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "us-east-1", - "multi_region": false, - "tags": [ - { - "TagKey": "Environment", - "TagValue": "Production" - }, - { - "TagKey": "Owner", - "TagValue": "CFI" - }, - { - "TagKey": "managed-by", - "TagValue": "terraform" - }, - { - "TagKey": "module", - "TagValue": "secure-s3" - } - ] - } - }, - "group": { - "name": "kms" - }, - "labels": [ - "TagKey:module", - "TagValue:secure-s3" - ], - "name": "939cf539-5ce7-4c5f-a055-b2eb4fe5d9be", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:us-east-1:211203495394:key/939cf539-5ce7-4c5f-a055-b2eb4fe5d9be" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Before deleting a customer master key (CMK), you might want to know how many cipher-texts were encrypted under that key.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-determining-usage.html" - ] - }, - "risk_details": "Unused keys may increase service cost.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK a80c0553-bf44-472b-a141-674b2d47209b is not being used but it has scheduled deletion.", - "metadata": { - "event_code": "kms_cmk_are_used", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "KMS CMK a80c0553-bf44-472b-a141-674b2d47209b is not being used but it has scheduled deletion.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "CCC": [ - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP01" - ], - "ISO27001-2022": [ - "A.8.5", - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.1", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Check if there are CMK KMS keys not used.", - "title": "Check if there are CMK KMS keys not used.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-kms_cmk_are_used-211203495394-us-east-1-a80c0553-bf44-472b-a141-674b2d47209b" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "id": "a80c0553-bf44-472b-a141-674b2d47209b", - "arn": "arn:aws:kms:us-east-1:211203495394:key/a80c0553-bf44-472b-a141-674b2d47209b", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - }, - { - "Sid": "Allow CloudWatch Logs", - "Effect": "Allow", - "Principal": { - "Service": "logs.us-east-1.amazonaws.com" - }, - "Action": [ - "kms:Encrypt*", - "kms:Decrypt*", - "kms:ReEncrypt*", - "kms:GenerateDataKey*", - "kms:Describe*" - ], - "Resource": "*", - "Condition": { - "ArnLike": { - "kms:EncryptionContext:aws:logs:arn": "arn:aws:logs:us-east-1:211203495394:log-group:/aws/s3/*" - } - } - }, - { - "Sid": "Allow Key Users", - "Effect": "Allow", - "Principal": { - "AWS": [ - "arn:aws:iam::211203495394:root", - "arn:aws:iam::211203495394:user/terraform-user" - ] - }, - "Action": [ - "kms:Encrypt", - "kms:Decrypt", - "kms:ReEncrypt*", - "kms:GenerateDataKey*", - "kms:DescribeKey" - ], - "Resource": "*", - "Condition": { - "ArnLike": { - "kms:EncryptionContext:aws:logs:arn": "arn:aws:logs:us-east-1:211203495394:log-group:/aws/s3/*" - } - } - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "us-east-1", - "multi_region": false, - "tags": [ - { - "TagKey": "Environment", - "TagValue": "Production" - }, - { - "TagKey": "Owner", - "TagValue": "CFI" - }, - { - "TagKey": "managed-by", - "TagValue": "terraform" - }, - { - "TagKey": "module", - "TagValue": "secure-s3" - } - ] - } - }, - "group": { - "name": "kms" - }, - "labels": [ - "TagKey:module", - "TagValue:secure-s3" - ], - "name": "a80c0553-bf44-472b-a141-674b2d47209b", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:us-east-1:211203495394:key/a80c0553-bf44-472b-a141-674b2d47209b" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Before deleting a customer master key (CMK), you might want to know how many cipher-texts were encrypted under that key.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-determining-usage.html" - ] - }, - "risk_details": "Unused keys may increase service cost.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK bcf39cd2-6148-425c-8c08-c140ee2c5a9f is not being used but it has scheduled deletion.", - "metadata": { - "event_code": "kms_cmk_are_used", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "KMS CMK bcf39cd2-6148-425c-8c08-c140ee2c5a9f is not being used but it has scheduled deletion.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "CCC": [ - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP01" - ], - "ISO27001-2022": [ - "A.8.5", - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.1", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Check if there are CMK KMS keys not used.", - "title": "Check if there are CMK KMS keys not used.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-kms_cmk_are_used-211203495394-us-east-1-bcf39cd2-6148-425c-8c08-c140ee2c5a9f" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "id": "bcf39cd2-6148-425c-8c08-c140ee2c5a9f", - "arn": "arn:aws:kms:us-east-1:211203495394:key/bcf39cd2-6148-425c-8c08-c140ee2c5a9f", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - }, - { - "Sid": "Allow CloudWatch Logs", - "Effect": "Allow", - "Principal": { - "Service": "logs.us-east-1.amazonaws.com" - }, - "Action": [ - "kms:Encrypt*", - "kms:Decrypt*", - "kms:ReEncrypt*", - "kms:GenerateDataKey*", - "kms:Describe*" - ], - "Resource": "*", - "Condition": { - "ArnLike": { - "kms:EncryptionContext:aws:logs:arn": "arn:aws:logs:us-east-1:211203495394:log-group:/aws/s3/*" - } - } - }, - { - "Sid": "Allow Key Users", - "Effect": "Allow", - "Principal": { - "AWS": [ - "arn:aws:iam::211203495394:root", - "arn:aws:iam::211203495394:user/terraform-user" - ] - }, - "Action": [ - "kms:Encrypt", - "kms:Decrypt", - "kms:ReEncrypt*", - "kms:GenerateDataKey*", - "kms:DescribeKey" - ], - "Resource": "*", - "Condition": { - "ArnLike": { - "kms:EncryptionContext:aws:logs:arn": "arn:aws:logs:us-east-1:211203495394:log-group:/aws/s3/*" - } - } - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "us-east-1", - "multi_region": false, - "tags": [ - { - "TagKey": "Environment", - "TagValue": "Production" - }, - { - "TagKey": "Owner", - "TagValue": "CFI" - }, - { - "TagKey": "managed-by", - "TagValue": "terraform" - }, - { - "TagKey": "module", - "TagValue": "secure-s3" - } - ] - } - }, - "group": { - "name": "kms" - }, - "labels": [ - "TagKey:module", - "TagValue:secure-s3" - ], - "name": "bcf39cd2-6148-425c-8c08-c140ee2c5a9f", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:us-east-1:211203495394:key/bcf39cd2-6148-425c-8c08-c140ee2c5a9f" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Before deleting a customer master key (CMK), you might want to know how many cipher-texts were encrypted under that key.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-determining-usage.html" - ] - }, - "risk_details": "Unused keys may increase service cost.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 1b7c736d-854c-475a-a8a5-df95b3d7a4df is scheduled for deletion, revert it if it was unintentionally.", - "metadata": { - "event_code": "kms_cmk_not_deleted_unintentionally", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "FAIL", - "status_detail": "KMS CMK 1b7c736d-854c-475a-a8a5-df95b3d7a4df is scheduled for deletion, revert it if it was unintentionally.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "AM-07.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-16.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.9.2", - "2.10.1" - ], - "PCI-4.0": [ - "3.5.1.1.9", - "3.5.1.3.17", - "3.6.1.2.9", - "3.6.1.3.9", - "3.6.1.4.9", - "3.6.1.9", - "3.7.1.10", - "3.7.2.9", - "3.7.4.10", - "3.7.6.9", - "3.7.7.9", - "4.2.1.1.22" - ], - "CCC": [ - "CCC.KeyMgmt.CN01.AR01", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR02", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.ObjStor.CN05.AR04", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Foundational-Security-Best-Practices": [ - "KMS.3" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.9.2", - "2.10.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure there is no customer keys scheduled for deletion.", - "title": "AWS KMS keys should not be deleted unintentionally", - "types": [ - "Data Deletion Protection" - ], - "uid": "prowler-aws-kms_cmk_not_deleted_unintentionally-211203495394-eu-west-1-1b7c736d-854c-475a-a8a5-df95b3d7a4df" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "1b7c736d-854c-475a-a8a5-df95b3d7a4df", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/1b7c736d-854c-475a-a8a5-df95b3d7a4df", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Id": "key-default-1", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [] - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "1b7c736d-854c-475a-a8a5-df95b3d7a4df", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/1b7c736d-854c-475a-a8a5-df95b3d7a4df" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Cancel the deletion before the end of the period unless you really want to delete that CMK, as it will no longer be usable.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html#deleting-keys-scheduling-key-deletion-console" - ] - }, - "risk_details": "KMS keys cannot be recovered once deleted, also, all the data under a KMS key is also permanently unrecoverable if the KMS key is deleted.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 1f7c04ae-50f9-4bd6-b725-433368271fbd is scheduled for deletion, revert it if it was unintentionally.", - "metadata": { - "event_code": "kms_cmk_not_deleted_unintentionally", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "FAIL", - "status_detail": "KMS CMK 1f7c04ae-50f9-4bd6-b725-433368271fbd is scheduled for deletion, revert it if it was unintentionally.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "AM-07.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-16.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.9.2", - "2.10.1" - ], - "PCI-4.0": [ - "3.5.1.1.9", - "3.5.1.3.17", - "3.6.1.2.9", - "3.6.1.3.9", - "3.6.1.4.9", - "3.6.1.9", - "3.7.1.10", - "3.7.2.9", - "3.7.4.10", - "3.7.6.9", - "3.7.7.9", - "4.2.1.1.22" - ], - "CCC": [ - "CCC.KeyMgmt.CN01.AR01", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR02", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.ObjStor.CN05.AR04", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Foundational-Security-Best-Practices": [ - "KMS.3" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.9.2", - "2.10.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure there is no customer keys scheduled for deletion.", - "title": "AWS KMS keys should not be deleted unintentionally", - "types": [ - "Data Deletion Protection" - ], - "uid": "prowler-aws-kms_cmk_not_deleted_unintentionally-211203495394-eu-west-1-1f7c04ae-50f9-4bd6-b725-433368271fbd" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "1f7c04ae-50f9-4bd6-b725-433368271fbd", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/1f7c04ae-50f9-4bd6-b725-433368271fbd", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Id": "key-default-1", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [] - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "1f7c04ae-50f9-4bd6-b725-433368271fbd", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/1f7c04ae-50f9-4bd6-b725-433368271fbd" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Cancel the deletion before the end of the period unless you really want to delete that CMK, as it will no longer be usable.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html#deleting-keys-scheduling-key-deletion-console" - ] - }, - "risk_details": "KMS keys cannot be recovered once deleted, also, all the data under a KMS key is also permanently unrecoverable if the KMS key is deleted.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 29586687-b1be-4c1b-a758-1f2878050364 is scheduled for deletion, revert it if it was unintentionally.", - "metadata": { - "event_code": "kms_cmk_not_deleted_unintentionally", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "FAIL", - "status_detail": "KMS CMK 29586687-b1be-4c1b-a758-1f2878050364 is scheduled for deletion, revert it if it was unintentionally.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "AM-07.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-16.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.9.2", - "2.10.1" - ], - "PCI-4.0": [ - "3.5.1.1.9", - "3.5.1.3.17", - "3.6.1.2.9", - "3.6.1.3.9", - "3.6.1.4.9", - "3.6.1.9", - "3.7.1.10", - "3.7.2.9", - "3.7.4.10", - "3.7.6.9", - "3.7.7.9", - "4.2.1.1.22" - ], - "CCC": [ - "CCC.KeyMgmt.CN01.AR01", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR02", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.ObjStor.CN05.AR04", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Foundational-Security-Best-Practices": [ - "KMS.3" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.9.2", - "2.10.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure there is no customer keys scheduled for deletion.", - "title": "AWS KMS keys should not be deleted unintentionally", - "types": [ - "Data Deletion Protection" - ], - "uid": "prowler-aws-kms_cmk_not_deleted_unintentionally-211203495394-eu-west-1-29586687-b1be-4c1b-a758-1f2878050364" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "29586687-b1be-4c1b-a758-1f2878050364", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/29586687-b1be-4c1b-a758-1f2878050364", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "Default", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [ - { - "TagKey": "Example", - "TagValue": "ex-rds" - }, - { - "TagKey": "GithubOrg", - "TagValue": "terraform-aws-modules" - }, - { - "TagKey": "GithubRepo", - "TagValue": "terraform-aws-rds-aurora" - } - ] - } - }, - "group": { - "name": "kms" - }, - "labels": [ - "TagKey:GithubRepo", - "TagValue:terraform-aws-rds-aurora" - ], - "name": "29586687-b1be-4c1b-a758-1f2878050364", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/29586687-b1be-4c1b-a758-1f2878050364" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Cancel the deletion before the end of the period unless you really want to delete that CMK, as it will no longer be usable.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html#deleting-keys-scheduling-key-deletion-console" - ] - }, - "risk_details": "KMS keys cannot be recovered once deleted, also, all the data under a KMS key is also permanently unrecoverable if the KMS key is deleted.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 34307c6a-e2e3-4f56-8543-fa92dd73df4f is scheduled for deletion, revert it if it was unintentionally.", - "metadata": { - "event_code": "kms_cmk_not_deleted_unintentionally", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "FAIL", - "status_detail": "KMS CMK 34307c6a-e2e3-4f56-8543-fa92dd73df4f is scheduled for deletion, revert it if it was unintentionally.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "AM-07.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-16.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.9.2", - "2.10.1" - ], - "PCI-4.0": [ - "3.5.1.1.9", - "3.5.1.3.17", - "3.6.1.2.9", - "3.6.1.3.9", - "3.6.1.4.9", - "3.6.1.9", - "3.7.1.10", - "3.7.2.9", - "3.7.4.10", - "3.7.6.9", - "3.7.7.9", - "4.2.1.1.22" - ], - "CCC": [ - "CCC.KeyMgmt.CN01.AR01", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR02", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.ObjStor.CN05.AR04", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Foundational-Security-Best-Practices": [ - "KMS.3" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.9.2", - "2.10.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure there is no customer keys scheduled for deletion.", - "title": "AWS KMS keys should not be deleted unintentionally", - "types": [ - "Data Deletion Protection" - ], - "uid": "prowler-aws-kms_cmk_not_deleted_unintentionally-211203495394-eu-west-1-34307c6a-e2e3-4f56-8543-fa92dd73df4f" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "34307c6a-e2e3-4f56-8543-fa92dd73df4f", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/34307c6a-e2e3-4f56-8543-fa92dd73df4f", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Id": "key-default-1", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [] - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "34307c6a-e2e3-4f56-8543-fa92dd73df4f", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/34307c6a-e2e3-4f56-8543-fa92dd73df4f" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Cancel the deletion before the end of the period unless you really want to delete that CMK, as it will no longer be usable.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html#deleting-keys-scheduling-key-deletion-console" - ] - }, - "risk_details": "KMS keys cannot be recovered once deleted, also, all the data under a KMS key is also permanently unrecoverable if the KMS key is deleted.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 3c96a820-bc6c-4059-9a8e-3a283bf8c4f5 is scheduled for deletion, revert it if it was unintentionally.", - "metadata": { - "event_code": "kms_cmk_not_deleted_unintentionally", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "FAIL", - "status_detail": "KMS CMK 3c96a820-bc6c-4059-9a8e-3a283bf8c4f5 is scheduled for deletion, revert it if it was unintentionally.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "AM-07.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-16.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.9.2", - "2.10.1" - ], - "PCI-4.0": [ - "3.5.1.1.9", - "3.5.1.3.17", - "3.6.1.2.9", - "3.6.1.3.9", - "3.6.1.4.9", - "3.6.1.9", - "3.7.1.10", - "3.7.2.9", - "3.7.4.10", - "3.7.6.9", - "3.7.7.9", - "4.2.1.1.22" - ], - "CCC": [ - "CCC.KeyMgmt.CN01.AR01", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR02", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.ObjStor.CN05.AR04", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Foundational-Security-Best-Practices": [ - "KMS.3" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.9.2", - "2.10.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure there is no customer keys scheduled for deletion.", - "title": "AWS KMS keys should not be deleted unintentionally", - "types": [ - "Data Deletion Protection" - ], - "uid": "prowler-aws-kms_cmk_not_deleted_unintentionally-211203495394-eu-west-1-3c96a820-bc6c-4059-9a8e-3a283bf8c4f5" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "3c96a820-bc6c-4059-9a8e-3a283bf8c4f5", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/3c96a820-bc6c-4059-9a8e-3a283bf8c4f5", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Id": "key-default-1", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [] - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "3c96a820-bc6c-4059-9a8e-3a283bf8c4f5", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/3c96a820-bc6c-4059-9a8e-3a283bf8c4f5" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Cancel the deletion before the end of the period unless you really want to delete that CMK, as it will no longer be usable.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html#deleting-keys-scheduling-key-deletion-console" - ] - }, - "risk_details": "KMS keys cannot be recovered once deleted, also, all the data under a KMS key is also permanently unrecoverable if the KMS key is deleted.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 4cac849c-0540-454c-9d3c-cd040cfab4a9 is scheduled for deletion, revert it if it was unintentionally.", - "metadata": { - "event_code": "kms_cmk_not_deleted_unintentionally", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "FAIL", - "status_detail": "KMS CMK 4cac849c-0540-454c-9d3c-cd040cfab4a9 is scheduled for deletion, revert it if it was unintentionally.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "AM-07.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-16.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.9.2", - "2.10.1" - ], - "PCI-4.0": [ - "3.5.1.1.9", - "3.5.1.3.17", - "3.6.1.2.9", - "3.6.1.3.9", - "3.6.1.4.9", - "3.6.1.9", - "3.7.1.10", - "3.7.2.9", - "3.7.4.10", - "3.7.6.9", - "3.7.7.9", - "4.2.1.1.22" - ], - "CCC": [ - "CCC.KeyMgmt.CN01.AR01", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR02", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.ObjStor.CN05.AR04", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Foundational-Security-Best-Practices": [ - "KMS.3" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.9.2", - "2.10.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure there is no customer keys scheduled for deletion.", - "title": "AWS KMS keys should not be deleted unintentionally", - "types": [ - "Data Deletion Protection" - ], - "uid": "prowler-aws-kms_cmk_not_deleted_unintentionally-211203495394-eu-west-1-4cac849c-0540-454c-9d3c-cd040cfab4a9" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "4cac849c-0540-454c-9d3c-cd040cfab4a9", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/4cac849c-0540-454c-9d3c-cd040cfab4a9", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Id": "key-default-1", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [] - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "4cac849c-0540-454c-9d3c-cd040cfab4a9", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/4cac849c-0540-454c-9d3c-cd040cfab4a9" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Cancel the deletion before the end of the period unless you really want to delete that CMK, as it will no longer be usable.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html#deleting-keys-scheduling-key-deletion-console" - ] - }, - "risk_details": "KMS keys cannot be recovered once deleted, also, all the data under a KMS key is also permanently unrecoverable if the KMS key is deleted.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 51726887-02ae-44f3-a044-7e70d96761f9 is scheduled for deletion, revert it if it was unintentionally.", - "metadata": { - "event_code": "kms_cmk_not_deleted_unintentionally", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "FAIL", - "status_detail": "KMS CMK 51726887-02ae-44f3-a044-7e70d96761f9 is scheduled for deletion, revert it if it was unintentionally.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "AM-07.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-16.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.9.2", - "2.10.1" - ], - "PCI-4.0": [ - "3.5.1.1.9", - "3.5.1.3.17", - "3.6.1.2.9", - "3.6.1.3.9", - "3.6.1.4.9", - "3.6.1.9", - "3.7.1.10", - "3.7.2.9", - "3.7.4.10", - "3.7.6.9", - "3.7.7.9", - "4.2.1.1.22" - ], - "CCC": [ - "CCC.KeyMgmt.CN01.AR01", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR02", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.ObjStor.CN05.AR04", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Foundational-Security-Best-Practices": [ - "KMS.3" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.9.2", - "2.10.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure there is no customer keys scheduled for deletion.", - "title": "AWS KMS keys should not be deleted unintentionally", - "types": [ - "Data Deletion Protection" - ], - "uid": "prowler-aws-kms_cmk_not_deleted_unintentionally-211203495394-eu-west-1-51726887-02ae-44f3-a044-7e70d96761f9" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "51726887-02ae-44f3-a044-7e70d96761f9", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/51726887-02ae-44f3-a044-7e70d96761f9", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "Default", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [ - { - "TagKey": "Example", - "TagValue": "ex-rds" - }, - { - "TagKey": "GithubOrg", - "TagValue": "terraform-aws-modules" - }, - { - "TagKey": "GithubRepo", - "TagValue": "terraform-aws-rds-aurora" - } - ] - } - }, - "group": { - "name": "kms" - }, - "labels": [ - "TagKey:GithubRepo", - "TagValue:terraform-aws-rds-aurora" - ], - "name": "51726887-02ae-44f3-a044-7e70d96761f9", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/51726887-02ae-44f3-a044-7e70d96761f9" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Cancel the deletion before the end of the period unless you really want to delete that CMK, as it will no longer be usable.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html#deleting-keys-scheduling-key-deletion-console" - ] - }, - "risk_details": "KMS keys cannot be recovered once deleted, also, all the data under a KMS key is also permanently unrecoverable if the KMS key is deleted.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 6ce7a755-4867-4c6a-966c-896a1edcc078 is scheduled for deletion, revert it if it was unintentionally.", - "metadata": { - "event_code": "kms_cmk_not_deleted_unintentionally", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "FAIL", - "status_detail": "KMS CMK 6ce7a755-4867-4c6a-966c-896a1edcc078 is scheduled for deletion, revert it if it was unintentionally.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "AM-07.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-16.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.9.2", - "2.10.1" - ], - "PCI-4.0": [ - "3.5.1.1.9", - "3.5.1.3.17", - "3.6.1.2.9", - "3.6.1.3.9", - "3.6.1.4.9", - "3.6.1.9", - "3.7.1.10", - "3.7.2.9", - "3.7.4.10", - "3.7.6.9", - "3.7.7.9", - "4.2.1.1.22" - ], - "CCC": [ - "CCC.KeyMgmt.CN01.AR01", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR02", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.ObjStor.CN05.AR04", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Foundational-Security-Best-Practices": [ - "KMS.3" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.9.2", - "2.10.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure there is no customer keys scheduled for deletion.", - "title": "AWS KMS keys should not be deleted unintentionally", - "types": [ - "Data Deletion Protection" - ], - "uid": "prowler-aws-kms_cmk_not_deleted_unintentionally-211203495394-eu-west-1-6ce7a755-4867-4c6a-966c-896a1edcc078" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "6ce7a755-4867-4c6a-966c-896a1edcc078", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/6ce7a755-4867-4c6a-966c-896a1edcc078", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Id": "key-default-1", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [] - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "6ce7a755-4867-4c6a-966c-896a1edcc078", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/6ce7a755-4867-4c6a-966c-896a1edcc078" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Cancel the deletion before the end of the period unless you really want to delete that CMK, as it will no longer be usable.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html#deleting-keys-scheduling-key-deletion-console" - ] - }, - "risk_details": "KMS keys cannot be recovered once deleted, also, all the data under a KMS key is also permanently unrecoverable if the KMS key is deleted.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 737fb7a4-e9f8-4ab4-87a8-aac87372f1c4 is scheduled for deletion, revert it if it was unintentionally.", - "metadata": { - "event_code": "kms_cmk_not_deleted_unintentionally", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "FAIL", - "status_detail": "KMS CMK 737fb7a4-e9f8-4ab4-87a8-aac87372f1c4 is scheduled for deletion, revert it if it was unintentionally.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "AM-07.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-16.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.9.2", - "2.10.1" - ], - "PCI-4.0": [ - "3.5.1.1.9", - "3.5.1.3.17", - "3.6.1.2.9", - "3.6.1.3.9", - "3.6.1.4.9", - "3.6.1.9", - "3.7.1.10", - "3.7.2.9", - "3.7.4.10", - "3.7.6.9", - "3.7.7.9", - "4.2.1.1.22" - ], - "CCC": [ - "CCC.KeyMgmt.CN01.AR01", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR02", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.ObjStor.CN05.AR04", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Foundational-Security-Best-Practices": [ - "KMS.3" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.9.2", - "2.10.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure there is no customer keys scheduled for deletion.", - "title": "AWS KMS keys should not be deleted unintentionally", - "types": [ - "Data Deletion Protection" - ], - "uid": "prowler-aws-kms_cmk_not_deleted_unintentionally-211203495394-eu-west-1-737fb7a4-e9f8-4ab4-87a8-aac87372f1c4" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "737fb7a4-e9f8-4ab4-87a8-aac87372f1c4", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/737fb7a4-e9f8-4ab4-87a8-aac87372f1c4", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Id": "key-default-1", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [] - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "737fb7a4-e9f8-4ab4-87a8-aac87372f1c4", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/737fb7a4-e9f8-4ab4-87a8-aac87372f1c4" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Cancel the deletion before the end of the period unless you really want to delete that CMK, as it will no longer be usable.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html#deleting-keys-scheduling-key-deletion-console" - ] - }, - "risk_details": "KMS keys cannot be recovered once deleted, also, all the data under a KMS key is also permanently unrecoverable if the KMS key is deleted.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 7becded9-6105-409d-9ddc-1ec9ad37781a is scheduled for deletion, revert it if it was unintentionally.", - "metadata": { - "event_code": "kms_cmk_not_deleted_unintentionally", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "FAIL", - "status_detail": "KMS CMK 7becded9-6105-409d-9ddc-1ec9ad37781a is scheduled for deletion, revert it if it was unintentionally.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "AM-07.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-16.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.9.2", - "2.10.1" - ], - "PCI-4.0": [ - "3.5.1.1.9", - "3.5.1.3.17", - "3.6.1.2.9", - "3.6.1.3.9", - "3.6.1.4.9", - "3.6.1.9", - "3.7.1.10", - "3.7.2.9", - "3.7.4.10", - "3.7.6.9", - "3.7.7.9", - "4.2.1.1.22" - ], - "CCC": [ - "CCC.KeyMgmt.CN01.AR01", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR02", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.ObjStor.CN05.AR04", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Foundational-Security-Best-Practices": [ - "KMS.3" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.9.2", - "2.10.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure there is no customer keys scheduled for deletion.", - "title": "AWS KMS keys should not be deleted unintentionally", - "types": [ - "Data Deletion Protection" - ], - "uid": "prowler-aws-kms_cmk_not_deleted_unintentionally-211203495394-eu-west-1-7becded9-6105-409d-9ddc-1ec9ad37781a" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "7becded9-6105-409d-9ddc-1ec9ad37781a", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/7becded9-6105-409d-9ddc-1ec9ad37781a", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "Default", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [ - { - "TagKey": "Example", - "TagValue": "ex-rds" - }, - { - "TagKey": "GithubOrg", - "TagValue": "terraform-aws-modules" - }, - { - "TagKey": "GithubRepo", - "TagValue": "terraform-aws-rds-aurora" - } - ] - } - }, - "group": { - "name": "kms" - }, - "labels": [ - "TagKey:GithubRepo", - "TagValue:terraform-aws-rds-aurora" - ], - "name": "7becded9-6105-409d-9ddc-1ec9ad37781a", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/7becded9-6105-409d-9ddc-1ec9ad37781a" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Cancel the deletion before the end of the period unless you really want to delete that CMK, as it will no longer be usable.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html#deleting-keys-scheduling-key-deletion-console" - ] - }, - "risk_details": "KMS keys cannot be recovered once deleted, also, all the data under a KMS key is also permanently unrecoverable if the KMS key is deleted.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 84910ea5-e87b-4175-a70d-317307443c9b is scheduled for deletion, revert it if it was unintentionally.", - "metadata": { - "event_code": "kms_cmk_not_deleted_unintentionally", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "FAIL", - "status_detail": "KMS CMK 84910ea5-e87b-4175-a70d-317307443c9b is scheduled for deletion, revert it if it was unintentionally.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "AM-07.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-16.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.9.2", - "2.10.1" - ], - "PCI-4.0": [ - "3.5.1.1.9", - "3.5.1.3.17", - "3.6.1.2.9", - "3.6.1.3.9", - "3.6.1.4.9", - "3.6.1.9", - "3.7.1.10", - "3.7.2.9", - "3.7.4.10", - "3.7.6.9", - "3.7.7.9", - "4.2.1.1.22" - ], - "CCC": [ - "CCC.KeyMgmt.CN01.AR01", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR02", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.ObjStor.CN05.AR04", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Foundational-Security-Best-Practices": [ - "KMS.3" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.9.2", - "2.10.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure there is no customer keys scheduled for deletion.", - "title": "AWS KMS keys should not be deleted unintentionally", - "types": [ - "Data Deletion Protection" - ], - "uid": "prowler-aws-kms_cmk_not_deleted_unintentionally-211203495394-eu-west-1-84910ea5-e87b-4175-a70d-317307443c9b" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "84910ea5-e87b-4175-a70d-317307443c9b", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/84910ea5-e87b-4175-a70d-317307443c9b", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Id": "key-default-1", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [] - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "84910ea5-e87b-4175-a70d-317307443c9b", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/84910ea5-e87b-4175-a70d-317307443c9b" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Cancel the deletion before the end of the period unless you really want to delete that CMK, as it will no longer be usable.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html#deleting-keys-scheduling-key-deletion-console" - ] - }, - "risk_details": "KMS keys cannot be recovered once deleted, also, all the data under a KMS key is also permanently unrecoverable if the KMS key is deleted.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 8775e1db-1bd3-430a-859e-3f4c2add845f is scheduled for deletion, revert it if it was unintentionally.", - "metadata": { - "event_code": "kms_cmk_not_deleted_unintentionally", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "FAIL", - "status_detail": "KMS CMK 8775e1db-1bd3-430a-859e-3f4c2add845f is scheduled for deletion, revert it if it was unintentionally.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "AM-07.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-16.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.9.2", - "2.10.1" - ], - "PCI-4.0": [ - "3.5.1.1.9", - "3.5.1.3.17", - "3.6.1.2.9", - "3.6.1.3.9", - "3.6.1.4.9", - "3.6.1.9", - "3.7.1.10", - "3.7.2.9", - "3.7.4.10", - "3.7.6.9", - "3.7.7.9", - "4.2.1.1.22" - ], - "CCC": [ - "CCC.KeyMgmt.CN01.AR01", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR02", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.ObjStor.CN05.AR04", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Foundational-Security-Best-Practices": [ - "KMS.3" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.9.2", - "2.10.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure there is no customer keys scheduled for deletion.", - "title": "AWS KMS keys should not be deleted unintentionally", - "types": [ - "Data Deletion Protection" - ], - "uid": "prowler-aws-kms_cmk_not_deleted_unintentionally-211203495394-eu-west-1-8775e1db-1bd3-430a-859e-3f4c2add845f" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "8775e1db-1bd3-430a-859e-3f4c2add845f", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/8775e1db-1bd3-430a-859e-3f4c2add845f", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Id": "key-default-1", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [] - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "8775e1db-1bd3-430a-859e-3f4c2add845f", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/8775e1db-1bd3-430a-859e-3f4c2add845f" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Cancel the deletion before the end of the period unless you really want to delete that CMK, as it will no longer be usable.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html#deleting-keys-scheduling-key-deletion-console" - ] - }, - "risk_details": "KMS keys cannot be recovered once deleted, also, all the data under a KMS key is also permanently unrecoverable if the KMS key is deleted.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 99ad2e00-15a1-4135-b8fb-dd5accf3652f is scheduled for deletion, revert it if it was unintentionally.", - "metadata": { - "event_code": "kms_cmk_not_deleted_unintentionally", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "FAIL", - "status_detail": "KMS CMK 99ad2e00-15a1-4135-b8fb-dd5accf3652f is scheduled for deletion, revert it if it was unintentionally.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "AM-07.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-16.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.9.2", - "2.10.1" - ], - "PCI-4.0": [ - "3.5.1.1.9", - "3.5.1.3.17", - "3.6.1.2.9", - "3.6.1.3.9", - "3.6.1.4.9", - "3.6.1.9", - "3.7.1.10", - "3.7.2.9", - "3.7.4.10", - "3.7.6.9", - "3.7.7.9", - "4.2.1.1.22" - ], - "CCC": [ - "CCC.KeyMgmt.CN01.AR01", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR02", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.ObjStor.CN05.AR04", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Foundational-Security-Best-Practices": [ - "KMS.3" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.9.2", - "2.10.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure there is no customer keys scheduled for deletion.", - "title": "AWS KMS keys should not be deleted unintentionally", - "types": [ - "Data Deletion Protection" - ], - "uid": "prowler-aws-kms_cmk_not_deleted_unintentionally-211203495394-eu-west-1-99ad2e00-15a1-4135-b8fb-dd5accf3652f" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "99ad2e00-15a1-4135-b8fb-dd5accf3652f", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/99ad2e00-15a1-4135-b8fb-dd5accf3652f", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Id": "key-default-1", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [] - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "99ad2e00-15a1-4135-b8fb-dd5accf3652f", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/99ad2e00-15a1-4135-b8fb-dd5accf3652f" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Cancel the deletion before the end of the period unless you really want to delete that CMK, as it will no longer be usable.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html#deleting-keys-scheduling-key-deletion-console" - ] - }, - "risk_details": "KMS keys cannot be recovered once deleted, also, all the data under a KMS key is also permanently unrecoverable if the KMS key is deleted.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 9df09165-d3c4-46c5-954f-a66bcb65f64f is scheduled for deletion, revert it if it was unintentionally.", - "metadata": { - "event_code": "kms_cmk_not_deleted_unintentionally", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "FAIL", - "status_detail": "KMS CMK 9df09165-d3c4-46c5-954f-a66bcb65f64f is scheduled for deletion, revert it if it was unintentionally.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "AM-07.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-16.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.9.2", - "2.10.1" - ], - "PCI-4.0": [ - "3.5.1.1.9", - "3.5.1.3.17", - "3.6.1.2.9", - "3.6.1.3.9", - "3.6.1.4.9", - "3.6.1.9", - "3.7.1.10", - "3.7.2.9", - "3.7.4.10", - "3.7.6.9", - "3.7.7.9", - "4.2.1.1.22" - ], - "CCC": [ - "CCC.KeyMgmt.CN01.AR01", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR02", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.ObjStor.CN05.AR04", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Foundational-Security-Best-Practices": [ - "KMS.3" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.9.2", - "2.10.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure there is no customer keys scheduled for deletion.", - "title": "AWS KMS keys should not be deleted unintentionally", - "types": [ - "Data Deletion Protection" - ], - "uid": "prowler-aws-kms_cmk_not_deleted_unintentionally-211203495394-eu-west-1-9df09165-d3c4-46c5-954f-a66bcb65f64f" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "9df09165-d3c4-46c5-954f-a66bcb65f64f", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/9df09165-d3c4-46c5-954f-a66bcb65f64f", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Id": "key-default-1", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [] - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "9df09165-d3c4-46c5-954f-a66bcb65f64f", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/9df09165-d3c4-46c5-954f-a66bcb65f64f" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Cancel the deletion before the end of the period unless you really want to delete that CMK, as it will no longer be usable.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html#deleting-keys-scheduling-key-deletion-console" - ] - }, - "risk_details": "KMS keys cannot be recovered once deleted, also, all the data under a KMS key is also permanently unrecoverable if the KMS key is deleted.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK b6fe9898-8d78-4d6f-aeeb-2f2083ab7552 is scheduled for deletion, revert it if it was unintentionally.", - "metadata": { - "event_code": "kms_cmk_not_deleted_unintentionally", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "FAIL", - "status_detail": "KMS CMK b6fe9898-8d78-4d6f-aeeb-2f2083ab7552 is scheduled for deletion, revert it if it was unintentionally.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "AM-07.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-16.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.9.2", - "2.10.1" - ], - "PCI-4.0": [ - "3.5.1.1.9", - "3.5.1.3.17", - "3.6.1.2.9", - "3.6.1.3.9", - "3.6.1.4.9", - "3.6.1.9", - "3.7.1.10", - "3.7.2.9", - "3.7.4.10", - "3.7.6.9", - "3.7.7.9", - "4.2.1.1.22" - ], - "CCC": [ - "CCC.KeyMgmt.CN01.AR01", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR02", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.ObjStor.CN05.AR04", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Foundational-Security-Best-Practices": [ - "KMS.3" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.9.2", - "2.10.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure there is no customer keys scheduled for deletion.", - "title": "AWS KMS keys should not be deleted unintentionally", - "types": [ - "Data Deletion Protection" - ], - "uid": "prowler-aws-kms_cmk_not_deleted_unintentionally-211203495394-eu-west-1-b6fe9898-8d78-4d6f-aeeb-2f2083ab7552" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "b6fe9898-8d78-4d6f-aeeb-2f2083ab7552", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/b6fe9898-8d78-4d6f-aeeb-2f2083ab7552", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Id": "key-default-1", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [] - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "b6fe9898-8d78-4d6f-aeeb-2f2083ab7552", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/b6fe9898-8d78-4d6f-aeeb-2f2083ab7552" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Cancel the deletion before the end of the period unless you really want to delete that CMK, as it will no longer be usable.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html#deleting-keys-scheduling-key-deletion-console" - ] - }, - "risk_details": "KMS keys cannot be recovered once deleted, also, all the data under a KMS key is also permanently unrecoverable if the KMS key is deleted.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK c28e1f44-d1bb-40d8-beef-21efdcb66bb7 is scheduled for deletion, revert it if it was unintentionally.", - "metadata": { - "event_code": "kms_cmk_not_deleted_unintentionally", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "FAIL", - "status_detail": "KMS CMK c28e1f44-d1bb-40d8-beef-21efdcb66bb7 is scheduled for deletion, revert it if it was unintentionally.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "AM-07.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-16.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.9.2", - "2.10.1" - ], - "PCI-4.0": [ - "3.5.1.1.9", - "3.5.1.3.17", - "3.6.1.2.9", - "3.6.1.3.9", - "3.6.1.4.9", - "3.6.1.9", - "3.7.1.10", - "3.7.2.9", - "3.7.4.10", - "3.7.6.9", - "3.7.7.9", - "4.2.1.1.22" - ], - "CCC": [ - "CCC.KeyMgmt.CN01.AR01", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR02", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.ObjStor.CN05.AR04", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Foundational-Security-Best-Practices": [ - "KMS.3" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.9.2", - "2.10.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure there is no customer keys scheduled for deletion.", - "title": "AWS KMS keys should not be deleted unintentionally", - "types": [ - "Data Deletion Protection" - ], - "uid": "prowler-aws-kms_cmk_not_deleted_unintentionally-211203495394-eu-west-1-c28e1f44-d1bb-40d8-beef-21efdcb66bb7" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "c28e1f44-d1bb-40d8-beef-21efdcb66bb7", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/c28e1f44-d1bb-40d8-beef-21efdcb66bb7", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "Default", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [ - { - "TagKey": "Example", - "TagValue": "ex-rds" - }, - { - "TagKey": "GithubOrg", - "TagValue": "terraform-aws-modules" - }, - { - "TagKey": "GithubRepo", - "TagValue": "terraform-aws-rds-aurora" - } - ] - } - }, - "group": { - "name": "kms" - }, - "labels": [ - "TagKey:GithubRepo", - "TagValue:terraform-aws-rds-aurora" - ], - "name": "c28e1f44-d1bb-40d8-beef-21efdcb66bb7", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/c28e1f44-d1bb-40d8-beef-21efdcb66bb7" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Cancel the deletion before the end of the period unless you really want to delete that CMK, as it will no longer be usable.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html#deleting-keys-scheduling-key-deletion-console" - ] - }, - "risk_details": "KMS keys cannot be recovered once deleted, also, all the data under a KMS key is also permanently unrecoverable if the KMS key is deleted.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK c45a036b-843a-48be-9621-57e49da9e4f6 is scheduled for deletion, revert it if it was unintentionally.", - "metadata": { - "event_code": "kms_cmk_not_deleted_unintentionally", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "FAIL", - "status_detail": "KMS CMK c45a036b-843a-48be-9621-57e49da9e4f6 is scheduled for deletion, revert it if it was unintentionally.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "AM-07.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-16.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.9.2", - "2.10.1" - ], - "PCI-4.0": [ - "3.5.1.1.9", - "3.5.1.3.17", - "3.6.1.2.9", - "3.6.1.3.9", - "3.6.1.4.9", - "3.6.1.9", - "3.7.1.10", - "3.7.2.9", - "3.7.4.10", - "3.7.6.9", - "3.7.7.9", - "4.2.1.1.22" - ], - "CCC": [ - "CCC.KeyMgmt.CN01.AR01", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR02", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.ObjStor.CN05.AR04", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Foundational-Security-Best-Practices": [ - "KMS.3" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.9.2", - "2.10.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure there is no customer keys scheduled for deletion.", - "title": "AWS KMS keys should not be deleted unintentionally", - "types": [ - "Data Deletion Protection" - ], - "uid": "prowler-aws-kms_cmk_not_deleted_unintentionally-211203495394-eu-west-1-c45a036b-843a-48be-9621-57e49da9e4f6" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "c45a036b-843a-48be-9621-57e49da9e4f6", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/c45a036b-843a-48be-9621-57e49da9e4f6", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "Default", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [ - { - "TagKey": "Example", - "TagValue": "ex-rds" - }, - { - "TagKey": "GithubOrg", - "TagValue": "terraform-aws-modules" - }, - { - "TagKey": "GithubRepo", - "TagValue": "terraform-aws-rds-aurora" - } - ] - } - }, - "group": { - "name": "kms" - }, - "labels": [ - "TagKey:GithubRepo", - "TagValue:terraform-aws-rds-aurora" - ], - "name": "c45a036b-843a-48be-9621-57e49da9e4f6", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/c45a036b-843a-48be-9621-57e49da9e4f6" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Cancel the deletion before the end of the period unless you really want to delete that CMK, as it will no longer be usable.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html#deleting-keys-scheduling-key-deletion-console" - ] - }, - "risk_details": "KMS keys cannot be recovered once deleted, also, all the data under a KMS key is also permanently unrecoverable if the KMS key is deleted.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK cdbd7090-6c87-4e56-b755-fddf82d253ef is scheduled for deletion, revert it if it was unintentionally.", - "metadata": { - "event_code": "kms_cmk_not_deleted_unintentionally", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "FAIL", - "status_detail": "KMS CMK cdbd7090-6c87-4e56-b755-fddf82d253ef is scheduled for deletion, revert it if it was unintentionally.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "AM-07.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-16.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.9.2", - "2.10.1" - ], - "PCI-4.0": [ - "3.5.1.1.9", - "3.5.1.3.17", - "3.6.1.2.9", - "3.6.1.3.9", - "3.6.1.4.9", - "3.6.1.9", - "3.7.1.10", - "3.7.2.9", - "3.7.4.10", - "3.7.6.9", - "3.7.7.9", - "4.2.1.1.22" - ], - "CCC": [ - "CCC.KeyMgmt.CN01.AR01", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR02", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.ObjStor.CN05.AR04", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Foundational-Security-Best-Practices": [ - "KMS.3" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.9.2", - "2.10.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure there is no customer keys scheduled for deletion.", - "title": "AWS KMS keys should not be deleted unintentionally", - "types": [ - "Data Deletion Protection" - ], - "uid": "prowler-aws-kms_cmk_not_deleted_unintentionally-211203495394-eu-west-1-cdbd7090-6c87-4e56-b755-fddf82d253ef" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "cdbd7090-6c87-4e56-b755-fddf82d253ef", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/cdbd7090-6c87-4e56-b755-fddf82d253ef", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Id": "key-default-1", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [] - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "cdbd7090-6c87-4e56-b755-fddf82d253ef", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/cdbd7090-6c87-4e56-b755-fddf82d253ef" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Cancel the deletion before the end of the period unless you really want to delete that CMK, as it will no longer be usable.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html#deleting-keys-scheduling-key-deletion-console" - ] - }, - "risk_details": "KMS keys cannot be recovered once deleted, also, all the data under a KMS key is also permanently unrecoverable if the KMS key is deleted.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK cf944303-41d3-401c-b296-00cbbb3d5ca4 is scheduled for deletion, revert it if it was unintentionally.", - "metadata": { - "event_code": "kms_cmk_not_deleted_unintentionally", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "FAIL", - "status_detail": "KMS CMK cf944303-41d3-401c-b296-00cbbb3d5ca4 is scheduled for deletion, revert it if it was unintentionally.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "AM-07.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-16.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.9.2", - "2.10.1" - ], - "PCI-4.0": [ - "3.5.1.1.9", - "3.5.1.3.17", - "3.6.1.2.9", - "3.6.1.3.9", - "3.6.1.4.9", - "3.6.1.9", - "3.7.1.10", - "3.7.2.9", - "3.7.4.10", - "3.7.6.9", - "3.7.7.9", - "4.2.1.1.22" - ], - "CCC": [ - "CCC.KeyMgmt.CN01.AR01", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR02", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.ObjStor.CN05.AR04", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Foundational-Security-Best-Practices": [ - "KMS.3" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.9.2", - "2.10.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure there is no customer keys scheduled for deletion.", - "title": "AWS KMS keys should not be deleted unintentionally", - "types": [ - "Data Deletion Protection" - ], - "uid": "prowler-aws-kms_cmk_not_deleted_unintentionally-211203495394-eu-west-1-cf944303-41d3-401c-b296-00cbbb3d5ca4" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "cf944303-41d3-401c-b296-00cbbb3d5ca4", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/cf944303-41d3-401c-b296-00cbbb3d5ca4", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Id": "key-default-1", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [] - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "cf944303-41d3-401c-b296-00cbbb3d5ca4", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/cf944303-41d3-401c-b296-00cbbb3d5ca4" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Cancel the deletion before the end of the period unless you really want to delete that CMK, as it will no longer be usable.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html#deleting-keys-scheduling-key-deletion-console" - ] - }, - "risk_details": "KMS keys cannot be recovered once deleted, also, all the data under a KMS key is also permanently unrecoverable if the KMS key is deleted.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK db617ef7-813a-45f5-b3e3-65c57fdf56a3 is not scheduled for deletion.", - "metadata": { - "event_code": "kms_cmk_not_deleted_unintentionally", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "PASS", - "status_detail": "KMS CMK db617ef7-813a-45f5-b3e3-65c57fdf56a3 is not scheduled for deletion.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "AM-07.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-16.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.9.2", - "2.10.1" - ], - "PCI-4.0": [ - "3.5.1.1.9", - "3.5.1.3.17", - "3.6.1.2.9", - "3.6.1.3.9", - "3.6.1.4.9", - "3.6.1.9", - "3.7.1.10", - "3.7.2.9", - "3.7.4.10", - "3.7.6.9", - "3.7.7.9", - "4.2.1.1.22" - ], - "CCC": [ - "CCC.KeyMgmt.CN01.AR01", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR02", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.ObjStor.CN05.AR04", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Foundational-Security-Best-Practices": [ - "KMS.3" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.9.2", - "2.10.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure there is no customer keys scheduled for deletion.", - "title": "AWS KMS keys should not be deleted unintentionally", - "types": [ - "Data Deletion Protection" - ], - "uid": "prowler-aws-kms_cmk_not_deleted_unintentionally-211203495394-eu-west-1-db617ef7-813a-45f5-b3e3-65c57fdf56a3" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "db617ef7-813a-45f5-b3e3-65c57fdf56a3", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/db617ef7-813a-45f5-b3e3-65c57fdf56a3", - "state": "Enabled", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": true, - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "Default", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [ - { - "TagKey": "Example", - "TagValue": "ex-rds" - }, - { - "TagKey": "GithubOrg", - "TagValue": "terraform-aws-modules" - }, - { - "TagKey": "GithubRepo", - "TagValue": "terraform-aws-rds-aurora" - } - ] - } - }, - "group": { - "name": "kms" - }, - "labels": [ - "TagKey:GithubRepo", - "TagValue:terraform-aws-rds-aurora" - ], - "name": "db617ef7-813a-45f5-b3e3-65c57fdf56a3", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/db617ef7-813a-45f5-b3e3-65c57fdf56a3" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Cancel the deletion before the end of the period unless you really want to delete that CMK, as it will no longer be usable.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html#deleting-keys-scheduling-key-deletion-console" - ] - }, - "risk_details": "KMS keys cannot be recovered once deleted, also, all the data under a KMS key is also permanently unrecoverable if the KMS key is deleted.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 939cf539-5ce7-4c5f-a055-b2eb4fe5d9be is scheduled for deletion, revert it if it was unintentionally.", - "metadata": { - "event_code": "kms_cmk_not_deleted_unintentionally", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "FAIL", - "status_detail": "KMS CMK 939cf539-5ce7-4c5f-a055-b2eb4fe5d9be is scheduled for deletion, revert it if it was unintentionally.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "AM-07.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-16.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.9.2", - "2.10.1" - ], - "PCI-4.0": [ - "3.5.1.1.9", - "3.5.1.3.17", - "3.6.1.2.9", - "3.6.1.3.9", - "3.6.1.4.9", - "3.6.1.9", - "3.7.1.10", - "3.7.2.9", - "3.7.4.10", - "3.7.6.9", - "3.7.7.9", - "4.2.1.1.22" - ], - "CCC": [ - "CCC.KeyMgmt.CN01.AR01", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR02", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.ObjStor.CN05.AR04", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Foundational-Security-Best-Practices": [ - "KMS.3" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.9.2", - "2.10.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure there is no customer keys scheduled for deletion.", - "title": "AWS KMS keys should not be deleted unintentionally", - "types": [ - "Data Deletion Protection" - ], - "uid": "prowler-aws-kms_cmk_not_deleted_unintentionally-211203495394-us-east-1-939cf539-5ce7-4c5f-a055-b2eb4fe5d9be" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "id": "939cf539-5ce7-4c5f-a055-b2eb4fe5d9be", - "arn": "arn:aws:kms:us-east-1:211203495394:key/939cf539-5ce7-4c5f-a055-b2eb4fe5d9be", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - }, - { - "Sid": "Allow CloudWatch Logs", - "Effect": "Allow", - "Principal": { - "Service": "logs.us-east-1.amazonaws.com" - }, - "Action": [ - "kms:Encrypt*", - "kms:Decrypt*", - "kms:ReEncrypt*", - "kms:GenerateDataKey*", - "kms:Describe*" - ], - "Resource": "*", - "Condition": { - "ArnLike": { - "kms:EncryptionContext:aws:logs:arn": "arn:aws:logs:us-east-1:211203495394:log-group:/aws/s3/*" - } - } - }, - { - "Sid": "Allow Key Users", - "Effect": "Allow", - "Principal": { - "AWS": [ - "arn:aws:iam::211203495394:root", - "arn:aws:iam::211203495394:user/terraform-user" - ] - }, - "Action": [ - "kms:Encrypt", - "kms:Decrypt", - "kms:ReEncrypt*", - "kms:GenerateDataKey*", - "kms:DescribeKey" - ], - "Resource": "*", - "Condition": { - "ArnLike": { - "kms:EncryptionContext:aws:logs:arn": "arn:aws:logs:us-east-1:211203495394:log-group:/aws/s3/*" - } - } - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "us-east-1", - "multi_region": false, - "tags": [ - { - "TagKey": "Environment", - "TagValue": "Production" - }, - { - "TagKey": "Owner", - "TagValue": "CFI" - }, - { - "TagKey": "managed-by", - "TagValue": "terraform" - }, - { - "TagKey": "module", - "TagValue": "secure-s3" - } - ] - } - }, - "group": { - "name": "kms" - }, - "labels": [ - "TagKey:module", - "TagValue:secure-s3" - ], - "name": "939cf539-5ce7-4c5f-a055-b2eb4fe5d9be", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:us-east-1:211203495394:key/939cf539-5ce7-4c5f-a055-b2eb4fe5d9be" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Cancel the deletion before the end of the period unless you really want to delete that CMK, as it will no longer be usable.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html#deleting-keys-scheduling-key-deletion-console" - ] - }, - "risk_details": "KMS keys cannot be recovered once deleted, also, all the data under a KMS key is also permanently unrecoverable if the KMS key is deleted.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK a80c0553-bf44-472b-a141-674b2d47209b is scheduled for deletion, revert it if it was unintentionally.", - "metadata": { - "event_code": "kms_cmk_not_deleted_unintentionally", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "FAIL", - "status_detail": "KMS CMK a80c0553-bf44-472b-a141-674b2d47209b is scheduled for deletion, revert it if it was unintentionally.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "AM-07.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-16.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.9.2", - "2.10.1" - ], - "PCI-4.0": [ - "3.5.1.1.9", - "3.5.1.3.17", - "3.6.1.2.9", - "3.6.1.3.9", - "3.6.1.4.9", - "3.6.1.9", - "3.7.1.10", - "3.7.2.9", - "3.7.4.10", - "3.7.6.9", - "3.7.7.9", - "4.2.1.1.22" - ], - "CCC": [ - "CCC.KeyMgmt.CN01.AR01", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR02", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.ObjStor.CN05.AR04", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Foundational-Security-Best-Practices": [ - "KMS.3" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.9.2", - "2.10.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure there is no customer keys scheduled for deletion.", - "title": "AWS KMS keys should not be deleted unintentionally", - "types": [ - "Data Deletion Protection" - ], - "uid": "prowler-aws-kms_cmk_not_deleted_unintentionally-211203495394-us-east-1-a80c0553-bf44-472b-a141-674b2d47209b" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "id": "a80c0553-bf44-472b-a141-674b2d47209b", - "arn": "arn:aws:kms:us-east-1:211203495394:key/a80c0553-bf44-472b-a141-674b2d47209b", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - }, - { - "Sid": "Allow CloudWatch Logs", - "Effect": "Allow", - "Principal": { - "Service": "logs.us-east-1.amazonaws.com" - }, - "Action": [ - "kms:Encrypt*", - "kms:Decrypt*", - "kms:ReEncrypt*", - "kms:GenerateDataKey*", - "kms:Describe*" - ], - "Resource": "*", - "Condition": { - "ArnLike": { - "kms:EncryptionContext:aws:logs:arn": "arn:aws:logs:us-east-1:211203495394:log-group:/aws/s3/*" - } - } - }, - { - "Sid": "Allow Key Users", - "Effect": "Allow", - "Principal": { - "AWS": [ - "arn:aws:iam::211203495394:root", - "arn:aws:iam::211203495394:user/terraform-user" - ] - }, - "Action": [ - "kms:Encrypt", - "kms:Decrypt", - "kms:ReEncrypt*", - "kms:GenerateDataKey*", - "kms:DescribeKey" - ], - "Resource": "*", - "Condition": { - "ArnLike": { - "kms:EncryptionContext:aws:logs:arn": "arn:aws:logs:us-east-1:211203495394:log-group:/aws/s3/*" - } - } - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "us-east-1", - "multi_region": false, - "tags": [ - { - "TagKey": "Environment", - "TagValue": "Production" - }, - { - "TagKey": "Owner", - "TagValue": "CFI" - }, - { - "TagKey": "managed-by", - "TagValue": "terraform" - }, - { - "TagKey": "module", - "TagValue": "secure-s3" - } - ] - } - }, - "group": { - "name": "kms" - }, - "labels": [ - "TagKey:module", - "TagValue:secure-s3" - ], - "name": "a80c0553-bf44-472b-a141-674b2d47209b", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:us-east-1:211203495394:key/a80c0553-bf44-472b-a141-674b2d47209b" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Cancel the deletion before the end of the period unless you really want to delete that CMK, as it will no longer be usable.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html#deleting-keys-scheduling-key-deletion-console" - ] - }, - "risk_details": "KMS keys cannot be recovered once deleted, also, all the data under a KMS key is also permanently unrecoverable if the KMS key is deleted.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK bcf39cd2-6148-425c-8c08-c140ee2c5a9f is scheduled for deletion, revert it if it was unintentionally.", - "metadata": { - "event_code": "kms_cmk_not_deleted_unintentionally", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "FAIL", - "status_detail": "KMS CMK bcf39cd2-6148-425c-8c08-c140ee2c5a9f is scheduled for deletion, revert it if it was unintentionally.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "AM-07.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-16.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.9.2", - "2.10.1" - ], - "PCI-4.0": [ - "3.5.1.1.9", - "3.5.1.3.17", - "3.6.1.2.9", - "3.6.1.3.9", - "3.6.1.4.9", - "3.6.1.9", - "3.7.1.10", - "3.7.2.9", - "3.7.4.10", - "3.7.6.9", - "3.7.7.9", - "4.2.1.1.22" - ], - "CCC": [ - "CCC.KeyMgmt.CN01.AR01", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR02", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.ObjStor.CN05.AR04", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Foundational-Security-Best-Practices": [ - "KMS.3" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.9.2", - "2.10.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure there is no customer keys scheduled for deletion.", - "title": "AWS KMS keys should not be deleted unintentionally", - "types": [ - "Data Deletion Protection" - ], - "uid": "prowler-aws-kms_cmk_not_deleted_unintentionally-211203495394-us-east-1-bcf39cd2-6148-425c-8c08-c140ee2c5a9f" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "id": "bcf39cd2-6148-425c-8c08-c140ee2c5a9f", - "arn": "arn:aws:kms:us-east-1:211203495394:key/bcf39cd2-6148-425c-8c08-c140ee2c5a9f", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - }, - { - "Sid": "Allow CloudWatch Logs", - "Effect": "Allow", - "Principal": { - "Service": "logs.us-east-1.amazonaws.com" - }, - "Action": [ - "kms:Encrypt*", - "kms:Decrypt*", - "kms:ReEncrypt*", - "kms:GenerateDataKey*", - "kms:Describe*" - ], - "Resource": "*", - "Condition": { - "ArnLike": { - "kms:EncryptionContext:aws:logs:arn": "arn:aws:logs:us-east-1:211203495394:log-group:/aws/s3/*" - } - } - }, - { - "Sid": "Allow Key Users", - "Effect": "Allow", - "Principal": { - "AWS": [ - "arn:aws:iam::211203495394:root", - "arn:aws:iam::211203495394:user/terraform-user" - ] - }, - "Action": [ - "kms:Encrypt", - "kms:Decrypt", - "kms:ReEncrypt*", - "kms:GenerateDataKey*", - "kms:DescribeKey" - ], - "Resource": "*", - "Condition": { - "ArnLike": { - "kms:EncryptionContext:aws:logs:arn": "arn:aws:logs:us-east-1:211203495394:log-group:/aws/s3/*" - } - } - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "us-east-1", - "multi_region": false, - "tags": [ - { - "TagKey": "Environment", - "TagValue": "Production" - }, - { - "TagKey": "Owner", - "TagValue": "CFI" - }, - { - "TagKey": "managed-by", - "TagValue": "terraform" - }, - { - "TagKey": "module", - "TagValue": "secure-s3" - } - ] - } - }, - "group": { - "name": "kms" - }, - "labels": [ - "TagKey:module", - "TagValue:secure-s3" - ], - "name": "bcf39cd2-6148-425c-8c08-c140ee2c5a9f", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:us-east-1:211203495394:key/bcf39cd2-6148-425c-8c08-c140ee2c5a9f" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Cancel the deletion before the end of the period unless you really want to delete that CMK, as it will no longer be usable.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html#deleting-keys-scheduling-key-deletion-console" - ] - }, - "risk_details": "KMS keys cannot be recovered once deleted, also, all the data under a KMS key is also permanently unrecoverable if the KMS key is deleted.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK db617ef7-813a-45f5-b3e3-65c57fdf56a3 is a single-region key.", - "metadata": { - "event_code": "kms_cmk_not_multi_region", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "KMS CMK db617ef7-813a-45f5-b3e3-65c57fdf56a3 is a single-region key.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html#multi-region-concepts", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Multi-region keys should be used only when absolutely necessary, such as for cross-region disaster recovery, and should be carefully managed with strict access controls.", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "CRY-03.01B", - "CRY-05.02B", - "CRY-10.01B", - "CRY-19.01B", - "PSS-12.02AC" - ], - "CCC": [ - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR04", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04", - "CCC.Core.CN11.AR05" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure that AWS KMS customer managed keys (CMKs) are not multi-region to maintain strict data control and compliance with security best practices.", - "title": "AWS KMS customer managed keys should not be multi-Region", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-kms_cmk_not_multi_region-211203495394-eu-west-1-db617ef7-813a-45f5-b3e3-65c57fdf56a3" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "db617ef7-813a-45f5-b3e3-65c57fdf56a3", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/db617ef7-813a-45f5-b3e3-65c57fdf56a3", - "state": "Enabled", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": true, - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "Default", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [ - { - "TagKey": "Example", - "TagValue": "ex-rds" - }, - { - "TagKey": "GithubOrg", - "TagValue": "terraform-aws-modules" - }, - { - "TagKey": "GithubRepo", - "TagValue": "terraform-aws-rds-aurora" - } - ] - } - }, - "group": { - "name": "kms" - }, - "labels": [ - "TagKey:GithubRepo", - "TagValue:terraform-aws-rds-aurora" - ], - "name": "db617ef7-813a-45f5-b3e3-65c57fdf56a3", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/db617ef7-813a-45f5-b3e3-65c57fdf56a3" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Identify and replace multi-region keys with single-region KMS keys to enhance security and access control.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/mrk-when-to-use.html" - ] - }, - "risk_details": "Multi-region KMS keys can increase the risk of unauthorized access and data exposure, as managing access controls and auditing across multiple regions becomes more complex. This expanded attack surface may lead to compliance violations and data breaches.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK db617ef7-813a-45f5-b3e3-65c57fdf56a3 has automatic rotation enabled.", - "metadata": { - "event_code": "kms_cmk_rotation_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "KMS CMK db617ef7-813a-45f5-b3e3-65c57fdf56a3 has automatic rotation enabled.", - "status_id": 1, - "unmapped": { - "related_url": "https://aws.amazon.com/blogs/security/how-to-get-ready-for-certificate-transparency/", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "RBI-Cyber-Security-Framework": [ - "annex_i_1_3" - ], - "HIPAA": [ - "164_312_a_2_iv" - ], - "C5-2025": [ - "OIS-08.02B", - "CRY-05.02B", - "CRY-06.01B", - "CRY-07.01B", - "CRY-09.02B", - "CRY-19.01B" - ], - "FedRamp-Moderate-Revision-4": [ - "sc-12" - ], - "CIS-3.0": [ - "3.6" - ], - "NIST-800-53-Revision-5": [ - "cm_6_a", - "cm_9_b", - "sa_9_6", - "sc_12", - "sc_12_2", - "sc_12_6" - ], - "ENS-RD2022": [ - "op.exp.10.aws.cmk.3" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "CIS-4.0.1": [ - "3.6" - ], - "PCI-4.0": [ - "3.7.4.5", - "3.7.5.2" - ], - "FedRAMP-Low-Revision-4": [ - "sc-12" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "CIS-5.0": [ - "3.6" - ], - "CIS-1.4": [ - "3.8" - ], - "CCC": [ - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN03.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04", - "CCC.Core.CN11.AR05", - "CCC.Core.CN11.AR06" - ], - "GxP-21-CFR-Part-11": [ - "11.30" - ], - "ProwlerThreatScore-1.0": [ - "3.2.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "KMS.4" - ], - "CIS-1.5": [ - "3.8" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC02-BP05" - ], - "ISO27001-2022": [ - "A.8.5", - "A.8.11", - "A.8.24" - ], - "NIST-800-53-Revision-4": [ - "sc_12" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "CIS-2.0": [ - "3.8" - ], - "CISA": [ - "your-systems-3" - ], - "NIS2": [ - "11.6.2.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure rotation for customer created KMS CMKs is enabled.", - "title": "Ensure rotation for customer created KMS CMKs is enabled.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-kms_cmk_rotation_enabled-211203495394-eu-west-1-db617ef7-813a-45f5-b3e3-65c57fdf56a3" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "db617ef7-813a-45f5-b3e3-65c57fdf56a3", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/db617ef7-813a-45f5-b3e3-65c57fdf56a3", - "state": "Enabled", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": true, - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "Default", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [ - { - "TagKey": "Example", - "TagValue": "ex-rds" - }, - { - "TagKey": "GithubOrg", - "TagValue": "terraform-aws-modules" - }, - { - "TagKey": "GithubRepo", - "TagValue": "terraform-aws-rds-aurora" - } - ] - } - }, - "group": { - "name": "kms" - }, - "labels": [ - "TagKey:GithubRepo", - "TagValue:terraform-aws-rds-aurora" - ], - "name": "db617ef7-813a-45f5-b3e3-65c57fdf56a3", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/db617ef7-813a-45f5-b3e3-65c57fdf56a3" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "For every KMS Customer Master Keys (CMKs), ensure that Rotate this key every year is enabled.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html" - ] - }, - "risk_details": "Cryptographic best practices discourage extensive reuse of encryption keys. Consequently, Customer Master Keys (CMKs) should be rotated to prevent usage of compromised keys.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS key db617ef7-813a-45f5-b3e3-65c57fdf56a3 is not exposed to Public.", - "metadata": { - "event_code": "kms_key_not_publicly_accessible", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "KMS key db617ef7-813a-45f5-b3e3-65c57fdf56a3 is not exposed to Public.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/kms/latest/developerguide/determining-access.html", - "categories": [ - "internet-exposed", - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "PS-03.02B", - "IAM-10.01B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-19.01B", - "COS-02.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "CCC": [ - "CCC.ObjStor.CN01.AR01", - "CCC.ObjStor.CN01.AR02", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04" - ], - "ProwlerThreatScore-1.0": [ - "2.2.14" - ], - "AWS-Foundational-Security-Best-Practices": [ - "KMS.5" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC03-BP07" - ], - "ISO27001-2022": [ - "A.8.1" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "NIS2": [ - "9.2.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Check exposed KMS keys", - "title": "Check exposed KMS keys", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-kms_key_not_publicly_accessible-211203495394-eu-west-1-db617ef7-813a-45f5-b3e3-65c57fdf56a3" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "db617ef7-813a-45f5-b3e3-65c57fdf56a3", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/db617ef7-813a-45f5-b3e3-65c57fdf56a3", - "state": "Enabled", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": true, - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "Default", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [ - { - "TagKey": "Example", - "TagValue": "ex-rds" - }, - { - "TagKey": "GithubOrg", - "TagValue": "terraform-aws-modules" - }, - { - "TagKey": "GithubRepo", - "TagValue": "terraform-aws-rds-aurora" - } - ] - } - }, - "group": { - "name": "kms" - }, - "labels": [ - "TagKey:GithubRepo", - "TagValue:terraform-aws-rds-aurora" - ], - "name": "db617ef7-813a-45f5-b3e3-65c57fdf56a3", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/db617ef7-813a-45f5-b3e3-65c57fdf56a3" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "To determine the full extent of who or what currently has access to a customer master key (CMK) in AWS KMS, you must examine the CMK key policy, all grants that apply to the CMK and potentially all AWS Identity and Access Management (IAM) policies. You might do this to determine the scope of potential usage of a CMK.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/determining-access.html" - ] - }, - "risk_details": "Exposed KMS Keys or wide policy permissions my leave data unprotected.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "VPC ex-vpc does not have Network Firewall enabled.", - "metadata": { - "event_code": "networkfirewall_in_all_vpc", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "VPC ex-vpc does not have Network Firewall enabled.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/network-firewall/latest/developerguide/setting-up.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "AM-12.01AC", - "COS-07.04B", - "PI-01.01AC" - ], - "ENS-RD2022": [ - "mp.com.1.aws.nfw.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.1", - "2.10.2" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "KISA-ISMS-P-2023": [ - "2.10.1", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1048", - "T1530", - "T1499", - "T1498", - "T1046" - ], - "NIS2": [ - "6.2.1", - "6.7.2.b" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure all VPCs have Network Firewall enabled", - "title": "Ensure all VPCs have Network Firewall enabled", - "types": [], - "uid": "prowler-aws-networkfirewall_in_all_vpc-211203495394-eu-west-1-vpc-007d791b9b857543e" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:ec2:eu-west-1:211203495394:vpc/vpc-007d791b9b857543e", - "id": "vpc-007d791b9b857543e", - "name": "ex-vpc", - "default": false, - "in_use": true, - "cidr_block": "10.0.0.0/16", - "flow_log": true, - "region": "eu-west-1", - "subnets": [ - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-0ed85e6f7a21ca120", - "id": "subnet-0ed85e6f7a21ca120", - "name": "ex-vpc-db-eu-west-1b", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.9.0/24", - "availability_zone": "eu-west-1b", - "public": false, - "in_use": false, - "nat_gateway": true, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Name", - "Value": "ex-vpc-db-eu-west-1b" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Example", - "Value": "ex-vpc" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-0dff6254fddd22140", - "id": "subnet-0dff6254fddd22140", - "name": "ex-vpc-intra-eu-west-1c", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.22.0/24", - "availability_zone": "eu-west-1c", - "public": false, - "in_use": false, - "nat_gateway": false, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "Name", - "Value": "ex-vpc-intra-eu-west-1c" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-003e93ce0ba0d219a", - "id": "subnet-003e93ce0ba0d219a", - "name": "Redshift Subnet Two", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.17.0/24", - "availability_zone": "eu-west-1b", - "public": false, - "in_use": false, - "nat_gateway": true, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Name", - "Value": "Redshift Subnet Two" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-0b96cff7e9a8bbcac", - "id": "subnet-0b96cff7e9a8bbcac", - "name": "Elasticache Subnet One", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.12.0/24", - "availability_zone": "eu-west-1a", - "public": false, - "in_use": false, - "nat_gateway": true, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "Name", - "Value": "Elasticache Subnet One" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-00526a0cd693d0679", - "id": "subnet-00526a0cd693d0679", - "name": "ex-vpc-public-eu-west-1c", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.6.0/24", - "availability_zone": "eu-west-1c", - "public": true, - "in_use": false, - "nat_gateway": false, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "Name", - "Value": "ex-vpc-public-eu-west-1c" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-03dfe7e9e94d1af9f", - "id": "subnet-03dfe7e9e94d1af9f", - "name": "DB Subnet One", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.8.0/24", - "availability_zone": "eu-west-1a", - "public": false, - "in_use": false, - "nat_gateway": true, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Name", - "Value": "DB Subnet One" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Example", - "Value": "ex-vpc" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-0916ac2a0e7ef95cf", - "id": "subnet-0916ac2a0e7ef95cf", - "name": "Private Subnet One", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.0.0/24", - "availability_zone": "eu-west-1a", - "public": false, - "in_use": true, - "nat_gateway": true, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "Name", - "Value": "Private Subnet One" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-094260cca8a477871", - "id": "subnet-094260cca8a477871", - "name": "Private Subnet Two", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.1.0/24", - "availability_zone": "eu-west-1b", - "public": false, - "in_use": true, - "nat_gateway": true, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Name", - "Value": "Private Subnet Two" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-092b870816e369a70", - "id": "subnet-092b870816e369a70", - "name": "ex-vpc-public-eu-west-1a", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.4.0/24", - "availability_zone": "eu-west-1a", - "public": true, - "in_use": true, - "nat_gateway": false, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "Name", - "Value": "ex-vpc-public-eu-west-1a" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-0503024220aeb7296", - "id": "subnet-0503024220aeb7296", - "name": "ex-vpc-elasticache-eu-west-1c", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.14.0/24", - "availability_zone": "eu-west-1c", - "public": false, - "in_use": false, - "nat_gateway": true, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "Name", - "Value": "ex-vpc-elasticache-eu-west-1c" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Example", - "Value": "ex-vpc" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-0065b4be93c6e8110", - "id": "subnet-0065b4be93c6e8110", - "name": "ex-vpc-private-eu-west-1c", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.2.0/24", - "availability_zone": "eu-west-1c", - "public": false, - "in_use": true, - "nat_gateway": true, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "Name", - "Value": "ex-vpc-private-eu-west-1c" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-049af33a5bc4a8bee", - "id": "subnet-049af33a5bc4a8bee", - "name": "ex-vpc-intra-eu-west-1b", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.21.0/24", - "availability_zone": "eu-west-1b", - "public": false, - "in_use": false, - "nat_gateway": false, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Name", - "Value": "ex-vpc-intra-eu-west-1b" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-050902d37d76ff633", - "id": "subnet-050902d37d76ff633", - "name": "ex-vpc-db-eu-west-1c", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.10.0/24", - "availability_zone": "eu-west-1c", - "public": false, - "in_use": false, - "nat_gateway": true, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "Name", - "Value": "ex-vpc-db-eu-west-1c" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-0951ea7ab41c5e46f", - "id": "subnet-0951ea7ab41c5e46f", - "name": "Elasticache Subnet Two", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.13.0/24", - "availability_zone": "eu-west-1b", - "public": false, - "in_use": false, - "nat_gateway": true, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "Name", - "Value": "Elasticache Subnet Two" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-08017c3b1071423b7", - "id": "subnet-08017c3b1071423b7", - "name": "Redshift Subnet One", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.16.0/24", - "availability_zone": "eu-west-1a", - "public": false, - "in_use": false, - "nat_gateway": true, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Name", - "Value": "Redshift Subnet One" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Example", - "Value": "ex-vpc" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-066aeeffb9d61ac77", - "id": "subnet-066aeeffb9d61ac77", - "name": "Redshift Subnet Three", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.18.0/24", - "availability_zone": "eu-west-1c", - "public": false, - "in_use": false, - "nat_gateway": true, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Name", - "Value": "Redshift Subnet Three" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-0f2535905905cd998", - "id": "subnet-0f2535905905cd998", - "name": "ex-vpc-intra-eu-west-1a", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.20.0/24", - "availability_zone": "eu-west-1a", - "public": false, - "in_use": false, - "nat_gateway": false, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "Name", - "Value": "ex-vpc-intra-eu-west-1a" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Example", - "Value": "ex-vpc" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-0ea254ffb94ba85e0", - "id": "subnet-0ea254ffb94ba85e0", - "name": "ex-vpc-public-eu-west-1b", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.5.0/24", - "availability_zone": "eu-west-1b", - "public": true, - "in_use": false, - "nat_gateway": false, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Name", - "Value": "ex-vpc-public-eu-west-1b" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - } - ] - } - ], - "tags": [ - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Name", - "Value": "ex-vpc" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Example", - "Value": "ex-vpc" - } - ] - } - }, - "group": { - "name": "networkfirewall" - }, - "labels": [ - "GithubOrg:terraform-aws-modules", - "Name:ex-vpc", - "GithubRepo:terraform-aws-vpc", - "Example:ex-vpc" - ], - "name": "vpc-007d791b9b857543e", - "type": "AwsEc2Vpc", - "uid": "arn:aws:ec2:eu-west-1:211203495394:vpc/vpc-007d791b9b857543e" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Ensure all VPCs have Network Firewall enabled", - "references": [ - "https://docs.aws.amazon.com/network-firewall/latest/developerguide/vpc-config.html" - ] - }, - "risk_details": "Without a network firewall, it can be difficult to monitor and control traffic within the VPC. This can make it harder to detect and prevent attacks or unauthorized access to resources.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "AWS Organizations is not in-use for this AWS Account.", - "metadata": { - "event_code": "organizations_account_part_of_organizations", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "AWS Organizations is not in-use for this AWS Account.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "RBI-Cyber-Security-Framework": [ - "annex_i_1_1" - ], - "ENS-RD2022": [ - "op.acc.4.aws.iam.1", - "op.acc.4.aws.iam.8" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2" - ], - "PCI-4.0": [ - "7.2.1.1", - "7.2.2.1", - "7.2.5.1", - "7.3.1.1", - "7.3.2.1", - "7.3.3.1", - "8.2.7.1", - "8.2.8.1", - "8.3.4.1" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC01-BP01", - "SEC03-BP05", - "SEC08-BP04" - ], - "ISO27001-2022": [ - "A.8.3" - ], - "KISA-ISMS-P-2023": [ - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1078", - "T1087", - "T1580", - "T1538" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure that AWS Organizations service is currently in use.", - "title": "Check if account is part of an AWS Organizations", - "types": [ - "Logging and Monitoring" - ], - "uid": "prowler-aws-organizations_account_part_of_organizations-211203495394-us-east-1-unknown" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:organizations::211203495394:unknown", - "id": "unknown", - "status": "NOT_AVAILABLE", - "master_id": "", - "policies": {}, - "delegated_administrators": null - } - }, - "group": { - "name": "organizations" - }, - "labels": [], - "name": "unknown", - "type": "Other", - "uid": "arn:aws:organizations::211203495394:unknown" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Create or Join an AWS Organization", - "references": [ - "https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_org_create.html" - ] - }, - "risk_details": "The risk associated with not being part of an AWS Organizations is that it can lead to a lack of centralized management and control over the AWS accounts in an organization. This can make it difficult to enforce security policies consistently across all accounts, and can also result in increased costs due to inefficiencies in resource usage. Additionally, not being part of an AWS Organizations can make it harder to track and manage account usage and access.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "AWS Organizations is not in-use for this AWS Account.", - "metadata": { - "event_code": "organizations_opt_out_ai_services_policy", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "AWS Organizations is not in-use for this AWS Account.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_ai-opt-out_all.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "KISA-ISMS-P-2023-korean": [ - "2.10.2" - ], - "KISA-ISMS-P-2023": [ - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "This control checks whether the AWS Organizations opt-out of AI services policy is enabled and whether child-accounts are disallowed to overwrite this policy. The control fails if the policy is not enabled or if child-accounts are not disallowed to overwrite this policy.", - "title": "Ensure that AWS Organizations opt-out of AI services policy is enabled and disallow child-accounts to overwrite this policy.", - "types": [], - "uid": "prowler-aws-organizations_opt_out_ai_services_policy-211203495394-us-east-1-unknown" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:organizations::211203495394:unknown", - "id": "unknown", - "status": "NOT_AVAILABLE", - "master_id": "", - "policies": {}, - "delegated_administrators": null - } - }, - "group": { - "name": "organizations" - }, - "labels": [], - "name": "unknown", - "type": "Other", - "uid": "arn:aws:organizations::211203495394:unknown" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Artificial Intelligence (AI) services opt-out policies enable you to control whether AWS AI services can store and use your content. Enable the AWS Organizations opt-out of AI services policy and disallow child-accounts to overwrite this policy.", - "references": [ - "https://docs.aws.amazon.com/organizations/latest/userguide/disable-policy-type.html" - ] - }, - "risk_details": "By default, AWS may be using your data to train its AI models. This may include data from your AWS CloudTrail logs, AWS Config rules, and AWS GuardDuty findings. If you opt out of AI services, AWS will not use your data to train its AI models.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "AWS Organizations is not in-use for this AWS Account.", - "metadata": { - "event_code": "organizations_scp_check_deny_regions", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "AWS Organizations is not in-use for this AWS Account.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "PSS-12.02AC" - ], - "ENS-RD2022": [ - "op.acc.4.aws.iam.1", - "op.acc.4.aws.iam.8" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2" - ], - "CCC": [ - "CCC.Core.CN06.AR01", - "CCC.Core.CN06.AR02" - ], - "AWS-Account-Security-Onboarding": [ - "Block unused regions" - ], - "KISA-ISMS-P-2023": [ - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1078", - "T1535" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "As best practice, AWS Regions should be restricted and only allow the ones that are needed.", - "title": "Check if AWS Regions are restricted with SCP policies", - "types": [ - "Logging and Monitoring" - ], - "uid": "prowler-aws-organizations_scp_check_deny_regions-211203495394-us-east-1-unknown" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:organizations::211203495394:unknown", - "id": "unknown", - "status": "NOT_AVAILABLE", - "master_id": "", - "policies": {}, - "delegated_administrators": null - } - }, - "group": { - "name": "organizations" - }, - "labels": [], - "name": "unknown", - "type": "Other", - "uid": "arn:aws:organizations::211203495394:unknown" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Restrict AWS Regions using SCP policies.", - "references": [ - "https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scps_examples_general.html#example-scp-deny-region" - ] - }, - "risk_details": "The risk associated with not restricting AWS Regions with Service Control Policies (SCPs) is that it can lead to unauthorized access or use of resources in regions that are not intended for use. This can result in increased costs due to inefficiencies in resource usage and can also expose sensitive data to unauthorized access or breaches. By restricting access to AWS Regions with SCP policies, organizations can help ensure that only authorized personnel have access to the resources they need, while minimizing the risk of security breaches and compliance violations.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "AWS Organizations is not in-use for this AWS Account.", - "metadata": { - "event_code": "organizations_tags_policies_enabled_and_attached", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "AWS Organizations is not in-use for this AWS Account.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "AM-09.01B" - ], - "ENS-RD2022": [ - "op.exp.1.aws.sys.2", - "op.exp.1.aws.tag.1", - "op.exp.10.aws.tag.1", - "mp.info.6.aws.tag.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.1.3" - ], - "ISO27001-2022": [ - "A.5.13" - ], - "KISA-ISMS-P-2023": [ - "2.1.3" - ], - "NIS2": [ - "11.5.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Check if an AWS Organization has tags policies enabled and attached.", - "title": "Check if an AWS Organization has tags policies enabled and attached.", - "types": [], - "uid": "prowler-aws-organizations_tags_policies_enabled_and_attached-211203495394-us-east-1-unknown" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:organizations::211203495394:unknown", - "id": "unknown", - "status": "NOT_AVAILABLE", - "master_id": "", - "policies": {}, - "delegated_administrators": null - } - }, - "group": { - "name": "organizations" - }, - "labels": [], - "name": "unknown", - "type": "Other", - "uid": "arn:aws:organizations::211203495394:unknown" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Enable and attach AWS Organizations tags policies.", - "references": [ - "https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies.html" - ] - }, - "risk_details": "If an AWS Organization tags policies are not enabled and attached, it is not possible to enforce tags on AWS resources.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No Resource Explorer Indexes found.", - "metadata": { - "event_code": "resourceexplorer2_indexes_found", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "No Resource Explorer Indexes found.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.exp.1.aws.re.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.2" - ], - "KISA-ISMS-P-2023": [ - "2.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Resource Explorer Indexes Found", - "title": "Resource Explorer Indexes Found", - "types": [], - "uid": "prowler-aws-resourceexplorer2_indexes_found-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "resourceexplorer2" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:resource-explorer:us-east-1:211203495394:index" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Create indexes", - "references": [ - "https://docs.aws.amazon.com/resource-explorer/latest/userguide/manage-service-turn-on-region.html" - ] - }, - "risk_details": "Not having Resource Explorer indexes can result in increased complexity and overhead in managing your resources, as well as increased risk of security and compliance issues.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Block Public Access is not configured for the account 211203495394.", - "metadata": { - "event_code": "s3_account_level_public_access_blocks", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Block Public Access is not configured for the account 211203495394.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_1", - "3_1_2", - "3_1_3", - "3_1_14", - "3_1_20", - "3_3_8", - "3_4_6", - "3_13_2", - "3_13_5" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_1_3" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_308_a_3_i" - ], - "C5-2025": [ - "PS-03.02B", - "IAM-10.01B", - "COS-02.01B" - ], - "NIST-CSF-1.1": [ - "ac_3", - "ac_5", - "ds_5", - "ip_8", - "pt_3" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-3", - "ac-6", - "ac-17-1", - "ac-21-b", - "cm-2", - "sc-4", - "sc-7-3", - "sc-7" - ], - "CIS-3.0": [ - "2.1.4" - ], - "NIST-800-53-Revision-5": [ - "ac_2_6", - "ac_3", - "ac_3_7", - "ac_4_21", - "ac_6", - "ac_17_b", - "ac_17_1", - "ac_17_4_a", - "ac_17_9", - "ac_17_10", - "cm_6_a", - "cm_9_b", - "mp_2", - "sc_7_2", - "sc_7_3", - "sc_7_7", - "sc_7_9_a", - "sc_7_11", - "sc_7_12", - "sc_7_16", - "sc_7_20", - "sc_7_21", - "sc_7_24_b", - "sc_7_25", - "sc_7_26", - "sc_7_27", - "sc_7_28", - "sc_7_a", - "sc_7_b", - "sc_7_c", - "sc_25" - ], - "AWS-Audit-Manager-Control-Tower-Guardrails": [ - "4.1.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.1", - "2.6.2", - "2.10.2" - ], - "CIS-4.0.1": [ - "2.1.4" - ], - "PCI-4.0": [ - "1.2.8.31", - "1.2.8.32", - "1.3.1.35", - "1.3.1.36", - "1.3.2.35", - "1.3.2.36", - "1.4.2.33", - "1.4.2.34", - "1.5.1.31", - "1.5.1.32", - "10.3.2.19", - "10.3.2.20", - "3.5.1.3.24", - "3.5.1.3.25", - "A1.1.2.15", - "A1.1.2.16", - "A1.1.3.31", - "A1.1.3.32", - "A3.4.1.17", - "A3.4.1.18" - ], - "FedRAMP-Low-Revision-4": [ - "ac-3", - "ac-17", - "cm-2", - "sc-7" - ], - "FFIEC": [ - "d3-pc-im-b-1" - ], - "PCI-3.2.1": [ - "1.3", - "2.2", - "2.2.2", - "7.2", - "7.2.1" - ], - "CIS-5.0": [ - "2.1.4" - ], - "CIS-1.4": [ - "2.1.5" - ], - "CCC": [ - "CCC.Logging.CN05.AR01", - "CCC.Logging.CN05.AR02", - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN05.AR01" - ], - "GxP-21-CFR-Part-11": [ - "11.10-d", - "11.10-g" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.1" - ], - "CIS-1.5": [ - "2.1.5" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC03-BP07" - ], - "ISO27001-2022": [ - "A.8.1" - ], - "NIST-800-53-Revision-4": [ - "sc_7_3", - "sc_7" - ], - "AWS-Account-Security-Onboarding": [ - "S3 Block Public Access" - ], - "KISA-ISMS-P-2023": [ - "2.6.1", - "2.6.2", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1530" - ], - "CIS-2.0": [ - "2.1.4" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Check S3 Account Level Public Access Block.", - "title": "Check S3 Account Level Public Access Block.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_account_level_public_access_blocks-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "block_public_acls": false, - "ignore_public_acls": false, - "block_public_policy": false, - "restrict_public_buckets": false - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "211203495394", - "type": "AwsS3AccountPublicAccessBlock", - "uid": "arn:aws:s3:us-east-1:211203495394:account" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "You can enable Public Access Block at the account level to prevent the exposure of your data stored in S3.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html" - ] - }, - "risk_details": "Public access policies may be applied to sensitive data buckets.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket test-bucket-obj-untrusted has bucket ACLs disabled.", - "metadata": { - "event_code": "s3_bucket_acl_prohibited", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 Bucket test-bucket-obj-untrusted has bucket ACLs disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.2", - "2.10.2" - ], - "PCI-4.0": [ - "7.2.1.24", - "7.2.2.24", - "7.2.5.18", - "7.3.1.18", - "7.3.2.18", - "7.3.3.18", - "8.2.7.18", - "8.2.8.20", - "8.3.4.18" - ], - "CCC": [ - "CCC.ObjStor.CN02.AR02" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.12" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP02" - ], - "KISA-ISMS-P-2023": [ - "2.6.2", - "2.10.2" - ], - "CISA": [ - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Check if S3 buckets have ACLs enabled", - "title": "Check if S3 buckets have ACLs enabled", - "types": [ - "Logging and Monitoring" - ], - "uid": "prowler-aws-s3_bucket_acl_prohibited-211203495394-us-east-1-test-bucket-obj-untrusted" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::test-bucket-obj-untrusted", - "name": "test-bucket-obj-untrusted", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": null, - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "us-east-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "test-bucket-obj-untrusted", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::test-bucket-obj-untrusted" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Ensure that S3 ACLs are disabled (BucketOwnerEnforced). Use IAM policies and bucket policies to manage access.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html" - ] - }, - "risk_details": "S3 ACLs are a legacy access control mechanism that predates IAM. IAM and bucket policies are currently the preferred methods.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket test-bucket-untrusted-kms has bucket ACLs disabled.", - "metadata": { - "event_code": "s3_bucket_acl_prohibited", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 Bucket test-bucket-untrusted-kms has bucket ACLs disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.2", - "2.10.2" - ], - "PCI-4.0": [ - "7.2.1.24", - "7.2.2.24", - "7.2.5.18", - "7.3.1.18", - "7.3.2.18", - "7.3.3.18", - "8.2.7.18", - "8.2.8.20", - "8.3.4.18" - ], - "CCC": [ - "CCC.ObjStor.CN02.AR02" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.12" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP02" - ], - "KISA-ISMS-P-2023": [ - "2.6.2", - "2.10.2" - ], - "CISA": [ - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Check if S3 buckets have ACLs enabled", - "title": "Check if S3 buckets have ACLs enabled", - "types": [ - "Logging and Monitoring" - ], - "uid": "prowler-aws-s3_bucket_acl_prohibited-211203495394-us-east-1-test-bucket-untrusted-kms" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::test-bucket-untrusted-kms", - "name": "test-bucket-untrusted-kms", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "us-east-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "test-bucket-untrusted-kms", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::test-bucket-untrusted-kms" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Ensure that S3 ACLs are disabled (BucketOwnerEnforced). Use IAM policies and bucket policies to manage access.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html" - ] - }, - "risk_details": "S3 ACLs are a legacy access control mechanism that predates IAM. IAM and bucket policies are currently the preferred methods.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket test-bucket-obj-untrusted does not have a bucket policy.", - "metadata": { - "event_code": "s3_bucket_cross_account_access", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 Bucket test-bucket-obj-untrusted does not have a bucket policy.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-10.01B", - "IAM-10.02B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "PCI-4.0": [ - "10.6.3.33", - "10.6.3.35", - "7.2.1.25", - "7.2.1.26", - "7.2.1.27", - "7.2.2.25", - "7.2.2.26", - "7.2.2.27", - "7.2.5.19", - "7.2.5.20", - "7.2.5.21", - "7.2.6.4", - "7.2.6.5", - "7.3.1.19", - "7.3.1.20", - "7.3.1.21", - "7.3.2.19", - "7.3.2.20", - "7.3.2.21", - "7.3.3.19", - "7.3.3.20", - "7.3.3.21", - "8.2.7.19", - "8.2.7.20", - "8.2.7.21", - "8.2.8.21", - "8.2.8.22", - "8.2.8.23", - "8.3.4.19", - "8.3.4.20", - "8.3.4.21" - ], - "CCC": [ - "CCC.AuditLog.CN05.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN10.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.6", - "S3.7" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "This check verifies that S3 bucket policies are configured in a way that limits access to the intended AWS accounts only, preventing unauthorized access by external or unintended accounts.", - "title": "Ensure that general-purpose bucket policies restrict access to other AWS accounts.", - "types": [ - "Effects/Data Exposure" - ], - "uid": "prowler-aws-s3_bucket_cross_account_access-211203495394-us-east-1-test-bucket-obj-untrusted" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::test-bucket-obj-untrusted", - "name": "test-bucket-obj-untrusted", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": null, - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "us-east-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "test-bucket-obj-untrusted", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::test-bucket-obj-untrusted" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Review and update your S3 bucket policies to remove permissions that grant external AWS accounts access to critical actions and implement least privilege principles to ensure sensitive operations are restricted to trusted accounts only", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html" - ] - }, - "risk_details": "Allowing other AWS accounts to perform sensitive actions (e.g., modifying bucket policies, ACLs, or encryption settings) on your S3 buckets can lead to data exposure, unauthorized access, or misconfigurations, increasing the risk of insider threats or attacks.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket test-bucket-untrusted-kms does not have a bucket policy.", - "metadata": { - "event_code": "s3_bucket_cross_account_access", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 Bucket test-bucket-untrusted-kms does not have a bucket policy.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-10.01B", - "IAM-10.02B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "PCI-4.0": [ - "10.6.3.33", - "10.6.3.35", - "7.2.1.25", - "7.2.1.26", - "7.2.1.27", - "7.2.2.25", - "7.2.2.26", - "7.2.2.27", - "7.2.5.19", - "7.2.5.20", - "7.2.5.21", - "7.2.6.4", - "7.2.6.5", - "7.3.1.19", - "7.3.1.20", - "7.3.1.21", - "7.3.2.19", - "7.3.2.20", - "7.3.2.21", - "7.3.3.19", - "7.3.3.20", - "7.3.3.21", - "8.2.7.19", - "8.2.7.20", - "8.2.7.21", - "8.2.8.21", - "8.2.8.22", - "8.2.8.23", - "8.3.4.19", - "8.3.4.20", - "8.3.4.21" - ], - "CCC": [ - "CCC.AuditLog.CN05.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN10.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.6", - "S3.7" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "This check verifies that S3 bucket policies are configured in a way that limits access to the intended AWS accounts only, preventing unauthorized access by external or unintended accounts.", - "title": "Ensure that general-purpose bucket policies restrict access to other AWS accounts.", - "types": [ - "Effects/Data Exposure" - ], - "uid": "prowler-aws-s3_bucket_cross_account_access-211203495394-us-east-1-test-bucket-untrusted-kms" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::test-bucket-untrusted-kms", - "name": "test-bucket-untrusted-kms", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "us-east-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "test-bucket-untrusted-kms", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::test-bucket-untrusted-kms" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Review and update your S3 bucket policies to remove permissions that grant external AWS accounts access to critical actions and implement least privilege principles to ensure sensitive operations are restricted to trusted accounts only", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html" - ] - }, - "risk_details": "Allowing other AWS accounts to perform sensitive actions (e.g., modifying bucket policies, ACLs, or encryption settings) on your S3 buckets can lead to data exposure, unauthorized access, or misconfigurations, increasing the risk of insider threats or attacks.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket test-bucket-obj-untrusted does not have correct cross region replication configuration.", - "metadata": { - "event_code": "s3_bucket_cross_region_replication", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "S3 Bucket test-bucket-obj-untrusted does not have correct cross region replication configuration.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonS3/latest/userguide/replication.html", - "categories": [ - "redundancy" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.2" - ], - "PCI-3.2.1": [ - "2.2", - "3.1", - "3.1.c", - "10.5", - "10.5.3" - ], - "CCC": [ - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN05.AR02", - "CCC.Core.CN08.AR01", - "CCC.Core.CN08.AR02" - ], - "ISO27001-2022": [ - "A.8.14" - ], - "KISA-ISMS-P-2023": [ - "2.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Verifying whether S3 buckets have cross-region replication enabled, ensuring data redundancy and availability across multiple AWS regions", - "title": "Check if S3 buckets use cross region replication.", - "types": [ - "Secure access management" - ], - "uid": "prowler-aws-s3_bucket_cross_region_replication-211203495394-us-east-1-test-bucket-obj-untrusted" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::test-bucket-obj-untrusted", - "name": "test-bucket-obj-untrusted", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": null, - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "us-east-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "test-bucket-obj-untrusted", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::test-bucket-obj-untrusted" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Ensure that S3 buckets have cross region replication.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/replication-walkthrough1.html" - ] - }, - "risk_details": "Without cross-region replication in S3 buckets, data is at risk of being lost or inaccessible if an entire region goes down, leading to potential service disruptions and data unavailability.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket test-bucket-untrusted-kms does not have correct cross region replication configuration.", - "metadata": { - "event_code": "s3_bucket_cross_region_replication", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "S3 Bucket test-bucket-untrusted-kms does not have correct cross region replication configuration.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonS3/latest/userguide/replication.html", - "categories": [ - "redundancy" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.2" - ], - "PCI-3.2.1": [ - "2.2", - "3.1", - "3.1.c", - "10.5", - "10.5.3" - ], - "CCC": [ - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN05.AR02", - "CCC.Core.CN08.AR01", - "CCC.Core.CN08.AR02" - ], - "ISO27001-2022": [ - "A.8.14" - ], - "KISA-ISMS-P-2023": [ - "2.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Verifying whether S3 buckets have cross-region replication enabled, ensuring data redundancy and availability across multiple AWS regions", - "title": "Check if S3 buckets use cross region replication.", - "types": [ - "Secure access management" - ], - "uid": "prowler-aws-s3_bucket_cross_region_replication-211203495394-us-east-1-test-bucket-untrusted-kms" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::test-bucket-untrusted-kms", - "name": "test-bucket-untrusted-kms", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "us-east-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "test-bucket-untrusted-kms", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::test-bucket-untrusted-kms" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Ensure that S3 buckets have cross region replication.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/replication-walkthrough1.html" - ] - }, - "risk_details": "Without cross-region replication in S3 buckets, data is at risk of being lost or inaccessible if an entire region goes down, leading to potential service disruptions and data unavailability.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket test-bucket-obj-untrusted has Server Side Encryption with AES256.", - "metadata": { - "event_code": "s3_bucket_default_encryption", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 Bucket test-bucket-obj-untrusted has Server Side Encryption with AES256.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_3_8", - "3_5_10", - "3_13_11", - "3_13_16" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_1_3" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_308_a_4_ii_a", - "164_312_a_2_iv", - "164_312_c_1", - "164_312_c_2", - "164_312_e_2_ii" - ], - "C5-2025": [ - "OPS-31.01B", - "IAM-07.03B", - "CRY-01.02AC", - "CRY-05.01AC", - "PSS-12.02B" - ], - "NIST-CSF-1.1": [ - "ds_1" - ], - "FedRamp-Moderate-Revision-4": [ - "sc-13", - "sc-28" - ], - "NIST-800-53-Revision-5": [ - "au_9_3", - "cm_6_a", - "cm_9_b", - "cp_9_d", - "cp_9_8", - "pm_11_b", - "sc_8_3", - "sc_8_4", - "sc_13_a", - "sc_16_1", - "sc_28_1", - "si_19_4" - ], - "ENS-RD2022": [ - "mp.si.2.aws.s3.1" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.1", - "2.10.2" - ], - "PCI-4.0": [ - "3.5.1.30", - "8.3.2.48" - ], - "FedRAMP-Low-Revision-4": [ - "sc-13" - ], - "FFIEC": [ - "d3-pc-am-b-12" - ], - "GDPR": [ - "article_32" - ], - "PCI-3.2.1": [ - "3.4", - "3.4.1", - "3.4.1.a", - "3.4.1.c", - "3.4.a", - "3.4.b", - "3.4.d", - "8.2", - "8.2.1", - "8.2.1.a" - ], - "CIS-1.4": [ - "2.1.1" - ], - "GxP-EU-Annex-11": [ - "7.1-data-storage-damage-protection" - ], - "CCC": [ - "CCC.Core.CN02.AR01" - ], - "GxP-21-CFR-Part-11": [ - "11.10-c", - "11.30" - ], - "CIS-1.5": [ - "2.1.1" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP03" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "NIST-800-53-Revision-4": [ - "sc_28" - ], - "KISA-ISMS-P-2023": [ - "2.7.1", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1119", - "T1530" - ], - "CISA": [ - "your-systems-3", - "your-data-1", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Check if S3 buckets have default encryption (SSE) enabled or use a bucket policy to enforce it.", - "title": "Check if S3 buckets have default encryption (SSE) enabled or use a bucket policy to enforce it.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_default_encryption-211203495394-us-east-1-test-bucket-obj-untrusted" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::test-bucket-obj-untrusted", - "name": "test-bucket-obj-untrusted", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": null, - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "us-east-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "test-bucket-obj-untrusted", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::test-bucket-obj-untrusted" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Ensure that S3 buckets have encryption at rest enabled.", - "references": [ - "https://aws.amazon.com/blogs/security/how-to-prevent-uploads-of-unencrypted-objects-to-amazon-s3/" - ] - }, - "risk_details": "Amazon S3 default encryption provides a way to set the default encryption behavior for an S3 bucket. This will ensure data-at-rest is encrypted.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket test-bucket-untrusted-kms has Server Side Encryption with AES256.", - "metadata": { - "event_code": "s3_bucket_default_encryption", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 Bucket test-bucket-untrusted-kms has Server Side Encryption with AES256.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_3_8", - "3_5_10", - "3_13_11", - "3_13_16" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_1_3" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_308_a_4_ii_a", - "164_312_a_2_iv", - "164_312_c_1", - "164_312_c_2", - "164_312_e_2_ii" - ], - "C5-2025": [ - "OPS-31.01B", - "IAM-07.03B", - "CRY-01.02AC", - "CRY-05.01AC", - "PSS-12.02B" - ], - "NIST-CSF-1.1": [ - "ds_1" - ], - "FedRamp-Moderate-Revision-4": [ - "sc-13", - "sc-28" - ], - "NIST-800-53-Revision-5": [ - "au_9_3", - "cm_6_a", - "cm_9_b", - "cp_9_d", - "cp_9_8", - "pm_11_b", - "sc_8_3", - "sc_8_4", - "sc_13_a", - "sc_16_1", - "sc_28_1", - "si_19_4" - ], - "ENS-RD2022": [ - "mp.si.2.aws.s3.1" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.1", - "2.10.2" - ], - "PCI-4.0": [ - "3.5.1.30", - "8.3.2.48" - ], - "FedRAMP-Low-Revision-4": [ - "sc-13" - ], - "FFIEC": [ - "d3-pc-am-b-12" - ], - "GDPR": [ - "article_32" - ], - "PCI-3.2.1": [ - "3.4", - "3.4.1", - "3.4.1.a", - "3.4.1.c", - "3.4.a", - "3.4.b", - "3.4.d", - "8.2", - "8.2.1", - "8.2.1.a" - ], - "CIS-1.4": [ - "2.1.1" - ], - "GxP-EU-Annex-11": [ - "7.1-data-storage-damage-protection" - ], - "CCC": [ - "CCC.Core.CN02.AR01" - ], - "GxP-21-CFR-Part-11": [ - "11.10-c", - "11.30" - ], - "CIS-1.5": [ - "2.1.1" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP03" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "NIST-800-53-Revision-4": [ - "sc_28" - ], - "KISA-ISMS-P-2023": [ - "2.7.1", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1119", - "T1530" - ], - "CISA": [ - "your-systems-3", - "your-data-1", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Check if S3 buckets have default encryption (SSE) enabled or use a bucket policy to enforce it.", - "title": "Check if S3 buckets have default encryption (SSE) enabled or use a bucket policy to enforce it.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_default_encryption-211203495394-us-east-1-test-bucket-untrusted-kms" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::test-bucket-untrusted-kms", - "name": "test-bucket-untrusted-kms", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "us-east-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "test-bucket-untrusted-kms", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::test-bucket-untrusted-kms" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Ensure that S3 buckets have encryption at rest enabled.", - "references": [ - "https://aws.amazon.com/blogs/security/how-to-prevent-uploads-of-unencrypted-objects-to-amazon-s3/" - ] - }, - "risk_details": "Amazon S3 default encryption provides a way to set the default encryption behavior for an S3 bucket. This will ensure data-at-rest is encrypted.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket test-bucket-obj-untrusted does not have event notifications enabled.", - "metadata": { - "event_code": "s3_bucket_event_notifications_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "S3 Bucket test-bucket-obj-untrusted does not have event notifications enabled.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonS3/latest/userguide/notification-how-to-event-types-and-destinations.html#supported-notification-event-types", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OPS-13.01AC", - "OPS-13.03AC" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2", - "2.11.3" - ], - "PCI-4.0": [ - "11.5.2.5", - "11.6.1.5", - "12.10.5.5", - "A3.3.1.8", - "A3.5.1.8" - ], - "KISA-ISMS-P-2023": [ - "2.10.2", - "2.11.3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure whether S3 buckets have event notifications enabled.", - "title": "Check if S3 buckets have event notifications enabled.", - "types": [ - "Software and Configuration Checks/Industry and Regulatory Standards/NIST 800-53 Controls" - ], - "uid": "prowler-aws-s3_bucket_event_notifications_enabled-211203495394-us-east-1-test-bucket-obj-untrusted" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::test-bucket-obj-untrusted", - "name": "test-bucket-obj-untrusted", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": null, - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "us-east-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "test-bucket-obj-untrusted", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::test-bucket-obj-untrusted" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Enable event notifications for all S3 general-purpose buckets to monitor important events such as object creation, deletion, tagging, and lifecycle events, ensuring visibility and quick action on relevant changes.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/EventNotifications.html" - ] - }, - "risk_details": "Without event notifications, important actions on S3 buckets may go unnoticed, leading to missed opportunities for timely response to critical changes, such as object creation, deletion, or updates that could impact data security and availability.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket test-bucket-untrusted-kms does not have event notifications enabled.", - "metadata": { - "event_code": "s3_bucket_event_notifications_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "S3 Bucket test-bucket-untrusted-kms does not have event notifications enabled.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonS3/latest/userguide/notification-how-to-event-types-and-destinations.html#supported-notification-event-types", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OPS-13.01AC", - "OPS-13.03AC" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2", - "2.11.3" - ], - "PCI-4.0": [ - "11.5.2.5", - "11.6.1.5", - "12.10.5.5", - "A3.3.1.8", - "A3.5.1.8" - ], - "KISA-ISMS-P-2023": [ - "2.10.2", - "2.11.3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure whether S3 buckets have event notifications enabled.", - "title": "Check if S3 buckets have event notifications enabled.", - "types": [ - "Software and Configuration Checks/Industry and Regulatory Standards/NIST 800-53 Controls" - ], - "uid": "prowler-aws-s3_bucket_event_notifications_enabled-211203495394-us-east-1-test-bucket-untrusted-kms" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::test-bucket-untrusted-kms", - "name": "test-bucket-untrusted-kms", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "us-east-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "test-bucket-untrusted-kms", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::test-bucket-untrusted-kms" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Enable event notifications for all S3 general-purpose buckets to monitor important events such as object creation, deletion, tagging, and lifecycle events, ensuring visibility and quick action on relevant changes.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/EventNotifications.html" - ] - }, - "risk_details": "Without event notifications, important actions on S3 buckets may go unnoticed, leading to missed opportunities for timely response to critical changes, such as object creation, deletion, or updates that could impact data security and availability.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Server Side Encryption is not configured with kms for S3 Bucket test-bucket-obj-untrusted.", - "metadata": { - "event_code": "s3_bucket_kms_encryption", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Server Side Encryption is not configured with kms for S3 Bucket test-bucket-obj-untrusted.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingKMSEncryption.html", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "OPS-31.01B", - "IAM-07.03B", - "CRY-01.02AC", - "CRY-05.02B", - "CRY-05.01AC", - "PSS-12.02B" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.2" - ], - "PCI-4.0": [ - "3.5.1.31", - "8.3.2.50" - ], - "PCI-3.2.1": [ - "3.4", - "3.4.1", - "3.4.1.a", - "3.4.1.c", - "3.4.a", - "3.4.b", - "3.4.d", - "8.2", - "8.2.1", - "8.2.1.a" - ], - "CCC": [ - "CCC.ObjStor.CN01.AR01", - "CCC.ObjStor.CN01.AR03", - "CCC.Core.CN02.AR01" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.17" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Check if S3 buckets have KMS encryption enabled.", - "title": "Check if S3 buckets have KMS encryption enabled.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_kms_encryption-211203495394-us-east-1-test-bucket-obj-untrusted" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::test-bucket-obj-untrusted", - "name": "test-bucket-obj-untrusted", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": null, - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "us-east-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "test-bucket-obj-untrusted", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::test-bucket-obj-untrusted" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Ensure that S3 buckets have encryption at rest enabled using KMS.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingKMSEncryption.html" - ] - }, - "risk_details": "Amazon S3 KMS encryption provides a way to set the encryption behavior for an S3 bucket using a managed key. This will ensure data-at-rest is encrypted.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Server Side Encryption is not configured with kms for S3 Bucket test-bucket-untrusted-kms.", - "metadata": { - "event_code": "s3_bucket_kms_encryption", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Server Side Encryption is not configured with kms for S3 Bucket test-bucket-untrusted-kms.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingKMSEncryption.html", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "OPS-31.01B", - "IAM-07.03B", - "CRY-01.02AC", - "CRY-05.02B", - "CRY-05.01AC", - "PSS-12.02B" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.2" - ], - "PCI-4.0": [ - "3.5.1.31", - "8.3.2.50" - ], - "PCI-3.2.1": [ - "3.4", - "3.4.1", - "3.4.1.a", - "3.4.1.c", - "3.4.a", - "3.4.b", - "3.4.d", - "8.2", - "8.2.1", - "8.2.1.a" - ], - "CCC": [ - "CCC.ObjStor.CN01.AR01", - "CCC.ObjStor.CN01.AR03", - "CCC.Core.CN02.AR01" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.17" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Check if S3 buckets have KMS encryption enabled.", - "title": "Check if S3 buckets have KMS encryption enabled.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_kms_encryption-211203495394-us-east-1-test-bucket-untrusted-kms" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::test-bucket-untrusted-kms", - "name": "test-bucket-untrusted-kms", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "us-east-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "test-bucket-untrusted-kms", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::test-bucket-untrusted-kms" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Ensure that S3 buckets have encryption at rest enabled using KMS.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingKMSEncryption.html" - ] - }, - "risk_details": "Amazon S3 KMS encryption provides a way to set the encryption behavior for an S3 bucket using a managed key. This will ensure data-at-rest is encrypted.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Block Public Access is configured for the S3 Bucket test-bucket-obj-untrusted.", - "metadata": { - "event_code": "s3_bucket_level_public_access_block", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Block Public Access is configured for the S3 Bucket test-bucket-obj-untrusted.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "PS-03.02B", - "IAM-10.01B", - "COS-02.01B" - ], - "CIS-3.0": [ - "2.1.4" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.1", - "2.6.2", - "2.10.2" - ], - "CIS-4.0.1": [ - "2.1.4" - ], - "CIS-5.0": [ - "2.1.4" - ], - "CIS-1.4": [ - "2.1.5" - ], - "CCC": [ - "CCC.Logging.CN05.AR01" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.8" - ], - "CIS-1.5": [ - "2.1.5" - ], - "AWS-Account-Security-Onboarding": [ - "S3 Block Public Access" - ], - "KISA-ISMS-P-2023": [ - "2.6.1", - "2.6.2", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1530" - ], - "CIS-2.0": [ - "2.1.4" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Check S3 Bucket Level Public Access Block.", - "title": "Check S3 Bucket Level Public Access Block.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_level_public_access_block-211203495394-us-east-1-test-bucket-obj-untrusted" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::test-bucket-obj-untrusted", - "name": "test-bucket-obj-untrusted", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": null, - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "us-east-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "test-bucket-obj-untrusted", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::test-bucket-obj-untrusted" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "You can enable Public Access Block at the bucket level to prevent the exposure of your data stored in S3.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html" - ] - }, - "risk_details": "Public access policies may be applied to sensitive data buckets.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Block Public Access is configured for the S3 Bucket test-bucket-untrusted-kms.", - "metadata": { - "event_code": "s3_bucket_level_public_access_block", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Block Public Access is configured for the S3 Bucket test-bucket-untrusted-kms.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "PS-03.02B", - "IAM-10.01B", - "COS-02.01B" - ], - "CIS-3.0": [ - "2.1.4" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.1", - "2.6.2", - "2.10.2" - ], - "CIS-4.0.1": [ - "2.1.4" - ], - "CIS-5.0": [ - "2.1.4" - ], - "CIS-1.4": [ - "2.1.5" - ], - "CCC": [ - "CCC.Logging.CN05.AR01" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.8" - ], - "CIS-1.5": [ - "2.1.5" - ], - "AWS-Account-Security-Onboarding": [ - "S3 Block Public Access" - ], - "KISA-ISMS-P-2023": [ - "2.6.1", - "2.6.2", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1530" - ], - "CIS-2.0": [ - "2.1.4" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Check S3 Bucket Level Public Access Block.", - "title": "Check S3 Bucket Level Public Access Block.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_level_public_access_block-211203495394-us-east-1-test-bucket-untrusted-kms" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::test-bucket-untrusted-kms", - "name": "test-bucket-untrusted-kms", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "us-east-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "test-bucket-untrusted-kms", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::test-bucket-untrusted-kms" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "You can enable Public Access Block at the bucket level to prevent the exposure of your data stored in S3.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html" - ] - }, - "risk_details": "Public access policies may be applied to sensitive data buckets.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket test-bucket-obj-untrusted does not have a lifecycle configuration enabled.", - "metadata": { - "event_code": "s3_bucket_lifecycle_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "S3 Bucket test-bucket-obj-untrusted does not have a lifecycle configuration enabled.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lifecycle-mgmt.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OPS-32.02B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.3", - "2.12.1" - ], - "PCI-4.0": [ - "10.5.1.12", - "10.5.1.13", - "3.2.1.8", - "3.2.1.9", - "3.3.1.1.8", - "3.3.1.1.9", - "3.3.1.3.8", - "3.3.1.3.9", - "3.3.2.8", - "3.3.2.9", - "3.3.3.8", - "3.3.3.9" - ], - "PCI-3.2.1": [ - "3.1", - "3.1.a", - "3.2", - "3.2.c", - "10.7", - "10.7.a" - ], - "CCC": [ - "CCC.AuditLog.CN06.AR01", - "CCC.CntrReg.CN02.AR01", - "CCC.ObjStor.CN03.AR01", - "CCC.ObjStor.CN03.AR02" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.13" - ], - "ISO27001-2022": [ - "A.8.10" - ], - "KISA-ISMS-P-2023": [ - "2.9.3", - "2.12.1" - ], - "NIS2": [ - "12.2.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Check if S3 buckets have Lifecycle configuration enabled.", - "title": "Check if S3 buckets have a Lifecycle configuration enabled", - "types": [ - "AWS Foundational Security Best Practices" - ], - "uid": "prowler-aws-s3_bucket_lifecycle_enabled-211203495394-us-east-1-test-bucket-obj-untrusted" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::test-bucket-obj-untrusted", - "name": "test-bucket-obj-untrusted", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": null, - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "us-east-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "test-bucket-obj-untrusted", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::test-bucket-obj-untrusted" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Enable lifecycle policies on your S3 buckets to automatically manage the transition and expiration of data.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/how-to-set-lifecycle-configuration-intro.html" - ] - }, - "risk_details": "The risks of not having lifecycle management enabled for S3 buckets include higher storage costs, unmanaged data retention, and potential non-compliance with data policies.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket test-bucket-untrusted-kms does not have a lifecycle configuration enabled.", - "metadata": { - "event_code": "s3_bucket_lifecycle_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "S3 Bucket test-bucket-untrusted-kms does not have a lifecycle configuration enabled.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lifecycle-mgmt.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OPS-32.02B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.3", - "2.12.1" - ], - "PCI-4.0": [ - "10.5.1.12", - "10.5.1.13", - "3.2.1.8", - "3.2.1.9", - "3.3.1.1.8", - "3.3.1.1.9", - "3.3.1.3.8", - "3.3.1.3.9", - "3.3.2.8", - "3.3.2.9", - "3.3.3.8", - "3.3.3.9" - ], - "PCI-3.2.1": [ - "3.1", - "3.1.a", - "3.2", - "3.2.c", - "10.7", - "10.7.a" - ], - "CCC": [ - "CCC.AuditLog.CN06.AR01", - "CCC.CntrReg.CN02.AR01", - "CCC.ObjStor.CN03.AR01", - "CCC.ObjStor.CN03.AR02" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.13" - ], - "ISO27001-2022": [ - "A.8.10" - ], - "KISA-ISMS-P-2023": [ - "2.9.3", - "2.12.1" - ], - "NIS2": [ - "12.2.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Check if S3 buckets have Lifecycle configuration enabled.", - "title": "Check if S3 buckets have a Lifecycle configuration enabled", - "types": [ - "AWS Foundational Security Best Practices" - ], - "uid": "prowler-aws-s3_bucket_lifecycle_enabled-211203495394-us-east-1-test-bucket-untrusted-kms" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::test-bucket-untrusted-kms", - "name": "test-bucket-untrusted-kms", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "us-east-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "test-bucket-untrusted-kms", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::test-bucket-untrusted-kms" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Enable lifecycle policies on your S3 buckets to automatically manage the transition and expiration of data.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/how-to-set-lifecycle-configuration-intro.html" - ] - }, - "risk_details": "The risks of not having lifecycle management enabled for S3 buckets include higher storage costs, unmanaged data retention, and potential non-compliance with data policies.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket test-bucket-obj-untrusted has MFA Delete disabled.", - "metadata": { - "event_code": "s3_bucket_no_mfa_delete", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "S3 Bucket test-bucket-obj-untrusted has MFA Delete disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "AM-07.02B", - "OPS-16.01B", - "IAM-04.06B", - "IAM-09.02B", - "IAM-09.01AC", - "PSS-05.01B", - "PSS-07.02B" - ], - "CIS-3.0": [ - "2.1.2" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.3", - "2.10.2" - ], - "CIS-4.0.1": [ - "2.1.2" - ], - "PCI-4.0": [ - "10.3.2.22", - "3.5.1.3.27", - "8.4.1.5", - "8.4.2.5", - "8.4.3.5", - "A1.1.2.18", - "A3.4.1.20" - ], - "CIS-5.0": [ - "2.1.2" - ], - "CIS-1.4": [ - "2.1.3" - ], - "ProwlerThreatScore-1.0": [ - "2.2.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.20" - ], - "CIS-1.5": [ - "2.1.3" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP02" - ], - "KISA-ISMS-P-2023": [ - "2.5.3", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1485" - ], - "CIS-2.0": [ - "2.1.2" - ], - "NIS2": [ - "11.7.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Check if S3 bucket MFA Delete is not enabled.", - "title": "Check if S3 bucket MFA Delete is not enabled.", - "types": [ - "Logging and Monitoring" - ], - "uid": "prowler-aws-s3_bucket_no_mfa_delete-211203495394-us-east-1-test-bucket-obj-untrusted" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::test-bucket-obj-untrusted", - "name": "test-bucket-obj-untrusted", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": null, - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "us-east-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "test-bucket-obj-untrusted", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::test-bucket-obj-untrusted" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Adding MFA delete to an S3 bucket, requires additional authentication when you change the version state of your bucket or you delete and object version adding another layer of security in the event your security credentials are compromised or unauthorized access is granted.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/MultiFactorAuthenticationDelete.html" - ] - }, - "risk_details": "Your security credentials are compromised or unauthorized access is granted.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket test-bucket-untrusted-kms has MFA Delete disabled.", - "metadata": { - "event_code": "s3_bucket_no_mfa_delete", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "S3 Bucket test-bucket-untrusted-kms has MFA Delete disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "AM-07.02B", - "OPS-16.01B", - "IAM-04.06B", - "IAM-09.02B", - "IAM-09.01AC", - "PSS-05.01B", - "PSS-07.02B" - ], - "CIS-3.0": [ - "2.1.2" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.3", - "2.10.2" - ], - "CIS-4.0.1": [ - "2.1.2" - ], - "PCI-4.0": [ - "10.3.2.22", - "3.5.1.3.27", - "8.4.1.5", - "8.4.2.5", - "8.4.3.5", - "A1.1.2.18", - "A3.4.1.20" - ], - "CIS-5.0": [ - "2.1.2" - ], - "CIS-1.4": [ - "2.1.3" - ], - "ProwlerThreatScore-1.0": [ - "2.2.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.20" - ], - "CIS-1.5": [ - "2.1.3" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP02" - ], - "KISA-ISMS-P-2023": [ - "2.5.3", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1485" - ], - "CIS-2.0": [ - "2.1.2" - ], - "NIS2": [ - "11.7.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Check if S3 bucket MFA Delete is not enabled.", - "title": "Check if S3 bucket MFA Delete is not enabled.", - "types": [ - "Logging and Monitoring" - ], - "uid": "prowler-aws-s3_bucket_no_mfa_delete-211203495394-us-east-1-test-bucket-untrusted-kms" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::test-bucket-untrusted-kms", - "name": "test-bucket-untrusted-kms", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "us-east-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "test-bucket-untrusted-kms", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::test-bucket-untrusted-kms" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Adding MFA delete to an S3 bucket, requires additional authentication when you change the version state of your bucket or you delete and object version adding another layer of security in the event your security credentials are compromised or unauthorized access is granted.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/MultiFactorAuthenticationDelete.html" - ] - }, - "risk_details": "Your security credentials are compromised or unauthorized access is granted.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket test-bucket-obj-untrusted has Object Lock disabled.", - "metadata": { - "event_code": "s3_bucket_object_lock", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "S3 Bucket test-bucket-obj-untrusted has Object Lock disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.3", - "2.12.1" - ], - "PCI-4.0": [ - "10.3.4.7" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN08.AR01", - "CCC.AuditLog.CN08.AR01", - "CCC.ObjStor.CN03.AR01", - "CCC.ObjStor.CN04.AR01", - "CCC.ObjStor.CN05.AR01", - "CCC.ObjStor.CN05.AR02" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.15" - ], - "KISA-ISMS-P-2023": [ - "2.9.3", - "2.12.1" - ], - "MITRE-ATTACK": [ - "T1485", - "T1486" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Check if S3 buckets have object lock enabled", - "title": "Check if S3 buckets have object lock enabled", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_object_lock-211203495394-us-east-1-test-bucket-obj-untrusted" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::test-bucket-obj-untrusted", - "name": "test-bucket-obj-untrusted", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": null, - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "us-east-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "test-bucket-obj-untrusted", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::test-bucket-obj-untrusted" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Ensure that your Amazon S3 buckets have Object Lock feature enabled in order to prevent the objects they store from being deleted.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lock-overview.html" - ] - }, - "risk_details": "Store objects using a write-once-read-many (WORM) model to help you prevent objects from being deleted or overwritten for a fixed amount of time or indefinitely. That helps to prevent ransomware attacks.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket test-bucket-untrusted-kms has Object Lock disabled.", - "metadata": { - "event_code": "s3_bucket_object_lock", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "S3 Bucket test-bucket-untrusted-kms has Object Lock disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.3", - "2.12.1" - ], - "PCI-4.0": [ - "10.3.4.7" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN08.AR01", - "CCC.AuditLog.CN08.AR01", - "CCC.ObjStor.CN03.AR01", - "CCC.ObjStor.CN04.AR01", - "CCC.ObjStor.CN05.AR01", - "CCC.ObjStor.CN05.AR02" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.15" - ], - "KISA-ISMS-P-2023": [ - "2.9.3", - "2.12.1" - ], - "MITRE-ATTACK": [ - "T1485", - "T1486" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Check if S3 buckets have object lock enabled", - "title": "Check if S3 buckets have object lock enabled", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_object_lock-211203495394-us-east-1-test-bucket-untrusted-kms" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::test-bucket-untrusted-kms", - "name": "test-bucket-untrusted-kms", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "us-east-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "test-bucket-untrusted-kms", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::test-bucket-untrusted-kms" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Ensure that your Amazon S3 buckets have Object Lock feature enabled in order to prevent the objects they store from being deleted.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lock-overview.html" - ] - }, - "risk_details": "Store objects using a write-once-read-many (WORM) model to help you prevent objects from being deleted or overwritten for a fixed amount of time or indefinitely. That helps to prevent ransomware attacks.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket test-bucket-obj-untrusted has versioning disabled.", - "metadata": { - "event_code": "s3_bucket_object_versioning", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "S3 Bucket test-bucket-obj-untrusted has versioning disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_3_8" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_12" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_308_a_7_i", - "164_308_a_7_ii_a", - "164_308_a_7_ii_b", - "164_308_a_7_ii_c", - "164_312_a_2_ii", - "164_312_c_1", - "164_312_c_2" - ], - "SOC2": [ - "cc_7_4", - "cc_a_1_1", - "cc_c_1_2" - ], - "C5-2025": [ - "OPS-13.01AC", - "OPS-33.02B", - "DEV-07.01B" - ], - "NIST-CSF-1.1": [ - "be_5", - "ds_4", - "ip_4", - "ip_9", - "pt_5", - "rp_1", - "rp_1" - ], - "FedRamp-Moderate-Revision-4": [ - "au-9-2", - "cp-9-b", - "cp-10", - "sc-5", - "si-12" - ], - "NIST-800-53-Revision-5": [ - "au_9_2", - "cp_1_2", - "cp_2_5", - "cp_6_a", - "cp_6_1", - "cp_6_2", - "cp_9_a", - "cp_9_b", - "cp_9_c", - "cp_10", - "cp_10_2", - "pm_11_b", - "pm_17_b", - "sc_5_2", - "sc_16_1", - "si_1_a_2", - "si_13_5" - ], - "AWS-Audit-Manager-Control-Tower-Guardrails": [ - "5.1.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.3", - "2.12.1" - ], - "PCI-4.0": [ - "10.3.4.9" - ], - "FedRAMP-Low-Revision-4": [ - "au-9", - "cp-9", - "cp-10", - "sc-5" - ], - "FFIEC": [ - "d5-ir-pl-b-6" - ], - "PCI-3.2.1": [ - "3.1", - "3.1.c", - "10.5", - "10.5.2", - "10.5.3", - "10.5.5" - ], - "GxP-EU-Annex-11": [ - "5-data", - "7.1-data-storage-damage-protection", - "7.2-data-storage-backups", - "16-business-continuity", - "17-archiving", - "4.8-validation-data-transfer" - ], - "CCC": [ - "CCC.ObjStor.CN03.AR01", - "CCC.ObjStor.CN03.AR02", - "CCC.ObjStor.CN04.AR01", - "CCC.ObjStor.CN05.AR01", - "CCC.ObjStor.CN05.AR02", - "CCC.ObjStor.CN05.AR03", - "CCC.ObjStor.CN05.AR04" - ], - "GxP-21-CFR-Part-11": [ - "11.10-a", - "11.10-c" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.14" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP04" - ], - "ISO27001-2022": [ - "A.8.3", - "A.8.10" - ], - "NIST-800-53-Revision-4": [ - "cp_10", - "si_12" - ], - "KISA-ISMS-P-2023": [ - "2.9.3", - "2.12.1" - ], - "MITRE-ATTACK": [ - "T1485", - "T1486" - ], - "CISA": [ - "your-systems-3", - "your-data-4", - "booting-up-thing-to-do-first-1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Check if S3 buckets have object versioning enabled", - "title": "Check if S3 buckets have object versioning enabled", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_object_versioning-211203495394-us-east-1-test-bucket-obj-untrusted" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::test-bucket-obj-untrusted", - "name": "test-bucket-obj-untrusted", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": null, - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "us-east-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "test-bucket-obj-untrusted", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::test-bucket-obj-untrusted" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Configure versioning using the Amazon console or API for buckets with sensitive information that is changing frequently, and backup may not be enough to capture all the changes.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/dev-retired/Versioning.html" - ] - }, - "risk_details": "With versioning, you can easily recover from both unintended user actions and application failures.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket test-bucket-untrusted-kms has versioning disabled.", - "metadata": { - "event_code": "s3_bucket_object_versioning", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "S3 Bucket test-bucket-untrusted-kms has versioning disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_3_8" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_12" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_308_a_7_i", - "164_308_a_7_ii_a", - "164_308_a_7_ii_b", - "164_308_a_7_ii_c", - "164_312_a_2_ii", - "164_312_c_1", - "164_312_c_2" - ], - "SOC2": [ - "cc_7_4", - "cc_a_1_1", - "cc_c_1_2" - ], - "C5-2025": [ - "OPS-13.01AC", - "OPS-33.02B", - "DEV-07.01B" - ], - "NIST-CSF-1.1": [ - "be_5", - "ds_4", - "ip_4", - "ip_9", - "pt_5", - "rp_1", - "rp_1" - ], - "FedRamp-Moderate-Revision-4": [ - "au-9-2", - "cp-9-b", - "cp-10", - "sc-5", - "si-12" - ], - "NIST-800-53-Revision-5": [ - "au_9_2", - "cp_1_2", - "cp_2_5", - "cp_6_a", - "cp_6_1", - "cp_6_2", - "cp_9_a", - "cp_9_b", - "cp_9_c", - "cp_10", - "cp_10_2", - "pm_11_b", - "pm_17_b", - "sc_5_2", - "sc_16_1", - "si_1_a_2", - "si_13_5" - ], - "AWS-Audit-Manager-Control-Tower-Guardrails": [ - "5.1.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.3", - "2.12.1" - ], - "PCI-4.0": [ - "10.3.4.9" - ], - "FedRAMP-Low-Revision-4": [ - "au-9", - "cp-9", - "cp-10", - "sc-5" - ], - "FFIEC": [ - "d5-ir-pl-b-6" - ], - "PCI-3.2.1": [ - "3.1", - "3.1.c", - "10.5", - "10.5.2", - "10.5.3", - "10.5.5" - ], - "GxP-EU-Annex-11": [ - "5-data", - "7.1-data-storage-damage-protection", - "7.2-data-storage-backups", - "16-business-continuity", - "17-archiving", - "4.8-validation-data-transfer" - ], - "CCC": [ - "CCC.ObjStor.CN03.AR01", - "CCC.ObjStor.CN03.AR02", - "CCC.ObjStor.CN04.AR01", - "CCC.ObjStor.CN05.AR01", - "CCC.ObjStor.CN05.AR02", - "CCC.ObjStor.CN05.AR03", - "CCC.ObjStor.CN05.AR04" - ], - "GxP-21-CFR-Part-11": [ - "11.10-a", - "11.10-c" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.14" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP04" - ], - "ISO27001-2022": [ - "A.8.3", - "A.8.10" - ], - "NIST-800-53-Revision-4": [ - "cp_10", - "si_12" - ], - "KISA-ISMS-P-2023": [ - "2.9.3", - "2.12.1" - ], - "MITRE-ATTACK": [ - "T1485", - "T1486" - ], - "CISA": [ - "your-systems-3", - "your-data-4", - "booting-up-thing-to-do-first-1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Check if S3 buckets have object versioning enabled", - "title": "Check if S3 buckets have object versioning enabled", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_object_versioning-211203495394-us-east-1-test-bucket-untrusted-kms" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::test-bucket-untrusted-kms", - "name": "test-bucket-untrusted-kms", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "us-east-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "test-bucket-untrusted-kms", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::test-bucket-untrusted-kms" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Configure versioning using the Amazon console or API for buckets with sensitive information that is changing frequently, and backup may not be enough to capture all the changes.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/dev-retired/Versioning.html" - ] - }, - "risk_details": "With versioning, you can easily recover from both unintended user actions and application failures.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket test-bucket-obj-untrusted does not have a bucket policy.", - "metadata": { - "event_code": "s3_bucket_policy_public_write_access", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 Bucket test-bucket-obj-untrusted does not have a bucket policy.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_1", - "3_1_2", - "3_1_3", - "3_3_8", - "3_4_6", - "3_13_2", - "3_13_5" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_1_3" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_308_a_3_i", - "164_312_a_1" - ], - "C5-2025": [ - "PS-03.02B", - "IAM-10.01B" - ], - "NIST-CSF-1.1": [ - "ac_3", - "ac_5", - "ds_5", - "ip_8", - "pt_3" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-3", - "ac-4", - "ac-6", - "ac-17-1", - "ac-21-b", - "cm-2", - "sc-4", - "sc-7-3", - "sc-7" - ], - "NIST-800-53-Revision-5": [ - "ac_2_6", - "ac_3", - "ac_3_7", - "ac_4_21", - "ac_6", - "ac_17_b", - "ac_17_1", - "ac_17_4_a", - "ac_17_9", - "ac_17_10", - "cm_6_a", - "cm_9_b", - "mp_2", - "sc_7_2", - "sc_7_3", - "sc_7_7", - "sc_7_9_a", - "sc_7_11", - "sc_7_12", - "sc_7_16", - "sc_7_20", - "sc_7_21", - "sc_7_24_b", - "sc_7_25", - "sc_7_26", - "sc_7_27", - "sc_7_28", - "sc_7_a", - "sc_7_b", - "sc_7_c", - "sc_25" - ], - "ENS-RD2022": [ - "op.acc.4.aws.iam.1", - "op.exp.8.r4.aws.ct.2" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "AWS-Audit-Manager-Control-Tower-Guardrails": [ - "4.1.2" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "FedRAMP-Low-Revision-4": [ - "ac-3", - "ac-17", - "cm-2", - "sc-7" - ], - "FFIEC": [ - "d3-pc-im-b-1" - ], - "PCI-3.2.1": [ - "1.2", - "1.2.1", - "1.2.1.a", - "1.2.1.b", - "1.2.1.c", - "1.3", - "1.3.1", - "1.3.2", - "1.3.4", - "1.3.6", - "7.2", - "7.2.1" - ], - "CCC": [ - "CCC.AuditLog.CN10.AR02", - "CCC.Core.CN05.AR05" - ], - "GxP-21-CFR-Part-11": [ - "11.10-c", - "11.10-d", - "11.10-g", - "11.10-k" - ], - "ProwlerThreatScore-1.0": [ - "2.2.15" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.3" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC03-BP07" - ], - "ISO27001-2022": [ - "A.8.1" - ], - "NIST-800-53-Revision-4": [ - "ac_3", - "ac_4", - "ac_6", - "ac_21", - "sc_7_3", - "sc_7" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1485", - "T1486" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Check if S3 buckets have policies which allow WRITE access.", - "title": "Check if S3 buckets have policies which allow WRITE access.", - "types": [ - "IAM" - ], - "uid": "prowler-aws-s3_bucket_policy_public_write_access-211203495394-us-east-1-test-bucket-obj-untrusted" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::test-bucket-obj-untrusted", - "name": "test-bucket-obj-untrusted", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": null, - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "us-east-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "test-bucket-obj-untrusted", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::test-bucket-obj-untrusted" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Ensure proper bucket policy is in place with the least privilege principle applied.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_examples_s3_rw-bucket.html" - ] - }, - "risk_details": "Non intended users can put objects in a given bucket.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket test-bucket-untrusted-kms does not have a bucket policy.", - "metadata": { - "event_code": "s3_bucket_policy_public_write_access", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 Bucket test-bucket-untrusted-kms does not have a bucket policy.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_1", - "3_1_2", - "3_1_3", - "3_3_8", - "3_4_6", - "3_13_2", - "3_13_5" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_1_3" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_308_a_3_i", - "164_312_a_1" - ], - "C5-2025": [ - "PS-03.02B", - "IAM-10.01B" - ], - "NIST-CSF-1.1": [ - "ac_3", - "ac_5", - "ds_5", - "ip_8", - "pt_3" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-3", - "ac-4", - "ac-6", - "ac-17-1", - "ac-21-b", - "cm-2", - "sc-4", - "sc-7-3", - "sc-7" - ], - "NIST-800-53-Revision-5": [ - "ac_2_6", - "ac_3", - "ac_3_7", - "ac_4_21", - "ac_6", - "ac_17_b", - "ac_17_1", - "ac_17_4_a", - "ac_17_9", - "ac_17_10", - "cm_6_a", - "cm_9_b", - "mp_2", - "sc_7_2", - "sc_7_3", - "sc_7_7", - "sc_7_9_a", - "sc_7_11", - "sc_7_12", - "sc_7_16", - "sc_7_20", - "sc_7_21", - "sc_7_24_b", - "sc_7_25", - "sc_7_26", - "sc_7_27", - "sc_7_28", - "sc_7_a", - "sc_7_b", - "sc_7_c", - "sc_25" - ], - "ENS-RD2022": [ - "op.acc.4.aws.iam.1", - "op.exp.8.r4.aws.ct.2" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "AWS-Audit-Manager-Control-Tower-Guardrails": [ - "4.1.2" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "FedRAMP-Low-Revision-4": [ - "ac-3", - "ac-17", - "cm-2", - "sc-7" - ], - "FFIEC": [ - "d3-pc-im-b-1" - ], - "PCI-3.2.1": [ - "1.2", - "1.2.1", - "1.2.1.a", - "1.2.1.b", - "1.2.1.c", - "1.3", - "1.3.1", - "1.3.2", - "1.3.4", - "1.3.6", - "7.2", - "7.2.1" - ], - "CCC": [ - "CCC.AuditLog.CN10.AR02", - "CCC.Core.CN05.AR05" - ], - "GxP-21-CFR-Part-11": [ - "11.10-c", - "11.10-d", - "11.10-g", - "11.10-k" - ], - "ProwlerThreatScore-1.0": [ - "2.2.15" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.3" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC03-BP07" - ], - "ISO27001-2022": [ - "A.8.1" - ], - "NIST-800-53-Revision-4": [ - "ac_3", - "ac_4", - "ac_6", - "ac_21", - "sc_7_3", - "sc_7" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1485", - "T1486" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Check if S3 buckets have policies which allow WRITE access.", - "title": "Check if S3 buckets have policies which allow WRITE access.", - "types": [ - "IAM" - ], - "uid": "prowler-aws-s3_bucket_policy_public_write_access-211203495394-us-east-1-test-bucket-untrusted-kms" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::test-bucket-untrusted-kms", - "name": "test-bucket-untrusted-kms", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "us-east-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "test-bucket-untrusted-kms", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::test-bucket-untrusted-kms" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Ensure proper bucket policy is in place with the least privilege principle applied.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_examples_s3_rw-bucket.html" - ] - }, - "risk_details": "Non intended users can put objects in a given bucket.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket test-bucket-obj-untrusted is not public.", - "metadata": { - "event_code": "s3_bucket_public_access", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 Bucket test-bucket-obj-untrusted is not public.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_1", - "3_1_2", - "3_1_3", - "3_3_8", - "3_4_6", - "3_13_2", - "3_13_5" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_1_3" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_308_a_3_i", - "164_312_a_1", - "164_312_a_2_i" - ], - "SOC2": [ - "cc_6_1" - ], - "C5-2025": [ - "PS-03.02B", - "IAM-10.01B", - "COS-02.01B" - ], - "NIST-CSF-1.1": [ - "ac_3", - "ac_5", - "ds_5", - "ip_8", - "pt_3" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-3", - "ac-4", - "ac-6", - "ac-17-1", - "ac-21-b", - "cm-2", - "sc-4", - "sc-7-3", - "sc-7" - ], - "NIST-800-53-Revision-5": [ - "ac_2_6", - "ac_3", - "ac_3_7", - "ac_4_21", - "ac_6", - "ac_17_b", - "ac_17_1", - "ac_17_4_a", - "ac_17_9", - "ac_17_10", - "cm_6_a", - "cm_9_b", - "mp_2", - "sc_7_2", - "sc_7_3", - "sc_7_7", - "sc_7_9_a", - "sc_7_11", - "sc_7_12", - "sc_7_16", - "sc_7_20", - "sc_7_21", - "sc_7_24_b", - "sc_7_25", - "sc_7_26", - "sc_7_27", - "sc_7_28", - "sc_7_a", - "sc_7_b", - "sc_7_c", - "sc_25" - ], - "ENS-RD2022": [ - "op.exp.8.r4.aws.ct.2" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "AWS-Audit-Manager-Control-Tower-Guardrails": [ - "4.1.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.1", - "2.6.2", - "2.10.2" - ], - "PCI-4.0": [ - "1.2.8.33", - "1.2.8.34", - "1.3.1.37", - "1.3.1.38", - "1.3.2.37", - "1.3.2.38", - "1.4.2.35", - "1.4.2.36", - "1.5.1.33", - "1.5.1.34", - "10.3.2.21", - "10.3.2.23", - "10.3.3.23", - "10.3.4.8", - "3.5.1.3.26", - "3.5.1.3.28", - "A1.1.2.17", - "A1.1.2.19", - "A1.1.3.33", - "A1.1.3.34", - "A1.2.1.31", - "A3.4.1.19", - "A3.4.1.21" - ], - "FedRAMP-Low-Revision-4": [ - "ac-3", - "ac-17", - "cm-2", - "sc-7" - ], - "FFIEC": [ - "d3-pc-im-b-1" - ], - "CCC": [ - "CCC.AuditLog.CN09.AR01", - "CCC.AuditLog.CN10.AR02", - "CCC.Logging.CN05.AR01", - "CCC.Logging.CN05.AR02", - "CCC.ObjStor.CN02.AR02", - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05" - ], - "GxP-21-CFR-Part-11": [ - "11.10-c", - "11.10-d", - "11.10-g", - "11.10-k" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC03-BP07" - ], - "ISO27001-2022": [ - "A.8.1" - ], - "NIST-800-53-Revision-4": [ - "ac_3", - "ac_4", - "ac_6", - "ac_21", - "sc_7_3", - "sc_7" - ], - "AWS-Account-Security-Onboarding": [ - "S3 Block Public Access" - ], - "KISA-ISMS-P-2023": [ - "2.6.1", - "2.6.2", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1530" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure there are no S3 buckets open to Everyone or Any AWS user.", - "title": "Ensure there are no S3 buckets open to Everyone or Any AWS user.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_public_access-211203495394-us-east-1-test-bucket-obj-untrusted" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::test-bucket-obj-untrusted", - "name": "test-bucket-obj-untrusted", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": null, - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "us-east-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "test-bucket-obj-untrusted", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::test-bucket-obj-untrusted" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "You can enable block public access settings only for access points, buckets and AWS accounts. Amazon S3 does not support block public access settings on a per-object basis. When you apply block public access settings to an account, the settings apply to all AWS Regions globally. The settings might not take effect in all Regions immediately or simultaneously, but they eventually propagate to all Regions.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html" - ] - }, - "risk_details": "Even if you enable all possible bucket ACL options available in the Amazon S3 console the ACL alone does not allow everyone to download objects from your bucket. Depending on which option you select any user could perform some actions.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket test-bucket-untrusted-kms is not public.", - "metadata": { - "event_code": "s3_bucket_public_access", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 Bucket test-bucket-untrusted-kms is not public.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_1", - "3_1_2", - "3_1_3", - "3_3_8", - "3_4_6", - "3_13_2", - "3_13_5" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_1_3" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_308_a_3_i", - "164_312_a_1", - "164_312_a_2_i" - ], - "SOC2": [ - "cc_6_1" - ], - "C5-2025": [ - "PS-03.02B", - "IAM-10.01B", - "COS-02.01B" - ], - "NIST-CSF-1.1": [ - "ac_3", - "ac_5", - "ds_5", - "ip_8", - "pt_3" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-3", - "ac-4", - "ac-6", - "ac-17-1", - "ac-21-b", - "cm-2", - "sc-4", - "sc-7-3", - "sc-7" - ], - "NIST-800-53-Revision-5": [ - "ac_2_6", - "ac_3", - "ac_3_7", - "ac_4_21", - "ac_6", - "ac_17_b", - "ac_17_1", - "ac_17_4_a", - "ac_17_9", - "ac_17_10", - "cm_6_a", - "cm_9_b", - "mp_2", - "sc_7_2", - "sc_7_3", - "sc_7_7", - "sc_7_9_a", - "sc_7_11", - "sc_7_12", - "sc_7_16", - "sc_7_20", - "sc_7_21", - "sc_7_24_b", - "sc_7_25", - "sc_7_26", - "sc_7_27", - "sc_7_28", - "sc_7_a", - "sc_7_b", - "sc_7_c", - "sc_25" - ], - "ENS-RD2022": [ - "op.exp.8.r4.aws.ct.2" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "AWS-Audit-Manager-Control-Tower-Guardrails": [ - "4.1.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.1", - "2.6.2", - "2.10.2" - ], - "PCI-4.0": [ - "1.2.8.33", - "1.2.8.34", - "1.3.1.37", - "1.3.1.38", - "1.3.2.37", - "1.3.2.38", - "1.4.2.35", - "1.4.2.36", - "1.5.1.33", - "1.5.1.34", - "10.3.2.21", - "10.3.2.23", - "10.3.3.23", - "10.3.4.8", - "3.5.1.3.26", - "3.5.1.3.28", - "A1.1.2.17", - "A1.1.2.19", - "A1.1.3.33", - "A1.1.3.34", - "A1.2.1.31", - "A3.4.1.19", - "A3.4.1.21" - ], - "FedRAMP-Low-Revision-4": [ - "ac-3", - "ac-17", - "cm-2", - "sc-7" - ], - "FFIEC": [ - "d3-pc-im-b-1" - ], - "CCC": [ - "CCC.AuditLog.CN09.AR01", - "CCC.AuditLog.CN10.AR02", - "CCC.Logging.CN05.AR01", - "CCC.Logging.CN05.AR02", - "CCC.ObjStor.CN02.AR02", - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05" - ], - "GxP-21-CFR-Part-11": [ - "11.10-c", - "11.10-d", - "11.10-g", - "11.10-k" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC03-BP07" - ], - "ISO27001-2022": [ - "A.8.1" - ], - "NIST-800-53-Revision-4": [ - "ac_3", - "ac_4", - "ac_6", - "ac_21", - "sc_7_3", - "sc_7" - ], - "AWS-Account-Security-Onboarding": [ - "S3 Block Public Access" - ], - "KISA-ISMS-P-2023": [ - "2.6.1", - "2.6.2", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1530" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure there are no S3 buckets open to Everyone or Any AWS user.", - "title": "Ensure there are no S3 buckets open to Everyone or Any AWS user.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_public_access-211203495394-us-east-1-test-bucket-untrusted-kms" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::test-bucket-untrusted-kms", - "name": "test-bucket-untrusted-kms", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "us-east-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "test-bucket-untrusted-kms", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::test-bucket-untrusted-kms" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "You can enable block public access settings only for access points, buckets and AWS accounts. Amazon S3 does not support block public access settings on a per-object basis. When you apply block public access settings to an account, the settings apply to all AWS Regions globally. The settings might not take effect in all Regions immediately or simultaneously, but they eventually propagate to all Regions.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html" - ] - }, - "risk_details": "Even if you enable all possible bucket ACL options available in the Amazon S3 console the ACL alone does not allow everyone to download objects from your bucket. Depending on which option you select any user could perform some actions.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket test-bucket-obj-untrusted is not publicly listable.", - "metadata": { - "event_code": "s3_bucket_public_list_acl", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 Bucket test-bucket-obj-untrusted is not publicly listable.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "PS-03.02B" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "AWS-Audit-Manager-Control-Tower-Guardrails": [ - "4.1.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "CCC": [ - "CCC.AuditLog.CN10.AR01", - "CCC.AuditLog.CN10.AR02", - "CCC.Logging.CN05.AR01", - "CCC.Logging.CN05.AR02", - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR05" - ], - "ProwlerThreatScore-1.0": [ - "2.2.16" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure there are no S3 buckets listable by Everyone or Any AWS customer.", - "title": "Ensure there are no S3 buckets listable by Everyone or Any AWS customer.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_public_list_acl-211203495394-us-east-1-test-bucket-obj-untrusted" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::test-bucket-obj-untrusted", - "name": "test-bucket-obj-untrusted", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": null, - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "us-east-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "test-bucket-obj-untrusted", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::test-bucket-obj-untrusted" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "You can enable block public access settings only for access points, buckets and AWS accounts. Amazon S3 does not support block public access settings on a per-object basis. When you apply block public access settings to an account, the settings apply to all AWS Regions globally. The settings might not take effect in all Regions immediately or simultaneously, but they eventually propagate to all Regions.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html" - ] - }, - "risk_details": "Even if you enable all possible bucket ACL options available in the Amazon S3 console the ACL alone does not allow everyone to download objects from your bucket. Depending on which option you select any user could perform some actions.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket test-bucket-untrusted-kms is not publicly listable.", - "metadata": { - "event_code": "s3_bucket_public_list_acl", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 Bucket test-bucket-untrusted-kms is not publicly listable.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "PS-03.02B" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "AWS-Audit-Manager-Control-Tower-Guardrails": [ - "4.1.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "CCC": [ - "CCC.AuditLog.CN10.AR01", - "CCC.AuditLog.CN10.AR02", - "CCC.Logging.CN05.AR01", - "CCC.Logging.CN05.AR02", - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR05" - ], - "ProwlerThreatScore-1.0": [ - "2.2.16" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure there are no S3 buckets listable by Everyone or Any AWS customer.", - "title": "Ensure there are no S3 buckets listable by Everyone or Any AWS customer.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_public_list_acl-211203495394-us-east-1-test-bucket-untrusted-kms" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::test-bucket-untrusted-kms", - "name": "test-bucket-untrusted-kms", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "us-east-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "test-bucket-untrusted-kms", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::test-bucket-untrusted-kms" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "You can enable block public access settings only for access points, buckets and AWS accounts. Amazon S3 does not support block public access settings on a per-object basis. When you apply block public access settings to an account, the settings apply to all AWS Regions globally. The settings might not take effect in all Regions immediately or simultaneously, but they eventually propagate to all Regions.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html" - ] - }, - "risk_details": "Even if you enable all possible bucket ACL options available in the Amazon S3 console the ACL alone does not allow everyone to download objects from your bucket. Depending on which option you select any user could perform some actions.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket test-bucket-obj-untrusted is not publicly writable.", - "metadata": { - "event_code": "s3_bucket_public_write_acl", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 Bucket test-bucket-obj-untrusted is not publicly writable.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "PS-03.02B" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "PCI-4.0": [ - "1.2.8.35", - "1.3.1.39", - "1.3.2.39", - "1.4.2.37", - "1.5.1.35", - "10.3.2.24", - "3.5.1.3.29", - "A1.1.2.20", - "A1.1.3.35", - "A3.4.1.22" - ], - "PCI-3.2.1": [ - "1.2", - "1.2.1", - "1.2.1.a", - "1.2.1.b", - "1.2.1.c", - "1.3", - "1.3.1", - "1.3.2", - "1.3.4", - "1.3.6", - "7.2", - "7.2.1" - ], - "CCC": [ - "CCC.AuditLog.CN10.AR01", - "CCC.AuditLog.CN10.AR02", - "CCC.Logging.CN05.AR01", - "CCC.Logging.CN05.AR02", - "CCC.ObjStor.CN02.AR01", - "CCC.ObjStor.CN02.AR02", - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR05" - ], - "ProwlerThreatScore-1.0": [ - "2.2.17" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.3" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure there are no S3 buckets writable by Everyone or Any AWS customer.", - "title": "Ensure there are no S3 buckets writable by Everyone or Any AWS customer.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_public_write_acl-211203495394-us-east-1-test-bucket-obj-untrusted" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::test-bucket-obj-untrusted", - "name": "test-bucket-obj-untrusted", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": null, - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "us-east-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "test-bucket-obj-untrusted", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::test-bucket-obj-untrusted" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "You can enable block public access settings only for access points, buckets and AWS accounts. Amazon S3 does not support block public access settings on a per-object basis. When you apply block public access settings to an account, the settings apply to all AWS Regions globally. The settings might not take effect in all Regions immediately or simultaneously, but they eventually propagate to all Regions.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html" - ] - }, - "risk_details": "Even if you enable all possible bucket ACL options available in the Amazon S3 console the ACL alone does not allow everyone to download objects from your bucket. Depending on which option you select any user could perform some actions.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket test-bucket-untrusted-kms is not publicly writable.", - "metadata": { - "event_code": "s3_bucket_public_write_acl", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 Bucket test-bucket-untrusted-kms is not publicly writable.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "PS-03.02B" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "PCI-4.0": [ - "1.2.8.35", - "1.3.1.39", - "1.3.2.39", - "1.4.2.37", - "1.5.1.35", - "10.3.2.24", - "3.5.1.3.29", - "A1.1.2.20", - "A1.1.3.35", - "A3.4.1.22" - ], - "PCI-3.2.1": [ - "1.2", - "1.2.1", - "1.2.1.a", - "1.2.1.b", - "1.2.1.c", - "1.3", - "1.3.1", - "1.3.2", - "1.3.4", - "1.3.6", - "7.2", - "7.2.1" - ], - "CCC": [ - "CCC.AuditLog.CN10.AR01", - "CCC.AuditLog.CN10.AR02", - "CCC.Logging.CN05.AR01", - "CCC.Logging.CN05.AR02", - "CCC.ObjStor.CN02.AR01", - "CCC.ObjStor.CN02.AR02", - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR05" - ], - "ProwlerThreatScore-1.0": [ - "2.2.17" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.3" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure there are no S3 buckets writable by Everyone or Any AWS customer.", - "title": "Ensure there are no S3 buckets writable by Everyone or Any AWS customer.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_public_write_acl-211203495394-us-east-1-test-bucket-untrusted-kms" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::test-bucket-untrusted-kms", - "name": "test-bucket-untrusted-kms", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "us-east-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "test-bucket-untrusted-kms", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::test-bucket-untrusted-kms" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "You can enable block public access settings only for access points, buckets and AWS accounts. Amazon S3 does not support block public access settings on a per-object basis. When you apply block public access settings to an account, the settings apply to all AWS Regions globally. The settings might not take effect in all Regions immediately or simultaneously, but they eventually propagate to all Regions.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html" - ] - }, - "risk_details": "Even if you enable all possible bucket ACL options available in the Amazon S3 console the ACL alone does not allow everyone to download objects from your bucket. Depending on which option you select any user could perform some actions.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket test-bucket-obj-untrusted does not have a bucket policy, thus it allows HTTP requests.", - "metadata": { - "event_code": "s3_bucket_secure_transport_policy", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "S3 Bucket test-bucket-obj-untrusted does not have a bucket policy, thus it allows HTTP requests.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_13", - "3_5_10", - "3_13_1", - "3_13_5", - "3_13_8", - "3_13_11", - "3_13_16" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_1_3" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_312_a_2_iv", - "164_312_c_1", - "164_312_c_2", - "164_312_e_1", - "164_312_e_2_i", - "164_312_e_2_ii" - ], - "NIST-CSF-1.1": [ - "ds_2" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-17-2", - "sc-7", - "sc-8-1", - "sc-8", - "sc-23" - ], - "CIS-3.0": [ - "2.1.1" - ], - "NIST-800-53-Revision-5": [ - "ac_4", - "ac_4_22", - "ac_17_2", - "ac_24_1", - "au_9_3", - "ca_9_b", - "cm_6_a", - "cm_9_b", - "ia_5_1_c", - "pm_11_b", - "pm_17_b", - "sc_7_4_b", - "sc_7_4_g", - "sc_7_5", - "sc_8", - "sc_8_1", - "sc_8_2", - "sc_8_3", - "sc_8_4", - "sc_8_5", - "sc_13_a", - "sc_16_1", - "sc_23", - "si_1_a_2" - ], - "ENS-RD2022": [ - "mp.com.1.aws.s3.1", - "mp.com.3.aws.s3.1" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.1", - "2.10.2" - ], - "CIS-4.0.1": [ - "2.1.1" - ], - "PCI-4.0": [ - "1.2.5.15", - "2.2.5.15", - "2.2.7.19", - "4.2.1.1.27", - "4.2.1.19", - "8.3.2.49" - ], - "FedRAMP-Low-Revision-4": [ - "ac-17", - "sc-7" - ], - "FFIEC": [ - "d3-pc-am-b-12", - "d3-pc-am-b-13", - "d3-pc-am-b-15" - ], - "GDPR": [ - "article_32" - ], - "CIS-5.0": [ - "2.1.1" - ], - "CIS-1.4": [ - "2.1.2" - ], - "CCC": [ - "CCC.Core.CN01.AR01", - "CCC.Core.CN01.AR03", - "CCC.Core.CN01.AR07", - "CCC.Core.CN01.AR08" - ], - "GxP-21-CFR-Part-11": [ - "11.10-c", - "11.30" - ], - "ProwlerThreatScore-1.0": [ - "4.1.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.5" - ], - "CIS-1.5": [ - "2.1.2" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC09-BP02" - ], - "NIST-800-53-Revision-4": [ - "ac_17_2", - "sc_7", - "sc_8_1", - "sc_8" - ], - "KISA-ISMS-P-2023": [ - "2.7.1", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1040" - ], - "CIS-2.0": [ - "2.1.1" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Check if S3 buckets have secure transport policy.", - "title": "Check if S3 buckets have secure transport policy.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_secure_transport_policy-211203495394-us-east-1-test-bucket-obj-untrusted" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::test-bucket-obj-untrusted", - "name": "test-bucket-obj-untrusted", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": null, - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "us-east-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "test-bucket-obj-untrusted", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::test-bucket-obj-untrusted" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Ensure that S3 buckets have encryption in transit enabled.", - "references": [ - "https://aws.amazon.com/premiumsupport/knowledge-center/s3-bucket-policy-for-config-rule/" - ] - }, - "risk_details": "If HTTPS is not enforced on the bucket policy, communication between clients and S3 buckets can use unencrypted HTTP. As a result, sensitive information could be transmitted in clear text over the network or internet.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket test-bucket-untrusted-kms does not have a bucket policy, thus it allows HTTP requests.", - "metadata": { - "event_code": "s3_bucket_secure_transport_policy", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "S3 Bucket test-bucket-untrusted-kms does not have a bucket policy, thus it allows HTTP requests.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_13", - "3_5_10", - "3_13_1", - "3_13_5", - "3_13_8", - "3_13_11", - "3_13_16" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_1_3" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_312_a_2_iv", - "164_312_c_1", - "164_312_c_2", - "164_312_e_1", - "164_312_e_2_i", - "164_312_e_2_ii" - ], - "NIST-CSF-1.1": [ - "ds_2" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-17-2", - "sc-7", - "sc-8-1", - "sc-8", - "sc-23" - ], - "CIS-3.0": [ - "2.1.1" - ], - "NIST-800-53-Revision-5": [ - "ac_4", - "ac_4_22", - "ac_17_2", - "ac_24_1", - "au_9_3", - "ca_9_b", - "cm_6_a", - "cm_9_b", - "ia_5_1_c", - "pm_11_b", - "pm_17_b", - "sc_7_4_b", - "sc_7_4_g", - "sc_7_5", - "sc_8", - "sc_8_1", - "sc_8_2", - "sc_8_3", - "sc_8_4", - "sc_8_5", - "sc_13_a", - "sc_16_1", - "sc_23", - "si_1_a_2" - ], - "ENS-RD2022": [ - "mp.com.1.aws.s3.1", - "mp.com.3.aws.s3.1" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.1", - "2.10.2" - ], - "CIS-4.0.1": [ - "2.1.1" - ], - "PCI-4.0": [ - "1.2.5.15", - "2.2.5.15", - "2.2.7.19", - "4.2.1.1.27", - "4.2.1.19", - "8.3.2.49" - ], - "FedRAMP-Low-Revision-4": [ - "ac-17", - "sc-7" - ], - "FFIEC": [ - "d3-pc-am-b-12", - "d3-pc-am-b-13", - "d3-pc-am-b-15" - ], - "GDPR": [ - "article_32" - ], - "CIS-5.0": [ - "2.1.1" - ], - "CIS-1.4": [ - "2.1.2" - ], - "CCC": [ - "CCC.Core.CN01.AR01", - "CCC.Core.CN01.AR03", - "CCC.Core.CN01.AR07", - "CCC.Core.CN01.AR08" - ], - "GxP-21-CFR-Part-11": [ - "11.10-c", - "11.30" - ], - "ProwlerThreatScore-1.0": [ - "4.1.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.5" - ], - "CIS-1.5": [ - "2.1.2" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC09-BP02" - ], - "NIST-800-53-Revision-4": [ - "ac_17_2", - "sc_7", - "sc_8_1", - "sc_8" - ], - "KISA-ISMS-P-2023": [ - "2.7.1", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1040" - ], - "CIS-2.0": [ - "2.1.1" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Check if S3 buckets have secure transport policy.", - "title": "Check if S3 buckets have secure transport policy.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_secure_transport_policy-211203495394-us-east-1-test-bucket-untrusted-kms" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::test-bucket-untrusted-kms", - "name": "test-bucket-untrusted-kms", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "us-east-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "test-bucket-untrusted-kms", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::test-bucket-untrusted-kms" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Ensure that S3 buckets have encryption in transit enabled.", - "references": [ - "https://aws.amazon.com/premiumsupport/knowledge-center/s3-bucket-policy-for-config-rule/" - ] - }, - "risk_details": "If HTTPS is not enforced on the bucket policy, communication between clients and S3 buckets can use unencrypted HTTP. As a result, sensitive information could be transmitted in clear text over the network or internet.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket test-bucket-obj-untrusted has server access logging disabled.", - "metadata": { - "event_code": "s3_bucket_server_access_logging_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "S3 Bucket test-bucket-obj-untrusted has server access logging disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_12", - "3_3_1", - "3_3_2", - "3_3_3", - "3_6_1", - "3_6_2", - "3_13_1", - "3_14_6", - "3_14_7" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_4" - ], - "HIPAA": [ - "164_308_a_1_ii_d", - "164_308_a_3_ii_a", - "164_308_a_6_ii", - "164_312_b", - "164_312_e_2_i" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "C5-2025": [ - "AM-01.01AC", - "OPS-11.02AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "IAM-06.04B", - "IAM-07.04B", - "IAM-10.01B", - "SSO-05.01AC", - "PSS-04.05B" - ], - "NIST-CSF-1.1": [ - "ae_1", - "ae_3", - "ae_4", - "cm_1", - "cm_3", - "cm_6", - "cm_7", - "am_3", - "ac_6", - "ds_5", - "pt_1" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-4", - "ac-2-g", - "au-2-a-d", - "au-3", - "au-6-1-3", - "au-12-a-c" - ], - "NIST-800-53-Revision-5": [ - "ac_2_4", - "ac_3_1", - "ac_3_10", - "ac_4_26", - "ac_6_9", - "au_2_b", - "au_3_a", - "au_3_b", - "au_3_c", - "au_3_d", - "au_3_e", - "au_3_f", - "au_6_3", - "au_6_4", - "au_6_6", - "au_6_9", - "au_8_b", - "au_10", - "au_12_a", - "au_12_c", - "au_12_1", - "au_12_2", - "au_12_3", - "au_12_4", - "au_14_a", - "au_14_b", - "au_14_3", - "ca_7_b", - "cm_5_1_b", - "cm_6_a", - "cm_9_b", - "ia_3_3_b", - "ma_4_1_a", - "pm_14_a_1", - "pm_14_b", - "pm_31", - "sc_7_9_b", - "si_1_1_c", - "si_3_8_b", - "si_4_2", - "si_4_17", - "si_4_20", - "si_7_8", - "si_10_1_c" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.2" - ], - "PCI-4.0": [ - "10.2.1.1.30", - "10.2.1.2.27", - "10.2.1.3.27", - "10.2.1.4.27", - "10.2.1.5.27", - "10.2.1.6.27", - "10.2.1.7.27", - "10.2.1.27", - "10.2.2.27", - "10.3.1.27", - "10.6.3.34", - "5.3.4.32", - "A1.2.1.32" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "au-2" - ], - "FFIEC": [ - "d2-ma-ma-b-1", - "d2-ma-ma-b-2", - "d3-dc-an-b-3", - "d3-dc-an-b-4", - "d5-dr-de-b-3" - ], - "PCI-3.2.1": [ - "10.1", - "10.2", - "10.2.1", - "10.2.2", - "10.2.3", - "10.2.4", - "10.2.6", - "10.2.7", - "10.3", - "10.3.1", - "10.3.2", - "10.3.3", - "10.3.4", - "10.3.5", - "10.3.6", - "10.5", - "10.5.4" - ], - "CCC": [ - "CCC.AuditLog.CN04.AR01", - "CCC.ObjStor.CN06.AR01", - "CCC.Core.CN09.AR03" - ], - "GxP-21-CFR-Part-11": [ - "11.10-e", - "11.10-k" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.9" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP01" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "NIST-800-53-Revision-4": [ - "ac_2", - "au_2", - "au_3", - "au_12" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.2" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ], - "NIS2": [ - "1.1.1.h", - "3.2.3.c", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Check if S3 buckets have server access logging enabled", - "title": "Check if S3 buckets have server access logging enabled", - "types": [ - "Logging and Monitoring" - ], - "uid": "prowler-aws-s3_bucket_server_access_logging_enabled-211203495394-us-east-1-test-bucket-obj-untrusted" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::test-bucket-obj-untrusted", - "name": "test-bucket-obj-untrusted", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": null, - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "us-east-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "test-bucket-obj-untrusted", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::test-bucket-obj-untrusted" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Ensure that S3 buckets have Logging enabled. CloudTrail data events can be used in place of S3 bucket logging. If that is the case, this finding can be considered a false positive.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/dev/security-best-practices.html" - ] - }, - "risk_details": "Server access logs can assist you in security and access audits, help you learn about your customer base, and understand your Amazon S3 bill.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket test-bucket-untrusted-kms has server access logging disabled.", - "metadata": { - "event_code": "s3_bucket_server_access_logging_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "S3 Bucket test-bucket-untrusted-kms has server access logging disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_12", - "3_3_1", - "3_3_2", - "3_3_3", - "3_6_1", - "3_6_2", - "3_13_1", - "3_14_6", - "3_14_7" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_4" - ], - "HIPAA": [ - "164_308_a_1_ii_d", - "164_308_a_3_ii_a", - "164_308_a_6_ii", - "164_312_b", - "164_312_e_2_i" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "C5-2025": [ - "AM-01.01AC", - "OPS-11.02AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "IAM-06.04B", - "IAM-07.04B", - "IAM-10.01B", - "SSO-05.01AC", - "PSS-04.05B" - ], - "NIST-CSF-1.1": [ - "ae_1", - "ae_3", - "ae_4", - "cm_1", - "cm_3", - "cm_6", - "cm_7", - "am_3", - "ac_6", - "ds_5", - "pt_1" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-4", - "ac-2-g", - "au-2-a-d", - "au-3", - "au-6-1-3", - "au-12-a-c" - ], - "NIST-800-53-Revision-5": [ - "ac_2_4", - "ac_3_1", - "ac_3_10", - "ac_4_26", - "ac_6_9", - "au_2_b", - "au_3_a", - "au_3_b", - "au_3_c", - "au_3_d", - "au_3_e", - "au_3_f", - "au_6_3", - "au_6_4", - "au_6_6", - "au_6_9", - "au_8_b", - "au_10", - "au_12_a", - "au_12_c", - "au_12_1", - "au_12_2", - "au_12_3", - "au_12_4", - "au_14_a", - "au_14_b", - "au_14_3", - "ca_7_b", - "cm_5_1_b", - "cm_6_a", - "cm_9_b", - "ia_3_3_b", - "ma_4_1_a", - "pm_14_a_1", - "pm_14_b", - "pm_31", - "sc_7_9_b", - "si_1_1_c", - "si_3_8_b", - "si_4_2", - "si_4_17", - "si_4_20", - "si_7_8", - "si_10_1_c" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.2" - ], - "PCI-4.0": [ - "10.2.1.1.30", - "10.2.1.2.27", - "10.2.1.3.27", - "10.2.1.4.27", - "10.2.1.5.27", - "10.2.1.6.27", - "10.2.1.7.27", - "10.2.1.27", - "10.2.2.27", - "10.3.1.27", - "10.6.3.34", - "5.3.4.32", - "A1.2.1.32" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "au-2" - ], - "FFIEC": [ - "d2-ma-ma-b-1", - "d2-ma-ma-b-2", - "d3-dc-an-b-3", - "d3-dc-an-b-4", - "d5-dr-de-b-3" - ], - "PCI-3.2.1": [ - "10.1", - "10.2", - "10.2.1", - "10.2.2", - "10.2.3", - "10.2.4", - "10.2.6", - "10.2.7", - "10.3", - "10.3.1", - "10.3.2", - "10.3.3", - "10.3.4", - "10.3.5", - "10.3.6", - "10.5", - "10.5.4" - ], - "CCC": [ - "CCC.AuditLog.CN04.AR01", - "CCC.ObjStor.CN06.AR01", - "CCC.Core.CN09.AR03" - ], - "GxP-21-CFR-Part-11": [ - "11.10-e", - "11.10-k" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.9" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP01" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "NIST-800-53-Revision-4": [ - "ac_2", - "au_2", - "au_3", - "au_12" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.2" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ], - "NIS2": [ - "1.1.1.h", - "3.2.3.c", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Check if S3 buckets have server access logging enabled", - "title": "Check if S3 buckets have server access logging enabled", - "types": [ - "Logging and Monitoring" - ], - "uid": "prowler-aws-s3_bucket_server_access_logging_enabled-211203495394-us-east-1-test-bucket-untrusted-kms" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::test-bucket-untrusted-kms", - "name": "test-bucket-untrusted-kms", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "us-east-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "test-bucket-untrusted-kms", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::test-bucket-untrusted-kms" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Ensure that S3 buckets have Logging enabled. CloudTrail data events can be used in place of S3 bucket logging. If that is the case, this finding can be considered a false positive.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/dev/security-best-practices.html" - ] - }, - "risk_details": "Server access logs can assist you in security and access audits, help you learn about your customer base, and understand your Amazon S3 bill.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 bucket test-bucket-obj-untrusted is not a known shadow resource.", - "metadata": { - "event_code": "s3_bucket_shadow_resource_vulnerability", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 bucket test-bucket-obj-untrusted is not a known shadow resource.", - "status_id": 1, - "unmapped": { - "related_url": "https://www.aquasec.com/blog/bucket-monopoly-breaching-aws-accounts-through-shadow-resources/", - "categories": [ - "trustboundaries" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "This check is based on the 'Bucket Monopoly' vulnerability disclosed by Aqua Security.", - "compliance": { - "C5-2025": [ - "OPS-25.01B" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Checks for S3 buckets with predictable names that could be hijacked by an attacker before legitimate use, leading to data leakage or other security breaches.", - "title": "Check for S3 buckets vulnerable to Shadow Resource Hijacking (Bucket Monopoly)", - "types": [ - "Effects/Data Exposure" - ], - "uid": "prowler-aws-s3_bucket_shadow_resource_vulnerability-211203495394-us-east-1-test-bucket-obj-untrusted" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::test-bucket-obj-untrusted", - "name": "test-bucket-obj-untrusted", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": null, - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "us-east-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "test-bucket-obj-untrusted", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::test-bucket-obj-untrusted" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Ensure that all S3 buckets associated with your AWS account are owned by your account. Be cautious of services that create buckets with predictable names. Whenever possible, pre-create these buckets in all regions to prevent hijacking.", - "references": [ - "https://www.aquasec.com/blog/bucket-monopoly-breaching-aws-accounts-through-shadow-resources/" - ] - }, - "risk_details": "An attacker can pre-create S3 buckets with predictable names used by various AWS services. When a legitimate user's service attempts to use that bucket, it may inadvertently write sensitive data to the attacker-controlled bucket, leading to information disclosure, denial of service, or even remote code execution.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 bucket test-bucket-untrusted-kms is not a known shadow resource.", - "metadata": { - "event_code": "s3_bucket_shadow_resource_vulnerability", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 bucket test-bucket-untrusted-kms is not a known shadow resource.", - "status_id": 1, - "unmapped": { - "related_url": "https://www.aquasec.com/blog/bucket-monopoly-breaching-aws-accounts-through-shadow-resources/", - "categories": [ - "trustboundaries" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "This check is based on the 'Bucket Monopoly' vulnerability disclosed by Aqua Security.", - "compliance": { - "C5-2025": [ - "OPS-25.01B" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Checks for S3 buckets with predictable names that could be hijacked by an attacker before legitimate use, leading to data leakage or other security breaches.", - "title": "Check for S3 buckets vulnerable to Shadow Resource Hijacking (Bucket Monopoly)", - "types": [ - "Effects/Data Exposure" - ], - "uid": "prowler-aws-s3_bucket_shadow_resource_vulnerability-211203495394-us-east-1-test-bucket-untrusted-kms" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::test-bucket-untrusted-kms", - "name": "test-bucket-untrusted-kms", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "us-east-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "test-bucket-untrusted-kms", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::test-bucket-untrusted-kms" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Ensure that all S3 buckets associated with your AWS account are owned by your account. Be cautious of services that create buckets with predictable names. Whenever possible, pre-create these buckets in all regions to prevent hijacking.", - "references": [ - "https://www.aquasec.com/blog/bucket-monopoly-breaching-aws-accounts-through-shadow-resources/" - ] - }, - "risk_details": "An attacker can pre-create S3 buckets with predictable names used by various AWS services. When a legitimate user's service attempts to use that bucket, it may inadvertently write sensitive data to the attacker-controlled bucket, leading to information disclosure, denial of service, or even remote code execution.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No SSM Incidents replication set exists.", - "metadata": { - "event_code": "ssmincidents_enabled_with_plans", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "No SSM Incidents replication set exists.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/incident-manager/latest/userguide/response-plans.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-03.02B", - "OIS-03.05B", - "OIS-03.06B", - "OIS-05.03B", - "OIS-08.01B", - "OIS-08.09B", - "OPS-13.02B", - "OPS-13.03AC", - "OPS-22.08B", - "DEV-15.01B", - "SIM-01.02AC", - "SIM-02.01B", - "SIM-03.01B", - "SIM-03.04B", - "SIM-04.01B", - "SIM-06.01B", - "BCM-01.05B" - ], - "ENS-RD2022": [ - "op.exp.9.aws.img.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2", - "2.11.1" - ], - "KISA-ISMS-P-2023": [ - "2.10.2", - "2.11.1" - ], - "NIS2": [ - "2.1.1", - "2.1.2.a", - "2.1.2.i", - "3.1.1", - "3.1.2.a", - "3.1.2.c", - "3.1.2.d", - "3.5.1", - "3.6.1", - "3.6.2", - "3.6.3", - "4.3.1", - "5.1.7.b", - "12.1.2.c", - "12.2.2.b" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure SSM Incidents is enabled with response plans.", - "title": "Ensure SSM Incidents is enabled with response plans.", - "types": [], - "uid": "prowler-aws-ssmincidents_enabled_with_plans-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "ssmincidents" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:ssm-incidents:us-east-1:211203495394:replication-set" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Enable SSM Incidents and create response plans", - "references": [ - "https://docs.aws.amazon.com/incident-manager/latest/userguide/response-plans.html" - ] - }, - "risk_details": "Not having SSM Incidents enabled can increase the risk of delayed detection and response to security incidents, unauthorized access, limited visibility into incidents and vulnerabilities", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Amazon Web Services Premium Support Subscription is required to use this service.", - "metadata": { - "event_code": "trustedadvisor_errors_and_warnings", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "MANUAL", - "status_detail": "Amazon Web Services Premium Support Subscription is required to use this service.", - "status_id": 1, - "unmapped": { - "related_url": "https://aws.amazon.com/premiumsupport/technology/trusted-advisor/best-practice-checklist/", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "KISA-ISMS-P-2023-korean": [ - "2.10.1", - "2.10.2", - "2.11.3" - ], - "KISA-ISMS-P-2023": [ - "2.10.1", - "2.10.2", - "2.11.3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Check Trusted Advisor for errors and warnings.", - "title": "Check Trusted Advisor for errors and warnings.", - "types": [], - "uid": "prowler-aws-trustedadvisor_errors_and_warnings-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "trustedadvisor" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:trusted-advisor:us-east-1:211203495394:account" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Review and act upon its recommendations.", - "references": [ - "https://aws.amazon.com/premiumsupport/technology/trusted-advisor/best-practice-checklist/" - ] - }, - "risk_details": "Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Amazon Web Services Premium Support Plan isn't subscribed.", - "metadata": { - "event_code": "trustedadvisor_premium_support_plan_subscribed", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "Amazon Web Services Premium Support Plan isn't subscribed.", - "status_id": 1, - "unmapped": { - "related_url": "https://aws.amazon.com/premiumsupport/plans/", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "SSO-05.06B" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Check if a Premium support plan is subscribed.", - "title": "Check if a Premium support plan is subscribed", - "types": [], - "uid": "prowler-aws-trustedadvisor_premium_support_plan_subscribed-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "enabled": false - } - }, - "group": { - "name": "trustedadvisor" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:trusted-advisor:us-east-1:211203495394:account" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "It is recommended that you subscribe to the AWS Business Support tier or higher for all of your AWS production accounts. If you don't have premium support, you must have an action plan to handle issues which require help from AWS Support. AWS Support provides a mix of tools and technology, people, and programs designed to proactively help you optimize performance, lower costs, and innovate faster.", - "references": [ - "https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/Support/support-plan.html" - ] - }, - "risk_details": "Ensure that the appropriate support level is enabled for the necessary AWS accounts. For example, if an AWS account is being used to host production systems and environments, it is highly recommended that the minimum AWS Support Plan should be Business.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "VPCs found only in one region.", - "metadata": { - "event_code": "vpc_different_regions", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "VPCs found only in one region.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Scenario2.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS" - ], - "ENS-RD2022": [ - "mp.com.4.r1.aws.vpc.1", - "mp.com.4.r3.aws.vpc.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.2" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "KISA-ISMS-P-2023": [ - "2.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure there are VPCs in more than one region", - "title": "Ensure there are VPCs in more than one region", - "types": [ - "Infrastructure Security" - ], - "uid": "prowler-aws-vpc_different_regions-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "vpc-0db221deba515d6c7": { - "arn": "arn:aws:ec2:eu-west-1:211203495394:vpc/vpc-0db221deba515d6c7", - "id": "vpc-0db221deba515d6c7", - "name": "ex-rds", - "default": false, - "in_use": false, - "cidr_block": "10.0.0.0/16", - "flow_log": false, - "region": "eu-west-1", - "subnets": [ - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-0032157e99d569ffd", - "id": "subnet-0032157e99d569ffd", - "name": "ex-rds-public-eu-west-1a", - "default": false, - "vpc_id": "vpc-0db221deba515d6c7", - "cidr_block": "10.0.0.0/24", - "availability_zone": "eu-west-1a", - "public": true, - "in_use": false, - "nat_gateway": false, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "GithubRepo", - "Value": "terraform-aws-rds-aurora" - }, - { - "Key": "Example", - "Value": "ex-rds" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Name", - "Value": "ex-rds-public-eu-west-1a" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-0099cb47638dfe6cc", - "id": "subnet-0099cb47638dfe6cc", - "name": "ex-rds-db-eu-west-1c", - "default": false, - "vpc_id": "vpc-0db221deba515d6c7", - "cidr_block": "10.0.8.0/24", - "availability_zone": "eu-west-1c", - "public": false, - "in_use": false, - "nat_gateway": false, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "Example", - "Value": "ex-rds" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-rds-aurora" - }, - { - "Key": "Name", - "Value": "ex-rds-db-eu-west-1c" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-06044fff66c61bb5d", - "id": "subnet-06044fff66c61bb5d", - "name": "ex-rds-private-eu-west-1a", - "default": false, - "vpc_id": "vpc-0db221deba515d6c7", - "cidr_block": "10.0.3.0/24", - "availability_zone": "eu-west-1a", - "public": false, - "in_use": false, - "nat_gateway": false, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Example", - "Value": "ex-rds" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-rds-aurora" - }, - { - "Key": "Name", - "Value": "ex-rds-private-eu-west-1a" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-0460814cac0ede342", - "id": "subnet-0460814cac0ede342", - "name": "ex-rds-db-eu-west-1a", - "default": false, - "vpc_id": "vpc-0db221deba515d6c7", - "cidr_block": "10.0.6.0/24", - "availability_zone": "eu-west-1a", - "public": false, - "in_use": false, - "nat_gateway": false, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "Name", - "Value": "ex-rds-db-eu-west-1a" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Example", - "Value": "ex-rds" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-rds-aurora" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-0fe7301ce3651cd65", - "id": "subnet-0fe7301ce3651cd65", - "name": "ex-rds-db-eu-west-1b", - "default": false, - "vpc_id": "vpc-0db221deba515d6c7", - "cidr_block": "10.0.7.0/24", - "availability_zone": "eu-west-1b", - "public": false, - "in_use": false, - "nat_gateway": false, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Example", - "Value": "ex-rds" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-rds-aurora" - }, - { - "Key": "Name", - "Value": "ex-rds-db-eu-west-1b" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-02905869f401bc924", - "id": "subnet-02905869f401bc924", - "name": "ex-rds-private-eu-west-1b", - "default": false, - "vpc_id": "vpc-0db221deba515d6c7", - "cidr_block": "10.0.4.0/24", - "availability_zone": "eu-west-1b", - "public": false, - "in_use": false, - "nat_gateway": false, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "Name", - "Value": "ex-rds-private-eu-west-1b" - }, - { - "Key": "Example", - "Value": "ex-rds" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-rds-aurora" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-06cdd0ff5333f76e5", - "id": "subnet-06cdd0ff5333f76e5", - "name": "ex-rds-private-eu-west-1c", - "default": false, - "vpc_id": "vpc-0db221deba515d6c7", - "cidr_block": "10.0.5.0/24", - "availability_zone": "eu-west-1c", - "public": false, - "in_use": false, - "nat_gateway": false, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Example", - "Value": "ex-rds" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-rds-aurora" - }, - { - "Key": "Name", - "Value": "ex-rds-private-eu-west-1c" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-02cbf11ee27383148", - "id": "subnet-02cbf11ee27383148", - "name": "ex-rds-public-eu-west-1c", - "default": false, - "vpc_id": "vpc-0db221deba515d6c7", - "cidr_block": "10.0.2.0/24", - "availability_zone": "eu-west-1c", - "public": true, - "in_use": false, - "nat_gateway": false, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "GithubRepo", - "Value": "terraform-aws-rds-aurora" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Name", - "Value": "ex-rds-public-eu-west-1c" - }, - { - "Key": "Example", - "Value": "ex-rds" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-0c601df1846258b27", - "id": "subnet-0c601df1846258b27", - "name": "ex-rds-public-eu-west-1b", - "default": false, - "vpc_id": "vpc-0db221deba515d6c7", - "cidr_block": "10.0.1.0/24", - "availability_zone": "eu-west-1b", - "public": true, - "in_use": false, - "nat_gateway": false, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "Name", - "Value": "ex-rds-public-eu-west-1b" - }, - { - "Key": "Example", - "Value": "ex-rds" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-rds-aurora" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - } - ] - } - ], - "tags": [ - { - "Key": "Example", - "Value": "ex-rds" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-rds-aurora" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Name", - "Value": "ex-rds" - } - ] - }, - "vpc-007d791b9b857543e": { - "arn": "arn:aws:ec2:eu-west-1:211203495394:vpc/vpc-007d791b9b857543e", - "id": "vpc-007d791b9b857543e", - "name": "ex-vpc", - "default": false, - "in_use": true, - "cidr_block": "10.0.0.0/16", - "flow_log": true, - "region": "eu-west-1", - "subnets": [ - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-0ed85e6f7a21ca120", - "id": "subnet-0ed85e6f7a21ca120", - "name": "ex-vpc-db-eu-west-1b", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.9.0/24", - "availability_zone": "eu-west-1b", - "public": false, - "in_use": false, - "nat_gateway": true, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Name", - "Value": "ex-vpc-db-eu-west-1b" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Example", - "Value": "ex-vpc" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-0dff6254fddd22140", - "id": "subnet-0dff6254fddd22140", - "name": "ex-vpc-intra-eu-west-1c", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.22.0/24", - "availability_zone": "eu-west-1c", - "public": false, - "in_use": false, - "nat_gateway": false, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "Name", - "Value": "ex-vpc-intra-eu-west-1c" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-003e93ce0ba0d219a", - "id": "subnet-003e93ce0ba0d219a", - "name": "Redshift Subnet Two", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.17.0/24", - "availability_zone": "eu-west-1b", - "public": false, - "in_use": false, - "nat_gateway": true, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Name", - "Value": "Redshift Subnet Two" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-0b96cff7e9a8bbcac", - "id": "subnet-0b96cff7e9a8bbcac", - "name": "Elasticache Subnet One", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.12.0/24", - "availability_zone": "eu-west-1a", - "public": false, - "in_use": false, - "nat_gateway": true, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "Name", - "Value": "Elasticache Subnet One" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-00526a0cd693d0679", - "id": "subnet-00526a0cd693d0679", - "name": "ex-vpc-public-eu-west-1c", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.6.0/24", - "availability_zone": "eu-west-1c", - "public": true, - "in_use": false, - "nat_gateway": false, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "Name", - "Value": "ex-vpc-public-eu-west-1c" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-03dfe7e9e94d1af9f", - "id": "subnet-03dfe7e9e94d1af9f", - "name": "DB Subnet One", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.8.0/24", - "availability_zone": "eu-west-1a", - "public": false, - "in_use": false, - "nat_gateway": true, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Name", - "Value": "DB Subnet One" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Example", - "Value": "ex-vpc" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-0916ac2a0e7ef95cf", - "id": "subnet-0916ac2a0e7ef95cf", - "name": "Private Subnet One", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.0.0/24", - "availability_zone": "eu-west-1a", - "public": false, - "in_use": true, - "nat_gateway": true, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "Name", - "Value": "Private Subnet One" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-094260cca8a477871", - "id": "subnet-094260cca8a477871", - "name": "Private Subnet Two", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.1.0/24", - "availability_zone": "eu-west-1b", - "public": false, - "in_use": true, - "nat_gateway": true, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Name", - "Value": "Private Subnet Two" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-092b870816e369a70", - "id": "subnet-092b870816e369a70", - "name": "ex-vpc-public-eu-west-1a", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.4.0/24", - "availability_zone": "eu-west-1a", - "public": true, - "in_use": true, - "nat_gateway": false, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "Name", - "Value": "ex-vpc-public-eu-west-1a" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-0503024220aeb7296", - "id": "subnet-0503024220aeb7296", - "name": "ex-vpc-elasticache-eu-west-1c", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.14.0/24", - "availability_zone": "eu-west-1c", - "public": false, - "in_use": false, - "nat_gateway": true, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "Name", - "Value": "ex-vpc-elasticache-eu-west-1c" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Example", - "Value": "ex-vpc" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-0065b4be93c6e8110", - "id": "subnet-0065b4be93c6e8110", - "name": "ex-vpc-private-eu-west-1c", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.2.0/24", - "availability_zone": "eu-west-1c", - "public": false, - "in_use": true, - "nat_gateway": true, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "Name", - "Value": "ex-vpc-private-eu-west-1c" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-049af33a5bc4a8bee", - "id": "subnet-049af33a5bc4a8bee", - "name": "ex-vpc-intra-eu-west-1b", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.21.0/24", - "availability_zone": "eu-west-1b", - "public": false, - "in_use": false, - "nat_gateway": false, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Name", - "Value": "ex-vpc-intra-eu-west-1b" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-050902d37d76ff633", - "id": "subnet-050902d37d76ff633", - "name": "ex-vpc-db-eu-west-1c", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.10.0/24", - "availability_zone": "eu-west-1c", - "public": false, - "in_use": false, - "nat_gateway": true, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "Name", - "Value": "ex-vpc-db-eu-west-1c" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-0951ea7ab41c5e46f", - "id": "subnet-0951ea7ab41c5e46f", - "name": "Elasticache Subnet Two", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.13.0/24", - "availability_zone": "eu-west-1b", - "public": false, - "in_use": false, - "nat_gateway": true, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "Name", - "Value": "Elasticache Subnet Two" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-08017c3b1071423b7", - "id": "subnet-08017c3b1071423b7", - "name": "Redshift Subnet One", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.16.0/24", - "availability_zone": "eu-west-1a", - "public": false, - "in_use": false, - "nat_gateway": true, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Name", - "Value": "Redshift Subnet One" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Example", - "Value": "ex-vpc" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-066aeeffb9d61ac77", - "id": "subnet-066aeeffb9d61ac77", - "name": "Redshift Subnet Three", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.18.0/24", - "availability_zone": "eu-west-1c", - "public": false, - "in_use": false, - "nat_gateway": true, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Name", - "Value": "Redshift Subnet Three" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-0f2535905905cd998", - "id": "subnet-0f2535905905cd998", - "name": "ex-vpc-intra-eu-west-1a", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.20.0/24", - "availability_zone": "eu-west-1a", - "public": false, - "in_use": false, - "nat_gateway": false, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "Name", - "Value": "ex-vpc-intra-eu-west-1a" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Example", - "Value": "ex-vpc" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-0ea254ffb94ba85e0", - "id": "subnet-0ea254ffb94ba85e0", - "name": "ex-vpc-public-eu-west-1b", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.5.0/24", - "availability_zone": "eu-west-1b", - "public": true, - "in_use": false, - "nat_gateway": false, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Name", - "Value": "ex-vpc-public-eu-west-1b" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - } - ] - } - ], - "tags": [ - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Name", - "Value": "ex-vpc" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Example", - "Value": "ex-vpc" - } - ] - } - } - }, - "group": { - "name": "vpc" - }, - "labels": [], - "name": "211203495394", - "type": "AwsEc2Vpc", - "uid": "arn:aws:ec2:us-east-1:211203495394:vpc" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Ensure there are VPCs in more than one region", - "references": [ - "https://docs.aws.amazon.com/vpc/latest/userguide/vpc-example-private-subnets-nat.html" - ] - }, - "risk_details": "", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "VPC Endpoint vpce-0cce48e2ffd124a50 in VPC vpc-007d791b9b857543e can be accessed from non-trusted accounts.", - "metadata": { - "event_code": "vpc_endpoint_connections_trust_boundaries", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "VPC Endpoint vpce-0cce48e2ffd124a50 in VPC vpc-007d791b9b857543e can be accessed from non-trusted accounts.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "trustboundaries" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "COS-03.01B" - ], - "AWS-Foundational-Technical-Review": [ - "NETSEC-002" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.1", - "2.6.2", - "2.10.2" - ], - "CCC": [ - "CCC.LB.CN09.AR01", - "CCC.MLDE.CN08.AR01", - "CCC.Core.CN06.AR01", - "CCC.Core.CN06.AR02", - "CCC.Core.CN10.AR01", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP01" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "KISA-ISMS-P-2023": [ - "2.6.1", - "2.6.2", - "2.10.2" - ], - "CISA": [ - "your-systems-3" - ], - "NIS2": [ - "6.8.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Find trust boundaries in VPC endpoint connections.", - "title": "Find trust boundaries in VPC endpoint connections.", - "types": [ - "Infrastructure Security" - ], - "uid": "prowler-aws-vpc_endpoint_connections_trust_boundaries-211203495394-eu-west-1-vpce-0cce48e2ffd124a50" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:ec2:eu-west-1:211203495394:vpc-endpoint/vpce-0cce48e2ffd124a50", - "id": "vpce-0cce48e2ffd124a50", - "vpc_id": "vpc-007d791b9b857543e", - "service_name": "com.amazonaws.eu-west-1.dynamodb", - "state": "available", - "subnet_ids": [], - "policy_document": { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Deny", - "Principal": "*", - "Action": "dynamodb:*", - "Resource": "*", - "Condition": { - "StringNotEquals": { - "aws:sourceVpc": "vpc-007d791b9b857543e" - } - } - } - ] - }, - "owner_id": "211203495394", - "type": "Gateway", - "region": "eu-west-1", - "tags": [ - { - "Key": "Project", - "Value": "Secret" - }, - { - "Key": "Endpoint", - "Value": "true" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "Name", - "Value": "dynamodb-vpc-endpoint" - } - ] - } - }, - "group": { - "name": "vpc" - }, - "labels": [ - "Project:Secret", - "Endpoint:true", - "GithubRepo:terraform-aws-vpc", - "GithubOrg:terraform-aws-modules", - "Example:ex-vpc", - "Name:dynamodb-vpc-endpoint" - ], - "name": "vpce-0cce48e2ffd124a50", - "type": "AwsEc2VpcEndpointService", - "uid": "arn:aws:ec2:eu-west-1:211203495394:vpc-endpoint/vpce-0cce48e2ffd124a50" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "In multi Account environments identify untrusted links. Check trust chaining and dependencies between accounts.", - "references": [ - "https://docs.aws.amazon.com/vpc/latest/privatelink/vpc-endpoints-access.html" - ] - }, - "risk_details": "Account VPC could be linked to other accounts.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "VPC Endpoint vpce-0d196d595014c6261 in VPC vpc-007d791b9b857543e can be accessed from non-trusted accounts.", - "metadata": { - "event_code": "vpc_endpoint_connections_trust_boundaries", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "VPC Endpoint vpce-0d196d595014c6261 in VPC vpc-007d791b9b857543e can be accessed from non-trusted accounts.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "trustboundaries" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "COS-03.01B" - ], - "AWS-Foundational-Technical-Review": [ - "NETSEC-002" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.1", - "2.6.2", - "2.10.2" - ], - "CCC": [ - "CCC.LB.CN09.AR01", - "CCC.MLDE.CN08.AR01", - "CCC.Core.CN06.AR01", - "CCC.Core.CN06.AR02", - "CCC.Core.CN10.AR01", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP01" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "KISA-ISMS-P-2023": [ - "2.6.1", - "2.6.2", - "2.10.2" - ], - "CISA": [ - "your-systems-3" - ], - "NIS2": [ - "6.8.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Find trust boundaries in VPC endpoint connections.", - "title": "Find trust boundaries in VPC endpoint connections.", - "types": [ - "Infrastructure Security" - ], - "uid": "prowler-aws-vpc_endpoint_connections_trust_boundaries-211203495394-eu-west-1-vpce-0d196d595014c6261" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:ec2:eu-west-1:211203495394:vpc-endpoint/vpce-0d196d595014c6261", - "id": "vpce-0d196d595014c6261", - "vpc_id": "vpc-007d791b9b857543e", - "service_name": "com.amazonaws.eu-west-1.ecr.dkr", - "state": "available", - "subnet_ids": [ - "subnet-0916ac2a0e7ef95cf", - "subnet-094260cca8a477871", - "subnet-0065b4be93c6e8110" - ], - "policy_document": { - "Statement": [ - { - "Action": "*", - "Condition": { - "StringNotEquals": { - "aws:SourceVpc": "vpc-007d791b9b857543e" - } - }, - "Effect": "Deny", - "Principal": "*", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "owner_id": "211203495394", - "type": "Interface", - "region": "eu-west-1", - "tags": [ - { - "Key": "Project", - "Value": "Secret" - }, - { - "Key": "Endpoint", - "Value": "true" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "Name", - "Value": "ecr_dkr" - } - ] - } - }, - "group": { - "name": "vpc" - }, - "labels": [ - "Project:Secret", - "Endpoint:true", - "GithubRepo:terraform-aws-vpc", - "GithubOrg:terraform-aws-modules", - "Example:ex-vpc", - "Name:ecr_dkr" - ], - "name": "vpce-0d196d595014c6261", - "type": "AwsEc2VpcEndpointService", - "uid": "arn:aws:ec2:eu-west-1:211203495394:vpc-endpoint/vpce-0d196d595014c6261" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "In multi Account environments identify untrusted links. Check trust chaining and dependencies between accounts.", - "references": [ - "https://docs.aws.amazon.com/vpc/latest/privatelink/vpc-endpoints-access.html" - ] - }, - "risk_details": "Account VPC could be linked to other accounts.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "VPC Endpoint vpce-048468dcce7076475 in VPC vpc-007d791b9b857543e can be accessed from non-trusted accounts.", - "metadata": { - "event_code": "vpc_endpoint_connections_trust_boundaries", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "VPC Endpoint vpce-048468dcce7076475 in VPC vpc-007d791b9b857543e can be accessed from non-trusted accounts.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "trustboundaries" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "COS-03.01B" - ], - "AWS-Foundational-Technical-Review": [ - "NETSEC-002" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.1", - "2.6.2", - "2.10.2" - ], - "CCC": [ - "CCC.LB.CN09.AR01", - "CCC.MLDE.CN08.AR01", - "CCC.Core.CN06.AR01", - "CCC.Core.CN06.AR02", - "CCC.Core.CN10.AR01", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP01" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "KISA-ISMS-P-2023": [ - "2.6.1", - "2.6.2", - "2.10.2" - ], - "CISA": [ - "your-systems-3" - ], - "NIS2": [ - "6.8.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Find trust boundaries in VPC endpoint connections.", - "title": "Find trust boundaries in VPC endpoint connections.", - "types": [ - "Infrastructure Security" - ], - "uid": "prowler-aws-vpc_endpoint_connections_trust_boundaries-211203495394-eu-west-1-vpce-048468dcce7076475" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:ec2:eu-west-1:211203495394:vpc-endpoint/vpce-048468dcce7076475", - "id": "vpce-048468dcce7076475", - "vpc_id": "vpc-007d791b9b857543e", - "service_name": "com.amazonaws.eu-west-1.ecs", - "state": "available", - "subnet_ids": [ - "subnet-0916ac2a0e7ef95cf", - "subnet-094260cca8a477871", - "subnet-0065b4be93c6e8110" - ], - "policy_document": { - "Statement": [ - { - "Action": "*", - "Effect": "Allow", - "Principal": "*", - "Resource": "*" - } - ] - }, - "owner_id": "211203495394", - "type": "Interface", - "region": "eu-west-1", - "tags": [ - { - "Key": "Project", - "Value": "Secret" - }, - { - "Key": "Endpoint", - "Value": "true" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "Name", - "Value": "ecs" - } - ] - } - }, - "group": { - "name": "vpc" - }, - "labels": [ - "Project:Secret", - "Endpoint:true", - "GithubRepo:terraform-aws-vpc", - "GithubOrg:terraform-aws-modules", - "Example:ex-vpc", - "Name:ecs" - ], - "name": "vpce-048468dcce7076475", - "type": "AwsEc2VpcEndpointService", - "uid": "arn:aws:ec2:eu-west-1:211203495394:vpc-endpoint/vpce-048468dcce7076475" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "In multi Account environments identify untrusted links. Check trust chaining and dependencies between accounts.", - "references": [ - "https://docs.aws.amazon.com/vpc/latest/privatelink/vpc-endpoints-access.html" - ] - }, - "risk_details": "Account VPC could be linked to other accounts.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "VPC Endpoint vpce-053d3038fa6b7a292 in VPC vpc-007d791b9b857543e can be accessed from non-trusted accounts.", - "metadata": { - "event_code": "vpc_endpoint_connections_trust_boundaries", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "VPC Endpoint vpce-053d3038fa6b7a292 in VPC vpc-007d791b9b857543e can be accessed from non-trusted accounts.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "trustboundaries" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "COS-03.01B" - ], - "AWS-Foundational-Technical-Review": [ - "NETSEC-002" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.1", - "2.6.2", - "2.10.2" - ], - "CCC": [ - "CCC.LB.CN09.AR01", - "CCC.MLDE.CN08.AR01", - "CCC.Core.CN06.AR01", - "CCC.Core.CN06.AR02", - "CCC.Core.CN10.AR01", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP01" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "KISA-ISMS-P-2023": [ - "2.6.1", - "2.6.2", - "2.10.2" - ], - "CISA": [ - "your-systems-3" - ], - "NIS2": [ - "6.8.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Find trust boundaries in VPC endpoint connections.", - "title": "Find trust boundaries in VPC endpoint connections.", - "types": [ - "Infrastructure Security" - ], - "uid": "prowler-aws-vpc_endpoint_connections_trust_boundaries-211203495394-eu-west-1-vpce-053d3038fa6b7a292" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:ec2:eu-west-1:211203495394:vpc-endpoint/vpce-053d3038fa6b7a292", - "id": "vpce-053d3038fa6b7a292", - "vpc_id": "vpc-007d791b9b857543e", - "service_name": "com.amazonaws.eu-west-1.rds", - "state": "available", - "subnet_ids": [ - "subnet-0916ac2a0e7ef95cf", - "subnet-094260cca8a477871", - "subnet-0065b4be93c6e8110" - ], - "policy_document": { - "Statement": [ - { - "Action": "*", - "Effect": "Allow", - "Principal": "*", - "Resource": "*" - } - ] - }, - "owner_id": "211203495394", - "type": "Interface", - "region": "eu-west-1", - "tags": [ - { - "Key": "Project", - "Value": "Secret" - }, - { - "Key": "Endpoint", - "Value": "true" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "Name", - "Value": "rds" - } - ] - } - }, - "group": { - "name": "vpc" - }, - "labels": [ - "Project:Secret", - "Endpoint:true", - "GithubRepo:terraform-aws-vpc", - "GithubOrg:terraform-aws-modules", - "Example:ex-vpc", - "Name:rds" - ], - "name": "vpce-053d3038fa6b7a292", - "type": "AwsEc2VpcEndpointService", - "uid": "arn:aws:ec2:eu-west-1:211203495394:vpc-endpoint/vpce-053d3038fa6b7a292" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "In multi Account environments identify untrusted links. Check trust chaining and dependencies between accounts.", - "references": [ - "https://docs.aws.amazon.com/vpc/latest/privatelink/vpc-endpoints-access.html" - ] - }, - "risk_details": "Account VPC could be linked to other accounts.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "VPC Endpoint vpce-0ec8e4bb67ba7aec9 in VPC vpc-007d791b9b857543e can be accessed from non-trusted accounts.", - "metadata": { - "event_code": "vpc_endpoint_connections_trust_boundaries", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "VPC Endpoint vpce-0ec8e4bb67ba7aec9 in VPC vpc-007d791b9b857543e can be accessed from non-trusted accounts.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "trustboundaries" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "COS-03.01B" - ], - "AWS-Foundational-Technical-Review": [ - "NETSEC-002" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.1", - "2.6.2", - "2.10.2" - ], - "CCC": [ - "CCC.LB.CN09.AR01", - "CCC.MLDE.CN08.AR01", - "CCC.Core.CN06.AR01", - "CCC.Core.CN06.AR02", - "CCC.Core.CN10.AR01", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP01" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "KISA-ISMS-P-2023": [ - "2.6.1", - "2.6.2", - "2.10.2" - ], - "CISA": [ - "your-systems-3" - ], - "NIS2": [ - "6.8.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Find trust boundaries in VPC endpoint connections.", - "title": "Find trust boundaries in VPC endpoint connections.", - "types": [ - "Infrastructure Security" - ], - "uid": "prowler-aws-vpc_endpoint_connections_trust_boundaries-211203495394-eu-west-1-vpce-0ec8e4bb67ba7aec9" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:ec2:eu-west-1:211203495394:vpc-endpoint/vpce-0ec8e4bb67ba7aec9", - "id": "vpce-0ec8e4bb67ba7aec9", - "vpc_id": "vpc-007d791b9b857543e", - "service_name": "com.amazonaws.eu-west-1.ecr.api", - "state": "available", - "subnet_ids": [ - "subnet-0916ac2a0e7ef95cf", - "subnet-094260cca8a477871", - "subnet-0065b4be93c6e8110" - ], - "policy_document": { - "Statement": [ - { - "Action": "*", - "Condition": { - "StringNotEquals": { - "aws:SourceVpc": "vpc-007d791b9b857543e" - } - }, - "Effect": "Deny", - "Principal": "*", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "owner_id": "211203495394", - "type": "Interface", - "region": "eu-west-1", - "tags": [ - { - "Key": "Project", - "Value": "Secret" - }, - { - "Key": "Endpoint", - "Value": "true" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "Name", - "Value": "ecr_api" - } - ] - } - }, - "group": { - "name": "vpc" - }, - "labels": [ - "Project:Secret", - "Endpoint:true", - "GithubRepo:terraform-aws-vpc", - "GithubOrg:terraform-aws-modules", - "Example:ex-vpc", - "Name:ecr_api" - ], - "name": "vpce-0ec8e4bb67ba7aec9", - "type": "AwsEc2VpcEndpointService", - "uid": "arn:aws:ec2:eu-west-1:211203495394:vpc-endpoint/vpce-0ec8e4bb67ba7aec9" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "In multi Account environments identify untrusted links. Check trust chaining and dependencies between accounts.", - "references": [ - "https://docs.aws.amazon.com/vpc/latest/privatelink/vpc-endpoints-access.html" - ] - }, - "risk_details": "Account VPC could be linked to other accounts.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "VPC Endpoint vpce-019297deb6a03293e in VPC vpc-007d791b9b857543e can be accessed from non-trusted accounts.", - "metadata": { - "event_code": "vpc_endpoint_connections_trust_boundaries", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "VPC Endpoint vpce-019297deb6a03293e in VPC vpc-007d791b9b857543e can be accessed from non-trusted accounts.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "trustboundaries" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "COS-03.01B" - ], - "AWS-Foundational-Technical-Review": [ - "NETSEC-002" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.1", - "2.6.2", - "2.10.2" - ], - "CCC": [ - "CCC.LB.CN09.AR01", - "CCC.MLDE.CN08.AR01", - "CCC.Core.CN06.AR01", - "CCC.Core.CN06.AR02", - "CCC.Core.CN10.AR01", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP01" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "KISA-ISMS-P-2023": [ - "2.6.1", - "2.6.2", - "2.10.2" - ], - "CISA": [ - "your-systems-3" - ], - "NIS2": [ - "6.8.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Find trust boundaries in VPC endpoint connections.", - "title": "Find trust boundaries in VPC endpoint connections.", - "types": [ - "Infrastructure Security" - ], - "uid": "prowler-aws-vpc_endpoint_connections_trust_boundaries-211203495394-eu-west-1-vpce-019297deb6a03293e" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:ec2:eu-west-1:211203495394:vpc-endpoint/vpce-019297deb6a03293e", - "id": "vpce-019297deb6a03293e", - "vpc_id": "vpc-007d791b9b857543e", - "service_name": "com.amazonaws.eu-west-1.s3", - "state": "available", - "subnet_ids": [], - "policy_document": { - "Statement": [ - { - "Action": "*", - "Effect": "Allow", - "Principal": "*", - "Resource": "*" - } - ] - }, - "owner_id": "211203495394", - "type": "Interface", - "region": "eu-west-1", - "tags": [ - { - "Key": "Project", - "Value": "Secret" - }, - { - "Key": "Endpoint", - "Value": "true" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "Name", - "Value": "s3-vpc-endpoint" - } - ] - } - }, - "group": { - "name": "vpc" - }, - "labels": [ - "Project:Secret", - "Endpoint:true", - "GithubRepo:terraform-aws-vpc", - "GithubOrg:terraform-aws-modules", - "Example:ex-vpc", - "Name:s3-vpc-endpoint" - ], - "name": "vpce-019297deb6a03293e", - "type": "AwsEc2VpcEndpointService", - "uid": "arn:aws:ec2:eu-west-1:211203495394:vpc-endpoint/vpce-019297deb6a03293e" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "In multi Account environments identify untrusted links. Check trust chaining and dependencies between accounts.", - "references": [ - "https://docs.aws.amazon.com/vpc/latest/privatelink/vpc-endpoints-access.html" - ] - }, - "risk_details": "Account VPC could be linked to other accounts.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "VPC vpc-007d791b9b857543e has no EC2 endpoint.", - "metadata": { - "event_code": "vpc_endpoint_for_ec2_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "VPC vpc-007d791b9b857543e has no EC2 endpoint.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/config/latest/developerguide/service-vpc-endpoint-enabled.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "KISA-ISMS-P-2023-korean": [ - "2.6.1", - "2.10.2" - ], - "PCI-4.0": [ - "1.2.8.18", - "1.2.8.38", - "1.3.1.21", - "1.3.1.42", - "1.3.2.21", - "1.3.2.42", - "1.4.1.5", - "1.4.2.19", - "1.4.2.40", - "1.4.4.5", - "1.5.1.18", - "1.5.1.38", - "A1.1.3.18", - "A1.1.3.38" - ], - "PCI-3.2.1": [ - "1.3", - "2.2", - "2.2.2" - ], - "CCC": [ - "CCC.LB.CN09.AR01", - "CCC.Core.CN05.AR05" - ], - "AWS-Foundational-Security-Best-Practices": [ - "EC2.10" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "KISA-ISMS-P-2023": [ - "2.6.1", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure that a service endpoint for Amazon EC2 is created for each VPC. The check fails if a VPC does not have a VPC endpoint created for the Amazon EC2 service.", - "title": "Amazon EC2 should be configured to use VPC endpoints that are created for the Amazon EC2 service.", - "types": [], - "uid": "prowler-aws-vpc_endpoint_for_ec2_enabled-211203495394-eu-west-1-vpc-007d791b9b857543e" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:ec2:eu-west-1:211203495394:vpc/vpc-007d791b9b857543e", - "id": "vpc-007d791b9b857543e", - "name": "ex-vpc", - "default": false, - "in_use": true, - "cidr_block": "10.0.0.0/16", - "flow_log": true, - "region": "eu-west-1", - "subnets": [ - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-0ed85e6f7a21ca120", - "id": "subnet-0ed85e6f7a21ca120", - "name": "ex-vpc-db-eu-west-1b", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.9.0/24", - "availability_zone": "eu-west-1b", - "public": false, - "in_use": false, - "nat_gateway": true, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Name", - "Value": "ex-vpc-db-eu-west-1b" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Example", - "Value": "ex-vpc" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-0dff6254fddd22140", - "id": "subnet-0dff6254fddd22140", - "name": "ex-vpc-intra-eu-west-1c", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.22.0/24", - "availability_zone": "eu-west-1c", - "public": false, - "in_use": false, - "nat_gateway": false, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "Name", - "Value": "ex-vpc-intra-eu-west-1c" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-003e93ce0ba0d219a", - "id": "subnet-003e93ce0ba0d219a", - "name": "Redshift Subnet Two", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.17.0/24", - "availability_zone": "eu-west-1b", - "public": false, - "in_use": false, - "nat_gateway": true, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Name", - "Value": "Redshift Subnet Two" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-0b96cff7e9a8bbcac", - "id": "subnet-0b96cff7e9a8bbcac", - "name": "Elasticache Subnet One", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.12.0/24", - "availability_zone": "eu-west-1a", - "public": false, - "in_use": false, - "nat_gateway": true, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "Name", - "Value": "Elasticache Subnet One" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-00526a0cd693d0679", - "id": "subnet-00526a0cd693d0679", - "name": "ex-vpc-public-eu-west-1c", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.6.0/24", - "availability_zone": "eu-west-1c", - "public": true, - "in_use": false, - "nat_gateway": false, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "Name", - "Value": "ex-vpc-public-eu-west-1c" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-03dfe7e9e94d1af9f", - "id": "subnet-03dfe7e9e94d1af9f", - "name": "DB Subnet One", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.8.0/24", - "availability_zone": "eu-west-1a", - "public": false, - "in_use": false, - "nat_gateway": true, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Name", - "Value": "DB Subnet One" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Example", - "Value": "ex-vpc" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-0916ac2a0e7ef95cf", - "id": "subnet-0916ac2a0e7ef95cf", - "name": "Private Subnet One", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.0.0/24", - "availability_zone": "eu-west-1a", - "public": false, - "in_use": true, - "nat_gateway": true, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "Name", - "Value": "Private Subnet One" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-094260cca8a477871", - "id": "subnet-094260cca8a477871", - "name": "Private Subnet Two", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.1.0/24", - "availability_zone": "eu-west-1b", - "public": false, - "in_use": true, - "nat_gateway": true, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Name", - "Value": "Private Subnet Two" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-092b870816e369a70", - "id": "subnet-092b870816e369a70", - "name": "ex-vpc-public-eu-west-1a", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.4.0/24", - "availability_zone": "eu-west-1a", - "public": true, - "in_use": true, - "nat_gateway": false, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "Name", - "Value": "ex-vpc-public-eu-west-1a" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-0503024220aeb7296", - "id": "subnet-0503024220aeb7296", - "name": "ex-vpc-elasticache-eu-west-1c", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.14.0/24", - "availability_zone": "eu-west-1c", - "public": false, - "in_use": false, - "nat_gateway": true, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "Name", - "Value": "ex-vpc-elasticache-eu-west-1c" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Example", - "Value": "ex-vpc" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-0065b4be93c6e8110", - "id": "subnet-0065b4be93c6e8110", - "name": "ex-vpc-private-eu-west-1c", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.2.0/24", - "availability_zone": "eu-west-1c", - "public": false, - "in_use": true, - "nat_gateway": true, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "Name", - "Value": "ex-vpc-private-eu-west-1c" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-049af33a5bc4a8bee", - "id": "subnet-049af33a5bc4a8bee", - "name": "ex-vpc-intra-eu-west-1b", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.21.0/24", - "availability_zone": "eu-west-1b", - "public": false, - "in_use": false, - "nat_gateway": false, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Name", - "Value": "ex-vpc-intra-eu-west-1b" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-050902d37d76ff633", - "id": "subnet-050902d37d76ff633", - "name": "ex-vpc-db-eu-west-1c", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.10.0/24", - "availability_zone": "eu-west-1c", - "public": false, - "in_use": false, - "nat_gateway": true, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "Name", - "Value": "ex-vpc-db-eu-west-1c" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-0951ea7ab41c5e46f", - "id": "subnet-0951ea7ab41c5e46f", - "name": "Elasticache Subnet Two", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.13.0/24", - "availability_zone": "eu-west-1b", - "public": false, - "in_use": false, - "nat_gateway": true, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "Name", - "Value": "Elasticache Subnet Two" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-08017c3b1071423b7", - "id": "subnet-08017c3b1071423b7", - "name": "Redshift Subnet One", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.16.0/24", - "availability_zone": "eu-west-1a", - "public": false, - "in_use": false, - "nat_gateway": true, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Name", - "Value": "Redshift Subnet One" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Example", - "Value": "ex-vpc" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-066aeeffb9d61ac77", - "id": "subnet-066aeeffb9d61ac77", - "name": "Redshift Subnet Three", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.18.0/24", - "availability_zone": "eu-west-1c", - "public": false, - "in_use": false, - "nat_gateway": true, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Name", - "Value": "Redshift Subnet Three" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-0f2535905905cd998", - "id": "subnet-0f2535905905cd998", - "name": "ex-vpc-intra-eu-west-1a", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.20.0/24", - "availability_zone": "eu-west-1a", - "public": false, - "in_use": false, - "nat_gateway": false, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "Name", - "Value": "ex-vpc-intra-eu-west-1a" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Example", - "Value": "ex-vpc" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-0ea254ffb94ba85e0", - "id": "subnet-0ea254ffb94ba85e0", - "name": "ex-vpc-public-eu-west-1b", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.5.0/24", - "availability_zone": "eu-west-1b", - "public": true, - "in_use": false, - "nat_gateway": false, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Name", - "Value": "ex-vpc-public-eu-west-1b" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - } - ] - } - ], - "tags": [ - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Name", - "Value": "ex-vpc" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Example", - "Value": "ex-vpc" - } - ] - } - }, - "group": { - "name": "vpc" - }, - "labels": [ - "GithubOrg:terraform-aws-modules", - "Name:ex-vpc", - "GithubRepo:terraform-aws-vpc", - "Example:ex-vpc" - ], - "name": "vpc-007d791b9b857543e", - "type": "AwsEc2VpcEndpointService", - "uid": "arn:aws:ec2:eu-west-1:211203495394:vpc/vpc-007d791b9b857543e" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "To improve the security posture of your VPC, configure Amazon EC2 to use an interface VPC endpoint powered by AWS PrivateLink.", - "references": [ - "https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/interface-vpc-endpoints.html" - ] - }, - "risk_details": "Without VPC endpoints, network traffic between your VPC and Amazon EC2 may traverse the public internet, increasing the risk of unintended access or data exposure.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "VPC Endpoint vpce-0d196d595014c6261 in VPC vpc-007d791b9b857543e has subnets in different AZs.", - "metadata": { - "event_code": "vpc_endpoint_multi_az_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "VPC Endpoint vpce-0d196d595014c6261 in VPC vpc-007d791b9b857543e has subnets in different AZs.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/vpc/latest/privatelink/interface-endpoints.html", - "categories": [ - "redundancy" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "KISA-ISMS-P-2023-korean": [ - "2.9.2" - ], - "ISO27001-2022": [ - "A.8.14", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "KISA-ISMS-P-2023": [ - "2.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure that all vpc interface endpoints have ENIs in multiple subnets. If a VPC endpoint has an ENI in only a single subnet then this check will fail. You cannot create VPC Endpoints in 2 different subnets in the same AZ. So, for the purpose of VPC endpoints, having multiple subnets implies multiple AZs.", - "title": "Amazon VPC Interface Endpoints should have ENIs in more than one subnet.", - "types": [], - "uid": "prowler-aws-vpc_endpoint_multi_az_enabled-211203495394-eu-west-1-vpce-0d196d595014c6261" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:ec2:eu-west-1:211203495394:vpc-endpoint/vpce-0d196d595014c6261", - "id": "vpce-0d196d595014c6261", - "vpc_id": "vpc-007d791b9b857543e", - "service_name": "com.amazonaws.eu-west-1.ecr.dkr", - "state": "available", - "subnet_ids": [ - "subnet-0916ac2a0e7ef95cf", - "subnet-094260cca8a477871", - "subnet-0065b4be93c6e8110" - ], - "policy_document": { - "Statement": [ - { - "Action": "*", - "Condition": { - "StringNotEquals": { - "aws:SourceVpc": "vpc-007d791b9b857543e" - } - }, - "Effect": "Deny", - "Principal": "*", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "owner_id": "211203495394", - "type": "Interface", - "region": "eu-west-1", - "tags": [ - { - "Key": "Project", - "Value": "Secret" - }, - { - "Key": "Endpoint", - "Value": "true" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "Name", - "Value": "ecr_dkr" - } - ] - } - }, - "group": { - "name": "vpc" - }, - "labels": [ - "Project:Secret", - "Endpoint:true", - "GithubRepo:terraform-aws-vpc", - "GithubOrg:terraform-aws-modules", - "Example:ex-vpc", - "Name:ecr_dkr" - ], - "name": "vpce-0d196d595014c6261", - "type": "AwsVpcEndpointService", - "uid": "arn:aws:ec2:eu-west-1:211203495394:vpc-endpoint/vpce-0d196d595014c6261" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "To improve the availability of your services residing in your VPC, configure multiple subnets for VPC Interface Endpoints.", - "references": [ - "https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/interface-vpc-endpoints.html" - ] - }, - "risk_details": "Without VPC endpoints ENIs in multiple subnets an AZ impacting event could lead to increased downtime or your network traffic between your VPC and Amazon services may traverse the public internet.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "VPC Endpoint vpce-048468dcce7076475 in VPC vpc-007d791b9b857543e has subnets in different AZs.", - "metadata": { - "event_code": "vpc_endpoint_multi_az_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "VPC Endpoint vpce-048468dcce7076475 in VPC vpc-007d791b9b857543e has subnets in different AZs.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/vpc/latest/privatelink/interface-endpoints.html", - "categories": [ - "redundancy" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "KISA-ISMS-P-2023-korean": [ - "2.9.2" - ], - "ISO27001-2022": [ - "A.8.14", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "KISA-ISMS-P-2023": [ - "2.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure that all vpc interface endpoints have ENIs in multiple subnets. If a VPC endpoint has an ENI in only a single subnet then this check will fail. You cannot create VPC Endpoints in 2 different subnets in the same AZ. So, for the purpose of VPC endpoints, having multiple subnets implies multiple AZs.", - "title": "Amazon VPC Interface Endpoints should have ENIs in more than one subnet.", - "types": [], - "uid": "prowler-aws-vpc_endpoint_multi_az_enabled-211203495394-eu-west-1-vpce-048468dcce7076475" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:ec2:eu-west-1:211203495394:vpc-endpoint/vpce-048468dcce7076475", - "id": "vpce-048468dcce7076475", - "vpc_id": "vpc-007d791b9b857543e", - "service_name": "com.amazonaws.eu-west-1.ecs", - "state": "available", - "subnet_ids": [ - "subnet-0916ac2a0e7ef95cf", - "subnet-094260cca8a477871", - "subnet-0065b4be93c6e8110" - ], - "policy_document": { - "Statement": [ - { - "Action": "*", - "Effect": "Allow", - "Principal": "*", - "Resource": "*" - } - ] - }, - "owner_id": "211203495394", - "type": "Interface", - "region": "eu-west-1", - "tags": [ - { - "Key": "Project", - "Value": "Secret" - }, - { - "Key": "Endpoint", - "Value": "true" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "Name", - "Value": "ecs" - } - ] - } - }, - "group": { - "name": "vpc" - }, - "labels": [ - "Project:Secret", - "Endpoint:true", - "GithubRepo:terraform-aws-vpc", - "GithubOrg:terraform-aws-modules", - "Example:ex-vpc", - "Name:ecs" - ], - "name": "vpce-048468dcce7076475", - "type": "AwsVpcEndpointService", - "uid": "arn:aws:ec2:eu-west-1:211203495394:vpc-endpoint/vpce-048468dcce7076475" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "To improve the availability of your services residing in your VPC, configure multiple subnets for VPC Interface Endpoints.", - "references": [ - "https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/interface-vpc-endpoints.html" - ] - }, - "risk_details": "Without VPC endpoints ENIs in multiple subnets an AZ impacting event could lead to increased downtime or your network traffic between your VPC and Amazon services may traverse the public internet.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "VPC Endpoint vpce-053d3038fa6b7a292 in VPC vpc-007d791b9b857543e has subnets in different AZs.", - "metadata": { - "event_code": "vpc_endpoint_multi_az_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "VPC Endpoint vpce-053d3038fa6b7a292 in VPC vpc-007d791b9b857543e has subnets in different AZs.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/vpc/latest/privatelink/interface-endpoints.html", - "categories": [ - "redundancy" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "KISA-ISMS-P-2023-korean": [ - "2.9.2" - ], - "ISO27001-2022": [ - "A.8.14", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "KISA-ISMS-P-2023": [ - "2.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure that all vpc interface endpoints have ENIs in multiple subnets. If a VPC endpoint has an ENI in only a single subnet then this check will fail. You cannot create VPC Endpoints in 2 different subnets in the same AZ. So, for the purpose of VPC endpoints, having multiple subnets implies multiple AZs.", - "title": "Amazon VPC Interface Endpoints should have ENIs in more than one subnet.", - "types": [], - "uid": "prowler-aws-vpc_endpoint_multi_az_enabled-211203495394-eu-west-1-vpce-053d3038fa6b7a292" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:ec2:eu-west-1:211203495394:vpc-endpoint/vpce-053d3038fa6b7a292", - "id": "vpce-053d3038fa6b7a292", - "vpc_id": "vpc-007d791b9b857543e", - "service_name": "com.amazonaws.eu-west-1.rds", - "state": "available", - "subnet_ids": [ - "subnet-0916ac2a0e7ef95cf", - "subnet-094260cca8a477871", - "subnet-0065b4be93c6e8110" - ], - "policy_document": { - "Statement": [ - { - "Action": "*", - "Effect": "Allow", - "Principal": "*", - "Resource": "*" - } - ] - }, - "owner_id": "211203495394", - "type": "Interface", - "region": "eu-west-1", - "tags": [ - { - "Key": "Project", - "Value": "Secret" - }, - { - "Key": "Endpoint", - "Value": "true" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "Name", - "Value": "rds" - } - ] - } - }, - "group": { - "name": "vpc" - }, - "labels": [ - "Project:Secret", - "Endpoint:true", - "GithubRepo:terraform-aws-vpc", - "GithubOrg:terraform-aws-modules", - "Example:ex-vpc", - "Name:rds" - ], - "name": "vpce-053d3038fa6b7a292", - "type": "AwsVpcEndpointService", - "uid": "arn:aws:ec2:eu-west-1:211203495394:vpc-endpoint/vpce-053d3038fa6b7a292" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "To improve the availability of your services residing in your VPC, configure multiple subnets for VPC Interface Endpoints.", - "references": [ - "https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/interface-vpc-endpoints.html" - ] - }, - "risk_details": "Without VPC endpoints ENIs in multiple subnets an AZ impacting event could lead to increased downtime or your network traffic between your VPC and Amazon services may traverse the public internet.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "VPC Endpoint vpce-0ec8e4bb67ba7aec9 in VPC vpc-007d791b9b857543e has subnets in different AZs.", - "metadata": { - "event_code": "vpc_endpoint_multi_az_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "VPC Endpoint vpce-0ec8e4bb67ba7aec9 in VPC vpc-007d791b9b857543e has subnets in different AZs.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/vpc/latest/privatelink/interface-endpoints.html", - "categories": [ - "redundancy" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "KISA-ISMS-P-2023-korean": [ - "2.9.2" - ], - "ISO27001-2022": [ - "A.8.14", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "KISA-ISMS-P-2023": [ - "2.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure that all vpc interface endpoints have ENIs in multiple subnets. If a VPC endpoint has an ENI in only a single subnet then this check will fail. You cannot create VPC Endpoints in 2 different subnets in the same AZ. So, for the purpose of VPC endpoints, having multiple subnets implies multiple AZs.", - "title": "Amazon VPC Interface Endpoints should have ENIs in more than one subnet.", - "types": [], - "uid": "prowler-aws-vpc_endpoint_multi_az_enabled-211203495394-eu-west-1-vpce-0ec8e4bb67ba7aec9" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:ec2:eu-west-1:211203495394:vpc-endpoint/vpce-0ec8e4bb67ba7aec9", - "id": "vpce-0ec8e4bb67ba7aec9", - "vpc_id": "vpc-007d791b9b857543e", - "service_name": "com.amazonaws.eu-west-1.ecr.api", - "state": "available", - "subnet_ids": [ - "subnet-0916ac2a0e7ef95cf", - "subnet-094260cca8a477871", - "subnet-0065b4be93c6e8110" - ], - "policy_document": { - "Statement": [ - { - "Action": "*", - "Condition": { - "StringNotEquals": { - "aws:SourceVpc": "vpc-007d791b9b857543e" - } - }, - "Effect": "Deny", - "Principal": "*", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "owner_id": "211203495394", - "type": "Interface", - "region": "eu-west-1", - "tags": [ - { - "Key": "Project", - "Value": "Secret" - }, - { - "Key": "Endpoint", - "Value": "true" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "Name", - "Value": "ecr_api" - } - ] - } - }, - "group": { - "name": "vpc" - }, - "labels": [ - "Project:Secret", - "Endpoint:true", - "GithubRepo:terraform-aws-vpc", - "GithubOrg:terraform-aws-modules", - "Example:ex-vpc", - "Name:ecr_api" - ], - "name": "vpce-0ec8e4bb67ba7aec9", - "type": "AwsVpcEndpointService", - "uid": "arn:aws:ec2:eu-west-1:211203495394:vpc-endpoint/vpce-0ec8e4bb67ba7aec9" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "To improve the availability of your services residing in your VPC, configure multiple subnets for VPC Interface Endpoints.", - "references": [ - "https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/interface-vpc-endpoints.html" - ] - }, - "risk_details": "Without VPC endpoints ENIs in multiple subnets an AZ impacting event could lead to increased downtime or your network traffic between your VPC and Amazon services may traverse the public internet.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "VPC Endpoint vpce-019297deb6a03293e in VPC vpc-007d791b9b857543e does not have subnets in different AZs.", - "metadata": { - "event_code": "vpc_endpoint_multi_az_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "VPC Endpoint vpce-019297deb6a03293e in VPC vpc-007d791b9b857543e does not have subnets in different AZs.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/vpc/latest/privatelink/interface-endpoints.html", - "categories": [ - "redundancy" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "KISA-ISMS-P-2023-korean": [ - "2.9.2" - ], - "ISO27001-2022": [ - "A.8.14", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "KISA-ISMS-P-2023": [ - "2.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure that all vpc interface endpoints have ENIs in multiple subnets. If a VPC endpoint has an ENI in only a single subnet then this check will fail. You cannot create VPC Endpoints in 2 different subnets in the same AZ. So, for the purpose of VPC endpoints, having multiple subnets implies multiple AZs.", - "title": "Amazon VPC Interface Endpoints should have ENIs in more than one subnet.", - "types": [], - "uid": "prowler-aws-vpc_endpoint_multi_az_enabled-211203495394-eu-west-1-vpce-019297deb6a03293e" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:ec2:eu-west-1:211203495394:vpc-endpoint/vpce-019297deb6a03293e", - "id": "vpce-019297deb6a03293e", - "vpc_id": "vpc-007d791b9b857543e", - "service_name": "com.amazonaws.eu-west-1.s3", - "state": "available", - "subnet_ids": [], - "policy_document": { - "Statement": [ - { - "Action": "*", - "Effect": "Allow", - "Principal": "*", - "Resource": "*" - } - ] - }, - "owner_id": "211203495394", - "type": "Interface", - "region": "eu-west-1", - "tags": [ - { - "Key": "Project", - "Value": "Secret" - }, - { - "Key": "Endpoint", - "Value": "true" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "Name", - "Value": "s3-vpc-endpoint" - } - ] - } - }, - "group": { - "name": "vpc" - }, - "labels": [ - "Project:Secret", - "Endpoint:true", - "GithubRepo:terraform-aws-vpc", - "GithubOrg:terraform-aws-modules", - "Example:ex-vpc", - "Name:s3-vpc-endpoint" - ], - "name": "vpce-019297deb6a03293e", - "type": "AwsVpcEndpointService", - "uid": "arn:aws:ec2:eu-west-1:211203495394:vpc-endpoint/vpce-019297deb6a03293e" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "To improve the availability of your services residing in your VPC, configure multiple subnets for VPC Interface Endpoints.", - "references": [ - "https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/interface-vpc-endpoints.html" - ] - }, - "risk_details": "Without VPC endpoints ENIs in multiple subnets an AZ impacting event could lead to increased downtime or your network traffic between your VPC and Amazon services may traverse the public internet.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "VPC Endpoint Service vpce-svc-02e288a4c6043110f has no allowed principals.", - "metadata": { - "event_code": "vpc_endpoint_services_allowed_principals_trust_boundaries", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "VPC Endpoint Service vpce-svc-02e288a4c6043110f has no allowed principals.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "trustboundaries" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "AWS-Foundational-Technical-Review": [ - "NETSEC-002" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.10.2" - ], - "CCC": [ - "CCC.LB.CN09.AR01", - "CCC.Core.CN06.AR01", - "CCC.Core.CN06.AR02", - "CCC.Core.CN10.AR01", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP01" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.10.2" - ], - "NIS2": [ - "6.8.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Find trust boundaries in VPC endpoint services allowlisted principles.", - "title": "Find trust boundaries in VPC endpoint services allowlisted principles.", - "types": [ - "Infrastructure Security" - ], - "uid": "prowler-aws-vpc_endpoint_services_allowed_principals_trust_boundaries-211203495394-us-east-1-vpce-svc-02e288a4c6043110f" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:ec2:us-east-1:211203495394:vpc-endpoint-service/vpce-svc-02e288a4c6043110f", - "id": "vpce-svc-02e288a4c6043110f", - "service": "io.spotinst.vpce.us-east-1.privatelink-api", - "owner_id": "aws-marketplace", - "allowed_principals": [], - "region": "us-east-1", - "tags": [] - } - }, - "group": { - "name": "vpc" - }, - "labels": [], - "name": "vpce-svc-02e288a4c6043110f", - "type": "AwsEc2VpcEndpointService", - "uid": "arn:aws:ec2:us-east-1:211203495394:vpc-endpoint-service/vpce-svc-02e288a4c6043110f" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "In multi Account environments identify untrusted links. Check trust chaining and dependencies between accounts.", - "references": [ - "https://docs.aws.amazon.com/vpc/latest/privatelink/vpc-endpoints-access.html" - ] - }, - "risk_details": "Account VPC could be linked to other accounts.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "VPC Endpoint Service vpce-svc-028691921eaeee579 has no allowed principals.", - "metadata": { - "event_code": "vpc_endpoint_services_allowed_principals_trust_boundaries", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "VPC Endpoint Service vpce-svc-028691921eaeee579 has no allowed principals.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "trustboundaries" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "AWS-Foundational-Technical-Review": [ - "NETSEC-002" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.10.2" - ], - "CCC": [ - "CCC.LB.CN09.AR01", - "CCC.Core.CN06.AR01", - "CCC.Core.CN06.AR02", - "CCC.Core.CN10.AR01", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP01" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.10.2" - ], - "NIS2": [ - "6.8.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Find trust boundaries in VPC endpoint services allowlisted principles.", - "title": "Find trust boundaries in VPC endpoint services allowlisted principles.", - "types": [ - "Infrastructure Security" - ], - "uid": "prowler-aws-vpc_endpoint_services_allowed_principals_trust_boundaries-211203495394-us-west-2-vpce-svc-028691921eaeee579" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-west-2", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:ec2:us-west-2:211203495394:vpc-endpoint-service/vpce-svc-028691921eaeee579", - "id": "vpce-svc-028691921eaeee579", - "service": "io.spotinst.vpce.us-west-2.privatelink-api", - "owner_id": "aws-marketplace", - "allowed_principals": [], - "region": "us-west-2", - "tags": [] - } - }, - "group": { - "name": "vpc" - }, - "labels": [], - "name": "vpce-svc-028691921eaeee579", - "type": "AwsEc2VpcEndpointService", - "uid": "arn:aws:ec2:us-west-2:211203495394:vpc-endpoint-service/vpce-svc-028691921eaeee579" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-west-2" - }, - "remediation": { - "desc": "In multi Account environments identify untrusted links. Check trust chaining and dependencies between accounts.", - "references": [ - "https://docs.aws.amazon.com/vpc/latest/privatelink/vpc-endpoints-access.html" - ] - }, - "risk_details": "Account VPC could be linked to other accounts.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "VPC ex-vpc Flow logs are enabled.", - "metadata": { - "event_code": "vpc_flow_logs_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "VPC ex-vpc Flow logs are enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "forensics-ready", - "logging" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_3_1", - "3_3_3", - "3_6_1", - "3_6_2", - "3_13_1", - "3_14_6", - "3_14_7" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_4" - ], - "HIPAA": [ - "164_308_a_1_ii_d", - "164_308_a_3_ii_a", - "164_308_a_6_ii", - "164_312_b", - "164_312_c_2" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3" - ], - "C5-2025": [ - "AM-01.01AC", - "OPS-11.02AC", - "OPS-26.05B", - "OPS-26.01AS" - ], - "NIST-CSF-1.1": [ - "ae_1", - "ae_3", - "cm_1", - "cm_7", - "am_3", - "ds_5", - "pt_1" - ], - "FedRamp-Moderate-Revision-4": [ - "au-2-a-d", - "au-3", - "au-6-1-3", - "au-12-a-c" - ], - "CIS-3.0": [ - "3.7" - ], - "NIST-800-53-Revision-5": [ - "ac_4_26", - "au_2_b", - "au_3_a", - "au_3_b", - "au_3_c", - "au_3_d", - "au_3_e", - "au_6_3", - "au_6_4", - "au_6_6", - "au_6_9", - "au_8_b", - "au_12_a", - "au_12_c", - "au_12_1", - "au_12_2", - "au_12_3", - "au_12_4", - "au_14_a", - "au_14_b", - "au_14_3", - "ca_7_b", - "cm_5_1_b", - "cm_6_a", - "cm_9_b", - "ia_3_3_b", - "ma_4_1_a", - "pm_14_a_1", - "pm_14_b", - "pm_31", - "si_4_17", - "si_7_8" - ], - "ENS-RD2022": [ - "op.mon.1.aws.flow.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.2" - ], - "CIS-4.0.1": [ - "3.7" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.29", - "10.2.1.3.29", - "10.2.1.4.29", - "10.2.1.5.29", - "10.2.1.6.29", - "10.2.1.7.29", - "10.2.1.29", - "10.2.2.29", - "10.3.1.29", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.34" - ], - "FedRAMP-Low-Revision-4": [ - "au-2" - ], - "FFIEC": [ - "d2-ma-ma-b-1", - "d2-ma-ma-b-2", - "d3-dc-an-b-3", - "d3-dc-an-b-4", - "d3-dc-ev-b-1", - "d3-dc-ev-b-3", - "d3-pc-im-b-3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "4.1", - "4.1.e", - "4.1.f", - "10.1" - ], - "CIS-5.0": [ - "3.7" - ], - "CIS-1.4": [ - "3.9" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN01.AR02", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.MLDE.CN08.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR02", - "CCC.Core.CN04.AR03" - ], - "GxP-21-CFR-Part-11": [ - "11.10-e" - ], - "ProwlerThreatScore-1.0": [ - "3.1.4" - ], - "AWS-Foundational-Security-Best-Practices": [ - "EC2.6" - ], - "CIS-1.5": [ - "3.9" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP01", - "SEC04-BP02", - "SEC04-BP03", - "SEC05-BP04", - "SEC09-BP04" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22", - "A.8.23" - ], - "NIST-800-53-Revision-4": [ - "au_2", - "au_3", - "au_12" - ], - "AWS-Account-Security-Onboarding": [ - "Send VPC Flow Logs (only DENYs) to S3 bucket" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.2" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "CIS-2.0": [ - "3.9" - ], - "CISA": [ - "your-surroundings-1", - "your-data-2" - ], - "NIS2": [ - "3.2.3.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure VPC Flow Logging is Enabled in all VPCs.", - "title": "Ensure VPC Flow Logging is Enabled in all VPCs.", - "types": [ - "Logging and Monitoring" - ], - "uid": "prowler-aws-vpc_flow_logs_enabled-211203495394-eu-west-1-vpc-007d791b9b857543e" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:ec2:eu-west-1:211203495394:vpc/vpc-007d791b9b857543e", - "id": "vpc-007d791b9b857543e", - "name": "ex-vpc", - "default": false, - "in_use": true, - "cidr_block": "10.0.0.0/16", - "flow_log": true, - "region": "eu-west-1", - "subnets": [ - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-0ed85e6f7a21ca120", - "id": "subnet-0ed85e6f7a21ca120", - "name": "ex-vpc-db-eu-west-1b", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.9.0/24", - "availability_zone": "eu-west-1b", - "public": false, - "in_use": false, - "nat_gateway": true, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Name", - "Value": "ex-vpc-db-eu-west-1b" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Example", - "Value": "ex-vpc" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-0dff6254fddd22140", - "id": "subnet-0dff6254fddd22140", - "name": "ex-vpc-intra-eu-west-1c", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.22.0/24", - "availability_zone": "eu-west-1c", - "public": false, - "in_use": false, - "nat_gateway": false, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "Name", - "Value": "ex-vpc-intra-eu-west-1c" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-003e93ce0ba0d219a", - "id": "subnet-003e93ce0ba0d219a", - "name": "Redshift Subnet Two", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.17.0/24", - "availability_zone": "eu-west-1b", - "public": false, - "in_use": false, - "nat_gateway": true, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Name", - "Value": "Redshift Subnet Two" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-0b96cff7e9a8bbcac", - "id": "subnet-0b96cff7e9a8bbcac", - "name": "Elasticache Subnet One", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.12.0/24", - "availability_zone": "eu-west-1a", - "public": false, - "in_use": false, - "nat_gateway": true, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "Name", - "Value": "Elasticache Subnet One" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-00526a0cd693d0679", - "id": "subnet-00526a0cd693d0679", - "name": "ex-vpc-public-eu-west-1c", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.6.0/24", - "availability_zone": "eu-west-1c", - "public": true, - "in_use": false, - "nat_gateway": false, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "Name", - "Value": "ex-vpc-public-eu-west-1c" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-03dfe7e9e94d1af9f", - "id": "subnet-03dfe7e9e94d1af9f", - "name": "DB Subnet One", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.8.0/24", - "availability_zone": "eu-west-1a", - "public": false, - "in_use": false, - "nat_gateway": true, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Name", - "Value": "DB Subnet One" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Example", - "Value": "ex-vpc" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-0916ac2a0e7ef95cf", - "id": "subnet-0916ac2a0e7ef95cf", - "name": "Private Subnet One", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.0.0/24", - "availability_zone": "eu-west-1a", - "public": false, - "in_use": true, - "nat_gateway": true, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "Name", - "Value": "Private Subnet One" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-094260cca8a477871", - "id": "subnet-094260cca8a477871", - "name": "Private Subnet Two", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.1.0/24", - "availability_zone": "eu-west-1b", - "public": false, - "in_use": true, - "nat_gateway": true, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Name", - "Value": "Private Subnet Two" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-092b870816e369a70", - "id": "subnet-092b870816e369a70", - "name": "ex-vpc-public-eu-west-1a", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.4.0/24", - "availability_zone": "eu-west-1a", - "public": true, - "in_use": true, - "nat_gateway": false, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "Name", - "Value": "ex-vpc-public-eu-west-1a" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-0503024220aeb7296", - "id": "subnet-0503024220aeb7296", - "name": "ex-vpc-elasticache-eu-west-1c", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.14.0/24", - "availability_zone": "eu-west-1c", - "public": false, - "in_use": false, - "nat_gateway": true, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "Name", - "Value": "ex-vpc-elasticache-eu-west-1c" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Example", - "Value": "ex-vpc" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-0065b4be93c6e8110", - "id": "subnet-0065b4be93c6e8110", - "name": "ex-vpc-private-eu-west-1c", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.2.0/24", - "availability_zone": "eu-west-1c", - "public": false, - "in_use": true, - "nat_gateway": true, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "Name", - "Value": "ex-vpc-private-eu-west-1c" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-049af33a5bc4a8bee", - "id": "subnet-049af33a5bc4a8bee", - "name": "ex-vpc-intra-eu-west-1b", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.21.0/24", - "availability_zone": "eu-west-1b", - "public": false, - "in_use": false, - "nat_gateway": false, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Name", - "Value": "ex-vpc-intra-eu-west-1b" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-050902d37d76ff633", - "id": "subnet-050902d37d76ff633", - "name": "ex-vpc-db-eu-west-1c", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.10.0/24", - "availability_zone": "eu-west-1c", - "public": false, - "in_use": false, - "nat_gateway": true, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "Name", - "Value": "ex-vpc-db-eu-west-1c" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-0951ea7ab41c5e46f", - "id": "subnet-0951ea7ab41c5e46f", - "name": "Elasticache Subnet Two", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.13.0/24", - "availability_zone": "eu-west-1b", - "public": false, - "in_use": false, - "nat_gateway": true, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "Name", - "Value": "Elasticache Subnet Two" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-08017c3b1071423b7", - "id": "subnet-08017c3b1071423b7", - "name": "Redshift Subnet One", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.16.0/24", - "availability_zone": "eu-west-1a", - "public": false, - "in_use": false, - "nat_gateway": true, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Name", - "Value": "Redshift Subnet One" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Example", - "Value": "ex-vpc" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-066aeeffb9d61ac77", - "id": "subnet-066aeeffb9d61ac77", - "name": "Redshift Subnet Three", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.18.0/24", - "availability_zone": "eu-west-1c", - "public": false, - "in_use": false, - "nat_gateway": true, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Name", - "Value": "Redshift Subnet Three" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-0f2535905905cd998", - "id": "subnet-0f2535905905cd998", - "name": "ex-vpc-intra-eu-west-1a", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.20.0/24", - "availability_zone": "eu-west-1a", - "public": false, - "in_use": false, - "nat_gateway": false, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "Name", - "Value": "ex-vpc-intra-eu-west-1a" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Example", - "Value": "ex-vpc" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-0ea254ffb94ba85e0", - "id": "subnet-0ea254ffb94ba85e0", - "name": "ex-vpc-public-eu-west-1b", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.5.0/24", - "availability_zone": "eu-west-1b", - "public": true, - "in_use": false, - "nat_gateway": false, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Name", - "Value": "ex-vpc-public-eu-west-1b" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - } - ] - } - ], - "tags": [ - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Name", - "Value": "ex-vpc" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Example", - "Value": "ex-vpc" - } - ] - } - }, - "group": { - "name": "vpc" - }, - "labels": [ - "GithubOrg:terraform-aws-modules", - "Name:ex-vpc", - "GithubRepo:terraform-aws-vpc", - "Example:ex-vpc" - ], - "name": "vpc-007d791b9b857543e", - "type": "AwsEc2Vpc", - "uid": "arn:aws:ec2:eu-west-1:211203495394:vpc/vpc-007d791b9b857543e" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "It is recommended that VPC Flow Logs be enabled for packet Rejects for VPCs.", - "references": [ - "http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/flow-logs.html" - ] - }, - "risk_details": "VPC Flow Logs provide visibility into network traffic that traverses the VPC and can be used to detect anomalous traffic or insight during security workflows.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "VPC ex-vpc has subnets in more than one availability zone.", - "metadata": { - "event_code": "vpc_subnet_different_az", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "VPC ex-vpc has subnets in more than one availability zone.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/vpc/latest/userguide/configure-subnets.html", - "categories": [ - "redundancy" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "PS-02.01B", - "PS-02.02AS" - ], - "ENS-RD2022": [ - "mp.com.4.r3.aws.vpc.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.2" - ], - "CCC": [ - "CCC.MLDE.CN08.AR01" - ], - "ISO27001-2022": [ - "A.8.14", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "KISA-ISMS-P-2023": [ - "2.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure all VPC has subnets in more than one availability zone", - "title": "Ensure all VPC has subnets in more than one availability zone", - "types": [ - "Infrastructure Security" - ], - "uid": "prowler-aws-vpc_subnet_different_az-211203495394-eu-west-1-vpc-007d791b9b857543e" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:ec2:eu-west-1:211203495394:vpc/vpc-007d791b9b857543e", - "id": "vpc-007d791b9b857543e", - "name": "ex-vpc", - "default": false, - "in_use": true, - "cidr_block": "10.0.0.0/16", - "flow_log": true, - "region": "eu-west-1", - "subnets": [ - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-0ed85e6f7a21ca120", - "id": "subnet-0ed85e6f7a21ca120", - "name": "ex-vpc-db-eu-west-1b", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.9.0/24", - "availability_zone": "eu-west-1b", - "public": false, - "in_use": false, - "nat_gateway": true, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Name", - "Value": "ex-vpc-db-eu-west-1b" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Example", - "Value": "ex-vpc" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-0dff6254fddd22140", - "id": "subnet-0dff6254fddd22140", - "name": "ex-vpc-intra-eu-west-1c", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.22.0/24", - "availability_zone": "eu-west-1c", - "public": false, - "in_use": false, - "nat_gateway": false, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "Name", - "Value": "ex-vpc-intra-eu-west-1c" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-003e93ce0ba0d219a", - "id": "subnet-003e93ce0ba0d219a", - "name": "Redshift Subnet Two", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.17.0/24", - "availability_zone": "eu-west-1b", - "public": false, - "in_use": false, - "nat_gateway": true, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Name", - "Value": "Redshift Subnet Two" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-0b96cff7e9a8bbcac", - "id": "subnet-0b96cff7e9a8bbcac", - "name": "Elasticache Subnet One", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.12.0/24", - "availability_zone": "eu-west-1a", - "public": false, - "in_use": false, - "nat_gateway": true, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "Name", - "Value": "Elasticache Subnet One" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-00526a0cd693d0679", - "id": "subnet-00526a0cd693d0679", - "name": "ex-vpc-public-eu-west-1c", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.6.0/24", - "availability_zone": "eu-west-1c", - "public": true, - "in_use": false, - "nat_gateway": false, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "Name", - "Value": "ex-vpc-public-eu-west-1c" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-03dfe7e9e94d1af9f", - "id": "subnet-03dfe7e9e94d1af9f", - "name": "DB Subnet One", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.8.0/24", - "availability_zone": "eu-west-1a", - "public": false, - "in_use": false, - "nat_gateway": true, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Name", - "Value": "DB Subnet One" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Example", - "Value": "ex-vpc" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-0916ac2a0e7ef95cf", - "id": "subnet-0916ac2a0e7ef95cf", - "name": "Private Subnet One", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.0.0/24", - "availability_zone": "eu-west-1a", - "public": false, - "in_use": true, - "nat_gateway": true, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "Name", - "Value": "Private Subnet One" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-094260cca8a477871", - "id": "subnet-094260cca8a477871", - "name": "Private Subnet Two", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.1.0/24", - "availability_zone": "eu-west-1b", - "public": false, - "in_use": true, - "nat_gateway": true, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Name", - "Value": "Private Subnet Two" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-092b870816e369a70", - "id": "subnet-092b870816e369a70", - "name": "ex-vpc-public-eu-west-1a", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.4.0/24", - "availability_zone": "eu-west-1a", - "public": true, - "in_use": true, - "nat_gateway": false, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "Name", - "Value": "ex-vpc-public-eu-west-1a" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-0503024220aeb7296", - "id": "subnet-0503024220aeb7296", - "name": "ex-vpc-elasticache-eu-west-1c", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.14.0/24", - "availability_zone": "eu-west-1c", - "public": false, - "in_use": false, - "nat_gateway": true, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "Name", - "Value": "ex-vpc-elasticache-eu-west-1c" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Example", - "Value": "ex-vpc" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-0065b4be93c6e8110", - "id": "subnet-0065b4be93c6e8110", - "name": "ex-vpc-private-eu-west-1c", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.2.0/24", - "availability_zone": "eu-west-1c", - "public": false, - "in_use": true, - "nat_gateway": true, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "Name", - "Value": "ex-vpc-private-eu-west-1c" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-049af33a5bc4a8bee", - "id": "subnet-049af33a5bc4a8bee", - "name": "ex-vpc-intra-eu-west-1b", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.21.0/24", - "availability_zone": "eu-west-1b", - "public": false, - "in_use": false, - "nat_gateway": false, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Name", - "Value": "ex-vpc-intra-eu-west-1b" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-050902d37d76ff633", - "id": "subnet-050902d37d76ff633", - "name": "ex-vpc-db-eu-west-1c", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.10.0/24", - "availability_zone": "eu-west-1c", - "public": false, - "in_use": false, - "nat_gateway": true, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "Name", - "Value": "ex-vpc-db-eu-west-1c" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-0951ea7ab41c5e46f", - "id": "subnet-0951ea7ab41c5e46f", - "name": "Elasticache Subnet Two", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.13.0/24", - "availability_zone": "eu-west-1b", - "public": false, - "in_use": false, - "nat_gateway": true, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "Name", - "Value": "Elasticache Subnet Two" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-08017c3b1071423b7", - "id": "subnet-08017c3b1071423b7", - "name": "Redshift Subnet One", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.16.0/24", - "availability_zone": "eu-west-1a", - "public": false, - "in_use": false, - "nat_gateway": true, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Name", - "Value": "Redshift Subnet One" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Example", - "Value": "ex-vpc" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-066aeeffb9d61ac77", - "id": "subnet-066aeeffb9d61ac77", - "name": "Redshift Subnet Three", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.18.0/24", - "availability_zone": "eu-west-1c", - "public": false, - "in_use": false, - "nat_gateway": true, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Name", - "Value": "Redshift Subnet Three" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-0f2535905905cd998", - "id": "subnet-0f2535905905cd998", - "name": "ex-vpc-intra-eu-west-1a", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.20.0/24", - "availability_zone": "eu-west-1a", - "public": false, - "in_use": false, - "nat_gateway": false, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "Name", - "Value": "ex-vpc-intra-eu-west-1a" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Example", - "Value": "ex-vpc" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-0ea254ffb94ba85e0", - "id": "subnet-0ea254ffb94ba85e0", - "name": "ex-vpc-public-eu-west-1b", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.5.0/24", - "availability_zone": "eu-west-1b", - "public": true, - "in_use": false, - "nat_gateway": false, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Name", - "Value": "ex-vpc-public-eu-west-1b" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - } - ] - } - ], - "tags": [ - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Name", - "Value": "ex-vpc" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Example", - "Value": "ex-vpc" - } - ] - } - }, - "group": { - "name": "vpc" - }, - "labels": [ - "GithubOrg:terraform-aws-modules", - "Name:ex-vpc", - "GithubRepo:terraform-aws-vpc", - "Example:ex-vpc" - ], - "name": "vpc-007d791b9b857543e", - "type": "AwsEc2Vpc", - "uid": "arn:aws:ec2:eu-west-1:211203495394:vpc/vpc-007d791b9b857543e" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Ensure all VPC has subnets in more than one availability zone", - "references": [ - "https://docs.aws.amazon.com/vpc/latest/userguide/configure-subnets.html" - ] - }, - "risk_details": "", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "VPC subnet Private Subnet One does NOT assign public IP by default.", - "metadata": { - "event_code": "vpc_subnet_no_public_ip_by_default", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "VPC subnet Private Subnet One does NOT assign public IP by default.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/config/latest/developerguide/subnet-auto-assign-public-ip-disabled.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "RBI-Cyber-Security-Framework": [ - "annex_i_1_3" - ], - "SOC2": [ - "cc_6_6" - ], - "C5-2025": [ - "PS-03.02B" - ], - "AWS-Foundational-Technical-Review": [ - "NETSEC-002" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.1", - "2.10.2" - ], - "CCC": [ - "CCC.MLDE.CN08.AR01" - ], - "AWS-Foundational-Security-Best-Practices": [ - "EC2.15" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "KISA-ISMS-P-2023": [ - "2.6.1", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure VPC subnets do not assign public IP by default", - "title": "Ensure VPC subnets do not assign public IP by default", - "types": [ - "Infrastructure Security" - ], - "uid": "prowler-aws-vpc_subnet_no_public_ip_by_default-211203495394-eu-west-1-subnet-0916ac2a0e7ef95cf" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-0916ac2a0e7ef95cf", - "id": "subnet-0916ac2a0e7ef95cf", - "name": "Private Subnet One", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.0.0/24", - "availability_zone": "eu-west-1a", - "public": false, - "in_use": true, - "nat_gateway": true, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "Name", - "Value": "Private Subnet One" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - } - ] - } - }, - "group": { - "name": "vpc" - }, - "labels": [ - "Name:Private Subnet One", - "Example:ex-vpc", - "GithubRepo:terraform-aws-vpc", - "GithubOrg:terraform-aws-modules" - ], - "name": "subnet-0916ac2a0e7ef95cf", - "type": "AwsEc2Subnet", - "uid": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-0916ac2a0e7ef95cf" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "VPC subnets should not allow automatic public IP assignment", - "references": [ - "https://docs.aws.amazon.com/config/latest/developerguide/subnet-auto-assign-public-ip-disabled.html" - ] - }, - "risk_details": "VPC subnet is a part of the VPC having its own rules for traffic. Assigning the Public IP to the subnet automatically (on launch) can accidentally expose the instances within this subnet to internet and should be edited to 'No' post creation of the Subnet.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "VPC subnet Private Subnet Two does NOT assign public IP by default.", - "metadata": { - "event_code": "vpc_subnet_no_public_ip_by_default", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "VPC subnet Private Subnet Two does NOT assign public IP by default.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/config/latest/developerguide/subnet-auto-assign-public-ip-disabled.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "RBI-Cyber-Security-Framework": [ - "annex_i_1_3" - ], - "SOC2": [ - "cc_6_6" - ], - "C5-2025": [ - "PS-03.02B" - ], - "AWS-Foundational-Technical-Review": [ - "NETSEC-002" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.1", - "2.10.2" - ], - "CCC": [ - "CCC.MLDE.CN08.AR01" - ], - "AWS-Foundational-Security-Best-Practices": [ - "EC2.15" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "KISA-ISMS-P-2023": [ - "2.6.1", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure VPC subnets do not assign public IP by default", - "title": "Ensure VPC subnets do not assign public IP by default", - "types": [ - "Infrastructure Security" - ], - "uid": "prowler-aws-vpc_subnet_no_public_ip_by_default-211203495394-eu-west-1-subnet-094260cca8a477871" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-094260cca8a477871", - "id": "subnet-094260cca8a477871", - "name": "Private Subnet Two", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.1.0/24", - "availability_zone": "eu-west-1b", - "public": false, - "in_use": true, - "nat_gateway": true, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Name", - "Value": "Private Subnet Two" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - } - ] - } - }, - "group": { - "name": "vpc" - }, - "labels": [ - "GithubOrg:terraform-aws-modules", - "Name:Private Subnet Two", - "Example:ex-vpc", - "GithubRepo:terraform-aws-vpc" - ], - "name": "subnet-094260cca8a477871", - "type": "AwsEc2Subnet", - "uid": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-094260cca8a477871" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "VPC subnets should not allow automatic public IP assignment", - "references": [ - "https://docs.aws.amazon.com/config/latest/developerguide/subnet-auto-assign-public-ip-disabled.html" - ] - }, - "risk_details": "VPC subnet is a part of the VPC having its own rules for traffic. Assigning the Public IP to the subnet automatically (on launch) can accidentally expose the instances within this subnet to internet and should be edited to 'No' post creation of the Subnet.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "VPC subnet ex-vpc-public-eu-west-1a does NOT assign public IP by default.", - "metadata": { - "event_code": "vpc_subnet_no_public_ip_by_default", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "VPC subnet ex-vpc-public-eu-west-1a does NOT assign public IP by default.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/config/latest/developerguide/subnet-auto-assign-public-ip-disabled.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "RBI-Cyber-Security-Framework": [ - "annex_i_1_3" - ], - "SOC2": [ - "cc_6_6" - ], - "C5-2025": [ - "PS-03.02B" - ], - "AWS-Foundational-Technical-Review": [ - "NETSEC-002" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.1", - "2.10.2" - ], - "CCC": [ - "CCC.MLDE.CN08.AR01" - ], - "AWS-Foundational-Security-Best-Practices": [ - "EC2.15" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "KISA-ISMS-P-2023": [ - "2.6.1", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure VPC subnets do not assign public IP by default", - "title": "Ensure VPC subnets do not assign public IP by default", - "types": [ - "Infrastructure Security" - ], - "uid": "prowler-aws-vpc_subnet_no_public_ip_by_default-211203495394-eu-west-1-subnet-092b870816e369a70" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-092b870816e369a70", - "id": "subnet-092b870816e369a70", - "name": "ex-vpc-public-eu-west-1a", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.4.0/24", - "availability_zone": "eu-west-1a", - "public": true, - "in_use": true, - "nat_gateway": false, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "Name", - "Value": "ex-vpc-public-eu-west-1a" - } - ] - } - }, - "group": { - "name": "vpc" - }, - "labels": [ - "GithubOrg:terraform-aws-modules", - "GithubRepo:terraform-aws-vpc", - "Example:ex-vpc", - "Name:ex-vpc-public-eu-west-1a" - ], - "name": "subnet-092b870816e369a70", - "type": "AwsEc2Subnet", - "uid": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-092b870816e369a70" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "VPC subnets should not allow automatic public IP assignment", - "references": [ - "https://docs.aws.amazon.com/config/latest/developerguide/subnet-auto-assign-public-ip-disabled.html" - ] - }, - "risk_details": "VPC subnet is a part of the VPC having its own rules for traffic. Assigning the Public IP to the subnet automatically (on launch) can accidentally expose the instances within this subnet to internet and should be edited to 'No' post creation of the Subnet.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "VPC subnet ex-vpc-private-eu-west-1c does NOT assign public IP by default.", - "metadata": { - "event_code": "vpc_subnet_no_public_ip_by_default", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "VPC subnet ex-vpc-private-eu-west-1c does NOT assign public IP by default.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/config/latest/developerguide/subnet-auto-assign-public-ip-disabled.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "RBI-Cyber-Security-Framework": [ - "annex_i_1_3" - ], - "SOC2": [ - "cc_6_6" - ], - "C5-2025": [ - "PS-03.02B" - ], - "AWS-Foundational-Technical-Review": [ - "NETSEC-002" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.1", - "2.10.2" - ], - "CCC": [ - "CCC.MLDE.CN08.AR01" - ], - "AWS-Foundational-Security-Best-Practices": [ - "EC2.15" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "KISA-ISMS-P-2023": [ - "2.6.1", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure VPC subnets do not assign public IP by default", - "title": "Ensure VPC subnets do not assign public IP by default", - "types": [ - "Infrastructure Security" - ], - "uid": "prowler-aws-vpc_subnet_no_public_ip_by_default-211203495394-eu-west-1-subnet-0065b4be93c6e8110" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-0065b4be93c6e8110", - "id": "subnet-0065b4be93c6e8110", - "name": "ex-vpc-private-eu-west-1c", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.2.0/24", - "availability_zone": "eu-west-1c", - "public": false, - "in_use": true, - "nat_gateway": true, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "Name", - "Value": "ex-vpc-private-eu-west-1c" - } - ] - } - }, - "group": { - "name": "vpc" - }, - "labels": [ - "GithubOrg:terraform-aws-modules", - "GithubRepo:terraform-aws-vpc", - "Example:ex-vpc", - "Name:ex-vpc-private-eu-west-1c" - ], - "name": "subnet-0065b4be93c6e8110", - "type": "AwsEc2Subnet", - "uid": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-0065b4be93c6e8110" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "VPC subnets should not allow automatic public IP assignment", - "references": [ - "https://docs.aws.amazon.com/config/latest/developerguide/subnet-auto-assign-public-ip-disabled.html" - ] - }, - "risk_details": "VPC subnet is a part of the VPC having its own rules for traffic. Assigning the Public IP to the subnet automatically (on launch) can accidentally expose the instances within this subnet to internet and should be edited to 'No' post creation of the Subnet.", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "VPC ex-vpc has private and public subnets.", - "metadata": { - "event_code": "vpc_subnet_separate_private_public", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "VPC ex-vpc has private and public subnets.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Scenario2.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_6_6" - ], - "C5-2025": [ - "PS-03.02B", - "COS-02.01B", - "COS-07.04B" - ], - "ENS-RD2022": [ - "mp.com.4.aws.vpc.1", - "mp.com.4.r1.aws.vpc.1" - ], - "AWS-Foundational-Technical-Review": [ - "NETSEC-002" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.1", - "2.10.2" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "KISA-ISMS-P-2023": [ - "2.6.1", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760902688, - "created_time_dt": "2025-10-19T19:38:08.052091", - "desc": "Ensure all VPC has public and private subnets defined", - "title": "Ensure all VPC has public and private subnets defined", - "types": [ - "Infrastructure Security" - ], - "uid": "prowler-aws-vpc_subnet_separate_private_public-211203495394-eu-west-1-vpc-007d791b9b857543e" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:ec2:eu-west-1:211203495394:vpc/vpc-007d791b9b857543e", - "id": "vpc-007d791b9b857543e", - "name": "ex-vpc", - "default": false, - "in_use": true, - "cidr_block": "10.0.0.0/16", - "flow_log": true, - "region": "eu-west-1", - "subnets": [ - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-0ed85e6f7a21ca120", - "id": "subnet-0ed85e6f7a21ca120", - "name": "ex-vpc-db-eu-west-1b", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.9.0/24", - "availability_zone": "eu-west-1b", - "public": false, - "in_use": false, - "nat_gateway": true, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Name", - "Value": "ex-vpc-db-eu-west-1b" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Example", - "Value": "ex-vpc" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-0dff6254fddd22140", - "id": "subnet-0dff6254fddd22140", - "name": "ex-vpc-intra-eu-west-1c", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.22.0/24", - "availability_zone": "eu-west-1c", - "public": false, - "in_use": false, - "nat_gateway": false, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "Name", - "Value": "ex-vpc-intra-eu-west-1c" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-003e93ce0ba0d219a", - "id": "subnet-003e93ce0ba0d219a", - "name": "Redshift Subnet Two", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.17.0/24", - "availability_zone": "eu-west-1b", - "public": false, - "in_use": false, - "nat_gateway": true, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Name", - "Value": "Redshift Subnet Two" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-0b96cff7e9a8bbcac", - "id": "subnet-0b96cff7e9a8bbcac", - "name": "Elasticache Subnet One", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.12.0/24", - "availability_zone": "eu-west-1a", - "public": false, - "in_use": false, - "nat_gateway": true, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "Name", - "Value": "Elasticache Subnet One" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-00526a0cd693d0679", - "id": "subnet-00526a0cd693d0679", - "name": "ex-vpc-public-eu-west-1c", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.6.0/24", - "availability_zone": "eu-west-1c", - "public": true, - "in_use": false, - "nat_gateway": false, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "Name", - "Value": "ex-vpc-public-eu-west-1c" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-03dfe7e9e94d1af9f", - "id": "subnet-03dfe7e9e94d1af9f", - "name": "DB Subnet One", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.8.0/24", - "availability_zone": "eu-west-1a", - "public": false, - "in_use": false, - "nat_gateway": true, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Name", - "Value": "DB Subnet One" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Example", - "Value": "ex-vpc" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-0916ac2a0e7ef95cf", - "id": "subnet-0916ac2a0e7ef95cf", - "name": "Private Subnet One", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.0.0/24", - "availability_zone": "eu-west-1a", - "public": false, - "in_use": true, - "nat_gateway": true, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "Name", - "Value": "Private Subnet One" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-094260cca8a477871", - "id": "subnet-094260cca8a477871", - "name": "Private Subnet Two", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.1.0/24", - "availability_zone": "eu-west-1b", - "public": false, - "in_use": true, - "nat_gateway": true, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Name", - "Value": "Private Subnet Two" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-092b870816e369a70", - "id": "subnet-092b870816e369a70", - "name": "ex-vpc-public-eu-west-1a", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.4.0/24", - "availability_zone": "eu-west-1a", - "public": true, - "in_use": true, - "nat_gateway": false, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "Name", - "Value": "ex-vpc-public-eu-west-1a" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-0503024220aeb7296", - "id": "subnet-0503024220aeb7296", - "name": "ex-vpc-elasticache-eu-west-1c", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.14.0/24", - "availability_zone": "eu-west-1c", - "public": false, - "in_use": false, - "nat_gateway": true, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "Name", - "Value": "ex-vpc-elasticache-eu-west-1c" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Example", - "Value": "ex-vpc" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-0065b4be93c6e8110", - "id": "subnet-0065b4be93c6e8110", - "name": "ex-vpc-private-eu-west-1c", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.2.0/24", - "availability_zone": "eu-west-1c", - "public": false, - "in_use": true, - "nat_gateway": true, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "Name", - "Value": "ex-vpc-private-eu-west-1c" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-049af33a5bc4a8bee", - "id": "subnet-049af33a5bc4a8bee", - "name": "ex-vpc-intra-eu-west-1b", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.21.0/24", - "availability_zone": "eu-west-1b", - "public": false, - "in_use": false, - "nat_gateway": false, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Name", - "Value": "ex-vpc-intra-eu-west-1b" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-050902d37d76ff633", - "id": "subnet-050902d37d76ff633", - "name": "ex-vpc-db-eu-west-1c", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.10.0/24", - "availability_zone": "eu-west-1c", - "public": false, - "in_use": false, - "nat_gateway": true, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "Name", - "Value": "ex-vpc-db-eu-west-1c" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-0951ea7ab41c5e46f", - "id": "subnet-0951ea7ab41c5e46f", - "name": "Elasticache Subnet Two", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.13.0/24", - "availability_zone": "eu-west-1b", - "public": false, - "in_use": false, - "nat_gateway": true, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "Name", - "Value": "Elasticache Subnet Two" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-08017c3b1071423b7", - "id": "subnet-08017c3b1071423b7", - "name": "Redshift Subnet One", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.16.0/24", - "availability_zone": "eu-west-1a", - "public": false, - "in_use": false, - "nat_gateway": true, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Name", - "Value": "Redshift Subnet One" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Example", - "Value": "ex-vpc" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-066aeeffb9d61ac77", - "id": "subnet-066aeeffb9d61ac77", - "name": "Redshift Subnet Three", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.18.0/24", - "availability_zone": "eu-west-1c", - "public": false, - "in_use": false, - "nat_gateway": true, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Name", - "Value": "Redshift Subnet Three" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-0f2535905905cd998", - "id": "subnet-0f2535905905cd998", - "name": "ex-vpc-intra-eu-west-1a", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.20.0/24", - "availability_zone": "eu-west-1a", - "public": false, - "in_use": false, - "nat_gateway": false, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "Name", - "Value": "ex-vpc-intra-eu-west-1a" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Example", - "Value": "ex-vpc" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-0ea254ffb94ba85e0", - "id": "subnet-0ea254ffb94ba85e0", - "name": "ex-vpc-public-eu-west-1b", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.5.0/24", - "availability_zone": "eu-west-1b", - "public": true, - "in_use": false, - "nat_gateway": false, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Name", - "Value": "ex-vpc-public-eu-west-1b" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - } - ] - } - ], - "tags": [ - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Name", - "Value": "ex-vpc" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Example", - "Value": "ex-vpc" - } - ] - } - }, - "group": { - "name": "vpc" - }, - "labels": [ - "GithubOrg:terraform-aws-modules", - "Name:ex-vpc", - "GithubRepo:terraform-aws-vpc", - "Example:ex-vpc" - ], - "name": "vpc-007d791b9b857543e", - "type": "AwsEc2Vpc", - "uid": "arn:aws:ec2:eu-west-1:211203495394:vpc/vpc-007d791b9b857543e" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Ensure all VPC has public and private subnets defined", - "references": [ - "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Scenario2.html" - ] - }, - "risk_details": "", - "time": 1760902688, - "time_dt": "2025-10-19T19:38:08.052091", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - } -] diff --git a/website/src/data/test-results/finos-labs-ccc-cfi-compliance/secure-aws-bucket/results/secure-aws-bucket-combined.ocsf.json b/website/src/data/test-results/finos-labs-ccc-cfi-compliance/secure-aws-bucket/results/secure-aws-bucket-combined.ocsf.json deleted file mode 100644 index d5abb294..00000000 --- a/website/src/data/test-results/finos-labs-ccc-cfi-compliance/secure-aws-bucket/results/secure-aws-bucket-combined.ocsf.json +++ /dev/null @@ -1,224 +0,0 @@ -[ - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1760903619, - "created_time_dt": "2025-10-19T19:53:39Z", - "desc": "Compliance test scenario: Cleanup", - "title": "Cleanup", - "types": [], - "uid": "ccc-test-487-1760903619" - }, - "message": "Cleanup", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Destructive", - "uid": "CCC-Destructive", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "arn:aws:s3:::prod-my-secure-s3-bucket-20250423-logs", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "s3" - } - }, - "group": { - "name": "s3" - }, - "labels": [ - "{\"Name\": \"prod-my-secure-s3-bucket-20250423-logs\", \"Type\": \"logs\", \"Owner\": \"CFI\", \"module\": \"secure-s3\", \"managed-by\": \"terraform\", \"Environment\": \"Production\"}" - ], - "name": "arn:aws:s3:::prod-my-secure-s3-bucket-20250423-logs", - "region": "us-east-1", - "type": "s3", - "uid": "arn:aws:s3:::prod-my-secure-s3-bucket-20250423-logs" - } - ], - "severity": "Informational", - "severity_id": 1, - "status": "New", - "status_code": "PASS", - "status_detail": "βœ“ a cloud api for \"{Provider}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" with parameter \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" with parameter \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ I call \"{storage}\" with \"CreateBucket\" with parameter \"test-bucket-obj-write\"\nβœ“ I refer to \"{result}\" as \"bucket\"\nβœ“ I call \"{storage}\" with \"DeleteBucket\" with parameter \"{bucket.ID}\"\nβœ“ I call \"{iamService}\" with \"DestroyUser\" with parameter \"{testUserTrusted}\"\nβœ“ I call \"{iamService}\" with \"DestroyUser\" with parameter \"{testUserUntrusted}\"", - "status_id": 1, - "time": 1760903619, - "time_dt": "2025-10-19T19:53:39Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.ObjStor.C01.TR04" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1760903610, - "created_time_dt": "2025-10-19T19:53:30Z", - "desc": "Compliance test scenario: Cleanup", - "title": "Cleanup", - "types": [], - "uid": "ccc-test-487-1760903610" - }, - "message": "Cleanup", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Destructive", - "uid": "CCC-Destructive", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "arn:aws:s3:::prod-my-secure-s3-bucket-20250423", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "s3" - } - }, - "group": { - "name": "s3" - }, - "labels": [ - "{\"Name\": \"prod-my-secure-s3-bucket-20250423\", \"Owner\": \"CFI\", \"module\": \"secure-s3\", \"managed-by\": \"terraform\", \"Environment\": \"Production\"}" - ], - "name": "arn:aws:s3:::prod-my-secure-s3-bucket-20250423", - "region": "us-east-1", - "type": "s3", - "uid": "arn:aws:s3:::prod-my-secure-s3-bucket-20250423" - } - ], - "severity": "Informational", - "severity_id": 1, - "status": "New", - "status_code": "PASS", - "status_detail": "βœ“ a cloud api for \"{Provider}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" with parameter \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" with parameter \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ I call \"{storage}\" with \"CreateBucket\" with parameter \"test-bucket-obj-write\"\nβœ“ I refer to \"{result}\" as \"bucket\"\nβœ“ I call \"{storage}\" with \"DeleteBucket\" with parameter \"{bucket.ID}\"\nβœ“ I call \"{iamService}\" with \"DestroyUser\" with parameter \"{testUserTrusted}\"\nβœ“ I call \"{iamService}\" with \"DestroyUser\" with parameter \"{testUserUntrusted}\"", - "status_id": 1, - "time": 1760903610, - "time_dt": "2025-10-19T19:53:30Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.ObjStor.C01.TR04" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1760903628, - "created_time_dt": "2025-10-19T19:53:48Z", - "desc": "Compliance test scenario: Cleanup", - "title": "Cleanup", - "types": [], - "uid": "ccc-test-487-1760903628" - }, - "message": "Cleanup", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Destructive", - "uid": "CCC-Destructive", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "arn:aws:s3:us-east-1:211203495394:storage-lens/default-account-dashboard", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "s3" - } - }, - "group": { - "name": "s3" - }, - "labels": [ - "{\"Preexisting\": \"20251012\"}" - ], - "name": "arn:aws:s3:us-east-1:211203495394:storage-lens/default-account-dashboard", - "region": "us-east-1", - "type": "s3", - "uid": "arn:aws:s3:us-east-1:211203495394:storage-lens/default-account-dashboard" - } - ], - "severity": "Informational", - "severity_id": 1, - "status": "New", - "status_code": "PASS", - "status_detail": "βœ“ a cloud api for \"{Provider}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" with parameter \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" with parameter \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ I call \"{storage}\" with \"CreateBucket\" with parameter \"test-bucket-obj-write\"\nβœ“ I refer to \"{result}\" as \"bucket\"\nβœ“ I call \"{storage}\" with \"DeleteBucket\" with parameter \"{bucket.ID}\"\nβœ“ I call \"{iamService}\" with \"DestroyUser\" with parameter \"{testUserTrusted}\"\nβœ“ I call \"{iamService}\" with \"DestroyUser\" with parameter \"{testUserUntrusted}\"", - "status_id": 1, - "time": 1760903628, - "time_dt": "2025-10-19T19:53:48Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.ObjStor.C01.TR04" - ] - } - } - } -] \ No newline at end of file diff --git a/website/src/data/test-results/finos-labs-ccc-cfi-compliance/secure-aws-bucket/results/secure-aws-bucket-complete.ocsf.json b/website/src/data/test-results/finos-labs-ccc-cfi-compliance/secure-aws-bucket/results/secure-aws-bucket-complete.ocsf.json deleted file mode 100644 index 54d15266..00000000 --- a/website/src/data/test-results/finos-labs-ccc-cfi-compliance/secure-aws-bucket/results/secure-aws-bucket-complete.ocsf.json +++ /dev/null @@ -1,126079 +0,0 @@ -[ - { - "message": "IAM Access Analyzer in account 211203495394 is not enabled.", - "metadata": { - "event_code": "accessanalyzer_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "IAM Access Analyzer in account 211203495394 is not enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "identity-access", - "trust-boundaries" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-manage-external.html", - "https://aws.amazon.com/iam/access-analyzer/", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/API_CreateAnalyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-external.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/Welcome.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-internal.html" - ], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-01.04B", - "IAM-06.01AC", - "IAM-10.01B", - "IAM-10.02B", - "INQ-04.01AC", - "PSS-08.03B", - "PSS-09.01AC" - ], - "CIS-3.0": [ - "1.20" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.20" - ], - "CIS-5.0": [ - "1.19" - ], - "CIS-1.4": [ - "1.20" - ], - "CCC": [ - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN05.AR04" - ], - "ProwlerThreatScore-1.0": [ - "1.2.6" - ], - "CIS-1.5": [ - "1.20" - ], - "ISO27001-2022": [ - "A.8.3" - ], - "AWS-Account-Security-Onboarding": [ - "Enabled security services", - "Create analyzers in each active regions", - "Verify that events are present in SecurityHub aggregated view" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-2.0": [ - "1.20" - ], - "NIS2": [ - "3.2.3.e", - "11.1.1", - "11.2.1", - "11.2.2.e" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "**IAM Access Analyzer** presence and status are evaluated per account and Region. An analyzer in `ACTIVE` state indicates continuous analysis of supported resources and IAM activity to identify external, internal, and unused access.", - "title": "IAM Access Analyzer is enabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices" - ], - "uid": "prowler-aws-accessanalyzer_enabled-211203495394-ap-northeast-1-analyzer/unknown" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-northeast-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:accessanalyzer:ap-northeast-1:211203495394:analyzer/unknown", - "name": "analyzer/unknown", - "status": "NOT_AVAILABLE", - "findings": [], - "tags": [], - "type": "", - "region": "ap-northeast-1" - } - }, - "group": { - "name": "accessanalyzer" - }, - "labels": [], - "name": "analyzer/unknown", - "type": "Other", - "uid": "arn:aws:accessanalyzer:ap-northeast-1:211203495394:analyzer/unknown" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-northeast-1" - }, - "remediation": { - "desc": "Enable **IAM Access Analyzer** across all accounts and active Regions (*or organization-wide*). Operate on least privilege: continuously review findings, remove unintended access, and trim unused permissions. Use archive rules sparingly, integrate reviews into change/CI/CD workflows, and enforce separation of duties on policy changes.", - "references": [ - "https://hub.prowler.com/check/accessanalyzer_enabled" - ] - }, - "risk_details": "Without an active analyzer, visibility into unintended public, cross-account, or risky internal access is lost. Adversaries can exploit exposed S3, snapshots, KMS keys, or permissive role trusts for data exfiltration and escalation. Unused permissions persist, enlarging the attack surface. This degrades confidentiality and integrity.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "IAM Access Analyzer in account 211203495394 is not enabled.", - "metadata": { - "event_code": "accessanalyzer_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "IAM Access Analyzer in account 211203495394 is not enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "identity-access", - "trust-boundaries" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-manage-external.html", - "https://aws.amazon.com/iam/access-analyzer/", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/API_CreateAnalyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-external.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/Welcome.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-internal.html" - ], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-01.04B", - "IAM-06.01AC", - "IAM-10.01B", - "IAM-10.02B", - "INQ-04.01AC", - "PSS-08.03B", - "PSS-09.01AC" - ], - "CIS-3.0": [ - "1.20" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.20" - ], - "CIS-5.0": [ - "1.19" - ], - "CIS-1.4": [ - "1.20" - ], - "CCC": [ - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN05.AR04" - ], - "ProwlerThreatScore-1.0": [ - "1.2.6" - ], - "CIS-1.5": [ - "1.20" - ], - "ISO27001-2022": [ - "A.8.3" - ], - "AWS-Account-Security-Onboarding": [ - "Enabled security services", - "Create analyzers in each active regions", - "Verify that events are present in SecurityHub aggregated view" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-2.0": [ - "1.20" - ], - "NIS2": [ - "3.2.3.e", - "11.1.1", - "11.2.1", - "11.2.2.e" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "**IAM Access Analyzer** presence and status are evaluated per account and Region. An analyzer in `ACTIVE` state indicates continuous analysis of supported resources and IAM activity to identify external, internal, and unused access.", - "title": "IAM Access Analyzer is enabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices" - ], - "uid": "prowler-aws-accessanalyzer_enabled-211203495394-ap-northeast-2-analyzer/unknown" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-northeast-2", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:accessanalyzer:ap-northeast-2:211203495394:analyzer/unknown", - "name": "analyzer/unknown", - "status": "NOT_AVAILABLE", - "findings": [], - "tags": [], - "type": "", - "region": "ap-northeast-2" - } - }, - "group": { - "name": "accessanalyzer" - }, - "labels": [], - "name": "analyzer/unknown", - "type": "Other", - "uid": "arn:aws:accessanalyzer:ap-northeast-2:211203495394:analyzer/unknown" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-northeast-2" - }, - "remediation": { - "desc": "Enable **IAM Access Analyzer** across all accounts and active Regions (*or organization-wide*). Operate on least privilege: continuously review findings, remove unintended access, and trim unused permissions. Use archive rules sparingly, integrate reviews into change/CI/CD workflows, and enforce separation of duties on policy changes.", - "references": [ - "https://hub.prowler.com/check/accessanalyzer_enabled" - ] - }, - "risk_details": "Without an active analyzer, visibility into unintended public, cross-account, or risky internal access is lost. Adversaries can exploit exposed S3, snapshots, KMS keys, or permissive role trusts for data exfiltration and escalation. Unused permissions persist, enlarging the attack surface. This degrades confidentiality and integrity.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "IAM Access Analyzer in account 211203495394 is not enabled.", - "metadata": { - "event_code": "accessanalyzer_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "IAM Access Analyzer in account 211203495394 is not enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "identity-access", - "trust-boundaries" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-manage-external.html", - "https://aws.amazon.com/iam/access-analyzer/", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/API_CreateAnalyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-external.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/Welcome.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-internal.html" - ], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-01.04B", - "IAM-06.01AC", - "IAM-10.01B", - "IAM-10.02B", - "INQ-04.01AC", - "PSS-08.03B", - "PSS-09.01AC" - ], - "CIS-3.0": [ - "1.20" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.20" - ], - "CIS-5.0": [ - "1.19" - ], - "CIS-1.4": [ - "1.20" - ], - "CCC": [ - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN05.AR04" - ], - "ProwlerThreatScore-1.0": [ - "1.2.6" - ], - "CIS-1.5": [ - "1.20" - ], - "ISO27001-2022": [ - "A.8.3" - ], - "AWS-Account-Security-Onboarding": [ - "Enabled security services", - "Create analyzers in each active regions", - "Verify that events are present in SecurityHub aggregated view" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-2.0": [ - "1.20" - ], - "NIS2": [ - "3.2.3.e", - "11.1.1", - "11.2.1", - "11.2.2.e" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "**IAM Access Analyzer** presence and status are evaluated per account and Region. An analyzer in `ACTIVE` state indicates continuous analysis of supported resources and IAM activity to identify external, internal, and unused access.", - "title": "IAM Access Analyzer is enabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices" - ], - "uid": "prowler-aws-accessanalyzer_enabled-211203495394-ap-northeast-3-analyzer/unknown" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-northeast-3", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:accessanalyzer:ap-northeast-3:211203495394:analyzer/unknown", - "name": "analyzer/unknown", - "status": "NOT_AVAILABLE", - "findings": [], - "tags": [], - "type": "", - "region": "ap-northeast-3" - } - }, - "group": { - "name": "accessanalyzer" - }, - "labels": [], - "name": "analyzer/unknown", - "type": "Other", - "uid": "arn:aws:accessanalyzer:ap-northeast-3:211203495394:analyzer/unknown" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-northeast-3" - }, - "remediation": { - "desc": "Enable **IAM Access Analyzer** across all accounts and active Regions (*or organization-wide*). Operate on least privilege: continuously review findings, remove unintended access, and trim unused permissions. Use archive rules sparingly, integrate reviews into change/CI/CD workflows, and enforce separation of duties on policy changes.", - "references": [ - "https://hub.prowler.com/check/accessanalyzer_enabled" - ] - }, - "risk_details": "Without an active analyzer, visibility into unintended public, cross-account, or risky internal access is lost. Adversaries can exploit exposed S3, snapshots, KMS keys, or permissive role trusts for data exfiltration and escalation. Unused permissions persist, enlarging the attack surface. This degrades confidentiality and integrity.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "IAM Access Analyzer in account 211203495394 is not enabled.", - "metadata": { - "event_code": "accessanalyzer_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "IAM Access Analyzer in account 211203495394 is not enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "identity-access", - "trust-boundaries" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-manage-external.html", - "https://aws.amazon.com/iam/access-analyzer/", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/API_CreateAnalyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-external.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/Welcome.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-internal.html" - ], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-01.04B", - "IAM-06.01AC", - "IAM-10.01B", - "IAM-10.02B", - "INQ-04.01AC", - "PSS-08.03B", - "PSS-09.01AC" - ], - "CIS-3.0": [ - "1.20" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.20" - ], - "CIS-5.0": [ - "1.19" - ], - "CIS-1.4": [ - "1.20" - ], - "CCC": [ - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN05.AR04" - ], - "ProwlerThreatScore-1.0": [ - "1.2.6" - ], - "CIS-1.5": [ - "1.20" - ], - "ISO27001-2022": [ - "A.8.3" - ], - "AWS-Account-Security-Onboarding": [ - "Enabled security services", - "Create analyzers in each active regions", - "Verify that events are present in SecurityHub aggregated view" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-2.0": [ - "1.20" - ], - "NIS2": [ - "3.2.3.e", - "11.1.1", - "11.2.1", - "11.2.2.e" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "**IAM Access Analyzer** presence and status are evaluated per account and Region. An analyzer in `ACTIVE` state indicates continuous analysis of supported resources and IAM activity to identify external, internal, and unused access.", - "title": "IAM Access Analyzer is enabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices" - ], - "uid": "prowler-aws-accessanalyzer_enabled-211203495394-ap-south-1-analyzer/unknown" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-south-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:accessanalyzer:ap-south-1:211203495394:analyzer/unknown", - "name": "analyzer/unknown", - "status": "NOT_AVAILABLE", - "findings": [], - "tags": [], - "type": "", - "region": "ap-south-1" - } - }, - "group": { - "name": "accessanalyzer" - }, - "labels": [], - "name": "analyzer/unknown", - "type": "Other", - "uid": "arn:aws:accessanalyzer:ap-south-1:211203495394:analyzer/unknown" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-south-1" - }, - "remediation": { - "desc": "Enable **IAM Access Analyzer** across all accounts and active Regions (*or organization-wide*). Operate on least privilege: continuously review findings, remove unintended access, and trim unused permissions. Use archive rules sparingly, integrate reviews into change/CI/CD workflows, and enforce separation of duties on policy changes.", - "references": [ - "https://hub.prowler.com/check/accessanalyzer_enabled" - ] - }, - "risk_details": "Without an active analyzer, visibility into unintended public, cross-account, or risky internal access is lost. Adversaries can exploit exposed S3, snapshots, KMS keys, or permissive role trusts for data exfiltration and escalation. Unused permissions persist, enlarging the attack surface. This degrades confidentiality and integrity.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "IAM Access Analyzer in account 211203495394 is not enabled.", - "metadata": { - "event_code": "accessanalyzer_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "IAM Access Analyzer in account 211203495394 is not enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "identity-access", - "trust-boundaries" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-manage-external.html", - "https://aws.amazon.com/iam/access-analyzer/", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/API_CreateAnalyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-external.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/Welcome.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-internal.html" - ], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-01.04B", - "IAM-06.01AC", - "IAM-10.01B", - "IAM-10.02B", - "INQ-04.01AC", - "PSS-08.03B", - "PSS-09.01AC" - ], - "CIS-3.0": [ - "1.20" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.20" - ], - "CIS-5.0": [ - "1.19" - ], - "CIS-1.4": [ - "1.20" - ], - "CCC": [ - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN05.AR04" - ], - "ProwlerThreatScore-1.0": [ - "1.2.6" - ], - "CIS-1.5": [ - "1.20" - ], - "ISO27001-2022": [ - "A.8.3" - ], - "AWS-Account-Security-Onboarding": [ - "Enabled security services", - "Create analyzers in each active regions", - "Verify that events are present in SecurityHub aggregated view" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-2.0": [ - "1.20" - ], - "NIS2": [ - "3.2.3.e", - "11.1.1", - "11.2.1", - "11.2.2.e" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "**IAM Access Analyzer** presence and status are evaluated per account and Region. An analyzer in `ACTIVE` state indicates continuous analysis of supported resources and IAM activity to identify external, internal, and unused access.", - "title": "IAM Access Analyzer is enabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices" - ], - "uid": "prowler-aws-accessanalyzer_enabled-211203495394-ap-southeast-1-analyzer/unknown" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-southeast-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:accessanalyzer:ap-southeast-1:211203495394:analyzer/unknown", - "name": "analyzer/unknown", - "status": "NOT_AVAILABLE", - "findings": [], - "tags": [], - "type": "", - "region": "ap-southeast-1" - } - }, - "group": { - "name": "accessanalyzer" - }, - "labels": [], - "name": "analyzer/unknown", - "type": "Other", - "uid": "arn:aws:accessanalyzer:ap-southeast-1:211203495394:analyzer/unknown" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-southeast-1" - }, - "remediation": { - "desc": "Enable **IAM Access Analyzer** across all accounts and active Regions (*or organization-wide*). Operate on least privilege: continuously review findings, remove unintended access, and trim unused permissions. Use archive rules sparingly, integrate reviews into change/CI/CD workflows, and enforce separation of duties on policy changes.", - "references": [ - "https://hub.prowler.com/check/accessanalyzer_enabled" - ] - }, - "risk_details": "Without an active analyzer, visibility into unintended public, cross-account, or risky internal access is lost. Adversaries can exploit exposed S3, snapshots, KMS keys, or permissive role trusts for data exfiltration and escalation. Unused permissions persist, enlarging the attack surface. This degrades confidentiality and integrity.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "IAM Access Analyzer in account 211203495394 is not enabled.", - "metadata": { - "event_code": "accessanalyzer_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "IAM Access Analyzer in account 211203495394 is not enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "identity-access", - "trust-boundaries" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-manage-external.html", - "https://aws.amazon.com/iam/access-analyzer/", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/API_CreateAnalyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-external.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/Welcome.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-internal.html" - ], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-01.04B", - "IAM-06.01AC", - "IAM-10.01B", - "IAM-10.02B", - "INQ-04.01AC", - "PSS-08.03B", - "PSS-09.01AC" - ], - "CIS-3.0": [ - "1.20" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.20" - ], - "CIS-5.0": [ - "1.19" - ], - "CIS-1.4": [ - "1.20" - ], - "CCC": [ - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN05.AR04" - ], - "ProwlerThreatScore-1.0": [ - "1.2.6" - ], - "CIS-1.5": [ - "1.20" - ], - "ISO27001-2022": [ - "A.8.3" - ], - "AWS-Account-Security-Onboarding": [ - "Enabled security services", - "Create analyzers in each active regions", - "Verify that events are present in SecurityHub aggregated view" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-2.0": [ - "1.20" - ], - "NIS2": [ - "3.2.3.e", - "11.1.1", - "11.2.1", - "11.2.2.e" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "**IAM Access Analyzer** presence and status are evaluated per account and Region. An analyzer in `ACTIVE` state indicates continuous analysis of supported resources and IAM activity to identify external, internal, and unused access.", - "title": "IAM Access Analyzer is enabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices" - ], - "uid": "prowler-aws-accessanalyzer_enabled-211203495394-ap-southeast-2-analyzer/unknown" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-southeast-2", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:accessanalyzer:ap-southeast-2:211203495394:analyzer/unknown", - "name": "analyzer/unknown", - "status": "NOT_AVAILABLE", - "findings": [], - "tags": [], - "type": "", - "region": "ap-southeast-2" - } - }, - "group": { - "name": "accessanalyzer" - }, - "labels": [], - "name": "analyzer/unknown", - "type": "Other", - "uid": "arn:aws:accessanalyzer:ap-southeast-2:211203495394:analyzer/unknown" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-southeast-2" - }, - "remediation": { - "desc": "Enable **IAM Access Analyzer** across all accounts and active Regions (*or organization-wide*). Operate on least privilege: continuously review findings, remove unintended access, and trim unused permissions. Use archive rules sparingly, integrate reviews into change/CI/CD workflows, and enforce separation of duties on policy changes.", - "references": [ - "https://hub.prowler.com/check/accessanalyzer_enabled" - ] - }, - "risk_details": "Without an active analyzer, visibility into unintended public, cross-account, or risky internal access is lost. Adversaries can exploit exposed S3, snapshots, KMS keys, or permissive role trusts for data exfiltration and escalation. Unused permissions persist, enlarging the attack surface. This degrades confidentiality and integrity.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "IAM Access Analyzer in account 211203495394 is not enabled.", - "metadata": { - "event_code": "accessanalyzer_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "IAM Access Analyzer in account 211203495394 is not enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "identity-access", - "trust-boundaries" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-manage-external.html", - "https://aws.amazon.com/iam/access-analyzer/", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/API_CreateAnalyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-external.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/Welcome.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-internal.html" - ], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-01.04B", - "IAM-06.01AC", - "IAM-10.01B", - "IAM-10.02B", - "INQ-04.01AC", - "PSS-08.03B", - "PSS-09.01AC" - ], - "CIS-3.0": [ - "1.20" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.20" - ], - "CIS-5.0": [ - "1.19" - ], - "CIS-1.4": [ - "1.20" - ], - "CCC": [ - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN05.AR04" - ], - "ProwlerThreatScore-1.0": [ - "1.2.6" - ], - "CIS-1.5": [ - "1.20" - ], - "ISO27001-2022": [ - "A.8.3" - ], - "AWS-Account-Security-Onboarding": [ - "Enabled security services", - "Create analyzers in each active regions", - "Verify that events are present in SecurityHub aggregated view" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-2.0": [ - "1.20" - ], - "NIS2": [ - "3.2.3.e", - "11.1.1", - "11.2.1", - "11.2.2.e" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "**IAM Access Analyzer** presence and status are evaluated per account and Region. An analyzer in `ACTIVE` state indicates continuous analysis of supported resources and IAM activity to identify external, internal, and unused access.", - "title": "IAM Access Analyzer is enabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices" - ], - "uid": "prowler-aws-accessanalyzer_enabled-211203495394-ca-central-1-analyzer/unknown" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ca-central-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:accessanalyzer:ca-central-1:211203495394:analyzer/unknown", - "name": "analyzer/unknown", - "status": "NOT_AVAILABLE", - "findings": [], - "tags": [], - "type": "", - "region": "ca-central-1" - } - }, - "group": { - "name": "accessanalyzer" - }, - "labels": [], - "name": "analyzer/unknown", - "type": "Other", - "uid": "arn:aws:accessanalyzer:ca-central-1:211203495394:analyzer/unknown" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ca-central-1" - }, - "remediation": { - "desc": "Enable **IAM Access Analyzer** across all accounts and active Regions (*or organization-wide*). Operate on least privilege: continuously review findings, remove unintended access, and trim unused permissions. Use archive rules sparingly, integrate reviews into change/CI/CD workflows, and enforce separation of duties on policy changes.", - "references": [ - "https://hub.prowler.com/check/accessanalyzer_enabled" - ] - }, - "risk_details": "Without an active analyzer, visibility into unintended public, cross-account, or risky internal access is lost. Adversaries can exploit exposed S3, snapshots, KMS keys, or permissive role trusts for data exfiltration and escalation. Unused permissions persist, enlarging the attack surface. This degrades confidentiality and integrity.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "IAM Access Analyzer in account 211203495394 is not enabled.", - "metadata": { - "event_code": "accessanalyzer_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "IAM Access Analyzer in account 211203495394 is not enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "identity-access", - "trust-boundaries" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-manage-external.html", - "https://aws.amazon.com/iam/access-analyzer/", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/API_CreateAnalyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-external.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/Welcome.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-internal.html" - ], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-01.04B", - "IAM-06.01AC", - "IAM-10.01B", - "IAM-10.02B", - "INQ-04.01AC", - "PSS-08.03B", - "PSS-09.01AC" - ], - "CIS-3.0": [ - "1.20" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.20" - ], - "CIS-5.0": [ - "1.19" - ], - "CIS-1.4": [ - "1.20" - ], - "CCC": [ - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN05.AR04" - ], - "ProwlerThreatScore-1.0": [ - "1.2.6" - ], - "CIS-1.5": [ - "1.20" - ], - "ISO27001-2022": [ - "A.8.3" - ], - "AWS-Account-Security-Onboarding": [ - "Enabled security services", - "Create analyzers in each active regions", - "Verify that events are present in SecurityHub aggregated view" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-2.0": [ - "1.20" - ], - "NIS2": [ - "3.2.3.e", - "11.1.1", - "11.2.1", - "11.2.2.e" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "**IAM Access Analyzer** presence and status are evaluated per account and Region. An analyzer in `ACTIVE` state indicates continuous analysis of supported resources and IAM activity to identify external, internal, and unused access.", - "title": "IAM Access Analyzer is enabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices" - ], - "uid": "prowler-aws-accessanalyzer_enabled-211203495394-eu-central-1-analyzer/unknown" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-central-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:accessanalyzer:eu-central-1:211203495394:analyzer/unknown", - "name": "analyzer/unknown", - "status": "NOT_AVAILABLE", - "findings": [], - "tags": [], - "type": "", - "region": "eu-central-1" - } - }, - "group": { - "name": "accessanalyzer" - }, - "labels": [], - "name": "analyzer/unknown", - "type": "Other", - "uid": "arn:aws:accessanalyzer:eu-central-1:211203495394:analyzer/unknown" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-central-1" - }, - "remediation": { - "desc": "Enable **IAM Access Analyzer** across all accounts and active Regions (*or organization-wide*). Operate on least privilege: continuously review findings, remove unintended access, and trim unused permissions. Use archive rules sparingly, integrate reviews into change/CI/CD workflows, and enforce separation of duties on policy changes.", - "references": [ - "https://hub.prowler.com/check/accessanalyzer_enabled" - ] - }, - "risk_details": "Without an active analyzer, visibility into unintended public, cross-account, or risky internal access is lost. Adversaries can exploit exposed S3, snapshots, KMS keys, or permissive role trusts for data exfiltration and escalation. Unused permissions persist, enlarging the attack surface. This degrades confidentiality and integrity.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "IAM Access Analyzer in account 211203495394 is not enabled.", - "metadata": { - "event_code": "accessanalyzer_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "IAM Access Analyzer in account 211203495394 is not enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "identity-access", - "trust-boundaries" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-manage-external.html", - "https://aws.amazon.com/iam/access-analyzer/", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/API_CreateAnalyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-external.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/Welcome.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-internal.html" - ], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-01.04B", - "IAM-06.01AC", - "IAM-10.01B", - "IAM-10.02B", - "INQ-04.01AC", - "PSS-08.03B", - "PSS-09.01AC" - ], - "CIS-3.0": [ - "1.20" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.20" - ], - "CIS-5.0": [ - "1.19" - ], - "CIS-1.4": [ - "1.20" - ], - "CCC": [ - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN05.AR04" - ], - "ProwlerThreatScore-1.0": [ - "1.2.6" - ], - "CIS-1.5": [ - "1.20" - ], - "ISO27001-2022": [ - "A.8.3" - ], - "AWS-Account-Security-Onboarding": [ - "Enabled security services", - "Create analyzers in each active regions", - "Verify that events are present in SecurityHub aggregated view" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-2.0": [ - "1.20" - ], - "NIS2": [ - "3.2.3.e", - "11.1.1", - "11.2.1", - "11.2.2.e" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "**IAM Access Analyzer** presence and status are evaluated per account and Region. An analyzer in `ACTIVE` state indicates continuous analysis of supported resources and IAM activity to identify external, internal, and unused access.", - "title": "IAM Access Analyzer is enabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices" - ], - "uid": "prowler-aws-accessanalyzer_enabled-211203495394-eu-north-1-analyzer/unknown" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-north-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:accessanalyzer:eu-north-1:211203495394:analyzer/unknown", - "name": "analyzer/unknown", - "status": "NOT_AVAILABLE", - "findings": [], - "tags": [], - "type": "", - "region": "eu-north-1" - } - }, - "group": { - "name": "accessanalyzer" - }, - "labels": [], - "name": "analyzer/unknown", - "type": "Other", - "uid": "arn:aws:accessanalyzer:eu-north-1:211203495394:analyzer/unknown" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-north-1" - }, - "remediation": { - "desc": "Enable **IAM Access Analyzer** across all accounts and active Regions (*or organization-wide*). Operate on least privilege: continuously review findings, remove unintended access, and trim unused permissions. Use archive rules sparingly, integrate reviews into change/CI/CD workflows, and enforce separation of duties on policy changes.", - "references": [ - "https://hub.prowler.com/check/accessanalyzer_enabled" - ] - }, - "risk_details": "Without an active analyzer, visibility into unintended public, cross-account, or risky internal access is lost. Adversaries can exploit exposed S3, snapshots, KMS keys, or permissive role trusts for data exfiltration and escalation. Unused permissions persist, enlarging the attack surface. This degrades confidentiality and integrity.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "IAM Access Analyzer in account 211203495394 is not enabled.", - "metadata": { - "event_code": "accessanalyzer_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "IAM Access Analyzer in account 211203495394 is not enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "identity-access", - "trust-boundaries" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-manage-external.html", - "https://aws.amazon.com/iam/access-analyzer/", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/API_CreateAnalyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-external.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/Welcome.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-internal.html" - ], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-01.04B", - "IAM-06.01AC", - "IAM-10.01B", - "IAM-10.02B", - "INQ-04.01AC", - "PSS-08.03B", - "PSS-09.01AC" - ], - "CIS-3.0": [ - "1.20" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.20" - ], - "CIS-5.0": [ - "1.19" - ], - "CIS-1.4": [ - "1.20" - ], - "CCC": [ - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN05.AR04" - ], - "ProwlerThreatScore-1.0": [ - "1.2.6" - ], - "CIS-1.5": [ - "1.20" - ], - "ISO27001-2022": [ - "A.8.3" - ], - "AWS-Account-Security-Onboarding": [ - "Enabled security services", - "Create analyzers in each active regions", - "Verify that events are present in SecurityHub aggregated view" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-2.0": [ - "1.20" - ], - "NIS2": [ - "3.2.3.e", - "11.1.1", - "11.2.1", - "11.2.2.e" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "**IAM Access Analyzer** presence and status are evaluated per account and Region. An analyzer in `ACTIVE` state indicates continuous analysis of supported resources and IAM activity to identify external, internal, and unused access.", - "title": "IAM Access Analyzer is enabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices" - ], - "uid": "prowler-aws-accessanalyzer_enabled-211203495394-eu-west-1-analyzer/unknown" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:accessanalyzer:eu-west-1:211203495394:analyzer/unknown", - "name": "analyzer/unknown", - "status": "NOT_AVAILABLE", - "findings": [], - "tags": [], - "type": "", - "region": "eu-west-1" - } - }, - "group": { - "name": "accessanalyzer" - }, - "labels": [], - "name": "analyzer/unknown", - "type": "Other", - "uid": "arn:aws:accessanalyzer:eu-west-1:211203495394:analyzer/unknown" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Enable **IAM Access Analyzer** across all accounts and active Regions (*or organization-wide*). Operate on least privilege: continuously review findings, remove unintended access, and trim unused permissions. Use archive rules sparingly, integrate reviews into change/CI/CD workflows, and enforce separation of duties on policy changes.", - "references": [ - "https://hub.prowler.com/check/accessanalyzer_enabled" - ] - }, - "risk_details": "Without an active analyzer, visibility into unintended public, cross-account, or risky internal access is lost. Adversaries can exploit exposed S3, snapshots, KMS keys, or permissive role trusts for data exfiltration and escalation. Unused permissions persist, enlarging the attack surface. This degrades confidentiality and integrity.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "IAM Access Analyzer in account 211203495394 is not enabled.", - "metadata": { - "event_code": "accessanalyzer_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "IAM Access Analyzer in account 211203495394 is not enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "identity-access", - "trust-boundaries" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-manage-external.html", - "https://aws.amazon.com/iam/access-analyzer/", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/API_CreateAnalyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-external.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/Welcome.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-internal.html" - ], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-01.04B", - "IAM-06.01AC", - "IAM-10.01B", - "IAM-10.02B", - "INQ-04.01AC", - "PSS-08.03B", - "PSS-09.01AC" - ], - "CIS-3.0": [ - "1.20" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.20" - ], - "CIS-5.0": [ - "1.19" - ], - "CIS-1.4": [ - "1.20" - ], - "CCC": [ - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN05.AR04" - ], - "ProwlerThreatScore-1.0": [ - "1.2.6" - ], - "CIS-1.5": [ - "1.20" - ], - "ISO27001-2022": [ - "A.8.3" - ], - "AWS-Account-Security-Onboarding": [ - "Enabled security services", - "Create analyzers in each active regions", - "Verify that events are present in SecurityHub aggregated view" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-2.0": [ - "1.20" - ], - "NIS2": [ - "3.2.3.e", - "11.1.1", - "11.2.1", - "11.2.2.e" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "**IAM Access Analyzer** presence and status are evaluated per account and Region. An analyzer in `ACTIVE` state indicates continuous analysis of supported resources and IAM activity to identify external, internal, and unused access.", - "title": "IAM Access Analyzer is enabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices" - ], - "uid": "prowler-aws-accessanalyzer_enabled-211203495394-eu-west-2-analyzer/unknown" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-2", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:accessanalyzer:eu-west-2:211203495394:analyzer/unknown", - "name": "analyzer/unknown", - "status": "NOT_AVAILABLE", - "findings": [], - "tags": [], - "type": "", - "region": "eu-west-2" - } - }, - "group": { - "name": "accessanalyzer" - }, - "labels": [], - "name": "analyzer/unknown", - "type": "Other", - "uid": "arn:aws:accessanalyzer:eu-west-2:211203495394:analyzer/unknown" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-2" - }, - "remediation": { - "desc": "Enable **IAM Access Analyzer** across all accounts and active Regions (*or organization-wide*). Operate on least privilege: continuously review findings, remove unintended access, and trim unused permissions. Use archive rules sparingly, integrate reviews into change/CI/CD workflows, and enforce separation of duties on policy changes.", - "references": [ - "https://hub.prowler.com/check/accessanalyzer_enabled" - ] - }, - "risk_details": "Without an active analyzer, visibility into unintended public, cross-account, or risky internal access is lost. Adversaries can exploit exposed S3, snapshots, KMS keys, or permissive role trusts for data exfiltration and escalation. Unused permissions persist, enlarging the attack surface. This degrades confidentiality and integrity.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "IAM Access Analyzer in account 211203495394 is not enabled.", - "metadata": { - "event_code": "accessanalyzer_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "IAM Access Analyzer in account 211203495394 is not enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "identity-access", - "trust-boundaries" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-manage-external.html", - "https://aws.amazon.com/iam/access-analyzer/", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/API_CreateAnalyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-external.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/Welcome.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-internal.html" - ], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-01.04B", - "IAM-06.01AC", - "IAM-10.01B", - "IAM-10.02B", - "INQ-04.01AC", - "PSS-08.03B", - "PSS-09.01AC" - ], - "CIS-3.0": [ - "1.20" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.20" - ], - "CIS-5.0": [ - "1.19" - ], - "CIS-1.4": [ - "1.20" - ], - "CCC": [ - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN05.AR04" - ], - "ProwlerThreatScore-1.0": [ - "1.2.6" - ], - "CIS-1.5": [ - "1.20" - ], - "ISO27001-2022": [ - "A.8.3" - ], - "AWS-Account-Security-Onboarding": [ - "Enabled security services", - "Create analyzers in each active regions", - "Verify that events are present in SecurityHub aggregated view" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-2.0": [ - "1.20" - ], - "NIS2": [ - "3.2.3.e", - "11.1.1", - "11.2.1", - "11.2.2.e" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "**IAM Access Analyzer** presence and status are evaluated per account and Region. An analyzer in `ACTIVE` state indicates continuous analysis of supported resources and IAM activity to identify external, internal, and unused access.", - "title": "IAM Access Analyzer is enabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices" - ], - "uid": "prowler-aws-accessanalyzer_enabled-211203495394-eu-west-3-analyzer/unknown" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-3", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:accessanalyzer:eu-west-3:211203495394:analyzer/unknown", - "name": "analyzer/unknown", - "status": "NOT_AVAILABLE", - "findings": [], - "tags": [], - "type": "", - "region": "eu-west-3" - } - }, - "group": { - "name": "accessanalyzer" - }, - "labels": [], - "name": "analyzer/unknown", - "type": "Other", - "uid": "arn:aws:accessanalyzer:eu-west-3:211203495394:analyzer/unknown" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-3" - }, - "remediation": { - "desc": "Enable **IAM Access Analyzer** across all accounts and active Regions (*or organization-wide*). Operate on least privilege: continuously review findings, remove unintended access, and trim unused permissions. Use archive rules sparingly, integrate reviews into change/CI/CD workflows, and enforce separation of duties on policy changes.", - "references": [ - "https://hub.prowler.com/check/accessanalyzer_enabled" - ] - }, - "risk_details": "Without an active analyzer, visibility into unintended public, cross-account, or risky internal access is lost. Adversaries can exploit exposed S3, snapshots, KMS keys, or permissive role trusts for data exfiltration and escalation. Unused permissions persist, enlarging the attack surface. This degrades confidentiality and integrity.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "IAM Access Analyzer in account 211203495394 is not enabled.", - "metadata": { - "event_code": "accessanalyzer_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "IAM Access Analyzer in account 211203495394 is not enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "identity-access", - "trust-boundaries" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-manage-external.html", - "https://aws.amazon.com/iam/access-analyzer/", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/API_CreateAnalyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-external.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/Welcome.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-internal.html" - ], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-01.04B", - "IAM-06.01AC", - "IAM-10.01B", - "IAM-10.02B", - "INQ-04.01AC", - "PSS-08.03B", - "PSS-09.01AC" - ], - "CIS-3.0": [ - "1.20" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.20" - ], - "CIS-5.0": [ - "1.19" - ], - "CIS-1.4": [ - "1.20" - ], - "CCC": [ - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN05.AR04" - ], - "ProwlerThreatScore-1.0": [ - "1.2.6" - ], - "CIS-1.5": [ - "1.20" - ], - "ISO27001-2022": [ - "A.8.3" - ], - "AWS-Account-Security-Onboarding": [ - "Enabled security services", - "Create analyzers in each active regions", - "Verify that events are present in SecurityHub aggregated view" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-2.0": [ - "1.20" - ], - "NIS2": [ - "3.2.3.e", - "11.1.1", - "11.2.1", - "11.2.2.e" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "**IAM Access Analyzer** presence and status are evaluated per account and Region. An analyzer in `ACTIVE` state indicates continuous analysis of supported resources and IAM activity to identify external, internal, and unused access.", - "title": "IAM Access Analyzer is enabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices" - ], - "uid": "prowler-aws-accessanalyzer_enabled-211203495394-sa-east-1-analyzer/unknown" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "sa-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:accessanalyzer:sa-east-1:211203495394:analyzer/unknown", - "name": "analyzer/unknown", - "status": "NOT_AVAILABLE", - "findings": [], - "tags": [], - "type": "", - "region": "sa-east-1" - } - }, - "group": { - "name": "accessanalyzer" - }, - "labels": [], - "name": "analyzer/unknown", - "type": "Other", - "uid": "arn:aws:accessanalyzer:sa-east-1:211203495394:analyzer/unknown" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "sa-east-1" - }, - "remediation": { - "desc": "Enable **IAM Access Analyzer** across all accounts and active Regions (*or organization-wide*). Operate on least privilege: continuously review findings, remove unintended access, and trim unused permissions. Use archive rules sparingly, integrate reviews into change/CI/CD workflows, and enforce separation of duties on policy changes.", - "references": [ - "https://hub.prowler.com/check/accessanalyzer_enabled" - ] - }, - "risk_details": "Without an active analyzer, visibility into unintended public, cross-account, or risky internal access is lost. Adversaries can exploit exposed S3, snapshots, KMS keys, or permissive role trusts for data exfiltration and escalation. Unused permissions persist, enlarging the attack surface. This degrades confidentiality and integrity.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "IAM Access Analyzer in account 211203495394 is not enabled.", - "metadata": { - "event_code": "accessanalyzer_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "IAM Access Analyzer in account 211203495394 is not enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "identity-access", - "trust-boundaries" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-manage-external.html", - "https://aws.amazon.com/iam/access-analyzer/", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/API_CreateAnalyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-external.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/Welcome.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-internal.html" - ], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-01.04B", - "IAM-06.01AC", - "IAM-10.01B", - "IAM-10.02B", - "INQ-04.01AC", - "PSS-08.03B", - "PSS-09.01AC" - ], - "CIS-3.0": [ - "1.20" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.20" - ], - "CIS-5.0": [ - "1.19" - ], - "CIS-1.4": [ - "1.20" - ], - "CCC": [ - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN05.AR04" - ], - "ProwlerThreatScore-1.0": [ - "1.2.6" - ], - "CIS-1.5": [ - "1.20" - ], - "ISO27001-2022": [ - "A.8.3" - ], - "AWS-Account-Security-Onboarding": [ - "Enabled security services", - "Create analyzers in each active regions", - "Verify that events are present in SecurityHub aggregated view" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-2.0": [ - "1.20" - ], - "NIS2": [ - "3.2.3.e", - "11.1.1", - "11.2.1", - "11.2.2.e" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "**IAM Access Analyzer** presence and status are evaluated per account and Region. An analyzer in `ACTIVE` state indicates continuous analysis of supported resources and IAM activity to identify external, internal, and unused access.", - "title": "IAM Access Analyzer is enabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices" - ], - "uid": "prowler-aws-accessanalyzer_enabled-211203495394-us-east-1-analyzer/unknown" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:accessanalyzer:us-east-1:211203495394:analyzer/unknown", - "name": "analyzer/unknown", - "status": "NOT_AVAILABLE", - "findings": [], - "tags": [], - "type": "", - "region": "us-east-1" - } - }, - "group": { - "name": "accessanalyzer" - }, - "labels": [], - "name": "analyzer/unknown", - "type": "Other", - "uid": "arn:aws:accessanalyzer:us-east-1:211203495394:analyzer/unknown" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Enable **IAM Access Analyzer** across all accounts and active Regions (*or organization-wide*). Operate on least privilege: continuously review findings, remove unintended access, and trim unused permissions. Use archive rules sparingly, integrate reviews into change/CI/CD workflows, and enforce separation of duties on policy changes.", - "references": [ - "https://hub.prowler.com/check/accessanalyzer_enabled" - ] - }, - "risk_details": "Without an active analyzer, visibility into unintended public, cross-account, or risky internal access is lost. Adversaries can exploit exposed S3, snapshots, KMS keys, or permissive role trusts for data exfiltration and escalation. Unused permissions persist, enlarging the attack surface. This degrades confidentiality and integrity.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "IAM Access Analyzer in account 211203495394 is not enabled.", - "metadata": { - "event_code": "accessanalyzer_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "IAM Access Analyzer in account 211203495394 is not enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "identity-access", - "trust-boundaries" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-manage-external.html", - "https://aws.amazon.com/iam/access-analyzer/", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/API_CreateAnalyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-external.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/Welcome.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-internal.html" - ], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-01.04B", - "IAM-06.01AC", - "IAM-10.01B", - "IAM-10.02B", - "INQ-04.01AC", - "PSS-08.03B", - "PSS-09.01AC" - ], - "CIS-3.0": [ - "1.20" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.20" - ], - "CIS-5.0": [ - "1.19" - ], - "CIS-1.4": [ - "1.20" - ], - "CCC": [ - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN05.AR04" - ], - "ProwlerThreatScore-1.0": [ - "1.2.6" - ], - "CIS-1.5": [ - "1.20" - ], - "ISO27001-2022": [ - "A.8.3" - ], - "AWS-Account-Security-Onboarding": [ - "Enabled security services", - "Create analyzers in each active regions", - "Verify that events are present in SecurityHub aggregated view" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-2.0": [ - "1.20" - ], - "NIS2": [ - "3.2.3.e", - "11.1.1", - "11.2.1", - "11.2.2.e" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "**IAM Access Analyzer** presence and status are evaluated per account and Region. An analyzer in `ACTIVE` state indicates continuous analysis of supported resources and IAM activity to identify external, internal, and unused access.", - "title": "IAM Access Analyzer is enabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices" - ], - "uid": "prowler-aws-accessanalyzer_enabled-211203495394-us-east-2-analyzer/unknown" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-2", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:accessanalyzer:us-east-2:211203495394:analyzer/unknown", - "name": "analyzer/unknown", - "status": "NOT_AVAILABLE", - "findings": [], - "tags": [], - "type": "", - "region": "us-east-2" - } - }, - "group": { - "name": "accessanalyzer" - }, - "labels": [], - "name": "analyzer/unknown", - "type": "Other", - "uid": "arn:aws:accessanalyzer:us-east-2:211203495394:analyzer/unknown" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-2" - }, - "remediation": { - "desc": "Enable **IAM Access Analyzer** across all accounts and active Regions (*or organization-wide*). Operate on least privilege: continuously review findings, remove unintended access, and trim unused permissions. Use archive rules sparingly, integrate reviews into change/CI/CD workflows, and enforce separation of duties on policy changes.", - "references": [ - "https://hub.prowler.com/check/accessanalyzer_enabled" - ] - }, - "risk_details": "Without an active analyzer, visibility into unintended public, cross-account, or risky internal access is lost. Adversaries can exploit exposed S3, snapshots, KMS keys, or permissive role trusts for data exfiltration and escalation. Unused permissions persist, enlarging the attack surface. This degrades confidentiality and integrity.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "IAM Access Analyzer in account 211203495394 is not enabled.", - "metadata": { - "event_code": "accessanalyzer_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "IAM Access Analyzer in account 211203495394 is not enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "identity-access", - "trust-boundaries" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-manage-external.html", - "https://aws.amazon.com/iam/access-analyzer/", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/API_CreateAnalyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-external.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/Welcome.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-internal.html" - ], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-01.04B", - "IAM-06.01AC", - "IAM-10.01B", - "IAM-10.02B", - "INQ-04.01AC", - "PSS-08.03B", - "PSS-09.01AC" - ], - "CIS-3.0": [ - "1.20" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.20" - ], - "CIS-5.0": [ - "1.19" - ], - "CIS-1.4": [ - "1.20" - ], - "CCC": [ - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN05.AR04" - ], - "ProwlerThreatScore-1.0": [ - "1.2.6" - ], - "CIS-1.5": [ - "1.20" - ], - "ISO27001-2022": [ - "A.8.3" - ], - "AWS-Account-Security-Onboarding": [ - "Enabled security services", - "Create analyzers in each active regions", - "Verify that events are present in SecurityHub aggregated view" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-2.0": [ - "1.20" - ], - "NIS2": [ - "3.2.3.e", - "11.1.1", - "11.2.1", - "11.2.2.e" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "**IAM Access Analyzer** presence and status are evaluated per account and Region. An analyzer in `ACTIVE` state indicates continuous analysis of supported resources and IAM activity to identify external, internal, and unused access.", - "title": "IAM Access Analyzer is enabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices" - ], - "uid": "prowler-aws-accessanalyzer_enabled-211203495394-us-west-1-analyzer/unknown" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:accessanalyzer:us-west-1:211203495394:analyzer/unknown", - "name": "analyzer/unknown", - "status": "NOT_AVAILABLE", - "findings": [], - "tags": [], - "type": "", - "region": "us-west-1" - } - }, - "group": { - "name": "accessanalyzer" - }, - "labels": [], - "name": "analyzer/unknown", - "type": "Other", - "uid": "arn:aws:accessanalyzer:us-west-1:211203495394:analyzer/unknown" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-west-1" - }, - "remediation": { - "desc": "Enable **IAM Access Analyzer** across all accounts and active Regions (*or organization-wide*). Operate on least privilege: continuously review findings, remove unintended access, and trim unused permissions. Use archive rules sparingly, integrate reviews into change/CI/CD workflows, and enforce separation of duties on policy changes.", - "references": [ - "https://hub.prowler.com/check/accessanalyzer_enabled" - ] - }, - "risk_details": "Without an active analyzer, visibility into unintended public, cross-account, or risky internal access is lost. Adversaries can exploit exposed S3, snapshots, KMS keys, or permissive role trusts for data exfiltration and escalation. Unused permissions persist, enlarging the attack surface. This degrades confidentiality and integrity.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "IAM Access Analyzer in account 211203495394 is not enabled.", - "metadata": { - "event_code": "accessanalyzer_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "IAM Access Analyzer in account 211203495394 is not enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "identity-access", - "trust-boundaries" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-manage-external.html", - "https://aws.amazon.com/iam/access-analyzer/", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/API_CreateAnalyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-external.html", - "https://docs.aws.amazon.com/access-analyzer/latest/APIReference/Welcome.html", - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-create-internal.html" - ], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-01.04B", - "IAM-06.01AC", - "IAM-10.01B", - "IAM-10.02B", - "INQ-04.01AC", - "PSS-08.03B", - "PSS-09.01AC" - ], - "CIS-3.0": [ - "1.20" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.20" - ], - "CIS-5.0": [ - "1.19" - ], - "CIS-1.4": [ - "1.20" - ], - "CCC": [ - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN05.AR04" - ], - "ProwlerThreatScore-1.0": [ - "1.2.6" - ], - "CIS-1.5": [ - "1.20" - ], - "ISO27001-2022": [ - "A.8.3" - ], - "AWS-Account-Security-Onboarding": [ - "Enabled security services", - "Create analyzers in each active regions", - "Verify that events are present in SecurityHub aggregated view" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-2.0": [ - "1.20" - ], - "NIS2": [ - "3.2.3.e", - "11.1.1", - "11.2.1", - "11.2.2.e" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "**IAM Access Analyzer** presence and status are evaluated per account and Region. An analyzer in `ACTIVE` state indicates continuous analysis of supported resources and IAM activity to identify external, internal, and unused access.", - "title": "IAM Access Analyzer is enabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices" - ], - "uid": "prowler-aws-accessanalyzer_enabled-211203495394-us-west-2-analyzer/unknown" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-west-2", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:accessanalyzer:us-west-2:211203495394:analyzer/unknown", - "name": "analyzer/unknown", - "status": "NOT_AVAILABLE", - "findings": [], - "tags": [], - "type": "", - "region": "us-west-2" - } - }, - "group": { - "name": "accessanalyzer" - }, - "labels": [], - "name": "analyzer/unknown", - "type": "Other", - "uid": "arn:aws:accessanalyzer:us-west-2:211203495394:analyzer/unknown" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-west-2" - }, - "remediation": { - "desc": "Enable **IAM Access Analyzer** across all accounts and active Regions (*or organization-wide*). Operate on least privilege: continuously review findings, remove unintended access, and trim unused permissions. Use archive rules sparingly, integrate reviews into change/CI/CD workflows, and enforce separation of duties on policy changes.", - "references": [ - "https://hub.prowler.com/check/accessanalyzer_enabled" - ] - }, - "risk_details": "Without an active analyzer, visibility into unintended public, cross-account, or risky internal access is lost. Adversaries can exploit exposed S3, snapshots, KMS keys, or permissive role trusts for data exfiltration and escalation. Unused permissions persist, enlarging the attack surface. This degrades confidentiality and integrity.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Login to the AWS Console. Choose your account name on the top right of the window -> My Account -> Contact Information.", - "metadata": { - "event_code": "account_maintain_current_contact_details", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "MANUAL", - "status_detail": "Login to the AWS Console. Choose your account name on the top right of the window -> My Account -> Contact Information.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://docs.prowler.com/checks/aws/iam-policies/iam_18-maintain-contact-details#aws-console", - "https://repost.aws/knowledge-center/update-phone-number", - "https://support.stax.io/docs/accounts/update-aws-account-contact-details", - "https://maartenbruntink.nl/blog/2022/09/26/aws-account-hygiene-101-mass-updating-alternate-account-contacts/", - "https://docs.aws.amazon.com/security-ir/latest/userguide/update-account-contact-info.html", - "https://docs.aws.amazon.com/accounts/latest/reference/manage-acct-update-contact-primary.html", - "https://repost.aws/knowledge-center/add-update-billing-contact", - "https://aws.amazon.com/blogs/security/update-the-alternate-security-contact-across-your-aws-accounts-for-timely-security-notifications/", - "https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_update_contacts.html", - "https://docs.aws.amazon.com/accounts/latest/reference/manage-acct-update-contact-alternate.html" - ], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-03.01AS", - "IAM-06.06B", - "SSO-05.06B", - "SIM-01.03B", - "INQ-02.01B" - ], - "CIS-3.0": [ - "1.1" - ], - "ENS-RD2022": [ - "op.ext.7.aws.am.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2" - ], - "CIS-4.0.1": [ - "1.1" - ], - "CIS-5.0": [ - "1.1" - ], - "CIS-1.4": [ - "1.1" - ], - "CIS-1.5": [ - "1.1" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC03-BP03", - "SEC10-BP01" - ], - "ISO27001-2022": [ - "A.5.5" - ], - "AWS-Account-Security-Onboarding": [ - "Billing, emergency, security contacts" - ], - "KISA-ISMS-P-2023": [ - "2.10.2" - ], - "CIS-2.0": [ - "1.1" - ], - "NIS2": [ - "2.2.3", - "3.5.3.a", - "5.1.7.b" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "**AWS account contact information** is current for the **primary contact** and the **alternate contacts** for `security`, `billing`, and `operations`, with accurate email addresses and phone numbers.", - "title": "AWS account contact information is current", - "types": [ - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices" - ], - "uid": "prowler-aws-account_maintain_current_contact_details-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "account" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:iam::211203495394:root" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Adopt:\n- **Primary** and **alternate contacts** for `security`, `billing`, `operations`\n- Shared, monitored aliases and SMS-capable phone numbers (non-personal)\n- Centralized management across accounts with periodic reviews\n- **Least privilege** for who can modify contact data\n- Regular reachability tests and documented ownership", - "references": [ - "https://hub.prowler.com/check/account_maintain_current_contact_details" - ] - }, - "risk_details": "Outdated or single-person contacts delay **security notifications**, slow **incident response**, and complicate **account recovery**.\n\nAWS may throttle services during abuse mitigation, reducing **availability**. Missed alerts enable ongoing misuse, risking **data exfiltration** and unauthorized changes (**integrity**).", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "SECURITY, BILLING and OPERATIONS contacts not found or they are not different between each other and between ROOT contact.", - "metadata": { - "event_code": "account_maintain_different_contact_details_to_security_billing_and_operations", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "SECURITY, BILLING and OPERATIONS contacts not found or they are not different between each other and between ROOT contact.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "resilience" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/account_alternate_contact", - "https://docs.prowler.com/checks/aws/iam-policies/iam_18-maintain-contact-details#aws-console", - "https://docs.aws.amazon.com/accounts/latest/reference/manage-acct-update-contact-alternate.html", - "https://builder.aws.com/content/2qRw97fe8JFwfk2AbpJ3sYNpNvM/aws-bulk-update-alternate-contacts-across-organization", - "https://github.com/aws-samples/aws-account-alternate-contact-with-terraform", - "https://trendmicro.com/cloudoneconformity/knowledge-base/aws/IAM/account-security-alternate-contacts.html", - "https://repost.aws/articles/ARDFbpt-bvQ8iuErnqVVcCXQ/managing-aws-organization-alternate-contacts-via-csv" - ], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-04.03B", - "IAM-06.06B", - "SSO-05.06B", - "SIM-01.03B", - "INQ-02.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2" - ], - "ISO27001-2022": [ - "A.5.6" - ], - "KISA-ISMS-P-2023": [ - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "**AWS account alternate contacts** are defined for **Security**, **Billing**, and **Operations** with `name`, `email`, and `phone`. The finding evaluates that all three exist, are distinct from one another, and differ from the **primary (root) contact**.", - "title": "AWS account has distinct Security, Billing, and Operations contact details, different from each other and from the root contact", - "types": [ - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-account_maintain_different_contact_details_to_security_billing_and_operations-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "account" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:iam::211203495394:root" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Maintain distinct, monitored **Security**, **Billing**, and **Operations** alternate contacts that differ from the root contact.\n- Use team aliases and 24x7 phones\n- Review and test contact paths regularly\n- Centralize at org level for consistency\n\nApplies **operational resilience** and **separation of duties**.", - "references": [ - "https://hub.prowler.com/check/account_maintain_different_contact_details_to_security_billing_and_operations" - ] - }, - "risk_details": "Missing or shared contacts can delay response to abuse alerts, credential compromise, or billing anomalies, reducing **availability** (possible AWS traffic throttling) and raising **confidentiality** and **integrity** risk through extended exposure. If AWS cannot reach you, urgent mitigation may disrupt service.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Login to the AWS Console. Choose your account name on the top right of the window -> My Account -> Alternate Contacts -> Security Section.", - "metadata": { - "event_code": "account_security_contact_information_is_registered", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "MANUAL", - "status_detail": "Login to the AWS Console. Choose your account name on the top right of the window -> My Account -> Alternate Contacts -> Security Section.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/account_alternate_contact", - "https://docs.prowler.com/checks/aws/iam-policies/iam_19/", - "https://support.icompaas.com/support/solutions/articles/62000234161-1-2-ensure-security-contact-information-is-registered-manual-", - "https://www.plerion.com/cloud-knowledge-base/ensure-security-contact-information-is-registered", - "https://repost.aws/articles/ARDFbpt-bvQ8iuErnqVVcCXQ/managing-aws-organization-alternate-contacts-via-csv" - ], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-06.01B", - "SSO-05.06B", - "SIM-01.03B" - ], - "CIS-3.0": [ - "1.2" - ], - "ENS-RD2022": [ - "op.ext.7.aws.am.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2" - ], - "CIS-4.0.1": [ - "1.2" - ], - "PCI-4.0": [ - "A1.2.3.1" - ], - "CIS-5.0": [ - "1.2" - ], - "CIS-1.4": [ - "1.2" - ], - "AWS-Foundational-Security-Best-Practices": [ - "Account.1" - ], - "CIS-1.5": [ - "1.2" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC03-BP03", - "SEC10-BP01" - ], - "ISO27001-2022": [ - "A.5.5" - ], - "AWS-Account-Security-Onboarding": [ - "Billing, emergency, security contacts" - ], - "KISA-ISMS-P-2023": [ - "2.10.2" - ], - "CIS-2.0": [ - "1.2" - ], - "NIS2": [ - "1.1.1.a", - "1.2.3", - "2.2.1", - "3.1.2.d", - "3.5.3.a", - "5.1.7.b" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Account settings contain a **Security alternate contact** in Alternate Contacts (name, `EmailAddress`, `PhoneNumber`) for targeted AWS security notifications.", - "title": "AWS account has security alternate contact registered", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices" - ], - "uid": "prowler-aws-account_security_contact_information_is_registered-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "account" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:iam::211203495394:root" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Define and maintain a **Security alternate contact**:\n- Use a monitored alias (e.g., `security@domain`) and team phone\n- Apply to every account (prefer Org-wide automation)\n- Review after org/personnel changes and test delivery\n- Document ownership and escalation paths\nAlign with **incident response** and **least privilege** principles.", - "references": [ - "https://hub.prowler.com/check/account_security_contact_information_is_registered" - ] - }, - "risk_details": "Missing or outdated **security contact** can delay or prevent AWS advisories from reaching responders, increasing risk to:\n- Confidentiality: data exfiltration from undetected compromise\n- Integrity: unauthorized changes persist longer\n- Availability: resource abuse (e.g., cryptomining) and outages", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Login to the AWS Console as root. Choose your account name on the top right of the window -> My Account -> Configure Security Challenge Questions.", - "metadata": { - "event_code": "account_security_questions_are_registered_in_the_aws_account", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "MANUAL", - "status_detail": "Login to the AWS Console as root. Choose your account name on the top right of the window -> My Account -> Configure Security Challenge Questions.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://docs.prowler.com/checks/aws/iam-policies/iam_15", - "https://www.trendmicro.com/cloudoneconformity/knowledge-base/aws/IAM/security-challenge-questions.html" - ], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.3" - ], - "ENS-RD2022": [ - "op.ext.7.aws.am.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.3", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.3" - ], - "CIS-1.4": [ - "1.3" - ], - "CIS-1.5": [ - "1.3" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC03-BP03", - "SEC10-BP01" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.3", - "2.10.2" - ], - "CIS-2.0": [ - "1.3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "[DEPRECATED] **AWS account root** configuration may include legacy **security challenge questions** for support identity verification. This evaluates whether those questions are set on the account. *New configuration is discontinued by AWS and remaining support for this feature is time-limited.*", - "title": "[DEPRECATED] AWS root user has security challenge questions configured", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices" - ], - "uid": "prowler-aws-account_security_questions_are_registered_in_the_aws_account-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "account" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:iam::211203495394:root" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Favor stronger recovery instead of KBA:\n- Enforce **MFA for root** and minimize root use\n- Keep **alternate contacts** and root email current and protected\n- Establish a tightly controlled **break-glass role**, applying least privilege and separation of duties\n- Document and test recovery procedures; monitor root activity", - "references": [ - "https://hub.prowler.com/check/account_security_questions_are_registered_in_the_aws_account" - ] - }, - "risk_details": "Absence of these questions can limit support-assisted recovery if root credentials or MFA are lost, reducing **availability** and slowing **incident response**. Reliance on KBA also weakens **confidentiality** due to **social engineering**. Treat this as a recovery gap and adopt stronger, phishing-resistant factors.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No Backup Vault exist.", - "metadata": { - "event_code": "backup_vaults_exist", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "No Backup Vault exist.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "resilience" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://docs.aws.amazon.com/aws-backup/latest/devguide/vaults.html" - ], - "notes": "", - "compliance": { - "C5-2025": [ - "OPS-06.01B", - "OPS-07.01B", - "OPS-08.01B", - "OPS-09.02B", - "CRY-16.02B", - "DEV-11.02B", - "BCM-01.01B", - "BCM-01.02B", - "BCM-02.01B" - ], - "ENS-RD2022": [ - "mp.info.6.aws.bcku.1" - ], - "AWS-Foundational-Technical-Review": [ - "BAR-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.3", - "2.12.1" - ], - "CCC": [ - "CCC.Core.CN08.AR01", - "CCC.Core.CN14.AR02", - "CCC.Core.CN14.AR02" - ], - "ISO27001-2022": [ - "A.8.13" - ], - "KISA-ISMS-P-2023": [ - "2.9.3", - "2.12.1" - ], - "NIS2": [ - "3.6.2", - "4.1.2.f", - "4.1.2.g", - "4.2.2.b", - "4.2.2.e", - "12.1.2.c", - "12.2.2.b" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "**AWS Backup** in the account/region includes at least one **backup vault** that stores and organizes recovery points for use by backup plans and copies.", - "title": "At least one AWS Backup vault exists", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices" - ], - "uid": "prowler-aws-backup_vaults_exist-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "backup" - }, - "labels": [], - "name": "211203495394", - "type": "AwsBackupBackupVault", - "uid": "arn:aws:backup:us-east-1:211203495394:backup-vault" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Create and maintain a **backup vault** in each required region. Enforce **least privilege** access, encrypt with **KMS CMKs**, and enable **Vault Lock** to prevent tampering. Use lifecycle rules and cross-region/cross-account copies, and regularly test restores for **defense in depth**.", - "references": [ - "https://hub.prowler.com/check/backup_vaults_exist" - ] - }, - "risk_details": "Without a vault, recovery points cannot be created or retained in AWS Backup, degrading **availability** and **integrity**. Data may be irrecoverable after deletion, ransomware, or misconfiguration, and RPO/RTO targets may be missed during incidents.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Bedrock Model Invocation Logging is disabled.", - "metadata": { - "event_code": "bedrock_model_invocation_logging_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Bedrock Model Invocation Logging is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html", - "categories": [ - "logging", - "forensics-ready", - "gen-ai" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_a_1_1" - ], - "C5-2025": [ - "AM-01.01AC", - "OPS-11.02AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "SSO-05.01AC", - "PSS-04.05B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.2" - ], - "CCC": [ - "CCC.GenAI.CN01.AR01", - "CCC.GenAI.CN02.AR02", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.MLDE.CN05.AR01" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.2" - ], - "NIS2": [ - "3.2.3.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure that model invocation logging is enabled for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "title": "Ensure that model invocation logging is enabled for Amazon Bedrock.", - "types": [], - "uid": "prowler-aws-bedrock_model_invocation_logging_enabled-211203495394-ap-northeast-1-model-invocation-logging" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-northeast-1", - "data": { - "details": "", - "metadata": { - "enabled": false, - "cloudwatch_log_group": null, - "s3_bucket": null - } - }, - "group": { - "name": "bedrock" - }, - "labels": [], - "name": "model-invocation-logging", - "type": "Other", - "uid": "arn:aws:bedrock:ap-northeast-1:211203495394:model-invocation-logging" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-northeast-1" - }, - "remediation": { - "desc": "Enable model invocation logging for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "references": [ - "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html#model-invocation-logging-console" - ] - }, - "risk_details": "In Amazon Bedrock, model invocation logging enables you to collect the invocation request and response data, along with metadata, for all 'Converse', 'ConverseStream', 'InvokeModel', and 'InvokeModelWithResponseStream' API calls in your AWS account. Each log entry includes important details such as the timestamp, request ID, model ID, and token usage. Invocation logs can be utilized for troubleshooting, performance enhancements, abuse detection, and security auditing. By default, model invocation logging is disabled.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Bedrock Model Invocation Logging is disabled.", - "metadata": { - "event_code": "bedrock_model_invocation_logging_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Bedrock Model Invocation Logging is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html", - "categories": [ - "logging", - "forensics-ready", - "gen-ai" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_a_1_1" - ], - "C5-2025": [ - "AM-01.01AC", - "OPS-11.02AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "SSO-05.01AC", - "PSS-04.05B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.2" - ], - "CCC": [ - "CCC.GenAI.CN01.AR01", - "CCC.GenAI.CN02.AR02", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.MLDE.CN05.AR01" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.2" - ], - "NIS2": [ - "3.2.3.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure that model invocation logging is enabled for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "title": "Ensure that model invocation logging is enabled for Amazon Bedrock.", - "types": [], - "uid": "prowler-aws-bedrock_model_invocation_logging_enabled-211203495394-ap-northeast-2-model-invocation-logging" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-northeast-2", - "data": { - "details": "", - "metadata": { - "enabled": false, - "cloudwatch_log_group": null, - "s3_bucket": null - } - }, - "group": { - "name": "bedrock" - }, - "labels": [], - "name": "model-invocation-logging", - "type": "Other", - "uid": "arn:aws:bedrock:ap-northeast-2:211203495394:model-invocation-logging" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-northeast-2" - }, - "remediation": { - "desc": "Enable model invocation logging for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "references": [ - "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html#model-invocation-logging-console" - ] - }, - "risk_details": "In Amazon Bedrock, model invocation logging enables you to collect the invocation request and response data, along with metadata, for all 'Converse', 'ConverseStream', 'InvokeModel', and 'InvokeModelWithResponseStream' API calls in your AWS account. Each log entry includes important details such as the timestamp, request ID, model ID, and token usage. Invocation logs can be utilized for troubleshooting, performance enhancements, abuse detection, and security auditing. By default, model invocation logging is disabled.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Bedrock Model Invocation Logging is disabled.", - "metadata": { - "event_code": "bedrock_model_invocation_logging_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Bedrock Model Invocation Logging is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html", - "categories": [ - "logging", - "forensics-ready", - "gen-ai" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_a_1_1" - ], - "C5-2025": [ - "AM-01.01AC", - "OPS-11.02AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "SSO-05.01AC", - "PSS-04.05B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.2" - ], - "CCC": [ - "CCC.GenAI.CN01.AR01", - "CCC.GenAI.CN02.AR02", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.MLDE.CN05.AR01" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.2" - ], - "NIS2": [ - "3.2.3.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure that model invocation logging is enabled for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "title": "Ensure that model invocation logging is enabled for Amazon Bedrock.", - "types": [], - "uid": "prowler-aws-bedrock_model_invocation_logging_enabled-211203495394-ap-northeast-3-model-invocation-logging" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-northeast-3", - "data": { - "details": "", - "metadata": { - "enabled": false, - "cloudwatch_log_group": null, - "s3_bucket": null - } - }, - "group": { - "name": "bedrock" - }, - "labels": [], - "name": "model-invocation-logging", - "type": "Other", - "uid": "arn:aws:bedrock:ap-northeast-3:211203495394:model-invocation-logging" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-northeast-3" - }, - "remediation": { - "desc": "Enable model invocation logging for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "references": [ - "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html#model-invocation-logging-console" - ] - }, - "risk_details": "In Amazon Bedrock, model invocation logging enables you to collect the invocation request and response data, along with metadata, for all 'Converse', 'ConverseStream', 'InvokeModel', and 'InvokeModelWithResponseStream' API calls in your AWS account. Each log entry includes important details such as the timestamp, request ID, model ID, and token usage. Invocation logs can be utilized for troubleshooting, performance enhancements, abuse detection, and security auditing. By default, model invocation logging is disabled.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Bedrock Model Invocation Logging is disabled.", - "metadata": { - "event_code": "bedrock_model_invocation_logging_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Bedrock Model Invocation Logging is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html", - "categories": [ - "logging", - "forensics-ready", - "gen-ai" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_a_1_1" - ], - "C5-2025": [ - "AM-01.01AC", - "OPS-11.02AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "SSO-05.01AC", - "PSS-04.05B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.2" - ], - "CCC": [ - "CCC.GenAI.CN01.AR01", - "CCC.GenAI.CN02.AR02", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.MLDE.CN05.AR01" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.2" - ], - "NIS2": [ - "3.2.3.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure that model invocation logging is enabled for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "title": "Ensure that model invocation logging is enabled for Amazon Bedrock.", - "types": [], - "uid": "prowler-aws-bedrock_model_invocation_logging_enabled-211203495394-ap-south-1-model-invocation-logging" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-south-1", - "data": { - "details": "", - "metadata": { - "enabled": false, - "cloudwatch_log_group": null, - "s3_bucket": null - } - }, - "group": { - "name": "bedrock" - }, - "labels": [], - "name": "model-invocation-logging", - "type": "Other", - "uid": "arn:aws:bedrock:ap-south-1:211203495394:model-invocation-logging" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-south-1" - }, - "remediation": { - "desc": "Enable model invocation logging for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "references": [ - "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html#model-invocation-logging-console" - ] - }, - "risk_details": "In Amazon Bedrock, model invocation logging enables you to collect the invocation request and response data, along with metadata, for all 'Converse', 'ConverseStream', 'InvokeModel', and 'InvokeModelWithResponseStream' API calls in your AWS account. Each log entry includes important details such as the timestamp, request ID, model ID, and token usage. Invocation logs can be utilized for troubleshooting, performance enhancements, abuse detection, and security auditing. By default, model invocation logging is disabled.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Bedrock Model Invocation Logging is disabled.", - "metadata": { - "event_code": "bedrock_model_invocation_logging_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Bedrock Model Invocation Logging is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html", - "categories": [ - "logging", - "forensics-ready", - "gen-ai" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_a_1_1" - ], - "C5-2025": [ - "AM-01.01AC", - "OPS-11.02AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "SSO-05.01AC", - "PSS-04.05B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.2" - ], - "CCC": [ - "CCC.GenAI.CN01.AR01", - "CCC.GenAI.CN02.AR02", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.MLDE.CN05.AR01" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.2" - ], - "NIS2": [ - "3.2.3.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure that model invocation logging is enabled for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "title": "Ensure that model invocation logging is enabled for Amazon Bedrock.", - "types": [], - "uid": "prowler-aws-bedrock_model_invocation_logging_enabled-211203495394-ap-southeast-1-model-invocation-logging" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-southeast-1", - "data": { - "details": "", - "metadata": { - "enabled": false, - "cloudwatch_log_group": null, - "s3_bucket": null - } - }, - "group": { - "name": "bedrock" - }, - "labels": [], - "name": "model-invocation-logging", - "type": "Other", - "uid": "arn:aws:bedrock:ap-southeast-1:211203495394:model-invocation-logging" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-southeast-1" - }, - "remediation": { - "desc": "Enable model invocation logging for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "references": [ - "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html#model-invocation-logging-console" - ] - }, - "risk_details": "In Amazon Bedrock, model invocation logging enables you to collect the invocation request and response data, along with metadata, for all 'Converse', 'ConverseStream', 'InvokeModel', and 'InvokeModelWithResponseStream' API calls in your AWS account. Each log entry includes important details such as the timestamp, request ID, model ID, and token usage. Invocation logs can be utilized for troubleshooting, performance enhancements, abuse detection, and security auditing. By default, model invocation logging is disabled.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Bedrock Model Invocation Logging is disabled.", - "metadata": { - "event_code": "bedrock_model_invocation_logging_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Bedrock Model Invocation Logging is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html", - "categories": [ - "logging", - "forensics-ready", - "gen-ai" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_a_1_1" - ], - "C5-2025": [ - "AM-01.01AC", - "OPS-11.02AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "SSO-05.01AC", - "PSS-04.05B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.2" - ], - "CCC": [ - "CCC.GenAI.CN01.AR01", - "CCC.GenAI.CN02.AR02", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.MLDE.CN05.AR01" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.2" - ], - "NIS2": [ - "3.2.3.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure that model invocation logging is enabled for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "title": "Ensure that model invocation logging is enabled for Amazon Bedrock.", - "types": [], - "uid": "prowler-aws-bedrock_model_invocation_logging_enabled-211203495394-ap-southeast-2-model-invocation-logging" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-southeast-2", - "data": { - "details": "", - "metadata": { - "enabled": false, - "cloudwatch_log_group": null, - "s3_bucket": null - } - }, - "group": { - "name": "bedrock" - }, - "labels": [], - "name": "model-invocation-logging", - "type": "Other", - "uid": "arn:aws:bedrock:ap-southeast-2:211203495394:model-invocation-logging" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-southeast-2" - }, - "remediation": { - "desc": "Enable model invocation logging for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "references": [ - "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html#model-invocation-logging-console" - ] - }, - "risk_details": "In Amazon Bedrock, model invocation logging enables you to collect the invocation request and response data, along with metadata, for all 'Converse', 'ConverseStream', 'InvokeModel', and 'InvokeModelWithResponseStream' API calls in your AWS account. Each log entry includes important details such as the timestamp, request ID, model ID, and token usage. Invocation logs can be utilized for troubleshooting, performance enhancements, abuse detection, and security auditing. By default, model invocation logging is disabled.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Bedrock Model Invocation Logging is disabled.", - "metadata": { - "event_code": "bedrock_model_invocation_logging_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Bedrock Model Invocation Logging is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html", - "categories": [ - "logging", - "forensics-ready", - "gen-ai" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_a_1_1" - ], - "C5-2025": [ - "AM-01.01AC", - "OPS-11.02AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "SSO-05.01AC", - "PSS-04.05B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.2" - ], - "CCC": [ - "CCC.GenAI.CN01.AR01", - "CCC.GenAI.CN02.AR02", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.MLDE.CN05.AR01" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.2" - ], - "NIS2": [ - "3.2.3.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure that model invocation logging is enabled for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "title": "Ensure that model invocation logging is enabled for Amazon Bedrock.", - "types": [], - "uid": "prowler-aws-bedrock_model_invocation_logging_enabled-211203495394-ca-central-1-model-invocation-logging" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ca-central-1", - "data": { - "details": "", - "metadata": { - "enabled": false, - "cloudwatch_log_group": null, - "s3_bucket": null - } - }, - "group": { - "name": "bedrock" - }, - "labels": [], - "name": "model-invocation-logging", - "type": "Other", - "uid": "arn:aws:bedrock:ca-central-1:211203495394:model-invocation-logging" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ca-central-1" - }, - "remediation": { - "desc": "Enable model invocation logging for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "references": [ - "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html#model-invocation-logging-console" - ] - }, - "risk_details": "In Amazon Bedrock, model invocation logging enables you to collect the invocation request and response data, along with metadata, for all 'Converse', 'ConverseStream', 'InvokeModel', and 'InvokeModelWithResponseStream' API calls in your AWS account. Each log entry includes important details such as the timestamp, request ID, model ID, and token usage. Invocation logs can be utilized for troubleshooting, performance enhancements, abuse detection, and security auditing. By default, model invocation logging is disabled.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Bedrock Model Invocation Logging is disabled.", - "metadata": { - "event_code": "bedrock_model_invocation_logging_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Bedrock Model Invocation Logging is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html", - "categories": [ - "logging", - "forensics-ready", - "gen-ai" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_a_1_1" - ], - "C5-2025": [ - "AM-01.01AC", - "OPS-11.02AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "SSO-05.01AC", - "PSS-04.05B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.2" - ], - "CCC": [ - "CCC.GenAI.CN01.AR01", - "CCC.GenAI.CN02.AR02", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.MLDE.CN05.AR01" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.2" - ], - "NIS2": [ - "3.2.3.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure that model invocation logging is enabled for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "title": "Ensure that model invocation logging is enabled for Amazon Bedrock.", - "types": [], - "uid": "prowler-aws-bedrock_model_invocation_logging_enabled-211203495394-eu-central-1-model-invocation-logging" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-central-1", - "data": { - "details": "", - "metadata": { - "enabled": false, - "cloudwatch_log_group": null, - "s3_bucket": null - } - }, - "group": { - "name": "bedrock" - }, - "labels": [], - "name": "model-invocation-logging", - "type": "Other", - "uid": "arn:aws:bedrock:eu-central-1:211203495394:model-invocation-logging" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-central-1" - }, - "remediation": { - "desc": "Enable model invocation logging for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "references": [ - "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html#model-invocation-logging-console" - ] - }, - "risk_details": "In Amazon Bedrock, model invocation logging enables you to collect the invocation request and response data, along with metadata, for all 'Converse', 'ConverseStream', 'InvokeModel', and 'InvokeModelWithResponseStream' API calls in your AWS account. Each log entry includes important details such as the timestamp, request ID, model ID, and token usage. Invocation logs can be utilized for troubleshooting, performance enhancements, abuse detection, and security auditing. By default, model invocation logging is disabled.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Bedrock Model Invocation Logging is disabled.", - "metadata": { - "event_code": "bedrock_model_invocation_logging_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Bedrock Model Invocation Logging is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html", - "categories": [ - "logging", - "forensics-ready", - "gen-ai" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_a_1_1" - ], - "C5-2025": [ - "AM-01.01AC", - "OPS-11.02AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "SSO-05.01AC", - "PSS-04.05B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.2" - ], - "CCC": [ - "CCC.GenAI.CN01.AR01", - "CCC.GenAI.CN02.AR02", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.MLDE.CN05.AR01" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.2" - ], - "NIS2": [ - "3.2.3.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure that model invocation logging is enabled for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "title": "Ensure that model invocation logging is enabled for Amazon Bedrock.", - "types": [], - "uid": "prowler-aws-bedrock_model_invocation_logging_enabled-211203495394-eu-north-1-model-invocation-logging" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-north-1", - "data": { - "details": "", - "metadata": { - "enabled": false, - "cloudwatch_log_group": null, - "s3_bucket": null - } - }, - "group": { - "name": "bedrock" - }, - "labels": [], - "name": "model-invocation-logging", - "type": "Other", - "uid": "arn:aws:bedrock:eu-north-1:211203495394:model-invocation-logging" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-north-1" - }, - "remediation": { - "desc": "Enable model invocation logging for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "references": [ - "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html#model-invocation-logging-console" - ] - }, - "risk_details": "In Amazon Bedrock, model invocation logging enables you to collect the invocation request and response data, along with metadata, for all 'Converse', 'ConverseStream', 'InvokeModel', and 'InvokeModelWithResponseStream' API calls in your AWS account. Each log entry includes important details such as the timestamp, request ID, model ID, and token usage. Invocation logs can be utilized for troubleshooting, performance enhancements, abuse detection, and security auditing. By default, model invocation logging is disabled.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Bedrock Model Invocation Logging is disabled.", - "metadata": { - "event_code": "bedrock_model_invocation_logging_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Bedrock Model Invocation Logging is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html", - "categories": [ - "logging", - "forensics-ready", - "gen-ai" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_a_1_1" - ], - "C5-2025": [ - "AM-01.01AC", - "OPS-11.02AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "SSO-05.01AC", - "PSS-04.05B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.2" - ], - "CCC": [ - "CCC.GenAI.CN01.AR01", - "CCC.GenAI.CN02.AR02", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.MLDE.CN05.AR01" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.2" - ], - "NIS2": [ - "3.2.3.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure that model invocation logging is enabled for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "title": "Ensure that model invocation logging is enabled for Amazon Bedrock.", - "types": [], - "uid": "prowler-aws-bedrock_model_invocation_logging_enabled-211203495394-eu-west-1-model-invocation-logging" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "enabled": false, - "cloudwatch_log_group": null, - "s3_bucket": null - } - }, - "group": { - "name": "bedrock" - }, - "labels": [], - "name": "model-invocation-logging", - "type": "Other", - "uid": "arn:aws:bedrock:eu-west-1:211203495394:model-invocation-logging" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Enable model invocation logging for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "references": [ - "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html#model-invocation-logging-console" - ] - }, - "risk_details": "In Amazon Bedrock, model invocation logging enables you to collect the invocation request and response data, along with metadata, for all 'Converse', 'ConverseStream', 'InvokeModel', and 'InvokeModelWithResponseStream' API calls in your AWS account. Each log entry includes important details such as the timestamp, request ID, model ID, and token usage. Invocation logs can be utilized for troubleshooting, performance enhancements, abuse detection, and security auditing. By default, model invocation logging is disabled.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Bedrock Model Invocation Logging is disabled.", - "metadata": { - "event_code": "bedrock_model_invocation_logging_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Bedrock Model Invocation Logging is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html", - "categories": [ - "logging", - "forensics-ready", - "gen-ai" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_a_1_1" - ], - "C5-2025": [ - "AM-01.01AC", - "OPS-11.02AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "SSO-05.01AC", - "PSS-04.05B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.2" - ], - "CCC": [ - "CCC.GenAI.CN01.AR01", - "CCC.GenAI.CN02.AR02", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.MLDE.CN05.AR01" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.2" - ], - "NIS2": [ - "3.2.3.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure that model invocation logging is enabled for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "title": "Ensure that model invocation logging is enabled for Amazon Bedrock.", - "types": [], - "uid": "prowler-aws-bedrock_model_invocation_logging_enabled-211203495394-eu-west-2-model-invocation-logging" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-2", - "data": { - "details": "", - "metadata": { - "enabled": false, - "cloudwatch_log_group": null, - "s3_bucket": null - } - }, - "group": { - "name": "bedrock" - }, - "labels": [], - "name": "model-invocation-logging", - "type": "Other", - "uid": "arn:aws:bedrock:eu-west-2:211203495394:model-invocation-logging" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-2" - }, - "remediation": { - "desc": "Enable model invocation logging for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "references": [ - "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html#model-invocation-logging-console" - ] - }, - "risk_details": "In Amazon Bedrock, model invocation logging enables you to collect the invocation request and response data, along with metadata, for all 'Converse', 'ConverseStream', 'InvokeModel', and 'InvokeModelWithResponseStream' API calls in your AWS account. Each log entry includes important details such as the timestamp, request ID, model ID, and token usage. Invocation logs can be utilized for troubleshooting, performance enhancements, abuse detection, and security auditing. By default, model invocation logging is disabled.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Bedrock Model Invocation Logging is disabled.", - "metadata": { - "event_code": "bedrock_model_invocation_logging_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Bedrock Model Invocation Logging is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html", - "categories": [ - "logging", - "forensics-ready", - "gen-ai" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_a_1_1" - ], - "C5-2025": [ - "AM-01.01AC", - "OPS-11.02AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "SSO-05.01AC", - "PSS-04.05B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.2" - ], - "CCC": [ - "CCC.GenAI.CN01.AR01", - "CCC.GenAI.CN02.AR02", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.MLDE.CN05.AR01" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.2" - ], - "NIS2": [ - "3.2.3.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure that model invocation logging is enabled for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "title": "Ensure that model invocation logging is enabled for Amazon Bedrock.", - "types": [], - "uid": "prowler-aws-bedrock_model_invocation_logging_enabled-211203495394-eu-west-3-model-invocation-logging" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-3", - "data": { - "details": "", - "metadata": { - "enabled": false, - "cloudwatch_log_group": null, - "s3_bucket": null - } - }, - "group": { - "name": "bedrock" - }, - "labels": [], - "name": "model-invocation-logging", - "type": "Other", - "uid": "arn:aws:bedrock:eu-west-3:211203495394:model-invocation-logging" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-3" - }, - "remediation": { - "desc": "Enable model invocation logging for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "references": [ - "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html#model-invocation-logging-console" - ] - }, - "risk_details": "In Amazon Bedrock, model invocation logging enables you to collect the invocation request and response data, along with metadata, for all 'Converse', 'ConverseStream', 'InvokeModel', and 'InvokeModelWithResponseStream' API calls in your AWS account. Each log entry includes important details such as the timestamp, request ID, model ID, and token usage. Invocation logs can be utilized for troubleshooting, performance enhancements, abuse detection, and security auditing. By default, model invocation logging is disabled.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Bedrock Model Invocation Logging is disabled.", - "metadata": { - "event_code": "bedrock_model_invocation_logging_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Bedrock Model Invocation Logging is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html", - "categories": [ - "logging", - "forensics-ready", - "gen-ai" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_a_1_1" - ], - "C5-2025": [ - "AM-01.01AC", - "OPS-11.02AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "SSO-05.01AC", - "PSS-04.05B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.2" - ], - "CCC": [ - "CCC.GenAI.CN01.AR01", - "CCC.GenAI.CN02.AR02", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.MLDE.CN05.AR01" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.2" - ], - "NIS2": [ - "3.2.3.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure that model invocation logging is enabled for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "title": "Ensure that model invocation logging is enabled for Amazon Bedrock.", - "types": [], - "uid": "prowler-aws-bedrock_model_invocation_logging_enabled-211203495394-sa-east-1-model-invocation-logging" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "sa-east-1", - "data": { - "details": "", - "metadata": { - "enabled": false, - "cloudwatch_log_group": null, - "s3_bucket": null - } - }, - "group": { - "name": "bedrock" - }, - "labels": [], - "name": "model-invocation-logging", - "type": "Other", - "uid": "arn:aws:bedrock:sa-east-1:211203495394:model-invocation-logging" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "sa-east-1" - }, - "remediation": { - "desc": "Enable model invocation logging for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "references": [ - "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html#model-invocation-logging-console" - ] - }, - "risk_details": "In Amazon Bedrock, model invocation logging enables you to collect the invocation request and response data, along with metadata, for all 'Converse', 'ConverseStream', 'InvokeModel', and 'InvokeModelWithResponseStream' API calls in your AWS account. Each log entry includes important details such as the timestamp, request ID, model ID, and token usage. Invocation logs can be utilized for troubleshooting, performance enhancements, abuse detection, and security auditing. By default, model invocation logging is disabled.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Bedrock Model Invocation Logging is disabled.", - "metadata": { - "event_code": "bedrock_model_invocation_logging_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Bedrock Model Invocation Logging is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html", - "categories": [ - "logging", - "forensics-ready", - "gen-ai" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_a_1_1" - ], - "C5-2025": [ - "AM-01.01AC", - "OPS-11.02AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "SSO-05.01AC", - "PSS-04.05B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.2" - ], - "CCC": [ - "CCC.GenAI.CN01.AR01", - "CCC.GenAI.CN02.AR02", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.MLDE.CN05.AR01" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.2" - ], - "NIS2": [ - "3.2.3.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure that model invocation logging is enabled for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "title": "Ensure that model invocation logging is enabled for Amazon Bedrock.", - "types": [], - "uid": "prowler-aws-bedrock_model_invocation_logging_enabled-211203495394-us-east-1-model-invocation-logging" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "enabled": false, - "cloudwatch_log_group": null, - "s3_bucket": null - } - }, - "group": { - "name": "bedrock" - }, - "labels": [], - "name": "model-invocation-logging", - "type": "Other", - "uid": "arn:aws:bedrock:us-east-1:211203495394:model-invocation-logging" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Enable model invocation logging for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "references": [ - "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html#model-invocation-logging-console" - ] - }, - "risk_details": "In Amazon Bedrock, model invocation logging enables you to collect the invocation request and response data, along with metadata, for all 'Converse', 'ConverseStream', 'InvokeModel', and 'InvokeModelWithResponseStream' API calls in your AWS account. Each log entry includes important details such as the timestamp, request ID, model ID, and token usage. Invocation logs can be utilized for troubleshooting, performance enhancements, abuse detection, and security auditing. By default, model invocation logging is disabled.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Bedrock Model Invocation Logging is disabled.", - "metadata": { - "event_code": "bedrock_model_invocation_logging_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Bedrock Model Invocation Logging is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html", - "categories": [ - "logging", - "forensics-ready", - "gen-ai" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_a_1_1" - ], - "C5-2025": [ - "AM-01.01AC", - "OPS-11.02AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "SSO-05.01AC", - "PSS-04.05B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.2" - ], - "CCC": [ - "CCC.GenAI.CN01.AR01", - "CCC.GenAI.CN02.AR02", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.MLDE.CN05.AR01" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.2" - ], - "NIS2": [ - "3.2.3.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure that model invocation logging is enabled for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "title": "Ensure that model invocation logging is enabled for Amazon Bedrock.", - "types": [], - "uid": "prowler-aws-bedrock_model_invocation_logging_enabled-211203495394-us-east-2-model-invocation-logging" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-2", - "data": { - "details": "", - "metadata": { - "enabled": false, - "cloudwatch_log_group": null, - "s3_bucket": null - } - }, - "group": { - "name": "bedrock" - }, - "labels": [], - "name": "model-invocation-logging", - "type": "Other", - "uid": "arn:aws:bedrock:us-east-2:211203495394:model-invocation-logging" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-2" - }, - "remediation": { - "desc": "Enable model invocation logging for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "references": [ - "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html#model-invocation-logging-console" - ] - }, - "risk_details": "In Amazon Bedrock, model invocation logging enables you to collect the invocation request and response data, along with metadata, for all 'Converse', 'ConverseStream', 'InvokeModel', and 'InvokeModelWithResponseStream' API calls in your AWS account. Each log entry includes important details such as the timestamp, request ID, model ID, and token usage. Invocation logs can be utilized for troubleshooting, performance enhancements, abuse detection, and security auditing. By default, model invocation logging is disabled.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Bedrock Model Invocation Logging is disabled.", - "metadata": { - "event_code": "bedrock_model_invocation_logging_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Bedrock Model Invocation Logging is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html", - "categories": [ - "logging", - "forensics-ready", - "gen-ai" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_a_1_1" - ], - "C5-2025": [ - "AM-01.01AC", - "OPS-11.02AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "SSO-05.01AC", - "PSS-04.05B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.2" - ], - "CCC": [ - "CCC.GenAI.CN01.AR01", - "CCC.GenAI.CN02.AR02", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.MLDE.CN05.AR01" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.2" - ], - "NIS2": [ - "3.2.3.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure that model invocation logging is enabled for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "title": "Ensure that model invocation logging is enabled for Amazon Bedrock.", - "types": [], - "uid": "prowler-aws-bedrock_model_invocation_logging_enabled-211203495394-us-west-1-model-invocation-logging" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-west-1", - "data": { - "details": "", - "metadata": { - "enabled": false, - "cloudwatch_log_group": null, - "s3_bucket": null - } - }, - "group": { - "name": "bedrock" - }, - "labels": [], - "name": "model-invocation-logging", - "type": "Other", - "uid": "arn:aws:bedrock:us-west-1:211203495394:model-invocation-logging" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-west-1" - }, - "remediation": { - "desc": "Enable model invocation logging for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "references": [ - "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html#model-invocation-logging-console" - ] - }, - "risk_details": "In Amazon Bedrock, model invocation logging enables you to collect the invocation request and response data, along with metadata, for all 'Converse', 'ConverseStream', 'InvokeModel', and 'InvokeModelWithResponseStream' API calls in your AWS account. Each log entry includes important details such as the timestamp, request ID, model ID, and token usage. Invocation logs can be utilized for troubleshooting, performance enhancements, abuse detection, and security auditing. By default, model invocation logging is disabled.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Bedrock Model Invocation Logging is disabled.", - "metadata": { - "event_code": "bedrock_model_invocation_logging_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Bedrock Model Invocation Logging is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html", - "categories": [ - "logging", - "forensics-ready", - "gen-ai" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_a_1_1" - ], - "C5-2025": [ - "AM-01.01AC", - "OPS-11.02AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "SSO-05.01AC", - "PSS-04.05B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.2" - ], - "CCC": [ - "CCC.GenAI.CN01.AR01", - "CCC.GenAI.CN02.AR02", - "CCC.GenAI.CN08.AR01", - "CCC.GenAI.CN08.AR02", - "CCC.MLDE.CN05.AR01" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.2" - ], - "NIS2": [ - "3.2.3.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure that model invocation logging is enabled for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "title": "Ensure that model invocation logging is enabled for Amazon Bedrock.", - "types": [], - "uid": "prowler-aws-bedrock_model_invocation_logging_enabled-211203495394-us-west-2-model-invocation-logging" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-west-2", - "data": { - "details": "", - "metadata": { - "enabled": false, - "cloudwatch_log_group": null, - "s3_bucket": null - } - }, - "group": { - "name": "bedrock" - }, - "labels": [], - "name": "model-invocation-logging", - "type": "Other", - "uid": "arn:aws:bedrock:us-west-2:211203495394:model-invocation-logging" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-west-2" - }, - "remediation": { - "desc": "Enable model invocation logging for Amazon Bedrock service in order to collect metadata, requests, and responses for all model invocations in your AWS cloud account.", - "references": [ - "https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html#model-invocation-logging-console" - ] - }, - "risk_details": "In Amazon Bedrock, model invocation logging enables you to collect the invocation request and response data, along with metadata, for all 'Converse', 'ConverseStream', 'InvokeModel', and 'InvokeModelWithResponseStream' API calls in your AWS account. Each log entry includes important details such as the timestamp, request ID, model ID, and token usage. Invocation logs can be utilized for troubleshooting, performance enhancements, abuse detection, and security auditing. By default, model invocation logging is disabled.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled with logging were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled with logging were found.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_12", - "3_3_1", - "3_3_2", - "3_3_3", - "3_4_1", - "3_6_1", - "3_6_2", - "3_13_1", - "3_13_2", - "3_14_6", - "3_14_7" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_4" - ], - "HIPAA": [ - "164_308_a_1_ii_d", - "164_308_a_3_ii_a", - "164_308_a_6_ii", - "164_312_b", - "164_312_e_2_i" - ], - "SOC2": [ - "cc_2_1", - "cc_7_2", - "cc_a_1_1" - ], - "C5-2025": [ - "OIS-05.01B", - "OIS-05.02B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-15.03B", - "IAM-07.04B", - "DEV-08.02B", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-12.03AC" - ], - "NIST-CSF-1.1": [ - "ae_1", - "ae_3", - "ae_4", - "cm_1", - "cm_3", - "cm_6", - "cm_7", - "am_3", - "ac_6", - "ds_5", - "ma_2", - "pt_1" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-4", - "ac-2-g", - "au-2-a-d", - "au-3", - "au-6-1-3", - "au-12-a-c", - "ca-7-a-b", - "si-4-16", - "si-4-2", - "si-4-4", - "si-4-5" - ], - "CIS-3.0": [ - "3.1" - ], - "NIST-800-53-Revision-5": [ - "ac_2_4", - "ac_3_1", - "ac_3_10", - "ac_4_26", - "ac_6_9", - "au_2_b", - "au_3_1", - "au_3_a", - "au_3_b", - "au_3_c", - "au_3_d", - "au_3_e", - "au_3_f", - "au_6_3", - "au_6_4", - "au_6_6", - "au_6_9", - "au_8_b", - "au_10", - "au_12_a", - "au_12_c", - "au_12_1", - "au_12_2", - "au_12_3", - "au_12_4", - "au_14_a", - "au_14_b", - "au_14_3", - "ca_7_b", - "cm_5_1_b", - "cm_6_a", - "cm_9_b", - "ia_3_3_b", - "ma_4_1_a", - "pm_14_a_1", - "pm_14_b", - "pm_31", - "sc_7_9_b", - "si_1_1_c", - "si_3_8_b", - "si_4_2", - "si_4_17", - "si_4_20", - "si_7_8", - "si_10_1_c" - ], - "ENS-RD2022": [ - "op.acc.6.r5.aws.iam.1", - "op.exp.5.aws.ct.1", - "op.exp.8.aws.ct.1", - "op.exp.8.aws.ct.6", - "op.exp.9.aws.ct.1", - "op.mon.1.aws.ct.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "CIS-4.0.1": [ - "3.1" - ], - "PCI-4.0": [ - "10.2.1.1.22", - "10.2.1.2.19", - "10.2.1.3.19", - "10.2.1.4.19", - "10.2.1.5.19", - "10.2.1.6.19", - "10.2.1.7.19", - "10.2.1.19", - "10.2.2.19", - "10.3.1.19", - "10.6.3.24", - "5.3.4.22", - "A1.2.1.23" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "au-2", - "ca-7" - ], - "FFIEC": [ - "d2-ma-ma-b-1", - "d2-ma-ma-b-2", - "d3-dc-an-b-3", - "d3-dc-an-b-4", - "d3-dc-an-b-5", - "d3-dc-ev-b-1", - "d3-dc-ev-b-3", - "d3-pc-im-b-3", - "d3-pc-im-b-7", - "d5-dr-de-b-3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "3.2", - "3.2.3", - "3.4", - "3.4.d", - "10.1", - "10.2", - "10.2.1", - "10.2.2", - "10.2.3", - "10.2.4", - "10.2.6", - "10.2.7", - "10.3", - "10.3.1", - "10.3.2", - "10.3.3", - "10.3.4", - "10.3.5", - "10.3.6", - "10.5", - "10.5.4" - ], - "CIS-5.0": [ - "3.1" - ], - "CIS-1.4": [ - "3.1" - ], - "GxP-EU-Annex-11": [ - "1-risk-management", - "4.2-validation-documentation-change-control" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Logging.CN05.AR01", - "CCC.Core.CN08.AR01", - "CCC.Core.CN09.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR03" - ], - "GxP-21-CFR-Part-11": [ - "11.10-e", - "11.10-k", - "11.300-d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "CloudTrail.1" - ], - "CIS-1.5": [ - "3.1" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02", - "SEC04-BP03" - ], - "NIST-800-53-Revision-4": [ - "ac_2_4", - "ac_2", - "au_2", - "au_3", - "au_12", - "cm_2" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "CIS-2.0": [ - "3.1" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure CloudTrail is enabled in all regions", - "title": "Ensure CloudTrail is enabled in all regions", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled-211203495394-ap-northeast-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-northeast-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:ap-northeast-1:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-northeast-1" - }, - "remediation": { - "desc": "Ensure Logging is set to ON on all regions (even if they are not being used at the moment.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrailconcepts.html#cloudtrail-concepts-management-events" - ] - }, - "risk_details": "AWS CloudTrail is a web service that records AWS API calls for your account and delivers log files to you. The recorded information includes the identity of the API caller, the time of the API call, the source IP address of the API caller, the request parameters, and the response elements returned by the AWS service.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled with logging were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled with logging were found.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_12", - "3_3_1", - "3_3_2", - "3_3_3", - "3_4_1", - "3_6_1", - "3_6_2", - "3_13_1", - "3_13_2", - "3_14_6", - "3_14_7" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_4" - ], - "HIPAA": [ - "164_308_a_1_ii_d", - "164_308_a_3_ii_a", - "164_308_a_6_ii", - "164_312_b", - "164_312_e_2_i" - ], - "SOC2": [ - "cc_2_1", - "cc_7_2", - "cc_a_1_1" - ], - "C5-2025": [ - "OIS-05.01B", - "OIS-05.02B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-15.03B", - "IAM-07.04B", - "DEV-08.02B", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-12.03AC" - ], - "NIST-CSF-1.1": [ - "ae_1", - "ae_3", - "ae_4", - "cm_1", - "cm_3", - "cm_6", - "cm_7", - "am_3", - "ac_6", - "ds_5", - "ma_2", - "pt_1" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-4", - "ac-2-g", - "au-2-a-d", - "au-3", - "au-6-1-3", - "au-12-a-c", - "ca-7-a-b", - "si-4-16", - "si-4-2", - "si-4-4", - "si-4-5" - ], - "CIS-3.0": [ - "3.1" - ], - "NIST-800-53-Revision-5": [ - "ac_2_4", - "ac_3_1", - "ac_3_10", - "ac_4_26", - "ac_6_9", - "au_2_b", - "au_3_1", - "au_3_a", - "au_3_b", - "au_3_c", - "au_3_d", - "au_3_e", - "au_3_f", - "au_6_3", - "au_6_4", - "au_6_6", - "au_6_9", - "au_8_b", - "au_10", - "au_12_a", - "au_12_c", - "au_12_1", - "au_12_2", - "au_12_3", - "au_12_4", - "au_14_a", - "au_14_b", - "au_14_3", - "ca_7_b", - "cm_5_1_b", - "cm_6_a", - "cm_9_b", - "ia_3_3_b", - "ma_4_1_a", - "pm_14_a_1", - "pm_14_b", - "pm_31", - "sc_7_9_b", - "si_1_1_c", - "si_3_8_b", - "si_4_2", - "si_4_17", - "si_4_20", - "si_7_8", - "si_10_1_c" - ], - "ENS-RD2022": [ - "op.acc.6.r5.aws.iam.1", - "op.exp.5.aws.ct.1", - "op.exp.8.aws.ct.1", - "op.exp.8.aws.ct.6", - "op.exp.9.aws.ct.1", - "op.mon.1.aws.ct.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "CIS-4.0.1": [ - "3.1" - ], - "PCI-4.0": [ - "10.2.1.1.22", - "10.2.1.2.19", - "10.2.1.3.19", - "10.2.1.4.19", - "10.2.1.5.19", - "10.2.1.6.19", - "10.2.1.7.19", - "10.2.1.19", - "10.2.2.19", - "10.3.1.19", - "10.6.3.24", - "5.3.4.22", - "A1.2.1.23" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "au-2", - "ca-7" - ], - "FFIEC": [ - "d2-ma-ma-b-1", - "d2-ma-ma-b-2", - "d3-dc-an-b-3", - "d3-dc-an-b-4", - "d3-dc-an-b-5", - "d3-dc-ev-b-1", - "d3-dc-ev-b-3", - "d3-pc-im-b-3", - "d3-pc-im-b-7", - "d5-dr-de-b-3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "3.2", - "3.2.3", - "3.4", - "3.4.d", - "10.1", - "10.2", - "10.2.1", - "10.2.2", - "10.2.3", - "10.2.4", - "10.2.6", - "10.2.7", - "10.3", - "10.3.1", - "10.3.2", - "10.3.3", - "10.3.4", - "10.3.5", - "10.3.6", - "10.5", - "10.5.4" - ], - "CIS-5.0": [ - "3.1" - ], - "CIS-1.4": [ - "3.1" - ], - "GxP-EU-Annex-11": [ - "1-risk-management", - "4.2-validation-documentation-change-control" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Logging.CN05.AR01", - "CCC.Core.CN08.AR01", - "CCC.Core.CN09.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR03" - ], - "GxP-21-CFR-Part-11": [ - "11.10-e", - "11.10-k", - "11.300-d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "CloudTrail.1" - ], - "CIS-1.5": [ - "3.1" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02", - "SEC04-BP03" - ], - "NIST-800-53-Revision-4": [ - "ac_2_4", - "ac_2", - "au_2", - "au_3", - "au_12", - "cm_2" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "CIS-2.0": [ - "3.1" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure CloudTrail is enabled in all regions", - "title": "Ensure CloudTrail is enabled in all regions", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled-211203495394-ap-northeast-2-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-northeast-2", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:ap-northeast-2:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-northeast-2" - }, - "remediation": { - "desc": "Ensure Logging is set to ON on all regions (even if they are not being used at the moment.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrailconcepts.html#cloudtrail-concepts-management-events" - ] - }, - "risk_details": "AWS CloudTrail is a web service that records AWS API calls for your account and delivers log files to you. The recorded information includes the identity of the API caller, the time of the API call, the source IP address of the API caller, the request parameters, and the response elements returned by the AWS service.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled with logging were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled with logging were found.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_12", - "3_3_1", - "3_3_2", - "3_3_3", - "3_4_1", - "3_6_1", - "3_6_2", - "3_13_1", - "3_13_2", - "3_14_6", - "3_14_7" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_4" - ], - "HIPAA": [ - "164_308_a_1_ii_d", - "164_308_a_3_ii_a", - "164_308_a_6_ii", - "164_312_b", - "164_312_e_2_i" - ], - "SOC2": [ - "cc_2_1", - "cc_7_2", - "cc_a_1_1" - ], - "C5-2025": [ - "OIS-05.01B", - "OIS-05.02B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-15.03B", - "IAM-07.04B", - "DEV-08.02B", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-12.03AC" - ], - "NIST-CSF-1.1": [ - "ae_1", - "ae_3", - "ae_4", - "cm_1", - "cm_3", - "cm_6", - "cm_7", - "am_3", - "ac_6", - "ds_5", - "ma_2", - "pt_1" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-4", - "ac-2-g", - "au-2-a-d", - "au-3", - "au-6-1-3", - "au-12-a-c", - "ca-7-a-b", - "si-4-16", - "si-4-2", - "si-4-4", - "si-4-5" - ], - "CIS-3.0": [ - "3.1" - ], - "NIST-800-53-Revision-5": [ - "ac_2_4", - "ac_3_1", - "ac_3_10", - "ac_4_26", - "ac_6_9", - "au_2_b", - "au_3_1", - "au_3_a", - "au_3_b", - "au_3_c", - "au_3_d", - "au_3_e", - "au_3_f", - "au_6_3", - "au_6_4", - "au_6_6", - "au_6_9", - "au_8_b", - "au_10", - "au_12_a", - "au_12_c", - "au_12_1", - "au_12_2", - "au_12_3", - "au_12_4", - "au_14_a", - "au_14_b", - "au_14_3", - "ca_7_b", - "cm_5_1_b", - "cm_6_a", - "cm_9_b", - "ia_3_3_b", - "ma_4_1_a", - "pm_14_a_1", - "pm_14_b", - "pm_31", - "sc_7_9_b", - "si_1_1_c", - "si_3_8_b", - "si_4_2", - "si_4_17", - "si_4_20", - "si_7_8", - "si_10_1_c" - ], - "ENS-RD2022": [ - "op.acc.6.r5.aws.iam.1", - "op.exp.5.aws.ct.1", - "op.exp.8.aws.ct.1", - "op.exp.8.aws.ct.6", - "op.exp.9.aws.ct.1", - "op.mon.1.aws.ct.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "CIS-4.0.1": [ - "3.1" - ], - "PCI-4.0": [ - "10.2.1.1.22", - "10.2.1.2.19", - "10.2.1.3.19", - "10.2.1.4.19", - "10.2.1.5.19", - "10.2.1.6.19", - "10.2.1.7.19", - "10.2.1.19", - "10.2.2.19", - "10.3.1.19", - "10.6.3.24", - "5.3.4.22", - "A1.2.1.23" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "au-2", - "ca-7" - ], - "FFIEC": [ - "d2-ma-ma-b-1", - "d2-ma-ma-b-2", - "d3-dc-an-b-3", - "d3-dc-an-b-4", - "d3-dc-an-b-5", - "d3-dc-ev-b-1", - "d3-dc-ev-b-3", - "d3-pc-im-b-3", - "d3-pc-im-b-7", - "d5-dr-de-b-3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "3.2", - "3.2.3", - "3.4", - "3.4.d", - "10.1", - "10.2", - "10.2.1", - "10.2.2", - "10.2.3", - "10.2.4", - "10.2.6", - "10.2.7", - "10.3", - "10.3.1", - "10.3.2", - "10.3.3", - "10.3.4", - "10.3.5", - "10.3.6", - "10.5", - "10.5.4" - ], - "CIS-5.0": [ - "3.1" - ], - "CIS-1.4": [ - "3.1" - ], - "GxP-EU-Annex-11": [ - "1-risk-management", - "4.2-validation-documentation-change-control" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Logging.CN05.AR01", - "CCC.Core.CN08.AR01", - "CCC.Core.CN09.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR03" - ], - "GxP-21-CFR-Part-11": [ - "11.10-e", - "11.10-k", - "11.300-d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "CloudTrail.1" - ], - "CIS-1.5": [ - "3.1" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02", - "SEC04-BP03" - ], - "NIST-800-53-Revision-4": [ - "ac_2_4", - "ac_2", - "au_2", - "au_3", - "au_12", - "cm_2" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "CIS-2.0": [ - "3.1" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure CloudTrail is enabled in all regions", - "title": "Ensure CloudTrail is enabled in all regions", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled-211203495394-ap-northeast-3-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-northeast-3", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:ap-northeast-3:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-northeast-3" - }, - "remediation": { - "desc": "Ensure Logging is set to ON on all regions (even if they are not being used at the moment.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrailconcepts.html#cloudtrail-concepts-management-events" - ] - }, - "risk_details": "AWS CloudTrail is a web service that records AWS API calls for your account and delivers log files to you. The recorded information includes the identity of the API caller, the time of the API call, the source IP address of the API caller, the request parameters, and the response elements returned by the AWS service.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled with logging were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled with logging were found.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_12", - "3_3_1", - "3_3_2", - "3_3_3", - "3_4_1", - "3_6_1", - "3_6_2", - "3_13_1", - "3_13_2", - "3_14_6", - "3_14_7" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_4" - ], - "HIPAA": [ - "164_308_a_1_ii_d", - "164_308_a_3_ii_a", - "164_308_a_6_ii", - "164_312_b", - "164_312_e_2_i" - ], - "SOC2": [ - "cc_2_1", - "cc_7_2", - "cc_a_1_1" - ], - "C5-2025": [ - "OIS-05.01B", - "OIS-05.02B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-15.03B", - "IAM-07.04B", - "DEV-08.02B", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-12.03AC" - ], - "NIST-CSF-1.1": [ - "ae_1", - "ae_3", - "ae_4", - "cm_1", - "cm_3", - "cm_6", - "cm_7", - "am_3", - "ac_6", - "ds_5", - "ma_2", - "pt_1" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-4", - "ac-2-g", - "au-2-a-d", - "au-3", - "au-6-1-3", - "au-12-a-c", - "ca-7-a-b", - "si-4-16", - "si-4-2", - "si-4-4", - "si-4-5" - ], - "CIS-3.0": [ - "3.1" - ], - "NIST-800-53-Revision-5": [ - "ac_2_4", - "ac_3_1", - "ac_3_10", - "ac_4_26", - "ac_6_9", - "au_2_b", - "au_3_1", - "au_3_a", - "au_3_b", - "au_3_c", - "au_3_d", - "au_3_e", - "au_3_f", - "au_6_3", - "au_6_4", - "au_6_6", - "au_6_9", - "au_8_b", - "au_10", - "au_12_a", - "au_12_c", - "au_12_1", - "au_12_2", - "au_12_3", - "au_12_4", - "au_14_a", - "au_14_b", - "au_14_3", - "ca_7_b", - "cm_5_1_b", - "cm_6_a", - "cm_9_b", - "ia_3_3_b", - "ma_4_1_a", - "pm_14_a_1", - "pm_14_b", - "pm_31", - "sc_7_9_b", - "si_1_1_c", - "si_3_8_b", - "si_4_2", - "si_4_17", - "si_4_20", - "si_7_8", - "si_10_1_c" - ], - "ENS-RD2022": [ - "op.acc.6.r5.aws.iam.1", - "op.exp.5.aws.ct.1", - "op.exp.8.aws.ct.1", - "op.exp.8.aws.ct.6", - "op.exp.9.aws.ct.1", - "op.mon.1.aws.ct.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "CIS-4.0.1": [ - "3.1" - ], - "PCI-4.0": [ - "10.2.1.1.22", - "10.2.1.2.19", - "10.2.1.3.19", - "10.2.1.4.19", - "10.2.1.5.19", - "10.2.1.6.19", - "10.2.1.7.19", - "10.2.1.19", - "10.2.2.19", - "10.3.1.19", - "10.6.3.24", - "5.3.4.22", - "A1.2.1.23" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "au-2", - "ca-7" - ], - "FFIEC": [ - "d2-ma-ma-b-1", - "d2-ma-ma-b-2", - "d3-dc-an-b-3", - "d3-dc-an-b-4", - "d3-dc-an-b-5", - "d3-dc-ev-b-1", - "d3-dc-ev-b-3", - "d3-pc-im-b-3", - "d3-pc-im-b-7", - "d5-dr-de-b-3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "3.2", - "3.2.3", - "3.4", - "3.4.d", - "10.1", - "10.2", - "10.2.1", - "10.2.2", - "10.2.3", - "10.2.4", - "10.2.6", - "10.2.7", - "10.3", - "10.3.1", - "10.3.2", - "10.3.3", - "10.3.4", - "10.3.5", - "10.3.6", - "10.5", - "10.5.4" - ], - "CIS-5.0": [ - "3.1" - ], - "CIS-1.4": [ - "3.1" - ], - "GxP-EU-Annex-11": [ - "1-risk-management", - "4.2-validation-documentation-change-control" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Logging.CN05.AR01", - "CCC.Core.CN08.AR01", - "CCC.Core.CN09.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR03" - ], - "GxP-21-CFR-Part-11": [ - "11.10-e", - "11.10-k", - "11.300-d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "CloudTrail.1" - ], - "CIS-1.5": [ - "3.1" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02", - "SEC04-BP03" - ], - "NIST-800-53-Revision-4": [ - "ac_2_4", - "ac_2", - "au_2", - "au_3", - "au_12", - "cm_2" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "CIS-2.0": [ - "3.1" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure CloudTrail is enabled in all regions", - "title": "Ensure CloudTrail is enabled in all regions", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled-211203495394-ap-south-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-south-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:ap-south-1:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-south-1" - }, - "remediation": { - "desc": "Ensure Logging is set to ON on all regions (even if they are not being used at the moment.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrailconcepts.html#cloudtrail-concepts-management-events" - ] - }, - "risk_details": "AWS CloudTrail is a web service that records AWS API calls for your account and delivers log files to you. The recorded information includes the identity of the API caller, the time of the API call, the source IP address of the API caller, the request parameters, and the response elements returned by the AWS service.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled with logging were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled with logging were found.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_12", - "3_3_1", - "3_3_2", - "3_3_3", - "3_4_1", - "3_6_1", - "3_6_2", - "3_13_1", - "3_13_2", - "3_14_6", - "3_14_7" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_4" - ], - "HIPAA": [ - "164_308_a_1_ii_d", - "164_308_a_3_ii_a", - "164_308_a_6_ii", - "164_312_b", - "164_312_e_2_i" - ], - "SOC2": [ - "cc_2_1", - "cc_7_2", - "cc_a_1_1" - ], - "C5-2025": [ - "OIS-05.01B", - "OIS-05.02B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-15.03B", - "IAM-07.04B", - "DEV-08.02B", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-12.03AC" - ], - "NIST-CSF-1.1": [ - "ae_1", - "ae_3", - "ae_4", - "cm_1", - "cm_3", - "cm_6", - "cm_7", - "am_3", - "ac_6", - "ds_5", - "ma_2", - "pt_1" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-4", - "ac-2-g", - "au-2-a-d", - "au-3", - "au-6-1-3", - "au-12-a-c", - "ca-7-a-b", - "si-4-16", - "si-4-2", - "si-4-4", - "si-4-5" - ], - "CIS-3.0": [ - "3.1" - ], - "NIST-800-53-Revision-5": [ - "ac_2_4", - "ac_3_1", - "ac_3_10", - "ac_4_26", - "ac_6_9", - "au_2_b", - "au_3_1", - "au_3_a", - "au_3_b", - "au_3_c", - "au_3_d", - "au_3_e", - "au_3_f", - "au_6_3", - "au_6_4", - "au_6_6", - "au_6_9", - "au_8_b", - "au_10", - "au_12_a", - "au_12_c", - "au_12_1", - "au_12_2", - "au_12_3", - "au_12_4", - "au_14_a", - "au_14_b", - "au_14_3", - "ca_7_b", - "cm_5_1_b", - "cm_6_a", - "cm_9_b", - "ia_3_3_b", - "ma_4_1_a", - "pm_14_a_1", - "pm_14_b", - "pm_31", - "sc_7_9_b", - "si_1_1_c", - "si_3_8_b", - "si_4_2", - "si_4_17", - "si_4_20", - "si_7_8", - "si_10_1_c" - ], - "ENS-RD2022": [ - "op.acc.6.r5.aws.iam.1", - "op.exp.5.aws.ct.1", - "op.exp.8.aws.ct.1", - "op.exp.8.aws.ct.6", - "op.exp.9.aws.ct.1", - "op.mon.1.aws.ct.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "CIS-4.0.1": [ - "3.1" - ], - "PCI-4.0": [ - "10.2.1.1.22", - "10.2.1.2.19", - "10.2.1.3.19", - "10.2.1.4.19", - "10.2.1.5.19", - "10.2.1.6.19", - "10.2.1.7.19", - "10.2.1.19", - "10.2.2.19", - "10.3.1.19", - "10.6.3.24", - "5.3.4.22", - "A1.2.1.23" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "au-2", - "ca-7" - ], - "FFIEC": [ - "d2-ma-ma-b-1", - "d2-ma-ma-b-2", - "d3-dc-an-b-3", - "d3-dc-an-b-4", - "d3-dc-an-b-5", - "d3-dc-ev-b-1", - "d3-dc-ev-b-3", - "d3-pc-im-b-3", - "d3-pc-im-b-7", - "d5-dr-de-b-3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "3.2", - "3.2.3", - "3.4", - "3.4.d", - "10.1", - "10.2", - "10.2.1", - "10.2.2", - "10.2.3", - "10.2.4", - "10.2.6", - "10.2.7", - "10.3", - "10.3.1", - "10.3.2", - "10.3.3", - "10.3.4", - "10.3.5", - "10.3.6", - "10.5", - "10.5.4" - ], - "CIS-5.0": [ - "3.1" - ], - "CIS-1.4": [ - "3.1" - ], - "GxP-EU-Annex-11": [ - "1-risk-management", - "4.2-validation-documentation-change-control" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Logging.CN05.AR01", - "CCC.Core.CN08.AR01", - "CCC.Core.CN09.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR03" - ], - "GxP-21-CFR-Part-11": [ - "11.10-e", - "11.10-k", - "11.300-d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "CloudTrail.1" - ], - "CIS-1.5": [ - "3.1" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02", - "SEC04-BP03" - ], - "NIST-800-53-Revision-4": [ - "ac_2_4", - "ac_2", - "au_2", - "au_3", - "au_12", - "cm_2" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "CIS-2.0": [ - "3.1" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure CloudTrail is enabled in all regions", - "title": "Ensure CloudTrail is enabled in all regions", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled-211203495394-ap-southeast-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-southeast-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:ap-southeast-1:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-southeast-1" - }, - "remediation": { - "desc": "Ensure Logging is set to ON on all regions (even if they are not being used at the moment.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrailconcepts.html#cloudtrail-concepts-management-events" - ] - }, - "risk_details": "AWS CloudTrail is a web service that records AWS API calls for your account and delivers log files to you. The recorded information includes the identity of the API caller, the time of the API call, the source IP address of the API caller, the request parameters, and the response elements returned by the AWS service.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled with logging were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled with logging were found.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_12", - "3_3_1", - "3_3_2", - "3_3_3", - "3_4_1", - "3_6_1", - "3_6_2", - "3_13_1", - "3_13_2", - "3_14_6", - "3_14_7" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_4" - ], - "HIPAA": [ - "164_308_a_1_ii_d", - "164_308_a_3_ii_a", - "164_308_a_6_ii", - "164_312_b", - "164_312_e_2_i" - ], - "SOC2": [ - "cc_2_1", - "cc_7_2", - "cc_a_1_1" - ], - "C5-2025": [ - "OIS-05.01B", - "OIS-05.02B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-15.03B", - "IAM-07.04B", - "DEV-08.02B", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-12.03AC" - ], - "NIST-CSF-1.1": [ - "ae_1", - "ae_3", - "ae_4", - "cm_1", - "cm_3", - "cm_6", - "cm_7", - "am_3", - "ac_6", - "ds_5", - "ma_2", - "pt_1" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-4", - "ac-2-g", - "au-2-a-d", - "au-3", - "au-6-1-3", - "au-12-a-c", - "ca-7-a-b", - "si-4-16", - "si-4-2", - "si-4-4", - "si-4-5" - ], - "CIS-3.0": [ - "3.1" - ], - "NIST-800-53-Revision-5": [ - "ac_2_4", - "ac_3_1", - "ac_3_10", - "ac_4_26", - "ac_6_9", - "au_2_b", - "au_3_1", - "au_3_a", - "au_3_b", - "au_3_c", - "au_3_d", - "au_3_e", - "au_3_f", - "au_6_3", - "au_6_4", - "au_6_6", - "au_6_9", - "au_8_b", - "au_10", - "au_12_a", - "au_12_c", - "au_12_1", - "au_12_2", - "au_12_3", - "au_12_4", - "au_14_a", - "au_14_b", - "au_14_3", - "ca_7_b", - "cm_5_1_b", - "cm_6_a", - "cm_9_b", - "ia_3_3_b", - "ma_4_1_a", - "pm_14_a_1", - "pm_14_b", - "pm_31", - "sc_7_9_b", - "si_1_1_c", - "si_3_8_b", - "si_4_2", - "si_4_17", - "si_4_20", - "si_7_8", - "si_10_1_c" - ], - "ENS-RD2022": [ - "op.acc.6.r5.aws.iam.1", - "op.exp.5.aws.ct.1", - "op.exp.8.aws.ct.1", - "op.exp.8.aws.ct.6", - "op.exp.9.aws.ct.1", - "op.mon.1.aws.ct.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "CIS-4.0.1": [ - "3.1" - ], - "PCI-4.0": [ - "10.2.1.1.22", - "10.2.1.2.19", - "10.2.1.3.19", - "10.2.1.4.19", - "10.2.1.5.19", - "10.2.1.6.19", - "10.2.1.7.19", - "10.2.1.19", - "10.2.2.19", - "10.3.1.19", - "10.6.3.24", - "5.3.4.22", - "A1.2.1.23" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "au-2", - "ca-7" - ], - "FFIEC": [ - "d2-ma-ma-b-1", - "d2-ma-ma-b-2", - "d3-dc-an-b-3", - "d3-dc-an-b-4", - "d3-dc-an-b-5", - "d3-dc-ev-b-1", - "d3-dc-ev-b-3", - "d3-pc-im-b-3", - "d3-pc-im-b-7", - "d5-dr-de-b-3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "3.2", - "3.2.3", - "3.4", - "3.4.d", - "10.1", - "10.2", - "10.2.1", - "10.2.2", - "10.2.3", - "10.2.4", - "10.2.6", - "10.2.7", - "10.3", - "10.3.1", - "10.3.2", - "10.3.3", - "10.3.4", - "10.3.5", - "10.3.6", - "10.5", - "10.5.4" - ], - "CIS-5.0": [ - "3.1" - ], - "CIS-1.4": [ - "3.1" - ], - "GxP-EU-Annex-11": [ - "1-risk-management", - "4.2-validation-documentation-change-control" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Logging.CN05.AR01", - "CCC.Core.CN08.AR01", - "CCC.Core.CN09.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR03" - ], - "GxP-21-CFR-Part-11": [ - "11.10-e", - "11.10-k", - "11.300-d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "CloudTrail.1" - ], - "CIS-1.5": [ - "3.1" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02", - "SEC04-BP03" - ], - "NIST-800-53-Revision-4": [ - "ac_2_4", - "ac_2", - "au_2", - "au_3", - "au_12", - "cm_2" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "CIS-2.0": [ - "3.1" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure CloudTrail is enabled in all regions", - "title": "Ensure CloudTrail is enabled in all regions", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled-211203495394-ap-southeast-2-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-southeast-2", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:ap-southeast-2:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-southeast-2" - }, - "remediation": { - "desc": "Ensure Logging is set to ON on all regions (even if they are not being used at the moment.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrailconcepts.html#cloudtrail-concepts-management-events" - ] - }, - "risk_details": "AWS CloudTrail is a web service that records AWS API calls for your account and delivers log files to you. The recorded information includes the identity of the API caller, the time of the API call, the source IP address of the API caller, the request parameters, and the response elements returned by the AWS service.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled with logging were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled with logging were found.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_12", - "3_3_1", - "3_3_2", - "3_3_3", - "3_4_1", - "3_6_1", - "3_6_2", - "3_13_1", - "3_13_2", - "3_14_6", - "3_14_7" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_4" - ], - "HIPAA": [ - "164_308_a_1_ii_d", - "164_308_a_3_ii_a", - "164_308_a_6_ii", - "164_312_b", - "164_312_e_2_i" - ], - "SOC2": [ - "cc_2_1", - "cc_7_2", - "cc_a_1_1" - ], - "C5-2025": [ - "OIS-05.01B", - "OIS-05.02B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-15.03B", - "IAM-07.04B", - "DEV-08.02B", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-12.03AC" - ], - "NIST-CSF-1.1": [ - "ae_1", - "ae_3", - "ae_4", - "cm_1", - "cm_3", - "cm_6", - "cm_7", - "am_3", - "ac_6", - "ds_5", - "ma_2", - "pt_1" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-4", - "ac-2-g", - "au-2-a-d", - "au-3", - "au-6-1-3", - "au-12-a-c", - "ca-7-a-b", - "si-4-16", - "si-4-2", - "si-4-4", - "si-4-5" - ], - "CIS-3.0": [ - "3.1" - ], - "NIST-800-53-Revision-5": [ - "ac_2_4", - "ac_3_1", - "ac_3_10", - "ac_4_26", - "ac_6_9", - "au_2_b", - "au_3_1", - "au_3_a", - "au_3_b", - "au_3_c", - "au_3_d", - "au_3_e", - "au_3_f", - "au_6_3", - "au_6_4", - "au_6_6", - "au_6_9", - "au_8_b", - "au_10", - "au_12_a", - "au_12_c", - "au_12_1", - "au_12_2", - "au_12_3", - "au_12_4", - "au_14_a", - "au_14_b", - "au_14_3", - "ca_7_b", - "cm_5_1_b", - "cm_6_a", - "cm_9_b", - "ia_3_3_b", - "ma_4_1_a", - "pm_14_a_1", - "pm_14_b", - "pm_31", - "sc_7_9_b", - "si_1_1_c", - "si_3_8_b", - "si_4_2", - "si_4_17", - "si_4_20", - "si_7_8", - "si_10_1_c" - ], - "ENS-RD2022": [ - "op.acc.6.r5.aws.iam.1", - "op.exp.5.aws.ct.1", - "op.exp.8.aws.ct.1", - "op.exp.8.aws.ct.6", - "op.exp.9.aws.ct.1", - "op.mon.1.aws.ct.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "CIS-4.0.1": [ - "3.1" - ], - "PCI-4.0": [ - "10.2.1.1.22", - "10.2.1.2.19", - "10.2.1.3.19", - "10.2.1.4.19", - "10.2.1.5.19", - "10.2.1.6.19", - "10.2.1.7.19", - "10.2.1.19", - "10.2.2.19", - "10.3.1.19", - "10.6.3.24", - "5.3.4.22", - "A1.2.1.23" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "au-2", - "ca-7" - ], - "FFIEC": [ - "d2-ma-ma-b-1", - "d2-ma-ma-b-2", - "d3-dc-an-b-3", - "d3-dc-an-b-4", - "d3-dc-an-b-5", - "d3-dc-ev-b-1", - "d3-dc-ev-b-3", - "d3-pc-im-b-3", - "d3-pc-im-b-7", - "d5-dr-de-b-3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "3.2", - "3.2.3", - "3.4", - "3.4.d", - "10.1", - "10.2", - "10.2.1", - "10.2.2", - "10.2.3", - "10.2.4", - "10.2.6", - "10.2.7", - "10.3", - "10.3.1", - "10.3.2", - "10.3.3", - "10.3.4", - "10.3.5", - "10.3.6", - "10.5", - "10.5.4" - ], - "CIS-5.0": [ - "3.1" - ], - "CIS-1.4": [ - "3.1" - ], - "GxP-EU-Annex-11": [ - "1-risk-management", - "4.2-validation-documentation-change-control" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Logging.CN05.AR01", - "CCC.Core.CN08.AR01", - "CCC.Core.CN09.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR03" - ], - "GxP-21-CFR-Part-11": [ - "11.10-e", - "11.10-k", - "11.300-d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "CloudTrail.1" - ], - "CIS-1.5": [ - "3.1" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02", - "SEC04-BP03" - ], - "NIST-800-53-Revision-4": [ - "ac_2_4", - "ac_2", - "au_2", - "au_3", - "au_12", - "cm_2" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "CIS-2.0": [ - "3.1" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure CloudTrail is enabled in all regions", - "title": "Ensure CloudTrail is enabled in all regions", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled-211203495394-ca-central-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ca-central-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:ca-central-1:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ca-central-1" - }, - "remediation": { - "desc": "Ensure Logging is set to ON on all regions (even if they are not being used at the moment.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrailconcepts.html#cloudtrail-concepts-management-events" - ] - }, - "risk_details": "AWS CloudTrail is a web service that records AWS API calls for your account and delivers log files to you. The recorded information includes the identity of the API caller, the time of the API call, the source IP address of the API caller, the request parameters, and the response elements returned by the AWS service.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled with logging were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled with logging were found.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_12", - "3_3_1", - "3_3_2", - "3_3_3", - "3_4_1", - "3_6_1", - "3_6_2", - "3_13_1", - "3_13_2", - "3_14_6", - "3_14_7" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_4" - ], - "HIPAA": [ - "164_308_a_1_ii_d", - "164_308_a_3_ii_a", - "164_308_a_6_ii", - "164_312_b", - "164_312_e_2_i" - ], - "SOC2": [ - "cc_2_1", - "cc_7_2", - "cc_a_1_1" - ], - "C5-2025": [ - "OIS-05.01B", - "OIS-05.02B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-15.03B", - "IAM-07.04B", - "DEV-08.02B", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-12.03AC" - ], - "NIST-CSF-1.1": [ - "ae_1", - "ae_3", - "ae_4", - "cm_1", - "cm_3", - "cm_6", - "cm_7", - "am_3", - "ac_6", - "ds_5", - "ma_2", - "pt_1" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-4", - "ac-2-g", - "au-2-a-d", - "au-3", - "au-6-1-3", - "au-12-a-c", - "ca-7-a-b", - "si-4-16", - "si-4-2", - "si-4-4", - "si-4-5" - ], - "CIS-3.0": [ - "3.1" - ], - "NIST-800-53-Revision-5": [ - "ac_2_4", - "ac_3_1", - "ac_3_10", - "ac_4_26", - "ac_6_9", - "au_2_b", - "au_3_1", - "au_3_a", - "au_3_b", - "au_3_c", - "au_3_d", - "au_3_e", - "au_3_f", - "au_6_3", - "au_6_4", - "au_6_6", - "au_6_9", - "au_8_b", - "au_10", - "au_12_a", - "au_12_c", - "au_12_1", - "au_12_2", - "au_12_3", - "au_12_4", - "au_14_a", - "au_14_b", - "au_14_3", - "ca_7_b", - "cm_5_1_b", - "cm_6_a", - "cm_9_b", - "ia_3_3_b", - "ma_4_1_a", - "pm_14_a_1", - "pm_14_b", - "pm_31", - "sc_7_9_b", - "si_1_1_c", - "si_3_8_b", - "si_4_2", - "si_4_17", - "si_4_20", - "si_7_8", - "si_10_1_c" - ], - "ENS-RD2022": [ - "op.acc.6.r5.aws.iam.1", - "op.exp.5.aws.ct.1", - "op.exp.8.aws.ct.1", - "op.exp.8.aws.ct.6", - "op.exp.9.aws.ct.1", - "op.mon.1.aws.ct.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "CIS-4.0.1": [ - "3.1" - ], - "PCI-4.0": [ - "10.2.1.1.22", - "10.2.1.2.19", - "10.2.1.3.19", - "10.2.1.4.19", - "10.2.1.5.19", - "10.2.1.6.19", - "10.2.1.7.19", - "10.2.1.19", - "10.2.2.19", - "10.3.1.19", - "10.6.3.24", - "5.3.4.22", - "A1.2.1.23" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "au-2", - "ca-7" - ], - "FFIEC": [ - "d2-ma-ma-b-1", - "d2-ma-ma-b-2", - "d3-dc-an-b-3", - "d3-dc-an-b-4", - "d3-dc-an-b-5", - "d3-dc-ev-b-1", - "d3-dc-ev-b-3", - "d3-pc-im-b-3", - "d3-pc-im-b-7", - "d5-dr-de-b-3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "3.2", - "3.2.3", - "3.4", - "3.4.d", - "10.1", - "10.2", - "10.2.1", - "10.2.2", - "10.2.3", - "10.2.4", - "10.2.6", - "10.2.7", - "10.3", - "10.3.1", - "10.3.2", - "10.3.3", - "10.3.4", - "10.3.5", - "10.3.6", - "10.5", - "10.5.4" - ], - "CIS-5.0": [ - "3.1" - ], - "CIS-1.4": [ - "3.1" - ], - "GxP-EU-Annex-11": [ - "1-risk-management", - "4.2-validation-documentation-change-control" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Logging.CN05.AR01", - "CCC.Core.CN08.AR01", - "CCC.Core.CN09.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR03" - ], - "GxP-21-CFR-Part-11": [ - "11.10-e", - "11.10-k", - "11.300-d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "CloudTrail.1" - ], - "CIS-1.5": [ - "3.1" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02", - "SEC04-BP03" - ], - "NIST-800-53-Revision-4": [ - "ac_2_4", - "ac_2", - "au_2", - "au_3", - "au_12", - "cm_2" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "CIS-2.0": [ - "3.1" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure CloudTrail is enabled in all regions", - "title": "Ensure CloudTrail is enabled in all regions", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled-211203495394-eu-central-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-central-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:eu-central-1:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-central-1" - }, - "remediation": { - "desc": "Ensure Logging is set to ON on all regions (even if they are not being used at the moment.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrailconcepts.html#cloudtrail-concepts-management-events" - ] - }, - "risk_details": "AWS CloudTrail is a web service that records AWS API calls for your account and delivers log files to you. The recorded information includes the identity of the API caller, the time of the API call, the source IP address of the API caller, the request parameters, and the response elements returned by the AWS service.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled with logging were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled with logging were found.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_12", - "3_3_1", - "3_3_2", - "3_3_3", - "3_4_1", - "3_6_1", - "3_6_2", - "3_13_1", - "3_13_2", - "3_14_6", - "3_14_7" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_4" - ], - "HIPAA": [ - "164_308_a_1_ii_d", - "164_308_a_3_ii_a", - "164_308_a_6_ii", - "164_312_b", - "164_312_e_2_i" - ], - "SOC2": [ - "cc_2_1", - "cc_7_2", - "cc_a_1_1" - ], - "C5-2025": [ - "OIS-05.01B", - "OIS-05.02B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-15.03B", - "IAM-07.04B", - "DEV-08.02B", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-12.03AC" - ], - "NIST-CSF-1.1": [ - "ae_1", - "ae_3", - "ae_4", - "cm_1", - "cm_3", - "cm_6", - "cm_7", - "am_3", - "ac_6", - "ds_5", - "ma_2", - "pt_1" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-4", - "ac-2-g", - "au-2-a-d", - "au-3", - "au-6-1-3", - "au-12-a-c", - "ca-7-a-b", - "si-4-16", - "si-4-2", - "si-4-4", - "si-4-5" - ], - "CIS-3.0": [ - "3.1" - ], - "NIST-800-53-Revision-5": [ - "ac_2_4", - "ac_3_1", - "ac_3_10", - "ac_4_26", - "ac_6_9", - "au_2_b", - "au_3_1", - "au_3_a", - "au_3_b", - "au_3_c", - "au_3_d", - "au_3_e", - "au_3_f", - "au_6_3", - "au_6_4", - "au_6_6", - "au_6_9", - "au_8_b", - "au_10", - "au_12_a", - "au_12_c", - "au_12_1", - "au_12_2", - "au_12_3", - "au_12_4", - "au_14_a", - "au_14_b", - "au_14_3", - "ca_7_b", - "cm_5_1_b", - "cm_6_a", - "cm_9_b", - "ia_3_3_b", - "ma_4_1_a", - "pm_14_a_1", - "pm_14_b", - "pm_31", - "sc_7_9_b", - "si_1_1_c", - "si_3_8_b", - "si_4_2", - "si_4_17", - "si_4_20", - "si_7_8", - "si_10_1_c" - ], - "ENS-RD2022": [ - "op.acc.6.r5.aws.iam.1", - "op.exp.5.aws.ct.1", - "op.exp.8.aws.ct.1", - "op.exp.8.aws.ct.6", - "op.exp.9.aws.ct.1", - "op.mon.1.aws.ct.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "CIS-4.0.1": [ - "3.1" - ], - "PCI-4.0": [ - "10.2.1.1.22", - "10.2.1.2.19", - "10.2.1.3.19", - "10.2.1.4.19", - "10.2.1.5.19", - "10.2.1.6.19", - "10.2.1.7.19", - "10.2.1.19", - "10.2.2.19", - "10.3.1.19", - "10.6.3.24", - "5.3.4.22", - "A1.2.1.23" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "au-2", - "ca-7" - ], - "FFIEC": [ - "d2-ma-ma-b-1", - "d2-ma-ma-b-2", - "d3-dc-an-b-3", - "d3-dc-an-b-4", - "d3-dc-an-b-5", - "d3-dc-ev-b-1", - "d3-dc-ev-b-3", - "d3-pc-im-b-3", - "d3-pc-im-b-7", - "d5-dr-de-b-3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "3.2", - "3.2.3", - "3.4", - "3.4.d", - "10.1", - "10.2", - "10.2.1", - "10.2.2", - "10.2.3", - "10.2.4", - "10.2.6", - "10.2.7", - "10.3", - "10.3.1", - "10.3.2", - "10.3.3", - "10.3.4", - "10.3.5", - "10.3.6", - "10.5", - "10.5.4" - ], - "CIS-5.0": [ - "3.1" - ], - "CIS-1.4": [ - "3.1" - ], - "GxP-EU-Annex-11": [ - "1-risk-management", - "4.2-validation-documentation-change-control" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Logging.CN05.AR01", - "CCC.Core.CN08.AR01", - "CCC.Core.CN09.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR03" - ], - "GxP-21-CFR-Part-11": [ - "11.10-e", - "11.10-k", - "11.300-d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "CloudTrail.1" - ], - "CIS-1.5": [ - "3.1" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02", - "SEC04-BP03" - ], - "NIST-800-53-Revision-4": [ - "ac_2_4", - "ac_2", - "au_2", - "au_3", - "au_12", - "cm_2" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "CIS-2.0": [ - "3.1" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure CloudTrail is enabled in all regions", - "title": "Ensure CloudTrail is enabled in all regions", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled-211203495394-eu-north-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-north-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:eu-north-1:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-north-1" - }, - "remediation": { - "desc": "Ensure Logging is set to ON on all regions (even if they are not being used at the moment.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrailconcepts.html#cloudtrail-concepts-management-events" - ] - }, - "risk_details": "AWS CloudTrail is a web service that records AWS API calls for your account and delivers log files to you. The recorded information includes the identity of the API caller, the time of the API call, the source IP address of the API caller, the request parameters, and the response elements returned by the AWS service.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled with logging were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled with logging were found.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_12", - "3_3_1", - "3_3_2", - "3_3_3", - "3_4_1", - "3_6_1", - "3_6_2", - "3_13_1", - "3_13_2", - "3_14_6", - "3_14_7" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_4" - ], - "HIPAA": [ - "164_308_a_1_ii_d", - "164_308_a_3_ii_a", - "164_308_a_6_ii", - "164_312_b", - "164_312_e_2_i" - ], - "SOC2": [ - "cc_2_1", - "cc_7_2", - "cc_a_1_1" - ], - "C5-2025": [ - "OIS-05.01B", - "OIS-05.02B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-15.03B", - "IAM-07.04B", - "DEV-08.02B", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-12.03AC" - ], - "NIST-CSF-1.1": [ - "ae_1", - "ae_3", - "ae_4", - "cm_1", - "cm_3", - "cm_6", - "cm_7", - "am_3", - "ac_6", - "ds_5", - "ma_2", - "pt_1" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-4", - "ac-2-g", - "au-2-a-d", - "au-3", - "au-6-1-3", - "au-12-a-c", - "ca-7-a-b", - "si-4-16", - "si-4-2", - "si-4-4", - "si-4-5" - ], - "CIS-3.0": [ - "3.1" - ], - "NIST-800-53-Revision-5": [ - "ac_2_4", - "ac_3_1", - "ac_3_10", - "ac_4_26", - "ac_6_9", - "au_2_b", - "au_3_1", - "au_3_a", - "au_3_b", - "au_3_c", - "au_3_d", - "au_3_e", - "au_3_f", - "au_6_3", - "au_6_4", - "au_6_6", - "au_6_9", - "au_8_b", - "au_10", - "au_12_a", - "au_12_c", - "au_12_1", - "au_12_2", - "au_12_3", - "au_12_4", - "au_14_a", - "au_14_b", - "au_14_3", - "ca_7_b", - "cm_5_1_b", - "cm_6_a", - "cm_9_b", - "ia_3_3_b", - "ma_4_1_a", - "pm_14_a_1", - "pm_14_b", - "pm_31", - "sc_7_9_b", - "si_1_1_c", - "si_3_8_b", - "si_4_2", - "si_4_17", - "si_4_20", - "si_7_8", - "si_10_1_c" - ], - "ENS-RD2022": [ - "op.acc.6.r5.aws.iam.1", - "op.exp.5.aws.ct.1", - "op.exp.8.aws.ct.1", - "op.exp.8.aws.ct.6", - "op.exp.9.aws.ct.1", - "op.mon.1.aws.ct.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "CIS-4.0.1": [ - "3.1" - ], - "PCI-4.0": [ - "10.2.1.1.22", - "10.2.1.2.19", - "10.2.1.3.19", - "10.2.1.4.19", - "10.2.1.5.19", - "10.2.1.6.19", - "10.2.1.7.19", - "10.2.1.19", - "10.2.2.19", - "10.3.1.19", - "10.6.3.24", - "5.3.4.22", - "A1.2.1.23" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "au-2", - "ca-7" - ], - "FFIEC": [ - "d2-ma-ma-b-1", - "d2-ma-ma-b-2", - "d3-dc-an-b-3", - "d3-dc-an-b-4", - "d3-dc-an-b-5", - "d3-dc-ev-b-1", - "d3-dc-ev-b-3", - "d3-pc-im-b-3", - "d3-pc-im-b-7", - "d5-dr-de-b-3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "3.2", - "3.2.3", - "3.4", - "3.4.d", - "10.1", - "10.2", - "10.2.1", - "10.2.2", - "10.2.3", - "10.2.4", - "10.2.6", - "10.2.7", - "10.3", - "10.3.1", - "10.3.2", - "10.3.3", - "10.3.4", - "10.3.5", - "10.3.6", - "10.5", - "10.5.4" - ], - "CIS-5.0": [ - "3.1" - ], - "CIS-1.4": [ - "3.1" - ], - "GxP-EU-Annex-11": [ - "1-risk-management", - "4.2-validation-documentation-change-control" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Logging.CN05.AR01", - "CCC.Core.CN08.AR01", - "CCC.Core.CN09.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR03" - ], - "GxP-21-CFR-Part-11": [ - "11.10-e", - "11.10-k", - "11.300-d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "CloudTrail.1" - ], - "CIS-1.5": [ - "3.1" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02", - "SEC04-BP03" - ], - "NIST-800-53-Revision-4": [ - "ac_2_4", - "ac_2", - "au_2", - "au_3", - "au_12", - "cm_2" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "CIS-2.0": [ - "3.1" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure CloudTrail is enabled in all regions", - "title": "Ensure CloudTrail is enabled in all regions", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled-211203495394-eu-west-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:eu-west-1:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Ensure Logging is set to ON on all regions (even if they are not being used at the moment.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrailconcepts.html#cloudtrail-concepts-management-events" - ] - }, - "risk_details": "AWS CloudTrail is a web service that records AWS API calls for your account and delivers log files to you. The recorded information includes the identity of the API caller, the time of the API call, the source IP address of the API caller, the request parameters, and the response elements returned by the AWS service.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled with logging were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled with logging were found.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_12", - "3_3_1", - "3_3_2", - "3_3_3", - "3_4_1", - "3_6_1", - "3_6_2", - "3_13_1", - "3_13_2", - "3_14_6", - "3_14_7" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_4" - ], - "HIPAA": [ - "164_308_a_1_ii_d", - "164_308_a_3_ii_a", - "164_308_a_6_ii", - "164_312_b", - "164_312_e_2_i" - ], - "SOC2": [ - "cc_2_1", - "cc_7_2", - "cc_a_1_1" - ], - "C5-2025": [ - "OIS-05.01B", - "OIS-05.02B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-15.03B", - "IAM-07.04B", - "DEV-08.02B", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-12.03AC" - ], - "NIST-CSF-1.1": [ - "ae_1", - "ae_3", - "ae_4", - "cm_1", - "cm_3", - "cm_6", - "cm_7", - "am_3", - "ac_6", - "ds_5", - "ma_2", - "pt_1" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-4", - "ac-2-g", - "au-2-a-d", - "au-3", - "au-6-1-3", - "au-12-a-c", - "ca-7-a-b", - "si-4-16", - "si-4-2", - "si-4-4", - "si-4-5" - ], - "CIS-3.0": [ - "3.1" - ], - "NIST-800-53-Revision-5": [ - "ac_2_4", - "ac_3_1", - "ac_3_10", - "ac_4_26", - "ac_6_9", - "au_2_b", - "au_3_1", - "au_3_a", - "au_3_b", - "au_3_c", - "au_3_d", - "au_3_e", - "au_3_f", - "au_6_3", - "au_6_4", - "au_6_6", - "au_6_9", - "au_8_b", - "au_10", - "au_12_a", - "au_12_c", - "au_12_1", - "au_12_2", - "au_12_3", - "au_12_4", - "au_14_a", - "au_14_b", - "au_14_3", - "ca_7_b", - "cm_5_1_b", - "cm_6_a", - "cm_9_b", - "ia_3_3_b", - "ma_4_1_a", - "pm_14_a_1", - "pm_14_b", - "pm_31", - "sc_7_9_b", - "si_1_1_c", - "si_3_8_b", - "si_4_2", - "si_4_17", - "si_4_20", - "si_7_8", - "si_10_1_c" - ], - "ENS-RD2022": [ - "op.acc.6.r5.aws.iam.1", - "op.exp.5.aws.ct.1", - "op.exp.8.aws.ct.1", - "op.exp.8.aws.ct.6", - "op.exp.9.aws.ct.1", - "op.mon.1.aws.ct.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "CIS-4.0.1": [ - "3.1" - ], - "PCI-4.0": [ - "10.2.1.1.22", - "10.2.1.2.19", - "10.2.1.3.19", - "10.2.1.4.19", - "10.2.1.5.19", - "10.2.1.6.19", - "10.2.1.7.19", - "10.2.1.19", - "10.2.2.19", - "10.3.1.19", - "10.6.3.24", - "5.3.4.22", - "A1.2.1.23" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "au-2", - "ca-7" - ], - "FFIEC": [ - "d2-ma-ma-b-1", - "d2-ma-ma-b-2", - "d3-dc-an-b-3", - "d3-dc-an-b-4", - "d3-dc-an-b-5", - "d3-dc-ev-b-1", - "d3-dc-ev-b-3", - "d3-pc-im-b-3", - "d3-pc-im-b-7", - "d5-dr-de-b-3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "3.2", - "3.2.3", - "3.4", - "3.4.d", - "10.1", - "10.2", - "10.2.1", - "10.2.2", - "10.2.3", - "10.2.4", - "10.2.6", - "10.2.7", - "10.3", - "10.3.1", - "10.3.2", - "10.3.3", - "10.3.4", - "10.3.5", - "10.3.6", - "10.5", - "10.5.4" - ], - "CIS-5.0": [ - "3.1" - ], - "CIS-1.4": [ - "3.1" - ], - "GxP-EU-Annex-11": [ - "1-risk-management", - "4.2-validation-documentation-change-control" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Logging.CN05.AR01", - "CCC.Core.CN08.AR01", - "CCC.Core.CN09.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR03" - ], - "GxP-21-CFR-Part-11": [ - "11.10-e", - "11.10-k", - "11.300-d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "CloudTrail.1" - ], - "CIS-1.5": [ - "3.1" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02", - "SEC04-BP03" - ], - "NIST-800-53-Revision-4": [ - "ac_2_4", - "ac_2", - "au_2", - "au_3", - "au_12", - "cm_2" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "CIS-2.0": [ - "3.1" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure CloudTrail is enabled in all regions", - "title": "Ensure CloudTrail is enabled in all regions", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled-211203495394-eu-west-2-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-2", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:eu-west-2:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-2" - }, - "remediation": { - "desc": "Ensure Logging is set to ON on all regions (even if they are not being used at the moment.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrailconcepts.html#cloudtrail-concepts-management-events" - ] - }, - "risk_details": "AWS CloudTrail is a web service that records AWS API calls for your account and delivers log files to you. The recorded information includes the identity of the API caller, the time of the API call, the source IP address of the API caller, the request parameters, and the response elements returned by the AWS service.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled with logging were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled with logging were found.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_12", - "3_3_1", - "3_3_2", - "3_3_3", - "3_4_1", - "3_6_1", - "3_6_2", - "3_13_1", - "3_13_2", - "3_14_6", - "3_14_7" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_4" - ], - "HIPAA": [ - "164_308_a_1_ii_d", - "164_308_a_3_ii_a", - "164_308_a_6_ii", - "164_312_b", - "164_312_e_2_i" - ], - "SOC2": [ - "cc_2_1", - "cc_7_2", - "cc_a_1_1" - ], - "C5-2025": [ - "OIS-05.01B", - "OIS-05.02B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-15.03B", - "IAM-07.04B", - "DEV-08.02B", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-12.03AC" - ], - "NIST-CSF-1.1": [ - "ae_1", - "ae_3", - "ae_4", - "cm_1", - "cm_3", - "cm_6", - "cm_7", - "am_3", - "ac_6", - "ds_5", - "ma_2", - "pt_1" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-4", - "ac-2-g", - "au-2-a-d", - "au-3", - "au-6-1-3", - "au-12-a-c", - "ca-7-a-b", - "si-4-16", - "si-4-2", - "si-4-4", - "si-4-5" - ], - "CIS-3.0": [ - "3.1" - ], - "NIST-800-53-Revision-5": [ - "ac_2_4", - "ac_3_1", - "ac_3_10", - "ac_4_26", - "ac_6_9", - "au_2_b", - "au_3_1", - "au_3_a", - "au_3_b", - "au_3_c", - "au_3_d", - "au_3_e", - "au_3_f", - "au_6_3", - "au_6_4", - "au_6_6", - "au_6_9", - "au_8_b", - "au_10", - "au_12_a", - "au_12_c", - "au_12_1", - "au_12_2", - "au_12_3", - "au_12_4", - "au_14_a", - "au_14_b", - "au_14_3", - "ca_7_b", - "cm_5_1_b", - "cm_6_a", - "cm_9_b", - "ia_3_3_b", - "ma_4_1_a", - "pm_14_a_1", - "pm_14_b", - "pm_31", - "sc_7_9_b", - "si_1_1_c", - "si_3_8_b", - "si_4_2", - "si_4_17", - "si_4_20", - "si_7_8", - "si_10_1_c" - ], - "ENS-RD2022": [ - "op.acc.6.r5.aws.iam.1", - "op.exp.5.aws.ct.1", - "op.exp.8.aws.ct.1", - "op.exp.8.aws.ct.6", - "op.exp.9.aws.ct.1", - "op.mon.1.aws.ct.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "CIS-4.0.1": [ - "3.1" - ], - "PCI-4.0": [ - "10.2.1.1.22", - "10.2.1.2.19", - "10.2.1.3.19", - "10.2.1.4.19", - "10.2.1.5.19", - "10.2.1.6.19", - "10.2.1.7.19", - "10.2.1.19", - "10.2.2.19", - "10.3.1.19", - "10.6.3.24", - "5.3.4.22", - "A1.2.1.23" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "au-2", - "ca-7" - ], - "FFIEC": [ - "d2-ma-ma-b-1", - "d2-ma-ma-b-2", - "d3-dc-an-b-3", - "d3-dc-an-b-4", - "d3-dc-an-b-5", - "d3-dc-ev-b-1", - "d3-dc-ev-b-3", - "d3-pc-im-b-3", - "d3-pc-im-b-7", - "d5-dr-de-b-3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "3.2", - "3.2.3", - "3.4", - "3.4.d", - "10.1", - "10.2", - "10.2.1", - "10.2.2", - "10.2.3", - "10.2.4", - "10.2.6", - "10.2.7", - "10.3", - "10.3.1", - "10.3.2", - "10.3.3", - "10.3.4", - "10.3.5", - "10.3.6", - "10.5", - "10.5.4" - ], - "CIS-5.0": [ - "3.1" - ], - "CIS-1.4": [ - "3.1" - ], - "GxP-EU-Annex-11": [ - "1-risk-management", - "4.2-validation-documentation-change-control" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Logging.CN05.AR01", - "CCC.Core.CN08.AR01", - "CCC.Core.CN09.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR03" - ], - "GxP-21-CFR-Part-11": [ - "11.10-e", - "11.10-k", - "11.300-d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "CloudTrail.1" - ], - "CIS-1.5": [ - "3.1" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02", - "SEC04-BP03" - ], - "NIST-800-53-Revision-4": [ - "ac_2_4", - "ac_2", - "au_2", - "au_3", - "au_12", - "cm_2" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "CIS-2.0": [ - "3.1" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure CloudTrail is enabled in all regions", - "title": "Ensure CloudTrail is enabled in all regions", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled-211203495394-eu-west-3-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-3", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:eu-west-3:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-3" - }, - "remediation": { - "desc": "Ensure Logging is set to ON on all regions (even if they are not being used at the moment.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrailconcepts.html#cloudtrail-concepts-management-events" - ] - }, - "risk_details": "AWS CloudTrail is a web service that records AWS API calls for your account and delivers log files to you. The recorded information includes the identity of the API caller, the time of the API call, the source IP address of the API caller, the request parameters, and the response elements returned by the AWS service.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled with logging were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled with logging were found.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_12", - "3_3_1", - "3_3_2", - "3_3_3", - "3_4_1", - "3_6_1", - "3_6_2", - "3_13_1", - "3_13_2", - "3_14_6", - "3_14_7" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_4" - ], - "HIPAA": [ - "164_308_a_1_ii_d", - "164_308_a_3_ii_a", - "164_308_a_6_ii", - "164_312_b", - "164_312_e_2_i" - ], - "SOC2": [ - "cc_2_1", - "cc_7_2", - "cc_a_1_1" - ], - "C5-2025": [ - "OIS-05.01B", - "OIS-05.02B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-15.03B", - "IAM-07.04B", - "DEV-08.02B", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-12.03AC" - ], - "NIST-CSF-1.1": [ - "ae_1", - "ae_3", - "ae_4", - "cm_1", - "cm_3", - "cm_6", - "cm_7", - "am_3", - "ac_6", - "ds_5", - "ma_2", - "pt_1" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-4", - "ac-2-g", - "au-2-a-d", - "au-3", - "au-6-1-3", - "au-12-a-c", - "ca-7-a-b", - "si-4-16", - "si-4-2", - "si-4-4", - "si-4-5" - ], - "CIS-3.0": [ - "3.1" - ], - "NIST-800-53-Revision-5": [ - "ac_2_4", - "ac_3_1", - "ac_3_10", - "ac_4_26", - "ac_6_9", - "au_2_b", - "au_3_1", - "au_3_a", - "au_3_b", - "au_3_c", - "au_3_d", - "au_3_e", - "au_3_f", - "au_6_3", - "au_6_4", - "au_6_6", - "au_6_9", - "au_8_b", - "au_10", - "au_12_a", - "au_12_c", - "au_12_1", - "au_12_2", - "au_12_3", - "au_12_4", - "au_14_a", - "au_14_b", - "au_14_3", - "ca_7_b", - "cm_5_1_b", - "cm_6_a", - "cm_9_b", - "ia_3_3_b", - "ma_4_1_a", - "pm_14_a_1", - "pm_14_b", - "pm_31", - "sc_7_9_b", - "si_1_1_c", - "si_3_8_b", - "si_4_2", - "si_4_17", - "si_4_20", - "si_7_8", - "si_10_1_c" - ], - "ENS-RD2022": [ - "op.acc.6.r5.aws.iam.1", - "op.exp.5.aws.ct.1", - "op.exp.8.aws.ct.1", - "op.exp.8.aws.ct.6", - "op.exp.9.aws.ct.1", - "op.mon.1.aws.ct.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "CIS-4.0.1": [ - "3.1" - ], - "PCI-4.0": [ - "10.2.1.1.22", - "10.2.1.2.19", - "10.2.1.3.19", - "10.2.1.4.19", - "10.2.1.5.19", - "10.2.1.6.19", - "10.2.1.7.19", - "10.2.1.19", - "10.2.2.19", - "10.3.1.19", - "10.6.3.24", - "5.3.4.22", - "A1.2.1.23" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "au-2", - "ca-7" - ], - "FFIEC": [ - "d2-ma-ma-b-1", - "d2-ma-ma-b-2", - "d3-dc-an-b-3", - "d3-dc-an-b-4", - "d3-dc-an-b-5", - "d3-dc-ev-b-1", - "d3-dc-ev-b-3", - "d3-pc-im-b-3", - "d3-pc-im-b-7", - "d5-dr-de-b-3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "3.2", - "3.2.3", - "3.4", - "3.4.d", - "10.1", - "10.2", - "10.2.1", - "10.2.2", - "10.2.3", - "10.2.4", - "10.2.6", - "10.2.7", - "10.3", - "10.3.1", - "10.3.2", - "10.3.3", - "10.3.4", - "10.3.5", - "10.3.6", - "10.5", - "10.5.4" - ], - "CIS-5.0": [ - "3.1" - ], - "CIS-1.4": [ - "3.1" - ], - "GxP-EU-Annex-11": [ - "1-risk-management", - "4.2-validation-documentation-change-control" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Logging.CN05.AR01", - "CCC.Core.CN08.AR01", - "CCC.Core.CN09.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR03" - ], - "GxP-21-CFR-Part-11": [ - "11.10-e", - "11.10-k", - "11.300-d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "CloudTrail.1" - ], - "CIS-1.5": [ - "3.1" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02", - "SEC04-BP03" - ], - "NIST-800-53-Revision-4": [ - "ac_2_4", - "ac_2", - "au_2", - "au_3", - "au_12", - "cm_2" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "CIS-2.0": [ - "3.1" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure CloudTrail is enabled in all regions", - "title": "Ensure CloudTrail is enabled in all regions", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled-211203495394-sa-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "sa-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:sa-east-1:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "sa-east-1" - }, - "remediation": { - "desc": "Ensure Logging is set to ON on all regions (even if they are not being used at the moment.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrailconcepts.html#cloudtrail-concepts-management-events" - ] - }, - "risk_details": "AWS CloudTrail is a web service that records AWS API calls for your account and delivers log files to you. The recorded information includes the identity of the API caller, the time of the API call, the source IP address of the API caller, the request parameters, and the response elements returned by the AWS service.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled with logging were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled with logging were found.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_12", - "3_3_1", - "3_3_2", - "3_3_3", - "3_4_1", - "3_6_1", - "3_6_2", - "3_13_1", - "3_13_2", - "3_14_6", - "3_14_7" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_4" - ], - "HIPAA": [ - "164_308_a_1_ii_d", - "164_308_a_3_ii_a", - "164_308_a_6_ii", - "164_312_b", - "164_312_e_2_i" - ], - "SOC2": [ - "cc_2_1", - "cc_7_2", - "cc_a_1_1" - ], - "C5-2025": [ - "OIS-05.01B", - "OIS-05.02B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-15.03B", - "IAM-07.04B", - "DEV-08.02B", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-12.03AC" - ], - "NIST-CSF-1.1": [ - "ae_1", - "ae_3", - "ae_4", - "cm_1", - "cm_3", - "cm_6", - "cm_7", - "am_3", - "ac_6", - "ds_5", - "ma_2", - "pt_1" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-4", - "ac-2-g", - "au-2-a-d", - "au-3", - "au-6-1-3", - "au-12-a-c", - "ca-7-a-b", - "si-4-16", - "si-4-2", - "si-4-4", - "si-4-5" - ], - "CIS-3.0": [ - "3.1" - ], - "NIST-800-53-Revision-5": [ - "ac_2_4", - "ac_3_1", - "ac_3_10", - "ac_4_26", - "ac_6_9", - "au_2_b", - "au_3_1", - "au_3_a", - "au_3_b", - "au_3_c", - "au_3_d", - "au_3_e", - "au_3_f", - "au_6_3", - "au_6_4", - "au_6_6", - "au_6_9", - "au_8_b", - "au_10", - "au_12_a", - "au_12_c", - "au_12_1", - "au_12_2", - "au_12_3", - "au_12_4", - "au_14_a", - "au_14_b", - "au_14_3", - "ca_7_b", - "cm_5_1_b", - "cm_6_a", - "cm_9_b", - "ia_3_3_b", - "ma_4_1_a", - "pm_14_a_1", - "pm_14_b", - "pm_31", - "sc_7_9_b", - "si_1_1_c", - "si_3_8_b", - "si_4_2", - "si_4_17", - "si_4_20", - "si_7_8", - "si_10_1_c" - ], - "ENS-RD2022": [ - "op.acc.6.r5.aws.iam.1", - "op.exp.5.aws.ct.1", - "op.exp.8.aws.ct.1", - "op.exp.8.aws.ct.6", - "op.exp.9.aws.ct.1", - "op.mon.1.aws.ct.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "CIS-4.0.1": [ - "3.1" - ], - "PCI-4.0": [ - "10.2.1.1.22", - "10.2.1.2.19", - "10.2.1.3.19", - "10.2.1.4.19", - "10.2.1.5.19", - "10.2.1.6.19", - "10.2.1.7.19", - "10.2.1.19", - "10.2.2.19", - "10.3.1.19", - "10.6.3.24", - "5.3.4.22", - "A1.2.1.23" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "au-2", - "ca-7" - ], - "FFIEC": [ - "d2-ma-ma-b-1", - "d2-ma-ma-b-2", - "d3-dc-an-b-3", - "d3-dc-an-b-4", - "d3-dc-an-b-5", - "d3-dc-ev-b-1", - "d3-dc-ev-b-3", - "d3-pc-im-b-3", - "d3-pc-im-b-7", - "d5-dr-de-b-3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "3.2", - "3.2.3", - "3.4", - "3.4.d", - "10.1", - "10.2", - "10.2.1", - "10.2.2", - "10.2.3", - "10.2.4", - "10.2.6", - "10.2.7", - "10.3", - "10.3.1", - "10.3.2", - "10.3.3", - "10.3.4", - "10.3.5", - "10.3.6", - "10.5", - "10.5.4" - ], - "CIS-5.0": [ - "3.1" - ], - "CIS-1.4": [ - "3.1" - ], - "GxP-EU-Annex-11": [ - "1-risk-management", - "4.2-validation-documentation-change-control" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Logging.CN05.AR01", - "CCC.Core.CN08.AR01", - "CCC.Core.CN09.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR03" - ], - "GxP-21-CFR-Part-11": [ - "11.10-e", - "11.10-k", - "11.300-d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "CloudTrail.1" - ], - "CIS-1.5": [ - "3.1" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02", - "SEC04-BP03" - ], - "NIST-800-53-Revision-4": [ - "ac_2_4", - "ac_2", - "au_2", - "au_3", - "au_12", - "cm_2" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "CIS-2.0": [ - "3.1" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure CloudTrail is enabled in all regions", - "title": "Ensure CloudTrail is enabled in all regions", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:us-east-1:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Ensure Logging is set to ON on all regions (even if they are not being used at the moment.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrailconcepts.html#cloudtrail-concepts-management-events" - ] - }, - "risk_details": "AWS CloudTrail is a web service that records AWS API calls for your account and delivers log files to you. The recorded information includes the identity of the API caller, the time of the API call, the source IP address of the API caller, the request parameters, and the response elements returned by the AWS service.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled with logging were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled with logging were found.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_12", - "3_3_1", - "3_3_2", - "3_3_3", - "3_4_1", - "3_6_1", - "3_6_2", - "3_13_1", - "3_13_2", - "3_14_6", - "3_14_7" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_4" - ], - "HIPAA": [ - "164_308_a_1_ii_d", - "164_308_a_3_ii_a", - "164_308_a_6_ii", - "164_312_b", - "164_312_e_2_i" - ], - "SOC2": [ - "cc_2_1", - "cc_7_2", - "cc_a_1_1" - ], - "C5-2025": [ - "OIS-05.01B", - "OIS-05.02B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-15.03B", - "IAM-07.04B", - "DEV-08.02B", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-12.03AC" - ], - "NIST-CSF-1.1": [ - "ae_1", - "ae_3", - "ae_4", - "cm_1", - "cm_3", - "cm_6", - "cm_7", - "am_3", - "ac_6", - "ds_5", - "ma_2", - "pt_1" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-4", - "ac-2-g", - "au-2-a-d", - "au-3", - "au-6-1-3", - "au-12-a-c", - "ca-7-a-b", - "si-4-16", - "si-4-2", - "si-4-4", - "si-4-5" - ], - "CIS-3.0": [ - "3.1" - ], - "NIST-800-53-Revision-5": [ - "ac_2_4", - "ac_3_1", - "ac_3_10", - "ac_4_26", - "ac_6_9", - "au_2_b", - "au_3_1", - "au_3_a", - "au_3_b", - "au_3_c", - "au_3_d", - "au_3_e", - "au_3_f", - "au_6_3", - "au_6_4", - "au_6_6", - "au_6_9", - "au_8_b", - "au_10", - "au_12_a", - "au_12_c", - "au_12_1", - "au_12_2", - "au_12_3", - "au_12_4", - "au_14_a", - "au_14_b", - "au_14_3", - "ca_7_b", - "cm_5_1_b", - "cm_6_a", - "cm_9_b", - "ia_3_3_b", - "ma_4_1_a", - "pm_14_a_1", - "pm_14_b", - "pm_31", - "sc_7_9_b", - "si_1_1_c", - "si_3_8_b", - "si_4_2", - "si_4_17", - "si_4_20", - "si_7_8", - "si_10_1_c" - ], - "ENS-RD2022": [ - "op.acc.6.r5.aws.iam.1", - "op.exp.5.aws.ct.1", - "op.exp.8.aws.ct.1", - "op.exp.8.aws.ct.6", - "op.exp.9.aws.ct.1", - "op.mon.1.aws.ct.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "CIS-4.0.1": [ - "3.1" - ], - "PCI-4.0": [ - "10.2.1.1.22", - "10.2.1.2.19", - "10.2.1.3.19", - "10.2.1.4.19", - "10.2.1.5.19", - "10.2.1.6.19", - "10.2.1.7.19", - "10.2.1.19", - "10.2.2.19", - "10.3.1.19", - "10.6.3.24", - "5.3.4.22", - "A1.2.1.23" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "au-2", - "ca-7" - ], - "FFIEC": [ - "d2-ma-ma-b-1", - "d2-ma-ma-b-2", - "d3-dc-an-b-3", - "d3-dc-an-b-4", - "d3-dc-an-b-5", - "d3-dc-ev-b-1", - "d3-dc-ev-b-3", - "d3-pc-im-b-3", - "d3-pc-im-b-7", - "d5-dr-de-b-3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "3.2", - "3.2.3", - "3.4", - "3.4.d", - "10.1", - "10.2", - "10.2.1", - "10.2.2", - "10.2.3", - "10.2.4", - "10.2.6", - "10.2.7", - "10.3", - "10.3.1", - "10.3.2", - "10.3.3", - "10.3.4", - "10.3.5", - "10.3.6", - "10.5", - "10.5.4" - ], - "CIS-5.0": [ - "3.1" - ], - "CIS-1.4": [ - "3.1" - ], - "GxP-EU-Annex-11": [ - "1-risk-management", - "4.2-validation-documentation-change-control" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Logging.CN05.AR01", - "CCC.Core.CN08.AR01", - "CCC.Core.CN09.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR03" - ], - "GxP-21-CFR-Part-11": [ - "11.10-e", - "11.10-k", - "11.300-d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "CloudTrail.1" - ], - "CIS-1.5": [ - "3.1" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02", - "SEC04-BP03" - ], - "NIST-800-53-Revision-4": [ - "ac_2_4", - "ac_2", - "au_2", - "au_3", - "au_12", - "cm_2" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "CIS-2.0": [ - "3.1" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure CloudTrail is enabled in all regions", - "title": "Ensure CloudTrail is enabled in all regions", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled-211203495394-us-east-2-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-2", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:us-east-2:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-2" - }, - "remediation": { - "desc": "Ensure Logging is set to ON on all regions (even if they are not being used at the moment.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrailconcepts.html#cloudtrail-concepts-management-events" - ] - }, - "risk_details": "AWS CloudTrail is a web service that records AWS API calls for your account and delivers log files to you. The recorded information includes the identity of the API caller, the time of the API call, the source IP address of the API caller, the request parameters, and the response elements returned by the AWS service.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled with logging were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled with logging were found.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_12", - "3_3_1", - "3_3_2", - "3_3_3", - "3_4_1", - "3_6_1", - "3_6_2", - "3_13_1", - "3_13_2", - "3_14_6", - "3_14_7" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_4" - ], - "HIPAA": [ - "164_308_a_1_ii_d", - "164_308_a_3_ii_a", - "164_308_a_6_ii", - "164_312_b", - "164_312_e_2_i" - ], - "SOC2": [ - "cc_2_1", - "cc_7_2", - "cc_a_1_1" - ], - "C5-2025": [ - "OIS-05.01B", - "OIS-05.02B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-15.03B", - "IAM-07.04B", - "DEV-08.02B", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-12.03AC" - ], - "NIST-CSF-1.1": [ - "ae_1", - "ae_3", - "ae_4", - "cm_1", - "cm_3", - "cm_6", - "cm_7", - "am_3", - "ac_6", - "ds_5", - "ma_2", - "pt_1" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-4", - "ac-2-g", - "au-2-a-d", - "au-3", - "au-6-1-3", - "au-12-a-c", - "ca-7-a-b", - "si-4-16", - "si-4-2", - "si-4-4", - "si-4-5" - ], - "CIS-3.0": [ - "3.1" - ], - "NIST-800-53-Revision-5": [ - "ac_2_4", - "ac_3_1", - "ac_3_10", - "ac_4_26", - "ac_6_9", - "au_2_b", - "au_3_1", - "au_3_a", - "au_3_b", - "au_3_c", - "au_3_d", - "au_3_e", - "au_3_f", - "au_6_3", - "au_6_4", - "au_6_6", - "au_6_9", - "au_8_b", - "au_10", - "au_12_a", - "au_12_c", - "au_12_1", - "au_12_2", - "au_12_3", - "au_12_4", - "au_14_a", - "au_14_b", - "au_14_3", - "ca_7_b", - "cm_5_1_b", - "cm_6_a", - "cm_9_b", - "ia_3_3_b", - "ma_4_1_a", - "pm_14_a_1", - "pm_14_b", - "pm_31", - "sc_7_9_b", - "si_1_1_c", - "si_3_8_b", - "si_4_2", - "si_4_17", - "si_4_20", - "si_7_8", - "si_10_1_c" - ], - "ENS-RD2022": [ - "op.acc.6.r5.aws.iam.1", - "op.exp.5.aws.ct.1", - "op.exp.8.aws.ct.1", - "op.exp.8.aws.ct.6", - "op.exp.9.aws.ct.1", - "op.mon.1.aws.ct.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "CIS-4.0.1": [ - "3.1" - ], - "PCI-4.0": [ - "10.2.1.1.22", - "10.2.1.2.19", - "10.2.1.3.19", - "10.2.1.4.19", - "10.2.1.5.19", - "10.2.1.6.19", - "10.2.1.7.19", - "10.2.1.19", - "10.2.2.19", - "10.3.1.19", - "10.6.3.24", - "5.3.4.22", - "A1.2.1.23" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "au-2", - "ca-7" - ], - "FFIEC": [ - "d2-ma-ma-b-1", - "d2-ma-ma-b-2", - "d3-dc-an-b-3", - "d3-dc-an-b-4", - "d3-dc-an-b-5", - "d3-dc-ev-b-1", - "d3-dc-ev-b-3", - "d3-pc-im-b-3", - "d3-pc-im-b-7", - "d5-dr-de-b-3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "3.2", - "3.2.3", - "3.4", - "3.4.d", - "10.1", - "10.2", - "10.2.1", - "10.2.2", - "10.2.3", - "10.2.4", - "10.2.6", - "10.2.7", - "10.3", - "10.3.1", - "10.3.2", - "10.3.3", - "10.3.4", - "10.3.5", - "10.3.6", - "10.5", - "10.5.4" - ], - "CIS-5.0": [ - "3.1" - ], - "CIS-1.4": [ - "3.1" - ], - "GxP-EU-Annex-11": [ - "1-risk-management", - "4.2-validation-documentation-change-control" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Logging.CN05.AR01", - "CCC.Core.CN08.AR01", - "CCC.Core.CN09.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR03" - ], - "GxP-21-CFR-Part-11": [ - "11.10-e", - "11.10-k", - "11.300-d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "CloudTrail.1" - ], - "CIS-1.5": [ - "3.1" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02", - "SEC04-BP03" - ], - "NIST-800-53-Revision-4": [ - "ac_2_4", - "ac_2", - "au_2", - "au_3", - "au_12", - "cm_2" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "CIS-2.0": [ - "3.1" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure CloudTrail is enabled in all regions", - "title": "Ensure CloudTrail is enabled in all regions", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled-211203495394-us-west-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-west-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:us-west-1:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-west-1" - }, - "remediation": { - "desc": "Ensure Logging is set to ON on all regions (even if they are not being used at the moment.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrailconcepts.html#cloudtrail-concepts-management-events" - ] - }, - "risk_details": "AWS CloudTrail is a web service that records AWS API calls for your account and delivers log files to you. The recorded information includes the identity of the API caller, the time of the API call, the source IP address of the API caller, the request parameters, and the response elements returned by the AWS service.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled with logging were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled with logging were found.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_12", - "3_3_1", - "3_3_2", - "3_3_3", - "3_4_1", - "3_6_1", - "3_6_2", - "3_13_1", - "3_13_2", - "3_14_6", - "3_14_7" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_4" - ], - "HIPAA": [ - "164_308_a_1_ii_d", - "164_308_a_3_ii_a", - "164_308_a_6_ii", - "164_312_b", - "164_312_e_2_i" - ], - "SOC2": [ - "cc_2_1", - "cc_7_2", - "cc_a_1_1" - ], - "C5-2025": [ - "OIS-05.01B", - "OIS-05.02B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-15.03B", - "IAM-07.04B", - "DEV-08.02B", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-12.03AC" - ], - "NIST-CSF-1.1": [ - "ae_1", - "ae_3", - "ae_4", - "cm_1", - "cm_3", - "cm_6", - "cm_7", - "am_3", - "ac_6", - "ds_5", - "ma_2", - "pt_1" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-4", - "ac-2-g", - "au-2-a-d", - "au-3", - "au-6-1-3", - "au-12-a-c", - "ca-7-a-b", - "si-4-16", - "si-4-2", - "si-4-4", - "si-4-5" - ], - "CIS-3.0": [ - "3.1" - ], - "NIST-800-53-Revision-5": [ - "ac_2_4", - "ac_3_1", - "ac_3_10", - "ac_4_26", - "ac_6_9", - "au_2_b", - "au_3_1", - "au_3_a", - "au_3_b", - "au_3_c", - "au_3_d", - "au_3_e", - "au_3_f", - "au_6_3", - "au_6_4", - "au_6_6", - "au_6_9", - "au_8_b", - "au_10", - "au_12_a", - "au_12_c", - "au_12_1", - "au_12_2", - "au_12_3", - "au_12_4", - "au_14_a", - "au_14_b", - "au_14_3", - "ca_7_b", - "cm_5_1_b", - "cm_6_a", - "cm_9_b", - "ia_3_3_b", - "ma_4_1_a", - "pm_14_a_1", - "pm_14_b", - "pm_31", - "sc_7_9_b", - "si_1_1_c", - "si_3_8_b", - "si_4_2", - "si_4_17", - "si_4_20", - "si_7_8", - "si_10_1_c" - ], - "ENS-RD2022": [ - "op.acc.6.r5.aws.iam.1", - "op.exp.5.aws.ct.1", - "op.exp.8.aws.ct.1", - "op.exp.8.aws.ct.6", - "op.exp.9.aws.ct.1", - "op.mon.1.aws.ct.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "CIS-4.0.1": [ - "3.1" - ], - "PCI-4.0": [ - "10.2.1.1.22", - "10.2.1.2.19", - "10.2.1.3.19", - "10.2.1.4.19", - "10.2.1.5.19", - "10.2.1.6.19", - "10.2.1.7.19", - "10.2.1.19", - "10.2.2.19", - "10.3.1.19", - "10.6.3.24", - "5.3.4.22", - "A1.2.1.23" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "au-2", - "ca-7" - ], - "FFIEC": [ - "d2-ma-ma-b-1", - "d2-ma-ma-b-2", - "d3-dc-an-b-3", - "d3-dc-an-b-4", - "d3-dc-an-b-5", - "d3-dc-ev-b-1", - "d3-dc-ev-b-3", - "d3-pc-im-b-3", - "d3-pc-im-b-7", - "d5-dr-de-b-3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "3.2", - "3.2.3", - "3.4", - "3.4.d", - "10.1", - "10.2", - "10.2.1", - "10.2.2", - "10.2.3", - "10.2.4", - "10.2.6", - "10.2.7", - "10.3", - "10.3.1", - "10.3.2", - "10.3.3", - "10.3.4", - "10.3.5", - "10.3.6", - "10.5", - "10.5.4" - ], - "CIS-5.0": [ - "3.1" - ], - "CIS-1.4": [ - "3.1" - ], - "GxP-EU-Annex-11": [ - "1-risk-management", - "4.2-validation-documentation-change-control" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Logging.CN05.AR01", - "CCC.Core.CN08.AR01", - "CCC.Core.CN09.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR03" - ], - "GxP-21-CFR-Part-11": [ - "11.10-e", - "11.10-k", - "11.300-d" - ], - "ProwlerThreatScore-1.0": [ - "3.1.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "CloudTrail.1" - ], - "CIS-1.5": [ - "3.1" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02", - "SEC04-BP03" - ], - "NIST-800-53-Revision-4": [ - "ac_2_4", - "ac_2", - "au_2", - "au_3", - "au_12", - "cm_2" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "CIS-2.0": [ - "3.1" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure CloudTrail is enabled in all regions", - "title": "Ensure CloudTrail is enabled in all regions", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled-211203495394-us-west-2-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-west-2", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:us-west-2:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-west-2" - }, - "remediation": { - "desc": "Ensure Logging is set to ON on all regions (even if they are not being used at the moment.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrailconcepts.html#cloudtrail-concepts-management-events" - ] - }, - "risk_details": "AWS CloudTrail is a web service that records AWS API calls for your account and delivers log files to you. The recorded information includes the identity of the API caller, the time of the API call, the source IP address of the API caller, the request parameters, and the response elements returned by the AWS service.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled and logging management events were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled_logging_management_events", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled and logging management events were found.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.prowler.com/checks/aws/logging-policies/logging_14", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-05.02B", - "AM-01.01AC", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-11.02AC", - "OPS-12.01B", - "OPS-13.02B", - "OPS-13.01AC", - "OPS-13.03AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "IAM-07.04B", - "DEV-08.02B", - "SSO-05.01AC", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-04.05B", - "PSS-12.02AC", - "PSS-12.03AC" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR02" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "NIS2": [ - "3.1.2.a", - "3.2.3.c", - "3.4.2.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure CloudTrail logging management events in All Regions", - "title": "Ensure CloudTrail logging management events in All Regions", - "types": [ - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled_logging_management_events-211203495394-ap-northeast-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-northeast-1", - "data": { - "details": "", - "metadata": { - "arn:aws:cloudtrail:ca-central-1:211203495394:trail": { - "region": "ca-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-2:211203495394:trail": { - "region": "ap-northeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-1:211203495394:trail": { - "region": "eu-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-2:211203495394:trail": { - "region": "eu-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-central-1:211203495394:trail": { - "region": "eu-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-1:211203495394:trail": { - "region": "us-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-1:211203495394:trail": { - "region": "ap-southeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-3:211203495394:trail": { - "region": "ap-northeast-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:sa-east-1:211203495394:trail": { - "region": "sa-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-2:211203495394:trail": { - "region": "ap-southeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-3:211203495394:trail": { - "region": "eu-west-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-2:211203495394:trail": { - "region": "us-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-south-1:211203495394:trail": { - "region": "ap-south-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-east-1:211203495394:trail": { - "region": "us-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-1:211203495394:trail": { - "region": "ap-northeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-east-2:211203495394:trail": { - "region": "us-east-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-north-1:211203495394:trail": { - "region": "eu-north-1", - "data_events": [], - "tags": [] - } - } - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:ap-northeast-1:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-northeast-1" - }, - "remediation": { - "desc": "Enable CloudTrail logging management events in All Regions", - "references": [ - "https://docs.prowler.com/checks/aws/logging-policies/logging_14" - ] - }, - "risk_details": "AWS CloudTrail enables governance, compliance, operational auditing, and risk auditing of your AWS account. To meet FTR requirements, you must have management events enabled for all AWS accounts and in all regions and aggregate these logs into an Amazon Simple Storage Service (Amazon S3) bucket owned by a separate AWS account.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled and logging management events were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled_logging_management_events", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled and logging management events were found.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.prowler.com/checks/aws/logging-policies/logging_14", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-05.02B", - "AM-01.01AC", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-11.02AC", - "OPS-12.01B", - "OPS-13.02B", - "OPS-13.01AC", - "OPS-13.03AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "IAM-07.04B", - "DEV-08.02B", - "SSO-05.01AC", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-04.05B", - "PSS-12.02AC", - "PSS-12.03AC" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR02" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "NIS2": [ - "3.1.2.a", - "3.2.3.c", - "3.4.2.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure CloudTrail logging management events in All Regions", - "title": "Ensure CloudTrail logging management events in All Regions", - "types": [ - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled_logging_management_events-211203495394-ap-northeast-2-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-northeast-2", - "data": { - "details": "", - "metadata": { - "arn:aws:cloudtrail:ca-central-1:211203495394:trail": { - "region": "ca-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-2:211203495394:trail": { - "region": "ap-northeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-1:211203495394:trail": { - "region": "eu-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-2:211203495394:trail": { - "region": "eu-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-central-1:211203495394:trail": { - "region": "eu-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-1:211203495394:trail": { - "region": "us-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-1:211203495394:trail": { - "region": "ap-southeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-3:211203495394:trail": { - "region": "ap-northeast-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:sa-east-1:211203495394:trail": { - "region": "sa-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-2:211203495394:trail": { - "region": "ap-southeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-3:211203495394:trail": { - "region": "eu-west-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-2:211203495394:trail": { - "region": "us-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-south-1:211203495394:trail": { - "region": "ap-south-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-east-1:211203495394:trail": { - "region": "us-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-1:211203495394:trail": { - "region": "ap-northeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-east-2:211203495394:trail": { - "region": "us-east-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-north-1:211203495394:trail": { - "region": "eu-north-1", - "data_events": [], - "tags": [] - } - } - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:ap-northeast-2:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-northeast-2" - }, - "remediation": { - "desc": "Enable CloudTrail logging management events in All Regions", - "references": [ - "https://docs.prowler.com/checks/aws/logging-policies/logging_14" - ] - }, - "risk_details": "AWS CloudTrail enables governance, compliance, operational auditing, and risk auditing of your AWS account. To meet FTR requirements, you must have management events enabled for all AWS accounts and in all regions and aggregate these logs into an Amazon Simple Storage Service (Amazon S3) bucket owned by a separate AWS account.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled and logging management events were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled_logging_management_events", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled and logging management events were found.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.prowler.com/checks/aws/logging-policies/logging_14", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-05.02B", - "AM-01.01AC", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-11.02AC", - "OPS-12.01B", - "OPS-13.02B", - "OPS-13.01AC", - "OPS-13.03AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "IAM-07.04B", - "DEV-08.02B", - "SSO-05.01AC", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-04.05B", - "PSS-12.02AC", - "PSS-12.03AC" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR02" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "NIS2": [ - "3.1.2.a", - "3.2.3.c", - "3.4.2.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure CloudTrail logging management events in All Regions", - "title": "Ensure CloudTrail logging management events in All Regions", - "types": [ - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled_logging_management_events-211203495394-ap-northeast-3-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-northeast-3", - "data": { - "details": "", - "metadata": { - "arn:aws:cloudtrail:ca-central-1:211203495394:trail": { - "region": "ca-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-2:211203495394:trail": { - "region": "ap-northeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-1:211203495394:trail": { - "region": "eu-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-2:211203495394:trail": { - "region": "eu-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-central-1:211203495394:trail": { - "region": "eu-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-1:211203495394:trail": { - "region": "us-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-1:211203495394:trail": { - "region": "ap-southeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-3:211203495394:trail": { - "region": "ap-northeast-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:sa-east-1:211203495394:trail": { - "region": "sa-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-2:211203495394:trail": { - "region": "ap-southeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-3:211203495394:trail": { - "region": "eu-west-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-2:211203495394:trail": { - "region": "us-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-south-1:211203495394:trail": { - "region": "ap-south-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-east-1:211203495394:trail": { - "region": "us-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-1:211203495394:trail": { - "region": "ap-northeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-east-2:211203495394:trail": { - "region": "us-east-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-north-1:211203495394:trail": { - "region": "eu-north-1", - "data_events": [], - "tags": [] - } - } - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:ap-northeast-3:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-northeast-3" - }, - "remediation": { - "desc": "Enable CloudTrail logging management events in All Regions", - "references": [ - "https://docs.prowler.com/checks/aws/logging-policies/logging_14" - ] - }, - "risk_details": "AWS CloudTrail enables governance, compliance, operational auditing, and risk auditing of your AWS account. To meet FTR requirements, you must have management events enabled for all AWS accounts and in all regions and aggregate these logs into an Amazon Simple Storage Service (Amazon S3) bucket owned by a separate AWS account.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled and logging management events were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled_logging_management_events", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled and logging management events were found.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.prowler.com/checks/aws/logging-policies/logging_14", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-05.02B", - "AM-01.01AC", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-11.02AC", - "OPS-12.01B", - "OPS-13.02B", - "OPS-13.01AC", - "OPS-13.03AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "IAM-07.04B", - "DEV-08.02B", - "SSO-05.01AC", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-04.05B", - "PSS-12.02AC", - "PSS-12.03AC" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR02" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "NIS2": [ - "3.1.2.a", - "3.2.3.c", - "3.4.2.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure CloudTrail logging management events in All Regions", - "title": "Ensure CloudTrail logging management events in All Regions", - "types": [ - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled_logging_management_events-211203495394-ap-south-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-south-1", - "data": { - "details": "", - "metadata": { - "arn:aws:cloudtrail:ca-central-1:211203495394:trail": { - "region": "ca-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-2:211203495394:trail": { - "region": "ap-northeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-1:211203495394:trail": { - "region": "eu-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-2:211203495394:trail": { - "region": "eu-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-central-1:211203495394:trail": { - "region": "eu-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-1:211203495394:trail": { - "region": "us-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-1:211203495394:trail": { - "region": "ap-southeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-3:211203495394:trail": { - "region": "ap-northeast-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:sa-east-1:211203495394:trail": { - "region": "sa-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-2:211203495394:trail": { - "region": "ap-southeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-3:211203495394:trail": { - "region": "eu-west-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-2:211203495394:trail": { - "region": "us-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-south-1:211203495394:trail": { - "region": "ap-south-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-east-1:211203495394:trail": { - "region": "us-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-1:211203495394:trail": { - "region": "ap-northeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-east-2:211203495394:trail": { - "region": "us-east-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-north-1:211203495394:trail": { - "region": "eu-north-1", - "data_events": [], - "tags": [] - } - } - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:ap-south-1:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-south-1" - }, - "remediation": { - "desc": "Enable CloudTrail logging management events in All Regions", - "references": [ - "https://docs.prowler.com/checks/aws/logging-policies/logging_14" - ] - }, - "risk_details": "AWS CloudTrail enables governance, compliance, operational auditing, and risk auditing of your AWS account. To meet FTR requirements, you must have management events enabled for all AWS accounts and in all regions and aggregate these logs into an Amazon Simple Storage Service (Amazon S3) bucket owned by a separate AWS account.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled and logging management events were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled_logging_management_events", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled and logging management events were found.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.prowler.com/checks/aws/logging-policies/logging_14", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-05.02B", - "AM-01.01AC", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-11.02AC", - "OPS-12.01B", - "OPS-13.02B", - "OPS-13.01AC", - "OPS-13.03AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "IAM-07.04B", - "DEV-08.02B", - "SSO-05.01AC", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-04.05B", - "PSS-12.02AC", - "PSS-12.03AC" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR02" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "NIS2": [ - "3.1.2.a", - "3.2.3.c", - "3.4.2.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure CloudTrail logging management events in All Regions", - "title": "Ensure CloudTrail logging management events in All Regions", - "types": [ - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled_logging_management_events-211203495394-ap-southeast-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-southeast-1", - "data": { - "details": "", - "metadata": { - "arn:aws:cloudtrail:ca-central-1:211203495394:trail": { - "region": "ca-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-2:211203495394:trail": { - "region": "ap-northeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-1:211203495394:trail": { - "region": "eu-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-2:211203495394:trail": { - "region": "eu-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-central-1:211203495394:trail": { - "region": "eu-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-1:211203495394:trail": { - "region": "us-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-1:211203495394:trail": { - "region": "ap-southeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-3:211203495394:trail": { - "region": "ap-northeast-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:sa-east-1:211203495394:trail": { - "region": "sa-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-2:211203495394:trail": { - "region": "ap-southeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-3:211203495394:trail": { - "region": "eu-west-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-2:211203495394:trail": { - "region": "us-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-south-1:211203495394:trail": { - "region": "ap-south-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-east-1:211203495394:trail": { - "region": "us-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-1:211203495394:trail": { - "region": "ap-northeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-east-2:211203495394:trail": { - "region": "us-east-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-north-1:211203495394:trail": { - "region": "eu-north-1", - "data_events": [], - "tags": [] - } - } - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:ap-southeast-1:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-southeast-1" - }, - "remediation": { - "desc": "Enable CloudTrail logging management events in All Regions", - "references": [ - "https://docs.prowler.com/checks/aws/logging-policies/logging_14" - ] - }, - "risk_details": "AWS CloudTrail enables governance, compliance, operational auditing, and risk auditing of your AWS account. To meet FTR requirements, you must have management events enabled for all AWS accounts and in all regions and aggregate these logs into an Amazon Simple Storage Service (Amazon S3) bucket owned by a separate AWS account.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled and logging management events were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled_logging_management_events", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled and logging management events were found.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.prowler.com/checks/aws/logging-policies/logging_14", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-05.02B", - "AM-01.01AC", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-11.02AC", - "OPS-12.01B", - "OPS-13.02B", - "OPS-13.01AC", - "OPS-13.03AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "IAM-07.04B", - "DEV-08.02B", - "SSO-05.01AC", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-04.05B", - "PSS-12.02AC", - "PSS-12.03AC" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR02" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "NIS2": [ - "3.1.2.a", - "3.2.3.c", - "3.4.2.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure CloudTrail logging management events in All Regions", - "title": "Ensure CloudTrail logging management events in All Regions", - "types": [ - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled_logging_management_events-211203495394-ap-southeast-2-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-southeast-2", - "data": { - "details": "", - "metadata": { - "arn:aws:cloudtrail:ca-central-1:211203495394:trail": { - "region": "ca-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-2:211203495394:trail": { - "region": "ap-northeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-1:211203495394:trail": { - "region": "eu-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-2:211203495394:trail": { - "region": "eu-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-central-1:211203495394:trail": { - "region": "eu-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-1:211203495394:trail": { - "region": "us-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-1:211203495394:trail": { - "region": "ap-southeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-3:211203495394:trail": { - "region": "ap-northeast-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:sa-east-1:211203495394:trail": { - "region": "sa-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-2:211203495394:trail": { - "region": "ap-southeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-3:211203495394:trail": { - "region": "eu-west-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-2:211203495394:trail": { - "region": "us-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-south-1:211203495394:trail": { - "region": "ap-south-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-east-1:211203495394:trail": { - "region": "us-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-1:211203495394:trail": { - "region": "ap-northeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-east-2:211203495394:trail": { - "region": "us-east-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-north-1:211203495394:trail": { - "region": "eu-north-1", - "data_events": [], - "tags": [] - } - } - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:ap-southeast-2:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-southeast-2" - }, - "remediation": { - "desc": "Enable CloudTrail logging management events in All Regions", - "references": [ - "https://docs.prowler.com/checks/aws/logging-policies/logging_14" - ] - }, - "risk_details": "AWS CloudTrail enables governance, compliance, operational auditing, and risk auditing of your AWS account. To meet FTR requirements, you must have management events enabled for all AWS accounts and in all regions and aggregate these logs into an Amazon Simple Storage Service (Amazon S3) bucket owned by a separate AWS account.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled and logging management events were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled_logging_management_events", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled and logging management events were found.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.prowler.com/checks/aws/logging-policies/logging_14", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-05.02B", - "AM-01.01AC", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-11.02AC", - "OPS-12.01B", - "OPS-13.02B", - "OPS-13.01AC", - "OPS-13.03AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "IAM-07.04B", - "DEV-08.02B", - "SSO-05.01AC", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-04.05B", - "PSS-12.02AC", - "PSS-12.03AC" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR02" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "NIS2": [ - "3.1.2.a", - "3.2.3.c", - "3.4.2.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure CloudTrail logging management events in All Regions", - "title": "Ensure CloudTrail logging management events in All Regions", - "types": [ - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled_logging_management_events-211203495394-ca-central-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ca-central-1", - "data": { - "details": "", - "metadata": { - "arn:aws:cloudtrail:ca-central-1:211203495394:trail": { - "region": "ca-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-2:211203495394:trail": { - "region": "ap-northeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-1:211203495394:trail": { - "region": "eu-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-2:211203495394:trail": { - "region": "eu-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-central-1:211203495394:trail": { - "region": "eu-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-1:211203495394:trail": { - "region": "us-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-1:211203495394:trail": { - "region": "ap-southeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-3:211203495394:trail": { - "region": "ap-northeast-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:sa-east-1:211203495394:trail": { - "region": "sa-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-2:211203495394:trail": { - "region": "ap-southeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-3:211203495394:trail": { - "region": "eu-west-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-2:211203495394:trail": { - "region": "us-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-south-1:211203495394:trail": { - "region": "ap-south-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-east-1:211203495394:trail": { - "region": "us-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-1:211203495394:trail": { - "region": "ap-northeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-east-2:211203495394:trail": { - "region": "us-east-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-north-1:211203495394:trail": { - "region": "eu-north-1", - "data_events": [], - "tags": [] - } - } - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:ca-central-1:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ca-central-1" - }, - "remediation": { - "desc": "Enable CloudTrail logging management events in All Regions", - "references": [ - "https://docs.prowler.com/checks/aws/logging-policies/logging_14" - ] - }, - "risk_details": "AWS CloudTrail enables governance, compliance, operational auditing, and risk auditing of your AWS account. To meet FTR requirements, you must have management events enabled for all AWS accounts and in all regions and aggregate these logs into an Amazon Simple Storage Service (Amazon S3) bucket owned by a separate AWS account.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled and logging management events were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled_logging_management_events", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled and logging management events were found.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.prowler.com/checks/aws/logging-policies/logging_14", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-05.02B", - "AM-01.01AC", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-11.02AC", - "OPS-12.01B", - "OPS-13.02B", - "OPS-13.01AC", - "OPS-13.03AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "IAM-07.04B", - "DEV-08.02B", - "SSO-05.01AC", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-04.05B", - "PSS-12.02AC", - "PSS-12.03AC" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR02" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "NIS2": [ - "3.1.2.a", - "3.2.3.c", - "3.4.2.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure CloudTrail logging management events in All Regions", - "title": "Ensure CloudTrail logging management events in All Regions", - "types": [ - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled_logging_management_events-211203495394-eu-central-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-central-1", - "data": { - "details": "", - "metadata": { - "arn:aws:cloudtrail:ca-central-1:211203495394:trail": { - "region": "ca-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-2:211203495394:trail": { - "region": "ap-northeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-1:211203495394:trail": { - "region": "eu-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-2:211203495394:trail": { - "region": "eu-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-central-1:211203495394:trail": { - "region": "eu-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-1:211203495394:trail": { - "region": "us-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-1:211203495394:trail": { - "region": "ap-southeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-3:211203495394:trail": { - "region": "ap-northeast-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:sa-east-1:211203495394:trail": { - "region": "sa-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-2:211203495394:trail": { - "region": "ap-southeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-3:211203495394:trail": { - "region": "eu-west-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-2:211203495394:trail": { - "region": "us-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-south-1:211203495394:trail": { - "region": "ap-south-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-east-1:211203495394:trail": { - "region": "us-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-1:211203495394:trail": { - "region": "ap-northeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-east-2:211203495394:trail": { - "region": "us-east-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-north-1:211203495394:trail": { - "region": "eu-north-1", - "data_events": [], - "tags": [] - } - } - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:eu-central-1:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-central-1" - }, - "remediation": { - "desc": "Enable CloudTrail logging management events in All Regions", - "references": [ - "https://docs.prowler.com/checks/aws/logging-policies/logging_14" - ] - }, - "risk_details": "AWS CloudTrail enables governance, compliance, operational auditing, and risk auditing of your AWS account. To meet FTR requirements, you must have management events enabled for all AWS accounts and in all regions and aggregate these logs into an Amazon Simple Storage Service (Amazon S3) bucket owned by a separate AWS account.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled and logging management events were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled_logging_management_events", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled and logging management events were found.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.prowler.com/checks/aws/logging-policies/logging_14", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-05.02B", - "AM-01.01AC", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-11.02AC", - "OPS-12.01B", - "OPS-13.02B", - "OPS-13.01AC", - "OPS-13.03AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "IAM-07.04B", - "DEV-08.02B", - "SSO-05.01AC", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-04.05B", - "PSS-12.02AC", - "PSS-12.03AC" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR02" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "NIS2": [ - "3.1.2.a", - "3.2.3.c", - "3.4.2.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure CloudTrail logging management events in All Regions", - "title": "Ensure CloudTrail logging management events in All Regions", - "types": [ - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled_logging_management_events-211203495394-eu-north-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-north-1", - "data": { - "details": "", - "metadata": { - "arn:aws:cloudtrail:ca-central-1:211203495394:trail": { - "region": "ca-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-2:211203495394:trail": { - "region": "ap-northeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-1:211203495394:trail": { - "region": "eu-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-2:211203495394:trail": { - "region": "eu-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-central-1:211203495394:trail": { - "region": "eu-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-1:211203495394:trail": { - "region": "us-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-1:211203495394:trail": { - "region": "ap-southeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-3:211203495394:trail": { - "region": "ap-northeast-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:sa-east-1:211203495394:trail": { - "region": "sa-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-2:211203495394:trail": { - "region": "ap-southeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-3:211203495394:trail": { - "region": "eu-west-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-2:211203495394:trail": { - "region": "us-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-south-1:211203495394:trail": { - "region": "ap-south-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-east-1:211203495394:trail": { - "region": "us-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-1:211203495394:trail": { - "region": "ap-northeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-east-2:211203495394:trail": { - "region": "us-east-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-north-1:211203495394:trail": { - "region": "eu-north-1", - "data_events": [], - "tags": [] - } - } - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:eu-north-1:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-north-1" - }, - "remediation": { - "desc": "Enable CloudTrail logging management events in All Regions", - "references": [ - "https://docs.prowler.com/checks/aws/logging-policies/logging_14" - ] - }, - "risk_details": "AWS CloudTrail enables governance, compliance, operational auditing, and risk auditing of your AWS account. To meet FTR requirements, you must have management events enabled for all AWS accounts and in all regions and aggregate these logs into an Amazon Simple Storage Service (Amazon S3) bucket owned by a separate AWS account.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled and logging management events were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled_logging_management_events", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled and logging management events were found.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.prowler.com/checks/aws/logging-policies/logging_14", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-05.02B", - "AM-01.01AC", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-11.02AC", - "OPS-12.01B", - "OPS-13.02B", - "OPS-13.01AC", - "OPS-13.03AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "IAM-07.04B", - "DEV-08.02B", - "SSO-05.01AC", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-04.05B", - "PSS-12.02AC", - "PSS-12.03AC" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR02" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "NIS2": [ - "3.1.2.a", - "3.2.3.c", - "3.4.2.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure CloudTrail logging management events in All Regions", - "title": "Ensure CloudTrail logging management events in All Regions", - "types": [ - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled_logging_management_events-211203495394-eu-west-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn:aws:cloudtrail:ca-central-1:211203495394:trail": { - "region": "ca-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-2:211203495394:trail": { - "region": "ap-northeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-1:211203495394:trail": { - "region": "eu-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-2:211203495394:trail": { - "region": "eu-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-central-1:211203495394:trail": { - "region": "eu-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-1:211203495394:trail": { - "region": "us-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-1:211203495394:trail": { - "region": "ap-southeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-3:211203495394:trail": { - "region": "ap-northeast-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:sa-east-1:211203495394:trail": { - "region": "sa-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-2:211203495394:trail": { - "region": "ap-southeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-3:211203495394:trail": { - "region": "eu-west-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-2:211203495394:trail": { - "region": "us-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-south-1:211203495394:trail": { - "region": "ap-south-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-east-1:211203495394:trail": { - "region": "us-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-1:211203495394:trail": { - "region": "ap-northeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-east-2:211203495394:trail": { - "region": "us-east-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-north-1:211203495394:trail": { - "region": "eu-north-1", - "data_events": [], - "tags": [] - } - } - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:eu-west-1:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Enable CloudTrail logging management events in All Regions", - "references": [ - "https://docs.prowler.com/checks/aws/logging-policies/logging_14" - ] - }, - "risk_details": "AWS CloudTrail enables governance, compliance, operational auditing, and risk auditing of your AWS account. To meet FTR requirements, you must have management events enabled for all AWS accounts and in all regions and aggregate these logs into an Amazon Simple Storage Service (Amazon S3) bucket owned by a separate AWS account.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled and logging management events were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled_logging_management_events", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled and logging management events were found.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.prowler.com/checks/aws/logging-policies/logging_14", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-05.02B", - "AM-01.01AC", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-11.02AC", - "OPS-12.01B", - "OPS-13.02B", - "OPS-13.01AC", - "OPS-13.03AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "IAM-07.04B", - "DEV-08.02B", - "SSO-05.01AC", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-04.05B", - "PSS-12.02AC", - "PSS-12.03AC" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR02" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "NIS2": [ - "3.1.2.a", - "3.2.3.c", - "3.4.2.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure CloudTrail logging management events in All Regions", - "title": "Ensure CloudTrail logging management events in All Regions", - "types": [ - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled_logging_management_events-211203495394-eu-west-2-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-2", - "data": { - "details": "", - "metadata": { - "arn:aws:cloudtrail:ca-central-1:211203495394:trail": { - "region": "ca-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-2:211203495394:trail": { - "region": "ap-northeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-1:211203495394:trail": { - "region": "eu-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-2:211203495394:trail": { - "region": "eu-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-central-1:211203495394:trail": { - "region": "eu-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-1:211203495394:trail": { - "region": "us-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-1:211203495394:trail": { - "region": "ap-southeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-3:211203495394:trail": { - "region": "ap-northeast-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:sa-east-1:211203495394:trail": { - "region": "sa-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-2:211203495394:trail": { - "region": "ap-southeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-3:211203495394:trail": { - "region": "eu-west-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-2:211203495394:trail": { - "region": "us-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-south-1:211203495394:trail": { - "region": "ap-south-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-east-1:211203495394:trail": { - "region": "us-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-1:211203495394:trail": { - "region": "ap-northeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-east-2:211203495394:trail": { - "region": "us-east-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-north-1:211203495394:trail": { - "region": "eu-north-1", - "data_events": [], - "tags": [] - } - } - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:eu-west-2:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-2" - }, - "remediation": { - "desc": "Enable CloudTrail logging management events in All Regions", - "references": [ - "https://docs.prowler.com/checks/aws/logging-policies/logging_14" - ] - }, - "risk_details": "AWS CloudTrail enables governance, compliance, operational auditing, and risk auditing of your AWS account. To meet FTR requirements, you must have management events enabled for all AWS accounts and in all regions and aggregate these logs into an Amazon Simple Storage Service (Amazon S3) bucket owned by a separate AWS account.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled and logging management events were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled_logging_management_events", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled and logging management events were found.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.prowler.com/checks/aws/logging-policies/logging_14", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-05.02B", - "AM-01.01AC", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-11.02AC", - "OPS-12.01B", - "OPS-13.02B", - "OPS-13.01AC", - "OPS-13.03AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "IAM-07.04B", - "DEV-08.02B", - "SSO-05.01AC", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-04.05B", - "PSS-12.02AC", - "PSS-12.03AC" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR02" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "NIS2": [ - "3.1.2.a", - "3.2.3.c", - "3.4.2.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure CloudTrail logging management events in All Regions", - "title": "Ensure CloudTrail logging management events in All Regions", - "types": [ - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled_logging_management_events-211203495394-eu-west-3-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-3", - "data": { - "details": "", - "metadata": { - "arn:aws:cloudtrail:ca-central-1:211203495394:trail": { - "region": "ca-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-2:211203495394:trail": { - "region": "ap-northeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-1:211203495394:trail": { - "region": "eu-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-2:211203495394:trail": { - "region": "eu-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-central-1:211203495394:trail": { - "region": "eu-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-1:211203495394:trail": { - "region": "us-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-1:211203495394:trail": { - "region": "ap-southeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-3:211203495394:trail": { - "region": "ap-northeast-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:sa-east-1:211203495394:trail": { - "region": "sa-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-2:211203495394:trail": { - "region": "ap-southeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-3:211203495394:trail": { - "region": "eu-west-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-2:211203495394:trail": { - "region": "us-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-south-1:211203495394:trail": { - "region": "ap-south-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-east-1:211203495394:trail": { - "region": "us-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-1:211203495394:trail": { - "region": "ap-northeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-east-2:211203495394:trail": { - "region": "us-east-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-north-1:211203495394:trail": { - "region": "eu-north-1", - "data_events": [], - "tags": [] - } - } - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:eu-west-3:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-3" - }, - "remediation": { - "desc": "Enable CloudTrail logging management events in All Regions", - "references": [ - "https://docs.prowler.com/checks/aws/logging-policies/logging_14" - ] - }, - "risk_details": "AWS CloudTrail enables governance, compliance, operational auditing, and risk auditing of your AWS account. To meet FTR requirements, you must have management events enabled for all AWS accounts and in all regions and aggregate these logs into an Amazon Simple Storage Service (Amazon S3) bucket owned by a separate AWS account.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled and logging management events were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled_logging_management_events", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled and logging management events were found.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.prowler.com/checks/aws/logging-policies/logging_14", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-05.02B", - "AM-01.01AC", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-11.02AC", - "OPS-12.01B", - "OPS-13.02B", - "OPS-13.01AC", - "OPS-13.03AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "IAM-07.04B", - "DEV-08.02B", - "SSO-05.01AC", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-04.05B", - "PSS-12.02AC", - "PSS-12.03AC" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR02" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "NIS2": [ - "3.1.2.a", - "3.2.3.c", - "3.4.2.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure CloudTrail logging management events in All Regions", - "title": "Ensure CloudTrail logging management events in All Regions", - "types": [ - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled_logging_management_events-211203495394-sa-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "sa-east-1", - "data": { - "details": "", - "metadata": { - "arn:aws:cloudtrail:ca-central-1:211203495394:trail": { - "region": "ca-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-2:211203495394:trail": { - "region": "ap-northeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-1:211203495394:trail": { - "region": "eu-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-2:211203495394:trail": { - "region": "eu-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-central-1:211203495394:trail": { - "region": "eu-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-1:211203495394:trail": { - "region": "us-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-1:211203495394:trail": { - "region": "ap-southeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-3:211203495394:trail": { - "region": "ap-northeast-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:sa-east-1:211203495394:trail": { - "region": "sa-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-2:211203495394:trail": { - "region": "ap-southeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-3:211203495394:trail": { - "region": "eu-west-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-2:211203495394:trail": { - "region": "us-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-south-1:211203495394:trail": { - "region": "ap-south-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-east-1:211203495394:trail": { - "region": "us-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-1:211203495394:trail": { - "region": "ap-northeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-east-2:211203495394:trail": { - "region": "us-east-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-north-1:211203495394:trail": { - "region": "eu-north-1", - "data_events": [], - "tags": [] - } - } - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:sa-east-1:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "sa-east-1" - }, - "remediation": { - "desc": "Enable CloudTrail logging management events in All Regions", - "references": [ - "https://docs.prowler.com/checks/aws/logging-policies/logging_14" - ] - }, - "risk_details": "AWS CloudTrail enables governance, compliance, operational auditing, and risk auditing of your AWS account. To meet FTR requirements, you must have management events enabled for all AWS accounts and in all regions and aggregate these logs into an Amazon Simple Storage Service (Amazon S3) bucket owned by a separate AWS account.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled and logging management events were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled_logging_management_events", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled and logging management events were found.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.prowler.com/checks/aws/logging-policies/logging_14", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-05.02B", - "AM-01.01AC", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-11.02AC", - "OPS-12.01B", - "OPS-13.02B", - "OPS-13.01AC", - "OPS-13.03AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "IAM-07.04B", - "DEV-08.02B", - "SSO-05.01AC", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-04.05B", - "PSS-12.02AC", - "PSS-12.03AC" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR02" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "NIS2": [ - "3.1.2.a", - "3.2.3.c", - "3.4.2.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure CloudTrail logging management events in All Regions", - "title": "Ensure CloudTrail logging management events in All Regions", - "types": [ - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled_logging_management_events-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn:aws:cloudtrail:ca-central-1:211203495394:trail": { - "region": "ca-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-2:211203495394:trail": { - "region": "ap-northeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-1:211203495394:trail": { - "region": "eu-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-2:211203495394:trail": { - "region": "eu-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-central-1:211203495394:trail": { - "region": "eu-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-1:211203495394:trail": { - "region": "us-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-1:211203495394:trail": { - "region": "ap-southeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-3:211203495394:trail": { - "region": "ap-northeast-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:sa-east-1:211203495394:trail": { - "region": "sa-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-2:211203495394:trail": { - "region": "ap-southeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-3:211203495394:trail": { - "region": "eu-west-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-2:211203495394:trail": { - "region": "us-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-south-1:211203495394:trail": { - "region": "ap-south-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-east-1:211203495394:trail": { - "region": "us-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-1:211203495394:trail": { - "region": "ap-northeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-east-2:211203495394:trail": { - "region": "us-east-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-north-1:211203495394:trail": { - "region": "eu-north-1", - "data_events": [], - "tags": [] - } - } - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:us-east-1:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Enable CloudTrail logging management events in All Regions", - "references": [ - "https://docs.prowler.com/checks/aws/logging-policies/logging_14" - ] - }, - "risk_details": "AWS CloudTrail enables governance, compliance, operational auditing, and risk auditing of your AWS account. To meet FTR requirements, you must have management events enabled for all AWS accounts and in all regions and aggregate these logs into an Amazon Simple Storage Service (Amazon S3) bucket owned by a separate AWS account.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled and logging management events were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled_logging_management_events", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled and logging management events were found.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.prowler.com/checks/aws/logging-policies/logging_14", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-05.02B", - "AM-01.01AC", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-11.02AC", - "OPS-12.01B", - "OPS-13.02B", - "OPS-13.01AC", - "OPS-13.03AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "IAM-07.04B", - "DEV-08.02B", - "SSO-05.01AC", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-04.05B", - "PSS-12.02AC", - "PSS-12.03AC" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR02" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "NIS2": [ - "3.1.2.a", - "3.2.3.c", - "3.4.2.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure CloudTrail logging management events in All Regions", - "title": "Ensure CloudTrail logging management events in All Regions", - "types": [ - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled_logging_management_events-211203495394-us-east-2-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-2", - "data": { - "details": "", - "metadata": { - "arn:aws:cloudtrail:ca-central-1:211203495394:trail": { - "region": "ca-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-2:211203495394:trail": { - "region": "ap-northeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-1:211203495394:trail": { - "region": "eu-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-2:211203495394:trail": { - "region": "eu-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-central-1:211203495394:trail": { - "region": "eu-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-1:211203495394:trail": { - "region": "us-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-1:211203495394:trail": { - "region": "ap-southeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-3:211203495394:trail": { - "region": "ap-northeast-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:sa-east-1:211203495394:trail": { - "region": "sa-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-2:211203495394:trail": { - "region": "ap-southeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-3:211203495394:trail": { - "region": "eu-west-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-2:211203495394:trail": { - "region": "us-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-south-1:211203495394:trail": { - "region": "ap-south-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-east-1:211203495394:trail": { - "region": "us-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-1:211203495394:trail": { - "region": "ap-northeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-east-2:211203495394:trail": { - "region": "us-east-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-north-1:211203495394:trail": { - "region": "eu-north-1", - "data_events": [], - "tags": [] - } - } - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:us-east-2:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-2" - }, - "remediation": { - "desc": "Enable CloudTrail logging management events in All Regions", - "references": [ - "https://docs.prowler.com/checks/aws/logging-policies/logging_14" - ] - }, - "risk_details": "AWS CloudTrail enables governance, compliance, operational auditing, and risk auditing of your AWS account. To meet FTR requirements, you must have management events enabled for all AWS accounts and in all regions and aggregate these logs into an Amazon Simple Storage Service (Amazon S3) bucket owned by a separate AWS account.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled and logging management events were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled_logging_management_events", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled and logging management events were found.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.prowler.com/checks/aws/logging-policies/logging_14", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-05.02B", - "AM-01.01AC", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-11.02AC", - "OPS-12.01B", - "OPS-13.02B", - "OPS-13.01AC", - "OPS-13.03AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "IAM-07.04B", - "DEV-08.02B", - "SSO-05.01AC", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-04.05B", - "PSS-12.02AC", - "PSS-12.03AC" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR02" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "NIS2": [ - "3.1.2.a", - "3.2.3.c", - "3.4.2.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure CloudTrail logging management events in All Regions", - "title": "Ensure CloudTrail logging management events in All Regions", - "types": [ - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled_logging_management_events-211203495394-us-west-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-west-1", - "data": { - "details": "", - "metadata": { - "arn:aws:cloudtrail:ca-central-1:211203495394:trail": { - "region": "ca-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-2:211203495394:trail": { - "region": "ap-northeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-1:211203495394:trail": { - "region": "eu-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-2:211203495394:trail": { - "region": "eu-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-central-1:211203495394:trail": { - "region": "eu-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-1:211203495394:trail": { - "region": "us-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-1:211203495394:trail": { - "region": "ap-southeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-3:211203495394:trail": { - "region": "ap-northeast-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:sa-east-1:211203495394:trail": { - "region": "sa-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-2:211203495394:trail": { - "region": "ap-southeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-3:211203495394:trail": { - "region": "eu-west-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-2:211203495394:trail": { - "region": "us-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-south-1:211203495394:trail": { - "region": "ap-south-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-east-1:211203495394:trail": { - "region": "us-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-1:211203495394:trail": { - "region": "ap-northeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-east-2:211203495394:trail": { - "region": "us-east-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-north-1:211203495394:trail": { - "region": "eu-north-1", - "data_events": [], - "tags": [] - } - } - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:us-west-1:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-west-1" - }, - "remediation": { - "desc": "Enable CloudTrail logging management events in All Regions", - "references": [ - "https://docs.prowler.com/checks/aws/logging-policies/logging_14" - ] - }, - "risk_details": "AWS CloudTrail enables governance, compliance, operational auditing, and risk auditing of your AWS account. To meet FTR requirements, you must have management events enabled for all AWS accounts and in all regions and aggregate these logs into an Amazon Simple Storage Service (Amazon S3) bucket owned by a separate AWS account.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails enabled and logging management events were found.", - "metadata": { - "event_code": "cloudtrail_multi_region_enabled_logging_management_events", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails enabled and logging management events were found.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.prowler.com/checks/aws/logging-policies/logging_14", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-05.02B", - "AM-01.01AC", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "OPS-11.02AC", - "OPS-12.01B", - "OPS-13.02B", - "OPS-13.01AC", - "OPS-13.03AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "IAM-07.04B", - "DEV-08.02B", - "SSO-05.01AC", - "SIM-03.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-04.05B", - "PSS-12.02AC", - "PSS-12.03AC" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR02" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "AWS-Account-Security-Onboarding": [ - "Enable as part of Organization trail" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "NIS2": [ - "3.1.2.a", - "3.2.3.c", - "3.4.2.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure CloudTrail logging management events in All Regions", - "title": "Ensure CloudTrail logging management events in All Regions", - "types": [ - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudtrail_multi_region_enabled_logging_management_events-211203495394-us-west-2-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-west-2", - "data": { - "details": "", - "metadata": { - "arn:aws:cloudtrail:ca-central-1:211203495394:trail": { - "region": "ca-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-2:211203495394:trail": { - "region": "ap-northeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-1:211203495394:trail": { - "region": "eu-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-2:211203495394:trail": { - "region": "eu-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-central-1:211203495394:trail": { - "region": "eu-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-1:211203495394:trail": { - "region": "us-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-1:211203495394:trail": { - "region": "ap-southeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-3:211203495394:trail": { - "region": "ap-northeast-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:sa-east-1:211203495394:trail": { - "region": "sa-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-2:211203495394:trail": { - "region": "ap-southeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-3:211203495394:trail": { - "region": "eu-west-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-2:211203495394:trail": { - "region": "us-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-south-1:211203495394:trail": { - "region": "ap-south-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-east-1:211203495394:trail": { - "region": "us-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-1:211203495394:trail": { - "region": "ap-northeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-east-2:211203495394:trail": { - "region": "us-east-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-north-1:211203495394:trail": { - "region": "eu-north-1", - "data_events": [], - "tags": [] - } - } - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:us-west-2:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-west-2" - }, - "remediation": { - "desc": "Enable CloudTrail logging management events in All Regions", - "references": [ - "https://docs.prowler.com/checks/aws/logging-policies/logging_14" - ] - }, - "risk_details": "AWS CloudTrail enables governance, compliance, operational auditing, and risk auditing of your AWS account. To meet FTR requirements, you must have management events enabled for all AWS accounts and in all regions and aggregate these logs into an Amazon Simple Storage Service (Amazon S3) bucket owned by a separate AWS account.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails have a data event to record all S3 object-level API operations.", - "metadata": { - "event_code": "cloudtrail_s3_dataevents_read_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails have a data event to record all S3 object-level API operations.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_12", - "3_3_1", - "3_3_2", - "3_3_3", - "3_13_1", - "3_14_6", - "3_14_7" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_4" - ], - "HIPAA": [ - "164_308_a_1_ii_d", - "164_308_a_3_ii_a", - "164_308_a_6_ii", - "164_312_a_2_i", - "164_312_b", - "164_312_e_2_i" - ], - "SOC2": [ - "cc_2_1", - "cc_7_2" - ], - "C5-2025": [ - "AM-01.01AC", - "OPS-11.02AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "IAM-07.04B", - "SSO-05.01AC", - "SIM-03.07B", - "COM-04.01AC", - "PSS-04.05B", - "PSS-12.03AC" - ], - "NIST-CSF-1.1": [ - "ae_3", - "ae_4", - "cm_1", - "cm_3", - "cm_6", - "cm_7", - "ds_5" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-4", - "ac-2-g", - "au-2-a-d", - "au-3", - "au-6-1-3", - "au-12-a-c", - "ca-7-a-b", - "si-4-16", - "si-4-2", - "si-4-4", - "si-4-5" - ], - "CIS-3.0": [ - "3.9" - ], - "NIST-800-53-Revision-5": [ - "ac_2_4", - "ac_3_1", - "ac_3_10", - "ac_4_26", - "ac_6_9", - "au_2_b", - "au_3_a", - "au_3_b", - "au_3_c", - "au_3_d", - "au_3_e", - "au_3_f", - "au_6_3", - "au_6_4", - "au_6_6", - "au_6_9", - "au_8_b", - "au_10", - "au_12_a", - "au_12_c", - "au_12_1", - "au_12_2", - "au_12_3", - "au_12_4", - "au_14_a", - "au_14_b", - "au_14_3", - "ca_7_b", - "cm_5_1_b", - "cm_6_a", - "cm_9_b", - "ia_3_3_b", - "ma_4_1_a", - "pm_14_a_1", - "pm_14_b", - "pm_31", - "sc_7_9_b", - "si_1_1_c", - "si_3_8_b", - "si_4_2", - "si_4_17", - "si_4_20", - "si_7_8", - "si_10_1_c" - ], - "ENS-RD2022": [ - "op.exp.8.r1.aws.ct.2", - "op.exp.8.r1.aws.ct.3", - "op.exp.8.r1.aws.ct.4" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "3.9" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "au-2", - "ca-7" - ], - "FFIEC": [ - "d2-ma-ma-b-1", - "d2-ma-ma-b-2", - "d3-dc-an-b-3", - "d3-dc-an-b-4", - "d3-dc-ev-b-1", - "d5-dr-de-b-3" - ], - "GDPR": [ - "article_30" - ], - "PCI-3.2.1": [ - "10.1", - "10.2", - "10.2.1", - "10.2.2", - "10.2.3", - "10.2.4", - "10.2.6", - "10.2.7", - "10.3", - "10.3.1", - "10.3.2", - "10.3.3", - "10.3.4", - "10.3.5", - "10.3.6", - "10.5", - "10.5.4" - ], - "CIS-5.0": [ - "3.9" - ], - "CIS-1.4": [ - "3.11" - ], - "GxP-EU-Annex-11": [ - "8.2-printouts-data-changes", - "9-audit-trails", - "12.4-security-audit-trail" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.ObjStor.CN06.AR01", - "CCC.Core.CN09.AR01", - "CCC.Core.CN09.AR02", - "CCC.Core.CN09.AR03", - "CCC.Core.CN04.AR02", - "CCC.Core.CN04.AR03" - ], - "GxP-21-CFR-Part-11": [ - "11.10-e", - "11.10-k" - ], - "ProwlerThreatScore-1.0": [ - "3.1.6" - ], - "CIS-1.5": [ - "3.11" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP01" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "NIST-800-53-Revision-4": [ - "ac_2", - "au_2", - "au_3", - "au_12" - ], - "AWS-Account-Security-Onboarding": [ - "Confirm that logs are present in S3 bucket and SIEM" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CIS-2.0": [ - "3.11" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ], - "NIS2": [ - "3.2.3.c", - "3.2.3.g", - "3.4.2.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure that all your AWS CloudTrail trails are configured to log Data events in order to record S3 object-level API operations, such as GetObject, DeleteObject and PutObject, for individual S3 buckets or for all current and future S3 buckets provisioned in your AWS account.", - "title": "Check if S3 buckets have Object-level logging for read events is enabled in CloudTrail.", - "types": [ - "Logging and Monitoring" - ], - "uid": "prowler-aws-cloudtrail_s3_dataevents_read_enabled-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn:aws:cloudtrail:ca-central-1:211203495394:trail": { - "region": "ca-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-2:211203495394:trail": { - "region": "ap-northeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-1:211203495394:trail": { - "region": "eu-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-2:211203495394:trail": { - "region": "eu-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-central-1:211203495394:trail": { - "region": "eu-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-1:211203495394:trail": { - "region": "us-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-1:211203495394:trail": { - "region": "ap-southeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-3:211203495394:trail": { - "region": "ap-northeast-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:sa-east-1:211203495394:trail": { - "region": "sa-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-2:211203495394:trail": { - "region": "ap-southeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-3:211203495394:trail": { - "region": "eu-west-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-2:211203495394:trail": { - "region": "us-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-south-1:211203495394:trail": { - "region": "ap-south-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-east-1:211203495394:trail": { - "region": "us-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-1:211203495394:trail": { - "region": "ap-northeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-east-2:211203495394:trail": { - "region": "us-east-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-north-1:211203495394:trail": { - "region": "eu-north-1", - "data_events": [], - "tags": [] - } - } - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:us-east-1:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Enable logs. Create an S3 lifecycle policy. Define use cases, metrics and automated responses where applicable.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/enable-cloudtrail-logging-for-s3.html" - ] - }, - "risk_details": "If logs are not enabled, monitoring of service use and threat analysis is not possible.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudTrail trails have a data event to record all S3 object-level API operations.", - "metadata": { - "event_code": "cloudtrail_s3_dataevents_write_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudTrail trails have a data event to record all S3 object-level API operations.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_12", - "3_3_1", - "3_3_2", - "3_3_3", - "3_13_1", - "3_14_6", - "3_14_7" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_4" - ], - "HIPAA": [ - "164_308_a_1_ii_d", - "164_308_a_3_ii_a", - "164_308_a_6_ii", - "164_312_a_2_i", - "164_312_b", - "164_312_e_2_i" - ], - "SOC2": [ - "cc_2_1", - "cc_7_2" - ], - "C5-2025": [ - "OPS-11.02AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "IAM-07.04B", - "SSO-05.01AC", - "SIM-03.07B", - "COM-04.01AC", - "PSS-04.05B", - "PSS-12.03AC" - ], - "NIST-CSF-1.1": [ - "ae_3", - "ae_4", - "cm_1", - "cm_3", - "cm_6", - "cm_7", - "ds_5" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-4", - "ac-2-g", - "au-2-a-d", - "au-3", - "au-6-1-3", - "au-12-a-c", - "ca-7-a-b", - "si-4-16", - "si-4-2", - "si-4-4", - "si-4-5" - ], - "CIS-3.0": [ - "3.8" - ], - "NIST-800-53-Revision-5": [ - "ac_2_4", - "ac_3_1", - "ac_3_10", - "ac_4_26", - "ac_6_9", - "au_2_b", - "au_3_a", - "au_3_b", - "au_3_c", - "au_3_d", - "au_3_e", - "au_3_f", - "au_6_3", - "au_6_4", - "au_6_6", - "au_6_9", - "au_8_b", - "au_10", - "au_12_a", - "au_12_c", - "au_12_1", - "au_12_2", - "au_12_3", - "au_12_4", - "au_14_a", - "au_14_b", - "au_14_3", - "ca_7_b", - "cm_5_1_b", - "cm_6_a", - "cm_9_b", - "ia_3_3_b", - "ma_4_1_a", - "pm_14_a_1", - "pm_14_b", - "pm_31", - "sc_7_9_b", - "si_1_1_c", - "si_3_8_b", - "si_4_2", - "si_4_17", - "si_4_20", - "si_7_8", - "si_10_1_c" - ], - "ENS-RD2022": [ - "op.exp.8.aws.ct.4", - "op.exp.8.r1.aws.ct.2", - "op.exp.8.r1.aws.ct.3", - "op.exp.8.r1.aws.ct.4" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "3.8" - ], - "PCI-4.0": [ - "10.2.1.1.7", - "10.2.1.2.7", - "10.2.1.3.7", - "10.2.1.4.7", - "10.2.1.5.7", - "10.2.1.6.7", - "10.2.1.7.7", - "10.2.1.7", - "10.2.2.7", - "10.3.1.7", - "10.6.3.7", - "5.3.4.7", - "A1.2.1.7" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "au-2", - "ca-7" - ], - "FFIEC": [ - "d2-ma-ma-b-1", - "d2-ma-ma-b-2", - "d3-dc-an-b-3", - "d3-dc-an-b-4", - "d3-dc-ev-b-1", - "d5-dr-de-b-3" - ], - "GDPR": [ - "article_30" - ], - "CIS-5.0": [ - "3.8" - ], - "CIS-1.4": [ - "3.10" - ], - "GxP-EU-Annex-11": [ - "8.2-printouts-data-changes", - "9-audit-trails", - "12.4-security-audit-trail" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Core.CN09.AR01", - "CCC.Core.CN09.AR02", - "CCC.Core.CN09.AR03", - "CCC.Core.CN04.AR02", - "CCC.Core.CN04.AR03" - ], - "GxP-21-CFR-Part-11": [ - "11.10-e", - "11.10-k" - ], - "ProwlerThreatScore-1.0": [ - "3.1.5" - ], - "CIS-1.5": [ - "3.10" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP01" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "NIST-800-53-Revision-4": [ - "ac_2", - "au_2", - "au_3", - "au_12" - ], - "AWS-Account-Security-Onboarding": [ - "Send S3 access logs for critical buckets to separate S3 bucket", - "Confirm that logs are present in S3 bucket and SIEM" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CIS-2.0": [ - "3.10" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ], - "NIS2": [ - "3.2.3.c", - "3.2.3.g" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure that all your AWS CloudTrail trails are configured to log Data events in order to record S3 object-level API operations, such as GetObject, DeleteObject and PutObject, for individual S3 buckets or for all current and future S3 buckets provisioned in your AWS account.", - "title": "Check if S3 buckets have Object-level logging for write events is enabled in CloudTrail.", - "types": [ - "Logging and Monitoring" - ], - "uid": "prowler-aws-cloudtrail_s3_dataevents_write_enabled-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn:aws:cloudtrail:ca-central-1:211203495394:trail": { - "region": "ca-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-2:211203495394:trail": { - "region": "ap-northeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-1:211203495394:trail": { - "region": "eu-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-2:211203495394:trail": { - "region": "eu-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-central-1:211203495394:trail": { - "region": "eu-central-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-1:211203495394:trail": { - "region": "us-west-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-1:211203495394:trail": { - "region": "ap-southeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-3:211203495394:trail": { - "region": "ap-northeast-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:sa-east-1:211203495394:trail": { - "region": "sa-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-southeast-2:211203495394:trail": { - "region": "ap-southeast-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-west-3:211203495394:trail": { - "region": "eu-west-3", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-west-2:211203495394:trail": { - "region": "us-west-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-south-1:211203495394:trail": { - "region": "ap-south-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-east-1:211203495394:trail": { - "region": "us-east-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:ap-northeast-1:211203495394:trail": { - "region": "ap-northeast-1", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:us-east-2:211203495394:trail": { - "region": "us-east-2", - "data_events": [], - "tags": [] - }, - "arn:aws:cloudtrail:eu-north-1:211203495394:trail": { - "region": "eu-north-1", - "data_events": [], - "tags": [] - } - } - }, - "group": { - "name": "cloudtrail" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudTrailTrail", - "uid": "arn:aws:cloudtrail:us-east-1:211203495394:trail" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Enable logs. Create an S3 lifecycle policy. Define use cases, metrics and automated responses where applicable.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/enable-cloudtrail-logging-for-s3.html" - ] - }, - "risk_details": "If logs are not enabled, monitoring of service use and threat analysis is not possible.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudWatch log groups found with metric filters or alarms associated.", - "metadata": { - "event_code": "cloudwatch_changes_to_network_acls_alarm_configured", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudWatch log groups found with metric filters or alarms associated.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Logging and Monitoring", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_6_1", - "3_6_2", - "3_12_4" - ], - "HIPAA": [ - "164_308_a_6_i" - ], - "SOC2": [ - "cc_5_2", - "cc_7_2", - "cc_7_3", - "cc_7_4" - ], - "C5-2025": [ - "OIS-04.03B", - "OIS-04.01AC", - "OIS-04.02AC", - "HR-03.02AC", - "AM-09.03AC", - "OPS-11.02AC", - "OPS-13.03AC", - "OPS-26.05B", - "OPS-26.01AS", - "OPS-26.06B", - "PSS-04.01B" - ], - "NIST-CSF-1.1": [ - "ae_5", - "cm_2", - "cm_5", - "cp_4", - "ra_5" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-4", - "au-6-1-3", - "au-7-1", - "ca-7-a-b", - "ir-4-1", - "ir-4-1", - "si-4-2", - "si-4-4", - "si-4-5", - "si-4-a-b-c" - ], - "CIS-3.0": [ - "4.11" - ], - "NIST-800-53-Revision-5": [ - "au_6_1", - "au_6_5", - "au_12_3", - "au_14_a", - "au_14_b", - "ca_2_2", - "ca_7", - "ca_7_b", - "pm_14_a_1", - "pm_14_b", - "pm_31", - "sc_36_1_a", - "si_2_a", - "si_4_12", - "si_5_1", - "si_5_b" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "4.11" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "ca-7", - "ir-4" - ], - "FFIEC": [ - "d5-dr-de-b-1", - "d5-dr-de-b-3" - ], - "CIS-5.0": [ - "4.11" - ], - "CIS-1.4": [ - "4.11" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR02", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN02.AR01", - "CCC.Core.CN09.AR03", - "CCC.Core.CN04.AR01" - ], - "ProwlerThreatScore-1.0": [ - "3.3.12" - ], - "CIS-1.5": [ - "4.11" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP04" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "NIST-800-53-Revision-4": [ - "ac_2_4", - "au_6_1", - "au_6_3", - "au_7_1", - "ca_7", - "ir_4_1", - "si_4_2", - "si_4_4", - "si_4_5", - "si_4" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1496" - ], - "CIS-2.0": [ - "4.11" - ], - "NIS2": [ - "2.2.3", - "3.2.3.a", - "3.2.3.c", - "3.2.3.f", - "6.4.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure a log metric filter and alarm exist for changes to Network Access Control Lists (NACL).", - "title": "Ensure a log metric filter and alarm exist for changes to Network Access Control Lists (NACL).", - "types": [ - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudwatch_changes_to_network_acls_alarm_configured-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudwatch" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudWatchAlarm", - "uid": "arn:aws:logs:us-east-1:211203495394:log-group" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "It is recommended that a metric filter and alarm be established for unauthorized requests.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html" - ] - }, - "risk_details": "Monitoring unauthorized API calls will help reveal application errors and may reduce time to detect malicious activity.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudWatch log groups found with metric filters or alarms associated.", - "metadata": { - "event_code": "cloudwatch_changes_to_network_gateways_alarm_configured", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudWatch log groups found with metric filters or alarms associated.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Logging and Monitoring", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_6_1", - "3_6_2", - "3_12_4" - ], - "HIPAA": [ - "164_308_a_6_i" - ], - "SOC2": [ - "cc_5_2", - "cc_7_2", - "cc_7_3", - "cc_7_4" - ], - "C5-2025": [ - "OIS-04.03B", - "OIS-04.01AC", - "OIS-04.02AC", - "HR-03.02AC", - "AM-09.03AC", - "OPS-11.02AC", - "OPS-13.03AC", - "OPS-26.05B", - "OPS-26.01AS", - "OPS-26.06B", - "COS-03.02B", - "PSS-04.01B" - ], - "NIST-CSF-1.1": [ - "ae_5", - "cm_2", - "cm_5", - "cp_4", - "ra_5" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-4", - "au-6-1-3", - "au-7-1", - "ca-7-a-b", - "ir-4-1", - "ir-4-1", - "si-4-2", - "si-4-4", - "si-4-5", - "si-4-a-b-c" - ], - "CIS-3.0": [ - "4.12" - ], - "NIST-800-53-Revision-5": [ - "au_6_1", - "au_6_5", - "au_12_3", - "au_14_a", - "au_14_b", - "ca_2_2", - "ca_7", - "ca_7_b", - "pm_14_a_1", - "pm_14_b", - "pm_31", - "sc_36_1_a", - "si_2_a", - "si_4_12", - "si_5_1", - "si_5_b" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "4.12" - ], - "FedRAMP-Low-Revision-4": [ - "ir-4" - ], - "FFIEC": [ - "d5-dr-de-b-1", - "d5-dr-de-b-3" - ], - "CIS-5.0": [ - "4.12" - ], - "CIS-1.4": [ - "4.12" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR02", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN02.AR01", - "CCC.Core.CN09.AR03", - "CCC.Core.CN04.AR01" - ], - "ProwlerThreatScore-1.0": [ - "3.3.13" - ], - "CIS-1.5": [ - "4.12" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP04" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "NIST-800-53-Revision-4": [ - "ac_2_4", - "au_6_1", - "au_6_3", - "au_7_1", - "ca_7", - "ir_4_1", - "si_4_2", - "si_4_4", - "si_4_5", - "si_4" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1496" - ], - "CIS-2.0": [ - "4.12" - ], - "NIS2": [ - "2.2.3", - "3.2.3.a", - "3.2.3.c", - "3.2.3.f", - "3.2.4", - "6.4.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure a log metric filter and alarm exist for changes to network gateways.", - "title": "Ensure a log metric filter and alarm exist for changes to network gateways.", - "types": [ - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudwatch_changes_to_network_gateways_alarm_configured-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudwatch" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudWatchAlarm", - "uid": "arn:aws:logs:us-east-1:211203495394:log-group" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "It is recommended that a metric filter and alarm be established for unauthorized requests.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html" - ] - }, - "risk_details": "Monitoring unauthorized API calls will help reveal application errors and may reduce time to detect malicious activity.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudWatch log groups found with metric filters or alarms associated.", - "metadata": { - "event_code": "cloudwatch_changes_to_network_route_tables_alarm_configured", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudWatch log groups found with metric filters or alarms associated.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_6_1", - "3_6_2", - "3_12_4" - ], - "HIPAA": [ - "164_308_a_6_i" - ], - "SOC2": [ - "cc_5_2", - "cc_7_2", - "cc_7_3", - "cc_7_4" - ], - "C5-2025": [ - "OIS-04.03B", - "OIS-04.01AC", - "OIS-04.02AC", - "HR-03.02AC", - "AM-09.03AC", - "OPS-13.03AC", - "OPS-26.06B", - "COS-03.02B", - "PSS-04.01B" - ], - "NIST-CSF-1.1": [ - "ae_5", - "cm_2", - "cm_5", - "cp_4", - "ra_5" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-4", - "au-6-1-3", - "au-7-1", - "ca-7-a-b", - "ir-4-1", - "ir-4-1", - "si-4-2", - "si-4-4", - "si-4-5", - "si-4-a-b-c" - ], - "CIS-3.0": [ - "4.13" - ], - "NIST-800-53-Revision-5": [ - "au_6_1", - "au_6_5", - "au_12_3", - "au_14_a", - "au_14_b", - "ca_2_2", - "ca_7", - "ca_7_b", - "pm_14_a_1", - "pm_14_b", - "pm_31", - "sc_36_1_a", - "si_2_a", - "si_4_12", - "si_5_1", - "si_5_b" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "4.13" - ], - "FedRAMP-Low-Revision-4": [ - "ir-4" - ], - "FFIEC": [ - "d5-dr-de-b-1", - "d5-dr-de-b-3" - ], - "CIS-5.0": [ - "4.13" - ], - "CIS-1.4": [ - "4.13" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR02", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN02.AR01", - "CCC.Core.CN09.AR03", - "CCC.Core.CN04.AR01" - ], - "ProwlerThreatScore-1.0": [ - "3.3.14" - ], - "CIS-1.5": [ - "4.13" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP04" - ], - "NIST-800-53-Revision-4": [ - "ac_2_4", - "au_6_1", - "au_6_3", - "au_7_1", - "ca_7", - "ir_4_1", - "si_4_2", - "si_4_4", - "si_4_5", - "si_4" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1496" - ], - "CIS-2.0": [ - "4.13" - ], - "NIS2": [ - "2.2.3", - "3.2.3.a", - "3.2.3.f", - "3.2.4", - "6.4.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Real-time monitoring of API calls can be achieved by directing Cloud Trail Logs to CloudWatch Logs, or an external Security information and event management (SIEM)environment, and establishing corresponding metric filters and alarms. Routing tablesare used to route network traffic between subnets and to network gateways. It isrecommended that a metric filter and alarm be established for changes to route tables.", - "title": "Ensure route table changes are monitored", - "types": [ - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudwatch_changes_to_network_route_tables_alarm_configured-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudwatch" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudWatchAlarm", - "uid": "arn:aws:logs:us-east-1:211203495394:log-group" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "If you are using CloudTrails and CloudWatch, perform the following to setup the metric filter, alarm, SNS topic, and subscription: 1. Create a metric filter based on filter pattern provided which checks for route table changes and the taken from audit step 1. aws logs put-metric-filter --log-group-name -- filter-name `` --metric-transformations metricName= `` ,metricNamespace='CISBenchmark',metricValue=1 --filter-pattern '{($.eventSource = ec2.amazonaws.com) && (($.eventName = CreateRoute) || ($.eventName = CreateRouteTable) || ($.eventName = ReplaceRoute) || ($.eventName = ReplaceRouteTableAssociation) || ($.eventName = DeleteRouteTable) || ($.eventName = DeleteRoute) || ($.eventName = DisassociateRouteTable)) }' Note: You can choose your own metricName and metricNamespace strings. Using the same metricNamespace for all Foundations Benchmark metrics will group them together. 2. Create an SNS topic that the alarm will notify aws sns create-topic --name Note: you can execute this command once and then re-use the same topic for all monitoring alarms. 3. Create an SNS subscription to the topic created in step 2 aws sns subscribe --topic-arn --protocol - -notification-endpoint Note: you can execute this command once and then re-use the SNS subscription for all monitoring alarms. 4. Create an alarm that is associated with the CloudWatch Logs Metric Filter created in step 1 and an SNS topic created in step 2 aws cloudwatch put-metric-alarm --alarm-name `` --metric-name `` --statistic Sum --period 300 - -threshold 1 --comparison-operator GreaterThanOrEqualToThreshold -- evaluation-periods 1 --namespace 'CISBenchmark' --alarm-actions ", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html" - ] - }, - "risk_details": "CloudWatch is an AWS native service that allows you to ob serve and monitor resources and applications. CloudTrail Logs can also be sent to an external Security informationand event management (SIEM) environment for monitoring and alerting.Monitoring changes to route tables will help ensure that all VPC traffic flows through anexpected path and prevent any accidental or intentional modifications that may lead touncontrolled network traffic. An alarm should be triggered every time an AWS API call isperformed to create, replace, delete, or disassociate a Route Table.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudWatch log groups found with metric filters or alarms associated.", - "metadata": { - "event_code": "cloudwatch_changes_to_vpcs_alarm_configured", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudWatch log groups found with metric filters or alarms associated.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Logging and Monitoring", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_6_1", - "3_6_2", - "3_12_4" - ], - "HIPAA": [ - "164_308_a_6_i" - ], - "SOC2": [ - "cc_5_2", - "cc_7_2", - "cc_7_3", - "cc_7_4" - ], - "C5-2025": [ - "OIS-04.03B", - "OIS-04.01AC", - "OIS-04.02AC", - "HR-03.02AC", - "AM-09.03AC", - "OPS-11.02AC", - "OPS-13.03AC", - "OPS-26.05B", - "OPS-26.01AS", - "OPS-26.06B", - "COS-03.02B", - "PSS-04.01B" - ], - "NIST-CSF-1.1": [ - "ae_5", - "cm_2", - "cm_5", - "cp_4", - "ra_5" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-4", - "au-6-1-3", - "au-7-1", - "ca-7-a-b", - "ir-4-1", - "ir-4-1", - "si-4-2", - "si-4-4", - "si-4-5", - "si-4-a-b-c" - ], - "CIS-3.0": [ - "4.14" - ], - "NIST-800-53-Revision-5": [ - "au_6_1", - "au_6_5", - "au_12_3", - "au_14_a", - "au_14_b", - "ca_2_2", - "ca_7", - "ca_7_b", - "pm_14_a_1", - "pm_14_b", - "pm_31", - "sc_36_1_a", - "si_2_a", - "si_4_12", - "si_5_1", - "si_5_b" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "4.14" - ], - "FedRAMP-Low-Revision-4": [ - "ir-4" - ], - "FFIEC": [ - "d5-dr-de-b-1", - "d5-dr-de-b-3" - ], - "CIS-5.0": [ - "4.14" - ], - "CIS-1.4": [ - "4.14" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR02", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN02.AR01", - "CCC.Core.CN09.AR03", - "CCC.Core.CN04.AR01" - ], - "ProwlerThreatScore-1.0": [ - "3.3.15" - ], - "CIS-1.5": [ - "4.14" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP04" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "NIST-800-53-Revision-4": [ - "ac_2_4", - "au_6_1", - "au_6_3", - "au_7_1", - "ca_7", - "ir_4_1", - "si_4_2", - "si_4_4", - "si_4_5", - "si_4" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1496" - ], - "CIS-2.0": [ - "4.14" - ], - "NIS2": [ - "2.2.3", - "3.2.3.c", - "3.2.3.f", - "3.2.4", - "6.4.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure a log metric filter and alarm exist for VPC changes.", - "title": "Ensure a log metric filter and alarm exist for VPC changes.", - "types": [ - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudwatch_changes_to_vpcs_alarm_configured-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudwatch" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudWatchAlarm", - "uid": "arn:aws:logs:us-east-1:211203495394:log-group" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "It is recommended that a metric filter and alarm be established for unauthorized requests.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html" - ] - }, - "risk_details": "Monitoring unauthorized API calls will help reveal application errors and may reduce time to detect malicious activity.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "CloudWatch doesn't allow cross-account sharing.", - "metadata": { - "event_code": "cloudwatch_cross_account_sharing_disabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "CloudWatch doesn't allow cross-account sharing.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/Cross-Account-Cross-Region.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-04.01AC", - "PSS-04.01B" - ], - "ENS-RD2022": [ - "op.acc.4.aws.iam.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.2", - "2.10.1", - "2.10.2" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC03-BP01" - ], - "KISA-ISMS-P-2023": [ - "2.6.2", - "2.10.1", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Check if CloudWatch has allowed cross-account sharing.", - "title": "Check if CloudWatch has allowed cross-account sharing.", - "types": [ - "Logging and Monitoring" - ], - "uid": "prowler-aws-cloudwatch_cross_account_sharing_disabled-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudwatch" - }, - "labels": [], - "name": "211203495394", - "type": "AwsAccount", - "uid": "arn:aws:iam:us-east-1:211203495394:role" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Grant usage permission on a per-resource basis to enforce least privilege and Zero Trust principles.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/Cross-Account-Cross-Region.html" - ] - }, - "risk_details": "Cross-Account access to CloudWatch could increase the risk of compromising information between accounts.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Log Group /aws/rds/cluster/ex-rds/postgresql does not have AWS KMS keys associated.", - "metadata": { - "event_code": "cloudwatch_log_group_kms_encryption_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Log Group /aws/rds/cluster/ex-rds/postgresql does not have AWS KMS keys associated.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/cli/latest/reference/logs/associate-kms-key.html", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_3_8", - "3_13_11", - "3_13_16" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_1_3" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_308_a_4_ii_a", - "164_312_a_2_iv", - "164_312_e_2_ii" - ], - "SOC2": [ - "cc_7_3" - ], - "C5-2025": [ - "OIS-04.01AC", - "OIS-08.02B", - "AM-01.01AC", - "OPS-11.02AC", - "OPS-13.03B", - "OPS-14.03B", - "OPS-26.05B", - "OPS-26.01AS", - "OPS-31.01B", - "IAM-07.03B", - "CRY-01.02AC", - "CRY-05.02B", - "CRY-05.01AC", - "PSS-04.01B", - "PSS-04.04B", - "PSS-12.02B" - ], - "NIST-CSF-1.1": [ - "ds_1" - ], - "FedRamp-Moderate-Revision-4": [ - "au-9", - "sc-28" - ], - "NIST-800-53-Revision-5": [ - "au_9_3", - "cp_9_d", - "sc_8_3", - "sc_8_4", - "sc_13_a", - "sc_28_1", - "si_19_4" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "PCI-4.0": [ - "10.3.2.3", - "10.3.3.5", - "10.3.4.4", - "3.5.1.4", - "8.3.2.8", - "A1.2.1.9" - ], - "FedRAMP-Low-Revision-4": [ - "au-9" - ], - "GDPR": [ - "article_32" - ], - "PCI-3.2.1": [ - "3.4", - "3.4.1", - "3.4.1.a", - "3.4.1.c", - "3.4.a", - "3.4.b", - "3.4.d", - "8.2", - "8.2.1", - "8.2.1.a" - ], - "GxP-EU-Annex-11": [ - "7.1-data-storage-damage-protection" - ], - "CCC": [ - "CCC.Monitor.CN04.AR01", - "CCC.Core.CN09.AR03", - "CCC.Core.CN02.AR01", - "CCC.Core.CN04.AR03" - ], - "GxP-21-CFR-Part-11": [ - "11.30" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP02" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.15", - "A.8.16", - "A.8.24" - ], - "NIST-800-53-Revision-4": [ - "au_9", - "sc_28" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1040" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Check if CloudWatch log groups are protected by AWS KMS.", - "title": "Check if CloudWatch log groups are protected by AWS KMS.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-cloudwatch_log_group_kms_encryption_enabled-211203495394-eu-west-1-/aws/rds/cluster/ex-rds/postgresql" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:logs:eu-west-1:211203495394:log-group:/aws/rds/cluster/ex-rds/postgresql:*", - "name": "/aws/rds/cluster/ex-rds/postgresql", - "retention_days": 7, - "never_expire": false, - "kms_id": null, - "region": "eu-west-1", - "log_streams": {}, - "tags": [] - } - }, - "group": { - "name": "cloudwatch" - }, - "labels": [], - "name": "/aws/rds/cluster/ex-rds/postgresql", - "type": "Other", - "uid": "arn:aws:logs:eu-west-1:211203495394:log-group:/aws/rds/cluster/ex-rds/postgresql:*" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Associate KMS Key with Cloudwatch log group.", - "references": [ - "https://docs.aws.amazon.com/cli/latest/reference/logs/associate-kms-key.html" - ] - }, - "risk_details": "Using customer managed KMS to encrypt CloudWatch log group provide additional confidentiality and control over the log data.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Log Group /aws/vpc-flow-log/vpc-007d791b9b857543e does not have AWS KMS keys associated.", - "metadata": { - "event_code": "cloudwatch_log_group_kms_encryption_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Log Group /aws/vpc-flow-log/vpc-007d791b9b857543e does not have AWS KMS keys associated.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/cli/latest/reference/logs/associate-kms-key.html", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_3_8", - "3_13_11", - "3_13_16" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_1_3" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_308_a_4_ii_a", - "164_312_a_2_iv", - "164_312_e_2_ii" - ], - "SOC2": [ - "cc_7_3" - ], - "C5-2025": [ - "OIS-04.01AC", - "OIS-08.02B", - "AM-01.01AC", - "OPS-11.02AC", - "OPS-13.03B", - "OPS-14.03B", - "OPS-26.05B", - "OPS-26.01AS", - "OPS-31.01B", - "IAM-07.03B", - "CRY-01.02AC", - "CRY-05.02B", - "CRY-05.01AC", - "PSS-04.01B", - "PSS-04.04B", - "PSS-12.02B" - ], - "NIST-CSF-1.1": [ - "ds_1" - ], - "FedRamp-Moderate-Revision-4": [ - "au-9", - "sc-28" - ], - "NIST-800-53-Revision-5": [ - "au_9_3", - "cp_9_d", - "sc_8_3", - "sc_8_4", - "sc_13_a", - "sc_28_1", - "si_19_4" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "PCI-4.0": [ - "10.3.2.3", - "10.3.3.5", - "10.3.4.4", - "3.5.1.4", - "8.3.2.8", - "A1.2.1.9" - ], - "FedRAMP-Low-Revision-4": [ - "au-9" - ], - "GDPR": [ - "article_32" - ], - "PCI-3.2.1": [ - "3.4", - "3.4.1", - "3.4.1.a", - "3.4.1.c", - "3.4.a", - "3.4.b", - "3.4.d", - "8.2", - "8.2.1", - "8.2.1.a" - ], - "GxP-EU-Annex-11": [ - "7.1-data-storage-damage-protection" - ], - "CCC": [ - "CCC.Monitor.CN04.AR01", - "CCC.Core.CN09.AR03", - "CCC.Core.CN02.AR01", - "CCC.Core.CN04.AR03" - ], - "GxP-21-CFR-Part-11": [ - "11.30" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP02" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.15", - "A.8.16", - "A.8.24" - ], - "NIST-800-53-Revision-4": [ - "au_9", - "sc_28" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1040" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Check if CloudWatch log groups are protected by AWS KMS.", - "title": "Check if CloudWatch log groups are protected by AWS KMS.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-cloudwatch_log_group_kms_encryption_enabled-211203495394-eu-west-1-/aws/vpc-flow-log/vpc-007d791b9b857543e" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:logs:eu-west-1:211203495394:log-group:/aws/vpc-flow-log/vpc-007d791b9b857543e:*", - "name": "/aws/vpc-flow-log/vpc-007d791b9b857543e", - "retention_days": 9999, - "never_expire": true, - "kms_id": null, - "region": "eu-west-1", - "log_streams": { - "eni-0cd4fcd4819d5a0b7-all": [ - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899031000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899031 1760899115 - NODATA", - "ingestionTime": 1760899139926, - "eventId": "39269360610670476915885218594189694963071457059547512832" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899046000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899046 1760899127 - NODATA", - "ingestionTime": 1760899149250, - "eventId": "39269360945181654893844565728497413038571606956274024448" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899064000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899064 1760899142 - NODATA", - "ingestionTime": 1760899171015, - "eventId": "39269361346595068467395782302452507265231831869047177216" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899065000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899065 1760899140 - NODATA", - "ingestionTime": 1760899161481, - "eventId": "39269361368895813665926405432462355128969412946093211648" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899074000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899074 1760899154 - NODATA", - "ingestionTime": 1760899180685, - "eventId": "39269361569602520452702013729500161457508911822151876608" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899087000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899087 1760899164 - NODATA", - "ingestionTime": 1760899188926, - "eventId": "39269361859512208033600114579426962274716549575521730560" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899093000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899093 1760899177 - NODATA", - "ingestionTime": 1760899202942, - "eventId": "39269361993316679224783853445585976414341769780327874560" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899096000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899096 1760899173 - NODATA", - "ingestionTime": 1760899189534, - "eventId": "39269362060218914820375722853983829530393030289362518016" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899107000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899107 1760899183 - NODATA", - "ingestionTime": 1760899208282, - "eventId": "39269362305527112004212577433541251354104638611981205504" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899120000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899120 1760899194 - NODATA", - "ingestionTime": 1760899249444, - "eventId": "39269362595436799585110678323267367353868490709992013824" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899124000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899124 1760899204 - NODATA", - "ingestionTime": 1760899231189, - "eventId": "39269362684639780379233170867341403349163730796893896704" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899145000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899145 1760899226 - NODATA", - "ingestionTime": 1760899248783, - "eventId": "39269363152955429548376256860861233320174442224344956928" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899153000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899153 1760899239 - NODATA", - "ingestionTime": 1760899262856, - "eventId": "39269363331361391136621242010160382151535307798841524224" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899156000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899156 1760899233 - NODATA", - "ingestionTime": 1760899251214, - "eventId": "39269363398263626732213111420693427286550341112125521920" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899167000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899167 1760899245 - NODATA", - "ingestionTime": 1760899267593, - "eventId": "39269363643571823916049965997386872465211874059378688000" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899181000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899181 1760899254 - NODATA", - "ingestionTime": 1760899309470, - "eventId": "39269363955782256695478690029513573287107439005186064384" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899184000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899184 1760899260 - NODATA", - "ingestionTime": 1760899280418, - "eventId": "39269364022684492291070559418998784362727835457823440896" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899187000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899187 1760899266 - NODATA", - "ingestionTime": 1760899289733, - "eventId": "39269364089586727886662428854866949624521773410794864640" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899194000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899194 1760899275 - NODATA", - "ingestionTime": 1760899299733, - "eventId": "39269364245691944276376790857706543416476686971921301504" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899204000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899204 1760899286 - NODATA", - "ingestionTime": 1760899309875, - "eventId": "39269364468699396261683022285324313923175968945211310080" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899213000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899213 1760899293 - NODATA", - "ingestionTime": 1760899319552, - "eventId": "39269364669406103048458630570844658358774455533122027520" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899215000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899215 1760899293 - NODATA", - "ingestionTime": 1760899311165, - "eventId": "39269364714007593445519876843776711888539935711792070656" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899227000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899227 1760899304 - NODATA", - "ingestionTime": 1760899327528, - "eventId": "39269364981616535827887354561987052343875666657387479040" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899241000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899241 1760899314 - NODATA", - "ingestionTime": 1760899369674, - "eventId": "39269365293826968607316078594438607167353915397586354176" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899245000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899245 1760899321 - NODATA", - "ingestionTime": 1760899340795, - "eventId": "39269365383029949401438571125668891064507806525688119296" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899247000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899247 1760899325 - NODATA", - "ingestionTime": 1760899349747, - "eventId": "39269365427631439798499817419562686664009994535042416640" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899248000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899248 1760899335 - NODATA", - "ingestionTime": 1760899361737, - "eventId": "39269365449932184997030440575593663755083845328799662080" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899263000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899263 1760899343 - NODATA", - "ingestionTime": 1760899367618, - "eventId": "39269365784443362974989787705738802661146729846819127296" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899271000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899271 1760899355 - NODATA", - "ingestionTime": 1760899379484, - "eventId": "39269365962849324563234772852369513371529050589700489216" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899276000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899276 1760899352 - NODATA", - "ingestionTime": 1760899371708, - "eventId": "39269366074353050555887888550647785025367173779549388800" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899287000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899287 1760899364 - NODATA", - "ingestionTime": 1760899389077, - "eventId": "39269366319661247739724743128538737171054749321939386368" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899303000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899303 1760899375 - NODATA", - "ingestionTime": 1760899431081, - "eventId": "39269366676473170916214713443889494423911819403013455872" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899305000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899305 1760899381 - NODATA", - "ingestionTime": 1760899400414, - "eventId": "39269366721074661313275959689886924638672932144373039104" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899307000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899307 1760899386 - NODATA", - "ingestionTime": 1760899408511, - "eventId": "39269366765676151710337205982746961466829488763300806656" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899314000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899314 1760899394 - NODATA", - "ingestionTime": 1760899420747, - "eventId": "39269366921781368100051567988289637575888457293160448000" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899322000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899322 1760899403 - NODATA", - "ingestionTime": 1760899428007, - "eventId": "39269367100187329688296553129352064058383779008465076224" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899334000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899334 1760899412 - NODATA", - "ingestionTime": 1760899429660, - "eventId": "39269367367796272070664030829778877118210560333827080192" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899336000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899336 1760899417 - NODATA", - "ingestionTime": 1760899442053, - "eventId": "39269367412397762467725277127832967444140093911955144704" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899349000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899349 1760899424 - NODATA", - "ingestionTime": 1760899449340, - "eventId": "39269367702307450048623377976606737167794200106263445504" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899361000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899361 1760899432 - NODATA", - "ingestionTime": 1760899491027, - "eventId": "39269367969916392430990855725431353246427732075437621248" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899363000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899363 1760899441 - NODATA", - "ingestionTime": 1760899460257, - "eventId": "39269368014517882828052101971304249414101267847896170496" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899365000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899365 1760899446 - NODATA", - "ingestionTime": 1760899468665, - "eventId": "39269368059119373225113348264540584396392034426105430016" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899375000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899375 1760899455 - NODATA", - "ingestionTime": 1760899481555, - "eventId": "39269368282126825210419579695480504500212685656322080768" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899383000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899383 1760899467 - NODATA", - "ingestionTime": 1760899487567, - "eventId": "39269368460532786798664564835034776331022815284839055360" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899393000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899393 1760899476 - NODATA", - "ingestionTime": 1760899500793, - "eventId": "39269368683540238783970796266381102896276266334347132928" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899398000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899398 1760899475 - NODATA", - "ingestionTime": 1760899489169, - "eventId": "39269368795043964776623911960006811116316914335348031488" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899409000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899409 1760899487 - NODATA", - "ingestionTime": 1760899507600, - "eventId": "39269369040352161960460766539181708866508225546449846272" - } - ], - "eni-0eee78be32276dc65-all": [ - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899032000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899032 1760899109 - NODATA", - "ingestionTime": 1760899134945, - "eventId": "39269360632971222114415841729703527226207967234779774976" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899043000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899043 1760899120 - NODATA", - "ingestionTime": 1760899144884, - "eventId": "39269360878279419298252696298611781813145246086503727104" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899052000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899052 1760899132 - NODATA", - "ingestionTime": 1760899154887, - "eventId": "39269361078986126085028304584526361316447343074608021504" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899063000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899063 1760899141 - NODATA", - "ingestionTime": 1760899164127, - "eventId": "39269361324294323268865159152589586655311491293203202048" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899066000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899066 1760899146 - NODATA", - "ingestionTime": 1760899173383, - "eventId": "39269361391196558864457028588387002206051139308865585152" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899070000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899070 1760899140 - NODATA", - "ingestionTime": 1760899156170, - "eventId": "39269361480399539658579521133720174781408048766989828096" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899074000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899074 1760899155 - NODATA", - "ingestionTime": 1760899186448, - "eventId": "39269361569602520452702013736466909309389429082721353728" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899096000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899096 1760899175 - NODATA", - "ingestionTime": 1760899197470, - "eventId": "39269362060218914820375722863577669461616015304736112640" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899107000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899107 1760899182 - NODATA", - "ingestionTime": 1760899205402, - "eventId": "39269362305527112004212577430059792118031670795614355456" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899124000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899124 1760899200 - NODATA", - "ingestionTime": 1760899224570, - "eventId": "39269362684639780379233170859339700182272340779870912512" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899127000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899127 1760899206 - NODATA", - "ingestionTime": 1760899231868, - "eventId": "39269362751542015974825040292769706477577608203599740928" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899130000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899130 1760899200 - NODATA", - "ingestionTime": 1760899216262, - "eventId": "39269362818444251570416909698510075089137464840133804032" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899133000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899133 1760899215 - NODATA", - "ingestionTime": 1760899246210, - "eventId": "39269362885346487166008779159322407412871585528894324736" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899153000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899153 1760899230 - NODATA", - "ingestionTime": 1760899251400, - "eventId": "39269363331361391136621241996311121221405119004043444224" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899157000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899157 1760899235 - NODATA", - "ingestionTime": 1760899258021, - "eventId": "39269363420564371930743734570458344598590417900065914880" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899167000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899167 1760899242 - NODATA", - "ingestionTime": 1760899266548, - "eventId": "39269363643571823916049965996123562950678726130113904640" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899174000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899174 1760899250 - NODATA", - "ingestionTime": 1760899275556, - "eventId": "39269363799677040305764327997764003167285750075715420160" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899183000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899183 1760899262 - NODATA", - "ingestionTime": 1760899284289, - "eventId": "39269364000383747092539936282143032915656252264968749056" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899187000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899187 1760899266 - NODATA", - "ingestionTime": 1760899291413, - "eventId": "39269364089586727886662428856898380600297619606114140160" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899190000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899190 1760899260 - NODATA", - "ingestionTime": 1760899276225, - "eventId": "39269364156488963482254298263144306458468370593886044160" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899193000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899193 1760899277 - NODATA", - "ingestionTime": 1760899303806, - "eventId": "39269364223391199077846167721094564420197117221625790464" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899196000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899196 1760899260 - NODATA", - "ingestionTime": 1760899334586, - "eventId": "39269364290293434673438037182912416456716008702408523776" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899213000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899213 1760899289 - NODATA", - "ingestionTime": 1760899311121, - "eventId": "39269364669406103048458630560652132630159455450075103232" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899216000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899216 1760899295 - NODATA", - "ingestionTime": 1760899318499, - "eventId": "39269364736308338644050499994179034332937535505210343424" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899227000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899227 1760899305 - NODATA", - "ingestionTime": 1760899326390, - "eventId": "39269364981616535827887354560611681081931410087592263680" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899232 1760899310 - NODATA", - "ingestionTime": 1760899336203, - "eventId": "39269365093120261820540470280153350599481452527376269312" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899243000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899243 1760899323 - NODATA", - "ingestionTime": 1760899343742, - "eventId": "39269365338428459004377324846160248388421245006660304896" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899249000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899249 1760899320 - NODATA", - "ingestionTime": 1760899336117, - "eventId": "39269365472232930195561063686156260435021330376417148928" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899249000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899249 1760899327 - NODATA", - "ingestionTime": 1760899352321, - "eventId": "39269365472232930195561063705745793873400791408967090176" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899251000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899251 1760899336 - NODATA", - "ingestionTime": 1760899367212, - "eventId": "39269365516834420592622310006819254946281577326604779520" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899274000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899274 1760899353 - NODATA", - "ingestionTime": 1760899373962, - "eventId": "39269366029751560158826642270301412512888178252004589568" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899274000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899274 1760899355 - NODATA", - "ingestionTime": 1760899379402, - "eventId": "39269366029751560158826642276877930662977506319400042496" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899284000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899284 1760899362 - NODATA", - "ingestionTime": 1760899386982, - "eventId": "39269366252759012144132873701398387328881161898128637952" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899294000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899294 1760899372 - NODATA", - "ingestionTime": 1760899394477, - "eventId": "39269366475766464129439105125816695702172340211787300864" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899303000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899303 1760899383 - NODATA", - "ingestionTime": 1760899405478, - "eventId": "39269366676473170916214713412937602135678394228114522112" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899308000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899308 1760899386 - NODATA", - "ingestionTime": 1760899413706, - "eventId": "39269366787976896908867829130563046940109806326346612736" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899310000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899310 1760899380 - NODATA", - "ingestionTime": 1760899397821, - "eventId": "39269366832578387305929075394430702698688020571642724352" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899314000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899314 1760899397 - NODATA", - "ingestionTime": 1760899425864, - "eventId": "39269366921781368100051567994475576217536599340043665408" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899334000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899334 1760899415 - NODATA", - "ingestionTime": 1760899441656, - "eventId": "39269367367796272070664030844281469904033722035045597184" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899335000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899335 1760899410 - NODATA", - "ingestionTime": 1760899430876, - "eventId": "39269367390097017269194653972784979191565215734678749184" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899347000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899347 1760899423 - NODATA", - "ingestionTime": 1760899447684, - "eventId": "39269367657705959651562131691532913759489711811767500800" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899354000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899354 1760899432 - NODATA", - "ingestionTime": 1760899456589, - "eventId": "39269367813811176041276493693048475725746690637326057472" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899363000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899363 1760899442 - NODATA", - "ingestionTime": 1760899463202, - "eventId": "39269368014517882828052101974864753397017949679660957696" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899367000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899367 1760899446 - NODATA", - "ingestionTime": 1760899472723, - "eventId": "39269368103720863622174594552517552425934392550237077504" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899371000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899371 1760899440 - NODATA", - "ingestionTime": 1760899455859, - "eventId": "39269368192923844416297087098273510881125605169948065792" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899375000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899375 1760899457 - NODATA", - "ingestionTime": 1760899487495, - "eventId": "39269368282126825210419579702662044707283407383455531008" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899392000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899392 1760899469 - NODATA", - "ingestionTime": 1760899490579, - "eventId": "39269368661239493585440173112497448504418584276237156352" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899394000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899394 1760899475 - NODATA", - "ingestionTime": 1760899499905, - "eventId": "39269368705840983982501419406842983598809204891447328768" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899404000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899404 1760899481 - NODATA", - "ingestionTime": 1760899505766, - "eventId": "39269368928848435967807650829285727947167171314158731264" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899410000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899410 1760899487 - NODATA", - "ingestionTime": 1760899518280, - "eventId": "39269369062652907158991389693628934917572999196216262656" - } - ], - "eni-0c1065c914ddc0b88-all": [ - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899033000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899033 1760899111 - NODATA", - "ingestionTime": 1760899131705, - "eventId": "39269360655271967312946464867322652502059743183076327424" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899040000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899040 1760899118 - NODATA", - "ingestionTime": 1760899137950, - "eventId": "39269360811377183702660826865622290103622366602256842752" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899046000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899046 1760899124 - NODATA", - "ingestionTime": 1760899144556, - "eventId": "39269360945181654893844565722822361767392100902754582528" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899056000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899056 1760899132 - NODATA", - "ingestionTime": 1760899177328, - "eventId": "39269361168189106879150797177798657782901584726127869952" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899063000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899063 1760899143 - NODATA", - "ingestionTime": 1760899169949, - "eventId": "39269361324294323268865159159627891617325295385041436672" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899064000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899064 1760899140 - NODATA", - "ingestionTime": 1760899159431, - "eventId": "39269361346595068467395782288448135197190114468420583424" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899074000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899074 1760899156 - NODATA", - "ingestionTime": 1760899175275, - "eventId": "39269361569602520452702013722959486324680047180535889920" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899083000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899083 1760899166 - NODATA", - "ingestionTime": 1760899185928, - "eventId": "39269361770309227239477622009659656615414527865242583040" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899092000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899092 1760899165 - NODATA", - "ingestionTime": 1760899176075, - "eventId": "39269361971015934026253230271570081934998595329796538368" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899096000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899096 1760899172 - NODATA", - "ingestionTime": 1760899192224, - "eventId": "39269362060218914820375722857235374222277287158040035328" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899098000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899098 1760899176 - NODATA", - "ingestionTime": 1760899199417, - "eventId": "39269362104820405217436969149003084469614423673101156352" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899104000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899104 1760899183 - NODATA", - "ingestionTime": 1760899206138, - "eventId": "39269362238624876408620708006342405502528195376838868992" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899120000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899120 1760899191 - NODATA", - "ingestionTime": 1760899236584, - "eventId": "39269362595436799585110678307720767915257233185726332928" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899125000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899125 1760899200 - NODATA", - "ingestionTime": 1760899220918, - "eventId": "39269362706940525577763793996460255943460832392201109504" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899128000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899128 1760899204 - NODATA", - "ingestionTime": 1760899231844, - "eventId": "39269362773842761173355663434276318502510064397876527104" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899135000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899135 1760899213 - NODATA", - "ingestionTime": 1760899237314, - "eventId": "39269362929947977563070025431638968432093462264361123840" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899141000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899141 1760899224 - NODATA", - "ingestionTime": 1760899246469, - "eventId": "39269363063752448754253764291921197519833887840925450240" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899153000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899153 1760899221 - NODATA", - "ingestionTime": 1760899236692, - "eventId": "39269363331361391136621241978529841373228806547492372480" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899156000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899156 1760899232 - NODATA", - "ingestionTime": 1760899254316, - "eventId": "39269363398263626732213111424443243766834742078299963392" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899158000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899158 1760899236 - NODATA", - "ingestionTime": 1760899261035, - "eventId": "39269363442865117129274357715637800582458712370902073344" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899178000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899178 1760899252 - NODATA", - "ingestionTime": 1760899297290, - "eventId": "39269363888880021099886820590181698295679974565315739648" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899182000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899182 1760899260 - NODATA", - "ingestionTime": 1760899280382, - "eventId": "39269363978083001894009313135883871550789736714335223808" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899187000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899187 1760899265 - NODATA", - "ingestionTime": 1760899292137, - "eventId": "39269364089586727886662428857773429136984229455763341312" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899195000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899195 1760899273 - NODATA", - "ingestionTime": 1760899296711, - "eventId": "39269364267992689474907413995588979756838792680283045888" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899203000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899203 1760899285 - NODATA", - "ingestionTime": 1760899308052, - "eventId": "39269364446398651063152399141585090918819749021377363968" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899212000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899212 1760899281 - NODATA", - "ingestionTime": 1760899298603, - "eventId": "39269364647105357849928007403983341063954283086051934208" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899215000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899215 1760899291 - NODATA", - "ingestionTime": 1760899314667, - "eventId": "39269364714007593445519876848010854729212200078675476480" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899218000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899218 1760899297 - NODATA", - "ingestionTime": 1760899318310, - "eventId": "39269364780909829041111746277021645179191239808600047616" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899226000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899226 1760899304 - NODATA", - "ingestionTime": 1760899326316, - "eventId": "39269364959315790629356731418986118130536925037518389248" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899237000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899237 1760899311 - NODATA", - "ingestionTime": 1760899357590, - "eventId": "39269365204623987813193586013687306980555969919094620160" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899245000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899245 1760899320 - NODATA", - "ingestionTime": 1760899339320, - "eventId": "39269365383029949401438571123885830990629396754181455872" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899246000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899246 1760899324 - NODATA", - "ingestionTime": 1760899349453, - "eventId": "39269365405330694599969194277671333444670725721594920960" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899253000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899253 1760899332 - NODATA", - "ingestionTime": 1760899355965, - "eventId": "39269365561435910989683556276294226634700045831045709824" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899260000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899260 1760899342 - NODATA", - "ingestionTime": 1760899367285, - "eventId": "39269365717541127379397918280729457563060667479143677952" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899271000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899271 1760899340 - NODATA", - "ingestionTime": 1760899358012, - "eventId": "39269365962849324563234772826411456326433139600299589632" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899277000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899277 1760899358 - NODATA", - "ingestionTime": 1760899379932, - "eventId": "39269366096653795754418511702125555646941690228634025984" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899280000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899280 1760899354 - NODATA", - "ingestionTime": 1760899373791, - "eventId": "39269366163556031350010381119308943134728694973349036032" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899287000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899287 1760899365 - NODATA", - "ingestionTime": 1760899387122, - "eventId": "39269366319661247739724743126174945862220594307798401024" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899296000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899296 1760899370 - NODATA", - "ingestionTime": 1760899417363, - "eventId": "39269366520367954526500351436555808711909606142480023552" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899303000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899303 1760899380 - NODATA", - "ingestionTime": 1760899401909, - "eventId": "39269366676473170916214713408623065001550703702154543104" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899307000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899307 1760899383 - NODATA", - "ingestionTime": 1760899409238, - "eventId": "39269366765676151710337205983626119966033254102925901824" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899314000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899314 1760899394 - NODATA", - "ingestionTime": 1760899415337, - "eventId": "39269366921781368100051567981749449595694558573866647552" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899324000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899324 1760899407 - NODATA", - "ingestionTime": 1760899426496, - "eventId": "39269367144788820085357799410596776768436318073229869056" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899330000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899330 1760899401 - NODATA", - "ingestionTime": 1760899416680, - "eventId": "39269367278593291276541538247944144611040782249052209152" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899332000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899332 1760899411 - NODATA", - "ingestionTime": 1760899433019, - "eventId": "39269367323194781673602784550768585739390411542126460928" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899336000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899336 1760899417 - NODATA", - "ingestionTime": 1760899441788, - "eventId": "39269367412397762467725277127512237825223402116720689152" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899346000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899346 1760899426 - NODATA", - "ingestionTime": 1760899445148, - "eventId": "39269367635405214453031508546931419772956448249760251904" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899359000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899359 1760899432 - NODATA", - "ingestionTime": 1760899476491, - "eventId": "39269367925314902033929609424786991761781626531123036160" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899362000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899362 1760899441 - NODATA", - "ingestionTime": 1760899460671, - "eventId": "39269367992217137629521478830269449240112434646753738752" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899366000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899366 1760899443 - NODATA", - "ingestionTime": 1760899468688, - "eventId": "39269368081420118423643971406103859309591387589274501120" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899376000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899376 1760899453 - NODATA", - "ingestionTime": 1760899476785, - "eventId": "39269368304427570408950202831249919970625624526780694528" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899384000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899384 1760899466 - NODATA", - "ingestionTime": 1760899488248, - "eventId": "39269368482833531997195187977393757885480410767471214592" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899393000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899393 1760899463 - NODATA", - "ingestionTime": 1760899476616, - "eventId": "39269368683540238783970796237152821956634466018501394432" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899396000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899396 1760899472 - NODATA", - "ingestionTime": 1760899492814, - "eventId": "39269368750442474379562665681342390226297253743843213312" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899398000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899398 1760899476 - NODATA", - "ingestionTime": 1760899499578, - "eventId": "39269368795043964776623911972590426561877822674179457024" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899404000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899404 1760899483 - NODATA", - "ingestionTime": 1760899507248, - "eventId": "39269368928848435967807650831077445246919319457277739008" - } - ], - "eni-0b032bdd6415e28d2-all": [ - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899035000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899035 1760899113 - NODATA", - "ingestionTime": 1760899133136, - "eventId": "39269360699873457710007711152123610062180414944395264000" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899038000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899038 1760899114 - NODATA", - "ingestionTime": 1760899141191, - "eventId": "39269360766775693305599580586468728036916112958741348352" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899050000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899050 1760899123 - NODATA", - "ingestionTime": 1760899146046, - "eventId": "39269361034384635687967058290766595601835303791956525056" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899058000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899058 1760899131 - NODATA", - "ingestionTime": 1760899159863, - "eventId": "39269361212790597276212043439756002440073202307487825920" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899063000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899063 1760899141 - NODATA", - "ingestionTime": 1760899167762, - "eventId": "39269361324294323268865159156984140043621645568457375744" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899068000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899068 1760899140 - NODATA", - "ingestionTime": 1760899157657, - "eventId": "39269361435798049261518274852446799470266395671291756544" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899068000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899068 1760899151 - NODATA", - "ingestionTime": 1760899175983, - "eventId": "39269361435798049261518274874601161818209012954061209600" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899095000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899095 1760899173 - NODATA", - "ingestionTime": 1760899195345, - "eventId": "39269362037918169621845099719473117068327781693816504320" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899098000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899098 1760899177 - NODATA", - "ingestionTime": 1760899204131, - "eventId": "39269362104820405217436969154701463979111391750678577152" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899106000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899106 1760899186 - NODATA", - "ingestionTime": 1760899211311, - "eventId": "39269362283226366805681954295667591380534219155025690624" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899114000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899114 1760899186 - NODATA", - "ingestionTime": 1760899204393, - "eventId": "39269362461632328393926939419589915749741929816441094144" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899122000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899122 1760899203 - NODATA", - "ingestionTime": 1760899228656, - "eventId": "39269362640038289982171924581207850598435590163328860160" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899125000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899125 1760899194 - NODATA", - "ingestionTime": 1760899249065, - "eventId": "39269362706940525577763794030487974742181412238673444864" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899127000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899127 1760899200 - NODATA", - "ingestionTime": 1760899220738, - "eventId": "39269362751542015974825040279314179297414635168363315200" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899132000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899132 1760899213 - NODATA", - "ingestionTime": 1760899241591, - "eventId": "39269362863045741967478156012202532532736419493011783680" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899143000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899143 1760899223 - NODATA", - "ingestionTime": 1760899253281, - "eventId": "39269363108353939151315010583227663416625814834351243264" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899156000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899156 1760899234 - NODATA", - "ingestionTime": 1760899255488, - "eventId": "39269363398263626732213111425859902023189279008363118592" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899159000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899159 1760899237 - NODATA", - "ingestionTime": 1760899264361, - "eventId": "39269363465165862327804980861194073115574920556078891008" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899168000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899168 1760899246 - NODATA", - "ingestionTime": 1760899269260, - "eventId": "39269363665872569114580589140938428252512150847914049536" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899179000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899179 1760899253 - NODATA", - "ingestionTime": 1760899287510, - "eventId": "39269363911180766298417443719894074932119288698675789824" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899184000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899184 1760899263 - NODATA", - "ingestionTime": 1760899286796, - "eventId": "39269364022684492291070559426709282053852418506933469184" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899189000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899189 1760899260 - NODATA", - "ingestionTime": 1760899280283, - "eventId": "39269364134188218283723675126514426166813898814862065664" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899190000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899190 1760899270 - NODATA", - "ingestionTime": 1760899299057, - "eventId": "39269364156488963482254298290746226088810990608511533056" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899196000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899196 1760899280 - NODATA", - "ingestionTime": 1760899311828, - "eventId": "39269364290293434673438037155400062015818871861690368000" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899215000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899215 1760899294 - NODATA", - "ingestionTime": 1760899324767, - "eventId": "39269364714007593445519876860221022069360705824598065152" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899216000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899216 1760899291 - NODATA", - "ingestionTime": 1760899311774, - "eventId": "39269364736308338644050499986049101087749757179034533888" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899228000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899228 1760899305 - NODATA", - "ingestionTime": 1760899327496, - "eventId": "39269365003917281026417977703483983765827058252031524864" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899236000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899236 1760899313 - NODATA", - "ingestionTime": 1760899372153, - "eventId": "39269365182323242614662962889757246868346573266567036928" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899242000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899242 1760899322 - NODATA", - "ingestionTime": 1760899351210, - "eventId": "39269365316127713805846701713652516863299726898767265792" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899245000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899245 1760899316 - NODATA", - "ingestionTime": 1760899326734, - "eventId": "39269365383029949401438571108670116921054093554823528448" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899246000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899246 1760899320 - NODATA", - "ingestionTime": 1760899342709, - "eventId": "39269365405330694599969194269518376122630654525933879296" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899252000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899252 1760899335 - NODATA", - "ingestionTime": 1760899360418, - "eventId": "39269365539135165791152933140142033914622429515450417152" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899264000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899264 1760899343 - NODATA", - "ingestionTime": 1760899373218, - "eventId": "39269365806744108173520410854044313792513119479803084800" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899275000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899275 1760899355 - NODATA", - "ingestionTime": 1760899375908, - "eventId": "39269366052052305357357265414189441517385877666894970880" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899279000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899279 1760899352 - NODATA", - "ingestionTime": 1760899369219, - "eventId": "39269366141255286151479757972246010380988764276406026240" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899281000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899281 1760899359 - NODATA", - "ingestionTime": 1760899386093, - "eventId": "39269366185856776548541004275716839020567135377730371584" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899291000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899291 1760899368 - NODATA", - "ingestionTime": 1760899396136, - "eventId": "39269366408864228533847235703215102353670681361569349632" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899305000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899305 1760899382 - NODATA", - "ingestionTime": 1760899411018, - "eventId": "39269366721074661313275959702706255481084640795688894464" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899307000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899307 1760899380 - NODATA", - "ingestionTime": 1760899401309, - "eventId": "39269366765676151710337205974040218737002706934304473088" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899307000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899307 1760899377 - NODATA", - "ingestionTime": 1760899407058, - "eventId": "39269366765676151710337205980990486288538753834262528000" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899310000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899310 1760899393 - NODATA", - "ingestionTime": 1760899419461, - "eventId": "39269366832578387305929075420592256492361369792011894784" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899324000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899324 1760899404 - NODATA", - "ingestionTime": 1760899433640, - "eventId": "39269367144788820085357799419233581698511609406149165056" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899335000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899335 1760899412 - NODATA", - "ingestionTime": 1760899433908, - "eventId": "39269367390097017269194653976450088980403729997574832128" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899339000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899339 1760899418 - NODATA", - "ingestionTime": 1760899443512, - "eventId": "39269367479299998063317146554203490059711429749104771072" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899352000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899352 1760899428 - NODATA", - "ingestionTime": 1760899450328, - "eventId": "39269367769209685644215247402407859453740699287278387200" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899361000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899361 1760899433 - NODATA", - "ingestionTime": 1760899454519, - "eventId": "39269367969916392430990855681296183876299316157353951232" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899366000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899366 1760899444 - NODATA", - "ingestionTime": 1760899474591, - "eventId": "39269368081420118423643971413240484439095664219683618816" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899367000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899367 1760899442 - NODATA", - "ingestionTime": 1760899465925, - "eventId": "39269368103720863622174594544299428355023128143241412608" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899368000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899368 1760899453 - NODATA", - "ingestionTime": 1760899486443, - "eventId": "39269368126021608820705217710640157343359909657957302272" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899371000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899371 1760899440 - NODATA", - "ingestionTime": 1760899453355, - "eventId": "39269368192923844416297087095246106187430342297292636160" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899394000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899394 1760899469 - NODATA", - "ingestionTime": 1760899492226, - "eventId": "39269368705840983982501419397559717026373074890956865536" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899395000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899395 1760899474 - NODATA", - "ingestionTime": 1760899499679, - "eventId": "39269368728141729181032042548105768502328698924799033344" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899401000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899401 1760899480 - NODATA", - "ingestionTime": 1760899505761, - "eventId": "39269368861946200372215781404672778473133206005118402560" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899411000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899411 1760899487 - NODATA", - "ingestionTime": 1760899516510, - "eventId": "39269369084953652357522012833024672600503351423856934912" - } - ], - "eni-0412563bcfde47c07-all": [ - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899035000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899035 1760899115 - NODATA", - "ingestionTime": 1760899136495, - "eventId": "39269360699873457710007711156184720977592577186848636928" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899040000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899040 1760899119 - NODATA", - "ingestionTime": 1760899143305, - "eventId": "39269360811377183702660826872095664712709160858448297984" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899053000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899053 1760899129 - NODATA", - "ingestionTime": 1760899149871, - "eventId": "39269361101286871283558927719998164556081147111036944384" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899061000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899061 1760899143 - NODATA", - "ingestionTime": 1760899171229, - "eventId": "39269361279692832871803912878103970731973143505727586304" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899065000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899065 1760899134 - NODATA", - "ingestionTime": 1760899159080, - "eventId": "39269361368895813665926405429559601888144427773353132032" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899067000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899067 1760899140 - NODATA", - "ingestionTime": 1760899158188, - "eventId": "39269361413497304062987651711552518719516224710275825664" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899069000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899069 1760899153 - NODATA", - "ingestionTime": 1760899183464, - "eventId": "39269361458098794460048898025181141301956577880678137856" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899079000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899079 1760899147 - NODATA", - "ingestionTime": 1760899160601, - "eventId": "39269361681106246445355129412898811658073252175123316736" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899087000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899087 1760899166 - NODATA", - "ingestionTime": 1760899189376, - "eventId": "39269361859512208033600114579970893901776463807182798848" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899097000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899097 1760899176 - NODATA", - "ingestionTime": 1760899197279, - "eventId": "39269362082519660018906346004882537813687509194151165952" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899101000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899101 1760899179 - NODATA", - "ingestionTime": 1760899207385, - "eventId": "39269362171722640813028838583242579865759321101520076800" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899110000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899110 1760899188 - NODATA", - "ingestionTime": 1760899210660, - "eventId": "39269362372429347599804446861023392143998122008465309696" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899125000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899125 1760899194 - NODATA", - "ingestionTime": 1760899218812, - "eventId": "39269362706940525577763793993914106303142960102158041088" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899127000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899127 1760899203 - NODATA", - "ingestionTime": 1760899219418, - "eventId": "39269362751542015974825040277718476328369986825337700352" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899128000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899128 1760899200 - NODATA", - "ingestionTime": 1760899219120, - "eventId": "39269362773842761173355663418894165674178680573615538176" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899128000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899128 1760899205 - NODATA", - "ingestionTime": 1760899229665, - "eventId": "39269362773842761173355663431641781566952475279059255296" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899131000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899131 1760899216 - NODATA", - "ingestionTime": 1760899246092, - "eventId": "39269362840744996768947532876108041980772891761732091904" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899154000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899154 1760899229 - NODATA", - "ingestionTime": 1760899251163, - "eventId": "39269363353662136335151865137560078513468959389785718784" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899156000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899156 1760899234 - NODATA", - "ingestionTime": 1760899255712, - "eventId": "39269363398263626732213111426130916777394430857751101440" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899161000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899161 1760899240 - NODATA", - "ingestionTime": 1760899263829, - "eventId": "39269363509767352724866227143622613852783293494349135872" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899165000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899165 1760899246 - NODATA", - "ingestionTime": 1760899273641, - "eventId": "39269363598970333518988719721627354493523822240846249984" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899185000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899185 1760899255 - NODATA", - "ingestionTime": 1760899281581, - "eventId": "39269364044985237489601182561940566582802392043117805568" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899187000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899187 1760899274 - NODATA", - "ingestionTime": 1760899303013, - "eventId": "39269364089586727886662428870921814201369867240798355456" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899189000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899189 1760899265 - NODATA", - "ingestionTime": 1760899290113, - "eventId": "39269364134188218283723675138397685858692808796273704960" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899190000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899190 1760899260 - NODATA", - "ingestionTime": 1760899280671, - "eventId": "39269364156488963482254298268519062333023165200494231552" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899193000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899193 1760899263 - NODATA", - "ingestionTime": 1760899278795, - "eventId": "39269364223391199077846167690858269798831755613942710272" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899207000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899207 1760899286 - NODATA", - "ingestionTime": 1760899310638, - "eventId": "39269364535601631857274891710854073565882969999478882304" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899215000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899215 1760899292 - NODATA", - "ingestionTime": 1760899315726, - "eventId": "39269364714007593445519876849290783883655349661687152640" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899221000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899221 1760899301 - NODATA", - "ingestionTime": 1760899327482, - "eventId": "39269364847812064636703615712717370070625663115083776000" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899229000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899229 1760899308 - NODATA", - "ingestionTime": 1760899331997, - "eventId": "39269365026218026224948600850461253750180961257934094336" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899246000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899246 1760899320 - NODATA", - "ingestionTime": 1760899337920, - "eventId": "39269365405330694599969194263728842467517601889384857600" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899248000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899248 1760899316 - NODATA", - "ingestionTime": 1760899340670, - "eventId": "39269365449932184997030440550125147054714641578971234304" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899248000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899248 1760899326 - NODATA", - "ingestionTime": 1760899350749, - "eventId": "39269365449932184997030440562310038574271999808824475648" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899248000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899248 1760899334 - NODATA", - "ingestionTime": 1760899362257, - "eventId": "39269365449932184997030440576222135510589021884186427392" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899250000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899250 1760899322 - NODATA", - "ingestionTime": 1760899338788, - "eventId": "39269365494533675394091686830921152320352927561249128448" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899270000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899270 1760899347 - NODATA", - "ingestionTime": 1760899368708, - "eventId": "39269365940548579364704149697806783144105333794766585856" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899275000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899275 1760899355 - NODATA", - "ingestionTime": 1760899377918, - "eventId": "39269366052052305357357265416619650568836686043098578944" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899282000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899282 1760899359 - NODATA", - "ingestionTime": 1760899382772, - "eventId": "39269366208157521747071627413237592563353248892668477440" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899289000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899289 1760899368 - NODATA", - "ingestionTime": 1760899393097, - "eventId": "39269366364262738136785989416469683496947752941870645248" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899306000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899306 1760899383 - NODATA", - "ingestionTime": 1760899410529, - "eventId": "39269366743375406511806582843650936186411307196496478208" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899307000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899307 1760899377 - NODATA", - "ingestionTime": 1760899397968, - "eventId": "39269366765676151710337205970001456823899431732343996416" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899307000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899307 1760899380 - NODATA", - "ingestionTime": 1760899400607, - "eventId": "39269366765676151710337205973191896492119022919563018240" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899309000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899309 1760899396 - NODATA", - "ingestionTime": 1760899423126, - "eventId": "39269366810277642107398452283487031653564659198874484736" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899316000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899316 1760899382 - NODATA", - "ingestionTime": 1760899399106, - "eventId": "39269366966382858497112814245198916281112315683434004480" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899331000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899331 1760899406 - NODATA", - "ingestionTime": 1760899430913, - "eventId": "39269367300894036475072161406686974765064859028356005888" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899335000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899335 1760899415 - NODATA", - "ingestionTime": 1760899437272, - "eventId": "39269367390097017269194653980516978150189752716098142208" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899339000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899339 1760899418 - NODATA", - "ingestionTime": 1760899447124, - "eventId": "39269367479299998063317146558570512292617288860634185728" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899351000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899351 1760899427 - NODATA", - "ingestionTime": 1760899454220, - "eventId": "39269367746908940445684624265577228552990440521160261632" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899366000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899366 1760899439 - NODATA", - "ingestionTime": 1760899459961, - "eventId": "39269368081420118423643971395553591908768001739518377984" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899369000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899369 1760899440 - NODATA", - "ingestionTime": 1760899457693, - "eventId": "39269368148322354019235840817419132639093943126178463744" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899369000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899369 1760899444 - NODATA", - "ingestionTime": 1760899469981, - "eventId": "39269368148322354019235840832274191397035876158754783232" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899369000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899369 1760899454 - NODATA", - "ingestionTime": 1760899484008, - "eventId": "39269368148322354019235840849232080110616189955149922304" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899374000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899374 1760899441 - NODATA", - "ingestionTime": 1760899460296, - "eventId": "39269368259826080011888956528244589978217412339484983296" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899392000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899392 1760899467 - NODATA", - "ingestionTime": 1760899489716, - "eventId": "39269368661239493585440173111454201356029973516445417472" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899395000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899395 1760899475 - NODATA", - "ingestionTime": 1760899496760, - "eventId": "39269368728141729181032042544576516340573757947585167360" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899402000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899402 1760899481 - NODATA", - "ingestionTime": 1760899503957, - "eventId": "39269368884246945570746404544027514969411264622420295680" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899413000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899413 1760899488 - NODATA", - "ingestionTime": 1760899511503, - "eventId": "39269369129555142754583259110043103669214552903807205376" - } - ], - "eni-0affc8cb976d281e4-all": [ - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899035000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899035 1760899116 - NODATA", - "ingestionTime": 1760899138840, - "eventId": "39269360699873457710007711159019469104701397634533228544" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899046000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899046 1760899125 - NODATA", - "ingestionTime": 1760899146967, - "eventId": "39269360945181654893844565725737606527934368011554914304" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899060000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899060 1760899132 - NODATA", - "ingestionTime": 1760899190646, - "eventId": "39269361257392087673273289760042133263107400332285378560" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899066000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899066 1760899146 - NODATA", - "ingestionTime": 1760899167560, - "eventId": "39269361391196558864457028581347041359969927984593829888" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899074000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899074 1760899154 - NODATA", - "ingestionTime": 1760899179105, - "eventId": "39269361569602520452702013727590210801973350606697005056" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899087000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899087 1760899164 - NODATA", - "ingestionTime": 1760899192244, - "eventId": "39269361859512208033600114583438176555824605694748459008" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899094000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899094 1760899177 - NODATA", - "ingestionTime": 1760899198599, - "eventId": "39269362015617424423314476581871073057489942101635956736" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899096000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899096 1760899173 - NODATA", - "ingestionTime": 1760899189115, - "eventId": "39269362060218914820375722853477185278320939846186958848" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899109000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899109 1760899185 - NODATA", - "ingestionTime": 1760899210726, - "eventId": "39269362350128602401273823719567361138346684332021776384" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899122000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899122 1760899194 - NODATA", - "ingestionTime": 1760899250823, - "eventId": "39269362640038289982171924608006329965051610956954140672" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899124000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899124 1760899206 - NODATA", - "ingestionTime": 1760899227914, - "eventId": "39269362684639780379233170863382549457541174480434364416" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899126000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899126 1760899200 - NODATA", - "ingestionTime": 1760899219338, - "eventId": "39269362729241270776294417136085999322452702428389244928" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899144000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899144 1760899226 - NODATA", - "ingestionTime": 1760899247368, - "eventId": "39269363130654684349845633717615132665541153038186250240" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899153000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899153 1760899235 - NODATA", - "ingestionTime": 1760899261725, - "eventId": "39269363331361391136621242008792839945762262059483660288" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899167000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899167 1760899245 - NODATA", - "ingestionTime": 1760899268996, - "eventId": "39269363643571823916049965999083152685223837249222017024" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899182000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899182 1760899254 - NODATA", - "ingestionTime": 1760899310544, - "eventId": "39269363978083001894009313172347560528882751266101002240" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899184000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899184 1760899260 - NODATA", - "ingestionTime": 1760899281322, - "eventId": "39269364022684492291070559420091896183115699813441011712" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899186000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899186 1760899266 - NODATA", - "ingestionTime": 1760899287931, - "eventId": "39269364067285982688131805711152844471674574293835710464" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899194000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899194 1760899275 - NODATA", - "ingestionTime": 1760899299457, - "eventId": "39269364245691944276376790857372500237716647776452476928" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899204000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899204 1760899285 - NODATA", - "ingestionTime": 1760899309818, - "eventId": "39269364468699396261683022285255354161015274794248699904" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899213000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899213 1760899295 - NODATA", - "ingestionTime": 1760899320882, - "eventId": "39269364669406103048458630572452503370674395929094586368" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899215000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899215 1760899293 - NODATA", - "ingestionTime": 1760899311810, - "eventId": "39269364714007593445519876844556444173706942228705116160" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899229000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899229 1760899309 - NODATA", - "ingestionTime": 1760899328555, - "eventId": "39269365026218026224948600846300242377921950412429459456" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899241000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899241 1760899325 - NODATA", - "ingestionTime": 1760899348957, - "eventId": "39269365293826968607316078569393086186336604020860649472" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899241000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899241 1760899314 - NODATA", - "ingestionTime": 1760899372605, - "eventId": "39269365293826968607316078597982298375350150780347219968" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899245000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899245 1760899321 - NODATA", - "ingestionTime": 1760899340200, - "eventId": "39269365383029949401438571124949559171644792505665978368" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899251000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899251 1760899335 - NODATA", - "ingestionTime": 1760899359866, - "eventId": "39269365516834420592622309997938463861202851147023974400" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899266000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899266 1760899345 - NODATA", - "ingestionTime": 1760899367752, - "eventId": "39269365851345598570581657130508151919096926587179171840" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899272000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899272 1760899359 - NODATA", - "ingestionTime": 1760899383256, - "eventId": "39269365985150069761765395998465481644863673480582332416" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899276000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899276 1760899352 - NODATA", - "ingestionTime": 1760899370378, - "eventId": "39269366074353050555887888549039652693215533761524727808" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899288000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899288 1760899366 - NODATA", - "ingestionTime": 1760899388583, - "eventId": "39269366341961992938255366269476998944118616763606564864" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899303000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899303 1760899381 - NODATA", - "ingestionTime": 1760899400318, - "eventId": "39269366676473170916214713406699804785352071340302925824" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899303000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899303 1760899375 - NODATA", - "ingestionTime": 1760899429510, - "eventId": "39269366676473170916214713441990338386303280666812350464" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899307000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899307 1760899384 - NODATA", - "ingestionTime": 1760899411298, - "eventId": "39269366765676151710337205986116559650590329171965837312" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899312000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899312 1760899394 - NODATA", - "ingestionTime": 1760899422796, - "eventId": "39269366877179877702990321707695130867012944863901057024" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899322000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899322 1760899403 - NODATA", - "ingestionTime": 1760899428577, - "eventId": "39269367100187329688296553130041479120048520123150827520" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899334000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899334 1760899412 - NODATA", - "ingestionTime": 1760899432439, - "eventId": "39269367367796272070664030833138720654446275223893245952" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899334000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899334 1760899414 - NODATA", - "ingestionTime": 1760899439881, - "eventId": "39269367367796272070664030842135296708003520290717499392" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899347000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899347 1760899424 - NODATA", - "ingestionTime": 1760899451070, - "eventId": "39269367657705959651562131695626595798239555883438637056" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899361000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899361 1760899435 - NODATA", - "ingestionTime": 1760899490451, - "eventId": "39269367969916392430990855724735341148002908163555328000" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899364000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899364 1760899441 - NODATA", - "ingestionTime": 1760899459187, - "eventId": "39269368036818628026582725111546443776056460041485942784" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899366000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899366 1760899447 - NODATA", - "ingestionTime": 1760899471147, - "eventId": "39269368081420118423643971409076505618835547023528493056" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899370000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899370 1760899452 - NODATA", - "ingestionTime": 1760899479024, - "eventId": "39269368170623099217766463984742283714993043411306807296" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899382000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899382 1760899467 - NODATA", - "ingestionTime": 1760899488669, - "eventId": "39269368438232041600133941694831139681884182062797881344" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899394000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899394 1760899475 - NODATA", - "ingestionTime": 1760899502220, - "eventId": "39269368705840983982501419409641737709798658672228827136" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899398000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899398 1760899473 - NODATA", - "ingestionTime": 1760899489665, - "eventId": "39269368795043964776623911960606453012996625068128206848" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899409000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899409 1760899486 - NODATA", - "ingestionTime": 1760899512065, - "eventId": "39269369040352161960460766544579612106892416237728497664" - } - ], - "eni-0cc527ecbe7a26eaf-all": [ - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899035000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899035 1760899117 - NODATA", - "ingestionTime": 1760899142936, - "eventId": "39269360699873457710007711163971510559320265101743685632" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899036000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899036 1760899114 - NODATA", - "ingestionTime": 1760899134414, - "eventId": "39269360722174202908538334295204820463313948714318168064" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899050000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899050 1760899129 - NODATA", - "ingestionTime": 1760899152727, - "eventId": "39269361034384635687967058298843497727773204937133850624" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899063000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899063 1760899133 - NODATA", - "ingestionTime": 1760899185523, - "eventId": "39269361324294323268865159178455904111196628287686770688" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899065000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899065 1760899140 - NODATA", - "ingestionTime": 1760899158843, - "eventId": "39269361368895813665926405429273417399856208608128204800" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899066000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899066 1760899145 - NODATA", - "ingestionTime": 1760899168245, - "eventId": "39269361391196558864457028582175509246823037858524626944" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899072000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899072 1760899154 - NODATA", - "ingestionTime": 1760899181163, - "eventId": "39269361525001030055640767447006181139772869756776218624" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899090000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899090 1760899170 - NODATA", - "ingestionTime": 1760899193900, - "eventId": "39269361926414443629191984010047495961379235145155215360" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899092000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899092 1760899177 - NODATA", - "ingestionTime": 1760899202749, - "eventId": "39269361971015934026253230303816785979875019549754589184" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899110000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899110 1760899188 - NODATA", - "ingestionTime": 1760899210860, - "eventId": "39269362372429347599804446861265377207808753828176592896" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899125000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899125 1760899204 - NODATA", - "ingestionTime": 1760899230989, - "eventId": "39269362706940525577763794008635558579997690313193750528" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899126000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899126 1760899200 - NODATA", - "ingestionTime": 1760899219830, - "eventId": "39269362729241270776294417136680824586241537371595341824" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899127000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899127 1760899212 - NODATA", - "ingestionTime": 1760899242326, - "eventId": "39269362751542015974825040305412561063885034823646773248" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899146000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899146 1760899226 - NODATA", - "ingestionTime": 1760899246152, - "eventId": "39269363175256174746906879999216657007477593368650383360" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899152000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899152 1760899231 - NODATA", - "ingestionTime": 1760899253019, - "eventId": "39269363309060645938090618856732243219578704771989635072" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899156000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899156 1760899237 - NODATA", - "ingestionTime": 1760899263736, - "eventId": "39269363398263626732213111435831655263089646910124851200" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899170000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899170 1760899247 - NODATA", - "ingestionTime": 1760899271074, - "eventId": "39269363710474059511641835426202440992731308715443683328" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899184000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899184 1760899260 - NODATA", - "ingestionTime": 1760899279688, - "eventId": "39269364022684492291070559418116119557759800710406471680" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899186000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899186 1760899257 - NODATA", - "ingestionTime": 1760899306262, - "eventId": "39269364067285982688131805733313731667256371536065331200" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899188000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899188 1760899266 - NODATA", - "ingestionTime": 1760899288672, - "eventId": "39269364111887473085193051995119913844343400534901653504" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899194000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899194 1760899275 - NODATA", - "ingestionTime": 1760899299252, - "eventId": "39269364245691944276376790857125149363662073314597076992" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899204000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899204 1760899285 - NODATA", - "ingestionTime": 1760899309280, - "eventId": "39269364468699396261683022284605296878582061744064102400" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899214000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899214 1760899291 - NODATA", - "ingestionTime": 1760899314311, - "eventId": "39269364691706848246989253706044751639540719357729177600" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899215000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899215 1760899296 - NODATA", - "ingestionTime": 1760899324087, - "eventId": "39269364714007593445519876859398939631364402504914436096" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899232 1760899310 - NODATA", - "ingestionTime": 1760899334354, - "eventId": "39269365093120261820540470277918148826862523982991851520" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899245000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899245 1760899320 - NODATA", - "ingestionTime": 1760899341889, - "eventId": "39269365383029949401438571126991283198097922654519689216" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899245000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899245 1760899325 - NODATA", - "ingestionTime": 1760899348539, - "eventId": "39269365383029949401438571135031132663793566278058115072" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899246000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899246 1760899316 - NODATA", - "ingestionTime": 1760899366160, - "eventId": "39269365405330694599969194297869179122661927007680724992" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899253000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899253 1760899335 - NODATA", - "ingestionTime": 1760899360237, - "eventId": "39269365561435910989683556281458718788128809122697052160" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899263000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899263 1760899343 - NODATA", - "ingestionTime": 1760899367744, - "eventId": "39269365784443362974989787705891158615048326713479266304" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899275000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899275 1760899352 - NODATA", - "ingestionTime": 1760899372061, - "eventId": "39269366052052305357357265409538549045672232196748017664" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899275000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899275 1760899358 - NODATA", - "ingestionTime": 1760899383656, - "eventId": "39269366052052305357357265423556517543661022486787260416" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899290000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899290 1760899367 - NODATA", - "ingestionTime": 1760899391461, - "eventId": "39269366386563483335316612556027451863182680765922607104" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899303000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899303 1760899381 - NODATA", - "ingestionTime": 1760899403625, - "eventId": "39269366676473170916214713410697222888582558342587351040" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899307000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899307 1760899384 - NODATA", - "ingestionTime": 1760899411002, - "eventId": "39269366765676151710337205985758614282112731246506541056" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899314000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899314 1760899394 - NODATA", - "ingestionTime": 1760899419972, - "eventId": "39269366921781368100051567987352686539192809824210518016" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899324000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899324 1760899404 - NODATA", - "ingestionTime": 1760899426887, - "eventId": "39269367144788820085357799411069452063340406770065408000" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899334000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899334 1760899412 - NODATA", - "ingestionTime": 1760899434439, - "eventId": "39269367367796272070664030835556822797651854308072357888" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899334000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899334 1760899417 - NODATA", - "ingestionTime": 1760899446456, - "eventId": "39269367367796272070664030850084056944309412406590767104" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899351000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899351 1760899427 - NODATA", - "ingestionTime": 1760899451312, - "eventId": "39269367746908940445684624262062177639914816024458821632" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899364000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899364 1760899441 - NODATA", - "ingestionTime": 1760899459035, - "eventId": "39269368036818628026582725111362754830102764013299433472" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899364000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899364 1760899446 - NODATA", - "ingestionTime": 1760899470289, - "eventId": "39269368036818628026582725124967908315929005802571956224" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899368000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899368 1760899437 - NODATA", - "ingestionTime": 1760899486041, - "eventId": "39269368126021608820705217710153819616007802450744442880" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899370000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899370 1760899452 - NODATA", - "ingestionTime": 1760899480164, - "eventId": "39269368170623099217766463986120228458155453978742292480" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899383000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899383 1760899466 - NODATA", - "ingestionTime": 1760899488206, - "eventId": "39269368460532786798664564835806916203379451258122797056" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899393000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899393 1760899476 - NODATA", - "ingestionTime": 1760899506645, - "eventId": "39269368683540238783970796273455606208662299519439011840" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899397000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899397 1760899475 - NODATA", - "ingestionTime": 1760899493621, - "eventId": "39269368772743219578093288823853465559792739857376215040" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899410000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899410 1760899488 - NODATA", - "ingestionTime": 1760899512938, - "eventId": "39269369062652907158991389687170444069467983195855192064" - } - ], - "eni-00e49c1a350a96c62-all": [ - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899037000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899037 1760899114 - NODATA", - "ingestionTime": 1760899138767, - "eventId": "39269360744474948107068957442002873060395970223357362176" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899049000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899049 1760899123 - NODATA", - "ingestionTime": 1760899145913, - "eventId": "39269361012083890489436435149070146485244488969436200960" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899057000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899057 1760899130 - NODATA", - "ingestionTime": 1760899154890, - "eventId": "39269361190489852077681420292208780129801594305213628416" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899063000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899063 1760899143 - NODATA", - "ingestionTime": 1760899165282, - "eventId": "39269361324294323268865159153986206642563145982672568320" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899068000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899068 1760899140 - NODATA", - "ingestionTime": 1760899155203, - "eventId": "39269361435798049261518274849479695499931155809958887424" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899069000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899069 1760899149 - NODATA", - "ingestionTime": 1760899172925, - "eventId": "39269361458098794460048898012440441311275205415884881920" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899074000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899074 1760899158 - NODATA", - "ingestionTime": 1760899188149, - "eventId": "39269361569602520452702013738523382166437444405447360512" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899094000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899094 1760899173 - NODATA", - "ingestionTime": 1760899193854, - "eventId": "39269362015617424423314476576134577772443043769486868480" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899098000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899098 1760899175 - NODATA", - "ingestionTime": 1760899198765, - "eventId": "39269362104820405217436969148214454073853692019531972608" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899106000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899106 1760899183 - NODATA", - "ingestionTime": 1760899205855, - "eventId": "39269362283226366805681954289071863715341114358247981056" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899116000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899116 1760899190 - NODATA", - "ingestionTime": 1760899218900, - "eventId": "39269362506233818790988185720199514343819175426755985408" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899124000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899124 1760899200 - NODATA", - "ingestionTime": 1760899223152, - "eventId": "39269362684639780379233170857625462746990168067807838208" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899129000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899129 1760899207 - NODATA", - "ingestionTime": 1760899233704, - "eventId": "39269362796143506371886286578060267268971733818706690048" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899130000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899130 1760899200 - NODATA", - "ingestionTime": 1760899216597, - "eventId": "39269362818444251570416909698915159185654638900559478784" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899132000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899132 1760899217 - NODATA", - "ingestionTime": 1760899249116, - "eventId": "39269362863045741967478156021299470001702103957709324288" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899157000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899157 1760899233 - NODATA", - "ingestionTime": 1760899250348, - "eventId": "39269363420564371930743734561181793392594438106193985536" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899158000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899158 1760899235 - NODATA", - "ingestionTime": 1760899257916, - "eventId": "39269363442865117129274357711867073227048333308284895232" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899167000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899167 1760899242 - NODATA", - "ingestionTime": 1760899266443, - "eventId": "39269363643571823916049965995997165200773008274068602880" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899176000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899176 1760899252 - NODATA", - "ingestionTime": 1760899278154, - "eventId": "39269363844278530702825574283975957584885667444695433216" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899183000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899183 1760899261 - NODATA", - "ingestionTime": 1760899283120, - "eventId": "39269364000383747092539936280729434656590907773135814656" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899187000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899187 1760899267 - NODATA", - "ingestionTime": 1760899294600, - "eventId": "39269364089586727886662428860750732039464946026079584256" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899190000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899190 1760899260 - NODATA", - "ingestionTime": 1760899275302, - "eventId": "39269364156488963482254298262028409321693380740057726976" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899193000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899193 1760899277 - NODATA", - "ingestionTime": 1760899306056, - "eventId": "39269364223391199077846167723814463848546217742214758400" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899213000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899213 1760899292 - NODATA", - "ingestionTime": 1760899313242, - "eventId": "39269364669406103048458630563216446915861083943820525568" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899217000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899217 1760899294 - NODATA", - "ingestionTime": 1760899321674, - "eventId": "39269364758609083842581123139552769844370962991551938560" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899228000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899228 1760899304 - NODATA", - "ingestionTime": 1760899325244, - "eventId": "39269365003917281026417977700761979083052749898730242048" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899234000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899234 1760899313 - NODATA", - "ingestionTime": 1760899337001, - "eventId": "39269365137721752217601716564189390859907730233102761984" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899243000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899243 1760899323 - NODATA", - "ingestionTime": 1760899342968, - "eventId": "39269365338428459004377324845224710968490708577878147072" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899247000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899247 1760899320 - NODATA", - "ingestionTime": 1760899337957, - "eventId": "39269365427631439798499817405309310435025331773548134400" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899250000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899250 1760899327 - NODATA", - "ingestionTime": 1760899354215, - "eventId": "39269365494533675394091686849571300684571434120473935872" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899256000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899256 1760899339 - NODATA", - "ingestionTime": 1760899366733, - "eventId": "39269365628338146585275425713918766977677100855991992320" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899274000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899274 1760899355 - NODATA", - "ingestionTime": 1760899383193, - "eventId": "39269366029751560158826642281460692452759301299789365248" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899275000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899275 1760899350 - NODATA", - "ingestionTime": 1760899372605, - "eventId": "39269366052052305357357265410196231221786162162004131840" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899289000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899289 1760899364 - NODATA", - "ingestionTime": 1760899386545, - "eventId": "39269366364262738136785989408548697493435601619971342336" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899296000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899296 1760899369 - NODATA", - "ingestionTime": 1760899397522, - "eventId": "39269366520367954526500351412569071531243907951461466112" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899303000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899303 1760899381 - NODATA", - "ingestionTime": 1760899403322, - "eventId": "39269366676473170916214713410331080053193532204739461120" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899310000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899310 1760899380 - NODATA", - "ingestionTime": 1760899396685, - "eventId": "39269366832578387305929075393057588744809773639408222208" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899310000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899310 1760899391 - NODATA", - "ingestionTime": 1760899414626, - "eventId": "39269366832578387305929075414746681071818916868380557312" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899312000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899312 1760899397 - NODATA", - "ingestionTime": 1760899426265, - "eventId": "39269366877179877702990321711888984629719983476018970624" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899334000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899334 1760899415 - NODATA", - "ingestionTime": 1760899439060, - "eventId": "39269367367796272070664030841142937958575332058401079296" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899335000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899335 1760899411 - NODATA", - "ingestionTime": 1760899430946, - "eventId": "39269367390097017269194653972869353730141055293073653760" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899348000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899348 1760899422 - NODATA", - "ingestionTime": 1760899445836, - "eventId": "39269367680006704850092754830834442177159248388842323968" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899358000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899358 1760899431 - NODATA", - "ingestionTime": 1760899455982, - "eventId": "39269367903014156835398986258457400930997965156061413376" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899363000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899363 1760899448 - NODATA", - "ingestionTime": 1760899475444, - "eventId": "39269368014517882828052101989664297898907338176166625280" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899364000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899364 1760899440 - NODATA", - "ingestionTime": 1760899465105, - "eventId": "39269368036818628026582725118701199232259355164586803200" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899371000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899371 1760899440 - NODATA", - "ingestionTime": 1760899457014, - "eventId": "39269368192923844416297087099669576687152167684464902144" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899377000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899377 1760899459 - NODATA", - "ingestionTime": 1760899490171, - "eventId": "39269368326728315607480825988968463538789249157613486080" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899393000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899393 1760899469 - NODATA", - "ingestionTime": 1760899490033, - "eventId": "39269368683540238783970796253372651980199477280652132352" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899393000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899393 1760899475 - NODATA", - "ingestionTime": 1760899500599, - "eventId": "39269368683540238783970796266146224296626452138420731904" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899409000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899409 1760899484 - NODATA", - "ingestionTime": 1760899505136, - "eventId": "39269369040352161960460766536202630897021212831417696256" - } - ], - "eni-0fa50413d12043097-all": [ - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899040000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899040 1760899115 - NODATA", - "ingestionTime": 1760899140262, - "eventId": "39269360811377183702660826868416985984503058815102287872" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899042000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899042 1760899121 - NODATA", - "ingestionTime": 1760899143376, - "eventId": "39269360855978674099722073155253169520247183234716467200" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899052000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899052 1760899128 - NODATA", - "ingestionTime": 1760899152591, - "eventId": "39269361078986126085028304581750881363540677418497605632" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899064000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899064 1760899140 - NODATA", - "ingestionTime": 1760899162154, - "eventId": "39269361346595068467395782291739961430735159900244934656" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899066000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899066 1760899144 - NODATA", - "ingestionTime": 1760899169498, - "eventId": "39269361391196558864457028583690118502832229354569924608" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899073000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899073 1760899154 - NODATA", - "ingestionTime": 1760899179003, - "eventId": "39269361547301775254171390585930848990670403554094546944" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899092000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899092 1760899171 - NODATA", - "ingestionTime": 1760899190986, - "eventId": "39269361971015934026253230289595803506801529278806687744" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899098000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899098 1760899181 - NODATA", - "ingestionTime": 1760899207867, - "eventId": "39269362104820405217436969159218344953622183587375808512" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899112000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899112 1760899188 - NODATA", - "ingestionTime": 1760899214794, - "eventId": "39269362417030837996865693149092557063885044642170601472" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899126000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899126 1760899200 - NODATA", - "ingestionTime": 1760899218363, - "eventId": "39269362729241270776294417134907160818739660973908819968" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899127000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899127 1760899204 - NODATA", - "ingestionTime": 1760899228143, - "eventId": "39269362751542015974825040288266516288111335930212450304" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899130000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899130 1760899196 - NODATA", - "ingestionTime": 1760899236269, - "eventId": "39269362818444251570416909722696919918440077319402749952" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899136000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899136 1760899216 - NODATA", - "ingestionTime": 1760899235291, - "eventId": "39269362952248722761600648570728909971269331639508271104" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899138000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899138 1760899219 - NODATA", - "ingestionTime": 1760899250086, - "eventId": "39269362996850213158661894871686954858411832487192231936" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899153000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899153 1760899230 - NODATA", - "ingestionTime": 1760899254654, - "eventId": "39269363331361391136621242000244768455551793757717463040" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899161000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899161 1760899237 - NODATA", - "ingestionTime": 1760899257334, - "eventId": "39269363509767352724866227135770221742737076997653921792" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899164000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899164 1760899241 - NODATA", - "ingestionTime": 1760899265939, - "eventId": "39269363576669588320458096570780569355098770852205232128" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899174000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899174 1760899249 - NODATA", - "ingestionTime": 1760899273397, - "eventId": "39269363799677040305764327995154046397828555294498422784" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899184000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899184 1760899260 - NODATA", - "ingestionTime": 1760899281771, - "eventId": "39269364022684492291070559420634279420924730337580023808" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899187000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899187 1760899265 - NODATA", - "ingestionTime": 1760899288795, - "eventId": "39269364089586727886662428853733110355927812841166798848" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899196000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899196 1760899273 - NODATA", - "ingestionTime": 1760899296003, - "eventId": "39269364290293434673438037136268631779257380741103878144" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899198000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899198 1760899278 - NODATA", - "ingestionTime": 1760899306553, - "eventId": "39269364334894925070499283432094430904808367107227451392" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899213000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899213 1760899289 - NODATA", - "ingestionTime": 1760899312120, - "eventId": "39269364669406103048458630561859774536441580822616932352" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899219000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899219 1760899295 - NODATA", - "ingestionTime": 1760899317268, - "eventId": "39269364803210574239642369417297713069416572112904192000" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899219000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899219 1760899301 - NODATA", - "ingestionTime": 1760899322768, - "eventId": "39269364803210574239642369423946845989658433766276726784" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899234000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899234 1760899311 - NODATA", - "ingestionTime": 1760899332678, - "eventId": "39269365137721752217601716558963471053914458804630847488" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899245000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899245 1760899320 - NODATA", - "ingestionTime": 1760899339367, - "eventId": "39269365383029949401438571123942486092557966856190361600" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899247000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899247 1760899324 - NODATA", - "ingestionTime": 1760899348309, - "eventId": "39269365427631439798499817417824354360108782591454478336" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899253000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899253 1760899332 - NODATA", - "ingestionTime": 1760899355678, - "eventId": "39269365561435910989683556275947266384107891177478815744" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899261000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899261 1760899342 - NODATA", - "ingestionTime": 1760899366693, - "eventId": "39269365739841872577928541421549487378245342185086910464" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899273000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899273 1760899350 - NODATA", - "ingestionTime": 1760899372128, - "eventId": "39269366007450814960296019126548532389304577255380680704" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899281000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899281 1760899356 - NODATA", - "ingestionTime": 1760899377874, - "eventId": "39269366185856776548541004265780822088761543221054603264" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899284000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899284 1760899364 - NODATA", - "ingestionTime": 1760899385324, - "eventId": "39269366252759012144132873699394307557598695465524264960" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899292000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899292 1760899368 - NODATA", - "ingestionTime": 1760899394142, - "eventId": "39269366431164973732377858842340359302581975791635333120" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899303000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899303 1760899380 - NODATA", - "ingestionTime": 1760899400005, - "eventId": "39269366676473170916214713406321216800965289140896202752" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899307000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899307 1760899383 - NODATA", - "ingestionTime": 1760899409949, - "eventId": "39269366765676151710337205984485811763750024473813581824" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899313000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899313 1760899378 - NODATA", - "ingestionTime": 1760899414160, - "eventId": "39269366899480622901520944838790532611734763965527949312" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899314000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899314 1760899394 - NODATA", - "ingestionTime": 1760899419381, - "eventId": "39269366921781368100051567986638388512800638442458775552" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899317000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899317 1760899401 - NODATA", - "ingestionTime": 1760899428481, - "eventId": "39269366988683603695643437422246304878471566233588793344" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899334000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899334 1760899410 - NODATA", - "ingestionTime": 1760899430659, - "eventId": "39269367367796272070664030830986961116563222632212791296" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899340000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899340 1760899416 - NODATA", - "ingestionTime": 1760899436518, - "eventId": "39269367501600743261847769687284398395473853959957053440" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899345000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899345 1760899422 - NODATA", - "ingestionTime": 1760899447444, - "eventId": "39269367613104469254500885408171291853138687591527874560" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899354000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899354 1760899429 - NODATA", - "ingestionTime": 1760899453567, - "eventId": "39269367813811176041276493689395293155195266907628961792" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899364000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899364 1760899441 - NODATA", - "ingestionTime": 1760899458468, - "eventId": "39269368036818628026582725110677664820832133703468122112" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899370000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899370 1760899445 - NODATA", - "ingestionTime": 1760899471928, - "eventId": "39269368170623099217766463976163577497656700642295021568" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899375000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899375 1760899454 - NODATA", - "ingestionTime": 1760899475464, - "eventId": "39269368282126825210419579688117181201629642247446134784" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899377000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899377 1760899460 - NODATA", - "ingestionTime": 1760899486979, - "eventId": "39269368326728315607480825985109618256405191504821223424" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899391000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899391 1760899470 - NODATA", - "ingestionTime": 1760899491571, - "eventId": "39269368638938748386909549972160630771095970562797076480" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899398000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899398 1760899476 - NODATA", - "ingestionTime": 1760899496786, - "eventId": "39269368795043964776623911969215202050450603886724448256" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899398000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899398 1760899480 - NODATA", - "ingestionTime": 1760899504483, - "eventId": "39269368795043964776623911978520527272550776449095237632" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899410000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899410 1760899487 - NODATA", - "ingestionTime": 1760899514868, - "eventId": "39269369062652907158991389689503736367846913633824866304" - } - ], - "eni-0ab252a7dc8378f9e-all": [ - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899043000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899043 1760899121 - NODATA", - "ingestionTime": 1760899144743, - "eventId": "39269360878279419298252696298441346294757840151857463296" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899055000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899055 1760899132 - NODATA", - "ingestionTime": 1760899168235, - "eventId": "39269361145888361680620174025270253239837550314553278464" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899063000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899063 1760899140 - NODATA", - "ingestionTime": 1760899163640, - "eventId": "39269361324294323268865159152001029709603810370906947584" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899063000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899063 1760899143 - NODATA", - "ingestionTime": 1760899168077, - "eventId": "39269361324294323268865159157365264056044858698275160064" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899074000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899074 1760899156 - NODATA", - "ingestionTime": 1760899176432, - "eventId": "39269361569602520452702013724358474785221923001425002496" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899083000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899083 1760899165 - NODATA", - "ingestionTime": 1760899187057, - "eventId": "39269361770309227239477622011024815587615914795180752896" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899087000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899087 1760899153 - NODATA", - "ingestionTime": 1760899167556, - "eventId": "39269361859512208033600114553592653372149707506846400512" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899092000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899092 1760899170 - NODATA", - "ingestionTime": 1760899192280, - "eventId": "39269361971015934026253230291160278927375725344553107456" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899099000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899099 1760899177 - NODATA", - "ingestionTime": 1760899198187, - "eventId": "39269362127121150415967592289051716776414009852387983360" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899103000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899103 1760899183 - NODATA", - "ingestionTime": 1760899206246, - "eventId": "39269362216324131210090084864937018834584512701592240128" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899116000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899116 1760899191 - NODATA", - "ingestionTime": 1760899232074, - "eventId": "39269362506233818790988185736125476421465966948702420992" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899126000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899126 1760899200 - NODATA", - "ingestionTime": 1760899219781, - "eventId": "39269362729241270776294417136621410518674911340285657088" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899127000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899127 1760899204 - NODATA", - "ingestionTime": 1760899228166, - "eventId": "39269362751542015974825040288294114353006436868741267456" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899135000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899135 1760899216 - NODATA", - "ingestionTime": 1760899236537, - "eventId": "39269362929947977563070025430699906144758538369638989824" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899143000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899143 1760899223 - NODATA", - "ingestionTime": 1760899246487, - "eventId": "39269363108353939151315010575014091586148403225718226944" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899152000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899152 1760899218 - NODATA", - "ingestionTime": 1760899228230, - "eventId": "39269363309060645938090618826764277432324953379863986176" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899154000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899154 1760899230 - NODATA", - "ingestionTime": 1760899251910, - "eventId": "39269363353662136335151865138463170581794388689786109952" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899159000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899159 1760899237 - NODATA", - "ingestionTime": 1760899258836, - "eventId": "39269363465165862327804980854514963320757161567338037248" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899164000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899164 1760899243 - NODATA", - "ingestionTime": 1760899267297, - "eventId": "39269363576669588320458096572421907225632428613003575296" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899175000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899175 1760899249 - NODATA", - "ingestionTime": 1760899289057, - "eventId": "39269363821977785504294951155621307693113204263044317184" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899182000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899182 1760899260 - NODATA", - "ingestionTime": 1760899284104, - "eventId": "39269363978083001894009313140383662044320238584828002304" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899188000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899188 1760899264 - NODATA", - "ingestionTime": 1760899289384, - "eventId": "39269364111887473085193051995981173248009206015046909952" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899194000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899194 1760899273 - NODATA", - "ingestionTime": 1760899297876, - "eventId": "39269364245691944276376790855461696834132070243219472384" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899201000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899201 1760899281 - NODATA", - "ingestionTime": 1760899306426, - "eventId": "39269364401797160666091152856547997110764227965170089984" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899212000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899212 1760899290 - NODATA", - "ingestionTime": 1760899311990, - "eventId": "39269364647105357849928007420167105058361158249298591744" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899220000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899220 1760899296 - NODATA", - "ingestionTime": 1760899318981, - "eventId": "39269364825511319438172992560904692599124508662111862784" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899225000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899225 1760899305 - NODATA", - "ingestionTime": 1760899326405, - "eventId": "39269364937015045430826108277557866612080981738167205888" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899234000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899234 1760899311 - NODATA", - "ingestionTime": 1760899349607, - "eventId": "39269365137721752217601716579429045015788236565383872512" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899244000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899244 1760899320 - NODATA", - "ingestionTime": 1760899340539, - "eventId": "39269365360729204202907947983824034257365336815361916928" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899246000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899246 1760899324 - NODATA", - "ingestionTime": 1760899349659, - "eventId": "39269365405330694599969194277920420845905191734063595520" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899255000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899255 1760899333 - NODATA", - "ingestionTime": 1760899355340, - "eventId": "39269365606037401386744802558609859740341295972286267392" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899258000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899258 1760899342 - NODATA", - "ingestionTime": 1760899370852, - "eventId": "39269365672939636982336672001969956859553818871193468928" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899264000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899264 1760899332 - NODATA", - "ingestionTime": 1760899350205, - "eventId": "39269365806744108173520410826223332584796236243615940608" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899273000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899273 1760899351 - NODATA", - "ingestionTime": 1760899371460, - "eventId": "39269366007450814960296019125740775862889849020409970688" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899280000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899280 1760899356 - NODATA", - "ingestionTime": 1760899380041, - "eventId": "39269366163556031350010381126864519046676932443778842624" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899285000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899285 1760899363 - NODATA", - "ingestionTime": 1760899385191, - "eventId": "39269366275059757342663496840769274361216909335960289280" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899294000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899294 1760899369 - NODATA", - "ingestionTime": 1760899408748, - "eventId": "39269366475766464129439105143069271520703015093635448832" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899303000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899303 1760899380 - NODATA", - "ingestionTime": 1760899403298, - "eventId": "39269366676473170916214713410301864753488679959076405248" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899307000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899307 1760899385 - NODATA", - "ingestionTime": 1760899409389, - "eventId": "39269366765676151710337205983808376335481471422902829056" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899314000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899314 1760899393 - NODATA", - "ingestionTime": 1760899417527, - "eventId": "39269366921781368100051567984396803465274466565072355328" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899322000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899322 1760899404 - NODATA", - "ingestionTime": 1760899425908, - "eventId": "39269367100187329688296553126814732094305494235156250624" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899325000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899325 1760899394 - NODATA", - "ingestionTime": 1760899407513, - "eventId": "39269367167089565283888422529183595729306489697859207168" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899334000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899334 1760899411 - NODATA", - "ingestionTime": 1760899432182, - "eventId": "39269367367796272070664030832828069171568725790328619008" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899338000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899338 1760899417 - NODATA", - "ingestionTime": 1760899441926, - "eventId": "39269367456999252864786523410750437457893915410264948736" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899347000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899347 1760899423 - NODATA", - "ingestionTime": 1760899448300, - "eventId": "39269367657705959651562131692277680343019782573063667712" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899357000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899357 1760899431 - NODATA", - "ingestionTime": 1760899468795, - "eventId": "39269367880713411636868363132411672098214393367238672384" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899364000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899364 1760899441 - NODATA", - "ingestionTime": 1760899460562, - "eventId": "39269368036818628026582725113209034936779570569075097600" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899370000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899370 1760899445 - NODATA", - "ingestionTime": 1760899469949, - "eventId": "39269368170623099217766463973771603933568241784363286528" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899379000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899379 1760899454 - NODATA", - "ingestionTime": 1760899478804, - "eventId": "39269368371329806004542072258297942518344252529592041472" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899384000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899384 1760899454 - NODATA", - "ingestionTime": 1760899468911, - "eventId": "39269368482833531997195187954016642404155879694547550208" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899384000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899384 1760899466 - NODATA", - "ingestionTime": 1760899486220, - "eventId": "39269368482833531997195187974941804250215427335835811840" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899396000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899396 1760899472 - NODATA", - "ingestionTime": 1760899492248, - "eventId": "39269368750442474379562665680657565911081339579250507776" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899400000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899400 1760899478 - NODATA", - "ingestionTime": 1760899500150, - "eventId": "39269368839645455173685158256353497648806873134796832768" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899403000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899403 1760899482 - NODATA", - "ingestionTime": 1760899507126, - "eventId": "39269368906547690769277027689394005336431475869869670400" - } - ], - "eni-0d52b90c56c30aaaf-all": [ - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899047000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899047 1760899125 - NODATA", - "ingestionTime": 1760899147882, - "eventId": "39269360967482400092375188868379387488249224545389772800" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899060000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899060 1760899131 - NODATA", - "ingestionTime": 1760899156440, - "eventId": "39269361257392087673273289718689448193884824360186019840" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899064000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899064 1760899142 - NODATA", - "ingestionTime": 1760899162528, - "eventId": "39269361346595068467395782292192150158971810428482420736" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899069000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899069 1760899147 - NODATA", - "ingestionTime": 1760899172082, - "eventId": "39269361458098794460048898011420986728738606749298458624" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899075000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899075 1760899154 - NODATA", - "ingestionTime": 1760899179557, - "eventId": "39269361591903265651232636869672220334830881519077687296" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899085000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899085 1760899165 - NODATA", - "ingestionTime": 1760899188478, - "eventId": "39269361814910717636538868295814303201759959957510815744" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899095000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899095 1760899172 - NODATA", - "ingestionTime": 1760899194879, - "eventId": "39269362037918169621845099718909715757515917376757170176" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899107000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899107 1760899185 - NODATA", - "ingestionTime": 1760899206508, - "eventId": "39269362305527112004212577431396849746611502212074307584" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899121000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899121 1760899192 - NODATA", - "ingestionTime": 1760899214474, - "eventId": "39269362617737544783641301422527240192386104119123574784" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899123000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899123 1760899201 - NODATA", - "ingestionTime": 1760899222492, - "eventId": "39269362662339035180702547715291594383117768292878319616" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899130000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899130 1760899208 - NODATA", - "ingestionTime": 1760899233348, - "eventId": "39269362818444251570416909719166094403420838251948867584" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899134000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899134 1760899217 - NODATA", - "ingestionTime": 1760899237905, - "eventId": "39269362907647232364539402290818007128969998725776801792" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899148000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899148 1760899227 - NODATA", - "ingestionTime": 1760899249387, - "eventId": "39269363219857665143968126286198786333524041780303036416" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899158000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899158 1760899239 - NODATA", - "ingestionTime": 1760899261413, - "eventId": "39269363442865117129274357716094800437411500094429528064" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899160000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899160 1760899234 - NODATA", - "ingestionTime": 1760899253536, - "eventId": "39269363487466607526335603989642999868426518943790465024" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899169000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899169 1760899246 - NODATA", - "ingestionTime": 1760899268102, - "eventId": "39269363688173314313111212281074160052015497532470460416" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899180000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899180 1760899252 - NODATA", - "ingestionTime": 1760899274719, - "eventId": "39269363933481511496948066845966343222172770892652806144" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899180000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899180 1760899260 - NODATA", - "ingestionTime": 1760899282079, - "eventId": "39269363933481511496948066854863770950199002917434556416" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899182000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899182 1760899266 - NODATA", - "ingestionTime": 1760899293227, - "eventId": "39269363978083001894009313151412646716540168025258590208" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899190000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899190 1760899260 - NODATA", - "ingestionTime": 1760899274490, - "eventId": "39269364156488963482254298261046844228847478003796869120" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899197000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899197 1760899278 - NODATA", - "ingestionTime": 1760899300413, - "eventId": "39269364312594179871968660283135671277550524372656193536" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899206000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899206 1760899285 - NODATA", - "ingestionTime": 1760899307559, - "eventId": "39269364513300886658744268565595883298524412475948466176" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899217000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899217 1760899298 - NODATA", - "ingestionTime": 1760899321757, - "eventId": "39269364758609083842581123139653540981407932788203454464" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899218000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899218 1760899294 - NODATA", - "ingestionTime": 1760899314944, - "eventId": "39269364780909829041111746272952618045972927612869541888" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899228000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899228 1760899306 - NODATA", - "ingestionTime": 1760899328418, - "eventId": "39269365003917281026417977704598914236157516870803456000" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899237000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899237 1760899311 - NODATA", - "ingestionTime": 1760899335203, - "eventId": "39269365204623987813193585986622672787194287678300815360" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899244000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899244 1760899323 - NODATA", - "ingestionTime": 1760899343217, - "eventId": "39269365360729204202907947987061312010472019627786567680" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899251000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899251 1760899320 - NODATA", - "ingestionTime": 1760899334785, - "eventId": "39269365516834420592622309967617577569085590337844543488" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899251000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899251 1760899327 - NODATA", - "ingestionTime": 1760899352809, - "eventId": "39269365516834420592622309989407348570651703606137323520" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899258000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899258 1760899338 - NODATA", - "ingestionTime": 1760899361689, - "eventId": "39269365672939636982336671990892702359840102315135926272" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899268000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899268 1760899345 - NODATA", - "ingestionTime": 1760899370695, - "eventId": "39269365895947088967642903417137343406143451131925561344" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899277000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899277 1760899357 - NODATA", - "ingestionTime": 1760899383557, - "eventId": "39269366096653795754418511706508067602588769954444738560" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899279000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899279 1760899354 - NODATA", - "ingestionTime": 1760899375789, - "eventId": "39269366141255286151479757980188263671694646889969090560" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899288000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899288 1760899366 - NODATA", - "ingestionTime": 1760899388348, - "eventId": "39269366341961992938255366269192792323452373303055679488" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899300000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899300 1760899376 - NODATA", - "ingestionTime": 1760899395510, - "eventId": "39269366609570935320622843976279590850532930483845660672" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899303000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899303 1760899380 - NODATA", - "ingestionTime": 1760899402603, - "eventId": "39269366676473170916214713409461765483202400075214487552" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899306000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899306 1760899386 - NODATA", - "ingestionTime": 1760899412895, - "eventId": "39269366743375406511806582846511427624322751494860505088" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899310000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899310 1760899380 - NODATA", - "ingestionTime": 1760899395134, - "eventId": "39269366832578387305929075391182663628086837781737963520" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899317000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899317 1760899395 - NODATA", - "ingestionTime": 1760899418476, - "eventId": "39269366988683603695643437410151409985647474216352808960" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899327000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899327 1760899406 - NODATA", - "ingestionTime": 1760899427961, - "eventId": "39269367211691055680949668836975322305628309890832662528" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899337000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899337 1760899418 - NODATA", - "ingestionTime": 1760899441419, - "eventId": "39269367434698507666255900268602047290802914714464485376" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899339000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899339 1760899413 - NODATA", - "ingestionTime": 1760899434885, - "eventId": "39269367479299998063317146543774332908299324003100655616" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899347000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899347 1760899425 - NODATA", - "ingestionTime": 1760899448149, - "eventId": "39269367657705959651562131692095166344766109020749955072" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899359000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899359 1760899432 - NODATA", - "ingestionTime": 1760899455891, - "eventId": "39269367925314902033929609399883347029227605362739380224" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899363000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899363 1760899441 - NODATA", - "ingestionTime": 1760899464135, - "eventId": "39269368014517882828052101975992624387814190561399472128" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899370000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899370 1760899448 - NODATA", - "ingestionTime": 1760899472247, - "eventId": "39269368170623099217766463976549679571305673638122553344" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899372000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899372 1760899441 - NODATA", - "ingestionTime": 1760899454756, - "eventId": "39269368215224589614827710238475764050073513625449529344" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899378000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899378 1760899456 - NODATA", - "ingestionTime": 1760899479346, - "eventId": "39269368349029060806011449117417562346652554701689978880" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899384000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899384 1760899466 - NODATA", - "ingestionTime": 1760899487743, - "eventId": "39269368482833531997195187976783303479786335592399568896" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899398000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899398 1760899478 - NODATA", - "ingestionTime": 1760899501644, - "eventId": "39269368795043964776623911975088452917773045617133158400" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899399000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899399 1760899474 - NODATA", - "ingestionTime": 1760899494757, - "eventId": "39269368817344709975154535108298415284889564861552066560" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899406000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899406 1760899485 - NODATA", - "ingestionTime": 1760899508568, - "eventId": "39269368973449926364868897115744601996530808388858806272" - } - ], - "eni-0c663685d7a12552e-all": [ - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899049000, - "message": "2 211203495394 eni-0c663685d7a12552e - - - - - - - 1760899049 1760899080 - NODATA", - "ingestionTime": 1760899108302, - "eventId": "39269361012083890489436435103601333327618873734687293440" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899082000, - "message": "2 211203495394 eni-0c663685d7a12552e - - - - - - - 1760899082 1760899113 - NODATA", - "ingestionTime": 1760899132564, - "eventId": "39269361748008482040946998803610793217379998222267121664" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899082000, - "message": "2 211203495394 eni-0c663685d7a12552e - - - - - - - 1760899082 1760899113 - NODATA", - "ingestionTime": 1760899140789, - "eventId": "39269361748008482040946998813554652559287219887603974144" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899091000, - "message": "2 211203495394 eni-0c663685d7a12552e - - - - - - - 1760899091 1760899122 - NODATA", - "ingestionTime": 1760899148802, - "eventId": "39269361948715188827722607097063154459454311630899052544" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899109000, - "message": "2 211203495394 eni-0c663685d7a12552e - - - - - - - 1760899109 1760899140 - NODATA", - "ingestionTime": 1760899166694, - "eventId": "39269362350128602401273823666335815046678932194937012224" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899116000, - "message": "2 211203495394 eni-0c663685d7a12552e - - - - - - - 1760899116 1760899147 - NODATA", - "ingestionTime": 1760899170187, - "eventId": "39269362506233818790988185661308757080951528467498336256" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899162000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.157 10.0.4.186 11746 80 6 3 180 1760899162 1760899178 ACCEPT OK", - "ingestionTime": 1760899205483, - "eventId": "39269363532068097923396850214622116377285153352668872704" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899162000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.42.79 10.0.4.186 61890 80 6 3 180 1760899162 1760899178 ACCEPT OK", - "ingestionTime": 1760899205483, - "eventId": "39269363532068097923396850214622116377285153352668872705" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899162000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.18.159 10.0.4.186 30506 80 6 3 180 1760899162 1760899178 ACCEPT OK", - "ingestionTime": 1760899205483, - "eventId": "39269363532068097923396850214622116377285153352668872706" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899162000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.223 10.0.4.186 51838 21 6 4 240 1760899162 1760899178 ACCEPT OK", - "ingestionTime": 1760899205483, - "eventId": "39269363532068097923396850214622116377285153352668872707" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899167000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.53 10.0.4.186 51186 80 6 1 60 1760899167 1760899168 ACCEPT OK", - "ingestionTime": 1760899196244, - "eventId": "39269363643571823916049965911131435251312323702065594368" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899168000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.34.110 10.0.4.186 62602 80 6 3 180 1760899168 1760899168 ACCEPT OK", - "ingestionTime": 1760899186752, - "eventId": "39269363665872569114580589041192263286404541704439988224" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899174000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.42.79 10.0.4.186 58950 80 6 3 180 1760899174 1760899202 ACCEPT OK", - "ingestionTime": 1760899227465, - "eventId": "39269363799677040305764327939625335514440771602895929344" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899174000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.50.103 10.0.4.186 61628 21 6 4 240 1760899174 1760899202 ACCEPT OK", - "ingestionTime": 1760899227465, - "eventId": "39269363799677040305764327939625335514440771602895929345" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899174000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.34.110 10.0.4.186 28840 80 6 3 180 1760899174 1760899202 ACCEPT OK", - "ingestionTime": 1760899227465, - "eventId": "39269363799677040305764327939625335514440771602895929346" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899174000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.236 10.0.4.186 31192 80 6 3 180 1760899174 1760899202 ACCEPT OK", - "ingestionTime": 1760899227465, - "eventId": "39269363799677040305764327939625335514440771602895929347" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899174000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.53 10.0.4.186 18756 80 6 3 180 1760899174 1760899202 ACCEPT OK", - "ingestionTime": 1760899227465, - "eventId": "39269363799677040305764327939625335514440771602895929348" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899174000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.18.159 10.0.4.186 21192 80 6 3 180 1760899174 1760899202 ACCEPT OK", - "ingestionTime": 1760899227465, - "eventId": "39269363799677040305764327939625335514440771602895929349" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899174000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.10.34 10.0.4.186 27324 80 6 3 180 1760899174 1760899202 ACCEPT OK", - "ingestionTime": 1760899227465, - "eventId": "39269363799677040305764327939625335514440771602895929350" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899174000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 60254 80 6 3 180 1760899174 1760899202 ACCEPT OK", - "ingestionTime": 1760899227465, - "eventId": "39269363799677040305764327939625335514440771602895929351" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899174000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 64846 21 6 4 240 1760899174 1760899202 ACCEPT OK", - "ingestionTime": 1760899227465, - "eventId": "39269363799677040305764327939625335514440771602895929352" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899178000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.126 10.0.4.186 58248 21 6 2 120 1760899178 1760899198 ACCEPT OK", - "ingestionTime": 1760899219438, - "eventId": "39269363888880021099886820496064163309696336621526056960" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899178000, - "message": "2 211203495394 eni-0c663685d7a12552e - - - - - - - 1760899178 1760899198 - SKIPDATA", - "ingestionTime": 1760899219438, - "eventId": "39269363888880021099886820496064163309696336621526056961" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899179000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.53 10.0.4.186 12938 80 6 3 180 1760899179 1760899198 ACCEPT OK", - "ingestionTime": 1760899224181, - "eventId": "39269363911180766298417443643333850736109110331867136000" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899179000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.121 10.0.4.186 35548 80 6 2 120 1760899179 1760899198 ACCEPT OK", - "ingestionTime": 1760899224181, - "eventId": "39269363911180766298417443643333850736109110331867136001" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899179000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.50.153 10.0.4.186 63002 80 6 3 180 1760899179 1760899198 ACCEPT OK", - "ingestionTime": 1760899224181, - "eventId": "39269363911180766298417443643333850736109110331867136002" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899179000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.236 10.0.4.186 25612 80 6 3 180 1760899179 1760899198 ACCEPT OK", - "ingestionTime": 1760899224181, - "eventId": "39269363911180766298417443643333850736109110331867136003" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899179000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.46.102 10.0.4.186 64300 80 6 3 180 1760899179 1760899198 ACCEPT OK", - "ingestionTime": 1760899224181, - "eventId": "39269363911180766298417443643333850736109110331867136004" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899179000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.65 10.0.4.186 59962 21 6 4 240 1760899179 1760899198 ACCEPT OK", - "ingestionTime": 1760899224181, - "eventId": "39269363911180766298417443643333850736109110331867136005" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899179000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.236 10.0.4.186 23106 80 6 3 180 1760899179 1760899198 ACCEPT OK", - "ingestionTime": 1760899224181, - "eventId": "39269363911180766298417443643333850736109110331867136006" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899180000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.46.102 10.0.4.186 48432 80 6 3 180 1760899180 1760899203 ACCEPT OK", - "ingestionTime": 1760899228401, - "eventId": "39269363933481511496948066789971124609989122462542594048" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899180000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.6.212 10.0.4.186 58270 80 6 3 180 1760899180 1760899203 ACCEPT OK", - "ingestionTime": 1760899228401, - "eventId": "39269363933481511496948066789971124609989122462542594049" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899180000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.50.153 10.0.4.186 49854 80 6 3 180 1760899180 1760899203 ACCEPT OK", - "ingestionTime": 1760899228401, - "eventId": "39269363933481511496948066789971124609989122462542594050" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899180000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.157 10.0.4.186 23738 80 6 2 120 1760899180 1760899203 ACCEPT OK", - "ingestionTime": 1760899228401, - "eventId": "39269363933481511496948066789971124609989122462542594051" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899180000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.42.79 10.0.4.186 32716 80 6 3 180 1760899180 1760899203 ACCEPT OK", - "ingestionTime": 1760899228401, - "eventId": "39269363933481511496948066789971124609989122462542594052" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899180000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.22.186 10.0.4.186 13690 80 6 3 180 1760899180 1760899203 ACCEPT OK", - "ingestionTime": 1760899228401, - "eventId": "39269363933481511496948066789971124609989122462542594053" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899180000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.6.212 10.0.4.186 25162 80 6 3 180 1760899180 1760899203 ACCEPT OK", - "ingestionTime": 1760899228401, - "eventId": "39269363933481511496948066789971124609989122462542594054" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899180000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.2.130 10.0.4.186 23936 80 6 3 180 1760899180 1760899203 ACCEPT OK", - "ingestionTime": 1760899228401, - "eventId": "39269363933481511496948066789971124609989122462542594055" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899180000, - "message": "2 211203495394 eni-0c663685d7a12552e 147.185.133.187 10.0.4.186 51796 22127 6 1 44 1760899180 1760899203 ACCEPT OK", - "ingestionTime": 1760899228401, - "eventId": "39269363933481511496948066789971124609989122462542594056" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899185000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.46.163 10.0.4.186 63332 21 6 4 240 1760899185 1760899211 ACCEPT OK", - "ingestionTime": 1760899234349, - "eventId": "39269364044985237489601182504840751540501141175370186752" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899185000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 44282 80 6 3 180 1760899185 1760899211 ACCEPT OK", - "ingestionTime": 1760899234349, - "eventId": "39269364044985237489601182504840751540501141175370186753" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899185000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.10.34 10.0.4.186 23342 80 6 3 180 1760899185 1760899211 ACCEPT OK", - "ingestionTime": 1760899234349, - "eventId": "39269364044985237489601182504840751540501141175370186754" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899185000, - "message": "2 211203495394 eni-0c663685d7a12552e 106.75.132.124 10.0.4.186 58914 16030 6 1 44 1760899185 1760899211 ACCEPT OK", - "ingestionTime": 1760899234349, - "eventId": "39269364044985237489601182504840751540501141175370186755" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899185000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.157 10.0.4.186 19302 80 6 3 180 1760899185 1760899211 ACCEPT OK", - "ingestionTime": 1760899234349, - "eventId": "39269364044985237489601182504840751540501141175370186756" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899185000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.126 10.0.4.186 21326 21 6 4 240 1760899185 1760899211 ACCEPT OK", - "ingestionTime": 1760899234349, - "eventId": "39269364044985237489601182504840751540501141175370186757" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899185000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.2.31 10.0.4.186 50342 21 6 4 240 1760899185 1760899211 ACCEPT OK", - "ingestionTime": 1760899234349, - "eventId": "39269364044985237489601182504840751540501141175370186758" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899185000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.34.110 10.0.4.186 23068 80 6 3 180 1760899185 1760899211 ACCEPT OK", - "ingestionTime": 1760899234349, - "eventId": "39269364044985237489601182504840751540501141175370186759" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899202000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.22.186 10.0.4.186 17032 80 6 3 180 1760899202 1760899227 ACCEPT OK", - "ingestionTime": 1760899250498, - "eventId": "39269364424097905864621775930470839600126213347255517184" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899202000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.38.30 10.0.4.186 62372 21 6 4 240 1760899202 1760899227 ACCEPT OK", - "ingestionTime": 1760899250498, - "eventId": "39269364424097905864621775930470839600126213347255517185" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899202000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.10.34 10.0.4.186 41180 80 6 3 180 1760899202 1760899227 ACCEPT OK", - "ingestionTime": 1760899250498, - "eventId": "39269364424097905864621775930470839600126213347255517186" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899202000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.223 10.0.4.186 31518 21 6 1 60 1760899202 1760899227 ACCEPT OK", - "ingestionTime": 1760899250498, - "eventId": "39269364424097905864621775930470839600126213347255517187" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899202000, - "message": "2 211203495394 eni-0c663685d7a12552e - - - - - - - 1760899202 1760899227 - SKIPDATA", - "ingestionTime": 1760899250498, - "eventId": "39269364424097905864621775930470839600126213347255517188" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899203000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.18.2 10.0.4.186 15264 21 6 4 240 1760899203 1760899231 ACCEPT OK", - "ingestionTime": 1760899256537, - "eventId": "39269364446398651063152399079306998401830121570508734464" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899203000, - "message": "2 211203495394 eni-0c663685d7a12552e 147.185.132.112 10.0.4.186 55662 1000 6 1 44 1760899203 1760899231 ACCEPT OK", - "ingestionTime": 1760899256537, - "eventId": "39269364446398651063152399079306998401830121570508734465" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899203000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.53 10.0.4.186 51810 80 6 3 180 1760899203 1760899231 ACCEPT OK", - "ingestionTime": 1760899256537, - "eventId": "39269364446398651063152399079306998401830121570508734466" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899203000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.42.79 10.0.4.186 52632 80 6 3 180 1760899203 1760899231 ACCEPT OK", - "ingestionTime": 1760899256537, - "eventId": "39269364446398651063152399079306998401830121570508734467" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899203000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.6.212 10.0.4.186 20720 80 6 3 180 1760899203 1760899231 ACCEPT OK", - "ingestionTime": 1760899256537, - "eventId": "39269364446398651063152399079306998401830121570508734468" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899203000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.53 10.0.4.186 14584 80 6 3 180 1760899203 1760899231 ACCEPT OK", - "ingestionTime": 1760899256537, - "eventId": "39269364446398651063152399079306998401830121570508734469" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899204000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.121 10.0.4.186 56998 80 6 3 180 1760899204 1760899229 ACCEPT OK", - "ingestionTime": 1760899254653, - "eventId": "39269364468699396261683022218565255383966816229444222976" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899204000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.38.30 10.0.4.186 47540 21 6 4 240 1760899204 1760899229 ACCEPT OK", - "ingestionTime": 1760899254653, - "eventId": "39269364468699396261683022218565255383966816229444222977" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899204000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.174 10.0.4.186 49866 80 6 3 180 1760899204 1760899229 ACCEPT OK", - "ingestionTime": 1760899254653, - "eventId": "39269364468699396261683022218565255383966816229444222978" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899204000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.22.186 10.0.4.186 43784 80 6 3 180 1760899204 1760899229 ACCEPT OK", - "ingestionTime": 1760899254653, - "eventId": "39269364468699396261683022218565255383966816229444222979" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899204000, - "message": "2 211203495394 eni-0c663685d7a12552e 20.55.98.221 10.0.4.186 34398 9043 6 1 40 1760899204 1760899229 ACCEPT OK", - "ingestionTime": 1760899254653, - "eventId": "39269364468699396261683022218565255383966816229444222980" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899204000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.38.48 10.0.4.186 57822 80 6 3 180 1760899204 1760899229 ACCEPT OK", - "ingestionTime": 1760899254653, - "eventId": "39269364468699396261683022218565255383966816229444222981" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899204000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.174 10.0.4.186 39476 80 6 2 120 1760899204 1760899229 ACCEPT OK", - "ingestionTime": 1760899254653, - "eventId": "39269364468699396261683022218565255383966816229444222982" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899204000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.236 10.0.4.186 38986 80 6 3 180 1760899204 1760899229 ACCEPT OK", - "ingestionTime": 1760899254653, - "eventId": "39269364468699396261683022218565255383966816229444222983" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899204000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.174 10.0.4.186 65242 80 6 2 120 1760899204 1760899229 ACCEPT OK", - "ingestionTime": 1760899254653, - "eventId": "39269364468699396261683022218565255383966816229444222984" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899206000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.34.56 10.0.4.186 33810 21 6 4 240 1760899206 1760899233 ACCEPT OK", - "ingestionTime": 1760899270180, - "eventId": "39269364513300886658744268520407384442036666873718505472" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899206000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.236 10.0.4.186 48444 80 6 3 180 1760899206 1760899233 ACCEPT OK", - "ingestionTime": 1760899270180, - "eventId": "39269364513300886658744268520407384442036666873718505473" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899206000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.46.102 10.0.4.186 45660 80 6 3 180 1760899206 1760899233 ACCEPT OK", - "ingestionTime": 1760899270180, - "eventId": "39269364513300886658744268520407384442036666873718505474" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899206000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 31386 80 6 2 120 1760899206 1760899233 ACCEPT OK", - "ingestionTime": 1760899270180, - "eventId": "39269364513300886658744268520407384442036666873718505475" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899206000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.65 10.0.4.186 26686 21 6 4 240 1760899206 1760899233 ACCEPT OK", - "ingestionTime": 1760899270180, - "eventId": "39269364513300886658744268520407384442036666873718505476" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899206000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.236 10.0.4.186 46464 80 6 3 180 1760899206 1760899233 ACCEPT OK", - "ingestionTime": 1760899270180, - "eventId": "39269364513300886658744268520407384442036666873718505477" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899206000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 22492 21 6 4 240 1760899206 1760899233 ACCEPT OK", - "ingestionTime": 1760899270180, - "eventId": "39269364513300886658744268520407384442036666873718505478" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899206000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.10.12 10.0.4.186 37402 21 6 4 240 1760899206 1760899233 ACCEPT OK", - "ingestionTime": 1760899270180, - "eventId": "39269364513300886658744268520407384442036666873718505479" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899206000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.2.130 10.0.4.186 24724 80 6 3 180 1760899206 1760899233 ACCEPT OK", - "ingestionTime": 1760899270180, - "eventId": "39269364513300886658744268520407384442036666873718505480" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899206000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.18.159 10.0.4.186 26010 80 6 1 60 1760899206 1760899233 ACCEPT OK", - "ingestionTime": 1760899270180, - "eventId": "39269364513300886658744268520407384442036666873718505481" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899213000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.2.130 10.0.4.186 20214 80 6 3 180 1760899213 1760899230 ACCEPT OK", - "ingestionTime": 1760899264747, - "eventId": "39269364669406103048458630504589803011738388876469927936" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899213000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.174 10.0.4.186 58154 80 6 3 180 1760899213 1760899230 ACCEPT OK", - "ingestionTime": 1760899264747, - "eventId": "39269364669406103048458630504589803011738388876469927937" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899213000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.53 10.0.4.186 28818 80 6 3 180 1760899213 1760899230 ACCEPT OK", - "ingestionTime": 1760899264747, - "eventId": "39269364669406103048458630504589803011738388876469927938" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899213000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.18.159 10.0.4.186 9466 80 6 3 180 1760899213 1760899230 ACCEPT OK", - "ingestionTime": 1760899264747, - "eventId": "39269364669406103048458630504589803011738388876469927939" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899213000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.121 10.0.4.186 46052 80 6 3 180 1760899213 1760899230 ACCEPT OK", - "ingestionTime": 1760899264747, - "eventId": "39269364669406103048458630504589803011738388876469927940" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899213000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.174 10.0.4.186 37932 80 6 3 180 1760899213 1760899230 ACCEPT OK", - "ingestionTime": 1760899264747, - "eventId": "39269364669406103048458630504589803011738388876469927941" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899213000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.6.1 10.0.4.186 19968 21 6 4 240 1760899213 1760899230 ACCEPT OK", - "ingestionTime": 1760899264747, - "eventId": "39269364669406103048458630504589803011738388876469927942" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.34.110 10.0.4.186 11524 80 6 3 180 1760899232 1760899257 ACCEPT OK", - "ingestionTime": 1760899285448, - "eventId": "39269365093120261820540470218794089633773079118103052288" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.157 10.0.4.186 18592 80 6 3 180 1760899232 1760899257 ACCEPT OK", - "ingestionTime": 1760899285448, - "eventId": "39269365093120261820540470218794089633773079118103052289" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.6.212 10.0.4.186 14624 80 6 3 180 1760899232 1760899257 ACCEPT OK", - "ingestionTime": 1760899285448, - "eventId": "39269365093120261820540470218794089633773079118103052290" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.2.130 10.0.4.186 33664 80 6 3 180 1760899232 1760899257 ACCEPT OK", - "ingestionTime": 1760899285448, - "eventId": "39269365093120261820540470218794089633773079118103052291" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.121 10.0.4.186 45696 80 6 1 60 1760899232 1760899257 ACCEPT OK", - "ingestionTime": 1760899285448, - "eventId": "39269365093120261820540470218794089633773079118103052292" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.18.159 10.0.4.186 40504 80 6 3 180 1760899232 1760899257 ACCEPT OK", - "ingestionTime": 1760899285448, - "eventId": "39269365093120261820540470218794089633773079118103052293" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.38.48 10.0.4.186 57692 80 6 3 180 1760899232 1760899257 ACCEPT OK", - "ingestionTime": 1760899285448, - "eventId": "39269365093120261820540470218794089633773079118103052294" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0c663685d7a12552e - - - - - - - 1760899232 1760899257 - SKIPDATA", - "ingestionTime": 1760899285448, - "eventId": "39269365093120261820540470218794089633773079118103052295" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.22.186 10.0.4.186 25492 80 6 3 180 1760899232 1760899258 ACCEPT OK", - "ingestionTime": 1760899289700, - "eventId": "39269365093120261820540470223934830587421978269470359552" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.2.130 10.0.4.186 43258 80 6 3 180 1760899232 1760899258 ACCEPT OK", - "ingestionTime": 1760899289700, - "eventId": "39269365093120261820540470223934830587421978269470359553" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.9 10.0.4.186 61000 21 6 4 240 1760899232 1760899258 ACCEPT OK", - "ingestionTime": 1760899289700, - "eventId": "39269365093120261820540470223934830587421978269470359554" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0c663685d7a12552e 205.210.31.152 10.0.4.186 54664 990 6 1 44 1760899232 1760899258 ACCEPT OK", - "ingestionTime": 1760899289700, - "eventId": "39269365093120261820540470223934830587421978269470359555" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.121 10.0.4.186 35548 80 6 1 60 1760899232 1760899258 ACCEPT OK", - "ingestionTime": 1760899289700, - "eventId": "39269365093120261820540470223934830587421978269470359556" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.10.34 10.0.4.186 59684 80 6 3 180 1760899232 1760899258 ACCEPT OK", - "ingestionTime": 1760899289700, - "eventId": "39269365093120261820540470223934830587421978269470359557" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 36584 80 6 3 180 1760899232 1760899258 ACCEPT OK", - "ingestionTime": 1760899289700, - "eventId": "39269365093120261820540470223934830587421978269470359558" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.34.110 10.0.4.186 58110 80 6 3 180 1760899232 1760899258 ACCEPT OK", - "ingestionTime": 1760899289700, - "eventId": "39269365093120261820540470223934830587421978269470359559" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.50.103 10.0.4.186 44360 21 6 4 240 1760899232 1760899258 ACCEPT OK", - "ingestionTime": 1760899289700, - "eventId": "39269365093120261820540470223934830587421978269470359560" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.18.159 10.0.4.186 20358 80 6 3 180 1760899232 1760899258 ACCEPT OK", - "ingestionTime": 1760899289700, - "eventId": "39269365093120261820540470223934830587421978269470359561" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.10.12 10.0.4.186 30734 21 6 4 240 1760899232 1760899258 ACCEPT OK", - "ingestionTime": 1760899289700, - "eventId": "39269365093120261820540470223934830587421978269470359562" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.6.212 10.0.4.186 56320 80 6 3 180 1760899232 1760899258 ACCEPT OK", - "ingestionTime": 1760899289700, - "eventId": "39269365093120261820540470223934830587421978269470359563" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.9 10.0.4.186 60778 21 6 4 240 1760899232 1760899258 ACCEPT OK", - "ingestionTime": 1760899289700, - "eventId": "39269365093120261820540470223934830587421978269470359564" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899234000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.174 10.0.4.186 61920 80 6 3 180 1760899234 1760899259 ACCEPT OK", - "ingestionTime": 1760899285660, - "eventId": "39269365137721752217601716502122007999983747994912948224" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899234000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.46.102 10.0.4.186 9896 80 6 3 180 1760899234 1760899259 ACCEPT OK", - "ingestionTime": 1760899285660, - "eventId": "39269365137721752217601716502122007999983747994912948225" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899234000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.42.79 10.0.4.186 29784 21 6 4 240 1760899234 1760899259 ACCEPT OK", - "ingestionTime": 1760899285660, - "eventId": "39269365137721752217601716502122007999983747994912948226" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899234000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.223 10.0.4.186 39582 21 6 4 240 1760899234 1760899259 ACCEPT OK", - "ingestionTime": 1760899285660, - "eventId": "39269365137721752217601716502122007999983747994912948227" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899234000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.121 10.0.4.186 26504 80 6 3 180 1760899234 1760899259 ACCEPT OK", - "ingestionTime": 1760899285660, - "eventId": "39269365137721752217601716502122007999983747994912948228" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899234000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.53 10.0.4.186 63958 80 6 3 180 1760899234 1760899259 ACCEPT OK", - "ingestionTime": 1760899285660, - "eventId": "39269365137721752217601716502122007999983747994912948229" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899234000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.157 10.0.4.186 15152 80 6 3 180 1760899234 1760899259 ACCEPT OK", - "ingestionTime": 1760899285660, - "eventId": "39269365137721752217601716502122007999983747994912948230" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899234000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.157 10.0.4.186 32292 80 6 3 180 1760899234 1760899259 ACCEPT OK", - "ingestionTime": 1760899285660, - "eventId": "39269365137721752217601716502122007999983747994912948231" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899234000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.65 10.0.4.186 64704 21 6 4 240 1760899234 1760899259 ACCEPT OK", - "ingestionTime": 1760899285660, - "eventId": "39269365137721752217601716502122007999983747994912948232" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899234000, - "message": "2 211203495394 eni-0c663685d7a12552e 92.63.197.66 10.0.4.186 8080 6529 6 1 40 1760899234 1760899259 ACCEPT OK", - "ingestionTime": 1760899285660, - "eventId": "39269365137721752217601716502122007999983747994912948233" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899234000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.50.103 10.0.4.186 26690 21 6 4 240 1760899234 1760899259 ACCEPT OK", - "ingestionTime": 1760899285660, - "eventId": "39269365137721752217601716502122007999983747994912948234" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899234000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.22.186 10.0.4.186 47724 80 6 2 120 1760899234 1760899259 ACCEPT OK", - "ingestionTime": 1760899285660, - "eventId": "39269365137721752217601716502122007999983747994912948235" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899234000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.50.153 10.0.4.186 37506 80 6 3 180 1760899234 1760899259 ACCEPT OK", - "ingestionTime": 1760899285660, - "eventId": "39269365137721752217601716502122007999983747994912948236" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899234000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.34.56 10.0.4.186 40154 21 6 3 180 1760899234 1760899259 ACCEPT OK", - "ingestionTime": 1760899285660, - "eventId": "39269365137721752217601716502122007999983747994912948237" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899241000, - "message": "2 211203495394 eni-0c663685d7a12552e 35.203.211.22 10.0.4.186 57261 28009 6 1 44 1760899241 1760899271 ACCEPT OK", - "ingestionTime": 1760899292689, - "eventId": "39269365293826968607316078501369387829456268394566909952" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899241000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.38.48 10.0.4.186 45308 80 6 3 180 1760899241 1760899271 ACCEPT OK", - "ingestionTime": 1760899292689, - "eventId": "39269365293826968607316078501369387829456268394566909953" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899241000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.50.153 10.0.4.186 45524 80 6 3 180 1760899241 1760899271 ACCEPT OK", - "ingestionTime": 1760899292689, - "eventId": "39269365293826968607316078501369387829456268394566909954" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899241000, - "message": "2 211203495394 eni-0c663685d7a12552e 104.237.144.186 10.0.4.186 61000 443 6 1 40 1760899241 1760899271 ACCEPT OK", - "ingestionTime": 1760899292689, - "eventId": "39269365293826968607316078501369387829456268394566909955" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899241000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.236 10.0.4.186 16088 80 6 3 180 1760899241 1760899271 ACCEPT OK", - "ingestionTime": 1760899292689, - "eventId": "39269365293826968607316078501369387829456268394566909956" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899241000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 50098 80 6 3 180 1760899241 1760899271 ACCEPT OK", - "ingestionTime": 1760899292689, - "eventId": "39269365293826968607316078501369387829456268394566909957" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899241000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.174 10.0.4.186 13406 80 6 3 180 1760899241 1760899271 ACCEPT OK", - "ingestionTime": 1760899292689, - "eventId": "39269365293826968607316078501369387829456268394566909958" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899241000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.6.1 10.0.4.186 38794 21 6 4 240 1760899241 1760899271 ACCEPT OK", - "ingestionTime": 1760899292689, - "eventId": "39269365293826968607316078501369387829456268394566909959" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899241000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.2.130 10.0.4.186 64922 80 6 3 180 1760899241 1760899271 ACCEPT OK", - "ingestionTime": 1760899292689, - "eventId": "39269365293826968607316078501369387829456268394566909960" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899241000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.2.31 10.0.4.186 10732 21 6 4 240 1760899241 1760899271 ACCEPT OK", - "ingestionTime": 1760899292689, - "eventId": "39269365293826968607316078501369387829456268394566909961" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899241000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.174 10.0.4.186 28496 80 6 2 120 1760899241 1760899271 ACCEPT OK", - "ingestionTime": 1760899292689, - "eventId": "39269365293826968607316078501369387829456268394566909962" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899266000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.46.163 10.0.4.186 14348 21 6 4 240 1760899266 1760899289 ACCEPT OK", - "ingestionTime": 1760899317595, - "eventId": "39269365851345598570581657069872125075764465110652747776" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899266000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.42.79 10.0.4.186 52754 80 6 3 180 1760899266 1760899289 ACCEPT OK", - "ingestionTime": 1760899317595, - "eventId": "39269365851345598570581657069872125075764465110652747777" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899266000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.10.34 10.0.4.186 39232 80 6 1 60 1760899266 1760899289 ACCEPT OK", - "ingestionTime": 1760899317595, - "eventId": "39269365851345598570581657069872125075764465110652747778" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899266000, - "message": "2 211203495394 eni-0c663685d7a12552e 147.185.133.252 10.0.4.186 56557 9202 6 1 44 1760899266 1760899289 ACCEPT OK", - "ingestionTime": 1760899317595, - "eventId": "39269365851345598570581657069872125075764465110652747779" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899266000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.126 10.0.4.186 42982 21 6 4 240 1760899266 1760899289 ACCEPT OK", - "ingestionTime": 1760899317595, - "eventId": "39269365851345598570581657069872125075764465110652747780" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899266000, - "message": "2 211203495394 eni-0c663685d7a12552e - - - - - - - 1760899266 1760899289 - SKIPDATA", - "ingestionTime": 1760899317595, - "eventId": "39269365851345598570581657069872125075764465110652747781" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899266000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.2.31 10.0.4.186 39548 21 6 4 240 1760899266 1760899292 ACCEPT OK", - "ingestionTime": 1760899318688, - "eventId": "39269365851345598570581657071193168064314455622888390656" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899266000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.18.159 10.0.4.186 60954 80 6 3 180 1760899266 1760899292 ACCEPT OK", - "ingestionTime": 1760899318688, - "eventId": "39269365851345598570581657071193168064314455622888390657" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899266000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.121 10.0.4.186 42456 80 6 3 180 1760899266 1760899292 ACCEPT OK", - "ingestionTime": 1760899318688, - "eventId": "39269365851345598570581657071193168064314455622888390658" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899266000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.34.56 10.0.4.186 59042 21 6 4 240 1760899266 1760899292 ACCEPT OK", - "ingestionTime": 1760899318688, - "eventId": "39269365851345598570581657071193168064314455622888390659" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899266000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.157 10.0.4.186 14264 80 6 3 180 1760899266 1760899292 ACCEPT OK", - "ingestionTime": 1760899318688, - "eventId": "39269365851345598570581657071193168064314455622888390660" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899266000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.6.212 10.0.4.186 54860 80 6 3 180 1760899266 1760899292 ACCEPT OK", - "ingestionTime": 1760899318688, - "eventId": "39269365851345598570581657071193168064314455622888390661" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899266000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.22.186 10.0.4.186 57124 80 6 3 180 1760899266 1760899292 ACCEPT OK", - "ingestionTime": 1760899318688, - "eventId": "39269365851345598570581657071193168064314455622888390662" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899266000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.38.30 10.0.4.186 13064 21 6 4 240 1760899266 1760899292 ACCEPT OK", - "ingestionTime": 1760899318688, - "eventId": "39269365851345598570581657071193168064314455622888390663" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899266000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.10.34 10.0.4.186 64866 80 6 3 180 1760899266 1760899292 ACCEPT OK", - "ingestionTime": 1760899318688, - "eventId": "39269365851345598570581657071193168064314455622888390664" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899266000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.174 10.0.4.186 65242 80 6 1 60 1760899266 1760899292 ACCEPT OK", - "ingestionTime": 1760899318688, - "eventId": "39269365851345598570581657071193168064314455622888390665" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899266000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.174 10.0.4.186 35662 80 6 3 180 1760899266 1760899292 ACCEPT OK", - "ingestionTime": 1760899318688, - "eventId": "39269365851345598570581657071193168064314455622888390666" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899267000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.10.34 10.0.4.186 11826 80 6 3 180 1760899267 1760899292 ACCEPT OK", - "ingestionTime": 1760899315018, - "eventId": "39269365873646343769112280208292498433226453413528928256" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899267000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 34372 80 6 2 120 1760899267 1760899292 ACCEPT OK", - "ingestionTime": 1760899315018, - "eventId": "39269365873646343769112280208292498433226453413528928257" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899267000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.42.79 10.0.4.186 23486 80 6 3 180 1760899267 1760899292 ACCEPT OK", - "ingestionTime": 1760899315018, - "eventId": "39269365873646343769112280208292498433226453413528928258" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899267000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.10.34 10.0.4.186 45170 80 6 3 180 1760899267 1760899292 ACCEPT OK", - "ingestionTime": 1760899315018, - "eventId": "39269365873646343769112280208292498433226453413528928259" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899267000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.50.153 10.0.4.186 59316 80 6 3 180 1760899267 1760899292 ACCEPT OK", - "ingestionTime": 1760899315018, - "eventId": "39269365873646343769112280208292498433226453413528928260" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899267000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.34.110 10.0.4.186 41556 80 6 3 180 1760899267 1760899292 ACCEPT OK", - "ingestionTime": 1760899315018, - "eventId": "39269365873646343769112280208292498433226453413528928261" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899267000, - "message": "2 211203495394 eni-0c663685d7a12552e 165.154.173.104 10.0.4.186 45123 15200 6 1 40 1760899267 1760899292 ACCEPT OK", - "ingestionTime": 1760899315018, - "eventId": "39269365873646343769112280208292498433226453413528928262" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899267000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.42.79 10.0.4.186 57032 80 6 3 180 1760899267 1760899292 ACCEPT OK", - "ingestionTime": 1760899315018, - "eventId": "39269365873646343769112280208292498433226453413528928263" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899267000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.9 10.0.4.186 63148 21 6 4 240 1760899267 1760899292 ACCEPT OK", - "ingestionTime": 1760899315018, - "eventId": "39269365873646343769112280208292498433226453413528928264" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899267000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.121 10.0.4.186 27420 80 6 3 180 1760899267 1760899292 ACCEPT OK", - "ingestionTime": 1760899315018, - "eventId": "39269365873646343769112280208292498433226453413528928265" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899267000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.6.212 10.0.4.186 52372 80 6 3 180 1760899267 1760899292 ACCEPT OK", - "ingestionTime": 1760899315018, - "eventId": "39269365873646343769112280208292498433226453413528928266" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899268000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.2.130 10.0.4.186 50536 80 6 2 120 1760899268 1760899295 ACCEPT OK", - "ingestionTime": 1760899314622, - "eventId": "39269365895947088967642903349349050755686339000491442176" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899268000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 35356 21 6 4 240 1760899268 1760899295 ACCEPT OK", - "ingestionTime": 1760899314622, - "eventId": "39269365895947088967642903349349050755686339000491442177" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899268000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 31386 80 6 1 60 1760899268 1760899295 ACCEPT OK", - "ingestionTime": 1760899314622, - "eventId": "39269365895947088967642903349349050755686339000491442178" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899268000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.2.130 10.0.4.186 60380 80 6 3 180 1760899268 1760899295 ACCEPT OK", - "ingestionTime": 1760899314622, - "eventId": "39269365895947088967642903349349050755686339000491442179" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899268000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.38.48 10.0.4.186 34026 80 6 3 180 1760899268 1760899295 ACCEPT OK", - "ingestionTime": 1760899314622, - "eventId": "39269365895947088967642903349349050755686339000491442180" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899268000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.6.1 10.0.4.186 38404 21 6 4 240 1760899268 1760899295 ACCEPT OK", - "ingestionTime": 1760899314622, - "eventId": "39269365895947088967642903349349050755686339000491442181" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899268000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.42.79 10.0.4.186 16084 80 6 3 180 1760899268 1760899295 ACCEPT OK", - "ingestionTime": 1760899314622, - "eventId": "39269365895947088967642903349349050755686339000491442182" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899268000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.34.110 10.0.4.186 26236 80 6 3 180 1760899268 1760899295 ACCEPT OK", - "ingestionTime": 1760899314622, - "eventId": "39269365895947088967642903349349050755686339000491442183" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899268000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.46.102 10.0.4.186 11320 80 6 3 180 1760899268 1760899295 ACCEPT OK", - "ingestionTime": 1760899314622, - "eventId": "39269365895947088967642903349349050755686339000491442184" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899268000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.22.145 10.0.4.186 64576 21 6 3 180 1760899268 1760899295 ACCEPT OK", - "ingestionTime": 1760899314622, - "eventId": "39269365895947088967642903349349050755686339000491442185" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899268000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.174 10.0.4.186 13916 80 6 3 180 1760899268 1760899295 ACCEPT OK", - "ingestionTime": 1760899314622, - "eventId": "39269365895947088967642903349349050755686339000491442186" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899268000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.42.79 10.0.4.186 30326 21 6 4 240 1760899268 1760899295 ACCEPT OK", - "ingestionTime": 1760899314622, - "eventId": "39269365895947088967642903349349050755686339000491442187" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899268000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.38.48 10.0.4.186 41588 80 6 3 180 1760899268 1760899295 ACCEPT OK", - "ingestionTime": 1760899314622, - "eventId": "39269365895947088967642903349349050755686339000491442188" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899268000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.18.159 10.0.4.186 26010 80 6 2 120 1760899268 1760899295 ACCEPT OK", - "ingestionTime": 1760899314622, - "eventId": "39269365895947088967642903349349050755686339000491442189" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899275000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.50.153 10.0.4.186 37620 80 6 3 180 1760899275 1760899291 ACCEPT OK", - "ingestionTime": 1760899337373, - "eventId": "39269366052052305357357265367603453834478211298574204928" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899275000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.50.153 10.0.4.186 60708 80 6 3 180 1760899275 1760899291 ACCEPT OK", - "ingestionTime": 1760899337373, - "eventId": "39269366052052305357357265367603453834478211298574204929" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899275000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.46.163 10.0.4.186 11788 21 6 4 240 1760899275 1760899291 ACCEPT OK", - "ingestionTime": 1760899337373, - "eventId": "39269366052052305357357265367603453834478211298574204930" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899275000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.53 10.0.4.186 28350 80 6 3 180 1760899275 1760899291 ACCEPT OK", - "ingestionTime": 1760899337373, - "eventId": "39269366052052305357357265367603453834478211298574204931" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899275000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.121 10.0.4.186 60280 80 6 3 180 1760899275 1760899291 ACCEPT OK", - "ingestionTime": 1760899337373, - "eventId": "39269366052052305357357265367603453834478211298574204932" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899275000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 61052 80 6 3 180 1760899275 1760899291 ACCEPT OK", - "ingestionTime": 1760899337373, - "eventId": "39269366052052305357357265367603453834478211298574204933" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899275000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.38.30 10.0.4.186 35410 21 6 4 240 1760899275 1760899291 ACCEPT OK", - "ingestionTime": 1760899337373, - "eventId": "39269366052052305357357265367603453834478211298574204934" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899291000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.53 10.0.4.186 52400 80 6 3 180 1760899291 1760899311 ACCEPT OK", - "ingestionTime": 1760899356139, - "eventId": "39269366408864228533847235654861795305509758642954043392" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899291000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.6.212 10.0.4.186 39206 80 6 3 180 1760899291 1760899311 ACCEPT OK", - "ingestionTime": 1760899356139, - "eventId": "39269366408864228533847235654861795305509758642954043393" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899291000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.157 10.0.4.186 51290 80 6 3 180 1760899291 1760899311 ACCEPT OK", - "ingestionTime": 1760899356139, - "eventId": "39269366408864228533847235654861795305509758642954043394" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899291000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.53 10.0.4.186 33590 80 6 3 180 1760899291 1760899311 ACCEPT OK", - "ingestionTime": 1760899356139, - "eventId": "39269366408864228533847235654861795305509758642954043395" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899291000, - "message": "2 211203495394 eni-0c663685d7a12552e - - - - - - - 1760899291 1760899311 - SKIPDATA", - "ingestionTime": 1760899356139, - "eventId": "39269366408864228533847235654861795305509758642954043396" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899294000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.121 10.0.4.186 18552 80 6 2 120 1760899294 1760899320 ACCEPT OK", - "ingestionTime": 1760899346084, - "eventId": "39269366475766464129439105067313058939020123168656850944" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899294000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.46.102 10.0.4.186 14244 80 6 3 180 1760899294 1760899320 ACCEPT OK", - "ingestionTime": 1760899346084, - "eventId": "39269366475766464129439105067313058939020123168656850945" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899294000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.65 10.0.4.186 50030 21 6 4 240 1760899294 1760899320 ACCEPT OK", - "ingestionTime": 1760899346084, - "eventId": "39269366475766464129439105067313058939020123168656850946" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899294000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.42.79 10.0.4.186 30508 80 6 3 180 1760899294 1760899320 ACCEPT OK", - "ingestionTime": 1760899346084, - "eventId": "39269366475766464129439105067313058939020123168656850947" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899294000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.157 10.0.4.186 23936 80 6 3 180 1760899294 1760899320 ACCEPT OK", - "ingestionTime": 1760899346084, - "eventId": "39269366475766464129439105067313058939020123168656850948" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899294000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.121 10.0.4.186 14100 80 6 3 180 1760899294 1760899320 ACCEPT OK", - "ingestionTime": 1760899346084, - "eventId": "39269366475766464129439105067313058939020123168656850949" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899294000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.38.48 10.0.4.186 22180 80 6 3 180 1760899294 1760899320 ACCEPT OK", - "ingestionTime": 1760899346084, - "eventId": "39269366475766464129439105067313058939020123168656850950" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899294000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.2.130 10.0.4.186 17822 80 6 3 180 1760899294 1760899320 ACCEPT OK", - "ingestionTime": 1760899346084, - "eventId": "39269366475766464129439105067313058939020123168656850951" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899294000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.50.153 10.0.4.186 29332 80 6 3 180 1760899294 1760899320 ACCEPT OK", - "ingestionTime": 1760899346084, - "eventId": "39269366475766464129439105067313058939020123168656850952" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899297000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.22.186 10.0.4.186 46686 80 6 3 180 1760899297 1760899324 ACCEPT OK", - "ingestionTime": 1760899348621, - "eventId": "39269366542668699725030974494987187254788599016975499264" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899297000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.100 10.0.4.186 57958 21 6 4 240 1760899297 1760899324 ACCEPT OK", - "ingestionTime": 1760899348621, - "eventId": "39269366542668699725030974494987187254788599016975499265" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899297000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.10.12 10.0.4.186 41254 21 6 4 240 1760899297 1760899324 ACCEPT OK", - "ingestionTime": 1760899348621, - "eventId": "39269366542668699725030974494987187254788599016975499266" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899297000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.22.186 10.0.4.186 59878 80 6 3 180 1760899297 1760899324 ACCEPT OK", - "ingestionTime": 1760899348621, - "eventId": "39269366542668699725030974494987187254788599016975499267" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899297000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.18.159 10.0.4.186 14756 80 6 3 180 1760899297 1760899324 ACCEPT OK", - "ingestionTime": 1760899348621, - "eventId": "39269366542668699725030974494987187254788599016975499268" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899297000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.53 10.0.4.186 52246 80 6 3 180 1760899297 1760899324 ACCEPT OK", - "ingestionTime": 1760899348621, - "eventId": "39269366542668699725030974494987187254788599016975499269" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899297000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 52902 80 6 3 180 1760899297 1760899324 ACCEPT OK", - "ingestionTime": 1760899348621, - "eventId": "39269366542668699725030974494987187254788599016975499270" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899297000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.236 10.0.4.186 26402 80 6 3 180 1760899297 1760899324 ACCEPT OK", - "ingestionTime": 1760899348621, - "eventId": "39269366542668699725030974494987187254788599016975499271" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899297000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.38.48 10.0.4.186 21660 80 6 3 180 1760899297 1760899324 ACCEPT OK", - "ingestionTime": 1760899348621, - "eventId": "39269366542668699725030974494987187254788599016975499272" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899297000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.9 10.0.4.186 57706 21 6 4 240 1760899297 1760899324 ACCEPT OK", - "ingestionTime": 1760899348621, - "eventId": "39269366542668699725030974494987187254788599016975499273" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899297000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.38.48 10.0.4.186 40040 80 6 3 180 1760899297 1760899324 ACCEPT OK", - "ingestionTime": 1760899348621, - "eventId": "39269366542668699725030974494987187254788599016975499274" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899299000, - "message": "2 211203495394 eni-0c663685d7a12552e 205.210.31.138 10.0.4.186 50578 7547 6 1 44 1760899299 1760899320 ACCEPT OK", - "ingestionTime": 1760899345032, - "eventId": "39269366587270190122092220773720038958585659558241894400" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899299000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.34.110 10.0.4.186 58372 80 6 3 180 1760899299 1760899320 ACCEPT OK", - "ingestionTime": 1760899345032, - "eventId": "39269366587270190122092220773720038958585659558241894401" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899299000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.46.102 10.0.4.186 22358 80 6 3 180 1760899299 1760899320 ACCEPT OK", - "ingestionTime": 1760899345032, - "eventId": "39269366587270190122092220773720038958585659558241894402" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899299000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.46.102 10.0.4.186 16878 80 6 3 180 1760899299 1760899320 ACCEPT OK", - "ingestionTime": 1760899345032, - "eventId": "39269366587270190122092220773720038958585659558241894403" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899299000, - "message": "2 211203495394 eni-0c663685d7a12552e 35.203.210.85 10.0.4.186 55174 1502 6 1 44 1760899299 1760899320 ACCEPT OK", - "ingestionTime": 1760899345032, - "eventId": "39269366587270190122092220773720038958585659558241894404" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899299000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.6.212 10.0.4.186 45734 80 6 3 180 1760899299 1760899320 ACCEPT OK", - "ingestionTime": 1760899345032, - "eventId": "39269366587270190122092220773720038958585659558241894405" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899299000, - "message": "2 211203495394 eni-0c663685d7a12552e 35.203.210.123 10.0.4.186 56280 11084 6 1 44 1760899299 1760899320 ACCEPT OK", - "ingestionTime": 1760899345032, - "eventId": "39269366587270190122092220773720038958585659558241894406" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899299000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.157 10.0.4.186 64764 80 6 3 180 1760899299 1760899320 ACCEPT OK", - "ingestionTime": 1760899345032, - "eventId": "39269366587270190122092220773720038958585659558241894407" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899299000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.236 10.0.4.186 49614 80 6 3 180 1760899299 1760899320 ACCEPT OK", - "ingestionTime": 1760899345032, - "eventId": "39269366587270190122092220773720038958585659558241894408" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899299000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.18.2 10.0.4.186 27514 21 6 4 240 1760899299 1760899320 ACCEPT OK", - "ingestionTime": 1760899345032, - "eventId": "39269366587270190122092220773720038958585659558241894409" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899299000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.10.34 10.0.4.186 44044 80 6 3 180 1760899299 1760899320 ACCEPT OK", - "ingestionTime": 1760899345032, - "eventId": "39269366587270190122092220773720038958585659558241894410" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899299000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.10.34 10.0.4.186 41366 80 6 3 180 1760899299 1760899320 ACCEPT OK", - "ingestionTime": 1760899345032, - "eventId": "39269366587270190122092220773720038958585659558241894411" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899299000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.22.186 10.0.4.186 47724 80 6 1 60 1760899299 1760899320 ACCEPT OK", - "ingestionTime": 1760899345032, - "eventId": "39269366587270190122092220773720038958585659558241894412" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899299000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.236 10.0.4.186 56174 80 6 3 180 1760899299 1760899320 ACCEPT OK", - "ingestionTime": 1760899345032, - "eventId": "39269366587270190122092220773720038958585659558241894413" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899299000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.2.130 10.0.4.186 37518 80 6 3 180 1760899299 1760899320 ACCEPT OK", - "ingestionTime": 1760899345032, - "eventId": "39269366587270190122092220773720038958585659558241894414" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899299000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.34.56 10.0.4.186 40154 21 6 1 60 1760899299 1760899320 ACCEPT OK", - "ingestionTime": 1760899345032, - "eventId": "39269366587270190122092220773720038958585659558241894415" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899312000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.174 10.0.4.186 32546 80 6 3 180 1760899312 1760899328 ACCEPT OK", - "ingestionTime": 1760899367580, - "eventId": "39269366877179877702990321640943465721827609125627559936" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899312000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.6.1 10.0.4.186 45958 21 6 4 240 1760899312 1760899328 ACCEPT OK", - "ingestionTime": 1760899367580, - "eventId": "39269366877179877702990321640943465721827609125627559937" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899312000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.50.153 10.0.4.186 59358 80 6 3 180 1760899312 1760899328 ACCEPT OK", - "ingestionTime": 1760899367580, - "eventId": "39269366877179877702990321640943465721827609125627559938" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899312000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.53 10.0.4.186 48134 80 6 3 180 1760899312 1760899328 ACCEPT OK", - "ingestionTime": 1760899367580, - "eventId": "39269366877179877702990321640943465721827609125627559939" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899312000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.223 10.0.4.186 36966 21 6 4 240 1760899312 1760899328 ACCEPT OK", - "ingestionTime": 1760899367580, - "eventId": "39269366877179877702990321640943465721827609125627559940" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899323000, - "message": "2 211203495394 eni-0c663685d7a12552e 13.214.173.166 10.0.4.186 0 0 1 1 28 1760899323 1760899350 ACCEPT OK", - "ingestionTime": 1760899369733, - "eventId": "39269367122488074886827176200439152160092688428093407232" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899323000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.18.159 10.0.4.186 49060 80 6 3 180 1760899323 1760899350 ACCEPT OK", - "ingestionTime": 1760899369733, - "eventId": "39269367122488074886827176200439152160092688428093407233" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899323000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.34.110 10.0.4.186 21004 80 6 3 180 1760899323 1760899350 ACCEPT OK", - "ingestionTime": 1760899369733, - "eventId": "39269367122488074886827176200439152160092688428093407234" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899323000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.236 10.0.4.186 29018 80 6 3 180 1760899323 1760899350 ACCEPT OK", - "ingestionTime": 1760899369733, - "eventId": "39269367122488074886827176200439152160092688428093407235" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899323000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.174 10.0.4.186 15302 80 6 3 180 1760899323 1760899350 ACCEPT OK", - "ingestionTime": 1760899369733, - "eventId": "39269367122488074886827176200439152160092688428093407236" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899323000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.2.130 10.0.4.186 15122 80 6 3 180 1760899323 1760899350 ACCEPT OK", - "ingestionTime": 1760899369733, - "eventId": "39269367122488074886827176200439152160092688428093407237" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899323000, - "message": "2 211203495394 eni-0c663685d7a12552e - - - - - - - 1760899323 1760899350 - SKIPDATA", - "ingestionTime": 1760899369733, - "eventId": "39269367122488074886827176200439152160092688428093407238" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899324000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.34.56 10.0.4.186 52034 21 6 4 240 1760899324 1760899350 ACCEPT OK", - "ingestionTime": 1760899381515, - "eventId": "39269367144788820085357799356217906366988921572040507392" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899324000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.121 10.0.4.186 28464 80 6 3 180 1760899324 1760899350 ACCEPT OK", - "ingestionTime": 1760899381515, - "eventId": "39269367144788820085357799356217906366988921572040507393" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899324000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.34.56 10.0.4.186 61844 21 6 2 120 1760899324 1760899350 ACCEPT OK", - "ingestionTime": 1760899381515, - "eventId": "39269367144788820085357799356217906366988921572040507394" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899324000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.50.103 10.0.4.186 37012 21 6 4 240 1760899324 1760899350 ACCEPT OK", - "ingestionTime": 1760899381515, - "eventId": "39269367144788820085357799356217906366988921572040507395" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899324000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.10.34 10.0.4.186 65418 80 6 3 180 1760899324 1760899350 ACCEPT OK", - "ingestionTime": 1760899381515, - "eventId": "39269367144788820085357799356217906366988921572040507396" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899324000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.50.153 10.0.4.186 27682 80 6 3 180 1760899324 1760899350 ACCEPT OK", - "ingestionTime": 1760899381515, - "eventId": "39269367144788820085357799356217906366988921572040507397" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899324000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.38.30 10.0.4.186 45390 21 6 4 240 1760899324 1760899350 ACCEPT OK", - "ingestionTime": 1760899381515, - "eventId": "39269367144788820085357799356217906366988921572040507398" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899324000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 50814 80 6 3 180 1760899324 1760899350 ACCEPT OK", - "ingestionTime": 1760899381515, - "eventId": "39269367144788820085357799356217906366988921572040507399" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899324000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 41210 80 6 3 180 1760899324 1760899350 ACCEPT OK", - "ingestionTime": 1760899381515, - "eventId": "39269367144788820085357799356217906366988921572040507400" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899324000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 38070 80 6 3 180 1760899324 1760899350 ACCEPT OK", - "ingestionTime": 1760899381515, - "eventId": "39269367144788820085357799356217906366988921572040507401" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899324000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.18.159 10.0.4.186 9706 80 6 3 180 1760899324 1760899350 ACCEPT OK", - "ingestionTime": 1760899381515, - "eventId": "39269367144788820085357799356217906366988921572040507402" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899325000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.6.212 10.0.4.186 50430 80 6 3 180 1760899325 1760899343 ACCEPT OK", - "ingestionTime": 1760899376838, - "eventId": "39269367167089565283888422492099880415774954362776715264" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899325000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.42.79 10.0.4.186 18182 21 6 4 240 1760899325 1760899343 ACCEPT OK", - "ingestionTime": 1760899376838, - "eventId": "39269367167089565283888422492099880415774954362776715265" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899325000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.22.186 10.0.4.186 47948 80 6 3 180 1760899325 1760899343 ACCEPT OK", - "ingestionTime": 1760899376838, - "eventId": "39269367167089565283888422492099880415774954362776715266" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899325000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 34372 80 6 1 60 1760899325 1760899343 ACCEPT OK", - "ingestionTime": 1760899376838, - "eventId": "39269367167089565283888422492099880415774954362776715267" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899325000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.18.159 10.0.4.186 26294 80 6 3 180 1760899325 1760899343 ACCEPT OK", - "ingestionTime": 1760899376838, - "eventId": "39269367167089565283888422492099880415774954362776715268" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899325000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.18.159 10.0.4.186 11968 80 6 3 180 1760899325 1760899343 ACCEPT OK", - "ingestionTime": 1760899376838, - "eventId": "39269367167089565283888422492099880415774954362776715269" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899325000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.46.102 10.0.4.186 28368 80 6 3 180 1760899325 1760899343 ACCEPT OK", - "ingestionTime": 1760899376838, - "eventId": "39269367167089565283888422492099880415774954362776715270" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899325000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.38.48 10.0.4.186 19342 80 6 3 180 1760899325 1760899343 ACCEPT OK", - "ingestionTime": 1760899376838, - "eventId": "39269367167089565283888422492099880415774954362776715271" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899325000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.18.2 10.0.4.186 29372 21 6 4 240 1760899325 1760899343 ACCEPT OK", - "ingestionTime": 1760899376838, - "eventId": "39269367167089565283888422492099880415774954362776715272" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899325000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 46546 80 6 3 180 1760899325 1760899343 ACCEPT OK", - "ingestionTime": 1760899376838, - "eventId": "39269367167089565283888422492099880415774954362776715273" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899325000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.50.153 10.0.4.186 23346 80 6 3 180 1760899325 1760899343 ACCEPT OK", - "ingestionTime": 1760899376838, - "eventId": "39269367167089565283888422492099880415774954362776715274" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899327000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.121 10.0.4.186 58710 80 6 3 180 1760899327 1760899355 ACCEPT OK", - "ingestionTime": 1760899377777, - "eventId": "39269367211691055680949668776306210749227841375661588480" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899327000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.223 10.0.4.186 44376 21 6 4 240 1760899327 1760899355 ACCEPT OK", - "ingestionTime": 1760899377777, - "eventId": "39269367211691055680949668776306210749227841375661588481" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899327000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.2.130 10.0.4.186 50536 80 6 1 60 1760899327 1760899355 ACCEPT OK", - "ingestionTime": 1760899377777, - "eventId": "39269367211691055680949668776306210749227841375661588482" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899327000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.236 10.0.4.186 57464 80 6 3 180 1760899327 1760899355 ACCEPT OK", - "ingestionTime": 1760899377777, - "eventId": "39269367211691055680949668776306210749227841375661588483" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899327000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.50.103 10.0.4.186 23402 21 6 4 240 1760899327 1760899355 ACCEPT OK", - "ingestionTime": 1760899377777, - "eventId": "39269367211691055680949668776306210749227841375661588484" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899327000, - "message": "2 211203495394 eni-0c663685d7a12552e 162.216.150.86 10.0.4.186 55131 57357 6 1 44 1760899327 1760899355 ACCEPT OK", - "ingestionTime": 1760899377777, - "eventId": "39269367211691055680949668776306210749227841375661588485" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899327000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.34.110 10.0.4.186 53474 80 6 3 180 1760899327 1760899355 ACCEPT OK", - "ingestionTime": 1760899377777, - "eventId": "39269367211691055680949668776306210749227841375661588486" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899327000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.46.102 10.0.4.186 56830 80 6 3 180 1760899327 1760899355 ACCEPT OK", - "ingestionTime": 1760899377777, - "eventId": "39269367211691055680949668776306210749227841375661588487" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899327000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.100 10.0.4.186 20716 21 6 4 240 1760899327 1760899355 ACCEPT OK", - "ingestionTime": 1760899377777, - "eventId": "39269367211691055680949668776306210749227841375661588488" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899327000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.18.2 10.0.4.186 21308 21 6 4 240 1760899327 1760899355 ACCEPT OK", - "ingestionTime": 1760899377777, - "eventId": "39269367211691055680949668776306210749227841375661588489" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899327000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.22.145 10.0.4.186 64576 21 6 1 60 1760899327 1760899355 ACCEPT OK", - "ingestionTime": 1760899377777, - "eventId": "39269367211691055680949668776306210749227841375661588490" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899327000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.53 10.0.4.186 54428 80 6 3 180 1760899327 1760899355 ACCEPT OK", - "ingestionTime": 1760899377777, - "eventId": "39269367211691055680949668776306210749227841375661588491" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899327000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.22.186 10.0.4.186 56326 80 6 3 180 1760899327 1760899355 ACCEPT OK", - "ingestionTime": 1760899377777, - "eventId": "39269367211691055680949668776306210749227841375661588492" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899327000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 11346 80 6 1 60 1760899327 1760899355 ACCEPT OK", - "ingestionTime": 1760899377777, - "eventId": "39269367211691055680949668776306210749227841375661588493" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899327000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.38.48 10.0.4.186 54058 80 6 3 180 1760899327 1760899355 ACCEPT OK", - "ingestionTime": 1760899377777, - "eventId": "39269367211691055680949668776306210749227841375661588494" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899331000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.174 10.0.4.186 28496 80 6 1 60 1760899331 1760899360 ACCEPT OK", - "ingestionTime": 1760899382740, - "eventId": "39269367300894036475072161348448949631126678245174607872" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899331000, - "message": "2 211203495394 eni-0c663685d7a12552e 87.120.191.93 10.0.4.186 51632 80 6 1 40 1760899331 1760899360 ACCEPT OK", - "ingestionTime": 1760899382740, - "eventId": "39269367300894036475072161348448949631126678245174607873" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899331000, - "message": "2 211203495394 eni-0c663685d7a12552e 41.59.173.249 10.0.4.186 44087 23 6 1 60 1760899331 1760899360 ACCEPT OK", - "ingestionTime": 1760899382740, - "eventId": "39269367300894036475072161348448949631126678245174607874" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899331000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.174 10.0.4.186 39996 80 6 3 180 1760899331 1760899360 ACCEPT OK", - "ingestionTime": 1760899382740, - "eventId": "39269367300894036475072161348448949631126678245174607875" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899331000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.157 10.0.4.186 59438 80 6 3 180 1760899331 1760899360 ACCEPT OK", - "ingestionTime": 1760899382740, - "eventId": "39269367300894036475072161348448949631126678245174607876" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899331000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.6.212 10.0.4.186 61964 80 6 3 180 1760899331 1760899360 ACCEPT OK", - "ingestionTime": 1760899382740, - "eventId": "39269367300894036475072161348448949631126678245174607877" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899331000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.9 10.0.4.186 15392 21 6 4 240 1760899331 1760899360 ACCEPT OK", - "ingestionTime": 1760899382740, - "eventId": "39269367300894036475072161348448949631126678245174607878" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899331000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.10.12 10.0.4.186 11790 21 6 4 240 1760899331 1760899360 ACCEPT OK", - "ingestionTime": 1760899382740, - "eventId": "39269367300894036475072161348448949631126678245174607879" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899331000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.22.186 10.0.4.186 37404 80 6 3 180 1760899331 1760899360 ACCEPT OK", - "ingestionTime": 1760899382740, - "eventId": "39269367300894036475072161348448949631126678245174607880" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899331000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.65 10.0.4.186 46602 21 6 4 240 1760899331 1760899360 ACCEPT OK", - "ingestionTime": 1760899382740, - "eventId": "39269367300894036475072161348448949631126678245174607881" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899352000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.22.186 10.0.4.186 25578 80 6 3 180 1760899352 1760899374 ACCEPT OK", - "ingestionTime": 1760899408802, - "eventId": "39269367769209685644215247352206373185917490583177330688" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899352000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.10.34 10.0.4.186 49716 80 6 3 180 1760899352 1760899374 ACCEPT OK", - "ingestionTime": 1760899408802, - "eventId": "39269367769209685644215247352206373185917490583177330689" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899352000, - "message": "2 211203495394 eni-0c663685d7a12552e - - - - - - - 1760899352 1760899374 - SKIPDATA", - "ingestionTime": 1760899408802, - "eventId": "39269367769209685644215247352206373185917490583177330690" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899354000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.18.159 10.0.4.186 47440 80 6 3 180 1760899354 1760899378 ACCEPT OK", - "ingestionTime": 1760899412440, - "eventId": "39269367813811176041276493639675932908351685245456547840" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899354000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 12744 21 6 4 240 1760899354 1760899378 ACCEPT OK", - "ingestionTime": 1760899412440, - "eventId": "39269367813811176041276493639675932908351685245456547841" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899354000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.121 10.0.4.186 19934 80 6 3 180 1760899354 1760899378 ACCEPT OK", - "ingestionTime": 1760899412440, - "eventId": "39269367813811176041276493639675932908351685245456547842" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899354000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.50.153 10.0.4.186 55776 80 6 3 180 1760899354 1760899378 ACCEPT OK", - "ingestionTime": 1760899412440, - "eventId": "39269367813811176041276493639675932908351685245456547843" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899354000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.121 10.0.4.186 18552 80 6 1 60 1760899354 1760899379 ACCEPT OK", - "ingestionTime": 1760899412903, - "eventId": "39269367813811176041276493640235400035658293895875198976" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899354000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.121 10.0.4.186 22126 80 6 3 180 1760899354 1760899379 ACCEPT OK", - "ingestionTime": 1760899412903, - "eventId": "39269367813811176041276493640235400035658293895875198977" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899354000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.22.186 10.0.4.186 10576 80 6 3 180 1760899354 1760899379 ACCEPT OK", - "ingestionTime": 1760899412903, - "eventId": "39269367813811176041276493640235400035658293895875198978" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899354000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.42.79 10.0.4.186 24392 80 6 3 180 1760899354 1760899379 ACCEPT OK", - "ingestionTime": 1760899412903, - "eventId": "39269367813811176041276493640235400035658293895875198979" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899354000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.174 10.0.4.186 33602 80 6 3 180 1760899354 1760899379 ACCEPT OK", - "ingestionTime": 1760899412903, - "eventId": "39269367813811176041276493640235400035658293895875198980" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899354000, - "message": "2 211203495394 eni-0c663685d7a12552e 92.63.197.66 10.0.4.186 8080 6224 6 1 40 1760899354 1760899379 ACCEPT OK", - "ingestionTime": 1760899412903, - "eventId": "39269367813811176041276493640235400035658293895875198981" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899354000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.6.212 10.0.4.186 18116 80 6 3 180 1760899354 1760899379 ACCEPT OK", - "ingestionTime": 1760899412903, - "eventId": "39269367813811176041276493640235400035658293895875198982" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899354000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.46.102 10.0.4.186 35388 80 6 3 180 1760899354 1760899379 ACCEPT OK", - "ingestionTime": 1760899412903, - "eventId": "39269367813811176041276493640235400035658293895875198983" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899354000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.38.30 10.0.4.186 43842 21 6 4 240 1760899354 1760899379 ACCEPT OK", - "ingestionTime": 1760899412903, - "eventId": "39269367813811176041276493640235400035658293895875198984" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899354000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.50.153 10.0.4.186 27478 80 6 3 180 1760899354 1760899379 ACCEPT OK", - "ingestionTime": 1760899412903, - "eventId": "39269367813811176041276493640235400035658293895875198985" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899358000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.10.34 10.0.4.186 37470 80 6 3 180 1760899358 1760899384 ACCEPT OK", - "ingestionTime": 1760899408496, - "eventId": "39269367903014156835398986201050591227621666028279234560" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899358000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.42.79 10.0.4.186 59854 80 6 3 180 1760899358 1760899384 ACCEPT OK", - "ingestionTime": 1760899408496, - "eventId": "39269367903014156835398986201050591227621666028279234561" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899358000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.53 10.0.4.186 35168 80 6 3 180 1760899358 1760899384 ACCEPT OK", - "ingestionTime": 1760899408496, - "eventId": "39269367903014156835398986201050591227621666028279234562" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899358000, - "message": "2 211203495394 eni-0c663685d7a12552e 91.196.152.225 10.0.4.186 48508 14430 6 1 60 1760899358 1760899384 ACCEPT OK", - "ingestionTime": 1760899408496, - "eventId": "39269367903014156835398986201050591227621666028279234563" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899358000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.126 10.0.4.186 52196 21 6 4 240 1760899358 1760899384 ACCEPT OK", - "ingestionTime": 1760899408496, - "eventId": "39269367903014156835398986201050591227621666028279234564" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899358000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.42.79 10.0.4.186 37160 21 6 4 240 1760899358 1760899384 ACCEPT OK", - "ingestionTime": 1760899408496, - "eventId": "39269367903014156835398986201050591227621666028279234565" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899358000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.236 10.0.4.186 48292 80 6 3 180 1760899358 1760899384 ACCEPT OK", - "ingestionTime": 1760899408496, - "eventId": "39269367903014156835398986201050591227621666028279234566" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899358000, - "message": "2 211203495394 eni-0c663685d7a12552e 35.203.210.253 10.0.4.186 54329 9606 6 1 44 1760899358 1760899384 ACCEPT OK", - "ingestionTime": 1760899408496, - "eventId": "39269367903014156835398986201050591227621666028279234567" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899358000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.18.159 10.0.4.186 55998 80 6 3 180 1760899358 1760899384 ACCEPT OK", - "ingestionTime": 1760899408496, - "eventId": "39269367903014156835398986201050591227621666028279234568" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899358000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.18.159 10.0.4.186 13248 80 6 3 180 1760899358 1760899384 ACCEPT OK", - "ingestionTime": 1760899408496, - "eventId": "39269367903014156835398986201050591227621666028279234569" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899358000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.22.186 10.0.4.186 27354 80 6 3 180 1760899358 1760899384 ACCEPT OK", - "ingestionTime": 1760899408496, - "eventId": "39269367903014156835398986201050591227621666028279234570" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899358000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.22.186 10.0.4.186 18188 80 6 2 120 1760899358 1760899384 ACCEPT OK", - "ingestionTime": 1760899408496, - "eventId": "39269367903014156835398986201050591227621666028279234571" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899358000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.42.79 10.0.4.186 15930 80 6 3 180 1760899358 1760899384 ACCEPT OK", - "ingestionTime": 1760899408496, - "eventId": "39269367903014156835398986201050591227621666028279234572" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899363000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.157 10.0.4.186 14392 80 6 3 180 1760899363 1760899388 ACCEPT OK", - "ingestionTime": 1760899420016, - "eventId": "39269368014517882828052101922655979963925164507745746944" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899363000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.10.12 10.0.4.186 16508 21 6 3 180 1760899363 1760899388 ACCEPT OK", - "ingestionTime": 1760899420016, - "eventId": "39269368014517882828052101922655979963925164507745746945" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899363000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.22.145 10.0.4.186 45642 21 6 4 240 1760899363 1760899388 ACCEPT OK", - "ingestionTime": 1760899420016, - "eventId": "39269368014517882828052101922655979963925164507745746946" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899363000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.174 10.0.4.186 65378 80 6 3 180 1760899363 1760899388 ACCEPT OK", - "ingestionTime": 1760899420016, - "eventId": "39269368014517882828052101922655979963925164507745746947" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899363000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.126 10.0.4.186 48818 21 6 4 240 1760899363 1760899388 ACCEPT OK", - "ingestionTime": 1760899420016, - "eventId": "39269368014517882828052101922655979963925164507745746948" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899363000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.50.103 10.0.4.186 57706 21 6 4 240 1760899363 1760899388 ACCEPT OK", - "ingestionTime": 1760899420016, - "eventId": "39269368014517882828052101922655979963925164507745746949" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899363000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.65 10.0.4.186 11464 21 6 4 240 1760899363 1760899388 ACCEPT OK", - "ingestionTime": 1760899420016, - "eventId": "39269368014517882828052101922655979963925164507745746950" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899363000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.100 10.0.4.186 34208 21 6 4 240 1760899363 1760899388 ACCEPT OK", - "ingestionTime": 1760899420016, - "eventId": "39269368014517882828052101922655979963925164507745746951" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899363000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.46.102 10.0.4.186 31380 80 6 3 180 1760899363 1760899388 ACCEPT OK", - "ingestionTime": 1760899420016, - "eventId": "39269368014517882828052101922655979963925164507745746952" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899363000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.157 10.0.4.186 18816 80 6 3 180 1760899363 1760899388 ACCEPT OK", - "ingestionTime": 1760899420016, - "eventId": "39269368014517882828052101922655979963925164507745746953" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899382000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.2.31 10.0.4.186 36286 21 6 4 240 1760899382 1760899406 ACCEPT OK", - "ingestionTime": 1760899428549, - "eventId": "39269368438232041600133941622150274088155816644489117696" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899382000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.2.130 10.0.4.186 25478 80 6 3 180 1760899382 1760899406 ACCEPT OK", - "ingestionTime": 1760899428549, - "eventId": "39269368438232041600133941622150274088155816644489117697" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899382000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.46.163 10.0.4.186 29340 21 6 4 240 1760899382 1760899406 ACCEPT OK", - "ingestionTime": 1760899428549, - "eventId": "39269368438232041600133941622150274088155816644489117698" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899382000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.53 10.0.4.186 53794 80 6 3 180 1760899382 1760899406 ACCEPT OK", - "ingestionTime": 1760899428549, - "eventId": "39269368438232041600133941622150274088155816644489117699" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899382000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 42022 80 6 3 180 1760899382 1760899406 ACCEPT OK", - "ingestionTime": 1760899428549, - "eventId": "39269368438232041600133941622150274088155816644489117700" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899382000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.42.79 10.0.4.186 13670 21 6 3 180 1760899382 1760899406 ACCEPT OK", - "ingestionTime": 1760899428549, - "eventId": "39269368438232041600133941622150274088155816644489117701" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899382000, - "message": "2 211203495394 eni-0c663685d7a12552e - - - - - - - 1760899382 1760899406 - SKIPDATA", - "ingestionTime": 1760899428549, - "eventId": "39269368438232041600133941622150274088155816644489117702" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899383000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.22.145 10.0.4.186 37698 21 6 4 240 1760899383 1760899410 ACCEPT OK", - "ingestionTime": 1760899435363, - "eventId": "39269368460532786798664564771924077711599893038972338176" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899383000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.100 10.0.4.186 63386 21 6 4 240 1760899383 1760899410 ACCEPT OK", - "ingestionTime": 1760899435363, - "eventId": "39269368460532786798664564771924077711599893038972338177" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899383000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.6.1 10.0.4.186 24506 21 6 4 240 1760899383 1760899410 ACCEPT OK", - "ingestionTime": 1760899435363, - "eventId": "39269368460532786798664564771924077711599893038972338178" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899383000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.34.56 10.0.4.186 13550 21 6 4 240 1760899383 1760899410 ACCEPT OK", - "ingestionTime": 1760899435363, - "eventId": "39269368460532786798664564771924077711599893038972338179" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899383000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.50.153 10.0.4.186 61784 80 6 3 180 1760899383 1760899410 ACCEPT OK", - "ingestionTime": 1760899435363, - "eventId": "39269368460532786798664564771924077711599893038972338180" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899383000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.42.79 10.0.4.186 31186 80 6 3 180 1760899383 1760899410 ACCEPT OK", - "ingestionTime": 1760899435363, - "eventId": "39269368460532786798664564771924077711599893038972338181" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899383000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.34.56 10.0.4.186 61844 21 6 2 120 1760899383 1760899410 ACCEPT OK", - "ingestionTime": 1760899435363, - "eventId": "39269368460532786798664564771924077711599893038972338182" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899383000, - "message": "2 211203495394 eni-0c663685d7a12552e 147.185.132.26 10.0.4.186 56968 9530 6 1 44 1760899383 1760899410 ACCEPT OK", - "ingestionTime": 1760899435363, - "eventId": "39269368460532786798664564771924077711599893038972338183" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899383000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.100 10.0.4.186 44220 21 6 2 120 1760899383 1760899410 ACCEPT OK", - "ingestionTime": 1760899435363, - "eventId": "39269368460532786798664564771924077711599893038972338184" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899383000, - "message": "2 211203495394 eni-0c663685d7a12552e 162.216.150.181 10.0.4.186 49778 9108 6 1 44 1760899383 1760899410 ACCEPT OK", - "ingestionTime": 1760899435363, - "eventId": "39269368460532786798664564771924077711599893038972338185" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899383000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.174 10.0.4.186 21902 80 6 3 180 1760899383 1760899410 ACCEPT OK", - "ingestionTime": 1760899435363, - "eventId": "39269368460532786798664564771924077711599893038972338186" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899383000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.65 10.0.4.186 61022 21 6 4 240 1760899383 1760899410 ACCEPT OK", - "ingestionTime": 1760899435363, - "eventId": "39269368460532786798664564771924077711599893038972338187" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899387000, - "message": "2 211203495394 eni-0c663685d7a12552e 40.124.175.174 10.0.4.186 48441 993 6 1 52 1760899387 1760899410 ACCEPT OK", - "ingestionTime": 1760899431153, - "eventId": "39269368549735767592787057332977025247197197492447477760" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899387000, - "message": "2 211203495394 eni-0c663685d7a12552e 147.185.132.182 10.0.4.186 54893 7706 6 1 44 1760899387 1760899410 ACCEPT OK", - "ingestionTime": 1760899431153, - "eventId": "39269368549735767592787057332977025247197197492447477761" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899387000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.6.212 10.0.4.186 54974 80 6 3 180 1760899387 1760899410 ACCEPT OK", - "ingestionTime": 1760899431153, - "eventId": "39269368549735767592787057332977025247197197492447477762" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899387000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.126 10.0.4.186 44314 21 6 4 240 1760899387 1760899410 ACCEPT OK", - "ingestionTime": 1760899431153, - "eventId": "39269368549735767592787057332977025247197197492447477763" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899387000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.18.159 10.0.4.186 19256 80 6 3 180 1760899387 1760899410 ACCEPT OK", - "ingestionTime": 1760899431153, - "eventId": "39269368549735767592787057332977025247197197492447477764" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899387000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.236 10.0.4.186 45020 80 6 2 120 1760899387 1760899416 ACCEPT OK", - "ingestionTime": 1760899434149, - "eventId": "39269368549735767592787057336599182057567182487830134784" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899387000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.2.31 10.0.4.186 30032 21 6 4 240 1760899387 1760899416 ACCEPT OK", - "ingestionTime": 1760899434149, - "eventId": "39269368549735767592787057336599182057567182487830134785" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899387000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.46.163 10.0.4.186 63082 21 6 4 240 1760899387 1760899416 ACCEPT OK", - "ingestionTime": 1760899434149, - "eventId": "39269368549735767592787057336599182057567182487830134786" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899387000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.38.48 10.0.4.186 36934 80 6 3 180 1760899387 1760899416 ACCEPT OK", - "ingestionTime": 1760899434149, - "eventId": "39269368549735767592787057336599182057567182487830134787" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899387000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.10.34 10.0.4.186 62370 80 6 3 180 1760899387 1760899416 ACCEPT OK", - "ingestionTime": 1760899434149, - "eventId": "39269368549735767592787057336599182057567182487830134788" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899387000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.157 10.0.4.186 13408 80 6 3 180 1760899387 1760899416 ACCEPT OK", - "ingestionTime": 1760899434149, - "eventId": "39269368549735767592787057336599182057567182487830134789" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899387000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.2.130 10.0.4.186 21982 80 6 3 180 1760899387 1760899416 ACCEPT OK", - "ingestionTime": 1760899434149, - "eventId": "39269368549735767592787057336599182057567182487830134790" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899387000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 11346 80 6 2 120 1760899387 1760899416 ACCEPT OK", - "ingestionTime": 1760899434149, - "eventId": "39269368549735767592787057336599182057567182487830134791" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899387000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 32590 80 6 3 180 1760899387 1760899416 ACCEPT OK", - "ingestionTime": 1760899434149, - "eventId": "39269368549735767592787057336599182057567182487830134792" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899394000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.42.79 10.0.4.186 42266 80 6 3 180 1760899394 1760899421 ACCEPT OK", - "ingestionTime": 1760899455104, - "eventId": "39269368705840983982501419352682204274414774293099839488" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899394000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.42.79 10.0.4.186 54384 80 6 3 180 1760899394 1760899421 ACCEPT OK", - "ingestionTime": 1760899455104, - "eventId": "39269368705840983982501419352682204274414774293099839489" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899394000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.157 10.0.4.186 37458 80 6 3 180 1760899394 1760899421 ACCEPT OK", - "ingestionTime": 1760899455104, - "eventId": "39269368705840983982501419352682204274414774293099839490" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899394000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.53 10.0.4.186 39936 80 6 3 180 1760899394 1760899421 ACCEPT OK", - "ingestionTime": 1760899455104, - "eventId": "39269368705840983982501419352682204274414774293099839491" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899394000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.38.48 10.0.4.186 24968 80 6 3 180 1760899394 1760899421 ACCEPT OK", - "ingestionTime": 1760899455104, - "eventId": "39269368705840983982501419352682204274414774293099839492" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899394000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 63412 80 6 3 180 1760899394 1760899421 ACCEPT OK", - "ingestionTime": 1760899455104, - "eventId": "39269368705840983982501419352682204274414774293099839493" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899394000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.6.212 10.0.4.186 34598 80 6 3 180 1760899394 1760899421 ACCEPT OK", - "ingestionTime": 1760899455104, - "eventId": "39269368705840983982501419352682204274414774293099839494" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899394000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.53 10.0.4.186 48400 80 6 3 180 1760899394 1760899421 ACCEPT OK", - "ingestionTime": 1760899455104, - "eventId": "39269368705840983982501419352682204274414774293099839495" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899394000, - "message": "2 211203495394 eni-0c663685d7a12552e 205.210.31.140 10.0.4.186 50762 1443 6 1 44 1760899394 1760899421 ACCEPT OK", - "ingestionTime": 1760899455104, - "eventId": "39269368705840983982501419352682204274414774293099839496" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899394000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.236 10.0.4.186 13368 80 6 3 180 1760899394 1760899421 ACCEPT OK", - "ingestionTime": 1760899455104, - "eventId": "39269368705840983982501419352682204274414774293099839497" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899394000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.2.130 10.0.4.186 15050 80 6 3 180 1760899394 1760899421 ACCEPT OK", - "ingestionTime": 1760899455104, - "eventId": "39269368705840983982501419352682204274414774293099839498" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899394000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.157 10.0.4.186 26108 80 6 3 180 1760899394 1760899421 ACCEPT OK", - "ingestionTime": 1760899455104, - "eventId": "39269368705840983982501419352682204274414774293099839499" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899394000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.22.145 10.0.4.186 45052 21 6 4 240 1760899394 1760899421 ACCEPT OK", - "ingestionTime": 1760899455104, - "eventId": "39269368705840983982501419352682204274414774293099839500" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899414000, - "message": "2 211203495394 eni-0c663685d7a12552e 95.214.53.196 10.0.4.186 40742 16379 6 1 40 1760899414 1760899437 ACCEPT OK", - "ingestionTime": 1760899458154, - "eventId": "39269369151855887953113882187083579791881746227358859264" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899414000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 48250 80 6 3 180 1760899414 1760899437 ACCEPT OK", - "ingestionTime": 1760899458154, - "eventId": "39269369151855887953113882187083579791881746227358859265" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899414000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.34.110 10.0.4.186 63068 80 6 1 60 1760899414 1760899437 ACCEPT OK", - "ingestionTime": 1760899458154, - "eventId": "39269369151855887953113882187083579791881746227358859266" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899414000, - "message": "2 211203495394 eni-0c663685d7a12552e - - - - - - - 1760899414 1760899437 - SKIPDATA", - "ingestionTime": 1760899458154, - "eventId": "39269369151855887953113882187083579791881746227358859267" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899414000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.38.30 10.0.4.186 15034 21 6 4 240 1760899414 1760899438 ACCEPT OK", - "ingestionTime": 1760899467683, - "eventId": "39269369151855887953113882198603628849459116683788746752" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899414000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.10.34 10.0.4.186 20028 80 6 3 180 1760899414 1760899438 ACCEPT OK", - "ingestionTime": 1760899467683, - "eventId": "39269369151855887953113882198603628849459116683788746753" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899414000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.53 10.0.4.186 16406 80 6 3 180 1760899414 1760899438 ACCEPT OK", - "ingestionTime": 1760899467683, - "eventId": "39269369151855887953113882198603628849459116683788746754" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899414000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.2.31 10.0.4.186 24550 21 6 4 240 1760899414 1760899438 ACCEPT OK", - "ingestionTime": 1760899467683, - "eventId": "39269369151855887953113882198603628849459116683788746755" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899414000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.42.79 10.0.4.186 62060 21 6 3 180 1760899414 1760899438 ACCEPT OK", - "ingestionTime": 1760899467683, - "eventId": "39269369151855887953113882198603628849459116683788746756" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899414000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.121 10.0.4.186 60596 80 6 3 180 1760899414 1760899438 ACCEPT OK", - "ingestionTime": 1760899467683, - "eventId": "39269369151855887953113882198603628849459116683788746757" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899414000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.34.110 10.0.4.186 35718 80 6 3 180 1760899414 1760899438 ACCEPT OK", - "ingestionTime": 1760899467683, - "eventId": "39269369151855887953113882198603628849459116683788746758" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899414000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.9 10.0.4.186 16994 21 6 3 180 1760899414 1760899438 ACCEPT OK", - "ingestionTime": 1760899467683, - "eventId": "39269369151855887953113882198603628849459116683788746759" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899414000, - "message": "2 211203495394 eni-0c663685d7a12552e 47.74.55.112 10.0.4.186 57188 12320 6 1 52 1760899414 1760899438 ACCEPT OK", - "ingestionTime": 1760899467683, - "eventId": "39269369151855887953113882198603628849459116683788746760" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899414000, - "message": "2 211203495394 eni-0c663685d7a12552e 162.216.150.55 10.0.4.186 51355 34473 6 1 44 1760899414 1760899438 ACCEPT OK", - "ingestionTime": 1760899467683, - "eventId": "39269369151855887953113882198603628849459116683788746761" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899414000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 16338 80 6 3 180 1760899414 1760899438 ACCEPT OK", - "ingestionTime": 1760899467683, - "eventId": "39269369151855887953113882198603628849459116683788746762" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899414000, - "message": "2 211203495394 eni-0c663685d7a12552e 162.216.149.61 10.0.4.186 55176 49010 6 1 44 1760899414 1760899438 ACCEPT OK", - "ingestionTime": 1760899467683, - "eventId": "39269369151855887953113882198603628849459116683788746763" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899415000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.50.153 10.0.4.186 33922 80 6 3 180 1760899415 1760899441 ACCEPT OK", - "ingestionTime": 1760899465450, - "eventId": "39269369174156633151644505337439453974580325074051334144" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899415000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.38.48 10.0.4.186 38080 80 6 3 180 1760899415 1760899441 ACCEPT OK", - "ingestionTime": 1760899465450, - "eventId": "39269369174156633151644505337439453974580325074051334145" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899415000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.53 10.0.4.186 47416 80 6 3 180 1760899415 1760899441 ACCEPT OK", - "ingestionTime": 1760899465450, - "eventId": "39269369174156633151644505337439453974580325074051334146" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899415000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.46.102 10.0.4.186 30120 80 6 3 180 1760899415 1760899441 ACCEPT OK", - "ingestionTime": 1760899465450, - "eventId": "39269369174156633151644505337439453974580325074051334147" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899415000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.34.110 10.0.4.186 61568 80 6 3 180 1760899415 1760899441 ACCEPT OK", - "ingestionTime": 1760899465450, - "eventId": "39269369174156633151644505337439453974580325074051334148" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899415000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.6.212 10.0.4.186 38820 80 6 3 180 1760899415 1760899441 ACCEPT OK", - "ingestionTime": 1760899465450, - "eventId": "39269369174156633151644505337439453974580325074051334149" - } - ], - "eni-0b0549e20044315f3-all": [ - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899050000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899050 1760899129 - NODATA", - "ingestionTime": 1760899149148, - "eventId": "39269361034384635687967058294516883796158603200468746240" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899063000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899063 1760899133 - NODATA", - "ingestionTime": 1760899191042, - "eventId": "39269361324294323268865159185128106407086387132881174528" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899065000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899065 1760899140 - NODATA", - "ingestionTime": 1760899158751, - "eventId": "39269361368895813665926405429162124440841377838471249920" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899066000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899066 1760899145 - NODATA", - "ingestionTime": 1760899169059, - "eventId": "39269361391196558864457028583159222796051983380536492032" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899072000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899072 1760899154 - NODATA", - "ingestionTime": 1760899183447, - "eventId": "39269361525001030055640767449767568231817834522370572288" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899083000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899083 1760899163 - NODATA", - "ingestionTime": 1760899191130, - "eventId": "39269361770309227239477622015948951614231990473462448128" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899095000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899095 1760899177 - NODATA", - "ingestionTime": 1760899203123, - "eventId": "39269362037918169621845099728876158476315828073130033152" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899096000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899096 1760899173 - NODATA", - "ingestionTime": 1760899191541, - "eventId": "39269362060218914820375722856410123339823436258297708544" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899110000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899110 1760899188 - NODATA", - "ingestionTime": 1760899209964, - "eventId": "39269362372429347599804446860182095577718871838885019648" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899124000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899124 1760899206 - NODATA", - "ingestionTime": 1760899229535, - "eventId": "39269362684639780379233170865342036892205695946093232128" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899125000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899125 1760899199 - NODATA", - "ingestionTime": 1760899251421, - "eventId": "39269362706940525577763794033336149004260622706450890752" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899126000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899126 1760899200 - NODATA", - "ingestionTime": 1760899220164, - "eventId": "39269362729241270776294417137084416047159533537171668992" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899127000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899127 1760899212 - NODATA", - "ingestionTime": 1760899241060, - "eventId": "39269362751542015974825040303882188022904222112626704384" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899154000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899154 1760899233 - NODATA", - "ingestionTime": 1760899251092, - "eventId": "39269363353662136335151865137474306632162095644831449088" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899154000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899154 1760899237 - NODATA", - "ingestionTime": 1760899265367, - "eventId": "39269363353662136335151865154731662239795841721343803392" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899181000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899181 1760899266 - NODATA", - "ingestionTime": 1760899288254, - "eventId": "39269363955782256695478690003864747195775111898944765952" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899184000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899184 1760899260 - NODATA", - "ingestionTime": 1760899279934, - "eventId": "39269364022684492291070559418413938563523123583808634880" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899191000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899191 1760899257 - NODATA", - "ingestionTime": 1760899310499, - "eventId": "39269364178789708680784921446114574291045297137749393408" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899193000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899193 1760899271 - NODATA", - "ingestionTime": 1760899300873, - "eventId": "39269364223391199077846167717549072416822564465518444544" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899203000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899203 1760899284 - NODATA", - "ingestionTime": 1760899308384, - "eventId": "39269364446398651063152399141986190306426909080998117376" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899213000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899213 1760899293 - NODATA", - "ingestionTime": 1760899313680, - "eventId": "39269364669406103048458630563745762218163735798362669056" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899215000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899215 1760899297 - NODATA", - "ingestionTime": 1760899323453, - "eventId": "39269364714007593445519876858632206622956850636010291200" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899231000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899231 1760899308 - NODATA", - "ingestionTime": 1760899331321, - "eventId": "39269365070819516622009847132715303195827357368140234752" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899245000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899245 1760899320 - NODATA", - "ingestionTime": 1760899339052, - "eventId": "39269365383029949401438571123561746374130011920953245696" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899246000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899246 1760899325 - NODATA", - "ingestionTime": 1760899350892, - "eventId": "39269365405330694599969194279411208772642910370836054016" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899246000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899246 1760899316 - NODATA", - "ingestionTime": 1760899371391, - "eventId": "39269365405330694599969194304192910118520948369194024960" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899248000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899248 1760899335 - NODATA", - "ingestionTime": 1760899363230, - "eventId": "39269365449932184997030440577398219863041560501072035840" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899264000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899264 1760899344 - NODATA", - "ingestionTime": 1760899368928, - "eventId": "39269365806744108173520410848858081852441394865298800640" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899273000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899273 1760899356 - NODATA", - "ingestionTime": 1760899385617, - "eventId": "39269366007450814960296019142855830900426629503072272384" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899275000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899275 1760899352 - NODATA", - "ingestionTime": 1760899371464, - "eventId": "39269366052052305357357265408817078540645514115318808576" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899291000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899291 1760899367 - NODATA", - "ingestionTime": 1760899390402, - "eventId": "39269366408864228533847235696283450762548894208316080128" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899303000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899303 1760899380 - NODATA", - "ingestionTime": 1760899399395, - "eventId": "39269366676473170916214713405583375986398277744453156864" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899307000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899307 1760899384 - NODATA", - "ingestionTime": 1760899410029, - "eventId": "39269366765676151710337205984582080515597986510266630144" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899310000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899310 1760899379 - NODATA", - "ingestionTime": 1760899433219, - "eventId": "39269366832578387305929075437224527699752125344533053440" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899314000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899314 1760899394 - NODATA", - "ingestionTime": 1760899418894, - "eventId": "39269366921781368100051567986049717306332660931861872640" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899322000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899322 1760899403 - NODATA", - "ingestionTime": 1760899428250, - "eventId": "39269367100187329688296553129645846721084489476922867712" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899335000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899335 1760899412 - NODATA", - "ingestionTime": 1760899433229, - "eventId": "39269367390097017269194653975629748732390472004675108864" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899335000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899335 1760899418 - NODATA", - "ingestionTime": 1760899444045, - "eventId": "39269367390097017269194653988704937156474046665124282368" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899351000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899351 1760899426 - NODATA", - "ingestionTime": 1760899450863, - "eventId": "39269367746908940445684624261519183700000033952722321408" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899363000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899363 1760899441 - NODATA", - "ingestionTime": 1760899461247, - "eventId": "39269368014517882828052101972501331045545810129543692288" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899364000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899364 1760899446 - NODATA", - "ingestionTime": 1760899468555, - "eventId": "39269368036818628026582725122871818569149878791262961664" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899367000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899367 1760899437 - NODATA", - "ingestionTime": 1760899492360, - "eventId": "39269368103720863622174594576257299469602032595912818688" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899371000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899371 1760899451 - NODATA", - "ingestionTime": 1760899479465, - "eventId": "39269368192923844416297087126810934162937552827837972480" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899383000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899383 1760899467 - NODATA", - "ingestionTime": 1760899490099, - "eventId": "39269368460532786798664564838095442697030093502723784704" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899394000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899394 1760899478 - NODATA", - "ingestionTime": 1760899502794, - "eventId": "39269368705840983982501419410335527383627721259566039040" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899399000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899399 1760899475 - NODATA", - "ingestionTime": 1760899493057, - "eventId": "39269368817344709975154535106242973873413473154290745344" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899409000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899409 1760899488 - NODATA", - "ingestionTime": 1760899515333, - "eventId": "39269369040352161960460766548530326175156119273020653568" - } - ] - }, - "tags": [] - } - }, - "group": { - "name": "cloudwatch" - }, - "labels": [], - "name": "/aws/vpc-flow-log/vpc-007d791b9b857543e", - "type": "Other", - "uid": "arn:aws:logs:eu-west-1:211203495394:log-group:/aws/vpc-flow-log/vpc-007d791b9b857543e:*" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Associate KMS Key with Cloudwatch log group.", - "references": [ - "https://docs.aws.amazon.com/cli/latest/reference/logs/associate-kms-key.html" - ] - }, - "risk_details": "Using customer managed KMS to encrypt CloudWatch log group provide additional confidentiality and control over the log data.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Log Group /aws/s3/prod-my-secure-s3-bucket-20250423 does have AWS KMS key arn:aws:kms:us-east-1:211203495394:key/78e11b27-598e-4e70-b556-ee62b95a4501 associated.", - "metadata": { - "event_code": "cloudwatch_log_group_kms_encryption_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Log Group /aws/s3/prod-my-secure-s3-bucket-20250423 does have AWS KMS key arn:aws:kms:us-east-1:211203495394:key/78e11b27-598e-4e70-b556-ee62b95a4501 associated.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/cli/latest/reference/logs/associate-kms-key.html", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_3_8", - "3_13_11", - "3_13_16" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_1_3" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_308_a_4_ii_a", - "164_312_a_2_iv", - "164_312_e_2_ii" - ], - "SOC2": [ - "cc_7_3" - ], - "C5-2025": [ - "OIS-04.01AC", - "OIS-08.02B", - "AM-01.01AC", - "OPS-11.02AC", - "OPS-13.03B", - "OPS-14.03B", - "OPS-26.05B", - "OPS-26.01AS", - "OPS-31.01B", - "IAM-07.03B", - "CRY-01.02AC", - "CRY-05.02B", - "CRY-05.01AC", - "PSS-04.01B", - "PSS-04.04B", - "PSS-12.02B" - ], - "NIST-CSF-1.1": [ - "ds_1" - ], - "FedRamp-Moderate-Revision-4": [ - "au-9", - "sc-28" - ], - "NIST-800-53-Revision-5": [ - "au_9_3", - "cp_9_d", - "sc_8_3", - "sc_8_4", - "sc_13_a", - "sc_28_1", - "si_19_4" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "PCI-4.0": [ - "10.3.2.3", - "10.3.3.5", - "10.3.4.4", - "3.5.1.4", - "8.3.2.8", - "A1.2.1.9" - ], - "FedRAMP-Low-Revision-4": [ - "au-9" - ], - "GDPR": [ - "article_32" - ], - "PCI-3.2.1": [ - "3.4", - "3.4.1", - "3.4.1.a", - "3.4.1.c", - "3.4.a", - "3.4.b", - "3.4.d", - "8.2", - "8.2.1", - "8.2.1.a" - ], - "GxP-EU-Annex-11": [ - "7.1-data-storage-damage-protection" - ], - "CCC": [ - "CCC.Monitor.CN04.AR01", - "CCC.Core.CN09.AR03", - "CCC.Core.CN02.AR01", - "CCC.Core.CN04.AR03" - ], - "GxP-21-CFR-Part-11": [ - "11.30" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP02" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.15", - "A.8.16", - "A.8.24" - ], - "NIST-800-53-Revision-4": [ - "au_9", - "sc_28" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1040" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Check if CloudWatch log groups are protected by AWS KMS.", - "title": "Check if CloudWatch log groups are protected by AWS KMS.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-cloudwatch_log_group_kms_encryption_enabled-211203495394-us-east-1-/aws/s3/prod-my-secure-s3-bucket-20250423" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:logs:us-east-1:211203495394:log-group:/aws/s3/prod-my-secure-s3-bucket-20250423:*", - "name": "/aws/s3/prod-my-secure-s3-bucket-20250423", - "retention_days": 30, - "never_expire": false, - "kms_id": "arn:aws:kms:us-east-1:211203495394:key/78e11b27-598e-4e70-b556-ee62b95a4501", - "region": "us-east-1", - "log_streams": {}, - "tags": [] - } - }, - "group": { - "name": "cloudwatch" - }, - "labels": [], - "name": "/aws/s3/prod-my-secure-s3-bucket-20250423", - "type": "Other", - "uid": "arn:aws:logs:us-east-1:211203495394:log-group:/aws/s3/prod-my-secure-s3-bucket-20250423:*" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Associate KMS Key with Cloudwatch log group.", - "references": [ - "https://docs.aws.amazon.com/cli/latest/reference/logs/associate-kms-key.html" - ] - }, - "risk_details": "Using customer managed KMS to encrypt CloudWatch log group provide additional confidentiality and control over the log data.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No secrets found in /aws/rds/cluster/ex-rds/postgresql log group.", - "metadata": { - "event_code": "cloudwatch_log_group_no_secrets_in_logs", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "No secrets found in /aws/rds/cluster/ex-rds/postgresql log group.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html", - "categories": [ - "secrets" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "AM-01.01AC", - "OPS-11.01AC", - "OPS-11.02AC", - "OPS-13.03B", - "OPS-26.05B", - "OPS-26.01AS", - "PSS-04.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "CCC": [ - "CCC.GenAI.CN04.AR01" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1552" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Check if secrets exists in CloudWatch logs", - "title": "Check if secrets exists in CloudWatch logs.", - "types": [ - "Protect", - "Secure development" - ], - "uid": "prowler-aws-cloudwatch_log_group_no_secrets_in_logs-211203495394-eu-west-1-/aws/rds/cluster/ex-rds/postgresql" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:logs:eu-west-1:211203495394:log-group:/aws/rds/cluster/ex-rds/postgresql:*", - "name": "/aws/rds/cluster/ex-rds/postgresql", - "retention_days": 7, - "never_expire": false, - "kms_id": null, - "region": "eu-west-1", - "log_streams": {}, - "tags": [] - } - }, - "group": { - "name": "cloudwatch" - }, - "labels": [], - "name": "/aws/rds/cluster/ex-rds/postgresql", - "type": "Other", - "uid": "arn:aws:logs:eu-west-1:211203495394:log-group:/aws/rds/cluster/ex-rds/postgresql:*" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "It is recommended that sensitive information is not logged to CloudWatch logs. Alternatively, sensitive data may be masked using a protection policy", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/mask-sensitive-log-data.html" - ] - }, - "risk_details": "Storing sensitive data in CloudWatch logs could allow an attacker with read-only access to escalate their privileges or gain unauthorised access to systems.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No secrets found in /aws/vpc-flow-log/vpc-007d791b9b857543e log group.", - "metadata": { - "event_code": "cloudwatch_log_group_no_secrets_in_logs", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "No secrets found in /aws/vpc-flow-log/vpc-007d791b9b857543e log group.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html", - "categories": [ - "secrets" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "AM-01.01AC", - "OPS-11.01AC", - "OPS-11.02AC", - "OPS-13.03B", - "OPS-26.05B", - "OPS-26.01AS", - "PSS-04.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "CCC": [ - "CCC.GenAI.CN04.AR01" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1552" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Check if secrets exists in CloudWatch logs", - "title": "Check if secrets exists in CloudWatch logs.", - "types": [ - "Protect", - "Secure development" - ], - "uid": "prowler-aws-cloudwatch_log_group_no_secrets_in_logs-211203495394-eu-west-1-/aws/vpc-flow-log/vpc-007d791b9b857543e" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:logs:eu-west-1:211203495394:log-group:/aws/vpc-flow-log/vpc-007d791b9b857543e:*", - "name": "/aws/vpc-flow-log/vpc-007d791b9b857543e", - "retention_days": 9999, - "never_expire": true, - "kms_id": null, - "region": "eu-west-1", - "log_streams": { - "eni-0cd4fcd4819d5a0b7-all": [ - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899031000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899031 1760899115 - NODATA", - "ingestionTime": 1760899139926, - "eventId": "39269360610670476915885218594189694963071457059547512832" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899046000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899046 1760899127 - NODATA", - "ingestionTime": 1760899149250, - "eventId": "39269360945181654893844565728497413038571606956274024448" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899064000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899064 1760899142 - NODATA", - "ingestionTime": 1760899171015, - "eventId": "39269361346595068467395782302452507265231831869047177216" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899065000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899065 1760899140 - NODATA", - "ingestionTime": 1760899161481, - "eventId": "39269361368895813665926405432462355128969412946093211648" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899074000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899074 1760899154 - NODATA", - "ingestionTime": 1760899180685, - "eventId": "39269361569602520452702013729500161457508911822151876608" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899087000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899087 1760899164 - NODATA", - "ingestionTime": 1760899188926, - "eventId": "39269361859512208033600114579426962274716549575521730560" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899093000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899093 1760899177 - NODATA", - "ingestionTime": 1760899202942, - "eventId": "39269361993316679224783853445585976414341769780327874560" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899096000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899096 1760899173 - NODATA", - "ingestionTime": 1760899189534, - "eventId": "39269362060218914820375722853983829530393030289362518016" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899107000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899107 1760899183 - NODATA", - "ingestionTime": 1760899208282, - "eventId": "39269362305527112004212577433541251354104638611981205504" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899120000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899120 1760899194 - NODATA", - "ingestionTime": 1760899249444, - "eventId": "39269362595436799585110678323267367353868490709992013824" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899124000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899124 1760899204 - NODATA", - "ingestionTime": 1760899231189, - "eventId": "39269362684639780379233170867341403349163730796893896704" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899145000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899145 1760899226 - NODATA", - "ingestionTime": 1760899248783, - "eventId": "39269363152955429548376256860861233320174442224344956928" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899153000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899153 1760899239 - NODATA", - "ingestionTime": 1760899262856, - "eventId": "39269363331361391136621242010160382151535307798841524224" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899156000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899156 1760899233 - NODATA", - "ingestionTime": 1760899251214, - "eventId": "39269363398263626732213111420693427286550341112125521920" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899167000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899167 1760899245 - NODATA", - "ingestionTime": 1760899267593, - "eventId": "39269363643571823916049965997386872465211874059378688000" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899181000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899181 1760899254 - NODATA", - "ingestionTime": 1760899309470, - "eventId": "39269363955782256695478690029513573287107439005186064384" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899184000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899184 1760899260 - NODATA", - "ingestionTime": 1760899280418, - "eventId": "39269364022684492291070559418998784362727835457823440896" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899187000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899187 1760899266 - NODATA", - "ingestionTime": 1760899289733, - "eventId": "39269364089586727886662428854866949624521773410794864640" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899194000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899194 1760899275 - NODATA", - "ingestionTime": 1760899299733, - "eventId": "39269364245691944276376790857706543416476686971921301504" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899204000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899204 1760899286 - NODATA", - "ingestionTime": 1760899309875, - "eventId": "39269364468699396261683022285324313923175968945211310080" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899213000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899213 1760899293 - NODATA", - "ingestionTime": 1760899319552, - "eventId": "39269364669406103048458630570844658358774455533122027520" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899215000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899215 1760899293 - NODATA", - "ingestionTime": 1760899311165, - "eventId": "39269364714007593445519876843776711888539935711792070656" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899227000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899227 1760899304 - NODATA", - "ingestionTime": 1760899327528, - "eventId": "39269364981616535827887354561987052343875666657387479040" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899241000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899241 1760899314 - NODATA", - "ingestionTime": 1760899369674, - "eventId": "39269365293826968607316078594438607167353915397586354176" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899245000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899245 1760899321 - NODATA", - "ingestionTime": 1760899340795, - "eventId": "39269365383029949401438571125668891064507806525688119296" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899247000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899247 1760899325 - NODATA", - "ingestionTime": 1760899349747, - "eventId": "39269365427631439798499817419562686664009994535042416640" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899248000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899248 1760899335 - NODATA", - "ingestionTime": 1760899361737, - "eventId": "39269365449932184997030440575593663755083845328799662080" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899263000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899263 1760899343 - NODATA", - "ingestionTime": 1760899367618, - "eventId": "39269365784443362974989787705738802661146729846819127296" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899271000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899271 1760899355 - NODATA", - "ingestionTime": 1760899379484, - "eventId": "39269365962849324563234772852369513371529050589700489216" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899276000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899276 1760899352 - NODATA", - "ingestionTime": 1760899371708, - "eventId": "39269366074353050555887888550647785025367173779549388800" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899287000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899287 1760899364 - NODATA", - "ingestionTime": 1760899389077, - "eventId": "39269366319661247739724743128538737171054749321939386368" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899303000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899303 1760899375 - NODATA", - "ingestionTime": 1760899431081, - "eventId": "39269366676473170916214713443889494423911819403013455872" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899305000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899305 1760899381 - NODATA", - "ingestionTime": 1760899400414, - "eventId": "39269366721074661313275959689886924638672932144373039104" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899307000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899307 1760899386 - NODATA", - "ingestionTime": 1760899408511, - "eventId": "39269366765676151710337205982746961466829488763300806656" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899314000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899314 1760899394 - NODATA", - "ingestionTime": 1760899420747, - "eventId": "39269366921781368100051567988289637575888457293160448000" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899322000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899322 1760899403 - NODATA", - "ingestionTime": 1760899428007, - "eventId": "39269367100187329688296553129352064058383779008465076224" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899334000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899334 1760899412 - NODATA", - "ingestionTime": 1760899429660, - "eventId": "39269367367796272070664030829778877118210560333827080192" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899336000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899336 1760899417 - NODATA", - "ingestionTime": 1760899442053, - "eventId": "39269367412397762467725277127832967444140093911955144704" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899349000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899349 1760899424 - NODATA", - "ingestionTime": 1760899449340, - "eventId": "39269367702307450048623377976606737167794200106263445504" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899361000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899361 1760899432 - NODATA", - "ingestionTime": 1760899491027, - "eventId": "39269367969916392430990855725431353246427732075437621248" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899363000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899363 1760899441 - NODATA", - "ingestionTime": 1760899460257, - "eventId": "39269368014517882828052101971304249414101267847896170496" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899365000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899365 1760899446 - NODATA", - "ingestionTime": 1760899468665, - "eventId": "39269368059119373225113348264540584396392034426105430016" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899375000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899375 1760899455 - NODATA", - "ingestionTime": 1760899481555, - "eventId": "39269368282126825210419579695480504500212685656322080768" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899383000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899383 1760899467 - NODATA", - "ingestionTime": 1760899487567, - "eventId": "39269368460532786798664564835034776331022815284839055360" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899393000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899393 1760899476 - NODATA", - "ingestionTime": 1760899500793, - "eventId": "39269368683540238783970796266381102896276266334347132928" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899398000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899398 1760899475 - NODATA", - "ingestionTime": 1760899489169, - "eventId": "39269368795043964776623911960006811116316914335348031488" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899409000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899409 1760899487 - NODATA", - "ingestionTime": 1760899507600, - "eventId": "39269369040352161960460766539181708866508225546449846272" - } - ], - "eni-0eee78be32276dc65-all": [ - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899032000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899032 1760899109 - NODATA", - "ingestionTime": 1760899134945, - "eventId": "39269360632971222114415841729703527226207967234779774976" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899043000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899043 1760899120 - NODATA", - "ingestionTime": 1760899144884, - "eventId": "39269360878279419298252696298611781813145246086503727104" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899052000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899052 1760899132 - NODATA", - "ingestionTime": 1760899154887, - "eventId": "39269361078986126085028304584526361316447343074608021504" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899063000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899063 1760899141 - NODATA", - "ingestionTime": 1760899164127, - "eventId": "39269361324294323268865159152589586655311491293203202048" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899066000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899066 1760899146 - NODATA", - "ingestionTime": 1760899173383, - "eventId": "39269361391196558864457028588387002206051139308865585152" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899070000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899070 1760899140 - NODATA", - "ingestionTime": 1760899156170, - "eventId": "39269361480399539658579521133720174781408048766989828096" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899074000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899074 1760899155 - NODATA", - "ingestionTime": 1760899186448, - "eventId": "39269361569602520452702013736466909309389429082721353728" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899096000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899096 1760899175 - NODATA", - "ingestionTime": 1760899197470, - "eventId": "39269362060218914820375722863577669461616015304736112640" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899107000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899107 1760899182 - NODATA", - "ingestionTime": 1760899205402, - "eventId": "39269362305527112004212577430059792118031670795614355456" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899124000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899124 1760899200 - NODATA", - "ingestionTime": 1760899224570, - "eventId": "39269362684639780379233170859339700182272340779870912512" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899127000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899127 1760899206 - NODATA", - "ingestionTime": 1760899231868, - "eventId": "39269362751542015974825040292769706477577608203599740928" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899130000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899130 1760899200 - NODATA", - "ingestionTime": 1760899216262, - "eventId": "39269362818444251570416909698510075089137464840133804032" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899133000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899133 1760899215 - NODATA", - "ingestionTime": 1760899246210, - "eventId": "39269362885346487166008779159322407412871585528894324736" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899153000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899153 1760899230 - NODATA", - "ingestionTime": 1760899251400, - "eventId": "39269363331361391136621241996311121221405119004043444224" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899157000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899157 1760899235 - NODATA", - "ingestionTime": 1760899258021, - "eventId": "39269363420564371930743734570458344598590417900065914880" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899167000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899167 1760899242 - NODATA", - "ingestionTime": 1760899266548, - "eventId": "39269363643571823916049965996123562950678726130113904640" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899174000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899174 1760899250 - NODATA", - "ingestionTime": 1760899275556, - "eventId": "39269363799677040305764327997764003167285750075715420160" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899183000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899183 1760899262 - NODATA", - "ingestionTime": 1760899284289, - "eventId": "39269364000383747092539936282143032915656252264968749056" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899187000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899187 1760899266 - NODATA", - "ingestionTime": 1760899291413, - "eventId": "39269364089586727886662428856898380600297619606114140160" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899190000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899190 1760899260 - NODATA", - "ingestionTime": 1760899276225, - "eventId": "39269364156488963482254298263144306458468370593886044160" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899193000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899193 1760899277 - NODATA", - "ingestionTime": 1760899303806, - "eventId": "39269364223391199077846167721094564420197117221625790464" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899196000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899196 1760899260 - NODATA", - "ingestionTime": 1760899334586, - "eventId": "39269364290293434673438037182912416456716008702408523776" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899213000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899213 1760899289 - NODATA", - "ingestionTime": 1760899311121, - "eventId": "39269364669406103048458630560652132630159455450075103232" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899216000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899216 1760899295 - NODATA", - "ingestionTime": 1760899318499, - "eventId": "39269364736308338644050499994179034332937535505210343424" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899227000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899227 1760899305 - NODATA", - "ingestionTime": 1760899326390, - "eventId": "39269364981616535827887354560611681081931410087592263680" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899232 1760899310 - NODATA", - "ingestionTime": 1760899336203, - "eventId": "39269365093120261820540470280153350599481452527376269312" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899243000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899243 1760899323 - NODATA", - "ingestionTime": 1760899343742, - "eventId": "39269365338428459004377324846160248388421245006660304896" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899249000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899249 1760899320 - NODATA", - "ingestionTime": 1760899336117, - "eventId": "39269365472232930195561063686156260435021330376417148928" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899249000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899249 1760899327 - NODATA", - "ingestionTime": 1760899352321, - "eventId": "39269365472232930195561063705745793873400791408967090176" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899251000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899251 1760899336 - NODATA", - "ingestionTime": 1760899367212, - "eventId": "39269365516834420592622310006819254946281577326604779520" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899274000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899274 1760899353 - NODATA", - "ingestionTime": 1760899373962, - "eventId": "39269366029751560158826642270301412512888178252004589568" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899274000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899274 1760899355 - NODATA", - "ingestionTime": 1760899379402, - "eventId": "39269366029751560158826642276877930662977506319400042496" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899284000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899284 1760899362 - NODATA", - "ingestionTime": 1760899386982, - "eventId": "39269366252759012144132873701398387328881161898128637952" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899294000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899294 1760899372 - NODATA", - "ingestionTime": 1760899394477, - "eventId": "39269366475766464129439105125816695702172340211787300864" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899303000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899303 1760899383 - NODATA", - "ingestionTime": 1760899405478, - "eventId": "39269366676473170916214713412937602135678394228114522112" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899308000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899308 1760899386 - NODATA", - "ingestionTime": 1760899413706, - "eventId": "39269366787976896908867829130563046940109806326346612736" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899310000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899310 1760899380 - NODATA", - "ingestionTime": 1760899397821, - "eventId": "39269366832578387305929075394430702698688020571642724352" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899314000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899314 1760899397 - NODATA", - "ingestionTime": 1760899425864, - "eventId": "39269366921781368100051567994475576217536599340043665408" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899334000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899334 1760899415 - NODATA", - "ingestionTime": 1760899441656, - "eventId": "39269367367796272070664030844281469904033722035045597184" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899335000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899335 1760899410 - NODATA", - "ingestionTime": 1760899430876, - "eventId": "39269367390097017269194653972784979191565215734678749184" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899347000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899347 1760899423 - NODATA", - "ingestionTime": 1760899447684, - "eventId": "39269367657705959651562131691532913759489711811767500800" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899354000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899354 1760899432 - NODATA", - "ingestionTime": 1760899456589, - "eventId": "39269367813811176041276493693048475725746690637326057472" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899363000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899363 1760899442 - NODATA", - "ingestionTime": 1760899463202, - "eventId": "39269368014517882828052101974864753397017949679660957696" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899367000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899367 1760899446 - NODATA", - "ingestionTime": 1760899472723, - "eventId": "39269368103720863622174594552517552425934392550237077504" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899371000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899371 1760899440 - NODATA", - "ingestionTime": 1760899455859, - "eventId": "39269368192923844416297087098273510881125605169948065792" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899375000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899375 1760899457 - NODATA", - "ingestionTime": 1760899487495, - "eventId": "39269368282126825210419579702662044707283407383455531008" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899392000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899392 1760899469 - NODATA", - "ingestionTime": 1760899490579, - "eventId": "39269368661239493585440173112497448504418584276237156352" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899394000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899394 1760899475 - NODATA", - "ingestionTime": 1760899499905, - "eventId": "39269368705840983982501419406842983598809204891447328768" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899404000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899404 1760899481 - NODATA", - "ingestionTime": 1760899505766, - "eventId": "39269368928848435967807650829285727947167171314158731264" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899410000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899410 1760899487 - NODATA", - "ingestionTime": 1760899518280, - "eventId": "39269369062652907158991389693628934917572999196216262656" - } - ], - "eni-0c1065c914ddc0b88-all": [ - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899033000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899033 1760899111 - NODATA", - "ingestionTime": 1760899131705, - "eventId": "39269360655271967312946464867322652502059743183076327424" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899040000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899040 1760899118 - NODATA", - "ingestionTime": 1760899137950, - "eventId": "39269360811377183702660826865622290103622366602256842752" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899046000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899046 1760899124 - NODATA", - "ingestionTime": 1760899144556, - "eventId": "39269360945181654893844565722822361767392100902754582528" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899056000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899056 1760899132 - NODATA", - "ingestionTime": 1760899177328, - "eventId": "39269361168189106879150797177798657782901584726127869952" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899063000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899063 1760899143 - NODATA", - "ingestionTime": 1760899169949, - "eventId": "39269361324294323268865159159627891617325295385041436672" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899064000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899064 1760899140 - NODATA", - "ingestionTime": 1760899159431, - "eventId": "39269361346595068467395782288448135197190114468420583424" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899074000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899074 1760899156 - NODATA", - "ingestionTime": 1760899175275, - "eventId": "39269361569602520452702013722959486324680047180535889920" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899083000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899083 1760899166 - NODATA", - "ingestionTime": 1760899185928, - "eventId": "39269361770309227239477622009659656615414527865242583040" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899092000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899092 1760899165 - NODATA", - "ingestionTime": 1760899176075, - "eventId": "39269361971015934026253230271570081934998595329796538368" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899096000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899096 1760899172 - NODATA", - "ingestionTime": 1760899192224, - "eventId": "39269362060218914820375722857235374222277287158040035328" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899098000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899098 1760899176 - NODATA", - "ingestionTime": 1760899199417, - "eventId": "39269362104820405217436969149003084469614423673101156352" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899104000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899104 1760899183 - NODATA", - "ingestionTime": 1760899206138, - "eventId": "39269362238624876408620708006342405502528195376838868992" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899120000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899120 1760899191 - NODATA", - "ingestionTime": 1760899236584, - "eventId": "39269362595436799585110678307720767915257233185726332928" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899125000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899125 1760899200 - NODATA", - "ingestionTime": 1760899220918, - "eventId": "39269362706940525577763793996460255943460832392201109504" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899128000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899128 1760899204 - NODATA", - "ingestionTime": 1760899231844, - "eventId": "39269362773842761173355663434276318502510064397876527104" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899135000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899135 1760899213 - NODATA", - "ingestionTime": 1760899237314, - "eventId": "39269362929947977563070025431638968432093462264361123840" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899141000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899141 1760899224 - NODATA", - "ingestionTime": 1760899246469, - "eventId": "39269363063752448754253764291921197519833887840925450240" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899153000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899153 1760899221 - NODATA", - "ingestionTime": 1760899236692, - "eventId": "39269363331361391136621241978529841373228806547492372480" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899156000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899156 1760899232 - NODATA", - "ingestionTime": 1760899254316, - "eventId": "39269363398263626732213111424443243766834742078299963392" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899158000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899158 1760899236 - NODATA", - "ingestionTime": 1760899261035, - "eventId": "39269363442865117129274357715637800582458712370902073344" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899178000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899178 1760899252 - NODATA", - "ingestionTime": 1760899297290, - "eventId": "39269363888880021099886820590181698295679974565315739648" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899182000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899182 1760899260 - NODATA", - "ingestionTime": 1760899280382, - "eventId": "39269363978083001894009313135883871550789736714335223808" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899187000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899187 1760899265 - NODATA", - "ingestionTime": 1760899292137, - "eventId": "39269364089586727886662428857773429136984229455763341312" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899195000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899195 1760899273 - NODATA", - "ingestionTime": 1760899296711, - "eventId": "39269364267992689474907413995588979756838792680283045888" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899203000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899203 1760899285 - NODATA", - "ingestionTime": 1760899308052, - "eventId": "39269364446398651063152399141585090918819749021377363968" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899212000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899212 1760899281 - NODATA", - "ingestionTime": 1760899298603, - "eventId": "39269364647105357849928007403983341063954283086051934208" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899215000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899215 1760899291 - NODATA", - "ingestionTime": 1760899314667, - "eventId": "39269364714007593445519876848010854729212200078675476480" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899218000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899218 1760899297 - NODATA", - "ingestionTime": 1760899318310, - "eventId": "39269364780909829041111746277021645179191239808600047616" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899226000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899226 1760899304 - NODATA", - "ingestionTime": 1760899326316, - "eventId": "39269364959315790629356731418986118130536925037518389248" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899237000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899237 1760899311 - NODATA", - "ingestionTime": 1760899357590, - "eventId": "39269365204623987813193586013687306980555969919094620160" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899245000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899245 1760899320 - NODATA", - "ingestionTime": 1760899339320, - "eventId": "39269365383029949401438571123885830990629396754181455872" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899246000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899246 1760899324 - NODATA", - "ingestionTime": 1760899349453, - "eventId": "39269365405330694599969194277671333444670725721594920960" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899253000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899253 1760899332 - NODATA", - "ingestionTime": 1760899355965, - "eventId": "39269365561435910989683556276294226634700045831045709824" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899260000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899260 1760899342 - NODATA", - "ingestionTime": 1760899367285, - "eventId": "39269365717541127379397918280729457563060667479143677952" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899271000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899271 1760899340 - NODATA", - "ingestionTime": 1760899358012, - "eventId": "39269365962849324563234772826411456326433139600299589632" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899277000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899277 1760899358 - NODATA", - "ingestionTime": 1760899379932, - "eventId": "39269366096653795754418511702125555646941690228634025984" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899280000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899280 1760899354 - NODATA", - "ingestionTime": 1760899373791, - "eventId": "39269366163556031350010381119308943134728694973349036032" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899287000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899287 1760899365 - NODATA", - "ingestionTime": 1760899387122, - "eventId": "39269366319661247739724743126174945862220594307798401024" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899296000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899296 1760899370 - NODATA", - "ingestionTime": 1760899417363, - "eventId": "39269366520367954526500351436555808711909606142480023552" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899303000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899303 1760899380 - NODATA", - "ingestionTime": 1760899401909, - "eventId": "39269366676473170916214713408623065001550703702154543104" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899307000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899307 1760899383 - NODATA", - "ingestionTime": 1760899409238, - "eventId": "39269366765676151710337205983626119966033254102925901824" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899314000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899314 1760899394 - NODATA", - "ingestionTime": 1760899415337, - "eventId": "39269366921781368100051567981749449595694558573866647552" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899324000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899324 1760899407 - NODATA", - "ingestionTime": 1760899426496, - "eventId": "39269367144788820085357799410596776768436318073229869056" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899330000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899330 1760899401 - NODATA", - "ingestionTime": 1760899416680, - "eventId": "39269367278593291276541538247944144611040782249052209152" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899332000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899332 1760899411 - NODATA", - "ingestionTime": 1760899433019, - "eventId": "39269367323194781673602784550768585739390411542126460928" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899336000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899336 1760899417 - NODATA", - "ingestionTime": 1760899441788, - "eventId": "39269367412397762467725277127512237825223402116720689152" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899346000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899346 1760899426 - NODATA", - "ingestionTime": 1760899445148, - "eventId": "39269367635405214453031508546931419772956448249760251904" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899359000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899359 1760899432 - NODATA", - "ingestionTime": 1760899476491, - "eventId": "39269367925314902033929609424786991761781626531123036160" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899362000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899362 1760899441 - NODATA", - "ingestionTime": 1760899460671, - "eventId": "39269367992217137629521478830269449240112434646753738752" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899366000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899366 1760899443 - NODATA", - "ingestionTime": 1760899468688, - "eventId": "39269368081420118423643971406103859309591387589274501120" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899376000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899376 1760899453 - NODATA", - "ingestionTime": 1760899476785, - "eventId": "39269368304427570408950202831249919970625624526780694528" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899384000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899384 1760899466 - NODATA", - "ingestionTime": 1760899488248, - "eventId": "39269368482833531997195187977393757885480410767471214592" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899393000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899393 1760899463 - NODATA", - "ingestionTime": 1760899476616, - "eventId": "39269368683540238783970796237152821956634466018501394432" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899396000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899396 1760899472 - NODATA", - "ingestionTime": 1760899492814, - "eventId": "39269368750442474379562665681342390226297253743843213312" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899398000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899398 1760899476 - NODATA", - "ingestionTime": 1760899499578, - "eventId": "39269368795043964776623911972590426561877822674179457024" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899404000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899404 1760899483 - NODATA", - "ingestionTime": 1760899507248, - "eventId": "39269368928848435967807650831077445246919319457277739008" - } - ], - "eni-0b032bdd6415e28d2-all": [ - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899035000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899035 1760899113 - NODATA", - "ingestionTime": 1760899133136, - "eventId": "39269360699873457710007711152123610062180414944395264000" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899038000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899038 1760899114 - NODATA", - "ingestionTime": 1760899141191, - "eventId": "39269360766775693305599580586468728036916112958741348352" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899050000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899050 1760899123 - NODATA", - "ingestionTime": 1760899146046, - "eventId": "39269361034384635687967058290766595601835303791956525056" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899058000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899058 1760899131 - NODATA", - "ingestionTime": 1760899159863, - "eventId": "39269361212790597276212043439756002440073202307487825920" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899063000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899063 1760899141 - NODATA", - "ingestionTime": 1760899167762, - "eventId": "39269361324294323268865159156984140043621645568457375744" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899068000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899068 1760899140 - NODATA", - "ingestionTime": 1760899157657, - "eventId": "39269361435798049261518274852446799470266395671291756544" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899068000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899068 1760899151 - NODATA", - "ingestionTime": 1760899175983, - "eventId": "39269361435798049261518274874601161818209012954061209600" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899095000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899095 1760899173 - NODATA", - "ingestionTime": 1760899195345, - "eventId": "39269362037918169621845099719473117068327781693816504320" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899098000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899098 1760899177 - NODATA", - "ingestionTime": 1760899204131, - "eventId": "39269362104820405217436969154701463979111391750678577152" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899106000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899106 1760899186 - NODATA", - "ingestionTime": 1760899211311, - "eventId": "39269362283226366805681954295667591380534219155025690624" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899114000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899114 1760899186 - NODATA", - "ingestionTime": 1760899204393, - "eventId": "39269362461632328393926939419589915749741929816441094144" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899122000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899122 1760899203 - NODATA", - "ingestionTime": 1760899228656, - "eventId": "39269362640038289982171924581207850598435590163328860160" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899125000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899125 1760899194 - NODATA", - "ingestionTime": 1760899249065, - "eventId": "39269362706940525577763794030487974742181412238673444864" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899127000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899127 1760899200 - NODATA", - "ingestionTime": 1760899220738, - "eventId": "39269362751542015974825040279314179297414635168363315200" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899132000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899132 1760899213 - NODATA", - "ingestionTime": 1760899241591, - "eventId": "39269362863045741967478156012202532532736419493011783680" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899143000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899143 1760899223 - NODATA", - "ingestionTime": 1760899253281, - "eventId": "39269363108353939151315010583227663416625814834351243264" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899156000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899156 1760899234 - NODATA", - "ingestionTime": 1760899255488, - "eventId": "39269363398263626732213111425859902023189279008363118592" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899159000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899159 1760899237 - NODATA", - "ingestionTime": 1760899264361, - "eventId": "39269363465165862327804980861194073115574920556078891008" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899168000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899168 1760899246 - NODATA", - "ingestionTime": 1760899269260, - "eventId": "39269363665872569114580589140938428252512150847914049536" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899179000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899179 1760899253 - NODATA", - "ingestionTime": 1760899287510, - "eventId": "39269363911180766298417443719894074932119288698675789824" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899184000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899184 1760899263 - NODATA", - "ingestionTime": 1760899286796, - "eventId": "39269364022684492291070559426709282053852418506933469184" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899189000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899189 1760899260 - NODATA", - "ingestionTime": 1760899280283, - "eventId": "39269364134188218283723675126514426166813898814862065664" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899190000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899190 1760899270 - NODATA", - "ingestionTime": 1760899299057, - "eventId": "39269364156488963482254298290746226088810990608511533056" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899196000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899196 1760899280 - NODATA", - "ingestionTime": 1760899311828, - "eventId": "39269364290293434673438037155400062015818871861690368000" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899215000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899215 1760899294 - NODATA", - "ingestionTime": 1760899324767, - "eventId": "39269364714007593445519876860221022069360705824598065152" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899216000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899216 1760899291 - NODATA", - "ingestionTime": 1760899311774, - "eventId": "39269364736308338644050499986049101087749757179034533888" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899228000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899228 1760899305 - NODATA", - "ingestionTime": 1760899327496, - "eventId": "39269365003917281026417977703483983765827058252031524864" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899236000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899236 1760899313 - NODATA", - "ingestionTime": 1760899372153, - "eventId": "39269365182323242614662962889757246868346573266567036928" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899242000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899242 1760899322 - NODATA", - "ingestionTime": 1760899351210, - "eventId": "39269365316127713805846701713652516863299726898767265792" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899245000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899245 1760899316 - NODATA", - "ingestionTime": 1760899326734, - "eventId": "39269365383029949401438571108670116921054093554823528448" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899246000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899246 1760899320 - NODATA", - "ingestionTime": 1760899342709, - "eventId": "39269365405330694599969194269518376122630654525933879296" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899252000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899252 1760899335 - NODATA", - "ingestionTime": 1760899360418, - "eventId": "39269365539135165791152933140142033914622429515450417152" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899264000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899264 1760899343 - NODATA", - "ingestionTime": 1760899373218, - "eventId": "39269365806744108173520410854044313792513119479803084800" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899275000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899275 1760899355 - NODATA", - "ingestionTime": 1760899375908, - "eventId": "39269366052052305357357265414189441517385877666894970880" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899279000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899279 1760899352 - NODATA", - "ingestionTime": 1760899369219, - "eventId": "39269366141255286151479757972246010380988764276406026240" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899281000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899281 1760899359 - NODATA", - "ingestionTime": 1760899386093, - "eventId": "39269366185856776548541004275716839020567135377730371584" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899291000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899291 1760899368 - NODATA", - "ingestionTime": 1760899396136, - "eventId": "39269366408864228533847235703215102353670681361569349632" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899305000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899305 1760899382 - NODATA", - "ingestionTime": 1760899411018, - "eventId": "39269366721074661313275959702706255481084640795688894464" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899307000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899307 1760899380 - NODATA", - "ingestionTime": 1760899401309, - "eventId": "39269366765676151710337205974040218737002706934304473088" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899307000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899307 1760899377 - NODATA", - "ingestionTime": 1760899407058, - "eventId": "39269366765676151710337205980990486288538753834262528000" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899310000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899310 1760899393 - NODATA", - "ingestionTime": 1760899419461, - "eventId": "39269366832578387305929075420592256492361369792011894784" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899324000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899324 1760899404 - NODATA", - "ingestionTime": 1760899433640, - "eventId": "39269367144788820085357799419233581698511609406149165056" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899335000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899335 1760899412 - NODATA", - "ingestionTime": 1760899433908, - "eventId": "39269367390097017269194653976450088980403729997574832128" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899339000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899339 1760899418 - NODATA", - "ingestionTime": 1760899443512, - "eventId": "39269367479299998063317146554203490059711429749104771072" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899352000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899352 1760899428 - NODATA", - "ingestionTime": 1760899450328, - "eventId": "39269367769209685644215247402407859453740699287278387200" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899361000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899361 1760899433 - NODATA", - "ingestionTime": 1760899454519, - "eventId": "39269367969916392430990855681296183876299316157353951232" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899366000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899366 1760899444 - NODATA", - "ingestionTime": 1760899474591, - "eventId": "39269368081420118423643971413240484439095664219683618816" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899367000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899367 1760899442 - NODATA", - "ingestionTime": 1760899465925, - "eventId": "39269368103720863622174594544299428355023128143241412608" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899368000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899368 1760899453 - NODATA", - "ingestionTime": 1760899486443, - "eventId": "39269368126021608820705217710640157343359909657957302272" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899371000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899371 1760899440 - NODATA", - "ingestionTime": 1760899453355, - "eventId": "39269368192923844416297087095246106187430342297292636160" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899394000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899394 1760899469 - NODATA", - "ingestionTime": 1760899492226, - "eventId": "39269368705840983982501419397559717026373074890956865536" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899395000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899395 1760899474 - NODATA", - "ingestionTime": 1760899499679, - "eventId": "39269368728141729181032042548105768502328698924799033344" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899401000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899401 1760899480 - NODATA", - "ingestionTime": 1760899505761, - "eventId": "39269368861946200372215781404672778473133206005118402560" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899411000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899411 1760899487 - NODATA", - "ingestionTime": 1760899516510, - "eventId": "39269369084953652357522012833024672600503351423856934912" - } - ], - "eni-0412563bcfde47c07-all": [ - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899035000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899035 1760899115 - NODATA", - "ingestionTime": 1760899136495, - "eventId": "39269360699873457710007711156184720977592577186848636928" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899040000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899040 1760899119 - NODATA", - "ingestionTime": 1760899143305, - "eventId": "39269360811377183702660826872095664712709160858448297984" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899053000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899053 1760899129 - NODATA", - "ingestionTime": 1760899149871, - "eventId": "39269361101286871283558927719998164556081147111036944384" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899061000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899061 1760899143 - NODATA", - "ingestionTime": 1760899171229, - "eventId": "39269361279692832871803912878103970731973143505727586304" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899065000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899065 1760899134 - NODATA", - "ingestionTime": 1760899159080, - "eventId": "39269361368895813665926405429559601888144427773353132032" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899067000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899067 1760899140 - NODATA", - "ingestionTime": 1760899158188, - "eventId": "39269361413497304062987651711552518719516224710275825664" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899069000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899069 1760899153 - NODATA", - "ingestionTime": 1760899183464, - "eventId": "39269361458098794460048898025181141301956577880678137856" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899079000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899079 1760899147 - NODATA", - "ingestionTime": 1760899160601, - "eventId": "39269361681106246445355129412898811658073252175123316736" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899087000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899087 1760899166 - NODATA", - "ingestionTime": 1760899189376, - "eventId": "39269361859512208033600114579970893901776463807182798848" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899097000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899097 1760899176 - NODATA", - "ingestionTime": 1760899197279, - "eventId": "39269362082519660018906346004882537813687509194151165952" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899101000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899101 1760899179 - NODATA", - "ingestionTime": 1760899207385, - "eventId": "39269362171722640813028838583242579865759321101520076800" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899110000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899110 1760899188 - NODATA", - "ingestionTime": 1760899210660, - "eventId": "39269362372429347599804446861023392143998122008465309696" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899125000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899125 1760899194 - NODATA", - "ingestionTime": 1760899218812, - "eventId": "39269362706940525577763793993914106303142960102158041088" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899127000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899127 1760899203 - NODATA", - "ingestionTime": 1760899219418, - "eventId": "39269362751542015974825040277718476328369986825337700352" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899128000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899128 1760899200 - NODATA", - "ingestionTime": 1760899219120, - "eventId": "39269362773842761173355663418894165674178680573615538176" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899128000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899128 1760899205 - NODATA", - "ingestionTime": 1760899229665, - "eventId": "39269362773842761173355663431641781566952475279059255296" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899131000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899131 1760899216 - NODATA", - "ingestionTime": 1760899246092, - "eventId": "39269362840744996768947532876108041980772891761732091904" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899154000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899154 1760899229 - NODATA", - "ingestionTime": 1760899251163, - "eventId": "39269363353662136335151865137560078513468959389785718784" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899156000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899156 1760899234 - NODATA", - "ingestionTime": 1760899255712, - "eventId": "39269363398263626732213111426130916777394430857751101440" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899161000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899161 1760899240 - NODATA", - "ingestionTime": 1760899263829, - "eventId": "39269363509767352724866227143622613852783293494349135872" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899165000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899165 1760899246 - NODATA", - "ingestionTime": 1760899273641, - "eventId": "39269363598970333518988719721627354493523822240846249984" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899185000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899185 1760899255 - NODATA", - "ingestionTime": 1760899281581, - "eventId": "39269364044985237489601182561940566582802392043117805568" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899187000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899187 1760899274 - NODATA", - "ingestionTime": 1760899303013, - "eventId": "39269364089586727886662428870921814201369867240798355456" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899189000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899189 1760899265 - NODATA", - "ingestionTime": 1760899290113, - "eventId": "39269364134188218283723675138397685858692808796273704960" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899190000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899190 1760899260 - NODATA", - "ingestionTime": 1760899280671, - "eventId": "39269364156488963482254298268519062333023165200494231552" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899193000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899193 1760899263 - NODATA", - "ingestionTime": 1760899278795, - "eventId": "39269364223391199077846167690858269798831755613942710272" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899207000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899207 1760899286 - NODATA", - "ingestionTime": 1760899310638, - "eventId": "39269364535601631857274891710854073565882969999478882304" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899215000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899215 1760899292 - NODATA", - "ingestionTime": 1760899315726, - "eventId": "39269364714007593445519876849290783883655349661687152640" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899221000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899221 1760899301 - NODATA", - "ingestionTime": 1760899327482, - "eventId": "39269364847812064636703615712717370070625663115083776000" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899229000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899229 1760899308 - NODATA", - "ingestionTime": 1760899331997, - "eventId": "39269365026218026224948600850461253750180961257934094336" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899246000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899246 1760899320 - NODATA", - "ingestionTime": 1760899337920, - "eventId": "39269365405330694599969194263728842467517601889384857600" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899248000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899248 1760899316 - NODATA", - "ingestionTime": 1760899340670, - "eventId": "39269365449932184997030440550125147054714641578971234304" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899248000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899248 1760899326 - NODATA", - "ingestionTime": 1760899350749, - "eventId": "39269365449932184997030440562310038574271999808824475648" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899248000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899248 1760899334 - NODATA", - "ingestionTime": 1760899362257, - "eventId": "39269365449932184997030440576222135510589021884186427392" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899250000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899250 1760899322 - NODATA", - "ingestionTime": 1760899338788, - "eventId": "39269365494533675394091686830921152320352927561249128448" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899270000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899270 1760899347 - NODATA", - "ingestionTime": 1760899368708, - "eventId": "39269365940548579364704149697806783144105333794766585856" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899275000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899275 1760899355 - NODATA", - "ingestionTime": 1760899377918, - "eventId": "39269366052052305357357265416619650568836686043098578944" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899282000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899282 1760899359 - NODATA", - "ingestionTime": 1760899382772, - "eventId": "39269366208157521747071627413237592563353248892668477440" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899289000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899289 1760899368 - NODATA", - "ingestionTime": 1760899393097, - "eventId": "39269366364262738136785989416469683496947752941870645248" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899306000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899306 1760899383 - NODATA", - "ingestionTime": 1760899410529, - "eventId": "39269366743375406511806582843650936186411307196496478208" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899307000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899307 1760899377 - NODATA", - "ingestionTime": 1760899397968, - "eventId": "39269366765676151710337205970001456823899431732343996416" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899307000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899307 1760899380 - NODATA", - "ingestionTime": 1760899400607, - "eventId": "39269366765676151710337205973191896492119022919563018240" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899309000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899309 1760899396 - NODATA", - "ingestionTime": 1760899423126, - "eventId": "39269366810277642107398452283487031653564659198874484736" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899316000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899316 1760899382 - NODATA", - "ingestionTime": 1760899399106, - "eventId": "39269366966382858497112814245198916281112315683434004480" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899331000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899331 1760899406 - NODATA", - "ingestionTime": 1760899430913, - "eventId": "39269367300894036475072161406686974765064859028356005888" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899335000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899335 1760899415 - NODATA", - "ingestionTime": 1760899437272, - "eventId": "39269367390097017269194653980516978150189752716098142208" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899339000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899339 1760899418 - NODATA", - "ingestionTime": 1760899447124, - "eventId": "39269367479299998063317146558570512292617288860634185728" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899351000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899351 1760899427 - NODATA", - "ingestionTime": 1760899454220, - "eventId": "39269367746908940445684624265577228552990440521160261632" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899366000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899366 1760899439 - NODATA", - "ingestionTime": 1760899459961, - "eventId": "39269368081420118423643971395553591908768001739518377984" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899369000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899369 1760899440 - NODATA", - "ingestionTime": 1760899457693, - "eventId": "39269368148322354019235840817419132639093943126178463744" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899369000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899369 1760899444 - NODATA", - "ingestionTime": 1760899469981, - "eventId": "39269368148322354019235840832274191397035876158754783232" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899369000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899369 1760899454 - NODATA", - "ingestionTime": 1760899484008, - "eventId": "39269368148322354019235840849232080110616189955149922304" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899374000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899374 1760899441 - NODATA", - "ingestionTime": 1760899460296, - "eventId": "39269368259826080011888956528244589978217412339484983296" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899392000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899392 1760899467 - NODATA", - "ingestionTime": 1760899489716, - "eventId": "39269368661239493585440173111454201356029973516445417472" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899395000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899395 1760899475 - NODATA", - "ingestionTime": 1760899496760, - "eventId": "39269368728141729181032042544576516340573757947585167360" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899402000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899402 1760899481 - NODATA", - "ingestionTime": 1760899503957, - "eventId": "39269368884246945570746404544027514969411264622420295680" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899413000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899413 1760899488 - NODATA", - "ingestionTime": 1760899511503, - "eventId": "39269369129555142754583259110043103669214552903807205376" - } - ], - "eni-0affc8cb976d281e4-all": [ - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899035000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899035 1760899116 - NODATA", - "ingestionTime": 1760899138840, - "eventId": "39269360699873457710007711159019469104701397634533228544" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899046000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899046 1760899125 - NODATA", - "ingestionTime": 1760899146967, - "eventId": "39269360945181654893844565725737606527934368011554914304" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899060000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899060 1760899132 - NODATA", - "ingestionTime": 1760899190646, - "eventId": "39269361257392087673273289760042133263107400332285378560" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899066000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899066 1760899146 - NODATA", - "ingestionTime": 1760899167560, - "eventId": "39269361391196558864457028581347041359969927984593829888" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899074000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899074 1760899154 - NODATA", - "ingestionTime": 1760899179105, - "eventId": "39269361569602520452702013727590210801973350606697005056" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899087000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899087 1760899164 - NODATA", - "ingestionTime": 1760899192244, - "eventId": "39269361859512208033600114583438176555824605694748459008" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899094000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899094 1760899177 - NODATA", - "ingestionTime": 1760899198599, - "eventId": "39269362015617424423314476581871073057489942101635956736" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899096000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899096 1760899173 - NODATA", - "ingestionTime": 1760899189115, - "eventId": "39269362060218914820375722853477185278320939846186958848" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899109000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899109 1760899185 - NODATA", - "ingestionTime": 1760899210726, - "eventId": "39269362350128602401273823719567361138346684332021776384" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899122000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899122 1760899194 - NODATA", - "ingestionTime": 1760899250823, - "eventId": "39269362640038289982171924608006329965051610956954140672" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899124000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899124 1760899206 - NODATA", - "ingestionTime": 1760899227914, - "eventId": "39269362684639780379233170863382549457541174480434364416" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899126000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899126 1760899200 - NODATA", - "ingestionTime": 1760899219338, - "eventId": "39269362729241270776294417136085999322452702428389244928" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899144000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899144 1760899226 - NODATA", - "ingestionTime": 1760899247368, - "eventId": "39269363130654684349845633717615132665541153038186250240" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899153000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899153 1760899235 - NODATA", - "ingestionTime": 1760899261725, - "eventId": "39269363331361391136621242008792839945762262059483660288" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899167000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899167 1760899245 - NODATA", - "ingestionTime": 1760899268996, - "eventId": "39269363643571823916049965999083152685223837249222017024" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899182000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899182 1760899254 - NODATA", - "ingestionTime": 1760899310544, - "eventId": "39269363978083001894009313172347560528882751266101002240" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899184000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899184 1760899260 - NODATA", - "ingestionTime": 1760899281322, - "eventId": "39269364022684492291070559420091896183115699813441011712" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899186000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899186 1760899266 - NODATA", - "ingestionTime": 1760899287931, - "eventId": "39269364067285982688131805711152844471674574293835710464" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899194000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899194 1760899275 - NODATA", - "ingestionTime": 1760899299457, - "eventId": "39269364245691944276376790857372500237716647776452476928" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899204000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899204 1760899285 - NODATA", - "ingestionTime": 1760899309818, - "eventId": "39269364468699396261683022285255354161015274794248699904" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899213000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899213 1760899295 - NODATA", - "ingestionTime": 1760899320882, - "eventId": "39269364669406103048458630572452503370674395929094586368" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899215000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899215 1760899293 - NODATA", - "ingestionTime": 1760899311810, - "eventId": "39269364714007593445519876844556444173706942228705116160" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899229000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899229 1760899309 - NODATA", - "ingestionTime": 1760899328555, - "eventId": "39269365026218026224948600846300242377921950412429459456" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899241000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899241 1760899325 - NODATA", - "ingestionTime": 1760899348957, - "eventId": "39269365293826968607316078569393086186336604020860649472" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899241000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899241 1760899314 - NODATA", - "ingestionTime": 1760899372605, - "eventId": "39269365293826968607316078597982298375350150780347219968" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899245000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899245 1760899321 - NODATA", - "ingestionTime": 1760899340200, - "eventId": "39269365383029949401438571124949559171644792505665978368" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899251000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899251 1760899335 - NODATA", - "ingestionTime": 1760899359866, - "eventId": "39269365516834420592622309997938463861202851147023974400" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899266000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899266 1760899345 - NODATA", - "ingestionTime": 1760899367752, - "eventId": "39269365851345598570581657130508151919096926587179171840" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899272000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899272 1760899359 - NODATA", - "ingestionTime": 1760899383256, - "eventId": "39269365985150069761765395998465481644863673480582332416" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899276000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899276 1760899352 - NODATA", - "ingestionTime": 1760899370378, - "eventId": "39269366074353050555887888549039652693215533761524727808" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899288000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899288 1760899366 - NODATA", - "ingestionTime": 1760899388583, - "eventId": "39269366341961992938255366269476998944118616763606564864" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899303000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899303 1760899381 - NODATA", - "ingestionTime": 1760899400318, - "eventId": "39269366676473170916214713406699804785352071340302925824" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899303000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899303 1760899375 - NODATA", - "ingestionTime": 1760899429510, - "eventId": "39269366676473170916214713441990338386303280666812350464" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899307000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899307 1760899384 - NODATA", - "ingestionTime": 1760899411298, - "eventId": "39269366765676151710337205986116559650590329171965837312" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899312000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899312 1760899394 - NODATA", - "ingestionTime": 1760899422796, - "eventId": "39269366877179877702990321707695130867012944863901057024" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899322000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899322 1760899403 - NODATA", - "ingestionTime": 1760899428577, - "eventId": "39269367100187329688296553130041479120048520123150827520" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899334000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899334 1760899412 - NODATA", - "ingestionTime": 1760899432439, - "eventId": "39269367367796272070664030833138720654446275223893245952" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899334000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899334 1760899414 - NODATA", - "ingestionTime": 1760899439881, - "eventId": "39269367367796272070664030842135296708003520290717499392" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899347000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899347 1760899424 - NODATA", - "ingestionTime": 1760899451070, - "eventId": "39269367657705959651562131695626595798239555883438637056" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899361000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899361 1760899435 - NODATA", - "ingestionTime": 1760899490451, - "eventId": "39269367969916392430990855724735341148002908163555328000" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899364000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899364 1760899441 - NODATA", - "ingestionTime": 1760899459187, - "eventId": "39269368036818628026582725111546443776056460041485942784" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899366000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899366 1760899447 - NODATA", - "ingestionTime": 1760899471147, - "eventId": "39269368081420118423643971409076505618835547023528493056" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899370000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899370 1760899452 - NODATA", - "ingestionTime": 1760899479024, - "eventId": "39269368170623099217766463984742283714993043411306807296" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899382000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899382 1760899467 - NODATA", - "ingestionTime": 1760899488669, - "eventId": "39269368438232041600133941694831139681884182062797881344" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899394000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899394 1760899475 - NODATA", - "ingestionTime": 1760899502220, - "eventId": "39269368705840983982501419409641737709798658672228827136" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899398000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899398 1760899473 - NODATA", - "ingestionTime": 1760899489665, - "eventId": "39269368795043964776623911960606453012996625068128206848" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899409000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899409 1760899486 - NODATA", - "ingestionTime": 1760899512065, - "eventId": "39269369040352161960460766544579612106892416237728497664" - } - ], - "eni-0cc527ecbe7a26eaf-all": [ - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899035000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899035 1760899117 - NODATA", - "ingestionTime": 1760899142936, - "eventId": "39269360699873457710007711163971510559320265101743685632" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899036000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899036 1760899114 - NODATA", - "ingestionTime": 1760899134414, - "eventId": "39269360722174202908538334295204820463313948714318168064" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899050000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899050 1760899129 - NODATA", - "ingestionTime": 1760899152727, - "eventId": "39269361034384635687967058298843497727773204937133850624" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899063000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899063 1760899133 - NODATA", - "ingestionTime": 1760899185523, - "eventId": "39269361324294323268865159178455904111196628287686770688" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899065000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899065 1760899140 - NODATA", - "ingestionTime": 1760899158843, - "eventId": "39269361368895813665926405429273417399856208608128204800" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899066000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899066 1760899145 - NODATA", - "ingestionTime": 1760899168245, - "eventId": "39269361391196558864457028582175509246823037858524626944" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899072000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899072 1760899154 - NODATA", - "ingestionTime": 1760899181163, - "eventId": "39269361525001030055640767447006181139772869756776218624" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899090000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899090 1760899170 - NODATA", - "ingestionTime": 1760899193900, - "eventId": "39269361926414443629191984010047495961379235145155215360" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899092000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899092 1760899177 - NODATA", - "ingestionTime": 1760899202749, - "eventId": "39269361971015934026253230303816785979875019549754589184" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899110000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899110 1760899188 - NODATA", - "ingestionTime": 1760899210860, - "eventId": "39269362372429347599804446861265377207808753828176592896" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899125000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899125 1760899204 - NODATA", - "ingestionTime": 1760899230989, - "eventId": "39269362706940525577763794008635558579997690313193750528" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899126000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899126 1760899200 - NODATA", - "ingestionTime": 1760899219830, - "eventId": "39269362729241270776294417136680824586241537371595341824" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899127000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899127 1760899212 - NODATA", - "ingestionTime": 1760899242326, - "eventId": "39269362751542015974825040305412561063885034823646773248" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899146000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899146 1760899226 - NODATA", - "ingestionTime": 1760899246152, - "eventId": "39269363175256174746906879999216657007477593368650383360" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899152000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899152 1760899231 - NODATA", - "ingestionTime": 1760899253019, - "eventId": "39269363309060645938090618856732243219578704771989635072" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899156000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899156 1760899237 - NODATA", - "ingestionTime": 1760899263736, - "eventId": "39269363398263626732213111435831655263089646910124851200" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899170000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899170 1760899247 - NODATA", - "ingestionTime": 1760899271074, - "eventId": "39269363710474059511641835426202440992731308715443683328" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899184000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899184 1760899260 - NODATA", - "ingestionTime": 1760899279688, - "eventId": "39269364022684492291070559418116119557759800710406471680" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899186000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899186 1760899257 - NODATA", - "ingestionTime": 1760899306262, - "eventId": "39269364067285982688131805733313731667256371536065331200" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899188000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899188 1760899266 - NODATA", - "ingestionTime": 1760899288672, - "eventId": "39269364111887473085193051995119913844343400534901653504" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899194000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899194 1760899275 - NODATA", - "ingestionTime": 1760899299252, - "eventId": "39269364245691944276376790857125149363662073314597076992" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899204000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899204 1760899285 - NODATA", - "ingestionTime": 1760899309280, - "eventId": "39269364468699396261683022284605296878582061744064102400" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899214000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899214 1760899291 - NODATA", - "ingestionTime": 1760899314311, - "eventId": "39269364691706848246989253706044751639540719357729177600" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899215000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899215 1760899296 - NODATA", - "ingestionTime": 1760899324087, - "eventId": "39269364714007593445519876859398939631364402504914436096" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899232 1760899310 - NODATA", - "ingestionTime": 1760899334354, - "eventId": "39269365093120261820540470277918148826862523982991851520" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899245000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899245 1760899320 - NODATA", - "ingestionTime": 1760899341889, - "eventId": "39269365383029949401438571126991283198097922654519689216" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899245000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899245 1760899325 - NODATA", - "ingestionTime": 1760899348539, - "eventId": "39269365383029949401438571135031132663793566278058115072" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899246000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899246 1760899316 - NODATA", - "ingestionTime": 1760899366160, - "eventId": "39269365405330694599969194297869179122661927007680724992" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899253000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899253 1760899335 - NODATA", - "ingestionTime": 1760899360237, - "eventId": "39269365561435910989683556281458718788128809122697052160" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899263000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899263 1760899343 - NODATA", - "ingestionTime": 1760899367744, - "eventId": "39269365784443362974989787705891158615048326713479266304" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899275000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899275 1760899352 - NODATA", - "ingestionTime": 1760899372061, - "eventId": "39269366052052305357357265409538549045672232196748017664" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899275000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899275 1760899358 - NODATA", - "ingestionTime": 1760899383656, - "eventId": "39269366052052305357357265423556517543661022486787260416" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899290000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899290 1760899367 - NODATA", - "ingestionTime": 1760899391461, - "eventId": "39269366386563483335316612556027451863182680765922607104" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899303000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899303 1760899381 - NODATA", - "ingestionTime": 1760899403625, - "eventId": "39269366676473170916214713410697222888582558342587351040" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899307000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899307 1760899384 - NODATA", - "ingestionTime": 1760899411002, - "eventId": "39269366765676151710337205985758614282112731246506541056" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899314000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899314 1760899394 - NODATA", - "ingestionTime": 1760899419972, - "eventId": "39269366921781368100051567987352686539192809824210518016" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899324000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899324 1760899404 - NODATA", - "ingestionTime": 1760899426887, - "eventId": "39269367144788820085357799411069452063340406770065408000" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899334000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899334 1760899412 - NODATA", - "ingestionTime": 1760899434439, - "eventId": "39269367367796272070664030835556822797651854308072357888" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899334000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899334 1760899417 - NODATA", - "ingestionTime": 1760899446456, - "eventId": "39269367367796272070664030850084056944309412406590767104" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899351000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899351 1760899427 - NODATA", - "ingestionTime": 1760899451312, - "eventId": "39269367746908940445684624262062177639914816024458821632" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899364000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899364 1760899441 - NODATA", - "ingestionTime": 1760899459035, - "eventId": "39269368036818628026582725111362754830102764013299433472" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899364000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899364 1760899446 - NODATA", - "ingestionTime": 1760899470289, - "eventId": "39269368036818628026582725124967908315929005802571956224" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899368000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899368 1760899437 - NODATA", - "ingestionTime": 1760899486041, - "eventId": "39269368126021608820705217710153819616007802450744442880" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899370000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899370 1760899452 - NODATA", - "ingestionTime": 1760899480164, - "eventId": "39269368170623099217766463986120228458155453978742292480" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899383000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899383 1760899466 - NODATA", - "ingestionTime": 1760899488206, - "eventId": "39269368460532786798664564835806916203379451258122797056" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899393000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899393 1760899476 - NODATA", - "ingestionTime": 1760899506645, - "eventId": "39269368683540238783970796273455606208662299519439011840" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899397000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899397 1760899475 - NODATA", - "ingestionTime": 1760899493621, - "eventId": "39269368772743219578093288823853465559792739857376215040" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899410000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899410 1760899488 - NODATA", - "ingestionTime": 1760899512938, - "eventId": "39269369062652907158991389687170444069467983195855192064" - } - ], - "eni-00e49c1a350a96c62-all": [ - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899037000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899037 1760899114 - NODATA", - "ingestionTime": 1760899138767, - "eventId": "39269360744474948107068957442002873060395970223357362176" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899049000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899049 1760899123 - NODATA", - "ingestionTime": 1760899145913, - "eventId": "39269361012083890489436435149070146485244488969436200960" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899057000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899057 1760899130 - NODATA", - "ingestionTime": 1760899154890, - "eventId": "39269361190489852077681420292208780129801594305213628416" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899063000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899063 1760899143 - NODATA", - "ingestionTime": 1760899165282, - "eventId": "39269361324294323268865159153986206642563145982672568320" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899068000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899068 1760899140 - NODATA", - "ingestionTime": 1760899155203, - "eventId": "39269361435798049261518274849479695499931155809958887424" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899069000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899069 1760899149 - NODATA", - "ingestionTime": 1760899172925, - "eventId": "39269361458098794460048898012440441311275205415884881920" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899074000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899074 1760899158 - NODATA", - "ingestionTime": 1760899188149, - "eventId": "39269361569602520452702013738523382166437444405447360512" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899094000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899094 1760899173 - NODATA", - "ingestionTime": 1760899193854, - "eventId": "39269362015617424423314476576134577772443043769486868480" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899098000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899098 1760899175 - NODATA", - "ingestionTime": 1760899198765, - "eventId": "39269362104820405217436969148214454073853692019531972608" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899106000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899106 1760899183 - NODATA", - "ingestionTime": 1760899205855, - "eventId": "39269362283226366805681954289071863715341114358247981056" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899116000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899116 1760899190 - NODATA", - "ingestionTime": 1760899218900, - "eventId": "39269362506233818790988185720199514343819175426755985408" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899124000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899124 1760899200 - NODATA", - "ingestionTime": 1760899223152, - "eventId": "39269362684639780379233170857625462746990168067807838208" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899129000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899129 1760899207 - NODATA", - "ingestionTime": 1760899233704, - "eventId": "39269362796143506371886286578060267268971733818706690048" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899130000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899130 1760899200 - NODATA", - "ingestionTime": 1760899216597, - "eventId": "39269362818444251570416909698915159185654638900559478784" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899132000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899132 1760899217 - NODATA", - "ingestionTime": 1760899249116, - "eventId": "39269362863045741967478156021299470001702103957709324288" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899157000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899157 1760899233 - NODATA", - "ingestionTime": 1760899250348, - "eventId": "39269363420564371930743734561181793392594438106193985536" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899158000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899158 1760899235 - NODATA", - "ingestionTime": 1760899257916, - "eventId": "39269363442865117129274357711867073227048333308284895232" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899167000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899167 1760899242 - NODATA", - "ingestionTime": 1760899266443, - "eventId": "39269363643571823916049965995997165200773008274068602880" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899176000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899176 1760899252 - NODATA", - "ingestionTime": 1760899278154, - "eventId": "39269363844278530702825574283975957584885667444695433216" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899183000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899183 1760899261 - NODATA", - "ingestionTime": 1760899283120, - "eventId": "39269364000383747092539936280729434656590907773135814656" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899187000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899187 1760899267 - NODATA", - "ingestionTime": 1760899294600, - "eventId": "39269364089586727886662428860750732039464946026079584256" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899190000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899190 1760899260 - NODATA", - "ingestionTime": 1760899275302, - "eventId": "39269364156488963482254298262028409321693380740057726976" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899193000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899193 1760899277 - NODATA", - "ingestionTime": 1760899306056, - "eventId": "39269364223391199077846167723814463848546217742214758400" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899213000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899213 1760899292 - NODATA", - "ingestionTime": 1760899313242, - "eventId": "39269364669406103048458630563216446915861083943820525568" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899217000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899217 1760899294 - NODATA", - "ingestionTime": 1760899321674, - "eventId": "39269364758609083842581123139552769844370962991551938560" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899228000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899228 1760899304 - NODATA", - "ingestionTime": 1760899325244, - "eventId": "39269365003917281026417977700761979083052749898730242048" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899234000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899234 1760899313 - NODATA", - "ingestionTime": 1760899337001, - "eventId": "39269365137721752217601716564189390859907730233102761984" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899243000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899243 1760899323 - NODATA", - "ingestionTime": 1760899342968, - "eventId": "39269365338428459004377324845224710968490708577878147072" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899247000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899247 1760899320 - NODATA", - "ingestionTime": 1760899337957, - "eventId": "39269365427631439798499817405309310435025331773548134400" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899250000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899250 1760899327 - NODATA", - "ingestionTime": 1760899354215, - "eventId": "39269365494533675394091686849571300684571434120473935872" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899256000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899256 1760899339 - NODATA", - "ingestionTime": 1760899366733, - "eventId": "39269365628338146585275425713918766977677100855991992320" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899274000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899274 1760899355 - NODATA", - "ingestionTime": 1760899383193, - "eventId": "39269366029751560158826642281460692452759301299789365248" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899275000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899275 1760899350 - NODATA", - "ingestionTime": 1760899372605, - "eventId": "39269366052052305357357265410196231221786162162004131840" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899289000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899289 1760899364 - NODATA", - "ingestionTime": 1760899386545, - "eventId": "39269366364262738136785989408548697493435601619971342336" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899296000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899296 1760899369 - NODATA", - "ingestionTime": 1760899397522, - "eventId": "39269366520367954526500351412569071531243907951461466112" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899303000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899303 1760899381 - NODATA", - "ingestionTime": 1760899403322, - "eventId": "39269366676473170916214713410331080053193532204739461120" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899310000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899310 1760899380 - NODATA", - "ingestionTime": 1760899396685, - "eventId": "39269366832578387305929075393057588744809773639408222208" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899310000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899310 1760899391 - NODATA", - "ingestionTime": 1760899414626, - "eventId": "39269366832578387305929075414746681071818916868380557312" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899312000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899312 1760899397 - NODATA", - "ingestionTime": 1760899426265, - "eventId": "39269366877179877702990321711888984629719983476018970624" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899334000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899334 1760899415 - NODATA", - "ingestionTime": 1760899439060, - "eventId": "39269367367796272070664030841142937958575332058401079296" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899335000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899335 1760899411 - NODATA", - "ingestionTime": 1760899430946, - "eventId": "39269367390097017269194653972869353730141055293073653760" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899348000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899348 1760899422 - NODATA", - "ingestionTime": 1760899445836, - "eventId": "39269367680006704850092754830834442177159248388842323968" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899358000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899358 1760899431 - NODATA", - "ingestionTime": 1760899455982, - "eventId": "39269367903014156835398986258457400930997965156061413376" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899363000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899363 1760899448 - NODATA", - "ingestionTime": 1760899475444, - "eventId": "39269368014517882828052101989664297898907338176166625280" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899364000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899364 1760899440 - NODATA", - "ingestionTime": 1760899465105, - "eventId": "39269368036818628026582725118701199232259355164586803200" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899371000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899371 1760899440 - NODATA", - "ingestionTime": 1760899457014, - "eventId": "39269368192923844416297087099669576687152167684464902144" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899377000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899377 1760899459 - NODATA", - "ingestionTime": 1760899490171, - "eventId": "39269368326728315607480825988968463538789249157613486080" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899393000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899393 1760899469 - NODATA", - "ingestionTime": 1760899490033, - "eventId": "39269368683540238783970796253372651980199477280652132352" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899393000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899393 1760899475 - NODATA", - "ingestionTime": 1760899500599, - "eventId": "39269368683540238783970796266146224296626452138420731904" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899409000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899409 1760899484 - NODATA", - "ingestionTime": 1760899505136, - "eventId": "39269369040352161960460766536202630897021212831417696256" - } - ], - "eni-0fa50413d12043097-all": [ - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899040000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899040 1760899115 - NODATA", - "ingestionTime": 1760899140262, - "eventId": "39269360811377183702660826868416985984503058815102287872" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899042000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899042 1760899121 - NODATA", - "ingestionTime": 1760899143376, - "eventId": "39269360855978674099722073155253169520247183234716467200" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899052000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899052 1760899128 - NODATA", - "ingestionTime": 1760899152591, - "eventId": "39269361078986126085028304581750881363540677418497605632" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899064000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899064 1760899140 - NODATA", - "ingestionTime": 1760899162154, - "eventId": "39269361346595068467395782291739961430735159900244934656" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899066000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899066 1760899144 - NODATA", - "ingestionTime": 1760899169498, - "eventId": "39269361391196558864457028583690118502832229354569924608" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899073000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899073 1760899154 - NODATA", - "ingestionTime": 1760899179003, - "eventId": "39269361547301775254171390585930848990670403554094546944" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899092000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899092 1760899171 - NODATA", - "ingestionTime": 1760899190986, - "eventId": "39269361971015934026253230289595803506801529278806687744" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899098000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899098 1760899181 - NODATA", - "ingestionTime": 1760899207867, - "eventId": "39269362104820405217436969159218344953622183587375808512" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899112000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899112 1760899188 - NODATA", - "ingestionTime": 1760899214794, - "eventId": "39269362417030837996865693149092557063885044642170601472" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899126000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899126 1760899200 - NODATA", - "ingestionTime": 1760899218363, - "eventId": "39269362729241270776294417134907160818739660973908819968" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899127000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899127 1760899204 - NODATA", - "ingestionTime": 1760899228143, - "eventId": "39269362751542015974825040288266516288111335930212450304" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899130000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899130 1760899196 - NODATA", - "ingestionTime": 1760899236269, - "eventId": "39269362818444251570416909722696919918440077319402749952" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899136000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899136 1760899216 - NODATA", - "ingestionTime": 1760899235291, - "eventId": "39269362952248722761600648570728909971269331639508271104" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899138000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899138 1760899219 - NODATA", - "ingestionTime": 1760899250086, - "eventId": "39269362996850213158661894871686954858411832487192231936" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899153000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899153 1760899230 - NODATA", - "ingestionTime": 1760899254654, - "eventId": "39269363331361391136621242000244768455551793757717463040" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899161000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899161 1760899237 - NODATA", - "ingestionTime": 1760899257334, - "eventId": "39269363509767352724866227135770221742737076997653921792" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899164000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899164 1760899241 - NODATA", - "ingestionTime": 1760899265939, - "eventId": "39269363576669588320458096570780569355098770852205232128" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899174000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899174 1760899249 - NODATA", - "ingestionTime": 1760899273397, - "eventId": "39269363799677040305764327995154046397828555294498422784" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899184000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899184 1760899260 - NODATA", - "ingestionTime": 1760899281771, - "eventId": "39269364022684492291070559420634279420924730337580023808" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899187000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899187 1760899265 - NODATA", - "ingestionTime": 1760899288795, - "eventId": "39269364089586727886662428853733110355927812841166798848" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899196000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899196 1760899273 - NODATA", - "ingestionTime": 1760899296003, - "eventId": "39269364290293434673438037136268631779257380741103878144" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899198000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899198 1760899278 - NODATA", - "ingestionTime": 1760899306553, - "eventId": "39269364334894925070499283432094430904808367107227451392" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899213000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899213 1760899289 - NODATA", - "ingestionTime": 1760899312120, - "eventId": "39269364669406103048458630561859774536441580822616932352" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899219000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899219 1760899295 - NODATA", - "ingestionTime": 1760899317268, - "eventId": "39269364803210574239642369417297713069416572112904192000" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899219000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899219 1760899301 - NODATA", - "ingestionTime": 1760899322768, - "eventId": "39269364803210574239642369423946845989658433766276726784" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899234000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899234 1760899311 - NODATA", - "ingestionTime": 1760899332678, - "eventId": "39269365137721752217601716558963471053914458804630847488" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899245000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899245 1760899320 - NODATA", - "ingestionTime": 1760899339367, - "eventId": "39269365383029949401438571123942486092557966856190361600" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899247000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899247 1760899324 - NODATA", - "ingestionTime": 1760899348309, - "eventId": "39269365427631439798499817417824354360108782591454478336" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899253000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899253 1760899332 - NODATA", - "ingestionTime": 1760899355678, - "eventId": "39269365561435910989683556275947266384107891177478815744" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899261000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899261 1760899342 - NODATA", - "ingestionTime": 1760899366693, - "eventId": "39269365739841872577928541421549487378245342185086910464" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899273000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899273 1760899350 - NODATA", - "ingestionTime": 1760899372128, - "eventId": "39269366007450814960296019126548532389304577255380680704" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899281000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899281 1760899356 - NODATA", - "ingestionTime": 1760899377874, - "eventId": "39269366185856776548541004265780822088761543221054603264" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899284000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899284 1760899364 - NODATA", - "ingestionTime": 1760899385324, - "eventId": "39269366252759012144132873699394307557598695465524264960" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899292000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899292 1760899368 - NODATA", - "ingestionTime": 1760899394142, - "eventId": "39269366431164973732377858842340359302581975791635333120" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899303000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899303 1760899380 - NODATA", - "ingestionTime": 1760899400005, - "eventId": "39269366676473170916214713406321216800965289140896202752" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899307000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899307 1760899383 - NODATA", - "ingestionTime": 1760899409949, - "eventId": "39269366765676151710337205984485811763750024473813581824" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899313000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899313 1760899378 - NODATA", - "ingestionTime": 1760899414160, - "eventId": "39269366899480622901520944838790532611734763965527949312" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899314000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899314 1760899394 - NODATA", - "ingestionTime": 1760899419381, - "eventId": "39269366921781368100051567986638388512800638442458775552" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899317000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899317 1760899401 - NODATA", - "ingestionTime": 1760899428481, - "eventId": "39269366988683603695643437422246304878471566233588793344" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899334000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899334 1760899410 - NODATA", - "ingestionTime": 1760899430659, - "eventId": "39269367367796272070664030830986961116563222632212791296" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899340000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899340 1760899416 - NODATA", - "ingestionTime": 1760899436518, - "eventId": "39269367501600743261847769687284398395473853959957053440" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899345000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899345 1760899422 - NODATA", - "ingestionTime": 1760899447444, - "eventId": "39269367613104469254500885408171291853138687591527874560" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899354000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899354 1760899429 - NODATA", - "ingestionTime": 1760899453567, - "eventId": "39269367813811176041276493689395293155195266907628961792" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899364000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899364 1760899441 - NODATA", - "ingestionTime": 1760899458468, - "eventId": "39269368036818628026582725110677664820832133703468122112" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899370000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899370 1760899445 - NODATA", - "ingestionTime": 1760899471928, - "eventId": "39269368170623099217766463976163577497656700642295021568" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899375000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899375 1760899454 - NODATA", - "ingestionTime": 1760899475464, - "eventId": "39269368282126825210419579688117181201629642247446134784" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899377000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899377 1760899460 - NODATA", - "ingestionTime": 1760899486979, - "eventId": "39269368326728315607480825985109618256405191504821223424" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899391000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899391 1760899470 - NODATA", - "ingestionTime": 1760899491571, - "eventId": "39269368638938748386909549972160630771095970562797076480" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899398000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899398 1760899476 - NODATA", - "ingestionTime": 1760899496786, - "eventId": "39269368795043964776623911969215202050450603886724448256" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899398000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899398 1760899480 - NODATA", - "ingestionTime": 1760899504483, - "eventId": "39269368795043964776623911978520527272550776449095237632" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899410000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899410 1760899487 - NODATA", - "ingestionTime": 1760899514868, - "eventId": "39269369062652907158991389689503736367846913633824866304" - } - ], - "eni-0ab252a7dc8378f9e-all": [ - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899043000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899043 1760899121 - NODATA", - "ingestionTime": 1760899144743, - "eventId": "39269360878279419298252696298441346294757840151857463296" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899055000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899055 1760899132 - NODATA", - "ingestionTime": 1760899168235, - "eventId": "39269361145888361680620174025270253239837550314553278464" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899063000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899063 1760899140 - NODATA", - "ingestionTime": 1760899163640, - "eventId": "39269361324294323268865159152001029709603810370906947584" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899063000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899063 1760899143 - NODATA", - "ingestionTime": 1760899168077, - "eventId": "39269361324294323268865159157365264056044858698275160064" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899074000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899074 1760899156 - NODATA", - "ingestionTime": 1760899176432, - "eventId": "39269361569602520452702013724358474785221923001425002496" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899083000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899083 1760899165 - NODATA", - "ingestionTime": 1760899187057, - "eventId": "39269361770309227239477622011024815587615914795180752896" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899087000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899087 1760899153 - NODATA", - "ingestionTime": 1760899167556, - "eventId": "39269361859512208033600114553592653372149707506846400512" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899092000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899092 1760899170 - NODATA", - "ingestionTime": 1760899192280, - "eventId": "39269361971015934026253230291160278927375725344553107456" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899099000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899099 1760899177 - NODATA", - "ingestionTime": 1760899198187, - "eventId": "39269362127121150415967592289051716776414009852387983360" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899103000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899103 1760899183 - NODATA", - "ingestionTime": 1760899206246, - "eventId": "39269362216324131210090084864937018834584512701592240128" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899116000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899116 1760899191 - NODATA", - "ingestionTime": 1760899232074, - "eventId": "39269362506233818790988185736125476421465966948702420992" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899126000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899126 1760899200 - NODATA", - "ingestionTime": 1760899219781, - "eventId": "39269362729241270776294417136621410518674911340285657088" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899127000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899127 1760899204 - NODATA", - "ingestionTime": 1760899228166, - "eventId": "39269362751542015974825040288294114353006436868741267456" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899135000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899135 1760899216 - NODATA", - "ingestionTime": 1760899236537, - "eventId": "39269362929947977563070025430699906144758538369638989824" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899143000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899143 1760899223 - NODATA", - "ingestionTime": 1760899246487, - "eventId": "39269363108353939151315010575014091586148403225718226944" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899152000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899152 1760899218 - NODATA", - "ingestionTime": 1760899228230, - "eventId": "39269363309060645938090618826764277432324953379863986176" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899154000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899154 1760899230 - NODATA", - "ingestionTime": 1760899251910, - "eventId": "39269363353662136335151865138463170581794388689786109952" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899159000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899159 1760899237 - NODATA", - "ingestionTime": 1760899258836, - "eventId": "39269363465165862327804980854514963320757161567338037248" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899164000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899164 1760899243 - NODATA", - "ingestionTime": 1760899267297, - "eventId": "39269363576669588320458096572421907225632428613003575296" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899175000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899175 1760899249 - NODATA", - "ingestionTime": 1760899289057, - "eventId": "39269363821977785504294951155621307693113204263044317184" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899182000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899182 1760899260 - NODATA", - "ingestionTime": 1760899284104, - "eventId": "39269363978083001894009313140383662044320238584828002304" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899188000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899188 1760899264 - NODATA", - "ingestionTime": 1760899289384, - "eventId": "39269364111887473085193051995981173248009206015046909952" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899194000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899194 1760899273 - NODATA", - "ingestionTime": 1760899297876, - "eventId": "39269364245691944276376790855461696834132070243219472384" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899201000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899201 1760899281 - NODATA", - "ingestionTime": 1760899306426, - "eventId": "39269364401797160666091152856547997110764227965170089984" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899212000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899212 1760899290 - NODATA", - "ingestionTime": 1760899311990, - "eventId": "39269364647105357849928007420167105058361158249298591744" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899220000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899220 1760899296 - NODATA", - "ingestionTime": 1760899318981, - "eventId": "39269364825511319438172992560904692599124508662111862784" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899225000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899225 1760899305 - NODATA", - "ingestionTime": 1760899326405, - "eventId": "39269364937015045430826108277557866612080981738167205888" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899234000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899234 1760899311 - NODATA", - "ingestionTime": 1760899349607, - "eventId": "39269365137721752217601716579429045015788236565383872512" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899244000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899244 1760899320 - NODATA", - "ingestionTime": 1760899340539, - "eventId": "39269365360729204202907947983824034257365336815361916928" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899246000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899246 1760899324 - NODATA", - "ingestionTime": 1760899349659, - "eventId": "39269365405330694599969194277920420845905191734063595520" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899255000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899255 1760899333 - NODATA", - "ingestionTime": 1760899355340, - "eventId": "39269365606037401386744802558609859740341295972286267392" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899258000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899258 1760899342 - NODATA", - "ingestionTime": 1760899370852, - "eventId": "39269365672939636982336672001969956859553818871193468928" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899264000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899264 1760899332 - NODATA", - "ingestionTime": 1760899350205, - "eventId": "39269365806744108173520410826223332584796236243615940608" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899273000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899273 1760899351 - NODATA", - "ingestionTime": 1760899371460, - "eventId": "39269366007450814960296019125740775862889849020409970688" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899280000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899280 1760899356 - NODATA", - "ingestionTime": 1760899380041, - "eventId": "39269366163556031350010381126864519046676932443778842624" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899285000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899285 1760899363 - NODATA", - "ingestionTime": 1760899385191, - "eventId": "39269366275059757342663496840769274361216909335960289280" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899294000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899294 1760899369 - NODATA", - "ingestionTime": 1760899408748, - "eventId": "39269366475766464129439105143069271520703015093635448832" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899303000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899303 1760899380 - NODATA", - "ingestionTime": 1760899403298, - "eventId": "39269366676473170916214713410301864753488679959076405248" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899307000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899307 1760899385 - NODATA", - "ingestionTime": 1760899409389, - "eventId": "39269366765676151710337205983808376335481471422902829056" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899314000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899314 1760899393 - NODATA", - "ingestionTime": 1760899417527, - "eventId": "39269366921781368100051567984396803465274466565072355328" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899322000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899322 1760899404 - NODATA", - "ingestionTime": 1760899425908, - "eventId": "39269367100187329688296553126814732094305494235156250624" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899325000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899325 1760899394 - NODATA", - "ingestionTime": 1760899407513, - "eventId": "39269367167089565283888422529183595729306489697859207168" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899334000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899334 1760899411 - NODATA", - "ingestionTime": 1760899432182, - "eventId": "39269367367796272070664030832828069171568725790328619008" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899338000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899338 1760899417 - NODATA", - "ingestionTime": 1760899441926, - "eventId": "39269367456999252864786523410750437457893915410264948736" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899347000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899347 1760899423 - NODATA", - "ingestionTime": 1760899448300, - "eventId": "39269367657705959651562131692277680343019782573063667712" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899357000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899357 1760899431 - NODATA", - "ingestionTime": 1760899468795, - "eventId": "39269367880713411636868363132411672098214393367238672384" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899364000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899364 1760899441 - NODATA", - "ingestionTime": 1760899460562, - "eventId": "39269368036818628026582725113209034936779570569075097600" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899370000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899370 1760899445 - NODATA", - "ingestionTime": 1760899469949, - "eventId": "39269368170623099217766463973771603933568241784363286528" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899379000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899379 1760899454 - NODATA", - "ingestionTime": 1760899478804, - "eventId": "39269368371329806004542072258297942518344252529592041472" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899384000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899384 1760899454 - NODATA", - "ingestionTime": 1760899468911, - "eventId": "39269368482833531997195187954016642404155879694547550208" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899384000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899384 1760899466 - NODATA", - "ingestionTime": 1760899486220, - "eventId": "39269368482833531997195187974941804250215427335835811840" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899396000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899396 1760899472 - NODATA", - "ingestionTime": 1760899492248, - "eventId": "39269368750442474379562665680657565911081339579250507776" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899400000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899400 1760899478 - NODATA", - "ingestionTime": 1760899500150, - "eventId": "39269368839645455173685158256353497648806873134796832768" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899403000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899403 1760899482 - NODATA", - "ingestionTime": 1760899507126, - "eventId": "39269368906547690769277027689394005336431475869869670400" - } - ], - "eni-0d52b90c56c30aaaf-all": [ - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899047000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899047 1760899125 - NODATA", - "ingestionTime": 1760899147882, - "eventId": "39269360967482400092375188868379387488249224545389772800" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899060000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899060 1760899131 - NODATA", - "ingestionTime": 1760899156440, - "eventId": "39269361257392087673273289718689448193884824360186019840" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899064000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899064 1760899142 - NODATA", - "ingestionTime": 1760899162528, - "eventId": "39269361346595068467395782292192150158971810428482420736" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899069000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899069 1760899147 - NODATA", - "ingestionTime": 1760899172082, - "eventId": "39269361458098794460048898011420986728738606749298458624" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899075000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899075 1760899154 - NODATA", - "ingestionTime": 1760899179557, - "eventId": "39269361591903265651232636869672220334830881519077687296" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899085000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899085 1760899165 - NODATA", - "ingestionTime": 1760899188478, - "eventId": "39269361814910717636538868295814303201759959957510815744" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899095000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899095 1760899172 - NODATA", - "ingestionTime": 1760899194879, - "eventId": "39269362037918169621845099718909715757515917376757170176" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899107000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899107 1760899185 - NODATA", - "ingestionTime": 1760899206508, - "eventId": "39269362305527112004212577431396849746611502212074307584" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899121000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899121 1760899192 - NODATA", - "ingestionTime": 1760899214474, - "eventId": "39269362617737544783641301422527240192386104119123574784" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899123000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899123 1760899201 - NODATA", - "ingestionTime": 1760899222492, - "eventId": "39269362662339035180702547715291594383117768292878319616" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899130000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899130 1760899208 - NODATA", - "ingestionTime": 1760899233348, - "eventId": "39269362818444251570416909719166094403420838251948867584" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899134000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899134 1760899217 - NODATA", - "ingestionTime": 1760899237905, - "eventId": "39269362907647232364539402290818007128969998725776801792" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899148000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899148 1760899227 - NODATA", - "ingestionTime": 1760899249387, - "eventId": "39269363219857665143968126286198786333524041780303036416" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899158000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899158 1760899239 - NODATA", - "ingestionTime": 1760899261413, - "eventId": "39269363442865117129274357716094800437411500094429528064" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899160000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899160 1760899234 - NODATA", - "ingestionTime": 1760899253536, - "eventId": "39269363487466607526335603989642999868426518943790465024" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899169000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899169 1760899246 - NODATA", - "ingestionTime": 1760899268102, - "eventId": "39269363688173314313111212281074160052015497532470460416" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899180000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899180 1760899252 - NODATA", - "ingestionTime": 1760899274719, - "eventId": "39269363933481511496948066845966343222172770892652806144" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899180000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899180 1760899260 - NODATA", - "ingestionTime": 1760899282079, - "eventId": "39269363933481511496948066854863770950199002917434556416" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899182000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899182 1760899266 - NODATA", - "ingestionTime": 1760899293227, - "eventId": "39269363978083001894009313151412646716540168025258590208" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899190000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899190 1760899260 - NODATA", - "ingestionTime": 1760899274490, - "eventId": "39269364156488963482254298261046844228847478003796869120" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899197000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899197 1760899278 - NODATA", - "ingestionTime": 1760899300413, - "eventId": "39269364312594179871968660283135671277550524372656193536" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899206000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899206 1760899285 - NODATA", - "ingestionTime": 1760899307559, - "eventId": "39269364513300886658744268565595883298524412475948466176" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899217000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899217 1760899298 - NODATA", - "ingestionTime": 1760899321757, - "eventId": "39269364758609083842581123139653540981407932788203454464" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899218000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899218 1760899294 - NODATA", - "ingestionTime": 1760899314944, - "eventId": "39269364780909829041111746272952618045972927612869541888" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899228000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899228 1760899306 - NODATA", - "ingestionTime": 1760899328418, - "eventId": "39269365003917281026417977704598914236157516870803456000" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899237000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899237 1760899311 - NODATA", - "ingestionTime": 1760899335203, - "eventId": "39269365204623987813193585986622672787194287678300815360" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899244000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899244 1760899323 - NODATA", - "ingestionTime": 1760899343217, - "eventId": "39269365360729204202907947987061312010472019627786567680" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899251000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899251 1760899320 - NODATA", - "ingestionTime": 1760899334785, - "eventId": "39269365516834420592622309967617577569085590337844543488" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899251000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899251 1760899327 - NODATA", - "ingestionTime": 1760899352809, - "eventId": "39269365516834420592622309989407348570651703606137323520" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899258000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899258 1760899338 - NODATA", - "ingestionTime": 1760899361689, - "eventId": "39269365672939636982336671990892702359840102315135926272" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899268000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899268 1760899345 - NODATA", - "ingestionTime": 1760899370695, - "eventId": "39269365895947088967642903417137343406143451131925561344" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899277000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899277 1760899357 - NODATA", - "ingestionTime": 1760899383557, - "eventId": "39269366096653795754418511706508067602588769954444738560" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899279000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899279 1760899354 - NODATA", - "ingestionTime": 1760899375789, - "eventId": "39269366141255286151479757980188263671694646889969090560" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899288000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899288 1760899366 - NODATA", - "ingestionTime": 1760899388348, - "eventId": "39269366341961992938255366269192792323452373303055679488" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899300000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899300 1760899376 - NODATA", - "ingestionTime": 1760899395510, - "eventId": "39269366609570935320622843976279590850532930483845660672" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899303000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899303 1760899380 - NODATA", - "ingestionTime": 1760899402603, - "eventId": "39269366676473170916214713409461765483202400075214487552" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899306000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899306 1760899386 - NODATA", - "ingestionTime": 1760899412895, - "eventId": "39269366743375406511806582846511427624322751494860505088" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899310000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899310 1760899380 - NODATA", - "ingestionTime": 1760899395134, - "eventId": "39269366832578387305929075391182663628086837781737963520" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899317000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899317 1760899395 - NODATA", - "ingestionTime": 1760899418476, - "eventId": "39269366988683603695643437410151409985647474216352808960" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899327000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899327 1760899406 - NODATA", - "ingestionTime": 1760899427961, - "eventId": "39269367211691055680949668836975322305628309890832662528" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899337000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899337 1760899418 - NODATA", - "ingestionTime": 1760899441419, - "eventId": "39269367434698507666255900268602047290802914714464485376" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899339000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899339 1760899413 - NODATA", - "ingestionTime": 1760899434885, - "eventId": "39269367479299998063317146543774332908299324003100655616" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899347000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899347 1760899425 - NODATA", - "ingestionTime": 1760899448149, - "eventId": "39269367657705959651562131692095166344766109020749955072" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899359000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899359 1760899432 - NODATA", - "ingestionTime": 1760899455891, - "eventId": "39269367925314902033929609399883347029227605362739380224" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899363000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899363 1760899441 - NODATA", - "ingestionTime": 1760899464135, - "eventId": "39269368014517882828052101975992624387814190561399472128" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899370000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899370 1760899448 - NODATA", - "ingestionTime": 1760899472247, - "eventId": "39269368170623099217766463976549679571305673638122553344" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899372000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899372 1760899441 - NODATA", - "ingestionTime": 1760899454756, - "eventId": "39269368215224589614827710238475764050073513625449529344" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899378000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899378 1760899456 - NODATA", - "ingestionTime": 1760899479346, - "eventId": "39269368349029060806011449117417562346652554701689978880" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899384000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899384 1760899466 - NODATA", - "ingestionTime": 1760899487743, - "eventId": "39269368482833531997195187976783303479786335592399568896" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899398000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899398 1760899478 - NODATA", - "ingestionTime": 1760899501644, - "eventId": "39269368795043964776623911975088452917773045617133158400" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899399000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899399 1760899474 - NODATA", - "ingestionTime": 1760899494757, - "eventId": "39269368817344709975154535108298415284889564861552066560" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899406000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899406 1760899485 - NODATA", - "ingestionTime": 1760899508568, - "eventId": "39269368973449926364868897115744601996530808388858806272" - } - ], - "eni-0c663685d7a12552e-all": [ - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899049000, - "message": "2 211203495394 eni-0c663685d7a12552e - - - - - - - 1760899049 1760899080 - NODATA", - "ingestionTime": 1760899108302, - "eventId": "39269361012083890489436435103601333327618873734687293440" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899082000, - "message": "2 211203495394 eni-0c663685d7a12552e - - - - - - - 1760899082 1760899113 - NODATA", - "ingestionTime": 1760899132564, - "eventId": "39269361748008482040946998803610793217379998222267121664" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899082000, - "message": "2 211203495394 eni-0c663685d7a12552e - - - - - - - 1760899082 1760899113 - NODATA", - "ingestionTime": 1760899140789, - "eventId": "39269361748008482040946998813554652559287219887603974144" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899091000, - "message": "2 211203495394 eni-0c663685d7a12552e - - - - - - - 1760899091 1760899122 - NODATA", - "ingestionTime": 1760899148802, - "eventId": "39269361948715188827722607097063154459454311630899052544" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899109000, - "message": "2 211203495394 eni-0c663685d7a12552e - - - - - - - 1760899109 1760899140 - NODATA", - "ingestionTime": 1760899166694, - "eventId": "39269362350128602401273823666335815046678932194937012224" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899116000, - "message": "2 211203495394 eni-0c663685d7a12552e - - - - - - - 1760899116 1760899147 - NODATA", - "ingestionTime": 1760899170187, - "eventId": "39269362506233818790988185661308757080951528467498336256" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899162000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.157 10.0.4.186 11746 80 6 3 180 1760899162 1760899178 ACCEPT OK", - "ingestionTime": 1760899205483, - "eventId": "39269363532068097923396850214622116377285153352668872704" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899162000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.42.79 10.0.4.186 61890 80 6 3 180 1760899162 1760899178 ACCEPT OK", - "ingestionTime": 1760899205483, - "eventId": "39269363532068097923396850214622116377285153352668872705" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899162000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.18.159 10.0.4.186 30506 80 6 3 180 1760899162 1760899178 ACCEPT OK", - "ingestionTime": 1760899205483, - "eventId": "39269363532068097923396850214622116377285153352668872706" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899162000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.223 10.0.4.186 51838 21 6 4 240 1760899162 1760899178 ACCEPT OK", - "ingestionTime": 1760899205483, - "eventId": "39269363532068097923396850214622116377285153352668872707" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899167000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.53 10.0.4.186 51186 80 6 1 60 1760899167 1760899168 ACCEPT OK", - "ingestionTime": 1760899196244, - "eventId": "39269363643571823916049965911131435251312323702065594368" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899168000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.34.110 10.0.4.186 62602 80 6 3 180 1760899168 1760899168 ACCEPT OK", - "ingestionTime": 1760899186752, - "eventId": "39269363665872569114580589041192263286404541704439988224" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899174000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.42.79 10.0.4.186 58950 80 6 3 180 1760899174 1760899202 ACCEPT OK", - "ingestionTime": 1760899227465, - "eventId": "39269363799677040305764327939625335514440771602895929344" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899174000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.50.103 10.0.4.186 61628 21 6 4 240 1760899174 1760899202 ACCEPT OK", - "ingestionTime": 1760899227465, - "eventId": "39269363799677040305764327939625335514440771602895929345" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899174000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.34.110 10.0.4.186 28840 80 6 3 180 1760899174 1760899202 ACCEPT OK", - "ingestionTime": 1760899227465, - "eventId": "39269363799677040305764327939625335514440771602895929346" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899174000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.236 10.0.4.186 31192 80 6 3 180 1760899174 1760899202 ACCEPT OK", - "ingestionTime": 1760899227465, - "eventId": "39269363799677040305764327939625335514440771602895929347" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899174000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.53 10.0.4.186 18756 80 6 3 180 1760899174 1760899202 ACCEPT OK", - "ingestionTime": 1760899227465, - "eventId": "39269363799677040305764327939625335514440771602895929348" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899174000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.18.159 10.0.4.186 21192 80 6 3 180 1760899174 1760899202 ACCEPT OK", - "ingestionTime": 1760899227465, - "eventId": "39269363799677040305764327939625335514440771602895929349" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899174000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.10.34 10.0.4.186 27324 80 6 3 180 1760899174 1760899202 ACCEPT OK", - "ingestionTime": 1760899227465, - "eventId": "39269363799677040305764327939625335514440771602895929350" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899174000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 60254 80 6 3 180 1760899174 1760899202 ACCEPT OK", - "ingestionTime": 1760899227465, - "eventId": "39269363799677040305764327939625335514440771602895929351" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899174000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 64846 21 6 4 240 1760899174 1760899202 ACCEPT OK", - "ingestionTime": 1760899227465, - "eventId": "39269363799677040305764327939625335514440771602895929352" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899178000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.126 10.0.4.186 58248 21 6 2 120 1760899178 1760899198 ACCEPT OK", - "ingestionTime": 1760899219438, - "eventId": "39269363888880021099886820496064163309696336621526056960" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899178000, - "message": "2 211203495394 eni-0c663685d7a12552e - - - - - - - 1760899178 1760899198 - SKIPDATA", - "ingestionTime": 1760899219438, - "eventId": "39269363888880021099886820496064163309696336621526056961" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899179000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.53 10.0.4.186 12938 80 6 3 180 1760899179 1760899198 ACCEPT OK", - "ingestionTime": 1760899224181, - "eventId": "39269363911180766298417443643333850736109110331867136000" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899179000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.121 10.0.4.186 35548 80 6 2 120 1760899179 1760899198 ACCEPT OK", - "ingestionTime": 1760899224181, - "eventId": "39269363911180766298417443643333850736109110331867136001" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899179000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.50.153 10.0.4.186 63002 80 6 3 180 1760899179 1760899198 ACCEPT OK", - "ingestionTime": 1760899224181, - "eventId": "39269363911180766298417443643333850736109110331867136002" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899179000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.236 10.0.4.186 25612 80 6 3 180 1760899179 1760899198 ACCEPT OK", - "ingestionTime": 1760899224181, - "eventId": "39269363911180766298417443643333850736109110331867136003" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899179000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.46.102 10.0.4.186 64300 80 6 3 180 1760899179 1760899198 ACCEPT OK", - "ingestionTime": 1760899224181, - "eventId": "39269363911180766298417443643333850736109110331867136004" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899179000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.65 10.0.4.186 59962 21 6 4 240 1760899179 1760899198 ACCEPT OK", - "ingestionTime": 1760899224181, - "eventId": "39269363911180766298417443643333850736109110331867136005" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899179000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.236 10.0.4.186 23106 80 6 3 180 1760899179 1760899198 ACCEPT OK", - "ingestionTime": 1760899224181, - "eventId": "39269363911180766298417443643333850736109110331867136006" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899180000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.46.102 10.0.4.186 48432 80 6 3 180 1760899180 1760899203 ACCEPT OK", - "ingestionTime": 1760899228401, - "eventId": "39269363933481511496948066789971124609989122462542594048" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899180000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.6.212 10.0.4.186 58270 80 6 3 180 1760899180 1760899203 ACCEPT OK", - "ingestionTime": 1760899228401, - "eventId": "39269363933481511496948066789971124609989122462542594049" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899180000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.50.153 10.0.4.186 49854 80 6 3 180 1760899180 1760899203 ACCEPT OK", - "ingestionTime": 1760899228401, - "eventId": "39269363933481511496948066789971124609989122462542594050" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899180000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.157 10.0.4.186 23738 80 6 2 120 1760899180 1760899203 ACCEPT OK", - "ingestionTime": 1760899228401, - "eventId": "39269363933481511496948066789971124609989122462542594051" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899180000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.42.79 10.0.4.186 32716 80 6 3 180 1760899180 1760899203 ACCEPT OK", - "ingestionTime": 1760899228401, - "eventId": "39269363933481511496948066789971124609989122462542594052" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899180000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.22.186 10.0.4.186 13690 80 6 3 180 1760899180 1760899203 ACCEPT OK", - "ingestionTime": 1760899228401, - "eventId": "39269363933481511496948066789971124609989122462542594053" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899180000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.6.212 10.0.4.186 25162 80 6 3 180 1760899180 1760899203 ACCEPT OK", - "ingestionTime": 1760899228401, - "eventId": "39269363933481511496948066789971124609989122462542594054" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899180000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.2.130 10.0.4.186 23936 80 6 3 180 1760899180 1760899203 ACCEPT OK", - "ingestionTime": 1760899228401, - "eventId": "39269363933481511496948066789971124609989122462542594055" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899180000, - "message": "2 211203495394 eni-0c663685d7a12552e 147.185.133.187 10.0.4.186 51796 22127 6 1 44 1760899180 1760899203 ACCEPT OK", - "ingestionTime": 1760899228401, - "eventId": "39269363933481511496948066789971124609989122462542594056" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899185000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.46.163 10.0.4.186 63332 21 6 4 240 1760899185 1760899211 ACCEPT OK", - "ingestionTime": 1760899234349, - "eventId": "39269364044985237489601182504840751540501141175370186752" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899185000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 44282 80 6 3 180 1760899185 1760899211 ACCEPT OK", - "ingestionTime": 1760899234349, - "eventId": "39269364044985237489601182504840751540501141175370186753" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899185000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.10.34 10.0.4.186 23342 80 6 3 180 1760899185 1760899211 ACCEPT OK", - "ingestionTime": 1760899234349, - "eventId": "39269364044985237489601182504840751540501141175370186754" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899185000, - "message": "2 211203495394 eni-0c663685d7a12552e 106.75.132.124 10.0.4.186 58914 16030 6 1 44 1760899185 1760899211 ACCEPT OK", - "ingestionTime": 1760899234349, - "eventId": "39269364044985237489601182504840751540501141175370186755" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899185000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.157 10.0.4.186 19302 80 6 3 180 1760899185 1760899211 ACCEPT OK", - "ingestionTime": 1760899234349, - "eventId": "39269364044985237489601182504840751540501141175370186756" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899185000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.126 10.0.4.186 21326 21 6 4 240 1760899185 1760899211 ACCEPT OK", - "ingestionTime": 1760899234349, - "eventId": "39269364044985237489601182504840751540501141175370186757" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899185000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.2.31 10.0.4.186 50342 21 6 4 240 1760899185 1760899211 ACCEPT OK", - "ingestionTime": 1760899234349, - "eventId": "39269364044985237489601182504840751540501141175370186758" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899185000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.34.110 10.0.4.186 23068 80 6 3 180 1760899185 1760899211 ACCEPT OK", - "ingestionTime": 1760899234349, - "eventId": "39269364044985237489601182504840751540501141175370186759" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899202000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.22.186 10.0.4.186 17032 80 6 3 180 1760899202 1760899227 ACCEPT OK", - "ingestionTime": 1760899250498, - "eventId": "39269364424097905864621775930470839600126213347255517184" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899202000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.38.30 10.0.4.186 62372 21 6 4 240 1760899202 1760899227 ACCEPT OK", - "ingestionTime": 1760899250498, - "eventId": "39269364424097905864621775930470839600126213347255517185" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899202000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.10.34 10.0.4.186 41180 80 6 3 180 1760899202 1760899227 ACCEPT OK", - "ingestionTime": 1760899250498, - "eventId": "39269364424097905864621775930470839600126213347255517186" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899202000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.223 10.0.4.186 31518 21 6 1 60 1760899202 1760899227 ACCEPT OK", - "ingestionTime": 1760899250498, - "eventId": "39269364424097905864621775930470839600126213347255517187" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899202000, - "message": "2 211203495394 eni-0c663685d7a12552e - - - - - - - 1760899202 1760899227 - SKIPDATA", - "ingestionTime": 1760899250498, - "eventId": "39269364424097905864621775930470839600126213347255517188" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899203000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.18.2 10.0.4.186 15264 21 6 4 240 1760899203 1760899231 ACCEPT OK", - "ingestionTime": 1760899256537, - "eventId": "39269364446398651063152399079306998401830121570508734464" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899203000, - "message": "2 211203495394 eni-0c663685d7a12552e 147.185.132.112 10.0.4.186 55662 1000 6 1 44 1760899203 1760899231 ACCEPT OK", - "ingestionTime": 1760899256537, - "eventId": "39269364446398651063152399079306998401830121570508734465" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899203000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.53 10.0.4.186 51810 80 6 3 180 1760899203 1760899231 ACCEPT OK", - "ingestionTime": 1760899256537, - "eventId": "39269364446398651063152399079306998401830121570508734466" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899203000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.42.79 10.0.4.186 52632 80 6 3 180 1760899203 1760899231 ACCEPT OK", - "ingestionTime": 1760899256537, - "eventId": "39269364446398651063152399079306998401830121570508734467" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899203000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.6.212 10.0.4.186 20720 80 6 3 180 1760899203 1760899231 ACCEPT OK", - "ingestionTime": 1760899256537, - "eventId": "39269364446398651063152399079306998401830121570508734468" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899203000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.53 10.0.4.186 14584 80 6 3 180 1760899203 1760899231 ACCEPT OK", - "ingestionTime": 1760899256537, - "eventId": "39269364446398651063152399079306998401830121570508734469" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899204000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.121 10.0.4.186 56998 80 6 3 180 1760899204 1760899229 ACCEPT OK", - "ingestionTime": 1760899254653, - "eventId": "39269364468699396261683022218565255383966816229444222976" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899204000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.38.30 10.0.4.186 47540 21 6 4 240 1760899204 1760899229 ACCEPT OK", - "ingestionTime": 1760899254653, - "eventId": "39269364468699396261683022218565255383966816229444222977" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899204000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.174 10.0.4.186 49866 80 6 3 180 1760899204 1760899229 ACCEPT OK", - "ingestionTime": 1760899254653, - "eventId": "39269364468699396261683022218565255383966816229444222978" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899204000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.22.186 10.0.4.186 43784 80 6 3 180 1760899204 1760899229 ACCEPT OK", - "ingestionTime": 1760899254653, - "eventId": "39269364468699396261683022218565255383966816229444222979" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899204000, - "message": "2 211203495394 eni-0c663685d7a12552e 20.55.98.221 10.0.4.186 34398 9043 6 1 40 1760899204 1760899229 ACCEPT OK", - "ingestionTime": 1760899254653, - "eventId": "39269364468699396261683022218565255383966816229444222980" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899204000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.38.48 10.0.4.186 57822 80 6 3 180 1760899204 1760899229 ACCEPT OK", - "ingestionTime": 1760899254653, - "eventId": "39269364468699396261683022218565255383966816229444222981" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899204000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.174 10.0.4.186 39476 80 6 2 120 1760899204 1760899229 ACCEPT OK", - "ingestionTime": 1760899254653, - "eventId": "39269364468699396261683022218565255383966816229444222982" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899204000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.236 10.0.4.186 38986 80 6 3 180 1760899204 1760899229 ACCEPT OK", - "ingestionTime": 1760899254653, - "eventId": "39269364468699396261683022218565255383966816229444222983" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899204000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.174 10.0.4.186 65242 80 6 2 120 1760899204 1760899229 ACCEPT OK", - "ingestionTime": 1760899254653, - "eventId": "39269364468699396261683022218565255383966816229444222984" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899206000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.34.56 10.0.4.186 33810 21 6 4 240 1760899206 1760899233 ACCEPT OK", - "ingestionTime": 1760899270180, - "eventId": "39269364513300886658744268520407384442036666873718505472" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899206000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.236 10.0.4.186 48444 80 6 3 180 1760899206 1760899233 ACCEPT OK", - "ingestionTime": 1760899270180, - "eventId": "39269364513300886658744268520407384442036666873718505473" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899206000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.46.102 10.0.4.186 45660 80 6 3 180 1760899206 1760899233 ACCEPT OK", - "ingestionTime": 1760899270180, - "eventId": "39269364513300886658744268520407384442036666873718505474" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899206000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 31386 80 6 2 120 1760899206 1760899233 ACCEPT OK", - "ingestionTime": 1760899270180, - "eventId": "39269364513300886658744268520407384442036666873718505475" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899206000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.65 10.0.4.186 26686 21 6 4 240 1760899206 1760899233 ACCEPT OK", - "ingestionTime": 1760899270180, - "eventId": "39269364513300886658744268520407384442036666873718505476" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899206000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.236 10.0.4.186 46464 80 6 3 180 1760899206 1760899233 ACCEPT OK", - "ingestionTime": 1760899270180, - "eventId": "39269364513300886658744268520407384442036666873718505477" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899206000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 22492 21 6 4 240 1760899206 1760899233 ACCEPT OK", - "ingestionTime": 1760899270180, - "eventId": "39269364513300886658744268520407384442036666873718505478" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899206000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.10.12 10.0.4.186 37402 21 6 4 240 1760899206 1760899233 ACCEPT OK", - "ingestionTime": 1760899270180, - "eventId": "39269364513300886658744268520407384442036666873718505479" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899206000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.2.130 10.0.4.186 24724 80 6 3 180 1760899206 1760899233 ACCEPT OK", - "ingestionTime": 1760899270180, - "eventId": "39269364513300886658744268520407384442036666873718505480" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899206000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.18.159 10.0.4.186 26010 80 6 1 60 1760899206 1760899233 ACCEPT OK", - "ingestionTime": 1760899270180, - "eventId": "39269364513300886658744268520407384442036666873718505481" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899213000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.2.130 10.0.4.186 20214 80 6 3 180 1760899213 1760899230 ACCEPT OK", - "ingestionTime": 1760899264747, - "eventId": "39269364669406103048458630504589803011738388876469927936" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899213000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.174 10.0.4.186 58154 80 6 3 180 1760899213 1760899230 ACCEPT OK", - "ingestionTime": 1760899264747, - "eventId": "39269364669406103048458630504589803011738388876469927937" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899213000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.53 10.0.4.186 28818 80 6 3 180 1760899213 1760899230 ACCEPT OK", - "ingestionTime": 1760899264747, - "eventId": "39269364669406103048458630504589803011738388876469927938" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899213000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.18.159 10.0.4.186 9466 80 6 3 180 1760899213 1760899230 ACCEPT OK", - "ingestionTime": 1760899264747, - "eventId": "39269364669406103048458630504589803011738388876469927939" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899213000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.121 10.0.4.186 46052 80 6 3 180 1760899213 1760899230 ACCEPT OK", - "ingestionTime": 1760899264747, - "eventId": "39269364669406103048458630504589803011738388876469927940" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899213000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.174 10.0.4.186 37932 80 6 3 180 1760899213 1760899230 ACCEPT OK", - "ingestionTime": 1760899264747, - "eventId": "39269364669406103048458630504589803011738388876469927941" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899213000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.6.1 10.0.4.186 19968 21 6 4 240 1760899213 1760899230 ACCEPT OK", - "ingestionTime": 1760899264747, - "eventId": "39269364669406103048458630504589803011738388876469927942" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.34.110 10.0.4.186 11524 80 6 3 180 1760899232 1760899257 ACCEPT OK", - "ingestionTime": 1760899285448, - "eventId": "39269365093120261820540470218794089633773079118103052288" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.157 10.0.4.186 18592 80 6 3 180 1760899232 1760899257 ACCEPT OK", - "ingestionTime": 1760899285448, - "eventId": "39269365093120261820540470218794089633773079118103052289" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.6.212 10.0.4.186 14624 80 6 3 180 1760899232 1760899257 ACCEPT OK", - "ingestionTime": 1760899285448, - "eventId": "39269365093120261820540470218794089633773079118103052290" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.2.130 10.0.4.186 33664 80 6 3 180 1760899232 1760899257 ACCEPT OK", - "ingestionTime": 1760899285448, - "eventId": "39269365093120261820540470218794089633773079118103052291" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.121 10.0.4.186 45696 80 6 1 60 1760899232 1760899257 ACCEPT OK", - "ingestionTime": 1760899285448, - "eventId": "39269365093120261820540470218794089633773079118103052292" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.18.159 10.0.4.186 40504 80 6 3 180 1760899232 1760899257 ACCEPT OK", - "ingestionTime": 1760899285448, - "eventId": "39269365093120261820540470218794089633773079118103052293" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.38.48 10.0.4.186 57692 80 6 3 180 1760899232 1760899257 ACCEPT OK", - "ingestionTime": 1760899285448, - "eventId": "39269365093120261820540470218794089633773079118103052294" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0c663685d7a12552e - - - - - - - 1760899232 1760899257 - SKIPDATA", - "ingestionTime": 1760899285448, - "eventId": "39269365093120261820540470218794089633773079118103052295" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.22.186 10.0.4.186 25492 80 6 3 180 1760899232 1760899258 ACCEPT OK", - "ingestionTime": 1760899289700, - "eventId": "39269365093120261820540470223934830587421978269470359552" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.2.130 10.0.4.186 43258 80 6 3 180 1760899232 1760899258 ACCEPT OK", - "ingestionTime": 1760899289700, - "eventId": "39269365093120261820540470223934830587421978269470359553" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.9 10.0.4.186 61000 21 6 4 240 1760899232 1760899258 ACCEPT OK", - "ingestionTime": 1760899289700, - "eventId": "39269365093120261820540470223934830587421978269470359554" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0c663685d7a12552e 205.210.31.152 10.0.4.186 54664 990 6 1 44 1760899232 1760899258 ACCEPT OK", - "ingestionTime": 1760899289700, - "eventId": "39269365093120261820540470223934830587421978269470359555" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.121 10.0.4.186 35548 80 6 1 60 1760899232 1760899258 ACCEPT OK", - "ingestionTime": 1760899289700, - "eventId": "39269365093120261820540470223934830587421978269470359556" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.10.34 10.0.4.186 59684 80 6 3 180 1760899232 1760899258 ACCEPT OK", - "ingestionTime": 1760899289700, - "eventId": "39269365093120261820540470223934830587421978269470359557" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 36584 80 6 3 180 1760899232 1760899258 ACCEPT OK", - "ingestionTime": 1760899289700, - "eventId": "39269365093120261820540470223934830587421978269470359558" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.34.110 10.0.4.186 58110 80 6 3 180 1760899232 1760899258 ACCEPT OK", - "ingestionTime": 1760899289700, - "eventId": "39269365093120261820540470223934830587421978269470359559" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.50.103 10.0.4.186 44360 21 6 4 240 1760899232 1760899258 ACCEPT OK", - "ingestionTime": 1760899289700, - "eventId": "39269365093120261820540470223934830587421978269470359560" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.18.159 10.0.4.186 20358 80 6 3 180 1760899232 1760899258 ACCEPT OK", - "ingestionTime": 1760899289700, - "eventId": "39269365093120261820540470223934830587421978269470359561" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.10.12 10.0.4.186 30734 21 6 4 240 1760899232 1760899258 ACCEPT OK", - "ingestionTime": 1760899289700, - "eventId": "39269365093120261820540470223934830587421978269470359562" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.6.212 10.0.4.186 56320 80 6 3 180 1760899232 1760899258 ACCEPT OK", - "ingestionTime": 1760899289700, - "eventId": "39269365093120261820540470223934830587421978269470359563" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.9 10.0.4.186 60778 21 6 4 240 1760899232 1760899258 ACCEPT OK", - "ingestionTime": 1760899289700, - "eventId": "39269365093120261820540470223934830587421978269470359564" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899234000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.174 10.0.4.186 61920 80 6 3 180 1760899234 1760899259 ACCEPT OK", - "ingestionTime": 1760899285660, - "eventId": "39269365137721752217601716502122007999983747994912948224" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899234000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.46.102 10.0.4.186 9896 80 6 3 180 1760899234 1760899259 ACCEPT OK", - "ingestionTime": 1760899285660, - "eventId": "39269365137721752217601716502122007999983747994912948225" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899234000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.42.79 10.0.4.186 29784 21 6 4 240 1760899234 1760899259 ACCEPT OK", - "ingestionTime": 1760899285660, - "eventId": "39269365137721752217601716502122007999983747994912948226" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899234000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.223 10.0.4.186 39582 21 6 4 240 1760899234 1760899259 ACCEPT OK", - "ingestionTime": 1760899285660, - "eventId": "39269365137721752217601716502122007999983747994912948227" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899234000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.121 10.0.4.186 26504 80 6 3 180 1760899234 1760899259 ACCEPT OK", - "ingestionTime": 1760899285660, - "eventId": "39269365137721752217601716502122007999983747994912948228" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899234000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.53 10.0.4.186 63958 80 6 3 180 1760899234 1760899259 ACCEPT OK", - "ingestionTime": 1760899285660, - "eventId": "39269365137721752217601716502122007999983747994912948229" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899234000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.157 10.0.4.186 15152 80 6 3 180 1760899234 1760899259 ACCEPT OK", - "ingestionTime": 1760899285660, - "eventId": "39269365137721752217601716502122007999983747994912948230" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899234000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.157 10.0.4.186 32292 80 6 3 180 1760899234 1760899259 ACCEPT OK", - "ingestionTime": 1760899285660, - "eventId": "39269365137721752217601716502122007999983747994912948231" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899234000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.65 10.0.4.186 64704 21 6 4 240 1760899234 1760899259 ACCEPT OK", - "ingestionTime": 1760899285660, - "eventId": "39269365137721752217601716502122007999983747994912948232" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899234000, - "message": "2 211203495394 eni-0c663685d7a12552e 92.63.197.66 10.0.4.186 8080 6529 6 1 40 1760899234 1760899259 ACCEPT OK", - "ingestionTime": 1760899285660, - "eventId": "39269365137721752217601716502122007999983747994912948233" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899234000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.50.103 10.0.4.186 26690 21 6 4 240 1760899234 1760899259 ACCEPT OK", - "ingestionTime": 1760899285660, - "eventId": "39269365137721752217601716502122007999983747994912948234" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899234000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.22.186 10.0.4.186 47724 80 6 2 120 1760899234 1760899259 ACCEPT OK", - "ingestionTime": 1760899285660, - "eventId": "39269365137721752217601716502122007999983747994912948235" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899234000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.50.153 10.0.4.186 37506 80 6 3 180 1760899234 1760899259 ACCEPT OK", - "ingestionTime": 1760899285660, - "eventId": "39269365137721752217601716502122007999983747994912948236" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899234000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.34.56 10.0.4.186 40154 21 6 3 180 1760899234 1760899259 ACCEPT OK", - "ingestionTime": 1760899285660, - "eventId": "39269365137721752217601716502122007999983747994912948237" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899241000, - "message": "2 211203495394 eni-0c663685d7a12552e 35.203.211.22 10.0.4.186 57261 28009 6 1 44 1760899241 1760899271 ACCEPT OK", - "ingestionTime": 1760899292689, - "eventId": "39269365293826968607316078501369387829456268394566909952" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899241000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.38.48 10.0.4.186 45308 80 6 3 180 1760899241 1760899271 ACCEPT OK", - "ingestionTime": 1760899292689, - "eventId": "39269365293826968607316078501369387829456268394566909953" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899241000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.50.153 10.0.4.186 45524 80 6 3 180 1760899241 1760899271 ACCEPT OK", - "ingestionTime": 1760899292689, - "eventId": "39269365293826968607316078501369387829456268394566909954" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899241000, - "message": "2 211203495394 eni-0c663685d7a12552e 104.237.144.186 10.0.4.186 61000 443 6 1 40 1760899241 1760899271 ACCEPT OK", - "ingestionTime": 1760899292689, - "eventId": "39269365293826968607316078501369387829456268394566909955" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899241000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.236 10.0.4.186 16088 80 6 3 180 1760899241 1760899271 ACCEPT OK", - "ingestionTime": 1760899292689, - "eventId": "39269365293826968607316078501369387829456268394566909956" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899241000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 50098 80 6 3 180 1760899241 1760899271 ACCEPT OK", - "ingestionTime": 1760899292689, - "eventId": "39269365293826968607316078501369387829456268394566909957" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899241000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.174 10.0.4.186 13406 80 6 3 180 1760899241 1760899271 ACCEPT OK", - "ingestionTime": 1760899292689, - "eventId": "39269365293826968607316078501369387829456268394566909958" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899241000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.6.1 10.0.4.186 38794 21 6 4 240 1760899241 1760899271 ACCEPT OK", - "ingestionTime": 1760899292689, - "eventId": "39269365293826968607316078501369387829456268394566909959" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899241000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.2.130 10.0.4.186 64922 80 6 3 180 1760899241 1760899271 ACCEPT OK", - "ingestionTime": 1760899292689, - "eventId": "39269365293826968607316078501369387829456268394566909960" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899241000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.2.31 10.0.4.186 10732 21 6 4 240 1760899241 1760899271 ACCEPT OK", - "ingestionTime": 1760899292689, - "eventId": "39269365293826968607316078501369387829456268394566909961" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899241000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.174 10.0.4.186 28496 80 6 2 120 1760899241 1760899271 ACCEPT OK", - "ingestionTime": 1760899292689, - "eventId": "39269365293826968607316078501369387829456268394566909962" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899266000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.46.163 10.0.4.186 14348 21 6 4 240 1760899266 1760899289 ACCEPT OK", - "ingestionTime": 1760899317595, - "eventId": "39269365851345598570581657069872125075764465110652747776" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899266000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.42.79 10.0.4.186 52754 80 6 3 180 1760899266 1760899289 ACCEPT OK", - "ingestionTime": 1760899317595, - "eventId": "39269365851345598570581657069872125075764465110652747777" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899266000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.10.34 10.0.4.186 39232 80 6 1 60 1760899266 1760899289 ACCEPT OK", - "ingestionTime": 1760899317595, - "eventId": "39269365851345598570581657069872125075764465110652747778" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899266000, - "message": "2 211203495394 eni-0c663685d7a12552e 147.185.133.252 10.0.4.186 56557 9202 6 1 44 1760899266 1760899289 ACCEPT OK", - "ingestionTime": 1760899317595, - "eventId": "39269365851345598570581657069872125075764465110652747779" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899266000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.126 10.0.4.186 42982 21 6 4 240 1760899266 1760899289 ACCEPT OK", - "ingestionTime": 1760899317595, - "eventId": "39269365851345598570581657069872125075764465110652747780" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899266000, - "message": "2 211203495394 eni-0c663685d7a12552e - - - - - - - 1760899266 1760899289 - SKIPDATA", - "ingestionTime": 1760899317595, - "eventId": "39269365851345598570581657069872125075764465110652747781" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899266000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.2.31 10.0.4.186 39548 21 6 4 240 1760899266 1760899292 ACCEPT OK", - "ingestionTime": 1760899318688, - "eventId": "39269365851345598570581657071193168064314455622888390656" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899266000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.18.159 10.0.4.186 60954 80 6 3 180 1760899266 1760899292 ACCEPT OK", - "ingestionTime": 1760899318688, - "eventId": "39269365851345598570581657071193168064314455622888390657" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899266000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.121 10.0.4.186 42456 80 6 3 180 1760899266 1760899292 ACCEPT OK", - "ingestionTime": 1760899318688, - "eventId": "39269365851345598570581657071193168064314455622888390658" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899266000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.34.56 10.0.4.186 59042 21 6 4 240 1760899266 1760899292 ACCEPT OK", - "ingestionTime": 1760899318688, - "eventId": "39269365851345598570581657071193168064314455622888390659" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899266000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.157 10.0.4.186 14264 80 6 3 180 1760899266 1760899292 ACCEPT OK", - "ingestionTime": 1760899318688, - "eventId": "39269365851345598570581657071193168064314455622888390660" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899266000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.6.212 10.0.4.186 54860 80 6 3 180 1760899266 1760899292 ACCEPT OK", - "ingestionTime": 1760899318688, - "eventId": "39269365851345598570581657071193168064314455622888390661" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899266000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.22.186 10.0.4.186 57124 80 6 3 180 1760899266 1760899292 ACCEPT OK", - "ingestionTime": 1760899318688, - "eventId": "39269365851345598570581657071193168064314455622888390662" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899266000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.38.30 10.0.4.186 13064 21 6 4 240 1760899266 1760899292 ACCEPT OK", - "ingestionTime": 1760899318688, - "eventId": "39269365851345598570581657071193168064314455622888390663" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899266000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.10.34 10.0.4.186 64866 80 6 3 180 1760899266 1760899292 ACCEPT OK", - "ingestionTime": 1760899318688, - "eventId": "39269365851345598570581657071193168064314455622888390664" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899266000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.174 10.0.4.186 65242 80 6 1 60 1760899266 1760899292 ACCEPT OK", - "ingestionTime": 1760899318688, - "eventId": "39269365851345598570581657071193168064314455622888390665" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899266000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.174 10.0.4.186 35662 80 6 3 180 1760899266 1760899292 ACCEPT OK", - "ingestionTime": 1760899318688, - "eventId": "39269365851345598570581657071193168064314455622888390666" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899267000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.10.34 10.0.4.186 11826 80 6 3 180 1760899267 1760899292 ACCEPT OK", - "ingestionTime": 1760899315018, - "eventId": "39269365873646343769112280208292498433226453413528928256" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899267000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 34372 80 6 2 120 1760899267 1760899292 ACCEPT OK", - "ingestionTime": 1760899315018, - "eventId": "39269365873646343769112280208292498433226453413528928257" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899267000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.42.79 10.0.4.186 23486 80 6 3 180 1760899267 1760899292 ACCEPT OK", - "ingestionTime": 1760899315018, - "eventId": "39269365873646343769112280208292498433226453413528928258" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899267000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.10.34 10.0.4.186 45170 80 6 3 180 1760899267 1760899292 ACCEPT OK", - "ingestionTime": 1760899315018, - "eventId": "39269365873646343769112280208292498433226453413528928259" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899267000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.50.153 10.0.4.186 59316 80 6 3 180 1760899267 1760899292 ACCEPT OK", - "ingestionTime": 1760899315018, - "eventId": "39269365873646343769112280208292498433226453413528928260" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899267000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.34.110 10.0.4.186 41556 80 6 3 180 1760899267 1760899292 ACCEPT OK", - "ingestionTime": 1760899315018, - "eventId": "39269365873646343769112280208292498433226453413528928261" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899267000, - "message": "2 211203495394 eni-0c663685d7a12552e 165.154.173.104 10.0.4.186 45123 15200 6 1 40 1760899267 1760899292 ACCEPT OK", - "ingestionTime": 1760899315018, - "eventId": "39269365873646343769112280208292498433226453413528928262" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899267000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.42.79 10.0.4.186 57032 80 6 3 180 1760899267 1760899292 ACCEPT OK", - "ingestionTime": 1760899315018, - "eventId": "39269365873646343769112280208292498433226453413528928263" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899267000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.9 10.0.4.186 63148 21 6 4 240 1760899267 1760899292 ACCEPT OK", - "ingestionTime": 1760899315018, - "eventId": "39269365873646343769112280208292498433226453413528928264" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899267000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.121 10.0.4.186 27420 80 6 3 180 1760899267 1760899292 ACCEPT OK", - "ingestionTime": 1760899315018, - "eventId": "39269365873646343769112280208292498433226453413528928265" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899267000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.6.212 10.0.4.186 52372 80 6 3 180 1760899267 1760899292 ACCEPT OK", - "ingestionTime": 1760899315018, - "eventId": "39269365873646343769112280208292498433226453413528928266" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899268000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.2.130 10.0.4.186 50536 80 6 2 120 1760899268 1760899295 ACCEPT OK", - "ingestionTime": 1760899314622, - "eventId": "39269365895947088967642903349349050755686339000491442176" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899268000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 35356 21 6 4 240 1760899268 1760899295 ACCEPT OK", - "ingestionTime": 1760899314622, - "eventId": "39269365895947088967642903349349050755686339000491442177" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899268000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 31386 80 6 1 60 1760899268 1760899295 ACCEPT OK", - "ingestionTime": 1760899314622, - "eventId": "39269365895947088967642903349349050755686339000491442178" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899268000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.2.130 10.0.4.186 60380 80 6 3 180 1760899268 1760899295 ACCEPT OK", - "ingestionTime": 1760899314622, - "eventId": "39269365895947088967642903349349050755686339000491442179" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899268000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.38.48 10.0.4.186 34026 80 6 3 180 1760899268 1760899295 ACCEPT OK", - "ingestionTime": 1760899314622, - "eventId": "39269365895947088967642903349349050755686339000491442180" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899268000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.6.1 10.0.4.186 38404 21 6 4 240 1760899268 1760899295 ACCEPT OK", - "ingestionTime": 1760899314622, - "eventId": "39269365895947088967642903349349050755686339000491442181" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899268000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.42.79 10.0.4.186 16084 80 6 3 180 1760899268 1760899295 ACCEPT OK", - "ingestionTime": 1760899314622, - "eventId": "39269365895947088967642903349349050755686339000491442182" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899268000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.34.110 10.0.4.186 26236 80 6 3 180 1760899268 1760899295 ACCEPT OK", - "ingestionTime": 1760899314622, - "eventId": "39269365895947088967642903349349050755686339000491442183" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899268000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.46.102 10.0.4.186 11320 80 6 3 180 1760899268 1760899295 ACCEPT OK", - "ingestionTime": 1760899314622, - "eventId": "39269365895947088967642903349349050755686339000491442184" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899268000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.22.145 10.0.4.186 64576 21 6 3 180 1760899268 1760899295 ACCEPT OK", - "ingestionTime": 1760899314622, - "eventId": "39269365895947088967642903349349050755686339000491442185" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899268000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.174 10.0.4.186 13916 80 6 3 180 1760899268 1760899295 ACCEPT OK", - "ingestionTime": 1760899314622, - "eventId": "39269365895947088967642903349349050755686339000491442186" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899268000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.42.79 10.0.4.186 30326 21 6 4 240 1760899268 1760899295 ACCEPT OK", - "ingestionTime": 1760899314622, - "eventId": "39269365895947088967642903349349050755686339000491442187" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899268000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.38.48 10.0.4.186 41588 80 6 3 180 1760899268 1760899295 ACCEPT OK", - "ingestionTime": 1760899314622, - "eventId": "39269365895947088967642903349349050755686339000491442188" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899268000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.18.159 10.0.4.186 26010 80 6 2 120 1760899268 1760899295 ACCEPT OK", - "ingestionTime": 1760899314622, - "eventId": "39269365895947088967642903349349050755686339000491442189" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899275000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.50.153 10.0.4.186 37620 80 6 3 180 1760899275 1760899291 ACCEPT OK", - "ingestionTime": 1760899337373, - "eventId": "39269366052052305357357265367603453834478211298574204928" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899275000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.50.153 10.0.4.186 60708 80 6 3 180 1760899275 1760899291 ACCEPT OK", - "ingestionTime": 1760899337373, - "eventId": "39269366052052305357357265367603453834478211298574204929" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899275000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.46.163 10.0.4.186 11788 21 6 4 240 1760899275 1760899291 ACCEPT OK", - "ingestionTime": 1760899337373, - "eventId": "39269366052052305357357265367603453834478211298574204930" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899275000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.53 10.0.4.186 28350 80 6 3 180 1760899275 1760899291 ACCEPT OK", - "ingestionTime": 1760899337373, - "eventId": "39269366052052305357357265367603453834478211298574204931" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899275000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.121 10.0.4.186 60280 80 6 3 180 1760899275 1760899291 ACCEPT OK", - "ingestionTime": 1760899337373, - "eventId": "39269366052052305357357265367603453834478211298574204932" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899275000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 61052 80 6 3 180 1760899275 1760899291 ACCEPT OK", - "ingestionTime": 1760899337373, - "eventId": "39269366052052305357357265367603453834478211298574204933" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899275000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.38.30 10.0.4.186 35410 21 6 4 240 1760899275 1760899291 ACCEPT OK", - "ingestionTime": 1760899337373, - "eventId": "39269366052052305357357265367603453834478211298574204934" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899291000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.53 10.0.4.186 52400 80 6 3 180 1760899291 1760899311 ACCEPT OK", - "ingestionTime": 1760899356139, - "eventId": "39269366408864228533847235654861795305509758642954043392" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899291000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.6.212 10.0.4.186 39206 80 6 3 180 1760899291 1760899311 ACCEPT OK", - "ingestionTime": 1760899356139, - "eventId": "39269366408864228533847235654861795305509758642954043393" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899291000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.157 10.0.4.186 51290 80 6 3 180 1760899291 1760899311 ACCEPT OK", - "ingestionTime": 1760899356139, - "eventId": "39269366408864228533847235654861795305509758642954043394" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899291000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.53 10.0.4.186 33590 80 6 3 180 1760899291 1760899311 ACCEPT OK", - "ingestionTime": 1760899356139, - "eventId": "39269366408864228533847235654861795305509758642954043395" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899291000, - "message": "2 211203495394 eni-0c663685d7a12552e - - - - - - - 1760899291 1760899311 - SKIPDATA", - "ingestionTime": 1760899356139, - "eventId": "39269366408864228533847235654861795305509758642954043396" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899294000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.121 10.0.4.186 18552 80 6 2 120 1760899294 1760899320 ACCEPT OK", - "ingestionTime": 1760899346084, - "eventId": "39269366475766464129439105067313058939020123168656850944" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899294000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.46.102 10.0.4.186 14244 80 6 3 180 1760899294 1760899320 ACCEPT OK", - "ingestionTime": 1760899346084, - "eventId": "39269366475766464129439105067313058939020123168656850945" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899294000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.65 10.0.4.186 50030 21 6 4 240 1760899294 1760899320 ACCEPT OK", - "ingestionTime": 1760899346084, - "eventId": "39269366475766464129439105067313058939020123168656850946" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899294000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.42.79 10.0.4.186 30508 80 6 3 180 1760899294 1760899320 ACCEPT OK", - "ingestionTime": 1760899346084, - "eventId": "39269366475766464129439105067313058939020123168656850947" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899294000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.157 10.0.4.186 23936 80 6 3 180 1760899294 1760899320 ACCEPT OK", - "ingestionTime": 1760899346084, - "eventId": "39269366475766464129439105067313058939020123168656850948" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899294000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.121 10.0.4.186 14100 80 6 3 180 1760899294 1760899320 ACCEPT OK", - "ingestionTime": 1760899346084, - "eventId": "39269366475766464129439105067313058939020123168656850949" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899294000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.38.48 10.0.4.186 22180 80 6 3 180 1760899294 1760899320 ACCEPT OK", - "ingestionTime": 1760899346084, - "eventId": "39269366475766464129439105067313058939020123168656850950" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899294000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.2.130 10.0.4.186 17822 80 6 3 180 1760899294 1760899320 ACCEPT OK", - "ingestionTime": 1760899346084, - "eventId": "39269366475766464129439105067313058939020123168656850951" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899294000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.50.153 10.0.4.186 29332 80 6 3 180 1760899294 1760899320 ACCEPT OK", - "ingestionTime": 1760899346084, - "eventId": "39269366475766464129439105067313058939020123168656850952" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899297000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.22.186 10.0.4.186 46686 80 6 3 180 1760899297 1760899324 ACCEPT OK", - "ingestionTime": 1760899348621, - "eventId": "39269366542668699725030974494987187254788599016975499264" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899297000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.100 10.0.4.186 57958 21 6 4 240 1760899297 1760899324 ACCEPT OK", - "ingestionTime": 1760899348621, - "eventId": "39269366542668699725030974494987187254788599016975499265" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899297000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.10.12 10.0.4.186 41254 21 6 4 240 1760899297 1760899324 ACCEPT OK", - "ingestionTime": 1760899348621, - "eventId": "39269366542668699725030974494987187254788599016975499266" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899297000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.22.186 10.0.4.186 59878 80 6 3 180 1760899297 1760899324 ACCEPT OK", - "ingestionTime": 1760899348621, - "eventId": "39269366542668699725030974494987187254788599016975499267" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899297000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.18.159 10.0.4.186 14756 80 6 3 180 1760899297 1760899324 ACCEPT OK", - "ingestionTime": 1760899348621, - "eventId": "39269366542668699725030974494987187254788599016975499268" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899297000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.53 10.0.4.186 52246 80 6 3 180 1760899297 1760899324 ACCEPT OK", - "ingestionTime": 1760899348621, - "eventId": "39269366542668699725030974494987187254788599016975499269" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899297000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 52902 80 6 3 180 1760899297 1760899324 ACCEPT OK", - "ingestionTime": 1760899348621, - "eventId": "39269366542668699725030974494987187254788599016975499270" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899297000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.236 10.0.4.186 26402 80 6 3 180 1760899297 1760899324 ACCEPT OK", - "ingestionTime": 1760899348621, - "eventId": "39269366542668699725030974494987187254788599016975499271" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899297000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.38.48 10.0.4.186 21660 80 6 3 180 1760899297 1760899324 ACCEPT OK", - "ingestionTime": 1760899348621, - "eventId": "39269366542668699725030974494987187254788599016975499272" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899297000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.9 10.0.4.186 57706 21 6 4 240 1760899297 1760899324 ACCEPT OK", - "ingestionTime": 1760899348621, - "eventId": "39269366542668699725030974494987187254788599016975499273" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899297000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.38.48 10.0.4.186 40040 80 6 3 180 1760899297 1760899324 ACCEPT OK", - "ingestionTime": 1760899348621, - "eventId": "39269366542668699725030974494987187254788599016975499274" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899299000, - "message": "2 211203495394 eni-0c663685d7a12552e 205.210.31.138 10.0.4.186 50578 7547 6 1 44 1760899299 1760899320 ACCEPT OK", - "ingestionTime": 1760899345032, - "eventId": "39269366587270190122092220773720038958585659558241894400" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899299000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.34.110 10.0.4.186 58372 80 6 3 180 1760899299 1760899320 ACCEPT OK", - "ingestionTime": 1760899345032, - "eventId": "39269366587270190122092220773720038958585659558241894401" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899299000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.46.102 10.0.4.186 22358 80 6 3 180 1760899299 1760899320 ACCEPT OK", - "ingestionTime": 1760899345032, - "eventId": "39269366587270190122092220773720038958585659558241894402" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899299000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.46.102 10.0.4.186 16878 80 6 3 180 1760899299 1760899320 ACCEPT OK", - "ingestionTime": 1760899345032, - "eventId": "39269366587270190122092220773720038958585659558241894403" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899299000, - "message": "2 211203495394 eni-0c663685d7a12552e 35.203.210.85 10.0.4.186 55174 1502 6 1 44 1760899299 1760899320 ACCEPT OK", - "ingestionTime": 1760899345032, - "eventId": "39269366587270190122092220773720038958585659558241894404" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899299000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.6.212 10.0.4.186 45734 80 6 3 180 1760899299 1760899320 ACCEPT OK", - "ingestionTime": 1760899345032, - "eventId": "39269366587270190122092220773720038958585659558241894405" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899299000, - "message": "2 211203495394 eni-0c663685d7a12552e 35.203.210.123 10.0.4.186 56280 11084 6 1 44 1760899299 1760899320 ACCEPT OK", - "ingestionTime": 1760899345032, - "eventId": "39269366587270190122092220773720038958585659558241894406" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899299000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.157 10.0.4.186 64764 80 6 3 180 1760899299 1760899320 ACCEPT OK", - "ingestionTime": 1760899345032, - "eventId": "39269366587270190122092220773720038958585659558241894407" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899299000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.236 10.0.4.186 49614 80 6 3 180 1760899299 1760899320 ACCEPT OK", - "ingestionTime": 1760899345032, - "eventId": "39269366587270190122092220773720038958585659558241894408" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899299000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.18.2 10.0.4.186 27514 21 6 4 240 1760899299 1760899320 ACCEPT OK", - "ingestionTime": 1760899345032, - "eventId": "39269366587270190122092220773720038958585659558241894409" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899299000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.10.34 10.0.4.186 44044 80 6 3 180 1760899299 1760899320 ACCEPT OK", - "ingestionTime": 1760899345032, - "eventId": "39269366587270190122092220773720038958585659558241894410" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899299000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.10.34 10.0.4.186 41366 80 6 3 180 1760899299 1760899320 ACCEPT OK", - "ingestionTime": 1760899345032, - "eventId": "39269366587270190122092220773720038958585659558241894411" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899299000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.22.186 10.0.4.186 47724 80 6 1 60 1760899299 1760899320 ACCEPT OK", - "ingestionTime": 1760899345032, - "eventId": "39269366587270190122092220773720038958585659558241894412" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899299000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.236 10.0.4.186 56174 80 6 3 180 1760899299 1760899320 ACCEPT OK", - "ingestionTime": 1760899345032, - "eventId": "39269366587270190122092220773720038958585659558241894413" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899299000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.2.130 10.0.4.186 37518 80 6 3 180 1760899299 1760899320 ACCEPT OK", - "ingestionTime": 1760899345032, - "eventId": "39269366587270190122092220773720038958585659558241894414" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899299000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.34.56 10.0.4.186 40154 21 6 1 60 1760899299 1760899320 ACCEPT OK", - "ingestionTime": 1760899345032, - "eventId": "39269366587270190122092220773720038958585659558241894415" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899312000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.174 10.0.4.186 32546 80 6 3 180 1760899312 1760899328 ACCEPT OK", - "ingestionTime": 1760899367580, - "eventId": "39269366877179877702990321640943465721827609125627559936" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899312000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.6.1 10.0.4.186 45958 21 6 4 240 1760899312 1760899328 ACCEPT OK", - "ingestionTime": 1760899367580, - "eventId": "39269366877179877702990321640943465721827609125627559937" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899312000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.50.153 10.0.4.186 59358 80 6 3 180 1760899312 1760899328 ACCEPT OK", - "ingestionTime": 1760899367580, - "eventId": "39269366877179877702990321640943465721827609125627559938" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899312000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.53 10.0.4.186 48134 80 6 3 180 1760899312 1760899328 ACCEPT OK", - "ingestionTime": 1760899367580, - "eventId": "39269366877179877702990321640943465721827609125627559939" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899312000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.223 10.0.4.186 36966 21 6 4 240 1760899312 1760899328 ACCEPT OK", - "ingestionTime": 1760899367580, - "eventId": "39269366877179877702990321640943465721827609125627559940" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899323000, - "message": "2 211203495394 eni-0c663685d7a12552e 13.214.173.166 10.0.4.186 0 0 1 1 28 1760899323 1760899350 ACCEPT OK", - "ingestionTime": 1760899369733, - "eventId": "39269367122488074886827176200439152160092688428093407232" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899323000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.18.159 10.0.4.186 49060 80 6 3 180 1760899323 1760899350 ACCEPT OK", - "ingestionTime": 1760899369733, - "eventId": "39269367122488074886827176200439152160092688428093407233" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899323000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.34.110 10.0.4.186 21004 80 6 3 180 1760899323 1760899350 ACCEPT OK", - "ingestionTime": 1760899369733, - "eventId": "39269367122488074886827176200439152160092688428093407234" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899323000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.236 10.0.4.186 29018 80 6 3 180 1760899323 1760899350 ACCEPT OK", - "ingestionTime": 1760899369733, - "eventId": "39269367122488074886827176200439152160092688428093407235" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899323000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.174 10.0.4.186 15302 80 6 3 180 1760899323 1760899350 ACCEPT OK", - "ingestionTime": 1760899369733, - "eventId": "39269367122488074886827176200439152160092688428093407236" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899323000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.2.130 10.0.4.186 15122 80 6 3 180 1760899323 1760899350 ACCEPT OK", - "ingestionTime": 1760899369733, - "eventId": "39269367122488074886827176200439152160092688428093407237" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899323000, - "message": "2 211203495394 eni-0c663685d7a12552e - - - - - - - 1760899323 1760899350 - SKIPDATA", - "ingestionTime": 1760899369733, - "eventId": "39269367122488074886827176200439152160092688428093407238" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899324000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.34.56 10.0.4.186 52034 21 6 4 240 1760899324 1760899350 ACCEPT OK", - "ingestionTime": 1760899381515, - "eventId": "39269367144788820085357799356217906366988921572040507392" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899324000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.121 10.0.4.186 28464 80 6 3 180 1760899324 1760899350 ACCEPT OK", - "ingestionTime": 1760899381515, - "eventId": "39269367144788820085357799356217906366988921572040507393" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899324000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.34.56 10.0.4.186 61844 21 6 2 120 1760899324 1760899350 ACCEPT OK", - "ingestionTime": 1760899381515, - "eventId": "39269367144788820085357799356217906366988921572040507394" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899324000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.50.103 10.0.4.186 37012 21 6 4 240 1760899324 1760899350 ACCEPT OK", - "ingestionTime": 1760899381515, - "eventId": "39269367144788820085357799356217906366988921572040507395" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899324000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.10.34 10.0.4.186 65418 80 6 3 180 1760899324 1760899350 ACCEPT OK", - "ingestionTime": 1760899381515, - "eventId": "39269367144788820085357799356217906366988921572040507396" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899324000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.50.153 10.0.4.186 27682 80 6 3 180 1760899324 1760899350 ACCEPT OK", - "ingestionTime": 1760899381515, - "eventId": "39269367144788820085357799356217906366988921572040507397" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899324000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.38.30 10.0.4.186 45390 21 6 4 240 1760899324 1760899350 ACCEPT OK", - "ingestionTime": 1760899381515, - "eventId": "39269367144788820085357799356217906366988921572040507398" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899324000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 50814 80 6 3 180 1760899324 1760899350 ACCEPT OK", - "ingestionTime": 1760899381515, - "eventId": "39269367144788820085357799356217906366988921572040507399" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899324000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 41210 80 6 3 180 1760899324 1760899350 ACCEPT OK", - "ingestionTime": 1760899381515, - "eventId": "39269367144788820085357799356217906366988921572040507400" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899324000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 38070 80 6 3 180 1760899324 1760899350 ACCEPT OK", - "ingestionTime": 1760899381515, - "eventId": "39269367144788820085357799356217906366988921572040507401" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899324000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.18.159 10.0.4.186 9706 80 6 3 180 1760899324 1760899350 ACCEPT OK", - "ingestionTime": 1760899381515, - "eventId": "39269367144788820085357799356217906366988921572040507402" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899325000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.6.212 10.0.4.186 50430 80 6 3 180 1760899325 1760899343 ACCEPT OK", - "ingestionTime": 1760899376838, - "eventId": "39269367167089565283888422492099880415774954362776715264" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899325000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.42.79 10.0.4.186 18182 21 6 4 240 1760899325 1760899343 ACCEPT OK", - "ingestionTime": 1760899376838, - "eventId": "39269367167089565283888422492099880415774954362776715265" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899325000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.22.186 10.0.4.186 47948 80 6 3 180 1760899325 1760899343 ACCEPT OK", - "ingestionTime": 1760899376838, - "eventId": "39269367167089565283888422492099880415774954362776715266" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899325000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 34372 80 6 1 60 1760899325 1760899343 ACCEPT OK", - "ingestionTime": 1760899376838, - "eventId": "39269367167089565283888422492099880415774954362776715267" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899325000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.18.159 10.0.4.186 26294 80 6 3 180 1760899325 1760899343 ACCEPT OK", - "ingestionTime": 1760899376838, - "eventId": "39269367167089565283888422492099880415774954362776715268" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899325000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.18.159 10.0.4.186 11968 80 6 3 180 1760899325 1760899343 ACCEPT OK", - "ingestionTime": 1760899376838, - "eventId": "39269367167089565283888422492099880415774954362776715269" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899325000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.46.102 10.0.4.186 28368 80 6 3 180 1760899325 1760899343 ACCEPT OK", - "ingestionTime": 1760899376838, - "eventId": "39269367167089565283888422492099880415774954362776715270" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899325000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.38.48 10.0.4.186 19342 80 6 3 180 1760899325 1760899343 ACCEPT OK", - "ingestionTime": 1760899376838, - "eventId": "39269367167089565283888422492099880415774954362776715271" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899325000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.18.2 10.0.4.186 29372 21 6 4 240 1760899325 1760899343 ACCEPT OK", - "ingestionTime": 1760899376838, - "eventId": "39269367167089565283888422492099880415774954362776715272" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899325000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 46546 80 6 3 180 1760899325 1760899343 ACCEPT OK", - "ingestionTime": 1760899376838, - "eventId": "39269367167089565283888422492099880415774954362776715273" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899325000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.50.153 10.0.4.186 23346 80 6 3 180 1760899325 1760899343 ACCEPT OK", - "ingestionTime": 1760899376838, - "eventId": "39269367167089565283888422492099880415774954362776715274" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899327000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.121 10.0.4.186 58710 80 6 3 180 1760899327 1760899355 ACCEPT OK", - "ingestionTime": 1760899377777, - "eventId": "39269367211691055680949668776306210749227841375661588480" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899327000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.223 10.0.4.186 44376 21 6 4 240 1760899327 1760899355 ACCEPT OK", - "ingestionTime": 1760899377777, - "eventId": "39269367211691055680949668776306210749227841375661588481" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899327000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.2.130 10.0.4.186 50536 80 6 1 60 1760899327 1760899355 ACCEPT OK", - "ingestionTime": 1760899377777, - "eventId": "39269367211691055680949668776306210749227841375661588482" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899327000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.236 10.0.4.186 57464 80 6 3 180 1760899327 1760899355 ACCEPT OK", - "ingestionTime": 1760899377777, - "eventId": "39269367211691055680949668776306210749227841375661588483" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899327000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.50.103 10.0.4.186 23402 21 6 4 240 1760899327 1760899355 ACCEPT OK", - "ingestionTime": 1760899377777, - "eventId": "39269367211691055680949668776306210749227841375661588484" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899327000, - "message": "2 211203495394 eni-0c663685d7a12552e 162.216.150.86 10.0.4.186 55131 57357 6 1 44 1760899327 1760899355 ACCEPT OK", - "ingestionTime": 1760899377777, - "eventId": "39269367211691055680949668776306210749227841375661588485" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899327000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.34.110 10.0.4.186 53474 80 6 3 180 1760899327 1760899355 ACCEPT OK", - "ingestionTime": 1760899377777, - "eventId": "39269367211691055680949668776306210749227841375661588486" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899327000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.46.102 10.0.4.186 56830 80 6 3 180 1760899327 1760899355 ACCEPT OK", - "ingestionTime": 1760899377777, - "eventId": "39269367211691055680949668776306210749227841375661588487" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899327000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.100 10.0.4.186 20716 21 6 4 240 1760899327 1760899355 ACCEPT OK", - "ingestionTime": 1760899377777, - "eventId": "39269367211691055680949668776306210749227841375661588488" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899327000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.18.2 10.0.4.186 21308 21 6 4 240 1760899327 1760899355 ACCEPT OK", - "ingestionTime": 1760899377777, - "eventId": "39269367211691055680949668776306210749227841375661588489" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899327000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.22.145 10.0.4.186 64576 21 6 1 60 1760899327 1760899355 ACCEPT OK", - "ingestionTime": 1760899377777, - "eventId": "39269367211691055680949668776306210749227841375661588490" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899327000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.53 10.0.4.186 54428 80 6 3 180 1760899327 1760899355 ACCEPT OK", - "ingestionTime": 1760899377777, - "eventId": "39269367211691055680949668776306210749227841375661588491" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899327000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.22.186 10.0.4.186 56326 80 6 3 180 1760899327 1760899355 ACCEPT OK", - "ingestionTime": 1760899377777, - "eventId": "39269367211691055680949668776306210749227841375661588492" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899327000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 11346 80 6 1 60 1760899327 1760899355 ACCEPT OK", - "ingestionTime": 1760899377777, - "eventId": "39269367211691055680949668776306210749227841375661588493" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899327000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.38.48 10.0.4.186 54058 80 6 3 180 1760899327 1760899355 ACCEPT OK", - "ingestionTime": 1760899377777, - "eventId": "39269367211691055680949668776306210749227841375661588494" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899331000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.174 10.0.4.186 28496 80 6 1 60 1760899331 1760899360 ACCEPT OK", - "ingestionTime": 1760899382740, - "eventId": "39269367300894036475072161348448949631126678245174607872" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899331000, - "message": "2 211203495394 eni-0c663685d7a12552e 87.120.191.93 10.0.4.186 51632 80 6 1 40 1760899331 1760899360 ACCEPT OK", - "ingestionTime": 1760899382740, - "eventId": "39269367300894036475072161348448949631126678245174607873" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899331000, - "message": "2 211203495394 eni-0c663685d7a12552e 41.59.173.249 10.0.4.186 44087 23 6 1 60 1760899331 1760899360 ACCEPT OK", - "ingestionTime": 1760899382740, - "eventId": "39269367300894036475072161348448949631126678245174607874" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899331000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.174 10.0.4.186 39996 80 6 3 180 1760899331 1760899360 ACCEPT OK", - "ingestionTime": 1760899382740, - "eventId": "39269367300894036475072161348448949631126678245174607875" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899331000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.157 10.0.4.186 59438 80 6 3 180 1760899331 1760899360 ACCEPT OK", - "ingestionTime": 1760899382740, - "eventId": "39269367300894036475072161348448949631126678245174607876" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899331000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.6.212 10.0.4.186 61964 80 6 3 180 1760899331 1760899360 ACCEPT OK", - "ingestionTime": 1760899382740, - "eventId": "39269367300894036475072161348448949631126678245174607877" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899331000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.9 10.0.4.186 15392 21 6 4 240 1760899331 1760899360 ACCEPT OK", - "ingestionTime": 1760899382740, - "eventId": "39269367300894036475072161348448949631126678245174607878" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899331000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.10.12 10.0.4.186 11790 21 6 4 240 1760899331 1760899360 ACCEPT OK", - "ingestionTime": 1760899382740, - "eventId": "39269367300894036475072161348448949631126678245174607879" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899331000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.22.186 10.0.4.186 37404 80 6 3 180 1760899331 1760899360 ACCEPT OK", - "ingestionTime": 1760899382740, - "eventId": "39269367300894036475072161348448949631126678245174607880" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899331000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.65 10.0.4.186 46602 21 6 4 240 1760899331 1760899360 ACCEPT OK", - "ingestionTime": 1760899382740, - "eventId": "39269367300894036475072161348448949631126678245174607881" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899352000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.22.186 10.0.4.186 25578 80 6 3 180 1760899352 1760899374 ACCEPT OK", - "ingestionTime": 1760899408802, - "eventId": "39269367769209685644215247352206373185917490583177330688" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899352000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.10.34 10.0.4.186 49716 80 6 3 180 1760899352 1760899374 ACCEPT OK", - "ingestionTime": 1760899408802, - "eventId": "39269367769209685644215247352206373185917490583177330689" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899352000, - "message": "2 211203495394 eni-0c663685d7a12552e - - - - - - - 1760899352 1760899374 - SKIPDATA", - "ingestionTime": 1760899408802, - "eventId": "39269367769209685644215247352206373185917490583177330690" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899354000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.18.159 10.0.4.186 47440 80 6 3 180 1760899354 1760899378 ACCEPT OK", - "ingestionTime": 1760899412440, - "eventId": "39269367813811176041276493639675932908351685245456547840" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899354000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 12744 21 6 4 240 1760899354 1760899378 ACCEPT OK", - "ingestionTime": 1760899412440, - "eventId": "39269367813811176041276493639675932908351685245456547841" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899354000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.121 10.0.4.186 19934 80 6 3 180 1760899354 1760899378 ACCEPT OK", - "ingestionTime": 1760899412440, - "eventId": "39269367813811176041276493639675932908351685245456547842" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899354000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.50.153 10.0.4.186 55776 80 6 3 180 1760899354 1760899378 ACCEPT OK", - "ingestionTime": 1760899412440, - "eventId": "39269367813811176041276493639675932908351685245456547843" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899354000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.121 10.0.4.186 18552 80 6 1 60 1760899354 1760899379 ACCEPT OK", - "ingestionTime": 1760899412903, - "eventId": "39269367813811176041276493640235400035658293895875198976" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899354000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.121 10.0.4.186 22126 80 6 3 180 1760899354 1760899379 ACCEPT OK", - "ingestionTime": 1760899412903, - "eventId": "39269367813811176041276493640235400035658293895875198977" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899354000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.22.186 10.0.4.186 10576 80 6 3 180 1760899354 1760899379 ACCEPT OK", - "ingestionTime": 1760899412903, - "eventId": "39269367813811176041276493640235400035658293895875198978" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899354000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.42.79 10.0.4.186 24392 80 6 3 180 1760899354 1760899379 ACCEPT OK", - "ingestionTime": 1760899412903, - "eventId": "39269367813811176041276493640235400035658293895875198979" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899354000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.174 10.0.4.186 33602 80 6 3 180 1760899354 1760899379 ACCEPT OK", - "ingestionTime": 1760899412903, - "eventId": "39269367813811176041276493640235400035658293895875198980" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899354000, - "message": "2 211203495394 eni-0c663685d7a12552e 92.63.197.66 10.0.4.186 8080 6224 6 1 40 1760899354 1760899379 ACCEPT OK", - "ingestionTime": 1760899412903, - "eventId": "39269367813811176041276493640235400035658293895875198981" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899354000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.6.212 10.0.4.186 18116 80 6 3 180 1760899354 1760899379 ACCEPT OK", - "ingestionTime": 1760899412903, - "eventId": "39269367813811176041276493640235400035658293895875198982" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899354000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.46.102 10.0.4.186 35388 80 6 3 180 1760899354 1760899379 ACCEPT OK", - "ingestionTime": 1760899412903, - "eventId": "39269367813811176041276493640235400035658293895875198983" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899354000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.38.30 10.0.4.186 43842 21 6 4 240 1760899354 1760899379 ACCEPT OK", - "ingestionTime": 1760899412903, - "eventId": "39269367813811176041276493640235400035658293895875198984" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899354000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.50.153 10.0.4.186 27478 80 6 3 180 1760899354 1760899379 ACCEPT OK", - "ingestionTime": 1760899412903, - "eventId": "39269367813811176041276493640235400035658293895875198985" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899358000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.10.34 10.0.4.186 37470 80 6 3 180 1760899358 1760899384 ACCEPT OK", - "ingestionTime": 1760899408496, - "eventId": "39269367903014156835398986201050591227621666028279234560" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899358000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.42.79 10.0.4.186 59854 80 6 3 180 1760899358 1760899384 ACCEPT OK", - "ingestionTime": 1760899408496, - "eventId": "39269367903014156835398986201050591227621666028279234561" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899358000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.53 10.0.4.186 35168 80 6 3 180 1760899358 1760899384 ACCEPT OK", - "ingestionTime": 1760899408496, - "eventId": "39269367903014156835398986201050591227621666028279234562" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899358000, - "message": "2 211203495394 eni-0c663685d7a12552e 91.196.152.225 10.0.4.186 48508 14430 6 1 60 1760899358 1760899384 ACCEPT OK", - "ingestionTime": 1760899408496, - "eventId": "39269367903014156835398986201050591227621666028279234563" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899358000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.126 10.0.4.186 52196 21 6 4 240 1760899358 1760899384 ACCEPT OK", - "ingestionTime": 1760899408496, - "eventId": "39269367903014156835398986201050591227621666028279234564" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899358000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.42.79 10.0.4.186 37160 21 6 4 240 1760899358 1760899384 ACCEPT OK", - "ingestionTime": 1760899408496, - "eventId": "39269367903014156835398986201050591227621666028279234565" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899358000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.236 10.0.4.186 48292 80 6 3 180 1760899358 1760899384 ACCEPT OK", - "ingestionTime": 1760899408496, - "eventId": "39269367903014156835398986201050591227621666028279234566" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899358000, - "message": "2 211203495394 eni-0c663685d7a12552e 35.203.210.253 10.0.4.186 54329 9606 6 1 44 1760899358 1760899384 ACCEPT OK", - "ingestionTime": 1760899408496, - "eventId": "39269367903014156835398986201050591227621666028279234567" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899358000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.18.159 10.0.4.186 55998 80 6 3 180 1760899358 1760899384 ACCEPT OK", - "ingestionTime": 1760899408496, - "eventId": "39269367903014156835398986201050591227621666028279234568" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899358000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.18.159 10.0.4.186 13248 80 6 3 180 1760899358 1760899384 ACCEPT OK", - "ingestionTime": 1760899408496, - "eventId": "39269367903014156835398986201050591227621666028279234569" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899358000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.22.186 10.0.4.186 27354 80 6 3 180 1760899358 1760899384 ACCEPT OK", - "ingestionTime": 1760899408496, - "eventId": "39269367903014156835398986201050591227621666028279234570" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899358000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.22.186 10.0.4.186 18188 80 6 2 120 1760899358 1760899384 ACCEPT OK", - "ingestionTime": 1760899408496, - "eventId": "39269367903014156835398986201050591227621666028279234571" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899358000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.42.79 10.0.4.186 15930 80 6 3 180 1760899358 1760899384 ACCEPT OK", - "ingestionTime": 1760899408496, - "eventId": "39269367903014156835398986201050591227621666028279234572" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899363000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.157 10.0.4.186 14392 80 6 3 180 1760899363 1760899388 ACCEPT OK", - "ingestionTime": 1760899420016, - "eventId": "39269368014517882828052101922655979963925164507745746944" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899363000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.10.12 10.0.4.186 16508 21 6 3 180 1760899363 1760899388 ACCEPT OK", - "ingestionTime": 1760899420016, - "eventId": "39269368014517882828052101922655979963925164507745746945" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899363000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.22.145 10.0.4.186 45642 21 6 4 240 1760899363 1760899388 ACCEPT OK", - "ingestionTime": 1760899420016, - "eventId": "39269368014517882828052101922655979963925164507745746946" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899363000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.174 10.0.4.186 65378 80 6 3 180 1760899363 1760899388 ACCEPT OK", - "ingestionTime": 1760899420016, - "eventId": "39269368014517882828052101922655979963925164507745746947" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899363000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.126 10.0.4.186 48818 21 6 4 240 1760899363 1760899388 ACCEPT OK", - "ingestionTime": 1760899420016, - "eventId": "39269368014517882828052101922655979963925164507745746948" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899363000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.50.103 10.0.4.186 57706 21 6 4 240 1760899363 1760899388 ACCEPT OK", - "ingestionTime": 1760899420016, - "eventId": "39269368014517882828052101922655979963925164507745746949" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899363000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.65 10.0.4.186 11464 21 6 4 240 1760899363 1760899388 ACCEPT OK", - "ingestionTime": 1760899420016, - "eventId": "39269368014517882828052101922655979963925164507745746950" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899363000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.100 10.0.4.186 34208 21 6 4 240 1760899363 1760899388 ACCEPT OK", - "ingestionTime": 1760899420016, - "eventId": "39269368014517882828052101922655979963925164507745746951" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899363000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.46.102 10.0.4.186 31380 80 6 3 180 1760899363 1760899388 ACCEPT OK", - "ingestionTime": 1760899420016, - "eventId": "39269368014517882828052101922655979963925164507745746952" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899363000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.157 10.0.4.186 18816 80 6 3 180 1760899363 1760899388 ACCEPT OK", - "ingestionTime": 1760899420016, - "eventId": "39269368014517882828052101922655979963925164507745746953" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899382000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.2.31 10.0.4.186 36286 21 6 4 240 1760899382 1760899406 ACCEPT OK", - "ingestionTime": 1760899428549, - "eventId": "39269368438232041600133941622150274088155816644489117696" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899382000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.2.130 10.0.4.186 25478 80 6 3 180 1760899382 1760899406 ACCEPT OK", - "ingestionTime": 1760899428549, - "eventId": "39269368438232041600133941622150274088155816644489117697" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899382000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.46.163 10.0.4.186 29340 21 6 4 240 1760899382 1760899406 ACCEPT OK", - "ingestionTime": 1760899428549, - "eventId": "39269368438232041600133941622150274088155816644489117698" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899382000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.53 10.0.4.186 53794 80 6 3 180 1760899382 1760899406 ACCEPT OK", - "ingestionTime": 1760899428549, - "eventId": "39269368438232041600133941622150274088155816644489117699" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899382000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 42022 80 6 3 180 1760899382 1760899406 ACCEPT OK", - "ingestionTime": 1760899428549, - "eventId": "39269368438232041600133941622150274088155816644489117700" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899382000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.42.79 10.0.4.186 13670 21 6 3 180 1760899382 1760899406 ACCEPT OK", - "ingestionTime": 1760899428549, - "eventId": "39269368438232041600133941622150274088155816644489117701" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899382000, - "message": "2 211203495394 eni-0c663685d7a12552e - - - - - - - 1760899382 1760899406 - SKIPDATA", - "ingestionTime": 1760899428549, - "eventId": "39269368438232041600133941622150274088155816644489117702" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899383000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.22.145 10.0.4.186 37698 21 6 4 240 1760899383 1760899410 ACCEPT OK", - "ingestionTime": 1760899435363, - "eventId": "39269368460532786798664564771924077711599893038972338176" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899383000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.100 10.0.4.186 63386 21 6 4 240 1760899383 1760899410 ACCEPT OK", - "ingestionTime": 1760899435363, - "eventId": "39269368460532786798664564771924077711599893038972338177" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899383000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.6.1 10.0.4.186 24506 21 6 4 240 1760899383 1760899410 ACCEPT OK", - "ingestionTime": 1760899435363, - "eventId": "39269368460532786798664564771924077711599893038972338178" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899383000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.34.56 10.0.4.186 13550 21 6 4 240 1760899383 1760899410 ACCEPT OK", - "ingestionTime": 1760899435363, - "eventId": "39269368460532786798664564771924077711599893038972338179" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899383000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.50.153 10.0.4.186 61784 80 6 3 180 1760899383 1760899410 ACCEPT OK", - "ingestionTime": 1760899435363, - "eventId": "39269368460532786798664564771924077711599893038972338180" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899383000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.42.79 10.0.4.186 31186 80 6 3 180 1760899383 1760899410 ACCEPT OK", - "ingestionTime": 1760899435363, - "eventId": "39269368460532786798664564771924077711599893038972338181" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899383000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.34.56 10.0.4.186 61844 21 6 2 120 1760899383 1760899410 ACCEPT OK", - "ingestionTime": 1760899435363, - "eventId": "39269368460532786798664564771924077711599893038972338182" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899383000, - "message": "2 211203495394 eni-0c663685d7a12552e 147.185.132.26 10.0.4.186 56968 9530 6 1 44 1760899383 1760899410 ACCEPT OK", - "ingestionTime": 1760899435363, - "eventId": "39269368460532786798664564771924077711599893038972338183" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899383000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.100 10.0.4.186 44220 21 6 2 120 1760899383 1760899410 ACCEPT OK", - "ingestionTime": 1760899435363, - "eventId": "39269368460532786798664564771924077711599893038972338184" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899383000, - "message": "2 211203495394 eni-0c663685d7a12552e 162.216.150.181 10.0.4.186 49778 9108 6 1 44 1760899383 1760899410 ACCEPT OK", - "ingestionTime": 1760899435363, - "eventId": "39269368460532786798664564771924077711599893038972338185" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899383000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.174 10.0.4.186 21902 80 6 3 180 1760899383 1760899410 ACCEPT OK", - "ingestionTime": 1760899435363, - "eventId": "39269368460532786798664564771924077711599893038972338186" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899383000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.65 10.0.4.186 61022 21 6 4 240 1760899383 1760899410 ACCEPT OK", - "ingestionTime": 1760899435363, - "eventId": "39269368460532786798664564771924077711599893038972338187" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899387000, - "message": "2 211203495394 eni-0c663685d7a12552e 40.124.175.174 10.0.4.186 48441 993 6 1 52 1760899387 1760899410 ACCEPT OK", - "ingestionTime": 1760899431153, - "eventId": "39269368549735767592787057332977025247197197492447477760" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899387000, - "message": "2 211203495394 eni-0c663685d7a12552e 147.185.132.182 10.0.4.186 54893 7706 6 1 44 1760899387 1760899410 ACCEPT OK", - "ingestionTime": 1760899431153, - "eventId": "39269368549735767592787057332977025247197197492447477761" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899387000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.6.212 10.0.4.186 54974 80 6 3 180 1760899387 1760899410 ACCEPT OK", - "ingestionTime": 1760899431153, - "eventId": "39269368549735767592787057332977025247197197492447477762" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899387000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.126 10.0.4.186 44314 21 6 4 240 1760899387 1760899410 ACCEPT OK", - "ingestionTime": 1760899431153, - "eventId": "39269368549735767592787057332977025247197197492447477763" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899387000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.18.159 10.0.4.186 19256 80 6 3 180 1760899387 1760899410 ACCEPT OK", - "ingestionTime": 1760899431153, - "eventId": "39269368549735767592787057332977025247197197492447477764" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899387000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.236 10.0.4.186 45020 80 6 2 120 1760899387 1760899416 ACCEPT OK", - "ingestionTime": 1760899434149, - "eventId": "39269368549735767592787057336599182057567182487830134784" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899387000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.2.31 10.0.4.186 30032 21 6 4 240 1760899387 1760899416 ACCEPT OK", - "ingestionTime": 1760899434149, - "eventId": "39269368549735767592787057336599182057567182487830134785" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899387000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.46.163 10.0.4.186 63082 21 6 4 240 1760899387 1760899416 ACCEPT OK", - "ingestionTime": 1760899434149, - "eventId": "39269368549735767592787057336599182057567182487830134786" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899387000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.38.48 10.0.4.186 36934 80 6 3 180 1760899387 1760899416 ACCEPT OK", - "ingestionTime": 1760899434149, - "eventId": "39269368549735767592787057336599182057567182487830134787" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899387000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.10.34 10.0.4.186 62370 80 6 3 180 1760899387 1760899416 ACCEPT OK", - "ingestionTime": 1760899434149, - "eventId": "39269368549735767592787057336599182057567182487830134788" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899387000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.157 10.0.4.186 13408 80 6 3 180 1760899387 1760899416 ACCEPT OK", - "ingestionTime": 1760899434149, - "eventId": "39269368549735767592787057336599182057567182487830134789" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899387000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.2.130 10.0.4.186 21982 80 6 3 180 1760899387 1760899416 ACCEPT OK", - "ingestionTime": 1760899434149, - "eventId": "39269368549735767592787057336599182057567182487830134790" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899387000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 11346 80 6 2 120 1760899387 1760899416 ACCEPT OK", - "ingestionTime": 1760899434149, - "eventId": "39269368549735767592787057336599182057567182487830134791" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899387000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 32590 80 6 3 180 1760899387 1760899416 ACCEPT OK", - "ingestionTime": 1760899434149, - "eventId": "39269368549735767592787057336599182057567182487830134792" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899394000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.42.79 10.0.4.186 42266 80 6 3 180 1760899394 1760899421 ACCEPT OK", - "ingestionTime": 1760899455104, - "eventId": "39269368705840983982501419352682204274414774293099839488" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899394000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.42.79 10.0.4.186 54384 80 6 3 180 1760899394 1760899421 ACCEPT OK", - "ingestionTime": 1760899455104, - "eventId": "39269368705840983982501419352682204274414774293099839489" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899394000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.157 10.0.4.186 37458 80 6 3 180 1760899394 1760899421 ACCEPT OK", - "ingestionTime": 1760899455104, - "eventId": "39269368705840983982501419352682204274414774293099839490" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899394000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.53 10.0.4.186 39936 80 6 3 180 1760899394 1760899421 ACCEPT OK", - "ingestionTime": 1760899455104, - "eventId": "39269368705840983982501419352682204274414774293099839491" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899394000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.38.48 10.0.4.186 24968 80 6 3 180 1760899394 1760899421 ACCEPT OK", - "ingestionTime": 1760899455104, - "eventId": "39269368705840983982501419352682204274414774293099839492" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899394000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 63412 80 6 3 180 1760899394 1760899421 ACCEPT OK", - "ingestionTime": 1760899455104, - "eventId": "39269368705840983982501419352682204274414774293099839493" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899394000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.6.212 10.0.4.186 34598 80 6 3 180 1760899394 1760899421 ACCEPT OK", - "ingestionTime": 1760899455104, - "eventId": "39269368705840983982501419352682204274414774293099839494" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899394000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.53 10.0.4.186 48400 80 6 3 180 1760899394 1760899421 ACCEPT OK", - "ingestionTime": 1760899455104, - "eventId": "39269368705840983982501419352682204274414774293099839495" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899394000, - "message": "2 211203495394 eni-0c663685d7a12552e 205.210.31.140 10.0.4.186 50762 1443 6 1 44 1760899394 1760899421 ACCEPT OK", - "ingestionTime": 1760899455104, - "eventId": "39269368705840983982501419352682204274414774293099839496" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899394000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.236 10.0.4.186 13368 80 6 3 180 1760899394 1760899421 ACCEPT OK", - "ingestionTime": 1760899455104, - "eventId": "39269368705840983982501419352682204274414774293099839497" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899394000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.2.130 10.0.4.186 15050 80 6 3 180 1760899394 1760899421 ACCEPT OK", - "ingestionTime": 1760899455104, - "eventId": "39269368705840983982501419352682204274414774293099839498" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899394000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.157 10.0.4.186 26108 80 6 3 180 1760899394 1760899421 ACCEPT OK", - "ingestionTime": 1760899455104, - "eventId": "39269368705840983982501419352682204274414774293099839499" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899394000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.22.145 10.0.4.186 45052 21 6 4 240 1760899394 1760899421 ACCEPT OK", - "ingestionTime": 1760899455104, - "eventId": "39269368705840983982501419352682204274414774293099839500" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899414000, - "message": "2 211203495394 eni-0c663685d7a12552e 95.214.53.196 10.0.4.186 40742 16379 6 1 40 1760899414 1760899437 ACCEPT OK", - "ingestionTime": 1760899458154, - "eventId": "39269369151855887953113882187083579791881746227358859264" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899414000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 48250 80 6 3 180 1760899414 1760899437 ACCEPT OK", - "ingestionTime": 1760899458154, - "eventId": "39269369151855887953113882187083579791881746227358859265" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899414000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.34.110 10.0.4.186 63068 80 6 1 60 1760899414 1760899437 ACCEPT OK", - "ingestionTime": 1760899458154, - "eventId": "39269369151855887953113882187083579791881746227358859266" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899414000, - "message": "2 211203495394 eni-0c663685d7a12552e - - - - - - - 1760899414 1760899437 - SKIPDATA", - "ingestionTime": 1760899458154, - "eventId": "39269369151855887953113882187083579791881746227358859267" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899414000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.38.30 10.0.4.186 15034 21 6 4 240 1760899414 1760899438 ACCEPT OK", - "ingestionTime": 1760899467683, - "eventId": "39269369151855887953113882198603628849459116683788746752" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899414000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.10.34 10.0.4.186 20028 80 6 3 180 1760899414 1760899438 ACCEPT OK", - "ingestionTime": 1760899467683, - "eventId": "39269369151855887953113882198603628849459116683788746753" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899414000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.53 10.0.4.186 16406 80 6 3 180 1760899414 1760899438 ACCEPT OK", - "ingestionTime": 1760899467683, - "eventId": "39269369151855887953113882198603628849459116683788746754" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899414000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.2.31 10.0.4.186 24550 21 6 4 240 1760899414 1760899438 ACCEPT OK", - "ingestionTime": 1760899467683, - "eventId": "39269369151855887953113882198603628849459116683788746755" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899414000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.42.79 10.0.4.186 62060 21 6 3 180 1760899414 1760899438 ACCEPT OK", - "ingestionTime": 1760899467683, - "eventId": "39269369151855887953113882198603628849459116683788746756" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899414000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.121 10.0.4.186 60596 80 6 3 180 1760899414 1760899438 ACCEPT OK", - "ingestionTime": 1760899467683, - "eventId": "39269369151855887953113882198603628849459116683788746757" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899414000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.34.110 10.0.4.186 35718 80 6 3 180 1760899414 1760899438 ACCEPT OK", - "ingestionTime": 1760899467683, - "eventId": "39269369151855887953113882198603628849459116683788746758" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899414000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.9 10.0.4.186 16994 21 6 3 180 1760899414 1760899438 ACCEPT OK", - "ingestionTime": 1760899467683, - "eventId": "39269369151855887953113882198603628849459116683788746759" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899414000, - "message": "2 211203495394 eni-0c663685d7a12552e 47.74.55.112 10.0.4.186 57188 12320 6 1 52 1760899414 1760899438 ACCEPT OK", - "ingestionTime": 1760899467683, - "eventId": "39269369151855887953113882198603628849459116683788746760" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899414000, - "message": "2 211203495394 eni-0c663685d7a12552e 162.216.150.55 10.0.4.186 51355 34473 6 1 44 1760899414 1760899438 ACCEPT OK", - "ingestionTime": 1760899467683, - "eventId": "39269369151855887953113882198603628849459116683788746761" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899414000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 16338 80 6 3 180 1760899414 1760899438 ACCEPT OK", - "ingestionTime": 1760899467683, - "eventId": "39269369151855887953113882198603628849459116683788746762" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899414000, - "message": "2 211203495394 eni-0c663685d7a12552e 162.216.149.61 10.0.4.186 55176 49010 6 1 44 1760899414 1760899438 ACCEPT OK", - "ingestionTime": 1760899467683, - "eventId": "39269369151855887953113882198603628849459116683788746763" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899415000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.50.153 10.0.4.186 33922 80 6 3 180 1760899415 1760899441 ACCEPT OK", - "ingestionTime": 1760899465450, - "eventId": "39269369174156633151644505337439453974580325074051334144" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899415000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.38.48 10.0.4.186 38080 80 6 3 180 1760899415 1760899441 ACCEPT OK", - "ingestionTime": 1760899465450, - "eventId": "39269369174156633151644505337439453974580325074051334145" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899415000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.53 10.0.4.186 47416 80 6 3 180 1760899415 1760899441 ACCEPT OK", - "ingestionTime": 1760899465450, - "eventId": "39269369174156633151644505337439453974580325074051334146" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899415000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.46.102 10.0.4.186 30120 80 6 3 180 1760899415 1760899441 ACCEPT OK", - "ingestionTime": 1760899465450, - "eventId": "39269369174156633151644505337439453974580325074051334147" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899415000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.34.110 10.0.4.186 61568 80 6 3 180 1760899415 1760899441 ACCEPT OK", - "ingestionTime": 1760899465450, - "eventId": "39269369174156633151644505337439453974580325074051334148" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899415000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.6.212 10.0.4.186 38820 80 6 3 180 1760899415 1760899441 ACCEPT OK", - "ingestionTime": 1760899465450, - "eventId": "39269369174156633151644505337439453974580325074051334149" - } - ], - "eni-0b0549e20044315f3-all": [ - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899050000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899050 1760899129 - NODATA", - "ingestionTime": 1760899149148, - "eventId": "39269361034384635687967058294516883796158603200468746240" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899063000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899063 1760899133 - NODATA", - "ingestionTime": 1760899191042, - "eventId": "39269361324294323268865159185128106407086387132881174528" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899065000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899065 1760899140 - NODATA", - "ingestionTime": 1760899158751, - "eventId": "39269361368895813665926405429162124440841377838471249920" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899066000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899066 1760899145 - NODATA", - "ingestionTime": 1760899169059, - "eventId": "39269361391196558864457028583159222796051983380536492032" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899072000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899072 1760899154 - NODATA", - "ingestionTime": 1760899183447, - "eventId": "39269361525001030055640767449767568231817834522370572288" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899083000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899083 1760899163 - NODATA", - "ingestionTime": 1760899191130, - "eventId": "39269361770309227239477622015948951614231990473462448128" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899095000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899095 1760899177 - NODATA", - "ingestionTime": 1760899203123, - "eventId": "39269362037918169621845099728876158476315828073130033152" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899096000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899096 1760899173 - NODATA", - "ingestionTime": 1760899191541, - "eventId": "39269362060218914820375722856410123339823436258297708544" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899110000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899110 1760899188 - NODATA", - "ingestionTime": 1760899209964, - "eventId": "39269362372429347599804446860182095577718871838885019648" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899124000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899124 1760899206 - NODATA", - "ingestionTime": 1760899229535, - "eventId": "39269362684639780379233170865342036892205695946093232128" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899125000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899125 1760899199 - NODATA", - "ingestionTime": 1760899251421, - "eventId": "39269362706940525577763794033336149004260622706450890752" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899126000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899126 1760899200 - NODATA", - "ingestionTime": 1760899220164, - "eventId": "39269362729241270776294417137084416047159533537171668992" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899127000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899127 1760899212 - NODATA", - "ingestionTime": 1760899241060, - "eventId": "39269362751542015974825040303882188022904222112626704384" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899154000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899154 1760899233 - NODATA", - "ingestionTime": 1760899251092, - "eventId": "39269363353662136335151865137474306632162095644831449088" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899154000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899154 1760899237 - NODATA", - "ingestionTime": 1760899265367, - "eventId": "39269363353662136335151865154731662239795841721343803392" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899181000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899181 1760899266 - NODATA", - "ingestionTime": 1760899288254, - "eventId": "39269363955782256695478690003864747195775111898944765952" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899184000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899184 1760899260 - NODATA", - "ingestionTime": 1760899279934, - "eventId": "39269364022684492291070559418413938563523123583808634880" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899191000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899191 1760899257 - NODATA", - "ingestionTime": 1760899310499, - "eventId": "39269364178789708680784921446114574291045297137749393408" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899193000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899193 1760899271 - NODATA", - "ingestionTime": 1760899300873, - "eventId": "39269364223391199077846167717549072416822564465518444544" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899203000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899203 1760899284 - NODATA", - "ingestionTime": 1760899308384, - "eventId": "39269364446398651063152399141986190306426909080998117376" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899213000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899213 1760899293 - NODATA", - "ingestionTime": 1760899313680, - "eventId": "39269364669406103048458630563745762218163735798362669056" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899215000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899215 1760899297 - NODATA", - "ingestionTime": 1760899323453, - "eventId": "39269364714007593445519876858632206622956850636010291200" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899231000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899231 1760899308 - NODATA", - "ingestionTime": 1760899331321, - "eventId": "39269365070819516622009847132715303195827357368140234752" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899245000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899245 1760899320 - NODATA", - "ingestionTime": 1760899339052, - "eventId": "39269365383029949401438571123561746374130011920953245696" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899246000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899246 1760899325 - NODATA", - "ingestionTime": 1760899350892, - "eventId": "39269365405330694599969194279411208772642910370836054016" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899246000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899246 1760899316 - NODATA", - "ingestionTime": 1760899371391, - "eventId": "39269365405330694599969194304192910118520948369194024960" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899248000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899248 1760899335 - NODATA", - "ingestionTime": 1760899363230, - "eventId": "39269365449932184997030440577398219863041560501072035840" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899264000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899264 1760899344 - NODATA", - "ingestionTime": 1760899368928, - "eventId": "39269365806744108173520410848858081852441394865298800640" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899273000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899273 1760899356 - NODATA", - "ingestionTime": 1760899385617, - "eventId": "39269366007450814960296019142855830900426629503072272384" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899275000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899275 1760899352 - NODATA", - "ingestionTime": 1760899371464, - "eventId": "39269366052052305357357265408817078540645514115318808576" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899291000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899291 1760899367 - NODATA", - "ingestionTime": 1760899390402, - "eventId": "39269366408864228533847235696283450762548894208316080128" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899303000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899303 1760899380 - NODATA", - "ingestionTime": 1760899399395, - "eventId": "39269366676473170916214713405583375986398277744453156864" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899307000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899307 1760899384 - NODATA", - "ingestionTime": 1760899410029, - "eventId": "39269366765676151710337205984582080515597986510266630144" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899310000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899310 1760899379 - NODATA", - "ingestionTime": 1760899433219, - "eventId": "39269366832578387305929075437224527699752125344533053440" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899314000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899314 1760899394 - NODATA", - "ingestionTime": 1760899418894, - "eventId": "39269366921781368100051567986049717306332660931861872640" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899322000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899322 1760899403 - NODATA", - "ingestionTime": 1760899428250, - "eventId": "39269367100187329688296553129645846721084489476922867712" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899335000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899335 1760899412 - NODATA", - "ingestionTime": 1760899433229, - "eventId": "39269367390097017269194653975629748732390472004675108864" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899335000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899335 1760899418 - NODATA", - "ingestionTime": 1760899444045, - "eventId": "39269367390097017269194653988704937156474046665124282368" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899351000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899351 1760899426 - NODATA", - "ingestionTime": 1760899450863, - "eventId": "39269367746908940445684624261519183700000033952722321408" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899363000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899363 1760899441 - NODATA", - "ingestionTime": 1760899461247, - "eventId": "39269368014517882828052101972501331045545810129543692288" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899364000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899364 1760899446 - NODATA", - "ingestionTime": 1760899468555, - "eventId": "39269368036818628026582725122871818569149878791262961664" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899367000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899367 1760899437 - NODATA", - "ingestionTime": 1760899492360, - "eventId": "39269368103720863622174594576257299469602032595912818688" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899371000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899371 1760899451 - NODATA", - "ingestionTime": 1760899479465, - "eventId": "39269368192923844416297087126810934162937552827837972480" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899383000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899383 1760899467 - NODATA", - "ingestionTime": 1760899490099, - "eventId": "39269368460532786798664564838095442697030093502723784704" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899394000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899394 1760899478 - NODATA", - "ingestionTime": 1760899502794, - "eventId": "39269368705840983982501419410335527383627721259566039040" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899399000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899399 1760899475 - NODATA", - "ingestionTime": 1760899493057, - "eventId": "39269368817344709975154535106242973873413473154290745344" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899409000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899409 1760899488 - NODATA", - "ingestionTime": 1760899515333, - "eventId": "39269369040352161960460766548530326175156119273020653568" - } - ] - }, - "tags": [] - } - }, - "group": { - "name": "cloudwatch" - }, - "labels": [], - "name": "/aws/vpc-flow-log/vpc-007d791b9b857543e", - "type": "Other", - "uid": "arn:aws:logs:eu-west-1:211203495394:log-group:/aws/vpc-flow-log/vpc-007d791b9b857543e:*" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "It is recommended that sensitive information is not logged to CloudWatch logs. Alternatively, sensitive data may be masked using a protection policy", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/mask-sensitive-log-data.html" - ] - }, - "risk_details": "Storing sensitive data in CloudWatch logs could allow an attacker with read-only access to escalate their privileges or gain unauthorised access to systems.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No secrets found in /aws/s3/prod-my-secure-s3-bucket-20250423 log group.", - "metadata": { - "event_code": "cloudwatch_log_group_no_secrets_in_logs", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "No secrets found in /aws/s3/prod-my-secure-s3-bucket-20250423 log group.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html", - "categories": [ - "secrets" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "AM-01.01AC", - "OPS-11.01AC", - "OPS-11.02AC", - "OPS-13.03B", - "OPS-26.05B", - "OPS-26.01AS", - "PSS-04.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "CCC": [ - "CCC.GenAI.CN04.AR01" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1552" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Check if secrets exists in CloudWatch logs", - "title": "Check if secrets exists in CloudWatch logs.", - "types": [ - "Protect", - "Secure development" - ], - "uid": "prowler-aws-cloudwatch_log_group_no_secrets_in_logs-211203495394-us-east-1-/aws/s3/prod-my-secure-s3-bucket-20250423" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:logs:us-east-1:211203495394:log-group:/aws/s3/prod-my-secure-s3-bucket-20250423:*", - "name": "/aws/s3/prod-my-secure-s3-bucket-20250423", - "retention_days": 30, - "never_expire": false, - "kms_id": "arn:aws:kms:us-east-1:211203495394:key/78e11b27-598e-4e70-b556-ee62b95a4501", - "region": "us-east-1", - "log_streams": {}, - "tags": [] - } - }, - "group": { - "name": "cloudwatch" - }, - "labels": [], - "name": "/aws/s3/prod-my-secure-s3-bucket-20250423", - "type": "Other", - "uid": "arn:aws:logs:us-east-1:211203495394:log-group:/aws/s3/prod-my-secure-s3-bucket-20250423:*" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "It is recommended that sensitive information is not logged to CloudWatch logs. Alternatively, sensitive data may be masked using a protection policy", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/mask-sensitive-log-data.html" - ] - }, - "risk_details": "Storing sensitive data in CloudWatch logs could allow an attacker with read-only access to escalate their privileges or gain unauthorised access to systems.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Log Group /aws/rds/cluster/ex-rds/postgresql is not publicly accessible.", - "metadata": { - "event_code": "cloudwatch_log_group_not_publicly_accessible", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Log Group /aws/rds/cluster/ex-rds/postgresql is not publicly accessible.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/iam-access-control-overview-cwl.html", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "AM-01.01AC", - "PS-03.02B", - "OPS-11.02AC", - "OPS-26.05B", - "OPS-26.01AS", - "IAM-10.01B", - "COS-02.01B", - "PSS-04.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.1", - "2.10.1", - "2.10.2" - ], - "CCC": [ - "CCC.AuditLog.CN09.AR01", - "CCC.AuditLog.CN04.AR01", - "CCC.Monitor.CN04.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN09.AR02", - "CCC.Core.CN09.AR03", - "CCC.Core.CN04.AR03" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "KISA-ISMS-P-2023": [ - "2.6.1", - "2.10.1", - "2.10.2" - ], - "NIS2": [ - "3.2.3.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "This check ensures that no CloudWatch Log Groups are publicly accessible by checking for resource policies that allow access from any entity (Principal: '*'). Publicly exposed log groups pose a serious security risk as sensitive log data could be accessed by unauthorized parties.", - "title": "Ensure that CloudWatch Log Groups are not publicly accessible", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices" - ], - "uid": "prowler-aws-cloudwatch_log_group_not_publicly_accessible-211203495394-eu-west-1-/aws/rds/cluster/ex-rds/postgresql" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:logs:eu-west-1:211203495394:log-group:/aws/rds/cluster/ex-rds/postgresql:*", - "name": "/aws/rds/cluster/ex-rds/postgresql", - "retention_days": 7, - "never_expire": false, - "kms_id": null, - "region": "eu-west-1", - "log_streams": {}, - "tags": [] - } - }, - "group": { - "name": "cloudwatch" - }, - "labels": [], - "name": "/aws/rds/cluster/ex-rds/postgresql", - "type": "Other", - "uid": "arn:aws:logs:eu-west-1:211203495394:log-group:/aws/rds/cluster/ex-rds/postgresql:*" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Ensure that CloudWatch Log Groups are not publicly accessible. Review and remove any resource policies that allow public access (Principal: '*') to log groups.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/iam-access-control-overview-cwl.html" - ] - }, - "risk_details": "Publicly accessible CloudWatch Log Groups can expose sensitive information, leading to data breaches or unauthorized access. It is important to ensure that log groups are only accessible by trusted entities.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Log Group /aws/vpc-flow-log/vpc-007d791b9b857543e is not publicly accessible.", - "metadata": { - "event_code": "cloudwatch_log_group_not_publicly_accessible", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Log Group /aws/vpc-flow-log/vpc-007d791b9b857543e is not publicly accessible.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/iam-access-control-overview-cwl.html", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "AM-01.01AC", - "PS-03.02B", - "OPS-11.02AC", - "OPS-26.05B", - "OPS-26.01AS", - "IAM-10.01B", - "COS-02.01B", - "PSS-04.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.1", - "2.10.1", - "2.10.2" - ], - "CCC": [ - "CCC.AuditLog.CN09.AR01", - "CCC.AuditLog.CN04.AR01", - "CCC.Monitor.CN04.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN09.AR02", - "CCC.Core.CN09.AR03", - "CCC.Core.CN04.AR03" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "KISA-ISMS-P-2023": [ - "2.6.1", - "2.10.1", - "2.10.2" - ], - "NIS2": [ - "3.2.3.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "This check ensures that no CloudWatch Log Groups are publicly accessible by checking for resource policies that allow access from any entity (Principal: '*'). Publicly exposed log groups pose a serious security risk as sensitive log data could be accessed by unauthorized parties.", - "title": "Ensure that CloudWatch Log Groups are not publicly accessible", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices" - ], - "uid": "prowler-aws-cloudwatch_log_group_not_publicly_accessible-211203495394-eu-west-1-/aws/vpc-flow-log/vpc-007d791b9b857543e" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:logs:eu-west-1:211203495394:log-group:/aws/vpc-flow-log/vpc-007d791b9b857543e:*", - "name": "/aws/vpc-flow-log/vpc-007d791b9b857543e", - "retention_days": 9999, - "never_expire": true, - "kms_id": null, - "region": "eu-west-1", - "log_streams": { - "eni-0cd4fcd4819d5a0b7-all": [ - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899031000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899031 1760899115 - NODATA", - "ingestionTime": 1760899139926, - "eventId": "39269360610670476915885218594189694963071457059547512832" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899046000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899046 1760899127 - NODATA", - "ingestionTime": 1760899149250, - "eventId": "39269360945181654893844565728497413038571606956274024448" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899064000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899064 1760899142 - NODATA", - "ingestionTime": 1760899171015, - "eventId": "39269361346595068467395782302452507265231831869047177216" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899065000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899065 1760899140 - NODATA", - "ingestionTime": 1760899161481, - "eventId": "39269361368895813665926405432462355128969412946093211648" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899074000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899074 1760899154 - NODATA", - "ingestionTime": 1760899180685, - "eventId": "39269361569602520452702013729500161457508911822151876608" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899087000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899087 1760899164 - NODATA", - "ingestionTime": 1760899188926, - "eventId": "39269361859512208033600114579426962274716549575521730560" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899093000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899093 1760899177 - NODATA", - "ingestionTime": 1760899202942, - "eventId": "39269361993316679224783853445585976414341769780327874560" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899096000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899096 1760899173 - NODATA", - "ingestionTime": 1760899189534, - "eventId": "39269362060218914820375722853983829530393030289362518016" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899107000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899107 1760899183 - NODATA", - "ingestionTime": 1760899208282, - "eventId": "39269362305527112004212577433541251354104638611981205504" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899120000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899120 1760899194 - NODATA", - "ingestionTime": 1760899249444, - "eventId": "39269362595436799585110678323267367353868490709992013824" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899124000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899124 1760899204 - NODATA", - "ingestionTime": 1760899231189, - "eventId": "39269362684639780379233170867341403349163730796893896704" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899145000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899145 1760899226 - NODATA", - "ingestionTime": 1760899248783, - "eventId": "39269363152955429548376256860861233320174442224344956928" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899153000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899153 1760899239 - NODATA", - "ingestionTime": 1760899262856, - "eventId": "39269363331361391136621242010160382151535307798841524224" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899156000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899156 1760899233 - NODATA", - "ingestionTime": 1760899251214, - "eventId": "39269363398263626732213111420693427286550341112125521920" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899167000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899167 1760899245 - NODATA", - "ingestionTime": 1760899267593, - "eventId": "39269363643571823916049965997386872465211874059378688000" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899181000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899181 1760899254 - NODATA", - "ingestionTime": 1760899309470, - "eventId": "39269363955782256695478690029513573287107439005186064384" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899184000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899184 1760899260 - NODATA", - "ingestionTime": 1760899280418, - "eventId": "39269364022684492291070559418998784362727835457823440896" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899187000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899187 1760899266 - NODATA", - "ingestionTime": 1760899289733, - "eventId": "39269364089586727886662428854866949624521773410794864640" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899194000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899194 1760899275 - NODATA", - "ingestionTime": 1760899299733, - "eventId": "39269364245691944276376790857706543416476686971921301504" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899204000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899204 1760899286 - NODATA", - "ingestionTime": 1760899309875, - "eventId": "39269364468699396261683022285324313923175968945211310080" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899213000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899213 1760899293 - NODATA", - "ingestionTime": 1760899319552, - "eventId": "39269364669406103048458630570844658358774455533122027520" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899215000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899215 1760899293 - NODATA", - "ingestionTime": 1760899311165, - "eventId": "39269364714007593445519876843776711888539935711792070656" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899227000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899227 1760899304 - NODATA", - "ingestionTime": 1760899327528, - "eventId": "39269364981616535827887354561987052343875666657387479040" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899241000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899241 1760899314 - NODATA", - "ingestionTime": 1760899369674, - "eventId": "39269365293826968607316078594438607167353915397586354176" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899245000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899245 1760899321 - NODATA", - "ingestionTime": 1760899340795, - "eventId": "39269365383029949401438571125668891064507806525688119296" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899247000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899247 1760899325 - NODATA", - "ingestionTime": 1760899349747, - "eventId": "39269365427631439798499817419562686664009994535042416640" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899248000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899248 1760899335 - NODATA", - "ingestionTime": 1760899361737, - "eventId": "39269365449932184997030440575593663755083845328799662080" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899263000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899263 1760899343 - NODATA", - "ingestionTime": 1760899367618, - "eventId": "39269365784443362974989787705738802661146729846819127296" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899271000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899271 1760899355 - NODATA", - "ingestionTime": 1760899379484, - "eventId": "39269365962849324563234772852369513371529050589700489216" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899276000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899276 1760899352 - NODATA", - "ingestionTime": 1760899371708, - "eventId": "39269366074353050555887888550647785025367173779549388800" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899287000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899287 1760899364 - NODATA", - "ingestionTime": 1760899389077, - "eventId": "39269366319661247739724743128538737171054749321939386368" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899303000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899303 1760899375 - NODATA", - "ingestionTime": 1760899431081, - "eventId": "39269366676473170916214713443889494423911819403013455872" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899305000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899305 1760899381 - NODATA", - "ingestionTime": 1760899400414, - "eventId": "39269366721074661313275959689886924638672932144373039104" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899307000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899307 1760899386 - NODATA", - "ingestionTime": 1760899408511, - "eventId": "39269366765676151710337205982746961466829488763300806656" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899314000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899314 1760899394 - NODATA", - "ingestionTime": 1760899420747, - "eventId": "39269366921781368100051567988289637575888457293160448000" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899322000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899322 1760899403 - NODATA", - "ingestionTime": 1760899428007, - "eventId": "39269367100187329688296553129352064058383779008465076224" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899334000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899334 1760899412 - NODATA", - "ingestionTime": 1760899429660, - "eventId": "39269367367796272070664030829778877118210560333827080192" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899336000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899336 1760899417 - NODATA", - "ingestionTime": 1760899442053, - "eventId": "39269367412397762467725277127832967444140093911955144704" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899349000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899349 1760899424 - NODATA", - "ingestionTime": 1760899449340, - "eventId": "39269367702307450048623377976606737167794200106263445504" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899361000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899361 1760899432 - NODATA", - "ingestionTime": 1760899491027, - "eventId": "39269367969916392430990855725431353246427732075437621248" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899363000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899363 1760899441 - NODATA", - "ingestionTime": 1760899460257, - "eventId": "39269368014517882828052101971304249414101267847896170496" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899365000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899365 1760899446 - NODATA", - "ingestionTime": 1760899468665, - "eventId": "39269368059119373225113348264540584396392034426105430016" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899375000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899375 1760899455 - NODATA", - "ingestionTime": 1760899481555, - "eventId": "39269368282126825210419579695480504500212685656322080768" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899383000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899383 1760899467 - NODATA", - "ingestionTime": 1760899487567, - "eventId": "39269368460532786798664564835034776331022815284839055360" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899393000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899393 1760899476 - NODATA", - "ingestionTime": 1760899500793, - "eventId": "39269368683540238783970796266381102896276266334347132928" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899398000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899398 1760899475 - NODATA", - "ingestionTime": 1760899489169, - "eventId": "39269368795043964776623911960006811116316914335348031488" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899409000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899409 1760899487 - NODATA", - "ingestionTime": 1760899507600, - "eventId": "39269369040352161960460766539181708866508225546449846272" - } - ], - "eni-0eee78be32276dc65-all": [ - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899032000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899032 1760899109 - NODATA", - "ingestionTime": 1760899134945, - "eventId": "39269360632971222114415841729703527226207967234779774976" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899043000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899043 1760899120 - NODATA", - "ingestionTime": 1760899144884, - "eventId": "39269360878279419298252696298611781813145246086503727104" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899052000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899052 1760899132 - NODATA", - "ingestionTime": 1760899154887, - "eventId": "39269361078986126085028304584526361316447343074608021504" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899063000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899063 1760899141 - NODATA", - "ingestionTime": 1760899164127, - "eventId": "39269361324294323268865159152589586655311491293203202048" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899066000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899066 1760899146 - NODATA", - "ingestionTime": 1760899173383, - "eventId": "39269361391196558864457028588387002206051139308865585152" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899070000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899070 1760899140 - NODATA", - "ingestionTime": 1760899156170, - "eventId": "39269361480399539658579521133720174781408048766989828096" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899074000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899074 1760899155 - NODATA", - "ingestionTime": 1760899186448, - "eventId": "39269361569602520452702013736466909309389429082721353728" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899096000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899096 1760899175 - NODATA", - "ingestionTime": 1760899197470, - "eventId": "39269362060218914820375722863577669461616015304736112640" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899107000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899107 1760899182 - NODATA", - "ingestionTime": 1760899205402, - "eventId": "39269362305527112004212577430059792118031670795614355456" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899124000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899124 1760899200 - NODATA", - "ingestionTime": 1760899224570, - "eventId": "39269362684639780379233170859339700182272340779870912512" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899127000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899127 1760899206 - NODATA", - "ingestionTime": 1760899231868, - "eventId": "39269362751542015974825040292769706477577608203599740928" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899130000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899130 1760899200 - NODATA", - "ingestionTime": 1760899216262, - "eventId": "39269362818444251570416909698510075089137464840133804032" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899133000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899133 1760899215 - NODATA", - "ingestionTime": 1760899246210, - "eventId": "39269362885346487166008779159322407412871585528894324736" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899153000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899153 1760899230 - NODATA", - "ingestionTime": 1760899251400, - "eventId": "39269363331361391136621241996311121221405119004043444224" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899157000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899157 1760899235 - NODATA", - "ingestionTime": 1760899258021, - "eventId": "39269363420564371930743734570458344598590417900065914880" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899167000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899167 1760899242 - NODATA", - "ingestionTime": 1760899266548, - "eventId": "39269363643571823916049965996123562950678726130113904640" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899174000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899174 1760899250 - NODATA", - "ingestionTime": 1760899275556, - "eventId": "39269363799677040305764327997764003167285750075715420160" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899183000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899183 1760899262 - NODATA", - "ingestionTime": 1760899284289, - "eventId": "39269364000383747092539936282143032915656252264968749056" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899187000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899187 1760899266 - NODATA", - "ingestionTime": 1760899291413, - "eventId": "39269364089586727886662428856898380600297619606114140160" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899190000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899190 1760899260 - NODATA", - "ingestionTime": 1760899276225, - "eventId": "39269364156488963482254298263144306458468370593886044160" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899193000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899193 1760899277 - NODATA", - "ingestionTime": 1760899303806, - "eventId": "39269364223391199077846167721094564420197117221625790464" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899196000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899196 1760899260 - NODATA", - "ingestionTime": 1760899334586, - "eventId": "39269364290293434673438037182912416456716008702408523776" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899213000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899213 1760899289 - NODATA", - "ingestionTime": 1760899311121, - "eventId": "39269364669406103048458630560652132630159455450075103232" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899216000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899216 1760899295 - NODATA", - "ingestionTime": 1760899318499, - "eventId": "39269364736308338644050499994179034332937535505210343424" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899227000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899227 1760899305 - NODATA", - "ingestionTime": 1760899326390, - "eventId": "39269364981616535827887354560611681081931410087592263680" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899232 1760899310 - NODATA", - "ingestionTime": 1760899336203, - "eventId": "39269365093120261820540470280153350599481452527376269312" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899243000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899243 1760899323 - NODATA", - "ingestionTime": 1760899343742, - "eventId": "39269365338428459004377324846160248388421245006660304896" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899249000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899249 1760899320 - NODATA", - "ingestionTime": 1760899336117, - "eventId": "39269365472232930195561063686156260435021330376417148928" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899249000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899249 1760899327 - NODATA", - "ingestionTime": 1760899352321, - "eventId": "39269365472232930195561063705745793873400791408967090176" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899251000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899251 1760899336 - NODATA", - "ingestionTime": 1760899367212, - "eventId": "39269365516834420592622310006819254946281577326604779520" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899274000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899274 1760899353 - NODATA", - "ingestionTime": 1760899373962, - "eventId": "39269366029751560158826642270301412512888178252004589568" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899274000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899274 1760899355 - NODATA", - "ingestionTime": 1760899379402, - "eventId": "39269366029751560158826642276877930662977506319400042496" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899284000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899284 1760899362 - NODATA", - "ingestionTime": 1760899386982, - "eventId": "39269366252759012144132873701398387328881161898128637952" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899294000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899294 1760899372 - NODATA", - "ingestionTime": 1760899394477, - "eventId": "39269366475766464129439105125816695702172340211787300864" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899303000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899303 1760899383 - NODATA", - "ingestionTime": 1760899405478, - "eventId": "39269366676473170916214713412937602135678394228114522112" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899308000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899308 1760899386 - NODATA", - "ingestionTime": 1760899413706, - "eventId": "39269366787976896908867829130563046940109806326346612736" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899310000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899310 1760899380 - NODATA", - "ingestionTime": 1760899397821, - "eventId": "39269366832578387305929075394430702698688020571642724352" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899314000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899314 1760899397 - NODATA", - "ingestionTime": 1760899425864, - "eventId": "39269366921781368100051567994475576217536599340043665408" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899334000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899334 1760899415 - NODATA", - "ingestionTime": 1760899441656, - "eventId": "39269367367796272070664030844281469904033722035045597184" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899335000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899335 1760899410 - NODATA", - "ingestionTime": 1760899430876, - "eventId": "39269367390097017269194653972784979191565215734678749184" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899347000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899347 1760899423 - NODATA", - "ingestionTime": 1760899447684, - "eventId": "39269367657705959651562131691532913759489711811767500800" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899354000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899354 1760899432 - NODATA", - "ingestionTime": 1760899456589, - "eventId": "39269367813811176041276493693048475725746690637326057472" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899363000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899363 1760899442 - NODATA", - "ingestionTime": 1760899463202, - "eventId": "39269368014517882828052101974864753397017949679660957696" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899367000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899367 1760899446 - NODATA", - "ingestionTime": 1760899472723, - "eventId": "39269368103720863622174594552517552425934392550237077504" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899371000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899371 1760899440 - NODATA", - "ingestionTime": 1760899455859, - "eventId": "39269368192923844416297087098273510881125605169948065792" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899375000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899375 1760899457 - NODATA", - "ingestionTime": 1760899487495, - "eventId": "39269368282126825210419579702662044707283407383455531008" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899392000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899392 1760899469 - NODATA", - "ingestionTime": 1760899490579, - "eventId": "39269368661239493585440173112497448504418584276237156352" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899394000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899394 1760899475 - NODATA", - "ingestionTime": 1760899499905, - "eventId": "39269368705840983982501419406842983598809204891447328768" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899404000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899404 1760899481 - NODATA", - "ingestionTime": 1760899505766, - "eventId": "39269368928848435967807650829285727947167171314158731264" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899410000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899410 1760899487 - NODATA", - "ingestionTime": 1760899518280, - "eventId": "39269369062652907158991389693628934917572999196216262656" - } - ], - "eni-0c1065c914ddc0b88-all": [ - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899033000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899033 1760899111 - NODATA", - "ingestionTime": 1760899131705, - "eventId": "39269360655271967312946464867322652502059743183076327424" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899040000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899040 1760899118 - NODATA", - "ingestionTime": 1760899137950, - "eventId": "39269360811377183702660826865622290103622366602256842752" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899046000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899046 1760899124 - NODATA", - "ingestionTime": 1760899144556, - "eventId": "39269360945181654893844565722822361767392100902754582528" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899056000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899056 1760899132 - NODATA", - "ingestionTime": 1760899177328, - "eventId": "39269361168189106879150797177798657782901584726127869952" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899063000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899063 1760899143 - NODATA", - "ingestionTime": 1760899169949, - "eventId": "39269361324294323268865159159627891617325295385041436672" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899064000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899064 1760899140 - NODATA", - "ingestionTime": 1760899159431, - "eventId": "39269361346595068467395782288448135197190114468420583424" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899074000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899074 1760899156 - NODATA", - "ingestionTime": 1760899175275, - "eventId": "39269361569602520452702013722959486324680047180535889920" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899083000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899083 1760899166 - NODATA", - "ingestionTime": 1760899185928, - "eventId": "39269361770309227239477622009659656615414527865242583040" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899092000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899092 1760899165 - NODATA", - "ingestionTime": 1760899176075, - "eventId": "39269361971015934026253230271570081934998595329796538368" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899096000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899096 1760899172 - NODATA", - "ingestionTime": 1760899192224, - "eventId": "39269362060218914820375722857235374222277287158040035328" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899098000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899098 1760899176 - NODATA", - "ingestionTime": 1760899199417, - "eventId": "39269362104820405217436969149003084469614423673101156352" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899104000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899104 1760899183 - NODATA", - "ingestionTime": 1760899206138, - "eventId": "39269362238624876408620708006342405502528195376838868992" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899120000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899120 1760899191 - NODATA", - "ingestionTime": 1760899236584, - "eventId": "39269362595436799585110678307720767915257233185726332928" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899125000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899125 1760899200 - NODATA", - "ingestionTime": 1760899220918, - "eventId": "39269362706940525577763793996460255943460832392201109504" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899128000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899128 1760899204 - NODATA", - "ingestionTime": 1760899231844, - "eventId": "39269362773842761173355663434276318502510064397876527104" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899135000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899135 1760899213 - NODATA", - "ingestionTime": 1760899237314, - "eventId": "39269362929947977563070025431638968432093462264361123840" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899141000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899141 1760899224 - NODATA", - "ingestionTime": 1760899246469, - "eventId": "39269363063752448754253764291921197519833887840925450240" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899153000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899153 1760899221 - NODATA", - "ingestionTime": 1760899236692, - "eventId": "39269363331361391136621241978529841373228806547492372480" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899156000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899156 1760899232 - NODATA", - "ingestionTime": 1760899254316, - "eventId": "39269363398263626732213111424443243766834742078299963392" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899158000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899158 1760899236 - NODATA", - "ingestionTime": 1760899261035, - "eventId": "39269363442865117129274357715637800582458712370902073344" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899178000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899178 1760899252 - NODATA", - "ingestionTime": 1760899297290, - "eventId": "39269363888880021099886820590181698295679974565315739648" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899182000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899182 1760899260 - NODATA", - "ingestionTime": 1760899280382, - "eventId": "39269363978083001894009313135883871550789736714335223808" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899187000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899187 1760899265 - NODATA", - "ingestionTime": 1760899292137, - "eventId": "39269364089586727886662428857773429136984229455763341312" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899195000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899195 1760899273 - NODATA", - "ingestionTime": 1760899296711, - "eventId": "39269364267992689474907413995588979756838792680283045888" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899203000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899203 1760899285 - NODATA", - "ingestionTime": 1760899308052, - "eventId": "39269364446398651063152399141585090918819749021377363968" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899212000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899212 1760899281 - NODATA", - "ingestionTime": 1760899298603, - "eventId": "39269364647105357849928007403983341063954283086051934208" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899215000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899215 1760899291 - NODATA", - "ingestionTime": 1760899314667, - "eventId": "39269364714007593445519876848010854729212200078675476480" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899218000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899218 1760899297 - NODATA", - "ingestionTime": 1760899318310, - "eventId": "39269364780909829041111746277021645179191239808600047616" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899226000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899226 1760899304 - NODATA", - "ingestionTime": 1760899326316, - "eventId": "39269364959315790629356731418986118130536925037518389248" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899237000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899237 1760899311 - NODATA", - "ingestionTime": 1760899357590, - "eventId": "39269365204623987813193586013687306980555969919094620160" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899245000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899245 1760899320 - NODATA", - "ingestionTime": 1760899339320, - "eventId": "39269365383029949401438571123885830990629396754181455872" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899246000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899246 1760899324 - NODATA", - "ingestionTime": 1760899349453, - "eventId": "39269365405330694599969194277671333444670725721594920960" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899253000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899253 1760899332 - NODATA", - "ingestionTime": 1760899355965, - "eventId": "39269365561435910989683556276294226634700045831045709824" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899260000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899260 1760899342 - NODATA", - "ingestionTime": 1760899367285, - "eventId": "39269365717541127379397918280729457563060667479143677952" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899271000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899271 1760899340 - NODATA", - "ingestionTime": 1760899358012, - "eventId": "39269365962849324563234772826411456326433139600299589632" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899277000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899277 1760899358 - NODATA", - "ingestionTime": 1760899379932, - "eventId": "39269366096653795754418511702125555646941690228634025984" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899280000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899280 1760899354 - NODATA", - "ingestionTime": 1760899373791, - "eventId": "39269366163556031350010381119308943134728694973349036032" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899287000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899287 1760899365 - NODATA", - "ingestionTime": 1760899387122, - "eventId": "39269366319661247739724743126174945862220594307798401024" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899296000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899296 1760899370 - NODATA", - "ingestionTime": 1760899417363, - "eventId": "39269366520367954526500351436555808711909606142480023552" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899303000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899303 1760899380 - NODATA", - "ingestionTime": 1760899401909, - "eventId": "39269366676473170916214713408623065001550703702154543104" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899307000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899307 1760899383 - NODATA", - "ingestionTime": 1760899409238, - "eventId": "39269366765676151710337205983626119966033254102925901824" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899314000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899314 1760899394 - NODATA", - "ingestionTime": 1760899415337, - "eventId": "39269366921781368100051567981749449595694558573866647552" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899324000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899324 1760899407 - NODATA", - "ingestionTime": 1760899426496, - "eventId": "39269367144788820085357799410596776768436318073229869056" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899330000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899330 1760899401 - NODATA", - "ingestionTime": 1760899416680, - "eventId": "39269367278593291276541538247944144611040782249052209152" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899332000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899332 1760899411 - NODATA", - "ingestionTime": 1760899433019, - "eventId": "39269367323194781673602784550768585739390411542126460928" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899336000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899336 1760899417 - NODATA", - "ingestionTime": 1760899441788, - "eventId": "39269367412397762467725277127512237825223402116720689152" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899346000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899346 1760899426 - NODATA", - "ingestionTime": 1760899445148, - "eventId": "39269367635405214453031508546931419772956448249760251904" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899359000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899359 1760899432 - NODATA", - "ingestionTime": 1760899476491, - "eventId": "39269367925314902033929609424786991761781626531123036160" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899362000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899362 1760899441 - NODATA", - "ingestionTime": 1760899460671, - "eventId": "39269367992217137629521478830269449240112434646753738752" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899366000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899366 1760899443 - NODATA", - "ingestionTime": 1760899468688, - "eventId": "39269368081420118423643971406103859309591387589274501120" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899376000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899376 1760899453 - NODATA", - "ingestionTime": 1760899476785, - "eventId": "39269368304427570408950202831249919970625624526780694528" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899384000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899384 1760899466 - NODATA", - "ingestionTime": 1760899488248, - "eventId": "39269368482833531997195187977393757885480410767471214592" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899393000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899393 1760899463 - NODATA", - "ingestionTime": 1760899476616, - "eventId": "39269368683540238783970796237152821956634466018501394432" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899396000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899396 1760899472 - NODATA", - "ingestionTime": 1760899492814, - "eventId": "39269368750442474379562665681342390226297253743843213312" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899398000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899398 1760899476 - NODATA", - "ingestionTime": 1760899499578, - "eventId": "39269368795043964776623911972590426561877822674179457024" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899404000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899404 1760899483 - NODATA", - "ingestionTime": 1760899507248, - "eventId": "39269368928848435967807650831077445246919319457277739008" - } - ], - "eni-0b032bdd6415e28d2-all": [ - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899035000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899035 1760899113 - NODATA", - "ingestionTime": 1760899133136, - "eventId": "39269360699873457710007711152123610062180414944395264000" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899038000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899038 1760899114 - NODATA", - "ingestionTime": 1760899141191, - "eventId": "39269360766775693305599580586468728036916112958741348352" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899050000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899050 1760899123 - NODATA", - "ingestionTime": 1760899146046, - "eventId": "39269361034384635687967058290766595601835303791956525056" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899058000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899058 1760899131 - NODATA", - "ingestionTime": 1760899159863, - "eventId": "39269361212790597276212043439756002440073202307487825920" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899063000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899063 1760899141 - NODATA", - "ingestionTime": 1760899167762, - "eventId": "39269361324294323268865159156984140043621645568457375744" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899068000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899068 1760899140 - NODATA", - "ingestionTime": 1760899157657, - "eventId": "39269361435798049261518274852446799470266395671291756544" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899068000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899068 1760899151 - NODATA", - "ingestionTime": 1760899175983, - "eventId": "39269361435798049261518274874601161818209012954061209600" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899095000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899095 1760899173 - NODATA", - "ingestionTime": 1760899195345, - "eventId": "39269362037918169621845099719473117068327781693816504320" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899098000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899098 1760899177 - NODATA", - "ingestionTime": 1760899204131, - "eventId": "39269362104820405217436969154701463979111391750678577152" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899106000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899106 1760899186 - NODATA", - "ingestionTime": 1760899211311, - "eventId": "39269362283226366805681954295667591380534219155025690624" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899114000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899114 1760899186 - NODATA", - "ingestionTime": 1760899204393, - "eventId": "39269362461632328393926939419589915749741929816441094144" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899122000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899122 1760899203 - NODATA", - "ingestionTime": 1760899228656, - "eventId": "39269362640038289982171924581207850598435590163328860160" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899125000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899125 1760899194 - NODATA", - "ingestionTime": 1760899249065, - "eventId": "39269362706940525577763794030487974742181412238673444864" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899127000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899127 1760899200 - NODATA", - "ingestionTime": 1760899220738, - "eventId": "39269362751542015974825040279314179297414635168363315200" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899132000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899132 1760899213 - NODATA", - "ingestionTime": 1760899241591, - "eventId": "39269362863045741967478156012202532532736419493011783680" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899143000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899143 1760899223 - NODATA", - "ingestionTime": 1760899253281, - "eventId": "39269363108353939151315010583227663416625814834351243264" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899156000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899156 1760899234 - NODATA", - "ingestionTime": 1760899255488, - "eventId": "39269363398263626732213111425859902023189279008363118592" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899159000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899159 1760899237 - NODATA", - "ingestionTime": 1760899264361, - "eventId": "39269363465165862327804980861194073115574920556078891008" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899168000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899168 1760899246 - NODATA", - "ingestionTime": 1760899269260, - "eventId": "39269363665872569114580589140938428252512150847914049536" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899179000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899179 1760899253 - NODATA", - "ingestionTime": 1760899287510, - "eventId": "39269363911180766298417443719894074932119288698675789824" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899184000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899184 1760899263 - NODATA", - "ingestionTime": 1760899286796, - "eventId": "39269364022684492291070559426709282053852418506933469184" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899189000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899189 1760899260 - NODATA", - "ingestionTime": 1760899280283, - "eventId": "39269364134188218283723675126514426166813898814862065664" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899190000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899190 1760899270 - NODATA", - "ingestionTime": 1760899299057, - "eventId": "39269364156488963482254298290746226088810990608511533056" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899196000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899196 1760899280 - NODATA", - "ingestionTime": 1760899311828, - "eventId": "39269364290293434673438037155400062015818871861690368000" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899215000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899215 1760899294 - NODATA", - "ingestionTime": 1760899324767, - "eventId": "39269364714007593445519876860221022069360705824598065152" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899216000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899216 1760899291 - NODATA", - "ingestionTime": 1760899311774, - "eventId": "39269364736308338644050499986049101087749757179034533888" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899228000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899228 1760899305 - NODATA", - "ingestionTime": 1760899327496, - "eventId": "39269365003917281026417977703483983765827058252031524864" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899236000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899236 1760899313 - NODATA", - "ingestionTime": 1760899372153, - "eventId": "39269365182323242614662962889757246868346573266567036928" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899242000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899242 1760899322 - NODATA", - "ingestionTime": 1760899351210, - "eventId": "39269365316127713805846701713652516863299726898767265792" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899245000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899245 1760899316 - NODATA", - "ingestionTime": 1760899326734, - "eventId": "39269365383029949401438571108670116921054093554823528448" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899246000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899246 1760899320 - NODATA", - "ingestionTime": 1760899342709, - "eventId": "39269365405330694599969194269518376122630654525933879296" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899252000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899252 1760899335 - NODATA", - "ingestionTime": 1760899360418, - "eventId": "39269365539135165791152933140142033914622429515450417152" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899264000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899264 1760899343 - NODATA", - "ingestionTime": 1760899373218, - "eventId": "39269365806744108173520410854044313792513119479803084800" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899275000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899275 1760899355 - NODATA", - "ingestionTime": 1760899375908, - "eventId": "39269366052052305357357265414189441517385877666894970880" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899279000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899279 1760899352 - NODATA", - "ingestionTime": 1760899369219, - "eventId": "39269366141255286151479757972246010380988764276406026240" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899281000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899281 1760899359 - NODATA", - "ingestionTime": 1760899386093, - "eventId": "39269366185856776548541004275716839020567135377730371584" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899291000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899291 1760899368 - NODATA", - "ingestionTime": 1760899396136, - "eventId": "39269366408864228533847235703215102353670681361569349632" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899305000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899305 1760899382 - NODATA", - "ingestionTime": 1760899411018, - "eventId": "39269366721074661313275959702706255481084640795688894464" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899307000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899307 1760899380 - NODATA", - "ingestionTime": 1760899401309, - "eventId": "39269366765676151710337205974040218737002706934304473088" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899307000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899307 1760899377 - NODATA", - "ingestionTime": 1760899407058, - "eventId": "39269366765676151710337205980990486288538753834262528000" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899310000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899310 1760899393 - NODATA", - "ingestionTime": 1760899419461, - "eventId": "39269366832578387305929075420592256492361369792011894784" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899324000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899324 1760899404 - NODATA", - "ingestionTime": 1760899433640, - "eventId": "39269367144788820085357799419233581698511609406149165056" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899335000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899335 1760899412 - NODATA", - "ingestionTime": 1760899433908, - "eventId": "39269367390097017269194653976450088980403729997574832128" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899339000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899339 1760899418 - NODATA", - "ingestionTime": 1760899443512, - "eventId": "39269367479299998063317146554203490059711429749104771072" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899352000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899352 1760899428 - NODATA", - "ingestionTime": 1760899450328, - "eventId": "39269367769209685644215247402407859453740699287278387200" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899361000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899361 1760899433 - NODATA", - "ingestionTime": 1760899454519, - "eventId": "39269367969916392430990855681296183876299316157353951232" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899366000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899366 1760899444 - NODATA", - "ingestionTime": 1760899474591, - "eventId": "39269368081420118423643971413240484439095664219683618816" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899367000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899367 1760899442 - NODATA", - "ingestionTime": 1760899465925, - "eventId": "39269368103720863622174594544299428355023128143241412608" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899368000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899368 1760899453 - NODATA", - "ingestionTime": 1760899486443, - "eventId": "39269368126021608820705217710640157343359909657957302272" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899371000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899371 1760899440 - NODATA", - "ingestionTime": 1760899453355, - "eventId": "39269368192923844416297087095246106187430342297292636160" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899394000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899394 1760899469 - NODATA", - "ingestionTime": 1760899492226, - "eventId": "39269368705840983982501419397559717026373074890956865536" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899395000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899395 1760899474 - NODATA", - "ingestionTime": 1760899499679, - "eventId": "39269368728141729181032042548105768502328698924799033344" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899401000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899401 1760899480 - NODATA", - "ingestionTime": 1760899505761, - "eventId": "39269368861946200372215781404672778473133206005118402560" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899411000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899411 1760899487 - NODATA", - "ingestionTime": 1760899516510, - "eventId": "39269369084953652357522012833024672600503351423856934912" - } - ], - "eni-0412563bcfde47c07-all": [ - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899035000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899035 1760899115 - NODATA", - "ingestionTime": 1760899136495, - "eventId": "39269360699873457710007711156184720977592577186848636928" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899040000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899040 1760899119 - NODATA", - "ingestionTime": 1760899143305, - "eventId": "39269360811377183702660826872095664712709160858448297984" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899053000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899053 1760899129 - NODATA", - "ingestionTime": 1760899149871, - "eventId": "39269361101286871283558927719998164556081147111036944384" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899061000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899061 1760899143 - NODATA", - "ingestionTime": 1760899171229, - "eventId": "39269361279692832871803912878103970731973143505727586304" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899065000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899065 1760899134 - NODATA", - "ingestionTime": 1760899159080, - "eventId": "39269361368895813665926405429559601888144427773353132032" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899067000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899067 1760899140 - NODATA", - "ingestionTime": 1760899158188, - "eventId": "39269361413497304062987651711552518719516224710275825664" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899069000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899069 1760899153 - NODATA", - "ingestionTime": 1760899183464, - "eventId": "39269361458098794460048898025181141301956577880678137856" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899079000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899079 1760899147 - NODATA", - "ingestionTime": 1760899160601, - "eventId": "39269361681106246445355129412898811658073252175123316736" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899087000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899087 1760899166 - NODATA", - "ingestionTime": 1760899189376, - "eventId": "39269361859512208033600114579970893901776463807182798848" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899097000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899097 1760899176 - NODATA", - "ingestionTime": 1760899197279, - "eventId": "39269362082519660018906346004882537813687509194151165952" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899101000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899101 1760899179 - NODATA", - "ingestionTime": 1760899207385, - "eventId": "39269362171722640813028838583242579865759321101520076800" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899110000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899110 1760899188 - NODATA", - "ingestionTime": 1760899210660, - "eventId": "39269362372429347599804446861023392143998122008465309696" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899125000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899125 1760899194 - NODATA", - "ingestionTime": 1760899218812, - "eventId": "39269362706940525577763793993914106303142960102158041088" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899127000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899127 1760899203 - NODATA", - "ingestionTime": 1760899219418, - "eventId": "39269362751542015974825040277718476328369986825337700352" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899128000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899128 1760899200 - NODATA", - "ingestionTime": 1760899219120, - "eventId": "39269362773842761173355663418894165674178680573615538176" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899128000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899128 1760899205 - NODATA", - "ingestionTime": 1760899229665, - "eventId": "39269362773842761173355663431641781566952475279059255296" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899131000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899131 1760899216 - NODATA", - "ingestionTime": 1760899246092, - "eventId": "39269362840744996768947532876108041980772891761732091904" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899154000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899154 1760899229 - NODATA", - "ingestionTime": 1760899251163, - "eventId": "39269363353662136335151865137560078513468959389785718784" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899156000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899156 1760899234 - NODATA", - "ingestionTime": 1760899255712, - "eventId": "39269363398263626732213111426130916777394430857751101440" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899161000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899161 1760899240 - NODATA", - "ingestionTime": 1760899263829, - "eventId": "39269363509767352724866227143622613852783293494349135872" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899165000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899165 1760899246 - NODATA", - "ingestionTime": 1760899273641, - "eventId": "39269363598970333518988719721627354493523822240846249984" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899185000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899185 1760899255 - NODATA", - "ingestionTime": 1760899281581, - "eventId": "39269364044985237489601182561940566582802392043117805568" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899187000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899187 1760899274 - NODATA", - "ingestionTime": 1760899303013, - "eventId": "39269364089586727886662428870921814201369867240798355456" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899189000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899189 1760899265 - NODATA", - "ingestionTime": 1760899290113, - "eventId": "39269364134188218283723675138397685858692808796273704960" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899190000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899190 1760899260 - NODATA", - "ingestionTime": 1760899280671, - "eventId": "39269364156488963482254298268519062333023165200494231552" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899193000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899193 1760899263 - NODATA", - "ingestionTime": 1760899278795, - "eventId": "39269364223391199077846167690858269798831755613942710272" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899207000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899207 1760899286 - NODATA", - "ingestionTime": 1760899310638, - "eventId": "39269364535601631857274891710854073565882969999478882304" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899215000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899215 1760899292 - NODATA", - "ingestionTime": 1760899315726, - "eventId": "39269364714007593445519876849290783883655349661687152640" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899221000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899221 1760899301 - NODATA", - "ingestionTime": 1760899327482, - "eventId": "39269364847812064636703615712717370070625663115083776000" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899229000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899229 1760899308 - NODATA", - "ingestionTime": 1760899331997, - "eventId": "39269365026218026224948600850461253750180961257934094336" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899246000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899246 1760899320 - NODATA", - "ingestionTime": 1760899337920, - "eventId": "39269365405330694599969194263728842467517601889384857600" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899248000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899248 1760899316 - NODATA", - "ingestionTime": 1760899340670, - "eventId": "39269365449932184997030440550125147054714641578971234304" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899248000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899248 1760899326 - NODATA", - "ingestionTime": 1760899350749, - "eventId": "39269365449932184997030440562310038574271999808824475648" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899248000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899248 1760899334 - NODATA", - "ingestionTime": 1760899362257, - "eventId": "39269365449932184997030440576222135510589021884186427392" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899250000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899250 1760899322 - NODATA", - "ingestionTime": 1760899338788, - "eventId": "39269365494533675394091686830921152320352927561249128448" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899270000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899270 1760899347 - NODATA", - "ingestionTime": 1760899368708, - "eventId": "39269365940548579364704149697806783144105333794766585856" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899275000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899275 1760899355 - NODATA", - "ingestionTime": 1760899377918, - "eventId": "39269366052052305357357265416619650568836686043098578944" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899282000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899282 1760899359 - NODATA", - "ingestionTime": 1760899382772, - "eventId": "39269366208157521747071627413237592563353248892668477440" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899289000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899289 1760899368 - NODATA", - "ingestionTime": 1760899393097, - "eventId": "39269366364262738136785989416469683496947752941870645248" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899306000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899306 1760899383 - NODATA", - "ingestionTime": 1760899410529, - "eventId": "39269366743375406511806582843650936186411307196496478208" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899307000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899307 1760899377 - NODATA", - "ingestionTime": 1760899397968, - "eventId": "39269366765676151710337205970001456823899431732343996416" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899307000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899307 1760899380 - NODATA", - "ingestionTime": 1760899400607, - "eventId": "39269366765676151710337205973191896492119022919563018240" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899309000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899309 1760899396 - NODATA", - "ingestionTime": 1760899423126, - "eventId": "39269366810277642107398452283487031653564659198874484736" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899316000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899316 1760899382 - NODATA", - "ingestionTime": 1760899399106, - "eventId": "39269366966382858497112814245198916281112315683434004480" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899331000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899331 1760899406 - NODATA", - "ingestionTime": 1760899430913, - "eventId": "39269367300894036475072161406686974765064859028356005888" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899335000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899335 1760899415 - NODATA", - "ingestionTime": 1760899437272, - "eventId": "39269367390097017269194653980516978150189752716098142208" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899339000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899339 1760899418 - NODATA", - "ingestionTime": 1760899447124, - "eventId": "39269367479299998063317146558570512292617288860634185728" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899351000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899351 1760899427 - NODATA", - "ingestionTime": 1760899454220, - "eventId": "39269367746908940445684624265577228552990440521160261632" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899366000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899366 1760899439 - NODATA", - "ingestionTime": 1760899459961, - "eventId": "39269368081420118423643971395553591908768001739518377984" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899369000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899369 1760899440 - NODATA", - "ingestionTime": 1760899457693, - "eventId": "39269368148322354019235840817419132639093943126178463744" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899369000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899369 1760899444 - NODATA", - "ingestionTime": 1760899469981, - "eventId": "39269368148322354019235840832274191397035876158754783232" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899369000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899369 1760899454 - NODATA", - "ingestionTime": 1760899484008, - "eventId": "39269368148322354019235840849232080110616189955149922304" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899374000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899374 1760899441 - NODATA", - "ingestionTime": 1760899460296, - "eventId": "39269368259826080011888956528244589978217412339484983296" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899392000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899392 1760899467 - NODATA", - "ingestionTime": 1760899489716, - "eventId": "39269368661239493585440173111454201356029973516445417472" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899395000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899395 1760899475 - NODATA", - "ingestionTime": 1760899496760, - "eventId": "39269368728141729181032042544576516340573757947585167360" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899402000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899402 1760899481 - NODATA", - "ingestionTime": 1760899503957, - "eventId": "39269368884246945570746404544027514969411264622420295680" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899413000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899413 1760899488 - NODATA", - "ingestionTime": 1760899511503, - "eventId": "39269369129555142754583259110043103669214552903807205376" - } - ], - "eni-0affc8cb976d281e4-all": [ - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899035000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899035 1760899116 - NODATA", - "ingestionTime": 1760899138840, - "eventId": "39269360699873457710007711159019469104701397634533228544" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899046000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899046 1760899125 - NODATA", - "ingestionTime": 1760899146967, - "eventId": "39269360945181654893844565725737606527934368011554914304" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899060000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899060 1760899132 - NODATA", - "ingestionTime": 1760899190646, - "eventId": "39269361257392087673273289760042133263107400332285378560" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899066000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899066 1760899146 - NODATA", - "ingestionTime": 1760899167560, - "eventId": "39269361391196558864457028581347041359969927984593829888" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899074000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899074 1760899154 - NODATA", - "ingestionTime": 1760899179105, - "eventId": "39269361569602520452702013727590210801973350606697005056" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899087000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899087 1760899164 - NODATA", - "ingestionTime": 1760899192244, - "eventId": "39269361859512208033600114583438176555824605694748459008" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899094000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899094 1760899177 - NODATA", - "ingestionTime": 1760899198599, - "eventId": "39269362015617424423314476581871073057489942101635956736" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899096000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899096 1760899173 - NODATA", - "ingestionTime": 1760899189115, - "eventId": "39269362060218914820375722853477185278320939846186958848" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899109000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899109 1760899185 - NODATA", - "ingestionTime": 1760899210726, - "eventId": "39269362350128602401273823719567361138346684332021776384" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899122000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899122 1760899194 - NODATA", - "ingestionTime": 1760899250823, - "eventId": "39269362640038289982171924608006329965051610956954140672" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899124000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899124 1760899206 - NODATA", - "ingestionTime": 1760899227914, - "eventId": "39269362684639780379233170863382549457541174480434364416" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899126000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899126 1760899200 - NODATA", - "ingestionTime": 1760899219338, - "eventId": "39269362729241270776294417136085999322452702428389244928" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899144000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899144 1760899226 - NODATA", - "ingestionTime": 1760899247368, - "eventId": "39269363130654684349845633717615132665541153038186250240" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899153000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899153 1760899235 - NODATA", - "ingestionTime": 1760899261725, - "eventId": "39269363331361391136621242008792839945762262059483660288" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899167000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899167 1760899245 - NODATA", - "ingestionTime": 1760899268996, - "eventId": "39269363643571823916049965999083152685223837249222017024" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899182000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899182 1760899254 - NODATA", - "ingestionTime": 1760899310544, - "eventId": "39269363978083001894009313172347560528882751266101002240" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899184000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899184 1760899260 - NODATA", - "ingestionTime": 1760899281322, - "eventId": "39269364022684492291070559420091896183115699813441011712" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899186000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899186 1760899266 - NODATA", - "ingestionTime": 1760899287931, - "eventId": "39269364067285982688131805711152844471674574293835710464" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899194000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899194 1760899275 - NODATA", - "ingestionTime": 1760899299457, - "eventId": "39269364245691944276376790857372500237716647776452476928" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899204000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899204 1760899285 - NODATA", - "ingestionTime": 1760899309818, - "eventId": "39269364468699396261683022285255354161015274794248699904" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899213000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899213 1760899295 - NODATA", - "ingestionTime": 1760899320882, - "eventId": "39269364669406103048458630572452503370674395929094586368" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899215000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899215 1760899293 - NODATA", - "ingestionTime": 1760899311810, - "eventId": "39269364714007593445519876844556444173706942228705116160" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899229000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899229 1760899309 - NODATA", - "ingestionTime": 1760899328555, - "eventId": "39269365026218026224948600846300242377921950412429459456" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899241000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899241 1760899325 - NODATA", - "ingestionTime": 1760899348957, - "eventId": "39269365293826968607316078569393086186336604020860649472" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899241000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899241 1760899314 - NODATA", - "ingestionTime": 1760899372605, - "eventId": "39269365293826968607316078597982298375350150780347219968" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899245000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899245 1760899321 - NODATA", - "ingestionTime": 1760899340200, - "eventId": "39269365383029949401438571124949559171644792505665978368" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899251000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899251 1760899335 - NODATA", - "ingestionTime": 1760899359866, - "eventId": "39269365516834420592622309997938463861202851147023974400" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899266000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899266 1760899345 - NODATA", - "ingestionTime": 1760899367752, - "eventId": "39269365851345598570581657130508151919096926587179171840" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899272000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899272 1760899359 - NODATA", - "ingestionTime": 1760899383256, - "eventId": "39269365985150069761765395998465481644863673480582332416" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899276000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899276 1760899352 - NODATA", - "ingestionTime": 1760899370378, - "eventId": "39269366074353050555887888549039652693215533761524727808" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899288000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899288 1760899366 - NODATA", - "ingestionTime": 1760899388583, - "eventId": "39269366341961992938255366269476998944118616763606564864" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899303000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899303 1760899381 - NODATA", - "ingestionTime": 1760899400318, - "eventId": "39269366676473170916214713406699804785352071340302925824" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899303000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899303 1760899375 - NODATA", - "ingestionTime": 1760899429510, - "eventId": "39269366676473170916214713441990338386303280666812350464" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899307000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899307 1760899384 - NODATA", - "ingestionTime": 1760899411298, - "eventId": "39269366765676151710337205986116559650590329171965837312" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899312000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899312 1760899394 - NODATA", - "ingestionTime": 1760899422796, - "eventId": "39269366877179877702990321707695130867012944863901057024" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899322000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899322 1760899403 - NODATA", - "ingestionTime": 1760899428577, - "eventId": "39269367100187329688296553130041479120048520123150827520" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899334000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899334 1760899412 - NODATA", - "ingestionTime": 1760899432439, - "eventId": "39269367367796272070664030833138720654446275223893245952" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899334000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899334 1760899414 - NODATA", - "ingestionTime": 1760899439881, - "eventId": "39269367367796272070664030842135296708003520290717499392" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899347000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899347 1760899424 - NODATA", - "ingestionTime": 1760899451070, - "eventId": "39269367657705959651562131695626595798239555883438637056" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899361000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899361 1760899435 - NODATA", - "ingestionTime": 1760899490451, - "eventId": "39269367969916392430990855724735341148002908163555328000" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899364000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899364 1760899441 - NODATA", - "ingestionTime": 1760899459187, - "eventId": "39269368036818628026582725111546443776056460041485942784" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899366000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899366 1760899447 - NODATA", - "ingestionTime": 1760899471147, - "eventId": "39269368081420118423643971409076505618835547023528493056" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899370000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899370 1760899452 - NODATA", - "ingestionTime": 1760899479024, - "eventId": "39269368170623099217766463984742283714993043411306807296" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899382000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899382 1760899467 - NODATA", - "ingestionTime": 1760899488669, - "eventId": "39269368438232041600133941694831139681884182062797881344" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899394000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899394 1760899475 - NODATA", - "ingestionTime": 1760899502220, - "eventId": "39269368705840983982501419409641737709798658672228827136" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899398000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899398 1760899473 - NODATA", - "ingestionTime": 1760899489665, - "eventId": "39269368795043964776623911960606453012996625068128206848" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899409000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899409 1760899486 - NODATA", - "ingestionTime": 1760899512065, - "eventId": "39269369040352161960460766544579612106892416237728497664" - } - ], - "eni-0cc527ecbe7a26eaf-all": [ - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899035000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899035 1760899117 - NODATA", - "ingestionTime": 1760899142936, - "eventId": "39269360699873457710007711163971510559320265101743685632" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899036000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899036 1760899114 - NODATA", - "ingestionTime": 1760899134414, - "eventId": "39269360722174202908538334295204820463313948714318168064" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899050000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899050 1760899129 - NODATA", - "ingestionTime": 1760899152727, - "eventId": "39269361034384635687967058298843497727773204937133850624" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899063000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899063 1760899133 - NODATA", - "ingestionTime": 1760899185523, - "eventId": "39269361324294323268865159178455904111196628287686770688" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899065000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899065 1760899140 - NODATA", - "ingestionTime": 1760899158843, - "eventId": "39269361368895813665926405429273417399856208608128204800" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899066000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899066 1760899145 - NODATA", - "ingestionTime": 1760899168245, - "eventId": "39269361391196558864457028582175509246823037858524626944" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899072000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899072 1760899154 - NODATA", - "ingestionTime": 1760899181163, - "eventId": "39269361525001030055640767447006181139772869756776218624" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899090000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899090 1760899170 - NODATA", - "ingestionTime": 1760899193900, - "eventId": "39269361926414443629191984010047495961379235145155215360" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899092000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899092 1760899177 - NODATA", - "ingestionTime": 1760899202749, - "eventId": "39269361971015934026253230303816785979875019549754589184" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899110000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899110 1760899188 - NODATA", - "ingestionTime": 1760899210860, - "eventId": "39269362372429347599804446861265377207808753828176592896" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899125000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899125 1760899204 - NODATA", - "ingestionTime": 1760899230989, - "eventId": "39269362706940525577763794008635558579997690313193750528" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899126000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899126 1760899200 - NODATA", - "ingestionTime": 1760899219830, - "eventId": "39269362729241270776294417136680824586241537371595341824" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899127000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899127 1760899212 - NODATA", - "ingestionTime": 1760899242326, - "eventId": "39269362751542015974825040305412561063885034823646773248" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899146000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899146 1760899226 - NODATA", - "ingestionTime": 1760899246152, - "eventId": "39269363175256174746906879999216657007477593368650383360" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899152000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899152 1760899231 - NODATA", - "ingestionTime": 1760899253019, - "eventId": "39269363309060645938090618856732243219578704771989635072" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899156000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899156 1760899237 - NODATA", - "ingestionTime": 1760899263736, - "eventId": "39269363398263626732213111435831655263089646910124851200" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899170000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899170 1760899247 - NODATA", - "ingestionTime": 1760899271074, - "eventId": "39269363710474059511641835426202440992731308715443683328" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899184000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899184 1760899260 - NODATA", - "ingestionTime": 1760899279688, - "eventId": "39269364022684492291070559418116119557759800710406471680" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899186000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899186 1760899257 - NODATA", - "ingestionTime": 1760899306262, - "eventId": "39269364067285982688131805733313731667256371536065331200" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899188000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899188 1760899266 - NODATA", - "ingestionTime": 1760899288672, - "eventId": "39269364111887473085193051995119913844343400534901653504" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899194000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899194 1760899275 - NODATA", - "ingestionTime": 1760899299252, - "eventId": "39269364245691944276376790857125149363662073314597076992" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899204000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899204 1760899285 - NODATA", - "ingestionTime": 1760899309280, - "eventId": "39269364468699396261683022284605296878582061744064102400" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899214000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899214 1760899291 - NODATA", - "ingestionTime": 1760899314311, - "eventId": "39269364691706848246989253706044751639540719357729177600" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899215000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899215 1760899296 - NODATA", - "ingestionTime": 1760899324087, - "eventId": "39269364714007593445519876859398939631364402504914436096" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899232 1760899310 - NODATA", - "ingestionTime": 1760899334354, - "eventId": "39269365093120261820540470277918148826862523982991851520" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899245000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899245 1760899320 - NODATA", - "ingestionTime": 1760899341889, - "eventId": "39269365383029949401438571126991283198097922654519689216" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899245000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899245 1760899325 - NODATA", - "ingestionTime": 1760899348539, - "eventId": "39269365383029949401438571135031132663793566278058115072" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899246000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899246 1760899316 - NODATA", - "ingestionTime": 1760899366160, - "eventId": "39269365405330694599969194297869179122661927007680724992" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899253000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899253 1760899335 - NODATA", - "ingestionTime": 1760899360237, - "eventId": "39269365561435910989683556281458718788128809122697052160" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899263000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899263 1760899343 - NODATA", - "ingestionTime": 1760899367744, - "eventId": "39269365784443362974989787705891158615048326713479266304" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899275000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899275 1760899352 - NODATA", - "ingestionTime": 1760899372061, - "eventId": "39269366052052305357357265409538549045672232196748017664" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899275000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899275 1760899358 - NODATA", - "ingestionTime": 1760899383656, - "eventId": "39269366052052305357357265423556517543661022486787260416" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899290000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899290 1760899367 - NODATA", - "ingestionTime": 1760899391461, - "eventId": "39269366386563483335316612556027451863182680765922607104" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899303000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899303 1760899381 - NODATA", - "ingestionTime": 1760899403625, - "eventId": "39269366676473170916214713410697222888582558342587351040" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899307000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899307 1760899384 - NODATA", - "ingestionTime": 1760899411002, - "eventId": "39269366765676151710337205985758614282112731246506541056" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899314000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899314 1760899394 - NODATA", - "ingestionTime": 1760899419972, - "eventId": "39269366921781368100051567987352686539192809824210518016" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899324000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899324 1760899404 - NODATA", - "ingestionTime": 1760899426887, - "eventId": "39269367144788820085357799411069452063340406770065408000" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899334000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899334 1760899412 - NODATA", - "ingestionTime": 1760899434439, - "eventId": "39269367367796272070664030835556822797651854308072357888" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899334000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899334 1760899417 - NODATA", - "ingestionTime": 1760899446456, - "eventId": "39269367367796272070664030850084056944309412406590767104" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899351000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899351 1760899427 - NODATA", - "ingestionTime": 1760899451312, - "eventId": "39269367746908940445684624262062177639914816024458821632" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899364000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899364 1760899441 - NODATA", - "ingestionTime": 1760899459035, - "eventId": "39269368036818628026582725111362754830102764013299433472" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899364000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899364 1760899446 - NODATA", - "ingestionTime": 1760899470289, - "eventId": "39269368036818628026582725124967908315929005802571956224" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899368000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899368 1760899437 - NODATA", - "ingestionTime": 1760899486041, - "eventId": "39269368126021608820705217710153819616007802450744442880" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899370000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899370 1760899452 - NODATA", - "ingestionTime": 1760899480164, - "eventId": "39269368170623099217766463986120228458155453978742292480" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899383000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899383 1760899466 - NODATA", - "ingestionTime": 1760899488206, - "eventId": "39269368460532786798664564835806916203379451258122797056" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899393000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899393 1760899476 - NODATA", - "ingestionTime": 1760899506645, - "eventId": "39269368683540238783970796273455606208662299519439011840" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899397000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899397 1760899475 - NODATA", - "ingestionTime": 1760899493621, - "eventId": "39269368772743219578093288823853465559792739857376215040" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899410000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899410 1760899488 - NODATA", - "ingestionTime": 1760899512938, - "eventId": "39269369062652907158991389687170444069467983195855192064" - } - ], - "eni-00e49c1a350a96c62-all": [ - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899037000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899037 1760899114 - NODATA", - "ingestionTime": 1760899138767, - "eventId": "39269360744474948107068957442002873060395970223357362176" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899049000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899049 1760899123 - NODATA", - "ingestionTime": 1760899145913, - "eventId": "39269361012083890489436435149070146485244488969436200960" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899057000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899057 1760899130 - NODATA", - "ingestionTime": 1760899154890, - "eventId": "39269361190489852077681420292208780129801594305213628416" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899063000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899063 1760899143 - NODATA", - "ingestionTime": 1760899165282, - "eventId": "39269361324294323268865159153986206642563145982672568320" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899068000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899068 1760899140 - NODATA", - "ingestionTime": 1760899155203, - "eventId": "39269361435798049261518274849479695499931155809958887424" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899069000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899069 1760899149 - NODATA", - "ingestionTime": 1760899172925, - "eventId": "39269361458098794460048898012440441311275205415884881920" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899074000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899074 1760899158 - NODATA", - "ingestionTime": 1760899188149, - "eventId": "39269361569602520452702013738523382166437444405447360512" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899094000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899094 1760899173 - NODATA", - "ingestionTime": 1760899193854, - "eventId": "39269362015617424423314476576134577772443043769486868480" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899098000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899098 1760899175 - NODATA", - "ingestionTime": 1760899198765, - "eventId": "39269362104820405217436969148214454073853692019531972608" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899106000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899106 1760899183 - NODATA", - "ingestionTime": 1760899205855, - "eventId": "39269362283226366805681954289071863715341114358247981056" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899116000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899116 1760899190 - NODATA", - "ingestionTime": 1760899218900, - "eventId": "39269362506233818790988185720199514343819175426755985408" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899124000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899124 1760899200 - NODATA", - "ingestionTime": 1760899223152, - "eventId": "39269362684639780379233170857625462746990168067807838208" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899129000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899129 1760899207 - NODATA", - "ingestionTime": 1760899233704, - "eventId": "39269362796143506371886286578060267268971733818706690048" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899130000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899130 1760899200 - NODATA", - "ingestionTime": 1760899216597, - "eventId": "39269362818444251570416909698915159185654638900559478784" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899132000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899132 1760899217 - NODATA", - "ingestionTime": 1760899249116, - "eventId": "39269362863045741967478156021299470001702103957709324288" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899157000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899157 1760899233 - NODATA", - "ingestionTime": 1760899250348, - "eventId": "39269363420564371930743734561181793392594438106193985536" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899158000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899158 1760899235 - NODATA", - "ingestionTime": 1760899257916, - "eventId": "39269363442865117129274357711867073227048333308284895232" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899167000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899167 1760899242 - NODATA", - "ingestionTime": 1760899266443, - "eventId": "39269363643571823916049965995997165200773008274068602880" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899176000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899176 1760899252 - NODATA", - "ingestionTime": 1760899278154, - "eventId": "39269363844278530702825574283975957584885667444695433216" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899183000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899183 1760899261 - NODATA", - "ingestionTime": 1760899283120, - "eventId": "39269364000383747092539936280729434656590907773135814656" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899187000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899187 1760899267 - NODATA", - "ingestionTime": 1760899294600, - "eventId": "39269364089586727886662428860750732039464946026079584256" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899190000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899190 1760899260 - NODATA", - "ingestionTime": 1760899275302, - "eventId": "39269364156488963482254298262028409321693380740057726976" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899193000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899193 1760899277 - NODATA", - "ingestionTime": 1760899306056, - "eventId": "39269364223391199077846167723814463848546217742214758400" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899213000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899213 1760899292 - NODATA", - "ingestionTime": 1760899313242, - "eventId": "39269364669406103048458630563216446915861083943820525568" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899217000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899217 1760899294 - NODATA", - "ingestionTime": 1760899321674, - "eventId": "39269364758609083842581123139552769844370962991551938560" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899228000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899228 1760899304 - NODATA", - "ingestionTime": 1760899325244, - "eventId": "39269365003917281026417977700761979083052749898730242048" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899234000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899234 1760899313 - NODATA", - "ingestionTime": 1760899337001, - "eventId": "39269365137721752217601716564189390859907730233102761984" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899243000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899243 1760899323 - NODATA", - "ingestionTime": 1760899342968, - "eventId": "39269365338428459004377324845224710968490708577878147072" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899247000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899247 1760899320 - NODATA", - "ingestionTime": 1760899337957, - "eventId": "39269365427631439798499817405309310435025331773548134400" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899250000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899250 1760899327 - NODATA", - "ingestionTime": 1760899354215, - "eventId": "39269365494533675394091686849571300684571434120473935872" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899256000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899256 1760899339 - NODATA", - "ingestionTime": 1760899366733, - "eventId": "39269365628338146585275425713918766977677100855991992320" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899274000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899274 1760899355 - NODATA", - "ingestionTime": 1760899383193, - "eventId": "39269366029751560158826642281460692452759301299789365248" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899275000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899275 1760899350 - NODATA", - "ingestionTime": 1760899372605, - "eventId": "39269366052052305357357265410196231221786162162004131840" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899289000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899289 1760899364 - NODATA", - "ingestionTime": 1760899386545, - "eventId": "39269366364262738136785989408548697493435601619971342336" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899296000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899296 1760899369 - NODATA", - "ingestionTime": 1760899397522, - "eventId": "39269366520367954526500351412569071531243907951461466112" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899303000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899303 1760899381 - NODATA", - "ingestionTime": 1760899403322, - "eventId": "39269366676473170916214713410331080053193532204739461120" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899310000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899310 1760899380 - NODATA", - "ingestionTime": 1760899396685, - "eventId": "39269366832578387305929075393057588744809773639408222208" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899310000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899310 1760899391 - NODATA", - "ingestionTime": 1760899414626, - "eventId": "39269366832578387305929075414746681071818916868380557312" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899312000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899312 1760899397 - NODATA", - "ingestionTime": 1760899426265, - "eventId": "39269366877179877702990321711888984629719983476018970624" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899334000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899334 1760899415 - NODATA", - "ingestionTime": 1760899439060, - "eventId": "39269367367796272070664030841142937958575332058401079296" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899335000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899335 1760899411 - NODATA", - "ingestionTime": 1760899430946, - "eventId": "39269367390097017269194653972869353730141055293073653760" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899348000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899348 1760899422 - NODATA", - "ingestionTime": 1760899445836, - "eventId": "39269367680006704850092754830834442177159248388842323968" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899358000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899358 1760899431 - NODATA", - "ingestionTime": 1760899455982, - "eventId": "39269367903014156835398986258457400930997965156061413376" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899363000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899363 1760899448 - NODATA", - "ingestionTime": 1760899475444, - "eventId": "39269368014517882828052101989664297898907338176166625280" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899364000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899364 1760899440 - NODATA", - "ingestionTime": 1760899465105, - "eventId": "39269368036818628026582725118701199232259355164586803200" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899371000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899371 1760899440 - NODATA", - "ingestionTime": 1760899457014, - "eventId": "39269368192923844416297087099669576687152167684464902144" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899377000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899377 1760899459 - NODATA", - "ingestionTime": 1760899490171, - "eventId": "39269368326728315607480825988968463538789249157613486080" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899393000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899393 1760899469 - NODATA", - "ingestionTime": 1760899490033, - "eventId": "39269368683540238783970796253372651980199477280652132352" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899393000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899393 1760899475 - NODATA", - "ingestionTime": 1760899500599, - "eventId": "39269368683540238783970796266146224296626452138420731904" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899409000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899409 1760899484 - NODATA", - "ingestionTime": 1760899505136, - "eventId": "39269369040352161960460766536202630897021212831417696256" - } - ], - "eni-0fa50413d12043097-all": [ - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899040000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899040 1760899115 - NODATA", - "ingestionTime": 1760899140262, - "eventId": "39269360811377183702660826868416985984503058815102287872" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899042000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899042 1760899121 - NODATA", - "ingestionTime": 1760899143376, - "eventId": "39269360855978674099722073155253169520247183234716467200" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899052000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899052 1760899128 - NODATA", - "ingestionTime": 1760899152591, - "eventId": "39269361078986126085028304581750881363540677418497605632" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899064000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899064 1760899140 - NODATA", - "ingestionTime": 1760899162154, - "eventId": "39269361346595068467395782291739961430735159900244934656" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899066000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899066 1760899144 - NODATA", - "ingestionTime": 1760899169498, - "eventId": "39269361391196558864457028583690118502832229354569924608" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899073000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899073 1760899154 - NODATA", - "ingestionTime": 1760899179003, - "eventId": "39269361547301775254171390585930848990670403554094546944" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899092000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899092 1760899171 - NODATA", - "ingestionTime": 1760899190986, - "eventId": "39269361971015934026253230289595803506801529278806687744" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899098000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899098 1760899181 - NODATA", - "ingestionTime": 1760899207867, - "eventId": "39269362104820405217436969159218344953622183587375808512" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899112000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899112 1760899188 - NODATA", - "ingestionTime": 1760899214794, - "eventId": "39269362417030837996865693149092557063885044642170601472" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899126000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899126 1760899200 - NODATA", - "ingestionTime": 1760899218363, - "eventId": "39269362729241270776294417134907160818739660973908819968" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899127000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899127 1760899204 - NODATA", - "ingestionTime": 1760899228143, - "eventId": "39269362751542015974825040288266516288111335930212450304" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899130000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899130 1760899196 - NODATA", - "ingestionTime": 1760899236269, - "eventId": "39269362818444251570416909722696919918440077319402749952" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899136000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899136 1760899216 - NODATA", - "ingestionTime": 1760899235291, - "eventId": "39269362952248722761600648570728909971269331639508271104" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899138000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899138 1760899219 - NODATA", - "ingestionTime": 1760899250086, - "eventId": "39269362996850213158661894871686954858411832487192231936" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899153000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899153 1760899230 - NODATA", - "ingestionTime": 1760899254654, - "eventId": "39269363331361391136621242000244768455551793757717463040" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899161000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899161 1760899237 - NODATA", - "ingestionTime": 1760899257334, - "eventId": "39269363509767352724866227135770221742737076997653921792" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899164000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899164 1760899241 - NODATA", - "ingestionTime": 1760899265939, - "eventId": "39269363576669588320458096570780569355098770852205232128" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899174000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899174 1760899249 - NODATA", - "ingestionTime": 1760899273397, - "eventId": "39269363799677040305764327995154046397828555294498422784" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899184000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899184 1760899260 - NODATA", - "ingestionTime": 1760899281771, - "eventId": "39269364022684492291070559420634279420924730337580023808" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899187000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899187 1760899265 - NODATA", - "ingestionTime": 1760899288795, - "eventId": "39269364089586727886662428853733110355927812841166798848" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899196000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899196 1760899273 - NODATA", - "ingestionTime": 1760899296003, - "eventId": "39269364290293434673438037136268631779257380741103878144" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899198000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899198 1760899278 - NODATA", - "ingestionTime": 1760899306553, - "eventId": "39269364334894925070499283432094430904808367107227451392" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899213000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899213 1760899289 - NODATA", - "ingestionTime": 1760899312120, - "eventId": "39269364669406103048458630561859774536441580822616932352" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899219000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899219 1760899295 - NODATA", - "ingestionTime": 1760899317268, - "eventId": "39269364803210574239642369417297713069416572112904192000" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899219000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899219 1760899301 - NODATA", - "ingestionTime": 1760899322768, - "eventId": "39269364803210574239642369423946845989658433766276726784" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899234000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899234 1760899311 - NODATA", - "ingestionTime": 1760899332678, - "eventId": "39269365137721752217601716558963471053914458804630847488" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899245000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899245 1760899320 - NODATA", - "ingestionTime": 1760899339367, - "eventId": "39269365383029949401438571123942486092557966856190361600" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899247000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899247 1760899324 - NODATA", - "ingestionTime": 1760899348309, - "eventId": "39269365427631439798499817417824354360108782591454478336" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899253000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899253 1760899332 - NODATA", - "ingestionTime": 1760899355678, - "eventId": "39269365561435910989683556275947266384107891177478815744" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899261000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899261 1760899342 - NODATA", - "ingestionTime": 1760899366693, - "eventId": "39269365739841872577928541421549487378245342185086910464" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899273000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899273 1760899350 - NODATA", - "ingestionTime": 1760899372128, - "eventId": "39269366007450814960296019126548532389304577255380680704" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899281000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899281 1760899356 - NODATA", - "ingestionTime": 1760899377874, - "eventId": "39269366185856776548541004265780822088761543221054603264" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899284000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899284 1760899364 - NODATA", - "ingestionTime": 1760899385324, - "eventId": "39269366252759012144132873699394307557598695465524264960" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899292000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899292 1760899368 - NODATA", - "ingestionTime": 1760899394142, - "eventId": "39269366431164973732377858842340359302581975791635333120" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899303000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899303 1760899380 - NODATA", - "ingestionTime": 1760899400005, - "eventId": "39269366676473170916214713406321216800965289140896202752" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899307000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899307 1760899383 - NODATA", - "ingestionTime": 1760899409949, - "eventId": "39269366765676151710337205984485811763750024473813581824" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899313000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899313 1760899378 - NODATA", - "ingestionTime": 1760899414160, - "eventId": "39269366899480622901520944838790532611734763965527949312" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899314000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899314 1760899394 - NODATA", - "ingestionTime": 1760899419381, - "eventId": "39269366921781368100051567986638388512800638442458775552" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899317000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899317 1760899401 - NODATA", - "ingestionTime": 1760899428481, - "eventId": "39269366988683603695643437422246304878471566233588793344" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899334000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899334 1760899410 - NODATA", - "ingestionTime": 1760899430659, - "eventId": "39269367367796272070664030830986961116563222632212791296" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899340000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899340 1760899416 - NODATA", - "ingestionTime": 1760899436518, - "eventId": "39269367501600743261847769687284398395473853959957053440" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899345000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899345 1760899422 - NODATA", - "ingestionTime": 1760899447444, - "eventId": "39269367613104469254500885408171291853138687591527874560" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899354000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899354 1760899429 - NODATA", - "ingestionTime": 1760899453567, - "eventId": "39269367813811176041276493689395293155195266907628961792" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899364000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899364 1760899441 - NODATA", - "ingestionTime": 1760899458468, - "eventId": "39269368036818628026582725110677664820832133703468122112" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899370000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899370 1760899445 - NODATA", - "ingestionTime": 1760899471928, - "eventId": "39269368170623099217766463976163577497656700642295021568" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899375000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899375 1760899454 - NODATA", - "ingestionTime": 1760899475464, - "eventId": "39269368282126825210419579688117181201629642247446134784" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899377000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899377 1760899460 - NODATA", - "ingestionTime": 1760899486979, - "eventId": "39269368326728315607480825985109618256405191504821223424" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899391000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899391 1760899470 - NODATA", - "ingestionTime": 1760899491571, - "eventId": "39269368638938748386909549972160630771095970562797076480" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899398000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899398 1760899476 - NODATA", - "ingestionTime": 1760899496786, - "eventId": "39269368795043964776623911969215202050450603886724448256" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899398000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899398 1760899480 - NODATA", - "ingestionTime": 1760899504483, - "eventId": "39269368795043964776623911978520527272550776449095237632" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899410000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899410 1760899487 - NODATA", - "ingestionTime": 1760899514868, - "eventId": "39269369062652907158991389689503736367846913633824866304" - } - ], - "eni-0ab252a7dc8378f9e-all": [ - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899043000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899043 1760899121 - NODATA", - "ingestionTime": 1760899144743, - "eventId": "39269360878279419298252696298441346294757840151857463296" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899055000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899055 1760899132 - NODATA", - "ingestionTime": 1760899168235, - "eventId": "39269361145888361680620174025270253239837550314553278464" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899063000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899063 1760899140 - NODATA", - "ingestionTime": 1760899163640, - "eventId": "39269361324294323268865159152001029709603810370906947584" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899063000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899063 1760899143 - NODATA", - "ingestionTime": 1760899168077, - "eventId": "39269361324294323268865159157365264056044858698275160064" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899074000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899074 1760899156 - NODATA", - "ingestionTime": 1760899176432, - "eventId": "39269361569602520452702013724358474785221923001425002496" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899083000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899083 1760899165 - NODATA", - "ingestionTime": 1760899187057, - "eventId": "39269361770309227239477622011024815587615914795180752896" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899087000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899087 1760899153 - NODATA", - "ingestionTime": 1760899167556, - "eventId": "39269361859512208033600114553592653372149707506846400512" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899092000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899092 1760899170 - NODATA", - "ingestionTime": 1760899192280, - "eventId": "39269361971015934026253230291160278927375725344553107456" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899099000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899099 1760899177 - NODATA", - "ingestionTime": 1760899198187, - "eventId": "39269362127121150415967592289051716776414009852387983360" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899103000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899103 1760899183 - NODATA", - "ingestionTime": 1760899206246, - "eventId": "39269362216324131210090084864937018834584512701592240128" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899116000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899116 1760899191 - NODATA", - "ingestionTime": 1760899232074, - "eventId": "39269362506233818790988185736125476421465966948702420992" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899126000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899126 1760899200 - NODATA", - "ingestionTime": 1760899219781, - "eventId": "39269362729241270776294417136621410518674911340285657088" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899127000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899127 1760899204 - NODATA", - "ingestionTime": 1760899228166, - "eventId": "39269362751542015974825040288294114353006436868741267456" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899135000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899135 1760899216 - NODATA", - "ingestionTime": 1760899236537, - "eventId": "39269362929947977563070025430699906144758538369638989824" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899143000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899143 1760899223 - NODATA", - "ingestionTime": 1760899246487, - "eventId": "39269363108353939151315010575014091586148403225718226944" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899152000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899152 1760899218 - NODATA", - "ingestionTime": 1760899228230, - "eventId": "39269363309060645938090618826764277432324953379863986176" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899154000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899154 1760899230 - NODATA", - "ingestionTime": 1760899251910, - "eventId": "39269363353662136335151865138463170581794388689786109952" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899159000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899159 1760899237 - NODATA", - "ingestionTime": 1760899258836, - "eventId": "39269363465165862327804980854514963320757161567338037248" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899164000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899164 1760899243 - NODATA", - "ingestionTime": 1760899267297, - "eventId": "39269363576669588320458096572421907225632428613003575296" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899175000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899175 1760899249 - NODATA", - "ingestionTime": 1760899289057, - "eventId": "39269363821977785504294951155621307693113204263044317184" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899182000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899182 1760899260 - NODATA", - "ingestionTime": 1760899284104, - "eventId": "39269363978083001894009313140383662044320238584828002304" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899188000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899188 1760899264 - NODATA", - "ingestionTime": 1760899289384, - "eventId": "39269364111887473085193051995981173248009206015046909952" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899194000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899194 1760899273 - NODATA", - "ingestionTime": 1760899297876, - "eventId": "39269364245691944276376790855461696834132070243219472384" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899201000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899201 1760899281 - NODATA", - "ingestionTime": 1760899306426, - "eventId": "39269364401797160666091152856547997110764227965170089984" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899212000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899212 1760899290 - NODATA", - "ingestionTime": 1760899311990, - "eventId": "39269364647105357849928007420167105058361158249298591744" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899220000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899220 1760899296 - NODATA", - "ingestionTime": 1760899318981, - "eventId": "39269364825511319438172992560904692599124508662111862784" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899225000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899225 1760899305 - NODATA", - "ingestionTime": 1760899326405, - "eventId": "39269364937015045430826108277557866612080981738167205888" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899234000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899234 1760899311 - NODATA", - "ingestionTime": 1760899349607, - "eventId": "39269365137721752217601716579429045015788236565383872512" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899244000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899244 1760899320 - NODATA", - "ingestionTime": 1760899340539, - "eventId": "39269365360729204202907947983824034257365336815361916928" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899246000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899246 1760899324 - NODATA", - "ingestionTime": 1760899349659, - "eventId": "39269365405330694599969194277920420845905191734063595520" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899255000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899255 1760899333 - NODATA", - "ingestionTime": 1760899355340, - "eventId": "39269365606037401386744802558609859740341295972286267392" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899258000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899258 1760899342 - NODATA", - "ingestionTime": 1760899370852, - "eventId": "39269365672939636982336672001969956859553818871193468928" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899264000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899264 1760899332 - NODATA", - "ingestionTime": 1760899350205, - "eventId": "39269365806744108173520410826223332584796236243615940608" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899273000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899273 1760899351 - NODATA", - "ingestionTime": 1760899371460, - "eventId": "39269366007450814960296019125740775862889849020409970688" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899280000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899280 1760899356 - NODATA", - "ingestionTime": 1760899380041, - "eventId": "39269366163556031350010381126864519046676932443778842624" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899285000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899285 1760899363 - NODATA", - "ingestionTime": 1760899385191, - "eventId": "39269366275059757342663496840769274361216909335960289280" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899294000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899294 1760899369 - NODATA", - "ingestionTime": 1760899408748, - "eventId": "39269366475766464129439105143069271520703015093635448832" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899303000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899303 1760899380 - NODATA", - "ingestionTime": 1760899403298, - "eventId": "39269366676473170916214713410301864753488679959076405248" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899307000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899307 1760899385 - NODATA", - "ingestionTime": 1760899409389, - "eventId": "39269366765676151710337205983808376335481471422902829056" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899314000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899314 1760899393 - NODATA", - "ingestionTime": 1760899417527, - "eventId": "39269366921781368100051567984396803465274466565072355328" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899322000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899322 1760899404 - NODATA", - "ingestionTime": 1760899425908, - "eventId": "39269367100187329688296553126814732094305494235156250624" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899325000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899325 1760899394 - NODATA", - "ingestionTime": 1760899407513, - "eventId": "39269367167089565283888422529183595729306489697859207168" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899334000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899334 1760899411 - NODATA", - "ingestionTime": 1760899432182, - "eventId": "39269367367796272070664030832828069171568725790328619008" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899338000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899338 1760899417 - NODATA", - "ingestionTime": 1760899441926, - "eventId": "39269367456999252864786523410750437457893915410264948736" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899347000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899347 1760899423 - NODATA", - "ingestionTime": 1760899448300, - "eventId": "39269367657705959651562131692277680343019782573063667712" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899357000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899357 1760899431 - NODATA", - "ingestionTime": 1760899468795, - "eventId": "39269367880713411636868363132411672098214393367238672384" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899364000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899364 1760899441 - NODATA", - "ingestionTime": 1760899460562, - "eventId": "39269368036818628026582725113209034936779570569075097600" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899370000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899370 1760899445 - NODATA", - "ingestionTime": 1760899469949, - "eventId": "39269368170623099217766463973771603933568241784363286528" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899379000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899379 1760899454 - NODATA", - "ingestionTime": 1760899478804, - "eventId": "39269368371329806004542072258297942518344252529592041472" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899384000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899384 1760899454 - NODATA", - "ingestionTime": 1760899468911, - "eventId": "39269368482833531997195187954016642404155879694547550208" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899384000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899384 1760899466 - NODATA", - "ingestionTime": 1760899486220, - "eventId": "39269368482833531997195187974941804250215427335835811840" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899396000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899396 1760899472 - NODATA", - "ingestionTime": 1760899492248, - "eventId": "39269368750442474379562665680657565911081339579250507776" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899400000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899400 1760899478 - NODATA", - "ingestionTime": 1760899500150, - "eventId": "39269368839645455173685158256353497648806873134796832768" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899403000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899403 1760899482 - NODATA", - "ingestionTime": 1760899507126, - "eventId": "39269368906547690769277027689394005336431475869869670400" - } - ], - "eni-0d52b90c56c30aaaf-all": [ - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899047000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899047 1760899125 - NODATA", - "ingestionTime": 1760899147882, - "eventId": "39269360967482400092375188868379387488249224545389772800" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899060000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899060 1760899131 - NODATA", - "ingestionTime": 1760899156440, - "eventId": "39269361257392087673273289718689448193884824360186019840" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899064000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899064 1760899142 - NODATA", - "ingestionTime": 1760899162528, - "eventId": "39269361346595068467395782292192150158971810428482420736" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899069000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899069 1760899147 - NODATA", - "ingestionTime": 1760899172082, - "eventId": "39269361458098794460048898011420986728738606749298458624" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899075000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899075 1760899154 - NODATA", - "ingestionTime": 1760899179557, - "eventId": "39269361591903265651232636869672220334830881519077687296" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899085000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899085 1760899165 - NODATA", - "ingestionTime": 1760899188478, - "eventId": "39269361814910717636538868295814303201759959957510815744" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899095000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899095 1760899172 - NODATA", - "ingestionTime": 1760899194879, - "eventId": "39269362037918169621845099718909715757515917376757170176" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899107000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899107 1760899185 - NODATA", - "ingestionTime": 1760899206508, - "eventId": "39269362305527112004212577431396849746611502212074307584" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899121000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899121 1760899192 - NODATA", - "ingestionTime": 1760899214474, - "eventId": "39269362617737544783641301422527240192386104119123574784" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899123000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899123 1760899201 - NODATA", - "ingestionTime": 1760899222492, - "eventId": "39269362662339035180702547715291594383117768292878319616" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899130000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899130 1760899208 - NODATA", - "ingestionTime": 1760899233348, - "eventId": "39269362818444251570416909719166094403420838251948867584" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899134000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899134 1760899217 - NODATA", - "ingestionTime": 1760899237905, - "eventId": "39269362907647232364539402290818007128969998725776801792" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899148000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899148 1760899227 - NODATA", - "ingestionTime": 1760899249387, - "eventId": "39269363219857665143968126286198786333524041780303036416" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899158000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899158 1760899239 - NODATA", - "ingestionTime": 1760899261413, - "eventId": "39269363442865117129274357716094800437411500094429528064" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899160000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899160 1760899234 - NODATA", - "ingestionTime": 1760899253536, - "eventId": "39269363487466607526335603989642999868426518943790465024" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899169000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899169 1760899246 - NODATA", - "ingestionTime": 1760899268102, - "eventId": "39269363688173314313111212281074160052015497532470460416" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899180000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899180 1760899252 - NODATA", - "ingestionTime": 1760899274719, - "eventId": "39269363933481511496948066845966343222172770892652806144" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899180000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899180 1760899260 - NODATA", - "ingestionTime": 1760899282079, - "eventId": "39269363933481511496948066854863770950199002917434556416" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899182000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899182 1760899266 - NODATA", - "ingestionTime": 1760899293227, - "eventId": "39269363978083001894009313151412646716540168025258590208" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899190000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899190 1760899260 - NODATA", - "ingestionTime": 1760899274490, - "eventId": "39269364156488963482254298261046844228847478003796869120" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899197000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899197 1760899278 - NODATA", - "ingestionTime": 1760899300413, - "eventId": "39269364312594179871968660283135671277550524372656193536" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899206000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899206 1760899285 - NODATA", - "ingestionTime": 1760899307559, - "eventId": "39269364513300886658744268565595883298524412475948466176" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899217000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899217 1760899298 - NODATA", - "ingestionTime": 1760899321757, - "eventId": "39269364758609083842581123139653540981407932788203454464" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899218000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899218 1760899294 - NODATA", - "ingestionTime": 1760899314944, - "eventId": "39269364780909829041111746272952618045972927612869541888" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899228000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899228 1760899306 - NODATA", - "ingestionTime": 1760899328418, - "eventId": "39269365003917281026417977704598914236157516870803456000" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899237000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899237 1760899311 - NODATA", - "ingestionTime": 1760899335203, - "eventId": "39269365204623987813193585986622672787194287678300815360" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899244000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899244 1760899323 - NODATA", - "ingestionTime": 1760899343217, - "eventId": "39269365360729204202907947987061312010472019627786567680" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899251000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899251 1760899320 - NODATA", - "ingestionTime": 1760899334785, - "eventId": "39269365516834420592622309967617577569085590337844543488" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899251000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899251 1760899327 - NODATA", - "ingestionTime": 1760899352809, - "eventId": "39269365516834420592622309989407348570651703606137323520" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899258000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899258 1760899338 - NODATA", - "ingestionTime": 1760899361689, - "eventId": "39269365672939636982336671990892702359840102315135926272" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899268000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899268 1760899345 - NODATA", - "ingestionTime": 1760899370695, - "eventId": "39269365895947088967642903417137343406143451131925561344" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899277000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899277 1760899357 - NODATA", - "ingestionTime": 1760899383557, - "eventId": "39269366096653795754418511706508067602588769954444738560" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899279000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899279 1760899354 - NODATA", - "ingestionTime": 1760899375789, - "eventId": "39269366141255286151479757980188263671694646889969090560" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899288000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899288 1760899366 - NODATA", - "ingestionTime": 1760899388348, - "eventId": "39269366341961992938255366269192792323452373303055679488" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899300000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899300 1760899376 - NODATA", - "ingestionTime": 1760899395510, - "eventId": "39269366609570935320622843976279590850532930483845660672" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899303000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899303 1760899380 - NODATA", - "ingestionTime": 1760899402603, - "eventId": "39269366676473170916214713409461765483202400075214487552" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899306000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899306 1760899386 - NODATA", - "ingestionTime": 1760899412895, - "eventId": "39269366743375406511806582846511427624322751494860505088" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899310000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899310 1760899380 - NODATA", - "ingestionTime": 1760899395134, - "eventId": "39269366832578387305929075391182663628086837781737963520" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899317000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899317 1760899395 - NODATA", - "ingestionTime": 1760899418476, - "eventId": "39269366988683603695643437410151409985647474216352808960" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899327000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899327 1760899406 - NODATA", - "ingestionTime": 1760899427961, - "eventId": "39269367211691055680949668836975322305628309890832662528" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899337000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899337 1760899418 - NODATA", - "ingestionTime": 1760899441419, - "eventId": "39269367434698507666255900268602047290802914714464485376" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899339000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899339 1760899413 - NODATA", - "ingestionTime": 1760899434885, - "eventId": "39269367479299998063317146543774332908299324003100655616" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899347000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899347 1760899425 - NODATA", - "ingestionTime": 1760899448149, - "eventId": "39269367657705959651562131692095166344766109020749955072" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899359000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899359 1760899432 - NODATA", - "ingestionTime": 1760899455891, - "eventId": "39269367925314902033929609399883347029227605362739380224" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899363000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899363 1760899441 - NODATA", - "ingestionTime": 1760899464135, - "eventId": "39269368014517882828052101975992624387814190561399472128" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899370000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899370 1760899448 - NODATA", - "ingestionTime": 1760899472247, - "eventId": "39269368170623099217766463976549679571305673638122553344" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899372000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899372 1760899441 - NODATA", - "ingestionTime": 1760899454756, - "eventId": "39269368215224589614827710238475764050073513625449529344" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899378000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899378 1760899456 - NODATA", - "ingestionTime": 1760899479346, - "eventId": "39269368349029060806011449117417562346652554701689978880" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899384000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899384 1760899466 - NODATA", - "ingestionTime": 1760899487743, - "eventId": "39269368482833531997195187976783303479786335592399568896" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899398000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899398 1760899478 - NODATA", - "ingestionTime": 1760899501644, - "eventId": "39269368795043964776623911975088452917773045617133158400" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899399000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899399 1760899474 - NODATA", - "ingestionTime": 1760899494757, - "eventId": "39269368817344709975154535108298415284889564861552066560" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899406000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899406 1760899485 - NODATA", - "ingestionTime": 1760899508568, - "eventId": "39269368973449926364868897115744601996530808388858806272" - } - ], - "eni-0c663685d7a12552e-all": [ - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899049000, - "message": "2 211203495394 eni-0c663685d7a12552e - - - - - - - 1760899049 1760899080 - NODATA", - "ingestionTime": 1760899108302, - "eventId": "39269361012083890489436435103601333327618873734687293440" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899082000, - "message": "2 211203495394 eni-0c663685d7a12552e - - - - - - - 1760899082 1760899113 - NODATA", - "ingestionTime": 1760899132564, - "eventId": "39269361748008482040946998803610793217379998222267121664" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899082000, - "message": "2 211203495394 eni-0c663685d7a12552e - - - - - - - 1760899082 1760899113 - NODATA", - "ingestionTime": 1760899140789, - "eventId": "39269361748008482040946998813554652559287219887603974144" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899091000, - "message": "2 211203495394 eni-0c663685d7a12552e - - - - - - - 1760899091 1760899122 - NODATA", - "ingestionTime": 1760899148802, - "eventId": "39269361948715188827722607097063154459454311630899052544" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899109000, - "message": "2 211203495394 eni-0c663685d7a12552e - - - - - - - 1760899109 1760899140 - NODATA", - "ingestionTime": 1760899166694, - "eventId": "39269362350128602401273823666335815046678932194937012224" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899116000, - "message": "2 211203495394 eni-0c663685d7a12552e - - - - - - - 1760899116 1760899147 - NODATA", - "ingestionTime": 1760899170187, - "eventId": "39269362506233818790988185661308757080951528467498336256" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899162000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.157 10.0.4.186 11746 80 6 3 180 1760899162 1760899178 ACCEPT OK", - "ingestionTime": 1760899205483, - "eventId": "39269363532068097923396850214622116377285153352668872704" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899162000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.42.79 10.0.4.186 61890 80 6 3 180 1760899162 1760899178 ACCEPT OK", - "ingestionTime": 1760899205483, - "eventId": "39269363532068097923396850214622116377285153352668872705" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899162000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.18.159 10.0.4.186 30506 80 6 3 180 1760899162 1760899178 ACCEPT OK", - "ingestionTime": 1760899205483, - "eventId": "39269363532068097923396850214622116377285153352668872706" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899162000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.223 10.0.4.186 51838 21 6 4 240 1760899162 1760899178 ACCEPT OK", - "ingestionTime": 1760899205483, - "eventId": "39269363532068097923396850214622116377285153352668872707" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899167000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.53 10.0.4.186 51186 80 6 1 60 1760899167 1760899168 ACCEPT OK", - "ingestionTime": 1760899196244, - "eventId": "39269363643571823916049965911131435251312323702065594368" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899168000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.34.110 10.0.4.186 62602 80 6 3 180 1760899168 1760899168 ACCEPT OK", - "ingestionTime": 1760899186752, - "eventId": "39269363665872569114580589041192263286404541704439988224" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899174000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.42.79 10.0.4.186 58950 80 6 3 180 1760899174 1760899202 ACCEPT OK", - "ingestionTime": 1760899227465, - "eventId": "39269363799677040305764327939625335514440771602895929344" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899174000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.50.103 10.0.4.186 61628 21 6 4 240 1760899174 1760899202 ACCEPT OK", - "ingestionTime": 1760899227465, - "eventId": "39269363799677040305764327939625335514440771602895929345" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899174000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.34.110 10.0.4.186 28840 80 6 3 180 1760899174 1760899202 ACCEPT OK", - "ingestionTime": 1760899227465, - "eventId": "39269363799677040305764327939625335514440771602895929346" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899174000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.236 10.0.4.186 31192 80 6 3 180 1760899174 1760899202 ACCEPT OK", - "ingestionTime": 1760899227465, - "eventId": "39269363799677040305764327939625335514440771602895929347" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899174000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.53 10.0.4.186 18756 80 6 3 180 1760899174 1760899202 ACCEPT OK", - "ingestionTime": 1760899227465, - "eventId": "39269363799677040305764327939625335514440771602895929348" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899174000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.18.159 10.0.4.186 21192 80 6 3 180 1760899174 1760899202 ACCEPT OK", - "ingestionTime": 1760899227465, - "eventId": "39269363799677040305764327939625335514440771602895929349" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899174000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.10.34 10.0.4.186 27324 80 6 3 180 1760899174 1760899202 ACCEPT OK", - "ingestionTime": 1760899227465, - "eventId": "39269363799677040305764327939625335514440771602895929350" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899174000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 60254 80 6 3 180 1760899174 1760899202 ACCEPT OK", - "ingestionTime": 1760899227465, - "eventId": "39269363799677040305764327939625335514440771602895929351" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899174000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 64846 21 6 4 240 1760899174 1760899202 ACCEPT OK", - "ingestionTime": 1760899227465, - "eventId": "39269363799677040305764327939625335514440771602895929352" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899178000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.126 10.0.4.186 58248 21 6 2 120 1760899178 1760899198 ACCEPT OK", - "ingestionTime": 1760899219438, - "eventId": "39269363888880021099886820496064163309696336621526056960" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899178000, - "message": "2 211203495394 eni-0c663685d7a12552e - - - - - - - 1760899178 1760899198 - SKIPDATA", - "ingestionTime": 1760899219438, - "eventId": "39269363888880021099886820496064163309696336621526056961" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899179000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.53 10.0.4.186 12938 80 6 3 180 1760899179 1760899198 ACCEPT OK", - "ingestionTime": 1760899224181, - "eventId": "39269363911180766298417443643333850736109110331867136000" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899179000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.121 10.0.4.186 35548 80 6 2 120 1760899179 1760899198 ACCEPT OK", - "ingestionTime": 1760899224181, - "eventId": "39269363911180766298417443643333850736109110331867136001" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899179000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.50.153 10.0.4.186 63002 80 6 3 180 1760899179 1760899198 ACCEPT OK", - "ingestionTime": 1760899224181, - "eventId": "39269363911180766298417443643333850736109110331867136002" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899179000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.236 10.0.4.186 25612 80 6 3 180 1760899179 1760899198 ACCEPT OK", - "ingestionTime": 1760899224181, - "eventId": "39269363911180766298417443643333850736109110331867136003" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899179000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.46.102 10.0.4.186 64300 80 6 3 180 1760899179 1760899198 ACCEPT OK", - "ingestionTime": 1760899224181, - "eventId": "39269363911180766298417443643333850736109110331867136004" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899179000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.65 10.0.4.186 59962 21 6 4 240 1760899179 1760899198 ACCEPT OK", - "ingestionTime": 1760899224181, - "eventId": "39269363911180766298417443643333850736109110331867136005" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899179000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.236 10.0.4.186 23106 80 6 3 180 1760899179 1760899198 ACCEPT OK", - "ingestionTime": 1760899224181, - "eventId": "39269363911180766298417443643333850736109110331867136006" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899180000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.46.102 10.0.4.186 48432 80 6 3 180 1760899180 1760899203 ACCEPT OK", - "ingestionTime": 1760899228401, - "eventId": "39269363933481511496948066789971124609989122462542594048" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899180000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.6.212 10.0.4.186 58270 80 6 3 180 1760899180 1760899203 ACCEPT OK", - "ingestionTime": 1760899228401, - "eventId": "39269363933481511496948066789971124609989122462542594049" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899180000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.50.153 10.0.4.186 49854 80 6 3 180 1760899180 1760899203 ACCEPT OK", - "ingestionTime": 1760899228401, - "eventId": "39269363933481511496948066789971124609989122462542594050" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899180000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.157 10.0.4.186 23738 80 6 2 120 1760899180 1760899203 ACCEPT OK", - "ingestionTime": 1760899228401, - "eventId": "39269363933481511496948066789971124609989122462542594051" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899180000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.42.79 10.0.4.186 32716 80 6 3 180 1760899180 1760899203 ACCEPT OK", - "ingestionTime": 1760899228401, - "eventId": "39269363933481511496948066789971124609989122462542594052" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899180000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.22.186 10.0.4.186 13690 80 6 3 180 1760899180 1760899203 ACCEPT OK", - "ingestionTime": 1760899228401, - "eventId": "39269363933481511496948066789971124609989122462542594053" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899180000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.6.212 10.0.4.186 25162 80 6 3 180 1760899180 1760899203 ACCEPT OK", - "ingestionTime": 1760899228401, - "eventId": "39269363933481511496948066789971124609989122462542594054" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899180000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.2.130 10.0.4.186 23936 80 6 3 180 1760899180 1760899203 ACCEPT OK", - "ingestionTime": 1760899228401, - "eventId": "39269363933481511496948066789971124609989122462542594055" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899180000, - "message": "2 211203495394 eni-0c663685d7a12552e 147.185.133.187 10.0.4.186 51796 22127 6 1 44 1760899180 1760899203 ACCEPT OK", - "ingestionTime": 1760899228401, - "eventId": "39269363933481511496948066789971124609989122462542594056" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899185000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.46.163 10.0.4.186 63332 21 6 4 240 1760899185 1760899211 ACCEPT OK", - "ingestionTime": 1760899234349, - "eventId": "39269364044985237489601182504840751540501141175370186752" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899185000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 44282 80 6 3 180 1760899185 1760899211 ACCEPT OK", - "ingestionTime": 1760899234349, - "eventId": "39269364044985237489601182504840751540501141175370186753" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899185000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.10.34 10.0.4.186 23342 80 6 3 180 1760899185 1760899211 ACCEPT OK", - "ingestionTime": 1760899234349, - "eventId": "39269364044985237489601182504840751540501141175370186754" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899185000, - "message": "2 211203495394 eni-0c663685d7a12552e 106.75.132.124 10.0.4.186 58914 16030 6 1 44 1760899185 1760899211 ACCEPT OK", - "ingestionTime": 1760899234349, - "eventId": "39269364044985237489601182504840751540501141175370186755" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899185000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.157 10.0.4.186 19302 80 6 3 180 1760899185 1760899211 ACCEPT OK", - "ingestionTime": 1760899234349, - "eventId": "39269364044985237489601182504840751540501141175370186756" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899185000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.126 10.0.4.186 21326 21 6 4 240 1760899185 1760899211 ACCEPT OK", - "ingestionTime": 1760899234349, - "eventId": "39269364044985237489601182504840751540501141175370186757" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899185000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.2.31 10.0.4.186 50342 21 6 4 240 1760899185 1760899211 ACCEPT OK", - "ingestionTime": 1760899234349, - "eventId": "39269364044985237489601182504840751540501141175370186758" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899185000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.34.110 10.0.4.186 23068 80 6 3 180 1760899185 1760899211 ACCEPT OK", - "ingestionTime": 1760899234349, - "eventId": "39269364044985237489601182504840751540501141175370186759" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899202000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.22.186 10.0.4.186 17032 80 6 3 180 1760899202 1760899227 ACCEPT OK", - "ingestionTime": 1760899250498, - "eventId": "39269364424097905864621775930470839600126213347255517184" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899202000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.38.30 10.0.4.186 62372 21 6 4 240 1760899202 1760899227 ACCEPT OK", - "ingestionTime": 1760899250498, - "eventId": "39269364424097905864621775930470839600126213347255517185" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899202000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.10.34 10.0.4.186 41180 80 6 3 180 1760899202 1760899227 ACCEPT OK", - "ingestionTime": 1760899250498, - "eventId": "39269364424097905864621775930470839600126213347255517186" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899202000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.223 10.0.4.186 31518 21 6 1 60 1760899202 1760899227 ACCEPT OK", - "ingestionTime": 1760899250498, - "eventId": "39269364424097905864621775930470839600126213347255517187" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899202000, - "message": "2 211203495394 eni-0c663685d7a12552e - - - - - - - 1760899202 1760899227 - SKIPDATA", - "ingestionTime": 1760899250498, - "eventId": "39269364424097905864621775930470839600126213347255517188" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899203000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.18.2 10.0.4.186 15264 21 6 4 240 1760899203 1760899231 ACCEPT OK", - "ingestionTime": 1760899256537, - "eventId": "39269364446398651063152399079306998401830121570508734464" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899203000, - "message": "2 211203495394 eni-0c663685d7a12552e 147.185.132.112 10.0.4.186 55662 1000 6 1 44 1760899203 1760899231 ACCEPT OK", - "ingestionTime": 1760899256537, - "eventId": "39269364446398651063152399079306998401830121570508734465" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899203000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.53 10.0.4.186 51810 80 6 3 180 1760899203 1760899231 ACCEPT OK", - "ingestionTime": 1760899256537, - "eventId": "39269364446398651063152399079306998401830121570508734466" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899203000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.42.79 10.0.4.186 52632 80 6 3 180 1760899203 1760899231 ACCEPT OK", - "ingestionTime": 1760899256537, - "eventId": "39269364446398651063152399079306998401830121570508734467" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899203000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.6.212 10.0.4.186 20720 80 6 3 180 1760899203 1760899231 ACCEPT OK", - "ingestionTime": 1760899256537, - "eventId": "39269364446398651063152399079306998401830121570508734468" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899203000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.53 10.0.4.186 14584 80 6 3 180 1760899203 1760899231 ACCEPT OK", - "ingestionTime": 1760899256537, - "eventId": "39269364446398651063152399079306998401830121570508734469" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899204000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.121 10.0.4.186 56998 80 6 3 180 1760899204 1760899229 ACCEPT OK", - "ingestionTime": 1760899254653, - "eventId": "39269364468699396261683022218565255383966816229444222976" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899204000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.38.30 10.0.4.186 47540 21 6 4 240 1760899204 1760899229 ACCEPT OK", - "ingestionTime": 1760899254653, - "eventId": "39269364468699396261683022218565255383966816229444222977" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899204000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.174 10.0.4.186 49866 80 6 3 180 1760899204 1760899229 ACCEPT OK", - "ingestionTime": 1760899254653, - "eventId": "39269364468699396261683022218565255383966816229444222978" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899204000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.22.186 10.0.4.186 43784 80 6 3 180 1760899204 1760899229 ACCEPT OK", - "ingestionTime": 1760899254653, - "eventId": "39269364468699396261683022218565255383966816229444222979" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899204000, - "message": "2 211203495394 eni-0c663685d7a12552e 20.55.98.221 10.0.4.186 34398 9043 6 1 40 1760899204 1760899229 ACCEPT OK", - "ingestionTime": 1760899254653, - "eventId": "39269364468699396261683022218565255383966816229444222980" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899204000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.38.48 10.0.4.186 57822 80 6 3 180 1760899204 1760899229 ACCEPT OK", - "ingestionTime": 1760899254653, - "eventId": "39269364468699396261683022218565255383966816229444222981" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899204000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.174 10.0.4.186 39476 80 6 2 120 1760899204 1760899229 ACCEPT OK", - "ingestionTime": 1760899254653, - "eventId": "39269364468699396261683022218565255383966816229444222982" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899204000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.236 10.0.4.186 38986 80 6 3 180 1760899204 1760899229 ACCEPT OK", - "ingestionTime": 1760899254653, - "eventId": "39269364468699396261683022218565255383966816229444222983" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899204000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.174 10.0.4.186 65242 80 6 2 120 1760899204 1760899229 ACCEPT OK", - "ingestionTime": 1760899254653, - "eventId": "39269364468699396261683022218565255383966816229444222984" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899206000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.34.56 10.0.4.186 33810 21 6 4 240 1760899206 1760899233 ACCEPT OK", - "ingestionTime": 1760899270180, - "eventId": "39269364513300886658744268520407384442036666873718505472" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899206000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.236 10.0.4.186 48444 80 6 3 180 1760899206 1760899233 ACCEPT OK", - "ingestionTime": 1760899270180, - "eventId": "39269364513300886658744268520407384442036666873718505473" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899206000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.46.102 10.0.4.186 45660 80 6 3 180 1760899206 1760899233 ACCEPT OK", - "ingestionTime": 1760899270180, - "eventId": "39269364513300886658744268520407384442036666873718505474" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899206000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 31386 80 6 2 120 1760899206 1760899233 ACCEPT OK", - "ingestionTime": 1760899270180, - "eventId": "39269364513300886658744268520407384442036666873718505475" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899206000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.65 10.0.4.186 26686 21 6 4 240 1760899206 1760899233 ACCEPT OK", - "ingestionTime": 1760899270180, - "eventId": "39269364513300886658744268520407384442036666873718505476" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899206000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.236 10.0.4.186 46464 80 6 3 180 1760899206 1760899233 ACCEPT OK", - "ingestionTime": 1760899270180, - "eventId": "39269364513300886658744268520407384442036666873718505477" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899206000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 22492 21 6 4 240 1760899206 1760899233 ACCEPT OK", - "ingestionTime": 1760899270180, - "eventId": "39269364513300886658744268520407384442036666873718505478" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899206000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.10.12 10.0.4.186 37402 21 6 4 240 1760899206 1760899233 ACCEPT OK", - "ingestionTime": 1760899270180, - "eventId": "39269364513300886658744268520407384442036666873718505479" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899206000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.2.130 10.0.4.186 24724 80 6 3 180 1760899206 1760899233 ACCEPT OK", - "ingestionTime": 1760899270180, - "eventId": "39269364513300886658744268520407384442036666873718505480" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899206000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.18.159 10.0.4.186 26010 80 6 1 60 1760899206 1760899233 ACCEPT OK", - "ingestionTime": 1760899270180, - "eventId": "39269364513300886658744268520407384442036666873718505481" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899213000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.2.130 10.0.4.186 20214 80 6 3 180 1760899213 1760899230 ACCEPT OK", - "ingestionTime": 1760899264747, - "eventId": "39269364669406103048458630504589803011738388876469927936" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899213000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.174 10.0.4.186 58154 80 6 3 180 1760899213 1760899230 ACCEPT OK", - "ingestionTime": 1760899264747, - "eventId": "39269364669406103048458630504589803011738388876469927937" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899213000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.53 10.0.4.186 28818 80 6 3 180 1760899213 1760899230 ACCEPT OK", - "ingestionTime": 1760899264747, - "eventId": "39269364669406103048458630504589803011738388876469927938" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899213000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.18.159 10.0.4.186 9466 80 6 3 180 1760899213 1760899230 ACCEPT OK", - "ingestionTime": 1760899264747, - "eventId": "39269364669406103048458630504589803011738388876469927939" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899213000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.121 10.0.4.186 46052 80 6 3 180 1760899213 1760899230 ACCEPT OK", - "ingestionTime": 1760899264747, - "eventId": "39269364669406103048458630504589803011738388876469927940" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899213000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.174 10.0.4.186 37932 80 6 3 180 1760899213 1760899230 ACCEPT OK", - "ingestionTime": 1760899264747, - "eventId": "39269364669406103048458630504589803011738388876469927941" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899213000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.6.1 10.0.4.186 19968 21 6 4 240 1760899213 1760899230 ACCEPT OK", - "ingestionTime": 1760899264747, - "eventId": "39269364669406103048458630504589803011738388876469927942" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.34.110 10.0.4.186 11524 80 6 3 180 1760899232 1760899257 ACCEPT OK", - "ingestionTime": 1760899285448, - "eventId": "39269365093120261820540470218794089633773079118103052288" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.157 10.0.4.186 18592 80 6 3 180 1760899232 1760899257 ACCEPT OK", - "ingestionTime": 1760899285448, - "eventId": "39269365093120261820540470218794089633773079118103052289" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.6.212 10.0.4.186 14624 80 6 3 180 1760899232 1760899257 ACCEPT OK", - "ingestionTime": 1760899285448, - "eventId": "39269365093120261820540470218794089633773079118103052290" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.2.130 10.0.4.186 33664 80 6 3 180 1760899232 1760899257 ACCEPT OK", - "ingestionTime": 1760899285448, - "eventId": "39269365093120261820540470218794089633773079118103052291" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.121 10.0.4.186 45696 80 6 1 60 1760899232 1760899257 ACCEPT OK", - "ingestionTime": 1760899285448, - "eventId": "39269365093120261820540470218794089633773079118103052292" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.18.159 10.0.4.186 40504 80 6 3 180 1760899232 1760899257 ACCEPT OK", - "ingestionTime": 1760899285448, - "eventId": "39269365093120261820540470218794089633773079118103052293" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.38.48 10.0.4.186 57692 80 6 3 180 1760899232 1760899257 ACCEPT OK", - "ingestionTime": 1760899285448, - "eventId": "39269365093120261820540470218794089633773079118103052294" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0c663685d7a12552e - - - - - - - 1760899232 1760899257 - SKIPDATA", - "ingestionTime": 1760899285448, - "eventId": "39269365093120261820540470218794089633773079118103052295" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.22.186 10.0.4.186 25492 80 6 3 180 1760899232 1760899258 ACCEPT OK", - "ingestionTime": 1760899289700, - "eventId": "39269365093120261820540470223934830587421978269470359552" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.2.130 10.0.4.186 43258 80 6 3 180 1760899232 1760899258 ACCEPT OK", - "ingestionTime": 1760899289700, - "eventId": "39269365093120261820540470223934830587421978269470359553" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.9 10.0.4.186 61000 21 6 4 240 1760899232 1760899258 ACCEPT OK", - "ingestionTime": 1760899289700, - "eventId": "39269365093120261820540470223934830587421978269470359554" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0c663685d7a12552e 205.210.31.152 10.0.4.186 54664 990 6 1 44 1760899232 1760899258 ACCEPT OK", - "ingestionTime": 1760899289700, - "eventId": "39269365093120261820540470223934830587421978269470359555" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.121 10.0.4.186 35548 80 6 1 60 1760899232 1760899258 ACCEPT OK", - "ingestionTime": 1760899289700, - "eventId": "39269365093120261820540470223934830587421978269470359556" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.10.34 10.0.4.186 59684 80 6 3 180 1760899232 1760899258 ACCEPT OK", - "ingestionTime": 1760899289700, - "eventId": "39269365093120261820540470223934830587421978269470359557" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 36584 80 6 3 180 1760899232 1760899258 ACCEPT OK", - "ingestionTime": 1760899289700, - "eventId": "39269365093120261820540470223934830587421978269470359558" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.34.110 10.0.4.186 58110 80 6 3 180 1760899232 1760899258 ACCEPT OK", - "ingestionTime": 1760899289700, - "eventId": "39269365093120261820540470223934830587421978269470359559" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.50.103 10.0.4.186 44360 21 6 4 240 1760899232 1760899258 ACCEPT OK", - "ingestionTime": 1760899289700, - "eventId": "39269365093120261820540470223934830587421978269470359560" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.18.159 10.0.4.186 20358 80 6 3 180 1760899232 1760899258 ACCEPT OK", - "ingestionTime": 1760899289700, - "eventId": "39269365093120261820540470223934830587421978269470359561" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.10.12 10.0.4.186 30734 21 6 4 240 1760899232 1760899258 ACCEPT OK", - "ingestionTime": 1760899289700, - "eventId": "39269365093120261820540470223934830587421978269470359562" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.6.212 10.0.4.186 56320 80 6 3 180 1760899232 1760899258 ACCEPT OK", - "ingestionTime": 1760899289700, - "eventId": "39269365093120261820540470223934830587421978269470359563" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.9 10.0.4.186 60778 21 6 4 240 1760899232 1760899258 ACCEPT OK", - "ingestionTime": 1760899289700, - "eventId": "39269365093120261820540470223934830587421978269470359564" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899234000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.174 10.0.4.186 61920 80 6 3 180 1760899234 1760899259 ACCEPT OK", - "ingestionTime": 1760899285660, - "eventId": "39269365137721752217601716502122007999983747994912948224" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899234000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.46.102 10.0.4.186 9896 80 6 3 180 1760899234 1760899259 ACCEPT OK", - "ingestionTime": 1760899285660, - "eventId": "39269365137721752217601716502122007999983747994912948225" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899234000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.42.79 10.0.4.186 29784 21 6 4 240 1760899234 1760899259 ACCEPT OK", - "ingestionTime": 1760899285660, - "eventId": "39269365137721752217601716502122007999983747994912948226" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899234000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.223 10.0.4.186 39582 21 6 4 240 1760899234 1760899259 ACCEPT OK", - "ingestionTime": 1760899285660, - "eventId": "39269365137721752217601716502122007999983747994912948227" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899234000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.121 10.0.4.186 26504 80 6 3 180 1760899234 1760899259 ACCEPT OK", - "ingestionTime": 1760899285660, - "eventId": "39269365137721752217601716502122007999983747994912948228" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899234000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.53 10.0.4.186 63958 80 6 3 180 1760899234 1760899259 ACCEPT OK", - "ingestionTime": 1760899285660, - "eventId": "39269365137721752217601716502122007999983747994912948229" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899234000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.157 10.0.4.186 15152 80 6 3 180 1760899234 1760899259 ACCEPT OK", - "ingestionTime": 1760899285660, - "eventId": "39269365137721752217601716502122007999983747994912948230" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899234000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.157 10.0.4.186 32292 80 6 3 180 1760899234 1760899259 ACCEPT OK", - "ingestionTime": 1760899285660, - "eventId": "39269365137721752217601716502122007999983747994912948231" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899234000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.65 10.0.4.186 64704 21 6 4 240 1760899234 1760899259 ACCEPT OK", - "ingestionTime": 1760899285660, - "eventId": "39269365137721752217601716502122007999983747994912948232" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899234000, - "message": "2 211203495394 eni-0c663685d7a12552e 92.63.197.66 10.0.4.186 8080 6529 6 1 40 1760899234 1760899259 ACCEPT OK", - "ingestionTime": 1760899285660, - "eventId": "39269365137721752217601716502122007999983747994912948233" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899234000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.50.103 10.0.4.186 26690 21 6 4 240 1760899234 1760899259 ACCEPT OK", - "ingestionTime": 1760899285660, - "eventId": "39269365137721752217601716502122007999983747994912948234" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899234000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.22.186 10.0.4.186 47724 80 6 2 120 1760899234 1760899259 ACCEPT OK", - "ingestionTime": 1760899285660, - "eventId": "39269365137721752217601716502122007999983747994912948235" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899234000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.50.153 10.0.4.186 37506 80 6 3 180 1760899234 1760899259 ACCEPT OK", - "ingestionTime": 1760899285660, - "eventId": "39269365137721752217601716502122007999983747994912948236" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899234000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.34.56 10.0.4.186 40154 21 6 3 180 1760899234 1760899259 ACCEPT OK", - "ingestionTime": 1760899285660, - "eventId": "39269365137721752217601716502122007999983747994912948237" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899241000, - "message": "2 211203495394 eni-0c663685d7a12552e 35.203.211.22 10.0.4.186 57261 28009 6 1 44 1760899241 1760899271 ACCEPT OK", - "ingestionTime": 1760899292689, - "eventId": "39269365293826968607316078501369387829456268394566909952" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899241000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.38.48 10.0.4.186 45308 80 6 3 180 1760899241 1760899271 ACCEPT OK", - "ingestionTime": 1760899292689, - "eventId": "39269365293826968607316078501369387829456268394566909953" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899241000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.50.153 10.0.4.186 45524 80 6 3 180 1760899241 1760899271 ACCEPT OK", - "ingestionTime": 1760899292689, - "eventId": "39269365293826968607316078501369387829456268394566909954" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899241000, - "message": "2 211203495394 eni-0c663685d7a12552e 104.237.144.186 10.0.4.186 61000 443 6 1 40 1760899241 1760899271 ACCEPT OK", - "ingestionTime": 1760899292689, - "eventId": "39269365293826968607316078501369387829456268394566909955" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899241000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.236 10.0.4.186 16088 80 6 3 180 1760899241 1760899271 ACCEPT OK", - "ingestionTime": 1760899292689, - "eventId": "39269365293826968607316078501369387829456268394566909956" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899241000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 50098 80 6 3 180 1760899241 1760899271 ACCEPT OK", - "ingestionTime": 1760899292689, - "eventId": "39269365293826968607316078501369387829456268394566909957" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899241000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.174 10.0.4.186 13406 80 6 3 180 1760899241 1760899271 ACCEPT OK", - "ingestionTime": 1760899292689, - "eventId": "39269365293826968607316078501369387829456268394566909958" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899241000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.6.1 10.0.4.186 38794 21 6 4 240 1760899241 1760899271 ACCEPT OK", - "ingestionTime": 1760899292689, - "eventId": "39269365293826968607316078501369387829456268394566909959" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899241000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.2.130 10.0.4.186 64922 80 6 3 180 1760899241 1760899271 ACCEPT OK", - "ingestionTime": 1760899292689, - "eventId": "39269365293826968607316078501369387829456268394566909960" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899241000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.2.31 10.0.4.186 10732 21 6 4 240 1760899241 1760899271 ACCEPT OK", - "ingestionTime": 1760899292689, - "eventId": "39269365293826968607316078501369387829456268394566909961" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899241000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.174 10.0.4.186 28496 80 6 2 120 1760899241 1760899271 ACCEPT OK", - "ingestionTime": 1760899292689, - "eventId": "39269365293826968607316078501369387829456268394566909962" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899266000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.46.163 10.0.4.186 14348 21 6 4 240 1760899266 1760899289 ACCEPT OK", - "ingestionTime": 1760899317595, - "eventId": "39269365851345598570581657069872125075764465110652747776" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899266000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.42.79 10.0.4.186 52754 80 6 3 180 1760899266 1760899289 ACCEPT OK", - "ingestionTime": 1760899317595, - "eventId": "39269365851345598570581657069872125075764465110652747777" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899266000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.10.34 10.0.4.186 39232 80 6 1 60 1760899266 1760899289 ACCEPT OK", - "ingestionTime": 1760899317595, - "eventId": "39269365851345598570581657069872125075764465110652747778" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899266000, - "message": "2 211203495394 eni-0c663685d7a12552e 147.185.133.252 10.0.4.186 56557 9202 6 1 44 1760899266 1760899289 ACCEPT OK", - "ingestionTime": 1760899317595, - "eventId": "39269365851345598570581657069872125075764465110652747779" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899266000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.126 10.0.4.186 42982 21 6 4 240 1760899266 1760899289 ACCEPT OK", - "ingestionTime": 1760899317595, - "eventId": "39269365851345598570581657069872125075764465110652747780" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899266000, - "message": "2 211203495394 eni-0c663685d7a12552e - - - - - - - 1760899266 1760899289 - SKIPDATA", - "ingestionTime": 1760899317595, - "eventId": "39269365851345598570581657069872125075764465110652747781" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899266000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.2.31 10.0.4.186 39548 21 6 4 240 1760899266 1760899292 ACCEPT OK", - "ingestionTime": 1760899318688, - "eventId": "39269365851345598570581657071193168064314455622888390656" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899266000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.18.159 10.0.4.186 60954 80 6 3 180 1760899266 1760899292 ACCEPT OK", - "ingestionTime": 1760899318688, - "eventId": "39269365851345598570581657071193168064314455622888390657" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899266000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.121 10.0.4.186 42456 80 6 3 180 1760899266 1760899292 ACCEPT OK", - "ingestionTime": 1760899318688, - "eventId": "39269365851345598570581657071193168064314455622888390658" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899266000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.34.56 10.0.4.186 59042 21 6 4 240 1760899266 1760899292 ACCEPT OK", - "ingestionTime": 1760899318688, - "eventId": "39269365851345598570581657071193168064314455622888390659" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899266000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.157 10.0.4.186 14264 80 6 3 180 1760899266 1760899292 ACCEPT OK", - "ingestionTime": 1760899318688, - "eventId": "39269365851345598570581657071193168064314455622888390660" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899266000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.6.212 10.0.4.186 54860 80 6 3 180 1760899266 1760899292 ACCEPT OK", - "ingestionTime": 1760899318688, - "eventId": "39269365851345598570581657071193168064314455622888390661" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899266000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.22.186 10.0.4.186 57124 80 6 3 180 1760899266 1760899292 ACCEPT OK", - "ingestionTime": 1760899318688, - "eventId": "39269365851345598570581657071193168064314455622888390662" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899266000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.38.30 10.0.4.186 13064 21 6 4 240 1760899266 1760899292 ACCEPT OK", - "ingestionTime": 1760899318688, - "eventId": "39269365851345598570581657071193168064314455622888390663" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899266000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.10.34 10.0.4.186 64866 80 6 3 180 1760899266 1760899292 ACCEPT OK", - "ingestionTime": 1760899318688, - "eventId": "39269365851345598570581657071193168064314455622888390664" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899266000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.174 10.0.4.186 65242 80 6 1 60 1760899266 1760899292 ACCEPT OK", - "ingestionTime": 1760899318688, - "eventId": "39269365851345598570581657071193168064314455622888390665" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899266000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.174 10.0.4.186 35662 80 6 3 180 1760899266 1760899292 ACCEPT OK", - "ingestionTime": 1760899318688, - "eventId": "39269365851345598570581657071193168064314455622888390666" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899267000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.10.34 10.0.4.186 11826 80 6 3 180 1760899267 1760899292 ACCEPT OK", - "ingestionTime": 1760899315018, - "eventId": "39269365873646343769112280208292498433226453413528928256" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899267000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 34372 80 6 2 120 1760899267 1760899292 ACCEPT OK", - "ingestionTime": 1760899315018, - "eventId": "39269365873646343769112280208292498433226453413528928257" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899267000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.42.79 10.0.4.186 23486 80 6 3 180 1760899267 1760899292 ACCEPT OK", - "ingestionTime": 1760899315018, - "eventId": "39269365873646343769112280208292498433226453413528928258" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899267000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.10.34 10.0.4.186 45170 80 6 3 180 1760899267 1760899292 ACCEPT OK", - "ingestionTime": 1760899315018, - "eventId": "39269365873646343769112280208292498433226453413528928259" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899267000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.50.153 10.0.4.186 59316 80 6 3 180 1760899267 1760899292 ACCEPT OK", - "ingestionTime": 1760899315018, - "eventId": "39269365873646343769112280208292498433226453413528928260" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899267000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.34.110 10.0.4.186 41556 80 6 3 180 1760899267 1760899292 ACCEPT OK", - "ingestionTime": 1760899315018, - "eventId": "39269365873646343769112280208292498433226453413528928261" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899267000, - "message": "2 211203495394 eni-0c663685d7a12552e 165.154.173.104 10.0.4.186 45123 15200 6 1 40 1760899267 1760899292 ACCEPT OK", - "ingestionTime": 1760899315018, - "eventId": "39269365873646343769112280208292498433226453413528928262" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899267000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.42.79 10.0.4.186 57032 80 6 3 180 1760899267 1760899292 ACCEPT OK", - "ingestionTime": 1760899315018, - "eventId": "39269365873646343769112280208292498433226453413528928263" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899267000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.9 10.0.4.186 63148 21 6 4 240 1760899267 1760899292 ACCEPT OK", - "ingestionTime": 1760899315018, - "eventId": "39269365873646343769112280208292498433226453413528928264" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899267000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.121 10.0.4.186 27420 80 6 3 180 1760899267 1760899292 ACCEPT OK", - "ingestionTime": 1760899315018, - "eventId": "39269365873646343769112280208292498433226453413528928265" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899267000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.6.212 10.0.4.186 52372 80 6 3 180 1760899267 1760899292 ACCEPT OK", - "ingestionTime": 1760899315018, - "eventId": "39269365873646343769112280208292498433226453413528928266" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899268000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.2.130 10.0.4.186 50536 80 6 2 120 1760899268 1760899295 ACCEPT OK", - "ingestionTime": 1760899314622, - "eventId": "39269365895947088967642903349349050755686339000491442176" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899268000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 35356 21 6 4 240 1760899268 1760899295 ACCEPT OK", - "ingestionTime": 1760899314622, - "eventId": "39269365895947088967642903349349050755686339000491442177" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899268000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 31386 80 6 1 60 1760899268 1760899295 ACCEPT OK", - "ingestionTime": 1760899314622, - "eventId": "39269365895947088967642903349349050755686339000491442178" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899268000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.2.130 10.0.4.186 60380 80 6 3 180 1760899268 1760899295 ACCEPT OK", - "ingestionTime": 1760899314622, - "eventId": "39269365895947088967642903349349050755686339000491442179" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899268000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.38.48 10.0.4.186 34026 80 6 3 180 1760899268 1760899295 ACCEPT OK", - "ingestionTime": 1760899314622, - "eventId": "39269365895947088967642903349349050755686339000491442180" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899268000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.6.1 10.0.4.186 38404 21 6 4 240 1760899268 1760899295 ACCEPT OK", - "ingestionTime": 1760899314622, - "eventId": "39269365895947088967642903349349050755686339000491442181" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899268000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.42.79 10.0.4.186 16084 80 6 3 180 1760899268 1760899295 ACCEPT OK", - "ingestionTime": 1760899314622, - "eventId": "39269365895947088967642903349349050755686339000491442182" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899268000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.34.110 10.0.4.186 26236 80 6 3 180 1760899268 1760899295 ACCEPT OK", - "ingestionTime": 1760899314622, - "eventId": "39269365895947088967642903349349050755686339000491442183" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899268000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.46.102 10.0.4.186 11320 80 6 3 180 1760899268 1760899295 ACCEPT OK", - "ingestionTime": 1760899314622, - "eventId": "39269365895947088967642903349349050755686339000491442184" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899268000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.22.145 10.0.4.186 64576 21 6 3 180 1760899268 1760899295 ACCEPT OK", - "ingestionTime": 1760899314622, - "eventId": "39269365895947088967642903349349050755686339000491442185" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899268000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.174 10.0.4.186 13916 80 6 3 180 1760899268 1760899295 ACCEPT OK", - "ingestionTime": 1760899314622, - "eventId": "39269365895947088967642903349349050755686339000491442186" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899268000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.42.79 10.0.4.186 30326 21 6 4 240 1760899268 1760899295 ACCEPT OK", - "ingestionTime": 1760899314622, - "eventId": "39269365895947088967642903349349050755686339000491442187" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899268000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.38.48 10.0.4.186 41588 80 6 3 180 1760899268 1760899295 ACCEPT OK", - "ingestionTime": 1760899314622, - "eventId": "39269365895947088967642903349349050755686339000491442188" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899268000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.18.159 10.0.4.186 26010 80 6 2 120 1760899268 1760899295 ACCEPT OK", - "ingestionTime": 1760899314622, - "eventId": "39269365895947088967642903349349050755686339000491442189" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899275000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.50.153 10.0.4.186 37620 80 6 3 180 1760899275 1760899291 ACCEPT OK", - "ingestionTime": 1760899337373, - "eventId": "39269366052052305357357265367603453834478211298574204928" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899275000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.50.153 10.0.4.186 60708 80 6 3 180 1760899275 1760899291 ACCEPT OK", - "ingestionTime": 1760899337373, - "eventId": "39269366052052305357357265367603453834478211298574204929" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899275000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.46.163 10.0.4.186 11788 21 6 4 240 1760899275 1760899291 ACCEPT OK", - "ingestionTime": 1760899337373, - "eventId": "39269366052052305357357265367603453834478211298574204930" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899275000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.53 10.0.4.186 28350 80 6 3 180 1760899275 1760899291 ACCEPT OK", - "ingestionTime": 1760899337373, - "eventId": "39269366052052305357357265367603453834478211298574204931" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899275000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.121 10.0.4.186 60280 80 6 3 180 1760899275 1760899291 ACCEPT OK", - "ingestionTime": 1760899337373, - "eventId": "39269366052052305357357265367603453834478211298574204932" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899275000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 61052 80 6 3 180 1760899275 1760899291 ACCEPT OK", - "ingestionTime": 1760899337373, - "eventId": "39269366052052305357357265367603453834478211298574204933" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899275000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.38.30 10.0.4.186 35410 21 6 4 240 1760899275 1760899291 ACCEPT OK", - "ingestionTime": 1760899337373, - "eventId": "39269366052052305357357265367603453834478211298574204934" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899291000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.53 10.0.4.186 52400 80 6 3 180 1760899291 1760899311 ACCEPT OK", - "ingestionTime": 1760899356139, - "eventId": "39269366408864228533847235654861795305509758642954043392" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899291000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.6.212 10.0.4.186 39206 80 6 3 180 1760899291 1760899311 ACCEPT OK", - "ingestionTime": 1760899356139, - "eventId": "39269366408864228533847235654861795305509758642954043393" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899291000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.157 10.0.4.186 51290 80 6 3 180 1760899291 1760899311 ACCEPT OK", - "ingestionTime": 1760899356139, - "eventId": "39269366408864228533847235654861795305509758642954043394" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899291000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.53 10.0.4.186 33590 80 6 3 180 1760899291 1760899311 ACCEPT OK", - "ingestionTime": 1760899356139, - "eventId": "39269366408864228533847235654861795305509758642954043395" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899291000, - "message": "2 211203495394 eni-0c663685d7a12552e - - - - - - - 1760899291 1760899311 - SKIPDATA", - "ingestionTime": 1760899356139, - "eventId": "39269366408864228533847235654861795305509758642954043396" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899294000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.121 10.0.4.186 18552 80 6 2 120 1760899294 1760899320 ACCEPT OK", - "ingestionTime": 1760899346084, - "eventId": "39269366475766464129439105067313058939020123168656850944" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899294000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.46.102 10.0.4.186 14244 80 6 3 180 1760899294 1760899320 ACCEPT OK", - "ingestionTime": 1760899346084, - "eventId": "39269366475766464129439105067313058939020123168656850945" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899294000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.65 10.0.4.186 50030 21 6 4 240 1760899294 1760899320 ACCEPT OK", - "ingestionTime": 1760899346084, - "eventId": "39269366475766464129439105067313058939020123168656850946" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899294000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.42.79 10.0.4.186 30508 80 6 3 180 1760899294 1760899320 ACCEPT OK", - "ingestionTime": 1760899346084, - "eventId": "39269366475766464129439105067313058939020123168656850947" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899294000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.157 10.0.4.186 23936 80 6 3 180 1760899294 1760899320 ACCEPT OK", - "ingestionTime": 1760899346084, - "eventId": "39269366475766464129439105067313058939020123168656850948" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899294000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.121 10.0.4.186 14100 80 6 3 180 1760899294 1760899320 ACCEPT OK", - "ingestionTime": 1760899346084, - "eventId": "39269366475766464129439105067313058939020123168656850949" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899294000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.38.48 10.0.4.186 22180 80 6 3 180 1760899294 1760899320 ACCEPT OK", - "ingestionTime": 1760899346084, - "eventId": "39269366475766464129439105067313058939020123168656850950" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899294000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.2.130 10.0.4.186 17822 80 6 3 180 1760899294 1760899320 ACCEPT OK", - "ingestionTime": 1760899346084, - "eventId": "39269366475766464129439105067313058939020123168656850951" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899294000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.50.153 10.0.4.186 29332 80 6 3 180 1760899294 1760899320 ACCEPT OK", - "ingestionTime": 1760899346084, - "eventId": "39269366475766464129439105067313058939020123168656850952" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899297000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.22.186 10.0.4.186 46686 80 6 3 180 1760899297 1760899324 ACCEPT OK", - "ingestionTime": 1760899348621, - "eventId": "39269366542668699725030974494987187254788599016975499264" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899297000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.100 10.0.4.186 57958 21 6 4 240 1760899297 1760899324 ACCEPT OK", - "ingestionTime": 1760899348621, - "eventId": "39269366542668699725030974494987187254788599016975499265" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899297000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.10.12 10.0.4.186 41254 21 6 4 240 1760899297 1760899324 ACCEPT OK", - "ingestionTime": 1760899348621, - "eventId": "39269366542668699725030974494987187254788599016975499266" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899297000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.22.186 10.0.4.186 59878 80 6 3 180 1760899297 1760899324 ACCEPT OK", - "ingestionTime": 1760899348621, - "eventId": "39269366542668699725030974494987187254788599016975499267" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899297000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.18.159 10.0.4.186 14756 80 6 3 180 1760899297 1760899324 ACCEPT OK", - "ingestionTime": 1760899348621, - "eventId": "39269366542668699725030974494987187254788599016975499268" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899297000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.53 10.0.4.186 52246 80 6 3 180 1760899297 1760899324 ACCEPT OK", - "ingestionTime": 1760899348621, - "eventId": "39269366542668699725030974494987187254788599016975499269" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899297000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 52902 80 6 3 180 1760899297 1760899324 ACCEPT OK", - "ingestionTime": 1760899348621, - "eventId": "39269366542668699725030974494987187254788599016975499270" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899297000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.236 10.0.4.186 26402 80 6 3 180 1760899297 1760899324 ACCEPT OK", - "ingestionTime": 1760899348621, - "eventId": "39269366542668699725030974494987187254788599016975499271" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899297000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.38.48 10.0.4.186 21660 80 6 3 180 1760899297 1760899324 ACCEPT OK", - "ingestionTime": 1760899348621, - "eventId": "39269366542668699725030974494987187254788599016975499272" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899297000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.9 10.0.4.186 57706 21 6 4 240 1760899297 1760899324 ACCEPT OK", - "ingestionTime": 1760899348621, - "eventId": "39269366542668699725030974494987187254788599016975499273" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899297000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.38.48 10.0.4.186 40040 80 6 3 180 1760899297 1760899324 ACCEPT OK", - "ingestionTime": 1760899348621, - "eventId": "39269366542668699725030974494987187254788599016975499274" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899299000, - "message": "2 211203495394 eni-0c663685d7a12552e 205.210.31.138 10.0.4.186 50578 7547 6 1 44 1760899299 1760899320 ACCEPT OK", - "ingestionTime": 1760899345032, - "eventId": "39269366587270190122092220773720038958585659558241894400" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899299000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.34.110 10.0.4.186 58372 80 6 3 180 1760899299 1760899320 ACCEPT OK", - "ingestionTime": 1760899345032, - "eventId": "39269366587270190122092220773720038958585659558241894401" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899299000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.46.102 10.0.4.186 22358 80 6 3 180 1760899299 1760899320 ACCEPT OK", - "ingestionTime": 1760899345032, - "eventId": "39269366587270190122092220773720038958585659558241894402" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899299000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.46.102 10.0.4.186 16878 80 6 3 180 1760899299 1760899320 ACCEPT OK", - "ingestionTime": 1760899345032, - "eventId": "39269366587270190122092220773720038958585659558241894403" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899299000, - "message": "2 211203495394 eni-0c663685d7a12552e 35.203.210.85 10.0.4.186 55174 1502 6 1 44 1760899299 1760899320 ACCEPT OK", - "ingestionTime": 1760899345032, - "eventId": "39269366587270190122092220773720038958585659558241894404" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899299000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.6.212 10.0.4.186 45734 80 6 3 180 1760899299 1760899320 ACCEPT OK", - "ingestionTime": 1760899345032, - "eventId": "39269366587270190122092220773720038958585659558241894405" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899299000, - "message": "2 211203495394 eni-0c663685d7a12552e 35.203.210.123 10.0.4.186 56280 11084 6 1 44 1760899299 1760899320 ACCEPT OK", - "ingestionTime": 1760899345032, - "eventId": "39269366587270190122092220773720038958585659558241894406" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899299000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.157 10.0.4.186 64764 80 6 3 180 1760899299 1760899320 ACCEPT OK", - "ingestionTime": 1760899345032, - "eventId": "39269366587270190122092220773720038958585659558241894407" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899299000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.236 10.0.4.186 49614 80 6 3 180 1760899299 1760899320 ACCEPT OK", - "ingestionTime": 1760899345032, - "eventId": "39269366587270190122092220773720038958585659558241894408" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899299000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.18.2 10.0.4.186 27514 21 6 4 240 1760899299 1760899320 ACCEPT OK", - "ingestionTime": 1760899345032, - "eventId": "39269366587270190122092220773720038958585659558241894409" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899299000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.10.34 10.0.4.186 44044 80 6 3 180 1760899299 1760899320 ACCEPT OK", - "ingestionTime": 1760899345032, - "eventId": "39269366587270190122092220773720038958585659558241894410" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899299000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.10.34 10.0.4.186 41366 80 6 3 180 1760899299 1760899320 ACCEPT OK", - "ingestionTime": 1760899345032, - "eventId": "39269366587270190122092220773720038958585659558241894411" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899299000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.22.186 10.0.4.186 47724 80 6 1 60 1760899299 1760899320 ACCEPT OK", - "ingestionTime": 1760899345032, - "eventId": "39269366587270190122092220773720038958585659558241894412" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899299000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.236 10.0.4.186 56174 80 6 3 180 1760899299 1760899320 ACCEPT OK", - "ingestionTime": 1760899345032, - "eventId": "39269366587270190122092220773720038958585659558241894413" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899299000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.2.130 10.0.4.186 37518 80 6 3 180 1760899299 1760899320 ACCEPT OK", - "ingestionTime": 1760899345032, - "eventId": "39269366587270190122092220773720038958585659558241894414" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899299000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.34.56 10.0.4.186 40154 21 6 1 60 1760899299 1760899320 ACCEPT OK", - "ingestionTime": 1760899345032, - "eventId": "39269366587270190122092220773720038958585659558241894415" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899312000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.174 10.0.4.186 32546 80 6 3 180 1760899312 1760899328 ACCEPT OK", - "ingestionTime": 1760899367580, - "eventId": "39269366877179877702990321640943465721827609125627559936" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899312000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.6.1 10.0.4.186 45958 21 6 4 240 1760899312 1760899328 ACCEPT OK", - "ingestionTime": 1760899367580, - "eventId": "39269366877179877702990321640943465721827609125627559937" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899312000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.50.153 10.0.4.186 59358 80 6 3 180 1760899312 1760899328 ACCEPT OK", - "ingestionTime": 1760899367580, - "eventId": "39269366877179877702990321640943465721827609125627559938" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899312000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.53 10.0.4.186 48134 80 6 3 180 1760899312 1760899328 ACCEPT OK", - "ingestionTime": 1760899367580, - "eventId": "39269366877179877702990321640943465721827609125627559939" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899312000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.223 10.0.4.186 36966 21 6 4 240 1760899312 1760899328 ACCEPT OK", - "ingestionTime": 1760899367580, - "eventId": "39269366877179877702990321640943465721827609125627559940" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899323000, - "message": "2 211203495394 eni-0c663685d7a12552e 13.214.173.166 10.0.4.186 0 0 1 1 28 1760899323 1760899350 ACCEPT OK", - "ingestionTime": 1760899369733, - "eventId": "39269367122488074886827176200439152160092688428093407232" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899323000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.18.159 10.0.4.186 49060 80 6 3 180 1760899323 1760899350 ACCEPT OK", - "ingestionTime": 1760899369733, - "eventId": "39269367122488074886827176200439152160092688428093407233" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899323000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.34.110 10.0.4.186 21004 80 6 3 180 1760899323 1760899350 ACCEPT OK", - "ingestionTime": 1760899369733, - "eventId": "39269367122488074886827176200439152160092688428093407234" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899323000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.236 10.0.4.186 29018 80 6 3 180 1760899323 1760899350 ACCEPT OK", - "ingestionTime": 1760899369733, - "eventId": "39269367122488074886827176200439152160092688428093407235" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899323000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.174 10.0.4.186 15302 80 6 3 180 1760899323 1760899350 ACCEPT OK", - "ingestionTime": 1760899369733, - "eventId": "39269367122488074886827176200439152160092688428093407236" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899323000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.2.130 10.0.4.186 15122 80 6 3 180 1760899323 1760899350 ACCEPT OK", - "ingestionTime": 1760899369733, - "eventId": "39269367122488074886827176200439152160092688428093407237" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899323000, - "message": "2 211203495394 eni-0c663685d7a12552e - - - - - - - 1760899323 1760899350 - SKIPDATA", - "ingestionTime": 1760899369733, - "eventId": "39269367122488074886827176200439152160092688428093407238" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899324000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.34.56 10.0.4.186 52034 21 6 4 240 1760899324 1760899350 ACCEPT OK", - "ingestionTime": 1760899381515, - "eventId": "39269367144788820085357799356217906366988921572040507392" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899324000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.121 10.0.4.186 28464 80 6 3 180 1760899324 1760899350 ACCEPT OK", - "ingestionTime": 1760899381515, - "eventId": "39269367144788820085357799356217906366988921572040507393" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899324000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.34.56 10.0.4.186 61844 21 6 2 120 1760899324 1760899350 ACCEPT OK", - "ingestionTime": 1760899381515, - "eventId": "39269367144788820085357799356217906366988921572040507394" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899324000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.50.103 10.0.4.186 37012 21 6 4 240 1760899324 1760899350 ACCEPT OK", - "ingestionTime": 1760899381515, - "eventId": "39269367144788820085357799356217906366988921572040507395" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899324000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.10.34 10.0.4.186 65418 80 6 3 180 1760899324 1760899350 ACCEPT OK", - "ingestionTime": 1760899381515, - "eventId": "39269367144788820085357799356217906366988921572040507396" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899324000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.50.153 10.0.4.186 27682 80 6 3 180 1760899324 1760899350 ACCEPT OK", - "ingestionTime": 1760899381515, - "eventId": "39269367144788820085357799356217906366988921572040507397" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899324000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.38.30 10.0.4.186 45390 21 6 4 240 1760899324 1760899350 ACCEPT OK", - "ingestionTime": 1760899381515, - "eventId": "39269367144788820085357799356217906366988921572040507398" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899324000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 50814 80 6 3 180 1760899324 1760899350 ACCEPT OK", - "ingestionTime": 1760899381515, - "eventId": "39269367144788820085357799356217906366988921572040507399" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899324000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 41210 80 6 3 180 1760899324 1760899350 ACCEPT OK", - "ingestionTime": 1760899381515, - "eventId": "39269367144788820085357799356217906366988921572040507400" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899324000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 38070 80 6 3 180 1760899324 1760899350 ACCEPT OK", - "ingestionTime": 1760899381515, - "eventId": "39269367144788820085357799356217906366988921572040507401" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899324000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.18.159 10.0.4.186 9706 80 6 3 180 1760899324 1760899350 ACCEPT OK", - "ingestionTime": 1760899381515, - "eventId": "39269367144788820085357799356217906366988921572040507402" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899325000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.6.212 10.0.4.186 50430 80 6 3 180 1760899325 1760899343 ACCEPT OK", - "ingestionTime": 1760899376838, - "eventId": "39269367167089565283888422492099880415774954362776715264" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899325000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.42.79 10.0.4.186 18182 21 6 4 240 1760899325 1760899343 ACCEPT OK", - "ingestionTime": 1760899376838, - "eventId": "39269367167089565283888422492099880415774954362776715265" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899325000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.22.186 10.0.4.186 47948 80 6 3 180 1760899325 1760899343 ACCEPT OK", - "ingestionTime": 1760899376838, - "eventId": "39269367167089565283888422492099880415774954362776715266" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899325000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 34372 80 6 1 60 1760899325 1760899343 ACCEPT OK", - "ingestionTime": 1760899376838, - "eventId": "39269367167089565283888422492099880415774954362776715267" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899325000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.18.159 10.0.4.186 26294 80 6 3 180 1760899325 1760899343 ACCEPT OK", - "ingestionTime": 1760899376838, - "eventId": "39269367167089565283888422492099880415774954362776715268" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899325000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.18.159 10.0.4.186 11968 80 6 3 180 1760899325 1760899343 ACCEPT OK", - "ingestionTime": 1760899376838, - "eventId": "39269367167089565283888422492099880415774954362776715269" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899325000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.46.102 10.0.4.186 28368 80 6 3 180 1760899325 1760899343 ACCEPT OK", - "ingestionTime": 1760899376838, - "eventId": "39269367167089565283888422492099880415774954362776715270" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899325000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.38.48 10.0.4.186 19342 80 6 3 180 1760899325 1760899343 ACCEPT OK", - "ingestionTime": 1760899376838, - "eventId": "39269367167089565283888422492099880415774954362776715271" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899325000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.18.2 10.0.4.186 29372 21 6 4 240 1760899325 1760899343 ACCEPT OK", - "ingestionTime": 1760899376838, - "eventId": "39269367167089565283888422492099880415774954362776715272" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899325000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 46546 80 6 3 180 1760899325 1760899343 ACCEPT OK", - "ingestionTime": 1760899376838, - "eventId": "39269367167089565283888422492099880415774954362776715273" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899325000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.50.153 10.0.4.186 23346 80 6 3 180 1760899325 1760899343 ACCEPT OK", - "ingestionTime": 1760899376838, - "eventId": "39269367167089565283888422492099880415774954362776715274" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899327000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.121 10.0.4.186 58710 80 6 3 180 1760899327 1760899355 ACCEPT OK", - "ingestionTime": 1760899377777, - "eventId": "39269367211691055680949668776306210749227841375661588480" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899327000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.223 10.0.4.186 44376 21 6 4 240 1760899327 1760899355 ACCEPT OK", - "ingestionTime": 1760899377777, - "eventId": "39269367211691055680949668776306210749227841375661588481" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899327000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.2.130 10.0.4.186 50536 80 6 1 60 1760899327 1760899355 ACCEPT OK", - "ingestionTime": 1760899377777, - "eventId": "39269367211691055680949668776306210749227841375661588482" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899327000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.236 10.0.4.186 57464 80 6 3 180 1760899327 1760899355 ACCEPT OK", - "ingestionTime": 1760899377777, - "eventId": "39269367211691055680949668776306210749227841375661588483" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899327000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.50.103 10.0.4.186 23402 21 6 4 240 1760899327 1760899355 ACCEPT OK", - "ingestionTime": 1760899377777, - "eventId": "39269367211691055680949668776306210749227841375661588484" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899327000, - "message": "2 211203495394 eni-0c663685d7a12552e 162.216.150.86 10.0.4.186 55131 57357 6 1 44 1760899327 1760899355 ACCEPT OK", - "ingestionTime": 1760899377777, - "eventId": "39269367211691055680949668776306210749227841375661588485" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899327000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.34.110 10.0.4.186 53474 80 6 3 180 1760899327 1760899355 ACCEPT OK", - "ingestionTime": 1760899377777, - "eventId": "39269367211691055680949668776306210749227841375661588486" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899327000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.46.102 10.0.4.186 56830 80 6 3 180 1760899327 1760899355 ACCEPT OK", - "ingestionTime": 1760899377777, - "eventId": "39269367211691055680949668776306210749227841375661588487" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899327000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.100 10.0.4.186 20716 21 6 4 240 1760899327 1760899355 ACCEPT OK", - "ingestionTime": 1760899377777, - "eventId": "39269367211691055680949668776306210749227841375661588488" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899327000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.18.2 10.0.4.186 21308 21 6 4 240 1760899327 1760899355 ACCEPT OK", - "ingestionTime": 1760899377777, - "eventId": "39269367211691055680949668776306210749227841375661588489" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899327000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.22.145 10.0.4.186 64576 21 6 1 60 1760899327 1760899355 ACCEPT OK", - "ingestionTime": 1760899377777, - "eventId": "39269367211691055680949668776306210749227841375661588490" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899327000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.53 10.0.4.186 54428 80 6 3 180 1760899327 1760899355 ACCEPT OK", - "ingestionTime": 1760899377777, - "eventId": "39269367211691055680949668776306210749227841375661588491" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899327000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.22.186 10.0.4.186 56326 80 6 3 180 1760899327 1760899355 ACCEPT OK", - "ingestionTime": 1760899377777, - "eventId": "39269367211691055680949668776306210749227841375661588492" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899327000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 11346 80 6 1 60 1760899327 1760899355 ACCEPT OK", - "ingestionTime": 1760899377777, - "eventId": "39269367211691055680949668776306210749227841375661588493" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899327000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.38.48 10.0.4.186 54058 80 6 3 180 1760899327 1760899355 ACCEPT OK", - "ingestionTime": 1760899377777, - "eventId": "39269367211691055680949668776306210749227841375661588494" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899331000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.174 10.0.4.186 28496 80 6 1 60 1760899331 1760899360 ACCEPT OK", - "ingestionTime": 1760899382740, - "eventId": "39269367300894036475072161348448949631126678245174607872" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899331000, - "message": "2 211203495394 eni-0c663685d7a12552e 87.120.191.93 10.0.4.186 51632 80 6 1 40 1760899331 1760899360 ACCEPT OK", - "ingestionTime": 1760899382740, - "eventId": "39269367300894036475072161348448949631126678245174607873" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899331000, - "message": "2 211203495394 eni-0c663685d7a12552e 41.59.173.249 10.0.4.186 44087 23 6 1 60 1760899331 1760899360 ACCEPT OK", - "ingestionTime": 1760899382740, - "eventId": "39269367300894036475072161348448949631126678245174607874" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899331000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.174 10.0.4.186 39996 80 6 3 180 1760899331 1760899360 ACCEPT OK", - "ingestionTime": 1760899382740, - "eventId": "39269367300894036475072161348448949631126678245174607875" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899331000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.157 10.0.4.186 59438 80 6 3 180 1760899331 1760899360 ACCEPT OK", - "ingestionTime": 1760899382740, - "eventId": "39269367300894036475072161348448949631126678245174607876" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899331000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.6.212 10.0.4.186 61964 80 6 3 180 1760899331 1760899360 ACCEPT OK", - "ingestionTime": 1760899382740, - "eventId": "39269367300894036475072161348448949631126678245174607877" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899331000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.9 10.0.4.186 15392 21 6 4 240 1760899331 1760899360 ACCEPT OK", - "ingestionTime": 1760899382740, - "eventId": "39269367300894036475072161348448949631126678245174607878" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899331000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.10.12 10.0.4.186 11790 21 6 4 240 1760899331 1760899360 ACCEPT OK", - "ingestionTime": 1760899382740, - "eventId": "39269367300894036475072161348448949631126678245174607879" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899331000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.22.186 10.0.4.186 37404 80 6 3 180 1760899331 1760899360 ACCEPT OK", - "ingestionTime": 1760899382740, - "eventId": "39269367300894036475072161348448949631126678245174607880" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899331000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.65 10.0.4.186 46602 21 6 4 240 1760899331 1760899360 ACCEPT OK", - "ingestionTime": 1760899382740, - "eventId": "39269367300894036475072161348448949631126678245174607881" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899352000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.22.186 10.0.4.186 25578 80 6 3 180 1760899352 1760899374 ACCEPT OK", - "ingestionTime": 1760899408802, - "eventId": "39269367769209685644215247352206373185917490583177330688" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899352000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.10.34 10.0.4.186 49716 80 6 3 180 1760899352 1760899374 ACCEPT OK", - "ingestionTime": 1760899408802, - "eventId": "39269367769209685644215247352206373185917490583177330689" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899352000, - "message": "2 211203495394 eni-0c663685d7a12552e - - - - - - - 1760899352 1760899374 - SKIPDATA", - "ingestionTime": 1760899408802, - "eventId": "39269367769209685644215247352206373185917490583177330690" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899354000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.18.159 10.0.4.186 47440 80 6 3 180 1760899354 1760899378 ACCEPT OK", - "ingestionTime": 1760899412440, - "eventId": "39269367813811176041276493639675932908351685245456547840" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899354000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 12744 21 6 4 240 1760899354 1760899378 ACCEPT OK", - "ingestionTime": 1760899412440, - "eventId": "39269367813811176041276493639675932908351685245456547841" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899354000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.121 10.0.4.186 19934 80 6 3 180 1760899354 1760899378 ACCEPT OK", - "ingestionTime": 1760899412440, - "eventId": "39269367813811176041276493639675932908351685245456547842" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899354000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.50.153 10.0.4.186 55776 80 6 3 180 1760899354 1760899378 ACCEPT OK", - "ingestionTime": 1760899412440, - "eventId": "39269367813811176041276493639675932908351685245456547843" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899354000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.121 10.0.4.186 18552 80 6 1 60 1760899354 1760899379 ACCEPT OK", - "ingestionTime": 1760899412903, - "eventId": "39269367813811176041276493640235400035658293895875198976" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899354000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.121 10.0.4.186 22126 80 6 3 180 1760899354 1760899379 ACCEPT OK", - "ingestionTime": 1760899412903, - "eventId": "39269367813811176041276493640235400035658293895875198977" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899354000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.22.186 10.0.4.186 10576 80 6 3 180 1760899354 1760899379 ACCEPT OK", - "ingestionTime": 1760899412903, - "eventId": "39269367813811176041276493640235400035658293895875198978" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899354000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.42.79 10.0.4.186 24392 80 6 3 180 1760899354 1760899379 ACCEPT OK", - "ingestionTime": 1760899412903, - "eventId": "39269367813811176041276493640235400035658293895875198979" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899354000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.174 10.0.4.186 33602 80 6 3 180 1760899354 1760899379 ACCEPT OK", - "ingestionTime": 1760899412903, - "eventId": "39269367813811176041276493640235400035658293895875198980" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899354000, - "message": "2 211203495394 eni-0c663685d7a12552e 92.63.197.66 10.0.4.186 8080 6224 6 1 40 1760899354 1760899379 ACCEPT OK", - "ingestionTime": 1760899412903, - "eventId": "39269367813811176041276493640235400035658293895875198981" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899354000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.6.212 10.0.4.186 18116 80 6 3 180 1760899354 1760899379 ACCEPT OK", - "ingestionTime": 1760899412903, - "eventId": "39269367813811176041276493640235400035658293895875198982" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899354000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.46.102 10.0.4.186 35388 80 6 3 180 1760899354 1760899379 ACCEPT OK", - "ingestionTime": 1760899412903, - "eventId": "39269367813811176041276493640235400035658293895875198983" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899354000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.38.30 10.0.4.186 43842 21 6 4 240 1760899354 1760899379 ACCEPT OK", - "ingestionTime": 1760899412903, - "eventId": "39269367813811176041276493640235400035658293895875198984" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899354000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.50.153 10.0.4.186 27478 80 6 3 180 1760899354 1760899379 ACCEPT OK", - "ingestionTime": 1760899412903, - "eventId": "39269367813811176041276493640235400035658293895875198985" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899358000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.10.34 10.0.4.186 37470 80 6 3 180 1760899358 1760899384 ACCEPT OK", - "ingestionTime": 1760899408496, - "eventId": "39269367903014156835398986201050591227621666028279234560" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899358000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.42.79 10.0.4.186 59854 80 6 3 180 1760899358 1760899384 ACCEPT OK", - "ingestionTime": 1760899408496, - "eventId": "39269367903014156835398986201050591227621666028279234561" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899358000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.53 10.0.4.186 35168 80 6 3 180 1760899358 1760899384 ACCEPT OK", - "ingestionTime": 1760899408496, - "eventId": "39269367903014156835398986201050591227621666028279234562" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899358000, - "message": "2 211203495394 eni-0c663685d7a12552e 91.196.152.225 10.0.4.186 48508 14430 6 1 60 1760899358 1760899384 ACCEPT OK", - "ingestionTime": 1760899408496, - "eventId": "39269367903014156835398986201050591227621666028279234563" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899358000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.126 10.0.4.186 52196 21 6 4 240 1760899358 1760899384 ACCEPT OK", - "ingestionTime": 1760899408496, - "eventId": "39269367903014156835398986201050591227621666028279234564" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899358000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.42.79 10.0.4.186 37160 21 6 4 240 1760899358 1760899384 ACCEPT OK", - "ingestionTime": 1760899408496, - "eventId": "39269367903014156835398986201050591227621666028279234565" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899358000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.236 10.0.4.186 48292 80 6 3 180 1760899358 1760899384 ACCEPT OK", - "ingestionTime": 1760899408496, - "eventId": "39269367903014156835398986201050591227621666028279234566" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899358000, - "message": "2 211203495394 eni-0c663685d7a12552e 35.203.210.253 10.0.4.186 54329 9606 6 1 44 1760899358 1760899384 ACCEPT OK", - "ingestionTime": 1760899408496, - "eventId": "39269367903014156835398986201050591227621666028279234567" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899358000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.18.159 10.0.4.186 55998 80 6 3 180 1760899358 1760899384 ACCEPT OK", - "ingestionTime": 1760899408496, - "eventId": "39269367903014156835398986201050591227621666028279234568" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899358000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.18.159 10.0.4.186 13248 80 6 3 180 1760899358 1760899384 ACCEPT OK", - "ingestionTime": 1760899408496, - "eventId": "39269367903014156835398986201050591227621666028279234569" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899358000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.22.186 10.0.4.186 27354 80 6 3 180 1760899358 1760899384 ACCEPT OK", - "ingestionTime": 1760899408496, - "eventId": "39269367903014156835398986201050591227621666028279234570" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899358000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.22.186 10.0.4.186 18188 80 6 2 120 1760899358 1760899384 ACCEPT OK", - "ingestionTime": 1760899408496, - "eventId": "39269367903014156835398986201050591227621666028279234571" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899358000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.42.79 10.0.4.186 15930 80 6 3 180 1760899358 1760899384 ACCEPT OK", - "ingestionTime": 1760899408496, - "eventId": "39269367903014156835398986201050591227621666028279234572" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899363000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.157 10.0.4.186 14392 80 6 3 180 1760899363 1760899388 ACCEPT OK", - "ingestionTime": 1760899420016, - "eventId": "39269368014517882828052101922655979963925164507745746944" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899363000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.10.12 10.0.4.186 16508 21 6 3 180 1760899363 1760899388 ACCEPT OK", - "ingestionTime": 1760899420016, - "eventId": "39269368014517882828052101922655979963925164507745746945" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899363000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.22.145 10.0.4.186 45642 21 6 4 240 1760899363 1760899388 ACCEPT OK", - "ingestionTime": 1760899420016, - "eventId": "39269368014517882828052101922655979963925164507745746946" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899363000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.174 10.0.4.186 65378 80 6 3 180 1760899363 1760899388 ACCEPT OK", - "ingestionTime": 1760899420016, - "eventId": "39269368014517882828052101922655979963925164507745746947" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899363000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.126 10.0.4.186 48818 21 6 4 240 1760899363 1760899388 ACCEPT OK", - "ingestionTime": 1760899420016, - "eventId": "39269368014517882828052101922655979963925164507745746948" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899363000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.50.103 10.0.4.186 57706 21 6 4 240 1760899363 1760899388 ACCEPT OK", - "ingestionTime": 1760899420016, - "eventId": "39269368014517882828052101922655979963925164507745746949" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899363000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.65 10.0.4.186 11464 21 6 4 240 1760899363 1760899388 ACCEPT OK", - "ingestionTime": 1760899420016, - "eventId": "39269368014517882828052101922655979963925164507745746950" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899363000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.100 10.0.4.186 34208 21 6 4 240 1760899363 1760899388 ACCEPT OK", - "ingestionTime": 1760899420016, - "eventId": "39269368014517882828052101922655979963925164507745746951" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899363000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.46.102 10.0.4.186 31380 80 6 3 180 1760899363 1760899388 ACCEPT OK", - "ingestionTime": 1760899420016, - "eventId": "39269368014517882828052101922655979963925164507745746952" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899363000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.157 10.0.4.186 18816 80 6 3 180 1760899363 1760899388 ACCEPT OK", - "ingestionTime": 1760899420016, - "eventId": "39269368014517882828052101922655979963925164507745746953" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899382000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.2.31 10.0.4.186 36286 21 6 4 240 1760899382 1760899406 ACCEPT OK", - "ingestionTime": 1760899428549, - "eventId": "39269368438232041600133941622150274088155816644489117696" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899382000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.2.130 10.0.4.186 25478 80 6 3 180 1760899382 1760899406 ACCEPT OK", - "ingestionTime": 1760899428549, - "eventId": "39269368438232041600133941622150274088155816644489117697" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899382000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.46.163 10.0.4.186 29340 21 6 4 240 1760899382 1760899406 ACCEPT OK", - "ingestionTime": 1760899428549, - "eventId": "39269368438232041600133941622150274088155816644489117698" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899382000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.53 10.0.4.186 53794 80 6 3 180 1760899382 1760899406 ACCEPT OK", - "ingestionTime": 1760899428549, - "eventId": "39269368438232041600133941622150274088155816644489117699" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899382000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 42022 80 6 3 180 1760899382 1760899406 ACCEPT OK", - "ingestionTime": 1760899428549, - "eventId": "39269368438232041600133941622150274088155816644489117700" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899382000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.42.79 10.0.4.186 13670 21 6 3 180 1760899382 1760899406 ACCEPT OK", - "ingestionTime": 1760899428549, - "eventId": "39269368438232041600133941622150274088155816644489117701" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899382000, - "message": "2 211203495394 eni-0c663685d7a12552e - - - - - - - 1760899382 1760899406 - SKIPDATA", - "ingestionTime": 1760899428549, - "eventId": "39269368438232041600133941622150274088155816644489117702" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899383000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.22.145 10.0.4.186 37698 21 6 4 240 1760899383 1760899410 ACCEPT OK", - "ingestionTime": 1760899435363, - "eventId": "39269368460532786798664564771924077711599893038972338176" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899383000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.100 10.0.4.186 63386 21 6 4 240 1760899383 1760899410 ACCEPT OK", - "ingestionTime": 1760899435363, - "eventId": "39269368460532786798664564771924077711599893038972338177" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899383000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.6.1 10.0.4.186 24506 21 6 4 240 1760899383 1760899410 ACCEPT OK", - "ingestionTime": 1760899435363, - "eventId": "39269368460532786798664564771924077711599893038972338178" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899383000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.34.56 10.0.4.186 13550 21 6 4 240 1760899383 1760899410 ACCEPT OK", - "ingestionTime": 1760899435363, - "eventId": "39269368460532786798664564771924077711599893038972338179" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899383000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.50.153 10.0.4.186 61784 80 6 3 180 1760899383 1760899410 ACCEPT OK", - "ingestionTime": 1760899435363, - "eventId": "39269368460532786798664564771924077711599893038972338180" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899383000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.42.79 10.0.4.186 31186 80 6 3 180 1760899383 1760899410 ACCEPT OK", - "ingestionTime": 1760899435363, - "eventId": "39269368460532786798664564771924077711599893038972338181" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899383000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.34.56 10.0.4.186 61844 21 6 2 120 1760899383 1760899410 ACCEPT OK", - "ingestionTime": 1760899435363, - "eventId": "39269368460532786798664564771924077711599893038972338182" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899383000, - "message": "2 211203495394 eni-0c663685d7a12552e 147.185.132.26 10.0.4.186 56968 9530 6 1 44 1760899383 1760899410 ACCEPT OK", - "ingestionTime": 1760899435363, - "eventId": "39269368460532786798664564771924077711599893038972338183" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899383000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.100 10.0.4.186 44220 21 6 2 120 1760899383 1760899410 ACCEPT OK", - "ingestionTime": 1760899435363, - "eventId": "39269368460532786798664564771924077711599893038972338184" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899383000, - "message": "2 211203495394 eni-0c663685d7a12552e 162.216.150.181 10.0.4.186 49778 9108 6 1 44 1760899383 1760899410 ACCEPT OK", - "ingestionTime": 1760899435363, - "eventId": "39269368460532786798664564771924077711599893038972338185" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899383000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.174 10.0.4.186 21902 80 6 3 180 1760899383 1760899410 ACCEPT OK", - "ingestionTime": 1760899435363, - "eventId": "39269368460532786798664564771924077711599893038972338186" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899383000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.65 10.0.4.186 61022 21 6 4 240 1760899383 1760899410 ACCEPT OK", - "ingestionTime": 1760899435363, - "eventId": "39269368460532786798664564771924077711599893038972338187" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899387000, - "message": "2 211203495394 eni-0c663685d7a12552e 40.124.175.174 10.0.4.186 48441 993 6 1 52 1760899387 1760899410 ACCEPT OK", - "ingestionTime": 1760899431153, - "eventId": "39269368549735767592787057332977025247197197492447477760" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899387000, - "message": "2 211203495394 eni-0c663685d7a12552e 147.185.132.182 10.0.4.186 54893 7706 6 1 44 1760899387 1760899410 ACCEPT OK", - "ingestionTime": 1760899431153, - "eventId": "39269368549735767592787057332977025247197197492447477761" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899387000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.6.212 10.0.4.186 54974 80 6 3 180 1760899387 1760899410 ACCEPT OK", - "ingestionTime": 1760899431153, - "eventId": "39269368549735767592787057332977025247197197492447477762" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899387000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.126 10.0.4.186 44314 21 6 4 240 1760899387 1760899410 ACCEPT OK", - "ingestionTime": 1760899431153, - "eventId": "39269368549735767592787057332977025247197197492447477763" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899387000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.18.159 10.0.4.186 19256 80 6 3 180 1760899387 1760899410 ACCEPT OK", - "ingestionTime": 1760899431153, - "eventId": "39269368549735767592787057332977025247197197492447477764" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899387000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.236 10.0.4.186 45020 80 6 2 120 1760899387 1760899416 ACCEPT OK", - "ingestionTime": 1760899434149, - "eventId": "39269368549735767592787057336599182057567182487830134784" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899387000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.2.31 10.0.4.186 30032 21 6 4 240 1760899387 1760899416 ACCEPT OK", - "ingestionTime": 1760899434149, - "eventId": "39269368549735767592787057336599182057567182487830134785" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899387000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.46.163 10.0.4.186 63082 21 6 4 240 1760899387 1760899416 ACCEPT OK", - "ingestionTime": 1760899434149, - "eventId": "39269368549735767592787057336599182057567182487830134786" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899387000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.38.48 10.0.4.186 36934 80 6 3 180 1760899387 1760899416 ACCEPT OK", - "ingestionTime": 1760899434149, - "eventId": "39269368549735767592787057336599182057567182487830134787" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899387000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.10.34 10.0.4.186 62370 80 6 3 180 1760899387 1760899416 ACCEPT OK", - "ingestionTime": 1760899434149, - "eventId": "39269368549735767592787057336599182057567182487830134788" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899387000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.157 10.0.4.186 13408 80 6 3 180 1760899387 1760899416 ACCEPT OK", - "ingestionTime": 1760899434149, - "eventId": "39269368549735767592787057336599182057567182487830134789" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899387000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.2.130 10.0.4.186 21982 80 6 3 180 1760899387 1760899416 ACCEPT OK", - "ingestionTime": 1760899434149, - "eventId": "39269368549735767592787057336599182057567182487830134790" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899387000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 11346 80 6 2 120 1760899387 1760899416 ACCEPT OK", - "ingestionTime": 1760899434149, - "eventId": "39269368549735767592787057336599182057567182487830134791" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899387000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 32590 80 6 3 180 1760899387 1760899416 ACCEPT OK", - "ingestionTime": 1760899434149, - "eventId": "39269368549735767592787057336599182057567182487830134792" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899394000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.42.79 10.0.4.186 42266 80 6 3 180 1760899394 1760899421 ACCEPT OK", - "ingestionTime": 1760899455104, - "eventId": "39269368705840983982501419352682204274414774293099839488" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899394000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.42.79 10.0.4.186 54384 80 6 3 180 1760899394 1760899421 ACCEPT OK", - "ingestionTime": 1760899455104, - "eventId": "39269368705840983982501419352682204274414774293099839489" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899394000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.157 10.0.4.186 37458 80 6 3 180 1760899394 1760899421 ACCEPT OK", - "ingestionTime": 1760899455104, - "eventId": "39269368705840983982501419352682204274414774293099839490" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899394000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.53 10.0.4.186 39936 80 6 3 180 1760899394 1760899421 ACCEPT OK", - "ingestionTime": 1760899455104, - "eventId": "39269368705840983982501419352682204274414774293099839491" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899394000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.38.48 10.0.4.186 24968 80 6 3 180 1760899394 1760899421 ACCEPT OK", - "ingestionTime": 1760899455104, - "eventId": "39269368705840983982501419352682204274414774293099839492" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899394000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 63412 80 6 3 180 1760899394 1760899421 ACCEPT OK", - "ingestionTime": 1760899455104, - "eventId": "39269368705840983982501419352682204274414774293099839493" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899394000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.6.212 10.0.4.186 34598 80 6 3 180 1760899394 1760899421 ACCEPT OK", - "ingestionTime": 1760899455104, - "eventId": "39269368705840983982501419352682204274414774293099839494" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899394000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.53 10.0.4.186 48400 80 6 3 180 1760899394 1760899421 ACCEPT OK", - "ingestionTime": 1760899455104, - "eventId": "39269368705840983982501419352682204274414774293099839495" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899394000, - "message": "2 211203495394 eni-0c663685d7a12552e 205.210.31.140 10.0.4.186 50762 1443 6 1 44 1760899394 1760899421 ACCEPT OK", - "ingestionTime": 1760899455104, - "eventId": "39269368705840983982501419352682204274414774293099839496" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899394000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.236 10.0.4.186 13368 80 6 3 180 1760899394 1760899421 ACCEPT OK", - "ingestionTime": 1760899455104, - "eventId": "39269368705840983982501419352682204274414774293099839497" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899394000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.2.130 10.0.4.186 15050 80 6 3 180 1760899394 1760899421 ACCEPT OK", - "ingestionTime": 1760899455104, - "eventId": "39269368705840983982501419352682204274414774293099839498" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899394000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.157 10.0.4.186 26108 80 6 3 180 1760899394 1760899421 ACCEPT OK", - "ingestionTime": 1760899455104, - "eventId": "39269368705840983982501419352682204274414774293099839499" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899394000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.22.145 10.0.4.186 45052 21 6 4 240 1760899394 1760899421 ACCEPT OK", - "ingestionTime": 1760899455104, - "eventId": "39269368705840983982501419352682204274414774293099839500" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899414000, - "message": "2 211203495394 eni-0c663685d7a12552e 95.214.53.196 10.0.4.186 40742 16379 6 1 40 1760899414 1760899437 ACCEPT OK", - "ingestionTime": 1760899458154, - "eventId": "39269369151855887953113882187083579791881746227358859264" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899414000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 48250 80 6 3 180 1760899414 1760899437 ACCEPT OK", - "ingestionTime": 1760899458154, - "eventId": "39269369151855887953113882187083579791881746227358859265" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899414000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.34.110 10.0.4.186 63068 80 6 1 60 1760899414 1760899437 ACCEPT OK", - "ingestionTime": 1760899458154, - "eventId": "39269369151855887953113882187083579791881746227358859266" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899414000, - "message": "2 211203495394 eni-0c663685d7a12552e - - - - - - - 1760899414 1760899437 - SKIPDATA", - "ingestionTime": 1760899458154, - "eventId": "39269369151855887953113882187083579791881746227358859267" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899414000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.38.30 10.0.4.186 15034 21 6 4 240 1760899414 1760899438 ACCEPT OK", - "ingestionTime": 1760899467683, - "eventId": "39269369151855887953113882198603628849459116683788746752" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899414000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.10.34 10.0.4.186 20028 80 6 3 180 1760899414 1760899438 ACCEPT OK", - "ingestionTime": 1760899467683, - "eventId": "39269369151855887953113882198603628849459116683788746753" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899414000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.53 10.0.4.186 16406 80 6 3 180 1760899414 1760899438 ACCEPT OK", - "ingestionTime": 1760899467683, - "eventId": "39269369151855887953113882198603628849459116683788746754" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899414000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.2.31 10.0.4.186 24550 21 6 4 240 1760899414 1760899438 ACCEPT OK", - "ingestionTime": 1760899467683, - "eventId": "39269369151855887953113882198603628849459116683788746755" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899414000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.42.79 10.0.4.186 62060 21 6 3 180 1760899414 1760899438 ACCEPT OK", - "ingestionTime": 1760899467683, - "eventId": "39269369151855887953113882198603628849459116683788746756" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899414000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.121 10.0.4.186 60596 80 6 3 180 1760899414 1760899438 ACCEPT OK", - "ingestionTime": 1760899467683, - "eventId": "39269369151855887953113882198603628849459116683788746757" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899414000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.34.110 10.0.4.186 35718 80 6 3 180 1760899414 1760899438 ACCEPT OK", - "ingestionTime": 1760899467683, - "eventId": "39269369151855887953113882198603628849459116683788746758" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899414000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.9 10.0.4.186 16994 21 6 3 180 1760899414 1760899438 ACCEPT OK", - "ingestionTime": 1760899467683, - "eventId": "39269369151855887953113882198603628849459116683788746759" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899414000, - "message": "2 211203495394 eni-0c663685d7a12552e 47.74.55.112 10.0.4.186 57188 12320 6 1 52 1760899414 1760899438 ACCEPT OK", - "ingestionTime": 1760899467683, - "eventId": "39269369151855887953113882198603628849459116683788746760" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899414000, - "message": "2 211203495394 eni-0c663685d7a12552e 162.216.150.55 10.0.4.186 51355 34473 6 1 44 1760899414 1760899438 ACCEPT OK", - "ingestionTime": 1760899467683, - "eventId": "39269369151855887953113882198603628849459116683788746761" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899414000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 16338 80 6 3 180 1760899414 1760899438 ACCEPT OK", - "ingestionTime": 1760899467683, - "eventId": "39269369151855887953113882198603628849459116683788746762" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899414000, - "message": "2 211203495394 eni-0c663685d7a12552e 162.216.149.61 10.0.4.186 55176 49010 6 1 44 1760899414 1760899438 ACCEPT OK", - "ingestionTime": 1760899467683, - "eventId": "39269369151855887953113882198603628849459116683788746763" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899415000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.50.153 10.0.4.186 33922 80 6 3 180 1760899415 1760899441 ACCEPT OK", - "ingestionTime": 1760899465450, - "eventId": "39269369174156633151644505337439453974580325074051334144" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899415000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.38.48 10.0.4.186 38080 80 6 3 180 1760899415 1760899441 ACCEPT OK", - "ingestionTime": 1760899465450, - "eventId": "39269369174156633151644505337439453974580325074051334145" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899415000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.53 10.0.4.186 47416 80 6 3 180 1760899415 1760899441 ACCEPT OK", - "ingestionTime": 1760899465450, - "eventId": "39269369174156633151644505337439453974580325074051334146" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899415000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.46.102 10.0.4.186 30120 80 6 3 180 1760899415 1760899441 ACCEPT OK", - "ingestionTime": 1760899465450, - "eventId": "39269369174156633151644505337439453974580325074051334147" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899415000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.34.110 10.0.4.186 61568 80 6 3 180 1760899415 1760899441 ACCEPT OK", - "ingestionTime": 1760899465450, - "eventId": "39269369174156633151644505337439453974580325074051334148" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899415000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.6.212 10.0.4.186 38820 80 6 3 180 1760899415 1760899441 ACCEPT OK", - "ingestionTime": 1760899465450, - "eventId": "39269369174156633151644505337439453974580325074051334149" - } - ], - "eni-0b0549e20044315f3-all": [ - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899050000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899050 1760899129 - NODATA", - "ingestionTime": 1760899149148, - "eventId": "39269361034384635687967058294516883796158603200468746240" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899063000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899063 1760899133 - NODATA", - "ingestionTime": 1760899191042, - "eventId": "39269361324294323268865159185128106407086387132881174528" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899065000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899065 1760899140 - NODATA", - "ingestionTime": 1760899158751, - "eventId": "39269361368895813665926405429162124440841377838471249920" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899066000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899066 1760899145 - NODATA", - "ingestionTime": 1760899169059, - "eventId": "39269361391196558864457028583159222796051983380536492032" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899072000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899072 1760899154 - NODATA", - "ingestionTime": 1760899183447, - "eventId": "39269361525001030055640767449767568231817834522370572288" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899083000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899083 1760899163 - NODATA", - "ingestionTime": 1760899191130, - "eventId": "39269361770309227239477622015948951614231990473462448128" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899095000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899095 1760899177 - NODATA", - "ingestionTime": 1760899203123, - "eventId": "39269362037918169621845099728876158476315828073130033152" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899096000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899096 1760899173 - NODATA", - "ingestionTime": 1760899191541, - "eventId": "39269362060218914820375722856410123339823436258297708544" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899110000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899110 1760899188 - NODATA", - "ingestionTime": 1760899209964, - "eventId": "39269362372429347599804446860182095577718871838885019648" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899124000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899124 1760899206 - NODATA", - "ingestionTime": 1760899229535, - "eventId": "39269362684639780379233170865342036892205695946093232128" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899125000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899125 1760899199 - NODATA", - "ingestionTime": 1760899251421, - "eventId": "39269362706940525577763794033336149004260622706450890752" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899126000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899126 1760899200 - NODATA", - "ingestionTime": 1760899220164, - "eventId": "39269362729241270776294417137084416047159533537171668992" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899127000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899127 1760899212 - NODATA", - "ingestionTime": 1760899241060, - "eventId": "39269362751542015974825040303882188022904222112626704384" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899154000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899154 1760899233 - NODATA", - "ingestionTime": 1760899251092, - "eventId": "39269363353662136335151865137474306632162095644831449088" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899154000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899154 1760899237 - NODATA", - "ingestionTime": 1760899265367, - "eventId": "39269363353662136335151865154731662239795841721343803392" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899181000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899181 1760899266 - NODATA", - "ingestionTime": 1760899288254, - "eventId": "39269363955782256695478690003864747195775111898944765952" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899184000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899184 1760899260 - NODATA", - "ingestionTime": 1760899279934, - "eventId": "39269364022684492291070559418413938563523123583808634880" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899191000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899191 1760899257 - NODATA", - "ingestionTime": 1760899310499, - "eventId": "39269364178789708680784921446114574291045297137749393408" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899193000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899193 1760899271 - NODATA", - "ingestionTime": 1760899300873, - "eventId": "39269364223391199077846167717549072416822564465518444544" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899203000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899203 1760899284 - NODATA", - "ingestionTime": 1760899308384, - "eventId": "39269364446398651063152399141986190306426909080998117376" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899213000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899213 1760899293 - NODATA", - "ingestionTime": 1760899313680, - "eventId": "39269364669406103048458630563745762218163735798362669056" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899215000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899215 1760899297 - NODATA", - "ingestionTime": 1760899323453, - "eventId": "39269364714007593445519876858632206622956850636010291200" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899231000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899231 1760899308 - NODATA", - "ingestionTime": 1760899331321, - "eventId": "39269365070819516622009847132715303195827357368140234752" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899245000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899245 1760899320 - NODATA", - "ingestionTime": 1760899339052, - "eventId": "39269365383029949401438571123561746374130011920953245696" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899246000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899246 1760899325 - NODATA", - "ingestionTime": 1760899350892, - "eventId": "39269365405330694599969194279411208772642910370836054016" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899246000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899246 1760899316 - NODATA", - "ingestionTime": 1760899371391, - "eventId": "39269365405330694599969194304192910118520948369194024960" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899248000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899248 1760899335 - NODATA", - "ingestionTime": 1760899363230, - "eventId": "39269365449932184997030440577398219863041560501072035840" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899264000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899264 1760899344 - NODATA", - "ingestionTime": 1760899368928, - "eventId": "39269365806744108173520410848858081852441394865298800640" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899273000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899273 1760899356 - NODATA", - "ingestionTime": 1760899385617, - "eventId": "39269366007450814960296019142855830900426629503072272384" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899275000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899275 1760899352 - NODATA", - "ingestionTime": 1760899371464, - "eventId": "39269366052052305357357265408817078540645514115318808576" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899291000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899291 1760899367 - NODATA", - "ingestionTime": 1760899390402, - "eventId": "39269366408864228533847235696283450762548894208316080128" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899303000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899303 1760899380 - NODATA", - "ingestionTime": 1760899399395, - "eventId": "39269366676473170916214713405583375986398277744453156864" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899307000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899307 1760899384 - NODATA", - "ingestionTime": 1760899410029, - "eventId": "39269366765676151710337205984582080515597986510266630144" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899310000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899310 1760899379 - NODATA", - "ingestionTime": 1760899433219, - "eventId": "39269366832578387305929075437224527699752125344533053440" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899314000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899314 1760899394 - NODATA", - "ingestionTime": 1760899418894, - "eventId": "39269366921781368100051567986049717306332660931861872640" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899322000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899322 1760899403 - NODATA", - "ingestionTime": 1760899428250, - "eventId": "39269367100187329688296553129645846721084489476922867712" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899335000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899335 1760899412 - NODATA", - "ingestionTime": 1760899433229, - "eventId": "39269367390097017269194653975629748732390472004675108864" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899335000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899335 1760899418 - NODATA", - "ingestionTime": 1760899444045, - "eventId": "39269367390097017269194653988704937156474046665124282368" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899351000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899351 1760899426 - NODATA", - "ingestionTime": 1760899450863, - "eventId": "39269367746908940445684624261519183700000033952722321408" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899363000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899363 1760899441 - NODATA", - "ingestionTime": 1760899461247, - "eventId": "39269368014517882828052101972501331045545810129543692288" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899364000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899364 1760899446 - NODATA", - "ingestionTime": 1760899468555, - "eventId": "39269368036818628026582725122871818569149878791262961664" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899367000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899367 1760899437 - NODATA", - "ingestionTime": 1760899492360, - "eventId": "39269368103720863622174594576257299469602032595912818688" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899371000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899371 1760899451 - NODATA", - "ingestionTime": 1760899479465, - "eventId": "39269368192923844416297087126810934162937552827837972480" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899383000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899383 1760899467 - NODATA", - "ingestionTime": 1760899490099, - "eventId": "39269368460532786798664564838095442697030093502723784704" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899394000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899394 1760899478 - NODATA", - "ingestionTime": 1760899502794, - "eventId": "39269368705840983982501419410335527383627721259566039040" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899399000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899399 1760899475 - NODATA", - "ingestionTime": 1760899493057, - "eventId": "39269368817344709975154535106242973873413473154290745344" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899409000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899409 1760899488 - NODATA", - "ingestionTime": 1760899515333, - "eventId": "39269369040352161960460766548530326175156119273020653568" - } - ] - }, - "tags": [] - } - }, - "group": { - "name": "cloudwatch" - }, - "labels": [], - "name": "/aws/vpc-flow-log/vpc-007d791b9b857543e", - "type": "Other", - "uid": "arn:aws:logs:eu-west-1:211203495394:log-group:/aws/vpc-flow-log/vpc-007d791b9b857543e:*" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Ensure that CloudWatch Log Groups are not publicly accessible. Review and remove any resource policies that allow public access (Principal: '*') to log groups.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/iam-access-control-overview-cwl.html" - ] - }, - "risk_details": "Publicly accessible CloudWatch Log Groups can expose sensitive information, leading to data breaches or unauthorized access. It is important to ensure that log groups are only accessible by trusted entities.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Log Group /aws/s3/prod-my-secure-s3-bucket-20250423 is not publicly accessible.", - "metadata": { - "event_code": "cloudwatch_log_group_not_publicly_accessible", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Log Group /aws/s3/prod-my-secure-s3-bucket-20250423 is not publicly accessible.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/iam-access-control-overview-cwl.html", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "AM-01.01AC", - "PS-03.02B", - "OPS-11.02AC", - "OPS-26.05B", - "OPS-26.01AS", - "IAM-10.01B", - "COS-02.01B", - "PSS-04.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.1", - "2.10.1", - "2.10.2" - ], - "CCC": [ - "CCC.AuditLog.CN09.AR01", - "CCC.AuditLog.CN04.AR01", - "CCC.Monitor.CN04.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN09.AR02", - "CCC.Core.CN09.AR03", - "CCC.Core.CN04.AR03" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "KISA-ISMS-P-2023": [ - "2.6.1", - "2.10.1", - "2.10.2" - ], - "NIS2": [ - "3.2.3.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "This check ensures that no CloudWatch Log Groups are publicly accessible by checking for resource policies that allow access from any entity (Principal: '*'). Publicly exposed log groups pose a serious security risk as sensitive log data could be accessed by unauthorized parties.", - "title": "Ensure that CloudWatch Log Groups are not publicly accessible", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices" - ], - "uid": "prowler-aws-cloudwatch_log_group_not_publicly_accessible-211203495394-us-east-1-/aws/s3/prod-my-secure-s3-bucket-20250423" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:logs:us-east-1:211203495394:log-group:/aws/s3/prod-my-secure-s3-bucket-20250423:*", - "name": "/aws/s3/prod-my-secure-s3-bucket-20250423", - "retention_days": 30, - "never_expire": false, - "kms_id": "arn:aws:kms:us-east-1:211203495394:key/78e11b27-598e-4e70-b556-ee62b95a4501", - "region": "us-east-1", - "log_streams": {}, - "tags": [] - } - }, - "group": { - "name": "cloudwatch" - }, - "labels": [], - "name": "/aws/s3/prod-my-secure-s3-bucket-20250423", - "type": "Other", - "uid": "arn:aws:logs:us-east-1:211203495394:log-group:/aws/s3/prod-my-secure-s3-bucket-20250423:*" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Ensure that CloudWatch Log Groups are not publicly accessible. Review and remove any resource policies that allow public access (Principal: '*') to log groups.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/iam-access-control-overview-cwl.html" - ] - }, - "risk_details": "Publicly accessible CloudWatch Log Groups can expose sensitive information, leading to data breaches or unauthorized access. It is important to ensure that log groups are only accessible by trusted entities.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Log Group /aws/rds/cluster/ex-rds/postgresql has less than 365 days retention period (7 days).", - "metadata": { - "event_code": "cloudwatch_log_group_retention_policy_specific_days_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Log Group /aws/rds/cluster/ex-rds/postgresql has less than 365 days retention period (7 days).", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/AWS_Logs.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_3_1", - "3_6_1", - "3_6_2" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_4" - ], - "HIPAA": [ - "164_312_b" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_c_1_2" - ], - "C5-2025": [ - "AM-01.01AC", - "OPS-11.02AC", - "OPS-14.01B", - "OPS-14.02B", - "OPS-26.05B", - "OPS-26.01AS", - "PI-03.02B", - "PSS-04.01B" - ], - "FedRamp-Moderate-Revision-4": [ - "au-6-1-3", - "au-11", - "si-12" - ], - "NIST-800-53-Revision-5": [ - "ac_16_b", - "au_6_3", - "au_6_4", - "au_6_6", - "au_6_9", - "au_10", - "au_11", - "au_11_1", - "au_12_1", - "au_12_2", - "au_12_3", - "au_14_a", - "au_14_b", - "ca_7_b", - "pm_14_a_1", - "pm_14_b", - "pm_21_b", - "pm_31", - "sc_28_2", - "si_4_17", - "si_12" - ], - "ENS-RD2022": [ - "op.exp.8.r3.aws.cw.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "PCI-4.0": [ - "10.5.1.4", - "3.2.1.3", - "3.3.1.1.3", - "3.3.1.3.3", - "3.3.2.3", - "3.3.3.3", - "5.3.4.11" - ], - "FedRAMP-Low-Revision-4": [ - "au-11" - ], - "FFIEC": [ - "d2-ma-ma-b-1" - ], - "PCI-3.2.1": [ - "10.1", - "10.7", - "10.7.b", - "10.7.c" - ], - "CCC": [ - "CCC.Logging.CN02.AR01", - "CCC.Logging.CN02.AR02" - ], - "GxP-21-CFR-Part-11": [ - "11.10-c", - "11.10-e" - ], - "ProwlerThreatScore-1.0": [ - "3.2.2" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC03-BP06" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "NIST-800-53-Revision-4": [ - "au_11", - "si_12" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "NIS2": [ - "1.1.1.h", - "3.2.3.c", - "3.2.5", - "4.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Check if CloudWatch Log Groups have a retention policy of specific days.", - "title": "Check if CloudWatch Log Groups have a retention policy of specific days.", - "types": [ - "Data Retention" - ], - "uid": "prowler-aws-cloudwatch_log_group_retention_policy_specific_days_enabled-211203495394-eu-west-1-/aws/rds/cluster/ex-rds/postgresql" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:logs:eu-west-1:211203495394:log-group:/aws/rds/cluster/ex-rds/postgresql:*", - "name": "/aws/rds/cluster/ex-rds/postgresql", - "retention_days": 7, - "never_expire": false, - "kms_id": null, - "region": "eu-west-1", - "log_streams": {}, - "tags": [] - } - }, - "group": { - "name": "cloudwatch" - }, - "labels": [], - "name": "/aws/rds/cluster/ex-rds/postgresql", - "type": "AwsLogsLogGroup", - "uid": "arn:aws:logs:eu-west-1:211203495394:log-group:/aws/rds/cluster/ex-rds/postgresql:*" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Add Log Retention policy of specific days to log groups. This will persist logs and traces for a long time.", - "references": [ - "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/AWS_Logs.html" - ] - }, - "risk_details": "If log groups have a low retention policy of less than specific days, crucial logs and data can be lost.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Log Group /aws/vpc-flow-log/vpc-007d791b9b857543e comply with 365 days retention period since it never expires.", - "metadata": { - "event_code": "cloudwatch_log_group_retention_policy_specific_days_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Log Group /aws/vpc-flow-log/vpc-007d791b9b857543e comply with 365 days retention period since it never expires.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/AWS_Logs.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_3_1", - "3_6_1", - "3_6_2" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_4" - ], - "HIPAA": [ - "164_312_b" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_c_1_2" - ], - "C5-2025": [ - "AM-01.01AC", - "OPS-11.02AC", - "OPS-14.01B", - "OPS-14.02B", - "OPS-26.05B", - "OPS-26.01AS", - "PI-03.02B", - "PSS-04.01B" - ], - "FedRamp-Moderate-Revision-4": [ - "au-6-1-3", - "au-11", - "si-12" - ], - "NIST-800-53-Revision-5": [ - "ac_16_b", - "au_6_3", - "au_6_4", - "au_6_6", - "au_6_9", - "au_10", - "au_11", - "au_11_1", - "au_12_1", - "au_12_2", - "au_12_3", - "au_14_a", - "au_14_b", - "ca_7_b", - "pm_14_a_1", - "pm_14_b", - "pm_21_b", - "pm_31", - "sc_28_2", - "si_4_17", - "si_12" - ], - "ENS-RD2022": [ - "op.exp.8.r3.aws.cw.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "PCI-4.0": [ - "10.5.1.4", - "3.2.1.3", - "3.3.1.1.3", - "3.3.1.3.3", - "3.3.2.3", - "3.3.3.3", - "5.3.4.11" - ], - "FedRAMP-Low-Revision-4": [ - "au-11" - ], - "FFIEC": [ - "d2-ma-ma-b-1" - ], - "PCI-3.2.1": [ - "10.1", - "10.7", - "10.7.b", - "10.7.c" - ], - "CCC": [ - "CCC.Logging.CN02.AR01", - "CCC.Logging.CN02.AR02" - ], - "GxP-21-CFR-Part-11": [ - "11.10-c", - "11.10-e" - ], - "ProwlerThreatScore-1.0": [ - "3.2.2" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC03-BP06" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "NIST-800-53-Revision-4": [ - "au_11", - "si_12" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "NIS2": [ - "1.1.1.h", - "3.2.3.c", - "3.2.5", - "4.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Check if CloudWatch Log Groups have a retention policy of specific days.", - "title": "Check if CloudWatch Log Groups have a retention policy of specific days.", - "types": [ - "Data Retention" - ], - "uid": "prowler-aws-cloudwatch_log_group_retention_policy_specific_days_enabled-211203495394-eu-west-1-/aws/vpc-flow-log/vpc-007d791b9b857543e" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:logs:eu-west-1:211203495394:log-group:/aws/vpc-flow-log/vpc-007d791b9b857543e:*", - "name": "/aws/vpc-flow-log/vpc-007d791b9b857543e", - "retention_days": 9999, - "never_expire": true, - "kms_id": null, - "region": "eu-west-1", - "log_streams": { - "eni-0cd4fcd4819d5a0b7-all": [ - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899031000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899031 1760899115 - NODATA", - "ingestionTime": 1760899139926, - "eventId": "39269360610670476915885218594189694963071457059547512832" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899046000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899046 1760899127 - NODATA", - "ingestionTime": 1760899149250, - "eventId": "39269360945181654893844565728497413038571606956274024448" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899064000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899064 1760899142 - NODATA", - "ingestionTime": 1760899171015, - "eventId": "39269361346595068467395782302452507265231831869047177216" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899065000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899065 1760899140 - NODATA", - "ingestionTime": 1760899161481, - "eventId": "39269361368895813665926405432462355128969412946093211648" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899074000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899074 1760899154 - NODATA", - "ingestionTime": 1760899180685, - "eventId": "39269361569602520452702013729500161457508911822151876608" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899087000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899087 1760899164 - NODATA", - "ingestionTime": 1760899188926, - "eventId": "39269361859512208033600114579426962274716549575521730560" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899093000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899093 1760899177 - NODATA", - "ingestionTime": 1760899202942, - "eventId": "39269361993316679224783853445585976414341769780327874560" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899096000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899096 1760899173 - NODATA", - "ingestionTime": 1760899189534, - "eventId": "39269362060218914820375722853983829530393030289362518016" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899107000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899107 1760899183 - NODATA", - "ingestionTime": 1760899208282, - "eventId": "39269362305527112004212577433541251354104638611981205504" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899120000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899120 1760899194 - NODATA", - "ingestionTime": 1760899249444, - "eventId": "39269362595436799585110678323267367353868490709992013824" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899124000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899124 1760899204 - NODATA", - "ingestionTime": 1760899231189, - "eventId": "39269362684639780379233170867341403349163730796893896704" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899145000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899145 1760899226 - NODATA", - "ingestionTime": 1760899248783, - "eventId": "39269363152955429548376256860861233320174442224344956928" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899153000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899153 1760899239 - NODATA", - "ingestionTime": 1760899262856, - "eventId": "39269363331361391136621242010160382151535307798841524224" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899156000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899156 1760899233 - NODATA", - "ingestionTime": 1760899251214, - "eventId": "39269363398263626732213111420693427286550341112125521920" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899167000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899167 1760899245 - NODATA", - "ingestionTime": 1760899267593, - "eventId": "39269363643571823916049965997386872465211874059378688000" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899181000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899181 1760899254 - NODATA", - "ingestionTime": 1760899309470, - "eventId": "39269363955782256695478690029513573287107439005186064384" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899184000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899184 1760899260 - NODATA", - "ingestionTime": 1760899280418, - "eventId": "39269364022684492291070559418998784362727835457823440896" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899187000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899187 1760899266 - NODATA", - "ingestionTime": 1760899289733, - "eventId": "39269364089586727886662428854866949624521773410794864640" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899194000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899194 1760899275 - NODATA", - "ingestionTime": 1760899299733, - "eventId": "39269364245691944276376790857706543416476686971921301504" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899204000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899204 1760899286 - NODATA", - "ingestionTime": 1760899309875, - "eventId": "39269364468699396261683022285324313923175968945211310080" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899213000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899213 1760899293 - NODATA", - "ingestionTime": 1760899319552, - "eventId": "39269364669406103048458630570844658358774455533122027520" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899215000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899215 1760899293 - NODATA", - "ingestionTime": 1760899311165, - "eventId": "39269364714007593445519876843776711888539935711792070656" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899227000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899227 1760899304 - NODATA", - "ingestionTime": 1760899327528, - "eventId": "39269364981616535827887354561987052343875666657387479040" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899241000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899241 1760899314 - NODATA", - "ingestionTime": 1760899369674, - "eventId": "39269365293826968607316078594438607167353915397586354176" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899245000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899245 1760899321 - NODATA", - "ingestionTime": 1760899340795, - "eventId": "39269365383029949401438571125668891064507806525688119296" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899247000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899247 1760899325 - NODATA", - "ingestionTime": 1760899349747, - "eventId": "39269365427631439798499817419562686664009994535042416640" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899248000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899248 1760899335 - NODATA", - "ingestionTime": 1760899361737, - "eventId": "39269365449932184997030440575593663755083845328799662080" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899263000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899263 1760899343 - NODATA", - "ingestionTime": 1760899367618, - "eventId": "39269365784443362974989787705738802661146729846819127296" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899271000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899271 1760899355 - NODATA", - "ingestionTime": 1760899379484, - "eventId": "39269365962849324563234772852369513371529050589700489216" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899276000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899276 1760899352 - NODATA", - "ingestionTime": 1760899371708, - "eventId": "39269366074353050555887888550647785025367173779549388800" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899287000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899287 1760899364 - NODATA", - "ingestionTime": 1760899389077, - "eventId": "39269366319661247739724743128538737171054749321939386368" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899303000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899303 1760899375 - NODATA", - "ingestionTime": 1760899431081, - "eventId": "39269366676473170916214713443889494423911819403013455872" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899305000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899305 1760899381 - NODATA", - "ingestionTime": 1760899400414, - "eventId": "39269366721074661313275959689886924638672932144373039104" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899307000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899307 1760899386 - NODATA", - "ingestionTime": 1760899408511, - "eventId": "39269366765676151710337205982746961466829488763300806656" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899314000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899314 1760899394 - NODATA", - "ingestionTime": 1760899420747, - "eventId": "39269366921781368100051567988289637575888457293160448000" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899322000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899322 1760899403 - NODATA", - "ingestionTime": 1760899428007, - "eventId": "39269367100187329688296553129352064058383779008465076224" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899334000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899334 1760899412 - NODATA", - "ingestionTime": 1760899429660, - "eventId": "39269367367796272070664030829778877118210560333827080192" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899336000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899336 1760899417 - NODATA", - "ingestionTime": 1760899442053, - "eventId": "39269367412397762467725277127832967444140093911955144704" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899349000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899349 1760899424 - NODATA", - "ingestionTime": 1760899449340, - "eventId": "39269367702307450048623377976606737167794200106263445504" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899361000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899361 1760899432 - NODATA", - "ingestionTime": 1760899491027, - "eventId": "39269367969916392430990855725431353246427732075437621248" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899363000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899363 1760899441 - NODATA", - "ingestionTime": 1760899460257, - "eventId": "39269368014517882828052101971304249414101267847896170496" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899365000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899365 1760899446 - NODATA", - "ingestionTime": 1760899468665, - "eventId": "39269368059119373225113348264540584396392034426105430016" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899375000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899375 1760899455 - NODATA", - "ingestionTime": 1760899481555, - "eventId": "39269368282126825210419579695480504500212685656322080768" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899383000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899383 1760899467 - NODATA", - "ingestionTime": 1760899487567, - "eventId": "39269368460532786798664564835034776331022815284839055360" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899393000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899393 1760899476 - NODATA", - "ingestionTime": 1760899500793, - "eventId": "39269368683540238783970796266381102896276266334347132928" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899398000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899398 1760899475 - NODATA", - "ingestionTime": 1760899489169, - "eventId": "39269368795043964776623911960006811116316914335348031488" - }, - { - "logStreamName": "eni-0cd4fcd4819d5a0b7-all", - "timestamp": 1760899409000, - "message": "2 211203495394 eni-0cd4fcd4819d5a0b7 - - - - - - - 1760899409 1760899487 - NODATA", - "ingestionTime": 1760899507600, - "eventId": "39269369040352161960460766539181708866508225546449846272" - } - ], - "eni-0eee78be32276dc65-all": [ - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899032000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899032 1760899109 - NODATA", - "ingestionTime": 1760899134945, - "eventId": "39269360632971222114415841729703527226207967234779774976" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899043000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899043 1760899120 - NODATA", - "ingestionTime": 1760899144884, - "eventId": "39269360878279419298252696298611781813145246086503727104" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899052000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899052 1760899132 - NODATA", - "ingestionTime": 1760899154887, - "eventId": "39269361078986126085028304584526361316447343074608021504" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899063000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899063 1760899141 - NODATA", - "ingestionTime": 1760899164127, - "eventId": "39269361324294323268865159152589586655311491293203202048" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899066000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899066 1760899146 - NODATA", - "ingestionTime": 1760899173383, - "eventId": "39269361391196558864457028588387002206051139308865585152" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899070000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899070 1760899140 - NODATA", - "ingestionTime": 1760899156170, - "eventId": "39269361480399539658579521133720174781408048766989828096" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899074000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899074 1760899155 - NODATA", - "ingestionTime": 1760899186448, - "eventId": "39269361569602520452702013736466909309389429082721353728" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899096000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899096 1760899175 - NODATA", - "ingestionTime": 1760899197470, - "eventId": "39269362060218914820375722863577669461616015304736112640" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899107000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899107 1760899182 - NODATA", - "ingestionTime": 1760899205402, - "eventId": "39269362305527112004212577430059792118031670795614355456" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899124000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899124 1760899200 - NODATA", - "ingestionTime": 1760899224570, - "eventId": "39269362684639780379233170859339700182272340779870912512" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899127000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899127 1760899206 - NODATA", - "ingestionTime": 1760899231868, - "eventId": "39269362751542015974825040292769706477577608203599740928" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899130000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899130 1760899200 - NODATA", - "ingestionTime": 1760899216262, - "eventId": "39269362818444251570416909698510075089137464840133804032" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899133000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899133 1760899215 - NODATA", - "ingestionTime": 1760899246210, - "eventId": "39269362885346487166008779159322407412871585528894324736" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899153000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899153 1760899230 - NODATA", - "ingestionTime": 1760899251400, - "eventId": "39269363331361391136621241996311121221405119004043444224" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899157000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899157 1760899235 - NODATA", - "ingestionTime": 1760899258021, - "eventId": "39269363420564371930743734570458344598590417900065914880" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899167000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899167 1760899242 - NODATA", - "ingestionTime": 1760899266548, - "eventId": "39269363643571823916049965996123562950678726130113904640" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899174000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899174 1760899250 - NODATA", - "ingestionTime": 1760899275556, - "eventId": "39269363799677040305764327997764003167285750075715420160" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899183000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899183 1760899262 - NODATA", - "ingestionTime": 1760899284289, - "eventId": "39269364000383747092539936282143032915656252264968749056" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899187000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899187 1760899266 - NODATA", - "ingestionTime": 1760899291413, - "eventId": "39269364089586727886662428856898380600297619606114140160" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899190000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899190 1760899260 - NODATA", - "ingestionTime": 1760899276225, - "eventId": "39269364156488963482254298263144306458468370593886044160" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899193000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899193 1760899277 - NODATA", - "ingestionTime": 1760899303806, - "eventId": "39269364223391199077846167721094564420197117221625790464" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899196000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899196 1760899260 - NODATA", - "ingestionTime": 1760899334586, - "eventId": "39269364290293434673438037182912416456716008702408523776" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899213000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899213 1760899289 - NODATA", - "ingestionTime": 1760899311121, - "eventId": "39269364669406103048458630560652132630159455450075103232" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899216000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899216 1760899295 - NODATA", - "ingestionTime": 1760899318499, - "eventId": "39269364736308338644050499994179034332937535505210343424" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899227000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899227 1760899305 - NODATA", - "ingestionTime": 1760899326390, - "eventId": "39269364981616535827887354560611681081931410087592263680" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899232 1760899310 - NODATA", - "ingestionTime": 1760899336203, - "eventId": "39269365093120261820540470280153350599481452527376269312" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899243000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899243 1760899323 - NODATA", - "ingestionTime": 1760899343742, - "eventId": "39269365338428459004377324846160248388421245006660304896" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899249000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899249 1760899320 - NODATA", - "ingestionTime": 1760899336117, - "eventId": "39269365472232930195561063686156260435021330376417148928" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899249000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899249 1760899327 - NODATA", - "ingestionTime": 1760899352321, - "eventId": "39269365472232930195561063705745793873400791408967090176" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899251000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899251 1760899336 - NODATA", - "ingestionTime": 1760899367212, - "eventId": "39269365516834420592622310006819254946281577326604779520" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899274000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899274 1760899353 - NODATA", - "ingestionTime": 1760899373962, - "eventId": "39269366029751560158826642270301412512888178252004589568" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899274000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899274 1760899355 - NODATA", - "ingestionTime": 1760899379402, - "eventId": "39269366029751560158826642276877930662977506319400042496" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899284000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899284 1760899362 - NODATA", - "ingestionTime": 1760899386982, - "eventId": "39269366252759012144132873701398387328881161898128637952" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899294000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899294 1760899372 - NODATA", - "ingestionTime": 1760899394477, - "eventId": "39269366475766464129439105125816695702172340211787300864" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899303000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899303 1760899383 - NODATA", - "ingestionTime": 1760899405478, - "eventId": "39269366676473170916214713412937602135678394228114522112" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899308000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899308 1760899386 - NODATA", - "ingestionTime": 1760899413706, - "eventId": "39269366787976896908867829130563046940109806326346612736" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899310000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899310 1760899380 - NODATA", - "ingestionTime": 1760899397821, - "eventId": "39269366832578387305929075394430702698688020571642724352" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899314000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899314 1760899397 - NODATA", - "ingestionTime": 1760899425864, - "eventId": "39269366921781368100051567994475576217536599340043665408" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899334000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899334 1760899415 - NODATA", - "ingestionTime": 1760899441656, - "eventId": "39269367367796272070664030844281469904033722035045597184" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899335000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899335 1760899410 - NODATA", - "ingestionTime": 1760899430876, - "eventId": "39269367390097017269194653972784979191565215734678749184" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899347000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899347 1760899423 - NODATA", - "ingestionTime": 1760899447684, - "eventId": "39269367657705959651562131691532913759489711811767500800" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899354000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899354 1760899432 - NODATA", - "ingestionTime": 1760899456589, - "eventId": "39269367813811176041276493693048475725746690637326057472" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899363000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899363 1760899442 - NODATA", - "ingestionTime": 1760899463202, - "eventId": "39269368014517882828052101974864753397017949679660957696" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899367000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899367 1760899446 - NODATA", - "ingestionTime": 1760899472723, - "eventId": "39269368103720863622174594552517552425934392550237077504" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899371000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899371 1760899440 - NODATA", - "ingestionTime": 1760899455859, - "eventId": "39269368192923844416297087098273510881125605169948065792" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899375000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899375 1760899457 - NODATA", - "ingestionTime": 1760899487495, - "eventId": "39269368282126825210419579702662044707283407383455531008" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899392000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899392 1760899469 - NODATA", - "ingestionTime": 1760899490579, - "eventId": "39269368661239493585440173112497448504418584276237156352" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899394000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899394 1760899475 - NODATA", - "ingestionTime": 1760899499905, - "eventId": "39269368705840983982501419406842983598809204891447328768" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899404000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899404 1760899481 - NODATA", - "ingestionTime": 1760899505766, - "eventId": "39269368928848435967807650829285727947167171314158731264" - }, - { - "logStreamName": "eni-0eee78be32276dc65-all", - "timestamp": 1760899410000, - "message": "2 211203495394 eni-0eee78be32276dc65 - - - - - - - 1760899410 1760899487 - NODATA", - "ingestionTime": 1760899518280, - "eventId": "39269369062652907158991389693628934917572999196216262656" - } - ], - "eni-0c1065c914ddc0b88-all": [ - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899033000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899033 1760899111 - NODATA", - "ingestionTime": 1760899131705, - "eventId": "39269360655271967312946464867322652502059743183076327424" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899040000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899040 1760899118 - NODATA", - "ingestionTime": 1760899137950, - "eventId": "39269360811377183702660826865622290103622366602256842752" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899046000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899046 1760899124 - NODATA", - "ingestionTime": 1760899144556, - "eventId": "39269360945181654893844565722822361767392100902754582528" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899056000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899056 1760899132 - NODATA", - "ingestionTime": 1760899177328, - "eventId": "39269361168189106879150797177798657782901584726127869952" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899063000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899063 1760899143 - NODATA", - "ingestionTime": 1760899169949, - "eventId": "39269361324294323268865159159627891617325295385041436672" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899064000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899064 1760899140 - NODATA", - "ingestionTime": 1760899159431, - "eventId": "39269361346595068467395782288448135197190114468420583424" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899074000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899074 1760899156 - NODATA", - "ingestionTime": 1760899175275, - "eventId": "39269361569602520452702013722959486324680047180535889920" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899083000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899083 1760899166 - NODATA", - "ingestionTime": 1760899185928, - "eventId": "39269361770309227239477622009659656615414527865242583040" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899092000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899092 1760899165 - NODATA", - "ingestionTime": 1760899176075, - "eventId": "39269361971015934026253230271570081934998595329796538368" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899096000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899096 1760899172 - NODATA", - "ingestionTime": 1760899192224, - "eventId": "39269362060218914820375722857235374222277287158040035328" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899098000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899098 1760899176 - NODATA", - "ingestionTime": 1760899199417, - "eventId": "39269362104820405217436969149003084469614423673101156352" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899104000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899104 1760899183 - NODATA", - "ingestionTime": 1760899206138, - "eventId": "39269362238624876408620708006342405502528195376838868992" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899120000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899120 1760899191 - NODATA", - "ingestionTime": 1760899236584, - "eventId": "39269362595436799585110678307720767915257233185726332928" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899125000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899125 1760899200 - NODATA", - "ingestionTime": 1760899220918, - "eventId": "39269362706940525577763793996460255943460832392201109504" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899128000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899128 1760899204 - NODATA", - "ingestionTime": 1760899231844, - "eventId": "39269362773842761173355663434276318502510064397876527104" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899135000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899135 1760899213 - NODATA", - "ingestionTime": 1760899237314, - "eventId": "39269362929947977563070025431638968432093462264361123840" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899141000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899141 1760899224 - NODATA", - "ingestionTime": 1760899246469, - "eventId": "39269363063752448754253764291921197519833887840925450240" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899153000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899153 1760899221 - NODATA", - "ingestionTime": 1760899236692, - "eventId": "39269363331361391136621241978529841373228806547492372480" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899156000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899156 1760899232 - NODATA", - "ingestionTime": 1760899254316, - "eventId": "39269363398263626732213111424443243766834742078299963392" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899158000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899158 1760899236 - NODATA", - "ingestionTime": 1760899261035, - "eventId": "39269363442865117129274357715637800582458712370902073344" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899178000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899178 1760899252 - NODATA", - "ingestionTime": 1760899297290, - "eventId": "39269363888880021099886820590181698295679974565315739648" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899182000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899182 1760899260 - NODATA", - "ingestionTime": 1760899280382, - "eventId": "39269363978083001894009313135883871550789736714335223808" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899187000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899187 1760899265 - NODATA", - "ingestionTime": 1760899292137, - "eventId": "39269364089586727886662428857773429136984229455763341312" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899195000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899195 1760899273 - NODATA", - "ingestionTime": 1760899296711, - "eventId": "39269364267992689474907413995588979756838792680283045888" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899203000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899203 1760899285 - NODATA", - "ingestionTime": 1760899308052, - "eventId": "39269364446398651063152399141585090918819749021377363968" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899212000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899212 1760899281 - NODATA", - "ingestionTime": 1760899298603, - "eventId": "39269364647105357849928007403983341063954283086051934208" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899215000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899215 1760899291 - NODATA", - "ingestionTime": 1760899314667, - "eventId": "39269364714007593445519876848010854729212200078675476480" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899218000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899218 1760899297 - NODATA", - "ingestionTime": 1760899318310, - "eventId": "39269364780909829041111746277021645179191239808600047616" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899226000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899226 1760899304 - NODATA", - "ingestionTime": 1760899326316, - "eventId": "39269364959315790629356731418986118130536925037518389248" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899237000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899237 1760899311 - NODATA", - "ingestionTime": 1760899357590, - "eventId": "39269365204623987813193586013687306980555969919094620160" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899245000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899245 1760899320 - NODATA", - "ingestionTime": 1760899339320, - "eventId": "39269365383029949401438571123885830990629396754181455872" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899246000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899246 1760899324 - NODATA", - "ingestionTime": 1760899349453, - "eventId": "39269365405330694599969194277671333444670725721594920960" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899253000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899253 1760899332 - NODATA", - "ingestionTime": 1760899355965, - "eventId": "39269365561435910989683556276294226634700045831045709824" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899260000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899260 1760899342 - NODATA", - "ingestionTime": 1760899367285, - "eventId": "39269365717541127379397918280729457563060667479143677952" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899271000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899271 1760899340 - NODATA", - "ingestionTime": 1760899358012, - "eventId": "39269365962849324563234772826411456326433139600299589632" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899277000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899277 1760899358 - NODATA", - "ingestionTime": 1760899379932, - "eventId": "39269366096653795754418511702125555646941690228634025984" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899280000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899280 1760899354 - NODATA", - "ingestionTime": 1760899373791, - "eventId": "39269366163556031350010381119308943134728694973349036032" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899287000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899287 1760899365 - NODATA", - "ingestionTime": 1760899387122, - "eventId": "39269366319661247739724743126174945862220594307798401024" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899296000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899296 1760899370 - NODATA", - "ingestionTime": 1760899417363, - "eventId": "39269366520367954526500351436555808711909606142480023552" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899303000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899303 1760899380 - NODATA", - "ingestionTime": 1760899401909, - "eventId": "39269366676473170916214713408623065001550703702154543104" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899307000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899307 1760899383 - NODATA", - "ingestionTime": 1760899409238, - "eventId": "39269366765676151710337205983626119966033254102925901824" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899314000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899314 1760899394 - NODATA", - "ingestionTime": 1760899415337, - "eventId": "39269366921781368100051567981749449595694558573866647552" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899324000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899324 1760899407 - NODATA", - "ingestionTime": 1760899426496, - "eventId": "39269367144788820085357799410596776768436318073229869056" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899330000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899330 1760899401 - NODATA", - "ingestionTime": 1760899416680, - "eventId": "39269367278593291276541538247944144611040782249052209152" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899332000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899332 1760899411 - NODATA", - "ingestionTime": 1760899433019, - "eventId": "39269367323194781673602784550768585739390411542126460928" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899336000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899336 1760899417 - NODATA", - "ingestionTime": 1760899441788, - "eventId": "39269367412397762467725277127512237825223402116720689152" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899346000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899346 1760899426 - NODATA", - "ingestionTime": 1760899445148, - "eventId": "39269367635405214453031508546931419772956448249760251904" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899359000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899359 1760899432 - NODATA", - "ingestionTime": 1760899476491, - "eventId": "39269367925314902033929609424786991761781626531123036160" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899362000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899362 1760899441 - NODATA", - "ingestionTime": 1760899460671, - "eventId": "39269367992217137629521478830269449240112434646753738752" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899366000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899366 1760899443 - NODATA", - "ingestionTime": 1760899468688, - "eventId": "39269368081420118423643971406103859309591387589274501120" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899376000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899376 1760899453 - NODATA", - "ingestionTime": 1760899476785, - "eventId": "39269368304427570408950202831249919970625624526780694528" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899384000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899384 1760899466 - NODATA", - "ingestionTime": 1760899488248, - "eventId": "39269368482833531997195187977393757885480410767471214592" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899393000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899393 1760899463 - NODATA", - "ingestionTime": 1760899476616, - "eventId": "39269368683540238783970796237152821956634466018501394432" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899396000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899396 1760899472 - NODATA", - "ingestionTime": 1760899492814, - "eventId": "39269368750442474379562665681342390226297253743843213312" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899398000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899398 1760899476 - NODATA", - "ingestionTime": 1760899499578, - "eventId": "39269368795043964776623911972590426561877822674179457024" - }, - { - "logStreamName": "eni-0c1065c914ddc0b88-all", - "timestamp": 1760899404000, - "message": "2 211203495394 eni-0c1065c914ddc0b88 - - - - - - - 1760899404 1760899483 - NODATA", - "ingestionTime": 1760899507248, - "eventId": "39269368928848435967807650831077445246919319457277739008" - } - ], - "eni-0b032bdd6415e28d2-all": [ - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899035000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899035 1760899113 - NODATA", - "ingestionTime": 1760899133136, - "eventId": "39269360699873457710007711152123610062180414944395264000" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899038000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899038 1760899114 - NODATA", - "ingestionTime": 1760899141191, - "eventId": "39269360766775693305599580586468728036916112958741348352" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899050000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899050 1760899123 - NODATA", - "ingestionTime": 1760899146046, - "eventId": "39269361034384635687967058290766595601835303791956525056" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899058000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899058 1760899131 - NODATA", - "ingestionTime": 1760899159863, - "eventId": "39269361212790597276212043439756002440073202307487825920" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899063000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899063 1760899141 - NODATA", - "ingestionTime": 1760899167762, - "eventId": "39269361324294323268865159156984140043621645568457375744" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899068000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899068 1760899140 - NODATA", - "ingestionTime": 1760899157657, - "eventId": "39269361435798049261518274852446799470266395671291756544" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899068000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899068 1760899151 - NODATA", - "ingestionTime": 1760899175983, - "eventId": "39269361435798049261518274874601161818209012954061209600" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899095000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899095 1760899173 - NODATA", - "ingestionTime": 1760899195345, - "eventId": "39269362037918169621845099719473117068327781693816504320" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899098000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899098 1760899177 - NODATA", - "ingestionTime": 1760899204131, - "eventId": "39269362104820405217436969154701463979111391750678577152" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899106000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899106 1760899186 - NODATA", - "ingestionTime": 1760899211311, - "eventId": "39269362283226366805681954295667591380534219155025690624" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899114000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899114 1760899186 - NODATA", - "ingestionTime": 1760899204393, - "eventId": "39269362461632328393926939419589915749741929816441094144" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899122000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899122 1760899203 - NODATA", - "ingestionTime": 1760899228656, - "eventId": "39269362640038289982171924581207850598435590163328860160" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899125000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899125 1760899194 - NODATA", - "ingestionTime": 1760899249065, - "eventId": "39269362706940525577763794030487974742181412238673444864" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899127000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899127 1760899200 - NODATA", - "ingestionTime": 1760899220738, - "eventId": "39269362751542015974825040279314179297414635168363315200" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899132000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899132 1760899213 - NODATA", - "ingestionTime": 1760899241591, - "eventId": "39269362863045741967478156012202532532736419493011783680" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899143000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899143 1760899223 - NODATA", - "ingestionTime": 1760899253281, - "eventId": "39269363108353939151315010583227663416625814834351243264" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899156000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899156 1760899234 - NODATA", - "ingestionTime": 1760899255488, - "eventId": "39269363398263626732213111425859902023189279008363118592" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899159000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899159 1760899237 - NODATA", - "ingestionTime": 1760899264361, - "eventId": "39269363465165862327804980861194073115574920556078891008" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899168000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899168 1760899246 - NODATA", - "ingestionTime": 1760899269260, - "eventId": "39269363665872569114580589140938428252512150847914049536" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899179000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899179 1760899253 - NODATA", - "ingestionTime": 1760899287510, - "eventId": "39269363911180766298417443719894074932119288698675789824" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899184000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899184 1760899263 - NODATA", - "ingestionTime": 1760899286796, - "eventId": "39269364022684492291070559426709282053852418506933469184" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899189000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899189 1760899260 - NODATA", - "ingestionTime": 1760899280283, - "eventId": "39269364134188218283723675126514426166813898814862065664" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899190000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899190 1760899270 - NODATA", - "ingestionTime": 1760899299057, - "eventId": "39269364156488963482254298290746226088810990608511533056" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899196000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899196 1760899280 - NODATA", - "ingestionTime": 1760899311828, - "eventId": "39269364290293434673438037155400062015818871861690368000" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899215000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899215 1760899294 - NODATA", - "ingestionTime": 1760899324767, - "eventId": "39269364714007593445519876860221022069360705824598065152" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899216000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899216 1760899291 - NODATA", - "ingestionTime": 1760899311774, - "eventId": "39269364736308338644050499986049101087749757179034533888" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899228000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899228 1760899305 - NODATA", - "ingestionTime": 1760899327496, - "eventId": "39269365003917281026417977703483983765827058252031524864" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899236000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899236 1760899313 - NODATA", - "ingestionTime": 1760899372153, - "eventId": "39269365182323242614662962889757246868346573266567036928" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899242000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899242 1760899322 - NODATA", - "ingestionTime": 1760899351210, - "eventId": "39269365316127713805846701713652516863299726898767265792" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899245000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899245 1760899316 - NODATA", - "ingestionTime": 1760899326734, - "eventId": "39269365383029949401438571108670116921054093554823528448" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899246000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899246 1760899320 - NODATA", - "ingestionTime": 1760899342709, - "eventId": "39269365405330694599969194269518376122630654525933879296" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899252000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899252 1760899335 - NODATA", - "ingestionTime": 1760899360418, - "eventId": "39269365539135165791152933140142033914622429515450417152" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899264000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899264 1760899343 - NODATA", - "ingestionTime": 1760899373218, - "eventId": "39269365806744108173520410854044313792513119479803084800" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899275000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899275 1760899355 - NODATA", - "ingestionTime": 1760899375908, - "eventId": "39269366052052305357357265414189441517385877666894970880" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899279000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899279 1760899352 - NODATA", - "ingestionTime": 1760899369219, - "eventId": "39269366141255286151479757972246010380988764276406026240" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899281000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899281 1760899359 - NODATA", - "ingestionTime": 1760899386093, - "eventId": "39269366185856776548541004275716839020567135377730371584" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899291000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899291 1760899368 - NODATA", - "ingestionTime": 1760899396136, - "eventId": "39269366408864228533847235703215102353670681361569349632" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899305000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899305 1760899382 - NODATA", - "ingestionTime": 1760899411018, - "eventId": "39269366721074661313275959702706255481084640795688894464" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899307000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899307 1760899380 - NODATA", - "ingestionTime": 1760899401309, - "eventId": "39269366765676151710337205974040218737002706934304473088" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899307000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899307 1760899377 - NODATA", - "ingestionTime": 1760899407058, - "eventId": "39269366765676151710337205980990486288538753834262528000" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899310000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899310 1760899393 - NODATA", - "ingestionTime": 1760899419461, - "eventId": "39269366832578387305929075420592256492361369792011894784" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899324000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899324 1760899404 - NODATA", - "ingestionTime": 1760899433640, - "eventId": "39269367144788820085357799419233581698511609406149165056" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899335000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899335 1760899412 - NODATA", - "ingestionTime": 1760899433908, - "eventId": "39269367390097017269194653976450088980403729997574832128" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899339000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899339 1760899418 - NODATA", - "ingestionTime": 1760899443512, - "eventId": "39269367479299998063317146554203490059711429749104771072" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899352000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899352 1760899428 - NODATA", - "ingestionTime": 1760899450328, - "eventId": "39269367769209685644215247402407859453740699287278387200" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899361000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899361 1760899433 - NODATA", - "ingestionTime": 1760899454519, - "eventId": "39269367969916392430990855681296183876299316157353951232" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899366000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899366 1760899444 - NODATA", - "ingestionTime": 1760899474591, - "eventId": "39269368081420118423643971413240484439095664219683618816" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899367000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899367 1760899442 - NODATA", - "ingestionTime": 1760899465925, - "eventId": "39269368103720863622174594544299428355023128143241412608" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899368000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899368 1760899453 - NODATA", - "ingestionTime": 1760899486443, - "eventId": "39269368126021608820705217710640157343359909657957302272" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899371000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899371 1760899440 - NODATA", - "ingestionTime": 1760899453355, - "eventId": "39269368192923844416297087095246106187430342297292636160" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899394000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899394 1760899469 - NODATA", - "ingestionTime": 1760899492226, - "eventId": "39269368705840983982501419397559717026373074890956865536" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899395000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899395 1760899474 - NODATA", - "ingestionTime": 1760899499679, - "eventId": "39269368728141729181032042548105768502328698924799033344" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899401000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899401 1760899480 - NODATA", - "ingestionTime": 1760899505761, - "eventId": "39269368861946200372215781404672778473133206005118402560" - }, - { - "logStreamName": "eni-0b032bdd6415e28d2-all", - "timestamp": 1760899411000, - "message": "2 211203495394 eni-0b032bdd6415e28d2 - - - - - - - 1760899411 1760899487 - NODATA", - "ingestionTime": 1760899516510, - "eventId": "39269369084953652357522012833024672600503351423856934912" - } - ], - "eni-0412563bcfde47c07-all": [ - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899035000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899035 1760899115 - NODATA", - "ingestionTime": 1760899136495, - "eventId": "39269360699873457710007711156184720977592577186848636928" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899040000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899040 1760899119 - NODATA", - "ingestionTime": 1760899143305, - "eventId": "39269360811377183702660826872095664712709160858448297984" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899053000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899053 1760899129 - NODATA", - "ingestionTime": 1760899149871, - "eventId": "39269361101286871283558927719998164556081147111036944384" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899061000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899061 1760899143 - NODATA", - "ingestionTime": 1760899171229, - "eventId": "39269361279692832871803912878103970731973143505727586304" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899065000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899065 1760899134 - NODATA", - "ingestionTime": 1760899159080, - "eventId": "39269361368895813665926405429559601888144427773353132032" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899067000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899067 1760899140 - NODATA", - "ingestionTime": 1760899158188, - "eventId": "39269361413497304062987651711552518719516224710275825664" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899069000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899069 1760899153 - NODATA", - "ingestionTime": 1760899183464, - "eventId": "39269361458098794460048898025181141301956577880678137856" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899079000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899079 1760899147 - NODATA", - "ingestionTime": 1760899160601, - "eventId": "39269361681106246445355129412898811658073252175123316736" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899087000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899087 1760899166 - NODATA", - "ingestionTime": 1760899189376, - "eventId": "39269361859512208033600114579970893901776463807182798848" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899097000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899097 1760899176 - NODATA", - "ingestionTime": 1760899197279, - "eventId": "39269362082519660018906346004882537813687509194151165952" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899101000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899101 1760899179 - NODATA", - "ingestionTime": 1760899207385, - "eventId": "39269362171722640813028838583242579865759321101520076800" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899110000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899110 1760899188 - NODATA", - "ingestionTime": 1760899210660, - "eventId": "39269362372429347599804446861023392143998122008465309696" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899125000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899125 1760899194 - NODATA", - "ingestionTime": 1760899218812, - "eventId": "39269362706940525577763793993914106303142960102158041088" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899127000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899127 1760899203 - NODATA", - "ingestionTime": 1760899219418, - "eventId": "39269362751542015974825040277718476328369986825337700352" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899128000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899128 1760899200 - NODATA", - "ingestionTime": 1760899219120, - "eventId": "39269362773842761173355663418894165674178680573615538176" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899128000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899128 1760899205 - NODATA", - "ingestionTime": 1760899229665, - "eventId": "39269362773842761173355663431641781566952475279059255296" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899131000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899131 1760899216 - NODATA", - "ingestionTime": 1760899246092, - "eventId": "39269362840744996768947532876108041980772891761732091904" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899154000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899154 1760899229 - NODATA", - "ingestionTime": 1760899251163, - "eventId": "39269363353662136335151865137560078513468959389785718784" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899156000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899156 1760899234 - NODATA", - "ingestionTime": 1760899255712, - "eventId": "39269363398263626732213111426130916777394430857751101440" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899161000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899161 1760899240 - NODATA", - "ingestionTime": 1760899263829, - "eventId": "39269363509767352724866227143622613852783293494349135872" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899165000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899165 1760899246 - NODATA", - "ingestionTime": 1760899273641, - "eventId": "39269363598970333518988719721627354493523822240846249984" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899185000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899185 1760899255 - NODATA", - "ingestionTime": 1760899281581, - "eventId": "39269364044985237489601182561940566582802392043117805568" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899187000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899187 1760899274 - NODATA", - "ingestionTime": 1760899303013, - "eventId": "39269364089586727886662428870921814201369867240798355456" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899189000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899189 1760899265 - NODATA", - "ingestionTime": 1760899290113, - "eventId": "39269364134188218283723675138397685858692808796273704960" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899190000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899190 1760899260 - NODATA", - "ingestionTime": 1760899280671, - "eventId": "39269364156488963482254298268519062333023165200494231552" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899193000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899193 1760899263 - NODATA", - "ingestionTime": 1760899278795, - "eventId": "39269364223391199077846167690858269798831755613942710272" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899207000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899207 1760899286 - NODATA", - "ingestionTime": 1760899310638, - "eventId": "39269364535601631857274891710854073565882969999478882304" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899215000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899215 1760899292 - NODATA", - "ingestionTime": 1760899315726, - "eventId": "39269364714007593445519876849290783883655349661687152640" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899221000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899221 1760899301 - NODATA", - "ingestionTime": 1760899327482, - "eventId": "39269364847812064636703615712717370070625663115083776000" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899229000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899229 1760899308 - NODATA", - "ingestionTime": 1760899331997, - "eventId": "39269365026218026224948600850461253750180961257934094336" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899246000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899246 1760899320 - NODATA", - "ingestionTime": 1760899337920, - "eventId": "39269365405330694599969194263728842467517601889384857600" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899248000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899248 1760899316 - NODATA", - "ingestionTime": 1760899340670, - "eventId": "39269365449932184997030440550125147054714641578971234304" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899248000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899248 1760899326 - NODATA", - "ingestionTime": 1760899350749, - "eventId": "39269365449932184997030440562310038574271999808824475648" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899248000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899248 1760899334 - NODATA", - "ingestionTime": 1760899362257, - "eventId": "39269365449932184997030440576222135510589021884186427392" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899250000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899250 1760899322 - NODATA", - "ingestionTime": 1760899338788, - "eventId": "39269365494533675394091686830921152320352927561249128448" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899270000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899270 1760899347 - NODATA", - "ingestionTime": 1760899368708, - "eventId": "39269365940548579364704149697806783144105333794766585856" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899275000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899275 1760899355 - NODATA", - "ingestionTime": 1760899377918, - "eventId": "39269366052052305357357265416619650568836686043098578944" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899282000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899282 1760899359 - NODATA", - "ingestionTime": 1760899382772, - "eventId": "39269366208157521747071627413237592563353248892668477440" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899289000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899289 1760899368 - NODATA", - "ingestionTime": 1760899393097, - "eventId": "39269366364262738136785989416469683496947752941870645248" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899306000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899306 1760899383 - NODATA", - "ingestionTime": 1760899410529, - "eventId": "39269366743375406511806582843650936186411307196496478208" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899307000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899307 1760899377 - NODATA", - "ingestionTime": 1760899397968, - "eventId": "39269366765676151710337205970001456823899431732343996416" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899307000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899307 1760899380 - NODATA", - "ingestionTime": 1760899400607, - "eventId": "39269366765676151710337205973191896492119022919563018240" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899309000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899309 1760899396 - NODATA", - "ingestionTime": 1760899423126, - "eventId": "39269366810277642107398452283487031653564659198874484736" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899316000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899316 1760899382 - NODATA", - "ingestionTime": 1760899399106, - "eventId": "39269366966382858497112814245198916281112315683434004480" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899331000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899331 1760899406 - NODATA", - "ingestionTime": 1760899430913, - "eventId": "39269367300894036475072161406686974765064859028356005888" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899335000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899335 1760899415 - NODATA", - "ingestionTime": 1760899437272, - "eventId": "39269367390097017269194653980516978150189752716098142208" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899339000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899339 1760899418 - NODATA", - "ingestionTime": 1760899447124, - "eventId": "39269367479299998063317146558570512292617288860634185728" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899351000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899351 1760899427 - NODATA", - "ingestionTime": 1760899454220, - "eventId": "39269367746908940445684624265577228552990440521160261632" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899366000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899366 1760899439 - NODATA", - "ingestionTime": 1760899459961, - "eventId": "39269368081420118423643971395553591908768001739518377984" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899369000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899369 1760899440 - NODATA", - "ingestionTime": 1760899457693, - "eventId": "39269368148322354019235840817419132639093943126178463744" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899369000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899369 1760899444 - NODATA", - "ingestionTime": 1760899469981, - "eventId": "39269368148322354019235840832274191397035876158754783232" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899369000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899369 1760899454 - NODATA", - "ingestionTime": 1760899484008, - "eventId": "39269368148322354019235840849232080110616189955149922304" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899374000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899374 1760899441 - NODATA", - "ingestionTime": 1760899460296, - "eventId": "39269368259826080011888956528244589978217412339484983296" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899392000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899392 1760899467 - NODATA", - "ingestionTime": 1760899489716, - "eventId": "39269368661239493585440173111454201356029973516445417472" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899395000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899395 1760899475 - NODATA", - "ingestionTime": 1760899496760, - "eventId": "39269368728141729181032042544576516340573757947585167360" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899402000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899402 1760899481 - NODATA", - "ingestionTime": 1760899503957, - "eventId": "39269368884246945570746404544027514969411264622420295680" - }, - { - "logStreamName": "eni-0412563bcfde47c07-all", - "timestamp": 1760899413000, - "message": "2 211203495394 eni-0412563bcfde47c07 - - - - - - - 1760899413 1760899488 - NODATA", - "ingestionTime": 1760899511503, - "eventId": "39269369129555142754583259110043103669214552903807205376" - } - ], - "eni-0affc8cb976d281e4-all": [ - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899035000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899035 1760899116 - NODATA", - "ingestionTime": 1760899138840, - "eventId": "39269360699873457710007711159019469104701397634533228544" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899046000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899046 1760899125 - NODATA", - "ingestionTime": 1760899146967, - "eventId": "39269360945181654893844565725737606527934368011554914304" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899060000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899060 1760899132 - NODATA", - "ingestionTime": 1760899190646, - "eventId": "39269361257392087673273289760042133263107400332285378560" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899066000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899066 1760899146 - NODATA", - "ingestionTime": 1760899167560, - "eventId": "39269361391196558864457028581347041359969927984593829888" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899074000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899074 1760899154 - NODATA", - "ingestionTime": 1760899179105, - "eventId": "39269361569602520452702013727590210801973350606697005056" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899087000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899087 1760899164 - NODATA", - "ingestionTime": 1760899192244, - "eventId": "39269361859512208033600114583438176555824605694748459008" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899094000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899094 1760899177 - NODATA", - "ingestionTime": 1760899198599, - "eventId": "39269362015617424423314476581871073057489942101635956736" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899096000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899096 1760899173 - NODATA", - "ingestionTime": 1760899189115, - "eventId": "39269362060218914820375722853477185278320939846186958848" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899109000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899109 1760899185 - NODATA", - "ingestionTime": 1760899210726, - "eventId": "39269362350128602401273823719567361138346684332021776384" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899122000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899122 1760899194 - NODATA", - "ingestionTime": 1760899250823, - "eventId": "39269362640038289982171924608006329965051610956954140672" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899124000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899124 1760899206 - NODATA", - "ingestionTime": 1760899227914, - "eventId": "39269362684639780379233170863382549457541174480434364416" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899126000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899126 1760899200 - NODATA", - "ingestionTime": 1760899219338, - "eventId": "39269362729241270776294417136085999322452702428389244928" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899144000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899144 1760899226 - NODATA", - "ingestionTime": 1760899247368, - "eventId": "39269363130654684349845633717615132665541153038186250240" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899153000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899153 1760899235 - NODATA", - "ingestionTime": 1760899261725, - "eventId": "39269363331361391136621242008792839945762262059483660288" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899167000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899167 1760899245 - NODATA", - "ingestionTime": 1760899268996, - "eventId": "39269363643571823916049965999083152685223837249222017024" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899182000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899182 1760899254 - NODATA", - "ingestionTime": 1760899310544, - "eventId": "39269363978083001894009313172347560528882751266101002240" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899184000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899184 1760899260 - NODATA", - "ingestionTime": 1760899281322, - "eventId": "39269364022684492291070559420091896183115699813441011712" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899186000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899186 1760899266 - NODATA", - "ingestionTime": 1760899287931, - "eventId": "39269364067285982688131805711152844471674574293835710464" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899194000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899194 1760899275 - NODATA", - "ingestionTime": 1760899299457, - "eventId": "39269364245691944276376790857372500237716647776452476928" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899204000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899204 1760899285 - NODATA", - "ingestionTime": 1760899309818, - "eventId": "39269364468699396261683022285255354161015274794248699904" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899213000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899213 1760899295 - NODATA", - "ingestionTime": 1760899320882, - "eventId": "39269364669406103048458630572452503370674395929094586368" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899215000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899215 1760899293 - NODATA", - "ingestionTime": 1760899311810, - "eventId": "39269364714007593445519876844556444173706942228705116160" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899229000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899229 1760899309 - NODATA", - "ingestionTime": 1760899328555, - "eventId": "39269365026218026224948600846300242377921950412429459456" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899241000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899241 1760899325 - NODATA", - "ingestionTime": 1760899348957, - "eventId": "39269365293826968607316078569393086186336604020860649472" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899241000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899241 1760899314 - NODATA", - "ingestionTime": 1760899372605, - "eventId": "39269365293826968607316078597982298375350150780347219968" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899245000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899245 1760899321 - NODATA", - "ingestionTime": 1760899340200, - "eventId": "39269365383029949401438571124949559171644792505665978368" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899251000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899251 1760899335 - NODATA", - "ingestionTime": 1760899359866, - "eventId": "39269365516834420592622309997938463861202851147023974400" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899266000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899266 1760899345 - NODATA", - "ingestionTime": 1760899367752, - "eventId": "39269365851345598570581657130508151919096926587179171840" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899272000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899272 1760899359 - NODATA", - "ingestionTime": 1760899383256, - "eventId": "39269365985150069761765395998465481644863673480582332416" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899276000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899276 1760899352 - NODATA", - "ingestionTime": 1760899370378, - "eventId": "39269366074353050555887888549039652693215533761524727808" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899288000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899288 1760899366 - NODATA", - "ingestionTime": 1760899388583, - "eventId": "39269366341961992938255366269476998944118616763606564864" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899303000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899303 1760899381 - NODATA", - "ingestionTime": 1760899400318, - "eventId": "39269366676473170916214713406699804785352071340302925824" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899303000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899303 1760899375 - NODATA", - "ingestionTime": 1760899429510, - "eventId": "39269366676473170916214713441990338386303280666812350464" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899307000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899307 1760899384 - NODATA", - "ingestionTime": 1760899411298, - "eventId": "39269366765676151710337205986116559650590329171965837312" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899312000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899312 1760899394 - NODATA", - "ingestionTime": 1760899422796, - "eventId": "39269366877179877702990321707695130867012944863901057024" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899322000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899322 1760899403 - NODATA", - "ingestionTime": 1760899428577, - "eventId": "39269367100187329688296553130041479120048520123150827520" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899334000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899334 1760899412 - NODATA", - "ingestionTime": 1760899432439, - "eventId": "39269367367796272070664030833138720654446275223893245952" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899334000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899334 1760899414 - NODATA", - "ingestionTime": 1760899439881, - "eventId": "39269367367796272070664030842135296708003520290717499392" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899347000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899347 1760899424 - NODATA", - "ingestionTime": 1760899451070, - "eventId": "39269367657705959651562131695626595798239555883438637056" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899361000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899361 1760899435 - NODATA", - "ingestionTime": 1760899490451, - "eventId": "39269367969916392430990855724735341148002908163555328000" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899364000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899364 1760899441 - NODATA", - "ingestionTime": 1760899459187, - "eventId": "39269368036818628026582725111546443776056460041485942784" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899366000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899366 1760899447 - NODATA", - "ingestionTime": 1760899471147, - "eventId": "39269368081420118423643971409076505618835547023528493056" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899370000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899370 1760899452 - NODATA", - "ingestionTime": 1760899479024, - "eventId": "39269368170623099217766463984742283714993043411306807296" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899382000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899382 1760899467 - NODATA", - "ingestionTime": 1760899488669, - "eventId": "39269368438232041600133941694831139681884182062797881344" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899394000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899394 1760899475 - NODATA", - "ingestionTime": 1760899502220, - "eventId": "39269368705840983982501419409641737709798658672228827136" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899398000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899398 1760899473 - NODATA", - "ingestionTime": 1760899489665, - "eventId": "39269368795043964776623911960606453012996625068128206848" - }, - { - "logStreamName": "eni-0affc8cb976d281e4-all", - "timestamp": 1760899409000, - "message": "2 211203495394 eni-0affc8cb976d281e4 - - - - - - - 1760899409 1760899486 - NODATA", - "ingestionTime": 1760899512065, - "eventId": "39269369040352161960460766544579612106892416237728497664" - } - ], - "eni-0cc527ecbe7a26eaf-all": [ - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899035000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899035 1760899117 - NODATA", - "ingestionTime": 1760899142936, - "eventId": "39269360699873457710007711163971510559320265101743685632" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899036000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899036 1760899114 - NODATA", - "ingestionTime": 1760899134414, - "eventId": "39269360722174202908538334295204820463313948714318168064" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899050000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899050 1760899129 - NODATA", - "ingestionTime": 1760899152727, - "eventId": "39269361034384635687967058298843497727773204937133850624" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899063000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899063 1760899133 - NODATA", - "ingestionTime": 1760899185523, - "eventId": "39269361324294323268865159178455904111196628287686770688" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899065000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899065 1760899140 - NODATA", - "ingestionTime": 1760899158843, - "eventId": "39269361368895813665926405429273417399856208608128204800" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899066000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899066 1760899145 - NODATA", - "ingestionTime": 1760899168245, - "eventId": "39269361391196558864457028582175509246823037858524626944" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899072000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899072 1760899154 - NODATA", - "ingestionTime": 1760899181163, - "eventId": "39269361525001030055640767447006181139772869756776218624" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899090000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899090 1760899170 - NODATA", - "ingestionTime": 1760899193900, - "eventId": "39269361926414443629191984010047495961379235145155215360" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899092000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899092 1760899177 - NODATA", - "ingestionTime": 1760899202749, - "eventId": "39269361971015934026253230303816785979875019549754589184" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899110000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899110 1760899188 - NODATA", - "ingestionTime": 1760899210860, - "eventId": "39269362372429347599804446861265377207808753828176592896" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899125000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899125 1760899204 - NODATA", - "ingestionTime": 1760899230989, - "eventId": "39269362706940525577763794008635558579997690313193750528" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899126000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899126 1760899200 - NODATA", - "ingestionTime": 1760899219830, - "eventId": "39269362729241270776294417136680824586241537371595341824" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899127000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899127 1760899212 - NODATA", - "ingestionTime": 1760899242326, - "eventId": "39269362751542015974825040305412561063885034823646773248" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899146000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899146 1760899226 - NODATA", - "ingestionTime": 1760899246152, - "eventId": "39269363175256174746906879999216657007477593368650383360" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899152000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899152 1760899231 - NODATA", - "ingestionTime": 1760899253019, - "eventId": "39269363309060645938090618856732243219578704771989635072" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899156000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899156 1760899237 - NODATA", - "ingestionTime": 1760899263736, - "eventId": "39269363398263626732213111435831655263089646910124851200" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899170000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899170 1760899247 - NODATA", - "ingestionTime": 1760899271074, - "eventId": "39269363710474059511641835426202440992731308715443683328" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899184000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899184 1760899260 - NODATA", - "ingestionTime": 1760899279688, - "eventId": "39269364022684492291070559418116119557759800710406471680" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899186000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899186 1760899257 - NODATA", - "ingestionTime": 1760899306262, - "eventId": "39269364067285982688131805733313731667256371536065331200" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899188000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899188 1760899266 - NODATA", - "ingestionTime": 1760899288672, - "eventId": "39269364111887473085193051995119913844343400534901653504" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899194000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899194 1760899275 - NODATA", - "ingestionTime": 1760899299252, - "eventId": "39269364245691944276376790857125149363662073314597076992" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899204000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899204 1760899285 - NODATA", - "ingestionTime": 1760899309280, - "eventId": "39269364468699396261683022284605296878582061744064102400" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899214000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899214 1760899291 - NODATA", - "ingestionTime": 1760899314311, - "eventId": "39269364691706848246989253706044751639540719357729177600" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899215000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899215 1760899296 - NODATA", - "ingestionTime": 1760899324087, - "eventId": "39269364714007593445519876859398939631364402504914436096" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899232 1760899310 - NODATA", - "ingestionTime": 1760899334354, - "eventId": "39269365093120261820540470277918148826862523982991851520" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899245000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899245 1760899320 - NODATA", - "ingestionTime": 1760899341889, - "eventId": "39269365383029949401438571126991283198097922654519689216" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899245000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899245 1760899325 - NODATA", - "ingestionTime": 1760899348539, - "eventId": "39269365383029949401438571135031132663793566278058115072" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899246000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899246 1760899316 - NODATA", - "ingestionTime": 1760899366160, - "eventId": "39269365405330694599969194297869179122661927007680724992" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899253000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899253 1760899335 - NODATA", - "ingestionTime": 1760899360237, - "eventId": "39269365561435910989683556281458718788128809122697052160" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899263000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899263 1760899343 - NODATA", - "ingestionTime": 1760899367744, - "eventId": "39269365784443362974989787705891158615048326713479266304" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899275000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899275 1760899352 - NODATA", - "ingestionTime": 1760899372061, - "eventId": "39269366052052305357357265409538549045672232196748017664" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899275000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899275 1760899358 - NODATA", - "ingestionTime": 1760899383656, - "eventId": "39269366052052305357357265423556517543661022486787260416" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899290000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899290 1760899367 - NODATA", - "ingestionTime": 1760899391461, - "eventId": "39269366386563483335316612556027451863182680765922607104" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899303000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899303 1760899381 - NODATA", - "ingestionTime": 1760899403625, - "eventId": "39269366676473170916214713410697222888582558342587351040" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899307000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899307 1760899384 - NODATA", - "ingestionTime": 1760899411002, - "eventId": "39269366765676151710337205985758614282112731246506541056" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899314000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899314 1760899394 - NODATA", - "ingestionTime": 1760899419972, - "eventId": "39269366921781368100051567987352686539192809824210518016" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899324000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899324 1760899404 - NODATA", - "ingestionTime": 1760899426887, - "eventId": "39269367144788820085357799411069452063340406770065408000" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899334000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899334 1760899412 - NODATA", - "ingestionTime": 1760899434439, - "eventId": "39269367367796272070664030835556822797651854308072357888" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899334000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899334 1760899417 - NODATA", - "ingestionTime": 1760899446456, - "eventId": "39269367367796272070664030850084056944309412406590767104" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899351000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899351 1760899427 - NODATA", - "ingestionTime": 1760899451312, - "eventId": "39269367746908940445684624262062177639914816024458821632" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899364000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899364 1760899441 - NODATA", - "ingestionTime": 1760899459035, - "eventId": "39269368036818628026582725111362754830102764013299433472" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899364000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899364 1760899446 - NODATA", - "ingestionTime": 1760899470289, - "eventId": "39269368036818628026582725124967908315929005802571956224" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899368000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899368 1760899437 - NODATA", - "ingestionTime": 1760899486041, - "eventId": "39269368126021608820705217710153819616007802450744442880" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899370000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899370 1760899452 - NODATA", - "ingestionTime": 1760899480164, - "eventId": "39269368170623099217766463986120228458155453978742292480" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899383000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899383 1760899466 - NODATA", - "ingestionTime": 1760899488206, - "eventId": "39269368460532786798664564835806916203379451258122797056" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899393000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899393 1760899476 - NODATA", - "ingestionTime": 1760899506645, - "eventId": "39269368683540238783970796273455606208662299519439011840" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899397000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899397 1760899475 - NODATA", - "ingestionTime": 1760899493621, - "eventId": "39269368772743219578093288823853465559792739857376215040" - }, - { - "logStreamName": "eni-0cc527ecbe7a26eaf-all", - "timestamp": 1760899410000, - "message": "2 211203495394 eni-0cc527ecbe7a26eaf - - - - - - - 1760899410 1760899488 - NODATA", - "ingestionTime": 1760899512938, - "eventId": "39269369062652907158991389687170444069467983195855192064" - } - ], - "eni-00e49c1a350a96c62-all": [ - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899037000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899037 1760899114 - NODATA", - "ingestionTime": 1760899138767, - "eventId": "39269360744474948107068957442002873060395970223357362176" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899049000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899049 1760899123 - NODATA", - "ingestionTime": 1760899145913, - "eventId": "39269361012083890489436435149070146485244488969436200960" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899057000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899057 1760899130 - NODATA", - "ingestionTime": 1760899154890, - "eventId": "39269361190489852077681420292208780129801594305213628416" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899063000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899063 1760899143 - NODATA", - "ingestionTime": 1760899165282, - "eventId": "39269361324294323268865159153986206642563145982672568320" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899068000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899068 1760899140 - NODATA", - "ingestionTime": 1760899155203, - "eventId": "39269361435798049261518274849479695499931155809958887424" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899069000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899069 1760899149 - NODATA", - "ingestionTime": 1760899172925, - "eventId": "39269361458098794460048898012440441311275205415884881920" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899074000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899074 1760899158 - NODATA", - "ingestionTime": 1760899188149, - "eventId": "39269361569602520452702013738523382166437444405447360512" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899094000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899094 1760899173 - NODATA", - "ingestionTime": 1760899193854, - "eventId": "39269362015617424423314476576134577772443043769486868480" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899098000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899098 1760899175 - NODATA", - "ingestionTime": 1760899198765, - "eventId": "39269362104820405217436969148214454073853692019531972608" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899106000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899106 1760899183 - NODATA", - "ingestionTime": 1760899205855, - "eventId": "39269362283226366805681954289071863715341114358247981056" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899116000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899116 1760899190 - NODATA", - "ingestionTime": 1760899218900, - "eventId": "39269362506233818790988185720199514343819175426755985408" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899124000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899124 1760899200 - NODATA", - "ingestionTime": 1760899223152, - "eventId": "39269362684639780379233170857625462746990168067807838208" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899129000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899129 1760899207 - NODATA", - "ingestionTime": 1760899233704, - "eventId": "39269362796143506371886286578060267268971733818706690048" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899130000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899130 1760899200 - NODATA", - "ingestionTime": 1760899216597, - "eventId": "39269362818444251570416909698915159185654638900559478784" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899132000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899132 1760899217 - NODATA", - "ingestionTime": 1760899249116, - "eventId": "39269362863045741967478156021299470001702103957709324288" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899157000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899157 1760899233 - NODATA", - "ingestionTime": 1760899250348, - "eventId": "39269363420564371930743734561181793392594438106193985536" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899158000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899158 1760899235 - NODATA", - "ingestionTime": 1760899257916, - "eventId": "39269363442865117129274357711867073227048333308284895232" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899167000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899167 1760899242 - NODATA", - "ingestionTime": 1760899266443, - "eventId": "39269363643571823916049965995997165200773008274068602880" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899176000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899176 1760899252 - NODATA", - "ingestionTime": 1760899278154, - "eventId": "39269363844278530702825574283975957584885667444695433216" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899183000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899183 1760899261 - NODATA", - "ingestionTime": 1760899283120, - "eventId": "39269364000383747092539936280729434656590907773135814656" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899187000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899187 1760899267 - NODATA", - "ingestionTime": 1760899294600, - "eventId": "39269364089586727886662428860750732039464946026079584256" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899190000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899190 1760899260 - NODATA", - "ingestionTime": 1760899275302, - "eventId": "39269364156488963482254298262028409321693380740057726976" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899193000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899193 1760899277 - NODATA", - "ingestionTime": 1760899306056, - "eventId": "39269364223391199077846167723814463848546217742214758400" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899213000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899213 1760899292 - NODATA", - "ingestionTime": 1760899313242, - "eventId": "39269364669406103048458630563216446915861083943820525568" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899217000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899217 1760899294 - NODATA", - "ingestionTime": 1760899321674, - "eventId": "39269364758609083842581123139552769844370962991551938560" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899228000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899228 1760899304 - NODATA", - "ingestionTime": 1760899325244, - "eventId": "39269365003917281026417977700761979083052749898730242048" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899234000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899234 1760899313 - NODATA", - "ingestionTime": 1760899337001, - "eventId": "39269365137721752217601716564189390859907730233102761984" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899243000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899243 1760899323 - NODATA", - "ingestionTime": 1760899342968, - "eventId": "39269365338428459004377324845224710968490708577878147072" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899247000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899247 1760899320 - NODATA", - "ingestionTime": 1760899337957, - "eventId": "39269365427631439798499817405309310435025331773548134400" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899250000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899250 1760899327 - NODATA", - "ingestionTime": 1760899354215, - "eventId": "39269365494533675394091686849571300684571434120473935872" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899256000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899256 1760899339 - NODATA", - "ingestionTime": 1760899366733, - "eventId": "39269365628338146585275425713918766977677100855991992320" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899274000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899274 1760899355 - NODATA", - "ingestionTime": 1760899383193, - "eventId": "39269366029751560158826642281460692452759301299789365248" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899275000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899275 1760899350 - NODATA", - "ingestionTime": 1760899372605, - "eventId": "39269366052052305357357265410196231221786162162004131840" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899289000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899289 1760899364 - NODATA", - "ingestionTime": 1760899386545, - "eventId": "39269366364262738136785989408548697493435601619971342336" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899296000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899296 1760899369 - NODATA", - "ingestionTime": 1760899397522, - "eventId": "39269366520367954526500351412569071531243907951461466112" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899303000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899303 1760899381 - NODATA", - "ingestionTime": 1760899403322, - "eventId": "39269366676473170916214713410331080053193532204739461120" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899310000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899310 1760899380 - NODATA", - "ingestionTime": 1760899396685, - "eventId": "39269366832578387305929075393057588744809773639408222208" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899310000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899310 1760899391 - NODATA", - "ingestionTime": 1760899414626, - "eventId": "39269366832578387305929075414746681071818916868380557312" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899312000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899312 1760899397 - NODATA", - "ingestionTime": 1760899426265, - "eventId": "39269366877179877702990321711888984629719983476018970624" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899334000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899334 1760899415 - NODATA", - "ingestionTime": 1760899439060, - "eventId": "39269367367796272070664030841142937958575332058401079296" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899335000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899335 1760899411 - NODATA", - "ingestionTime": 1760899430946, - "eventId": "39269367390097017269194653972869353730141055293073653760" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899348000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899348 1760899422 - NODATA", - "ingestionTime": 1760899445836, - "eventId": "39269367680006704850092754830834442177159248388842323968" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899358000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899358 1760899431 - NODATA", - "ingestionTime": 1760899455982, - "eventId": "39269367903014156835398986258457400930997965156061413376" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899363000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899363 1760899448 - NODATA", - "ingestionTime": 1760899475444, - "eventId": "39269368014517882828052101989664297898907338176166625280" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899364000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899364 1760899440 - NODATA", - "ingestionTime": 1760899465105, - "eventId": "39269368036818628026582725118701199232259355164586803200" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899371000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899371 1760899440 - NODATA", - "ingestionTime": 1760899457014, - "eventId": "39269368192923844416297087099669576687152167684464902144" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899377000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899377 1760899459 - NODATA", - "ingestionTime": 1760899490171, - "eventId": "39269368326728315607480825988968463538789249157613486080" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899393000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899393 1760899469 - NODATA", - "ingestionTime": 1760899490033, - "eventId": "39269368683540238783970796253372651980199477280652132352" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899393000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899393 1760899475 - NODATA", - "ingestionTime": 1760899500599, - "eventId": "39269368683540238783970796266146224296626452138420731904" - }, - { - "logStreamName": "eni-00e49c1a350a96c62-all", - "timestamp": 1760899409000, - "message": "2 211203495394 eni-00e49c1a350a96c62 - - - - - - - 1760899409 1760899484 - NODATA", - "ingestionTime": 1760899505136, - "eventId": "39269369040352161960460766536202630897021212831417696256" - } - ], - "eni-0fa50413d12043097-all": [ - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899040000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899040 1760899115 - NODATA", - "ingestionTime": 1760899140262, - "eventId": "39269360811377183702660826868416985984503058815102287872" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899042000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899042 1760899121 - NODATA", - "ingestionTime": 1760899143376, - "eventId": "39269360855978674099722073155253169520247183234716467200" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899052000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899052 1760899128 - NODATA", - "ingestionTime": 1760899152591, - "eventId": "39269361078986126085028304581750881363540677418497605632" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899064000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899064 1760899140 - NODATA", - "ingestionTime": 1760899162154, - "eventId": "39269361346595068467395782291739961430735159900244934656" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899066000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899066 1760899144 - NODATA", - "ingestionTime": 1760899169498, - "eventId": "39269361391196558864457028583690118502832229354569924608" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899073000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899073 1760899154 - NODATA", - "ingestionTime": 1760899179003, - "eventId": "39269361547301775254171390585930848990670403554094546944" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899092000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899092 1760899171 - NODATA", - "ingestionTime": 1760899190986, - "eventId": "39269361971015934026253230289595803506801529278806687744" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899098000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899098 1760899181 - NODATA", - "ingestionTime": 1760899207867, - "eventId": "39269362104820405217436969159218344953622183587375808512" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899112000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899112 1760899188 - NODATA", - "ingestionTime": 1760899214794, - "eventId": "39269362417030837996865693149092557063885044642170601472" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899126000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899126 1760899200 - NODATA", - "ingestionTime": 1760899218363, - "eventId": "39269362729241270776294417134907160818739660973908819968" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899127000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899127 1760899204 - NODATA", - "ingestionTime": 1760899228143, - "eventId": "39269362751542015974825040288266516288111335930212450304" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899130000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899130 1760899196 - NODATA", - "ingestionTime": 1760899236269, - "eventId": "39269362818444251570416909722696919918440077319402749952" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899136000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899136 1760899216 - NODATA", - "ingestionTime": 1760899235291, - "eventId": "39269362952248722761600648570728909971269331639508271104" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899138000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899138 1760899219 - NODATA", - "ingestionTime": 1760899250086, - "eventId": "39269362996850213158661894871686954858411832487192231936" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899153000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899153 1760899230 - NODATA", - "ingestionTime": 1760899254654, - "eventId": "39269363331361391136621242000244768455551793757717463040" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899161000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899161 1760899237 - NODATA", - "ingestionTime": 1760899257334, - "eventId": "39269363509767352724866227135770221742737076997653921792" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899164000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899164 1760899241 - NODATA", - "ingestionTime": 1760899265939, - "eventId": "39269363576669588320458096570780569355098770852205232128" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899174000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899174 1760899249 - NODATA", - "ingestionTime": 1760899273397, - "eventId": "39269363799677040305764327995154046397828555294498422784" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899184000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899184 1760899260 - NODATA", - "ingestionTime": 1760899281771, - "eventId": "39269364022684492291070559420634279420924730337580023808" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899187000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899187 1760899265 - NODATA", - "ingestionTime": 1760899288795, - "eventId": "39269364089586727886662428853733110355927812841166798848" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899196000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899196 1760899273 - NODATA", - "ingestionTime": 1760899296003, - "eventId": "39269364290293434673438037136268631779257380741103878144" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899198000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899198 1760899278 - NODATA", - "ingestionTime": 1760899306553, - "eventId": "39269364334894925070499283432094430904808367107227451392" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899213000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899213 1760899289 - NODATA", - "ingestionTime": 1760899312120, - "eventId": "39269364669406103048458630561859774536441580822616932352" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899219000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899219 1760899295 - NODATA", - "ingestionTime": 1760899317268, - "eventId": "39269364803210574239642369417297713069416572112904192000" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899219000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899219 1760899301 - NODATA", - "ingestionTime": 1760899322768, - "eventId": "39269364803210574239642369423946845989658433766276726784" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899234000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899234 1760899311 - NODATA", - "ingestionTime": 1760899332678, - "eventId": "39269365137721752217601716558963471053914458804630847488" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899245000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899245 1760899320 - NODATA", - "ingestionTime": 1760899339367, - "eventId": "39269365383029949401438571123942486092557966856190361600" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899247000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899247 1760899324 - NODATA", - "ingestionTime": 1760899348309, - "eventId": "39269365427631439798499817417824354360108782591454478336" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899253000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899253 1760899332 - NODATA", - "ingestionTime": 1760899355678, - "eventId": "39269365561435910989683556275947266384107891177478815744" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899261000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899261 1760899342 - NODATA", - "ingestionTime": 1760899366693, - "eventId": "39269365739841872577928541421549487378245342185086910464" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899273000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899273 1760899350 - NODATA", - "ingestionTime": 1760899372128, - "eventId": "39269366007450814960296019126548532389304577255380680704" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899281000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899281 1760899356 - NODATA", - "ingestionTime": 1760899377874, - "eventId": "39269366185856776548541004265780822088761543221054603264" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899284000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899284 1760899364 - NODATA", - "ingestionTime": 1760899385324, - "eventId": "39269366252759012144132873699394307557598695465524264960" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899292000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899292 1760899368 - NODATA", - "ingestionTime": 1760899394142, - "eventId": "39269366431164973732377858842340359302581975791635333120" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899303000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899303 1760899380 - NODATA", - "ingestionTime": 1760899400005, - "eventId": "39269366676473170916214713406321216800965289140896202752" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899307000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899307 1760899383 - NODATA", - "ingestionTime": 1760899409949, - "eventId": "39269366765676151710337205984485811763750024473813581824" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899313000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899313 1760899378 - NODATA", - "ingestionTime": 1760899414160, - "eventId": "39269366899480622901520944838790532611734763965527949312" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899314000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899314 1760899394 - NODATA", - "ingestionTime": 1760899419381, - "eventId": "39269366921781368100051567986638388512800638442458775552" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899317000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899317 1760899401 - NODATA", - "ingestionTime": 1760899428481, - "eventId": "39269366988683603695643437422246304878471566233588793344" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899334000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899334 1760899410 - NODATA", - "ingestionTime": 1760899430659, - "eventId": "39269367367796272070664030830986961116563222632212791296" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899340000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899340 1760899416 - NODATA", - "ingestionTime": 1760899436518, - "eventId": "39269367501600743261847769687284398395473853959957053440" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899345000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899345 1760899422 - NODATA", - "ingestionTime": 1760899447444, - "eventId": "39269367613104469254500885408171291853138687591527874560" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899354000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899354 1760899429 - NODATA", - "ingestionTime": 1760899453567, - "eventId": "39269367813811176041276493689395293155195266907628961792" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899364000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899364 1760899441 - NODATA", - "ingestionTime": 1760899458468, - "eventId": "39269368036818628026582725110677664820832133703468122112" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899370000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899370 1760899445 - NODATA", - "ingestionTime": 1760899471928, - "eventId": "39269368170623099217766463976163577497656700642295021568" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899375000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899375 1760899454 - NODATA", - "ingestionTime": 1760899475464, - "eventId": "39269368282126825210419579688117181201629642247446134784" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899377000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899377 1760899460 - NODATA", - "ingestionTime": 1760899486979, - "eventId": "39269368326728315607480825985109618256405191504821223424" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899391000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899391 1760899470 - NODATA", - "ingestionTime": 1760899491571, - "eventId": "39269368638938748386909549972160630771095970562797076480" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899398000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899398 1760899476 - NODATA", - "ingestionTime": 1760899496786, - "eventId": "39269368795043964776623911969215202050450603886724448256" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899398000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899398 1760899480 - NODATA", - "ingestionTime": 1760899504483, - "eventId": "39269368795043964776623911978520527272550776449095237632" - }, - { - "logStreamName": "eni-0fa50413d12043097-all", - "timestamp": 1760899410000, - "message": "2 211203495394 eni-0fa50413d12043097 - - - - - - - 1760899410 1760899487 - NODATA", - "ingestionTime": 1760899514868, - "eventId": "39269369062652907158991389689503736367846913633824866304" - } - ], - "eni-0ab252a7dc8378f9e-all": [ - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899043000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899043 1760899121 - NODATA", - "ingestionTime": 1760899144743, - "eventId": "39269360878279419298252696298441346294757840151857463296" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899055000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899055 1760899132 - NODATA", - "ingestionTime": 1760899168235, - "eventId": "39269361145888361680620174025270253239837550314553278464" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899063000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899063 1760899140 - NODATA", - "ingestionTime": 1760899163640, - "eventId": "39269361324294323268865159152001029709603810370906947584" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899063000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899063 1760899143 - NODATA", - "ingestionTime": 1760899168077, - "eventId": "39269361324294323268865159157365264056044858698275160064" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899074000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899074 1760899156 - NODATA", - "ingestionTime": 1760899176432, - "eventId": "39269361569602520452702013724358474785221923001425002496" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899083000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899083 1760899165 - NODATA", - "ingestionTime": 1760899187057, - "eventId": "39269361770309227239477622011024815587615914795180752896" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899087000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899087 1760899153 - NODATA", - "ingestionTime": 1760899167556, - "eventId": "39269361859512208033600114553592653372149707506846400512" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899092000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899092 1760899170 - NODATA", - "ingestionTime": 1760899192280, - "eventId": "39269361971015934026253230291160278927375725344553107456" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899099000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899099 1760899177 - NODATA", - "ingestionTime": 1760899198187, - "eventId": "39269362127121150415967592289051716776414009852387983360" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899103000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899103 1760899183 - NODATA", - "ingestionTime": 1760899206246, - "eventId": "39269362216324131210090084864937018834584512701592240128" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899116000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899116 1760899191 - NODATA", - "ingestionTime": 1760899232074, - "eventId": "39269362506233818790988185736125476421465966948702420992" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899126000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899126 1760899200 - NODATA", - "ingestionTime": 1760899219781, - "eventId": "39269362729241270776294417136621410518674911340285657088" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899127000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899127 1760899204 - NODATA", - "ingestionTime": 1760899228166, - "eventId": "39269362751542015974825040288294114353006436868741267456" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899135000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899135 1760899216 - NODATA", - "ingestionTime": 1760899236537, - "eventId": "39269362929947977563070025430699906144758538369638989824" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899143000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899143 1760899223 - NODATA", - "ingestionTime": 1760899246487, - "eventId": "39269363108353939151315010575014091586148403225718226944" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899152000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899152 1760899218 - NODATA", - "ingestionTime": 1760899228230, - "eventId": "39269363309060645938090618826764277432324953379863986176" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899154000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899154 1760899230 - NODATA", - "ingestionTime": 1760899251910, - "eventId": "39269363353662136335151865138463170581794388689786109952" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899159000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899159 1760899237 - NODATA", - "ingestionTime": 1760899258836, - "eventId": "39269363465165862327804980854514963320757161567338037248" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899164000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899164 1760899243 - NODATA", - "ingestionTime": 1760899267297, - "eventId": "39269363576669588320458096572421907225632428613003575296" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899175000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899175 1760899249 - NODATA", - "ingestionTime": 1760899289057, - "eventId": "39269363821977785504294951155621307693113204263044317184" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899182000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899182 1760899260 - NODATA", - "ingestionTime": 1760899284104, - "eventId": "39269363978083001894009313140383662044320238584828002304" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899188000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899188 1760899264 - NODATA", - "ingestionTime": 1760899289384, - "eventId": "39269364111887473085193051995981173248009206015046909952" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899194000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899194 1760899273 - NODATA", - "ingestionTime": 1760899297876, - "eventId": "39269364245691944276376790855461696834132070243219472384" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899201000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899201 1760899281 - NODATA", - "ingestionTime": 1760899306426, - "eventId": "39269364401797160666091152856547997110764227965170089984" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899212000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899212 1760899290 - NODATA", - "ingestionTime": 1760899311990, - "eventId": "39269364647105357849928007420167105058361158249298591744" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899220000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899220 1760899296 - NODATA", - "ingestionTime": 1760899318981, - "eventId": "39269364825511319438172992560904692599124508662111862784" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899225000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899225 1760899305 - NODATA", - "ingestionTime": 1760899326405, - "eventId": "39269364937015045430826108277557866612080981738167205888" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899234000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899234 1760899311 - NODATA", - "ingestionTime": 1760899349607, - "eventId": "39269365137721752217601716579429045015788236565383872512" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899244000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899244 1760899320 - NODATA", - "ingestionTime": 1760899340539, - "eventId": "39269365360729204202907947983824034257365336815361916928" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899246000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899246 1760899324 - NODATA", - "ingestionTime": 1760899349659, - "eventId": "39269365405330694599969194277920420845905191734063595520" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899255000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899255 1760899333 - NODATA", - "ingestionTime": 1760899355340, - "eventId": "39269365606037401386744802558609859740341295972286267392" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899258000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899258 1760899342 - NODATA", - "ingestionTime": 1760899370852, - "eventId": "39269365672939636982336672001969956859553818871193468928" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899264000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899264 1760899332 - NODATA", - "ingestionTime": 1760899350205, - "eventId": "39269365806744108173520410826223332584796236243615940608" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899273000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899273 1760899351 - NODATA", - "ingestionTime": 1760899371460, - "eventId": "39269366007450814960296019125740775862889849020409970688" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899280000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899280 1760899356 - NODATA", - "ingestionTime": 1760899380041, - "eventId": "39269366163556031350010381126864519046676932443778842624" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899285000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899285 1760899363 - NODATA", - "ingestionTime": 1760899385191, - "eventId": "39269366275059757342663496840769274361216909335960289280" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899294000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899294 1760899369 - NODATA", - "ingestionTime": 1760899408748, - "eventId": "39269366475766464129439105143069271520703015093635448832" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899303000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899303 1760899380 - NODATA", - "ingestionTime": 1760899403298, - "eventId": "39269366676473170916214713410301864753488679959076405248" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899307000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899307 1760899385 - NODATA", - "ingestionTime": 1760899409389, - "eventId": "39269366765676151710337205983808376335481471422902829056" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899314000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899314 1760899393 - NODATA", - "ingestionTime": 1760899417527, - "eventId": "39269366921781368100051567984396803465274466565072355328" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899322000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899322 1760899404 - NODATA", - "ingestionTime": 1760899425908, - "eventId": "39269367100187329688296553126814732094305494235156250624" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899325000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899325 1760899394 - NODATA", - "ingestionTime": 1760899407513, - "eventId": "39269367167089565283888422529183595729306489697859207168" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899334000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899334 1760899411 - NODATA", - "ingestionTime": 1760899432182, - "eventId": "39269367367796272070664030832828069171568725790328619008" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899338000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899338 1760899417 - NODATA", - "ingestionTime": 1760899441926, - "eventId": "39269367456999252864786523410750437457893915410264948736" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899347000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899347 1760899423 - NODATA", - "ingestionTime": 1760899448300, - "eventId": "39269367657705959651562131692277680343019782573063667712" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899357000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899357 1760899431 - NODATA", - "ingestionTime": 1760899468795, - "eventId": "39269367880713411636868363132411672098214393367238672384" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899364000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899364 1760899441 - NODATA", - "ingestionTime": 1760899460562, - "eventId": "39269368036818628026582725113209034936779570569075097600" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899370000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899370 1760899445 - NODATA", - "ingestionTime": 1760899469949, - "eventId": "39269368170623099217766463973771603933568241784363286528" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899379000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899379 1760899454 - NODATA", - "ingestionTime": 1760899478804, - "eventId": "39269368371329806004542072258297942518344252529592041472" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899384000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899384 1760899454 - NODATA", - "ingestionTime": 1760899468911, - "eventId": "39269368482833531997195187954016642404155879694547550208" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899384000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899384 1760899466 - NODATA", - "ingestionTime": 1760899486220, - "eventId": "39269368482833531997195187974941804250215427335835811840" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899396000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899396 1760899472 - NODATA", - "ingestionTime": 1760899492248, - "eventId": "39269368750442474379562665680657565911081339579250507776" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899400000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899400 1760899478 - NODATA", - "ingestionTime": 1760899500150, - "eventId": "39269368839645455173685158256353497648806873134796832768" - }, - { - "logStreamName": "eni-0ab252a7dc8378f9e-all", - "timestamp": 1760899403000, - "message": "2 211203495394 eni-0ab252a7dc8378f9e - - - - - - - 1760899403 1760899482 - NODATA", - "ingestionTime": 1760899507126, - "eventId": "39269368906547690769277027689394005336431475869869670400" - } - ], - "eni-0d52b90c56c30aaaf-all": [ - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899047000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899047 1760899125 - NODATA", - "ingestionTime": 1760899147882, - "eventId": "39269360967482400092375188868379387488249224545389772800" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899060000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899060 1760899131 - NODATA", - "ingestionTime": 1760899156440, - "eventId": "39269361257392087673273289718689448193884824360186019840" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899064000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899064 1760899142 - NODATA", - "ingestionTime": 1760899162528, - "eventId": "39269361346595068467395782292192150158971810428482420736" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899069000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899069 1760899147 - NODATA", - "ingestionTime": 1760899172082, - "eventId": "39269361458098794460048898011420986728738606749298458624" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899075000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899075 1760899154 - NODATA", - "ingestionTime": 1760899179557, - "eventId": "39269361591903265651232636869672220334830881519077687296" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899085000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899085 1760899165 - NODATA", - "ingestionTime": 1760899188478, - "eventId": "39269361814910717636538868295814303201759959957510815744" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899095000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899095 1760899172 - NODATA", - "ingestionTime": 1760899194879, - "eventId": "39269362037918169621845099718909715757515917376757170176" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899107000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899107 1760899185 - NODATA", - "ingestionTime": 1760899206508, - "eventId": "39269362305527112004212577431396849746611502212074307584" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899121000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899121 1760899192 - NODATA", - "ingestionTime": 1760899214474, - "eventId": "39269362617737544783641301422527240192386104119123574784" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899123000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899123 1760899201 - NODATA", - "ingestionTime": 1760899222492, - "eventId": "39269362662339035180702547715291594383117768292878319616" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899130000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899130 1760899208 - NODATA", - "ingestionTime": 1760899233348, - "eventId": "39269362818444251570416909719166094403420838251948867584" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899134000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899134 1760899217 - NODATA", - "ingestionTime": 1760899237905, - "eventId": "39269362907647232364539402290818007128969998725776801792" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899148000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899148 1760899227 - NODATA", - "ingestionTime": 1760899249387, - "eventId": "39269363219857665143968126286198786333524041780303036416" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899158000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899158 1760899239 - NODATA", - "ingestionTime": 1760899261413, - "eventId": "39269363442865117129274357716094800437411500094429528064" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899160000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899160 1760899234 - NODATA", - "ingestionTime": 1760899253536, - "eventId": "39269363487466607526335603989642999868426518943790465024" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899169000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899169 1760899246 - NODATA", - "ingestionTime": 1760899268102, - "eventId": "39269363688173314313111212281074160052015497532470460416" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899180000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899180 1760899252 - NODATA", - "ingestionTime": 1760899274719, - "eventId": "39269363933481511496948066845966343222172770892652806144" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899180000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899180 1760899260 - NODATA", - "ingestionTime": 1760899282079, - "eventId": "39269363933481511496948066854863770950199002917434556416" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899182000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899182 1760899266 - NODATA", - "ingestionTime": 1760899293227, - "eventId": "39269363978083001894009313151412646716540168025258590208" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899190000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899190 1760899260 - NODATA", - "ingestionTime": 1760899274490, - "eventId": "39269364156488963482254298261046844228847478003796869120" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899197000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899197 1760899278 - NODATA", - "ingestionTime": 1760899300413, - "eventId": "39269364312594179871968660283135671277550524372656193536" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899206000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899206 1760899285 - NODATA", - "ingestionTime": 1760899307559, - "eventId": "39269364513300886658744268565595883298524412475948466176" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899217000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899217 1760899298 - NODATA", - "ingestionTime": 1760899321757, - "eventId": "39269364758609083842581123139653540981407932788203454464" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899218000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899218 1760899294 - NODATA", - "ingestionTime": 1760899314944, - "eventId": "39269364780909829041111746272952618045972927612869541888" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899228000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899228 1760899306 - NODATA", - "ingestionTime": 1760899328418, - "eventId": "39269365003917281026417977704598914236157516870803456000" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899237000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899237 1760899311 - NODATA", - "ingestionTime": 1760899335203, - "eventId": "39269365204623987813193585986622672787194287678300815360" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899244000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899244 1760899323 - NODATA", - "ingestionTime": 1760899343217, - "eventId": "39269365360729204202907947987061312010472019627786567680" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899251000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899251 1760899320 - NODATA", - "ingestionTime": 1760899334785, - "eventId": "39269365516834420592622309967617577569085590337844543488" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899251000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899251 1760899327 - NODATA", - "ingestionTime": 1760899352809, - "eventId": "39269365516834420592622309989407348570651703606137323520" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899258000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899258 1760899338 - NODATA", - "ingestionTime": 1760899361689, - "eventId": "39269365672939636982336671990892702359840102315135926272" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899268000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899268 1760899345 - NODATA", - "ingestionTime": 1760899370695, - "eventId": "39269365895947088967642903417137343406143451131925561344" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899277000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899277 1760899357 - NODATA", - "ingestionTime": 1760899383557, - "eventId": "39269366096653795754418511706508067602588769954444738560" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899279000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899279 1760899354 - NODATA", - "ingestionTime": 1760899375789, - "eventId": "39269366141255286151479757980188263671694646889969090560" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899288000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899288 1760899366 - NODATA", - "ingestionTime": 1760899388348, - "eventId": "39269366341961992938255366269192792323452373303055679488" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899300000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899300 1760899376 - NODATA", - "ingestionTime": 1760899395510, - "eventId": "39269366609570935320622843976279590850532930483845660672" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899303000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899303 1760899380 - NODATA", - "ingestionTime": 1760899402603, - "eventId": "39269366676473170916214713409461765483202400075214487552" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899306000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899306 1760899386 - NODATA", - "ingestionTime": 1760899412895, - "eventId": "39269366743375406511806582846511427624322751494860505088" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899310000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899310 1760899380 - NODATA", - "ingestionTime": 1760899395134, - "eventId": "39269366832578387305929075391182663628086837781737963520" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899317000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899317 1760899395 - NODATA", - "ingestionTime": 1760899418476, - "eventId": "39269366988683603695643437410151409985647474216352808960" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899327000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899327 1760899406 - NODATA", - "ingestionTime": 1760899427961, - "eventId": "39269367211691055680949668836975322305628309890832662528" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899337000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899337 1760899418 - NODATA", - "ingestionTime": 1760899441419, - "eventId": "39269367434698507666255900268602047290802914714464485376" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899339000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899339 1760899413 - NODATA", - "ingestionTime": 1760899434885, - "eventId": "39269367479299998063317146543774332908299324003100655616" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899347000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899347 1760899425 - NODATA", - "ingestionTime": 1760899448149, - "eventId": "39269367657705959651562131692095166344766109020749955072" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899359000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899359 1760899432 - NODATA", - "ingestionTime": 1760899455891, - "eventId": "39269367925314902033929609399883347029227605362739380224" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899363000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899363 1760899441 - NODATA", - "ingestionTime": 1760899464135, - "eventId": "39269368014517882828052101975992624387814190561399472128" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899370000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899370 1760899448 - NODATA", - "ingestionTime": 1760899472247, - "eventId": "39269368170623099217766463976549679571305673638122553344" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899372000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899372 1760899441 - NODATA", - "ingestionTime": 1760899454756, - "eventId": "39269368215224589614827710238475764050073513625449529344" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899378000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899378 1760899456 - NODATA", - "ingestionTime": 1760899479346, - "eventId": "39269368349029060806011449117417562346652554701689978880" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899384000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899384 1760899466 - NODATA", - "ingestionTime": 1760899487743, - "eventId": "39269368482833531997195187976783303479786335592399568896" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899398000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899398 1760899478 - NODATA", - "ingestionTime": 1760899501644, - "eventId": "39269368795043964776623911975088452917773045617133158400" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899399000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899399 1760899474 - NODATA", - "ingestionTime": 1760899494757, - "eventId": "39269368817344709975154535108298415284889564861552066560" - }, - { - "logStreamName": "eni-0d52b90c56c30aaaf-all", - "timestamp": 1760899406000, - "message": "2 211203495394 eni-0d52b90c56c30aaaf - - - - - - - 1760899406 1760899485 - NODATA", - "ingestionTime": 1760899508568, - "eventId": "39269368973449926364868897115744601996530808388858806272" - } - ], - "eni-0c663685d7a12552e-all": [ - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899049000, - "message": "2 211203495394 eni-0c663685d7a12552e - - - - - - - 1760899049 1760899080 - NODATA", - "ingestionTime": 1760899108302, - "eventId": "39269361012083890489436435103601333327618873734687293440" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899082000, - "message": "2 211203495394 eni-0c663685d7a12552e - - - - - - - 1760899082 1760899113 - NODATA", - "ingestionTime": 1760899132564, - "eventId": "39269361748008482040946998803610793217379998222267121664" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899082000, - "message": "2 211203495394 eni-0c663685d7a12552e - - - - - - - 1760899082 1760899113 - NODATA", - "ingestionTime": 1760899140789, - "eventId": "39269361748008482040946998813554652559287219887603974144" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899091000, - "message": "2 211203495394 eni-0c663685d7a12552e - - - - - - - 1760899091 1760899122 - NODATA", - "ingestionTime": 1760899148802, - "eventId": "39269361948715188827722607097063154459454311630899052544" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899109000, - "message": "2 211203495394 eni-0c663685d7a12552e - - - - - - - 1760899109 1760899140 - NODATA", - "ingestionTime": 1760899166694, - "eventId": "39269362350128602401273823666335815046678932194937012224" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899116000, - "message": "2 211203495394 eni-0c663685d7a12552e - - - - - - - 1760899116 1760899147 - NODATA", - "ingestionTime": 1760899170187, - "eventId": "39269362506233818790988185661308757080951528467498336256" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899162000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.157 10.0.4.186 11746 80 6 3 180 1760899162 1760899178 ACCEPT OK", - "ingestionTime": 1760899205483, - "eventId": "39269363532068097923396850214622116377285153352668872704" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899162000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.42.79 10.0.4.186 61890 80 6 3 180 1760899162 1760899178 ACCEPT OK", - "ingestionTime": 1760899205483, - "eventId": "39269363532068097923396850214622116377285153352668872705" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899162000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.18.159 10.0.4.186 30506 80 6 3 180 1760899162 1760899178 ACCEPT OK", - "ingestionTime": 1760899205483, - "eventId": "39269363532068097923396850214622116377285153352668872706" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899162000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.223 10.0.4.186 51838 21 6 4 240 1760899162 1760899178 ACCEPT OK", - "ingestionTime": 1760899205483, - "eventId": "39269363532068097923396850214622116377285153352668872707" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899167000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.53 10.0.4.186 51186 80 6 1 60 1760899167 1760899168 ACCEPT OK", - "ingestionTime": 1760899196244, - "eventId": "39269363643571823916049965911131435251312323702065594368" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899168000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.34.110 10.0.4.186 62602 80 6 3 180 1760899168 1760899168 ACCEPT OK", - "ingestionTime": 1760899186752, - "eventId": "39269363665872569114580589041192263286404541704439988224" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899174000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.42.79 10.0.4.186 58950 80 6 3 180 1760899174 1760899202 ACCEPT OK", - "ingestionTime": 1760899227465, - "eventId": "39269363799677040305764327939625335514440771602895929344" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899174000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.50.103 10.0.4.186 61628 21 6 4 240 1760899174 1760899202 ACCEPT OK", - "ingestionTime": 1760899227465, - "eventId": "39269363799677040305764327939625335514440771602895929345" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899174000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.34.110 10.0.4.186 28840 80 6 3 180 1760899174 1760899202 ACCEPT OK", - "ingestionTime": 1760899227465, - "eventId": "39269363799677040305764327939625335514440771602895929346" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899174000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.236 10.0.4.186 31192 80 6 3 180 1760899174 1760899202 ACCEPT OK", - "ingestionTime": 1760899227465, - "eventId": "39269363799677040305764327939625335514440771602895929347" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899174000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.53 10.0.4.186 18756 80 6 3 180 1760899174 1760899202 ACCEPT OK", - "ingestionTime": 1760899227465, - "eventId": "39269363799677040305764327939625335514440771602895929348" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899174000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.18.159 10.0.4.186 21192 80 6 3 180 1760899174 1760899202 ACCEPT OK", - "ingestionTime": 1760899227465, - "eventId": "39269363799677040305764327939625335514440771602895929349" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899174000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.10.34 10.0.4.186 27324 80 6 3 180 1760899174 1760899202 ACCEPT OK", - "ingestionTime": 1760899227465, - "eventId": "39269363799677040305764327939625335514440771602895929350" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899174000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 60254 80 6 3 180 1760899174 1760899202 ACCEPT OK", - "ingestionTime": 1760899227465, - "eventId": "39269363799677040305764327939625335514440771602895929351" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899174000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 64846 21 6 4 240 1760899174 1760899202 ACCEPT OK", - "ingestionTime": 1760899227465, - "eventId": "39269363799677040305764327939625335514440771602895929352" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899178000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.126 10.0.4.186 58248 21 6 2 120 1760899178 1760899198 ACCEPT OK", - "ingestionTime": 1760899219438, - "eventId": "39269363888880021099886820496064163309696336621526056960" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899178000, - "message": "2 211203495394 eni-0c663685d7a12552e - - - - - - - 1760899178 1760899198 - SKIPDATA", - "ingestionTime": 1760899219438, - "eventId": "39269363888880021099886820496064163309696336621526056961" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899179000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.53 10.0.4.186 12938 80 6 3 180 1760899179 1760899198 ACCEPT OK", - "ingestionTime": 1760899224181, - "eventId": "39269363911180766298417443643333850736109110331867136000" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899179000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.121 10.0.4.186 35548 80 6 2 120 1760899179 1760899198 ACCEPT OK", - "ingestionTime": 1760899224181, - "eventId": "39269363911180766298417443643333850736109110331867136001" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899179000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.50.153 10.0.4.186 63002 80 6 3 180 1760899179 1760899198 ACCEPT OK", - "ingestionTime": 1760899224181, - "eventId": "39269363911180766298417443643333850736109110331867136002" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899179000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.236 10.0.4.186 25612 80 6 3 180 1760899179 1760899198 ACCEPT OK", - "ingestionTime": 1760899224181, - "eventId": "39269363911180766298417443643333850736109110331867136003" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899179000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.46.102 10.0.4.186 64300 80 6 3 180 1760899179 1760899198 ACCEPT OK", - "ingestionTime": 1760899224181, - "eventId": "39269363911180766298417443643333850736109110331867136004" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899179000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.65 10.0.4.186 59962 21 6 4 240 1760899179 1760899198 ACCEPT OK", - "ingestionTime": 1760899224181, - "eventId": "39269363911180766298417443643333850736109110331867136005" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899179000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.236 10.0.4.186 23106 80 6 3 180 1760899179 1760899198 ACCEPT OK", - "ingestionTime": 1760899224181, - "eventId": "39269363911180766298417443643333850736109110331867136006" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899180000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.46.102 10.0.4.186 48432 80 6 3 180 1760899180 1760899203 ACCEPT OK", - "ingestionTime": 1760899228401, - "eventId": "39269363933481511496948066789971124609989122462542594048" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899180000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.6.212 10.0.4.186 58270 80 6 3 180 1760899180 1760899203 ACCEPT OK", - "ingestionTime": 1760899228401, - "eventId": "39269363933481511496948066789971124609989122462542594049" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899180000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.50.153 10.0.4.186 49854 80 6 3 180 1760899180 1760899203 ACCEPT OK", - "ingestionTime": 1760899228401, - "eventId": "39269363933481511496948066789971124609989122462542594050" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899180000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.157 10.0.4.186 23738 80 6 2 120 1760899180 1760899203 ACCEPT OK", - "ingestionTime": 1760899228401, - "eventId": "39269363933481511496948066789971124609989122462542594051" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899180000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.42.79 10.0.4.186 32716 80 6 3 180 1760899180 1760899203 ACCEPT OK", - "ingestionTime": 1760899228401, - "eventId": "39269363933481511496948066789971124609989122462542594052" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899180000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.22.186 10.0.4.186 13690 80 6 3 180 1760899180 1760899203 ACCEPT OK", - "ingestionTime": 1760899228401, - "eventId": "39269363933481511496948066789971124609989122462542594053" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899180000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.6.212 10.0.4.186 25162 80 6 3 180 1760899180 1760899203 ACCEPT OK", - "ingestionTime": 1760899228401, - "eventId": "39269363933481511496948066789971124609989122462542594054" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899180000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.2.130 10.0.4.186 23936 80 6 3 180 1760899180 1760899203 ACCEPT OK", - "ingestionTime": 1760899228401, - "eventId": "39269363933481511496948066789971124609989122462542594055" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899180000, - "message": "2 211203495394 eni-0c663685d7a12552e 147.185.133.187 10.0.4.186 51796 22127 6 1 44 1760899180 1760899203 ACCEPT OK", - "ingestionTime": 1760899228401, - "eventId": "39269363933481511496948066789971124609989122462542594056" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899185000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.46.163 10.0.4.186 63332 21 6 4 240 1760899185 1760899211 ACCEPT OK", - "ingestionTime": 1760899234349, - "eventId": "39269364044985237489601182504840751540501141175370186752" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899185000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 44282 80 6 3 180 1760899185 1760899211 ACCEPT OK", - "ingestionTime": 1760899234349, - "eventId": "39269364044985237489601182504840751540501141175370186753" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899185000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.10.34 10.0.4.186 23342 80 6 3 180 1760899185 1760899211 ACCEPT OK", - "ingestionTime": 1760899234349, - "eventId": "39269364044985237489601182504840751540501141175370186754" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899185000, - "message": "2 211203495394 eni-0c663685d7a12552e 106.75.132.124 10.0.4.186 58914 16030 6 1 44 1760899185 1760899211 ACCEPT OK", - "ingestionTime": 1760899234349, - "eventId": "39269364044985237489601182504840751540501141175370186755" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899185000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.157 10.0.4.186 19302 80 6 3 180 1760899185 1760899211 ACCEPT OK", - "ingestionTime": 1760899234349, - "eventId": "39269364044985237489601182504840751540501141175370186756" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899185000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.126 10.0.4.186 21326 21 6 4 240 1760899185 1760899211 ACCEPT OK", - "ingestionTime": 1760899234349, - "eventId": "39269364044985237489601182504840751540501141175370186757" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899185000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.2.31 10.0.4.186 50342 21 6 4 240 1760899185 1760899211 ACCEPT OK", - "ingestionTime": 1760899234349, - "eventId": "39269364044985237489601182504840751540501141175370186758" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899185000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.34.110 10.0.4.186 23068 80 6 3 180 1760899185 1760899211 ACCEPT OK", - "ingestionTime": 1760899234349, - "eventId": "39269364044985237489601182504840751540501141175370186759" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899202000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.22.186 10.0.4.186 17032 80 6 3 180 1760899202 1760899227 ACCEPT OK", - "ingestionTime": 1760899250498, - "eventId": "39269364424097905864621775930470839600126213347255517184" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899202000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.38.30 10.0.4.186 62372 21 6 4 240 1760899202 1760899227 ACCEPT OK", - "ingestionTime": 1760899250498, - "eventId": "39269364424097905864621775930470839600126213347255517185" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899202000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.10.34 10.0.4.186 41180 80 6 3 180 1760899202 1760899227 ACCEPT OK", - "ingestionTime": 1760899250498, - "eventId": "39269364424097905864621775930470839600126213347255517186" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899202000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.223 10.0.4.186 31518 21 6 1 60 1760899202 1760899227 ACCEPT OK", - "ingestionTime": 1760899250498, - "eventId": "39269364424097905864621775930470839600126213347255517187" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899202000, - "message": "2 211203495394 eni-0c663685d7a12552e - - - - - - - 1760899202 1760899227 - SKIPDATA", - "ingestionTime": 1760899250498, - "eventId": "39269364424097905864621775930470839600126213347255517188" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899203000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.18.2 10.0.4.186 15264 21 6 4 240 1760899203 1760899231 ACCEPT OK", - "ingestionTime": 1760899256537, - "eventId": "39269364446398651063152399079306998401830121570508734464" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899203000, - "message": "2 211203495394 eni-0c663685d7a12552e 147.185.132.112 10.0.4.186 55662 1000 6 1 44 1760899203 1760899231 ACCEPT OK", - "ingestionTime": 1760899256537, - "eventId": "39269364446398651063152399079306998401830121570508734465" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899203000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.53 10.0.4.186 51810 80 6 3 180 1760899203 1760899231 ACCEPT OK", - "ingestionTime": 1760899256537, - "eventId": "39269364446398651063152399079306998401830121570508734466" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899203000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.42.79 10.0.4.186 52632 80 6 3 180 1760899203 1760899231 ACCEPT OK", - "ingestionTime": 1760899256537, - "eventId": "39269364446398651063152399079306998401830121570508734467" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899203000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.6.212 10.0.4.186 20720 80 6 3 180 1760899203 1760899231 ACCEPT OK", - "ingestionTime": 1760899256537, - "eventId": "39269364446398651063152399079306998401830121570508734468" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899203000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.53 10.0.4.186 14584 80 6 3 180 1760899203 1760899231 ACCEPT OK", - "ingestionTime": 1760899256537, - "eventId": "39269364446398651063152399079306998401830121570508734469" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899204000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.121 10.0.4.186 56998 80 6 3 180 1760899204 1760899229 ACCEPT OK", - "ingestionTime": 1760899254653, - "eventId": "39269364468699396261683022218565255383966816229444222976" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899204000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.38.30 10.0.4.186 47540 21 6 4 240 1760899204 1760899229 ACCEPT OK", - "ingestionTime": 1760899254653, - "eventId": "39269364468699396261683022218565255383966816229444222977" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899204000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.174 10.0.4.186 49866 80 6 3 180 1760899204 1760899229 ACCEPT OK", - "ingestionTime": 1760899254653, - "eventId": "39269364468699396261683022218565255383966816229444222978" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899204000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.22.186 10.0.4.186 43784 80 6 3 180 1760899204 1760899229 ACCEPT OK", - "ingestionTime": 1760899254653, - "eventId": "39269364468699396261683022218565255383966816229444222979" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899204000, - "message": "2 211203495394 eni-0c663685d7a12552e 20.55.98.221 10.0.4.186 34398 9043 6 1 40 1760899204 1760899229 ACCEPT OK", - "ingestionTime": 1760899254653, - "eventId": "39269364468699396261683022218565255383966816229444222980" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899204000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.38.48 10.0.4.186 57822 80 6 3 180 1760899204 1760899229 ACCEPT OK", - "ingestionTime": 1760899254653, - "eventId": "39269364468699396261683022218565255383966816229444222981" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899204000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.174 10.0.4.186 39476 80 6 2 120 1760899204 1760899229 ACCEPT OK", - "ingestionTime": 1760899254653, - "eventId": "39269364468699396261683022218565255383966816229444222982" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899204000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.236 10.0.4.186 38986 80 6 3 180 1760899204 1760899229 ACCEPT OK", - "ingestionTime": 1760899254653, - "eventId": "39269364468699396261683022218565255383966816229444222983" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899204000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.174 10.0.4.186 65242 80 6 2 120 1760899204 1760899229 ACCEPT OK", - "ingestionTime": 1760899254653, - "eventId": "39269364468699396261683022218565255383966816229444222984" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899206000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.34.56 10.0.4.186 33810 21 6 4 240 1760899206 1760899233 ACCEPT OK", - "ingestionTime": 1760899270180, - "eventId": "39269364513300886658744268520407384442036666873718505472" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899206000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.236 10.0.4.186 48444 80 6 3 180 1760899206 1760899233 ACCEPT OK", - "ingestionTime": 1760899270180, - "eventId": "39269364513300886658744268520407384442036666873718505473" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899206000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.46.102 10.0.4.186 45660 80 6 3 180 1760899206 1760899233 ACCEPT OK", - "ingestionTime": 1760899270180, - "eventId": "39269364513300886658744268520407384442036666873718505474" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899206000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 31386 80 6 2 120 1760899206 1760899233 ACCEPT OK", - "ingestionTime": 1760899270180, - "eventId": "39269364513300886658744268520407384442036666873718505475" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899206000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.65 10.0.4.186 26686 21 6 4 240 1760899206 1760899233 ACCEPT OK", - "ingestionTime": 1760899270180, - "eventId": "39269364513300886658744268520407384442036666873718505476" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899206000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.236 10.0.4.186 46464 80 6 3 180 1760899206 1760899233 ACCEPT OK", - "ingestionTime": 1760899270180, - "eventId": "39269364513300886658744268520407384442036666873718505477" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899206000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 22492 21 6 4 240 1760899206 1760899233 ACCEPT OK", - "ingestionTime": 1760899270180, - "eventId": "39269364513300886658744268520407384442036666873718505478" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899206000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.10.12 10.0.4.186 37402 21 6 4 240 1760899206 1760899233 ACCEPT OK", - "ingestionTime": 1760899270180, - "eventId": "39269364513300886658744268520407384442036666873718505479" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899206000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.2.130 10.0.4.186 24724 80 6 3 180 1760899206 1760899233 ACCEPT OK", - "ingestionTime": 1760899270180, - "eventId": "39269364513300886658744268520407384442036666873718505480" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899206000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.18.159 10.0.4.186 26010 80 6 1 60 1760899206 1760899233 ACCEPT OK", - "ingestionTime": 1760899270180, - "eventId": "39269364513300886658744268520407384442036666873718505481" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899213000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.2.130 10.0.4.186 20214 80 6 3 180 1760899213 1760899230 ACCEPT OK", - "ingestionTime": 1760899264747, - "eventId": "39269364669406103048458630504589803011738388876469927936" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899213000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.174 10.0.4.186 58154 80 6 3 180 1760899213 1760899230 ACCEPT OK", - "ingestionTime": 1760899264747, - "eventId": "39269364669406103048458630504589803011738388876469927937" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899213000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.53 10.0.4.186 28818 80 6 3 180 1760899213 1760899230 ACCEPT OK", - "ingestionTime": 1760899264747, - "eventId": "39269364669406103048458630504589803011738388876469927938" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899213000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.18.159 10.0.4.186 9466 80 6 3 180 1760899213 1760899230 ACCEPT OK", - "ingestionTime": 1760899264747, - "eventId": "39269364669406103048458630504589803011738388876469927939" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899213000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.121 10.0.4.186 46052 80 6 3 180 1760899213 1760899230 ACCEPT OK", - "ingestionTime": 1760899264747, - "eventId": "39269364669406103048458630504589803011738388876469927940" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899213000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.174 10.0.4.186 37932 80 6 3 180 1760899213 1760899230 ACCEPT OK", - "ingestionTime": 1760899264747, - "eventId": "39269364669406103048458630504589803011738388876469927941" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899213000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.6.1 10.0.4.186 19968 21 6 4 240 1760899213 1760899230 ACCEPT OK", - "ingestionTime": 1760899264747, - "eventId": "39269364669406103048458630504589803011738388876469927942" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.34.110 10.0.4.186 11524 80 6 3 180 1760899232 1760899257 ACCEPT OK", - "ingestionTime": 1760899285448, - "eventId": "39269365093120261820540470218794089633773079118103052288" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.157 10.0.4.186 18592 80 6 3 180 1760899232 1760899257 ACCEPT OK", - "ingestionTime": 1760899285448, - "eventId": "39269365093120261820540470218794089633773079118103052289" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.6.212 10.0.4.186 14624 80 6 3 180 1760899232 1760899257 ACCEPT OK", - "ingestionTime": 1760899285448, - "eventId": "39269365093120261820540470218794089633773079118103052290" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.2.130 10.0.4.186 33664 80 6 3 180 1760899232 1760899257 ACCEPT OK", - "ingestionTime": 1760899285448, - "eventId": "39269365093120261820540470218794089633773079118103052291" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.121 10.0.4.186 45696 80 6 1 60 1760899232 1760899257 ACCEPT OK", - "ingestionTime": 1760899285448, - "eventId": "39269365093120261820540470218794089633773079118103052292" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.18.159 10.0.4.186 40504 80 6 3 180 1760899232 1760899257 ACCEPT OK", - "ingestionTime": 1760899285448, - "eventId": "39269365093120261820540470218794089633773079118103052293" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.38.48 10.0.4.186 57692 80 6 3 180 1760899232 1760899257 ACCEPT OK", - "ingestionTime": 1760899285448, - "eventId": "39269365093120261820540470218794089633773079118103052294" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0c663685d7a12552e - - - - - - - 1760899232 1760899257 - SKIPDATA", - "ingestionTime": 1760899285448, - "eventId": "39269365093120261820540470218794089633773079118103052295" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.22.186 10.0.4.186 25492 80 6 3 180 1760899232 1760899258 ACCEPT OK", - "ingestionTime": 1760899289700, - "eventId": "39269365093120261820540470223934830587421978269470359552" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.2.130 10.0.4.186 43258 80 6 3 180 1760899232 1760899258 ACCEPT OK", - "ingestionTime": 1760899289700, - "eventId": "39269365093120261820540470223934830587421978269470359553" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.9 10.0.4.186 61000 21 6 4 240 1760899232 1760899258 ACCEPT OK", - "ingestionTime": 1760899289700, - "eventId": "39269365093120261820540470223934830587421978269470359554" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0c663685d7a12552e 205.210.31.152 10.0.4.186 54664 990 6 1 44 1760899232 1760899258 ACCEPT OK", - "ingestionTime": 1760899289700, - "eventId": "39269365093120261820540470223934830587421978269470359555" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.121 10.0.4.186 35548 80 6 1 60 1760899232 1760899258 ACCEPT OK", - "ingestionTime": 1760899289700, - "eventId": "39269365093120261820540470223934830587421978269470359556" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.10.34 10.0.4.186 59684 80 6 3 180 1760899232 1760899258 ACCEPT OK", - "ingestionTime": 1760899289700, - "eventId": "39269365093120261820540470223934830587421978269470359557" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 36584 80 6 3 180 1760899232 1760899258 ACCEPT OK", - "ingestionTime": 1760899289700, - "eventId": "39269365093120261820540470223934830587421978269470359558" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.34.110 10.0.4.186 58110 80 6 3 180 1760899232 1760899258 ACCEPT OK", - "ingestionTime": 1760899289700, - "eventId": "39269365093120261820540470223934830587421978269470359559" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.50.103 10.0.4.186 44360 21 6 4 240 1760899232 1760899258 ACCEPT OK", - "ingestionTime": 1760899289700, - "eventId": "39269365093120261820540470223934830587421978269470359560" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.18.159 10.0.4.186 20358 80 6 3 180 1760899232 1760899258 ACCEPT OK", - "ingestionTime": 1760899289700, - "eventId": "39269365093120261820540470223934830587421978269470359561" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.10.12 10.0.4.186 30734 21 6 4 240 1760899232 1760899258 ACCEPT OK", - "ingestionTime": 1760899289700, - "eventId": "39269365093120261820540470223934830587421978269470359562" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.6.212 10.0.4.186 56320 80 6 3 180 1760899232 1760899258 ACCEPT OK", - "ingestionTime": 1760899289700, - "eventId": "39269365093120261820540470223934830587421978269470359563" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899232000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.9 10.0.4.186 60778 21 6 4 240 1760899232 1760899258 ACCEPT OK", - "ingestionTime": 1760899289700, - "eventId": "39269365093120261820540470223934830587421978269470359564" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899234000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.174 10.0.4.186 61920 80 6 3 180 1760899234 1760899259 ACCEPT OK", - "ingestionTime": 1760899285660, - "eventId": "39269365137721752217601716502122007999983747994912948224" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899234000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.46.102 10.0.4.186 9896 80 6 3 180 1760899234 1760899259 ACCEPT OK", - "ingestionTime": 1760899285660, - "eventId": "39269365137721752217601716502122007999983747994912948225" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899234000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.42.79 10.0.4.186 29784 21 6 4 240 1760899234 1760899259 ACCEPT OK", - "ingestionTime": 1760899285660, - "eventId": "39269365137721752217601716502122007999983747994912948226" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899234000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.223 10.0.4.186 39582 21 6 4 240 1760899234 1760899259 ACCEPT OK", - "ingestionTime": 1760899285660, - "eventId": "39269365137721752217601716502122007999983747994912948227" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899234000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.121 10.0.4.186 26504 80 6 3 180 1760899234 1760899259 ACCEPT OK", - "ingestionTime": 1760899285660, - "eventId": "39269365137721752217601716502122007999983747994912948228" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899234000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.53 10.0.4.186 63958 80 6 3 180 1760899234 1760899259 ACCEPT OK", - "ingestionTime": 1760899285660, - "eventId": "39269365137721752217601716502122007999983747994912948229" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899234000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.157 10.0.4.186 15152 80 6 3 180 1760899234 1760899259 ACCEPT OK", - "ingestionTime": 1760899285660, - "eventId": "39269365137721752217601716502122007999983747994912948230" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899234000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.157 10.0.4.186 32292 80 6 3 180 1760899234 1760899259 ACCEPT OK", - "ingestionTime": 1760899285660, - "eventId": "39269365137721752217601716502122007999983747994912948231" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899234000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.65 10.0.4.186 64704 21 6 4 240 1760899234 1760899259 ACCEPT OK", - "ingestionTime": 1760899285660, - "eventId": "39269365137721752217601716502122007999983747994912948232" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899234000, - "message": "2 211203495394 eni-0c663685d7a12552e 92.63.197.66 10.0.4.186 8080 6529 6 1 40 1760899234 1760899259 ACCEPT OK", - "ingestionTime": 1760899285660, - "eventId": "39269365137721752217601716502122007999983747994912948233" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899234000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.50.103 10.0.4.186 26690 21 6 4 240 1760899234 1760899259 ACCEPT OK", - "ingestionTime": 1760899285660, - "eventId": "39269365137721752217601716502122007999983747994912948234" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899234000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.22.186 10.0.4.186 47724 80 6 2 120 1760899234 1760899259 ACCEPT OK", - "ingestionTime": 1760899285660, - "eventId": "39269365137721752217601716502122007999983747994912948235" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899234000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.50.153 10.0.4.186 37506 80 6 3 180 1760899234 1760899259 ACCEPT OK", - "ingestionTime": 1760899285660, - "eventId": "39269365137721752217601716502122007999983747994912948236" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899234000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.34.56 10.0.4.186 40154 21 6 3 180 1760899234 1760899259 ACCEPT OK", - "ingestionTime": 1760899285660, - "eventId": "39269365137721752217601716502122007999983747994912948237" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899241000, - "message": "2 211203495394 eni-0c663685d7a12552e 35.203.211.22 10.0.4.186 57261 28009 6 1 44 1760899241 1760899271 ACCEPT OK", - "ingestionTime": 1760899292689, - "eventId": "39269365293826968607316078501369387829456268394566909952" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899241000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.38.48 10.0.4.186 45308 80 6 3 180 1760899241 1760899271 ACCEPT OK", - "ingestionTime": 1760899292689, - "eventId": "39269365293826968607316078501369387829456268394566909953" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899241000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.50.153 10.0.4.186 45524 80 6 3 180 1760899241 1760899271 ACCEPT OK", - "ingestionTime": 1760899292689, - "eventId": "39269365293826968607316078501369387829456268394566909954" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899241000, - "message": "2 211203495394 eni-0c663685d7a12552e 104.237.144.186 10.0.4.186 61000 443 6 1 40 1760899241 1760899271 ACCEPT OK", - "ingestionTime": 1760899292689, - "eventId": "39269365293826968607316078501369387829456268394566909955" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899241000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.236 10.0.4.186 16088 80 6 3 180 1760899241 1760899271 ACCEPT OK", - "ingestionTime": 1760899292689, - "eventId": "39269365293826968607316078501369387829456268394566909956" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899241000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 50098 80 6 3 180 1760899241 1760899271 ACCEPT OK", - "ingestionTime": 1760899292689, - "eventId": "39269365293826968607316078501369387829456268394566909957" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899241000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.174 10.0.4.186 13406 80 6 3 180 1760899241 1760899271 ACCEPT OK", - "ingestionTime": 1760899292689, - "eventId": "39269365293826968607316078501369387829456268394566909958" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899241000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.6.1 10.0.4.186 38794 21 6 4 240 1760899241 1760899271 ACCEPT OK", - "ingestionTime": 1760899292689, - "eventId": "39269365293826968607316078501369387829456268394566909959" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899241000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.2.130 10.0.4.186 64922 80 6 3 180 1760899241 1760899271 ACCEPT OK", - "ingestionTime": 1760899292689, - "eventId": "39269365293826968607316078501369387829456268394566909960" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899241000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.2.31 10.0.4.186 10732 21 6 4 240 1760899241 1760899271 ACCEPT OK", - "ingestionTime": 1760899292689, - "eventId": "39269365293826968607316078501369387829456268394566909961" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899241000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.174 10.0.4.186 28496 80 6 2 120 1760899241 1760899271 ACCEPT OK", - "ingestionTime": 1760899292689, - "eventId": "39269365293826968607316078501369387829456268394566909962" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899266000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.46.163 10.0.4.186 14348 21 6 4 240 1760899266 1760899289 ACCEPT OK", - "ingestionTime": 1760899317595, - "eventId": "39269365851345598570581657069872125075764465110652747776" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899266000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.42.79 10.0.4.186 52754 80 6 3 180 1760899266 1760899289 ACCEPT OK", - "ingestionTime": 1760899317595, - "eventId": "39269365851345598570581657069872125075764465110652747777" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899266000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.10.34 10.0.4.186 39232 80 6 1 60 1760899266 1760899289 ACCEPT OK", - "ingestionTime": 1760899317595, - "eventId": "39269365851345598570581657069872125075764465110652747778" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899266000, - "message": "2 211203495394 eni-0c663685d7a12552e 147.185.133.252 10.0.4.186 56557 9202 6 1 44 1760899266 1760899289 ACCEPT OK", - "ingestionTime": 1760899317595, - "eventId": "39269365851345598570581657069872125075764465110652747779" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899266000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.126 10.0.4.186 42982 21 6 4 240 1760899266 1760899289 ACCEPT OK", - "ingestionTime": 1760899317595, - "eventId": "39269365851345598570581657069872125075764465110652747780" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899266000, - "message": "2 211203495394 eni-0c663685d7a12552e - - - - - - - 1760899266 1760899289 - SKIPDATA", - "ingestionTime": 1760899317595, - "eventId": "39269365851345598570581657069872125075764465110652747781" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899266000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.2.31 10.0.4.186 39548 21 6 4 240 1760899266 1760899292 ACCEPT OK", - "ingestionTime": 1760899318688, - "eventId": "39269365851345598570581657071193168064314455622888390656" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899266000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.18.159 10.0.4.186 60954 80 6 3 180 1760899266 1760899292 ACCEPT OK", - "ingestionTime": 1760899318688, - "eventId": "39269365851345598570581657071193168064314455622888390657" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899266000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.121 10.0.4.186 42456 80 6 3 180 1760899266 1760899292 ACCEPT OK", - "ingestionTime": 1760899318688, - "eventId": "39269365851345598570581657071193168064314455622888390658" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899266000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.34.56 10.0.4.186 59042 21 6 4 240 1760899266 1760899292 ACCEPT OK", - "ingestionTime": 1760899318688, - "eventId": "39269365851345598570581657071193168064314455622888390659" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899266000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.157 10.0.4.186 14264 80 6 3 180 1760899266 1760899292 ACCEPT OK", - "ingestionTime": 1760899318688, - "eventId": "39269365851345598570581657071193168064314455622888390660" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899266000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.6.212 10.0.4.186 54860 80 6 3 180 1760899266 1760899292 ACCEPT OK", - "ingestionTime": 1760899318688, - "eventId": "39269365851345598570581657071193168064314455622888390661" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899266000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.22.186 10.0.4.186 57124 80 6 3 180 1760899266 1760899292 ACCEPT OK", - "ingestionTime": 1760899318688, - "eventId": "39269365851345598570581657071193168064314455622888390662" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899266000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.38.30 10.0.4.186 13064 21 6 4 240 1760899266 1760899292 ACCEPT OK", - "ingestionTime": 1760899318688, - "eventId": "39269365851345598570581657071193168064314455622888390663" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899266000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.10.34 10.0.4.186 64866 80 6 3 180 1760899266 1760899292 ACCEPT OK", - "ingestionTime": 1760899318688, - "eventId": "39269365851345598570581657071193168064314455622888390664" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899266000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.174 10.0.4.186 65242 80 6 1 60 1760899266 1760899292 ACCEPT OK", - "ingestionTime": 1760899318688, - "eventId": "39269365851345598570581657071193168064314455622888390665" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899266000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.174 10.0.4.186 35662 80 6 3 180 1760899266 1760899292 ACCEPT OK", - "ingestionTime": 1760899318688, - "eventId": "39269365851345598570581657071193168064314455622888390666" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899267000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.10.34 10.0.4.186 11826 80 6 3 180 1760899267 1760899292 ACCEPT OK", - "ingestionTime": 1760899315018, - "eventId": "39269365873646343769112280208292498433226453413528928256" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899267000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 34372 80 6 2 120 1760899267 1760899292 ACCEPT OK", - "ingestionTime": 1760899315018, - "eventId": "39269365873646343769112280208292498433226453413528928257" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899267000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.42.79 10.0.4.186 23486 80 6 3 180 1760899267 1760899292 ACCEPT OK", - "ingestionTime": 1760899315018, - "eventId": "39269365873646343769112280208292498433226453413528928258" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899267000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.10.34 10.0.4.186 45170 80 6 3 180 1760899267 1760899292 ACCEPT OK", - "ingestionTime": 1760899315018, - "eventId": "39269365873646343769112280208292498433226453413528928259" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899267000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.50.153 10.0.4.186 59316 80 6 3 180 1760899267 1760899292 ACCEPT OK", - "ingestionTime": 1760899315018, - "eventId": "39269365873646343769112280208292498433226453413528928260" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899267000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.34.110 10.0.4.186 41556 80 6 3 180 1760899267 1760899292 ACCEPT OK", - "ingestionTime": 1760899315018, - "eventId": "39269365873646343769112280208292498433226453413528928261" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899267000, - "message": "2 211203495394 eni-0c663685d7a12552e 165.154.173.104 10.0.4.186 45123 15200 6 1 40 1760899267 1760899292 ACCEPT OK", - "ingestionTime": 1760899315018, - "eventId": "39269365873646343769112280208292498433226453413528928262" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899267000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.42.79 10.0.4.186 57032 80 6 3 180 1760899267 1760899292 ACCEPT OK", - "ingestionTime": 1760899315018, - "eventId": "39269365873646343769112280208292498433226453413528928263" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899267000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.9 10.0.4.186 63148 21 6 4 240 1760899267 1760899292 ACCEPT OK", - "ingestionTime": 1760899315018, - "eventId": "39269365873646343769112280208292498433226453413528928264" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899267000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.121 10.0.4.186 27420 80 6 3 180 1760899267 1760899292 ACCEPT OK", - "ingestionTime": 1760899315018, - "eventId": "39269365873646343769112280208292498433226453413528928265" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899267000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.6.212 10.0.4.186 52372 80 6 3 180 1760899267 1760899292 ACCEPT OK", - "ingestionTime": 1760899315018, - "eventId": "39269365873646343769112280208292498433226453413528928266" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899268000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.2.130 10.0.4.186 50536 80 6 2 120 1760899268 1760899295 ACCEPT OK", - "ingestionTime": 1760899314622, - "eventId": "39269365895947088967642903349349050755686339000491442176" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899268000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 35356 21 6 4 240 1760899268 1760899295 ACCEPT OK", - "ingestionTime": 1760899314622, - "eventId": "39269365895947088967642903349349050755686339000491442177" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899268000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 31386 80 6 1 60 1760899268 1760899295 ACCEPT OK", - "ingestionTime": 1760899314622, - "eventId": "39269365895947088967642903349349050755686339000491442178" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899268000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.2.130 10.0.4.186 60380 80 6 3 180 1760899268 1760899295 ACCEPT OK", - "ingestionTime": 1760899314622, - "eventId": "39269365895947088967642903349349050755686339000491442179" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899268000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.38.48 10.0.4.186 34026 80 6 3 180 1760899268 1760899295 ACCEPT OK", - "ingestionTime": 1760899314622, - "eventId": "39269365895947088967642903349349050755686339000491442180" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899268000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.6.1 10.0.4.186 38404 21 6 4 240 1760899268 1760899295 ACCEPT OK", - "ingestionTime": 1760899314622, - "eventId": "39269365895947088967642903349349050755686339000491442181" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899268000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.42.79 10.0.4.186 16084 80 6 3 180 1760899268 1760899295 ACCEPT OK", - "ingestionTime": 1760899314622, - "eventId": "39269365895947088967642903349349050755686339000491442182" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899268000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.34.110 10.0.4.186 26236 80 6 3 180 1760899268 1760899295 ACCEPT OK", - "ingestionTime": 1760899314622, - "eventId": "39269365895947088967642903349349050755686339000491442183" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899268000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.46.102 10.0.4.186 11320 80 6 3 180 1760899268 1760899295 ACCEPT OK", - "ingestionTime": 1760899314622, - "eventId": "39269365895947088967642903349349050755686339000491442184" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899268000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.22.145 10.0.4.186 64576 21 6 3 180 1760899268 1760899295 ACCEPT OK", - "ingestionTime": 1760899314622, - "eventId": "39269365895947088967642903349349050755686339000491442185" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899268000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.174 10.0.4.186 13916 80 6 3 180 1760899268 1760899295 ACCEPT OK", - "ingestionTime": 1760899314622, - "eventId": "39269365895947088967642903349349050755686339000491442186" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899268000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.42.79 10.0.4.186 30326 21 6 4 240 1760899268 1760899295 ACCEPT OK", - "ingestionTime": 1760899314622, - "eventId": "39269365895947088967642903349349050755686339000491442187" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899268000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.38.48 10.0.4.186 41588 80 6 3 180 1760899268 1760899295 ACCEPT OK", - "ingestionTime": 1760899314622, - "eventId": "39269365895947088967642903349349050755686339000491442188" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899268000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.18.159 10.0.4.186 26010 80 6 2 120 1760899268 1760899295 ACCEPT OK", - "ingestionTime": 1760899314622, - "eventId": "39269365895947088967642903349349050755686339000491442189" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899275000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.50.153 10.0.4.186 37620 80 6 3 180 1760899275 1760899291 ACCEPT OK", - "ingestionTime": 1760899337373, - "eventId": "39269366052052305357357265367603453834478211298574204928" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899275000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.50.153 10.0.4.186 60708 80 6 3 180 1760899275 1760899291 ACCEPT OK", - "ingestionTime": 1760899337373, - "eventId": "39269366052052305357357265367603453834478211298574204929" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899275000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.46.163 10.0.4.186 11788 21 6 4 240 1760899275 1760899291 ACCEPT OK", - "ingestionTime": 1760899337373, - "eventId": "39269366052052305357357265367603453834478211298574204930" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899275000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.53 10.0.4.186 28350 80 6 3 180 1760899275 1760899291 ACCEPT OK", - "ingestionTime": 1760899337373, - "eventId": "39269366052052305357357265367603453834478211298574204931" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899275000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.121 10.0.4.186 60280 80 6 3 180 1760899275 1760899291 ACCEPT OK", - "ingestionTime": 1760899337373, - "eventId": "39269366052052305357357265367603453834478211298574204932" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899275000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 61052 80 6 3 180 1760899275 1760899291 ACCEPT OK", - "ingestionTime": 1760899337373, - "eventId": "39269366052052305357357265367603453834478211298574204933" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899275000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.38.30 10.0.4.186 35410 21 6 4 240 1760899275 1760899291 ACCEPT OK", - "ingestionTime": 1760899337373, - "eventId": "39269366052052305357357265367603453834478211298574204934" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899291000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.53 10.0.4.186 52400 80 6 3 180 1760899291 1760899311 ACCEPT OK", - "ingestionTime": 1760899356139, - "eventId": "39269366408864228533847235654861795305509758642954043392" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899291000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.6.212 10.0.4.186 39206 80 6 3 180 1760899291 1760899311 ACCEPT OK", - "ingestionTime": 1760899356139, - "eventId": "39269366408864228533847235654861795305509758642954043393" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899291000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.157 10.0.4.186 51290 80 6 3 180 1760899291 1760899311 ACCEPT OK", - "ingestionTime": 1760899356139, - "eventId": "39269366408864228533847235654861795305509758642954043394" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899291000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.53 10.0.4.186 33590 80 6 3 180 1760899291 1760899311 ACCEPT OK", - "ingestionTime": 1760899356139, - "eventId": "39269366408864228533847235654861795305509758642954043395" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899291000, - "message": "2 211203495394 eni-0c663685d7a12552e - - - - - - - 1760899291 1760899311 - SKIPDATA", - "ingestionTime": 1760899356139, - "eventId": "39269366408864228533847235654861795305509758642954043396" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899294000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.121 10.0.4.186 18552 80 6 2 120 1760899294 1760899320 ACCEPT OK", - "ingestionTime": 1760899346084, - "eventId": "39269366475766464129439105067313058939020123168656850944" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899294000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.46.102 10.0.4.186 14244 80 6 3 180 1760899294 1760899320 ACCEPT OK", - "ingestionTime": 1760899346084, - "eventId": "39269366475766464129439105067313058939020123168656850945" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899294000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.65 10.0.4.186 50030 21 6 4 240 1760899294 1760899320 ACCEPT OK", - "ingestionTime": 1760899346084, - "eventId": "39269366475766464129439105067313058939020123168656850946" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899294000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.42.79 10.0.4.186 30508 80 6 3 180 1760899294 1760899320 ACCEPT OK", - "ingestionTime": 1760899346084, - "eventId": "39269366475766464129439105067313058939020123168656850947" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899294000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.157 10.0.4.186 23936 80 6 3 180 1760899294 1760899320 ACCEPT OK", - "ingestionTime": 1760899346084, - "eventId": "39269366475766464129439105067313058939020123168656850948" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899294000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.121 10.0.4.186 14100 80 6 3 180 1760899294 1760899320 ACCEPT OK", - "ingestionTime": 1760899346084, - "eventId": "39269366475766464129439105067313058939020123168656850949" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899294000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.38.48 10.0.4.186 22180 80 6 3 180 1760899294 1760899320 ACCEPT OK", - "ingestionTime": 1760899346084, - "eventId": "39269366475766464129439105067313058939020123168656850950" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899294000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.2.130 10.0.4.186 17822 80 6 3 180 1760899294 1760899320 ACCEPT OK", - "ingestionTime": 1760899346084, - "eventId": "39269366475766464129439105067313058939020123168656850951" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899294000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.50.153 10.0.4.186 29332 80 6 3 180 1760899294 1760899320 ACCEPT OK", - "ingestionTime": 1760899346084, - "eventId": "39269366475766464129439105067313058939020123168656850952" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899297000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.22.186 10.0.4.186 46686 80 6 3 180 1760899297 1760899324 ACCEPT OK", - "ingestionTime": 1760899348621, - "eventId": "39269366542668699725030974494987187254788599016975499264" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899297000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.100 10.0.4.186 57958 21 6 4 240 1760899297 1760899324 ACCEPT OK", - "ingestionTime": 1760899348621, - "eventId": "39269366542668699725030974494987187254788599016975499265" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899297000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.10.12 10.0.4.186 41254 21 6 4 240 1760899297 1760899324 ACCEPT OK", - "ingestionTime": 1760899348621, - "eventId": "39269366542668699725030974494987187254788599016975499266" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899297000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.22.186 10.0.4.186 59878 80 6 3 180 1760899297 1760899324 ACCEPT OK", - "ingestionTime": 1760899348621, - "eventId": "39269366542668699725030974494987187254788599016975499267" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899297000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.18.159 10.0.4.186 14756 80 6 3 180 1760899297 1760899324 ACCEPT OK", - "ingestionTime": 1760899348621, - "eventId": "39269366542668699725030974494987187254788599016975499268" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899297000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.53 10.0.4.186 52246 80 6 3 180 1760899297 1760899324 ACCEPT OK", - "ingestionTime": 1760899348621, - "eventId": "39269366542668699725030974494987187254788599016975499269" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899297000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 52902 80 6 3 180 1760899297 1760899324 ACCEPT OK", - "ingestionTime": 1760899348621, - "eventId": "39269366542668699725030974494987187254788599016975499270" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899297000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.236 10.0.4.186 26402 80 6 3 180 1760899297 1760899324 ACCEPT OK", - "ingestionTime": 1760899348621, - "eventId": "39269366542668699725030974494987187254788599016975499271" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899297000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.38.48 10.0.4.186 21660 80 6 3 180 1760899297 1760899324 ACCEPT OK", - "ingestionTime": 1760899348621, - "eventId": "39269366542668699725030974494987187254788599016975499272" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899297000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.9 10.0.4.186 57706 21 6 4 240 1760899297 1760899324 ACCEPT OK", - "ingestionTime": 1760899348621, - "eventId": "39269366542668699725030974494987187254788599016975499273" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899297000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.38.48 10.0.4.186 40040 80 6 3 180 1760899297 1760899324 ACCEPT OK", - "ingestionTime": 1760899348621, - "eventId": "39269366542668699725030974494987187254788599016975499274" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899299000, - "message": "2 211203495394 eni-0c663685d7a12552e 205.210.31.138 10.0.4.186 50578 7547 6 1 44 1760899299 1760899320 ACCEPT OK", - "ingestionTime": 1760899345032, - "eventId": "39269366587270190122092220773720038958585659558241894400" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899299000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.34.110 10.0.4.186 58372 80 6 3 180 1760899299 1760899320 ACCEPT OK", - "ingestionTime": 1760899345032, - "eventId": "39269366587270190122092220773720038958585659558241894401" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899299000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.46.102 10.0.4.186 22358 80 6 3 180 1760899299 1760899320 ACCEPT OK", - "ingestionTime": 1760899345032, - "eventId": "39269366587270190122092220773720038958585659558241894402" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899299000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.46.102 10.0.4.186 16878 80 6 3 180 1760899299 1760899320 ACCEPT OK", - "ingestionTime": 1760899345032, - "eventId": "39269366587270190122092220773720038958585659558241894403" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899299000, - "message": "2 211203495394 eni-0c663685d7a12552e 35.203.210.85 10.0.4.186 55174 1502 6 1 44 1760899299 1760899320 ACCEPT OK", - "ingestionTime": 1760899345032, - "eventId": "39269366587270190122092220773720038958585659558241894404" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899299000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.6.212 10.0.4.186 45734 80 6 3 180 1760899299 1760899320 ACCEPT OK", - "ingestionTime": 1760899345032, - "eventId": "39269366587270190122092220773720038958585659558241894405" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899299000, - "message": "2 211203495394 eni-0c663685d7a12552e 35.203.210.123 10.0.4.186 56280 11084 6 1 44 1760899299 1760899320 ACCEPT OK", - "ingestionTime": 1760899345032, - "eventId": "39269366587270190122092220773720038958585659558241894406" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899299000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.157 10.0.4.186 64764 80 6 3 180 1760899299 1760899320 ACCEPT OK", - "ingestionTime": 1760899345032, - "eventId": "39269366587270190122092220773720038958585659558241894407" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899299000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.236 10.0.4.186 49614 80 6 3 180 1760899299 1760899320 ACCEPT OK", - "ingestionTime": 1760899345032, - "eventId": "39269366587270190122092220773720038958585659558241894408" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899299000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.18.2 10.0.4.186 27514 21 6 4 240 1760899299 1760899320 ACCEPT OK", - "ingestionTime": 1760899345032, - "eventId": "39269366587270190122092220773720038958585659558241894409" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899299000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.10.34 10.0.4.186 44044 80 6 3 180 1760899299 1760899320 ACCEPT OK", - "ingestionTime": 1760899345032, - "eventId": "39269366587270190122092220773720038958585659558241894410" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899299000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.10.34 10.0.4.186 41366 80 6 3 180 1760899299 1760899320 ACCEPT OK", - "ingestionTime": 1760899345032, - "eventId": "39269366587270190122092220773720038958585659558241894411" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899299000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.22.186 10.0.4.186 47724 80 6 1 60 1760899299 1760899320 ACCEPT OK", - "ingestionTime": 1760899345032, - "eventId": "39269366587270190122092220773720038958585659558241894412" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899299000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.236 10.0.4.186 56174 80 6 3 180 1760899299 1760899320 ACCEPT OK", - "ingestionTime": 1760899345032, - "eventId": "39269366587270190122092220773720038958585659558241894413" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899299000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.2.130 10.0.4.186 37518 80 6 3 180 1760899299 1760899320 ACCEPT OK", - "ingestionTime": 1760899345032, - "eventId": "39269366587270190122092220773720038958585659558241894414" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899299000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.34.56 10.0.4.186 40154 21 6 1 60 1760899299 1760899320 ACCEPT OK", - "ingestionTime": 1760899345032, - "eventId": "39269366587270190122092220773720038958585659558241894415" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899312000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.174 10.0.4.186 32546 80 6 3 180 1760899312 1760899328 ACCEPT OK", - "ingestionTime": 1760899367580, - "eventId": "39269366877179877702990321640943465721827609125627559936" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899312000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.6.1 10.0.4.186 45958 21 6 4 240 1760899312 1760899328 ACCEPT OK", - "ingestionTime": 1760899367580, - "eventId": "39269366877179877702990321640943465721827609125627559937" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899312000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.50.153 10.0.4.186 59358 80 6 3 180 1760899312 1760899328 ACCEPT OK", - "ingestionTime": 1760899367580, - "eventId": "39269366877179877702990321640943465721827609125627559938" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899312000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.53 10.0.4.186 48134 80 6 3 180 1760899312 1760899328 ACCEPT OK", - "ingestionTime": 1760899367580, - "eventId": "39269366877179877702990321640943465721827609125627559939" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899312000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.223 10.0.4.186 36966 21 6 4 240 1760899312 1760899328 ACCEPT OK", - "ingestionTime": 1760899367580, - "eventId": "39269366877179877702990321640943465721827609125627559940" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899323000, - "message": "2 211203495394 eni-0c663685d7a12552e 13.214.173.166 10.0.4.186 0 0 1 1 28 1760899323 1760899350 ACCEPT OK", - "ingestionTime": 1760899369733, - "eventId": "39269367122488074886827176200439152160092688428093407232" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899323000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.18.159 10.0.4.186 49060 80 6 3 180 1760899323 1760899350 ACCEPT OK", - "ingestionTime": 1760899369733, - "eventId": "39269367122488074886827176200439152160092688428093407233" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899323000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.34.110 10.0.4.186 21004 80 6 3 180 1760899323 1760899350 ACCEPT OK", - "ingestionTime": 1760899369733, - "eventId": "39269367122488074886827176200439152160092688428093407234" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899323000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.236 10.0.4.186 29018 80 6 3 180 1760899323 1760899350 ACCEPT OK", - "ingestionTime": 1760899369733, - "eventId": "39269367122488074886827176200439152160092688428093407235" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899323000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.174 10.0.4.186 15302 80 6 3 180 1760899323 1760899350 ACCEPT OK", - "ingestionTime": 1760899369733, - "eventId": "39269367122488074886827176200439152160092688428093407236" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899323000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.2.130 10.0.4.186 15122 80 6 3 180 1760899323 1760899350 ACCEPT OK", - "ingestionTime": 1760899369733, - "eventId": "39269367122488074886827176200439152160092688428093407237" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899323000, - "message": "2 211203495394 eni-0c663685d7a12552e - - - - - - - 1760899323 1760899350 - SKIPDATA", - "ingestionTime": 1760899369733, - "eventId": "39269367122488074886827176200439152160092688428093407238" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899324000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.34.56 10.0.4.186 52034 21 6 4 240 1760899324 1760899350 ACCEPT OK", - "ingestionTime": 1760899381515, - "eventId": "39269367144788820085357799356217906366988921572040507392" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899324000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.121 10.0.4.186 28464 80 6 3 180 1760899324 1760899350 ACCEPT OK", - "ingestionTime": 1760899381515, - "eventId": "39269367144788820085357799356217906366988921572040507393" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899324000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.34.56 10.0.4.186 61844 21 6 2 120 1760899324 1760899350 ACCEPT OK", - "ingestionTime": 1760899381515, - "eventId": "39269367144788820085357799356217906366988921572040507394" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899324000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.50.103 10.0.4.186 37012 21 6 4 240 1760899324 1760899350 ACCEPT OK", - "ingestionTime": 1760899381515, - "eventId": "39269367144788820085357799356217906366988921572040507395" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899324000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.10.34 10.0.4.186 65418 80 6 3 180 1760899324 1760899350 ACCEPT OK", - "ingestionTime": 1760899381515, - "eventId": "39269367144788820085357799356217906366988921572040507396" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899324000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.50.153 10.0.4.186 27682 80 6 3 180 1760899324 1760899350 ACCEPT OK", - "ingestionTime": 1760899381515, - "eventId": "39269367144788820085357799356217906366988921572040507397" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899324000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.38.30 10.0.4.186 45390 21 6 4 240 1760899324 1760899350 ACCEPT OK", - "ingestionTime": 1760899381515, - "eventId": "39269367144788820085357799356217906366988921572040507398" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899324000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 50814 80 6 3 180 1760899324 1760899350 ACCEPT OK", - "ingestionTime": 1760899381515, - "eventId": "39269367144788820085357799356217906366988921572040507399" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899324000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 41210 80 6 3 180 1760899324 1760899350 ACCEPT OK", - "ingestionTime": 1760899381515, - "eventId": "39269367144788820085357799356217906366988921572040507400" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899324000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 38070 80 6 3 180 1760899324 1760899350 ACCEPT OK", - "ingestionTime": 1760899381515, - "eventId": "39269367144788820085357799356217906366988921572040507401" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899324000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.18.159 10.0.4.186 9706 80 6 3 180 1760899324 1760899350 ACCEPT OK", - "ingestionTime": 1760899381515, - "eventId": "39269367144788820085357799356217906366988921572040507402" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899325000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.6.212 10.0.4.186 50430 80 6 3 180 1760899325 1760899343 ACCEPT OK", - "ingestionTime": 1760899376838, - "eventId": "39269367167089565283888422492099880415774954362776715264" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899325000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.42.79 10.0.4.186 18182 21 6 4 240 1760899325 1760899343 ACCEPT OK", - "ingestionTime": 1760899376838, - "eventId": "39269367167089565283888422492099880415774954362776715265" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899325000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.22.186 10.0.4.186 47948 80 6 3 180 1760899325 1760899343 ACCEPT OK", - "ingestionTime": 1760899376838, - "eventId": "39269367167089565283888422492099880415774954362776715266" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899325000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 34372 80 6 1 60 1760899325 1760899343 ACCEPT OK", - "ingestionTime": 1760899376838, - "eventId": "39269367167089565283888422492099880415774954362776715267" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899325000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.18.159 10.0.4.186 26294 80 6 3 180 1760899325 1760899343 ACCEPT OK", - "ingestionTime": 1760899376838, - "eventId": "39269367167089565283888422492099880415774954362776715268" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899325000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.18.159 10.0.4.186 11968 80 6 3 180 1760899325 1760899343 ACCEPT OK", - "ingestionTime": 1760899376838, - "eventId": "39269367167089565283888422492099880415774954362776715269" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899325000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.46.102 10.0.4.186 28368 80 6 3 180 1760899325 1760899343 ACCEPT OK", - "ingestionTime": 1760899376838, - "eventId": "39269367167089565283888422492099880415774954362776715270" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899325000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.38.48 10.0.4.186 19342 80 6 3 180 1760899325 1760899343 ACCEPT OK", - "ingestionTime": 1760899376838, - "eventId": "39269367167089565283888422492099880415774954362776715271" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899325000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.18.2 10.0.4.186 29372 21 6 4 240 1760899325 1760899343 ACCEPT OK", - "ingestionTime": 1760899376838, - "eventId": "39269367167089565283888422492099880415774954362776715272" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899325000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 46546 80 6 3 180 1760899325 1760899343 ACCEPT OK", - "ingestionTime": 1760899376838, - "eventId": "39269367167089565283888422492099880415774954362776715273" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899325000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.50.153 10.0.4.186 23346 80 6 3 180 1760899325 1760899343 ACCEPT OK", - "ingestionTime": 1760899376838, - "eventId": "39269367167089565283888422492099880415774954362776715274" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899327000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.121 10.0.4.186 58710 80 6 3 180 1760899327 1760899355 ACCEPT OK", - "ingestionTime": 1760899377777, - "eventId": "39269367211691055680949668776306210749227841375661588480" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899327000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.223 10.0.4.186 44376 21 6 4 240 1760899327 1760899355 ACCEPT OK", - "ingestionTime": 1760899377777, - "eventId": "39269367211691055680949668776306210749227841375661588481" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899327000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.2.130 10.0.4.186 50536 80 6 1 60 1760899327 1760899355 ACCEPT OK", - "ingestionTime": 1760899377777, - "eventId": "39269367211691055680949668776306210749227841375661588482" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899327000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.236 10.0.4.186 57464 80 6 3 180 1760899327 1760899355 ACCEPT OK", - "ingestionTime": 1760899377777, - "eventId": "39269367211691055680949668776306210749227841375661588483" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899327000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.50.103 10.0.4.186 23402 21 6 4 240 1760899327 1760899355 ACCEPT OK", - "ingestionTime": 1760899377777, - "eventId": "39269367211691055680949668776306210749227841375661588484" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899327000, - "message": "2 211203495394 eni-0c663685d7a12552e 162.216.150.86 10.0.4.186 55131 57357 6 1 44 1760899327 1760899355 ACCEPT OK", - "ingestionTime": 1760899377777, - "eventId": "39269367211691055680949668776306210749227841375661588485" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899327000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.34.110 10.0.4.186 53474 80 6 3 180 1760899327 1760899355 ACCEPT OK", - "ingestionTime": 1760899377777, - "eventId": "39269367211691055680949668776306210749227841375661588486" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899327000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.46.102 10.0.4.186 56830 80 6 3 180 1760899327 1760899355 ACCEPT OK", - "ingestionTime": 1760899377777, - "eventId": "39269367211691055680949668776306210749227841375661588487" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899327000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.100 10.0.4.186 20716 21 6 4 240 1760899327 1760899355 ACCEPT OK", - "ingestionTime": 1760899377777, - "eventId": "39269367211691055680949668776306210749227841375661588488" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899327000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.18.2 10.0.4.186 21308 21 6 4 240 1760899327 1760899355 ACCEPT OK", - "ingestionTime": 1760899377777, - "eventId": "39269367211691055680949668776306210749227841375661588489" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899327000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.22.145 10.0.4.186 64576 21 6 1 60 1760899327 1760899355 ACCEPT OK", - "ingestionTime": 1760899377777, - "eventId": "39269367211691055680949668776306210749227841375661588490" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899327000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.53 10.0.4.186 54428 80 6 3 180 1760899327 1760899355 ACCEPT OK", - "ingestionTime": 1760899377777, - "eventId": "39269367211691055680949668776306210749227841375661588491" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899327000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.22.186 10.0.4.186 56326 80 6 3 180 1760899327 1760899355 ACCEPT OK", - "ingestionTime": 1760899377777, - "eventId": "39269367211691055680949668776306210749227841375661588492" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899327000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 11346 80 6 1 60 1760899327 1760899355 ACCEPT OK", - "ingestionTime": 1760899377777, - "eventId": "39269367211691055680949668776306210749227841375661588493" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899327000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.38.48 10.0.4.186 54058 80 6 3 180 1760899327 1760899355 ACCEPT OK", - "ingestionTime": 1760899377777, - "eventId": "39269367211691055680949668776306210749227841375661588494" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899331000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.174 10.0.4.186 28496 80 6 1 60 1760899331 1760899360 ACCEPT OK", - "ingestionTime": 1760899382740, - "eventId": "39269367300894036475072161348448949631126678245174607872" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899331000, - "message": "2 211203495394 eni-0c663685d7a12552e 87.120.191.93 10.0.4.186 51632 80 6 1 40 1760899331 1760899360 ACCEPT OK", - "ingestionTime": 1760899382740, - "eventId": "39269367300894036475072161348448949631126678245174607873" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899331000, - "message": "2 211203495394 eni-0c663685d7a12552e 41.59.173.249 10.0.4.186 44087 23 6 1 60 1760899331 1760899360 ACCEPT OK", - "ingestionTime": 1760899382740, - "eventId": "39269367300894036475072161348448949631126678245174607874" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899331000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.174 10.0.4.186 39996 80 6 3 180 1760899331 1760899360 ACCEPT OK", - "ingestionTime": 1760899382740, - "eventId": "39269367300894036475072161348448949631126678245174607875" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899331000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.157 10.0.4.186 59438 80 6 3 180 1760899331 1760899360 ACCEPT OK", - "ingestionTime": 1760899382740, - "eventId": "39269367300894036475072161348448949631126678245174607876" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899331000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.6.212 10.0.4.186 61964 80 6 3 180 1760899331 1760899360 ACCEPT OK", - "ingestionTime": 1760899382740, - "eventId": "39269367300894036475072161348448949631126678245174607877" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899331000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.9 10.0.4.186 15392 21 6 4 240 1760899331 1760899360 ACCEPT OK", - "ingestionTime": 1760899382740, - "eventId": "39269367300894036475072161348448949631126678245174607878" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899331000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.10.12 10.0.4.186 11790 21 6 4 240 1760899331 1760899360 ACCEPT OK", - "ingestionTime": 1760899382740, - "eventId": "39269367300894036475072161348448949631126678245174607879" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899331000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.22.186 10.0.4.186 37404 80 6 3 180 1760899331 1760899360 ACCEPT OK", - "ingestionTime": 1760899382740, - "eventId": "39269367300894036475072161348448949631126678245174607880" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899331000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.65 10.0.4.186 46602 21 6 4 240 1760899331 1760899360 ACCEPT OK", - "ingestionTime": 1760899382740, - "eventId": "39269367300894036475072161348448949631126678245174607881" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899352000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.22.186 10.0.4.186 25578 80 6 3 180 1760899352 1760899374 ACCEPT OK", - "ingestionTime": 1760899408802, - "eventId": "39269367769209685644215247352206373185917490583177330688" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899352000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.10.34 10.0.4.186 49716 80 6 3 180 1760899352 1760899374 ACCEPT OK", - "ingestionTime": 1760899408802, - "eventId": "39269367769209685644215247352206373185917490583177330689" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899352000, - "message": "2 211203495394 eni-0c663685d7a12552e - - - - - - - 1760899352 1760899374 - SKIPDATA", - "ingestionTime": 1760899408802, - "eventId": "39269367769209685644215247352206373185917490583177330690" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899354000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.18.159 10.0.4.186 47440 80 6 3 180 1760899354 1760899378 ACCEPT OK", - "ingestionTime": 1760899412440, - "eventId": "39269367813811176041276493639675932908351685245456547840" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899354000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 12744 21 6 4 240 1760899354 1760899378 ACCEPT OK", - "ingestionTime": 1760899412440, - "eventId": "39269367813811176041276493639675932908351685245456547841" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899354000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.121 10.0.4.186 19934 80 6 3 180 1760899354 1760899378 ACCEPT OK", - "ingestionTime": 1760899412440, - "eventId": "39269367813811176041276493639675932908351685245456547842" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899354000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.50.153 10.0.4.186 55776 80 6 3 180 1760899354 1760899378 ACCEPT OK", - "ingestionTime": 1760899412440, - "eventId": "39269367813811176041276493639675932908351685245456547843" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899354000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.121 10.0.4.186 18552 80 6 1 60 1760899354 1760899379 ACCEPT OK", - "ingestionTime": 1760899412903, - "eventId": "39269367813811176041276493640235400035658293895875198976" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899354000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.121 10.0.4.186 22126 80 6 3 180 1760899354 1760899379 ACCEPT OK", - "ingestionTime": 1760899412903, - "eventId": "39269367813811176041276493640235400035658293895875198977" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899354000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.22.186 10.0.4.186 10576 80 6 3 180 1760899354 1760899379 ACCEPT OK", - "ingestionTime": 1760899412903, - "eventId": "39269367813811176041276493640235400035658293895875198978" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899354000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.42.79 10.0.4.186 24392 80 6 3 180 1760899354 1760899379 ACCEPT OK", - "ingestionTime": 1760899412903, - "eventId": "39269367813811176041276493640235400035658293895875198979" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899354000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.174 10.0.4.186 33602 80 6 3 180 1760899354 1760899379 ACCEPT OK", - "ingestionTime": 1760899412903, - "eventId": "39269367813811176041276493640235400035658293895875198980" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899354000, - "message": "2 211203495394 eni-0c663685d7a12552e 92.63.197.66 10.0.4.186 8080 6224 6 1 40 1760899354 1760899379 ACCEPT OK", - "ingestionTime": 1760899412903, - "eventId": "39269367813811176041276493640235400035658293895875198981" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899354000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.6.212 10.0.4.186 18116 80 6 3 180 1760899354 1760899379 ACCEPT OK", - "ingestionTime": 1760899412903, - "eventId": "39269367813811176041276493640235400035658293895875198982" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899354000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.46.102 10.0.4.186 35388 80 6 3 180 1760899354 1760899379 ACCEPT OK", - "ingestionTime": 1760899412903, - "eventId": "39269367813811176041276493640235400035658293895875198983" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899354000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.38.30 10.0.4.186 43842 21 6 4 240 1760899354 1760899379 ACCEPT OK", - "ingestionTime": 1760899412903, - "eventId": "39269367813811176041276493640235400035658293895875198984" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899354000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.50.153 10.0.4.186 27478 80 6 3 180 1760899354 1760899379 ACCEPT OK", - "ingestionTime": 1760899412903, - "eventId": "39269367813811176041276493640235400035658293895875198985" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899358000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.10.34 10.0.4.186 37470 80 6 3 180 1760899358 1760899384 ACCEPT OK", - "ingestionTime": 1760899408496, - "eventId": "39269367903014156835398986201050591227621666028279234560" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899358000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.42.79 10.0.4.186 59854 80 6 3 180 1760899358 1760899384 ACCEPT OK", - "ingestionTime": 1760899408496, - "eventId": "39269367903014156835398986201050591227621666028279234561" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899358000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.53 10.0.4.186 35168 80 6 3 180 1760899358 1760899384 ACCEPT OK", - "ingestionTime": 1760899408496, - "eventId": "39269367903014156835398986201050591227621666028279234562" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899358000, - "message": "2 211203495394 eni-0c663685d7a12552e 91.196.152.225 10.0.4.186 48508 14430 6 1 60 1760899358 1760899384 ACCEPT OK", - "ingestionTime": 1760899408496, - "eventId": "39269367903014156835398986201050591227621666028279234563" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899358000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.126 10.0.4.186 52196 21 6 4 240 1760899358 1760899384 ACCEPT OK", - "ingestionTime": 1760899408496, - "eventId": "39269367903014156835398986201050591227621666028279234564" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899358000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.42.79 10.0.4.186 37160 21 6 4 240 1760899358 1760899384 ACCEPT OK", - "ingestionTime": 1760899408496, - "eventId": "39269367903014156835398986201050591227621666028279234565" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899358000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.236 10.0.4.186 48292 80 6 3 180 1760899358 1760899384 ACCEPT OK", - "ingestionTime": 1760899408496, - "eventId": "39269367903014156835398986201050591227621666028279234566" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899358000, - "message": "2 211203495394 eni-0c663685d7a12552e 35.203.210.253 10.0.4.186 54329 9606 6 1 44 1760899358 1760899384 ACCEPT OK", - "ingestionTime": 1760899408496, - "eventId": "39269367903014156835398986201050591227621666028279234567" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899358000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.18.159 10.0.4.186 55998 80 6 3 180 1760899358 1760899384 ACCEPT OK", - "ingestionTime": 1760899408496, - "eventId": "39269367903014156835398986201050591227621666028279234568" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899358000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.18.159 10.0.4.186 13248 80 6 3 180 1760899358 1760899384 ACCEPT OK", - "ingestionTime": 1760899408496, - "eventId": "39269367903014156835398986201050591227621666028279234569" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899358000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.22.186 10.0.4.186 27354 80 6 3 180 1760899358 1760899384 ACCEPT OK", - "ingestionTime": 1760899408496, - "eventId": "39269367903014156835398986201050591227621666028279234570" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899358000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.22.186 10.0.4.186 18188 80 6 2 120 1760899358 1760899384 ACCEPT OK", - "ingestionTime": 1760899408496, - "eventId": "39269367903014156835398986201050591227621666028279234571" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899358000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.42.79 10.0.4.186 15930 80 6 3 180 1760899358 1760899384 ACCEPT OK", - "ingestionTime": 1760899408496, - "eventId": "39269367903014156835398986201050591227621666028279234572" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899363000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.157 10.0.4.186 14392 80 6 3 180 1760899363 1760899388 ACCEPT OK", - "ingestionTime": 1760899420016, - "eventId": "39269368014517882828052101922655979963925164507745746944" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899363000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.10.12 10.0.4.186 16508 21 6 3 180 1760899363 1760899388 ACCEPT OK", - "ingestionTime": 1760899420016, - "eventId": "39269368014517882828052101922655979963925164507745746945" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899363000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.22.145 10.0.4.186 45642 21 6 4 240 1760899363 1760899388 ACCEPT OK", - "ingestionTime": 1760899420016, - "eventId": "39269368014517882828052101922655979963925164507745746946" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899363000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.174 10.0.4.186 65378 80 6 3 180 1760899363 1760899388 ACCEPT OK", - "ingestionTime": 1760899420016, - "eventId": "39269368014517882828052101922655979963925164507745746947" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899363000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.126 10.0.4.186 48818 21 6 4 240 1760899363 1760899388 ACCEPT OK", - "ingestionTime": 1760899420016, - "eventId": "39269368014517882828052101922655979963925164507745746948" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899363000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.50.103 10.0.4.186 57706 21 6 4 240 1760899363 1760899388 ACCEPT OK", - "ingestionTime": 1760899420016, - "eventId": "39269368014517882828052101922655979963925164507745746949" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899363000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.65 10.0.4.186 11464 21 6 4 240 1760899363 1760899388 ACCEPT OK", - "ingestionTime": 1760899420016, - "eventId": "39269368014517882828052101922655979963925164507745746950" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899363000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.100 10.0.4.186 34208 21 6 4 240 1760899363 1760899388 ACCEPT OK", - "ingestionTime": 1760899420016, - "eventId": "39269368014517882828052101922655979963925164507745746951" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899363000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.46.102 10.0.4.186 31380 80 6 3 180 1760899363 1760899388 ACCEPT OK", - "ingestionTime": 1760899420016, - "eventId": "39269368014517882828052101922655979963925164507745746952" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899363000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.157 10.0.4.186 18816 80 6 3 180 1760899363 1760899388 ACCEPT OK", - "ingestionTime": 1760899420016, - "eventId": "39269368014517882828052101922655979963925164507745746953" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899382000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.2.31 10.0.4.186 36286 21 6 4 240 1760899382 1760899406 ACCEPT OK", - "ingestionTime": 1760899428549, - "eventId": "39269368438232041600133941622150274088155816644489117696" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899382000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.2.130 10.0.4.186 25478 80 6 3 180 1760899382 1760899406 ACCEPT OK", - "ingestionTime": 1760899428549, - "eventId": "39269368438232041600133941622150274088155816644489117697" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899382000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.46.163 10.0.4.186 29340 21 6 4 240 1760899382 1760899406 ACCEPT OK", - "ingestionTime": 1760899428549, - "eventId": "39269368438232041600133941622150274088155816644489117698" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899382000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.53 10.0.4.186 53794 80 6 3 180 1760899382 1760899406 ACCEPT OK", - "ingestionTime": 1760899428549, - "eventId": "39269368438232041600133941622150274088155816644489117699" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899382000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 42022 80 6 3 180 1760899382 1760899406 ACCEPT OK", - "ingestionTime": 1760899428549, - "eventId": "39269368438232041600133941622150274088155816644489117700" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899382000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.42.79 10.0.4.186 13670 21 6 3 180 1760899382 1760899406 ACCEPT OK", - "ingestionTime": 1760899428549, - "eventId": "39269368438232041600133941622150274088155816644489117701" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899382000, - "message": "2 211203495394 eni-0c663685d7a12552e - - - - - - - 1760899382 1760899406 - SKIPDATA", - "ingestionTime": 1760899428549, - "eventId": "39269368438232041600133941622150274088155816644489117702" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899383000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.22.145 10.0.4.186 37698 21 6 4 240 1760899383 1760899410 ACCEPT OK", - "ingestionTime": 1760899435363, - "eventId": "39269368460532786798664564771924077711599893038972338176" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899383000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.100 10.0.4.186 63386 21 6 4 240 1760899383 1760899410 ACCEPT OK", - "ingestionTime": 1760899435363, - "eventId": "39269368460532786798664564771924077711599893038972338177" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899383000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.6.1 10.0.4.186 24506 21 6 4 240 1760899383 1760899410 ACCEPT OK", - "ingestionTime": 1760899435363, - "eventId": "39269368460532786798664564771924077711599893038972338178" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899383000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.34.56 10.0.4.186 13550 21 6 4 240 1760899383 1760899410 ACCEPT OK", - "ingestionTime": 1760899435363, - "eventId": "39269368460532786798664564771924077711599893038972338179" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899383000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.50.153 10.0.4.186 61784 80 6 3 180 1760899383 1760899410 ACCEPT OK", - "ingestionTime": 1760899435363, - "eventId": "39269368460532786798664564771924077711599893038972338180" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899383000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.42.79 10.0.4.186 31186 80 6 3 180 1760899383 1760899410 ACCEPT OK", - "ingestionTime": 1760899435363, - "eventId": "39269368460532786798664564771924077711599893038972338181" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899383000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.34.56 10.0.4.186 61844 21 6 2 120 1760899383 1760899410 ACCEPT OK", - "ingestionTime": 1760899435363, - "eventId": "39269368460532786798664564771924077711599893038972338182" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899383000, - "message": "2 211203495394 eni-0c663685d7a12552e 147.185.132.26 10.0.4.186 56968 9530 6 1 44 1760899383 1760899410 ACCEPT OK", - "ingestionTime": 1760899435363, - "eventId": "39269368460532786798664564771924077711599893038972338183" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899383000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.100 10.0.4.186 44220 21 6 2 120 1760899383 1760899410 ACCEPT OK", - "ingestionTime": 1760899435363, - "eventId": "39269368460532786798664564771924077711599893038972338184" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899383000, - "message": "2 211203495394 eni-0c663685d7a12552e 162.216.150.181 10.0.4.186 49778 9108 6 1 44 1760899383 1760899410 ACCEPT OK", - "ingestionTime": 1760899435363, - "eventId": "39269368460532786798664564771924077711599893038972338185" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899383000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.58.174 10.0.4.186 21902 80 6 3 180 1760899383 1760899410 ACCEPT OK", - "ingestionTime": 1760899435363, - "eventId": "39269368460532786798664564771924077711599893038972338186" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899383000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.65 10.0.4.186 61022 21 6 4 240 1760899383 1760899410 ACCEPT OK", - "ingestionTime": 1760899435363, - "eventId": "39269368460532786798664564771924077711599893038972338187" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899387000, - "message": "2 211203495394 eni-0c663685d7a12552e 40.124.175.174 10.0.4.186 48441 993 6 1 52 1760899387 1760899410 ACCEPT OK", - "ingestionTime": 1760899431153, - "eventId": "39269368549735767592787057332977025247197197492447477760" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899387000, - "message": "2 211203495394 eni-0c663685d7a12552e 147.185.132.182 10.0.4.186 54893 7706 6 1 44 1760899387 1760899410 ACCEPT OK", - "ingestionTime": 1760899431153, - "eventId": "39269368549735767592787057332977025247197197492447477761" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899387000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.6.212 10.0.4.186 54974 80 6 3 180 1760899387 1760899410 ACCEPT OK", - "ingestionTime": 1760899431153, - "eventId": "39269368549735767592787057332977025247197197492447477762" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899387000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.126 10.0.4.186 44314 21 6 4 240 1760899387 1760899410 ACCEPT OK", - "ingestionTime": 1760899431153, - "eventId": "39269368549735767592787057332977025247197197492447477763" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899387000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.18.159 10.0.4.186 19256 80 6 3 180 1760899387 1760899410 ACCEPT OK", - "ingestionTime": 1760899431153, - "eventId": "39269368549735767592787057332977025247197197492447477764" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899387000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.236 10.0.4.186 45020 80 6 2 120 1760899387 1760899416 ACCEPT OK", - "ingestionTime": 1760899434149, - "eventId": "39269368549735767592787057336599182057567182487830134784" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899387000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.2.31 10.0.4.186 30032 21 6 4 240 1760899387 1760899416 ACCEPT OK", - "ingestionTime": 1760899434149, - "eventId": "39269368549735767592787057336599182057567182487830134785" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899387000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.46.163 10.0.4.186 63082 21 6 4 240 1760899387 1760899416 ACCEPT OK", - "ingestionTime": 1760899434149, - "eventId": "39269368549735767592787057336599182057567182487830134786" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899387000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.38.48 10.0.4.186 36934 80 6 3 180 1760899387 1760899416 ACCEPT OK", - "ingestionTime": 1760899434149, - "eventId": "39269368549735767592787057336599182057567182487830134787" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899387000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.10.34 10.0.4.186 62370 80 6 3 180 1760899387 1760899416 ACCEPT OK", - "ingestionTime": 1760899434149, - "eventId": "39269368549735767592787057336599182057567182487830134788" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899387000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.157 10.0.4.186 13408 80 6 3 180 1760899387 1760899416 ACCEPT OK", - "ingestionTime": 1760899434149, - "eventId": "39269368549735767592787057336599182057567182487830134789" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899387000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.2.130 10.0.4.186 21982 80 6 3 180 1760899387 1760899416 ACCEPT OK", - "ingestionTime": 1760899434149, - "eventId": "39269368549735767592787057336599182057567182487830134790" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899387000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 11346 80 6 2 120 1760899387 1760899416 ACCEPT OK", - "ingestionTime": 1760899434149, - "eventId": "39269368549735767592787057336599182057567182487830134791" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899387000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 32590 80 6 3 180 1760899387 1760899416 ACCEPT OK", - "ingestionTime": 1760899434149, - "eventId": "39269368549735767592787057336599182057567182487830134792" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899394000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.42.79 10.0.4.186 42266 80 6 3 180 1760899394 1760899421 ACCEPT OK", - "ingestionTime": 1760899455104, - "eventId": "39269368705840983982501419352682204274414774293099839488" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899394000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.42.79 10.0.4.186 54384 80 6 3 180 1760899394 1760899421 ACCEPT OK", - "ingestionTime": 1760899455104, - "eventId": "39269368705840983982501419352682204274414774293099839489" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899394000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.157 10.0.4.186 37458 80 6 3 180 1760899394 1760899421 ACCEPT OK", - "ingestionTime": 1760899455104, - "eventId": "39269368705840983982501419352682204274414774293099839490" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899394000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.53 10.0.4.186 39936 80 6 3 180 1760899394 1760899421 ACCEPT OK", - "ingestionTime": 1760899455104, - "eventId": "39269368705840983982501419352682204274414774293099839491" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899394000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.38.48 10.0.4.186 24968 80 6 3 180 1760899394 1760899421 ACCEPT OK", - "ingestionTime": 1760899455104, - "eventId": "39269368705840983982501419352682204274414774293099839492" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899394000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 63412 80 6 3 180 1760899394 1760899421 ACCEPT OK", - "ingestionTime": 1760899455104, - "eventId": "39269368705840983982501419352682204274414774293099839493" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899394000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.6.212 10.0.4.186 34598 80 6 3 180 1760899394 1760899421 ACCEPT OK", - "ingestionTime": 1760899455104, - "eventId": "39269368705840983982501419352682204274414774293099839494" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899394000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.53 10.0.4.186 48400 80 6 3 180 1760899394 1760899421 ACCEPT OK", - "ingestionTime": 1760899455104, - "eventId": "39269368705840983982501419352682204274414774293099839495" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899394000, - "message": "2 211203495394 eni-0c663685d7a12552e 205.210.31.140 10.0.4.186 50762 1443 6 1 44 1760899394 1760899421 ACCEPT OK", - "ingestionTime": 1760899455104, - "eventId": "39269368705840983982501419352682204274414774293099839496" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899394000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.54.236 10.0.4.186 13368 80 6 3 180 1760899394 1760899421 ACCEPT OK", - "ingestionTime": 1760899455104, - "eventId": "39269368705840983982501419352682204274414774293099839497" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899394000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.2.130 10.0.4.186 15050 80 6 3 180 1760899394 1760899421 ACCEPT OK", - "ingestionTime": 1760899455104, - "eventId": "39269368705840983982501419352682204274414774293099839498" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899394000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.62.157 10.0.4.186 26108 80 6 3 180 1760899394 1760899421 ACCEPT OK", - "ingestionTime": 1760899455104, - "eventId": "39269368705840983982501419352682204274414774293099839499" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899394000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.22.145 10.0.4.186 45052 21 6 4 240 1760899394 1760899421 ACCEPT OK", - "ingestionTime": 1760899455104, - "eventId": "39269368705840983982501419352682204274414774293099839500" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899414000, - "message": "2 211203495394 eni-0c663685d7a12552e 95.214.53.196 10.0.4.186 40742 16379 6 1 40 1760899414 1760899437 ACCEPT OK", - "ingestionTime": 1760899458154, - "eventId": "39269369151855887953113882187083579791881746227358859264" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899414000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 48250 80 6 3 180 1760899414 1760899437 ACCEPT OK", - "ingestionTime": 1760899458154, - "eventId": "39269369151855887953113882187083579791881746227358859265" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899414000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.34.110 10.0.4.186 63068 80 6 1 60 1760899414 1760899437 ACCEPT OK", - "ingestionTime": 1760899458154, - "eventId": "39269369151855887953113882187083579791881746227358859266" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899414000, - "message": "2 211203495394 eni-0c663685d7a12552e - - - - - - - 1760899414 1760899437 - SKIPDATA", - "ingestionTime": 1760899458154, - "eventId": "39269369151855887953113882187083579791881746227358859267" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899414000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.38.30 10.0.4.186 15034 21 6 4 240 1760899414 1760899438 ACCEPT OK", - "ingestionTime": 1760899467683, - "eventId": "39269369151855887953113882198603628849459116683788746752" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899414000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.10.34 10.0.4.186 20028 80 6 3 180 1760899414 1760899438 ACCEPT OK", - "ingestionTime": 1760899467683, - "eventId": "39269369151855887953113882198603628849459116683788746753" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899414000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.53 10.0.4.186 16406 80 6 3 180 1760899414 1760899438 ACCEPT OK", - "ingestionTime": 1760899467683, - "eventId": "39269369151855887953113882198603628849459116683788746754" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899414000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.2.31 10.0.4.186 24550 21 6 4 240 1760899414 1760899438 ACCEPT OK", - "ingestionTime": 1760899467683, - "eventId": "39269369151855887953113882198603628849459116683788746755" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899414000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.42.79 10.0.4.186 62060 21 6 3 180 1760899414 1760899438 ACCEPT OK", - "ingestionTime": 1760899467683, - "eventId": "39269369151855887953113882198603628849459116683788746756" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899414000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.14.121 10.0.4.186 60596 80 6 3 180 1760899414 1760899438 ACCEPT OK", - "ingestionTime": 1760899467683, - "eventId": "39269369151855887953113882198603628849459116683788746757" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899414000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.34.110 10.0.4.186 35718 80 6 3 180 1760899414 1760899438 ACCEPT OK", - "ingestionTime": 1760899467683, - "eventId": "39269369151855887953113882198603628849459116683788746758" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899414000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.9 10.0.4.186 16994 21 6 3 180 1760899414 1760899438 ACCEPT OK", - "ingestionTime": 1760899467683, - "eventId": "39269369151855887953113882198603628849459116683788746759" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899414000, - "message": "2 211203495394 eni-0c663685d7a12552e 47.74.55.112 10.0.4.186 57188 12320 6 1 52 1760899414 1760899438 ACCEPT OK", - "ingestionTime": 1760899467683, - "eventId": "39269369151855887953113882198603628849459116683788746760" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899414000, - "message": "2 211203495394 eni-0c663685d7a12552e 162.216.150.55 10.0.4.186 51355 34473 6 1 44 1760899414 1760899438 ACCEPT OK", - "ingestionTime": 1760899467683, - "eventId": "39269369151855887953113882198603628849459116683788746761" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899414000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.26.58 10.0.4.186 16338 80 6 3 180 1760899414 1760899438 ACCEPT OK", - "ingestionTime": 1760899467683, - "eventId": "39269369151855887953113882198603628849459116683788746762" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899414000, - "message": "2 211203495394 eni-0c663685d7a12552e 162.216.149.61 10.0.4.186 55176 49010 6 1 44 1760899414 1760899438 ACCEPT OK", - "ingestionTime": 1760899467683, - "eventId": "39269369151855887953113882198603628849459116683788746763" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899415000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.50.153 10.0.4.186 33922 80 6 3 180 1760899415 1760899441 ACCEPT OK", - "ingestionTime": 1760899465450, - "eventId": "39269369174156633151644505337439453974580325074051334144" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899415000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.38.48 10.0.4.186 38080 80 6 3 180 1760899415 1760899441 ACCEPT OK", - "ingestionTime": 1760899465450, - "eventId": "39269369174156633151644505337439453974580325074051334145" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899415000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.30.53 10.0.4.186 47416 80 6 3 180 1760899415 1760899441 ACCEPT OK", - "ingestionTime": 1760899465450, - "eventId": "39269369174156633151644505337439453974580325074051334146" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899415000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.46.102 10.0.4.186 30120 80 6 3 180 1760899415 1760899441 ACCEPT OK", - "ingestionTime": 1760899465450, - "eventId": "39269369174156633151644505337439453974580325074051334147" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899415000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.34.110 10.0.4.186 61568 80 6 3 180 1760899415 1760899441 ACCEPT OK", - "ingestionTime": 1760899465450, - "eventId": "39269369174156633151644505337439453974580325074051334148" - }, - { - "logStreamName": "eni-0c663685d7a12552e-all", - "timestamp": 1760899415000, - "message": "2 211203495394 eni-0c663685d7a12552e 15.177.6.212 10.0.4.186 38820 80 6 3 180 1760899415 1760899441 ACCEPT OK", - "ingestionTime": 1760899465450, - "eventId": "39269369174156633151644505337439453974580325074051334149" - } - ], - "eni-0b0549e20044315f3-all": [ - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899050000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899050 1760899129 - NODATA", - "ingestionTime": 1760899149148, - "eventId": "39269361034384635687967058294516883796158603200468746240" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899063000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899063 1760899133 - NODATA", - "ingestionTime": 1760899191042, - "eventId": "39269361324294323268865159185128106407086387132881174528" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899065000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899065 1760899140 - NODATA", - "ingestionTime": 1760899158751, - "eventId": "39269361368895813665926405429162124440841377838471249920" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899066000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899066 1760899145 - NODATA", - "ingestionTime": 1760899169059, - "eventId": "39269361391196558864457028583159222796051983380536492032" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899072000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899072 1760899154 - NODATA", - "ingestionTime": 1760899183447, - "eventId": "39269361525001030055640767449767568231817834522370572288" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899083000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899083 1760899163 - NODATA", - "ingestionTime": 1760899191130, - "eventId": "39269361770309227239477622015948951614231990473462448128" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899095000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899095 1760899177 - NODATA", - "ingestionTime": 1760899203123, - "eventId": "39269362037918169621845099728876158476315828073130033152" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899096000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899096 1760899173 - NODATA", - "ingestionTime": 1760899191541, - "eventId": "39269362060218914820375722856410123339823436258297708544" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899110000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899110 1760899188 - NODATA", - "ingestionTime": 1760899209964, - "eventId": "39269362372429347599804446860182095577718871838885019648" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899124000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899124 1760899206 - NODATA", - "ingestionTime": 1760899229535, - "eventId": "39269362684639780379233170865342036892205695946093232128" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899125000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899125 1760899199 - NODATA", - "ingestionTime": 1760899251421, - "eventId": "39269362706940525577763794033336149004260622706450890752" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899126000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899126 1760899200 - NODATA", - "ingestionTime": 1760899220164, - "eventId": "39269362729241270776294417137084416047159533537171668992" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899127000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899127 1760899212 - NODATA", - "ingestionTime": 1760899241060, - "eventId": "39269362751542015974825040303882188022904222112626704384" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899154000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899154 1760899233 - NODATA", - "ingestionTime": 1760899251092, - "eventId": "39269363353662136335151865137474306632162095644831449088" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899154000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899154 1760899237 - NODATA", - "ingestionTime": 1760899265367, - "eventId": "39269363353662136335151865154731662239795841721343803392" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899181000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899181 1760899266 - NODATA", - "ingestionTime": 1760899288254, - "eventId": "39269363955782256695478690003864747195775111898944765952" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899184000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899184 1760899260 - NODATA", - "ingestionTime": 1760899279934, - "eventId": "39269364022684492291070559418413938563523123583808634880" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899191000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899191 1760899257 - NODATA", - "ingestionTime": 1760899310499, - "eventId": "39269364178789708680784921446114574291045297137749393408" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899193000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899193 1760899271 - NODATA", - "ingestionTime": 1760899300873, - "eventId": "39269364223391199077846167717549072416822564465518444544" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899203000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899203 1760899284 - NODATA", - "ingestionTime": 1760899308384, - "eventId": "39269364446398651063152399141986190306426909080998117376" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899213000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899213 1760899293 - NODATA", - "ingestionTime": 1760899313680, - "eventId": "39269364669406103048458630563745762218163735798362669056" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899215000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899215 1760899297 - NODATA", - "ingestionTime": 1760899323453, - "eventId": "39269364714007593445519876858632206622956850636010291200" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899231000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899231 1760899308 - NODATA", - "ingestionTime": 1760899331321, - "eventId": "39269365070819516622009847132715303195827357368140234752" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899245000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899245 1760899320 - NODATA", - "ingestionTime": 1760899339052, - "eventId": "39269365383029949401438571123561746374130011920953245696" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899246000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899246 1760899325 - NODATA", - "ingestionTime": 1760899350892, - "eventId": "39269365405330694599969194279411208772642910370836054016" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899246000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899246 1760899316 - NODATA", - "ingestionTime": 1760899371391, - "eventId": "39269365405330694599969194304192910118520948369194024960" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899248000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899248 1760899335 - NODATA", - "ingestionTime": 1760899363230, - "eventId": "39269365449932184997030440577398219863041560501072035840" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899264000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899264 1760899344 - NODATA", - "ingestionTime": 1760899368928, - "eventId": "39269365806744108173520410848858081852441394865298800640" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899273000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899273 1760899356 - NODATA", - "ingestionTime": 1760899385617, - "eventId": "39269366007450814960296019142855830900426629503072272384" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899275000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899275 1760899352 - NODATA", - "ingestionTime": 1760899371464, - "eventId": "39269366052052305357357265408817078540645514115318808576" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899291000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899291 1760899367 - NODATA", - "ingestionTime": 1760899390402, - "eventId": "39269366408864228533847235696283450762548894208316080128" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899303000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899303 1760899380 - NODATA", - "ingestionTime": 1760899399395, - "eventId": "39269366676473170916214713405583375986398277744453156864" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899307000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899307 1760899384 - NODATA", - "ingestionTime": 1760899410029, - "eventId": "39269366765676151710337205984582080515597986510266630144" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899310000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899310 1760899379 - NODATA", - "ingestionTime": 1760899433219, - "eventId": "39269366832578387305929075437224527699752125344533053440" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899314000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899314 1760899394 - NODATA", - "ingestionTime": 1760899418894, - "eventId": "39269366921781368100051567986049717306332660931861872640" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899322000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899322 1760899403 - NODATA", - "ingestionTime": 1760899428250, - "eventId": "39269367100187329688296553129645846721084489476922867712" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899335000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899335 1760899412 - NODATA", - "ingestionTime": 1760899433229, - "eventId": "39269367390097017269194653975629748732390472004675108864" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899335000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899335 1760899418 - NODATA", - "ingestionTime": 1760899444045, - "eventId": "39269367390097017269194653988704937156474046665124282368" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899351000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899351 1760899426 - NODATA", - "ingestionTime": 1760899450863, - "eventId": "39269367746908940445684624261519183700000033952722321408" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899363000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899363 1760899441 - NODATA", - "ingestionTime": 1760899461247, - "eventId": "39269368014517882828052101972501331045545810129543692288" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899364000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899364 1760899446 - NODATA", - "ingestionTime": 1760899468555, - "eventId": "39269368036818628026582725122871818569149878791262961664" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899367000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899367 1760899437 - NODATA", - "ingestionTime": 1760899492360, - "eventId": "39269368103720863622174594576257299469602032595912818688" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899371000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899371 1760899451 - NODATA", - "ingestionTime": 1760899479465, - "eventId": "39269368192923844416297087126810934162937552827837972480" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899383000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899383 1760899467 - NODATA", - "ingestionTime": 1760899490099, - "eventId": "39269368460532786798664564838095442697030093502723784704" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899394000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899394 1760899478 - NODATA", - "ingestionTime": 1760899502794, - "eventId": "39269368705840983982501419410335527383627721259566039040" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899399000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899399 1760899475 - NODATA", - "ingestionTime": 1760899493057, - "eventId": "39269368817344709975154535106242973873413473154290745344" - }, - { - "logStreamName": "eni-0b0549e20044315f3-all", - "timestamp": 1760899409000, - "message": "2 211203495394 eni-0b0549e20044315f3 - - - - - - - 1760899409 1760899488 - NODATA", - "ingestionTime": 1760899515333, - "eventId": "39269369040352161960460766548530326175156119273020653568" - } - ] - }, - "tags": [] - } - }, - "group": { - "name": "cloudwatch" - }, - "labels": [], - "name": "/aws/vpc-flow-log/vpc-007d791b9b857543e", - "type": "AwsLogsLogGroup", - "uid": "arn:aws:logs:eu-west-1:211203495394:log-group:/aws/vpc-flow-log/vpc-007d791b9b857543e:*" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Add Log Retention policy of specific days to log groups. This will persist logs and traces for a long time.", - "references": [ - "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/AWS_Logs.html" - ] - }, - "risk_details": "If log groups have a low retention policy of less than specific days, crucial logs and data can be lost.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Log Group /aws/s3/prod-my-secure-s3-bucket-20250423 has less than 365 days retention period (30 days).", - "metadata": { - "event_code": "cloudwatch_log_group_retention_policy_specific_days_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Log Group /aws/s3/prod-my-secure-s3-bucket-20250423 has less than 365 days retention period (30 days).", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/AWS_Logs.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_3_1", - "3_6_1", - "3_6_2" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_4" - ], - "HIPAA": [ - "164_312_b" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_c_1_2" - ], - "C5-2025": [ - "AM-01.01AC", - "OPS-11.02AC", - "OPS-14.01B", - "OPS-14.02B", - "OPS-26.05B", - "OPS-26.01AS", - "PI-03.02B", - "PSS-04.01B" - ], - "FedRamp-Moderate-Revision-4": [ - "au-6-1-3", - "au-11", - "si-12" - ], - "NIST-800-53-Revision-5": [ - "ac_16_b", - "au_6_3", - "au_6_4", - "au_6_6", - "au_6_9", - "au_10", - "au_11", - "au_11_1", - "au_12_1", - "au_12_2", - "au_12_3", - "au_14_a", - "au_14_b", - "ca_7_b", - "pm_14_a_1", - "pm_14_b", - "pm_21_b", - "pm_31", - "sc_28_2", - "si_4_17", - "si_12" - ], - "ENS-RD2022": [ - "op.exp.8.r3.aws.cw.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "PCI-4.0": [ - "10.5.1.4", - "3.2.1.3", - "3.3.1.1.3", - "3.3.1.3.3", - "3.3.2.3", - "3.3.3.3", - "5.3.4.11" - ], - "FedRAMP-Low-Revision-4": [ - "au-11" - ], - "FFIEC": [ - "d2-ma-ma-b-1" - ], - "PCI-3.2.1": [ - "10.1", - "10.7", - "10.7.b", - "10.7.c" - ], - "CCC": [ - "CCC.Logging.CN02.AR01", - "CCC.Logging.CN02.AR02" - ], - "GxP-21-CFR-Part-11": [ - "11.10-c", - "11.10-e" - ], - "ProwlerThreatScore-1.0": [ - "3.2.2" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC03-BP06" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "NIST-800-53-Revision-4": [ - "au_11", - "si_12" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "NIS2": [ - "1.1.1.h", - "3.2.3.c", - "3.2.5", - "4.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Check if CloudWatch Log Groups have a retention policy of specific days.", - "title": "Check if CloudWatch Log Groups have a retention policy of specific days.", - "types": [ - "Data Retention" - ], - "uid": "prowler-aws-cloudwatch_log_group_retention_policy_specific_days_enabled-211203495394-us-east-1-/aws/s3/prod-my-secure-s3-bucket-20250423" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:logs:us-east-1:211203495394:log-group:/aws/s3/prod-my-secure-s3-bucket-20250423:*", - "name": "/aws/s3/prod-my-secure-s3-bucket-20250423", - "retention_days": 30, - "never_expire": false, - "kms_id": "arn:aws:kms:us-east-1:211203495394:key/78e11b27-598e-4e70-b556-ee62b95a4501", - "region": "us-east-1", - "log_streams": {}, - "tags": [] - } - }, - "group": { - "name": "cloudwatch" - }, - "labels": [], - "name": "/aws/s3/prod-my-secure-s3-bucket-20250423", - "type": "AwsLogsLogGroup", - "uid": "arn:aws:logs:us-east-1:211203495394:log-group:/aws/s3/prod-my-secure-s3-bucket-20250423:*" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Add Log Retention policy of specific days to log groups. This will persist logs and traces for a long time.", - "references": [ - "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/AWS_Logs.html" - ] - }, - "risk_details": "If log groups have a low retention policy of less than specific days, crucial logs and data can be lost.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudWatch log groups found with metric filters or alarms associated.", - "metadata": { - "event_code": "cloudwatch_log_metric_filter_and_alarm_for_aws_config_configuration_changes_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudWatch log groups found with metric filters or alarms associated.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Logging and Monitoring", - "compliance": { - "SOC2": [ - "cc_5_2" - ], - "C5-2025": [ - "OIS-04.03B", - "OIS-04.01AC", - "OIS-04.02AC", - "HR-03.02AC", - "AM-01.01AC", - "AM-09.03AC", - "OPS-11.02AC", - "OPS-13.03AC", - "OPS-26.05B", - "OPS-26.01AS", - "OPS-26.06B", - "PSS-04.01B" - ], - "NIST-CSF-1.1": [ - "cm_2", - "ra_5", - "sc_4" - ], - "CIS-3.0": [ - "4.9" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "4.9" - ], - "GDPR": [ - "article_25" - ], - "CIS-5.0": [ - "4.9" - ], - "CIS-1.4": [ - "4.9" - ], - "CCC": [ - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.Core.CN04.AR01" - ], - "ProwlerThreatScore-1.0": [ - "3.3.10" - ], - "CIS-1.5": [ - "4.9" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP04" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "KISA-ISMS-P-2023": [ - "2.10.1", - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1496" - ], - "CIS-2.0": [ - "4.9" - ], - "NIS2": [ - "2.2.3", - "3.2.3.c", - "3.2.3.f", - "3.2.3.g", - "3.5.4", - "7.2.b" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure a log metric filter and alarm exist for AWS Config configuration changes.", - "title": "Ensure a log metric filter and alarm exist for AWS Config configuration changes.", - "types": [ - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudwatch_log_metric_filter_and_alarm_for_aws_config_configuration_changes_enabled-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudwatch" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudWatchAlarm", - "uid": "arn:aws:logs:us-east-1:211203495394:log-group" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "It is recommended that a metric filter and alarm be established for unauthorized requests.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html" - ] - }, - "risk_details": "Monitoring unauthorized API calls will help reveal application errors and may reduce time to detect malicious activity.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudWatch log groups found with metric filters or alarms associated.", - "metadata": { - "event_code": "cloudwatch_log_metric_filter_and_alarm_for_cloudtrail_configuration_changes_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudWatch log groups found with metric filters or alarms associated.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Logging and Monitoring", - "compliance": { - "SOC2": [ - "cc_5_2" - ], - "C5-2025": [ - "OIS-04.03B", - "OIS-04.01AC", - "OIS-04.02AC", - "HR-03.02AC", - "AM-01.01AC", - "AM-09.03AC", - "OPS-11.02AC", - "OPS-13.03AC", - "OPS-26.05B", - "OPS-26.01AS", - "OPS-26.06B", - "SIM-03.07B", - "COM-04.01AC", - "PSS-04.01B" - ], - "NIST-CSF-1.1": [ - "cm_2", - "ra_5", - "sc_4" - ], - "CIS-3.0": [ - "4.5" - ], - "ENS-RD2022": [ - "op.exp.8.aws.ct.2", - "op.exp.8.r1.aws.ct.2", - "op.exp.8.r1.aws.ct.3" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "4.5" - ], - "GDPR": [ - "article_25" - ], - "CIS-5.0": [ - "4.5" - ], - "CIS-1.4": [ - "4.5" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN03.AR02", - "CCC.LB.CN04.AR01", - "CCC.Logging.CN01.AR02", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Monitor.CN02.AR01", - "CCC.Core.CN09.AR02", - "CCC.Core.CN09.AR03", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR03" - ], - "ProwlerThreatScore-1.0": [ - "3.3.6" - ], - "CIS-1.5": [ - "4.5" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP04" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "AWS-Account-Security-Onboarding": [ - "Critical alert on cloudtrail settings changes" - ], - "KISA-ISMS-P-2023": [ - "2.10.1", - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1496" - ], - "CIS-2.0": [ - "4.5" - ], - "CISA": [ - "your-data-2" - ], - "NIS2": [ - "2.2.3", - "3.2.3.c", - "3.2.3.f", - "3.2.3.g", - "3.2.4", - "3.5.4", - "7.2.b" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure a log metric filter and alarm exist for CloudTrail configuration changes.", - "title": "Ensure a log metric filter and alarm exist for CloudTrail configuration changes.", - "types": [ - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudwatch_log_metric_filter_and_alarm_for_cloudtrail_configuration_changes_enabled-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudwatch" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudWatchAlarm", - "uid": "arn:aws:logs:us-east-1:211203495394:log-group" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "It is recommended that a metric filter and alarm be established for unauthorized requests.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html" - ] - }, - "risk_details": "Monitoring unauthorized API calls will help reveal application errors and may reduce time to detect malicious activity.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudWatch log groups found with metric filters or alarms associated.", - "metadata": { - "event_code": "cloudwatch_log_metric_filter_authentication_failures", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudWatch log groups found with metric filters or alarms associated.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Logging and Monitoring", - "compliance": { - "HIPAA": [ - "164_308_a_5_ii_c", - "164_308_a_6_i", - "164_308_a_6_ii" - ], - "C5-2025": [ - "OIS-04.01AC", - "OIS-04.02AC", - "HR-03.02AC", - "AM-01.01AC", - "AM-09.03AC", - "OPS-11.02AC", - "OPS-26.05B", - "OPS-26.01AS", - "OPS-26.06B", - "IAM-03.01AC", - "PSS-04.01B" - ], - "NIST-CSF-1.1": [ - "cm_2", - "ra_5", - "sc_4" - ], - "CIS-3.0": [ - "4.6" - ], - "ENS-RD2022": [ - "op.exp.8.aws.ct.5" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "4.6" - ], - "GDPR": [ - "article_25" - ], - "CIS-5.0": [ - "4.6" - ], - "CIS-1.4": [ - "4.6" - ], - "CCC": [ - "CCC.Monitor.CN02.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR03" - ], - "ProwlerThreatScore-1.0": [ - "3.3.7" - ], - "CIS-1.5": [ - "4.6" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP04" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "AWS-Account-Security-Onboarding": [ - "Alert on rise of ConsoleLoginFailures events" - ], - "KISA-ISMS-P-2023": [ - "2.10.1", - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1496" - ], - "CIS-2.0": [ - "4.6" - ], - "NIS2": [ - "3.2.3.c", - "3.2.3.d", - "3.2.3.g", - "3.5.4", - "7.2.b" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure a log metric filter and alarm exist for AWS Management Console authentication failures.", - "title": "Ensure a log metric filter and alarm exist for AWS Management Console authentication failures.", - "types": [ - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudwatch_log_metric_filter_authentication_failures-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudwatch" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudWatchAlarm", - "uid": "arn:aws:logs:us-east-1:211203495394:log-group" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "It is recommended that a metric filter and alarm be established for unauthorized requests.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html" - ] - }, - "risk_details": "Monitoring unauthorized API calls will help reveal application errors and may reduce time to detect malicious activity.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudWatch log groups found with metric filters or alarms associated.", - "metadata": { - "event_code": "cloudwatch_log_metric_filter_aws_organizations_changes", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudWatch log groups found with metric filters or alarms associated.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Logging and Monitoring", - "compliance": { - "SOC2": [ - "cc_5_2" - ], - "C5-2025": [ - "OIS-04.03B", - "OIS-04.01AC", - "OIS-04.02AC", - "HR-03.02AC", - "AM-01.01AC", - "AM-09.03AC", - "OPS-11.02AC", - "OPS-26.05B", - "OPS-26.01AS", - "OPS-26.06B", - "PSS-04.01B" - ], - "CIS-3.0": [ - "4.15" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "4.15" - ], - "CIS-5.0": [ - "4.15" - ], - "CIS-1.4": [ - "4.15" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR02" - ], - "ProwlerThreatScore-1.0": [ - "3.3.16" - ], - "CIS-1.5": [ - "4.15" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP04" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "KISA-ISMS-P-2023": [ - "2.10.1", - "2.10.2", - "2.11.3" - ], - "MITRE-ATTACK": [ - "T1496" - ], - "CIS-2.0": [ - "4.15" - ], - "NIS2": [ - "2.2.3", - "3.2.2", - "3.2.3.b", - "3.2.3.c", - "3.2.3.f", - "3.2.3.g", - "3.5.4", - "7.2.b", - "11.5.2.d" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure a log metric filter and alarm exist for AWS Organizations changes.", - "title": "Ensure a log metric filter and alarm exist for AWS Organizations changes.", - "types": [ - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudwatch_log_metric_filter_aws_organizations_changes-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudwatch" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudWatchAlarm", - "uid": "arn:aws:logs:us-east-1:211203495394:log-group" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "It is recommended that a metric filter and alarm be established for unauthorized requests.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html" - ] - }, - "risk_details": "Monitoring unauthorized API calls will help reveal application errors and may reduce time to detect malicious activity.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudWatch log groups found with metric filters or alarms associated.", - "metadata": { - "event_code": "cloudwatch_log_metric_filter_disable_or_scheduled_deletion_of_kms_cmk", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudWatch log groups found with metric filters or alarms associated.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Logging and Monitoring", - "compliance": { - "C5-2025": [ - "OIS-04.02AC", - "OIS-08.02B", - "HR-03.02AC", - "AM-01.01AC", - "AM-07.02B", - "AM-09.03AC", - "OPS-11.02AC", - "OPS-26.05B", - "OPS-26.01AS", - "OPS-26.06B", - "CRY-05.02B", - "PSS-04.01B" - ], - "NIST-CSF-1.1": [ - "cm_2", - "ra_5", - "sc_4" - ], - "CIS-3.0": [ - "4.7" - ], - "ENS-RD2022": [ - "op.exp.10.aws.cmk.4", - "op.exp.10.aws.cmk.5" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "4.7" - ], - "GDPR": [ - "article_25" - ], - "CIS-5.0": [ - "4.7" - ], - "CIS-1.4": [ - "4.7" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR02", - "CCC.Core.CN04.AR01" - ], - "ProwlerThreatScore-1.0": [ - "3.3.8" - ], - "CIS-1.5": [ - "4.7" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP04" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "KISA-ISMS-P-2023": [ - "2.10.1", - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.10.1", - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1485", - "T1496" - ], - "CIS-2.0": [ - "4.7" - ], - "NIS2": [ - "3.2.3.c", - "3.2.3.g", - "3.5.4", - "7.2.b" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure a log metric filter and alarm exist for disabling or scheduled deletion of customer created KMS CMKs.", - "title": "Ensure a log metric filter and alarm exist for disabling or scheduled deletion of customer created KMS CMKs.", - "types": [ - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudwatch_log_metric_filter_disable_or_scheduled_deletion_of_kms_cmk-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudwatch" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudWatchAlarm", - "uid": "arn:aws:logs:us-east-1:211203495394:log-group" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "It is recommended that a metric filter and alarm be established for unauthorized requests.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html" - ] - }, - "risk_details": "Monitoring unauthorized API calls will help reveal application errors and may reduce time to detect malicious activity.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudWatch log groups found with metric filters or alarms associated.", - "metadata": { - "event_code": "cloudwatch_log_metric_filter_for_s3_bucket_policy_changes", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudWatch log groups found with metric filters or alarms associated.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Logging and Monitoring", - "compliance": { - "SOC2": [ - "cc_5_2" - ], - "C5-2025": [ - "OIS-04.03B", - "OIS-04.01AC", - "OIS-04.02AC", - "HR-03.02AC", - "AM-01.01AC", - "AM-09.03AC", - "OPS-11.02AC", - "OPS-26.05B", - "OPS-26.01AS", - "OPS-26.06B", - "PSS-04.01B" - ], - "NIST-CSF-1.1": [ - "cm_2", - "ra_5", - "sc_4" - ], - "CIS-3.0": [ - "4.8" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "4.8" - ], - "GDPR": [ - "article_25" - ], - "CIS-5.0": [ - "4.8" - ], - "CIS-1.4": [ - "4.8" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR02", - "CCC.Logging.CN01.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.Core.CN04.AR01" - ], - "ProwlerThreatScore-1.0": [ - "3.3.9" - ], - "CIS-1.5": [ - "4.8" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP04" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "KISA-ISMS-P-2023": [ - "2.10.1", - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1496" - ], - "CIS-2.0": [ - "4.8" - ], - "NIS2": [ - "2.2.3", - "3.2.3.b", - "3.2.3.c", - "3.2.3.f", - "3.2.3.g", - "3.5.4", - "7.2.b" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure a log metric filter and alarm exist for S3 bucket policy changes.", - "title": "Ensure a log metric filter and alarm exist for S3 bucket policy changes.", - "types": [ - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudwatch_log_metric_filter_for_s3_bucket_policy_changes-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudwatch" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudWatchAlarm", - "uid": "arn:aws:logs:us-east-1:211203495394:log-group" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "It is recommended that a metric filter and alarm be established for unauthorized requests.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html" - ] - }, - "risk_details": "Monitoring unauthorized API calls will help reveal application errors and may reduce time to detect malicious activity.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudWatch log groups found with metric filters or alarms associated.", - "metadata": { - "event_code": "cloudwatch_log_metric_filter_policy_changes", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudWatch log groups found with metric filters or alarms associated.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Logging and Monitoring", - "compliance": { - "SOC2": [ - "cc_5_2" - ], - "C5-2025": [ - "OIS-04.03B", - "OIS-04.01AC", - "OIS-04.02AC", - "HR-03.02AC", - "AM-01.01AC", - "AM-09.03AC", - "OPS-11.02AC", - "OPS-26.05B", - "OPS-26.01AS", - "OPS-26.06B", - "PSS-04.01B" - ], - "NIST-CSF-1.1": [ - "cm_2", - "ra_5", - "sc_4" - ], - "CIS-3.0": [ - "4.4" - ], - "ENS-RD2022": [ - "op.exp.8.aws.ct.5" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "4.4" - ], - "GDPR": [ - "article_25" - ], - "PCI-3.2.1": [ - "8.1", - "8.1.2" - ], - "CIS-5.0": [ - "4.4" - ], - "CIS-1.4": [ - "4.4" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.Core.CN04.AR01" - ], - "ProwlerThreatScore-1.0": [ - "3.3.5" - ], - "CIS-1.5": [ - "4.4" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP04" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "KISA-ISMS-P-2023": [ - "2.10.1", - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1496" - ], - "CIS-2.0": [ - "4.4" - ], - "NIS2": [ - "2.2.3", - "3.2.2", - "3.2.3.b", - "3.2.3.c", - "3.2.3.f", - "3.2.3.g", - "3.5.4", - "7.2.b", - "11.5.2.d" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure a log metric filter and alarm exist for IAM policy changes.", - "title": "Ensure a log metric filter and alarm exist for IAM policy changes.", - "types": [ - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudwatch_log_metric_filter_policy_changes-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudwatch" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudWatchAlarm", - "uid": "arn:aws:logs:us-east-1:211203495394:log-group" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "It is recommended that a metric filter and alarm be established for unauthorized requests.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html" - ] - }, - "risk_details": "Monitoring unauthorized API calls will help reveal application errors and may reduce time to detect malicious activity.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudWatch log groups found with metric filters or alarms associated.", - "metadata": { - "event_code": "cloudwatch_log_metric_filter_root_usage", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudWatch log groups found with metric filters or alarms associated.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Logging and Monitoring", - "compliance": { - "HIPAA": [ - "164_308_a_6_i", - "164_308_a_6_ii" - ], - "C5-2025": [ - "OIS-04.01AC", - "OIS-04.02AC", - "HR-03.02AC", - "AM-01.01AC", - "AM-09.03AC", - "OPS-11.02AC", - "OPS-26.05B", - "OPS-26.01AS", - "OPS-26.06B", - "IAM-03.01B", - "IAM-03.03B", - "IAM-06.04B", - "IAM-06.05B", - "PSS-04.01B" - ], - "NIST-CSF-1.1": [ - "cm_2", - "ra_5", - "sc_4" - ], - "CIS-3.0": [ - "4.3" - ], - "ENS-RD2022": [ - "op.exp.8.aws.ct.5", - "op.exp.8.aws.cw.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "4.3" - ], - "GDPR": [ - "article_25" - ], - "PCI-3.2.1": [ - "7.2", - "7.2.1" - ], - "CIS-5.0": [ - "4.3" - ], - "CIS-1.4": [ - "4.3" - ], - "CCC": [ - "CCC.Core.CN04.AR01" - ], - "ProwlerThreatScore-1.0": [ - "3.3.4" - ], - "CIS-1.5": [ - "4.3" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP04" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "AWS-Account-Security-Onboarding": [ - "Critical alert on every root user activity" - ], - "KISA-ISMS-P-2023": [ - "2.10.1", - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1496" - ], - "CIS-2.0": [ - "4.3" - ], - "NIS2": [ - "2.3.1", - "3.2.1", - "3.2.2", - "3.2.3.c", - "3.2.3.e", - "3.2.3.g", - "3.5.4", - "7.2.b", - "9.2.c.vii" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure a log metric filter and alarm exist for usage of root account.", - "title": "Ensure a log metric filter and alarm exist for usage of root account.", - "types": [ - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudwatch_log_metric_filter_root_usage-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudwatch" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudWatchAlarm", - "uid": "arn:aws:logs:us-east-1:211203495394:log-group" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "It is recommended that a metric filter and alarm be established for unauthorized requests.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html" - ] - }, - "risk_details": "Monitoring unauthorized API calls will help reveal application errors and may reduce time to detect malicious activity.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudWatch log groups found with metric filters or alarms associated.", - "metadata": { - "event_code": "cloudwatch_log_metric_filter_security_group_changes", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudWatch log groups found with metric filters or alarms associated.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Logging and Monitoring", - "compliance": { - "SOC2": [ - "cc_5_2" - ], - "C5-2025": [ - "OIS-04.03B", - "OIS-04.01AC", - "OIS-04.02AC", - "HR-03.02AC", - "AM-01.01AC", - "AM-09.03AC", - "OPS-11.02AC", - "OPS-26.05B", - "OPS-26.01AS", - "OPS-26.06B", - "PSS-04.01B" - ], - "NIST-CSF-1.1": [ - "cm_2", - "ra_5", - "sc_4" - ], - "CIS-3.0": [ - "4.10" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "4.10" - ], - "GDPR": [ - "article_25" - ], - "CIS-5.0": [ - "4.10" - ], - "CIS-1.4": [ - "4.10" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.Core.CN04.AR01" - ], - "ProwlerThreatScore-1.0": [ - "3.3.11" - ], - "CIS-1.5": [ - "4.10" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP04" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "KISA-ISMS-P-2023": [ - "2.10.1", - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1496" - ], - "CIS-2.0": [ - "4.10" - ], - "NIS2": [ - "2.2.3", - "3.2.2", - "3.2.3.b", - "3.2.3.c", - "3.2.3.f", - "3.2.3.g", - "3.5.4", - "11.5.2.d" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure a log metric filter and alarm exist for security group changes.", - "title": "Ensure a log metric filter and alarm exist for security group changes.", - "types": [ - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudwatch_log_metric_filter_security_group_changes-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudwatch" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudWatchAlarm", - "uid": "arn:aws:logs:us-east-1:211203495394:log-group" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "It is recommended that a metric filter and alarm be established for unauthorized requests.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html" - ] - }, - "risk_details": "Monitoring unauthorized API calls will help reveal application errors and may reduce time to detect malicious activity.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudWatch log groups found with metric filters or alarms associated.", - "metadata": { - "event_code": "cloudwatch_log_metric_filter_sign_in_without_mfa", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudWatch log groups found with metric filters or alarms associated.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Logging and Monitoring", - "compliance": { - "C5-2025": [ - "OIS-04.01AC", - "OIS-04.02AC", - "HR-03.02AC", - "AM-01.01AC", - "AM-09.03AC", - "OPS-11.02AC", - "OPS-16.01B", - "OPS-26.05B", - "OPS-26.01AS", - "OPS-26.06B", - "IAM-03.01AC", - "IAM-09.02B", - "IAM-09.01AC", - "PSS-04.01B", - "PSS-05.01B", - "PSS-07.02B" - ], - "NIST-CSF-1.1": [ - "cm_2", - "ra_5", - "sc_4" - ], - "CIS-3.0": [ - "4.2" - ], - "ENS-RD2022": [ - "op.exp.8.aws.ct.5" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "4.2" - ], - "GDPR": [ - "article_25" - ], - "CIS-5.0": [ - "4.2" - ], - "CIS-1.4": [ - "4.2" - ], - "CCC": [ - "CCC.Core.CN04.AR01" - ], - "ProwlerThreatScore-1.0": [ - "3.3.3" - ], - "CIS-1.5": [ - "4.2" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP04" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "KISA-ISMS-P-2023": [ - "2.10.1", - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1496" - ], - "CIS-2.0": [ - "4.2" - ], - "NIS2": [ - "3.2.3.c", - "3.2.3.d", - "3.2.3.g", - "3.5.4", - "9.2.c.vii", - "11.7.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure a log metric filter and alarm exist for Management Console sign-in without MFA.", - "title": "Ensure a log metric filter and alarm exist for Management Console sign-in without MFA.", - "types": [ - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudwatch_log_metric_filter_sign_in_without_mfa-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudwatch" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudWatchAlarm", - "uid": "arn:aws:logs:us-east-1:211203495394:log-group" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "It is recommended that a metric filter and alarm be established for unauthorized requests.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html" - ] - }, - "risk_details": "Monitoring unauthorized API calls will help reveal application errors and may reduce time to detect malicious activity.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No CloudWatch log groups found with metric filters or alarms associated.", - "metadata": { - "event_code": "cloudwatch_log_metric_filter_unauthorized_api_calls", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "No CloudWatch log groups found with metric filters or alarms associated.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Logging and Monitoring", - "compliance": { - "C5-2025": [ - "OIS-04.01AC", - "OIS-04.02AC", - "HR-03.02AC", - "AM-01.01AC", - "AM-09.03AC", - "OPS-11.02AC", - "OPS-26.05B", - "OPS-26.01AS", - "OPS-26.06B", - "IAM-06.05B", - "PSS-04.01B" - ], - "NIST-CSF-1.1": [ - "cm_2", - "ra_5", - "sc_4" - ], - "CIS-3.0": [ - "4.1" - ], - "ENS-RD2022": [ - "op.exp.8.aws.ct.5" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.1", - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "4.1" - ], - "GDPR": [ - "article_25" - ], - "CIS-5.0": [ - "4.1" - ], - "CIS-1.4": [ - "4.1" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR02", - "CCC.Monitor.CN02.AR01", - "CCC.Core.CN04.AR01" - ], - "ProwlerThreatScore-1.0": [ - "3.3.2" - ], - "CIS-1.5": [ - "4.1" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP04" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "KISA-ISMS-P-2023": [ - "2.10.1", - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1496" - ], - "CIS-2.0": [ - "4.1" - ], - "NIS2": [ - "3.2.3.c", - "3.2.3.g", - "3.2.4", - "3.4.2.c", - "3.5.4" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure a log metric filter and alarm exist for unauthorized API calls.", - "title": "Ensure a log metric filter and alarm exist for unauthorized API calls.", - "types": [ - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-cloudwatch_log_metric_filter_unauthorized_api_calls-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "cloudwatch" - }, - "labels": [], - "name": "211203495394", - "type": "AwsCloudWatchAlarm", - "uid": "arn:aws:logs:us-east-1:211203495394:log-group" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "It is recommended that a metric filter and alarm be established for unauthorized requests.", - "references": [ - "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html" - ] - }, - "risk_details": "Monitoring unauthorized API calls will help reveal application errors and may reduce time to detect malicious activity.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "AWS Config recorder 211203495394 is disabled.", - "metadata": { - "event_code": "config_recorder_all_regions_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "AWS Config recorder 211203495394 is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "logging", - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://repost.aws/es/questions/QUGcgeerhcTamRkwgdwh_tLQ/enable-aws-config", - "https://www.tenable.com/audits/items/CIS_Amazon_Web_Services_Foundations_v1.5.0_L2.audit:6a5136528bd329139e5969f8f1e5ffbc", - "https://aws.amazon.com/blogs/mt/aws-config-best-practices/" - ], - "notes": "", - "compliance": { - "HIPAA": [ - "164_308_a_1_ii_a" - ], - "SOC2": [ - "cc_2_1", - "cc_3_1", - "cc_3_4", - "cc_8_1" - ], - "C5-2025": [ - "OIS-05.01B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "DEV-08.02B" - ], - "NIST-CSF-1.1": [ - "cm_2", - "am_1", - "ra_5", - "sc_4", - "ip_12" - ], - "CIS-3.0": [ - "3.3" - ], - "ENS-RD2022": [ - "op.exp.1.aws.cfg.1", - "op.exp.1.aws.cfg.2", - "op.exp.3.aws.cfg.1", - "op.exp.3.r3.aws.cfg.1", - "op.mon.3.r2.aws.cfg.1", - "op.mon.3.r6.aws.cfg.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "3.3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "2.4", - "2.4.a", - "10.5", - "10.5.2", - "11.5", - "11.5.a", - "11.5.b" - ], - "CIS-5.0": [ - "3.3" - ], - "CIS-1.4": [ - "3.5" - ], - "GxP-EU-Annex-11": [ - "10-change-and-configuration-management", - "4.5-validation-development-quality", - "4.6-validation-quality-performance" - ], - "ProwlerThreatScore-1.0": [ - "3.3.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "Config.1" - ], - "CIS-1.5": [ - "3.5" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.22" - ], - "AWS-Account-Security-Onboarding": [ - "Enable continuous recording for most of the resources", - "Confirm that records are present in central aggregator" - ], - "KISA-ISMS-P-2023": [ - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1190", - "T1078", - "T1204", - "T1098", - "T1136", - "T1525", - "T1562", - "T1110", - "T1040", - "T1119", - "T1530", - "T1485", - "T1486", - "T1491", - "T1499", - "T1496", - "T1498" - ], - "CIS-2.0": [ - "3.5" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "**AWS accounts** have **AWS Config recorders** active and healthy in each Region. It identifies Regions with no recorder, a disabled recorder, or a recorder in a failure state.", - "title": "AWS Config recorder is enabled and not in failure state or disabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-config_recorder_all_regions_enabled-211203495394-ap-northeast-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-northeast-1", - "data": { - "details": "", - "metadata": { - "name": "211203495394", - "role_arn": "", - "recording": null, - "last_status": null, - "region": "ap-northeast-1" - } - }, - "group": { - "name": "config" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:config:ap-northeast-1:211203495394:recorder" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-northeast-1" - }, - "remediation": { - "desc": "Enable **AWS Config** in every Region with continuous recording and maintain healthy recorder status.", - "references": [ - "https://hub.prowler.com/check/config_recorder_all_regions_enabled" - ] - }, - "risk_details": "**Gaps in Config recording** create **blind spots**. Changes in unmonitored Regions aren't captured, weakening **integrity** and **auditability**. Adversaries can alter resources or stage assets unnoticed, enabling misconfigurations and delaying **incident response**.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "AWS Config recorder 211203495394 is disabled.", - "metadata": { - "event_code": "config_recorder_all_regions_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "AWS Config recorder 211203495394 is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "logging", - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://repost.aws/es/questions/QUGcgeerhcTamRkwgdwh_tLQ/enable-aws-config", - "https://www.tenable.com/audits/items/CIS_Amazon_Web_Services_Foundations_v1.5.0_L2.audit:6a5136528bd329139e5969f8f1e5ffbc", - "https://aws.amazon.com/blogs/mt/aws-config-best-practices/" - ], - "notes": "", - "compliance": { - "HIPAA": [ - "164_308_a_1_ii_a" - ], - "SOC2": [ - "cc_2_1", - "cc_3_1", - "cc_3_4", - "cc_8_1" - ], - "C5-2025": [ - "OIS-05.01B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "DEV-08.02B" - ], - "NIST-CSF-1.1": [ - "cm_2", - "am_1", - "ra_5", - "sc_4", - "ip_12" - ], - "CIS-3.0": [ - "3.3" - ], - "ENS-RD2022": [ - "op.exp.1.aws.cfg.1", - "op.exp.1.aws.cfg.2", - "op.exp.3.aws.cfg.1", - "op.exp.3.r3.aws.cfg.1", - "op.mon.3.r2.aws.cfg.1", - "op.mon.3.r6.aws.cfg.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "3.3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "2.4", - "2.4.a", - "10.5", - "10.5.2", - "11.5", - "11.5.a", - "11.5.b" - ], - "CIS-5.0": [ - "3.3" - ], - "CIS-1.4": [ - "3.5" - ], - "GxP-EU-Annex-11": [ - "10-change-and-configuration-management", - "4.5-validation-development-quality", - "4.6-validation-quality-performance" - ], - "ProwlerThreatScore-1.0": [ - "3.3.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "Config.1" - ], - "CIS-1.5": [ - "3.5" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.22" - ], - "AWS-Account-Security-Onboarding": [ - "Enable continuous recording for most of the resources", - "Confirm that records are present in central aggregator" - ], - "KISA-ISMS-P-2023": [ - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1190", - "T1078", - "T1204", - "T1098", - "T1136", - "T1525", - "T1562", - "T1110", - "T1040", - "T1119", - "T1530", - "T1485", - "T1486", - "T1491", - "T1499", - "T1496", - "T1498" - ], - "CIS-2.0": [ - "3.5" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "**AWS accounts** have **AWS Config recorders** active and healthy in each Region. It identifies Regions with no recorder, a disabled recorder, or a recorder in a failure state.", - "title": "AWS Config recorder is enabled and not in failure state or disabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-config_recorder_all_regions_enabled-211203495394-ap-northeast-2-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-northeast-2", - "data": { - "details": "", - "metadata": { - "name": "211203495394", - "role_arn": "", - "recording": null, - "last_status": null, - "region": "ap-northeast-2" - } - }, - "group": { - "name": "config" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:config:ap-northeast-2:211203495394:recorder" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-northeast-2" - }, - "remediation": { - "desc": "Enable **AWS Config** in every Region with continuous recording and maintain healthy recorder status.", - "references": [ - "https://hub.prowler.com/check/config_recorder_all_regions_enabled" - ] - }, - "risk_details": "**Gaps in Config recording** create **blind spots**. Changes in unmonitored Regions aren't captured, weakening **integrity** and **auditability**. Adversaries can alter resources or stage assets unnoticed, enabling misconfigurations and delaying **incident response**.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "AWS Config recorder 211203495394 is disabled.", - "metadata": { - "event_code": "config_recorder_all_regions_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "AWS Config recorder 211203495394 is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "logging", - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://repost.aws/es/questions/QUGcgeerhcTamRkwgdwh_tLQ/enable-aws-config", - "https://www.tenable.com/audits/items/CIS_Amazon_Web_Services_Foundations_v1.5.0_L2.audit:6a5136528bd329139e5969f8f1e5ffbc", - "https://aws.amazon.com/blogs/mt/aws-config-best-practices/" - ], - "notes": "", - "compliance": { - "HIPAA": [ - "164_308_a_1_ii_a" - ], - "SOC2": [ - "cc_2_1", - "cc_3_1", - "cc_3_4", - "cc_8_1" - ], - "C5-2025": [ - "OIS-05.01B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "DEV-08.02B" - ], - "NIST-CSF-1.1": [ - "cm_2", - "am_1", - "ra_5", - "sc_4", - "ip_12" - ], - "CIS-3.0": [ - "3.3" - ], - "ENS-RD2022": [ - "op.exp.1.aws.cfg.1", - "op.exp.1.aws.cfg.2", - "op.exp.3.aws.cfg.1", - "op.exp.3.r3.aws.cfg.1", - "op.mon.3.r2.aws.cfg.1", - "op.mon.3.r6.aws.cfg.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "3.3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "2.4", - "2.4.a", - "10.5", - "10.5.2", - "11.5", - "11.5.a", - "11.5.b" - ], - "CIS-5.0": [ - "3.3" - ], - "CIS-1.4": [ - "3.5" - ], - "GxP-EU-Annex-11": [ - "10-change-and-configuration-management", - "4.5-validation-development-quality", - "4.6-validation-quality-performance" - ], - "ProwlerThreatScore-1.0": [ - "3.3.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "Config.1" - ], - "CIS-1.5": [ - "3.5" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.22" - ], - "AWS-Account-Security-Onboarding": [ - "Enable continuous recording for most of the resources", - "Confirm that records are present in central aggregator" - ], - "KISA-ISMS-P-2023": [ - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1190", - "T1078", - "T1204", - "T1098", - "T1136", - "T1525", - "T1562", - "T1110", - "T1040", - "T1119", - "T1530", - "T1485", - "T1486", - "T1491", - "T1499", - "T1496", - "T1498" - ], - "CIS-2.0": [ - "3.5" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "**AWS accounts** have **AWS Config recorders** active and healthy in each Region. It identifies Regions with no recorder, a disabled recorder, or a recorder in a failure state.", - "title": "AWS Config recorder is enabled and not in failure state or disabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-config_recorder_all_regions_enabled-211203495394-ap-northeast-3-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-northeast-3", - "data": { - "details": "", - "metadata": { - "name": "211203495394", - "role_arn": "", - "recording": null, - "last_status": null, - "region": "ap-northeast-3" - } - }, - "group": { - "name": "config" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:config:ap-northeast-3:211203495394:recorder" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-northeast-3" - }, - "remediation": { - "desc": "Enable **AWS Config** in every Region with continuous recording and maintain healthy recorder status.", - "references": [ - "https://hub.prowler.com/check/config_recorder_all_regions_enabled" - ] - }, - "risk_details": "**Gaps in Config recording** create **blind spots**. Changes in unmonitored Regions aren't captured, weakening **integrity** and **auditability**. Adversaries can alter resources or stage assets unnoticed, enabling misconfigurations and delaying **incident response**.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "AWS Config recorder 211203495394 is disabled.", - "metadata": { - "event_code": "config_recorder_all_regions_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "AWS Config recorder 211203495394 is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "logging", - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://repost.aws/es/questions/QUGcgeerhcTamRkwgdwh_tLQ/enable-aws-config", - "https://www.tenable.com/audits/items/CIS_Amazon_Web_Services_Foundations_v1.5.0_L2.audit:6a5136528bd329139e5969f8f1e5ffbc", - "https://aws.amazon.com/blogs/mt/aws-config-best-practices/" - ], - "notes": "", - "compliance": { - "HIPAA": [ - "164_308_a_1_ii_a" - ], - "SOC2": [ - "cc_2_1", - "cc_3_1", - "cc_3_4", - "cc_8_1" - ], - "C5-2025": [ - "OIS-05.01B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "DEV-08.02B" - ], - "NIST-CSF-1.1": [ - "cm_2", - "am_1", - "ra_5", - "sc_4", - "ip_12" - ], - "CIS-3.0": [ - "3.3" - ], - "ENS-RD2022": [ - "op.exp.1.aws.cfg.1", - "op.exp.1.aws.cfg.2", - "op.exp.3.aws.cfg.1", - "op.exp.3.r3.aws.cfg.1", - "op.mon.3.r2.aws.cfg.1", - "op.mon.3.r6.aws.cfg.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "3.3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "2.4", - "2.4.a", - "10.5", - "10.5.2", - "11.5", - "11.5.a", - "11.5.b" - ], - "CIS-5.0": [ - "3.3" - ], - "CIS-1.4": [ - "3.5" - ], - "GxP-EU-Annex-11": [ - "10-change-and-configuration-management", - "4.5-validation-development-quality", - "4.6-validation-quality-performance" - ], - "ProwlerThreatScore-1.0": [ - "3.3.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "Config.1" - ], - "CIS-1.5": [ - "3.5" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.22" - ], - "AWS-Account-Security-Onboarding": [ - "Enable continuous recording for most of the resources", - "Confirm that records are present in central aggregator" - ], - "KISA-ISMS-P-2023": [ - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1190", - "T1078", - "T1204", - "T1098", - "T1136", - "T1525", - "T1562", - "T1110", - "T1040", - "T1119", - "T1530", - "T1485", - "T1486", - "T1491", - "T1499", - "T1496", - "T1498" - ], - "CIS-2.0": [ - "3.5" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "**AWS accounts** have **AWS Config recorders** active and healthy in each Region. It identifies Regions with no recorder, a disabled recorder, or a recorder in a failure state.", - "title": "AWS Config recorder is enabled and not in failure state or disabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-config_recorder_all_regions_enabled-211203495394-ap-south-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-south-1", - "data": { - "details": "", - "metadata": { - "name": "211203495394", - "role_arn": "", - "recording": null, - "last_status": null, - "region": "ap-south-1" - } - }, - "group": { - "name": "config" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:config:ap-south-1:211203495394:recorder" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-south-1" - }, - "remediation": { - "desc": "Enable **AWS Config** in every Region with continuous recording and maintain healthy recorder status.", - "references": [ - "https://hub.prowler.com/check/config_recorder_all_regions_enabled" - ] - }, - "risk_details": "**Gaps in Config recording** create **blind spots**. Changes in unmonitored Regions aren't captured, weakening **integrity** and **auditability**. Adversaries can alter resources or stage assets unnoticed, enabling misconfigurations and delaying **incident response**.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "AWS Config recorder 211203495394 is disabled.", - "metadata": { - "event_code": "config_recorder_all_regions_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "AWS Config recorder 211203495394 is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "logging", - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://repost.aws/es/questions/QUGcgeerhcTamRkwgdwh_tLQ/enable-aws-config", - "https://www.tenable.com/audits/items/CIS_Amazon_Web_Services_Foundations_v1.5.0_L2.audit:6a5136528bd329139e5969f8f1e5ffbc", - "https://aws.amazon.com/blogs/mt/aws-config-best-practices/" - ], - "notes": "", - "compliance": { - "HIPAA": [ - "164_308_a_1_ii_a" - ], - "SOC2": [ - "cc_2_1", - "cc_3_1", - "cc_3_4", - "cc_8_1" - ], - "C5-2025": [ - "OIS-05.01B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "DEV-08.02B" - ], - "NIST-CSF-1.1": [ - "cm_2", - "am_1", - "ra_5", - "sc_4", - "ip_12" - ], - "CIS-3.0": [ - "3.3" - ], - "ENS-RD2022": [ - "op.exp.1.aws.cfg.1", - "op.exp.1.aws.cfg.2", - "op.exp.3.aws.cfg.1", - "op.exp.3.r3.aws.cfg.1", - "op.mon.3.r2.aws.cfg.1", - "op.mon.3.r6.aws.cfg.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "3.3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "2.4", - "2.4.a", - "10.5", - "10.5.2", - "11.5", - "11.5.a", - "11.5.b" - ], - "CIS-5.0": [ - "3.3" - ], - "CIS-1.4": [ - "3.5" - ], - "GxP-EU-Annex-11": [ - "10-change-and-configuration-management", - "4.5-validation-development-quality", - "4.6-validation-quality-performance" - ], - "ProwlerThreatScore-1.0": [ - "3.3.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "Config.1" - ], - "CIS-1.5": [ - "3.5" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.22" - ], - "AWS-Account-Security-Onboarding": [ - "Enable continuous recording for most of the resources", - "Confirm that records are present in central aggregator" - ], - "KISA-ISMS-P-2023": [ - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1190", - "T1078", - "T1204", - "T1098", - "T1136", - "T1525", - "T1562", - "T1110", - "T1040", - "T1119", - "T1530", - "T1485", - "T1486", - "T1491", - "T1499", - "T1496", - "T1498" - ], - "CIS-2.0": [ - "3.5" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "**AWS accounts** have **AWS Config recorders** active and healthy in each Region. It identifies Regions with no recorder, a disabled recorder, or a recorder in a failure state.", - "title": "AWS Config recorder is enabled and not in failure state or disabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-config_recorder_all_regions_enabled-211203495394-ap-southeast-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-southeast-1", - "data": { - "details": "", - "metadata": { - "name": "211203495394", - "role_arn": "", - "recording": null, - "last_status": null, - "region": "ap-southeast-1" - } - }, - "group": { - "name": "config" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:config:ap-southeast-1:211203495394:recorder" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-southeast-1" - }, - "remediation": { - "desc": "Enable **AWS Config** in every Region with continuous recording and maintain healthy recorder status.", - "references": [ - "https://hub.prowler.com/check/config_recorder_all_regions_enabled" - ] - }, - "risk_details": "**Gaps in Config recording** create **blind spots**. Changes in unmonitored Regions aren't captured, weakening **integrity** and **auditability**. Adversaries can alter resources or stage assets unnoticed, enabling misconfigurations and delaying **incident response**.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "AWS Config recorder 211203495394 is disabled.", - "metadata": { - "event_code": "config_recorder_all_regions_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "AWS Config recorder 211203495394 is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "logging", - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://repost.aws/es/questions/QUGcgeerhcTamRkwgdwh_tLQ/enable-aws-config", - "https://www.tenable.com/audits/items/CIS_Amazon_Web_Services_Foundations_v1.5.0_L2.audit:6a5136528bd329139e5969f8f1e5ffbc", - "https://aws.amazon.com/blogs/mt/aws-config-best-practices/" - ], - "notes": "", - "compliance": { - "HIPAA": [ - "164_308_a_1_ii_a" - ], - "SOC2": [ - "cc_2_1", - "cc_3_1", - "cc_3_4", - "cc_8_1" - ], - "C5-2025": [ - "OIS-05.01B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "DEV-08.02B" - ], - "NIST-CSF-1.1": [ - "cm_2", - "am_1", - "ra_5", - "sc_4", - "ip_12" - ], - "CIS-3.0": [ - "3.3" - ], - "ENS-RD2022": [ - "op.exp.1.aws.cfg.1", - "op.exp.1.aws.cfg.2", - "op.exp.3.aws.cfg.1", - "op.exp.3.r3.aws.cfg.1", - "op.mon.3.r2.aws.cfg.1", - "op.mon.3.r6.aws.cfg.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "3.3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "2.4", - "2.4.a", - "10.5", - "10.5.2", - "11.5", - "11.5.a", - "11.5.b" - ], - "CIS-5.0": [ - "3.3" - ], - "CIS-1.4": [ - "3.5" - ], - "GxP-EU-Annex-11": [ - "10-change-and-configuration-management", - "4.5-validation-development-quality", - "4.6-validation-quality-performance" - ], - "ProwlerThreatScore-1.0": [ - "3.3.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "Config.1" - ], - "CIS-1.5": [ - "3.5" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.22" - ], - "AWS-Account-Security-Onboarding": [ - "Enable continuous recording for most of the resources", - "Confirm that records are present in central aggregator" - ], - "KISA-ISMS-P-2023": [ - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1190", - "T1078", - "T1204", - "T1098", - "T1136", - "T1525", - "T1562", - "T1110", - "T1040", - "T1119", - "T1530", - "T1485", - "T1486", - "T1491", - "T1499", - "T1496", - "T1498" - ], - "CIS-2.0": [ - "3.5" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "**AWS accounts** have **AWS Config recorders** active and healthy in each Region. It identifies Regions with no recorder, a disabled recorder, or a recorder in a failure state.", - "title": "AWS Config recorder is enabled and not in failure state or disabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-config_recorder_all_regions_enabled-211203495394-ap-southeast-2-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-southeast-2", - "data": { - "details": "", - "metadata": { - "name": "211203495394", - "role_arn": "", - "recording": null, - "last_status": null, - "region": "ap-southeast-2" - } - }, - "group": { - "name": "config" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:config:ap-southeast-2:211203495394:recorder" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-southeast-2" - }, - "remediation": { - "desc": "Enable **AWS Config** in every Region with continuous recording and maintain healthy recorder status.", - "references": [ - "https://hub.prowler.com/check/config_recorder_all_regions_enabled" - ] - }, - "risk_details": "**Gaps in Config recording** create **blind spots**. Changes in unmonitored Regions aren't captured, weakening **integrity** and **auditability**. Adversaries can alter resources or stage assets unnoticed, enabling misconfigurations and delaying **incident response**.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "AWS Config recorder 211203495394 is disabled.", - "metadata": { - "event_code": "config_recorder_all_regions_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "AWS Config recorder 211203495394 is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "logging", - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://repost.aws/es/questions/QUGcgeerhcTamRkwgdwh_tLQ/enable-aws-config", - "https://www.tenable.com/audits/items/CIS_Amazon_Web_Services_Foundations_v1.5.0_L2.audit:6a5136528bd329139e5969f8f1e5ffbc", - "https://aws.amazon.com/blogs/mt/aws-config-best-practices/" - ], - "notes": "", - "compliance": { - "HIPAA": [ - "164_308_a_1_ii_a" - ], - "SOC2": [ - "cc_2_1", - "cc_3_1", - "cc_3_4", - "cc_8_1" - ], - "C5-2025": [ - "OIS-05.01B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "DEV-08.02B" - ], - "NIST-CSF-1.1": [ - "cm_2", - "am_1", - "ra_5", - "sc_4", - "ip_12" - ], - "CIS-3.0": [ - "3.3" - ], - "ENS-RD2022": [ - "op.exp.1.aws.cfg.1", - "op.exp.1.aws.cfg.2", - "op.exp.3.aws.cfg.1", - "op.exp.3.r3.aws.cfg.1", - "op.mon.3.r2.aws.cfg.1", - "op.mon.3.r6.aws.cfg.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "3.3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "2.4", - "2.4.a", - "10.5", - "10.5.2", - "11.5", - "11.5.a", - "11.5.b" - ], - "CIS-5.0": [ - "3.3" - ], - "CIS-1.4": [ - "3.5" - ], - "GxP-EU-Annex-11": [ - "10-change-and-configuration-management", - "4.5-validation-development-quality", - "4.6-validation-quality-performance" - ], - "ProwlerThreatScore-1.0": [ - "3.3.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "Config.1" - ], - "CIS-1.5": [ - "3.5" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.22" - ], - "AWS-Account-Security-Onboarding": [ - "Enable continuous recording for most of the resources", - "Confirm that records are present in central aggregator" - ], - "KISA-ISMS-P-2023": [ - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1190", - "T1078", - "T1204", - "T1098", - "T1136", - "T1525", - "T1562", - "T1110", - "T1040", - "T1119", - "T1530", - "T1485", - "T1486", - "T1491", - "T1499", - "T1496", - "T1498" - ], - "CIS-2.0": [ - "3.5" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "**AWS accounts** have **AWS Config recorders** active and healthy in each Region. It identifies Regions with no recorder, a disabled recorder, or a recorder in a failure state.", - "title": "AWS Config recorder is enabled and not in failure state or disabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-config_recorder_all_regions_enabled-211203495394-ca-central-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ca-central-1", - "data": { - "details": "", - "metadata": { - "name": "211203495394", - "role_arn": "", - "recording": null, - "last_status": null, - "region": "ca-central-1" - } - }, - "group": { - "name": "config" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:config:ca-central-1:211203495394:recorder" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ca-central-1" - }, - "remediation": { - "desc": "Enable **AWS Config** in every Region with continuous recording and maintain healthy recorder status.", - "references": [ - "https://hub.prowler.com/check/config_recorder_all_regions_enabled" - ] - }, - "risk_details": "**Gaps in Config recording** create **blind spots**. Changes in unmonitored Regions aren't captured, weakening **integrity** and **auditability**. Adversaries can alter resources or stage assets unnoticed, enabling misconfigurations and delaying **incident response**.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "AWS Config recorder 211203495394 is disabled.", - "metadata": { - "event_code": "config_recorder_all_regions_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "AWS Config recorder 211203495394 is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "logging", - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://repost.aws/es/questions/QUGcgeerhcTamRkwgdwh_tLQ/enable-aws-config", - "https://www.tenable.com/audits/items/CIS_Amazon_Web_Services_Foundations_v1.5.0_L2.audit:6a5136528bd329139e5969f8f1e5ffbc", - "https://aws.amazon.com/blogs/mt/aws-config-best-practices/" - ], - "notes": "", - "compliance": { - "HIPAA": [ - "164_308_a_1_ii_a" - ], - "SOC2": [ - "cc_2_1", - "cc_3_1", - "cc_3_4", - "cc_8_1" - ], - "C5-2025": [ - "OIS-05.01B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "DEV-08.02B" - ], - "NIST-CSF-1.1": [ - "cm_2", - "am_1", - "ra_5", - "sc_4", - "ip_12" - ], - "CIS-3.0": [ - "3.3" - ], - "ENS-RD2022": [ - "op.exp.1.aws.cfg.1", - "op.exp.1.aws.cfg.2", - "op.exp.3.aws.cfg.1", - "op.exp.3.r3.aws.cfg.1", - "op.mon.3.r2.aws.cfg.1", - "op.mon.3.r6.aws.cfg.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "3.3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "2.4", - "2.4.a", - "10.5", - "10.5.2", - "11.5", - "11.5.a", - "11.5.b" - ], - "CIS-5.0": [ - "3.3" - ], - "CIS-1.4": [ - "3.5" - ], - "GxP-EU-Annex-11": [ - "10-change-and-configuration-management", - "4.5-validation-development-quality", - "4.6-validation-quality-performance" - ], - "ProwlerThreatScore-1.0": [ - "3.3.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "Config.1" - ], - "CIS-1.5": [ - "3.5" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.22" - ], - "AWS-Account-Security-Onboarding": [ - "Enable continuous recording for most of the resources", - "Confirm that records are present in central aggregator" - ], - "KISA-ISMS-P-2023": [ - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1190", - "T1078", - "T1204", - "T1098", - "T1136", - "T1525", - "T1562", - "T1110", - "T1040", - "T1119", - "T1530", - "T1485", - "T1486", - "T1491", - "T1499", - "T1496", - "T1498" - ], - "CIS-2.0": [ - "3.5" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "**AWS accounts** have **AWS Config recorders** active and healthy in each Region. It identifies Regions with no recorder, a disabled recorder, or a recorder in a failure state.", - "title": "AWS Config recorder is enabled and not in failure state or disabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-config_recorder_all_regions_enabled-211203495394-eu-central-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-central-1", - "data": { - "details": "", - "metadata": { - "name": "211203495394", - "role_arn": "", - "recording": null, - "last_status": null, - "region": "eu-central-1" - } - }, - "group": { - "name": "config" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:config:eu-central-1:211203495394:recorder" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-central-1" - }, - "remediation": { - "desc": "Enable **AWS Config** in every Region with continuous recording and maintain healthy recorder status.", - "references": [ - "https://hub.prowler.com/check/config_recorder_all_regions_enabled" - ] - }, - "risk_details": "**Gaps in Config recording** create **blind spots**. Changes in unmonitored Regions aren't captured, weakening **integrity** and **auditability**. Adversaries can alter resources or stage assets unnoticed, enabling misconfigurations and delaying **incident response**.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "AWS Config recorder 211203495394 is disabled.", - "metadata": { - "event_code": "config_recorder_all_regions_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "AWS Config recorder 211203495394 is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "logging", - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://repost.aws/es/questions/QUGcgeerhcTamRkwgdwh_tLQ/enable-aws-config", - "https://www.tenable.com/audits/items/CIS_Amazon_Web_Services_Foundations_v1.5.0_L2.audit:6a5136528bd329139e5969f8f1e5ffbc", - "https://aws.amazon.com/blogs/mt/aws-config-best-practices/" - ], - "notes": "", - "compliance": { - "HIPAA": [ - "164_308_a_1_ii_a" - ], - "SOC2": [ - "cc_2_1", - "cc_3_1", - "cc_3_4", - "cc_8_1" - ], - "C5-2025": [ - "OIS-05.01B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "DEV-08.02B" - ], - "NIST-CSF-1.1": [ - "cm_2", - "am_1", - "ra_5", - "sc_4", - "ip_12" - ], - "CIS-3.0": [ - "3.3" - ], - "ENS-RD2022": [ - "op.exp.1.aws.cfg.1", - "op.exp.1.aws.cfg.2", - "op.exp.3.aws.cfg.1", - "op.exp.3.r3.aws.cfg.1", - "op.mon.3.r2.aws.cfg.1", - "op.mon.3.r6.aws.cfg.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "3.3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "2.4", - "2.4.a", - "10.5", - "10.5.2", - "11.5", - "11.5.a", - "11.5.b" - ], - "CIS-5.0": [ - "3.3" - ], - "CIS-1.4": [ - "3.5" - ], - "GxP-EU-Annex-11": [ - "10-change-and-configuration-management", - "4.5-validation-development-quality", - "4.6-validation-quality-performance" - ], - "ProwlerThreatScore-1.0": [ - "3.3.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "Config.1" - ], - "CIS-1.5": [ - "3.5" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.22" - ], - "AWS-Account-Security-Onboarding": [ - "Enable continuous recording for most of the resources", - "Confirm that records are present in central aggregator" - ], - "KISA-ISMS-P-2023": [ - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1190", - "T1078", - "T1204", - "T1098", - "T1136", - "T1525", - "T1562", - "T1110", - "T1040", - "T1119", - "T1530", - "T1485", - "T1486", - "T1491", - "T1499", - "T1496", - "T1498" - ], - "CIS-2.0": [ - "3.5" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "**AWS accounts** have **AWS Config recorders** active and healthy in each Region. It identifies Regions with no recorder, a disabled recorder, or a recorder in a failure state.", - "title": "AWS Config recorder is enabled and not in failure state or disabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-config_recorder_all_regions_enabled-211203495394-eu-north-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-north-1", - "data": { - "details": "", - "metadata": { - "name": "211203495394", - "role_arn": "", - "recording": null, - "last_status": null, - "region": "eu-north-1" - } - }, - "group": { - "name": "config" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:config:eu-north-1:211203495394:recorder" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-north-1" - }, - "remediation": { - "desc": "Enable **AWS Config** in every Region with continuous recording and maintain healthy recorder status.", - "references": [ - "https://hub.prowler.com/check/config_recorder_all_regions_enabled" - ] - }, - "risk_details": "**Gaps in Config recording** create **blind spots**. Changes in unmonitored Regions aren't captured, weakening **integrity** and **auditability**. Adversaries can alter resources or stage assets unnoticed, enabling misconfigurations and delaying **incident response**.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "AWS Config recorder 211203495394 is disabled.", - "metadata": { - "event_code": "config_recorder_all_regions_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "AWS Config recorder 211203495394 is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "logging", - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://repost.aws/es/questions/QUGcgeerhcTamRkwgdwh_tLQ/enable-aws-config", - "https://www.tenable.com/audits/items/CIS_Amazon_Web_Services_Foundations_v1.5.0_L2.audit:6a5136528bd329139e5969f8f1e5ffbc", - "https://aws.amazon.com/blogs/mt/aws-config-best-practices/" - ], - "notes": "", - "compliance": { - "HIPAA": [ - "164_308_a_1_ii_a" - ], - "SOC2": [ - "cc_2_1", - "cc_3_1", - "cc_3_4", - "cc_8_1" - ], - "C5-2025": [ - "OIS-05.01B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "DEV-08.02B" - ], - "NIST-CSF-1.1": [ - "cm_2", - "am_1", - "ra_5", - "sc_4", - "ip_12" - ], - "CIS-3.0": [ - "3.3" - ], - "ENS-RD2022": [ - "op.exp.1.aws.cfg.1", - "op.exp.1.aws.cfg.2", - "op.exp.3.aws.cfg.1", - "op.exp.3.r3.aws.cfg.1", - "op.mon.3.r2.aws.cfg.1", - "op.mon.3.r6.aws.cfg.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "3.3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "2.4", - "2.4.a", - "10.5", - "10.5.2", - "11.5", - "11.5.a", - "11.5.b" - ], - "CIS-5.0": [ - "3.3" - ], - "CIS-1.4": [ - "3.5" - ], - "GxP-EU-Annex-11": [ - "10-change-and-configuration-management", - "4.5-validation-development-quality", - "4.6-validation-quality-performance" - ], - "ProwlerThreatScore-1.0": [ - "3.3.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "Config.1" - ], - "CIS-1.5": [ - "3.5" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.22" - ], - "AWS-Account-Security-Onboarding": [ - "Enable continuous recording for most of the resources", - "Confirm that records are present in central aggregator" - ], - "KISA-ISMS-P-2023": [ - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1190", - "T1078", - "T1204", - "T1098", - "T1136", - "T1525", - "T1562", - "T1110", - "T1040", - "T1119", - "T1530", - "T1485", - "T1486", - "T1491", - "T1499", - "T1496", - "T1498" - ], - "CIS-2.0": [ - "3.5" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "**AWS accounts** have **AWS Config recorders** active and healthy in each Region. It identifies Regions with no recorder, a disabled recorder, or a recorder in a failure state.", - "title": "AWS Config recorder is enabled and not in failure state or disabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-config_recorder_all_regions_enabled-211203495394-eu-west-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "name": "211203495394", - "role_arn": "", - "recording": null, - "last_status": null, - "region": "eu-west-1" - } - }, - "group": { - "name": "config" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:config:eu-west-1:211203495394:recorder" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Enable **AWS Config** in every Region with continuous recording and maintain healthy recorder status.", - "references": [ - "https://hub.prowler.com/check/config_recorder_all_regions_enabled" - ] - }, - "risk_details": "**Gaps in Config recording** create **blind spots**. Changes in unmonitored Regions aren't captured, weakening **integrity** and **auditability**. Adversaries can alter resources or stage assets unnoticed, enabling misconfigurations and delaying **incident response**.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "AWS Config recorder 211203495394 is disabled.", - "metadata": { - "event_code": "config_recorder_all_regions_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "AWS Config recorder 211203495394 is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "logging", - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://repost.aws/es/questions/QUGcgeerhcTamRkwgdwh_tLQ/enable-aws-config", - "https://www.tenable.com/audits/items/CIS_Amazon_Web_Services_Foundations_v1.5.0_L2.audit:6a5136528bd329139e5969f8f1e5ffbc", - "https://aws.amazon.com/blogs/mt/aws-config-best-practices/" - ], - "notes": "", - "compliance": { - "HIPAA": [ - "164_308_a_1_ii_a" - ], - "SOC2": [ - "cc_2_1", - "cc_3_1", - "cc_3_4", - "cc_8_1" - ], - "C5-2025": [ - "OIS-05.01B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "DEV-08.02B" - ], - "NIST-CSF-1.1": [ - "cm_2", - "am_1", - "ra_5", - "sc_4", - "ip_12" - ], - "CIS-3.0": [ - "3.3" - ], - "ENS-RD2022": [ - "op.exp.1.aws.cfg.1", - "op.exp.1.aws.cfg.2", - "op.exp.3.aws.cfg.1", - "op.exp.3.r3.aws.cfg.1", - "op.mon.3.r2.aws.cfg.1", - "op.mon.3.r6.aws.cfg.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "3.3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "2.4", - "2.4.a", - "10.5", - "10.5.2", - "11.5", - "11.5.a", - "11.5.b" - ], - "CIS-5.0": [ - "3.3" - ], - "CIS-1.4": [ - "3.5" - ], - "GxP-EU-Annex-11": [ - "10-change-and-configuration-management", - "4.5-validation-development-quality", - "4.6-validation-quality-performance" - ], - "ProwlerThreatScore-1.0": [ - "3.3.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "Config.1" - ], - "CIS-1.5": [ - "3.5" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.22" - ], - "AWS-Account-Security-Onboarding": [ - "Enable continuous recording for most of the resources", - "Confirm that records are present in central aggregator" - ], - "KISA-ISMS-P-2023": [ - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1190", - "T1078", - "T1204", - "T1098", - "T1136", - "T1525", - "T1562", - "T1110", - "T1040", - "T1119", - "T1530", - "T1485", - "T1486", - "T1491", - "T1499", - "T1496", - "T1498" - ], - "CIS-2.0": [ - "3.5" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "**AWS accounts** have **AWS Config recorders** active and healthy in each Region. It identifies Regions with no recorder, a disabled recorder, or a recorder in a failure state.", - "title": "AWS Config recorder is enabled and not in failure state or disabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-config_recorder_all_regions_enabled-211203495394-eu-west-2-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-2", - "data": { - "details": "", - "metadata": { - "name": "211203495394", - "role_arn": "", - "recording": null, - "last_status": null, - "region": "eu-west-2" - } - }, - "group": { - "name": "config" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:config:eu-west-2:211203495394:recorder" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-2" - }, - "remediation": { - "desc": "Enable **AWS Config** in every Region with continuous recording and maintain healthy recorder status.", - "references": [ - "https://hub.prowler.com/check/config_recorder_all_regions_enabled" - ] - }, - "risk_details": "**Gaps in Config recording** create **blind spots**. Changes in unmonitored Regions aren't captured, weakening **integrity** and **auditability**. Adversaries can alter resources or stage assets unnoticed, enabling misconfigurations and delaying **incident response**.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "AWS Config recorder 211203495394 is disabled.", - "metadata": { - "event_code": "config_recorder_all_regions_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "AWS Config recorder 211203495394 is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "logging", - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://repost.aws/es/questions/QUGcgeerhcTamRkwgdwh_tLQ/enable-aws-config", - "https://www.tenable.com/audits/items/CIS_Amazon_Web_Services_Foundations_v1.5.0_L2.audit:6a5136528bd329139e5969f8f1e5ffbc", - "https://aws.amazon.com/blogs/mt/aws-config-best-practices/" - ], - "notes": "", - "compliance": { - "HIPAA": [ - "164_308_a_1_ii_a" - ], - "SOC2": [ - "cc_2_1", - "cc_3_1", - "cc_3_4", - "cc_8_1" - ], - "C5-2025": [ - "OIS-05.01B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "DEV-08.02B" - ], - "NIST-CSF-1.1": [ - "cm_2", - "am_1", - "ra_5", - "sc_4", - "ip_12" - ], - "CIS-3.0": [ - "3.3" - ], - "ENS-RD2022": [ - "op.exp.1.aws.cfg.1", - "op.exp.1.aws.cfg.2", - "op.exp.3.aws.cfg.1", - "op.exp.3.r3.aws.cfg.1", - "op.mon.3.r2.aws.cfg.1", - "op.mon.3.r6.aws.cfg.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "3.3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "2.4", - "2.4.a", - "10.5", - "10.5.2", - "11.5", - "11.5.a", - "11.5.b" - ], - "CIS-5.0": [ - "3.3" - ], - "CIS-1.4": [ - "3.5" - ], - "GxP-EU-Annex-11": [ - "10-change-and-configuration-management", - "4.5-validation-development-quality", - "4.6-validation-quality-performance" - ], - "ProwlerThreatScore-1.0": [ - "3.3.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "Config.1" - ], - "CIS-1.5": [ - "3.5" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.22" - ], - "AWS-Account-Security-Onboarding": [ - "Enable continuous recording for most of the resources", - "Confirm that records are present in central aggregator" - ], - "KISA-ISMS-P-2023": [ - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1190", - "T1078", - "T1204", - "T1098", - "T1136", - "T1525", - "T1562", - "T1110", - "T1040", - "T1119", - "T1530", - "T1485", - "T1486", - "T1491", - "T1499", - "T1496", - "T1498" - ], - "CIS-2.0": [ - "3.5" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "**AWS accounts** have **AWS Config recorders** active and healthy in each Region. It identifies Regions with no recorder, a disabled recorder, or a recorder in a failure state.", - "title": "AWS Config recorder is enabled and not in failure state or disabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-config_recorder_all_regions_enabled-211203495394-eu-west-3-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-3", - "data": { - "details": "", - "metadata": { - "name": "211203495394", - "role_arn": "", - "recording": null, - "last_status": null, - "region": "eu-west-3" - } - }, - "group": { - "name": "config" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:config:eu-west-3:211203495394:recorder" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-3" - }, - "remediation": { - "desc": "Enable **AWS Config** in every Region with continuous recording and maintain healthy recorder status.", - "references": [ - "https://hub.prowler.com/check/config_recorder_all_regions_enabled" - ] - }, - "risk_details": "**Gaps in Config recording** create **blind spots**. Changes in unmonitored Regions aren't captured, weakening **integrity** and **auditability**. Adversaries can alter resources or stage assets unnoticed, enabling misconfigurations and delaying **incident response**.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "AWS Config recorder 211203495394 is disabled.", - "metadata": { - "event_code": "config_recorder_all_regions_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "AWS Config recorder 211203495394 is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "logging", - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://repost.aws/es/questions/QUGcgeerhcTamRkwgdwh_tLQ/enable-aws-config", - "https://www.tenable.com/audits/items/CIS_Amazon_Web_Services_Foundations_v1.5.0_L2.audit:6a5136528bd329139e5969f8f1e5ffbc", - "https://aws.amazon.com/blogs/mt/aws-config-best-practices/" - ], - "notes": "", - "compliance": { - "HIPAA": [ - "164_308_a_1_ii_a" - ], - "SOC2": [ - "cc_2_1", - "cc_3_1", - "cc_3_4", - "cc_8_1" - ], - "C5-2025": [ - "OIS-05.01B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "DEV-08.02B" - ], - "NIST-CSF-1.1": [ - "cm_2", - "am_1", - "ra_5", - "sc_4", - "ip_12" - ], - "CIS-3.0": [ - "3.3" - ], - "ENS-RD2022": [ - "op.exp.1.aws.cfg.1", - "op.exp.1.aws.cfg.2", - "op.exp.3.aws.cfg.1", - "op.exp.3.r3.aws.cfg.1", - "op.mon.3.r2.aws.cfg.1", - "op.mon.3.r6.aws.cfg.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "3.3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "2.4", - "2.4.a", - "10.5", - "10.5.2", - "11.5", - "11.5.a", - "11.5.b" - ], - "CIS-5.0": [ - "3.3" - ], - "CIS-1.4": [ - "3.5" - ], - "GxP-EU-Annex-11": [ - "10-change-and-configuration-management", - "4.5-validation-development-quality", - "4.6-validation-quality-performance" - ], - "ProwlerThreatScore-1.0": [ - "3.3.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "Config.1" - ], - "CIS-1.5": [ - "3.5" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.22" - ], - "AWS-Account-Security-Onboarding": [ - "Enable continuous recording for most of the resources", - "Confirm that records are present in central aggregator" - ], - "KISA-ISMS-P-2023": [ - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1190", - "T1078", - "T1204", - "T1098", - "T1136", - "T1525", - "T1562", - "T1110", - "T1040", - "T1119", - "T1530", - "T1485", - "T1486", - "T1491", - "T1499", - "T1496", - "T1498" - ], - "CIS-2.0": [ - "3.5" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "**AWS accounts** have **AWS Config recorders** active and healthy in each Region. It identifies Regions with no recorder, a disabled recorder, or a recorder in a failure state.", - "title": "AWS Config recorder is enabled and not in failure state or disabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-config_recorder_all_regions_enabled-211203495394-sa-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "sa-east-1", - "data": { - "details": "", - "metadata": { - "name": "211203495394", - "role_arn": "", - "recording": null, - "last_status": null, - "region": "sa-east-1" - } - }, - "group": { - "name": "config" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:config:sa-east-1:211203495394:recorder" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "sa-east-1" - }, - "remediation": { - "desc": "Enable **AWS Config** in every Region with continuous recording and maintain healthy recorder status.", - "references": [ - "https://hub.prowler.com/check/config_recorder_all_regions_enabled" - ] - }, - "risk_details": "**Gaps in Config recording** create **blind spots**. Changes in unmonitored Regions aren't captured, weakening **integrity** and **auditability**. Adversaries can alter resources or stage assets unnoticed, enabling misconfigurations and delaying **incident response**.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "AWS Config recorder 211203495394 is disabled.", - "metadata": { - "event_code": "config_recorder_all_regions_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "AWS Config recorder 211203495394 is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "logging", - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://repost.aws/es/questions/QUGcgeerhcTamRkwgdwh_tLQ/enable-aws-config", - "https://www.tenable.com/audits/items/CIS_Amazon_Web_Services_Foundations_v1.5.0_L2.audit:6a5136528bd329139e5969f8f1e5ffbc", - "https://aws.amazon.com/blogs/mt/aws-config-best-practices/" - ], - "notes": "", - "compliance": { - "HIPAA": [ - "164_308_a_1_ii_a" - ], - "SOC2": [ - "cc_2_1", - "cc_3_1", - "cc_3_4", - "cc_8_1" - ], - "C5-2025": [ - "OIS-05.01B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "DEV-08.02B" - ], - "NIST-CSF-1.1": [ - "cm_2", - "am_1", - "ra_5", - "sc_4", - "ip_12" - ], - "CIS-3.0": [ - "3.3" - ], - "ENS-RD2022": [ - "op.exp.1.aws.cfg.1", - "op.exp.1.aws.cfg.2", - "op.exp.3.aws.cfg.1", - "op.exp.3.r3.aws.cfg.1", - "op.mon.3.r2.aws.cfg.1", - "op.mon.3.r6.aws.cfg.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "3.3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "2.4", - "2.4.a", - "10.5", - "10.5.2", - "11.5", - "11.5.a", - "11.5.b" - ], - "CIS-5.0": [ - "3.3" - ], - "CIS-1.4": [ - "3.5" - ], - "GxP-EU-Annex-11": [ - "10-change-and-configuration-management", - "4.5-validation-development-quality", - "4.6-validation-quality-performance" - ], - "ProwlerThreatScore-1.0": [ - "3.3.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "Config.1" - ], - "CIS-1.5": [ - "3.5" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.22" - ], - "AWS-Account-Security-Onboarding": [ - "Enable continuous recording for most of the resources", - "Confirm that records are present in central aggregator" - ], - "KISA-ISMS-P-2023": [ - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1190", - "T1078", - "T1204", - "T1098", - "T1136", - "T1525", - "T1562", - "T1110", - "T1040", - "T1119", - "T1530", - "T1485", - "T1486", - "T1491", - "T1499", - "T1496", - "T1498" - ], - "CIS-2.0": [ - "3.5" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "**AWS accounts** have **AWS Config recorders** active and healthy in each Region. It identifies Regions with no recorder, a disabled recorder, or a recorder in a failure state.", - "title": "AWS Config recorder is enabled and not in failure state or disabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-config_recorder_all_regions_enabled-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "211203495394", - "role_arn": "", - "recording": null, - "last_status": null, - "region": "us-east-1" - } - }, - "group": { - "name": "config" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:config:us-east-1:211203495394:recorder" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Enable **AWS Config** in every Region with continuous recording and maintain healthy recorder status.", - "references": [ - "https://hub.prowler.com/check/config_recorder_all_regions_enabled" - ] - }, - "risk_details": "**Gaps in Config recording** create **blind spots**. Changes in unmonitored Regions aren't captured, weakening **integrity** and **auditability**. Adversaries can alter resources or stage assets unnoticed, enabling misconfigurations and delaying **incident response**.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "AWS Config recorder 211203495394 is disabled.", - "metadata": { - "event_code": "config_recorder_all_regions_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "AWS Config recorder 211203495394 is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "logging", - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://repost.aws/es/questions/QUGcgeerhcTamRkwgdwh_tLQ/enable-aws-config", - "https://www.tenable.com/audits/items/CIS_Amazon_Web_Services_Foundations_v1.5.0_L2.audit:6a5136528bd329139e5969f8f1e5ffbc", - "https://aws.amazon.com/blogs/mt/aws-config-best-practices/" - ], - "notes": "", - "compliance": { - "HIPAA": [ - "164_308_a_1_ii_a" - ], - "SOC2": [ - "cc_2_1", - "cc_3_1", - "cc_3_4", - "cc_8_1" - ], - "C5-2025": [ - "OIS-05.01B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "DEV-08.02B" - ], - "NIST-CSF-1.1": [ - "cm_2", - "am_1", - "ra_5", - "sc_4", - "ip_12" - ], - "CIS-3.0": [ - "3.3" - ], - "ENS-RD2022": [ - "op.exp.1.aws.cfg.1", - "op.exp.1.aws.cfg.2", - "op.exp.3.aws.cfg.1", - "op.exp.3.r3.aws.cfg.1", - "op.mon.3.r2.aws.cfg.1", - "op.mon.3.r6.aws.cfg.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "3.3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "2.4", - "2.4.a", - "10.5", - "10.5.2", - "11.5", - "11.5.a", - "11.5.b" - ], - "CIS-5.0": [ - "3.3" - ], - "CIS-1.4": [ - "3.5" - ], - "GxP-EU-Annex-11": [ - "10-change-and-configuration-management", - "4.5-validation-development-quality", - "4.6-validation-quality-performance" - ], - "ProwlerThreatScore-1.0": [ - "3.3.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "Config.1" - ], - "CIS-1.5": [ - "3.5" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.22" - ], - "AWS-Account-Security-Onboarding": [ - "Enable continuous recording for most of the resources", - "Confirm that records are present in central aggregator" - ], - "KISA-ISMS-P-2023": [ - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1190", - "T1078", - "T1204", - "T1098", - "T1136", - "T1525", - "T1562", - "T1110", - "T1040", - "T1119", - "T1530", - "T1485", - "T1486", - "T1491", - "T1499", - "T1496", - "T1498" - ], - "CIS-2.0": [ - "3.5" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "**AWS accounts** have **AWS Config recorders** active and healthy in each Region. It identifies Regions with no recorder, a disabled recorder, or a recorder in a failure state.", - "title": "AWS Config recorder is enabled and not in failure state or disabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-config_recorder_all_regions_enabled-211203495394-us-east-2-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-2", - "data": { - "details": "", - "metadata": { - "name": "211203495394", - "role_arn": "", - "recording": null, - "last_status": null, - "region": "us-east-2" - } - }, - "group": { - "name": "config" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:config:us-east-2:211203495394:recorder" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-2" - }, - "remediation": { - "desc": "Enable **AWS Config** in every Region with continuous recording and maintain healthy recorder status.", - "references": [ - "https://hub.prowler.com/check/config_recorder_all_regions_enabled" - ] - }, - "risk_details": "**Gaps in Config recording** create **blind spots**. Changes in unmonitored Regions aren't captured, weakening **integrity** and **auditability**. Adversaries can alter resources or stage assets unnoticed, enabling misconfigurations and delaying **incident response**.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "AWS Config recorder 211203495394 is disabled.", - "metadata": { - "event_code": "config_recorder_all_regions_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "AWS Config recorder 211203495394 is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "logging", - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://repost.aws/es/questions/QUGcgeerhcTamRkwgdwh_tLQ/enable-aws-config", - "https://www.tenable.com/audits/items/CIS_Amazon_Web_Services_Foundations_v1.5.0_L2.audit:6a5136528bd329139e5969f8f1e5ffbc", - "https://aws.amazon.com/blogs/mt/aws-config-best-practices/" - ], - "notes": "", - "compliance": { - "HIPAA": [ - "164_308_a_1_ii_a" - ], - "SOC2": [ - "cc_2_1", - "cc_3_1", - "cc_3_4", - "cc_8_1" - ], - "C5-2025": [ - "OIS-05.01B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "DEV-08.02B" - ], - "NIST-CSF-1.1": [ - "cm_2", - "am_1", - "ra_5", - "sc_4", - "ip_12" - ], - "CIS-3.0": [ - "3.3" - ], - "ENS-RD2022": [ - "op.exp.1.aws.cfg.1", - "op.exp.1.aws.cfg.2", - "op.exp.3.aws.cfg.1", - "op.exp.3.r3.aws.cfg.1", - "op.mon.3.r2.aws.cfg.1", - "op.mon.3.r6.aws.cfg.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "3.3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "2.4", - "2.4.a", - "10.5", - "10.5.2", - "11.5", - "11.5.a", - "11.5.b" - ], - "CIS-5.0": [ - "3.3" - ], - "CIS-1.4": [ - "3.5" - ], - "GxP-EU-Annex-11": [ - "10-change-and-configuration-management", - "4.5-validation-development-quality", - "4.6-validation-quality-performance" - ], - "ProwlerThreatScore-1.0": [ - "3.3.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "Config.1" - ], - "CIS-1.5": [ - "3.5" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.22" - ], - "AWS-Account-Security-Onboarding": [ - "Enable continuous recording for most of the resources", - "Confirm that records are present in central aggregator" - ], - "KISA-ISMS-P-2023": [ - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1190", - "T1078", - "T1204", - "T1098", - "T1136", - "T1525", - "T1562", - "T1110", - "T1040", - "T1119", - "T1530", - "T1485", - "T1486", - "T1491", - "T1499", - "T1496", - "T1498" - ], - "CIS-2.0": [ - "3.5" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "**AWS accounts** have **AWS Config recorders** active and healthy in each Region. It identifies Regions with no recorder, a disabled recorder, or a recorder in a failure state.", - "title": "AWS Config recorder is enabled and not in failure state or disabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-config_recorder_all_regions_enabled-211203495394-us-west-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-west-1", - "data": { - "details": "", - "metadata": { - "name": "211203495394", - "role_arn": "", - "recording": null, - "last_status": null, - "region": "us-west-1" - } - }, - "group": { - "name": "config" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:config:us-west-1:211203495394:recorder" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-west-1" - }, - "remediation": { - "desc": "Enable **AWS Config** in every Region with continuous recording and maintain healthy recorder status.", - "references": [ - "https://hub.prowler.com/check/config_recorder_all_regions_enabled" - ] - }, - "risk_details": "**Gaps in Config recording** create **blind spots**. Changes in unmonitored Regions aren't captured, weakening **integrity** and **auditability**. Adversaries can alter resources or stage assets unnoticed, enabling misconfigurations and delaying **incident response**.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "AWS Config recorder 211203495394 is disabled.", - "metadata": { - "event_code": "config_recorder_all_regions_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "AWS Config recorder 211203495394 is disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "logging", - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [ - "https://repost.aws/es/questions/QUGcgeerhcTamRkwgdwh_tLQ/enable-aws-config", - "https://www.tenable.com/audits/items/CIS_Amazon_Web_Services_Foundations_v1.5.0_L2.audit:6a5136528bd329139e5969f8f1e5ffbc", - "https://aws.amazon.com/blogs/mt/aws-config-best-practices/" - ], - "notes": "", - "compliance": { - "HIPAA": [ - "164_308_a_1_ii_a" - ], - "SOC2": [ - "cc_2_1", - "cc_3_1", - "cc_3_4", - "cc_8_1" - ], - "C5-2025": [ - "OIS-05.01B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "DEV-08.02B" - ], - "NIST-CSF-1.1": [ - "cm_2", - "am_1", - "ra_5", - "sc_4", - "ip_12" - ], - "CIS-3.0": [ - "3.3" - ], - "ENS-RD2022": [ - "op.exp.1.aws.cfg.1", - "op.exp.1.aws.cfg.2", - "op.exp.3.aws.cfg.1", - "op.exp.3.r3.aws.cfg.1", - "op.mon.3.r2.aws.cfg.1", - "op.mon.3.r6.aws.cfg.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2", - "2.11.3" - ], - "CIS-4.0.1": [ - "3.3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "2.4", - "2.4.a", - "10.5", - "10.5.2", - "11.5", - "11.5.a", - "11.5.b" - ], - "CIS-5.0": [ - "3.3" - ], - "CIS-1.4": [ - "3.5" - ], - "GxP-EU-Annex-11": [ - "10-change-and-configuration-management", - "4.5-validation-development-quality", - "4.6-validation-quality-performance" - ], - "ProwlerThreatScore-1.0": [ - "3.3.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "Config.1" - ], - "CIS-1.5": [ - "3.5" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP02" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.22" - ], - "AWS-Account-Security-Onboarding": [ - "Enable continuous recording for most of the resources", - "Confirm that records are present in central aggregator" - ], - "KISA-ISMS-P-2023": [ - "2.10.2", - "2.11.3" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "MITRE-ATTACK": [ - "T1190", - "T1078", - "T1204", - "T1098", - "T1136", - "T1525", - "T1562", - "T1110", - "T1040", - "T1119", - "T1530", - "T1485", - "T1486", - "T1491", - "T1499", - "T1496", - "T1498" - ], - "CIS-2.0": [ - "3.5" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "**AWS accounts** have **AWS Config recorders** active and healthy in each Region. It identifies Regions with no recorder, a disabled recorder, or a recorder in a failure state.", - "title": "AWS Config recorder is enabled and not in failure state or disabled", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices", - "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-config_recorder_all_regions_enabled-211203495394-us-west-2-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-west-2", - "data": { - "details": "", - "metadata": { - "name": "211203495394", - "role_arn": "", - "recording": null, - "last_status": null, - "region": "us-west-2" - } - }, - "group": { - "name": "config" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:config:us-west-2:211203495394:recorder" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-west-2" - }, - "remediation": { - "desc": "Enable **AWS Config** in every Region with continuous recording and maintain healthy recorder status.", - "references": [ - "https://hub.prowler.com/check/config_recorder_all_regions_enabled" - ] - }, - "risk_details": "**Gaps in Config recording** create **blind spots**. Changes in unmonitored Regions aren't captured, weakening **integrity** and **auditability**. Adversaries can alter resources or stage assets unnoticed, enabling misconfigurations and delaying **incident response**.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Elastic IP 176.34.139.236 is associated with an instance or network interface.", - "metadata": { - "event_code": "ec2_elastic_ip_unassigned", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "PASS", - "status_detail": "Elastic IP 176.34.139.236 is associated with an instance or network interface.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_4_1" - ], - "NIST-CSF-1.1": [ - "ds_3" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.2" - ], - "FFIEC": [ - "d1-g-it-b-1" - ], - "PCI-3.2.1": [ - "2.4" - ], - "AWS-Foundational-Security-Best-Practices": [ - "EC2.12" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC03-BP06" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "KISA-ISMS-P-2023": [ - "2.9.2" - ], - "CISA": [ - "your-systems-1", - "your-surroundings-1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Check if there is any unassigned Elastic IP.", - "title": "Check if there is any unassigned Elastic IP.", - "types": [ - "Infrastructure Security" - ], - "uid": "prowler-aws-ec2_elastic_ip_unassigned-211203495394-eu-west-1-176.34.139.236" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "public_ip": "176.34.139.236", - "association_id": "eipassoc-0472f6d1c3af36ba0", - "arn": "arn:aws:ec2:eu-west-1:211203495394:eip-allocation/eipalloc-0828a6be7b08e1d0e", - "allocation_id": "eipalloc-0828a6be7b08e1d0e", - "region": "eu-west-1", - "tags": [ - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Name", - "Value": "ex-vpc-eu-west-1a" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - } - ] - } - }, - "group": { - "name": "ec2" - }, - "labels": [ - "Example:ex-vpc", - "GithubRepo:terraform-aws-vpc", - "Name:ex-vpc-eu-west-1a", - "GithubOrg:terraform-aws-modules" - ], - "name": "176.34.139.236", - "type": "AwsEc2Eip", - "uid": "arn:aws:ec2:eu-west-1:211203495394:eip-allocation/eipalloc-0828a6be7b08e1d0e" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Ensure Elastic IPs are not unassigned.", - "references": [ - "https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/elastic-ip-addresses-eip.html" - ] - }, - "risk_details": "Unassigned Elastic IPs may result in extra cost.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Network ACL acl-003cdd347f8609cc2 has every port open to the Internet.", - "metadata": { - "event_code": "ec2_networkacl_allow_ingress_any_port", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Network ACL acl-003cdd347f8609cc2 has every port open to the Internet.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Infrastructure Security", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_1", - "3_1_2", - "3_1_3", - "3_1_14", - "3_1_20", - "3_4_1", - "3_4_7", - "3_13_1", - "3_13_2", - "3_13_5", - "3_13_6" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_1_3", - "annex_i_5_1" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_312_e_1" - ], - "SOC2": [ - "cc_6_6" - ], - "C5-2025": [ - "PI-01.01AC" - ], - "NIST-CSF-1.1": [ - "ae_1", - "ac_3", - "ac_5", - "pt_4" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-4", - "ac-17-1", - "ac-21-b", - "cm-2", - "sc-4", - "sc-7-3", - "sc-7" - ], - "CIS-3.0": [ - "5.1" - ], - "NIST-800-53-Revision-5": [ - "ac_4_21", - "ac_17_b", - "ac_17_1", - "ac_17_4_a", - "ac_17_9", - "ac_17_10", - "cm_2_a", - "cm_2_2", - "cm_6_a", - "cm_7_b", - "cm_8_6", - "cm_9_b", - "sc_7_5", - "sc_7_7", - "sc_7_11", - "sc_7_12", - "sc_7_16", - "sc_7_21", - "sc_7_24_b", - "sc_7_25", - "sc_7_26", - "sc_7_27", - "sc_7_28", - "sc_7_a", - "sc_7_c" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.1", - "2.10.2" - ], - "CIS-4.0.1": [ - "5.2" - ], - "FedRAMP-Low-Revision-4": [ - "ac-17", - "cm-2", - "sc-7" - ], - "FFIEC": [ - "d3-pc-am-b-10", - "d3-pc-im-b-1", - "d3-pc-im-b-2", - "d3-pc-im-b-6", - "d4-c-co-b-2" - ], - "CIS-5.0": [ - "5.2" - ], - "CIS-1.4": [ - "5.1" - ], - "CCC": [ - "CCC.MLDE.CN07.AR02", - "CCC.Core.CN05.AR05" - ], - "GxP-21-CFR-Part-11": [ - "11.10-d", - "11.10-g", - "11.10-k" - ], - "ProwlerThreatScore-1.0": [ - "2.1.3" - ], - "CIS-1.5": [ - "5.1" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP03" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "NIST-800-53-Revision-4": [ - "ac_4", - "cm_2", - "sc_7_3", - "sc_7" - ], - "KISA-ISMS-P-2023": [ - "2.6.1", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1199", - "T1048", - "T1499", - "T1498", - "T1046" - ], - "CIS-2.0": [ - "5.1" - ], - "CISA": [ - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure no Network ACLs allow ingress from 0.0.0.0/0 to any port.", - "title": "Ensure no Network ACLs allow ingress from 0.0.0.0/0 to any port.", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-ec2_networkacl_allow_ingress_any_port-211203495394-eu-west-1-acl-003cdd347f8609cc2" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "acl-003cdd347f8609cc2", - "arn": "arn:aws:ec2:eu-west-1:211203495394:network-acl/acl-003cdd347f8609cc2", - "name": "", - "region": "eu-west-1", - "entries": [ - { - "CidrBlock": "0.0.0.0/0", - "Egress": true, - "Protocol": "-1", - "RuleAction": "allow", - "RuleNumber": 100 - }, - { - "CidrBlock": "0.0.0.0/0", - "Egress": true, - "Protocol": "-1", - "RuleAction": "deny", - "RuleNumber": 32767 - }, - { - "CidrBlock": "0.0.0.0/0", - "Egress": false, - "Protocol": "-1", - "RuleAction": "allow", - "RuleNumber": 100 - }, - { - "CidrBlock": "0.0.0.0/0", - "Egress": false, - "Protocol": "-1", - "RuleAction": "deny", - "RuleNumber": 32767 - } - ], - "default": true, - "in_use": true, - "tags": [] - } - }, - "group": { - "name": "ec2" - }, - "labels": [], - "name": "acl-003cdd347f8609cc2", - "type": "AwsEc2NetworkAcl", - "uid": "arn:aws:ec2:eu-west-1:211203495394:network-acl/acl-003cdd347f8609cc2" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required.", - "references": [ - "https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html" - ] - }, - "risk_details": "Even having a perimeter firewall, having network acls open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Network ACL ex-rds-default has every port open to the Internet.", - "metadata": { - "event_code": "ec2_networkacl_allow_ingress_any_port", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Network ACL ex-rds-default has every port open to the Internet.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Infrastructure Security", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_1", - "3_1_2", - "3_1_3", - "3_1_14", - "3_1_20", - "3_4_1", - "3_4_7", - "3_13_1", - "3_13_2", - "3_13_5", - "3_13_6" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_1_3", - "annex_i_5_1" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_312_e_1" - ], - "SOC2": [ - "cc_6_6" - ], - "C5-2025": [ - "PI-01.01AC" - ], - "NIST-CSF-1.1": [ - "ae_1", - "ac_3", - "ac_5", - "pt_4" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-4", - "ac-17-1", - "ac-21-b", - "cm-2", - "sc-4", - "sc-7-3", - "sc-7" - ], - "CIS-3.0": [ - "5.1" - ], - "NIST-800-53-Revision-5": [ - "ac_4_21", - "ac_17_b", - "ac_17_1", - "ac_17_4_a", - "ac_17_9", - "ac_17_10", - "cm_2_a", - "cm_2_2", - "cm_6_a", - "cm_7_b", - "cm_8_6", - "cm_9_b", - "sc_7_5", - "sc_7_7", - "sc_7_11", - "sc_7_12", - "sc_7_16", - "sc_7_21", - "sc_7_24_b", - "sc_7_25", - "sc_7_26", - "sc_7_27", - "sc_7_28", - "sc_7_a", - "sc_7_c" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.1", - "2.10.2" - ], - "CIS-4.0.1": [ - "5.2" - ], - "FedRAMP-Low-Revision-4": [ - "ac-17", - "cm-2", - "sc-7" - ], - "FFIEC": [ - "d3-pc-am-b-10", - "d3-pc-im-b-1", - "d3-pc-im-b-2", - "d3-pc-im-b-6", - "d4-c-co-b-2" - ], - "CIS-5.0": [ - "5.2" - ], - "CIS-1.4": [ - "5.1" - ], - "CCC": [ - "CCC.MLDE.CN07.AR02", - "CCC.Core.CN05.AR05" - ], - "GxP-21-CFR-Part-11": [ - "11.10-d", - "11.10-g", - "11.10-k" - ], - "ProwlerThreatScore-1.0": [ - "2.1.3" - ], - "CIS-1.5": [ - "5.1" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP03" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "NIST-800-53-Revision-4": [ - "ac_4", - "cm_2", - "sc_7_3", - "sc_7" - ], - "KISA-ISMS-P-2023": [ - "2.6.1", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1199", - "T1048", - "T1499", - "T1498", - "T1046" - ], - "CIS-2.0": [ - "5.1" - ], - "CISA": [ - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure no Network ACLs allow ingress from 0.0.0.0/0 to any port.", - "title": "Ensure no Network ACLs allow ingress from 0.0.0.0/0 to any port.", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-ec2_networkacl_allow_ingress_any_port-211203495394-eu-west-1-acl-082a37cbcfccab639" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "acl-082a37cbcfccab639", - "arn": "arn:aws:ec2:eu-west-1:211203495394:network-acl/acl-082a37cbcfccab639", - "name": "ex-rds-default", - "region": "eu-west-1", - "entries": [ - { - "CidrBlock": "0.0.0.0/0", - "Egress": true, - "Protocol": "-1", - "RuleAction": "allow", - "RuleNumber": 100 - }, - { - "Egress": true, - "Ipv6CidrBlock": "::/0", - "Protocol": "-1", - "RuleAction": "allow", - "RuleNumber": 101 - }, - { - "CidrBlock": "0.0.0.0/0", - "Egress": true, - "Protocol": "-1", - "RuleAction": "deny", - "RuleNumber": 32767 - }, - { - "CidrBlock": "0.0.0.0/0", - "Egress": false, - "Protocol": "-1", - "RuleAction": "allow", - "RuleNumber": 100 - }, - { - "Egress": false, - "Ipv6CidrBlock": "::/0", - "Protocol": "-1", - "RuleAction": "allow", - "RuleNumber": 101 - }, - { - "CidrBlock": "0.0.0.0/0", - "Egress": false, - "Protocol": "-1", - "RuleAction": "deny", - "RuleNumber": 32767 - } - ], - "default": true, - "in_use": true, - "tags": [ - { - "Key": "GithubRepo", - "Value": "terraform-aws-rds-aurora" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Name", - "Value": "ex-rds-default" - }, - { - "Key": "Example", - "Value": "ex-rds" - } - ] - } - }, - "group": { - "name": "ec2" - }, - "labels": [ - "GithubRepo:terraform-aws-rds-aurora", - "GithubOrg:terraform-aws-modules", - "Name:ex-rds-default", - "Example:ex-rds" - ], - "name": "acl-082a37cbcfccab639", - "type": "AwsEc2NetworkAcl", - "uid": "arn:aws:ec2:eu-west-1:211203495394:network-acl/acl-082a37cbcfccab639" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required.", - "references": [ - "https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html" - ] - }, - "risk_details": "Even having a perimeter firewall, having network acls open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Network ACL acl-003cdd347f8609cc2 has SSH port 22 open to the Internet.", - "metadata": { - "event_code": "ec2_networkacl_allow_ingress_tcp_port_22", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Network ACL acl-003cdd347f8609cc2 has SSH port 22 open to the Internet.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_6_6" - ], - "C5-2025": [ - "PI-01.01AC" - ], - "CIS-3.0": [ - "5.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.1", - "2.6.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "5.2" - ], - "PCI-3.2.1": [ - "1.2", - "1.2.1", - "1.2.1.a", - "1.2.1.b", - "1.2.1.c", - "1.2.3", - "1.2.3.b", - "1.3", - "1.3.2" - ], - "CIS-5.0": [ - "5.2" - ], - "CIS-1.4": [ - "5.1" - ], - "CCC": [ - "CCC.MLDE.CN04.AR02", - "CCC.MLDE.CN07.AR02", - "CCC.Core.CN01.AR02", - "CCC.Core.CN05.AR05" - ], - "ProwlerThreatScore-1.0": [ - "2.1.3" - ], - "AWS-Foundational-Security-Best-Practices": [ - "EC2.21" - ], - "CIS-1.5": [ - "5.1" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP02", - "SEC05-BP03" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "KISA-ISMS-P-2023": [ - "2.6.1", - "2.6.6", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1199", - "T1048", - "T1499", - "T1498", - "T1046" - ], - "CIS-2.0": [ - "5.1" - ], - "NIS2": [ - "6.7.2.g" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure no Network ACLs allow ingress from 0.0.0.0/0 to SSH port 22", - "title": "Ensure no Network ACLs allow ingress from 0.0.0.0/0 to SSH port 22", - "types": [ - "Infrastructure Security" - ], - "uid": "prowler-aws-ec2_networkacl_allow_ingress_tcp_port_22-211203495394-eu-west-1-acl-003cdd347f8609cc2" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "acl-003cdd347f8609cc2", - "arn": "arn:aws:ec2:eu-west-1:211203495394:network-acl/acl-003cdd347f8609cc2", - "name": "", - "region": "eu-west-1", - "entries": [ - { - "CidrBlock": "0.0.0.0/0", - "Egress": true, - "Protocol": "-1", - "RuleAction": "allow", - "RuleNumber": 100 - }, - { - "CidrBlock": "0.0.0.0/0", - "Egress": true, - "Protocol": "-1", - "RuleAction": "deny", - "RuleNumber": 32767 - }, - { - "CidrBlock": "0.0.0.0/0", - "Egress": false, - "Protocol": "-1", - "RuleAction": "allow", - "RuleNumber": 100 - }, - { - "CidrBlock": "0.0.0.0/0", - "Egress": false, - "Protocol": "-1", - "RuleAction": "deny", - "RuleNumber": 32767 - } - ], - "default": true, - "in_use": true, - "tags": [] - } - }, - "group": { - "name": "ec2" - }, - "labels": [], - "name": "acl-003cdd347f8609cc2", - "type": "AwsEc2NetworkAcl", - "uid": "arn:aws:ec2:eu-west-1:211203495394:network-acl/acl-003cdd347f8609cc2" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required.", - "references": [ - "https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html" - ] - }, - "risk_details": "Even having a perimeter firewall, having network acls open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Network ACL ex-rds-default has SSH port 22 open to the Internet.", - "metadata": { - "event_code": "ec2_networkacl_allow_ingress_tcp_port_22", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Network ACL ex-rds-default has SSH port 22 open to the Internet.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_6_6" - ], - "C5-2025": [ - "PI-01.01AC" - ], - "CIS-3.0": [ - "5.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.1", - "2.6.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "5.2" - ], - "PCI-3.2.1": [ - "1.2", - "1.2.1", - "1.2.1.a", - "1.2.1.b", - "1.2.1.c", - "1.2.3", - "1.2.3.b", - "1.3", - "1.3.2" - ], - "CIS-5.0": [ - "5.2" - ], - "CIS-1.4": [ - "5.1" - ], - "CCC": [ - "CCC.MLDE.CN04.AR02", - "CCC.MLDE.CN07.AR02", - "CCC.Core.CN01.AR02", - "CCC.Core.CN05.AR05" - ], - "ProwlerThreatScore-1.0": [ - "2.1.3" - ], - "AWS-Foundational-Security-Best-Practices": [ - "EC2.21" - ], - "CIS-1.5": [ - "5.1" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP02", - "SEC05-BP03" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "KISA-ISMS-P-2023": [ - "2.6.1", - "2.6.6", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1199", - "T1048", - "T1499", - "T1498", - "T1046" - ], - "CIS-2.0": [ - "5.1" - ], - "NIS2": [ - "6.7.2.g" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure no Network ACLs allow ingress from 0.0.0.0/0 to SSH port 22", - "title": "Ensure no Network ACLs allow ingress from 0.0.0.0/0 to SSH port 22", - "types": [ - "Infrastructure Security" - ], - "uid": "prowler-aws-ec2_networkacl_allow_ingress_tcp_port_22-211203495394-eu-west-1-acl-082a37cbcfccab639" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "acl-082a37cbcfccab639", - "arn": "arn:aws:ec2:eu-west-1:211203495394:network-acl/acl-082a37cbcfccab639", - "name": "ex-rds-default", - "region": "eu-west-1", - "entries": [ - { - "CidrBlock": "0.0.0.0/0", - "Egress": true, - "Protocol": "-1", - "RuleAction": "allow", - "RuleNumber": 100 - }, - { - "Egress": true, - "Ipv6CidrBlock": "::/0", - "Protocol": "-1", - "RuleAction": "allow", - "RuleNumber": 101 - }, - { - "CidrBlock": "0.0.0.0/0", - "Egress": true, - "Protocol": "-1", - "RuleAction": "deny", - "RuleNumber": 32767 - }, - { - "CidrBlock": "0.0.0.0/0", - "Egress": false, - "Protocol": "-1", - "RuleAction": "allow", - "RuleNumber": 100 - }, - { - "Egress": false, - "Ipv6CidrBlock": "::/0", - "Protocol": "-1", - "RuleAction": "allow", - "RuleNumber": 101 - }, - { - "CidrBlock": "0.0.0.0/0", - "Egress": false, - "Protocol": "-1", - "RuleAction": "deny", - "RuleNumber": 32767 - } - ], - "default": true, - "in_use": true, - "tags": [ - { - "Key": "GithubRepo", - "Value": "terraform-aws-rds-aurora" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Name", - "Value": "ex-rds-default" - }, - { - "Key": "Example", - "Value": "ex-rds" - } - ] - } - }, - "group": { - "name": "ec2" - }, - "labels": [ - "GithubRepo:terraform-aws-rds-aurora", - "GithubOrg:terraform-aws-modules", - "Name:ex-rds-default", - "Example:ex-rds" - ], - "name": "acl-082a37cbcfccab639", - "type": "AwsEc2NetworkAcl", - "uid": "arn:aws:ec2:eu-west-1:211203495394:network-acl/acl-082a37cbcfccab639" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required.", - "references": [ - "https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html" - ] - }, - "risk_details": "Even having a perimeter firewall, having network acls open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Network ACL acl-003cdd347f8609cc2 has Microsoft RDP port 3389 open to the Internet.", - "metadata": { - "event_code": "ec2_networkacl_allow_ingress_tcp_port_3389", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Network ACL acl-003cdd347f8609cc2 has Microsoft RDP port 3389 open to the Internet.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_6_6" - ], - "C5-2025": [ - "PI-01.01AC" - ], - "CIS-3.0": [ - "5.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.1", - "2.6.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "5.2" - ], - "PCI-4.0": [ - "1.2.8.21", - "1.3.1.24", - "1.3.2.24", - "1.4.2.22", - "1.5.1.21", - "A1.1.3.21" - ], - "PCI-3.2.1": [ - "1.2", - "1.2.1", - "1.2.1.a", - "1.2.1.b", - "1.2.1.c", - "1.2.3", - "1.2.3.b", - "1.3", - "1.3.2" - ], - "CIS-5.0": [ - "5.2" - ], - "CIS-1.4": [ - "5.1" - ], - "CCC": [ - "CCC.MLDE.CN07.AR02", - "CCC.Core.CN05.AR05" - ], - "ProwlerThreatScore-1.0": [ - "2.1.3" - ], - "AWS-Foundational-Security-Best-Practices": [ - "EC2.21" - ], - "CIS-1.5": [ - "5.1" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP03" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "KISA-ISMS-P-2023": [ - "2.6.1", - "2.6.6", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1199", - "T1048", - "T1499", - "T1498", - "T1046" - ], - "CIS-2.0": [ - "5.1" - ], - "NIS2": [ - "6.7.2.g" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure no Network ACLs allow ingress from 0.0.0.0/0 to Microsoft RDP port 3389", - "title": "Ensure no Network ACLs allow ingress from 0.0.0.0/0 to Microsoft RDP port 3389", - "types": [ - "Infrastructure Security" - ], - "uid": "prowler-aws-ec2_networkacl_allow_ingress_tcp_port_3389-211203495394-eu-west-1-acl-003cdd347f8609cc2" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "acl-003cdd347f8609cc2", - "arn": "arn:aws:ec2:eu-west-1:211203495394:network-acl/acl-003cdd347f8609cc2", - "name": "", - "region": "eu-west-1", - "entries": [ - { - "CidrBlock": "0.0.0.0/0", - "Egress": true, - "Protocol": "-1", - "RuleAction": "allow", - "RuleNumber": 100 - }, - { - "CidrBlock": "0.0.0.0/0", - "Egress": true, - "Protocol": "-1", - "RuleAction": "deny", - "RuleNumber": 32767 - }, - { - "CidrBlock": "0.0.0.0/0", - "Egress": false, - "Protocol": "-1", - "RuleAction": "allow", - "RuleNumber": 100 - }, - { - "CidrBlock": "0.0.0.0/0", - "Egress": false, - "Protocol": "-1", - "RuleAction": "deny", - "RuleNumber": 32767 - } - ], - "default": true, - "in_use": true, - "tags": [] - } - }, - "group": { - "name": "ec2" - }, - "labels": [], - "name": "acl-003cdd347f8609cc2", - "type": "AwsEc2NetworkAcl", - "uid": "arn:aws:ec2:eu-west-1:211203495394:network-acl/acl-003cdd347f8609cc2" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required.", - "references": [ - "https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html" - ] - }, - "risk_details": "Even having a perimeter firewall, having network acls open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Network ACL ex-rds-default has Microsoft RDP port 3389 open to the Internet.", - "metadata": { - "event_code": "ec2_networkacl_allow_ingress_tcp_port_3389", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Network ACL ex-rds-default has Microsoft RDP port 3389 open to the Internet.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_6_6" - ], - "C5-2025": [ - "PI-01.01AC" - ], - "CIS-3.0": [ - "5.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.1", - "2.6.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "5.2" - ], - "PCI-4.0": [ - "1.2.8.21", - "1.3.1.24", - "1.3.2.24", - "1.4.2.22", - "1.5.1.21", - "A1.1.3.21" - ], - "PCI-3.2.1": [ - "1.2", - "1.2.1", - "1.2.1.a", - "1.2.1.b", - "1.2.1.c", - "1.2.3", - "1.2.3.b", - "1.3", - "1.3.2" - ], - "CIS-5.0": [ - "5.2" - ], - "CIS-1.4": [ - "5.1" - ], - "CCC": [ - "CCC.MLDE.CN07.AR02", - "CCC.Core.CN05.AR05" - ], - "ProwlerThreatScore-1.0": [ - "2.1.3" - ], - "AWS-Foundational-Security-Best-Practices": [ - "EC2.21" - ], - "CIS-1.5": [ - "5.1" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP03" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "KISA-ISMS-P-2023": [ - "2.6.1", - "2.6.6", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1199", - "T1048", - "T1499", - "T1498", - "T1046" - ], - "CIS-2.0": [ - "5.1" - ], - "NIS2": [ - "6.7.2.g" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure no Network ACLs allow ingress from 0.0.0.0/0 to Microsoft RDP port 3389", - "title": "Ensure no Network ACLs allow ingress from 0.0.0.0/0 to Microsoft RDP port 3389", - "types": [ - "Infrastructure Security" - ], - "uid": "prowler-aws-ec2_networkacl_allow_ingress_tcp_port_3389-211203495394-eu-west-1-acl-082a37cbcfccab639" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "acl-082a37cbcfccab639", - "arn": "arn:aws:ec2:eu-west-1:211203495394:network-acl/acl-082a37cbcfccab639", - "name": "ex-rds-default", - "region": "eu-west-1", - "entries": [ - { - "CidrBlock": "0.0.0.0/0", - "Egress": true, - "Protocol": "-1", - "RuleAction": "allow", - "RuleNumber": 100 - }, - { - "Egress": true, - "Ipv6CidrBlock": "::/0", - "Protocol": "-1", - "RuleAction": "allow", - "RuleNumber": 101 - }, - { - "CidrBlock": "0.0.0.0/0", - "Egress": true, - "Protocol": "-1", - "RuleAction": "deny", - "RuleNumber": 32767 - }, - { - "CidrBlock": "0.0.0.0/0", - "Egress": false, - "Protocol": "-1", - "RuleAction": "allow", - "RuleNumber": 100 - }, - { - "Egress": false, - "Ipv6CidrBlock": "::/0", - "Protocol": "-1", - "RuleAction": "allow", - "RuleNumber": 101 - }, - { - "CidrBlock": "0.0.0.0/0", - "Egress": false, - "Protocol": "-1", - "RuleAction": "deny", - "RuleNumber": 32767 - } - ], - "default": true, - "in_use": true, - "tags": [ - { - "Key": "GithubRepo", - "Value": "terraform-aws-rds-aurora" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Name", - "Value": "ex-rds-default" - }, - { - "Key": "Example", - "Value": "ex-rds" - } - ] - } - }, - "group": { - "name": "ec2" - }, - "labels": [ - "GithubRepo:terraform-aws-rds-aurora", - "GithubOrg:terraform-aws-modules", - "Name:ex-rds-default", - "Example:ex-rds" - ], - "name": "acl-082a37cbcfccab639", - "type": "AwsEc2NetworkAcl", - "uid": "arn:aws:ec2:eu-west-1:211203495394:network-acl/acl-082a37cbcfccab639" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required.", - "references": [ - "https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html" - ] - }, - "risk_details": "Even having a perimeter firewall, having network acls open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Security group ex-vpc-vpc-endpoints-20251019183704849500000005 (sg-029c322294e89e3d0) does not have all ports open to the Internet.", - "metadata": { - "event_code": "ec2_securitygroup_allow_ingress_from_internet_to_all_ports", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "PASS", - "status_detail": "Security group ex-vpc-vpc-endpoints-20251019183704849500000005 (sg-029c322294e89e3d0) does not have all ports open to the Internet.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_6_6" - ], - "C5-2025": [ - "PI-01.01AC" - ], - "CIS-3.0": [ - "5.2", - "5.3" - ], - "ENS-RD2022": [ - "mp.com.1.aws.sg.2" - ], - "AWS-Foundational-Technical-Review": [ - "NETSEC-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.1", - "2.6.2", - "2.6.4", - "2.6.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "5.3", - "5.4" - ], - "PCI-3.2.1": [ - "1.1", - "1.1.4", - "1.1.4.c", - "1.2", - "1.2.1", - "1.2.1.a", - "1.2.1.b", - "1.2.1.c", - "1.2.3", - "1.2.3.b", - "1.3", - "1.3.2", - "1.3.5" - ], - "CIS-5.0": [ - "5.3", - "5.4" - ], - "CIS-1.4": [ - "5.2" - ], - "CCC": [ - "CCC.MLDE.CN04.AR01", - "CCC.MLDE.CN04.AR02", - "CCC.MLDE.CN07.AR01", - "CCC.MLDE.CN07.AR02", - "CCC.VPC.CN01.AR01", - "CCC.Core.CN01.AR02", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR05" - ], - "ProwlerThreatScore-1.0": [ - "2.1.4" - ], - "CIS-1.5": [ - "5.2", - "5.3" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP03" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "KISA-ISMS-P-2023": [ - "2.6.1", - "2.6.2", - "2.6.4", - "2.6.6", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1199", - "T1048", - "T1499", - "T1498", - "T1046" - ], - "CIS-2.0": [ - "5.2", - "5.3" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to all ports.", - "title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to all ports.", - "types": [ - "Infrastructure Security" - ], - "uid": "prowler-aws-ec2_securitygroup_allow_ingress_from_internet_to_all_ports-211203495394-eu-west-1-sg-029c322294e89e3d0" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "ex-vpc-vpc-endpoints-20251019183704849500000005", - "metadata": { - "name": "ex-vpc-vpc-endpoints-20251019183704849500000005", - "region": "eu-west-1", - "arn": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-029c322294e89e3d0", - "id": "sg-029c322294e89e3d0", - "vpc_id": "vpc-007d791b9b857543e", - "associated_sgs": [], - "network_interfaces": [ - { - "id": "eni-0b0549e20044315f3", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0c5c806199955154b", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.60", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0cc527ecbe7a26eaf", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0fbed747547fe0b21", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.9", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0cd4fcd4819d5a0b7", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-01492c978b95da32f", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.10", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0affc8cb976d281e4", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-02d80e2d22cb22d04", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.178", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0fa50413d12043097", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0c9f85f08db46cc47", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.143", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0ab252a7dc8378f9e", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-09dd4c839f588ef37", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.180", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0c1065c914ddc0b88", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0f63eab8e95aa977f", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.100", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0d52b90c56c30aaaf", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0543d816a10754034", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.10", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0b032bdd6415e28d2", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-069213b1daba0d2fa", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.130", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0412563bcfde47c07", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0a5da01736971c566", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.10", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-00e49c1a350a96c62", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-05a60d3e43687578c", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.107", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0eee78be32276dc65", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0cce8dafaabedfaa6", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.114", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - } - ], - "ingress_rules": [ - { - "IpProtocol": "tcp", - "FromPort": 443, - "ToPort": 443, - "UserIdGroupPairs": [], - "IpRanges": [ - { - "Description": "HTTPS from VPC", - "CidrIp": "10.0.0.0/16" - } - ], - "Ipv6Ranges": [], - "PrefixListIds": [] - } - ], - "egress_rules": [], - "tags": [ - { - "Key": "Project", - "Value": "Secret" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Name", - "Value": "ex-vpc-vpc-endpoints-" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Endpoint", - "Value": "true" - }, - { - "Key": "Example", - "Value": "ex-vpc" - } - ] - } - }, - "group": { - "name": "ec2" - }, - "labels": [ - "Project:Secret", - "GithubOrg:terraform-aws-modules", - "Name:ex-vpc-vpc-endpoints-", - "GithubRepo:terraform-aws-vpc", - "Endpoint:true", - "Example:ex-vpc" - ], - "name": "sg-029c322294e89e3d0", - "type": "AwsEc2SecurityGroup", - "uid": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-029c322294e89e3d0" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", - "references": [ - "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" - ] - }, - "risk_details": "If Security groups are not properly configured the attack surface is increased. An attacker could exploit this misconfiguration to gain unauthorized access to resources.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Security group ex-vpc-rds20251019183702376100000002 (sg-0a8033bb48cc40a41) does not have all ports open to the Internet.", - "metadata": { - "event_code": "ec2_securitygroup_allow_ingress_from_internet_to_all_ports", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "PASS", - "status_detail": "Security group ex-vpc-rds20251019183702376100000002 (sg-0a8033bb48cc40a41) does not have all ports open to the Internet.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_6_6" - ], - "C5-2025": [ - "PI-01.01AC" - ], - "CIS-3.0": [ - "5.2", - "5.3" - ], - "ENS-RD2022": [ - "mp.com.1.aws.sg.2" - ], - "AWS-Foundational-Technical-Review": [ - "NETSEC-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.1", - "2.6.2", - "2.6.4", - "2.6.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "5.3", - "5.4" - ], - "PCI-3.2.1": [ - "1.1", - "1.1.4", - "1.1.4.c", - "1.2", - "1.2.1", - "1.2.1.a", - "1.2.1.b", - "1.2.1.c", - "1.2.3", - "1.2.3.b", - "1.3", - "1.3.2", - "1.3.5" - ], - "CIS-5.0": [ - "5.3", - "5.4" - ], - "CIS-1.4": [ - "5.2" - ], - "CCC": [ - "CCC.MLDE.CN04.AR01", - "CCC.MLDE.CN04.AR02", - "CCC.MLDE.CN07.AR01", - "CCC.MLDE.CN07.AR02", - "CCC.VPC.CN01.AR01", - "CCC.Core.CN01.AR02", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR05" - ], - "ProwlerThreatScore-1.0": [ - "2.1.4" - ], - "CIS-1.5": [ - "5.2", - "5.3" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP03" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "KISA-ISMS-P-2023": [ - "2.6.1", - "2.6.2", - "2.6.4", - "2.6.6", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1199", - "T1048", - "T1499", - "T1498", - "T1046" - ], - "CIS-2.0": [ - "5.2", - "5.3" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to all ports.", - "title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to all ports.", - "types": [ - "Infrastructure Security" - ], - "uid": "prowler-aws-ec2_securitygroup_allow_ingress_from_internet_to_all_ports-211203495394-eu-west-1-sg-0a8033bb48cc40a41" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "ex-vpc-rds20251019183702376100000002", - "metadata": { - "name": "ex-vpc-rds20251019183702376100000002", - "region": "eu-west-1", - "arn": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-0a8033bb48cc40a41", - "id": "sg-0a8033bb48cc40a41", - "vpc_id": "vpc-007d791b9b857543e", - "associated_sgs": [], - "network_interfaces": [ - { - "id": "eni-0b0549e20044315f3", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0c5c806199955154b", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.60", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0c1065c914ddc0b88", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0f63eab8e95aa977f", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.100", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-00e49c1a350a96c62", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-05a60d3e43687578c", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.107", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - } - ], - "ingress_rules": [ - { - "IpProtocol": "tcp", - "FromPort": 5432, - "ToPort": 5432, - "UserIdGroupPairs": [], - "IpRanges": [ - { - "Description": "TLS from VPC", - "CidrIp": "10.0.0.0/16" - } - ], - "Ipv6Ranges": [], - "PrefixListIds": [] - } - ], - "egress_rules": [], - "tags": [ - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - } - ] - } - }, - "group": { - "name": "ec2" - }, - "labels": [ - "GithubOrg:terraform-aws-modules", - "Example:ex-vpc", - "GithubRepo:terraform-aws-vpc" - ], - "name": "sg-0a8033bb48cc40a41", - "type": "AwsEc2SecurityGroup", - "uid": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-0a8033bb48cc40a41" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", - "references": [ - "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" - ] - }, - "risk_details": "If Security groups are not properly configured the attack surface is increased. An attacker could exploit this misconfiguration to gain unauthorized access to resources.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Security group ex-vpc-vpc-endpoints-20251019183704849500000005 (sg-029c322294e89e3d0) does not have any port open to the Internet.", - "metadata": { - "event_code": "ec2_securitygroup_allow_ingress_from_internet_to_any_port", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Security group ex-vpc-vpc-endpoints-20251019183704849500000005 (sg-029c322294e89e3d0) does not have any port open to the Internet.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_6_6" - ], - "C5-2025": [ - "PI-01.01AC" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.1", - "2.6.2", - "2.6.4", - "2.6.6", - "2.10.2" - ], - "PCI-4.0": [ - "1.2.5.17", - "1.2.8.41", - "1.3.1.45", - "1.3.2.45", - "1.4.2.43", - "1.5.1.40", - "2.2.5.17", - "A1.1.3.40" - ], - "CCC": [ - "CCC.VPC.CN01.AR01" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "KISA-ISMS-P-2023": [ - "2.6.1", - "2.6.2", - "2.6.4", - "2.6.6", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port and not attached to a network interface with not allowed network interface types or instance owners. By default, the allowed network interface types are 'api_gateway_managed' and 'vpc_endpoint', and the allowed instance owners are 'amazon-elb', you can customize these values by setting the 'ec2_allowed_interface_types' and 'ec2_allowed_instance_owners' variables.", - "title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port.", - "types": [ - "Infrastructure Security" - ], - "uid": "prowler-aws-ec2_securitygroup_allow_ingress_from_internet_to_any_port-211203495394-eu-west-1-sg-029c322294e89e3d0" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "ex-vpc-vpc-endpoints-20251019183704849500000005", - "metadata": { - "name": "ex-vpc-vpc-endpoints-20251019183704849500000005", - "region": "eu-west-1", - "arn": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-029c322294e89e3d0", - "id": "sg-029c322294e89e3d0", - "vpc_id": "vpc-007d791b9b857543e", - "associated_sgs": [], - "network_interfaces": [ - { - "id": "eni-0b0549e20044315f3", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0c5c806199955154b", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.60", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0cc527ecbe7a26eaf", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0fbed747547fe0b21", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.9", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0cd4fcd4819d5a0b7", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-01492c978b95da32f", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.10", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0affc8cb976d281e4", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-02d80e2d22cb22d04", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.178", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0fa50413d12043097", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0c9f85f08db46cc47", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.143", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0ab252a7dc8378f9e", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-09dd4c839f588ef37", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.180", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0c1065c914ddc0b88", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0f63eab8e95aa977f", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.100", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0d52b90c56c30aaaf", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0543d816a10754034", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.10", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0b032bdd6415e28d2", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-069213b1daba0d2fa", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.130", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0412563bcfde47c07", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0a5da01736971c566", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.10", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-00e49c1a350a96c62", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-05a60d3e43687578c", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.107", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0eee78be32276dc65", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0cce8dafaabedfaa6", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.114", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - } - ], - "ingress_rules": [ - { - "IpProtocol": "tcp", - "FromPort": 443, - "ToPort": 443, - "UserIdGroupPairs": [], - "IpRanges": [ - { - "Description": "HTTPS from VPC", - "CidrIp": "10.0.0.0/16" - } - ], - "Ipv6Ranges": [], - "PrefixListIds": [] - } - ], - "egress_rules": [], - "tags": [ - { - "Key": "Project", - "Value": "Secret" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Name", - "Value": "ex-vpc-vpc-endpoints-" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Endpoint", - "Value": "true" - }, - { - "Key": "Example", - "Value": "ex-vpc" - } - ] - } - }, - "group": { - "name": "ec2" - }, - "labels": [ - "Project:Secret", - "GithubOrg:terraform-aws-modules", - "Name:ex-vpc-vpc-endpoints-", - "GithubRepo:terraform-aws-vpc", - "Endpoint:true", - "Example:ex-vpc" - ], - "name": "sg-029c322294e89e3d0", - "type": "AwsEc2SecurityGroup", - "uid": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-029c322294e89e3d0" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", - "references": [ - "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" - ] - }, - "risk_details": "The security group allows all traffic from the internet to any port. This could allow an attacker to access the instance.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Security group ex-vpc-rds20251019183702376100000002 (sg-0a8033bb48cc40a41) does not have any port open to the Internet.", - "metadata": { - "event_code": "ec2_securitygroup_allow_ingress_from_internet_to_any_port", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Security group ex-vpc-rds20251019183702376100000002 (sg-0a8033bb48cc40a41) does not have any port open to the Internet.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_6_6" - ], - "C5-2025": [ - "PI-01.01AC" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.1", - "2.6.2", - "2.6.4", - "2.6.6", - "2.10.2" - ], - "PCI-4.0": [ - "1.2.5.17", - "1.2.8.41", - "1.3.1.45", - "1.3.2.45", - "1.4.2.43", - "1.5.1.40", - "2.2.5.17", - "A1.1.3.40" - ], - "CCC": [ - "CCC.VPC.CN01.AR01" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "KISA-ISMS-P-2023": [ - "2.6.1", - "2.6.2", - "2.6.4", - "2.6.6", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port and not attached to a network interface with not allowed network interface types or instance owners. By default, the allowed network interface types are 'api_gateway_managed' and 'vpc_endpoint', and the allowed instance owners are 'amazon-elb', you can customize these values by setting the 'ec2_allowed_interface_types' and 'ec2_allowed_instance_owners' variables.", - "title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port.", - "types": [ - "Infrastructure Security" - ], - "uid": "prowler-aws-ec2_securitygroup_allow_ingress_from_internet_to_any_port-211203495394-eu-west-1-sg-0a8033bb48cc40a41" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "ex-vpc-rds20251019183702376100000002", - "metadata": { - "name": "ex-vpc-rds20251019183702376100000002", - "region": "eu-west-1", - "arn": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-0a8033bb48cc40a41", - "id": "sg-0a8033bb48cc40a41", - "vpc_id": "vpc-007d791b9b857543e", - "associated_sgs": [], - "network_interfaces": [ - { - "id": "eni-0b0549e20044315f3", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0c5c806199955154b", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.60", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0c1065c914ddc0b88", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0f63eab8e95aa977f", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.100", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-00e49c1a350a96c62", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-05a60d3e43687578c", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.107", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - } - ], - "ingress_rules": [ - { - "IpProtocol": "tcp", - "FromPort": 5432, - "ToPort": 5432, - "UserIdGroupPairs": [], - "IpRanges": [ - { - "Description": "TLS from VPC", - "CidrIp": "10.0.0.0/16" - } - ], - "Ipv6Ranges": [], - "PrefixListIds": [] - } - ], - "egress_rules": [], - "tags": [ - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - } - ] - } - }, - "group": { - "name": "ec2" - }, - "labels": [ - "GithubOrg:terraform-aws-modules", - "Example:ex-vpc", - "GithubRepo:terraform-aws-vpc" - ], - "name": "sg-0a8033bb48cc40a41", - "type": "AwsEc2SecurityGroup", - "uid": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-0a8033bb48cc40a41" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", - "references": [ - "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" - ] - }, - "risk_details": "The security group allows all traffic from the internet to any port. This could allow an attacker to access the instance.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Security group ex-vpc-vpc-endpoints-20251019183704849500000005 (sg-029c322294e89e3d0) does not have any high-risk port open to the Internet.", - "metadata": { - "event_code": "ec2_securitygroup_allow_ingress_from_internet_to_high_risk_tcp_ports", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "PASS", - "status_detail": "Security group ex-vpc-vpc-endpoints-20251019183704849500000005 (sg-029c322294e89e3d0) does not have any high-risk port open to the Internet.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_6_6" - ], - "C5-2025": [ - "OIS-05.03B", - "PI-01.01AC" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.1", - "2.6.2", - "2.6.4", - "2.6.6", - "2.10.2" - ], - "ProwlerThreatScore-1.0": [ - "2.1.7" - ], - "AWS-Foundational-Security-Best-Practices": [ - "EC2.19" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "KISA-ISMS-P-2023": [ - "2.6.1", - "2.6.2", - "2.6.4", - "2.6.6", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to ports 25(SMTP), 110(POP3), 135(RCP), 143(IMAP), 445(CIFS), 3000(Go, Node.js, and Ruby web developemnt frameworks), 4333(ahsp), 5000(Python web development frameworks), 5500(fcp-addr-srvr1), 8080(proxy), 8088(legacy HTTP port).", - "title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to high risk ports.", - "types": [ - "Infrastructure Security" - ], - "uid": "prowler-aws-ec2_securitygroup_allow_ingress_from_internet_to_high_risk_tcp_ports-211203495394-eu-west-1-sg-029c322294e89e3d0" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "ex-vpc-vpc-endpoints-20251019183704849500000005", - "metadata": { - "name": "ex-vpc-vpc-endpoints-20251019183704849500000005", - "region": "eu-west-1", - "arn": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-029c322294e89e3d0", - "id": "sg-029c322294e89e3d0", - "vpc_id": "vpc-007d791b9b857543e", - "associated_sgs": [], - "network_interfaces": [ - { - "id": "eni-0b0549e20044315f3", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0c5c806199955154b", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.60", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0cc527ecbe7a26eaf", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0fbed747547fe0b21", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.9", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0cd4fcd4819d5a0b7", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-01492c978b95da32f", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.10", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0affc8cb976d281e4", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-02d80e2d22cb22d04", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.178", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0fa50413d12043097", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0c9f85f08db46cc47", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.143", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0ab252a7dc8378f9e", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-09dd4c839f588ef37", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.180", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0c1065c914ddc0b88", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0f63eab8e95aa977f", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.100", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0d52b90c56c30aaaf", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0543d816a10754034", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.10", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0b032bdd6415e28d2", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-069213b1daba0d2fa", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.130", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0412563bcfde47c07", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0a5da01736971c566", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.10", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-00e49c1a350a96c62", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-05a60d3e43687578c", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.107", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0eee78be32276dc65", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0cce8dafaabedfaa6", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.114", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - } - ], - "ingress_rules": [ - { - "IpProtocol": "tcp", - "FromPort": 443, - "ToPort": 443, - "UserIdGroupPairs": [], - "IpRanges": [ - { - "Description": "HTTPS from VPC", - "CidrIp": "10.0.0.0/16" - } - ], - "Ipv6Ranges": [], - "PrefixListIds": [] - } - ], - "egress_rules": [], - "tags": [ - { - "Key": "Project", - "Value": "Secret" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Name", - "Value": "ex-vpc-vpc-endpoints-" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Endpoint", - "Value": "true" - }, - { - "Key": "Example", - "Value": "ex-vpc" - } - ] - } - }, - "group": { - "name": "ec2" - }, - "labels": [ - "Project:Secret", - "GithubOrg:terraform-aws-modules", - "Name:ex-vpc-vpc-endpoints-", - "GithubRepo:terraform-aws-vpc", - "Endpoint:true", - "Example:ex-vpc" - ], - "name": "sg-029c322294e89e3d0", - "type": "AwsEc2SecurityGroup", - "uid": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-029c322294e89e3d0" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", - "references": [ - "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" - ] - }, - "risk_details": "If Security groups are not properly configured the attack surface is increased.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Security group ex-vpc-rds20251019183702376100000002 (sg-0a8033bb48cc40a41) does not have any high-risk port open to the Internet.", - "metadata": { - "event_code": "ec2_securitygroup_allow_ingress_from_internet_to_high_risk_tcp_ports", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "PASS", - "status_detail": "Security group ex-vpc-rds20251019183702376100000002 (sg-0a8033bb48cc40a41) does not have any high-risk port open to the Internet.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_6_6" - ], - "C5-2025": [ - "OIS-05.03B", - "PI-01.01AC" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.1", - "2.6.2", - "2.6.4", - "2.6.6", - "2.10.2" - ], - "ProwlerThreatScore-1.0": [ - "2.1.7" - ], - "AWS-Foundational-Security-Best-Practices": [ - "EC2.19" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "KISA-ISMS-P-2023": [ - "2.6.1", - "2.6.2", - "2.6.4", - "2.6.6", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to ports 25(SMTP), 110(POP3), 135(RCP), 143(IMAP), 445(CIFS), 3000(Go, Node.js, and Ruby web developemnt frameworks), 4333(ahsp), 5000(Python web development frameworks), 5500(fcp-addr-srvr1), 8080(proxy), 8088(legacy HTTP port).", - "title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to high risk ports.", - "types": [ - "Infrastructure Security" - ], - "uid": "prowler-aws-ec2_securitygroup_allow_ingress_from_internet_to_high_risk_tcp_ports-211203495394-eu-west-1-sg-0a8033bb48cc40a41" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "ex-vpc-rds20251019183702376100000002", - "metadata": { - "name": "ex-vpc-rds20251019183702376100000002", - "region": "eu-west-1", - "arn": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-0a8033bb48cc40a41", - "id": "sg-0a8033bb48cc40a41", - "vpc_id": "vpc-007d791b9b857543e", - "associated_sgs": [], - "network_interfaces": [ - { - "id": "eni-0b0549e20044315f3", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0c5c806199955154b", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.60", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0c1065c914ddc0b88", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0f63eab8e95aa977f", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.100", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-00e49c1a350a96c62", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-05a60d3e43687578c", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.107", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - } - ], - "ingress_rules": [ - { - "IpProtocol": "tcp", - "FromPort": 5432, - "ToPort": 5432, - "UserIdGroupPairs": [], - "IpRanges": [ - { - "Description": "TLS from VPC", - "CidrIp": "10.0.0.0/16" - } - ], - "Ipv6Ranges": [], - "PrefixListIds": [] - } - ], - "egress_rules": [], - "tags": [ - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - } - ] - } - }, - "group": { - "name": "ec2" - }, - "labels": [ - "GithubOrg:terraform-aws-modules", - "Example:ex-vpc", - "GithubRepo:terraform-aws-vpc" - ], - "name": "sg-0a8033bb48cc40a41", - "type": "AwsEc2SecurityGroup", - "uid": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-0a8033bb48cc40a41" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", - "references": [ - "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" - ] - }, - "risk_details": "If Security groups are not properly configured the attack surface is increased.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Security group ex-vpc-vpc-endpoints-20251019183704849500000005 (sg-029c322294e89e3d0) does not have SSH port 22 open to the Internet.", - "metadata": { - "event_code": "ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Security group ex-vpc-vpc-endpoints-20251019183704849500000005 (sg-029c322294e89e3d0) does not have SSH port 22 open to the Internet.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_1", - "3_1_2", - "3_1_3", - "3_1_14", - "3_1_20", - "3_4_7", - "3_13_1", - "3_13_2", - "3_13_5", - "3_13_6" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_5_1", - "annex_i_7_3" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_312_e_1" - ], - "SOC2": [ - "cc_6_6", - "cc_7_2" - ], - "C5-2025": [ - "PI-01.01AC" - ], - "NIST-CSF-1.1": [ - "ae_1", - "ac_3", - "ac_5", - "ds_7", - "pt_4" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-4", - "ac-17-1", - "cm-2", - "sc-4", - "sc-7-3", - "sc-7" - ], - "CIS-3.0": [ - "5.2", - "5.3" - ], - "NIST-800-53-Revision-5": [ - "ac_17_b", - "ac_17_1", - "ac_17_9", - "ac_17_10", - "cm_9_b", - "sc_7_7", - "sc_7_11", - "sc_7_12", - "sc_7_16", - "sc_7_21", - "sc_7_24_b", - "sc_7_25", - "sc_7_26", - "sc_7_27", - "sc_7_28", - "sc_7_a", - "sc_7_c" - ], - "AWS-Foundational-Technical-Review": [ - "NETSEC-001" - ], - "AWS-Audit-Manager-Control-Tower-Guardrails": [ - "2.0.2" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.1", - "2.6.2", - "2.6.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "5.3", - "5.4" - ], - "PCI-4.0": [ - "1.2.8.17", - "1.3.1.19", - "1.3.2.19", - "1.4.2.18", - "1.5.1.17", - "A1.1.3.17" - ], - "FedRAMP-Low-Revision-4": [ - "ac-17", - "cm-2", - "sc-7" - ], - "FFIEC": [ - "d3-pc-am-b-10", - "d3-pc-im-b-1", - "d3-pc-im-b-2", - "d3-pc-im-b-6", - "d4-c-co-b-2" - ], - "PCI-3.2.1": [ - "1.2", - "1.2.1", - "1.2.1.a", - "1.2.1.b", - "1.2.1.c", - "1.3", - "1.3.1", - "2.2", - "2.2.2" - ], - "CIS-5.0": [ - "5.3", - "5.4" - ], - "CIS-1.4": [ - "5.2" - ], - "CCC": [ - "CCC.MLDE.CN04.AR01", - "CCC.MLDE.CN04.AR02", - "CCC.MLDE.CN07.AR02", - "CCC.Core.CN01.AR02", - "CCC.Core.CN05.AR05" - ], - "GxP-21-CFR-Part-11": [ - "11.10-d", - "11.10-g" - ], - "ProwlerThreatScore-1.0": [ - "2.1.4", - "2.1.7" - ], - "AWS-Foundational-Security-Best-Practices": [ - "EC2.13" - ], - "CIS-1.5": [ - "5.2", - "5.3" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP03" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "NIST-800-53-Revision-4": [ - "ac_4", - "sc_7_3", - "sc_7" - ], - "KISA-ISMS-P-2023": [ - "2.6.1", - "2.6.2", - "2.6.6", - "2.10.2" - ], - "ISO27001-2013": [ - "A.12.6", - "A.13.1" - ], - "MITRE-ATTACK": [ - "T1199", - "T1048", - "T1499", - "T1498", - "T1046" - ], - "CIS-2.0": [ - "5.2", - "5.3" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22.", - "title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22.", - "types": [ - "Infrastructure Security" - ], - "uid": "prowler-aws-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22-211203495394-eu-west-1-sg-029c322294e89e3d0" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "ex-vpc-vpc-endpoints-20251019183704849500000005", - "metadata": { - "name": "ex-vpc-vpc-endpoints-20251019183704849500000005", - "region": "eu-west-1", - "arn": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-029c322294e89e3d0", - "id": "sg-029c322294e89e3d0", - "vpc_id": "vpc-007d791b9b857543e", - "associated_sgs": [], - "network_interfaces": [ - { - "id": "eni-0b0549e20044315f3", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0c5c806199955154b", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.60", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0cc527ecbe7a26eaf", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0fbed747547fe0b21", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.9", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0cd4fcd4819d5a0b7", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-01492c978b95da32f", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.10", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0affc8cb976d281e4", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-02d80e2d22cb22d04", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.178", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0fa50413d12043097", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0c9f85f08db46cc47", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.143", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0ab252a7dc8378f9e", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-09dd4c839f588ef37", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.180", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0c1065c914ddc0b88", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0f63eab8e95aa977f", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.100", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0d52b90c56c30aaaf", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0543d816a10754034", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.10", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0b032bdd6415e28d2", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-069213b1daba0d2fa", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.130", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0412563bcfde47c07", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0a5da01736971c566", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.10", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-00e49c1a350a96c62", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-05a60d3e43687578c", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.107", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0eee78be32276dc65", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0cce8dafaabedfaa6", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.114", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - } - ], - "ingress_rules": [ - { - "IpProtocol": "tcp", - "FromPort": 443, - "ToPort": 443, - "UserIdGroupPairs": [], - "IpRanges": [ - { - "Description": "HTTPS from VPC", - "CidrIp": "10.0.0.0/16" - } - ], - "Ipv6Ranges": [], - "PrefixListIds": [] - } - ], - "egress_rules": [], - "tags": [ - { - "Key": "Project", - "Value": "Secret" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Name", - "Value": "ex-vpc-vpc-endpoints-" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Endpoint", - "Value": "true" - }, - { - "Key": "Example", - "Value": "ex-vpc" - } - ] - } - }, - "group": { - "name": "ec2" - }, - "labels": [ - "Project:Secret", - "GithubOrg:terraform-aws-modules", - "Name:ex-vpc-vpc-endpoints-", - "GithubRepo:terraform-aws-vpc", - "Endpoint:true", - "Example:ex-vpc" - ], - "name": "sg-029c322294e89e3d0", - "type": "AwsEc2SecurityGroup", - "uid": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-029c322294e89e3d0" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", - "references": [ - "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" - ] - }, - "risk_details": "If Security groups are not properly configured the attack surface is increased.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Security group ex-vpc-rds20251019183702376100000002 (sg-0a8033bb48cc40a41) does not have SSH port 22 open to the Internet.", - "metadata": { - "event_code": "ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Security group ex-vpc-rds20251019183702376100000002 (sg-0a8033bb48cc40a41) does not have SSH port 22 open to the Internet.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_1", - "3_1_2", - "3_1_3", - "3_1_14", - "3_1_20", - "3_4_7", - "3_13_1", - "3_13_2", - "3_13_5", - "3_13_6" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_5_1", - "annex_i_7_3" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_312_e_1" - ], - "SOC2": [ - "cc_6_6", - "cc_7_2" - ], - "C5-2025": [ - "PI-01.01AC" - ], - "NIST-CSF-1.1": [ - "ae_1", - "ac_3", - "ac_5", - "ds_7", - "pt_4" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-4", - "ac-17-1", - "cm-2", - "sc-4", - "sc-7-3", - "sc-7" - ], - "CIS-3.0": [ - "5.2", - "5.3" - ], - "NIST-800-53-Revision-5": [ - "ac_17_b", - "ac_17_1", - "ac_17_9", - "ac_17_10", - "cm_9_b", - "sc_7_7", - "sc_7_11", - "sc_7_12", - "sc_7_16", - "sc_7_21", - "sc_7_24_b", - "sc_7_25", - "sc_7_26", - "sc_7_27", - "sc_7_28", - "sc_7_a", - "sc_7_c" - ], - "AWS-Foundational-Technical-Review": [ - "NETSEC-001" - ], - "AWS-Audit-Manager-Control-Tower-Guardrails": [ - "2.0.2" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.1", - "2.6.2", - "2.6.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "5.3", - "5.4" - ], - "PCI-4.0": [ - "1.2.8.17", - "1.3.1.19", - "1.3.2.19", - "1.4.2.18", - "1.5.1.17", - "A1.1.3.17" - ], - "FedRAMP-Low-Revision-4": [ - "ac-17", - "cm-2", - "sc-7" - ], - "FFIEC": [ - "d3-pc-am-b-10", - "d3-pc-im-b-1", - "d3-pc-im-b-2", - "d3-pc-im-b-6", - "d4-c-co-b-2" - ], - "PCI-3.2.1": [ - "1.2", - "1.2.1", - "1.2.1.a", - "1.2.1.b", - "1.2.1.c", - "1.3", - "1.3.1", - "2.2", - "2.2.2" - ], - "CIS-5.0": [ - "5.3", - "5.4" - ], - "CIS-1.4": [ - "5.2" - ], - "CCC": [ - "CCC.MLDE.CN04.AR01", - "CCC.MLDE.CN04.AR02", - "CCC.MLDE.CN07.AR02", - "CCC.Core.CN01.AR02", - "CCC.Core.CN05.AR05" - ], - "GxP-21-CFR-Part-11": [ - "11.10-d", - "11.10-g" - ], - "ProwlerThreatScore-1.0": [ - "2.1.4", - "2.1.7" - ], - "AWS-Foundational-Security-Best-Practices": [ - "EC2.13" - ], - "CIS-1.5": [ - "5.2", - "5.3" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP03" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "NIST-800-53-Revision-4": [ - "ac_4", - "sc_7_3", - "sc_7" - ], - "KISA-ISMS-P-2023": [ - "2.6.1", - "2.6.2", - "2.6.6", - "2.10.2" - ], - "ISO27001-2013": [ - "A.12.6", - "A.13.1" - ], - "MITRE-ATTACK": [ - "T1199", - "T1048", - "T1499", - "T1498", - "T1046" - ], - "CIS-2.0": [ - "5.2", - "5.3" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22.", - "title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22.", - "types": [ - "Infrastructure Security" - ], - "uid": "prowler-aws-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22-211203495394-eu-west-1-sg-0a8033bb48cc40a41" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "ex-vpc-rds20251019183702376100000002", - "metadata": { - "name": "ex-vpc-rds20251019183702376100000002", - "region": "eu-west-1", - "arn": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-0a8033bb48cc40a41", - "id": "sg-0a8033bb48cc40a41", - "vpc_id": "vpc-007d791b9b857543e", - "associated_sgs": [], - "network_interfaces": [ - { - "id": "eni-0b0549e20044315f3", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0c5c806199955154b", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.60", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0c1065c914ddc0b88", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0f63eab8e95aa977f", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.100", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-00e49c1a350a96c62", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-05a60d3e43687578c", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.107", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - } - ], - "ingress_rules": [ - { - "IpProtocol": "tcp", - "FromPort": 5432, - "ToPort": 5432, - "UserIdGroupPairs": [], - "IpRanges": [ - { - "Description": "TLS from VPC", - "CidrIp": "10.0.0.0/16" - } - ], - "Ipv6Ranges": [], - "PrefixListIds": [] - } - ], - "egress_rules": [], - "tags": [ - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - } - ] - } - }, - "group": { - "name": "ec2" - }, - "labels": [ - "GithubOrg:terraform-aws-modules", - "Example:ex-vpc", - "GithubRepo:terraform-aws-vpc" - ], - "name": "sg-0a8033bb48cc40a41", - "type": "AwsEc2SecurityGroup", - "uid": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-0a8033bb48cc40a41" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", - "references": [ - "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" - ] - }, - "risk_details": "If Security groups are not properly configured the attack surface is increased.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Security group ex-vpc-vpc-endpoints-20251019183704849500000005 (sg-029c322294e89e3d0) does not have Microsoft RDP port 3389 open to the Internet.", - "metadata": { - "event_code": "ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Security group ex-vpc-vpc-endpoints-20251019183704849500000005 (sg-029c322294e89e3d0) does not have Microsoft RDP port 3389 open to the Internet.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "RBI-Cyber-Security-Framework": [ - "annex_i_1_3" - ], - "SOC2": [ - "cc_6_6" - ], - "C5-2025": [ - "PI-01.01AC" - ], - "CIS-3.0": [ - "5.2", - "5.3" - ], - "AWS-Foundational-Technical-Review": [ - "NETSEC-001" - ], - "AWS-Audit-Manager-Control-Tower-Guardrails": [ - "2.0.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.1", - "2.6.2", - "2.6.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "5.3", - "5.4" - ], - "CIS-5.0": [ - "5.3", - "5.4" - ], - "CIS-1.4": [ - "5.2" - ], - "CCC": [ - "CCC.MLDE.CN04.AR01", - "CCC.MLDE.CN07.AR02", - "CCC.Core.CN05.AR05" - ], - "ProwlerThreatScore-1.0": [ - "2.1.4", - "2.1.7" - ], - "AWS-Foundational-Security-Best-Practices": [ - "EC2.14" - ], - "CIS-1.5": [ - "5.2", - "5.3" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP03" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "KISA-ISMS-P-2023": [ - "2.6.1", - "2.6.2", - "2.6.6", - "2.10.2" - ], - "ISO27001-2013": [ - "A.12.6", - "A.13.1" - ], - "MITRE-ATTACK": [ - "T1199", - "T1048", - "T1499", - "T1498", - "T1046" - ], - "CIS-2.0": [ - "5.2", - "5.3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389.", - "title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389.", - "types": [ - "Infrastructure Security" - ], - "uid": "prowler-aws-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389-211203495394-eu-west-1-sg-029c322294e89e3d0" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "ex-vpc-vpc-endpoints-20251019183704849500000005", - "metadata": { - "name": "ex-vpc-vpc-endpoints-20251019183704849500000005", - "region": "eu-west-1", - "arn": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-029c322294e89e3d0", - "id": "sg-029c322294e89e3d0", - "vpc_id": "vpc-007d791b9b857543e", - "associated_sgs": [], - "network_interfaces": [ - { - "id": "eni-0b0549e20044315f3", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0c5c806199955154b", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.60", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0cc527ecbe7a26eaf", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0fbed747547fe0b21", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.9", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0cd4fcd4819d5a0b7", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-01492c978b95da32f", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.10", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0affc8cb976d281e4", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-02d80e2d22cb22d04", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.178", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0fa50413d12043097", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0c9f85f08db46cc47", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.143", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0ab252a7dc8378f9e", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-09dd4c839f588ef37", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.180", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0c1065c914ddc0b88", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0f63eab8e95aa977f", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.100", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0d52b90c56c30aaaf", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0543d816a10754034", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.10", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0b032bdd6415e28d2", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-069213b1daba0d2fa", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.130", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0412563bcfde47c07", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0a5da01736971c566", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.10", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-00e49c1a350a96c62", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-05a60d3e43687578c", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.107", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0eee78be32276dc65", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0cce8dafaabedfaa6", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.114", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - } - ], - "ingress_rules": [ - { - "IpProtocol": "tcp", - "FromPort": 443, - "ToPort": 443, - "UserIdGroupPairs": [], - "IpRanges": [ - { - "Description": "HTTPS from VPC", - "CidrIp": "10.0.0.0/16" - } - ], - "Ipv6Ranges": [], - "PrefixListIds": [] - } - ], - "egress_rules": [], - "tags": [ - { - "Key": "Project", - "Value": "Secret" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Name", - "Value": "ex-vpc-vpc-endpoints-" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Endpoint", - "Value": "true" - }, - { - "Key": "Example", - "Value": "ex-vpc" - } - ] - } - }, - "group": { - "name": "ec2" - }, - "labels": [ - "Project:Secret", - "GithubOrg:terraform-aws-modules", - "Name:ex-vpc-vpc-endpoints-", - "GithubRepo:terraform-aws-vpc", - "Endpoint:true", - "Example:ex-vpc" - ], - "name": "sg-029c322294e89e3d0", - "type": "AwsEc2SecurityGroup", - "uid": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-029c322294e89e3d0" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", - "references": [ - "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" - ] - }, - "risk_details": "If Security groups are not properly configured the attack surface is increased.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Security group ex-vpc-rds20251019183702376100000002 (sg-0a8033bb48cc40a41) does not have Microsoft RDP port 3389 open to the Internet.", - "metadata": { - "event_code": "ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Security group ex-vpc-rds20251019183702376100000002 (sg-0a8033bb48cc40a41) does not have Microsoft RDP port 3389 open to the Internet.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "RBI-Cyber-Security-Framework": [ - "annex_i_1_3" - ], - "SOC2": [ - "cc_6_6" - ], - "C5-2025": [ - "PI-01.01AC" - ], - "CIS-3.0": [ - "5.2", - "5.3" - ], - "AWS-Foundational-Technical-Review": [ - "NETSEC-001" - ], - "AWS-Audit-Manager-Control-Tower-Guardrails": [ - "2.0.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.1", - "2.6.2", - "2.6.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "5.3", - "5.4" - ], - "CIS-5.0": [ - "5.3", - "5.4" - ], - "CIS-1.4": [ - "5.2" - ], - "CCC": [ - "CCC.MLDE.CN04.AR01", - "CCC.MLDE.CN07.AR02", - "CCC.Core.CN05.AR05" - ], - "ProwlerThreatScore-1.0": [ - "2.1.4", - "2.1.7" - ], - "AWS-Foundational-Security-Best-Practices": [ - "EC2.14" - ], - "CIS-1.5": [ - "5.2", - "5.3" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP03" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "KISA-ISMS-P-2023": [ - "2.6.1", - "2.6.2", - "2.6.6", - "2.10.2" - ], - "ISO27001-2013": [ - "A.12.6", - "A.13.1" - ], - "MITRE-ATTACK": [ - "T1199", - "T1048", - "T1499", - "T1498", - "T1046" - ], - "CIS-2.0": [ - "5.2", - "5.3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389.", - "title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389.", - "types": [ - "Infrastructure Security" - ], - "uid": "prowler-aws-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389-211203495394-eu-west-1-sg-0a8033bb48cc40a41" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "ex-vpc-rds20251019183702376100000002", - "metadata": { - "name": "ex-vpc-rds20251019183702376100000002", - "region": "eu-west-1", - "arn": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-0a8033bb48cc40a41", - "id": "sg-0a8033bb48cc40a41", - "vpc_id": "vpc-007d791b9b857543e", - "associated_sgs": [], - "network_interfaces": [ - { - "id": "eni-0b0549e20044315f3", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0c5c806199955154b", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.60", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0c1065c914ddc0b88", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0f63eab8e95aa977f", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.100", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-00e49c1a350a96c62", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-05a60d3e43687578c", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.107", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - } - ], - "ingress_rules": [ - { - "IpProtocol": "tcp", - "FromPort": 5432, - "ToPort": 5432, - "UserIdGroupPairs": [], - "IpRanges": [ - { - "Description": "TLS from VPC", - "CidrIp": "10.0.0.0/16" - } - ], - "Ipv6Ranges": [], - "PrefixListIds": [] - } - ], - "egress_rules": [], - "tags": [ - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - } - ] - } - }, - "group": { - "name": "ec2" - }, - "labels": [ - "GithubOrg:terraform-aws-modules", - "Example:ex-vpc", - "GithubRepo:terraform-aws-vpc" - ], - "name": "sg-0a8033bb48cc40a41", - "type": "AwsEc2SecurityGroup", - "uid": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-0a8033bb48cc40a41" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", - "references": [ - "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" - ] - }, - "risk_details": "If Security groups are not properly configured the attack surface is increased.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Security group ex-vpc-vpc-endpoints-20251019183704849500000005 (sg-029c322294e89e3d0) does not have Casandra ports 7199, 8888 and 9160 open to the Internet.", - "metadata": { - "event_code": "ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Security group ex-vpc-vpc-endpoints-20251019183704849500000005 (sg-029c322294e89e3d0) does not have Casandra ports 7199, 8888 and 9160 open to the Internet.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_6_6" - ], - "C5-2025": [ - "PI-01.01AC" - ], - "AWS-Foundational-Technical-Review": [ - "NETSEC-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.1", - "2.6.4", - "2.10.2" - ], - "ProwlerThreatScore-1.0": [ - "2.1.7" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP03" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "KISA-ISMS-P-2023": [ - "2.6.1", - "2.6.4", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1199", - "T1048", - "T1499", - "T1498", - "T1046" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888.", - "title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888.", - "types": [ - "Infrastructure Security" - ], - "uid": "prowler-aws-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888-211203495394-eu-west-1-sg-029c322294e89e3d0" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "ex-vpc-vpc-endpoints-20251019183704849500000005", - "metadata": { - "name": "ex-vpc-vpc-endpoints-20251019183704849500000005", - "region": "eu-west-1", - "arn": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-029c322294e89e3d0", - "id": "sg-029c322294e89e3d0", - "vpc_id": "vpc-007d791b9b857543e", - "associated_sgs": [], - "network_interfaces": [ - { - "id": "eni-0b0549e20044315f3", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0c5c806199955154b", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.60", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0cc527ecbe7a26eaf", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0fbed747547fe0b21", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.9", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0cd4fcd4819d5a0b7", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-01492c978b95da32f", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.10", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0affc8cb976d281e4", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-02d80e2d22cb22d04", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.178", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0fa50413d12043097", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0c9f85f08db46cc47", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.143", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0ab252a7dc8378f9e", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-09dd4c839f588ef37", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.180", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0c1065c914ddc0b88", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0f63eab8e95aa977f", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.100", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0d52b90c56c30aaaf", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0543d816a10754034", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.10", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0b032bdd6415e28d2", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-069213b1daba0d2fa", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.130", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0412563bcfde47c07", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0a5da01736971c566", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.10", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-00e49c1a350a96c62", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-05a60d3e43687578c", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.107", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0eee78be32276dc65", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0cce8dafaabedfaa6", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.114", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - } - ], - "ingress_rules": [ - { - "IpProtocol": "tcp", - "FromPort": 443, - "ToPort": 443, - "UserIdGroupPairs": [], - "IpRanges": [ - { - "Description": "HTTPS from VPC", - "CidrIp": "10.0.0.0/16" - } - ], - "Ipv6Ranges": [], - "PrefixListIds": [] - } - ], - "egress_rules": [], - "tags": [ - { - "Key": "Project", - "Value": "Secret" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Name", - "Value": "ex-vpc-vpc-endpoints-" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Endpoint", - "Value": "true" - }, - { - "Key": "Example", - "Value": "ex-vpc" - } - ] - } - }, - "group": { - "name": "ec2" - }, - "labels": [ - "Project:Secret", - "GithubOrg:terraform-aws-modules", - "Name:ex-vpc-vpc-endpoints-", - "GithubRepo:terraform-aws-vpc", - "Endpoint:true", - "Example:ex-vpc" - ], - "name": "sg-029c322294e89e3d0", - "type": "AwsEc2SecurityGroup", - "uid": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-029c322294e89e3d0" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", - "references": [ - "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" - ] - }, - "risk_details": "If Security groups are not properly configured the attack surface is increased.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Security group ex-vpc-rds20251019183702376100000002 (sg-0a8033bb48cc40a41) does not have Casandra ports 7199, 8888 and 9160 open to the Internet.", - "metadata": { - "event_code": "ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Security group ex-vpc-rds20251019183702376100000002 (sg-0a8033bb48cc40a41) does not have Casandra ports 7199, 8888 and 9160 open to the Internet.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_6_6" - ], - "C5-2025": [ - "PI-01.01AC" - ], - "AWS-Foundational-Technical-Review": [ - "NETSEC-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.1", - "2.6.4", - "2.10.2" - ], - "ProwlerThreatScore-1.0": [ - "2.1.7" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP03" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "KISA-ISMS-P-2023": [ - "2.6.1", - "2.6.4", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1199", - "T1048", - "T1499", - "T1498", - "T1046" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888.", - "title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888.", - "types": [ - "Infrastructure Security" - ], - "uid": "prowler-aws-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888-211203495394-eu-west-1-sg-0a8033bb48cc40a41" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "ex-vpc-rds20251019183702376100000002", - "metadata": { - "name": "ex-vpc-rds20251019183702376100000002", - "region": "eu-west-1", - "arn": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-0a8033bb48cc40a41", - "id": "sg-0a8033bb48cc40a41", - "vpc_id": "vpc-007d791b9b857543e", - "associated_sgs": [], - "network_interfaces": [ - { - "id": "eni-0b0549e20044315f3", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0c5c806199955154b", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.60", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0c1065c914ddc0b88", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0f63eab8e95aa977f", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.100", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-00e49c1a350a96c62", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-05a60d3e43687578c", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.107", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - } - ], - "ingress_rules": [ - { - "IpProtocol": "tcp", - "FromPort": 5432, - "ToPort": 5432, - "UserIdGroupPairs": [], - "IpRanges": [ - { - "Description": "TLS from VPC", - "CidrIp": "10.0.0.0/16" - } - ], - "Ipv6Ranges": [], - "PrefixListIds": [] - } - ], - "egress_rules": [], - "tags": [ - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - } - ] - } - }, - "group": { - "name": "ec2" - }, - "labels": [ - "GithubOrg:terraform-aws-modules", - "Example:ex-vpc", - "GithubRepo:terraform-aws-vpc" - ], - "name": "sg-0a8033bb48cc40a41", - "type": "AwsEc2SecurityGroup", - "uid": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-0a8033bb48cc40a41" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", - "references": [ - "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" - ] - }, - "risk_details": "If Security groups are not properly configured the attack surface is increased.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Security group ex-vpc-vpc-endpoints-20251019183704849500000005 (sg-029c322294e89e3d0) does not have Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet.", - "metadata": { - "event_code": "ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Security group ex-vpc-vpc-endpoints-20251019183704849500000005 (sg-029c322294e89e3d0) does not have Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_6_6" - ], - "C5-2025": [ - "PI-01.01AC" - ], - "AWS-Foundational-Technical-Review": [ - "NETSEC-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.1", - "2.6.2", - "2.10.2" - ], - "CCC": [ - "CCC.MLDE.CN07.AR02" - ], - "ProwlerThreatScore-1.0": [ - "2.1.7" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP03" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "KISA-ISMS-P-2023": [ - "2.6.1", - "2.6.2", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1199", - "T1048", - "T1499", - "T1498", - "T1046" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports.", - "title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports.", - "types": [ - "Infrastructure Security" - ], - "uid": "prowler-aws-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601-211203495394-eu-west-1-sg-029c322294e89e3d0" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "ex-vpc-vpc-endpoints-20251019183704849500000005", - "metadata": { - "name": "ex-vpc-vpc-endpoints-20251019183704849500000005", - "region": "eu-west-1", - "arn": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-029c322294e89e3d0", - "id": "sg-029c322294e89e3d0", - "vpc_id": "vpc-007d791b9b857543e", - "associated_sgs": [], - "network_interfaces": [ - { - "id": "eni-0b0549e20044315f3", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0c5c806199955154b", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.60", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0cc527ecbe7a26eaf", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0fbed747547fe0b21", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.9", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0cd4fcd4819d5a0b7", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-01492c978b95da32f", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.10", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0affc8cb976d281e4", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-02d80e2d22cb22d04", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.178", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0fa50413d12043097", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0c9f85f08db46cc47", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.143", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0ab252a7dc8378f9e", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-09dd4c839f588ef37", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.180", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0c1065c914ddc0b88", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0f63eab8e95aa977f", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.100", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0d52b90c56c30aaaf", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0543d816a10754034", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.10", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0b032bdd6415e28d2", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-069213b1daba0d2fa", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.130", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0412563bcfde47c07", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0a5da01736971c566", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.10", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-00e49c1a350a96c62", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-05a60d3e43687578c", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.107", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0eee78be32276dc65", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0cce8dafaabedfaa6", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.114", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - } - ], - "ingress_rules": [ - { - "IpProtocol": "tcp", - "FromPort": 443, - "ToPort": 443, - "UserIdGroupPairs": [], - "IpRanges": [ - { - "Description": "HTTPS from VPC", - "CidrIp": "10.0.0.0/16" - } - ], - "Ipv6Ranges": [], - "PrefixListIds": [] - } - ], - "egress_rules": [], - "tags": [ - { - "Key": "Project", - "Value": "Secret" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Name", - "Value": "ex-vpc-vpc-endpoints-" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Endpoint", - "Value": "true" - }, - { - "Key": "Example", - "Value": "ex-vpc" - } - ] - } - }, - "group": { - "name": "ec2" - }, - "labels": [ - "Project:Secret", - "GithubOrg:terraform-aws-modules", - "Name:ex-vpc-vpc-endpoints-", - "GithubRepo:terraform-aws-vpc", - "Endpoint:true", - "Example:ex-vpc" - ], - "name": "sg-029c322294e89e3d0", - "type": "AwsEc2SecurityGroup", - "uid": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-029c322294e89e3d0" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", - "references": [ - "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" - ] - }, - "risk_details": "If Security groups are not properly configured the attack surface is increased.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Security group ex-vpc-rds20251019183702376100000002 (sg-0a8033bb48cc40a41) does not have Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet.", - "metadata": { - "event_code": "ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Security group ex-vpc-rds20251019183702376100000002 (sg-0a8033bb48cc40a41) does not have Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_6_6" - ], - "C5-2025": [ - "PI-01.01AC" - ], - "AWS-Foundational-Technical-Review": [ - "NETSEC-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.1", - "2.6.2", - "2.10.2" - ], - "CCC": [ - "CCC.MLDE.CN07.AR02" - ], - "ProwlerThreatScore-1.0": [ - "2.1.7" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP03" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "KISA-ISMS-P-2023": [ - "2.6.1", - "2.6.2", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1199", - "T1048", - "T1499", - "T1498", - "T1046" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports.", - "title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports.", - "types": [ - "Infrastructure Security" - ], - "uid": "prowler-aws-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601-211203495394-eu-west-1-sg-0a8033bb48cc40a41" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "ex-vpc-rds20251019183702376100000002", - "metadata": { - "name": "ex-vpc-rds20251019183702376100000002", - "region": "eu-west-1", - "arn": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-0a8033bb48cc40a41", - "id": "sg-0a8033bb48cc40a41", - "vpc_id": "vpc-007d791b9b857543e", - "associated_sgs": [], - "network_interfaces": [ - { - "id": "eni-0b0549e20044315f3", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0c5c806199955154b", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.60", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0c1065c914ddc0b88", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0f63eab8e95aa977f", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.100", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-00e49c1a350a96c62", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-05a60d3e43687578c", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.107", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - } - ], - "ingress_rules": [ - { - "IpProtocol": "tcp", - "FromPort": 5432, - "ToPort": 5432, - "UserIdGroupPairs": [], - "IpRanges": [ - { - "Description": "TLS from VPC", - "CidrIp": "10.0.0.0/16" - } - ], - "Ipv6Ranges": [], - "PrefixListIds": [] - } - ], - "egress_rules": [], - "tags": [ - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - } - ] - } - }, - "group": { - "name": "ec2" - }, - "labels": [ - "GithubOrg:terraform-aws-modules", - "Example:ex-vpc", - "GithubRepo:terraform-aws-vpc" - ], - "name": "sg-0a8033bb48cc40a41", - "type": "AwsEc2SecurityGroup", - "uid": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-0a8033bb48cc40a41" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", - "references": [ - "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" - ] - }, - "risk_details": "If Security groups are not properly configured the attack surface is increased.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Security group ex-vpc-vpc-endpoints-20251019183704849500000005 (sg-029c322294e89e3d0) does not have FTP ports 20 and 21 open to the Internet.", - "metadata": { - "event_code": "ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_ftp_20_21", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Security group ex-vpc-vpc-endpoints-20251019183704849500000005 (sg-029c322294e89e3d0) does not have FTP ports 20 and 21 open to the Internet.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "RBI-Cyber-Security-Framework": [ - "annex_i_1_3" - ], - "SOC2": [ - "cc_6_6" - ], - "C5-2025": [ - "PI-01.01AC" - ], - "AWS-Foundational-Technical-Review": [ - "NETSEC-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.1", - "2.6.2", - "2.6.6", - "2.10.2" - ], - "CCC": [ - "CCC.MLDE.CN07.AR02", - "CCC.Core.CN01.AR03" - ], - "ProwlerThreatScore-1.0": [ - "2.1.7" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP03" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "KISA-ISMS-P-2023": [ - "2.6.1", - "2.6.2", - "2.6.6", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1199", - "T1048", - "T1499", - "T1498", - "T1046" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21.", - "title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21.", - "types": [ - "Infrastructure Security" - ], - "uid": "prowler-aws-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_ftp_20_21-211203495394-eu-west-1-sg-029c322294e89e3d0" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "ex-vpc-vpc-endpoints-20251019183704849500000005", - "metadata": { - "name": "ex-vpc-vpc-endpoints-20251019183704849500000005", - "region": "eu-west-1", - "arn": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-029c322294e89e3d0", - "id": "sg-029c322294e89e3d0", - "vpc_id": "vpc-007d791b9b857543e", - "associated_sgs": [], - "network_interfaces": [ - { - "id": "eni-0b0549e20044315f3", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0c5c806199955154b", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.60", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0cc527ecbe7a26eaf", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0fbed747547fe0b21", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.9", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0cd4fcd4819d5a0b7", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-01492c978b95da32f", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.10", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0affc8cb976d281e4", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-02d80e2d22cb22d04", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.178", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0fa50413d12043097", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0c9f85f08db46cc47", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.143", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0ab252a7dc8378f9e", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-09dd4c839f588ef37", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.180", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0c1065c914ddc0b88", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0f63eab8e95aa977f", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.100", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0d52b90c56c30aaaf", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0543d816a10754034", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.10", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0b032bdd6415e28d2", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-069213b1daba0d2fa", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.130", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0412563bcfde47c07", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0a5da01736971c566", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.10", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-00e49c1a350a96c62", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-05a60d3e43687578c", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.107", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0eee78be32276dc65", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0cce8dafaabedfaa6", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.114", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - } - ], - "ingress_rules": [ - { - "IpProtocol": "tcp", - "FromPort": 443, - "ToPort": 443, - "UserIdGroupPairs": [], - "IpRanges": [ - { - "Description": "HTTPS from VPC", - "CidrIp": "10.0.0.0/16" - } - ], - "Ipv6Ranges": [], - "PrefixListIds": [] - } - ], - "egress_rules": [], - "tags": [ - { - "Key": "Project", - "Value": "Secret" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Name", - "Value": "ex-vpc-vpc-endpoints-" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Endpoint", - "Value": "true" - }, - { - "Key": "Example", - "Value": "ex-vpc" - } - ] - } - }, - "group": { - "name": "ec2" - }, - "labels": [ - "Project:Secret", - "GithubOrg:terraform-aws-modules", - "Name:ex-vpc-vpc-endpoints-", - "GithubRepo:terraform-aws-vpc", - "Endpoint:true", - "Example:ex-vpc" - ], - "name": "sg-029c322294e89e3d0", - "type": "AwsEc2SecurityGroup", - "uid": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-029c322294e89e3d0" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", - "references": [ - "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" - ] - }, - "risk_details": "If Security groups are not properly configured the attack surface is increased.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Security group ex-vpc-rds20251019183702376100000002 (sg-0a8033bb48cc40a41) does not have FTP ports 20 and 21 open to the Internet.", - "metadata": { - "event_code": "ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_ftp_20_21", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Security group ex-vpc-rds20251019183702376100000002 (sg-0a8033bb48cc40a41) does not have FTP ports 20 and 21 open to the Internet.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "RBI-Cyber-Security-Framework": [ - "annex_i_1_3" - ], - "SOC2": [ - "cc_6_6" - ], - "C5-2025": [ - "PI-01.01AC" - ], - "AWS-Foundational-Technical-Review": [ - "NETSEC-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.1", - "2.6.2", - "2.6.6", - "2.10.2" - ], - "CCC": [ - "CCC.MLDE.CN07.AR02", - "CCC.Core.CN01.AR03" - ], - "ProwlerThreatScore-1.0": [ - "2.1.7" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP03" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "KISA-ISMS-P-2023": [ - "2.6.1", - "2.6.2", - "2.6.6", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1199", - "T1048", - "T1499", - "T1498", - "T1046" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21.", - "title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21.", - "types": [ - "Infrastructure Security" - ], - "uid": "prowler-aws-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_ftp_20_21-211203495394-eu-west-1-sg-0a8033bb48cc40a41" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "ex-vpc-rds20251019183702376100000002", - "metadata": { - "name": "ex-vpc-rds20251019183702376100000002", - "region": "eu-west-1", - "arn": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-0a8033bb48cc40a41", - "id": "sg-0a8033bb48cc40a41", - "vpc_id": "vpc-007d791b9b857543e", - "associated_sgs": [], - "network_interfaces": [ - { - "id": "eni-0b0549e20044315f3", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0c5c806199955154b", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.60", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0c1065c914ddc0b88", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0f63eab8e95aa977f", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.100", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-00e49c1a350a96c62", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-05a60d3e43687578c", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.107", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - } - ], - "ingress_rules": [ - { - "IpProtocol": "tcp", - "FromPort": 5432, - "ToPort": 5432, - "UserIdGroupPairs": [], - "IpRanges": [ - { - "Description": "TLS from VPC", - "CidrIp": "10.0.0.0/16" - } - ], - "Ipv6Ranges": [], - "PrefixListIds": [] - } - ], - "egress_rules": [], - "tags": [ - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - } - ] - } - }, - "group": { - "name": "ec2" - }, - "labels": [ - "GithubOrg:terraform-aws-modules", - "Example:ex-vpc", - "GithubRepo:terraform-aws-vpc" - ], - "name": "sg-0a8033bb48cc40a41", - "type": "AwsEc2SecurityGroup", - "uid": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-0a8033bb48cc40a41" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", - "references": [ - "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" - ] - }, - "risk_details": "If Security groups are not properly configured the attack surface is increased.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Security group ex-vpc-vpc-endpoints-20251019183704849500000005 (sg-029c322294e89e3d0) does not have Kafka port 9092 open to the Internet.", - "metadata": { - "event_code": "ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Security group ex-vpc-vpc-endpoints-20251019183704849500000005 (sg-029c322294e89e3d0) does not have Kafka port 9092 open to the Internet.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_6_6" - ], - "C5-2025": [ - "PI-01.01AC" - ], - "AWS-Foundational-Technical-Review": [ - "NETSEC-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.1", - "2.6.2", - "2.10.2" - ], - "ProwlerThreatScore-1.0": [ - "2.1.7" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP03" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "KISA-ISMS-P-2023": [ - "2.6.1", - "2.6.2", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1199", - "T1048", - "T1499", - "T1498", - "T1046" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092.", - "title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092.", - "types": [ - "Infrastructure Security" - ], - "uid": "prowler-aws-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092-211203495394-eu-west-1-sg-029c322294e89e3d0" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "ex-vpc-vpc-endpoints-20251019183704849500000005", - "metadata": { - "name": "ex-vpc-vpc-endpoints-20251019183704849500000005", - "region": "eu-west-1", - "arn": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-029c322294e89e3d0", - "id": "sg-029c322294e89e3d0", - "vpc_id": "vpc-007d791b9b857543e", - "associated_sgs": [], - "network_interfaces": [ - { - "id": "eni-0b0549e20044315f3", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0c5c806199955154b", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.60", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0cc527ecbe7a26eaf", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0fbed747547fe0b21", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.9", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0cd4fcd4819d5a0b7", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-01492c978b95da32f", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.10", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0affc8cb976d281e4", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-02d80e2d22cb22d04", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.178", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0fa50413d12043097", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0c9f85f08db46cc47", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.143", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0ab252a7dc8378f9e", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-09dd4c839f588ef37", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.180", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0c1065c914ddc0b88", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0f63eab8e95aa977f", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.100", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0d52b90c56c30aaaf", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0543d816a10754034", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.10", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0b032bdd6415e28d2", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-069213b1daba0d2fa", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.130", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0412563bcfde47c07", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0a5da01736971c566", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.10", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-00e49c1a350a96c62", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-05a60d3e43687578c", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.107", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0eee78be32276dc65", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0cce8dafaabedfaa6", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.114", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - } - ], - "ingress_rules": [ - { - "IpProtocol": "tcp", - "FromPort": 443, - "ToPort": 443, - "UserIdGroupPairs": [], - "IpRanges": [ - { - "Description": "HTTPS from VPC", - "CidrIp": "10.0.0.0/16" - } - ], - "Ipv6Ranges": [], - "PrefixListIds": [] - } - ], - "egress_rules": [], - "tags": [ - { - "Key": "Project", - "Value": "Secret" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Name", - "Value": "ex-vpc-vpc-endpoints-" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Endpoint", - "Value": "true" - }, - { - "Key": "Example", - "Value": "ex-vpc" - } - ] - } - }, - "group": { - "name": "ec2" - }, - "labels": [ - "Project:Secret", - "GithubOrg:terraform-aws-modules", - "Name:ex-vpc-vpc-endpoints-", - "GithubRepo:terraform-aws-vpc", - "Endpoint:true", - "Example:ex-vpc" - ], - "name": "sg-029c322294e89e3d0", - "type": "AwsEc2SecurityGroup", - "uid": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-029c322294e89e3d0" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", - "references": [ - "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" - ] - }, - "risk_details": "If Security groups are not properly configured the attack surface is increased.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Security group ex-vpc-rds20251019183702376100000002 (sg-0a8033bb48cc40a41) does not have Kafka port 9092 open to the Internet.", - "metadata": { - "event_code": "ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Security group ex-vpc-rds20251019183702376100000002 (sg-0a8033bb48cc40a41) does not have Kafka port 9092 open to the Internet.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_6_6" - ], - "C5-2025": [ - "PI-01.01AC" - ], - "AWS-Foundational-Technical-Review": [ - "NETSEC-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.1", - "2.6.2", - "2.10.2" - ], - "ProwlerThreatScore-1.0": [ - "2.1.7" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP03" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "KISA-ISMS-P-2023": [ - "2.6.1", - "2.6.2", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1199", - "T1048", - "T1499", - "T1498", - "T1046" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092.", - "title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092.", - "types": [ - "Infrastructure Security" - ], - "uid": "prowler-aws-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092-211203495394-eu-west-1-sg-0a8033bb48cc40a41" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "ex-vpc-rds20251019183702376100000002", - "metadata": { - "name": "ex-vpc-rds20251019183702376100000002", - "region": "eu-west-1", - "arn": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-0a8033bb48cc40a41", - "id": "sg-0a8033bb48cc40a41", - "vpc_id": "vpc-007d791b9b857543e", - "associated_sgs": [], - "network_interfaces": [ - { - "id": "eni-0b0549e20044315f3", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0c5c806199955154b", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.60", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0c1065c914ddc0b88", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0f63eab8e95aa977f", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.100", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-00e49c1a350a96c62", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-05a60d3e43687578c", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.107", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - } - ], - "ingress_rules": [ - { - "IpProtocol": "tcp", - "FromPort": 5432, - "ToPort": 5432, - "UserIdGroupPairs": [], - "IpRanges": [ - { - "Description": "TLS from VPC", - "CidrIp": "10.0.0.0/16" - } - ], - "Ipv6Ranges": [], - "PrefixListIds": [] - } - ], - "egress_rules": [], - "tags": [ - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - } - ] - } - }, - "group": { - "name": "ec2" - }, - "labels": [ - "GithubOrg:terraform-aws-modules", - "Example:ex-vpc", - "GithubRepo:terraform-aws-vpc" - ], - "name": "sg-0a8033bb48cc40a41", - "type": "AwsEc2SecurityGroup", - "uid": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-0a8033bb48cc40a41" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", - "references": [ - "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" - ] - }, - "risk_details": "If Security groups are not properly configured the attack surface is increased.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Security group ex-vpc-vpc-endpoints-20251019183704849500000005 (sg-029c322294e89e3d0) does not have Memcached port 11211 open to the Internet.", - "metadata": { - "event_code": "ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Security group ex-vpc-vpc-endpoints-20251019183704849500000005 (sg-029c322294e89e3d0) does not have Memcached port 11211 open to the Internet.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_6_6" - ], - "C5-2025": [ - "PI-01.01AC" - ], - "AWS-Foundational-Technical-Review": [ - "NETSEC-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.1", - "2.6.4", - "2.10.2" - ], - "CCC": [ - "CCC.MLDE.CN07.AR02" - ], - "ProwlerThreatScore-1.0": [ - "2.1.7" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP03" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "KISA-ISMS-P-2023": [ - "2.6.1", - "2.6.4", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1199", - "T1048", - "T1499", - "T1498", - "T1046" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211.", - "title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211.", - "types": [ - "Infrastructure Security" - ], - "uid": "prowler-aws-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211-211203495394-eu-west-1-sg-029c322294e89e3d0" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "ex-vpc-vpc-endpoints-20251019183704849500000005", - "metadata": { - "name": "ex-vpc-vpc-endpoints-20251019183704849500000005", - "region": "eu-west-1", - "arn": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-029c322294e89e3d0", - "id": "sg-029c322294e89e3d0", - "vpc_id": "vpc-007d791b9b857543e", - "associated_sgs": [], - "network_interfaces": [ - { - "id": "eni-0b0549e20044315f3", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0c5c806199955154b", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.60", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0cc527ecbe7a26eaf", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0fbed747547fe0b21", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.9", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0cd4fcd4819d5a0b7", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-01492c978b95da32f", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.10", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0affc8cb976d281e4", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-02d80e2d22cb22d04", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.178", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0fa50413d12043097", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0c9f85f08db46cc47", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.143", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0ab252a7dc8378f9e", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-09dd4c839f588ef37", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.180", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0c1065c914ddc0b88", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0f63eab8e95aa977f", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.100", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0d52b90c56c30aaaf", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0543d816a10754034", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.10", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0b032bdd6415e28d2", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-069213b1daba0d2fa", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.130", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0412563bcfde47c07", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0a5da01736971c566", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.10", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-00e49c1a350a96c62", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-05a60d3e43687578c", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.107", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0eee78be32276dc65", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0cce8dafaabedfaa6", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.114", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - } - ], - "ingress_rules": [ - { - "IpProtocol": "tcp", - "FromPort": 443, - "ToPort": 443, - "UserIdGroupPairs": [], - "IpRanges": [ - { - "Description": "HTTPS from VPC", - "CidrIp": "10.0.0.0/16" - } - ], - "Ipv6Ranges": [], - "PrefixListIds": [] - } - ], - "egress_rules": [], - "tags": [ - { - "Key": "Project", - "Value": "Secret" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Name", - "Value": "ex-vpc-vpc-endpoints-" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Endpoint", - "Value": "true" - }, - { - "Key": "Example", - "Value": "ex-vpc" - } - ] - } - }, - "group": { - "name": "ec2" - }, - "labels": [ - "Project:Secret", - "GithubOrg:terraform-aws-modules", - "Name:ex-vpc-vpc-endpoints-", - "GithubRepo:terraform-aws-vpc", - "Endpoint:true", - "Example:ex-vpc" - ], - "name": "sg-029c322294e89e3d0", - "type": "AwsEc2SecurityGroup", - "uid": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-029c322294e89e3d0" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", - "references": [ - "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" - ] - }, - "risk_details": "If Security groups are not properly configured the attack surface is increased.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Security group ex-vpc-rds20251019183702376100000002 (sg-0a8033bb48cc40a41) does not have Memcached port 11211 open to the Internet.", - "metadata": { - "event_code": "ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Security group ex-vpc-rds20251019183702376100000002 (sg-0a8033bb48cc40a41) does not have Memcached port 11211 open to the Internet.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_6_6" - ], - "C5-2025": [ - "PI-01.01AC" - ], - "AWS-Foundational-Technical-Review": [ - "NETSEC-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.1", - "2.6.4", - "2.10.2" - ], - "CCC": [ - "CCC.MLDE.CN07.AR02" - ], - "ProwlerThreatScore-1.0": [ - "2.1.7" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP03" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "KISA-ISMS-P-2023": [ - "2.6.1", - "2.6.4", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1199", - "T1048", - "T1499", - "T1498", - "T1046" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211.", - "title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211.", - "types": [ - "Infrastructure Security" - ], - "uid": "prowler-aws-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211-211203495394-eu-west-1-sg-0a8033bb48cc40a41" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "ex-vpc-rds20251019183702376100000002", - "metadata": { - "name": "ex-vpc-rds20251019183702376100000002", - "region": "eu-west-1", - "arn": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-0a8033bb48cc40a41", - "id": "sg-0a8033bb48cc40a41", - "vpc_id": "vpc-007d791b9b857543e", - "associated_sgs": [], - "network_interfaces": [ - { - "id": "eni-0b0549e20044315f3", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0c5c806199955154b", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.60", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0c1065c914ddc0b88", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0f63eab8e95aa977f", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.100", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-00e49c1a350a96c62", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-05a60d3e43687578c", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.107", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - } - ], - "ingress_rules": [ - { - "IpProtocol": "tcp", - "FromPort": 5432, - "ToPort": 5432, - "UserIdGroupPairs": [], - "IpRanges": [ - { - "Description": "TLS from VPC", - "CidrIp": "10.0.0.0/16" - } - ], - "Ipv6Ranges": [], - "PrefixListIds": [] - } - ], - "egress_rules": [], - "tags": [ - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - } - ] - } - }, - "group": { - "name": "ec2" - }, - "labels": [ - "GithubOrg:terraform-aws-modules", - "Example:ex-vpc", - "GithubRepo:terraform-aws-vpc" - ], - "name": "sg-0a8033bb48cc40a41", - "type": "AwsEc2SecurityGroup", - "uid": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-0a8033bb48cc40a41" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", - "references": [ - "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" - ] - }, - "risk_details": "If Security groups are not properly configured the attack surface is increased.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Security group ex-vpc-vpc-endpoints-20251019183704849500000005 (sg-029c322294e89e3d0) does not have MongoDB ports 27017 and 27018 open to the Internet.", - "metadata": { - "event_code": "ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mongodb_27017_27018", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Security group ex-vpc-vpc-endpoints-20251019183704849500000005 (sg-029c322294e89e3d0) does not have MongoDB ports 27017 and 27018 open to the Internet.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_6_6" - ], - "C5-2025": [ - "PI-01.01AC" - ], - "AWS-Foundational-Technical-Review": [ - "NETSEC-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.1", - "2.6.4", - "2.10.2" - ], - "ProwlerThreatScore-1.0": [ - "2.1.7" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP03" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "KISA-ISMS-P-2023": [ - "2.6.1", - "2.6.4", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1199", - "T1048", - "T1499", - "T1498", - "T1046" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018.", - "title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018.", - "types": [ - "Infrastructure Security" - ], - "uid": "prowler-aws-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mongodb_27017_27018-211203495394-eu-west-1-sg-029c322294e89e3d0" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "ex-vpc-vpc-endpoints-20251019183704849500000005", - "metadata": { - "name": "ex-vpc-vpc-endpoints-20251019183704849500000005", - "region": "eu-west-1", - "arn": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-029c322294e89e3d0", - "id": "sg-029c322294e89e3d0", - "vpc_id": "vpc-007d791b9b857543e", - "associated_sgs": [], - "network_interfaces": [ - { - "id": "eni-0b0549e20044315f3", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0c5c806199955154b", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.60", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0cc527ecbe7a26eaf", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0fbed747547fe0b21", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.9", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0cd4fcd4819d5a0b7", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-01492c978b95da32f", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.10", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0affc8cb976d281e4", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-02d80e2d22cb22d04", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.178", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0fa50413d12043097", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0c9f85f08db46cc47", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.143", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0ab252a7dc8378f9e", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-09dd4c839f588ef37", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.180", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0c1065c914ddc0b88", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0f63eab8e95aa977f", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.100", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0d52b90c56c30aaaf", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0543d816a10754034", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.10", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0b032bdd6415e28d2", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-069213b1daba0d2fa", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.130", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0412563bcfde47c07", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0a5da01736971c566", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.10", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-00e49c1a350a96c62", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-05a60d3e43687578c", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.107", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0eee78be32276dc65", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0cce8dafaabedfaa6", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.114", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - } - ], - "ingress_rules": [ - { - "IpProtocol": "tcp", - "FromPort": 443, - "ToPort": 443, - "UserIdGroupPairs": [], - "IpRanges": [ - { - "Description": "HTTPS from VPC", - "CidrIp": "10.0.0.0/16" - } - ], - "Ipv6Ranges": [], - "PrefixListIds": [] - } - ], - "egress_rules": [], - "tags": [ - { - "Key": "Project", - "Value": "Secret" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Name", - "Value": "ex-vpc-vpc-endpoints-" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Endpoint", - "Value": "true" - }, - { - "Key": "Example", - "Value": "ex-vpc" - } - ] - } - }, - "group": { - "name": "ec2" - }, - "labels": [ - "Project:Secret", - "GithubOrg:terraform-aws-modules", - "Name:ex-vpc-vpc-endpoints-", - "GithubRepo:terraform-aws-vpc", - "Endpoint:true", - "Example:ex-vpc" - ], - "name": "sg-029c322294e89e3d0", - "type": "AwsEc2SecurityGroup", - "uid": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-029c322294e89e3d0" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", - "references": [ - "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" - ] - }, - "risk_details": "If Security groups are not properly configured the attack surface is increased.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Security group ex-vpc-rds20251019183702376100000002 (sg-0a8033bb48cc40a41) does not have MongoDB ports 27017 and 27018 open to the Internet.", - "metadata": { - "event_code": "ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mongodb_27017_27018", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Security group ex-vpc-rds20251019183702376100000002 (sg-0a8033bb48cc40a41) does not have MongoDB ports 27017 and 27018 open to the Internet.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_6_6" - ], - "C5-2025": [ - "PI-01.01AC" - ], - "AWS-Foundational-Technical-Review": [ - "NETSEC-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.1", - "2.6.4", - "2.10.2" - ], - "ProwlerThreatScore-1.0": [ - "2.1.7" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP03" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "KISA-ISMS-P-2023": [ - "2.6.1", - "2.6.4", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1199", - "T1048", - "T1499", - "T1498", - "T1046" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018.", - "title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018.", - "types": [ - "Infrastructure Security" - ], - "uid": "prowler-aws-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mongodb_27017_27018-211203495394-eu-west-1-sg-0a8033bb48cc40a41" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "ex-vpc-rds20251019183702376100000002", - "metadata": { - "name": "ex-vpc-rds20251019183702376100000002", - "region": "eu-west-1", - "arn": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-0a8033bb48cc40a41", - "id": "sg-0a8033bb48cc40a41", - "vpc_id": "vpc-007d791b9b857543e", - "associated_sgs": [], - "network_interfaces": [ - { - "id": "eni-0b0549e20044315f3", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0c5c806199955154b", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.60", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0c1065c914ddc0b88", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0f63eab8e95aa977f", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.100", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-00e49c1a350a96c62", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-05a60d3e43687578c", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.107", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - } - ], - "ingress_rules": [ - { - "IpProtocol": "tcp", - "FromPort": 5432, - "ToPort": 5432, - "UserIdGroupPairs": [], - "IpRanges": [ - { - "Description": "TLS from VPC", - "CidrIp": "10.0.0.0/16" - } - ], - "Ipv6Ranges": [], - "PrefixListIds": [] - } - ], - "egress_rules": [], - "tags": [ - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - } - ] - } - }, - "group": { - "name": "ec2" - }, - "labels": [ - "GithubOrg:terraform-aws-modules", - "Example:ex-vpc", - "GithubRepo:terraform-aws-vpc" - ], - "name": "sg-0a8033bb48cc40a41", - "type": "AwsEc2SecurityGroup", - "uid": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-0a8033bb48cc40a41" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", - "references": [ - "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" - ] - }, - "risk_details": "If Security groups are not properly configured the attack surface is increased.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Security group ex-vpc-vpc-endpoints-20251019183704849500000005 (sg-029c322294e89e3d0) does not have MySQL port 3306 open to the Internet.", - "metadata": { - "event_code": "ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Security group ex-vpc-vpc-endpoints-20251019183704849500000005 (sg-029c322294e89e3d0) does not have MySQL port 3306 open to the Internet.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "RBI-Cyber-Security-Framework": [ - "annex_i_1_3" - ], - "SOC2": [ - "cc_6_6" - ], - "C5-2025": [ - "PI-01.01AC" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.1", - "2.6.4", - "2.10.2" - ], - "CCC": [ - "CCC.MLDE.CN07.AR02" - ], - "ProwlerThreatScore-1.0": [ - "2.1.7" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP03" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "KISA-ISMS-P-2023": [ - "2.6.1", - "2.6.4", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1199", - "T1048", - "T1499", - "T1498", - "T1046" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306.", - "title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306.", - "types": [ - "Infrastructure Security" - ], - "uid": "prowler-aws-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306-211203495394-eu-west-1-sg-029c322294e89e3d0" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "ex-vpc-vpc-endpoints-20251019183704849500000005", - "metadata": { - "name": "ex-vpc-vpc-endpoints-20251019183704849500000005", - "region": "eu-west-1", - "arn": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-029c322294e89e3d0", - "id": "sg-029c322294e89e3d0", - "vpc_id": "vpc-007d791b9b857543e", - "associated_sgs": [], - "network_interfaces": [ - { - "id": "eni-0b0549e20044315f3", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0c5c806199955154b", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.60", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0cc527ecbe7a26eaf", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0fbed747547fe0b21", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.9", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0cd4fcd4819d5a0b7", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-01492c978b95da32f", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.10", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0affc8cb976d281e4", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-02d80e2d22cb22d04", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.178", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0fa50413d12043097", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0c9f85f08db46cc47", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.143", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0ab252a7dc8378f9e", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-09dd4c839f588ef37", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.180", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0c1065c914ddc0b88", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0f63eab8e95aa977f", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.100", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0d52b90c56c30aaaf", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0543d816a10754034", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.10", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0b032bdd6415e28d2", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-069213b1daba0d2fa", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.130", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0412563bcfde47c07", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0a5da01736971c566", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.10", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-00e49c1a350a96c62", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-05a60d3e43687578c", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.107", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0eee78be32276dc65", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0cce8dafaabedfaa6", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.114", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - } - ], - "ingress_rules": [ - { - "IpProtocol": "tcp", - "FromPort": 443, - "ToPort": 443, - "UserIdGroupPairs": [], - "IpRanges": [ - { - "Description": "HTTPS from VPC", - "CidrIp": "10.0.0.0/16" - } - ], - "Ipv6Ranges": [], - "PrefixListIds": [] - } - ], - "egress_rules": [], - "tags": [ - { - "Key": "Project", - "Value": "Secret" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Name", - "Value": "ex-vpc-vpc-endpoints-" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Endpoint", - "Value": "true" - }, - { - "Key": "Example", - "Value": "ex-vpc" - } - ] - } - }, - "group": { - "name": "ec2" - }, - "labels": [ - "Project:Secret", - "GithubOrg:terraform-aws-modules", - "Name:ex-vpc-vpc-endpoints-", - "GithubRepo:terraform-aws-vpc", - "Endpoint:true", - "Example:ex-vpc" - ], - "name": "sg-029c322294e89e3d0", - "type": "AwsEc2SecurityGroup", - "uid": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-029c322294e89e3d0" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", - "references": [ - "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" - ] - }, - "risk_details": "If Security groups are not properly configured the attack surface is increased.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Security group ex-vpc-rds20251019183702376100000002 (sg-0a8033bb48cc40a41) does not have MySQL port 3306 open to the Internet.", - "metadata": { - "event_code": "ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Security group ex-vpc-rds20251019183702376100000002 (sg-0a8033bb48cc40a41) does not have MySQL port 3306 open to the Internet.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "RBI-Cyber-Security-Framework": [ - "annex_i_1_3" - ], - "SOC2": [ - "cc_6_6" - ], - "C5-2025": [ - "PI-01.01AC" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.1", - "2.6.4", - "2.10.2" - ], - "CCC": [ - "CCC.MLDE.CN07.AR02" - ], - "ProwlerThreatScore-1.0": [ - "2.1.7" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP03" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "KISA-ISMS-P-2023": [ - "2.6.1", - "2.6.4", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1199", - "T1048", - "T1499", - "T1498", - "T1046" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306.", - "title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306.", - "types": [ - "Infrastructure Security" - ], - "uid": "prowler-aws-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306-211203495394-eu-west-1-sg-0a8033bb48cc40a41" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "ex-vpc-rds20251019183702376100000002", - "metadata": { - "name": "ex-vpc-rds20251019183702376100000002", - "region": "eu-west-1", - "arn": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-0a8033bb48cc40a41", - "id": "sg-0a8033bb48cc40a41", - "vpc_id": "vpc-007d791b9b857543e", - "associated_sgs": [], - "network_interfaces": [ - { - "id": "eni-0b0549e20044315f3", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0c5c806199955154b", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.60", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0c1065c914ddc0b88", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0f63eab8e95aa977f", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.100", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-00e49c1a350a96c62", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-05a60d3e43687578c", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.107", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - } - ], - "ingress_rules": [ - { - "IpProtocol": "tcp", - "FromPort": 5432, - "ToPort": 5432, - "UserIdGroupPairs": [], - "IpRanges": [ - { - "Description": "TLS from VPC", - "CidrIp": "10.0.0.0/16" - } - ], - "Ipv6Ranges": [], - "PrefixListIds": [] - } - ], - "egress_rules": [], - "tags": [ - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - } - ] - } - }, - "group": { - "name": "ec2" - }, - "labels": [ - "GithubOrg:terraform-aws-modules", - "Example:ex-vpc", - "GithubRepo:terraform-aws-vpc" - ], - "name": "sg-0a8033bb48cc40a41", - "type": "AwsEc2SecurityGroup", - "uid": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-0a8033bb48cc40a41" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", - "references": [ - "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" - ] - }, - "risk_details": "If Security groups are not properly configured the attack surface is increased.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Security group ex-vpc-vpc-endpoints-20251019183704849500000005 (sg-029c322294e89e3d0) does not have Oracle ports 1521 and 2483 open to the Internet.", - "metadata": { - "event_code": "ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Security group ex-vpc-vpc-endpoints-20251019183704849500000005 (sg-029c322294e89e3d0) does not have Oracle ports 1521 and 2483 open to the Internet.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_6_6" - ], - "C5-2025": [ - "PI-01.01AC" - ], - "AWS-Foundational-Technical-Review": [ - "NETSEC-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.1", - "2.6.4", - "2.10.2" - ], - "CCC": [ - "CCC.MLDE.CN07.AR02" - ], - "ProwlerThreatScore-1.0": [ - "2.1.7" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP03" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "KISA-ISMS-P-2023": [ - "2.6.1", - "2.6.4", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1199", - "T1048", - "T1499", - "T1498", - "T1046" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483.", - "title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483.", - "types": [ - "Infrastructure Security" - ], - "uid": "prowler-aws-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483-211203495394-eu-west-1-sg-029c322294e89e3d0" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "ex-vpc-vpc-endpoints-20251019183704849500000005", - "metadata": { - "name": "ex-vpc-vpc-endpoints-20251019183704849500000005", - "region": "eu-west-1", - "arn": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-029c322294e89e3d0", - "id": "sg-029c322294e89e3d0", - "vpc_id": "vpc-007d791b9b857543e", - "associated_sgs": [], - "network_interfaces": [ - { - "id": "eni-0b0549e20044315f3", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0c5c806199955154b", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.60", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0cc527ecbe7a26eaf", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0fbed747547fe0b21", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.9", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0cd4fcd4819d5a0b7", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-01492c978b95da32f", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.10", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0affc8cb976d281e4", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-02d80e2d22cb22d04", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.178", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0fa50413d12043097", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0c9f85f08db46cc47", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.143", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0ab252a7dc8378f9e", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-09dd4c839f588ef37", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.180", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0c1065c914ddc0b88", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0f63eab8e95aa977f", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.100", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0d52b90c56c30aaaf", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0543d816a10754034", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.10", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0b032bdd6415e28d2", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-069213b1daba0d2fa", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.130", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0412563bcfde47c07", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0a5da01736971c566", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.10", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-00e49c1a350a96c62", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-05a60d3e43687578c", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.107", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0eee78be32276dc65", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0cce8dafaabedfaa6", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.114", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - } - ], - "ingress_rules": [ - { - "IpProtocol": "tcp", - "FromPort": 443, - "ToPort": 443, - "UserIdGroupPairs": [], - "IpRanges": [ - { - "Description": "HTTPS from VPC", - "CidrIp": "10.0.0.0/16" - } - ], - "Ipv6Ranges": [], - "PrefixListIds": [] - } - ], - "egress_rules": [], - "tags": [ - { - "Key": "Project", - "Value": "Secret" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Name", - "Value": "ex-vpc-vpc-endpoints-" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Endpoint", - "Value": "true" - }, - { - "Key": "Example", - "Value": "ex-vpc" - } - ] - } - }, - "group": { - "name": "ec2" - }, - "labels": [ - "Project:Secret", - "GithubOrg:terraform-aws-modules", - "Name:ex-vpc-vpc-endpoints-", - "GithubRepo:terraform-aws-vpc", - "Endpoint:true", - "Example:ex-vpc" - ], - "name": "sg-029c322294e89e3d0", - "type": "AwsEc2SecurityGroup", - "uid": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-029c322294e89e3d0" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", - "references": [ - "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" - ] - }, - "risk_details": "If Security groups are not properly configured the attack surface is increased.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Security group ex-vpc-rds20251019183702376100000002 (sg-0a8033bb48cc40a41) does not have Oracle ports 1521 and 2483 open to the Internet.", - "metadata": { - "event_code": "ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Security group ex-vpc-rds20251019183702376100000002 (sg-0a8033bb48cc40a41) does not have Oracle ports 1521 and 2483 open to the Internet.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_6_6" - ], - "C5-2025": [ - "PI-01.01AC" - ], - "AWS-Foundational-Technical-Review": [ - "NETSEC-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.1", - "2.6.4", - "2.10.2" - ], - "CCC": [ - "CCC.MLDE.CN07.AR02" - ], - "ProwlerThreatScore-1.0": [ - "2.1.7" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP03" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "KISA-ISMS-P-2023": [ - "2.6.1", - "2.6.4", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1199", - "T1048", - "T1499", - "T1498", - "T1046" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483.", - "title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483.", - "types": [ - "Infrastructure Security" - ], - "uid": "prowler-aws-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483-211203495394-eu-west-1-sg-0a8033bb48cc40a41" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "ex-vpc-rds20251019183702376100000002", - "metadata": { - "name": "ex-vpc-rds20251019183702376100000002", - "region": "eu-west-1", - "arn": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-0a8033bb48cc40a41", - "id": "sg-0a8033bb48cc40a41", - "vpc_id": "vpc-007d791b9b857543e", - "associated_sgs": [], - "network_interfaces": [ - { - "id": "eni-0b0549e20044315f3", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0c5c806199955154b", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.60", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0c1065c914ddc0b88", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0f63eab8e95aa977f", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.100", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-00e49c1a350a96c62", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-05a60d3e43687578c", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.107", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - } - ], - "ingress_rules": [ - { - "IpProtocol": "tcp", - "FromPort": 5432, - "ToPort": 5432, - "UserIdGroupPairs": [], - "IpRanges": [ - { - "Description": "TLS from VPC", - "CidrIp": "10.0.0.0/16" - } - ], - "Ipv6Ranges": [], - "PrefixListIds": [] - } - ], - "egress_rules": [], - "tags": [ - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - } - ] - } - }, - "group": { - "name": "ec2" - }, - "labels": [ - "GithubOrg:terraform-aws-modules", - "Example:ex-vpc", - "GithubRepo:terraform-aws-vpc" - ], - "name": "sg-0a8033bb48cc40a41", - "type": "AwsEc2SecurityGroup", - "uid": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-0a8033bb48cc40a41" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", - "references": [ - "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" - ] - }, - "risk_details": "If Security groups are not properly configured the attack surface is increased.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Security group ex-vpc-vpc-endpoints-20251019183704849500000005 (sg-029c322294e89e3d0) does not have Postgres port 5432 open to the Internet.", - "metadata": { - "event_code": "ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Security group ex-vpc-vpc-endpoints-20251019183704849500000005 (sg-029c322294e89e3d0) does not have Postgres port 5432 open to the Internet.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_6_6" - ], - "C5-2025": [ - "PI-01.01AC" - ], - "AWS-Foundational-Technical-Review": [ - "NETSEC-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.1", - "2.6.4", - "2.10.2" - ], - "CCC": [ - "CCC.MLDE.CN07.AR02" - ], - "ProwlerThreatScore-1.0": [ - "2.1.7" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP03" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "KISA-ISMS-P-2023": [ - "2.6.1", - "2.6.4", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1199", - "T1048", - "T1499", - "T1498", - "T1046" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432.", - "title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432.", - "types": [ - "Infrastructure Security" - ], - "uid": "prowler-aws-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432-211203495394-eu-west-1-sg-029c322294e89e3d0" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "ex-vpc-vpc-endpoints-20251019183704849500000005", - "metadata": { - "name": "ex-vpc-vpc-endpoints-20251019183704849500000005", - "region": "eu-west-1", - "arn": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-029c322294e89e3d0", - "id": "sg-029c322294e89e3d0", - "vpc_id": "vpc-007d791b9b857543e", - "associated_sgs": [], - "network_interfaces": [ - { - "id": "eni-0b0549e20044315f3", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0c5c806199955154b", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.60", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0cc527ecbe7a26eaf", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0fbed747547fe0b21", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.9", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0cd4fcd4819d5a0b7", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-01492c978b95da32f", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.10", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0affc8cb976d281e4", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-02d80e2d22cb22d04", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.178", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0fa50413d12043097", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0c9f85f08db46cc47", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.143", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0ab252a7dc8378f9e", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-09dd4c839f588ef37", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.180", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0c1065c914ddc0b88", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0f63eab8e95aa977f", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.100", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0d52b90c56c30aaaf", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0543d816a10754034", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.10", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0b032bdd6415e28d2", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-069213b1daba0d2fa", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.130", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0412563bcfde47c07", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0a5da01736971c566", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.10", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-00e49c1a350a96c62", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-05a60d3e43687578c", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.107", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0eee78be32276dc65", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0cce8dafaabedfaa6", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.114", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - } - ], - "ingress_rules": [ - { - "IpProtocol": "tcp", - "FromPort": 443, - "ToPort": 443, - "UserIdGroupPairs": [], - "IpRanges": [ - { - "Description": "HTTPS from VPC", - "CidrIp": "10.0.0.0/16" - } - ], - "Ipv6Ranges": [], - "PrefixListIds": [] - } - ], - "egress_rules": [], - "tags": [ - { - "Key": "Project", - "Value": "Secret" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Name", - "Value": "ex-vpc-vpc-endpoints-" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Endpoint", - "Value": "true" - }, - { - "Key": "Example", - "Value": "ex-vpc" - } - ] - } - }, - "group": { - "name": "ec2" - }, - "labels": [ - "Project:Secret", - "GithubOrg:terraform-aws-modules", - "Name:ex-vpc-vpc-endpoints-", - "GithubRepo:terraform-aws-vpc", - "Endpoint:true", - "Example:ex-vpc" - ], - "name": "sg-029c322294e89e3d0", - "type": "AwsEc2SecurityGroup", - "uid": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-029c322294e89e3d0" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", - "references": [ - "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" - ] - }, - "risk_details": "If Security groups are not properly configured the attack surface is increased.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Security group ex-vpc-rds20251019183702376100000002 (sg-0a8033bb48cc40a41) does not have Postgres port 5432 open to the Internet.", - "metadata": { - "event_code": "ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Security group ex-vpc-rds20251019183702376100000002 (sg-0a8033bb48cc40a41) does not have Postgres port 5432 open to the Internet.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_6_6" - ], - "C5-2025": [ - "PI-01.01AC" - ], - "AWS-Foundational-Technical-Review": [ - "NETSEC-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.1", - "2.6.4", - "2.10.2" - ], - "CCC": [ - "CCC.MLDE.CN07.AR02" - ], - "ProwlerThreatScore-1.0": [ - "2.1.7" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP03" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "KISA-ISMS-P-2023": [ - "2.6.1", - "2.6.4", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1199", - "T1048", - "T1499", - "T1498", - "T1046" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432.", - "title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432.", - "types": [ - "Infrastructure Security" - ], - "uid": "prowler-aws-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432-211203495394-eu-west-1-sg-0a8033bb48cc40a41" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "ex-vpc-rds20251019183702376100000002", - "metadata": { - "name": "ex-vpc-rds20251019183702376100000002", - "region": "eu-west-1", - "arn": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-0a8033bb48cc40a41", - "id": "sg-0a8033bb48cc40a41", - "vpc_id": "vpc-007d791b9b857543e", - "associated_sgs": [], - "network_interfaces": [ - { - "id": "eni-0b0549e20044315f3", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0c5c806199955154b", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.60", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0c1065c914ddc0b88", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0f63eab8e95aa977f", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.100", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-00e49c1a350a96c62", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-05a60d3e43687578c", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.107", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - } - ], - "ingress_rules": [ - { - "IpProtocol": "tcp", - "FromPort": 5432, - "ToPort": 5432, - "UserIdGroupPairs": [], - "IpRanges": [ - { - "Description": "TLS from VPC", - "CidrIp": "10.0.0.0/16" - } - ], - "Ipv6Ranges": [], - "PrefixListIds": [] - } - ], - "egress_rules": [], - "tags": [ - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - } - ] - } - }, - "group": { - "name": "ec2" - }, - "labels": [ - "GithubOrg:terraform-aws-modules", - "Example:ex-vpc", - "GithubRepo:terraform-aws-vpc" - ], - "name": "sg-0a8033bb48cc40a41", - "type": "AwsEc2SecurityGroup", - "uid": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-0a8033bb48cc40a41" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", - "references": [ - "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" - ] - }, - "risk_details": "If Security groups are not properly configured the attack surface is increased.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Security group ex-vpc-vpc-endpoints-20251019183704849500000005 (sg-029c322294e89e3d0) does not have Redis port 6379 open to the Internet.", - "metadata": { - "event_code": "ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Security group ex-vpc-vpc-endpoints-20251019183704849500000005 (sg-029c322294e89e3d0) does not have Redis port 6379 open to the Internet.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_6_6" - ], - "C5-2025": [ - "PI-01.01AC" - ], - "AWS-Foundational-Technical-Review": [ - "NETSEC-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.1", - "2.6.4", - "2.10.2" - ], - "CCC": [ - "CCC.MLDE.CN07.AR02" - ], - "ProwlerThreatScore-1.0": [ - "2.1.7" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP03" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "KISA-ISMS-P-2023": [ - "2.6.1", - "2.6.4", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1199", - "T1048", - "T1499", - "T1498", - "T1046" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379.", - "title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379.", - "types": [ - "Infrastructure Security" - ], - "uid": "prowler-aws-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379-211203495394-eu-west-1-sg-029c322294e89e3d0" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "ex-vpc-vpc-endpoints-20251019183704849500000005", - "metadata": { - "name": "ex-vpc-vpc-endpoints-20251019183704849500000005", - "region": "eu-west-1", - "arn": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-029c322294e89e3d0", - "id": "sg-029c322294e89e3d0", - "vpc_id": "vpc-007d791b9b857543e", - "associated_sgs": [], - "network_interfaces": [ - { - "id": "eni-0b0549e20044315f3", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0c5c806199955154b", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.60", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0cc527ecbe7a26eaf", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0fbed747547fe0b21", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.9", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0cd4fcd4819d5a0b7", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-01492c978b95da32f", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.10", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0affc8cb976d281e4", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-02d80e2d22cb22d04", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.178", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0fa50413d12043097", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0c9f85f08db46cc47", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.143", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0ab252a7dc8378f9e", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-09dd4c839f588ef37", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.180", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0c1065c914ddc0b88", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0f63eab8e95aa977f", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.100", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0d52b90c56c30aaaf", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0543d816a10754034", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.10", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0b032bdd6415e28d2", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-069213b1daba0d2fa", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.130", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0412563bcfde47c07", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0a5da01736971c566", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.10", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-00e49c1a350a96c62", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-05a60d3e43687578c", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.107", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0eee78be32276dc65", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0cce8dafaabedfaa6", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.114", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - } - ], - "ingress_rules": [ - { - "IpProtocol": "tcp", - "FromPort": 443, - "ToPort": 443, - "UserIdGroupPairs": [], - "IpRanges": [ - { - "Description": "HTTPS from VPC", - "CidrIp": "10.0.0.0/16" - } - ], - "Ipv6Ranges": [], - "PrefixListIds": [] - } - ], - "egress_rules": [], - "tags": [ - { - "Key": "Project", - "Value": "Secret" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Name", - "Value": "ex-vpc-vpc-endpoints-" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Endpoint", - "Value": "true" - }, - { - "Key": "Example", - "Value": "ex-vpc" - } - ] - } - }, - "group": { - "name": "ec2" - }, - "labels": [ - "Project:Secret", - "GithubOrg:terraform-aws-modules", - "Name:ex-vpc-vpc-endpoints-", - "GithubRepo:terraform-aws-vpc", - "Endpoint:true", - "Example:ex-vpc" - ], - "name": "sg-029c322294e89e3d0", - "type": "AwsEc2SecurityGroup", - "uid": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-029c322294e89e3d0" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", - "references": [ - "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" - ] - }, - "risk_details": "If Security groups are not properly configured the attack surface is increased.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Security group ex-vpc-rds20251019183702376100000002 (sg-0a8033bb48cc40a41) does not have Redis port 6379 open to the Internet.", - "metadata": { - "event_code": "ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Security group ex-vpc-rds20251019183702376100000002 (sg-0a8033bb48cc40a41) does not have Redis port 6379 open to the Internet.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_6_6" - ], - "C5-2025": [ - "PI-01.01AC" - ], - "AWS-Foundational-Technical-Review": [ - "NETSEC-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.1", - "2.6.4", - "2.10.2" - ], - "CCC": [ - "CCC.MLDE.CN07.AR02" - ], - "ProwlerThreatScore-1.0": [ - "2.1.7" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP03" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "KISA-ISMS-P-2023": [ - "2.6.1", - "2.6.4", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1199", - "T1048", - "T1499", - "T1498", - "T1046" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379.", - "title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379.", - "types": [ - "Infrastructure Security" - ], - "uid": "prowler-aws-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379-211203495394-eu-west-1-sg-0a8033bb48cc40a41" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "ex-vpc-rds20251019183702376100000002", - "metadata": { - "name": "ex-vpc-rds20251019183702376100000002", - "region": "eu-west-1", - "arn": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-0a8033bb48cc40a41", - "id": "sg-0a8033bb48cc40a41", - "vpc_id": "vpc-007d791b9b857543e", - "associated_sgs": [], - "network_interfaces": [ - { - "id": "eni-0b0549e20044315f3", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0c5c806199955154b", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.60", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0c1065c914ddc0b88", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0f63eab8e95aa977f", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.100", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-00e49c1a350a96c62", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-05a60d3e43687578c", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.107", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - } - ], - "ingress_rules": [ - { - "IpProtocol": "tcp", - "FromPort": 5432, - "ToPort": 5432, - "UserIdGroupPairs": [], - "IpRanges": [ - { - "Description": "TLS from VPC", - "CidrIp": "10.0.0.0/16" - } - ], - "Ipv6Ranges": [], - "PrefixListIds": [] - } - ], - "egress_rules": [], - "tags": [ - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - } - ] - } - }, - "group": { - "name": "ec2" - }, - "labels": [ - "GithubOrg:terraform-aws-modules", - "Example:ex-vpc", - "GithubRepo:terraform-aws-vpc" - ], - "name": "sg-0a8033bb48cc40a41", - "type": "AwsEc2SecurityGroup", - "uid": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-0a8033bb48cc40a41" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", - "references": [ - "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" - ] - }, - "risk_details": "If Security groups are not properly configured the attack surface is increased.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Security group ex-vpc-vpc-endpoints-20251019183704849500000005 (sg-029c322294e89e3d0) does not have Microsoft SQL Server ports 1433 and 1434 open to the Internet.", - "metadata": { - "event_code": "ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Security group ex-vpc-vpc-endpoints-20251019183704849500000005 (sg-029c322294e89e3d0) does not have Microsoft SQL Server ports 1433 and 1434 open to the Internet.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_6_6" - ], - "C5-2025": [ - "PI-01.01AC" - ], - "AWS-Foundational-Technical-Review": [ - "NETSEC-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.1", - "2.6.4", - "2.10.2" - ], - "ProwlerThreatScore-1.0": [ - "2.1.7" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP03" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "KISA-ISMS-P-2023": [ - "2.6.1", - "2.6.4", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1199", - "T1048", - "T1499", - "T1498", - "T1046" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434.", - "title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434.", - "types": [ - "Infrastructure Security" - ], - "uid": "prowler-aws-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434-211203495394-eu-west-1-sg-029c322294e89e3d0" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "ex-vpc-vpc-endpoints-20251019183704849500000005", - "metadata": { - "name": "ex-vpc-vpc-endpoints-20251019183704849500000005", - "region": "eu-west-1", - "arn": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-029c322294e89e3d0", - "id": "sg-029c322294e89e3d0", - "vpc_id": "vpc-007d791b9b857543e", - "associated_sgs": [], - "network_interfaces": [ - { - "id": "eni-0b0549e20044315f3", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0c5c806199955154b", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.60", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0cc527ecbe7a26eaf", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0fbed747547fe0b21", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.9", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0cd4fcd4819d5a0b7", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-01492c978b95da32f", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.10", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0affc8cb976d281e4", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-02d80e2d22cb22d04", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.178", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0fa50413d12043097", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0c9f85f08db46cc47", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.143", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0ab252a7dc8378f9e", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-09dd4c839f588ef37", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.180", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0c1065c914ddc0b88", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0f63eab8e95aa977f", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.100", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0d52b90c56c30aaaf", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0543d816a10754034", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.10", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0b032bdd6415e28d2", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-069213b1daba0d2fa", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.130", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0412563bcfde47c07", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0a5da01736971c566", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.10", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-00e49c1a350a96c62", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-05a60d3e43687578c", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.107", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0eee78be32276dc65", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0cce8dafaabedfaa6", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.114", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - } - ], - "ingress_rules": [ - { - "IpProtocol": "tcp", - "FromPort": 443, - "ToPort": 443, - "UserIdGroupPairs": [], - "IpRanges": [ - { - "Description": "HTTPS from VPC", - "CidrIp": "10.0.0.0/16" - } - ], - "Ipv6Ranges": [], - "PrefixListIds": [] - } - ], - "egress_rules": [], - "tags": [ - { - "Key": "Project", - "Value": "Secret" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Name", - "Value": "ex-vpc-vpc-endpoints-" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Endpoint", - "Value": "true" - }, - { - "Key": "Example", - "Value": "ex-vpc" - } - ] - } - }, - "group": { - "name": "ec2" - }, - "labels": [ - "Project:Secret", - "GithubOrg:terraform-aws-modules", - "Name:ex-vpc-vpc-endpoints-", - "GithubRepo:terraform-aws-vpc", - "Endpoint:true", - "Example:ex-vpc" - ], - "name": "sg-029c322294e89e3d0", - "type": "AwsEc2SecurityGroup", - "uid": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-029c322294e89e3d0" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", - "references": [ - "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" - ] - }, - "risk_details": "If Security groups are not properly configured the attack surface is increased.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Security group ex-vpc-rds20251019183702376100000002 (sg-0a8033bb48cc40a41) does not have Microsoft SQL Server ports 1433 and 1434 open to the Internet.", - "metadata": { - "event_code": "ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Security group ex-vpc-rds20251019183702376100000002 (sg-0a8033bb48cc40a41) does not have Microsoft SQL Server ports 1433 and 1434 open to the Internet.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_6_6" - ], - "C5-2025": [ - "PI-01.01AC" - ], - "AWS-Foundational-Technical-Review": [ - "NETSEC-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.1", - "2.6.4", - "2.10.2" - ], - "ProwlerThreatScore-1.0": [ - "2.1.7" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP03" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "KISA-ISMS-P-2023": [ - "2.6.1", - "2.6.4", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1199", - "T1048", - "T1499", - "T1498", - "T1046" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434.", - "title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434.", - "types": [ - "Infrastructure Security" - ], - "uid": "prowler-aws-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434-211203495394-eu-west-1-sg-0a8033bb48cc40a41" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "ex-vpc-rds20251019183702376100000002", - "metadata": { - "name": "ex-vpc-rds20251019183702376100000002", - "region": "eu-west-1", - "arn": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-0a8033bb48cc40a41", - "id": "sg-0a8033bb48cc40a41", - "vpc_id": "vpc-007d791b9b857543e", - "associated_sgs": [], - "network_interfaces": [ - { - "id": "eni-0b0549e20044315f3", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0c5c806199955154b", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.60", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0c1065c914ddc0b88", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0f63eab8e95aa977f", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.100", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-00e49c1a350a96c62", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-05a60d3e43687578c", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.107", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - } - ], - "ingress_rules": [ - { - "IpProtocol": "tcp", - "FromPort": 5432, - "ToPort": 5432, - "UserIdGroupPairs": [], - "IpRanges": [ - { - "Description": "TLS from VPC", - "CidrIp": "10.0.0.0/16" - } - ], - "Ipv6Ranges": [], - "PrefixListIds": [] - } - ], - "egress_rules": [], - "tags": [ - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - } - ] - } - }, - "group": { - "name": "ec2" - }, - "labels": [ - "GithubOrg:terraform-aws-modules", - "Example:ex-vpc", - "GithubRepo:terraform-aws-vpc" - ], - "name": "sg-0a8033bb48cc40a41", - "type": "AwsEc2SecurityGroup", - "uid": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-0a8033bb48cc40a41" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", - "references": [ - "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" - ] - }, - "risk_details": "If Security groups are not properly configured the attack surface is increased.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Security group ex-vpc-vpc-endpoints-20251019183704849500000005 (sg-029c322294e89e3d0) does not have Telnet port 23 open to the Internet.", - "metadata": { - "event_code": "ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Security group ex-vpc-vpc-endpoints-20251019183704849500000005 (sg-029c322294e89e3d0) does not have Telnet port 23 open to the Internet.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_6_6" - ], - "C5-2025": [ - "PI-01.01AC" - ], - "AWS-Foundational-Technical-Review": [ - "NETSEC-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.1", - "2.6.2", - "2.6.6", - "2.10.2" - ], - "CCC": [ - "CCC.Core.CN01.AR03" - ], - "ProwlerThreatScore-1.0": [ - "2.1.7" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP03" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "KISA-ISMS-P-2023": [ - "2.6.1", - "2.6.2", - "2.6.6", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1199", - "T1048", - "T1499", - "T1498", - "T1046" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23.", - "title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23.", - "types": [ - "Infrastructure Security" - ], - "uid": "prowler-aws-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23-211203495394-eu-west-1-sg-029c322294e89e3d0" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "ex-vpc-vpc-endpoints-20251019183704849500000005", - "metadata": { - "name": "ex-vpc-vpc-endpoints-20251019183704849500000005", - "region": "eu-west-1", - "arn": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-029c322294e89e3d0", - "id": "sg-029c322294e89e3d0", - "vpc_id": "vpc-007d791b9b857543e", - "associated_sgs": [], - "network_interfaces": [ - { - "id": "eni-0b0549e20044315f3", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0c5c806199955154b", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.60", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0cc527ecbe7a26eaf", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0fbed747547fe0b21", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.9", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0cd4fcd4819d5a0b7", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-01492c978b95da32f", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.10", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0affc8cb976d281e4", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-02d80e2d22cb22d04", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.178", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0fa50413d12043097", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0c9f85f08db46cc47", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.143", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0ab252a7dc8378f9e", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-09dd4c839f588ef37", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.180", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0c1065c914ddc0b88", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0f63eab8e95aa977f", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.100", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0d52b90c56c30aaaf", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0543d816a10754034", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.10", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0b032bdd6415e28d2", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-069213b1daba0d2fa", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.130", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0412563bcfde47c07", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0a5da01736971c566", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.10", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-00e49c1a350a96c62", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-05a60d3e43687578c", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.107", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0eee78be32276dc65", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0cce8dafaabedfaa6", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.114", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - } - ], - "ingress_rules": [ - { - "IpProtocol": "tcp", - "FromPort": 443, - "ToPort": 443, - "UserIdGroupPairs": [], - "IpRanges": [ - { - "Description": "HTTPS from VPC", - "CidrIp": "10.0.0.0/16" - } - ], - "Ipv6Ranges": [], - "PrefixListIds": [] - } - ], - "egress_rules": [], - "tags": [ - { - "Key": "Project", - "Value": "Secret" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Name", - "Value": "ex-vpc-vpc-endpoints-" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Endpoint", - "Value": "true" - }, - { - "Key": "Example", - "Value": "ex-vpc" - } - ] - } - }, - "group": { - "name": "ec2" - }, - "labels": [ - "Project:Secret", - "GithubOrg:terraform-aws-modules", - "Name:ex-vpc-vpc-endpoints-", - "GithubRepo:terraform-aws-vpc", - "Endpoint:true", - "Example:ex-vpc" - ], - "name": "sg-029c322294e89e3d0", - "type": "AwsEc2SecurityGroup", - "uid": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-029c322294e89e3d0" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", - "references": [ - "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" - ] - }, - "risk_details": "If Security groups are not properly configured the attack surface is increased.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Security group ex-vpc-rds20251019183702376100000002 (sg-0a8033bb48cc40a41) does not have Telnet port 23 open to the Internet.", - "metadata": { - "event_code": "ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Security group ex-vpc-rds20251019183702376100000002 (sg-0a8033bb48cc40a41) does not have Telnet port 23 open to the Internet.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_6_6" - ], - "C5-2025": [ - "PI-01.01AC" - ], - "AWS-Foundational-Technical-Review": [ - "NETSEC-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.1", - "2.6.2", - "2.6.6", - "2.10.2" - ], - "CCC": [ - "CCC.Core.CN01.AR03" - ], - "ProwlerThreatScore-1.0": [ - "2.1.7" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP03" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "KISA-ISMS-P-2023": [ - "2.6.1", - "2.6.2", - "2.6.6", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1199", - "T1048", - "T1499", - "T1498", - "T1046" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23.", - "title": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23.", - "types": [ - "Infrastructure Security" - ], - "uid": "prowler-aws-ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23-211203495394-eu-west-1-sg-0a8033bb48cc40a41" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "ex-vpc-rds20251019183702376100000002", - "metadata": { - "name": "ex-vpc-rds20251019183702376100000002", - "region": "eu-west-1", - "arn": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-0a8033bb48cc40a41", - "id": "sg-0a8033bb48cc40a41", - "vpc_id": "vpc-007d791b9b857543e", - "associated_sgs": [], - "network_interfaces": [ - { - "id": "eni-0b0549e20044315f3", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0c5c806199955154b", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.60", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0c1065c914ddc0b88", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0f63eab8e95aa977f", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.100", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-00e49c1a350a96c62", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-05a60d3e43687578c", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.107", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - } - ], - "ingress_rules": [ - { - "IpProtocol": "tcp", - "FromPort": 5432, - "ToPort": 5432, - "UserIdGroupPairs": [], - "IpRanges": [ - { - "Description": "TLS from VPC", - "CidrIp": "10.0.0.0/16" - } - ], - "Ipv6Ranges": [], - "PrefixListIds": [] - } - ], - "egress_rules": [], - "tags": [ - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - } - ] - } - }, - "group": { - "name": "ec2" - }, - "labels": [ - "GithubOrg:terraform-aws-modules", - "Example:ex-vpc", - "GithubRepo:terraform-aws-vpc" - ], - "name": "sg-0a8033bb48cc40a41", - "type": "AwsEc2SecurityGroup", - "uid": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-0a8033bb48cc40a41" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", - "references": [ - "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" - ] - }, - "risk_details": "If Security groups are not properly configured the attack surface is increased.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Security group ex-vpc-vpc-endpoints-20251019183704849500000005 (sg-029c322294e89e3d0) has no potential wide-open non-RFC1918 address.", - "metadata": { - "event_code": "ec2_securitygroup_allow_wide_open_public_ipv4", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Security group ex-vpc-vpc-endpoints-20251019183704849500000005 (sg-029c322294e89e3d0) has no potential wide-open non-RFC1918 address.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_6_6" - ], - "C5-2025": [ - "PS-03.02B" - ], - "AWS-Foundational-Technical-Review": [ - "NETSEC-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.1", - "2.10.2" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC03-BP07" - ], - "ISO27001-2022": [ - "A.8.1", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "KISA-ISMS-P-2023": [ - "2.6.1", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure no security groups allow ingress and egress from wide-open IP address with a mask between 0 and 24.", - "title": "Ensure no security groups allow ingress and egress from wide-open IP address with a mask between 0 and 24.", - "types": [ - "Infrastructure Security" - ], - "uid": "prowler-aws-ec2_securitygroup_allow_wide_open_public_ipv4-211203495394-eu-west-1-sg-029c322294e89e3d0" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "ex-vpc-vpc-endpoints-20251019183704849500000005", - "metadata": { - "name": "ex-vpc-vpc-endpoints-20251019183704849500000005", - "region": "eu-west-1", - "arn": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-029c322294e89e3d0", - "id": "sg-029c322294e89e3d0", - "vpc_id": "vpc-007d791b9b857543e", - "associated_sgs": [], - "network_interfaces": [ - { - "id": "eni-0b0549e20044315f3", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0c5c806199955154b", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.60", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0cc527ecbe7a26eaf", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0fbed747547fe0b21", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.9", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0cd4fcd4819d5a0b7", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-01492c978b95da32f", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.10", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0affc8cb976d281e4", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-02d80e2d22cb22d04", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.178", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0fa50413d12043097", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0c9f85f08db46cc47", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.143", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0ab252a7dc8378f9e", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-09dd4c839f588ef37", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.180", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0c1065c914ddc0b88", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0f63eab8e95aa977f", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.100", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0d52b90c56c30aaaf", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0543d816a10754034", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.10", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0b032bdd6415e28d2", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-069213b1daba0d2fa", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.130", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0412563bcfde47c07", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0a5da01736971c566", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.10", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-00e49c1a350a96c62", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-05a60d3e43687578c", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.107", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0eee78be32276dc65", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0cce8dafaabedfaa6", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.114", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - } - ], - "ingress_rules": [ - { - "IpProtocol": "tcp", - "FromPort": 443, - "ToPort": 443, - "UserIdGroupPairs": [], - "IpRanges": [ - { - "Description": "HTTPS from VPC", - "CidrIp": "10.0.0.0/16" - } - ], - "Ipv6Ranges": [], - "PrefixListIds": [] - } - ], - "egress_rules": [], - "tags": [ - { - "Key": "Project", - "Value": "Secret" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Name", - "Value": "ex-vpc-vpc-endpoints-" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Endpoint", - "Value": "true" - }, - { - "Key": "Example", - "Value": "ex-vpc" - } - ] - } - }, - "group": { - "name": "ec2" - }, - "labels": [ - "Project:Secret", - "GithubOrg:terraform-aws-modules", - "Name:ex-vpc-vpc-endpoints-", - "GithubRepo:terraform-aws-vpc", - "Endpoint:true", - "Example:ex-vpc" - ], - "name": "sg-029c322294e89e3d0", - "type": "AwsEc2SecurityGroup", - "uid": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-029c322294e89e3d0" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", - "references": [ - "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" - ] - }, - "risk_details": "If Security groups are not properly configured the attack surface is increased.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Security group ex-vpc-rds20251019183702376100000002 (sg-0a8033bb48cc40a41) has no potential wide-open non-RFC1918 address.", - "metadata": { - "event_code": "ec2_securitygroup_allow_wide_open_public_ipv4", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Security group ex-vpc-rds20251019183702376100000002 (sg-0a8033bb48cc40a41) has no potential wide-open non-RFC1918 address.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_6_6" - ], - "C5-2025": [ - "PS-03.02B" - ], - "AWS-Foundational-Technical-Review": [ - "NETSEC-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.1", - "2.10.2" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC03-BP07" - ], - "ISO27001-2022": [ - "A.8.1", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "KISA-ISMS-P-2023": [ - "2.6.1", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure no security groups allow ingress and egress from wide-open IP address with a mask between 0 and 24.", - "title": "Ensure no security groups allow ingress and egress from wide-open IP address with a mask between 0 and 24.", - "types": [ - "Infrastructure Security" - ], - "uid": "prowler-aws-ec2_securitygroup_allow_wide_open_public_ipv4-211203495394-eu-west-1-sg-0a8033bb48cc40a41" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "ex-vpc-rds20251019183702376100000002", - "metadata": { - "name": "ex-vpc-rds20251019183702376100000002", - "region": "eu-west-1", - "arn": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-0a8033bb48cc40a41", - "id": "sg-0a8033bb48cc40a41", - "vpc_id": "vpc-007d791b9b857543e", - "associated_sgs": [], - "network_interfaces": [ - { - "id": "eni-0b0549e20044315f3", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0c5c806199955154b", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.60", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0c1065c914ddc0b88", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0f63eab8e95aa977f", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.100", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-00e49c1a350a96c62", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-05a60d3e43687578c", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.107", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - } - ], - "ingress_rules": [ - { - "IpProtocol": "tcp", - "FromPort": 5432, - "ToPort": 5432, - "UserIdGroupPairs": [], - "IpRanges": [ - { - "Description": "TLS from VPC", - "CidrIp": "10.0.0.0/16" - } - ], - "Ipv6Ranges": [], - "PrefixListIds": [] - } - ], - "egress_rules": [], - "tags": [ - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - } - ] - } - }, - "group": { - "name": "ec2" - }, - "labels": [ - "GithubOrg:terraform-aws-modules", - "Example:ex-vpc", - "GithubRepo:terraform-aws-vpc" - ], - "name": "sg-0a8033bb48cc40a41", - "type": "AwsEc2SecurityGroup", - "uid": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-0a8033bb48cc40a41" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", - "references": [ - "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" - ] - }, - "risk_details": "If Security groups are not properly configured the attack surface is increased.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Security group ex-vpc-vpc-endpoints-20251019183704849500000005 (sg-029c322294e89e3d0) was not created using the EC2 Launch Wizard.", - "metadata": { - "event_code": "ec2_securitygroup_from_launch_wizard", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Security group ex-vpc-vpc-endpoints-20251019183704849500000005 (sg-029c322294e89e3d0) was not created using the EC2 Launch Wizard.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.com.1.aws.sg.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP03" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "KISA-ISMS-P-2023": [ - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Security Groups created by EC2 Launch Wizard.", - "title": "Security Groups created by EC2 Launch Wizard.", - "types": [ - "Infrastructure Security" - ], - "uid": "prowler-aws-ec2_securitygroup_from_launch_wizard-211203495394-eu-west-1-sg-029c322294e89e3d0" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "ex-vpc-vpc-endpoints-20251019183704849500000005", - "metadata": { - "name": "ex-vpc-vpc-endpoints-20251019183704849500000005", - "region": "eu-west-1", - "arn": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-029c322294e89e3d0", - "id": "sg-029c322294e89e3d0", - "vpc_id": "vpc-007d791b9b857543e", - "associated_sgs": [], - "network_interfaces": [ - { - "id": "eni-0b0549e20044315f3", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0c5c806199955154b", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.60", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0cc527ecbe7a26eaf", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0fbed747547fe0b21", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.9", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0cd4fcd4819d5a0b7", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-01492c978b95da32f", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.10", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0affc8cb976d281e4", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-02d80e2d22cb22d04", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.178", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0fa50413d12043097", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0c9f85f08db46cc47", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.143", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0ab252a7dc8378f9e", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-09dd4c839f588ef37", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.180", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0c1065c914ddc0b88", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0f63eab8e95aa977f", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.100", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0d52b90c56c30aaaf", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0543d816a10754034", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.10", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0b032bdd6415e28d2", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-069213b1daba0d2fa", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.130", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0412563bcfde47c07", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0a5da01736971c566", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.10", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-00e49c1a350a96c62", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-05a60d3e43687578c", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.107", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0eee78be32276dc65", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0cce8dafaabedfaa6", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.114", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - } - ], - "ingress_rules": [ - { - "IpProtocol": "tcp", - "FromPort": 443, - "ToPort": 443, - "UserIdGroupPairs": [], - "IpRanges": [ - { - "Description": "HTTPS from VPC", - "CidrIp": "10.0.0.0/16" - } - ], - "Ipv6Ranges": [], - "PrefixListIds": [] - } - ], - "egress_rules": [], - "tags": [ - { - "Key": "Project", - "Value": "Secret" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Name", - "Value": "ex-vpc-vpc-endpoints-" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Endpoint", - "Value": "true" - }, - { - "Key": "Example", - "Value": "ex-vpc" - } - ] - } - }, - "group": { - "name": "ec2" - }, - "labels": [ - "Project:Secret", - "GithubOrg:terraform-aws-modules", - "Name:ex-vpc-vpc-endpoints-", - "GithubRepo:terraform-aws-vpc", - "Endpoint:true", - "Example:ex-vpc" - ], - "name": "sg-029c322294e89e3d0", - "type": "AwsEc2SecurityGroup", - "uid": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-029c322294e89e3d0" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group.", - "references": [ - "https://docs.aws.amazon.com/eks/latest/userguide/sec-group-reqs.html" - ] - }, - "risk_details": "Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Security group default (sg-0be54092870e08359) was not created using the EC2 Launch Wizard.", - "metadata": { - "event_code": "ec2_securitygroup_from_launch_wizard", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Security group default (sg-0be54092870e08359) was not created using the EC2 Launch Wizard.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.com.1.aws.sg.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP03" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "KISA-ISMS-P-2023": [ - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Security Groups created by EC2 Launch Wizard.", - "title": "Security Groups created by EC2 Launch Wizard.", - "types": [ - "Infrastructure Security" - ], - "uid": "prowler-aws-ec2_securitygroup_from_launch_wizard-211203495394-eu-west-1-sg-0be54092870e08359" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "default", - "metadata": { - "name": "default", - "region": "eu-west-1", - "arn": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-0be54092870e08359", - "id": "sg-0be54092870e08359", - "vpc_id": "vpc-007d791b9b857543e", - "associated_sgs": [ - "sg-0be54092870e08359" - ], - "network_interfaces": [], - "ingress_rules": [ - { - "IpProtocol": "-1", - "UserIdGroupPairs": [ - { - "UserId": "211203495394", - "GroupId": "sg-0be54092870e08359" - } - ], - "IpRanges": [], - "Ipv6Ranges": [], - "PrefixListIds": [] - } - ], - "egress_rules": [ - { - "IpProtocol": "-1", - "UserIdGroupPairs": [], - "IpRanges": [ - { - "CidrIp": "0.0.0.0/0" - } - ], - "Ipv6Ranges": [], - "PrefixListIds": [] - } - ], - "tags": null - } - }, - "group": { - "name": "ec2" - }, - "labels": [], - "name": "sg-0be54092870e08359", - "type": "AwsEc2SecurityGroup", - "uid": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-0be54092870e08359" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group.", - "references": [ - "https://docs.aws.amazon.com/eks/latest/userguide/sec-group-reqs.html" - ] - }, - "risk_details": "Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Security group ex-vpc-rds20251019183702376100000002 (sg-0a8033bb48cc40a41) was not created using the EC2 Launch Wizard.", - "metadata": { - "event_code": "ec2_securitygroup_from_launch_wizard", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Security group ex-vpc-rds20251019183702376100000002 (sg-0a8033bb48cc40a41) was not created using the EC2 Launch Wizard.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.com.1.aws.sg.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP03" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "KISA-ISMS-P-2023": [ - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Security Groups created by EC2 Launch Wizard.", - "title": "Security Groups created by EC2 Launch Wizard.", - "types": [ - "Infrastructure Security" - ], - "uid": "prowler-aws-ec2_securitygroup_from_launch_wizard-211203495394-eu-west-1-sg-0a8033bb48cc40a41" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "ex-vpc-rds20251019183702376100000002", - "metadata": { - "name": "ex-vpc-rds20251019183702376100000002", - "region": "eu-west-1", - "arn": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-0a8033bb48cc40a41", - "id": "sg-0a8033bb48cc40a41", - "vpc_id": "vpc-007d791b9b857543e", - "associated_sgs": [], - "network_interfaces": [ - { - "id": "eni-0b0549e20044315f3", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0c5c806199955154b", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.60", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0c1065c914ddc0b88", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0f63eab8e95aa977f", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.100", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-00e49c1a350a96c62", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-05a60d3e43687578c", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.107", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - } - ], - "ingress_rules": [ - { - "IpProtocol": "tcp", - "FromPort": 5432, - "ToPort": 5432, - "UserIdGroupPairs": [], - "IpRanges": [ - { - "Description": "TLS from VPC", - "CidrIp": "10.0.0.0/16" - } - ], - "Ipv6Ranges": [], - "PrefixListIds": [] - } - ], - "egress_rules": [], - "tags": [ - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - } - ] - } - }, - "group": { - "name": "ec2" - }, - "labels": [ - "GithubOrg:terraform-aws-modules", - "Example:ex-vpc", - "GithubRepo:terraform-aws-vpc" - ], - "name": "sg-0a8033bb48cc40a41", - "type": "AwsEc2SecurityGroup", - "uid": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-0a8033bb48cc40a41" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group.", - "references": [ - "https://docs.aws.amazon.com/eks/latest/userguide/sec-group-reqs.html" - ] - }, - "risk_details": "Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Security group ex-rds-20251019171856241300000005 (sg-0c3aaf7337434df0c) was not created using the EC2 Launch Wizard.", - "metadata": { - "event_code": "ec2_securitygroup_from_launch_wizard", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Security group ex-rds-20251019171856241300000005 (sg-0c3aaf7337434df0c) was not created using the EC2 Launch Wizard.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.com.1.aws.sg.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP03" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "KISA-ISMS-P-2023": [ - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Security Groups created by EC2 Launch Wizard.", - "title": "Security Groups created by EC2 Launch Wizard.", - "types": [ - "Infrastructure Security" - ], - "uid": "prowler-aws-ec2_securitygroup_from_launch_wizard-211203495394-eu-west-1-sg-0c3aaf7337434df0c" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "ex-rds-20251019171856241300000005", - "metadata": { - "name": "ex-rds-20251019171856241300000005", - "region": "eu-west-1", - "arn": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-0c3aaf7337434df0c", - "id": "sg-0c3aaf7337434df0c", - "vpc_id": "vpc-0db221deba515d6c7", - "associated_sgs": [], - "network_interfaces": [], - "ingress_rules": [ - { - "IpProtocol": "tcp", - "FromPort": 5432, - "ToPort": 5432, - "UserIdGroupPairs": [], - "IpRanges": [ - { - "CidrIp": "10.0.3.0/24" - }, - { - "CidrIp": "10.0.4.0/24" - }, - { - "CidrIp": "10.0.5.0/24" - } - ], - "Ipv6Ranges": [], - "PrefixListIds": [] - } - ], - "egress_rules": [ - { - "IpProtocol": "tcp", - "FromPort": 5432, - "ToPort": 5432, - "UserIdGroupPairs": [], - "IpRanges": [ - { - "Description": "Egress to corporate printer closet", - "CidrIp": "10.33.0.0/28" - } - ], - "Ipv6Ranges": [], - "PrefixListIds": [] - } - ], - "tags": [ - { - "Key": "Name", - "Value": "ex-rds" - }, - { - "Key": "Example", - "Value": "ex-rds" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-rds-aurora" - } - ] - } - }, - "group": { - "name": "ec2" - }, - "labels": [ - "Name:ex-rds", - "Example:ex-rds", - "GithubOrg:terraform-aws-modules", - "GithubRepo:terraform-aws-rds-aurora" - ], - "name": "sg-0c3aaf7337434df0c", - "type": "AwsEc2SecurityGroup", - "uid": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-0c3aaf7337434df0c" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group.", - "references": [ - "https://docs.aws.amazon.com/eks/latest/userguide/sec-group-reqs.html" - ] - }, - "risk_details": "Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Security group default (sg-098d463ddc66b09b5) was not created using the EC2 Launch Wizard.", - "metadata": { - "event_code": "ec2_securitygroup_from_launch_wizard", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Security group default (sg-098d463ddc66b09b5) was not created using the EC2 Launch Wizard.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.com.1.aws.sg.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP03" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "KISA-ISMS-P-2023": [ - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Security Groups created by EC2 Launch Wizard.", - "title": "Security Groups created by EC2 Launch Wizard.", - "types": [ - "Infrastructure Security" - ], - "uid": "prowler-aws-ec2_securitygroup_from_launch_wizard-211203495394-eu-west-1-sg-098d463ddc66b09b5" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "default", - "metadata": { - "name": "default", - "region": "eu-west-1", - "arn": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-098d463ddc66b09b5", - "id": "sg-098d463ddc66b09b5", - "vpc_id": "vpc-0db221deba515d6c7", - "associated_sgs": [], - "network_interfaces": [], - "ingress_rules": [], - "egress_rules": [], - "tags": [ - { - "Key": "Example", - "Value": "ex-rds" - }, - { - "Key": "Name", - "Value": "ex-rds-default" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-rds-aurora" - } - ] - } - }, - "group": { - "name": "ec2" - }, - "labels": [ - "Example:ex-rds", - "Name:ex-rds-default", - "GithubOrg:terraform-aws-modules", - "GithubRepo:terraform-aws-rds-aurora" - ], - "name": "sg-098d463ddc66b09b5", - "type": "AwsEc2SecurityGroup", - "uid": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-098d463ddc66b09b5" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group.", - "references": [ - "https://docs.aws.amazon.com/eks/latest/userguide/sec-group-reqs.html" - ] - }, - "risk_details": "Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Security group ex-vpc-vpc-endpoints-20251019183704849500000005 (sg-029c322294e89e3d0) it is being used.", - "metadata": { - "event_code": "ec2_securitygroup_not_used", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "PASS", - "status_detail": "Security group ex-vpc-vpc-endpoints-20251019183704849500000005 (sg-029c322294e89e3d0) it is being used.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.com.1.aws.sg.3" - ], - "AWS-Foundational-Technical-Review": [ - "NETSEC-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2" - ], - "AWS-Foundational-Security-Best-Practices": [ - "EC2.22" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP03" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "KISA-ISMS-P-2023": [ - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure there are no Security Groups not being used.", - "title": "Ensure there are no Security Groups not being used.", - "types": [ - "Infrastructure Security" - ], - "uid": "prowler-aws-ec2_securitygroup_not_used-211203495394-eu-west-1-sg-029c322294e89e3d0" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "ex-vpc-vpc-endpoints-20251019183704849500000005", - "metadata": { - "name": "ex-vpc-vpc-endpoints-20251019183704849500000005", - "region": "eu-west-1", - "arn": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-029c322294e89e3d0", - "id": "sg-029c322294e89e3d0", - "vpc_id": "vpc-007d791b9b857543e", - "associated_sgs": [], - "network_interfaces": [ - { - "id": "eni-0b0549e20044315f3", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0c5c806199955154b", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.60", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0cc527ecbe7a26eaf", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0fbed747547fe0b21", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.9", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0cd4fcd4819d5a0b7", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-01492c978b95da32f", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.10", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0affc8cb976d281e4", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-02d80e2d22cb22d04", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.178", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0fa50413d12043097", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0c9f85f08db46cc47", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.143", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0ab252a7dc8378f9e", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-09dd4c839f588ef37", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.180", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0c1065c914ddc0b88", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0f63eab8e95aa977f", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.100", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0d52b90c56c30aaaf", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0543d816a10754034", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.10", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0b032bdd6415e28d2", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-069213b1daba0d2fa", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.130", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0412563bcfde47c07", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0a5da01736971c566", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.10", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-00e49c1a350a96c62", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-05a60d3e43687578c", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.107", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0eee78be32276dc65", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0cce8dafaabedfaa6", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.114", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - } - ], - "ingress_rules": [ - { - "IpProtocol": "tcp", - "FromPort": 443, - "ToPort": 443, - "UserIdGroupPairs": [], - "IpRanges": [ - { - "Description": "HTTPS from VPC", - "CidrIp": "10.0.0.0/16" - } - ], - "Ipv6Ranges": [], - "PrefixListIds": [] - } - ], - "egress_rules": [], - "tags": [ - { - "Key": "Project", - "Value": "Secret" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Name", - "Value": "ex-vpc-vpc-endpoints-" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Endpoint", - "Value": "true" - }, - { - "Key": "Example", - "Value": "ex-vpc" - } - ] - } - }, - "group": { - "name": "ec2" - }, - "labels": [ - "Project:Secret", - "GithubOrg:terraform-aws-modules", - "Name:ex-vpc-vpc-endpoints-", - "GithubRepo:terraform-aws-vpc", - "Endpoint:true", - "Example:ex-vpc" - ], - "name": "sg-029c322294e89e3d0", - "type": "AwsEc2SecurityGroup", - "uid": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-029c322294e89e3d0" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "List all the security groups and then use the cli to check if they are attached to an instance.", - "references": [ - "https://aws.amazon.com/premiumsupport/knowledge-center/ec2-find-security-group-resources/" - ] - }, - "risk_details": "Having clear definition and scope for Security Groups creates a better administration environment.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Security group ex-vpc-rds20251019183702376100000002 (sg-0a8033bb48cc40a41) it is being used.", - "metadata": { - "event_code": "ec2_securitygroup_not_used", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "PASS", - "status_detail": "Security group ex-vpc-rds20251019183702376100000002 (sg-0a8033bb48cc40a41) it is being used.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.com.1.aws.sg.3" - ], - "AWS-Foundational-Technical-Review": [ - "NETSEC-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2" - ], - "AWS-Foundational-Security-Best-Practices": [ - "EC2.22" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP03" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "KISA-ISMS-P-2023": [ - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure there are no Security Groups not being used.", - "title": "Ensure there are no Security Groups not being used.", - "types": [ - "Infrastructure Security" - ], - "uid": "prowler-aws-ec2_securitygroup_not_used-211203495394-eu-west-1-sg-0a8033bb48cc40a41" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "ex-vpc-rds20251019183702376100000002", - "metadata": { - "name": "ex-vpc-rds20251019183702376100000002", - "region": "eu-west-1", - "arn": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-0a8033bb48cc40a41", - "id": "sg-0a8033bb48cc40a41", - "vpc_id": "vpc-007d791b9b857543e", - "associated_sgs": [], - "network_interfaces": [ - { - "id": "eni-0b0549e20044315f3", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0c5c806199955154b", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.60", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0c1065c914ddc0b88", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0f63eab8e95aa977f", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.100", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-00e49c1a350a96c62", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-05a60d3e43687578c", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.107", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - } - ], - "ingress_rules": [ - { - "IpProtocol": "tcp", - "FromPort": 5432, - "ToPort": 5432, - "UserIdGroupPairs": [], - "IpRanges": [ - { - "Description": "TLS from VPC", - "CidrIp": "10.0.0.0/16" - } - ], - "Ipv6Ranges": [], - "PrefixListIds": [] - } - ], - "egress_rules": [], - "tags": [ - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - } - ] - } - }, - "group": { - "name": "ec2" - }, - "labels": [ - "GithubOrg:terraform-aws-modules", - "Example:ex-vpc", - "GithubRepo:terraform-aws-vpc" - ], - "name": "sg-0a8033bb48cc40a41", - "type": "AwsEc2SecurityGroup", - "uid": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-0a8033bb48cc40a41" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "List all the security groups and then use the cli to check if they are attached to an instance.", - "references": [ - "https://aws.amazon.com/premiumsupport/knowledge-center/ec2-find-security-group-resources/" - ] - }, - "risk_details": "Having clear definition and scope for Security Groups creates a better administration environment.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Security group ex-rds-20251019171856241300000005 (sg-0c3aaf7337434df0c) it is not being used.", - "metadata": { - "event_code": "ec2_securitygroup_not_used", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "Security group ex-rds-20251019171856241300000005 (sg-0c3aaf7337434df0c) it is not being used.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.com.1.aws.sg.3" - ], - "AWS-Foundational-Technical-Review": [ - "NETSEC-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2" - ], - "AWS-Foundational-Security-Best-Practices": [ - "EC2.22" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP03" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "KISA-ISMS-P-2023": [ - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure there are no Security Groups not being used.", - "title": "Ensure there are no Security Groups not being used.", - "types": [ - "Infrastructure Security" - ], - "uid": "prowler-aws-ec2_securitygroup_not_used-211203495394-eu-west-1-sg-0c3aaf7337434df0c" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "ex-rds-20251019171856241300000005", - "metadata": { - "name": "ex-rds-20251019171856241300000005", - "region": "eu-west-1", - "arn": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-0c3aaf7337434df0c", - "id": "sg-0c3aaf7337434df0c", - "vpc_id": "vpc-0db221deba515d6c7", - "associated_sgs": [], - "network_interfaces": [], - "ingress_rules": [ - { - "IpProtocol": "tcp", - "FromPort": 5432, - "ToPort": 5432, - "UserIdGroupPairs": [], - "IpRanges": [ - { - "CidrIp": "10.0.3.0/24" - }, - { - "CidrIp": "10.0.4.0/24" - }, - { - "CidrIp": "10.0.5.0/24" - } - ], - "Ipv6Ranges": [], - "PrefixListIds": [] - } - ], - "egress_rules": [ - { - "IpProtocol": "tcp", - "FromPort": 5432, - "ToPort": 5432, - "UserIdGroupPairs": [], - "IpRanges": [ - { - "Description": "Egress to corporate printer closet", - "CidrIp": "10.33.0.0/28" - } - ], - "Ipv6Ranges": [], - "PrefixListIds": [] - } - ], - "tags": [ - { - "Key": "Name", - "Value": "ex-rds" - }, - { - "Key": "Example", - "Value": "ex-rds" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-rds-aurora" - } - ] - } - }, - "group": { - "name": "ec2" - }, - "labels": [ - "Name:ex-rds", - "Example:ex-rds", - "GithubOrg:terraform-aws-modules", - "GithubRepo:terraform-aws-rds-aurora" - ], - "name": "sg-0c3aaf7337434df0c", - "type": "AwsEc2SecurityGroup", - "uid": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-0c3aaf7337434df0c" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "List all the security groups and then use the cli to check if they are attached to an instance.", - "references": [ - "https://aws.amazon.com/premiumsupport/knowledge-center/ec2-find-security-group-resources/" - ] - }, - "risk_details": "Having clear definition and scope for Security Groups creates a better administration environment.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Security group ex-vpc-vpc-endpoints-20251019183704849500000005 (sg-029c322294e89e3d0) has 1 inbound rules and 0 outbound rules.", - "metadata": { - "event_code": "ec2_securitygroup_with_many_ingress_egress_rules", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Security group ex-vpc-vpc-endpoints-20251019183704849500000005 (sg-029c322294e89e3d0) has 1 inbound rules and 0 outbound rules.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "AWS-Foundational-Technical-Review": [ - "NETSEC-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP03" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "KISA-ISMS-P-2023": [ - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Find security groups with more than 50 ingress or egress rules.", - "title": "Find security groups with more than 50 ingress or egress rules.", - "types": [ - "Infrastructure Security" - ], - "uid": "prowler-aws-ec2_securitygroup_with_many_ingress_egress_rules-211203495394-eu-west-1-sg-029c322294e89e3d0" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "ex-vpc-vpc-endpoints-20251019183704849500000005", - "metadata": { - "name": "ex-vpc-vpc-endpoints-20251019183704849500000005", - "region": "eu-west-1", - "arn": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-029c322294e89e3d0", - "id": "sg-029c322294e89e3d0", - "vpc_id": "vpc-007d791b9b857543e", - "associated_sgs": [], - "network_interfaces": [ - { - "id": "eni-0b0549e20044315f3", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0c5c806199955154b", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.60", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0cc527ecbe7a26eaf", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0fbed747547fe0b21", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.9", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0cd4fcd4819d5a0b7", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-01492c978b95da32f", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.10", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0affc8cb976d281e4", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-02d80e2d22cb22d04", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.178", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0fa50413d12043097", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0c9f85f08db46cc47", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.143", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0ab252a7dc8378f9e", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-09dd4c839f588ef37", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.180", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0c1065c914ddc0b88", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0f63eab8e95aa977f", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.100", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0d52b90c56c30aaaf", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0543d816a10754034", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.10", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0b032bdd6415e28d2", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-069213b1daba0d2fa", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.130", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0412563bcfde47c07", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0a5da01736971c566", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.10", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-00e49c1a350a96c62", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-05a60d3e43687578c", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.107", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0eee78be32276dc65", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0cce8dafaabedfaa6", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.114", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - } - ], - "ingress_rules": [ - { - "IpProtocol": "tcp", - "FromPort": 443, - "ToPort": 443, - "UserIdGroupPairs": [], - "IpRanges": [ - { - "Description": "HTTPS from VPC", - "CidrIp": "10.0.0.0/16" - } - ], - "Ipv6Ranges": [], - "PrefixListIds": [] - } - ], - "egress_rules": [], - "tags": [ - { - "Key": "Project", - "Value": "Secret" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Name", - "Value": "ex-vpc-vpc-endpoints-" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Endpoint", - "Value": "true" - }, - { - "Key": "Example", - "Value": "ex-vpc" - } - ] - } - }, - "group": { - "name": "ec2" - }, - "labels": [ - "Project:Secret", - "GithubOrg:terraform-aws-modules", - "Name:ex-vpc-vpc-endpoints-", - "GithubRepo:terraform-aws-vpc", - "Endpoint:true", - "Example:ex-vpc" - ], - "name": "sg-029c322294e89e3d0", - "type": "AwsEc2SecurityGroup", - "uid": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-029c322294e89e3d0" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", - "references": [ - "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" - ] - }, - "risk_details": "If Security groups are not properly configured the attack surface is increased.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Security group default (sg-0be54092870e08359) has 1 inbound rules and 1 outbound rules.", - "metadata": { - "event_code": "ec2_securitygroup_with_many_ingress_egress_rules", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Security group default (sg-0be54092870e08359) has 1 inbound rules and 1 outbound rules.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "AWS-Foundational-Technical-Review": [ - "NETSEC-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP03" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "KISA-ISMS-P-2023": [ - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Find security groups with more than 50 ingress or egress rules.", - "title": "Find security groups with more than 50 ingress or egress rules.", - "types": [ - "Infrastructure Security" - ], - "uid": "prowler-aws-ec2_securitygroup_with_many_ingress_egress_rules-211203495394-eu-west-1-sg-0be54092870e08359" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "default", - "metadata": { - "name": "default", - "region": "eu-west-1", - "arn": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-0be54092870e08359", - "id": "sg-0be54092870e08359", - "vpc_id": "vpc-007d791b9b857543e", - "associated_sgs": [ - "sg-0be54092870e08359" - ], - "network_interfaces": [], - "ingress_rules": [ - { - "IpProtocol": "-1", - "UserIdGroupPairs": [ - { - "UserId": "211203495394", - "GroupId": "sg-0be54092870e08359" - } - ], - "IpRanges": [], - "Ipv6Ranges": [], - "PrefixListIds": [] - } - ], - "egress_rules": [ - { - "IpProtocol": "-1", - "UserIdGroupPairs": [], - "IpRanges": [ - { - "CidrIp": "0.0.0.0/0" - } - ], - "Ipv6Ranges": [], - "PrefixListIds": [] - } - ], - "tags": null - } - }, - "group": { - "name": "ec2" - }, - "labels": [], - "name": "sg-0be54092870e08359", - "type": "AwsEc2SecurityGroup", - "uid": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-0be54092870e08359" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", - "references": [ - "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" - ] - }, - "risk_details": "If Security groups are not properly configured the attack surface is increased.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Security group ex-vpc-rds20251019183702376100000002 (sg-0a8033bb48cc40a41) has 1 inbound rules and 0 outbound rules.", - "metadata": { - "event_code": "ec2_securitygroup_with_many_ingress_egress_rules", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Security group ex-vpc-rds20251019183702376100000002 (sg-0a8033bb48cc40a41) has 1 inbound rules and 0 outbound rules.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "AWS-Foundational-Technical-Review": [ - "NETSEC-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP03" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "KISA-ISMS-P-2023": [ - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Find security groups with more than 50 ingress or egress rules.", - "title": "Find security groups with more than 50 ingress or egress rules.", - "types": [ - "Infrastructure Security" - ], - "uid": "prowler-aws-ec2_securitygroup_with_many_ingress_egress_rules-211203495394-eu-west-1-sg-0a8033bb48cc40a41" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "ex-vpc-rds20251019183702376100000002", - "metadata": { - "name": "ex-vpc-rds20251019183702376100000002", - "region": "eu-west-1", - "arn": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-0a8033bb48cc40a41", - "id": "sg-0a8033bb48cc40a41", - "vpc_id": "vpc-007d791b9b857543e", - "associated_sgs": [], - "network_interfaces": [ - { - "id": "eni-0b0549e20044315f3", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0c5c806199955154b", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.2.60", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0065b4be93c6e8110", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-0c1065c914ddc0b88", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-0f63eab8e95aa977f", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.1.100", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-094260cca8a477871", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - }, - { - "id": "eni-00e49c1a350a96c62", - "association": {}, - "attachment": { - "attachment_id": "ela-attach-05a60d3e43687578c", - "instance_id": "", - "instance_owner_id": "amazon-aws", - "status": "attached" - }, - "private_ip": "10.0.0.107", - "public_ip_addresses": [], - "type": "vpc_endpoint", - "subnet_id": "subnet-0916ac2a0e7ef95cf", - "vpc_id": "vpc-007d791b9b857543e", - "region": "eu-west-1", - "tags": [] - } - ], - "ingress_rules": [ - { - "IpProtocol": "tcp", - "FromPort": 5432, - "ToPort": 5432, - "UserIdGroupPairs": [], - "IpRanges": [ - { - "Description": "TLS from VPC", - "CidrIp": "10.0.0.0/16" - } - ], - "Ipv6Ranges": [], - "PrefixListIds": [] - } - ], - "egress_rules": [], - "tags": [ - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - } - ] - } - }, - "group": { - "name": "ec2" - }, - "labels": [ - "GithubOrg:terraform-aws-modules", - "Example:ex-vpc", - "GithubRepo:terraform-aws-vpc" - ], - "name": "sg-0a8033bb48cc40a41", - "type": "AwsEc2SecurityGroup", - "uid": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-0a8033bb48cc40a41" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", - "references": [ - "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" - ] - }, - "risk_details": "If Security groups are not properly configured the attack surface is increased.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Security group ex-rds-20251019171856241300000005 (sg-0c3aaf7337434df0c) has 1 inbound rules and 1 outbound rules.", - "metadata": { - "event_code": "ec2_securitygroup_with_many_ingress_egress_rules", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Security group ex-rds-20251019171856241300000005 (sg-0c3aaf7337434df0c) has 1 inbound rules and 1 outbound rules.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "AWS-Foundational-Technical-Review": [ - "NETSEC-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP03" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "KISA-ISMS-P-2023": [ - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Find security groups with more than 50 ingress or egress rules.", - "title": "Find security groups with more than 50 ingress or egress rules.", - "types": [ - "Infrastructure Security" - ], - "uid": "prowler-aws-ec2_securitygroup_with_many_ingress_egress_rules-211203495394-eu-west-1-sg-0c3aaf7337434df0c" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "ex-rds-20251019171856241300000005", - "metadata": { - "name": "ex-rds-20251019171856241300000005", - "region": "eu-west-1", - "arn": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-0c3aaf7337434df0c", - "id": "sg-0c3aaf7337434df0c", - "vpc_id": "vpc-0db221deba515d6c7", - "associated_sgs": [], - "network_interfaces": [], - "ingress_rules": [ - { - "IpProtocol": "tcp", - "FromPort": 5432, - "ToPort": 5432, - "UserIdGroupPairs": [], - "IpRanges": [ - { - "CidrIp": "10.0.3.0/24" - }, - { - "CidrIp": "10.0.4.0/24" - }, - { - "CidrIp": "10.0.5.0/24" - } - ], - "Ipv6Ranges": [], - "PrefixListIds": [] - } - ], - "egress_rules": [ - { - "IpProtocol": "tcp", - "FromPort": 5432, - "ToPort": 5432, - "UserIdGroupPairs": [], - "IpRanges": [ - { - "Description": "Egress to corporate printer closet", - "CidrIp": "10.33.0.0/28" - } - ], - "Ipv6Ranges": [], - "PrefixListIds": [] - } - ], - "tags": [ - { - "Key": "Name", - "Value": "ex-rds" - }, - { - "Key": "Example", - "Value": "ex-rds" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-rds-aurora" - } - ] - } - }, - "group": { - "name": "ec2" - }, - "labels": [ - "Name:ex-rds", - "Example:ex-rds", - "GithubOrg:terraform-aws-modules", - "GithubRepo:terraform-aws-rds-aurora" - ], - "name": "sg-0c3aaf7337434df0c", - "type": "AwsEc2SecurityGroup", - "uid": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-0c3aaf7337434df0c" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", - "references": [ - "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" - ] - }, - "risk_details": "If Security groups are not properly configured the attack surface is increased.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Security group default (sg-098d463ddc66b09b5) has 0 inbound rules and 0 outbound rules.", - "metadata": { - "event_code": "ec2_securitygroup_with_many_ingress_egress_rules", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Security group default (sg-098d463ddc66b09b5) has 0 inbound rules and 0 outbound rules.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "AWS-Foundational-Technical-Review": [ - "NETSEC-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP03" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "KISA-ISMS-P-2023": [ - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Find security groups with more than 50 ingress or egress rules.", - "title": "Find security groups with more than 50 ingress or egress rules.", - "types": [ - "Infrastructure Security" - ], - "uid": "prowler-aws-ec2_securitygroup_with_many_ingress_egress_rules-211203495394-eu-west-1-sg-098d463ddc66b09b5" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "default", - "metadata": { - "name": "default", - "region": "eu-west-1", - "arn": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-098d463ddc66b09b5", - "id": "sg-098d463ddc66b09b5", - "vpc_id": "vpc-0db221deba515d6c7", - "associated_sgs": [], - "network_interfaces": [], - "ingress_rules": [], - "egress_rules": [], - "tags": [ - { - "Key": "Example", - "Value": "ex-rds" - }, - { - "Key": "Name", - "Value": "ex-rds-default" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-rds-aurora" - } - ] - } - }, - "group": { - "name": "ec2" - }, - "labels": [ - "Example:ex-rds", - "Name:ex-rds-default", - "GithubOrg:terraform-aws-modules", - "GithubRepo:terraform-aws-rds-aurora" - ], - "name": "sg-098d463ddc66b09b5", - "type": "AwsEc2SecurityGroup", - "uid": "arn:aws:ec2:eu-west-1:211203495394:security-group/sg-098d463ddc66b09b5" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.", - "references": [ - "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" - ] - }, - "risk_details": "If Security groups are not properly configured the attack surface is increased.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default does not allow cross-account access.", - "metadata": { - "event_code": "eventbridge_bus_cross_account_access", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default does not allow cross-account access.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OPS-13.03AC", - "IAM-10.01B", - "COS-04.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "CCC": [ - "CCC.Core.CN05.AR03" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "title": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "types": [], - "uid": "prowler-aws-eventbridge_bus_cross_account_access-211203495394-ap-northeast-1-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-northeast-1", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:ap-northeast-1:211203495394:event-bus/default", - "region": "ap-northeast-1", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:ap-northeast-1:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-northeast-1" - }, - "remediation": { - "desc": "To remediate this issue, remove the unknown cross-account access for delivery of events from the AWS EventBridge event bus.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If an AWS EventBridge event bus allows unknown cross-account access for delivery of events, it can lead to unauthorized access to the event bus and its events.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default does not allow cross-account access.", - "metadata": { - "event_code": "eventbridge_bus_cross_account_access", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default does not allow cross-account access.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OPS-13.03AC", - "IAM-10.01B", - "COS-04.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "CCC": [ - "CCC.Core.CN05.AR03" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "title": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "types": [], - "uid": "prowler-aws-eventbridge_bus_cross_account_access-211203495394-ap-northeast-2-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-northeast-2", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:ap-northeast-2:211203495394:event-bus/default", - "region": "ap-northeast-2", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:ap-northeast-2:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-northeast-2" - }, - "remediation": { - "desc": "To remediate this issue, remove the unknown cross-account access for delivery of events from the AWS EventBridge event bus.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If an AWS EventBridge event bus allows unknown cross-account access for delivery of events, it can lead to unauthorized access to the event bus and its events.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default does not allow cross-account access.", - "metadata": { - "event_code": "eventbridge_bus_cross_account_access", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default does not allow cross-account access.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OPS-13.03AC", - "IAM-10.01B", - "COS-04.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "CCC": [ - "CCC.Core.CN05.AR03" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "title": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "types": [], - "uid": "prowler-aws-eventbridge_bus_cross_account_access-211203495394-ap-northeast-3-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-northeast-3", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:ap-northeast-3:211203495394:event-bus/default", - "region": "ap-northeast-3", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:ap-northeast-3:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-northeast-3" - }, - "remediation": { - "desc": "To remediate this issue, remove the unknown cross-account access for delivery of events from the AWS EventBridge event bus.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If an AWS EventBridge event bus allows unknown cross-account access for delivery of events, it can lead to unauthorized access to the event bus and its events.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default does not allow cross-account access.", - "metadata": { - "event_code": "eventbridge_bus_cross_account_access", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default does not allow cross-account access.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OPS-13.03AC", - "IAM-10.01B", - "COS-04.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "CCC": [ - "CCC.Core.CN05.AR03" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "title": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "types": [], - "uid": "prowler-aws-eventbridge_bus_cross_account_access-211203495394-ap-south-1-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-south-1", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:ap-south-1:211203495394:event-bus/default", - "region": "ap-south-1", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:ap-south-1:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-south-1" - }, - "remediation": { - "desc": "To remediate this issue, remove the unknown cross-account access for delivery of events from the AWS EventBridge event bus.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If an AWS EventBridge event bus allows unknown cross-account access for delivery of events, it can lead to unauthorized access to the event bus and its events.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default does not allow cross-account access.", - "metadata": { - "event_code": "eventbridge_bus_cross_account_access", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default does not allow cross-account access.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OPS-13.03AC", - "IAM-10.01B", - "COS-04.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "CCC": [ - "CCC.Core.CN05.AR03" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "title": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "types": [], - "uid": "prowler-aws-eventbridge_bus_cross_account_access-211203495394-ap-southeast-1-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-southeast-1", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:ap-southeast-1:211203495394:event-bus/default", - "region": "ap-southeast-1", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:ap-southeast-1:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-southeast-1" - }, - "remediation": { - "desc": "To remediate this issue, remove the unknown cross-account access for delivery of events from the AWS EventBridge event bus.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If an AWS EventBridge event bus allows unknown cross-account access for delivery of events, it can lead to unauthorized access to the event bus and its events.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default does not allow cross-account access.", - "metadata": { - "event_code": "eventbridge_bus_cross_account_access", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default does not allow cross-account access.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OPS-13.03AC", - "IAM-10.01B", - "COS-04.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "CCC": [ - "CCC.Core.CN05.AR03" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "title": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "types": [], - "uid": "prowler-aws-eventbridge_bus_cross_account_access-211203495394-ap-southeast-2-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-southeast-2", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:ap-southeast-2:211203495394:event-bus/default", - "region": "ap-southeast-2", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:ap-southeast-2:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-southeast-2" - }, - "remediation": { - "desc": "To remediate this issue, remove the unknown cross-account access for delivery of events from the AWS EventBridge event bus.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If an AWS EventBridge event bus allows unknown cross-account access for delivery of events, it can lead to unauthorized access to the event bus and its events.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default does not allow cross-account access.", - "metadata": { - "event_code": "eventbridge_bus_cross_account_access", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default does not allow cross-account access.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OPS-13.03AC", - "IAM-10.01B", - "COS-04.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "CCC": [ - "CCC.Core.CN05.AR03" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "title": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "types": [], - "uid": "prowler-aws-eventbridge_bus_cross_account_access-211203495394-ca-central-1-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ca-central-1", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:ca-central-1:211203495394:event-bus/default", - "region": "ca-central-1", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:ca-central-1:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ca-central-1" - }, - "remediation": { - "desc": "To remediate this issue, remove the unknown cross-account access for delivery of events from the AWS EventBridge event bus.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If an AWS EventBridge event bus allows unknown cross-account access for delivery of events, it can lead to unauthorized access to the event bus and its events.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default does not allow cross-account access.", - "metadata": { - "event_code": "eventbridge_bus_cross_account_access", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default does not allow cross-account access.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OPS-13.03AC", - "IAM-10.01B", - "COS-04.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "CCC": [ - "CCC.Core.CN05.AR03" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "title": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "types": [], - "uid": "prowler-aws-eventbridge_bus_cross_account_access-211203495394-eu-central-1-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-central-1", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:eu-central-1:211203495394:event-bus/default", - "region": "eu-central-1", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:eu-central-1:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-central-1" - }, - "remediation": { - "desc": "To remediate this issue, remove the unknown cross-account access for delivery of events from the AWS EventBridge event bus.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If an AWS EventBridge event bus allows unknown cross-account access for delivery of events, it can lead to unauthorized access to the event bus and its events.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default does not allow cross-account access.", - "metadata": { - "event_code": "eventbridge_bus_cross_account_access", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default does not allow cross-account access.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OPS-13.03AC", - "IAM-10.01B", - "COS-04.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "CCC": [ - "CCC.Core.CN05.AR03" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "title": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "types": [], - "uid": "prowler-aws-eventbridge_bus_cross_account_access-211203495394-eu-north-1-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-north-1", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:eu-north-1:211203495394:event-bus/default", - "region": "eu-north-1", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:eu-north-1:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-north-1" - }, - "remediation": { - "desc": "To remediate this issue, remove the unknown cross-account access for delivery of events from the AWS EventBridge event bus.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If an AWS EventBridge event bus allows unknown cross-account access for delivery of events, it can lead to unauthorized access to the event bus and its events.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default does not allow cross-account access.", - "metadata": { - "event_code": "eventbridge_bus_cross_account_access", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default does not allow cross-account access.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OPS-13.03AC", - "IAM-10.01B", - "COS-04.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "CCC": [ - "CCC.Core.CN05.AR03" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "title": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "types": [], - "uid": "prowler-aws-eventbridge_bus_cross_account_access-211203495394-eu-west-1-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:eu-west-1:211203495394:event-bus/default", - "region": "eu-west-1", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:eu-west-1:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "To remediate this issue, remove the unknown cross-account access for delivery of events from the AWS EventBridge event bus.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If an AWS EventBridge event bus allows unknown cross-account access for delivery of events, it can lead to unauthorized access to the event bus and its events.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default does not allow cross-account access.", - "metadata": { - "event_code": "eventbridge_bus_cross_account_access", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default does not allow cross-account access.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OPS-13.03AC", - "IAM-10.01B", - "COS-04.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "CCC": [ - "CCC.Core.CN05.AR03" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "title": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "types": [], - "uid": "prowler-aws-eventbridge_bus_cross_account_access-211203495394-eu-west-2-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-2", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:eu-west-2:211203495394:event-bus/default", - "region": "eu-west-2", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:eu-west-2:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-2" - }, - "remediation": { - "desc": "To remediate this issue, remove the unknown cross-account access for delivery of events from the AWS EventBridge event bus.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If an AWS EventBridge event bus allows unknown cross-account access for delivery of events, it can lead to unauthorized access to the event bus and its events.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default does not allow cross-account access.", - "metadata": { - "event_code": "eventbridge_bus_cross_account_access", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default does not allow cross-account access.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OPS-13.03AC", - "IAM-10.01B", - "COS-04.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "CCC": [ - "CCC.Core.CN05.AR03" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "title": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "types": [], - "uid": "prowler-aws-eventbridge_bus_cross_account_access-211203495394-eu-west-3-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-3", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:eu-west-3:211203495394:event-bus/default", - "region": "eu-west-3", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:eu-west-3:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-3" - }, - "remediation": { - "desc": "To remediate this issue, remove the unknown cross-account access for delivery of events from the AWS EventBridge event bus.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If an AWS EventBridge event bus allows unknown cross-account access for delivery of events, it can lead to unauthorized access to the event bus and its events.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default does not allow cross-account access.", - "metadata": { - "event_code": "eventbridge_bus_cross_account_access", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default does not allow cross-account access.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OPS-13.03AC", - "IAM-10.01B", - "COS-04.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "CCC": [ - "CCC.Core.CN05.AR03" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "title": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "types": [], - "uid": "prowler-aws-eventbridge_bus_cross_account_access-211203495394-sa-east-1-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "sa-east-1", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:sa-east-1:211203495394:event-bus/default", - "region": "sa-east-1", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:sa-east-1:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "sa-east-1" - }, - "remediation": { - "desc": "To remediate this issue, remove the unknown cross-account access for delivery of events from the AWS EventBridge event bus.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If an AWS EventBridge event bus allows unknown cross-account access for delivery of events, it can lead to unauthorized access to the event bus and its events.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default does not allow cross-account access.", - "metadata": { - "event_code": "eventbridge_bus_cross_account_access", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default does not allow cross-account access.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OPS-13.03AC", - "IAM-10.01B", - "COS-04.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "CCC": [ - "CCC.Core.CN05.AR03" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "title": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "types": [], - "uid": "prowler-aws-eventbridge_bus_cross_account_access-211203495394-us-east-1-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:us-east-1:211203495394:event-bus/default", - "region": "us-east-1", - "kms_key_id": null, - "policy": {}, - "tags": [ - { - "Key": "Preexisting", - "Value": "20251012" - } - ] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [ - "Preexisting:20251012" - ], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:us-east-1:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "To remediate this issue, remove the unknown cross-account access for delivery of events from the AWS EventBridge event bus.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If an AWS EventBridge event bus allows unknown cross-account access for delivery of events, it can lead to unauthorized access to the event bus and its events.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default does not allow cross-account access.", - "metadata": { - "event_code": "eventbridge_bus_cross_account_access", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default does not allow cross-account access.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OPS-13.03AC", - "IAM-10.01B", - "COS-04.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "CCC": [ - "CCC.Core.CN05.AR03" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "title": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "types": [], - "uid": "prowler-aws-eventbridge_bus_cross_account_access-211203495394-us-east-2-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-2", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:us-east-2:211203495394:event-bus/default", - "region": "us-east-2", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:us-east-2:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-2" - }, - "remediation": { - "desc": "To remediate this issue, remove the unknown cross-account access for delivery of events from the AWS EventBridge event bus.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If an AWS EventBridge event bus allows unknown cross-account access for delivery of events, it can lead to unauthorized access to the event bus and its events.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default does not allow cross-account access.", - "metadata": { - "event_code": "eventbridge_bus_cross_account_access", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default does not allow cross-account access.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OPS-13.03AC", - "IAM-10.01B", - "COS-04.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "CCC": [ - "CCC.Core.CN05.AR03" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "title": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "types": [], - "uid": "prowler-aws-eventbridge_bus_cross_account_access-211203495394-us-west-1-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-west-1", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:us-west-1:211203495394:event-bus/default", - "region": "us-west-1", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:us-west-1:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-west-1" - }, - "remediation": { - "desc": "To remediate this issue, remove the unknown cross-account access for delivery of events from the AWS EventBridge event bus.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If an AWS EventBridge event bus allows unknown cross-account access for delivery of events, it can lead to unauthorized access to the event bus and its events.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default does not allow cross-account access.", - "metadata": { - "event_code": "eventbridge_bus_cross_account_access", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default does not allow cross-account access.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OPS-13.03AC", - "IAM-10.01B", - "COS-04.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "CCC": [ - "CCC.Core.CN05.AR03" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "title": "Ensure that AWS EventBridge event buses do not allow unknown cross-account access for delivery of events.", - "types": [], - "uid": "prowler-aws-eventbridge_bus_cross_account_access-211203495394-us-west-2-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-west-2", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:us-west-2:211203495394:event-bus/default", - "region": "us-west-2", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:us-west-2:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-west-2" - }, - "remediation": { - "desc": "To remediate this issue, remove the unknown cross-account access for delivery of events from the AWS EventBridge event bus.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If an AWS EventBridge event bus allows unknown cross-account access for delivery of events, it can lead to unauthorized access to the event bus and its events.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default is not exposed to everyone.", - "metadata": { - "event_code": "eventbridge_bus_exposed", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default is not exposed to everyone.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "KISA-ISMS-P-2023-korean": [ - "2.6.2", - "2.10.2" - ], - "ProwlerThreatScore-1.0": [ - "2.3.13" - ], - "KISA-ISMS-P-2023": [ - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure that your AWS EventBridge event bus is not exposed to everyone.", - "title": "Ensure that your AWS EventBridge event bus is not exposed to everyone", - "types": [], - "uid": "prowler-aws-eventbridge_bus_exposed-211203495394-ap-northeast-1-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-northeast-1", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:ap-northeast-1:211203495394:event-bus/default", - "region": "ap-northeast-1", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:ap-northeast-1:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-northeast-1" - }, - "remediation": { - "desc": "To restrict access to your AWS EventBridge event bus, remove the permission that allows everyone to access it.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If your AWS EventBridge event bus is exposed to everyone, unauthorized users can access your event bus and potentially view or modify your events.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default is not exposed to everyone.", - "metadata": { - "event_code": "eventbridge_bus_exposed", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default is not exposed to everyone.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "KISA-ISMS-P-2023-korean": [ - "2.6.2", - "2.10.2" - ], - "ProwlerThreatScore-1.0": [ - "2.3.13" - ], - "KISA-ISMS-P-2023": [ - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure that your AWS EventBridge event bus is not exposed to everyone.", - "title": "Ensure that your AWS EventBridge event bus is not exposed to everyone", - "types": [], - "uid": "prowler-aws-eventbridge_bus_exposed-211203495394-ap-northeast-2-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-northeast-2", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:ap-northeast-2:211203495394:event-bus/default", - "region": "ap-northeast-2", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:ap-northeast-2:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-northeast-2" - }, - "remediation": { - "desc": "To restrict access to your AWS EventBridge event bus, remove the permission that allows everyone to access it.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If your AWS EventBridge event bus is exposed to everyone, unauthorized users can access your event bus and potentially view or modify your events.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default is not exposed to everyone.", - "metadata": { - "event_code": "eventbridge_bus_exposed", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default is not exposed to everyone.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "KISA-ISMS-P-2023-korean": [ - "2.6.2", - "2.10.2" - ], - "ProwlerThreatScore-1.0": [ - "2.3.13" - ], - "KISA-ISMS-P-2023": [ - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure that your AWS EventBridge event bus is not exposed to everyone.", - "title": "Ensure that your AWS EventBridge event bus is not exposed to everyone", - "types": [], - "uid": "prowler-aws-eventbridge_bus_exposed-211203495394-ap-northeast-3-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-northeast-3", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:ap-northeast-3:211203495394:event-bus/default", - "region": "ap-northeast-3", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:ap-northeast-3:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-northeast-3" - }, - "remediation": { - "desc": "To restrict access to your AWS EventBridge event bus, remove the permission that allows everyone to access it.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If your AWS EventBridge event bus is exposed to everyone, unauthorized users can access your event bus and potentially view or modify your events.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default is not exposed to everyone.", - "metadata": { - "event_code": "eventbridge_bus_exposed", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default is not exposed to everyone.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "KISA-ISMS-P-2023-korean": [ - "2.6.2", - "2.10.2" - ], - "ProwlerThreatScore-1.0": [ - "2.3.13" - ], - "KISA-ISMS-P-2023": [ - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure that your AWS EventBridge event bus is not exposed to everyone.", - "title": "Ensure that your AWS EventBridge event bus is not exposed to everyone", - "types": [], - "uid": "prowler-aws-eventbridge_bus_exposed-211203495394-ap-south-1-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-south-1", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:ap-south-1:211203495394:event-bus/default", - "region": "ap-south-1", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:ap-south-1:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-south-1" - }, - "remediation": { - "desc": "To restrict access to your AWS EventBridge event bus, remove the permission that allows everyone to access it.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If your AWS EventBridge event bus is exposed to everyone, unauthorized users can access your event bus and potentially view or modify your events.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default is not exposed to everyone.", - "metadata": { - "event_code": "eventbridge_bus_exposed", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default is not exposed to everyone.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "KISA-ISMS-P-2023-korean": [ - "2.6.2", - "2.10.2" - ], - "ProwlerThreatScore-1.0": [ - "2.3.13" - ], - "KISA-ISMS-P-2023": [ - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure that your AWS EventBridge event bus is not exposed to everyone.", - "title": "Ensure that your AWS EventBridge event bus is not exposed to everyone", - "types": [], - "uid": "prowler-aws-eventbridge_bus_exposed-211203495394-ap-southeast-1-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-southeast-1", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:ap-southeast-1:211203495394:event-bus/default", - "region": "ap-southeast-1", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:ap-southeast-1:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-southeast-1" - }, - "remediation": { - "desc": "To restrict access to your AWS EventBridge event bus, remove the permission that allows everyone to access it.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If your AWS EventBridge event bus is exposed to everyone, unauthorized users can access your event bus and potentially view or modify your events.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default is not exposed to everyone.", - "metadata": { - "event_code": "eventbridge_bus_exposed", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default is not exposed to everyone.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "KISA-ISMS-P-2023-korean": [ - "2.6.2", - "2.10.2" - ], - "ProwlerThreatScore-1.0": [ - "2.3.13" - ], - "KISA-ISMS-P-2023": [ - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure that your AWS EventBridge event bus is not exposed to everyone.", - "title": "Ensure that your AWS EventBridge event bus is not exposed to everyone", - "types": [], - "uid": "prowler-aws-eventbridge_bus_exposed-211203495394-ap-southeast-2-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ap-southeast-2", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:ap-southeast-2:211203495394:event-bus/default", - "region": "ap-southeast-2", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:ap-southeast-2:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ap-southeast-2" - }, - "remediation": { - "desc": "To restrict access to your AWS EventBridge event bus, remove the permission that allows everyone to access it.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If your AWS EventBridge event bus is exposed to everyone, unauthorized users can access your event bus and potentially view or modify your events.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default is not exposed to everyone.", - "metadata": { - "event_code": "eventbridge_bus_exposed", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default is not exposed to everyone.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "KISA-ISMS-P-2023-korean": [ - "2.6.2", - "2.10.2" - ], - "ProwlerThreatScore-1.0": [ - "2.3.13" - ], - "KISA-ISMS-P-2023": [ - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure that your AWS EventBridge event bus is not exposed to everyone.", - "title": "Ensure that your AWS EventBridge event bus is not exposed to everyone", - "types": [], - "uid": "prowler-aws-eventbridge_bus_exposed-211203495394-ca-central-1-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "ca-central-1", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:ca-central-1:211203495394:event-bus/default", - "region": "ca-central-1", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:ca-central-1:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "ca-central-1" - }, - "remediation": { - "desc": "To restrict access to your AWS EventBridge event bus, remove the permission that allows everyone to access it.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If your AWS EventBridge event bus is exposed to everyone, unauthorized users can access your event bus and potentially view or modify your events.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default is not exposed to everyone.", - "metadata": { - "event_code": "eventbridge_bus_exposed", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default is not exposed to everyone.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "KISA-ISMS-P-2023-korean": [ - "2.6.2", - "2.10.2" - ], - "ProwlerThreatScore-1.0": [ - "2.3.13" - ], - "KISA-ISMS-P-2023": [ - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure that your AWS EventBridge event bus is not exposed to everyone.", - "title": "Ensure that your AWS EventBridge event bus is not exposed to everyone", - "types": [], - "uid": "prowler-aws-eventbridge_bus_exposed-211203495394-eu-central-1-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-central-1", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:eu-central-1:211203495394:event-bus/default", - "region": "eu-central-1", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:eu-central-1:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-central-1" - }, - "remediation": { - "desc": "To restrict access to your AWS EventBridge event bus, remove the permission that allows everyone to access it.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If your AWS EventBridge event bus is exposed to everyone, unauthorized users can access your event bus and potentially view or modify your events.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default is not exposed to everyone.", - "metadata": { - "event_code": "eventbridge_bus_exposed", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default is not exposed to everyone.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "KISA-ISMS-P-2023-korean": [ - "2.6.2", - "2.10.2" - ], - "ProwlerThreatScore-1.0": [ - "2.3.13" - ], - "KISA-ISMS-P-2023": [ - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure that your AWS EventBridge event bus is not exposed to everyone.", - "title": "Ensure that your AWS EventBridge event bus is not exposed to everyone", - "types": [], - "uid": "prowler-aws-eventbridge_bus_exposed-211203495394-eu-north-1-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-north-1", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:eu-north-1:211203495394:event-bus/default", - "region": "eu-north-1", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:eu-north-1:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-north-1" - }, - "remediation": { - "desc": "To restrict access to your AWS EventBridge event bus, remove the permission that allows everyone to access it.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If your AWS EventBridge event bus is exposed to everyone, unauthorized users can access your event bus and potentially view or modify your events.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default is not exposed to everyone.", - "metadata": { - "event_code": "eventbridge_bus_exposed", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default is not exposed to everyone.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "KISA-ISMS-P-2023-korean": [ - "2.6.2", - "2.10.2" - ], - "ProwlerThreatScore-1.0": [ - "2.3.13" - ], - "KISA-ISMS-P-2023": [ - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure that your AWS EventBridge event bus is not exposed to everyone.", - "title": "Ensure that your AWS EventBridge event bus is not exposed to everyone", - "types": [], - "uid": "prowler-aws-eventbridge_bus_exposed-211203495394-eu-west-1-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:eu-west-1:211203495394:event-bus/default", - "region": "eu-west-1", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:eu-west-1:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "To restrict access to your AWS EventBridge event bus, remove the permission that allows everyone to access it.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If your AWS EventBridge event bus is exposed to everyone, unauthorized users can access your event bus and potentially view or modify your events.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default is not exposed to everyone.", - "metadata": { - "event_code": "eventbridge_bus_exposed", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default is not exposed to everyone.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "KISA-ISMS-P-2023-korean": [ - "2.6.2", - "2.10.2" - ], - "ProwlerThreatScore-1.0": [ - "2.3.13" - ], - "KISA-ISMS-P-2023": [ - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure that your AWS EventBridge event bus is not exposed to everyone.", - "title": "Ensure that your AWS EventBridge event bus is not exposed to everyone", - "types": [], - "uid": "prowler-aws-eventbridge_bus_exposed-211203495394-eu-west-2-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-2", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:eu-west-2:211203495394:event-bus/default", - "region": "eu-west-2", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:eu-west-2:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-2" - }, - "remediation": { - "desc": "To restrict access to your AWS EventBridge event bus, remove the permission that allows everyone to access it.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If your AWS EventBridge event bus is exposed to everyone, unauthorized users can access your event bus and potentially view or modify your events.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default is not exposed to everyone.", - "metadata": { - "event_code": "eventbridge_bus_exposed", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default is not exposed to everyone.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "KISA-ISMS-P-2023-korean": [ - "2.6.2", - "2.10.2" - ], - "ProwlerThreatScore-1.0": [ - "2.3.13" - ], - "KISA-ISMS-P-2023": [ - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure that your AWS EventBridge event bus is not exposed to everyone.", - "title": "Ensure that your AWS EventBridge event bus is not exposed to everyone", - "types": [], - "uid": "prowler-aws-eventbridge_bus_exposed-211203495394-eu-west-3-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-3", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:eu-west-3:211203495394:event-bus/default", - "region": "eu-west-3", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:eu-west-3:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-3" - }, - "remediation": { - "desc": "To restrict access to your AWS EventBridge event bus, remove the permission that allows everyone to access it.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If your AWS EventBridge event bus is exposed to everyone, unauthorized users can access your event bus and potentially view or modify your events.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default is not exposed to everyone.", - "metadata": { - "event_code": "eventbridge_bus_exposed", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default is not exposed to everyone.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "KISA-ISMS-P-2023-korean": [ - "2.6.2", - "2.10.2" - ], - "ProwlerThreatScore-1.0": [ - "2.3.13" - ], - "KISA-ISMS-P-2023": [ - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure that your AWS EventBridge event bus is not exposed to everyone.", - "title": "Ensure that your AWS EventBridge event bus is not exposed to everyone", - "types": [], - "uid": "prowler-aws-eventbridge_bus_exposed-211203495394-sa-east-1-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "sa-east-1", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:sa-east-1:211203495394:event-bus/default", - "region": "sa-east-1", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:sa-east-1:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "sa-east-1" - }, - "remediation": { - "desc": "To restrict access to your AWS EventBridge event bus, remove the permission that allows everyone to access it.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If your AWS EventBridge event bus is exposed to everyone, unauthorized users can access your event bus and potentially view or modify your events.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default is not exposed to everyone.", - "metadata": { - "event_code": "eventbridge_bus_exposed", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default is not exposed to everyone.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "KISA-ISMS-P-2023-korean": [ - "2.6.2", - "2.10.2" - ], - "ProwlerThreatScore-1.0": [ - "2.3.13" - ], - "KISA-ISMS-P-2023": [ - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure that your AWS EventBridge event bus is not exposed to everyone.", - "title": "Ensure that your AWS EventBridge event bus is not exposed to everyone", - "types": [], - "uid": "prowler-aws-eventbridge_bus_exposed-211203495394-us-east-1-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:us-east-1:211203495394:event-bus/default", - "region": "us-east-1", - "kms_key_id": null, - "policy": {}, - "tags": [ - { - "Key": "Preexisting", - "Value": "20251012" - } - ] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [ - "Preexisting:20251012" - ], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:us-east-1:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "To restrict access to your AWS EventBridge event bus, remove the permission that allows everyone to access it.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If your AWS EventBridge event bus is exposed to everyone, unauthorized users can access your event bus and potentially view or modify your events.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default is not exposed to everyone.", - "metadata": { - "event_code": "eventbridge_bus_exposed", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default is not exposed to everyone.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "KISA-ISMS-P-2023-korean": [ - "2.6.2", - "2.10.2" - ], - "ProwlerThreatScore-1.0": [ - "2.3.13" - ], - "KISA-ISMS-P-2023": [ - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure that your AWS EventBridge event bus is not exposed to everyone.", - "title": "Ensure that your AWS EventBridge event bus is not exposed to everyone", - "types": [], - "uid": "prowler-aws-eventbridge_bus_exposed-211203495394-us-east-2-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-2", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:us-east-2:211203495394:event-bus/default", - "region": "us-east-2", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:us-east-2:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-2" - }, - "remediation": { - "desc": "To restrict access to your AWS EventBridge event bus, remove the permission that allows everyone to access it.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If your AWS EventBridge event bus is exposed to everyone, unauthorized users can access your event bus and potentially view or modify your events.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default is not exposed to everyone.", - "metadata": { - "event_code": "eventbridge_bus_exposed", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default is not exposed to everyone.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "KISA-ISMS-P-2023-korean": [ - "2.6.2", - "2.10.2" - ], - "ProwlerThreatScore-1.0": [ - "2.3.13" - ], - "KISA-ISMS-P-2023": [ - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure that your AWS EventBridge event bus is not exposed to everyone.", - "title": "Ensure that your AWS EventBridge event bus is not exposed to everyone", - "types": [], - "uid": "prowler-aws-eventbridge_bus_exposed-211203495394-us-west-1-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-west-1", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:us-west-1:211203495394:event-bus/default", - "region": "us-west-1", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:us-west-1:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-west-1" - }, - "remediation": { - "desc": "To restrict access to your AWS EventBridge event bus, remove the permission that allows everyone to access it.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If your AWS EventBridge event bus is exposed to everyone, unauthorized users can access your event bus and potentially view or modify your events.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "EventBridge event bus default is not exposed to everyone.", - "metadata": { - "event_code": "eventbridge_bus_exposed", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "EventBridge event bus default is not exposed to everyone.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CWE_GettingStarted.html", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "KISA-ISMS-P-2023-korean": [ - "2.6.2", - "2.10.2" - ], - "ProwlerThreatScore-1.0": [ - "2.3.13" - ], - "KISA-ISMS-P-2023": [ - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure that your AWS EventBridge event bus is not exposed to everyone.", - "title": "Ensure that your AWS EventBridge event bus is not exposed to everyone", - "types": [], - "uid": "prowler-aws-eventbridge_bus_exposed-211203495394-us-west-2-default" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-west-2", - "data": { - "details": "", - "metadata": { - "name": "default", - "arn": "arn:aws:events:us-west-2:211203495394:event-bus/default", - "region": "us-west-2", - "kms_key_id": null, - "policy": {}, - "tags": [] - } - }, - "group": { - "name": "eventbridge" - }, - "labels": [], - "name": "default", - "type": "AwsEventsEventbus", - "uid": "arn:aws:events:us-west-2:211203495394:event-bus/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-west-2" - }, - "remediation": { - "desc": "To restrict access to your AWS EventBridge event bus, remove the permission that allows everyone to access it.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEvents-CrossAccountEventDelivery.html" - ] - }, - "risk_details": "If your AWS EventBridge event bus is exposed to everyone, unauthorized users can access your event bus and potentially view or modify your events.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "FMS without any compliant policy for account 211203495394.", - "metadata": { - "event_code": "fms_policy_compliant", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "FMS without any compliant policy for account 211203495394.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/waf/latest/developerguide/getting-started-fms-intro.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "SP-01.04B", - "HR-01.01B", - "IAM-01.01B", - "IAM-01.04B" - ], - "ENS-RD2022": [ - "mp.com.1.aws.nfw.2" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.1", - "2.10.2" - ], - "KISA-ISMS-P-2023": [ - "2.10.1", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "This check ensures all FMS policies inside an admin account are compliant", - "title": "Ensure that all FMS policies inside an admin account are compliant", - "types": [], - "uid": "prowler-aws-fms_policy_compliant-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "fms" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:fms:us-east-1:211203495394:policy" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Ensure FMS is enabled and all the policies are compliant across your AWS accounts", - "references": [ - "https://docs.aws.amazon.com/waf/latest/developerguide/getting-started-fms-intro.html" - ] - }, - "risk_details": "If FMS policies are not compliant, means there are resources unprotected by the policies", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Root user in the account wasn't accessed in the last 1 days.", - "metadata": { - "event_code": "iam_avoid_root_usage", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Root user in the account wasn't accessed in the last 1 days.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-03.01B", - "IAM-03.03B", - "IAM-06.02B", - "IAM-06.04B" - ], - "CIS-3.0": [ - "1.7" - ], - "ENS-RD2022": [ - "op.acc.2.aws.iam.4", - "op.acc.4.aws.iam.7" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.7" - ], - "CIS-5.0": [ - "1.6" - ], - "CIS-1.4": [ - "1.7" - ], - "CCC": [ - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN05.AR02" - ], - "ProwlerThreatScore-1.0": [ - "1.2.5" - ], - "CIS-1.5": [ - "1.7" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC02-BP01" - ], - "ISO27001-2022": [ - "A.5.15" - ], - "AWS-Account-Security-Onboarding": [ - "Block root user" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.10.2" - ], - "ISO27001-2013": [ - "A.9.2", - "A.9.4" - ], - "MITRE-ATTACK": [ - "T1078", - "T1098" - ], - "CIS-2.0": [ - "1.7" - ], - "NIS2": [ - "6.7.2.e", - "11.3.2.b", - "11.3.2.c", - "11.4.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Avoid the use of the root account", - "title": "Avoid the use of the root accounts", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_avoid_root_usage-211203495394-us-east-1-" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "user": "", - "arn": "arn:aws:iam::211203495394:root", - "user_creation_time": "2025-10-03T16:10:08Z", - "password_enabled": "true", - "password_last_used": "2025-10-15T00:42:44Z", - "password_last_changed": "2025-10-03T16:10:08Z", - "password_next_rotation": "not_supported", - "mfa_active": "true", - "access_key_1_active": "false", - "access_key_1_last_rotated": "N/A", - "access_key_1_last_used_date": "N/A", - "access_key_1_last_used_region": "N/A", - "access_key_1_last_used_service": "N/A", - "access_key_2_active": "false", - "access_key_2_last_rotated": "N/A", - "access_key_2_last_used_date": "N/A", - "access_key_2_last_used_region": "N/A", - "access_key_2_last_used_service": "N/A", - "cert_1_active": "false", - "cert_1_last_rotated": "N/A", - "cert_2_active": "false", - "cert_2_last_rotated": "N/A" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "", - "type": "AwsIamUser", - "uid": "arn:aws:iam::211203495394:root" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Follow the remediation instructions of the Ensure IAM policies are attached only to groups or roles recommendation.", - "references": [ - "http://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html" - ] - }, - "risk_details": "The root account has unrestricted access to all resources in the AWS account. It is highly recommended that the use of this account be avoided.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "AWS policy ElastiCacheServiceRolePolicy is attached but does not allow '*:*' administrative privileges.", - "metadata": { - "event_code": "iam_aws_attached_policy_no_administrative_privileges", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "AWS policy ElastiCacheServiceRolePolicy is attached but does not allow '*:*' administrative privileges.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "CAF Security Epic: IAM", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_1", - "3_1_2", - "3_1_4", - "3_1_5", - "3_1_6", - "3_1_7", - "3_4_6", - "3_13_3" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_1" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_308_a_3_i", - "164_308_a_3_ii_b", - "164_308_a_4_i", - "164_308_a_4_ii_b", - "164_308_a_4_ii_c", - "164_312_a_1" - ], - "SOC2": [ - "cc_1_3", - "cc_6_3" - ], - "C5-2025": [ - "OIS-04.03B", - "OIS-04.01AC", - "SP-01.04B", - "HR-01.01B", - "IAM-01.01B", - "IAM-01.04B" - ], - "NIST-CSF-1.1": [ - "ac_1", - "ac_4", - "pt_3" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-1", - "ac-2-f", - "ac-2-j", - "ac-3", - "ac-5-c", - "ac-6-10", - "ac-6", - "sc-2" - ], - "CIS-3.0": [ - "1.16" - ], - "NIST-800-53-Revision-5": [ - "ac_2_1", - "ac_2_6", - "ac_2_i_2", - "ac_3", - "ac_3_3", - "ac_3_3_a", - "ac_3_3_b_1", - "ac_3_3_b_2", - "ac_3_3_b_3", - "ac_3_3_b_4", - "ac_3_3_b_5", - "ac_3_3_c", - "ac_3_4", - "ac_3_4_a", - "ac_3_4_b", - "ac_3_4_c", - "ac_3_4_d", - "ac_3_4_e", - "ac_3_7", - "ac_3_8", - "ac_3_12_a", - "ac_3_13", - "ac_3_15_a", - "ac_3_15_b", - "ac_4_28", - "ac_5_b", - "ac_6", - "ac_6_2", - "ac_6_3", - "ac_6_10", - "ac_24", - "cm_5_1_a", - "cm_6_a", - "cm_9_b", - "mp_2", - "sc_23_3", - "sc_25" - ], - "ENS-RD2022": [ - "op.acc.4.aws.iam.1", - "op.acc.4.aws.iam.2", - "op.acc.4.aws.iam.9", - "op.exp.8.r4.aws.ct.8" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.16" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "ac-3" - ], - "FFIEC": [ - "d3-pc-am-b-1", - "d3-pc-am-b-16", - "d3-pc-am-b-2", - "d3-pc-am-b-3", - "d3-pc-am-b-6", - "d3-pc-im-b-7" - ], - "GDPR": [ - "article_25" - ], - "CIS-5.0": [ - "1.15" - ], - "CIS-1.4": [ - "1.16" - ], - "CCC": [ - "CCC.LB.CN05.AR01", - "CCC.Core.CN05.AR02" - ], - "GxP-21-CFR-Part-11": [ - "11.10-d", - "11.10-g" - ], - "ProwlerThreatScore-1.0": [ - "1.3.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "IAM.1" - ], - "CIS-1.5": [ - "1.16" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC03-BP02" - ], - "ISO27001-2022": [ - "A.5.18", - "A.8.2" - ], - "NIST-800-53-Revision-4": [ - "ac_2", - "ac_3", - "ac_5", - "ac_6", - "sc_2" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1078", - "T1648", - "T1098", - "T1578", - "T1550", - "T1040", - "T1580", - "T1538", - "T1619", - "T1201" - ], - "CIS-2.0": [ - "1.16" - ], - "CISA": [ - "your-systems-3", - "your-surroundings-3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure IAM AWS-Managed policies that allow full \"*:*\" administrative privileges are not attached", - "title": "Ensure IAM AWS-Managed policies that allow full \"*:*\" administrative privileges are not attached", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_aws_attached_policy_no_administrative_privileges-211203495394-us-east-1-ElastiCacheServiceRolePolicy" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "ElastiCacheServiceRolePolicy", - "arn": "arn:aws:iam::aws:policy/aws-service-role/ElastiCacheServiceRolePolicy", - "entity": "ANPAIML5LIBUZBVCSF7PI", - "version_id": "v4", - "type": "AWS", - "attached": true, - "document": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "ElastiCacheManagementActions", - "Effect": "Allow", - "Action": [ - "ec2:AuthorizeSecurityGroupIngress", - "ec2:CreateNetworkInterface", - "ec2:CreateSecurityGroup", - "ec2:DeleteNetworkInterface", - "ec2:DeleteSecurityGroup", - "ec2:DescribeAvailabilityZones", - "ec2:DescribeNetworkInterfaces", - "ec2:DescribeSecurityGroups", - "ec2:DescribeSubnets", - "ec2:DescribeVpcs", - "ec2:DescribeVpcEndpoints", - "ec2:ModifyNetworkInterfaceAttribute", - "ec2:RevokeSecurityGroupIngress", - "cloudwatch:PutMetricData", - "outposts:GetOutpost", - "outposts:GetOutpostInstanceTypes", - "outposts:ListOutposts", - "outposts:ListSites" - ], - "Resource": "*" - }, - { - "Sid": "CreateDeleteVPCEndpoints", - "Effect": "Allow", - "Action": [ - "ec2:CreateVpcEndpoint", - "ec2:DeleteVpcEndpoints" - ], - "Resource": "arn:aws:ec2:*:*:vpc-endpoint/*", - "Condition": { - "StringLike": { - "ec2:VpceServiceName": "com.amazonaws.elasticache.serverless.*" - } - } - }, - { - "Sid": "TagVPCEndpointsOnCreation", - "Effect": "Allow", - "Action": [ - "ec2:CreateTags" - ], - "Resource": "arn:aws:ec2:*:*:vpc-endpoint/*", - "Condition": { - "StringEquals": { - "ec2:CreateAction": "CreateVpcEndpoint", - "aws:RequestTag/AmazonElastiCacheManaged": "true" - } - } - }, - { - "Sid": "ModifyVpcEndpoints", - "Effect": "Allow", - "Action": [ - "ec2:ModifyVpcEndpoint" - ], - "Resource": "arn:aws:ec2:*:*:vpc-endpoint/*", - "Condition": { - "StringEquals": { - "ec2:ResourceTag/AmazonElastiCacheManaged": "true" - } - } - }, - { - "Sid": "AllowAccessToElastiCacheTaggedVpcEndpoints", - "Effect": "Allow", - "Action": [ - "ec2:CreateVpcEndpoint", - "ec2:ModifyVpcEndpoint" - ], - "NotResource": "arn:aws:ec2:*:*:vpc-endpoint/*" - } - ] - }, - "tags": [] - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "ElastiCacheServiceRolePolicy", - "type": "AwsIamPolicy", - "uid": "arn:aws:iam::aws:policy/aws-service-role/ElastiCacheServiceRolePolicy" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "It is more secure to start with a minimum set of permissions and grant additional permissions as necessary, rather than starting with permissions that are too lenient and then trying to tighten them later. List policies an analyze if permissions are the least possible to conduct business activities.", - "references": [ - "http://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html" - ] - }, - "risk_details": "IAM policies are the means by which privileges are granted to users, groups, or roles. It is recommended and considered a standard security advice to grant least privilegeβ€”that is, granting only the permissions required to perform a task. Determine what users need to do and then craft policies for them that let the users perform only those tasks instead of allowing full administrative privileges. Providing full administrative privileges instead of restricting to the minimum set of permissions that the user is required to do exposes the resources to potentially unwanted actions.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "AWS policy AWSTrustedAdvisorServiceRolePolicy is attached but does not allow '*:*' administrative privileges.", - "metadata": { - "event_code": "iam_aws_attached_policy_no_administrative_privileges", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "AWS policy AWSTrustedAdvisorServiceRolePolicy is attached but does not allow '*:*' administrative privileges.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "CAF Security Epic: IAM", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_1", - "3_1_2", - "3_1_4", - "3_1_5", - "3_1_6", - "3_1_7", - "3_4_6", - "3_13_3" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_1" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_308_a_3_i", - "164_308_a_3_ii_b", - "164_308_a_4_i", - "164_308_a_4_ii_b", - "164_308_a_4_ii_c", - "164_312_a_1" - ], - "SOC2": [ - "cc_1_3", - "cc_6_3" - ], - "C5-2025": [ - "OIS-04.03B", - "OIS-04.01AC", - "SP-01.04B", - "HR-01.01B", - "IAM-01.01B", - "IAM-01.04B" - ], - "NIST-CSF-1.1": [ - "ac_1", - "ac_4", - "pt_3" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-1", - "ac-2-f", - "ac-2-j", - "ac-3", - "ac-5-c", - "ac-6-10", - "ac-6", - "sc-2" - ], - "CIS-3.0": [ - "1.16" - ], - "NIST-800-53-Revision-5": [ - "ac_2_1", - "ac_2_6", - "ac_2_i_2", - "ac_3", - "ac_3_3", - "ac_3_3_a", - "ac_3_3_b_1", - "ac_3_3_b_2", - "ac_3_3_b_3", - "ac_3_3_b_4", - "ac_3_3_b_5", - "ac_3_3_c", - "ac_3_4", - "ac_3_4_a", - "ac_3_4_b", - "ac_3_4_c", - "ac_3_4_d", - "ac_3_4_e", - "ac_3_7", - "ac_3_8", - "ac_3_12_a", - "ac_3_13", - "ac_3_15_a", - "ac_3_15_b", - "ac_4_28", - "ac_5_b", - "ac_6", - "ac_6_2", - "ac_6_3", - "ac_6_10", - "ac_24", - "cm_5_1_a", - "cm_6_a", - "cm_9_b", - "mp_2", - "sc_23_3", - "sc_25" - ], - "ENS-RD2022": [ - "op.acc.4.aws.iam.1", - "op.acc.4.aws.iam.2", - "op.acc.4.aws.iam.9", - "op.exp.8.r4.aws.ct.8" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.16" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "ac-3" - ], - "FFIEC": [ - "d3-pc-am-b-1", - "d3-pc-am-b-16", - "d3-pc-am-b-2", - "d3-pc-am-b-3", - "d3-pc-am-b-6", - "d3-pc-im-b-7" - ], - "GDPR": [ - "article_25" - ], - "CIS-5.0": [ - "1.15" - ], - "CIS-1.4": [ - "1.16" - ], - "CCC": [ - "CCC.LB.CN05.AR01", - "CCC.Core.CN05.AR02" - ], - "GxP-21-CFR-Part-11": [ - "11.10-d", - "11.10-g" - ], - "ProwlerThreatScore-1.0": [ - "1.3.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "IAM.1" - ], - "CIS-1.5": [ - "1.16" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC03-BP02" - ], - "ISO27001-2022": [ - "A.5.18", - "A.8.2" - ], - "NIST-800-53-Revision-4": [ - "ac_2", - "ac_3", - "ac_5", - "ac_6", - "sc_2" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1078", - "T1648", - "T1098", - "T1578", - "T1550", - "T1040", - "T1580", - "T1538", - "T1619", - "T1201" - ], - "CIS-2.0": [ - "1.16" - ], - "CISA": [ - "your-systems-3", - "your-surroundings-3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure IAM AWS-Managed policies that allow full \"*:*\" administrative privileges are not attached", - "title": "Ensure IAM AWS-Managed policies that allow full \"*:*\" administrative privileges are not attached", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_aws_attached_policy_no_administrative_privileges-211203495394-us-east-1-AWSTrustedAdvisorServiceRolePolicy" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "AWSTrustedAdvisorServiceRolePolicy", - "arn": "arn:aws:iam::aws:policy/aws-service-role/AWSTrustedAdvisorServiceRolePolicy", - "entity": "ANPAJH4QJ2WMHBOB47BUE", - "version_id": "v14", - "type": "AWS", - "attached": true, - "document": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "TrustedAdvisorServiceRolePermissions", - "Effect": "Allow", - "Action": [ - "access-analyzer:ListAnalyzers", - "autoscaling:DescribeAccountLimits", - "autoscaling:DescribeAutoScalingGroups", - "autoscaling:DescribeLaunchConfigurations", - "ce:GetReservationPurchaseRecommendation", - "ce:GetSavingsPlansPurchaseRecommendation", - "cloudformation:DescribeAccountLimits", - "cloudformation:DescribeStacks", - "cloudformation:ListStacks", - "cloudfront:ListDistributions", - "cloudtrail:DescribeTrails", - "cloudtrail:GetTrailStatus", - "cloudtrail:GetTrail", - "cloudtrail:ListTrails", - "cloudtrail:GetEventSelectors", - "cloudwatch:GetMetricStatistics", - "cloudwatch:ListMetrics", - "dax:DescribeClusters", - "dynamodb:DescribeLimits", - "dynamodb:DescribeTable", - "dynamodb:ListTables", - "ec2:DescribeAddresses", - "ec2:DescribeReservedInstances", - "ec2:DescribeInstances", - "ec2:DescribeVpcs", - "ec2:DescribeInternetGateways", - "ec2:DescribeImages", - "ec2:DescribeNatGateways", - "ec2:DescribeVolumes", - "ec2:DescribeSecurityGroups", - "ec2:DescribeSubnets", - "ec2:DescribeRegions", - "ec2:DescribeReservedInstancesOfferings", - "ec2:DescribeRouteTables", - "ec2:DescribeSnapshots", - "ec2:DescribeVpcEndpoints", - "ec2:DescribeVpnConnections", - "ec2:DescribeVpnGateways", - "ec2:DescribeLaunchTemplateVersions", - "ec2:GetManagedPrefixListEntries", - "ecs:DescribeTaskDefinition", - "ecs:ListTaskDefinitions", - "elasticloadbalancing:DescribeAccountLimits", - "elasticloadbalancing:DescribeInstanceHealth", - "elasticloadbalancing:DescribeLoadBalancerAttributes", - "elasticloadbalancing:DescribeLoadBalancerPolicies", - "elasticloadbalancing:DescribeLoadBalancerPolicyTypes", - "elasticloadbalancing:DescribeLoadBalancers", - "elasticloadbalancing:DescribeListeners", - "elasticloadbalancing:DescribeRules", - "elasticloadbalancing:DescribeTargetGroups", - "elasticloadbalancing:DescribeTargetHealth", - "iam:GenerateCredentialReport", - "iam:GetAccountPasswordPolicy", - "iam:GetAccountSummary", - "iam:GetCredentialReport", - "iam:GetServerCertificate", - "iam:ListServerCertificates", - "iam:ListSAMLProviders", - "kinesis:DescribeLimits", - "kafka:DescribeClusterV2", - "kafka:ListClustersV2", - "kafka:ListNodes", - "network-firewall:ListFirewalls", - "network-firewall:DescribeFirewall", - "outposts:ListAssets", - "outposts:GetOutpost", - "outposts:ListOutposts", - "rds:DescribeAccountAttributes", - "rds:DescribeDBClusters", - "rds:DescribeDBEngineVersions", - "rds:DescribeDBInstances", - "rds:DescribeDBParameterGroups", - "rds:DescribeDBParameters", - "rds:DescribeDBSecurityGroups", - "rds:DescribeDBSnapshots", - "rds:DescribeDBSubnetGroups", - "rds:DescribeEngineDefaultParameters", - "rds:DescribeEvents", - "rds:DescribeOptionGroupOptions", - "rds:DescribeOptionGroups", - "rds:DescribeOrderableDBInstanceOptions", - "rds:DescribeReservedDBInstances", - "rds:DescribeReservedDBInstancesOfferings", - "rds:ListTagsForResource", - "redshift:DescribeClusters", - "redshift:DescribeReservedNodeOfferings", - "redshift:DescribeReservedNodes", - "route53:GetAccountLimit", - "route53:GetHealthCheck", - "route53:GetHostedZone", - "route53:ListHealthChecks", - "route53:ListHostedZones", - "route53:ListHostedZonesByName", - "route53:ListResourceRecordSets", - "route53resolver:ListResolverEndpoints", - "route53resolver:ListResolverEndpointIpAddresses", - "s3:GetAccountPublicAccessBlock", - "s3:GetBucketAcl", - "s3:GetBucketPolicy", - "s3:GetBucketPolicyStatus", - "s3:GetBucketLocation", - "s3:GetBucketLogging", - "s3:GetBucketVersioning", - "s3:GetBucketPublicAccessBlock", - "s3:GetLifecycleConfiguration", - "s3:ListBucket", - "s3:ListAllMyBuckets", - "ses:GetSendQuota", - "sqs:GetQueueAttributes", - "sqs:ListQueues" - ], - "Resource": "*" - } - ] - }, - "tags": [] - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "AWSTrustedAdvisorServiceRolePolicy", - "type": "AwsIamPolicy", - "uid": "arn:aws:iam::aws:policy/aws-service-role/AWSTrustedAdvisorServiceRolePolicy" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "It is more secure to start with a minimum set of permissions and grant additional permissions as necessary, rather than starting with permissions that are too lenient and then trying to tighten them later. List policies an analyze if permissions are the least possible to conduct business activities.", - "references": [ - "http://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html" - ] - }, - "risk_details": "IAM policies are the means by which privileges are granted to users, groups, or roles. It is recommended and considered a standard security advice to grant least privilegeβ€”that is, granting only the permissions required to perform a task. Determine what users need to do and then craft policies for them that let the users perform only those tasks instead of allowing full administrative privileges. Providing full administrative privileges instead of restricting to the minimum set of permissions that the user is required to do exposes the resources to potentially unwanted actions.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "AWS policy AdministratorAccess is attached and allows '*:*' administrative privileges.", - "metadata": { - "event_code": "iam_aws_attached_policy_no_administrative_privileges", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "AWS policy AdministratorAccess is attached and allows '*:*' administrative privileges.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "CAF Security Epic: IAM", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_1", - "3_1_2", - "3_1_4", - "3_1_5", - "3_1_6", - "3_1_7", - "3_4_6", - "3_13_3" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_1" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_308_a_3_i", - "164_308_a_3_ii_b", - "164_308_a_4_i", - "164_308_a_4_ii_b", - "164_308_a_4_ii_c", - "164_312_a_1" - ], - "SOC2": [ - "cc_1_3", - "cc_6_3" - ], - "C5-2025": [ - "OIS-04.03B", - "OIS-04.01AC", - "SP-01.04B", - "HR-01.01B", - "IAM-01.01B", - "IAM-01.04B" - ], - "NIST-CSF-1.1": [ - "ac_1", - "ac_4", - "pt_3" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-1", - "ac-2-f", - "ac-2-j", - "ac-3", - "ac-5-c", - "ac-6-10", - "ac-6", - "sc-2" - ], - "CIS-3.0": [ - "1.16" - ], - "NIST-800-53-Revision-5": [ - "ac_2_1", - "ac_2_6", - "ac_2_i_2", - "ac_3", - "ac_3_3", - "ac_3_3_a", - "ac_3_3_b_1", - "ac_3_3_b_2", - "ac_3_3_b_3", - "ac_3_3_b_4", - "ac_3_3_b_5", - "ac_3_3_c", - "ac_3_4", - "ac_3_4_a", - "ac_3_4_b", - "ac_3_4_c", - "ac_3_4_d", - "ac_3_4_e", - "ac_3_7", - "ac_3_8", - "ac_3_12_a", - "ac_3_13", - "ac_3_15_a", - "ac_3_15_b", - "ac_4_28", - "ac_5_b", - "ac_6", - "ac_6_2", - "ac_6_3", - "ac_6_10", - "ac_24", - "cm_5_1_a", - "cm_6_a", - "cm_9_b", - "mp_2", - "sc_23_3", - "sc_25" - ], - "ENS-RD2022": [ - "op.acc.4.aws.iam.1", - "op.acc.4.aws.iam.2", - "op.acc.4.aws.iam.9", - "op.exp.8.r4.aws.ct.8" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.16" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "ac-3" - ], - "FFIEC": [ - "d3-pc-am-b-1", - "d3-pc-am-b-16", - "d3-pc-am-b-2", - "d3-pc-am-b-3", - "d3-pc-am-b-6", - "d3-pc-im-b-7" - ], - "GDPR": [ - "article_25" - ], - "CIS-5.0": [ - "1.15" - ], - "CIS-1.4": [ - "1.16" - ], - "CCC": [ - "CCC.LB.CN05.AR01", - "CCC.Core.CN05.AR02" - ], - "GxP-21-CFR-Part-11": [ - "11.10-d", - "11.10-g" - ], - "ProwlerThreatScore-1.0": [ - "1.3.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "IAM.1" - ], - "CIS-1.5": [ - "1.16" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC03-BP02" - ], - "ISO27001-2022": [ - "A.5.18", - "A.8.2" - ], - "NIST-800-53-Revision-4": [ - "ac_2", - "ac_3", - "ac_5", - "ac_6", - "sc_2" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1078", - "T1648", - "T1098", - "T1578", - "T1550", - "T1040", - "T1580", - "T1538", - "T1619", - "T1201" - ], - "CIS-2.0": [ - "1.16" - ], - "CISA": [ - "your-systems-3", - "your-surroundings-3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure IAM AWS-Managed policies that allow full \"*:*\" administrative privileges are not attached", - "title": "Ensure IAM AWS-Managed policies that allow full \"*:*\" administrative privileges are not attached", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_aws_attached_policy_no_administrative_privileges-211203495394-us-east-1-AdministratorAccess" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "AdministratorAccess", - "arn": "arn:aws:iam::aws:policy/AdministratorAccess", - "entity": "ANPAIWMBCKSKIEE64ZLYK", - "version_id": "v1", - "type": "AWS", - "attached": true, - "document": { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Action": "*", - "Resource": "*" - } - ] - }, - "tags": [] - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "AdministratorAccess", - "type": "AwsIamPolicy", - "uid": "arn:aws:iam::aws:policy/AdministratorAccess" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "It is more secure to start with a minimum set of permissions and grant additional permissions as necessary, rather than starting with permissions that are too lenient and then trying to tighten them later. List policies an analyze if permissions are the least possible to conduct business activities.", - "references": [ - "http://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html" - ] - }, - "risk_details": "IAM policies are the means by which privileges are granted to users, groups, or roles. It is recommended and considered a standard security advice to grant least privilegeβ€”that is, granting only the permissions required to perform a task. Determine what users need to do and then craft policies for them that let the users perform only those tasks instead of allowing full administrative privileges. Providing full administrative privileges instead of restricting to the minimum set of permissions that the user is required to do exposes the resources to potentially unwanted actions.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "AWS policy AWSSupportServiceRolePolicy is attached but does not allow '*:*' administrative privileges.", - "metadata": { - "event_code": "iam_aws_attached_policy_no_administrative_privileges", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "AWS policy AWSSupportServiceRolePolicy is attached but does not allow '*:*' administrative privileges.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "CAF Security Epic: IAM", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_1", - "3_1_2", - "3_1_4", - "3_1_5", - "3_1_6", - "3_1_7", - "3_4_6", - "3_13_3" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_1" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_308_a_3_i", - "164_308_a_3_ii_b", - "164_308_a_4_i", - "164_308_a_4_ii_b", - "164_308_a_4_ii_c", - "164_312_a_1" - ], - "SOC2": [ - "cc_1_3", - "cc_6_3" - ], - "C5-2025": [ - "OIS-04.03B", - "OIS-04.01AC", - "SP-01.04B", - "HR-01.01B", - "IAM-01.01B", - "IAM-01.04B" - ], - "NIST-CSF-1.1": [ - "ac_1", - "ac_4", - "pt_3" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-1", - "ac-2-f", - "ac-2-j", - "ac-3", - "ac-5-c", - "ac-6-10", - "ac-6", - "sc-2" - ], - "CIS-3.0": [ - "1.16" - ], - "NIST-800-53-Revision-5": [ - "ac_2_1", - "ac_2_6", - "ac_2_i_2", - "ac_3", - "ac_3_3", - "ac_3_3_a", - "ac_3_3_b_1", - "ac_3_3_b_2", - "ac_3_3_b_3", - "ac_3_3_b_4", - "ac_3_3_b_5", - "ac_3_3_c", - "ac_3_4", - "ac_3_4_a", - "ac_3_4_b", - "ac_3_4_c", - "ac_3_4_d", - "ac_3_4_e", - "ac_3_7", - "ac_3_8", - "ac_3_12_a", - "ac_3_13", - "ac_3_15_a", - "ac_3_15_b", - "ac_4_28", - "ac_5_b", - "ac_6", - "ac_6_2", - "ac_6_3", - "ac_6_10", - "ac_24", - "cm_5_1_a", - "cm_6_a", - "cm_9_b", - "mp_2", - "sc_23_3", - "sc_25" - ], - "ENS-RD2022": [ - "op.acc.4.aws.iam.1", - "op.acc.4.aws.iam.2", - "op.acc.4.aws.iam.9", - "op.exp.8.r4.aws.ct.8" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.16" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "ac-3" - ], - "FFIEC": [ - "d3-pc-am-b-1", - "d3-pc-am-b-16", - "d3-pc-am-b-2", - "d3-pc-am-b-3", - "d3-pc-am-b-6", - "d3-pc-im-b-7" - ], - "GDPR": [ - "article_25" - ], - "CIS-5.0": [ - "1.15" - ], - "CIS-1.4": [ - "1.16" - ], - "CCC": [ - "CCC.LB.CN05.AR01", - "CCC.Core.CN05.AR02" - ], - "GxP-21-CFR-Part-11": [ - "11.10-d", - "11.10-g" - ], - "ProwlerThreatScore-1.0": [ - "1.3.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "IAM.1" - ], - "CIS-1.5": [ - "1.16" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC03-BP02" - ], - "ISO27001-2022": [ - "A.5.18", - "A.8.2" - ], - "NIST-800-53-Revision-4": [ - "ac_2", - "ac_3", - "ac_5", - "ac_6", - "sc_2" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1078", - "T1648", - "T1098", - "T1578", - "T1550", - "T1040", - "T1580", - "T1538", - "T1619", - "T1201" - ], - "CIS-2.0": [ - "1.16" - ], - "CISA": [ - "your-systems-3", - "your-surroundings-3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure IAM AWS-Managed policies that allow full \"*:*\" administrative privileges are not attached", - "title": "Ensure IAM AWS-Managed policies that allow full \"*:*\" administrative privileges are not attached", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_aws_attached_policy_no_administrative_privileges-211203495394-us-east-1-AWSSupportServiceRolePolicy" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "AWSSupportServiceRolePolicy", - "arn": "arn:aws:iam::aws:policy/aws-service-role/AWSSupportServiceRolePolicy", - "entity": "ANPAJ7W6266ELXF5MISDS", - "version_id": "v42", - "type": "AWS", - "attached": true, - "document": { - "Statement": [ - { - "Sid": "AWSSupportAPIGatewayAccess", - "Action": [ - "apigateway:GET" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:apigateway:*::/account", - "arn:aws:apigateway:*::/apis", - "arn:aws:apigateway:*::/apis/*", - "arn:aws:apigateway:*::/apis/*/authorizers", - "arn:aws:apigateway:*::/apis/*/authorizers/*", - "arn:aws:apigateway:*::/apis/*/deployments", - "arn:aws:apigateway:*::/apis/*/deployments/*", - "arn:aws:apigateway:*::/apis/*/integrations", - "arn:aws:apigateway:*::/apis/*/integrations/*", - "arn:aws:apigateway:*::/apis/*/integrations/*/integrationresponses", - "arn:aws:apigateway:*::/apis/*/integrations/*/integrationresponses/*", - "arn:aws:apigateway:*::/apis/*/models", - "arn:aws:apigateway:*::/apis/*/models/*", - "arn:aws:apigateway:*::/apis/*/routes", - "arn:aws:apigateway:*::/apis/*/routes/*", - "arn:aws:apigateway:*::/apis/*/routes/*/routeresponses", - "arn:aws:apigateway:*::/apis/*/routes/*/routeresponses/*", - "arn:aws:apigateway:*::/apis/*/stages", - "arn:aws:apigateway:*::/apis/*/stages/*", - "arn:aws:apigateway:*::/clientcertificates", - "arn:aws:apigateway:*::/clientcertificates/*", - "arn:aws:apigateway:*::/domainnames", - "arn:aws:apigateway:*::/domainnames/*", - "arn:aws:apigateway:*::/domainnames/*/apimappings", - "arn:aws:apigateway:*::/domainnames/*/apimappings/*", - "arn:aws:apigateway:*::/domainnames/*/basepathmappings", - "arn:aws:apigateway:*::/domainnames/*/basepathmappings/*", - "arn:aws:apigateway:*::/restapis", - "arn:aws:apigateway:*::/restapis/*", - "arn:aws:apigateway:*::/restapis/*/authorizers", - "arn:aws:apigateway:*::/restapis/*/authorizers/*", - "arn:aws:apigateway:*::/restapis/*/deployments", - "arn:aws:apigateway:*::/restapis/*/deployments/*", - "arn:aws:apigateway:*::/restapis/*/models", - "arn:aws:apigateway:*::/restapis/*/models/*", - "arn:aws:apigateway:*::/restapis/*/models/*/default_template", - "arn:aws:apigateway:*::/restapis/*/resources", - "arn:aws:apigateway:*::/restapis/*/resources/*", - "arn:aws:apigateway:*::/restapis/*/resources/*/methods/*/integration/responses/*", - "arn:aws:apigateway:*::/restapis/*/resources/*/methods/*/responses/*", - "arn:aws:apigateway:*::/restapis/*/stages/*/sdks/*", - "arn:aws:apigateway:*::/restapis/*/resources/*/methods/*", - "arn:aws:apigateway:*::/restapis/*/resources/*/methods/*/integration", - "arn:aws:apigateway:*::/restapis/*/stages", - "arn:aws:apigateway:*::/restapis/*/stages/*", - "arn:aws:apigateway:*::/usageplans", - "arn:aws:apigateway:*::/usageplans/*", - "arn:aws:apigateway:*::/vpclinks", - "arn:aws:apigateway:*::/vpclinks/*" - ] - }, - { - "Sid": "AWSSupportDeleteRoleAccess", - "Action": [ - "iam:DeleteRole" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:iam::*:role/aws-service-role/support.amazonaws.com/AWSServiceRoleForSupport" - ] - }, - { - "Sid": "AWSSupportActionsGroup1", - "Action": [ - "access-analyzer:getAccessPreview", - "access-analyzer:getAnalyzedResource", - "access-analyzer:getAnalyzer", - "access-analyzer:getArchiveRule", - "access-analyzer:getFinding", - "access-analyzer:getGeneratedPolicy", - "access-analyzer:listAccessPreviewFindings", - "access-analyzer:listAccessPreviews", - "access-analyzer:listAnalyzedResources", - "access-analyzer:listAnalyzers", - "access-analyzer:listArchiveRules", - "access-analyzer:listFindings", - "access-analyzer:listPolicyGenerations", - "account:getRegionOptStatus", - "account:listRegions", - "acm-pca:describeCertificateAuthority", - "acm-pca:describeCertificateAuthorityAuditReport", - "acm-pca:getCertificate", - "acm-pca:getCertificateAuthorityCertificate", - "acm-pca:getCertificateAuthorityCsr", - "acm-pca:listCertificateAuthorities", - "acm-pca:listTags", - "acm:describeCertificate", - "acm:getAccountConfiguration", - "acm:getCertificate", - "acm:listCertificates", - "acm:listTagsForCertificate", - "aiops:getInvestigationGroup", - "aiops:getInvestigationGroupPolicy", - "aiops:listInvestigationGroups", - "airflow:getEnvironment", - "airflow:listEnvironments", - "airflow:listTagsForResource", - "amplify:getApp", - "amplify:getBackendEnvironment", - "amplify:getBranch", - "amplify:getDomainAssociation", - "amplify:getJob", - "amplify:getWebhook", - "amplify:listApps", - "amplify:listBackendEnvironments", - "amplify:listBranches", - "amplify:listDomainAssociations", - "amplify:listWebhooks", - "amplifyuibuilder:exportComponents", - "amplifyuibuilder:exportThemes", - "aoss:batchGetCollection", - "aoss:batchGetEffectiveLifecyclePolicy", - "aoss:batchGetLifecyclePolicy", - "aoss:batchGetVpcEndpoint", - "aoss:getAccessPolicy", - "aoss:getAccountSettings", - "aoss:getPoliciesStats", - "aoss:getSecurityConfig", - "aoss:getSecurityPolicy", - "aoss:listAccessPolicies", - "aoss:listCollections", - "aoss:listLifecyclePolicies", - "aoss:listSecurityConfigs", - "aoss:listSecurityPolicies", - "aoss:listTagsForResource", - "aoss:listVpcEndpoints", - "appconfig:getApplication", - "appconfig:getConfigurationProfile", - "appconfig:getDeployment", - "appconfig:getDeploymentStrategy", - "appconfig:getEnvironment", - "appconfig:getExtension", - "appconfig:getExtensionAssociation", - "appconfig:listApplications", - "appconfig:listConfigurationProfiles", - "appconfig:listDeployments", - "appconfig:listDeploymentStrategies", - "appconfig:listEnvironments", - "appconfig:listExtensionAssociations", - "appconfig:listExtensions", - "appconfig:listHostedConfigurationVersions", - "appflow:describeConnectorEntity", - "appflow:describeConnectorProfiles", - "appflow:describeConnectors", - "appflow:describeFlow", - "appflow:describeFlowExecutionRecords", - "appflow:listConnectorEntities", - "appflow:listFlows", - "application-autoscaling:describeScalableTargets", - "application-autoscaling:describeScalingActivities", - "application-autoscaling:describeScalingPolicies", - "application-autoscaling:describeScheduledActions", - "application-signals:getService", - "application-signals:getServiceLevelObjective", - "application-signals:listServiceDependencies", - "application-signals:listServiceDependents", - "application-signals:listServiceLevelObjectives", - "application-signals:listServiceOperations", - "application-signals:listServices", - "applicationinsights:describeApplication", - "applicationinsights:describeComponent", - "applicationinsights:describeComponentConfiguration", - "applicationinsights:describeComponentConfigurationRecommendation", - "applicationinsights:describeLogPattern", - "applicationinsights:describeObservation", - "applicationinsights:describeProblem", - "applicationinsights:describeProblemObservations", - "applicationinsights:listApplications", - "applicationinsights:listComponents", - "applicationinsights:listConfigurationHistory", - "applicationinsights:listLogPatterns", - "applicationinsights:listLogPatternSets", - "applicationinsights:listProblems", - "appmesh:describeGatewayRoute", - "appmesh:describeMesh", - "appmesh:describeRoute", - "appmesh:describeVirtualGateway", - "appmesh:describeVirtualNode", - "appmesh:describeVirtualRouter", - "appmesh:describeVirtualService", - "appmesh:listGatewayRoutes", - "appmesh:listMeshes", - "appmesh:listRoutes", - "appmesh:listTagsForResource", - "appmesh:listVirtualGateways", - "appmesh:listVirtualNodes", - "appmesh:listVirtualRouters", - "appmesh:listVirtualServices", - "apprunner:describeAutoScalingConfiguration", - "apprunner:describeCustomDomains", - "apprunner:describeObservabilityConfiguration", - "apprunner:describeOperation", - "apprunner:describeService", - "apprunner:describeVpcConnector", - "apprunner:describeVpcIngressConnection", - "apprunner:listAutoScalingConfigurations", - "apprunner:listConnections", - "apprunner:listObservabilityConfigurations", - "apprunner:listOperations", - "apprunner:listServices", - "apprunner:listTagsForResource", - "apprunner:listVpcConnectors", - "apprunner:listVpcIngressConnections", - "appstream:describeAppBlockBuilderAppBlockAssociations", - "appstream:describeAppBlockBuilders", - "appstream:describeAppBlocks", - "appstream:describeApplicationFleetAssociations", - "appstream:describeApplications", - "appstream:describeDirectoryConfigs", - "appstream:describeEntitlements", - "appstream:describeFleets", - "appstream:describeImageBuilders", - "appstream:describeImagePermissions", - "appstream:describeImages", - "appstream:describeSessions", - "appstream:describeStacks", - "appstream:describeUsageReportSubscriptions", - "appstream:describeUsers", - "appstream:describeUserStackAssociations", - "appstream:listAssociatedFleets", - "appstream:listAssociatedStacks", - "appstream:listEntitledApplications", - "appstream:listTagsForResource", - "appsync:getApi", - "appsync:getApiAssociation", - "appsync:getApiCache", - "appsync:getChannelNamespace", - "appsync:getDataSource", - "appsync:getDomainName", - "appsync:getFunction", - "appsync:getGraphqlApi", - "appsync:getIntrospectionSchema", - "appsync:getResolver", - "appsync:getSchemaCreationStatus", - "appsync:getSourceApiAssociation", - "appsync:getType", - "appsync:listApis", - "appsync:listChannelNamespaces", - "appsync:listDataSources", - "appsync:listDomainNames", - "appsync:listFunctions", - "appsync:listGraphqlApis", - "appsync:listResolvers", - "appsync:listResolversByFunction", - "appsync:listSourceApiAssociations", - "appsync:listTypes", - "appsync:listTypesByAssociation", - "aps:describeAlertManagerDefinition", - "aps:describeRuleGroupsNamespace", - "aps:describeScraper", - "aps:describeWorkspace", - "aps:listRuleGroupsNamespaces", - "aps:listScrapers", - "aps:listWorkspaces", - "athena:batchGetNamedQuery", - "athena:batchGetQueryExecution", - "athena:getCalculationExecution", - "athena:getCalculationExecutionStatus", - "athena:getCapacityAssignmentConfiguration", - "athena:getCapacityReservation", - "athena:getDataCatalog", - "athena:getNamedQuery", - "athena:getNotebookMetadata", - "athena:getQueryExecution", - "athena:getQueryRuntimeStatistics", - "athena:getSession", - "athena:getSessionStatus", - "athena:getWorkGroup", - "athena:listApplicationDPUSizes", - "athena:listCalculationExecutions", - "athena:listCapacityReservations", - "athena:listDataCatalogs", - "athena:listEngineVersions", - "athena:listExecutors", - "athena:listNamedQueries", - "athena:listNotebookMetadata", - "athena:listNotebookSessions", - "athena:listQueryExecutions", - "athena:listSessions", - "athena:listTagsForResource", - "athena:listWorkGroups", - "auditmanager:getAccountStatus", - "auditmanager:getDelegations", - "auditmanager:listAssessmentFrameworks", - "auditmanager:listAssessmentReports", - "auditmanager:listAssessments", - "auditmanager:listControls", - "auditmanager:listKeywordsForDataSource", - "auditmanager:listNotifications", - "autoscaling-plans:describeScalingPlanResources", - "autoscaling-plans:describeScalingPlans", - "autoscaling-plans:getScalingPlanResourceForecastData", - "autoscaling:describeAccountLimits", - "autoscaling:describeAdjustmentTypes", - "autoscaling:describeAutoScalingGroups", - "autoscaling:describeAutoScalingInstances", - "autoscaling:describeAutoScalingNotificationTypes", - "autoscaling:describeInstanceRefreshes", - "autoscaling:describeLaunchConfigurations", - "autoscaling:describeLifecycleHooks", - "autoscaling:describeLifecycleHookTypes", - "autoscaling:describeLoadBalancers", - "autoscaling:describeLoadBalancerTargetGroups", - "autoscaling:describeMetricCollectionTypes", - "autoscaling:describeNotificationConfigurations", - "autoscaling:describePolicies", - "autoscaling:describeScalingActivities", - "autoscaling:describeScalingProcessTypes", - "autoscaling:describeScheduledActions", - "autoscaling:describeTags", - "autoscaling:describeTerminationPolicyTypes", - "autoscaling:describeTrafficSources", - "autoscaling:describeWarmPool", - "backup-gateway:getBandwidthRateLimitSchedule", - "backup-gateway:getGateway", - "backup-gateway:getHypervisor", - "backup-gateway:getHypervisorPropertyMappings", - "backup-gateway:getVirtualMachine", - "backup-gateway:listGateways", - "backup-gateway:listHypervisors", - "backup-gateway:listVirtualMachines", - "backup-search:listSearchJobBackups", - "backup-search:listSearchJobs", - "backup:describeBackupJob", - "backup:describeBackupVault", - "backup:describeCopyJob", - "backup:describeFramework", - "backup:describeGlobalSettings", - "backup:describeProtectedResource", - "backup:describeRecoveryPoint", - "backup:describeRegionSettings", - "backup:describeReportJob", - "backup:describeReportPlan", - "backup:describeRestoreJob", - "backup:getBackupPlan", - "backup:getBackupPlanFromJSON", - "backup:getBackupPlanFromTemplate", - "backup:getBackupSelection", - "backup:getBackupVaultAccessPolicy", - "backup:getBackupVaultNotifications", - "backup:getLegalHold", - "backup:getRecoveryPointRestoreMetadata", - "backup:getRecoveryPointIndexDetails", - "backup:getRestoreJobMetadata", - "backup:getRestoreTestingInferredMetadata", - "backup:getRestoreTestingPlan", - "backup:getRestoreTestingSelection", - "backup:getSupportedResourceTypes", - "backup:listBackupJobs", - "backup:listBackupPlans", - "backup:listBackupPlanTemplates", - "backup:listBackupPlanVersions", - "backup:listBackupSelections", - "backup:listBackupVaults", - "backup:listCopyJobs", - "backup:listFrameworks", - "backup:listIndexedRecoveryPoints", - "backup:listLegalHolds", - "backup:listProtectedResources", - "backup:listRecoveryPointsByBackupVault", - "backup:listRecoveryPointsByLegalHold", - "backup:listRecoveryPointsByResource", - "backup:listReportJobs", - "backup:listReportPlans", - "backup:listRestoreJobs", - "backup:listRestoreJobsByProtectedResource", - "backup:listRestoreTestingPlans", - "backup:listRestoreTestingSelections", - "backup:listTags", - "batch:describeComputeEnvironments", - "batch:describeJobDefinitions", - "batch:describeJobQueues", - "batch:describeJobs", - "batch:describeSchedulingPolicies", - "batch:listJobs", - "bedrock:getAgent", - "bedrock:getAgentActionGroup", - "bedrock:getAgentAlias", - "bedrock:getAgentKnowledgeBase", - "bedrock:getAgentVersion", - "bedrock:getCustomModel", - "bedrock:getDataSource", - "bedrock:getEvaluationJob", - "bedrock:getFlow", - "bedrock:getFlowAlias", - "bedrock:getFlowVersion", - "bedrock:getFoundationModel", - "bedrock:getGuardrail", - "bedrock:getImportedModel", - "bedrock:getInferenceProfile", - "bedrock:getIngestionJob", - "bedrock:getKnowledgeBase", - "bedrock:getMarketplaceModelEndpoint", - "bedrock:getModelCopyJob", - "bedrock:getModelCustomizationJob", - "bedrock:getModelImportJob", - "bedrock:getModelInvocationJob", - "bedrock:getModelInvocationLoggingConfiguration", - "bedrock:getPrompt", - "bedrock:getPromptRouter", - "bedrock:getProvisionedModelThroughput", - "bedrock:listAgentActionGroups", - "bedrock:listAgentAliases", - "bedrock:listAgentKnowledgeBases", - "bedrock:listAgents", - "bedrock:listAgentVersions", - "bedrock:listCustomModels", - "bedrock:listDataSources", - "bedrock:listEvaluationJobs", - "bedrock:listFlowAliases", - "bedrock:listFlows", - "bedrock:listFlowVersions", - "bedrock:listFoundationModels", - "bedrock:listGuardrails", - "bedrock:listImportedModels", - "bedrock:listInferenceProfiles", - "bedrock:listIngestionJobs", - "bedrock:listKnowledgeBases", - "bedrock:listMarketplaceModelEndpoints", - "bedrock:listModelCopyJobs", - "bedrock:listModelCustomizationJobs", - "bedrock:listModelImportJobs", - "bedrock:listModelInvocationJobs", - "bedrock:listPromptRouters", - "bedrock:listPrompts", - "bedrock:listProvisionedModelThroughputs", - "braket:getDevice", - "braket:getQuantumTask", - "braket:searchDevices", - "braket:searchQuantumTasks", - "budgets:viewBudget", - "ce:getCostAndUsage", - "ce:getCostAndUsageWithResources", - "ce:getCostForecast", - "ce:getDimensionValues", - "ce:getReservationCoverage", - "ce:getReservationPurchaseRecommendation", - "ce:getReservationUtilization", - "ce:getRightsizingRecommendation", - "ce:getSavingsPlansCoverage", - "ce:getSavingsPlansPurchaseRecommendation", - "ce:getSavingsPlansUtilization", - "ce:getSavingsPlansUtilizationDetails", - "ce:getTags", - "chime:describeAppInstance", - "chime:getAttendee", - "chime:getGlobalSettings", - "chime:getMediaCapturePipeline", - "chime:getMediaPipeline", - "chime:getMeeting", - "chime:getProxySession", - "chime:getSipMediaApplication", - "chime:getSipRule", - "chime:getVoiceConnector", - "chime:getVoiceConnectorGroup", - "chime:getVoiceConnectorLoggingConfiguration", - "chime:listAppInstances", - "chime:listAttendees", - "chime:listChannelBans", - "chime:listChannels", - "chime:listChannelsModeratedByAppInstanceUser", - "chime:listMediaCapturePipelines", - "chime:listMediaPipelines", - "chime:listMeetings", - "chime:listSipMediaApplications", - "chime:listSipRules", - "chime:listVoiceConnectorGroups", - "chime:listVoiceConnectors", - "cleanrooms:batchGetCollaborationAnalysisTemplate", - "cleanrooms:batchGetSchema", - "cleanrooms:getAnalysisTemplate", - "cleanrooms:getCollaboration", - "cleanrooms:getCollaborationAnalysisTemplate", - "cleanrooms:getConfiguredTable", - "cleanrooms:getConfiguredTableAssociation", - "cleanrooms:getMembership", - "cleanrooms:getSchema", - "cleanrooms:listAnalysisTemplates", - "cleanrooms:listCollaborationAnalysisTemplates", - "cleanrooms:listCollaborations", - "cleanrooms:listConfiguredTableAssociations", - "cleanrooms:listConfiguredTables", - "cleanrooms:listMembers", - "cleanrooms:listMemberships", - "cleanrooms:listSchemas", - "cloud9:describeEnvironmentMemberships", - "cloud9:describeEnvironments", - "cloud9:listEnvironments", - "clouddirectory:getDirectory", - "clouddirectory:listDirectories", - "cloudformation:batchDescribeTypeConfigurations", - "cloudformation:describeAccountLimits", - "cloudformation:describeChangeSet", - "cloudformation:describeChangeSetHooks", - "cloudformation:describePublisher", - "cloudformation:describeStackDriftDetectionStatus", - "cloudformation:describeStackEvents", - "cloudformation:describeStackInstance", - "cloudformation:describeStackResource", - "cloudformation:describeStackResourceDrifts", - "cloudformation:describeStackResources", - "cloudformation:describeStacks", - "cloudformation:describeStackSet", - "cloudformation:describeStackSetOperation", - "cloudformation:describeType", - "cloudformation:describeTypeRegistration", - "cloudformation:estimateTemplateCost", - "cloudformation:getResource", - "cloudformation:getStackPolicy", - "cloudformation:getTemplate", - "cloudformation:getTemplateSummary", - "cloudformation:listChangeSets", - "cloudformation:listExports", - "cloudformation:listImports", - "cloudformation:listResources", - "cloudformation:listStackInstances", - "cloudformation:listStackResources", - "cloudformation:listStacks", - "cloudformation:listStackSetOperationResults", - "cloudformation:listStackSetOperations", - "cloudformation:listStackSets", - "cloudformation:listTypeRegistrations", - "cloudformation:listTypes", - "cloudformation:listTypeVersions", - "cloudfront:describeFunction", - "cloudfront:describeKeyValueStore", - "cloudfront:getAnycastIpList", - "cloudfront:getCachePolicy", - "cloudfront:getCachePolicyConfig", - "cloudfront:getCloudFrontOriginAccessIdentity", - "cloudfront:getCloudFrontOriginAccessIdentityConfig", - "cloudfront:getContinuousDeploymentPolicy", - "cloudfront:getContinuousDeploymentPolicyConfig", - "cloudfront:getDistribution", - "cloudfront:getDistributionConfig", - "cloudfront:getInvalidation", - "cloudfront:getKeyGroup", - "cloudfront:getKeyGroupConfig", - "cloudfront:getMonitoringSubscription", - "cloudfront:getOriginAccessControl", - "cloudfront:getOriginAccessControlConfig", - "cloudfront:getOriginRequestPolicy", - "cloudfront:getOriginRequestPolicyConfig", - "cloudfront:getPublicKey", - "cloudfront:getPublicKeyConfig", - "cloudfront:getRealtimeLogConfig", - "cloudfront:getResponseHeadersPolicy", - "cloudfront:getResponseHeadersPolicyConfig", - "cloudfront:getStreamingDistribution", - "cloudfront:getStreamingDistributionConfig", - "cloudfront:getVpcOrigin", - "cloudfront:listAnycastIpLists", - "cloudfront:listCachePolicies", - "cloudfront:listCloudFrontOriginAccessIdentities", - "cloudfront:listConflictingAliases", - "cloudfront:listContinuousDeploymentPolicies", - "cloudfront:listDistributions", - "cloudfront:listDistributionsByAnycastIpListId", - "cloudfront:listDistributionsByCachePolicyId", - "cloudfront:listDistributionsByKeyGroup", - "cloudfront:listDistributionsByOriginRequestPolicyId", - "cloudfront:listDistributionsByRealtimeLogConfig", - "cloudfront:listDistributionsByResponseHeadersPolicyId", - "cloudfront:listDistributionsByVpcOriginId", - "cloudfront:listDistributionsByWebACLId", - "cloudfront:listFunctions", - "cloudfront:listInvalidations", - "cloudfront:listKeyGroups", - "cloudfront:listKeyValueStores", - "cloudfront:listOriginAccessControls", - "cloudfront:listOriginRequestPolicies", - "cloudfront:listPublicKeys", - "cloudfront:listRealtimeLogConfigs", - "cloudfront:listResponseHeadersPolicies", - "cloudfront:listStreamingDistributions", - "cloudfront:listVpcOrigins", - "cloudhsm:describeBackups", - "cloudhsm:describeClusters", - "cloudsearch:describeAnalysisSchemes", - "cloudsearch:describeAvailabilityOptions", - "cloudsearch:describeDomains", - "cloudsearch:describeExpressions", - "cloudsearch:describeIndexFields", - "cloudsearch:describeScalingParameters", - "cloudsearch:describeServiceAccessPolicies", - "cloudsearch:describeSuggesters", - "cloudsearch:listDomainNames", - "cloudtrail:describeTrails", - "cloudtrail:getEventSelectors", - "cloudtrail:getInsightSelectors", - "cloudtrail:getTrail", - "cloudtrail:getTrailStatus", - "cloudtrail:listPublicKeys", - "cloudtrail:listTags", - "cloudtrail:listTrails", - "cloudtrail:lookupEvents", - "cloudwatch:describeAlarmHistory", - "cloudwatch:describeAlarms", - "cloudwatch:describeAlarmsForMetric", - "cloudwatch:describeAnomalyDetectors", - "cloudwatch:describeInsightRules", - "cloudwatch:getDashboard", - "cloudwatch:getInsightRuleReport", - "cloudwatch:getMetricData", - "cloudwatch:getMetricStatistics", - "cloudwatch:getMetricStream", - "cloudWatch:getMetricWidgetImage", - "cloudwatch:listDashboards", - "cloudwatch:listManagedInsightRules", - "cloudwatch:listMetrics", - "cloudwatch:listMetricStreams", - "codeartifact:describeDomain", - "codeartifact:describePackageVersion", - "codeartifact:describeRepository", - "codeartifact:getDomainPermissionsPolicy", - "codeartifact:getRepositoryEndpoint", - "codeartifact:getRepositoryPermissionsPolicy", - "codeartifact:listDomains", - "codeartifact:listPackages", - "codeartifact:listPackageVersionAssets", - "codeartifact:listPackageVersions", - "codeartifact:listRepositories", - "codeartifact:listRepositoriesInDomain", - "codebuild:batchGetBuildBatches", - "codebuild:batchGetBuilds", - "codebuild:batchGetFleets", - "codebuild:batchGetProjects", - "codebuild:listBuildBatches", - "codebuild:listBuildBatchesForProject", - "codebuild:listBuilds", - "codebuild:listBuildsForProject", - "codebuild:listCuratedEnvironmentImages", - "codebuild:listFleets", - "codebuild:listProjects", - "codebuild:listSourceCredentials", - "codecommit:batchGetRepositories", - "codecommit:getBranch", - "codecommit:getRepository", - "codecommit:getRepositoryTriggers", - "codecommit:listBranches", - "codecommit:listRepositories", - "codeconnections:getConnection", - "codeconnections:getHost", - "codeconnections:getRepositoryLink", - "codeconnections:getRepositorySyncStatus", - "codeconnections:getResourceSyncStatus", - "codeconnections:getSyncBlockerSummary", - "codeconnections:getSyncConfiguration", - "codeconnections:listConnections", - "codeconnections:listHosts", - "codeconnections:listRepositoryLinks", - "codeconnections:listRepositorySyncDefinitions", - "codeconnections:listSyncConfigurations", - "codedeploy:batchGetApplicationRevisions", - "codedeploy:batchGetApplications", - "codedeploy:batchGetDeploymentGroups", - "codedeploy:batchGetDeploymentInstances", - "codedeploy:batchGetDeployments", - "codedeploy:batchGetDeploymentTargets", - "codedeploy:batchGetOnPremisesInstances", - "codedeploy:getApplication", - "codedeploy:getApplicationRevision", - "codedeploy:getDeployment", - "codedeploy:getDeploymentConfig", - "codedeploy:getDeploymentGroup", - "codedeploy:getDeploymentInstance", - "codedeploy:getDeploymentTarget", - "codedeploy:getOnPremisesInstance", - "codedeploy:listApplicationRevisions", - "codedeploy:listApplications", - "codedeploy:listDeploymentConfigs", - "codedeploy:listDeploymentGroups", - "codedeploy:listDeploymentInstances", - "codedeploy:listDeployments", - "codedeploy:listDeploymentTargets", - "codedeploy:listGitHubAccountTokenNames", - "codedeploy:listOnPremisesInstances", - "codepipeline:getJobDetails", - "codepipeline:getPipeline", - "codepipeline:getPipelineExecution", - "codepipeline:getPipelineState", - "codepipeline:listActionExecutions", - "codepipeline:listActionTypes", - "codepipeline:listPipelineExecutions", - "codepipeline:listPipelines", - "codepipeline:listRuleExecutions", - "codepipeline:listWebhooks", - "codestar-connections:getConnection", - "codestar-connections:getHost", - "codestar-connections:listConnections", - "codestar-connections:listHosts", - "codestar:describeProject", - "codestar:listProjects", - "codestar:listResources", - "codestar:listTeamMembers", - "codestar:listUserProfiles", - "cognito-identity:describeIdentity", - "cognito-identity:describeIdentityPool", - "cognito-identity:getIdentityPoolAnalytics", - "cognito-identity:getIdentityPoolDailyAnalytics", - "cognito-identity:getIdentityPoolRoles", - "cognito-identity:getIdentityProviderDailyAnalytics", - "cognito-identity:listIdentities", - "cognito-identity:listIdentityPools", - "cognito-identity:lookupDeveloperIdentity", - "cognito-idp:describeIdentityProvider", - "cognito-idp:describeResourceServer", - "cognito-idp:describeRiskConfiguration", - "cognito-idp:describeUserImportJob", - "cognito-idp:describeUserPool", - "cognito-idp:describeUserPoolClient", - "cognito-idp:describeUserPoolDomain", - "cognito-idp:getCSVHeader", - "cognito-idp:getGroup", - "cognito-idp:getLogDeliveryConfiguration", - "cognito-idp:getUICustomization", - "cognito-idp:getUserPoolMfaConfig", - "cognito-idp:listGroups", - "cognito-idp:listIdentityProviders", - "cognito-idp:listResourceServers", - "cognito-idp:listUserImportJobs", - "cognito-idp:listUserPoolClients", - "cognito-idp:listUserPools", - "cognito-sync:describeDataset", - "cognito-sync:describeIdentityPoolUsage", - "cognito-sync:describeIdentityUsage", - "cognito-sync:getCognitoEvents", - "cognito-sync:getIdentityPoolConfiguration", - "cognito-sync:listDatasets", - "cognito-sync:listIdentityPoolUsage", - "comprehend:describeDocumentClassificationJob", - "comprehend:describeDocumentClassifier", - "comprehend:describeDominantLanguageDetectionJob", - "comprehend:describeEndpoint", - "comprehend:describeEntitiesDetectionJob", - "comprehend:describeEntityRecognizer", - "comprehend:describeEventsDetectionJob", - "comprehend:describeFlywheel", - "comprehend:describeFlywheelIteration", - "comprehend:describeKeyPhrasesDetectionJob", - "comprehend:describePiiEntitiesDetectionJob", - "comprehend:describeSentimentDetectionJob", - "comprehend:describeTargetedSentimentDetectionJob", - "comprehend:describeTopicsDetectionJob", - "comprehend:listDocumentClassificationJobs", - "comprehend:listDocumentClassifiers", - "comprehend:listDominantLanguageDetectionJobs", - "comprehend:listEndpoints", - "comprehend:listEntitiesDetectionJobs", - "comprehend:listEntityRecognizers", - "comprehend:listEventsDetectionJobs", - "comprehend:listFlywheelIterationHistory", - "comprehend:listFlywheels", - "comprehend:listKeyPhrasesDetectionJobs", - "comprehend:listPiiEntitiesDetectionJobs", - "comprehend:listSentimentDetectionJobs", - "comprehend:listTargetedSentimentDetectionJobs", - "comprehend:listTopicsDetectionJobs", - "compute-optimizer:getAutoScalingGroupRecommendations", - "compute-optimizer:getEBSVolumeRecommendations", - "compute-optimizer:getEC2InstanceRecommendations", - "compute-optimizer:getEC2RecommendationProjectedMetrics", - "compute-optimizer:getECSServiceRecommendationProjectedMetrics", - "compute-optimizer:getECSServiceRecommendations", - "compute-optimizer:getEnrollmentStatus", - "compute-optimizer:getRecommendationSummaries", - "config:batchGetAggregateResourceConfig", - "config:batchGetResourceConfig", - "config:describeAggregateComplianceByConfigRules", - "config:describeAggregationAuthorizations", - "config:describeComplianceByConfigRule", - "config:describeComplianceByResource", - "config:describeConfigRuleEvaluationStatus", - "config:describeConfigRules", - "config:describeConfigurationAggregators", - "config:describeConfigurationAggregatorSourcesStatus", - "config:describeConfigurationRecorders", - "config:describeConfigurationRecorderStatus", - "config:describeConformancePackCompliance", - "config:describeConformancePacks", - "config:describeConformancePackStatus", - "config:describeDeliveryChannels", - "config:describeDeliveryChannelStatus", - "config:describeOrganizationConfigRules", - "config:describeOrganizationConfigRuleStatuses", - "config:describeOrganizationConformancePacks", - "config:describeOrganizationConformancePackStatuses", - "config:describePendingAggregationRequests", - "config:describeRemediationConfigurations", - "config:describeRemediationExceptions", - "config:describeRemediationExecutionStatus", - "config:describeRetentionConfigurations", - "config:getAggregateComplianceDetailsByConfigRule", - "config:getAggregateConfigRuleComplianceSummary", - "config:getAggregateDiscoveredResourceCounts", - "config:getAggregateResourceConfig", - "config:getComplianceDetailsByConfigRule", - "config:getComplianceDetailsByResource", - "config:getComplianceSummaryByConfigRule", - "config:getComplianceSummaryByResourceType", - "config:getConformancePackComplianceDetails", - "config:getConformancePackComplianceSummary", - "config:getDiscoveredResourceCounts", - "config:getOrganizationConfigRuleDetailedStatus", - "config:getOrganizationConformancePackDetailedStatus", - "config:getResourceConfigHistory", - "config:listAggregateDiscoveredResources", - "config:listDiscoveredResources", - "config:listTagsForResource", - "config:selectAggregateResourceConfig", - "config:selectResourceConfig", - "connect:describeContact", - "connect:describePhoneNumber", - "connect:describeQueue", - "connect:describeQuickConnect", - "connect:describeRoutingProfile", - "connect:describeUser", - "connect:describeUserHierarchyStructure", - "connect:getCurrentMetricData", - "connect:getMetricData", - "connect:getMetricDataV2", - "connect:listContactEvaluations", - "connect:listEvaluationForms", - "connect:listEvaluationFormVersions", - "connect:listPhoneNumbersV2", - "connect:listQueueQuickConnects", - "connect:listQueues", - "connect:listQuickConnects", - "connect:listRoutingProfileQueues", - "connect:listRoutingProfiles", - "connect:listSecurityProfiles", - "connect:listUsers", - "connect:listViews", - "connect:listViewVersions", - "connect:searchQueues", - "connect:searchRoutingProfiles", - "connect:searchUsers", - "controltower:describeAccountFactoryConfig", - "controltower:describeCoreService", - "controltower:describeGuardrail", - "controltower:describeGuardrailForTarget", - "controltower:describeManagedAccount", - "controltower:describeSingleSignOn", - "controltower:getAvailableUpdates", - "controltower:getHomeRegion", - "controltower:getLandingZone", - "controltower:getLandingZoneStatus", - "controltower:listDirectoryGroups", - "controltower:listEnabledControls", - "controltower:listGuardrailsForTarget", - "controltower:listGuardrailViolations", - "controltower:listLandingZones", - "controltower:listManagedAccounts", - "controltower:listManagedAccountsForGuardrail", - "controltower:listManagedAccountsForParent", - "controltower:listManagedOrganizationalUnits", - "controltower:listManagedOrganizationalUnitsForGuardrail", - "cost-optimization-hub:getPreferences", - "cost-optimization-hub:getRecommendation", - "cost-optimization-hub:listEnrollmentStatuses", - "cost-optimization-hub:listRecommendations", - "cost-optimization-hub:listRecommendationSummaries", - "databrew:describeDataset", - "databrew:describeJob", - "databrew:describeProject", - "databrew:describeRecipe", - "databrew:listDatasets", - "databrew:listJobRuns", - "databrew:listJobs", - "databrew:listProjects", - "databrew:listRecipes", - "databrew:listRecipeVersions", - "databrew:listTagsForResource", - "datapipeline:describeObjects", - "datapipeline:describePipelines", - "datapipeline:getPipelineDefinition", - "datapipeline:listPipelines", - "datapipeline:queryObjects", - "datasync:describeAgent", - "datasync:describeLocationAzureBlob", - "datasync:describeLocationEfs", - "datasync:describeLocationFsxLustre", - "datasync:describeLocationFsxOntap", - "datasync:describeLocationFsxOpenZfs", - "datasync:describeLocationFsxWindows", - "datasync:describeLocationHdfs", - "datasync:describeLocationNfs", - "datasync:describeLocationObjectStorage", - "datasync:describeLocationS3", - "datasync:describeLocationSmb", - "datasync:describeTask", - "datasync:describeTaskExecution", - "datasync:listAgents", - "datasync:listLocations", - "datasync:listTaskExecutions", - "datasync:listTasks", - "datazone:getAsset", - "datazone:getAssetType", - "datazone:getDataSource", - "datazone:getDataSourceRun", - "datazone:getDomain", - "datazone:getEnvironment", - "datazone:getEnvironmentBlueprint", - "datazone:getEnvironmentBlueprintConfiguration", - "datazone:getEnvironmentProfile", - "datazone:getFormType", - "datazone:getGlossary", - "datazone:getGlossaryTerm", - "datazone:getGroupProfile", - "datazone:getListing", - "datazone:getMetadataGenerationRun", - "datazone:getProject", - "datazone:getSubscription", - "datazone:getSubscriptionGrant", - "datazone:getSubscriptionRequestDetails", - "datazone:getSubscriptionTarget", - "datazone:getUserProfile", - "datazone:listAssetRevisions", - "datazone:listDataSourceRunActivities", - "datazone:listDataSourceRuns", - "datazone:listDataSources", - "datazone:listDomains", - "datazone:listEnvironmentBlueprintConfigurations", - "datazone:listEnvironmentBlueprints", - "datazone:listEnvironmentProfiles", - "datazone:listEnvironments", - "datazone:listMetadataGenerationRuns", - "datazone:listProjectMemberships", - "datazone:listProjects", - "datazone:listSubscriptionGrants", - "datazone:listSubscriptionRequests", - "datazone:listSubscriptions", - "datazone:listSubscriptionTargets", - "datazone:searchGroupProfiles", - "datazone:searchUserProfiles", - "dax:describeClusters", - "dax:describeDefaultParameters", - "dax:describeEvents", - "dax:describeParameterGroups", - "dax:describeParameters", - "dax:describeSubnetGroups", - "deadline:listAvailableMeteredProducts", - "deadline:listBudgets", - "deadline:listFarmMembers", - "deadline:listFarms", - "deadline:listFleetMembers", - "deadline:listFleets", - "deadline:listJobMembers", - "deadline:listJobs", - "deadline:listLicenseEndpoints", - "deadline:listMeteredProducts", - "deadline:listMonitors", - "deadline:listQueueEnvironments", - "deadline:listQueueFleetAssociations", - "deadline:listQueueMembers", - "deadline:listQueues", - "deadline:listStorageProfiles", - "deadline:listWorkers", - "detective:getMembers", - "detective:listGraphs", - "detective:listInvitations", - "detective:listMembers", - "devicefarm:getAccountSettings", - "devicefarm:getDevice", - "devicefarm:getDevicePool", - "devicefarm:getDevicePoolCompatibility", - "devicefarm:getJob", - "devicefarm:getProject", - "devicefarm:getRemoteAccessSession", - "devicefarm:getRun", - "devicefarm:getSuite", - "devicefarm:getTest", - "devicefarm:getTestGridProject", - "devicefarm:getTestGridSession", - "devicefarm:getUpload", - "devicefarm:listArtifacts", - "devicefarm:listDevicePools", - "devicefarm:listDevices", - "devicefarm:listJobs", - "devicefarm:listProjects", - "devicefarm:listRemoteAccessSessions", - "devicefarm:listRuns", - "devicefarm:listSamples", - "devicefarm:listSuites", - "devicefarm:listTestGridProjects", - "devicefarm:listTestGridSessionActions", - "devicefarm:listTestGridSessionArtifacts", - "devicefarm:listTestGridSessions", - "devicefarm:listTests", - "devicefarm:listUniqueProblems", - "devicefarm:listUploads", - "directconnect:describeConnectionLoa", - "directconnect:describeConnections", - "directconnect:describeConnectionsOnInterconnect", - "directconnect:describeCustomerMetadata", - "directconnect:describeDirectConnectGatewayAssociationProposals", - "directconnect:describeDirectConnectGatewayAssociations", - "directconnect:describeDirectConnectGatewayAttachments", - "directconnect:describeDirectConnectGateways", - "directconnect:describeHostedConnections", - "directconnect:describeInterconnectLoa", - "directconnect:describeInterconnects", - "directconnect:describeLags", - "directconnect:describeLoa", - "directconnect:describeLocations", - "directconnect:describeRouterConfiguration", - "directconnect:describeVirtualGateways", - "directconnect:describeVirtualInterfaces", - "directconnect:listVirtualInterfaceTestHistory", - "dlm:getLifecyclePolicies", - "dlm:getLifecyclePolicy", - "dms:describeAccountAttributes", - "dms:describeApplicableIndividualAssessments", - "dms:describeConnections", - "dms:describeEndpoints", - "dms:describeEndpointSettings", - "dms:describeEndpointTypes", - "dms:describeEventCategories", - "dms:describeEvents", - "dms:describeEventSubscriptions", - "dms:describeFleetAdvisorCollectors", - "dms:describeFleetAdvisorDatabases", - "dms:describeFleetAdvisorLsaAnalysis", - "dms:describeFleetAdvisorSchemaObjectSummary", - "dms:describeFleetAdvisorSchemas", - "dms:describeOrderableReplicationInstances", - "dms:describePendingMaintenanceActions", - "dms:describeRefreshSchemasStatus", - "dms:describeReplicationInstances", - "dms:describeReplicationInstanceTaskLogs", - "dms:describeReplicationSubnetGroups", - "dms:describeReplicationTaskAssessmentResults", - "dms:describeReplicationTaskAssessmentRuns", - "dms:describeReplicationTaskIndividualAssessments", - "dms:describeReplicationTasks", - "dms:describeSchemas", - "dms:describeTableStatistics", - "docdb-elastic:getCluster", - "docdb-elastic:getClusterSnapshot", - "docdb-elastic:listClusters", - "docdb-elastic:listClusterSnapshots", - "drs:describeJobLogItems", - "drs:describeJobs", - "drs:describeLaunchConfigurationTemplates", - "drs:describeRecoveryInstances", - "drs:describeRecoverySnapshots", - "drs:describeReplicationConfigurationTemplates", - "drs:describeSourceNetworks", - "drs:describeSourceServers", - "drs:getLaunchConfiguration", - "drs:getReplicationConfiguration", - "drs:listExtensibleSourceServers", - "drs:listLaunchActions", - "drs:listStagingAccounts", - "ds:describeClientAuthenticationSettings", - "ds:describeConditionalForwarders", - "ds:describeDirectories", - "ds:describeDomainControllers", - "ds:describeEventTopics", - "ds:describeHybridADUpdate", - "ds:describeLDAPSSettings", - "ds:describeSharedDirectories", - "ds:describeSnapshots", - "ds:describeTrusts", - "ds:getDirectoryLimits", - "ds:getSnapshotLimits", - "ds:listIpRoutes", - "ds:listSchemaExtensions", - "ds:listTagsForResource", - "dynamodb:describeBackup", - "dynamodb:describeContinuousBackups", - "dynamodb:describeContributorInsights", - "dynamodb:describeExport", - "dynamodb:describeGlobalTable", - "dynamodb:describeImport", - "dynamodb:describeKinesisStreamingDestination", - "dynamodb:describeLimits", - "dynamodb:describeStream", - "dynamodb:describeTable", - "dynamodb:describeTimeToLive", - "dynamodb:getResourcePolicy", - "dynamodb:listBackups", - "dynamodb:listContributorInsights", - "dynamodb:listExports", - "dynamodb:listGlobalTables", - "dynamodb:listImports", - "dynamodb:listStreams", - "dynamodb:listTables", - "dynamodb:listTagsOfResource", - "ec2:describeAccountAttributes", - "ec2:describeAddresses", - "ec2:describeAddressesAttribute", - "ec2:describeAddressTransfers", - "ec2:describeAggregateIdFormat", - "ec2:describeAvailabilityZones", - "ec2:describeBundleTasks", - "ec2:describeByoipCidrs", - "ec2:describeCapacityBlockOfferings", - "ec2:describeCapacityReservationFleets", - "ec2:describeCapacityReservations", - "ec2:describeCarrierGateways", - "ec2:describeClassicLinkInstances", - "ec2:describeClientVpnAuthorizationRules", - "ec2:describeClientVpnConnections", - "ec2:describeClientVpnEndpoints", - "ec2:describeClientVpnRoutes", - "ec2:describeClientVpnTargetNetworks", - "ec2:describeCoipPools", - "ec2:describeConversionTasks", - "ec2:describeCustomerGateways", - "ec2:describeDhcpOptions", - "ec2:describeEgressOnlyInternetGateways", - "ec2:describeExportImageTasks", - "ec2:describeExportTasks", - "ec2:describeFastLaunchImages", - "ec2:describeFastSnapshotRestores", - "ec2:describeFleetHistory", - "ec2:describeFleetInstances", - "ec2:describeFleets", - "ec2:describeFlowLogs", - "ec2:describeFpgaImageAttribute", - "ec2:describeFpgaImages", - "ec2:describeHostReservationOfferings", - "ec2:describeHostReservations", - "ec2:describeHosts", - "ec2:describeIamInstanceProfileAssociations", - "ec2:describeIdentityIdFormat", - "ec2:describeIdFormat", - "ec2:describeImageAttribute", - "ec2:describeImages", - "ec2:describeImportImageTasks", - "ec2:describeImportSnapshotTasks", - "ec2:describeInstanceAttribute", - "ec2:describeInstanceConnectEndpoints", - "ec2:describeInstanceCreditSpecifications", - "ec2:describeInstanceEventNotificationAttributes", - "ec2:describeInstanceEventWindows", - "ec2:describeInstances", - "ec2:describeInstanceStatus", - "ec2:describeInstanceTypeOfferings", - "ec2:describeInstanceTypes", - "ec2:describeInternetGateways", - "ec2:describeIpamByoasn", - "ec2:describeIpamExternalResourceVerificationTokens", - "ec2:describeIpamPools", - "ec2:describeIpamResourceDiscoveries", - "ec2:describeIpamResourceDiscoveryAssociations", - "ec2:describeIpams", - "ec2:describeIpamScopes", - "ec2:describeIpv6Pools", - "ec2:describeKeyPairs", - "ec2:describeLaunchTemplates", - "ec2:describeLaunchTemplateVersions", - "ec2:describeLocalGatewayRouteTables", - "ec2:describeLocalGatewayRouteTableVirtualInterfaceGroupAssociations", - "ec2:describeLocalGatewayRouteTableVpcAssociations", - "ec2:describeLocalGateways", - "ec2:describeLocalGatewayVirtualInterfaceGroups", - "ec2:describeLocalGatewayVirtualInterfaces", - "ec2:describeManagedPrefixLists", - "ec2:describeMovingAddresses", - "ec2:describeNatGateways", - "ec2:describeNetworkAcls", - "ec2:describeNetworkInsightsAccessScopeAnalyses", - "ec2:describeNetworkInsightsAccessScopes", - "ec2:describeNetworkInsightsAnalyses", - "ec2:describeNetworkInsightsPaths", - "ec2:describeNetworkInterfaceAttribute", - "ec2:describeNetworkInterfaces", - "ec2:describePlacementGroups", - "ec2:describePrefixLists", - "ec2:describePrincipalIdFormat", - "ec2:describePublicIpv4Pools", - "ec2:describeRegions", - "ec2:describeReplaceRootVolumeTasks", - "ec2:describeReservedInstances", - "ec2:describeReservedInstancesListings", - "ec2:describeReservedInstancesModifications", - "ec2:describeReservedInstancesOfferings", - "ec2:describeRouteServerEndpoints", - "ec2:describeRouteServerPeers", - "ec2:describeRouteServers", - "ec2:describeRouteTables", - "ec2:describeScheduledInstanceAvailability", - "ec2:describeScheduledInstances", - "ec2:describeSecurityGroupReferences", - "ec2:describeSecurityGroupRules", - "ec2:describeSecurityGroups", - "ec2:describeServiceLinkVirtualInterfaces", - "ec2:describeSnapshotAttribute", - "ec2:describeSnapshots", - "ec2:describeSnapshotTierStatus", - "ec2:describeSpotDatafeedSubscription", - "ec2:describeSpotFleetInstances", - "ec2:describeSpotFleetRequestHistory", - "ec2:describeSpotFleetRequests", - "ec2:describeSpotInstanceRequests", - "ec2:describeSpotPriceHistory", - "ec2:describeStaleSecurityGroups", - "ec2:describeStoreImageTasks", - "ec2:describeSubnets", - "ec2:describeTags", - "ec2:describeTrafficMirrorFilterRules", - "ec2:describeTrafficMirrorFilters", - "ec2:describeTrafficMirrorSessions", - "ec2:describeTrafficMirrorTargets", - "ec2:describeTransitGatewayAttachments", - "ec2:describeTransitGatewayConnectPeers", - "ec2:describeTransitGatewayMulticastDomains", - "ec2:describeTransitGatewayPeeringAttachments", - "ec2:describeTransitGatewayPolicyTables", - "ec2:describeTransitGatewayRouteTableAnnouncements", - "ec2:describeTransitGatewayRouteTables", - "ec2:describeTransitGateways", - "ec2:describeTransitGatewayVpcAttachments", - "ec2:describeVerifiedAccessEndpoints", - "ec2:describeVerifiedAccessGroups", - "ec2:describeVerifiedAccessInstanceLoggingConfigurations", - "ec2:describeVerifiedAccessInstances", - "ec2:describeVerifiedAccessTrustProviders", - "ec2:describeVolumeAttribute", - "ec2:describeVolumes", - "ec2:describeVolumesModifications", - "ec2:describeVolumeStatus", - "ec2:describeVpcAttribute", - "ec2:describeVpcBlockPublicAccessExclusions", - "ec2:describeVpcBlockPublicAccessOptions", - "ec2:describeVpcClassicLink", - "ec2:describeVpcClassicLinkDnsSupport", - "ec2:describeVpcEndpointAssociations", - "ec2:describeVpcEndpointConnectionNotifications", - "ec2:describeVpcEndpointConnections", - "ec2:describeVpcEndpoints", - "ec2:describeVpcEndpointServiceConfigurations", - "ec2:describeVpcEndpointServicePermissions", - "ec2:describeVpcEndpointServices", - "ec2:describeVpcPeeringConnections", - "ec2:describeVpcs", - "ec2:describeVpnConnections", - "ec2:describeVpnGateways", - "ec2:getAssociatedEnclaveCertificateIamRoles", - "ec2:getAssociatedIpv6PoolCidrs", - "ec2:getCapacityReservationUsage", - "ec2:getCoipPoolUsage", - "ec2:getConsoleOutput", - "ec2:getConsoleScreenshot", - "ec2:getDefaultCreditSpecification", - "ec2:getEbsDefaultKmsKeyId", - "ec2:getEbsEncryptionByDefault", - "ec2:getGroupsForCapacityReservation", - "ec2:getHostReservationPurchasePreview", - "ec2:getImageBlockPublicAccessState", - "ec2:getInstanceTypesFromInstanceRequirements", - "ec2:getIpamAddressHistory", - "ec2:getIpamDiscoveredAccounts", - "ec2:getIpamDiscoveredPublicAddresses", - "ec2:getIpamDiscoveredResourceCidrs", - "ec2:getIpamPoolAllocations", - "ec2:getIpamPoolCidrs", - "ec2:getIpamResourceCidrs", - "ec2:getLaunchTemplateData", - "ec2:getManagedPrefixListAssociations", - "ec2:getManagedPrefixListEntries", - "ec2:getNetworkInsightsAccessScopeContent", - "ec2:getReservedInstancesExchangeQuote", - "ec2:getRouteServerAssociations", - "ec2:getRouteServerPropagations", - "ec2:getRouteServerRoutingDatabase", - "ec2:getSerialConsoleAccessStatus", - "ec2:getSpotPlacementScores", - "ec2:getSubnetCidrReservations", - "ec2:getTransitGatewayMulticastDomainAssociations", - "ec2:getTransitGatewayPrefixListReferences", - "ec2:getVerifiedAccessEndpointPolicy", - "ec2:getVerifiedAccessGroupPolicy", - "ec2:listImagesInRecycleBin", - "ec2:listSnapshotsInRecycleBin", - "ec2:searchLocalGatewayRoutes", - "ec2:searchTransitGatewayMulticastGroups", - "ec2:searchTransitGatewayRoutes", - "ecr-public:describeImages", - "ecr-public:describeImageTags", - "ecr-public:describeRegistries", - "ecr-public:describeRepositories", - "ecr-public:getRegistryCatalogData", - "ecr-public:getRepositoryCatalogData", - "ecr-public:getRepositoryPolicy", - "ecr-public:listTagsForResource", - "ecr:batchCheckLayerAvailability", - "ecr:batchGetRepositoryScanningConfiguration", - "ecr:describeImageReplicationStatus", - "ecr:describeImages", - "ecr:describeImageScanFindings", - "ecr:describePullThroughCacheRules", - "ecr:describeRegistry", - "ecr:describeRepositories", - "ecr:getLifecyclePolicy", - "ecr:getLifecyclePolicyPreview", - "ecr:getRegistryPolicy", - "ecr:getRegistryScanningConfiguration", - "ecr:getRepositoryPolicy", - "ecr:listImages", - "ecr:listTagsForResource", - "ecs:describeCapacityProviders", - "ecs:describeClusters", - "ecs:describeContainerInstances", - "ecs:describeServiceDeployments", - "ecs:describeServiceRevisions", - "ecs:describeServices", - "ecs:describeTaskDefinition", - "ecs:describeTasks", - "ecs:describeTaskSets", - "ecs:getTaskProtection", - "ecs:listAccountSettings", - "ecs:listAttributes", - "ecs:listClusters", - "ecs:listContainerInstances", - "ecs:listServiceDeployments", - "ecs:listServices", - "ecs:listServicesByNamespace", - "ecs:listTagsForResource", - "ecs:listTaskDefinitionFamilies", - "ecs:listTaskDefinitions", - "ecs:listTasks" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Sid": "AWSSupportActionsGroup2", - "Action": [ - "eks:describeAccessEntry", - "eks:describeAddon", - "eks:describeAddonConfiguration", - "eks:describeAddonVersions", - "eks:describeCluster", - "eks:describeEksAnywhereSubscription", - "eks:describeFargateProfile", - "eks:describeIdentityProviderConfig", - "eks:describeInsight", - "eks:describeNodegroup", - "eks:describePodIdentityAssociation", - "eks:describeUpdate", - "eks:listAccessEntries", - "eks:listAccessPolicies", - "eks:listAddons", - "eks:listAssociatedAccessPolicies", - "eks:listClusters", - "eks:listEksAnywhereSubscriptions", - "eks:listFargateProfiles", - "eks:listIdentityProviderConfigs", - "eks:listInsights", - "eks:listNodegroups", - "eks:listPodIdentityAssociations", - "eks:listUpdates", - "elasticache:describeCacheClusters", - "elasticache:describeCacheEngineVersions", - "elasticache:describeCacheParameterGroups", - "elasticache:describeCacheParameters", - "elasticache:describeCacheSecurityGroups", - "elasticache:describeCacheSubnetGroups", - "elasticache:describeEngineDefaultParameters", - "elasticache:describeEvents", - "elasticache:describeGlobalReplicationGroups", - "elasticache:describeReplicationGroups", - "elasticache:describeReservedCacheNodes", - "elasticache:describeReservedCacheNodesOfferings", - "elasticache:describeServerlessCaches", - "elasticache:describeServerlessCacheSnapshots", - "elasticache:describeServiceUpdates", - "elasticache:describeSnapshots", - "elasticache:describeUpdateActions", - "elasticache:describeUserGroups", - "elasticache:describeUsers", - "elasticache:listAllowedNodeTypeModifications", - "elasticache:listTagsForResource", - "elasticbeanstalk:checkDNSAvailability", - "elasticbeanstalk:describeAccountAttributes", - "elasticbeanstalk:describeApplications", - "elasticbeanstalk:describeApplicationVersions", - "elasticbeanstalk:describeConfigurationOptions", - "elasticbeanstalk:describeEnvironmentHealth", - "elasticbeanstalk:describeEnvironmentManagedActionHistory", - "elasticbeanstalk:describeEnvironmentManagedActions", - "elasticbeanstalk:describeEnvironmentResources", - "elasticbeanstalk:describeEnvironments", - "elasticbeanstalk:describeEvents", - "elasticbeanstalk:describeInstancesHealth", - "elasticbeanstalk:describePlatformVersion", - "elasticbeanstalk:listAvailableSolutionStacks", - "elasticbeanstalk:listPlatformBranches", - "elasticbeanstalk:listPlatformVersions", - "elasticbeanstalk:validateConfigurationSettings", - "elasticfilesystem:describeAccessPoints", - "elasticfilesystem:describeBackupPolicy", - "elasticfilesystem:describeFileSystemPolicy", - "elasticfilesystem:describeFileSystems", - "elasticfilesystem:describeLifecycleConfiguration", - "elasticfilesystem:describeMountTargets", - "elasticfilesystem:describeMountTargetSecurityGroups", - "elasticfilesystem:describeReplicationConfigurations", - "elasticfilesystem:describeTags", - "elasticfilesystem:listTagsForResource", - "elasticloadbalancing:describeAccountLimits", - "elasticloadbalancing:describeInstanceHealth", - "elasticloadbalancing:describeListenerCertificates", - "elasticloadbalancing:describeListeners", - "elasticloadbalancing:describeLoadBalancerAttributes", - "elasticloadbalancing:describeLoadBalancerPolicies", - "elasticloadbalancing:describeLoadBalancerPolicyTypes", - "elasticloadbalancing:describeLoadBalancers", - "elasticloadbalancing:describeRules", - "elasticloadbalancing:describeSSLPolicies", - "elasticloadbalancing:describeTags", - "elasticloadbalancing:describeTargetGroupAttributes", - "elasticloadbalancing:describeTargetGroups", - "elasticloadbalancing:describeTargetHealth", - "elasticloadbalancing:describeTrustStoreAssociations", - "elasticloadbalancing:describeTrustStoreRevocations", - "elasticloadbalancing:describeTrustStores", - "elasticmapreduce:describeCluster", - "elasticmapreduce:describeNotebookExecution", - "elasticmapreduce:describeReleaseLabel", - "elasticmapreduce:describeSecurityConfiguration", - "elasticmapreduce:describeStep", - "elasticmapreduce:describeStudio", - "elasticmapreduce:getAutoTerminationPolicy", - "elasticmapreduce:getBlockPublicAccessConfiguration", - "elasticmapreduce:getManagedScalingPolicy", - "elasticmapreduce:getStudioSessionMapping", - "elasticmapreduce:listBootstrapActions", - "elasticmapreduce:listClusters", - "elasticmapreduce:listInstanceFleets", - "elasticmapreduce:listInstanceGroups", - "elasticmapreduce:listInstances", - "elasticmapreduce:listNotebookExecutions", - "elasticmapreduce:listReleaseLabels", - "elasticmapreduce:listSecurityConfigurations", - "elasticmapreduce:listSteps", - "elasticmapreduce:listStudios", - "elasticmapreduce:listStudioSessionMappings", - "elastictranscoder:listJobsByPipeline", - "elastictranscoder:listJobsByStatus", - "elastictranscoder:listPipelines", - "elastictranscoder:listPresets", - "elastictranscoder:readPipeline", - "elastictranscoder:readPreset", - "emr-containers:describeJobRun", - "emr-containers:describeJobTemplate", - "emr-containers:describeManagedEndpoint", - "emr-containers:describeVirtualCluster", - "emr-containers:listJobRuns", - "emr-containers:listJobTemplates", - "emr-containers:listManagedEndpoints", - "emr-containers:listVirtualClusters", - "emr-serverless:getApplication", - "emr-serverless:getJobRun", - "emr-serverless:listApplications", - "es:describeDomain", - "es:describeDomainAutoTunes", - "es:describeDomainChangeProgress", - "es:describeDomainConfig", - "es:describeDomainHealth", - "es:describeDomainNodes", - "es:describeDomains", - "es:describeDryRunProgress", - "es:describeElasticsearchDomain", - "es:describeElasticsearchDomainConfig", - "es:describeElasticsearchDomains", - "es:getDomainMaintenanceStatus", - "es:describeInboundConnections", - "es:describeInstanceTypeLimits", - "es:describeOutboundConnections", - "es:describePackages", - "es:describeReservedInstanceOfferings", - "es:describeReservedInstances", - "es:describeVpcEndpoints", - "es:getCompatibleVersions", - "es:getPackageVersionHistory", - "es:getUpgradeHistory", - "es:getUpgradeStatus", - "es:listDomainMaintenances", - "es:listDomainNames", - "es:listDomainsForPackage", - "es:listInstanceTypeDetails", - "es:listPackagesForDomain", - "es:listScheduledActions", - "es:listTags", - "es:listVersions", - "es:listVpcEndpointAccess", - "es:listVpcEndpoints", - "es:listVpcEndpointsForDomain", - "events:describeApiDestination", - "events:describeArchive", - "events:describeConnection", - "events:describeEndpoint", - "events:describeEventBus", - "events:describeEventSource", - "events:describePartnerEventSource", - "events:describeReplay", - "events:describeRule", - "events:listApiDestinations", - "events:listArchives", - "events:listConnections", - "events:listEndpoints", - "events:listEventBuses", - "events:listEventSources", - "events:listPartnerEventSourceAccounts", - "events:listPartnerEventSources", - "events:listReplays", - "events:listRuleNamesByTarget", - "events:listRules", - "events:listTargetsByRule", - "events:testEventPattern", - "evidently:getExperiment", - "evidently:getFeature", - "evidently:getLaunch", - "evidently:getProject", - "evidently:getSegment", - "evidently:listExperiments", - "evidently:listFeatures", - "evidently:listLaunches", - "evidently:listProjects", - "evidently:listSegmentReferences", - "evidently:listSegments", - "firehose:describeDeliveryStream", - "firehose:listDeliveryStreams", - "fis:getAction", - "fis:getExperiment", - "fis:getExperimentTargetAccountConfiguration", - "fis:getExperimentTemplate", - "fis:getSafetyLever", - "fis:getTargetAccountConfiguration", - "fis:listActions", - "fis:listExperimentResolvedTargets", - "fis:listExperimentTargetAccountConfigurations", - "fis:listExperiments", - "fis:listExperimentTemplates", - "fis:listTargetAccountConfigurations", - "fms:getAdminAccount", - "fms:getAdminScope", - "fms:getAppsList", - "fms:getComplianceDetail", - "fms:getNotificationChannel", - "fms:getProtocolsList", - "fms:getPolicy", - "fms:getProtectionStatus", - "fms:getResourceSet", - "fms:getThirdPartyFirewallAssociationStatus", - "fms:getViolationDetails", - "fms:listAdminAccountsForOrganization", - "fms:listAdminsManagingAccount", - "fms:listAppsLists", - "fms:listComplianceStatus", - "fms:listDiscoveredResources", - "fms:listMemberAccounts", - "fms:listProtocolsLists", - "fms:listPolicies", - "fms:listResourceSetResources", - "fms:listResourceSets", - "fms:listThirdPartyFirewallFirewallPolicies", - "forecast:describeDataset", - "forecast:describeDatasetGroup", - "forecast:describeDatasetImportJob", - "forecast:describeForecast", - "forecast:describeForecastExportJob", - "forecast:describePredictor", - "forecast:getAccuracyMetrics", - "forecast:listDatasetGroups", - "forecast:listDatasetImportJobs", - "forecast:listDatasets", - "forecast:listForecastExportJobs", - "forecast:listForecasts", - "forecast:listPredictors", - "freetier:getFreeTierUsage", - "fsx:describeBackups", - "fsx:describeDataRepositoryAssociations", - "fsx:describeDataRepositoryTasks", - "fsx:describeFileCaches", - "fsx:describeFileSystems", - "fsx:describeS3AccessPointAttachments", - "fsx:describeSnapshots", - "fsx:describeStorageVirtualMachines", - "fsx:describeVolumes", - "fsx:listTagsForResource", - "gamelift:describeAlias", - "gamelift:describeBuild", - "gamelift:describeEC2InstanceLimits", - "gamelift:describeFleetAttributes", - "gamelift:describeFleetCapacity", - "gamelift:describeFleetEvents", - "gamelift:describeFleetLocationAttributes", - "gamelift:describeFleetLocationCapacity", - "gamelift:describeFleetLocationUtilization", - "gamelift:describeFleetPortSettings", - "gamelift:describeFleetUtilization", - "gamelift:describeGameServer", - "gamelift:describeGameServerGroup", - "gamelift:describeGameSessionDetails", - "gamelift:describeGameSessionPlacement", - "gamelift:describeGameSessionQueues", - "gamelift:describeGameSessions", - "gamelift:describeInstances", - "gamelift:describeMatchmaking", - "gamelift:describeMatchmakingConfigurations", - "gamelift:describeMatchmakingRuleSets", - "gamelift:describePlayerSessions", - "gamelift:describeRuntimeConfiguration", - "gamelift:describeScalingPolicies", - "gamelift:describeScript", - "gamelift:listAliases", - "gamelift:listBuilds", - "gamelift:listFleets", - "gamelift:listGameServerGroups", - "gamelift:listGameServers", - "gamelift:listScripts", - "gamelift:resolveAlias", - "glacier:describeJob", - "glacier:describeVault", - "glacier:getDataRetrievalPolicy", - "glacier:getVaultAccessPolicy", - "glacier:getVaultLock", - "glacier:getVaultNotifications", - "glacier:listJobs", - "glacier:listTagsForVault", - "glacier:listVaults", - "globalaccelerator:describeAccelerator", - "globalaccelerator:describeAcceleratorAttributes", - "globalaccelerator:describeCrossAccountAttachment", - "globalaccelerator:describeCustomRoutingAccelerator", - "globalaccelerator:describeCustomRoutingAcceleratorAttributes", - "globalaccelerator:describeCustomRoutingEndpointGroup", - "globalaccelerator:describeCustomRoutingListener", - "globalaccelerator:describeEndpointGroup", - "globalaccelerator:describeListener", - "globalaccelerator:listAccelerators", - "globalaccelerator:listByoipCidrs", - "globalaccelerator:listCrossAccountAttachments", - "globalaccelerator:listCrossAccountResourceAccounts", - "globalaccelerator:listCrossAccountResources", - "globalaccelerator:listCustomRoutingAccelerators", - "globalaccelerator:listCustomRoutingEndpointGroups", - "globalaccelerator:listCustomRoutingListeners", - "globalaccelerator:listCustomRoutingPortMappings", - "globalaccelerator:listCustomRoutingPortMappingsByDestination", - "globalaccelerator:listEndpointGroups", - "globalaccelerator:listListeners", - "glue:batchGetBlueprints", - "glue:batchGetCrawlers", - "glue:batchGetDevEndpoints", - "glue:batchGetJobs", - "glue:batchGetPartition", - "glue:batchGetTriggers", - "glue:batchGetWorkflows", - "glue:checkSchemaVersionValidity", - "glue:batchGetTableOptimizer", - "glue:getBlueprint", - "glue:getBlueprintRun", - "glue:getBlueprintRuns", - "glue:getCatalogImportStatus", - "glue:getClassifier", - "glue:getClassifiers", - "glue:getColumnStatisticsForPartition", - "glue:getColumnStatisticsForTable", - "glue:getColumnStatisticsTaskRun", - "glue:getColumnStatisticsTaskRuns", - "glue:getCrawler", - "glue:getCrawlerMetrics", - "glue:getCrawlers", - "glue:getCustomEntityType", - "glue:getDatabase", - "glue:getDatabases", - "glue:getDataCatalogEncryptionSettings", - "glue:getDataflowGraph", - "glue:getDataQualityResult", - "glue:getDataQualityRuleRecommendationRun", - "glue:getDataQualityRuleset", - "glue:getDataQualityRulesetEvaluationRun", - "glue:getDevEndpoint", - "glue:getDevEndpoints", - "glue:getJob", - "glue:getJobBookmark", - "glue:getJobRun", - "glue:getJobRuns", - "glue:getJobs", - "glue:getMapping", - "glue:getMLTaskRun", - "glue:getMLTaskRuns", - "glue:getMLTransform", - "glue:getMLTransforms", - "glue:getPartition", - "glue:getPartitionIndexes", - "glue:getPartitions", - "glue:getRegistry", - "glue:getResourcePolicies", - "glue:getResourcePolicy", - "glue:getSchema", - "glue:getSchemaByDefinition", - "glue:getSchemaVersion", - "glue:getSchemaVersionsDiff", - "glue:getSecurityConfiguration", - "glue:getSecurityConfigurations", - "glue:getSession", - "glue:getStatement", - "glue:getTable", - "glue:getTableOptimizer", - "glue:getTables", - "glue:getTableVersions", - "glue:getTrigger", - "glue:getTriggers", - "glue:getUserDefinedFunction", - "glue:getUserDefinedFunctions", - "glue:getWorkflow", - "glue:getWorkflowRun", - "glue:getWorkflowRuns", - "glue:listColumnStatisticsTaskRuns", - "glue:listCrawlers", - "glue:listCrawls", - "glue:listDataQualityResults", - "glue:listDataQualityRuleRecommendationRuns", - "glue:listDataQualityRulesetEvaluationRuns", - "glue:listDataQualityRulesets", - "glue:listDevEndpoints", - "glue:listMLTransforms", - "glue:listRegistries", - "glue:listSchemas", - "glue:listSchemaVersions", - "glue:listSessions", - "glue:listStatements", - "glue:listTableOptimizerRuns", - "glue:listTriggers", - "glue:querySchemaVersionMetadata", - "glue:getTableVersion", - "grafana:describeWorkspace", - "grafana:describeWorkspaceAuthentication", - "grafana:listPermissions", - "grafana:listVersions", - "grafana:listWorkspaces", - "greengrass:getConnectivityInfo", - "greengrass:getCoreDefinition", - "greengrass:getCoreDefinitionVersion", - "greengrass:getDeploymentStatus", - "greengrass:getDeviceDefinition", - "greengrass:getDeviceDefinitionVersion", - "greengrass:getFunctionDefinition", - "greengrass:getFunctionDefinitionVersion", - "greengrass:getGroup", - "greengrass:getGroupCertificateAuthority", - "greengrass:getGroupVersion", - "greengrass:getLoggerDefinition", - "greengrass:getLoggerDefinitionVersion", - "greengrass:getResourceDefinitionVersion", - "greengrass:getServiceRoleForAccount", - "greengrass:getSubscriptionDefinition", - "greengrass:getSubscriptionDefinitionVersion", - "greengrass:listCoreDefinitions", - "greengrass:listCoreDefinitionVersions", - "greengrass:listDeployments", - "greengrass:listDeviceDefinitions", - "greengrass:listDeviceDefinitionVersions", - "greengrass:listFunctionDefinitions", - "greengrass:listFunctionDefinitionVersions", - "greengrass:listGroups", - "greengrass:listGroupVersions", - "greengrass:listLoggerDefinitions", - "greengrass:listLoggerDefinitionVersions", - "greengrass:listResourceDefinitions", - "greengrass:listResourceDefinitionVersions", - "greengrass:listSubscriptionDefinitions", - "greengrass:listSubscriptionDefinitionVersions", - "guardduty:describeMalwareScans", - "guardduty:describePublishingDestination", - "guardduty:getCoverageStatistics", - "guardduty:getDetector", - "guardduty:getFindings", - "guardduty:getFindingsStatistics", - "guardduty:getInvitationsCount", - "guardduty:getIPSet", - "guardduty:getMalwareScanSettings", - "guardduty:getMasterAccount", - "guardduty:getMemberDetectors", - "guardduty:getMembers", - "guardduty:getOrganizationStatistics", - "guardduty:getRemainingFreeTrialDays", - "guardduty:getThreatIntelSet", - "guardduty:listCoverage", - "guardduty:listDetectors", - "guardduty:listFindings", - "guardduty:listInvitations", - "guardduty:listIPSets", - "guardduty:listMembers", - "guardduty:listThreatIntelSets", - "health:describeAffectedAccountsForOrganization", - "health:describeAffectedEntities", - "health:describeAffectedEntitiesForOrganization", - "health:describeEntityAggregates", - "health:describeEntityAggregatesForOrganization", - "health:describeEventAggregates", - "health:describeEventDetails", - "health:describeEventDetailsForOrganization", - "health:describeEvents", - "health:describeEventsForOrganization", - "health:describeEventTypes", - "health:describeHealthServiceStatusForOrganization", - "iam:getAccessKeyLastUsed", - "iam:getAccountAuthorizationDetails", - "iam:getAccountPasswordPolicy", - "iam:getAccountSummary", - "iam:getContextKeysForCustomPolicy", - "iam:getContextKeysForPrincipalPolicy", - "iam:getCredentialReport", - "iam:getGroup", - "iam:getGroupPolicy", - "iam:getInstanceProfile", - "iam:getLoginProfile", - "iam:getMFADevice", - "iam:getOpenIDConnectProvider", - "iam:getPolicy", - "iam:getPolicyVersion", - "iam:getRole", - "iam:getRolePolicy", - "iam:getSAMLProvider", - "iam:getServerCertificate", - "iam:getServiceLinkedRoleDeletionStatus", - "iam:getSSHPublicKey", - "iam:getUser", - "iam:getUserPolicy", - "iam:listAccessKeys", - "iam:listAccountAliases", - "iam:listAttachedGroupPolicies", - "iam:listAttachedRolePolicies", - "iam:listAttachedUserPolicies", - "iam:listEntitiesForPolicy", - "iam:listGroupPolicies", - "iam:listGroups", - "iam:listGroupsForUser", - "iam:listInstanceProfiles", - "iam:listInstanceProfilesForRole", - "iam:listMFADevices", - "iam:listOpenIDConnectProviders", - "iam:listPolicies", - "iam:listPolicyVersions", - "iam:listRolePolicies", - "iam:listRoles", - "iam:listSAMLProviders", - "iam:listServerCertificates", - "iam:listServiceSpecificCredentials", - "iam:listSigningCertificates", - "iam:listSSHPublicKeys", - "iam:listUserPolicies", - "iam:listUsers", - "iam:listVirtualMFADevices", - "iam:simulateCustomPolicy", - "iam:simulatePrincipalPolicy", - "identitystore:describeGroup", - "identitystore:describeGroupMembership", - "identitystore:getGroupId", - "identitystore:getGroupMembershipId", - "identitystore:getUserId", - "identitystore:isMemberInGroups", - "identitystore:listGroupMemberships", - "identitystore:listGroupMembershipsForMember", - "identitystore:listGroups", - "imagebuilder:getComponent", - "imagebuilder:getComponentPolicy", - "imagebuilder:getContainerRecipe", - "imagebuilder:getContainerRecipePolicy", - "imagebuilder:getDistributionConfiguration", - "imagebuilder:getImage", - "imagebuilder:getImagePipeline", - "imagebuilder:getImagePolicy", - "imagebuilder:getImageRecipe", - "imagebuilder:getImageRecipePolicy", - "imagebuilder:getInfrastructureConfiguration", - "imagebuilder:getLifecycleExecution", - "imagebuilder:getLifecyclePolicy", - "imagebuilder:getWorkflow", - "imagebuilder:getWorkflowExecution", - "imagebuilder:getWorkflowStepExecution", - "imagebuilder:listComponentBuildVersions", - "imagebuilder:listComponents", - "imagebuilder:listContainerRecipes", - "imagebuilder:listDistributionConfigurations", - "imagebuilder:listImageBuildVersions", - "imagebuilder:listImagePipelineImages", - "imagebuilder:listImagePipelines", - "imagebuilder:listImageRecipes", - "imagebuilder:listImages", - "imagebuilder:listImageScanFindingAggregations", - "imagebuilder:listInfrastructureConfigurations", - "imagebuilder:listLifecycleExecutionResources", - "imagebuilder:listLifecycleExecutions", - "imagebuilder:listLifecyclePolicies", - "imagebuilder:listTagsForResource", - "imagebuilder:listWorkflowBuildVersions", - "imagebuilder:listWorkflowExecutions", - "imagebuilder:listWorkflows", - "imagebuilder:listWaitingWorkflowSteps", - "imagebuilder:listWorkflowStepExecutions", - "inspector-scan:scanSbom", - "inspector:describeAssessmentRuns", - "inspector:describeAssessmentTargets", - "inspector:describeAssessmentTemplates", - "inspector:describeCrossAccountAccessRole", - "inspector:describeResourceGroups", - "inspector:describeRulesPackages", - "inspector:getTelemetryMetadata", - "inspector:listAssessmentRunAgents", - "inspector:listAssessmentRuns", - "inspector:listAssessmentTargets", - "inspector:listAssessmentTemplates", - "inspector:listEventSubscriptions", - "inspector:listRulesPackages", - "inspector:listTagsForResource", - "inspector2:batchGetAccountStatus", - "inspector2:batchGetFreeTrialInfo", - "inspector2:describeOrganizationConfiguration", - "inspector2:getConfiguration", - "inspector2:getDelegatedAdminAccount", - "inspector2:getEc2DeepInspectionConfiguration", - "inspector2:getMember", - "inspector2:getSbomExport", - "inspector2:listCisScanConfigurations", - "inspector2:listCisScanResultsAggregatedByChecks", - "inspector2:listCisScanResultsAggregatedByTargetResource", - "inspector2:listCisScans", - "inspector2:listCoverage", - "inspector2:listDelegatedAdminAccounts", - "inspector2:listFilters", - "inspector2:listFindings", - "inspector2:listMembers", - "inspector2:listUsageTotals", - "internetmonitor:getHealthEvent", - "internetmonitor:getMonitor", - "internetmonitor:listHealthEvents", - "internetmonitor:listMonitors", - "invoicing:listInvoiceSummaries", - "iot:describeAuthorizer", - "iot:describeCACertificate", - "iot:describeCertificate", - "iot:describeDefaultAuthorizer", - "iot:describeDomainConfiguration", - "iot:describeEndpoint", - "iot:describeIndex", - "iot:describeJobExecution", - "iot:describeThing", - "iot:describeThingGroup", - "iot:describeTunnel", - "iot:getEffectivePolicies", - "iot:getIndexingConfiguration", - "iot:getLoggingOptions", - "iot:getPolicy", - "iot:getPolicyVersion", - "iot:getTopicRule", - "iot:getV2LoggingOptions", - "iot:listAttachedPolicies", - "iot:listAuthorizers", - "iot:listCACertificates", - "iot:listCertificates", - "iot:listCertificatesByCA", - "iot:listCommandExecutions", - "iot:listCommands", - "iot:listDomainConfigurations", - "iot:listJobExecutionsForJob", - "iot:listJobExecutionsForThing", - "iot:listJobs", - "iot:listNamedShadowsForThing", - "iot:listOutgoingCertificates", - "iot:listPackages", - "iot:listPackageVersions", - "iot:listPolicies", - "iot:listPolicyPrincipals", - "iot:listPolicyVersions", - "iot:listPrincipalPolicies", - "iot:listPrincipalThings", - "iot:listRoleAliases", - "iot:listTargetsForPolicy", - "iot:listThingGroups", - "iot:listThingGroupsForThing", - "iot:listThingPrincipals", - "iot:listThingRegistrationTasks", - "iot:listThings", - "iot:listThingsInThingGroup", - "iot:listThingTypes", - "iot:listTopicRules", - "iot:listTunnels", - "iot:listV2LoggingLevels", - "iotevents:describeDetector", - "iotevents:describeDetectorModel", - "iotevents:describeInput", - "iotevents:describeLoggingOptions", - "iotevents:listDetectorModels", - "iotevents:listDetectorModelVersions", - "iotevents:listDetectors", - "iotevents:listInputs", - "iotfleetwise:getCampaign", - "iotfleetwise:getDecoderManifest", - "iotfleetwise:getEncryptionConfiguration", - "iotfleetwise:getFleet", - "iotfleetwise:getLoggingOptions", - "iotfleetwise:getModelManifest", - "iotfleetwise:getRegisterAccountStatus", - "iotfleetwise:getSignalCatalog", - "iotfleetwise:getStateTemplate", - "iotfleetwise:getVehicle", - "iotfleetwise:getVehicleStatus", - "iotfleetwise:listCampaigns", - "iotfleetwise:listDecoderManifestNetworkInterfaces", - "iotfleetwise:listDecoderManifests", - "iotfleetwise:listDecoderManifestSignals", - "iotfleetwise:listFleets", - "iotfleetwise:listFleetsForVehicle", - "iotfleetwise:listModelManifestNodes", - "iotfleetwise:listModelManifests", - "iotfleetwise:listSignalCatalogNodes", - "iotfleetwise:listSignalCatalogs", - "iotfleetwise:listStateTemplates", - "iotfleetwise:listVehicles", - "iotfleetwise:listVehiclesInFleet", - "iotsitewise:describeAccessPolicy", - "iotsitewise:describeAsset", - "iotsitewise:describeAssetModel", - "iotsitewise:describeAssetProperty", - "iotsitewise:describeDashboard", - "iotsitewise:describeGateway", - "iotsitewise:describeGatewayCapabilityConfiguration", - "iotsitewise:describeLoggingOptions", - "iotsitewise:describePortal", - "iotsitewise:describeProject", - "iotsitewise:listAccessPolicies", - "iotsitewise:listAssetModels", - "iotsitewise:listAssets", - "iotsitewise:listAssociatedAssets", - "iotsitewise:listDashboards", - "iotsitewise:listGateways", - "iotsitewise:listPortals", - "iotsitewise:listProjectAssets", - "iotsitewise:listProjects", - "iottwinmaker:getComponentType", - "iottwinmaker:getEntity", - "iottwinmaker:getPricingPlan", - "iottwinmaker:getScene", - "iottwinmaker:getSyncJob", - "iottwinmaker:getWorkspace", - "iottwinmaker:listComponentTypes", - "iottwinmaker:listEntities", - "iottwinmaker:listScenes", - "iottwinmaker:listSyncJobs", - "iottwinmaker:listSyncResources", - "iottwinmaker:listWorkspaces", - "iotwireless:getDestination", - "iotwireless:getDeviceProfile", - "iotwireless:getPartnerAccount", - "iotwireless:getServiceEndpoint", - "iotwireless:getServiceProfile", - "iotwireless:getWirelessDevice", - "iotwireless:getWirelessDeviceStatistics", - "iotwireless:getWirelessGateway", - "iotwireless:getWirelessGatewayCertificate", - "iotwireless:getWirelessGatewayFirmwareInformation", - "iotwireless:getWirelessGatewayStatistics", - "iotwireless:getWirelessGatewayTask", - "iotwireless:getWirelessGatewayTaskDefinition", - "iotwireless:listDestinations", - "iotwireless:listDeviceProfiles", - "iotwireless:listPartnerAccounts", - "iotwireless:listServiceProfiles", - "iotwireless:listTagsForResource", - "iotwireless:listWirelessDevices", - "iotwireless:listWirelessGateways", - "iotwireless:listWirelessGatewayTaskDefinitions", - "ivs:getChannel", - "ivs:getRecordingConfiguration", - "ivs:getStream", - "ivs:getStreamSession", - "ivs:listChannels", - "ivs:listPlaybackKeyPairs", - "ivs:listRecordingConfigurations", - "ivs:listStreamKeys", - "ivs:listStreams", - "ivs:listStreamSessions", - "kafka:describeCluster", - "kafka:describeClusterOperation", - "kafka:describeClusterOperationV2", - "kafka:describeClusterV2", - "kafka:describeConfiguration", - "kafka:describeConfigurationRevision", - "kafka:describeReplicator", - "kafka:describeVpcConnection", - "kafka:getBootstrapBrokers", - "kafka:getClusterPolicy", - "kafka:listClientVpcConnections", - "kafka:listClusterOperations", - "kafka:listClusterOperationsV2", - "kafka:listClusters", - "kafka:listClustersV2", - "kafka:listConfigurationRevisions", - "kafka:listConfigurations", - "kafka:listNodes", - "kafka:listReplicators", - "kafka:listScramSecrets", - "kafka:listVpcConnections", - "kafkaconnect:describeConnector", - "kafkaconnect:describeCustomPlugin", - "kafkaconnect:describeWorkerConfiguration", - "kafkaconnect:listConnectors", - "kafkaconnect:listCustomPlugins", - "kafkaconnect:listWorkerConfigurations", - "kendra:describeDataSource", - "kendra:describeFaq", - "kendra:describeIndex", - "kendra:listDataSources", - "kendra:listFaqs", - "kendra:listIndices", - "kinesis:describeStream", - "kinesis:describeStreamConsumer", - "kinesis:describeStreamSummary", - "kinesis:listShards", - "kinesis:listStreamConsumers", - "kinesis:listStreams", - "kinesis:listTagsForStream", - "kinesisanalytics:describeApplication", - "kinesisanalytics:describeApplicationOperation", - "kinesisanalytics:describeApplicationSnapshot", - "kinesisanalytics:listApplicationOperations", - "kinesisanalytics:listApplications", - "kinesisanalytics:listApplicationSnapshots", - "kinesisanalytics:listApplicationVersions", - "kinesisvideo:describeImageGenerationConfiguration", - "kinesisvideo:describeNotificationConfiguration", - "kinesisvideo:describeSignalingChannel", - "kinesisvideo:describeStream", - "kinesisvideo:getDataEndpoint", - "kinesisvideo:getIceServerConfig", - "kinesisvideo:getSignalingChannelEndpoint", - "kinesisvideo:listSignalingChannels", - "kinesisvideo:listStreams", - "kms:describeKey", - "kms:getKeyPolicy", - "kms:getKeyRotationStatus", - "kms:listAliases", - "kms:listGrants", - "kms:listKeyPolicies", - "kms:listKeys", - "kms:listResourceTags", - "kms:listRetirableGrants", - "lakeformation:describeLakeFormationIdentityCenterConfiguration", - "lakeformation:describeResource", - "lakeformation:describeTransaction", - "lakeformation:getDataLakePrincipal", - "lakeformation:getDataLakeSettings", - "lakeformation:getEffectivePermissionsForPath", - "lakeformation:getLFTag", - "lakeformation:getLFTagExpression", - "lakeformation:getQueryState", - "lakeformation:getQueryStatistics", - "lakeformation:getResourceLFTags", - "lakeformation:listLFTagExpressions", - "lakeformation:listLFTags", - "lakeformation:listLakeFormationOptIns", - "lakeformation:listPermissions", - "lakeformation:listResources", - "lakeformation:searchDatabasesByLFTags", - "lakeformation:searchTablesByLFTags", - "lambda:getAccountSettings", - "lambda:getAlias", - "lambda:getCodeSigningConfig", - "lambda:getEventSourceMapping", - "lambda:getFunction", - "lambda:getFunctionCodeSigningConfig", - "lambda:getFunctionConcurrency", - "lambda:getFunctionConfiguration", - "lambda:getFunctionEventInvokeConfig", - "lambda:getFunctionRecursionConfig", - "lambda:getFunctionUrlConfig", - "lambda:getLayerVersion", - "lambda:getLayerVersionPolicy", - "lambda:getPolicy", - "lambda:getProvisionedConcurrencyConfig", - "lambda:getRuntimeManagementConfig", - "lambda:listAliases", - "lambda:listCodeSigningConfigs", - "lambda:listEventSourceMappings", - "lambda:listFunctionEventInvokeConfigs", - "lambda:listFunctions", - "lambda:listFunctionsByCodeSigningConfig", - "lambda:listFunctionUrlConfigs", - "lambda:listLayers", - "lambda:listLayerVersions", - "lambda:listProvisionedConcurrencyConfigs", - "lambda:listTags", - "lambda:listVersionsByFunction", - "launchwizard:describeProvisionedApp", - "launchwizard:describeProvisioningEvents", - "launchwizard:listDeploymentEvents", - "launchwizard:listDeployments", - "launchwizard:listProvisionedApps", - "lex:describeBot", - "lex:describeBotAlias", - "lex:describeBotLocale", - "lex:describeBotRecommendation", - "lex:describeBotVersion", - "lex:describeCustomVocabularyMetadata", - "lex:describeExport", - "lex:describeImport", - "lex:describeIntent", - "lex:describeResourcePolicy", - "lex:describeSlot", - "lex:describeSlotType", - "lex:getBot", - "lex:getBotAlias", - "lex:getBotAliases", - "lex:getBotChannelAssociation", - "lex:getBotChannelAssociations", - "lex:getBots", - "lex:getBotVersions", - "lex:getBuiltinIntent", - "lex:getBuiltinIntents", - "lex:getBuiltinSlotTypes", - "lex:getIntent", - "lex:getIntents", - "lex:getIntentVersions", - "lex:getSlotType", - "lex:getSlotTypes", - "lex:getSlotTypeVersions", - "lex:listBotAliases", - "lex:listBotLocales", - "lex:listBotRecommendations", - "lex:listBots", - "lex:listBotVersions", - "lex:listExports", - "lex:listImports", - "lex:listIntents", - "lex:listRecommendedIntents", - "lex:listSlots", - "lex:listSlotTypes", - "license-manager:getLicenseConfiguration", - "license-manager:getServiceSettings", - "license-manager:listAssociationsForLicenseConfiguration", - "license-manager:listFailuresForLicenseConfigurationOperations", - "license-manager:listLicenseConfigurations", - "license-manager:listLicenseSpecificationsForResource", - "license-manager:listResourceInventory", - "license-manager:listUsageForLicenseConfiguration", - "lightsail:getActiveNames", - "lightsail:getAlarms", - "lightsail:getAutoSnapshots", - "lightsail:getBlueprints", - "lightsail:getBucketBundles", - "lightsail:getBucketMetricData", - "lightsail:getBuckets", - "lightsail:getBundles", - "lightsail:getCertificates", - "lightsail:getContainerImages", - "lightsail:getContainerServiceDeployments", - "lightsail:getContainerServiceMetricData", - "lightsail:getContainerServicePowers", - "lightsail:getContainerServices", - "lightsail:getDisk", - "lightsail:getDisks", - "lightsail:getDiskSnapshot", - "lightsail:getDiskSnapshots", - "lightsail:getDistributionBundles", - "lightsail:getDistributionMetricData", - "lightsail:getDistributions", - "lightsail:getDomain", - "lightsail:getDomains", - "lightsail:getExportSnapshotRecords", - "lightsail:getInstance", - "lightsail:getInstanceMetricData", - "lightsail:getInstancePortStates", - "lightsail:getInstances", - "lightsail:getInstanceSnapshot", - "lightsail:getInstanceSnapshots", - "lightsail:getInstanceState", - "lightsail:getKeyPair", - "lightsail:getKeyPairs", - "lightsail:getLoadBalancer", - "lightsail:getLoadBalancerMetricData", - "lightsail:getLoadBalancers", - "lightsail:getLoadBalancerTlsCertificates", - "lightsail:getOperation", - "lightsail:getOperations", - "lightsail:getOperationsForResource", - "lightsail:getRegions", - "lightsail:getRelationalDatabase", - "lightsail:getRelationalDatabaseMetricData", - "lightsail:getRelationalDatabases", - "lightsail:getRelationalDatabaseSnapshot", - "lightsail:getRelationalDatabaseSnapshots", - "lightsail:getStaticIp", - "lightsail:getStaticIps", - "lightsail:isVpcPeered", - "logs:describeAccountPolicies", - "logs:describeDeliveries", - "logs:describeDeliveryDestinations", - "logs:describeDeliverySources", - "logs:describeDestinations", - "logs:describeExportTasks", - "logs:describeFieldIndexes", - "logs:describeIndexPolicies", - "logs:describeLogGroups", - "logs:describeLogStreams", - "logs:describeMetricFilters", - "logs:describeQueries", - "logs:describeQueryDefinitions", - "logs:describeResourcePolicies", - "logs:describeSubscriptionFilters", - "logs:getDataProtectionPolicy", - "logs:getDelivery", - "logs:getDeliveryDestination", - "logs:getDeliveryDestinationPolicy", - "logs:getDeliverySource", - "logs:getIntegration", - "logs:getLogAnomalyDetector", - "logs:getLogDelivery", - "logs:getLogGroupFields", - "logs:getTransformer", - "logs:listAnomalies", - "logs:listIntegrations", - "logs:listLogAnomalyDetectors", - "logs:listLogDeliveries", - "logs:listLogGroupsForQuery", - "logs:testMetricFilter", - "lookoutequipment:describeDataIngestionJob", - "lookoutequipment:describeDataset", - "lookoutequipment:describeInferenceScheduler", - "lookoutequipment:describeModel", - "lookoutequipment:listDataIngestionJobs", - "lookoutequipment:listDatasets", - "lookoutequipment:listInferenceExecutions", - "lookoutequipment:listInferenceSchedulers", - "lookoutequipment:listModels", - "lookoutmetrics:describeAlert", - "lookoutmetrics:describeAnomalyDetectionExecutions", - "lookoutmetrics:describeAnomalyDetector", - "lookoutmetrics:describeMetricSet", - "lookoutmetrics:getAnomalyGroup", - "lookoutmetrics:getDataQualityMetrics", - "lookoutmetrics:getFeedback", - "lookoutmetrics:getSampleData", - "lookoutmetrics:listAlerts", - "lookoutmetrics:listAnomalyDetectors", - "lookoutmetrics:listAnomalyGroupSummaries", - "lookoutmetrics:listAnomalyGroupTimeSeries", - "lookoutmetrics:listMetricSets", - "lookoutmetrics:listTagsForResource", - "m2:getApplication", - "m2:getApplicationVersion", - "m2:getBatchJobExecution", - "m2:getDataSetDetails", - "m2:getDataSetImportTask", - "m2:getDeployment", - "m2:getEnvironment", - "m2:listApplications", - "m2:listApplicationVersions", - "m2:listBatchJobDefinitions", - "m2:listBatchJobExecutions", - "m2:listDataSetImportHistory", - "m2:listDataSets", - "m2:listDeployments", - "m2:listEngineVersions", - "m2:listEnvironments", - "machinelearning:describeBatchPredictions", - "machinelearning:describeDataSources", - "machinelearning:describeEvaluations", - "machinelearning:describeMLModels", - "machinelearning:getBatchPrediction", - "machinelearning:getDataSource", - "machinelearning:getEvaluation", - "machinelearning:getMLModel", - "macie2:getClassificationExportConfiguration", - "macie2:getCustomDataIdentifier", - "macie2:getFindings", - "macie2:getFindingStatistics", - "macie2:listClassificationJobs", - "macie2:listCustomDataIdentifiers", - "macie2:listFindings", - "managedblockchain:getMember", - "managedblockchain:getNetwork", - "managedblockchain:getNode", - "managedblockchain:listMembers", - "managedblockchain:listNetworks", - "managedblockchain:listNodes", - "mediaconnect:describeFlow", - "mediaconnect:listEntitlements", - "mediaconnect:listFlows", - "mediaconvert:describeEndpoints", - "mediaconvert:getJob", - "mediaconvert:getJobTemplate", - "mediaconvert:getPreset", - "mediaconvert:getQueue", - "mediaconvert:listJobs", - "mediaconvert:listJobTemplates", - "medialive:describeChannel", - "medialive:describeInput", - "medialive:describeInputDevice", - "medialive:describeInputSecurityGroup", - "medialive:describeMultiplex", - "medialive:describeOffering", - "medialive:describeReservation", - "medialive:describeSchedule", - "medialive:getCloudWatchAlarmTemplate", - "medialive:getCloudWatchAlarmTemplateGroup", - "medialive:getEventBridgeRuleTemplate", - "medialive:getEventBridgeRuleTemplateGroup", - "medialive:getSignalMap", - "medialive:listChannels", - "medialive:listCloudWatchAlarmTemplateGroups", - "medialive:listCloudWatchAlarmTemplates", - "medialive:listEventBridgeRuleTemplateGroups", - "medialive:listEventBridgeRuleTemplates", - "medialive:listInputDevices", - "medialive:listInputs", - "medialive:listInputSecurityGroups", - "medialive:listMultiplexes", - "medialive:listOfferings", - "medialive:listReservations", - "medialive:listSignalMaps", - "mediapackage:describeChannel", - "mediapackage:describeOriginEndpoint", - "mediapackage:listChannels", - "mediapackage:listOriginEndpoints", - "mediastore:describeContainer", - "mediastore:getContainerPolicy", - "mediastore:getCorsPolicy", - "mediastore:listContainers", - "mediatailor:getPlaybackConfiguration", - "mediatailor:listPlaybackConfigurations", - "medical-imaging:getDatastore", - "medical-imaging:listDatastores", - "mgn:describeJobLogItems", - "mgn:describeJobs", - "mgn:describeLaunchConfigurationTemplates", - "mgn:describeReplicationConfigurationTemplates", - "mgn:describeSourceServers", - "mgn:describeVcenterClients", - "mgn:getLaunchConfiguration", - "mgn:getReplicationConfiguration", - "mgn:listApplications", - "mgn:listSourceServerActions", - "mgn:listTemplateActions", - "mgn:listWaves", - "mobiletargeting:getAdmChannel", - "mobiletargeting:getApnsChannel", - "mobiletargeting:getApnsSandboxChannel", - "mobiletargeting:getApnsVoipChannel", - "mobiletargeting:getApnsVoipSandboxChannel", - "mobiletargeting:getApp", - "mobiletargeting:getApplicationSettings", - "mobiletargeting:getApps", - "mobiletargeting:getBaiduChannel", - "mobiletargeting:getCampaign", - "mobiletargeting:getCampaignActivities", - "mobiletargeting:getCampaigns", - "mobiletargeting:getCampaignVersion", - "mobiletargeting:getCampaignVersions", - "mobiletargeting:getEmailChannel", - "mobiletargeting:getEndpoint", - "mobiletargeting:getEventStream", - "mobiletargeting:getExportJob", - "mobiletargeting:getExportJobs", - "mobiletargeting:getGcmChannel", - "mobiletargeting:getImportJob", - "mobiletargeting:getImportJobs", - "mobiletargeting:getJourney", - "mobiletargeting:getJourneyExecutionActivityMetrics", - "mobiletargeting:getJourneyExecutionMetrics", - "mobiletargeting:getJourneyRunExecutionActivityMetrics", - "mobiletargeting:getJourneyRunExecutionMetrics", - "mobiletargeting:getJourneyRuns", - "mobiletargeting:getSegment", - "mobiletargeting:getSegmentImportJobs", - "mobiletargeting:getSegments", - "mobiletargeting:getSegmentVersion", - "mobiletargeting:getSegmentVersions", - "mobiletargeting:getSmsChannel", - "mobiletargeting:listJourneys", - "mobiletargeting:phoneNumberValidate", - "mq:describeBroker", - "mq:describeConfiguration", - "mq:describeConfigurationRevision", - "mq:describeUser", - "mq:listBrokers", - "mq:listConfigurationRevisions", - "mq:listConfigurations", - "mq:listUsers", - "network-firewall:describeFirewall", - "network-firewall:describeFirewallPolicy", - "network-firewall:describeFlowOperation", - "network-firewall:describeLoggingConfiguration", - "network-firewall:describeResourcePolicy", - "network-firewall:describeRuleGroup", - "network-firewall:describeRuleGroupMetadata", - "network-firewall:describeTlsInspectionConfiguration", - "network-firewall:listAnalysisReports", - "network-firewall:listFirewallPolicies", - "network-firewall:listFirewalls", - "network-firewall:listFlowOperationResults", - "network-firewall:listFlowOperations", - "network-firewall:listRuleGroups", - "network-firewall:listTlsInspectionConfigurations", - "networkflowmonitor:getMonitor", - "networkflowmonitor:getScope", - "networkflowmonitor:listMonitors", - "networkflowmonitor:listScopes", - "networkmanager:describeGlobalNetworks", - "networkmanager:getConnectAttachment", - "networkmanager:getConnections", - "networkmanager:getConnectPeer", - "networkmanager:getConnectPeerAssociations", - "networkmanager:getCoreNetwork", - "networkmanager:getCoreNetworkChangeEvents", - "networkmanager:getCoreNetworkChangeSet", - "networkmanager:getCoreNetworkPolicy", - "networkmanager:getCustomerGatewayAssociations", - "networkmanager:getDevices", - "networkmanager:getDirectConnectGatewayAttachment", - "networkmanager:getLinkAssociations", - "networkmanager:getLinks", - "networkmanager:getNetworkResourceCounts", - "networkmanager:getNetworkResourceRelationships", - "networkmanager:getNetworkResources", - "networkmanager:getNetworkRoutes", - "networkmanager:getNetworkTelemetry", - "networkmanager:getResourcePolicy", - "networkmanager:getRouteAnalysis", - "networkmanager:getSites", - "networkmanager:getSiteToSiteVpnAttachment", - "networkmanager:getTransitGatewayConnectPeerAssociations", - "networkmanager:getTransitGatewayPeering", - "networkmanager:getTransitGatewayRegistrations", - "networkmanager:getTransitGatewayRouteTableAttachment", - "networkmanager:getVpcAttachment", - "networkmanager:listAttachments", - "networkmanager:listConnectPeers", - "networkmanager:listCoreNetworkPolicyVersions", - "networkmanager:listCoreNetworks", - "networkmanager:listOrganizationServiceAccessStatus", - "networkmanager:listPeerings", - "networkmanager:listTagsForResource", - "networkmonitor:getMonitor", - "networkmonitor:getProbe", - "networkmonitor:listMonitors", - "notifications-contacts:getEmailContact", - "notifications-contacts:listEmailContacts", - "notifications:getEventRule", - "notifications:getNotificationConfiguration", - "notifications:getNotificationEvent", - "notifications:listChannels", - "notifications:listEventRules", - "notifications:listNotificationConfigurations", - "notifications:listNotificationEvents", - "notifications:listNotificationHubs" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Sid": "AWSSupportActionsGroup3", - "Action": [ - "oam:getLink", - "oam:getSink", - "oam:getSinkPolicy", - "oam:listAttachedLinks", - "oam:listLinks", - "oam:listSinks", - "observabilityadmin:getTelemetryEvaluationStatus", - "observabilityadmin:getTelemetryEvaluationStatusForOrganization", - "observabilityadmin:listResourceTelemetry", - "observabilityadmin:listResourceTelemetryForOrganization", - "odb:getOciOnboardingStatus", - "odb:getOdbNetwork", - "odb:getOdbPeeringConnection", - "odb:listOdbNetworks", - "odb:listOdbPeeringConnections", - "omics:getAnnotationImportJob", - "omics:getAnnotationStore", - "omics:getReadSetImportJob", - "omics:getReadSetMetadata", - "omics:getReference", - "omics:getReferenceImportJob", - "omics:getReferenceMetadata", - "omics:getReferenceStore", - "omics:getRun", - "omics:getRunGroup", - "omics:getSequenceStore", - "omics:getVariantImportJob", - "omics:getVariantStore", - "omics:getWorkflow", - "omics:listAnnotationImportJobs", - "omics:listAnnotationStores", - "omics:listMultipartReadSetUploads", - "omics:listReadSetImportJobs", - "omics:listReadSets", - "omics:listReadSetUploadParts", - "omics:listReferenceImportJobs", - "omics:listReferences", - "omics:listReferenceStores", - "omics:listRunGroups", - "omics:listRuns", - "omics:listRunTasks", - "omics:listSequenceStores", - "omics:listVariantImportJobs", - "omics:listVariantStores", - "omics:listWorkflows", - "opsworks-cm:describeAccountAttributes", - "opsworks-cm:describeBackups", - "opsworks-cm:describeEvents", - "opsworks-cm:describeNodeAssociationStatus", - "opsworks-cm:describeServers", - "opsworks:describeAgentVersions", - "opsworks:describeApps", - "opsworks:describeCommands", - "opsworks:describeDeployments", - "opsworks:describeEcsClusters", - "opsworks:describeElasticIps", - "opsworks:describeElasticLoadBalancers", - "opsworks:describeInstances", - "opsworks:describeLayers", - "opsworks:describeLoadBasedAutoScaling", - "opsworks:describeMyUserProfile", - "opsworks:describePermissions", - "opsworks:describeRaidArrays", - "opsworks:describeRdsDbInstances", - "opsworks:describeServiceErrors", - "opsworks:describeStackProvisioningParameters", - "opsworks:describeStacks", - "opsworks:describeStackSummary", - "opsworks:describeTimeBasedAutoScaling", - "opsworks:describeUserProfiles", - "opsworks:describeVolumes", - "opsworks:getHostnameSuggestion", - "organizations:describeAccount", - "organizations:describeCreateAccountStatus", - "organizations:describeEffectivePolicy", - "organizations:describeHandshake", - "organizations:describeOrganization", - "organizations:describePolicy", - "organizations:describeResourcePolicy", - "organizations:listAccounts", - "organizations:listAWSServiceAccessForOrganization", - "organizations:listCreateAccountStatus", - "organizations:listDelegatedAdministrators", - "organizations:listDelegatedServicesForAccount", - "organizations:listHandshakesForAccount", - "organizations:listHandshakesForOrganization", - "organizations:listPoliciesForTarget", - "organizations:listTagsForResource", - "organizations:listTargetsForPolicy", - "osis:getPipeline", - "osis:getPipelineBlueprint", - "osis:getPipelineChangeProgress", - "osis:listPipelineBlueprints", - "osis:listPipelines", - "osis:validatePipeline", - "outposts:getCapacityTask", - "outposts:getCatalogItem", - "outposts:getConnection", - "outposts:getOrder", - "outposts:getOutpost", - "outposts:getOutpostInstanceTypes", - "outposts:getOutpostSupportedInstanceTypes", - "outposts:getSite", - "outposts:listAssets", - "outposts:listAssetInstances", - "outposts:listBlockingInstancesForCapacityTask", - "outposts:listCapacityTasks", - "outposts:listCatalogItems", - "outposts:listOrders", - "outposts:listOutposts", - "outposts:listSites", - "pcs:getCluster", - "pcs:getComputeNodeGroup", - "pcs:getQueue", - "pcs:listClusters", - "pcs:listComputeNodeGroups", - "pcs:listQueues", - "personalize:describeAlgorithm", - "personalize:describeBatchInferenceJob", - "personalize:describeBatchSegmentJob", - "personalize:describeCampaign", - "personalize:describeDataset", - "personalize:describeDatasetExportJob", - "personalize:describeDatasetGroup", - "personalize:describeDatasetImportJob", - "personalize:describeEventTracker", - "personalize:describeFeatureTransformation", - "personalize:describeFilter", - "personalize:describeRecipe", - "personalize:describeRecommender", - "personalize:describeSchema", - "personalize:describeSolution", - "personalize:describeSolutionVersion", - "personalize:getPersonalizedRanking", - "personalize:getRecommendations", - "personalize:getSolutionMetrics", - "personalize:listBatchInferenceJobs", - "personalize:listBatchSegmentJobs", - "personalize:listCampaigns", - "personalize:listDatasetExportJobs", - "personalize:listDatasetGroups", - "personalize:listDatasetImportJobs", - "personalize:listDatasets", - "personalize:listEventTrackers", - "personalize:listRecipes", - "personalize:listRecommenders", - "personalize:listSchemas", - "personalize:listSolutions", - "personalize:listSolutionVersions", - "pipes:describePipe", - "pipes:listPipes", - "pipes:listTagsForResource", - "polly:describeVoices", - "polly:getLexicon", - "polly:listLexicons", - "pricing:describeServices", - "pricing:getAttributeValues", - "pricing:getProducts", - "private-networks:getDeviceIdentifier", - "private-networks:getNetwork", - "private-networks:getNetworkResource", - "private-networks:listDeviceIdentifiers", - "private-networks:listNetworkResources", - "private-networks:listNetworks", - "qbusiness:getApplication", - "qbusiness:getDataSource", - "qbusiness:getIndex", - "qbusiness:getRetriever", - "qbusiness:getWebExperience", - "qbusiness:listApplications", - "qbusiness:listDataSources", - "qbusiness:listDataSourceSyncJobs", - "qbusiness:listIndices", - "qbusiness:listRetrievers", - "qbusiness:listWebExperiences", - "quicksight:describeAccountCustomization", - "quicksight:describeAccountSettings", - "quicksight:describeAccountSubscription", - "quicksight:describeAnalysis", - "quicksight:describeAnalysisPermissions", - "quicksight:describeDashboard", - "quicksight:describeDashboardPermissions", - "quicksight:describeDataSet", - "quicksight:describeDataSetPermissions", - "quicksight:describeDataSetRefreshProperties", - "quicksight:describeDataSource", - "quicksight:describeDataSourcePermissions", - "quicksight:describeFolder", - "quicksight:describeFolderPermissions", - "quicksight:describeFolderResolvedPermissions", - "quicksight:describeGroup", - "quicksight:describeGroupMembership", - "quicksight:describeIAMPolicyAssignment", - "quicksight:describeIngestion", - "quicksight:describeIpRestriction", - "quicksight:describeNamespace", - "quicksight:describeRefreshSchedule", - "quicksight:describeTemplate", - "quicksight:describeTemplateAlias", - "quicksight:describeTemplatePermissions", - "quicksight:describeTheme", - "quicksight:describeThemeAlias", - "quicksight:describeThemePermissions", - "quicksight:describeTopic", - "quicksight:describeTopicPermissions", - "quicksight:describeTopicRefresh", - "quicksight:describeTopicRefreshSchedule", - "quicksight:describeUser", - "quicksight:describeVPCConnection", - "quicksight:listAnalyses", - "quicksight:listDashboards", - "quicksight:listDashboardVersions", - "quicksight:listDataSets", - "quicksight:listDataSources", - "quicksight:listFolderMembers", - "quicksight:listFolders", - "quicksight:listGroupMemberships", - "quicksight:listGroups", - "quicksight:listIAMPolicyAssignments", - "quicksight:listIAMPolicyAssignmentsForUser", - "quicksight:listIngestions", - "quicksight:listNamespaces", - "quicksight:listRefreshSchedules", - "quicksight:listTemplateAliases", - "quicksight:listTemplates", - "quicksight:listTemplateVersions", - "quicksight:listThemeAliases", - "quicksight:listThemes", - "quicksight:listThemeVersions", - "quicksight:listTopicRefreshSchedules", - "quicksight:listTopics", - "quicksight:listUserGroups", - "quicksight:listUsers", - "quicksight:listVPCConnections", - "quicksight:searchAnalyses", - "quicksight:searchDashboards", - "quicksight:searchDataSets", - "quicksight:searchDataSources", - "quicksight:searchFolders", - "quicksight:searchGroups", - "ram:getPermission", - "ram:getResourceShareAssociations", - "ram:getResourceShareInvitations", - "ram:getResourceShares", - "ram:listPendingInvitationResources", - "ram:listPrincipals", - "ram:listResources", - "ram:listResourceSharePermissions", - "rbin:getRule", - "rbin:listRules", - "rds:describeAccountAttributes", - "rds:describeBlueGreenDeployments", - "rds:describeCertificates", - "rds:describeDBClusterEndpoints", - "rds:describeDBClusterParameterGroups", - "rds:describeDBClusterParameters", - "rds:describeDBClusters", - "rds:describeDBClusterSnapshots", - "rds:describeDBEngineVersions", - "rds:describeDBInstanceAutomatedBackups", - "rds:describeDBInstances", - "rds:describeDBLogFiles", - "rds:describeDBParameterGroups", - "rds:describeDBParameters", - "rds:describeDBSecurityGroups", - "rds:describeDBSnapshotAttributes", - "rds:describeDBSnapshots", - "rds:describeDBSubnetGroups", - "rds:describeEngineDefaultClusterParameters", - "rds:describeEngineDefaultParameters", - "rds:describeEventCategories", - "rds:describeEvents", - "rds:describeEventSubscriptions", - "rds:describeExportTasks", - "rds:describeGlobalClusters", - "rds:describeIntegrations", - "rds:describeOptionGroupOptions", - "rds:describeOptionGroups", - "rds:describeOrderableDBInstanceOptions", - "rds:describePendingMaintenanceActions", - "rds:describeReservedDBInstances", - "rds:describeReservedDBInstancesOfferings", - "rds:describeSourceRegions", - "rds:describeValidDBInstanceModifications", - "rds:listTagsForResource", - "redshift-data:describeStatement", - "redshift-data:listStatements", - "redshift-serverless:getCustomDomainAssociation", - "redshift-serverless:getEndpointAccess", - "redshift-serverless:getNamespace", - "redshift-serverless:getRecoveryPoint", - "redshift-serverless:getScheduledAction", - "redshift-serverless:getSnapshot", - "redshift-serverless:getTableRestoreStatus", - "redshift-serverless:getUsageLimit", - "redshift-serverless:getWorkgroup", - "redshift-serverless:listCustomDomainAssociations", - "redshift-serverless:listEndpointAccess", - "redshift-serverless:listNamespaces", - "redshift-serverless:listRecoveryPoints", - "redshift-serverless:listSnapshotCopyConfigurations", - "redshift-serverless:listSnapshots", - "redshift-serverless:listTableRestoreStatus", - "redshift-serverless:listUsageLimits", - "redshift-serverless:listWorkgroups", - "redshift:describeClusterDbRevisions", - "redshift:describeClusterParameterGroups", - "redshift:describeClusterParameters", - "redshift:describeClusters", - "redshift:describeClusterSecurityGroups", - "redshift:describeClusterSnapshots", - "redshift:describeClusterSubnetGroups", - "redshift:describeClusterTracks", - "redshift:describeClusterVersions", - "redshift:describeCustomDomainAssociations", - "redshift:describeDataShares", - "redshift:describeDataSharesForConsumer", - "redshift:describeDataSharesForProducer", - "redshift:describeDefaultClusterParameters", - "redshift:describeEndpointAccess", - "redshift:describeEndpointAuthorization", - "redshift:describeEventCategories", - "redshift:describeEvents", - "redshift:describeEventSubscriptions", - "redshift:describeHsmClientCertificates", - "redshift:describeHsmConfigurations", - "redshift:describeInboundIntegrations", - "redshift:describeLoggingStatus", - "redshift:describeNodeConfigurationOptions", - "redshift:describeOrderableClusterOptions", - "redshift:describeRedshiftIdcApplications", - "redshift:describeReservedNodeOfferings", - "redshift:describeReservedNodes", - "redshift:describeResize", - "redshift:describeSnapshotCopyGrants", - "redshift:describeSnapshotSchedules", - "redshift:describeStorage", - "redshift:describeTableRestoreStatus", - "redshift:describeTags", - "redshift:describeUsageLimits", - "rekognition:listCollections", - "rekognition:listFaces", - "resiliencehub:describeApp", - "resiliencehub:describeAppAssessment", - "resiliencehub:describeAppVersion", - "resiliencehub:describeAppVersionAppComponent", - "resiliencehub:describeAppVersionResource", - "resiliencehub:describeAppVersionResourcesResolutionStatus", - "resiliencehub:describeAppVersionTemplate", - "resiliencehub:describeDraftAppVersionResourcesImportStatus", - "resiliencehub:describeResiliencyPolicy", - "resiliencehub:describeResourceGroupingRecommendationTask", - "resiliencehub:listAlarmRecommendations", - "resiliencehub:listAppAssessmentComplianceDrifts", - "resiliencehub:listAppAssessmentResourceDrifts", - "resiliencehub:listAppAssessments", - "resiliencehub:listAppComponentCompliances", - "resiliencehub:listAppComponentRecommendations", - "resiliencehub:listAppInputSources", - "resiliencehub:listApps", - "resiliencehub:listAppVersionAppComponents", - "resiliencehub:listAppVersionResourceMappings", - "resiliencehub:listAppVersionResources", - "resiliencehub:listAppVersions", - "resiliencehub:listRecommendationTemplates", - "resiliencehub:listResiliencyPolicies", - "resiliencehub:listResourceGroupingRecommendations", - "resiliencehub:listSopRecommendations", - "resiliencehub:listSuggestedResiliencyPolicies", - "resiliencehub:listTestRecommendations", - "resiliencehub:listUnsupportedAppVersionResources", - "resource-explorer-2:getAccountLevelServiceConfiguration", - "resource-explorer-2:getIndex", - "resource-explorer-2:getView", - "resource-explorer-2:listIndexes", - "resource-explorer-2:listViews", - "resource-explorer-2:search", - "resource-groups:getGroup", - "resource-groups:getGroupQuery", - "resource-groups:getTags", - "resource-groups:listGroupResources", - "resource-groups:listGroups", - "resource-groups:searchResources", - "robomaker:batchDescribeSimulationJob", - "robomaker:describeDeploymentJob", - "robomaker:describeFleet", - "robomaker:describeRobot", - "robomaker:describeRobotApplication", - "robomaker:describeSimulationApplication", - "robomaker:describeSimulationJob", - "robomaker:listDeploymentJobs", - "robomaker:listFleets", - "robomaker:listRobotApplications", - "robomaker:listRobots", - "robomaker:listSimulationApplications", - "robomaker:listSimulationJobs", - "rolesanywhere:getProfile", - "rolesanywhere:getTrustAnchor", - "rolesanywhere:listProfiles", - "rolesanywhere:listTrustAnchors", - "route53-recovery-cluster:getRoutingControlState", - "route53-recovery-cluster:listRoutingControls", - "route53-recovery-control-config:describeControlPanel", - "route53-recovery-control-config:describeRoutingControl", - "route53-recovery-control-config:describeSafetyRule", - "route53-recovery-control-config:listControlPanels", - "route53-recovery-control-config:listRoutingControls", - "route53-recovery-control-config:listSafetyRules", - "route53-recovery-readiness:getCell", - "route53-recovery-readiness:getCellReadinessSummary", - "route53-recovery-readiness:getReadinessCheck", - "route53-recovery-readiness:getReadinessCheckResourceStatus", - "route53-recovery-readiness:getReadinessCheckStatus", - "route53-recovery-readiness:getRecoveryGroup", - "route53-recovery-readiness:getRecoveryGroupReadinessSummary", - "route53-recovery-readiness:listCells", - "route53-recovery-readiness:listReadinessChecks", - "route53-recovery-readiness:listRecoveryGroups", - "route53-recovery-readiness:listResourceSets", - "route53:getAccountLimit", - "route53:getChange", - "route53:getCheckerIpRanges", - "route53:getDNSSEC", - "route53:getGeoLocation", - "route53:getHealthCheck", - "route53:getHealthCheckCount", - "route53:getHealthCheckLastFailureReason", - "route53:getHealthCheckStatus", - "route53:getHostedZone", - "route53:getHostedZoneCount", - "route53:getHostedZoneLimit", - "route53:getQueryLoggingConfig", - "route53:getReusableDelegationSet", - "route53:getTrafficPolicy", - "route53:getTrafficPolicyInstance", - "route53:getTrafficPolicyInstanceCount", - "route53:listCidrBlocks", - "route53:listCidrCollections", - "route53:listCidrLocations", - "route53:listGeoLocations", - "route53:listHealthChecks", - "route53:listHostedZones", - "route53:listHostedZonesByName", - "route53:listHostedZonesByVpc", - "route53:listQueryLoggingConfigs", - "route53:listResourceRecordSets", - "route53:listReusableDelegationSets", - "route53:listTrafficPolicies", - "route53:listTrafficPolicyInstances", - "route53:listTrafficPolicyInstancesByHostedZone", - "route53:listTrafficPolicyInstancesByPolicy", - "route53:listTrafficPolicyVersions", - "route53:listVPCAssociationAuthorizations", - "route53domains:checkDomainAvailability", - "route53domains:getContactReachabilityStatus", - "route53domains:getDomainDetail", - "route53domains:getOperationDetail", - "route53domains:listDomains", - "route53domains:listOperations", - "route53domains:listPrices", - "route53domains:listTagsForDomain", - "route53domains:viewBilling", - "route53profiles:getProfile", - "route53profiles:getProfileAssociation", - "route53profiles:getProfileResourceAssociation", - "route53profiles:listProfileAssociations", - "route53profiles:listProfileResourceAssociations", - "route53profiles:listProfiles", - "route53profiles:listTagsForResource", - "route53resolver:getFirewallConfig", - "route53resolver:getFirewallDomainList", - "route53resolver:getFirewallRuleGroup", - "route53resolver:getFirewallRuleGroupAssociation", - "route53resolver:getFirewallRuleGroupPolicy", - "route53resolver:getOutpostResolver", - "route53resolver:getResolverDnssecConfig", - "route53resolver:getResolverQueryLogConfig", - "route53resolver:getResolverQueryLogConfigAssociation", - "route53resolver:getResolverQueryLogConfigPolicy", - "route53resolver:getResolverRule", - "route53resolver:getResolverRuleAssociation", - "route53resolver:getResolverRulePolicy", - "route53resolver:listFirewallConfigs", - "route53resolver:listFirewallDomainLists", - "route53resolver:listFirewallDomains", - "route53resolver:listFirewallRuleGroupAssociations", - "route53resolver:listFirewallRuleGroups", - "route53resolver:listFirewallRules", - "route53resolver:listOutpostResolvers", - "route53resolver:listResolverConfigs", - "route53resolver:listResolverDnssecConfigs", - "route53resolver:listResolverEndpointIpAddresses", - "route53resolver:listResolverEndpoints", - "route53resolver:listResolverQueryLogConfigAssociations", - "route53resolver:listResolverQueryLogConfigs", - "route53resolver:listResolverRuleAssociations", - "route53resolver:listResolverRules", - "route53resolver:listTagsForResource", - "rum:batchGetRumMetricDefinitions", - "rum:getAppMonitor", - "rum:listAppMonitors", - "rum:listRumMetricsDestinations", - "s3-outposts:listEndpoints", - "s3-outposts:listOutpostsWithS3", - "s3-outposts:listRegionalBuckets", - "s3-outposts:listSharedEndpoints", - "s3:describeJob", - "s3:describeMultiRegionAccessPointOperation", - "s3:getAccelerateConfiguration", - "s3:getAccessGrant", - "s3:getAccessGrantsInstance", - "s3:getAccessGrantsInstanceResourcePolicy", - "s3:getAccessGrantsLocation", - "s3:getAccessPoint", - "s3:getAccessPointConfigurationForObjectLambda", - "s3:getAccessPointForObjectLambda", - "s3:getAccessPointPolicy", - "s3:getAccessPointPolicyForObjectLambda", - "s3:getAccessPointPolicyStatus", - "s3:getAccessPointPolicyStatusForObjectLambda", - "s3:getAccountPublicAccessBlock", - "s3:getAnalyticsConfiguration", - "s3:getBucketAcl", - "s3:getBucketCORS", - "s3:getBucketLocation", - "s3:getBucketLogging", - "s3:getBucketNotification", - "s3:getBucketObjectLockConfiguration", - "s3:getBucketOwnershipControls", - "s3:getBucketPolicy", - "s3:getBucketPolicyStatus", - "s3:getBucketPublicAccessBlock", - "s3:getBucketRequestPayment", - "s3:getBucketVersioning", - "s3:getBucketWebsite", - "s3:getEncryptionConfiguration", - "s3:getIntelligentTieringConfiguration", - "s3:getInventoryConfiguration", - "s3:getLifecycleConfiguration", - "s3:getMetricsConfiguration", - "s3:getMultiRegionAccessPoint", - "s3:getMultiRegionAccessPointPolicy", - "s3:getMultiRegionAccessPointPolicyStatus", - "s3:getMultiRegionAccessPointRoutes", - "s3:getObjectAcl", - "s3:getObjectLegalHold", - "s3:getObjectRetention", - "s3:getReplicationConfiguration", - "s3:getStorageLensConfiguration", - "s3:listAccessGrants", - "s3:listAccessGrantsInstances", - "s3:listAccessGrantsLocations", - "s3:listAccessPoints", - "s3:listAccessPointsForObjectLambda", - "s3:listAllMyBuckets", - "s3:listBucket", - "s3:listBucketMultipartUploads", - "s3:listBucketVersions", - "s3:listJobs", - "s3:listMultipartUploadParts", - "s3:listMultiRegionAccessPoints", - "s3:listStorageLensConfigurations", - "s3express:getBucketPolicy", - "s3express:listAllMyDirectoryBuckets", - "s3tables:getNamespace", - "s3tables:getTable", - "s3tables:getTableBucket", - "s3tables:getTableBucketMaintenanceConfiguration", - "s3tables:getTableBucketPolicy", - "s3tables:getTableMaintenanceJobStatus", - "s3tables:getTableMetadataLocation", - "s3tables:getTablePolicy", - "s3tables:listNamespaces", - "s3tables:listTableBuckets", - "s3tables:listTables", - "sagemaker:describeAction", - "sagemaker:describeAlgorithm", - "sagemaker:describeApp", - "sagemaker:describeAppImageConfig", - "sagemaker:describeArtifact", - "sagemaker:describeAutoMLJob", - "sagemaker:describeCluster", - "sagemaker:describeClusterNode", - "sagemaker:describeCodeRepository", - "sagemaker:describeCompilationJob", - "sagemaker:describeContext", - "sagemaker:describeDataQualityJobDefinition", - "sagemaker:describeDevice", - "sagemaker:describeDeviceFleet", - "sagemaker:describeDomain", - "sagemaker:describeEdgeDeploymentPlan", - "sagemaker:describeEdgePackagingJob", - "sagemaker:describeEndpoint", - "sagemaker:describeEndpointConfig", - "sagemaker:describeExperiment", - "sagemaker:describeFeatureGroup", - "sagemaker:describeFeatureMetadata", - "sagemaker:describeFlowDefinition", - "sagemaker:describeHub", - "sagemaker:describeHubContent", - "sagemaker:describeHumanTaskUi", - "sagemaker:describeHyperParameterTuningJob", - "sagemaker:describeImage", - "sagemaker:describeImageVersion", - "sagemaker:describeInferenceComponent", - "sagemaker:describeInferenceExperiment", - "sagemaker:describeInferenceRecommendationsJob", - "sagemaker:describeLabelingJob", - "sagemaker:describeMlflowTrackingServer", - "sagemaker:describeModel", - "sagemaker:describeModelBiasJobDefinition", - "sagemaker:describeModelCard", - "sagemaker:describeModelCardExportJob", - "sagemaker:describeModelExplainabilityJobDefinition", - "sagemaker:describeModelPackage", - "sagemaker:describeModelPackageGroup", - "sagemaker:describeModelQualityJobDefinition", - "sagemaker:describeMonitoringSchedule", - "sagemaker:describeNotebookInstance", - "sagemaker:describeNotebookInstanceLifecycleConfig", - "sagemaker:describePipeline", - "sagemaker:describePipelineDefinitionForExecution", - "sagemaker:describePipelineExecution", - "sagemaker:describeProcessingJob", - "sagemaker:describeProject", - "sagemaker:describeSpace", - "sagemaker:describeStudioLifecycleConfig", - "sagemaker:describeSubscribedWorkteam", - "sagemaker:describeTrainingJob", - "sagemaker:describeTransformJob", - "sagemaker:describeTrial", - "sagemaker:describeTrialComponent", - "sagemaker:describeUserProfile", - "sagemaker:describeWorkforce", - "sagemaker:describeWorkteam", - "sagemaker:getDeviceFleetReport", - "sagemaker:getModelPackageGroupPolicy", - "sagemaker:getSagemakerServicecatalogPortfolioStatus", - "sagemaker:listActions", - "sagemaker:listAlgorithms", - "sagemaker:listAliases", - "sagemaker:listAppImageConfigs", - "sagemaker:listApps", - "sagemaker:listArtifacts", - "sagemaker:listAssociations", - "sagemaker:listAutoMLJobs", - "sagemaker:listCandidatesForAutoMLJob", - "sagemaker:listClusterNodes", - "sagemaker:listClusters", - "sagemaker:listCodeRepositories", - "sagemaker:listCompilationJobs", - "sagemaker:listContexts", - "sagemaker:listDataQualityJobDefinitions", - "sagemaker:listDeviceFleets", - "sagemaker:listDevices", - "sagemaker:listDomains", - "sagemaker:listEdgeDeploymentPlans", - "sagemaker:listEdgePackagingJobs", - "sagemaker:listEndpointConfigs", - "sagemaker:listEndpoints", - "sagemaker:listExperiments", - "sagemaker:listFeatureGroups", - "sagemaker:listFlowDefinitions", - "sagemaker:listHubContents", - "sagemaker:listHubContentVersions", - "sagemaker:listHubs", - "sagemaker:listHumanTaskUis", - "sagemaker:listHyperParameterTuningJobs", - "sagemaker:listImages", - "sagemaker:listImageVersions", - "sagemaker:listInferenceComponents", - "sagemaker:listInferenceExperiments", - "sagemaker:listInferenceRecommendationsJobs", - "sagemaker:listInferenceRecommendationsJobSteps", - "sagemaker:listLabelingJobs", - "sagemaker:listLabelingJobsForWorkteam", - "sagemaker:listLineageGroups", - "sagemaker:listMlflowTrackingServers", - "sagemaker:listModelBiasJobDefinitions", - "sagemaker:listModelCardExportJobs", - "sagemaker:listModelCards", - "sagemaker:listModelCardVersions", - "sagemaker:listModelExplainabilityJobDefinitions", - "sagemaker:listModelMetadata", - "sagemaker:listModelPackageGroups", - "sagemaker:listModelPackages", - "sagemaker:listModelQualityJobDefinitions", - "sagemaker:listModels", - "sagemaker:listMonitoringAlertHistory", - "sagemaker:listMonitoringAlerts", - "sagemaker:listMonitoringExecutions", - "sagemaker:listMonitoringSchedules", - "sagemaker:listNotebookInstanceLifecycleConfigs", - "sagemaker:listNotebookInstances", - "sagemaker:listPipelineExecutions", - "sagemaker:listPipelineExecutionSteps", - "sagemaker:listPipelineParametersForExecution", - "sagemaker:listPipelines", - "sagemaker:listProcessingJobs", - "sagemaker:listProjects", - "sagemaker:listSpaces", - "sagemaker:listStageDevices", - "sagemaker:listStudioLifecycleConfigs", - "sagemaker:listSubscribedWorkteams", - "sagemaker:listTags", - "sagemaker:listTrainingJobs", - "sagemaker:listTrainingJobsForHyperParameterTuningJob", - "sagemaker:listTransformJobs", - "sagemaker:listTrialComponents", - "sagemaker:listTrials", - "sagemaker:listUserProfiles", - "sagemaker:listWorkforces", - "sagemaker:listWorkteams", - "savingsplans:describeSavingsPlans", - "scheduler:getSchedule", - "scheduler:getScheduleGroup", - "scheduler:listScheduleGroups", - "scheduler:listSchedules", - "schemas:describeCodeBinding", - "schemas:describeDiscoverer", - "schemas:describeRegistry", - "schemas:describeSchema", - "schemas:getCodeBindingSource", - "schemas:getDiscoveredSchema", - "schemas:getResourcePolicy", - "schemas:listDiscoverers", - "schemas:listRegistries", - "schemas:listSchemas", - "schemas:listSchemaVersions", - "sdb:domainMetadata", - "sdb:listDomains", - "secretsmanager:describeSecret", - "secretsmanager:getResourcePolicy", - "secretsmanager:listSecrets", - "secretsmanager:listSecretVersionIds", - "securityhub:batchGetConfigurationPolicyAssociations", - "securityhub:describeOrganizationConfiguration", - "securityhub:getConfigurationPolicy", - "securityhub:getConfigurationPolicyAssociation", - "securityhub:getEnabledStandards", - "securityhub:getFindingAggregator", - "securityhub:getFindings", - "securityhub:getInsightResults", - "securityhub:getInsights", - "securityhub:getMasterAccount", - "securityhub:getMembers", - "securityhub:listConfigurationPolicies", - "securityhub:listConfigurationPolicyAssociations", - "securityhub:listEnabledProductsForImport", - "securityhub:listFindingAggregators", - "securityhub:listInvitations", - "securityhub:listMembers", - "securitylake:getDataLakeExceptionSubscription", - "securitylake:getDataLakeOrganizationConfiguration", - "securitylake:getDataLakeSources", - "securitylake:getSubscriber", - "securitylake:listDataLakeExceptions", - "securitylake:listDataLakes", - "securitylake:listLogSources", - "securitylake:listSubscribers", - "serverlessrepo:getApplication", - "serverlessrepo:getApplicationPolicy", - "serverlessrepo:getCloudFormationTemplate", - "serverlessrepo:listApplicationDependencies", - "serverlessrepo:listApplications", - "serverlessrepo:listApplicationVersions", - "servicecatalog:describeConstraint", - "servicecatalog:describePortfolio", - "servicecatalog:describeProduct", - "servicecatalog:describeProductAsAdmin", - "servicecatalog:describeProductView", - "servicecatalog:describeProvisioningArtifact", - "servicecatalog:describeProvisioningParameters", - "servicecatalog:describeRecord", - "servicecatalog:listAcceptedPortfolioShares", - "servicecatalog:listConstraintsForPortfolio", - "servicecatalog:listLaunchPaths", - "servicecatalog:listPortfolioAccess", - "servicecatalog:listPortfolios", - "servicecatalog:listPortfoliosForProduct", - "servicecatalog:listPrincipalsForPortfolio", - "servicecatalog:listProvisioningArtifacts", - "servicecatalog:listRecordHistory", - "servicecatalog:scanProvisionedProducts", - "servicecatalog:searchProducts", - "servicequotas:getAssociationForServiceQuotaTemplate", - "servicequotas:getAWSDefaultServiceQuota", - "servicequotas:getRequestedServiceQuotaChange", - "servicequotas:getServiceQuota", - "servicequotas:getServiceQuotaIncreaseRequestFromTemplate", - "servicequotas:listAWSDefaultServiceQuotas", - "servicequotas:listRequestedServiceQuotaChangeHistory", - "servicequotas:listRequestedServiceQuotaChangeHistoryByQuota", - "servicequotas:listServiceQuotaIncreaseRequestsInTemplate", - "servicequotas:listServiceQuotas", - "servicequotas:listServices", - "ses:describeActiveReceiptRuleSet", - "ses:describeConfigurationSet", - "ses:describeReceiptRule", - "ses:describeReceiptRuleSet", - "ses:getAccount", - "ses:getAccountSendingEnabled", - "ses:getAddonInstance", - "ses:getAddonSubscription", - "ses:getArchive", - "ses:getArchiveExport", - "ses:getArchiveSearch", - "ses:getBlacklistReports", - "ses:getConfigurationSet", - "ses:getConfigurationSetEventDestinations", - "ses:getContactList", - "ses:getDedicatedIp", - "ses:getDedicatedIpPool", - "ses:getDedicatedIps", - "ses:getDeliverabilityDashboardOptions", - "ses:getDeliverabilityTestReport", - "ses:getDomainDeliverabilityCampaign", - "ses:getDomainStatisticsReport", - "ses:getEmailIdentity", - "ses:getIdentityDkimAttributes", - "ses:getIdentityMailFromDomainAttributes", - "ses:getIdentityNotificationAttributes", - "ses:getIdentityPolicies", - "ses:getIdentityVerificationAttributes", - "ses:getImportJob", - "ses:getIngressPoint", - "ses:getRelay", - "ses:getRuleSet", - "ses:getTrafficPolicy", - "ses:getSendQuota", - "ses:getSendStatistics", - "ses:listConfigurationSets", - "ses:listAddonInstances", - "ses:listAddonSubscriptions", - "ses:listArchiveExports", - "ses:listArchives", - "ses:listArchiveSearches", - "ses:listContactLists", - "ses:listContacts", - "ses:listCustomVerificationEmailTemplates", - "ses:listDedicatedIpPools", - "ses:listDeliverabilityTestReports", - "ses:listDomainDeliverabilityCampaigns", - "ses:listEmailIdentities", - "ses:listEmailTemplates", - "ses:listIdentities", - "ses:listIdentityPolicies", - "ses:listImportJobs", - "ses:listIngressPoints", - "ses:listReceiptFilters", - "ses:listReceiptRuleSets", - "ses:listRelays", - "ses:listRuleSets", - "ses:listRecommendations", - "ses:listTagsForResource", - "ses:listTemplates", - "ses:listTrafficPolicies", - "ses:listVerifiedEmailAddresses", - "shield:describeAttack", - "shield:describeProtection", - "shield:describeSubscription", - "shield:listAttacks", - "shield:listProtections", - "sms-voice:getConfigurationSetEventDestinations", - "sms:getConnectors", - "sms:getReplicationJobs", - "sms:getReplicationRuns", - "sms:getServers", - "snowball:describeAddress", - "snowball:describeAddresses", - "snowball:describeJob", - "snowball:getSnowballUsage", - "snowball:listJobs", - "snowball:listServiceVersions", - "sns:checkIfPhoneNumberIsOptedOut", - "sns:getDataProtectionPolicy", - "sns:getEndpointAttributes", - "sns:getPlatformApplicationAttributes", - "sns:getSMSAttributes", - "sns:getSMSSandboxAccountStatus", - "sns:getSubscriptionAttributes", - "sns:getTopicAttributes", - "sns:listEndpointsByPlatformApplication", - "sns:listOriginationNumbers", - "sns:listPhoneNumbersOptedOut", - "sns:listPlatformApplications", - "sns:listSMSSandboxPhoneNumbers", - "sns:listSubscriptions", - "sns:listSubscriptionsByTopic", - "sns:listTopics", - "sqs:getQueueAttributes", - "sqs:getQueueUrl", - "sqs:listDeadLetterSourceQueues", - "sqs:listMessageMoveTasks", - "sqs:listQueues", - "ssm-contacts:describeEngagement", - "ssm-contacts:describePage", - "ssm-contacts:getContact", - "ssm-contacts:getContactChannel", - "ssm-contacts:getContactPolicy", - "ssm-contacts:getRotation", - "ssm-contacts:getRotationOverride", - "ssm-contacts:listContactChannels", - "ssm-contacts:listContacts", - "ssm-contacts:listEngagements", - "ssm-contacts:listPageReceipts", - "ssm-contacts:listPageResolutions", - "ssm-contacts:listPagesByContact", - "ssm-contacts:listPagesByEngagement", - "ssm-contacts:listPreviewRotationShifts", - "ssm-contacts:listRotationOverrides", - "ssm-contacts:listRotations", - "ssm-contacts:listRotationShifts", - "ssm-incidents:batchGetIncidentFindings", - "ssm-incidents:getIncidentRecord", - "ssm-incidents:getReplicationSet", - "ssm-incidents:getResourcePolicies", - "ssm-incidents:getResponsePlan", - "ssm-incidents:getTimelineEvent", - "ssm-incidents:listIncidentFindings", - "ssm-incidents:listIncidentRecords", - "ssm-incidents:listRelatedItems", - "ssm-incidents:listReplicationSets", - "ssm-incidents:listResponsePlans", - "ssm-incidents:listTimelineEvents", - "ssm-quicksetup:getConfiguration", - "ssm-quicksetup:getConfigurationManager", - "ssm-quicksetup:getServiceSettings", - "ssm-quicksetup:listConfigurationManagers", - "ssm-quicksetup:listConfigurations", - "ssm-quicksetup:listQuickSetupTypes", - "ssm-sap:getApplication", - "ssm-sap:getComponent", - "ssm-sap:getDatabase", - "ssm-sap:getOperation", - "ssm-sap:getResourcePermission", - "ssm-sap:listApplications", - "ssm-sap:listComponents", - "ssm-sap:listDatabases", - "ssm-sap:listOperations", - "ssm:describeActivations", - "ssm:describeAssociation", - "ssm:describeAssociationExecutions", - "ssm:describeAssociationExecutionTargets", - "ssm:describeAutomationExecutions", - "ssm:describeAutomationStepExecutions", - "ssm:describeAvailablePatches", - "ssm:describeDocument", - "ssm:describeDocumentPermission", - "ssm:describeEffectiveInstanceAssociations", - "ssm:describeEffectivePatchesForPatchBaseline", - "ssm:describeInstanceAssociationsStatus", - "ssm:describeInstanceInformation", - "ssm:describeInstancePatches", - "ssm:describeInstancePatchStates", - "ssm:describeInstancePatchStatesForPatchGroup", - "ssm:describeInstanceProperties", - "ssm:describeInventoryDeletions", - "ssm:describeMaintenanceWindowExecutions", - "ssm:describeMaintenanceWindowExecutionTaskInvocations", - "ssm:describeMaintenanceWindowExecutionTasks", - "ssm:describeMaintenanceWindows", - "ssm:describeMaintenanceWindowSchedule", - "ssm:describeMaintenanceWindowsForTarget", - "ssm:describeMaintenanceWindowTargets", - "ssm:describeMaintenanceWindowTasks", - "ssm:describeOpsItems", - "ssm:describeParameters", - "ssm:describePatchBaselines", - "ssm:describePatchGroups", - "ssm:describePatchGroupState", - "ssm:describePatchProperties", - "ssm:describeSessions", - "ssm:getAutomationExecution", - "ssm:getCalendarState", - "ssm:getCommandInvocation", - "ssm:getConnectionStatus", - "ssm:getDefaultPatchBaseline", - "ssm:getDeployablePatchSnapshotForInstance", - "ssm:getInventorySchema", - "ssm:getMaintenanceWindow", - "ssm:getMaintenanceWindowExecution", - "ssm:getMaintenanceWindowExecutionTask", - "ssm:getMaintenanceWindowExecutionTaskInvocation", - "ssm:getMaintenanceWindowTask", - "ssm:getOpsItem", - "ssm:getOpsMetadata", - "ssm:getOpsSummary", - "ssm:getPatchBaseline", - "ssm:getPatchBaselineForPatchGroup", - "ssm:getResourcePolicies", - "ssm:getServiceSetting", - "ssm:listAssociations", - "ssm:listAssociationVersions", - "ssm:listCommandInvocations", - "ssm:listCommands", - "ssm:listComplianceItems", - "ssm:listComplianceSummaries", - "ssm:listDocumentMetadataHistory", - "ssm:listDocuments", - "ssm:listDocumentVersions", - "ssm:listNodes", - "ssm:listNodesSummary", - "ssm:listOpsItemEvents", - "ssm:listOpsItemRelatedItems", - "ssm:listOpsMetadata", - "ssm:listResourceComplianceSummaries", - "ssm:listResourceDataSync", - "ssm:listTagsForResource", - "sso:describeApplication", - "sso:describeApplicationAssignment", - "sso:describeApplicationProvider", - "sso:describeAccountAssignmentCreationStatus", - "sso:describeAccountAssignmentDeletionStatus", - "sso:describeInstance", - "sso:describeInstanceAccessControlAttributeConfiguration", - "sso:describePermissionSet", - "sso:describePermissionSetProvisioningStatus", - "sso:describeTrustedTokenIssuer", - "sso:getApplicationAccessScope", - "sso:getApplicationAssignmentConfiguration", - "sso:getApplicationAuthenticationMethod", - "sso:getApplicationGrant", - "sso:getApplicationInstance", - "sso:getApplicationTemplate", - "sso:getInlinePolicyForPermissionSet", - "sso:getManagedApplicationInstance", - "sso:getPermissionsBoundaryForPermissionSet", - "sso:getSharedSsoConfiguration", - "sso:listApplicationAccessScopes", - "sso:listApplicationAssignments", - "sso:listApplicationAuthenticationMethods", - "sso:listApplicationGrants", - "sso:listApplicationInstances", - "sso:listApplicationProviders", - "sso:listApplications", - "sso:listApplicationTemplates", - "sso:listAccountAssignmentCreationStatus", - "sso:listAccountAssignmentDeletionStatus", - "sso:listAccountAssignments", - "sso:listAccountAssignmentsForPrincipal", - "sso:listAccountsForProvisionedPermissionSet", - "sso:listApplicationAssignmentsForPrincipal", - "sso:listCustomerManagedPolicyReferencesInPermissionSet", - "sso:listDirectoryAssociations", - "sso:listInstances", - "sso:listManagedPoliciesInPermissionSet", - "sso:listPermissionSetProvisioningStatus", - "sso:listPermissionSets", - "sso:listPermissionSetsProvisionedToAccount", - "sso:listProfileAssociations", - "sso:listTrustedTokenIssuers", - "states:describeActivity", - "states:describeExecution", - "states:describeMapRun", - "states:describeStateMachine", - "states:describeStateMachineAlias", - "states:describeStateMachineForExecution", - "states:getExecutionHistory", - "states:listActivities", - "states:listExecutions", - "states:listMapRuns", - "states:listStateMachineAliases", - "states:listStateMachines", - "states:listStateMachineVersions", - "storagegateway:describeBandwidthRateLimit", - "storagegateway:describeCache", - "storagegateway:describeCachediSCSIVolumes", - "storagegateway:describeFileSystemAssociations", - "storagegateway:describeGatewayInformation", - "storagegateway:describeMaintenanceStartTime", - "storagegateway:describeNFSFileShares", - "storagegateway:describeSMBFileShares", - "storagegateway:describeSMBSettings", - "storagegateway:describeSnapshotSchedule", - "storagegateway:describeStorediSCSIVolumes", - "storagegateway:describeTapeArchives", - "storagegateway:describeTapeRecoveryPoints", - "storagegateway:describeTapes", - "storagegateway:describeUploadBuffer", - "storagegateway:describeVTLDevices", - "storagegateway:describeWorkingStorage", - "storagegateway:listAutomaticTapeCreationPolicies", - "storagegateway:listFileShares", - "storagegateway:listFileSystemAssociations", - "storagegateway:listGateways", - "storagegateway:listLocalDisks", - "storagegateway:listTagsForResource", - "storagegateway:listTapes", - "storagegateway:listVolumeInitiators", - "storagegateway:listVolumeRecoveryPoints", - "storagegateway:listVolumes", - "sts:getCallerIdentity", - "swf:countClosedWorkflowExecutions", - "swf:countOpenWorkflowExecutions", - "swf:countPendingActivityTasks", - "swf:countPendingDecisionTasks", - "swf:describeActivityType", - "swf:describeDomain", - "swf:describeWorkflowExecution", - "swf:describeWorkflowType", - "swf:getWorkflowExecutionHistory", - "swf:listActivityTypes", - "swf:listClosedWorkflowExecutions", - "swf:listDomains", - "swf:listOpenWorkflowExecutions", - "swf:listWorkflowTypes", - "synthetics:describeCanaries", - "synthetics:describeCanariesLastRun", - "synthetics:describeRuntimeVersions", - "synthetics:getCanary", - "synthetics:getCanaryRuns", - "synthetics:getGroup", - "synthetics:listAssociatedGroups", - "synthetics:listGroupResources", - "synthetics:listGroups", - "thinclient:getDevice", - "thinclient:getEnvironment", - "thinclient:getSoftwareSet", - "thinclient:listDevices", - "thinclient:listEnvironments", - "thinclient:listSoftwareSets", - "timestream:describeAccountSettings", - "timestream:describeBatchLoadTask", - "timestream:describeDatabase", - "timestream:describeEndpoints", - "timestream:describeScheduledQuery", - "timestream:describeTable", - "timestream:listBatchLoadTasks", - "timestream:listDatabases", - "timestream:listScheduledQueries", - "timestream:listTables", - "tiros:createQuery", - "tiros:getQueryAnswer", - "tiros:getQueryExplanation", - "tnb:getSolFunctionInstance", - "tnb:getSolFunctionPackage", - "tnb:getSolNetworkInstance", - "tnb:getSolNetworkOperation", - "tnb:getSolNetworkPackage", - "tnb:listSolFunctionInstances", - "tnb:listSolFunctionPackages", - "tnb:listSolNetworkInstances", - "tnb:listSolNetworkOperations", - "tnb:listSolNetworkPackages", - "transcribe:describeLanguageModel", - "transcribe:getCallAnalyticsCategory", - "transcribe:getCallAnalyticsJob", - "transcribe:getMedicalTranscriptionJob", - "transcribe:getMedicalVocabulary", - "transcribe:getTranscriptionJob", - "transcribe:getVocabulary", - "transcribe:getVocabularyFilter", - "transcribe:listCallAnalyticsCategories", - "transcribe:listCallAnalyticsJobs", - "transcribe:listLanguageModels", - "transcribe:listMedicalTranscriptionJobs", - "transcribe:listMedicalVocabularies", - "transcribe:listTranscriptionJobs", - "transcribe:listVocabularies", - "transcribe:listVocabularyFilters", - "transfer:describeAccess", - "transfer:describeAgreement", - "transfer:describeConnector", - "transfer:describeExecution", - "transfer:describeProfile", - "transfer:describeServer", - "transfer:describeUser", - "transfer:describeWebApp", - "transfer:describeWebAppCustomization", - "transfer:describeWorkflow", - "transfer:listAccesses", - "transfer:listAgreements", - "transfer:listConnectors", - "transfer:listExecutions", - "transfer:listHostKeys", - "transfer:listProfiles", - "transfer:listServers", - "transfer:listTagsForResource", - "transfer:listUsers", - "transfer:listWebApps", - "transfer:listWorkflows", - "transfer:sendWorkflowStepState", - "trustedadvisor:getOrganizationRecommendation", - "trustedadvisor:getRecommendation", - "trustedadvisor:listChecks", - "trustedadvisor:listOrganizationRecommendationAccounts", - "trustedadvisor:listOrganizationRecommendationResources", - "trustedadvisor:listOrganizationRecommendations", - "trustedadvisor:listRecommendationResources", - "trustedadvisor:listRecommendations", - "verifiedpermissions:getIdentitySource", - "verifiedpermissions:getPolicy", - "verifiedpermissions:getPolicyStore", - "verifiedpermissions:getPolicyTemplate", - "verifiedpermissions:getSchema", - "verifiedpermissions:listIdentitySources", - "verifiedpermissions:listPolicies", - "verifiedpermissions:listPolicyStores", - "verifiedpermissions:listPolicyTemplates", - "vpc-lattice:getAccessLogSubscription", - "vpc-lattice:getAuthPolicy", - "vpc-lattice:getListener", - "vpc-lattice:getResourceConfiguration", - "vpc-lattice:getResourceGateway", - "vpc-lattice:getResourcePolicy", - "vpc-lattice:getRule", - "vpc-lattice:getService", - "vpc-lattice:getServiceNetwork", - "vpc-lattice:getServiceNetworkResourceAssociation", - "vpc-lattice:getServiceNetworkServiceAssociation", - "vpc-lattice:getServiceNetworkVpcAssociation", - "vpc-lattice:getTargetGroup", - "vpc-lattice:listAccessLogSubscriptions", - "vpc-lattice:listListeners", - "vpc-lattice:listResourceConfigurations", - "vpc-lattice:listResourceGateways", - "vpc-lattice:listRules", - "vpc-lattice:listServiceNetworks", - "vpc-lattice:listServiceNetworkResourceAssociations", - "vpc-lattice:listServiceNetworkServiceAssociations", - "vpc-lattice:listServiceNetworkVpcAssociations", - "vpc-lattice:listServices", - "vpc-lattice:listTargetGroups", - "vpc-lattice:listTargets", - "waf-regional:getByteMatchSet", - "waf-regional:getChangeTokenStatus", - "waf-regional:getGeoMatchSet", - "waf-regional:getIPSet", - "waf-regional:getLoggingConfiguration", - "waf-regional:getRateBasedRule", - "waf-regional:getRegexMatchSet", - "waf-regional:getRegexPatternSet", - "waf-regional:getRule", - "waf-regional:getRuleGroup", - "waf-regional:getSqlInjectionMatchSet", - "waf-regional:getWebACL", - "waf-regional:getWebACLForResource", - "waf-regional:listActivatedRulesInRuleGroup", - "waf-regional:listByteMatchSets", - "waf-regional:listGeoMatchSets", - "waf-regional:listIPSets", - "waf-regional:listLoggingConfigurations", - "waf-regional:listRateBasedRules", - "waf-regional:listRegexMatchSets", - "waf-regional:listRegexPatternSets", - "waf-regional:listResourcesForWebACL", - "waf-regional:listRuleGroups", - "waf-regional:listRules", - "waf-regional:listSqlInjectionMatchSets", - "waf-regional:listWebACLs", - "waf:getByteMatchSet", - "waf:getChangeTokenStatus", - "waf:getGeoMatchSet", - "waf:getIPSet", - "waf:getLoggingConfiguration", - "waf:getRateBasedRule", - "waf:getRegexMatchSet", - "waf:getRegexPatternSet", - "waf:getRule", - "waf:getRuleGroup", - "waf:getSampledRequests", - "waf:getSizeConstraintSet", - "waf:getSqlInjectionMatchSet", - "waf:getWebACL", - "waf:getXssMatchSet", - "waf:listActivatedRulesInRuleGroup", - "waf:listByteMatchSets", - "waf:listGeoMatchSets", - "waf:listIPSets", - "waf:listLoggingConfigurations", - "waf:listRateBasedRules", - "waf:listRegexMatchSets", - "waf:listRegexPatternSets", - "waf:listRuleGroups", - "waf:listRules", - "waf:listSizeConstraintSets", - "waf:listSqlInjectionMatchSets", - "waf:listWebACLs", - "waf:listXssMatchSets", - "wafv2:checkCapacity", - "wafv2:describeManagedRuleGroup", - "wafv2:getIPSet", - "wafv2:getLoggingConfiguration", - "wafv2:getPermissionPolicy", - "wafv2:getRateBasedStatementManagedKeys", - "wafv2:getRegexPatternSet", - "wafv2:getRuleGroup", - "wafv2:getSampledRequests", - "wafv2:getWebACL", - "wafv2:getWebACLForResource", - "wafv2:listAvailableManagedRuleGroups", - "wafv2:listIPSets", - "wafv2:listLoggingConfigurations", - "wafv2:listRegexPatternSets", - "wafv2:listResourcesForWebACL", - "wafv2:listRuleGroups", - "wafv2:listTagsForResource", - "wafv2:listWebACLs", - "workdocs:checkAlias", - "workdocs:describeAvailableDirectories", - "workdocs:describeInstances", - "workmail:describeGroup", - "workmail:describeOrganization", - "workmail:describeResource", - "workmail:describeUser", - "workmail:listAliases", - "workmail:listGroupMembers", - "workmail:listGroups", - "workmail:listMailboxPermissions", - "workmail:listOrganizations", - "workmail:listResourceDelegates", - "workmail:listResources", - "workmail:listUsers", - "workspaces-web:getBrowserSettings", - "workspaces-web:getIdentityProvider", - "workspaces-web:getNetworkSettings", - "workspaces-web:getPortal", - "workspaces-web:getPortalServiceProviderMetadata", - "workspaces-web:getTrustStoreCertificate", - "workspaces-web:getUserSettings", - "workspaces-web:listBrowserSettings", - "workspaces-web:listIdentityProviders", - "workspaces-web:listNetworkSettings", - "workspaces-web:listPortals", - "workspaces-web:listTagsForResource", - "workspaces-web:listTrustStoreCertificates", - "workspaces-web:listTrustStores", - "workspaces-web:listUserSettings", - "workspaces:describeAccount", - "workspaces:describeAccountModifications", - "workspaces:describeApplicationAssociations", - "workspaces:describeIpGroups", - "workspaces:describeTags", - "workspaces:describeWorkspaceAssociations", - "workspaces:describeWorkspaceBundles", - "workspaces:describeWorkspaceDirectories", - "workspaces:describeWorkspaceImages", - "workspaces:describeWorkspaces", - "workspaces:describeWorkspaceSnapshots", - "workspaces:describeWorkspacesConnectionStatus", - "workspaces:describeWorkspacesPools", - "workspaces:describeWorkspacesPoolSessions", - "xray:getEncryptionConfig", - "xray:getGroup", - "xray:getGroups", - "xray:getInsightImpactGraph", - "xray:getSamplingRules", - "xray:getSamplingStatisticSummaries", - "xray:getSamplingTargets", - "xray:getServiceGraph", - "xray:getTimeSeriesServiceStatistics", - "xray:getTraceGraph", - "xray:listResourcePolicies" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - } - ], - "Version": "2012-10-17" - }, - "tags": [] - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "AWSSupportServiceRolePolicy", - "type": "AwsIamPolicy", - "uid": "arn:aws:iam::aws:policy/aws-service-role/AWSSupportServiceRolePolicy" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "It is more secure to start with a minimum set of permissions and grant additional permissions as necessary, rather than starting with permissions that are too lenient and then trying to tighten them later. List policies an analyze if permissions are the least possible to conduct business activities.", - "references": [ - "http://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html" - ] - }, - "risk_details": "IAM policies are the means by which privileges are granted to users, groups, or roles. It is recommended and considered a standard security advice to grant least privilegeβ€”that is, granting only the permissions required to perform a task. Determine what users need to do and then craft policies for them that let the users perform only those tasks instead of allowing full administrative privileges. Providing full administrative privileges instead of restricting to the minimum set of permissions that the user is required to do exposes the resources to potentially unwanted actions.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "AWS policy AmazonRDSEnhancedMonitoringRole is attached but does not allow '*:*' administrative privileges.", - "metadata": { - "event_code": "iam_aws_attached_policy_no_administrative_privileges", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "AWS policy AmazonRDSEnhancedMonitoringRole is attached but does not allow '*:*' administrative privileges.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "CAF Security Epic: IAM", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_1", - "3_1_2", - "3_1_4", - "3_1_5", - "3_1_6", - "3_1_7", - "3_4_6", - "3_13_3" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_1" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_308_a_3_i", - "164_308_a_3_ii_b", - "164_308_a_4_i", - "164_308_a_4_ii_b", - "164_308_a_4_ii_c", - "164_312_a_1" - ], - "SOC2": [ - "cc_1_3", - "cc_6_3" - ], - "C5-2025": [ - "OIS-04.03B", - "OIS-04.01AC", - "SP-01.04B", - "HR-01.01B", - "IAM-01.01B", - "IAM-01.04B" - ], - "NIST-CSF-1.1": [ - "ac_1", - "ac_4", - "pt_3" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-1", - "ac-2-f", - "ac-2-j", - "ac-3", - "ac-5-c", - "ac-6-10", - "ac-6", - "sc-2" - ], - "CIS-3.0": [ - "1.16" - ], - "NIST-800-53-Revision-5": [ - "ac_2_1", - "ac_2_6", - "ac_2_i_2", - "ac_3", - "ac_3_3", - "ac_3_3_a", - "ac_3_3_b_1", - "ac_3_3_b_2", - "ac_3_3_b_3", - "ac_3_3_b_4", - "ac_3_3_b_5", - "ac_3_3_c", - "ac_3_4", - "ac_3_4_a", - "ac_3_4_b", - "ac_3_4_c", - "ac_3_4_d", - "ac_3_4_e", - "ac_3_7", - "ac_3_8", - "ac_3_12_a", - "ac_3_13", - "ac_3_15_a", - "ac_3_15_b", - "ac_4_28", - "ac_5_b", - "ac_6", - "ac_6_2", - "ac_6_3", - "ac_6_10", - "ac_24", - "cm_5_1_a", - "cm_6_a", - "cm_9_b", - "mp_2", - "sc_23_3", - "sc_25" - ], - "ENS-RD2022": [ - "op.acc.4.aws.iam.1", - "op.acc.4.aws.iam.2", - "op.acc.4.aws.iam.9", - "op.exp.8.r4.aws.ct.8" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.16" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "ac-3" - ], - "FFIEC": [ - "d3-pc-am-b-1", - "d3-pc-am-b-16", - "d3-pc-am-b-2", - "d3-pc-am-b-3", - "d3-pc-am-b-6", - "d3-pc-im-b-7" - ], - "GDPR": [ - "article_25" - ], - "CIS-5.0": [ - "1.15" - ], - "CIS-1.4": [ - "1.16" - ], - "CCC": [ - "CCC.LB.CN05.AR01", - "CCC.Core.CN05.AR02" - ], - "GxP-21-CFR-Part-11": [ - "11.10-d", - "11.10-g" - ], - "ProwlerThreatScore-1.0": [ - "1.3.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "IAM.1" - ], - "CIS-1.5": [ - "1.16" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC03-BP02" - ], - "ISO27001-2022": [ - "A.5.18", - "A.8.2" - ], - "NIST-800-53-Revision-4": [ - "ac_2", - "ac_3", - "ac_5", - "ac_6", - "sc_2" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1078", - "T1648", - "T1098", - "T1578", - "T1550", - "T1040", - "T1580", - "T1538", - "T1619", - "T1201" - ], - "CIS-2.0": [ - "1.16" - ], - "CISA": [ - "your-systems-3", - "your-surroundings-3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure IAM AWS-Managed policies that allow full \"*:*\" administrative privileges are not attached", - "title": "Ensure IAM AWS-Managed policies that allow full \"*:*\" administrative privileges are not attached", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_aws_attached_policy_no_administrative_privileges-211203495394-us-east-1-AmazonRDSEnhancedMonitoringRole" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "AmazonRDSEnhancedMonitoringRole", - "arn": "arn:aws:iam::aws:policy/service-role/AmazonRDSEnhancedMonitoringRole", - "entity": "ANPAJV7BS425S4PTSSVGK", - "version_id": "v1", - "type": "AWS", - "attached": true, - "document": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "EnableCreationAndManagementOfRDSCloudwatchLogGroups", - "Effect": "Allow", - "Action": [ - "logs:CreateLogGroup", - "logs:PutRetentionPolicy" - ], - "Resource": [ - "arn:aws:logs:*:*:log-group:RDS*" - ] - }, - { - "Sid": "EnableCreationAndManagementOfRDSCloudwatchLogStreams", - "Effect": "Allow", - "Action": [ - "logs:CreateLogStream", - "logs:PutLogEvents", - "logs:DescribeLogStreams", - "logs:GetLogEvents" - ], - "Resource": [ - "arn:aws:logs:*:*:log-group:RDS*:log-stream:*" - ] - } - ] - }, - "tags": [] - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "AmazonRDSEnhancedMonitoringRole", - "type": "AwsIamPolicy", - "uid": "arn:aws:iam::aws:policy/service-role/AmazonRDSEnhancedMonitoringRole" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "It is more secure to start with a minimum set of permissions and grant additional permissions as necessary, rather than starting with permissions that are too lenient and then trying to tighten them later. List policies an analyze if permissions are the least possible to conduct business activities.", - "references": [ - "http://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html" - ] - }, - "risk_details": "IAM policies are the means by which privileges are granted to users, groups, or roles. It is recommended and considered a standard security advice to grant least privilegeβ€”that is, granting only the permissions required to perform a task. Determine what users need to do and then craft policies for them that let the users perform only those tasks instead of allowing full administrative privileges. Providing full administrative privileges instead of restricting to the minimum set of permissions that the user is required to do exposes the resources to potentially unwanted actions.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "AWS policy AWSResourceExplorerServiceRolePolicy is attached but does not allow '*:*' administrative privileges.", - "metadata": { - "event_code": "iam_aws_attached_policy_no_administrative_privileges", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "AWS policy AWSResourceExplorerServiceRolePolicy is attached but does not allow '*:*' administrative privileges.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "CAF Security Epic: IAM", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_1", - "3_1_2", - "3_1_4", - "3_1_5", - "3_1_6", - "3_1_7", - "3_4_6", - "3_13_3" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_1" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_308_a_3_i", - "164_308_a_3_ii_b", - "164_308_a_4_i", - "164_308_a_4_ii_b", - "164_308_a_4_ii_c", - "164_312_a_1" - ], - "SOC2": [ - "cc_1_3", - "cc_6_3" - ], - "C5-2025": [ - "OIS-04.03B", - "OIS-04.01AC", - "SP-01.04B", - "HR-01.01B", - "IAM-01.01B", - "IAM-01.04B" - ], - "NIST-CSF-1.1": [ - "ac_1", - "ac_4", - "pt_3" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-1", - "ac-2-f", - "ac-2-j", - "ac-3", - "ac-5-c", - "ac-6-10", - "ac-6", - "sc-2" - ], - "CIS-3.0": [ - "1.16" - ], - "NIST-800-53-Revision-5": [ - "ac_2_1", - "ac_2_6", - "ac_2_i_2", - "ac_3", - "ac_3_3", - "ac_3_3_a", - "ac_3_3_b_1", - "ac_3_3_b_2", - "ac_3_3_b_3", - "ac_3_3_b_4", - "ac_3_3_b_5", - "ac_3_3_c", - "ac_3_4", - "ac_3_4_a", - "ac_3_4_b", - "ac_3_4_c", - "ac_3_4_d", - "ac_3_4_e", - "ac_3_7", - "ac_3_8", - "ac_3_12_a", - "ac_3_13", - "ac_3_15_a", - "ac_3_15_b", - "ac_4_28", - "ac_5_b", - "ac_6", - "ac_6_2", - "ac_6_3", - "ac_6_10", - "ac_24", - "cm_5_1_a", - "cm_6_a", - "cm_9_b", - "mp_2", - "sc_23_3", - "sc_25" - ], - "ENS-RD2022": [ - "op.acc.4.aws.iam.1", - "op.acc.4.aws.iam.2", - "op.acc.4.aws.iam.9", - "op.exp.8.r4.aws.ct.8" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.16" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "ac-3" - ], - "FFIEC": [ - "d3-pc-am-b-1", - "d3-pc-am-b-16", - "d3-pc-am-b-2", - "d3-pc-am-b-3", - "d3-pc-am-b-6", - "d3-pc-im-b-7" - ], - "GDPR": [ - "article_25" - ], - "CIS-5.0": [ - "1.15" - ], - "CIS-1.4": [ - "1.16" - ], - "CCC": [ - "CCC.LB.CN05.AR01", - "CCC.Core.CN05.AR02" - ], - "GxP-21-CFR-Part-11": [ - "11.10-d", - "11.10-g" - ], - "ProwlerThreatScore-1.0": [ - "1.3.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "IAM.1" - ], - "CIS-1.5": [ - "1.16" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC03-BP02" - ], - "ISO27001-2022": [ - "A.5.18", - "A.8.2" - ], - "NIST-800-53-Revision-4": [ - "ac_2", - "ac_3", - "ac_5", - "ac_6", - "sc_2" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1078", - "T1648", - "T1098", - "T1578", - "T1550", - "T1040", - "T1580", - "T1538", - "T1619", - "T1201" - ], - "CIS-2.0": [ - "1.16" - ], - "CISA": [ - "your-systems-3", - "your-surroundings-3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure IAM AWS-Managed policies that allow full \"*:*\" administrative privileges are not attached", - "title": "Ensure IAM AWS-Managed policies that allow full \"*:*\" administrative privileges are not attached", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_aws_attached_policy_no_administrative_privileges-211203495394-us-east-1-AWSResourceExplorerServiceRolePolicy" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "AWSResourceExplorerServiceRolePolicy", - "arn": "arn:aws:iam::aws:policy/aws-service-role/AWSResourceExplorerServiceRolePolicy", - "entity": "ANPAZKAPJZG4K2H54PAUL", - "version_id": "v19", - "type": "AWS", - "attached": true, - "document": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "ResourceExplorerAccess", - "Effect": "Allow", - "Action": [ - "resource-explorer-2:UpdateIndexType", - "resource-explorer-2:CreateIndex", - "resource-explorer-2:CreateView", - "resource-explorer-2:AssociateDefaultView", - "resource-explorer-2:DeleteIndex" - ], - "Resource": "*" - }, - { - "Sid": "OrganizationsAccess", - "Effect": "Allow", - "Action": [ - "organizations:DescribeAccount", - "organizations:DescribeOrganization", - "organizations:ListAWSServiceAccessForOrganization", - "organizations:ListAccounts", - "organizations:ListDelegatedAdministrators", - "organizations:ListOrganizationalUnitsForParent", - "organizations:ListRoots" - ], - "Resource": "*" - }, - { - "Sid": "CloudTrailEventsAccess", - "Effect": "Allow", - "Action": [ - "cloudtrail:CreateServiceLinkedChannel", - "cloudtrail:GetServiceLinkedChannel" - ], - "Resource": "arn:aws:cloudtrail:*:*:channel/aws-service-channel/resource-explorer-2/*" - }, - { - "Sid": "ApiGatewayAccess", - "Effect": "Allow", - "Action": "apigateway:GET", - "Resource": [ - "arn:aws:apigateway:*::/restapis", - "arn:aws:apigateway:*::/restapis/*", - "arn:aws:apigateway:*::/restapis/*/deployments", - "arn:aws:apigateway:*::/restapis/*/resources", - "arn:aws:apigateway:*::/restapis/*/resources/*", - "arn:aws:apigateway:*::/restapis/*/resources/*/methods/*", - "arn:aws:apigateway:*::/restapis/*/stages", - "arn:aws:apigateway:*::/restapis/*/stages/*", - "arn:aws:apigateway:*::/vpclinks", - "arn:aws:apigateway:*::/apis", - "arn:aws:apigateway:*::/apis/*/routes", - "arn:aws:apigateway:*::/apis/*/stages", - "arn:aws:apigateway:*::/apis/*", - "arn:aws:apigateway:*::/apis/*/routes/*", - "arn:aws:apigateway:*::/apis/*/stages/*" - ] - }, - { - "Sid": "ResourceInventoryAccess", - "Effect": "Allow", - "Action": [ - "access-analyzer:ListAnalyzers", - "acm-pca:ListCertificateAuthorities", - "acm:ListCertificates", - "airflow:ListEnvironments", - "amplify:ListApps", - "amplify:ListBranches", - "amplify:ListDomainAssociations", - "aoss:ListCollections", - "app-integrations:ListApplications", - "app-integrations:ListEventIntegrations", - "appconfig:ListApplications", - "appconfig:ListDeploymentStrategies", - "appconfig:ListEnvironments", - "appconfig:ListExtensionAssociations", - "appflow:ListFlows", - "appmesh:ListGatewayRoutes", - "appmesh:ListMeshes", - "appmesh:ListRoutes", - "appmesh:ListVirtualGateways", - "appmesh:ListVirtualNodes", - "appmesh:ListVirtualRouters", - "appmesh:ListVirtualServices", - "apprunner:ListAutoScalingConfigurations", - "apprunner:ListConnections", - "apprunner:ListServices", - "apprunner:ListVpcConnectors", - "appstream:DescribeAppBlocks", - "appstream:DescribeApplications", - "appstream:DescribeFleets", - "appstream:DescribeImageBuilders", - "appstream:DescribeStacks", - "appsync:ListGraphqlApis", - "aps:ListRuleGroupsNamespaces", - "aps:ListWorkspaces", - "athena:ListDataCatalogs", - "athena:ListWorkGroups", - "auditmanager:GetAccountStatus", - "auditmanager:ListAssessments", - "autoscaling:DescribeAutoScalingGroups", - "backup-gateway:ListHypervisors", - "backup:ListBackupPlans", - "backup:ListBackupVaults", - "backup:ListReportPlans", - "batch:DescribeComputeEnvironments", - "batch:DescribeJobDefinitions", - "batch:DescribeJobQueues", - "batch:ListSchedulingPolicies", - "bedrock:ListAgentAliases", - "bedrock:ListAgents", - "bedrock:ListDataAutomationProjects", - "bedrock:ListFlows", - "bedrock:ListGuardrails", - "bedrock:ListInferenceProfiles", - "bedrock:ListKnowledgeBases", - "bedrock:ListPromptRouters", - "bedrock:ListPrompts", - "ce:GetAnomalyMonitors", - "ce:GetAnomalySubscriptions", - "chime:ListAppInstanceBots", - "chime:ListAppInstanceUsers", - "chime:ListAppInstances", - "chime:ListMediaInsightsPipelineConfigurations", - "chime:ListMediaPipelineKinesisVideoStreamPools", - "chime:ListMediaPipelines", - "chime:ListSipMediaApplications", - "chime:ListVoiceConnectors", - "cloud9:ListEnvironments", - "cloudformation:ListResources", - "cloudformation:ListStackSets", - "cloudformation:ListStacks", - "cloudfront:ListCachePolicies", - "cloudfront:ListCloudFrontOriginAccessIdentities", - "cloudfront:ListContinuousDeploymentPolicies", - "cloudfront:ListDistributions", - "cloudfront:ListFieldLevelEncryptionConfigs", - "cloudfront:ListFieldLevelEncryptionProfiles", - "cloudfront:ListFunctions", - "cloudfront:ListOriginAccessControls", - "cloudfront:ListOriginRequestPolicies", - "cloudfront:ListRealtimeLogConfigs", - "cloudfront:ListResponseHeadersPolicies", - "cloudtrail:ListChannels", - "cloudtrail:ListDashboards", - "cloudtrail:ListEventDataStores", - "cloudtrail:ListTrails", - "cloudwatch:DescribeAlarms", - "cloudwatch:DescribeInsightRules", - "cloudwatch:ListDashboards", - "cloudwatch:ListMetricStreams", - "codeartifact:ListDomains", - "codeartifact:ListRepositories", - "codebuild:ListProjects", - "codecommit:ListRepositories", - "codeconnections:ListConnections", - "codedeploy:ListApplications", - "codedeploy:ListDeploymentConfigs", - "codeguru-profiler:ListProfilingGroups", - "codeguru-reviewer:ListRepositoryAssociations", - "codepipeline:ListPipelines", - "codepipeline:ListWebhooks", - "codestar-connections:ListConnections", - "cognito-identity:ListIdentityPools", - "cognito-idp:ListUserPools", - "comprehend:ListDocumentClassifiers", - "comprehend:ListEntityRecognizers", - "comprehend:ListFlywheels", - "config:DescribeConfigRules", - "connect:ListEvaluationForms", - "connect:ListHoursOfOperations", - "connect:ListInstanceAttributes", - "connect:ListInstances", - "connect:ListPhoneNumbersV2", - "connect:ListPrompts", - "connect:ListQuickConnects", - "connect:ListRoutingProfileQueues", - "connect:ListRoutingProfiles", - "connect:ListRules", - "connect:ListSecurityProfiles", - "connect:ListTaskTemplates", - "connect:ListUsers", - "databrew:ListDatasets", - "databrew:ListJobs", - "databrew:ListProjects", - "databrew:ListRecipes", - "databrew:ListRulesets", - "databrew:ListSchedules", - "dataexchange:ListDataSets", - "datapipeline:ListPipelines", - "datasync:ListLocations", - "datasync:ListTasks", - "dax:DescribeClusters", - "detective:ListGraphs", - "devicefarm:ListInstanceProfiles", - "devicefarm:ListProjects", - "devicefarm:ListTestGridProjects", - "directconnect:DescribeDirectConnectGateways", - "dms:DescribeCertificates", - "dms:DescribeEndpoints", - "dms:DescribeEventSubscriptions", - "dms:DescribeReplicationInstances", - "dms:DescribeReplicationSubnetGroups", - "dms:DescribeReplicationTasks", - "ds:DescribeDirectories", - "dynamodb:ListTables", - "ec2:DescribeAddresses", - "ec2:DescribeCapacityReservationFleets", - "ec2:DescribeCapacityReservations", - "ec2:DescribeCarrierGateways", - "ec2:DescribeClientVpnEndpoints", - "ec2:DescribeCustomerGateways", - "ec2:DescribeDhcpOptions", - "ec2:DescribeEgressOnlyInternetGateways", - "ec2:DescribeFleets", - "ec2:DescribeFlowLogs", - "ec2:DescribeFpgaImages", - "ec2:DescribeHostReservations", - "ec2:DescribeHosts", - "ec2:DescribeImages", - "ec2:DescribeInstanceConnectEndpoints", - "ec2:DescribeInstanceEventWindows", - "ec2:DescribeInstances", - "ec2:DescribeInternetGateways", - "ec2:DescribeIpamPools", - "ec2:DescribeIpamResourceDiscoveries", - "ec2:DescribeIpamResourceDiscoveryAssociations", - "ec2:DescribeIpamScopes", - "ec2:DescribeIpams", - "ec2:DescribeKeyPairs", - "ec2:DescribeLaunchTemplates", - "ec2:DescribeManagedPrefixLists", - "ec2:DescribeNatGateways", - "ec2:DescribeNetworkAcls", - "ec2:DescribeNetworkInsightsAccessScopeAnalyses", - "ec2:DescribeNetworkInsightsAccessScopes", - "ec2:DescribeNetworkInsightsAnalyses", - "ec2:DescribeNetworkInsightsPaths", - "ec2:DescribeNetworkInterfaces", - "ec2:DescribePlacementGroups", - "ec2:DescribePublicIpv4Pools", - "ec2:DescribeReservedInstances", - "ec2:DescribeRouteTables", - "ec2:DescribeSecurityGroupRules", - "ec2:DescribeSecurityGroups", - "ec2:DescribeSnapshots", - "ec2:DescribeSpotFleetRequests", - "ec2:DescribeSpotInstanceRequests", - "ec2:DescribeSubnets", - "ec2:DescribeTrafficMirrorFilters", - "ec2:DescribeTrafficMirrorSessions", - "ec2:DescribeTrafficMirrorTargets", - "ec2:DescribeTransitGatewayAttachments", - "ec2:DescribeTransitGatewayConnectPeers", - "ec2:DescribeTransitGatewayMulticastDomains", - "ec2:DescribeTransitGatewayPolicyTables", - "ec2:DescribeTransitGatewayRouteTableAnnouncements", - "ec2:DescribeTransitGatewayRouteTables", - "ec2:DescribeTransitGateways", - "ec2:DescribeVerifiedAccessEndpoints", - "ec2:DescribeVerifiedAccessGroups", - "ec2:DescribeVerifiedAccessInstances", - "ec2:DescribeVerifiedAccessTrustProviders", - "ec2:DescribeVolumes", - "ec2:DescribeVpcBlockPublicAccessExclusions", - "ec2:DescribeVpcEndpointServiceConfigurations", - "ec2:DescribeVpcEndpoints", - "ec2:DescribeVpcPeeringConnections", - "ec2:DescribeVpcs", - "ec2:DescribeVpnConnections", - "ec2:DescribeVpnGateways", - "ec2:GetSubnetCidrReservations", - "ecr-public:DescribeRepositories", - "ecr:DescribeRepositories", - "ecs:DescribeCapacityProviders", - "ecs:DescribeServices", - "ecs:ListClusters", - "ecs:ListContainerInstances", - "ecs:ListServices", - "ecs:ListTaskDefinitions", - "eks:DescribeAccessEntry", - "eks:DescribeAddon", - "eks:DescribeFargateProfile", - "eks:DescribeIdentityProviderConfig", - "eks:DescribeNodegroup", - "eks:ListAccessEntries", - "eks:ListAddons", - "eks:ListClusters", - "eks:ListEksAnywhereSubscriptions", - "eks:ListFargateProfiles", - "eks:ListIdentityProviderConfigs", - "eks:ListNodegroups", - "eks:ListPodIdentityAssociations", - "elasticache:DescribeCacheClusters", - "elasticache:DescribeCacheParameterGroups", - "elasticache:DescribeCacheSubnetGroups", - "elasticache:DescribeGlobalReplicationGroups", - "elasticache:DescribeReplicationGroups", - "elasticache:DescribeReservedCacheNodes", - "elasticache:DescribeSnapshots", - "elasticache:DescribeUserGroups", - "elasticache:DescribeUsers", - "elasticbeanstalk:DescribeApplicationVersions", - "elasticbeanstalk:DescribeApplications", - "elasticbeanstalk:DescribeEnvironments", - "elasticfilesystem:DescribeAccessPoints", - "elasticfilesystem:DescribeFileSystems", - "elasticloadbalancing:DescribeListeners", - "elasticloadbalancing:DescribeLoadBalancers", - "elasticloadbalancing:DescribeRules", - "elasticloadbalancing:DescribeTargetGroups", - "elasticmapreduce:ListClusters", - "emr-containers:ListJobTemplates", - "emr-containers:ListManagedEndpoints", - "emr-containers:ListSecurityConfigurations", - "emr-containers:ListVirtualClusters", - "emr-serverless:ListApplications", - "es:ListDomainNames", - "events:ListApiDestinations", - "events:ListArchives", - "events:ListConnections", - "events:ListEndpoints", - "events:ListEventBuses", - "events:ListRules", - "evidently:ListExperiments", - "evidently:ListFeatures", - "evidently:ListLaunches", - "evidently:ListProjects", - "finspace:ListEnvironments", - "firehose:ListDeliveryStreams", - "fis:ListExperimentTemplates", - "fms:ListPolicies", - "fms:ListProtocolsLists", - "forecast:ListDatasetGroups", - "forecast:ListDatasetImportJobs", - "forecast:ListDatasets", - "forecast:ListForecastExportJobs", - "forecast:ListForecasts", - "forecast:ListPredictorBacktestExportJobs", - "forecast:ListPredictors", - "frauddetector:GetDetectors", - "frauddetector:GetEntityTypes", - "frauddetector:GetEventTypes", - "frauddetector:GetExternalModels", - "frauddetector:GetLabels", - "frauddetector:GetModels", - "frauddetector:GetOutcomes", - "frauddetector:GetVariables", - "fsx:DescribeBackups", - "fsx:DescribeFileSystems", - "gamelift:DescribeGameSessionQueues", - "gamelift:DescribeMatchmakingConfigurations", - "gamelift:DescribeMatchmakingRuleSets", - "gamelift:ListAliases", - "gamelift:ListBuilds", - "gamelift:ListLocations", - "gamelift:ListScripts", - "geo:ListMaps", - "geo:ListPlaceIndexes", - "geo:ListTrackers", - "glacier:ListVaults", - "globalaccelerator:ListAccelerators", - "globalaccelerator:ListEndpointGroups", - "globalaccelerator:ListListeners", - "glue:GetCrawlers", - "glue:GetDatabases", - "glue:GetJobs", - "glue:GetTables", - "glue:GetTriggers", - "glue:ListDataQualityRulesets", - "glue:ListMLTransforms", - "glue:ListRegistries", - "grafana:ListWorkspaces", - "greengrass:ListComponentVersions", - "greengrass:ListComponents", - "greengrass:ListConnectorDefinitions", - "greengrass:ListCoreDefinitions", - "greengrass:ListDeviceDefinitions", - "greengrass:ListFunctionDefinitions", - "greengrass:ListGroups", - "greengrass:ListLoggerDefinitions", - "greengrass:ListResourceDefinitions", - "greengrass:ListSubscriptionDefinitions", - "groundstation:ListConfigs", - "groundstation:ListDataflowEndpointGroups", - "groundstation:ListMissionProfiles", - "guardduty:ListDetectors", - "guardduty:ListFilters", - "guardduty:ListIPSets", - "guardduty:ListMalwareProtectionPlans", - "guardduty:ListPublishingDestinations", - "guardduty:ListThreatIntelSets", - "healthlake:ListFHIRDatastores", - "iam:ListGroups", - "iam:ListInstanceProfiles", - "iam:ListOpenIDConnectProviders", - "iam:ListPolicies", - "iam:ListRoles", - "iam:ListSAMLProviders", - "iam:ListServerCertificates", - "iam:ListUsers", - "iam:ListVirtualMFADevices", - "imagebuilder:ListComponentBuildVersions", - "imagebuilder:ListComponents", - "imagebuilder:ListContainerRecipes", - "imagebuilder:ListDistributionConfigurations", - "imagebuilder:ListImageBuildVersions", - "imagebuilder:ListImagePipelines", - "imagebuilder:ListImageRecipes", - "imagebuilder:ListImages", - "imagebuilder:ListInfrastructureConfigurations", - "inspector2:ListFilters", - "inspector:ListAssessmentTemplates", - "iot:ListAuthorizers", - "iot:ListBillingGroups", - "iot:ListCACertificates", - "iot:ListCertificates", - "iot:ListFleetMetrics", - "iot:ListJobTemplates", - "iot:ListMitigationActions", - "iot:ListPolicies", - "iot:ListProvisioningTemplates", - "iot:ListRoleAliases", - "iot:ListScheduledAudits", - "iot:ListSecurityProfiles", - "iot:ListThingGroups", - "iot:ListThingTypes", - "iot:ListThings", - "iot:ListTopicRuleDestinations", - "iot:ListTopicRules", - "iotanalytics:ListChannels", - "iotanalytics:ListDatasets", - "iotanalytics:ListDatastores", - "iotanalytics:ListPipelines", - "iotdeviceadvisor:ListSuiteDefinitions", - "iotevents:ListAlarmModels", - "iotevents:ListDetectorModels", - "iotevents:ListInputs", - "iotfleethub:ListApplications", - "iotfleetwise:ListDecoderManifests", - "iotfleetwise:ListModelManifests", - "iotfleetwise:ListSignalCatalogs", - "iotfleetwise:ListVehicles", - "iotsitewise:ListAccessPolicies", - "iotsitewise:ListAssetModels", - "iotsitewise:ListAssets", - "iotsitewise:ListDashboards", - "iotsitewise:ListGateways", - "iotsitewise:ListPortals", - "iotsitewise:ListProjects", - "iottwinmaker:ListComponentTypes", - "iottwinmaker:ListEntities", - "iottwinmaker:ListSyncJobs", - "iottwinmaker:ListWorkspaces", - "iotwireless:ListDestinations", - "iotwireless:ListDeviceProfiles", - "iotwireless:ListFuotaTasks", - "iotwireless:ListMulticastGroups", - "iotwireless:ListPartnerAccounts", - "iotwireless:ListServiceProfiles", - "iotwireless:ListWirelessDevices", - "iotwireless:ListWirelessGatewayTaskDefinitions", - "iotwireless:ListWirelessGateways", - "ivs:ListChannels", - "ivs:ListEncoderConfigurations", - "ivs:ListIngestConfigurations", - "ivs:ListPlaybackKeyPairs", - "ivs:ListPlaybackRestrictionPolicies", - "ivs:ListRecordingConfigurations", - "ivs:ListStorageConfigurations", - "ivs:ListStreamKeys", - "ivschat:ListLoggingConfigurations", - "ivschat:ListRooms", - "kafka:ListClusters", - "kafka:ListConfigurations", - "kendra:ListAccessControlConfigurations", - "kendra:ListDataSources", - "kendra:ListExperiences", - "kendra:ListFaqs", - "kendra:ListFeaturedResultsSets", - "kendra:ListIndices", - "kendra:ListQuerySuggestionsBlockLists", - "kendra:ListThesauri", - "kinesis:ListStreams", - "kinesisanalytics:ListApplications", - "kinesisvideo:ListSignalingChannels", - "kinesisvideo:ListStreams", - "kms:ListKeys", - "lambda:ListCodeSigningConfigs", - "lambda:ListEventSourceMappings", - "lambda:ListFunctions", - "lex:ListBotAliases", - "lex:ListBots", - "license-manager:ListDistributedGrants", - "lightsail:GetBuckets", - "lightsail:GetCertificates", - "lightsail:GetContainerServices", - "lightsail:GetDisks", - "logs:DescribeDestinations", - "logs:DescribeLogGroups", - "logs:ListTagsForResource", - "lookoutmetrics:ListAlerts", - "lookoutmetrics:ListAnomalyDetectors", - "lookoutvision:ListProjects", - "m2:ListEnvironments", - "macie2:ListAllowLists", - "macie2:ListCustomDataIdentifiers", - "macie2:ListFindingsFilters", - "managedblockchain:ListAccessors", - "mediapackage-vod:ListAssets", - "mediapackage-vod:ListPackagingConfigurations", - "mediapackage-vod:ListPackagingGroups", - "mediapackage:ListChannels", - "mediapackage:ListOriginEndpoints", - "mediastore:ListContainers", - "mediatailor:ListChannels", - "mediatailor:ListLiveSources", - "mediatailor:ListPlaybackConfigurations", - "mediatailor:ListSourceLocations", - "mediatailor:ListVodSources", - "memorydb:DescribeACLs", - "memorydb:DescribeClusters", - "memorydb:DescribeParameterGroups", - "memorydb:DescribeSnapshots", - "memorydb:DescribeSubnetGroups", - "memorydb:DescribeUsers", - "mobiletargeting:GetApps", - "mobiletargeting:GetCampaigns", - "mobiletargeting:GetSegments", - "mobiletargeting:ListTemplates", - "mq:ListBrokers", - "mq:ListConfigurations", - "network-firewall:ListFirewallPolicies", - "network-firewall:ListFirewalls", - "network-firewall:ListRuleGroups", - "networkmanager:DescribeGlobalNetworks", - "networkmanager:GetDevices", - "networkmanager:GetLinks", - "networkmanager:ListAttachments", - "networkmanager:ListCoreNetworks", - "oam:ListSinks", - "omics:ListReferenceStores", - "omics:ListRunGroups", - "omics:ListWorkflows", - "outposts:ListSites", - "organizations:DescribeResourcePolicy", - "organizations:ListPolicies", - "panorama:ListPackages", - "partnercentral:ListEngagementInvitations", - "partnercentral:ListEngagements", - "partnercentral:ListOpportunities", - "partnercentral:ListResourceSnapshotJobs", - "partnercentral:ListResourceSnapshots", - "personalize:ListDatasetGroups", - "personalize:ListDatasets", - "personalize:ListSchemas", - "personalize:ListSolutions", - "pipes:ListPipes", - "profile:ListDomains", - "profile:ListIntegrations", - "profile:ListProfileObjectTypes", - "proton:ListEnvironmentAccountConnections", - "proton:ListEnvironmentTemplates", - "proton:ListServiceTemplates", - "qldb:ListJournalKinesisStreamsForLedger", - "qldb:ListLedgers", - "quicksight:DescribeAccountSubscription", - "quicksight:ListDataSets", - "quicksight:ListDataSources", - "quicksight:ListTemplates", - "quicksight:ListThemes", - "ram:GetResourceShares", - "rds:DescribeBlueGreenDeployments", - "rds:DescribeDBClusterEndpoints", - "rds:DescribeDBClusterParameterGroups", - "rds:DescribeDBClusterSnapshots", - "rds:DescribeDBClusters", - "rds:DescribeDBEngineVersions", - "rds:DescribeDBInstanceAutomatedBackups", - "rds:DescribeDBInstances", - "rds:DescribeDBParameterGroups", - "rds:DescribeDBProxies", - "rds:DescribeDBProxyEndpoints", - "rds:DescribeDBSecurityGroups", - "rds:DescribeDBSnapshots", - "rds:DescribeDBSubnetGroups", - "rds:DescribeEventSubscriptions", - "rds:DescribeGlobalClusters", - "rds:DescribeOptionGroups", - "rds:DescribeReservedDBInstances", - "redshift:DescribeClusterParameterGroups", - "redshift:DescribeClusterSnapshots", - "redshift:DescribeClusterSubnetGroups", - "redshift:DescribeClusters", - "redshift:DescribeEventSubscriptions", - "redshift:DescribeHsmClientCertificates", - "redshift:DescribeSnapshotCopyGrants", - "redshift:DescribeSnapshotSchedules", - "redshift:DescribeUsageLimits", - "refactor-spaces:ListApplications", - "refactor-spaces:ListEnvironments", - "refactor-spaces:ListRoutes", - "refactor-spaces:ListServices", - "rekognition:DescribeProjects", - "resiliencehub:ListApps", - "resiliencehub:ListResiliencyPolicies", - "resource-explorer-2:GetIndex", - "resource-explorer-2:ListViews", - "resource-groups:ListGroups", - "route53-recovery-control-config:ListClusters", - "route53-recovery-control-config:ListControlPanels", - "route53-recovery-control-config:ListRoutingControls", - "route53-recovery-control-config:ListSafetyRules", - "route53-recovery-readiness:ListCells", - "route53-recovery-readiness:ListReadinessChecks", - "route53-recovery-readiness:ListRecoveryGroups", - "route53-recovery-readiness:ListResourceSets", - "route53:ListHealthChecks", - "route53:ListHostedZones", - "route53domains:ListDomains", - "route53resolver:ListFirewallDomainLists", - "route53resolver:ListFirewallRuleGroupAssociations", - "route53resolver:ListFirewallRuleGroups", - "route53resolver:ListResolverEndpoints", - "route53resolver:ListResolverQueryLogConfigs", - "route53resolver:ListResolverRules", - "rum:ListAppMonitors", - "s3:GetBucketLocation", - "s3:ListAccessPoints", - "s3:ListAllMyBuckets", - "s3:ListBucket", - "s3:ListMultiRegionAccessPoints", - "s3:ListStorageLensConfigurations", - "s3:ListStorageLensGroups", - "s3express:ListAllMyDirectoryBuckets", - "sagemaker:ListActions", - "sagemaker:ListAlgorithms", - "sagemaker:ListAppImageConfigs", - "sagemaker:ListApps", - "sagemaker:ListArtifacts", - "sagemaker:ListClusters", - "sagemaker:ListCodeRepositories", - "sagemaker:ListContexts", - "sagemaker:ListDomains", - "sagemaker:ListEndpointConfigs", - "sagemaker:ListEndpoints", - "sagemaker:ListExperiments", - "sagemaker:ListFeatureGroups", - "sagemaker:ListFlowDefinitions", - "sagemaker:ListHubContents", - "sagemaker:ListHubs", - "sagemaker:ListHumanTaskUis", - "sagemaker:ListImageVersions", - "sagemaker:ListImages", - "sagemaker:ListInferenceComponents", - "sagemaker:ListInferenceExperiments", - "sagemaker:ListMlflowTrackingServers", - "sagemaker:ListModelCardVersions", - "sagemaker:ListModelCards", - "sagemaker:ListModelPackageGroups", - "sagemaker:ListModelPackages", - "sagemaker:ListModels", - "sagemaker:ListMonitoringSchedules", - "sagemaker:ListNotebookInstanceLifecycleConfigs", - "sagemaker:ListNotebookInstances", - "sagemaker:ListPipelines", - "sagemaker:ListProjects", - "sagemaker:ListSpaces", - "sagemaker:ListStudioLifecycleConfigs", - "sagemaker:ListTrialComponents", - "sagemaker:ListTrials", - "sagemaker:ListUserProfiles", - "sagemaker:ListWorkforces", - "sagemaker:ListWorkteams", - "scheduler:ListScheduleGroups", - "schemas:ListDiscoverers", - "secretsmanager:ListSecrets", - "servicecatalog:ListApplications", - "servicecatalog:ListAttributeGroups", - "servicediscovery:ListServices", - "ses:ListConfigurationSets", - "ses:ListContactLists", - "ses:ListDedicatedIpPools", - "ses:ListEmailIdentities", - "shield:ListProtectionGroups", - "shield:ListProtections", - "signer:ListSigningProfiles", - "sns:ListTopics", - "sqs:ListQueues", - "ssm-incidents:ListResponsePlans", - "ssm:DescribeInstanceInformation", - "ssm:DescribeMaintenanceWindowTargets", - "ssm:DescribeMaintenanceWindowTasks", - "ssm:DescribeMaintenanceWindows", - "ssm:DescribeParameters", - "ssm:DescribeSessions", - "ssm:ListAssociations", - "ssm:ListDocuments", - "ssm:ListResourceDataSync", - "states:ListActivities", - "states:ListStateMachines", - "storagegateway:ListGateways", - "synthetics:DescribeCanaries", - "synthetics:ListGroups", - "transfer:ListAgreements", - "transfer:ListCertificates", - "transfer:ListConnectors", - "transfer:ListProfiles", - "transfer:ListServers", - "transfer:ListUsers", - "transfer:ListWorkflows", - "verifiedpermissions:ListPolicyStores", - "vpc-lattice:ListListeners", - "vpc-lattice:ListServiceNetworkServiceAssociations", - "vpc-lattice:ListServiceNetworks", - "vpc-lattice:ListServices", - "vpc-lattice:ListTargetGroups", - "wafv2:ListIPSets", - "wafv2:ListRegexPatternSets", - "wafv2:ListRuleGroups", - "wafv2:ListWebACLs", - "wisdom:ListAssistantAssociations", - "wisdom:ListAssistants", - "wisdom:ListContents", - "wisdom:ListKnowledgeBases", - "workspaces-web:ListPortals", - "workspaces:DescribeConnectionAliases", - "workspaces:DescribeWorkspaces" - ], - "Resource": "*" - }, - { - "Sid": "PermissionsForReadGetResources", - "Effect": "Allow", - "Action": [ - "cloudformation:GetResource", - "cloudfront:GetDistribution", - "cloudfront:GetDistributionConfig", - "dynamodb:DescribeContinuousBackups", - "dynamodb:DescribeContributorInsights", - "dynamodb:DescribeKinesisStreamingDestination", - "dynamodb:DescribeTable", - "dynamodb:GetResourcePolicy", - "dynamodb:ListTagsOfResource", - "ecs:ListTagsForResource", - "elasticloadbalancing:DescribeCapacityReservation", - "elasticloadbalancing:DescribeLoadBalancerAttributes", - "elasticloadbalancing:DescribeLoadBalancerPolicies", - "elasticloadbalancing:DescribeLoadBalancerPolicyTypes", - "elasticloadbalancing:DescribeTags", - "elasticloadbalancing:DescribeTargetGroupAttributes", - "elasticloadbalancing:DescribeTargetHealth", - "events:DescribeRule", - "events:ListTargetsByRule", - "iam:GetRole", - "iam:GetRolePolicy", - "iam:ListAttachedRolePolicies", - "iam:ListRolePolicies", - "kinesis:DescribeStreamSummary", - "kinesis:ListTagsForStream", - "lambda:GetEventSourceMapping", - "lambda:GetFunction", - "lambda:GetFunctionCodeSigningConfig", - "lambda:GetFunctionRecursionConfig", - "lambda:ListTags", - "logs:DescribeIndexPolicies", - "logs:GetDataProtectionPolicy", - "s3:GetAccelerateConfiguration", - "s3:GetAnalyticsConfiguration", - "s3:GetBucketCORS", - "s3:GetBucketLogging", - "s3:GetBucketMetadataTableConfiguration", - "s3:GetBucketNotification", - "s3:GetBucketObjectLockConfiguration", - "s3:GetBucketOwnershipControls", - "s3:GetBucketPublicAccessBlock", - "s3:GetBucketTagging", - "s3:GetBucketVersioning", - "s3:GetBucketWebsite", - "s3:GetEncryptionConfiguration", - "s3:GetIntelligentTieringConfiguration", - "s3:GetInventoryConfiguration", - "s3:GetLifecycleConfiguration", - "s3:GetMetricsConfiguration", - "s3:GetReplicationConfiguration", - "sns:GetDataProtectionPolicy", - "sns:GetTopicAttributes", - "sns:ListSubscriptionsByTopic", - "sns:ListTagsForResource", - "sqs:GetQueueAttributes", - "sqs:ListQueueTags" - ], - "Resource": "*" - } - ] - }, - "tags": [] - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "AWSResourceExplorerServiceRolePolicy", - "type": "AwsIamPolicy", - "uid": "arn:aws:iam::aws:policy/aws-service-role/AWSResourceExplorerServiceRolePolicy" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "It is more secure to start with a minimum set of permissions and grant additional permissions as necessary, rather than starting with permissions that are too lenient and then trying to tighten them later. List policies an analyze if permissions are the least possible to conduct business activities.", - "references": [ - "http://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html" - ] - }, - "risk_details": "IAM policies are the means by which privileges are granted to users, groups, or roles. It is recommended and considered a standard security advice to grant least privilegeβ€”that is, granting only the permissions required to perform a task. Determine what users need to do and then craft policies for them that let the users perform only those tasks instead of allowing full administrative privileges. Providing full administrative privileges instead of restricting to the minimum set of permissions that the user is required to do exposes the resources to potentially unwanted actions.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No SAML Providers found.", - "metadata": { - "event_code": "iam_check_saml_providers_sts", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "No SAML Providers found.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-3.0": [ - "1.21" - ], - "ENS-RD2022": [ - "op.acc.1.aws.iam.2" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.3", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.21" - ], - "CIS-5.0": [ - "1.20" - ], - "CIS-1.4": [ - "1.21" - ], - "CCC": [ - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR06" - ], - "ProwlerThreatScore-1.0": [ - "1.2.7" - ], - "CIS-1.5": [ - "1.21" - ], - "KISA-ISMS-P-2023": [ - "2.5.3", - "2.10.2" - ], - "CIS-2.0": [ - "1.21" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Check if there are SAML Providers then STS can be used", - "title": "Check if there are SAML Providers then STS can be used", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_check_saml_providers_sts-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:iam::211203495394:root" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Enable SAML provider and use temporary credentials. You can use temporary security credentials to make programmatic requests for AWS resources using the AWS CLI or AWS API (using the AWS SDKs ). The temporary credentials provide the same permissions that you have with use long-term security credentials such as IAM user credentials. In case of not having SAML provider capabilities prevent usage of long-lived credentials.", - "references": [ - "https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRoleWithSAML.html" - ] - }, - "risk_details": "Without SAML provider users with AWS CLI or AWS API access can use IAM static credentials. SAML helps users to assume role by default each time they authenticate.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Custom policy vpc-flow-log-to-cloudwatch-20251019183706984700000008 is attached but does not allow '*:*' administrative privileges.", - "metadata": { - "event_code": "iam_customer_attached_policy_no_administrative_privileges", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Custom policy vpc-flow-log-to-cloudwatch-20251019183706984700000008 is attached but does not allow '*:*' administrative privileges.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "CAF Security Epic: IAM", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_1", - "3_1_2", - "3_1_4", - "3_1_5", - "3_1_6", - "3_1_7", - "3_4_6", - "3_13_3" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_1" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_308_a_3_i", - "164_308_a_3_ii_b", - "164_308_a_4_i", - "164_308_a_4_ii_b", - "164_308_a_4_ii_c", - "164_312_a_1" - ], - "SOC2": [ - "cc_1_3", - "cc_6_3" - ], - "C5-2025": [ - "OIS-04.01AC", - "SP-01.04B", - "HR-01.01B", - "IAM-01.01B", - "IAM-01.04B", - "IAM-06.01B" - ], - "NIST-CSF-1.1": [ - "ac_1", - "ac_4", - "pt_3" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-1", - "ac-2-f", - "ac-2-j", - "ac-3", - "ac-5-c", - "ac-6-10", - "ac-6", - "sc-2" - ], - "CIS-3.0": [ - "1.16" - ], - "NIST-800-53-Revision-5": [ - "ac_2_1", - "ac_2_6", - "ac_2_i_2", - "ac_3", - "ac_3_3", - "ac_3_3_a", - "ac_3_3_b_1", - "ac_3_3_b_2", - "ac_3_3_b_3", - "ac_3_3_b_4", - "ac_3_3_b_5", - "ac_3_3_c", - "ac_3_4", - "ac_3_4_a", - "ac_3_4_b", - "ac_3_4_c", - "ac_3_4_d", - "ac_3_4_e", - "ac_3_7", - "ac_3_8", - "ac_3_12_a", - "ac_3_13", - "ac_3_15_a", - "ac_3_15_b", - "ac_4_28", - "ac_5_b", - "ac_6", - "ac_6_2", - "ac_6_3", - "ac_6_10", - "ac_24", - "cm_5_1_a", - "cm_6_a", - "cm_9_b", - "mp_2", - "sc_23_3", - "sc_25" - ], - "ENS-RD2022": [ - "op.acc.4.aws.iam.1", - "op.acc.4.aws.iam.2", - "op.acc.4.aws.iam.9", - "op.exp.8.r4.aws.ct.8", - "op.exp.8.r4.aws.ct.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.16" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "ac-3" - ], - "FFIEC": [ - "d3-pc-am-b-1", - "d3-pc-am-b-16", - "d3-pc-am-b-2", - "d3-pc-am-b-3", - "d3-pc-am-b-6", - "d3-pc-im-b-7" - ], - "GDPR": [ - "article_25" - ], - "CIS-5.0": [ - "1.15" - ], - "CIS-1.4": [ - "1.16" - ], - "CCC": [ - "CCC.LB.CN05.AR01", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN05.AR02" - ], - "GxP-21-CFR-Part-11": [ - "11.10-d", - "11.10-g" - ], - "ProwlerThreatScore-1.0": [ - "1.3.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "IAM.1" - ], - "CIS-1.5": [ - "1.16" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC03-BP02", - "SEC03-BP04" - ], - "ISO27001-2022": [ - "A.5.18", - "A.8.2" - ], - "NIST-800-53-Revision-4": [ - "ac_2", - "ac_3", - "ac_5", - "ac_6", - "sc_2" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1078", - "T1648", - "T1098", - "T1578", - "T1550", - "T1040", - "T1580", - "T1538", - "T1619", - "T1201" - ], - "CIS-2.0": [ - "1.16" - ], - "CISA": [ - "your-systems-3", - "your-surroundings-3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure IAM Customer-Managed policies that allow full \"*:*\" administrative privileges are not attached", - "title": "Ensure IAM Customer-Managed policies that allow full \"*:*\" administrative privileges are not attached", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_customer_attached_policy_no_administrative_privileges-211203495394-us-east-1-vpc-flow-log-to-cloudwatch-20251019183706984700000008" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "vpc-flow-log-to-cloudwatch-20251019183706984700000008", - "arn": "arn:aws:iam::211203495394:policy/vpc-flow-log-to-cloudwatch-20251019183706984700000008", - "entity": "ANPATCLFVSXRGIQVNTVU5", - "version_id": "v1", - "type": "Custom", - "attached": true, - "document": { - "Statement": [ - { - "Action": [ - "logs:PutLogEvents", - "logs:DescribeLogStreams", - "logs:DescribeLogGroups", - "logs:CreateLogStream" - ], - "Effect": "Allow", - "Resource": "arn:aws:logs:eu-west-1:211203495394:log-group:/aws/vpc-flow-log/vpc-007d791b9b857543e:*", - "Sid": "AWSVPCFlowLogsPushToCloudWatch" - } - ], - "Version": "2012-10-17" - }, - "tags": [ - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Example", - "Value": "ex-vpc" - } - ] - } - }, - "group": { - "name": "iam" - }, - "labels": [ - "GithubRepo:terraform-aws-vpc", - "GithubOrg:terraform-aws-modules", - "Example:ex-vpc" - ], - "name": "vpc-flow-log-to-cloudwatch-20251019183706984700000008", - "type": "AwsIamPolicy", - "uid": "arn:aws:iam::211203495394:policy/vpc-flow-log-to-cloudwatch-20251019183706984700000008" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "It is more secure to start with a minimum set of permissions and grant additional permissions as necessary, rather than starting with permissions that are too lenient and then trying to tighten them later. List policies an analyze if permissions are the least possible to conduct business activities.", - "references": [ - "http://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html" - ] - }, - "risk_details": "IAM policies are the means by which privileges are granted to users, groups, or roles. It is recommended and considered a standard security advice to grant least privilegeβ€”that is, granting only the permissions required to perform a task. Determine what users need to do and then craft policies for them that let the users perform only those tasks instead of allowing full administrative privileges. Providing full administrative privileges instead of restricting to the minimum set of permissions that the user is required to do exposes the resources to potentially unwanted actions.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Inline policy CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-read attached to user test-user-trusted does not allow privilege escalation.", - "metadata": { - "event_code": "iam_inline_policy_allows_privilege_escalation", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Inline policy CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-read attached to user test-user-trusted does not allow privilege escalation.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_3_3" - ], - "C5-2025": [ - "SP-01.04B", - "AM-09.04AC" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.LB.CN05.AR01", - "CCC.Monitor.CN05.AR01", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR04" - ], - "ProwlerThreatScore-1.0": [ - "1.3.3" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure no Inline IAM policies allow actions that may lead into Privilege Escalation", - "title": "Ensure no IAM Inline policies allow actions that may lead into Privilege Escalation", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards" - ], - "uid": "prowler-aws-iam_inline_policy_allows_privilege_escalation-211203495394-us-east-1-test-user-trusted/CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-read" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-read", - "arn": "arn:aws:iam::211203495394:user/test-user-trusted", - "entity": "test-user-trusted", - "version_id": "v1", - "type": "Inline", - "attached": true, - "document": { - "Statement": [ - { - "Action": [ - "s3:GetObject", - "s3:ListBucket", - "rds:DescribeDBInstances", - "ec2:Describe*" - ], - "Effect": "Allow", - "Resource": "arn:aws:s3:us-east-1:211203495394:storage-lens/default-account-dashboard" - } - ], - "Version": "2012-10-17" - }, - "tags": [] - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "test-user-trusted/CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-read", - "type": "AwsIamPolicy", - "uid": "arn:aws:iam::211203495394:user/test-user-trusted" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Grant usage permission on a per-resource basis and applying least privilege principle.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#grant-least-privilege" - ] - }, - "risk_details": "Users with some IAM permissions are allowed to elevate their privileges up to administrator rights.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Inline policy CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-write attached to user test-user-trusted does not allow privilege escalation.", - "metadata": { - "event_code": "iam_inline_policy_allows_privilege_escalation", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Inline policy CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-write attached to user test-user-trusted does not allow privilege escalation.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_3_3" - ], - "C5-2025": [ - "SP-01.04B", - "AM-09.04AC" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.LB.CN05.AR01", - "CCC.Monitor.CN05.AR01", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR04" - ], - "ProwlerThreatScore-1.0": [ - "1.3.3" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure no Inline IAM policies allow actions that may lead into Privilege Escalation", - "title": "Ensure no IAM Inline policies allow actions that may lead into Privilege Escalation", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards" - ], - "uid": "prowler-aws-iam_inline_policy_allows_privilege_escalation-211203495394-us-east-1-test-user-trusted/CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-write" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-write", - "arn": "arn:aws:iam::211203495394:user/test-user-trusted", - "entity": "test-user-trusted", - "version_id": "v1", - "type": "Inline", - "attached": true, - "document": { - "Statement": [ - { - "Action": [ - "s3:GetObject", - "s3:PutObject", - "s3:DeleteObject", - "s3:ListBucket", - "rds:DescribeDBInstances", - "rds:ModifyDBInstance", - "ec2:Describe*" - ], - "Effect": "Allow", - "Resource": "arn:aws:s3:us-east-1:211203495394:storage-lens/default-account-dashboard" - } - ], - "Version": "2012-10-17" - }, - "tags": [] - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "test-user-trusted/CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-write", - "type": "AwsIamPolicy", - "uid": "arn:aws:iam::211203495394:user/test-user-trusted" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Grant usage permission on a per-resource basis and applying least privilege principle.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#grant-least-privilege" - ] - }, - "risk_details": "Users with some IAM permissions are allowed to elevate their privileges up to administrator rights.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Inline policy CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-read attached to user test-user-trusted does not allow '*:*' administrative privileges.", - "metadata": { - "event_code": "iam_inline_policy_no_administrative_privileges", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Inline policy CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-read attached to user test-user-trusted does not allow '*:*' administrative privileges.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "CAF Security Epic: IAM", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_1", - "3_1_2", - "3_1_4", - "3_1_5", - "3_1_6", - "3_1_7", - "3_4_6", - "3_13_3" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_1" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_308_a_3_i", - "164_308_a_3_ii_b", - "164_308_a_4_i", - "164_308_a_4_ii_b", - "164_308_a_4_ii_c", - "164_312_a_1" - ], - "SOC2": [ - "cc_1_3", - "cc_6_3" - ], - "C5-2025": [ - "OIS-04.01AC", - "SP-01.04B", - "HR-01.01B", - "IAM-01.01B", - "IAM-01.04B" - ], - "NIST-CSF-1.1": [ - "ac_1", - "ac_4", - "pt_3" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-1", - "ac-2-f", - "ac-2-j", - "ac-3", - "ac-5-c", - "ac-6-10", - "ac-6", - "sc-2" - ], - "NIST-800-53-Revision-5": [ - "ac_2_1", - "ac_2_6", - "ac_2_i_2", - "ac_3", - "ac_3_3", - "ac_3_3_a", - "ac_3_3_b_1", - "ac_3_3_b_2", - "ac_3_3_b_3", - "ac_3_3_b_4", - "ac_3_3_b_5", - "ac_3_3_c", - "ac_3_4", - "ac_3_4_a", - "ac_3_4_b", - "ac_3_4_c", - "ac_3_4_d", - "ac_3_4_e", - "ac_3_7", - "ac_3_8", - "ac_3_12_a", - "ac_3_13", - "ac_3_15_a", - "ac_3_15_b", - "ac_4_28", - "ac_5_b", - "ac_6", - "ac_6_2", - "ac_6_3", - "ac_6_10", - "ac_24", - "cm_5_1_a", - "cm_6_a", - "cm_9_b", - "mp_2", - "sc_23_3", - "sc_25" - ], - "ENS-RD2022": [ - "op.acc.4.aws.iam.1", - "op.acc.4.aws.iam.2", - "op.acc.4.aws.iam.9", - "op.exp.8.r4.aws.ct.8" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "ac-3" - ], - "FFIEC": [ - "d3-pc-am-b-1", - "d3-pc-am-b-16", - "d3-pc-am-b-2", - "d3-pc-am-b-3", - "d3-pc-am-b-6", - "d3-pc-im-b-7" - ], - "GDPR": [ - "article_25" - ], - "CCC": [ - "CCC.LB.CN05.AR01" - ], - "GxP-21-CFR-Part-11": [ - "11.10-d", - "11.10-g" - ], - "AWS-Foundational-Security-Best-Practices": [ - "IAM.1" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC03-BP02" - ], - "ISO27001-2022": [ - "A.5.18", - "A.8.2" - ], - "NIST-800-53-Revision-4": [ - "ac_2", - "ac_3", - "ac_5", - "ac_6", - "sc_2" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1078", - "T1648", - "T1098", - "T1578", - "T1550", - "T1040", - "T1580", - "T1538", - "T1619", - "T1201" - ], - "CISA": [ - "your-systems-3", - "your-surroundings-3" - ], - "NIS2": [ - "6.7.2.e", - "11.3.2.c", - "11.4.2.b" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure inline policies that allow full \"*:*\" administrative privileges are not associated to IAM identities", - "title": "Ensure IAM inline policies that allow full \"*:*\" administrative privileges are not associated to IAM identities", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_inline_policy_no_administrative_privileges-211203495394-us-east-1-test-user-trusted/CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-read" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-read", - "arn": "arn:aws:iam::211203495394:user/test-user-trusted", - "entity": "test-user-trusted", - "version_id": "v1", - "type": "Inline", - "attached": true, - "document": { - "Statement": [ - { - "Action": [ - "s3:GetObject", - "s3:ListBucket", - "rds:DescribeDBInstances", - "ec2:Describe*" - ], - "Effect": "Allow", - "Resource": "arn:aws:s3:us-east-1:211203495394:storage-lens/default-account-dashboard" - } - ], - "Version": "2012-10-17" - }, - "tags": [] - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "test-user-trusted/CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-read", - "type": "AwsIamPolicy", - "uid": "arn:aws:iam::211203495394:user/test-user-trusted" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "It is more secure to start with a minimum set of permissions and grant additional permissions as necessary, rather than starting with permissions that are too lenient and then trying to tighten them later. List policies an analyze if permissions are the least possible to conduct business activities.", - "references": [ - "http://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html" - ] - }, - "risk_details": "IAM policies are the means by which privileges are granted to users, groups or roles. It is recommended and considered a standard security advice to grant least privilegeβ€”that is, granting only the permissions required to perform a task. Determine what users need to do and then craft policies for them that let the users perform only those tasks instead of allowing full administrative privileges. Providing full administrative privileges instead of restricting to the minimum set of permissions that the user is required to do exposes the resources to potentially unwanted actions.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Inline policy CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-write attached to user test-user-trusted does not allow '*:*' administrative privileges.", - "metadata": { - "event_code": "iam_inline_policy_no_administrative_privileges", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Inline policy CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-write attached to user test-user-trusted does not allow '*:*' administrative privileges.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "CAF Security Epic: IAM", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_1", - "3_1_2", - "3_1_4", - "3_1_5", - "3_1_6", - "3_1_7", - "3_4_6", - "3_13_3" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_1" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_308_a_3_i", - "164_308_a_3_ii_b", - "164_308_a_4_i", - "164_308_a_4_ii_b", - "164_308_a_4_ii_c", - "164_312_a_1" - ], - "SOC2": [ - "cc_1_3", - "cc_6_3" - ], - "C5-2025": [ - "OIS-04.01AC", - "SP-01.04B", - "HR-01.01B", - "IAM-01.01B", - "IAM-01.04B" - ], - "NIST-CSF-1.1": [ - "ac_1", - "ac_4", - "pt_3" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-1", - "ac-2-f", - "ac-2-j", - "ac-3", - "ac-5-c", - "ac-6-10", - "ac-6", - "sc-2" - ], - "NIST-800-53-Revision-5": [ - "ac_2_1", - "ac_2_6", - "ac_2_i_2", - "ac_3", - "ac_3_3", - "ac_3_3_a", - "ac_3_3_b_1", - "ac_3_3_b_2", - "ac_3_3_b_3", - "ac_3_3_b_4", - "ac_3_3_b_5", - "ac_3_3_c", - "ac_3_4", - "ac_3_4_a", - "ac_3_4_b", - "ac_3_4_c", - "ac_3_4_d", - "ac_3_4_e", - "ac_3_7", - "ac_3_8", - "ac_3_12_a", - "ac_3_13", - "ac_3_15_a", - "ac_3_15_b", - "ac_4_28", - "ac_5_b", - "ac_6", - "ac_6_2", - "ac_6_3", - "ac_6_10", - "ac_24", - "cm_5_1_a", - "cm_6_a", - "cm_9_b", - "mp_2", - "sc_23_3", - "sc_25" - ], - "ENS-RD2022": [ - "op.acc.4.aws.iam.1", - "op.acc.4.aws.iam.2", - "op.acc.4.aws.iam.9", - "op.exp.8.r4.aws.ct.8" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "ac-3" - ], - "FFIEC": [ - "d3-pc-am-b-1", - "d3-pc-am-b-16", - "d3-pc-am-b-2", - "d3-pc-am-b-3", - "d3-pc-am-b-6", - "d3-pc-im-b-7" - ], - "GDPR": [ - "article_25" - ], - "CCC": [ - "CCC.LB.CN05.AR01" - ], - "GxP-21-CFR-Part-11": [ - "11.10-d", - "11.10-g" - ], - "AWS-Foundational-Security-Best-Practices": [ - "IAM.1" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC03-BP02" - ], - "ISO27001-2022": [ - "A.5.18", - "A.8.2" - ], - "NIST-800-53-Revision-4": [ - "ac_2", - "ac_3", - "ac_5", - "ac_6", - "sc_2" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1078", - "T1648", - "T1098", - "T1578", - "T1550", - "T1040", - "T1580", - "T1538", - "T1619", - "T1201" - ], - "CISA": [ - "your-systems-3", - "your-surroundings-3" - ], - "NIS2": [ - "6.7.2.e", - "11.3.2.c", - "11.4.2.b" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure inline policies that allow full \"*:*\" administrative privileges are not associated to IAM identities", - "title": "Ensure IAM inline policies that allow full \"*:*\" administrative privileges are not associated to IAM identities", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_inline_policy_no_administrative_privileges-211203495394-us-east-1-test-user-trusted/CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-write" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-write", - "arn": "arn:aws:iam::211203495394:user/test-user-trusted", - "entity": "test-user-trusted", - "version_id": "v1", - "type": "Inline", - "attached": true, - "document": { - "Statement": [ - { - "Action": [ - "s3:GetObject", - "s3:PutObject", - "s3:DeleteObject", - "s3:ListBucket", - "rds:DescribeDBInstances", - "rds:ModifyDBInstance", - "ec2:Describe*" - ], - "Effect": "Allow", - "Resource": "arn:aws:s3:us-east-1:211203495394:storage-lens/default-account-dashboard" - } - ], - "Version": "2012-10-17" - }, - "tags": [] - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "test-user-trusted/CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-write", - "type": "AwsIamPolicy", - "uid": "arn:aws:iam::211203495394:user/test-user-trusted" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "It is more secure to start with a minimum set of permissions and grant additional permissions as necessary, rather than starting with permissions that are too lenient and then trying to tighten them later. List policies an analyze if permissions are the least possible to conduct business activities.", - "references": [ - "http://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html" - ] - }, - "risk_details": "IAM policies are the means by which privileges are granted to users, groups or roles. It is recommended and considered a standard security advice to grant least privilegeβ€”that is, granting only the permissions required to perform a task. Determine what users need to do and then craft policies for them that let the users perform only those tasks instead of allowing full administrative privileges. Providing full administrative privileges instead of restricting to the minimum set of permissions that the user is required to do exposes the resources to potentially unwanted actions.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Inline policy CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-read attached to user test-user-trusted does not allow 'cloudtrail:*' privileges.", - "metadata": { - "event_code": "iam_inline_policy_no_full_access_to_cloudtrail", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Inline policy CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-read attached to user test-user-trusted does not allow 'cloudtrail:*' privileges.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-10.01B", - "SIM-03.07B", - "COM-04.01AC" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.LB.CN05.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN05.AR01", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR04" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure IAM inline policies that allow full \"cloudtrail:*\" privileges are not created", - "title": "Ensure IAM inline policies that allow full \"cloudtrail:*\" privileges are not created", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_inline_policy_no_full_access_to_cloudtrail-211203495394-us-east-1-test-user-trusted/CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-read" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-read", - "arn": "arn:aws:iam::211203495394:user/test-user-trusted", - "entity": "test-user-trusted", - "version_id": "v1", - "type": "Inline", - "attached": true, - "document": { - "Statement": [ - { - "Action": [ - "s3:GetObject", - "s3:ListBucket", - "rds:DescribeDBInstances", - "ec2:Describe*" - ], - "Effect": "Allow", - "Resource": "arn:aws:s3:us-east-1:211203495394:storage-lens/default-account-dashboard" - } - ], - "Version": "2012-10-17" - }, - "tags": [] - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "test-user-trusted/CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-read", - "type": "AwsIamPolicy", - "uid": "arn:aws:iam::211203495394:user/test-user-trusted" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "It is more secure to start with a minimum set of permissions and grant additional permissions as necessary, rather than starting with permissions that are too lenient and then trying to tighten them later. List policies an analyze if permissions are the least possible to conduct business activities.", - "references": [ - "http://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html" - ] - }, - "risk_details": "CloudTrail is a critical service and IAM policies should follow least privilege model for this service in particular", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Inline policy CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-write attached to user test-user-trusted does not allow 'cloudtrail:*' privileges.", - "metadata": { - "event_code": "iam_inline_policy_no_full_access_to_cloudtrail", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Inline policy CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-write attached to user test-user-trusted does not allow 'cloudtrail:*' privileges.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-10.01B", - "SIM-03.07B", - "COM-04.01AC" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.LB.CN05.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN05.AR01", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR04" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure IAM inline policies that allow full \"cloudtrail:*\" privileges are not created", - "title": "Ensure IAM inline policies that allow full \"cloudtrail:*\" privileges are not created", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_inline_policy_no_full_access_to_cloudtrail-211203495394-us-east-1-test-user-trusted/CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-write" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-write", - "arn": "arn:aws:iam::211203495394:user/test-user-trusted", - "entity": "test-user-trusted", - "version_id": "v1", - "type": "Inline", - "attached": true, - "document": { - "Statement": [ - { - "Action": [ - "s3:GetObject", - "s3:PutObject", - "s3:DeleteObject", - "s3:ListBucket", - "rds:DescribeDBInstances", - "rds:ModifyDBInstance", - "ec2:Describe*" - ], - "Effect": "Allow", - "Resource": "arn:aws:s3:us-east-1:211203495394:storage-lens/default-account-dashboard" - } - ], - "Version": "2012-10-17" - }, - "tags": [] - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "test-user-trusted/CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-write", - "type": "AwsIamPolicy", - "uid": "arn:aws:iam::211203495394:user/test-user-trusted" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "It is more secure to start with a minimum set of permissions and grant additional permissions as necessary, rather than starting with permissions that are too lenient and then trying to tighten them later. List policies an analyze if permissions are the least possible to conduct business activities.", - "references": [ - "http://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html" - ] - }, - "risk_details": "CloudTrail is a critical service and IAM policies should follow least privilege model for this service in particular", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Inline policy CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-read attached to user test-user-trusted does not allow 'kms:*' privileges.", - "metadata": { - "event_code": "iam_inline_policy_no_full_access_to_kms", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Inline policy CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-read attached to user test-user-trusted does not allow 'kms:*' privileges.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "IAM-10.01B", - "CRY-05.02B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "PCI-4.0": [ - "3.5.1.1.8", - "3.5.1.3.16", - "3.6.1.2.8", - "3.6.1.3.8", - "3.6.1.4.8", - "3.6.1.8", - "3.7.1.9", - "3.7.2.8", - "3.7.4.9", - "3.7.6.8", - "3.7.7.8", - "4.2.1.1.21", - "7.2.1.10", - "7.2.2.10", - "7.2.3.6", - "7.2.5.6", - "7.3.1.6", - "7.3.2.6", - "7.3.3.6", - "8.2.7.6", - "8.2.8.8", - "8.3.4.6" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.KeyMgmt.CN02.AR01", - "CCC.LB.CN05.AR01", - "CCC.ObjStor.CN01.AR02", - "CCC.ObjStor.CN01.AR04", - "CCC.MLDE.CN01.AR01", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR04" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure IAM inline policies that allow full \"kms:*\" privileges are not created", - "title": "Ensure IAM inline policies that allow full \"kms:*\" privileges are not created", - "types": [ - "Software and Configuration Checks" - ], - "uid": "prowler-aws-iam_inline_policy_no_full_access_to_kms-211203495394-us-east-1-test-user-trusted/CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-read" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-read", - "arn": "arn:aws:iam::211203495394:user/test-user-trusted", - "entity": "test-user-trusted", - "version_id": "v1", - "type": "Inline", - "attached": true, - "document": { - "Statement": [ - { - "Action": [ - "s3:GetObject", - "s3:ListBucket", - "rds:DescribeDBInstances", - "ec2:Describe*" - ], - "Effect": "Allow", - "Resource": "arn:aws:s3:us-east-1:211203495394:storage-lens/default-account-dashboard" - } - ], - "Version": "2012-10-17" - }, - "tags": [] - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "test-user-trusted/CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-read", - "type": "AwsIamPolicy", - "uid": "arn:aws:iam::211203495394:user/test-user-trusted" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "It is more secure to start with a minimum set of permissions and grant additional permissions as necessary, rather than starting with permissions that are too lenient and then trying to tighten them later. List policies an analyze if permissions are the least possible to conduct business activities.", - "references": [ - "http://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html" - ] - }, - "risk_details": "KMS is a critical service and IAM policies should follow least privilege model for this service in particular", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Inline policy CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-write attached to user test-user-trusted does not allow 'kms:*' privileges.", - "metadata": { - "event_code": "iam_inline_policy_no_full_access_to_kms", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Inline policy CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-write attached to user test-user-trusted does not allow 'kms:*' privileges.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "IAM-10.01B", - "CRY-05.02B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "PCI-4.0": [ - "3.5.1.1.8", - "3.5.1.3.16", - "3.6.1.2.8", - "3.6.1.3.8", - "3.6.1.4.8", - "3.6.1.8", - "3.7.1.9", - "3.7.2.8", - "3.7.4.9", - "3.7.6.8", - "3.7.7.8", - "4.2.1.1.21", - "7.2.1.10", - "7.2.2.10", - "7.2.3.6", - "7.2.5.6", - "7.3.1.6", - "7.3.2.6", - "7.3.3.6", - "8.2.7.6", - "8.2.8.8", - "8.3.4.6" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.KeyMgmt.CN02.AR01", - "CCC.LB.CN05.AR01", - "CCC.ObjStor.CN01.AR02", - "CCC.ObjStor.CN01.AR04", - "CCC.MLDE.CN01.AR01", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR04" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure IAM inline policies that allow full \"kms:*\" privileges are not created", - "title": "Ensure IAM inline policies that allow full \"kms:*\" privileges are not created", - "types": [ - "Software and Configuration Checks" - ], - "uid": "prowler-aws-iam_inline_policy_no_full_access_to_kms-211203495394-us-east-1-test-user-trusted/CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-write" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-write", - "arn": "arn:aws:iam::211203495394:user/test-user-trusted", - "entity": "test-user-trusted", - "version_id": "v1", - "type": "Inline", - "attached": true, - "document": { - "Statement": [ - { - "Action": [ - "s3:GetObject", - "s3:PutObject", - "s3:DeleteObject", - "s3:ListBucket", - "rds:DescribeDBInstances", - "rds:ModifyDBInstance", - "ec2:Describe*" - ], - "Effect": "Allow", - "Resource": "arn:aws:s3:us-east-1:211203495394:storage-lens/default-account-dashboard" - } - ], - "Version": "2012-10-17" - }, - "tags": [] - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "test-user-trusted/CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-write", - "type": "AwsIamPolicy", - "uid": "arn:aws:iam::211203495394:user/test-user-trusted" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "It is more secure to start with a minimum set of permissions and grant additional permissions as necessary, rather than starting with permissions that are too lenient and then trying to tighten them later. List policies an analyze if permissions are the least possible to conduct business activities.", - "references": [ - "http://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html" - ] - }, - "risk_details": "KMS is a critical service and IAM policies should follow least privilege model for this service in particular", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Custom Policy vpc-flow-log-to-cloudwatch-20251019183706984700000008 does not allow permissive STS Role assumption.", - "metadata": { - "event_code": "iam_no_custom_policy_permissive_role_assumption", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Custom Policy vpc-flow-log-to-cloudwatch-20251019183706984700000008 does not allow permissive STS Role assumption.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_permissions-to-switch.html#roles-usingrole-createpolicy", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "CAF Security Epic: IAM", - "compliance": { - "C5-2025": [ - "IAM-01.01B", - "IAM-01.04B", - "IAM-06.02B" - ], - "ENS-RD2022": [ - "op.acc.4.aws.iam.1", - "op.acc.4.aws.iam.2", - "op.exp.8.r4.aws.ct.8", - "op.exp.8.r4.aws.ct.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CCC": [ - "CCC.Vector.CN02.AR01" - ], - "AWS-Account-Security-Onboarding": [ - "Predefine IAM Roles" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1078", - "T1098", - "T1606", - "T1040", - "T1580" - ], - "CISA": [ - "your-systems-3", - "your-surroundings-3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure that no custom IAM policies exist which allow permissive role assumption (e.g. sts:AssumeRole on *)", - "title": "Ensure that no custom IAM policies exist which allow permissive role assumption (e.g. sts:AssumeRole on *)", - "types": [ - "Software and Configuration Checks" - ], - "uid": "prowler-aws-iam_no_custom_policy_permissive_role_assumption-211203495394-us-east-1-vpc-flow-log-to-cloudwatch-20251019183706984700000008" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "vpc-flow-log-to-cloudwatch-20251019183706984700000008", - "arn": "arn:aws:iam::211203495394:policy/vpc-flow-log-to-cloudwatch-20251019183706984700000008", - "entity": "ANPATCLFVSXRGIQVNTVU5", - "version_id": "v1", - "type": "Custom", - "attached": true, - "document": { - "Statement": [ - { - "Action": [ - "logs:PutLogEvents", - "logs:DescribeLogStreams", - "logs:DescribeLogGroups", - "logs:CreateLogStream" - ], - "Effect": "Allow", - "Resource": "arn:aws:logs:eu-west-1:211203495394:log-group:/aws/vpc-flow-log/vpc-007d791b9b857543e:*", - "Sid": "AWSVPCFlowLogsPushToCloudWatch" - } - ], - "Version": "2012-10-17" - }, - "tags": [ - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Example", - "Value": "ex-vpc" - } - ] - } - }, - "group": { - "name": "iam" - }, - "labels": [ - "GithubRepo:terraform-aws-vpc", - "GithubOrg:terraform-aws-modules", - "Example:ex-vpc" - ], - "name": "vpc-flow-log-to-cloudwatch-20251019183706984700000008", - "type": "AwsIamPolicy", - "uid": "arn:aws:iam::211203495394:policy/vpc-flow-log-to-cloudwatch-20251019183706984700000008" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Use the least privilege principle when granting permissions.", - "references": [ - "https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRole.html" - ] - }, - "risk_details": "If not restricted unintended access could happen.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Root account does not have access keys.", - "metadata": { - "event_code": "iam_no_root_access_key", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "PASS", - "status_detail": "Root account does not have access keys.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_1", - "3_1_2", - "3_1_4", - "3_1_5", - "3_1_6", - "3_1_7", - "3_4_6" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_1" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_308_a_3_i", - "164_308_a_3_ii_b", - "164_308_a_4_ii_c", - "164_312_a_2_i" - ], - "C5-2025": [ - "IAM-03.01B", - "IAM-03.03B", - "IAM-06.02B", - "IAM-10.01B", - "CRY-03.01B" - ], - "NIST-CSF-1.1": [ - "ac_1", - "ac_4", - "pt_3" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-1", - "ac-2-f", - "ac-2-j", - "ac-3", - "ac-5-c", - "ac-6-10", - "ac-6", - "ia-2" - ], - "CIS-3.0": [ - "1.4" - ], - "NIST-800-53-Revision-5": [ - "ac_2_1", - "ac_2_6", - "ac_3_3", - "ac_3_3_a", - "ac_3_3_b_1", - "ac_3_3_b_2", - "ac_3_3_b_3", - "ac_3_3_b_4", - "ac_3_3_b_5", - "ac_3_3_c", - "ac_3_4", - "ac_3_4_a", - "ac_3_4_b", - "ac_3_4_c", - "ac_3_4_d", - "ac_3_4_e", - "ac_3_7", - "ac_3_8", - "ac_3_12_a", - "ac_3_13", - "ac_3_15_a", - "ac_3_15_b", - "ac_4_28", - "ac_6", - "ac_6_2", - "ac_6_10", - "ac_24", - "cm_5_1_a", - "cm_6_a", - "cm_9_b", - "ia_2", - "ia_4_b", - "ia_4_4", - "ia_4_8", - "ia_5_8", - "mp_2", - "sc_23_3", - "sc_25" - ], - "ENS-RD2022": [ - "op.acc.4.aws.iam.7" - ], - "AWS-Foundational-Technical-Review": [ - "ARC-004" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.5", - "2.7.2", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.4" - ], - "PCI-4.0": [ - "7.2.1.17", - "7.2.2.17", - "7.2.3.8", - "8.2.1.4", - "8.2.2.6", - "8.2.4.4", - "8.2.5.4", - "8.3.11.4" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "ac-3", - "ia-2" - ], - "FFIEC": [ - "d3-pc-am-b-1", - "d3-pc-am-b-3", - "d3-pc-am-b-8" - ], - "GDPR": [ - "article_25" - ], - "CIS-5.0": [ - "1.3" - ], - "CIS-1.4": [ - "1.4" - ], - "CCC": [ - "CCC.Core.CN05.AR06" - ], - "GxP-21-CFR-Part-11": [ - "11.10-d", - "11.10-g", - "11.200" - ], - "ProwlerThreatScore-1.0": [ - "1.1.13" - ], - "AWS-Foundational-Security-Best-Practices": [ - "IAM.4" - ], - "CIS-1.5": [ - "1.4" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC01-BP02" - ], - "ISO27001-2022": [ - "A.5.15" - ], - "NIST-800-53-Revision-4": [ - "ac_2", - "ac_3", - "ac_6_10", - "ac_6" - ], - "AWS-Account-Security-Onboarding": [ - "Block root user" - ], - "KISA-ISMS-P-2023": [ - "2.5.5", - "2.7.2", - "2.10.2" - ], - "ISO27001-2013": [ - "A.9.2", - "A.9.4" - ], - "MITRE-ATTACK": [ - "T1078", - "T1550" - ], - "CIS-2.0": [ - "1.4" - ], - "CISA": [ - "your-systems-3", - "your-surroundings-3" - ], - "NIS2": [ - "9.2.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure no root account access key exists", - "title": "Ensure no root account access key exists", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_no_root_access_key-211203495394-us-east-1-" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "user": "", - "arn": "arn:aws:iam::211203495394:root", - "user_creation_time": "2025-10-03T16:10:08Z", - "password_enabled": "true", - "password_last_used": "2025-10-15T00:42:44Z", - "password_last_changed": "2025-10-03T16:10:08Z", - "password_next_rotation": "not_supported", - "mfa_active": "true", - "access_key_1_active": "false", - "access_key_1_last_rotated": "N/A", - "access_key_1_last_used_date": "N/A", - "access_key_1_last_used_region": "N/A", - "access_key_1_last_used_service": "N/A", - "access_key_2_active": "false", - "access_key_2_last_rotated": "N/A", - "access_key_2_last_used_date": "N/A", - "access_key_2_last_used_region": "N/A", - "access_key_2_last_used_service": "N/A", - "cert_1_active": "false", - "cert_1_last_rotated": "N/A", - "cert_2_active": "false", - "cert_2_last_rotated": "N/A" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "", - "type": "AwsIamAccessKey", - "uid": "arn:aws:iam::211203495394:root" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Use the credential report to check the user and ensure the access_key_1_active and access_key_2_active fields are set to FALSE. If using AWS Organizations, consider enabling Centralized Root Management and removing individual root credentials.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_getting-report.html" - ] - }, - "risk_details": "The root account is the most privileged user in an AWS account. AWS Access Keys provide programmatic access to a given AWS account. It is recommended that all access keys associated with the root account be removed. Removing access keys associated with the root account limits vectors by which the account can be compromised. Removing the root access keys encourages the creation and use of role based accounts that are least privileged.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Password expiration is not set.", - "metadata": { - "event_code": "iam_password_policy_expires_passwords_within_90_days_or_less", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Password expiration is not set.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_5_5", - "3_5_6", - "3_5_7", - "3_5_8" - ], - "C5-2025": [ - "IAM-03.02B", - "IAM-08.03B", - "IAM-08.05B", - "PSS-07.01B" - ], - "ENS-RD2022": [ - "op.acc.6.aws.iam.3" - ], - "AWS-Foundational-Technical-Review": [ - "IAM-003" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.4", - "2.10.2" - ], - "PCI-4.0": [ - "8.3.6.1", - "8.6.3.2" - ], - "CCC": [ - "CCC.Core.CN05.AR02" - ], - "ProwlerThreatScore-1.0": [ - "1.1.12" - ], - "AWS-Foundational-Security-Best-Practices": [ - "IAM.7", - "IAM.10" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC03-BP06" - ], - "ISO27001-2022": [ - "A.5.15" - ], - "KISA-ISMS-P-2023": [ - "2.5.4", - "2.10.2" - ], - "ISO27001-2013": [ - "A.9.2", - "A.9.3", - "A.9.4" - ], - "MITRE-ATTACK": [ - "T1078", - "T1110" - ], - "NIS2": [ - "1.1.1.d", - "1.1.2", - "9.2.c.v", - "11.6.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure IAM password policy expires passwords within 90 days or less", - "title": "Ensure IAM password policy expires passwords within 90 days or less", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_password_policy_expires_passwords_within_90_days_or_less-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "length": 8, - "symbols": false, - "numbers": false, - "uppercase": false, - "lowercase": false, - "allow_change": true, - "expiration": false, - "max_age": null, - "reuse_prevention": null, - "hard_expiry": null - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:iam:us-east-1:211203495394:password-policy" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Ensure Password expiration period (in days): is set to 90 or less.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_passwords_account-policy.html" - ] - }, - "risk_details": "Password policies are used to enforce password complexity requirements. IAM password policies can be used to ensure password are comprised of different character sets. It is recommended that the password policy require at least one uppercase letter.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "IAM password policy does not require at least one lowercase letter.", - "metadata": { - "event_code": "iam_password_policy_lowercase", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "IAM password policy does not require at least one lowercase letter.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_5_7" - ], - "HIPAA": [ - "164_308_a_5_ii_d" - ], - "C5-2025": [ - "IAM-08.03B", - "PSS-07.01B" - ], - "ENS-RD2022": [ - "op.acc.6.r1.aws.iam.1" - ], - "AWS-Foundational-Technical-Review": [ - "IAM-003" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.4", - "2.10.2" - ], - "FFIEC": [ - "d3-pc-am-b-6", - "d3-pc-am-b-7" - ], - "GDPR": [ - "article_25" - ], - "CCC": [ - "CCC.Core.CN05.AR02" - ], - "GxP-21-CFR-Part-11": [ - "11.10-d", - "11.10-g", - "11.200", - "11.300-b" - ], - "ProwlerThreatScore-1.0": [ - "1.1.8" - ], - "AWS-Foundational-Security-Best-Practices": [ - "IAM.7", - "IAM.10" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC02-BP01" - ], - "ISO27001-2022": [ - "A.5.15" - ], - "KISA-ISMS-P-2023": [ - "2.5.4", - "2.10.2" - ], - "ISO27001-2013": [ - "A.9.2", - "A.9.3", - "A.9.4" - ], - "MITRE-ATTACK": [ - "T1078", - "T1110" - ], - "CISA": [ - "your-systems-3", - "your-surroundings-4" - ], - "NIS2": [ - "9.2.c.v", - "11.6.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure IAM password policy requires at least one uppercase letter", - "title": "Ensure IAM password policy require at least one lowercase letter", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_password_policy_lowercase-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "length": 8, - "symbols": false, - "numbers": false, - "uppercase": false, - "lowercase": false, - "allow_change": true, - "expiration": false, - "max_age": null, - "reuse_prevention": null, - "hard_expiry": null - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:iam:us-east-1:211203495394:password-policy" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Ensure \"Requires at least one lowercase letter\" is checked under \"Password Policy\".", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_passwords_account-policy.html" - ] - }, - "risk_details": "Password policies are used to enforce password complexity requirements. IAM password policies can be used to ensure password are comprised of different character sets. It is recommended that the password policy require at least one lowercase letter.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "IAM password policy does not require minimum length of 14 characters.", - "metadata": { - "event_code": "iam_password_policy_minimum_length_14", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "IAM password policy does not require minimum length of 14 characters.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_5_7" - ], - "HIPAA": [ - "164_308_a_5_ii_d" - ], - "C5-2025": [ - "IAM-08.03B", - "PSS-07.01B" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-1", - "ac-2-f", - "ac-2-j", - "ac-2-3", - "ac-5-c", - "ia-2", - "ia-5-1-a-d-e", - "ia-5-4" - ], - "CIS-3.0": [ - "1.8" - ], - "NIST-800-53-Revision-5": [ - "ac_2_1", - "ac_2_3_a", - "ac_2_3_b", - "ac_2_3_c", - "ac_2_3_d", - "ac_2_3", - "ac_2_d_1", - "ac_3_3", - "ac_3_3_a", - "ac_3_3_b_1", - "ac_3_3_b_2", - "ac_3_3_b_3", - "ac_3_3_b_4", - "ac_3_3_b_5", - "ac_3_3_c", - "ac_3_4", - "ac_3_4_a", - "ac_3_4_b", - "ac_3_4_c", - "ac_3_4_d", - "ac_3_4_e", - "ac_3_8", - "ac_3_12_a", - "ac_3_13", - "ac_3_15_a", - "ac_3_15_b", - "ac_4_28", - "ac_7_4", - "ac_7_4_a", - "ac_24", - "cm_5_1_a", - "cm_6_a", - "cm_9_b", - "cm_12_b", - "ia_4_d", - "ia_5", - "ia_5_b", - "ia_5_c", - "ia_5_d", - "ia_5_f", - "ia_5_h", - "ia_5_1_f", - "ia_5_1_g", - "ia_5_1_h", - "ia_5_1_h", - "ia_5_18_a", - "ia_5_18_b", - "ia_8_2_b", - "ma_4_c", - "sc_23_3" - ], - "ENS-RD2022": [ - "op.acc.6.r1.aws.iam.1" - ], - "AWS-Foundational-Technical-Review": [ - "IAM-003" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.4", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.8" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "ia-2" - ], - "FFIEC": [ - "d3-pc-am-b-6", - "d3-pc-am-b-7" - ], - "GDPR": [ - "article_25" - ], - "CIS-5.0": [ - "1.7" - ], - "CIS-1.4": [ - "1.8" - ], - "CCC": [ - "CCC.Core.CN05.AR02" - ], - "GxP-21-CFR-Part-11": [ - "11.10-d", - "11.10-g", - "11.200", - "11.300-b" - ], - "ProwlerThreatScore-1.0": [ - "1.1.4" - ], - "AWS-Foundational-Security-Best-Practices": [ - "IAM.7", - "IAM.10" - ], - "CIS-1.5": [ - "1.8" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC02-BP01" - ], - "ISO27001-2022": [ - "A.5.15" - ], - "KISA-ISMS-P-2023": [ - "2.5.4", - "2.10.2" - ], - "ISO27001-2013": [ - "A.9.2", - "A.9.3", - "A.9.4" - ], - "MITRE-ATTACK": [ - "T1078", - "T1110" - ], - "CIS-2.0": [ - "1.8" - ], - "CISA": [ - "your-systems-3", - "your-surroundings-4" - ], - "NIS2": [ - "9.2.c.v" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure IAM password policy requires minimum length of 14 or greater", - "title": "Ensure IAM password policy requires minimum length of 14 or greater", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_password_policy_minimum_length_14-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "length": 8, - "symbols": false, - "numbers": false, - "uppercase": false, - "lowercase": false, - "allow_change": true, - "expiration": false, - "max_age": null, - "reuse_prevention": null, - "hard_expiry": null - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:iam:us-east-1:211203495394:password-policy" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Ensure \"Minimum password length\" is checked under \"Password Policy\".", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_passwords_account-policy.html" - ] - }, - "risk_details": "Password policies are used to enforce password complexity requirements. IAM password policies can be used to ensure password are comprised of different character sets. It is recommended that the password policy require minimum length of 14 or greater.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "IAM password policy does not require at least one number.", - "metadata": { - "event_code": "iam_password_policy_number", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "IAM password policy does not require at least one number.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_5_7" - ], - "HIPAA": [ - "164_308_a_5_ii_d" - ], - "C5-2025": [ - "IAM-08.03B", - "IAM-08.05B", - "PSS-07.01B" - ], - "ENS-RD2022": [ - "op.acc.6.r1.aws.iam.1" - ], - "AWS-Foundational-Technical-Review": [ - "IAM-003" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.4", - "2.10.2" - ], - "FFIEC": [ - "d3-pc-am-b-6", - "d3-pc-am-b-7" - ], - "GDPR": [ - "article_25" - ], - "CCC": [ - "CCC.Core.CN05.AR02" - ], - "GxP-21-CFR-Part-11": [ - "11.10-d", - "11.10-g", - "11.200", - "11.300-b" - ], - "ProwlerThreatScore-1.0": [ - "1.1.6" - ], - "AWS-Foundational-Security-Best-Practices": [ - "IAM.7", - "IAM.10" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC02-BP01" - ], - "ISO27001-2022": [ - "A.5.15" - ], - "KISA-ISMS-P-2023": [ - "2.5.4", - "2.10.2" - ], - "ISO27001-2013": [ - "A.9.2", - "A.9.3", - "A.9.4" - ], - "MITRE-ATTACK": [ - "T1078", - "T1110" - ], - "CISA": [ - "your-systems-3", - "your-surroundings-4" - ], - "NIS2": [ - "9.2.c.v" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure IAM password policy require at least one number", - "title": "Ensure IAM password policy require at least one number", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_password_policy_number-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "length": 8, - "symbols": false, - "numbers": false, - "uppercase": false, - "lowercase": false, - "allow_change": true, - "expiration": false, - "max_age": null, - "reuse_prevention": null, - "hard_expiry": null - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:iam:us-east-1:211203495394:password-policy" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Ensure \"Require at least one number\" is checked under \"Password Policy\".", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_passwords_account-policy.html" - ] - }, - "risk_details": "Password policies are used to enforce password complexity requirements. IAM password policies can be used to ensure password are comprised of different character sets. It is recommended that the password policy require at least one number.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "IAM password policy reuse prevention is less than 24 or not set.", - "metadata": { - "event_code": "iam_password_policy_reuse_24", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "IAM password policy reuse prevention is less than 24 or not set.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_5_5", - "3_5_6", - "3_5_7", - "3_5_8" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_2" - ], - "HIPAA": [ - "164_308_a_4_ii_c", - "164_308_a_5_ii_d", - "164_312_d" - ], - "C5-2025": [ - "IAM-01.03B", - "IAM-03.02B", - "IAM-03.03B", - "IAM-03.01AS", - "IAM-08.03B", - "IAM-08.05B", - "IAM-08.07B", - "PSS-07.01B" - ], - "NIST-CSF-1.1": [ - "ac_1" - ], - "CIS-3.0": [ - "1.9" - ], - "ENS-RD2022": [ - "op.acc.6.r1.aws.iam.1" - ], - "AWS-Foundational-Technical-Review": [ - "IAM-003" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.4", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.9" - ], - "GDPR": [ - "article_25" - ], - "PCI-3.2.1": [ - "8.1", - "8.1.4", - "8.2", - "8.2.3", - "8.2.3.a", - "8.2.3.b", - "8.2.4", - "8.2.4.a", - "8.2.4.b", - "8.2.5", - "8.2.5.a", - "8.2.5.b" - ], - "CIS-5.0": [ - "1.8" - ], - "CIS-1.4": [ - "1.9" - ], - "CCC": [ - "CCC.Core.CN05.AR02" - ], - "ProwlerThreatScore-1.0": [ - "1.1.5" - ], - "AWS-Foundational-Security-Best-Practices": [ - "IAM.7", - "IAM.10" - ], - "CIS-1.5": [ - "1.9" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC02-BP01" - ], - "ISO27001-2022": [ - "A.5.15" - ], - "NIST-800-53-Revision-4": [ - "ac_2_1", - "ac_2", - "ia_2", - "ia_5_1", - "ia_5_4" - ], - "KISA-ISMS-P-2023": [ - "2.5.4", - "2.10.2" - ], - "ISO27001-2013": [ - "A.9.2", - "A.9.3", - "A.9.4" - ], - "MITRE-ATTACK": [ - "T1078", - "T1110" - ], - "CIS-2.0": [ - "1.9" - ], - "NIS2": [ - "9.2.c.v" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure IAM password policy prevents password reuse: 24 or greater", - "title": "Ensure IAM password policy prevents password reuse: 24 or greater", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_password_policy_reuse_24-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "length": 8, - "symbols": false, - "numbers": false, - "uppercase": false, - "lowercase": false, - "allow_change": true, - "expiration": false, - "max_age": null, - "reuse_prevention": null, - "hard_expiry": null - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:iam:us-east-1:211203495394:password-policy" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Ensure \"Number of passwords to remember\" is set to 24.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_passwords_account-policy.html" - ] - }, - "risk_details": "Password policies are used to enforce password complexity requirements. IAM password policies can be used to ensure password are comprised of different character sets. It is recommended that the password policy prevents at least password reuse of 24 or greater.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "IAM password policy does not require at least one symbol.", - "metadata": { - "event_code": "iam_password_policy_symbol", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "IAM password policy does not require at least one symbol.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_5_7" - ], - "HIPAA": [ - "164_308_a_5_ii_d" - ], - "C5-2025": [ - "IAM-08.03B", - "PSS-07.01B" - ], - "ENS-RD2022": [ - "op.acc.6.r1.aws.iam.1" - ], - "AWS-Foundational-Technical-Review": [ - "IAM-003" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.4", - "2.10.2" - ], - "FFIEC": [ - "d3-pc-am-b-6", - "d3-pc-am-b-7" - ], - "GDPR": [ - "article_25" - ], - "CCC": [ - "CCC.Core.CN05.AR02" - ], - "GxP-21-CFR-Part-11": [ - "11.10-d", - "11.10-g", - "11.200", - "11.300-b" - ], - "ProwlerThreatScore-1.0": [ - "1.1.7" - ], - "AWS-Foundational-Security-Best-Practices": [ - "IAM.7", - "IAM.10" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC02-BP01" - ], - "ISO27001-2022": [ - "A.5.15" - ], - "KISA-ISMS-P-2023": [ - "2.5.4", - "2.10.2" - ], - "ISO27001-2013": [ - "A.9.2", - "A.9.3", - "A.9.4" - ], - "MITRE-ATTACK": [ - "T1078", - "T1110" - ], - "CISA": [ - "your-systems-3", - "your-surroundings-4" - ], - "NIS2": [ - "9.2.c.v" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure IAM password policy require at least one symbol", - "title": "Ensure IAM password policy require at least one symbol", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_password_policy_symbol-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "length": 8, - "symbols": false, - "numbers": false, - "uppercase": false, - "lowercase": false, - "allow_change": true, - "expiration": false, - "max_age": null, - "reuse_prevention": null, - "hard_expiry": null - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:iam:us-east-1:211203495394:password-policy" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Ensure \"Require at least one non-alphanumeric character\" is checked under \"Password Policy\".", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_passwords_account-policy.html" - ] - }, - "risk_details": "Password policies are used to enforce password complexity requirements. IAM password policies can be used to ensure password are comprised of different character sets. It is recommended that the password policy require at least one non-alphanumeric character.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "IAM password policy does not require at least one uppercase letter.", - "metadata": { - "event_code": "iam_password_policy_uppercase", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "IAM password policy does not require at least one uppercase letter.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_5_7" - ], - "HIPAA": [ - "164_308_a_5_ii_d" - ], - "C5-2025": [ - "IAM-08.03B", - "IAM-08.05B", - "PSS-07.01B" - ], - "ENS-RD2022": [ - "op.acc.6.r1.aws.iam.1" - ], - "AWS-Foundational-Technical-Review": [ - "IAM-003" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.4", - "2.10.2" - ], - "FFIEC": [ - "d3-pc-am-b-6", - "d3-pc-am-b-7" - ], - "GDPR": [ - "article_25" - ], - "CCC": [ - "CCC.Core.CN05.AR02" - ], - "GxP-21-CFR-Part-11": [ - "11.10-d", - "11.10-g", - "11.200", - "11.300-b" - ], - "ProwlerThreatScore-1.0": [ - "1.1.9" - ], - "AWS-Foundational-Security-Best-Practices": [ - "IAM.7", - "IAM.10" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC02-BP01" - ], - "ISO27001-2022": [ - "A.5.15" - ], - "KISA-ISMS-P-2023": [ - "2.5.4", - "2.10.2" - ], - "ISO27001-2013": [ - "A.9.2", - "A.9.3", - "A.9.4" - ], - "MITRE-ATTACK": [ - "T1078", - "T1110" - ], - "CISA": [ - "your-systems-3", - "your-surroundings-4" - ], - "NIS2": [ - "9.2.c.v" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure IAM password policy requires at least one uppercase letter", - "title": "Ensure IAM password policy requires at least one uppercase letter", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_password_policy_uppercase-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "length": 8, - "symbols": false, - "numbers": false, - "uppercase": false, - "lowercase": false, - "allow_change": true, - "expiration": false, - "max_age": null, - "reuse_prevention": null, - "hard_expiry": null - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:iam:us-east-1:211203495394:password-policy" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Ensure \"Requires at least one uppercase letter\" is checked under \"Password Policy\".", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_passwords_account-policy.html" - ] - }, - "risk_details": "Password policies are used to enforce password complexity requirements. IAM password policies can be used to ensure password are comprised of different character sets. It is recommended that the password policy require at least one uppercase letter.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Custom Policy arn:aws:iam::211203495394:policy/vpc-flow-log-to-cloudwatch-20251019183706984700000008 does not allow privilege escalation.", - "metadata": { - "event_code": "iam_policy_allows_privilege_escalation", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Custom Policy arn:aws:iam::211203495394:policy/vpc-flow-log-to-cloudwatch-20251019183706984700000008 does not allow privilege escalation.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "CAF Security Epic: IAM", - "compliance": { - "C5-2025": [ - "IAM-06.01B" - ], - "ENS-RD2022": [ - "op.acc.4.aws.iam.1", - "op.acc.4.aws.iam.2", - "op.exp.8.r4.aws.ct.8", - "op.exp.8.r4.aws.ct.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.LB.CN05.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN05.AR02" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC02-BP06" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1078", - "T1648", - "T1098", - "T1578", - "T1550", - "T1606", - "T1040", - "T1580", - "T1619", - "T1201" - ], - "NIS2": [ - "11.2.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure no Customer Managed IAM policies allow actions that may lead into Privilege Escalation", - "title": "Ensure no Customer Managed IAM policies allow actions that may lead into Privilege Escalation", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_policy_allows_privilege_escalation-211203495394-us-east-1-vpc-flow-log-to-cloudwatch-20251019183706984700000008" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "vpc-flow-log-to-cloudwatch-20251019183706984700000008", - "arn": "arn:aws:iam::211203495394:policy/vpc-flow-log-to-cloudwatch-20251019183706984700000008", - "entity": "ANPATCLFVSXRGIQVNTVU5", - "version_id": "v1", - "type": "Custom", - "attached": true, - "document": { - "Statement": [ - { - "Action": [ - "logs:PutLogEvents", - "logs:DescribeLogStreams", - "logs:DescribeLogGroups", - "logs:CreateLogStream" - ], - "Effect": "Allow", - "Resource": "arn:aws:logs:eu-west-1:211203495394:log-group:/aws/vpc-flow-log/vpc-007d791b9b857543e:*", - "Sid": "AWSVPCFlowLogsPushToCloudWatch" - } - ], - "Version": "2012-10-17" - }, - "tags": [ - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Example", - "Value": "ex-vpc" - } - ] - } - }, - "group": { - "name": "iam" - }, - "labels": [ - "GithubRepo:terraform-aws-vpc", - "GithubOrg:terraform-aws-modules", - "Example:ex-vpc" - ], - "name": "vpc-flow-log-to-cloudwatch-20251019183706984700000008", - "type": "AwsIamPolicy", - "uid": "arn:aws:iam::211203495394:policy/vpc-flow-log-to-cloudwatch-20251019183706984700000008" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Grant usage permission on a per-resource basis and applying least privilege principle.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#grant-least-privilege" - ] - }, - "risk_details": "Users with some IAM permissions are allowed to elevate their privileges up to administrator rights.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User terraform-user has the policy AdministratorAccess attached.", - "metadata": { - "event_code": "iam_policy_attached_only_to_group_or_roles", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "User terraform-user has the policy AdministratorAccess attached.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "CAF Security Epic: IAM", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_4_6" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_1" - ], - "SOC2": [ - "cc_1_3" - ], - "C5-2025": [ - "IAM-01.01B", - "IAM-01.04B", - "PSS-09.01AC" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-1", - "ac-2-f", - "ac-2-j", - "ac-3", - "ac-5-c", - "sc-2" - ], - "CIS-3.0": [ - "1.15" - ], - "NIST-800-53-Revision-5": [ - "ac_2_1", - "ac_2_6", - "ac_2_i_2", - "ac_3", - "ac_3_3", - "ac_3_3_a", - "ac_3_3_b_1", - "ac_3_3_b_2", - "ac_3_3_b_3", - "ac_3_3_b_4", - "ac_3_3_b_5", - "ac_3_3_c", - "ac_3_4", - "ac_3_4_a", - "ac_3_4_b", - "ac_3_4_c", - "ac_3_4_d", - "ac_3_4_e", - "ac_3_7", - "ac_3_8", - "ac_3_12_a", - "ac_3_13", - "ac_3_15_a", - "ac_3_15_b", - "ac_4_28", - "ac_6", - "ac_6_3", - "ac_24", - "cm_5_1_a", - "cm_6_a", - "cm_9_b", - "mp_2", - "sc_23_3" - ], - "ENS-RD2022": [ - "op.exp.8.r4.aws.ct.8", - "op.exp.8.r4.aws.ct.1" - ], - "AWS-Foundational-Technical-Review": [ - "IAM-006", - "IAM-0012" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.15" - ], - "PCI-4.0": [ - "7.2.1.12", - "7.2.1.13", - "7.2.2.12", - "7.2.2.13", - "7.2.5.8", - "7.2.5.9", - "7.3.1.8", - "7.3.1.9", - "7.3.2.8", - "7.3.2.9", - "7.3.3.8", - "7.3.3.9", - "8.2.1.3", - "8.2.2.5", - "8.2.4.3", - "8.2.5.3", - "8.2.7.8", - "8.2.7.9", - "8.2.8.10", - "8.2.8.11", - "8.3.11.3", - "8.3.4.8", - "8.3.4.9" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "ac-3" - ], - "FFIEC": [ - "d3-pc-am-b-1", - "d3-pc-im-b-7" - ], - "CIS-5.0": [ - "1.14" - ], - "CIS-1.4": [ - "1.15" - ], - "CCC": [ - "CCC.LB.CN04.AR01", - "CCC.LB.CN05.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN05.AR01", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR06" - ], - "GxP-21-CFR-Part-11": [ - "11.10-d", - "11.10-g" - ], - "ProwlerThreatScore-1.0": [ - "1.2.1", - "1.2.2" - ], - "CIS-1.5": [ - "1.15" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC02-BP06" - ], - "ISO27001-2022": [ - "A.5.15" - ], - "NIST-800-53-Revision-4": [ - "ac_6" - ], - "AWS-Account-Security-Onboarding": [ - "Predefine IAM Roles" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.6", - "2.10.2" - ], - "ISO27001-2013": [ - "A.9.2", - "A.9.4" - ], - "CIS-2.0": [ - "1.15" - ], - "NIS2": [ - "1.2.1", - "2.1.2.f", - "11.2.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure IAM policies are attached only to groups or roles", - "title": "Ensure IAM policies are attached only to groups or roles", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_policy_attached_only_to_group_or_roles-211203495394-us-east-1-terraform-user/AdministratorAccess" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "terraform-user", - "arn": "arn:aws:iam::211203495394:user/terraform-user", - "mfa_devices": [], - "password_last_used": null, - "console_access": false, - "attached_policies": [ - { - "PolicyName": "AdministratorAccess", - "PolicyArn": "arn:aws:iam::aws:policy/AdministratorAccess" - } - ], - "inline_policies": [], - "tags": [ - { - "Key": "CCC_INFRA_DONT_DELETE", - "Value": "True" - }, - { - "Key": "Preexisting", - "Value": "20251012" - } - ] - } - }, - "group": { - "name": "iam" - }, - "labels": [ - "CCC_INFRA_DONT_DELETE:True", - "Preexisting:20251012" - ], - "name": "terraform-user/AdministratorAccess", - "type": "AwsIamPolicy", - "uid": "arn:aws:iam::211203495394:user/terraform-user" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Remove any policy attached directly to the user. Use groups or roles instead.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html" - ] - }, - "risk_details": "By default IAM users, groups, and roles have no access to AWS resources. IAM policies are the means by which privileges are granted to users, groups, or roles. It is recommended that IAM policies be applied directly to groups and roles but not users. Assigning privileges at the group or role level reduces the complexity of access management as the number of users grow. Reducing access management complexity may in-turn reduce opportunity for a principal to inadvertently receive or retain excessive privileges.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User test-user-trusted has the inline policy CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-read attached.", - "metadata": { - "event_code": "iam_policy_attached_only_to_group_or_roles", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "User test-user-trusted has the inline policy CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-read attached.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "CAF Security Epic: IAM", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_4_6" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_1" - ], - "SOC2": [ - "cc_1_3" - ], - "C5-2025": [ - "IAM-01.01B", - "IAM-01.04B", - "PSS-09.01AC" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-1", - "ac-2-f", - "ac-2-j", - "ac-3", - "ac-5-c", - "sc-2" - ], - "CIS-3.0": [ - "1.15" - ], - "NIST-800-53-Revision-5": [ - "ac_2_1", - "ac_2_6", - "ac_2_i_2", - "ac_3", - "ac_3_3", - "ac_3_3_a", - "ac_3_3_b_1", - "ac_3_3_b_2", - "ac_3_3_b_3", - "ac_3_3_b_4", - "ac_3_3_b_5", - "ac_3_3_c", - "ac_3_4", - "ac_3_4_a", - "ac_3_4_b", - "ac_3_4_c", - "ac_3_4_d", - "ac_3_4_e", - "ac_3_7", - "ac_3_8", - "ac_3_12_a", - "ac_3_13", - "ac_3_15_a", - "ac_3_15_b", - "ac_4_28", - "ac_6", - "ac_6_3", - "ac_24", - "cm_5_1_a", - "cm_6_a", - "cm_9_b", - "mp_2", - "sc_23_3" - ], - "ENS-RD2022": [ - "op.exp.8.r4.aws.ct.8", - "op.exp.8.r4.aws.ct.1" - ], - "AWS-Foundational-Technical-Review": [ - "IAM-006", - "IAM-0012" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.15" - ], - "PCI-4.0": [ - "7.2.1.12", - "7.2.1.13", - "7.2.2.12", - "7.2.2.13", - "7.2.5.8", - "7.2.5.9", - "7.3.1.8", - "7.3.1.9", - "7.3.2.8", - "7.3.2.9", - "7.3.3.8", - "7.3.3.9", - "8.2.1.3", - "8.2.2.5", - "8.2.4.3", - "8.2.5.3", - "8.2.7.8", - "8.2.7.9", - "8.2.8.10", - "8.2.8.11", - "8.3.11.3", - "8.3.4.8", - "8.3.4.9" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "ac-3" - ], - "FFIEC": [ - "d3-pc-am-b-1", - "d3-pc-im-b-7" - ], - "CIS-5.0": [ - "1.14" - ], - "CIS-1.4": [ - "1.15" - ], - "CCC": [ - "CCC.LB.CN04.AR01", - "CCC.LB.CN05.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN05.AR01", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR06" - ], - "GxP-21-CFR-Part-11": [ - "11.10-d", - "11.10-g" - ], - "ProwlerThreatScore-1.0": [ - "1.2.1", - "1.2.2" - ], - "CIS-1.5": [ - "1.15" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC02-BP06" - ], - "ISO27001-2022": [ - "A.5.15" - ], - "NIST-800-53-Revision-4": [ - "ac_6" - ], - "AWS-Account-Security-Onboarding": [ - "Predefine IAM Roles" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.6", - "2.10.2" - ], - "ISO27001-2013": [ - "A.9.2", - "A.9.4" - ], - "CIS-2.0": [ - "1.15" - ], - "NIS2": [ - "1.2.1", - "2.1.2.f", - "11.2.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure IAM policies are attached only to groups or roles", - "title": "Ensure IAM policies are attached only to groups or roles", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_policy_attached_only_to_group_or_roles-211203495394-us-east-1-test-user-trusted/CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-read" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "test-user-trusted", - "arn": "arn:aws:iam::211203495394:user/test-user-trusted", - "mfa_devices": [], - "password_last_used": null, - "console_access": false, - "attached_policies": [], - "inline_policies": [ - "CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-read", - "CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-write" - ], - "tags": [ - { - "Key": "Purpose", - "Value": "CCC-Testing" - }, - { - "Key": "ManagedBy", - "Value": "CCC-CFI-Compliance-Framework" - } - ] - } - }, - "group": { - "name": "iam" - }, - "labels": [ - "Purpose:CCC-Testing", - "ManagedBy:CCC-CFI-Compliance-Framework" - ], - "name": "test-user-trusted/CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-read", - "type": "AwsIamPolicy", - "uid": "arn:aws:iam::211203495394:user/test-user-trusted" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Remove any policy attached directly to the user. Use groups or roles instead.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html" - ] - }, - "risk_details": "By default IAM users, groups, and roles have no access to AWS resources. IAM policies are the means by which privileges are granted to users, groups, or roles. It is recommended that IAM policies be applied directly to groups and roles but not users. Assigning privileges at the group or role level reduces the complexity of access management as the number of users grow. Reducing access management complexity may in-turn reduce opportunity for a principal to inadvertently receive or retain excessive privileges.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User test-user-trusted has the inline policy CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-write attached.", - "metadata": { - "event_code": "iam_policy_attached_only_to_group_or_roles", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "User test-user-trusted has the inline policy CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-write attached.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "CAF Security Epic: IAM", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_4_6" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_1" - ], - "SOC2": [ - "cc_1_3" - ], - "C5-2025": [ - "IAM-01.01B", - "IAM-01.04B", - "PSS-09.01AC" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-1", - "ac-2-f", - "ac-2-j", - "ac-3", - "ac-5-c", - "sc-2" - ], - "CIS-3.0": [ - "1.15" - ], - "NIST-800-53-Revision-5": [ - "ac_2_1", - "ac_2_6", - "ac_2_i_2", - "ac_3", - "ac_3_3", - "ac_3_3_a", - "ac_3_3_b_1", - "ac_3_3_b_2", - "ac_3_3_b_3", - "ac_3_3_b_4", - "ac_3_3_b_5", - "ac_3_3_c", - "ac_3_4", - "ac_3_4_a", - "ac_3_4_b", - "ac_3_4_c", - "ac_3_4_d", - "ac_3_4_e", - "ac_3_7", - "ac_3_8", - "ac_3_12_a", - "ac_3_13", - "ac_3_15_a", - "ac_3_15_b", - "ac_4_28", - "ac_6", - "ac_6_3", - "ac_24", - "cm_5_1_a", - "cm_6_a", - "cm_9_b", - "mp_2", - "sc_23_3" - ], - "ENS-RD2022": [ - "op.exp.8.r4.aws.ct.8", - "op.exp.8.r4.aws.ct.1" - ], - "AWS-Foundational-Technical-Review": [ - "IAM-006", - "IAM-0012" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.15" - ], - "PCI-4.0": [ - "7.2.1.12", - "7.2.1.13", - "7.2.2.12", - "7.2.2.13", - "7.2.5.8", - "7.2.5.9", - "7.3.1.8", - "7.3.1.9", - "7.3.2.8", - "7.3.2.9", - "7.3.3.8", - "7.3.3.9", - "8.2.1.3", - "8.2.2.5", - "8.2.4.3", - "8.2.5.3", - "8.2.7.8", - "8.2.7.9", - "8.2.8.10", - "8.2.8.11", - "8.3.11.3", - "8.3.4.8", - "8.3.4.9" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "ac-3" - ], - "FFIEC": [ - "d3-pc-am-b-1", - "d3-pc-im-b-7" - ], - "CIS-5.0": [ - "1.14" - ], - "CIS-1.4": [ - "1.15" - ], - "CCC": [ - "CCC.LB.CN04.AR01", - "CCC.LB.CN05.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN05.AR01", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR06" - ], - "GxP-21-CFR-Part-11": [ - "11.10-d", - "11.10-g" - ], - "ProwlerThreatScore-1.0": [ - "1.2.1", - "1.2.2" - ], - "CIS-1.5": [ - "1.15" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC02-BP06" - ], - "ISO27001-2022": [ - "A.5.15" - ], - "NIST-800-53-Revision-4": [ - "ac_6" - ], - "AWS-Account-Security-Onboarding": [ - "Predefine IAM Roles" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.6", - "2.10.2" - ], - "ISO27001-2013": [ - "A.9.2", - "A.9.4" - ], - "CIS-2.0": [ - "1.15" - ], - "NIS2": [ - "1.2.1", - "2.1.2.f", - "11.2.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure IAM policies are attached only to groups or roles", - "title": "Ensure IAM policies are attached only to groups or roles", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_policy_attached_only_to_group_or_roles-211203495394-us-east-1-test-user-trusted/CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-write" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "test-user-trusted", - "arn": "arn:aws:iam::211203495394:user/test-user-trusted", - "mfa_devices": [], - "password_last_used": null, - "console_access": false, - "attached_policies": [], - "inline_policies": [ - "CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-read", - "CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-write" - ], - "tags": [ - { - "Key": "Purpose", - "Value": "CCC-Testing" - }, - { - "Key": "ManagedBy", - "Value": "CCC-CFI-Compliance-Framework" - } - ] - } - }, - "group": { - "name": "iam" - }, - "labels": [ - "Purpose:CCC-Testing", - "ManagedBy:CCC-CFI-Compliance-Framework" - ], - "name": "test-user-trusted/CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-write", - "type": "AwsIamPolicy", - "uid": "arn:aws:iam::211203495394:user/test-user-trusted" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Remove any policy attached directly to the user. Use groups or roles instead.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html" - ] - }, - "risk_details": "By default IAM users, groups, and roles have no access to AWS resources. IAM policies are the means by which privileges are granted to users, groups, or roles. It is recommended that IAM policies be applied directly to groups and roles but not users. Assigning privileges at the group or role level reduces the complexity of access management as the number of users grow. Reducing access management complexity may in-turn reduce opportunity for a principal to inadvertently receive or retain excessive privileges.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "AWS CloudShellFullAccess policy is not attached to any IAM entity.", - "metadata": { - "event_code": "iam_policy_cloudshell_admin_not_attached", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "AWS CloudShellFullAccess policy is not attached to any IAM entity.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/config/latest/developerguide/iam-policy-blacklisted-check.html", - "categories": [ - "trustboundaries" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-02.01B", - "SP-01.04B", - "HR-01.01B", - "IAM-01.01B", - "IAM-01.04B", - "IAM-06.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.22" - ], - "PCI-4.0": [ - "7.2.1.14", - "7.2.1.15", - "7.2.1.16", - "7.2.2.14", - "7.2.2.15", - "7.2.2.16", - "7.2.3.7", - "7.2.5.10", - "7.2.5.11", - "7.2.5.12", - "7.3.1.10", - "7.3.1.11", - "7.3.1.12", - "7.3.2.10", - "7.3.2.11", - "7.3.2.12", - "7.3.3.10", - "7.3.3.11", - "7.3.3.12", - "8.2.7.10", - "8.2.7.11", - "8.2.7.12", - "8.2.8.12", - "8.2.8.13", - "8.2.8.14", - "8.3.4.10", - "8.3.4.11", - "8.3.4.12" - ], - "CIS-5.0": [ - "1.21" - ], - "ProwlerThreatScore-1.0": [ - "1.3.2" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CIS-2.0": [ - "1.22" - ], - "NIS2": [ - "1.2.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "This control checks whether an IAM identity (user, role, or group) has the AWS managed policy AWSCloudShellFullAccess attached. The control fails if an IAM identity has the AWSCloudShellFullAccess policy attached.", - "title": "Check if IAM identities (users,groups,roles) have the AWSCloudShellFullAccess policy attached.", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices/CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_policy_cloudshell_admin_not_attached-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "Users": [], - "Groups": [], - "Roles": [] - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "211203495394", - "type": "AwsIamPolicy", - "uid": "arn:aws:iam::aws:policy/AWSCloudShellFullAccess" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Detach the AWSCloudShellFullAccess policy from the IAM identity to restrict excessive permissions and adhere to the principle of least privilege.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_manage-attach-detach.html" - ] - }, - "risk_details": "Attaching the AWSCloudShellFullAccess policy to IAM identities grants broad permissions, including internet access and file transfer capabilities, which can lead to security risks such as data exfiltration. The principle of least privilege should be followed to avoid excessive permissions.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Custom Policy vpc-flow-log-to-cloudwatch-20251019183706984700000008 does not allow 'cloudtrail:*' privileges.", - "metadata": { - "event_code": "iam_policy_no_full_access_to_cloudtrail", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Custom Policy vpc-flow-log-to-cloudwatch-20251019183706984700000008 does not allow 'cloudtrail:*' privileges.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_3_3" - ], - "C5-2025": [ - "IAM-10.01B", - "SIM-03.07B" - ], - "ENS-RD2022": [ - "op.exp.8.r4.aws.ct.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.LB.CN05.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR04" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1078", - "T1648", - "T1098", - "T1578", - "T1550", - "T1580" - ], - "NIS2": [ - "11.2.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure IAM policies that allow full \"cloudtrail:*\" privileges are not created", - "title": "Ensure IAM policies that allow full \"cloudtrail:*\" privileges are not created", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_policy_no_full_access_to_cloudtrail-211203495394-us-east-1-vpc-flow-log-to-cloudwatch-20251019183706984700000008" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "vpc-flow-log-to-cloudwatch-20251019183706984700000008", - "arn": "arn:aws:iam::211203495394:policy/vpc-flow-log-to-cloudwatch-20251019183706984700000008", - "entity": "ANPATCLFVSXRGIQVNTVU5", - "version_id": "v1", - "type": "Custom", - "attached": true, - "document": { - "Statement": [ - { - "Action": [ - "logs:PutLogEvents", - "logs:DescribeLogStreams", - "logs:DescribeLogGroups", - "logs:CreateLogStream" - ], - "Effect": "Allow", - "Resource": "arn:aws:logs:eu-west-1:211203495394:log-group:/aws/vpc-flow-log/vpc-007d791b9b857543e:*", - "Sid": "AWSVPCFlowLogsPushToCloudWatch" - } - ], - "Version": "2012-10-17" - }, - "tags": [ - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Example", - "Value": "ex-vpc" - } - ] - } - }, - "group": { - "name": "iam" - }, - "labels": [ - "GithubRepo:terraform-aws-vpc", - "GithubOrg:terraform-aws-modules", - "Example:ex-vpc" - ], - "name": "vpc-flow-log-to-cloudwatch-20251019183706984700000008", - "type": "AwsIamPolicy", - "uid": "arn:aws:iam::211203495394:policy/vpc-flow-log-to-cloudwatch-20251019183706984700000008" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "It is more secure to start with a minimum set of permissions and grant additional permissions as necessary, rather than starting with permissions that are too lenient and then trying to tighten them later. List policies an analyze if permissions are the least possible to conduct business activities.", - "references": [ - "http://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html" - ] - }, - "risk_details": "CloudTrail is a critical service and IAM policies should follow least privilege model for this service in particular", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Custom Policy vpc-flow-log-to-cloudwatch-20251019183706984700000008 does not allow 'kms:*' privileges.", - "metadata": { - "event_code": "iam_policy_no_full_access_to_kms", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Custom Policy vpc-flow-log-to-cloudwatch-20251019183706984700000008 does not allow 'kms:*' privileges.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "IAM-10.01B", - "CRY-05.02B" - ], - "ENS-RD2022": [ - "op.exp.10.aws.cmk.1", - "op.exp.10.aws.cmk.2" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "PCI-4.0": [ - "3.5.1.1.7", - "3.5.1.3.15", - "3.6.1.2.7", - "3.6.1.3.7", - "3.6.1.4.7", - "3.6.1.7", - "3.7.1.8", - "3.7.2.7", - "3.7.4.8", - "3.7.6.7", - "3.7.7.7", - "4.2.1.1.20", - "7.2.1.9", - "7.2.2.9", - "7.2.3.5", - "7.2.5.5", - "7.3.1.5", - "7.3.2.5", - "7.3.3.5", - "8.2.7.5", - "8.2.8.7", - "8.3.4.5" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.LB.CN05.AR01", - "CCC.ObjStor.CN01.AR01", - "CCC.ObjStor.CN01.AR02", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR04" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1078", - "T1648", - "T1098", - "T1578", - "T1550", - "T1580" - ], - "NIS2": [ - "11.2.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure IAM policies that allow full \"kms:*\" privileges are not created", - "title": "Ensure IAM policies that allow full \"kms:*\" privileges are not created", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_policy_no_full_access_to_kms-211203495394-us-east-1-vpc-flow-log-to-cloudwatch-20251019183706984700000008" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "vpc-flow-log-to-cloudwatch-20251019183706984700000008", - "arn": "arn:aws:iam::211203495394:policy/vpc-flow-log-to-cloudwatch-20251019183706984700000008", - "entity": "ANPATCLFVSXRGIQVNTVU5", - "version_id": "v1", - "type": "Custom", - "attached": true, - "document": { - "Statement": [ - { - "Action": [ - "logs:PutLogEvents", - "logs:DescribeLogStreams", - "logs:DescribeLogGroups", - "logs:CreateLogStream" - ], - "Effect": "Allow", - "Resource": "arn:aws:logs:eu-west-1:211203495394:log-group:/aws/vpc-flow-log/vpc-007d791b9b857543e:*", - "Sid": "AWSVPCFlowLogsPushToCloudWatch" - } - ], - "Version": "2012-10-17" - }, - "tags": [ - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Example", - "Value": "ex-vpc" - } - ] - } - }, - "group": { - "name": "iam" - }, - "labels": [ - "GithubRepo:terraform-aws-vpc", - "GithubOrg:terraform-aws-modules", - "Example:ex-vpc" - ], - "name": "vpc-flow-log-to-cloudwatch-20251019183706984700000008", - "type": "AwsIamPolicy", - "uid": "arn:aws:iam::211203495394:policy/vpc-flow-log-to-cloudwatch-20251019183706984700000008" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "It is more secure to start with a minimum set of permissions and grant additional permissions as necessary, rather than starting with permissions that are too lenient and then trying to tighten them later. List policies an analyze if permissions are the least possible to conduct business activities.", - "references": [ - "http://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html" - ] - }, - "risk_details": "KMS is a critical service and IAM policies should follow least privilege model for this service in particular", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "IAM Role TerraformRole has AdministratorAccess policy attached.", - "metadata": { - "event_code": "iam_role_administratoraccess_policy", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "IAM Role TerraformRole has AdministratorAccess policy attached.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_job-functions.html#jf_administrator", - "categories": [ - "trustboundaries" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "CAF Security Epic: IAM", - "compliance": { - "C5-2025": [ - "OIS-02.01B", - "OIS-04.03B", - "SP-01.04B", - "HR-01.01B", - "HR-04.01B", - "IAM-01.01B", - "IAM-01.04B", - "IAM-03.01B", - "IAM-06.01B", - "IAM-10.01B" - ], - "AWS-Foundational-Technical-Review": [ - "IAM-0012" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.LB.CN04.AR01", - "CCC.LB.CN05.AR01", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "NIS2": [ - "1.2.1", - "11.3.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure IAM Roles do not have AdministratorAccess policy attached", - "title": "Ensure IAM Roles do not have AdministratorAccess policy attached", - "types": [], - "uid": "prowler-aws-iam_role_administratoraccess_policy-211203495394-us-east-1-TerraformRole" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "TerraformRole", - "arn": "arn:aws:iam::211203495394:role/TerraformRole", - "assume_role_policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Principal": { - "Federated": "arn:aws:iam::211203495394:oidc-provider/token.actions.githubusercontent.com" - }, - "Action": "sts:AssumeRoleWithWebIdentity", - "Condition": { - "StringEquals": { - "token.actions.githubusercontent.com:aud": "sts.amazonaws.com" - }, - "StringLike": { - "token.actions.githubusercontent.com:sub": [ - "repo:finos-labs/ccc-cfi-compliance:ref:refs/heads/*", - "repo:finos-labs/ccc-cfi-compliance:ref:refs/tags/*", - "repo:finos-labs/ccc-cfi-compliance:pull_request", - "repo:finos-labs/ccc-cfi-compliance:environment:*" - ] - } - } - } - ] - }, - "is_service_role": false, - "attached_policies": [ - { - "PolicyName": "AdministratorAccess", - "PolicyArn": "arn:aws:iam::aws:policy/AdministratorAccess" - } - ], - "inline_policies": [], - "tags": [ - { - "Key": "CCC_INFRA_DONT_DELETE", - "Value": "True" - }, - { - "Key": "Preexisting", - "Value": "20251012" - } - ] - } - }, - "group": { - "name": "iam" - }, - "labels": [ - "CCC_INFRA_DONT_DELETE:True", - "Preexisting:20251012" - ], - "name": "TerraformRole", - "type": "AwsIamRole", - "uid": "arn:aws:iam::211203495394:role/TerraformRole" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Apply the principle of least privilege. Instead of AdministratorAccess, assign only the permissions necessary for specific roles and tasks. Create custom IAM policies with minimal permissions based on the principle of least privilege.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#grant-least-privilege" - ] - }, - "risk_details": "The AWS-managed AdministratorAccess policy grants all actions for all AWS services and for all resources in the account and as such exposes the customer to a significant data leakage threat. It should be granted very conservatively. For granting access to 3rd party vendors, consider using alternative managed policies, such as ViewOnlyAccess or SecurityAudit.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "IAM Role TerraformRole does not have ReadOnlyAccess policy.", - "metadata": { - "event_code": "iam_role_cross_account_readonlyaccess_policy", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "IAM Role TerraformRole does not have ReadOnlyAccess policy.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_job-functions.html#awsmp_readonlyaccess", - "categories": [ - "trustboundaries" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "CAF Security Epic: IAM", - "compliance": { - "C5-2025": [ - "OIS-04.03B", - "IAM-01.01B", - "IAM-01.04B", - "IAM-06.02B", - "IAM-10.01B", - "PSS-09.01AC" - ], - "AWS-Foundational-Technical-Review": [ - "IAM-0012" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.6", - "2.10.2" - ], - "CCC": [ - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR06" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.6", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1078" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure IAM Roles do not have ReadOnlyAccess access for external AWS accounts", - "title": "Ensure IAM Roles do not have ReadOnlyAccess access for external AWS accounts", - "types": [], - "uid": "prowler-aws-iam_role_cross_account_readonlyaccess_policy-211203495394-us-east-1-TerraformRole" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "TerraformRole", - "arn": "arn:aws:iam::211203495394:role/TerraformRole", - "assume_role_policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Principal": { - "Federated": "arn:aws:iam::211203495394:oidc-provider/token.actions.githubusercontent.com" - }, - "Action": "sts:AssumeRoleWithWebIdentity", - "Condition": { - "StringEquals": { - "token.actions.githubusercontent.com:aud": "sts.amazonaws.com" - }, - "StringLike": { - "token.actions.githubusercontent.com:sub": [ - "repo:finos-labs/ccc-cfi-compliance:ref:refs/heads/*", - "repo:finos-labs/ccc-cfi-compliance:ref:refs/tags/*", - "repo:finos-labs/ccc-cfi-compliance:pull_request", - "repo:finos-labs/ccc-cfi-compliance:environment:*" - ] - } - } - } - ] - }, - "is_service_role": false, - "attached_policies": [ - { - "PolicyName": "AdministratorAccess", - "PolicyArn": "arn:aws:iam::aws:policy/AdministratorAccess" - } - ], - "inline_policies": [], - "tags": [ - { - "Key": "CCC_INFRA_DONT_DELETE", - "Value": "True" - }, - { - "Key": "Preexisting", - "Value": "20251012" - } - ] - } - }, - "group": { - "name": "iam" - }, - "labels": [ - "CCC_INFRA_DONT_DELETE:True", - "Preexisting:20251012" - ], - "name": "TerraformRole", - "type": "AwsIamRole", - "uid": "arn:aws:iam::211203495394:role/TerraformRole" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Remove the AWS-managed ReadOnlyAccess policy from all roles that have a trust policy, including third-party cloud accounts, or remove third-party cloud accounts from the trust policy of all roles that need the ReadOnlyAccess policy.", - "references": [ - "https://docs.securestate.vmware.com/rule-docs/aws-iam-role-cross-account-readonlyaccess-policy" - ] - }, - "risk_details": "The AWS-managed ReadOnlyAccess policy is highly potent and exposes the customer to a significant data leakage threat. It should be granted very conservatively. For granting access to 3rd party vendors, consider using alternative managed policies, such as ViewOnlyAccess or SecurityAudit.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "IAM Service Role terraform-20251019171843685600000002 does not prevent against a cross-service confused deputy attack.", - "metadata": { - "event_code": "iam_role_cross_service_confused_deputy_prevention", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "IAM Service Role terraform-20251019171843685600000002 does not prevent against a cross-service confused deputy attack.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "trustboundaries" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-01.01B", - "IAM-01.04B" - ], - "ENS-RD2022": [ - "op.exp.8.r4.aws.ct.8", - "op.exp.8.r4.aws.ct.1" - ], - "AWS-Foundational-Technical-Review": [ - "IAM-0012" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.6", - "2.10.2" - ], - "CCC": [ - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR06" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC02-BP04" - ], - "AWS-Account-Security-Onboarding": [ - "Predefine IAM Roles" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.6", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1078" - ], - "NIS2": [ - "3.1.2.c", - "6.8.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure IAM Service Roles prevents against a cross-service confused deputy attack", - "title": "Ensure IAM Service Roles prevents against a cross-service confused deputy attack", - "types": [], - "uid": "prowler-aws-iam_role_cross_service_confused_deputy_prevention-211203495394-us-east-1-terraform-20251019171843685600000002" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "terraform-20251019171843685600000002", - "arn": "arn:aws:iam::211203495394:role/terraform-20251019171843685600000002", - "assume_role_policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Principal": { - "Service": "monitoring.rds.amazonaws.com" - }, - "Action": "sts:AssumeRole" - } - ] - }, - "is_service_role": true, - "attached_policies": [ - { - "PolicyName": "AmazonRDSEnhancedMonitoringRole", - "PolicyArn": "arn:aws:iam::aws:policy/service-role/AmazonRDSEnhancedMonitoringRole" - } - ], - "inline_policies": [], - "tags": [ - { - "Key": "GithubRepo", - "Value": "terraform-aws-rds-aurora" - }, - { - "Key": "Example", - "Value": "ex-rds" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - } - ] - } - }, - "group": { - "name": "iam" - }, - "labels": [ - "GithubRepo:terraform-aws-rds-aurora", - "Example:ex-rds", - "GithubOrg:terraform-aws-modules" - ], - "name": "terraform-20251019171843685600000002", - "type": "AwsIamRole", - "uid": "arn:aws:iam::211203495394:role/terraform-20251019171843685600000002" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "To mitigate cross-service confused deputy attacks, it's recommended to use the aws:SourceArn and aws:SourceAccount global condition context keys in your IAM role trust policies. If the role doesn't support these fields, consider implementing alternative security measures, such as defining more restrictive resource-based policies or using service-specific trust policies, to limit the role's permissions and exposure. For detailed guidance, refer to AWS's documentation on preventing cross-service confused deputy issues.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/confused-deputy.html#cross-service-confused-deputy-prevention" - ] - }, - "risk_details": "Allow attackers to gain unauthorized access to resources", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "IAM Service Role vpc-complete-example-role does not prevent against a cross-service confused deputy attack.", - "metadata": { - "event_code": "iam_role_cross_service_confused_deputy_prevention", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "IAM Service Role vpc-complete-example-role does not prevent against a cross-service confused deputy attack.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "trustboundaries" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-01.01B", - "IAM-01.04B" - ], - "ENS-RD2022": [ - "op.exp.8.r4.aws.ct.8", - "op.exp.8.r4.aws.ct.1" - ], - "AWS-Foundational-Technical-Review": [ - "IAM-0012" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.6", - "2.10.2" - ], - "CCC": [ - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR06" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC02-BP04" - ], - "AWS-Account-Security-Onboarding": [ - "Predefine IAM Roles" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.6", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1078" - ], - "NIS2": [ - "3.1.2.c", - "6.8.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure IAM Service Roles prevents against a cross-service confused deputy attack", - "title": "Ensure IAM Service Roles prevents against a cross-service confused deputy attack", - "types": [], - "uid": "prowler-aws-iam_role_cross_service_confused_deputy_prevention-211203495394-us-east-1-vpc-complete-example-role" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "vpc-complete-example-role", - "arn": "arn:aws:iam::211203495394:role/vpc-complete-example-role", - "assume_role_policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "AWSVPCFlowLogsAssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "vpc-flow-logs.amazonaws.com" - }, - "Action": "sts:AssumeRole" - } - ] - }, - "is_service_role": true, - "attached_policies": [ - { - "PolicyName": "vpc-flow-log-to-cloudwatch-20251019183706984700000008", - "PolicyArn": "arn:aws:iam::211203495394:policy/vpc-flow-log-to-cloudwatch-20251019183706984700000008" - } - ], - "inline_policies": [], - "tags": [ - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - } - ] - } - }, - "group": { - "name": "iam" - }, - "labels": [ - "GithubOrg:terraform-aws-modules", - "Example:ex-vpc", - "GithubRepo:terraform-aws-vpc" - ], - "name": "vpc-complete-example-role", - "type": "AwsIamRole", - "uid": "arn:aws:iam::211203495394:role/vpc-complete-example-role" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "To mitigate cross-service confused deputy attacks, it's recommended to use the aws:SourceArn and aws:SourceAccount global condition context keys in your IAM role trust policies. If the role doesn't support these fields, consider implementing alternative security measures, such as defining more restrictive resource-based policies or using service-specific trust policies, to limit the role's permissions and exposure. For detailed guidance, refer to AWS's documentation on preventing cross-service confused deputy issues.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/confused-deputy.html#cross-service-confused-deputy-prevention" - ] - }, - "risk_details": "Allow attackers to gain unauthorized access to resources", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Root account has a virtual MFA instead of a hardware MFA device enabled.", - "metadata": { - "event_code": "iam_root_hardware_mfa_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "FAIL", - "status_detail": "Root account has a virtual MFA instead of a hardware MFA device enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_1", - "3_1_2", - "3_5_3" - ], - "HIPAA": [ - "164_308_a_3_ii_a", - "164_312_d" - ], - "C5-2025": [ - "OPS-16.01B", - "IAM-08.05B", - "IAM-09.02B", - "IAM-09.01AC", - "PSS-05.01B", - "PSS-07.02B" - ], - "NIST-CSF-1.1": [ - "ac_3", - "ac_7" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-1", - "ac-2-f", - "ia-2-1-2", - "ia-2-1" - ], - "CIS-3.0": [ - "1.6" - ], - "NIST-800-53-Revision-5": [ - "ac_2_1", - "ac_3_2", - "ac_3_3", - "ac_3_3_a", - "ac_3_3_b_1", - "ac_3_3_b_2", - "ac_3_3_b_3", - "ac_3_3_b_4", - "ac_3_3_b_5", - "ac_3_3_c", - "ac_3_4", - "ac_3_4_a", - "ac_3_4_b", - "ac_3_4_c", - "ac_3_4_d", - "ac_3_4_e", - "ac_3_8", - "ac_3_12_a", - "ac_3_13", - "ac_3_15_a", - "ac_3_15_b", - "ac_4_28", - "ac_7_4", - "ac_7_4_a", - "ac_24", - "cm_5_1_a", - "cm_6_a", - "cm_9_b", - "ia_2_1", - "ia_2_2", - "ia_2_6", - "ia_2_6_a", - "ia_2_8", - "sc_23_3" - ], - "ENS-RD2022": [ - "op.acc.6.r4.aws.iam.1" - ], - "AWS-Foundational-Technical-Review": [ - "ARC-003", - "IAM-001", - "IAM-0012" - ], - "AWS-Audit-Manager-Control-Tower-Guardrails": [ - "3.0.3" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.3", - "2.5.5", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.6" - ], - "PCI-4.0": [ - "8.4.1.3", - "8.4.2.3", - "8.4.3.3" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "ia-2" - ], - "FFIEC": [ - "d3-pc-am-b-15", - "d3-pc-am-b-3", - "d3-pc-am-b-6" - ], - "GDPR": [ - "article_25" - ], - "CIS-5.0": [ - "1.5" - ], - "CIS-1.4": [ - "1.6" - ], - "CCC": [ - "CCC.Core.CN03.AR01", - "CCC.Core.CN03.AR02", - "CCC.Core.CN03.AR03", - "CCC.Core.CN03.AR04", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR06" - ], - "GxP-21-CFR-Part-11": [ - "11.10-d", - "11.10-g", - "11.200" - ], - "ProwlerThreatScore-1.0": [ - "1.1.2" - ], - "AWS-Foundational-Security-Best-Practices": [ - "IAM.6" - ], - "CIS-1.5": [ - "1.6" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC01-BP02" - ], - "NIST-800-53-Revision-4": [ - "ia_2_1", - "ia_2_11" - ], - "AWS-Account-Security-Onboarding": [ - "Root user - distribution email + MFA" - ], - "KISA-ISMS-P-2023": [ - "2.5.3", - "2.5.5", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1078", - "T1098", - "T1556", - "T1550", - "T1110", - "T1040" - ], - "CIS-2.0": [ - "1.6" - ], - "CISA": [ - "your-systems-3", - "your-surroundings-2" - ], - "NIS2": [ - "11.6.1", - "11.7.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure only hardware MFA is enabled for the root account", - "title": "Ensure only hardware MFA is enabled for the root account", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_root_hardware_mfa_enabled-211203495394-us-east-1-" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "user": "", - "arn": "arn:aws:iam::211203495394:root", - "user_creation_time": "2025-10-03T16:10:08Z", - "password_enabled": "true", - "password_last_used": "2025-10-15T00:42:44Z", - "password_last_changed": "2025-10-03T16:10:08Z", - "password_next_rotation": "not_supported", - "mfa_active": "true", - "access_key_1_active": "false", - "access_key_1_last_rotated": "N/A", - "access_key_1_last_used_date": "N/A", - "access_key_1_last_used_region": "N/A", - "access_key_1_last_used_service": "N/A", - "access_key_2_active": "false", - "access_key_2_last_rotated": "N/A", - "access_key_2_last_used_date": "N/A", - "access_key_2_last_used_region": "N/A", - "access_key_2_last_used_service": "N/A", - "cert_1_active": "false", - "cert_1_last_rotated": "N/A", - "cert_2_active": "false", - "cert_2_last_rotated": "N/A" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "", - "type": "AwsIamUser", - "uid": "arn:aws:iam::211203495394:mfa" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Using IAM console navigate to Dashboard and expand Activate MFA on your root account. If using AWS Organizations, consider enabling Centralized Root Management and removing individual root credentials.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_root-user.html#id_root-user_manage_mfa" - ] - }, - "risk_details": "The root account is the most privileged user in an AWS account. MFA adds an extra layer of protection on top of a user name and password. With MFA enabled when a user signs in to an AWS website they will be prompted for their user name and password as well as for an authentication code from their AWS MFA device. For Level 2 it is recommended that the root account be protected with only a hardware MFA.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "MFA is enabled for root account.", - "metadata": { - "event_code": "iam_root_mfa_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "PASS", - "status_detail": "MFA is enabled for root account.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_1", - "3_1_2", - "3_5_2", - "3_5_3" - ], - "HIPAA": [ - "164_308_a_3_ii_a", - "164_312_d" - ], - "C5-2025": [ - "OPS-16.01B", - "IAM-04.06B", - "IAM-06.09B", - "IAM-08.05B", - "IAM-09.02B", - "IAM-09.01AC", - "PSS-05.01B", - "PSS-05.02B", - "PSS-07.02B" - ], - "NIST-CSF-1.1": [ - "ac_3", - "ac_7" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-1", - "ac-2-f", - "ac-2-j", - "ia-2-1-2", - "ia-2-1" - ], - "CIS-3.0": [ - "1.5" - ], - "NIST-800-53-Revision-5": [ - "ac_2_1", - "ac_3_2", - "ac_3_3", - "ac_3_3_a", - "ac_3_3_b_1", - "ac_3_3_b_2", - "ac_3_3_b_3", - "ac_3_3_b_4", - "ac_3_3_b_5", - "ac_3_3_c", - "ac_3_4", - "ac_3_4_a", - "ac_3_4_b", - "ac_3_4_c", - "ac_3_4_d", - "ac_3_4_e", - "ac_3_8", - "ac_3_12_a", - "ac_3_13", - "ac_3_15_a", - "ac_3_15_b", - "ac_4_28", - "ac_7_4", - "ac_7_4_a", - "ac_24", - "cm_6_a", - "cm_9_b", - "ia_2_1", - "ia_2_2", - "ia_2_6", - "ia_2_6_a", - "ia_2_8", - "sc_23_3" - ], - "ENS-RD2022": [ - "op.acc.6.r2.aws.iam.1" - ], - "AWS-Foundational-Technical-Review": [ - "ARC-003", - "IAM-001", - "IAM-0012" - ], - "AWS-Audit-Manager-Control-Tower-Guardrails": [ - "3.0.1", - "3.0.2", - "3.0.3" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.3", - "2.5.5", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.5" - ], - "PCI-4.0": [ - "8.4.1.4", - "8.4.2.4", - "8.4.3.4" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "ia-2" - ], - "FFIEC": [ - "d3-pc-am-b-15", - "d3-pc-am-b-3", - "d3-pc-am-b-6" - ], - "GDPR": [ - "article_25" - ], - "CIS-5.0": [ - "1.4" - ], - "CIS-1.4": [ - "1.5" - ], - "CCC": [ - "CCC.MLDE.CN01.AR01", - "CCC.Monitor.CN05.AR01", - "CCC.Core.CN03.AR01", - "CCC.Core.CN03.AR02", - "CCC.Core.CN03.AR03", - "CCC.Core.CN03.AR04", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR06" - ], - "GxP-21-CFR-Part-11": [ - "11.10-d", - "11.10-g", - "11.200" - ], - "ProwlerThreatScore-1.0": [ - "1.1.1" - ], - "CIS-1.5": [ - "1.5" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC01-BP02" - ], - "ISO27001-2022": [ - "A.5.15", - "A.5.17", - "A.8.5" - ], - "NIST-800-53-Revision-4": [ - "ac_2", - "ia_2_1", - "ia_2_11" - ], - "AWS-Account-Security-Onboarding": [ - "Root user - distribution email + MFA" - ], - "KISA-ISMS-P-2023": [ - "2.5.3", - "2.5.5", - "2.10.2" - ], - "ISO27001-2013": [ - "A.9.2", - "A.9.4" - ], - "MITRE-ATTACK": [ - "T1078", - "T1098", - "T1556", - "T1550", - "T1110", - "T1040" - ], - "CIS-2.0": [ - "1.5" - ], - "CISA": [ - "your-systems-3", - "your-surroundings-2", - "booting-up-thing-to-do-first-2" - ], - "NIS2": [ - "11.3.2.a", - "11.6.1", - "11.7.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure MFA is enabled for the root account", - "title": "Ensure MFA is enabled for the root account", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_root_mfa_enabled-211203495394-us-east-1-" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "user": "", - "arn": "arn:aws:iam::211203495394:root", - "user_creation_time": "2025-10-03T16:10:08Z", - "password_enabled": "true", - "password_last_used": "2025-10-15T00:42:44Z", - "password_last_changed": "2025-10-03T16:10:08Z", - "password_next_rotation": "not_supported", - "mfa_active": "true", - "access_key_1_active": "false", - "access_key_1_last_rotated": "N/A", - "access_key_1_last_used_date": "N/A", - "access_key_1_last_used_region": "N/A", - "access_key_1_last_used_service": "N/A", - "access_key_2_active": "false", - "access_key_2_last_rotated": "N/A", - "access_key_2_last_used_date": "N/A", - "access_key_2_last_used_region": "N/A", - "access_key_2_last_used_service": "N/A", - "cert_1_active": "false", - "cert_1_last_rotated": "N/A", - "cert_2_active": "false", - "cert_2_last_rotated": "N/A" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "", - "type": "AwsIamUser", - "uid": "arn:aws:iam::211203495394:root" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Using IAM console navigate to Dashboard and expand Activate MFA on your root account. If using AWS Organizations, consider enabling Centralized Root Management and removing individual root credentials.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_root-user.html#id_root-user_manage_mfa" - ] - }, - "risk_details": "The root account is the most privileged user in an AWS account. MFA adds an extra layer of protection on top of a user name and password. With MFA enabled when a user signs in to an AWS website they will be prompted for their user name and password as well as for an authentication code from their AWS MFA device. When virtual MFA is used for root accounts it is recommended that the device used is NOT a personal device but rather a dedicated mobile device (tablet or phone) that is managed to be kept charged and secured independent of any individual personal devices. (non-personal virtual MFA) This lessens the risks of losing access to the MFA due to device loss / trade-in or if the individual owning the device is no longer employed at the company.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User does not have access keys.", - "metadata": { - "event_code": "iam_rotate_access_key_90_days", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "User does not have access keys.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "HIPAA": [ - "164_308_a_3_ii_c", - "164_308_a_4_ii_c", - "164_308_a_5_ii_d" - ], - "C5-2025": [ - "IAM-10.01B", - "CRY-03.01B", - "CRY-09.02B" - ], - "NIST-CSF-1.1": [ - "ac_1" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-1", - "ac-2-f", - "ac-2-j" - ], - "CIS-3.0": [ - "1.14" - ], - "NIST-800-53-Revision-5": [ - "ac_2_1", - "ac_3_3", - "ac_3_3_a", - "ac_3_3_b_1", - "ac_3_3_b_2", - "ac_3_3_b_3", - "ac_3_3_b_4", - "ac_3_3_b_5", - "ac_3_3_c", - "ac_3_4", - "ac_3_4_a", - "ac_3_4_b", - "ac_3_4_c", - "ac_3_4_d", - "ac_3_4_e", - "ac_3_8", - "ac_3_12_a", - "ac_3_13", - "ac_3_15_a", - "ac_3_15_b", - "ac_4_28", - "ac_24", - "cm_5_1_a", - "cm_6_a", - "cm_9_b", - "sc_23_3" - ], - "ENS-RD2022": [ - "op.acc.6.aws.iam.2", - "op.acc.6.aws.iam.3" - ], - "AWS-Foundational-Technical-Review": [ - "IAM-002", - "IAM-0012" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.14" - ], - "PCI-4.0": [ - "8.3.10.1.1", - "8.3.5.1", - "8.3.7.1", - "8.3.9.1", - "8.6.3.1" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2" - ], - "FFIEC": [ - "d3-pc-am-b-6" - ], - "GDPR": [ - "article_25" - ], - "CIS-5.0": [ - "1.13" - ], - "CIS-1.4": [ - "1.14" - ], - "CCC": [ - "CCC.ObjStor.CN05.AR02" - ], - "GxP-21-CFR-Part-11": [ - "11.10-d", - "11.10-g", - "11.200", - "11.300-b" - ], - "ProwlerThreatScore-1.0": [ - "1.1.11" - ], - "AWS-Foundational-Security-Best-Practices": [ - "IAM.3" - ], - "CIS-1.5": [ - "1.14" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC02-BP02", - "SEC02-BP05" - ], - "ISO27001-2022": [ - "A.5.15" - ], - "NIST-800-53-Revision-4": [ - "ac_2_1", - "ac_2" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.2" - ], - "ISO27001-2013": [ - "A.9.2", - "A.9.3", - "A.9.4" - ], - "MITRE-ATTACK": [ - "T1078", - "T1550", - "T1110" - ], - "CIS-2.0": [ - "1.14" - ], - "CISA": [ - "your-systems-3" - ], - "NIS2": [ - "1.1.1.d", - "1.1.2", - "2.1.4", - "2.3.1", - "3.1.3", - "6.2.4", - "9.2.c", - "9.2.c.xii", - "11.6.2.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure access keys are rotated every 90 days or less", - "title": "Ensure access keys are rotated every 90 days or less", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_rotate_access_key_90_days-211203495394-us-east-1-" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "user": "", - "arn": "arn:aws:iam::211203495394:root", - "user_creation_time": "2025-10-03T16:10:08Z", - "password_enabled": "true", - "password_last_used": "2025-10-15T00:42:44Z", - "password_last_changed": "2025-10-03T16:10:08Z", - "password_next_rotation": "not_supported", - "mfa_active": "true", - "access_key_1_active": "false", - "access_key_1_last_rotated": "N/A", - "access_key_1_last_used_date": "N/A", - "access_key_1_last_used_region": "N/A", - "access_key_1_last_used_service": "N/A", - "access_key_2_active": "false", - "access_key_2_last_rotated": "N/A", - "access_key_2_last_used_date": "N/A", - "access_key_2_last_used_region": "N/A", - "access_key_2_last_used_service": "N/A", - "cert_1_active": "false", - "cert_1_last_rotated": "N/A", - "cert_2_active": "false", - "cert_2_last_rotated": "N/A" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "", - "type": "AwsIamAccessKey", - "uid": "arn:aws:iam::211203495394:root" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Use the credential report to ensure access_key_X_last_rotated is less than 90 days ago.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_getting-report.html" - ] - }, - "risk_details": "Access keys consist of an access key ID and secret access key which are used to sign programmatic requests that you make to AWS. AWS users need their own access keys to make programmatic calls to AWS from the AWS Command Line Interface (AWS CLI)- Tools for Windows PowerShell- the AWS SDKs- or direct HTTP calls using the APIs for individual AWS services. It is recommended that all access keys be regularly rotated.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User terraform-user does not have access keys older than 90 days.", - "metadata": { - "event_code": "iam_rotate_access_key_90_days", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "User terraform-user does not have access keys older than 90 days.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "HIPAA": [ - "164_308_a_3_ii_c", - "164_308_a_4_ii_c", - "164_308_a_5_ii_d" - ], - "C5-2025": [ - "IAM-10.01B", - "CRY-03.01B", - "CRY-09.02B" - ], - "NIST-CSF-1.1": [ - "ac_1" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-1", - "ac-2-f", - "ac-2-j" - ], - "CIS-3.0": [ - "1.14" - ], - "NIST-800-53-Revision-5": [ - "ac_2_1", - "ac_3_3", - "ac_3_3_a", - "ac_3_3_b_1", - "ac_3_3_b_2", - "ac_3_3_b_3", - "ac_3_3_b_4", - "ac_3_3_b_5", - "ac_3_3_c", - "ac_3_4", - "ac_3_4_a", - "ac_3_4_b", - "ac_3_4_c", - "ac_3_4_d", - "ac_3_4_e", - "ac_3_8", - "ac_3_12_a", - "ac_3_13", - "ac_3_15_a", - "ac_3_15_b", - "ac_4_28", - "ac_24", - "cm_5_1_a", - "cm_6_a", - "cm_9_b", - "sc_23_3" - ], - "ENS-RD2022": [ - "op.acc.6.aws.iam.2", - "op.acc.6.aws.iam.3" - ], - "AWS-Foundational-Technical-Review": [ - "IAM-002", - "IAM-0012" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.14" - ], - "PCI-4.0": [ - "8.3.10.1.1", - "8.3.5.1", - "8.3.7.1", - "8.3.9.1", - "8.6.3.1" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2" - ], - "FFIEC": [ - "d3-pc-am-b-6" - ], - "GDPR": [ - "article_25" - ], - "CIS-5.0": [ - "1.13" - ], - "CIS-1.4": [ - "1.14" - ], - "CCC": [ - "CCC.ObjStor.CN05.AR02" - ], - "GxP-21-CFR-Part-11": [ - "11.10-d", - "11.10-g", - "11.200", - "11.300-b" - ], - "ProwlerThreatScore-1.0": [ - "1.1.11" - ], - "AWS-Foundational-Security-Best-Practices": [ - "IAM.3" - ], - "CIS-1.5": [ - "1.14" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC02-BP02", - "SEC02-BP05" - ], - "ISO27001-2022": [ - "A.5.15" - ], - "NIST-800-53-Revision-4": [ - "ac_2_1", - "ac_2" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.2" - ], - "ISO27001-2013": [ - "A.9.2", - "A.9.3", - "A.9.4" - ], - "MITRE-ATTACK": [ - "T1078", - "T1550", - "T1110" - ], - "CIS-2.0": [ - "1.14" - ], - "CISA": [ - "your-systems-3" - ], - "NIS2": [ - "1.1.1.d", - "1.1.2", - "2.1.4", - "2.3.1", - "3.1.3", - "6.2.4", - "9.2.c", - "9.2.c.xii", - "11.6.2.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure access keys are rotated every 90 days or less", - "title": "Ensure access keys are rotated every 90 days or less", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_rotate_access_key_90_days-211203495394-us-east-1-terraform-user" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "user": "terraform-user", - "arn": "arn:aws:iam::211203495394:user/terraform-user", - "user_creation_time": "2025-10-06T15:56:43Z", - "password_enabled": "false", - "password_last_used": "N/A", - "password_last_changed": "N/A", - "password_next_rotation": "N/A", - "mfa_active": "false", - "access_key_1_active": "true", - "access_key_1_last_rotated": "2025-10-06T15:57:15Z", - "access_key_1_last_used_date": "2025-10-15T11:07:00Z", - "access_key_1_last_used_region": "ap-northeast-1", - "access_key_1_last_used_service": "ec2", - "access_key_2_active": "false", - "access_key_2_last_rotated": "N/A", - "access_key_2_last_used_date": "N/A", - "access_key_2_last_used_region": "N/A", - "access_key_2_last_used_service": "N/A", - "cert_1_active": "false", - "cert_1_last_rotated": "N/A", - "cert_2_active": "false", - "cert_2_last_rotated": "N/A" - } - }, - "group": { - "name": "iam" - }, - "labels": [ - "CCC_INFRA_DONT_DELETE:True", - "Preexisting:20251012" - ], - "name": "terraform-user", - "type": "AwsIamAccessKey", - "uid": "arn:aws:iam::211203495394:user/terraform-user" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Use the credential report to ensure access_key_X_last_rotated is less than 90 days ago.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_getting-report.html" - ] - }, - "risk_details": "Access keys consist of an access key ID and secret access key which are used to sign programmatic requests that you make to AWS. AWS users need their own access keys to make programmatic calls to AWS from the AWS Command Line Interface (AWS CLI)- Tools for Windows PowerShell- the AWS SDKs- or direct HTTP calls using the APIs for individual AWS services. It is recommended that all access keys be regularly rotated.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "SecurityAudit policy is not attached to any role.", - "metadata": { - "event_code": "iam_securityaudit_role_created", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "SecurityAudit policy is not attached to any role.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-02.01B", - "OIS-02.02B", - "OIS-04.01B", - "HR-04.01B", - "IAM-01.01B", - "IAM-01.04B", - "IAM-05.02B", - "IAM-06.06B", - "DEV-15.01B", - "SIM-01.02B", - "SIM-01.03B", - "COM-02.02B", - "COM-03.02B", - "INQ-02.01B", - "PSS-09.01AC" - ], - "ENS-RD2022": [ - "op.acc.3.r2.aws.iam.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "ISO27001-2022": [ - "A.5.3" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "NIS2": [ - "1.2.4", - "2.1.1", - "2.1.2.a", - "2.1.2.e", - "2.1.2.f", - "2.2.1", - "2.3.1", - "3.1.2.c", - "3.1.3", - "6.2.2.a", - "7.2.d", - "7.2.e", - "7.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure a Security Audit role has been created to conduct security audits", - "title": "Ensure a Security Audit role has been created to conduct security audits", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_securityaudit_role_created-211203495394-us-east-1-SecurityAudit" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "SecurityAudit", - "type": "AwsIamRole", - "uid": "arn:aws:iam::aws:policy/SecurityAudit" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Create an IAM role for conduct security audits with AWS.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_job-functions.html#jf_security-auditor" - ] - }, - "risk_details": "Creating an IAM role with a security audit policy provides a clear separation of duties between the security team and other teams within the organization. This helps to ensure that security-related activities are performed by authorized individuals with the appropriate expertise and access permissions.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "AWS Support Access policy is not attached to any role.", - "metadata": { - "event_code": "iam_support_role_created", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "AWS Support Access policy is not attached to any role.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "CAF Security Epic: IAM", - "compliance": { - "C5-2025": [ - "OIS-02.01B", - "OIS-02.02B", - "HR-04.01B", - "OPS-13.02B", - "OPS-13.03AC", - "OPS-17.02B", - "OPS-24.01B", - "OPS-24.02B", - "IAM-01.01B", - "IAM-01.04B", - "IAM-06.06B", - "DEV-15.01B", - "SSO-05.06B", - "SIM-01.02B", - "SIM-01.03B" - ], - "CIS-3.0": [ - "1.17" - ], - "ENS-RD2022": [ - "op.acc.3.r1.aws.iam.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2", - "2.11.1" - ], - "CIS-4.0.1": [ - "1.17" - ], - "GDPR": [ - "article_25" - ], - "CIS-5.0": [ - "1.16" - ], - "CIS-1.4": [ - "1.17" - ], - "ProwlerThreatScore-1.0": [ - "1.2.3" - ], - "CIS-1.5": [ - "1.17" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC10-BP01" - ], - "AWS-Account-Security-Onboarding": [ - "Predefine IAM Roles" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2", - "2.11.1" - ], - "CIS-2.0": [ - "1.17" - ], - "NIS2": [ - "2.1.1", - "2.1.2.a", - "2.2.1", - "3.1.2.d", - "4.3.2.a", - "5.1.7.b" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure a support role has been created to manage incidents with AWS Support", - "title": "Ensure a support role has been created to manage incidents with AWS Support", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_support_role_created-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "211203495394", - "type": "AwsIamRole", - "uid": "arn:aws:iam::aws:policy/AWSSupportAccess" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Create an IAM role for managing incidents with AWS.", - "references": [ - "https://docs.aws.amazon.com/awssupport/latest/user/using-service-linked-roles-sup.html" - ] - }, - "risk_details": "AWS provides a support center that can be used for incident notification and response, as well as technical support and customer services. Create an IAM Role to allow authorized users to manage incidents with AWS Support.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User does not have access keys.", - "metadata": { - "event_code": "iam_user_accesskey_unused", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "User does not have access keys.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_1", - "3_1_2", - "3_1_4", - "3_1_5", - "3_5_6", - "3_5_7", - "3_5_8" - ], - "HIPAA": [ - "164_308_a_3_ii_b", - "164_308_a_4_ii_c", - "164_308_a_5_ii_d" - ], - "SOC2": [ - "cc_1_3" - ], - "C5-2025": [ - "IAM-03.02B", - "IAM-03.03B", - "IAM-03.01AS", - "IAM-05.04B", - "IAM-10.01B", - "CRY-03.01B" - ], - "NIST-CSF-1.1": [ - "ac_1", - "ac_4" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-1", - "ac-2-f", - "ac-2-j", - "ac-2-3", - "ac-3", - "ac-5-c", - "ac-6" - ], - "CIS-3.0": [ - "1.12" - ], - "NIST-800-53-Revision-5": [ - "ac_2_1", - "ac_2_3_a", - "ac_2_3_b", - "ac_2_3_c", - "ac_2_3_d", - "ac_2_3", - "ac_2_6", - "ac_2_g", - "ac_2_j", - "ac_3", - "ac_3_3", - "ac_3_3_a", - "ac_3_3_b_1", - "ac_3_3_b_2", - "ac_3_3_b_3", - "ac_3_3_b_4", - "ac_3_3_b_5", - "ac_3_3_c", - "ac_3_4", - "ac_3_4_a", - "ac_3_4_b", - "ac_3_4_c", - "ac_3_4_d", - "ac_3_4_e", - "ac_3_7", - "ac_3_8", - "ac_3_12_a", - "ac_3_13", - "ac_3_15_a", - "ac_3_15_b", - "ac_4_28", - "ac_6", - "ac_24", - "cm_5_1_a", - "cm_6_a", - "cm_9_b", - "mp_2", - "sc_23_3" - ], - "ENS-RD2022": [ - "op.acc.6.aws.iam.2", - "op.acc.6.aws.iam.3", - "op.acc.6.r7.aws.iam.1" - ], - "AWS-Foundational-Technical-Review": [ - "IAM-002", - "IAM-0012" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.12" - ], - "PCI-4.0": [ - "7.2.4.2", - "7.2.5.1.2", - "8.2.6.2", - "A3.4.1.10" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "ac-3" - ], - "FFIEC": [ - "d3-pc-am-b-6" - ], - "GDPR": [ - "article_25" - ], - "PCI-3.2.1": [ - "8.1", - "8.1.4" - ], - "CIS-5.0": [ - "1.11" - ], - "CIS-1.4": [ - "1.12" - ], - "GxP-21-CFR-Part-11": [ - "11.10-d", - "11.10-g", - "11.300-b" - ], - "ProwlerThreatScore-1.0": [ - "1.1.10" - ], - "AWS-Foundational-Security-Best-Practices": [ - "IAM.8", - "IAM.22", - "IAM.26" - ], - "CIS-1.5": [ - "1.12" - ], - "ISO27001-2022": [ - "A.5.15" - ], - "NIST-800-53-Revision-4": [ - "ac_2_1", - "ac_2_3", - "ac_2", - "ac_3", - "ac_6" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.2" - ], - "ISO27001-2013": [ - "A.9.2", - "A.9.3", - "A.9.4" - ], - "MITRE-ATTACK": [ - "T1078", - "T1550", - "T1110" - ], - "CIS-2.0": [ - "1.12" - ], - "CISA": [ - "your-systems-3" - ], - "NIS2": [ - "11.5.4" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure unused User Access Keys are disabled", - "title": "Ensure unused User Access Keys are disabled", - "types": [ - "Software and Configuration Checks" - ], - "uid": "prowler-aws-iam_user_accesskey_unused-211203495394-us-east-1-" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "user": "", - "arn": "arn:aws:iam::211203495394:root", - "user_creation_time": "2025-10-03T16:10:08Z", - "password_enabled": "true", - "password_last_used": "2025-10-15T00:42:44Z", - "password_last_changed": "2025-10-03T16:10:08Z", - "password_next_rotation": "not_supported", - "mfa_active": "true", - "access_key_1_active": "false", - "access_key_1_last_rotated": "N/A", - "access_key_1_last_used_date": "N/A", - "access_key_1_last_used_region": "N/A", - "access_key_1_last_used_service": "N/A", - "access_key_2_active": "false", - "access_key_2_last_rotated": "N/A", - "access_key_2_last_used_date": "N/A", - "access_key_2_last_used_region": "N/A", - "access_key_2_last_used_service": "N/A", - "cert_1_active": "false", - "cert_1_last_rotated": "N/A", - "cert_2_active": "false", - "cert_2_last_rotated": "N/A" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "", - "type": "AwsIamUser", - "uid": "arn:aws:iam::211203495394:root" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Find the credentials that they were using and ensure that they are no longer operational. Ideally, you delete credentials if they are no longer needed. You can always recreate them at a later date if the need arises. At the very least, you should change the password or deactivate the access keys so that the former users no longer have access.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_finding-unused.html" - ] - }, - "risk_details": "To increase the security of your AWS account, remove IAM user credentials (that is, passwords and access keys) that are not needed. For example, when users leave your organization or no longer need AWS access.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User terraform-user does not have unused access keys for 45 days.", - "metadata": { - "event_code": "iam_user_accesskey_unused", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "User terraform-user does not have unused access keys for 45 days.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_1", - "3_1_2", - "3_1_4", - "3_1_5", - "3_5_6", - "3_5_7", - "3_5_8" - ], - "HIPAA": [ - "164_308_a_3_ii_b", - "164_308_a_4_ii_c", - "164_308_a_5_ii_d" - ], - "SOC2": [ - "cc_1_3" - ], - "C5-2025": [ - "IAM-03.02B", - "IAM-03.03B", - "IAM-03.01AS", - "IAM-05.04B", - "IAM-10.01B", - "CRY-03.01B" - ], - "NIST-CSF-1.1": [ - "ac_1", - "ac_4" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-1", - "ac-2-f", - "ac-2-j", - "ac-2-3", - "ac-3", - "ac-5-c", - "ac-6" - ], - "CIS-3.0": [ - "1.12" - ], - "NIST-800-53-Revision-5": [ - "ac_2_1", - "ac_2_3_a", - "ac_2_3_b", - "ac_2_3_c", - "ac_2_3_d", - "ac_2_3", - "ac_2_6", - "ac_2_g", - "ac_2_j", - "ac_3", - "ac_3_3", - "ac_3_3_a", - "ac_3_3_b_1", - "ac_3_3_b_2", - "ac_3_3_b_3", - "ac_3_3_b_4", - "ac_3_3_b_5", - "ac_3_3_c", - "ac_3_4", - "ac_3_4_a", - "ac_3_4_b", - "ac_3_4_c", - "ac_3_4_d", - "ac_3_4_e", - "ac_3_7", - "ac_3_8", - "ac_3_12_a", - "ac_3_13", - "ac_3_15_a", - "ac_3_15_b", - "ac_4_28", - "ac_6", - "ac_24", - "cm_5_1_a", - "cm_6_a", - "cm_9_b", - "mp_2", - "sc_23_3" - ], - "ENS-RD2022": [ - "op.acc.6.aws.iam.2", - "op.acc.6.aws.iam.3", - "op.acc.6.r7.aws.iam.1" - ], - "AWS-Foundational-Technical-Review": [ - "IAM-002", - "IAM-0012" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.12" - ], - "PCI-4.0": [ - "7.2.4.2", - "7.2.5.1.2", - "8.2.6.2", - "A3.4.1.10" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "ac-3" - ], - "FFIEC": [ - "d3-pc-am-b-6" - ], - "GDPR": [ - "article_25" - ], - "PCI-3.2.1": [ - "8.1", - "8.1.4" - ], - "CIS-5.0": [ - "1.11" - ], - "CIS-1.4": [ - "1.12" - ], - "GxP-21-CFR-Part-11": [ - "11.10-d", - "11.10-g", - "11.300-b" - ], - "ProwlerThreatScore-1.0": [ - "1.1.10" - ], - "AWS-Foundational-Security-Best-Practices": [ - "IAM.8", - "IAM.22", - "IAM.26" - ], - "CIS-1.5": [ - "1.12" - ], - "ISO27001-2022": [ - "A.5.15" - ], - "NIST-800-53-Revision-4": [ - "ac_2_1", - "ac_2_3", - "ac_2", - "ac_3", - "ac_6" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.2" - ], - "ISO27001-2013": [ - "A.9.2", - "A.9.3", - "A.9.4" - ], - "MITRE-ATTACK": [ - "T1078", - "T1550", - "T1110" - ], - "CIS-2.0": [ - "1.12" - ], - "CISA": [ - "your-systems-3" - ], - "NIS2": [ - "11.5.4" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure unused User Access Keys are disabled", - "title": "Ensure unused User Access Keys are disabled", - "types": [ - "Software and Configuration Checks" - ], - "uid": "prowler-aws-iam_user_accesskey_unused-211203495394-us-east-1-terraform-user" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "user": "terraform-user", - "arn": "arn:aws:iam::211203495394:user/terraform-user", - "user_creation_time": "2025-10-06T15:56:43Z", - "password_enabled": "false", - "password_last_used": "N/A", - "password_last_changed": "N/A", - "password_next_rotation": "N/A", - "mfa_active": "false", - "access_key_1_active": "true", - "access_key_1_last_rotated": "2025-10-06T15:57:15Z", - "access_key_1_last_used_date": "2025-10-15T11:07:00Z", - "access_key_1_last_used_region": "ap-northeast-1", - "access_key_1_last_used_service": "ec2", - "access_key_2_active": "false", - "access_key_2_last_rotated": "N/A", - "access_key_2_last_used_date": "N/A", - "access_key_2_last_used_region": "N/A", - "access_key_2_last_used_service": "N/A", - "cert_1_active": "false", - "cert_1_last_rotated": "N/A", - "cert_2_active": "false", - "cert_2_last_rotated": "N/A" - } - }, - "group": { - "name": "iam" - }, - "labels": [ - "CCC_INFRA_DONT_DELETE:True", - "Preexisting:20251012" - ], - "name": "terraform-user", - "type": "AwsIamUser", - "uid": "arn:aws:iam::211203495394:user/terraform-user" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Find the credentials that they were using and ensure that they are no longer operational. Ideally, you delete credentials if they are no longer needed. You can always recreate them at a later date if the need arises. At the very least, you should change the password or deactivate the access keys so that the former users no longer have access.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_finding-unused.html" - ] - }, - "risk_details": "To increase the security of your AWS account, remove IAM user credentials (that is, passwords and access keys) that are not needed. For example, when users leave your organization or no longer need AWS access.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "IAM User terraform-user has AdministratorAccess policy attached.", - "metadata": { - "event_code": "iam_user_administrator_access_policy", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "IAM User terraform-user has AdministratorAccess policy attached.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-04.03B", - "SP-01.04B", - "HR-01.01B", - "IAM-01.01B", - "IAM-01.04B", - "IAM-10.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "PCI-4.0": [ - "7.2.1.19", - "7.2.2.19", - "7.2.5.13", - "7.3.1.13", - "7.3.2.13", - "7.3.3.13", - "8.2.7.13", - "8.2.8.15", - "8.3.4.13" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.LB.CN04.AR01", - "CCC.LB.CN05.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR04" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "This check ensures that no IAM users in your AWS account have the 'AdministratorAccess' policy attached. IAM users with this policy have unrestricted access to all AWS services and resources, which poses a significant security risk if misused.", - "title": "Ensure No IAM Users Have Administrator Access Policy", - "types": [], - "uid": "prowler-aws-iam_user_administrator_access_policy-211203495394-us-east-1-terraform-user" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "terraform-user", - "arn": "arn:aws:iam::211203495394:user/terraform-user", - "mfa_devices": [], - "password_last_used": null, - "console_access": false, - "attached_policies": [ - { - "PolicyName": "AdministratorAccess", - "PolicyArn": "arn:aws:iam::aws:policy/AdministratorAccess" - } - ], - "inline_policies": [], - "tags": [ - { - "Key": "CCC_INFRA_DONT_DELETE", - "Value": "True" - }, - { - "Key": "Preexisting", - "Value": "20251012" - } - ] - } - }, - "group": { - "name": "iam" - }, - "labels": [ - "CCC_INFRA_DONT_DELETE:True", - "Preexisting:20251012" - ], - "name": "terraform-user", - "type": "AwsIamUser", - "uid": "arn:aws:iam::211203495394:user/terraform-user" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Replace the 'AdministratorAccess' policy with more specific permissions that follow the Principle of Least Privilege. Consider implementing IAM roles such as 'IAM Master' and 'IAM Manager' to manage permissions more securely.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html" - ] - }, - "risk_details": "IAM users with administrator-level permissions can perform any action on any resource in your AWS environment. If these permissions are granted to users unnecessarily or to individuals without sufficient knowledge, it can lead to security vulnerabilities, data leaks, data loss, or unexpected charges.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "IAM User test-user-trusted does not have AdministratorAccess policy.", - "metadata": { - "event_code": "iam_user_administrator_access_policy", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "IAM User test-user-trusted does not have AdministratorAccess policy.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-04.03B", - "SP-01.04B", - "HR-01.01B", - "IAM-01.01B", - "IAM-01.04B", - "IAM-10.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ], - "PCI-4.0": [ - "7.2.1.19", - "7.2.2.19", - "7.2.5.13", - "7.3.1.13", - "7.3.2.13", - "7.3.3.13", - "8.2.7.13", - "8.2.8.15", - "8.3.4.13" - ], - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.LB.CN04.AR01", - "CCC.LB.CN05.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR04" - ], - "KISA-ISMS-P-2023": [ - "2.5.1", - "2.5.5", - "2.5.6", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "This check ensures that no IAM users in your AWS account have the 'AdministratorAccess' policy attached. IAM users with this policy have unrestricted access to all AWS services and resources, which poses a significant security risk if misused.", - "title": "Ensure No IAM Users Have Administrator Access Policy", - "types": [], - "uid": "prowler-aws-iam_user_administrator_access_policy-211203495394-us-east-1-test-user-trusted" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "test-user-trusted", - "arn": "arn:aws:iam::211203495394:user/test-user-trusted", - "mfa_devices": [], - "password_last_used": null, - "console_access": false, - "attached_policies": [], - "inline_policies": [ - "CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-read", - "CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-write" - ], - "tags": [ - { - "Key": "Purpose", - "Value": "CCC-Testing" - }, - { - "Key": "ManagedBy", - "Value": "CCC-CFI-Compliance-Framework" - } - ] - } - }, - "group": { - "name": "iam" - }, - "labels": [ - "Purpose:CCC-Testing", - "ManagedBy:CCC-CFI-Compliance-Framework" - ], - "name": "test-user-trusted", - "type": "AwsIamUser", - "uid": "arn:aws:iam::211203495394:user/test-user-trusted" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Replace the 'AdministratorAccess' policy with more specific permissions that follow the Principle of Least Privilege. Consider implementing IAM roles such as 'IAM Master' and 'IAM Manager' to manage permissions more securely.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html" - ] - }, - "risk_details": "IAM users with administrator-level permissions can perform any action on any resource in your AWS environment. If these permissions are granted to users unnecessarily or to individuals without sufficient knowledge, it can lead to security vulnerabilities, data leaks, data loss, or unexpected charges.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User terraform-user does not have console access enabled or is unused.", - "metadata": { - "event_code": "iam_user_console_access_unused", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "User terraform-user does not have console access enabled or is unused.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_1", - "3_1_2", - "3_1_4", - "3_1_5", - "3_5_6", - "3_5_7", - "3_5_8" - ], - "HIPAA": [ - "164_308_a_3_ii_b", - "164_308_a_4_ii_c", - "164_308_a_5_ii_d" - ], - "SOC2": [ - "cc_1_3" - ], - "C5-2025": [ - "OPS-05.02AC", - "IAM-03.02B", - "IAM-03.03B", - "IAM-03.01AS", - "IAM-05.04B", - "IAM-10.01B" - ], - "NIST-CSF-1.1": [ - "ac_1", - "ac_4" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-1", - "ac-2-f", - "ac-2-j", - "ac-2-3", - "ac-3", - "ac-5-c", - "ac-6" - ], - "CIS-3.0": [ - "1.12" - ], - "NIST-800-53-Revision-5": [ - "ac_2_1", - "ac_2_3_a", - "ac_2_3_b", - "ac_2_3_c", - "ac_2_3_d", - "ac_2_3", - "ac_2_6", - "ac_2_g", - "ac_2_j", - "ac_3", - "ac_3_3", - "ac_3_3_a", - "ac_3_3_b_1", - "ac_3_3_b_2", - "ac_3_3_b_3", - "ac_3_3_b_4", - "ac_3_3_b_5", - "ac_3_3_c", - "ac_3_4", - "ac_3_4_a", - "ac_3_4_b", - "ac_3_4_c", - "ac_3_4_d", - "ac_3_4_e", - "ac_3_7", - "ac_3_8", - "ac_3_12_a", - "ac_3_13", - "ac_3_15_a", - "ac_3_15_b", - "ac_4_28", - "ac_6", - "ac_24", - "cm_5_1_a", - "cm_6_a", - "cm_9_b", - "mp_2", - "sc_23_3" - ], - "ENS-RD2022": [ - "op.acc.6.aws.iam.2", - "op.acc.6.aws.iam.3", - "op.acc.6.r7.aws.iam.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.3", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.12" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "ac-3" - ], - "FFIEC": [ - "d3-pc-am-b-6" - ], - "GDPR": [ - "article_25" - ], - "PCI-3.2.1": [ - "8.1", - "8.1.4" - ], - "CIS-5.0": [ - "1.11" - ], - "CIS-1.4": [ - "1.12" - ], - "GxP-21-CFR-Part-11": [ - "11.10-d", - "11.10-g", - "11.300-b" - ], - "ProwlerThreatScore-1.0": [ - "1.1.10" - ], - "AWS-Foundational-Security-Best-Practices": [ - "IAM.8", - "IAM.22", - "IAM.26" - ], - "CIS-1.5": [ - "1.12" - ], - "ISO27001-2022": [ - "A.5.15" - ], - "NIST-800-53-Revision-4": [ - "ac_2_1", - "ac_2_3", - "ac_2", - "ac_3", - "ac_6" - ], - "KISA-ISMS-P-2023": [ - "2.5.3", - "2.10.2" - ], - "ISO27001-2013": [ - "A.9.2", - "A.9.3", - "A.9.4" - ], - "MITRE-ATTACK": [ - "T1078", - "T1550", - "T1110" - ], - "CIS-2.0": [ - "1.12" - ], - "CISA": [ - "your-systems-3" - ], - "NIS2": [ - "11.3.2.d", - "11.5.4" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure unused user console access are disabled", - "title": "Ensure unused user console access are disabled", - "types": [ - "Software and Configuration Checks" - ], - "uid": "prowler-aws-iam_user_console_access_unused-211203495394-us-east-1-terraform-user" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "terraform-user", - "arn": "arn:aws:iam::211203495394:user/terraform-user", - "mfa_devices": [], - "password_last_used": null, - "console_access": false, - "attached_policies": [ - { - "PolicyName": "AdministratorAccess", - "PolicyArn": "arn:aws:iam::aws:policy/AdministratorAccess" - } - ], - "inline_policies": [], - "tags": [ - { - "Key": "CCC_INFRA_DONT_DELETE", - "Value": "True" - }, - { - "Key": "Preexisting", - "Value": "20251012" - } - ] - } - }, - "group": { - "name": "iam" - }, - "labels": [ - "CCC_INFRA_DONT_DELETE:True", - "Preexisting:20251012" - ], - "name": "terraform-user", - "type": "AwsIamUser", - "uid": "arn:aws:iam::211203495394:user/terraform-user" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Find the credentials that they were using and ensure that they are no longer operational. Ideally, you delete credentials if they are no longer needed. You can always recreate them at a later date if the need arises. At the very least, you should change the password or deactivate the access keys so that the former users no longer have access.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_finding-unused.html" - ] - }, - "risk_details": "To increase the security of your AWS account, remove IAM user credentials (that is, passwords and access keys) that are not needed. For example, when users leave your organization or no longer need AWS access.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User test-user-trusted does not have console access enabled or is unused.", - "metadata": { - "event_code": "iam_user_console_access_unused", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "User test-user-trusted does not have console access enabled or is unused.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_1", - "3_1_2", - "3_1_4", - "3_1_5", - "3_5_6", - "3_5_7", - "3_5_8" - ], - "HIPAA": [ - "164_308_a_3_ii_b", - "164_308_a_4_ii_c", - "164_308_a_5_ii_d" - ], - "SOC2": [ - "cc_1_3" - ], - "C5-2025": [ - "OPS-05.02AC", - "IAM-03.02B", - "IAM-03.03B", - "IAM-03.01AS", - "IAM-05.04B", - "IAM-10.01B" - ], - "NIST-CSF-1.1": [ - "ac_1", - "ac_4" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-1", - "ac-2-f", - "ac-2-j", - "ac-2-3", - "ac-3", - "ac-5-c", - "ac-6" - ], - "CIS-3.0": [ - "1.12" - ], - "NIST-800-53-Revision-5": [ - "ac_2_1", - "ac_2_3_a", - "ac_2_3_b", - "ac_2_3_c", - "ac_2_3_d", - "ac_2_3", - "ac_2_6", - "ac_2_g", - "ac_2_j", - "ac_3", - "ac_3_3", - "ac_3_3_a", - "ac_3_3_b_1", - "ac_3_3_b_2", - "ac_3_3_b_3", - "ac_3_3_b_4", - "ac_3_3_b_5", - "ac_3_3_c", - "ac_3_4", - "ac_3_4_a", - "ac_3_4_b", - "ac_3_4_c", - "ac_3_4_d", - "ac_3_4_e", - "ac_3_7", - "ac_3_8", - "ac_3_12_a", - "ac_3_13", - "ac_3_15_a", - "ac_3_15_b", - "ac_4_28", - "ac_6", - "ac_24", - "cm_5_1_a", - "cm_6_a", - "cm_9_b", - "mp_2", - "sc_23_3" - ], - "ENS-RD2022": [ - "op.acc.6.aws.iam.2", - "op.acc.6.aws.iam.3", - "op.acc.6.r7.aws.iam.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.3", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.12" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "ac-3" - ], - "FFIEC": [ - "d3-pc-am-b-6" - ], - "GDPR": [ - "article_25" - ], - "PCI-3.2.1": [ - "8.1", - "8.1.4" - ], - "CIS-5.0": [ - "1.11" - ], - "CIS-1.4": [ - "1.12" - ], - "GxP-21-CFR-Part-11": [ - "11.10-d", - "11.10-g", - "11.300-b" - ], - "ProwlerThreatScore-1.0": [ - "1.1.10" - ], - "AWS-Foundational-Security-Best-Practices": [ - "IAM.8", - "IAM.22", - "IAM.26" - ], - "CIS-1.5": [ - "1.12" - ], - "ISO27001-2022": [ - "A.5.15" - ], - "NIST-800-53-Revision-4": [ - "ac_2_1", - "ac_2_3", - "ac_2", - "ac_3", - "ac_6" - ], - "KISA-ISMS-P-2023": [ - "2.5.3", - "2.10.2" - ], - "ISO27001-2013": [ - "A.9.2", - "A.9.3", - "A.9.4" - ], - "MITRE-ATTACK": [ - "T1078", - "T1550", - "T1110" - ], - "CIS-2.0": [ - "1.12" - ], - "CISA": [ - "your-systems-3" - ], - "NIS2": [ - "11.3.2.d", - "11.5.4" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure unused user console access are disabled", - "title": "Ensure unused user console access are disabled", - "types": [ - "Software and Configuration Checks" - ], - "uid": "prowler-aws-iam_user_console_access_unused-211203495394-us-east-1-test-user-trusted" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "test-user-trusted", - "arn": "arn:aws:iam::211203495394:user/test-user-trusted", - "mfa_devices": [], - "password_last_used": null, - "console_access": false, - "attached_policies": [], - "inline_policies": [ - "CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-read", - "CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-write" - ], - "tags": [ - { - "Key": "Purpose", - "Value": "CCC-Testing" - }, - { - "Key": "ManagedBy", - "Value": "CCC-CFI-Compliance-Framework" - } - ] - } - }, - "group": { - "name": "iam" - }, - "labels": [ - "Purpose:CCC-Testing", - "ManagedBy:CCC-CFI-Compliance-Framework" - ], - "name": "test-user-trusted", - "type": "AwsIamUser", - "uid": "arn:aws:iam::211203495394:user/test-user-trusted" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Find the credentials that they were using and ensure that they are no longer operational. Ideally, you delete credentials if they are no longer needed. You can always recreate them at a later date if the need arises. At the very least, you should change the password or deactivate the access keys so that the former users no longer have access.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_finding-unused.html" - ] - }, - "risk_details": "To increase the security of your AWS account, remove IAM user credentials (that is, passwords and access keys) that are not needed. For example, when users leave your organization or no longer need AWS access.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User terraform-user does not have any type of MFA enabled.", - "metadata": { - "event_code": "iam_user_hardware_mfa_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "User terraform-user does not have any type of MFA enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OPS-16.01B", - "IAM-08.05B", - "IAM-09.02B", - "IAM-09.01AC", - "PSS-05.01B", - "PSS-07.02B" - ], - "AWS-Foundational-Technical-Review": [ - "IAM-001", - "IAM-0012" - ], - "AWS-Audit-Manager-Control-Tower-Guardrails": [ - "3.0.1", - "3.0.2" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.3", - "2.10.2" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2" - ], - "CCC": [ - "CCC.Core.CN03.AR03", - "CCC.Core.CN03.AR04", - "CCC.Core.CN05.AR06" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC02-BP01" - ], - "ISO27001-2022": [ - "A.8.5" - ], - "KISA-ISMS-P-2023": [ - "2.5.3", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1078", - "T1098", - "T1556", - "T1550", - "T1110", - "T1040" - ], - "CISA": [ - "booting-up-thing-to-do-first-2" - ], - "NIS2": [ - "11.7.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Check if IAM users have Hardware MFA enabled.", - "title": "Check if IAM users have Hardware MFA enabled.", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_user_hardware_mfa_enabled-211203495394-us-east-1-terraform-user" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "terraform-user", - "arn": "arn:aws:iam::211203495394:user/terraform-user", - "mfa_devices": [], - "password_last_used": null, - "console_access": false, - "attached_policies": [ - { - "PolicyName": "AdministratorAccess", - "PolicyArn": "arn:aws:iam::aws:policy/AdministratorAccess" - } - ], - "inline_policies": [], - "tags": [ - { - "Key": "CCC_INFRA_DONT_DELETE", - "Value": "True" - }, - { - "Key": "Preexisting", - "Value": "20251012" - } - ] - } - }, - "group": { - "name": "iam" - }, - "labels": [ - "CCC_INFRA_DONT_DELETE:True", - "Preexisting:20251012" - ], - "name": "terraform-user", - "type": "AwsIamUser", - "uid": "arn:aws:iam::211203495394:user/terraform-user" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Enable hardware MFA device for an IAM user from the AWS Management Console, the command line, or the IAM API.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_mfa_enable_physical.html" - ] - }, - "risk_details": "Hardware MFA is preferred over virtual MFA.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User test-user-trusted does not have any type of MFA enabled.", - "metadata": { - "event_code": "iam_user_hardware_mfa_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "User test-user-trusted does not have any type of MFA enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OPS-16.01B", - "IAM-08.05B", - "IAM-09.02B", - "IAM-09.01AC", - "PSS-05.01B", - "PSS-07.02B" - ], - "AWS-Foundational-Technical-Review": [ - "IAM-001", - "IAM-0012" - ], - "AWS-Audit-Manager-Control-Tower-Guardrails": [ - "3.0.1", - "3.0.2" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.3", - "2.10.2" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2" - ], - "CCC": [ - "CCC.Core.CN03.AR03", - "CCC.Core.CN03.AR04", - "CCC.Core.CN05.AR06" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC02-BP01" - ], - "ISO27001-2022": [ - "A.8.5" - ], - "KISA-ISMS-P-2023": [ - "2.5.3", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1078", - "T1098", - "T1556", - "T1550", - "T1110", - "T1040" - ], - "CISA": [ - "booting-up-thing-to-do-first-2" - ], - "NIS2": [ - "11.7.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Check if IAM users have Hardware MFA enabled.", - "title": "Check if IAM users have Hardware MFA enabled.", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_user_hardware_mfa_enabled-211203495394-us-east-1-test-user-trusted" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "test-user-trusted", - "arn": "arn:aws:iam::211203495394:user/test-user-trusted", - "mfa_devices": [], - "password_last_used": null, - "console_access": false, - "attached_policies": [], - "inline_policies": [ - "CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-read", - "CCC-Test-arnawss3us-east-1211203495394storage-lensdefault-account-dashboa-write" - ], - "tags": [ - { - "Key": "Purpose", - "Value": "CCC-Testing" - }, - { - "Key": "ManagedBy", - "Value": "CCC-CFI-Compliance-Framework" - } - ] - } - }, - "group": { - "name": "iam" - }, - "labels": [ - "Purpose:CCC-Testing", - "ManagedBy:CCC-CFI-Compliance-Framework" - ], - "name": "test-user-trusted", - "type": "AwsIamUser", - "uid": "arn:aws:iam::211203495394:user/test-user-trusted" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Enable hardware MFA device for an IAM user from the AWS Management Console, the command line, or the IAM API.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_mfa_enable_physical.html" - ] - }, - "risk_details": "Hardware MFA is preferred over virtual MFA.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User terraform-user does not have Console Password enabled.", - "metadata": { - "event_code": "iam_user_mfa_enabled_console_access", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "User terraform-user does not have Console Password enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_1", - "3_1_2", - "3_1_14", - "3_5_2", - "3_5_3" - ], - "HIPAA": [ - "164_308_a_3_ii_a", - "164_312_a_1", - "164_312_d" - ], - "C5-2025": [ - "OPS-05.02AC", - "OPS-16.01B", - "IAM-04.06B", - "IAM-06.09B", - "IAM-08.02B", - "IAM-08.05B", - "IAM-09.02B", - "IAM-09.01AC", - "IAM-10.01B", - "PSS-05.01B", - "PSS-07.01B", - "PSS-07.02B" - ], - "NIST-CSF-1.1": [ - "ac_3", - "ac_7" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-1", - "ac-2-f", - "ac-2-j", - "ia-2-1-2", - "ia-2-1" - ], - "CIS-3.0": [ - "1.10" - ], - "NIST-800-53-Revision-5": [ - "ac_2_1", - "ac_3_2", - "ac_3_3", - "ac_3_3_a", - "ac_3_3_b_1", - "ac_3_3_b_2", - "ac_3_3_b_3", - "ac_3_3_b_4", - "ac_3_3_b_5", - "ac_3_3_c", - "ac_3_4", - "ac_3_4_a", - "ac_3_4_b", - "ac_3_4_c", - "ac_3_4_d", - "ac_3_4_e", - "ac_3_8", - "ac_3_12_a", - "ac_3_13", - "ac_3_15_a", - "ac_3_15_b", - "ac_4_28", - "ac_7_4", - "ac_7_4_a", - "ac_24", - "cm_5_1_a", - "cm_6_a", - "cm_9_b", - "ia_2_1", - "ia_2_2", - "ia_2_6", - "ia_2_6_a", - "ia_2_8", - "sc_23_3" - ], - "ENS-RD2022": [ - "op.acc.6.r2.aws.iam.1", - "op.acc.6.r4.aws.iam.1", - "op.acc.6.r8.aws.iam.1" - ], - "AWS-Foundational-Technical-Review": [ - "IAM-001", - "IAM-0012" - ], - "AWS-Audit-Manager-Control-Tower-Guardrails": [ - "3.0.1", - "3.0.2", - "3.0.3" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.3", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.10" - ], - "PCI-4.0": [ - "8.4.1.1", - "8.4.1.2", - "8.4.2.1", - "8.4.2.2", - "8.4.3.1", - "8.4.3.2" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "ia-2" - ], - "FFIEC": [ - "d3-pc-am-b-15", - "d3-pc-am-b-6" - ], - "GDPR": [ - "article_25" - ], - "PCI-3.2.1": [ - "8.3", - "8.3.1", - "8.3.1.a", - "8.3.2", - "8.3.2.a", - "8.6", - "8.6.c" - ], - "CIS-5.0": [ - "1.9" - ], - "CIS-1.4": [ - "1.10" - ], - "CCC": [ - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN03.AR01", - "CCC.Core.CN03.AR02", - "CCC.Core.CN03.AR03", - "CCC.Core.CN03.AR04", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR06" - ], - "GxP-21-CFR-Part-11": [ - "11.10-d", - "11.10-g", - "11.200" - ], - "ProwlerThreatScore-1.0": [ - "1.1.3" - ], - "AWS-Foundational-Security-Best-Practices": [ - "IAM.5", - "IAM.19" - ], - "CIS-1.5": [ - "1.10" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC02-BP01" - ], - "ISO27001-2022": [ - "A.5.15", - "A.5.17", - "A.8.5" - ], - "NIST-800-53-Revision-4": [ - "ia_2_1", - "ia_2_2", - "ia_2_11" - ], - "KISA-ISMS-P-2023": [ - "2.5.3", - "2.10.2" - ], - "ISO27001-2013": [ - "A.9.2", - "A.9.3", - "A.9.4" - ], - "MITRE-ATTACK": [ - "T1078", - "T1098", - "T1556", - "T1550", - "T1110", - "T1040", - "T1538" - ], - "CIS-2.0": [ - "1.10" - ], - "CISA": [ - "your-systems-3", - "your-surroundings-2", - "booting-up-thing-to-do-first-2" - ], - "NIS2": [ - "11.1.2.c", - "11.3.2.a", - "11.4.2.c", - "11.6.1", - "11.7.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password.", - "title": "Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password.", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_user_mfa_enabled_console_access-211203495394-us-east-1-terraform-user" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "user": "terraform-user", - "arn": "arn:aws:iam::211203495394:user/terraform-user", - "user_creation_time": "2025-10-06T15:56:43Z", - "password_enabled": "false", - "password_last_used": "N/A", - "password_last_changed": "N/A", - "password_next_rotation": "N/A", - "mfa_active": "false", - "access_key_1_active": "true", - "access_key_1_last_rotated": "2025-10-06T15:57:15Z", - "access_key_1_last_used_date": "2025-10-15T11:07:00Z", - "access_key_1_last_used_region": "ap-northeast-1", - "access_key_1_last_used_service": "ec2", - "access_key_2_active": "false", - "access_key_2_last_rotated": "N/A", - "access_key_2_last_used_date": "N/A", - "access_key_2_last_used_region": "N/A", - "access_key_2_last_used_service": "N/A", - "cert_1_active": "false", - "cert_1_last_rotated": "N/A", - "cert_2_active": "false", - "cert_2_last_rotated": "N/A" - } - }, - "group": { - "name": "iam" - }, - "labels": [ - "CCC_INFRA_DONT_DELETE:True", - "Preexisting:20251012" - ], - "name": "terraform-user", - "type": "AwsIamUser", - "uid": "arn:aws:iam::211203495394:user/terraform-user" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Enable MFA for the user's account. MFA is a simple best practice that adds an extra layer of protection on top of your user name and password. Recommended to use hardware keys over virtual MFA.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_mfa_enable_virtual.html" - ] - }, - "risk_details": "Unauthorized access to this critical account if password is not secure or it is disclosed in any way.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User does not have access keys or uses the access keys configured.", - "metadata": { - "event_code": "iam_user_no_setup_initial_access_key", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "User does not have access keys or uses the access keys configured.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "CAF Security Epic: IAM", - "compliance": { - "C5-2025": [ - "OPS-05.02AC", - "IAM-10.01B", - "CRY-03.01B", - "PSS-07.01B" - ], - "CIS-3.0": [ - "1.11" - ], - "ENS-RD2022": [ - "op.acc.6.aws.iam.4" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.11" - ], - "CIS-5.0": [ - "1.1" - ], - "CIS-1.4": [ - "1.11" - ], - "CIS-1.5": [ - "1.11" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC02-BP01" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1078", - "T1550" - ], - "CIS-2.0": [ - "1.11" - ], - "NIS2": [ - "9.2.c", - "9.2.c.iii" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Do not setup access keys during initial user setup for all IAM users that have a console password", - "title": "Do not setup access keys during initial user setup for all IAM users that have a console password", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_user_no_setup_initial_access_key-211203495394-us-east-1-" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "user": "", - "arn": "arn:aws:iam::211203495394:root", - "user_creation_time": "2025-10-03T16:10:08Z", - "password_enabled": "true", - "password_last_used": "2025-10-15T00:42:44Z", - "password_last_changed": "2025-10-03T16:10:08Z", - "password_next_rotation": "not_supported", - "mfa_active": "true", - "access_key_1_active": "false", - "access_key_1_last_rotated": "N/A", - "access_key_1_last_used_date": "N/A", - "access_key_1_last_used_region": "N/A", - "access_key_1_last_used_service": "N/A", - "access_key_2_active": "false", - "access_key_2_last_rotated": "N/A", - "access_key_2_last_used_date": "N/A", - "access_key_2_last_used_region": "N/A", - "access_key_2_last_used_service": "N/A", - "cert_1_active": "false", - "cert_1_last_rotated": "N/A", - "cert_2_active": "false", - "cert_2_last_rotated": "N/A" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "", - "type": "AwsIamAccessKey", - "uid": "arn:aws:iam::211203495394:root" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "From the IAM console: generate credential report and disable not required keys.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_getting-report.html" - ] - }, - "risk_details": "AWS console defaults the checkbox for creating access keys to enabled. This results in many access keys being generated unnecessarily. In addition to unnecessary credentials, it also generates unnecessary management work in auditing and rotating these keys. Requiring that additional steps be taken by the user after their profile has been created will give a stronger indication of intent that access keys are (a) necessary for their work and (b) once the access key is established on an account that the keys may be in use somewhere in the organization.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User terraform-user does not have access keys or uses the access keys configured.", - "metadata": { - "event_code": "iam_user_no_setup_initial_access_key", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "User terraform-user does not have access keys or uses the access keys configured.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "CAF Security Epic: IAM", - "compliance": { - "C5-2025": [ - "OPS-05.02AC", - "IAM-10.01B", - "CRY-03.01B", - "PSS-07.01B" - ], - "CIS-3.0": [ - "1.11" - ], - "ENS-RD2022": [ - "op.acc.6.aws.iam.4" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.11" - ], - "CIS-5.0": [ - "1.1" - ], - "CIS-1.4": [ - "1.11" - ], - "CIS-1.5": [ - "1.11" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC02-BP01" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1078", - "T1550" - ], - "CIS-2.0": [ - "1.11" - ], - "NIS2": [ - "9.2.c", - "9.2.c.iii" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Do not setup access keys during initial user setup for all IAM users that have a console password", - "title": "Do not setup access keys during initial user setup for all IAM users that have a console password", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_user_no_setup_initial_access_key-211203495394-us-east-1-terraform-user" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "user": "terraform-user", - "arn": "arn:aws:iam::211203495394:user/terraform-user", - "user_creation_time": "2025-10-06T15:56:43Z", - "password_enabled": "false", - "password_last_used": "N/A", - "password_last_changed": "N/A", - "password_next_rotation": "N/A", - "mfa_active": "false", - "access_key_1_active": "true", - "access_key_1_last_rotated": "2025-10-06T15:57:15Z", - "access_key_1_last_used_date": "2025-10-15T11:07:00Z", - "access_key_1_last_used_region": "ap-northeast-1", - "access_key_1_last_used_service": "ec2", - "access_key_2_active": "false", - "access_key_2_last_rotated": "N/A", - "access_key_2_last_used_date": "N/A", - "access_key_2_last_used_region": "N/A", - "access_key_2_last_used_service": "N/A", - "cert_1_active": "false", - "cert_1_last_rotated": "N/A", - "cert_2_active": "false", - "cert_2_last_rotated": "N/A" - } - }, - "group": { - "name": "iam" - }, - "labels": [ - "CCC_INFRA_DONT_DELETE:True", - "Preexisting:20251012" - ], - "name": "terraform-user", - "type": "AwsIamAccessKey", - "uid": "arn:aws:iam::211203495394:user/terraform-user" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "From the IAM console: generate credential report and disable not required keys.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_getting-report.html" - ] - }, - "risk_details": "AWS console defaults the checkbox for creating access keys to enabled. This results in many access keys being generated unnecessarily. In addition to unnecessary credentials, it also generates unnecessary management work in auditing and rotating these keys. Requiring that additional steps be taken by the user after their profile has been created will give a stronger indication of intent that access keys are (a) necessary for their work and (b) once the access key is established on an account that the keys may be in use somewhere in the organization.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User does not have 2 active access keys.", - "metadata": { - "event_code": "iam_user_two_active_access_key", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "User does not have 2 active access keys.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-10.01B", - "CRY-03.01B" - ], - "CIS-3.0": [ - "1.13" - ], - "ENS-RD2022": [ - "op.acc.6.aws.iam.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.13" - ], - "CIS-5.0": [ - "1.12" - ], - "CIS-1.4": [ - "1.13" - ], - "CIS-1.5": [ - "1.13" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC02-BP01" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1078", - "T1550" - ], - "CIS-2.0": [ - "1.13" - ], - "NIS2": [ - "9.2.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Check if IAM users have two active access keys", - "title": "Check if IAM users have two active access keys", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_user_two_active_access_key-211203495394-us-east-1-" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "user": "", - "arn": "arn:aws:iam::211203495394:root", - "user_creation_time": "2025-10-03T16:10:08Z", - "password_enabled": "true", - "password_last_used": "2025-10-15T00:42:44Z", - "password_last_changed": "2025-10-03T16:10:08Z", - "password_next_rotation": "not_supported", - "mfa_active": "true", - "access_key_1_active": "false", - "access_key_1_last_rotated": "N/A", - "access_key_1_last_used_date": "N/A", - "access_key_1_last_used_region": "N/A", - "access_key_1_last_used_service": "N/A", - "access_key_2_active": "false", - "access_key_2_last_rotated": "N/A", - "access_key_2_last_used_date": "N/A", - "access_key_2_last_used_region": "N/A", - "access_key_2_last_used_service": "N/A", - "cert_1_active": "false", - "cert_1_last_rotated": "N/A", - "cert_2_active": "false", - "cert_2_last_rotated": "N/A" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "", - "type": "AwsIamUser", - "uid": "arn:aws:iam::211203495394:root" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Avoid using long lived access keys.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListAccessKeys.html" - ] - }, - "risk_details": "Access Keys could be lost or stolen. It creates a critical risk.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User terraform-user does not have 2 active access keys.", - "metadata": { - "event_code": "iam_user_two_active_access_key", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "User terraform-user does not have 2 active access keys.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-10.01B", - "CRY-03.01B" - ], - "CIS-3.0": [ - "1.13" - ], - "ENS-RD2022": [ - "op.acc.6.aws.iam.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.2" - ], - "CIS-4.0.1": [ - "1.13" - ], - "CIS-5.0": [ - "1.12" - ], - "CIS-1.4": [ - "1.13" - ], - "CIS-1.5": [ - "1.13" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC02-BP01" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1078", - "T1550" - ], - "CIS-2.0": [ - "1.13" - ], - "NIS2": [ - "9.2.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Check if IAM users have two active access keys", - "title": "Check if IAM users have two active access keys", - "types": [ - "Software and Configuration Checks", - "Industry and Regulatory Standards", - "CIS AWS Foundations Benchmark" - ], - "uid": "prowler-aws-iam_user_two_active_access_key-211203495394-us-east-1-terraform-user" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "user": "terraform-user", - "arn": "arn:aws:iam::211203495394:user/terraform-user", - "user_creation_time": "2025-10-06T15:56:43Z", - "password_enabled": "false", - "password_last_used": "N/A", - "password_last_changed": "N/A", - "password_next_rotation": "N/A", - "mfa_active": "false", - "access_key_1_active": "true", - "access_key_1_last_rotated": "2025-10-06T15:57:15Z", - "access_key_1_last_used_date": "2025-10-15T11:07:00Z", - "access_key_1_last_used_region": "ap-northeast-1", - "access_key_1_last_used_service": "ec2", - "access_key_2_active": "false", - "access_key_2_last_rotated": "N/A", - "access_key_2_last_used_date": "N/A", - "access_key_2_last_used_region": "N/A", - "access_key_2_last_used_service": "N/A", - "cert_1_active": "false", - "cert_1_last_rotated": "N/A", - "cert_2_active": "false", - "cert_2_last_rotated": "N/A" - } - }, - "group": { - "name": "iam" - }, - "labels": [ - "CCC_INFRA_DONT_DELETE:True", - "Preexisting:20251012" - ], - "name": "terraform-user", - "type": "AwsIamUser", - "uid": "arn:aws:iam::211203495394:user/terraform-user" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Avoid using long lived access keys.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListAccessKeys.html" - ] - }, - "risk_details": "Access Keys could be lost or stolen. It creates a critical risk.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User terraform-user has long lived credentials with access to other services than IAM or STS.", - "metadata": { - "event_code": "iam_user_with_temporary_credentials", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "User terraform-user has long lived credentials with access to other services than IAM or STS.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-01.01B", - "IAM-01.04B", - "IAM-03.01B", - "IAM-03.03B", - "IAM-03.01AS", - "IAM-06.01B", - "IAM-08.02B" - ], - "AWS-Foundational-Technical-Review": [ - "IAM-002", - "IAM-0012" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.3", - "2.10.2" - ], - "KISA-ISMS-P-2023": [ - "2.5.3", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure users make use of temporary credentials assuming IAM roles", - "title": "Ensure users make use of temporary credentials assuming IAM roles", - "types": [ - "Infrastructure Security" - ], - "uid": "prowler-aws-iam_user_with_temporary_credentials-211203495394-us-east-1-terraform-user" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "terraform-user", - "arn": "arn:aws:iam::211203495394:user/terraform-user" - } - }, - "group": { - "name": "iam" - }, - "labels": [ - "CCC_INFRA_DONT_DELETE:True", - "Preexisting:20251012" - ], - "name": "terraform-user", - "type": "AwsIamUser", - "uid": "arn:aws:iam::211203495394:user/terraform-user" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "As a best practice, use temporary security credentials (IAM roles) instead of creating long-term credentials like access keys, and don't create AWS account root user access keys.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html" - ] - }, - "risk_details": "As a best practice, use temporary security credentials (IAM roles) instead of creating long-term credentials like access keys, and don't create AWS account root user access keys.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "User test-user-trusted has long lived credentials with access to other services than IAM or STS.", - "metadata": { - "event_code": "iam_user_with_temporary_credentials", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "User test-user-trusted has long lived credentials with access to other services than IAM or STS.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-01.01B", - "IAM-01.04B", - "IAM-03.01B", - "IAM-03.03B", - "IAM-03.01AS", - "IAM-06.01B", - "IAM-08.02B" - ], - "AWS-Foundational-Technical-Review": [ - "IAM-002", - "IAM-0012" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.3", - "2.10.2" - ], - "KISA-ISMS-P-2023": [ - "2.5.3", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure users make use of temporary credentials assuming IAM roles", - "title": "Ensure users make use of temporary credentials assuming IAM roles", - "types": [ - "Infrastructure Security" - ], - "uid": "prowler-aws-iam_user_with_temporary_credentials-211203495394-us-east-1-test-user-trusted" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "name": "test-user-trusted", - "arn": "arn:aws:iam::211203495394:user/test-user-trusted" - } - }, - "group": { - "name": "iam" - }, - "labels": [ - "Purpose:CCC-Testing", - "ManagedBy:CCC-CFI-Compliance-Framework" - ], - "name": "test-user-trusted", - "type": "AwsIamUser", - "uid": "arn:aws:iam::211203495394:user/test-user-trusted" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "As a best practice, use temporary security credentials (IAM roles) instead of creating long-term credentials like access keys, and don't create AWS account root user access keys.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html" - ] - }, - "risk_details": "As a best practice, use temporary security credentials (IAM roles) instead of creating long-term credentials like access keys, and don't create AWS account root user access keys.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 1b7c736d-854c-475a-a8a5-df95b3d7a4df is not being used but it has scheduled deletion.", - "metadata": { - "event_code": "kms_cmk_are_used", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "KMS CMK 1b7c736d-854c-475a-a8a5-df95b3d7a4df is not being used but it has scheduled deletion.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "CCC": [ - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP01" - ], - "ISO27001-2022": [ - "A.8.5", - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.1", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Check if there are CMK KMS keys not used.", - "title": "Check if there are CMK KMS keys not used.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-kms_cmk_are_used-211203495394-eu-west-1-1b7c736d-854c-475a-a8a5-df95b3d7a4df" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "1b7c736d-854c-475a-a8a5-df95b3d7a4df", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/1b7c736d-854c-475a-a8a5-df95b3d7a4df", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Id": "key-default-1", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [] - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "1b7c736d-854c-475a-a8a5-df95b3d7a4df", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/1b7c736d-854c-475a-a8a5-df95b3d7a4df" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Before deleting a customer master key (CMK), you might want to know how many cipher-texts were encrypted under that key.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-determining-usage.html" - ] - }, - "risk_details": "Unused keys may increase service cost.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 1f7c04ae-50f9-4bd6-b725-433368271fbd is not being used but it has scheduled deletion.", - "metadata": { - "event_code": "kms_cmk_are_used", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "KMS CMK 1f7c04ae-50f9-4bd6-b725-433368271fbd is not being used but it has scheduled deletion.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "CCC": [ - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP01" - ], - "ISO27001-2022": [ - "A.8.5", - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.1", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Check if there are CMK KMS keys not used.", - "title": "Check if there are CMK KMS keys not used.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-kms_cmk_are_used-211203495394-eu-west-1-1f7c04ae-50f9-4bd6-b725-433368271fbd" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "1f7c04ae-50f9-4bd6-b725-433368271fbd", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/1f7c04ae-50f9-4bd6-b725-433368271fbd", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Id": "key-default-1", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [] - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "1f7c04ae-50f9-4bd6-b725-433368271fbd", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/1f7c04ae-50f9-4bd6-b725-433368271fbd" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Before deleting a customer master key (CMK), you might want to know how many cipher-texts were encrypted under that key.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-determining-usage.html" - ] - }, - "risk_details": "Unused keys may increase service cost.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 29586687-b1be-4c1b-a758-1f2878050364 is not being used but it has scheduled deletion.", - "metadata": { - "event_code": "kms_cmk_are_used", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "KMS CMK 29586687-b1be-4c1b-a758-1f2878050364 is not being used but it has scheduled deletion.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "CCC": [ - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP01" - ], - "ISO27001-2022": [ - "A.8.5", - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.1", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Check if there are CMK KMS keys not used.", - "title": "Check if there are CMK KMS keys not used.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-kms_cmk_are_used-211203495394-eu-west-1-29586687-b1be-4c1b-a758-1f2878050364" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "29586687-b1be-4c1b-a758-1f2878050364", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/29586687-b1be-4c1b-a758-1f2878050364", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "Default", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [ - { - "TagKey": "Example", - "TagValue": "ex-rds" - }, - { - "TagKey": "GithubOrg", - "TagValue": "terraform-aws-modules" - }, - { - "TagKey": "GithubRepo", - "TagValue": "terraform-aws-rds-aurora" - } - ] - } - }, - "group": { - "name": "kms" - }, - "labels": [ - "TagKey:GithubRepo", - "TagValue:terraform-aws-rds-aurora" - ], - "name": "29586687-b1be-4c1b-a758-1f2878050364", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/29586687-b1be-4c1b-a758-1f2878050364" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Before deleting a customer master key (CMK), you might want to know how many cipher-texts were encrypted under that key.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-determining-usage.html" - ] - }, - "risk_details": "Unused keys may increase service cost.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 34307c6a-e2e3-4f56-8543-fa92dd73df4f is not being used but it has scheduled deletion.", - "metadata": { - "event_code": "kms_cmk_are_used", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "KMS CMK 34307c6a-e2e3-4f56-8543-fa92dd73df4f is not being used but it has scheduled deletion.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "CCC": [ - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP01" - ], - "ISO27001-2022": [ - "A.8.5", - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.1", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Check if there are CMK KMS keys not used.", - "title": "Check if there are CMK KMS keys not used.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-kms_cmk_are_used-211203495394-eu-west-1-34307c6a-e2e3-4f56-8543-fa92dd73df4f" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "34307c6a-e2e3-4f56-8543-fa92dd73df4f", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/34307c6a-e2e3-4f56-8543-fa92dd73df4f", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Id": "key-default-1", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [] - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "34307c6a-e2e3-4f56-8543-fa92dd73df4f", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/34307c6a-e2e3-4f56-8543-fa92dd73df4f" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Before deleting a customer master key (CMK), you might want to know how many cipher-texts were encrypted under that key.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-determining-usage.html" - ] - }, - "risk_details": "Unused keys may increase service cost.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 3c96a820-bc6c-4059-9a8e-3a283bf8c4f5 is not being used but it has scheduled deletion.", - "metadata": { - "event_code": "kms_cmk_are_used", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "KMS CMK 3c96a820-bc6c-4059-9a8e-3a283bf8c4f5 is not being used but it has scheduled deletion.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "CCC": [ - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP01" - ], - "ISO27001-2022": [ - "A.8.5", - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.1", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Check if there are CMK KMS keys not used.", - "title": "Check if there are CMK KMS keys not used.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-kms_cmk_are_used-211203495394-eu-west-1-3c96a820-bc6c-4059-9a8e-3a283bf8c4f5" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "3c96a820-bc6c-4059-9a8e-3a283bf8c4f5", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/3c96a820-bc6c-4059-9a8e-3a283bf8c4f5", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Id": "key-default-1", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [] - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "3c96a820-bc6c-4059-9a8e-3a283bf8c4f5", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/3c96a820-bc6c-4059-9a8e-3a283bf8c4f5" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Before deleting a customer master key (CMK), you might want to know how many cipher-texts were encrypted under that key.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-determining-usage.html" - ] - }, - "risk_details": "Unused keys may increase service cost.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 4cac849c-0540-454c-9d3c-cd040cfab4a9 is not being used but it has scheduled deletion.", - "metadata": { - "event_code": "kms_cmk_are_used", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "KMS CMK 4cac849c-0540-454c-9d3c-cd040cfab4a9 is not being used but it has scheduled deletion.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "CCC": [ - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP01" - ], - "ISO27001-2022": [ - "A.8.5", - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.1", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Check if there are CMK KMS keys not used.", - "title": "Check if there are CMK KMS keys not used.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-kms_cmk_are_used-211203495394-eu-west-1-4cac849c-0540-454c-9d3c-cd040cfab4a9" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "4cac849c-0540-454c-9d3c-cd040cfab4a9", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/4cac849c-0540-454c-9d3c-cd040cfab4a9", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Id": "key-default-1", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [] - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "4cac849c-0540-454c-9d3c-cd040cfab4a9", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/4cac849c-0540-454c-9d3c-cd040cfab4a9" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Before deleting a customer master key (CMK), you might want to know how many cipher-texts were encrypted under that key.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-determining-usage.html" - ] - }, - "risk_details": "Unused keys may increase service cost.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 51726887-02ae-44f3-a044-7e70d96761f9 is not being used but it has scheduled deletion.", - "metadata": { - "event_code": "kms_cmk_are_used", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "KMS CMK 51726887-02ae-44f3-a044-7e70d96761f9 is not being used but it has scheduled deletion.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "CCC": [ - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP01" - ], - "ISO27001-2022": [ - "A.8.5", - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.1", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Check if there are CMK KMS keys not used.", - "title": "Check if there are CMK KMS keys not used.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-kms_cmk_are_used-211203495394-eu-west-1-51726887-02ae-44f3-a044-7e70d96761f9" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "51726887-02ae-44f3-a044-7e70d96761f9", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/51726887-02ae-44f3-a044-7e70d96761f9", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "Default", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [ - { - "TagKey": "Example", - "TagValue": "ex-rds" - }, - { - "TagKey": "GithubOrg", - "TagValue": "terraform-aws-modules" - }, - { - "TagKey": "GithubRepo", - "TagValue": "terraform-aws-rds-aurora" - } - ] - } - }, - "group": { - "name": "kms" - }, - "labels": [ - "TagKey:GithubRepo", - "TagValue:terraform-aws-rds-aurora" - ], - "name": "51726887-02ae-44f3-a044-7e70d96761f9", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/51726887-02ae-44f3-a044-7e70d96761f9" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Before deleting a customer master key (CMK), you might want to know how many cipher-texts were encrypted under that key.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-determining-usage.html" - ] - }, - "risk_details": "Unused keys may increase service cost.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 6ce7a755-4867-4c6a-966c-896a1edcc078 is not being used but it has scheduled deletion.", - "metadata": { - "event_code": "kms_cmk_are_used", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "KMS CMK 6ce7a755-4867-4c6a-966c-896a1edcc078 is not being used but it has scheduled deletion.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "CCC": [ - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP01" - ], - "ISO27001-2022": [ - "A.8.5", - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.1", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Check if there are CMK KMS keys not used.", - "title": "Check if there are CMK KMS keys not used.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-kms_cmk_are_used-211203495394-eu-west-1-6ce7a755-4867-4c6a-966c-896a1edcc078" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "6ce7a755-4867-4c6a-966c-896a1edcc078", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/6ce7a755-4867-4c6a-966c-896a1edcc078", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Id": "key-default-1", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [] - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "6ce7a755-4867-4c6a-966c-896a1edcc078", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/6ce7a755-4867-4c6a-966c-896a1edcc078" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Before deleting a customer master key (CMK), you might want to know how many cipher-texts were encrypted under that key.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-determining-usage.html" - ] - }, - "risk_details": "Unused keys may increase service cost.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 737fb7a4-e9f8-4ab4-87a8-aac87372f1c4 is not being used but it has scheduled deletion.", - "metadata": { - "event_code": "kms_cmk_are_used", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "KMS CMK 737fb7a4-e9f8-4ab4-87a8-aac87372f1c4 is not being used but it has scheduled deletion.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "CCC": [ - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP01" - ], - "ISO27001-2022": [ - "A.8.5", - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.1", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Check if there are CMK KMS keys not used.", - "title": "Check if there are CMK KMS keys not used.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-kms_cmk_are_used-211203495394-eu-west-1-737fb7a4-e9f8-4ab4-87a8-aac87372f1c4" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "737fb7a4-e9f8-4ab4-87a8-aac87372f1c4", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/737fb7a4-e9f8-4ab4-87a8-aac87372f1c4", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Id": "key-default-1", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [] - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "737fb7a4-e9f8-4ab4-87a8-aac87372f1c4", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/737fb7a4-e9f8-4ab4-87a8-aac87372f1c4" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Before deleting a customer master key (CMK), you might want to know how many cipher-texts were encrypted under that key.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-determining-usage.html" - ] - }, - "risk_details": "Unused keys may increase service cost.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 7becded9-6105-409d-9ddc-1ec9ad37781a is not being used but it has scheduled deletion.", - "metadata": { - "event_code": "kms_cmk_are_used", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "KMS CMK 7becded9-6105-409d-9ddc-1ec9ad37781a is not being used but it has scheduled deletion.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "CCC": [ - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP01" - ], - "ISO27001-2022": [ - "A.8.5", - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.1", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Check if there are CMK KMS keys not used.", - "title": "Check if there are CMK KMS keys not used.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-kms_cmk_are_used-211203495394-eu-west-1-7becded9-6105-409d-9ddc-1ec9ad37781a" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "7becded9-6105-409d-9ddc-1ec9ad37781a", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/7becded9-6105-409d-9ddc-1ec9ad37781a", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "Default", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [ - { - "TagKey": "Example", - "TagValue": "ex-rds" - }, - { - "TagKey": "GithubOrg", - "TagValue": "terraform-aws-modules" - }, - { - "TagKey": "GithubRepo", - "TagValue": "terraform-aws-rds-aurora" - } - ] - } - }, - "group": { - "name": "kms" - }, - "labels": [ - "TagKey:GithubRepo", - "TagValue:terraform-aws-rds-aurora" - ], - "name": "7becded9-6105-409d-9ddc-1ec9ad37781a", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/7becded9-6105-409d-9ddc-1ec9ad37781a" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Before deleting a customer master key (CMK), you might want to know how many cipher-texts were encrypted under that key.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-determining-usage.html" - ] - }, - "risk_details": "Unused keys may increase service cost.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 84910ea5-e87b-4175-a70d-317307443c9b is not being used but it has scheduled deletion.", - "metadata": { - "event_code": "kms_cmk_are_used", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "KMS CMK 84910ea5-e87b-4175-a70d-317307443c9b is not being used but it has scheduled deletion.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "CCC": [ - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP01" - ], - "ISO27001-2022": [ - "A.8.5", - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.1", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Check if there are CMK KMS keys not used.", - "title": "Check if there are CMK KMS keys not used.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-kms_cmk_are_used-211203495394-eu-west-1-84910ea5-e87b-4175-a70d-317307443c9b" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "84910ea5-e87b-4175-a70d-317307443c9b", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/84910ea5-e87b-4175-a70d-317307443c9b", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Id": "key-default-1", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [] - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "84910ea5-e87b-4175-a70d-317307443c9b", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/84910ea5-e87b-4175-a70d-317307443c9b" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Before deleting a customer master key (CMK), you might want to know how many cipher-texts were encrypted under that key.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-determining-usage.html" - ] - }, - "risk_details": "Unused keys may increase service cost.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 8775e1db-1bd3-430a-859e-3f4c2add845f is not being used but it has scheduled deletion.", - "metadata": { - "event_code": "kms_cmk_are_used", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "KMS CMK 8775e1db-1bd3-430a-859e-3f4c2add845f is not being used but it has scheduled deletion.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "CCC": [ - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP01" - ], - "ISO27001-2022": [ - "A.8.5", - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.1", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Check if there are CMK KMS keys not used.", - "title": "Check if there are CMK KMS keys not used.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-kms_cmk_are_used-211203495394-eu-west-1-8775e1db-1bd3-430a-859e-3f4c2add845f" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "8775e1db-1bd3-430a-859e-3f4c2add845f", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/8775e1db-1bd3-430a-859e-3f4c2add845f", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Id": "key-default-1", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [] - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "8775e1db-1bd3-430a-859e-3f4c2add845f", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/8775e1db-1bd3-430a-859e-3f4c2add845f" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Before deleting a customer master key (CMK), you might want to know how many cipher-texts were encrypted under that key.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-determining-usage.html" - ] - }, - "risk_details": "Unused keys may increase service cost.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 99ad2e00-15a1-4135-b8fb-dd5accf3652f is not being used but it has scheduled deletion.", - "metadata": { - "event_code": "kms_cmk_are_used", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "KMS CMK 99ad2e00-15a1-4135-b8fb-dd5accf3652f is not being used but it has scheduled deletion.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "CCC": [ - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP01" - ], - "ISO27001-2022": [ - "A.8.5", - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.1", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Check if there are CMK KMS keys not used.", - "title": "Check if there are CMK KMS keys not used.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-kms_cmk_are_used-211203495394-eu-west-1-99ad2e00-15a1-4135-b8fb-dd5accf3652f" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "99ad2e00-15a1-4135-b8fb-dd5accf3652f", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/99ad2e00-15a1-4135-b8fb-dd5accf3652f", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Id": "key-default-1", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [] - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "99ad2e00-15a1-4135-b8fb-dd5accf3652f", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/99ad2e00-15a1-4135-b8fb-dd5accf3652f" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Before deleting a customer master key (CMK), you might want to know how many cipher-texts were encrypted under that key.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-determining-usage.html" - ] - }, - "risk_details": "Unused keys may increase service cost.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 9df09165-d3c4-46c5-954f-a66bcb65f64f is not being used but it has scheduled deletion.", - "metadata": { - "event_code": "kms_cmk_are_used", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "KMS CMK 9df09165-d3c4-46c5-954f-a66bcb65f64f is not being used but it has scheduled deletion.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "CCC": [ - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP01" - ], - "ISO27001-2022": [ - "A.8.5", - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.1", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Check if there are CMK KMS keys not used.", - "title": "Check if there are CMK KMS keys not used.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-kms_cmk_are_used-211203495394-eu-west-1-9df09165-d3c4-46c5-954f-a66bcb65f64f" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "9df09165-d3c4-46c5-954f-a66bcb65f64f", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/9df09165-d3c4-46c5-954f-a66bcb65f64f", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Id": "key-default-1", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [] - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "9df09165-d3c4-46c5-954f-a66bcb65f64f", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/9df09165-d3c4-46c5-954f-a66bcb65f64f" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Before deleting a customer master key (CMK), you might want to know how many cipher-texts were encrypted under that key.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-determining-usage.html" - ] - }, - "risk_details": "Unused keys may increase service cost.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK b6fe9898-8d78-4d6f-aeeb-2f2083ab7552 is not being used but it has scheduled deletion.", - "metadata": { - "event_code": "kms_cmk_are_used", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "KMS CMK b6fe9898-8d78-4d6f-aeeb-2f2083ab7552 is not being used but it has scheduled deletion.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "CCC": [ - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP01" - ], - "ISO27001-2022": [ - "A.8.5", - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.1", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Check if there are CMK KMS keys not used.", - "title": "Check if there are CMK KMS keys not used.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-kms_cmk_are_used-211203495394-eu-west-1-b6fe9898-8d78-4d6f-aeeb-2f2083ab7552" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "b6fe9898-8d78-4d6f-aeeb-2f2083ab7552", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/b6fe9898-8d78-4d6f-aeeb-2f2083ab7552", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Id": "key-default-1", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [] - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "b6fe9898-8d78-4d6f-aeeb-2f2083ab7552", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/b6fe9898-8d78-4d6f-aeeb-2f2083ab7552" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Before deleting a customer master key (CMK), you might want to know how many cipher-texts were encrypted under that key.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-determining-usage.html" - ] - }, - "risk_details": "Unused keys may increase service cost.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK c28e1f44-d1bb-40d8-beef-21efdcb66bb7 is not being used but it has scheduled deletion.", - "metadata": { - "event_code": "kms_cmk_are_used", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "KMS CMK c28e1f44-d1bb-40d8-beef-21efdcb66bb7 is not being used but it has scheduled deletion.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "CCC": [ - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP01" - ], - "ISO27001-2022": [ - "A.8.5", - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.1", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Check if there are CMK KMS keys not used.", - "title": "Check if there are CMK KMS keys not used.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-kms_cmk_are_used-211203495394-eu-west-1-c28e1f44-d1bb-40d8-beef-21efdcb66bb7" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "c28e1f44-d1bb-40d8-beef-21efdcb66bb7", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/c28e1f44-d1bb-40d8-beef-21efdcb66bb7", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "Default", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [ - { - "TagKey": "Example", - "TagValue": "ex-rds" - }, - { - "TagKey": "GithubOrg", - "TagValue": "terraform-aws-modules" - }, - { - "TagKey": "GithubRepo", - "TagValue": "terraform-aws-rds-aurora" - } - ] - } - }, - "group": { - "name": "kms" - }, - "labels": [ - "TagKey:GithubRepo", - "TagValue:terraform-aws-rds-aurora" - ], - "name": "c28e1f44-d1bb-40d8-beef-21efdcb66bb7", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/c28e1f44-d1bb-40d8-beef-21efdcb66bb7" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Before deleting a customer master key (CMK), you might want to know how many cipher-texts were encrypted under that key.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-determining-usage.html" - ] - }, - "risk_details": "Unused keys may increase service cost.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK c45a036b-843a-48be-9621-57e49da9e4f6 is not being used but it has scheduled deletion.", - "metadata": { - "event_code": "kms_cmk_are_used", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "KMS CMK c45a036b-843a-48be-9621-57e49da9e4f6 is not being used but it has scheduled deletion.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "CCC": [ - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP01" - ], - "ISO27001-2022": [ - "A.8.5", - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.1", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Check if there are CMK KMS keys not used.", - "title": "Check if there are CMK KMS keys not used.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-kms_cmk_are_used-211203495394-eu-west-1-c45a036b-843a-48be-9621-57e49da9e4f6" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "c45a036b-843a-48be-9621-57e49da9e4f6", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/c45a036b-843a-48be-9621-57e49da9e4f6", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "Default", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [ - { - "TagKey": "Example", - "TagValue": "ex-rds" - }, - { - "TagKey": "GithubOrg", - "TagValue": "terraform-aws-modules" - }, - { - "TagKey": "GithubRepo", - "TagValue": "terraform-aws-rds-aurora" - } - ] - } - }, - "group": { - "name": "kms" - }, - "labels": [ - "TagKey:GithubRepo", - "TagValue:terraform-aws-rds-aurora" - ], - "name": "c45a036b-843a-48be-9621-57e49da9e4f6", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/c45a036b-843a-48be-9621-57e49da9e4f6" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Before deleting a customer master key (CMK), you might want to know how many cipher-texts were encrypted under that key.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-determining-usage.html" - ] - }, - "risk_details": "Unused keys may increase service cost.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK cdbd7090-6c87-4e56-b755-fddf82d253ef is not being used but it has scheduled deletion.", - "metadata": { - "event_code": "kms_cmk_are_used", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "KMS CMK cdbd7090-6c87-4e56-b755-fddf82d253ef is not being used but it has scheduled deletion.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "CCC": [ - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP01" - ], - "ISO27001-2022": [ - "A.8.5", - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.1", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Check if there are CMK KMS keys not used.", - "title": "Check if there are CMK KMS keys not used.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-kms_cmk_are_used-211203495394-eu-west-1-cdbd7090-6c87-4e56-b755-fddf82d253ef" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "cdbd7090-6c87-4e56-b755-fddf82d253ef", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/cdbd7090-6c87-4e56-b755-fddf82d253ef", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Id": "key-default-1", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [] - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "cdbd7090-6c87-4e56-b755-fddf82d253ef", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/cdbd7090-6c87-4e56-b755-fddf82d253ef" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Before deleting a customer master key (CMK), you might want to know how many cipher-texts were encrypted under that key.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-determining-usage.html" - ] - }, - "risk_details": "Unused keys may increase service cost.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK cf944303-41d3-401c-b296-00cbbb3d5ca4 is not being used but it has scheduled deletion.", - "metadata": { - "event_code": "kms_cmk_are_used", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "KMS CMK cf944303-41d3-401c-b296-00cbbb3d5ca4 is not being used but it has scheduled deletion.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "CCC": [ - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP01" - ], - "ISO27001-2022": [ - "A.8.5", - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.1", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Check if there are CMK KMS keys not used.", - "title": "Check if there are CMK KMS keys not used.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-kms_cmk_are_used-211203495394-eu-west-1-cf944303-41d3-401c-b296-00cbbb3d5ca4" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "cf944303-41d3-401c-b296-00cbbb3d5ca4", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/cf944303-41d3-401c-b296-00cbbb3d5ca4", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Id": "key-default-1", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [] - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "cf944303-41d3-401c-b296-00cbbb3d5ca4", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/cf944303-41d3-401c-b296-00cbbb3d5ca4" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Before deleting a customer master key (CMK), you might want to know how many cipher-texts were encrypted under that key.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-determining-usage.html" - ] - }, - "risk_details": "Unused keys may increase service cost.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK db617ef7-813a-45f5-b3e3-65c57fdf56a3 is being used.", - "metadata": { - "event_code": "kms_cmk_are_used", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "KMS CMK db617ef7-813a-45f5-b3e3-65c57fdf56a3 is being used.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "CCC": [ - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP01" - ], - "ISO27001-2022": [ - "A.8.5", - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.1", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Check if there are CMK KMS keys not used.", - "title": "Check if there are CMK KMS keys not used.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-kms_cmk_are_used-211203495394-eu-west-1-db617ef7-813a-45f5-b3e3-65c57fdf56a3" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "db617ef7-813a-45f5-b3e3-65c57fdf56a3", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/db617ef7-813a-45f5-b3e3-65c57fdf56a3", - "state": "Enabled", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": true, - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "Default", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [ - { - "TagKey": "Example", - "TagValue": "ex-rds" - }, - { - "TagKey": "GithubOrg", - "TagValue": "terraform-aws-modules" - }, - { - "TagKey": "GithubRepo", - "TagValue": "terraform-aws-rds-aurora" - } - ] - } - }, - "group": { - "name": "kms" - }, - "labels": [ - "TagKey:GithubRepo", - "TagValue:terraform-aws-rds-aurora" - ], - "name": "db617ef7-813a-45f5-b3e3-65c57fdf56a3", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/db617ef7-813a-45f5-b3e3-65c57fdf56a3" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Before deleting a customer master key (CMK), you might want to know how many cipher-texts were encrypted under that key.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-determining-usage.html" - ] - }, - "risk_details": "Unused keys may increase service cost.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 78e11b27-598e-4e70-b556-ee62b95a4501 is being used.", - "metadata": { - "event_code": "kms_cmk_are_used", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "KMS CMK 78e11b27-598e-4e70-b556-ee62b95a4501 is being used.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "CCC": [ - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP01" - ], - "ISO27001-2022": [ - "A.8.5", - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.1", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Check if there are CMK KMS keys not used.", - "title": "Check if there are CMK KMS keys not used.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-kms_cmk_are_used-211203495394-us-east-1-78e11b27-598e-4e70-b556-ee62b95a4501" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "id": "78e11b27-598e-4e70-b556-ee62b95a4501", - "arn": "arn:aws:kms:us-east-1:211203495394:key/78e11b27-598e-4e70-b556-ee62b95a4501", - "state": "Enabled", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": true, - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - }, - { - "Sid": "Allow CloudWatch Logs", - "Effect": "Allow", - "Principal": { - "Service": "logs.us-east-1.amazonaws.com" - }, - "Action": [ - "kms:Encrypt*", - "kms:Decrypt*", - "kms:ReEncrypt*", - "kms:GenerateDataKey*", - "kms:Describe*" - ], - "Resource": "*", - "Condition": { - "ArnLike": { - "kms:EncryptionContext:aws:logs:arn": "arn:aws:logs:us-east-1:211203495394:log-group:/aws/s3/*" - } - } - }, - { - "Sid": "Allow Key Users", - "Effect": "Allow", - "Principal": { - "AWS": [ - "arn:aws:iam::211203495394:root", - "arn:aws:iam::211203495394:user/terraform-user" - ] - }, - "Action": [ - "kms:Encrypt", - "kms:Decrypt", - "kms:ReEncrypt*", - "kms:GenerateDataKey*", - "kms:DescribeKey" - ], - "Resource": "*", - "Condition": { - "ArnLike": { - "kms:EncryptionContext:aws:logs:arn": "arn:aws:logs:us-east-1:211203495394:log-group:/aws/s3/*" - } - } - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "us-east-1", - "multi_region": false, - "tags": [ - { - "TagKey": "Environment", - "TagValue": "Production" - }, - { - "TagKey": "Owner", - "TagValue": "CFI" - }, - { - "TagKey": "managed-by", - "TagValue": "terraform" - }, - { - "TagKey": "module", - "TagValue": "secure-s3" - } - ] - } - }, - "group": { - "name": "kms" - }, - "labels": [ - "TagKey:module", - "TagValue:secure-s3" - ], - "name": "78e11b27-598e-4e70-b556-ee62b95a4501", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:us-east-1:211203495394:key/78e11b27-598e-4e70-b556-ee62b95a4501" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Before deleting a customer master key (CMK), you might want to know how many cipher-texts were encrypted under that key.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-determining-usage.html" - ] - }, - "risk_details": "Unused keys may increase service cost.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 939cf539-5ce7-4c5f-a055-b2eb4fe5d9be is not being used but it has scheduled deletion.", - "metadata": { - "event_code": "kms_cmk_are_used", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "KMS CMK 939cf539-5ce7-4c5f-a055-b2eb4fe5d9be is not being used but it has scheduled deletion.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "CCC": [ - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP01" - ], - "ISO27001-2022": [ - "A.8.5", - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.1", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Check if there are CMK KMS keys not used.", - "title": "Check if there are CMK KMS keys not used.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-kms_cmk_are_used-211203495394-us-east-1-939cf539-5ce7-4c5f-a055-b2eb4fe5d9be" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "id": "939cf539-5ce7-4c5f-a055-b2eb4fe5d9be", - "arn": "arn:aws:kms:us-east-1:211203495394:key/939cf539-5ce7-4c5f-a055-b2eb4fe5d9be", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - }, - { - "Sid": "Allow CloudWatch Logs", - "Effect": "Allow", - "Principal": { - "Service": "logs.us-east-1.amazonaws.com" - }, - "Action": [ - "kms:Encrypt*", - "kms:Decrypt*", - "kms:ReEncrypt*", - "kms:GenerateDataKey*", - "kms:Describe*" - ], - "Resource": "*", - "Condition": { - "ArnLike": { - "kms:EncryptionContext:aws:logs:arn": "arn:aws:logs:us-east-1:211203495394:log-group:/aws/s3/*" - } - } - }, - { - "Sid": "Allow Key Users", - "Effect": "Allow", - "Principal": { - "AWS": [ - "arn:aws:iam::211203495394:root", - "arn:aws:iam::211203495394:user/terraform-user" - ] - }, - "Action": [ - "kms:Encrypt", - "kms:Decrypt", - "kms:ReEncrypt*", - "kms:GenerateDataKey*", - "kms:DescribeKey" - ], - "Resource": "*", - "Condition": { - "ArnLike": { - "kms:EncryptionContext:aws:logs:arn": "arn:aws:logs:us-east-1:211203495394:log-group:/aws/s3/*" - } - } - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "us-east-1", - "multi_region": false, - "tags": [ - { - "TagKey": "Environment", - "TagValue": "Production" - }, - { - "TagKey": "Owner", - "TagValue": "CFI" - }, - { - "TagKey": "managed-by", - "TagValue": "terraform" - }, - { - "TagKey": "module", - "TagValue": "secure-s3" - } - ] - } - }, - "group": { - "name": "kms" - }, - "labels": [ - "TagKey:module", - "TagValue:secure-s3" - ], - "name": "939cf539-5ce7-4c5f-a055-b2eb4fe5d9be", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:us-east-1:211203495394:key/939cf539-5ce7-4c5f-a055-b2eb4fe5d9be" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Before deleting a customer master key (CMK), you might want to know how many cipher-texts were encrypted under that key.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-determining-usage.html" - ] - }, - "risk_details": "Unused keys may increase service cost.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK a80c0553-bf44-472b-a141-674b2d47209b is not being used but it has scheduled deletion.", - "metadata": { - "event_code": "kms_cmk_are_used", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "KMS CMK a80c0553-bf44-472b-a141-674b2d47209b is not being used but it has scheduled deletion.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "CCC": [ - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP01" - ], - "ISO27001-2022": [ - "A.8.5", - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.1", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Check if there are CMK KMS keys not used.", - "title": "Check if there are CMK KMS keys not used.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-kms_cmk_are_used-211203495394-us-east-1-a80c0553-bf44-472b-a141-674b2d47209b" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "id": "a80c0553-bf44-472b-a141-674b2d47209b", - "arn": "arn:aws:kms:us-east-1:211203495394:key/a80c0553-bf44-472b-a141-674b2d47209b", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - }, - { - "Sid": "Allow CloudWatch Logs", - "Effect": "Allow", - "Principal": { - "Service": "logs.us-east-1.amazonaws.com" - }, - "Action": [ - "kms:Encrypt*", - "kms:Decrypt*", - "kms:ReEncrypt*", - "kms:GenerateDataKey*", - "kms:Describe*" - ], - "Resource": "*", - "Condition": { - "ArnLike": { - "kms:EncryptionContext:aws:logs:arn": "arn:aws:logs:us-east-1:211203495394:log-group:/aws/s3/*" - } - } - }, - { - "Sid": "Allow Key Users", - "Effect": "Allow", - "Principal": { - "AWS": [ - "arn:aws:iam::211203495394:root", - "arn:aws:iam::211203495394:user/terraform-user" - ] - }, - "Action": [ - "kms:Encrypt", - "kms:Decrypt", - "kms:ReEncrypt*", - "kms:GenerateDataKey*", - "kms:DescribeKey" - ], - "Resource": "*", - "Condition": { - "ArnLike": { - "kms:EncryptionContext:aws:logs:arn": "arn:aws:logs:us-east-1:211203495394:log-group:/aws/s3/*" - } - } - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "us-east-1", - "multi_region": false, - "tags": [ - { - "TagKey": "Environment", - "TagValue": "Production" - }, - { - "TagKey": "Owner", - "TagValue": "CFI" - }, - { - "TagKey": "managed-by", - "TagValue": "terraform" - }, - { - "TagKey": "module", - "TagValue": "secure-s3" - } - ] - } - }, - "group": { - "name": "kms" - }, - "labels": [ - "TagKey:module", - "TagValue:secure-s3" - ], - "name": "a80c0553-bf44-472b-a141-674b2d47209b", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:us-east-1:211203495394:key/a80c0553-bf44-472b-a141-674b2d47209b" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Before deleting a customer master key (CMK), you might want to know how many cipher-texts were encrypted under that key.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-determining-usage.html" - ] - }, - "risk_details": "Unused keys may increase service cost.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK bcf39cd2-6148-425c-8c08-c140ee2c5a9f is not being used but it has scheduled deletion.", - "metadata": { - "event_code": "kms_cmk_are_used", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "KMS CMK bcf39cd2-6148-425c-8c08-c140ee2c5a9f is not being used but it has scheduled deletion.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "CCC": [ - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP01" - ], - "ISO27001-2022": [ - "A.8.5", - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.1", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Check if there are CMK KMS keys not used.", - "title": "Check if there are CMK KMS keys not used.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-kms_cmk_are_used-211203495394-us-east-1-bcf39cd2-6148-425c-8c08-c140ee2c5a9f" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "id": "bcf39cd2-6148-425c-8c08-c140ee2c5a9f", - "arn": "arn:aws:kms:us-east-1:211203495394:key/bcf39cd2-6148-425c-8c08-c140ee2c5a9f", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - }, - { - "Sid": "Allow CloudWatch Logs", - "Effect": "Allow", - "Principal": { - "Service": "logs.us-east-1.amazonaws.com" - }, - "Action": [ - "kms:Encrypt*", - "kms:Decrypt*", - "kms:ReEncrypt*", - "kms:GenerateDataKey*", - "kms:Describe*" - ], - "Resource": "*", - "Condition": { - "ArnLike": { - "kms:EncryptionContext:aws:logs:arn": "arn:aws:logs:us-east-1:211203495394:log-group:/aws/s3/*" - } - } - }, - { - "Sid": "Allow Key Users", - "Effect": "Allow", - "Principal": { - "AWS": [ - "arn:aws:iam::211203495394:root", - "arn:aws:iam::211203495394:user/terraform-user" - ] - }, - "Action": [ - "kms:Encrypt", - "kms:Decrypt", - "kms:ReEncrypt*", - "kms:GenerateDataKey*", - "kms:DescribeKey" - ], - "Resource": "*", - "Condition": { - "ArnLike": { - "kms:EncryptionContext:aws:logs:arn": "arn:aws:logs:us-east-1:211203495394:log-group:/aws/s3/*" - } - } - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "us-east-1", - "multi_region": false, - "tags": [ - { - "TagKey": "Environment", - "TagValue": "Production" - }, - { - "TagKey": "Owner", - "TagValue": "CFI" - }, - { - "TagKey": "managed-by", - "TagValue": "terraform" - }, - { - "TagKey": "module", - "TagValue": "secure-s3" - } - ] - } - }, - "group": { - "name": "kms" - }, - "labels": [ - "TagKey:module", - "TagValue:secure-s3" - ], - "name": "bcf39cd2-6148-425c-8c08-c140ee2c5a9f", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:us-east-1:211203495394:key/bcf39cd2-6148-425c-8c08-c140ee2c5a9f" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Before deleting a customer master key (CMK), you might want to know how many cipher-texts were encrypted under that key.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-determining-usage.html" - ] - }, - "risk_details": "Unused keys may increase service cost.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 1b7c736d-854c-475a-a8a5-df95b3d7a4df is scheduled for deletion, revert it if it was unintentionally.", - "metadata": { - "event_code": "kms_cmk_not_deleted_unintentionally", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "FAIL", - "status_detail": "KMS CMK 1b7c736d-854c-475a-a8a5-df95b3d7a4df is scheduled for deletion, revert it if it was unintentionally.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "AM-07.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-16.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.9.2", - "2.10.1" - ], - "PCI-4.0": [ - "3.5.1.1.9", - "3.5.1.3.17", - "3.6.1.2.9", - "3.6.1.3.9", - "3.6.1.4.9", - "3.6.1.9", - "3.7.1.10", - "3.7.2.9", - "3.7.4.10", - "3.7.6.9", - "3.7.7.9", - "4.2.1.1.22" - ], - "CCC": [ - "CCC.KeyMgmt.CN01.AR01", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR02", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.ObjStor.CN05.AR04", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Foundational-Security-Best-Practices": [ - "KMS.3" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.9.2", - "2.10.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure there is no customer keys scheduled for deletion.", - "title": "AWS KMS keys should not be deleted unintentionally", - "types": [ - "Data Deletion Protection" - ], - "uid": "prowler-aws-kms_cmk_not_deleted_unintentionally-211203495394-eu-west-1-1b7c736d-854c-475a-a8a5-df95b3d7a4df" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "1b7c736d-854c-475a-a8a5-df95b3d7a4df", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/1b7c736d-854c-475a-a8a5-df95b3d7a4df", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Id": "key-default-1", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [] - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "1b7c736d-854c-475a-a8a5-df95b3d7a4df", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/1b7c736d-854c-475a-a8a5-df95b3d7a4df" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Cancel the deletion before the end of the period unless you really want to delete that CMK, as it will no longer be usable.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html#deleting-keys-scheduling-key-deletion-console" - ] - }, - "risk_details": "KMS keys cannot be recovered once deleted, also, all the data under a KMS key is also permanently unrecoverable if the KMS key is deleted.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 1f7c04ae-50f9-4bd6-b725-433368271fbd is scheduled for deletion, revert it if it was unintentionally.", - "metadata": { - "event_code": "kms_cmk_not_deleted_unintentionally", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "FAIL", - "status_detail": "KMS CMK 1f7c04ae-50f9-4bd6-b725-433368271fbd is scheduled for deletion, revert it if it was unintentionally.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "AM-07.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-16.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.9.2", - "2.10.1" - ], - "PCI-4.0": [ - "3.5.1.1.9", - "3.5.1.3.17", - "3.6.1.2.9", - "3.6.1.3.9", - "3.6.1.4.9", - "3.6.1.9", - "3.7.1.10", - "3.7.2.9", - "3.7.4.10", - "3.7.6.9", - "3.7.7.9", - "4.2.1.1.22" - ], - "CCC": [ - "CCC.KeyMgmt.CN01.AR01", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR02", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.ObjStor.CN05.AR04", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Foundational-Security-Best-Practices": [ - "KMS.3" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.9.2", - "2.10.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure there is no customer keys scheduled for deletion.", - "title": "AWS KMS keys should not be deleted unintentionally", - "types": [ - "Data Deletion Protection" - ], - "uid": "prowler-aws-kms_cmk_not_deleted_unintentionally-211203495394-eu-west-1-1f7c04ae-50f9-4bd6-b725-433368271fbd" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "1f7c04ae-50f9-4bd6-b725-433368271fbd", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/1f7c04ae-50f9-4bd6-b725-433368271fbd", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Id": "key-default-1", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [] - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "1f7c04ae-50f9-4bd6-b725-433368271fbd", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/1f7c04ae-50f9-4bd6-b725-433368271fbd" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Cancel the deletion before the end of the period unless you really want to delete that CMK, as it will no longer be usable.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html#deleting-keys-scheduling-key-deletion-console" - ] - }, - "risk_details": "KMS keys cannot be recovered once deleted, also, all the data under a KMS key is also permanently unrecoverable if the KMS key is deleted.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 29586687-b1be-4c1b-a758-1f2878050364 is scheduled for deletion, revert it if it was unintentionally.", - "metadata": { - "event_code": "kms_cmk_not_deleted_unintentionally", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "FAIL", - "status_detail": "KMS CMK 29586687-b1be-4c1b-a758-1f2878050364 is scheduled for deletion, revert it if it was unintentionally.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "AM-07.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-16.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.9.2", - "2.10.1" - ], - "PCI-4.0": [ - "3.5.1.1.9", - "3.5.1.3.17", - "3.6.1.2.9", - "3.6.1.3.9", - "3.6.1.4.9", - "3.6.1.9", - "3.7.1.10", - "3.7.2.9", - "3.7.4.10", - "3.7.6.9", - "3.7.7.9", - "4.2.1.1.22" - ], - "CCC": [ - "CCC.KeyMgmt.CN01.AR01", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR02", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.ObjStor.CN05.AR04", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Foundational-Security-Best-Practices": [ - "KMS.3" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.9.2", - "2.10.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure there is no customer keys scheduled for deletion.", - "title": "AWS KMS keys should not be deleted unintentionally", - "types": [ - "Data Deletion Protection" - ], - "uid": "prowler-aws-kms_cmk_not_deleted_unintentionally-211203495394-eu-west-1-29586687-b1be-4c1b-a758-1f2878050364" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "29586687-b1be-4c1b-a758-1f2878050364", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/29586687-b1be-4c1b-a758-1f2878050364", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "Default", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [ - { - "TagKey": "Example", - "TagValue": "ex-rds" - }, - { - "TagKey": "GithubOrg", - "TagValue": "terraform-aws-modules" - }, - { - "TagKey": "GithubRepo", - "TagValue": "terraform-aws-rds-aurora" - } - ] - } - }, - "group": { - "name": "kms" - }, - "labels": [ - "TagKey:GithubRepo", - "TagValue:terraform-aws-rds-aurora" - ], - "name": "29586687-b1be-4c1b-a758-1f2878050364", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/29586687-b1be-4c1b-a758-1f2878050364" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Cancel the deletion before the end of the period unless you really want to delete that CMK, as it will no longer be usable.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html#deleting-keys-scheduling-key-deletion-console" - ] - }, - "risk_details": "KMS keys cannot be recovered once deleted, also, all the data under a KMS key is also permanently unrecoverable if the KMS key is deleted.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 34307c6a-e2e3-4f56-8543-fa92dd73df4f is scheduled for deletion, revert it if it was unintentionally.", - "metadata": { - "event_code": "kms_cmk_not_deleted_unintentionally", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "FAIL", - "status_detail": "KMS CMK 34307c6a-e2e3-4f56-8543-fa92dd73df4f is scheduled for deletion, revert it if it was unintentionally.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "AM-07.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-16.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.9.2", - "2.10.1" - ], - "PCI-4.0": [ - "3.5.1.1.9", - "3.5.1.3.17", - "3.6.1.2.9", - "3.6.1.3.9", - "3.6.1.4.9", - "3.6.1.9", - "3.7.1.10", - "3.7.2.9", - "3.7.4.10", - "3.7.6.9", - "3.7.7.9", - "4.2.1.1.22" - ], - "CCC": [ - "CCC.KeyMgmt.CN01.AR01", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR02", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.ObjStor.CN05.AR04", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Foundational-Security-Best-Practices": [ - "KMS.3" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.9.2", - "2.10.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure there is no customer keys scheduled for deletion.", - "title": "AWS KMS keys should not be deleted unintentionally", - "types": [ - "Data Deletion Protection" - ], - "uid": "prowler-aws-kms_cmk_not_deleted_unintentionally-211203495394-eu-west-1-34307c6a-e2e3-4f56-8543-fa92dd73df4f" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "34307c6a-e2e3-4f56-8543-fa92dd73df4f", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/34307c6a-e2e3-4f56-8543-fa92dd73df4f", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Id": "key-default-1", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [] - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "34307c6a-e2e3-4f56-8543-fa92dd73df4f", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/34307c6a-e2e3-4f56-8543-fa92dd73df4f" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Cancel the deletion before the end of the period unless you really want to delete that CMK, as it will no longer be usable.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html#deleting-keys-scheduling-key-deletion-console" - ] - }, - "risk_details": "KMS keys cannot be recovered once deleted, also, all the data under a KMS key is also permanently unrecoverable if the KMS key is deleted.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 3c96a820-bc6c-4059-9a8e-3a283bf8c4f5 is scheduled for deletion, revert it if it was unintentionally.", - "metadata": { - "event_code": "kms_cmk_not_deleted_unintentionally", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "FAIL", - "status_detail": "KMS CMK 3c96a820-bc6c-4059-9a8e-3a283bf8c4f5 is scheduled for deletion, revert it if it was unintentionally.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "AM-07.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-16.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.9.2", - "2.10.1" - ], - "PCI-4.0": [ - "3.5.1.1.9", - "3.5.1.3.17", - "3.6.1.2.9", - "3.6.1.3.9", - "3.6.1.4.9", - "3.6.1.9", - "3.7.1.10", - "3.7.2.9", - "3.7.4.10", - "3.7.6.9", - "3.7.7.9", - "4.2.1.1.22" - ], - "CCC": [ - "CCC.KeyMgmt.CN01.AR01", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR02", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.ObjStor.CN05.AR04", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Foundational-Security-Best-Practices": [ - "KMS.3" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.9.2", - "2.10.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure there is no customer keys scheduled for deletion.", - "title": "AWS KMS keys should not be deleted unintentionally", - "types": [ - "Data Deletion Protection" - ], - "uid": "prowler-aws-kms_cmk_not_deleted_unintentionally-211203495394-eu-west-1-3c96a820-bc6c-4059-9a8e-3a283bf8c4f5" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "3c96a820-bc6c-4059-9a8e-3a283bf8c4f5", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/3c96a820-bc6c-4059-9a8e-3a283bf8c4f5", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Id": "key-default-1", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [] - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "3c96a820-bc6c-4059-9a8e-3a283bf8c4f5", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/3c96a820-bc6c-4059-9a8e-3a283bf8c4f5" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Cancel the deletion before the end of the period unless you really want to delete that CMK, as it will no longer be usable.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html#deleting-keys-scheduling-key-deletion-console" - ] - }, - "risk_details": "KMS keys cannot be recovered once deleted, also, all the data under a KMS key is also permanently unrecoverable if the KMS key is deleted.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 4cac849c-0540-454c-9d3c-cd040cfab4a9 is scheduled for deletion, revert it if it was unintentionally.", - "metadata": { - "event_code": "kms_cmk_not_deleted_unintentionally", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "FAIL", - "status_detail": "KMS CMK 4cac849c-0540-454c-9d3c-cd040cfab4a9 is scheduled for deletion, revert it if it was unintentionally.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "AM-07.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-16.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.9.2", - "2.10.1" - ], - "PCI-4.0": [ - "3.5.1.1.9", - "3.5.1.3.17", - "3.6.1.2.9", - "3.6.1.3.9", - "3.6.1.4.9", - "3.6.1.9", - "3.7.1.10", - "3.7.2.9", - "3.7.4.10", - "3.7.6.9", - "3.7.7.9", - "4.2.1.1.22" - ], - "CCC": [ - "CCC.KeyMgmt.CN01.AR01", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR02", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.ObjStor.CN05.AR04", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Foundational-Security-Best-Practices": [ - "KMS.3" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.9.2", - "2.10.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure there is no customer keys scheduled for deletion.", - "title": "AWS KMS keys should not be deleted unintentionally", - "types": [ - "Data Deletion Protection" - ], - "uid": "prowler-aws-kms_cmk_not_deleted_unintentionally-211203495394-eu-west-1-4cac849c-0540-454c-9d3c-cd040cfab4a9" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "4cac849c-0540-454c-9d3c-cd040cfab4a9", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/4cac849c-0540-454c-9d3c-cd040cfab4a9", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Id": "key-default-1", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [] - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "4cac849c-0540-454c-9d3c-cd040cfab4a9", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/4cac849c-0540-454c-9d3c-cd040cfab4a9" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Cancel the deletion before the end of the period unless you really want to delete that CMK, as it will no longer be usable.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html#deleting-keys-scheduling-key-deletion-console" - ] - }, - "risk_details": "KMS keys cannot be recovered once deleted, also, all the data under a KMS key is also permanently unrecoverable if the KMS key is deleted.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 51726887-02ae-44f3-a044-7e70d96761f9 is scheduled for deletion, revert it if it was unintentionally.", - "metadata": { - "event_code": "kms_cmk_not_deleted_unintentionally", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "FAIL", - "status_detail": "KMS CMK 51726887-02ae-44f3-a044-7e70d96761f9 is scheduled for deletion, revert it if it was unintentionally.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "AM-07.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-16.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.9.2", - "2.10.1" - ], - "PCI-4.0": [ - "3.5.1.1.9", - "3.5.1.3.17", - "3.6.1.2.9", - "3.6.1.3.9", - "3.6.1.4.9", - "3.6.1.9", - "3.7.1.10", - "3.7.2.9", - "3.7.4.10", - "3.7.6.9", - "3.7.7.9", - "4.2.1.1.22" - ], - "CCC": [ - "CCC.KeyMgmt.CN01.AR01", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR02", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.ObjStor.CN05.AR04", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Foundational-Security-Best-Practices": [ - "KMS.3" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.9.2", - "2.10.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure there is no customer keys scheduled for deletion.", - "title": "AWS KMS keys should not be deleted unintentionally", - "types": [ - "Data Deletion Protection" - ], - "uid": "prowler-aws-kms_cmk_not_deleted_unintentionally-211203495394-eu-west-1-51726887-02ae-44f3-a044-7e70d96761f9" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "51726887-02ae-44f3-a044-7e70d96761f9", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/51726887-02ae-44f3-a044-7e70d96761f9", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "Default", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [ - { - "TagKey": "Example", - "TagValue": "ex-rds" - }, - { - "TagKey": "GithubOrg", - "TagValue": "terraform-aws-modules" - }, - { - "TagKey": "GithubRepo", - "TagValue": "terraform-aws-rds-aurora" - } - ] - } - }, - "group": { - "name": "kms" - }, - "labels": [ - "TagKey:GithubRepo", - "TagValue:terraform-aws-rds-aurora" - ], - "name": "51726887-02ae-44f3-a044-7e70d96761f9", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/51726887-02ae-44f3-a044-7e70d96761f9" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Cancel the deletion before the end of the period unless you really want to delete that CMK, as it will no longer be usable.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html#deleting-keys-scheduling-key-deletion-console" - ] - }, - "risk_details": "KMS keys cannot be recovered once deleted, also, all the data under a KMS key is also permanently unrecoverable if the KMS key is deleted.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 6ce7a755-4867-4c6a-966c-896a1edcc078 is scheduled for deletion, revert it if it was unintentionally.", - "metadata": { - "event_code": "kms_cmk_not_deleted_unintentionally", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "FAIL", - "status_detail": "KMS CMK 6ce7a755-4867-4c6a-966c-896a1edcc078 is scheduled for deletion, revert it if it was unintentionally.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "AM-07.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-16.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.9.2", - "2.10.1" - ], - "PCI-4.0": [ - "3.5.1.1.9", - "3.5.1.3.17", - "3.6.1.2.9", - "3.6.1.3.9", - "3.6.1.4.9", - "3.6.1.9", - "3.7.1.10", - "3.7.2.9", - "3.7.4.10", - "3.7.6.9", - "3.7.7.9", - "4.2.1.1.22" - ], - "CCC": [ - "CCC.KeyMgmt.CN01.AR01", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR02", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.ObjStor.CN05.AR04", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Foundational-Security-Best-Practices": [ - "KMS.3" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.9.2", - "2.10.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure there is no customer keys scheduled for deletion.", - "title": "AWS KMS keys should not be deleted unintentionally", - "types": [ - "Data Deletion Protection" - ], - "uid": "prowler-aws-kms_cmk_not_deleted_unintentionally-211203495394-eu-west-1-6ce7a755-4867-4c6a-966c-896a1edcc078" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "6ce7a755-4867-4c6a-966c-896a1edcc078", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/6ce7a755-4867-4c6a-966c-896a1edcc078", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Id": "key-default-1", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [] - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "6ce7a755-4867-4c6a-966c-896a1edcc078", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/6ce7a755-4867-4c6a-966c-896a1edcc078" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Cancel the deletion before the end of the period unless you really want to delete that CMK, as it will no longer be usable.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html#deleting-keys-scheduling-key-deletion-console" - ] - }, - "risk_details": "KMS keys cannot be recovered once deleted, also, all the data under a KMS key is also permanently unrecoverable if the KMS key is deleted.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 737fb7a4-e9f8-4ab4-87a8-aac87372f1c4 is scheduled for deletion, revert it if it was unintentionally.", - "metadata": { - "event_code": "kms_cmk_not_deleted_unintentionally", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "FAIL", - "status_detail": "KMS CMK 737fb7a4-e9f8-4ab4-87a8-aac87372f1c4 is scheduled for deletion, revert it if it was unintentionally.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "AM-07.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-16.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.9.2", - "2.10.1" - ], - "PCI-4.0": [ - "3.5.1.1.9", - "3.5.1.3.17", - "3.6.1.2.9", - "3.6.1.3.9", - "3.6.1.4.9", - "3.6.1.9", - "3.7.1.10", - "3.7.2.9", - "3.7.4.10", - "3.7.6.9", - "3.7.7.9", - "4.2.1.1.22" - ], - "CCC": [ - "CCC.KeyMgmt.CN01.AR01", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR02", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.ObjStor.CN05.AR04", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Foundational-Security-Best-Practices": [ - "KMS.3" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.9.2", - "2.10.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure there is no customer keys scheduled for deletion.", - "title": "AWS KMS keys should not be deleted unintentionally", - "types": [ - "Data Deletion Protection" - ], - "uid": "prowler-aws-kms_cmk_not_deleted_unintentionally-211203495394-eu-west-1-737fb7a4-e9f8-4ab4-87a8-aac87372f1c4" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "737fb7a4-e9f8-4ab4-87a8-aac87372f1c4", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/737fb7a4-e9f8-4ab4-87a8-aac87372f1c4", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Id": "key-default-1", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [] - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "737fb7a4-e9f8-4ab4-87a8-aac87372f1c4", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/737fb7a4-e9f8-4ab4-87a8-aac87372f1c4" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Cancel the deletion before the end of the period unless you really want to delete that CMK, as it will no longer be usable.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html#deleting-keys-scheduling-key-deletion-console" - ] - }, - "risk_details": "KMS keys cannot be recovered once deleted, also, all the data under a KMS key is also permanently unrecoverable if the KMS key is deleted.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 7becded9-6105-409d-9ddc-1ec9ad37781a is scheduled for deletion, revert it if it was unintentionally.", - "metadata": { - "event_code": "kms_cmk_not_deleted_unintentionally", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "FAIL", - "status_detail": "KMS CMK 7becded9-6105-409d-9ddc-1ec9ad37781a is scheduled for deletion, revert it if it was unintentionally.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "AM-07.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-16.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.9.2", - "2.10.1" - ], - "PCI-4.0": [ - "3.5.1.1.9", - "3.5.1.3.17", - "3.6.1.2.9", - "3.6.1.3.9", - "3.6.1.4.9", - "3.6.1.9", - "3.7.1.10", - "3.7.2.9", - "3.7.4.10", - "3.7.6.9", - "3.7.7.9", - "4.2.1.1.22" - ], - "CCC": [ - "CCC.KeyMgmt.CN01.AR01", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR02", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.ObjStor.CN05.AR04", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Foundational-Security-Best-Practices": [ - "KMS.3" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.9.2", - "2.10.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure there is no customer keys scheduled for deletion.", - "title": "AWS KMS keys should not be deleted unintentionally", - "types": [ - "Data Deletion Protection" - ], - "uid": "prowler-aws-kms_cmk_not_deleted_unintentionally-211203495394-eu-west-1-7becded9-6105-409d-9ddc-1ec9ad37781a" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "7becded9-6105-409d-9ddc-1ec9ad37781a", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/7becded9-6105-409d-9ddc-1ec9ad37781a", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "Default", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [ - { - "TagKey": "Example", - "TagValue": "ex-rds" - }, - { - "TagKey": "GithubOrg", - "TagValue": "terraform-aws-modules" - }, - { - "TagKey": "GithubRepo", - "TagValue": "terraform-aws-rds-aurora" - } - ] - } - }, - "group": { - "name": "kms" - }, - "labels": [ - "TagKey:GithubRepo", - "TagValue:terraform-aws-rds-aurora" - ], - "name": "7becded9-6105-409d-9ddc-1ec9ad37781a", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/7becded9-6105-409d-9ddc-1ec9ad37781a" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Cancel the deletion before the end of the period unless you really want to delete that CMK, as it will no longer be usable.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html#deleting-keys-scheduling-key-deletion-console" - ] - }, - "risk_details": "KMS keys cannot be recovered once deleted, also, all the data under a KMS key is also permanently unrecoverable if the KMS key is deleted.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 84910ea5-e87b-4175-a70d-317307443c9b is scheduled for deletion, revert it if it was unintentionally.", - "metadata": { - "event_code": "kms_cmk_not_deleted_unintentionally", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "FAIL", - "status_detail": "KMS CMK 84910ea5-e87b-4175-a70d-317307443c9b is scheduled for deletion, revert it if it was unintentionally.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "AM-07.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-16.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.9.2", - "2.10.1" - ], - "PCI-4.0": [ - "3.5.1.1.9", - "3.5.1.3.17", - "3.6.1.2.9", - "3.6.1.3.9", - "3.6.1.4.9", - "3.6.1.9", - "3.7.1.10", - "3.7.2.9", - "3.7.4.10", - "3.7.6.9", - "3.7.7.9", - "4.2.1.1.22" - ], - "CCC": [ - "CCC.KeyMgmt.CN01.AR01", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR02", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.ObjStor.CN05.AR04", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Foundational-Security-Best-Practices": [ - "KMS.3" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.9.2", - "2.10.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure there is no customer keys scheduled for deletion.", - "title": "AWS KMS keys should not be deleted unintentionally", - "types": [ - "Data Deletion Protection" - ], - "uid": "prowler-aws-kms_cmk_not_deleted_unintentionally-211203495394-eu-west-1-84910ea5-e87b-4175-a70d-317307443c9b" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "84910ea5-e87b-4175-a70d-317307443c9b", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/84910ea5-e87b-4175-a70d-317307443c9b", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Id": "key-default-1", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [] - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "84910ea5-e87b-4175-a70d-317307443c9b", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/84910ea5-e87b-4175-a70d-317307443c9b" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Cancel the deletion before the end of the period unless you really want to delete that CMK, as it will no longer be usable.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html#deleting-keys-scheduling-key-deletion-console" - ] - }, - "risk_details": "KMS keys cannot be recovered once deleted, also, all the data under a KMS key is also permanently unrecoverable if the KMS key is deleted.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 8775e1db-1bd3-430a-859e-3f4c2add845f is scheduled for deletion, revert it if it was unintentionally.", - "metadata": { - "event_code": "kms_cmk_not_deleted_unintentionally", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "FAIL", - "status_detail": "KMS CMK 8775e1db-1bd3-430a-859e-3f4c2add845f is scheduled for deletion, revert it if it was unintentionally.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "AM-07.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-16.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.9.2", - "2.10.1" - ], - "PCI-4.0": [ - "3.5.1.1.9", - "3.5.1.3.17", - "3.6.1.2.9", - "3.6.1.3.9", - "3.6.1.4.9", - "3.6.1.9", - "3.7.1.10", - "3.7.2.9", - "3.7.4.10", - "3.7.6.9", - "3.7.7.9", - "4.2.1.1.22" - ], - "CCC": [ - "CCC.KeyMgmt.CN01.AR01", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR02", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.ObjStor.CN05.AR04", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Foundational-Security-Best-Practices": [ - "KMS.3" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.9.2", - "2.10.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure there is no customer keys scheduled for deletion.", - "title": "AWS KMS keys should not be deleted unintentionally", - "types": [ - "Data Deletion Protection" - ], - "uid": "prowler-aws-kms_cmk_not_deleted_unintentionally-211203495394-eu-west-1-8775e1db-1bd3-430a-859e-3f4c2add845f" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "8775e1db-1bd3-430a-859e-3f4c2add845f", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/8775e1db-1bd3-430a-859e-3f4c2add845f", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Id": "key-default-1", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [] - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "8775e1db-1bd3-430a-859e-3f4c2add845f", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/8775e1db-1bd3-430a-859e-3f4c2add845f" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Cancel the deletion before the end of the period unless you really want to delete that CMK, as it will no longer be usable.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html#deleting-keys-scheduling-key-deletion-console" - ] - }, - "risk_details": "KMS keys cannot be recovered once deleted, also, all the data under a KMS key is also permanently unrecoverable if the KMS key is deleted.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 99ad2e00-15a1-4135-b8fb-dd5accf3652f is scheduled for deletion, revert it if it was unintentionally.", - "metadata": { - "event_code": "kms_cmk_not_deleted_unintentionally", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "FAIL", - "status_detail": "KMS CMK 99ad2e00-15a1-4135-b8fb-dd5accf3652f is scheduled for deletion, revert it if it was unintentionally.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "AM-07.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-16.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.9.2", - "2.10.1" - ], - "PCI-4.0": [ - "3.5.1.1.9", - "3.5.1.3.17", - "3.6.1.2.9", - "3.6.1.3.9", - "3.6.1.4.9", - "3.6.1.9", - "3.7.1.10", - "3.7.2.9", - "3.7.4.10", - "3.7.6.9", - "3.7.7.9", - "4.2.1.1.22" - ], - "CCC": [ - "CCC.KeyMgmt.CN01.AR01", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR02", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.ObjStor.CN05.AR04", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Foundational-Security-Best-Practices": [ - "KMS.3" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.9.2", - "2.10.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure there is no customer keys scheduled for deletion.", - "title": "AWS KMS keys should not be deleted unintentionally", - "types": [ - "Data Deletion Protection" - ], - "uid": "prowler-aws-kms_cmk_not_deleted_unintentionally-211203495394-eu-west-1-99ad2e00-15a1-4135-b8fb-dd5accf3652f" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "99ad2e00-15a1-4135-b8fb-dd5accf3652f", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/99ad2e00-15a1-4135-b8fb-dd5accf3652f", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Id": "key-default-1", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [] - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "99ad2e00-15a1-4135-b8fb-dd5accf3652f", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/99ad2e00-15a1-4135-b8fb-dd5accf3652f" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Cancel the deletion before the end of the period unless you really want to delete that CMK, as it will no longer be usable.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html#deleting-keys-scheduling-key-deletion-console" - ] - }, - "risk_details": "KMS keys cannot be recovered once deleted, also, all the data under a KMS key is also permanently unrecoverable if the KMS key is deleted.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 9df09165-d3c4-46c5-954f-a66bcb65f64f is scheduled for deletion, revert it if it was unintentionally.", - "metadata": { - "event_code": "kms_cmk_not_deleted_unintentionally", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "FAIL", - "status_detail": "KMS CMK 9df09165-d3c4-46c5-954f-a66bcb65f64f is scheduled for deletion, revert it if it was unintentionally.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "AM-07.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-16.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.9.2", - "2.10.1" - ], - "PCI-4.0": [ - "3.5.1.1.9", - "3.5.1.3.17", - "3.6.1.2.9", - "3.6.1.3.9", - "3.6.1.4.9", - "3.6.1.9", - "3.7.1.10", - "3.7.2.9", - "3.7.4.10", - "3.7.6.9", - "3.7.7.9", - "4.2.1.1.22" - ], - "CCC": [ - "CCC.KeyMgmt.CN01.AR01", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR02", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.ObjStor.CN05.AR04", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Foundational-Security-Best-Practices": [ - "KMS.3" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.9.2", - "2.10.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure there is no customer keys scheduled for deletion.", - "title": "AWS KMS keys should not be deleted unintentionally", - "types": [ - "Data Deletion Protection" - ], - "uid": "prowler-aws-kms_cmk_not_deleted_unintentionally-211203495394-eu-west-1-9df09165-d3c4-46c5-954f-a66bcb65f64f" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "9df09165-d3c4-46c5-954f-a66bcb65f64f", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/9df09165-d3c4-46c5-954f-a66bcb65f64f", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Id": "key-default-1", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [] - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "9df09165-d3c4-46c5-954f-a66bcb65f64f", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/9df09165-d3c4-46c5-954f-a66bcb65f64f" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Cancel the deletion before the end of the period unless you really want to delete that CMK, as it will no longer be usable.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html#deleting-keys-scheduling-key-deletion-console" - ] - }, - "risk_details": "KMS keys cannot be recovered once deleted, also, all the data under a KMS key is also permanently unrecoverable if the KMS key is deleted.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK b6fe9898-8d78-4d6f-aeeb-2f2083ab7552 is scheduled for deletion, revert it if it was unintentionally.", - "metadata": { - "event_code": "kms_cmk_not_deleted_unintentionally", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "FAIL", - "status_detail": "KMS CMK b6fe9898-8d78-4d6f-aeeb-2f2083ab7552 is scheduled for deletion, revert it if it was unintentionally.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "AM-07.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-16.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.9.2", - "2.10.1" - ], - "PCI-4.0": [ - "3.5.1.1.9", - "3.5.1.3.17", - "3.6.1.2.9", - "3.6.1.3.9", - "3.6.1.4.9", - "3.6.1.9", - "3.7.1.10", - "3.7.2.9", - "3.7.4.10", - "3.7.6.9", - "3.7.7.9", - "4.2.1.1.22" - ], - "CCC": [ - "CCC.KeyMgmt.CN01.AR01", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR02", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.ObjStor.CN05.AR04", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Foundational-Security-Best-Practices": [ - "KMS.3" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.9.2", - "2.10.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure there is no customer keys scheduled for deletion.", - "title": "AWS KMS keys should not be deleted unintentionally", - "types": [ - "Data Deletion Protection" - ], - "uid": "prowler-aws-kms_cmk_not_deleted_unintentionally-211203495394-eu-west-1-b6fe9898-8d78-4d6f-aeeb-2f2083ab7552" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "b6fe9898-8d78-4d6f-aeeb-2f2083ab7552", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/b6fe9898-8d78-4d6f-aeeb-2f2083ab7552", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Id": "key-default-1", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [] - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "b6fe9898-8d78-4d6f-aeeb-2f2083ab7552", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/b6fe9898-8d78-4d6f-aeeb-2f2083ab7552" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Cancel the deletion before the end of the period unless you really want to delete that CMK, as it will no longer be usable.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html#deleting-keys-scheduling-key-deletion-console" - ] - }, - "risk_details": "KMS keys cannot be recovered once deleted, also, all the data under a KMS key is also permanently unrecoverable if the KMS key is deleted.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK c28e1f44-d1bb-40d8-beef-21efdcb66bb7 is scheduled for deletion, revert it if it was unintentionally.", - "metadata": { - "event_code": "kms_cmk_not_deleted_unintentionally", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "FAIL", - "status_detail": "KMS CMK c28e1f44-d1bb-40d8-beef-21efdcb66bb7 is scheduled for deletion, revert it if it was unintentionally.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "AM-07.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-16.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.9.2", - "2.10.1" - ], - "PCI-4.0": [ - "3.5.1.1.9", - "3.5.1.3.17", - "3.6.1.2.9", - "3.6.1.3.9", - "3.6.1.4.9", - "3.6.1.9", - "3.7.1.10", - "3.7.2.9", - "3.7.4.10", - "3.7.6.9", - "3.7.7.9", - "4.2.1.1.22" - ], - "CCC": [ - "CCC.KeyMgmt.CN01.AR01", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR02", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.ObjStor.CN05.AR04", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Foundational-Security-Best-Practices": [ - "KMS.3" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.9.2", - "2.10.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure there is no customer keys scheduled for deletion.", - "title": "AWS KMS keys should not be deleted unintentionally", - "types": [ - "Data Deletion Protection" - ], - "uid": "prowler-aws-kms_cmk_not_deleted_unintentionally-211203495394-eu-west-1-c28e1f44-d1bb-40d8-beef-21efdcb66bb7" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "c28e1f44-d1bb-40d8-beef-21efdcb66bb7", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/c28e1f44-d1bb-40d8-beef-21efdcb66bb7", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "Default", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [ - { - "TagKey": "Example", - "TagValue": "ex-rds" - }, - { - "TagKey": "GithubOrg", - "TagValue": "terraform-aws-modules" - }, - { - "TagKey": "GithubRepo", - "TagValue": "terraform-aws-rds-aurora" - } - ] - } - }, - "group": { - "name": "kms" - }, - "labels": [ - "TagKey:GithubRepo", - "TagValue:terraform-aws-rds-aurora" - ], - "name": "c28e1f44-d1bb-40d8-beef-21efdcb66bb7", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/c28e1f44-d1bb-40d8-beef-21efdcb66bb7" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Cancel the deletion before the end of the period unless you really want to delete that CMK, as it will no longer be usable.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html#deleting-keys-scheduling-key-deletion-console" - ] - }, - "risk_details": "KMS keys cannot be recovered once deleted, also, all the data under a KMS key is also permanently unrecoverable if the KMS key is deleted.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK c45a036b-843a-48be-9621-57e49da9e4f6 is scheduled for deletion, revert it if it was unintentionally.", - "metadata": { - "event_code": "kms_cmk_not_deleted_unintentionally", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "FAIL", - "status_detail": "KMS CMK c45a036b-843a-48be-9621-57e49da9e4f6 is scheduled for deletion, revert it if it was unintentionally.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "AM-07.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-16.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.9.2", - "2.10.1" - ], - "PCI-4.0": [ - "3.5.1.1.9", - "3.5.1.3.17", - "3.6.1.2.9", - "3.6.1.3.9", - "3.6.1.4.9", - "3.6.1.9", - "3.7.1.10", - "3.7.2.9", - "3.7.4.10", - "3.7.6.9", - "3.7.7.9", - "4.2.1.1.22" - ], - "CCC": [ - "CCC.KeyMgmt.CN01.AR01", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR02", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.ObjStor.CN05.AR04", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Foundational-Security-Best-Practices": [ - "KMS.3" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.9.2", - "2.10.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure there is no customer keys scheduled for deletion.", - "title": "AWS KMS keys should not be deleted unintentionally", - "types": [ - "Data Deletion Protection" - ], - "uid": "prowler-aws-kms_cmk_not_deleted_unintentionally-211203495394-eu-west-1-c45a036b-843a-48be-9621-57e49da9e4f6" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "c45a036b-843a-48be-9621-57e49da9e4f6", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/c45a036b-843a-48be-9621-57e49da9e4f6", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "Default", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [ - { - "TagKey": "Example", - "TagValue": "ex-rds" - }, - { - "TagKey": "GithubOrg", - "TagValue": "terraform-aws-modules" - }, - { - "TagKey": "GithubRepo", - "TagValue": "terraform-aws-rds-aurora" - } - ] - } - }, - "group": { - "name": "kms" - }, - "labels": [ - "TagKey:GithubRepo", - "TagValue:terraform-aws-rds-aurora" - ], - "name": "c45a036b-843a-48be-9621-57e49da9e4f6", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/c45a036b-843a-48be-9621-57e49da9e4f6" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Cancel the deletion before the end of the period unless you really want to delete that CMK, as it will no longer be usable.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html#deleting-keys-scheduling-key-deletion-console" - ] - }, - "risk_details": "KMS keys cannot be recovered once deleted, also, all the data under a KMS key is also permanently unrecoverable if the KMS key is deleted.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK cdbd7090-6c87-4e56-b755-fddf82d253ef is scheduled for deletion, revert it if it was unintentionally.", - "metadata": { - "event_code": "kms_cmk_not_deleted_unintentionally", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "FAIL", - "status_detail": "KMS CMK cdbd7090-6c87-4e56-b755-fddf82d253ef is scheduled for deletion, revert it if it was unintentionally.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "AM-07.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-16.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.9.2", - "2.10.1" - ], - "PCI-4.0": [ - "3.5.1.1.9", - "3.5.1.3.17", - "3.6.1.2.9", - "3.6.1.3.9", - "3.6.1.4.9", - "3.6.1.9", - "3.7.1.10", - "3.7.2.9", - "3.7.4.10", - "3.7.6.9", - "3.7.7.9", - "4.2.1.1.22" - ], - "CCC": [ - "CCC.KeyMgmt.CN01.AR01", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR02", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.ObjStor.CN05.AR04", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Foundational-Security-Best-Practices": [ - "KMS.3" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.9.2", - "2.10.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure there is no customer keys scheduled for deletion.", - "title": "AWS KMS keys should not be deleted unintentionally", - "types": [ - "Data Deletion Protection" - ], - "uid": "prowler-aws-kms_cmk_not_deleted_unintentionally-211203495394-eu-west-1-cdbd7090-6c87-4e56-b755-fddf82d253ef" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "cdbd7090-6c87-4e56-b755-fddf82d253ef", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/cdbd7090-6c87-4e56-b755-fddf82d253ef", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Id": "key-default-1", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [] - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "cdbd7090-6c87-4e56-b755-fddf82d253ef", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/cdbd7090-6c87-4e56-b755-fddf82d253ef" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Cancel the deletion before the end of the period unless you really want to delete that CMK, as it will no longer be usable.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html#deleting-keys-scheduling-key-deletion-console" - ] - }, - "risk_details": "KMS keys cannot be recovered once deleted, also, all the data under a KMS key is also permanently unrecoverable if the KMS key is deleted.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK cf944303-41d3-401c-b296-00cbbb3d5ca4 is scheduled for deletion, revert it if it was unintentionally.", - "metadata": { - "event_code": "kms_cmk_not_deleted_unintentionally", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "FAIL", - "status_detail": "KMS CMK cf944303-41d3-401c-b296-00cbbb3d5ca4 is scheduled for deletion, revert it if it was unintentionally.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "AM-07.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-16.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.9.2", - "2.10.1" - ], - "PCI-4.0": [ - "3.5.1.1.9", - "3.5.1.3.17", - "3.6.1.2.9", - "3.6.1.3.9", - "3.6.1.4.9", - "3.6.1.9", - "3.7.1.10", - "3.7.2.9", - "3.7.4.10", - "3.7.6.9", - "3.7.7.9", - "4.2.1.1.22" - ], - "CCC": [ - "CCC.KeyMgmt.CN01.AR01", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR02", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.ObjStor.CN05.AR04", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Foundational-Security-Best-Practices": [ - "KMS.3" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.9.2", - "2.10.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure there is no customer keys scheduled for deletion.", - "title": "AWS KMS keys should not be deleted unintentionally", - "types": [ - "Data Deletion Protection" - ], - "uid": "prowler-aws-kms_cmk_not_deleted_unintentionally-211203495394-eu-west-1-cf944303-41d3-401c-b296-00cbbb3d5ca4" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "cf944303-41d3-401c-b296-00cbbb3d5ca4", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/cf944303-41d3-401c-b296-00cbbb3d5ca4", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Id": "key-default-1", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [] - } - }, - "group": { - "name": "kms" - }, - "labels": [], - "name": "cf944303-41d3-401c-b296-00cbbb3d5ca4", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/cf944303-41d3-401c-b296-00cbbb3d5ca4" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Cancel the deletion before the end of the period unless you really want to delete that CMK, as it will no longer be usable.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html#deleting-keys-scheduling-key-deletion-console" - ] - }, - "risk_details": "KMS keys cannot be recovered once deleted, also, all the data under a KMS key is also permanently unrecoverable if the KMS key is deleted.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK db617ef7-813a-45f5-b3e3-65c57fdf56a3 is not scheduled for deletion.", - "metadata": { - "event_code": "kms_cmk_not_deleted_unintentionally", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "PASS", - "status_detail": "KMS CMK db617ef7-813a-45f5-b3e3-65c57fdf56a3 is not scheduled for deletion.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "AM-07.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-16.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.9.2", - "2.10.1" - ], - "PCI-4.0": [ - "3.5.1.1.9", - "3.5.1.3.17", - "3.6.1.2.9", - "3.6.1.3.9", - "3.6.1.4.9", - "3.6.1.9", - "3.7.1.10", - "3.7.2.9", - "3.7.4.10", - "3.7.6.9", - "3.7.7.9", - "4.2.1.1.22" - ], - "CCC": [ - "CCC.KeyMgmt.CN01.AR01", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR02", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.ObjStor.CN05.AR04", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Foundational-Security-Best-Practices": [ - "KMS.3" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.9.2", - "2.10.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure there is no customer keys scheduled for deletion.", - "title": "AWS KMS keys should not be deleted unintentionally", - "types": [ - "Data Deletion Protection" - ], - "uid": "prowler-aws-kms_cmk_not_deleted_unintentionally-211203495394-eu-west-1-db617ef7-813a-45f5-b3e3-65c57fdf56a3" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "db617ef7-813a-45f5-b3e3-65c57fdf56a3", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/db617ef7-813a-45f5-b3e3-65c57fdf56a3", - "state": "Enabled", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": true, - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "Default", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [ - { - "TagKey": "Example", - "TagValue": "ex-rds" - }, - { - "TagKey": "GithubOrg", - "TagValue": "terraform-aws-modules" - }, - { - "TagKey": "GithubRepo", - "TagValue": "terraform-aws-rds-aurora" - } - ] - } - }, - "group": { - "name": "kms" - }, - "labels": [ - "TagKey:GithubRepo", - "TagValue:terraform-aws-rds-aurora" - ], - "name": "db617ef7-813a-45f5-b3e3-65c57fdf56a3", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/db617ef7-813a-45f5-b3e3-65c57fdf56a3" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Cancel the deletion before the end of the period unless you really want to delete that CMK, as it will no longer be usable.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html#deleting-keys-scheduling-key-deletion-console" - ] - }, - "risk_details": "KMS keys cannot be recovered once deleted, also, all the data under a KMS key is also permanently unrecoverable if the KMS key is deleted.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 78e11b27-598e-4e70-b556-ee62b95a4501 is not scheduled for deletion.", - "metadata": { - "event_code": "kms_cmk_not_deleted_unintentionally", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "PASS", - "status_detail": "KMS CMK 78e11b27-598e-4e70-b556-ee62b95a4501 is not scheduled for deletion.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "AM-07.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-16.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.9.2", - "2.10.1" - ], - "PCI-4.0": [ - "3.5.1.1.9", - "3.5.1.3.17", - "3.6.1.2.9", - "3.6.1.3.9", - "3.6.1.4.9", - "3.6.1.9", - "3.7.1.10", - "3.7.2.9", - "3.7.4.10", - "3.7.6.9", - "3.7.7.9", - "4.2.1.1.22" - ], - "CCC": [ - "CCC.KeyMgmt.CN01.AR01", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR02", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.ObjStor.CN05.AR04", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Foundational-Security-Best-Practices": [ - "KMS.3" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.9.2", - "2.10.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure there is no customer keys scheduled for deletion.", - "title": "AWS KMS keys should not be deleted unintentionally", - "types": [ - "Data Deletion Protection" - ], - "uid": "prowler-aws-kms_cmk_not_deleted_unintentionally-211203495394-us-east-1-78e11b27-598e-4e70-b556-ee62b95a4501" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "id": "78e11b27-598e-4e70-b556-ee62b95a4501", - "arn": "arn:aws:kms:us-east-1:211203495394:key/78e11b27-598e-4e70-b556-ee62b95a4501", - "state": "Enabled", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": true, - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - }, - { - "Sid": "Allow CloudWatch Logs", - "Effect": "Allow", - "Principal": { - "Service": "logs.us-east-1.amazonaws.com" - }, - "Action": [ - "kms:Encrypt*", - "kms:Decrypt*", - "kms:ReEncrypt*", - "kms:GenerateDataKey*", - "kms:Describe*" - ], - "Resource": "*", - "Condition": { - "ArnLike": { - "kms:EncryptionContext:aws:logs:arn": "arn:aws:logs:us-east-1:211203495394:log-group:/aws/s3/*" - } - } - }, - { - "Sid": "Allow Key Users", - "Effect": "Allow", - "Principal": { - "AWS": [ - "arn:aws:iam::211203495394:root", - "arn:aws:iam::211203495394:user/terraform-user" - ] - }, - "Action": [ - "kms:Encrypt", - "kms:Decrypt", - "kms:ReEncrypt*", - "kms:GenerateDataKey*", - "kms:DescribeKey" - ], - "Resource": "*", - "Condition": { - "ArnLike": { - "kms:EncryptionContext:aws:logs:arn": "arn:aws:logs:us-east-1:211203495394:log-group:/aws/s3/*" - } - } - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "us-east-1", - "multi_region": false, - "tags": [ - { - "TagKey": "Environment", - "TagValue": "Production" - }, - { - "TagKey": "Owner", - "TagValue": "CFI" - }, - { - "TagKey": "managed-by", - "TagValue": "terraform" - }, - { - "TagKey": "module", - "TagValue": "secure-s3" - } - ] - } - }, - "group": { - "name": "kms" - }, - "labels": [ - "TagKey:module", - "TagValue:secure-s3" - ], - "name": "78e11b27-598e-4e70-b556-ee62b95a4501", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:us-east-1:211203495394:key/78e11b27-598e-4e70-b556-ee62b95a4501" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Cancel the deletion before the end of the period unless you really want to delete that CMK, as it will no longer be usable.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html#deleting-keys-scheduling-key-deletion-console" - ] - }, - "risk_details": "KMS keys cannot be recovered once deleted, also, all the data under a KMS key is also permanently unrecoverable if the KMS key is deleted.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 939cf539-5ce7-4c5f-a055-b2eb4fe5d9be is scheduled for deletion, revert it if it was unintentionally.", - "metadata": { - "event_code": "kms_cmk_not_deleted_unintentionally", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "FAIL", - "status_detail": "KMS CMK 939cf539-5ce7-4c5f-a055-b2eb4fe5d9be is scheduled for deletion, revert it if it was unintentionally.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "AM-07.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-16.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.9.2", - "2.10.1" - ], - "PCI-4.0": [ - "3.5.1.1.9", - "3.5.1.3.17", - "3.6.1.2.9", - "3.6.1.3.9", - "3.6.1.4.9", - "3.6.1.9", - "3.7.1.10", - "3.7.2.9", - "3.7.4.10", - "3.7.6.9", - "3.7.7.9", - "4.2.1.1.22" - ], - "CCC": [ - "CCC.KeyMgmt.CN01.AR01", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR02", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.ObjStor.CN05.AR04", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Foundational-Security-Best-Practices": [ - "KMS.3" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.9.2", - "2.10.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure there is no customer keys scheduled for deletion.", - "title": "AWS KMS keys should not be deleted unintentionally", - "types": [ - "Data Deletion Protection" - ], - "uid": "prowler-aws-kms_cmk_not_deleted_unintentionally-211203495394-us-east-1-939cf539-5ce7-4c5f-a055-b2eb4fe5d9be" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "id": "939cf539-5ce7-4c5f-a055-b2eb4fe5d9be", - "arn": "arn:aws:kms:us-east-1:211203495394:key/939cf539-5ce7-4c5f-a055-b2eb4fe5d9be", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - }, - { - "Sid": "Allow CloudWatch Logs", - "Effect": "Allow", - "Principal": { - "Service": "logs.us-east-1.amazonaws.com" - }, - "Action": [ - "kms:Encrypt*", - "kms:Decrypt*", - "kms:ReEncrypt*", - "kms:GenerateDataKey*", - "kms:Describe*" - ], - "Resource": "*", - "Condition": { - "ArnLike": { - "kms:EncryptionContext:aws:logs:arn": "arn:aws:logs:us-east-1:211203495394:log-group:/aws/s3/*" - } - } - }, - { - "Sid": "Allow Key Users", - "Effect": "Allow", - "Principal": { - "AWS": [ - "arn:aws:iam::211203495394:root", - "arn:aws:iam::211203495394:user/terraform-user" - ] - }, - "Action": [ - "kms:Encrypt", - "kms:Decrypt", - "kms:ReEncrypt*", - "kms:GenerateDataKey*", - "kms:DescribeKey" - ], - "Resource": "*", - "Condition": { - "ArnLike": { - "kms:EncryptionContext:aws:logs:arn": "arn:aws:logs:us-east-1:211203495394:log-group:/aws/s3/*" - } - } - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "us-east-1", - "multi_region": false, - "tags": [ - { - "TagKey": "Environment", - "TagValue": "Production" - }, - { - "TagKey": "Owner", - "TagValue": "CFI" - }, - { - "TagKey": "managed-by", - "TagValue": "terraform" - }, - { - "TagKey": "module", - "TagValue": "secure-s3" - } - ] - } - }, - "group": { - "name": "kms" - }, - "labels": [ - "TagKey:module", - "TagValue:secure-s3" - ], - "name": "939cf539-5ce7-4c5f-a055-b2eb4fe5d9be", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:us-east-1:211203495394:key/939cf539-5ce7-4c5f-a055-b2eb4fe5d9be" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Cancel the deletion before the end of the period unless you really want to delete that CMK, as it will no longer be usable.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html#deleting-keys-scheduling-key-deletion-console" - ] - }, - "risk_details": "KMS keys cannot be recovered once deleted, also, all the data under a KMS key is also permanently unrecoverable if the KMS key is deleted.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK a80c0553-bf44-472b-a141-674b2d47209b is scheduled for deletion, revert it if it was unintentionally.", - "metadata": { - "event_code": "kms_cmk_not_deleted_unintentionally", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "FAIL", - "status_detail": "KMS CMK a80c0553-bf44-472b-a141-674b2d47209b is scheduled for deletion, revert it if it was unintentionally.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "AM-07.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-16.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.9.2", - "2.10.1" - ], - "PCI-4.0": [ - "3.5.1.1.9", - "3.5.1.3.17", - "3.6.1.2.9", - "3.6.1.3.9", - "3.6.1.4.9", - "3.6.1.9", - "3.7.1.10", - "3.7.2.9", - "3.7.4.10", - "3.7.6.9", - "3.7.7.9", - "4.2.1.1.22" - ], - "CCC": [ - "CCC.KeyMgmt.CN01.AR01", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR02", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.ObjStor.CN05.AR04", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Foundational-Security-Best-Practices": [ - "KMS.3" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.9.2", - "2.10.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure there is no customer keys scheduled for deletion.", - "title": "AWS KMS keys should not be deleted unintentionally", - "types": [ - "Data Deletion Protection" - ], - "uid": "prowler-aws-kms_cmk_not_deleted_unintentionally-211203495394-us-east-1-a80c0553-bf44-472b-a141-674b2d47209b" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "id": "a80c0553-bf44-472b-a141-674b2d47209b", - "arn": "arn:aws:kms:us-east-1:211203495394:key/a80c0553-bf44-472b-a141-674b2d47209b", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - }, - { - "Sid": "Allow CloudWatch Logs", - "Effect": "Allow", - "Principal": { - "Service": "logs.us-east-1.amazonaws.com" - }, - "Action": [ - "kms:Encrypt*", - "kms:Decrypt*", - "kms:ReEncrypt*", - "kms:GenerateDataKey*", - "kms:Describe*" - ], - "Resource": "*", - "Condition": { - "ArnLike": { - "kms:EncryptionContext:aws:logs:arn": "arn:aws:logs:us-east-1:211203495394:log-group:/aws/s3/*" - } - } - }, - { - "Sid": "Allow Key Users", - "Effect": "Allow", - "Principal": { - "AWS": [ - "arn:aws:iam::211203495394:root", - "arn:aws:iam::211203495394:user/terraform-user" - ] - }, - "Action": [ - "kms:Encrypt", - "kms:Decrypt", - "kms:ReEncrypt*", - "kms:GenerateDataKey*", - "kms:DescribeKey" - ], - "Resource": "*", - "Condition": { - "ArnLike": { - "kms:EncryptionContext:aws:logs:arn": "arn:aws:logs:us-east-1:211203495394:log-group:/aws/s3/*" - } - } - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "us-east-1", - "multi_region": false, - "tags": [ - { - "TagKey": "Environment", - "TagValue": "Production" - }, - { - "TagKey": "Owner", - "TagValue": "CFI" - }, - { - "TagKey": "managed-by", - "TagValue": "terraform" - }, - { - "TagKey": "module", - "TagValue": "secure-s3" - } - ] - } - }, - "group": { - "name": "kms" - }, - "labels": [ - "TagKey:module", - "TagValue:secure-s3" - ], - "name": "a80c0553-bf44-472b-a141-674b2d47209b", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:us-east-1:211203495394:key/a80c0553-bf44-472b-a141-674b2d47209b" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Cancel the deletion before the end of the period unless you really want to delete that CMK, as it will no longer be usable.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html#deleting-keys-scheduling-key-deletion-console" - ] - }, - "risk_details": "KMS keys cannot be recovered once deleted, also, all the data under a KMS key is also permanently unrecoverable if the KMS key is deleted.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK bcf39cd2-6148-425c-8c08-c140ee2c5a9f is scheduled for deletion, revert it if it was unintentionally.", - "metadata": { - "event_code": "kms_cmk_not_deleted_unintentionally", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "FAIL", - "status_detail": "KMS CMK bcf39cd2-6148-425c-8c08-c140ee2c5a9f is scheduled for deletion, revert it if it was unintentionally.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "AM-07.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-16.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.9.2", - "2.10.1" - ], - "PCI-4.0": [ - "3.5.1.1.9", - "3.5.1.3.17", - "3.6.1.2.9", - "3.6.1.3.9", - "3.6.1.4.9", - "3.6.1.9", - "3.7.1.10", - "3.7.2.9", - "3.7.4.10", - "3.7.6.9", - "3.7.7.9", - "4.2.1.1.22" - ], - "CCC": [ - "CCC.KeyMgmt.CN01.AR01", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR02", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.ObjStor.CN05.AR04", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Foundational-Security-Best-Practices": [ - "KMS.3" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.9.2", - "2.10.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure there is no customer keys scheduled for deletion.", - "title": "AWS KMS keys should not be deleted unintentionally", - "types": [ - "Data Deletion Protection" - ], - "uid": "prowler-aws-kms_cmk_not_deleted_unintentionally-211203495394-us-east-1-bcf39cd2-6148-425c-8c08-c140ee2c5a9f" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "id": "bcf39cd2-6148-425c-8c08-c140ee2c5a9f", - "arn": "arn:aws:kms:us-east-1:211203495394:key/bcf39cd2-6148-425c-8c08-c140ee2c5a9f", - "state": "PendingDeletion", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": false, - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - }, - { - "Sid": "Allow CloudWatch Logs", - "Effect": "Allow", - "Principal": { - "Service": "logs.us-east-1.amazonaws.com" - }, - "Action": [ - "kms:Encrypt*", - "kms:Decrypt*", - "kms:ReEncrypt*", - "kms:GenerateDataKey*", - "kms:Describe*" - ], - "Resource": "*", - "Condition": { - "ArnLike": { - "kms:EncryptionContext:aws:logs:arn": "arn:aws:logs:us-east-1:211203495394:log-group:/aws/s3/*" - } - } - }, - { - "Sid": "Allow Key Users", - "Effect": "Allow", - "Principal": { - "AWS": [ - "arn:aws:iam::211203495394:root", - "arn:aws:iam::211203495394:user/terraform-user" - ] - }, - "Action": [ - "kms:Encrypt", - "kms:Decrypt", - "kms:ReEncrypt*", - "kms:GenerateDataKey*", - "kms:DescribeKey" - ], - "Resource": "*", - "Condition": { - "ArnLike": { - "kms:EncryptionContext:aws:logs:arn": "arn:aws:logs:us-east-1:211203495394:log-group:/aws/s3/*" - } - } - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "us-east-1", - "multi_region": false, - "tags": [ - { - "TagKey": "Environment", - "TagValue": "Production" - }, - { - "TagKey": "Owner", - "TagValue": "CFI" - }, - { - "TagKey": "managed-by", - "TagValue": "terraform" - }, - { - "TagKey": "module", - "TagValue": "secure-s3" - } - ] - } - }, - "group": { - "name": "kms" - }, - "labels": [ - "TagKey:module", - "TagValue:secure-s3" - ], - "name": "bcf39cd2-6148-425c-8c08-c140ee2c5a9f", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:us-east-1:211203495394:key/bcf39cd2-6148-425c-8c08-c140ee2c5a9f" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Cancel the deletion before the end of the period unless you really want to delete that CMK, as it will no longer be usable.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html#deleting-keys-scheduling-key-deletion-console" - ] - }, - "risk_details": "KMS keys cannot be recovered once deleted, also, all the data under a KMS key is also permanently unrecoverable if the KMS key is deleted.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK db617ef7-813a-45f5-b3e3-65c57fdf56a3 is a single-region key.", - "metadata": { - "event_code": "kms_cmk_not_multi_region", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "KMS CMK db617ef7-813a-45f5-b3e3-65c57fdf56a3 is a single-region key.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html#multi-region-concepts", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Multi-region keys should be used only when absolutely necessary, such as for cross-region disaster recovery, and should be carefully managed with strict access controls.", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "CRY-03.01B", - "CRY-05.02B", - "CRY-10.01B", - "CRY-19.01B", - "PSS-12.02AC" - ], - "CCC": [ - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR04", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04", - "CCC.Core.CN11.AR05" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure that AWS KMS customer managed keys (CMKs) are not multi-region to maintain strict data control and compliance with security best practices.", - "title": "AWS KMS customer managed keys should not be multi-Region", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-kms_cmk_not_multi_region-211203495394-eu-west-1-db617ef7-813a-45f5-b3e3-65c57fdf56a3" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "db617ef7-813a-45f5-b3e3-65c57fdf56a3", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/db617ef7-813a-45f5-b3e3-65c57fdf56a3", - "state": "Enabled", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": true, - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "Default", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [ - { - "TagKey": "Example", - "TagValue": "ex-rds" - }, - { - "TagKey": "GithubOrg", - "TagValue": "terraform-aws-modules" - }, - { - "TagKey": "GithubRepo", - "TagValue": "terraform-aws-rds-aurora" - } - ] - } - }, - "group": { - "name": "kms" - }, - "labels": [ - "TagKey:GithubRepo", - "TagValue:terraform-aws-rds-aurora" - ], - "name": "db617ef7-813a-45f5-b3e3-65c57fdf56a3", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/db617ef7-813a-45f5-b3e3-65c57fdf56a3" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Identify and replace multi-region keys with single-region KMS keys to enhance security and access control.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/mrk-when-to-use.html" - ] - }, - "risk_details": "Multi-region KMS keys can increase the risk of unauthorized access and data exposure, as managing access controls and auditing across multiple regions becomes more complex. This expanded attack surface may lead to compliance violations and data breaches.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 78e11b27-598e-4e70-b556-ee62b95a4501 is a single-region key.", - "metadata": { - "event_code": "kms_cmk_not_multi_region", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "KMS CMK 78e11b27-598e-4e70-b556-ee62b95a4501 is a single-region key.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html#multi-region-concepts", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Multi-region keys should be used only when absolutely necessary, such as for cross-region disaster recovery, and should be carefully managed with strict access controls.", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "CRY-03.01B", - "CRY-05.02B", - "CRY-10.01B", - "CRY-19.01B", - "PSS-12.02AC" - ], - "CCC": [ - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR04", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04", - "CCC.Core.CN11.AR05" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure that AWS KMS customer managed keys (CMKs) are not multi-region to maintain strict data control and compliance with security best practices.", - "title": "AWS KMS customer managed keys should not be multi-Region", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-kms_cmk_not_multi_region-211203495394-us-east-1-78e11b27-598e-4e70-b556-ee62b95a4501" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "id": "78e11b27-598e-4e70-b556-ee62b95a4501", - "arn": "arn:aws:kms:us-east-1:211203495394:key/78e11b27-598e-4e70-b556-ee62b95a4501", - "state": "Enabled", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": true, - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - }, - { - "Sid": "Allow CloudWatch Logs", - "Effect": "Allow", - "Principal": { - "Service": "logs.us-east-1.amazonaws.com" - }, - "Action": [ - "kms:Encrypt*", - "kms:Decrypt*", - "kms:ReEncrypt*", - "kms:GenerateDataKey*", - "kms:Describe*" - ], - "Resource": "*", - "Condition": { - "ArnLike": { - "kms:EncryptionContext:aws:logs:arn": "arn:aws:logs:us-east-1:211203495394:log-group:/aws/s3/*" - } - } - }, - { - "Sid": "Allow Key Users", - "Effect": "Allow", - "Principal": { - "AWS": [ - "arn:aws:iam::211203495394:root", - "arn:aws:iam::211203495394:user/terraform-user" - ] - }, - "Action": [ - "kms:Encrypt", - "kms:Decrypt", - "kms:ReEncrypt*", - "kms:GenerateDataKey*", - "kms:DescribeKey" - ], - "Resource": "*", - "Condition": { - "ArnLike": { - "kms:EncryptionContext:aws:logs:arn": "arn:aws:logs:us-east-1:211203495394:log-group:/aws/s3/*" - } - } - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "us-east-1", - "multi_region": false, - "tags": [ - { - "TagKey": "Environment", - "TagValue": "Production" - }, - { - "TagKey": "Owner", - "TagValue": "CFI" - }, - { - "TagKey": "managed-by", - "TagValue": "terraform" - }, - { - "TagKey": "module", - "TagValue": "secure-s3" - } - ] - } - }, - "group": { - "name": "kms" - }, - "labels": [ - "TagKey:module", - "TagValue:secure-s3" - ], - "name": "78e11b27-598e-4e70-b556-ee62b95a4501", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:us-east-1:211203495394:key/78e11b27-598e-4e70-b556-ee62b95a4501" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Identify and replace multi-region keys with single-region KMS keys to enhance security and access control.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/mrk-when-to-use.html" - ] - }, - "risk_details": "Multi-region KMS keys can increase the risk of unauthorized access and data exposure, as managing access controls and auditing across multiple regions becomes more complex. This expanded attack surface may lead to compliance violations and data breaches.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK db617ef7-813a-45f5-b3e3-65c57fdf56a3 has automatic rotation enabled.", - "metadata": { - "event_code": "kms_cmk_rotation_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "KMS CMK db617ef7-813a-45f5-b3e3-65c57fdf56a3 has automatic rotation enabled.", - "status_id": 1, - "unmapped": { - "related_url": "https://aws.amazon.com/blogs/security/how-to-get-ready-for-certificate-transparency/", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "RBI-Cyber-Security-Framework": [ - "annex_i_1_3" - ], - "HIPAA": [ - "164_312_a_2_iv" - ], - "C5-2025": [ - "OIS-08.02B", - "CRY-05.02B", - "CRY-06.01B", - "CRY-07.01B", - "CRY-09.02B", - "CRY-19.01B" - ], - "FedRamp-Moderate-Revision-4": [ - "sc-12" - ], - "CIS-3.0": [ - "3.6" - ], - "NIST-800-53-Revision-5": [ - "cm_6_a", - "cm_9_b", - "sa_9_6", - "sc_12", - "sc_12_2", - "sc_12_6" - ], - "ENS-RD2022": [ - "op.exp.10.aws.cmk.3" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "CIS-4.0.1": [ - "3.6" - ], - "PCI-4.0": [ - "3.7.4.5", - "3.7.5.2" - ], - "FedRAMP-Low-Revision-4": [ - "sc-12" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "CIS-5.0": [ - "3.6" - ], - "CIS-1.4": [ - "3.8" - ], - "CCC": [ - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN03.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04", - "CCC.Core.CN11.AR05", - "CCC.Core.CN11.AR06" - ], - "GxP-21-CFR-Part-11": [ - "11.30" - ], - "ProwlerThreatScore-1.0": [ - "3.2.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "KMS.4" - ], - "CIS-1.5": [ - "3.8" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC02-BP05" - ], - "ISO27001-2022": [ - "A.8.5", - "A.8.11", - "A.8.24" - ], - "NIST-800-53-Revision-4": [ - "sc_12" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "CIS-2.0": [ - "3.8" - ], - "CISA": [ - "your-systems-3" - ], - "NIS2": [ - "11.6.2.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure rotation for customer created KMS CMKs is enabled.", - "title": "Ensure rotation for customer created KMS CMKs is enabled.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-kms_cmk_rotation_enabled-211203495394-eu-west-1-db617ef7-813a-45f5-b3e3-65c57fdf56a3" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "db617ef7-813a-45f5-b3e3-65c57fdf56a3", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/db617ef7-813a-45f5-b3e3-65c57fdf56a3", - "state": "Enabled", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": true, - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "Default", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [ - { - "TagKey": "Example", - "TagValue": "ex-rds" - }, - { - "TagKey": "GithubOrg", - "TagValue": "terraform-aws-modules" - }, - { - "TagKey": "GithubRepo", - "TagValue": "terraform-aws-rds-aurora" - } - ] - } - }, - "group": { - "name": "kms" - }, - "labels": [ - "TagKey:GithubRepo", - "TagValue:terraform-aws-rds-aurora" - ], - "name": "db617ef7-813a-45f5-b3e3-65c57fdf56a3", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/db617ef7-813a-45f5-b3e3-65c57fdf56a3" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "For every KMS Customer Master Keys (CMKs), ensure that Rotate this key every year is enabled.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html" - ] - }, - "risk_details": "Cryptographic best practices discourage extensive reuse of encryption keys. Consequently, Customer Master Keys (CMKs) should be rotated to prevent usage of compromised keys.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 78e11b27-598e-4e70-b556-ee62b95a4501 has automatic rotation enabled.", - "metadata": { - "event_code": "kms_cmk_rotation_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "KMS CMK 78e11b27-598e-4e70-b556-ee62b95a4501 has automatic rotation enabled.", - "status_id": 1, - "unmapped": { - "related_url": "https://aws.amazon.com/blogs/security/how-to-get-ready-for-certificate-transparency/", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "RBI-Cyber-Security-Framework": [ - "annex_i_1_3" - ], - "HIPAA": [ - "164_312_a_2_iv" - ], - "C5-2025": [ - "OIS-08.02B", - "CRY-05.02B", - "CRY-06.01B", - "CRY-07.01B", - "CRY-09.02B", - "CRY-19.01B" - ], - "FedRamp-Moderate-Revision-4": [ - "sc-12" - ], - "CIS-3.0": [ - "3.6" - ], - "NIST-800-53-Revision-5": [ - "cm_6_a", - "cm_9_b", - "sa_9_6", - "sc_12", - "sc_12_2", - "sc_12_6" - ], - "ENS-RD2022": [ - "op.exp.10.aws.cmk.3" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "CIS-4.0.1": [ - "3.6" - ], - "PCI-4.0": [ - "3.7.4.5", - "3.7.5.2" - ], - "FedRAMP-Low-Revision-4": [ - "sc-12" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "CIS-5.0": [ - "3.6" - ], - "CIS-1.4": [ - "3.8" - ], - "CCC": [ - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN03.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04", - "CCC.Core.CN11.AR05", - "CCC.Core.CN11.AR06" - ], - "GxP-21-CFR-Part-11": [ - "11.30" - ], - "ProwlerThreatScore-1.0": [ - "3.2.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "KMS.4" - ], - "CIS-1.5": [ - "3.8" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC02-BP05" - ], - "ISO27001-2022": [ - "A.8.5", - "A.8.11", - "A.8.24" - ], - "NIST-800-53-Revision-4": [ - "sc_12" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "CIS-2.0": [ - "3.8" - ], - "CISA": [ - "your-systems-3" - ], - "NIS2": [ - "11.6.2.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure rotation for customer created KMS CMKs is enabled.", - "title": "Ensure rotation for customer created KMS CMKs is enabled.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-kms_cmk_rotation_enabled-211203495394-us-east-1-78e11b27-598e-4e70-b556-ee62b95a4501" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "id": "78e11b27-598e-4e70-b556-ee62b95a4501", - "arn": "arn:aws:kms:us-east-1:211203495394:key/78e11b27-598e-4e70-b556-ee62b95a4501", - "state": "Enabled", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": true, - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - }, - { - "Sid": "Allow CloudWatch Logs", - "Effect": "Allow", - "Principal": { - "Service": "logs.us-east-1.amazonaws.com" - }, - "Action": [ - "kms:Encrypt*", - "kms:Decrypt*", - "kms:ReEncrypt*", - "kms:GenerateDataKey*", - "kms:Describe*" - ], - "Resource": "*", - "Condition": { - "ArnLike": { - "kms:EncryptionContext:aws:logs:arn": "arn:aws:logs:us-east-1:211203495394:log-group:/aws/s3/*" - } - } - }, - { - "Sid": "Allow Key Users", - "Effect": "Allow", - "Principal": { - "AWS": [ - "arn:aws:iam::211203495394:root", - "arn:aws:iam::211203495394:user/terraform-user" - ] - }, - "Action": [ - "kms:Encrypt", - "kms:Decrypt", - "kms:ReEncrypt*", - "kms:GenerateDataKey*", - "kms:DescribeKey" - ], - "Resource": "*", - "Condition": { - "ArnLike": { - "kms:EncryptionContext:aws:logs:arn": "arn:aws:logs:us-east-1:211203495394:log-group:/aws/s3/*" - } - } - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "us-east-1", - "multi_region": false, - "tags": [ - { - "TagKey": "Environment", - "TagValue": "Production" - }, - { - "TagKey": "Owner", - "TagValue": "CFI" - }, - { - "TagKey": "managed-by", - "TagValue": "terraform" - }, - { - "TagKey": "module", - "TagValue": "secure-s3" - } - ] - } - }, - "group": { - "name": "kms" - }, - "labels": [ - "TagKey:module", - "TagValue:secure-s3" - ], - "name": "78e11b27-598e-4e70-b556-ee62b95a4501", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:us-east-1:211203495394:key/78e11b27-598e-4e70-b556-ee62b95a4501" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "For every KMS Customer Master Keys (CMKs), ensure that Rotate this key every year is enabled.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html" - ] - }, - "risk_details": "Cryptographic best practices discourage extensive reuse of encryption keys. Consequently, Customer Master Keys (CMKs) should be rotated to prevent usage of compromised keys.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS key db617ef7-813a-45f5-b3e3-65c57fdf56a3 is not exposed to Public.", - "metadata": { - "event_code": "kms_key_not_publicly_accessible", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "KMS key db617ef7-813a-45f5-b3e3-65c57fdf56a3 is not exposed to Public.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/kms/latest/developerguide/determining-access.html", - "categories": [ - "internet-exposed", - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "PS-03.02B", - "IAM-10.01B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-19.01B", - "COS-02.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "CCC": [ - "CCC.ObjStor.CN01.AR01", - "CCC.ObjStor.CN01.AR02", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04" - ], - "ProwlerThreatScore-1.0": [ - "2.2.14" - ], - "AWS-Foundational-Security-Best-Practices": [ - "KMS.5" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC03-BP07" - ], - "ISO27001-2022": [ - "A.8.1" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "NIS2": [ - "9.2.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Check exposed KMS keys", - "title": "Check exposed KMS keys", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-kms_key_not_publicly_accessible-211203495394-eu-west-1-db617ef7-813a-45f5-b3e3-65c57fdf56a3" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "id": "db617ef7-813a-45f5-b3e3-65c57fdf56a3", - "arn": "arn:aws:kms:eu-west-1:211203495394:key/db617ef7-813a-45f5-b3e3-65c57fdf56a3", - "state": "Enabled", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": true, - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "Default", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "eu-west-1", - "multi_region": false, - "tags": [ - { - "TagKey": "Example", - "TagValue": "ex-rds" - }, - { - "TagKey": "GithubOrg", - "TagValue": "terraform-aws-modules" - }, - { - "TagKey": "GithubRepo", - "TagValue": "terraform-aws-rds-aurora" - } - ] - } - }, - "group": { - "name": "kms" - }, - "labels": [ - "TagKey:GithubRepo", - "TagValue:terraform-aws-rds-aurora" - ], - "name": "db617ef7-813a-45f5-b3e3-65c57fdf56a3", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:eu-west-1:211203495394:key/db617ef7-813a-45f5-b3e3-65c57fdf56a3" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "To determine the full extent of who or what currently has access to a customer master key (CMK) in AWS KMS, you must examine the CMK key policy, all grants that apply to the CMK and potentially all AWS Identity and Access Management (IAM) policies. You might do this to determine the scope of potential usage of a CMK.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/determining-access.html" - ] - }, - "risk_details": "Exposed KMS Keys or wide policy permissions my leave data unprotected.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS key 78e11b27-598e-4e70-b556-ee62b95a4501 is not exposed to Public.", - "metadata": { - "event_code": "kms_key_not_publicly_accessible", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "KMS key 78e11b27-598e-4e70-b556-ee62b95a4501 is not exposed to Public.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/kms/latest/developerguide/determining-access.html", - "categories": [ - "internet-exposed", - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "PS-03.02B", - "IAM-10.01B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-19.01B", - "COS-02.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "CCC": [ - "CCC.ObjStor.CN01.AR01", - "CCC.ObjStor.CN01.AR02", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04" - ], - "ProwlerThreatScore-1.0": [ - "2.2.14" - ], - "AWS-Foundational-Security-Best-Practices": [ - "KMS.5" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC03-BP07" - ], - "ISO27001-2022": [ - "A.8.1" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "NIS2": [ - "9.2.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Check exposed KMS keys", - "title": "Check exposed KMS keys", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-kms_key_not_publicly_accessible-211203495394-us-east-1-78e11b27-598e-4e70-b556-ee62b95a4501" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "id": "78e11b27-598e-4e70-b556-ee62b95a4501", - "arn": "arn:aws:kms:us-east-1:211203495394:key/78e11b27-598e-4e70-b556-ee62b95a4501", - "state": "Enabled", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": true, - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - }, - { - "Sid": "Allow CloudWatch Logs", - "Effect": "Allow", - "Principal": { - "Service": "logs.us-east-1.amazonaws.com" - }, - "Action": [ - "kms:Encrypt*", - "kms:Decrypt*", - "kms:ReEncrypt*", - "kms:GenerateDataKey*", - "kms:Describe*" - ], - "Resource": "*", - "Condition": { - "ArnLike": { - "kms:EncryptionContext:aws:logs:arn": "arn:aws:logs:us-east-1:211203495394:log-group:/aws/s3/*" - } - } - }, - { - "Sid": "Allow Key Users", - "Effect": "Allow", - "Principal": { - "AWS": [ - "arn:aws:iam::211203495394:root", - "arn:aws:iam::211203495394:user/terraform-user" - ] - }, - "Action": [ - "kms:Encrypt", - "kms:Decrypt", - "kms:ReEncrypt*", - "kms:GenerateDataKey*", - "kms:DescribeKey" - ], - "Resource": "*", - "Condition": { - "ArnLike": { - "kms:EncryptionContext:aws:logs:arn": "arn:aws:logs:us-east-1:211203495394:log-group:/aws/s3/*" - } - } - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "us-east-1", - "multi_region": false, - "tags": [ - { - "TagKey": "Environment", - "TagValue": "Production" - }, - { - "TagKey": "Owner", - "TagValue": "CFI" - }, - { - "TagKey": "managed-by", - "TagValue": "terraform" - }, - { - "TagKey": "module", - "TagValue": "secure-s3" - } - ] - } - }, - "group": { - "name": "kms" - }, - "labels": [ - "TagKey:module", - "TagValue:secure-s3" - ], - "name": "78e11b27-598e-4e70-b556-ee62b95a4501", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:us-east-1:211203495394:key/78e11b27-598e-4e70-b556-ee62b95a4501" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "To determine the full extent of who or what currently has access to a customer master key (CMK) in AWS KMS, you must examine the CMK key policy, all grants that apply to the CMK and potentially all AWS Identity and Access Management (IAM) policies. You might do this to determine the scope of potential usage of a CMK.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/determining-access.html" - ] - }, - "risk_details": "Exposed KMS Keys or wide policy permissions my leave data unprotected.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "VPC ex-vpc does not have Network Firewall enabled.", - "metadata": { - "event_code": "networkfirewall_in_all_vpc", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "VPC ex-vpc does not have Network Firewall enabled.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/network-firewall/latest/developerguide/setting-up.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "AM-12.01AC", - "COS-07.04B", - "PI-01.01AC" - ], - "ENS-RD2022": [ - "mp.com.1.aws.nfw.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.1", - "2.10.2" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "KISA-ISMS-P-2023": [ - "2.10.1", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1048", - "T1530", - "T1499", - "T1498", - "T1046" - ], - "NIS2": [ - "6.2.1", - "6.7.2.b" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure all VPCs have Network Firewall enabled", - "title": "Ensure all VPCs have Network Firewall enabled", - "types": [], - "uid": "prowler-aws-networkfirewall_in_all_vpc-211203495394-eu-west-1-vpc-007d791b9b857543e" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:ec2:eu-west-1:211203495394:vpc/vpc-007d791b9b857543e", - "id": "vpc-007d791b9b857543e", - "name": "ex-vpc", - "default": false, - "in_use": true, - "cidr_block": "10.0.0.0/16", - "flow_log": true, - "region": "eu-west-1", - "subnets": [ - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-0ed85e6f7a21ca120", - "id": "subnet-0ed85e6f7a21ca120", - "name": "ex-vpc-db-eu-west-1b", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.9.0/24", - "availability_zone": "eu-west-1b", - "public": false, - "in_use": false, - "nat_gateway": true, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Name", - "Value": "ex-vpc-db-eu-west-1b" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Example", - "Value": "ex-vpc" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-0dff6254fddd22140", - "id": "subnet-0dff6254fddd22140", - "name": "ex-vpc-intra-eu-west-1c", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.22.0/24", - "availability_zone": "eu-west-1c", - "public": false, - "in_use": false, - "nat_gateway": false, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "Name", - "Value": "ex-vpc-intra-eu-west-1c" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-003e93ce0ba0d219a", - "id": "subnet-003e93ce0ba0d219a", - "name": "Redshift Subnet Two", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.17.0/24", - "availability_zone": "eu-west-1b", - "public": false, - "in_use": false, - "nat_gateway": true, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Name", - "Value": "Redshift Subnet Two" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-0b96cff7e9a8bbcac", - "id": "subnet-0b96cff7e9a8bbcac", - "name": "Elasticache Subnet One", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.12.0/24", - "availability_zone": "eu-west-1a", - "public": false, - "in_use": false, - "nat_gateway": true, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "Name", - "Value": "Elasticache Subnet One" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-00526a0cd693d0679", - "id": "subnet-00526a0cd693d0679", - "name": "ex-vpc-public-eu-west-1c", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.6.0/24", - "availability_zone": "eu-west-1c", - "public": true, - "in_use": false, - "nat_gateway": false, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "Name", - "Value": "ex-vpc-public-eu-west-1c" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-03dfe7e9e94d1af9f", - "id": "subnet-03dfe7e9e94d1af9f", - "name": "DB Subnet One", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.8.0/24", - "availability_zone": "eu-west-1a", - "public": false, - "in_use": false, - "nat_gateway": true, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Name", - "Value": "DB Subnet One" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Example", - "Value": "ex-vpc" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-0916ac2a0e7ef95cf", - "id": "subnet-0916ac2a0e7ef95cf", - "name": "Private Subnet One", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.0.0/24", - "availability_zone": "eu-west-1a", - "public": false, - "in_use": true, - "nat_gateway": true, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "Name", - "Value": "Private Subnet One" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-094260cca8a477871", - "id": "subnet-094260cca8a477871", - "name": "Private Subnet Two", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.1.0/24", - "availability_zone": "eu-west-1b", - "public": false, - "in_use": true, - "nat_gateway": true, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Name", - "Value": "Private Subnet Two" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-092b870816e369a70", - "id": "subnet-092b870816e369a70", - "name": "ex-vpc-public-eu-west-1a", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.4.0/24", - "availability_zone": "eu-west-1a", - "public": true, - "in_use": true, - "nat_gateway": false, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "Name", - "Value": "ex-vpc-public-eu-west-1a" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-0503024220aeb7296", - "id": "subnet-0503024220aeb7296", - "name": "ex-vpc-elasticache-eu-west-1c", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.14.0/24", - "availability_zone": "eu-west-1c", - "public": false, - "in_use": false, - "nat_gateway": true, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "Name", - "Value": "ex-vpc-elasticache-eu-west-1c" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Example", - "Value": "ex-vpc" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-0065b4be93c6e8110", - "id": "subnet-0065b4be93c6e8110", - "name": "ex-vpc-private-eu-west-1c", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.2.0/24", - "availability_zone": "eu-west-1c", - "public": false, - "in_use": true, - "nat_gateway": true, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "Name", - "Value": "ex-vpc-private-eu-west-1c" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-049af33a5bc4a8bee", - "id": "subnet-049af33a5bc4a8bee", - "name": "ex-vpc-intra-eu-west-1b", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.21.0/24", - "availability_zone": "eu-west-1b", - "public": false, - "in_use": false, - "nat_gateway": false, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Name", - "Value": "ex-vpc-intra-eu-west-1b" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-050902d37d76ff633", - "id": "subnet-050902d37d76ff633", - "name": "ex-vpc-db-eu-west-1c", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.10.0/24", - "availability_zone": "eu-west-1c", - "public": false, - "in_use": false, - "nat_gateway": true, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "Name", - "Value": "ex-vpc-db-eu-west-1c" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-0951ea7ab41c5e46f", - "id": "subnet-0951ea7ab41c5e46f", - "name": "Elasticache Subnet Two", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.13.0/24", - "availability_zone": "eu-west-1b", - "public": false, - "in_use": false, - "nat_gateway": true, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "Name", - "Value": "Elasticache Subnet Two" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-08017c3b1071423b7", - "id": "subnet-08017c3b1071423b7", - "name": "Redshift Subnet One", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.16.0/24", - "availability_zone": "eu-west-1a", - "public": false, - "in_use": false, - "nat_gateway": true, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Name", - "Value": "Redshift Subnet One" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Example", - "Value": "ex-vpc" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-066aeeffb9d61ac77", - "id": "subnet-066aeeffb9d61ac77", - "name": "Redshift Subnet Three", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.18.0/24", - "availability_zone": "eu-west-1c", - "public": false, - "in_use": false, - "nat_gateway": true, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Name", - "Value": "Redshift Subnet Three" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-0ea254ffb94ba85e0", - "id": "subnet-0ea254ffb94ba85e0", - "name": "ex-vpc-public-eu-west-1b", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.5.0/24", - "availability_zone": "eu-west-1b", - "public": true, - "in_use": false, - "nat_gateway": false, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Name", - "Value": "ex-vpc-public-eu-west-1b" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-0f2535905905cd998", - "id": "subnet-0f2535905905cd998", - "name": "ex-vpc-intra-eu-west-1a", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.20.0/24", - "availability_zone": "eu-west-1a", - "public": false, - "in_use": false, - "nat_gateway": false, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "Name", - "Value": "ex-vpc-intra-eu-west-1a" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Example", - "Value": "ex-vpc" - } - ] - } - ], - "tags": [ - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Name", - "Value": "ex-vpc" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Example", - "Value": "ex-vpc" - } - ] - } - }, - "group": { - "name": "networkfirewall" - }, - "labels": [ - "GithubOrg:terraform-aws-modules", - "Name:ex-vpc", - "GithubRepo:terraform-aws-vpc", - "Example:ex-vpc" - ], - "name": "vpc-007d791b9b857543e", - "type": "AwsEc2Vpc", - "uid": "arn:aws:ec2:eu-west-1:211203495394:vpc/vpc-007d791b9b857543e" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Ensure all VPCs have Network Firewall enabled", - "references": [ - "https://docs.aws.amazon.com/network-firewall/latest/developerguide/vpc-config.html" - ] - }, - "risk_details": "Without a network firewall, it can be difficult to monitor and control traffic within the VPC. This can make it harder to detect and prevent attacks or unauthorized access to resources.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "AWS Organizations is not in-use for this AWS Account.", - "metadata": { - "event_code": "organizations_account_part_of_organizations", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "AWS Organizations is not in-use for this AWS Account.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "RBI-Cyber-Security-Framework": [ - "annex_i_1_1" - ], - "ENS-RD2022": [ - "op.acc.4.aws.iam.1", - "op.acc.4.aws.iam.8" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2" - ], - "PCI-4.0": [ - "7.2.1.1", - "7.2.2.1", - "7.2.5.1", - "7.3.1.1", - "7.3.2.1", - "7.3.3.1", - "8.2.7.1", - "8.2.8.1", - "8.3.4.1" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC01-BP01", - "SEC03-BP05", - "SEC08-BP04" - ], - "ISO27001-2022": [ - "A.8.3" - ], - "KISA-ISMS-P-2023": [ - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1078", - "T1087", - "T1580", - "T1538" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure that AWS Organizations service is currently in use.", - "title": "Check if account is part of an AWS Organizations", - "types": [ - "Logging and Monitoring" - ], - "uid": "prowler-aws-organizations_account_part_of_organizations-211203495394-us-east-1-unknown" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:organizations::211203495394:unknown", - "id": "unknown", - "status": "NOT_AVAILABLE", - "master_id": "", - "policies": {}, - "delegated_administrators": null - } - }, - "group": { - "name": "organizations" - }, - "labels": [], - "name": "unknown", - "type": "Other", - "uid": "arn:aws:organizations::211203495394:unknown" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Create or Join an AWS Organization", - "references": [ - "https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_org_create.html" - ] - }, - "risk_details": "The risk associated with not being part of an AWS Organizations is that it can lead to a lack of centralized management and control over the AWS accounts in an organization. This can make it difficult to enforce security policies consistently across all accounts, and can also result in increased costs due to inefficiencies in resource usage. Additionally, not being part of an AWS Organizations can make it harder to track and manage account usage and access.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "AWS Organizations is not in-use for this AWS Account.", - "metadata": { - "event_code": "organizations_opt_out_ai_services_policy", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "AWS Organizations is not in-use for this AWS Account.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_ai-opt-out_all.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "KISA-ISMS-P-2023-korean": [ - "2.10.2" - ], - "KISA-ISMS-P-2023": [ - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "This control checks whether the AWS Organizations opt-out of AI services policy is enabled and whether child-accounts are disallowed to overwrite this policy. The control fails if the policy is not enabled or if child-accounts are not disallowed to overwrite this policy.", - "title": "Ensure that AWS Organizations opt-out of AI services policy is enabled and disallow child-accounts to overwrite this policy.", - "types": [], - "uid": "prowler-aws-organizations_opt_out_ai_services_policy-211203495394-us-east-1-unknown" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:organizations::211203495394:unknown", - "id": "unknown", - "status": "NOT_AVAILABLE", - "master_id": "", - "policies": {}, - "delegated_administrators": null - } - }, - "group": { - "name": "organizations" - }, - "labels": [], - "name": "unknown", - "type": "Other", - "uid": "arn:aws:organizations::211203495394:unknown" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Artificial Intelligence (AI) services opt-out policies enable you to control whether AWS AI services can store and use your content. Enable the AWS Organizations opt-out of AI services policy and disallow child-accounts to overwrite this policy.", - "references": [ - "https://docs.aws.amazon.com/organizations/latest/userguide/disable-policy-type.html" - ] - }, - "risk_details": "By default, AWS may be using your data to train its AI models. This may include data from your AWS CloudTrail logs, AWS Config rules, and AWS GuardDuty findings. If you opt out of AI services, AWS will not use your data to train its AI models.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "AWS Organizations is not in-use for this AWS Account.", - "metadata": { - "event_code": "organizations_scp_check_deny_regions", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "AWS Organizations is not in-use for this AWS Account.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "PSS-12.02AC" - ], - "ENS-RD2022": [ - "op.acc.4.aws.iam.1", - "op.acc.4.aws.iam.8" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2" - ], - "CCC": [ - "CCC.Core.CN06.AR01", - "CCC.Core.CN06.AR02" - ], - "AWS-Account-Security-Onboarding": [ - "Block unused regions" - ], - "KISA-ISMS-P-2023": [ - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1078", - "T1535" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "As best practice, AWS Regions should be restricted and only allow the ones that are needed.", - "title": "Check if AWS Regions are restricted with SCP policies", - "types": [ - "Logging and Monitoring" - ], - "uid": "prowler-aws-organizations_scp_check_deny_regions-211203495394-us-east-1-unknown" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:organizations::211203495394:unknown", - "id": "unknown", - "status": "NOT_AVAILABLE", - "master_id": "", - "policies": {}, - "delegated_administrators": null - } - }, - "group": { - "name": "organizations" - }, - "labels": [], - "name": "unknown", - "type": "Other", - "uid": "arn:aws:organizations::211203495394:unknown" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Restrict AWS Regions using SCP policies.", - "references": [ - "https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scps_examples_general.html#example-scp-deny-region" - ] - }, - "risk_details": "The risk associated with not restricting AWS Regions with Service Control Policies (SCPs) is that it can lead to unauthorized access or use of resources in regions that are not intended for use. This can result in increased costs due to inefficiencies in resource usage and can also expose sensitive data to unauthorized access or breaches. By restricting access to AWS Regions with SCP policies, organizations can help ensure that only authorized personnel have access to the resources they need, while minimizing the risk of security breaches and compliance violations.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "AWS Organizations is not in-use for this AWS Account.", - "metadata": { - "event_code": "organizations_tags_policies_enabled_and_attached", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "AWS Organizations is not in-use for this AWS Account.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "AM-09.01B" - ], - "ENS-RD2022": [ - "op.exp.1.aws.sys.2", - "op.exp.1.aws.tag.1", - "op.exp.10.aws.tag.1", - "mp.info.6.aws.tag.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.1.3" - ], - "ISO27001-2022": [ - "A.5.13" - ], - "KISA-ISMS-P-2023": [ - "2.1.3" - ], - "NIS2": [ - "11.5.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Check if an AWS Organization has tags policies enabled and attached.", - "title": "Check if an AWS Organization has tags policies enabled and attached.", - "types": [], - "uid": "prowler-aws-organizations_tags_policies_enabled_and_attached-211203495394-us-east-1-unknown" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:organizations::211203495394:unknown", - "id": "unknown", - "status": "NOT_AVAILABLE", - "master_id": "", - "policies": {}, - "delegated_administrators": null - } - }, - "group": { - "name": "organizations" - }, - "labels": [], - "name": "unknown", - "type": "Other", - "uid": "arn:aws:organizations::211203495394:unknown" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Enable and attach AWS Organizations tags policies.", - "references": [ - "https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies.html" - ] - }, - "risk_details": "If an AWS Organization tags policies are not enabled and attached, it is not possible to enforce tags on AWS resources.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No Resource Explorer Indexes found.", - "metadata": { - "event_code": "resourceexplorer2_indexes_found", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "No Resource Explorer Indexes found.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.exp.1.aws.re.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.2" - ], - "KISA-ISMS-P-2023": [ - "2.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Resource Explorer Indexes Found", - "title": "Resource Explorer Indexes Found", - "types": [], - "uid": "prowler-aws-resourceexplorer2_indexes_found-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "resourceexplorer2" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:resource-explorer:us-east-1:211203495394:index" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Create indexes", - "references": [ - "https://docs.aws.amazon.com/resource-explorer/latest/userguide/manage-service-turn-on-region.html" - ] - }, - "risk_details": "Not having Resource Explorer indexes can result in increased complexity and overhead in managing your resources, as well as increased risk of security and compliance issues.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Block Public Access is not configured for the account 211203495394.", - "metadata": { - "event_code": "s3_account_level_public_access_blocks", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Block Public Access is not configured for the account 211203495394.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_1", - "3_1_2", - "3_1_3", - "3_1_14", - "3_1_20", - "3_3_8", - "3_4_6", - "3_13_2", - "3_13_5" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_1_3" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_308_a_3_i" - ], - "C5-2025": [ - "PS-03.02B", - "IAM-10.01B", - "COS-02.01B" - ], - "NIST-CSF-1.1": [ - "ac_3", - "ac_5", - "ds_5", - "ip_8", - "pt_3" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-3", - "ac-6", - "ac-17-1", - "ac-21-b", - "cm-2", - "sc-4", - "sc-7-3", - "sc-7" - ], - "CIS-3.0": [ - "2.1.4" - ], - "NIST-800-53-Revision-5": [ - "ac_2_6", - "ac_3", - "ac_3_7", - "ac_4_21", - "ac_6", - "ac_17_b", - "ac_17_1", - "ac_17_4_a", - "ac_17_9", - "ac_17_10", - "cm_6_a", - "cm_9_b", - "mp_2", - "sc_7_2", - "sc_7_3", - "sc_7_7", - "sc_7_9_a", - "sc_7_11", - "sc_7_12", - "sc_7_16", - "sc_7_20", - "sc_7_21", - "sc_7_24_b", - "sc_7_25", - "sc_7_26", - "sc_7_27", - "sc_7_28", - "sc_7_a", - "sc_7_b", - "sc_7_c", - "sc_25" - ], - "AWS-Audit-Manager-Control-Tower-Guardrails": [ - "4.1.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.1", - "2.6.2", - "2.10.2" - ], - "CIS-4.0.1": [ - "2.1.4" - ], - "PCI-4.0": [ - "1.2.8.31", - "1.2.8.32", - "1.3.1.35", - "1.3.1.36", - "1.3.2.35", - "1.3.2.36", - "1.4.2.33", - "1.4.2.34", - "1.5.1.31", - "1.5.1.32", - "10.3.2.19", - "10.3.2.20", - "3.5.1.3.24", - "3.5.1.3.25", - "A1.1.2.15", - "A1.1.2.16", - "A1.1.3.31", - "A1.1.3.32", - "A3.4.1.17", - "A3.4.1.18" - ], - "FedRAMP-Low-Revision-4": [ - "ac-3", - "ac-17", - "cm-2", - "sc-7" - ], - "FFIEC": [ - "d3-pc-im-b-1" - ], - "PCI-3.2.1": [ - "1.3", - "2.2", - "2.2.2", - "7.2", - "7.2.1" - ], - "CIS-5.0": [ - "2.1.4" - ], - "CIS-1.4": [ - "2.1.5" - ], - "CCC": [ - "CCC.Logging.CN05.AR01", - "CCC.Logging.CN05.AR02", - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN05.AR01" - ], - "GxP-21-CFR-Part-11": [ - "11.10-d", - "11.10-g" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.1" - ], - "CIS-1.5": [ - "2.1.5" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC03-BP07" - ], - "ISO27001-2022": [ - "A.8.1" - ], - "NIST-800-53-Revision-4": [ - "sc_7_3", - "sc_7" - ], - "AWS-Account-Security-Onboarding": [ - "S3 Block Public Access" - ], - "KISA-ISMS-P-2023": [ - "2.6.1", - "2.6.2", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1530" - ], - "CIS-2.0": [ - "2.1.4" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Check S3 Account Level Public Access Block.", - "title": "Check S3 Account Level Public Access Block.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_account_level_public_access_blocks-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "block_public_acls": false, - "ignore_public_acls": false, - "block_public_policy": false, - "restrict_public_buckets": false - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "211203495394", - "type": "AwsS3AccountPublicAccessBlock", - "uid": "arn:aws:s3:us-east-1:211203495394:account" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "You can enable Public Access Block at the account level to prevent the exposure of your data stored in S3.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html" - ] - }, - "risk_details": "Public access policies may be applied to sensitive data buckets.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket prod-my-secure-s3-bucket-20250423 has bucket ACLs disabled.", - "metadata": { - "event_code": "s3_bucket_acl_prohibited", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 Bucket prod-my-secure-s3-bucket-20250423 has bucket ACLs disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.2", - "2.10.2" - ], - "PCI-4.0": [ - "7.2.1.24", - "7.2.2.24", - "7.2.5.18", - "7.3.1.18", - "7.3.2.18", - "7.3.3.18", - "8.2.7.18", - "8.2.8.20", - "8.3.4.18" - ], - "CCC": [ - "CCC.ObjStor.CN02.AR02" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.12" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP02" - ], - "KISA-ISMS-P-2023": [ - "2.6.2", - "2.10.2" - ], - "CISA": [ - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Check if S3 buckets have ACLs enabled", - "title": "Check if S3 buckets have ACLs enabled", - "types": [ - "Logging and Monitoring" - ], - "uid": "prowler-aws-s3_bucket_acl_prohibited-211203495394-us-east-1-prod-my-secure-s3-bucket-20250423" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::prod-my-secure-s3-bucket-20250423", - "name": "prod-my-secure-s3-bucket-20250423", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": true, - "logging": true, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "aws:kms", - "region": "us-east-1", - "logging_target_bucket": "prod-my-secure-s3-bucket-20250423-logs", - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [ - { - "Key": "Environment", - "Value": "Production" - }, - { - "Key": "Owner", - "Value": "CFI" - }, - { - "Key": "managed-by", - "Value": "terraform" - }, - { - "Key": "module", - "Value": "secure-s3" - }, - { - "Key": "Name", - "Value": "prod-my-secure-s3-bucket-20250423" - } - ], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [ - "Environment:Production", - "Owner:CFI", - "managed-by:terraform", - "module:secure-s3", - "Name:prod-my-secure-s3-bucket-20250423" - ], - "name": "prod-my-secure-s3-bucket-20250423", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::prod-my-secure-s3-bucket-20250423" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Ensure that S3 ACLs are disabled (BucketOwnerEnforced). Use IAM policies and bucket policies to manage access.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html" - ] - }, - "risk_details": "S3 ACLs are a legacy access control mechanism that predates IAM. IAM and bucket policies are currently the preferred methods.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket prod-my-secure-s3-bucket-20250423-logs has bucket ACLs disabled.", - "metadata": { - "event_code": "s3_bucket_acl_prohibited", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 Bucket prod-my-secure-s3-bucket-20250423-logs has bucket ACLs disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.2", - "2.10.2" - ], - "PCI-4.0": [ - "7.2.1.24", - "7.2.2.24", - "7.2.5.18", - "7.3.1.18", - "7.3.2.18", - "7.3.3.18", - "8.2.7.18", - "8.2.8.20", - "8.3.4.18" - ], - "CCC": [ - "CCC.ObjStor.CN02.AR02" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.12" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP02" - ], - "KISA-ISMS-P-2023": [ - "2.6.2", - "2.10.2" - ], - "CISA": [ - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Check if S3 buckets have ACLs enabled", - "title": "Check if S3 buckets have ACLs enabled", - "types": [ - "Logging and Monitoring" - ], - "uid": "prowler-aws-s3_bucket_acl_prohibited-211203495394-us-east-1-prod-my-secure-s3-bucket-20250423-logs" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::prod-my-secure-s3-bucket-20250423-logs", - "name": "prod-my-secure-s3-bucket-20250423-logs", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": true, - "logging": true, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "aws:kms", - "region": "us-east-1", - "logging_target_bucket": "prod-my-secure-s3-bucket-20250423-logs", - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [ - { - "Key": "Environment", - "Value": "Production" - }, - { - "Key": "Owner", - "Value": "CFI" - }, - { - "Key": "Type", - "Value": "logs" - }, - { - "Key": "managed-by", - "Value": "terraform" - }, - { - "Key": "module", - "Value": "secure-s3" - }, - { - "Key": "Name", - "Value": "prod-my-secure-s3-bucket-20250423-logs" - } - ], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [ - "Environment:Production", - "Owner:CFI", - "Type:logs", - "managed-by:terraform", - "module:secure-s3", - "Name:prod-my-secure-s3-bucket-20250423-logs" - ], - "name": "prod-my-secure-s3-bucket-20250423-logs", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::prod-my-secure-s3-bucket-20250423-logs" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Ensure that S3 ACLs are disabled (BucketOwnerEnforced). Use IAM policies and bucket policies to manage access.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html" - ] - }, - "risk_details": "S3 ACLs are a legacy access control mechanism that predates IAM. IAM and bucket policies are currently the preferred methods.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket test-bucket-obj-untrusted has bucket ACLs disabled.", - "metadata": { - "event_code": "s3_bucket_acl_prohibited", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 Bucket test-bucket-obj-untrusted has bucket ACLs disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.2", - "2.10.2" - ], - "PCI-4.0": [ - "7.2.1.24", - "7.2.2.24", - "7.2.5.18", - "7.3.1.18", - "7.3.2.18", - "7.3.3.18", - "8.2.7.18", - "8.2.8.20", - "8.3.4.18" - ], - "CCC": [ - "CCC.ObjStor.CN02.AR02" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.12" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP02" - ], - "KISA-ISMS-P-2023": [ - "2.6.2", - "2.10.2" - ], - "CISA": [ - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Check if S3 buckets have ACLs enabled", - "title": "Check if S3 buckets have ACLs enabled", - "types": [ - "Logging and Monitoring" - ], - "uid": "prowler-aws-s3_bucket_acl_prohibited-211203495394-us-east-1-test-bucket-obj-untrusted" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::test-bucket-obj-untrusted", - "name": "test-bucket-obj-untrusted", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": null, - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "us-east-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "test-bucket-obj-untrusted", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::test-bucket-obj-untrusted" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Ensure that S3 ACLs are disabled (BucketOwnerEnforced). Use IAM policies and bucket policies to manage access.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html" - ] - }, - "risk_details": "S3 ACLs are a legacy access control mechanism that predates IAM. IAM and bucket policies are currently the preferred methods.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket test-bucket-untrusted-kms has bucket ACLs disabled.", - "metadata": { - "event_code": "s3_bucket_acl_prohibited", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 Bucket test-bucket-untrusted-kms has bucket ACLs disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.2", - "2.10.2" - ], - "PCI-4.0": [ - "7.2.1.24", - "7.2.2.24", - "7.2.5.18", - "7.3.1.18", - "7.3.2.18", - "7.3.3.18", - "8.2.7.18", - "8.2.8.20", - "8.3.4.18" - ], - "CCC": [ - "CCC.ObjStor.CN02.AR02" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.12" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP02" - ], - "KISA-ISMS-P-2023": [ - "2.6.2", - "2.10.2" - ], - "CISA": [ - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Check if S3 buckets have ACLs enabled", - "title": "Check if S3 buckets have ACLs enabled", - "types": [ - "Logging and Monitoring" - ], - "uid": "prowler-aws-s3_bucket_acl_prohibited-211203495394-us-east-1-test-bucket-untrusted-kms" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::test-bucket-untrusted-kms", - "name": "test-bucket-untrusted-kms", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "us-east-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "test-bucket-untrusted-kms", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::test-bucket-untrusted-kms" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Ensure that S3 ACLs are disabled (BucketOwnerEnforced). Use IAM policies and bucket policies to manage access.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html" - ] - }, - "risk_details": "S3 ACLs are a legacy access control mechanism that predates IAM. IAM and bucket policies are currently the preferred methods.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket prod-my-secure-s3-bucket-20250423 does not have a bucket policy.", - "metadata": { - "event_code": "s3_bucket_cross_account_access", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 Bucket prod-my-secure-s3-bucket-20250423 does not have a bucket policy.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-10.01B", - "IAM-10.02B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "PCI-4.0": [ - "10.6.3.33", - "10.6.3.35", - "7.2.1.25", - "7.2.1.26", - "7.2.1.27", - "7.2.2.25", - "7.2.2.26", - "7.2.2.27", - "7.2.5.19", - "7.2.5.20", - "7.2.5.21", - "7.2.6.4", - "7.2.6.5", - "7.3.1.19", - "7.3.1.20", - "7.3.1.21", - "7.3.2.19", - "7.3.2.20", - "7.3.2.21", - "7.3.3.19", - "7.3.3.20", - "7.3.3.21", - "8.2.7.19", - "8.2.7.20", - "8.2.7.21", - "8.2.8.21", - "8.2.8.22", - "8.2.8.23", - "8.3.4.19", - "8.3.4.20", - "8.3.4.21" - ], - "CCC": [ - "CCC.AuditLog.CN05.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN10.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.6", - "S3.7" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "This check verifies that S3 bucket policies are configured in a way that limits access to the intended AWS accounts only, preventing unauthorized access by external or unintended accounts.", - "title": "Ensure that general-purpose bucket policies restrict access to other AWS accounts.", - "types": [ - "Effects/Data Exposure" - ], - "uid": "prowler-aws-s3_bucket_cross_account_access-211203495394-us-east-1-prod-my-secure-s3-bucket-20250423" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::prod-my-secure-s3-bucket-20250423", - "name": "prod-my-secure-s3-bucket-20250423", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": true, - "logging": true, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "aws:kms", - "region": "us-east-1", - "logging_target_bucket": "prod-my-secure-s3-bucket-20250423-logs", - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [ - { - "Key": "Environment", - "Value": "Production" - }, - { - "Key": "Owner", - "Value": "CFI" - }, - { - "Key": "managed-by", - "Value": "terraform" - }, - { - "Key": "module", - "Value": "secure-s3" - }, - { - "Key": "Name", - "Value": "prod-my-secure-s3-bucket-20250423" - } - ], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [ - "Environment:Production", - "Owner:CFI", - "managed-by:terraform", - "module:secure-s3", - "Name:prod-my-secure-s3-bucket-20250423" - ], - "name": "prod-my-secure-s3-bucket-20250423", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::prod-my-secure-s3-bucket-20250423" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Review and update your S3 bucket policies to remove permissions that grant external AWS accounts access to critical actions and implement least privilege principles to ensure sensitive operations are restricted to trusted accounts only", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html" - ] - }, - "risk_details": "Allowing other AWS accounts to perform sensitive actions (e.g., modifying bucket policies, ACLs, or encryption settings) on your S3 buckets can lead to data exposure, unauthorized access, or misconfigurations, increasing the risk of insider threats or attacks.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket prod-my-secure-s3-bucket-20250423-logs does not have a bucket policy.", - "metadata": { - "event_code": "s3_bucket_cross_account_access", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 Bucket prod-my-secure-s3-bucket-20250423-logs does not have a bucket policy.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-10.01B", - "IAM-10.02B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "PCI-4.0": [ - "10.6.3.33", - "10.6.3.35", - "7.2.1.25", - "7.2.1.26", - "7.2.1.27", - "7.2.2.25", - "7.2.2.26", - "7.2.2.27", - "7.2.5.19", - "7.2.5.20", - "7.2.5.21", - "7.2.6.4", - "7.2.6.5", - "7.3.1.19", - "7.3.1.20", - "7.3.1.21", - "7.3.2.19", - "7.3.2.20", - "7.3.2.21", - "7.3.3.19", - "7.3.3.20", - "7.3.3.21", - "8.2.7.19", - "8.2.7.20", - "8.2.7.21", - "8.2.8.21", - "8.2.8.22", - "8.2.8.23", - "8.3.4.19", - "8.3.4.20", - "8.3.4.21" - ], - "CCC": [ - "CCC.AuditLog.CN05.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN10.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.6", - "S3.7" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "This check verifies that S3 bucket policies are configured in a way that limits access to the intended AWS accounts only, preventing unauthorized access by external or unintended accounts.", - "title": "Ensure that general-purpose bucket policies restrict access to other AWS accounts.", - "types": [ - "Effects/Data Exposure" - ], - "uid": "prowler-aws-s3_bucket_cross_account_access-211203495394-us-east-1-prod-my-secure-s3-bucket-20250423-logs" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::prod-my-secure-s3-bucket-20250423-logs", - "name": "prod-my-secure-s3-bucket-20250423-logs", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": true, - "logging": true, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "aws:kms", - "region": "us-east-1", - "logging_target_bucket": "prod-my-secure-s3-bucket-20250423-logs", - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [ - { - "Key": "Environment", - "Value": "Production" - }, - { - "Key": "Owner", - "Value": "CFI" - }, - { - "Key": "Type", - "Value": "logs" - }, - { - "Key": "managed-by", - "Value": "terraform" - }, - { - "Key": "module", - "Value": "secure-s3" - }, - { - "Key": "Name", - "Value": "prod-my-secure-s3-bucket-20250423-logs" - } - ], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [ - "Environment:Production", - "Owner:CFI", - "Type:logs", - "managed-by:terraform", - "module:secure-s3", - "Name:prod-my-secure-s3-bucket-20250423-logs" - ], - "name": "prod-my-secure-s3-bucket-20250423-logs", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::prod-my-secure-s3-bucket-20250423-logs" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Review and update your S3 bucket policies to remove permissions that grant external AWS accounts access to critical actions and implement least privilege principles to ensure sensitive operations are restricted to trusted accounts only", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html" - ] - }, - "risk_details": "Allowing other AWS accounts to perform sensitive actions (e.g., modifying bucket policies, ACLs, or encryption settings) on your S3 buckets can lead to data exposure, unauthorized access, or misconfigurations, increasing the risk of insider threats or attacks.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket test-bucket-obj-untrusted does not have a bucket policy.", - "metadata": { - "event_code": "s3_bucket_cross_account_access", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 Bucket test-bucket-obj-untrusted does not have a bucket policy.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-10.01B", - "IAM-10.02B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "PCI-4.0": [ - "10.6.3.33", - "10.6.3.35", - "7.2.1.25", - "7.2.1.26", - "7.2.1.27", - "7.2.2.25", - "7.2.2.26", - "7.2.2.27", - "7.2.5.19", - "7.2.5.20", - "7.2.5.21", - "7.2.6.4", - "7.2.6.5", - "7.3.1.19", - "7.3.1.20", - "7.3.1.21", - "7.3.2.19", - "7.3.2.20", - "7.3.2.21", - "7.3.3.19", - "7.3.3.20", - "7.3.3.21", - "8.2.7.19", - "8.2.7.20", - "8.2.7.21", - "8.2.8.21", - "8.2.8.22", - "8.2.8.23", - "8.3.4.19", - "8.3.4.20", - "8.3.4.21" - ], - "CCC": [ - "CCC.AuditLog.CN05.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN10.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.6", - "S3.7" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "This check verifies that S3 bucket policies are configured in a way that limits access to the intended AWS accounts only, preventing unauthorized access by external or unintended accounts.", - "title": "Ensure that general-purpose bucket policies restrict access to other AWS accounts.", - "types": [ - "Effects/Data Exposure" - ], - "uid": "prowler-aws-s3_bucket_cross_account_access-211203495394-us-east-1-test-bucket-obj-untrusted" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::test-bucket-obj-untrusted", - "name": "test-bucket-obj-untrusted", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": null, - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "us-east-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "test-bucket-obj-untrusted", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::test-bucket-obj-untrusted" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Review and update your S3 bucket policies to remove permissions that grant external AWS accounts access to critical actions and implement least privilege principles to ensure sensitive operations are restricted to trusted accounts only", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html" - ] - }, - "risk_details": "Allowing other AWS accounts to perform sensitive actions (e.g., modifying bucket policies, ACLs, or encryption settings) on your S3 buckets can lead to data exposure, unauthorized access, or misconfigurations, increasing the risk of insider threats or attacks.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket test-bucket-untrusted-kms does not have a bucket policy.", - "metadata": { - "event_code": "s3_bucket_cross_account_access", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 Bucket test-bucket-untrusted-kms does not have a bucket policy.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-10.01B", - "IAM-10.02B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "PCI-4.0": [ - "10.6.3.33", - "10.6.3.35", - "7.2.1.25", - "7.2.1.26", - "7.2.1.27", - "7.2.2.25", - "7.2.2.26", - "7.2.2.27", - "7.2.5.19", - "7.2.5.20", - "7.2.5.21", - "7.2.6.4", - "7.2.6.5", - "7.3.1.19", - "7.3.1.20", - "7.3.1.21", - "7.3.2.19", - "7.3.2.20", - "7.3.2.21", - "7.3.3.19", - "7.3.3.20", - "7.3.3.21", - "8.2.7.19", - "8.2.7.20", - "8.2.7.21", - "8.2.8.21", - "8.2.8.22", - "8.2.8.23", - "8.3.4.19", - "8.3.4.20", - "8.3.4.21" - ], - "CCC": [ - "CCC.AuditLog.CN05.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN10.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.6", - "S3.7" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "This check verifies that S3 bucket policies are configured in a way that limits access to the intended AWS accounts only, preventing unauthorized access by external or unintended accounts.", - "title": "Ensure that general-purpose bucket policies restrict access to other AWS accounts.", - "types": [ - "Effects/Data Exposure" - ], - "uid": "prowler-aws-s3_bucket_cross_account_access-211203495394-us-east-1-test-bucket-untrusted-kms" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::test-bucket-untrusted-kms", - "name": "test-bucket-untrusted-kms", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "us-east-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "test-bucket-untrusted-kms", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::test-bucket-untrusted-kms" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Review and update your S3 bucket policies to remove permissions that grant external AWS accounts access to critical actions and implement least privilege principles to ensure sensitive operations are restricted to trusted accounts only", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html" - ] - }, - "risk_details": "Allowing other AWS accounts to perform sensitive actions (e.g., modifying bucket policies, ACLs, or encryption settings) on your S3 buckets can lead to data exposure, unauthorized access, or misconfigurations, increasing the risk of insider threats or attacks.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket prod-my-secure-s3-bucket-20250423 does not have correct cross region replication configuration.", - "metadata": { - "event_code": "s3_bucket_cross_region_replication", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "S3 Bucket prod-my-secure-s3-bucket-20250423 does not have correct cross region replication configuration.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonS3/latest/userguide/replication.html", - "categories": [ - "redundancy" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.2" - ], - "PCI-3.2.1": [ - "2.2", - "3.1", - "3.1.c", - "10.5", - "10.5.3" - ], - "CCC": [ - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN05.AR02", - "CCC.Core.CN08.AR01", - "CCC.Core.CN08.AR02" - ], - "ISO27001-2022": [ - "A.8.14" - ], - "KISA-ISMS-P-2023": [ - "2.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Verifying whether S3 buckets have cross-region replication enabled, ensuring data redundancy and availability across multiple AWS regions", - "title": "Check if S3 buckets use cross region replication.", - "types": [ - "Secure access management" - ], - "uid": "prowler-aws-s3_bucket_cross_region_replication-211203495394-us-east-1-prod-my-secure-s3-bucket-20250423" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::prod-my-secure-s3-bucket-20250423", - "name": "prod-my-secure-s3-bucket-20250423", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": true, - "logging": true, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "aws:kms", - "region": "us-east-1", - "logging_target_bucket": "prod-my-secure-s3-bucket-20250423-logs", - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [ - { - "Key": "Environment", - "Value": "Production" - }, - { - "Key": "Owner", - "Value": "CFI" - }, - { - "Key": "managed-by", - "Value": "terraform" - }, - { - "Key": "module", - "Value": "secure-s3" - }, - { - "Key": "Name", - "Value": "prod-my-secure-s3-bucket-20250423" - } - ], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [ - "Environment:Production", - "Owner:CFI", - "managed-by:terraform", - "module:secure-s3", - "Name:prod-my-secure-s3-bucket-20250423" - ], - "name": "prod-my-secure-s3-bucket-20250423", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::prod-my-secure-s3-bucket-20250423" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Ensure that S3 buckets have cross region replication.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/replication-walkthrough1.html" - ] - }, - "risk_details": "Without cross-region replication in S3 buckets, data is at risk of being lost or inaccessible if an entire region goes down, leading to potential service disruptions and data unavailability.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket prod-my-secure-s3-bucket-20250423-logs does not have correct cross region replication configuration.", - "metadata": { - "event_code": "s3_bucket_cross_region_replication", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "S3 Bucket prod-my-secure-s3-bucket-20250423-logs does not have correct cross region replication configuration.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonS3/latest/userguide/replication.html", - "categories": [ - "redundancy" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.2" - ], - "PCI-3.2.1": [ - "2.2", - "3.1", - "3.1.c", - "10.5", - "10.5.3" - ], - "CCC": [ - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN05.AR02", - "CCC.Core.CN08.AR01", - "CCC.Core.CN08.AR02" - ], - "ISO27001-2022": [ - "A.8.14" - ], - "KISA-ISMS-P-2023": [ - "2.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Verifying whether S3 buckets have cross-region replication enabled, ensuring data redundancy and availability across multiple AWS regions", - "title": "Check if S3 buckets use cross region replication.", - "types": [ - "Secure access management" - ], - "uid": "prowler-aws-s3_bucket_cross_region_replication-211203495394-us-east-1-prod-my-secure-s3-bucket-20250423-logs" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::prod-my-secure-s3-bucket-20250423-logs", - "name": "prod-my-secure-s3-bucket-20250423-logs", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": true, - "logging": true, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "aws:kms", - "region": "us-east-1", - "logging_target_bucket": "prod-my-secure-s3-bucket-20250423-logs", - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [ - { - "Key": "Environment", - "Value": "Production" - }, - { - "Key": "Owner", - "Value": "CFI" - }, - { - "Key": "Type", - "Value": "logs" - }, - { - "Key": "managed-by", - "Value": "terraform" - }, - { - "Key": "module", - "Value": "secure-s3" - }, - { - "Key": "Name", - "Value": "prod-my-secure-s3-bucket-20250423-logs" - } - ], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [ - "Environment:Production", - "Owner:CFI", - "Type:logs", - "managed-by:terraform", - "module:secure-s3", - "Name:prod-my-secure-s3-bucket-20250423-logs" - ], - "name": "prod-my-secure-s3-bucket-20250423-logs", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::prod-my-secure-s3-bucket-20250423-logs" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Ensure that S3 buckets have cross region replication.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/replication-walkthrough1.html" - ] - }, - "risk_details": "Without cross-region replication in S3 buckets, data is at risk of being lost or inaccessible if an entire region goes down, leading to potential service disruptions and data unavailability.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket test-bucket-obj-untrusted does not have correct cross region replication configuration.", - "metadata": { - "event_code": "s3_bucket_cross_region_replication", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "S3 Bucket test-bucket-obj-untrusted does not have correct cross region replication configuration.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonS3/latest/userguide/replication.html", - "categories": [ - "redundancy" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.2" - ], - "PCI-3.2.1": [ - "2.2", - "3.1", - "3.1.c", - "10.5", - "10.5.3" - ], - "CCC": [ - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN05.AR02", - "CCC.Core.CN08.AR01", - "CCC.Core.CN08.AR02" - ], - "ISO27001-2022": [ - "A.8.14" - ], - "KISA-ISMS-P-2023": [ - "2.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Verifying whether S3 buckets have cross-region replication enabled, ensuring data redundancy and availability across multiple AWS regions", - "title": "Check if S3 buckets use cross region replication.", - "types": [ - "Secure access management" - ], - "uid": "prowler-aws-s3_bucket_cross_region_replication-211203495394-us-east-1-test-bucket-obj-untrusted" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::test-bucket-obj-untrusted", - "name": "test-bucket-obj-untrusted", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": null, - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "us-east-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "test-bucket-obj-untrusted", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::test-bucket-obj-untrusted" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Ensure that S3 buckets have cross region replication.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/replication-walkthrough1.html" - ] - }, - "risk_details": "Without cross-region replication in S3 buckets, data is at risk of being lost or inaccessible if an entire region goes down, leading to potential service disruptions and data unavailability.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket test-bucket-untrusted-kms does not have correct cross region replication configuration.", - "metadata": { - "event_code": "s3_bucket_cross_region_replication", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "S3 Bucket test-bucket-untrusted-kms does not have correct cross region replication configuration.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonS3/latest/userguide/replication.html", - "categories": [ - "redundancy" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.2" - ], - "PCI-3.2.1": [ - "2.2", - "3.1", - "3.1.c", - "10.5", - "10.5.3" - ], - "CCC": [ - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN05.AR02", - "CCC.Core.CN08.AR01", - "CCC.Core.CN08.AR02" - ], - "ISO27001-2022": [ - "A.8.14" - ], - "KISA-ISMS-P-2023": [ - "2.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Verifying whether S3 buckets have cross-region replication enabled, ensuring data redundancy and availability across multiple AWS regions", - "title": "Check if S3 buckets use cross region replication.", - "types": [ - "Secure access management" - ], - "uid": "prowler-aws-s3_bucket_cross_region_replication-211203495394-us-east-1-test-bucket-untrusted-kms" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::test-bucket-untrusted-kms", - "name": "test-bucket-untrusted-kms", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "us-east-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "test-bucket-untrusted-kms", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::test-bucket-untrusted-kms" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Ensure that S3 buckets have cross region replication.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/replication-walkthrough1.html" - ] - }, - "risk_details": "Without cross-region replication in S3 buckets, data is at risk of being lost or inaccessible if an entire region goes down, leading to potential service disruptions and data unavailability.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket prod-my-secure-s3-bucket-20250423 has Server Side Encryption with aws:kms.", - "metadata": { - "event_code": "s3_bucket_default_encryption", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 Bucket prod-my-secure-s3-bucket-20250423 has Server Side Encryption with aws:kms.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_3_8", - "3_5_10", - "3_13_11", - "3_13_16" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_1_3" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_308_a_4_ii_a", - "164_312_a_2_iv", - "164_312_c_1", - "164_312_c_2", - "164_312_e_2_ii" - ], - "C5-2025": [ - "OPS-31.01B", - "IAM-07.03B", - "CRY-01.02AC", - "CRY-05.01AC", - "PSS-12.02B" - ], - "NIST-CSF-1.1": [ - "ds_1" - ], - "FedRamp-Moderate-Revision-4": [ - "sc-13", - "sc-28" - ], - "NIST-800-53-Revision-5": [ - "au_9_3", - "cm_6_a", - "cm_9_b", - "cp_9_d", - "cp_9_8", - "pm_11_b", - "sc_8_3", - "sc_8_4", - "sc_13_a", - "sc_16_1", - "sc_28_1", - "si_19_4" - ], - "ENS-RD2022": [ - "mp.si.2.aws.s3.1" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.1", - "2.10.2" - ], - "PCI-4.0": [ - "3.5.1.30", - "8.3.2.48" - ], - "FedRAMP-Low-Revision-4": [ - "sc-13" - ], - "FFIEC": [ - "d3-pc-am-b-12" - ], - "GDPR": [ - "article_32" - ], - "PCI-3.2.1": [ - "3.4", - "3.4.1", - "3.4.1.a", - "3.4.1.c", - "3.4.a", - "3.4.b", - "3.4.d", - "8.2", - "8.2.1", - "8.2.1.a" - ], - "CIS-1.4": [ - "2.1.1" - ], - "GxP-EU-Annex-11": [ - "7.1-data-storage-damage-protection" - ], - "CCC": [ - "CCC.Core.CN02.AR01" - ], - "GxP-21-CFR-Part-11": [ - "11.10-c", - "11.30" - ], - "CIS-1.5": [ - "2.1.1" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP03" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "NIST-800-53-Revision-4": [ - "sc_28" - ], - "KISA-ISMS-P-2023": [ - "2.7.1", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1119", - "T1530" - ], - "CISA": [ - "your-systems-3", - "your-data-1", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Check if S3 buckets have default encryption (SSE) enabled or use a bucket policy to enforce it.", - "title": "Check if S3 buckets have default encryption (SSE) enabled or use a bucket policy to enforce it.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_default_encryption-211203495394-us-east-1-prod-my-secure-s3-bucket-20250423" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::prod-my-secure-s3-bucket-20250423", - "name": "prod-my-secure-s3-bucket-20250423", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": true, - "logging": true, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "aws:kms", - "region": "us-east-1", - "logging_target_bucket": "prod-my-secure-s3-bucket-20250423-logs", - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [ - { - "Key": "Environment", - "Value": "Production" - }, - { - "Key": "Owner", - "Value": "CFI" - }, - { - "Key": "managed-by", - "Value": "terraform" - }, - { - "Key": "module", - "Value": "secure-s3" - }, - { - "Key": "Name", - "Value": "prod-my-secure-s3-bucket-20250423" - } - ], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [ - "Environment:Production", - "Owner:CFI", - "managed-by:terraform", - "module:secure-s3", - "Name:prod-my-secure-s3-bucket-20250423" - ], - "name": "prod-my-secure-s3-bucket-20250423", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::prod-my-secure-s3-bucket-20250423" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Ensure that S3 buckets have encryption at rest enabled.", - "references": [ - "https://aws.amazon.com/blogs/security/how-to-prevent-uploads-of-unencrypted-objects-to-amazon-s3/" - ] - }, - "risk_details": "Amazon S3 default encryption provides a way to set the default encryption behavior for an S3 bucket. This will ensure data-at-rest is encrypted.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket prod-my-secure-s3-bucket-20250423-logs has Server Side Encryption with aws:kms.", - "metadata": { - "event_code": "s3_bucket_default_encryption", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 Bucket prod-my-secure-s3-bucket-20250423-logs has Server Side Encryption with aws:kms.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_3_8", - "3_5_10", - "3_13_11", - "3_13_16" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_1_3" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_308_a_4_ii_a", - "164_312_a_2_iv", - "164_312_c_1", - "164_312_c_2", - "164_312_e_2_ii" - ], - "C5-2025": [ - "OPS-31.01B", - "IAM-07.03B", - "CRY-01.02AC", - "CRY-05.01AC", - "PSS-12.02B" - ], - "NIST-CSF-1.1": [ - "ds_1" - ], - "FedRamp-Moderate-Revision-4": [ - "sc-13", - "sc-28" - ], - "NIST-800-53-Revision-5": [ - "au_9_3", - "cm_6_a", - "cm_9_b", - "cp_9_d", - "cp_9_8", - "pm_11_b", - "sc_8_3", - "sc_8_4", - "sc_13_a", - "sc_16_1", - "sc_28_1", - "si_19_4" - ], - "ENS-RD2022": [ - "mp.si.2.aws.s3.1" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.1", - "2.10.2" - ], - "PCI-4.0": [ - "3.5.1.30", - "8.3.2.48" - ], - "FedRAMP-Low-Revision-4": [ - "sc-13" - ], - "FFIEC": [ - "d3-pc-am-b-12" - ], - "GDPR": [ - "article_32" - ], - "PCI-3.2.1": [ - "3.4", - "3.4.1", - "3.4.1.a", - "3.4.1.c", - "3.4.a", - "3.4.b", - "3.4.d", - "8.2", - "8.2.1", - "8.2.1.a" - ], - "CIS-1.4": [ - "2.1.1" - ], - "GxP-EU-Annex-11": [ - "7.1-data-storage-damage-protection" - ], - "CCC": [ - "CCC.Core.CN02.AR01" - ], - "GxP-21-CFR-Part-11": [ - "11.10-c", - "11.30" - ], - "CIS-1.5": [ - "2.1.1" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP03" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "NIST-800-53-Revision-4": [ - "sc_28" - ], - "KISA-ISMS-P-2023": [ - "2.7.1", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1119", - "T1530" - ], - "CISA": [ - "your-systems-3", - "your-data-1", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Check if S3 buckets have default encryption (SSE) enabled or use a bucket policy to enforce it.", - "title": "Check if S3 buckets have default encryption (SSE) enabled or use a bucket policy to enforce it.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_default_encryption-211203495394-us-east-1-prod-my-secure-s3-bucket-20250423-logs" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::prod-my-secure-s3-bucket-20250423-logs", - "name": "prod-my-secure-s3-bucket-20250423-logs", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": true, - "logging": true, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "aws:kms", - "region": "us-east-1", - "logging_target_bucket": "prod-my-secure-s3-bucket-20250423-logs", - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [ - { - "Key": "Environment", - "Value": "Production" - }, - { - "Key": "Owner", - "Value": "CFI" - }, - { - "Key": "Type", - "Value": "logs" - }, - { - "Key": "managed-by", - "Value": "terraform" - }, - { - "Key": "module", - "Value": "secure-s3" - }, - { - "Key": "Name", - "Value": "prod-my-secure-s3-bucket-20250423-logs" - } - ], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [ - "Environment:Production", - "Owner:CFI", - "Type:logs", - "managed-by:terraform", - "module:secure-s3", - "Name:prod-my-secure-s3-bucket-20250423-logs" - ], - "name": "prod-my-secure-s3-bucket-20250423-logs", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::prod-my-secure-s3-bucket-20250423-logs" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Ensure that S3 buckets have encryption at rest enabled.", - "references": [ - "https://aws.amazon.com/blogs/security/how-to-prevent-uploads-of-unencrypted-objects-to-amazon-s3/" - ] - }, - "risk_details": "Amazon S3 default encryption provides a way to set the default encryption behavior for an S3 bucket. This will ensure data-at-rest is encrypted.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket test-bucket-obj-untrusted has Server Side Encryption with AES256.", - "metadata": { - "event_code": "s3_bucket_default_encryption", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 Bucket test-bucket-obj-untrusted has Server Side Encryption with AES256.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_3_8", - "3_5_10", - "3_13_11", - "3_13_16" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_1_3" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_308_a_4_ii_a", - "164_312_a_2_iv", - "164_312_c_1", - "164_312_c_2", - "164_312_e_2_ii" - ], - "C5-2025": [ - "OPS-31.01B", - "IAM-07.03B", - "CRY-01.02AC", - "CRY-05.01AC", - "PSS-12.02B" - ], - "NIST-CSF-1.1": [ - "ds_1" - ], - "FedRamp-Moderate-Revision-4": [ - "sc-13", - "sc-28" - ], - "NIST-800-53-Revision-5": [ - "au_9_3", - "cm_6_a", - "cm_9_b", - "cp_9_d", - "cp_9_8", - "pm_11_b", - "sc_8_3", - "sc_8_4", - "sc_13_a", - "sc_16_1", - "sc_28_1", - "si_19_4" - ], - "ENS-RD2022": [ - "mp.si.2.aws.s3.1" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.1", - "2.10.2" - ], - "PCI-4.0": [ - "3.5.1.30", - "8.3.2.48" - ], - "FedRAMP-Low-Revision-4": [ - "sc-13" - ], - "FFIEC": [ - "d3-pc-am-b-12" - ], - "GDPR": [ - "article_32" - ], - "PCI-3.2.1": [ - "3.4", - "3.4.1", - "3.4.1.a", - "3.4.1.c", - "3.4.a", - "3.4.b", - "3.4.d", - "8.2", - "8.2.1", - "8.2.1.a" - ], - "CIS-1.4": [ - "2.1.1" - ], - "GxP-EU-Annex-11": [ - "7.1-data-storage-damage-protection" - ], - "CCC": [ - "CCC.Core.CN02.AR01" - ], - "GxP-21-CFR-Part-11": [ - "11.10-c", - "11.30" - ], - "CIS-1.5": [ - "2.1.1" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP03" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "NIST-800-53-Revision-4": [ - "sc_28" - ], - "KISA-ISMS-P-2023": [ - "2.7.1", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1119", - "T1530" - ], - "CISA": [ - "your-systems-3", - "your-data-1", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Check if S3 buckets have default encryption (SSE) enabled or use a bucket policy to enforce it.", - "title": "Check if S3 buckets have default encryption (SSE) enabled or use a bucket policy to enforce it.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_default_encryption-211203495394-us-east-1-test-bucket-obj-untrusted" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::test-bucket-obj-untrusted", - "name": "test-bucket-obj-untrusted", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": null, - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "us-east-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "test-bucket-obj-untrusted", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::test-bucket-obj-untrusted" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Ensure that S3 buckets have encryption at rest enabled.", - "references": [ - "https://aws.amazon.com/blogs/security/how-to-prevent-uploads-of-unencrypted-objects-to-amazon-s3/" - ] - }, - "risk_details": "Amazon S3 default encryption provides a way to set the default encryption behavior for an S3 bucket. This will ensure data-at-rest is encrypted.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket test-bucket-untrusted-kms has Server Side Encryption with AES256.", - "metadata": { - "event_code": "s3_bucket_default_encryption", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 Bucket test-bucket-untrusted-kms has Server Side Encryption with AES256.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_3_8", - "3_5_10", - "3_13_11", - "3_13_16" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_1_3" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_308_a_4_ii_a", - "164_312_a_2_iv", - "164_312_c_1", - "164_312_c_2", - "164_312_e_2_ii" - ], - "C5-2025": [ - "OPS-31.01B", - "IAM-07.03B", - "CRY-01.02AC", - "CRY-05.01AC", - "PSS-12.02B" - ], - "NIST-CSF-1.1": [ - "ds_1" - ], - "FedRamp-Moderate-Revision-4": [ - "sc-13", - "sc-28" - ], - "NIST-800-53-Revision-5": [ - "au_9_3", - "cm_6_a", - "cm_9_b", - "cp_9_d", - "cp_9_8", - "pm_11_b", - "sc_8_3", - "sc_8_4", - "sc_13_a", - "sc_16_1", - "sc_28_1", - "si_19_4" - ], - "ENS-RD2022": [ - "mp.si.2.aws.s3.1" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.1", - "2.10.2" - ], - "PCI-4.0": [ - "3.5.1.30", - "8.3.2.48" - ], - "FedRAMP-Low-Revision-4": [ - "sc-13" - ], - "FFIEC": [ - "d3-pc-am-b-12" - ], - "GDPR": [ - "article_32" - ], - "PCI-3.2.1": [ - "3.4", - "3.4.1", - "3.4.1.a", - "3.4.1.c", - "3.4.a", - "3.4.b", - "3.4.d", - "8.2", - "8.2.1", - "8.2.1.a" - ], - "CIS-1.4": [ - "2.1.1" - ], - "GxP-EU-Annex-11": [ - "7.1-data-storage-damage-protection" - ], - "CCC": [ - "CCC.Core.CN02.AR01" - ], - "GxP-21-CFR-Part-11": [ - "11.10-c", - "11.30" - ], - "CIS-1.5": [ - "2.1.1" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP03" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "NIST-800-53-Revision-4": [ - "sc_28" - ], - "KISA-ISMS-P-2023": [ - "2.7.1", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1119", - "T1530" - ], - "CISA": [ - "your-systems-3", - "your-data-1", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Check if S3 buckets have default encryption (SSE) enabled or use a bucket policy to enforce it.", - "title": "Check if S3 buckets have default encryption (SSE) enabled or use a bucket policy to enforce it.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_default_encryption-211203495394-us-east-1-test-bucket-untrusted-kms" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::test-bucket-untrusted-kms", - "name": "test-bucket-untrusted-kms", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "us-east-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "test-bucket-untrusted-kms", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::test-bucket-untrusted-kms" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Ensure that S3 buckets have encryption at rest enabled.", - "references": [ - "https://aws.amazon.com/blogs/security/how-to-prevent-uploads-of-unencrypted-objects-to-amazon-s3/" - ] - }, - "risk_details": "Amazon S3 default encryption provides a way to set the default encryption behavior for an S3 bucket. This will ensure data-at-rest is encrypted.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket prod-my-secure-s3-bucket-20250423 does not have event notifications enabled.", - "metadata": { - "event_code": "s3_bucket_event_notifications_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "S3 Bucket prod-my-secure-s3-bucket-20250423 does not have event notifications enabled.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonS3/latest/userguide/notification-how-to-event-types-and-destinations.html#supported-notification-event-types", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OPS-13.01AC", - "OPS-13.03AC" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2", - "2.11.3" - ], - "PCI-4.0": [ - "11.5.2.5", - "11.6.1.5", - "12.10.5.5", - "A3.3.1.8", - "A3.5.1.8" - ], - "KISA-ISMS-P-2023": [ - "2.10.2", - "2.11.3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure whether S3 buckets have event notifications enabled.", - "title": "Check if S3 buckets have event notifications enabled.", - "types": [ - "Software and Configuration Checks/Industry and Regulatory Standards/NIST 800-53 Controls" - ], - "uid": "prowler-aws-s3_bucket_event_notifications_enabled-211203495394-us-east-1-prod-my-secure-s3-bucket-20250423" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::prod-my-secure-s3-bucket-20250423", - "name": "prod-my-secure-s3-bucket-20250423", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": true, - "logging": true, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "aws:kms", - "region": "us-east-1", - "logging_target_bucket": "prod-my-secure-s3-bucket-20250423-logs", - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [ - { - "Key": "Environment", - "Value": "Production" - }, - { - "Key": "Owner", - "Value": "CFI" - }, - { - "Key": "managed-by", - "Value": "terraform" - }, - { - "Key": "module", - "Value": "secure-s3" - }, - { - "Key": "Name", - "Value": "prod-my-secure-s3-bucket-20250423" - } - ], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [ - "Environment:Production", - "Owner:CFI", - "managed-by:terraform", - "module:secure-s3", - "Name:prod-my-secure-s3-bucket-20250423" - ], - "name": "prod-my-secure-s3-bucket-20250423", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::prod-my-secure-s3-bucket-20250423" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Enable event notifications for all S3 general-purpose buckets to monitor important events such as object creation, deletion, tagging, and lifecycle events, ensuring visibility and quick action on relevant changes.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/EventNotifications.html" - ] - }, - "risk_details": "Without event notifications, important actions on S3 buckets may go unnoticed, leading to missed opportunities for timely response to critical changes, such as object creation, deletion, or updates that could impact data security and availability.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket prod-my-secure-s3-bucket-20250423-logs does not have event notifications enabled.", - "metadata": { - "event_code": "s3_bucket_event_notifications_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "S3 Bucket prod-my-secure-s3-bucket-20250423-logs does not have event notifications enabled.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonS3/latest/userguide/notification-how-to-event-types-and-destinations.html#supported-notification-event-types", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OPS-13.01AC", - "OPS-13.03AC" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2", - "2.11.3" - ], - "PCI-4.0": [ - "11.5.2.5", - "11.6.1.5", - "12.10.5.5", - "A3.3.1.8", - "A3.5.1.8" - ], - "KISA-ISMS-P-2023": [ - "2.10.2", - "2.11.3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure whether S3 buckets have event notifications enabled.", - "title": "Check if S3 buckets have event notifications enabled.", - "types": [ - "Software and Configuration Checks/Industry and Regulatory Standards/NIST 800-53 Controls" - ], - "uid": "prowler-aws-s3_bucket_event_notifications_enabled-211203495394-us-east-1-prod-my-secure-s3-bucket-20250423-logs" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::prod-my-secure-s3-bucket-20250423-logs", - "name": "prod-my-secure-s3-bucket-20250423-logs", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": true, - "logging": true, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "aws:kms", - "region": "us-east-1", - "logging_target_bucket": "prod-my-secure-s3-bucket-20250423-logs", - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [ - { - "Key": "Environment", - "Value": "Production" - }, - { - "Key": "Owner", - "Value": "CFI" - }, - { - "Key": "Type", - "Value": "logs" - }, - { - "Key": "managed-by", - "Value": "terraform" - }, - { - "Key": "module", - "Value": "secure-s3" - }, - { - "Key": "Name", - "Value": "prod-my-secure-s3-bucket-20250423-logs" - } - ], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [ - "Environment:Production", - "Owner:CFI", - "Type:logs", - "managed-by:terraform", - "module:secure-s3", - "Name:prod-my-secure-s3-bucket-20250423-logs" - ], - "name": "prod-my-secure-s3-bucket-20250423-logs", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::prod-my-secure-s3-bucket-20250423-logs" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Enable event notifications for all S3 general-purpose buckets to monitor important events such as object creation, deletion, tagging, and lifecycle events, ensuring visibility and quick action on relevant changes.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/EventNotifications.html" - ] - }, - "risk_details": "Without event notifications, important actions on S3 buckets may go unnoticed, leading to missed opportunities for timely response to critical changes, such as object creation, deletion, or updates that could impact data security and availability.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket test-bucket-obj-untrusted does not have event notifications enabled.", - "metadata": { - "event_code": "s3_bucket_event_notifications_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "S3 Bucket test-bucket-obj-untrusted does not have event notifications enabled.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonS3/latest/userguide/notification-how-to-event-types-and-destinations.html#supported-notification-event-types", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OPS-13.01AC", - "OPS-13.03AC" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2", - "2.11.3" - ], - "PCI-4.0": [ - "11.5.2.5", - "11.6.1.5", - "12.10.5.5", - "A3.3.1.8", - "A3.5.1.8" - ], - "KISA-ISMS-P-2023": [ - "2.10.2", - "2.11.3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure whether S3 buckets have event notifications enabled.", - "title": "Check if S3 buckets have event notifications enabled.", - "types": [ - "Software and Configuration Checks/Industry and Regulatory Standards/NIST 800-53 Controls" - ], - "uid": "prowler-aws-s3_bucket_event_notifications_enabled-211203495394-us-east-1-test-bucket-obj-untrusted" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::test-bucket-obj-untrusted", - "name": "test-bucket-obj-untrusted", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": null, - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "us-east-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "test-bucket-obj-untrusted", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::test-bucket-obj-untrusted" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Enable event notifications for all S3 general-purpose buckets to monitor important events such as object creation, deletion, tagging, and lifecycle events, ensuring visibility and quick action on relevant changes.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/EventNotifications.html" - ] - }, - "risk_details": "Without event notifications, important actions on S3 buckets may go unnoticed, leading to missed opportunities for timely response to critical changes, such as object creation, deletion, or updates that could impact data security and availability.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket test-bucket-untrusted-kms does not have event notifications enabled.", - "metadata": { - "event_code": "s3_bucket_event_notifications_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "S3 Bucket test-bucket-untrusted-kms does not have event notifications enabled.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonS3/latest/userguide/notification-how-to-event-types-and-destinations.html#supported-notification-event-types", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OPS-13.01AC", - "OPS-13.03AC" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2", - "2.11.3" - ], - "PCI-4.0": [ - "11.5.2.5", - "11.6.1.5", - "12.10.5.5", - "A3.3.1.8", - "A3.5.1.8" - ], - "KISA-ISMS-P-2023": [ - "2.10.2", - "2.11.3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure whether S3 buckets have event notifications enabled.", - "title": "Check if S3 buckets have event notifications enabled.", - "types": [ - "Software and Configuration Checks/Industry and Regulatory Standards/NIST 800-53 Controls" - ], - "uid": "prowler-aws-s3_bucket_event_notifications_enabled-211203495394-us-east-1-test-bucket-untrusted-kms" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::test-bucket-untrusted-kms", - "name": "test-bucket-untrusted-kms", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "us-east-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "test-bucket-untrusted-kms", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::test-bucket-untrusted-kms" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Enable event notifications for all S3 general-purpose buckets to monitor important events such as object creation, deletion, tagging, and lifecycle events, ensuring visibility and quick action on relevant changes.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/EventNotifications.html" - ] - }, - "risk_details": "Without event notifications, important actions on S3 buckets may go unnoticed, leading to missed opportunities for timely response to critical changes, such as object creation, deletion, or updates that could impact data security and availability.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket prod-my-secure-s3-bucket-20250423 has Server Side Encryption with aws:kms.", - "metadata": { - "event_code": "s3_bucket_kms_encryption", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 Bucket prod-my-secure-s3-bucket-20250423 has Server Side Encryption with aws:kms.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingKMSEncryption.html", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "OPS-31.01B", - "IAM-07.03B", - "CRY-01.02AC", - "CRY-05.02B", - "CRY-05.01AC", - "PSS-12.02B" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.2" - ], - "PCI-4.0": [ - "3.5.1.31", - "8.3.2.50" - ], - "PCI-3.2.1": [ - "3.4", - "3.4.1", - "3.4.1.a", - "3.4.1.c", - "3.4.a", - "3.4.b", - "3.4.d", - "8.2", - "8.2.1", - "8.2.1.a" - ], - "CCC": [ - "CCC.ObjStor.CN01.AR01", - "CCC.ObjStor.CN01.AR03", - "CCC.Core.CN02.AR01" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.17" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Check if S3 buckets have KMS encryption enabled.", - "title": "Check if S3 buckets have KMS encryption enabled.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_kms_encryption-211203495394-us-east-1-prod-my-secure-s3-bucket-20250423" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::prod-my-secure-s3-bucket-20250423", - "name": "prod-my-secure-s3-bucket-20250423", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": true, - "logging": true, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "aws:kms", - "region": "us-east-1", - "logging_target_bucket": "prod-my-secure-s3-bucket-20250423-logs", - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [ - { - "Key": "Environment", - "Value": "Production" - }, - { - "Key": "Owner", - "Value": "CFI" - }, - { - "Key": "managed-by", - "Value": "terraform" - }, - { - "Key": "module", - "Value": "secure-s3" - }, - { - "Key": "Name", - "Value": "prod-my-secure-s3-bucket-20250423" - } - ], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [ - "Environment:Production", - "Owner:CFI", - "managed-by:terraform", - "module:secure-s3", - "Name:prod-my-secure-s3-bucket-20250423" - ], - "name": "prod-my-secure-s3-bucket-20250423", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::prod-my-secure-s3-bucket-20250423" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Ensure that S3 buckets have encryption at rest enabled using KMS.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingKMSEncryption.html" - ] - }, - "risk_details": "Amazon S3 KMS encryption provides a way to set the encryption behavior for an S3 bucket using a managed key. This will ensure data-at-rest is encrypted.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket prod-my-secure-s3-bucket-20250423-logs has Server Side Encryption with aws:kms.", - "metadata": { - "event_code": "s3_bucket_kms_encryption", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 Bucket prod-my-secure-s3-bucket-20250423-logs has Server Side Encryption with aws:kms.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingKMSEncryption.html", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "OPS-31.01B", - "IAM-07.03B", - "CRY-01.02AC", - "CRY-05.02B", - "CRY-05.01AC", - "PSS-12.02B" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.2" - ], - "PCI-4.0": [ - "3.5.1.31", - "8.3.2.50" - ], - "PCI-3.2.1": [ - "3.4", - "3.4.1", - "3.4.1.a", - "3.4.1.c", - "3.4.a", - "3.4.b", - "3.4.d", - "8.2", - "8.2.1", - "8.2.1.a" - ], - "CCC": [ - "CCC.ObjStor.CN01.AR01", - "CCC.ObjStor.CN01.AR03", - "CCC.Core.CN02.AR01" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.17" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Check if S3 buckets have KMS encryption enabled.", - "title": "Check if S3 buckets have KMS encryption enabled.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_kms_encryption-211203495394-us-east-1-prod-my-secure-s3-bucket-20250423-logs" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::prod-my-secure-s3-bucket-20250423-logs", - "name": "prod-my-secure-s3-bucket-20250423-logs", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": true, - "logging": true, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "aws:kms", - "region": "us-east-1", - "logging_target_bucket": "prod-my-secure-s3-bucket-20250423-logs", - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [ - { - "Key": "Environment", - "Value": "Production" - }, - { - "Key": "Owner", - "Value": "CFI" - }, - { - "Key": "Type", - "Value": "logs" - }, - { - "Key": "managed-by", - "Value": "terraform" - }, - { - "Key": "module", - "Value": "secure-s3" - }, - { - "Key": "Name", - "Value": "prod-my-secure-s3-bucket-20250423-logs" - } - ], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [ - "Environment:Production", - "Owner:CFI", - "Type:logs", - "managed-by:terraform", - "module:secure-s3", - "Name:prod-my-secure-s3-bucket-20250423-logs" - ], - "name": "prod-my-secure-s3-bucket-20250423-logs", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::prod-my-secure-s3-bucket-20250423-logs" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Ensure that S3 buckets have encryption at rest enabled using KMS.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingKMSEncryption.html" - ] - }, - "risk_details": "Amazon S3 KMS encryption provides a way to set the encryption behavior for an S3 bucket using a managed key. This will ensure data-at-rest is encrypted.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Server Side Encryption is not configured with kms for S3 Bucket test-bucket-obj-untrusted.", - "metadata": { - "event_code": "s3_bucket_kms_encryption", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Server Side Encryption is not configured with kms for S3 Bucket test-bucket-obj-untrusted.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingKMSEncryption.html", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "OPS-31.01B", - "IAM-07.03B", - "CRY-01.02AC", - "CRY-05.02B", - "CRY-05.01AC", - "PSS-12.02B" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.2" - ], - "PCI-4.0": [ - "3.5.1.31", - "8.3.2.50" - ], - "PCI-3.2.1": [ - "3.4", - "3.4.1", - "3.4.1.a", - "3.4.1.c", - "3.4.a", - "3.4.b", - "3.4.d", - "8.2", - "8.2.1", - "8.2.1.a" - ], - "CCC": [ - "CCC.ObjStor.CN01.AR01", - "CCC.ObjStor.CN01.AR03", - "CCC.Core.CN02.AR01" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.17" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Check if S3 buckets have KMS encryption enabled.", - "title": "Check if S3 buckets have KMS encryption enabled.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_kms_encryption-211203495394-us-east-1-test-bucket-obj-untrusted" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::test-bucket-obj-untrusted", - "name": "test-bucket-obj-untrusted", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": null, - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "us-east-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "test-bucket-obj-untrusted", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::test-bucket-obj-untrusted" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Ensure that S3 buckets have encryption at rest enabled using KMS.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingKMSEncryption.html" - ] - }, - "risk_details": "Amazon S3 KMS encryption provides a way to set the encryption behavior for an S3 bucket using a managed key. This will ensure data-at-rest is encrypted.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Server Side Encryption is not configured with kms for S3 Bucket test-bucket-untrusted-kms.", - "metadata": { - "event_code": "s3_bucket_kms_encryption", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Server Side Encryption is not configured with kms for S3 Bucket test-bucket-untrusted-kms.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingKMSEncryption.html", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "OPS-31.01B", - "IAM-07.03B", - "CRY-01.02AC", - "CRY-05.02B", - "CRY-05.01AC", - "PSS-12.02B" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.2" - ], - "PCI-4.0": [ - "3.5.1.31", - "8.3.2.50" - ], - "PCI-3.2.1": [ - "3.4", - "3.4.1", - "3.4.1.a", - "3.4.1.c", - "3.4.a", - "3.4.b", - "3.4.d", - "8.2", - "8.2.1", - "8.2.1.a" - ], - "CCC": [ - "CCC.ObjStor.CN01.AR01", - "CCC.ObjStor.CN01.AR03", - "CCC.Core.CN02.AR01" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.17" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Check if S3 buckets have KMS encryption enabled.", - "title": "Check if S3 buckets have KMS encryption enabled.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_kms_encryption-211203495394-us-east-1-test-bucket-untrusted-kms" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::test-bucket-untrusted-kms", - "name": "test-bucket-untrusted-kms", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "us-east-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "test-bucket-untrusted-kms", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::test-bucket-untrusted-kms" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Ensure that S3 buckets have encryption at rest enabled using KMS.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingKMSEncryption.html" - ] - }, - "risk_details": "Amazon S3 KMS encryption provides a way to set the encryption behavior for an S3 bucket using a managed key. This will ensure data-at-rest is encrypted.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Block Public Access is configured for the S3 Bucket prod-my-secure-s3-bucket-20250423.", - "metadata": { - "event_code": "s3_bucket_level_public_access_block", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Block Public Access is configured for the S3 Bucket prod-my-secure-s3-bucket-20250423.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "PS-03.02B", - "IAM-10.01B", - "COS-02.01B" - ], - "CIS-3.0": [ - "2.1.4" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.1", - "2.6.2", - "2.10.2" - ], - "CIS-4.0.1": [ - "2.1.4" - ], - "CIS-5.0": [ - "2.1.4" - ], - "CIS-1.4": [ - "2.1.5" - ], - "CCC": [ - "CCC.Logging.CN05.AR01" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.8" - ], - "CIS-1.5": [ - "2.1.5" - ], - "AWS-Account-Security-Onboarding": [ - "S3 Block Public Access" - ], - "KISA-ISMS-P-2023": [ - "2.6.1", - "2.6.2", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1530" - ], - "CIS-2.0": [ - "2.1.4" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Check S3 Bucket Level Public Access Block.", - "title": "Check S3 Bucket Level Public Access Block.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_level_public_access_block-211203495394-us-east-1-prod-my-secure-s3-bucket-20250423" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::prod-my-secure-s3-bucket-20250423", - "name": "prod-my-secure-s3-bucket-20250423", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": true, - "logging": true, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "aws:kms", - "region": "us-east-1", - "logging_target_bucket": "prod-my-secure-s3-bucket-20250423-logs", - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [ - { - "Key": "Environment", - "Value": "Production" - }, - { - "Key": "Owner", - "Value": "CFI" - }, - { - "Key": "managed-by", - "Value": "terraform" - }, - { - "Key": "module", - "Value": "secure-s3" - }, - { - "Key": "Name", - "Value": "prod-my-secure-s3-bucket-20250423" - } - ], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [ - "Environment:Production", - "Owner:CFI", - "managed-by:terraform", - "module:secure-s3", - "Name:prod-my-secure-s3-bucket-20250423" - ], - "name": "prod-my-secure-s3-bucket-20250423", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::prod-my-secure-s3-bucket-20250423" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "You can enable Public Access Block at the bucket level to prevent the exposure of your data stored in S3.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html" - ] - }, - "risk_details": "Public access policies may be applied to sensitive data buckets.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Block Public Access is configured for the S3 Bucket prod-my-secure-s3-bucket-20250423-logs.", - "metadata": { - "event_code": "s3_bucket_level_public_access_block", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Block Public Access is configured for the S3 Bucket prod-my-secure-s3-bucket-20250423-logs.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "PS-03.02B", - "IAM-10.01B", - "COS-02.01B" - ], - "CIS-3.0": [ - "2.1.4" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.1", - "2.6.2", - "2.10.2" - ], - "CIS-4.0.1": [ - "2.1.4" - ], - "CIS-5.0": [ - "2.1.4" - ], - "CIS-1.4": [ - "2.1.5" - ], - "CCC": [ - "CCC.Logging.CN05.AR01" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.8" - ], - "CIS-1.5": [ - "2.1.5" - ], - "AWS-Account-Security-Onboarding": [ - "S3 Block Public Access" - ], - "KISA-ISMS-P-2023": [ - "2.6.1", - "2.6.2", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1530" - ], - "CIS-2.0": [ - "2.1.4" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Check S3 Bucket Level Public Access Block.", - "title": "Check S3 Bucket Level Public Access Block.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_level_public_access_block-211203495394-us-east-1-prod-my-secure-s3-bucket-20250423-logs" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::prod-my-secure-s3-bucket-20250423-logs", - "name": "prod-my-secure-s3-bucket-20250423-logs", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": true, - "logging": true, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "aws:kms", - "region": "us-east-1", - "logging_target_bucket": "prod-my-secure-s3-bucket-20250423-logs", - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [ - { - "Key": "Environment", - "Value": "Production" - }, - { - "Key": "Owner", - "Value": "CFI" - }, - { - "Key": "Type", - "Value": "logs" - }, - { - "Key": "managed-by", - "Value": "terraform" - }, - { - "Key": "module", - "Value": "secure-s3" - }, - { - "Key": "Name", - "Value": "prod-my-secure-s3-bucket-20250423-logs" - } - ], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [ - "Environment:Production", - "Owner:CFI", - "Type:logs", - "managed-by:terraform", - "module:secure-s3", - "Name:prod-my-secure-s3-bucket-20250423-logs" - ], - "name": "prod-my-secure-s3-bucket-20250423-logs", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::prod-my-secure-s3-bucket-20250423-logs" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "You can enable Public Access Block at the bucket level to prevent the exposure of your data stored in S3.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html" - ] - }, - "risk_details": "Public access policies may be applied to sensitive data buckets.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Block Public Access is configured for the S3 Bucket test-bucket-obj-untrusted.", - "metadata": { - "event_code": "s3_bucket_level_public_access_block", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Block Public Access is configured for the S3 Bucket test-bucket-obj-untrusted.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "PS-03.02B", - "IAM-10.01B", - "COS-02.01B" - ], - "CIS-3.0": [ - "2.1.4" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.1", - "2.6.2", - "2.10.2" - ], - "CIS-4.0.1": [ - "2.1.4" - ], - "CIS-5.0": [ - "2.1.4" - ], - "CIS-1.4": [ - "2.1.5" - ], - "CCC": [ - "CCC.Logging.CN05.AR01" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.8" - ], - "CIS-1.5": [ - "2.1.5" - ], - "AWS-Account-Security-Onboarding": [ - "S3 Block Public Access" - ], - "KISA-ISMS-P-2023": [ - "2.6.1", - "2.6.2", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1530" - ], - "CIS-2.0": [ - "2.1.4" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Check S3 Bucket Level Public Access Block.", - "title": "Check S3 Bucket Level Public Access Block.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_level_public_access_block-211203495394-us-east-1-test-bucket-obj-untrusted" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::test-bucket-obj-untrusted", - "name": "test-bucket-obj-untrusted", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": null, - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "us-east-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "test-bucket-obj-untrusted", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::test-bucket-obj-untrusted" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "You can enable Public Access Block at the bucket level to prevent the exposure of your data stored in S3.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html" - ] - }, - "risk_details": "Public access policies may be applied to sensitive data buckets.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Block Public Access is configured for the S3 Bucket test-bucket-untrusted-kms.", - "metadata": { - "event_code": "s3_bucket_level_public_access_block", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Block Public Access is configured for the S3 Bucket test-bucket-untrusted-kms.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "PS-03.02B", - "IAM-10.01B", - "COS-02.01B" - ], - "CIS-3.0": [ - "2.1.4" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.1", - "2.6.2", - "2.10.2" - ], - "CIS-4.0.1": [ - "2.1.4" - ], - "CIS-5.0": [ - "2.1.4" - ], - "CIS-1.4": [ - "2.1.5" - ], - "CCC": [ - "CCC.Logging.CN05.AR01" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.8" - ], - "CIS-1.5": [ - "2.1.5" - ], - "AWS-Account-Security-Onboarding": [ - "S3 Block Public Access" - ], - "KISA-ISMS-P-2023": [ - "2.6.1", - "2.6.2", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1530" - ], - "CIS-2.0": [ - "2.1.4" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Check S3 Bucket Level Public Access Block.", - "title": "Check S3 Bucket Level Public Access Block.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_level_public_access_block-211203495394-us-east-1-test-bucket-untrusted-kms" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::test-bucket-untrusted-kms", - "name": "test-bucket-untrusted-kms", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "us-east-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "test-bucket-untrusted-kms", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::test-bucket-untrusted-kms" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "You can enable Public Access Block at the bucket level to prevent the exposure of your data stored in S3.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html" - ] - }, - "risk_details": "Public access policies may be applied to sensitive data buckets.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket prod-my-secure-s3-bucket-20250423 does not have a lifecycle configuration enabled.", - "metadata": { - "event_code": "s3_bucket_lifecycle_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "S3 Bucket prod-my-secure-s3-bucket-20250423 does not have a lifecycle configuration enabled.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lifecycle-mgmt.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OPS-32.02B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.3", - "2.12.1" - ], - "PCI-4.0": [ - "10.5.1.12", - "10.5.1.13", - "3.2.1.8", - "3.2.1.9", - "3.3.1.1.8", - "3.3.1.1.9", - "3.3.1.3.8", - "3.3.1.3.9", - "3.3.2.8", - "3.3.2.9", - "3.3.3.8", - "3.3.3.9" - ], - "PCI-3.2.1": [ - "3.1", - "3.1.a", - "3.2", - "3.2.c", - "10.7", - "10.7.a" - ], - "CCC": [ - "CCC.AuditLog.CN06.AR01", - "CCC.CntrReg.CN02.AR01", - "CCC.ObjStor.CN03.AR01", - "CCC.ObjStor.CN03.AR02" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.13" - ], - "ISO27001-2022": [ - "A.8.10" - ], - "KISA-ISMS-P-2023": [ - "2.9.3", - "2.12.1" - ], - "NIS2": [ - "12.2.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Check if S3 buckets have Lifecycle configuration enabled.", - "title": "Check if S3 buckets have a Lifecycle configuration enabled", - "types": [ - "AWS Foundational Security Best Practices" - ], - "uid": "prowler-aws-s3_bucket_lifecycle_enabled-211203495394-us-east-1-prod-my-secure-s3-bucket-20250423" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::prod-my-secure-s3-bucket-20250423", - "name": "prod-my-secure-s3-bucket-20250423", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": true, - "logging": true, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "aws:kms", - "region": "us-east-1", - "logging_target_bucket": "prod-my-secure-s3-bucket-20250423-logs", - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [ - { - "Key": "Environment", - "Value": "Production" - }, - { - "Key": "Owner", - "Value": "CFI" - }, - { - "Key": "managed-by", - "Value": "terraform" - }, - { - "Key": "module", - "Value": "secure-s3" - }, - { - "Key": "Name", - "Value": "prod-my-secure-s3-bucket-20250423" - } - ], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [ - "Environment:Production", - "Owner:CFI", - "managed-by:terraform", - "module:secure-s3", - "Name:prod-my-secure-s3-bucket-20250423" - ], - "name": "prod-my-secure-s3-bucket-20250423", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::prod-my-secure-s3-bucket-20250423" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Enable lifecycle policies on your S3 buckets to automatically manage the transition and expiration of data.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/how-to-set-lifecycle-configuration-intro.html" - ] - }, - "risk_details": "The risks of not having lifecycle management enabled for S3 buckets include higher storage costs, unmanaged data retention, and potential non-compliance with data policies.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket prod-my-secure-s3-bucket-20250423-logs does not have a lifecycle configuration enabled.", - "metadata": { - "event_code": "s3_bucket_lifecycle_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "S3 Bucket prod-my-secure-s3-bucket-20250423-logs does not have a lifecycle configuration enabled.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lifecycle-mgmt.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OPS-32.02B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.3", - "2.12.1" - ], - "PCI-4.0": [ - "10.5.1.12", - "10.5.1.13", - "3.2.1.8", - "3.2.1.9", - "3.3.1.1.8", - "3.3.1.1.9", - "3.3.1.3.8", - "3.3.1.3.9", - "3.3.2.8", - "3.3.2.9", - "3.3.3.8", - "3.3.3.9" - ], - "PCI-3.2.1": [ - "3.1", - "3.1.a", - "3.2", - "3.2.c", - "10.7", - "10.7.a" - ], - "CCC": [ - "CCC.AuditLog.CN06.AR01", - "CCC.CntrReg.CN02.AR01", - "CCC.ObjStor.CN03.AR01", - "CCC.ObjStor.CN03.AR02" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.13" - ], - "ISO27001-2022": [ - "A.8.10" - ], - "KISA-ISMS-P-2023": [ - "2.9.3", - "2.12.1" - ], - "NIS2": [ - "12.2.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Check if S3 buckets have Lifecycle configuration enabled.", - "title": "Check if S3 buckets have a Lifecycle configuration enabled", - "types": [ - "AWS Foundational Security Best Practices" - ], - "uid": "prowler-aws-s3_bucket_lifecycle_enabled-211203495394-us-east-1-prod-my-secure-s3-bucket-20250423-logs" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::prod-my-secure-s3-bucket-20250423-logs", - "name": "prod-my-secure-s3-bucket-20250423-logs", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": true, - "logging": true, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "aws:kms", - "region": "us-east-1", - "logging_target_bucket": "prod-my-secure-s3-bucket-20250423-logs", - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [ - { - "Key": "Environment", - "Value": "Production" - }, - { - "Key": "Owner", - "Value": "CFI" - }, - { - "Key": "Type", - "Value": "logs" - }, - { - "Key": "managed-by", - "Value": "terraform" - }, - { - "Key": "module", - "Value": "secure-s3" - }, - { - "Key": "Name", - "Value": "prod-my-secure-s3-bucket-20250423-logs" - } - ], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [ - "Environment:Production", - "Owner:CFI", - "Type:logs", - "managed-by:terraform", - "module:secure-s3", - "Name:prod-my-secure-s3-bucket-20250423-logs" - ], - "name": "prod-my-secure-s3-bucket-20250423-logs", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::prod-my-secure-s3-bucket-20250423-logs" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Enable lifecycle policies on your S3 buckets to automatically manage the transition and expiration of data.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/how-to-set-lifecycle-configuration-intro.html" - ] - }, - "risk_details": "The risks of not having lifecycle management enabled for S3 buckets include higher storage costs, unmanaged data retention, and potential non-compliance with data policies.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket test-bucket-obj-untrusted does not have a lifecycle configuration enabled.", - "metadata": { - "event_code": "s3_bucket_lifecycle_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "S3 Bucket test-bucket-obj-untrusted does not have a lifecycle configuration enabled.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lifecycle-mgmt.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OPS-32.02B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.3", - "2.12.1" - ], - "PCI-4.0": [ - "10.5.1.12", - "10.5.1.13", - "3.2.1.8", - "3.2.1.9", - "3.3.1.1.8", - "3.3.1.1.9", - "3.3.1.3.8", - "3.3.1.3.9", - "3.3.2.8", - "3.3.2.9", - "3.3.3.8", - "3.3.3.9" - ], - "PCI-3.2.1": [ - "3.1", - "3.1.a", - "3.2", - "3.2.c", - "10.7", - "10.7.a" - ], - "CCC": [ - "CCC.AuditLog.CN06.AR01", - "CCC.CntrReg.CN02.AR01", - "CCC.ObjStor.CN03.AR01", - "CCC.ObjStor.CN03.AR02" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.13" - ], - "ISO27001-2022": [ - "A.8.10" - ], - "KISA-ISMS-P-2023": [ - "2.9.3", - "2.12.1" - ], - "NIS2": [ - "12.2.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Check if S3 buckets have Lifecycle configuration enabled.", - "title": "Check if S3 buckets have a Lifecycle configuration enabled", - "types": [ - "AWS Foundational Security Best Practices" - ], - "uid": "prowler-aws-s3_bucket_lifecycle_enabled-211203495394-us-east-1-test-bucket-obj-untrusted" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::test-bucket-obj-untrusted", - "name": "test-bucket-obj-untrusted", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": null, - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "us-east-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "test-bucket-obj-untrusted", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::test-bucket-obj-untrusted" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Enable lifecycle policies on your S3 buckets to automatically manage the transition and expiration of data.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/how-to-set-lifecycle-configuration-intro.html" - ] - }, - "risk_details": "The risks of not having lifecycle management enabled for S3 buckets include higher storage costs, unmanaged data retention, and potential non-compliance with data policies.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket test-bucket-untrusted-kms does not have a lifecycle configuration enabled.", - "metadata": { - "event_code": "s3_bucket_lifecycle_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "S3 Bucket test-bucket-untrusted-kms does not have a lifecycle configuration enabled.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lifecycle-mgmt.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OPS-32.02B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.3", - "2.12.1" - ], - "PCI-4.0": [ - "10.5.1.12", - "10.5.1.13", - "3.2.1.8", - "3.2.1.9", - "3.3.1.1.8", - "3.3.1.1.9", - "3.3.1.3.8", - "3.3.1.3.9", - "3.3.2.8", - "3.3.2.9", - "3.3.3.8", - "3.3.3.9" - ], - "PCI-3.2.1": [ - "3.1", - "3.1.a", - "3.2", - "3.2.c", - "10.7", - "10.7.a" - ], - "CCC": [ - "CCC.AuditLog.CN06.AR01", - "CCC.CntrReg.CN02.AR01", - "CCC.ObjStor.CN03.AR01", - "CCC.ObjStor.CN03.AR02" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.13" - ], - "ISO27001-2022": [ - "A.8.10" - ], - "KISA-ISMS-P-2023": [ - "2.9.3", - "2.12.1" - ], - "NIS2": [ - "12.2.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Check if S3 buckets have Lifecycle configuration enabled.", - "title": "Check if S3 buckets have a Lifecycle configuration enabled", - "types": [ - "AWS Foundational Security Best Practices" - ], - "uid": "prowler-aws-s3_bucket_lifecycle_enabled-211203495394-us-east-1-test-bucket-untrusted-kms" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::test-bucket-untrusted-kms", - "name": "test-bucket-untrusted-kms", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "us-east-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "test-bucket-untrusted-kms", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::test-bucket-untrusted-kms" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Enable lifecycle policies on your S3 buckets to automatically manage the transition and expiration of data.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/how-to-set-lifecycle-configuration-intro.html" - ] - }, - "risk_details": "The risks of not having lifecycle management enabled for S3 buckets include higher storage costs, unmanaged data retention, and potential non-compliance with data policies.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket prod-my-secure-s3-bucket-20250423 has MFA Delete disabled.", - "metadata": { - "event_code": "s3_bucket_no_mfa_delete", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "S3 Bucket prod-my-secure-s3-bucket-20250423 has MFA Delete disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "AM-07.02B", - "OPS-16.01B", - "IAM-04.06B", - "IAM-09.02B", - "IAM-09.01AC", - "PSS-05.01B", - "PSS-07.02B" - ], - "CIS-3.0": [ - "2.1.2" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.3", - "2.10.2" - ], - "CIS-4.0.1": [ - "2.1.2" - ], - "PCI-4.0": [ - "10.3.2.22", - "3.5.1.3.27", - "8.4.1.5", - "8.4.2.5", - "8.4.3.5", - "A1.1.2.18", - "A3.4.1.20" - ], - "CIS-5.0": [ - "2.1.2" - ], - "CIS-1.4": [ - "2.1.3" - ], - "ProwlerThreatScore-1.0": [ - "2.2.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.20" - ], - "CIS-1.5": [ - "2.1.3" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP02" - ], - "KISA-ISMS-P-2023": [ - "2.5.3", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1485" - ], - "CIS-2.0": [ - "2.1.2" - ], - "NIS2": [ - "11.7.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Check if S3 bucket MFA Delete is not enabled.", - "title": "Check if S3 bucket MFA Delete is not enabled.", - "types": [ - "Logging and Monitoring" - ], - "uid": "prowler-aws-s3_bucket_no_mfa_delete-211203495394-us-east-1-prod-my-secure-s3-bucket-20250423" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::prod-my-secure-s3-bucket-20250423", - "name": "prod-my-secure-s3-bucket-20250423", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": true, - "logging": true, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "aws:kms", - "region": "us-east-1", - "logging_target_bucket": "prod-my-secure-s3-bucket-20250423-logs", - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [ - { - "Key": "Environment", - "Value": "Production" - }, - { - "Key": "Owner", - "Value": "CFI" - }, - { - "Key": "managed-by", - "Value": "terraform" - }, - { - "Key": "module", - "Value": "secure-s3" - }, - { - "Key": "Name", - "Value": "prod-my-secure-s3-bucket-20250423" - } - ], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [ - "Environment:Production", - "Owner:CFI", - "managed-by:terraform", - "module:secure-s3", - "Name:prod-my-secure-s3-bucket-20250423" - ], - "name": "prod-my-secure-s3-bucket-20250423", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::prod-my-secure-s3-bucket-20250423" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Adding MFA delete to an S3 bucket, requires additional authentication when you change the version state of your bucket or you delete and object version adding another layer of security in the event your security credentials are compromised or unauthorized access is granted.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/MultiFactorAuthenticationDelete.html" - ] - }, - "risk_details": "Your security credentials are compromised or unauthorized access is granted.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket prod-my-secure-s3-bucket-20250423-logs has MFA Delete disabled.", - "metadata": { - "event_code": "s3_bucket_no_mfa_delete", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "S3 Bucket prod-my-secure-s3-bucket-20250423-logs has MFA Delete disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "AM-07.02B", - "OPS-16.01B", - "IAM-04.06B", - "IAM-09.02B", - "IAM-09.01AC", - "PSS-05.01B", - "PSS-07.02B" - ], - "CIS-3.0": [ - "2.1.2" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.3", - "2.10.2" - ], - "CIS-4.0.1": [ - "2.1.2" - ], - "PCI-4.0": [ - "10.3.2.22", - "3.5.1.3.27", - "8.4.1.5", - "8.4.2.5", - "8.4.3.5", - "A1.1.2.18", - "A3.4.1.20" - ], - "CIS-5.0": [ - "2.1.2" - ], - "CIS-1.4": [ - "2.1.3" - ], - "ProwlerThreatScore-1.0": [ - "2.2.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.20" - ], - "CIS-1.5": [ - "2.1.3" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP02" - ], - "KISA-ISMS-P-2023": [ - "2.5.3", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1485" - ], - "CIS-2.0": [ - "2.1.2" - ], - "NIS2": [ - "11.7.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Check if S3 bucket MFA Delete is not enabled.", - "title": "Check if S3 bucket MFA Delete is not enabled.", - "types": [ - "Logging and Monitoring" - ], - "uid": "prowler-aws-s3_bucket_no_mfa_delete-211203495394-us-east-1-prod-my-secure-s3-bucket-20250423-logs" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::prod-my-secure-s3-bucket-20250423-logs", - "name": "prod-my-secure-s3-bucket-20250423-logs", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": true, - "logging": true, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "aws:kms", - "region": "us-east-1", - "logging_target_bucket": "prod-my-secure-s3-bucket-20250423-logs", - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [ - { - "Key": "Environment", - "Value": "Production" - }, - { - "Key": "Owner", - "Value": "CFI" - }, - { - "Key": "Type", - "Value": "logs" - }, - { - "Key": "managed-by", - "Value": "terraform" - }, - { - "Key": "module", - "Value": "secure-s3" - }, - { - "Key": "Name", - "Value": "prod-my-secure-s3-bucket-20250423-logs" - } - ], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [ - "Environment:Production", - "Owner:CFI", - "Type:logs", - "managed-by:terraform", - "module:secure-s3", - "Name:prod-my-secure-s3-bucket-20250423-logs" - ], - "name": "prod-my-secure-s3-bucket-20250423-logs", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::prod-my-secure-s3-bucket-20250423-logs" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Adding MFA delete to an S3 bucket, requires additional authentication when you change the version state of your bucket or you delete and object version adding another layer of security in the event your security credentials are compromised or unauthorized access is granted.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/MultiFactorAuthenticationDelete.html" - ] - }, - "risk_details": "Your security credentials are compromised or unauthorized access is granted.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket test-bucket-obj-untrusted has MFA Delete disabled.", - "metadata": { - "event_code": "s3_bucket_no_mfa_delete", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "S3 Bucket test-bucket-obj-untrusted has MFA Delete disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "AM-07.02B", - "OPS-16.01B", - "IAM-04.06B", - "IAM-09.02B", - "IAM-09.01AC", - "PSS-05.01B", - "PSS-07.02B" - ], - "CIS-3.0": [ - "2.1.2" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.3", - "2.10.2" - ], - "CIS-4.0.1": [ - "2.1.2" - ], - "PCI-4.0": [ - "10.3.2.22", - "3.5.1.3.27", - "8.4.1.5", - "8.4.2.5", - "8.4.3.5", - "A1.1.2.18", - "A3.4.1.20" - ], - "CIS-5.0": [ - "2.1.2" - ], - "CIS-1.4": [ - "2.1.3" - ], - "ProwlerThreatScore-1.0": [ - "2.2.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.20" - ], - "CIS-1.5": [ - "2.1.3" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP02" - ], - "KISA-ISMS-P-2023": [ - "2.5.3", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1485" - ], - "CIS-2.0": [ - "2.1.2" - ], - "NIS2": [ - "11.7.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Check if S3 bucket MFA Delete is not enabled.", - "title": "Check if S3 bucket MFA Delete is not enabled.", - "types": [ - "Logging and Monitoring" - ], - "uid": "prowler-aws-s3_bucket_no_mfa_delete-211203495394-us-east-1-test-bucket-obj-untrusted" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::test-bucket-obj-untrusted", - "name": "test-bucket-obj-untrusted", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": null, - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "us-east-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "test-bucket-obj-untrusted", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::test-bucket-obj-untrusted" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Adding MFA delete to an S3 bucket, requires additional authentication when you change the version state of your bucket or you delete and object version adding another layer of security in the event your security credentials are compromised or unauthorized access is granted.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/MultiFactorAuthenticationDelete.html" - ] - }, - "risk_details": "Your security credentials are compromised or unauthorized access is granted.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket test-bucket-untrusted-kms has MFA Delete disabled.", - "metadata": { - "event_code": "s3_bucket_no_mfa_delete", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "S3 Bucket test-bucket-untrusted-kms has MFA Delete disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "AM-07.02B", - "OPS-16.01B", - "IAM-04.06B", - "IAM-09.02B", - "IAM-09.01AC", - "PSS-05.01B", - "PSS-07.02B" - ], - "CIS-3.0": [ - "2.1.2" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.3", - "2.10.2" - ], - "CIS-4.0.1": [ - "2.1.2" - ], - "PCI-4.0": [ - "10.3.2.22", - "3.5.1.3.27", - "8.4.1.5", - "8.4.2.5", - "8.4.3.5", - "A1.1.2.18", - "A3.4.1.20" - ], - "CIS-5.0": [ - "2.1.2" - ], - "CIS-1.4": [ - "2.1.3" - ], - "ProwlerThreatScore-1.0": [ - "2.2.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.20" - ], - "CIS-1.5": [ - "2.1.3" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP02" - ], - "KISA-ISMS-P-2023": [ - "2.5.3", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1485" - ], - "CIS-2.0": [ - "2.1.2" - ], - "NIS2": [ - "11.7.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Check if S3 bucket MFA Delete is not enabled.", - "title": "Check if S3 bucket MFA Delete is not enabled.", - "types": [ - "Logging and Monitoring" - ], - "uid": "prowler-aws-s3_bucket_no_mfa_delete-211203495394-us-east-1-test-bucket-untrusted-kms" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::test-bucket-untrusted-kms", - "name": "test-bucket-untrusted-kms", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "us-east-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "test-bucket-untrusted-kms", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::test-bucket-untrusted-kms" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Adding MFA delete to an S3 bucket, requires additional authentication when you change the version state of your bucket or you delete and object version adding another layer of security in the event your security credentials are compromised or unauthorized access is granted.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/MultiFactorAuthenticationDelete.html" - ] - }, - "risk_details": "Your security credentials are compromised or unauthorized access is granted.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket prod-my-secure-s3-bucket-20250423 has Object Lock disabled.", - "metadata": { - "event_code": "s3_bucket_object_lock", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "S3 Bucket prod-my-secure-s3-bucket-20250423 has Object Lock disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.3", - "2.12.1" - ], - "PCI-4.0": [ - "10.3.4.7" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN08.AR01", - "CCC.AuditLog.CN08.AR01", - "CCC.ObjStor.CN03.AR01", - "CCC.ObjStor.CN04.AR01", - "CCC.ObjStor.CN05.AR01", - "CCC.ObjStor.CN05.AR02" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.15" - ], - "KISA-ISMS-P-2023": [ - "2.9.3", - "2.12.1" - ], - "MITRE-ATTACK": [ - "T1485", - "T1486" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Check if S3 buckets have object lock enabled", - "title": "Check if S3 buckets have object lock enabled", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_object_lock-211203495394-us-east-1-prod-my-secure-s3-bucket-20250423" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::prod-my-secure-s3-bucket-20250423", - "name": "prod-my-secure-s3-bucket-20250423", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": true, - "logging": true, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "aws:kms", - "region": "us-east-1", - "logging_target_bucket": "prod-my-secure-s3-bucket-20250423-logs", - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [ - { - "Key": "Environment", - "Value": "Production" - }, - { - "Key": "Owner", - "Value": "CFI" - }, - { - "Key": "managed-by", - "Value": "terraform" - }, - { - "Key": "module", - "Value": "secure-s3" - }, - { - "Key": "Name", - "Value": "prod-my-secure-s3-bucket-20250423" - } - ], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [ - "Environment:Production", - "Owner:CFI", - "managed-by:terraform", - "module:secure-s3", - "Name:prod-my-secure-s3-bucket-20250423" - ], - "name": "prod-my-secure-s3-bucket-20250423", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::prod-my-secure-s3-bucket-20250423" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Ensure that your Amazon S3 buckets have Object Lock feature enabled in order to prevent the objects they store from being deleted.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lock-overview.html" - ] - }, - "risk_details": "Store objects using a write-once-read-many (WORM) model to help you prevent objects from being deleted or overwritten for a fixed amount of time or indefinitely. That helps to prevent ransomware attacks.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket prod-my-secure-s3-bucket-20250423-logs has Object Lock disabled.", - "metadata": { - "event_code": "s3_bucket_object_lock", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "S3 Bucket prod-my-secure-s3-bucket-20250423-logs has Object Lock disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.3", - "2.12.1" - ], - "PCI-4.0": [ - "10.3.4.7" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN08.AR01", - "CCC.AuditLog.CN08.AR01", - "CCC.ObjStor.CN03.AR01", - "CCC.ObjStor.CN04.AR01", - "CCC.ObjStor.CN05.AR01", - "CCC.ObjStor.CN05.AR02" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.15" - ], - "KISA-ISMS-P-2023": [ - "2.9.3", - "2.12.1" - ], - "MITRE-ATTACK": [ - "T1485", - "T1486" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Check if S3 buckets have object lock enabled", - "title": "Check if S3 buckets have object lock enabled", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_object_lock-211203495394-us-east-1-prod-my-secure-s3-bucket-20250423-logs" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::prod-my-secure-s3-bucket-20250423-logs", - "name": "prod-my-secure-s3-bucket-20250423-logs", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": true, - "logging": true, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "aws:kms", - "region": "us-east-1", - "logging_target_bucket": "prod-my-secure-s3-bucket-20250423-logs", - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [ - { - "Key": "Environment", - "Value": "Production" - }, - { - "Key": "Owner", - "Value": "CFI" - }, - { - "Key": "Type", - "Value": "logs" - }, - { - "Key": "managed-by", - "Value": "terraform" - }, - { - "Key": "module", - "Value": "secure-s3" - }, - { - "Key": "Name", - "Value": "prod-my-secure-s3-bucket-20250423-logs" - } - ], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [ - "Environment:Production", - "Owner:CFI", - "Type:logs", - "managed-by:terraform", - "module:secure-s3", - "Name:prod-my-secure-s3-bucket-20250423-logs" - ], - "name": "prod-my-secure-s3-bucket-20250423-logs", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::prod-my-secure-s3-bucket-20250423-logs" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Ensure that your Amazon S3 buckets have Object Lock feature enabled in order to prevent the objects they store from being deleted.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lock-overview.html" - ] - }, - "risk_details": "Store objects using a write-once-read-many (WORM) model to help you prevent objects from being deleted or overwritten for a fixed amount of time or indefinitely. That helps to prevent ransomware attacks.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket test-bucket-obj-untrusted has Object Lock disabled.", - "metadata": { - "event_code": "s3_bucket_object_lock", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "S3 Bucket test-bucket-obj-untrusted has Object Lock disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.3", - "2.12.1" - ], - "PCI-4.0": [ - "10.3.4.7" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN08.AR01", - "CCC.AuditLog.CN08.AR01", - "CCC.ObjStor.CN03.AR01", - "CCC.ObjStor.CN04.AR01", - "CCC.ObjStor.CN05.AR01", - "CCC.ObjStor.CN05.AR02" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.15" - ], - "KISA-ISMS-P-2023": [ - "2.9.3", - "2.12.1" - ], - "MITRE-ATTACK": [ - "T1485", - "T1486" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Check if S3 buckets have object lock enabled", - "title": "Check if S3 buckets have object lock enabled", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_object_lock-211203495394-us-east-1-test-bucket-obj-untrusted" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::test-bucket-obj-untrusted", - "name": "test-bucket-obj-untrusted", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": null, - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "us-east-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "test-bucket-obj-untrusted", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::test-bucket-obj-untrusted" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Ensure that your Amazon S3 buckets have Object Lock feature enabled in order to prevent the objects they store from being deleted.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lock-overview.html" - ] - }, - "risk_details": "Store objects using a write-once-read-many (WORM) model to help you prevent objects from being deleted or overwritten for a fixed amount of time or indefinitely. That helps to prevent ransomware attacks.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket test-bucket-untrusted-kms has Object Lock disabled.", - "metadata": { - "event_code": "s3_bucket_object_lock", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "S3 Bucket test-bucket-untrusted-kms has Object Lock disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.3", - "2.12.1" - ], - "PCI-4.0": [ - "10.3.4.7" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN08.AR01", - "CCC.AuditLog.CN08.AR01", - "CCC.ObjStor.CN03.AR01", - "CCC.ObjStor.CN04.AR01", - "CCC.ObjStor.CN05.AR01", - "CCC.ObjStor.CN05.AR02" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.15" - ], - "KISA-ISMS-P-2023": [ - "2.9.3", - "2.12.1" - ], - "MITRE-ATTACK": [ - "T1485", - "T1486" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Check if S3 buckets have object lock enabled", - "title": "Check if S3 buckets have object lock enabled", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_object_lock-211203495394-us-east-1-test-bucket-untrusted-kms" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::test-bucket-untrusted-kms", - "name": "test-bucket-untrusted-kms", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "us-east-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "test-bucket-untrusted-kms", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::test-bucket-untrusted-kms" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Ensure that your Amazon S3 buckets have Object Lock feature enabled in order to prevent the objects they store from being deleted.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lock-overview.html" - ] - }, - "risk_details": "Store objects using a write-once-read-many (WORM) model to help you prevent objects from being deleted or overwritten for a fixed amount of time or indefinitely. That helps to prevent ransomware attacks.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket prod-my-secure-s3-bucket-20250423 has versioning enabled.", - "metadata": { - "event_code": "s3_bucket_object_versioning", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 Bucket prod-my-secure-s3-bucket-20250423 has versioning enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_3_8" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_12" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_308_a_7_i", - "164_308_a_7_ii_a", - "164_308_a_7_ii_b", - "164_308_a_7_ii_c", - "164_312_a_2_ii", - "164_312_c_1", - "164_312_c_2" - ], - "SOC2": [ - "cc_7_4", - "cc_a_1_1", - "cc_c_1_2" - ], - "C5-2025": [ - "OPS-13.01AC", - "OPS-33.02B", - "DEV-07.01B" - ], - "NIST-CSF-1.1": [ - "be_5", - "ds_4", - "ip_4", - "ip_9", - "pt_5", - "rp_1", - "rp_1" - ], - "FedRamp-Moderate-Revision-4": [ - "au-9-2", - "cp-9-b", - "cp-10", - "sc-5", - "si-12" - ], - "NIST-800-53-Revision-5": [ - "au_9_2", - "cp_1_2", - "cp_2_5", - "cp_6_a", - "cp_6_1", - "cp_6_2", - "cp_9_a", - "cp_9_b", - "cp_9_c", - "cp_10", - "cp_10_2", - "pm_11_b", - "pm_17_b", - "sc_5_2", - "sc_16_1", - "si_1_a_2", - "si_13_5" - ], - "AWS-Audit-Manager-Control-Tower-Guardrails": [ - "5.1.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.3", - "2.12.1" - ], - "PCI-4.0": [ - "10.3.4.9" - ], - "FedRAMP-Low-Revision-4": [ - "au-9", - "cp-9", - "cp-10", - "sc-5" - ], - "FFIEC": [ - "d5-ir-pl-b-6" - ], - "PCI-3.2.1": [ - "3.1", - "3.1.c", - "10.5", - "10.5.2", - "10.5.3", - "10.5.5" - ], - "GxP-EU-Annex-11": [ - "5-data", - "7.1-data-storage-damage-protection", - "7.2-data-storage-backups", - "16-business-continuity", - "17-archiving", - "4.8-validation-data-transfer" - ], - "CCC": [ - "CCC.ObjStor.CN03.AR01", - "CCC.ObjStor.CN03.AR02", - "CCC.ObjStor.CN04.AR01", - "CCC.ObjStor.CN05.AR01", - "CCC.ObjStor.CN05.AR02", - "CCC.ObjStor.CN05.AR03", - "CCC.ObjStor.CN05.AR04" - ], - "GxP-21-CFR-Part-11": [ - "11.10-a", - "11.10-c" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.14" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP04" - ], - "ISO27001-2022": [ - "A.8.3", - "A.8.10" - ], - "NIST-800-53-Revision-4": [ - "cp_10", - "si_12" - ], - "KISA-ISMS-P-2023": [ - "2.9.3", - "2.12.1" - ], - "MITRE-ATTACK": [ - "T1485", - "T1486" - ], - "CISA": [ - "your-systems-3", - "your-data-4", - "booting-up-thing-to-do-first-1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Check if S3 buckets have object versioning enabled", - "title": "Check if S3 buckets have object versioning enabled", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_object_versioning-211203495394-us-east-1-prod-my-secure-s3-bucket-20250423" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::prod-my-secure-s3-bucket-20250423", - "name": "prod-my-secure-s3-bucket-20250423", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": true, - "logging": true, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "aws:kms", - "region": "us-east-1", - "logging_target_bucket": "prod-my-secure-s3-bucket-20250423-logs", - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [ - { - "Key": "Environment", - "Value": "Production" - }, - { - "Key": "Owner", - "Value": "CFI" - }, - { - "Key": "managed-by", - "Value": "terraform" - }, - { - "Key": "module", - "Value": "secure-s3" - }, - { - "Key": "Name", - "Value": "prod-my-secure-s3-bucket-20250423" - } - ], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [ - "Environment:Production", - "Owner:CFI", - "managed-by:terraform", - "module:secure-s3", - "Name:prod-my-secure-s3-bucket-20250423" - ], - "name": "prod-my-secure-s3-bucket-20250423", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::prod-my-secure-s3-bucket-20250423" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Configure versioning using the Amazon console or API for buckets with sensitive information that is changing frequently, and backup may not be enough to capture all the changes.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/dev-retired/Versioning.html" - ] - }, - "risk_details": "With versioning, you can easily recover from both unintended user actions and application failures.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket prod-my-secure-s3-bucket-20250423-logs has versioning enabled.", - "metadata": { - "event_code": "s3_bucket_object_versioning", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 Bucket prod-my-secure-s3-bucket-20250423-logs has versioning enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_3_8" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_12" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_308_a_7_i", - "164_308_a_7_ii_a", - "164_308_a_7_ii_b", - "164_308_a_7_ii_c", - "164_312_a_2_ii", - "164_312_c_1", - "164_312_c_2" - ], - "SOC2": [ - "cc_7_4", - "cc_a_1_1", - "cc_c_1_2" - ], - "C5-2025": [ - "OPS-13.01AC", - "OPS-33.02B", - "DEV-07.01B" - ], - "NIST-CSF-1.1": [ - "be_5", - "ds_4", - "ip_4", - "ip_9", - "pt_5", - "rp_1", - "rp_1" - ], - "FedRamp-Moderate-Revision-4": [ - "au-9-2", - "cp-9-b", - "cp-10", - "sc-5", - "si-12" - ], - "NIST-800-53-Revision-5": [ - "au_9_2", - "cp_1_2", - "cp_2_5", - "cp_6_a", - "cp_6_1", - "cp_6_2", - "cp_9_a", - "cp_9_b", - "cp_9_c", - "cp_10", - "cp_10_2", - "pm_11_b", - "pm_17_b", - "sc_5_2", - "sc_16_1", - "si_1_a_2", - "si_13_5" - ], - "AWS-Audit-Manager-Control-Tower-Guardrails": [ - "5.1.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.3", - "2.12.1" - ], - "PCI-4.0": [ - "10.3.4.9" - ], - "FedRAMP-Low-Revision-4": [ - "au-9", - "cp-9", - "cp-10", - "sc-5" - ], - "FFIEC": [ - "d5-ir-pl-b-6" - ], - "PCI-3.2.1": [ - "3.1", - "3.1.c", - "10.5", - "10.5.2", - "10.5.3", - "10.5.5" - ], - "GxP-EU-Annex-11": [ - "5-data", - "7.1-data-storage-damage-protection", - "7.2-data-storage-backups", - "16-business-continuity", - "17-archiving", - "4.8-validation-data-transfer" - ], - "CCC": [ - "CCC.ObjStor.CN03.AR01", - "CCC.ObjStor.CN03.AR02", - "CCC.ObjStor.CN04.AR01", - "CCC.ObjStor.CN05.AR01", - "CCC.ObjStor.CN05.AR02", - "CCC.ObjStor.CN05.AR03", - "CCC.ObjStor.CN05.AR04" - ], - "GxP-21-CFR-Part-11": [ - "11.10-a", - "11.10-c" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.14" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP04" - ], - "ISO27001-2022": [ - "A.8.3", - "A.8.10" - ], - "NIST-800-53-Revision-4": [ - "cp_10", - "si_12" - ], - "KISA-ISMS-P-2023": [ - "2.9.3", - "2.12.1" - ], - "MITRE-ATTACK": [ - "T1485", - "T1486" - ], - "CISA": [ - "your-systems-3", - "your-data-4", - "booting-up-thing-to-do-first-1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Check if S3 buckets have object versioning enabled", - "title": "Check if S3 buckets have object versioning enabled", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_object_versioning-211203495394-us-east-1-prod-my-secure-s3-bucket-20250423-logs" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::prod-my-secure-s3-bucket-20250423-logs", - "name": "prod-my-secure-s3-bucket-20250423-logs", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": true, - "logging": true, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "aws:kms", - "region": "us-east-1", - "logging_target_bucket": "prod-my-secure-s3-bucket-20250423-logs", - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [ - { - "Key": "Environment", - "Value": "Production" - }, - { - "Key": "Owner", - "Value": "CFI" - }, - { - "Key": "Type", - "Value": "logs" - }, - { - "Key": "managed-by", - "Value": "terraform" - }, - { - "Key": "module", - "Value": "secure-s3" - }, - { - "Key": "Name", - "Value": "prod-my-secure-s3-bucket-20250423-logs" - } - ], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [ - "Environment:Production", - "Owner:CFI", - "Type:logs", - "managed-by:terraform", - "module:secure-s3", - "Name:prod-my-secure-s3-bucket-20250423-logs" - ], - "name": "prod-my-secure-s3-bucket-20250423-logs", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::prod-my-secure-s3-bucket-20250423-logs" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Configure versioning using the Amazon console or API for buckets with sensitive information that is changing frequently, and backup may not be enough to capture all the changes.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/dev-retired/Versioning.html" - ] - }, - "risk_details": "With versioning, you can easily recover from both unintended user actions and application failures.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket test-bucket-obj-untrusted has versioning disabled.", - "metadata": { - "event_code": "s3_bucket_object_versioning", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "S3 Bucket test-bucket-obj-untrusted has versioning disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_3_8" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_12" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_308_a_7_i", - "164_308_a_7_ii_a", - "164_308_a_7_ii_b", - "164_308_a_7_ii_c", - "164_312_a_2_ii", - "164_312_c_1", - "164_312_c_2" - ], - "SOC2": [ - "cc_7_4", - "cc_a_1_1", - "cc_c_1_2" - ], - "C5-2025": [ - "OPS-13.01AC", - "OPS-33.02B", - "DEV-07.01B" - ], - "NIST-CSF-1.1": [ - "be_5", - "ds_4", - "ip_4", - "ip_9", - "pt_5", - "rp_1", - "rp_1" - ], - "FedRamp-Moderate-Revision-4": [ - "au-9-2", - "cp-9-b", - "cp-10", - "sc-5", - "si-12" - ], - "NIST-800-53-Revision-5": [ - "au_9_2", - "cp_1_2", - "cp_2_5", - "cp_6_a", - "cp_6_1", - "cp_6_2", - "cp_9_a", - "cp_9_b", - "cp_9_c", - "cp_10", - "cp_10_2", - "pm_11_b", - "pm_17_b", - "sc_5_2", - "sc_16_1", - "si_1_a_2", - "si_13_5" - ], - "AWS-Audit-Manager-Control-Tower-Guardrails": [ - "5.1.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.3", - "2.12.1" - ], - "PCI-4.0": [ - "10.3.4.9" - ], - "FedRAMP-Low-Revision-4": [ - "au-9", - "cp-9", - "cp-10", - "sc-5" - ], - "FFIEC": [ - "d5-ir-pl-b-6" - ], - "PCI-3.2.1": [ - "3.1", - "3.1.c", - "10.5", - "10.5.2", - "10.5.3", - "10.5.5" - ], - "GxP-EU-Annex-11": [ - "5-data", - "7.1-data-storage-damage-protection", - "7.2-data-storage-backups", - "16-business-continuity", - "17-archiving", - "4.8-validation-data-transfer" - ], - "CCC": [ - "CCC.ObjStor.CN03.AR01", - "CCC.ObjStor.CN03.AR02", - "CCC.ObjStor.CN04.AR01", - "CCC.ObjStor.CN05.AR01", - "CCC.ObjStor.CN05.AR02", - "CCC.ObjStor.CN05.AR03", - "CCC.ObjStor.CN05.AR04" - ], - "GxP-21-CFR-Part-11": [ - "11.10-a", - "11.10-c" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.14" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP04" - ], - "ISO27001-2022": [ - "A.8.3", - "A.8.10" - ], - "NIST-800-53-Revision-4": [ - "cp_10", - "si_12" - ], - "KISA-ISMS-P-2023": [ - "2.9.3", - "2.12.1" - ], - "MITRE-ATTACK": [ - "T1485", - "T1486" - ], - "CISA": [ - "your-systems-3", - "your-data-4", - "booting-up-thing-to-do-first-1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Check if S3 buckets have object versioning enabled", - "title": "Check if S3 buckets have object versioning enabled", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_object_versioning-211203495394-us-east-1-test-bucket-obj-untrusted" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::test-bucket-obj-untrusted", - "name": "test-bucket-obj-untrusted", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": null, - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "us-east-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "test-bucket-obj-untrusted", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::test-bucket-obj-untrusted" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Configure versioning using the Amazon console or API for buckets with sensitive information that is changing frequently, and backup may not be enough to capture all the changes.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/dev-retired/Versioning.html" - ] - }, - "risk_details": "With versioning, you can easily recover from both unintended user actions and application failures.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket test-bucket-untrusted-kms has versioning disabled.", - "metadata": { - "event_code": "s3_bucket_object_versioning", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "S3 Bucket test-bucket-untrusted-kms has versioning disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_3_8" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_12" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_308_a_7_i", - "164_308_a_7_ii_a", - "164_308_a_7_ii_b", - "164_308_a_7_ii_c", - "164_312_a_2_ii", - "164_312_c_1", - "164_312_c_2" - ], - "SOC2": [ - "cc_7_4", - "cc_a_1_1", - "cc_c_1_2" - ], - "C5-2025": [ - "OPS-13.01AC", - "OPS-33.02B", - "DEV-07.01B" - ], - "NIST-CSF-1.1": [ - "be_5", - "ds_4", - "ip_4", - "ip_9", - "pt_5", - "rp_1", - "rp_1" - ], - "FedRamp-Moderate-Revision-4": [ - "au-9-2", - "cp-9-b", - "cp-10", - "sc-5", - "si-12" - ], - "NIST-800-53-Revision-5": [ - "au_9_2", - "cp_1_2", - "cp_2_5", - "cp_6_a", - "cp_6_1", - "cp_6_2", - "cp_9_a", - "cp_9_b", - "cp_9_c", - "cp_10", - "cp_10_2", - "pm_11_b", - "pm_17_b", - "sc_5_2", - "sc_16_1", - "si_1_a_2", - "si_13_5" - ], - "AWS-Audit-Manager-Control-Tower-Guardrails": [ - "5.1.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.3", - "2.12.1" - ], - "PCI-4.0": [ - "10.3.4.9" - ], - "FedRAMP-Low-Revision-4": [ - "au-9", - "cp-9", - "cp-10", - "sc-5" - ], - "FFIEC": [ - "d5-ir-pl-b-6" - ], - "PCI-3.2.1": [ - "3.1", - "3.1.c", - "10.5", - "10.5.2", - "10.5.3", - "10.5.5" - ], - "GxP-EU-Annex-11": [ - "5-data", - "7.1-data-storage-damage-protection", - "7.2-data-storage-backups", - "16-business-continuity", - "17-archiving", - "4.8-validation-data-transfer" - ], - "CCC": [ - "CCC.ObjStor.CN03.AR01", - "CCC.ObjStor.CN03.AR02", - "CCC.ObjStor.CN04.AR01", - "CCC.ObjStor.CN05.AR01", - "CCC.ObjStor.CN05.AR02", - "CCC.ObjStor.CN05.AR03", - "CCC.ObjStor.CN05.AR04" - ], - "GxP-21-CFR-Part-11": [ - "11.10-a", - "11.10-c" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.14" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP04" - ], - "ISO27001-2022": [ - "A.8.3", - "A.8.10" - ], - "NIST-800-53-Revision-4": [ - "cp_10", - "si_12" - ], - "KISA-ISMS-P-2023": [ - "2.9.3", - "2.12.1" - ], - "MITRE-ATTACK": [ - "T1485", - "T1486" - ], - "CISA": [ - "your-systems-3", - "your-data-4", - "booting-up-thing-to-do-first-1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Check if S3 buckets have object versioning enabled", - "title": "Check if S3 buckets have object versioning enabled", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_object_versioning-211203495394-us-east-1-test-bucket-untrusted-kms" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::test-bucket-untrusted-kms", - "name": "test-bucket-untrusted-kms", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "us-east-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "test-bucket-untrusted-kms", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::test-bucket-untrusted-kms" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Configure versioning using the Amazon console or API for buckets with sensitive information that is changing frequently, and backup may not be enough to capture all the changes.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/dev-retired/Versioning.html" - ] - }, - "risk_details": "With versioning, you can easily recover from both unintended user actions and application failures.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket prod-my-secure-s3-bucket-20250423 does not have a bucket policy.", - "metadata": { - "event_code": "s3_bucket_policy_public_write_access", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 Bucket prod-my-secure-s3-bucket-20250423 does not have a bucket policy.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_1", - "3_1_2", - "3_1_3", - "3_3_8", - "3_4_6", - "3_13_2", - "3_13_5" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_1_3" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_308_a_3_i", - "164_312_a_1" - ], - "C5-2025": [ - "PS-03.02B", - "IAM-10.01B" - ], - "NIST-CSF-1.1": [ - "ac_3", - "ac_5", - "ds_5", - "ip_8", - "pt_3" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-3", - "ac-4", - "ac-6", - "ac-17-1", - "ac-21-b", - "cm-2", - "sc-4", - "sc-7-3", - "sc-7" - ], - "NIST-800-53-Revision-5": [ - "ac_2_6", - "ac_3", - "ac_3_7", - "ac_4_21", - "ac_6", - "ac_17_b", - "ac_17_1", - "ac_17_4_a", - "ac_17_9", - "ac_17_10", - "cm_6_a", - "cm_9_b", - "mp_2", - "sc_7_2", - "sc_7_3", - "sc_7_7", - "sc_7_9_a", - "sc_7_11", - "sc_7_12", - "sc_7_16", - "sc_7_20", - "sc_7_21", - "sc_7_24_b", - "sc_7_25", - "sc_7_26", - "sc_7_27", - "sc_7_28", - "sc_7_a", - "sc_7_b", - "sc_7_c", - "sc_25" - ], - "ENS-RD2022": [ - "op.acc.4.aws.iam.1", - "op.exp.8.r4.aws.ct.2" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "AWS-Audit-Manager-Control-Tower-Guardrails": [ - "4.1.2" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "FedRAMP-Low-Revision-4": [ - "ac-3", - "ac-17", - "cm-2", - "sc-7" - ], - "FFIEC": [ - "d3-pc-im-b-1" - ], - "PCI-3.2.1": [ - "1.2", - "1.2.1", - "1.2.1.a", - "1.2.1.b", - "1.2.1.c", - "1.3", - "1.3.1", - "1.3.2", - "1.3.4", - "1.3.6", - "7.2", - "7.2.1" - ], - "CCC": [ - "CCC.AuditLog.CN10.AR02", - "CCC.Core.CN05.AR05" - ], - "GxP-21-CFR-Part-11": [ - "11.10-c", - "11.10-d", - "11.10-g", - "11.10-k" - ], - "ProwlerThreatScore-1.0": [ - "2.2.15" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.3" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC03-BP07" - ], - "ISO27001-2022": [ - "A.8.1" - ], - "NIST-800-53-Revision-4": [ - "ac_3", - "ac_4", - "ac_6", - "ac_21", - "sc_7_3", - "sc_7" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1485", - "T1486" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Check if S3 buckets have policies which allow WRITE access.", - "title": "Check if S3 buckets have policies which allow WRITE access.", - "types": [ - "IAM" - ], - "uid": "prowler-aws-s3_bucket_policy_public_write_access-211203495394-us-east-1-prod-my-secure-s3-bucket-20250423" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::prod-my-secure-s3-bucket-20250423", - "name": "prod-my-secure-s3-bucket-20250423", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": true, - "logging": true, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "aws:kms", - "region": "us-east-1", - "logging_target_bucket": "prod-my-secure-s3-bucket-20250423-logs", - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [ - { - "Key": "Environment", - "Value": "Production" - }, - { - "Key": "Owner", - "Value": "CFI" - }, - { - "Key": "managed-by", - "Value": "terraform" - }, - { - "Key": "module", - "Value": "secure-s3" - }, - { - "Key": "Name", - "Value": "prod-my-secure-s3-bucket-20250423" - } - ], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [ - "Environment:Production", - "Owner:CFI", - "managed-by:terraform", - "module:secure-s3", - "Name:prod-my-secure-s3-bucket-20250423" - ], - "name": "prod-my-secure-s3-bucket-20250423", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::prod-my-secure-s3-bucket-20250423" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Ensure proper bucket policy is in place with the least privilege principle applied.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_examples_s3_rw-bucket.html" - ] - }, - "risk_details": "Non intended users can put objects in a given bucket.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket prod-my-secure-s3-bucket-20250423-logs does not have a bucket policy.", - "metadata": { - "event_code": "s3_bucket_policy_public_write_access", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 Bucket prod-my-secure-s3-bucket-20250423-logs does not have a bucket policy.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_1", - "3_1_2", - "3_1_3", - "3_3_8", - "3_4_6", - "3_13_2", - "3_13_5" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_1_3" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_308_a_3_i", - "164_312_a_1" - ], - "C5-2025": [ - "PS-03.02B", - "IAM-10.01B" - ], - "NIST-CSF-1.1": [ - "ac_3", - "ac_5", - "ds_5", - "ip_8", - "pt_3" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-3", - "ac-4", - "ac-6", - "ac-17-1", - "ac-21-b", - "cm-2", - "sc-4", - "sc-7-3", - "sc-7" - ], - "NIST-800-53-Revision-5": [ - "ac_2_6", - "ac_3", - "ac_3_7", - "ac_4_21", - "ac_6", - "ac_17_b", - "ac_17_1", - "ac_17_4_a", - "ac_17_9", - "ac_17_10", - "cm_6_a", - "cm_9_b", - "mp_2", - "sc_7_2", - "sc_7_3", - "sc_7_7", - "sc_7_9_a", - "sc_7_11", - "sc_7_12", - "sc_7_16", - "sc_7_20", - "sc_7_21", - "sc_7_24_b", - "sc_7_25", - "sc_7_26", - "sc_7_27", - "sc_7_28", - "sc_7_a", - "sc_7_b", - "sc_7_c", - "sc_25" - ], - "ENS-RD2022": [ - "op.acc.4.aws.iam.1", - "op.exp.8.r4.aws.ct.2" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "AWS-Audit-Manager-Control-Tower-Guardrails": [ - "4.1.2" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "FedRAMP-Low-Revision-4": [ - "ac-3", - "ac-17", - "cm-2", - "sc-7" - ], - "FFIEC": [ - "d3-pc-im-b-1" - ], - "PCI-3.2.1": [ - "1.2", - "1.2.1", - "1.2.1.a", - "1.2.1.b", - "1.2.1.c", - "1.3", - "1.3.1", - "1.3.2", - "1.3.4", - "1.3.6", - "7.2", - "7.2.1" - ], - "CCC": [ - "CCC.AuditLog.CN10.AR02", - "CCC.Core.CN05.AR05" - ], - "GxP-21-CFR-Part-11": [ - "11.10-c", - "11.10-d", - "11.10-g", - "11.10-k" - ], - "ProwlerThreatScore-1.0": [ - "2.2.15" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.3" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC03-BP07" - ], - "ISO27001-2022": [ - "A.8.1" - ], - "NIST-800-53-Revision-4": [ - "ac_3", - "ac_4", - "ac_6", - "ac_21", - "sc_7_3", - "sc_7" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1485", - "T1486" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Check if S3 buckets have policies which allow WRITE access.", - "title": "Check if S3 buckets have policies which allow WRITE access.", - "types": [ - "IAM" - ], - "uid": "prowler-aws-s3_bucket_policy_public_write_access-211203495394-us-east-1-prod-my-secure-s3-bucket-20250423-logs" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::prod-my-secure-s3-bucket-20250423-logs", - "name": "prod-my-secure-s3-bucket-20250423-logs", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": true, - "logging": true, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "aws:kms", - "region": "us-east-1", - "logging_target_bucket": "prod-my-secure-s3-bucket-20250423-logs", - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [ - { - "Key": "Environment", - "Value": "Production" - }, - { - "Key": "Owner", - "Value": "CFI" - }, - { - "Key": "Type", - "Value": "logs" - }, - { - "Key": "managed-by", - "Value": "terraform" - }, - { - "Key": "module", - "Value": "secure-s3" - }, - { - "Key": "Name", - "Value": "prod-my-secure-s3-bucket-20250423-logs" - } - ], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [ - "Environment:Production", - "Owner:CFI", - "Type:logs", - "managed-by:terraform", - "module:secure-s3", - "Name:prod-my-secure-s3-bucket-20250423-logs" - ], - "name": "prod-my-secure-s3-bucket-20250423-logs", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::prod-my-secure-s3-bucket-20250423-logs" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Ensure proper bucket policy is in place with the least privilege principle applied.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_examples_s3_rw-bucket.html" - ] - }, - "risk_details": "Non intended users can put objects in a given bucket.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket test-bucket-obj-untrusted does not have a bucket policy.", - "metadata": { - "event_code": "s3_bucket_policy_public_write_access", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 Bucket test-bucket-obj-untrusted does not have a bucket policy.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_1", - "3_1_2", - "3_1_3", - "3_3_8", - "3_4_6", - "3_13_2", - "3_13_5" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_1_3" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_308_a_3_i", - "164_312_a_1" - ], - "C5-2025": [ - "PS-03.02B", - "IAM-10.01B" - ], - "NIST-CSF-1.1": [ - "ac_3", - "ac_5", - "ds_5", - "ip_8", - "pt_3" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-3", - "ac-4", - "ac-6", - "ac-17-1", - "ac-21-b", - "cm-2", - "sc-4", - "sc-7-3", - "sc-7" - ], - "NIST-800-53-Revision-5": [ - "ac_2_6", - "ac_3", - "ac_3_7", - "ac_4_21", - "ac_6", - "ac_17_b", - "ac_17_1", - "ac_17_4_a", - "ac_17_9", - "ac_17_10", - "cm_6_a", - "cm_9_b", - "mp_2", - "sc_7_2", - "sc_7_3", - "sc_7_7", - "sc_7_9_a", - "sc_7_11", - "sc_7_12", - "sc_7_16", - "sc_7_20", - "sc_7_21", - "sc_7_24_b", - "sc_7_25", - "sc_7_26", - "sc_7_27", - "sc_7_28", - "sc_7_a", - "sc_7_b", - "sc_7_c", - "sc_25" - ], - "ENS-RD2022": [ - "op.acc.4.aws.iam.1", - "op.exp.8.r4.aws.ct.2" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "AWS-Audit-Manager-Control-Tower-Guardrails": [ - "4.1.2" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "FedRAMP-Low-Revision-4": [ - "ac-3", - "ac-17", - "cm-2", - "sc-7" - ], - "FFIEC": [ - "d3-pc-im-b-1" - ], - "PCI-3.2.1": [ - "1.2", - "1.2.1", - "1.2.1.a", - "1.2.1.b", - "1.2.1.c", - "1.3", - "1.3.1", - "1.3.2", - "1.3.4", - "1.3.6", - "7.2", - "7.2.1" - ], - "CCC": [ - "CCC.AuditLog.CN10.AR02", - "CCC.Core.CN05.AR05" - ], - "GxP-21-CFR-Part-11": [ - "11.10-c", - "11.10-d", - "11.10-g", - "11.10-k" - ], - "ProwlerThreatScore-1.0": [ - "2.2.15" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.3" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC03-BP07" - ], - "ISO27001-2022": [ - "A.8.1" - ], - "NIST-800-53-Revision-4": [ - "ac_3", - "ac_4", - "ac_6", - "ac_21", - "sc_7_3", - "sc_7" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1485", - "T1486" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Check if S3 buckets have policies which allow WRITE access.", - "title": "Check if S3 buckets have policies which allow WRITE access.", - "types": [ - "IAM" - ], - "uid": "prowler-aws-s3_bucket_policy_public_write_access-211203495394-us-east-1-test-bucket-obj-untrusted" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::test-bucket-obj-untrusted", - "name": "test-bucket-obj-untrusted", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": null, - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "us-east-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "test-bucket-obj-untrusted", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::test-bucket-obj-untrusted" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Ensure proper bucket policy is in place with the least privilege principle applied.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_examples_s3_rw-bucket.html" - ] - }, - "risk_details": "Non intended users can put objects in a given bucket.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket test-bucket-untrusted-kms does not have a bucket policy.", - "metadata": { - "event_code": "s3_bucket_policy_public_write_access", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 Bucket test-bucket-untrusted-kms does not have a bucket policy.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_1", - "3_1_2", - "3_1_3", - "3_3_8", - "3_4_6", - "3_13_2", - "3_13_5" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_1_3" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_308_a_3_i", - "164_312_a_1" - ], - "C5-2025": [ - "PS-03.02B", - "IAM-10.01B" - ], - "NIST-CSF-1.1": [ - "ac_3", - "ac_5", - "ds_5", - "ip_8", - "pt_3" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-3", - "ac-4", - "ac-6", - "ac-17-1", - "ac-21-b", - "cm-2", - "sc-4", - "sc-7-3", - "sc-7" - ], - "NIST-800-53-Revision-5": [ - "ac_2_6", - "ac_3", - "ac_3_7", - "ac_4_21", - "ac_6", - "ac_17_b", - "ac_17_1", - "ac_17_4_a", - "ac_17_9", - "ac_17_10", - "cm_6_a", - "cm_9_b", - "mp_2", - "sc_7_2", - "sc_7_3", - "sc_7_7", - "sc_7_9_a", - "sc_7_11", - "sc_7_12", - "sc_7_16", - "sc_7_20", - "sc_7_21", - "sc_7_24_b", - "sc_7_25", - "sc_7_26", - "sc_7_27", - "sc_7_28", - "sc_7_a", - "sc_7_b", - "sc_7_c", - "sc_25" - ], - "ENS-RD2022": [ - "op.acc.4.aws.iam.1", - "op.exp.8.r4.aws.ct.2" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "AWS-Audit-Manager-Control-Tower-Guardrails": [ - "4.1.2" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "FedRAMP-Low-Revision-4": [ - "ac-3", - "ac-17", - "cm-2", - "sc-7" - ], - "FFIEC": [ - "d3-pc-im-b-1" - ], - "PCI-3.2.1": [ - "1.2", - "1.2.1", - "1.2.1.a", - "1.2.1.b", - "1.2.1.c", - "1.3", - "1.3.1", - "1.3.2", - "1.3.4", - "1.3.6", - "7.2", - "7.2.1" - ], - "CCC": [ - "CCC.AuditLog.CN10.AR02", - "CCC.Core.CN05.AR05" - ], - "GxP-21-CFR-Part-11": [ - "11.10-c", - "11.10-d", - "11.10-g", - "11.10-k" - ], - "ProwlerThreatScore-1.0": [ - "2.2.15" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.3" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC03-BP07" - ], - "ISO27001-2022": [ - "A.8.1" - ], - "NIST-800-53-Revision-4": [ - "ac_3", - "ac_4", - "ac_6", - "ac_21", - "sc_7_3", - "sc_7" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1485", - "T1486" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Check if S3 buckets have policies which allow WRITE access.", - "title": "Check if S3 buckets have policies which allow WRITE access.", - "types": [ - "IAM" - ], - "uid": "prowler-aws-s3_bucket_policy_public_write_access-211203495394-us-east-1-test-bucket-untrusted-kms" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::test-bucket-untrusted-kms", - "name": "test-bucket-untrusted-kms", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "us-east-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "test-bucket-untrusted-kms", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::test-bucket-untrusted-kms" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Ensure proper bucket policy is in place with the least privilege principle applied.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_examples_s3_rw-bucket.html" - ] - }, - "risk_details": "Non intended users can put objects in a given bucket.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket prod-my-secure-s3-bucket-20250423 is not public.", - "metadata": { - "event_code": "s3_bucket_public_access", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 Bucket prod-my-secure-s3-bucket-20250423 is not public.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_1", - "3_1_2", - "3_1_3", - "3_3_8", - "3_4_6", - "3_13_2", - "3_13_5" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_1_3" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_308_a_3_i", - "164_312_a_1", - "164_312_a_2_i" - ], - "SOC2": [ - "cc_6_1" - ], - "C5-2025": [ - "PS-03.02B", - "IAM-10.01B", - "COS-02.01B" - ], - "NIST-CSF-1.1": [ - "ac_3", - "ac_5", - "ds_5", - "ip_8", - "pt_3" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-3", - "ac-4", - "ac-6", - "ac-17-1", - "ac-21-b", - "cm-2", - "sc-4", - "sc-7-3", - "sc-7" - ], - "NIST-800-53-Revision-5": [ - "ac_2_6", - "ac_3", - "ac_3_7", - "ac_4_21", - "ac_6", - "ac_17_b", - "ac_17_1", - "ac_17_4_a", - "ac_17_9", - "ac_17_10", - "cm_6_a", - "cm_9_b", - "mp_2", - "sc_7_2", - "sc_7_3", - "sc_7_7", - "sc_7_9_a", - "sc_7_11", - "sc_7_12", - "sc_7_16", - "sc_7_20", - "sc_7_21", - "sc_7_24_b", - "sc_7_25", - "sc_7_26", - "sc_7_27", - "sc_7_28", - "sc_7_a", - "sc_7_b", - "sc_7_c", - "sc_25" - ], - "ENS-RD2022": [ - "op.exp.8.r4.aws.ct.2" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "AWS-Audit-Manager-Control-Tower-Guardrails": [ - "4.1.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.1", - "2.6.2", - "2.10.2" - ], - "PCI-4.0": [ - "1.2.8.33", - "1.2.8.34", - "1.3.1.37", - "1.3.1.38", - "1.3.2.37", - "1.3.2.38", - "1.4.2.35", - "1.4.2.36", - "1.5.1.33", - "1.5.1.34", - "10.3.2.21", - "10.3.2.23", - "10.3.3.23", - "10.3.4.8", - "3.5.1.3.26", - "3.5.1.3.28", - "A1.1.2.17", - "A1.1.2.19", - "A1.1.3.33", - "A1.1.3.34", - "A1.2.1.31", - "A3.4.1.19", - "A3.4.1.21" - ], - "FedRAMP-Low-Revision-4": [ - "ac-3", - "ac-17", - "cm-2", - "sc-7" - ], - "FFIEC": [ - "d3-pc-im-b-1" - ], - "CCC": [ - "CCC.AuditLog.CN09.AR01", - "CCC.AuditLog.CN10.AR02", - "CCC.Logging.CN05.AR01", - "CCC.Logging.CN05.AR02", - "CCC.ObjStor.CN02.AR02", - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05" - ], - "GxP-21-CFR-Part-11": [ - "11.10-c", - "11.10-d", - "11.10-g", - "11.10-k" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC03-BP07" - ], - "ISO27001-2022": [ - "A.8.1" - ], - "NIST-800-53-Revision-4": [ - "ac_3", - "ac_4", - "ac_6", - "ac_21", - "sc_7_3", - "sc_7" - ], - "AWS-Account-Security-Onboarding": [ - "S3 Block Public Access" - ], - "KISA-ISMS-P-2023": [ - "2.6.1", - "2.6.2", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1530" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure there are no S3 buckets open to Everyone or Any AWS user.", - "title": "Ensure there are no S3 buckets open to Everyone or Any AWS user.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_public_access-211203495394-us-east-1-prod-my-secure-s3-bucket-20250423" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::prod-my-secure-s3-bucket-20250423", - "name": "prod-my-secure-s3-bucket-20250423", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": true, - "logging": true, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "aws:kms", - "region": "us-east-1", - "logging_target_bucket": "prod-my-secure-s3-bucket-20250423-logs", - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [ - { - "Key": "Environment", - "Value": "Production" - }, - { - "Key": "Owner", - "Value": "CFI" - }, - { - "Key": "managed-by", - "Value": "terraform" - }, - { - "Key": "module", - "Value": "secure-s3" - }, - { - "Key": "Name", - "Value": "prod-my-secure-s3-bucket-20250423" - } - ], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [ - "Environment:Production", - "Owner:CFI", - "managed-by:terraform", - "module:secure-s3", - "Name:prod-my-secure-s3-bucket-20250423" - ], - "name": "prod-my-secure-s3-bucket-20250423", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::prod-my-secure-s3-bucket-20250423" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "You can enable block public access settings only for access points, buckets and AWS accounts. Amazon S3 does not support block public access settings on a per-object basis. When you apply block public access settings to an account, the settings apply to all AWS Regions globally. The settings might not take effect in all Regions immediately or simultaneously, but they eventually propagate to all Regions.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html" - ] - }, - "risk_details": "Even if you enable all possible bucket ACL options available in the Amazon S3 console the ACL alone does not allow everyone to download objects from your bucket. Depending on which option you select any user could perform some actions.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket prod-my-secure-s3-bucket-20250423-logs is not public.", - "metadata": { - "event_code": "s3_bucket_public_access", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 Bucket prod-my-secure-s3-bucket-20250423-logs is not public.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_1", - "3_1_2", - "3_1_3", - "3_3_8", - "3_4_6", - "3_13_2", - "3_13_5" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_1_3" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_308_a_3_i", - "164_312_a_1", - "164_312_a_2_i" - ], - "SOC2": [ - "cc_6_1" - ], - "C5-2025": [ - "PS-03.02B", - "IAM-10.01B", - "COS-02.01B" - ], - "NIST-CSF-1.1": [ - "ac_3", - "ac_5", - "ds_5", - "ip_8", - "pt_3" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-3", - "ac-4", - "ac-6", - "ac-17-1", - "ac-21-b", - "cm-2", - "sc-4", - "sc-7-3", - "sc-7" - ], - "NIST-800-53-Revision-5": [ - "ac_2_6", - "ac_3", - "ac_3_7", - "ac_4_21", - "ac_6", - "ac_17_b", - "ac_17_1", - "ac_17_4_a", - "ac_17_9", - "ac_17_10", - "cm_6_a", - "cm_9_b", - "mp_2", - "sc_7_2", - "sc_7_3", - "sc_7_7", - "sc_7_9_a", - "sc_7_11", - "sc_7_12", - "sc_7_16", - "sc_7_20", - "sc_7_21", - "sc_7_24_b", - "sc_7_25", - "sc_7_26", - "sc_7_27", - "sc_7_28", - "sc_7_a", - "sc_7_b", - "sc_7_c", - "sc_25" - ], - "ENS-RD2022": [ - "op.exp.8.r4.aws.ct.2" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "AWS-Audit-Manager-Control-Tower-Guardrails": [ - "4.1.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.1", - "2.6.2", - "2.10.2" - ], - "PCI-4.0": [ - "1.2.8.33", - "1.2.8.34", - "1.3.1.37", - "1.3.1.38", - "1.3.2.37", - "1.3.2.38", - "1.4.2.35", - "1.4.2.36", - "1.5.1.33", - "1.5.1.34", - "10.3.2.21", - "10.3.2.23", - "10.3.3.23", - "10.3.4.8", - "3.5.1.3.26", - "3.5.1.3.28", - "A1.1.2.17", - "A1.1.2.19", - "A1.1.3.33", - "A1.1.3.34", - "A1.2.1.31", - "A3.4.1.19", - "A3.4.1.21" - ], - "FedRAMP-Low-Revision-4": [ - "ac-3", - "ac-17", - "cm-2", - "sc-7" - ], - "FFIEC": [ - "d3-pc-im-b-1" - ], - "CCC": [ - "CCC.AuditLog.CN09.AR01", - "CCC.AuditLog.CN10.AR02", - "CCC.Logging.CN05.AR01", - "CCC.Logging.CN05.AR02", - "CCC.ObjStor.CN02.AR02", - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05" - ], - "GxP-21-CFR-Part-11": [ - "11.10-c", - "11.10-d", - "11.10-g", - "11.10-k" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC03-BP07" - ], - "ISO27001-2022": [ - "A.8.1" - ], - "NIST-800-53-Revision-4": [ - "ac_3", - "ac_4", - "ac_6", - "ac_21", - "sc_7_3", - "sc_7" - ], - "AWS-Account-Security-Onboarding": [ - "S3 Block Public Access" - ], - "KISA-ISMS-P-2023": [ - "2.6.1", - "2.6.2", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1530" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure there are no S3 buckets open to Everyone or Any AWS user.", - "title": "Ensure there are no S3 buckets open to Everyone or Any AWS user.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_public_access-211203495394-us-east-1-prod-my-secure-s3-bucket-20250423-logs" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::prod-my-secure-s3-bucket-20250423-logs", - "name": "prod-my-secure-s3-bucket-20250423-logs", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": true, - "logging": true, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "aws:kms", - "region": "us-east-1", - "logging_target_bucket": "prod-my-secure-s3-bucket-20250423-logs", - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [ - { - "Key": "Environment", - "Value": "Production" - }, - { - "Key": "Owner", - "Value": "CFI" - }, - { - "Key": "Type", - "Value": "logs" - }, - { - "Key": "managed-by", - "Value": "terraform" - }, - { - "Key": "module", - "Value": "secure-s3" - }, - { - "Key": "Name", - "Value": "prod-my-secure-s3-bucket-20250423-logs" - } - ], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [ - "Environment:Production", - "Owner:CFI", - "Type:logs", - "managed-by:terraform", - "module:secure-s3", - "Name:prod-my-secure-s3-bucket-20250423-logs" - ], - "name": "prod-my-secure-s3-bucket-20250423-logs", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::prod-my-secure-s3-bucket-20250423-logs" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "You can enable block public access settings only for access points, buckets and AWS accounts. Amazon S3 does not support block public access settings on a per-object basis. When you apply block public access settings to an account, the settings apply to all AWS Regions globally. The settings might not take effect in all Regions immediately or simultaneously, but they eventually propagate to all Regions.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html" - ] - }, - "risk_details": "Even if you enable all possible bucket ACL options available in the Amazon S3 console the ACL alone does not allow everyone to download objects from your bucket. Depending on which option you select any user could perform some actions.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket test-bucket-obj-untrusted is not public.", - "metadata": { - "event_code": "s3_bucket_public_access", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 Bucket test-bucket-obj-untrusted is not public.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_1", - "3_1_2", - "3_1_3", - "3_3_8", - "3_4_6", - "3_13_2", - "3_13_5" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_1_3" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_308_a_3_i", - "164_312_a_1", - "164_312_a_2_i" - ], - "SOC2": [ - "cc_6_1" - ], - "C5-2025": [ - "PS-03.02B", - "IAM-10.01B", - "COS-02.01B" - ], - "NIST-CSF-1.1": [ - "ac_3", - "ac_5", - "ds_5", - "ip_8", - "pt_3" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-3", - "ac-4", - "ac-6", - "ac-17-1", - "ac-21-b", - "cm-2", - "sc-4", - "sc-7-3", - "sc-7" - ], - "NIST-800-53-Revision-5": [ - "ac_2_6", - "ac_3", - "ac_3_7", - "ac_4_21", - "ac_6", - "ac_17_b", - "ac_17_1", - "ac_17_4_a", - "ac_17_9", - "ac_17_10", - "cm_6_a", - "cm_9_b", - "mp_2", - "sc_7_2", - "sc_7_3", - "sc_7_7", - "sc_7_9_a", - "sc_7_11", - "sc_7_12", - "sc_7_16", - "sc_7_20", - "sc_7_21", - "sc_7_24_b", - "sc_7_25", - "sc_7_26", - "sc_7_27", - "sc_7_28", - "sc_7_a", - "sc_7_b", - "sc_7_c", - "sc_25" - ], - "ENS-RD2022": [ - "op.exp.8.r4.aws.ct.2" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "AWS-Audit-Manager-Control-Tower-Guardrails": [ - "4.1.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.1", - "2.6.2", - "2.10.2" - ], - "PCI-4.0": [ - "1.2.8.33", - "1.2.8.34", - "1.3.1.37", - "1.3.1.38", - "1.3.2.37", - "1.3.2.38", - "1.4.2.35", - "1.4.2.36", - "1.5.1.33", - "1.5.1.34", - "10.3.2.21", - "10.3.2.23", - "10.3.3.23", - "10.3.4.8", - "3.5.1.3.26", - "3.5.1.3.28", - "A1.1.2.17", - "A1.1.2.19", - "A1.1.3.33", - "A1.1.3.34", - "A1.2.1.31", - "A3.4.1.19", - "A3.4.1.21" - ], - "FedRAMP-Low-Revision-4": [ - "ac-3", - "ac-17", - "cm-2", - "sc-7" - ], - "FFIEC": [ - "d3-pc-im-b-1" - ], - "CCC": [ - "CCC.AuditLog.CN09.AR01", - "CCC.AuditLog.CN10.AR02", - "CCC.Logging.CN05.AR01", - "CCC.Logging.CN05.AR02", - "CCC.ObjStor.CN02.AR02", - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05" - ], - "GxP-21-CFR-Part-11": [ - "11.10-c", - "11.10-d", - "11.10-g", - "11.10-k" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC03-BP07" - ], - "ISO27001-2022": [ - "A.8.1" - ], - "NIST-800-53-Revision-4": [ - "ac_3", - "ac_4", - "ac_6", - "ac_21", - "sc_7_3", - "sc_7" - ], - "AWS-Account-Security-Onboarding": [ - "S3 Block Public Access" - ], - "KISA-ISMS-P-2023": [ - "2.6.1", - "2.6.2", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1530" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure there are no S3 buckets open to Everyone or Any AWS user.", - "title": "Ensure there are no S3 buckets open to Everyone or Any AWS user.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_public_access-211203495394-us-east-1-test-bucket-obj-untrusted" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::test-bucket-obj-untrusted", - "name": "test-bucket-obj-untrusted", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": null, - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "us-east-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "test-bucket-obj-untrusted", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::test-bucket-obj-untrusted" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "You can enable block public access settings only for access points, buckets and AWS accounts. Amazon S3 does not support block public access settings on a per-object basis. When you apply block public access settings to an account, the settings apply to all AWS Regions globally. The settings might not take effect in all Regions immediately or simultaneously, but they eventually propagate to all Regions.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html" - ] - }, - "risk_details": "Even if you enable all possible bucket ACL options available in the Amazon S3 console the ACL alone does not allow everyone to download objects from your bucket. Depending on which option you select any user could perform some actions.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket test-bucket-untrusted-kms is not public.", - "metadata": { - "event_code": "s3_bucket_public_access", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 Bucket test-bucket-untrusted-kms is not public.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_1", - "3_1_2", - "3_1_3", - "3_3_8", - "3_4_6", - "3_13_2", - "3_13_5" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_1_3" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_308_a_3_i", - "164_312_a_1", - "164_312_a_2_i" - ], - "SOC2": [ - "cc_6_1" - ], - "C5-2025": [ - "PS-03.02B", - "IAM-10.01B", - "COS-02.01B" - ], - "NIST-CSF-1.1": [ - "ac_3", - "ac_5", - "ds_5", - "ip_8", - "pt_3" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-3", - "ac-4", - "ac-6", - "ac-17-1", - "ac-21-b", - "cm-2", - "sc-4", - "sc-7-3", - "sc-7" - ], - "NIST-800-53-Revision-5": [ - "ac_2_6", - "ac_3", - "ac_3_7", - "ac_4_21", - "ac_6", - "ac_17_b", - "ac_17_1", - "ac_17_4_a", - "ac_17_9", - "ac_17_10", - "cm_6_a", - "cm_9_b", - "mp_2", - "sc_7_2", - "sc_7_3", - "sc_7_7", - "sc_7_9_a", - "sc_7_11", - "sc_7_12", - "sc_7_16", - "sc_7_20", - "sc_7_21", - "sc_7_24_b", - "sc_7_25", - "sc_7_26", - "sc_7_27", - "sc_7_28", - "sc_7_a", - "sc_7_b", - "sc_7_c", - "sc_25" - ], - "ENS-RD2022": [ - "op.exp.8.r4.aws.ct.2" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "AWS-Audit-Manager-Control-Tower-Guardrails": [ - "4.1.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.1", - "2.6.2", - "2.10.2" - ], - "PCI-4.0": [ - "1.2.8.33", - "1.2.8.34", - "1.3.1.37", - "1.3.1.38", - "1.3.2.37", - "1.3.2.38", - "1.4.2.35", - "1.4.2.36", - "1.5.1.33", - "1.5.1.34", - "10.3.2.21", - "10.3.2.23", - "10.3.3.23", - "10.3.4.8", - "3.5.1.3.26", - "3.5.1.3.28", - "A1.1.2.17", - "A1.1.2.19", - "A1.1.3.33", - "A1.1.3.34", - "A1.2.1.31", - "A3.4.1.19", - "A3.4.1.21" - ], - "FedRAMP-Low-Revision-4": [ - "ac-3", - "ac-17", - "cm-2", - "sc-7" - ], - "FFIEC": [ - "d3-pc-im-b-1" - ], - "CCC": [ - "CCC.AuditLog.CN09.AR01", - "CCC.AuditLog.CN10.AR02", - "CCC.Logging.CN05.AR01", - "CCC.Logging.CN05.AR02", - "CCC.ObjStor.CN02.AR02", - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05" - ], - "GxP-21-CFR-Part-11": [ - "11.10-c", - "11.10-d", - "11.10-g", - "11.10-k" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC03-BP07" - ], - "ISO27001-2022": [ - "A.8.1" - ], - "NIST-800-53-Revision-4": [ - "ac_3", - "ac_4", - "ac_6", - "ac_21", - "sc_7_3", - "sc_7" - ], - "AWS-Account-Security-Onboarding": [ - "S3 Block Public Access" - ], - "KISA-ISMS-P-2023": [ - "2.6.1", - "2.6.2", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1530" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure there are no S3 buckets open to Everyone or Any AWS user.", - "title": "Ensure there are no S3 buckets open to Everyone or Any AWS user.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_public_access-211203495394-us-east-1-test-bucket-untrusted-kms" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::test-bucket-untrusted-kms", - "name": "test-bucket-untrusted-kms", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "us-east-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "test-bucket-untrusted-kms", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::test-bucket-untrusted-kms" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "You can enable block public access settings only for access points, buckets and AWS accounts. Amazon S3 does not support block public access settings on a per-object basis. When you apply block public access settings to an account, the settings apply to all AWS Regions globally. The settings might not take effect in all Regions immediately or simultaneously, but they eventually propagate to all Regions.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html" - ] - }, - "risk_details": "Even if you enable all possible bucket ACL options available in the Amazon S3 console the ACL alone does not allow everyone to download objects from your bucket. Depending on which option you select any user could perform some actions.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket prod-my-secure-s3-bucket-20250423 is not publicly listable.", - "metadata": { - "event_code": "s3_bucket_public_list_acl", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 Bucket prod-my-secure-s3-bucket-20250423 is not publicly listable.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "PS-03.02B" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "AWS-Audit-Manager-Control-Tower-Guardrails": [ - "4.1.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "CCC": [ - "CCC.AuditLog.CN10.AR01", - "CCC.AuditLog.CN10.AR02", - "CCC.Logging.CN05.AR01", - "CCC.Logging.CN05.AR02", - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR05" - ], - "ProwlerThreatScore-1.0": [ - "2.2.16" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure there are no S3 buckets listable by Everyone or Any AWS customer.", - "title": "Ensure there are no S3 buckets listable by Everyone or Any AWS customer.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_public_list_acl-211203495394-us-east-1-prod-my-secure-s3-bucket-20250423" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::prod-my-secure-s3-bucket-20250423", - "name": "prod-my-secure-s3-bucket-20250423", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": true, - "logging": true, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "aws:kms", - "region": "us-east-1", - "logging_target_bucket": "prod-my-secure-s3-bucket-20250423-logs", - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [ - { - "Key": "Environment", - "Value": "Production" - }, - { - "Key": "Owner", - "Value": "CFI" - }, - { - "Key": "managed-by", - "Value": "terraform" - }, - { - "Key": "module", - "Value": "secure-s3" - }, - { - "Key": "Name", - "Value": "prod-my-secure-s3-bucket-20250423" - } - ], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [ - "Environment:Production", - "Owner:CFI", - "managed-by:terraform", - "module:secure-s3", - "Name:prod-my-secure-s3-bucket-20250423" - ], - "name": "prod-my-secure-s3-bucket-20250423", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::prod-my-secure-s3-bucket-20250423" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "You can enable block public access settings only for access points, buckets and AWS accounts. Amazon S3 does not support block public access settings on a per-object basis. When you apply block public access settings to an account, the settings apply to all AWS Regions globally. The settings might not take effect in all Regions immediately or simultaneously, but they eventually propagate to all Regions.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html" - ] - }, - "risk_details": "Even if you enable all possible bucket ACL options available in the Amazon S3 console the ACL alone does not allow everyone to download objects from your bucket. Depending on which option you select any user could perform some actions.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket prod-my-secure-s3-bucket-20250423-logs is not publicly listable.", - "metadata": { - "event_code": "s3_bucket_public_list_acl", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 Bucket prod-my-secure-s3-bucket-20250423-logs is not publicly listable.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "PS-03.02B" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "AWS-Audit-Manager-Control-Tower-Guardrails": [ - "4.1.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "CCC": [ - "CCC.AuditLog.CN10.AR01", - "CCC.AuditLog.CN10.AR02", - "CCC.Logging.CN05.AR01", - "CCC.Logging.CN05.AR02", - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR05" - ], - "ProwlerThreatScore-1.0": [ - "2.2.16" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure there are no S3 buckets listable by Everyone or Any AWS customer.", - "title": "Ensure there are no S3 buckets listable by Everyone or Any AWS customer.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_public_list_acl-211203495394-us-east-1-prod-my-secure-s3-bucket-20250423-logs" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::prod-my-secure-s3-bucket-20250423-logs", - "name": "prod-my-secure-s3-bucket-20250423-logs", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": true, - "logging": true, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "aws:kms", - "region": "us-east-1", - "logging_target_bucket": "prod-my-secure-s3-bucket-20250423-logs", - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [ - { - "Key": "Environment", - "Value": "Production" - }, - { - "Key": "Owner", - "Value": "CFI" - }, - { - "Key": "Type", - "Value": "logs" - }, - { - "Key": "managed-by", - "Value": "terraform" - }, - { - "Key": "module", - "Value": "secure-s3" - }, - { - "Key": "Name", - "Value": "prod-my-secure-s3-bucket-20250423-logs" - } - ], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [ - "Environment:Production", - "Owner:CFI", - "Type:logs", - "managed-by:terraform", - "module:secure-s3", - "Name:prod-my-secure-s3-bucket-20250423-logs" - ], - "name": "prod-my-secure-s3-bucket-20250423-logs", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::prod-my-secure-s3-bucket-20250423-logs" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "You can enable block public access settings only for access points, buckets and AWS accounts. Amazon S3 does not support block public access settings on a per-object basis. When you apply block public access settings to an account, the settings apply to all AWS Regions globally. The settings might not take effect in all Regions immediately or simultaneously, but they eventually propagate to all Regions.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html" - ] - }, - "risk_details": "Even if you enable all possible bucket ACL options available in the Amazon S3 console the ACL alone does not allow everyone to download objects from your bucket. Depending on which option you select any user could perform some actions.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket test-bucket-obj-untrusted is not publicly listable.", - "metadata": { - "event_code": "s3_bucket_public_list_acl", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 Bucket test-bucket-obj-untrusted is not publicly listable.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "PS-03.02B" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "AWS-Audit-Manager-Control-Tower-Guardrails": [ - "4.1.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "CCC": [ - "CCC.AuditLog.CN10.AR01", - "CCC.AuditLog.CN10.AR02", - "CCC.Logging.CN05.AR01", - "CCC.Logging.CN05.AR02", - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR05" - ], - "ProwlerThreatScore-1.0": [ - "2.2.16" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure there are no S3 buckets listable by Everyone or Any AWS customer.", - "title": "Ensure there are no S3 buckets listable by Everyone or Any AWS customer.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_public_list_acl-211203495394-us-east-1-test-bucket-obj-untrusted" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::test-bucket-obj-untrusted", - "name": "test-bucket-obj-untrusted", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": null, - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "us-east-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "test-bucket-obj-untrusted", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::test-bucket-obj-untrusted" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "You can enable block public access settings only for access points, buckets and AWS accounts. Amazon S3 does not support block public access settings on a per-object basis. When you apply block public access settings to an account, the settings apply to all AWS Regions globally. The settings might not take effect in all Regions immediately or simultaneously, but they eventually propagate to all Regions.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html" - ] - }, - "risk_details": "Even if you enable all possible bucket ACL options available in the Amazon S3 console the ACL alone does not allow everyone to download objects from your bucket. Depending on which option you select any user could perform some actions.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket test-bucket-untrusted-kms is not publicly listable.", - "metadata": { - "event_code": "s3_bucket_public_list_acl", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 Bucket test-bucket-untrusted-kms is not publicly listable.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "PS-03.02B" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "AWS-Audit-Manager-Control-Tower-Guardrails": [ - "4.1.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "CCC": [ - "CCC.AuditLog.CN10.AR01", - "CCC.AuditLog.CN10.AR02", - "CCC.Logging.CN05.AR01", - "CCC.Logging.CN05.AR02", - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR05" - ], - "ProwlerThreatScore-1.0": [ - "2.2.16" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure there are no S3 buckets listable by Everyone or Any AWS customer.", - "title": "Ensure there are no S3 buckets listable by Everyone or Any AWS customer.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_public_list_acl-211203495394-us-east-1-test-bucket-untrusted-kms" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::test-bucket-untrusted-kms", - "name": "test-bucket-untrusted-kms", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "us-east-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "test-bucket-untrusted-kms", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::test-bucket-untrusted-kms" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "You can enable block public access settings only for access points, buckets and AWS accounts. Amazon S3 does not support block public access settings on a per-object basis. When you apply block public access settings to an account, the settings apply to all AWS Regions globally. The settings might not take effect in all Regions immediately or simultaneously, but they eventually propagate to all Regions.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html" - ] - }, - "risk_details": "Even if you enable all possible bucket ACL options available in the Amazon S3 console the ACL alone does not allow everyone to download objects from your bucket. Depending on which option you select any user could perform some actions.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket prod-my-secure-s3-bucket-20250423 is not publicly writable.", - "metadata": { - "event_code": "s3_bucket_public_write_acl", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 Bucket prod-my-secure-s3-bucket-20250423 is not publicly writable.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "PS-03.02B" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "PCI-4.0": [ - "1.2.8.35", - "1.3.1.39", - "1.3.2.39", - "1.4.2.37", - "1.5.1.35", - "10.3.2.24", - "3.5.1.3.29", - "A1.1.2.20", - "A1.1.3.35", - "A3.4.1.22" - ], - "PCI-3.2.1": [ - "1.2", - "1.2.1", - "1.2.1.a", - "1.2.1.b", - "1.2.1.c", - "1.3", - "1.3.1", - "1.3.2", - "1.3.4", - "1.3.6", - "7.2", - "7.2.1" - ], - "CCC": [ - "CCC.AuditLog.CN10.AR01", - "CCC.AuditLog.CN10.AR02", - "CCC.Logging.CN05.AR01", - "CCC.Logging.CN05.AR02", - "CCC.ObjStor.CN02.AR01", - "CCC.ObjStor.CN02.AR02", - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR05" - ], - "ProwlerThreatScore-1.0": [ - "2.2.17" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.3" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure there are no S3 buckets writable by Everyone or Any AWS customer.", - "title": "Ensure there are no S3 buckets writable by Everyone or Any AWS customer.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_public_write_acl-211203495394-us-east-1-prod-my-secure-s3-bucket-20250423" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::prod-my-secure-s3-bucket-20250423", - "name": "prod-my-secure-s3-bucket-20250423", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": true, - "logging": true, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "aws:kms", - "region": "us-east-1", - "logging_target_bucket": "prod-my-secure-s3-bucket-20250423-logs", - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [ - { - "Key": "Environment", - "Value": "Production" - }, - { - "Key": "Owner", - "Value": "CFI" - }, - { - "Key": "managed-by", - "Value": "terraform" - }, - { - "Key": "module", - "Value": "secure-s3" - }, - { - "Key": "Name", - "Value": "prod-my-secure-s3-bucket-20250423" - } - ], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [ - "Environment:Production", - "Owner:CFI", - "managed-by:terraform", - "module:secure-s3", - "Name:prod-my-secure-s3-bucket-20250423" - ], - "name": "prod-my-secure-s3-bucket-20250423", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::prod-my-secure-s3-bucket-20250423" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "You can enable block public access settings only for access points, buckets and AWS accounts. Amazon S3 does not support block public access settings on a per-object basis. When you apply block public access settings to an account, the settings apply to all AWS Regions globally. The settings might not take effect in all Regions immediately or simultaneously, but they eventually propagate to all Regions.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html" - ] - }, - "risk_details": "Even if you enable all possible bucket ACL options available in the Amazon S3 console the ACL alone does not allow everyone to download objects from your bucket. Depending on which option you select any user could perform some actions.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket prod-my-secure-s3-bucket-20250423-logs is not publicly writable.", - "metadata": { - "event_code": "s3_bucket_public_write_acl", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 Bucket prod-my-secure-s3-bucket-20250423-logs is not publicly writable.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "PS-03.02B" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "PCI-4.0": [ - "1.2.8.35", - "1.3.1.39", - "1.3.2.39", - "1.4.2.37", - "1.5.1.35", - "10.3.2.24", - "3.5.1.3.29", - "A1.1.2.20", - "A1.1.3.35", - "A3.4.1.22" - ], - "PCI-3.2.1": [ - "1.2", - "1.2.1", - "1.2.1.a", - "1.2.1.b", - "1.2.1.c", - "1.3", - "1.3.1", - "1.3.2", - "1.3.4", - "1.3.6", - "7.2", - "7.2.1" - ], - "CCC": [ - "CCC.AuditLog.CN10.AR01", - "CCC.AuditLog.CN10.AR02", - "CCC.Logging.CN05.AR01", - "CCC.Logging.CN05.AR02", - "CCC.ObjStor.CN02.AR01", - "CCC.ObjStor.CN02.AR02", - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR05" - ], - "ProwlerThreatScore-1.0": [ - "2.2.17" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.3" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure there are no S3 buckets writable by Everyone or Any AWS customer.", - "title": "Ensure there are no S3 buckets writable by Everyone or Any AWS customer.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_public_write_acl-211203495394-us-east-1-prod-my-secure-s3-bucket-20250423-logs" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::prod-my-secure-s3-bucket-20250423-logs", - "name": "prod-my-secure-s3-bucket-20250423-logs", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": true, - "logging": true, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "aws:kms", - "region": "us-east-1", - "logging_target_bucket": "prod-my-secure-s3-bucket-20250423-logs", - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [ - { - "Key": "Environment", - "Value": "Production" - }, - { - "Key": "Owner", - "Value": "CFI" - }, - { - "Key": "Type", - "Value": "logs" - }, - { - "Key": "managed-by", - "Value": "terraform" - }, - { - "Key": "module", - "Value": "secure-s3" - }, - { - "Key": "Name", - "Value": "prod-my-secure-s3-bucket-20250423-logs" - } - ], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [ - "Environment:Production", - "Owner:CFI", - "Type:logs", - "managed-by:terraform", - "module:secure-s3", - "Name:prod-my-secure-s3-bucket-20250423-logs" - ], - "name": "prod-my-secure-s3-bucket-20250423-logs", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::prod-my-secure-s3-bucket-20250423-logs" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "You can enable block public access settings only for access points, buckets and AWS accounts. Amazon S3 does not support block public access settings on a per-object basis. When you apply block public access settings to an account, the settings apply to all AWS Regions globally. The settings might not take effect in all Regions immediately or simultaneously, but they eventually propagate to all Regions.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html" - ] - }, - "risk_details": "Even if you enable all possible bucket ACL options available in the Amazon S3 console the ACL alone does not allow everyone to download objects from your bucket. Depending on which option you select any user could perform some actions.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket test-bucket-obj-untrusted is not publicly writable.", - "metadata": { - "event_code": "s3_bucket_public_write_acl", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 Bucket test-bucket-obj-untrusted is not publicly writable.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "PS-03.02B" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "PCI-4.0": [ - "1.2.8.35", - "1.3.1.39", - "1.3.2.39", - "1.4.2.37", - "1.5.1.35", - "10.3.2.24", - "3.5.1.3.29", - "A1.1.2.20", - "A1.1.3.35", - "A3.4.1.22" - ], - "PCI-3.2.1": [ - "1.2", - "1.2.1", - "1.2.1.a", - "1.2.1.b", - "1.2.1.c", - "1.3", - "1.3.1", - "1.3.2", - "1.3.4", - "1.3.6", - "7.2", - "7.2.1" - ], - "CCC": [ - "CCC.AuditLog.CN10.AR01", - "CCC.AuditLog.CN10.AR02", - "CCC.Logging.CN05.AR01", - "CCC.Logging.CN05.AR02", - "CCC.ObjStor.CN02.AR01", - "CCC.ObjStor.CN02.AR02", - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR05" - ], - "ProwlerThreatScore-1.0": [ - "2.2.17" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.3" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure there are no S3 buckets writable by Everyone or Any AWS customer.", - "title": "Ensure there are no S3 buckets writable by Everyone or Any AWS customer.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_public_write_acl-211203495394-us-east-1-test-bucket-obj-untrusted" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::test-bucket-obj-untrusted", - "name": "test-bucket-obj-untrusted", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": null, - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "us-east-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "test-bucket-obj-untrusted", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::test-bucket-obj-untrusted" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "You can enable block public access settings only for access points, buckets and AWS accounts. Amazon S3 does not support block public access settings on a per-object basis. When you apply block public access settings to an account, the settings apply to all AWS Regions globally. The settings might not take effect in all Regions immediately or simultaneously, but they eventually propagate to all Regions.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html" - ] - }, - "risk_details": "Even if you enable all possible bucket ACL options available in the Amazon S3 console the ACL alone does not allow everyone to download objects from your bucket. Depending on which option you select any user could perform some actions.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket test-bucket-untrusted-kms is not publicly writable.", - "metadata": { - "event_code": "s3_bucket_public_write_acl", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 Bucket test-bucket-untrusted-kms is not publicly writable.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "PS-03.02B" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "PCI-4.0": [ - "1.2.8.35", - "1.3.1.39", - "1.3.2.39", - "1.4.2.37", - "1.5.1.35", - "10.3.2.24", - "3.5.1.3.29", - "A1.1.2.20", - "A1.1.3.35", - "A3.4.1.22" - ], - "PCI-3.2.1": [ - "1.2", - "1.2.1", - "1.2.1.a", - "1.2.1.b", - "1.2.1.c", - "1.3", - "1.3.1", - "1.3.2", - "1.3.4", - "1.3.6", - "7.2", - "7.2.1" - ], - "CCC": [ - "CCC.AuditLog.CN10.AR01", - "CCC.AuditLog.CN10.AR02", - "CCC.Logging.CN05.AR01", - "CCC.Logging.CN05.AR02", - "CCC.ObjStor.CN02.AR01", - "CCC.ObjStor.CN02.AR02", - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR05" - ], - "ProwlerThreatScore-1.0": [ - "2.2.17" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.3" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure there are no S3 buckets writable by Everyone or Any AWS customer.", - "title": "Ensure there are no S3 buckets writable by Everyone or Any AWS customer.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_public_write_acl-211203495394-us-east-1-test-bucket-untrusted-kms" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::test-bucket-untrusted-kms", - "name": "test-bucket-untrusted-kms", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "us-east-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "test-bucket-untrusted-kms", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::test-bucket-untrusted-kms" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "You can enable block public access settings only for access points, buckets and AWS accounts. Amazon S3 does not support block public access settings on a per-object basis. When you apply block public access settings to an account, the settings apply to all AWS Regions globally. The settings might not take effect in all Regions immediately or simultaneously, but they eventually propagate to all Regions.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html" - ] - }, - "risk_details": "Even if you enable all possible bucket ACL options available in the Amazon S3 console the ACL alone does not allow everyone to download objects from your bucket. Depending on which option you select any user could perform some actions.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket prod-my-secure-s3-bucket-20250423 does not have a bucket policy, thus it allows HTTP requests.", - "metadata": { - "event_code": "s3_bucket_secure_transport_policy", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "S3 Bucket prod-my-secure-s3-bucket-20250423 does not have a bucket policy, thus it allows HTTP requests.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_13", - "3_5_10", - "3_13_1", - "3_13_5", - "3_13_8", - "3_13_11", - "3_13_16" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_1_3" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_312_a_2_iv", - "164_312_c_1", - "164_312_c_2", - "164_312_e_1", - "164_312_e_2_i", - "164_312_e_2_ii" - ], - "NIST-CSF-1.1": [ - "ds_2" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-17-2", - "sc-7", - "sc-8-1", - "sc-8", - "sc-23" - ], - "CIS-3.0": [ - "2.1.1" - ], - "NIST-800-53-Revision-5": [ - "ac_4", - "ac_4_22", - "ac_17_2", - "ac_24_1", - "au_9_3", - "ca_9_b", - "cm_6_a", - "cm_9_b", - "ia_5_1_c", - "pm_11_b", - "pm_17_b", - "sc_7_4_b", - "sc_7_4_g", - "sc_7_5", - "sc_8", - "sc_8_1", - "sc_8_2", - "sc_8_3", - "sc_8_4", - "sc_8_5", - "sc_13_a", - "sc_16_1", - "sc_23", - "si_1_a_2" - ], - "ENS-RD2022": [ - "mp.com.1.aws.s3.1", - "mp.com.3.aws.s3.1" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.1", - "2.10.2" - ], - "CIS-4.0.1": [ - "2.1.1" - ], - "PCI-4.0": [ - "1.2.5.15", - "2.2.5.15", - "2.2.7.19", - "4.2.1.1.27", - "4.2.1.19", - "8.3.2.49" - ], - "FedRAMP-Low-Revision-4": [ - "ac-17", - "sc-7" - ], - "FFIEC": [ - "d3-pc-am-b-12", - "d3-pc-am-b-13", - "d3-pc-am-b-15" - ], - "GDPR": [ - "article_32" - ], - "CIS-5.0": [ - "2.1.1" - ], - "CIS-1.4": [ - "2.1.2" - ], - "CCC": [ - "CCC.Core.CN01.AR01", - "CCC.Core.CN01.AR03", - "CCC.Core.CN01.AR07", - "CCC.Core.CN01.AR08" - ], - "GxP-21-CFR-Part-11": [ - "11.10-c", - "11.30" - ], - "ProwlerThreatScore-1.0": [ - "4.1.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.5" - ], - "CIS-1.5": [ - "2.1.2" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC09-BP02" - ], - "NIST-800-53-Revision-4": [ - "ac_17_2", - "sc_7", - "sc_8_1", - "sc_8" - ], - "KISA-ISMS-P-2023": [ - "2.7.1", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1040" - ], - "CIS-2.0": [ - "2.1.1" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Check if S3 buckets have secure transport policy.", - "title": "Check if S3 buckets have secure transport policy.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_secure_transport_policy-211203495394-us-east-1-prod-my-secure-s3-bucket-20250423" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::prod-my-secure-s3-bucket-20250423", - "name": "prod-my-secure-s3-bucket-20250423", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": true, - "logging": true, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "aws:kms", - "region": "us-east-1", - "logging_target_bucket": "prod-my-secure-s3-bucket-20250423-logs", - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [ - { - "Key": "Environment", - "Value": "Production" - }, - { - "Key": "Owner", - "Value": "CFI" - }, - { - "Key": "managed-by", - "Value": "terraform" - }, - { - "Key": "module", - "Value": "secure-s3" - }, - { - "Key": "Name", - "Value": "prod-my-secure-s3-bucket-20250423" - } - ], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [ - "Environment:Production", - "Owner:CFI", - "managed-by:terraform", - "module:secure-s3", - "Name:prod-my-secure-s3-bucket-20250423" - ], - "name": "prod-my-secure-s3-bucket-20250423", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::prod-my-secure-s3-bucket-20250423" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Ensure that S3 buckets have encryption in transit enabled.", - "references": [ - "https://aws.amazon.com/premiumsupport/knowledge-center/s3-bucket-policy-for-config-rule/" - ] - }, - "risk_details": "If HTTPS is not enforced on the bucket policy, communication between clients and S3 buckets can use unencrypted HTTP. As a result, sensitive information could be transmitted in clear text over the network or internet.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket prod-my-secure-s3-bucket-20250423-logs does not have a bucket policy, thus it allows HTTP requests.", - "metadata": { - "event_code": "s3_bucket_secure_transport_policy", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "S3 Bucket prod-my-secure-s3-bucket-20250423-logs does not have a bucket policy, thus it allows HTTP requests.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_13", - "3_5_10", - "3_13_1", - "3_13_5", - "3_13_8", - "3_13_11", - "3_13_16" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_1_3" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_312_a_2_iv", - "164_312_c_1", - "164_312_c_2", - "164_312_e_1", - "164_312_e_2_i", - "164_312_e_2_ii" - ], - "NIST-CSF-1.1": [ - "ds_2" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-17-2", - "sc-7", - "sc-8-1", - "sc-8", - "sc-23" - ], - "CIS-3.0": [ - "2.1.1" - ], - "NIST-800-53-Revision-5": [ - "ac_4", - "ac_4_22", - "ac_17_2", - "ac_24_1", - "au_9_3", - "ca_9_b", - "cm_6_a", - "cm_9_b", - "ia_5_1_c", - "pm_11_b", - "pm_17_b", - "sc_7_4_b", - "sc_7_4_g", - "sc_7_5", - "sc_8", - "sc_8_1", - "sc_8_2", - "sc_8_3", - "sc_8_4", - "sc_8_5", - "sc_13_a", - "sc_16_1", - "sc_23", - "si_1_a_2" - ], - "ENS-RD2022": [ - "mp.com.1.aws.s3.1", - "mp.com.3.aws.s3.1" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.1", - "2.10.2" - ], - "CIS-4.0.1": [ - "2.1.1" - ], - "PCI-4.0": [ - "1.2.5.15", - "2.2.5.15", - "2.2.7.19", - "4.2.1.1.27", - "4.2.1.19", - "8.3.2.49" - ], - "FedRAMP-Low-Revision-4": [ - "ac-17", - "sc-7" - ], - "FFIEC": [ - "d3-pc-am-b-12", - "d3-pc-am-b-13", - "d3-pc-am-b-15" - ], - "GDPR": [ - "article_32" - ], - "CIS-5.0": [ - "2.1.1" - ], - "CIS-1.4": [ - "2.1.2" - ], - "CCC": [ - "CCC.Core.CN01.AR01", - "CCC.Core.CN01.AR03", - "CCC.Core.CN01.AR07", - "CCC.Core.CN01.AR08" - ], - "GxP-21-CFR-Part-11": [ - "11.10-c", - "11.30" - ], - "ProwlerThreatScore-1.0": [ - "4.1.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.5" - ], - "CIS-1.5": [ - "2.1.2" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC09-BP02" - ], - "NIST-800-53-Revision-4": [ - "ac_17_2", - "sc_7", - "sc_8_1", - "sc_8" - ], - "KISA-ISMS-P-2023": [ - "2.7.1", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1040" - ], - "CIS-2.0": [ - "2.1.1" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Check if S3 buckets have secure transport policy.", - "title": "Check if S3 buckets have secure transport policy.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_secure_transport_policy-211203495394-us-east-1-prod-my-secure-s3-bucket-20250423-logs" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::prod-my-secure-s3-bucket-20250423-logs", - "name": "prod-my-secure-s3-bucket-20250423-logs", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": true, - "logging": true, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "aws:kms", - "region": "us-east-1", - "logging_target_bucket": "prod-my-secure-s3-bucket-20250423-logs", - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [ - { - "Key": "Environment", - "Value": "Production" - }, - { - "Key": "Owner", - "Value": "CFI" - }, - { - "Key": "Type", - "Value": "logs" - }, - { - "Key": "managed-by", - "Value": "terraform" - }, - { - "Key": "module", - "Value": "secure-s3" - }, - { - "Key": "Name", - "Value": "prod-my-secure-s3-bucket-20250423-logs" - } - ], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [ - "Environment:Production", - "Owner:CFI", - "Type:logs", - "managed-by:terraform", - "module:secure-s3", - "Name:prod-my-secure-s3-bucket-20250423-logs" - ], - "name": "prod-my-secure-s3-bucket-20250423-logs", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::prod-my-secure-s3-bucket-20250423-logs" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Ensure that S3 buckets have encryption in transit enabled.", - "references": [ - "https://aws.amazon.com/premiumsupport/knowledge-center/s3-bucket-policy-for-config-rule/" - ] - }, - "risk_details": "If HTTPS is not enforced on the bucket policy, communication between clients and S3 buckets can use unencrypted HTTP. As a result, sensitive information could be transmitted in clear text over the network or internet.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket test-bucket-obj-untrusted does not have a bucket policy, thus it allows HTTP requests.", - "metadata": { - "event_code": "s3_bucket_secure_transport_policy", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "S3 Bucket test-bucket-obj-untrusted does not have a bucket policy, thus it allows HTTP requests.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_13", - "3_5_10", - "3_13_1", - "3_13_5", - "3_13_8", - "3_13_11", - "3_13_16" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_1_3" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_312_a_2_iv", - "164_312_c_1", - "164_312_c_2", - "164_312_e_1", - "164_312_e_2_i", - "164_312_e_2_ii" - ], - "NIST-CSF-1.1": [ - "ds_2" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-17-2", - "sc-7", - "sc-8-1", - "sc-8", - "sc-23" - ], - "CIS-3.0": [ - "2.1.1" - ], - "NIST-800-53-Revision-5": [ - "ac_4", - "ac_4_22", - "ac_17_2", - "ac_24_1", - "au_9_3", - "ca_9_b", - "cm_6_a", - "cm_9_b", - "ia_5_1_c", - "pm_11_b", - "pm_17_b", - "sc_7_4_b", - "sc_7_4_g", - "sc_7_5", - "sc_8", - "sc_8_1", - "sc_8_2", - "sc_8_3", - "sc_8_4", - "sc_8_5", - "sc_13_a", - "sc_16_1", - "sc_23", - "si_1_a_2" - ], - "ENS-RD2022": [ - "mp.com.1.aws.s3.1", - "mp.com.3.aws.s3.1" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.1", - "2.10.2" - ], - "CIS-4.0.1": [ - "2.1.1" - ], - "PCI-4.0": [ - "1.2.5.15", - "2.2.5.15", - "2.2.7.19", - "4.2.1.1.27", - "4.2.1.19", - "8.3.2.49" - ], - "FedRAMP-Low-Revision-4": [ - "ac-17", - "sc-7" - ], - "FFIEC": [ - "d3-pc-am-b-12", - "d3-pc-am-b-13", - "d3-pc-am-b-15" - ], - "GDPR": [ - "article_32" - ], - "CIS-5.0": [ - "2.1.1" - ], - "CIS-1.4": [ - "2.1.2" - ], - "CCC": [ - "CCC.Core.CN01.AR01", - "CCC.Core.CN01.AR03", - "CCC.Core.CN01.AR07", - "CCC.Core.CN01.AR08" - ], - "GxP-21-CFR-Part-11": [ - "11.10-c", - "11.30" - ], - "ProwlerThreatScore-1.0": [ - "4.1.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.5" - ], - "CIS-1.5": [ - "2.1.2" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC09-BP02" - ], - "NIST-800-53-Revision-4": [ - "ac_17_2", - "sc_7", - "sc_8_1", - "sc_8" - ], - "KISA-ISMS-P-2023": [ - "2.7.1", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1040" - ], - "CIS-2.0": [ - "2.1.1" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Check if S3 buckets have secure transport policy.", - "title": "Check if S3 buckets have secure transport policy.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_secure_transport_policy-211203495394-us-east-1-test-bucket-obj-untrusted" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::test-bucket-obj-untrusted", - "name": "test-bucket-obj-untrusted", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": null, - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "us-east-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "test-bucket-obj-untrusted", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::test-bucket-obj-untrusted" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Ensure that S3 buckets have encryption in transit enabled.", - "references": [ - "https://aws.amazon.com/premiumsupport/knowledge-center/s3-bucket-policy-for-config-rule/" - ] - }, - "risk_details": "If HTTPS is not enforced on the bucket policy, communication between clients and S3 buckets can use unencrypted HTTP. As a result, sensitive information could be transmitted in clear text over the network or internet.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket test-bucket-untrusted-kms does not have a bucket policy, thus it allows HTTP requests.", - "metadata": { - "event_code": "s3_bucket_secure_transport_policy", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "S3 Bucket test-bucket-untrusted-kms does not have a bucket policy, thus it allows HTTP requests.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_13", - "3_5_10", - "3_13_1", - "3_13_5", - "3_13_8", - "3_13_11", - "3_13_16" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_1_3" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_312_a_2_iv", - "164_312_c_1", - "164_312_c_2", - "164_312_e_1", - "164_312_e_2_i", - "164_312_e_2_ii" - ], - "NIST-CSF-1.1": [ - "ds_2" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-17-2", - "sc-7", - "sc-8-1", - "sc-8", - "sc-23" - ], - "CIS-3.0": [ - "2.1.1" - ], - "NIST-800-53-Revision-5": [ - "ac_4", - "ac_4_22", - "ac_17_2", - "ac_24_1", - "au_9_3", - "ca_9_b", - "cm_6_a", - "cm_9_b", - "ia_5_1_c", - "pm_11_b", - "pm_17_b", - "sc_7_4_b", - "sc_7_4_g", - "sc_7_5", - "sc_8", - "sc_8_1", - "sc_8_2", - "sc_8_3", - "sc_8_4", - "sc_8_5", - "sc_13_a", - "sc_16_1", - "sc_23", - "si_1_a_2" - ], - "ENS-RD2022": [ - "mp.com.1.aws.s3.1", - "mp.com.3.aws.s3.1" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.1", - "2.10.2" - ], - "CIS-4.0.1": [ - "2.1.1" - ], - "PCI-4.0": [ - "1.2.5.15", - "2.2.5.15", - "2.2.7.19", - "4.2.1.1.27", - "4.2.1.19", - "8.3.2.49" - ], - "FedRAMP-Low-Revision-4": [ - "ac-17", - "sc-7" - ], - "FFIEC": [ - "d3-pc-am-b-12", - "d3-pc-am-b-13", - "d3-pc-am-b-15" - ], - "GDPR": [ - "article_32" - ], - "CIS-5.0": [ - "2.1.1" - ], - "CIS-1.4": [ - "2.1.2" - ], - "CCC": [ - "CCC.Core.CN01.AR01", - "CCC.Core.CN01.AR03", - "CCC.Core.CN01.AR07", - "CCC.Core.CN01.AR08" - ], - "GxP-21-CFR-Part-11": [ - "11.10-c", - "11.30" - ], - "ProwlerThreatScore-1.0": [ - "4.1.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.5" - ], - "CIS-1.5": [ - "2.1.2" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC09-BP02" - ], - "NIST-800-53-Revision-4": [ - "ac_17_2", - "sc_7", - "sc_8_1", - "sc_8" - ], - "KISA-ISMS-P-2023": [ - "2.7.1", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1040" - ], - "CIS-2.0": [ - "2.1.1" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Check if S3 buckets have secure transport policy.", - "title": "Check if S3 buckets have secure transport policy.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_secure_transport_policy-211203495394-us-east-1-test-bucket-untrusted-kms" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::test-bucket-untrusted-kms", - "name": "test-bucket-untrusted-kms", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "us-east-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "test-bucket-untrusted-kms", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::test-bucket-untrusted-kms" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Ensure that S3 buckets have encryption in transit enabled.", - "references": [ - "https://aws.amazon.com/premiumsupport/knowledge-center/s3-bucket-policy-for-config-rule/" - ] - }, - "risk_details": "If HTTPS is not enforced on the bucket policy, communication between clients and S3 buckets can use unencrypted HTTP. As a result, sensitive information could be transmitted in clear text over the network or internet.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket prod-my-secure-s3-bucket-20250423 has server access logging enabled.", - "metadata": { - "event_code": "s3_bucket_server_access_logging_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 Bucket prod-my-secure-s3-bucket-20250423 has server access logging enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_12", - "3_3_1", - "3_3_2", - "3_3_3", - "3_6_1", - "3_6_2", - "3_13_1", - "3_14_6", - "3_14_7" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_4" - ], - "HIPAA": [ - "164_308_a_1_ii_d", - "164_308_a_3_ii_a", - "164_308_a_6_ii", - "164_312_b", - "164_312_e_2_i" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "C5-2025": [ - "AM-01.01AC", - "OPS-11.02AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "IAM-06.04B", - "IAM-07.04B", - "IAM-10.01B", - "SSO-05.01AC", - "PSS-04.05B" - ], - "NIST-CSF-1.1": [ - "ae_1", - "ae_3", - "ae_4", - "cm_1", - "cm_3", - "cm_6", - "cm_7", - "am_3", - "ac_6", - "ds_5", - "pt_1" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-4", - "ac-2-g", - "au-2-a-d", - "au-3", - "au-6-1-3", - "au-12-a-c" - ], - "NIST-800-53-Revision-5": [ - "ac_2_4", - "ac_3_1", - "ac_3_10", - "ac_4_26", - "ac_6_9", - "au_2_b", - "au_3_a", - "au_3_b", - "au_3_c", - "au_3_d", - "au_3_e", - "au_3_f", - "au_6_3", - "au_6_4", - "au_6_6", - "au_6_9", - "au_8_b", - "au_10", - "au_12_a", - "au_12_c", - "au_12_1", - "au_12_2", - "au_12_3", - "au_12_4", - "au_14_a", - "au_14_b", - "au_14_3", - "ca_7_b", - "cm_5_1_b", - "cm_6_a", - "cm_9_b", - "ia_3_3_b", - "ma_4_1_a", - "pm_14_a_1", - "pm_14_b", - "pm_31", - "sc_7_9_b", - "si_1_1_c", - "si_3_8_b", - "si_4_2", - "si_4_17", - "si_4_20", - "si_7_8", - "si_10_1_c" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.2" - ], - "PCI-4.0": [ - "10.2.1.1.30", - "10.2.1.2.27", - "10.2.1.3.27", - "10.2.1.4.27", - "10.2.1.5.27", - "10.2.1.6.27", - "10.2.1.7.27", - "10.2.1.27", - "10.2.2.27", - "10.3.1.27", - "10.6.3.34", - "5.3.4.32", - "A1.2.1.32" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "au-2" - ], - "FFIEC": [ - "d2-ma-ma-b-1", - "d2-ma-ma-b-2", - "d3-dc-an-b-3", - "d3-dc-an-b-4", - "d5-dr-de-b-3" - ], - "PCI-3.2.1": [ - "10.1", - "10.2", - "10.2.1", - "10.2.2", - "10.2.3", - "10.2.4", - "10.2.6", - "10.2.7", - "10.3", - "10.3.1", - "10.3.2", - "10.3.3", - "10.3.4", - "10.3.5", - "10.3.6", - "10.5", - "10.5.4" - ], - "CCC": [ - "CCC.AuditLog.CN04.AR01", - "CCC.ObjStor.CN06.AR01", - "CCC.Core.CN09.AR03" - ], - "GxP-21-CFR-Part-11": [ - "11.10-e", - "11.10-k" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.9" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP01" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "NIST-800-53-Revision-4": [ - "ac_2", - "au_2", - "au_3", - "au_12" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.2" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ], - "NIS2": [ - "1.1.1.h", - "3.2.3.c", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Check if S3 buckets have server access logging enabled", - "title": "Check if S3 buckets have server access logging enabled", - "types": [ - "Logging and Monitoring" - ], - "uid": "prowler-aws-s3_bucket_server_access_logging_enabled-211203495394-us-east-1-prod-my-secure-s3-bucket-20250423" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::prod-my-secure-s3-bucket-20250423", - "name": "prod-my-secure-s3-bucket-20250423", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": true, - "logging": true, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "aws:kms", - "region": "us-east-1", - "logging_target_bucket": "prod-my-secure-s3-bucket-20250423-logs", - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [ - { - "Key": "Environment", - "Value": "Production" - }, - { - "Key": "Owner", - "Value": "CFI" - }, - { - "Key": "managed-by", - "Value": "terraform" - }, - { - "Key": "module", - "Value": "secure-s3" - }, - { - "Key": "Name", - "Value": "prod-my-secure-s3-bucket-20250423" - } - ], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [ - "Environment:Production", - "Owner:CFI", - "managed-by:terraform", - "module:secure-s3", - "Name:prod-my-secure-s3-bucket-20250423" - ], - "name": "prod-my-secure-s3-bucket-20250423", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::prod-my-secure-s3-bucket-20250423" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Ensure that S3 buckets have Logging enabled. CloudTrail data events can be used in place of S3 bucket logging. If that is the case, this finding can be considered a false positive.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/dev/security-best-practices.html" - ] - }, - "risk_details": "Server access logs can assist you in security and access audits, help you learn about your customer base, and understand your Amazon S3 bill.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket prod-my-secure-s3-bucket-20250423-logs has server access logging enabled.", - "metadata": { - "event_code": "s3_bucket_server_access_logging_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 Bucket prod-my-secure-s3-bucket-20250423-logs has server access logging enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_12", - "3_3_1", - "3_3_2", - "3_3_3", - "3_6_1", - "3_6_2", - "3_13_1", - "3_14_6", - "3_14_7" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_4" - ], - "HIPAA": [ - "164_308_a_1_ii_d", - "164_308_a_3_ii_a", - "164_308_a_6_ii", - "164_312_b", - "164_312_e_2_i" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "C5-2025": [ - "AM-01.01AC", - "OPS-11.02AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "IAM-06.04B", - "IAM-07.04B", - "IAM-10.01B", - "SSO-05.01AC", - "PSS-04.05B" - ], - "NIST-CSF-1.1": [ - "ae_1", - "ae_3", - "ae_4", - "cm_1", - "cm_3", - "cm_6", - "cm_7", - "am_3", - "ac_6", - "ds_5", - "pt_1" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-4", - "ac-2-g", - "au-2-a-d", - "au-3", - "au-6-1-3", - "au-12-a-c" - ], - "NIST-800-53-Revision-5": [ - "ac_2_4", - "ac_3_1", - "ac_3_10", - "ac_4_26", - "ac_6_9", - "au_2_b", - "au_3_a", - "au_3_b", - "au_3_c", - "au_3_d", - "au_3_e", - "au_3_f", - "au_6_3", - "au_6_4", - "au_6_6", - "au_6_9", - "au_8_b", - "au_10", - "au_12_a", - "au_12_c", - "au_12_1", - "au_12_2", - "au_12_3", - "au_12_4", - "au_14_a", - "au_14_b", - "au_14_3", - "ca_7_b", - "cm_5_1_b", - "cm_6_a", - "cm_9_b", - "ia_3_3_b", - "ma_4_1_a", - "pm_14_a_1", - "pm_14_b", - "pm_31", - "sc_7_9_b", - "si_1_1_c", - "si_3_8_b", - "si_4_2", - "si_4_17", - "si_4_20", - "si_7_8", - "si_10_1_c" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.2" - ], - "PCI-4.0": [ - "10.2.1.1.30", - "10.2.1.2.27", - "10.2.1.3.27", - "10.2.1.4.27", - "10.2.1.5.27", - "10.2.1.6.27", - "10.2.1.7.27", - "10.2.1.27", - "10.2.2.27", - "10.3.1.27", - "10.6.3.34", - "5.3.4.32", - "A1.2.1.32" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "au-2" - ], - "FFIEC": [ - "d2-ma-ma-b-1", - "d2-ma-ma-b-2", - "d3-dc-an-b-3", - "d3-dc-an-b-4", - "d5-dr-de-b-3" - ], - "PCI-3.2.1": [ - "10.1", - "10.2", - "10.2.1", - "10.2.2", - "10.2.3", - "10.2.4", - "10.2.6", - "10.2.7", - "10.3", - "10.3.1", - "10.3.2", - "10.3.3", - "10.3.4", - "10.3.5", - "10.3.6", - "10.5", - "10.5.4" - ], - "CCC": [ - "CCC.AuditLog.CN04.AR01", - "CCC.ObjStor.CN06.AR01", - "CCC.Core.CN09.AR03" - ], - "GxP-21-CFR-Part-11": [ - "11.10-e", - "11.10-k" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.9" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP01" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "NIST-800-53-Revision-4": [ - "ac_2", - "au_2", - "au_3", - "au_12" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.2" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ], - "NIS2": [ - "1.1.1.h", - "3.2.3.c", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Check if S3 buckets have server access logging enabled", - "title": "Check if S3 buckets have server access logging enabled", - "types": [ - "Logging and Monitoring" - ], - "uid": "prowler-aws-s3_bucket_server_access_logging_enabled-211203495394-us-east-1-prod-my-secure-s3-bucket-20250423-logs" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::prod-my-secure-s3-bucket-20250423-logs", - "name": "prod-my-secure-s3-bucket-20250423-logs", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": true, - "logging": true, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "aws:kms", - "region": "us-east-1", - "logging_target_bucket": "prod-my-secure-s3-bucket-20250423-logs", - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [ - { - "Key": "Environment", - "Value": "Production" - }, - { - "Key": "Owner", - "Value": "CFI" - }, - { - "Key": "Type", - "Value": "logs" - }, - { - "Key": "managed-by", - "Value": "terraform" - }, - { - "Key": "module", - "Value": "secure-s3" - }, - { - "Key": "Name", - "Value": "prod-my-secure-s3-bucket-20250423-logs" - } - ], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [ - "Environment:Production", - "Owner:CFI", - "Type:logs", - "managed-by:terraform", - "module:secure-s3", - "Name:prod-my-secure-s3-bucket-20250423-logs" - ], - "name": "prod-my-secure-s3-bucket-20250423-logs", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::prod-my-secure-s3-bucket-20250423-logs" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Ensure that S3 buckets have Logging enabled. CloudTrail data events can be used in place of S3 bucket logging. If that is the case, this finding can be considered a false positive.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/dev/security-best-practices.html" - ] - }, - "risk_details": "Server access logs can assist you in security and access audits, help you learn about your customer base, and understand your Amazon S3 bill.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket test-bucket-obj-untrusted has server access logging disabled.", - "metadata": { - "event_code": "s3_bucket_server_access_logging_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "S3 Bucket test-bucket-obj-untrusted has server access logging disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_12", - "3_3_1", - "3_3_2", - "3_3_3", - "3_6_1", - "3_6_2", - "3_13_1", - "3_14_6", - "3_14_7" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_4" - ], - "HIPAA": [ - "164_308_a_1_ii_d", - "164_308_a_3_ii_a", - "164_308_a_6_ii", - "164_312_b", - "164_312_e_2_i" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "C5-2025": [ - "AM-01.01AC", - "OPS-11.02AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "IAM-06.04B", - "IAM-07.04B", - "IAM-10.01B", - "SSO-05.01AC", - "PSS-04.05B" - ], - "NIST-CSF-1.1": [ - "ae_1", - "ae_3", - "ae_4", - "cm_1", - "cm_3", - "cm_6", - "cm_7", - "am_3", - "ac_6", - "ds_5", - "pt_1" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-4", - "ac-2-g", - "au-2-a-d", - "au-3", - "au-6-1-3", - "au-12-a-c" - ], - "NIST-800-53-Revision-5": [ - "ac_2_4", - "ac_3_1", - "ac_3_10", - "ac_4_26", - "ac_6_9", - "au_2_b", - "au_3_a", - "au_3_b", - "au_3_c", - "au_3_d", - "au_3_e", - "au_3_f", - "au_6_3", - "au_6_4", - "au_6_6", - "au_6_9", - "au_8_b", - "au_10", - "au_12_a", - "au_12_c", - "au_12_1", - "au_12_2", - "au_12_3", - "au_12_4", - "au_14_a", - "au_14_b", - "au_14_3", - "ca_7_b", - "cm_5_1_b", - "cm_6_a", - "cm_9_b", - "ia_3_3_b", - "ma_4_1_a", - "pm_14_a_1", - "pm_14_b", - "pm_31", - "sc_7_9_b", - "si_1_1_c", - "si_3_8_b", - "si_4_2", - "si_4_17", - "si_4_20", - "si_7_8", - "si_10_1_c" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.2" - ], - "PCI-4.0": [ - "10.2.1.1.30", - "10.2.1.2.27", - "10.2.1.3.27", - "10.2.1.4.27", - "10.2.1.5.27", - "10.2.1.6.27", - "10.2.1.7.27", - "10.2.1.27", - "10.2.2.27", - "10.3.1.27", - "10.6.3.34", - "5.3.4.32", - "A1.2.1.32" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "au-2" - ], - "FFIEC": [ - "d2-ma-ma-b-1", - "d2-ma-ma-b-2", - "d3-dc-an-b-3", - "d3-dc-an-b-4", - "d5-dr-de-b-3" - ], - "PCI-3.2.1": [ - "10.1", - "10.2", - "10.2.1", - "10.2.2", - "10.2.3", - "10.2.4", - "10.2.6", - "10.2.7", - "10.3", - "10.3.1", - "10.3.2", - "10.3.3", - "10.3.4", - "10.3.5", - "10.3.6", - "10.5", - "10.5.4" - ], - "CCC": [ - "CCC.AuditLog.CN04.AR01", - "CCC.ObjStor.CN06.AR01", - "CCC.Core.CN09.AR03" - ], - "GxP-21-CFR-Part-11": [ - "11.10-e", - "11.10-k" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.9" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP01" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "NIST-800-53-Revision-4": [ - "ac_2", - "au_2", - "au_3", - "au_12" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.2" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ], - "NIS2": [ - "1.1.1.h", - "3.2.3.c", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Check if S3 buckets have server access logging enabled", - "title": "Check if S3 buckets have server access logging enabled", - "types": [ - "Logging and Monitoring" - ], - "uid": "prowler-aws-s3_bucket_server_access_logging_enabled-211203495394-us-east-1-test-bucket-obj-untrusted" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::test-bucket-obj-untrusted", - "name": "test-bucket-obj-untrusted", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": null, - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "us-east-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "test-bucket-obj-untrusted", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::test-bucket-obj-untrusted" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Ensure that S3 buckets have Logging enabled. CloudTrail data events can be used in place of S3 bucket logging. If that is the case, this finding can be considered a false positive.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/dev/security-best-practices.html" - ] - }, - "risk_details": "Server access logs can assist you in security and access audits, help you learn about your customer base, and understand your Amazon S3 bill.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket test-bucket-untrusted-kms has server access logging disabled.", - "metadata": { - "event_code": "s3_bucket_server_access_logging_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "S3 Bucket test-bucket-untrusted-kms has server access logging disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_12", - "3_3_1", - "3_3_2", - "3_3_3", - "3_6_1", - "3_6_2", - "3_13_1", - "3_14_6", - "3_14_7" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_4" - ], - "HIPAA": [ - "164_308_a_1_ii_d", - "164_308_a_3_ii_a", - "164_308_a_6_ii", - "164_312_b", - "164_312_e_2_i" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "C5-2025": [ - "AM-01.01AC", - "OPS-11.02AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "IAM-06.04B", - "IAM-07.04B", - "IAM-10.01B", - "SSO-05.01AC", - "PSS-04.05B" - ], - "NIST-CSF-1.1": [ - "ae_1", - "ae_3", - "ae_4", - "cm_1", - "cm_3", - "cm_6", - "cm_7", - "am_3", - "ac_6", - "ds_5", - "pt_1" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-4", - "ac-2-g", - "au-2-a-d", - "au-3", - "au-6-1-3", - "au-12-a-c" - ], - "NIST-800-53-Revision-5": [ - "ac_2_4", - "ac_3_1", - "ac_3_10", - "ac_4_26", - "ac_6_9", - "au_2_b", - "au_3_a", - "au_3_b", - "au_3_c", - "au_3_d", - "au_3_e", - "au_3_f", - "au_6_3", - "au_6_4", - "au_6_6", - "au_6_9", - "au_8_b", - "au_10", - "au_12_a", - "au_12_c", - "au_12_1", - "au_12_2", - "au_12_3", - "au_12_4", - "au_14_a", - "au_14_b", - "au_14_3", - "ca_7_b", - "cm_5_1_b", - "cm_6_a", - "cm_9_b", - "ia_3_3_b", - "ma_4_1_a", - "pm_14_a_1", - "pm_14_b", - "pm_31", - "sc_7_9_b", - "si_1_1_c", - "si_3_8_b", - "si_4_2", - "si_4_17", - "si_4_20", - "si_7_8", - "si_10_1_c" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.2" - ], - "PCI-4.0": [ - "10.2.1.1.30", - "10.2.1.2.27", - "10.2.1.3.27", - "10.2.1.4.27", - "10.2.1.5.27", - "10.2.1.6.27", - "10.2.1.7.27", - "10.2.1.27", - "10.2.2.27", - "10.3.1.27", - "10.6.3.34", - "5.3.4.32", - "A1.2.1.32" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "au-2" - ], - "FFIEC": [ - "d2-ma-ma-b-1", - "d2-ma-ma-b-2", - "d3-dc-an-b-3", - "d3-dc-an-b-4", - "d5-dr-de-b-3" - ], - "PCI-3.2.1": [ - "10.1", - "10.2", - "10.2.1", - "10.2.2", - "10.2.3", - "10.2.4", - "10.2.6", - "10.2.7", - "10.3", - "10.3.1", - "10.3.2", - "10.3.3", - "10.3.4", - "10.3.5", - "10.3.6", - "10.5", - "10.5.4" - ], - "CCC": [ - "CCC.AuditLog.CN04.AR01", - "CCC.ObjStor.CN06.AR01", - "CCC.Core.CN09.AR03" - ], - "GxP-21-CFR-Part-11": [ - "11.10-e", - "11.10-k" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.9" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP01" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "NIST-800-53-Revision-4": [ - "ac_2", - "au_2", - "au_3", - "au_12" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.2" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ], - "NIS2": [ - "1.1.1.h", - "3.2.3.c", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Check if S3 buckets have server access logging enabled", - "title": "Check if S3 buckets have server access logging enabled", - "types": [ - "Logging and Monitoring" - ], - "uid": "prowler-aws-s3_bucket_server_access_logging_enabled-211203495394-us-east-1-test-bucket-untrusted-kms" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::test-bucket-untrusted-kms", - "name": "test-bucket-untrusted-kms", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "us-east-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "test-bucket-untrusted-kms", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::test-bucket-untrusted-kms" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Ensure that S3 buckets have Logging enabled. CloudTrail data events can be used in place of S3 bucket logging. If that is the case, this finding can be considered a false positive.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/dev/security-best-practices.html" - ] - }, - "risk_details": "Server access logs can assist you in security and access audits, help you learn about your customer base, and understand your Amazon S3 bill.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 bucket prod-my-secure-s3-bucket-20250423 is not a known shadow resource.", - "metadata": { - "event_code": "s3_bucket_shadow_resource_vulnerability", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 bucket prod-my-secure-s3-bucket-20250423 is not a known shadow resource.", - "status_id": 1, - "unmapped": { - "related_url": "https://www.aquasec.com/blog/bucket-monopoly-breaching-aws-accounts-through-shadow-resources/", - "categories": [ - "trustboundaries" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "This check is based on the 'Bucket Monopoly' vulnerability disclosed by Aqua Security.", - "compliance": { - "C5-2025": [ - "OPS-25.01B" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Checks for S3 buckets with predictable names that could be hijacked by an attacker before legitimate use, leading to data leakage or other security breaches.", - "title": "Check for S3 buckets vulnerable to Shadow Resource Hijacking (Bucket Monopoly)", - "types": [ - "Effects/Data Exposure" - ], - "uid": "prowler-aws-s3_bucket_shadow_resource_vulnerability-211203495394-us-east-1-prod-my-secure-s3-bucket-20250423" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::prod-my-secure-s3-bucket-20250423", - "name": "prod-my-secure-s3-bucket-20250423", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": true, - "logging": true, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "aws:kms", - "region": "us-east-1", - "logging_target_bucket": "prod-my-secure-s3-bucket-20250423-logs", - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [ - { - "Key": "Environment", - "Value": "Production" - }, - { - "Key": "Owner", - "Value": "CFI" - }, - { - "Key": "managed-by", - "Value": "terraform" - }, - { - "Key": "module", - "Value": "secure-s3" - }, - { - "Key": "Name", - "Value": "prod-my-secure-s3-bucket-20250423" - } - ], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [ - "Environment:Production", - "Owner:CFI", - "managed-by:terraform", - "module:secure-s3", - "Name:prod-my-secure-s3-bucket-20250423" - ], - "name": "prod-my-secure-s3-bucket-20250423", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::prod-my-secure-s3-bucket-20250423" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Ensure that all S3 buckets associated with your AWS account are owned by your account. Be cautious of services that create buckets with predictable names. Whenever possible, pre-create these buckets in all regions to prevent hijacking.", - "references": [ - "https://www.aquasec.com/blog/bucket-monopoly-breaching-aws-accounts-through-shadow-resources/" - ] - }, - "risk_details": "An attacker can pre-create S3 buckets with predictable names used by various AWS services. When a legitimate user's service attempts to use that bucket, it may inadvertently write sensitive data to the attacker-controlled bucket, leading to information disclosure, denial of service, or even remote code execution.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 bucket prod-my-secure-s3-bucket-20250423-logs is not a known shadow resource.", - "metadata": { - "event_code": "s3_bucket_shadow_resource_vulnerability", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 bucket prod-my-secure-s3-bucket-20250423-logs is not a known shadow resource.", - "status_id": 1, - "unmapped": { - "related_url": "https://www.aquasec.com/blog/bucket-monopoly-breaching-aws-accounts-through-shadow-resources/", - "categories": [ - "trustboundaries" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "This check is based on the 'Bucket Monopoly' vulnerability disclosed by Aqua Security.", - "compliance": { - "C5-2025": [ - "OPS-25.01B" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Checks for S3 buckets with predictable names that could be hijacked by an attacker before legitimate use, leading to data leakage or other security breaches.", - "title": "Check for S3 buckets vulnerable to Shadow Resource Hijacking (Bucket Monopoly)", - "types": [ - "Effects/Data Exposure" - ], - "uid": "prowler-aws-s3_bucket_shadow_resource_vulnerability-211203495394-us-east-1-prod-my-secure-s3-bucket-20250423-logs" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::prod-my-secure-s3-bucket-20250423-logs", - "name": "prod-my-secure-s3-bucket-20250423-logs", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": true, - "logging": true, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "aws:kms", - "region": "us-east-1", - "logging_target_bucket": "prod-my-secure-s3-bucket-20250423-logs", - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [ - { - "Key": "Environment", - "Value": "Production" - }, - { - "Key": "Owner", - "Value": "CFI" - }, - { - "Key": "Type", - "Value": "logs" - }, - { - "Key": "managed-by", - "Value": "terraform" - }, - { - "Key": "module", - "Value": "secure-s3" - }, - { - "Key": "Name", - "Value": "prod-my-secure-s3-bucket-20250423-logs" - } - ], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [ - "Environment:Production", - "Owner:CFI", - "Type:logs", - "managed-by:terraform", - "module:secure-s3", - "Name:prod-my-secure-s3-bucket-20250423-logs" - ], - "name": "prod-my-secure-s3-bucket-20250423-logs", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::prod-my-secure-s3-bucket-20250423-logs" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Ensure that all S3 buckets associated with your AWS account are owned by your account. Be cautious of services that create buckets with predictable names. Whenever possible, pre-create these buckets in all regions to prevent hijacking.", - "references": [ - "https://www.aquasec.com/blog/bucket-monopoly-breaching-aws-accounts-through-shadow-resources/" - ] - }, - "risk_details": "An attacker can pre-create S3 buckets with predictable names used by various AWS services. When a legitimate user's service attempts to use that bucket, it may inadvertently write sensitive data to the attacker-controlled bucket, leading to information disclosure, denial of service, or even remote code execution.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 bucket test-bucket-obj-untrusted is not a known shadow resource.", - "metadata": { - "event_code": "s3_bucket_shadow_resource_vulnerability", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 bucket test-bucket-obj-untrusted is not a known shadow resource.", - "status_id": 1, - "unmapped": { - "related_url": "https://www.aquasec.com/blog/bucket-monopoly-breaching-aws-accounts-through-shadow-resources/", - "categories": [ - "trustboundaries" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "This check is based on the 'Bucket Monopoly' vulnerability disclosed by Aqua Security.", - "compliance": { - "C5-2025": [ - "OPS-25.01B" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Checks for S3 buckets with predictable names that could be hijacked by an attacker before legitimate use, leading to data leakage or other security breaches.", - "title": "Check for S3 buckets vulnerable to Shadow Resource Hijacking (Bucket Monopoly)", - "types": [ - "Effects/Data Exposure" - ], - "uid": "prowler-aws-s3_bucket_shadow_resource_vulnerability-211203495394-us-east-1-test-bucket-obj-untrusted" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::test-bucket-obj-untrusted", - "name": "test-bucket-obj-untrusted", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": null, - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "us-east-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "test-bucket-obj-untrusted", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::test-bucket-obj-untrusted" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Ensure that all S3 buckets associated with your AWS account are owned by your account. Be cautious of services that create buckets with predictable names. Whenever possible, pre-create these buckets in all regions to prevent hijacking.", - "references": [ - "https://www.aquasec.com/blog/bucket-monopoly-breaching-aws-accounts-through-shadow-resources/" - ] - }, - "risk_details": "An attacker can pre-create S3 buckets with predictable names used by various AWS services. When a legitimate user's service attempts to use that bucket, it may inadvertently write sensitive data to the attacker-controlled bucket, leading to information disclosure, denial of service, or even remote code execution.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 bucket test-bucket-untrusted-kms is not a known shadow resource.", - "metadata": { - "event_code": "s3_bucket_shadow_resource_vulnerability", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 bucket test-bucket-untrusted-kms is not a known shadow resource.", - "status_id": 1, - "unmapped": { - "related_url": "https://www.aquasec.com/blog/bucket-monopoly-breaching-aws-accounts-through-shadow-resources/", - "categories": [ - "trustboundaries" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "This check is based on the 'Bucket Monopoly' vulnerability disclosed by Aqua Security.", - "compliance": { - "C5-2025": [ - "OPS-25.01B" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Checks for S3 buckets with predictable names that could be hijacked by an attacker before legitimate use, leading to data leakage or other security breaches.", - "title": "Check for S3 buckets vulnerable to Shadow Resource Hijacking (Bucket Monopoly)", - "types": [ - "Effects/Data Exposure" - ], - "uid": "prowler-aws-s3_bucket_shadow_resource_vulnerability-211203495394-us-east-1-test-bucket-untrusted-kms" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::test-bucket-untrusted-kms", - "name": "test-bucket-untrusted-kms", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": false, - "logging": false, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "AES256", - "region": "us-east-1", - "logging_target_bucket": null, - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [], - "name": "test-bucket-untrusted-kms", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::test-bucket-untrusted-kms" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Ensure that all S3 buckets associated with your AWS account are owned by your account. Be cautious of services that create buckets with predictable names. Whenever possible, pre-create these buckets in all regions to prevent hijacking.", - "references": [ - "https://www.aquasec.com/blog/bucket-monopoly-breaching-aws-accounts-through-shadow-resources/" - ] - }, - "risk_details": "An attacker can pre-create S3 buckets with predictable names used by various AWS services. When a legitimate user's service attempts to use that bucket, it may inadvertently write sensitive data to the attacker-controlled bucket, leading to information disclosure, denial of service, or even remote code execution.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No SSM Incidents replication set exists.", - "metadata": { - "event_code": "ssmincidents_enabled_with_plans", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "No SSM Incidents replication set exists.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/incident-manager/latest/userguide/response-plans.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-03.02B", - "OIS-03.05B", - "OIS-03.06B", - "OIS-05.03B", - "OIS-08.01B", - "OIS-08.09B", - "OPS-13.02B", - "OPS-13.03AC", - "OPS-22.08B", - "DEV-15.01B", - "SIM-01.02AC", - "SIM-02.01B", - "SIM-03.01B", - "SIM-03.04B", - "SIM-04.01B", - "SIM-06.01B", - "BCM-01.05B" - ], - "ENS-RD2022": [ - "op.exp.9.aws.img.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2", - "2.11.1" - ], - "KISA-ISMS-P-2023": [ - "2.10.2", - "2.11.1" - ], - "NIS2": [ - "2.1.1", - "2.1.2.a", - "2.1.2.i", - "3.1.1", - "3.1.2.a", - "3.1.2.c", - "3.1.2.d", - "3.5.1", - "3.6.1", - "3.6.2", - "3.6.3", - "4.3.1", - "5.1.7.b", - "12.1.2.c", - "12.2.2.b" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure SSM Incidents is enabled with response plans.", - "title": "Ensure SSM Incidents is enabled with response plans.", - "types": [], - "uid": "prowler-aws-ssmincidents_enabled_with_plans-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "ssmincidents" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:ssm-incidents:us-east-1:211203495394:replication-set" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Enable SSM Incidents and create response plans", - "references": [ - "https://docs.aws.amazon.com/incident-manager/latest/userguide/response-plans.html" - ] - }, - "risk_details": "Not having SSM Incidents enabled can increase the risk of delayed detection and response to security incidents, unauthorized access, limited visibility into incidents and vulnerabilities", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Amazon Web Services Premium Support Subscription is required to use this service.", - "metadata": { - "event_code": "trustedadvisor_errors_and_warnings", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "MANUAL", - "status_detail": "Amazon Web Services Premium Support Subscription is required to use this service.", - "status_id": 1, - "unmapped": { - "related_url": "https://aws.amazon.com/premiumsupport/technology/trusted-advisor/best-practice-checklist/", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "KISA-ISMS-P-2023-korean": [ - "2.10.1", - "2.10.2", - "2.11.3" - ], - "KISA-ISMS-P-2023": [ - "2.10.1", - "2.10.2", - "2.11.3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Check Trusted Advisor for errors and warnings.", - "title": "Check Trusted Advisor for errors and warnings.", - "types": [], - "uid": "prowler-aws-trustedadvisor_errors_and_warnings-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "trustedadvisor" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:trusted-advisor:us-east-1:211203495394:account" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Review and act upon its recommendations.", - "references": [ - "https://aws.amazon.com/premiumsupport/technology/trusted-advisor/best-practice-checklist/" - ] - }, - "risk_details": "Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Amazon Web Services Premium Support Plan isn't subscribed.", - "metadata": { - "event_code": "trustedadvisor_premium_support_plan_subscribed", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "Amazon Web Services Premium Support Plan isn't subscribed.", - "status_id": 1, - "unmapped": { - "related_url": "https://aws.amazon.com/premiumsupport/plans/", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "SSO-05.06B" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Check if a Premium support plan is subscribed.", - "title": "Check if a Premium support plan is subscribed", - "types": [], - "uid": "prowler-aws-trustedadvisor_premium_support_plan_subscribed-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "enabled": false - } - }, - "group": { - "name": "trustedadvisor" - }, - "labels": [], - "name": "211203495394", - "type": "Other", - "uid": "arn:aws:trusted-advisor:us-east-1:211203495394:account" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "It is recommended that you subscribe to the AWS Business Support tier or higher for all of your AWS production accounts. If you don't have premium support, you must have an action plan to handle issues which require help from AWS Support. AWS Support provides a mix of tools and technology, people, and programs designed to proactively help you optimize performance, lower costs, and innovate faster.", - "references": [ - "https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/Support/support-plan.html" - ] - }, - "risk_details": "Ensure that the appropriate support level is enabled for the necessary AWS accounts. For example, if an AWS account is being used to host production systems and environments, it is highly recommended that the minimum AWS Support Plan should be Business.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "VPCs found only in one region.", - "metadata": { - "event_code": "vpc_different_regions", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "VPCs found only in one region.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Scenario2.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS" - ], - "ENS-RD2022": [ - "mp.com.4.r1.aws.vpc.1", - "mp.com.4.r3.aws.vpc.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.2" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "KISA-ISMS-P-2023": [ - "2.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure there are VPCs in more than one region", - "title": "Ensure there are VPCs in more than one region", - "types": [ - "Infrastructure Security" - ], - "uid": "prowler-aws-vpc_different_regions-211203495394-us-east-1-211203495394" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "vpc-0db221deba515d6c7": { - "arn": "arn:aws:ec2:eu-west-1:211203495394:vpc/vpc-0db221deba515d6c7", - "id": "vpc-0db221deba515d6c7", - "name": "ex-rds", - "default": false, - "in_use": false, - "cidr_block": "10.0.0.0/16", - "flow_log": false, - "region": "eu-west-1", - "subnets": [ - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-0032157e99d569ffd", - "id": "subnet-0032157e99d569ffd", - "name": "ex-rds-public-eu-west-1a", - "default": false, - "vpc_id": "vpc-0db221deba515d6c7", - "cidr_block": "10.0.0.0/24", - "availability_zone": "eu-west-1a", - "public": true, - "in_use": false, - "nat_gateway": false, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "GithubRepo", - "Value": "terraform-aws-rds-aurora" - }, - { - "Key": "Example", - "Value": "ex-rds" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Name", - "Value": "ex-rds-public-eu-west-1a" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-0099cb47638dfe6cc", - "id": "subnet-0099cb47638dfe6cc", - "name": "ex-rds-db-eu-west-1c", - "default": false, - "vpc_id": "vpc-0db221deba515d6c7", - "cidr_block": "10.0.8.0/24", - "availability_zone": "eu-west-1c", - "public": false, - "in_use": false, - "nat_gateway": false, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "Example", - "Value": "ex-rds" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-rds-aurora" - }, - { - "Key": "Name", - "Value": "ex-rds-db-eu-west-1c" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-06044fff66c61bb5d", - "id": "subnet-06044fff66c61bb5d", - "name": "ex-rds-private-eu-west-1a", - "default": false, - "vpc_id": "vpc-0db221deba515d6c7", - "cidr_block": "10.0.3.0/24", - "availability_zone": "eu-west-1a", - "public": false, - "in_use": false, - "nat_gateway": false, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Example", - "Value": "ex-rds" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-rds-aurora" - }, - { - "Key": "Name", - "Value": "ex-rds-private-eu-west-1a" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-0460814cac0ede342", - "id": "subnet-0460814cac0ede342", - "name": "ex-rds-db-eu-west-1a", - "default": false, - "vpc_id": "vpc-0db221deba515d6c7", - "cidr_block": "10.0.6.0/24", - "availability_zone": "eu-west-1a", - "public": false, - "in_use": false, - "nat_gateway": false, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "Name", - "Value": "ex-rds-db-eu-west-1a" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Example", - "Value": "ex-rds" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-rds-aurora" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-0fe7301ce3651cd65", - "id": "subnet-0fe7301ce3651cd65", - "name": "ex-rds-db-eu-west-1b", - "default": false, - "vpc_id": "vpc-0db221deba515d6c7", - "cidr_block": "10.0.7.0/24", - "availability_zone": "eu-west-1b", - "public": false, - "in_use": false, - "nat_gateway": false, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Example", - "Value": "ex-rds" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-rds-aurora" - }, - { - "Key": "Name", - "Value": "ex-rds-db-eu-west-1b" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-02905869f401bc924", - "id": "subnet-02905869f401bc924", - "name": "ex-rds-private-eu-west-1b", - "default": false, - "vpc_id": "vpc-0db221deba515d6c7", - "cidr_block": "10.0.4.0/24", - "availability_zone": "eu-west-1b", - "public": false, - "in_use": false, - "nat_gateway": false, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "Name", - "Value": "ex-rds-private-eu-west-1b" - }, - { - "Key": "Example", - "Value": "ex-rds" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-rds-aurora" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-06cdd0ff5333f76e5", - "id": "subnet-06cdd0ff5333f76e5", - "name": "ex-rds-private-eu-west-1c", - "default": false, - "vpc_id": "vpc-0db221deba515d6c7", - "cidr_block": "10.0.5.0/24", - "availability_zone": "eu-west-1c", - "public": false, - "in_use": false, - "nat_gateway": false, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Example", - "Value": "ex-rds" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-rds-aurora" - }, - { - "Key": "Name", - "Value": "ex-rds-private-eu-west-1c" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-02cbf11ee27383148", - "id": "subnet-02cbf11ee27383148", - "name": "ex-rds-public-eu-west-1c", - "default": false, - "vpc_id": "vpc-0db221deba515d6c7", - "cidr_block": "10.0.2.0/24", - "availability_zone": "eu-west-1c", - "public": true, - "in_use": false, - "nat_gateway": false, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "GithubRepo", - "Value": "terraform-aws-rds-aurora" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Name", - "Value": "ex-rds-public-eu-west-1c" - }, - { - "Key": "Example", - "Value": "ex-rds" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-0c601df1846258b27", - "id": "subnet-0c601df1846258b27", - "name": "ex-rds-public-eu-west-1b", - "default": false, - "vpc_id": "vpc-0db221deba515d6c7", - "cidr_block": "10.0.1.0/24", - "availability_zone": "eu-west-1b", - "public": true, - "in_use": false, - "nat_gateway": false, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "Name", - "Value": "ex-rds-public-eu-west-1b" - }, - { - "Key": "Example", - "Value": "ex-rds" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-rds-aurora" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - } - ] - } - ], - "tags": [ - { - "Key": "Example", - "Value": "ex-rds" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-rds-aurora" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Name", - "Value": "ex-rds" - } - ] - }, - "vpc-007d791b9b857543e": { - "arn": "arn:aws:ec2:eu-west-1:211203495394:vpc/vpc-007d791b9b857543e", - "id": "vpc-007d791b9b857543e", - "name": "ex-vpc", - "default": false, - "in_use": true, - "cidr_block": "10.0.0.0/16", - "flow_log": true, - "region": "eu-west-1", - "subnets": [ - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-0ed85e6f7a21ca120", - "id": "subnet-0ed85e6f7a21ca120", - "name": "ex-vpc-db-eu-west-1b", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.9.0/24", - "availability_zone": "eu-west-1b", - "public": false, - "in_use": false, - "nat_gateway": true, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Name", - "Value": "ex-vpc-db-eu-west-1b" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Example", - "Value": "ex-vpc" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-0dff6254fddd22140", - "id": "subnet-0dff6254fddd22140", - "name": "ex-vpc-intra-eu-west-1c", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.22.0/24", - "availability_zone": "eu-west-1c", - "public": false, - "in_use": false, - "nat_gateway": false, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "Name", - "Value": "ex-vpc-intra-eu-west-1c" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-003e93ce0ba0d219a", - "id": "subnet-003e93ce0ba0d219a", - "name": "Redshift Subnet Two", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.17.0/24", - "availability_zone": "eu-west-1b", - "public": false, - "in_use": false, - "nat_gateway": true, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Name", - "Value": "Redshift Subnet Two" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-0b96cff7e9a8bbcac", - "id": "subnet-0b96cff7e9a8bbcac", - "name": "Elasticache Subnet One", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.12.0/24", - "availability_zone": "eu-west-1a", - "public": false, - "in_use": false, - "nat_gateway": true, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "Name", - "Value": "Elasticache Subnet One" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-00526a0cd693d0679", - "id": "subnet-00526a0cd693d0679", - "name": "ex-vpc-public-eu-west-1c", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.6.0/24", - "availability_zone": "eu-west-1c", - "public": true, - "in_use": false, - "nat_gateway": false, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "Name", - "Value": "ex-vpc-public-eu-west-1c" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-03dfe7e9e94d1af9f", - "id": "subnet-03dfe7e9e94d1af9f", - "name": "DB Subnet One", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.8.0/24", - "availability_zone": "eu-west-1a", - "public": false, - "in_use": false, - "nat_gateway": true, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Name", - "Value": "DB Subnet One" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Example", - "Value": "ex-vpc" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-0916ac2a0e7ef95cf", - "id": "subnet-0916ac2a0e7ef95cf", - "name": "Private Subnet One", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.0.0/24", - "availability_zone": "eu-west-1a", - "public": false, - "in_use": true, - "nat_gateway": true, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "Name", - "Value": "Private Subnet One" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-094260cca8a477871", - "id": "subnet-094260cca8a477871", - "name": "Private Subnet Two", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.1.0/24", - "availability_zone": "eu-west-1b", - "public": false, - "in_use": true, - "nat_gateway": true, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Name", - "Value": "Private Subnet Two" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-092b870816e369a70", - "id": "subnet-092b870816e369a70", - "name": "ex-vpc-public-eu-west-1a", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.4.0/24", - "availability_zone": "eu-west-1a", - "public": true, - "in_use": true, - "nat_gateway": false, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "Name", - "Value": "ex-vpc-public-eu-west-1a" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-0503024220aeb7296", - "id": "subnet-0503024220aeb7296", - "name": "ex-vpc-elasticache-eu-west-1c", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.14.0/24", - "availability_zone": "eu-west-1c", - "public": false, - "in_use": false, - "nat_gateway": true, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "Name", - "Value": "ex-vpc-elasticache-eu-west-1c" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Example", - "Value": "ex-vpc" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-0065b4be93c6e8110", - "id": "subnet-0065b4be93c6e8110", - "name": "ex-vpc-private-eu-west-1c", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.2.0/24", - "availability_zone": "eu-west-1c", - "public": false, - "in_use": true, - "nat_gateway": true, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "Name", - "Value": "ex-vpc-private-eu-west-1c" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-049af33a5bc4a8bee", - "id": "subnet-049af33a5bc4a8bee", - "name": "ex-vpc-intra-eu-west-1b", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.21.0/24", - "availability_zone": "eu-west-1b", - "public": false, - "in_use": false, - "nat_gateway": false, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Name", - "Value": "ex-vpc-intra-eu-west-1b" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-050902d37d76ff633", - "id": "subnet-050902d37d76ff633", - "name": "ex-vpc-db-eu-west-1c", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.10.0/24", - "availability_zone": "eu-west-1c", - "public": false, - "in_use": false, - "nat_gateway": true, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "Name", - "Value": "ex-vpc-db-eu-west-1c" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-0951ea7ab41c5e46f", - "id": "subnet-0951ea7ab41c5e46f", - "name": "Elasticache Subnet Two", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.13.0/24", - "availability_zone": "eu-west-1b", - "public": false, - "in_use": false, - "nat_gateway": true, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "Name", - "Value": "Elasticache Subnet Two" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-08017c3b1071423b7", - "id": "subnet-08017c3b1071423b7", - "name": "Redshift Subnet One", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.16.0/24", - "availability_zone": "eu-west-1a", - "public": false, - "in_use": false, - "nat_gateway": true, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Name", - "Value": "Redshift Subnet One" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Example", - "Value": "ex-vpc" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-066aeeffb9d61ac77", - "id": "subnet-066aeeffb9d61ac77", - "name": "Redshift Subnet Three", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.18.0/24", - "availability_zone": "eu-west-1c", - "public": false, - "in_use": false, - "nat_gateway": true, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Name", - "Value": "Redshift Subnet Three" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-0ea254ffb94ba85e0", - "id": "subnet-0ea254ffb94ba85e0", - "name": "ex-vpc-public-eu-west-1b", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.5.0/24", - "availability_zone": "eu-west-1b", - "public": true, - "in_use": false, - "nat_gateway": false, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Name", - "Value": "ex-vpc-public-eu-west-1b" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-0f2535905905cd998", - "id": "subnet-0f2535905905cd998", - "name": "ex-vpc-intra-eu-west-1a", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.20.0/24", - "availability_zone": "eu-west-1a", - "public": false, - "in_use": false, - "nat_gateway": false, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "Name", - "Value": "ex-vpc-intra-eu-west-1a" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Example", - "Value": "ex-vpc" - } - ] - } - ], - "tags": [ - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Name", - "Value": "ex-vpc" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Example", - "Value": "ex-vpc" - } - ] - } - } - }, - "group": { - "name": "vpc" - }, - "labels": [], - "name": "211203495394", - "type": "AwsEc2Vpc", - "uid": "arn:aws:ec2:us-east-1:211203495394:vpc" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Ensure there are VPCs in more than one region", - "references": [ - "https://docs.aws.amazon.com/vpc/latest/userguide/vpc-example-private-subnets-nat.html" - ] - }, - "risk_details": "", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "VPC Endpoint vpce-0cce48e2ffd124a50 in VPC vpc-007d791b9b857543e can be accessed from non-trusted accounts.", - "metadata": { - "event_code": "vpc_endpoint_connections_trust_boundaries", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "VPC Endpoint vpce-0cce48e2ffd124a50 in VPC vpc-007d791b9b857543e can be accessed from non-trusted accounts.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "trustboundaries" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "COS-03.01B" - ], - "AWS-Foundational-Technical-Review": [ - "NETSEC-002" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.1", - "2.6.2", - "2.10.2" - ], - "CCC": [ - "CCC.LB.CN09.AR01", - "CCC.MLDE.CN08.AR01", - "CCC.Core.CN06.AR01", - "CCC.Core.CN06.AR02", - "CCC.Core.CN10.AR01", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP01" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "KISA-ISMS-P-2023": [ - "2.6.1", - "2.6.2", - "2.10.2" - ], - "CISA": [ - "your-systems-3" - ], - "NIS2": [ - "6.8.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Find trust boundaries in VPC endpoint connections.", - "title": "Find trust boundaries in VPC endpoint connections.", - "types": [ - "Infrastructure Security" - ], - "uid": "prowler-aws-vpc_endpoint_connections_trust_boundaries-211203495394-eu-west-1-vpce-0cce48e2ffd124a50" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:ec2:eu-west-1:211203495394:vpc-endpoint/vpce-0cce48e2ffd124a50", - "id": "vpce-0cce48e2ffd124a50", - "vpc_id": "vpc-007d791b9b857543e", - "service_name": "com.amazonaws.eu-west-1.dynamodb", - "state": "available", - "subnet_ids": [], - "policy_document": { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Deny", - "Principal": "*", - "Action": "dynamodb:*", - "Resource": "*", - "Condition": { - "StringNotEquals": { - "aws:sourceVpc": "vpc-007d791b9b857543e" - } - } - } - ] - }, - "owner_id": "211203495394", - "type": "Gateway", - "region": "eu-west-1", - "tags": [ - { - "Key": "Project", - "Value": "Secret" - }, - { - "Key": "Endpoint", - "Value": "true" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "Name", - "Value": "dynamodb-vpc-endpoint" - } - ] - } - }, - "group": { - "name": "vpc" - }, - "labels": [ - "Project:Secret", - "Endpoint:true", - "GithubRepo:terraform-aws-vpc", - "GithubOrg:terraform-aws-modules", - "Example:ex-vpc", - "Name:dynamodb-vpc-endpoint" - ], - "name": "vpce-0cce48e2ffd124a50", - "type": "AwsEc2VpcEndpointService", - "uid": "arn:aws:ec2:eu-west-1:211203495394:vpc-endpoint/vpce-0cce48e2ffd124a50" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "In multi Account environments identify untrusted links. Check trust chaining and dependencies between accounts.", - "references": [ - "https://docs.aws.amazon.com/vpc/latest/privatelink/vpc-endpoints-access.html" - ] - }, - "risk_details": "Account VPC could be linked to other accounts.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "VPC Endpoint vpce-0d196d595014c6261 in VPC vpc-007d791b9b857543e can be accessed from non-trusted accounts.", - "metadata": { - "event_code": "vpc_endpoint_connections_trust_boundaries", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "VPC Endpoint vpce-0d196d595014c6261 in VPC vpc-007d791b9b857543e can be accessed from non-trusted accounts.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "trustboundaries" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "COS-03.01B" - ], - "AWS-Foundational-Technical-Review": [ - "NETSEC-002" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.1", - "2.6.2", - "2.10.2" - ], - "CCC": [ - "CCC.LB.CN09.AR01", - "CCC.MLDE.CN08.AR01", - "CCC.Core.CN06.AR01", - "CCC.Core.CN06.AR02", - "CCC.Core.CN10.AR01", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP01" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "KISA-ISMS-P-2023": [ - "2.6.1", - "2.6.2", - "2.10.2" - ], - "CISA": [ - "your-systems-3" - ], - "NIS2": [ - "6.8.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Find trust boundaries in VPC endpoint connections.", - "title": "Find trust boundaries in VPC endpoint connections.", - "types": [ - "Infrastructure Security" - ], - "uid": "prowler-aws-vpc_endpoint_connections_trust_boundaries-211203495394-eu-west-1-vpce-0d196d595014c6261" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:ec2:eu-west-1:211203495394:vpc-endpoint/vpce-0d196d595014c6261", - "id": "vpce-0d196d595014c6261", - "vpc_id": "vpc-007d791b9b857543e", - "service_name": "com.amazonaws.eu-west-1.ecr.dkr", - "state": "available", - "subnet_ids": [ - "subnet-0916ac2a0e7ef95cf", - "subnet-094260cca8a477871", - "subnet-0065b4be93c6e8110" - ], - "policy_document": { - "Statement": [ - { - "Action": "*", - "Condition": { - "StringNotEquals": { - "aws:SourceVpc": "vpc-007d791b9b857543e" - } - }, - "Effect": "Deny", - "Principal": "*", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "owner_id": "211203495394", - "type": "Interface", - "region": "eu-west-1", - "tags": [ - { - "Key": "Project", - "Value": "Secret" - }, - { - "Key": "Endpoint", - "Value": "true" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "Name", - "Value": "ecr_dkr" - } - ] - } - }, - "group": { - "name": "vpc" - }, - "labels": [ - "Project:Secret", - "Endpoint:true", - "GithubRepo:terraform-aws-vpc", - "GithubOrg:terraform-aws-modules", - "Example:ex-vpc", - "Name:ecr_dkr" - ], - "name": "vpce-0d196d595014c6261", - "type": "AwsEc2VpcEndpointService", - "uid": "arn:aws:ec2:eu-west-1:211203495394:vpc-endpoint/vpce-0d196d595014c6261" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "In multi Account environments identify untrusted links. Check trust chaining and dependencies between accounts.", - "references": [ - "https://docs.aws.amazon.com/vpc/latest/privatelink/vpc-endpoints-access.html" - ] - }, - "risk_details": "Account VPC could be linked to other accounts.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "VPC Endpoint vpce-048468dcce7076475 in VPC vpc-007d791b9b857543e can be accessed from non-trusted accounts.", - "metadata": { - "event_code": "vpc_endpoint_connections_trust_boundaries", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "VPC Endpoint vpce-048468dcce7076475 in VPC vpc-007d791b9b857543e can be accessed from non-trusted accounts.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "trustboundaries" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "COS-03.01B" - ], - "AWS-Foundational-Technical-Review": [ - "NETSEC-002" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.1", - "2.6.2", - "2.10.2" - ], - "CCC": [ - "CCC.LB.CN09.AR01", - "CCC.MLDE.CN08.AR01", - "CCC.Core.CN06.AR01", - "CCC.Core.CN06.AR02", - "CCC.Core.CN10.AR01", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP01" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "KISA-ISMS-P-2023": [ - "2.6.1", - "2.6.2", - "2.10.2" - ], - "CISA": [ - "your-systems-3" - ], - "NIS2": [ - "6.8.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Find trust boundaries in VPC endpoint connections.", - "title": "Find trust boundaries in VPC endpoint connections.", - "types": [ - "Infrastructure Security" - ], - "uid": "prowler-aws-vpc_endpoint_connections_trust_boundaries-211203495394-eu-west-1-vpce-048468dcce7076475" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:ec2:eu-west-1:211203495394:vpc-endpoint/vpce-048468dcce7076475", - "id": "vpce-048468dcce7076475", - "vpc_id": "vpc-007d791b9b857543e", - "service_name": "com.amazonaws.eu-west-1.ecs", - "state": "available", - "subnet_ids": [ - "subnet-0916ac2a0e7ef95cf", - "subnet-094260cca8a477871", - "subnet-0065b4be93c6e8110" - ], - "policy_document": { - "Statement": [ - { - "Action": "*", - "Effect": "Allow", - "Principal": "*", - "Resource": "*" - } - ] - }, - "owner_id": "211203495394", - "type": "Interface", - "region": "eu-west-1", - "tags": [ - { - "Key": "Project", - "Value": "Secret" - }, - { - "Key": "Endpoint", - "Value": "true" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "Name", - "Value": "ecs" - } - ] - } - }, - "group": { - "name": "vpc" - }, - "labels": [ - "Project:Secret", - "Endpoint:true", - "GithubRepo:terraform-aws-vpc", - "GithubOrg:terraform-aws-modules", - "Example:ex-vpc", - "Name:ecs" - ], - "name": "vpce-048468dcce7076475", - "type": "AwsEc2VpcEndpointService", - "uid": "arn:aws:ec2:eu-west-1:211203495394:vpc-endpoint/vpce-048468dcce7076475" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "In multi Account environments identify untrusted links. Check trust chaining and dependencies between accounts.", - "references": [ - "https://docs.aws.amazon.com/vpc/latest/privatelink/vpc-endpoints-access.html" - ] - }, - "risk_details": "Account VPC could be linked to other accounts.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "VPC Endpoint vpce-053d3038fa6b7a292 in VPC vpc-007d791b9b857543e can be accessed from non-trusted accounts.", - "metadata": { - "event_code": "vpc_endpoint_connections_trust_boundaries", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "VPC Endpoint vpce-053d3038fa6b7a292 in VPC vpc-007d791b9b857543e can be accessed from non-trusted accounts.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "trustboundaries" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "COS-03.01B" - ], - "AWS-Foundational-Technical-Review": [ - "NETSEC-002" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.1", - "2.6.2", - "2.10.2" - ], - "CCC": [ - "CCC.LB.CN09.AR01", - "CCC.MLDE.CN08.AR01", - "CCC.Core.CN06.AR01", - "CCC.Core.CN06.AR02", - "CCC.Core.CN10.AR01", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP01" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "KISA-ISMS-P-2023": [ - "2.6.1", - "2.6.2", - "2.10.2" - ], - "CISA": [ - "your-systems-3" - ], - "NIS2": [ - "6.8.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Find trust boundaries in VPC endpoint connections.", - "title": "Find trust boundaries in VPC endpoint connections.", - "types": [ - "Infrastructure Security" - ], - "uid": "prowler-aws-vpc_endpoint_connections_trust_boundaries-211203495394-eu-west-1-vpce-053d3038fa6b7a292" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:ec2:eu-west-1:211203495394:vpc-endpoint/vpce-053d3038fa6b7a292", - "id": "vpce-053d3038fa6b7a292", - "vpc_id": "vpc-007d791b9b857543e", - "service_name": "com.amazonaws.eu-west-1.rds", - "state": "available", - "subnet_ids": [ - "subnet-0916ac2a0e7ef95cf", - "subnet-094260cca8a477871", - "subnet-0065b4be93c6e8110" - ], - "policy_document": { - "Statement": [ - { - "Action": "*", - "Effect": "Allow", - "Principal": "*", - "Resource": "*" - } - ] - }, - "owner_id": "211203495394", - "type": "Interface", - "region": "eu-west-1", - "tags": [ - { - "Key": "Project", - "Value": "Secret" - }, - { - "Key": "Endpoint", - "Value": "true" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "Name", - "Value": "rds" - } - ] - } - }, - "group": { - "name": "vpc" - }, - "labels": [ - "Project:Secret", - "Endpoint:true", - "GithubRepo:terraform-aws-vpc", - "GithubOrg:terraform-aws-modules", - "Example:ex-vpc", - "Name:rds" - ], - "name": "vpce-053d3038fa6b7a292", - "type": "AwsEc2VpcEndpointService", - "uid": "arn:aws:ec2:eu-west-1:211203495394:vpc-endpoint/vpce-053d3038fa6b7a292" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "In multi Account environments identify untrusted links. Check trust chaining and dependencies between accounts.", - "references": [ - "https://docs.aws.amazon.com/vpc/latest/privatelink/vpc-endpoints-access.html" - ] - }, - "risk_details": "Account VPC could be linked to other accounts.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "VPC Endpoint vpce-0ec8e4bb67ba7aec9 in VPC vpc-007d791b9b857543e can be accessed from non-trusted accounts.", - "metadata": { - "event_code": "vpc_endpoint_connections_trust_boundaries", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "VPC Endpoint vpce-0ec8e4bb67ba7aec9 in VPC vpc-007d791b9b857543e can be accessed from non-trusted accounts.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "trustboundaries" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "COS-03.01B" - ], - "AWS-Foundational-Technical-Review": [ - "NETSEC-002" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.1", - "2.6.2", - "2.10.2" - ], - "CCC": [ - "CCC.LB.CN09.AR01", - "CCC.MLDE.CN08.AR01", - "CCC.Core.CN06.AR01", - "CCC.Core.CN06.AR02", - "CCC.Core.CN10.AR01", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP01" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "KISA-ISMS-P-2023": [ - "2.6.1", - "2.6.2", - "2.10.2" - ], - "CISA": [ - "your-systems-3" - ], - "NIS2": [ - "6.8.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Find trust boundaries in VPC endpoint connections.", - "title": "Find trust boundaries in VPC endpoint connections.", - "types": [ - "Infrastructure Security" - ], - "uid": "prowler-aws-vpc_endpoint_connections_trust_boundaries-211203495394-eu-west-1-vpce-0ec8e4bb67ba7aec9" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:ec2:eu-west-1:211203495394:vpc-endpoint/vpce-0ec8e4bb67ba7aec9", - "id": "vpce-0ec8e4bb67ba7aec9", - "vpc_id": "vpc-007d791b9b857543e", - "service_name": "com.amazonaws.eu-west-1.ecr.api", - "state": "available", - "subnet_ids": [ - "subnet-0916ac2a0e7ef95cf", - "subnet-094260cca8a477871", - "subnet-0065b4be93c6e8110" - ], - "policy_document": { - "Statement": [ - { - "Action": "*", - "Condition": { - "StringNotEquals": { - "aws:SourceVpc": "vpc-007d791b9b857543e" - } - }, - "Effect": "Deny", - "Principal": "*", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "owner_id": "211203495394", - "type": "Interface", - "region": "eu-west-1", - "tags": [ - { - "Key": "Project", - "Value": "Secret" - }, - { - "Key": "Endpoint", - "Value": "true" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "Name", - "Value": "ecr_api" - } - ] - } - }, - "group": { - "name": "vpc" - }, - "labels": [ - "Project:Secret", - "Endpoint:true", - "GithubRepo:terraform-aws-vpc", - "GithubOrg:terraform-aws-modules", - "Example:ex-vpc", - "Name:ecr_api" - ], - "name": "vpce-0ec8e4bb67ba7aec9", - "type": "AwsEc2VpcEndpointService", - "uid": "arn:aws:ec2:eu-west-1:211203495394:vpc-endpoint/vpce-0ec8e4bb67ba7aec9" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "In multi Account environments identify untrusted links. Check trust chaining and dependencies between accounts.", - "references": [ - "https://docs.aws.amazon.com/vpc/latest/privatelink/vpc-endpoints-access.html" - ] - }, - "risk_details": "Account VPC could be linked to other accounts.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "VPC Endpoint vpce-019297deb6a03293e in VPC vpc-007d791b9b857543e can be accessed from non-trusted accounts.", - "metadata": { - "event_code": "vpc_endpoint_connections_trust_boundaries", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "VPC Endpoint vpce-019297deb6a03293e in VPC vpc-007d791b9b857543e can be accessed from non-trusted accounts.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "trustboundaries" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "COS-03.01B" - ], - "AWS-Foundational-Technical-Review": [ - "NETSEC-002" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.1", - "2.6.2", - "2.10.2" - ], - "CCC": [ - "CCC.LB.CN09.AR01", - "CCC.MLDE.CN08.AR01", - "CCC.Core.CN06.AR01", - "CCC.Core.CN06.AR02", - "CCC.Core.CN10.AR01", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP01" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "KISA-ISMS-P-2023": [ - "2.6.1", - "2.6.2", - "2.10.2" - ], - "CISA": [ - "your-systems-3" - ], - "NIS2": [ - "6.8.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Find trust boundaries in VPC endpoint connections.", - "title": "Find trust boundaries in VPC endpoint connections.", - "types": [ - "Infrastructure Security" - ], - "uid": "prowler-aws-vpc_endpoint_connections_trust_boundaries-211203495394-eu-west-1-vpce-019297deb6a03293e" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:ec2:eu-west-1:211203495394:vpc-endpoint/vpce-019297deb6a03293e", - "id": "vpce-019297deb6a03293e", - "vpc_id": "vpc-007d791b9b857543e", - "service_name": "com.amazonaws.eu-west-1.s3", - "state": "available", - "subnet_ids": [], - "policy_document": { - "Statement": [ - { - "Action": "*", - "Effect": "Allow", - "Principal": "*", - "Resource": "*" - } - ] - }, - "owner_id": "211203495394", - "type": "Interface", - "region": "eu-west-1", - "tags": [ - { - "Key": "Project", - "Value": "Secret" - }, - { - "Key": "Endpoint", - "Value": "true" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "Name", - "Value": "s3-vpc-endpoint" - } - ] - } - }, - "group": { - "name": "vpc" - }, - "labels": [ - "Project:Secret", - "Endpoint:true", - "GithubRepo:terraform-aws-vpc", - "GithubOrg:terraform-aws-modules", - "Example:ex-vpc", - "Name:s3-vpc-endpoint" - ], - "name": "vpce-019297deb6a03293e", - "type": "AwsEc2VpcEndpointService", - "uid": "arn:aws:ec2:eu-west-1:211203495394:vpc-endpoint/vpce-019297deb6a03293e" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "In multi Account environments identify untrusted links. Check trust chaining and dependencies between accounts.", - "references": [ - "https://docs.aws.amazon.com/vpc/latest/privatelink/vpc-endpoints-access.html" - ] - }, - "risk_details": "Account VPC could be linked to other accounts.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "VPC vpc-007d791b9b857543e has no EC2 endpoint.", - "metadata": { - "event_code": "vpc_endpoint_for_ec2_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "VPC vpc-007d791b9b857543e has no EC2 endpoint.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/config/latest/developerguide/service-vpc-endpoint-enabled.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "KISA-ISMS-P-2023-korean": [ - "2.6.1", - "2.10.2" - ], - "PCI-4.0": [ - "1.2.8.18", - "1.2.8.38", - "1.3.1.21", - "1.3.1.42", - "1.3.2.21", - "1.3.2.42", - "1.4.1.5", - "1.4.2.19", - "1.4.2.40", - "1.4.4.5", - "1.5.1.18", - "1.5.1.38", - "A1.1.3.18", - "A1.1.3.38" - ], - "PCI-3.2.1": [ - "1.3", - "2.2", - "2.2.2" - ], - "CCC": [ - "CCC.LB.CN09.AR01", - "CCC.Core.CN05.AR05" - ], - "AWS-Foundational-Security-Best-Practices": [ - "EC2.10" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "KISA-ISMS-P-2023": [ - "2.6.1", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure that a service endpoint for Amazon EC2 is created for each VPC. The check fails if a VPC does not have a VPC endpoint created for the Amazon EC2 service.", - "title": "Amazon EC2 should be configured to use VPC endpoints that are created for the Amazon EC2 service.", - "types": [], - "uid": "prowler-aws-vpc_endpoint_for_ec2_enabled-211203495394-eu-west-1-vpc-007d791b9b857543e" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:ec2:eu-west-1:211203495394:vpc/vpc-007d791b9b857543e", - "id": "vpc-007d791b9b857543e", - "name": "ex-vpc", - "default": false, - "in_use": true, - "cidr_block": "10.0.0.0/16", - "flow_log": true, - "region": "eu-west-1", - "subnets": [ - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-0ed85e6f7a21ca120", - "id": "subnet-0ed85e6f7a21ca120", - "name": "ex-vpc-db-eu-west-1b", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.9.0/24", - "availability_zone": "eu-west-1b", - "public": false, - "in_use": false, - "nat_gateway": true, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Name", - "Value": "ex-vpc-db-eu-west-1b" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Example", - "Value": "ex-vpc" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-0dff6254fddd22140", - "id": "subnet-0dff6254fddd22140", - "name": "ex-vpc-intra-eu-west-1c", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.22.0/24", - "availability_zone": "eu-west-1c", - "public": false, - "in_use": false, - "nat_gateway": false, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "Name", - "Value": "ex-vpc-intra-eu-west-1c" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-003e93ce0ba0d219a", - "id": "subnet-003e93ce0ba0d219a", - "name": "Redshift Subnet Two", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.17.0/24", - "availability_zone": "eu-west-1b", - "public": false, - "in_use": false, - "nat_gateway": true, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Name", - "Value": "Redshift Subnet Two" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-0b96cff7e9a8bbcac", - "id": "subnet-0b96cff7e9a8bbcac", - "name": "Elasticache Subnet One", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.12.0/24", - "availability_zone": "eu-west-1a", - "public": false, - "in_use": false, - "nat_gateway": true, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "Name", - "Value": "Elasticache Subnet One" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-00526a0cd693d0679", - "id": "subnet-00526a0cd693d0679", - "name": "ex-vpc-public-eu-west-1c", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.6.0/24", - "availability_zone": "eu-west-1c", - "public": true, - "in_use": false, - "nat_gateway": false, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "Name", - "Value": "ex-vpc-public-eu-west-1c" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-03dfe7e9e94d1af9f", - "id": "subnet-03dfe7e9e94d1af9f", - "name": "DB Subnet One", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.8.0/24", - "availability_zone": "eu-west-1a", - "public": false, - "in_use": false, - "nat_gateway": true, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Name", - "Value": "DB Subnet One" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Example", - "Value": "ex-vpc" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-0916ac2a0e7ef95cf", - "id": "subnet-0916ac2a0e7ef95cf", - "name": "Private Subnet One", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.0.0/24", - "availability_zone": "eu-west-1a", - "public": false, - "in_use": true, - "nat_gateway": true, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "Name", - "Value": "Private Subnet One" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-094260cca8a477871", - "id": "subnet-094260cca8a477871", - "name": "Private Subnet Two", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.1.0/24", - "availability_zone": "eu-west-1b", - "public": false, - "in_use": true, - "nat_gateway": true, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Name", - "Value": "Private Subnet Two" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-092b870816e369a70", - "id": "subnet-092b870816e369a70", - "name": "ex-vpc-public-eu-west-1a", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.4.0/24", - "availability_zone": "eu-west-1a", - "public": true, - "in_use": true, - "nat_gateway": false, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "Name", - "Value": "ex-vpc-public-eu-west-1a" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-0503024220aeb7296", - "id": "subnet-0503024220aeb7296", - "name": "ex-vpc-elasticache-eu-west-1c", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.14.0/24", - "availability_zone": "eu-west-1c", - "public": false, - "in_use": false, - "nat_gateway": true, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "Name", - "Value": "ex-vpc-elasticache-eu-west-1c" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Example", - "Value": "ex-vpc" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-0065b4be93c6e8110", - "id": "subnet-0065b4be93c6e8110", - "name": "ex-vpc-private-eu-west-1c", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.2.0/24", - "availability_zone": "eu-west-1c", - "public": false, - "in_use": true, - "nat_gateway": true, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "Name", - "Value": "ex-vpc-private-eu-west-1c" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-049af33a5bc4a8bee", - "id": "subnet-049af33a5bc4a8bee", - "name": "ex-vpc-intra-eu-west-1b", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.21.0/24", - "availability_zone": "eu-west-1b", - "public": false, - "in_use": false, - "nat_gateway": false, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Name", - "Value": "ex-vpc-intra-eu-west-1b" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-050902d37d76ff633", - "id": "subnet-050902d37d76ff633", - "name": "ex-vpc-db-eu-west-1c", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.10.0/24", - "availability_zone": "eu-west-1c", - "public": false, - "in_use": false, - "nat_gateway": true, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "Name", - "Value": "ex-vpc-db-eu-west-1c" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-0951ea7ab41c5e46f", - "id": "subnet-0951ea7ab41c5e46f", - "name": "Elasticache Subnet Two", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.13.0/24", - "availability_zone": "eu-west-1b", - "public": false, - "in_use": false, - "nat_gateway": true, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "Name", - "Value": "Elasticache Subnet Two" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-08017c3b1071423b7", - "id": "subnet-08017c3b1071423b7", - "name": "Redshift Subnet One", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.16.0/24", - "availability_zone": "eu-west-1a", - "public": false, - "in_use": false, - "nat_gateway": true, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Name", - "Value": "Redshift Subnet One" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Example", - "Value": "ex-vpc" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-066aeeffb9d61ac77", - "id": "subnet-066aeeffb9d61ac77", - "name": "Redshift Subnet Three", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.18.0/24", - "availability_zone": "eu-west-1c", - "public": false, - "in_use": false, - "nat_gateway": true, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Name", - "Value": "Redshift Subnet Three" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-0ea254ffb94ba85e0", - "id": "subnet-0ea254ffb94ba85e0", - "name": "ex-vpc-public-eu-west-1b", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.5.0/24", - "availability_zone": "eu-west-1b", - "public": true, - "in_use": false, - "nat_gateway": false, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Name", - "Value": "ex-vpc-public-eu-west-1b" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-0f2535905905cd998", - "id": "subnet-0f2535905905cd998", - "name": "ex-vpc-intra-eu-west-1a", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.20.0/24", - "availability_zone": "eu-west-1a", - "public": false, - "in_use": false, - "nat_gateway": false, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "Name", - "Value": "ex-vpc-intra-eu-west-1a" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Example", - "Value": "ex-vpc" - } - ] - } - ], - "tags": [ - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Name", - "Value": "ex-vpc" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Example", - "Value": "ex-vpc" - } - ] - } - }, - "group": { - "name": "vpc" - }, - "labels": [ - "GithubOrg:terraform-aws-modules", - "Name:ex-vpc", - "GithubRepo:terraform-aws-vpc", - "Example:ex-vpc" - ], - "name": "vpc-007d791b9b857543e", - "type": "AwsEc2VpcEndpointService", - "uid": "arn:aws:ec2:eu-west-1:211203495394:vpc/vpc-007d791b9b857543e" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "To improve the security posture of your VPC, configure Amazon EC2 to use an interface VPC endpoint powered by AWS PrivateLink.", - "references": [ - "https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/interface-vpc-endpoints.html" - ] - }, - "risk_details": "Without VPC endpoints, network traffic between your VPC and Amazon EC2 may traverse the public internet, increasing the risk of unintended access or data exposure.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "VPC Endpoint vpce-0d196d595014c6261 in VPC vpc-007d791b9b857543e has subnets in different AZs.", - "metadata": { - "event_code": "vpc_endpoint_multi_az_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "VPC Endpoint vpce-0d196d595014c6261 in VPC vpc-007d791b9b857543e has subnets in different AZs.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/vpc/latest/privatelink/interface-endpoints.html", - "categories": [ - "redundancy" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "KISA-ISMS-P-2023-korean": [ - "2.9.2" - ], - "ISO27001-2022": [ - "A.8.14", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "KISA-ISMS-P-2023": [ - "2.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure that all vpc interface endpoints have ENIs in multiple subnets. If a VPC endpoint has an ENI in only a single subnet then this check will fail. You cannot create VPC Endpoints in 2 different subnets in the same AZ. So, for the purpose of VPC endpoints, having multiple subnets implies multiple AZs.", - "title": "Amazon VPC Interface Endpoints should have ENIs in more than one subnet.", - "types": [], - "uid": "prowler-aws-vpc_endpoint_multi_az_enabled-211203495394-eu-west-1-vpce-0d196d595014c6261" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:ec2:eu-west-1:211203495394:vpc-endpoint/vpce-0d196d595014c6261", - "id": "vpce-0d196d595014c6261", - "vpc_id": "vpc-007d791b9b857543e", - "service_name": "com.amazonaws.eu-west-1.ecr.dkr", - "state": "available", - "subnet_ids": [ - "subnet-0916ac2a0e7ef95cf", - "subnet-094260cca8a477871", - "subnet-0065b4be93c6e8110" - ], - "policy_document": { - "Statement": [ - { - "Action": "*", - "Condition": { - "StringNotEquals": { - "aws:SourceVpc": "vpc-007d791b9b857543e" - } - }, - "Effect": "Deny", - "Principal": "*", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "owner_id": "211203495394", - "type": "Interface", - "region": "eu-west-1", - "tags": [ - { - "Key": "Project", - "Value": "Secret" - }, - { - "Key": "Endpoint", - "Value": "true" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "Name", - "Value": "ecr_dkr" - } - ] - } - }, - "group": { - "name": "vpc" - }, - "labels": [ - "Project:Secret", - "Endpoint:true", - "GithubRepo:terraform-aws-vpc", - "GithubOrg:terraform-aws-modules", - "Example:ex-vpc", - "Name:ecr_dkr" - ], - "name": "vpce-0d196d595014c6261", - "type": "AwsVpcEndpointService", - "uid": "arn:aws:ec2:eu-west-1:211203495394:vpc-endpoint/vpce-0d196d595014c6261" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "To improve the availability of your services residing in your VPC, configure multiple subnets for VPC Interface Endpoints.", - "references": [ - "https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/interface-vpc-endpoints.html" - ] - }, - "risk_details": "Without VPC endpoints ENIs in multiple subnets an AZ impacting event could lead to increased downtime or your network traffic between your VPC and Amazon services may traverse the public internet.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "VPC Endpoint vpce-048468dcce7076475 in VPC vpc-007d791b9b857543e has subnets in different AZs.", - "metadata": { - "event_code": "vpc_endpoint_multi_az_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "VPC Endpoint vpce-048468dcce7076475 in VPC vpc-007d791b9b857543e has subnets in different AZs.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/vpc/latest/privatelink/interface-endpoints.html", - "categories": [ - "redundancy" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "KISA-ISMS-P-2023-korean": [ - "2.9.2" - ], - "ISO27001-2022": [ - "A.8.14", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "KISA-ISMS-P-2023": [ - "2.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure that all vpc interface endpoints have ENIs in multiple subnets. If a VPC endpoint has an ENI in only a single subnet then this check will fail. You cannot create VPC Endpoints in 2 different subnets in the same AZ. So, for the purpose of VPC endpoints, having multiple subnets implies multiple AZs.", - "title": "Amazon VPC Interface Endpoints should have ENIs in more than one subnet.", - "types": [], - "uid": "prowler-aws-vpc_endpoint_multi_az_enabled-211203495394-eu-west-1-vpce-048468dcce7076475" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:ec2:eu-west-1:211203495394:vpc-endpoint/vpce-048468dcce7076475", - "id": "vpce-048468dcce7076475", - "vpc_id": "vpc-007d791b9b857543e", - "service_name": "com.amazonaws.eu-west-1.ecs", - "state": "available", - "subnet_ids": [ - "subnet-0916ac2a0e7ef95cf", - "subnet-094260cca8a477871", - "subnet-0065b4be93c6e8110" - ], - "policy_document": { - "Statement": [ - { - "Action": "*", - "Effect": "Allow", - "Principal": "*", - "Resource": "*" - } - ] - }, - "owner_id": "211203495394", - "type": "Interface", - "region": "eu-west-1", - "tags": [ - { - "Key": "Project", - "Value": "Secret" - }, - { - "Key": "Endpoint", - "Value": "true" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "Name", - "Value": "ecs" - } - ] - } - }, - "group": { - "name": "vpc" - }, - "labels": [ - "Project:Secret", - "Endpoint:true", - "GithubRepo:terraform-aws-vpc", - "GithubOrg:terraform-aws-modules", - "Example:ex-vpc", - "Name:ecs" - ], - "name": "vpce-048468dcce7076475", - "type": "AwsVpcEndpointService", - "uid": "arn:aws:ec2:eu-west-1:211203495394:vpc-endpoint/vpce-048468dcce7076475" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "To improve the availability of your services residing in your VPC, configure multiple subnets for VPC Interface Endpoints.", - "references": [ - "https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/interface-vpc-endpoints.html" - ] - }, - "risk_details": "Without VPC endpoints ENIs in multiple subnets an AZ impacting event could lead to increased downtime or your network traffic between your VPC and Amazon services may traverse the public internet.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "VPC Endpoint vpce-053d3038fa6b7a292 in VPC vpc-007d791b9b857543e has subnets in different AZs.", - "metadata": { - "event_code": "vpc_endpoint_multi_az_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "VPC Endpoint vpce-053d3038fa6b7a292 in VPC vpc-007d791b9b857543e has subnets in different AZs.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/vpc/latest/privatelink/interface-endpoints.html", - "categories": [ - "redundancy" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "KISA-ISMS-P-2023-korean": [ - "2.9.2" - ], - "ISO27001-2022": [ - "A.8.14", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "KISA-ISMS-P-2023": [ - "2.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure that all vpc interface endpoints have ENIs in multiple subnets. If a VPC endpoint has an ENI in only a single subnet then this check will fail. You cannot create VPC Endpoints in 2 different subnets in the same AZ. So, for the purpose of VPC endpoints, having multiple subnets implies multiple AZs.", - "title": "Amazon VPC Interface Endpoints should have ENIs in more than one subnet.", - "types": [], - "uid": "prowler-aws-vpc_endpoint_multi_az_enabled-211203495394-eu-west-1-vpce-053d3038fa6b7a292" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:ec2:eu-west-1:211203495394:vpc-endpoint/vpce-053d3038fa6b7a292", - "id": "vpce-053d3038fa6b7a292", - "vpc_id": "vpc-007d791b9b857543e", - "service_name": "com.amazonaws.eu-west-1.rds", - "state": "available", - "subnet_ids": [ - "subnet-0916ac2a0e7ef95cf", - "subnet-094260cca8a477871", - "subnet-0065b4be93c6e8110" - ], - "policy_document": { - "Statement": [ - { - "Action": "*", - "Effect": "Allow", - "Principal": "*", - "Resource": "*" - } - ] - }, - "owner_id": "211203495394", - "type": "Interface", - "region": "eu-west-1", - "tags": [ - { - "Key": "Project", - "Value": "Secret" - }, - { - "Key": "Endpoint", - "Value": "true" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "Name", - "Value": "rds" - } - ] - } - }, - "group": { - "name": "vpc" - }, - "labels": [ - "Project:Secret", - "Endpoint:true", - "GithubRepo:terraform-aws-vpc", - "GithubOrg:terraform-aws-modules", - "Example:ex-vpc", - "Name:rds" - ], - "name": "vpce-053d3038fa6b7a292", - "type": "AwsVpcEndpointService", - "uid": "arn:aws:ec2:eu-west-1:211203495394:vpc-endpoint/vpce-053d3038fa6b7a292" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "To improve the availability of your services residing in your VPC, configure multiple subnets for VPC Interface Endpoints.", - "references": [ - "https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/interface-vpc-endpoints.html" - ] - }, - "risk_details": "Without VPC endpoints ENIs in multiple subnets an AZ impacting event could lead to increased downtime or your network traffic between your VPC and Amazon services may traverse the public internet.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "VPC Endpoint vpce-0ec8e4bb67ba7aec9 in VPC vpc-007d791b9b857543e has subnets in different AZs.", - "metadata": { - "event_code": "vpc_endpoint_multi_az_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "VPC Endpoint vpce-0ec8e4bb67ba7aec9 in VPC vpc-007d791b9b857543e has subnets in different AZs.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/vpc/latest/privatelink/interface-endpoints.html", - "categories": [ - "redundancy" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "KISA-ISMS-P-2023-korean": [ - "2.9.2" - ], - "ISO27001-2022": [ - "A.8.14", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "KISA-ISMS-P-2023": [ - "2.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure that all vpc interface endpoints have ENIs in multiple subnets. If a VPC endpoint has an ENI in only a single subnet then this check will fail. You cannot create VPC Endpoints in 2 different subnets in the same AZ. So, for the purpose of VPC endpoints, having multiple subnets implies multiple AZs.", - "title": "Amazon VPC Interface Endpoints should have ENIs in more than one subnet.", - "types": [], - "uid": "prowler-aws-vpc_endpoint_multi_az_enabled-211203495394-eu-west-1-vpce-0ec8e4bb67ba7aec9" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:ec2:eu-west-1:211203495394:vpc-endpoint/vpce-0ec8e4bb67ba7aec9", - "id": "vpce-0ec8e4bb67ba7aec9", - "vpc_id": "vpc-007d791b9b857543e", - "service_name": "com.amazonaws.eu-west-1.ecr.api", - "state": "available", - "subnet_ids": [ - "subnet-0916ac2a0e7ef95cf", - "subnet-094260cca8a477871", - "subnet-0065b4be93c6e8110" - ], - "policy_document": { - "Statement": [ - { - "Action": "*", - "Condition": { - "StringNotEquals": { - "aws:SourceVpc": "vpc-007d791b9b857543e" - } - }, - "Effect": "Deny", - "Principal": "*", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "owner_id": "211203495394", - "type": "Interface", - "region": "eu-west-1", - "tags": [ - { - "Key": "Project", - "Value": "Secret" - }, - { - "Key": "Endpoint", - "Value": "true" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "Name", - "Value": "ecr_api" - } - ] - } - }, - "group": { - "name": "vpc" - }, - "labels": [ - "Project:Secret", - "Endpoint:true", - "GithubRepo:terraform-aws-vpc", - "GithubOrg:terraform-aws-modules", - "Example:ex-vpc", - "Name:ecr_api" - ], - "name": "vpce-0ec8e4bb67ba7aec9", - "type": "AwsVpcEndpointService", - "uid": "arn:aws:ec2:eu-west-1:211203495394:vpc-endpoint/vpce-0ec8e4bb67ba7aec9" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "To improve the availability of your services residing in your VPC, configure multiple subnets for VPC Interface Endpoints.", - "references": [ - "https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/interface-vpc-endpoints.html" - ] - }, - "risk_details": "Without VPC endpoints ENIs in multiple subnets an AZ impacting event could lead to increased downtime or your network traffic between your VPC and Amazon services may traverse the public internet.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "VPC Endpoint vpce-019297deb6a03293e in VPC vpc-007d791b9b857543e does not have subnets in different AZs.", - "metadata": { - "event_code": "vpc_endpoint_multi_az_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "VPC Endpoint vpce-019297deb6a03293e in VPC vpc-007d791b9b857543e does not have subnets in different AZs.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/vpc/latest/privatelink/interface-endpoints.html", - "categories": [ - "redundancy" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "KISA-ISMS-P-2023-korean": [ - "2.9.2" - ], - "ISO27001-2022": [ - "A.8.14", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "KISA-ISMS-P-2023": [ - "2.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure that all vpc interface endpoints have ENIs in multiple subnets. If a VPC endpoint has an ENI in only a single subnet then this check will fail. You cannot create VPC Endpoints in 2 different subnets in the same AZ. So, for the purpose of VPC endpoints, having multiple subnets implies multiple AZs.", - "title": "Amazon VPC Interface Endpoints should have ENIs in more than one subnet.", - "types": [], - "uid": "prowler-aws-vpc_endpoint_multi_az_enabled-211203495394-eu-west-1-vpce-019297deb6a03293e" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:ec2:eu-west-1:211203495394:vpc-endpoint/vpce-019297deb6a03293e", - "id": "vpce-019297deb6a03293e", - "vpc_id": "vpc-007d791b9b857543e", - "service_name": "com.amazonaws.eu-west-1.s3", - "state": "available", - "subnet_ids": [], - "policy_document": { - "Statement": [ - { - "Action": "*", - "Effect": "Allow", - "Principal": "*", - "Resource": "*" - } - ] - }, - "owner_id": "211203495394", - "type": "Interface", - "region": "eu-west-1", - "tags": [ - { - "Key": "Project", - "Value": "Secret" - }, - { - "Key": "Endpoint", - "Value": "true" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "Name", - "Value": "s3-vpc-endpoint" - } - ] - } - }, - "group": { - "name": "vpc" - }, - "labels": [ - "Project:Secret", - "Endpoint:true", - "GithubRepo:terraform-aws-vpc", - "GithubOrg:terraform-aws-modules", - "Example:ex-vpc", - "Name:s3-vpc-endpoint" - ], - "name": "vpce-019297deb6a03293e", - "type": "AwsVpcEndpointService", - "uid": "arn:aws:ec2:eu-west-1:211203495394:vpc-endpoint/vpce-019297deb6a03293e" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "To improve the availability of your services residing in your VPC, configure multiple subnets for VPC Interface Endpoints.", - "references": [ - "https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/interface-vpc-endpoints.html" - ] - }, - "risk_details": "Without VPC endpoints ENIs in multiple subnets an AZ impacting event could lead to increased downtime or your network traffic between your VPC and Amazon services may traverse the public internet.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "VPC Endpoint Service vpce-svc-02e288a4c6043110f has no allowed principals.", - "metadata": { - "event_code": "vpc_endpoint_services_allowed_principals_trust_boundaries", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "VPC Endpoint Service vpce-svc-02e288a4c6043110f has no allowed principals.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "trustboundaries" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "AWS-Foundational-Technical-Review": [ - "NETSEC-002" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.10.2" - ], - "CCC": [ - "CCC.LB.CN09.AR01", - "CCC.Core.CN06.AR01", - "CCC.Core.CN06.AR02", - "CCC.Core.CN10.AR01", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP01" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.10.2" - ], - "NIS2": [ - "6.8.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Find trust boundaries in VPC endpoint services allowlisted principles.", - "title": "Find trust boundaries in VPC endpoint services allowlisted principles.", - "types": [ - "Infrastructure Security" - ], - "uid": "prowler-aws-vpc_endpoint_services_allowed_principals_trust_boundaries-211203495394-us-east-1-vpce-svc-02e288a4c6043110f" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:ec2:us-east-1:211203495394:vpc-endpoint-service/vpce-svc-02e288a4c6043110f", - "id": "vpce-svc-02e288a4c6043110f", - "service": "io.spotinst.vpce.us-east-1.privatelink-api", - "owner_id": "aws-marketplace", - "allowed_principals": [], - "region": "us-east-1", - "tags": [] - } - }, - "group": { - "name": "vpc" - }, - "labels": [], - "name": "vpce-svc-02e288a4c6043110f", - "type": "AwsEc2VpcEndpointService", - "uid": "arn:aws:ec2:us-east-1:211203495394:vpc-endpoint-service/vpce-svc-02e288a4c6043110f" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "In multi Account environments identify untrusted links. Check trust chaining and dependencies between accounts.", - "references": [ - "https://docs.aws.amazon.com/vpc/latest/privatelink/vpc-endpoints-access.html" - ] - }, - "risk_details": "Account VPC could be linked to other accounts.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "VPC Endpoint Service vpce-svc-028691921eaeee579 has no allowed principals.", - "metadata": { - "event_code": "vpc_endpoint_services_allowed_principals_trust_boundaries", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "VPC Endpoint Service vpce-svc-028691921eaeee579 has no allowed principals.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "trustboundaries" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "AWS-Foundational-Technical-Review": [ - "NETSEC-002" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.10.2" - ], - "CCC": [ - "CCC.LB.CN09.AR01", - "CCC.Core.CN06.AR01", - "CCC.Core.CN06.AR02", - "CCC.Core.CN10.AR01", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP01" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.10.2" - ], - "NIS2": [ - "6.8.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Find trust boundaries in VPC endpoint services allowlisted principles.", - "title": "Find trust boundaries in VPC endpoint services allowlisted principles.", - "types": [ - "Infrastructure Security" - ], - "uid": "prowler-aws-vpc_endpoint_services_allowed_principals_trust_boundaries-211203495394-us-west-2-vpce-svc-028691921eaeee579" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-west-2", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:ec2:us-west-2:211203495394:vpc-endpoint-service/vpce-svc-028691921eaeee579", - "id": "vpce-svc-028691921eaeee579", - "service": "io.spotinst.vpce.us-west-2.privatelink-api", - "owner_id": "aws-marketplace", - "allowed_principals": [], - "region": "us-west-2", - "tags": [] - } - }, - "group": { - "name": "vpc" - }, - "labels": [], - "name": "vpce-svc-028691921eaeee579", - "type": "AwsEc2VpcEndpointService", - "uid": "arn:aws:ec2:us-west-2:211203495394:vpc-endpoint-service/vpce-svc-028691921eaeee579" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-west-2" - }, - "remediation": { - "desc": "In multi Account environments identify untrusted links. Check trust chaining and dependencies between accounts.", - "references": [ - "https://docs.aws.amazon.com/vpc/latest/privatelink/vpc-endpoints-access.html" - ] - }, - "risk_details": "Account VPC could be linked to other accounts.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "VPC ex-vpc Flow logs are enabled.", - "metadata": { - "event_code": "vpc_flow_logs_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "VPC ex-vpc Flow logs are enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "forensics-ready", - "logging" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_3_1", - "3_3_3", - "3_6_1", - "3_6_2", - "3_13_1", - "3_14_6", - "3_14_7" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_4" - ], - "HIPAA": [ - "164_308_a_1_ii_d", - "164_308_a_3_ii_a", - "164_308_a_6_ii", - "164_312_b", - "164_312_c_2" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3" - ], - "C5-2025": [ - "AM-01.01AC", - "OPS-11.02AC", - "OPS-26.05B", - "OPS-26.01AS" - ], - "NIST-CSF-1.1": [ - "ae_1", - "ae_3", - "cm_1", - "cm_7", - "am_3", - "ds_5", - "pt_1" - ], - "FedRamp-Moderate-Revision-4": [ - "au-2-a-d", - "au-3", - "au-6-1-3", - "au-12-a-c" - ], - "CIS-3.0": [ - "3.7" - ], - "NIST-800-53-Revision-5": [ - "ac_4_26", - "au_2_b", - "au_3_a", - "au_3_b", - "au_3_c", - "au_3_d", - "au_3_e", - "au_6_3", - "au_6_4", - "au_6_6", - "au_6_9", - "au_8_b", - "au_12_a", - "au_12_c", - "au_12_1", - "au_12_2", - "au_12_3", - "au_12_4", - "au_14_a", - "au_14_b", - "au_14_3", - "ca_7_b", - "cm_5_1_b", - "cm_6_a", - "cm_9_b", - "ia_3_3_b", - "ma_4_1_a", - "pm_14_a_1", - "pm_14_b", - "pm_31", - "si_4_17", - "si_7_8" - ], - "ENS-RD2022": [ - "op.mon.1.aws.flow.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.2" - ], - "CIS-4.0.1": [ - "3.7" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.29", - "10.2.1.3.29", - "10.2.1.4.29", - "10.2.1.5.29", - "10.2.1.6.29", - "10.2.1.7.29", - "10.2.1.29", - "10.2.2.29", - "10.3.1.29", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.34" - ], - "FedRAMP-Low-Revision-4": [ - "au-2" - ], - "FFIEC": [ - "d2-ma-ma-b-1", - "d2-ma-ma-b-2", - "d3-dc-an-b-3", - "d3-dc-an-b-4", - "d3-dc-ev-b-1", - "d3-dc-ev-b-3", - "d3-pc-im-b-3" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "PCI-3.2.1": [ - "4.1", - "4.1.e", - "4.1.f", - "10.1" - ], - "CIS-5.0": [ - "3.7" - ], - "CIS-1.4": [ - "3.9" - ], - "CCC": [ - "CCC.LB.CN01.AR01", - "CCC.LB.CN01.AR02", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.MLDE.CN08.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR02", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR02", - "CCC.Core.CN04.AR03" - ], - "GxP-21-CFR-Part-11": [ - "11.10-e" - ], - "ProwlerThreatScore-1.0": [ - "3.1.4" - ], - "AWS-Foundational-Security-Best-Practices": [ - "EC2.6" - ], - "CIS-1.5": [ - "3.9" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP01", - "SEC04-BP02", - "SEC04-BP03", - "SEC05-BP04", - "SEC09-BP04" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16", - "A.8.20", - "A.8.21", - "A.8.22", - "A.8.23" - ], - "NIST-800-53-Revision-4": [ - "au_2", - "au_3", - "au_12" - ], - "AWS-Account-Security-Onboarding": [ - "Send VPC Flow Logs (only DENYs) to S3 bucket" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.2" - ], - "ISO27001-2013": [ - "A.12.4" - ], - "CIS-2.0": [ - "3.9" - ], - "CISA": [ - "your-surroundings-1", - "your-data-2" - ], - "NIS2": [ - "3.2.3.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure VPC Flow Logging is Enabled in all VPCs.", - "title": "Ensure VPC Flow Logging is Enabled in all VPCs.", - "types": [ - "Logging and Monitoring" - ], - "uid": "prowler-aws-vpc_flow_logs_enabled-211203495394-eu-west-1-vpc-007d791b9b857543e" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:ec2:eu-west-1:211203495394:vpc/vpc-007d791b9b857543e", - "id": "vpc-007d791b9b857543e", - "name": "ex-vpc", - "default": false, - "in_use": true, - "cidr_block": "10.0.0.0/16", - "flow_log": true, - "region": "eu-west-1", - "subnets": [ - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-0ed85e6f7a21ca120", - "id": "subnet-0ed85e6f7a21ca120", - "name": "ex-vpc-db-eu-west-1b", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.9.0/24", - "availability_zone": "eu-west-1b", - "public": false, - "in_use": false, - "nat_gateway": true, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Name", - "Value": "ex-vpc-db-eu-west-1b" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Example", - "Value": "ex-vpc" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-0dff6254fddd22140", - "id": "subnet-0dff6254fddd22140", - "name": "ex-vpc-intra-eu-west-1c", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.22.0/24", - "availability_zone": "eu-west-1c", - "public": false, - "in_use": false, - "nat_gateway": false, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "Name", - "Value": "ex-vpc-intra-eu-west-1c" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-003e93ce0ba0d219a", - "id": "subnet-003e93ce0ba0d219a", - "name": "Redshift Subnet Two", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.17.0/24", - "availability_zone": "eu-west-1b", - "public": false, - "in_use": false, - "nat_gateway": true, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Name", - "Value": "Redshift Subnet Two" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-0b96cff7e9a8bbcac", - "id": "subnet-0b96cff7e9a8bbcac", - "name": "Elasticache Subnet One", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.12.0/24", - "availability_zone": "eu-west-1a", - "public": false, - "in_use": false, - "nat_gateway": true, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "Name", - "Value": "Elasticache Subnet One" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-00526a0cd693d0679", - "id": "subnet-00526a0cd693d0679", - "name": "ex-vpc-public-eu-west-1c", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.6.0/24", - "availability_zone": "eu-west-1c", - "public": true, - "in_use": false, - "nat_gateway": false, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "Name", - "Value": "ex-vpc-public-eu-west-1c" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-03dfe7e9e94d1af9f", - "id": "subnet-03dfe7e9e94d1af9f", - "name": "DB Subnet One", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.8.0/24", - "availability_zone": "eu-west-1a", - "public": false, - "in_use": false, - "nat_gateway": true, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Name", - "Value": "DB Subnet One" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Example", - "Value": "ex-vpc" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-0916ac2a0e7ef95cf", - "id": "subnet-0916ac2a0e7ef95cf", - "name": "Private Subnet One", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.0.0/24", - "availability_zone": "eu-west-1a", - "public": false, - "in_use": true, - "nat_gateway": true, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "Name", - "Value": "Private Subnet One" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-094260cca8a477871", - "id": "subnet-094260cca8a477871", - "name": "Private Subnet Two", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.1.0/24", - "availability_zone": "eu-west-1b", - "public": false, - "in_use": true, - "nat_gateway": true, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Name", - "Value": "Private Subnet Two" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-092b870816e369a70", - "id": "subnet-092b870816e369a70", - "name": "ex-vpc-public-eu-west-1a", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.4.0/24", - "availability_zone": "eu-west-1a", - "public": true, - "in_use": true, - "nat_gateway": false, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "Name", - "Value": "ex-vpc-public-eu-west-1a" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-0503024220aeb7296", - "id": "subnet-0503024220aeb7296", - "name": "ex-vpc-elasticache-eu-west-1c", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.14.0/24", - "availability_zone": "eu-west-1c", - "public": false, - "in_use": false, - "nat_gateway": true, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "Name", - "Value": "ex-vpc-elasticache-eu-west-1c" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Example", - "Value": "ex-vpc" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-0065b4be93c6e8110", - "id": "subnet-0065b4be93c6e8110", - "name": "ex-vpc-private-eu-west-1c", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.2.0/24", - "availability_zone": "eu-west-1c", - "public": false, - "in_use": true, - "nat_gateway": true, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "Name", - "Value": "ex-vpc-private-eu-west-1c" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-049af33a5bc4a8bee", - "id": "subnet-049af33a5bc4a8bee", - "name": "ex-vpc-intra-eu-west-1b", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.21.0/24", - "availability_zone": "eu-west-1b", - "public": false, - "in_use": false, - "nat_gateway": false, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Name", - "Value": "ex-vpc-intra-eu-west-1b" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-050902d37d76ff633", - "id": "subnet-050902d37d76ff633", - "name": "ex-vpc-db-eu-west-1c", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.10.0/24", - "availability_zone": "eu-west-1c", - "public": false, - "in_use": false, - "nat_gateway": true, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "Name", - "Value": "ex-vpc-db-eu-west-1c" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-0951ea7ab41c5e46f", - "id": "subnet-0951ea7ab41c5e46f", - "name": "Elasticache Subnet Two", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.13.0/24", - "availability_zone": "eu-west-1b", - "public": false, - "in_use": false, - "nat_gateway": true, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "Name", - "Value": "Elasticache Subnet Two" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-08017c3b1071423b7", - "id": "subnet-08017c3b1071423b7", - "name": "Redshift Subnet One", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.16.0/24", - "availability_zone": "eu-west-1a", - "public": false, - "in_use": false, - "nat_gateway": true, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Name", - "Value": "Redshift Subnet One" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Example", - "Value": "ex-vpc" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-066aeeffb9d61ac77", - "id": "subnet-066aeeffb9d61ac77", - "name": "Redshift Subnet Three", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.18.0/24", - "availability_zone": "eu-west-1c", - "public": false, - "in_use": false, - "nat_gateway": true, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Name", - "Value": "Redshift Subnet Three" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-0ea254ffb94ba85e0", - "id": "subnet-0ea254ffb94ba85e0", - "name": "ex-vpc-public-eu-west-1b", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.5.0/24", - "availability_zone": "eu-west-1b", - "public": true, - "in_use": false, - "nat_gateway": false, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Name", - "Value": "ex-vpc-public-eu-west-1b" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-0f2535905905cd998", - "id": "subnet-0f2535905905cd998", - "name": "ex-vpc-intra-eu-west-1a", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.20.0/24", - "availability_zone": "eu-west-1a", - "public": false, - "in_use": false, - "nat_gateway": false, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "Name", - "Value": "ex-vpc-intra-eu-west-1a" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Example", - "Value": "ex-vpc" - } - ] - } - ], - "tags": [ - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Name", - "Value": "ex-vpc" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Example", - "Value": "ex-vpc" - } - ] - } - }, - "group": { - "name": "vpc" - }, - "labels": [ - "GithubOrg:terraform-aws-modules", - "Name:ex-vpc", - "GithubRepo:terraform-aws-vpc", - "Example:ex-vpc" - ], - "name": "vpc-007d791b9b857543e", - "type": "AwsEc2Vpc", - "uid": "arn:aws:ec2:eu-west-1:211203495394:vpc/vpc-007d791b9b857543e" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "It is recommended that VPC Flow Logs be enabled for packet Rejects for VPCs.", - "references": [ - "http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/flow-logs.html" - ] - }, - "risk_details": "VPC Flow Logs provide visibility into network traffic that traverses the VPC and can be used to detect anomalous traffic or insight during security workflows.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "VPC ex-vpc has subnets in more than one availability zone.", - "metadata": { - "event_code": "vpc_subnet_different_az", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "VPC ex-vpc has subnets in more than one availability zone.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/vpc/latest/userguide/configure-subnets.html", - "categories": [ - "redundancy" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "PS-02.01B", - "PS-02.02AS" - ], - "ENS-RD2022": [ - "mp.com.4.r3.aws.vpc.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.2" - ], - "CCC": [ - "CCC.MLDE.CN08.AR01" - ], - "ISO27001-2022": [ - "A.8.14", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "KISA-ISMS-P-2023": [ - "2.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure all VPC has subnets in more than one availability zone", - "title": "Ensure all VPC has subnets in more than one availability zone", - "types": [ - "Infrastructure Security" - ], - "uid": "prowler-aws-vpc_subnet_different_az-211203495394-eu-west-1-vpc-007d791b9b857543e" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:ec2:eu-west-1:211203495394:vpc/vpc-007d791b9b857543e", - "id": "vpc-007d791b9b857543e", - "name": "ex-vpc", - "default": false, - "in_use": true, - "cidr_block": "10.0.0.0/16", - "flow_log": true, - "region": "eu-west-1", - "subnets": [ - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-0ed85e6f7a21ca120", - "id": "subnet-0ed85e6f7a21ca120", - "name": "ex-vpc-db-eu-west-1b", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.9.0/24", - "availability_zone": "eu-west-1b", - "public": false, - "in_use": false, - "nat_gateway": true, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Name", - "Value": "ex-vpc-db-eu-west-1b" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Example", - "Value": "ex-vpc" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-0dff6254fddd22140", - "id": "subnet-0dff6254fddd22140", - "name": "ex-vpc-intra-eu-west-1c", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.22.0/24", - "availability_zone": "eu-west-1c", - "public": false, - "in_use": false, - "nat_gateway": false, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "Name", - "Value": "ex-vpc-intra-eu-west-1c" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-003e93ce0ba0d219a", - "id": "subnet-003e93ce0ba0d219a", - "name": "Redshift Subnet Two", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.17.0/24", - "availability_zone": "eu-west-1b", - "public": false, - "in_use": false, - "nat_gateway": true, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Name", - "Value": "Redshift Subnet Two" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-0b96cff7e9a8bbcac", - "id": "subnet-0b96cff7e9a8bbcac", - "name": "Elasticache Subnet One", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.12.0/24", - "availability_zone": "eu-west-1a", - "public": false, - "in_use": false, - "nat_gateway": true, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "Name", - "Value": "Elasticache Subnet One" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-00526a0cd693d0679", - "id": "subnet-00526a0cd693d0679", - "name": "ex-vpc-public-eu-west-1c", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.6.0/24", - "availability_zone": "eu-west-1c", - "public": true, - "in_use": false, - "nat_gateway": false, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "Name", - "Value": "ex-vpc-public-eu-west-1c" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-03dfe7e9e94d1af9f", - "id": "subnet-03dfe7e9e94d1af9f", - "name": "DB Subnet One", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.8.0/24", - "availability_zone": "eu-west-1a", - "public": false, - "in_use": false, - "nat_gateway": true, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Name", - "Value": "DB Subnet One" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Example", - "Value": "ex-vpc" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-0916ac2a0e7ef95cf", - "id": "subnet-0916ac2a0e7ef95cf", - "name": "Private Subnet One", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.0.0/24", - "availability_zone": "eu-west-1a", - "public": false, - "in_use": true, - "nat_gateway": true, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "Name", - "Value": "Private Subnet One" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-094260cca8a477871", - "id": "subnet-094260cca8a477871", - "name": "Private Subnet Two", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.1.0/24", - "availability_zone": "eu-west-1b", - "public": false, - "in_use": true, - "nat_gateway": true, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Name", - "Value": "Private Subnet Two" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-092b870816e369a70", - "id": "subnet-092b870816e369a70", - "name": "ex-vpc-public-eu-west-1a", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.4.0/24", - "availability_zone": "eu-west-1a", - "public": true, - "in_use": true, - "nat_gateway": false, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "Name", - "Value": "ex-vpc-public-eu-west-1a" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-0503024220aeb7296", - "id": "subnet-0503024220aeb7296", - "name": "ex-vpc-elasticache-eu-west-1c", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.14.0/24", - "availability_zone": "eu-west-1c", - "public": false, - "in_use": false, - "nat_gateway": true, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "Name", - "Value": "ex-vpc-elasticache-eu-west-1c" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Example", - "Value": "ex-vpc" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-0065b4be93c6e8110", - "id": "subnet-0065b4be93c6e8110", - "name": "ex-vpc-private-eu-west-1c", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.2.0/24", - "availability_zone": "eu-west-1c", - "public": false, - "in_use": true, - "nat_gateway": true, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "Name", - "Value": "ex-vpc-private-eu-west-1c" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-049af33a5bc4a8bee", - "id": "subnet-049af33a5bc4a8bee", - "name": "ex-vpc-intra-eu-west-1b", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.21.0/24", - "availability_zone": "eu-west-1b", - "public": false, - "in_use": false, - "nat_gateway": false, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Name", - "Value": "ex-vpc-intra-eu-west-1b" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-050902d37d76ff633", - "id": "subnet-050902d37d76ff633", - "name": "ex-vpc-db-eu-west-1c", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.10.0/24", - "availability_zone": "eu-west-1c", - "public": false, - "in_use": false, - "nat_gateway": true, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "Name", - "Value": "ex-vpc-db-eu-west-1c" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-0951ea7ab41c5e46f", - "id": "subnet-0951ea7ab41c5e46f", - "name": "Elasticache Subnet Two", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.13.0/24", - "availability_zone": "eu-west-1b", - "public": false, - "in_use": false, - "nat_gateway": true, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "Name", - "Value": "Elasticache Subnet Two" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-08017c3b1071423b7", - "id": "subnet-08017c3b1071423b7", - "name": "Redshift Subnet One", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.16.0/24", - "availability_zone": "eu-west-1a", - "public": false, - "in_use": false, - "nat_gateway": true, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Name", - "Value": "Redshift Subnet One" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Example", - "Value": "ex-vpc" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-066aeeffb9d61ac77", - "id": "subnet-066aeeffb9d61ac77", - "name": "Redshift Subnet Three", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.18.0/24", - "availability_zone": "eu-west-1c", - "public": false, - "in_use": false, - "nat_gateway": true, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Name", - "Value": "Redshift Subnet Three" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-0ea254ffb94ba85e0", - "id": "subnet-0ea254ffb94ba85e0", - "name": "ex-vpc-public-eu-west-1b", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.5.0/24", - "availability_zone": "eu-west-1b", - "public": true, - "in_use": false, - "nat_gateway": false, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Name", - "Value": "ex-vpc-public-eu-west-1b" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-0f2535905905cd998", - "id": "subnet-0f2535905905cd998", - "name": "ex-vpc-intra-eu-west-1a", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.20.0/24", - "availability_zone": "eu-west-1a", - "public": false, - "in_use": false, - "nat_gateway": false, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "Name", - "Value": "ex-vpc-intra-eu-west-1a" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Example", - "Value": "ex-vpc" - } - ] - } - ], - "tags": [ - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Name", - "Value": "ex-vpc" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Example", - "Value": "ex-vpc" - } - ] - } - }, - "group": { - "name": "vpc" - }, - "labels": [ - "GithubOrg:terraform-aws-modules", - "Name:ex-vpc", - "GithubRepo:terraform-aws-vpc", - "Example:ex-vpc" - ], - "name": "vpc-007d791b9b857543e", - "type": "AwsEc2Vpc", - "uid": "arn:aws:ec2:eu-west-1:211203495394:vpc/vpc-007d791b9b857543e" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Ensure all VPC has subnets in more than one availability zone", - "references": [ - "https://docs.aws.amazon.com/vpc/latest/userguide/configure-subnets.html" - ] - }, - "risk_details": "", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "VPC subnet Private Subnet One does NOT assign public IP by default.", - "metadata": { - "event_code": "vpc_subnet_no_public_ip_by_default", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "VPC subnet Private Subnet One does NOT assign public IP by default.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/config/latest/developerguide/subnet-auto-assign-public-ip-disabled.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "RBI-Cyber-Security-Framework": [ - "annex_i_1_3" - ], - "SOC2": [ - "cc_6_6" - ], - "C5-2025": [ - "PS-03.02B" - ], - "AWS-Foundational-Technical-Review": [ - "NETSEC-002" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.1", - "2.10.2" - ], - "CCC": [ - "CCC.MLDE.CN08.AR01" - ], - "AWS-Foundational-Security-Best-Practices": [ - "EC2.15" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "KISA-ISMS-P-2023": [ - "2.6.1", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure VPC subnets do not assign public IP by default", - "title": "Ensure VPC subnets do not assign public IP by default", - "types": [ - "Infrastructure Security" - ], - "uid": "prowler-aws-vpc_subnet_no_public_ip_by_default-211203495394-eu-west-1-subnet-0916ac2a0e7ef95cf" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-0916ac2a0e7ef95cf", - "id": "subnet-0916ac2a0e7ef95cf", - "name": "Private Subnet One", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.0.0/24", - "availability_zone": "eu-west-1a", - "public": false, - "in_use": true, - "nat_gateway": true, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "Name", - "Value": "Private Subnet One" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - } - ] - } - }, - "group": { - "name": "vpc" - }, - "labels": [ - "Name:Private Subnet One", - "Example:ex-vpc", - "GithubRepo:terraform-aws-vpc", - "GithubOrg:terraform-aws-modules" - ], - "name": "subnet-0916ac2a0e7ef95cf", - "type": "AwsEc2Subnet", - "uid": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-0916ac2a0e7ef95cf" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "VPC subnets should not allow automatic public IP assignment", - "references": [ - "https://docs.aws.amazon.com/config/latest/developerguide/subnet-auto-assign-public-ip-disabled.html" - ] - }, - "risk_details": "VPC subnet is a part of the VPC having its own rules for traffic. Assigning the Public IP to the subnet automatically (on launch) can accidentally expose the instances within this subnet to internet and should be edited to 'No' post creation of the Subnet.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "VPC subnet Private Subnet Two does NOT assign public IP by default.", - "metadata": { - "event_code": "vpc_subnet_no_public_ip_by_default", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "VPC subnet Private Subnet Two does NOT assign public IP by default.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/config/latest/developerguide/subnet-auto-assign-public-ip-disabled.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "RBI-Cyber-Security-Framework": [ - "annex_i_1_3" - ], - "SOC2": [ - "cc_6_6" - ], - "C5-2025": [ - "PS-03.02B" - ], - "AWS-Foundational-Technical-Review": [ - "NETSEC-002" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.1", - "2.10.2" - ], - "CCC": [ - "CCC.MLDE.CN08.AR01" - ], - "AWS-Foundational-Security-Best-Practices": [ - "EC2.15" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "KISA-ISMS-P-2023": [ - "2.6.1", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure VPC subnets do not assign public IP by default", - "title": "Ensure VPC subnets do not assign public IP by default", - "types": [ - "Infrastructure Security" - ], - "uid": "prowler-aws-vpc_subnet_no_public_ip_by_default-211203495394-eu-west-1-subnet-094260cca8a477871" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-094260cca8a477871", - "id": "subnet-094260cca8a477871", - "name": "Private Subnet Two", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.1.0/24", - "availability_zone": "eu-west-1b", - "public": false, - "in_use": true, - "nat_gateway": true, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Name", - "Value": "Private Subnet Two" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - } - ] - } - }, - "group": { - "name": "vpc" - }, - "labels": [ - "GithubOrg:terraform-aws-modules", - "Name:Private Subnet Two", - "Example:ex-vpc", - "GithubRepo:terraform-aws-vpc" - ], - "name": "subnet-094260cca8a477871", - "type": "AwsEc2Subnet", - "uid": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-094260cca8a477871" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "VPC subnets should not allow automatic public IP assignment", - "references": [ - "https://docs.aws.amazon.com/config/latest/developerguide/subnet-auto-assign-public-ip-disabled.html" - ] - }, - "risk_details": "VPC subnet is a part of the VPC having its own rules for traffic. Assigning the Public IP to the subnet automatically (on launch) can accidentally expose the instances within this subnet to internet and should be edited to 'No' post creation of the Subnet.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "VPC subnet ex-vpc-public-eu-west-1a does NOT assign public IP by default.", - "metadata": { - "event_code": "vpc_subnet_no_public_ip_by_default", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "VPC subnet ex-vpc-public-eu-west-1a does NOT assign public IP by default.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/config/latest/developerguide/subnet-auto-assign-public-ip-disabled.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "RBI-Cyber-Security-Framework": [ - "annex_i_1_3" - ], - "SOC2": [ - "cc_6_6" - ], - "C5-2025": [ - "PS-03.02B" - ], - "AWS-Foundational-Technical-Review": [ - "NETSEC-002" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.1", - "2.10.2" - ], - "CCC": [ - "CCC.MLDE.CN08.AR01" - ], - "AWS-Foundational-Security-Best-Practices": [ - "EC2.15" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "KISA-ISMS-P-2023": [ - "2.6.1", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure VPC subnets do not assign public IP by default", - "title": "Ensure VPC subnets do not assign public IP by default", - "types": [ - "Infrastructure Security" - ], - "uid": "prowler-aws-vpc_subnet_no_public_ip_by_default-211203495394-eu-west-1-subnet-092b870816e369a70" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-092b870816e369a70", - "id": "subnet-092b870816e369a70", - "name": "ex-vpc-public-eu-west-1a", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.4.0/24", - "availability_zone": "eu-west-1a", - "public": true, - "in_use": true, - "nat_gateway": false, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "Name", - "Value": "ex-vpc-public-eu-west-1a" - } - ] - } - }, - "group": { - "name": "vpc" - }, - "labels": [ - "GithubOrg:terraform-aws-modules", - "GithubRepo:terraform-aws-vpc", - "Example:ex-vpc", - "Name:ex-vpc-public-eu-west-1a" - ], - "name": "subnet-092b870816e369a70", - "type": "AwsEc2Subnet", - "uid": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-092b870816e369a70" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "VPC subnets should not allow automatic public IP assignment", - "references": [ - "https://docs.aws.amazon.com/config/latest/developerguide/subnet-auto-assign-public-ip-disabled.html" - ] - }, - "risk_details": "VPC subnet is a part of the VPC having its own rules for traffic. Assigning the Public IP to the subnet automatically (on launch) can accidentally expose the instances within this subnet to internet and should be edited to 'No' post creation of the Subnet.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "VPC subnet ex-vpc-private-eu-west-1c does NOT assign public IP by default.", - "metadata": { - "event_code": "vpc_subnet_no_public_ip_by_default", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "VPC subnet ex-vpc-private-eu-west-1c does NOT assign public IP by default.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/config/latest/developerguide/subnet-auto-assign-public-ip-disabled.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "RBI-Cyber-Security-Framework": [ - "annex_i_1_3" - ], - "SOC2": [ - "cc_6_6" - ], - "C5-2025": [ - "PS-03.02B" - ], - "AWS-Foundational-Technical-Review": [ - "NETSEC-002" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.1", - "2.10.2" - ], - "CCC": [ - "CCC.MLDE.CN08.AR01" - ], - "AWS-Foundational-Security-Best-Practices": [ - "EC2.15" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "KISA-ISMS-P-2023": [ - "2.6.1", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure VPC subnets do not assign public IP by default", - "title": "Ensure VPC subnets do not assign public IP by default", - "types": [ - "Infrastructure Security" - ], - "uid": "prowler-aws-vpc_subnet_no_public_ip_by_default-211203495394-eu-west-1-subnet-0065b4be93c6e8110" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-0065b4be93c6e8110", - "id": "subnet-0065b4be93c6e8110", - "name": "ex-vpc-private-eu-west-1c", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.2.0/24", - "availability_zone": "eu-west-1c", - "public": false, - "in_use": true, - "nat_gateway": true, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "Name", - "Value": "ex-vpc-private-eu-west-1c" - } - ] - } - }, - "group": { - "name": "vpc" - }, - "labels": [ - "GithubOrg:terraform-aws-modules", - "GithubRepo:terraform-aws-vpc", - "Example:ex-vpc", - "Name:ex-vpc-private-eu-west-1c" - ], - "name": "subnet-0065b4be93c6e8110", - "type": "AwsEc2Subnet", - "uid": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-0065b4be93c6e8110" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "VPC subnets should not allow automatic public IP assignment", - "references": [ - "https://docs.aws.amazon.com/config/latest/developerguide/subnet-auto-assign-public-ip-disabled.html" - ] - }, - "risk_details": "VPC subnet is a part of the VPC having its own rules for traffic. Assigning the Public IP to the subnet automatically (on launch) can accidentally expose the instances within this subnet to internet and should be edited to 'No' post creation of the Subnet.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "VPC ex-vpc has private and public subnets.", - "metadata": { - "event_code": "vpc_subnet_separate_private_public", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "VPC ex-vpc has private and public subnets.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Scenario2.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "SOC2": [ - "cc_6_6" - ], - "C5-2025": [ - "PS-03.02B", - "COS-02.01B", - "COS-07.04B" - ], - "ENS-RD2022": [ - "mp.com.4.aws.vpc.1", - "mp.com.4.r1.aws.vpc.1" - ], - "AWS-Foundational-Technical-Review": [ - "NETSEC-002" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.1", - "2.10.2" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "KISA-ISMS-P-2023": [ - "2.6.1", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure all VPC has public and private subnets defined", - "title": "Ensure all VPC has public and private subnets defined", - "types": [ - "Infrastructure Security" - ], - "uid": "prowler-aws-vpc_subnet_separate_private_public-211203495394-eu-west-1-vpc-007d791b9b857543e" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "eu-west-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:ec2:eu-west-1:211203495394:vpc/vpc-007d791b9b857543e", - "id": "vpc-007d791b9b857543e", - "name": "ex-vpc", - "default": false, - "in_use": true, - "cidr_block": "10.0.0.0/16", - "flow_log": true, - "region": "eu-west-1", - "subnets": [ - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-0ed85e6f7a21ca120", - "id": "subnet-0ed85e6f7a21ca120", - "name": "ex-vpc-db-eu-west-1b", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.9.0/24", - "availability_zone": "eu-west-1b", - "public": false, - "in_use": false, - "nat_gateway": true, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Name", - "Value": "ex-vpc-db-eu-west-1b" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Example", - "Value": "ex-vpc" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-0dff6254fddd22140", - "id": "subnet-0dff6254fddd22140", - "name": "ex-vpc-intra-eu-west-1c", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.22.0/24", - "availability_zone": "eu-west-1c", - "public": false, - "in_use": false, - "nat_gateway": false, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "Name", - "Value": "ex-vpc-intra-eu-west-1c" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-003e93ce0ba0d219a", - "id": "subnet-003e93ce0ba0d219a", - "name": "Redshift Subnet Two", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.17.0/24", - "availability_zone": "eu-west-1b", - "public": false, - "in_use": false, - "nat_gateway": true, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Name", - "Value": "Redshift Subnet Two" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-0b96cff7e9a8bbcac", - "id": "subnet-0b96cff7e9a8bbcac", - "name": "Elasticache Subnet One", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.12.0/24", - "availability_zone": "eu-west-1a", - "public": false, - "in_use": false, - "nat_gateway": true, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "Name", - "Value": "Elasticache Subnet One" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-00526a0cd693d0679", - "id": "subnet-00526a0cd693d0679", - "name": "ex-vpc-public-eu-west-1c", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.6.0/24", - "availability_zone": "eu-west-1c", - "public": true, - "in_use": false, - "nat_gateway": false, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "Name", - "Value": "ex-vpc-public-eu-west-1c" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-03dfe7e9e94d1af9f", - "id": "subnet-03dfe7e9e94d1af9f", - "name": "DB Subnet One", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.8.0/24", - "availability_zone": "eu-west-1a", - "public": false, - "in_use": false, - "nat_gateway": true, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Name", - "Value": "DB Subnet One" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Example", - "Value": "ex-vpc" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-0916ac2a0e7ef95cf", - "id": "subnet-0916ac2a0e7ef95cf", - "name": "Private Subnet One", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.0.0/24", - "availability_zone": "eu-west-1a", - "public": false, - "in_use": true, - "nat_gateway": true, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "Name", - "Value": "Private Subnet One" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-094260cca8a477871", - "id": "subnet-094260cca8a477871", - "name": "Private Subnet Two", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.1.0/24", - "availability_zone": "eu-west-1b", - "public": false, - "in_use": true, - "nat_gateway": true, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Name", - "Value": "Private Subnet Two" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-092b870816e369a70", - "id": "subnet-092b870816e369a70", - "name": "ex-vpc-public-eu-west-1a", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.4.0/24", - "availability_zone": "eu-west-1a", - "public": true, - "in_use": true, - "nat_gateway": false, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "Name", - "Value": "ex-vpc-public-eu-west-1a" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-0503024220aeb7296", - "id": "subnet-0503024220aeb7296", - "name": "ex-vpc-elasticache-eu-west-1c", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.14.0/24", - "availability_zone": "eu-west-1c", - "public": false, - "in_use": false, - "nat_gateway": true, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "Name", - "Value": "ex-vpc-elasticache-eu-west-1c" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Example", - "Value": "ex-vpc" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-0065b4be93c6e8110", - "id": "subnet-0065b4be93c6e8110", - "name": "ex-vpc-private-eu-west-1c", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.2.0/24", - "availability_zone": "eu-west-1c", - "public": false, - "in_use": true, - "nat_gateway": true, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "Name", - "Value": "ex-vpc-private-eu-west-1c" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-049af33a5bc4a8bee", - "id": "subnet-049af33a5bc4a8bee", - "name": "ex-vpc-intra-eu-west-1b", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.21.0/24", - "availability_zone": "eu-west-1b", - "public": false, - "in_use": false, - "nat_gateway": false, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Name", - "Value": "ex-vpc-intra-eu-west-1b" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-050902d37d76ff633", - "id": "subnet-050902d37d76ff633", - "name": "ex-vpc-db-eu-west-1c", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.10.0/24", - "availability_zone": "eu-west-1c", - "public": false, - "in_use": false, - "nat_gateway": true, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "Name", - "Value": "ex-vpc-db-eu-west-1c" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-0951ea7ab41c5e46f", - "id": "subnet-0951ea7ab41c5e46f", - "name": "Elasticache Subnet Two", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.13.0/24", - "availability_zone": "eu-west-1b", - "public": false, - "in_use": false, - "nat_gateway": true, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "Name", - "Value": "Elasticache Subnet Two" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-08017c3b1071423b7", - "id": "subnet-08017c3b1071423b7", - "name": "Redshift Subnet One", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.16.0/24", - "availability_zone": "eu-west-1a", - "public": false, - "in_use": false, - "nat_gateway": true, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Name", - "Value": "Redshift Subnet One" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Example", - "Value": "ex-vpc" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-066aeeffb9d61ac77", - "id": "subnet-066aeeffb9d61ac77", - "name": "Redshift Subnet Three", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.18.0/24", - "availability_zone": "eu-west-1c", - "public": false, - "in_use": false, - "nat_gateway": true, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Name", - "Value": "Redshift Subnet Three" - }, - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-0ea254ffb94ba85e0", - "id": "subnet-0ea254ffb94ba85e0", - "name": "ex-vpc-public-eu-west-1b", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.5.0/24", - "availability_zone": "eu-west-1b", - "public": true, - "in_use": false, - "nat_gateway": false, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "Example", - "Value": "ex-vpc" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Name", - "Value": "ex-vpc-public-eu-west-1b" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - } - ] - }, - { - "arn": "arn:aws:ec2:eu-west-1:211203495394:subnet/subnet-0f2535905905cd998", - "id": "subnet-0f2535905905cd998", - "name": "ex-vpc-intra-eu-west-1a", - "default": false, - "vpc_id": "vpc-007d791b9b857543e", - "cidr_block": "10.0.20.0/24", - "availability_zone": "eu-west-1a", - "public": false, - "in_use": false, - "nat_gateway": false, - "region": "eu-west-1", - "mapPublicIpOnLaunch": false, - "tags": [ - { - "Key": "Name", - "Value": "ex-vpc-intra-eu-west-1a" - }, - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Example", - "Value": "ex-vpc" - } - ] - } - ], - "tags": [ - { - "Key": "GithubOrg", - "Value": "terraform-aws-modules" - }, - { - "Key": "Name", - "Value": "ex-vpc" - }, - { - "Key": "GithubRepo", - "Value": "terraform-aws-vpc" - }, - { - "Key": "Example", - "Value": "ex-vpc" - } - ] - } - }, - "group": { - "name": "vpc" - }, - "labels": [ - "GithubOrg:terraform-aws-modules", - "Name:ex-vpc", - "GithubRepo:terraform-aws-vpc", - "Example:ex-vpc" - ], - "name": "vpc-007d791b9b857543e", - "type": "AwsEc2Vpc", - "uid": "arn:aws:ec2:eu-west-1:211203495394:vpc/vpc-007d791b9b857543e" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "eu-west-1" - }, - "remediation": { - "desc": "Ensure all VPC has public and private subnets defined", - "references": [ - "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Scenario2.html" - ] - }, - "risk_details": "", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - } -] diff --git a/website/src/data/test-results/finos-labs-ccc-cfi-compliance/secure-aws-bucket/results/secure-aws-bucket-delta.ocsf.json b/website/src/data/test-results/finos-labs-ccc-cfi-compliance/secure-aws-bucket/results/secure-aws-bucket-delta.ocsf.json deleted file mode 100644 index c699bf5a..00000000 --- a/website/src/data/test-results/finos-labs-ccc-cfi-compliance/secure-aws-bucket/results/secure-aws-bucket-delta.ocsf.json +++ /dev/null @@ -1,10288 +0,0 @@ -[ - { - "message": "Log Group /aws/s3/prod-my-secure-s3-bucket-20250423 does have AWS KMS key arn:aws:kms:us-east-1:211203495394:key/78e11b27-598e-4e70-b556-ee62b95a4501 associated.", - "metadata": { - "event_code": "cloudwatch_log_group_kms_encryption_enabled", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Log Group /aws/s3/prod-my-secure-s3-bucket-20250423 does have AWS KMS key arn:aws:kms:us-east-1:211203495394:key/78e11b27-598e-4e70-b556-ee62b95a4501 associated.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/cli/latest/reference/logs/associate-kms-key.html", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_3_8", - "3_13_11", - "3_13_16" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_1_3" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_308_a_4_ii_a", - "164_312_a_2_iv", - "164_312_e_2_ii" - ], - "SOC2": [ - "cc_7_3" - ], - "C5-2025": [ - "OIS-04.01AC", - "OIS-08.02B", - "AM-01.01AC", - "OPS-11.02AC", - "OPS-13.03B", - "OPS-14.03B", - "OPS-26.05B", - "OPS-26.01AS", - "OPS-31.01B", - "IAM-07.03B", - "CRY-01.02AC", - "CRY-05.02B", - "CRY-05.01AC", - "PSS-04.01B", - "PSS-04.04B", - "PSS-12.02B" - ], - "NIST-CSF-1.1": [ - "ds_1" - ], - "FedRamp-Moderate-Revision-4": [ - "au-9", - "sc-28" - ], - "NIST-800-53-Revision-5": [ - "au_9_3", - "cp_9_d", - "sc_8_3", - "sc_8_4", - "sc_13_a", - "sc_28_1", - "si_19_4" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "PCI-4.0": [ - "10.3.2.3", - "10.3.3.5", - "10.3.4.4", - "3.5.1.4", - "8.3.2.8", - "A1.2.1.9" - ], - "FedRAMP-Low-Revision-4": [ - "au-9" - ], - "GDPR": [ - "article_32" - ], - "PCI-3.2.1": [ - "3.4", - "3.4.1", - "3.4.1.a", - "3.4.1.c", - "3.4.a", - "3.4.b", - "3.4.d", - "8.2", - "8.2.1", - "8.2.1.a" - ], - "GxP-EU-Annex-11": [ - "7.1-data-storage-damage-protection" - ], - "CCC": [ - "CCC.Monitor.CN04.AR01", - "CCC.Core.CN09.AR03", - "CCC.Core.CN02.AR01", - "CCC.Core.CN04.AR03" - ], - "GxP-21-CFR-Part-11": [ - "11.30" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP02" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.15", - "A.8.16", - "A.8.24" - ], - "NIST-800-53-Revision-4": [ - "au_9", - "sc_28" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1040" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Check if CloudWatch log groups are protected by AWS KMS.", - "title": "Check if CloudWatch log groups are protected by AWS KMS.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-cloudwatch_log_group_kms_encryption_enabled-211203495394-us-east-1-/aws/s3/prod-my-secure-s3-bucket-20250423" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:logs:us-east-1:211203495394:log-group:/aws/s3/prod-my-secure-s3-bucket-20250423:*", - "name": "/aws/s3/prod-my-secure-s3-bucket-20250423", - "retention_days": 30, - "never_expire": false, - "kms_id": "arn:aws:kms:us-east-1:211203495394:key/78e11b27-598e-4e70-b556-ee62b95a4501", - "region": "us-east-1", - "log_streams": {}, - "tags": [] - } - }, - "group": { - "name": "cloudwatch" - }, - "labels": [], - "name": "/aws/s3/prod-my-secure-s3-bucket-20250423", - "type": "Other", - "uid": "arn:aws:logs:us-east-1:211203495394:log-group:/aws/s3/prod-my-secure-s3-bucket-20250423:*" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Associate KMS Key with Cloudwatch log group.", - "references": [ - "https://docs.aws.amazon.com/cli/latest/reference/logs/associate-kms-key.html" - ] - }, - "risk_details": "Using customer managed KMS to encrypt CloudWatch log group provide additional confidentiality and control over the log data.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No secrets found in /aws/s3/prod-my-secure-s3-bucket-20250423 log group.", - "metadata": { - "event_code": "cloudwatch_log_group_no_secrets_in_logs", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "No secrets found in /aws/s3/prod-my-secure-s3-bucket-20250423 log group.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html", - "categories": [ - "secrets" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "AM-01.01AC", - "OPS-11.01AC", - "OPS-11.02AC", - "OPS-13.03B", - "OPS-26.05B", - "OPS-26.01AS", - "PSS-04.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "CCC": [ - "CCC.GenAI.CN04.AR01" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1552" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Check if secrets exists in CloudWatch logs", - "title": "Check if secrets exists in CloudWatch logs.", - "types": [ - "Protect", - "Secure development" - ], - "uid": "prowler-aws-cloudwatch_log_group_no_secrets_in_logs-211203495394-us-east-1-/aws/s3/prod-my-secure-s3-bucket-20250423" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:logs:us-east-1:211203495394:log-group:/aws/s3/prod-my-secure-s3-bucket-20250423:*", - "name": "/aws/s3/prod-my-secure-s3-bucket-20250423", - "retention_days": 30, - "never_expire": false, - "kms_id": "arn:aws:kms:us-east-1:211203495394:key/78e11b27-598e-4e70-b556-ee62b95a4501", - "region": "us-east-1", - "log_streams": {}, - "tags": [] - } - }, - "group": { - "name": "cloudwatch" - }, - "labels": [], - "name": "/aws/s3/prod-my-secure-s3-bucket-20250423", - "type": "Other", - "uid": "arn:aws:logs:us-east-1:211203495394:log-group:/aws/s3/prod-my-secure-s3-bucket-20250423:*" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "It is recommended that sensitive information is not logged to CloudWatch logs. Alternatively, sensitive data may be masked using a protection policy", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/mask-sensitive-log-data.html" - ] - }, - "risk_details": "Storing sensitive data in CloudWatch logs could allow an attacker with read-only access to escalate their privileges or gain unauthorised access to systems.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Log Group /aws/s3/prod-my-secure-s3-bucket-20250423 is not publicly accessible.", - "metadata": { - "event_code": "cloudwatch_log_group_not_publicly_accessible", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Log Group /aws/s3/prod-my-secure-s3-bucket-20250423 is not publicly accessible.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/iam-access-control-overview-cwl.html", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "AM-01.01AC", - "PS-03.02B", - "OPS-11.02AC", - "OPS-26.05B", - "OPS-26.01AS", - "IAM-10.01B", - "COS-02.01B", - "PSS-04.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.1", - "2.10.1", - "2.10.2" - ], - "CCC": [ - "CCC.AuditLog.CN09.AR01", - "CCC.AuditLog.CN04.AR01", - "CCC.Monitor.CN04.AR01", - "CCC.Monitor.CN06.AR01", - "CCC.Core.CN09.AR02", - "CCC.Core.CN09.AR03", - "CCC.Core.CN04.AR03" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "KISA-ISMS-P-2023": [ - "2.6.1", - "2.10.1", - "2.10.2" - ], - "NIS2": [ - "3.2.3.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "This check ensures that no CloudWatch Log Groups are publicly accessible by checking for resource policies that allow access from any entity (Principal: '*'). Publicly exposed log groups pose a serious security risk as sensitive log data could be accessed by unauthorized parties.", - "title": "Ensure that CloudWatch Log Groups are not publicly accessible", - "types": [ - "Software and Configuration Checks/AWS Security Best Practices" - ], - "uid": "prowler-aws-cloudwatch_log_group_not_publicly_accessible-211203495394-us-east-1-/aws/s3/prod-my-secure-s3-bucket-20250423" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:logs:us-east-1:211203495394:log-group:/aws/s3/prod-my-secure-s3-bucket-20250423:*", - "name": "/aws/s3/prod-my-secure-s3-bucket-20250423", - "retention_days": 30, - "never_expire": false, - "kms_id": "arn:aws:kms:us-east-1:211203495394:key/78e11b27-598e-4e70-b556-ee62b95a4501", - "region": "us-east-1", - "log_streams": {}, - "tags": [] - } - }, - "group": { - "name": "cloudwatch" - }, - "labels": [], - "name": "/aws/s3/prod-my-secure-s3-bucket-20250423", - "type": "Other", - "uid": "arn:aws:logs:us-east-1:211203495394:log-group:/aws/s3/prod-my-secure-s3-bucket-20250423:*" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Ensure that CloudWatch Log Groups are not publicly accessible. Review and remove any resource policies that allow public access (Principal: '*') to log groups.", - "references": [ - "https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/iam-access-control-overview-cwl.html" - ] - }, - "risk_details": "Publicly accessible CloudWatch Log Groups can expose sensitive information, leading to data breaches or unauthorized access. It is important to ensure that log groups are only accessible by trusted entities.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Log Group /aws/s3/prod-my-secure-s3-bucket-20250423 has less than 365 days retention period (30 days).", - "metadata": { - "event_code": "cloudwatch_log_group_retention_policy_specific_days_enabled", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Log Group /aws/s3/prod-my-secure-s3-bucket-20250423 has less than 365 days retention period (30 days).", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/AWS_Logs.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_3_1", - "3_6_1", - "3_6_2" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_4" - ], - "HIPAA": [ - "164_312_b" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_c_1_2" - ], - "C5-2025": [ - "AM-01.01AC", - "OPS-11.02AC", - "OPS-14.01B", - "OPS-14.02B", - "OPS-26.05B", - "OPS-26.01AS", - "PI-03.02B", - "PSS-04.01B" - ], - "FedRamp-Moderate-Revision-4": [ - "au-6-1-3", - "au-11", - "si-12" - ], - "NIST-800-53-Revision-5": [ - "ac_16_b", - "au_6_3", - "au_6_4", - "au_6_6", - "au_6_9", - "au_10", - "au_11", - "au_11_1", - "au_12_1", - "au_12_2", - "au_12_3", - "au_14_a", - "au_14_b", - "ca_7_b", - "pm_14_a_1", - "pm_14_b", - "pm_21_b", - "pm_31", - "sc_28_2", - "si_4_17", - "si_12" - ], - "ENS-RD2022": [ - "op.exp.8.r3.aws.cw.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "PCI-4.0": [ - "10.5.1.4", - "3.2.1.3", - "3.3.1.1.3", - "3.3.1.3.3", - "3.3.2.3", - "3.3.3.3", - "5.3.4.11" - ], - "FedRAMP-Low-Revision-4": [ - "au-11" - ], - "FFIEC": [ - "d2-ma-ma-b-1" - ], - "PCI-3.2.1": [ - "10.1", - "10.7", - "10.7.b", - "10.7.c" - ], - "CCC": [ - "CCC.Logging.CN02.AR01", - "CCC.Logging.CN02.AR02" - ], - "GxP-21-CFR-Part-11": [ - "11.10-c", - "11.10-e" - ], - "ProwlerThreatScore-1.0": [ - "3.2.2" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC03-BP06" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.16" - ], - "NIST-800-53-Revision-4": [ - "au_11", - "si_12" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.1", - "2.10.2" - ], - "NIS2": [ - "1.1.1.h", - "3.2.3.c", - "3.2.5", - "4.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Check if CloudWatch Log Groups have a retention policy of specific days.", - "title": "Check if CloudWatch Log Groups have a retention policy of specific days.", - "types": [ - "Data Retention" - ], - "uid": "prowler-aws-cloudwatch_log_group_retention_policy_specific_days_enabled-211203495394-us-east-1-/aws/s3/prod-my-secure-s3-bucket-20250423" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:logs:us-east-1:211203495394:log-group:/aws/s3/prod-my-secure-s3-bucket-20250423:*", - "name": "/aws/s3/prod-my-secure-s3-bucket-20250423", - "retention_days": 30, - "never_expire": false, - "kms_id": "arn:aws:kms:us-east-1:211203495394:key/78e11b27-598e-4e70-b556-ee62b95a4501", - "region": "us-east-1", - "log_streams": {}, - "tags": [] - } - }, - "group": { - "name": "cloudwatch" - }, - "labels": [], - "name": "/aws/s3/prod-my-secure-s3-bucket-20250423", - "type": "AwsLogsLogGroup", - "uid": "arn:aws:logs:us-east-1:211203495394:log-group:/aws/s3/prod-my-secure-s3-bucket-20250423:*" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Add Log Retention policy of specific days to log groups. This will persist logs and traces for a long time.", - "references": [ - "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/AWS_Logs.html" - ] - }, - "risk_details": "If log groups have a low retention policy of less than specific days, crucial logs and data can be lost.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 78e11b27-598e-4e70-b556-ee62b95a4501 is being used.", - "metadata": { - "event_code": "kms_cmk_are_used", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "KMS CMK 78e11b27-598e-4e70-b556-ee62b95a4501 is being used.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "CCC": [ - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP01" - ], - "ISO27001-2022": [ - "A.8.5", - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.1", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Check if there are CMK KMS keys not used.", - "title": "Check if there are CMK KMS keys not used.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-kms_cmk_are_used-211203495394-us-east-1-78e11b27-598e-4e70-b556-ee62b95a4501" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "id": "78e11b27-598e-4e70-b556-ee62b95a4501", - "arn": "arn:aws:kms:us-east-1:211203495394:key/78e11b27-598e-4e70-b556-ee62b95a4501", - "state": "Enabled", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": true, - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - }, - { - "Sid": "Allow CloudWatch Logs", - "Effect": "Allow", - "Principal": { - "Service": "logs.us-east-1.amazonaws.com" - }, - "Action": [ - "kms:Encrypt*", - "kms:Decrypt*", - "kms:ReEncrypt*", - "kms:GenerateDataKey*", - "kms:Describe*" - ], - "Resource": "*", - "Condition": { - "ArnLike": { - "kms:EncryptionContext:aws:logs:arn": "arn:aws:logs:us-east-1:211203495394:log-group:/aws/s3/*" - } - } - }, - { - "Sid": "Allow Key Users", - "Effect": "Allow", - "Principal": { - "AWS": [ - "arn:aws:iam::211203495394:root", - "arn:aws:iam::211203495394:user/terraform-user" - ] - }, - "Action": [ - "kms:Encrypt", - "kms:Decrypt", - "kms:ReEncrypt*", - "kms:GenerateDataKey*", - "kms:DescribeKey" - ], - "Resource": "*", - "Condition": { - "ArnLike": { - "kms:EncryptionContext:aws:logs:arn": "arn:aws:logs:us-east-1:211203495394:log-group:/aws/s3/*" - } - } - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "us-east-1", - "multi_region": false, - "tags": [ - { - "TagKey": "Environment", - "TagValue": "Production" - }, - { - "TagKey": "Owner", - "TagValue": "CFI" - }, - { - "TagKey": "managed-by", - "TagValue": "terraform" - }, - { - "TagKey": "module", - "TagValue": "secure-s3" - } - ] - } - }, - "group": { - "name": "kms" - }, - "labels": [ - "TagKey:module", - "TagValue:secure-s3" - ], - "name": "78e11b27-598e-4e70-b556-ee62b95a4501", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:us-east-1:211203495394:key/78e11b27-598e-4e70-b556-ee62b95a4501" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Before deleting a customer master key (CMK), you might want to know how many cipher-texts were encrypted under that key.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-determining-usage.html" - ] - }, - "risk_details": "Unused keys may increase service cost.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 78e11b27-598e-4e70-b556-ee62b95a4501 is not scheduled for deletion.", - "metadata": { - "event_code": "kms_cmk_not_deleted_unintentionally", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "PASS", - "status_detail": "KMS CMK 78e11b27-598e-4e70-b556-ee62b95a4501 is not scheduled for deletion.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "AM-07.02B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-16.02B", - "CRY-19.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.9.2", - "2.10.1" - ], - "PCI-4.0": [ - "3.5.1.1.9", - "3.5.1.3.17", - "3.6.1.2.9", - "3.6.1.3.9", - "3.6.1.4.9", - "3.6.1.9", - "3.7.1.10", - "3.7.2.9", - "3.7.4.10", - "3.7.6.9", - "3.7.7.9", - "4.2.1.1.22" - ], - "CCC": [ - "CCC.KeyMgmt.CN01.AR01", - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR02", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.ObjStor.CN05.AR04", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04" - ], - "AWS-Foundational-Security-Best-Practices": [ - "KMS.3" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.9.2", - "2.10.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure there is no customer keys scheduled for deletion.", - "title": "AWS KMS keys should not be deleted unintentionally", - "types": [ - "Data Deletion Protection" - ], - "uid": "prowler-aws-kms_cmk_not_deleted_unintentionally-211203495394-us-east-1-78e11b27-598e-4e70-b556-ee62b95a4501" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "id": "78e11b27-598e-4e70-b556-ee62b95a4501", - "arn": "arn:aws:kms:us-east-1:211203495394:key/78e11b27-598e-4e70-b556-ee62b95a4501", - "state": "Enabled", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": true, - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - }, - { - "Sid": "Allow CloudWatch Logs", - "Effect": "Allow", - "Principal": { - "Service": "logs.us-east-1.amazonaws.com" - }, - "Action": [ - "kms:Encrypt*", - "kms:Decrypt*", - "kms:ReEncrypt*", - "kms:GenerateDataKey*", - "kms:Describe*" - ], - "Resource": "*", - "Condition": { - "ArnLike": { - "kms:EncryptionContext:aws:logs:arn": "arn:aws:logs:us-east-1:211203495394:log-group:/aws/s3/*" - } - } - }, - { - "Sid": "Allow Key Users", - "Effect": "Allow", - "Principal": { - "AWS": [ - "arn:aws:iam::211203495394:root", - "arn:aws:iam::211203495394:user/terraform-user" - ] - }, - "Action": [ - "kms:Encrypt", - "kms:Decrypt", - "kms:ReEncrypt*", - "kms:GenerateDataKey*", - "kms:DescribeKey" - ], - "Resource": "*", - "Condition": { - "ArnLike": { - "kms:EncryptionContext:aws:logs:arn": "arn:aws:logs:us-east-1:211203495394:log-group:/aws/s3/*" - } - } - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "us-east-1", - "multi_region": false, - "tags": [ - { - "TagKey": "Environment", - "TagValue": "Production" - }, - { - "TagKey": "Owner", - "TagValue": "CFI" - }, - { - "TagKey": "managed-by", - "TagValue": "terraform" - }, - { - "TagKey": "module", - "TagValue": "secure-s3" - } - ] - } - }, - "group": { - "name": "kms" - }, - "labels": [ - "TagKey:module", - "TagValue:secure-s3" - ], - "name": "78e11b27-598e-4e70-b556-ee62b95a4501", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:us-east-1:211203495394:key/78e11b27-598e-4e70-b556-ee62b95a4501" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Cancel the deletion before the end of the period unless you really want to delete that CMK, as it will no longer be usable.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.html#deleting-keys-scheduling-key-deletion-console" - ] - }, - "risk_details": "KMS keys cannot be recovered once deleted, also, all the data under a KMS key is also permanently unrecoverable if the KMS key is deleted.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 78e11b27-598e-4e70-b556-ee62b95a4501 is a single-region key.", - "metadata": { - "event_code": "kms_cmk_not_multi_region", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "KMS CMK 78e11b27-598e-4e70-b556-ee62b95a4501 is a single-region key.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html#multi-region-concepts", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Multi-region keys should be used only when absolutely necessary, such as for cross-region disaster recovery, and should be carefully managed with strict access controls.", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS", - "CRY-03.01B", - "CRY-05.02B", - "CRY-10.01B", - "CRY-19.01B", - "PSS-12.02AC" - ], - "CCC": [ - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.ObjStor.CN01.AR04", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04", - "CCC.Core.CN11.AR05" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure that AWS KMS customer managed keys (CMKs) are not multi-region to maintain strict data control and compliance with security best practices.", - "title": "AWS KMS customer managed keys should not be multi-Region", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-kms_cmk_not_multi_region-211203495394-us-east-1-78e11b27-598e-4e70-b556-ee62b95a4501" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "id": "78e11b27-598e-4e70-b556-ee62b95a4501", - "arn": "arn:aws:kms:us-east-1:211203495394:key/78e11b27-598e-4e70-b556-ee62b95a4501", - "state": "Enabled", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": true, - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - }, - { - "Sid": "Allow CloudWatch Logs", - "Effect": "Allow", - "Principal": { - "Service": "logs.us-east-1.amazonaws.com" - }, - "Action": [ - "kms:Encrypt*", - "kms:Decrypt*", - "kms:ReEncrypt*", - "kms:GenerateDataKey*", - "kms:Describe*" - ], - "Resource": "*", - "Condition": { - "ArnLike": { - "kms:EncryptionContext:aws:logs:arn": "arn:aws:logs:us-east-1:211203495394:log-group:/aws/s3/*" - } - } - }, - { - "Sid": "Allow Key Users", - "Effect": "Allow", - "Principal": { - "AWS": [ - "arn:aws:iam::211203495394:root", - "arn:aws:iam::211203495394:user/terraform-user" - ] - }, - "Action": [ - "kms:Encrypt", - "kms:Decrypt", - "kms:ReEncrypt*", - "kms:GenerateDataKey*", - "kms:DescribeKey" - ], - "Resource": "*", - "Condition": { - "ArnLike": { - "kms:EncryptionContext:aws:logs:arn": "arn:aws:logs:us-east-1:211203495394:log-group:/aws/s3/*" - } - } - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "us-east-1", - "multi_region": false, - "tags": [ - { - "TagKey": "Environment", - "TagValue": "Production" - }, - { - "TagKey": "Owner", - "TagValue": "CFI" - }, - { - "TagKey": "managed-by", - "TagValue": "terraform" - }, - { - "TagKey": "module", - "TagValue": "secure-s3" - } - ] - } - }, - "group": { - "name": "kms" - }, - "labels": [ - "TagKey:module", - "TagValue:secure-s3" - ], - "name": "78e11b27-598e-4e70-b556-ee62b95a4501", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:us-east-1:211203495394:key/78e11b27-598e-4e70-b556-ee62b95a4501" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Identify and replace multi-region keys with single-region KMS keys to enhance security and access control.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/mrk-when-to-use.html" - ] - }, - "risk_details": "Multi-region KMS keys can increase the risk of unauthorized access and data exposure, as managing access controls and auditing across multiple regions becomes more complex. This expanded attack surface may lead to compliance violations and data breaches.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS CMK 78e11b27-598e-4e70-b556-ee62b95a4501 has automatic rotation enabled.", - "metadata": { - "event_code": "kms_cmk_rotation_enabled", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "KMS CMK 78e11b27-598e-4e70-b556-ee62b95a4501 has automatic rotation enabled.", - "status_id": 1, - "unmapped": { - "related_url": "https://aws.amazon.com/blogs/security/how-to-get-ready-for-certificate-transparency/", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "RBI-Cyber-Security-Framework": [ - "annex_i_1_3" - ], - "HIPAA": [ - "164_312_a_2_iv" - ], - "C5-2025": [ - "OIS-08.02B", - "CRY-05.02B", - "CRY-06.01B", - "CRY-07.01B", - "CRY-09.02B", - "CRY-19.01B" - ], - "FedRamp-Moderate-Revision-4": [ - "sc-12" - ], - "CIS-3.0": [ - "3.6" - ], - "NIST-800-53-Revision-5": [ - "cm_6_a", - "cm_9_b", - "sa_9_6", - "sc_12", - "sc_12_2", - "sc_12_6" - ], - "ENS-RD2022": [ - "op.exp.10.aws.cmk.3" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "CIS-4.0.1": [ - "3.6" - ], - "PCI-4.0": [ - "3.7.4.5", - "3.7.5.2" - ], - "FedRAMP-Low-Revision-4": [ - "sc-12" - ], - "GDPR": [ - "article_25", - "article_30" - ], - "CIS-5.0": [ - "3.6" - ], - "CIS-1.4": [ - "3.8" - ], - "CCC": [ - "CCC.KeyMgmt.CN02.AR01", - "CCC.KeyMgmt.CN03.AR01", - "CCC.KeyMgmt.CN04.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04", - "CCC.Core.CN11.AR05", - "CCC.Core.CN11.AR06" - ], - "GxP-21-CFR-Part-11": [ - "11.30" - ], - "ProwlerThreatScore-1.0": [ - "3.2.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "KMS.4" - ], - "CIS-1.5": [ - "3.8" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC02-BP05" - ], - "ISO27001-2022": [ - "A.8.5", - "A.8.11", - "A.8.24" - ], - "NIST-800-53-Revision-4": [ - "sc_12" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "CIS-2.0": [ - "3.8" - ], - "CISA": [ - "your-systems-3" - ], - "NIS2": [ - "11.6.2.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure rotation for customer created KMS CMKs is enabled.", - "title": "Ensure rotation for customer created KMS CMKs is enabled.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-kms_cmk_rotation_enabled-211203495394-us-east-1-78e11b27-598e-4e70-b556-ee62b95a4501" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "id": "78e11b27-598e-4e70-b556-ee62b95a4501", - "arn": "arn:aws:kms:us-east-1:211203495394:key/78e11b27-598e-4e70-b556-ee62b95a4501", - "state": "Enabled", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": true, - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - }, - { - "Sid": "Allow CloudWatch Logs", - "Effect": "Allow", - "Principal": { - "Service": "logs.us-east-1.amazonaws.com" - }, - "Action": [ - "kms:Encrypt*", - "kms:Decrypt*", - "kms:ReEncrypt*", - "kms:GenerateDataKey*", - "kms:Describe*" - ], - "Resource": "*", - "Condition": { - "ArnLike": { - "kms:EncryptionContext:aws:logs:arn": "arn:aws:logs:us-east-1:211203495394:log-group:/aws/s3/*" - } - } - }, - { - "Sid": "Allow Key Users", - "Effect": "Allow", - "Principal": { - "AWS": [ - "arn:aws:iam::211203495394:root", - "arn:aws:iam::211203495394:user/terraform-user" - ] - }, - "Action": [ - "kms:Encrypt", - "kms:Decrypt", - "kms:ReEncrypt*", - "kms:GenerateDataKey*", - "kms:DescribeKey" - ], - "Resource": "*", - "Condition": { - "ArnLike": { - "kms:EncryptionContext:aws:logs:arn": "arn:aws:logs:us-east-1:211203495394:log-group:/aws/s3/*" - } - } - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "us-east-1", - "multi_region": false, - "tags": [ - { - "TagKey": "Environment", - "TagValue": "Production" - }, - { - "TagKey": "Owner", - "TagValue": "CFI" - }, - { - "TagKey": "managed-by", - "TagValue": "terraform" - }, - { - "TagKey": "module", - "TagValue": "secure-s3" - } - ] - } - }, - "group": { - "name": "kms" - }, - "labels": [ - "TagKey:module", - "TagValue:secure-s3" - ], - "name": "78e11b27-598e-4e70-b556-ee62b95a4501", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:us-east-1:211203495394:key/78e11b27-598e-4e70-b556-ee62b95a4501" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "For every KMS Customer Master Keys (CMKs), ensure that Rotate this key every year is enabled.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html" - ] - }, - "risk_details": "Cryptographic best practices discourage extensive reuse of encryption keys. Consequently, Customer Master Keys (CMKs) should be rotated to prevent usage of compromised keys.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "KMS key 78e11b27-598e-4e70-b556-ee62b95a4501 is not exposed to Public.", - "metadata": { - "event_code": "kms_key_not_publicly_accessible", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "KMS key 78e11b27-598e-4e70-b556-ee62b95a4501 is not exposed to Public.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/kms/latest/developerguide/determining-access.html", - "categories": [ - "internet-exposed", - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "PS-03.02B", - "IAM-10.01B", - "CRY-03.01B", - "CRY-05.02B", - "CRY-19.01B", - "COS-02.01B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "CCC": [ - "CCC.ObjStor.CN01.AR01", - "CCC.ObjStor.CN01.AR02", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04" - ], - "ProwlerThreatScore-1.0": [ - "2.2.14" - ], - "AWS-Foundational-Security-Best-Practices": [ - "KMS.5" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC03-BP07" - ], - "ISO27001-2022": [ - "A.8.1" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.1", - "2.10.2" - ], - "NIS2": [ - "9.2.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Check exposed KMS keys", - "title": "Check exposed KMS keys", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-kms_key_not_publicly_accessible-211203495394-us-east-1-78e11b27-598e-4e70-b556-ee62b95a4501" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "id": "78e11b27-598e-4e70-b556-ee62b95a4501", - "arn": "arn:aws:kms:us-east-1:211203495394:key/78e11b27-598e-4e70-b556-ee62b95a4501", - "state": "Enabled", - "origin": "AWS_KMS", - "manager": "CUSTOMER", - "rotation_enabled": true, - "policy": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::211203495394:root" - }, - "Action": "kms:*", - "Resource": "*" - }, - { - "Sid": "Allow CloudWatch Logs", - "Effect": "Allow", - "Principal": { - "Service": "logs.us-east-1.amazonaws.com" - }, - "Action": [ - "kms:Encrypt*", - "kms:Decrypt*", - "kms:ReEncrypt*", - "kms:GenerateDataKey*", - "kms:Describe*" - ], - "Resource": "*", - "Condition": { - "ArnLike": { - "kms:EncryptionContext:aws:logs:arn": "arn:aws:logs:us-east-1:211203495394:log-group:/aws/s3/*" - } - } - }, - { - "Sid": "Allow Key Users", - "Effect": "Allow", - "Principal": { - "AWS": [ - "arn:aws:iam::211203495394:root", - "arn:aws:iam::211203495394:user/terraform-user" - ] - }, - "Action": [ - "kms:Encrypt", - "kms:Decrypt", - "kms:ReEncrypt*", - "kms:GenerateDataKey*", - "kms:DescribeKey" - ], - "Resource": "*", - "Condition": { - "ArnLike": { - "kms:EncryptionContext:aws:logs:arn": "arn:aws:logs:us-east-1:211203495394:log-group:/aws/s3/*" - } - } - } - ] - }, - "spec": "SYMMETRIC_DEFAULT", - "region": "us-east-1", - "multi_region": false, - "tags": [ - { - "TagKey": "Environment", - "TagValue": "Production" - }, - { - "TagKey": "Owner", - "TagValue": "CFI" - }, - { - "TagKey": "managed-by", - "TagValue": "terraform" - }, - { - "TagKey": "module", - "TagValue": "secure-s3" - } - ] - } - }, - "group": { - "name": "kms" - }, - "labels": [ - "TagKey:module", - "TagValue:secure-s3" - ], - "name": "78e11b27-598e-4e70-b556-ee62b95a4501", - "type": "AwsKmsKey", - "uid": "arn:aws:kms:us-east-1:211203495394:key/78e11b27-598e-4e70-b556-ee62b95a4501" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "To determine the full extent of who or what currently has access to a customer master key (CMK) in AWS KMS, you must examine the CMK key policy, all grants that apply to the CMK and potentially all AWS Identity and Access Management (IAM) policies. You might do this to determine the scope of potential usage of a CMK.", - "references": [ - "https://docs.aws.amazon.com/kms/latest/developerguide/determining-access.html" - ] - }, - "risk_details": "Exposed KMS Keys or wide policy permissions my leave data unprotected.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket prod-my-secure-s3-bucket-20250423 has bucket ACLs disabled.", - "metadata": { - "event_code": "s3_bucket_acl_prohibited", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 Bucket prod-my-secure-s3-bucket-20250423 has bucket ACLs disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.2", - "2.10.2" - ], - "PCI-4.0": [ - "7.2.1.24", - "7.2.2.24", - "7.2.5.18", - "7.3.1.18", - "7.3.2.18", - "7.3.3.18", - "8.2.7.18", - "8.2.8.20", - "8.3.4.18" - ], - "CCC": [ - "CCC.ObjStor.CN02.AR02" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.12" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP02" - ], - "KISA-ISMS-P-2023": [ - "2.6.2", - "2.10.2" - ], - "CISA": [ - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Check if S3 buckets have ACLs enabled", - "title": "Check if S3 buckets have ACLs enabled", - "types": [ - "Logging and Monitoring" - ], - "uid": "prowler-aws-s3_bucket_acl_prohibited-211203495394-us-east-1-prod-my-secure-s3-bucket-20250423" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::prod-my-secure-s3-bucket-20250423", - "name": "prod-my-secure-s3-bucket-20250423", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": true, - "logging": true, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "aws:kms", - "region": "us-east-1", - "logging_target_bucket": "prod-my-secure-s3-bucket-20250423-logs", - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [ - { - "Key": "Environment", - "Value": "Production" - }, - { - "Key": "Owner", - "Value": "CFI" - }, - { - "Key": "managed-by", - "Value": "terraform" - }, - { - "Key": "module", - "Value": "secure-s3" - }, - { - "Key": "Name", - "Value": "prod-my-secure-s3-bucket-20250423" - } - ], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [ - "Environment:Production", - "Owner:CFI", - "managed-by:terraform", - "module:secure-s3", - "Name:prod-my-secure-s3-bucket-20250423" - ], - "name": "prod-my-secure-s3-bucket-20250423", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::prod-my-secure-s3-bucket-20250423" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Ensure that S3 ACLs are disabled (BucketOwnerEnforced). Use IAM policies and bucket policies to manage access.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html" - ] - }, - "risk_details": "S3 ACLs are a legacy access control mechanism that predates IAM. IAM and bucket policies are currently the preferred methods.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket prod-my-secure-s3-bucket-20250423-logs has bucket ACLs disabled.", - "metadata": { - "event_code": "s3_bucket_acl_prohibited", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 Bucket prod-my-secure-s3-bucket-20250423-logs has bucket ACLs disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.2", - "2.10.2" - ], - "PCI-4.0": [ - "7.2.1.24", - "7.2.2.24", - "7.2.5.18", - "7.3.1.18", - "7.3.2.18", - "7.3.3.18", - "8.2.7.18", - "8.2.8.20", - "8.3.4.18" - ], - "CCC": [ - "CCC.ObjStor.CN02.AR02" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.12" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP02" - ], - "KISA-ISMS-P-2023": [ - "2.6.2", - "2.10.2" - ], - "CISA": [ - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Check if S3 buckets have ACLs enabled", - "title": "Check if S3 buckets have ACLs enabled", - "types": [ - "Logging and Monitoring" - ], - "uid": "prowler-aws-s3_bucket_acl_prohibited-211203495394-us-east-1-prod-my-secure-s3-bucket-20250423-logs" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::prod-my-secure-s3-bucket-20250423-logs", - "name": "prod-my-secure-s3-bucket-20250423-logs", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": true, - "logging": true, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "aws:kms", - "region": "us-east-1", - "logging_target_bucket": "prod-my-secure-s3-bucket-20250423-logs", - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [ - { - "Key": "Environment", - "Value": "Production" - }, - { - "Key": "Owner", - "Value": "CFI" - }, - { - "Key": "Type", - "Value": "logs" - }, - { - "Key": "managed-by", - "Value": "terraform" - }, - { - "Key": "module", - "Value": "secure-s3" - }, - { - "Key": "Name", - "Value": "prod-my-secure-s3-bucket-20250423-logs" - } - ], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [ - "Environment:Production", - "Owner:CFI", - "Type:logs", - "managed-by:terraform", - "module:secure-s3", - "Name:prod-my-secure-s3-bucket-20250423-logs" - ], - "name": "prod-my-secure-s3-bucket-20250423-logs", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::prod-my-secure-s3-bucket-20250423-logs" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Ensure that S3 ACLs are disabled (BucketOwnerEnforced). Use IAM policies and bucket policies to manage access.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html" - ] - }, - "risk_details": "S3 ACLs are a legacy access control mechanism that predates IAM. IAM and bucket policies are currently the preferred methods.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket prod-my-secure-s3-bucket-20250423 does not have a bucket policy.", - "metadata": { - "event_code": "s3_bucket_cross_account_access", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 Bucket prod-my-secure-s3-bucket-20250423 does not have a bucket policy.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-10.01B", - "IAM-10.02B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "PCI-4.0": [ - "10.6.3.33", - "10.6.3.35", - "7.2.1.25", - "7.2.1.26", - "7.2.1.27", - "7.2.2.25", - "7.2.2.26", - "7.2.2.27", - "7.2.5.19", - "7.2.5.20", - "7.2.5.21", - "7.2.6.4", - "7.2.6.5", - "7.3.1.19", - "7.3.1.20", - "7.3.1.21", - "7.3.2.19", - "7.3.2.20", - "7.3.2.21", - "7.3.3.19", - "7.3.3.20", - "7.3.3.21", - "8.2.7.19", - "8.2.7.20", - "8.2.7.21", - "8.2.8.21", - "8.2.8.22", - "8.2.8.23", - "8.3.4.19", - "8.3.4.20", - "8.3.4.21" - ], - "CCC": [ - "CCC.AuditLog.CN05.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN10.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.6", - "S3.7" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "This check verifies that S3 bucket policies are configured in a way that limits access to the intended AWS accounts only, preventing unauthorized access by external or unintended accounts.", - "title": "Ensure that general-purpose bucket policies restrict access to other AWS accounts.", - "types": [ - "Effects/Data Exposure" - ], - "uid": "prowler-aws-s3_bucket_cross_account_access-211203495394-us-east-1-prod-my-secure-s3-bucket-20250423" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::prod-my-secure-s3-bucket-20250423", - "name": "prod-my-secure-s3-bucket-20250423", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": true, - "logging": true, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "aws:kms", - "region": "us-east-1", - "logging_target_bucket": "prod-my-secure-s3-bucket-20250423-logs", - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [ - { - "Key": "Environment", - "Value": "Production" - }, - { - "Key": "Owner", - "Value": "CFI" - }, - { - "Key": "managed-by", - "Value": "terraform" - }, - { - "Key": "module", - "Value": "secure-s3" - }, - { - "Key": "Name", - "Value": "prod-my-secure-s3-bucket-20250423" - } - ], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [ - "Environment:Production", - "Owner:CFI", - "managed-by:terraform", - "module:secure-s3", - "Name:prod-my-secure-s3-bucket-20250423" - ], - "name": "prod-my-secure-s3-bucket-20250423", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::prod-my-secure-s3-bucket-20250423" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Review and update your S3 bucket policies to remove permissions that grant external AWS accounts access to critical actions and implement least privilege principles to ensure sensitive operations are restricted to trusted accounts only", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html" - ] - }, - "risk_details": "Allowing other AWS accounts to perform sensitive actions (e.g., modifying bucket policies, ACLs, or encryption settings) on your S3 buckets can lead to data exposure, unauthorized access, or misconfigurations, increasing the risk of insider threats or attacks.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket prod-my-secure-s3-bucket-20250423-logs does not have a bucket policy.", - "metadata": { - "event_code": "s3_bucket_cross_account_access", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 Bucket prod-my-secure-s3-bucket-20250423-logs does not have a bucket policy.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "IAM-10.01B", - "IAM-10.02B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "PCI-4.0": [ - "10.6.3.33", - "10.6.3.35", - "7.2.1.25", - "7.2.1.26", - "7.2.1.27", - "7.2.2.25", - "7.2.2.26", - "7.2.2.27", - "7.2.5.19", - "7.2.5.20", - "7.2.5.21", - "7.2.6.4", - "7.2.6.5", - "7.3.1.19", - "7.3.1.20", - "7.3.1.21", - "7.3.2.19", - "7.3.2.20", - "7.3.2.21", - "7.3.3.19", - "7.3.3.20", - "7.3.3.21", - "8.2.7.19", - "8.2.7.20", - "8.2.7.21", - "8.2.8.21", - "8.2.8.22", - "8.2.8.23", - "8.3.4.19", - "8.3.4.20", - "8.3.4.21" - ], - "CCC": [ - "CCC.AuditLog.CN05.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN10.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.6", - "S3.7" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "This check verifies that S3 bucket policies are configured in a way that limits access to the intended AWS accounts only, preventing unauthorized access by external or unintended accounts.", - "title": "Ensure that general-purpose bucket policies restrict access to other AWS accounts.", - "types": [ - "Effects/Data Exposure" - ], - "uid": "prowler-aws-s3_bucket_cross_account_access-211203495394-us-east-1-prod-my-secure-s3-bucket-20250423-logs" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::prod-my-secure-s3-bucket-20250423-logs", - "name": "prod-my-secure-s3-bucket-20250423-logs", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": true, - "logging": true, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "aws:kms", - "region": "us-east-1", - "logging_target_bucket": "prod-my-secure-s3-bucket-20250423-logs", - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [ - { - "Key": "Environment", - "Value": "Production" - }, - { - "Key": "Owner", - "Value": "CFI" - }, - { - "Key": "Type", - "Value": "logs" - }, - { - "Key": "managed-by", - "Value": "terraform" - }, - { - "Key": "module", - "Value": "secure-s3" - }, - { - "Key": "Name", - "Value": "prod-my-secure-s3-bucket-20250423-logs" - } - ], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [ - "Environment:Production", - "Owner:CFI", - "Type:logs", - "managed-by:terraform", - "module:secure-s3", - "Name:prod-my-secure-s3-bucket-20250423-logs" - ], - "name": "prod-my-secure-s3-bucket-20250423-logs", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::prod-my-secure-s3-bucket-20250423-logs" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Review and update your S3 bucket policies to remove permissions that grant external AWS accounts access to critical actions and implement least privilege principles to ensure sensitive operations are restricted to trusted accounts only", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html" - ] - }, - "risk_details": "Allowing other AWS accounts to perform sensitive actions (e.g., modifying bucket policies, ACLs, or encryption settings) on your S3 buckets can lead to data exposure, unauthorized access, or misconfigurations, increasing the risk of insider threats or attacks.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket prod-my-secure-s3-bucket-20250423 does not have correct cross region replication configuration.", - "metadata": { - "event_code": "s3_bucket_cross_region_replication", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "S3 Bucket prod-my-secure-s3-bucket-20250423 does not have correct cross region replication configuration.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonS3/latest/userguide/replication.html", - "categories": [ - "redundancy" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.2" - ], - "PCI-3.2.1": [ - "2.2", - "3.1", - "3.1.c", - "10.5", - "10.5.3" - ], - "CCC": [ - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN05.AR02", - "CCC.Core.CN08.AR01", - "CCC.Core.CN08.AR02" - ], - "ISO27001-2022": [ - "A.8.14" - ], - "KISA-ISMS-P-2023": [ - "2.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Verifying whether S3 buckets have cross-region replication enabled, ensuring data redundancy and availability across multiple AWS regions", - "title": "Check if S3 buckets use cross region replication.", - "types": [ - "Secure access management" - ], - "uid": "prowler-aws-s3_bucket_cross_region_replication-211203495394-us-east-1-prod-my-secure-s3-bucket-20250423" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::prod-my-secure-s3-bucket-20250423", - "name": "prod-my-secure-s3-bucket-20250423", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": true, - "logging": true, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "aws:kms", - "region": "us-east-1", - "logging_target_bucket": "prod-my-secure-s3-bucket-20250423-logs", - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [ - { - "Key": "Environment", - "Value": "Production" - }, - { - "Key": "Owner", - "Value": "CFI" - }, - { - "Key": "managed-by", - "Value": "terraform" - }, - { - "Key": "module", - "Value": "secure-s3" - }, - { - "Key": "Name", - "Value": "prod-my-secure-s3-bucket-20250423" - } - ], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [ - "Environment:Production", - "Owner:CFI", - "managed-by:terraform", - "module:secure-s3", - "Name:prod-my-secure-s3-bucket-20250423" - ], - "name": "prod-my-secure-s3-bucket-20250423", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::prod-my-secure-s3-bucket-20250423" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Ensure that S3 buckets have cross region replication.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/replication-walkthrough1.html" - ] - }, - "risk_details": "Without cross-region replication in S3 buckets, data is at risk of being lost or inaccessible if an entire region goes down, leading to potential service disruptions and data unavailability.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket prod-my-secure-s3-bucket-20250423-logs does not have correct cross region replication configuration.", - "metadata": { - "event_code": "s3_bucket_cross_region_replication", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "S3 Bucket prod-my-secure-s3-bucket-20250423-logs does not have correct cross region replication configuration.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonS3/latest/userguide/replication.html", - "categories": [ - "redundancy" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "PS-02.01B", - "PS-02.01AS", - "PS-02.02AS" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.2" - ], - "PCI-3.2.1": [ - "2.2", - "3.1", - "3.1.c", - "10.5", - "10.5.3" - ], - "CCC": [ - "CCC.AuditLog.CN05.AR01", - "CCC.Logging.CN05.AR02", - "CCC.Core.CN08.AR01", - "CCC.Core.CN08.AR02" - ], - "ISO27001-2022": [ - "A.8.14" - ], - "KISA-ISMS-P-2023": [ - "2.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Verifying whether S3 buckets have cross-region replication enabled, ensuring data redundancy and availability across multiple AWS regions", - "title": "Check if S3 buckets use cross region replication.", - "types": [ - "Secure access management" - ], - "uid": "prowler-aws-s3_bucket_cross_region_replication-211203495394-us-east-1-prod-my-secure-s3-bucket-20250423-logs" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::prod-my-secure-s3-bucket-20250423-logs", - "name": "prod-my-secure-s3-bucket-20250423-logs", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": true, - "logging": true, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "aws:kms", - "region": "us-east-1", - "logging_target_bucket": "prod-my-secure-s3-bucket-20250423-logs", - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [ - { - "Key": "Environment", - "Value": "Production" - }, - { - "Key": "Owner", - "Value": "CFI" - }, - { - "Key": "Type", - "Value": "logs" - }, - { - "Key": "managed-by", - "Value": "terraform" - }, - { - "Key": "module", - "Value": "secure-s3" - }, - { - "Key": "Name", - "Value": "prod-my-secure-s3-bucket-20250423-logs" - } - ], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [ - "Environment:Production", - "Owner:CFI", - "Type:logs", - "managed-by:terraform", - "module:secure-s3", - "Name:prod-my-secure-s3-bucket-20250423-logs" - ], - "name": "prod-my-secure-s3-bucket-20250423-logs", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::prod-my-secure-s3-bucket-20250423-logs" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Ensure that S3 buckets have cross region replication.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/replication-walkthrough1.html" - ] - }, - "risk_details": "Without cross-region replication in S3 buckets, data is at risk of being lost or inaccessible if an entire region goes down, leading to potential service disruptions and data unavailability.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket prod-my-secure-s3-bucket-20250423 has Server Side Encryption with aws:kms.", - "metadata": { - "event_code": "s3_bucket_default_encryption", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 Bucket prod-my-secure-s3-bucket-20250423 has Server Side Encryption with aws:kms.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_3_8", - "3_5_10", - "3_13_11", - "3_13_16" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_1_3" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_308_a_4_ii_a", - "164_312_a_2_iv", - "164_312_c_1", - "164_312_c_2", - "164_312_e_2_ii" - ], - "C5-2025": [ - "OPS-31.01B", - "IAM-07.03B", - "CRY-01.02AC", - "CRY-05.01AC", - "PSS-12.02B" - ], - "NIST-CSF-1.1": [ - "ds_1" - ], - "FedRamp-Moderate-Revision-4": [ - "sc-13", - "sc-28" - ], - "NIST-800-53-Revision-5": [ - "au_9_3", - "cm_6_a", - "cm_9_b", - "cp_9_d", - "cp_9_8", - "pm_11_b", - "sc_8_3", - "sc_8_4", - "sc_13_a", - "sc_16_1", - "sc_28_1", - "si_19_4" - ], - "ENS-RD2022": [ - "mp.si.2.aws.s3.1" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.1", - "2.10.2" - ], - "PCI-4.0": [ - "3.5.1.30", - "8.3.2.48" - ], - "FedRAMP-Low-Revision-4": [ - "sc-13" - ], - "FFIEC": [ - "d3-pc-am-b-12" - ], - "GDPR": [ - "article_32" - ], - "PCI-3.2.1": [ - "3.4", - "3.4.1", - "3.4.1.a", - "3.4.1.c", - "3.4.a", - "3.4.b", - "3.4.d", - "8.2", - "8.2.1", - "8.2.1.a" - ], - "CIS-1.4": [ - "2.1.1" - ], - "GxP-EU-Annex-11": [ - "7.1-data-storage-damage-protection" - ], - "CCC": [ - "CCC.Core.CN02.AR01" - ], - "GxP-21-CFR-Part-11": [ - "11.10-c", - "11.30" - ], - "CIS-1.5": [ - "2.1.1" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP03" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "NIST-800-53-Revision-4": [ - "sc_28" - ], - "KISA-ISMS-P-2023": [ - "2.7.1", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1119", - "T1530" - ], - "CISA": [ - "your-systems-3", - "your-data-1", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Check if S3 buckets have default encryption (SSE) enabled or use a bucket policy to enforce it.", - "title": "Check if S3 buckets have default encryption (SSE) enabled or use a bucket policy to enforce it.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_default_encryption-211203495394-us-east-1-prod-my-secure-s3-bucket-20250423" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::prod-my-secure-s3-bucket-20250423", - "name": "prod-my-secure-s3-bucket-20250423", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": true, - "logging": true, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "aws:kms", - "region": "us-east-1", - "logging_target_bucket": "prod-my-secure-s3-bucket-20250423-logs", - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [ - { - "Key": "Environment", - "Value": "Production" - }, - { - "Key": "Owner", - "Value": "CFI" - }, - { - "Key": "managed-by", - "Value": "terraform" - }, - { - "Key": "module", - "Value": "secure-s3" - }, - { - "Key": "Name", - "Value": "prod-my-secure-s3-bucket-20250423" - } - ], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [ - "Environment:Production", - "Owner:CFI", - "managed-by:terraform", - "module:secure-s3", - "Name:prod-my-secure-s3-bucket-20250423" - ], - "name": "prod-my-secure-s3-bucket-20250423", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::prod-my-secure-s3-bucket-20250423" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Ensure that S3 buckets have encryption at rest enabled.", - "references": [ - "https://aws.amazon.com/blogs/security/how-to-prevent-uploads-of-unencrypted-objects-to-amazon-s3/" - ] - }, - "risk_details": "Amazon S3 default encryption provides a way to set the default encryption behavior for an S3 bucket. This will ensure data-at-rest is encrypted.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket prod-my-secure-s3-bucket-20250423-logs has Server Side Encryption with aws:kms.", - "metadata": { - "event_code": "s3_bucket_default_encryption", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 Bucket prod-my-secure-s3-bucket-20250423-logs has Server Side Encryption with aws:kms.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_3_8", - "3_5_10", - "3_13_11", - "3_13_16" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_1_3" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_308_a_4_ii_a", - "164_312_a_2_iv", - "164_312_c_1", - "164_312_c_2", - "164_312_e_2_ii" - ], - "C5-2025": [ - "OPS-31.01B", - "IAM-07.03B", - "CRY-01.02AC", - "CRY-05.01AC", - "PSS-12.02B" - ], - "NIST-CSF-1.1": [ - "ds_1" - ], - "FedRamp-Moderate-Revision-4": [ - "sc-13", - "sc-28" - ], - "NIST-800-53-Revision-5": [ - "au_9_3", - "cm_6_a", - "cm_9_b", - "cp_9_d", - "cp_9_8", - "pm_11_b", - "sc_8_3", - "sc_8_4", - "sc_13_a", - "sc_16_1", - "sc_28_1", - "si_19_4" - ], - "ENS-RD2022": [ - "mp.si.2.aws.s3.1" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.1", - "2.10.2" - ], - "PCI-4.0": [ - "3.5.1.30", - "8.3.2.48" - ], - "FedRAMP-Low-Revision-4": [ - "sc-13" - ], - "FFIEC": [ - "d3-pc-am-b-12" - ], - "GDPR": [ - "article_32" - ], - "PCI-3.2.1": [ - "3.4", - "3.4.1", - "3.4.1.a", - "3.4.1.c", - "3.4.a", - "3.4.b", - "3.4.d", - "8.2", - "8.2.1", - "8.2.1.a" - ], - "CIS-1.4": [ - "2.1.1" - ], - "GxP-EU-Annex-11": [ - "7.1-data-storage-damage-protection" - ], - "CCC": [ - "CCC.Core.CN02.AR01" - ], - "GxP-21-CFR-Part-11": [ - "11.10-c", - "11.30" - ], - "CIS-1.5": [ - "2.1.1" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP03" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "NIST-800-53-Revision-4": [ - "sc_28" - ], - "KISA-ISMS-P-2023": [ - "2.7.1", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1119", - "T1530" - ], - "CISA": [ - "your-systems-3", - "your-data-1", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Check if S3 buckets have default encryption (SSE) enabled or use a bucket policy to enforce it.", - "title": "Check if S3 buckets have default encryption (SSE) enabled or use a bucket policy to enforce it.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_default_encryption-211203495394-us-east-1-prod-my-secure-s3-bucket-20250423-logs" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::prod-my-secure-s3-bucket-20250423-logs", - "name": "prod-my-secure-s3-bucket-20250423-logs", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": true, - "logging": true, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "aws:kms", - "region": "us-east-1", - "logging_target_bucket": "prod-my-secure-s3-bucket-20250423-logs", - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [ - { - "Key": "Environment", - "Value": "Production" - }, - { - "Key": "Owner", - "Value": "CFI" - }, - { - "Key": "Type", - "Value": "logs" - }, - { - "Key": "managed-by", - "Value": "terraform" - }, - { - "Key": "module", - "Value": "secure-s3" - }, - { - "Key": "Name", - "Value": "prod-my-secure-s3-bucket-20250423-logs" - } - ], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [ - "Environment:Production", - "Owner:CFI", - "Type:logs", - "managed-by:terraform", - "module:secure-s3", - "Name:prod-my-secure-s3-bucket-20250423-logs" - ], - "name": "prod-my-secure-s3-bucket-20250423-logs", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::prod-my-secure-s3-bucket-20250423-logs" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Ensure that S3 buckets have encryption at rest enabled.", - "references": [ - "https://aws.amazon.com/blogs/security/how-to-prevent-uploads-of-unencrypted-objects-to-amazon-s3/" - ] - }, - "risk_details": "Amazon S3 default encryption provides a way to set the default encryption behavior for an S3 bucket. This will ensure data-at-rest is encrypted.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket prod-my-secure-s3-bucket-20250423 does not have event notifications enabled.", - "metadata": { - "event_code": "s3_bucket_event_notifications_enabled", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "S3 Bucket prod-my-secure-s3-bucket-20250423 does not have event notifications enabled.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonS3/latest/userguide/notification-how-to-event-types-and-destinations.html#supported-notification-event-types", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OPS-13.01AC", - "OPS-13.03AC" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2", - "2.11.3" - ], - "PCI-4.0": [ - "11.5.2.5", - "11.6.1.5", - "12.10.5.5", - "A3.3.1.8", - "A3.5.1.8" - ], - "KISA-ISMS-P-2023": [ - "2.10.2", - "2.11.3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure whether S3 buckets have event notifications enabled.", - "title": "Check if S3 buckets have event notifications enabled.", - "types": [ - "Software and Configuration Checks/Industry and Regulatory Standards/NIST 800-53 Controls" - ], - "uid": "prowler-aws-s3_bucket_event_notifications_enabled-211203495394-us-east-1-prod-my-secure-s3-bucket-20250423" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::prod-my-secure-s3-bucket-20250423", - "name": "prod-my-secure-s3-bucket-20250423", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": true, - "logging": true, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "aws:kms", - "region": "us-east-1", - "logging_target_bucket": "prod-my-secure-s3-bucket-20250423-logs", - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [ - { - "Key": "Environment", - "Value": "Production" - }, - { - "Key": "Owner", - "Value": "CFI" - }, - { - "Key": "managed-by", - "Value": "terraform" - }, - { - "Key": "module", - "Value": "secure-s3" - }, - { - "Key": "Name", - "Value": "prod-my-secure-s3-bucket-20250423" - } - ], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [ - "Environment:Production", - "Owner:CFI", - "managed-by:terraform", - "module:secure-s3", - "Name:prod-my-secure-s3-bucket-20250423" - ], - "name": "prod-my-secure-s3-bucket-20250423", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::prod-my-secure-s3-bucket-20250423" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Enable event notifications for all S3 general-purpose buckets to monitor important events such as object creation, deletion, tagging, and lifecycle events, ensuring visibility and quick action on relevant changes.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/EventNotifications.html" - ] - }, - "risk_details": "Without event notifications, important actions on S3 buckets may go unnoticed, leading to missed opportunities for timely response to critical changes, such as object creation, deletion, or updates that could impact data security and availability.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket prod-my-secure-s3-bucket-20250423-logs does not have event notifications enabled.", - "metadata": { - "event_code": "s3_bucket_event_notifications_enabled", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "S3 Bucket prod-my-secure-s3-bucket-20250423-logs does not have event notifications enabled.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonS3/latest/userguide/notification-how-to-event-types-and-destinations.html#supported-notification-event-types", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OPS-13.01AC", - "OPS-13.03AC" - ], - "KISA-ISMS-P-2023-korean": [ - "2.10.2", - "2.11.3" - ], - "PCI-4.0": [ - "11.5.2.5", - "11.6.1.5", - "12.10.5.5", - "A3.3.1.8", - "A3.5.1.8" - ], - "KISA-ISMS-P-2023": [ - "2.10.2", - "2.11.3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure whether S3 buckets have event notifications enabled.", - "title": "Check if S3 buckets have event notifications enabled.", - "types": [ - "Software and Configuration Checks/Industry and Regulatory Standards/NIST 800-53 Controls" - ], - "uid": "prowler-aws-s3_bucket_event_notifications_enabled-211203495394-us-east-1-prod-my-secure-s3-bucket-20250423-logs" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::prod-my-secure-s3-bucket-20250423-logs", - "name": "prod-my-secure-s3-bucket-20250423-logs", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": true, - "logging": true, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "aws:kms", - "region": "us-east-1", - "logging_target_bucket": "prod-my-secure-s3-bucket-20250423-logs", - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [ - { - "Key": "Environment", - "Value": "Production" - }, - { - "Key": "Owner", - "Value": "CFI" - }, - { - "Key": "Type", - "Value": "logs" - }, - { - "Key": "managed-by", - "Value": "terraform" - }, - { - "Key": "module", - "Value": "secure-s3" - }, - { - "Key": "Name", - "Value": "prod-my-secure-s3-bucket-20250423-logs" - } - ], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [ - "Environment:Production", - "Owner:CFI", - "Type:logs", - "managed-by:terraform", - "module:secure-s3", - "Name:prod-my-secure-s3-bucket-20250423-logs" - ], - "name": "prod-my-secure-s3-bucket-20250423-logs", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::prod-my-secure-s3-bucket-20250423-logs" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Enable event notifications for all S3 general-purpose buckets to monitor important events such as object creation, deletion, tagging, and lifecycle events, ensuring visibility and quick action on relevant changes.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/EventNotifications.html" - ] - }, - "risk_details": "Without event notifications, important actions on S3 buckets may go unnoticed, leading to missed opportunities for timely response to critical changes, such as object creation, deletion, or updates that could impact data security and availability.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket prod-my-secure-s3-bucket-20250423 has Server Side Encryption with aws:kms.", - "metadata": { - "event_code": "s3_bucket_kms_encryption", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 Bucket prod-my-secure-s3-bucket-20250423 has Server Side Encryption with aws:kms.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingKMSEncryption.html", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "OPS-31.01B", - "IAM-07.03B", - "CRY-01.02AC", - "CRY-05.02B", - "CRY-05.01AC", - "PSS-12.02B" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.2" - ], - "PCI-4.0": [ - "3.5.1.31", - "8.3.2.50" - ], - "PCI-3.2.1": [ - "3.4", - "3.4.1", - "3.4.1.a", - "3.4.1.c", - "3.4.a", - "3.4.b", - "3.4.d", - "8.2", - "8.2.1", - "8.2.1.a" - ], - "CCC": [ - "CCC.ObjStor.CN01.AR01", - "CCC.ObjStor.CN01.AR03", - "CCC.Core.CN02.AR01" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.17" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Check if S3 buckets have KMS encryption enabled.", - "title": "Check if S3 buckets have KMS encryption enabled.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_kms_encryption-211203495394-us-east-1-prod-my-secure-s3-bucket-20250423" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::prod-my-secure-s3-bucket-20250423", - "name": "prod-my-secure-s3-bucket-20250423", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": true, - "logging": true, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "aws:kms", - "region": "us-east-1", - "logging_target_bucket": "prod-my-secure-s3-bucket-20250423-logs", - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [ - { - "Key": "Environment", - "Value": "Production" - }, - { - "Key": "Owner", - "Value": "CFI" - }, - { - "Key": "managed-by", - "Value": "terraform" - }, - { - "Key": "module", - "Value": "secure-s3" - }, - { - "Key": "Name", - "Value": "prod-my-secure-s3-bucket-20250423" - } - ], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [ - "Environment:Production", - "Owner:CFI", - "managed-by:terraform", - "module:secure-s3", - "Name:prod-my-secure-s3-bucket-20250423" - ], - "name": "prod-my-secure-s3-bucket-20250423", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::prod-my-secure-s3-bucket-20250423" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Ensure that S3 buckets have encryption at rest enabled using KMS.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingKMSEncryption.html" - ] - }, - "risk_details": "Amazon S3 KMS encryption provides a way to set the encryption behavior for an S3 bucket using a managed key. This will ensure data-at-rest is encrypted.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket prod-my-secure-s3-bucket-20250423-logs has Server Side Encryption with aws:kms.", - "metadata": { - "event_code": "s3_bucket_kms_encryption", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 Bucket prod-my-secure-s3-bucket-20250423-logs has Server Side Encryption with aws:kms.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingKMSEncryption.html", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OIS-08.02B", - "OPS-31.01B", - "IAM-07.03B", - "CRY-01.02AC", - "CRY-05.02B", - "CRY-05.01AC", - "PSS-12.02B" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.2", - "2.10.2" - ], - "PCI-4.0": [ - "3.5.1.31", - "8.3.2.50" - ], - "PCI-3.2.1": [ - "3.4", - "3.4.1", - "3.4.1.a", - "3.4.1.c", - "3.4.a", - "3.4.b", - "3.4.d", - "8.2", - "8.2.1", - "8.2.1.a" - ], - "CCC": [ - "CCC.ObjStor.CN01.AR01", - "CCC.ObjStor.CN01.AR03", - "CCC.Core.CN02.AR01" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.17" - ], - "ISO27001-2022": [ - "A.8.11", - "A.8.24" - ], - "KISA-ISMS-P-2023": [ - "2.7.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Check if S3 buckets have KMS encryption enabled.", - "title": "Check if S3 buckets have KMS encryption enabled.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_kms_encryption-211203495394-us-east-1-prod-my-secure-s3-bucket-20250423-logs" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::prod-my-secure-s3-bucket-20250423-logs", - "name": "prod-my-secure-s3-bucket-20250423-logs", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": true, - "logging": true, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "aws:kms", - "region": "us-east-1", - "logging_target_bucket": "prod-my-secure-s3-bucket-20250423-logs", - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [ - { - "Key": "Environment", - "Value": "Production" - }, - { - "Key": "Owner", - "Value": "CFI" - }, - { - "Key": "Type", - "Value": "logs" - }, - { - "Key": "managed-by", - "Value": "terraform" - }, - { - "Key": "module", - "Value": "secure-s3" - }, - { - "Key": "Name", - "Value": "prod-my-secure-s3-bucket-20250423-logs" - } - ], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [ - "Environment:Production", - "Owner:CFI", - "Type:logs", - "managed-by:terraform", - "module:secure-s3", - "Name:prod-my-secure-s3-bucket-20250423-logs" - ], - "name": "prod-my-secure-s3-bucket-20250423-logs", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::prod-my-secure-s3-bucket-20250423-logs" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Ensure that S3 buckets have encryption at rest enabled using KMS.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingKMSEncryption.html" - ] - }, - "risk_details": "Amazon S3 KMS encryption provides a way to set the encryption behavior for an S3 bucket using a managed key. This will ensure data-at-rest is encrypted.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Block Public Access is configured for the S3 Bucket prod-my-secure-s3-bucket-20250423.", - "metadata": { - "event_code": "s3_bucket_level_public_access_block", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Block Public Access is configured for the S3 Bucket prod-my-secure-s3-bucket-20250423.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "PS-03.02B", - "IAM-10.01B", - "COS-02.01B" - ], - "CIS-3.0": [ - "2.1.4" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.1", - "2.6.2", - "2.10.2" - ], - "CIS-4.0.1": [ - "2.1.4" - ], - "CIS-5.0": [ - "2.1.4" - ], - "CIS-1.4": [ - "2.1.5" - ], - "CCC": [ - "CCC.Logging.CN05.AR01" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.8" - ], - "CIS-1.5": [ - "2.1.5" - ], - "AWS-Account-Security-Onboarding": [ - "S3 Block Public Access" - ], - "KISA-ISMS-P-2023": [ - "2.6.1", - "2.6.2", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1530" - ], - "CIS-2.0": [ - "2.1.4" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Check S3 Bucket Level Public Access Block.", - "title": "Check S3 Bucket Level Public Access Block.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_level_public_access_block-211203495394-us-east-1-prod-my-secure-s3-bucket-20250423" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::prod-my-secure-s3-bucket-20250423", - "name": "prod-my-secure-s3-bucket-20250423", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": true, - "logging": true, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "aws:kms", - "region": "us-east-1", - "logging_target_bucket": "prod-my-secure-s3-bucket-20250423-logs", - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [ - { - "Key": "Environment", - "Value": "Production" - }, - { - "Key": "Owner", - "Value": "CFI" - }, - { - "Key": "managed-by", - "Value": "terraform" - }, - { - "Key": "module", - "Value": "secure-s3" - }, - { - "Key": "Name", - "Value": "prod-my-secure-s3-bucket-20250423" - } - ], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [ - "Environment:Production", - "Owner:CFI", - "managed-by:terraform", - "module:secure-s3", - "Name:prod-my-secure-s3-bucket-20250423" - ], - "name": "prod-my-secure-s3-bucket-20250423", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::prod-my-secure-s3-bucket-20250423" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "You can enable Public Access Block at the bucket level to prevent the exposure of your data stored in S3.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html" - ] - }, - "risk_details": "Public access policies may be applied to sensitive data buckets.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Block Public Access is configured for the S3 Bucket prod-my-secure-s3-bucket-20250423-logs.", - "metadata": { - "event_code": "s3_bucket_level_public_access_block", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Block Public Access is configured for the S3 Bucket prod-my-secure-s3-bucket-20250423-logs.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "PS-03.02B", - "IAM-10.01B", - "COS-02.01B" - ], - "CIS-3.0": [ - "2.1.4" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.1", - "2.6.2", - "2.10.2" - ], - "CIS-4.0.1": [ - "2.1.4" - ], - "CIS-5.0": [ - "2.1.4" - ], - "CIS-1.4": [ - "2.1.5" - ], - "CCC": [ - "CCC.Logging.CN05.AR01" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.8" - ], - "CIS-1.5": [ - "2.1.5" - ], - "AWS-Account-Security-Onboarding": [ - "S3 Block Public Access" - ], - "KISA-ISMS-P-2023": [ - "2.6.1", - "2.6.2", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1530" - ], - "CIS-2.0": [ - "2.1.4" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Check S3 Bucket Level Public Access Block.", - "title": "Check S3 Bucket Level Public Access Block.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_level_public_access_block-211203495394-us-east-1-prod-my-secure-s3-bucket-20250423-logs" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::prod-my-secure-s3-bucket-20250423-logs", - "name": "prod-my-secure-s3-bucket-20250423-logs", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": true, - "logging": true, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "aws:kms", - "region": "us-east-1", - "logging_target_bucket": "prod-my-secure-s3-bucket-20250423-logs", - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [ - { - "Key": "Environment", - "Value": "Production" - }, - { - "Key": "Owner", - "Value": "CFI" - }, - { - "Key": "Type", - "Value": "logs" - }, - { - "Key": "managed-by", - "Value": "terraform" - }, - { - "Key": "module", - "Value": "secure-s3" - }, - { - "Key": "Name", - "Value": "prod-my-secure-s3-bucket-20250423-logs" - } - ], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [ - "Environment:Production", - "Owner:CFI", - "Type:logs", - "managed-by:terraform", - "module:secure-s3", - "Name:prod-my-secure-s3-bucket-20250423-logs" - ], - "name": "prod-my-secure-s3-bucket-20250423-logs", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::prod-my-secure-s3-bucket-20250423-logs" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "You can enable Public Access Block at the bucket level to prevent the exposure of your data stored in S3.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html" - ] - }, - "risk_details": "Public access policies may be applied to sensitive data buckets.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket prod-my-secure-s3-bucket-20250423 does not have a lifecycle configuration enabled.", - "metadata": { - "event_code": "s3_bucket_lifecycle_enabled", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "S3 Bucket prod-my-secure-s3-bucket-20250423 does not have a lifecycle configuration enabled.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lifecycle-mgmt.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OPS-32.02B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.3", - "2.12.1" - ], - "PCI-4.0": [ - "10.5.1.12", - "10.5.1.13", - "3.2.1.8", - "3.2.1.9", - "3.3.1.1.8", - "3.3.1.1.9", - "3.3.1.3.8", - "3.3.1.3.9", - "3.3.2.8", - "3.3.2.9", - "3.3.3.8", - "3.3.3.9" - ], - "PCI-3.2.1": [ - "3.1", - "3.1.a", - "3.2", - "3.2.c", - "10.7", - "10.7.a" - ], - "CCC": [ - "CCC.AuditLog.CN06.AR01", - "CCC.CntrReg.CN02.AR01", - "CCC.ObjStor.CN03.AR01", - "CCC.ObjStor.CN03.AR02" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.13" - ], - "ISO27001-2022": [ - "A.8.10" - ], - "KISA-ISMS-P-2023": [ - "2.9.3", - "2.12.1" - ], - "NIS2": [ - "12.2.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Check if S3 buckets have Lifecycle configuration enabled.", - "title": "Check if S3 buckets have a Lifecycle configuration enabled", - "types": [ - "AWS Foundational Security Best Practices" - ], - "uid": "prowler-aws-s3_bucket_lifecycle_enabled-211203495394-us-east-1-prod-my-secure-s3-bucket-20250423" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::prod-my-secure-s3-bucket-20250423", - "name": "prod-my-secure-s3-bucket-20250423", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": true, - "logging": true, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "aws:kms", - "region": "us-east-1", - "logging_target_bucket": "prod-my-secure-s3-bucket-20250423-logs", - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [ - { - "Key": "Environment", - "Value": "Production" - }, - { - "Key": "Owner", - "Value": "CFI" - }, - { - "Key": "managed-by", - "Value": "terraform" - }, - { - "Key": "module", - "Value": "secure-s3" - }, - { - "Key": "Name", - "Value": "prod-my-secure-s3-bucket-20250423" - } - ], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [ - "Environment:Production", - "Owner:CFI", - "managed-by:terraform", - "module:secure-s3", - "Name:prod-my-secure-s3-bucket-20250423" - ], - "name": "prod-my-secure-s3-bucket-20250423", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::prod-my-secure-s3-bucket-20250423" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Enable lifecycle policies on your S3 buckets to automatically manage the transition and expiration of data.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/how-to-set-lifecycle-configuration-intro.html" - ] - }, - "risk_details": "The risks of not having lifecycle management enabled for S3 buckets include higher storage costs, unmanaged data retention, and potential non-compliance with data policies.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket prod-my-secure-s3-bucket-20250423-logs does not have a lifecycle configuration enabled.", - "metadata": { - "event_code": "s3_bucket_lifecycle_enabled", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "S3 Bucket prod-my-secure-s3-bucket-20250423-logs does not have a lifecycle configuration enabled.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lifecycle-mgmt.html", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "OPS-32.02B" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.3", - "2.12.1" - ], - "PCI-4.0": [ - "10.5.1.12", - "10.5.1.13", - "3.2.1.8", - "3.2.1.9", - "3.3.1.1.8", - "3.3.1.1.9", - "3.3.1.3.8", - "3.3.1.3.9", - "3.3.2.8", - "3.3.2.9", - "3.3.3.8", - "3.3.3.9" - ], - "PCI-3.2.1": [ - "3.1", - "3.1.a", - "3.2", - "3.2.c", - "10.7", - "10.7.a" - ], - "CCC": [ - "CCC.AuditLog.CN06.AR01", - "CCC.CntrReg.CN02.AR01", - "CCC.ObjStor.CN03.AR01", - "CCC.ObjStor.CN03.AR02" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.13" - ], - "ISO27001-2022": [ - "A.8.10" - ], - "KISA-ISMS-P-2023": [ - "2.9.3", - "2.12.1" - ], - "NIS2": [ - "12.2.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Check if S3 buckets have Lifecycle configuration enabled.", - "title": "Check if S3 buckets have a Lifecycle configuration enabled", - "types": [ - "AWS Foundational Security Best Practices" - ], - "uid": "prowler-aws-s3_bucket_lifecycle_enabled-211203495394-us-east-1-prod-my-secure-s3-bucket-20250423-logs" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::prod-my-secure-s3-bucket-20250423-logs", - "name": "prod-my-secure-s3-bucket-20250423-logs", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": true, - "logging": true, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "aws:kms", - "region": "us-east-1", - "logging_target_bucket": "prod-my-secure-s3-bucket-20250423-logs", - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [ - { - "Key": "Environment", - "Value": "Production" - }, - { - "Key": "Owner", - "Value": "CFI" - }, - { - "Key": "Type", - "Value": "logs" - }, - { - "Key": "managed-by", - "Value": "terraform" - }, - { - "Key": "module", - "Value": "secure-s3" - }, - { - "Key": "Name", - "Value": "prod-my-secure-s3-bucket-20250423-logs" - } - ], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [ - "Environment:Production", - "Owner:CFI", - "Type:logs", - "managed-by:terraform", - "module:secure-s3", - "Name:prod-my-secure-s3-bucket-20250423-logs" - ], - "name": "prod-my-secure-s3-bucket-20250423-logs", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::prod-my-secure-s3-bucket-20250423-logs" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Enable lifecycle policies on your S3 buckets to automatically manage the transition and expiration of data.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/how-to-set-lifecycle-configuration-intro.html" - ] - }, - "risk_details": "The risks of not having lifecycle management enabled for S3 buckets include higher storage costs, unmanaged data retention, and potential non-compliance with data policies.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket prod-my-secure-s3-bucket-20250423 has MFA Delete disabled.", - "metadata": { - "event_code": "s3_bucket_no_mfa_delete", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "S3 Bucket prod-my-secure-s3-bucket-20250423 has MFA Delete disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "AM-07.02B", - "OPS-16.01B", - "IAM-04.06B", - "IAM-09.02B", - "IAM-09.01AC", - "PSS-05.01B", - "PSS-07.02B" - ], - "CIS-3.0": [ - "2.1.2" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.3", - "2.10.2" - ], - "CIS-4.0.1": [ - "2.1.2" - ], - "PCI-4.0": [ - "10.3.2.22", - "3.5.1.3.27", - "8.4.1.5", - "8.4.2.5", - "8.4.3.5", - "A1.1.2.18", - "A3.4.1.20" - ], - "CIS-5.0": [ - "2.1.2" - ], - "CIS-1.4": [ - "2.1.3" - ], - "ProwlerThreatScore-1.0": [ - "2.2.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.20" - ], - "CIS-1.5": [ - "2.1.3" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP02" - ], - "KISA-ISMS-P-2023": [ - "2.5.3", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1485" - ], - "CIS-2.0": [ - "2.1.2" - ], - "NIS2": [ - "11.7.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Check if S3 bucket MFA Delete is not enabled.", - "title": "Check if S3 bucket MFA Delete is not enabled.", - "types": [ - "Logging and Monitoring" - ], - "uid": "prowler-aws-s3_bucket_no_mfa_delete-211203495394-us-east-1-prod-my-secure-s3-bucket-20250423" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::prod-my-secure-s3-bucket-20250423", - "name": "prod-my-secure-s3-bucket-20250423", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": true, - "logging": true, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "aws:kms", - "region": "us-east-1", - "logging_target_bucket": "prod-my-secure-s3-bucket-20250423-logs", - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [ - { - "Key": "Environment", - "Value": "Production" - }, - { - "Key": "Owner", - "Value": "CFI" - }, - { - "Key": "managed-by", - "Value": "terraform" - }, - { - "Key": "module", - "Value": "secure-s3" - }, - { - "Key": "Name", - "Value": "prod-my-secure-s3-bucket-20250423" - } - ], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [ - "Environment:Production", - "Owner:CFI", - "managed-by:terraform", - "module:secure-s3", - "Name:prod-my-secure-s3-bucket-20250423" - ], - "name": "prod-my-secure-s3-bucket-20250423", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::prod-my-secure-s3-bucket-20250423" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Adding MFA delete to an S3 bucket, requires additional authentication when you change the version state of your bucket or you delete and object version adding another layer of security in the event your security credentials are compromised or unauthorized access is granted.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/MultiFactorAuthenticationDelete.html" - ] - }, - "risk_details": "Your security credentials are compromised or unauthorized access is granted.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket prod-my-secure-s3-bucket-20250423-logs has MFA Delete disabled.", - "metadata": { - "event_code": "s3_bucket_no_mfa_delete", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "S3 Bucket prod-my-secure-s3-bucket-20250423-logs has MFA Delete disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "AM-07.02B", - "OPS-16.01B", - "IAM-04.06B", - "IAM-09.02B", - "IAM-09.01AC", - "PSS-05.01B", - "PSS-07.02B" - ], - "CIS-3.0": [ - "2.1.2" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.3", - "2.10.2" - ], - "CIS-4.0.1": [ - "2.1.2" - ], - "PCI-4.0": [ - "10.3.2.22", - "3.5.1.3.27", - "8.4.1.5", - "8.4.2.5", - "8.4.3.5", - "A1.1.2.18", - "A3.4.1.20" - ], - "CIS-5.0": [ - "2.1.2" - ], - "CIS-1.4": [ - "2.1.3" - ], - "ProwlerThreatScore-1.0": [ - "2.2.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.20" - ], - "CIS-1.5": [ - "2.1.3" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC05-BP02" - ], - "KISA-ISMS-P-2023": [ - "2.5.3", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1485" - ], - "CIS-2.0": [ - "2.1.2" - ], - "NIS2": [ - "11.7.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Check if S3 bucket MFA Delete is not enabled.", - "title": "Check if S3 bucket MFA Delete is not enabled.", - "types": [ - "Logging and Monitoring" - ], - "uid": "prowler-aws-s3_bucket_no_mfa_delete-211203495394-us-east-1-prod-my-secure-s3-bucket-20250423-logs" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::prod-my-secure-s3-bucket-20250423-logs", - "name": "prod-my-secure-s3-bucket-20250423-logs", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": true, - "logging": true, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "aws:kms", - "region": "us-east-1", - "logging_target_bucket": "prod-my-secure-s3-bucket-20250423-logs", - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [ - { - "Key": "Environment", - "Value": "Production" - }, - { - "Key": "Owner", - "Value": "CFI" - }, - { - "Key": "Type", - "Value": "logs" - }, - { - "Key": "managed-by", - "Value": "terraform" - }, - { - "Key": "module", - "Value": "secure-s3" - }, - { - "Key": "Name", - "Value": "prod-my-secure-s3-bucket-20250423-logs" - } - ], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [ - "Environment:Production", - "Owner:CFI", - "Type:logs", - "managed-by:terraform", - "module:secure-s3", - "Name:prod-my-secure-s3-bucket-20250423-logs" - ], - "name": "prod-my-secure-s3-bucket-20250423-logs", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::prod-my-secure-s3-bucket-20250423-logs" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Adding MFA delete to an S3 bucket, requires additional authentication when you change the version state of your bucket or you delete and object version adding another layer of security in the event your security credentials are compromised or unauthorized access is granted.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/MultiFactorAuthenticationDelete.html" - ] - }, - "risk_details": "Your security credentials are compromised or unauthorized access is granted.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket prod-my-secure-s3-bucket-20250423 has Object Lock disabled.", - "metadata": { - "event_code": "s3_bucket_object_lock", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "S3 Bucket prod-my-secure-s3-bucket-20250423 has Object Lock disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.3", - "2.12.1" - ], - "PCI-4.0": [ - "10.3.4.7" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN08.AR01", - "CCC.AuditLog.CN08.AR01", - "CCC.ObjStor.CN03.AR01", - "CCC.ObjStor.CN04.AR01", - "CCC.ObjStor.CN05.AR01", - "CCC.ObjStor.CN05.AR02" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.15" - ], - "KISA-ISMS-P-2023": [ - "2.9.3", - "2.12.1" - ], - "MITRE-ATTACK": [ - "T1485", - "T1486" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Check if S3 buckets have object lock enabled", - "title": "Check if S3 buckets have object lock enabled", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_object_lock-211203495394-us-east-1-prod-my-secure-s3-bucket-20250423" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::prod-my-secure-s3-bucket-20250423", - "name": "prod-my-secure-s3-bucket-20250423", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": true, - "logging": true, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "aws:kms", - "region": "us-east-1", - "logging_target_bucket": "prod-my-secure-s3-bucket-20250423-logs", - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [ - { - "Key": "Environment", - "Value": "Production" - }, - { - "Key": "Owner", - "Value": "CFI" - }, - { - "Key": "managed-by", - "Value": "terraform" - }, - { - "Key": "module", - "Value": "secure-s3" - }, - { - "Key": "Name", - "Value": "prod-my-secure-s3-bucket-20250423" - } - ], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [ - "Environment:Production", - "Owner:CFI", - "managed-by:terraform", - "module:secure-s3", - "Name:prod-my-secure-s3-bucket-20250423" - ], - "name": "prod-my-secure-s3-bucket-20250423", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::prod-my-secure-s3-bucket-20250423" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Ensure that your Amazon S3 buckets have Object Lock feature enabled in order to prevent the objects they store from being deleted.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lock-overview.html" - ] - }, - "risk_details": "Store objects using a write-once-read-many (WORM) model to help you prevent objects from being deleted or overwritten for a fixed amount of time or indefinitely. That helps to prevent ransomware attacks.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket prod-my-secure-s3-bucket-20250423-logs has Object Lock disabled.", - "metadata": { - "event_code": "s3_bucket_object_lock", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "S3 Bucket prod-my-secure-s3-bucket-20250423-logs has Object Lock disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.3", - "2.12.1" - ], - "PCI-4.0": [ - "10.3.4.7" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN08.AR01", - "CCC.AuditLog.CN08.AR01", - "CCC.ObjStor.CN03.AR01", - "CCC.ObjStor.CN04.AR01", - "CCC.ObjStor.CN05.AR01", - "CCC.ObjStor.CN05.AR02" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.15" - ], - "KISA-ISMS-P-2023": [ - "2.9.3", - "2.12.1" - ], - "MITRE-ATTACK": [ - "T1485", - "T1486" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Check if S3 buckets have object lock enabled", - "title": "Check if S3 buckets have object lock enabled", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_object_lock-211203495394-us-east-1-prod-my-secure-s3-bucket-20250423-logs" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::prod-my-secure-s3-bucket-20250423-logs", - "name": "prod-my-secure-s3-bucket-20250423-logs", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": true, - "logging": true, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "aws:kms", - "region": "us-east-1", - "logging_target_bucket": "prod-my-secure-s3-bucket-20250423-logs", - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [ - { - "Key": "Environment", - "Value": "Production" - }, - { - "Key": "Owner", - "Value": "CFI" - }, - { - "Key": "Type", - "Value": "logs" - }, - { - "Key": "managed-by", - "Value": "terraform" - }, - { - "Key": "module", - "Value": "secure-s3" - }, - { - "Key": "Name", - "Value": "prod-my-secure-s3-bucket-20250423-logs" - } - ], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [ - "Environment:Production", - "Owner:CFI", - "Type:logs", - "managed-by:terraform", - "module:secure-s3", - "Name:prod-my-secure-s3-bucket-20250423-logs" - ], - "name": "prod-my-secure-s3-bucket-20250423-logs", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::prod-my-secure-s3-bucket-20250423-logs" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Ensure that your Amazon S3 buckets have Object Lock feature enabled in order to prevent the objects they store from being deleted.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lock-overview.html" - ] - }, - "risk_details": "Store objects using a write-once-read-many (WORM) model to help you prevent objects from being deleted or overwritten for a fixed amount of time or indefinitely. That helps to prevent ransomware attacks.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket prod-my-secure-s3-bucket-20250423 has versioning enabled.", - "metadata": { - "event_code": "s3_bucket_object_versioning", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 Bucket prod-my-secure-s3-bucket-20250423 has versioning enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_3_8" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_12" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_308_a_7_i", - "164_308_a_7_ii_a", - "164_308_a_7_ii_b", - "164_308_a_7_ii_c", - "164_312_a_2_ii", - "164_312_c_1", - "164_312_c_2" - ], - "SOC2": [ - "cc_7_4", - "cc_a_1_1", - "cc_c_1_2" - ], - "C5-2025": [ - "OPS-13.01AC", - "OPS-33.02B", - "DEV-07.01B" - ], - "NIST-CSF-1.1": [ - "be_5", - "ds_4", - "ip_4", - "ip_9", - "pt_5", - "rp_1", - "rp_1" - ], - "FedRamp-Moderate-Revision-4": [ - "au-9-2", - "cp-9-b", - "cp-10", - "sc-5", - "si-12" - ], - "NIST-800-53-Revision-5": [ - "au_9_2", - "cp_1_2", - "cp_2_5", - "cp_6_a", - "cp_6_1", - "cp_6_2", - "cp_9_a", - "cp_9_b", - "cp_9_c", - "cp_10", - "cp_10_2", - "pm_11_b", - "pm_17_b", - "sc_5_2", - "sc_16_1", - "si_1_a_2", - "si_13_5" - ], - "AWS-Audit-Manager-Control-Tower-Guardrails": [ - "5.1.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.3", - "2.12.1" - ], - "PCI-4.0": [ - "10.3.4.9" - ], - "FedRAMP-Low-Revision-4": [ - "au-9", - "cp-9", - "cp-10", - "sc-5" - ], - "FFIEC": [ - "d5-ir-pl-b-6" - ], - "PCI-3.2.1": [ - "3.1", - "3.1.c", - "10.5", - "10.5.2", - "10.5.3", - "10.5.5" - ], - "GxP-EU-Annex-11": [ - "5-data", - "7.1-data-storage-damage-protection", - "7.2-data-storage-backups", - "16-business-continuity", - "17-archiving", - "4.8-validation-data-transfer" - ], - "CCC": [ - "CCC.ObjStor.CN03.AR01", - "CCC.ObjStor.CN03.AR02", - "CCC.ObjStor.CN04.AR01", - "CCC.ObjStor.CN05.AR01", - "CCC.ObjStor.CN05.AR02", - "CCC.ObjStor.CN05.AR03", - "CCC.ObjStor.CN05.AR04" - ], - "GxP-21-CFR-Part-11": [ - "11.10-a", - "11.10-c" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.14" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP04" - ], - "ISO27001-2022": [ - "A.8.3", - "A.8.10" - ], - "NIST-800-53-Revision-4": [ - "cp_10", - "si_12" - ], - "KISA-ISMS-P-2023": [ - "2.9.3", - "2.12.1" - ], - "MITRE-ATTACK": [ - "T1485", - "T1486" - ], - "CISA": [ - "your-systems-3", - "your-data-4", - "booting-up-thing-to-do-first-1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Check if S3 buckets have object versioning enabled", - "title": "Check if S3 buckets have object versioning enabled", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_object_versioning-211203495394-us-east-1-prod-my-secure-s3-bucket-20250423" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::prod-my-secure-s3-bucket-20250423", - "name": "prod-my-secure-s3-bucket-20250423", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": true, - "logging": true, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "aws:kms", - "region": "us-east-1", - "logging_target_bucket": "prod-my-secure-s3-bucket-20250423-logs", - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [ - { - "Key": "Environment", - "Value": "Production" - }, - { - "Key": "Owner", - "Value": "CFI" - }, - { - "Key": "managed-by", - "Value": "terraform" - }, - { - "Key": "module", - "Value": "secure-s3" - }, - { - "Key": "Name", - "Value": "prod-my-secure-s3-bucket-20250423" - } - ], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [ - "Environment:Production", - "Owner:CFI", - "managed-by:terraform", - "module:secure-s3", - "Name:prod-my-secure-s3-bucket-20250423" - ], - "name": "prod-my-secure-s3-bucket-20250423", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::prod-my-secure-s3-bucket-20250423" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Configure versioning using the Amazon console or API for buckets with sensitive information that is changing frequently, and backup may not be enough to capture all the changes.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/dev-retired/Versioning.html" - ] - }, - "risk_details": "With versioning, you can easily recover from both unintended user actions and application failures.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket prod-my-secure-s3-bucket-20250423-logs has versioning enabled.", - "metadata": { - "event_code": "s3_bucket_object_versioning", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 Bucket prod-my-secure-s3-bucket-20250423-logs has versioning enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_3_8" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_12" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_308_a_7_i", - "164_308_a_7_ii_a", - "164_308_a_7_ii_b", - "164_308_a_7_ii_c", - "164_312_a_2_ii", - "164_312_c_1", - "164_312_c_2" - ], - "SOC2": [ - "cc_7_4", - "cc_a_1_1", - "cc_c_1_2" - ], - "C5-2025": [ - "OPS-13.01AC", - "OPS-33.02B", - "DEV-07.01B" - ], - "NIST-CSF-1.1": [ - "be_5", - "ds_4", - "ip_4", - "ip_9", - "pt_5", - "rp_1", - "rp_1" - ], - "FedRamp-Moderate-Revision-4": [ - "au-9-2", - "cp-9-b", - "cp-10", - "sc-5", - "si-12" - ], - "NIST-800-53-Revision-5": [ - "au_9_2", - "cp_1_2", - "cp_2_5", - "cp_6_a", - "cp_6_1", - "cp_6_2", - "cp_9_a", - "cp_9_b", - "cp_9_c", - "cp_10", - "cp_10_2", - "pm_11_b", - "pm_17_b", - "sc_5_2", - "sc_16_1", - "si_1_a_2", - "si_13_5" - ], - "AWS-Audit-Manager-Control-Tower-Guardrails": [ - "5.1.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.3", - "2.12.1" - ], - "PCI-4.0": [ - "10.3.4.9" - ], - "FedRAMP-Low-Revision-4": [ - "au-9", - "cp-9", - "cp-10", - "sc-5" - ], - "FFIEC": [ - "d5-ir-pl-b-6" - ], - "PCI-3.2.1": [ - "3.1", - "3.1.c", - "10.5", - "10.5.2", - "10.5.3", - "10.5.5" - ], - "GxP-EU-Annex-11": [ - "5-data", - "7.1-data-storage-damage-protection", - "7.2-data-storage-backups", - "16-business-continuity", - "17-archiving", - "4.8-validation-data-transfer" - ], - "CCC": [ - "CCC.ObjStor.CN03.AR01", - "CCC.ObjStor.CN03.AR02", - "CCC.ObjStor.CN04.AR01", - "CCC.ObjStor.CN05.AR01", - "CCC.ObjStor.CN05.AR02", - "CCC.ObjStor.CN05.AR03", - "CCC.ObjStor.CN05.AR04" - ], - "GxP-21-CFR-Part-11": [ - "11.10-a", - "11.10-c" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.14" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC08-BP04" - ], - "ISO27001-2022": [ - "A.8.3", - "A.8.10" - ], - "NIST-800-53-Revision-4": [ - "cp_10", - "si_12" - ], - "KISA-ISMS-P-2023": [ - "2.9.3", - "2.12.1" - ], - "MITRE-ATTACK": [ - "T1485", - "T1486" - ], - "CISA": [ - "your-systems-3", - "your-data-4", - "booting-up-thing-to-do-first-1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Check if S3 buckets have object versioning enabled", - "title": "Check if S3 buckets have object versioning enabled", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_object_versioning-211203495394-us-east-1-prod-my-secure-s3-bucket-20250423-logs" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::prod-my-secure-s3-bucket-20250423-logs", - "name": "prod-my-secure-s3-bucket-20250423-logs", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": true, - "logging": true, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "aws:kms", - "region": "us-east-1", - "logging_target_bucket": "prod-my-secure-s3-bucket-20250423-logs", - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [ - { - "Key": "Environment", - "Value": "Production" - }, - { - "Key": "Owner", - "Value": "CFI" - }, - { - "Key": "Type", - "Value": "logs" - }, - { - "Key": "managed-by", - "Value": "terraform" - }, - { - "Key": "module", - "Value": "secure-s3" - }, - { - "Key": "Name", - "Value": "prod-my-secure-s3-bucket-20250423-logs" - } - ], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [ - "Environment:Production", - "Owner:CFI", - "Type:logs", - "managed-by:terraform", - "module:secure-s3", - "Name:prod-my-secure-s3-bucket-20250423-logs" - ], - "name": "prod-my-secure-s3-bucket-20250423-logs", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::prod-my-secure-s3-bucket-20250423-logs" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Configure versioning using the Amazon console or API for buckets with sensitive information that is changing frequently, and backup may not be enough to capture all the changes.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/dev-retired/Versioning.html" - ] - }, - "risk_details": "With versioning, you can easily recover from both unintended user actions and application failures.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket prod-my-secure-s3-bucket-20250423 does not have a bucket policy.", - "metadata": { - "event_code": "s3_bucket_policy_public_write_access", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 Bucket prod-my-secure-s3-bucket-20250423 does not have a bucket policy.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_1", - "3_1_2", - "3_1_3", - "3_3_8", - "3_4_6", - "3_13_2", - "3_13_5" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_1_3" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_308_a_3_i", - "164_312_a_1" - ], - "C5-2025": [ - "PS-03.02B", - "IAM-10.01B" - ], - "NIST-CSF-1.1": [ - "ac_3", - "ac_5", - "ds_5", - "ip_8", - "pt_3" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-3", - "ac-4", - "ac-6", - "ac-17-1", - "ac-21-b", - "cm-2", - "sc-4", - "sc-7-3", - "sc-7" - ], - "NIST-800-53-Revision-5": [ - "ac_2_6", - "ac_3", - "ac_3_7", - "ac_4_21", - "ac_6", - "ac_17_b", - "ac_17_1", - "ac_17_4_a", - "ac_17_9", - "ac_17_10", - "cm_6_a", - "cm_9_b", - "mp_2", - "sc_7_2", - "sc_7_3", - "sc_7_7", - "sc_7_9_a", - "sc_7_11", - "sc_7_12", - "sc_7_16", - "sc_7_20", - "sc_7_21", - "sc_7_24_b", - "sc_7_25", - "sc_7_26", - "sc_7_27", - "sc_7_28", - "sc_7_a", - "sc_7_b", - "sc_7_c", - "sc_25" - ], - "ENS-RD2022": [ - "op.acc.4.aws.iam.1", - "op.exp.8.r4.aws.ct.2" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "AWS-Audit-Manager-Control-Tower-Guardrails": [ - "4.1.2" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "FedRAMP-Low-Revision-4": [ - "ac-3", - "ac-17", - "cm-2", - "sc-7" - ], - "FFIEC": [ - "d3-pc-im-b-1" - ], - "PCI-3.2.1": [ - "1.2", - "1.2.1", - "1.2.1.a", - "1.2.1.b", - "1.2.1.c", - "1.3", - "1.3.1", - "1.3.2", - "1.3.4", - "1.3.6", - "7.2", - "7.2.1" - ], - "CCC": [ - "CCC.AuditLog.CN10.AR02", - "CCC.Core.CN05.AR05" - ], - "GxP-21-CFR-Part-11": [ - "11.10-c", - "11.10-d", - "11.10-g", - "11.10-k" - ], - "ProwlerThreatScore-1.0": [ - "2.2.15" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.3" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC03-BP07" - ], - "ISO27001-2022": [ - "A.8.1" - ], - "NIST-800-53-Revision-4": [ - "ac_3", - "ac_4", - "ac_6", - "ac_21", - "sc_7_3", - "sc_7" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1485", - "T1486" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Check if S3 buckets have policies which allow WRITE access.", - "title": "Check if S3 buckets have policies which allow WRITE access.", - "types": [ - "IAM" - ], - "uid": "prowler-aws-s3_bucket_policy_public_write_access-211203495394-us-east-1-prod-my-secure-s3-bucket-20250423" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::prod-my-secure-s3-bucket-20250423", - "name": "prod-my-secure-s3-bucket-20250423", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": true, - "logging": true, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "aws:kms", - "region": "us-east-1", - "logging_target_bucket": "prod-my-secure-s3-bucket-20250423-logs", - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [ - { - "Key": "Environment", - "Value": "Production" - }, - { - "Key": "Owner", - "Value": "CFI" - }, - { - "Key": "managed-by", - "Value": "terraform" - }, - { - "Key": "module", - "Value": "secure-s3" - }, - { - "Key": "Name", - "Value": "prod-my-secure-s3-bucket-20250423" - } - ], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [ - "Environment:Production", - "Owner:CFI", - "managed-by:terraform", - "module:secure-s3", - "Name:prod-my-secure-s3-bucket-20250423" - ], - "name": "prod-my-secure-s3-bucket-20250423", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::prod-my-secure-s3-bucket-20250423" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Ensure proper bucket policy is in place with the least privilege principle applied.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_examples_s3_rw-bucket.html" - ] - }, - "risk_details": "Non intended users can put objects in a given bucket.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket prod-my-secure-s3-bucket-20250423-logs does not have a bucket policy.", - "metadata": { - "event_code": "s3_bucket_policy_public_write_access", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 Bucket prod-my-secure-s3-bucket-20250423-logs does not have a bucket policy.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_1", - "3_1_2", - "3_1_3", - "3_3_8", - "3_4_6", - "3_13_2", - "3_13_5" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_1_3" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_308_a_3_i", - "164_312_a_1" - ], - "C5-2025": [ - "PS-03.02B", - "IAM-10.01B" - ], - "NIST-CSF-1.1": [ - "ac_3", - "ac_5", - "ds_5", - "ip_8", - "pt_3" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-3", - "ac-4", - "ac-6", - "ac-17-1", - "ac-21-b", - "cm-2", - "sc-4", - "sc-7-3", - "sc-7" - ], - "NIST-800-53-Revision-5": [ - "ac_2_6", - "ac_3", - "ac_3_7", - "ac_4_21", - "ac_6", - "ac_17_b", - "ac_17_1", - "ac_17_4_a", - "ac_17_9", - "ac_17_10", - "cm_6_a", - "cm_9_b", - "mp_2", - "sc_7_2", - "sc_7_3", - "sc_7_7", - "sc_7_9_a", - "sc_7_11", - "sc_7_12", - "sc_7_16", - "sc_7_20", - "sc_7_21", - "sc_7_24_b", - "sc_7_25", - "sc_7_26", - "sc_7_27", - "sc_7_28", - "sc_7_a", - "sc_7_b", - "sc_7_c", - "sc_25" - ], - "ENS-RD2022": [ - "op.acc.4.aws.iam.1", - "op.exp.8.r4.aws.ct.2" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "AWS-Audit-Manager-Control-Tower-Guardrails": [ - "4.1.2" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "FedRAMP-Low-Revision-4": [ - "ac-3", - "ac-17", - "cm-2", - "sc-7" - ], - "FFIEC": [ - "d3-pc-im-b-1" - ], - "PCI-3.2.1": [ - "1.2", - "1.2.1", - "1.2.1.a", - "1.2.1.b", - "1.2.1.c", - "1.3", - "1.3.1", - "1.3.2", - "1.3.4", - "1.3.6", - "7.2", - "7.2.1" - ], - "CCC": [ - "CCC.AuditLog.CN10.AR02", - "CCC.Core.CN05.AR05" - ], - "GxP-21-CFR-Part-11": [ - "11.10-c", - "11.10-d", - "11.10-g", - "11.10-k" - ], - "ProwlerThreatScore-1.0": [ - "2.2.15" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.3" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC03-BP07" - ], - "ISO27001-2022": [ - "A.8.1" - ], - "NIST-800-53-Revision-4": [ - "ac_3", - "ac_4", - "ac_6", - "ac_21", - "sc_7_3", - "sc_7" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1485", - "T1486" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Check if S3 buckets have policies which allow WRITE access.", - "title": "Check if S3 buckets have policies which allow WRITE access.", - "types": [ - "IAM" - ], - "uid": "prowler-aws-s3_bucket_policy_public_write_access-211203495394-us-east-1-prod-my-secure-s3-bucket-20250423-logs" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::prod-my-secure-s3-bucket-20250423-logs", - "name": "prod-my-secure-s3-bucket-20250423-logs", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": true, - "logging": true, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "aws:kms", - "region": "us-east-1", - "logging_target_bucket": "prod-my-secure-s3-bucket-20250423-logs", - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [ - { - "Key": "Environment", - "Value": "Production" - }, - { - "Key": "Owner", - "Value": "CFI" - }, - { - "Key": "Type", - "Value": "logs" - }, - { - "Key": "managed-by", - "Value": "terraform" - }, - { - "Key": "module", - "Value": "secure-s3" - }, - { - "Key": "Name", - "Value": "prod-my-secure-s3-bucket-20250423-logs" - } - ], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [ - "Environment:Production", - "Owner:CFI", - "Type:logs", - "managed-by:terraform", - "module:secure-s3", - "Name:prod-my-secure-s3-bucket-20250423-logs" - ], - "name": "prod-my-secure-s3-bucket-20250423-logs", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::prod-my-secure-s3-bucket-20250423-logs" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Ensure proper bucket policy is in place with the least privilege principle applied.", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_examples_s3_rw-bucket.html" - ] - }, - "risk_details": "Non intended users can put objects in a given bucket.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket prod-my-secure-s3-bucket-20250423 is not public.", - "metadata": { - "event_code": "s3_bucket_public_access", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 Bucket prod-my-secure-s3-bucket-20250423 is not public.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_1", - "3_1_2", - "3_1_3", - "3_3_8", - "3_4_6", - "3_13_2", - "3_13_5" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_1_3" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_308_a_3_i", - "164_312_a_1", - "164_312_a_2_i" - ], - "SOC2": [ - "cc_6_1" - ], - "C5-2025": [ - "PS-03.02B", - "IAM-10.01B", - "COS-02.01B" - ], - "NIST-CSF-1.1": [ - "ac_3", - "ac_5", - "ds_5", - "ip_8", - "pt_3" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-3", - "ac-4", - "ac-6", - "ac-17-1", - "ac-21-b", - "cm-2", - "sc-4", - "sc-7-3", - "sc-7" - ], - "NIST-800-53-Revision-5": [ - "ac_2_6", - "ac_3", - "ac_3_7", - "ac_4_21", - "ac_6", - "ac_17_b", - "ac_17_1", - "ac_17_4_a", - "ac_17_9", - "ac_17_10", - "cm_6_a", - "cm_9_b", - "mp_2", - "sc_7_2", - "sc_7_3", - "sc_7_7", - "sc_7_9_a", - "sc_7_11", - "sc_7_12", - "sc_7_16", - "sc_7_20", - "sc_7_21", - "sc_7_24_b", - "sc_7_25", - "sc_7_26", - "sc_7_27", - "sc_7_28", - "sc_7_a", - "sc_7_b", - "sc_7_c", - "sc_25" - ], - "ENS-RD2022": [ - "op.exp.8.r4.aws.ct.2" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "AWS-Audit-Manager-Control-Tower-Guardrails": [ - "4.1.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.1", - "2.6.2", - "2.10.2" - ], - "PCI-4.0": [ - "1.2.8.33", - "1.2.8.34", - "1.3.1.37", - "1.3.1.38", - "1.3.2.37", - "1.3.2.38", - "1.4.2.35", - "1.4.2.36", - "1.5.1.33", - "1.5.1.34", - "10.3.2.21", - "10.3.2.23", - "10.3.3.23", - "10.3.4.8", - "3.5.1.3.26", - "3.5.1.3.28", - "A1.1.2.17", - "A1.1.2.19", - "A1.1.3.33", - "A1.1.3.34", - "A1.2.1.31", - "A3.4.1.19", - "A3.4.1.21" - ], - "FedRAMP-Low-Revision-4": [ - "ac-3", - "ac-17", - "cm-2", - "sc-7" - ], - "FFIEC": [ - "d3-pc-im-b-1" - ], - "CCC": [ - "CCC.AuditLog.CN09.AR01", - "CCC.AuditLog.CN10.AR02", - "CCC.Logging.CN05.AR01", - "CCC.Logging.CN05.AR02", - "CCC.ObjStor.CN02.AR02", - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05" - ], - "GxP-21-CFR-Part-11": [ - "11.10-c", - "11.10-d", - "11.10-g", - "11.10-k" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC03-BP07" - ], - "ISO27001-2022": [ - "A.8.1" - ], - "NIST-800-53-Revision-4": [ - "ac_3", - "ac_4", - "ac_6", - "ac_21", - "sc_7_3", - "sc_7" - ], - "AWS-Account-Security-Onboarding": [ - "S3 Block Public Access" - ], - "KISA-ISMS-P-2023": [ - "2.6.1", - "2.6.2", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1530" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure there are no S3 buckets open to Everyone or Any AWS user.", - "title": "Ensure there are no S3 buckets open to Everyone or Any AWS user.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_public_access-211203495394-us-east-1-prod-my-secure-s3-bucket-20250423" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::prod-my-secure-s3-bucket-20250423", - "name": "prod-my-secure-s3-bucket-20250423", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": true, - "logging": true, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "aws:kms", - "region": "us-east-1", - "logging_target_bucket": "prod-my-secure-s3-bucket-20250423-logs", - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [ - { - "Key": "Environment", - "Value": "Production" - }, - { - "Key": "Owner", - "Value": "CFI" - }, - { - "Key": "managed-by", - "Value": "terraform" - }, - { - "Key": "module", - "Value": "secure-s3" - }, - { - "Key": "Name", - "Value": "prod-my-secure-s3-bucket-20250423" - } - ], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [ - "Environment:Production", - "Owner:CFI", - "managed-by:terraform", - "module:secure-s3", - "Name:prod-my-secure-s3-bucket-20250423" - ], - "name": "prod-my-secure-s3-bucket-20250423", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::prod-my-secure-s3-bucket-20250423" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "You can enable block public access settings only for access points, buckets and AWS accounts. Amazon S3 does not support block public access settings on a per-object basis. When you apply block public access settings to an account, the settings apply to all AWS Regions globally. The settings might not take effect in all Regions immediately or simultaneously, but they eventually propagate to all Regions.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html" - ] - }, - "risk_details": "Even if you enable all possible bucket ACL options available in the Amazon S3 console the ACL alone does not allow everyone to download objects from your bucket. Depending on which option you select any user could perform some actions.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket prod-my-secure-s3-bucket-20250423-logs is not public.", - "metadata": { - "event_code": "s3_bucket_public_access", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 Bucket prod-my-secure-s3-bucket-20250423-logs is not public.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_1", - "3_1_2", - "3_1_3", - "3_3_8", - "3_4_6", - "3_13_2", - "3_13_5" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_1_3" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_308_a_3_i", - "164_312_a_1", - "164_312_a_2_i" - ], - "SOC2": [ - "cc_6_1" - ], - "C5-2025": [ - "PS-03.02B", - "IAM-10.01B", - "COS-02.01B" - ], - "NIST-CSF-1.1": [ - "ac_3", - "ac_5", - "ds_5", - "ip_8", - "pt_3" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-3", - "ac-4", - "ac-6", - "ac-17-1", - "ac-21-b", - "cm-2", - "sc-4", - "sc-7-3", - "sc-7" - ], - "NIST-800-53-Revision-5": [ - "ac_2_6", - "ac_3", - "ac_3_7", - "ac_4_21", - "ac_6", - "ac_17_b", - "ac_17_1", - "ac_17_4_a", - "ac_17_9", - "ac_17_10", - "cm_6_a", - "cm_9_b", - "mp_2", - "sc_7_2", - "sc_7_3", - "sc_7_7", - "sc_7_9_a", - "sc_7_11", - "sc_7_12", - "sc_7_16", - "sc_7_20", - "sc_7_21", - "sc_7_24_b", - "sc_7_25", - "sc_7_26", - "sc_7_27", - "sc_7_28", - "sc_7_a", - "sc_7_b", - "sc_7_c", - "sc_25" - ], - "ENS-RD2022": [ - "op.exp.8.r4.aws.ct.2" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "AWS-Audit-Manager-Control-Tower-Guardrails": [ - "4.1.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.6.1", - "2.6.2", - "2.10.2" - ], - "PCI-4.0": [ - "1.2.8.33", - "1.2.8.34", - "1.3.1.37", - "1.3.1.38", - "1.3.2.37", - "1.3.2.38", - "1.4.2.35", - "1.4.2.36", - "1.5.1.33", - "1.5.1.34", - "10.3.2.21", - "10.3.2.23", - "10.3.3.23", - "10.3.4.8", - "3.5.1.3.26", - "3.5.1.3.28", - "A1.1.2.17", - "A1.1.2.19", - "A1.1.3.33", - "A1.1.3.34", - "A1.2.1.31", - "A3.4.1.19", - "A3.4.1.21" - ], - "FedRAMP-Low-Revision-4": [ - "ac-3", - "ac-17", - "cm-2", - "sc-7" - ], - "FFIEC": [ - "d3-pc-im-b-1" - ], - "CCC": [ - "CCC.AuditLog.CN09.AR01", - "CCC.AuditLog.CN10.AR02", - "CCC.Logging.CN05.AR01", - "CCC.Logging.CN05.AR02", - "CCC.ObjStor.CN02.AR02", - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05" - ], - "GxP-21-CFR-Part-11": [ - "11.10-c", - "11.10-d", - "11.10-g", - "11.10-k" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC03-BP07" - ], - "ISO27001-2022": [ - "A.8.1" - ], - "NIST-800-53-Revision-4": [ - "ac_3", - "ac_4", - "ac_6", - "ac_21", - "sc_7_3", - "sc_7" - ], - "AWS-Account-Security-Onboarding": [ - "S3 Block Public Access" - ], - "KISA-ISMS-P-2023": [ - "2.6.1", - "2.6.2", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1530" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure there are no S3 buckets open to Everyone or Any AWS user.", - "title": "Ensure there are no S3 buckets open to Everyone or Any AWS user.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_public_access-211203495394-us-east-1-prod-my-secure-s3-bucket-20250423-logs" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::prod-my-secure-s3-bucket-20250423-logs", - "name": "prod-my-secure-s3-bucket-20250423-logs", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": true, - "logging": true, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "aws:kms", - "region": "us-east-1", - "logging_target_bucket": "prod-my-secure-s3-bucket-20250423-logs", - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [ - { - "Key": "Environment", - "Value": "Production" - }, - { - "Key": "Owner", - "Value": "CFI" - }, - { - "Key": "Type", - "Value": "logs" - }, - { - "Key": "managed-by", - "Value": "terraform" - }, - { - "Key": "module", - "Value": "secure-s3" - }, - { - "Key": "Name", - "Value": "prod-my-secure-s3-bucket-20250423-logs" - } - ], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [ - "Environment:Production", - "Owner:CFI", - "Type:logs", - "managed-by:terraform", - "module:secure-s3", - "Name:prod-my-secure-s3-bucket-20250423-logs" - ], - "name": "prod-my-secure-s3-bucket-20250423-logs", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::prod-my-secure-s3-bucket-20250423-logs" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "You can enable block public access settings only for access points, buckets and AWS accounts. Amazon S3 does not support block public access settings on a per-object basis. When you apply block public access settings to an account, the settings apply to all AWS Regions globally. The settings might not take effect in all Regions immediately or simultaneously, but they eventually propagate to all Regions.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html" - ] - }, - "risk_details": "Even if you enable all possible bucket ACL options available in the Amazon S3 console the ACL alone does not allow everyone to download objects from your bucket. Depending on which option you select any user could perform some actions.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket prod-my-secure-s3-bucket-20250423 is not publicly listable.", - "metadata": { - "event_code": "s3_bucket_public_list_acl", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 Bucket prod-my-secure-s3-bucket-20250423 is not publicly listable.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "PS-03.02B" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "AWS-Audit-Manager-Control-Tower-Guardrails": [ - "4.1.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "CCC": [ - "CCC.AuditLog.CN10.AR01", - "CCC.AuditLog.CN10.AR02", - "CCC.Logging.CN05.AR01", - "CCC.Logging.CN05.AR02", - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR05" - ], - "ProwlerThreatScore-1.0": [ - "2.2.16" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure there are no S3 buckets listable by Everyone or Any AWS customer.", - "title": "Ensure there are no S3 buckets listable by Everyone or Any AWS customer.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_public_list_acl-211203495394-us-east-1-prod-my-secure-s3-bucket-20250423" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::prod-my-secure-s3-bucket-20250423", - "name": "prod-my-secure-s3-bucket-20250423", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": true, - "logging": true, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "aws:kms", - "region": "us-east-1", - "logging_target_bucket": "prod-my-secure-s3-bucket-20250423-logs", - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [ - { - "Key": "Environment", - "Value": "Production" - }, - { - "Key": "Owner", - "Value": "CFI" - }, - { - "Key": "managed-by", - "Value": "terraform" - }, - { - "Key": "module", - "Value": "secure-s3" - }, - { - "Key": "Name", - "Value": "prod-my-secure-s3-bucket-20250423" - } - ], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [ - "Environment:Production", - "Owner:CFI", - "managed-by:terraform", - "module:secure-s3", - "Name:prod-my-secure-s3-bucket-20250423" - ], - "name": "prod-my-secure-s3-bucket-20250423", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::prod-my-secure-s3-bucket-20250423" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "You can enable block public access settings only for access points, buckets and AWS accounts. Amazon S3 does not support block public access settings on a per-object basis. When you apply block public access settings to an account, the settings apply to all AWS Regions globally. The settings might not take effect in all Regions immediately or simultaneously, but they eventually propagate to all Regions.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html" - ] - }, - "risk_details": "Even if you enable all possible bucket ACL options available in the Amazon S3 console the ACL alone does not allow everyone to download objects from your bucket. Depending on which option you select any user could perform some actions.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket prod-my-secure-s3-bucket-20250423-logs is not publicly listable.", - "metadata": { - "event_code": "s3_bucket_public_list_acl", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 Bucket prod-my-secure-s3-bucket-20250423-logs is not publicly listable.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "PS-03.02B" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "AWS-Audit-Manager-Control-Tower-Guardrails": [ - "4.1.1" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "CCC": [ - "CCC.AuditLog.CN10.AR01", - "CCC.AuditLog.CN10.AR02", - "CCC.Logging.CN05.AR01", - "CCC.Logging.CN05.AR02", - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR05" - ], - "ProwlerThreatScore-1.0": [ - "2.2.16" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure there are no S3 buckets listable by Everyone or Any AWS customer.", - "title": "Ensure there are no S3 buckets listable by Everyone or Any AWS customer.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_public_list_acl-211203495394-us-east-1-prod-my-secure-s3-bucket-20250423-logs" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::prod-my-secure-s3-bucket-20250423-logs", - "name": "prod-my-secure-s3-bucket-20250423-logs", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": true, - "logging": true, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "aws:kms", - "region": "us-east-1", - "logging_target_bucket": "prod-my-secure-s3-bucket-20250423-logs", - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [ - { - "Key": "Environment", - "Value": "Production" - }, - { - "Key": "Owner", - "Value": "CFI" - }, - { - "Key": "Type", - "Value": "logs" - }, - { - "Key": "managed-by", - "Value": "terraform" - }, - { - "Key": "module", - "Value": "secure-s3" - }, - { - "Key": "Name", - "Value": "prod-my-secure-s3-bucket-20250423-logs" - } - ], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [ - "Environment:Production", - "Owner:CFI", - "Type:logs", - "managed-by:terraform", - "module:secure-s3", - "Name:prod-my-secure-s3-bucket-20250423-logs" - ], - "name": "prod-my-secure-s3-bucket-20250423-logs", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::prod-my-secure-s3-bucket-20250423-logs" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "You can enable block public access settings only for access points, buckets and AWS accounts. Amazon S3 does not support block public access settings on a per-object basis. When you apply block public access settings to an account, the settings apply to all AWS Regions globally. The settings might not take effect in all Regions immediately or simultaneously, but they eventually propagate to all Regions.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html" - ] - }, - "risk_details": "Even if you enable all possible bucket ACL options available in the Amazon S3 console the ACL alone does not allow everyone to download objects from your bucket. Depending on which option you select any user could perform some actions.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket prod-my-secure-s3-bucket-20250423 is not publicly writable.", - "metadata": { - "event_code": "s3_bucket_public_write_acl", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 Bucket prod-my-secure-s3-bucket-20250423 is not publicly writable.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "PS-03.02B" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "PCI-4.0": [ - "1.2.8.35", - "1.3.1.39", - "1.3.2.39", - "1.4.2.37", - "1.5.1.35", - "10.3.2.24", - "3.5.1.3.29", - "A1.1.2.20", - "A1.1.3.35", - "A3.4.1.22" - ], - "PCI-3.2.1": [ - "1.2", - "1.2.1", - "1.2.1.a", - "1.2.1.b", - "1.2.1.c", - "1.3", - "1.3.1", - "1.3.2", - "1.3.4", - "1.3.6", - "7.2", - "7.2.1" - ], - "CCC": [ - "CCC.AuditLog.CN10.AR01", - "CCC.AuditLog.CN10.AR02", - "CCC.Logging.CN05.AR01", - "CCC.Logging.CN05.AR02", - "CCC.ObjStor.CN02.AR01", - "CCC.ObjStor.CN02.AR02", - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR05" - ], - "ProwlerThreatScore-1.0": [ - "2.2.17" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.3" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure there are no S3 buckets writable by Everyone or Any AWS customer.", - "title": "Ensure there are no S3 buckets writable by Everyone or Any AWS customer.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_public_write_acl-211203495394-us-east-1-prod-my-secure-s3-bucket-20250423" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::prod-my-secure-s3-bucket-20250423", - "name": "prod-my-secure-s3-bucket-20250423", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": true, - "logging": true, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "aws:kms", - "region": "us-east-1", - "logging_target_bucket": "prod-my-secure-s3-bucket-20250423-logs", - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [ - { - "Key": "Environment", - "Value": "Production" - }, - { - "Key": "Owner", - "Value": "CFI" - }, - { - "Key": "managed-by", - "Value": "terraform" - }, - { - "Key": "module", - "Value": "secure-s3" - }, - { - "Key": "Name", - "Value": "prod-my-secure-s3-bucket-20250423" - } - ], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [ - "Environment:Production", - "Owner:CFI", - "managed-by:terraform", - "module:secure-s3", - "Name:prod-my-secure-s3-bucket-20250423" - ], - "name": "prod-my-secure-s3-bucket-20250423", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::prod-my-secure-s3-bucket-20250423" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "You can enable block public access settings only for access points, buckets and AWS accounts. Amazon S3 does not support block public access settings on a per-object basis. When you apply block public access settings to an account, the settings apply to all AWS Regions globally. The settings might not take effect in all Regions immediately or simultaneously, but they eventually propagate to all Regions.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html" - ] - }, - "risk_details": "Even if you enable all possible bucket ACL options available in the Amazon S3 console the ACL alone does not allow everyone to download objects from your bucket. Depending on which option you select any user could perform some actions.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket prod-my-secure-s3-bucket-20250423-logs is not publicly writable.", - "metadata": { - "event_code": "s3_bucket_public_write_acl", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 5, - "severity": "Critical", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 Bucket prod-my-secure-s3-bucket-20250423-logs is not publicly writable.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "internet-exposed" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "C5-2025": [ - "PS-03.02B" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.5.6", - "2.6.2", - "2.10.2" - ], - "PCI-4.0": [ - "1.2.8.35", - "1.3.1.39", - "1.3.2.39", - "1.4.2.37", - "1.5.1.35", - "10.3.2.24", - "3.5.1.3.29", - "A1.1.2.20", - "A1.1.3.35", - "A3.4.1.22" - ], - "PCI-3.2.1": [ - "1.2", - "1.2.1", - "1.2.1.a", - "1.2.1.b", - "1.2.1.c", - "1.3", - "1.3.1", - "1.3.2", - "1.3.4", - "1.3.6", - "7.2", - "7.2.1" - ], - "CCC": [ - "CCC.AuditLog.CN10.AR01", - "CCC.AuditLog.CN10.AR02", - "CCC.Logging.CN05.AR01", - "CCC.Logging.CN05.AR02", - "CCC.ObjStor.CN02.AR01", - "CCC.ObjStor.CN02.AR02", - "CCC.MLDE.CN01.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR05" - ], - "ProwlerThreatScore-1.0": [ - "2.2.17" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.3" - ], - "KISA-ISMS-P-2023": [ - "2.5.6", - "2.6.2", - "2.10.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Ensure there are no S3 buckets writable by Everyone or Any AWS customer.", - "title": "Ensure there are no S3 buckets writable by Everyone or Any AWS customer.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_public_write_acl-211203495394-us-east-1-prod-my-secure-s3-bucket-20250423-logs" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::prod-my-secure-s3-bucket-20250423-logs", - "name": "prod-my-secure-s3-bucket-20250423-logs", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": true, - "logging": true, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "aws:kms", - "region": "us-east-1", - "logging_target_bucket": "prod-my-secure-s3-bucket-20250423-logs", - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [ - { - "Key": "Environment", - "Value": "Production" - }, - { - "Key": "Owner", - "Value": "CFI" - }, - { - "Key": "Type", - "Value": "logs" - }, - { - "Key": "managed-by", - "Value": "terraform" - }, - { - "Key": "module", - "Value": "secure-s3" - }, - { - "Key": "Name", - "Value": "prod-my-secure-s3-bucket-20250423-logs" - } - ], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [ - "Environment:Production", - "Owner:CFI", - "Type:logs", - "managed-by:terraform", - "module:secure-s3", - "Name:prod-my-secure-s3-bucket-20250423-logs" - ], - "name": "prod-my-secure-s3-bucket-20250423-logs", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::prod-my-secure-s3-bucket-20250423-logs" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "You can enable block public access settings only for access points, buckets and AWS accounts. Amazon S3 does not support block public access settings on a per-object basis. When you apply block public access settings to an account, the settings apply to all AWS Regions globally. The settings might not take effect in all Regions immediately or simultaneously, but they eventually propagate to all Regions.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html" - ] - }, - "risk_details": "Even if you enable all possible bucket ACL options available in the Amazon S3 console the ACL alone does not allow everyone to download objects from your bucket. Depending on which option you select any user could perform some actions.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket prod-my-secure-s3-bucket-20250423 does not have a bucket policy, thus it allows HTTP requests.", - "metadata": { - "event_code": "s3_bucket_secure_transport_policy", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "S3 Bucket prod-my-secure-s3-bucket-20250423 does not have a bucket policy, thus it allows HTTP requests.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_13", - "3_5_10", - "3_13_1", - "3_13_5", - "3_13_8", - "3_13_11", - "3_13_16" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_1_3" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_312_a_2_iv", - "164_312_c_1", - "164_312_c_2", - "164_312_e_1", - "164_312_e_2_i", - "164_312_e_2_ii" - ], - "NIST-CSF-1.1": [ - "ds_2" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-17-2", - "sc-7", - "sc-8-1", - "sc-8", - "sc-23" - ], - "CIS-3.0": [ - "2.1.1" - ], - "NIST-800-53-Revision-5": [ - "ac_4", - "ac_4_22", - "ac_17_2", - "ac_24_1", - "au_9_3", - "ca_9_b", - "cm_6_a", - "cm_9_b", - "ia_5_1_c", - "pm_11_b", - "pm_17_b", - "sc_7_4_b", - "sc_7_4_g", - "sc_7_5", - "sc_8", - "sc_8_1", - "sc_8_2", - "sc_8_3", - "sc_8_4", - "sc_8_5", - "sc_13_a", - "sc_16_1", - "sc_23", - "si_1_a_2" - ], - "ENS-RD2022": [ - "mp.com.1.aws.s3.1", - "mp.com.3.aws.s3.1" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.1", - "2.10.2" - ], - "CIS-4.0.1": [ - "2.1.1" - ], - "PCI-4.0": [ - "1.2.5.15", - "2.2.5.15", - "2.2.7.19", - "4.2.1.1.27", - "4.2.1.19", - "8.3.2.49" - ], - "FedRAMP-Low-Revision-4": [ - "ac-17", - "sc-7" - ], - "FFIEC": [ - "d3-pc-am-b-12", - "d3-pc-am-b-13", - "d3-pc-am-b-15" - ], - "GDPR": [ - "article_32" - ], - "CIS-5.0": [ - "2.1.1" - ], - "CIS-1.4": [ - "2.1.2" - ], - "CCC": [ - "CCC.Core.CN01.AR01", - "CCC.Core.CN01.AR03", - "CCC.Core.CN01.AR07", - "CCC.Core.CN01.AR08" - ], - "GxP-21-CFR-Part-11": [ - "11.10-c", - "11.30" - ], - "ProwlerThreatScore-1.0": [ - "4.1.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.5" - ], - "CIS-1.5": [ - "2.1.2" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC09-BP02" - ], - "NIST-800-53-Revision-4": [ - "ac_17_2", - "sc_7", - "sc_8_1", - "sc_8" - ], - "KISA-ISMS-P-2023": [ - "2.7.1", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1040" - ], - "CIS-2.0": [ - "2.1.1" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Check if S3 buckets have secure transport policy.", - "title": "Check if S3 buckets have secure transport policy.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_secure_transport_policy-211203495394-us-east-1-prod-my-secure-s3-bucket-20250423" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::prod-my-secure-s3-bucket-20250423", - "name": "prod-my-secure-s3-bucket-20250423", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": true, - "logging": true, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "aws:kms", - "region": "us-east-1", - "logging_target_bucket": "prod-my-secure-s3-bucket-20250423-logs", - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [ - { - "Key": "Environment", - "Value": "Production" - }, - { - "Key": "Owner", - "Value": "CFI" - }, - { - "Key": "managed-by", - "Value": "terraform" - }, - { - "Key": "module", - "Value": "secure-s3" - }, - { - "Key": "Name", - "Value": "prod-my-secure-s3-bucket-20250423" - } - ], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [ - "Environment:Production", - "Owner:CFI", - "managed-by:terraform", - "module:secure-s3", - "Name:prod-my-secure-s3-bucket-20250423" - ], - "name": "prod-my-secure-s3-bucket-20250423", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::prod-my-secure-s3-bucket-20250423" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Ensure that S3 buckets have encryption in transit enabled.", - "references": [ - "https://aws.amazon.com/premiumsupport/knowledge-center/s3-bucket-policy-for-config-rule/" - ] - }, - "risk_details": "If HTTPS is not enforced on the bucket policy, communication between clients and S3 buckets can use unencrypted HTTP. As a result, sensitive information could be transmitted in clear text over the network or internet.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket prod-my-secure-s3-bucket-20250423-logs does not have a bucket policy, thus it allows HTTP requests.", - "metadata": { - "event_code": "s3_bucket_secure_transport_policy", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "S3 Bucket prod-my-secure-s3-bucket-20250423-logs does not have a bucket policy, thus it allows HTTP requests.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_13", - "3_5_10", - "3_13_1", - "3_13_5", - "3_13_8", - "3_13_11", - "3_13_16" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_1_3" - ], - "HIPAA": [ - "164_308_a_1_ii_b", - "164_312_a_2_iv", - "164_312_c_1", - "164_312_c_2", - "164_312_e_1", - "164_312_e_2_i", - "164_312_e_2_ii" - ], - "NIST-CSF-1.1": [ - "ds_2" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-17-2", - "sc-7", - "sc-8-1", - "sc-8", - "sc-23" - ], - "CIS-3.0": [ - "2.1.1" - ], - "NIST-800-53-Revision-5": [ - "ac_4", - "ac_4_22", - "ac_17_2", - "ac_24_1", - "au_9_3", - "ca_9_b", - "cm_6_a", - "cm_9_b", - "ia_5_1_c", - "pm_11_b", - "pm_17_b", - "sc_7_4_b", - "sc_7_4_g", - "sc_7_5", - "sc_8", - "sc_8_1", - "sc_8_2", - "sc_8_3", - "sc_8_4", - "sc_8_5", - "sc_13_a", - "sc_16_1", - "sc_23", - "si_1_a_2" - ], - "ENS-RD2022": [ - "mp.com.1.aws.s3.1", - "mp.com.3.aws.s3.1" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.7.1", - "2.10.2" - ], - "CIS-4.0.1": [ - "2.1.1" - ], - "PCI-4.0": [ - "1.2.5.15", - "2.2.5.15", - "2.2.7.19", - "4.2.1.1.27", - "4.2.1.19", - "8.3.2.49" - ], - "FedRAMP-Low-Revision-4": [ - "ac-17", - "sc-7" - ], - "FFIEC": [ - "d3-pc-am-b-12", - "d3-pc-am-b-13", - "d3-pc-am-b-15" - ], - "GDPR": [ - "article_32" - ], - "CIS-5.0": [ - "2.1.1" - ], - "CIS-1.4": [ - "2.1.2" - ], - "CCC": [ - "CCC.Core.CN01.AR01", - "CCC.Core.CN01.AR03", - "CCC.Core.CN01.AR07", - "CCC.Core.CN01.AR08" - ], - "GxP-21-CFR-Part-11": [ - "11.10-c", - "11.30" - ], - "ProwlerThreatScore-1.0": [ - "4.1.1" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.5" - ], - "CIS-1.5": [ - "2.1.2" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC09-BP02" - ], - "NIST-800-53-Revision-4": [ - "ac_17_2", - "sc_7", - "sc_8_1", - "sc_8" - ], - "KISA-ISMS-P-2023": [ - "2.7.1", - "2.10.2" - ], - "MITRE-ATTACK": [ - "T1040" - ], - "CIS-2.0": [ - "2.1.1" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Check if S3 buckets have secure transport policy.", - "title": "Check if S3 buckets have secure transport policy.", - "types": [ - "Data Protection" - ], - "uid": "prowler-aws-s3_bucket_secure_transport_policy-211203495394-us-east-1-prod-my-secure-s3-bucket-20250423-logs" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::prod-my-secure-s3-bucket-20250423-logs", - "name": "prod-my-secure-s3-bucket-20250423-logs", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": true, - "logging": true, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "aws:kms", - "region": "us-east-1", - "logging_target_bucket": "prod-my-secure-s3-bucket-20250423-logs", - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [ - { - "Key": "Environment", - "Value": "Production" - }, - { - "Key": "Owner", - "Value": "CFI" - }, - { - "Key": "Type", - "Value": "logs" - }, - { - "Key": "managed-by", - "Value": "terraform" - }, - { - "Key": "module", - "Value": "secure-s3" - }, - { - "Key": "Name", - "Value": "prod-my-secure-s3-bucket-20250423-logs" - } - ], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [ - "Environment:Production", - "Owner:CFI", - "Type:logs", - "managed-by:terraform", - "module:secure-s3", - "Name:prod-my-secure-s3-bucket-20250423-logs" - ], - "name": "prod-my-secure-s3-bucket-20250423-logs", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::prod-my-secure-s3-bucket-20250423-logs" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Ensure that S3 buckets have encryption in transit enabled.", - "references": [ - "https://aws.amazon.com/premiumsupport/knowledge-center/s3-bucket-policy-for-config-rule/" - ] - }, - "risk_details": "If HTTPS is not enforced on the bucket policy, communication between clients and S3 buckets can use unencrypted HTTP. As a result, sensitive information could be transmitted in clear text over the network or internet.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket prod-my-secure-s3-bucket-20250423 has server access logging enabled.", - "metadata": { - "event_code": "s3_bucket_server_access_logging_enabled", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 Bucket prod-my-secure-s3-bucket-20250423 has server access logging enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_12", - "3_3_1", - "3_3_2", - "3_3_3", - "3_6_1", - "3_6_2", - "3_13_1", - "3_14_6", - "3_14_7" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_4" - ], - "HIPAA": [ - "164_308_a_1_ii_d", - "164_308_a_3_ii_a", - "164_308_a_6_ii", - "164_312_b", - "164_312_e_2_i" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "C5-2025": [ - "AM-01.01AC", - "OPS-11.02AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "IAM-06.04B", - "IAM-07.04B", - "IAM-10.01B", - "SSO-05.01AC", - "PSS-04.05B" - ], - "NIST-CSF-1.1": [ - "ae_1", - "ae_3", - "ae_4", - "cm_1", - "cm_3", - "cm_6", - "cm_7", - "am_3", - "ac_6", - "ds_5", - "pt_1" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-4", - "ac-2-g", - "au-2-a-d", - "au-3", - "au-6-1-3", - "au-12-a-c" - ], - "NIST-800-53-Revision-5": [ - "ac_2_4", - "ac_3_1", - "ac_3_10", - "ac_4_26", - "ac_6_9", - "au_2_b", - "au_3_a", - "au_3_b", - "au_3_c", - "au_3_d", - "au_3_e", - "au_3_f", - "au_6_3", - "au_6_4", - "au_6_6", - "au_6_9", - "au_8_b", - "au_10", - "au_12_a", - "au_12_c", - "au_12_1", - "au_12_2", - "au_12_3", - "au_12_4", - "au_14_a", - "au_14_b", - "au_14_3", - "ca_7_b", - "cm_5_1_b", - "cm_6_a", - "cm_9_b", - "ia_3_3_b", - "ma_4_1_a", - "pm_14_a_1", - "pm_14_b", - "pm_31", - "sc_7_9_b", - "si_1_1_c", - "si_3_8_b", - "si_4_2", - "si_4_17", - "si_4_20", - "si_7_8", - "si_10_1_c" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.2" - ], - "PCI-4.0": [ - "10.2.1.1.30", - "10.2.1.2.27", - "10.2.1.3.27", - "10.2.1.4.27", - "10.2.1.5.27", - "10.2.1.6.27", - "10.2.1.7.27", - "10.2.1.27", - "10.2.2.27", - "10.3.1.27", - "10.6.3.34", - "5.3.4.32", - "A1.2.1.32" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "au-2" - ], - "FFIEC": [ - "d2-ma-ma-b-1", - "d2-ma-ma-b-2", - "d3-dc-an-b-3", - "d3-dc-an-b-4", - "d5-dr-de-b-3" - ], - "PCI-3.2.1": [ - "10.1", - "10.2", - "10.2.1", - "10.2.2", - "10.2.3", - "10.2.4", - "10.2.6", - "10.2.7", - "10.3", - "10.3.1", - "10.3.2", - "10.3.3", - "10.3.4", - "10.3.5", - "10.3.6", - "10.5", - "10.5.4" - ], - "CCC": [ - "CCC.AuditLog.CN04.AR01", - "CCC.ObjStor.CN06.AR01", - "CCC.Core.CN09.AR03" - ], - "GxP-21-CFR-Part-11": [ - "11.10-e", - "11.10-k" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.9" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP01" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "NIST-800-53-Revision-4": [ - "ac_2", - "au_2", - "au_3", - "au_12" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.2" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ], - "NIS2": [ - "1.1.1.h", - "3.2.3.c", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Check if S3 buckets have server access logging enabled", - "title": "Check if S3 buckets have server access logging enabled", - "types": [ - "Logging and Monitoring" - ], - "uid": "prowler-aws-s3_bucket_server_access_logging_enabled-211203495394-us-east-1-prod-my-secure-s3-bucket-20250423" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::prod-my-secure-s3-bucket-20250423", - "name": "prod-my-secure-s3-bucket-20250423", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": true, - "logging": true, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "aws:kms", - "region": "us-east-1", - "logging_target_bucket": "prod-my-secure-s3-bucket-20250423-logs", - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [ - { - "Key": "Environment", - "Value": "Production" - }, - { - "Key": "Owner", - "Value": "CFI" - }, - { - "Key": "managed-by", - "Value": "terraform" - }, - { - "Key": "module", - "Value": "secure-s3" - }, - { - "Key": "Name", - "Value": "prod-my-secure-s3-bucket-20250423" - } - ], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [ - "Environment:Production", - "Owner:CFI", - "managed-by:terraform", - "module:secure-s3", - "Name:prod-my-secure-s3-bucket-20250423" - ], - "name": "prod-my-secure-s3-bucket-20250423", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::prod-my-secure-s3-bucket-20250423" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Ensure that S3 buckets have Logging enabled. CloudTrail data events can be used in place of S3 bucket logging. If that is the case, this finding can be considered a false positive.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/dev/security-best-practices.html" - ] - }, - "risk_details": "Server access logs can assist you in security and access audits, help you learn about your customer base, and understand your Amazon S3 bill.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 Bucket prod-my-secure-s3-bucket-20250423-logs has server access logging enabled.", - "metadata": { - "event_code": "s3_bucket_server_access_logging_enabled", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 Bucket prod-my-secure-s3-bucket-20250423-logs has server access logging enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "forensics-ready" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "NIST-800-171-Revision-2": [ - "3_1_12", - "3_3_1", - "3_3_2", - "3_3_3", - "3_6_1", - "3_6_2", - "3_13_1", - "3_14_6", - "3_14_7" - ], - "RBI-Cyber-Security-Framework": [ - "annex_i_7_4" - ], - "HIPAA": [ - "164_308_a_1_ii_d", - "164_308_a_3_ii_a", - "164_308_a_6_ii", - "164_312_b", - "164_312_e_2_i" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "C5-2025": [ - "AM-01.01AC", - "OPS-11.02AC", - "OPS-15.01B", - "OPS-15.02B", - "OPS-15.03B", - "OPS-15.01AC", - "OPS-26.05B", - "OPS-26.01AS", - "IAM-06.04B", - "IAM-07.04B", - "IAM-10.01B", - "SSO-05.01AC", - "PSS-04.05B" - ], - "NIST-CSF-1.1": [ - "ae_1", - "ae_3", - "ae_4", - "cm_1", - "cm_3", - "cm_6", - "cm_7", - "am_3", - "ac_6", - "ds_5", - "pt_1" - ], - "FedRamp-Moderate-Revision-4": [ - "ac-2-4", - "ac-2-g", - "au-2-a-d", - "au-3", - "au-6-1-3", - "au-12-a-c" - ], - "NIST-800-53-Revision-5": [ - "ac_2_4", - "ac_3_1", - "ac_3_10", - "ac_4_26", - "ac_6_9", - "au_2_b", - "au_3_a", - "au_3_b", - "au_3_c", - "au_3_d", - "au_3_e", - "au_3_f", - "au_6_3", - "au_6_4", - "au_6_6", - "au_6_9", - "au_8_b", - "au_10", - "au_12_a", - "au_12_c", - "au_12_1", - "au_12_2", - "au_12_3", - "au_12_4", - "au_14_a", - "au_14_b", - "au_14_3", - "ca_7_b", - "cm_5_1_b", - "cm_6_a", - "cm_9_b", - "ia_3_3_b", - "ma_4_1_a", - "pm_14_a_1", - "pm_14_b", - "pm_31", - "sc_7_9_b", - "si_1_1_c", - "si_3_8_b", - "si_4_2", - "si_4_17", - "si_4_20", - "si_7_8", - "si_10_1_c" - ], - "AWS-Foundational-Technical-Review": [ - "S3-001" - ], - "KISA-ISMS-P-2023-korean": [ - "2.9.4", - "2.10.2" - ], - "PCI-4.0": [ - "10.2.1.1.30", - "10.2.1.2.27", - "10.2.1.3.27", - "10.2.1.4.27", - "10.2.1.5.27", - "10.2.1.6.27", - "10.2.1.7.27", - "10.2.1.27", - "10.2.2.27", - "10.3.1.27", - "10.6.3.34", - "5.3.4.32", - "A1.2.1.32" - ], - "FedRAMP-Low-Revision-4": [ - "ac-2", - "au-2" - ], - "FFIEC": [ - "d2-ma-ma-b-1", - "d2-ma-ma-b-2", - "d3-dc-an-b-3", - "d3-dc-an-b-4", - "d5-dr-de-b-3" - ], - "PCI-3.2.1": [ - "10.1", - "10.2", - "10.2.1", - "10.2.2", - "10.2.3", - "10.2.4", - "10.2.6", - "10.2.7", - "10.3", - "10.3.1", - "10.3.2", - "10.3.3", - "10.3.4", - "10.3.5", - "10.3.6", - "10.5", - "10.5.4" - ], - "CCC": [ - "CCC.AuditLog.CN04.AR01", - "CCC.ObjStor.CN06.AR01", - "CCC.Core.CN09.AR03" - ], - "GxP-21-CFR-Part-11": [ - "11.10-e", - "11.10-k" - ], - "AWS-Foundational-Security-Best-Practices": [ - "S3.9" - ], - "AWS-Well-Architected-Framework-Security-Pillar": [ - "SEC04-BP01" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "NIST-800-53-Revision-4": [ - "ac_2", - "au_2", - "au_3", - "au_12" - ], - "KISA-ISMS-P-2023": [ - "2.9.4", - "2.10.2" - ], - "CISA": [ - "your-systems-3", - "your-data-2" - ], - "NIS2": [ - "1.1.1.h", - "3.2.3.c", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Check if S3 buckets have server access logging enabled", - "title": "Check if S3 buckets have server access logging enabled", - "types": [ - "Logging and Monitoring" - ], - "uid": "prowler-aws-s3_bucket_server_access_logging_enabled-211203495394-us-east-1-prod-my-secure-s3-bucket-20250423-logs" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::prod-my-secure-s3-bucket-20250423-logs", - "name": "prod-my-secure-s3-bucket-20250423-logs", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": true, - "logging": true, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "aws:kms", - "region": "us-east-1", - "logging_target_bucket": "prod-my-secure-s3-bucket-20250423-logs", - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [ - { - "Key": "Environment", - "Value": "Production" - }, - { - "Key": "Owner", - "Value": "CFI" - }, - { - "Key": "Type", - "Value": "logs" - }, - { - "Key": "managed-by", - "Value": "terraform" - }, - { - "Key": "module", - "Value": "secure-s3" - }, - { - "Key": "Name", - "Value": "prod-my-secure-s3-bucket-20250423-logs" - } - ], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [ - "Environment:Production", - "Owner:CFI", - "Type:logs", - "managed-by:terraform", - "module:secure-s3", - "Name:prod-my-secure-s3-bucket-20250423-logs" - ], - "name": "prod-my-secure-s3-bucket-20250423-logs", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::prod-my-secure-s3-bucket-20250423-logs" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Ensure that S3 buckets have Logging enabled. CloudTrail data events can be used in place of S3 bucket logging. If that is the case, this finding can be considered a false positive.", - "references": [ - "https://docs.aws.amazon.com/AmazonS3/latest/dev/security-best-practices.html" - ] - }, - "risk_details": "Server access logs can assist you in security and access audits, help you learn about your customer base, and understand your Amazon S3 bill.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 bucket prod-my-secure-s3-bucket-20250423 is not a known shadow resource.", - "metadata": { - "event_code": "s3_bucket_shadow_resource_vulnerability", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 bucket prod-my-secure-s3-bucket-20250423 is not a known shadow resource.", - "status_id": 1, - "unmapped": { - "related_url": "https://www.aquasec.com/blog/bucket-monopoly-breaching-aws-accounts-through-shadow-resources/", - "categories": [ - "trustboundaries" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "This check is based on the 'Bucket Monopoly' vulnerability disclosed by Aqua Security.", - "compliance": { - "C5-2025": [ - "OPS-25.01B" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Checks for S3 buckets with predictable names that could be hijacked by an attacker before legitimate use, leading to data leakage or other security breaches.", - "title": "Check for S3 buckets vulnerable to Shadow Resource Hijacking (Bucket Monopoly)", - "types": [ - "Effects/Data Exposure" - ], - "uid": "prowler-aws-s3_bucket_shadow_resource_vulnerability-211203495394-us-east-1-prod-my-secure-s3-bucket-20250423" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::prod-my-secure-s3-bucket-20250423", - "name": "prod-my-secure-s3-bucket-20250423", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": true, - "logging": true, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "aws:kms", - "region": "us-east-1", - "logging_target_bucket": "prod-my-secure-s3-bucket-20250423-logs", - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [ - { - "Key": "Environment", - "Value": "Production" - }, - { - "Key": "Owner", - "Value": "CFI" - }, - { - "Key": "managed-by", - "Value": "terraform" - }, - { - "Key": "module", - "Value": "secure-s3" - }, - { - "Key": "Name", - "Value": "prod-my-secure-s3-bucket-20250423" - } - ], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [ - "Environment:Production", - "Owner:CFI", - "managed-by:terraform", - "module:secure-s3", - "Name:prod-my-secure-s3-bucket-20250423" - ], - "name": "prod-my-secure-s3-bucket-20250423", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::prod-my-secure-s3-bucket-20250423" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Ensure that all S3 buckets associated with your AWS account are owned by your account. Be cautious of services that create buckets with predictable names. Whenever possible, pre-create these buckets in all regions to prevent hijacking.", - "references": [ - "https://www.aquasec.com/blog/bucket-monopoly-breaching-aws-accounts-through-shadow-resources/" - ] - }, - "risk_details": "An attacker can pre-create S3 buckets with predictable names used by various AWS services. When a legitimate user's service attempts to use that bucket, it may inadvertently write sensitive data to the attacker-controlled bucket, leading to information disclosure, denial of service, or even remote code execution.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "S3 bucket prod-my-secure-s3-bucket-20250423-logs is not a known shadow resource.", - "metadata": { - "event_code": "s3_bucket_shadow_resource_vulnerability", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "S3 bucket prod-my-secure-s3-bucket-20250423-logs is not a known shadow resource.", - "status_id": 1, - "unmapped": { - "related_url": "https://www.aquasec.com/blog/bucket-monopoly-breaching-aws-accounts-through-shadow-resources/", - "categories": [ - "trustboundaries" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "This check is based on the 'Bucket Monopoly' vulnerability disclosed by Aqua Security.", - "compliance": { - "C5-2025": [ - "OPS-25.01B" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903136, - "created_time_dt": "2025-10-19T19:45:36.459076", - "desc": "Checks for S3 buckets with predictable names that could be hijacked by an attacker before legitimate use, leading to data leakage or other security breaches.", - "title": "Check for S3 buckets vulnerable to Shadow Resource Hijacking (Bucket Monopoly)", - "types": [ - "Effects/Data Exposure" - ], - "uid": "prowler-aws-s3_bucket_shadow_resource_vulnerability-211203495394-us-east-1-prod-my-secure-s3-bucket-20250423-logs" - }, - "resources": [ - { - "cloud_partition": "aws", - "region": "us-east-1", - "data": { - "details": "", - "metadata": { - "arn": "arn:aws:s3:::prod-my-secure-s3-bucket-20250423-logs", - "name": "prod-my-secure-s3-bucket-20250423-logs", - "owner_id": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "owner": null, - "versioning": true, - "logging": true, - "public_access_block": { - "block_public_acls": true, - "ignore_public_acls": true, - "block_public_policy": true, - "restrict_public_buckets": true - }, - "acl_grantees": [ - { - "display_name": "finos.ccc", - "ID": "f1e0e24abe13725f55a059b1d15665b1abd7298a6135ae4e23e0324bb84e3482", - "type": "CanonicalUser", - "URI": null, - "permission": "FULL_CONTROL" - } - ], - "policy": {}, - "encryption": "aws:kms", - "region": "us-east-1", - "logging_target_bucket": "prod-my-secure-s3-bucket-20250423-logs", - "ownership": "BucketOwnerEnforced", - "object_lock": false, - "mfa_delete": false, - "tags": [ - { - "Key": "Environment", - "Value": "Production" - }, - { - "Key": "Owner", - "Value": "CFI" - }, - { - "Key": "Type", - "Value": "logs" - }, - { - "Key": "managed-by", - "Value": "terraform" - }, - { - "Key": "module", - "Value": "secure-s3" - }, - { - "Key": "Name", - "Value": "prod-my-secure-s3-bucket-20250423-logs" - } - ], - "lifecycle": [], - "replication_rules": [], - "notification_config": {} - } - }, - "group": { - "name": "s3" - }, - "labels": [ - "Environment:Production", - "Owner:CFI", - "Type:logs", - "managed-by:terraform", - "module:secure-s3", - "Name:prod-my-secure-s3-bucket-20250423-logs" - ], - "name": "prod-my-secure-s3-bucket-20250423-logs", - "type": "AwsS3Bucket", - "uid": "arn:aws:s3:::prod-my-secure-s3-bucket-20250423-logs" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "", - "type": "AWS Account", - "type_id": 10, - "uid": "211203495394", - "labels": [] - }, - "org": { - "name": "", - "uid": "" - }, - "provider": "aws", - "region": "us-east-1" - }, - "remediation": { - "desc": "Ensure that all S3 buckets associated with your AWS account are owned by your account. Be cautious of services that create buckets with predictable names. Whenever possible, pre-create these buckets in all regions to prevent hijacking.", - "references": [ - "https://www.aquasec.com/blog/bucket-monopoly-breaching-aws-accounts-through-shadow-resources/" - ] - }, - "risk_details": "An attacker can pre-create S3 buckets with predictable names used by various AWS services. When a legitimate user's service attempts to use that bucket, it may inadvertently write sensitive data to the attacker-controlled bucket, leading to information disclosure, denial of service, or even remote code execution.", - "time": 1760903136, - "time_dt": "2025-10-19T19:45:36.459076", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - } -] diff --git a/website/src/data/test-results/finos-labs-ccc-cfi-compliance/secure-azure-storage/config/secure-azure-storage.json b/website/src/data/test-results/finos-labs-ccc-cfi-compliance/secure-azure-storage/config/secure-azure-storage.json deleted file mode 100644 index a045823e..00000000 --- a/website/src/data/test-results/finos-labs-ccc-cfi-compliance/secure-azure-storage/config/secure-azure-storage.json +++ /dev/null @@ -1,9 +0,0 @@ -{ - "id": "secure-azure-storage", - "provider": "azure", - "service": "storage", - "name": "CCC Azure Storage Account Terraform Example", - "description": "This example creates a secure Azure storage account with encryption, versioning, and lifecycle management enabled.", - "path": "examples/complete/azure", - "git": "https://github.com/finos/cfi-s3-module" -} \ No newline at end of file diff --git a/website/src/data/test-results/finos-labs-ccc-cfi-compliance/secure-azure-storage/results/secure-azure-storage-baseline.ocsf.json b/website/src/data/test-results/finos-labs-ccc-cfi-compliance/secure-azure-storage/results/secure-azure-storage-baseline.ocsf.json deleted file mode 100644 index a59fb75d..00000000 --- a/website/src/data/test-results/finos-labs-ccc-cfi-compliance/secure-azure-storage/results/secure-azure-storage-baseline.ocsf.json +++ /dev/null @@ -1,11972 +0,0 @@ -[ - { - "message": "There are no AppInsight configured in subscription Azure subscription 1.", - "metadata": { - "event_code": "appinsights_ensure_is_configured", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "There are no AppInsight configured in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/azure-monitor/app/app-insights-overview", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Because Application Insights relies on a Log Analytics Workspace, an organization will incur additional expenses when using this service.", - "compliance": { - "ENS-RD2022": [ - "mp.s.4.r1.az.nt.2" - ], - "CIS-2.0": [ - "5.3.1" - ], - "ProwlerThreatScore-1.0": [ - "3.3.13" - ], - "CIS-2.1": [ - "5.3.1" - ], - "CIS-3.0": [ - "6.3.1" - ], - "CCC": [ - "CCC.Logging.CN01.AR01" - ], - "PCI-4.0": [ - "10.2.1.1.3", - "10.2.1.2.3", - "10.2.1.3.3", - "10.2.1.4.3", - "10.2.1.5.3", - "10.2.1.6.3", - "10.2.1.7.3", - "10.2.1.3", - "10.2.2.3", - "10.4.1.1.1", - "10.4.1.1", - "10.4.2.1", - "10.6.3.3", - "10.7.1.1", - "10.7.2.1", - "5.3.4.3", - "A1.2.1.3", - "A3.3.1.1", - "A3.5.1.1" - ], - "CIS-4.0": [ - "7.1.3.1" - ], - "NIS2": [ - "3.2.3.h", - "5.1.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903743, - "created_time_dt": "2025-10-19T19:55:43.343029", - "desc": "Application Insights within Azure act as an Application Performance Monitoring solution providing valuable data into how well an application performs and additional information when performing incident response. The types of log data collected include application metrics, telemetry data, and application trace logging data providing organizations with detailed information about application activity and application transactions. Both data sets help organizations adopt a proactive and retroactive means to handle security and performance related metrics within their modern applications.", - "title": "Ensure Application Insights are Configured.", - "types": [], - "uid": "prowler-azure-appinsights_ensure_is_configured-3bb71587-4549-4396-8898-9e15f062e665-global-AppInsights" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "appinsights" - }, - "labels": [], - "name": "AppInsights", - "type": "Microsoft.Insights/components", - "uid": "AppInsights" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. Navigate to Application Insights 2. Under the Basics tab within the PROJECT DETAILS section, select the Subscription 3. Select the Resource group 4. Within the INSTANCE DETAILS, enter a Name 5. Select a Region 6. Next to Resource Mode, select Workspace-based 7. Within the WORKSPACE DETAILS, select the Subscription for the log analytics workspace 8. Select the appropriate Log Analytics Workspace 9. Click Next:Tags > 10. Enter the appropriate Tags as Name, Value pairs. 11. Click Next:Review+Create 12. Click Create.", - "references": [] - }, - "risk_details": "Configuring Application Insights provides additional data not found elsewhere within Azure as part of a much larger logging and monitoring program within an organization's Information Security practice. The types and contents of these logs will act as both a potential cost saving measure (application performance) and a means to potentially confirm the source of a potential incident (trace logging). Metrics and Telemetry data provide organizations with a proactive approach to cost savings by monitoring an application's performance, while the trace logging data provides necessary details in a reactive incident response scenario by helping organizations identify the potential source of an incident within their application.", - "time": 1760903743, - "time_dt": "2025-10-19T19:55:43.343029", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Defender Auto Provisioning Log Analytics Agents from subscription Azure subscription 1 is set to OFF.", - "metadata": { - "event_code": "defender_auto_provisioning_log_analytics_agent_vms_on", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Defender Auto Provisioning Log Analytics Agents from subscription Azure subscription 1 is set to OFF.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/azure/security-center/security-center-data-security", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.mon.3.r2.az.de.1", - "mp.s.4.r1.az.nt.5" - ], - "MITRE-ATTACK": [ - "T1190" - ], - "CIS-2.0": [ - "2.1.15" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1", - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "2.1.14" - ], - "CIS-3.0": [ - "3.1.1.1" - ], - "NIS2": [ - "2.1.2.h", - "3.1.2.d", - "3.2.3.c", - "3.2.3.e", - "3.2.3.g", - "3.6.2", - "6.9.2", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903743, - "created_time_dt": "2025-10-19T19:55:43.343029", - "desc": "Ensure that Auto provisioning of 'Log Analytics agent for Azure VMs' is Set to 'On'. The Microsoft Monitoring Agent scans for various security-related configurations and events such as system updates, OS vulnerabilities, endpoint protection, and provides alerts.", - "title": "Ensure that Auto provisioning of 'Log Analytics agent for Azure VMs' is Set to 'On'", - "types": [], - "uid": "prowler-azure-defender_auto_provisioning_log_analytics_agent_vms_on-3bb71587-4549-4396-8898-9e15f062e665-global-default" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/autoProvisioningSettings/default", - "resource_name": "default", - "resource_type": "Microsoft.Security/autoProvisioningSettings", - "auto_provision": "Off" - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "default", - "type": "AzureDefenderPlan", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/autoProvisioningSettings/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "Ensure comprehensive visibility into possible security vulnerabilities, including missing updates, misconfigured operating system security settings, and active threats, allowing for timely mitigation and improved overall security posture", - "references": [ - "https://learn.microsoft.com/en-us/azure/defender-for-cloud/monitoring-components" - ] - }, - "risk_details": "Missing critical security information about your Azure VMs, such as security alerts, security recommendations, and change tracking.", - "time": 1760903743, - "time_dt": "2025-10-19T19:55:43.343029", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Container image scan is disabled in subscription Azure subscription 1.", - "metadata": { - "event_code": "defender_container_images_scan_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Container image scan is disabled in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/container-registry/container-registry-check-health", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "When using an Azure container registry, you might occasionally encounter problems. For example, you might not be able to pull a container image because of an issue with Docker in your local environment. Or, a network issue might prevent you from connecting to the registry.", - "compliance": { - "MITRE-ATTACK": [ - "T1190", - "T1525" - ], - "ISO27001-2022": [ - "A.5.19", - "A.5.21", - "A.5.25", - "A.5.28", - "A.5.29", - "A.8.7", - "A.8.9" - ], - "SOC2": [ - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CCC": [ - "CCC.CntrReg.CN01.AR01" - ], - "PCI-4.0": [ - "11.3.1.2.1", - "11.3.1.3.3", - "11.3.1.3" - ], - "NIS2": [ - "2.2.1", - "3.1.2.d", - "3.6.2", - "5.1.4.f", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903743, - "created_time_dt": "2025-10-19T19:55:43.343029", - "desc": "Scan images being deployed to Azure (AKS) for vulnerabilities. Vulnerability scanning for images stored in Azure Container Registry is generally available in Azure Security Center. This capability is powered by Qualys, a leading provider of information security. When you push an image to Container Registry, Security Center automatically scans it, then checks for known vulnerabilities in packages or dependencies defined in the file. When the scan completes (after about 10 minutes), Security Center provides details and a security classification for each vulnerability detected, along with guidance on how to remediate issues and protect vulnerable attack surfaces.", - "title": "Ensure Image Vulnerability Scanning using Azure Defender image scanning or a third party provider", - "types": [], - "uid": "prowler-azure-defender_container_images_scan_enabled-3bb71587-4549-4396-8898-9e15f062e665-global-Containers" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/Containers", - "resource_name": "Containers", - "pricing_tier": "Free", - "free_trial_remaining_time": 2592000.0, - "extensions": {} - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "Containers", - "type": "Microsoft.Security", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/Containers" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "", - "references": [ - "https://learn.microsoft.com/en-us/azure/container-registry/scan-images-defender" - ] - }, - "risk_details": "Vulnerabilities in software packages can be exploited by hackers or malicious users to obtain unauthorized access to local cloud resources. Azure Defender and other third party products allow images to be scanned for known vulnerabilities.", - "time": 1760903743, - "time_dt": "2025-10-19T19:55:43.343029", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Defender plan Defender for App Services from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "metadata": { - "event_code": "defender_ensure_defender_for_app_services_is_on", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Defender plan Defender for App Services from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.s.4.r1.az.nt.3" - ], - "MITRE-ATTACK": [ - "T1190", - "T1059", - "T1204", - "T1552", - "T1486", - "T1499", - "T1496", - "T1087" - ], - "ISO27001-2022": [ - "A.5.19", - "A.5.21", - "A.5.25", - "A.5.28", - "A.5.29", - "A.8.7", - "A.8.9" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CIS-2.1": [ - "2.1.2" - ], - "CIS-3.0": [ - "3.1.6.1" - ], - "CIS-4.0": [ - "9.1.6.1" - ], - "NIS2": [ - "3.6.2", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903743, - "created_time_dt": "2025-10-19T19:55:43.343029", - "desc": "Ensure That Microsoft Defender for App Services Is Set To 'On' ", - "title": "Ensure That Microsoft Defender for App Services Is Set To 'On' ", - "types": [], - "uid": "prowler-azure-defender_ensure_defender_for_app_services_is_on-3bb71587-4549-4396-8898-9e15f062e665-global-Defender plan App Services" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/AppServices", - "resource_name": "AppServices", - "pricing_tier": "Free", - "free_trial_remaining_time": 2592000.0, - "extensions": {} - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "Defender plan App Services", - "type": "AzureDefenderPlan", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/AppServices" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "By default, Microsoft Defender for Cloud is not enabled for your App Service instances. Enabling the Defender security service for App Service instances allows for advanced security defense using threat detection capabilities provided by Microsoft Security Response Center.", - "references": [] - }, - "risk_details": "Turning on Microsoft Defender for App Service enables threat detection for App Service, providing threat intelligence, anomaly detection, and behavior analytics in the Microsoft Defender for Cloud.", - "time": 1760903743, - "time_dt": "2025-10-19T19:55:43.343029", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Defender plan Defender for ARM from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "metadata": { - "event_code": "defender_ensure_defender_for_arm_is_on", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Defender plan Defender for ARM from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.s.4.r1.az.nt.3" - ], - "MITRE-ATTACK": [ - "T1190", - "T1562", - "T1486", - "T1499", - "T1087", - "T1580", - "T1538", - "T1526", - "T1069" - ], - "CIS-2.0": [ - "2.1.12" - ], - "ISO27001-2022": [ - "A.5.19", - "A.5.21", - "A.5.25", - "A.5.28", - "A.5.29", - "A.8.7", - "A.8.9" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CIS-2.1": [ - "2.1.11" - ], - "CIS-3.0": [ - "3.1.9.1" - ], - "CIS-4.0": [ - "9.1.9.1" - ], - "NIS2": [ - "3.6.2", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903743, - "created_time_dt": "2025-10-19T19:55:43.343029", - "desc": "Ensure That Microsoft Defender for Azure Resource Manager Is Set To 'On' ", - "title": "Ensure That Microsoft Defender for Azure Resource Manager Is Set To 'On' ", - "types": [], - "uid": "prowler-azure-defender_ensure_defender_for_arm_is_on-3bb71587-4549-4396-8898-9e15f062e665-global-Defender plan ARM" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/Arm", - "resource_name": "Arm", - "pricing_tier": "Free", - "free_trial_remaining_time": 2592000.0, - "extensions": {} - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "Defender plan ARM", - "type": "AzureDefenderPlan", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/Arm" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "Enable Microsoft Defender for Azure Resource Manager", - "references": [] - }, - "risk_details": "Scanning resource requests lets you be alerted every time there is suspicious activity in order to prevent a security threat from being introduced.", - "time": 1760903743, - "time_dt": "2025-10-19T19:55:43.343029", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Defender plan Defender for Azure SQL DB Servers from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "metadata": { - "event_code": "defender_ensure_defender_for_azure_sql_databases_is_on", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Defender plan Defender for Azure SQL DB Servers from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.s.4.r1.az.nt.4" - ], - "MITRE-ATTACK": [ - "T1190", - "T1486", - "T1499" - ], - "CIS-2.0": [ - "2.1.4" - ], - "ISO27001-2022": [ - "A.5.19", - "A.5.21", - "A.5.25", - "A.5.28", - "A.5.29", - "A.8.7", - "A.8.9" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CIS-2.1": [ - "2.1.3" - ], - "CIS-3.0": [ - "3.1.7.3" - ], - "CIS-4.0": [ - "9.1.7.3" - ], - "NIS2": [ - "3.6.2", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903743, - "created_time_dt": "2025-10-19T19:55:43.343029", - "desc": "Ensure That Microsoft Defender for Azure SQL Databases Is Set To 'On' ", - "title": "Ensure That Microsoft Defender for Azure SQL Databases Is Set To 'On' ", - "types": [], - "uid": "prowler-azure-defender_ensure_defender_for_azure_sql_databases_is_on-3bb71587-4549-4396-8898-9e15f062e665-global-SqlServers" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/SqlServers", - "resource_name": "SqlServers", - "pricing_tier": "Free", - "free_trial_remaining_time": 2592000.0, - "extensions": {} - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "SqlServers", - "type": "AzureDefenderPlan", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/SqlServers" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "By default, Microsoft Defender for Cloud is disabled for all your SQL database servers. Defender for Cloud monitors your SQL database servers for threats such as SQL injection, brute-force attacks, and privilege abuse. The security service provides action-oriented security alerts with details of the suspicious activity and guidance on how to mitigate the security threats.", - "references": [] - }, - "risk_details": "Turning on Microsoft Defender for Azure SQL Databases enables threat detection for Azure SQL database servers, providing threat intelligence, anomaly detection, and behavior analytics in the Microsoft Defender for Cloud.", - "time": 1760903743, - "time_dt": "2025-10-19T19:55:43.343029", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Defender plan Defender for Containers from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "metadata": { - "event_code": "defender_ensure_defender_for_containers_is_on", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Defender plan Defender for Containers from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.s.4.r1.az.nt.3" - ], - "MITRE-ATTACK": [ - "T1190", - "T1525", - "T1486", - "T1499" - ], - "CIS-2.0": [ - "2.1.8" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.19", - "A.5.21", - "A.5.22", - "A.5.25", - "A.5.28", - "A.5.29", - "A.8.7", - "A.8.9" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CIS-2.1": [ - "2.1.8" - ], - "CIS-3.0": [ - "3.1.4.1" - ], - "CIS-4.0": [ - "9.1.4.1" - ], - "NIS2": [ - "3.6.2", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903743, - "created_time_dt": "2025-10-19T19:55:43.343029", - "desc": "Ensure That Microsoft Defender for Containers Is Set To 'On' ", - "title": "Ensure That Microsoft Defender for Containers Is Set To 'On' ", - "types": [], - "uid": "prowler-azure-defender_ensure_defender_for_containers_is_on-3bb71587-4549-4396-8898-9e15f062e665-global-Containers" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/Containers", - "resource_name": "Containers", - "pricing_tier": "Free", - "free_trial_remaining_time": 2592000.0, - "extensions": {} - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "Containers", - "type": "AzureDefenderPlan", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/Containers" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "By default, Microsoft Defender for Cloud is not enabled for your Azure cloud containers. Enabling the Defender security service for Azure containers allows for advanced security defense against threats, using threat detection capabilities provided by the Microsoft Security Response Center (MSRC).", - "references": [] - }, - "risk_details": "Ensure that Microsoft Defender for Cloud is enabled for all your Azure containers. Turning on the Defender for Cloud service enables threat detection for containers, providing threat intelligence, anomaly detection, and behavior analytics.", - "time": 1760903743, - "time_dt": "2025-10-19T19:55:43.343029", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Defender plan Defender for Cosmos DB from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "metadata": { - "event_code": "defender_ensure_defender_for_cosmosdb_is_on", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Defender plan Defender for Cosmos DB from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.s.4.r1.az.nt.4" - ], - "MITRE-ATTACK": [ - "T1190", - "T1486", - "T1499" - ], - "CIS-2.0": [ - "2.1.9" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.19", - "A.5.21", - "A.5.22", - "A.5.25", - "A.5.28", - "A.5.29", - "A.8.7", - "A.8.9" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CIS-2.1": [ - "2.1.6" - ], - "CIS-3.0": [ - "3.1.7.1" - ], - "CIS-4.0": [ - "9.1.7.1" - ], - "NIS2": [ - "3.6.2", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903743, - "created_time_dt": "2025-10-19T19:55:43.343029", - "desc": "Ensure That Microsoft Defender for Cosmos DB Is Set To 'On' ", - "title": "Ensure That Microsoft Defender for Cosmos DB Is Set To 'On' ", - "types": [], - "uid": "prowler-azure-defender_ensure_defender_for_cosmosdb_is_on-3bb71587-4549-4396-8898-9e15f062e665-global-Defender plan Cosmos DB" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/CosmosDbs", - "resource_name": "CosmosDbs", - "pricing_tier": "Free", - "free_trial_remaining_time": 2592000.0, - "extensions": {} - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "Defender plan Cosmos DB", - "type": "AzureDefenderPlan", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/CosmosDbs" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "By default, Microsoft Defender for Cloud is not enabled for your App Service instances. Enabling the Defender security service for App Service instances allows for advanced security defense using threat detection capabilities provided by Microsoft Security Response Center.", - "references": [ - "Enable Microsoft Defender for Cosmos DB" - ] - }, - "risk_details": "In scanning Cosmos DB requests within a subscription, requests are compared to a heuristic list of potential security threats. These threats could be a result of a security breach within your services, thus scanning for them could prevent a potential security threat from being introduced.", - "time": 1760903743, - "time_dt": "2025-10-19T19:55:43.343029", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Defender plan Defender for Databases from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "metadata": { - "event_code": "defender_ensure_defender_for_databases_is_on", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Defender plan Defender for Databases from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.s.4.r1.az.nt.4" - ], - "MITRE-ATTACK": [ - "T1190", - "T1486", - "T1499" - ], - "CIS-2.0": [ - "2.1.3" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.19", - "A.5.21", - "A.5.22", - "A.5.25", - "A.5.28", - "A.5.29", - "A.8.7", - "A.8.9" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "NIS2": [ - "3.6.2", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903743, - "created_time_dt": "2025-10-19T19:55:43.343029", - "desc": "Ensure That Microsoft Defender for Databases Is Set To 'On' ", - "title": "Ensure That Microsoft Defender for Databases Is Set To 'On' ", - "types": [], - "uid": "prowler-azure-defender_ensure_defender_for_databases_is_on-3bb71587-4549-4396-8898-9e15f062e665-global-SqlServers" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/SqlServers", - "resource_name": "SqlServers", - "pricing_tier": "Free", - "free_trial_remaining_time": 2592000.0, - "extensions": {} - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "SqlServers", - "type": "AzureDefenderPlan", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/SqlServers" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "Enable Microsoft Defender for Azure SQL Databases", - "references": [] - }, - "risk_details": "Enabling Microsoft Defender for Azure SQL Databases allows your organization more granular control of the infrastructure running your database software", - "time": 1760903743, - "time_dt": "2025-10-19T19:55:43.343029", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Defender plan Defender for DNS from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "metadata": { - "event_code": "defender_ensure_defender_for_dns_is_on", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Defender plan Defender for DNS from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.s.4.r1.az.nt.3" - ], - "MITRE-ATTACK": [ - "T1190", - "T1486", - "T1499" - ], - "CIS-2.0": [ - "2.1.11" - ], - "ProwlerThreatScore-1.0": [ - "3.3.21" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.19", - "A.5.21", - "A.5.22", - "A.5.25", - "A.5.28", - "A.5.29", - "A.8.7", - "A.8.9" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CIS-2.1": [ - "2.1.10" - ], - "CIS-3.0": [ - "3.1.16" - ], - "CIS-4.0": [ - "9.1.17" - ], - "NIS2": [ - "3.6.2", - "6.7.2.i", - "6.7.2.l", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903743, - "created_time_dt": "2025-10-19T19:55:43.343029", - "desc": "Ensure That Microsoft Defender for DNS Is Set To 'On' ", - "title": "Ensure That Microsoft Defender for DNS Is Set To 'On' ", - "types": [], - "uid": "prowler-azure-defender_ensure_defender_for_dns_is_on-3bb71587-4549-4396-8898-9e15f062e665-global-Defender plan DNS" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/Dns", - "resource_name": "Dns", - "pricing_tier": "Free", - "free_trial_remaining_time": 2592000.0, - "extensions": {} - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "Defender plan DNS", - "type": "AzureDefenderPlan", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/Dns" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "By default, Microsoft Defender for Cloud is not enabled for your App Service instances. Enabling the Defender security service for App Service instances allows for advanced security defense using threat detection capabilities provided by Microsoft Security Response Center.", - "references": [] - }, - "risk_details": "DNS lookups within a subscription are scanned and compared to a dynamic list of websites that might be potential security threats. These threats could be a result of a security breach within your services, thus scanning for them could prevent a potential security threat from being introduced.", - "time": 1760903743, - "time_dt": "2025-10-19T19:55:43.343029", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Defender plan Defender for KeyVaults from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "metadata": { - "event_code": "defender_ensure_defender_for_keyvault_is_on", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Defender plan Defender for KeyVaults from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r1.az.eid.3" - ], - "MITRE-ATTACK": [ - "T1190", - "T1486", - "T1499", - "T1580" - ], - "CIS-2.0": [ - "2.1.10" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.19", - "A.5.21", - "A.5.22", - "A.5.25", - "A.5.28", - "A.5.29", - "A.8.7", - "A.8.9" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CIS-2.1": [ - "2.1.9" - ], - "CIS-3.0": [ - "3.1.8.1" - ], - "PCI-4.0": [ - "3.5.1.31", - "3.5.1.32", - "8.3.2.50", - "8.3.2.51" - ], - "CIS-4.0": [ - "9.1.8.1" - ], - "NIS2": [ - "3.6.2", - "6.9.2", - "9.2.c", - "9.2.c.iv" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903743, - "created_time_dt": "2025-10-19T19:55:43.343029", - "desc": "Ensure That Microsoft Defender for KeyVault Is Set To 'On' ", - "title": "Ensure That Microsoft Defender for KeyVault Is Set To 'On' ", - "types": [], - "uid": "prowler-azure-defender_ensure_defender_for_keyvault_is_on-3bb71587-4549-4396-8898-9e15f062e665-global-Defender plan KeyVaults" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/KeyVaults", - "resource_name": "KeyVaults", - "pricing_tier": "Free", - "free_trial_remaining_time": 2592000.0, - "extensions": {} - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "Defender plan KeyVaults", - "type": "AzureDefenderPlan", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/KeyVaults" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "Ensure that Microsoft Defender for Cloud is enabled for Azure key vaults. Key Vault is the Azure cloud service that safeguards encryption keys and secrets like certificates, connection-based strings, and passwords.", - "references": [] - }, - "risk_details": "By default, Microsoft Defender for Cloud is disabled for Azure key vaults. Defender for Cloud detects unusual and potentially harmful attempts to access or exploit your Azure Key Vault data. This layer of protection allows you to address threats without being a security expert, and without the need to use and manage third-party security monitoring tools or services.", - "time": 1760903743, - "time_dt": "2025-10-19T19:55:43.343029", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Defender plan Defender for Open-Source Relational Databases from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "metadata": { - "event_code": "defender_ensure_defender_for_os_relational_databases_is_on", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Defender plan Defender for Open-Source Relational Databases from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.s.4.r1.az.nt.4" - ], - "MITRE-ATTACK": [ - "T1190", - "T1486", - "T1499" - ], - "CIS-2.0": [ - "2.1.6" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.19", - "A.5.21", - "A.5.22", - "A.5.25", - "A.5.28", - "A.5.29", - "A.8.7", - "A.8.9" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CIS-2.1": [ - "2.1.5" - ], - "CIS-3.0": [ - "3.1.7.2" - ], - "CIS-4.0": [ - "9.1.7.2" - ], - "NIS2": [ - "3.6.2", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903743, - "created_time_dt": "2025-10-19T19:55:43.343029", - "desc": "Ensure That Microsoft Defender for Open-Source Relational Databases Is Set To 'On' ", - "title": "Ensure That Microsoft Defender for Open-Source Relational Databases Is Set To 'On' ", - "types": [], - "uid": "prowler-azure-defender_ensure_defender_for_os_relational_databases_is_on-3bb71587-4549-4396-8898-9e15f062e665-global-Defender plan Open-Source Relational Databases" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/OpenSourceRelationalDatabases", - "resource_name": "OpenSourceRelationalDatabases", - "pricing_tier": "Free", - "free_trial_remaining_time": 2592000.0, - "extensions": {} - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "Defender plan Open-Source Relational Databases", - "type": "AzureDefenderPlan", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/OpenSourceRelationalDatabases" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "Enabling Microsoft Defender for Open-source relational databases allows for greater defense-in-depth, with threat detection provided by the Microsoft Security Response Center (MSRC).", - "references": [] - }, - "risk_details": "Turning on Microsoft Defender for Open-source relational databases enables threat detection for Open-source relational databases, providing threat intelligence, anomaly detection, and behavior analytics in the Microsoft Defender for Cloud.", - "time": 1760903743, - "time_dt": "2025-10-19T19:55:43.343029", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Defender plan Defender for Servers from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "metadata": { - "event_code": "defender_ensure_defender_for_server_is_on", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Defender plan Defender for Servers from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.mon.3.r1.az.ev.1", - "mp.s.4.r1.az.nt.3" - ], - "MITRE-ATTACK": [ - "T1190", - "T1486", - "T1499" - ], - "CIS-2.0": [ - "2.1.1", - "2.1.2" - ], - "ProwlerThreatScore-1.0": [ - "1.1.4" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.19", - "A.5.21", - "A.5.22", - "A.5.25", - "A.5.28", - "A.5.29", - "A.8.7", - "A.8.9" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CIS-2.1": [ - "2.1.1" - ], - "CIS-3.0": [ - "2.2.8", - "3.1.3.1" - ], - "CIS-4.0": [ - "6.2.7", - "9.1.3.1" - ], - "NIS2": [ - "3.6.2", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903743, - "created_time_dt": "2025-10-19T19:55:43.343029", - "desc": "Ensure That Microsoft Defender for Servers Is Set to 'On'", - "title": "Ensure That Microsoft Defender for Servers Is Set to 'On'", - "types": [], - "uid": "prowler-azure-defender_ensure_defender_for_server_is_on-3bb71587-4549-4396-8898-9e15f062e665-global-Defender plan Servers" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/VirtualMachines", - "resource_name": "VirtualMachines", - "pricing_tier": "Free", - "free_trial_remaining_time": 2592000.0, - "extensions": {} - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "Defender plan Servers", - "type": "AzureDefenderPlan", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/VirtualMachines" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "Enabling Microsoft Defender for Cloud standard pricing tier allows for better security assessment with threat detection provided by the Microsoft Security Response Center (MSRC), advanced security policies, adaptive application control, network threat detection, and regulatory compliance management.", - "references": [] - }, - "risk_details": "Turning on Microsoft Defender for Servers enables threat detection for Servers, providing threat intelligence, anomaly detection, and behavior analytics in the Microsoft Defender for Cloud.", - "time": 1760903743, - "time_dt": "2025-10-19T19:55:43.343029", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Defender plan Defender for SQL Server VMs from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "metadata": { - "event_code": "defender_ensure_defender_for_sql_servers_is_on", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Defender plan Defender for SQL Server VMs from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.s.4.r1.az.nt.4" - ], - "MITRE-ATTACK": [ - "T1190", - "T1486", - "T1499" - ], - "CIS-2.0": [ - "2.1.5" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.19", - "A.5.21", - "A.5.22", - "A.5.25", - "A.5.28", - "A.5.29", - "A.8.7", - "A.8.9" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CIS-2.1": [ - "2.1.4" - ], - "CIS-3.0": [ - "3.1.7.4" - ], - "CIS-4.0": [ - "9.1.7.4" - ], - "NIS2": [ - "3.6.2", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903743, - "created_time_dt": "2025-10-19T19:55:43.343029", - "desc": "Ensure That Microsoft Defender for SQL Servers on Machines Is Set To 'On' ", - "title": "Ensure That Microsoft Defender for SQL Servers on Machines Is Set To 'On' ", - "types": [], - "uid": "prowler-azure-defender_ensure_defender_for_sql_servers_is_on-3bb71587-4549-4396-8898-9e15f062e665-global-Defender plan SQL Server VMs" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/SqlServerVirtualMachines", - "resource_name": "SqlServerVirtualMachines", - "pricing_tier": "Free", - "free_trial_remaining_time": 2592000.0, - "extensions": {} - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "Defender plan SQL Server VMs", - "type": "AzureDefenderPlan", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/SqlServerVirtualMachines" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "By default, Microsoft Defender for Cloud is disabled for the Microsoft SQL servers running on virtual machines. Defender for Cloud for SQL Server virtual machines continuously monitors your SQL database servers for threats such as SQL injection, brute-force attacks, and privilege abuse. The security service provides security alerts together with details of the suspicious activity and guidance on how to mitigate to the security threats.", - "references": [] - }, - "risk_details": "Turning on Microsoft Defender for SQL servers on machines enables threat detection for SQL servers on machines, providing threat intelligence, anomaly detection, and behavior analytics in the Microsoft Defender for Cloud.", - "time": 1760903743, - "time_dt": "2025-10-19T19:55:43.343029", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Defender plan Defender for Storage Accounts from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "metadata": { - "event_code": "defender_ensure_defender_for_storage_is_on", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Defender plan Defender for Storage Accounts from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.s.4.r1.az.nt.5" - ], - "MITRE-ATTACK": [ - "T1190", - "T1537", - "T1530", - "T1485", - "T1486", - "T1499" - ], - "CIS-2.0": [ - "2.1.7" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.19", - "A.5.21", - "A.5.22", - "A.5.25", - "A.5.28", - "A.5.29", - "A.8.7", - "A.8.9" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CIS-2.1": [ - "2.1.7" - ], - "CIS-3.0": [ - "3.1.5.1" - ], - "CIS-4.0": [ - "9.1.5.1" - ], - "NIS2": [ - "3.6.2", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903743, - "created_time_dt": "2025-10-19T19:55:43.343029", - "desc": "Ensure That Microsoft Defender for Storage Is Set To 'On' ", - "title": "Ensure That Microsoft Defender for Storage Is Set To 'On' ", - "types": [], - "uid": "prowler-azure-defender_ensure_defender_for_storage_is_on-3bb71587-4549-4396-8898-9e15f062e665-global-Defender plan Storage Accounts" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/StorageAccounts", - "resource_name": "StorageAccounts", - "pricing_tier": "Free", - "free_trial_remaining_time": 2592000.0, - "extensions": {} - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "Defender plan Storage Accounts", - "type": "AzureDefenderPlan", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/StorageAccounts" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "By default, Microsoft Defender for Cloud is disabled for your storage accounts. Enabling the Defender security service for Azure storage accounts allows for advanced security defense using threat detection capabilities provided by the Microsoft Security Response Center (MSRC). MSRC investigates all reports of security vulnerabilities affecting Microsoft products and services, including Azure cloud services.", - "references": [] - }, - "risk_details": "Ensure that Microsoft Defender for Cloud is enabled for your Microsoft Azure storage accounts. Defender for storage accounts is an Azure-native layer of security intelligence that detects unusual and potentially harmful attempts to access or exploit your Azure cloud storage accounts.", - "time": 1760903743, - "time_dt": "2025-10-19T19:55:43.343029", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No IoT Security Solutions found in the subscription Azure subscription 1.", - "metadata": { - "event_code": "defender_ensure_iot_hub_defender_is_on", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "No IoT Security Solutions found in the subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://azure.microsoft.com/en-us/services/iot-defender/#overview", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Enabling Microsoft Defender for IoT will incur additional charges dependent on the level of usage.", - "compliance": { - "ENS-RD2022": [ - "mp.s.4.r1.az.nt.3" - ], - "MITRE-ATTACK": [ - "T1190", - "T1486", - "T1499" - ], - "CIS-2.0": [ - "2.2.1" - ], - "ISO27001-2022": [ - "A.5.19", - "A.5.21", - "A.5.25", - "A.5.28", - "A.5.29", - "A.8.7", - "A.8.9" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CIS-2.1": [ - "2.2.1" - ], - "CIS-3.0": [ - "3.2.1" - ], - "CIS-4.0": [ - "9.2.1" - ], - "NIS2": [ - "3.6.2", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903743, - "created_time_dt": "2025-10-19T19:55:43.343029", - "desc": "Microsoft Defender for IoT acts as a central security hub for IoT devices within your organization.", - "title": "Ensure That Microsoft Defender for IoT Hub Is Set To 'On'", - "types": [], - "uid": "prowler-azure-defender_ensure_iot_hub_defender_is_on-3bb71587-4549-4396-8898-9e15f062e665-global-IoT Hub Defender" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "IoT Hub Defender", - "type": "DefenderIoT", - "uid": "IoT Hub Defender" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. Go to IoT Hub. 2. Select a IoT Hub to validate. 3. Select Overview in Defender for IoT. 4. Click on Secure your IoT solution, and complete the onboarding.", - "references": [ - "https://learn.microsoft.com/en-us/azure/defender-for-iot/device-builders/quickstart-onboard-iot-hub" - ] - }, - "risk_details": "IoT devices are very rarely patched and can be potential attack vectors for enterprise networks. Updating their network configuration to use a central security hub allows for detection of these breaches.", - "time": 1760903743, - "time_dt": "2025-10-19T19:55:43.343029", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Microsoft Defender for Cloud Apps is enabled for subscription Azure subscription 1.", - "metadata": { - "event_code": "defender_ensure_mcas_is_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Microsoft Defender for Cloud Apps is enabled for subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-in/azure/defender-for-cloud/defender-for-cloud-introduction#secure-cloud-applications", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Microsoft Defender for Cloud Apps works with Standard pricing tier Subscription. Choosing the Standard pricing tier of Microsoft Defender for Cloud incurs an additional cost per resource.", - "compliance": { - "ENS-RD2022": [ - "mp.s.4.r1.az.nt.3" - ], - "MITRE-ATTACK": [ - "T1190", - "T1486" - ], - "CIS-2.0": [ - "2.1.21" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.22" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CIS-2.1": [ - "2.1.20" - ], - "CIS-3.0": [ - "3.1.1.2" - ], - "PCI-4.0": [ - "11.5.1.1.2", - "11.5.1.2" - ], - "NIS2": [ - "3.6.2", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903743, - "created_time_dt": "2025-10-19T19:55:43.343029", - "desc": "This integration setting enables Microsoft Defender for Cloud Apps (formerly 'Microsoft Cloud App Security' or 'MCAS' - see additional info) to communicate with Microsoft Defender for Cloud.", - "title": "Ensure that Microsoft Defender for Cloud Apps integration with Microsoft Defender for Cloud is Selected", - "types": [], - "uid": "prowler-azure-defender_ensure_mcas_is_enabled-3bb71587-4549-4396-8898-9e15f062e665-global-MCAS" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/settings/MCAS", - "resource_type": "Microsoft.Security/settings", - "kind": "DataExportSettings", - "enabled": true - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "MCAS", - "type": "DefenderSettings", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/settings/MCAS" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. From Azure Home select the Portal Menu. 2. Select Microsoft Defender for Cloud. 3. Select Environment Settings blade. 4. Select the subscription. 5. Check App Service Defender Plan to On. 6. Select Save.", - "references": [ - "https://docs.microsoft.com/en-us/rest/api/securitycenter/settings/list" - ] - }, - "risk_details": "Microsoft Defender for Cloud offers an additional layer of protection by using Azure Resource Manager events, which is considered to be the control plane for Azure. By analyzing the Azure Resource Manager records, Microsoft Defender for Cloud detects unusual or potentially harmful operations in the Azure subscription environment. Several of the preceding analytics are powered by Microsoft Defender for Cloud Apps. To benefit from these analytics, subscription must have a Cloud App Security license. Microsoft Defender for Cloud Apps works only with Standard Tier subscriptions.", - "time": 1760903743, - "time_dt": "2025-10-19T19:55:43.343029", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Microsoft Defender for Endpoint integration is enabled for subscription Azure subscription 1.", - "metadata": { - "event_code": "defender_ensure_wdatp_is_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Microsoft Defender for Endpoint integration is enabled for subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-in/azure/defender-for-cloud/integration-defender-for-endpoint?tabs=windows", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Microsoft Defender for Endpoint works with Standard pricing tier Subscription. Choosing the Standard pricing tier of Microsoft Defender for Cloud incurs an additional cost per resource.", - "compliance": { - "ENS-RD2022": [ - "op.mon.3.r3.az.de.2" - ], - "MITRE-ATTACK": [ - "T1190" - ], - "CIS-2.0": [ - "2.1.22" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CIS-2.1": [ - "2.1.21" - ], - "NIS2": [ - "3.6.2", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903743, - "created_time_dt": "2025-10-19T19:55:43.343029", - "desc": "This integration setting enables Microsoft Defender for Endpoint (formerly 'Advanced Threat Protection' or 'ATP' or 'WDATP' - see additional info) to communicate with Microsoft Defender for Cloud.", - "title": "Ensure that Microsoft Defender for Endpoint integration with Microsoft Defender for Cloud is selected", - "types": [], - "uid": "prowler-azure-defender_ensure_wdatp_is_enabled-3bb71587-4549-4396-8898-9e15f062e665-global-WDATP" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/settings/WDATP", - "resource_type": "Microsoft.Security/settings", - "kind": "DataExportSettings", - "enabled": true - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "WDATP", - "type": "DefenderSettings", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/settings/WDATP" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "", - "references": [ - "https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/azure-server-integration?view=o365-worldwide" - ] - }, - "risk_details": "Microsoft Defender for Endpoint integration brings comprehensive Endpoint Detection and Response (EDR) capabilities within Microsoft Defender for Cloud. This integration helps to spot abnormalities, as well as detect and respond to advanced attacks on endpoints monitored by Microsoft Defender for Cloud. MDE works only with Standard Tier subscriptions.", - "time": 1760903743, - "time_dt": "2025-10-19T19:55:43.343029", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Role assignment 1b4a98ae-5221-4850-a761-4f9176407028 in subscription Azure subscription 1 does not grant User Access Administrator role.", - "metadata": { - "event_code": "iam_role_user_access_admin_restricted", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Role assignment 1b4a98ae-5221-4850-a761-4f9176407028 in subscription Azure subscription 1 does not grant User Access Administrator role.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/privileged#user-access-administrator", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.LB.CN04.AR01", - "CCC.LB.CN05.AR01", - "CCC.LB.CN09.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.MLDE.CN03.AR01", - "CCC.MLDE.CN03.AR02", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ], - "CIS-4.0": [ - "6.3.3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903743, - "created_time_dt": "2025-10-19T19:55:43.343029", - "desc": "Checks for active assignments of the highly privileged 'User Access Administrator' role in Azure subscriptions.", - "title": "Ensure 'User Access Administrator' role is restricted", - "types": [], - "uid": "prowler-azure-iam_role_user_access_admin_restricted-3bb71587-4549-4396-8898-9e15f062e665-global-1b4a98ae-5221-4850-a761-4f9176407028" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Authorization/roleAssignments/1b4a98ae-5221-4850-a761-4f9176407028", - "name": "1b4a98ae-5221-4850-a761-4f9176407028", - "scope": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665", - "agent_id": "88c2c157-980b-416e-b77e-ec04f7f1b984", - "agent_type": "User", - "role_id": "8e3af657-a8ff-443c-a75c-2fe8c4bcb635" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "1b4a98ae-5221-4850-a761-4f9176407028", - "type": "AzureIAMRoleassignment", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Authorization/roleAssignments/1b4a98ae-5221-4850-a761-4f9176407028" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "Remove 'User Access Administrator' role assignments immediately after use to minimize security risks.", - "references": [ - "https://learn.microsoft.com/en-us/azure/role-based-access-control/elevate-access-global-admin?tabs=azure-portal%2Centra-audit-logs" - ] - }, - "risk_details": "Persistent assignment of this role can lead to privilege escalation and unauthorized access, increasing the risk of security breaches.", - "time": 1760903743, - "time_dt": "2025-10-19T19:55:43.343029", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Role assignment 083c1758-89d9-4b12-8005-48e7e359dc4f in subscription Azure subscription 1 does not grant User Access Administrator role.", - "metadata": { - "event_code": "iam_role_user_access_admin_restricted", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Role assignment 083c1758-89d9-4b12-8005-48e7e359dc4f in subscription Azure subscription 1 does not grant User Access Administrator role.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/privileged#user-access-administrator", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.LB.CN04.AR01", - "CCC.LB.CN05.AR01", - "CCC.LB.CN09.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.MLDE.CN03.AR01", - "CCC.MLDE.CN03.AR02", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ], - "CIS-4.0": [ - "6.3.3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903743, - "created_time_dt": "2025-10-19T19:55:43.343029", - "desc": "Checks for active assignments of the highly privileged 'User Access Administrator' role in Azure subscriptions.", - "title": "Ensure 'User Access Administrator' role is restricted", - "types": [], - "uid": "prowler-azure-iam_role_user_access_admin_restricted-3bb71587-4549-4396-8898-9e15f062e665-global-083c1758-89d9-4b12-8005-48e7e359dc4f" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Authorization/roleAssignments/083c1758-89d9-4b12-8005-48e7e359dc4f", - "name": "083c1758-89d9-4b12-8005-48e7e359dc4f", - "scope": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665", - "agent_id": "88c2c157-980b-416e-b77e-ec04f7f1b984", - "agent_type": "User", - "role_id": "8e3af657-a8ff-443c-a75c-2fe8c4bcb635" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "083c1758-89d9-4b12-8005-48e7e359dc4f", - "type": "AzureIAMRoleassignment", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Authorization/roleAssignments/083c1758-89d9-4b12-8005-48e7e359dc4f" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "Remove 'User Access Administrator' role assignments immediately after use to minimize security risks.", - "references": [ - "https://learn.microsoft.com/en-us/azure/role-based-access-control/elevate-access-global-admin?tabs=azure-portal%2Centra-audit-logs" - ] - }, - "risk_details": "Persistent assignment of this role can lead to privilege escalation and unauthorized access, increasing the risk of security breaches.", - "time": 1760903743, - "time_dt": "2025-10-19T19:55:43.343029", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Role assignment 2c61de5e-5cbb-42b9-9f2a-9dd930efe3fb in subscription Azure subscription 1 does not grant User Access Administrator role.", - "metadata": { - "event_code": "iam_role_user_access_admin_restricted", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Role assignment 2c61de5e-5cbb-42b9-9f2a-9dd930efe3fb in subscription Azure subscription 1 does not grant User Access Administrator role.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/privileged#user-access-administrator", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.LB.CN04.AR01", - "CCC.LB.CN05.AR01", - "CCC.LB.CN09.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.MLDE.CN03.AR01", - "CCC.MLDE.CN03.AR02", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ], - "CIS-4.0": [ - "6.3.3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903743, - "created_time_dt": "2025-10-19T19:55:43.343029", - "desc": "Checks for active assignments of the highly privileged 'User Access Administrator' role in Azure subscriptions.", - "title": "Ensure 'User Access Administrator' role is restricted", - "types": [], - "uid": "prowler-azure-iam_role_user_access_admin_restricted-3bb71587-4549-4396-8898-9e15f062e665-global-2c61de5e-5cbb-42b9-9f2a-9dd930efe3fb" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Authorization/roleAssignments/2c61de5e-5cbb-42b9-9f2a-9dd930efe3fb", - "name": "2c61de5e-5cbb-42b9-9f2a-9dd930efe3fb", - "scope": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665", - "agent_id": "88c2c157-980b-416e-b77e-ec04f7f1b984", - "agent_type": "User", - "role_id": "b24988ac-6180-42a0-ab88-20f7382dd24c" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "2c61de5e-5cbb-42b9-9f2a-9dd930efe3fb", - "type": "AzureIAMRoleassignment", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Authorization/roleAssignments/2c61de5e-5cbb-42b9-9f2a-9dd930efe3fb" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "Remove 'User Access Administrator' role assignments immediately after use to minimize security risks.", - "references": [ - "https://learn.microsoft.com/en-us/azure/role-based-access-control/elevate-access-global-admin?tabs=azure-portal%2Centra-audit-logs" - ] - }, - "risk_details": "Persistent assignment of this role can lead to privilege escalation and unauthorized access, increasing the risk of security breaches.", - "time": 1760903743, - "time_dt": "2025-10-19T19:55:43.343029", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Role assignment 154eadeb-e375-4263-b4bd-4a2a2237ecd2 in subscription Azure subscription 1 does not grant User Access Administrator role.", - "metadata": { - "event_code": "iam_role_user_access_admin_restricted", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Role assignment 154eadeb-e375-4263-b4bd-4a2a2237ecd2 in subscription Azure subscription 1 does not grant User Access Administrator role.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/privileged#user-access-administrator", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.LB.CN04.AR01", - "CCC.LB.CN05.AR01", - "CCC.LB.CN09.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.MLDE.CN03.AR01", - "CCC.MLDE.CN03.AR02", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ], - "CIS-4.0": [ - "6.3.3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903743, - "created_time_dt": "2025-10-19T19:55:43.343029", - "desc": "Checks for active assignments of the highly privileged 'User Access Administrator' role in Azure subscriptions.", - "title": "Ensure 'User Access Administrator' role is restricted", - "types": [], - "uid": "prowler-azure-iam_role_user_access_admin_restricted-3bb71587-4549-4396-8898-9e15f062e665-global-154eadeb-e375-4263-b4bd-4a2a2237ecd2" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Authorization/roleAssignments/154eadeb-e375-4263-b4bd-4a2a2237ecd2", - "name": "154eadeb-e375-4263-b4bd-4a2a2237ecd2", - "scope": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665", - "agent_id": "80dfb9bd-1c99-4012-9de7-580a68334b45", - "agent_type": "ServicePrincipal", - "role_id": "8e3af657-a8ff-443c-a75c-2fe8c4bcb635" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "154eadeb-e375-4263-b4bd-4a2a2237ecd2", - "type": "AzureIAMRoleassignment", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Authorization/roleAssignments/154eadeb-e375-4263-b4bd-4a2a2237ecd2" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "Remove 'User Access Administrator' role assignments immediately after use to minimize security risks.", - "references": [ - "https://learn.microsoft.com/en-us/azure/role-based-access-control/elevate-access-global-admin?tabs=azure-portal%2Centra-audit-logs" - ] - }, - "risk_details": "Persistent assignment of this role can lead to privilege escalation and unauthorized access, increasing the risk of security breaches.", - "time": 1760903743, - "time_dt": "2025-10-19T19:55:43.343029", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There is not an alert for creating Policy Assignments in subscription Azure subscription 1.", - "metadata": { - "event_code": "monitor_alert_create_policy_assignment", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "There is not an alert for creating Policy Assignments in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://azure.microsoft.com/en-us/updates/classic-alerting-monitoring-retirement", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "By default, no monitoring alerts are created.", - "compliance": { - "ENS-RD2022": [ - "op.mon.2.r1.az.ma.1" - ], - "MITRE-ATTACK": [ - "T1496" - ], - "CIS-2.0": [ - "5.2.1" - ], - "ProwlerThreatScore-1.0": [ - "3.3.3" - ], - "ISO27001-2022": [ - "A.5.7", - "A.8.16" - ], - "SOC2": [ - "cc_2_1", - "cc_5_2", - "cc_7_3", - "cc_7_4", - "cc_8_1" - ], - "CIS-2.1": [ - "5.2.1" - ], - "CIS-3.0": [ - "6.2.1" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR02", - "CCC.KeyMgmt.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.LB.CN04.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN07.AR02" - ], - "CIS-4.0": [ - "7.1.2.1" - ], - "NIS2": [ - "2.2.3", - "3.2.1", - "3.2.2", - "3.2.3.b", - "3.2.3.f", - "3.2.4", - "3.4.1", - "3.5.4", - "4.3.2.c", - "6.4.1", - "7.2.b", - "11.3.1", - "11.5.2.d" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903743, - "created_time_dt": "2025-10-19T19:55:43.343029", - "desc": "Create an activity log alert for the Create Policy Assignment event.", - "title": "Ensure that Activity Log Alert exists for Create Policy Assignment", - "types": [], - "uid": "prowler-azure-monitor_alert_create_policy_assignment-3bb71587-4549-4396-8898-9e15f062e665-global-Monitor" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "monitor" - }, - "labels": [], - "name": "Monitor", - "type": "Monitor", - "uid": "Monitor" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. Navigate to the Monitor blade. 2. Select Alerts. 3. Select Create. 4. Select Alert rule. 5. Under Filter by subscription, choose a subscription. 6. Under Filter by resource type, select Policy assignment (policyAssignments). 7. Under Filter by location, select All. 8. From the results, select the subscription. 9. Select Done. 10. Select the Condition tab. 11. Under Signal name, click Create policy assignment (Microsoft.Authorization/policyAssignments). 12. Select the Actions tab. 13. To use an existing action group, click elect action groups. To create a new action group, click Create action group. Fill out the appropriate details for the selection. 14. Select the Details tab. 15. Select a Resource group, provide an Alert rule name and an optional Alert rule description. 16. Click Review + create. 17. Click Create.", - "references": [ - "https://docs.microsoft.com/en-in/azure/azure-monitor/platform/alerts-activity-log" - ] - }, - "risk_details": "Monitoring for create policy assignment events gives insight into changes done in 'Azure policy - assignments' and can reduce the time it takes to detect unsolicited changes.", - "time": 1760903743, - "time_dt": "2025-10-19T19:55:43.343029", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There is not an alert for creating/updating Network Security Groups in subscription Azure subscription 1.", - "metadata": { - "event_code": "monitor_alert_create_update_nsg", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "There is not an alert for creating/updating Network Security Groups in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-in/azure/azure-monitor/platform/alerts-activity-log", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "By default, no monitoring alerts are created.", - "compliance": { - "ENS-RD2022": [ - "op.mon.2.r1.az.ma.1" - ], - "CIS-2.0": [ - "5.2.3" - ], - "ProwlerThreatScore-1.0": [ - "3.3.5" - ], - "ISO27001-2022": [ - "A.5.7", - "A.8.16" - ], - "SOC2": [ - "cc_2_1", - "cc_5_2", - "cc_7_3", - "cc_7_4", - "cc_8_1" - ], - "CIS-2.1": [ - "5.2.3" - ], - "CIS-3.0": [ - "6.2.3" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR02", - "CCC.KeyMgmt.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.LB.CN04.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN07.AR02" - ], - "PCI-4.0": [ - "10.2.1.1.8", - "10.4.2.2", - "10.4.3.1", - "10.6.3.8", - "10.7.1.3", - "10.7.2.3", - "11.5.2.2", - "11.6.1.2", - "12.10.5.2", - "A3.3.1.3", - "A3.5.1.3" - ], - "CIS-4.0": [ - "7.1.2.3" - ], - "NIS2": [ - "2.2.3", - "3.2.1", - "3.2.2", - "3.2.3.a", - "3.2.3.f", - "3.2.4", - "3.4.1", - "3.5.4", - "4.3.2.c", - "6.4.1", - "7.2.b", - "11.3.1", - "11.5.2.d" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903743, - "created_time_dt": "2025-10-19T19:55:43.343029", - "desc": "Create an Activity Log Alert for the Create or Update Network Security Group event.", - "title": "Ensure that Activity Log Alert exists for Create or Update Network Security Group", - "types": [], - "uid": "prowler-azure-monitor_alert_create_update_nsg-3bb71587-4549-4396-8898-9e15f062e665-global-Monitor" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "monitor" - }, - "labels": [], - "name": "Monitor", - "type": "Monitor", - "uid": "Monitor" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. Navigate to the Monitor blade. 2. Select Alerts. 3. Select Create. 4. Select Alert rule. 5. Under Filter by subscription, choose a subscription. 6. Under Filter by resource type, select Network security groups. 7. Under Filter by location, select All. 8. From the results, select the subscription. 9. Select Done. 10. Select the Condition tab. 11. Under Signal name, click Create or Update Network Security Group (Microsoft.Network/networkSecurityGroups). 12. Select the Actions tab. 13. To use an existing action group, click Select action groups. To create a new action group, click Create action group. Fill out the appropriate details for the selection. 14. Select the Details tab. 15. Select a Resource group, provide an Alert rule name and an optional Alert rule description. 16. Click Review + create. 17. Click Create.", - "references": [ - "https://azure.microsoft.com/en-us/updates/classic-alerting-monitoring-retirement" - ] - }, - "risk_details": "Monitoring for Create or Update Network Security Group events gives insight into network access changes and may reduce the time it takes to detect suspicious activity.", - "time": 1760903743, - "time_dt": "2025-10-19T19:55:43.343029", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There is not an alert for creating/updating Public IP address rule in subscription Azure subscription 1.", - "metadata": { - "event_code": "monitor_alert_create_update_public_ip_address_rule", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "There is not an alert for creating/updating Public IP address rule in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-in/azure/azure-monitor/platform/alerts-activity-log", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "By default, no monitoring alerts are created.", - "compliance": { - "ENS-RD2022": [ - "op.mon.2.r1.az.ma.1" - ], - "MITRE-ATTACK": [ - "T1496" - ], - "CIS-2.0": [ - "5.2.9" - ], - "ProwlerThreatScore-1.0": [ - "3.3.11" - ], - "ISO27001-2022": [ - "A.5.7", - "A.8.1", - "A.8.16" - ], - "SOC2": [ - "cc_2_1", - "cc_5_2", - "cc_7_3", - "cc_7_4", - "cc_8_1" - ], - "CIS-2.1": [ - "5.2.9" - ], - "CIS-3.0": [ - "6.2.9" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR02", - "CCC.KeyMgmt.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.LB.CN04.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN07.AR02" - ], - "CIS-4.0": [ - "7.1.2.9" - ], - "NIS2": [ - "2.2.3", - "3.2.1", - "3.2.2", - "3.2.3.a", - "3.2.3.f", - "3.2.4", - "3.4.1", - "3.5.4", - "4.3.2.c", - "6.4.1", - "7.2.b", - "11.5.2.d" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903743, - "created_time_dt": "2025-10-19T19:55:43.343029", - "desc": "Create an activity log alert for the Create or Update Public IP Addresses rule.", - "title": "Ensure that Activity Log Alert exists for Create or Update Public IP Address rule", - "types": [], - "uid": "prowler-azure-monitor_alert_create_update_public_ip_address_rule-3bb71587-4549-4396-8898-9e15f062e665-global-Monitor" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "monitor" - }, - "labels": [], - "name": "Monitor", - "type": "Monitor", - "uid": "Monitor" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. Navigate to the Monitor blade. 2. Select Alerts. 3. Select Create. 4. Select Alert rule. 5. Under Filter by subscription, choose a subscription. 6. Under Filter by resource type, select Public IP addresses. 7. Under Filter by location, select All. 8. From the results, select the subscription. 9. Select Done. 10. Select the Condition tab. 11. Under Signal name, click Create or Update Public Ip Address (Microsoft.Network/publicIPAddresses). 12. Select the Actions tab. 13. To use an existing action group, click Select action groups. To create a new action group, click Create action group. Fill out the appropriate details for the selection. 14. Select the Details tab. 15. Select a Resource group, provide an Alert rule name and an optional Alert rule description. 16. Click Review + create. 17. Click Create.", - "references": [ - "https://azure.microsoft.com/en-us/updates/classic-alerting-monitoring-retirement" - ] - }, - "risk_details": "Monitoring for Create or Update Public IP Address events gives insight into network access changes and may reduce the time it takes to detect suspicious activity.", - "time": 1760903743, - "time_dt": "2025-10-19T19:55:43.343029", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There is not an alert for creating/updating Security Solution in subscription Azure subscription 1.", - "metadata": { - "event_code": "monitor_alert_create_update_security_solution", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "There is not an alert for creating/updating Security Solution in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-in/azure/azure-monitor/platform/alerts-activity-log", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "By default, no monitoring alerts are created.", - "compliance": { - "ENS-RD2022": [ - "op.mon.2.r1.az.ma.1", - "op.mon.3.r6.az.ma.1" - ], - "MITRE-ATTACK": [ - "T1496" - ], - "CIS-2.0": [ - "5.2.5" - ], - "ProwlerThreatScore-1.0": [ - "3.3.7" - ], - "ISO27001-2022": [ - "A.5.7", - "A.5.16", - "A.5.22", - "A.8.16" - ], - "SOC2": [ - "cc_2_1", - "cc_5_2", - "cc_7_3", - "cc_7_4", - "cc_8_1" - ], - "CIS-2.1": [ - "5.2.5" - ], - "CIS-3.0": [ - "6.2.5" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR02", - "CCC.KeyMgmt.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.LB.CN04.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN07.AR02" - ], - "CIS-4.0": [ - "7.1.2.5" - ], - "NIS2": [ - "2.2.3", - "3.2.1", - "3.2.2", - "3.2.3.f", - "3.2.4", - "3.4.1", - "3.5.4", - "4.3.2.c", - "6.4.1", - "7.2.b", - "11.5.2.d" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903743, - "created_time_dt": "2025-10-19T19:55:43.343029", - "desc": "Create an activity log alert for the Create or Update Security Solution event.", - "title": "Ensure that Activity Log Alert exists for Create or Update Security Solution", - "types": [], - "uid": "prowler-azure-monitor_alert_create_update_security_solution-3bb71587-4549-4396-8898-9e15f062e665-global-Monitor" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "monitor" - }, - "labels": [], - "name": "Monitor", - "type": "Monitor", - "uid": "Monitor" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. Navigate to the Monitor blade. 2. Select Alerts. 3. Select Create. 4. Select Alert rule. 5. Under Filter by subscription, choose a subscription. 6. Under Filter by resource type, select Security Solutions (securitySolutions). 7. Under Filter by location, select All. 8. From the results, select the subscription. 9. Select Done. 10. Select the Condition tab. 11. Under Signal name, click Create or Update Security Solutions (Microsoft.Security/securitySolutions). 12. Select the Actions tab. 13. To use an existing action group, click Select action groups. To create a new action group, click Create action group. Fill out the appropriate details for the selection. 14. Select the Details tab. 15. Select a Resource group, provide an Alert rule name and an optional Alert rule description. 16. Click Review + create. 17. Click Create.", - "references": [ - "https://azure.microsoft.com/en-us/updates/classic-alerting-monitoring-retirement" - ] - }, - "risk_details": "Monitoring for Create or Update Security Solution events gives insight into changes to the active security solutions and may reduce the time it takes to detect suspicious activity.", - "time": 1760903743, - "time_dt": "2025-10-19T19:55:43.343029", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There is not an alert for creating/updating SQL Server firewall rule in subscription Azure subscription 1.", - "metadata": { - "event_code": "monitor_alert_create_update_sqlserver_fr", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "There is not an alert for creating/updating SQL Server firewall rule in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-in/azure/azure-monitor/platform/alerts-activity-log", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "By default, no monitoring alerts are created.", - "compliance": { - "ENS-RD2022": [ - "op.mon.2.r1.az.ma.1" - ], - "MITRE-ATTACK": [ - "T1496" - ], - "CIS-2.0": [ - "5.2.7" - ], - "ProwlerThreatScore-1.0": [ - "3.3.9" - ], - "ISO27001-2022": [ - "A.5.7", - "A.8.16" - ], - "SOC2": [ - "cc_2_1", - "cc_5_2", - "cc_7_3", - "cc_7_4", - "cc_8_1" - ], - "CIS-2.1": [ - "5.2.7" - ], - "CIS-3.0": [ - "6.2.7" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR02", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN07.AR02" - ], - "PCI-4.0": [ - "10.2.1.1.9", - "10.2.1.1.10", - "10.2.1.1.22", - "10.2.1.2.8", - "10.2.1.2.19", - "10.2.1.3.8", - "10.2.1.3.19", - "10.2.1.4.8", - "10.2.1.4.19", - "10.2.1.5.8", - "10.2.1.5.19", - "10.2.1.6.8", - "10.2.1.6.19", - "10.2.1.7.8", - "10.2.1.7.19", - "10.2.1.8", - "10.2.1.19", - "10.2.2.8", - "10.2.2.19", - "10.3.1.8", - "10.3.1.19", - "10.4.1.1.2", - "10.4.1.2", - "10.4.2.3", - "10.6.3.9", - "10.6.3.10", - "10.6.3.24", - "10.7.1.4", - "10.7.2.4", - "5.3.4.9", - "5.3.4.22", - "A1.2.1.10", - "A1.2.1.23", - "A3.3.1.4", - "A3.5.1.4" - ], - "CIS-4.0": [ - "7.1.2.7" - ], - "NIS2": [ - "2.2.3", - "3.2.1", - "3.2.2", - "3.2.3.a", - "3.2.3.f", - "3.2.4", - "3.4.1", - "3.5.4", - "4.3.2.c", - "6.4.1", - "7.2.b", - "11.3.1", - "11.5.2.d" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903743, - "created_time_dt": "2025-10-19T19:55:43.343029", - "desc": "Create an activity log alert for the Create or Update SQL Server Firewall Rule event.", - "title": "Ensure that Activity Log Alert exists for Create or Update SQL Server Firewall Rule", - "types": [], - "uid": "prowler-azure-monitor_alert_create_update_sqlserver_fr-3bb71587-4549-4396-8898-9e15f062e665-global-Monitor" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "monitor" - }, - "labels": [], - "name": "Monitor", - "type": "Monitor", - "uid": "Monitor" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. Navigate to the Monitor blade. 2. Select Alerts. 3. Select Create. 4. Select Alert rule. 5. Under Filter by subscription, choose a subscription. 6. Under Filter by resource type, select Server Firewall Rule (servers/firewallRules). 7. Under Filter by location, select All. 8. From the results, select the subscription. 9. Select Done. 10. Select the Condition tab. 11. Under Signal name, click Create/Update server firewall rule (Microsoft.Sql/servers/firewallRules). 12. Select the Actions tab. 13. To use an existing action group, click Select action groups. To create a new action group, click Create action group. Fill out the appropriate details for the selection. 14. Select the Details tab. 15. Select a Resource group, provide an Alert rule name and an optional Alert rule description. 16. Click Review + create. 17. Click Create.", - "references": [ - "https://azure.microsoft.com/en-us/updates/classic-alerting-monitoring-retirement" - ] - }, - "risk_details": "Monitoring for Create or Update SQL Server Firewall Rule events gives insight into network access changes and may reduce the time it takes to detect suspicious activity.", - "time": 1760903743, - "time_dt": "2025-10-19T19:55:43.343029", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There is not an alert for deleting Network Security Groups in subscription Azure subscription 1.", - "metadata": { - "event_code": "monitor_alert_delete_nsg", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "There is not an alert for deleting Network Security Groups in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-in/azure/azure-monitor/platform/alerts-activity-log", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "By default, no monitoring alerts are created.", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.2" - ], - "MITRE-ATTACK": [ - "T1485", - "T1496" - ], - "CIS-2.0": [ - "5.2.4" - ], - "ProwlerThreatScore-1.0": [ - "3.3.6" - ], - "ISO27001-2022": [ - "A.5.7", - "A.8.16" - ], - "SOC2": [ - "cc_2_1", - "cc_5_2", - "cc_7_3", - "cc_7_4", - "cc_8_1" - ], - "CIS-2.1": [ - "5.2.4" - ], - "CIS-3.0": [ - "6.2.4" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR02", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN07.AR02" - ], - "CIS-4.0": [ - "7.1.2.4" - ], - "NIS2": [ - "2.2.3", - "3.2.1", - "3.2.2", - "3.2.3.a", - "3.2.3.f", - "3.2.4", - "3.4.1", - "3.5.4", - "4.3.2.c", - "6.4.1", - "7.2.b", - "11.3.1", - "11.5.2.d" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903743, - "created_time_dt": "2025-10-19T19:55:43.343029", - "desc": "Create an activity log alert for the Delete Network Security Group event.", - "title": "Ensure that Activity Log Alert exists for Delete Network Security Group", - "types": [], - "uid": "prowler-azure-monitor_alert_delete_nsg-3bb71587-4549-4396-8898-9e15f062e665-global-Monitor" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "monitor" - }, - "labels": [], - "name": "Monitor", - "type": "Monitor", - "uid": "Monitor" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. Navigate to the Monitor blade. 2. Select Alerts. 3. Select Create. 4. Select Alert rule. 5. Under Filter by subscription, choose a subscription. 6. Under Filter by resource type, select Network security groups. 7. Under Filter by location, select All. 8. From the results, select the subscription. 9. Select Done. 10. Select the Condition tab. 11. Under Signal name, click Delete Network Security Group (Microsoft.Network/networkSecurityGroups). 12. Select the Actions tab. 13. To use an existing action group, click Select action groups. To create a new action group, click Create action group. Fill out the appropriate details for the selection. 14. Select the Details tab. 15. Select a Resource group, provide an Alert rule name and an optional Alert rule description. 16. Click Review + create. 17. Click Create.", - "references": [ - "https://azure.microsoft.com/en-us/updates/classic-alerting-monitoring-retirement" - ] - }, - "risk_details": "Monitoring for 'Delete Network Security Group' events gives insight into network access changes and may reduce the time it takes to detect suspicious activity.", - "time": 1760903743, - "time_dt": "2025-10-19T19:55:43.343029", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There is not an alert for deleting policy assignment in subscription Azure subscription 1.", - "metadata": { - "event_code": "monitor_alert_delete_policy_assignment", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "There is not an alert for deleting policy assignment in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-in/rest/api/monitor/activitylogalerts/createorupdate", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "By default, no monitoring alerts are created.", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.2" - ], - "MITRE-ATTACK": [ - "T1485", - "T1496" - ], - "CIS-2.0": [ - "5.2.2" - ], - "ProwlerThreatScore-1.0": [ - "3.3.4" - ], - "ISO27001-2022": [ - "A.5.7", - "A.8.16" - ], - "SOC2": [ - "cc_2_1", - "cc_5_2", - "cc_7_3", - "cc_7_4", - "cc_8_1" - ], - "CIS-2.1": [ - "5.2.2" - ], - "CIS-3.0": [ - "6.2.2" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR02", - "CCC.Logging.CN07.AR01" - ], - "CIS-4.0": [ - "7.1.2.2" - ], - "NIS2": [ - "2.2.3", - "3.2.1", - "3.2.2", - "3.2.3.b", - "3.2.3.f", - "3.2.4", - "3.4.1", - "3.5.4", - "4.3.2.c", - "6.4.1", - "7.2.b", - "11.3.1", - "11.5.2.d" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903743, - "created_time_dt": "2025-10-19T19:55:43.343029", - "desc": "Create an activity log alert for the Delete Policy Assignment event.", - "title": "Ensure that Activity Log Alert exists for Delete Policy Assignment", - "types": [], - "uid": "prowler-azure-monitor_alert_delete_policy_assignment-3bb71587-4549-4396-8898-9e15f062e665-global-Monitor" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "monitor" - }, - "labels": [], - "name": "Monitor", - "type": "Monitor", - "uid": "Monitor" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. Navigate to the Monitor blade. 2. Select Alerts. 3. Select Create. 4. Select Alert rule. 5. Under Filter by subscription, choose a subscription. 6. Under Filter by resource type, select Policy assignment (policyAssignments). 7. Under Filter by location, select All. 8. From the results, select the subscription. 9. Select Done. 10. Select the Condition tab. 11. Under Signal name, click Delete policy assignment (Microsoft.Authorization/policyAssignments). 12. Select the Actions tab. 13. To use an existing action group, click Select action groups. To create a new action group, click Create action group. Fill out the appropriate details for the selection. 14. Select the Details tab. 15. Select a Resource group, provide an Alert rule name and an optional Alert rule description. 16. Click Review + create. 17. Click Create.", - "references": [ - "https://docs.microsoft.com/en-in/azure/azure-monitor/platform/alerts-activity-log" - ] - }, - "risk_details": "Monitoring for delete policy assignment events gives insight into changes done in 'azure policy - assignments' and can reduce the time it takes to detect unsolicited changes.", - "time": 1760903743, - "time_dt": "2025-10-19T19:55:43.343029", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There is not an alert for deleting public IP address rule in subscription Azure subscription 1.", - "metadata": { - "event_code": "monitor_alert_delete_public_ip_address_rule", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "There is not an alert for deleting public IP address rule in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-in/azure/azure-monitor/platform/alerts-activity-log", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "By default, no monitoring alerts are created.", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.2" - ], - "MITRE-ATTACK": [ - "T1485", - "T1496" - ], - "CIS-2.0": [ - "5.2.10" - ], - "ProwlerThreatScore-1.0": [ - "3.3.12" - ], - "ISO27001-2022": [ - "A.5.7", - "A.8.1", - "A.8.16" - ], - "SOC2": [ - "cc_2_1", - "cc_5_2", - "cc_7_3", - "cc_7_4", - "cc_8_1" - ], - "CIS-2.1": [ - "5.2.10" - ], - "CIS-3.0": [ - "6.2.10" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR02", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN07.AR02" - ], - "CIS-4.0": [ - "7.1.2.10" - ], - "NIS2": [ - "2.2.3", - "3.2.1", - "3.2.2", - "3.2.3.a", - "3.2.3.f", - "3.2.4", - "3.4.1", - "3.5.4", - "4.3.2.c", - "6.4.1", - "7.2.b", - "11.5.2.d" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903743, - "created_time_dt": "2025-10-19T19:55:43.343029", - "desc": "Create an activity log alert for the Delete Public IP Address rule.", - "title": "Ensure that Activity Log Alert exists for Delete Public IP Address rule", - "types": [], - "uid": "prowler-azure-monitor_alert_delete_public_ip_address_rule-3bb71587-4549-4396-8898-9e15f062e665-global-Monitor" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "monitor" - }, - "labels": [], - "name": "Monitor", - "type": "Monitor", - "uid": "Monitor" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. Navigate to the Monitor blade. 2. Select Alerts. 3. Select Create. 4. Select Alert rule. 5. Under Filter by subscription, choose a subscription. 6. Under Filter by resource type, select Public IP addresses. 7. Under Filter by location, select All. 8. From the results, select the subscription. 9. Select Done. 10. Select the Condition tab. 11. Under Signal name, click Delete Public Ip Address (Microsoft.Network/publicIPAddresses). 12. Select the Actions tab. 13. To use an existing action group, click Select action groups. To create a new action group, click Create action group. Fill out the appropriate details for the selection. 14. Select the Details tab. 15. Select a Resource group, provide an Alert rule name and an optional Alert rule description. 16. Click Review + create. 17. Click Create.", - "references": [ - "https://azure.microsoft.com/en-us/updates/classic-alerting-monitoring-retirement" - ] - }, - "risk_details": "Monitoring for Delete Public IP Address events gives insight into network access changes and may reduce the time it takes to detect suspicious activity.", - "time": 1760903743, - "time_dt": "2025-10-19T19:55:43.343029", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There is not an alert for deleting Security Solution in subscription Azure subscription 1.", - "metadata": { - "event_code": "monitor_alert_delete_security_solution", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "There is not an alert for deleting Security Solution in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-in/azure/azure-monitor/platform/alerts-activity-log", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "By default, no monitoring alerts are created.", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.2" - ], - "MITRE-ATTACK": [ - "T1485", - "T1496" - ], - "CIS-2.0": [ - "5.2.6" - ], - "ProwlerThreatScore-1.0": [ - "3.3.8" - ], - "ISO27001-2022": [ - "A.5.7", - "A.5.16", - "A.5.22", - "A.8.16" - ], - "SOC2": [ - "cc_2_1", - "cc_5_2", - "cc_7_3", - "cc_7_4", - "cc_8_1" - ], - "CIS-2.1": [ - "5.2.6" - ], - "CIS-3.0": [ - "6.2.6" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR02", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN07.AR02" - ], - "CIS-4.0": [ - "7.1.2.6" - ], - "NIS2": [ - "2.2.3", - "3.2.1", - "3.2.2", - "3.2.3.f", - "3.2.4", - "3.4.1", - "3.5.4", - "4.3.2.c", - "6.4.1", - "7.2.b", - "11.5.2.d" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903743, - "created_time_dt": "2025-10-19T19:55:43.343029", - "desc": "Create an activity log alert for the Delete Security Solution event.", - "title": "Ensure that Activity Log Alert exists for Delete Security Solution", - "types": [], - "uid": "prowler-azure-monitor_alert_delete_security_solution-3bb71587-4549-4396-8898-9e15f062e665-global-Monitor" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "monitor" - }, - "labels": [], - "name": "Monitor", - "type": "Monitor", - "uid": "Monitor" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. Navigate to the Monitor blade. 2. Select Alerts. 3. Select Create. 4. Select Alert rule. 5. Under Filter by subscription, choose a subscription. 6. Under Filter by resource type, select Security Solutions (securitySolutions). 7. Under Filter by location, select All. 8. From the results, select the subscription. 9. Select Done. 10. Select the Condition tab. 11. Under Signal name, click Delete Security Solutions (Microsoft.Security/securitySolutions). 12. Select the Actions tab. 13. To use an existing action group, click Select action groups. To create a new action group, click Create action group. Fill out the appropriate details for the selection. 14. Select the Details tab. 15. Select a Resource group, provide an Alert rule name and an optional Alert rule description. 16. Click Review + create. 17. Click Create.curitySolutions). 7. Under Filter by location, select All. 8. From the results, select the subscription. 9. Select Done. 10. Select the Condition tab. 11. Under Signal name, click Create or Update Security Solutions (Microsoft.Security/securitySolutions). 12. Select the Actions tab. 13. To use an existing action group, click Select action groups. To create a new action group, click Create action group. Fill out the appropriate details for the selection. 14. Select the Details tab. 15. Select a Resource group, provide an Alert rule name and an optional Alert rule description. 16. Click Review + create. 17. Click Create.", - "references": [ - "https://azure.microsoft.com/en-us/updates/classic-alerting-monitoring-retirement" - ] - }, - "risk_details": "Monitoring for Delete Security Solution events gives insight into changes to the active security solutions and may reduce the time it takes to detect suspicious activity.", - "time": 1760903743, - "time_dt": "2025-10-19T19:55:43.343029", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There is not an alert for deleting SQL Server firewall rule in subscription Azure subscription 1.", - "metadata": { - "event_code": "monitor_alert_delete_sqlserver_fr", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "There is not an alert for deleting SQL Server firewall rule in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-in/azure/azure-monitor/platform/alerts-activity-log", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "By default, no monitoring alerts are created.", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.2" - ], - "MITRE-ATTACK": [ - "T1485", - "T1496" - ], - "CIS-2.0": [ - "5.2.8" - ], - "ProwlerThreatScore-1.0": [ - "3.3.10" - ], - "ISO27001-2022": [ - "A.5.7", - "A.8.16" - ], - "SOC2": [ - "cc_2_1", - "cc_5_2", - "cc_7_3", - "cc_7_4", - "cc_8_1" - ], - "CIS-2.1": [ - "5.2.8" - ], - "CIS-3.0": [ - "6.2.8" - ], - "CCC": [ - "CCC.Logging.CN07.AR01" - ], - "CIS-4.0": [ - "7.1.2.8" - ], - "NIS2": [ - "2.2.3", - "3.2.1", - "3.2.2", - "3.2.3.f", - "3.2.4", - "3.4.1", - "3.5.4", - "4.3.2.c", - "6.4.1", - "7.2.b", - "11.3.1", - "11.5.2.d" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903743, - "created_time_dt": "2025-10-19T19:55:43.343029", - "desc": "Create an activity log alert for the 'Delete SQL Server Firewall Rule.'", - "title": "Ensure that Activity Log Alert exists for Delete SQL Server Firewall Rule", - "types": [], - "uid": "prowler-azure-monitor_alert_delete_sqlserver_fr-3bb71587-4549-4396-8898-9e15f062e665-global-Monitor" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "monitor" - }, - "labels": [], - "name": "Monitor", - "type": "Monitor", - "uid": "Monitor" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. Navigate to the Monitor blade. 2. Select Alerts. 3. Select Create. 4. Select Alert rule. 5. Under Filter by subscription, choose a subscription. 6. Under Filter by resource type, select Server Firewall Rule (servers/firewallRules). 7. Under Filter by location, select All. 8. From the results, select the subscription. 9. Select Done. 10. Select the Condition tab. 11. Under Signal name, click Delete server firewall rule (Microsoft.Sql/servers/firewallRules). 12. Select the Actions tab. 13. To use an existing action group, click Select action groups. To create a new action group, click Create action group. Fill out the appropriate details for the selection. 14. Select the Details tab. 15. Select a Resource group, provide an Alert rule name and an optional Alert rule description. 16. Click Review + create. 17. Click Create.", - "references": [ - "https://azure.microsoft.com/en-us/updates/classic-alerting-monitoring-retirement" - ] - }, - "risk_details": "Monitoring for Delete SQL Server Firewall Rule events gives insight into SQL network access changes and may reduce the time it takes to detect suspicious activity.", - "time": 1760903743, - "time_dt": "2025-10-19T19:55:43.343029", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There is no activity log alert for Service Health in subscription Azure subscription 1.", - "metadata": { - "event_code": "monitor_alert_service_health_exists", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "There is no activity log alert for Service Health in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/service-health/overview", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "By default, in your Azure subscription there will not be any activity log alerts configured for Service Health events.", - "compliance": { - "CCC": [ - "CCC.AuditLog.CN03.AR02", - "CCC.KeyMgmt.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN07.AR02" - ], - "CIS-4.0": [ - "7.1.2.11" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903743, - "created_time_dt": "2025-10-19T19:55:43.343029", - "desc": "Ensure that an Azure activity log alert is configured to trigger when Service Health events occur within your Microsoft Azure cloud account. The alert should activate when new events match the specified conditions in the alert rule configuration.", - "title": "Ensure that an Activity Log Alert exists for Service Health", - "types": [], - "uid": "prowler-azure-monitor_alert_service_health_exists-3bb71587-4549-4396-8898-9e15f062e665-global-Monitor" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "monitor" - }, - "labels": [], - "name": "Monitor", - "type": "Monitor", - "uid": "Monitor" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "Create an activity log alert for Service Health events and configure an action group to notify appropriate personnel.", - "references": [ - "https://learn.microsoft.com/en-us/azure/service-health/alerts-activity-log-service-notifications-portal" - ] - }, - "risk_details": "Lack of monitoring for Service Health events may result in missing critical service issues, planned maintenance, security advisories, or other changes that could impact Azure services and regions in use.", - "time": 1760903743, - "time_dt": "2025-10-19T19:55:43.343029", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There are no diagnostic settings capturing appropiate categories in subscription Azure subscription 1.", - "metadata": { - "event_code": "monitor_diagnostic_setting_with_appropriate_categories", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "There are no diagnostic settings capturing appropiate categories in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/azure-monitor/essentials/diagnostic-settings", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "When the diagnostic setting is created using Azure Portal, by default no categories are selected.", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.az.md.1", - "op.mon.2.az.md.1" - ], - "CIS-2.0": [ - "5.1.2" - ], - "ProwlerThreatScore-1.0": [ - "3.3.2" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.22" - ], - "SOC2": [ - "cc_8_1" - ], - "CIS-2.1": [ - "5.1.2" - ], - "CIS-3.0": [ - "6.1.2" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR02", - "CCC.AuditLog.CN04.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.LB.CN01.AR02", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.ObjStor.CN06.AR01", - "CCC.Core.CN09.AR02", - "CCC.Core.CN09.AR03", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR02", - "CCC.Core.CN04.AR03", - "CCC.Core.CN07.AR02" - ], - "PCI-4.0": [ - "10.2.1.1.7", - "10.2.1.1.15", - "10.2.1.2.7", - "10.2.1.3.7", - "10.2.1.4.7", - "10.2.1.5.7", - "10.2.1.6.7", - "10.2.1.7.7", - "10.2.1.7", - "10.2.2.7", - "10.3.1.7", - "10.3.2.2", - "10.3.3.4", - "10.3.4.3", - "10.4.1.1.3", - "10.4.1.1.4", - "10.4.1.3", - "10.4.2.4", - "10.5.1.3", - "10.6.3.7", - "10.6.3.15", - "10.7.1.5", - "10.7.2.5", - "11.5.2.4", - "11.6.1.4", - "12.10.5.4", - "5.3.4.7", - "5.3.4.8", - "A1.2.1.7", - "A1.2.1.8", - "A3.3.1.6", - "A3.3.1.7", - "A3.5.1.6", - "A3.5.1.7" - ], - "CIS-4.0": [ - "7.1.1.2" - ], - "NIS2": [ - "2.2.3", - "3.2.1", - "3.2.2", - "3.2.3.c", - "3.2.3.f", - "3.4.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903743, - "created_time_dt": "2025-10-19T19:55:43.343029", - "desc": "Prerequisite: A Diagnostic Setting must exist. If a Diagnostic Setting does not exist, the navigation and options within this recommendation will not be available. Please review the recommendation at the beginning of this subsection titled: 'Ensure that a 'Diagnostic Setting' exists.' The diagnostic setting should be configured to log the appropriate activities from the control/management plane.", - "title": "Ensure Diagnostic Setting captures appropriate categories", - "types": [], - "uid": "prowler-azure-monitor_diagnostic_setting_with_appropriate_categories-3bb71587-4549-4396-8898-9e15f062e665-global-Monitor" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "monitor" - }, - "labels": [], - "name": "Monitor", - "type": "Monitor", - "uid": "Monitor" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. Go to Azure Monitor 2. Click Activity log 3. Click on Export Activity Logs 4. Select the Subscription from the drop down menu 5. Click on Add diagnostic setting 6. Enter a name for your new Diagnostic Setting 7. Check the following categories: Administrative, Alert, Policy, and Security 8. Choose the destination details according to your organization's needs.", - "references": [ - "https://learn.microsoft.com/en-us/azure/storage/common/manage-storage-analytics-logs?toc=%2Fazure%2Fstorage%2Fblobs%2Ftoc.json&bc=%2Fazure%2Fstorage%2Fblobs%2Fbreadcrumb%2Ftoc.json&tabs=azure-portal" - ] - }, - "risk_details": "A diagnostic setting controls how the diagnostic log is exported. Capturing the diagnostic setting categories for appropriate control/management plane activities allows proper alerting.", - "time": 1760903743, - "time_dt": "2025-10-19T19:55:43.343029", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No diagnostic settings found in subscription Azure subscription 1.", - "metadata": { - "event_code": "monitor_diagnostic_settings_exists", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "No diagnostic settings found in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/cli/azure/monitor/diagnostic-settings?view=azure-cli-latest", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "By default, diagnostic setting is not set.", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.r5.az.ds.1", - "op.mon.2.r2.az.ma.1" - ], - "CIS-2.0": [ - "5.1.1" - ], - "ProwlerThreatScore-1.0": [ - "3.2.3" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.22" - ], - "SOC2": [ - "cc_8_1" - ], - "CIS-2.1": [ - "5.1.1" - ], - "CIS-3.0": [ - "6.1.1" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN03.AR02", - "CCC.AuditLog.CN04.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.AuditLog.CN06.AR01", - "CCC.AuditLog.CN08.AR01", - "CCC.AuditLog.CN09.AR01", - "CCC.KeyMgmt.CN01.AR01", - "CCC.LB.CN01.AR02", - "CCC.LB.CN06.AR01", - "CCC.LB.CN04.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.AuditLog.CN04.AR01", - "CCC.Logging.CN05.AR01", - "CCC.Logging.CN05.AR02", - "CCC.Logging.CN07.AR01", - "CCC.ObjStor.CN06.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN09.AR01", - "CCC.Core.CN09.AR02", - "CCC.Core.CN09.AR03", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR02", - "CCC.Core.CN04.AR03", - "CCC.Core.CN07.AR02" - ], - "CIS-4.0": [ - "7.1.1.1" - ], - "NIS2": [ - "2.2.3", - "3.2.1", - "3.2.2", - "3.2.3.b", - "3.2.3.c", - "3.2.3.f", - "3.2.3.h", - "3.4.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903743, - "created_time_dt": "2025-10-19T19:55:43.343029", - "desc": "Enable Diagnostic settings for exporting activity logs. Diagnostic settings are available for each individual resource within a subscription. Settings should be configured for all appropriate resources for your environment.", - "title": "Ensure that a 'Diagnostic Setting' exists for Subscription Activity Logs ", - "types": [], - "uid": "prowler-azure-monitor_diagnostic_settings_exists-3bb71587-4549-4396-8898-9e15f062e665-global-Diagnostic Settings" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "monitor" - }, - "labels": [], - "name": "Diagnostic Settings", - "type": "Monitor", - "uid": "diagnostic_settings" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "To enable Diagnostic Settings on a Subscription: 1. Go to Monitor 2. Click on Activity Log 3. Click on Export Activity Logs 4. Click + Add diagnostic setting 5. Enter a Diagnostic setting name 6. Select Categories for the diagnostic settings 7. Select the appropriate Destination details (this may be Log Analytics, Storage Account, Event Hub, or Partner solution) 8. Click Save To enable Diagnostic Settings on a specific resource: 1. Go to Monitor 2. Click Diagnostic settings 3. Click on the resource that has a diagnostics status of disabled 4. Select Add Diagnostic Setting 5. Enter a Diagnostic setting name 6. Select the appropriate log, metric, and destination. (this may be Log Analytics, Storage Account, Event Hub, or Partner solution) 7. Click save Repeat these step for all resources as needed.", - "references": [ - "https://docs.microsoft.com/en-us/azure/monitoring-and-diagnostics/monitoring-overview-activity-logs#export-the-activity-log-with-a-log-profile" - ] - }, - "risk_details": "A diagnostic setting controls how a diagnostic log is exported. By default, logs are retained only for 90 days. Diagnostic settings should be defined so that logs can be exported and stored for a longer duration in order to analyze security activities within an Azure subscription.", - "time": 1760903743, - "time_dt": "2025-10-19T19:55:43.343029", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Bastion Host from subscription Azure subscription 1 does not exist", - "metadata": { - "event_code": "network_bastion_host_exists", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Bastion Host from subscription Azure subscription 1 does not exist", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/bastion/bastion-overview#sku", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "The Azure Bastion service incurs additional costs and requires a specific virtual network configuration. The Standard tier offers additional configuration options compared to the Basic tier and may incur additional costs for those added features.", - "compliance": { - "ENS-RD2022": [ - "mp.com.4.r4.az.nt.1" - ], - "CIS-2.0": [ - "7.1" - ], - "ProwlerThreatScore-1.0": [ - "2.1.5" - ], - "ISO27001-2022": [ - "A.8.14", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "CIS-2.1": [ - "7.1" - ], - "CIS-3.0": [ - "8.1" - ], - "CIS-4.0": [ - "9.4.1" - ], - "NIS2": [ - "2.3.1", - "6.7.2.b", - "6.7.2.l", - "11.1.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903743, - "created_time_dt": "2025-10-19T19:55:43.343029", - "desc": "The Azure Bastion service allows secure remote access to Azure Virtual Machines over the Internet without exposing remote access protocol ports and services directly to the Internet. The Azure Bastion service provides this access using TLS over 443/TCP, and subscribes to hardened configurations within an organization's Azure Active Directory service.", - "title": "Ensure an Azure Bastion Host Exists", - "types": [], - "uid": "prowler-azure-network_bastion_host_exists-3bb71587-4549-4396-8898-9e15f062e665-global-Bastion Host" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "network" - }, - "labels": [], - "name": "Bastion Host", - "type": "Network", - "uid": "Bastion Host" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "From Azure Portal* 1. Click on Bastions 2. Select the Subscription 3. Select the Resource group 4. Type a Name for the new Bastion host 5. Select a Region 6. Choose Standard next to Tier 7. Use the slider to set the Instance count 8. Select the Virtual network or Create new 9. Select the Subnet named AzureBastionSubnet. Create a Subnet named AzureBastionSubnet using a /26 CIDR range if it doesn't already exist. 10. Selct the appropriate Public IP address option. 11. If Create new is selected for the Public IP address option, provide a Public IP address name. 12. If Use existing is selected for Public IP address option, select an IP address from Choose public IP address 13. Click Next: Tags > 14. Configure the appropriate Tags 15. Click Next: Advanced > 16. Select the appropriate Advanced options 17. Click Next: Review + create > 18. Click Create From Azure CLI az network bastion create --location --name --public-ip-address --resource-group --vnet-name --scale-units --sku Standard [--disable-copy- paste true|false] [--enable-ip-connect true|false] [--enable-tunneling true|false] From PowerShell Create the appropriate Virtual network settings and Public IP Address settings. $subnetName = 'AzureBastionSubnet' $subnet = New-AzVirtualNetworkSubnetConfig -Name $subnetName -AddressPrefix $virtualNet = New-AzVirtualNetwork -Name - ResourceGroupName -Location -AddressPrefix -Subnet $subnet $publicip = New-AzPublicIpAddress -ResourceGroupName - Name -Location -AllocationMethod Dynamic -Sku Standard", - "references": [ - "https://learn.microsoft.com/en-us/powershell/module/az.network/get-azbastion?view=azps-9.2.0" - ] - }, - "risk_details": "The Azure Bastion service allows organizations a more secure means of accessing Azure Virtual Machines over the Internet without assigning public IP addresses to those Virtual Machines. The Azure Bastion service provides Remote Desktop Protocol (RDP) and Secure Shell (SSH) access to Virtual Machines using TLS within a web browser, thus preventing organizations from opening up 3389/TCP and 22/TCP to the Internet on Azure Virtual Machines. Additional benefits of the Bastion service includes Multi-Factor Authentication, Conditional Access Policies, and any other hardening measures configured within Azure Active Directory using a central point of access.", - "time": 1760903743, - "time_dt": "2025-10-19T19:55:43.343029", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Network Watcher NetworkWatcher_southcentralus from subscription Azure subscription 1 has no flow logs", - "metadata": { - "event_code": "network_flow_log_captured_sent", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Network Watcher NetworkWatcher_southcentralus from subscription Azure subscription 1 has no flow logs", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/security/benchmark/azure/mcsb-logging-threat-detection#lt-4-enable-network-logging-for-security-investigation", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "The impact of configuring NSG Flow logs is primarily one of cost and configuration. If deployed, it will create storage accounts that hold minimal amounts of data on a 5-day lifecycle before feeding to Log Analytics Workspace. This will increase the amount of data stored and used by Azure Monitor.", - "compliance": { - "ENS-RD2022": [ - "op.mon.1.r1.az.nf.1", - "op.mon.3.az.nw.1", - "mp.s.4.r1.az.nt.1" - ], - "MITRE-ATTACK": [ - "T1048", - "T1499" - ], - "CIS-2.0": [ - "5.1.6" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "ISO27001-2022": [ - "A.8.14", - "A.8.15", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "5.1.5" - ], - "CIS-3.0": [ - "6.1.5" - ], - "CCC": [ - "CCC.LB.CN01.AR02", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR01", - "CCC.Core.CN09.AR03", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR02", - "CCC.Core.CN04.AR03" - ], - "CIS-4.0": [ - "7.1.1.5" - ], - "NIS2": [ - "2.1.2.h", - "2.3.1", - "3.2.3.a", - "3.2.3.d", - "3.2.3.g", - "6.7.2.b", - "6.7.2.l", - "11.1.1", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903743, - "created_time_dt": "2025-10-19T19:55:43.343029", - "desc": "Ensure that network flow logs are captured and fed into a central log analytics workspace.", - "title": "Ensure that network flow logs are captured and fed into a central log analytics workspace.", - "types": [], - "uid": "prowler-azure-network_flow_log_captured_sent-3bb71587-4549-4396-8898-9e15f062e665-southcentralus-NetworkWatcher_southcentralus" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "southcentralus", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_southcentralus", - "name": "NetworkWatcher_southcentralus", - "location": "southcentralus", - "flow_logs": [] - } - }, - "group": { - "name": "network" - }, - "labels": [], - "name": "NetworkWatcher_southcentralus", - "type": "Network", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_southcentralus" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "southcentralus" - }, - "remediation": { - "desc": "1. Navigate to Network Watcher. 2. Select NSG flow logs. 3. Select + Create. 4. Select the desired Subscription. 5. Select + Select NSG. 6. Select a network security group. 7. Click Confirm selection. 8. Select or create a new Storage Account. 9. Input the retention in days to retain the log. 10. Click Next. 11. Under Configuration, select Version 2. 12. If rich analytics are required, select Enable Traffic Analytics, a processing interval, and a Log Analytics Workspace. 13. Select Next. 14. Optionally add Tags. 15. Select Review + create. 16. Select Create. Warning The remediation policy creates remediation deployment and names them by concatenating the subscription name and the resource group name. The MAXIMUM permitted length of a deployment name is 64 characters. Exceeding this will cause the remediation task to fail.", - "references": [ - "https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-nsg-flow-logging-portal" - ] - }, - "risk_details": "Network Flow Logs provide valuable insight into the flow of traffic around your network and feed into both Azure Monitor and Azure Sentinel (if in use), permitting the generation of visual flow diagrams to aid with analyzing for lateral movement, etc.", - "time": 1760903743, - "time_dt": "2025-10-19T19:55:43.343029", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Network Watcher NetworkWatcher_centralindia from subscription Azure subscription 1 has no flow logs", - "metadata": { - "event_code": "network_flow_log_captured_sent", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Network Watcher NetworkWatcher_centralindia from subscription Azure subscription 1 has no flow logs", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/security/benchmark/azure/mcsb-logging-threat-detection#lt-4-enable-network-logging-for-security-investigation", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "The impact of configuring NSG Flow logs is primarily one of cost and configuration. If deployed, it will create storage accounts that hold minimal amounts of data on a 5-day lifecycle before feeding to Log Analytics Workspace. This will increase the amount of data stored and used by Azure Monitor.", - "compliance": { - "ENS-RD2022": [ - "op.mon.1.r1.az.nf.1", - "op.mon.3.az.nw.1", - "mp.s.4.r1.az.nt.1" - ], - "MITRE-ATTACK": [ - "T1048", - "T1499" - ], - "CIS-2.0": [ - "5.1.6" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "ISO27001-2022": [ - "A.8.14", - "A.8.15", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "5.1.5" - ], - "CIS-3.0": [ - "6.1.5" - ], - "CCC": [ - "CCC.LB.CN01.AR02", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR01", - "CCC.Core.CN09.AR03", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR02", - "CCC.Core.CN04.AR03" - ], - "CIS-4.0": [ - "7.1.1.5" - ], - "NIS2": [ - "2.1.2.h", - "2.3.1", - "3.2.3.a", - "3.2.3.d", - "3.2.3.g", - "6.7.2.b", - "6.7.2.l", - "11.1.1", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903743, - "created_time_dt": "2025-10-19T19:55:43.343029", - "desc": "Ensure that network flow logs are captured and fed into a central log analytics workspace.", - "title": "Ensure that network flow logs are captured and fed into a central log analytics workspace.", - "types": [], - "uid": "prowler-azure-network_flow_log_captured_sent-3bb71587-4549-4396-8898-9e15f062e665-centralindia-NetworkWatcher_centralindia" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "centralindia", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_centralindia", - "name": "NetworkWatcher_centralindia", - "location": "centralindia", - "flow_logs": [] - } - }, - "group": { - "name": "network" - }, - "labels": [], - "name": "NetworkWatcher_centralindia", - "type": "Network", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_centralindia" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "centralindia" - }, - "remediation": { - "desc": "1. Navigate to Network Watcher. 2. Select NSG flow logs. 3. Select + Create. 4. Select the desired Subscription. 5. Select + Select NSG. 6. Select a network security group. 7. Click Confirm selection. 8. Select or create a new Storage Account. 9. Input the retention in days to retain the log. 10. Click Next. 11. Under Configuration, select Version 2. 12. If rich analytics are required, select Enable Traffic Analytics, a processing interval, and a Log Analytics Workspace. 13. Select Next. 14. Optionally add Tags. 15. Select Review + create. 16. Select Create. Warning The remediation policy creates remediation deployment and names them by concatenating the subscription name and the resource group name. The MAXIMUM permitted length of a deployment name is 64 characters. Exceeding this will cause the remediation task to fail.", - "references": [ - "https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-nsg-flow-logging-portal" - ] - }, - "risk_details": "Network Flow Logs provide valuable insight into the flow of traffic around your network and feed into both Azure Monitor and Azure Sentinel (if in use), permitting the generation of visual flow diagrams to aid with analyzing for lateral movement, etc.", - "time": 1760903743, - "time_dt": "2025-10-19T19:55:43.343029", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Network Watcher NetworkWatcher_westus2 from subscription Azure subscription 1 has no flow logs", - "metadata": { - "event_code": "network_flow_log_captured_sent", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Network Watcher NetworkWatcher_westus2 from subscription Azure subscription 1 has no flow logs", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/security/benchmark/azure/mcsb-logging-threat-detection#lt-4-enable-network-logging-for-security-investigation", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "The impact of configuring NSG Flow logs is primarily one of cost and configuration. If deployed, it will create storage accounts that hold minimal amounts of data on a 5-day lifecycle before feeding to Log Analytics Workspace. This will increase the amount of data stored and used by Azure Monitor.", - "compliance": { - "ENS-RD2022": [ - "op.mon.1.r1.az.nf.1", - "op.mon.3.az.nw.1", - "mp.s.4.r1.az.nt.1" - ], - "MITRE-ATTACK": [ - "T1048", - "T1499" - ], - "CIS-2.0": [ - "5.1.6" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "ISO27001-2022": [ - "A.8.14", - "A.8.15", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "5.1.5" - ], - "CIS-3.0": [ - "6.1.5" - ], - "CCC": [ - "CCC.LB.CN01.AR02", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR01", - "CCC.Core.CN09.AR03", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR02", - "CCC.Core.CN04.AR03" - ], - "CIS-4.0": [ - "7.1.1.5" - ], - "NIS2": [ - "2.1.2.h", - "2.3.1", - "3.2.3.a", - "3.2.3.d", - "3.2.3.g", - "6.7.2.b", - "6.7.2.l", - "11.1.1", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903743, - "created_time_dt": "2025-10-19T19:55:43.343029", - "desc": "Ensure that network flow logs are captured and fed into a central log analytics workspace.", - "title": "Ensure that network flow logs are captured and fed into a central log analytics workspace.", - "types": [], - "uid": "prowler-azure-network_flow_log_captured_sent-3bb71587-4549-4396-8898-9e15f062e665-westus2-NetworkWatcher_westus2" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "westus2", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_westus2", - "name": "NetworkWatcher_westus2", - "location": "westus2", - "flow_logs": [] - } - }, - "group": { - "name": "network" - }, - "labels": [], - "name": "NetworkWatcher_westus2", - "type": "Network", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_westus2" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "westus2" - }, - "remediation": { - "desc": "1. Navigate to Network Watcher. 2. Select NSG flow logs. 3. Select + Create. 4. Select the desired Subscription. 5. Select + Select NSG. 6. Select a network security group. 7. Click Confirm selection. 8. Select or create a new Storage Account. 9. Input the retention in days to retain the log. 10. Click Next. 11. Under Configuration, select Version 2. 12. If rich analytics are required, select Enable Traffic Analytics, a processing interval, and a Log Analytics Workspace. 13. Select Next. 14. Optionally add Tags. 15. Select Review + create. 16. Select Create. Warning The remediation policy creates remediation deployment and names them by concatenating the subscription name and the resource group name. The MAXIMUM permitted length of a deployment name is 64 characters. Exceeding this will cause the remediation task to fail.", - "references": [ - "https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-nsg-flow-logging-portal" - ] - }, - "risk_details": "Network Flow Logs provide valuable insight into the flow of traffic around your network and feed into both Azure Monitor and Azure Sentinel (if in use), permitting the generation of visual flow diagrams to aid with analyzing for lateral movement, etc.", - "time": 1760903743, - "time_dt": "2025-10-19T19:55:43.343029", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Network Watcher NetworkWatcher_swedencentral from subscription Azure subscription 1 has no flow logs", - "metadata": { - "event_code": "network_flow_log_captured_sent", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Network Watcher NetworkWatcher_swedencentral from subscription Azure subscription 1 has no flow logs", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/security/benchmark/azure/mcsb-logging-threat-detection#lt-4-enable-network-logging-for-security-investigation", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "The impact of configuring NSG Flow logs is primarily one of cost and configuration. If deployed, it will create storage accounts that hold minimal amounts of data on a 5-day lifecycle before feeding to Log Analytics Workspace. This will increase the amount of data stored and used by Azure Monitor.", - "compliance": { - "ENS-RD2022": [ - "op.mon.1.r1.az.nf.1", - "op.mon.3.az.nw.1", - "mp.s.4.r1.az.nt.1" - ], - "MITRE-ATTACK": [ - "T1048", - "T1499" - ], - "CIS-2.0": [ - "5.1.6" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "ISO27001-2022": [ - "A.8.14", - "A.8.15", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "5.1.5" - ], - "CIS-3.0": [ - "6.1.5" - ], - "CCC": [ - "CCC.LB.CN01.AR02", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR01", - "CCC.Core.CN09.AR03", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR02", - "CCC.Core.CN04.AR03" - ], - "CIS-4.0": [ - "7.1.1.5" - ], - "NIS2": [ - "2.1.2.h", - "2.3.1", - "3.2.3.a", - "3.2.3.d", - "3.2.3.g", - "6.7.2.b", - "6.7.2.l", - "11.1.1", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903743, - "created_time_dt": "2025-10-19T19:55:43.343029", - "desc": "Ensure that network flow logs are captured and fed into a central log analytics workspace.", - "title": "Ensure that network flow logs are captured and fed into a central log analytics workspace.", - "types": [], - "uid": "prowler-azure-network_flow_log_captured_sent-3bb71587-4549-4396-8898-9e15f062e665-swedencentral-NetworkWatcher_swedencentral" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "swedencentral", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_swedencentral", - "name": "NetworkWatcher_swedencentral", - "location": "swedencentral", - "flow_logs": [] - } - }, - "group": { - "name": "network" - }, - "labels": [], - "name": "NetworkWatcher_swedencentral", - "type": "Network", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_swedencentral" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "swedencentral" - }, - "remediation": { - "desc": "1. Navigate to Network Watcher. 2. Select NSG flow logs. 3. Select + Create. 4. Select the desired Subscription. 5. Select + Select NSG. 6. Select a network security group. 7. Click Confirm selection. 8. Select or create a new Storage Account. 9. Input the retention in days to retain the log. 10. Click Next. 11. Under Configuration, select Version 2. 12. If rich analytics are required, select Enable Traffic Analytics, a processing interval, and a Log Analytics Workspace. 13. Select Next. 14. Optionally add Tags. 15. Select Review + create. 16. Select Create. Warning The remediation policy creates remediation deployment and names them by concatenating the subscription name and the resource group name. The MAXIMUM permitted length of a deployment name is 64 characters. Exceeding this will cause the remediation task to fail.", - "references": [ - "https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-nsg-flow-logging-portal" - ] - }, - "risk_details": "Network Flow Logs provide valuable insight into the flow of traffic around your network and feed into both Azure Monitor and Azure Sentinel (if in use), permitting the generation of visual flow diagrams to aid with analyzing for lateral movement, etc.", - "time": 1760903743, - "time_dt": "2025-10-19T19:55:43.343029", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Network Watcher NetworkWatcher_southcentralus from subscription Azure subscription 1 has no flow logs", - "metadata": { - "event_code": "network_flow_log_more_than_90_days", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Network Watcher NetworkWatcher_southcentralus from subscription Azure subscription 1 has no flow logs", - "status_id": 1, - "unmapped": { - "related_url": " https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-nsg-flow-logging-overview", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "This will keep IP traffic logs for longer than 90 days. As a level 2, first determine your need to retain data, then apply your selection here. As this is data stored for longer, your monthly storage costs will increase depending on your data use.", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.r3.az.nt.1", - "op.mon.3.az.nw.1" - ], - "MITRE-ATTACK": [ - "T1499" - ], - "CIS-2.0": [ - "6.5" - ], - "ProwlerThreatScore-1.0": [ - "3.2.1" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1", - "cc_c_1_2" - ], - "CIS-2.1": [ - "6.5" - ], - "CIS-3.0": [ - "7.5" - ], - "CCC": [ - "CCC.Logging.CN02.AR01", - "CCC.Logging.CN02.AR02", - "CCC.VPC.CN04.AR01" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.29", - "10.2.1.3.29", - "10.2.1.4.29", - "10.2.1.5.29", - "10.2.1.6.29", - "10.2.1.7.29", - "10.2.1.29", - "10.2.2.29", - "10.3.1.29", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.34" - ], - "CIS-4.0": [ - "8.8", - "8.5" - ], - "NIS2": [ - "1.1.1.c", - "2.1.2.h", - "2.3.1", - "3.2.3.a", - "3.2.3.g", - "3.2.5", - "4.1.2.g", - "4.1.4", - "4.2.2.f", - "6.1.2.b", - "6.7.2.b", - "6.7.2.l", - "11.1.1", - "11.2.2.f", - "12.2.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903743, - "created_time_dt": "2025-10-19T19:55:43.343029", - "desc": "Network Security Group Flow Logs should be enabled and the retention period set to greater than or equal to 90 days.", - "title": "Ensure that Network Security Group Flow Log retention period is 0, 90 days or greater", - "types": [], - "uid": "prowler-azure-network_flow_log_more_than_90_days-3bb71587-4549-4396-8898-9e15f062e665-southcentralus-NetworkWatcher_southcentralus" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "southcentralus", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_southcentralus", - "name": "NetworkWatcher_southcentralus", - "location": "southcentralus", - "flow_logs": [] - } - }, - "group": { - "name": "network" - }, - "labels": [], - "name": "NetworkWatcher_southcentralus", - "type": "Network", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_southcentralus" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "southcentralus" - }, - "remediation": { - "desc": "From Azure Portal 1. Go to Network Watcher 2. Select NSG flow logs blade in the Logs section 3. Select each Network Security Group from the list 4. Ensure Status is set to On 5. Ensure Retention (days) setting greater than 90 days 6. Select your storage account in the Storage account field 7. Select Save From Azure CLI Enable the NSG flow logs and set the Retention (days) to greater than or equal to 90 days. az network watcher flow-log configure --nsg --enabled true --resource-group --retention 91 --storage-account ", - "references": [ - "https://docs.microsoft.com/en-us/cli/azure/network/watcher/flow-log?view=azure-cli-latest" - ] - }, - "risk_details": "Flow logs enable capturing information about IP traffic flowing in and out of network security groups. Logs can be used to check for anomalies and give insight into suspected breaches.", - "time": 1760903743, - "time_dt": "2025-10-19T19:55:43.343029", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Network Watcher NetworkWatcher_centralindia from subscription Azure subscription 1 has no flow logs", - "metadata": { - "event_code": "network_flow_log_more_than_90_days", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Network Watcher NetworkWatcher_centralindia from subscription Azure subscription 1 has no flow logs", - "status_id": 1, - "unmapped": { - "related_url": " https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-nsg-flow-logging-overview", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "This will keep IP traffic logs for longer than 90 days. As a level 2, first determine your need to retain data, then apply your selection here. As this is data stored for longer, your monthly storage costs will increase depending on your data use.", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.r3.az.nt.1", - "op.mon.3.az.nw.1" - ], - "MITRE-ATTACK": [ - "T1499" - ], - "CIS-2.0": [ - "6.5" - ], - "ProwlerThreatScore-1.0": [ - "3.2.1" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1", - "cc_c_1_2" - ], - "CIS-2.1": [ - "6.5" - ], - "CIS-3.0": [ - "7.5" - ], - "CCC": [ - "CCC.Logging.CN02.AR01", - "CCC.Logging.CN02.AR02", - "CCC.VPC.CN04.AR01" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.29", - "10.2.1.3.29", - "10.2.1.4.29", - "10.2.1.5.29", - "10.2.1.6.29", - "10.2.1.7.29", - "10.2.1.29", - "10.2.2.29", - "10.3.1.29", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.34" - ], - "CIS-4.0": [ - "8.8", - "8.5" - ], - "NIS2": [ - "1.1.1.c", - "2.1.2.h", - "2.3.1", - "3.2.3.a", - "3.2.3.g", - "3.2.5", - "4.1.2.g", - "4.1.4", - "4.2.2.f", - "6.1.2.b", - "6.7.2.b", - "6.7.2.l", - "11.1.1", - "11.2.2.f", - "12.2.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903743, - "created_time_dt": "2025-10-19T19:55:43.343029", - "desc": "Network Security Group Flow Logs should be enabled and the retention period set to greater than or equal to 90 days.", - "title": "Ensure that Network Security Group Flow Log retention period is 0, 90 days or greater", - "types": [], - "uid": "prowler-azure-network_flow_log_more_than_90_days-3bb71587-4549-4396-8898-9e15f062e665-centralindia-NetworkWatcher_centralindia" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "centralindia", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_centralindia", - "name": "NetworkWatcher_centralindia", - "location": "centralindia", - "flow_logs": [] - } - }, - "group": { - "name": "network" - }, - "labels": [], - "name": "NetworkWatcher_centralindia", - "type": "Network", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_centralindia" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "centralindia" - }, - "remediation": { - "desc": "From Azure Portal 1. Go to Network Watcher 2. Select NSG flow logs blade in the Logs section 3. Select each Network Security Group from the list 4. Ensure Status is set to On 5. Ensure Retention (days) setting greater than 90 days 6. Select your storage account in the Storage account field 7. Select Save From Azure CLI Enable the NSG flow logs and set the Retention (days) to greater than or equal to 90 days. az network watcher flow-log configure --nsg --enabled true --resource-group --retention 91 --storage-account ", - "references": [ - "https://docs.microsoft.com/en-us/cli/azure/network/watcher/flow-log?view=azure-cli-latest" - ] - }, - "risk_details": "Flow logs enable capturing information about IP traffic flowing in and out of network security groups. Logs can be used to check for anomalies and give insight into suspected breaches.", - "time": 1760903743, - "time_dt": "2025-10-19T19:55:43.343029", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Network Watcher NetworkWatcher_westus2 from subscription Azure subscription 1 has no flow logs", - "metadata": { - "event_code": "network_flow_log_more_than_90_days", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Network Watcher NetworkWatcher_westus2 from subscription Azure subscription 1 has no flow logs", - "status_id": 1, - "unmapped": { - "related_url": " https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-nsg-flow-logging-overview", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "This will keep IP traffic logs for longer than 90 days. As a level 2, first determine your need to retain data, then apply your selection here. As this is data stored for longer, your monthly storage costs will increase depending on your data use.", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.r3.az.nt.1", - "op.mon.3.az.nw.1" - ], - "MITRE-ATTACK": [ - "T1499" - ], - "CIS-2.0": [ - "6.5" - ], - "ProwlerThreatScore-1.0": [ - "3.2.1" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1", - "cc_c_1_2" - ], - "CIS-2.1": [ - "6.5" - ], - "CIS-3.0": [ - "7.5" - ], - "CCC": [ - "CCC.Logging.CN02.AR01", - "CCC.Logging.CN02.AR02", - "CCC.VPC.CN04.AR01" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.29", - "10.2.1.3.29", - "10.2.1.4.29", - "10.2.1.5.29", - "10.2.1.6.29", - "10.2.1.7.29", - "10.2.1.29", - "10.2.2.29", - "10.3.1.29", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.34" - ], - "CIS-4.0": [ - "8.8", - "8.5" - ], - "NIS2": [ - "1.1.1.c", - "2.1.2.h", - "2.3.1", - "3.2.3.a", - "3.2.3.g", - "3.2.5", - "4.1.2.g", - "4.1.4", - "4.2.2.f", - "6.1.2.b", - "6.7.2.b", - "6.7.2.l", - "11.1.1", - "11.2.2.f", - "12.2.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903743, - "created_time_dt": "2025-10-19T19:55:43.343029", - "desc": "Network Security Group Flow Logs should be enabled and the retention period set to greater than or equal to 90 days.", - "title": "Ensure that Network Security Group Flow Log retention period is 0, 90 days or greater", - "types": [], - "uid": "prowler-azure-network_flow_log_more_than_90_days-3bb71587-4549-4396-8898-9e15f062e665-westus2-NetworkWatcher_westus2" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "westus2", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_westus2", - "name": "NetworkWatcher_westus2", - "location": "westus2", - "flow_logs": [] - } - }, - "group": { - "name": "network" - }, - "labels": [], - "name": "NetworkWatcher_westus2", - "type": "Network", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_westus2" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "westus2" - }, - "remediation": { - "desc": "From Azure Portal 1. Go to Network Watcher 2. Select NSG flow logs blade in the Logs section 3. Select each Network Security Group from the list 4. Ensure Status is set to On 5. Ensure Retention (days) setting greater than 90 days 6. Select your storage account in the Storage account field 7. Select Save From Azure CLI Enable the NSG flow logs and set the Retention (days) to greater than or equal to 90 days. az network watcher flow-log configure --nsg --enabled true --resource-group --retention 91 --storage-account ", - "references": [ - "https://docs.microsoft.com/en-us/cli/azure/network/watcher/flow-log?view=azure-cli-latest" - ] - }, - "risk_details": "Flow logs enable capturing information about IP traffic flowing in and out of network security groups. Logs can be used to check for anomalies and give insight into suspected breaches.", - "time": 1760903743, - "time_dt": "2025-10-19T19:55:43.343029", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Network Watcher NetworkWatcher_swedencentral from subscription Azure subscription 1 has no flow logs", - "metadata": { - "event_code": "network_flow_log_more_than_90_days", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Network Watcher NetworkWatcher_swedencentral from subscription Azure subscription 1 has no flow logs", - "status_id": 1, - "unmapped": { - "related_url": " https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-nsg-flow-logging-overview", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "This will keep IP traffic logs for longer than 90 days. As a level 2, first determine your need to retain data, then apply your selection here. As this is data stored for longer, your monthly storage costs will increase depending on your data use.", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.r3.az.nt.1", - "op.mon.3.az.nw.1" - ], - "MITRE-ATTACK": [ - "T1499" - ], - "CIS-2.0": [ - "6.5" - ], - "ProwlerThreatScore-1.0": [ - "3.2.1" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1", - "cc_c_1_2" - ], - "CIS-2.1": [ - "6.5" - ], - "CIS-3.0": [ - "7.5" - ], - "CCC": [ - "CCC.Logging.CN02.AR01", - "CCC.Logging.CN02.AR02", - "CCC.VPC.CN04.AR01" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.29", - "10.2.1.3.29", - "10.2.1.4.29", - "10.2.1.5.29", - "10.2.1.6.29", - "10.2.1.7.29", - "10.2.1.29", - "10.2.2.29", - "10.3.1.29", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.34" - ], - "CIS-4.0": [ - "8.8", - "8.5" - ], - "NIS2": [ - "1.1.1.c", - "2.1.2.h", - "2.3.1", - "3.2.3.a", - "3.2.3.g", - "3.2.5", - "4.1.2.g", - "4.1.4", - "4.2.2.f", - "6.1.2.b", - "6.7.2.b", - "6.7.2.l", - "11.1.1", - "11.2.2.f", - "12.2.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903743, - "created_time_dt": "2025-10-19T19:55:43.343029", - "desc": "Network Security Group Flow Logs should be enabled and the retention period set to greater than or equal to 90 days.", - "title": "Ensure that Network Security Group Flow Log retention period is 0, 90 days or greater", - "types": [], - "uid": "prowler-azure-network_flow_log_more_than_90_days-3bb71587-4549-4396-8898-9e15f062e665-swedencentral-NetworkWatcher_swedencentral" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "swedencentral", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_swedencentral", - "name": "NetworkWatcher_swedencentral", - "location": "swedencentral", - "flow_logs": [] - } - }, - "group": { - "name": "network" - }, - "labels": [], - "name": "NetworkWatcher_swedencentral", - "type": "Network", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_swedencentral" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "swedencentral" - }, - "remediation": { - "desc": "From Azure Portal 1. Go to Network Watcher 2. Select NSG flow logs blade in the Logs section 3. Select each Network Security Group from the list 4. Ensure Status is set to On 5. Ensure Retention (days) setting greater than 90 days 6. Select your storage account in the Storage account field 7. Select Save From Azure CLI Enable the NSG flow logs and set the Retention (days) to greater than or equal to 90 days. az network watcher flow-log configure --nsg --enabled true --resource-group --retention 91 --storage-account ", - "references": [ - "https://docs.microsoft.com/en-us/cli/azure/network/watcher/flow-log?view=azure-cli-latest" - ] - }, - "risk_details": "Flow logs enable capturing information about IP traffic flowing in and out of network security groups. Logs can be used to check for anomalies and give insight into suspected breaches.", - "time": 1760903743, - "time_dt": "2025-10-19T19:55:43.343029", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Security Group nsg-lee8 from subscription Azure subscription 1 has HTTP internet access restricted.", - "metadata": { - "event_code": "network_http_internet_access_restricted", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Security Group nsg-lee8 from subscription Azure subscription 1 has HTTP internet access restricted.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/security/benchmark/azure/security-controls-v3-network-security#ns-1-establish-network-segmentation-boundaries", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.com.3.r2.az.tls.1", - "mp.com.4.r3.az.1", - "mp.com.4.r4.az.nt.1", - "mp.s.4.az.nt.1" - ], - "MITRE-ATTACK": [ - "T1199", - "T1048", - "T1499", - "T1498", - "T1046" - ], - "CIS-2.0": [ - "6.4" - ], - "ProwlerThreatScore-1.0": [ - "2.1.4" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "SOC2": [ - "cc_6_6" - ], - "CIS-2.1": [ - "6.4" - ], - "CIS-3.0": [ - "7.4" - ], - "CCC": [ - "CCC.Build.CN03.AR01", - "CCC.MLDE.CN07.AR01", - "CCC.MLDE.CN07.AR02", - "CCC.MLDE.CN08.AR01", - "CCC.MLDE.CN08.AR02", - "CCC.Core.CN06.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05" - ], - "PCI-4.0": [ - "1.2.5.5", - "1.2.8.25", - "1.3.1.28", - "1.3.2.28", - "1.4.1.6", - "1.4.2.26", - "1.4.4.6", - "1.5.1.25", - "2.2.5.5", - "2.2.7.3", - "4.2.1.1.7", - "4.2.1.3", - "8.3.2.6", - "A1.1.3.25" - ], - "CIS-4.0": [ - "8.4" - ], - "NIS2": [ - "1.1.1.c", - "1.2.1", - "2.3.1", - "6.7.2.b", - "6.7.2.l", - "11.1.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903743, - "created_time_dt": "2025-10-19T19:55:43.343029", - "desc": "Network security groups should be periodically evaluated for port misconfigurations. Where certain ports and protocols may be exposed to the Internet, they should be evaluated for necessity and restricted wherever they are not explicitly required and narrowly configured.", - "title": "Ensure that HTTP(S) access from the Internet is evaluated and restricted", - "types": [], - "uid": "prowler-azure-network_http_internet_access_restricted-3bb71587-4549-4396-8898-9e15f062e665-westus2-nsg-lee8" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "westus2", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-lee8/providers/Microsoft.Network/networkSecurityGroups/nsg-lee8", - "name": "nsg-lee8", - "location": "westus2", - "security_rules": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-lee8/providers/Microsoft.Network/networkSecurityGroups/nsg-lee8/securityRules/nsgr-lee8", - "name": "nsgr-lee8", - "destination_port_range": "*", - "protocol": "*", - "source_address_prefix": "192.168.0.0/24", - "access": "Deny", - "direction": "Outbound" - } - ] - } - }, - "group": { - "name": "network" - }, - "labels": [], - "name": "nsg-lee8", - "type": "Network", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-lee8/providers/Microsoft.Network/networkSecurityGroups/nsg-lee8" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "westus2" - }, - "remediation": { - "desc": "Where HTTP(S) is not explicitly required and narrowly configured for resources attached to the Network Security Group, Internet-level access to your Azure resources should be restricted or eliminated. For internal access to relevant resources, configure an encrypted network tunnel such as: ExpressRoute Site-to-site VPN Point-to-site VPN", - "references": [] - }, - "risk_details": "The potential security problem with using HTTP(S) over the Internet is that attackers can use various brute force techniques to gain access to Azure resources. Once the attackers gain access, they can use the resource as a launch point for compromising other resources within the Azure tenant.", - "time": 1760903743, - "time_dt": "2025-10-19T19:55:43.343029", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Security Group nsg-lee8 from subscription Azure subscription 1 has RDP internet access restricted.", - "metadata": { - "event_code": "network_rdp_internet_access_restricted", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Security Group nsg-lee8 from subscription Azure subscription 1 has RDP internet access restricted.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/azure/security/azure-security-network-security-best-practices#disable-rdpssh-access-to-azure-virtual-machines", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.com.1.az.nw.1" - ], - "MITRE-ATTACK": [ - "T1199", - "T1048", - "T1499", - "T1498", - "T1046" - ], - "CIS-2.0": [ - "6.1" - ], - "ProwlerThreatScore-1.0": [ - "2.1.1" - ], - "ISO27001-2022": [ - "A.8.14", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "SOC2": [ - "cc_6_6" - ], - "CIS-2.1": [ - "6.1" - ], - "CIS-3.0": [ - "7.1" - ], - "CCC": [ - "CCC.Build.CN03.AR01", - "CCC.MLDE.CN07.AR01", - "CCC.MLDE.CN07.AR02", - "CCC.MLDE.CN08.AR01", - "CCC.MLDE.CN08.AR02", - "CCC.Core.CN06.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05" - ], - "CIS-4.0": [ - "8.1" - ], - "NIS2": [ - "2.3.1", - "6.7.2.b", - "6.7.2.l", - "11.1.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903743, - "created_time_dt": "2025-10-19T19:55:43.343029", - "desc": "Network security groups should be periodically evaluated for port misconfigurations. Where certain ports and protocols may be exposed to the Internet, they should be evaluated for necessity and restricted wherever they are not explicitly required.", - "title": "Ensure that RDP access from the Internet is evaluated and restricted", - "types": [], - "uid": "prowler-azure-network_rdp_internet_access_restricted-3bb71587-4549-4396-8898-9e15f062e665-westus2-nsg-lee8" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "westus2", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-lee8/providers/Microsoft.Network/networkSecurityGroups/nsg-lee8", - "name": "nsg-lee8", - "location": "westus2", - "security_rules": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-lee8/providers/Microsoft.Network/networkSecurityGroups/nsg-lee8/securityRules/nsgr-lee8", - "name": "nsgr-lee8", - "destination_port_range": "*", - "protocol": "*", - "source_address_prefix": "192.168.0.0/24", - "access": "Deny", - "direction": "Outbound" - } - ] - } - }, - "group": { - "name": "network" - }, - "labels": [], - "name": "nsg-lee8", - "type": "Network", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-lee8/providers/Microsoft.Network/networkSecurityGroups/nsg-lee8" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "westus2" - }, - "remediation": { - "desc": "Where RDP is not explicitly required and narrowly configured for resources attached to the Network Security Group, Internet-level access to your Azure resources should be restricted or eliminated. For internal access to relevant resources, configure an encrypted network tunnel such as: ExpressRoute Site-to-site VPN Point-to-site VPN", - "references": [ - "https://docs.microsoft.com/en-us/security/benchmark/azure/security-controls-v3-network-security#ns-1-establish-network-segmentation-boundaries" - ] - }, - "risk_details": "The potential security problem with using RDP over the Internet is that attackers can use various brute force techniques to gain access to Azure Virtual Machines. Once the attackers gain access, they can use a virtual machine as a launch point for compromising other machines on an Azure Virtual Network or even attack networked devices outside of Azure.", - "time": 1760903743, - "time_dt": "2025-10-19T19:55:43.343029", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Security Group nsg-lee8 from subscription Azure subscription 1 has SSH internet access restricted.", - "metadata": { - "event_code": "network_ssh_internet_access_restricted", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Security Group nsg-lee8 from subscription Azure subscription 1 has SSH internet access restricted.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/azure/security/azure-security-network-security-best-practices#disable-rdpssh-access-to-azure-virtual-machines", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.com.1.az.nw.2" - ], - "MITRE-ATTACK": [ - "T1199", - "T1048", - "T1499", - "T1498", - "T1046" - ], - "CIS-2.0": [ - "6.2" - ], - "ProwlerThreatScore-1.0": [ - "2.1.2" - ], - "ISO27001-2022": [ - "A.8.14", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "SOC2": [ - "cc_6_6" - ], - "CIS-2.1": [ - "6.2" - ], - "CIS-3.0": [ - "7.2" - ], - "CCC": [ - "CCC.Build.CN03.AR01", - "CCC.MLDE.CN07.AR01", - "CCC.MLDE.CN07.AR02", - "CCC.MLDE.CN08.AR01", - "CCC.MLDE.CN08.AR02", - "CCC.Core.CN01.AR02", - "CCC.Core.CN06.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05" - ], - "PCI-4.0": [ - "1.2.5.17", - "1.2.8.17", - "1.2.8.18", - "1.2.8.21", - "1.2.8.41", - "1.3.1.19", - "1.3.1.21", - "1.3.1.24", - "1.3.1.45", - "1.3.2.19", - "1.3.2.21", - "1.3.2.24", - "1.3.2.45", - "1.4.1.5", - "1.4.2.18", - "1.4.2.19", - "1.4.2.22", - "1.4.2.43", - "1.4.4.5", - "1.5.1.17", - "1.5.1.18", - "1.5.1.21", - "1.5.1.40", - "2.2.5.17", - "A1.1.3.17", - "A1.1.3.18", - "A1.1.3.21", - "A1.1.3.40" - ], - "CIS-4.0": [ - "8.2" - ], - "NIS2": [ - "2.3.1", - "6.7.2.b", - "6.7.2.l", - "11.1.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903743, - "created_time_dt": "2025-10-19T19:55:43.343029", - "desc": "Network security groups should be periodically evaluated for port misconfigurations. Where certain ports and protocols may be exposed to the Internet, they should be evaluated for necessity and restricted wherever they are not explicitly required.", - "title": "Ensure that SSH access from the Internet is evaluated and restricted", - "types": [], - "uid": "prowler-azure-network_ssh_internet_access_restricted-3bb71587-4549-4396-8898-9e15f062e665-westus2-nsg-lee8" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "westus2", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-lee8/providers/Microsoft.Network/networkSecurityGroups/nsg-lee8", - "name": "nsg-lee8", - "location": "westus2", - "security_rules": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-lee8/providers/Microsoft.Network/networkSecurityGroups/nsg-lee8/securityRules/nsgr-lee8", - "name": "nsgr-lee8", - "destination_port_range": "*", - "protocol": "*", - "source_address_prefix": "192.168.0.0/24", - "access": "Deny", - "direction": "Outbound" - } - ] - } - }, - "group": { - "name": "network" - }, - "labels": [], - "name": "nsg-lee8", - "type": "Network", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-lee8/providers/Microsoft.Network/networkSecurityGroups/nsg-lee8" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "westus2" - }, - "remediation": { - "desc": "Where SSH is not explicitly required and narrowly configured for resources attached to the Network Security Group, Internet-level access to your Azure resources should be restricted or eliminated. For internal access to relevant resources, configure an encrypted network tunnel such as: ExpressRoute Site-to-site VPN Point-to-site VPN", - "references": [ - "https://docs.microsoft.com/en-us/security/benchmark/azure/security-controls-v3-network-security#ns-1-establish-network-segmentation-boundaries" - ] - }, - "risk_details": "The potential security problem with using SSH over the Internet is that attackers can use various brute force techniques to gain access to Azure Virtual Machines. Once the attackers gain access, they can use a virtual machine as a launch point for compromising other machines on the Azure Virtual Network or even attack networked devices outside of Azure.", - "time": 1760903743, - "time_dt": "2025-10-19T19:55:43.343029", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Security Group nsg-lee8 from subscription Azure subscription 1 has UDP internet access restricted.", - "metadata": { - "event_code": "network_udp_internet_access_restricted", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Security Group nsg-lee8 from subscription Azure subscription 1 has UDP internet access restricted.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/azure/security/fundamentals/network-best-practices#secure-your-critical-azure-service-resources-to-only-your-virtual-networks", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.com.1.az.nw.3" - ], - "MITRE-ATTACK": [ - "T1199", - "T1048", - "T1499", - "T1498", - "T1046" - ], - "CIS-2.0": [ - "6.3" - ], - "ProwlerThreatScore-1.0": [ - "2.1.3" - ], - "ISO27001-2022": [ - "A.8.14", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "SOC2": [ - "cc_6_6" - ], - "CIS-2.1": [ - "6.3" - ], - "CIS-3.0": [ - "7.3" - ], - "CCC": [ - "CCC.Build.CN03.AR01", - "CCC.MLDE.CN07.AR01", - "CCC.MLDE.CN07.AR02", - "CCC.MLDE.CN08.AR01", - "CCC.MLDE.CN08.AR02", - "CCC.Core.CN06.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05" - ], - "CIS-4.0": [ - "8.3" - ], - "NIS2": [ - "2.3.1", - "6.7.2.b", - "6.7.2.l", - "11.1.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903743, - "created_time_dt": "2025-10-19T19:55:43.343029", - "desc": "Network security groups should be periodically evaluated for port misconfigurations. Where certain ports and protocols may be exposed to the Internet, they should be evaluated for necessity and restricted wherever they are not explicitly required.", - "title": "Ensure that UDP access from the Internet is evaluated and restricted", - "types": [], - "uid": "prowler-azure-network_udp_internet_access_restricted-3bb71587-4549-4396-8898-9e15f062e665-westus2-nsg-lee8" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "westus2", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-lee8/providers/Microsoft.Network/networkSecurityGroups/nsg-lee8", - "name": "nsg-lee8", - "location": "westus2", - "security_rules": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-lee8/providers/Microsoft.Network/networkSecurityGroups/nsg-lee8/securityRules/nsgr-lee8", - "name": "nsgr-lee8", - "destination_port_range": "*", - "protocol": "*", - "source_address_prefix": "192.168.0.0/24", - "access": "Deny", - "direction": "Outbound" - } - ] - } - }, - "group": { - "name": "network" - }, - "labels": [], - "name": "nsg-lee8", - "type": "Network", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-lee8/providers/Microsoft.Network/networkSecurityGroups/nsg-lee8" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "westus2" - }, - "remediation": { - "desc": "Where UDP is not explicitly required and narrowly configured for resources attached tothe Network Security Group, Internet-level access to your Azure resources should be restricted or eliminated. For internal access to relevant resources, configure an encrypted network tunnel such as: ExpressRouteSite-to-site VPN Point-to-site VPN", - "references": [ - "https://docs.microsoft.com/en-us/azure/security/fundamentals/ddos-best-practices" - ] - }, - "risk_details": "The potential security problem with broadly exposing UDP services over the Internet is that attackers can use DDoS amplification techniques to reflect spoofed UDP traffic from Azure Virtual Machines. The most common types of these attacks use exposed DNS, NTP, SSDP, SNMP, CLDAP and other UDP-based services as amplification sources for disrupting services of other machines on the Azure Virtual Network or even attack networked devices outside of Azure.", - "time": 1760903743, - "time_dt": "2025-10-19T19:55:43.343029", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Network Watcher is not enabled for the following locations in subscription 'Azure subscription 1': italynorth, norwaywest, chilecentral, southeastasia, australiacentral, northeurope, australiaeast, brazilsoutheast, canadacentral, koreacentral, polandcentral, qatarcentral, ukwest, francecentral, koreasouth, westcentralus, northcentralus, spaincentral, eastus, germanynorth, francesouth, southindia, indonesiacentral, australiasoutheast, eastasia, malaysiawest, newzealandnorth, mexicocentral, germanywestcentral, southafricawest, jioindiawest, eastus2, southafricanorth, westindia, brazilsouth, uaecentral, westeurope, uksouth, jioindiacentral, switzerlandwest, uaenorth, australiacentral2, austriaeast, switzerlandnorth, canadaeast, norwayeast, japaneast, westus, westus3, israelcentral, centralus, japanwest.", - "metadata": { - "event_code": "network_watcher_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Network Watcher is not enabled for the following locations in subscription 'Azure subscription 1': italynorth, norwaywest, chilecentral, southeastasia, australiacentral, northeurope, australiaeast, brazilsoutheast, canadacentral, koreacentral, polandcentral, qatarcentral, ukwest, francecentral, koreasouth, westcentralus, northcentralus, spaincentral, eastus, germanynorth, francesouth, southindia, indonesiacentral, australiasoutheast, eastasia, malaysiawest, newzealandnorth, mexicocentral, germanywestcentral, southafricawest, jioindiawest, eastus2, southafricanorth, westindia, brazilsouth, uaecentral, westeurope, uksouth, jioindiacentral, switzerlandwest, uaenorth, australiacentral2, austriaeast, switzerlandnorth, canadaeast, norwayeast, japaneast, westus, westus3, israelcentral, centralus, japanwest.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-monitoring-overview", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "There are additional costs per transaction to run and store network data. For high-volume networks these charges will add up quickly.", - "compliance": { - "ENS-RD2022": [ - "op.mon.1.az.nw.1", - "op.mon.2.r2.az.ma.1", - "op.mon.3.az.nw.1", - "mp.com.1.az.nw.1", - "mp.com.1.az.nw.2", - "mp.com.1.az.nw.3", - "mp.com.3.az.nw.1" - ], - "MITRE-ATTACK": [ - "T1048", - "T1499", - "T1498", - "T1046", - "T1049" - ], - "CIS-2.0": [ - "6.6" - ], - "ProwlerThreatScore-1.0": [ - "3.3.14" - ], - "ISO27001-2022": [ - "A.8.14", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "CIS-2.1": [ - "6.6" - ], - "CIS-3.0": [ - "7.6" - ], - "CCC": [ - "CCC.LB.CN01.AR02", - "CCC.LB.CN06.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN06.AR01" - ], - "CIS-4.0": [ - "8.6" - ], - "NIS2": [ - "2.3.1", - "6.7.2.b", - "6.7.2.l", - "6.8.2.a", - "11.1.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903743, - "created_time_dt": "2025-10-19T19:55:43.343029", - "desc": "Enable Network Watcher for Azure subscriptions.", - "title": "Ensure that Network Watcher is 'Enabled' for all locations in the Azure subscription", - "types": [], - "uid": "prowler-azure-network_watcher_enabled-3bb71587-4549-4396-8898-9e15f062e665-global-Network Watcher" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "network" - }, - "labels": [], - "name": "Network Watcher", - "type": "Network", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_*" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "Opting out of Network Watcher automatic enablement is a permanent change. Once you opt-out you cannot opt-in without contacting support.", - "references": [ - "https://learn.microsoft.com/en-us/security/benchmark/azure/security-controls-v2-logging-threat-detection#lt-3-enable-logging-for-azure-network-activities" - ] - }, - "risk_details": "Network diagnostic and visualization tools available with Network Watcher help users understand, diagnose, and gain insights to the network in Azure.", - "time": 1760903743, - "time_dt": "2025-10-19T19:55:43.343029", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Policy assigment '/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Authorization/policyAssignments/SecurityCenterBuiltIn' is configured with enforcement mode 'Default'.", - "metadata": { - "event_code": "policy_ensure_asc_enforcement_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Policy assigment '/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Authorization/policyAssignments/SecurityCenterBuiltIn' is configured with enforcement mode 'Default'.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/defender-for-cloud/security-policy-concept", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-2.0": [ - "2.1.14" - ], - "ProwlerThreatScore-1.0": [ - "3.3.17" - ], - "ISO27001-2022": [ - "A.5.1" - ], - "CIS-2.1": [ - "2.1.13" - ], - "CIS-3.0": [ - "3.1.11" - ], - "PCI-4.0": [ - "10.2.1.1.31", - "10.4.1.1.5", - "10.4.1.4", - "10.4.2.5", - "10.6.3.36", - "10.7.1.6", - "10.7.2.6", - "A3.3.1.9", - "A3.5.1.9" - ], - "CIS-4.0": [ - "9.1.11" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903743, - "created_time_dt": "2025-10-19T19:55:43.343029", - "desc": "None of the settings offered by ASC Default policy should be set to effect Disabled.", - "title": "Ensure Any of the ASC Default Policy Settings are Not Set to 'Disabled'", - "types": [], - "uid": "prowler-azure-policy_ensure_asc_enforcement_enabled-3bb71587-4549-4396-8898-9e15f062e665-global-SecurityCenterBuiltIn" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Authorization/policyAssignments/SecurityCenterBuiltIn", - "name": "SecurityCenterBuiltIn", - "enforcement_mode": "Default" - } - }, - "group": { - "name": "policy" - }, - "labels": [], - "name": "SecurityCenterBuiltIn", - "type": "Microsoft.Authorization/policyAssignments", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Authorization/policyAssignments/SecurityCenterBuiltIn" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. From Azure Home select the Portal Menu 2. Select Policy 3. Select ASC Default for each subscription 4. Click on 'view Assignment' 5. Click on 'Edit assignment' 6. Ensure Policy Enforcement is Enabled 7. Click 'Review + Save'", - "references": [ - "https://learn.microsoft.com/en-us/azure/defender-for-cloud/implement-security-recommendations" - ] - }, - "risk_details": "A security policy defines the desired configuration of your workloads and helps ensure compliance with company or regulatory security requirements. ASC Default policy is associated with every subscription by default. ASC default policy assignment is a set of security recommendations based on best practices. Enabling recommendations in ASC default policy ensures that Azure security center provides the ability to monitor all of the supported recommendations and optionally allow automated action for a few of the supported recommendations.", - "time": 1760903743, - "time_dt": "2025-10-19T19:55:43.343029", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-e9rn from subscription Azure subscription 1 has allow public access from any Azure service disabled", - "metadata": { - "event_code": "postgresql_flexible_server_allow_access_services_disabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-e9rn from subscription Azure subscription 1 has allow public access from any Azure service disabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/azure/postgresql/concepts-firewall-rules", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.r4.az.sa.3" - ], - "CIS-2.0": [ - "4.3.7" - ], - "ProwlerThreatScore-1.0": [ - "2.2.2" - ], - "ISO27001-2022": [ - "A.8.3" - ], - "CIS-2.1": [ - "4.3.7" - ], - "CIS-3.0": [ - "5.2.5" - ], - "CCC": [ - "CCC.DataWar.CN03.AR01" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903743, - "created_time_dt": "2025-10-19T19:55:43.343029", - "desc": "Disable access from Azure services to PostgreSQL Database Server.", - "title": "Ensure 'Allow access to Azure services' for PostgreSQL Database Server is disabled", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_allow_access_services_disabled-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-e9rn" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn", - "name": "psql-e9rn", - "resource_group": "rg-e9rn", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-e9rn", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Connection security. 4. Under Firewall rules, set Allow access to Azure services to No. 5. Click Save. From Azure CLI Use the below command to delete the AllowAllWindowsAzureIps rule for PostgreSQL Database. az postgres server firewall-rule delete --name AllowAllWindowsAzureIps -- resource-group --server-name ", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/quickstart-create-server-database-azure-cli#configure-a-server-based-firewall-rule" - ] - }, - "risk_details": "If access from Azure services is enabled, the server's firewall will accept connections from all Azure resources, including resources not in your subscription. This is usually not a desired configuration. Instead, set up firewall rules to allow access from specific network ranges or VNET rules to allow access from specific virtual networks.", - "time": 1760903743, - "time_dt": "2025-10-19T19:55:43.343029", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-ireu from subscription Azure subscription 1 has allow public access from any Azure service disabled", - "metadata": { - "event_code": "postgresql_flexible_server_allow_access_services_disabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-ireu from subscription Azure subscription 1 has allow public access from any Azure service disabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/azure/postgresql/concepts-firewall-rules", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.r4.az.sa.3" - ], - "CIS-2.0": [ - "4.3.7" - ], - "ProwlerThreatScore-1.0": [ - "2.2.2" - ], - "ISO27001-2022": [ - "A.8.3" - ], - "CIS-2.1": [ - "4.3.7" - ], - "CIS-3.0": [ - "5.2.5" - ], - "CCC": [ - "CCC.DataWar.CN03.AR01" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903743, - "created_time_dt": "2025-10-19T19:55:43.343029", - "desc": "Disable access from Azure services to PostgreSQL Database Server.", - "title": "Ensure 'Allow access to Azure services' for PostgreSQL Database Server is disabled", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_allow_access_services_disabled-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-ireu" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu", - "name": "psql-ireu", - "resource_group": "rg-ireu", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-ireu", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Connection security. 4. Under Firewall rules, set Allow access to Azure services to No. 5. Click Save. From Azure CLI Use the below command to delete the AllowAllWindowsAzureIps rule for PostgreSQL Database. az postgres server firewall-rule delete --name AllowAllWindowsAzureIps -- resource-group --server-name ", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/quickstart-create-server-database-azure-cli#configure-a-server-based-firewall-rule" - ] - }, - "risk_details": "If access from Azure services is enabled, the server's firewall will accept connections from all Azure resources, including resources not in your subscription. This is usually not a desired configuration. Instead, set up firewall rules to allow access from specific network ranges or VNET rules to allow access from specific virtual networks.", - "time": 1760903743, - "time_dt": "2025-10-19T19:55:43.343029", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-rk6x from subscription Azure subscription 1 has allow public access from any Azure service disabled", - "metadata": { - "event_code": "postgresql_flexible_server_allow_access_services_disabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-rk6x from subscription Azure subscription 1 has allow public access from any Azure service disabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/azure/postgresql/concepts-firewall-rules", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.r4.az.sa.3" - ], - "CIS-2.0": [ - "4.3.7" - ], - "ProwlerThreatScore-1.0": [ - "2.2.2" - ], - "ISO27001-2022": [ - "A.8.3" - ], - "CIS-2.1": [ - "4.3.7" - ], - "CIS-3.0": [ - "5.2.5" - ], - "CCC": [ - "CCC.DataWar.CN03.AR01" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903743, - "created_time_dt": "2025-10-19T19:55:43.343029", - "desc": "Disable access from Azure services to PostgreSQL Database Server.", - "title": "Ensure 'Allow access to Azure services' for PostgreSQL Database Server is disabled", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_allow_access_services_disabled-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-rk6x" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x", - "name": "psql-rk6x", - "resource_group": "rg-rk6x", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-rk6x", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Connection security. 4. Under Firewall rules, set Allow access to Azure services to No. 5. Click Save. From Azure CLI Use the below command to delete the AllowAllWindowsAzureIps rule for PostgreSQL Database. az postgres server firewall-rule delete --name AllowAllWindowsAzureIps -- resource-group --server-name ", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/quickstart-create-server-database-azure-cli#configure-a-server-based-firewall-rule" - ] - }, - "risk_details": "If access from Azure services is enabled, the server's firewall will accept connections from all Azure resources, including resources not in your subscription. This is usually not a desired configuration. Instead, set up firewall rules to allow access from specific network ranges or VNET rules to allow access from specific virtual networks.", - "time": 1760903743, - "time_dt": "2025-10-19T19:55:43.343029", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-rtac from subscription Azure subscription 1 has allow public access from any Azure service disabled", - "metadata": { - "event_code": "postgresql_flexible_server_allow_access_services_disabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-rtac from subscription Azure subscription 1 has allow public access from any Azure service disabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/azure/postgresql/concepts-firewall-rules", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.r4.az.sa.3" - ], - "CIS-2.0": [ - "4.3.7" - ], - "ProwlerThreatScore-1.0": [ - "2.2.2" - ], - "ISO27001-2022": [ - "A.8.3" - ], - "CIS-2.1": [ - "4.3.7" - ], - "CIS-3.0": [ - "5.2.5" - ], - "CCC": [ - "CCC.DataWar.CN03.AR01" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903743, - "created_time_dt": "2025-10-19T19:55:43.343029", - "desc": "Disable access from Azure services to PostgreSQL Database Server.", - "title": "Ensure 'Allow access to Azure services' for PostgreSQL Database Server is disabled", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_allow_access_services_disabled-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-rtac" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac", - "name": "psql-rtac", - "resource_group": "rg-rtac", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-rtac", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Connection security. 4. Under Firewall rules, set Allow access to Azure services to No. 5. Click Save. From Azure CLI Use the below command to delete the AllowAllWindowsAzureIps rule for PostgreSQL Database. az postgres server firewall-rule delete --name AllowAllWindowsAzureIps -- resource-group --server-name ", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/quickstart-create-server-database-azure-cli#configure-a-server-based-firewall-rule" - ] - }, - "risk_details": "If access from Azure services is enabled, the server's firewall will accept connections from all Azure resources, including resources not in your subscription. This is usually not a desired configuration. Instead, set up firewall rules to allow access from specific network ranges or VNET rules to allow access from specific virtual networks.", - "time": 1760903743, - "time_dt": "2025-10-19T19:55:43.343029", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-tumw from subscription Azure subscription 1 has allow public access from any Azure service disabled", - "metadata": { - "event_code": "postgresql_flexible_server_allow_access_services_disabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-tumw from subscription Azure subscription 1 has allow public access from any Azure service disabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/azure/postgresql/concepts-firewall-rules", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.r4.az.sa.3" - ], - "CIS-2.0": [ - "4.3.7" - ], - "ProwlerThreatScore-1.0": [ - "2.2.2" - ], - "ISO27001-2022": [ - "A.8.3" - ], - "CIS-2.1": [ - "4.3.7" - ], - "CIS-3.0": [ - "5.2.5" - ], - "CCC": [ - "CCC.DataWar.CN03.AR01" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903743, - "created_time_dt": "2025-10-19T19:55:43.343029", - "desc": "Disable access from Azure services to PostgreSQL Database Server.", - "title": "Ensure 'Allow access to Azure services' for PostgreSQL Database Server is disabled", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_allow_access_services_disabled-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-tumw" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw", - "name": "psql-tumw", - "resource_group": "rg-tumw", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-tumw", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Connection security. 4. Under Firewall rules, set Allow access to Azure services to No. 5. Click Save. From Azure CLI Use the below command to delete the AllowAllWindowsAzureIps rule for PostgreSQL Database. az postgres server firewall-rule delete --name AllowAllWindowsAzureIps -- resource-group --server-name ", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/quickstart-create-server-database-azure-cli#configure-a-server-based-firewall-rule" - ] - }, - "risk_details": "If access from Azure services is enabled, the server's firewall will accept connections from all Azure resources, including resources not in your subscription. This is usually not a desired configuration. Instead, set up firewall rules to allow access from specific network ranges or VNET rules to allow access from specific virtual networks.", - "time": 1760903743, - "time_dt": "2025-10-19T19:55:43.343029", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-e9rn from subscription Azure subscription 1 has connection_throttling disabled", - "metadata": { - "event_code": "postgresql_flexible_server_connection_throttling_on", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Flexible Postgresql server psql-e9rn from subscription Azure subscription 1 has connection_throttling disabled", - "status_id": 1, - "unmapped": { - "related_url": " https://docs.microsoft.com/en-us/rest/api/postgresql/configurations/listbyserver", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-2.0": [ - "4.3.5" - ], - "ProwlerThreatScore-1.0": [ - "3.1.2" - ], - "CIS-2.1": [ - "4.3.5" - ], - "CIS-3.0": [ - "5.2.3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903743, - "created_time_dt": "2025-10-19T19:55:43.343029", - "desc": "Enable connection_throttling on PostgreSQL Servers.", - "title": "Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_connection_throttling_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-e9rn" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn", - "name": "psql-e9rn", - "resource_group": "rg-e9rn", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-e9rn", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for connection_throttling. 5. Click ON and save. From Azure CLI Use the below command to update connection_throttling configuration. az postgres server configuration set --resource-group -- server-name --name connection_throttling --value on From PowerShell Use the below command to update connection_throttling configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name connection_throttling -Value on", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/how-to-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling connection_throttling helps the PostgreSQL Database to Set the verbosity of logged messages. This in turn generates query and error logs with respect to concurrent connections that could lead to a successful Denial of Service (DoS) attack by exhausting connection resources. A system can also fail or be degraded by an overload of legitimate users. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760903743, - "time_dt": "2025-10-19T19:55:43.343029", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-ireu from subscription Azure subscription 1 has connection_throttling disabled", - "metadata": { - "event_code": "postgresql_flexible_server_connection_throttling_on", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Flexible Postgresql server psql-ireu from subscription Azure subscription 1 has connection_throttling disabled", - "status_id": 1, - "unmapped": { - "related_url": " https://docs.microsoft.com/en-us/rest/api/postgresql/configurations/listbyserver", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-2.0": [ - "4.3.5" - ], - "ProwlerThreatScore-1.0": [ - "3.1.2" - ], - "CIS-2.1": [ - "4.3.5" - ], - "CIS-3.0": [ - "5.2.3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903743, - "created_time_dt": "2025-10-19T19:55:43.343029", - "desc": "Enable connection_throttling on PostgreSQL Servers.", - "title": "Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_connection_throttling_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-ireu" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu", - "name": "psql-ireu", - "resource_group": "rg-ireu", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-ireu", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for connection_throttling. 5. Click ON and save. From Azure CLI Use the below command to update connection_throttling configuration. az postgres server configuration set --resource-group -- server-name --name connection_throttling --value on From PowerShell Use the below command to update connection_throttling configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name connection_throttling -Value on", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/how-to-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling connection_throttling helps the PostgreSQL Database to Set the verbosity of logged messages. This in turn generates query and error logs with respect to concurrent connections that could lead to a successful Denial of Service (DoS) attack by exhausting connection resources. A system can also fail or be degraded by an overload of legitimate users. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760903743, - "time_dt": "2025-10-19T19:55:43.343029", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-rk6x from subscription Azure subscription 1 has connection_throttling disabled", - "metadata": { - "event_code": "postgresql_flexible_server_connection_throttling_on", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Flexible Postgresql server psql-rk6x from subscription Azure subscription 1 has connection_throttling disabled", - "status_id": 1, - "unmapped": { - "related_url": " https://docs.microsoft.com/en-us/rest/api/postgresql/configurations/listbyserver", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-2.0": [ - "4.3.5" - ], - "ProwlerThreatScore-1.0": [ - "3.1.2" - ], - "CIS-2.1": [ - "4.3.5" - ], - "CIS-3.0": [ - "5.2.3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903743, - "created_time_dt": "2025-10-19T19:55:43.343029", - "desc": "Enable connection_throttling on PostgreSQL Servers.", - "title": "Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_connection_throttling_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-rk6x" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x", - "name": "psql-rk6x", - "resource_group": "rg-rk6x", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-rk6x", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for connection_throttling. 5. Click ON and save. From Azure CLI Use the below command to update connection_throttling configuration. az postgres server configuration set --resource-group -- server-name --name connection_throttling --value on From PowerShell Use the below command to update connection_throttling configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name connection_throttling -Value on", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/how-to-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling connection_throttling helps the PostgreSQL Database to Set the verbosity of logged messages. This in turn generates query and error logs with respect to concurrent connections that could lead to a successful Denial of Service (DoS) attack by exhausting connection resources. A system can also fail or be degraded by an overload of legitimate users. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760903743, - "time_dt": "2025-10-19T19:55:43.343029", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-rtac from subscription Azure subscription 1 has connection_throttling disabled", - "metadata": { - "event_code": "postgresql_flexible_server_connection_throttling_on", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Flexible Postgresql server psql-rtac from subscription Azure subscription 1 has connection_throttling disabled", - "status_id": 1, - "unmapped": { - "related_url": " https://docs.microsoft.com/en-us/rest/api/postgresql/configurations/listbyserver", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-2.0": [ - "4.3.5" - ], - "ProwlerThreatScore-1.0": [ - "3.1.2" - ], - "CIS-2.1": [ - "4.3.5" - ], - "CIS-3.0": [ - "5.2.3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903743, - "created_time_dt": "2025-10-19T19:55:43.343029", - "desc": "Enable connection_throttling on PostgreSQL Servers.", - "title": "Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_connection_throttling_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-rtac" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac", - "name": "psql-rtac", - "resource_group": "rg-rtac", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-rtac", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for connection_throttling. 5. Click ON and save. From Azure CLI Use the below command to update connection_throttling configuration. az postgres server configuration set --resource-group -- server-name --name connection_throttling --value on From PowerShell Use the below command to update connection_throttling configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name connection_throttling -Value on", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/how-to-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling connection_throttling helps the PostgreSQL Database to Set the verbosity of logged messages. This in turn generates query and error logs with respect to concurrent connections that could lead to a successful Denial of Service (DoS) attack by exhausting connection resources. A system can also fail or be degraded by an overload of legitimate users. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760903743, - "time_dt": "2025-10-19T19:55:43.343029", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-tumw from subscription Azure subscription 1 has connection_throttling disabled", - "metadata": { - "event_code": "postgresql_flexible_server_connection_throttling_on", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Flexible Postgresql server psql-tumw from subscription Azure subscription 1 has connection_throttling disabled", - "status_id": 1, - "unmapped": { - "related_url": " https://docs.microsoft.com/en-us/rest/api/postgresql/configurations/listbyserver", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-2.0": [ - "4.3.5" - ], - "ProwlerThreatScore-1.0": [ - "3.1.2" - ], - "CIS-2.1": [ - "4.3.5" - ], - "CIS-3.0": [ - "5.2.3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903743, - "created_time_dt": "2025-10-19T19:55:43.343029", - "desc": "Enable connection_throttling on PostgreSQL Servers.", - "title": "Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_connection_throttling_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-tumw" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw", - "name": "psql-tumw", - "resource_group": "rg-tumw", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-tumw", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for connection_throttling. 5. Click ON and save. From Azure CLI Use the below command to update connection_throttling configuration. az postgres server configuration set --resource-group -- server-name --name connection_throttling --value on From PowerShell Use the below command to update connection_throttling configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name connection_throttling -Value on", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/how-to-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling connection_throttling helps the PostgreSQL Database to Set the verbosity of logged messages. This in turn generates query and error logs with respect to concurrent connections that could lead to a successful Denial of Service (DoS) attack by exhausting connection resources. A system can also fail or be degraded by an overload of legitimate users. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760903743, - "time_dt": "2025-10-19T19:55:43.343029", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-e9rn from subscription Azure subscription 1 has enforce ssl enabled", - "metadata": { - "event_code": "postgresql_flexible_server_enforce_ssl_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-e9rn from subscription Azure subscription 1 has enforce ssl enabled", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/postgresql/single-server/concepts-ssl-connection-security", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": ".", - "compliance": { - "MITRE-ATTACK": [ - "T1040", - "T1530" - ], - "CIS-2.0": [ - "4.3.1" - ], - "ProwlerThreatScore-1.0": [ - "4.1.1", - "4.1.2" - ], - "SOC2": [ - "cc_6_2", - "cc_6_6" - ], - "CIS-2.1": [ - "4.3.1" - ], - "CIS-3.0": [ - "5.2.1", - "5.3.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903743, - "created_time_dt": "2025-10-19T19:55:43.343029", - "desc": "Enable SSL connection on PostgreSQL Servers.", - "title": "Ensure 'Enforce SSL connection' is set to 'ENABLED' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_enforce_ssl_enabled-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-e9rn" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn", - "name": "psql-e9rn", - "resource_group": "rg-e9rn", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-e9rn", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com 2. Go to Azure Database for PostgreSQL server 3. For each database, click on Connection security 4. In SSL settings, click on ENABLED to enforce SSL connections 5. Click Save From Azure CLI Use the below command to enforce ssl connection for PostgreSQL Database. az postgres server update --resource-group --name --ssl-enforcement Enabled From PowerShell Update-AzPostgreSqlServer -ResourceGroupName -ServerName -SslEnforcement Enabled", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/concepts-ssl-connection-security" - ] - }, - "risk_details": "SSL connectivity helps to provide a new layer of security by connecting database server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between database server and client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and application.", - "time": 1760903743, - "time_dt": "2025-10-19T19:55:43.343029", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-ireu from subscription Azure subscription 1 has enforce ssl enabled", - "metadata": { - "event_code": "postgresql_flexible_server_enforce_ssl_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-ireu from subscription Azure subscription 1 has enforce ssl enabled", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/postgresql/single-server/concepts-ssl-connection-security", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": ".", - "compliance": { - "MITRE-ATTACK": [ - "T1040", - "T1530" - ], - "CIS-2.0": [ - "4.3.1" - ], - "ProwlerThreatScore-1.0": [ - "4.1.1", - "4.1.2" - ], - "SOC2": [ - "cc_6_2", - "cc_6_6" - ], - "CIS-2.1": [ - "4.3.1" - ], - "CIS-3.0": [ - "5.2.1", - "5.3.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903743, - "created_time_dt": "2025-10-19T19:55:43.343029", - "desc": "Enable SSL connection on PostgreSQL Servers.", - "title": "Ensure 'Enforce SSL connection' is set to 'ENABLED' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_enforce_ssl_enabled-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-ireu" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu", - "name": "psql-ireu", - "resource_group": "rg-ireu", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-ireu", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com 2. Go to Azure Database for PostgreSQL server 3. For each database, click on Connection security 4. In SSL settings, click on ENABLED to enforce SSL connections 5. Click Save From Azure CLI Use the below command to enforce ssl connection for PostgreSQL Database. az postgres server update --resource-group --name --ssl-enforcement Enabled From PowerShell Update-AzPostgreSqlServer -ResourceGroupName -ServerName -SslEnforcement Enabled", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/concepts-ssl-connection-security" - ] - }, - "risk_details": "SSL connectivity helps to provide a new layer of security by connecting database server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between database server and client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and application.", - "time": 1760903743, - "time_dt": "2025-10-19T19:55:43.343029", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-rk6x from subscription Azure subscription 1 has enforce ssl enabled", - "metadata": { - "event_code": "postgresql_flexible_server_enforce_ssl_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-rk6x from subscription Azure subscription 1 has enforce ssl enabled", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/postgresql/single-server/concepts-ssl-connection-security", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": ".", - "compliance": { - "MITRE-ATTACK": [ - "T1040", - "T1530" - ], - "CIS-2.0": [ - "4.3.1" - ], - "ProwlerThreatScore-1.0": [ - "4.1.1", - "4.1.2" - ], - "SOC2": [ - "cc_6_2", - "cc_6_6" - ], - "CIS-2.1": [ - "4.3.1" - ], - "CIS-3.0": [ - "5.2.1", - "5.3.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903743, - "created_time_dt": "2025-10-19T19:55:43.343029", - "desc": "Enable SSL connection on PostgreSQL Servers.", - "title": "Ensure 'Enforce SSL connection' is set to 'ENABLED' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_enforce_ssl_enabled-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-rk6x" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x", - "name": "psql-rk6x", - "resource_group": "rg-rk6x", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-rk6x", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com 2. Go to Azure Database for PostgreSQL server 3. For each database, click on Connection security 4. In SSL settings, click on ENABLED to enforce SSL connections 5. Click Save From Azure CLI Use the below command to enforce ssl connection for PostgreSQL Database. az postgres server update --resource-group --name --ssl-enforcement Enabled From PowerShell Update-AzPostgreSqlServer -ResourceGroupName -ServerName -SslEnforcement Enabled", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/concepts-ssl-connection-security" - ] - }, - "risk_details": "SSL connectivity helps to provide a new layer of security by connecting database server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between database server and client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and application.", - "time": 1760903743, - "time_dt": "2025-10-19T19:55:43.343029", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-rtac from subscription Azure subscription 1 has enforce ssl enabled", - "metadata": { - "event_code": "postgresql_flexible_server_enforce_ssl_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-rtac from subscription Azure subscription 1 has enforce ssl enabled", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/postgresql/single-server/concepts-ssl-connection-security", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": ".", - "compliance": { - "MITRE-ATTACK": [ - "T1040", - "T1530" - ], - "CIS-2.0": [ - "4.3.1" - ], - "ProwlerThreatScore-1.0": [ - "4.1.1", - "4.1.2" - ], - "SOC2": [ - "cc_6_2", - "cc_6_6" - ], - "CIS-2.1": [ - "4.3.1" - ], - "CIS-3.0": [ - "5.2.1", - "5.3.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903743, - "created_time_dt": "2025-10-19T19:55:43.343029", - "desc": "Enable SSL connection on PostgreSQL Servers.", - "title": "Ensure 'Enforce SSL connection' is set to 'ENABLED' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_enforce_ssl_enabled-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-rtac" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac", - "name": "psql-rtac", - "resource_group": "rg-rtac", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-rtac", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com 2. Go to Azure Database for PostgreSQL server 3. For each database, click on Connection security 4. In SSL settings, click on ENABLED to enforce SSL connections 5. Click Save From Azure CLI Use the below command to enforce ssl connection for PostgreSQL Database. az postgres server update --resource-group --name --ssl-enforcement Enabled From PowerShell Update-AzPostgreSqlServer -ResourceGroupName -ServerName -SslEnforcement Enabled", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/concepts-ssl-connection-security" - ] - }, - "risk_details": "SSL connectivity helps to provide a new layer of security by connecting database server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between database server and client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and application.", - "time": 1760903743, - "time_dt": "2025-10-19T19:55:43.343029", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-tumw from subscription Azure subscription 1 has enforce ssl enabled", - "metadata": { - "event_code": "postgresql_flexible_server_enforce_ssl_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-tumw from subscription Azure subscription 1 has enforce ssl enabled", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/postgresql/single-server/concepts-ssl-connection-security", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": ".", - "compliance": { - "MITRE-ATTACK": [ - "T1040", - "T1530" - ], - "CIS-2.0": [ - "4.3.1" - ], - "ProwlerThreatScore-1.0": [ - "4.1.1", - "4.1.2" - ], - "SOC2": [ - "cc_6_2", - "cc_6_6" - ], - "CIS-2.1": [ - "4.3.1" - ], - "CIS-3.0": [ - "5.2.1", - "5.3.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903743, - "created_time_dt": "2025-10-19T19:55:43.343029", - "desc": "Enable SSL connection on PostgreSQL Servers.", - "title": "Ensure 'Enforce SSL connection' is set to 'ENABLED' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_enforce_ssl_enabled-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-tumw" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw", - "name": "psql-tumw", - "resource_group": "rg-tumw", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-tumw", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com 2. Go to Azure Database for PostgreSQL server 3. For each database, click on Connection security 4. In SSL settings, click on ENABLED to enforce SSL connections 5. Click Save From Azure CLI Use the below command to enforce ssl connection for PostgreSQL Database. az postgres server update --resource-group --name --ssl-enforcement Enabled From PowerShell Update-AzPostgreSqlServer -ResourceGroupName -ServerName -SslEnforcement Enabled", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/concepts-ssl-connection-security" - ] - }, - "risk_details": "SSL connectivity helps to provide a new layer of security by connecting database server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between database server and client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and application.", - "time": 1760903743, - "time_dt": "2025-10-19T19:55:43.343029", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-e9rn from subscription Azure subscription 1 has log_checkpoints enabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_checkpoints_on", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-e9rn from subscription Azure subscription 1 has log_checkpoints enabled", - "status_id": 1, - "unmapped": { - "related_url": " https://docs.microsoft.com/en-us/rest/api/postgresql/singleserver/configurations/list-by-server", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.3" - ], - "CIS-2.0": [ - "4.3.2" - ], - "ProwlerThreatScore-1.0": [ - "3.1.1" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "4.3.2" - ], - "CIS-3.0": [ - "5.2.2" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.g", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903743, - "created_time_dt": "2025-10-19T19:55:43.343029", - "desc": "Enable log_checkpoints on PostgreSQL Servers.", - "title": "Ensure Server Parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_checkpoints_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-e9rn" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn", - "name": "psql-e9rn", - "resource_group": "rg-e9rn", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-e9rn", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. From Azure Home select the Portal Menu. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for log_checkpoints. 5. Click ON and save. From Azure CLI Use the below command to update log_checkpoints configuration. az postgres server configuration set --resource-group -- server-name --name log_checkpoints --value on From PowerShell Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_checkpoints -Value on", - "references": [ - "https://docs.microsoft.com/en-us/azure/postgresql/howto-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling log_checkpoints helps the PostgreSQL Database to Log each checkpoint in turn generates query and error logs. However, access to transaction logs is not supported. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760903743, - "time_dt": "2025-10-19T19:55:43.343029", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-ireu from subscription Azure subscription 1 has log_checkpoints enabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_checkpoints_on", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-ireu from subscription Azure subscription 1 has log_checkpoints enabled", - "status_id": 1, - "unmapped": { - "related_url": " https://docs.microsoft.com/en-us/rest/api/postgresql/singleserver/configurations/list-by-server", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.3" - ], - "CIS-2.0": [ - "4.3.2" - ], - "ProwlerThreatScore-1.0": [ - "3.1.1" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "4.3.2" - ], - "CIS-3.0": [ - "5.2.2" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.g", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903743, - "created_time_dt": "2025-10-19T19:55:43.343029", - "desc": "Enable log_checkpoints on PostgreSQL Servers.", - "title": "Ensure Server Parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_checkpoints_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-ireu" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu", - "name": "psql-ireu", - "resource_group": "rg-ireu", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-ireu", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. From Azure Home select the Portal Menu. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for log_checkpoints. 5. Click ON and save. From Azure CLI Use the below command to update log_checkpoints configuration. az postgres server configuration set --resource-group -- server-name --name log_checkpoints --value on From PowerShell Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_checkpoints -Value on", - "references": [ - "https://docs.microsoft.com/en-us/azure/postgresql/howto-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling log_checkpoints helps the PostgreSQL Database to Log each checkpoint in turn generates query and error logs. However, access to transaction logs is not supported. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760903743, - "time_dt": "2025-10-19T19:55:43.343029", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-rk6x from subscription Azure subscription 1 has log_checkpoints enabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_checkpoints_on", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-rk6x from subscription Azure subscription 1 has log_checkpoints enabled", - "status_id": 1, - "unmapped": { - "related_url": " https://docs.microsoft.com/en-us/rest/api/postgresql/singleserver/configurations/list-by-server", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.3" - ], - "CIS-2.0": [ - "4.3.2" - ], - "ProwlerThreatScore-1.0": [ - "3.1.1" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "4.3.2" - ], - "CIS-3.0": [ - "5.2.2" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.g", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903743, - "created_time_dt": "2025-10-19T19:55:43.343029", - "desc": "Enable log_checkpoints on PostgreSQL Servers.", - "title": "Ensure Server Parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_checkpoints_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-rk6x" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x", - "name": "psql-rk6x", - "resource_group": "rg-rk6x", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-rk6x", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. From Azure Home select the Portal Menu. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for log_checkpoints. 5. Click ON and save. From Azure CLI Use the below command to update log_checkpoints configuration. az postgres server configuration set --resource-group -- server-name --name log_checkpoints --value on From PowerShell Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_checkpoints -Value on", - "references": [ - "https://docs.microsoft.com/en-us/azure/postgresql/howto-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling log_checkpoints helps the PostgreSQL Database to Log each checkpoint in turn generates query and error logs. However, access to transaction logs is not supported. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760903743, - "time_dt": "2025-10-19T19:55:43.343029", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-rtac from subscription Azure subscription 1 has log_checkpoints enabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_checkpoints_on", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-rtac from subscription Azure subscription 1 has log_checkpoints enabled", - "status_id": 1, - "unmapped": { - "related_url": " https://docs.microsoft.com/en-us/rest/api/postgresql/singleserver/configurations/list-by-server", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.3" - ], - "CIS-2.0": [ - "4.3.2" - ], - "ProwlerThreatScore-1.0": [ - "3.1.1" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "4.3.2" - ], - "CIS-3.0": [ - "5.2.2" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.g", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903743, - "created_time_dt": "2025-10-19T19:55:43.343029", - "desc": "Enable log_checkpoints on PostgreSQL Servers.", - "title": "Ensure Server Parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_checkpoints_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-rtac" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac", - "name": "psql-rtac", - "resource_group": "rg-rtac", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-rtac", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. From Azure Home select the Portal Menu. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for log_checkpoints. 5. Click ON and save. From Azure CLI Use the below command to update log_checkpoints configuration. az postgres server configuration set --resource-group -- server-name --name log_checkpoints --value on From PowerShell Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_checkpoints -Value on", - "references": [ - "https://docs.microsoft.com/en-us/azure/postgresql/howto-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling log_checkpoints helps the PostgreSQL Database to Log each checkpoint in turn generates query and error logs. However, access to transaction logs is not supported. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760903743, - "time_dt": "2025-10-19T19:55:43.343029", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-tumw from subscription Azure subscription 1 has log_checkpoints enabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_checkpoints_on", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-tumw from subscription Azure subscription 1 has log_checkpoints enabled", - "status_id": 1, - "unmapped": { - "related_url": " https://docs.microsoft.com/en-us/rest/api/postgresql/singleserver/configurations/list-by-server", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.3" - ], - "CIS-2.0": [ - "4.3.2" - ], - "ProwlerThreatScore-1.0": [ - "3.1.1" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "4.3.2" - ], - "CIS-3.0": [ - "5.2.2" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.g", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903743, - "created_time_dt": "2025-10-19T19:55:43.343029", - "desc": "Enable log_checkpoints on PostgreSQL Servers.", - "title": "Ensure Server Parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_checkpoints_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-tumw" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw", - "name": "psql-tumw", - "resource_group": "rg-tumw", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-tumw", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. From Azure Home select the Portal Menu. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for log_checkpoints. 5. Click ON and save. From Azure CLI Use the below command to update log_checkpoints configuration. az postgres server configuration set --resource-group -- server-name --name log_checkpoints --value on From PowerShell Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_checkpoints -Value on", - "references": [ - "https://docs.microsoft.com/en-us/azure/postgresql/howto-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling log_checkpoints helps the PostgreSQL Database to Log each checkpoint in turn generates query and error logs. However, access to transaction logs is not supported. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760903743, - "time_dt": "2025-10-19T19:55:43.343029", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-e9rn from subscription Azure subscription 1 has log_connections enabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_connections_on", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-e9rn from subscription Azure subscription 1 has log_connections enabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/rest/api/postgresql/configurations/listbyserver", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.3" - ], - "CIS-2.0": [ - "4.3.3" - ], - "ProwlerThreatScore-1.0": [ - "3.1.3" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "4.3.3" - ], - "CIS-3.0": [ - "5.2.6" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.c", - "3.2.3.e", - "3.2.3.g", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903743, - "created_time_dt": "2025-10-19T19:55:43.343029", - "desc": "Enable log_connections on PostgreSQL Servers.", - "title": "Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_connections_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-e9rn" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn", - "name": "psql-e9rn", - "resource_group": "rg-e9rn", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-e9rn", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for log_connections. 5. Click ON and save. From Azure CLI Use the below command to update log_connections configuration. az postgres server configuration set --resource-group -- server-name --name log_connections --value on From PowerShell Use the below command to update log_connections configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_connections -Value on", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/how-to-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling log_connections helps PostgreSQL Database to log attempted connection to the server, as well as successful completion of client authentication. Log data can be used to identify, troubleshoot, and repair configuration errors and suboptimal performance.", - "time": 1760903743, - "time_dt": "2025-10-19T19:55:43.343029", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-ireu from subscription Azure subscription 1 has log_connections enabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_connections_on", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-ireu from subscription Azure subscription 1 has log_connections enabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/rest/api/postgresql/configurations/listbyserver", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.3" - ], - "CIS-2.0": [ - "4.3.3" - ], - "ProwlerThreatScore-1.0": [ - "3.1.3" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "4.3.3" - ], - "CIS-3.0": [ - "5.2.6" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.c", - "3.2.3.e", - "3.2.3.g", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903743, - "created_time_dt": "2025-10-19T19:55:43.343029", - "desc": "Enable log_connections on PostgreSQL Servers.", - "title": "Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_connections_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-ireu" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu", - "name": "psql-ireu", - "resource_group": "rg-ireu", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-ireu", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for log_connections. 5. Click ON and save. From Azure CLI Use the below command to update log_connections configuration. az postgres server configuration set --resource-group -- server-name --name log_connections --value on From PowerShell Use the below command to update log_connections configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_connections -Value on", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/how-to-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling log_connections helps PostgreSQL Database to log attempted connection to the server, as well as successful completion of client authentication. Log data can be used to identify, troubleshoot, and repair configuration errors and suboptimal performance.", - "time": 1760903743, - "time_dt": "2025-10-19T19:55:43.343029", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-rk6x from subscription Azure subscription 1 has log_connections enabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_connections_on", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-rk6x from subscription Azure subscription 1 has log_connections enabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/rest/api/postgresql/configurations/listbyserver", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.3" - ], - "CIS-2.0": [ - "4.3.3" - ], - "ProwlerThreatScore-1.0": [ - "3.1.3" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "4.3.3" - ], - "CIS-3.0": [ - "5.2.6" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.c", - "3.2.3.e", - "3.2.3.g", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903743, - "created_time_dt": "2025-10-19T19:55:43.343029", - "desc": "Enable log_connections on PostgreSQL Servers.", - "title": "Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_connections_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-rk6x" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x", - "name": "psql-rk6x", - "resource_group": "rg-rk6x", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-rk6x", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for log_connections. 5. Click ON and save. From Azure CLI Use the below command to update log_connections configuration. az postgres server configuration set --resource-group -- server-name --name log_connections --value on From PowerShell Use the below command to update log_connections configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_connections -Value on", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/how-to-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling log_connections helps PostgreSQL Database to log attempted connection to the server, as well as successful completion of client authentication. Log data can be used to identify, troubleshoot, and repair configuration errors and suboptimal performance.", - "time": 1760903743, - "time_dt": "2025-10-19T19:55:43.343029", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-rtac from subscription Azure subscription 1 has log_connections enabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_connections_on", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-rtac from subscription Azure subscription 1 has log_connections enabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/rest/api/postgresql/configurations/listbyserver", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.3" - ], - "CIS-2.0": [ - "4.3.3" - ], - "ProwlerThreatScore-1.0": [ - "3.1.3" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "4.3.3" - ], - "CIS-3.0": [ - "5.2.6" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.c", - "3.2.3.e", - "3.2.3.g", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903743, - "created_time_dt": "2025-10-19T19:55:43.343029", - "desc": "Enable log_connections on PostgreSQL Servers.", - "title": "Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_connections_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-rtac" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac", - "name": "psql-rtac", - "resource_group": "rg-rtac", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-rtac", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for log_connections. 5. Click ON and save. From Azure CLI Use the below command to update log_connections configuration. az postgres server configuration set --resource-group -- server-name --name log_connections --value on From PowerShell Use the below command to update log_connections configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_connections -Value on", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/how-to-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling log_connections helps PostgreSQL Database to log attempted connection to the server, as well as successful completion of client authentication. Log data can be used to identify, troubleshoot, and repair configuration errors and suboptimal performance.", - "time": 1760903743, - "time_dt": "2025-10-19T19:55:43.343029", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-tumw from subscription Azure subscription 1 has log_connections enabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_connections_on", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-tumw from subscription Azure subscription 1 has log_connections enabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/rest/api/postgresql/configurations/listbyserver", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.3" - ], - "CIS-2.0": [ - "4.3.3" - ], - "ProwlerThreatScore-1.0": [ - "3.1.3" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "4.3.3" - ], - "CIS-3.0": [ - "5.2.6" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.c", - "3.2.3.e", - "3.2.3.g", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903743, - "created_time_dt": "2025-10-19T19:55:43.343029", - "desc": "Enable log_connections on PostgreSQL Servers.", - "title": "Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_connections_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-tumw" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw", - "name": "psql-tumw", - "resource_group": "rg-tumw", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-tumw", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for log_connections. 5. Click ON and save. From Azure CLI Use the below command to update log_connections configuration. az postgres server configuration set --resource-group -- server-name --name log_connections --value on From PowerShell Use the below command to update log_connections configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_connections -Value on", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/how-to-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling log_connections helps PostgreSQL Database to log attempted connection to the server, as well as successful completion of client authentication. Log data can be used to identify, troubleshoot, and repair configuration errors and suboptimal performance.", - "time": 1760903743, - "time_dt": "2025-10-19T19:55:43.343029", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-e9rn from subscription Azure subscription 1 has log_disconnections enabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_disconnections_on", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-e9rn from subscription Azure subscription 1 has log_disconnections enabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/rest/api/postgresql/singleserver/configurations/list-by-server", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Enabling this setting will enable a log of all disconnections. If this is enabled for a high traffic server, the log may grow exponentially.", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.3" - ], - "CIS-2.0": [ - "4.3.4" - ], - "ProwlerThreatScore-1.0": [ - "3.1.4" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "4.3.4" - ], - "CIS-3.0": [ - "5.2.7" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.c", - "3.2.3.e", - "3.2.3.g", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903743, - "created_time_dt": "2025-10-19T19:55:43.343029", - "desc": "Enable log_disconnections on PostgreSQL Servers.", - "title": "Ensure server parameter 'log_disconnections' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_disconnections_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-e9rn" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn", - "name": "psql-e9rn", - "resource_group": "rg-e9rn", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-e9rn", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. From Azure Home select the Portal Menu 2. Go to Azure Database for PostgreSQL servers 3. For each database, click on Server parameters 4. Search for log_disconnections. 5. Click ON and save. From Azure CLI Use the below command to update log_disconnections configuration. az postgres server configuration set --resource-group -- server-name --name log_disconnections --value on From PowerShell Use the below command to update log_disconnections configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName -- server-name --name log_disconnections --value on From PowerShell Use the below command to update log_disconnections configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName -- server-name --name log_disconnections --value on From PowerShell Use the below command to update log_disconnections configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName -- server-name --name log_disconnections --value on From PowerShell Use the below command to update log_disconnections configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName -- server-name --name log_disconnections --value on From PowerShell Use the below command to update log_disconnections configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName -- server-name --name log_retention_days --value <4-7> From Powershell Use the below command to update log_retention_days configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_retention_days -Value <4-7>", - "references": [ - "https://learn.microsoft.com/en-us/rest/api/postgresql/singleserver/configurations/list-by-server?view=rest-postgresql-singleserver-2017-12-01&tabs=HTTP" - ] - }, - "risk_details": "Configuring log_retention_days determines the duration in days that Azure Database for PostgreSQL retains log files. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760903743, - "time_dt": "2025-10-19T19:55:43.343029", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-ireu from subscription Azure subscription 1 has log_retention disabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_retention_days_greater_3", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Flexible Postgresql server psql-ireu from subscription Azure subscription 1 has log_retention disabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/azure/postgresql/howto-configure-server-parameters-using-portal", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Configuring this setting will result in logs being retained for the specified number of days. If this is configured on a high traffic server, the log may grow quickly to occupy a large amount of disk space. In this case you may want to set this to a lower number.", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.r3.az.nt.1", - "op.mon.3.az.nw.1" - ], - "CIS-2.0": [ - "4.3.6" - ], - "ProwlerThreatScore-1.0": [ - "3.2.2" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1", - "cc_c_1_2" - ], - "CIS-2.1": [ - "4.3.6" - ], - "CIS-3.0": [ - "5.2.4" - ], - "CCC": [ - "CCC.Logging.CN02.AR02" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.g", - "3.2.5", - "4.1.2.g", - "4.1.4", - "6.1.2.b", - "11.2.2.f", - "12.2.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903743, - "created_time_dt": "2025-10-19T19:55:43.343029", - "desc": "Ensure log_retention_days on PostgreSQL Servers is set to an appropriate value.", - "title": "Ensure Server Parameter 'log_retention_days' is greater than 3 days for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_retention_days_greater_3-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-ireu" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu", - "name": "psql-ireu", - "resource_group": "rg-ireu", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-ireu", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. From Azure Home select the Portal Menu. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for log_retention_days. 5. Input a value between 4 and 7 (inclusive) and click Save. From Azure CLI Use the below command to update log_retention_days configuration. az postgres server configuration set --resource-group -- server-name --name log_retention_days --value <4-7> From Powershell Use the below command to update log_retention_days configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_retention_days -Value <4-7>", - "references": [ - "https://learn.microsoft.com/en-us/rest/api/postgresql/singleserver/configurations/list-by-server?view=rest-postgresql-singleserver-2017-12-01&tabs=HTTP" - ] - }, - "risk_details": "Configuring log_retention_days determines the duration in days that Azure Database for PostgreSQL retains log files. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760903743, - "time_dt": "2025-10-19T19:55:43.343029", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-rk6x from subscription Azure subscription 1 has log_retention disabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_retention_days_greater_3", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Flexible Postgresql server psql-rk6x from subscription Azure subscription 1 has log_retention disabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/azure/postgresql/howto-configure-server-parameters-using-portal", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Configuring this setting will result in logs being retained for the specified number of days. If this is configured on a high traffic server, the log may grow quickly to occupy a large amount of disk space. In this case you may want to set this to a lower number.", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.r3.az.nt.1", - "op.mon.3.az.nw.1" - ], - "CIS-2.0": [ - "4.3.6" - ], - "ProwlerThreatScore-1.0": [ - "3.2.2" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1", - "cc_c_1_2" - ], - "CIS-2.1": [ - "4.3.6" - ], - "CIS-3.0": [ - "5.2.4" - ], - "CCC": [ - "CCC.Logging.CN02.AR02" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.g", - "3.2.5", - "4.1.2.g", - "4.1.4", - "6.1.2.b", - "11.2.2.f", - "12.2.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903743, - "created_time_dt": "2025-10-19T19:55:43.343029", - "desc": "Ensure log_retention_days on PostgreSQL Servers is set to an appropriate value.", - "title": "Ensure Server Parameter 'log_retention_days' is greater than 3 days for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_retention_days_greater_3-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-rk6x" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x", - "name": "psql-rk6x", - "resource_group": "rg-rk6x", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-rk6x", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. From Azure Home select the Portal Menu. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for log_retention_days. 5. Input a value between 4 and 7 (inclusive) and click Save. From Azure CLI Use the below command to update log_retention_days configuration. az postgres server configuration set --resource-group -- server-name --name log_retention_days --value <4-7> From Powershell Use the below command to update log_retention_days configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_retention_days -Value <4-7>", - "references": [ - "https://learn.microsoft.com/en-us/rest/api/postgresql/singleserver/configurations/list-by-server?view=rest-postgresql-singleserver-2017-12-01&tabs=HTTP" - ] - }, - "risk_details": "Configuring log_retention_days determines the duration in days that Azure Database for PostgreSQL retains log files. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760903743, - "time_dt": "2025-10-19T19:55:43.343029", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-rtac from subscription Azure subscription 1 has log_retention disabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_retention_days_greater_3", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Flexible Postgresql server psql-rtac from subscription Azure subscription 1 has log_retention disabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/azure/postgresql/howto-configure-server-parameters-using-portal", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Configuring this setting will result in logs being retained for the specified number of days. If this is configured on a high traffic server, the log may grow quickly to occupy a large amount of disk space. In this case you may want to set this to a lower number.", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.r3.az.nt.1", - "op.mon.3.az.nw.1" - ], - "CIS-2.0": [ - "4.3.6" - ], - "ProwlerThreatScore-1.0": [ - "3.2.2" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1", - "cc_c_1_2" - ], - "CIS-2.1": [ - "4.3.6" - ], - "CIS-3.0": [ - "5.2.4" - ], - "CCC": [ - "CCC.Logging.CN02.AR02" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.g", - "3.2.5", - "4.1.2.g", - "4.1.4", - "6.1.2.b", - "11.2.2.f", - "12.2.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903743, - "created_time_dt": "2025-10-19T19:55:43.343029", - "desc": "Ensure log_retention_days on PostgreSQL Servers is set to an appropriate value.", - "title": "Ensure Server Parameter 'log_retention_days' is greater than 3 days for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_retention_days_greater_3-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-rtac" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac", - "name": "psql-rtac", - "resource_group": "rg-rtac", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-rtac", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. From Azure Home select the Portal Menu. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for log_retention_days. 5. Input a value between 4 and 7 (inclusive) and click Save. From Azure CLI Use the below command to update log_retention_days configuration. az postgres server configuration set --resource-group -- server-name --name log_retention_days --value <4-7> From Powershell Use the below command to update log_retention_days configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_retention_days -Value <4-7>", - "references": [ - "https://learn.microsoft.com/en-us/rest/api/postgresql/singleserver/configurations/list-by-server?view=rest-postgresql-singleserver-2017-12-01&tabs=HTTP" - ] - }, - "risk_details": "Configuring log_retention_days determines the duration in days that Azure Database for PostgreSQL retains log files. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760903743, - "time_dt": "2025-10-19T19:55:43.343029", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-tumw from subscription Azure subscription 1 has log_retention disabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_retention_days_greater_3", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Flexible Postgresql server psql-tumw from subscription Azure subscription 1 has log_retention disabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/azure/postgresql/howto-configure-server-parameters-using-portal", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Configuring this setting will result in logs being retained for the specified number of days. If this is configured on a high traffic server, the log may grow quickly to occupy a large amount of disk space. In this case you may want to set this to a lower number.", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.r3.az.nt.1", - "op.mon.3.az.nw.1" - ], - "CIS-2.0": [ - "4.3.6" - ], - "ProwlerThreatScore-1.0": [ - "3.2.2" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1", - "cc_c_1_2" - ], - "CIS-2.1": [ - "4.3.6" - ], - "CIS-3.0": [ - "5.2.4" - ], - "CCC": [ - "CCC.Logging.CN02.AR02" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.g", - "3.2.5", - "4.1.2.g", - "4.1.4", - "6.1.2.b", - "11.2.2.f", - "12.2.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903743, - "created_time_dt": "2025-10-19T19:55:43.343029", - "desc": "Ensure log_retention_days on PostgreSQL Servers is set to an appropriate value.", - "title": "Ensure Server Parameter 'log_retention_days' is greater than 3 days for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_retention_days_greater_3-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-tumw" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw", - "name": "psql-tumw", - "resource_group": "rg-tumw", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-tumw", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. From Azure Home select the Portal Menu. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for log_retention_days. 5. Input a value between 4 and 7 (inclusive) and click Save. From Azure CLI Use the below command to update log_retention_days configuration. az postgres server configuration set --resource-group -- server-name --name log_retention_days --value <4-7> From Powershell Use the below command to update log_retention_days configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_retention_days -Value <4-7>", - "references": [ - "https://learn.microsoft.com/en-us/rest/api/postgresql/singleserver/configurations/list-by-server?view=rest-postgresql-singleserver-2017-12-01&tabs=HTTP" - ] - }, - "risk_details": "Configuring log_retention_days determines the duration in days that Azure Database for PostgreSQL retains log files. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760903743, - "time_dt": "2025-10-19T19:55:43.343029", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - } -] diff --git a/website/src/data/test-results/finos-labs-ccc-cfi-compliance/secure-azure-storage/results/secure-azure-storage-combined.ocsf.json b/website/src/data/test-results/finos-labs-ccc-cfi-compliance/secure-azure-storage/results/secure-azure-storage-combined.ocsf.json deleted file mode 100644 index 3ccfbb86..00000000 --- a/website/src/data/test-results/finos-labs-ccc-cfi-compliance/secure-azure-storage/results/secure-azure-storage-combined.ocsf.json +++ /dev/null @@ -1,76 +0,0 @@ -[ - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1760904028, - "created_time_dt": "2025-10-19T20:00:28Z", - "desc": "Compliance test scenario: Cleanup", - "title": "Cleanup", - "types": [], - "uid": "ccc-test-487-1760904028" - }, - "message": "Cleanup", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Destructive", - "uid": "CCC-Destructive", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "azure", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808", - "region": "eastus", - "status": "ACTIVE", - "tags": [], - "type": "Microsoft.Storage/storageAccounts" - } - }, - "group": { - "name": "Microsoft.Storage/storageAccounts" - }, - "labels": [ - "{\"Owner\": \"CFI\", \"Environment\": \"Production\"}" - ], - "name": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808", - "region": "eastus", - "type": "Microsoft.Storage/storageAccounts", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808" - } - ], - "severity": "Medium", - "severity_id": 3, - "status": "New", - "status_code": "SKIP", - "status_detail": "βœ“ a cloud api for \"{Provider}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" with parameter \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" with parameter \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ— I call \"{storage}\" with \"CreateBucket\" with parameter \"test-bucket-obj-write\" - Error: reflect: call of reflect.Value.MethodByName on zero Value\n⊘ I refer to \"{result}\" as \"bucket\" (skipped)\n⊘ I call \"{storage}\" with \"DeleteBucket\" with parameter \"{bucket.ID}\" (skipped)\n⊘ I call \"{iamService}\" with \"DestroyUser\" with parameter \"{testUserTrusted}\" (skipped)\n⊘ I call \"{iamService}\" with \"DestroyUser\" with parameter \"{testUserUntrusted}\" (skipped)", - "status_id": 1, - "time": 1760904028, - "time_dt": "2025-10-19T20:00:28Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.ObjStor.C01.TR04" - ] - } - } - } -] \ No newline at end of file diff --git a/website/src/data/test-results/finos-labs-ccc-cfi-compliance/secure-azure-storage/results/secure-azure-storage-complete.ocsf.json b/website/src/data/test-results/finos-labs-ccc-cfi-compliance/secure-azure-storage/results/secure-azure-storage-complete.ocsf.json deleted file mode 100644 index 025c897b..00000000 --- a/website/src/data/test-results/finos-labs-ccc-cfi-compliance/secure-azure-storage/results/secure-azure-storage-complete.ocsf.json +++ /dev/null @@ -1,14774 +0,0 @@ -[ - { - "message": "There are no AppInsight configured in subscription Azure subscription 1.", - "metadata": { - "event_code": "appinsights_ensure_is_configured", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "There are no AppInsight configured in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/azure-monitor/app/app-insights-overview", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Because Application Insights relies on a Log Analytics Workspace, an organization will incur additional expenses when using this service.", - "compliance": { - "ENS-RD2022": [ - "mp.s.4.r1.az.nt.2" - ], - "CIS-2.0": [ - "5.3.1" - ], - "ProwlerThreatScore-1.0": [ - "3.3.13" - ], - "CIS-2.1": [ - "5.3.1" - ], - "CIS-3.0": [ - "6.3.1" - ], - "CCC": [ - "CCC.Logging.CN01.AR01" - ], - "PCI-4.0": [ - "10.2.1.1.3", - "10.2.1.2.3", - "10.2.1.3.3", - "10.2.1.4.3", - "10.2.1.5.3", - "10.2.1.6.3", - "10.2.1.7.3", - "10.2.1.3", - "10.2.2.3", - "10.4.1.1.1", - "10.4.1.1", - "10.4.2.1", - "10.6.3.3", - "10.7.1.1", - "10.7.2.1", - "5.3.4.3", - "A1.2.1.3", - "A3.3.1.1", - "A3.5.1.1" - ], - "CIS-4.0": [ - "7.1.3.1" - ], - "NIS2": [ - "3.2.3.h", - "5.1.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Application Insights within Azure act as an Application Performance Monitoring solution providing valuable data into how well an application performs and additional information when performing incident response. The types of log data collected include application metrics, telemetry data, and application trace logging data providing organizations with detailed information about application activity and application transactions. Both data sets help organizations adopt a proactive and retroactive means to handle security and performance related metrics within their modern applications.", - "title": "Ensure Application Insights are Configured.", - "types": [], - "uid": "prowler-azure-appinsights_ensure_is_configured-3bb71587-4549-4396-8898-9e15f062e665-global-AppInsights" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "appinsights" - }, - "labels": [], - "name": "AppInsights", - "type": "Microsoft.Insights/components", - "uid": "AppInsights" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. Navigate to Application Insights 2. Under the Basics tab within the PROJECT DETAILS section, select the Subscription 3. Select the Resource group 4. Within the INSTANCE DETAILS, enter a Name 5. Select a Region 6. Next to Resource Mode, select Workspace-based 7. Within the WORKSPACE DETAILS, select the Subscription for the log analytics workspace 8. Select the appropriate Log Analytics Workspace 9. Click Next:Tags > 10. Enter the appropriate Tags as Name, Value pairs. 11. Click Next:Review+Create 12. Click Create.", - "references": [] - }, - "risk_details": "Configuring Application Insights provides additional data not found elsewhere within Azure as part of a much larger logging and monitoring program within an organization's Information Security practice. The types and contents of these logs will act as both a potential cost saving measure (application performance) and a means to potentially confirm the source of a potential incident (trace logging). Metrics and Telemetry data provide organizations with a proactive approach to cost savings by monitoring an application's performance, while the trace logging data provides necessary details in a reactive incident response scenario by helping organizations identify the potential source of an incident within their application.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Defender Auto Provisioning Log Analytics Agents from subscription Azure subscription 1 is set to OFF.", - "metadata": { - "event_code": "defender_auto_provisioning_log_analytics_agent_vms_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Defender Auto Provisioning Log Analytics Agents from subscription Azure subscription 1 is set to OFF.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/azure/security-center/security-center-data-security", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.mon.3.r2.az.de.1", - "mp.s.4.r1.az.nt.5" - ], - "MITRE-ATTACK": [ - "T1190" - ], - "CIS-2.0": [ - "2.1.15" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1", - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "2.1.14" - ], - "CIS-3.0": [ - "3.1.1.1" - ], - "NIS2": [ - "2.1.2.h", - "3.1.2.d", - "3.2.3.c", - "3.2.3.e", - "3.2.3.g", - "3.6.2", - "6.9.2", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Ensure that Auto provisioning of 'Log Analytics agent for Azure VMs' is Set to 'On'. The Microsoft Monitoring Agent scans for various security-related configurations and events such as system updates, OS vulnerabilities, endpoint protection, and provides alerts.", - "title": "Ensure that Auto provisioning of 'Log Analytics agent for Azure VMs' is Set to 'On'", - "types": [], - "uid": "prowler-azure-defender_auto_provisioning_log_analytics_agent_vms_on-3bb71587-4549-4396-8898-9e15f062e665-global-default" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/autoProvisioningSettings/default", - "resource_name": "default", - "resource_type": "Microsoft.Security/autoProvisioningSettings", - "auto_provision": "Off" - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "default", - "type": "AzureDefenderPlan", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/autoProvisioningSettings/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "Ensure comprehensive visibility into possible security vulnerabilities, including missing updates, misconfigured operating system security settings, and active threats, allowing for timely mitigation and improved overall security posture", - "references": [ - "https://learn.microsoft.com/en-us/azure/defender-for-cloud/monitoring-components" - ] - }, - "risk_details": "Missing critical security information about your Azure VMs, such as security alerts, security recommendations, and change tracking.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Container image scan is disabled in subscription Azure subscription 1.", - "metadata": { - "event_code": "defender_container_images_scan_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Container image scan is disabled in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/container-registry/container-registry-check-health", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "When using an Azure container registry, you might occasionally encounter problems. For example, you might not be able to pull a container image because of an issue with Docker in your local environment. Or, a network issue might prevent you from connecting to the registry.", - "compliance": { - "MITRE-ATTACK": [ - "T1190", - "T1525" - ], - "ISO27001-2022": [ - "A.5.19", - "A.5.21", - "A.5.25", - "A.5.28", - "A.5.29", - "A.8.7", - "A.8.9" - ], - "SOC2": [ - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CCC": [ - "CCC.CntrReg.CN01.AR01" - ], - "PCI-4.0": [ - "11.3.1.2.1", - "11.3.1.3.3", - "11.3.1.3" - ], - "NIS2": [ - "2.2.1", - "3.1.2.d", - "3.6.2", - "5.1.4.f", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Scan images being deployed to Azure (AKS) for vulnerabilities. Vulnerability scanning for images stored in Azure Container Registry is generally available in Azure Security Center. This capability is powered by Qualys, a leading provider of information security. When you push an image to Container Registry, Security Center automatically scans it, then checks for known vulnerabilities in packages or dependencies defined in the file. When the scan completes (after about 10 minutes), Security Center provides details and a security classification for each vulnerability detected, along with guidance on how to remediate issues and protect vulnerable attack surfaces.", - "title": "Ensure Image Vulnerability Scanning using Azure Defender image scanning or a third party provider", - "types": [], - "uid": "prowler-azure-defender_container_images_scan_enabled-3bb71587-4549-4396-8898-9e15f062e665-global-Containers" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/Containers", - "resource_name": "Containers", - "pricing_tier": "Free", - "free_trial_remaining_time": 2592000.0, - "extensions": {} - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "Containers", - "type": "Microsoft.Security", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/Containers" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "", - "references": [ - "https://learn.microsoft.com/en-us/azure/container-registry/scan-images-defender" - ] - }, - "risk_details": "Vulnerabilities in software packages can be exploited by hackers or malicious users to obtain unauthorized access to local cloud resources. Azure Defender and other third party products allow images to be scanned for known vulnerabilities.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Defender plan Defender for App Services from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "metadata": { - "event_code": "defender_ensure_defender_for_app_services_is_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Defender plan Defender for App Services from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.s.4.r1.az.nt.3" - ], - "MITRE-ATTACK": [ - "T1190", - "T1059", - "T1204", - "T1552", - "T1486", - "T1499", - "T1496", - "T1087" - ], - "ISO27001-2022": [ - "A.5.19", - "A.5.21", - "A.5.25", - "A.5.28", - "A.5.29", - "A.8.7", - "A.8.9" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CIS-2.1": [ - "2.1.2" - ], - "CIS-3.0": [ - "3.1.6.1" - ], - "CIS-4.0": [ - "9.1.6.1" - ], - "NIS2": [ - "3.6.2", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Ensure That Microsoft Defender for App Services Is Set To 'On' ", - "title": "Ensure That Microsoft Defender for App Services Is Set To 'On' ", - "types": [], - "uid": "prowler-azure-defender_ensure_defender_for_app_services_is_on-3bb71587-4549-4396-8898-9e15f062e665-global-Defender plan App Services" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/AppServices", - "resource_name": "AppServices", - "pricing_tier": "Free", - "free_trial_remaining_time": 2592000.0, - "extensions": {} - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "Defender plan App Services", - "type": "AzureDefenderPlan", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/AppServices" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "By default, Microsoft Defender for Cloud is not enabled for your App Service instances. Enabling the Defender security service for App Service instances allows for advanced security defense using threat detection capabilities provided by Microsoft Security Response Center.", - "references": [] - }, - "risk_details": "Turning on Microsoft Defender for App Service enables threat detection for App Service, providing threat intelligence, anomaly detection, and behavior analytics in the Microsoft Defender for Cloud.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Defender plan Defender for ARM from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "metadata": { - "event_code": "defender_ensure_defender_for_arm_is_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Defender plan Defender for ARM from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.s.4.r1.az.nt.3" - ], - "MITRE-ATTACK": [ - "T1190", - "T1562", - "T1486", - "T1499", - "T1087", - "T1580", - "T1538", - "T1526", - "T1069" - ], - "CIS-2.0": [ - "2.1.12" - ], - "ISO27001-2022": [ - "A.5.19", - "A.5.21", - "A.5.25", - "A.5.28", - "A.5.29", - "A.8.7", - "A.8.9" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CIS-2.1": [ - "2.1.11" - ], - "CIS-3.0": [ - "3.1.9.1" - ], - "CIS-4.0": [ - "9.1.9.1" - ], - "NIS2": [ - "3.6.2", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Ensure That Microsoft Defender for Azure Resource Manager Is Set To 'On' ", - "title": "Ensure That Microsoft Defender for Azure Resource Manager Is Set To 'On' ", - "types": [], - "uid": "prowler-azure-defender_ensure_defender_for_arm_is_on-3bb71587-4549-4396-8898-9e15f062e665-global-Defender plan ARM" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/Arm", - "resource_name": "Arm", - "pricing_tier": "Free", - "free_trial_remaining_time": 2592000.0, - "extensions": {} - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "Defender plan ARM", - "type": "AzureDefenderPlan", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/Arm" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "Enable Microsoft Defender for Azure Resource Manager", - "references": [] - }, - "risk_details": "Scanning resource requests lets you be alerted every time there is suspicious activity in order to prevent a security threat from being introduced.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Defender plan Defender for Azure SQL DB Servers from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "metadata": { - "event_code": "defender_ensure_defender_for_azure_sql_databases_is_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Defender plan Defender for Azure SQL DB Servers from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.s.4.r1.az.nt.4" - ], - "MITRE-ATTACK": [ - "T1190", - "T1486", - "T1499" - ], - "CIS-2.0": [ - "2.1.4" - ], - "ISO27001-2022": [ - "A.5.19", - "A.5.21", - "A.5.25", - "A.5.28", - "A.5.29", - "A.8.7", - "A.8.9" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CIS-2.1": [ - "2.1.3" - ], - "CIS-3.0": [ - "3.1.7.3" - ], - "CIS-4.0": [ - "9.1.7.3" - ], - "NIS2": [ - "3.6.2", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Ensure That Microsoft Defender for Azure SQL Databases Is Set To 'On' ", - "title": "Ensure That Microsoft Defender for Azure SQL Databases Is Set To 'On' ", - "types": [], - "uid": "prowler-azure-defender_ensure_defender_for_azure_sql_databases_is_on-3bb71587-4549-4396-8898-9e15f062e665-global-SqlServers" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/SqlServers", - "resource_name": "SqlServers", - "pricing_tier": "Free", - "free_trial_remaining_time": 2592000.0, - "extensions": {} - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "SqlServers", - "type": "AzureDefenderPlan", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/SqlServers" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "By default, Microsoft Defender for Cloud is disabled for all your SQL database servers. Defender for Cloud monitors your SQL database servers for threats such as SQL injection, brute-force attacks, and privilege abuse. The security service provides action-oriented security alerts with details of the suspicious activity and guidance on how to mitigate the security threats.", - "references": [] - }, - "risk_details": "Turning on Microsoft Defender for Azure SQL Databases enables threat detection for Azure SQL database servers, providing threat intelligence, anomaly detection, and behavior analytics in the Microsoft Defender for Cloud.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Defender plan Defender for Containers from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "metadata": { - "event_code": "defender_ensure_defender_for_containers_is_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Defender plan Defender for Containers from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.s.4.r1.az.nt.3" - ], - "MITRE-ATTACK": [ - "T1190", - "T1525", - "T1486", - "T1499" - ], - "CIS-2.0": [ - "2.1.8" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.19", - "A.5.21", - "A.5.22", - "A.5.25", - "A.5.28", - "A.5.29", - "A.8.7", - "A.8.9" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CIS-2.1": [ - "2.1.8" - ], - "CIS-3.0": [ - "3.1.4.1" - ], - "CIS-4.0": [ - "9.1.4.1" - ], - "NIS2": [ - "3.6.2", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Ensure That Microsoft Defender for Containers Is Set To 'On' ", - "title": "Ensure That Microsoft Defender for Containers Is Set To 'On' ", - "types": [], - "uid": "prowler-azure-defender_ensure_defender_for_containers_is_on-3bb71587-4549-4396-8898-9e15f062e665-global-Containers" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/Containers", - "resource_name": "Containers", - "pricing_tier": "Free", - "free_trial_remaining_time": 2592000.0, - "extensions": {} - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "Containers", - "type": "AzureDefenderPlan", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/Containers" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "By default, Microsoft Defender for Cloud is not enabled for your Azure cloud containers. Enabling the Defender security service for Azure containers allows for advanced security defense against threats, using threat detection capabilities provided by the Microsoft Security Response Center (MSRC).", - "references": [] - }, - "risk_details": "Ensure that Microsoft Defender for Cloud is enabled for all your Azure containers. Turning on the Defender for Cloud service enables threat detection for containers, providing threat intelligence, anomaly detection, and behavior analytics.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Defender plan Defender for Cosmos DB from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "metadata": { - "event_code": "defender_ensure_defender_for_cosmosdb_is_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Defender plan Defender for Cosmos DB from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.s.4.r1.az.nt.4" - ], - "MITRE-ATTACK": [ - "T1190", - "T1486", - "T1499" - ], - "CIS-2.0": [ - "2.1.9" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.19", - "A.5.21", - "A.5.22", - "A.5.25", - "A.5.28", - "A.5.29", - "A.8.7", - "A.8.9" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CIS-2.1": [ - "2.1.6" - ], - "CIS-3.0": [ - "3.1.7.1" - ], - "CIS-4.0": [ - "9.1.7.1" - ], - "NIS2": [ - "3.6.2", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Ensure That Microsoft Defender for Cosmos DB Is Set To 'On' ", - "title": "Ensure That Microsoft Defender for Cosmos DB Is Set To 'On' ", - "types": [], - "uid": "prowler-azure-defender_ensure_defender_for_cosmosdb_is_on-3bb71587-4549-4396-8898-9e15f062e665-global-Defender plan Cosmos DB" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/CosmosDbs", - "resource_name": "CosmosDbs", - "pricing_tier": "Free", - "free_trial_remaining_time": 2592000.0, - "extensions": {} - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "Defender plan Cosmos DB", - "type": "AzureDefenderPlan", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/CosmosDbs" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "By default, Microsoft Defender for Cloud is not enabled for your App Service instances. Enabling the Defender security service for App Service instances allows for advanced security defense using threat detection capabilities provided by Microsoft Security Response Center.", - "references": [ - "Enable Microsoft Defender for Cosmos DB" - ] - }, - "risk_details": "In scanning Cosmos DB requests within a subscription, requests are compared to a heuristic list of potential security threats. These threats could be a result of a security breach within your services, thus scanning for them could prevent a potential security threat from being introduced.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Defender plan Defender for Databases from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "metadata": { - "event_code": "defender_ensure_defender_for_databases_is_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Defender plan Defender for Databases from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.s.4.r1.az.nt.4" - ], - "MITRE-ATTACK": [ - "T1190", - "T1486", - "T1499" - ], - "CIS-2.0": [ - "2.1.3" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.19", - "A.5.21", - "A.5.22", - "A.5.25", - "A.5.28", - "A.5.29", - "A.8.7", - "A.8.9" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "NIS2": [ - "3.6.2", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Ensure That Microsoft Defender for Databases Is Set To 'On' ", - "title": "Ensure That Microsoft Defender for Databases Is Set To 'On' ", - "types": [], - "uid": "prowler-azure-defender_ensure_defender_for_databases_is_on-3bb71587-4549-4396-8898-9e15f062e665-global-SqlServers" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/SqlServers", - "resource_name": "SqlServers", - "pricing_tier": "Free", - "free_trial_remaining_time": 2592000.0, - "extensions": {} - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "SqlServers", - "type": "AzureDefenderPlan", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/SqlServers" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "Enable Microsoft Defender for Azure SQL Databases", - "references": [] - }, - "risk_details": "Enabling Microsoft Defender for Azure SQL Databases allows your organization more granular control of the infrastructure running your database software", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Defender plan Defender for DNS from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "metadata": { - "event_code": "defender_ensure_defender_for_dns_is_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Defender plan Defender for DNS from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.s.4.r1.az.nt.3" - ], - "MITRE-ATTACK": [ - "T1190", - "T1486", - "T1499" - ], - "CIS-2.0": [ - "2.1.11" - ], - "ProwlerThreatScore-1.0": [ - "3.3.21" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.19", - "A.5.21", - "A.5.22", - "A.5.25", - "A.5.28", - "A.5.29", - "A.8.7", - "A.8.9" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CIS-2.1": [ - "2.1.10" - ], - "CIS-3.0": [ - "3.1.16" - ], - "CIS-4.0": [ - "9.1.17" - ], - "NIS2": [ - "3.6.2", - "6.7.2.i", - "6.7.2.l", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Ensure That Microsoft Defender for DNS Is Set To 'On' ", - "title": "Ensure That Microsoft Defender for DNS Is Set To 'On' ", - "types": [], - "uid": "prowler-azure-defender_ensure_defender_for_dns_is_on-3bb71587-4549-4396-8898-9e15f062e665-global-Defender plan DNS" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/Dns", - "resource_name": "Dns", - "pricing_tier": "Free", - "free_trial_remaining_time": 2592000.0, - "extensions": {} - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "Defender plan DNS", - "type": "AzureDefenderPlan", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/Dns" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "By default, Microsoft Defender for Cloud is not enabled for your App Service instances. Enabling the Defender security service for App Service instances allows for advanced security defense using threat detection capabilities provided by Microsoft Security Response Center.", - "references": [] - }, - "risk_details": "DNS lookups within a subscription are scanned and compared to a dynamic list of websites that might be potential security threats. These threats could be a result of a security breach within your services, thus scanning for them could prevent a potential security threat from being introduced.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Defender plan Defender for KeyVaults from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "metadata": { - "event_code": "defender_ensure_defender_for_keyvault_is_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Defender plan Defender for KeyVaults from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r1.az.eid.3" - ], - "MITRE-ATTACK": [ - "T1190", - "T1486", - "T1499", - "T1580" - ], - "CIS-2.0": [ - "2.1.10" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.19", - "A.5.21", - "A.5.22", - "A.5.25", - "A.5.28", - "A.5.29", - "A.8.7", - "A.8.9" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CIS-2.1": [ - "2.1.9" - ], - "CIS-3.0": [ - "3.1.8.1" - ], - "PCI-4.0": [ - "3.5.1.31", - "3.5.1.32", - "8.3.2.50", - "8.3.2.51" - ], - "CIS-4.0": [ - "9.1.8.1" - ], - "NIS2": [ - "3.6.2", - "6.9.2", - "9.2.c", - "9.2.c.iv" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Ensure That Microsoft Defender for KeyVault Is Set To 'On' ", - "title": "Ensure That Microsoft Defender for KeyVault Is Set To 'On' ", - "types": [], - "uid": "prowler-azure-defender_ensure_defender_for_keyvault_is_on-3bb71587-4549-4396-8898-9e15f062e665-global-Defender plan KeyVaults" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/KeyVaults", - "resource_name": "KeyVaults", - "pricing_tier": "Free", - "free_trial_remaining_time": 2592000.0, - "extensions": {} - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "Defender plan KeyVaults", - "type": "AzureDefenderPlan", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/KeyVaults" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "Ensure that Microsoft Defender for Cloud is enabled for Azure key vaults. Key Vault is the Azure cloud service that safeguards encryption keys and secrets like certificates, connection-based strings, and passwords.", - "references": [] - }, - "risk_details": "By default, Microsoft Defender for Cloud is disabled for Azure key vaults. Defender for Cloud detects unusual and potentially harmful attempts to access or exploit your Azure Key Vault data. This layer of protection allows you to address threats without being a security expert, and without the need to use and manage third-party security monitoring tools or services.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Defender plan Defender for Open-Source Relational Databases from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "metadata": { - "event_code": "defender_ensure_defender_for_os_relational_databases_is_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Defender plan Defender for Open-Source Relational Databases from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.s.4.r1.az.nt.4" - ], - "MITRE-ATTACK": [ - "T1190", - "T1486", - "T1499" - ], - "CIS-2.0": [ - "2.1.6" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.19", - "A.5.21", - "A.5.22", - "A.5.25", - "A.5.28", - "A.5.29", - "A.8.7", - "A.8.9" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CIS-2.1": [ - "2.1.5" - ], - "CIS-3.0": [ - "3.1.7.2" - ], - "CIS-4.0": [ - "9.1.7.2" - ], - "NIS2": [ - "3.6.2", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Ensure That Microsoft Defender for Open-Source Relational Databases Is Set To 'On' ", - "title": "Ensure That Microsoft Defender for Open-Source Relational Databases Is Set To 'On' ", - "types": [], - "uid": "prowler-azure-defender_ensure_defender_for_os_relational_databases_is_on-3bb71587-4549-4396-8898-9e15f062e665-global-Defender plan Open-Source Relational Databases" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/OpenSourceRelationalDatabases", - "resource_name": "OpenSourceRelationalDatabases", - "pricing_tier": "Free", - "free_trial_remaining_time": 2592000.0, - "extensions": {} - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "Defender plan Open-Source Relational Databases", - "type": "AzureDefenderPlan", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/OpenSourceRelationalDatabases" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "Enabling Microsoft Defender for Open-source relational databases allows for greater defense-in-depth, with threat detection provided by the Microsoft Security Response Center (MSRC).", - "references": [] - }, - "risk_details": "Turning on Microsoft Defender for Open-source relational databases enables threat detection for Open-source relational databases, providing threat intelligence, anomaly detection, and behavior analytics in the Microsoft Defender for Cloud.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Defender plan Defender for Servers from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "metadata": { - "event_code": "defender_ensure_defender_for_server_is_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Defender plan Defender for Servers from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.mon.3.r1.az.ev.1", - "mp.s.4.r1.az.nt.3" - ], - "MITRE-ATTACK": [ - "T1190", - "T1486", - "T1499" - ], - "CIS-2.0": [ - "2.1.1", - "2.1.2" - ], - "ProwlerThreatScore-1.0": [ - "1.1.4" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.19", - "A.5.21", - "A.5.22", - "A.5.25", - "A.5.28", - "A.5.29", - "A.8.7", - "A.8.9" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CIS-2.1": [ - "2.1.1" - ], - "CIS-3.0": [ - "2.2.8", - "3.1.3.1" - ], - "CIS-4.0": [ - "6.2.7", - "9.1.3.1" - ], - "NIS2": [ - "3.6.2", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Ensure That Microsoft Defender for Servers Is Set to 'On'", - "title": "Ensure That Microsoft Defender for Servers Is Set to 'On'", - "types": [], - "uid": "prowler-azure-defender_ensure_defender_for_server_is_on-3bb71587-4549-4396-8898-9e15f062e665-global-Defender plan Servers" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/VirtualMachines", - "resource_name": "VirtualMachines", - "pricing_tier": "Free", - "free_trial_remaining_time": 2592000.0, - "extensions": {} - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "Defender plan Servers", - "type": "AzureDefenderPlan", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/VirtualMachines" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "Enabling Microsoft Defender for Cloud standard pricing tier allows for better security assessment with threat detection provided by the Microsoft Security Response Center (MSRC), advanced security policies, adaptive application control, network threat detection, and regulatory compliance management.", - "references": [] - }, - "risk_details": "Turning on Microsoft Defender for Servers enables threat detection for Servers, providing threat intelligence, anomaly detection, and behavior analytics in the Microsoft Defender for Cloud.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Defender plan Defender for SQL Server VMs from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "metadata": { - "event_code": "defender_ensure_defender_for_sql_servers_is_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Defender plan Defender for SQL Server VMs from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.s.4.r1.az.nt.4" - ], - "MITRE-ATTACK": [ - "T1190", - "T1486", - "T1499" - ], - "CIS-2.0": [ - "2.1.5" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.19", - "A.5.21", - "A.5.22", - "A.5.25", - "A.5.28", - "A.5.29", - "A.8.7", - "A.8.9" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CIS-2.1": [ - "2.1.4" - ], - "CIS-3.0": [ - "3.1.7.4" - ], - "CIS-4.0": [ - "9.1.7.4" - ], - "NIS2": [ - "3.6.2", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Ensure That Microsoft Defender for SQL Servers on Machines Is Set To 'On' ", - "title": "Ensure That Microsoft Defender for SQL Servers on Machines Is Set To 'On' ", - "types": [], - "uid": "prowler-azure-defender_ensure_defender_for_sql_servers_is_on-3bb71587-4549-4396-8898-9e15f062e665-global-Defender plan SQL Server VMs" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/SqlServerVirtualMachines", - "resource_name": "SqlServerVirtualMachines", - "pricing_tier": "Free", - "free_trial_remaining_time": 2592000.0, - "extensions": {} - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "Defender plan SQL Server VMs", - "type": "AzureDefenderPlan", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/SqlServerVirtualMachines" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "By default, Microsoft Defender for Cloud is disabled for the Microsoft SQL servers running on virtual machines. Defender for Cloud for SQL Server virtual machines continuously monitors your SQL database servers for threats such as SQL injection, brute-force attacks, and privilege abuse. The security service provides security alerts together with details of the suspicious activity and guidance on how to mitigate to the security threats.", - "references": [] - }, - "risk_details": "Turning on Microsoft Defender for SQL servers on machines enables threat detection for SQL servers on machines, providing threat intelligence, anomaly detection, and behavior analytics in the Microsoft Defender for Cloud.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Defender plan Defender for Storage Accounts from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "metadata": { - "event_code": "defender_ensure_defender_for_storage_is_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Defender plan Defender for Storage Accounts from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.s.4.r1.az.nt.5" - ], - "MITRE-ATTACK": [ - "T1190", - "T1537", - "T1530", - "T1485", - "T1486", - "T1499" - ], - "CIS-2.0": [ - "2.1.7" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.19", - "A.5.21", - "A.5.22", - "A.5.25", - "A.5.28", - "A.5.29", - "A.8.7", - "A.8.9" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CIS-2.1": [ - "2.1.7" - ], - "CIS-3.0": [ - "3.1.5.1" - ], - "CIS-4.0": [ - "9.1.5.1" - ], - "NIS2": [ - "3.6.2", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Ensure That Microsoft Defender for Storage Is Set To 'On' ", - "title": "Ensure That Microsoft Defender for Storage Is Set To 'On' ", - "types": [], - "uid": "prowler-azure-defender_ensure_defender_for_storage_is_on-3bb71587-4549-4396-8898-9e15f062e665-global-Defender plan Storage Accounts" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/StorageAccounts", - "resource_name": "StorageAccounts", - "pricing_tier": "Free", - "free_trial_remaining_time": 2592000.0, - "extensions": {} - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "Defender plan Storage Accounts", - "type": "AzureDefenderPlan", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/StorageAccounts" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "By default, Microsoft Defender for Cloud is disabled for your storage accounts. Enabling the Defender security service for Azure storage accounts allows for advanced security defense using threat detection capabilities provided by the Microsoft Security Response Center (MSRC). MSRC investigates all reports of security vulnerabilities affecting Microsoft products and services, including Azure cloud services.", - "references": [] - }, - "risk_details": "Ensure that Microsoft Defender for Cloud is enabled for your Microsoft Azure storage accounts. Defender for storage accounts is an Azure-native layer of security intelligence that detects unusual and potentially harmful attempts to access or exploit your Azure cloud storage accounts.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No IoT Security Solutions found in the subscription Azure subscription 1.", - "metadata": { - "event_code": "defender_ensure_iot_hub_defender_is_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "No IoT Security Solutions found in the subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://azure.microsoft.com/en-us/services/iot-defender/#overview", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Enabling Microsoft Defender for IoT will incur additional charges dependent on the level of usage.", - "compliance": { - "ENS-RD2022": [ - "mp.s.4.r1.az.nt.3" - ], - "MITRE-ATTACK": [ - "T1190", - "T1486", - "T1499" - ], - "CIS-2.0": [ - "2.2.1" - ], - "ISO27001-2022": [ - "A.5.19", - "A.5.21", - "A.5.25", - "A.5.28", - "A.5.29", - "A.8.7", - "A.8.9" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CIS-2.1": [ - "2.2.1" - ], - "CIS-3.0": [ - "3.2.1" - ], - "CIS-4.0": [ - "9.2.1" - ], - "NIS2": [ - "3.6.2", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Microsoft Defender for IoT acts as a central security hub for IoT devices within your organization.", - "title": "Ensure That Microsoft Defender for IoT Hub Is Set To 'On'", - "types": [], - "uid": "prowler-azure-defender_ensure_iot_hub_defender_is_on-3bb71587-4549-4396-8898-9e15f062e665-global-IoT Hub Defender" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "IoT Hub Defender", - "type": "DefenderIoT", - "uid": "IoT Hub Defender" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. Go to IoT Hub. 2. Select a IoT Hub to validate. 3. Select Overview in Defender for IoT. 4. Click on Secure your IoT solution, and complete the onboarding.", - "references": [ - "https://learn.microsoft.com/en-us/azure/defender-for-iot/device-builders/quickstart-onboard-iot-hub" - ] - }, - "risk_details": "IoT devices are very rarely patched and can be potential attack vectors for enterprise networks. Updating their network configuration to use a central security hub allows for detection of these breaches.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Microsoft Defender for Cloud Apps is enabled for subscription Azure subscription 1.", - "metadata": { - "event_code": "defender_ensure_mcas_is_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Microsoft Defender for Cloud Apps is enabled for subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-in/azure/defender-for-cloud/defender-for-cloud-introduction#secure-cloud-applications", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Microsoft Defender for Cloud Apps works with Standard pricing tier Subscription. Choosing the Standard pricing tier of Microsoft Defender for Cloud incurs an additional cost per resource.", - "compliance": { - "ENS-RD2022": [ - "mp.s.4.r1.az.nt.3" - ], - "MITRE-ATTACK": [ - "T1190", - "T1486" - ], - "CIS-2.0": [ - "2.1.21" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.22" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CIS-2.1": [ - "2.1.20" - ], - "CIS-3.0": [ - "3.1.1.2" - ], - "PCI-4.0": [ - "11.5.1.1.2", - "11.5.1.2" - ], - "NIS2": [ - "3.6.2", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "This integration setting enables Microsoft Defender for Cloud Apps (formerly 'Microsoft Cloud App Security' or 'MCAS' - see additional info) to communicate with Microsoft Defender for Cloud.", - "title": "Ensure that Microsoft Defender for Cloud Apps integration with Microsoft Defender for Cloud is Selected", - "types": [], - "uid": "prowler-azure-defender_ensure_mcas_is_enabled-3bb71587-4549-4396-8898-9e15f062e665-global-MCAS" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/settings/MCAS", - "resource_type": "Microsoft.Security/settings", - "kind": "DataExportSettings", - "enabled": true - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "MCAS", - "type": "DefenderSettings", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/settings/MCAS" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. From Azure Home select the Portal Menu. 2. Select Microsoft Defender for Cloud. 3. Select Environment Settings blade. 4. Select the subscription. 5. Check App Service Defender Plan to On. 6. Select Save.", - "references": [ - "https://docs.microsoft.com/en-us/rest/api/securitycenter/settings/list" - ] - }, - "risk_details": "Microsoft Defender for Cloud offers an additional layer of protection by using Azure Resource Manager events, which is considered to be the control plane for Azure. By analyzing the Azure Resource Manager records, Microsoft Defender for Cloud detects unusual or potentially harmful operations in the Azure subscription environment. Several of the preceding analytics are powered by Microsoft Defender for Cloud Apps. To benefit from these analytics, subscription must have a Cloud App Security license. Microsoft Defender for Cloud Apps works only with Standard Tier subscriptions.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Microsoft Defender for Endpoint integration is enabled for subscription Azure subscription 1.", - "metadata": { - "event_code": "defender_ensure_wdatp_is_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Microsoft Defender for Endpoint integration is enabled for subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-in/azure/defender-for-cloud/integration-defender-for-endpoint?tabs=windows", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Microsoft Defender for Endpoint works with Standard pricing tier Subscription. Choosing the Standard pricing tier of Microsoft Defender for Cloud incurs an additional cost per resource.", - "compliance": { - "ENS-RD2022": [ - "op.mon.3.r3.az.de.2" - ], - "MITRE-ATTACK": [ - "T1190" - ], - "CIS-2.0": [ - "2.1.22" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CIS-2.1": [ - "2.1.21" - ], - "NIS2": [ - "3.6.2", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "This integration setting enables Microsoft Defender for Endpoint (formerly 'Advanced Threat Protection' or 'ATP' or 'WDATP' - see additional info) to communicate with Microsoft Defender for Cloud.", - "title": "Ensure that Microsoft Defender for Endpoint integration with Microsoft Defender for Cloud is selected", - "types": [], - "uid": "prowler-azure-defender_ensure_wdatp_is_enabled-3bb71587-4549-4396-8898-9e15f062e665-global-WDATP" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/settings/WDATP", - "resource_type": "Microsoft.Security/settings", - "kind": "DataExportSettings", - "enabled": true - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "WDATP", - "type": "DefenderSettings", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/settings/WDATP" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "", - "references": [ - "https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/azure-server-integration?view=o365-worldwide" - ] - }, - "risk_details": "Microsoft Defender for Endpoint integration brings comprehensive Endpoint Detection and Response (EDR) capabilities within Microsoft Defender for Cloud. This integration helps to spot abnormalities, as well as detect and respond to advanced attacks on endpoints monitored by Microsoft Defender for Cloud. MDE works only with Standard Tier subscriptions.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Role assignment 1b4a98ae-5221-4850-a761-4f9176407028 in subscription Azure subscription 1 does not grant User Access Administrator role.", - "metadata": { - "event_code": "iam_role_user_access_admin_restricted", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Role assignment 1b4a98ae-5221-4850-a761-4f9176407028 in subscription Azure subscription 1 does not grant User Access Administrator role.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/privileged#user-access-administrator", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.LB.CN04.AR01", - "CCC.LB.CN05.AR01", - "CCC.LB.CN09.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.MLDE.CN03.AR01", - "CCC.MLDE.CN03.AR02", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ], - "CIS-4.0": [ - "6.3.3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Checks for active assignments of the highly privileged 'User Access Administrator' role in Azure subscriptions.", - "title": "Ensure 'User Access Administrator' role is restricted", - "types": [], - "uid": "prowler-azure-iam_role_user_access_admin_restricted-3bb71587-4549-4396-8898-9e15f062e665-global-1b4a98ae-5221-4850-a761-4f9176407028" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Authorization/roleAssignments/1b4a98ae-5221-4850-a761-4f9176407028", - "name": "1b4a98ae-5221-4850-a761-4f9176407028", - "scope": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665", - "agent_id": "88c2c157-980b-416e-b77e-ec04f7f1b984", - "agent_type": "User", - "role_id": "8e3af657-a8ff-443c-a75c-2fe8c4bcb635" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "1b4a98ae-5221-4850-a761-4f9176407028", - "type": "AzureIAMRoleassignment", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Authorization/roleAssignments/1b4a98ae-5221-4850-a761-4f9176407028" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "Remove 'User Access Administrator' role assignments immediately after use to minimize security risks.", - "references": [ - "https://learn.microsoft.com/en-us/azure/role-based-access-control/elevate-access-global-admin?tabs=azure-portal%2Centra-audit-logs" - ] - }, - "risk_details": "Persistent assignment of this role can lead to privilege escalation and unauthorized access, increasing the risk of security breaches.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Role assignment 083c1758-89d9-4b12-8005-48e7e359dc4f in subscription Azure subscription 1 does not grant User Access Administrator role.", - "metadata": { - "event_code": "iam_role_user_access_admin_restricted", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Role assignment 083c1758-89d9-4b12-8005-48e7e359dc4f in subscription Azure subscription 1 does not grant User Access Administrator role.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/privileged#user-access-administrator", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.LB.CN04.AR01", - "CCC.LB.CN05.AR01", - "CCC.LB.CN09.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.MLDE.CN03.AR01", - "CCC.MLDE.CN03.AR02", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ], - "CIS-4.0": [ - "6.3.3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Checks for active assignments of the highly privileged 'User Access Administrator' role in Azure subscriptions.", - "title": "Ensure 'User Access Administrator' role is restricted", - "types": [], - "uid": "prowler-azure-iam_role_user_access_admin_restricted-3bb71587-4549-4396-8898-9e15f062e665-global-083c1758-89d9-4b12-8005-48e7e359dc4f" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Authorization/roleAssignments/083c1758-89d9-4b12-8005-48e7e359dc4f", - "name": "083c1758-89d9-4b12-8005-48e7e359dc4f", - "scope": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665", - "agent_id": "88c2c157-980b-416e-b77e-ec04f7f1b984", - "agent_type": "User", - "role_id": "8e3af657-a8ff-443c-a75c-2fe8c4bcb635" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "083c1758-89d9-4b12-8005-48e7e359dc4f", - "type": "AzureIAMRoleassignment", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Authorization/roleAssignments/083c1758-89d9-4b12-8005-48e7e359dc4f" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "Remove 'User Access Administrator' role assignments immediately after use to minimize security risks.", - "references": [ - "https://learn.microsoft.com/en-us/azure/role-based-access-control/elevate-access-global-admin?tabs=azure-portal%2Centra-audit-logs" - ] - }, - "risk_details": "Persistent assignment of this role can lead to privilege escalation and unauthorized access, increasing the risk of security breaches.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Role assignment 2c61de5e-5cbb-42b9-9f2a-9dd930efe3fb in subscription Azure subscription 1 does not grant User Access Administrator role.", - "metadata": { - "event_code": "iam_role_user_access_admin_restricted", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Role assignment 2c61de5e-5cbb-42b9-9f2a-9dd930efe3fb in subscription Azure subscription 1 does not grant User Access Administrator role.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/privileged#user-access-administrator", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.LB.CN04.AR01", - "CCC.LB.CN05.AR01", - "CCC.LB.CN09.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.MLDE.CN03.AR01", - "CCC.MLDE.CN03.AR02", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ], - "CIS-4.0": [ - "6.3.3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Checks for active assignments of the highly privileged 'User Access Administrator' role in Azure subscriptions.", - "title": "Ensure 'User Access Administrator' role is restricted", - "types": [], - "uid": "prowler-azure-iam_role_user_access_admin_restricted-3bb71587-4549-4396-8898-9e15f062e665-global-2c61de5e-5cbb-42b9-9f2a-9dd930efe3fb" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Authorization/roleAssignments/2c61de5e-5cbb-42b9-9f2a-9dd930efe3fb", - "name": "2c61de5e-5cbb-42b9-9f2a-9dd930efe3fb", - "scope": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665", - "agent_id": "88c2c157-980b-416e-b77e-ec04f7f1b984", - "agent_type": "User", - "role_id": "b24988ac-6180-42a0-ab88-20f7382dd24c" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "2c61de5e-5cbb-42b9-9f2a-9dd930efe3fb", - "type": "AzureIAMRoleassignment", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Authorization/roleAssignments/2c61de5e-5cbb-42b9-9f2a-9dd930efe3fb" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "Remove 'User Access Administrator' role assignments immediately after use to minimize security risks.", - "references": [ - "https://learn.microsoft.com/en-us/azure/role-based-access-control/elevate-access-global-admin?tabs=azure-portal%2Centra-audit-logs" - ] - }, - "risk_details": "Persistent assignment of this role can lead to privilege escalation and unauthorized access, increasing the risk of security breaches.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Role assignment 154eadeb-e375-4263-b4bd-4a2a2237ecd2 in subscription Azure subscription 1 does not grant User Access Administrator role.", - "metadata": { - "event_code": "iam_role_user_access_admin_restricted", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Role assignment 154eadeb-e375-4263-b4bd-4a2a2237ecd2 in subscription Azure subscription 1 does not grant User Access Administrator role.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/privileged#user-access-administrator", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.LB.CN04.AR01", - "CCC.LB.CN05.AR01", - "CCC.LB.CN09.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.MLDE.CN03.AR01", - "CCC.MLDE.CN03.AR02", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ], - "CIS-4.0": [ - "6.3.3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Checks for active assignments of the highly privileged 'User Access Administrator' role in Azure subscriptions.", - "title": "Ensure 'User Access Administrator' role is restricted", - "types": [], - "uid": "prowler-azure-iam_role_user_access_admin_restricted-3bb71587-4549-4396-8898-9e15f062e665-global-154eadeb-e375-4263-b4bd-4a2a2237ecd2" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Authorization/roleAssignments/154eadeb-e375-4263-b4bd-4a2a2237ecd2", - "name": "154eadeb-e375-4263-b4bd-4a2a2237ecd2", - "scope": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665", - "agent_id": "80dfb9bd-1c99-4012-9de7-580a68334b45", - "agent_type": "ServicePrincipal", - "role_id": "8e3af657-a8ff-443c-a75c-2fe8c4bcb635" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "154eadeb-e375-4263-b4bd-4a2a2237ecd2", - "type": "AzureIAMRoleassignment", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Authorization/roleAssignments/154eadeb-e375-4263-b4bd-4a2a2237ecd2" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "Remove 'User Access Administrator' role assignments immediately after use to minimize security risks.", - "references": [ - "https://learn.microsoft.com/en-us/azure/role-based-access-control/elevate-access-global-admin?tabs=azure-portal%2Centra-audit-logs" - ] - }, - "risk_details": "Persistent assignment of this role can lead to privilege escalation and unauthorized access, increasing the risk of security breaches.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There is not an alert for creating Policy Assignments in subscription Azure subscription 1.", - "metadata": { - "event_code": "monitor_alert_create_policy_assignment", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "There is not an alert for creating Policy Assignments in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://azure.microsoft.com/en-us/updates/classic-alerting-monitoring-retirement", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "By default, no monitoring alerts are created.", - "compliance": { - "ENS-RD2022": [ - "op.mon.2.r1.az.ma.1" - ], - "MITRE-ATTACK": [ - "T1496" - ], - "CIS-2.0": [ - "5.2.1" - ], - "ProwlerThreatScore-1.0": [ - "3.3.3" - ], - "ISO27001-2022": [ - "A.5.7", - "A.8.16" - ], - "SOC2": [ - "cc_2_1", - "cc_5_2", - "cc_7_3", - "cc_7_4", - "cc_8_1" - ], - "CIS-2.1": [ - "5.2.1" - ], - "CIS-3.0": [ - "6.2.1" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR02", - "CCC.KeyMgmt.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.LB.CN04.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN07.AR02" - ], - "CIS-4.0": [ - "7.1.2.1" - ], - "NIS2": [ - "2.2.3", - "3.2.1", - "3.2.2", - "3.2.3.b", - "3.2.3.f", - "3.2.4", - "3.4.1", - "3.5.4", - "4.3.2.c", - "6.4.1", - "7.2.b", - "11.3.1", - "11.5.2.d" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Create an activity log alert for the Create Policy Assignment event.", - "title": "Ensure that Activity Log Alert exists for Create Policy Assignment", - "types": [], - "uid": "prowler-azure-monitor_alert_create_policy_assignment-3bb71587-4549-4396-8898-9e15f062e665-global-Monitor" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "monitor" - }, - "labels": [], - "name": "Monitor", - "type": "Monitor", - "uid": "Monitor" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. Navigate to the Monitor blade. 2. Select Alerts. 3. Select Create. 4. Select Alert rule. 5. Under Filter by subscription, choose a subscription. 6. Under Filter by resource type, select Policy assignment (policyAssignments). 7. Under Filter by location, select All. 8. From the results, select the subscription. 9. Select Done. 10. Select the Condition tab. 11. Under Signal name, click Create policy assignment (Microsoft.Authorization/policyAssignments). 12. Select the Actions tab. 13. To use an existing action group, click elect action groups. To create a new action group, click Create action group. Fill out the appropriate details for the selection. 14. Select the Details tab. 15. Select a Resource group, provide an Alert rule name and an optional Alert rule description. 16. Click Review + create. 17. Click Create.", - "references": [ - "https://docs.microsoft.com/en-in/azure/azure-monitor/platform/alerts-activity-log" - ] - }, - "risk_details": "Monitoring for create policy assignment events gives insight into changes done in 'Azure policy - assignments' and can reduce the time it takes to detect unsolicited changes.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There is not an alert for creating/updating Network Security Groups in subscription Azure subscription 1.", - "metadata": { - "event_code": "monitor_alert_create_update_nsg", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "There is not an alert for creating/updating Network Security Groups in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-in/azure/azure-monitor/platform/alerts-activity-log", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "By default, no monitoring alerts are created.", - "compliance": { - "ENS-RD2022": [ - "op.mon.2.r1.az.ma.1" - ], - "CIS-2.0": [ - "5.2.3" - ], - "ProwlerThreatScore-1.0": [ - "3.3.5" - ], - "ISO27001-2022": [ - "A.5.7", - "A.8.16" - ], - "SOC2": [ - "cc_2_1", - "cc_5_2", - "cc_7_3", - "cc_7_4", - "cc_8_1" - ], - "CIS-2.1": [ - "5.2.3" - ], - "CIS-3.0": [ - "6.2.3" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR02", - "CCC.KeyMgmt.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.LB.CN04.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN07.AR02" - ], - "PCI-4.0": [ - "10.2.1.1.8", - "10.4.2.2", - "10.4.3.1", - "10.6.3.8", - "10.7.1.3", - "10.7.2.3", - "11.5.2.2", - "11.6.1.2", - "12.10.5.2", - "A3.3.1.3", - "A3.5.1.3" - ], - "CIS-4.0": [ - "7.1.2.3" - ], - "NIS2": [ - "2.2.3", - "3.2.1", - "3.2.2", - "3.2.3.a", - "3.2.3.f", - "3.2.4", - "3.4.1", - "3.5.4", - "4.3.2.c", - "6.4.1", - "7.2.b", - "11.3.1", - "11.5.2.d" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Create an Activity Log Alert for the Create or Update Network Security Group event.", - "title": "Ensure that Activity Log Alert exists for Create or Update Network Security Group", - "types": [], - "uid": "prowler-azure-monitor_alert_create_update_nsg-3bb71587-4549-4396-8898-9e15f062e665-global-Monitor" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "monitor" - }, - "labels": [], - "name": "Monitor", - "type": "Monitor", - "uid": "Monitor" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. Navigate to the Monitor blade. 2. Select Alerts. 3. Select Create. 4. Select Alert rule. 5. Under Filter by subscription, choose a subscription. 6. Under Filter by resource type, select Network security groups. 7. Under Filter by location, select All. 8. From the results, select the subscription. 9. Select Done. 10. Select the Condition tab. 11. Under Signal name, click Create or Update Network Security Group (Microsoft.Network/networkSecurityGroups). 12. Select the Actions tab. 13. To use an existing action group, click Select action groups. To create a new action group, click Create action group. Fill out the appropriate details for the selection. 14. Select the Details tab. 15. Select a Resource group, provide an Alert rule name and an optional Alert rule description. 16. Click Review + create. 17. Click Create.", - "references": [ - "https://azure.microsoft.com/en-us/updates/classic-alerting-monitoring-retirement" - ] - }, - "risk_details": "Monitoring for Create or Update Network Security Group events gives insight into network access changes and may reduce the time it takes to detect suspicious activity.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There is not an alert for creating/updating Public IP address rule in subscription Azure subscription 1.", - "metadata": { - "event_code": "monitor_alert_create_update_public_ip_address_rule", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "There is not an alert for creating/updating Public IP address rule in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-in/azure/azure-monitor/platform/alerts-activity-log", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "By default, no monitoring alerts are created.", - "compliance": { - "ENS-RD2022": [ - "op.mon.2.r1.az.ma.1" - ], - "MITRE-ATTACK": [ - "T1496" - ], - "CIS-2.0": [ - "5.2.9" - ], - "ProwlerThreatScore-1.0": [ - "3.3.11" - ], - "ISO27001-2022": [ - "A.5.7", - "A.8.1", - "A.8.16" - ], - "SOC2": [ - "cc_2_1", - "cc_5_2", - "cc_7_3", - "cc_7_4", - "cc_8_1" - ], - "CIS-2.1": [ - "5.2.9" - ], - "CIS-3.0": [ - "6.2.9" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR02", - "CCC.KeyMgmt.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.LB.CN04.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN07.AR02" - ], - "CIS-4.0": [ - "7.1.2.9" - ], - "NIS2": [ - "2.2.3", - "3.2.1", - "3.2.2", - "3.2.3.a", - "3.2.3.f", - "3.2.4", - "3.4.1", - "3.5.4", - "4.3.2.c", - "6.4.1", - "7.2.b", - "11.5.2.d" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Create an activity log alert for the Create or Update Public IP Addresses rule.", - "title": "Ensure that Activity Log Alert exists for Create or Update Public IP Address rule", - "types": [], - "uid": "prowler-azure-monitor_alert_create_update_public_ip_address_rule-3bb71587-4549-4396-8898-9e15f062e665-global-Monitor" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "monitor" - }, - "labels": [], - "name": "Monitor", - "type": "Monitor", - "uid": "Monitor" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. Navigate to the Monitor blade. 2. Select Alerts. 3. Select Create. 4. Select Alert rule. 5. Under Filter by subscription, choose a subscription. 6. Under Filter by resource type, select Public IP addresses. 7. Under Filter by location, select All. 8. From the results, select the subscription. 9. Select Done. 10. Select the Condition tab. 11. Under Signal name, click Create or Update Public Ip Address (Microsoft.Network/publicIPAddresses). 12. Select the Actions tab. 13. To use an existing action group, click Select action groups. To create a new action group, click Create action group. Fill out the appropriate details for the selection. 14. Select the Details tab. 15. Select a Resource group, provide an Alert rule name and an optional Alert rule description. 16. Click Review + create. 17. Click Create.", - "references": [ - "https://azure.microsoft.com/en-us/updates/classic-alerting-monitoring-retirement" - ] - }, - "risk_details": "Monitoring for Create or Update Public IP Address events gives insight into network access changes and may reduce the time it takes to detect suspicious activity.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There is not an alert for creating/updating Security Solution in subscription Azure subscription 1.", - "metadata": { - "event_code": "monitor_alert_create_update_security_solution", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "There is not an alert for creating/updating Security Solution in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-in/azure/azure-monitor/platform/alerts-activity-log", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "By default, no monitoring alerts are created.", - "compliance": { - "ENS-RD2022": [ - "op.mon.2.r1.az.ma.1", - "op.mon.3.r6.az.ma.1" - ], - "MITRE-ATTACK": [ - "T1496" - ], - "CIS-2.0": [ - "5.2.5" - ], - "ProwlerThreatScore-1.0": [ - "3.3.7" - ], - "ISO27001-2022": [ - "A.5.7", - "A.5.16", - "A.5.22", - "A.8.16" - ], - "SOC2": [ - "cc_2_1", - "cc_5_2", - "cc_7_3", - "cc_7_4", - "cc_8_1" - ], - "CIS-2.1": [ - "5.2.5" - ], - "CIS-3.0": [ - "6.2.5" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR02", - "CCC.KeyMgmt.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.LB.CN04.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN07.AR02" - ], - "CIS-4.0": [ - "7.1.2.5" - ], - "NIS2": [ - "2.2.3", - "3.2.1", - "3.2.2", - "3.2.3.f", - "3.2.4", - "3.4.1", - "3.5.4", - "4.3.2.c", - "6.4.1", - "7.2.b", - "11.5.2.d" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Create an activity log alert for the Create or Update Security Solution event.", - "title": "Ensure that Activity Log Alert exists for Create or Update Security Solution", - "types": [], - "uid": "prowler-azure-monitor_alert_create_update_security_solution-3bb71587-4549-4396-8898-9e15f062e665-global-Monitor" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "monitor" - }, - "labels": [], - "name": "Monitor", - "type": "Monitor", - "uid": "Monitor" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. Navigate to the Monitor blade. 2. Select Alerts. 3. Select Create. 4. Select Alert rule. 5. Under Filter by subscription, choose a subscription. 6. Under Filter by resource type, select Security Solutions (securitySolutions). 7. Under Filter by location, select All. 8. From the results, select the subscription. 9. Select Done. 10. Select the Condition tab. 11. Under Signal name, click Create or Update Security Solutions (Microsoft.Security/securitySolutions). 12. Select the Actions tab. 13. To use an existing action group, click Select action groups. To create a new action group, click Create action group. Fill out the appropriate details for the selection. 14. Select the Details tab. 15. Select a Resource group, provide an Alert rule name and an optional Alert rule description. 16. Click Review + create. 17. Click Create.", - "references": [ - "https://azure.microsoft.com/en-us/updates/classic-alerting-monitoring-retirement" - ] - }, - "risk_details": "Monitoring for Create or Update Security Solution events gives insight into changes to the active security solutions and may reduce the time it takes to detect suspicious activity.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There is not an alert for creating/updating SQL Server firewall rule in subscription Azure subscription 1.", - "metadata": { - "event_code": "monitor_alert_create_update_sqlserver_fr", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "There is not an alert for creating/updating SQL Server firewall rule in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-in/azure/azure-monitor/platform/alerts-activity-log", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "By default, no monitoring alerts are created.", - "compliance": { - "ENS-RD2022": [ - "op.mon.2.r1.az.ma.1" - ], - "MITRE-ATTACK": [ - "T1496" - ], - "CIS-2.0": [ - "5.2.7" - ], - "ProwlerThreatScore-1.0": [ - "3.3.9" - ], - "ISO27001-2022": [ - "A.5.7", - "A.8.16" - ], - "SOC2": [ - "cc_2_1", - "cc_5_2", - "cc_7_3", - "cc_7_4", - "cc_8_1" - ], - "CIS-2.1": [ - "5.2.7" - ], - "CIS-3.0": [ - "6.2.7" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR02", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN07.AR02" - ], - "PCI-4.0": [ - "10.2.1.1.9", - "10.2.1.1.10", - "10.2.1.1.22", - "10.2.1.2.8", - "10.2.1.2.19", - "10.2.1.3.8", - "10.2.1.3.19", - "10.2.1.4.8", - "10.2.1.4.19", - "10.2.1.5.8", - "10.2.1.5.19", - "10.2.1.6.8", - "10.2.1.6.19", - "10.2.1.7.8", - "10.2.1.7.19", - "10.2.1.8", - "10.2.1.19", - "10.2.2.8", - "10.2.2.19", - "10.3.1.8", - "10.3.1.19", - "10.4.1.1.2", - "10.4.1.2", - "10.4.2.3", - "10.6.3.9", - "10.6.3.10", - "10.6.3.24", - "10.7.1.4", - "10.7.2.4", - "5.3.4.9", - "5.3.4.22", - "A1.2.1.10", - "A1.2.1.23", - "A3.3.1.4", - "A3.5.1.4" - ], - "CIS-4.0": [ - "7.1.2.7" - ], - "NIS2": [ - "2.2.3", - "3.2.1", - "3.2.2", - "3.2.3.a", - "3.2.3.f", - "3.2.4", - "3.4.1", - "3.5.4", - "4.3.2.c", - "6.4.1", - "7.2.b", - "11.3.1", - "11.5.2.d" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Create an activity log alert for the Create or Update SQL Server Firewall Rule event.", - "title": "Ensure that Activity Log Alert exists for Create or Update SQL Server Firewall Rule", - "types": [], - "uid": "prowler-azure-monitor_alert_create_update_sqlserver_fr-3bb71587-4549-4396-8898-9e15f062e665-global-Monitor" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "monitor" - }, - "labels": [], - "name": "Monitor", - "type": "Monitor", - "uid": "Monitor" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. Navigate to the Monitor blade. 2. Select Alerts. 3. Select Create. 4. Select Alert rule. 5. Under Filter by subscription, choose a subscription. 6. Under Filter by resource type, select Server Firewall Rule (servers/firewallRules). 7. Under Filter by location, select All. 8. From the results, select the subscription. 9. Select Done. 10. Select the Condition tab. 11. Under Signal name, click Create/Update server firewall rule (Microsoft.Sql/servers/firewallRules). 12. Select the Actions tab. 13. To use an existing action group, click Select action groups. To create a new action group, click Create action group. Fill out the appropriate details for the selection. 14. Select the Details tab. 15. Select a Resource group, provide an Alert rule name and an optional Alert rule description. 16. Click Review + create. 17. Click Create.", - "references": [ - "https://azure.microsoft.com/en-us/updates/classic-alerting-monitoring-retirement" - ] - }, - "risk_details": "Monitoring for Create or Update SQL Server Firewall Rule events gives insight into network access changes and may reduce the time it takes to detect suspicious activity.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There is not an alert for deleting Network Security Groups in subscription Azure subscription 1.", - "metadata": { - "event_code": "monitor_alert_delete_nsg", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "There is not an alert for deleting Network Security Groups in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-in/azure/azure-monitor/platform/alerts-activity-log", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "By default, no monitoring alerts are created.", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.2" - ], - "MITRE-ATTACK": [ - "T1485", - "T1496" - ], - "CIS-2.0": [ - "5.2.4" - ], - "ProwlerThreatScore-1.0": [ - "3.3.6" - ], - "ISO27001-2022": [ - "A.5.7", - "A.8.16" - ], - "SOC2": [ - "cc_2_1", - "cc_5_2", - "cc_7_3", - "cc_7_4", - "cc_8_1" - ], - "CIS-2.1": [ - "5.2.4" - ], - "CIS-3.0": [ - "6.2.4" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR02", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN07.AR02" - ], - "CIS-4.0": [ - "7.1.2.4" - ], - "NIS2": [ - "2.2.3", - "3.2.1", - "3.2.2", - "3.2.3.a", - "3.2.3.f", - "3.2.4", - "3.4.1", - "3.5.4", - "4.3.2.c", - "6.4.1", - "7.2.b", - "11.3.1", - "11.5.2.d" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Create an activity log alert for the Delete Network Security Group event.", - "title": "Ensure that Activity Log Alert exists for Delete Network Security Group", - "types": [], - "uid": "prowler-azure-monitor_alert_delete_nsg-3bb71587-4549-4396-8898-9e15f062e665-global-Monitor" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "monitor" - }, - "labels": [], - "name": "Monitor", - "type": "Monitor", - "uid": "Monitor" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. Navigate to the Monitor blade. 2. Select Alerts. 3. Select Create. 4. Select Alert rule. 5. Under Filter by subscription, choose a subscription. 6. Under Filter by resource type, select Network security groups. 7. Under Filter by location, select All. 8. From the results, select the subscription. 9. Select Done. 10. Select the Condition tab. 11. Under Signal name, click Delete Network Security Group (Microsoft.Network/networkSecurityGroups). 12. Select the Actions tab. 13. To use an existing action group, click Select action groups. To create a new action group, click Create action group. Fill out the appropriate details for the selection. 14. Select the Details tab. 15. Select a Resource group, provide an Alert rule name and an optional Alert rule description. 16. Click Review + create. 17. Click Create.", - "references": [ - "https://azure.microsoft.com/en-us/updates/classic-alerting-monitoring-retirement" - ] - }, - "risk_details": "Monitoring for 'Delete Network Security Group' events gives insight into network access changes and may reduce the time it takes to detect suspicious activity.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There is not an alert for deleting policy assignment in subscription Azure subscription 1.", - "metadata": { - "event_code": "monitor_alert_delete_policy_assignment", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "There is not an alert for deleting policy assignment in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-in/rest/api/monitor/activitylogalerts/createorupdate", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "By default, no monitoring alerts are created.", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.2" - ], - "MITRE-ATTACK": [ - "T1485", - "T1496" - ], - "CIS-2.0": [ - "5.2.2" - ], - "ProwlerThreatScore-1.0": [ - "3.3.4" - ], - "ISO27001-2022": [ - "A.5.7", - "A.8.16" - ], - "SOC2": [ - "cc_2_1", - "cc_5_2", - "cc_7_3", - "cc_7_4", - "cc_8_1" - ], - "CIS-2.1": [ - "5.2.2" - ], - "CIS-3.0": [ - "6.2.2" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR02", - "CCC.Logging.CN07.AR01" - ], - "CIS-4.0": [ - "7.1.2.2" - ], - "NIS2": [ - "2.2.3", - "3.2.1", - "3.2.2", - "3.2.3.b", - "3.2.3.f", - "3.2.4", - "3.4.1", - "3.5.4", - "4.3.2.c", - "6.4.1", - "7.2.b", - "11.3.1", - "11.5.2.d" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Create an activity log alert for the Delete Policy Assignment event.", - "title": "Ensure that Activity Log Alert exists for Delete Policy Assignment", - "types": [], - "uid": "prowler-azure-monitor_alert_delete_policy_assignment-3bb71587-4549-4396-8898-9e15f062e665-global-Monitor" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "monitor" - }, - "labels": [], - "name": "Monitor", - "type": "Monitor", - "uid": "Monitor" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. Navigate to the Monitor blade. 2. Select Alerts. 3. Select Create. 4. Select Alert rule. 5. Under Filter by subscription, choose a subscription. 6. Under Filter by resource type, select Policy assignment (policyAssignments). 7. Under Filter by location, select All. 8. From the results, select the subscription. 9. Select Done. 10. Select the Condition tab. 11. Under Signal name, click Delete policy assignment (Microsoft.Authorization/policyAssignments). 12. Select the Actions tab. 13. To use an existing action group, click Select action groups. To create a new action group, click Create action group. Fill out the appropriate details for the selection. 14. Select the Details tab. 15. Select a Resource group, provide an Alert rule name and an optional Alert rule description. 16. Click Review + create. 17. Click Create.", - "references": [ - "https://docs.microsoft.com/en-in/azure/azure-monitor/platform/alerts-activity-log" - ] - }, - "risk_details": "Monitoring for delete policy assignment events gives insight into changes done in 'azure policy - assignments' and can reduce the time it takes to detect unsolicited changes.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There is not an alert for deleting public IP address rule in subscription Azure subscription 1.", - "metadata": { - "event_code": "monitor_alert_delete_public_ip_address_rule", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "There is not an alert for deleting public IP address rule in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-in/azure/azure-monitor/platform/alerts-activity-log", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "By default, no monitoring alerts are created.", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.2" - ], - "MITRE-ATTACK": [ - "T1485", - "T1496" - ], - "CIS-2.0": [ - "5.2.10" - ], - "ProwlerThreatScore-1.0": [ - "3.3.12" - ], - "ISO27001-2022": [ - "A.5.7", - "A.8.1", - "A.8.16" - ], - "SOC2": [ - "cc_2_1", - "cc_5_2", - "cc_7_3", - "cc_7_4", - "cc_8_1" - ], - "CIS-2.1": [ - "5.2.10" - ], - "CIS-3.0": [ - "6.2.10" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR02", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN07.AR02" - ], - "CIS-4.0": [ - "7.1.2.10" - ], - "NIS2": [ - "2.2.3", - "3.2.1", - "3.2.2", - "3.2.3.a", - "3.2.3.f", - "3.2.4", - "3.4.1", - "3.5.4", - "4.3.2.c", - "6.4.1", - "7.2.b", - "11.5.2.d" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Create an activity log alert for the Delete Public IP Address rule.", - "title": "Ensure that Activity Log Alert exists for Delete Public IP Address rule", - "types": [], - "uid": "prowler-azure-monitor_alert_delete_public_ip_address_rule-3bb71587-4549-4396-8898-9e15f062e665-global-Monitor" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "monitor" - }, - "labels": [], - "name": "Monitor", - "type": "Monitor", - "uid": "Monitor" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. Navigate to the Monitor blade. 2. Select Alerts. 3. Select Create. 4. Select Alert rule. 5. Under Filter by subscription, choose a subscription. 6. Under Filter by resource type, select Public IP addresses. 7. Under Filter by location, select All. 8. From the results, select the subscription. 9. Select Done. 10. Select the Condition tab. 11. Under Signal name, click Delete Public Ip Address (Microsoft.Network/publicIPAddresses). 12. Select the Actions tab. 13. To use an existing action group, click Select action groups. To create a new action group, click Create action group. Fill out the appropriate details for the selection. 14. Select the Details tab. 15. Select a Resource group, provide an Alert rule name and an optional Alert rule description. 16. Click Review + create. 17. Click Create.", - "references": [ - "https://azure.microsoft.com/en-us/updates/classic-alerting-monitoring-retirement" - ] - }, - "risk_details": "Monitoring for Delete Public IP Address events gives insight into network access changes and may reduce the time it takes to detect suspicious activity.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There is not an alert for deleting Security Solution in subscription Azure subscription 1.", - "metadata": { - "event_code": "monitor_alert_delete_security_solution", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "There is not an alert for deleting Security Solution in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-in/azure/azure-monitor/platform/alerts-activity-log", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "By default, no monitoring alerts are created.", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.2" - ], - "MITRE-ATTACK": [ - "T1485", - "T1496" - ], - "CIS-2.0": [ - "5.2.6" - ], - "ProwlerThreatScore-1.0": [ - "3.3.8" - ], - "ISO27001-2022": [ - "A.5.7", - "A.5.16", - "A.5.22", - "A.8.16" - ], - "SOC2": [ - "cc_2_1", - "cc_5_2", - "cc_7_3", - "cc_7_4", - "cc_8_1" - ], - "CIS-2.1": [ - "5.2.6" - ], - "CIS-3.0": [ - "6.2.6" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR02", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN07.AR02" - ], - "CIS-4.0": [ - "7.1.2.6" - ], - "NIS2": [ - "2.2.3", - "3.2.1", - "3.2.2", - "3.2.3.f", - "3.2.4", - "3.4.1", - "3.5.4", - "4.3.2.c", - "6.4.1", - "7.2.b", - "11.5.2.d" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Create an activity log alert for the Delete Security Solution event.", - "title": "Ensure that Activity Log Alert exists for Delete Security Solution", - "types": [], - "uid": "prowler-azure-monitor_alert_delete_security_solution-3bb71587-4549-4396-8898-9e15f062e665-global-Monitor" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "monitor" - }, - "labels": [], - "name": "Monitor", - "type": "Monitor", - "uid": "Monitor" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. Navigate to the Monitor blade. 2. Select Alerts. 3. Select Create. 4. Select Alert rule. 5. Under Filter by subscription, choose a subscription. 6. Under Filter by resource type, select Security Solutions (securitySolutions). 7. Under Filter by location, select All. 8. From the results, select the subscription. 9. Select Done. 10. Select the Condition tab. 11. Under Signal name, click Delete Security Solutions (Microsoft.Security/securitySolutions). 12. Select the Actions tab. 13. To use an existing action group, click Select action groups. To create a new action group, click Create action group. Fill out the appropriate details for the selection. 14. Select the Details tab. 15. Select a Resource group, provide an Alert rule name and an optional Alert rule description. 16. Click Review + create. 17. Click Create.curitySolutions). 7. Under Filter by location, select All. 8. From the results, select the subscription. 9. Select Done. 10. Select the Condition tab. 11. Under Signal name, click Create or Update Security Solutions (Microsoft.Security/securitySolutions). 12. Select the Actions tab. 13. To use an existing action group, click Select action groups. To create a new action group, click Create action group. Fill out the appropriate details for the selection. 14. Select the Details tab. 15. Select a Resource group, provide an Alert rule name and an optional Alert rule description. 16. Click Review + create. 17. Click Create.", - "references": [ - "https://azure.microsoft.com/en-us/updates/classic-alerting-monitoring-retirement" - ] - }, - "risk_details": "Monitoring for Delete Security Solution events gives insight into changes to the active security solutions and may reduce the time it takes to detect suspicious activity.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There is not an alert for deleting SQL Server firewall rule in subscription Azure subscription 1.", - "metadata": { - "event_code": "monitor_alert_delete_sqlserver_fr", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "There is not an alert for deleting SQL Server firewall rule in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-in/azure/azure-monitor/platform/alerts-activity-log", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "By default, no monitoring alerts are created.", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.2" - ], - "MITRE-ATTACK": [ - "T1485", - "T1496" - ], - "CIS-2.0": [ - "5.2.8" - ], - "ProwlerThreatScore-1.0": [ - "3.3.10" - ], - "ISO27001-2022": [ - "A.5.7", - "A.8.16" - ], - "SOC2": [ - "cc_2_1", - "cc_5_2", - "cc_7_3", - "cc_7_4", - "cc_8_1" - ], - "CIS-2.1": [ - "5.2.8" - ], - "CIS-3.0": [ - "6.2.8" - ], - "CCC": [ - "CCC.Logging.CN07.AR01" - ], - "CIS-4.0": [ - "7.1.2.8" - ], - "NIS2": [ - "2.2.3", - "3.2.1", - "3.2.2", - "3.2.3.f", - "3.2.4", - "3.4.1", - "3.5.4", - "4.3.2.c", - "6.4.1", - "7.2.b", - "11.3.1", - "11.5.2.d" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Create an activity log alert for the 'Delete SQL Server Firewall Rule.'", - "title": "Ensure that Activity Log Alert exists for Delete SQL Server Firewall Rule", - "types": [], - "uid": "prowler-azure-monitor_alert_delete_sqlserver_fr-3bb71587-4549-4396-8898-9e15f062e665-global-Monitor" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "monitor" - }, - "labels": [], - "name": "Monitor", - "type": "Monitor", - "uid": "Monitor" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. Navigate to the Monitor blade. 2. Select Alerts. 3. Select Create. 4. Select Alert rule. 5. Under Filter by subscription, choose a subscription. 6. Under Filter by resource type, select Server Firewall Rule (servers/firewallRules). 7. Under Filter by location, select All. 8. From the results, select the subscription. 9. Select Done. 10. Select the Condition tab. 11. Under Signal name, click Delete server firewall rule (Microsoft.Sql/servers/firewallRules). 12. Select the Actions tab. 13. To use an existing action group, click Select action groups. To create a new action group, click Create action group. Fill out the appropriate details for the selection. 14. Select the Details tab. 15. Select a Resource group, provide an Alert rule name and an optional Alert rule description. 16. Click Review + create. 17. Click Create.", - "references": [ - "https://azure.microsoft.com/en-us/updates/classic-alerting-monitoring-retirement" - ] - }, - "risk_details": "Monitoring for Delete SQL Server Firewall Rule events gives insight into SQL network access changes and may reduce the time it takes to detect suspicious activity.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There is no activity log alert for Service Health in subscription Azure subscription 1.", - "metadata": { - "event_code": "monitor_alert_service_health_exists", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "There is no activity log alert for Service Health in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/service-health/overview", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "By default, in your Azure subscription there will not be any activity log alerts configured for Service Health events.", - "compliance": { - "CCC": [ - "CCC.AuditLog.CN03.AR02", - "CCC.KeyMgmt.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN07.AR02" - ], - "CIS-4.0": [ - "7.1.2.11" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Ensure that an Azure activity log alert is configured to trigger when Service Health events occur within your Microsoft Azure cloud account. The alert should activate when new events match the specified conditions in the alert rule configuration.", - "title": "Ensure that an Activity Log Alert exists for Service Health", - "types": [], - "uid": "prowler-azure-monitor_alert_service_health_exists-3bb71587-4549-4396-8898-9e15f062e665-global-Monitor" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "monitor" - }, - "labels": [], - "name": "Monitor", - "type": "Monitor", - "uid": "Monitor" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "Create an activity log alert for Service Health events and configure an action group to notify appropriate personnel.", - "references": [ - "https://learn.microsoft.com/en-us/azure/service-health/alerts-activity-log-service-notifications-portal" - ] - }, - "risk_details": "Lack of monitoring for Service Health events may result in missing critical service issues, planned maintenance, security advisories, or other changes that could impact Azure services and regions in use.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There are no diagnostic settings capturing appropiate categories in subscription Azure subscription 1.", - "metadata": { - "event_code": "monitor_diagnostic_setting_with_appropriate_categories", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "There are no diagnostic settings capturing appropiate categories in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/azure-monitor/essentials/diagnostic-settings", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "When the diagnostic setting is created using Azure Portal, by default no categories are selected.", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.az.md.1", - "op.mon.2.az.md.1" - ], - "CIS-2.0": [ - "5.1.2" - ], - "ProwlerThreatScore-1.0": [ - "3.3.2" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.22" - ], - "SOC2": [ - "cc_8_1" - ], - "CIS-2.1": [ - "5.1.2" - ], - "CIS-3.0": [ - "6.1.2" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR02", - "CCC.AuditLog.CN04.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.LB.CN01.AR02", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.ObjStor.CN06.AR01", - "CCC.Core.CN09.AR02", - "CCC.Core.CN09.AR03", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR02", - "CCC.Core.CN04.AR03", - "CCC.Core.CN07.AR02" - ], - "PCI-4.0": [ - "10.2.1.1.7", - "10.2.1.1.15", - "10.2.1.2.7", - "10.2.1.3.7", - "10.2.1.4.7", - "10.2.1.5.7", - "10.2.1.6.7", - "10.2.1.7.7", - "10.2.1.7", - "10.2.2.7", - "10.3.1.7", - "10.3.2.2", - "10.3.3.4", - "10.3.4.3", - "10.4.1.1.3", - "10.4.1.1.4", - "10.4.1.3", - "10.4.2.4", - "10.5.1.3", - "10.6.3.7", - "10.6.3.15", - "10.7.1.5", - "10.7.2.5", - "11.5.2.4", - "11.6.1.4", - "12.10.5.4", - "5.3.4.7", - "5.3.4.8", - "A1.2.1.7", - "A1.2.1.8", - "A3.3.1.6", - "A3.3.1.7", - "A3.5.1.6", - "A3.5.1.7" - ], - "CIS-4.0": [ - "7.1.1.2" - ], - "NIS2": [ - "2.2.3", - "3.2.1", - "3.2.2", - "3.2.3.c", - "3.2.3.f", - "3.4.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Prerequisite: A Diagnostic Setting must exist. If a Diagnostic Setting does not exist, the navigation and options within this recommendation will not be available. Please review the recommendation at the beginning of this subsection titled: 'Ensure that a 'Diagnostic Setting' exists.' The diagnostic setting should be configured to log the appropriate activities from the control/management plane.", - "title": "Ensure Diagnostic Setting captures appropriate categories", - "types": [], - "uid": "prowler-azure-monitor_diagnostic_setting_with_appropriate_categories-3bb71587-4549-4396-8898-9e15f062e665-global-Monitor" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "monitor" - }, - "labels": [], - "name": "Monitor", - "type": "Monitor", - "uid": "Monitor" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. Go to Azure Monitor 2. Click Activity log 3. Click on Export Activity Logs 4. Select the Subscription from the drop down menu 5. Click on Add diagnostic setting 6. Enter a name for your new Diagnostic Setting 7. Check the following categories: Administrative, Alert, Policy, and Security 8. Choose the destination details according to your organization's needs.", - "references": [ - "https://learn.microsoft.com/en-us/azure/storage/common/manage-storage-analytics-logs?toc=%2Fazure%2Fstorage%2Fblobs%2Ftoc.json&bc=%2Fazure%2Fstorage%2Fblobs%2Fbreadcrumb%2Ftoc.json&tabs=azure-portal" - ] - }, - "risk_details": "A diagnostic setting controls how the diagnostic log is exported. Capturing the diagnostic setting categories for appropriate control/management plane activities allows proper alerting.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No diagnostic settings found in subscription Azure subscription 1.", - "metadata": { - "event_code": "monitor_diagnostic_settings_exists", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "No diagnostic settings found in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/cli/azure/monitor/diagnostic-settings?view=azure-cli-latest", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "By default, diagnostic setting is not set.", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.r5.az.ds.1", - "op.mon.2.r2.az.ma.1" - ], - "CIS-2.0": [ - "5.1.1" - ], - "ProwlerThreatScore-1.0": [ - "3.2.3" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.22" - ], - "SOC2": [ - "cc_8_1" - ], - "CIS-2.1": [ - "5.1.1" - ], - "CIS-3.0": [ - "6.1.1" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN03.AR02", - "CCC.AuditLog.CN04.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.AuditLog.CN06.AR01", - "CCC.AuditLog.CN08.AR01", - "CCC.AuditLog.CN09.AR01", - "CCC.KeyMgmt.CN01.AR01", - "CCC.LB.CN01.AR02", - "CCC.LB.CN06.AR01", - "CCC.LB.CN04.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.AuditLog.CN04.AR01", - "CCC.Logging.CN05.AR01", - "CCC.Logging.CN05.AR02", - "CCC.Logging.CN07.AR01", - "CCC.ObjStor.CN06.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN09.AR01", - "CCC.Core.CN09.AR02", - "CCC.Core.CN09.AR03", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR02", - "CCC.Core.CN04.AR03", - "CCC.Core.CN07.AR02" - ], - "CIS-4.0": [ - "7.1.1.1" - ], - "NIS2": [ - "2.2.3", - "3.2.1", - "3.2.2", - "3.2.3.b", - "3.2.3.c", - "3.2.3.f", - "3.2.3.h", - "3.4.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Enable Diagnostic settings for exporting activity logs. Diagnostic settings are available for each individual resource within a subscription. Settings should be configured for all appropriate resources for your environment.", - "title": "Ensure that a 'Diagnostic Setting' exists for Subscription Activity Logs ", - "types": [], - "uid": "prowler-azure-monitor_diagnostic_settings_exists-3bb71587-4549-4396-8898-9e15f062e665-global-Diagnostic Settings" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "monitor" - }, - "labels": [], - "name": "Diagnostic Settings", - "type": "Monitor", - "uid": "diagnostic_settings" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "To enable Diagnostic Settings on a Subscription: 1. Go to Monitor 2. Click on Activity Log 3. Click on Export Activity Logs 4. Click + Add diagnostic setting 5. Enter a Diagnostic setting name 6. Select Categories for the diagnostic settings 7. Select the appropriate Destination details (this may be Log Analytics, Storage Account, Event Hub, or Partner solution) 8. Click Save To enable Diagnostic Settings on a specific resource: 1. Go to Monitor 2. Click Diagnostic settings 3. Click on the resource that has a diagnostics status of disabled 4. Select Add Diagnostic Setting 5. Enter a Diagnostic setting name 6. Select the appropriate log, metric, and destination. (this may be Log Analytics, Storage Account, Event Hub, or Partner solution) 7. Click save Repeat these step for all resources as needed.", - "references": [ - "https://docs.microsoft.com/en-us/azure/monitoring-and-diagnostics/monitoring-overview-activity-logs#export-the-activity-log-with-a-log-profile" - ] - }, - "risk_details": "A diagnostic setting controls how a diagnostic log is exported. By default, logs are retained only for 90 days. Diagnostic settings should be defined so that logs can be exported and stored for a longer duration in order to analyze security activities within an Azure subscription.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Bastion Host from subscription Azure subscription 1 does not exist", - "metadata": { - "event_code": "network_bastion_host_exists", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Bastion Host from subscription Azure subscription 1 does not exist", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/bastion/bastion-overview#sku", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "The Azure Bastion service incurs additional costs and requires a specific virtual network configuration. The Standard tier offers additional configuration options compared to the Basic tier and may incur additional costs for those added features.", - "compliance": { - "ENS-RD2022": [ - "mp.com.4.r4.az.nt.1" - ], - "CIS-2.0": [ - "7.1" - ], - "ProwlerThreatScore-1.0": [ - "2.1.5" - ], - "ISO27001-2022": [ - "A.8.14", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "CIS-2.1": [ - "7.1" - ], - "CIS-3.0": [ - "8.1" - ], - "CIS-4.0": [ - "9.4.1" - ], - "NIS2": [ - "2.3.1", - "6.7.2.b", - "6.7.2.l", - "11.1.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "The Azure Bastion service allows secure remote access to Azure Virtual Machines over the Internet without exposing remote access protocol ports and services directly to the Internet. The Azure Bastion service provides this access using TLS over 443/TCP, and subscribes to hardened configurations within an organization's Azure Active Directory service.", - "title": "Ensure an Azure Bastion Host Exists", - "types": [], - "uid": "prowler-azure-network_bastion_host_exists-3bb71587-4549-4396-8898-9e15f062e665-global-Bastion Host" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "network" - }, - "labels": [], - "name": "Bastion Host", - "type": "Network", - "uid": "Bastion Host" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "From Azure Portal* 1. Click on Bastions 2. Select the Subscription 3. Select the Resource group 4. Type a Name for the new Bastion host 5. Select a Region 6. Choose Standard next to Tier 7. Use the slider to set the Instance count 8. Select the Virtual network or Create new 9. Select the Subnet named AzureBastionSubnet. Create a Subnet named AzureBastionSubnet using a /26 CIDR range if it doesn't already exist. 10. Selct the appropriate Public IP address option. 11. If Create new is selected for the Public IP address option, provide a Public IP address name. 12. If Use existing is selected for Public IP address option, select an IP address from Choose public IP address 13. Click Next: Tags > 14. Configure the appropriate Tags 15. Click Next: Advanced > 16. Select the appropriate Advanced options 17. Click Next: Review + create > 18. Click Create From Azure CLI az network bastion create --location --name --public-ip-address --resource-group --vnet-name --scale-units --sku Standard [--disable-copy- paste true|false] [--enable-ip-connect true|false] [--enable-tunneling true|false] From PowerShell Create the appropriate Virtual network settings and Public IP Address settings. $subnetName = 'AzureBastionSubnet' $subnet = New-AzVirtualNetworkSubnetConfig -Name $subnetName -AddressPrefix $virtualNet = New-AzVirtualNetwork -Name - ResourceGroupName -Location -AddressPrefix -Subnet $subnet $publicip = New-AzPublicIpAddress -ResourceGroupName - Name -Location -AllocationMethod Dynamic -Sku Standard", - "references": [ - "https://learn.microsoft.com/en-us/powershell/module/az.network/get-azbastion?view=azps-9.2.0" - ] - }, - "risk_details": "The Azure Bastion service allows organizations a more secure means of accessing Azure Virtual Machines over the Internet without assigning public IP addresses to those Virtual Machines. The Azure Bastion service provides Remote Desktop Protocol (RDP) and Secure Shell (SSH) access to Virtual Machines using TLS within a web browser, thus preventing organizations from opening up 3389/TCP and 22/TCP to the Internet on Azure Virtual Machines. Additional benefits of the Bastion service includes Multi-Factor Authentication, Conditional Access Policies, and any other hardening measures configured within Azure Active Directory using a central point of access.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Network Watcher NetworkWatcher_southcentralus from subscription Azure subscription 1 has no flow logs", - "metadata": { - "event_code": "network_flow_log_captured_sent", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Network Watcher NetworkWatcher_southcentralus from subscription Azure subscription 1 has no flow logs", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/security/benchmark/azure/mcsb-logging-threat-detection#lt-4-enable-network-logging-for-security-investigation", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "The impact of configuring NSG Flow logs is primarily one of cost and configuration. If deployed, it will create storage accounts that hold minimal amounts of data on a 5-day lifecycle before feeding to Log Analytics Workspace. This will increase the amount of data stored and used by Azure Monitor.", - "compliance": { - "ENS-RD2022": [ - "op.mon.1.r1.az.nf.1", - "op.mon.3.az.nw.1", - "mp.s.4.r1.az.nt.1" - ], - "MITRE-ATTACK": [ - "T1048", - "T1499" - ], - "CIS-2.0": [ - "5.1.6" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "ISO27001-2022": [ - "A.8.14", - "A.8.15", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "5.1.5" - ], - "CIS-3.0": [ - "6.1.5" - ], - "CCC": [ - "CCC.LB.CN01.AR02", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR01", - "CCC.Core.CN09.AR03", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR02", - "CCC.Core.CN04.AR03" - ], - "CIS-4.0": [ - "7.1.1.5" - ], - "NIS2": [ - "2.1.2.h", - "2.3.1", - "3.2.3.a", - "3.2.3.d", - "3.2.3.g", - "6.7.2.b", - "6.7.2.l", - "11.1.1", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Ensure that network flow logs are captured and fed into a central log analytics workspace.", - "title": "Ensure that network flow logs are captured and fed into a central log analytics workspace.", - "types": [], - "uid": "prowler-azure-network_flow_log_captured_sent-3bb71587-4549-4396-8898-9e15f062e665-southcentralus-NetworkWatcher_southcentralus" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "southcentralus", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_southcentralus", - "name": "NetworkWatcher_southcentralus", - "location": "southcentralus", - "flow_logs": [] - } - }, - "group": { - "name": "network" - }, - "labels": [], - "name": "NetworkWatcher_southcentralus", - "type": "Network", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_southcentralus" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "southcentralus" - }, - "remediation": { - "desc": "1. Navigate to Network Watcher. 2. Select NSG flow logs. 3. Select + Create. 4. Select the desired Subscription. 5. Select + Select NSG. 6. Select a network security group. 7. Click Confirm selection. 8. Select or create a new Storage Account. 9. Input the retention in days to retain the log. 10. Click Next. 11. Under Configuration, select Version 2. 12. If rich analytics are required, select Enable Traffic Analytics, a processing interval, and a Log Analytics Workspace. 13. Select Next. 14. Optionally add Tags. 15. Select Review + create. 16. Select Create. Warning The remediation policy creates remediation deployment and names them by concatenating the subscription name and the resource group name. The MAXIMUM permitted length of a deployment name is 64 characters. Exceeding this will cause the remediation task to fail.", - "references": [ - "https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-nsg-flow-logging-portal" - ] - }, - "risk_details": "Network Flow Logs provide valuable insight into the flow of traffic around your network and feed into both Azure Monitor and Azure Sentinel (if in use), permitting the generation of visual flow diagrams to aid with analyzing for lateral movement, etc.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Network Watcher NetworkWatcher_centralindia from subscription Azure subscription 1 has no flow logs", - "metadata": { - "event_code": "network_flow_log_captured_sent", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Network Watcher NetworkWatcher_centralindia from subscription Azure subscription 1 has no flow logs", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/security/benchmark/azure/mcsb-logging-threat-detection#lt-4-enable-network-logging-for-security-investigation", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "The impact of configuring NSG Flow logs is primarily one of cost and configuration. If deployed, it will create storage accounts that hold minimal amounts of data on a 5-day lifecycle before feeding to Log Analytics Workspace. This will increase the amount of data stored and used by Azure Monitor.", - "compliance": { - "ENS-RD2022": [ - "op.mon.1.r1.az.nf.1", - "op.mon.3.az.nw.1", - "mp.s.4.r1.az.nt.1" - ], - "MITRE-ATTACK": [ - "T1048", - "T1499" - ], - "CIS-2.0": [ - "5.1.6" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "ISO27001-2022": [ - "A.8.14", - "A.8.15", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "5.1.5" - ], - "CIS-3.0": [ - "6.1.5" - ], - "CCC": [ - "CCC.LB.CN01.AR02", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR01", - "CCC.Core.CN09.AR03", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR02", - "CCC.Core.CN04.AR03" - ], - "CIS-4.0": [ - "7.1.1.5" - ], - "NIS2": [ - "2.1.2.h", - "2.3.1", - "3.2.3.a", - "3.2.3.d", - "3.2.3.g", - "6.7.2.b", - "6.7.2.l", - "11.1.1", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Ensure that network flow logs are captured and fed into a central log analytics workspace.", - "title": "Ensure that network flow logs are captured and fed into a central log analytics workspace.", - "types": [], - "uid": "prowler-azure-network_flow_log_captured_sent-3bb71587-4549-4396-8898-9e15f062e665-centralindia-NetworkWatcher_centralindia" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "centralindia", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_centralindia", - "name": "NetworkWatcher_centralindia", - "location": "centralindia", - "flow_logs": [] - } - }, - "group": { - "name": "network" - }, - "labels": [], - "name": "NetworkWatcher_centralindia", - "type": "Network", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_centralindia" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "centralindia" - }, - "remediation": { - "desc": "1. Navigate to Network Watcher. 2. Select NSG flow logs. 3. Select + Create. 4. Select the desired Subscription. 5. Select + Select NSG. 6. Select a network security group. 7. Click Confirm selection. 8. Select or create a new Storage Account. 9. Input the retention in days to retain the log. 10. Click Next. 11. Under Configuration, select Version 2. 12. If rich analytics are required, select Enable Traffic Analytics, a processing interval, and a Log Analytics Workspace. 13. Select Next. 14. Optionally add Tags. 15. Select Review + create. 16. Select Create. Warning The remediation policy creates remediation deployment and names them by concatenating the subscription name and the resource group name. The MAXIMUM permitted length of a deployment name is 64 characters. Exceeding this will cause the remediation task to fail.", - "references": [ - "https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-nsg-flow-logging-portal" - ] - }, - "risk_details": "Network Flow Logs provide valuable insight into the flow of traffic around your network and feed into both Azure Monitor and Azure Sentinel (if in use), permitting the generation of visual flow diagrams to aid with analyzing for lateral movement, etc.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Network Watcher NetworkWatcher_westus2 from subscription Azure subscription 1 has no flow logs", - "metadata": { - "event_code": "network_flow_log_captured_sent", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Network Watcher NetworkWatcher_westus2 from subscription Azure subscription 1 has no flow logs", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/security/benchmark/azure/mcsb-logging-threat-detection#lt-4-enable-network-logging-for-security-investigation", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "The impact of configuring NSG Flow logs is primarily one of cost and configuration. If deployed, it will create storage accounts that hold minimal amounts of data on a 5-day lifecycle before feeding to Log Analytics Workspace. This will increase the amount of data stored and used by Azure Monitor.", - "compliance": { - "ENS-RD2022": [ - "op.mon.1.r1.az.nf.1", - "op.mon.3.az.nw.1", - "mp.s.4.r1.az.nt.1" - ], - "MITRE-ATTACK": [ - "T1048", - "T1499" - ], - "CIS-2.0": [ - "5.1.6" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "ISO27001-2022": [ - "A.8.14", - "A.8.15", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "5.1.5" - ], - "CIS-3.0": [ - "6.1.5" - ], - "CCC": [ - "CCC.LB.CN01.AR02", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR01", - "CCC.Core.CN09.AR03", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR02", - "CCC.Core.CN04.AR03" - ], - "CIS-4.0": [ - "7.1.1.5" - ], - "NIS2": [ - "2.1.2.h", - "2.3.1", - "3.2.3.a", - "3.2.3.d", - "3.2.3.g", - "6.7.2.b", - "6.7.2.l", - "11.1.1", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Ensure that network flow logs are captured and fed into a central log analytics workspace.", - "title": "Ensure that network flow logs are captured and fed into a central log analytics workspace.", - "types": [], - "uid": "prowler-azure-network_flow_log_captured_sent-3bb71587-4549-4396-8898-9e15f062e665-westus2-NetworkWatcher_westus2" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "westus2", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_westus2", - "name": "NetworkWatcher_westus2", - "location": "westus2", - "flow_logs": [] - } - }, - "group": { - "name": "network" - }, - "labels": [], - "name": "NetworkWatcher_westus2", - "type": "Network", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_westus2" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "westus2" - }, - "remediation": { - "desc": "1. Navigate to Network Watcher. 2. Select NSG flow logs. 3. Select + Create. 4. Select the desired Subscription. 5. Select + Select NSG. 6. Select a network security group. 7. Click Confirm selection. 8. Select or create a new Storage Account. 9. Input the retention in days to retain the log. 10. Click Next. 11. Under Configuration, select Version 2. 12. If rich analytics are required, select Enable Traffic Analytics, a processing interval, and a Log Analytics Workspace. 13. Select Next. 14. Optionally add Tags. 15. Select Review + create. 16. Select Create. Warning The remediation policy creates remediation deployment and names them by concatenating the subscription name and the resource group name. The MAXIMUM permitted length of a deployment name is 64 characters. Exceeding this will cause the remediation task to fail.", - "references": [ - "https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-nsg-flow-logging-portal" - ] - }, - "risk_details": "Network Flow Logs provide valuable insight into the flow of traffic around your network and feed into both Azure Monitor and Azure Sentinel (if in use), permitting the generation of visual flow diagrams to aid with analyzing for lateral movement, etc.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Network Watcher NetworkWatcher_swedencentral from subscription Azure subscription 1 has no flow logs", - "metadata": { - "event_code": "network_flow_log_captured_sent", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Network Watcher NetworkWatcher_swedencentral from subscription Azure subscription 1 has no flow logs", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/security/benchmark/azure/mcsb-logging-threat-detection#lt-4-enable-network-logging-for-security-investigation", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "The impact of configuring NSG Flow logs is primarily one of cost and configuration. If deployed, it will create storage accounts that hold minimal amounts of data on a 5-day lifecycle before feeding to Log Analytics Workspace. This will increase the amount of data stored and used by Azure Monitor.", - "compliance": { - "ENS-RD2022": [ - "op.mon.1.r1.az.nf.1", - "op.mon.3.az.nw.1", - "mp.s.4.r1.az.nt.1" - ], - "MITRE-ATTACK": [ - "T1048", - "T1499" - ], - "CIS-2.0": [ - "5.1.6" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "ISO27001-2022": [ - "A.8.14", - "A.8.15", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "5.1.5" - ], - "CIS-3.0": [ - "6.1.5" - ], - "CCC": [ - "CCC.LB.CN01.AR02", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR01", - "CCC.Core.CN09.AR03", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR02", - "CCC.Core.CN04.AR03" - ], - "CIS-4.0": [ - "7.1.1.5" - ], - "NIS2": [ - "2.1.2.h", - "2.3.1", - "3.2.3.a", - "3.2.3.d", - "3.2.3.g", - "6.7.2.b", - "6.7.2.l", - "11.1.1", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Ensure that network flow logs are captured and fed into a central log analytics workspace.", - "title": "Ensure that network flow logs are captured and fed into a central log analytics workspace.", - "types": [], - "uid": "prowler-azure-network_flow_log_captured_sent-3bb71587-4549-4396-8898-9e15f062e665-swedencentral-NetworkWatcher_swedencentral" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "swedencentral", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_swedencentral", - "name": "NetworkWatcher_swedencentral", - "location": "swedencentral", - "flow_logs": [] - } - }, - "group": { - "name": "network" - }, - "labels": [], - "name": "NetworkWatcher_swedencentral", - "type": "Network", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_swedencentral" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "swedencentral" - }, - "remediation": { - "desc": "1. Navigate to Network Watcher. 2. Select NSG flow logs. 3. Select + Create. 4. Select the desired Subscription. 5. Select + Select NSG. 6. Select a network security group. 7. Click Confirm selection. 8. Select or create a new Storage Account. 9. Input the retention in days to retain the log. 10. Click Next. 11. Under Configuration, select Version 2. 12. If rich analytics are required, select Enable Traffic Analytics, a processing interval, and a Log Analytics Workspace. 13. Select Next. 14. Optionally add Tags. 15. Select Review + create. 16. Select Create. Warning The remediation policy creates remediation deployment and names them by concatenating the subscription name and the resource group name. The MAXIMUM permitted length of a deployment name is 64 characters. Exceeding this will cause the remediation task to fail.", - "references": [ - "https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-nsg-flow-logging-portal" - ] - }, - "risk_details": "Network Flow Logs provide valuable insight into the flow of traffic around your network and feed into both Azure Monitor and Azure Sentinel (if in use), permitting the generation of visual flow diagrams to aid with analyzing for lateral movement, etc.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Network Watcher NetworkWatcher_southcentralus from subscription Azure subscription 1 has no flow logs", - "metadata": { - "event_code": "network_flow_log_more_than_90_days", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Network Watcher NetworkWatcher_southcentralus from subscription Azure subscription 1 has no flow logs", - "status_id": 1, - "unmapped": { - "related_url": " https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-nsg-flow-logging-overview", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "This will keep IP traffic logs for longer than 90 days. As a level 2, first determine your need to retain data, then apply your selection here. As this is data stored for longer, your monthly storage costs will increase depending on your data use.", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.r3.az.nt.1", - "op.mon.3.az.nw.1" - ], - "MITRE-ATTACK": [ - "T1499" - ], - "CIS-2.0": [ - "6.5" - ], - "ProwlerThreatScore-1.0": [ - "3.2.1" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1", - "cc_c_1_2" - ], - "CIS-2.1": [ - "6.5" - ], - "CIS-3.0": [ - "7.5" - ], - "CCC": [ - "CCC.Logging.CN02.AR01", - "CCC.Logging.CN02.AR02", - "CCC.VPC.CN04.AR01" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.29", - "10.2.1.3.29", - "10.2.1.4.29", - "10.2.1.5.29", - "10.2.1.6.29", - "10.2.1.7.29", - "10.2.1.29", - "10.2.2.29", - "10.3.1.29", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.34" - ], - "CIS-4.0": [ - "8.8", - "8.5" - ], - "NIS2": [ - "1.1.1.c", - "2.1.2.h", - "2.3.1", - "3.2.3.a", - "3.2.3.g", - "3.2.5", - "4.1.2.g", - "4.1.4", - "4.2.2.f", - "6.1.2.b", - "6.7.2.b", - "6.7.2.l", - "11.1.1", - "11.2.2.f", - "12.2.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Network Security Group Flow Logs should be enabled and the retention period set to greater than or equal to 90 days.", - "title": "Ensure that Network Security Group Flow Log retention period is 0, 90 days or greater", - "types": [], - "uid": "prowler-azure-network_flow_log_more_than_90_days-3bb71587-4549-4396-8898-9e15f062e665-southcentralus-NetworkWatcher_southcentralus" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "southcentralus", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_southcentralus", - "name": "NetworkWatcher_southcentralus", - "location": "southcentralus", - "flow_logs": [] - } - }, - "group": { - "name": "network" - }, - "labels": [], - "name": "NetworkWatcher_southcentralus", - "type": "Network", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_southcentralus" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "southcentralus" - }, - "remediation": { - "desc": "From Azure Portal 1. Go to Network Watcher 2. Select NSG flow logs blade in the Logs section 3. Select each Network Security Group from the list 4. Ensure Status is set to On 5. Ensure Retention (days) setting greater than 90 days 6. Select your storage account in the Storage account field 7. Select Save From Azure CLI Enable the NSG flow logs and set the Retention (days) to greater than or equal to 90 days. az network watcher flow-log configure --nsg --enabled true --resource-group --retention 91 --storage-account ", - "references": [ - "https://docs.microsoft.com/en-us/cli/azure/network/watcher/flow-log?view=azure-cli-latest" - ] - }, - "risk_details": "Flow logs enable capturing information about IP traffic flowing in and out of network security groups. Logs can be used to check for anomalies and give insight into suspected breaches.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Network Watcher NetworkWatcher_centralindia from subscription Azure subscription 1 has no flow logs", - "metadata": { - "event_code": "network_flow_log_more_than_90_days", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Network Watcher NetworkWatcher_centralindia from subscription Azure subscription 1 has no flow logs", - "status_id": 1, - "unmapped": { - "related_url": " https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-nsg-flow-logging-overview", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "This will keep IP traffic logs for longer than 90 days. As a level 2, first determine your need to retain data, then apply your selection here. As this is data stored for longer, your monthly storage costs will increase depending on your data use.", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.r3.az.nt.1", - "op.mon.3.az.nw.1" - ], - "MITRE-ATTACK": [ - "T1499" - ], - "CIS-2.0": [ - "6.5" - ], - "ProwlerThreatScore-1.0": [ - "3.2.1" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1", - "cc_c_1_2" - ], - "CIS-2.1": [ - "6.5" - ], - "CIS-3.0": [ - "7.5" - ], - "CCC": [ - "CCC.Logging.CN02.AR01", - "CCC.Logging.CN02.AR02", - "CCC.VPC.CN04.AR01" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.29", - "10.2.1.3.29", - "10.2.1.4.29", - "10.2.1.5.29", - "10.2.1.6.29", - "10.2.1.7.29", - "10.2.1.29", - "10.2.2.29", - "10.3.1.29", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.34" - ], - "CIS-4.0": [ - "8.8", - "8.5" - ], - "NIS2": [ - "1.1.1.c", - "2.1.2.h", - "2.3.1", - "3.2.3.a", - "3.2.3.g", - "3.2.5", - "4.1.2.g", - "4.1.4", - "4.2.2.f", - "6.1.2.b", - "6.7.2.b", - "6.7.2.l", - "11.1.1", - "11.2.2.f", - "12.2.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Network Security Group Flow Logs should be enabled and the retention period set to greater than or equal to 90 days.", - "title": "Ensure that Network Security Group Flow Log retention period is 0, 90 days or greater", - "types": [], - "uid": "prowler-azure-network_flow_log_more_than_90_days-3bb71587-4549-4396-8898-9e15f062e665-centralindia-NetworkWatcher_centralindia" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "centralindia", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_centralindia", - "name": "NetworkWatcher_centralindia", - "location": "centralindia", - "flow_logs": [] - } - }, - "group": { - "name": "network" - }, - "labels": [], - "name": "NetworkWatcher_centralindia", - "type": "Network", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_centralindia" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "centralindia" - }, - "remediation": { - "desc": "From Azure Portal 1. Go to Network Watcher 2. Select NSG flow logs blade in the Logs section 3. Select each Network Security Group from the list 4. Ensure Status is set to On 5. Ensure Retention (days) setting greater than 90 days 6. Select your storage account in the Storage account field 7. Select Save From Azure CLI Enable the NSG flow logs and set the Retention (days) to greater than or equal to 90 days. az network watcher flow-log configure --nsg --enabled true --resource-group --retention 91 --storage-account ", - "references": [ - "https://docs.microsoft.com/en-us/cli/azure/network/watcher/flow-log?view=azure-cli-latest" - ] - }, - "risk_details": "Flow logs enable capturing information about IP traffic flowing in and out of network security groups. Logs can be used to check for anomalies and give insight into suspected breaches.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Network Watcher NetworkWatcher_westus2 from subscription Azure subscription 1 has no flow logs", - "metadata": { - "event_code": "network_flow_log_more_than_90_days", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Network Watcher NetworkWatcher_westus2 from subscription Azure subscription 1 has no flow logs", - "status_id": 1, - "unmapped": { - "related_url": " https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-nsg-flow-logging-overview", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "This will keep IP traffic logs for longer than 90 days. As a level 2, first determine your need to retain data, then apply your selection here. As this is data stored for longer, your monthly storage costs will increase depending on your data use.", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.r3.az.nt.1", - "op.mon.3.az.nw.1" - ], - "MITRE-ATTACK": [ - "T1499" - ], - "CIS-2.0": [ - "6.5" - ], - "ProwlerThreatScore-1.0": [ - "3.2.1" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1", - "cc_c_1_2" - ], - "CIS-2.1": [ - "6.5" - ], - "CIS-3.0": [ - "7.5" - ], - "CCC": [ - "CCC.Logging.CN02.AR01", - "CCC.Logging.CN02.AR02", - "CCC.VPC.CN04.AR01" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.29", - "10.2.1.3.29", - "10.2.1.4.29", - "10.2.1.5.29", - "10.2.1.6.29", - "10.2.1.7.29", - "10.2.1.29", - "10.2.2.29", - "10.3.1.29", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.34" - ], - "CIS-4.0": [ - "8.8", - "8.5" - ], - "NIS2": [ - "1.1.1.c", - "2.1.2.h", - "2.3.1", - "3.2.3.a", - "3.2.3.g", - "3.2.5", - "4.1.2.g", - "4.1.4", - "4.2.2.f", - "6.1.2.b", - "6.7.2.b", - "6.7.2.l", - "11.1.1", - "11.2.2.f", - "12.2.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Network Security Group Flow Logs should be enabled and the retention period set to greater than or equal to 90 days.", - "title": "Ensure that Network Security Group Flow Log retention period is 0, 90 days or greater", - "types": [], - "uid": "prowler-azure-network_flow_log_more_than_90_days-3bb71587-4549-4396-8898-9e15f062e665-westus2-NetworkWatcher_westus2" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "westus2", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_westus2", - "name": "NetworkWatcher_westus2", - "location": "westus2", - "flow_logs": [] - } - }, - "group": { - "name": "network" - }, - "labels": [], - "name": "NetworkWatcher_westus2", - "type": "Network", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_westus2" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "westus2" - }, - "remediation": { - "desc": "From Azure Portal 1. Go to Network Watcher 2. Select NSG flow logs blade in the Logs section 3. Select each Network Security Group from the list 4. Ensure Status is set to On 5. Ensure Retention (days) setting greater than 90 days 6. Select your storage account in the Storage account field 7. Select Save From Azure CLI Enable the NSG flow logs and set the Retention (days) to greater than or equal to 90 days. az network watcher flow-log configure --nsg --enabled true --resource-group --retention 91 --storage-account ", - "references": [ - "https://docs.microsoft.com/en-us/cli/azure/network/watcher/flow-log?view=azure-cli-latest" - ] - }, - "risk_details": "Flow logs enable capturing information about IP traffic flowing in and out of network security groups. Logs can be used to check for anomalies and give insight into suspected breaches.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Network Watcher NetworkWatcher_swedencentral from subscription Azure subscription 1 has no flow logs", - "metadata": { - "event_code": "network_flow_log_more_than_90_days", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Network Watcher NetworkWatcher_swedencentral from subscription Azure subscription 1 has no flow logs", - "status_id": 1, - "unmapped": { - "related_url": " https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-nsg-flow-logging-overview", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "This will keep IP traffic logs for longer than 90 days. As a level 2, first determine your need to retain data, then apply your selection here. As this is data stored for longer, your monthly storage costs will increase depending on your data use.", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.r3.az.nt.1", - "op.mon.3.az.nw.1" - ], - "MITRE-ATTACK": [ - "T1499" - ], - "CIS-2.0": [ - "6.5" - ], - "ProwlerThreatScore-1.0": [ - "3.2.1" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1", - "cc_c_1_2" - ], - "CIS-2.1": [ - "6.5" - ], - "CIS-3.0": [ - "7.5" - ], - "CCC": [ - "CCC.Logging.CN02.AR01", - "CCC.Logging.CN02.AR02", - "CCC.VPC.CN04.AR01" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.29", - "10.2.1.3.29", - "10.2.1.4.29", - "10.2.1.5.29", - "10.2.1.6.29", - "10.2.1.7.29", - "10.2.1.29", - "10.2.2.29", - "10.3.1.29", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.34" - ], - "CIS-4.0": [ - "8.8", - "8.5" - ], - "NIS2": [ - "1.1.1.c", - "2.1.2.h", - "2.3.1", - "3.2.3.a", - "3.2.3.g", - "3.2.5", - "4.1.2.g", - "4.1.4", - "4.2.2.f", - "6.1.2.b", - "6.7.2.b", - "6.7.2.l", - "11.1.1", - "11.2.2.f", - "12.2.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Network Security Group Flow Logs should be enabled and the retention period set to greater than or equal to 90 days.", - "title": "Ensure that Network Security Group Flow Log retention period is 0, 90 days or greater", - "types": [], - "uid": "prowler-azure-network_flow_log_more_than_90_days-3bb71587-4549-4396-8898-9e15f062e665-swedencentral-NetworkWatcher_swedencentral" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "swedencentral", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_swedencentral", - "name": "NetworkWatcher_swedencentral", - "location": "swedencentral", - "flow_logs": [] - } - }, - "group": { - "name": "network" - }, - "labels": [], - "name": "NetworkWatcher_swedencentral", - "type": "Network", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_swedencentral" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "swedencentral" - }, - "remediation": { - "desc": "From Azure Portal 1. Go to Network Watcher 2. Select NSG flow logs blade in the Logs section 3. Select each Network Security Group from the list 4. Ensure Status is set to On 5. Ensure Retention (days) setting greater than 90 days 6. Select your storage account in the Storage account field 7. Select Save From Azure CLI Enable the NSG flow logs and set the Retention (days) to greater than or equal to 90 days. az network watcher flow-log configure --nsg --enabled true --resource-group --retention 91 --storage-account ", - "references": [ - "https://docs.microsoft.com/en-us/cli/azure/network/watcher/flow-log?view=azure-cli-latest" - ] - }, - "risk_details": "Flow logs enable capturing information about IP traffic flowing in and out of network security groups. Logs can be used to check for anomalies and give insight into suspected breaches.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Security Group nsg-lee8 from subscription Azure subscription 1 has HTTP internet access restricted.", - "metadata": { - "event_code": "network_http_internet_access_restricted", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Security Group nsg-lee8 from subscription Azure subscription 1 has HTTP internet access restricted.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/security/benchmark/azure/security-controls-v3-network-security#ns-1-establish-network-segmentation-boundaries", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.com.3.r2.az.tls.1", - "mp.com.4.r3.az.1", - "mp.com.4.r4.az.nt.1", - "mp.s.4.az.nt.1" - ], - "MITRE-ATTACK": [ - "T1199", - "T1048", - "T1499", - "T1498", - "T1046" - ], - "CIS-2.0": [ - "6.4" - ], - "ProwlerThreatScore-1.0": [ - "2.1.4" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "SOC2": [ - "cc_6_6" - ], - "CIS-2.1": [ - "6.4" - ], - "CIS-3.0": [ - "7.4" - ], - "CCC": [ - "CCC.Build.CN03.AR01", - "CCC.MLDE.CN07.AR01", - "CCC.MLDE.CN07.AR02", - "CCC.MLDE.CN08.AR01", - "CCC.MLDE.CN08.AR02", - "CCC.Core.CN06.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05" - ], - "PCI-4.0": [ - "1.2.5.5", - "1.2.8.25", - "1.3.1.28", - "1.3.2.28", - "1.4.1.6", - "1.4.2.26", - "1.4.4.6", - "1.5.1.25", - "2.2.5.5", - "2.2.7.3", - "4.2.1.1.7", - "4.2.1.3", - "8.3.2.6", - "A1.1.3.25" - ], - "CIS-4.0": [ - "8.4" - ], - "NIS2": [ - "1.1.1.c", - "1.2.1", - "2.3.1", - "6.7.2.b", - "6.7.2.l", - "11.1.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Network security groups should be periodically evaluated for port misconfigurations. Where certain ports and protocols may be exposed to the Internet, they should be evaluated for necessity and restricted wherever they are not explicitly required and narrowly configured.", - "title": "Ensure that HTTP(S) access from the Internet is evaluated and restricted", - "types": [], - "uid": "prowler-azure-network_http_internet_access_restricted-3bb71587-4549-4396-8898-9e15f062e665-westus2-nsg-lee8" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "westus2", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-lee8/providers/Microsoft.Network/networkSecurityGroups/nsg-lee8", - "name": "nsg-lee8", - "location": "westus2", - "security_rules": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-lee8/providers/Microsoft.Network/networkSecurityGroups/nsg-lee8/securityRules/nsgr-lee8", - "name": "nsgr-lee8", - "destination_port_range": "*", - "protocol": "*", - "source_address_prefix": "192.168.0.0/24", - "access": "Deny", - "direction": "Outbound" - } - ] - } - }, - "group": { - "name": "network" - }, - "labels": [], - "name": "nsg-lee8", - "type": "Network", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-lee8/providers/Microsoft.Network/networkSecurityGroups/nsg-lee8" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "westus2" - }, - "remediation": { - "desc": "Where HTTP(S) is not explicitly required and narrowly configured for resources attached to the Network Security Group, Internet-level access to your Azure resources should be restricted or eliminated. For internal access to relevant resources, configure an encrypted network tunnel such as: ExpressRoute Site-to-site VPN Point-to-site VPN", - "references": [] - }, - "risk_details": "The potential security problem with using HTTP(S) over the Internet is that attackers can use various brute force techniques to gain access to Azure resources. Once the attackers gain access, they can use the resource as a launch point for compromising other resources within the Azure tenant.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Security Group nsg-lee8 from subscription Azure subscription 1 has RDP internet access restricted.", - "metadata": { - "event_code": "network_rdp_internet_access_restricted", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Security Group nsg-lee8 from subscription Azure subscription 1 has RDP internet access restricted.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/azure/security/azure-security-network-security-best-practices#disable-rdpssh-access-to-azure-virtual-machines", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.com.1.az.nw.1" - ], - "MITRE-ATTACK": [ - "T1199", - "T1048", - "T1499", - "T1498", - "T1046" - ], - "CIS-2.0": [ - "6.1" - ], - "ProwlerThreatScore-1.0": [ - "2.1.1" - ], - "ISO27001-2022": [ - "A.8.14", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "SOC2": [ - "cc_6_6" - ], - "CIS-2.1": [ - "6.1" - ], - "CIS-3.0": [ - "7.1" - ], - "CCC": [ - "CCC.Build.CN03.AR01", - "CCC.MLDE.CN07.AR01", - "CCC.MLDE.CN07.AR02", - "CCC.MLDE.CN08.AR01", - "CCC.MLDE.CN08.AR02", - "CCC.Core.CN06.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05" - ], - "CIS-4.0": [ - "8.1" - ], - "NIS2": [ - "2.3.1", - "6.7.2.b", - "6.7.2.l", - "11.1.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Network security groups should be periodically evaluated for port misconfigurations. Where certain ports and protocols may be exposed to the Internet, they should be evaluated for necessity and restricted wherever they are not explicitly required.", - "title": "Ensure that RDP access from the Internet is evaluated and restricted", - "types": [], - "uid": "prowler-azure-network_rdp_internet_access_restricted-3bb71587-4549-4396-8898-9e15f062e665-westus2-nsg-lee8" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "westus2", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-lee8/providers/Microsoft.Network/networkSecurityGroups/nsg-lee8", - "name": "nsg-lee8", - "location": "westus2", - "security_rules": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-lee8/providers/Microsoft.Network/networkSecurityGroups/nsg-lee8/securityRules/nsgr-lee8", - "name": "nsgr-lee8", - "destination_port_range": "*", - "protocol": "*", - "source_address_prefix": "192.168.0.0/24", - "access": "Deny", - "direction": "Outbound" - } - ] - } - }, - "group": { - "name": "network" - }, - "labels": [], - "name": "nsg-lee8", - "type": "Network", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-lee8/providers/Microsoft.Network/networkSecurityGroups/nsg-lee8" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "westus2" - }, - "remediation": { - "desc": "Where RDP is not explicitly required and narrowly configured for resources attached to the Network Security Group, Internet-level access to your Azure resources should be restricted or eliminated. For internal access to relevant resources, configure an encrypted network tunnel such as: ExpressRoute Site-to-site VPN Point-to-site VPN", - "references": [ - "https://docs.microsoft.com/en-us/security/benchmark/azure/security-controls-v3-network-security#ns-1-establish-network-segmentation-boundaries" - ] - }, - "risk_details": "The potential security problem with using RDP over the Internet is that attackers can use various brute force techniques to gain access to Azure Virtual Machines. Once the attackers gain access, they can use a virtual machine as a launch point for compromising other machines on an Azure Virtual Network or even attack networked devices outside of Azure.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Security Group nsg-lee8 from subscription Azure subscription 1 has SSH internet access restricted.", - "metadata": { - "event_code": "network_ssh_internet_access_restricted", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Security Group nsg-lee8 from subscription Azure subscription 1 has SSH internet access restricted.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/azure/security/azure-security-network-security-best-practices#disable-rdpssh-access-to-azure-virtual-machines", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.com.1.az.nw.2" - ], - "MITRE-ATTACK": [ - "T1199", - "T1048", - "T1499", - "T1498", - "T1046" - ], - "CIS-2.0": [ - "6.2" - ], - "ProwlerThreatScore-1.0": [ - "2.1.2" - ], - "ISO27001-2022": [ - "A.8.14", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "SOC2": [ - "cc_6_6" - ], - "CIS-2.1": [ - "6.2" - ], - "CIS-3.0": [ - "7.2" - ], - "CCC": [ - "CCC.Build.CN03.AR01", - "CCC.MLDE.CN07.AR01", - "CCC.MLDE.CN07.AR02", - "CCC.MLDE.CN08.AR01", - "CCC.MLDE.CN08.AR02", - "CCC.Core.CN01.AR02", - "CCC.Core.CN06.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05" - ], - "PCI-4.0": [ - "1.2.5.17", - "1.2.8.17", - "1.2.8.18", - "1.2.8.21", - "1.2.8.41", - "1.3.1.19", - "1.3.1.21", - "1.3.1.24", - "1.3.1.45", - "1.3.2.19", - "1.3.2.21", - "1.3.2.24", - "1.3.2.45", - "1.4.1.5", - "1.4.2.18", - "1.4.2.19", - "1.4.2.22", - "1.4.2.43", - "1.4.4.5", - "1.5.1.17", - "1.5.1.18", - "1.5.1.21", - "1.5.1.40", - "2.2.5.17", - "A1.1.3.17", - "A1.1.3.18", - "A1.1.3.21", - "A1.1.3.40" - ], - "CIS-4.0": [ - "8.2" - ], - "NIS2": [ - "2.3.1", - "6.7.2.b", - "6.7.2.l", - "11.1.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Network security groups should be periodically evaluated for port misconfigurations. Where certain ports and protocols may be exposed to the Internet, they should be evaluated for necessity and restricted wherever they are not explicitly required.", - "title": "Ensure that SSH access from the Internet is evaluated and restricted", - "types": [], - "uid": "prowler-azure-network_ssh_internet_access_restricted-3bb71587-4549-4396-8898-9e15f062e665-westus2-nsg-lee8" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "westus2", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-lee8/providers/Microsoft.Network/networkSecurityGroups/nsg-lee8", - "name": "nsg-lee8", - "location": "westus2", - "security_rules": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-lee8/providers/Microsoft.Network/networkSecurityGroups/nsg-lee8/securityRules/nsgr-lee8", - "name": "nsgr-lee8", - "destination_port_range": "*", - "protocol": "*", - "source_address_prefix": "192.168.0.0/24", - "access": "Deny", - "direction": "Outbound" - } - ] - } - }, - "group": { - "name": "network" - }, - "labels": [], - "name": "nsg-lee8", - "type": "Network", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-lee8/providers/Microsoft.Network/networkSecurityGroups/nsg-lee8" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "westus2" - }, - "remediation": { - "desc": "Where SSH is not explicitly required and narrowly configured for resources attached to the Network Security Group, Internet-level access to your Azure resources should be restricted or eliminated. For internal access to relevant resources, configure an encrypted network tunnel such as: ExpressRoute Site-to-site VPN Point-to-site VPN", - "references": [ - "https://docs.microsoft.com/en-us/security/benchmark/azure/security-controls-v3-network-security#ns-1-establish-network-segmentation-boundaries" - ] - }, - "risk_details": "The potential security problem with using SSH over the Internet is that attackers can use various brute force techniques to gain access to Azure Virtual Machines. Once the attackers gain access, they can use a virtual machine as a launch point for compromising other machines on the Azure Virtual Network or even attack networked devices outside of Azure.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Security Group nsg-lee8 from subscription Azure subscription 1 has UDP internet access restricted.", - "metadata": { - "event_code": "network_udp_internet_access_restricted", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Security Group nsg-lee8 from subscription Azure subscription 1 has UDP internet access restricted.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/azure/security/fundamentals/network-best-practices#secure-your-critical-azure-service-resources-to-only-your-virtual-networks", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.com.1.az.nw.3" - ], - "MITRE-ATTACK": [ - "T1199", - "T1048", - "T1499", - "T1498", - "T1046" - ], - "CIS-2.0": [ - "6.3" - ], - "ProwlerThreatScore-1.0": [ - "2.1.3" - ], - "ISO27001-2022": [ - "A.8.14", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "SOC2": [ - "cc_6_6" - ], - "CIS-2.1": [ - "6.3" - ], - "CIS-3.0": [ - "7.3" - ], - "CCC": [ - "CCC.Build.CN03.AR01", - "CCC.MLDE.CN07.AR01", - "CCC.MLDE.CN07.AR02", - "CCC.MLDE.CN08.AR01", - "CCC.MLDE.CN08.AR02", - "CCC.Core.CN06.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05" - ], - "CIS-4.0": [ - "8.3" - ], - "NIS2": [ - "2.3.1", - "6.7.2.b", - "6.7.2.l", - "11.1.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Network security groups should be periodically evaluated for port misconfigurations. Where certain ports and protocols may be exposed to the Internet, they should be evaluated for necessity and restricted wherever they are not explicitly required.", - "title": "Ensure that UDP access from the Internet is evaluated and restricted", - "types": [], - "uid": "prowler-azure-network_udp_internet_access_restricted-3bb71587-4549-4396-8898-9e15f062e665-westus2-nsg-lee8" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "westus2", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-lee8/providers/Microsoft.Network/networkSecurityGroups/nsg-lee8", - "name": "nsg-lee8", - "location": "westus2", - "security_rules": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-lee8/providers/Microsoft.Network/networkSecurityGroups/nsg-lee8/securityRules/nsgr-lee8", - "name": "nsgr-lee8", - "destination_port_range": "*", - "protocol": "*", - "source_address_prefix": "192.168.0.0/24", - "access": "Deny", - "direction": "Outbound" - } - ] - } - }, - "group": { - "name": "network" - }, - "labels": [], - "name": "nsg-lee8", - "type": "Network", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-lee8/providers/Microsoft.Network/networkSecurityGroups/nsg-lee8" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "westus2" - }, - "remediation": { - "desc": "Where UDP is not explicitly required and narrowly configured for resources attached tothe Network Security Group, Internet-level access to your Azure resources should be restricted or eliminated. For internal access to relevant resources, configure an encrypted network tunnel such as: ExpressRouteSite-to-site VPN Point-to-site VPN", - "references": [ - "https://docs.microsoft.com/en-us/azure/security/fundamentals/ddos-best-practices" - ] - }, - "risk_details": "The potential security problem with broadly exposing UDP services over the Internet is that attackers can use DDoS amplification techniques to reflect spoofed UDP traffic from Azure Virtual Machines. The most common types of these attacks use exposed DNS, NTP, SSDP, SNMP, CLDAP and other UDP-based services as amplification sources for disrupting services of other machines on the Azure Virtual Network or even attack networked devices outside of Azure.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Network Watcher is not enabled for the following locations in subscription 'Azure subscription 1': ukwest, malaysiawest, uksouth, koreasouth, norwayeast, uaenorth, australiacentral, switzerlandwest, newzealandnorth, eastus, centralus, northeurope, westindia, eastus2, japanwest, japaneast, australiasoutheast, southafricanorth, mexicocentral, westus, brazilsouth, israelcentral, germanynorth, eastasia, switzerlandnorth, australiaeast, southafricawest, westus3, brazilsoutheast, francesouth, austriaeast, southindia, uaecentral, chilecentral, westeurope, southeastasia, spaincentral, italynorth, germanywestcentral, canadacentral, jioindiawest, polandcentral, australiacentral2, westcentralus, norwaywest, canadaeast, indonesiacentral, northcentralus, qatarcentral, koreacentral, francecentral, jioindiacentral.", - "metadata": { - "event_code": "network_watcher_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Network Watcher is not enabled for the following locations in subscription 'Azure subscription 1': ukwest, malaysiawest, uksouth, koreasouth, norwayeast, uaenorth, australiacentral, switzerlandwest, newzealandnorth, eastus, centralus, northeurope, westindia, eastus2, japanwest, japaneast, australiasoutheast, southafricanorth, mexicocentral, westus, brazilsouth, israelcentral, germanynorth, eastasia, switzerlandnorth, australiaeast, southafricawest, westus3, brazilsoutheast, francesouth, austriaeast, southindia, uaecentral, chilecentral, westeurope, southeastasia, spaincentral, italynorth, germanywestcentral, canadacentral, jioindiawest, polandcentral, australiacentral2, westcentralus, norwaywest, canadaeast, indonesiacentral, northcentralus, qatarcentral, koreacentral, francecentral, jioindiacentral.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-monitoring-overview", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "There are additional costs per transaction to run and store network data. For high-volume networks these charges will add up quickly.", - "compliance": { - "ENS-RD2022": [ - "op.mon.1.az.nw.1", - "op.mon.2.r2.az.ma.1", - "op.mon.3.az.nw.1", - "mp.com.1.az.nw.1", - "mp.com.1.az.nw.2", - "mp.com.1.az.nw.3", - "mp.com.3.az.nw.1" - ], - "MITRE-ATTACK": [ - "T1048", - "T1499", - "T1498", - "T1046", - "T1049" - ], - "CIS-2.0": [ - "6.6" - ], - "ProwlerThreatScore-1.0": [ - "3.3.14" - ], - "ISO27001-2022": [ - "A.8.14", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "CIS-2.1": [ - "6.6" - ], - "CIS-3.0": [ - "7.6" - ], - "CCC": [ - "CCC.LB.CN01.AR02", - "CCC.LB.CN06.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN06.AR01" - ], - "CIS-4.0": [ - "8.6" - ], - "NIS2": [ - "2.3.1", - "6.7.2.b", - "6.7.2.l", - "6.8.2.a", - "11.1.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Enable Network Watcher for Azure subscriptions.", - "title": "Ensure that Network Watcher is 'Enabled' for all locations in the Azure subscription", - "types": [], - "uid": "prowler-azure-network_watcher_enabled-3bb71587-4549-4396-8898-9e15f062e665-global-Network Watcher" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "network" - }, - "labels": [], - "name": "Network Watcher", - "type": "Network", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_*" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "Opting out of Network Watcher automatic enablement is a permanent change. Once you opt-out you cannot opt-in without contacting support.", - "references": [ - "https://learn.microsoft.com/en-us/security/benchmark/azure/security-controls-v2-logging-threat-detection#lt-3-enable-logging-for-azure-network-activities" - ] - }, - "risk_details": "Network diagnostic and visualization tools available with Network Watcher help users understand, diagnose, and gain insights to the network in Azure.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Policy assigment '/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Authorization/policyAssignments/SecurityCenterBuiltIn' is configured with enforcement mode 'Default'.", - "metadata": { - "event_code": "policy_ensure_asc_enforcement_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Policy assigment '/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Authorization/policyAssignments/SecurityCenterBuiltIn' is configured with enforcement mode 'Default'.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/defender-for-cloud/security-policy-concept", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-2.0": [ - "2.1.14" - ], - "ProwlerThreatScore-1.0": [ - "3.3.17" - ], - "ISO27001-2022": [ - "A.5.1" - ], - "CIS-2.1": [ - "2.1.13" - ], - "CIS-3.0": [ - "3.1.11" - ], - "PCI-4.0": [ - "10.2.1.1.31", - "10.4.1.1.5", - "10.4.1.4", - "10.4.2.5", - "10.6.3.36", - "10.7.1.6", - "10.7.2.6", - "A3.3.1.9", - "A3.5.1.9" - ], - "CIS-4.0": [ - "9.1.11" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "None of the settings offered by ASC Default policy should be set to effect Disabled.", - "title": "Ensure Any of the ASC Default Policy Settings are Not Set to 'Disabled'", - "types": [], - "uid": "prowler-azure-policy_ensure_asc_enforcement_enabled-3bb71587-4549-4396-8898-9e15f062e665-global-SecurityCenterBuiltIn" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Authorization/policyAssignments/SecurityCenterBuiltIn", - "name": "SecurityCenterBuiltIn", - "enforcement_mode": "Default" - } - }, - "group": { - "name": "policy" - }, - "labels": [], - "name": "SecurityCenterBuiltIn", - "type": "Microsoft.Authorization/policyAssignments", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Authorization/policyAssignments/SecurityCenterBuiltIn" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. From Azure Home select the Portal Menu 2. Select Policy 3. Select ASC Default for each subscription 4. Click on 'view Assignment' 5. Click on 'Edit assignment' 6. Ensure Policy Enforcement is Enabled 7. Click 'Review + Save'", - "references": [ - "https://learn.microsoft.com/en-us/azure/defender-for-cloud/implement-security-recommendations" - ] - }, - "risk_details": "A security policy defines the desired configuration of your workloads and helps ensure compliance with company or regulatory security requirements. ASC Default policy is associated with every subscription by default. ASC default policy assignment is a set of security recommendations based on best practices. Enabling recommendations in ASC default policy ensures that Azure security center provides the ability to monitor all of the supported recommendations and optionally allow automated action for a few of the supported recommendations.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-e9rn from subscription Azure subscription 1 has allow public access from any Azure service disabled", - "metadata": { - "event_code": "postgresql_flexible_server_allow_access_services_disabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-e9rn from subscription Azure subscription 1 has allow public access from any Azure service disabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/azure/postgresql/concepts-firewall-rules", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.r4.az.sa.3" - ], - "CIS-2.0": [ - "4.3.7" - ], - "ProwlerThreatScore-1.0": [ - "2.2.2" - ], - "ISO27001-2022": [ - "A.8.3" - ], - "CIS-2.1": [ - "4.3.7" - ], - "CIS-3.0": [ - "5.2.5" - ], - "CCC": [ - "CCC.DataWar.CN03.AR01" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Disable access from Azure services to PostgreSQL Database Server.", - "title": "Ensure 'Allow access to Azure services' for PostgreSQL Database Server is disabled", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_allow_access_services_disabled-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-e9rn" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn", - "name": "psql-e9rn", - "resource_group": "rg-e9rn", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-e9rn", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Connection security. 4. Under Firewall rules, set Allow access to Azure services to No. 5. Click Save. From Azure CLI Use the below command to delete the AllowAllWindowsAzureIps rule for PostgreSQL Database. az postgres server firewall-rule delete --name AllowAllWindowsAzureIps -- resource-group --server-name ", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/quickstart-create-server-database-azure-cli#configure-a-server-based-firewall-rule" - ] - }, - "risk_details": "If access from Azure services is enabled, the server's firewall will accept connections from all Azure resources, including resources not in your subscription. This is usually not a desired configuration. Instead, set up firewall rules to allow access from specific network ranges or VNET rules to allow access from specific virtual networks.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-ireu from subscription Azure subscription 1 has allow public access from any Azure service disabled", - "metadata": { - "event_code": "postgresql_flexible_server_allow_access_services_disabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-ireu from subscription Azure subscription 1 has allow public access from any Azure service disabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/azure/postgresql/concepts-firewall-rules", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.r4.az.sa.3" - ], - "CIS-2.0": [ - "4.3.7" - ], - "ProwlerThreatScore-1.0": [ - "2.2.2" - ], - "ISO27001-2022": [ - "A.8.3" - ], - "CIS-2.1": [ - "4.3.7" - ], - "CIS-3.0": [ - "5.2.5" - ], - "CCC": [ - "CCC.DataWar.CN03.AR01" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Disable access from Azure services to PostgreSQL Database Server.", - "title": "Ensure 'Allow access to Azure services' for PostgreSQL Database Server is disabled", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_allow_access_services_disabled-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-ireu" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu", - "name": "psql-ireu", - "resource_group": "rg-ireu", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-ireu", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Connection security. 4. Under Firewall rules, set Allow access to Azure services to No. 5. Click Save. From Azure CLI Use the below command to delete the AllowAllWindowsAzureIps rule for PostgreSQL Database. az postgres server firewall-rule delete --name AllowAllWindowsAzureIps -- resource-group --server-name ", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/quickstart-create-server-database-azure-cli#configure-a-server-based-firewall-rule" - ] - }, - "risk_details": "If access from Azure services is enabled, the server's firewall will accept connections from all Azure resources, including resources not in your subscription. This is usually not a desired configuration. Instead, set up firewall rules to allow access from specific network ranges or VNET rules to allow access from specific virtual networks.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-rk6x from subscription Azure subscription 1 has allow public access from any Azure service disabled", - "metadata": { - "event_code": "postgresql_flexible_server_allow_access_services_disabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-rk6x from subscription Azure subscription 1 has allow public access from any Azure service disabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/azure/postgresql/concepts-firewall-rules", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.r4.az.sa.3" - ], - "CIS-2.0": [ - "4.3.7" - ], - "ProwlerThreatScore-1.0": [ - "2.2.2" - ], - "ISO27001-2022": [ - "A.8.3" - ], - "CIS-2.1": [ - "4.3.7" - ], - "CIS-3.0": [ - "5.2.5" - ], - "CCC": [ - "CCC.DataWar.CN03.AR01" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Disable access from Azure services to PostgreSQL Database Server.", - "title": "Ensure 'Allow access to Azure services' for PostgreSQL Database Server is disabled", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_allow_access_services_disabled-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-rk6x" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x", - "name": "psql-rk6x", - "resource_group": "rg-rk6x", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-rk6x", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Connection security. 4. Under Firewall rules, set Allow access to Azure services to No. 5. Click Save. From Azure CLI Use the below command to delete the AllowAllWindowsAzureIps rule for PostgreSQL Database. az postgres server firewall-rule delete --name AllowAllWindowsAzureIps -- resource-group --server-name ", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/quickstart-create-server-database-azure-cli#configure-a-server-based-firewall-rule" - ] - }, - "risk_details": "If access from Azure services is enabled, the server's firewall will accept connections from all Azure resources, including resources not in your subscription. This is usually not a desired configuration. Instead, set up firewall rules to allow access from specific network ranges or VNET rules to allow access from specific virtual networks.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-rtac from subscription Azure subscription 1 has allow public access from any Azure service disabled", - "metadata": { - "event_code": "postgresql_flexible_server_allow_access_services_disabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-rtac from subscription Azure subscription 1 has allow public access from any Azure service disabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/azure/postgresql/concepts-firewall-rules", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.r4.az.sa.3" - ], - "CIS-2.0": [ - "4.3.7" - ], - "ProwlerThreatScore-1.0": [ - "2.2.2" - ], - "ISO27001-2022": [ - "A.8.3" - ], - "CIS-2.1": [ - "4.3.7" - ], - "CIS-3.0": [ - "5.2.5" - ], - "CCC": [ - "CCC.DataWar.CN03.AR01" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Disable access from Azure services to PostgreSQL Database Server.", - "title": "Ensure 'Allow access to Azure services' for PostgreSQL Database Server is disabled", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_allow_access_services_disabled-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-rtac" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac", - "name": "psql-rtac", - "resource_group": "rg-rtac", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-rtac", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Connection security. 4. Under Firewall rules, set Allow access to Azure services to No. 5. Click Save. From Azure CLI Use the below command to delete the AllowAllWindowsAzureIps rule for PostgreSQL Database. az postgres server firewall-rule delete --name AllowAllWindowsAzureIps -- resource-group --server-name ", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/quickstart-create-server-database-azure-cli#configure-a-server-based-firewall-rule" - ] - }, - "risk_details": "If access from Azure services is enabled, the server's firewall will accept connections from all Azure resources, including resources not in your subscription. This is usually not a desired configuration. Instead, set up firewall rules to allow access from specific network ranges or VNET rules to allow access from specific virtual networks.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-tumw from subscription Azure subscription 1 has allow public access from any Azure service disabled", - "metadata": { - "event_code": "postgresql_flexible_server_allow_access_services_disabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-tumw from subscription Azure subscription 1 has allow public access from any Azure service disabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/azure/postgresql/concepts-firewall-rules", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.r4.az.sa.3" - ], - "CIS-2.0": [ - "4.3.7" - ], - "ProwlerThreatScore-1.0": [ - "2.2.2" - ], - "ISO27001-2022": [ - "A.8.3" - ], - "CIS-2.1": [ - "4.3.7" - ], - "CIS-3.0": [ - "5.2.5" - ], - "CCC": [ - "CCC.DataWar.CN03.AR01" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Disable access from Azure services to PostgreSQL Database Server.", - "title": "Ensure 'Allow access to Azure services' for PostgreSQL Database Server is disabled", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_allow_access_services_disabled-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-tumw" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw", - "name": "psql-tumw", - "resource_group": "rg-tumw", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-tumw", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Connection security. 4. Under Firewall rules, set Allow access to Azure services to No. 5. Click Save. From Azure CLI Use the below command to delete the AllowAllWindowsAzureIps rule for PostgreSQL Database. az postgres server firewall-rule delete --name AllowAllWindowsAzureIps -- resource-group --server-name ", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/quickstart-create-server-database-azure-cli#configure-a-server-based-firewall-rule" - ] - }, - "risk_details": "If access from Azure services is enabled, the server's firewall will accept connections from all Azure resources, including resources not in your subscription. This is usually not a desired configuration. Instead, set up firewall rules to allow access from specific network ranges or VNET rules to allow access from specific virtual networks.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-e9rn from subscription Azure subscription 1 has connection_throttling disabled", - "metadata": { - "event_code": "postgresql_flexible_server_connection_throttling_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Flexible Postgresql server psql-e9rn from subscription Azure subscription 1 has connection_throttling disabled", - "status_id": 1, - "unmapped": { - "related_url": " https://docs.microsoft.com/en-us/rest/api/postgresql/configurations/listbyserver", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-2.0": [ - "4.3.5" - ], - "ProwlerThreatScore-1.0": [ - "3.1.2" - ], - "CIS-2.1": [ - "4.3.5" - ], - "CIS-3.0": [ - "5.2.3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Enable connection_throttling on PostgreSQL Servers.", - "title": "Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_connection_throttling_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-e9rn" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn", - "name": "psql-e9rn", - "resource_group": "rg-e9rn", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-e9rn", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for connection_throttling. 5. Click ON and save. From Azure CLI Use the below command to update connection_throttling configuration. az postgres server configuration set --resource-group -- server-name --name connection_throttling --value on From PowerShell Use the below command to update connection_throttling configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name connection_throttling -Value on", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/how-to-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling connection_throttling helps the PostgreSQL Database to Set the verbosity of logged messages. This in turn generates query and error logs with respect to concurrent connections that could lead to a successful Denial of Service (DoS) attack by exhausting connection resources. A system can also fail or be degraded by an overload of legitimate users. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-ireu from subscription Azure subscription 1 has connection_throttling disabled", - "metadata": { - "event_code": "postgresql_flexible_server_connection_throttling_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Flexible Postgresql server psql-ireu from subscription Azure subscription 1 has connection_throttling disabled", - "status_id": 1, - "unmapped": { - "related_url": " https://docs.microsoft.com/en-us/rest/api/postgresql/configurations/listbyserver", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-2.0": [ - "4.3.5" - ], - "ProwlerThreatScore-1.0": [ - "3.1.2" - ], - "CIS-2.1": [ - "4.3.5" - ], - "CIS-3.0": [ - "5.2.3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Enable connection_throttling on PostgreSQL Servers.", - "title": "Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_connection_throttling_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-ireu" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu", - "name": "psql-ireu", - "resource_group": "rg-ireu", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-ireu", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for connection_throttling. 5. Click ON and save. From Azure CLI Use the below command to update connection_throttling configuration. az postgres server configuration set --resource-group -- server-name --name connection_throttling --value on From PowerShell Use the below command to update connection_throttling configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name connection_throttling -Value on", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/how-to-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling connection_throttling helps the PostgreSQL Database to Set the verbosity of logged messages. This in turn generates query and error logs with respect to concurrent connections that could lead to a successful Denial of Service (DoS) attack by exhausting connection resources. A system can also fail or be degraded by an overload of legitimate users. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-rk6x from subscription Azure subscription 1 has connection_throttling disabled", - "metadata": { - "event_code": "postgresql_flexible_server_connection_throttling_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Flexible Postgresql server psql-rk6x from subscription Azure subscription 1 has connection_throttling disabled", - "status_id": 1, - "unmapped": { - "related_url": " https://docs.microsoft.com/en-us/rest/api/postgresql/configurations/listbyserver", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-2.0": [ - "4.3.5" - ], - "ProwlerThreatScore-1.0": [ - "3.1.2" - ], - "CIS-2.1": [ - "4.3.5" - ], - "CIS-3.0": [ - "5.2.3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Enable connection_throttling on PostgreSQL Servers.", - "title": "Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_connection_throttling_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-rk6x" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x", - "name": "psql-rk6x", - "resource_group": "rg-rk6x", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-rk6x", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for connection_throttling. 5. Click ON and save. From Azure CLI Use the below command to update connection_throttling configuration. az postgres server configuration set --resource-group -- server-name --name connection_throttling --value on From PowerShell Use the below command to update connection_throttling configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name connection_throttling -Value on", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/how-to-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling connection_throttling helps the PostgreSQL Database to Set the verbosity of logged messages. This in turn generates query and error logs with respect to concurrent connections that could lead to a successful Denial of Service (DoS) attack by exhausting connection resources. A system can also fail or be degraded by an overload of legitimate users. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-rtac from subscription Azure subscription 1 has connection_throttling disabled", - "metadata": { - "event_code": "postgresql_flexible_server_connection_throttling_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Flexible Postgresql server psql-rtac from subscription Azure subscription 1 has connection_throttling disabled", - "status_id": 1, - "unmapped": { - "related_url": " https://docs.microsoft.com/en-us/rest/api/postgresql/configurations/listbyserver", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-2.0": [ - "4.3.5" - ], - "ProwlerThreatScore-1.0": [ - "3.1.2" - ], - "CIS-2.1": [ - "4.3.5" - ], - "CIS-3.0": [ - "5.2.3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Enable connection_throttling on PostgreSQL Servers.", - "title": "Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_connection_throttling_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-rtac" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac", - "name": "psql-rtac", - "resource_group": "rg-rtac", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-rtac", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for connection_throttling. 5. Click ON and save. From Azure CLI Use the below command to update connection_throttling configuration. az postgres server configuration set --resource-group -- server-name --name connection_throttling --value on From PowerShell Use the below command to update connection_throttling configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name connection_throttling -Value on", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/how-to-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling connection_throttling helps the PostgreSQL Database to Set the verbosity of logged messages. This in turn generates query and error logs with respect to concurrent connections that could lead to a successful Denial of Service (DoS) attack by exhausting connection resources. A system can also fail or be degraded by an overload of legitimate users. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-tumw from subscription Azure subscription 1 has connection_throttling disabled", - "metadata": { - "event_code": "postgresql_flexible_server_connection_throttling_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Flexible Postgresql server psql-tumw from subscription Azure subscription 1 has connection_throttling disabled", - "status_id": 1, - "unmapped": { - "related_url": " https://docs.microsoft.com/en-us/rest/api/postgresql/configurations/listbyserver", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-2.0": [ - "4.3.5" - ], - "ProwlerThreatScore-1.0": [ - "3.1.2" - ], - "CIS-2.1": [ - "4.3.5" - ], - "CIS-3.0": [ - "5.2.3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Enable connection_throttling on PostgreSQL Servers.", - "title": "Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_connection_throttling_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-tumw" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw", - "name": "psql-tumw", - "resource_group": "rg-tumw", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-tumw", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for connection_throttling. 5. Click ON and save. From Azure CLI Use the below command to update connection_throttling configuration. az postgres server configuration set --resource-group -- server-name --name connection_throttling --value on From PowerShell Use the below command to update connection_throttling configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name connection_throttling -Value on", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/how-to-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling connection_throttling helps the PostgreSQL Database to Set the verbosity of logged messages. This in turn generates query and error logs with respect to concurrent connections that could lead to a successful Denial of Service (DoS) attack by exhausting connection resources. A system can also fail or be degraded by an overload of legitimate users. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-e9rn from subscription Azure subscription 1 has enforce ssl enabled", - "metadata": { - "event_code": "postgresql_flexible_server_enforce_ssl_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-e9rn from subscription Azure subscription 1 has enforce ssl enabled", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/postgresql/single-server/concepts-ssl-connection-security", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": ".", - "compliance": { - "MITRE-ATTACK": [ - "T1040", - "T1530" - ], - "CIS-2.0": [ - "4.3.1" - ], - "ProwlerThreatScore-1.0": [ - "4.1.1", - "4.1.2" - ], - "SOC2": [ - "cc_6_2", - "cc_6_6" - ], - "CIS-2.1": [ - "4.3.1" - ], - "CIS-3.0": [ - "5.2.1", - "5.3.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Enable SSL connection on PostgreSQL Servers.", - "title": "Ensure 'Enforce SSL connection' is set to 'ENABLED' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_enforce_ssl_enabled-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-e9rn" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn", - "name": "psql-e9rn", - "resource_group": "rg-e9rn", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-e9rn", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com 2. Go to Azure Database for PostgreSQL server 3. For each database, click on Connection security 4. In SSL settings, click on ENABLED to enforce SSL connections 5. Click Save From Azure CLI Use the below command to enforce ssl connection for PostgreSQL Database. az postgres server update --resource-group --name --ssl-enforcement Enabled From PowerShell Update-AzPostgreSqlServer -ResourceGroupName -ServerName -SslEnforcement Enabled", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/concepts-ssl-connection-security" - ] - }, - "risk_details": "SSL connectivity helps to provide a new layer of security by connecting database server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between database server and client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and application.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-ireu from subscription Azure subscription 1 has enforce ssl enabled", - "metadata": { - "event_code": "postgresql_flexible_server_enforce_ssl_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-ireu from subscription Azure subscription 1 has enforce ssl enabled", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/postgresql/single-server/concepts-ssl-connection-security", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": ".", - "compliance": { - "MITRE-ATTACK": [ - "T1040", - "T1530" - ], - "CIS-2.0": [ - "4.3.1" - ], - "ProwlerThreatScore-1.0": [ - "4.1.1", - "4.1.2" - ], - "SOC2": [ - "cc_6_2", - "cc_6_6" - ], - "CIS-2.1": [ - "4.3.1" - ], - "CIS-3.0": [ - "5.2.1", - "5.3.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Enable SSL connection on PostgreSQL Servers.", - "title": "Ensure 'Enforce SSL connection' is set to 'ENABLED' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_enforce_ssl_enabled-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-ireu" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu", - "name": "psql-ireu", - "resource_group": "rg-ireu", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-ireu", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com 2. Go to Azure Database for PostgreSQL server 3. For each database, click on Connection security 4. In SSL settings, click on ENABLED to enforce SSL connections 5. Click Save From Azure CLI Use the below command to enforce ssl connection for PostgreSQL Database. az postgres server update --resource-group --name --ssl-enforcement Enabled From PowerShell Update-AzPostgreSqlServer -ResourceGroupName -ServerName -SslEnforcement Enabled", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/concepts-ssl-connection-security" - ] - }, - "risk_details": "SSL connectivity helps to provide a new layer of security by connecting database server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between database server and client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and application.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-rk6x from subscription Azure subscription 1 has enforce ssl enabled", - "metadata": { - "event_code": "postgresql_flexible_server_enforce_ssl_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-rk6x from subscription Azure subscription 1 has enforce ssl enabled", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/postgresql/single-server/concepts-ssl-connection-security", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": ".", - "compliance": { - "MITRE-ATTACK": [ - "T1040", - "T1530" - ], - "CIS-2.0": [ - "4.3.1" - ], - "ProwlerThreatScore-1.0": [ - "4.1.1", - "4.1.2" - ], - "SOC2": [ - "cc_6_2", - "cc_6_6" - ], - "CIS-2.1": [ - "4.3.1" - ], - "CIS-3.0": [ - "5.2.1", - "5.3.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Enable SSL connection on PostgreSQL Servers.", - "title": "Ensure 'Enforce SSL connection' is set to 'ENABLED' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_enforce_ssl_enabled-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-rk6x" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x", - "name": "psql-rk6x", - "resource_group": "rg-rk6x", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-rk6x", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com 2. Go to Azure Database for PostgreSQL server 3. For each database, click on Connection security 4. In SSL settings, click on ENABLED to enforce SSL connections 5. Click Save From Azure CLI Use the below command to enforce ssl connection for PostgreSQL Database. az postgres server update --resource-group --name --ssl-enforcement Enabled From PowerShell Update-AzPostgreSqlServer -ResourceGroupName -ServerName -SslEnforcement Enabled", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/concepts-ssl-connection-security" - ] - }, - "risk_details": "SSL connectivity helps to provide a new layer of security by connecting database server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between database server and client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and application.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-rtac from subscription Azure subscription 1 has enforce ssl enabled", - "metadata": { - "event_code": "postgresql_flexible_server_enforce_ssl_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-rtac from subscription Azure subscription 1 has enforce ssl enabled", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/postgresql/single-server/concepts-ssl-connection-security", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": ".", - "compliance": { - "MITRE-ATTACK": [ - "T1040", - "T1530" - ], - "CIS-2.0": [ - "4.3.1" - ], - "ProwlerThreatScore-1.0": [ - "4.1.1", - "4.1.2" - ], - "SOC2": [ - "cc_6_2", - "cc_6_6" - ], - "CIS-2.1": [ - "4.3.1" - ], - "CIS-3.0": [ - "5.2.1", - "5.3.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Enable SSL connection on PostgreSQL Servers.", - "title": "Ensure 'Enforce SSL connection' is set to 'ENABLED' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_enforce_ssl_enabled-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-rtac" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac", - "name": "psql-rtac", - "resource_group": "rg-rtac", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-rtac", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com 2. Go to Azure Database for PostgreSQL server 3. For each database, click on Connection security 4. In SSL settings, click on ENABLED to enforce SSL connections 5. Click Save From Azure CLI Use the below command to enforce ssl connection for PostgreSQL Database. az postgres server update --resource-group --name --ssl-enforcement Enabled From PowerShell Update-AzPostgreSqlServer -ResourceGroupName -ServerName -SslEnforcement Enabled", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/concepts-ssl-connection-security" - ] - }, - "risk_details": "SSL connectivity helps to provide a new layer of security by connecting database server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between database server and client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and application.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-tumw from subscription Azure subscription 1 has enforce ssl enabled", - "metadata": { - "event_code": "postgresql_flexible_server_enforce_ssl_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-tumw from subscription Azure subscription 1 has enforce ssl enabled", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/postgresql/single-server/concepts-ssl-connection-security", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": ".", - "compliance": { - "MITRE-ATTACK": [ - "T1040", - "T1530" - ], - "CIS-2.0": [ - "4.3.1" - ], - "ProwlerThreatScore-1.0": [ - "4.1.1", - "4.1.2" - ], - "SOC2": [ - "cc_6_2", - "cc_6_6" - ], - "CIS-2.1": [ - "4.3.1" - ], - "CIS-3.0": [ - "5.2.1", - "5.3.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Enable SSL connection on PostgreSQL Servers.", - "title": "Ensure 'Enforce SSL connection' is set to 'ENABLED' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_enforce_ssl_enabled-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-tumw" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw", - "name": "psql-tumw", - "resource_group": "rg-tumw", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-tumw", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com 2. Go to Azure Database for PostgreSQL server 3. For each database, click on Connection security 4. In SSL settings, click on ENABLED to enforce SSL connections 5. Click Save From Azure CLI Use the below command to enforce ssl connection for PostgreSQL Database. az postgres server update --resource-group --name --ssl-enforcement Enabled From PowerShell Update-AzPostgreSqlServer -ResourceGroupName -ServerName -SslEnforcement Enabled", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/concepts-ssl-connection-security" - ] - }, - "risk_details": "SSL connectivity helps to provide a new layer of security by connecting database server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between database server and client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and application.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-e9rn from subscription Azure subscription 1 has log_checkpoints enabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_checkpoints_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-e9rn from subscription Azure subscription 1 has log_checkpoints enabled", - "status_id": 1, - "unmapped": { - "related_url": " https://docs.microsoft.com/en-us/rest/api/postgresql/singleserver/configurations/list-by-server", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.3" - ], - "CIS-2.0": [ - "4.3.2" - ], - "ProwlerThreatScore-1.0": [ - "3.1.1" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "4.3.2" - ], - "CIS-3.0": [ - "5.2.2" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.g", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Enable log_checkpoints on PostgreSQL Servers.", - "title": "Ensure Server Parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_checkpoints_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-e9rn" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn", - "name": "psql-e9rn", - "resource_group": "rg-e9rn", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-e9rn", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. From Azure Home select the Portal Menu. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for log_checkpoints. 5. Click ON and save. From Azure CLI Use the below command to update log_checkpoints configuration. az postgres server configuration set --resource-group -- server-name --name log_checkpoints --value on From PowerShell Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_checkpoints -Value on", - "references": [ - "https://docs.microsoft.com/en-us/azure/postgresql/howto-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling log_checkpoints helps the PostgreSQL Database to Log each checkpoint in turn generates query and error logs. However, access to transaction logs is not supported. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-ireu from subscription Azure subscription 1 has log_checkpoints enabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_checkpoints_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-ireu from subscription Azure subscription 1 has log_checkpoints enabled", - "status_id": 1, - "unmapped": { - "related_url": " https://docs.microsoft.com/en-us/rest/api/postgresql/singleserver/configurations/list-by-server", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.3" - ], - "CIS-2.0": [ - "4.3.2" - ], - "ProwlerThreatScore-1.0": [ - "3.1.1" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "4.3.2" - ], - "CIS-3.0": [ - "5.2.2" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.g", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Enable log_checkpoints on PostgreSQL Servers.", - "title": "Ensure Server Parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_checkpoints_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-ireu" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu", - "name": "psql-ireu", - "resource_group": "rg-ireu", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-ireu", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. From Azure Home select the Portal Menu. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for log_checkpoints. 5. Click ON and save. From Azure CLI Use the below command to update log_checkpoints configuration. az postgres server configuration set --resource-group -- server-name --name log_checkpoints --value on From PowerShell Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_checkpoints -Value on", - "references": [ - "https://docs.microsoft.com/en-us/azure/postgresql/howto-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling log_checkpoints helps the PostgreSQL Database to Log each checkpoint in turn generates query and error logs. However, access to transaction logs is not supported. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-rk6x from subscription Azure subscription 1 has log_checkpoints enabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_checkpoints_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-rk6x from subscription Azure subscription 1 has log_checkpoints enabled", - "status_id": 1, - "unmapped": { - "related_url": " https://docs.microsoft.com/en-us/rest/api/postgresql/singleserver/configurations/list-by-server", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.3" - ], - "CIS-2.0": [ - "4.3.2" - ], - "ProwlerThreatScore-1.0": [ - "3.1.1" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "4.3.2" - ], - "CIS-3.0": [ - "5.2.2" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.g", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Enable log_checkpoints on PostgreSQL Servers.", - "title": "Ensure Server Parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_checkpoints_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-rk6x" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x", - "name": "psql-rk6x", - "resource_group": "rg-rk6x", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-rk6x", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. From Azure Home select the Portal Menu. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for log_checkpoints. 5. Click ON and save. From Azure CLI Use the below command to update log_checkpoints configuration. az postgres server configuration set --resource-group -- server-name --name log_checkpoints --value on From PowerShell Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_checkpoints -Value on", - "references": [ - "https://docs.microsoft.com/en-us/azure/postgresql/howto-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling log_checkpoints helps the PostgreSQL Database to Log each checkpoint in turn generates query and error logs. However, access to transaction logs is not supported. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-rtac from subscription Azure subscription 1 has log_checkpoints enabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_checkpoints_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-rtac from subscription Azure subscription 1 has log_checkpoints enabled", - "status_id": 1, - "unmapped": { - "related_url": " https://docs.microsoft.com/en-us/rest/api/postgresql/singleserver/configurations/list-by-server", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.3" - ], - "CIS-2.0": [ - "4.3.2" - ], - "ProwlerThreatScore-1.0": [ - "3.1.1" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "4.3.2" - ], - "CIS-3.0": [ - "5.2.2" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.g", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Enable log_checkpoints on PostgreSQL Servers.", - "title": "Ensure Server Parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_checkpoints_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-rtac" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac", - "name": "psql-rtac", - "resource_group": "rg-rtac", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-rtac", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. From Azure Home select the Portal Menu. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for log_checkpoints. 5. Click ON and save. From Azure CLI Use the below command to update log_checkpoints configuration. az postgres server configuration set --resource-group -- server-name --name log_checkpoints --value on From PowerShell Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_checkpoints -Value on", - "references": [ - "https://docs.microsoft.com/en-us/azure/postgresql/howto-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling log_checkpoints helps the PostgreSQL Database to Log each checkpoint in turn generates query and error logs. However, access to transaction logs is not supported. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-tumw from subscription Azure subscription 1 has log_checkpoints enabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_checkpoints_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-tumw from subscription Azure subscription 1 has log_checkpoints enabled", - "status_id": 1, - "unmapped": { - "related_url": " https://docs.microsoft.com/en-us/rest/api/postgresql/singleserver/configurations/list-by-server", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.3" - ], - "CIS-2.0": [ - "4.3.2" - ], - "ProwlerThreatScore-1.0": [ - "3.1.1" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "4.3.2" - ], - "CIS-3.0": [ - "5.2.2" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.g", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Enable log_checkpoints on PostgreSQL Servers.", - "title": "Ensure Server Parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_checkpoints_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-tumw" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw", - "name": "psql-tumw", - "resource_group": "rg-tumw", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-tumw", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. From Azure Home select the Portal Menu. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for log_checkpoints. 5. Click ON and save. From Azure CLI Use the below command to update log_checkpoints configuration. az postgres server configuration set --resource-group -- server-name --name log_checkpoints --value on From PowerShell Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_checkpoints -Value on", - "references": [ - "https://docs.microsoft.com/en-us/azure/postgresql/howto-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling log_checkpoints helps the PostgreSQL Database to Log each checkpoint in turn generates query and error logs. However, access to transaction logs is not supported. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-e9rn from subscription Azure subscription 1 has log_connections enabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_connections_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-e9rn from subscription Azure subscription 1 has log_connections enabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/rest/api/postgresql/configurations/listbyserver", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.3" - ], - "CIS-2.0": [ - "4.3.3" - ], - "ProwlerThreatScore-1.0": [ - "3.1.3" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "4.3.3" - ], - "CIS-3.0": [ - "5.2.6" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.c", - "3.2.3.e", - "3.2.3.g", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Enable log_connections on PostgreSQL Servers.", - "title": "Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_connections_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-e9rn" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn", - "name": "psql-e9rn", - "resource_group": "rg-e9rn", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-e9rn", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for log_connections. 5. Click ON and save. From Azure CLI Use the below command to update log_connections configuration. az postgres server configuration set --resource-group -- server-name --name log_connections --value on From PowerShell Use the below command to update log_connections configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_connections -Value on", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/how-to-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling log_connections helps PostgreSQL Database to log attempted connection to the server, as well as successful completion of client authentication. Log data can be used to identify, troubleshoot, and repair configuration errors and suboptimal performance.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-ireu from subscription Azure subscription 1 has log_connections enabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_connections_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-ireu from subscription Azure subscription 1 has log_connections enabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/rest/api/postgresql/configurations/listbyserver", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.3" - ], - "CIS-2.0": [ - "4.3.3" - ], - "ProwlerThreatScore-1.0": [ - "3.1.3" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "4.3.3" - ], - "CIS-3.0": [ - "5.2.6" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.c", - "3.2.3.e", - "3.2.3.g", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Enable log_connections on PostgreSQL Servers.", - "title": "Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_connections_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-ireu" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu", - "name": "psql-ireu", - "resource_group": "rg-ireu", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-ireu", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for log_connections. 5. Click ON and save. From Azure CLI Use the below command to update log_connections configuration. az postgres server configuration set --resource-group -- server-name --name log_connections --value on From PowerShell Use the below command to update log_connections configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_connections -Value on", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/how-to-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling log_connections helps PostgreSQL Database to log attempted connection to the server, as well as successful completion of client authentication. Log data can be used to identify, troubleshoot, and repair configuration errors and suboptimal performance.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-rk6x from subscription Azure subscription 1 has log_connections enabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_connections_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-rk6x from subscription Azure subscription 1 has log_connections enabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/rest/api/postgresql/configurations/listbyserver", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.3" - ], - "CIS-2.0": [ - "4.3.3" - ], - "ProwlerThreatScore-1.0": [ - "3.1.3" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "4.3.3" - ], - "CIS-3.0": [ - "5.2.6" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.c", - "3.2.3.e", - "3.2.3.g", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Enable log_connections on PostgreSQL Servers.", - "title": "Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_connections_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-rk6x" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x", - "name": "psql-rk6x", - "resource_group": "rg-rk6x", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-rk6x", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for log_connections. 5. Click ON and save. From Azure CLI Use the below command to update log_connections configuration. az postgres server configuration set --resource-group -- server-name --name log_connections --value on From PowerShell Use the below command to update log_connections configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_connections -Value on", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/how-to-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling log_connections helps PostgreSQL Database to log attempted connection to the server, as well as successful completion of client authentication. Log data can be used to identify, troubleshoot, and repair configuration errors and suboptimal performance.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-rtac from subscription Azure subscription 1 has log_connections enabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_connections_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-rtac from subscription Azure subscription 1 has log_connections enabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/rest/api/postgresql/configurations/listbyserver", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.3" - ], - "CIS-2.0": [ - "4.3.3" - ], - "ProwlerThreatScore-1.0": [ - "3.1.3" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "4.3.3" - ], - "CIS-3.0": [ - "5.2.6" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.c", - "3.2.3.e", - "3.2.3.g", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Enable log_connections on PostgreSQL Servers.", - "title": "Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_connections_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-rtac" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac", - "name": "psql-rtac", - "resource_group": "rg-rtac", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-rtac", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for log_connections. 5. Click ON and save. From Azure CLI Use the below command to update log_connections configuration. az postgres server configuration set --resource-group -- server-name --name log_connections --value on From PowerShell Use the below command to update log_connections configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_connections -Value on", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/how-to-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling log_connections helps PostgreSQL Database to log attempted connection to the server, as well as successful completion of client authentication. Log data can be used to identify, troubleshoot, and repair configuration errors and suboptimal performance.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-tumw from subscription Azure subscription 1 has log_connections enabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_connections_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-tumw from subscription Azure subscription 1 has log_connections enabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/rest/api/postgresql/configurations/listbyserver", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.3" - ], - "CIS-2.0": [ - "4.3.3" - ], - "ProwlerThreatScore-1.0": [ - "3.1.3" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "4.3.3" - ], - "CIS-3.0": [ - "5.2.6" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.c", - "3.2.3.e", - "3.2.3.g", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Enable log_connections on PostgreSQL Servers.", - "title": "Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_connections_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-tumw" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw", - "name": "psql-tumw", - "resource_group": "rg-tumw", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-tumw", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for log_connections. 5. Click ON and save. From Azure CLI Use the below command to update log_connections configuration. az postgres server configuration set --resource-group -- server-name --name log_connections --value on From PowerShell Use the below command to update log_connections configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_connections -Value on", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/how-to-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling log_connections helps PostgreSQL Database to log attempted connection to the server, as well as successful completion of client authentication. Log data can be used to identify, troubleshoot, and repair configuration errors and suboptimal performance.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-e9rn from subscription Azure subscription 1 has log_disconnections enabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_disconnections_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-e9rn from subscription Azure subscription 1 has log_disconnections enabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/rest/api/postgresql/singleserver/configurations/list-by-server", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Enabling this setting will enable a log of all disconnections. If this is enabled for a high traffic server, the log may grow exponentially.", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.3" - ], - "CIS-2.0": [ - "4.3.4" - ], - "ProwlerThreatScore-1.0": [ - "3.1.4" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "4.3.4" - ], - "CIS-3.0": [ - "5.2.7" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.c", - "3.2.3.e", - "3.2.3.g", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Enable log_disconnections on PostgreSQL Servers.", - "title": "Ensure server parameter 'log_disconnections' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_disconnections_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-e9rn" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn", - "name": "psql-e9rn", - "resource_group": "rg-e9rn", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-e9rn", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. From Azure Home select the Portal Menu 2. Go to Azure Database for PostgreSQL servers 3. For each database, click on Server parameters 4. Search for log_disconnections. 5. Click ON and save. From Azure CLI Use the below command to update log_disconnections configuration. az postgres server configuration set --resource-group -- server-name --name log_disconnections --value on From PowerShell Use the below command to update log_disconnections configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName -- server-name --name log_disconnections --value on From PowerShell Use the below command to update log_disconnections configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName -- server-name --name log_disconnections --value on From PowerShell Use the below command to update log_disconnections configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName -- server-name --name log_disconnections --value on From PowerShell Use the below command to update log_disconnections configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName -- server-name --name log_disconnections --value on From PowerShell Use the below command to update log_disconnections configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName -- server-name --name log_retention_days --value <4-7> From Powershell Use the below command to update log_retention_days configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_retention_days -Value <4-7>", - "references": [ - "https://learn.microsoft.com/en-us/rest/api/postgresql/singleserver/configurations/list-by-server?view=rest-postgresql-singleserver-2017-12-01&tabs=HTTP" - ] - }, - "risk_details": "Configuring log_retention_days determines the duration in days that Azure Database for PostgreSQL retains log files. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-ireu from subscription Azure subscription 1 has log_retention disabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_retention_days_greater_3", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Flexible Postgresql server psql-ireu from subscription Azure subscription 1 has log_retention disabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/azure/postgresql/howto-configure-server-parameters-using-portal", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Configuring this setting will result in logs being retained for the specified number of days. If this is configured on a high traffic server, the log may grow quickly to occupy a large amount of disk space. In this case you may want to set this to a lower number.", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.r3.az.nt.1", - "op.mon.3.az.nw.1" - ], - "CIS-2.0": [ - "4.3.6" - ], - "ProwlerThreatScore-1.0": [ - "3.2.2" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1", - "cc_c_1_2" - ], - "CIS-2.1": [ - "4.3.6" - ], - "CIS-3.0": [ - "5.2.4" - ], - "CCC": [ - "CCC.Logging.CN02.AR02" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.g", - "3.2.5", - "4.1.2.g", - "4.1.4", - "6.1.2.b", - "11.2.2.f", - "12.2.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Ensure log_retention_days on PostgreSQL Servers is set to an appropriate value.", - "title": "Ensure Server Parameter 'log_retention_days' is greater than 3 days for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_retention_days_greater_3-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-ireu" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu", - "name": "psql-ireu", - "resource_group": "rg-ireu", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-ireu", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. From Azure Home select the Portal Menu. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for log_retention_days. 5. Input a value between 4 and 7 (inclusive) and click Save. From Azure CLI Use the below command to update log_retention_days configuration. az postgres server configuration set --resource-group -- server-name --name log_retention_days --value <4-7> From Powershell Use the below command to update log_retention_days configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_retention_days -Value <4-7>", - "references": [ - "https://learn.microsoft.com/en-us/rest/api/postgresql/singleserver/configurations/list-by-server?view=rest-postgresql-singleserver-2017-12-01&tabs=HTTP" - ] - }, - "risk_details": "Configuring log_retention_days determines the duration in days that Azure Database for PostgreSQL retains log files. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-rk6x from subscription Azure subscription 1 has log_retention disabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_retention_days_greater_3", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Flexible Postgresql server psql-rk6x from subscription Azure subscription 1 has log_retention disabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/azure/postgresql/howto-configure-server-parameters-using-portal", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Configuring this setting will result in logs being retained for the specified number of days. If this is configured on a high traffic server, the log may grow quickly to occupy a large amount of disk space. In this case you may want to set this to a lower number.", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.r3.az.nt.1", - "op.mon.3.az.nw.1" - ], - "CIS-2.0": [ - "4.3.6" - ], - "ProwlerThreatScore-1.0": [ - "3.2.2" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1", - "cc_c_1_2" - ], - "CIS-2.1": [ - "4.3.6" - ], - "CIS-3.0": [ - "5.2.4" - ], - "CCC": [ - "CCC.Logging.CN02.AR02" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.g", - "3.2.5", - "4.1.2.g", - "4.1.4", - "6.1.2.b", - "11.2.2.f", - "12.2.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Ensure log_retention_days on PostgreSQL Servers is set to an appropriate value.", - "title": "Ensure Server Parameter 'log_retention_days' is greater than 3 days for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_retention_days_greater_3-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-rk6x" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x", - "name": "psql-rk6x", - "resource_group": "rg-rk6x", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-rk6x", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. From Azure Home select the Portal Menu. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for log_retention_days. 5. Input a value between 4 and 7 (inclusive) and click Save. From Azure CLI Use the below command to update log_retention_days configuration. az postgres server configuration set --resource-group -- server-name --name log_retention_days --value <4-7> From Powershell Use the below command to update log_retention_days configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_retention_days -Value <4-7>", - "references": [ - "https://learn.microsoft.com/en-us/rest/api/postgresql/singleserver/configurations/list-by-server?view=rest-postgresql-singleserver-2017-12-01&tabs=HTTP" - ] - }, - "risk_details": "Configuring log_retention_days determines the duration in days that Azure Database for PostgreSQL retains log files. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-rtac from subscription Azure subscription 1 has log_retention disabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_retention_days_greater_3", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Flexible Postgresql server psql-rtac from subscription Azure subscription 1 has log_retention disabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/azure/postgresql/howto-configure-server-parameters-using-portal", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Configuring this setting will result in logs being retained for the specified number of days. If this is configured on a high traffic server, the log may grow quickly to occupy a large amount of disk space. In this case you may want to set this to a lower number.", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.r3.az.nt.1", - "op.mon.3.az.nw.1" - ], - "CIS-2.0": [ - "4.3.6" - ], - "ProwlerThreatScore-1.0": [ - "3.2.2" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1", - "cc_c_1_2" - ], - "CIS-2.1": [ - "4.3.6" - ], - "CIS-3.0": [ - "5.2.4" - ], - "CCC": [ - "CCC.Logging.CN02.AR02" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.g", - "3.2.5", - "4.1.2.g", - "4.1.4", - "6.1.2.b", - "11.2.2.f", - "12.2.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Ensure log_retention_days on PostgreSQL Servers is set to an appropriate value.", - "title": "Ensure Server Parameter 'log_retention_days' is greater than 3 days for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_retention_days_greater_3-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-rtac" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac", - "name": "psql-rtac", - "resource_group": "rg-rtac", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-rtac", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. From Azure Home select the Portal Menu. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for log_retention_days. 5. Input a value between 4 and 7 (inclusive) and click Save. From Azure CLI Use the below command to update log_retention_days configuration. az postgres server configuration set --resource-group -- server-name --name log_retention_days --value <4-7> From Powershell Use the below command to update log_retention_days configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_retention_days -Value <4-7>", - "references": [ - "https://learn.microsoft.com/en-us/rest/api/postgresql/singleserver/configurations/list-by-server?view=rest-postgresql-singleserver-2017-12-01&tabs=HTTP" - ] - }, - "risk_details": "Configuring log_retention_days determines the duration in days that Azure Database for PostgreSQL retains log files. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-tumw from subscription Azure subscription 1 has log_retention disabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_retention_days_greater_3", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Flexible Postgresql server psql-tumw from subscription Azure subscription 1 has log_retention disabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/azure/postgresql/howto-configure-server-parameters-using-portal", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Configuring this setting will result in logs being retained for the specified number of days. If this is configured on a high traffic server, the log may grow quickly to occupy a large amount of disk space. In this case you may want to set this to a lower number.", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.r3.az.nt.1", - "op.mon.3.az.nw.1" - ], - "CIS-2.0": [ - "4.3.6" - ], - "ProwlerThreatScore-1.0": [ - "3.2.2" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1", - "cc_c_1_2" - ], - "CIS-2.1": [ - "4.3.6" - ], - "CIS-3.0": [ - "5.2.4" - ], - "CCC": [ - "CCC.Logging.CN02.AR02" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.g", - "3.2.5", - "4.1.2.g", - "4.1.4", - "6.1.2.b", - "11.2.2.f", - "12.2.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Ensure log_retention_days on PostgreSQL Servers is set to an appropriate value.", - "title": "Ensure Server Parameter 'log_retention_days' is greater than 3 days for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_retention_days_greater_3-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-tumw" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw", - "name": "psql-tumw", - "resource_group": "rg-tumw", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-tumw", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. From Azure Home select the Portal Menu. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for log_retention_days. 5. Input a value between 4 and 7 (inclusive) and click Save. From Azure CLI Use the below command to update log_retention_days configuration. az postgres server configuration set --resource-group -- server-name --name log_retention_days --value <4-7> From Powershell Use the below command to update log_retention_days configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_retention_days -Value <4-7>", - "references": [ - "https://learn.microsoft.com/en-us/rest/api/postgresql/singleserver/configurations/list-by-server?view=rest-postgresql-singleserver-2017-12-01&tabs=HTTP" - ] - }, - "risk_details": "Configuring log_retention_days determines the duration in days that Azure Database for PostgreSQL retains log files. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Storage account stcfistoragecad63808 from subscription Azure subscription 1 has shared key access enabled.", - "metadata": { - "event_code": "storage_account_key_access_disabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Storage account stcfistoragecad63808 from subscription Azure subscription 1 has shared key access enabled.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/storage/common/shared-key-authorization-prevent", - "categories": [ - "e3" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CCC": [ - "CCC.ObjStor.CN02.AR02", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05" - ], - "CIS-4.0": [ - "10.3.1.3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Ensures that access to Azure Storage Accounts using account keys is disabled, enforcing the use of Microsoft Entra ID (formerly Azure AD) for authentication.", - "title": "Ensure allow storage account key access is disabled", - "types": [], - "uid": "prowler-azure-storage_account_key_access_disabled-3bb71587-4549-4396-8898-9e15f062e665-eastus-stcfistoragecad63808" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "eastus", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808", - "name": "stcfistoragecad63808", - "location": "eastus", - "resouce_group_name": "rg-cfi-storage", - "enable_https_traffic_only": true, - "infrastructure_encryption": null, - "allow_blob_public_access": false, - "network_rule_set": { - "bypass": "AzureServices", - "default_action": "Allow" - }, - "encryption_type": "Microsoft.Storage", - "minimum_tls_version": "TLS1_2", - "private_endpoint_connections": [], - "key_expiration_period_in_days": null, - "replication_settings": "Standard_GRS", - "allow_cross_tenant_replication": true, - "allow_shared_key_access": true, - "blob_properties": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808/blobServices/default", - "name": "default", - "type": "Microsoft.Storage/storageAccounts/blobServices", - "container_delete_retention_policy": { - "enabled": true, - "days": 7 - }, - "default_service_version": null, - "versioning_enabled": true - }, - "default_to_entra_authorization": false, - "file_service_properties": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808/fileServices/default", - "name": "default", - "type": "Microsoft.Storage/storageAccounts/fileServices", - "share_delete_retention_policy": { - "enabled": true, - "days": 7 - }, - "smb_protocol_settings": { - "channel_encryption": [], - "supported_versions": [] - } - } - } - }, - "group": { - "name": "storage" - }, - "labels": [], - "name": "stcfistoragecad63808", - "type": "AzureStorageAccount", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "eastus" - }, - "remediation": { - "desc": "Disable Shared Key authorization on storage accounts to enforce the use of Microsoft Entra ID for secure, auditable access.", - "references": [ - "https://learn.microsoft.com/en-us/azure/storage/common/shared-key-authorization-prevent" - ] - }, - "risk_details": "Using Shared Key authorization poses a security risk due to the high privileges associated with storage account keys and the difficulty in auditing such access. Disabling Shared Key access helps enforce identity-based authentication via Microsoft Entra ID, enhancing security and traceability.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Storage account stcfistoragecad63808 from subscription Azure subscription 1 has allow blob public access disabled.", - "metadata": { - "event_code": "storage_blob_public_access_level_is_disabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Storage account stcfistoragecad63808 from subscription Azure subscription 1 has allow blob public access disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.mon.3.r5.az.1" - ], - "MITRE-ATTACK": [ - "T1530" - ], - "CIS-2.0": [ - "3.7" - ], - "ProwlerThreatScore-1.0": [ - "2.2.6" - ], - "ISO27001-2022": [ - "A.8.1" - ], - "SOC2": [ - "cc_6_1" - ], - "CIS-2.1": [ - "3.7" - ], - "CIS-3.0": [ - "4.6" - ], - "CCC": [ - "CCC.AuditLog.CN04.AR01", - "CCC.AuditLog.CN10.AR01", - "CCC.AuditLog.CN10.AR02", - "CCC.Logging.CN05.AR01", - "CCC.Logging.CN05.AR02", - "CCC.ObjStor.CN02.AR01", - "CCC.ObjStor.CN02.AR02", - "CCC.MLDE.CN07.AR01", - "CCC.Core.CN05.AR03" - ], - "PCI-4.0": [ - "1.2.8.30", - "1.2.8.31", - "1.2.8.32", - "1.2.8.33", - "1.2.8.34", - "1.2.8.35", - "1.3.1.34", - "1.3.1.35", - "1.3.1.36", - "1.3.1.37", - "1.3.1.38", - "1.3.1.39", - "1.3.2.34", - "1.3.2.35", - "1.3.2.36", - "1.3.2.37", - "1.3.2.38", - "1.3.2.39", - "1.4.2.32", - "1.4.2.33", - "1.4.2.34", - "1.4.2.35", - "1.4.2.36", - "1.4.2.37", - "1.5.1.30", - "1.5.1.31", - "1.5.1.32", - "1.5.1.33", - "1.5.1.34", - "1.5.1.35", - "10.3.2.18", - "10.3.2.19", - "10.3.2.20", - "10.3.2.21", - "10.3.2.23", - "10.3.2.24", - "10.3.3.23", - "10.3.4.8", - "10.6.3.33", - "3.5.1.3.23", - "3.5.1.3.24", - "3.5.1.3.25", - "3.5.1.3.26", - "3.5.1.3.28", - "3.5.1.3.29", - "7.2.1.25", - "7.2.2.25", - "7.2.5.19", - "7.2.6.4", - "7.3.1.19", - "7.3.2.19", - "7.3.3.19", - "8.2.7.19", - "8.2.8.21", - "8.3.4.19", - "A1.1.2.14", - "A1.1.2.15", - "A1.1.2.16", - "A1.1.2.17", - "A1.1.2.19", - "A1.1.2.20", - "A1.1.3.30", - "A1.1.3.31", - "A1.1.3.32", - "A1.1.3.33", - "A1.1.3.34", - "A1.1.3.35", - "A1.2.1.31", - "A3.4.1.16", - "A3.4.1.17", - "A3.4.1.18", - "A3.4.1.19", - "A3.4.1.21", - "A3.4.1.22" - ], - "CIS-4.0": [ - "10.3.9", - "10.3.2.2" - ], - "NIS2": [ - "12.2.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Ensure that the 'Public access level' configuration setting is set to 'Private (no anonymous access)' for all blob containers in your storage account in order to block anonymous access to these Microsoft Azure resources.", - "title": "Ensure that the 'Public access level' is set to 'Private (no anonymous access)' for all blob containers in your storage account", - "types": [], - "uid": "prowler-azure-storage_blob_public_access_level_is_disabled-3bb71587-4549-4396-8898-9e15f062e665-eastus-stcfistoragecad63808" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "eastus", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808", - "name": "stcfistoragecad63808", - "location": "eastus", - "resouce_group_name": "rg-cfi-storage", - "enable_https_traffic_only": true, - "infrastructure_encryption": null, - "allow_blob_public_access": false, - "network_rule_set": { - "bypass": "AzureServices", - "default_action": "Allow" - }, - "encryption_type": "Microsoft.Storage", - "minimum_tls_version": "TLS1_2", - "private_endpoint_connections": [], - "key_expiration_period_in_days": null, - "replication_settings": "Standard_GRS", - "allow_cross_tenant_replication": true, - "allow_shared_key_access": true, - "blob_properties": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808/blobServices/default", - "name": "default", - "type": "Microsoft.Storage/storageAccounts/blobServices", - "container_delete_retention_policy": { - "enabled": true, - "days": 7 - }, - "default_service_version": null, - "versioning_enabled": true - }, - "default_to_entra_authorization": false, - "file_service_properties": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808/fileServices/default", - "name": "default", - "type": "Microsoft.Storage/storageAccounts/fileServices", - "share_delete_retention_policy": { - "enabled": true, - "days": 7 - }, - "smb_protocol_settings": { - "channel_encryption": [], - "supported_versions": [] - } - } - } - }, - "group": { - "name": "storage" - }, - "labels": [], - "name": "stcfistoragecad63808", - "type": "AzureStorageAccount", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "eastus" - }, - "remediation": { - "desc": "Set 'Public access level' configuration setting to 'Private (no anonymous access)'", - "references": [] - }, - "risk_details": "A user that accesses blob containers anonymously can use constructors that do not require credentials such as shared access signatures.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Storage account stcfistoragecad63808 from subscription Azure subscription 1 has blob versioning enabled.", - "metadata": { - "event_code": "storage_blob_versioning_is_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Storage account stcfistoragecad63808 from subscription Azure subscription 1 has blob versioning enabled.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/storage/blobs/versioning-enable", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CCC": [ - "CCC.ObjStor.CN03.AR01", - "CCC.ObjStor.CN04.AR01", - "CCC.ObjStor.CN05.AR01", - "CCC.ObjStor.CN05.AR02", - "CCC.ObjStor.CN05.AR03", - "CCC.ObjStor.CN05.AR04" - ], - "CIS-4.0": [ - "10.2.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Ensure that blob versioning is enabled on Azure Blob Storage accounts to automatically retain previous versions of objects.", - "title": "Ensure Blob Versioning is Enabled on Azure Blob Storage Accounts", - "types": [], - "uid": "prowler-azure-storage_blob_versioning_is_enabled-3bb71587-4549-4396-8898-9e15f062e665-eastus-stcfistoragecad63808" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "eastus", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808", - "name": "stcfistoragecad63808", - "location": "eastus", - "resouce_group_name": "rg-cfi-storage", - "enable_https_traffic_only": true, - "infrastructure_encryption": null, - "allow_blob_public_access": false, - "network_rule_set": { - "bypass": "AzureServices", - "default_action": "Allow" - }, - "encryption_type": "Microsoft.Storage", - "minimum_tls_version": "TLS1_2", - "private_endpoint_connections": [], - "key_expiration_period_in_days": null, - "replication_settings": "Standard_GRS", - "allow_cross_tenant_replication": true, - "allow_shared_key_access": true, - "blob_properties": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808/blobServices/default", - "name": "default", - "type": "Microsoft.Storage/storageAccounts/blobServices", - "container_delete_retention_policy": { - "enabled": true, - "days": 7 - }, - "default_service_version": null, - "versioning_enabled": true - }, - "default_to_entra_authorization": false, - "file_service_properties": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808/fileServices/default", - "name": "default", - "type": "Microsoft.Storage/storageAccounts/fileServices", - "share_delete_retention_policy": { - "enabled": true, - "days": 7 - }, - "smb_protocol_settings": { - "channel_encryption": [], - "supported_versions": [] - } - } - } - }, - "group": { - "name": "storage" - }, - "labels": [], - "name": "stcfistoragecad63808", - "type": "AzureStorageAccount", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "eastus" - }, - "remediation": { - "desc": "Enable blob versioning for all Azure Storage accounts that store critical or sensitive data.", - "references": [ - "https://learn.microsoft.com/en-us/azure/storage/blobs/versioning-enable" - ] - }, - "risk_details": "Without blob versioning, accidental or malicious changes to blobs cannot be easily recovered, leading to potential data loss.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Storage account stcfistoragecad63808 from subscription Azure subscription 1 has cross-tenant replication enabled.", - "metadata": { - "event_code": "storage_cross_tenant_replication_disabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Storage account stcfistoragecad63808 from subscription Azure subscription 1 has cross-tenant replication enabled.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/storage/blobs/object-replication-prevent-cross-tenant-policies?tabs=portal", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CCC": [ - "CCC.Core.CN10.AR01", - "CCC.Core.CN05.AR03" - ], - "CIS-4.0": [ - "10.3.8" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Ensure that cross-tenant replication is not enabled on Azure Storage Accounts to prevent unintended replication of data across tenant boundaries.", - "title": "Ensure cross-tenant replication is disabled", - "types": [], - "uid": "prowler-azure-storage_cross_tenant_replication_disabled-3bb71587-4549-4396-8898-9e15f062e665-eastus-stcfistoragecad63808" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "eastus", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808", - "name": "stcfistoragecad63808", - "location": "eastus", - "resouce_group_name": "rg-cfi-storage", - "enable_https_traffic_only": true, - "infrastructure_encryption": null, - "allow_blob_public_access": false, - "network_rule_set": { - "bypass": "AzureServices", - "default_action": "Allow" - }, - "encryption_type": "Microsoft.Storage", - "minimum_tls_version": "TLS1_2", - "private_endpoint_connections": [], - "key_expiration_period_in_days": null, - "replication_settings": "Standard_GRS", - "allow_cross_tenant_replication": true, - "allow_shared_key_access": true, - "blob_properties": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808/blobServices/default", - "name": "default", - "type": "Microsoft.Storage/storageAccounts/blobServices", - "container_delete_retention_policy": { - "enabled": true, - "days": 7 - }, - "default_service_version": null, - "versioning_enabled": true - }, - "default_to_entra_authorization": false, - "file_service_properties": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808/fileServices/default", - "name": "default", - "type": "Microsoft.Storage/storageAccounts/fileServices", - "share_delete_retention_policy": { - "enabled": true, - "days": 7 - }, - "smb_protocol_settings": { - "channel_encryption": [], - "supported_versions": [] - } - } - } - }, - "group": { - "name": "storage" - }, - "labels": [], - "name": "stcfistoragecad63808", - "type": "AzureStorageAccount", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "eastus" - }, - "remediation": { - "desc": "Disable Cross Tenant Replication on storage accounts to ensure that data remains within tenant boundaries unless explicitly shared, reducing the risk of data leakage and unauthorized access.", - "references": [ - "https://learn.microsoft.com/en-us/azure/storage/blobs/object-replication-prevent-cross-tenant-policies?tabs=portal" - ] - }, - "risk_details": "If cross-tenant replication is enabled, sensitive data could be inadvertently replicated across tenants, increasing the risk of data leakage, unauthorized access, or non-compliance with data governance and privacy policies.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Storage account stcfistoragecad63808 from subscription Azure subscription 1 has network access rule set to Allow.", - "metadata": { - "event_code": "storage_default_network_access_rule_is_denied", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Storage account stcfistoragecad63808 from subscription Azure subscription 1 has network access rule set to Allow.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "All allowed networks will need to be whitelisted on each specific network, creating administrative overhead. This may result in loss of network connectivity, so do not turn on for critical resources during business hours.", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.r4.az.sa.2" - ], - "CIS-2.0": [ - "3.8" - ], - "ProwlerThreatScore-1.0": [ - "2.2.7" - ], - "CIS-2.1": [ - "3.8" - ], - "CIS-3.0": [ - "4.7" - ], - "CCC": [ - "CCC.AuditLog.CN10.AR02", - "CCC.ObjStor.CN02.AR01", - "CCC.MLDE.CN07.AR01", - "CCC.MLDE.CN07.AR02", - "CCC.MLDE.CN08.AR01", - "CCC.MLDE.CN08.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04" - ], - "CIS-4.0": [ - "2.2.1.2", - "10.3.2.3" - ], - "NIS2": [ - "1.2.1", - "2.3.1", - "6.7.2.b", - "11.1.1", - "11.2.1", - "12.2.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Restricting default network access helps to provide a new layer of security, since storage accounts accept connections from clients on any network. To limit access toselected networks, the default action must be changed.", - "title": "Ensure Default Network Access Rule for Storage Accounts is Set to Deny", - "types": [], - "uid": "prowler-azure-storage_default_network_access_rule_is_denied-3bb71587-4549-4396-8898-9e15f062e665-eastus-stcfistoragecad63808" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "eastus", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808", - "name": "stcfistoragecad63808", - "location": "eastus", - "resouce_group_name": "rg-cfi-storage", - "enable_https_traffic_only": true, - "infrastructure_encryption": null, - "allow_blob_public_access": false, - "network_rule_set": { - "bypass": "AzureServices", - "default_action": "Allow" - }, - "encryption_type": "Microsoft.Storage", - "minimum_tls_version": "TLS1_2", - "private_endpoint_connections": [], - "key_expiration_period_in_days": null, - "replication_settings": "Standard_GRS", - "allow_cross_tenant_replication": true, - "allow_shared_key_access": true, - "blob_properties": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808/blobServices/default", - "name": "default", - "type": "Microsoft.Storage/storageAccounts/blobServices", - "container_delete_retention_policy": { - "enabled": true, - "days": 7 - }, - "default_service_version": null, - "versioning_enabled": true - }, - "default_to_entra_authorization": false, - "file_service_properties": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808/fileServices/default", - "name": "default", - "type": "Microsoft.Storage/storageAccounts/fileServices", - "share_delete_retention_policy": { - "enabled": true, - "days": 7 - }, - "smb_protocol_settings": { - "channel_encryption": [], - "supported_versions": [] - } - } - } - }, - "group": { - "name": "storage" - }, - "labels": [], - "name": "stcfistoragecad63808", - "type": "AzureStorageAccount", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "eastus" - }, - "remediation": { - "desc": "1. Go to Storage Accounts 2. For each storage account, Click on the Networking blade 3. Click the Firewalls and virtual networks heading. 4. Ensure that you have elected to allow access from Selected networks 5. Add rules to allow traffic from specific network. 6. Click Save to apply your changes.", - "references": [] - }, - "risk_details": "Storage accounts should be configured to deny access to traffic from all networks (including internet traffic). Access can be granted to traffic from specific Azure Virtualnetworks, allowing a secure network boundary for specific applications to be built.Access can also be granted to public internet IP address ranges to enable connectionsfrom specific internet or on-premises clients. When network rules are configured, onlyapplications from allowed networks can access a storage account. When calling from anallowed network, applications continue to require proper authorization (a valid accesskey or SAS token) to access the storage account.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Default to Microsoft Entra authorization is not enabled for storage account stcfistoragecad63808.", - "metadata": { - "event_code": "storage_default_to_entra_authorization_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Default to Microsoft Entra authorization is not enabled for storage account stcfistoragecad63808.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/storage/blobs/authorize-access-azure-active-directory", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CCC": [ - "CCC.ObjStor.CN02.AR02", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05" - ], - "CIS-4.0": [ - "10.3.3.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Ensure that the Azure Storage Account setting 'Default to Microsoft Entra authorization in the Azure portal' is enabled to enforce the use of Microsoft Entra ID for accessing blobs, files, queues, and tables.", - "title": "Ensure Microsoft Entra authorization is enabled by default for Azure Storage Accounts", - "types": [], - "uid": "prowler-azure-storage_default_to_entra_authorization_enabled-3bb71587-4549-4396-8898-9e15f062e665-eastus-stcfistoragecad63808" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "eastus", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808", - "name": "stcfistoragecad63808", - "location": "eastus", - "resouce_group_name": "rg-cfi-storage", - "enable_https_traffic_only": true, - "infrastructure_encryption": null, - "allow_blob_public_access": false, - "network_rule_set": { - "bypass": "AzureServices", - "default_action": "Allow" - }, - "encryption_type": "Microsoft.Storage", - "minimum_tls_version": "TLS1_2", - "private_endpoint_connections": [], - "key_expiration_period_in_days": null, - "replication_settings": "Standard_GRS", - "allow_cross_tenant_replication": true, - "allow_shared_key_access": true, - "blob_properties": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808/blobServices/default", - "name": "default", - "type": "Microsoft.Storage/storageAccounts/blobServices", - "container_delete_retention_policy": { - "enabled": true, - "days": 7 - }, - "default_service_version": null, - "versioning_enabled": true - }, - "default_to_entra_authorization": false, - "file_service_properties": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808/fileServices/default", - "name": "default", - "type": "Microsoft.Storage/storageAccounts/fileServices", - "share_delete_retention_policy": { - "enabled": true, - "days": 7 - }, - "smb_protocol_settings": { - "channel_encryption": [], - "supported_versions": [] - } - } - } - }, - "group": { - "name": "storage" - }, - "labels": [], - "name": "stcfistoragecad63808", - "type": "AzureStorageAccount", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "eastus" - }, - "remediation": { - "desc": "Enable Microsoft Entra authorization by default in the Azure portal to enhance security and avoid reliance on Shared Key authentication.", - "references": [ - "https://learn.microsoft.com/en-us/azure/storage/blobs/authorize-access-azure-active-directory" - ] - }, - "risk_details": "If this setting is not enabled, the Azure portal may authorize access using less secure methods such as Shared Key, increasing the risk of unauthorized data access.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Storage account stcfistoragecad63808 from subscription Azure subscription 1 allows trusted Microsoft services to access this storage account.", - "metadata": { - "event_code": "storage_ensure_azure_services_are_trusted_to_access_is_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Storage account stcfistoragecad63808 from subscription Azure subscription 1 allows trusted Microsoft services to access this storage account.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.info.6.r2.az.sa.1" - ], - "MITRE-ATTACK": [ - "T1530" - ], - "CIS-2.0": [ - "3.9" - ], - "ProwlerThreatScore-1.0": [ - "2.2.8" - ], - "ISO27001-2022": [ - "A.8.3" - ], - "CIS-2.1": [ - "3.9" - ], - "CIS-3.0": [ - "4.8" - ], - "CCC": [ - "CCC.MLDE.CN08.AR02", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05" - ], - "PCI-4.0": [ - "10.6.3.35", - "11.5.2.5", - "11.6.1.5", - "12.10.5.5", - "7.2.1.27", - "7.2.2.27", - "7.2.5.21", - "7.2.6.5", - "7.3.1.21", - "7.3.2.21", - "7.3.3.21", - "8.2.7.21", - "8.2.8.23", - "8.3.4.21", - "A3.3.1.8", - "A3.5.1.8" - ], - "CIS-4.0": [ - "10.3.5" - ], - "NIS2": [ - "12.2.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Ensure that 'Allow trusted Microsoft services to access this storage account' is enabled within your Azure Storage account configuration settings to grant access to trusted cloud services.", - "title": "Ensure that 'Allow trusted Microsoft services to access this storage account' is enabled for storage accounts", - "types": [], - "uid": "prowler-azure-storage_ensure_azure_services_are_trusted_to_access_is_enabled-3bb71587-4549-4396-8898-9e15f062e665-eastus-stcfistoragecad63808" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "eastus", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808", - "name": "stcfistoragecad63808", - "location": "eastus", - "resouce_group_name": "rg-cfi-storage", - "enable_https_traffic_only": true, - "infrastructure_encryption": null, - "allow_blob_public_access": false, - "network_rule_set": { - "bypass": "AzureServices", - "default_action": "Allow" - }, - "encryption_type": "Microsoft.Storage", - "minimum_tls_version": "TLS1_2", - "private_endpoint_connections": [], - "key_expiration_period_in_days": null, - "replication_settings": "Standard_GRS", - "allow_cross_tenant_replication": true, - "allow_shared_key_access": true, - "blob_properties": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808/blobServices/default", - "name": "default", - "type": "Microsoft.Storage/storageAccounts/blobServices", - "container_delete_retention_policy": { - "enabled": true, - "days": 7 - }, - "default_service_version": null, - "versioning_enabled": true - }, - "default_to_entra_authorization": false, - "file_service_properties": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808/fileServices/default", - "name": "default", - "type": "Microsoft.Storage/storageAccounts/fileServices", - "share_delete_retention_policy": { - "enabled": true, - "days": 7 - }, - "smb_protocol_settings": { - "channel_encryption": [], - "supported_versions": [] - } - } - } - }, - "group": { - "name": "storage" - }, - "labels": [], - "name": "stcfistoragecad63808", - "type": "AzureStorageAccount", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "eastus" - }, - "remediation": { - "desc": "To allow these Azure services to work as intended and be able to access your storage account resources, you have to add an exception so that the trusted Microsoft Azure services can bypass your network rules", - "references": [] - }, - "risk_details": "Not allowing to access storage account by Azure services the following services: Azure Backup, Azure Event Grid, Azure Site Recovery, Azure DevTest Labs, Azure Event Hubs, Azure Networking, Azure Monitor and Azure SQL Data Warehouse (when registered in the subscription), are not granted access to your storage account", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Storage account stcfistoragecad63808 from subscription Azure subscription 1 does not encrypt with CMKs.", - "metadata": { - "event_code": "storage_ensure_encryption_with_customer_managed_keys", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Storage account stcfistoragecad63808 from subscription Azure subscription 1 does not encrypt with CMKs.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.exp.10.az.kv.2" - ], - "MITRE-ATTACK": [ - "T1530" - ], - "CIS-2.0": [ - "3.12" - ], - "ProwlerThreatScore-1.0": [ - "4.2.1" - ], - "ISO27001-2022": [ - "A.8.5", - "A.8.11", - "A.8.24" - ], - "SOC2": [ - "cc_6_7", - "cc_7_5" - ], - "CIS-2.1": [ - "3.12" - ], - "CIS-3.0": [ - "4.11" - ], - "CCC": [ - "CCC.ObjStor.CN01.AR01", - "CCC.ObjStor.CN01.AR02", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.Core.CN13.AR02", - "CCC.Core.CN02.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04", - "CCC.Core.CN11.AR05" - ], - "PCI-4.0": [ - "3.5.1.34", - "8.3.2.53" - ], - "CIS-4.0": [ - "2.1.1.2.1" - ], - "NIS2": [ - "9.2.a", - "9.2.c.iv", - "12.2.2.a", - "12.2.2.b" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Ensure that your Microsoft Azure Storage accounts are using Customer Managed Keys (CMKs) instead of Microsoft Managed Keys", - "title": "Ensure that your Microsoft Azure Storage accounts are using Customer Managed Keys (CMKs) instead of Microsoft Managed Keys", - "types": [], - "uid": "prowler-azure-storage_ensure_encryption_with_customer_managed_keys-3bb71587-4549-4396-8898-9e15f062e665-eastus-stcfistoragecad63808" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "eastus", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808", - "name": "stcfistoragecad63808", - "location": "eastus", - "resouce_group_name": "rg-cfi-storage", - "enable_https_traffic_only": true, - "infrastructure_encryption": null, - "allow_blob_public_access": false, - "network_rule_set": { - "bypass": "AzureServices", - "default_action": "Allow" - }, - "encryption_type": "Microsoft.Storage", - "minimum_tls_version": "TLS1_2", - "private_endpoint_connections": [], - "key_expiration_period_in_days": null, - "replication_settings": "Standard_GRS", - "allow_cross_tenant_replication": true, - "allow_shared_key_access": true, - "blob_properties": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808/blobServices/default", - "name": "default", - "type": "Microsoft.Storage/storageAccounts/blobServices", - "container_delete_retention_policy": { - "enabled": true, - "days": 7 - }, - "default_service_version": null, - "versioning_enabled": true - }, - "default_to_entra_authorization": false, - "file_service_properties": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808/fileServices/default", - "name": "default", - "type": "Microsoft.Storage/storageAccounts/fileServices", - "share_delete_retention_policy": { - "enabled": true, - "days": 7 - }, - "smb_protocol_settings": { - "channel_encryption": [], - "supported_versions": [] - } - } - } - }, - "group": { - "name": "storage" - }, - "labels": [], - "name": "stcfistoragecad63808", - "type": "AzureStorageAccount", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "eastus" - }, - "remediation": { - "desc": "Enable sensitive data encryption at rest using Customer Managed Keys rather than Microsoft Managed keys.", - "references": [] - }, - "risk_details": "If you want to control and manage storage account contents encryption key yourself you must specify a customer-managed key", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "File share soft delete is enabled for storage account stcfistoragecad63808 with a retention period of 7 days.", - "metadata": { - "event_code": "storage_ensure_file_shares_soft_delete_is_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "File share soft delete is enabled for storage account stcfistoragecad63808 with a retention period of 7 days.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/storage/files/storage-files-prevent-file-share-deletion?tabs=azure-portal", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CCC": [ - "CCC.ObjStor.CN04.AR01", - "CCC.ObjStor.CN04.AR02" - ], - "CIS-4.0": [ - "10.1.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Ensure that soft delete is enabled for Azure File Shares to protect against accidental or malicious deletion of important data. This feature allows deleted file shares to be retained for a specified period, during which they can be recovered before permanent deletion occurs.", - "title": "Ensure soft delete for Azure File Shares is enabled", - "types": [], - "uid": "prowler-azure-storage_ensure_file_shares_soft_delete_is_enabled-3bb71587-4549-4396-8898-9e15f062e665-eastus-stcfistoragecad63808" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "eastus", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808/fileServices/default", - "name": "default", - "type": "Microsoft.Storage/storageAccounts/fileServices", - "share_delete_retention_policy": { - "enabled": true, - "days": 7 - }, - "smb_protocol_settings": { - "channel_encryption": [], - "supported_versions": [] - } - } - }, - "group": { - "name": "storage" - }, - "labels": [], - "name": "stcfistoragecad63808", - "type": "AzureStorageAccount", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808/fileServices/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "eastus" - }, - "remediation": { - "desc": "Enable soft delete for file shares on your Azure Storage Account to allow recovery of deleted shares within a configured retention period.", - "references": [ - "https://learn.microsoft.com/en-us/azure/storage/files/storage-files-prevent-file-share-deletion?tabs=azure-portal" - ] - }, - "risk_details": "Without soft delete enabled, accidental or malicious deletions of file shares result in permanent data loss, making recovery impossible unless a separate backup mechanism is in place.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Storage account stcfistoragecad63808 from subscription Azure subscription 1 has TLS version set to 1.2.", - "metadata": { - "event_code": "storage_ensure_minimum_tls_version_12", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Storage account stcfistoragecad63808 from subscription Azure subscription 1 has TLS version set to 1.2.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.com.3.r2.az.tls.3" - ], - "MITRE-ATTACK": [ - "T1040" - ], - "CIS-2.0": [ - "3.15" - ], - "ProwlerThreatScore-1.0": [ - "4.1.3" - ], - "SOC2": [ - "cc_6_6" - ], - "CIS-2.1": [ - "3.15" - ], - "CIS-3.0": [ - "4.15" - ], - "CCC": [ - "CCC.Core.CN01.AR01", - "CCC.Core.CN01.AR02", - "CCC.Core.CN01.AR03", - "CCC.Core.CN01.AR07", - "CCC.Core.CN11.AR01" - ], - "CIS-4.0": [ - "10.3.7" - ], - "NIS2": [ - "6.7.2.i", - "6.7.2.l", - "12.2.2.a", - "12.2.2.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Ensure the 'Minimum TLS version' for storage accounts is set to 'Version 1.2'", - "title": "Ensure the 'Minimum TLS version' for storage accounts is set to 'Version 1.2'", - "types": [], - "uid": "prowler-azure-storage_ensure_minimum_tls_version_12-3bb71587-4549-4396-8898-9e15f062e665-eastus-stcfistoragecad63808" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "eastus", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808", - "name": "stcfistoragecad63808", - "location": "eastus", - "resouce_group_name": "rg-cfi-storage", - "enable_https_traffic_only": true, - "infrastructure_encryption": null, - "allow_blob_public_access": false, - "network_rule_set": { - "bypass": "AzureServices", - "default_action": "Allow" - }, - "encryption_type": "Microsoft.Storage", - "minimum_tls_version": "TLS1_2", - "private_endpoint_connections": [], - "key_expiration_period_in_days": null, - "replication_settings": "Standard_GRS", - "allow_cross_tenant_replication": true, - "allow_shared_key_access": true, - "blob_properties": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808/blobServices/default", - "name": "default", - "type": "Microsoft.Storage/storageAccounts/blobServices", - "container_delete_retention_policy": { - "enabled": true, - "days": 7 - }, - "default_service_version": null, - "versioning_enabled": true - }, - "default_to_entra_authorization": false, - "file_service_properties": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808/fileServices/default", - "name": "default", - "type": "Microsoft.Storage/storageAccounts/fileServices", - "share_delete_retention_policy": { - "enabled": true, - "days": 7 - }, - "smb_protocol_settings": { - "channel_encryption": [], - "supported_versions": [] - } - } - } - }, - "group": { - "name": "storage" - }, - "labels": [], - "name": "stcfistoragecad63808", - "type": "AzureStorageAccount", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "eastus" - }, - "remediation": { - "desc": "Ensure that all your Microsoft Azure Storage accounts are using the latest available version of the TLS protocol.", - "references": [ - "https://www.trendmicro.com/cloudoneconformity/knowledge-base/azure/StorageAccounts/minimum-tls-version.html" - ] - }, - "risk_details": "TLS versions 1.0 and 1.1 are known to be susceptible to certain Common Vulnerabilities and Exposures (CVE) weaknesses and attacks such as POODLE and BEAST", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Storage account stcfistoragecad63808 from subscription Azure subscription 1 does not have private endpoint connections.", - "metadata": { - "event_code": "storage_ensure_private_endpoints_in_storage_accounts", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Storage account stcfistoragecad63808 from subscription Azure subscription 1 does not have private endpoint connections.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/storage/common/storage-private-endpoints", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.com.4.r2..az.sa.1" - ], - "MITRE-ATTACK": [ - "T1530" - ], - "CIS-2.0": [ - "3.10" - ], - "ProwlerThreatScore-1.0": [ - "2.2.9" - ], - "ISO27001-2022": [ - "A.8.14" - ], - "SOC2": [ - "cc_3_3" - ], - "CIS-2.1": [ - "3.10" - ], - "CIS-3.0": [ - "4.9" - ], - "CCC": [ - "CCC.AuditLog.CN10.AR01", - "CCC.AuditLog.CN10.AR02", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN02.AR01", - "CCC.ObjStor.CN02.AR02", - "CCC.MLDE.CN07.AR01", - "CCC.MLDE.CN07.AR02", - "CCC.MLDE.CN08.AR01", - "CCC.MLDE.CN08.AR02", - "CCC.Core.CN06.AR01", - "CCC.Core.CN10.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR05" - ], - "CIS-4.0": [ - "2.2.2.1", - "10.3.2.1" - ], - "NIS2": [ - "1.1.1.a", - "1.1.1.c", - "6.7.2.i", - "6.7.2.l", - "11.2.2.d", - "12.2.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Use private endpoints for your Azure Storage accounts to allow clients and services to securely access data located over a network via an encrypted Private Link. To do this, the private endpoint uses an IP address from the VNet for each service. Network traffic between disparate services securely traverses encrypted over the VNet. This VNet can also link addressing space, extending your network and accessing resources on it. Similarly, it can be a tunnel through public networks to connect remote infrastructures together. This creates further security through segmenting network traffic and preventing outside sources from accessing it.", - "title": "Ensure Private Endpoints are used to access Storage Accounts", - "types": [], - "uid": "prowler-azure-storage_ensure_private_endpoints_in_storage_accounts-3bb71587-4549-4396-8898-9e15f062e665-eastus-stcfistoragecad63808" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "eastus", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808", - "name": "stcfistoragecad63808", - "location": "eastus", - "resouce_group_name": "rg-cfi-storage", - "enable_https_traffic_only": true, - "infrastructure_encryption": null, - "allow_blob_public_access": false, - "network_rule_set": { - "bypass": "AzureServices", - "default_action": "Allow" - }, - "encryption_type": "Microsoft.Storage", - "minimum_tls_version": "TLS1_2", - "private_endpoint_connections": [], - "key_expiration_period_in_days": null, - "replication_settings": "Standard_GRS", - "allow_cross_tenant_replication": true, - "allow_shared_key_access": true, - "blob_properties": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808/blobServices/default", - "name": "default", - "type": "Microsoft.Storage/storageAccounts/blobServices", - "container_delete_retention_policy": { - "enabled": true, - "days": 7 - }, - "default_service_version": null, - "versioning_enabled": true - }, - "default_to_entra_authorization": false, - "file_service_properties": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808/fileServices/default", - "name": "default", - "type": "Microsoft.Storage/storageAccounts/fileServices", - "share_delete_retention_policy": { - "enabled": true, - "days": 7 - }, - "smb_protocol_settings": { - "channel_encryption": [], - "supported_versions": [] - } - } - } - }, - "group": { - "name": "storage" - }, - "labels": [], - "name": "stcfistoragecad63808", - "type": "AzureStorageAccount", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "eastus" - }, - "remediation": { - "desc": "Use Private Endpoints to access Storage Accounts", - "references": [ - "https://docs.microsoft.com/en-us/azure/storage/common/storage-private-endpoints" - ] - }, - "risk_details": "Storage accounts that are not configured to use Private Endpoints are accessible over the public internet. This can lead to data exfiltration and other security issues.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Storage account stcfistoragecad63808 from subscription Azure subscription 1 has soft delete enabled.", - "metadata": { - "event_code": "storage_ensure_soft_delete_is_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Storage account stcfistoragecad63808 from subscription Azure subscription 1 has soft delete enabled.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/storage/blobs/soft-delete-blob-enable?tabs=azure-portal", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Additional storage costs may be incurred as snapshots are retained.", - "compliance": { - "MITRE-ATTACK": [ - "T1485" - ], - "CIS-2.0": [ - "3.11" - ], - "ISO27001-2022": [ - "A.8.10" - ], - "SOC2": [ - "cc_7_4", - "cc_c_1_1", - "cc_c_1_2" - ], - "CIS-2.1": [ - "3.11" - ], - "CIS-3.0": [ - "4.10" - ], - "CCC": [ - "CCC.AuditLog.CN06.AR01", - "CCC.AuditLog.CN08.AR01", - "CCC.ObjStor.CN03.AR01", - "CCC.ObjStor.CN04.AR01", - "CCC.ObjStor.CN04.AR02" - ], - "PCI-4.0": [ - "10.3.2.22", - "3.5.1.3.27", - "8.4.1.5", - "8.4.2.5", - "8.4.3.5", - "A1.1.2.18", - "A3.4.1.20" - ], - "CIS-4.0": [ - "10.2.1", - "10.3.6" - ], - "NIS2": [ - "4.2.2.f", - "12.2.2.a", - "12.2.2.b" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "The Azure Storage blobs contain data like ePHI or Financial, which can be secret or personal. Data that is erroneously modified or deleted by an application or other storage account user will cause data loss or unavailability.", - "title": "Ensure Soft Delete is Enabled for Azure Containers and Blob Storage", - "types": [], - "uid": "prowler-azure-storage_ensure_soft_delete_is_enabled-3bb71587-4549-4396-8898-9e15f062e665-eastus-stcfistoragecad63808" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "eastus", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808", - "name": "stcfistoragecad63808", - "location": "eastus", - "resouce_group_name": "rg-cfi-storage", - "enable_https_traffic_only": true, - "infrastructure_encryption": null, - "allow_blob_public_access": false, - "network_rule_set": { - "bypass": "AzureServices", - "default_action": "Allow" - }, - "encryption_type": "Microsoft.Storage", - "minimum_tls_version": "TLS1_2", - "private_endpoint_connections": [], - "key_expiration_period_in_days": null, - "replication_settings": "Standard_GRS", - "allow_cross_tenant_replication": true, - "allow_shared_key_access": true, - "blob_properties": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808/blobServices/default", - "name": "default", - "type": "Microsoft.Storage/storageAccounts/blobServices", - "container_delete_retention_policy": { - "enabled": true, - "days": 7 - }, - "default_service_version": null, - "versioning_enabled": true - }, - "default_to_entra_authorization": false, - "file_service_properties": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808/fileServices/default", - "name": "default", - "type": "Microsoft.Storage/storageAccounts/fileServices", - "share_delete_retention_policy": { - "enabled": true, - "days": 7 - }, - "smb_protocol_settings": { - "channel_encryption": [], - "supported_versions": [] - } - } - } - }, - "group": { - "name": "storage" - }, - "labels": [], - "name": "stcfistoragecad63808", - "type": "AzureStorageAccount", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "eastus" - }, - "remediation": { - "desc": "From the Azure home page, open the hamburger menu in the top left or click on the arrow pointing right with 'More services' underneath. 2. Select Storage. 3. Select Storage Accounts. 4. For each Storage Account, navigate to Data protection in the left scroll column. 5. Check soft delete for both blobs and containers. Set the retention period to a sufficient length for your organization", - "references": [ - "https://docs.microsoft.com/en-us/azure/storage/blobs/storage-blob-soft-delete" - ] - }, - "risk_details": "Containers and Blob Storage data can be incorrectly deleted. An attacker/malicious user may do this deliberately in order to cause disruption. Deleting an Azure Storage blob causes immediate data loss. Enabling this configuration for Azure storage ensures that even if blobs/data were deleted from the storage account, Blobs/data objects are recoverable for a particular time which is set in the Retention policies ranging from 7 days to 365 days.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Storage account stcfistoragecad63808 from subscription Azure subscription 1 has Geo-redundant storage Standard_GRS enabled.", - "metadata": { - "event_code": "storage_geo_redundant_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Storage account stcfistoragecad63808 from subscription Azure subscription 1 has Geo-redundant storage Standard_GRS enabled.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/storage/common/storage-redundancy", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CCC": [ - "CCC.Logging.CN05.AR02", - "CCC.Core.CN08.AR01", - "CCC.Core.CN08.AR02" - ], - "CIS-4.0": [ - "10.3.12" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Geo-redundant storage (GRS) must be enabled on critical Azure Storage Accounts to ensure data durability and availability in the event of a regional outage. GRS replicates data within the primary region and asynchronously to a secondary region, offering enhanced resilience and supporting disaster recovery strategies.", - "title": "Ensure geo-redundant storage (GRS) is enabled on critical Azure Storage Accounts", - "types": [], - "uid": "prowler-azure-storage_geo_redundant_enabled-3bb71587-4549-4396-8898-9e15f062e665-eastus-stcfistoragecad63808" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "eastus", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808", - "name": "stcfistoragecad63808", - "location": "eastus", - "resouce_group_name": "rg-cfi-storage", - "enable_https_traffic_only": true, - "infrastructure_encryption": null, - "allow_blob_public_access": false, - "network_rule_set": { - "bypass": "AzureServices", - "default_action": "Allow" - }, - "encryption_type": "Microsoft.Storage", - "minimum_tls_version": "TLS1_2", - "private_endpoint_connections": [], - "key_expiration_period_in_days": null, - "replication_settings": "Standard_GRS", - "allow_cross_tenant_replication": true, - "allow_shared_key_access": true, - "blob_properties": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808/blobServices/default", - "name": "default", - "type": "Microsoft.Storage/storageAccounts/blobServices", - "container_delete_retention_policy": { - "enabled": true, - "days": 7 - }, - "default_service_version": null, - "versioning_enabled": true - }, - "default_to_entra_authorization": false, - "file_service_properties": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808/fileServices/default", - "name": "default", - "type": "Microsoft.Storage/storageAccounts/fileServices", - "share_delete_retention_policy": { - "enabled": true, - "days": 7 - }, - "smb_protocol_settings": { - "channel_encryption": [], - "supported_versions": [] - } - } - } - }, - "group": { - "name": "storage" - }, - "labels": [], - "name": "stcfistoragecad63808", - "type": "AzureStorageAccount", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "eastus" - }, - "remediation": { - "desc": "Enable geo-redundant storage (GRS) for critical Azure Storage Accounts to ensure data durability and availability across regional failures.", - "references": [ - "https://learn.microsoft.com/en-us/azure/storage/common/storage-redundancy" - ] - }, - "risk_details": "Without GRS, critical data may be lost or become unavailable during a regional outage, compromising data durability and disaster recovery efforts.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Storage account stcfistoragecad63808 from subscription Azure subscription 1 has infrastructure encryption disabled.", - "metadata": { - "event_code": "storage_infrastructure_encryption_is_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "Storage account stcfistoragecad63808 from subscription Azure subscription 1 has infrastructure encryption disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.exp.10.az.kv.2" - ], - "MITRE-ATTACK": [ - "T1530" - ], - "CIS-2.0": [ - "3.2" - ], - "ISO27001-2022": [ - "A.8.5", - "A.8.11", - "A.8.24" - ], - "SOC2": [ - "cc_6_7", - "cc_7_5" - ], - "CIS-2.1": [ - "3.2" - ], - "CIS-3.0": [ - "4.3" - ], - "CCC": [ - "CCC.Core.CN02.AR01" - ], - "PCI-4.0": [ - "3.5.1.22", - "8.3.2.37" - ], - "CIS-4.0": [ - "10.3.1.1" - ], - "NIS2": [ - "9.2.a", - "12.2.2.a", - "12.2.2.b" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Ensure that 'Enable Infrastructure Encryption' for Each Storage Account in Azure Storage is Set to 'enabled' ", - "title": "Ensure that 'Enable Infrastructure Encryption' for Each Storage Account in Azure Storage is Set to 'enabled' ", - "types": [], - "uid": "prowler-azure-storage_infrastructure_encryption_is_enabled-3bb71587-4549-4396-8898-9e15f062e665-eastus-stcfistoragecad63808" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "eastus", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808", - "name": "stcfistoragecad63808", - "location": "eastus", - "resouce_group_name": "rg-cfi-storage", - "enable_https_traffic_only": true, - "infrastructure_encryption": null, - "allow_blob_public_access": false, - "network_rule_set": { - "bypass": "AzureServices", - "default_action": "Allow" - }, - "encryption_type": "Microsoft.Storage", - "minimum_tls_version": "TLS1_2", - "private_endpoint_connections": [], - "key_expiration_period_in_days": null, - "replication_settings": "Standard_GRS", - "allow_cross_tenant_replication": true, - "allow_shared_key_access": true, - "blob_properties": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808/blobServices/default", - "name": "default", - "type": "Microsoft.Storage/storageAccounts/blobServices", - "container_delete_retention_policy": { - "enabled": true, - "days": 7 - }, - "default_service_version": null, - "versioning_enabled": true - }, - "default_to_entra_authorization": false, - "file_service_properties": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808/fileServices/default", - "name": "default", - "type": "Microsoft.Storage/storageAccounts/fileServices", - "share_delete_retention_policy": { - "enabled": true, - "days": 7 - }, - "smb_protocol_settings": { - "channel_encryption": [], - "supported_versions": [] - } - } - } - }, - "group": { - "name": "storage" - }, - "labels": [], - "name": "stcfistoragecad63808", - "type": "AzureRole", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "eastus" - }, - "remediation": { - "desc": "Enabling double encryption at the hardware level on top of the default software encryption for Storage Accounts accessing Azure storage solutions.", - "references": [] - }, - "risk_details": "Double encryption of Azure Storage data protects against a scenario where one of the encryption algorithms or keys may be compromised", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Storage account stcfistoragecad63808 from subscription Azure subscription 1 has no key expiration period set.", - "metadata": { - "event_code": "storage_key_rotation_90_days", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Storage account stcfistoragecad63808 from subscription Azure subscription 1 has no key expiration period set.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/storage/common/storage-account-keys-manage?tabs=azure-portal", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r1.az.eid.2" - ], - "CIS-2.0": [ - "3.4" - ], - "CIS-2.1": [ - "3.4" - ], - "CIS-3.0": [ - "4.4" - ], - "CCC": [ - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR05" - ], - "CIS-4.0": [ - "10.3.1.2" - ], - "NIS2": [ - "9.2.c.iii", - "9.2.c.iv", - "11.6.2.c", - "12.2.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Ensure that Storage Account Access Keys are Periodically Regenerated", - "title": "Ensure that Storage Account Access Keys are Periodically Regenerated", - "types": [], - "uid": "prowler-azure-storage_key_rotation_90_days-3bb71587-4549-4396-8898-9e15f062e665-eastus-stcfistoragecad63808" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "eastus", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808", - "name": "stcfistoragecad63808", - "location": "eastus", - "resouce_group_name": "rg-cfi-storage", - "enable_https_traffic_only": true, - "infrastructure_encryption": null, - "allow_blob_public_access": false, - "network_rule_set": { - "bypass": "AzureServices", - "default_action": "Allow" - }, - "encryption_type": "Microsoft.Storage", - "minimum_tls_version": "TLS1_2", - "private_endpoint_connections": [], - "key_expiration_period_in_days": null, - "replication_settings": "Standard_GRS", - "allow_cross_tenant_replication": true, - "allow_shared_key_access": true, - "blob_properties": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808/blobServices/default", - "name": "default", - "type": "Microsoft.Storage/storageAccounts/blobServices", - "container_delete_retention_policy": { - "enabled": true, - "days": 7 - }, - "default_service_version": null, - "versioning_enabled": true - }, - "default_to_entra_authorization": false, - "file_service_properties": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808/fileServices/default", - "name": "default", - "type": "Microsoft.Storage/storageAccounts/fileServices", - "share_delete_retention_policy": { - "enabled": true, - "days": 7 - }, - "smb_protocol_settings": { - "channel_encryption": [], - "supported_versions": [] - } - } - } - }, - "group": { - "name": "storage" - }, - "labels": [], - "name": "stcfistoragecad63808", - "type": "AzureStorageAccount", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "eastus" - }, - "remediation": { - "desc": "Ensure that Azure Storage account access keys are regenerated every 90 days in order to decrease the likelihood of accidental exposures and protect your storage account resources against unauthorized access.", - "references": [ - "https://learn.microsoft.com/en-us/azure/storage/common/storage-account-create?tabs=azure-portal#regenerate-storage-access-keys" - ] - }, - "risk_details": "If the access keys are not regenerated periodically, the likelihood of accidental exposures increases, which can lead to unauthorized access to your storage account resources.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Storage account stcfistoragecad63808 from subscription Azure subscription 1 has secure transfer required enabled.", - "metadata": { - "event_code": "storage_secure_transfer_required_is_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Storage account stcfistoragecad63808 from subscription Azure subscription 1 has secure transfer required enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.com.3.az.sa.1" - ], - "MITRE-ATTACK": [ - "T1040" - ], - "CIS-2.0": [ - "3.1" - ], - "ISO27001-2022": [ - "A.8.12", - "A.8.14", - "A.8.24" - ], - "SOC2": [ - "cc_6_2", - "cc_6_7" - ], - "CIS-2.1": [ - "3.1" - ], - "CIS-3.0": [ - "4.1" - ], - "CCC": [ - "CCC.Core.CN01.AR01", - "CCC.Core.CN01.AR02", - "CCC.Core.CN01.AR03", - "CCC.Core.CN01.AR07", - "CCC.Core.CN11.AR01", - "CCC.Core.CN05.AR04" - ], - "PCI-4.0": [ - "1.2.5.15", - "2.2.5.15", - "2.2.7.19", - "3.5.1.30", - "4.2.1.1.27", - "4.2.1.19", - "8.3.2.48", - "8.3.2.49" - ], - "CIS-4.0": [ - "10.3.4" - ], - "NIS2": [ - "6.7.2.i", - "6.7.2.l", - "9.2.a", - "12.2.2.a", - "12.2.2.b", - "12.2.2.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Ensure that all data transferred between clients and your Azure Storage account is encrypted using the HTTPS protocol.", - "title": "Ensure that all data transferred between clients and your Azure Storage account is encrypted using the HTTPS protocol.", - "types": [], - "uid": "prowler-azure-storage_secure_transfer_required_is_enabled-3bb71587-4549-4396-8898-9e15f062e665-eastus-stcfistoragecad63808" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "eastus", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808", - "name": "stcfistoragecad63808", - "location": "eastus", - "resouce_group_name": "rg-cfi-storage", - "enable_https_traffic_only": true, - "infrastructure_encryption": null, - "allow_blob_public_access": false, - "network_rule_set": { - "bypass": "AzureServices", - "default_action": "Allow" - }, - "encryption_type": "Microsoft.Storage", - "minimum_tls_version": "TLS1_2", - "private_endpoint_connections": [], - "key_expiration_period_in_days": null, - "replication_settings": "Standard_GRS", - "allow_cross_tenant_replication": true, - "allow_shared_key_access": true, - "blob_properties": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808/blobServices/default", - "name": "default", - "type": "Microsoft.Storage/storageAccounts/blobServices", - "container_delete_retention_policy": { - "enabled": true, - "days": 7 - }, - "default_service_version": null, - "versioning_enabled": true - }, - "default_to_entra_authorization": false, - "file_service_properties": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808/fileServices/default", - "name": "default", - "type": "Microsoft.Storage/storageAccounts/fileServices", - "share_delete_retention_policy": { - "enabled": true, - "days": 7 - }, - "smb_protocol_settings": { - "channel_encryption": [], - "supported_versions": [] - } - } - } - }, - "group": { - "name": "storage" - }, - "labels": [], - "name": "stcfistoragecad63808", - "type": "AzureStorageAccount", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "eastus" - }, - "remediation": { - "desc": "Enable data encryption in transit.", - "references": [] - }, - "risk_details": "Requests to the storage account sent outside of a secure connection can be eavesdropped", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Storage account stcfistoragecad63808 from subscription Azure subscription 1 does not have SMB channel encryption enabled for file shares.", - "metadata": { - "event_code": "storage_smb_channel_encryption_with_secure_algorithm", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Storage account stcfistoragecad63808 from subscription Azure subscription 1 does not have SMB channel encryption enabled for file shares.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/well-architected/service-guides/azure-files#recommendations-for-smb-file-shares", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "This check passes if SMB channel encryption is set to a secure algorithm.", - "compliance": { - "CCC": [ - "CCC.Core.CN01.AR07", - "CCC.Core.CN11.AR01" - ], - "CIS-4.0": [ - "10.1.3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Implement SMB channel encryption with a secure algorithm for SMB file shares to ensure data confidentiality and integrity in transit.", - "title": "Ensure SMB channel encryption uses a secure algorithm for SMB file shares", - "types": [], - "uid": "prowler-azure-storage_smb_channel_encryption_with_secure_algorithm-3bb71587-4549-4396-8898-9e15f062e665-global-stcfistoragecad63808" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808/fileServices/default", - "name": "default", - "type": "Microsoft.Storage/storageAccounts/fileServices", - "share_delete_retention_policy": { - "enabled": true, - "days": 7 - }, - "smb_protocol_settings": { - "channel_encryption": [], - "supported_versions": [] - } - } - }, - "group": { - "name": "storage" - }, - "labels": [], - "name": "stcfistoragecad63808", - "type": "AzureStorageAccount", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808/fileServices/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "Use the portal, CLI or PowerShell to set the SMB channel encryption to a secure algorithm.", - "references": [ - "https://learn.microsoft.com/en-us/azure/storage/files/files-smb-protocol?tabs=azure-portal#smb-security-settings" - ] - }, - "risk_details": "Not using the recommended SMB channel encryption may expose data transmitted over SMB channels to unauthorized interception and tampering.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - } -] diff --git a/website/src/data/test-results/finos-labs-ccc-cfi-compliance/secure-azure-storage/results/secure-azure-storage-delta.ocsf.json b/website/src/data/test-results/finos-labs-ccc-cfi-compliance/secure-azure-storage/results/secure-azure-storage-delta.ocsf.json deleted file mode 100644 index ac0982a7..00000000 --- a/website/src/data/test-results/finos-labs-ccc-cfi-compliance/secure-azure-storage/results/secure-azure-storage-delta.ocsf.json +++ /dev/null @@ -1,2804 +0,0 @@ -[ - { - "message": "Storage account stcfistoragecad63808 from subscription Azure subscription 1 has shared key access enabled.", - "metadata": { - "event_code": "storage_account_key_access_disabled", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Storage account stcfistoragecad63808 from subscription Azure subscription 1 has shared key access enabled.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/storage/common/shared-key-authorization-prevent", - "categories": [ - "e3" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CCC": [ - "CCC.ObjStor.CN02.AR02", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05" - ], - "CIS-4.0": [ - "10.3.1.3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Ensures that access to Azure Storage Accounts using account keys is disabled, enforcing the use of Microsoft Entra ID (formerly Azure AD) for authentication.", - "title": "Ensure allow storage account key access is disabled", - "types": [], - "uid": "prowler-azure-storage_account_key_access_disabled-3bb71587-4549-4396-8898-9e15f062e665-eastus-stcfistoragecad63808" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "eastus", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808", - "name": "stcfistoragecad63808", - "location": "eastus", - "resouce_group_name": "rg-cfi-storage", - "enable_https_traffic_only": true, - "infrastructure_encryption": null, - "allow_blob_public_access": false, - "network_rule_set": { - "bypass": "AzureServices", - "default_action": "Allow" - }, - "encryption_type": "Microsoft.Storage", - "minimum_tls_version": "TLS1_2", - "private_endpoint_connections": [], - "key_expiration_period_in_days": null, - "replication_settings": "Standard_GRS", - "allow_cross_tenant_replication": true, - "allow_shared_key_access": true, - "blob_properties": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808/blobServices/default", - "name": "default", - "type": "Microsoft.Storage/storageAccounts/blobServices", - "container_delete_retention_policy": { - "enabled": true, - "days": 7 - }, - "default_service_version": null, - "versioning_enabled": true - }, - "default_to_entra_authorization": false, - "file_service_properties": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808/fileServices/default", - "name": "default", - "type": "Microsoft.Storage/storageAccounts/fileServices", - "share_delete_retention_policy": { - "enabled": true, - "days": 7 - }, - "smb_protocol_settings": { - "channel_encryption": [], - "supported_versions": [] - } - } - } - }, - "group": { - "name": "storage" - }, - "labels": [], - "name": "stcfistoragecad63808", - "type": "AzureStorageAccount", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "eastus" - }, - "remediation": { - "desc": "Disable Shared Key authorization on storage accounts to enforce the use of Microsoft Entra ID for secure, auditable access.", - "references": [ - "https://learn.microsoft.com/en-us/azure/storage/common/shared-key-authorization-prevent" - ] - }, - "risk_details": "Using Shared Key authorization poses a security risk due to the high privileges associated with storage account keys and the difficulty in auditing such access. Disabling Shared Key access helps enforce identity-based authentication via Microsoft Entra ID, enhancing security and traceability.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Storage account stcfistoragecad63808 from subscription Azure subscription 1 has allow blob public access disabled.", - "metadata": { - "event_code": "storage_blob_public_access_level_is_disabled", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Storage account stcfistoragecad63808 from subscription Azure subscription 1 has allow blob public access disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.mon.3.r5.az.1" - ], - "MITRE-ATTACK": [ - "T1530" - ], - "CIS-2.0": [ - "3.7" - ], - "ProwlerThreatScore-1.0": [ - "2.2.6" - ], - "ISO27001-2022": [ - "A.8.1" - ], - "SOC2": [ - "cc_6_1" - ], - "CIS-2.1": [ - "3.7" - ], - "CIS-3.0": [ - "4.6" - ], - "CCC": [ - "CCC.AuditLog.CN04.AR01", - "CCC.AuditLog.CN10.AR01", - "CCC.AuditLog.CN10.AR02", - "CCC.Logging.CN05.AR01", - "CCC.Logging.CN05.AR02", - "CCC.ObjStor.CN02.AR01", - "CCC.ObjStor.CN02.AR02", - "CCC.MLDE.CN07.AR01", - "CCC.Core.CN05.AR03" - ], - "PCI-4.0": [ - "1.2.8.30", - "1.2.8.31", - "1.2.8.32", - "1.2.8.33", - "1.2.8.34", - "1.2.8.35", - "1.3.1.34", - "1.3.1.35", - "1.3.1.36", - "1.3.1.37", - "1.3.1.38", - "1.3.1.39", - "1.3.2.34", - "1.3.2.35", - "1.3.2.36", - "1.3.2.37", - "1.3.2.38", - "1.3.2.39", - "1.4.2.32", - "1.4.2.33", - "1.4.2.34", - "1.4.2.35", - "1.4.2.36", - "1.4.2.37", - "1.5.1.30", - "1.5.1.31", - "1.5.1.32", - "1.5.1.33", - "1.5.1.34", - "1.5.1.35", - "10.3.2.18", - "10.3.2.19", - "10.3.2.20", - "10.3.2.21", - "10.3.2.23", - "10.3.2.24", - "10.3.3.23", - "10.3.4.8", - "10.6.3.33", - "3.5.1.3.23", - "3.5.1.3.24", - "3.5.1.3.25", - "3.5.1.3.26", - "3.5.1.3.28", - "3.5.1.3.29", - "7.2.1.25", - "7.2.2.25", - "7.2.5.19", - "7.2.6.4", - "7.3.1.19", - "7.3.2.19", - "7.3.3.19", - "8.2.7.19", - "8.2.8.21", - "8.3.4.19", - "A1.1.2.14", - "A1.1.2.15", - "A1.1.2.16", - "A1.1.2.17", - "A1.1.2.19", - "A1.1.2.20", - "A1.1.3.30", - "A1.1.3.31", - "A1.1.3.32", - "A1.1.3.33", - "A1.1.3.34", - "A1.1.3.35", - "A1.2.1.31", - "A3.4.1.16", - "A3.4.1.17", - "A3.4.1.18", - "A3.4.1.19", - "A3.4.1.21", - "A3.4.1.22" - ], - "CIS-4.0": [ - "10.3.9", - "10.3.2.2" - ], - "NIS2": [ - "12.2.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Ensure that the 'Public access level' configuration setting is set to 'Private (no anonymous access)' for all blob containers in your storage account in order to block anonymous access to these Microsoft Azure resources.", - "title": "Ensure that the 'Public access level' is set to 'Private (no anonymous access)' for all blob containers in your storage account", - "types": [], - "uid": "prowler-azure-storage_blob_public_access_level_is_disabled-3bb71587-4549-4396-8898-9e15f062e665-eastus-stcfistoragecad63808" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "eastus", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808", - "name": "stcfistoragecad63808", - "location": "eastus", - "resouce_group_name": "rg-cfi-storage", - "enable_https_traffic_only": true, - "infrastructure_encryption": null, - "allow_blob_public_access": false, - "network_rule_set": { - "bypass": "AzureServices", - "default_action": "Allow" - }, - "encryption_type": "Microsoft.Storage", - "minimum_tls_version": "TLS1_2", - "private_endpoint_connections": [], - "key_expiration_period_in_days": null, - "replication_settings": "Standard_GRS", - "allow_cross_tenant_replication": true, - "allow_shared_key_access": true, - "blob_properties": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808/blobServices/default", - "name": "default", - "type": "Microsoft.Storage/storageAccounts/blobServices", - "container_delete_retention_policy": { - "enabled": true, - "days": 7 - }, - "default_service_version": null, - "versioning_enabled": true - }, - "default_to_entra_authorization": false, - "file_service_properties": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808/fileServices/default", - "name": "default", - "type": "Microsoft.Storage/storageAccounts/fileServices", - "share_delete_retention_policy": { - "enabled": true, - "days": 7 - }, - "smb_protocol_settings": { - "channel_encryption": [], - "supported_versions": [] - } - } - } - }, - "group": { - "name": "storage" - }, - "labels": [], - "name": "stcfistoragecad63808", - "type": "AzureStorageAccount", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "eastus" - }, - "remediation": { - "desc": "Set 'Public access level' configuration setting to 'Private (no anonymous access)'", - "references": [] - }, - "risk_details": "A user that accesses blob containers anonymously can use constructors that do not require credentials such as shared access signatures.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Storage account stcfistoragecad63808 from subscription Azure subscription 1 has blob versioning enabled.", - "metadata": { - "event_code": "storage_blob_versioning_is_enabled", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Storage account stcfistoragecad63808 from subscription Azure subscription 1 has blob versioning enabled.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/storage/blobs/versioning-enable", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CCC": [ - "CCC.ObjStor.CN03.AR01", - "CCC.ObjStor.CN04.AR01", - "CCC.ObjStor.CN05.AR01", - "CCC.ObjStor.CN05.AR02", - "CCC.ObjStor.CN05.AR03", - "CCC.ObjStor.CN05.AR04" - ], - "CIS-4.0": [ - "10.2.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Ensure that blob versioning is enabled on Azure Blob Storage accounts to automatically retain previous versions of objects.", - "title": "Ensure Blob Versioning is Enabled on Azure Blob Storage Accounts", - "types": [], - "uid": "prowler-azure-storage_blob_versioning_is_enabled-3bb71587-4549-4396-8898-9e15f062e665-eastus-stcfistoragecad63808" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "eastus", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808", - "name": "stcfistoragecad63808", - "location": "eastus", - "resouce_group_name": "rg-cfi-storage", - "enable_https_traffic_only": true, - "infrastructure_encryption": null, - "allow_blob_public_access": false, - "network_rule_set": { - "bypass": "AzureServices", - "default_action": "Allow" - }, - "encryption_type": "Microsoft.Storage", - "minimum_tls_version": "TLS1_2", - "private_endpoint_connections": [], - "key_expiration_period_in_days": null, - "replication_settings": "Standard_GRS", - "allow_cross_tenant_replication": true, - "allow_shared_key_access": true, - "blob_properties": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808/blobServices/default", - "name": "default", - "type": "Microsoft.Storage/storageAccounts/blobServices", - "container_delete_retention_policy": { - "enabled": true, - "days": 7 - }, - "default_service_version": null, - "versioning_enabled": true - }, - "default_to_entra_authorization": false, - "file_service_properties": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808/fileServices/default", - "name": "default", - "type": "Microsoft.Storage/storageAccounts/fileServices", - "share_delete_retention_policy": { - "enabled": true, - "days": 7 - }, - "smb_protocol_settings": { - "channel_encryption": [], - "supported_versions": [] - } - } - } - }, - "group": { - "name": "storage" - }, - "labels": [], - "name": "stcfistoragecad63808", - "type": "AzureStorageAccount", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "eastus" - }, - "remediation": { - "desc": "Enable blob versioning for all Azure Storage accounts that store critical or sensitive data.", - "references": [ - "https://learn.microsoft.com/en-us/azure/storage/blobs/versioning-enable" - ] - }, - "risk_details": "Without blob versioning, accidental or malicious changes to blobs cannot be easily recovered, leading to potential data loss.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Storage account stcfistoragecad63808 from subscription Azure subscription 1 has cross-tenant replication enabled.", - "metadata": { - "event_code": "storage_cross_tenant_replication_disabled", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Storage account stcfistoragecad63808 from subscription Azure subscription 1 has cross-tenant replication enabled.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/storage/blobs/object-replication-prevent-cross-tenant-policies?tabs=portal", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CCC": [ - "CCC.Core.CN10.AR01", - "CCC.Core.CN05.AR03" - ], - "CIS-4.0": [ - "10.3.8" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Ensure that cross-tenant replication is not enabled on Azure Storage Accounts to prevent unintended replication of data across tenant boundaries.", - "title": "Ensure cross-tenant replication is disabled", - "types": [], - "uid": "prowler-azure-storage_cross_tenant_replication_disabled-3bb71587-4549-4396-8898-9e15f062e665-eastus-stcfistoragecad63808" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "eastus", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808", - "name": "stcfistoragecad63808", - "location": "eastus", - "resouce_group_name": "rg-cfi-storage", - "enable_https_traffic_only": true, - "infrastructure_encryption": null, - "allow_blob_public_access": false, - "network_rule_set": { - "bypass": "AzureServices", - "default_action": "Allow" - }, - "encryption_type": "Microsoft.Storage", - "minimum_tls_version": "TLS1_2", - "private_endpoint_connections": [], - "key_expiration_period_in_days": null, - "replication_settings": "Standard_GRS", - "allow_cross_tenant_replication": true, - "allow_shared_key_access": true, - "blob_properties": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808/blobServices/default", - "name": "default", - "type": "Microsoft.Storage/storageAccounts/blobServices", - "container_delete_retention_policy": { - "enabled": true, - "days": 7 - }, - "default_service_version": null, - "versioning_enabled": true - }, - "default_to_entra_authorization": false, - "file_service_properties": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808/fileServices/default", - "name": "default", - "type": "Microsoft.Storage/storageAccounts/fileServices", - "share_delete_retention_policy": { - "enabled": true, - "days": 7 - }, - "smb_protocol_settings": { - "channel_encryption": [], - "supported_versions": [] - } - } - } - }, - "group": { - "name": "storage" - }, - "labels": [], - "name": "stcfistoragecad63808", - "type": "AzureStorageAccount", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "eastus" - }, - "remediation": { - "desc": "Disable Cross Tenant Replication on storage accounts to ensure that data remains within tenant boundaries unless explicitly shared, reducing the risk of data leakage and unauthorized access.", - "references": [ - "https://learn.microsoft.com/en-us/azure/storage/blobs/object-replication-prevent-cross-tenant-policies?tabs=portal" - ] - }, - "risk_details": "If cross-tenant replication is enabled, sensitive data could be inadvertently replicated across tenants, increasing the risk of data leakage, unauthorized access, or non-compliance with data governance and privacy policies.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Storage account stcfistoragecad63808 from subscription Azure subscription 1 has network access rule set to Allow.", - "metadata": { - "event_code": "storage_default_network_access_rule_is_denied", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Storage account stcfistoragecad63808 from subscription Azure subscription 1 has network access rule set to Allow.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "All allowed networks will need to be whitelisted on each specific network, creating administrative overhead. This may result in loss of network connectivity, so do not turn on for critical resources during business hours.", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.r4.az.sa.2" - ], - "CIS-2.0": [ - "3.8" - ], - "ProwlerThreatScore-1.0": [ - "2.2.7" - ], - "CIS-2.1": [ - "3.8" - ], - "CIS-3.0": [ - "4.7" - ], - "CCC": [ - "CCC.AuditLog.CN10.AR02", - "CCC.ObjStor.CN02.AR01", - "CCC.MLDE.CN07.AR01", - "CCC.MLDE.CN07.AR02", - "CCC.MLDE.CN08.AR01", - "CCC.MLDE.CN08.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04" - ], - "CIS-4.0": [ - "2.2.1.2", - "10.3.2.3" - ], - "NIS2": [ - "1.2.1", - "2.3.1", - "6.7.2.b", - "11.1.1", - "11.2.1", - "12.2.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Restricting default network access helps to provide a new layer of security, since storage accounts accept connections from clients on any network. To limit access toselected networks, the default action must be changed.", - "title": "Ensure Default Network Access Rule for Storage Accounts is Set to Deny", - "types": [], - "uid": "prowler-azure-storage_default_network_access_rule_is_denied-3bb71587-4549-4396-8898-9e15f062e665-eastus-stcfistoragecad63808" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "eastus", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808", - "name": "stcfistoragecad63808", - "location": "eastus", - "resouce_group_name": "rg-cfi-storage", - "enable_https_traffic_only": true, - "infrastructure_encryption": null, - "allow_blob_public_access": false, - "network_rule_set": { - "bypass": "AzureServices", - "default_action": "Allow" - }, - "encryption_type": "Microsoft.Storage", - "minimum_tls_version": "TLS1_2", - "private_endpoint_connections": [], - "key_expiration_period_in_days": null, - "replication_settings": "Standard_GRS", - "allow_cross_tenant_replication": true, - "allow_shared_key_access": true, - "blob_properties": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808/blobServices/default", - "name": "default", - "type": "Microsoft.Storage/storageAccounts/blobServices", - "container_delete_retention_policy": { - "enabled": true, - "days": 7 - }, - "default_service_version": null, - "versioning_enabled": true - }, - "default_to_entra_authorization": false, - "file_service_properties": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808/fileServices/default", - "name": "default", - "type": "Microsoft.Storage/storageAccounts/fileServices", - "share_delete_retention_policy": { - "enabled": true, - "days": 7 - }, - "smb_protocol_settings": { - "channel_encryption": [], - "supported_versions": [] - } - } - } - }, - "group": { - "name": "storage" - }, - "labels": [], - "name": "stcfistoragecad63808", - "type": "AzureStorageAccount", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "eastus" - }, - "remediation": { - "desc": "1. Go to Storage Accounts 2. For each storage account, Click on the Networking blade 3. Click the Firewalls and virtual networks heading. 4. Ensure that you have elected to allow access from Selected networks 5. Add rules to allow traffic from specific network. 6. Click Save to apply your changes.", - "references": [] - }, - "risk_details": "Storage accounts should be configured to deny access to traffic from all networks (including internet traffic). Access can be granted to traffic from specific Azure Virtualnetworks, allowing a secure network boundary for specific applications to be built.Access can also be granted to public internet IP address ranges to enable connectionsfrom specific internet or on-premises clients. When network rules are configured, onlyapplications from allowed networks can access a storage account. When calling from anallowed network, applications continue to require proper authorization (a valid accesskey or SAS token) to access the storage account.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Default to Microsoft Entra authorization is not enabled for storage account stcfistoragecad63808.", - "metadata": { - "event_code": "storage_default_to_entra_authorization_enabled", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Default to Microsoft Entra authorization is not enabled for storage account stcfistoragecad63808.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/storage/blobs/authorize-access-azure-active-directory", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CCC": [ - "CCC.ObjStor.CN02.AR02", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05" - ], - "CIS-4.0": [ - "10.3.3.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Ensure that the Azure Storage Account setting 'Default to Microsoft Entra authorization in the Azure portal' is enabled to enforce the use of Microsoft Entra ID for accessing blobs, files, queues, and tables.", - "title": "Ensure Microsoft Entra authorization is enabled by default for Azure Storage Accounts", - "types": [], - "uid": "prowler-azure-storage_default_to_entra_authorization_enabled-3bb71587-4549-4396-8898-9e15f062e665-eastus-stcfistoragecad63808" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "eastus", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808", - "name": "stcfistoragecad63808", - "location": "eastus", - "resouce_group_name": "rg-cfi-storage", - "enable_https_traffic_only": true, - "infrastructure_encryption": null, - "allow_blob_public_access": false, - "network_rule_set": { - "bypass": "AzureServices", - "default_action": "Allow" - }, - "encryption_type": "Microsoft.Storage", - "minimum_tls_version": "TLS1_2", - "private_endpoint_connections": [], - "key_expiration_period_in_days": null, - "replication_settings": "Standard_GRS", - "allow_cross_tenant_replication": true, - "allow_shared_key_access": true, - "blob_properties": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808/blobServices/default", - "name": "default", - "type": "Microsoft.Storage/storageAccounts/blobServices", - "container_delete_retention_policy": { - "enabled": true, - "days": 7 - }, - "default_service_version": null, - "versioning_enabled": true - }, - "default_to_entra_authorization": false, - "file_service_properties": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808/fileServices/default", - "name": "default", - "type": "Microsoft.Storage/storageAccounts/fileServices", - "share_delete_retention_policy": { - "enabled": true, - "days": 7 - }, - "smb_protocol_settings": { - "channel_encryption": [], - "supported_versions": [] - } - } - } - }, - "group": { - "name": "storage" - }, - "labels": [], - "name": "stcfistoragecad63808", - "type": "AzureStorageAccount", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "eastus" - }, - "remediation": { - "desc": "Enable Microsoft Entra authorization by default in the Azure portal to enhance security and avoid reliance on Shared Key authentication.", - "references": [ - "https://learn.microsoft.com/en-us/azure/storage/blobs/authorize-access-azure-active-directory" - ] - }, - "risk_details": "If this setting is not enabled, the Azure portal may authorize access using less secure methods such as Shared Key, increasing the risk of unauthorized data access.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Storage account stcfistoragecad63808 from subscription Azure subscription 1 allows trusted Microsoft services to access this storage account.", - "metadata": { - "event_code": "storage_ensure_azure_services_are_trusted_to_access_is_enabled", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Storage account stcfistoragecad63808 from subscription Azure subscription 1 allows trusted Microsoft services to access this storage account.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.info.6.r2.az.sa.1" - ], - "MITRE-ATTACK": [ - "T1530" - ], - "CIS-2.0": [ - "3.9" - ], - "ProwlerThreatScore-1.0": [ - "2.2.8" - ], - "ISO27001-2022": [ - "A.8.3" - ], - "CIS-2.1": [ - "3.9" - ], - "CIS-3.0": [ - "4.8" - ], - "CCC": [ - "CCC.MLDE.CN08.AR02", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05" - ], - "PCI-4.0": [ - "10.6.3.35", - "11.5.2.5", - "11.6.1.5", - "12.10.5.5", - "7.2.1.27", - "7.2.2.27", - "7.2.5.21", - "7.2.6.5", - "7.3.1.21", - "7.3.2.21", - "7.3.3.21", - "8.2.7.21", - "8.2.8.23", - "8.3.4.21", - "A3.3.1.8", - "A3.5.1.8" - ], - "CIS-4.0": [ - "10.3.5" - ], - "NIS2": [ - "12.2.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Ensure that 'Allow trusted Microsoft services to access this storage account' is enabled within your Azure Storage account configuration settings to grant access to trusted cloud services.", - "title": "Ensure that 'Allow trusted Microsoft services to access this storage account' is enabled for storage accounts", - "types": [], - "uid": "prowler-azure-storage_ensure_azure_services_are_trusted_to_access_is_enabled-3bb71587-4549-4396-8898-9e15f062e665-eastus-stcfistoragecad63808" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "eastus", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808", - "name": "stcfistoragecad63808", - "location": "eastus", - "resouce_group_name": "rg-cfi-storage", - "enable_https_traffic_only": true, - "infrastructure_encryption": null, - "allow_blob_public_access": false, - "network_rule_set": { - "bypass": "AzureServices", - "default_action": "Allow" - }, - "encryption_type": "Microsoft.Storage", - "minimum_tls_version": "TLS1_2", - "private_endpoint_connections": [], - "key_expiration_period_in_days": null, - "replication_settings": "Standard_GRS", - "allow_cross_tenant_replication": true, - "allow_shared_key_access": true, - "blob_properties": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808/blobServices/default", - "name": "default", - "type": "Microsoft.Storage/storageAccounts/blobServices", - "container_delete_retention_policy": { - "enabled": true, - "days": 7 - }, - "default_service_version": null, - "versioning_enabled": true - }, - "default_to_entra_authorization": false, - "file_service_properties": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808/fileServices/default", - "name": "default", - "type": "Microsoft.Storage/storageAccounts/fileServices", - "share_delete_retention_policy": { - "enabled": true, - "days": 7 - }, - "smb_protocol_settings": { - "channel_encryption": [], - "supported_versions": [] - } - } - } - }, - "group": { - "name": "storage" - }, - "labels": [], - "name": "stcfistoragecad63808", - "type": "AzureStorageAccount", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "eastus" - }, - "remediation": { - "desc": "To allow these Azure services to work as intended and be able to access your storage account resources, you have to add an exception so that the trusted Microsoft Azure services can bypass your network rules", - "references": [] - }, - "risk_details": "Not allowing to access storage account by Azure services the following services: Azure Backup, Azure Event Grid, Azure Site Recovery, Azure DevTest Labs, Azure Event Hubs, Azure Networking, Azure Monitor and Azure SQL Data Warehouse (when registered in the subscription), are not granted access to your storage account", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Storage account stcfistoragecad63808 from subscription Azure subscription 1 does not encrypt with CMKs.", - "metadata": { - "event_code": "storage_ensure_encryption_with_customer_managed_keys", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Storage account stcfistoragecad63808 from subscription Azure subscription 1 does not encrypt with CMKs.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.exp.10.az.kv.2" - ], - "MITRE-ATTACK": [ - "T1530" - ], - "CIS-2.0": [ - "3.12" - ], - "ProwlerThreatScore-1.0": [ - "4.2.1" - ], - "ISO27001-2022": [ - "A.8.5", - "A.8.11", - "A.8.24" - ], - "SOC2": [ - "cc_6_7", - "cc_7_5" - ], - "CIS-2.1": [ - "3.12" - ], - "CIS-3.0": [ - "4.11" - ], - "CCC": [ - "CCC.ObjStor.CN01.AR01", - "CCC.ObjStor.CN01.AR02", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.Core.CN13.AR02", - "CCC.Core.CN02.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04", - "CCC.Core.CN11.AR05" - ], - "PCI-4.0": [ - "3.5.1.34", - "8.3.2.53" - ], - "CIS-4.0": [ - "2.1.1.2.1" - ], - "NIS2": [ - "9.2.a", - "9.2.c.iv", - "12.2.2.a", - "12.2.2.b" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Ensure that your Microsoft Azure Storage accounts are using Customer Managed Keys (CMKs) instead of Microsoft Managed Keys", - "title": "Ensure that your Microsoft Azure Storage accounts are using Customer Managed Keys (CMKs) instead of Microsoft Managed Keys", - "types": [], - "uid": "prowler-azure-storage_ensure_encryption_with_customer_managed_keys-3bb71587-4549-4396-8898-9e15f062e665-eastus-stcfistoragecad63808" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "eastus", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808", - "name": "stcfistoragecad63808", - "location": "eastus", - "resouce_group_name": "rg-cfi-storage", - "enable_https_traffic_only": true, - "infrastructure_encryption": null, - "allow_blob_public_access": false, - "network_rule_set": { - "bypass": "AzureServices", - "default_action": "Allow" - }, - "encryption_type": "Microsoft.Storage", - "minimum_tls_version": "TLS1_2", - "private_endpoint_connections": [], - "key_expiration_period_in_days": null, - "replication_settings": "Standard_GRS", - "allow_cross_tenant_replication": true, - "allow_shared_key_access": true, - "blob_properties": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808/blobServices/default", - "name": "default", - "type": "Microsoft.Storage/storageAccounts/blobServices", - "container_delete_retention_policy": { - "enabled": true, - "days": 7 - }, - "default_service_version": null, - "versioning_enabled": true - }, - "default_to_entra_authorization": false, - "file_service_properties": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808/fileServices/default", - "name": "default", - "type": "Microsoft.Storage/storageAccounts/fileServices", - "share_delete_retention_policy": { - "enabled": true, - "days": 7 - }, - "smb_protocol_settings": { - "channel_encryption": [], - "supported_versions": [] - } - } - } - }, - "group": { - "name": "storage" - }, - "labels": [], - "name": "stcfistoragecad63808", - "type": "AzureStorageAccount", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "eastus" - }, - "remediation": { - "desc": "Enable sensitive data encryption at rest using Customer Managed Keys rather than Microsoft Managed keys.", - "references": [] - }, - "risk_details": "If you want to control and manage storage account contents encryption key yourself you must specify a customer-managed key", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "File share soft delete is enabled for storage account stcfistoragecad63808 with a retention period of 7 days.", - "metadata": { - "event_code": "storage_ensure_file_shares_soft_delete_is_enabled", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "File share soft delete is enabled for storage account stcfistoragecad63808 with a retention period of 7 days.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/storage/files/storage-files-prevent-file-share-deletion?tabs=azure-portal", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CCC": [ - "CCC.ObjStor.CN04.AR01", - "CCC.ObjStor.CN04.AR02" - ], - "CIS-4.0": [ - "10.1.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Ensure that soft delete is enabled for Azure File Shares to protect against accidental or malicious deletion of important data. This feature allows deleted file shares to be retained for a specified period, during which they can be recovered before permanent deletion occurs.", - "title": "Ensure soft delete for Azure File Shares is enabled", - "types": [], - "uid": "prowler-azure-storage_ensure_file_shares_soft_delete_is_enabled-3bb71587-4549-4396-8898-9e15f062e665-eastus-stcfistoragecad63808" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "eastus", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808/fileServices/default", - "name": "default", - "type": "Microsoft.Storage/storageAccounts/fileServices", - "share_delete_retention_policy": { - "enabled": true, - "days": 7 - }, - "smb_protocol_settings": { - "channel_encryption": [], - "supported_versions": [] - } - } - }, - "group": { - "name": "storage" - }, - "labels": [], - "name": "stcfistoragecad63808", - "type": "AzureStorageAccount", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808/fileServices/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "eastus" - }, - "remediation": { - "desc": "Enable soft delete for file shares on your Azure Storage Account to allow recovery of deleted shares within a configured retention period.", - "references": [ - "https://learn.microsoft.com/en-us/azure/storage/files/storage-files-prevent-file-share-deletion?tabs=azure-portal" - ] - }, - "risk_details": "Without soft delete enabled, accidental or malicious deletions of file shares result in permanent data loss, making recovery impossible unless a separate backup mechanism is in place.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Storage account stcfistoragecad63808 from subscription Azure subscription 1 has TLS version set to 1.2.", - "metadata": { - "event_code": "storage_ensure_minimum_tls_version_12", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Storage account stcfistoragecad63808 from subscription Azure subscription 1 has TLS version set to 1.2.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.com.3.r2.az.tls.3" - ], - "MITRE-ATTACK": [ - "T1040" - ], - "CIS-2.0": [ - "3.15" - ], - "ProwlerThreatScore-1.0": [ - "4.1.3" - ], - "SOC2": [ - "cc_6_6" - ], - "CIS-2.1": [ - "3.15" - ], - "CIS-3.0": [ - "4.15" - ], - "CCC": [ - "CCC.Core.CN01.AR01", - "CCC.Core.CN01.AR02", - "CCC.Core.CN01.AR03", - "CCC.Core.CN01.AR07", - "CCC.Core.CN11.AR01" - ], - "CIS-4.0": [ - "10.3.7" - ], - "NIS2": [ - "6.7.2.i", - "6.7.2.l", - "12.2.2.a", - "12.2.2.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Ensure the 'Minimum TLS version' for storage accounts is set to 'Version 1.2'", - "title": "Ensure the 'Minimum TLS version' for storage accounts is set to 'Version 1.2'", - "types": [], - "uid": "prowler-azure-storage_ensure_minimum_tls_version_12-3bb71587-4549-4396-8898-9e15f062e665-eastus-stcfistoragecad63808" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "eastus", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808", - "name": "stcfistoragecad63808", - "location": "eastus", - "resouce_group_name": "rg-cfi-storage", - "enable_https_traffic_only": true, - "infrastructure_encryption": null, - "allow_blob_public_access": false, - "network_rule_set": { - "bypass": "AzureServices", - "default_action": "Allow" - }, - "encryption_type": "Microsoft.Storage", - "minimum_tls_version": "TLS1_2", - "private_endpoint_connections": [], - "key_expiration_period_in_days": null, - "replication_settings": "Standard_GRS", - "allow_cross_tenant_replication": true, - "allow_shared_key_access": true, - "blob_properties": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808/blobServices/default", - "name": "default", - "type": "Microsoft.Storage/storageAccounts/blobServices", - "container_delete_retention_policy": { - "enabled": true, - "days": 7 - }, - "default_service_version": null, - "versioning_enabled": true - }, - "default_to_entra_authorization": false, - "file_service_properties": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808/fileServices/default", - "name": "default", - "type": "Microsoft.Storage/storageAccounts/fileServices", - "share_delete_retention_policy": { - "enabled": true, - "days": 7 - }, - "smb_protocol_settings": { - "channel_encryption": [], - "supported_versions": [] - } - } - } - }, - "group": { - "name": "storage" - }, - "labels": [], - "name": "stcfistoragecad63808", - "type": "AzureStorageAccount", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "eastus" - }, - "remediation": { - "desc": "Ensure that all your Microsoft Azure Storage accounts are using the latest available version of the TLS protocol.", - "references": [ - "https://www.trendmicro.com/cloudoneconformity/knowledge-base/azure/StorageAccounts/minimum-tls-version.html" - ] - }, - "risk_details": "TLS versions 1.0 and 1.1 are known to be susceptible to certain Common Vulnerabilities and Exposures (CVE) weaknesses and attacks such as POODLE and BEAST", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Storage account stcfistoragecad63808 from subscription Azure subscription 1 does not have private endpoint connections.", - "metadata": { - "event_code": "storage_ensure_private_endpoints_in_storage_accounts", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Storage account stcfistoragecad63808 from subscription Azure subscription 1 does not have private endpoint connections.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/storage/common/storage-private-endpoints", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.com.4.r2..az.sa.1" - ], - "MITRE-ATTACK": [ - "T1530" - ], - "CIS-2.0": [ - "3.10" - ], - "ProwlerThreatScore-1.0": [ - "2.2.9" - ], - "ISO27001-2022": [ - "A.8.14" - ], - "SOC2": [ - "cc_3_3" - ], - "CIS-2.1": [ - "3.10" - ], - "CIS-3.0": [ - "4.9" - ], - "CCC": [ - "CCC.AuditLog.CN10.AR01", - "CCC.AuditLog.CN10.AR02", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN02.AR01", - "CCC.ObjStor.CN02.AR02", - "CCC.MLDE.CN07.AR01", - "CCC.MLDE.CN07.AR02", - "CCC.MLDE.CN08.AR01", - "CCC.MLDE.CN08.AR02", - "CCC.Core.CN06.AR01", - "CCC.Core.CN10.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR05" - ], - "CIS-4.0": [ - "2.2.2.1", - "10.3.2.1" - ], - "NIS2": [ - "1.1.1.a", - "1.1.1.c", - "6.7.2.i", - "6.7.2.l", - "11.2.2.d", - "12.2.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Use private endpoints for your Azure Storage accounts to allow clients and services to securely access data located over a network via an encrypted Private Link. To do this, the private endpoint uses an IP address from the VNet for each service. Network traffic between disparate services securely traverses encrypted over the VNet. This VNet can also link addressing space, extending your network and accessing resources on it. Similarly, it can be a tunnel through public networks to connect remote infrastructures together. This creates further security through segmenting network traffic and preventing outside sources from accessing it.", - "title": "Ensure Private Endpoints are used to access Storage Accounts", - "types": [], - "uid": "prowler-azure-storage_ensure_private_endpoints_in_storage_accounts-3bb71587-4549-4396-8898-9e15f062e665-eastus-stcfistoragecad63808" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "eastus", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808", - "name": "stcfistoragecad63808", - "location": "eastus", - "resouce_group_name": "rg-cfi-storage", - "enable_https_traffic_only": true, - "infrastructure_encryption": null, - "allow_blob_public_access": false, - "network_rule_set": { - "bypass": "AzureServices", - "default_action": "Allow" - }, - "encryption_type": "Microsoft.Storage", - "minimum_tls_version": "TLS1_2", - "private_endpoint_connections": [], - "key_expiration_period_in_days": null, - "replication_settings": "Standard_GRS", - "allow_cross_tenant_replication": true, - "allow_shared_key_access": true, - "blob_properties": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808/blobServices/default", - "name": "default", - "type": "Microsoft.Storage/storageAccounts/blobServices", - "container_delete_retention_policy": { - "enabled": true, - "days": 7 - }, - "default_service_version": null, - "versioning_enabled": true - }, - "default_to_entra_authorization": false, - "file_service_properties": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808/fileServices/default", - "name": "default", - "type": "Microsoft.Storage/storageAccounts/fileServices", - "share_delete_retention_policy": { - "enabled": true, - "days": 7 - }, - "smb_protocol_settings": { - "channel_encryption": [], - "supported_versions": [] - } - } - } - }, - "group": { - "name": "storage" - }, - "labels": [], - "name": "stcfistoragecad63808", - "type": "AzureStorageAccount", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "eastus" - }, - "remediation": { - "desc": "Use Private Endpoints to access Storage Accounts", - "references": [ - "https://docs.microsoft.com/en-us/azure/storage/common/storage-private-endpoints" - ] - }, - "risk_details": "Storage accounts that are not configured to use Private Endpoints are accessible over the public internet. This can lead to data exfiltration and other security issues.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Storage account stcfistoragecad63808 from subscription Azure subscription 1 has soft delete enabled.", - "metadata": { - "event_code": "storage_ensure_soft_delete_is_enabled", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Storage account stcfistoragecad63808 from subscription Azure subscription 1 has soft delete enabled.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/storage/blobs/soft-delete-blob-enable?tabs=azure-portal", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Additional storage costs may be incurred as snapshots are retained.", - "compliance": { - "MITRE-ATTACK": [ - "T1485" - ], - "CIS-2.0": [ - "3.11" - ], - "ISO27001-2022": [ - "A.8.10" - ], - "SOC2": [ - "cc_7_4", - "cc_c_1_1", - "cc_c_1_2" - ], - "CIS-2.1": [ - "3.11" - ], - "CIS-3.0": [ - "4.10" - ], - "CCC": [ - "CCC.AuditLog.CN06.AR01", - "CCC.AuditLog.CN08.AR01", - "CCC.ObjStor.CN03.AR01", - "CCC.ObjStor.CN04.AR01", - "CCC.ObjStor.CN04.AR02" - ], - "PCI-4.0": [ - "10.3.2.22", - "3.5.1.3.27", - "8.4.1.5", - "8.4.2.5", - "8.4.3.5", - "A1.1.2.18", - "A3.4.1.20" - ], - "CIS-4.0": [ - "10.2.1", - "10.3.6" - ], - "NIS2": [ - "4.2.2.f", - "12.2.2.a", - "12.2.2.b" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "The Azure Storage blobs contain data like ePHI or Financial, which can be secret or personal. Data that is erroneously modified or deleted by an application or other storage account user will cause data loss or unavailability.", - "title": "Ensure Soft Delete is Enabled for Azure Containers and Blob Storage", - "types": [], - "uid": "prowler-azure-storage_ensure_soft_delete_is_enabled-3bb71587-4549-4396-8898-9e15f062e665-eastus-stcfistoragecad63808" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "eastus", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808", - "name": "stcfistoragecad63808", - "location": "eastus", - "resouce_group_name": "rg-cfi-storage", - "enable_https_traffic_only": true, - "infrastructure_encryption": null, - "allow_blob_public_access": false, - "network_rule_set": { - "bypass": "AzureServices", - "default_action": "Allow" - }, - "encryption_type": "Microsoft.Storage", - "minimum_tls_version": "TLS1_2", - "private_endpoint_connections": [], - "key_expiration_period_in_days": null, - "replication_settings": "Standard_GRS", - "allow_cross_tenant_replication": true, - "allow_shared_key_access": true, - "blob_properties": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808/blobServices/default", - "name": "default", - "type": "Microsoft.Storage/storageAccounts/blobServices", - "container_delete_retention_policy": { - "enabled": true, - "days": 7 - }, - "default_service_version": null, - "versioning_enabled": true - }, - "default_to_entra_authorization": false, - "file_service_properties": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808/fileServices/default", - "name": "default", - "type": "Microsoft.Storage/storageAccounts/fileServices", - "share_delete_retention_policy": { - "enabled": true, - "days": 7 - }, - "smb_protocol_settings": { - "channel_encryption": [], - "supported_versions": [] - } - } - } - }, - "group": { - "name": "storage" - }, - "labels": [], - "name": "stcfistoragecad63808", - "type": "AzureStorageAccount", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "eastus" - }, - "remediation": { - "desc": "From the Azure home page, open the hamburger menu in the top left or click on the arrow pointing right with 'More services' underneath. 2. Select Storage. 3. Select Storage Accounts. 4. For each Storage Account, navigate to Data protection in the left scroll column. 5. Check soft delete for both blobs and containers. Set the retention period to a sufficient length for your organization", - "references": [ - "https://docs.microsoft.com/en-us/azure/storage/blobs/storage-blob-soft-delete" - ] - }, - "risk_details": "Containers and Blob Storage data can be incorrectly deleted. An attacker/malicious user may do this deliberately in order to cause disruption. Deleting an Azure Storage blob causes immediate data loss. Enabling this configuration for Azure storage ensures that even if blobs/data were deleted from the storage account, Blobs/data objects are recoverable for a particular time which is set in the Retention policies ranging from 7 days to 365 days.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Storage account stcfistoragecad63808 from subscription Azure subscription 1 has Geo-redundant storage Standard_GRS enabled.", - "metadata": { - "event_code": "storage_geo_redundant_enabled", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Storage account stcfistoragecad63808 from subscription Azure subscription 1 has Geo-redundant storage Standard_GRS enabled.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/storage/common/storage-redundancy", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CCC": [ - "CCC.Logging.CN05.AR02", - "CCC.Core.CN08.AR01", - "CCC.Core.CN08.AR02" - ], - "CIS-4.0": [ - "10.3.12" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Geo-redundant storage (GRS) must be enabled on critical Azure Storage Accounts to ensure data durability and availability in the event of a regional outage. GRS replicates data within the primary region and asynchronously to a secondary region, offering enhanced resilience and supporting disaster recovery strategies.", - "title": "Ensure geo-redundant storage (GRS) is enabled on critical Azure Storage Accounts", - "types": [], - "uid": "prowler-azure-storage_geo_redundant_enabled-3bb71587-4549-4396-8898-9e15f062e665-eastus-stcfistoragecad63808" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "eastus", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808", - "name": "stcfistoragecad63808", - "location": "eastus", - "resouce_group_name": "rg-cfi-storage", - "enable_https_traffic_only": true, - "infrastructure_encryption": null, - "allow_blob_public_access": false, - "network_rule_set": { - "bypass": "AzureServices", - "default_action": "Allow" - }, - "encryption_type": "Microsoft.Storage", - "minimum_tls_version": "TLS1_2", - "private_endpoint_connections": [], - "key_expiration_period_in_days": null, - "replication_settings": "Standard_GRS", - "allow_cross_tenant_replication": true, - "allow_shared_key_access": true, - "blob_properties": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808/blobServices/default", - "name": "default", - "type": "Microsoft.Storage/storageAccounts/blobServices", - "container_delete_retention_policy": { - "enabled": true, - "days": 7 - }, - "default_service_version": null, - "versioning_enabled": true - }, - "default_to_entra_authorization": false, - "file_service_properties": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808/fileServices/default", - "name": "default", - "type": "Microsoft.Storage/storageAccounts/fileServices", - "share_delete_retention_policy": { - "enabled": true, - "days": 7 - }, - "smb_protocol_settings": { - "channel_encryption": [], - "supported_versions": [] - } - } - } - }, - "group": { - "name": "storage" - }, - "labels": [], - "name": "stcfistoragecad63808", - "type": "AzureStorageAccount", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "eastus" - }, - "remediation": { - "desc": "Enable geo-redundant storage (GRS) for critical Azure Storage Accounts to ensure data durability and availability across regional failures.", - "references": [ - "https://learn.microsoft.com/en-us/azure/storage/common/storage-redundancy" - ] - }, - "risk_details": "Without GRS, critical data may be lost or become unavailable during a regional outage, compromising data durability and disaster recovery efforts.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Storage account stcfistoragecad63808 from subscription Azure subscription 1 has infrastructure encryption disabled.", - "metadata": { - "event_code": "storage_infrastructure_encryption_is_enabled", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "Storage account stcfistoragecad63808 from subscription Azure subscription 1 has infrastructure encryption disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.exp.10.az.kv.2" - ], - "MITRE-ATTACK": [ - "T1530" - ], - "CIS-2.0": [ - "3.2" - ], - "ISO27001-2022": [ - "A.8.5", - "A.8.11", - "A.8.24" - ], - "SOC2": [ - "cc_6_7", - "cc_7_5" - ], - "CIS-2.1": [ - "3.2" - ], - "CIS-3.0": [ - "4.3" - ], - "CCC": [ - "CCC.Core.CN02.AR01" - ], - "PCI-4.0": [ - "3.5.1.22", - "8.3.2.37" - ], - "CIS-4.0": [ - "10.3.1.1" - ], - "NIS2": [ - "9.2.a", - "12.2.2.a", - "12.2.2.b" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Ensure that 'Enable Infrastructure Encryption' for Each Storage Account in Azure Storage is Set to 'enabled' ", - "title": "Ensure that 'Enable Infrastructure Encryption' for Each Storage Account in Azure Storage is Set to 'enabled' ", - "types": [], - "uid": "prowler-azure-storage_infrastructure_encryption_is_enabled-3bb71587-4549-4396-8898-9e15f062e665-eastus-stcfistoragecad63808" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "eastus", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808", - "name": "stcfistoragecad63808", - "location": "eastus", - "resouce_group_name": "rg-cfi-storage", - "enable_https_traffic_only": true, - "infrastructure_encryption": null, - "allow_blob_public_access": false, - "network_rule_set": { - "bypass": "AzureServices", - "default_action": "Allow" - }, - "encryption_type": "Microsoft.Storage", - "minimum_tls_version": "TLS1_2", - "private_endpoint_connections": [], - "key_expiration_period_in_days": null, - "replication_settings": "Standard_GRS", - "allow_cross_tenant_replication": true, - "allow_shared_key_access": true, - "blob_properties": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808/blobServices/default", - "name": "default", - "type": "Microsoft.Storage/storageAccounts/blobServices", - "container_delete_retention_policy": { - "enabled": true, - "days": 7 - }, - "default_service_version": null, - "versioning_enabled": true - }, - "default_to_entra_authorization": false, - "file_service_properties": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808/fileServices/default", - "name": "default", - "type": "Microsoft.Storage/storageAccounts/fileServices", - "share_delete_retention_policy": { - "enabled": true, - "days": 7 - }, - "smb_protocol_settings": { - "channel_encryption": [], - "supported_versions": [] - } - } - } - }, - "group": { - "name": "storage" - }, - "labels": [], - "name": "stcfistoragecad63808", - "type": "AzureRole", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "eastus" - }, - "remediation": { - "desc": "Enabling double encryption at the hardware level on top of the default software encryption for Storage Accounts accessing Azure storage solutions.", - "references": [] - }, - "risk_details": "Double encryption of Azure Storage data protects against a scenario where one of the encryption algorithms or keys may be compromised", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Storage account stcfistoragecad63808 from subscription Azure subscription 1 has no key expiration period set.", - "metadata": { - "event_code": "storage_key_rotation_90_days", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Storage account stcfistoragecad63808 from subscription Azure subscription 1 has no key expiration period set.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/storage/common/storage-account-keys-manage?tabs=azure-portal", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r1.az.eid.2" - ], - "CIS-2.0": [ - "3.4" - ], - "CIS-2.1": [ - "3.4" - ], - "CIS-3.0": [ - "4.4" - ], - "CCC": [ - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR05" - ], - "CIS-4.0": [ - "10.3.1.2" - ], - "NIS2": [ - "9.2.c.iii", - "9.2.c.iv", - "11.6.2.c", - "12.2.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Ensure that Storage Account Access Keys are Periodically Regenerated", - "title": "Ensure that Storage Account Access Keys are Periodically Regenerated", - "types": [], - "uid": "prowler-azure-storage_key_rotation_90_days-3bb71587-4549-4396-8898-9e15f062e665-eastus-stcfistoragecad63808" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "eastus", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808", - "name": "stcfistoragecad63808", - "location": "eastus", - "resouce_group_name": "rg-cfi-storage", - "enable_https_traffic_only": true, - "infrastructure_encryption": null, - "allow_blob_public_access": false, - "network_rule_set": { - "bypass": "AzureServices", - "default_action": "Allow" - }, - "encryption_type": "Microsoft.Storage", - "minimum_tls_version": "TLS1_2", - "private_endpoint_connections": [], - "key_expiration_period_in_days": null, - "replication_settings": "Standard_GRS", - "allow_cross_tenant_replication": true, - "allow_shared_key_access": true, - "blob_properties": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808/blobServices/default", - "name": "default", - "type": "Microsoft.Storage/storageAccounts/blobServices", - "container_delete_retention_policy": { - "enabled": true, - "days": 7 - }, - "default_service_version": null, - "versioning_enabled": true - }, - "default_to_entra_authorization": false, - "file_service_properties": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808/fileServices/default", - "name": "default", - "type": "Microsoft.Storage/storageAccounts/fileServices", - "share_delete_retention_policy": { - "enabled": true, - "days": 7 - }, - "smb_protocol_settings": { - "channel_encryption": [], - "supported_versions": [] - } - } - } - }, - "group": { - "name": "storage" - }, - "labels": [], - "name": "stcfistoragecad63808", - "type": "AzureStorageAccount", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "eastus" - }, - "remediation": { - "desc": "Ensure that Azure Storage account access keys are regenerated every 90 days in order to decrease the likelihood of accidental exposures and protect your storage account resources against unauthorized access.", - "references": [ - "https://learn.microsoft.com/en-us/azure/storage/common/storage-account-create?tabs=azure-portal#regenerate-storage-access-keys" - ] - }, - "risk_details": "If the access keys are not regenerated periodically, the likelihood of accidental exposures increases, which can lead to unauthorized access to your storage account resources.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Storage account stcfistoragecad63808 from subscription Azure subscription 1 has secure transfer required enabled.", - "metadata": { - "event_code": "storage_secure_transfer_required_is_enabled", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Storage account stcfistoragecad63808 from subscription Azure subscription 1 has secure transfer required enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.com.3.az.sa.1" - ], - "MITRE-ATTACK": [ - "T1040" - ], - "CIS-2.0": [ - "3.1" - ], - "ISO27001-2022": [ - "A.8.12", - "A.8.14", - "A.8.24" - ], - "SOC2": [ - "cc_6_2", - "cc_6_7" - ], - "CIS-2.1": [ - "3.1" - ], - "CIS-3.0": [ - "4.1" - ], - "CCC": [ - "CCC.Core.CN01.AR01", - "CCC.Core.CN01.AR02", - "CCC.Core.CN01.AR03", - "CCC.Core.CN01.AR07", - "CCC.Core.CN11.AR01", - "CCC.Core.CN05.AR04" - ], - "PCI-4.0": [ - "1.2.5.15", - "2.2.5.15", - "2.2.7.19", - "3.5.1.30", - "4.2.1.1.27", - "4.2.1.19", - "8.3.2.48", - "8.3.2.49" - ], - "CIS-4.0": [ - "10.3.4" - ], - "NIS2": [ - "6.7.2.i", - "6.7.2.l", - "9.2.a", - "12.2.2.a", - "12.2.2.b", - "12.2.2.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Ensure that all data transferred between clients and your Azure Storage account is encrypted using the HTTPS protocol.", - "title": "Ensure that all data transferred between clients and your Azure Storage account is encrypted using the HTTPS protocol.", - "types": [], - "uid": "prowler-azure-storage_secure_transfer_required_is_enabled-3bb71587-4549-4396-8898-9e15f062e665-eastus-stcfistoragecad63808" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "eastus", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808", - "name": "stcfistoragecad63808", - "location": "eastus", - "resouce_group_name": "rg-cfi-storage", - "enable_https_traffic_only": true, - "infrastructure_encryption": null, - "allow_blob_public_access": false, - "network_rule_set": { - "bypass": "AzureServices", - "default_action": "Allow" - }, - "encryption_type": "Microsoft.Storage", - "minimum_tls_version": "TLS1_2", - "private_endpoint_connections": [], - "key_expiration_period_in_days": null, - "replication_settings": "Standard_GRS", - "allow_cross_tenant_replication": true, - "allow_shared_key_access": true, - "blob_properties": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808/blobServices/default", - "name": "default", - "type": "Microsoft.Storage/storageAccounts/blobServices", - "container_delete_retention_policy": { - "enabled": true, - "days": 7 - }, - "default_service_version": null, - "versioning_enabled": true - }, - "default_to_entra_authorization": false, - "file_service_properties": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808/fileServices/default", - "name": "default", - "type": "Microsoft.Storage/storageAccounts/fileServices", - "share_delete_retention_policy": { - "enabled": true, - "days": 7 - }, - "smb_protocol_settings": { - "channel_encryption": [], - "supported_versions": [] - } - } - } - }, - "group": { - "name": "storage" - }, - "labels": [], - "name": "stcfistoragecad63808", - "type": "AzureStorageAccount", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "eastus" - }, - "remediation": { - "desc": "Enable data encryption in transit.", - "references": [] - }, - "risk_details": "Requests to the storage account sent outside of a secure connection can be eavesdropped", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Storage account stcfistoragecad63808 from subscription Azure subscription 1 does not have SMB channel encryption enabled for file shares.", - "metadata": { - "event_code": "storage_smb_channel_encryption_with_secure_algorithm", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Storage account stcfistoragecad63808 from subscription Azure subscription 1 does not have SMB channel encryption enabled for file shares.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/well-architected/service-guides/azure-files#recommendations-for-smb-file-shares", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "This check passes if SMB channel encryption is set to a secure algorithm.", - "compliance": { - "CCC": [ - "CCC.Core.CN01.AR07", - "CCC.Core.CN11.AR01" - ], - "CIS-4.0": [ - "10.1.3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Implement SMB channel encryption with a secure algorithm for SMB file shares to ensure data confidentiality and integrity in transit.", - "title": "Ensure SMB channel encryption uses a secure algorithm for SMB file shares", - "types": [], - "uid": "prowler-azure-storage_smb_channel_encryption_with_secure_algorithm-3bb71587-4549-4396-8898-9e15f062e665-global-stcfistoragecad63808" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808/fileServices/default", - "name": "default", - "type": "Microsoft.Storage/storageAccounts/fileServices", - "share_delete_retention_policy": { - "enabled": true, - "days": 7 - }, - "smb_protocol_settings": { - "channel_encryption": [], - "supported_versions": [] - } - } - }, - "group": { - "name": "storage" - }, - "labels": [], - "name": "stcfistoragecad63808", - "type": "AzureStorageAccount", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808/fileServices/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "Use the portal, CLI or PowerShell to set the SMB channel encryption to a secure algorithm.", - "references": [ - "https://learn.microsoft.com/en-us/azure/storage/files/files-smb-protocol?tabs=azure-portal#smb-security-settings" - ] - }, - "risk_details": "Not using the recommended SMB channel encryption may expose data transmitted over SMB channels to unauthorized interception and tampering.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - } -] diff --git a/website/src/plugin/cfi-pages/index.ts b/website/src/plugin/cfi-pages/index.ts index 35bf6963..a07db4d5 100644 --- a/website/src/plugin/cfi-pages/index.ts +++ b/website/src/plugin/cfi-pages/index.ts @@ -1,290 +1,319 @@ -import fs from 'fs'; -import path from 'path'; -import type { LoadContext, Plugin } from '@docusaurus/types'; -import { HomePageData, Configuration, ConfigurationPageData, RepositoryPageData, CFIConfigJson, TestResultItem, TestResultType, CFIRepository, ConfigurationResult, ConfigurationResultPageData, ConfigurationResultSummary } from '../../types/cfi'; - +import fs from "fs"; +import path from "path"; +import type { LoadContext, Plugin } from "@docusaurus/types"; +import { HomePageData, Configuration, ConfigurationPageData, RepositoryPageData, CFIConfigJson, TestResultItem, TestResultType, CFIRepository, ConfigurationResult, ConfigurationResultPageData, ConfigurationResultSummary } from "../../types/cfi"; /** * Process all OCSF results and partition them by product, vendor, and version */ -function partitionOCSFResultsByMetadata(resultsDir: string): Map { - const partitionMap = new Map(); - - if (!fs.existsSync(resultsDir)) { - return partitionMap; - } +function partitionOCSFResultsByMetadata(resultsDir: string): Map }> { + const partitionMap = new Map }>(); - const resultFiles = fs.readdirSync(resultsDir).filter(f => f.endsWith('ocsf.json')); - console.log(`πŸ“‚ Found ${resultFiles.length} OCSF result files in ${resultsDir}`); - - for (const resultFile of resultFiles) { - const resultPath = path.join(resultsDir, resultFile); - const result = fs.readFileSync(resultPath, 'utf8'); - const parsed = JSON.parse(result) as any[]; - - if (parsed != null) { - console.log(`πŸ“Š Partitioning ${parsed.length} OCSF items from ${resultFile}`); - - parsed.forEach((item, index) => { - // Extract metadata - const product = item.metadata?.product?.name || 'Unknown Product'; - const vendor = item.metadata?.product?.vendor_name || 'Unknown Vendor'; - const version = item.metadata?.product?.version || 'Unknown Version'; - - // Create unique key for this combination - const key = `${vendor}::${product}::${version}`; - - // Initialize partition if it doesn't exist - if (!partitionMap.has(key)) { - partitionMap.set(key, { - product, - vendor, - version, - test_results: [] - }); - } - - // Convert OCSF item to TestResultItem - const resource = item.resources?.[0] || {}; - const testResult: TestResultItem = { - id: `${item.finding_info?.uid || 'unknown'}-${index}`, - test_requirements: item.unmapped?.compliance?.['CCC'] || [], - result: item.status_code === 'PASS' ? TestResultType.PASS : - item.status_code === 'FAIL' ? TestResultType.FAIL : TestResultType.NA, - name: item.finding_info?.title || 'Unknown Finding', - message: item.message || '', - test: item.metadata?.event_code || '', - timestamp: item.finding_info?.created_time || Date.now(), - further_info_url: item.unmapped?.related_url, - resources: [resource.name || resource.uid || 'Unknown Resource'], - status_code: item.status_code || 'UNKNOWN', - status_detail: item.status_detail || '', - resource_name: resource.name || resource.uid || 'Unknown Resource', - resource_type: resource.type || 'Unknown Type', - resource_uid: resource.uid, - ccc_objects: item.unmapped?.compliance?.['CCC'] || [], - finding_title: item.finding_info?.title || 'Unknown Finding', - finding_uid: item.finding_info?.uid || '' - }; - - partitionMap.get(key)!.test_results.push(testResult); - }); + if (!fs.existsSync(resultsDir)) { + return partitionMap; + } + + const resultFiles = fs.readdirSync(resultsDir).filter((f) => f.endsWith("ocsf.json")); + console.log(`πŸ“‚ Found ${resultFiles.length} OCSF result files in ${resultsDir}`); + + for (const resultFile of resultFiles) { + const resultPath = path.join(resultsDir, resultFile); + const result = fs.readFileSync(resultPath, "utf8"); + const parsed = JSON.parse(result) as any[]; + + if (parsed != null) { + console.log(`πŸ“Š Partitioning ${parsed.length} OCSF items from ${resultFile}`); + + parsed.forEach((item, index) => { + // Extract metadata + const product = item.metadata?.product?.name || "Unknown Product"; + const vendor = item.metadata?.product?.vendor_name || "Unknown Vendor"; + const version = item.metadata?.product?.version || "Unknown Version"; + + // Create unique key for this combination + const key = `${vendor}::${product}::${version}`; + + // Initialize partition if it doesn't exist + if (!partitionMap.has(key)) { + partitionMap.set(key, { + product, + vendor, + version, + test_results: [], + contributingFiles: new Set(), + }); } + + // Track the source file + partitionMap.get(key)!.contributingFiles.add(resultFile); + + // Convert OCSF item to TestResultItem + const resource = item.resources?.[0] || {}; + const testResult: TestResultItem = { + id: `${item.finding_info?.uid || "unknown"}-${index}`, + test_requirements: item.unmapped?.compliance?.["CCC"] || [], + result: item.status_code === "PASS" ? TestResultType.PASS : item.status_code === "FAIL" ? TestResultType.FAIL : TestResultType.NA, + name: item.finding_info?.title || "Unknown Finding", + message: item.message || "", + test: item.metadata?.event_code || "", + timestamp: item.finding_info?.created_time || Date.now(), + further_info_url: item.unmapped?.related_url, + resources: [resource.name || resource.uid || "Unknown Resource"], + status_code: item.status_code || "UNKNOWN", + status_detail: item.status_detail || "", + resource_name: resource.name || resource.uid || "Unknown Resource", + resource_type: resource.type || "Unknown Type", + resource_uid: resource.uid, + ccc_objects: item.unmapped?.compliance?.["CCC"] || [], + finding_title: item.finding_info?.title || "Unknown Finding", + finding_uid: item.finding_info?.uid || "", + }; + + partitionMap.get(key)!.test_results.push(testResult); + }); } + } - return partitionMap; + return partitionMap; } +async function createConfiguration(configDir: string, slug: string, repositoryData: CFIRepository, repoDir: string, siteDir: string, createData: (name: string, data: string | object) => Promise, addRoute: (route: any) => void): Promise { + console.log(`πŸ” Processing configuration directory: ${configDir}`); + + const configId = path.basename(configDir); + + // Read the configuration file + const configPath = path.join(configDir, "config", `${configId}.json`); + console.log(`πŸ“ Config path: ${configPath}`); + const config = JSON.parse(fs.readFileSync(configPath, "utf8")) as CFIConfigJson; + + // Process OCSF results and partition by product, vendor, version + const resultsDir = path.join(configDir, "results"); + const partitionedResults = partitionOCSFResultsByMetadata(resultsDir); -async function createConfiguration(configDir: string, slug: string, repositoryData: CFIRepository, createData: (name: string, data: string | object) => Promise, addRoute: (route: any) => void): Promise { - console.log(`πŸ” Processing configuration directory: ${configDir}`); + console.log(`πŸ“Š Configuration ${config.id}: found ${partitionedResults.size} unique product/vendor/version combinations`); - // Read the configuration file - const configPath = path.join(configDir, 'config', `${path.basename(configDir)}.json`); - console.log(`πŸ“ Config path: ${configPath}`); - const config = JSON.parse(fs.readFileSync(configPath, 'utf8')) as CFIConfigJson; + // Convert partitioned results to array + const configurationResults: ConfigurationResult[] = []; - // Process OCSF results and partition by product, vendor, version - const resultsDir = path.join(configDir, 'results'); - const partitionedResults = partitionOCSFResultsByMetadata(resultsDir); + // Create ConfigurationResultSummary for each result + const configurationResultSummaries: ConfigurationResultSummary[] = []; - console.log(`πŸ“Š Configuration ${config.id}: found ${partitionedResults.size} unique product/vendor/version combinations`); + // Directory for downloads in static folder + const staticDownloadsDir = path.join(siteDir, "static", "downloads", "cfi", repoDir, configId); + if (!fs.existsSync(staticDownloadsDir)) { + fs.mkdirSync(staticDownloadsDir, { recursive: true }); + } - // Convert partitioned results to array - const configurationResults: ConfigurationResult[] = Array.from(partitionedResults.values()); + // Create a page for each ConfigurationResult + for (const [key, configResultWithFiles] of partitionedResults.entries()) { + const { contributingFiles, ...configResult } = configResultWithFiles; - // Create ConfigurationResultSummary for each result - const configurationResultSummaries: ConfigurationResultSummary[] = []; + // Handle download links + const downloadLinks: { name: string; url: string; type: string }[] = []; - // Create a page for each ConfigurationResult - for (const configResult of configurationResults) { - // Generate a slug-friendly key - const resultKey = `${configResult.vendor}-${configResult.product}-${configResult.version}` - .toLowerCase() - .replace(/[^a-z0-9]+/g, '-'); + for (const file of contributingFiles) { + // Copy OCSF file + const ocsfSrc = path.join(resultsDir, file); + const ocsfDest = path.join(staticDownloadsDir, file); + fs.copyFileSync(ocsfSrc, ocsfDest); - const resultSlug = `${slug}/${resultKey}`; + downloadLinks.push({ + name: file, + url: `/downloads/cfi/${repoDir}/${configId}/${file}`, + type: "ocsf", + }); - // Calculate summary statistics - const totalTests = configResult.test_results.length; - const passingTests = configResult.test_results.filter(r => r.status_code === 'PASS').length; - const failingTests = configResult.test_results.filter(r => r.status_code === 'FAIL').length; + // Check for matching HTML file + const htmlFile = file.replace(".ocsf.json", ".html"); + const htmlSrc = path.join(resultsDir, htmlFile); + if (fs.existsSync(htmlSrc)) { + const htmlDest = path.join(staticDownloadsDir, htmlFile); + fs.copyFileSync(htmlSrc, htmlDest); - // Add to summaries - configurationResultSummaries.push({ - product: configResult.product, - vendor: configResult.vendor, - version: configResult.version, - slug: resultSlug, - totalTests, - passingTests, - failingTests + downloadLinks.push({ + name: htmlFile, + url: `/downloads/cfi/${repoDir}/${configId}/${htmlFile}`, + type: "html", }); + } + } - // Create temporary configuration for this result page - const configuration: Configuration = { - cfi_details: config, - repository: repositoryData, - slug, - results: configurationResults, - }; + configResult.download_links = downloadLinks; + configurationResults.push(configResult); - // Create ConfigurationResult page data - const resultPageData: ConfigurationResultPageData = { - configuration, - configurationResult: configResult - }; + // Generate a slug-friendly key + const resultKey = `${configResult.vendor}-${configResult.product}-${configResult.version}`.toLowerCase().replace(/[^a-z0-9]+/g, "-"); - const resultJsonPath = await createData( - `cfi-config-result-${repositoryData.name}-${config.id}-${resultKey}.json`, - JSON.stringify(resultPageData, null, 2) - ); + const resultSlug = `${slug}/${resultKey}`; - // Add route for this ConfigurationResult page - addRoute({ - path: resultSlug, - component: '@site/src/components/cfi/ConfigurationResult/index.tsx', - modules: { - pageData: resultJsonPath, - }, - exact: true, - }); + // Calculate summary statistics + const totalTests = configResult.test_results.length; + const passingTests = configResult.test_results.filter((r) => r.status_code === "PASS").length; + const failingTests = configResult.test_results.filter((r) => r.status_code === "FAIL").length; - console.log(`βœ… Created ConfigurationResult page at ${resultSlug} (${totalTests} tests)`); - } + // Add to summaries + configurationResultSummaries.push({ + product: configResult.product, + vendor: configResult.vendor, + version: configResult.version, + slug: resultSlug, + totalTests, + passingTests, + failingTests, + }); - // Create configuration with repository info and partitioned results + // Create temporary configuration for this result page const configuration: Configuration = { - cfi_details: config, - repository: repositoryData, - slug, - results: configurationResults, + cfi_details: config, + repository: repositoryData, + slug, + results: configurationResults, }; - // Create configuration page data - const pageData: ConfigurationPageData = { - configuration, - configurationResultSummaries + // Create ConfigurationResult page data + const resultPageData: ConfigurationResultPageData = { + configuration, + configurationResult: configResult, }; - const jsonPath = await createData( - `cfi-config-${repositoryData.name}-${config.id}.json`, - JSON.stringify(pageData, null, 2) - ); + const resultJsonPath = await createData(`cfi-config-result-${repositoryData.name}-${config.id}-${resultKey}.json`, JSON.stringify(resultPageData, null, 2)); - // Add route for this configuration page + // Add route for this ConfigurationResult page addRoute({ - path: slug, - component: '@site/src/components/cfi/Configuration/index.tsx', - modules: { - pageData: jsonPath, - }, - exact: true, + path: resultSlug, + component: "@site/src/components/cfi/ConfigurationResult/index.tsx", + modules: { + pageData: resultJsonPath, + }, + exact: true, }); - console.log(`βœ… Created configuration page for ${configuration.cfi_details.id} at ${slug}`); - return configuration; + console.log(`βœ… Created ConfigurationResult page at ${resultSlug} (${totalTests} tests)`); + } + + // Create configuration with repository info and partitioned results + const configuration: Configuration = { + cfi_details: config, + repository: repositoryData, + slug, + results: configurationResults, + }; + + // Create configuration page data + const pageData: ConfigurationPageData = { + configuration, + configurationResultSummaries, + }; + + const jsonPath = await createData(`cfi-config-${repositoryData.name}-${config.id}.json`, JSON.stringify(pageData, null, 2)); + + // Add route for this configuration page + addRoute({ + path: slug, + component: "@site/src/components/cfi/Configuration/index.tsx", + modules: { + pageData: jsonPath, + }, + exact: true, + }); + + console.log(`βœ… Created configuration page for ${configuration.cfi_details.id} at ${slug}`); + return configuration; } +export default function pluginCFIPages(context: LoadContext): Plugin { + return { + name: "cfi-pages", + + async contentLoaded({ actions }) { + const { createData, addRoute } = actions; + + const testResultsDir = path.resolve(__dirname, "../../data/test-results"); + + // Find all repository directories and their configurations + const allDirs = fs.readdirSync(testResultsDir); + console.log(`All directories in test-results:`, allDirs); + + const components: Configuration[] = []; -export default function pluginCFIPages(_: LoadContext): Plugin { - return { - name: 'cfi-pages', - - async contentLoaded({ actions }) { - const { createData, addRoute } = actions; - - const testResultsDir = path.resolve(__dirname, '../../data/test-results'); - - // Find all repository directories and their configurations - const allDirs = fs.readdirSync(testResultsDir); - console.log(`All directories in test-results:`, allDirs); - - const components: Configuration[] = []; - - for (const repoDir of allDirs) { - const repoPath = path.join(testResultsDir, repoDir); - const repositoryJsonPath = path.join(repoPath, 'repository.json'); - - if (!fs.existsSync(repositoryJsonPath)) { - console.log(`No repository.json found in ${repoDir}, skipping`); - continue; - } - - console.log(`Processing repository: ${repoDir}`); - - // Read repository info - const repositoryData = JSON.parse(fs.readFileSync(repositoryJsonPath, 'utf8')) as CFIRepository; - - // Find all configuration directories within this repository - const configDirs = fs.readdirSync(repoPath).filter(dir => { - const configPath = path.join(repoPath, dir, 'config'); - return fs.existsSync(configPath) && fs.statSync(configPath).isDirectory(); - }); - - console.log(`Found ${configDirs.length} configurations in ${repoDir}:`, configDirs); - - const repositoryConfigurations: Configuration[] = []; - - for (const configDir of configDirs) { - const slug = '/cfi/' + repoDir + '/' + configDir; - const fullConfigDir = path.join(repoPath, configDir); - - try { - const configuration = await createConfiguration(fullConfigDir, slug, repositoryData, createData, addRoute); - components.push(configuration); - repositoryConfigurations.push(configuration); - } catch (error) { - console.error(`Error processing configuration ${configDir} in ${repoDir}:`, error); - } - } - - // Create repository page - if (repositoryConfigurations.length > 0) { - const repositoryPageData: RepositoryPageData = { - repository: repositoryData, - configurations: repositoryConfigurations, - repositorySlug: repoDir - }; - - const repositoryPagePath = await createData( - `cfi-repository-${repoDir}.json`, - JSON.stringify(repositoryPageData, null, 2) - ); - - addRoute({ - path: `/cfi/${repoDir}`, - component: '@site/src/components/cfi/Repository/index.tsx', - modules: { - pageData: repositoryPagePath, - }, - exact: true, - }); - - console.log(`βœ… Created repository page for ${repoDir} at /cfi/${repoDir}`); - } - } - - // Create home page data - const homePageData: HomePageData = { - configurations: components - }; - - const homePagePath = await createData( - 'cfi-home.json', - JSON.stringify(homePageData, null, 2) - ); - - addRoute({ - path: '/cfi', - component: '@site/src/components/cfi/Home/index.tsx', - modules: { - pageData: homePagePath, - }, - exact: true, - }); - - console.log('Added route for /cfi'); + for (const repoDir of allDirs) { + const repoPath = path.join(testResultsDir, repoDir); + const repositoryJsonPath = path.join(repoPath, "repository.json"); + + if (!fs.existsSync(repositoryJsonPath)) { + console.log(`No repository.json found in ${repoDir}, skipping`); + continue; + } + + console.log(`Processing repository: ${repoDir}`); + + // Read repository info + const repositoryData = JSON.parse(fs.readFileSync(repositoryJsonPath, "utf8")) as CFIRepository; + + // Find all configuration directories within this repository + const configDirs = fs.readdirSync(repoPath).filter((dir) => { + const configPath = path.join(repoPath, dir, "config"); + return fs.existsSync(configPath) && fs.statSync(configPath).isDirectory(); + }); + + console.log(`Found ${configDirs.length} configurations in ${repoDir}:`, configDirs); + + const repositoryConfigurations: Configuration[] = []; + + for (const configDir of configDirs) { + const slug = "/cfi/" + repoDir + "/" + configDir; + const fullConfigDir = path.join(repoPath, configDir); + + try { + const configuration = await createConfiguration(fullConfigDir, slug, repositoryData, repoDir, context.siteDir, createData, addRoute); + components.push(configuration); + repositoryConfigurations.push(configuration); + } catch (error) { + console.error(`Error processing configuration ${configDir} in ${repoDir}:`, error); + } + } + + // Create repository page + if (repositoryConfigurations.length > 0) { + const repositoryPageData: RepositoryPageData = { + repository: repositoryData, + configurations: repositoryConfigurations, + repositorySlug: repoDir, + }; + + const repositoryPagePath = await createData(`cfi-repository-${repoDir}.json`, JSON.stringify(repositoryPageData, null, 2)); + + addRoute({ + path: `/cfi/${repoDir}`, + component: "@site/src/components/cfi/Repository/index.tsx", + modules: { + pageData: repositoryPagePath, + }, + exact: true, + }); + + console.log(`βœ… Created repository page for ${repoDir} at /cfi/${repoDir}`); + } + } + + // Create home page data + const homePageData: HomePageData = { + configurations: components, + }; + + const homePagePath = await createData("cfi-home.json", JSON.stringify(homePageData, null, 2)); + + addRoute({ + path: "/cfi", + component: "@site/src/components/cfi/Home/index.tsx", + modules: { + pageData: homePagePath, }, - }; + exact: true, + }); + + console.log("Added route for /cfi"); + }, + }; } diff --git a/website/src/types/cfi.ts b/website/src/types/cfi.ts index 3feb6b2a..31f5ea85 100644 --- a/website/src/types/cfi.ts +++ b/website/src/types/cfi.ts @@ -85,11 +85,18 @@ export interface Configuration { } +export interface DownloadLink { + name: string; + url: string; + type: string; +} + export interface ConfigurationResult { product: string; vendor: string; version: string; test_results: TestResultItem[]; + download_links?: DownloadLink[]; } From 870ed0dd83a7362fe91c4e8f531cc848309b04eb Mon Sep 17 00:00:00 2001 From: Rob Moffat Date: Tue, 3 Mar 2026 10:01:42 +0000 Subject: [PATCH 03/14] minor updates to readme --- README.md | 27 ++++++++++--------- .../test-results/for-osff/repository.json | 4 +-- 2 files changed, 17 insertions(+), 14 deletions(-) diff --git a/README.md b/README.md index 5408ffe0..3da6f6c6 100644 --- a/README.md +++ b/README.md @@ -12,9 +12,15 @@ This standard is a collaborative project which aims to develop a unified set of ## How To Use It +- **Browse Online:** The [ccc.finos.org](https://ccc.finos.org) website contains much of the resources of the CCC project in an easily browseable form including: + - In progress and published [control catalogs](https://ccc.finos.org/ccc) for common cloud services + - Work in progress results of [Compliant Financial Infrastructure](https://ccc.finos.org/cfi) test runs against those catalogs. + - [Videos and presentations](https://ccc.finos.org/#:~:text=to%20the%20standard.-,Learn,-More) from OSFF Events. + - A [CCC Primer Presentation](https://ccc.finos.org/#:~:text=GitHub-,What%20Is%20It?,-FINOS%20Common%20Cloud) + - **For controls development:** Download the latest [release PDF or Markdown](https://github.com/finos/common-cloud-controls/releases) for your target service, and use that as the basis for developing a control catalog for your specific organization or use case -- **For automation development:** Download the latest [release YAML for your target service](https://github.com/finos/common-cloud-controls/releases), and build tests for each β€œTest Requirement,” organized according to the control they are part of. Open source validators are currently being developed by the [Compliant Financial Infrastructure](https://github.com/finos/compliant-financial-infrastructure) project. +- **For automation development:** Open source validators are currently being developed by the [Compliant Financial Infrastructure](https://github.com/finos-labs/ccc-cfi-compliance) project. ## How To Contribute @@ -30,24 +36,21 @@ FINOS CCC is maintained and run through GitHub. ### 2. Join FINOS CCC Project Meetings -The CCC project is split into 6 working groups as follows: +The CCC project is currently split into 6 working groups as follows: - **Communications / All Hands**: Focused on the overall project communications and community engagement. - **Security** - Working to specify the security controls and threats that will be covered by the standard. -- **Community Structure** - Focused on the governance and structure of the CCC project. - **Taxonomy** - Focused on defining the taxonomy of cloud services that will be covered by the standard. -- **Delivery** - Focused on the delivery of the CCC standard for use downstream by FS firms and CSPs. -- **Compliant Financial Infrastructure** - Focused on delivery of actual implemetations of cloud infrastructure meeting CCC standards. +- **Compliant Financial Infrastructure** - Focused on delivery of actual implementations of cloud infrastructure meeting CCC standards. Work is done in the open, with all meetings and decisions documented in the project GitHub repository. Working groups meet on a fortnightly basis: -| Working Group | When | Chair | Mailing List | -| --------------------------------------------------------------------------------------- | ------------------------------------------ | -------------------- | ------------------------------------------------------------------------- | -| [Security](/docs/governance/working-groups/security/charter.md) | - async - | @mlysaght2017 | [ccc-security](mailto:ccc-security+subscribe@lists.finos.org) | -| [Communications / All Hands](/docs/governance/working-groups/communications/charter.md) | 5PM UK, 1st and 3rd Thursday each month | @Alexstpierrework | [ccc-communications](mailto:ccc-communications+subscribe@lists.finos.org) | -| [Taxonomy](/docs/governance/working-groups/taxonomy/charter.md) | 4:30PM UK, 2nd and 4th Thursday each month | @smendis-scottlogic | [ccc-taxonomy](mailto:ccc-taxonomy+subscribe@lists.finos.org) | -| [Community Structure](/docs/governance/working-groups/community-structure/charter.md) | - async - | @sshiells-scottlogic | [ccc-structure](mailto:ccc-structure+subscribe@lists.finos.org) | -| [Compliant Financial Infrastructure](docs/governance/working-groups/cfi/charter.md) | 10AM UK on 2nd Thursday / %PM UK on 4th Thursday each month | @eddie-knight | [cfi](mailto:cfi+subscribe@lists.finos.org) | +| Working Group | When | Chair | Mailing List | +| --------------------------------------------------------------------------------------- | ------------------------------------------------------- | ------------------- | ------------------------------------------------------------------------- | +| [Security](/docs/governance/working-groups/security/charter.md) | - async - | @mlysaght2017 | [ccc-security](mailto:ccc-security+subscribe@lists.finos.org) | +| [Communications / All Hands](/docs/governance/working-groups/communications/charter.md) | 5PM UK, alternate Thursdays | | [ccc-communications](mailto:ccc-communications+subscribe@lists.finos.org) | +| [Taxonomy](/docs/governance/working-groups/taxonomy/charter.md) | 4:30PM UK, alternate Thursdays | @smendis-scottlogic | [ccc-taxonomy](mailto:ccc-taxonomy+subscribe@lists.finos.org) | +| [Compliant Financial Infrastructure](docs/governance/working-groups/cfi/charter.md) | 10AM UK on Thursday / 4PM UK on 4th Thursday each month | @eddie-knight | [cfi](mailto:cfi+subscribe@lists.finos.org) | Find the next meeting on the [FINOS Community Calendar](https://finos.org/calendar) and browse [Past Meeting Minutes in GitHub](https://github.com/finos/common-cloud-controls/labels/meeting). diff --git a/website/src/data/test-results/for-osff/repository.json b/website/src/data/test-results/for-osff/repository.json index f08950cf..a776d80b 100644 --- a/website/src/data/test-results/for-osff/repository.json +++ b/website/src/data/test-results/for-osff/repository.json @@ -1,9 +1,9 @@ { - "name": "ccc-cfi-compliance-2", + "name": "osff", "url": "https://github.com/finos-labs/ccc-cfi-compliance", "description": "CCC CFI Compliance from FINOS Labs", "downloaded_at": "2025-10-19T21:38:16.610Z", "workflow_run_id": 18633357206, "workflow_status": "completed", "workflow_conclusion": "failure" -} \ No newline at end of file +} From 1afe3ba463485091f7d53d2c08cdbd23c7ca580d Mon Sep 17 00:00:00 2001 From: Rob Moffat Date: Fri, 13 Mar 2026 13:29:19 +0000 Subject: [PATCH 04/14] Committing work in progress --- .../cfi/ConfigurationResult/index.tsx | 327 +- ...C.ObjStor_v2025.01-MP-release-details.yaml | 41 - .../ccc-releases/CCC.ObjStor_v2025.01-MP.yaml | 1695 -- .../aws-s3-bucket/config/aws-s3-bucket.json | 10 - .../results/aws-s3-bucket-combined.ocsf.json | 21314 ---------------- .../repository.json | 4 +- website/src/types/cfi.ts | 243 +- 7 files changed, 291 insertions(+), 23343 deletions(-) delete mode 100644 website/src/data/ccc-releases/CCC.ObjStor_v2025.01-MP-release-details.yaml delete mode 100644 website/src/data/ccc-releases/CCC.ObjStor_v2025.01-MP.yaml delete mode 100644 website/src/data/test-results/finos-labs-ccc-cfi-compliance/aws-s3-bucket/config/aws-s3-bucket.json delete mode 100644 website/src/data/test-results/finos-labs-ccc-cfi-compliance/aws-s3-bucket/results/aws-s3-bucket-combined.ocsf.json diff --git a/website/src/components/cfi/ConfigurationResult/index.tsx b/website/src/components/cfi/ConfigurationResult/index.tsx index 6d4707c8..43613880 100644 --- a/website/src/components/cfi/ConfigurationResult/index.tsx +++ b/website/src/components/cfi/ConfigurationResult/index.tsx @@ -3,7 +3,7 @@ import Layout from "@theme/Layout"; import Link from "@docusaurus/Link"; import { Card, CardContent, CardHeader, CardTitle } from "../../ui/card"; import { Table, TableBody, TableCell, TableHead, TableHeader, TableRow } from "../../ui/table"; -import { ConfigurationResultPageData, ControlCatalogSummary, ResourceSummary, TestResultItem, TestSummary, TestMappingSummary, TestMappingDetail, DownloadLink } from "@site/src/types/cfi"; +import { ConfigurationResultPageData, ControlCatalogSummary, ResourceSummary, TestResultItem, TestSummary, TestMappingSummary, TestMappingDetail, DownloadLink, RequirementLink } from "@site/src/types/cfi"; import { useCCCData, findAssessmentRequirements, getControlUrl } from "@site/src/utils/cccDataLookup"; // Helper function to extract catalog ID from test requirement @@ -19,20 +19,46 @@ function getCatalogComponentUrl(catalogId: string): string { return `/ccc/${catalogId}`; } +function minus(setA: Set, setB: Set): Set { + const result = new Set(); + setA.forEach((item) => { + if (!setB.has(item)) { + result.add(item); + } + }); + return result; +} + +function intersect(setA: Set, setB: Set): Set { + return new Set([...setA].filter((x) => setB.has(x))); +} + +function convertToLink(reqId: string, releases: any[]): RequirementLink { + let title = reqId; + let catalogId = extractCatalogId(reqId); + let url = "#"; + for (const release of releases) { + if (release.metadata.id === catalogId) { + for (const control of release.controls) { + const requirement = control.test_requirements?.find((req) => req.id === reqId); + if (requirement) { + title = requirement.text || reqId; + url = getControlUrl(release, control, reqId); + break; + } + } + } + } + return { id: reqId, url, title }; +} + // Helper function to generate catalog summary data function generateCatalogSummary(testResults: TestResultItem[], releases: any[]): ControlCatalogSummary[] { - const summaryMap = new Map(); - // First, collect all tested requirements by catalog const testedRequirementsByCatalog = new Map>(); - testResults.forEach((result) => { - // Get unique catalog IDs for this test result to avoid double counting - const catalogsInThisResult = new Set(); - result.test_requirements?.forEach((testReq) => { const catalogId = extractCatalogId(testReq); - catalogsInThisResult.add(catalogId); // Track which requirements are actually tested for this catalog if (!testedRequirementsByCatalog.has(catalogId)) { @@ -40,113 +66,77 @@ function generateCatalogSummary(testResults: TestResultItem[], releases: any[]): } testedRequirementsByCatalog.get(catalogId)!.add(testReq); }); + }); - // Now for each unique catalog ID, count this test result once and collect all resources - catalogsInThisResult.forEach((catalogId) => { - if (!summaryMap.has(catalogId)) { - // Generate URL to the catalog component page - const catalogUrl = getCatalogComponentUrl(catalogId); - - summaryMap.set(catalogId, { - catalogId, - catalogUrl, - resources: [], - totalTests: 0, - passingTests: 0, - failingTests: 0, - testedRequirements: [], - missingRequirements: [], - }); - } - - const summary = summaryMap.get(catalogId)!; - summary.totalTests++; + // Now collect up all the requirements by catalog + const allRequirementsByCatalog = new Map>(); + const allNecessaryRequirementIds = new Set(); + releases.forEach((release) => { + release.controls.forEach((control) => { + control.test_requirements?.forEach((req) => { + const catalogId = extractCatalogId(req.id); + if (testedRequirementsByCatalog.has(catalogId)) { + if (!allRequirementsByCatalog.has(catalogId)) { + allRequirementsByCatalog.set(catalogId, new Set()); + } + if (catalogId == release.metadata.id) { + // this means we only include non-imported requirements + allRequirementsByCatalog.get(catalogId)!.add(req.id); + } - // Add all resources from this test result to the catalog's resource list - result.resources?.forEach((resource) => { - if (!summary.resources.includes(resource)) { - summary.resources.push(resource); + // this keeps track of which requirements are imported. + if (release.metadata.id != "CCC.Core") { + allNecessaryRequirementIds.add(req.id); + } } }); - - if (result.status_code === "PASS") { - summary.passingTests++; - } else if (result.status_code === "FAIL") { - summary.failingTests++; - } }); }); - // Now find missing requirements for each catalog - summaryMap.forEach((summary, catalogId) => { - const testedRequirements = testedRequirementsByCatalog.get(catalogId) || new Set(); - - // Find all requirements in this catalog from the releases data - const allRequirementsInCatalog = new Set(); - releases.forEach((release) => { - release.controls.forEach((control) => { - // Check if this control belongs to the catalog by matching the release metadata ID - if (release.metadata.id === catalogId) { - control.test_requirements?.forEach((req) => { - allRequirementsInCatalog.add(req.id); - }); - } - }); - }); + console.log("Tested requirements by catalog", testedRequirementsByCatalog); + console.log("All requirements by catalog", allRequirementsByCatalog); + console.log("All necessary requirement ids", allNecessaryRequirementIds); - // Find missing requirements - // Filter to only include requirements that match this catalog - const missingRequirements = Array.from(allRequirementsInCatalog).filter((reqId) => !testedRequirements.has(reqId) && extractCatalogId(reqId) === catalogId); - - // Convert tested requirements to objects with URLs and titles - // Filter to only include requirements that match this catalog - const testedRequirementsArray = Array.from(testedRequirements).filter((reqId) => extractCatalogId(reqId) === catalogId); - summary.testedRequirements = testedRequirementsArray.map((reqId) => { - // Find the requirement data to get title and generate URL - let title = reqId; - let url = "#"; - - for (const release of releases) { - if (release.metadata.id === catalogId) { - for (const control of release.controls) { - const requirement = control.test_requirements?.find((req) => req.id === reqId); - if (requirement) { - title = requirement.text || reqId; - url = getControlUrl(release, control, reqId); - break; - } - } - } - } + // Now for each unique catalog ID, count this test result once and collect all resources + const catalogsInThisResult = Array.from(allRequirementsByCatalog.keys()); + const summaries = catalogsInThisResult.map((catalogId) => { + // Generate URL to the catalog component page + const catalogUrl = getCatalogComponentUrl(catalogId); - return { id: reqId, url, title }; + const testsInCatalog = testResults.filter((result) => { + return result.test_requirements?.some((testReq) => { + return extractCatalogId(testReq) === catalogId; + }); }); - // Convert missing requirements to objects with URLs and titles - summary.missingRequirements = missingRequirements.map((reqId) => { - // Find the requirement data to get title and generate URL - let title = reqId; - let url = "#"; - - for (const release of releases) { - if (release.metadata.id === catalogId) { - for (const control of release.controls) { - const requirement = control.test_requirements?.find((req) => req.id === reqId); - if (requirement) { - title = requirement.text || reqId; - url = getControlUrl(release, control, reqId); - break; - } - } - } - } - - return { id: reqId, url, title }; - }); + const resourcesInCatalog = testsInCatalog + .map((result) => { + return result.resources; + }) + .flat(); + + const testedRequirementIds = testedRequirementsByCatalog.get(catalogId) || new Set(); + const allRequirementIds = allRequirementsByCatalog.get(catalogId) || new Set(); + const necessaryRequirementIds = intersect(allNecessaryRequirementIds, allRequirementIds); + const unusedRequirementIds = minus(allRequirementIds, necessaryRequirementIds); + const missingRequirementIds = minus(necessaryRequirementIds, testedRequirementIds); + + const out = { + catalogId, + catalogUrl, + resources: [...new Set(resourcesInCatalog)], + totalTests: testsInCatalog.length, + passingTests: testsInCatalog.filter((result) => result.status_code === "PASS").length, + failingTests: testsInCatalog.filter((result) => result.status_code === "FAIL").length, + unusedRequirements: Array.from(unusedRequirementIds).map((reqId) => convertToLink(reqId, releases)), + testedRequirements: Array.from(testedRequirementIds).map((reqId) => convertToLink(reqId, releases)), + missingRequirements: Array.from(missingRequirementIds).map((reqId) => convertToLink(reqId, releases)), + }; + + return out; }); // Sort resources within each summary and sort summaries by catalog ID - const summaries = Array.from(summaryMap.values()); summaries.forEach((summary) => { summary.resources.sort(); summary.testedRequirements.sort((a, b) => a.id.localeCompare(b.id)); @@ -334,12 +324,15 @@ export default function CFIConfigurationResult({ pageData }: { pageData: Configu const testMappingSummary = testResultsWithCCC.length > 0 ? generateTestMappingSummary(testResultsWithCCC) : []; // Group download links by base name (e.g., "results.ocsf.json" and "results.html" as "results") - const groupedDownloadLinks = (configurationResult.download_links || []).reduce((acc, link) => { - const baseName = link.name.replace('.ocsf.json', '').replace('.html', ''); - if (!acc[baseName]) acc[baseName] = []; - acc[baseName].push(link); - return acc; - }, {} as Record); + const groupedDownloadLinks = (configurationResult.download_links || []).reduce( + (acc, link) => { + const baseName = link.name.replace(".ocsf.json", "").replace(".html", ""); + if (!acc[baseName]) acc[baseName] = []; + acc[baseName].push(link); + return acc; + }, + {} as Record, + ); return ( @@ -377,54 +370,54 @@ export default function CFIConfigurationResult({ pageData }: { pageData: Configu - - {/* Download Raw Results */} - {configurationResult.download_links && configurationResult.download_links.length > 0 && ( - - - Download Raw Results -

Download the original OCSF or HTML result files used to generate this page

- - - - - - File Name - Format - Action - - - - {Object.entries(groupedDownloadLinks).map(([baseName, links], index) => ( - - {baseName} - -
- {links.map((link, linkIndex) => ( - - {link.type.toUpperCase()} - - ))} -
- - -
- {links.map((link, linkIndex) => ( - - Download {link.type.toUpperCase()} - - ))} -
- - - ))} - -
- - - )} - - {/* Test Summary */} + + {/* Download Raw Results */} + {configurationResult.download_links && configurationResult.download_links.length > 0 && ( + + + Download Raw Results +

Download the original OCSF or HTML result files used to generate this page

+ + + + + + File Name + Format + Action + + + + {Object.entries(groupedDownloadLinks).map(([baseName, links], index) => ( + + {baseName} + +
+ {links.map((link, linkIndex) => ( + + {link.type.toUpperCase()} + + ))} +
+ + +
+ {links.map((link, linkIndex) => ( + + Download {link.type.toUpperCase()} + + ))} +
+ + + ))} + +
+ + + )} + + {/* Test Summary */} Test Summary @@ -501,6 +494,7 @@ export default function CFIConfigurationResult({ pageData }: { pageData: Configu Failing Tested Requirements Missing Requirements + Unused Core Requirements @@ -541,7 +535,7 @@ export default function CFIConfigurationResult({ pageData }: { pageData: Configu {tested.id} - ) + ), ) ) : ( None tested @@ -560,13 +554,32 @@ export default function CFIConfigurationResult({ pageData }: { pageData: Configu {missing.id} - ) + ), ) ) : ( All covered )} + +
+ {summary.unusedRequirements.length > 0 ? ( + summary.unusedRequirements.map((unused, unusedIndex) => + unused.url === "#" ? ( + + {unused.id} + + ) : ( + + {unused.id} + + ), + ) + ) : ( + None + )} +
+ ))} diff --git a/website/src/data/ccc-releases/CCC.ObjStor_v2025.01-MP-release-details.yaml b/website/src/data/ccc-releases/CCC.ObjStor_v2025.01-MP-release-details.yaml deleted file mode 100644 index 9e73ddde..00000000 --- a/website/src/data/ccc-releases/CCC.ObjStor_v2025.01-MP-release-details.yaml +++ /dev/null @@ -1,41 +0,0 @@ -- version: 2025.01-MIGRATION-PREVIEW - assurance_level: None - threat_model_url: None - threat_model_author: None - red_team: None - red_team_exercise_url: None - release_manager: - name: Damien Burks - github_id: damienjburks - company: Citi - summary: | - This initial release is part of the first batch of control catalogs - produced by the CCC. It is the result of thousands of hours dedicated to - exploring different ways of working and collaborating, on top of time - spent researching, writing, and reviewing the content. This marks a huge - milestone for the CCC and the broader community as further releases will - continue to build on this foundation. A huge thanks to everyone who has - brought us to this point! - change_log: - - | - This initial release contains a variety of commits designed to capture - all of the features, threats, and controls for this service category. - contributors: - - name: Sonali Mendis - github_id: smendis-scottlogic - company: Scott Logic - - name: Eddie Knight - github_id: eddie-knight - company: Sonatype - - name: Michael Lysaght - github_id: mlysaght2017 - company: Citi - - name: Dave Ogle - github_id: dogle-scottlogic - company: Scott Logic - - name: Damien Burks - github_id: damienjburks - company: Citi - - name: Naseer Mohammad - github_id: nas-hub - company: Google diff --git a/website/src/data/ccc-releases/CCC.ObjStor_v2025.01-MP.yaml b/website/src/data/ccc-releases/CCC.ObjStor_v2025.01-MP.yaml deleted file mode 100644 index 3c061b35..00000000 --- a/website/src/data/ccc-releases/CCC.ObjStor_v2025.01-MP.yaml +++ /dev/null @@ -1,1695 +0,0 @@ -metadata: - id: CCC.ObjStor - title: Object Storage - description: | - Object storage is a data storage architecture that manages data as objects, - rather than as files or blocks. Each object contains the data itself, - metadata, and a unique identifier, making it ideal for storing large amounts - of unstructured data such as multimedia files, backups, and archives. It is - highly scalable and often used in cloud environments due to its flexibility - and accessibility. - version: 2025.01-MIGRATION-PREVIEW - last-modified: "2025-10-19T17:03:52-04:00" - applicability-categories: - - id: tlp_red - title: TLP:RED - description: Data is not for disclosure, restricted to explicitly authorized entities only. - - id: tlp_amber - title: TLP:AMBER - description: Data is for disclosure to members of explicitly authorized organizational structures. - - id: tlp_green - title: TLP:GREEN - description: Data may be freely distributed through specific channels that do not include unrestricted public access. - - id: tlp_clear - title: TLP:CLEAR - description: Data has no distribution restrictions. - mapping-references: - - id: CCC.Core - title: FINOS CCC Core Catalog - version: v2025.10 -control-families: - - id: "" - title: Data - description: "TODO: Describe this control family" - controls: - - id: CCC.ObjStor.CN01 - title: Prevent Requests to Buckets or Objects with Untrusted KMS Keys - objective: | - Prevent any requests to object storage buckets or objects using - untrusted KMS keys to protect against unauthorized data encryption - that can impact data availability and integrity. - assessment-requirements: - - id: CCC.ObjStor.CN01.AR01 - text: | - When a request is made to read a protected bucket, the service - MUST prevent any request using KMS keys not listed as trusted by - the organization. - applicability: - - tlp-amber - - tlp-red - - id: CCC.ObjStor.CN01.AR02 - text: | - When a request is made to read a protected object, the service - MUST prevent any request using KMS keys not listed as trusted by - the organization. - applicability: - - tlp-amber - - tlp-red - - id: CCC.ObjStor.CN01.AR03 - text: | - When a request is made to write to a bucket, the service MUST - prevent any request using KMS keys not listed as trusted by the - organization. - applicability: - - tlp-clear - - tlp-green - - tlp-amber - - tlp-red - - id: CCC.ObjStor.CN01.AR04 - text: | - When a request is made to write to an object, the service MUST - prevent any request using KMS keys not listed as trusted by the - organization. - applicability: - - tlp-clear - - tlp-green - - tlp-amber - - tlp-red - guideline-mappings: - - reference-id: NIST-CSF - entries: - - reference-id: PR.DS-1 - strength: 0 - - reference-id: CCM - entries: - - reference-id: DCS-04 - strength: 0 - - reference-id: DCS-06 - strength: 0 - - reference-id: ISO_27001 - entries: - - reference-id: 2013 A.10.1.1 - strength: 0 - - reference-id: NIST_800_53 - entries: - - reference-id: SC-28 - strength: 0 - threat-mappings: - - reference-id: CCC - entries: - - reference-id: CCC.Core.TH01 - strength: 0 - - reference-id: CCC.Core.TH06 - strength: 0 - - id: CCC.ObjStor.CN03 - title: Prevent Bucket Deletion Through Irrevocable Bucket Retention Policy - objective: | - Ensure that object storage bucket is not deleted after creation, - and that the preventative measure cannot be unset. - assessment-requirements: - - id: CCC.ObjStor.CN03.AR01 - text: | - When an object storage bucket deletion is attempted, the bucket MUST be - fully recoverable for a set time-frame after deletion is requested. - applicability: - - tlp-clear - - tlp-green - - tlp-amber - - tlp-red - - id: CCC.ObjStor.CN03.AR02 - text: | - When an attempt is made to modify the retention policy for an object - storage bucket, the service MUST prevent the policy from being modified. - applicability: - - tlp-clear - - tlp-green - - tlp-amber - - tlp-red - guideline-mappings: - - reference-id: NIST-CSF - entries: - - reference-id: PR.DS-1 - strength: 0 - - reference-id: CCM - entries: - - reference-id: DSP-16 - strength: 0 - - reference-id: ISO_27001 - entries: - - reference-id: 2022 A.8.1.4 - strength: 0 - - reference-id: NIST_800_53 - entries: - - reference-id: SC-28 - strength: 0 - - reference-id: CP-10 - strength: 0 - threat-mappings: - - reference-id: CCC - entries: - - reference-id: CCC.Core.TH06 - strength: 0 - - id: CCC.ObjStor.CN04 - title: Objects have an Effective Retention Policy by Default - objective: | - Ensure that all objects stored in the object storage system have a - retention policy applied by default, preventing premature deletion - or modification of objects and ensuring compliance with data retention - regulations. - assessment-requirements: - - id: CCC.ObjStor.CN04.AR01 - text: | - When an object is uploaded to the object storage system, the object - MUST automatically receive a default retention policy that prevents - premature deletion or modification. - applicability: - - tlp-clear - - tlp-green - - tlp-amber - - tlp-red - - id: CCC.ObjStor.CN04.AR02 - text: | - When an attempt is made to delete or modify an object that is subject - to an active retention policy, the service MUST prevent the action - from being completed. - applicability: - - tlp-clear - - tlp-green - - tlp-amber - - tlp-red - guideline-mappings: - - reference-id: NIST-CSF - entries: - - reference-id: PR.DS-1 - strength: 0 - - reference-id: CCM - entries: - - reference-id: DSP-16 - strength: 0 - - reference-id: ISO_27001 - entries: - - reference-id: 2022 A.8.1.4 - strength: 0 - - reference-id: NIST_800_53 - entries: - - reference-id: SC-28 - strength: 0 - - reference-id: CP-10 - strength: 0 - threat-mappings: - - reference-id: CCC - entries: - - reference-id: CCC.Core.TH06 - strength: 0 - - id: CCC.ObjStor.CN05 - title: Versioning is Enabled for All Objects in the Bucket - objective: | - Ensure that versioning is enabled for all objects stored in the object - storage bucket to enable recovery of previous versions of objects in - case of loss or corruption. - assessment-requirements: - - id: CCC.ObjStor.CN05.AR01 - text: | - When an object is uploaded to the object storage bucket, the object - MUST be stored with a unique identifier. - applicability: - - tlp-clear - - tlp-green - - tlp-amber - - tlp-red - - id: CCC.ObjStor.CN05.AR02 - text: | - When an object is modified, the service MUST assign a new unique - identifier to the modified object to differentiate it from the - previous version. - applicability: - - tlp-clear - - tlp-green - - tlp-amber - - tlp-red - - id: CCC.ObjStor.CN05.AR03 - text: | - When an object is modified, the service MUST allow for recovery - of previous versions of the object. - applicability: - - tlp-clear - - tlp-green - - tlp-amber - - tlp-red - - id: CCC.ObjStor.CN05.AR04 - text: | - When an object is deleted, the service MUST retain other versions of - the object to allow for recovery of previous versions. - applicability: - - tlp-clear - - tlp-green - - tlp-amber - - tlp-red - guideline-mappings: - - reference-id: NIST-CSF - entries: - - reference-id: PR.DS-1 - strength: 0 - - reference-id: ISO_27001 - entries: - - reference-id: 2022 A.8.1.4 - strength: 0 - - reference-id: NIST_800_53 - entries: - - reference-id: SC-28 - strength: 0 - - reference-id: CP-10 - strength: 0 - - reference-id: CCM - entries: - - reference-id: DSP-16 - strength: 0 - threat-mappings: - - reference-id: CCC - entries: - - reference-id: CCC.Core.TH06 - strength: 0 - - id: CCC.ObjStor.CN06 - title: Access Logs are Stored in a Separate Data Store - objective: | - Ensure that access logs for object storage buckets are stored in a - separate data store to protect against unauthorized access, tampering, - or deletion of logs (Logbuckets are exempt from this requirement, - but must be tlp-red). - assessment-requirements: - - id: CCC.ObjStor.CN06.AR01 - text: | - When an object storage bucket is accessed, the service MUST store - access logs in a separate data store. - applicability: - - tlp-amber - - tlp-red - guideline-mappings: - - reference-id: NIST-CSF - entries: - - reference-id: PR.DS-6 - strength: 0 - - reference-id: CCM - entries: - - reference-id: DSP-07 - strength: 0 - - reference-id: DSP-17 - strength: 0 - - reference-id: ISO_27001 - entries: - - reference-id: 2022 A.8.15.0 - strength: 0 - - reference-id: NIST_800_53 - entries: - - reference-id: AU-9 - strength: 0 - - reference-id: SC-28 - strength: 0 - threat-mappings: - - reference-id: CCC - entries: - - reference-id: CCC.Core.TH07 - strength: 0 - - reference-id: CCC.Core.TH09 - strength: 0 - - id: CCC.Core.CN01 - title: Encrypt Data for Transmission - objective: | - Ensure that all communications are encrypted in transit to protect - data integrity and confidentiality. - assessment-requirements: - - id: CCC.Core.CN01.AR01 - text: | - When a port is exposed for non-SSH network traffic, all traffic - MUST include a TLS handshake AND be encrypted using TLS 1.3 or - higher. - applicability: - - tlp-green - - tlp-amber - - tlp-red - recommendation: | - Most cloud services enable TLS 1.3 by default. Where it is not - already set, ensure that your services are configured or updated - accordingly. - - id: CCC.Core.CN01.AR02 - text: | - When a port is exposed for SSH network traffic, all traffic MUST - include a SSH handshake AND be encrypted using SSHv2 or higher. - applicability: - - tlp-clear - - tlp-green - - tlp-amber - - tlp-red - recommendation: | - Any time port 22 is exposed, ensure that it has a properly - implemented SSH server with SSHv2 enabled and configured with - strong ciphers. - - id: CCC.Core.CN01.AR03 - text: "When the service receives unencrypted traffic, \nthen it MUST either block the request or automatically\nredirect it to the secure equivalent.\n" - applicability: - - tlp-green - - tlp-amber - - tlp-red - recommendation: | - Review firewall, load balancer, and application configurations to - ensure insecure protocols such as HTTP, FTP, and Telnet are not - exposed. Where possible, implement automatic redirection to secure - protocols such as HTTPS, SFTP, SSH, and regularly scan for - protocol drift. - - id: CCC.Core.CN01.AR07 - text: | - When a port is exposed, the service MUST ensure that the protocol - and service officially assigned to that port number by the IANA - Service Name and Transport Protocol Port Number Registry, and no - other, is run on that port. - applicability: - - tlp-clear - - tlp-green - - tlp-amber - - tlp-red - recommendation: | - Reference the IANA Service Name and Transport Protocol Port Number - Registry for more information about correct protocol-to-port - assignments. Avoid running non-standard services on well-known - ports. - - id: CCC.Core.CN01.AR08 - text: | - When a service transmits data using TLS, mutual TLS (mTLS) MUST be - implemented to require both client and server certificate - authentication for all connections. - applicability: - - tlp-amber - - tlp-red - recommendation: | - Configure mTLS for all endpoints that process or transmit - sensitive data. Ensure both client and server certificates are - validated and managed securely. Regularly review certificate - authorities and automate certificate rotation where possible. - guideline-mappings: - - reference-id: CCM - entries: - - reference-id: CEK-03 - strength: 5 - remarks: Data Encryption (in transit and at rest) - - reference-id: CEK-04 - strength: 10 - remarks: Key Management (use strong encryption) - - reference-id: IVS-03 - strength: 2 - remarks: Network Security (monitor, encrypt, restrict) - - reference-id: IVS-07 - strength: 2 - remarks: Migration to Cloud Environments (encrypt when migrating servers) - threat-mappings: - - reference-id: CCC - entries: - - reference-id: CCC.Core.TH02 - strength: 0 - - id: CCC.Core.CN02 - title: Encrypt Data for Storage - objective: | - Ensure that all data stored is encrypted at rest using strong - encryption algorithms. - assessment-requirements: - - id: CCC.Core.CN02.AR01 - text: | - When data is stored, it MUST be encrypted using the latest - industry-standard encryption methods. - applicability: - - tlp-green - - tlp-amber - - tlp-red - guideline-mappings: - - reference-id: CCM - entries: - - reference-id: CEK-03 - strength: 5 - remarks: Data Encryption (in transit and at rest) - - reference-id: CEK-04 - strength: 10 - remarks: Key Management (use strong encryption) - - reference-id: UEM-08 - strength: 10 - remarks: Storage Encryption (on managed endpoint devices) - - reference-id: DSP-17 - strength: 0 - threat-mappings: - - reference-id: CCC - entries: - - reference-id: CCC.Core.TH01 - strength: 0 - - id: CCC.Core.CN06 - title: Restrict Deployments to Trust Perimeter - objective: | - Ensure that the service and its child resources are only deployed on - infrastructure in locations that are explicitly included within a - defined trust perimeter. - assessment-requirements: - - id: CCC.Core.CN06.AR01 - text: | - When the service is running, its region and availability zone MUST - be included in a list of explicitly trusted or approved locations - within the trust perimeter. - applicability: - - tlp-clear - - tlp-green - - tlp-amber - - tlp-red - recommendation: | - Maintain an up-to-date list of trusted and approved regions based - on organizational policies. Validate the service's deployment - location is included in this list. - - id: CCC.Core.CN06.AR02 - text: | - When a child resource is deployed, its region and availability - zone MUST be included in a list of explicitly trusted or approved - locations within the trust perimeter. - applicability: - - tlp-clear - - tlp-green - - tlp-amber - - tlp-red - recommendation: | - Maintain an up-to-date list of trusted and approved regions based - on organizational policies. Validate that child resources can only - be deployed to locations included in this list. - guideline-mappings: - - reference-id: CCM - entries: - - reference-id: DSP-19 - strength: 10 - remarks: Data Location (specify and document processing and backup locations) - threat-mappings: - - reference-id: CCC - entries: - - reference-id: CCC.Core.TH03 - strength: 0 - - id: CCC.Core.CN09 - title: Ensure Integrity of Access Logs - objective: | - Ensure that access logs are always recorded to an external location - that cannot be manipulated from the context of the service(s) it - contains logs for. - assessment-requirements: - - id: CCC.Core.CN09.AR01 - text: | - When the service is operational, its logs and any child resource - logs MUST NOT be accessible from the resource they record access - to. - applicability: - - tlp-clear - - tlp-green - - tlp-amber - - tlp-red - - id: CCC.Core.CN09.AR02 - text: | - When the service is operational, disabling the logs for the service - or its child resources MUST NOT be possible without also disabling - the corresponding resource. - applicability: - - tlp-clear - - tlp-green - - tlp-amber - - tlp-red - recommendation: | - No normal business operations should disable - logs, as this could indicate an attempt to cover up unauthorized - access. Ensure that logging mechanisms are tightly integrated with - service operations, so that logging cannot be disabled without - stopping the service itself. - - id: CCC.Core.CN09.AR03 - text: | - When the service is operational, any attempt to redirect logs for - the service or its child resources MUST NOT be possible without - halting operation of the corresponding resource and publishing - corresponding events to monitored channels. - applicability: - - tlp-amber - - tlp-red - recommendation: | - No normal business operations should result in the redirection of - logs, as this could indicate an attempt to cover up unauthorized - access. Ensure that logging configurations are immutable during - service operation so that any changes require stopping the service - and publishing corresponding events to monitored channels. - guideline-mappings: - - reference-id: CCM - entries: - - reference-id: LOG-02 - strength: 5 - remarks: Audit Logs Protection (security and retention) - - reference-id: LOG-04 - strength: 5 - remarks: Audit Logs Access and Accountability (Restrict audit logs access to authorized personnel) - - reference-id: LOG-09 - strength: 5 - remarks: Log Protection (protects audit records from unauthorized access) - threat-mappings: - - reference-id: CCC - entries: - - reference-id: CCC.Core.TH07 - strength: 0 - - reference-id: CCC.Core.TH09 - strength: 0 - - reference-id: CCC.Core.TH04 - strength: 0 - - id: CCC.Core.CN10 - title: Restrict Data Replication to Trust Perimeter - objective: | - Ensure that data is only replicated on infrastructure in locations - that are explicitly included within a defined trust perimeter. - assessment-requirements: - - id: CCC.Core.CN10.AR01 - text: | - When data is replicated, the service MUST ensure that replication - only occurs to destinations that are explicitly included within - the defined trust perimeter. - applicability: - - tlp-green - - tlp-amber - - tlp-red - guideline-mappings: - - reference-id: CCM - entries: - - reference-id: DSP-10 - strength: 8 - remarks: Sensitive Data Transfer (only processed within scope as permitted) - - reference-id: DSP-19 - strength: 10 - remarks: Data Location (specify and document the physical locations of data) - threat-mappings: - - reference-id: CCC - entries: - - reference-id: CCC.Core.TH04 - strength: 0 - - id: "" - title: Identity and Access Management - description: "TODO: Describe this control family" - controls: - - id: CCC.ObjStor.CN02 - title: Enforce Uniform Bucket-level Access to Prevent Inconsistent Permissions - objective: | - Ensure that uniform bucket-level access is enforced across all - object storage buckets. This prevents the use of ad-hoc or - inconsistent object-level permissions, ensuring centralized, - consistent, and secure access management in accordance with the - principle of least privilege. - assessment-requirements: - - id: CCC.ObjStor.CN02.AR01 - text: | - When a permission set is allowed for an object in a bucket, the - service MUST allow the same permission set to access all objects - in the same bucket. - applicability: - - tlp-clear - - tlp-green - - tlp-amber - - tlp-red - - id: CCC.ObjStor.CN02.AR02 - text: | - When a permission set is denied for an object in a bucket, the - service MUST deny the same permission set to access all objects - in the same bucket. - applicability: - - tlp-clear - - tlp-green - - tlp-amber - - tlp-red - guideline-mappings: - - reference-id: NIST-CSF - entries: - - reference-id: PR.AC-4 - strength: 0 - - reference-id: ISO_27001 - entries: - - reference-id: 2013 A.9.4.1 - strength: 0 - - reference-id: NIST_800_53 - entries: - - reference-id: AC-3 - strength: 0 - - reference-id: AC-6 - strength: 0 - - reference-id: CCM - entries: - - reference-id: DCS-09 - strength: 0 - threat-mappings: - - reference-id: CCC - entries: - - reference-id: CCC.Core.TH01 - strength: 0 - - id: CCC.Core.CN03 - title: Implement Multi-factor Authentication (MFA) for Access - objective: | - Ensure that all sensitive activities require two or more identity - factors during authentication to prevent unauthorized access. - assessment-requirements: - - id: CCC.Core.CN03.AR01 - text: | - When an entity attempts to modify the service through a user - interface, the authentication process MUST require multiple - identifying factors for authentication. - applicability: - - tlp-clear - - tlp-green - - tlp-amber - - tlp-red - - id: CCC.Core.CN03.AR02 - text: | - When an entity attempts to modify the service through an API - endpoint, the authentication process MUST require a credential - such as an API key or token AND originate from within the trust - perimeter. - applicability: - - tlp-clear - - tlp-green - - tlp-amber - - tlp-red - - id: CCC.Core.CN03.AR03 - text: | - When an entity attempts to view information on the service through - a user interface, the authentication process MUST require multiple - identifying factors from the user. - applicability: - - tlp-amber - - tlp-red - - id: CCC.Core.CN03.AR04 - text: | - When an entity attempts to view information on the service through - an API endpoint, the authentication process MUST require a - credential such as an API key or token AND originate from within - the trust perimeter. - applicability: - - tlp-amber - - tlp-red - guideline-mappings: - - reference-id: CCM - entries: - - reference-id: IAM-14 - strength: 3 - remarks: Strong Authentication (Define, implement and evaluate processes - including MFA) - threat-mappings: - - reference-id: CCC - entries: - - reference-id: CCC.Core.TH01 - strength: 0 - - id: CCC.Core.CN05 - title: Prevent Access from Untrusted Entities - objective: | - Ensure that secure access controls enforce the principle of least - privilege to restrict access to authorized entities from explicitly - trusted sources only. - assessment-requirements: - - id: CCC.Core.CN05.AR01 - text: | - When an attempt is made to modify data on the service or a child - resource, the service MUST block requests from unauthorized - entities. - applicability: - - tlp-clear - - tlp-green - - tlp-amber - - tlp-red - - id: CCC.Core.CN05.AR02 - text: | - When administrative access or configuration change is attempted on - the service or a child resource, the service MUST refuse requests - from unauthorized entities. - applicability: - - tlp-clear - - tlp-green - - tlp-amber - - tlp-red - - id: CCC.Core.CN05.AR03 - text: | - When administrative access or configuration change is attempted on - the service or a child resource in a multi-tenant environment, the - service MUST refuse requests across tenant boundaries unless the - origin is explicitly included in a pre-approved allowlist. - applicability: - - tlp-clear - - tlp-green - - tlp-amber - - tlp-red - - id: CCC.Core.CN05.AR04 - text: | - When data is requested from outside the trust perimeter, the - service MUST refuse requests from unauthorized entities. - applicability: - - tlp-amber - - tlp-red - - id: CCC.Core.CN05.AR05 - text: | - When any request is made from outside the trust perimeter, - the service MUST NOT provide any response that may indicate the - service exists. - applicability: - - tlp-red - - id: CCC.Core.CN05.AR06 - text: | - When any request is made to the service or a child resource, the - service MUST refuse requests from unauthorized entities. - applicability: - - tlp-green - - tlp-amber - - tlp-red - guideline-mappings: - - reference-id: CCM - entries: - - reference-id: DSP-01 - strength: 1 - remarks: Security and Privacy Policy and Proceduress - - reference-id: DSP-07 - strength: 1 - remarks: Data Protection by Design and Default - - reference-id: DSP-08 - strength: 1 - remarks: Data Privacy by Design and Default - - reference-id: DSP-10 - strength: 1 - remarks: Sensitive Data Transfer - - reference-id: DSP-17 - strength: 0 - remarks: Sensitive Data Protection - threat-mappings: - - reference-id: CCC - entries: - - reference-id: CCC.Core.TH01 - strength: 0 - - id: CCC.Core.LM - title: Logging & Monitoring - description: | - The Logging & Monitoring control family ensures that access, - changes, and security-relevant events are captured, monitored, - and alerted on in order to provide visibility, support - incident response, and meet compliance requirements. - controls: - - id: CCC.Core.CN04 - title: Log All Access and Changes - objective: | - Ensure that all access attempts are logged to maintain a detailed - audit trail for security and compliance purposes. - assessment-requirements: - - id: CCC.Core.CN04.AR01 - text: | - When administrative access or configuration change is attempted on - the service or a child resource, the service MUST log the client - identity, time, and result of the attempt. - applicability: - - tlp-clear - - tlp-green - - tlp-amber - - tlp-red - - id: CCC.Core.CN04.AR02 - text: | - When any attempt is made to modify data on the service or a child - resource, the service MUST log the client identity, time, and - result of the attempt. - applicability: - - tlp-amber - - tlp-red - - id: CCC.Core.CN04.AR03 - text: | - When any attempt is made to read data on the service or a child - resource, the service MUST log the client identity, time, and - result of the attempt. - applicability: - - tlp-red - guideline-mappings: - - reference-id: CCM - entries: - - reference-id: LOG-08 - strength: 5 - remarks: Log Records (Generate audit records containing relevant security information) - threat-mappings: - - reference-id: CCC - entries: - - reference-id: CCC.Core.TH01 - strength: 0 - - id: CCC.Core.CN07 - title: Alert on Unusual Enumeration Activity - objective: | - Ensure that logs and associated alerts are generated when - unusual enumeration activity is detected that may indicate - reconnaissance activities. - assessment-requirements: - - id: CCC.Core.CN07.AR01 - text: | - When enumeration activities are detected, the service MUST publish - an event to a monitored channel which includes the client - identity, time, and nature of the activity. - applicability: - - tlp-amber - - tlp-red - recommendation: | - Implement event publication mechanisms and alerts for patterns - indicative of enumeration activities, such as repeated access - attempts, requests, or liveness probes. Configure alerts to notify - security teams of any activities that merit further investigation. - - id: CCC.Core.CN07.AR02 - text: | - When enumeration activities are detected, the service MUST log the - client identity, time, and nature of the activity. - applicability: - - tlp-clear - - tlp-green - - tlp-amber - - tlp-red - recommendation: | - Implement logging mechanisms to capture details of enumeration - activities, including client identity, timestamps, and activity - nature. Retain logs according to organizational policies, and - occasionally review them for patterns that may indicate - reconnaissance activities. - guideline-mappings: - - reference-id: CCM - entries: - - reference-id: LOG-05 - strength: 3 - remarks: Audit Logs Monitoring and Response (take action on detected anomalies) - - reference-id: SEF-05 - strength: 3 - remarks: Incident Response Metrics (establish and monitor metrics) - threat-mappings: - - reference-id: CCC - entries: - - reference-id: CCC.Core.TH15 - strength: 0 -threats: - - id: CCC.ObjStor.TH01 - title: Data Exfiltration via Insecure Lifecycle Policies - description: | - Misconfigured lifecycle policies may unintentionally allow data to be - exfiltrated or destroyed prematurely, resulting in a loss of availability - and potential exposure of sensitive data. - capabilities: - - reference-id: CCC - entries: - - reference-id: CCC.ObjStor.CP08 - strength: 0 - - reference-id: CCC.Core.CP11 - strength: 0 - external-mappings: - - reference-id: MITRE-ATT&CK - entries: - - reference-id: T1020 - strength: 0 - - reference-id: T1537 - strength: 0 - - reference-id: T1567 - strength: 0 - - reference-id: T1048 - strength: 0 - - reference-id: T1485 - strength: 0 - - id: CCC.ObjStor.TH02 - title: Improper Enforcement of Object Modification Locks - description: | - Attackers may exploit vulnerabilities in object modification locks to - delete or alter objects despite the lock being in place, leading to data - loss or tampering. - capabilities: - - reference-id: CCC - entries: - - reference-id: CCC.ObjStor.CP09 - strength: 0 - external-mappings: - - reference-id: MITRE-ATT&CK - entries: - - reference-id: T1027 - strength: 0 - - reference-id: T1485 - strength: 0 - - reference-id: T1490 - strength: 0 - - reference-id: T1491 - strength: 0 - - reference-id: T1565 - strength: 0 - - id: CCC.Core.TH01 - title: Access is Granted to Unauthorized Users - description: | - Logic designed to give different permissions to different entities may - be misconfigured or manipulated, allowing unauthorized entities to access - restricted parts of the service, its data, or its child resources. - This could result in a loss of data confidentiality or tolerance of - unauthorized actions which impact the integrity and availability of - resources and data. - capabilities: - - reference-id: CCC - entries: - - reference-id: CCC.Core.CP06 - strength: 0 - remarks: Access Control - - reference-id: CCC.Core.CP29 - strength: 0 - remarks: Active Ingestion - external-mappings: - - reference-id: MITRE-ATT&CK - entries: - - reference-id: T1078 - strength: 0 - remarks: Valid Accounts - - reference-id: T1548 - strength: 0 - remarks: Abuse Elevation Control Mechanism - - reference-id: T1203 - strength: 0 - remarks: Exploitation for Credential Access - - reference-id: T1098 - strength: 0 - remarks: Account Manipulation - - reference-id: T1484 - strength: 0 - remarks: Domain or Tenant Policy Modification - - reference-id: T1546 - strength: 0 - remarks: Event Triggered Execution - - reference-id: T1537 - strength: 0 - remarks: Transfer Data to Cloud Account - - reference-id: T1567 - strength: 0 - remarks: Exfiltration Over Web Service - - reference-id: T1048 - strength: 0 - remarks: Exfiltration Over Alternative Protocol - - reference-id: T1485 - strength: 0 - remarks: Data Destruction - - reference-id: T1565 - strength: 0 - remarks: Data Manipulation - - reference-id: T1027 - strength: 0 - remarks: Obfuscated Files or Information - - id: CCC.Core.TH02 - title: Data is Intercepted in Transit - description: | - Data transmitted by the service is susceptible to collection by any entity - with access to any part of the transmission path. Packet observations can - be used to support the planning of attacks by profiling origin points, - destinations, and usage patterns. The data may also be vulnerable to - interception or modification in transit if not properly encrypted, - impacting the confidentiality or integrity of the transmitted data. - capabilities: - - reference-id: CCC - entries: [] - external-mappings: - - reference-id: MITRE-ATT&CK - entries: - - reference-id: T1557 - strength: 0 - remarks: Adversary-in-the-Middle - - reference-id: T1040 - strength: 0 - remarks: Network Sniffing - - id: CCC.Core.TH03 - title: Deployment Region Network is Untrusted - description: | - Systems are susceptible to unauthorized access or interception by actors - with social or physical control over the network in which they are - deployed. If the geopolitical status of the deployment network is - untrusted, unstable, or insecure, this could result in a loss of - confidentiality, integrity, or availability of the service and its data. - capabilities: - - reference-id: CCC - entries: - - reference-id: CCC.Core.CP08 - strength: 0 - remarks: Data Replication - - reference-id: CCC.Core.CP22 - strength: 0 - remarks: Location Lock-In - external-mappings: - - reference-id: MITRE-ATT&CK - entries: - - reference-id: T1040 - strength: 0 - remarks: Network Sniffing - - reference-id: T1110 - strength: 0 - remarks: Brute Force - - reference-id: T1105 - strength: 0 - remarks: Ingress Tool Transfer - - reference-id: T1583 - strength: 0 - remarks: Acquire Infrastructure - - reference-id: T1557 - strength: 0 - remarks: Adversary-in-the-Middle - - id: CCC.Core.TH04 - title: Data is Replicated to Untrusted or External Locations - description: | - Systems are susceptible to unauthorized access or interception by actors - with political or physical control over the network in which they are - deployed. Confidentiality may be impacted if the data is replicated to a - network where the geopolitical status is untrusted, unstable, or insecure. - capabilities: - - reference-id: CCC - entries: - - reference-id: CCC.Core.CP21 - strength: 0 - remarks: Replication - external-mappings: - - reference-id: MITRE-ATT&CK - entries: - - reference-id: T1565 - strength: 0 - remarks: Data Manipulation - - id: CCC.Core.TH05 - title: Interference with Replication Processes - description: | - Misconfigured or manipulated replication processes may lead to data being - copied to unintended locations, delayed, modified, or not being copied - at all. This could lead to compromised data confidentiality and integrity, - potentially also affecting recovery processes and data availability. - capabilities: - - reference-id: CCC - entries: - - reference-id: CCC.Core.CP08 - strength: 0 - remarks: Data Replication - - reference-id: CCC.Core.CP12 - strength: 0 - remarks: Recovery - - reference-id: CCC.Core.CP21 - strength: 0 - remarks: Replication - external-mappings: - - reference-id: MITRE-ATT&CK - entries: - - reference-id: T1485 - strength: 0 - remarks: Data Destruction - - reference-id: T1565 - strength: 0 - remarks: Data Manipulation - - reference-id: T1491 - strength: 0 - remarks: Defacement - - reference-id: T1490 - strength: 0 - remarks: Inhibit System Recovery - - id: CCC.Core.TH06 - title: Data is Lost or Corrupted - description: | - Services that rely on accurate data are susceptible to disruption in the - event of data loss or corruption. Any actions that lead to the unintended - deletion, alteration, or limited access to data can impact the - availability of the service and the system it is part of. - capabilities: - - reference-id: CCC - entries: - - reference-id: CCC.Core.CP11 - strength: 0 - remarks: Backup - - reference-id: CCC.Core.CP18 - strength: 0 - remarks: Versioning - external-mappings: - - reference-id: MITRE-ATT&CK - entries: - - reference-id: T1485 - strength: 0 - remarks: Data Destruction - - reference-id: T1565 - strength: 0 - remarks: Data Manipulation - - reference-id: T1491 - strength: 0 - remarks: Defacement - - reference-id: T1490 - strength: 0 - remarks: Inhibit System Recovery - - id: CCC.Core.TH07 - title: Logs are Tampered With or Deleted - description: | - Tampering or deletion of service logs will reduce the system's ability to - maintain an accurate record of events. Any actions that compromise the - integrity of logs could disrupt system availability by disrupting - monitoring, hindering forensic investigations, and reducing the accuracy - of audit trails. - capabilities: - - reference-id: CCC - entries: - - reference-id: CCC.Core.CP03 - strength: 0 - remarks: Access Log Publication - - reference-id: CCC.Core.CP10 - strength: 0 - remarks: Logging - external-mappings: - - reference-id: MITRE-ATT&CK - entries: - - reference-id: T1070 - strength: 0 - remarks: Indicator Removal - - reference-id: T1565 - strength: 0 - remarks: Data Manipulation (for altering log entries) - - reference-id: T1027 - strength: 0 - remarks: Obfuscated Files or Information - - id: CCC.Core.TH08 - title: Runtime Metrics are Manipulated - description: | - Manipulation of runtime metrics can lead to inaccurate representations of - system performance and resource utilization. This compromised data - integrity may also impact system availability through misinformed scaling - decisions, budget exhaustion, financial losses, and hindered incident - detection. - capabilities: - - reference-id: CCC - entries: - - reference-id: CCC.Core.CP15 - strength: 0 - remarks: Cost Management - external-mappings: - - reference-id: MITRE-ATT&CK - entries: - - reference-id: T1565 - strength: 0 - remarks: Data Manipulation - - reference-id: T1070 - strength: 0 - remarks: Indicator Removal - - id: CCC.Core.TH09 - title: Runtime Logs are Read by Unauthorized Entities - description: | - Unauthorized access to logs may expose valuable information about the - system's configuration, operations, and security mechanisms. This could - jeopardize system availability through the exposure of vulnerabilities - and support the planning of attacks on the service, system, or network. - If logs are not adequately sanitized, this may also directly impact the - confidentiality of sensitive data. - capabilities: - - reference-id: CCC - entries: - - reference-id: CCC.Core.CP03 - strength: 0 - remarks: Access Log Publication - - reference-id: CCC.Core.CP09 - strength: 0 - remarks: Metrics Publication - external-mappings: - - reference-id: MITRE-ATT&CK - entries: - - reference-id: T1003 - strength: 0 - remarks: OS Credential Dumping - - reference-id: T1007 - strength: 0 - remarks: System Service Discovery - - reference-id: T1018 - strength: 0 - remarks: Remote System Discovery - - reference-id: T1033 - strength: 0 - remarks: System Owner/User Discovery - - reference-id: T1046 - strength: 0 - remarks: Network Service Discovery - - reference-id: T1057 - strength: 0 - remarks: Process Discovery - - reference-id: T1069 - strength: 0 - remarks: Permission Groups Discovery - - reference-id: T1070 - strength: 0 - remarks: Indicator Removal - - reference-id: T1082 - strength: 0 - remarks: System Information Discovery - - reference-id: T1120 - strength: 0 - remarks: Peripheral Device Discovery - - reference-id: T1124 - strength: 0 - remarks: System Time Discovery - - reference-id: T1497 - strength: 0 - remarks: Virtualization/Sandbox Evasion - - reference-id: T1518 - strength: 0 - remarks: Software Discovery - - id: CCC.Core.TH10 - title: State-change Events are Read by Unauthorized Entities - description: | - Unauthorized access to state-change events can reveal information about - the system's design and usage patterns. This opens the system up to - attacks of opportunity and support the planning of attacks on the - service, system, or network. - capabilities: - - reference-id: CCC - entries: - - reference-id: CCC.Core.CP03 - strength: 0 - remarks: Access Log Publication - - reference-id: CCC.Core.CP07 - strength: 0 - remarks: Event Publication - - reference-id: CCC.Core.CP09 - strength: 0 - remarks: Metrics Publication - - reference-id: CCC.Core.CP17 - strength: 0 - remarks: Alerting - external-mappings: - - reference-id: MITRE-ATT&CK - entries: - - reference-id: T1057 - strength: 0 - remarks: Process Discovery - - reference-id: T1049 - strength: 0 - remarks: System Network Connections Discovery - - reference-id: T1083 - strength: 0 - remarks: File and Directory Discovery - - id: CCC.Core.TH11 - title: Publications are Incorrectly Triggered - description: | - Incorrectly triggered publications may disseminate inaccurate - or misleading information, creating a data integrity risk. Such - misinformation can cause unintended operations to be initiated, - conceal legitimate issues, and disrupt the availability or reliability - of systems and their data. - capabilities: - - reference-id: CCC - entries: - - reference-id: CCC.Core.CP07 - strength: 0 - remarks: Event Publication - - reference-id: CCC.Core.CP17 - strength: 0 - remarks: Alerting - external-mappings: - - reference-id: MITRE-ATT&CK - entries: - - reference-id: T1205 - strength: 0 - remarks: Traffic Signaling - - reference-id: T1001.001 - strength: 0 - remarks: "Data Obfuscation: Junk Data" - - id: CCC.Core.TH12 - title: Resource Constraints are Exhausted - description: | - Exceeding the resource constraints through excessive consumption, - resource-intensive operations, or lowering of rate-limit thresholds - can impact the availability of elements such as memory, CPU, or storage. - This may disrupt availability of the service or child resources by - denying the associated functionality to users. If the impacted system is - not designed to expect such a failure, the effect could also cascade to - other services and resources. - capabilities: - - reference-id: CCC - entries: - - reference-id: CCC.Core.CP04 - strength: 0 - remarks: Transaction Rate Limits - - reference-id: CCC.Core.CP16 - strength: 0 - remarks: Budgeting - - reference-id: CCC.Core.CP19 - strength: 0 - remarks: Auto-scaling - external-mappings: - - reference-id: MITRE-ATT&CK - entries: - - reference-id: T1496 - strength: 0 - remarks: Resource Hijacking - - reference-id: T1499 - strength: 0 - remarks: Endpoint Denial of Service - - reference-id: T1498 - strength: 0 - remarks: Network Denial of Service - - id: CCC.Core.TH13 - title: Resource Tags are Manipulated - description: | - When resource tags are altered, it can lead to misclassification or - mismanagement of resources. This can reduce the efficacy of organizational - policies, billing rules, or network access rules. Such changes could cause - compromised confidentiality, integrity, or availability of the system and - its data. - capabilities: - - reference-id: CCC - entries: - - reference-id: CCC.Core.CP20 - strength: 0 - remarks: Tagging - external-mappings: - - reference-id: MITRE-ATT&CK - entries: - - reference-id: T1565 - strength: 0 - remarks: Data Manipulation - - id: CCC.Core.TH14 - title: Older Resource Versions are Used - description: | - Running older versions of child resources can expose the system to known - vulnerabilities that have been addressed in more recent versions. If the - version identifier is detected by an attacker, it may be possible to - exploit these vulnerabilities to compromise the confidentiality, - integrity, or availability of the system and its data. - capabilities: - - reference-id: CCC - entries: - - reference-id: CCC.Core.CP18 - strength: 0 - remarks: Versioning - external-mappings: - - reference-id: MITRE-ATT&CK - entries: - - reference-id: T1027 - strength: 0 - remarks: Obfuscated Files or Information - - reference-id: T1485 - strength: 0 - remarks: Data Destruction - - reference-id: T1565 - strength: 0 - remarks: Data Manipulation - - reference-id: T1489 - strength: 0 - remarks: Service Stop - - reference-id: T1562.01 - strength: 0 - remarks: "Impair Defenses: Downgrade Attack" - - reference-id: T1027 - strength: 0 - remarks: Obfuscated Files or Information - - reference-id: T1485 - strength: 0 - remarks: Data Destruction - - reference-id: T1565 - strength: 0 - remarks: Data Manipulation - - reference-id: T1489 - strength: 0 - remarks: Service Stop - - id: CCC.Core.TH15 - title: Automated Enumeration and Reconnaissance by Non-human Entities - description: | - Automated processes may be used to gather details about service and - child resource elements such as APIs, file systems, or directories. - This information can reveal vulnerabilities, misconfigurations, - and the network topology, which can be used to plan an attack against - the system, the service, or its child resources. - capabilities: - - reference-id: CCC - entries: - - reference-id: CCC.Core.CP14 - strength: 0 - remarks: API Access - external-mappings: - - reference-id: MITRE-ATT&CK - entries: - - reference-id: T1580 - strength: 0 - remarks: Cloud Infrastructure Discovery -capabilities: - - id: CCC.ObjStor.CP01 - title: Storage Buckets - description: | - Provides uniquely identifiable segmentations in which data elements may - be stored. - - id: CCC.ObjStor.CP02 - title: Storage Objects - description: | - Supports storing, accessing, and managing data elements which contain - both data and metadata. - - id: CCC.ObjStor.CP03 - title: Bucket Capacity Limit - description: | - Provides the ability to set a maximum total capacity for objects within - a bucket. - - id: CCC.ObjStor.CP04 - title: Object Size Limit - description: | - Supports setting a maximum object size for storing objects. - - id: CCC.ObjStor.CP05 - title: Store New Objects - description: | - Supports for storing a new object in the bucket. - - id: CCC.ObjStor.CP06 - title: Replace Stored Objects - description: | - Supports for replacing an object in the bucket with a new object for the same key. - - id: CCC.ObjStor.CP07 - title: Delete Stored Objects - description: | - Supports for deleting objects from the bucket given the object key. - - id: CCC.ObjStor.CP08 - title: Lifecycle Policies - description: | - Supports defining policies to automate data management tasks. - - id: CCC.ObjStor.CP09 - title: Object Modification Locks - description: | - Allows locking of objects to disable modification and/or deletion of an - object for a defined period of time. - - id: CCC.ObjStor.CP10 - title: Object Level Access Control - description: | - Supports controlling access to specific objects within the object store. - - id: CCC.ObjStor.CP11 - title: Querying - description: | - Supports performing simple select queries to retrieve only a subset of - objects from the bucket. - - id: CCC.ObjStor.CP12 - title: Storage Classes - description: | - Provides different storage classes for frequently and infrequently - accessed objects. - - id: CCC.Core.CP01 - title: Encryption in Transit Enabled by Default - description: | - The service automatically encrypts all data using industry-standard - cryptographic protocols prior to transmission via a network interface. - - id: CCC.Core.CP02 - title: Encryption at Rest Enabled by Default - description: | - The service automatically encrypts all data using industry-standard - cryptographic protocols prior to being written to a storage medium. - - id: CCC.Core.CP03 - title: Access Log Publication - description: | - The service automatically publishes structured, verbose records of - activities performed within the scope of the service by external actors. - - id: CCC.Core.CP04 - title: Transaction Rate Limits - description: | - The service can throttle, delay, or reject excess requests when - transactions exceed a user-specified rate limit, and always - provides industry-standard throughput up to that limit. - - id: CCC.Core.CP05 - title: Signed URLs - description: | - The service can generate an ad hoc URL containing authentication - information to enforce user-configured permissions for accessing - a specific component or a child resource. - - id: CCC.Core.CP06 - title: Access Control - description: | - The service automatically enforces user configurations to - restrict or allow access to a specific component or - a child resource based on factors such as user identities, roles, - groups, or attributes. - - id: CCC.Core.CP07 - title: Event Publication - description: | - The service automatically publishes a structured state-change record - upon creation, deletion, or modification of data, configuration, - components, or child resources. - - id: CCC.Core.CP08 - title: Data Replication - description: | - The service automatically replicates data across multiple deployments - simultaneously with parity, or may be configured to do so. - - id: CCC.Core.CP09 - title: Metrics Publication - description: | - The service automatically publishes structured, numeric, time-series data points related to - the performance, availability, and health of the service or its child resources. - - id: CCC.Core.CP14 - title: API Access - description: | - The service exposes a port enabling external actors to interact - programmatically with the service and its resources using HTTP - protocol methods such as GET, POST, PUT, and DELETE. - - id: CCC.Core.CP15 - title: Cost Management - description: | - The service monitors data published by child or networked resources to infer - usage patterns and generate cost reports for the service. - - id: CCC.Core.CP16 - title: Budgeting - description: | - The service may be configured to take a user-specified action when a - spending threshold is met or exceeded on a child or networked resource. - - id: CCC.Core.CP18 - title: Resource Versioning - description: | - The service automatically assigns versions to child resources which can be used - to preserve, retrieve, and restore past iterations. - - id: CCC.Core.CP20 - title: Resource Tagging - description: | - The service provides users with the ability to tag a child resource with metadata - that can be reviewed or queried. - - id: CCC.Core.CP22 - title: Location Lock-In - description: | - The service may be configured to restrict the deployment of child resources - to specific geographic locations. - - id: CCC.Core.CP28 - title: Command-line Interface - description: | - The service includes a component that reads and translates - text into commands that can be executed by the service. - - id: CCC.Core.CP29 - title: Active Ingestion - description: | - While running, the service can receive inputs, commands, or data streams - from external sources such as dedicated APIs, exposed network - ports, message queues, and persistent data ingestion channels. -imported-controls: - - reference-id: CCC - entries: - - reference-id: CCC.Core.CN01 - strength: 0 - remarks: Prevent Unencrypted Requests - - reference-id: CCC.Core.CN02 - strength: 0 - remarks: Ensure Data Encryption at Rest for All Stored Data - - reference-id: CCC.Core.CN03 - strength: 0 - remarks: Implement Multi-factor Authentication (MFA) for Access - - reference-id: CCC.Core.CN04 - strength: 0 - remarks: Log All Access and Changes - - reference-id: CCC.Core.CN05 - strength: 0 - remarks: Prevent Access from Untrusted Entities - - reference-id: CCC.Core.CN06 - strength: 0 - remarks: Prevent Deployment in Restricted Regions - - reference-id: CCC.Core.CN07 - strength: 0 - remarks: Alert on Unusual Enumeration Activity - - reference-id: CCC.Core.CN09 - strength: 0 - remarks: Prevent Tampering, Deletion, or Unauthorized Access to Access Logs - - reference-id: CCC.Core.CN10 - strength: 0 - remarks: Prevent Data Replication to Destinations Outside of Defined Trust Perimeter -imported-threats: - - reference-id: CCC - entries: - - reference-id: CCC.Core.TH01 - strength: 0 - remarks: Access Control is Misconfigured - - reference-id: CCC.Core.TH02 - strength: 0 - remarks: Data is Intercepted in Transit - - reference-id: CCC.Core.TH03 - strength: 0 - remarks: Deployment Region Network is Untrusted - - reference-id: CCC.Core.TH04 - strength: 0 - remarks: Data is Replicated to Untrusted or External Locations - - reference-id: CCC.Core.TH05 - strength: 0 - remarks: Data is Corrupted During Replication - - reference-id: CCC.Core.TH06 - strength: 0 - remarks: Data is Lost or Corrupted - - reference-id: CCC.Core.TH07 - strength: 0 - remarks: Logs are Tampered With or Deleted - - reference-id: CCC.Core.TH08 - strength: 0 - remarks: Cost Management Data is Manipulated - - reference-id: CCC.Core.TH09 - strength: 0 - remarks: Logs or Monitoring Data are Read by Unauthorized Users - - reference-id: CCC.Core.TH10 - strength: 0 - remarks: Alerts are Intercepted - - reference-id: CCC.Core.TH11 - strength: 0 - remarks: Event Notifications are Incorrectly Triggered - - reference-id: CCC.Core.TH12 - strength: 0 - remarks: Resource Constraints are Exhausted - - reference-id: CCC.Core.TH13 - strength: 0 - remarks: Resource Tags are Manipulated - - reference-id: CCC.Core.TH14 - strength: 0 - remarks: Older Resource Versions are Exploited - - reference-id: CCC.Core.TH15 - strength: 0 - remarks: Automated Enumeration and Reconnaissance by Non-human Entities -imported-capabilities: - - reference-id: CCC - entries: - - reference-id: CCC.Core.CP01 - strength: 0 - remarks: Encryption in Transit Enabled by Default - - reference-id: CCC.Core.CP02 - strength: 0 - remarks: Encryption at Rest Enabled by Default - - reference-id: CCC.Core.CP03 - strength: 0 - remarks: Access Log Publication - - reference-id: CCC.Core.CP04 - strength: 0 - remarks: Transaction Rate Limits - - reference-id: CCC.Core.CP05 - strength: 0 - remarks: Signed URLs - - reference-id: CCC.Core.CP06 - strength: 0 - remarks: Access Control - - reference-id: CCC.Core.CP07 - strength: 0 - remarks: Event Publication - - reference-id: CCC.Core.CP08 - strength: 0 - remarks: Data Replication - - reference-id: CCC.Core.CP09 - strength: 0 - remarks: Metrics Publication - - reference-id: CCC.Core.CP14 - strength: 0 - remarks: API Access - - reference-id: CCC.Core.CP15 - strength: 0 - remarks: Cost Management - - reference-id: CCC.Core.CP16 - strength: 0 - remarks: Budgeting - - reference-id: CCC.Core.CP18 - strength: 0 - remarks: Resource Versioning - - reference-id: CCC.Core.CP20 - strength: 0 - remarks: Resource Tagging - - reference-id: CCC.Core.CP22 - strength: 0 - remarks: Location Lock-In - - reference-id: CCC.Core.CP28 - strength: 0 - remarks: Command-line Interface - - reference-id: CCC.Core.CP29 - strength: 0 - remarks: Active Ingestion diff --git a/website/src/data/test-results/finos-labs-ccc-cfi-compliance/aws-s3-bucket/config/aws-s3-bucket.json b/website/src/data/test-results/finos-labs-ccc-cfi-compliance/aws-s3-bucket/config/aws-s3-bucket.json deleted file mode 100644 index c77b3e18..00000000 --- a/website/src/data/test-results/finos-labs-ccc-cfi-compliance/aws-s3-bucket/config/aws-s3-bucket.json +++ /dev/null @@ -1,10 +0,0 @@ -{ - "id": "aws-s3-bucket", - "provider": "aws", - "service": "storage", - "name": "CCC AWS S3 Bucket Terraform Module", - "description": "This module creates secure AWS S3 buckets with encryption, versioning, lifecycle management, and advanced security features.", - "path": "remote/aws/s3bucket", - "test-frameworks" : ["cfi"], - "git": "https://github.com/terraform-aws-modules/terraform-aws-s3-bucket" -} \ No newline at end of file diff --git a/website/src/data/test-results/finos-labs-ccc-cfi-compliance/aws-s3-bucket/results/aws-s3-bucket-combined.ocsf.json b/website/src/data/test-results/finos-labs-ccc-cfi-compliance/aws-s3-bucket/results/aws-s3-bucket-combined.ocsf.json deleted file mode 100644 index 4e5922c7..00000000 --- a/website/src/data/test-results/finos-labs-ccc-cfi-compliance/aws-s3-bucket/results/aws-s3-bucket-combined.ocsf.json +++ /dev/null @@ -1,21314 +0,0 @@ -[ - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772107437, - "created_time_dt": "2026-02-26T12:03:57Z", - "desc": "Compliance test scenario: Service accepts TLS 1.3 encrypted traffic", - "title": "Service accepts TLS 1.3 encrypted traffic", - "types": [], - "uid": "ccc-test-92-1772107437" - }, - "message": "Service accepts TLS 1.3 encrypted traffic", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@CCC.Core", - "@object-storage", - "@vpc", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@CCC.Core.CN01", - "@tls", - "@Behavioural", - "@PerPort" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": "https service on cloudfront-logs-flowing-porpoise.s3.us-east-1.amazonaws.com:443", - "metadata": { - "findings": [], - "name": "cloudfront-logs-flowing-porpoise.s3.us-east-1.amazonaws.com", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "cloudfront-logs-flowing-porpoise.s3.us-east-1.amazonaws.com", - "region": "us-east-1", - "type": "object-storage", - "uid": "cloudfront-logs-flowing-porpoise" - } - ], - "severity": "Informational", - "severity_id": 1, - "status": "New", - "status_code": "PASS", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ an openssl s_client request using \"tls1_3\" to \"{portNumber}\" on \"{hostName}\" protocol \"{protocol}\"\nβœ“ I refer to \"{result}\" as \"connection\"\nβœ“ \"{connection}\" state is open\nβœ“ \"{connection.State}\" is \"open\"\nβœ“ I close connection \"{connection}\"\nβœ“ \"{connection}\" state is closed", - "status_id": 1, - "time": 1772107437, - "time_dt": "2026-02-26T12:03:57Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN01.AR01" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772107437, - "created_time_dt": "2026-02-26T12:03:57Z", - "desc": "Compliance test scenario: Service rejects TLS 1.2 traffic", - "title": "Service rejects TLS 1.2 traffic", - "types": [], - "uid": "ccc-test-98-1772107437" - }, - "message": "Service rejects TLS 1.2 traffic", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@CCC.Core", - "@object-storage", - "@vpc", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@CCC.Core.CN01", - "@tls", - "@Behavioural", - "@PerPort" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": "https service on cloudfront-logs-flowing-porpoise.s3.us-east-1.amazonaws.com:443", - "metadata": { - "findings": [], - "name": "cloudfront-logs-flowing-porpoise.s3.us-east-1.amazonaws.com", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "cloudfront-logs-flowing-porpoise.s3.us-east-1.amazonaws.com", - "region": "us-east-1", - "type": "object-storage", - "uid": "cloudfront-logs-flowing-porpoise" - } - ], - "severity": "Informational", - "severity_id": 1, - "status": "New", - "status_code": "PASS", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ an openssl s_client request using \"tls1_2\" to \"{portNumber}\" on \"{hostName}\" protocol \"{protocol}\"\nβœ“ I refer to \"{result}\" as \"connection\"\nβœ“ we wait for a period of \"40\" ms\nβœ“ \"{connection.State}\" is \"closed\"", - "status_id": 1, - "time": 1772107437, - "time_dt": "2026-02-26T12:03:57Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN01.AR01" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772107437, - "created_time_dt": "2026-02-26T12:03:57Z", - "desc": "Compliance test scenario: Service rejects TLS 1.1 traffic", - "title": "Service rejects TLS 1.1 traffic", - "types": [], - "uid": "ccc-test-104-1772107437" - }, - "message": "Service rejects TLS 1.1 traffic", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@CCC.Core", - "@object-storage", - "@vpc", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@CCC.Core.CN01", - "@tls", - "@Behavioural", - "@PerPort" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": "https service on cloudfront-logs-flowing-porpoise.s3.us-east-1.amazonaws.com:443", - "metadata": { - "findings": [], - "name": "cloudfront-logs-flowing-porpoise.s3.us-east-1.amazonaws.com", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "cloudfront-logs-flowing-porpoise.s3.us-east-1.amazonaws.com", - "region": "us-east-1", - "type": "object-storage", - "uid": "cloudfront-logs-flowing-porpoise" - } - ], - "severity": "Informational", - "severity_id": 1, - "status": "New", - "status_code": "PASS", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ an openssl s_client request using \"tls1_1\" to \"{portNumber}\" on \"{hostName}\" protocol \"{protocol}\"\nβœ“ I refer to \"{result}\" as \"connection\"\nβœ“ we wait for a period of \"40\" ms\nβœ“ \"{connection.State}\" is \"closed\"", - "status_id": 1, - "time": 1772107437, - "time_dt": "2026-02-26T12:03:57Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN01.AR01" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772107437, - "created_time_dt": "2026-02-26T12:03:57Z", - "desc": "Compliance test scenario: Service rejects TLS 1.0 traffic", - "title": "Service rejects TLS 1.0 traffic", - "types": [], - "uid": "ccc-test-110-1772107437" - }, - "message": "Service rejects TLS 1.0 traffic", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@CCC.Core", - "@object-storage", - "@vpc", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@CCC.Core.CN01", - "@tls", - "@Behavioural", - "@PerPort" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": "https service on cloudfront-logs-flowing-porpoise.s3.us-east-1.amazonaws.com:443", - "metadata": { - "findings": [], - "name": "cloudfront-logs-flowing-porpoise.s3.us-east-1.amazonaws.com", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "cloudfront-logs-flowing-porpoise.s3.us-east-1.amazonaws.com", - "region": "us-east-1", - "type": "object-storage", - "uid": "cloudfront-logs-flowing-porpoise" - } - ], - "severity": "Informational", - "severity_id": 1, - "status": "New", - "status_code": "PASS", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ an openssl s_client request using \"tls1\" to \"{portNumber}\" on \"{hostName}\" protocol \"{protocol}\"\nβœ“ I refer to \"{result}\" as \"connection\"\nβœ“ we wait for a period of \"40\" ms\nβœ“ \"{connection.State}\" is \"closed\"", - "status_id": 1, - "time": 1772107437, - "time_dt": "2026-02-26T12:03:57Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN01.AR01" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772107437, - "created_time_dt": "2026-02-26T12:03:57Z", - "desc": "Compliance test scenario: Verify SSL/TLS protocol support", - "title": "Verify SSL/TLS protocol support", - "types": [], - "uid": "ccc-test-115-1772107437" - }, - "message": "Verify SSL/TLS protocol support", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@CCC.Core", - "@object-storage", - "@vpc", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@CCC.Core.CN01", - "@tls", - "@Behavioural", - "@PerPort" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": "https service on cloudfront-logs-flowing-porpoise.s3.us-east-1.amazonaws.com:443", - "metadata": { - "findings": [], - "name": "cloudfront-logs-flowing-porpoise.s3.us-east-1.amazonaws.com", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "cloudfront-logs-flowing-porpoise.s3.us-east-1.amazonaws.com", - "region": "us-east-1", - "type": "object-storage", - "uid": "cloudfront-logs-flowing-porpoise" - } - ], - "severity": "Medium", - "severity_id": 3, - "status": "New", - "status_code": "FAIL", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ \"report\" contains details of SSL Support type \"protocols\" for \"{hostName}\" on port \"{portNumber}\"\nβœ— \"{report}\" is an array of objects which doesn't contain any of - Error: unwanted row found in array: map[finding:offered id:TLS1_2]\n⊘ \"{report}\" is an array of objects with at least the following contents (skipped)", - "status_id": 1, - "time": 1772107437, - "time_dt": "2026-02-26T12:03:57Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN01.AR01" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772107442, - "created_time_dt": "2026-02-26T12:04:02Z", - "desc": "Compliance test scenario: Verify no known SSL/TLS vulnerabilities", - "title": "Verify no known SSL/TLS vulnerabilities", - "types": [], - "uid": "ccc-test-119-1772107442" - }, - "message": "Verify no known SSL/TLS vulnerabilities", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@CCC.Core", - "@object-storage", - "@vpc", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@CCC.Core.CN01", - "@tls", - "@Behavioural", - "@PerPort" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": "https service on cloudfront-logs-flowing-porpoise.s3.us-east-1.amazonaws.com:443", - "metadata": { - "findings": [], - "name": "cloudfront-logs-flowing-porpoise.s3.us-east-1.amazonaws.com", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "cloudfront-logs-flowing-porpoise.s3.us-east-1.amazonaws.com", - "region": "us-east-1", - "type": "object-storage", - "uid": "cloudfront-logs-flowing-porpoise" - } - ], - "severity": "Informational", - "severity_id": 1, - "status": "New", - "status_code": "PASS", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ \"report\" contains details of SSL Support type \"vulnerable\" for \"{hostName}\" on port \"{portNumber}\"\nβœ“ \"{report}\" is an array of objects with at least the following contents", - "status_id": 1, - "time": 1772107442, - "time_dt": "2026-02-26T12:04:02Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN01.AR01" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772107469, - "created_time_dt": "2026-02-26T12:04:29Z", - "desc": "Compliance test scenario: Verify TLS 1.3 only certificate validity", - "title": "Verify TLS 1.3 only certificate validity", - "types": [], - "uid": "ccc-test-123-1772107469" - }, - "message": "Verify TLS 1.3 only certificate validity", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@CCC.Core", - "@object-storage", - "@vpc", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@CCC.Core.CN01", - "@tls", - "@Behavioural", - "@PerPort" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": "https service on cloudfront-logs-flowing-porpoise.s3.us-east-1.amazonaws.com:443", - "metadata": { - "findings": [], - "name": "cloudfront-logs-flowing-porpoise.s3.us-east-1.amazonaws.com", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "cloudfront-logs-flowing-porpoise.s3.us-east-1.amazonaws.com", - "region": "us-east-1", - "type": "object-storage", - "uid": "cloudfront-logs-flowing-porpoise" - } - ], - "severity": "Informational", - "severity_id": 1, - "status": "New", - "status_code": "PASS", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ \"report\" contains details of SSL Support type \"server-defaults\" for \"{hostName}\" on port \"{portNumber}\"\nβœ“ \"{report}\" is an array of objects with at least the following contents", - "status_id": 1, - "time": 1772107469, - "time_dt": "2026-02-26T12:04:29Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN01.AR01" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772106721, - "created_time_dt": "2026-02-26T11:52:01Z", - "desc": "Compliance test scenario: Storage account enforces minimum TLS version", - "title": "Storage account enforces minimum TLS version", - "types": [], - "uid": "ccc-test-127-1772106721" - }, - "message": "Storage account enforces minimum TLS version", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@CCC.Core", - "@object-storage", - "@vpc", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@CCC.Core.CN01", - "@tls", - "@Policy", - "@PerService", - "@object-storage" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "cloudfront-logs-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "cloudfront-logs-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "cloudfront-logs-flowing-porpoise" - } - ], - "severity": "Informational", - "severity_id": 1, - "status": "New", - "status_code": "PASS", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I attempt policy check \"object-storage-tls-policy\" for control \"CCC.Core.CN01\" assessment requirement \"AR01\" for service \"{ServiceType}\" on resource \"{ResourceName}\" and provider \"{Provider}\"\nβœ“ \"{result}\" is true", - "status_id": 1, - "time": 1772106721, - "time_dt": "2026-02-26T11:52:01Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN01.AR01" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772106721, - "created_time_dt": "2026-02-26T11:52:01Z", - "desc": "Compliance test scenario: Load balancer enforces minimum TLS version", - "title": "Load balancer enforces minimum TLS version", - "types": [], - "uid": "ccc-test-131-1772106721" - }, - "message": "Load balancer enforces minimum TLS version", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@CCC.Core", - "@object-storage", - "@vpc", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@CCC.Core.CN01", - "@tls", - "@Policy", - "@PerService", - "@CCC.LoadBalancer" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "cloudfront-logs-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "cloudfront-logs-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "cloudfront-logs-flowing-porpoise" - } - ], - "severity": "Medium", - "severity_id": 3, - "status": "New", - "status_code": "FAIL", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ— I attempt policy check \"load-balancer-tls-policy\" for control \"CCC.Core.CN01\" assessment requirement \"AR01\" for service \"{ServiceType}\" on resource \"{ResourceName}\" and provider \"{Provider}\" - Error: policy check failed: ALB TLS 1.3 Security Policy Check: query execution failed: exit status 254\nOutput: \nAn error occurred (ValidationError) when calling the DescribeListeners operation: 'cloudfront-logs-flowing-porpoise' is not a valid load balancer ARN\n\n⊘ \"{result}\" is true (skipped)", - "status_id": 1, - "time": 1772106721, - "time_dt": "2026-02-26T11:52:01Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN01.AR01" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772106724, - "created_time_dt": "2026-02-26T11:52:04Z", - "desc": "Compliance test scenario: Object storage encryption compliance", - "title": "Object storage encryption compliance", - "types": [], - "uid": "ccc-test-386-1772106724" - }, - "message": "Object storage encryption compliance", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@CCC.Core", - "@CCC.Core.CN02", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@Policy", - "@object-storage" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "cloudfront-logs-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "cloudfront-logs-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "cloudfront-logs-flowing-porpoise" - } - ], - "severity": "Medium", - "severity_id": 3, - "status": "New", - "status_code": "FAIL", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ— I attempt policy check \"object-storage-encryption\" for control \"CCC.Core.CN02\" assessment requirement \"AR01\" for service \"{ServiceType}\" on resource \"{ResourceName}\" and provider \"{Provider}\" - Error: policy check failed: S3 Bucket Server-Side Encryption Check: \n⊘ \"{result}\" is true (skipped)", - "status_id": 1, - "time": 1772106724, - "time_dt": "2026-02-26T11:52:04Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN02.AR01 - Data Encryption at Rest" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772106725, - "created_time_dt": "2026-02-26T11:52:05Z", - "desc": "Compliance test scenario: Verify objects are encrypted at rest", - "title": "Verify objects are encrypted at rest", - "types": [], - "uid": "ccc-test-397-1772106725" - }, - "message": "Verify objects are encrypted at rest", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@CCC.Core", - "@CCC.Core.CN02", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@Behavioural", - "@object-storage" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "cloudfront-logs-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "cloudfront-logs-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "cloudfront-logs-flowing-porpoise" - } - ], - "severity": "Informational", - "severity_id": 1, - "status": "New", - "status_code": "PASS", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{storage}\" with \"CreateObject\" using arguments \"{ResourceName}\", \"test-encryption-check.txt\", and \"encryption test data\"\nβœ“ \"{result}\" is not an error\nβœ“ I refer to \"{result}\" as \"uploadResult\"\nβœ“ \"{uploadResult.Encryption}\" is not null\nβœ“ \"{uploadResult.EncryptionAlgorithm}\" is \"AES256\"\nβœ“ I attach \"{uploadResult}\" to the test output as \"Upload Result with Encryption Details\"\nβœ“ I call \"{storage}\" with \"DeleteObject\" using arguments \"{ResourceName}\" and \"test-encryption-check.txt\"", - "status_id": 1, - "time": 1772106725, - "time_dt": "2026-02-26T11:52:05Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN02.AR01 - Data Encryption at Rest" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772106726, - "created_time_dt": "2026-02-26T11:52:06Z", - "desc": "Compliance test scenario: Object storage delete protection compliance", - "title": "Object storage delete protection compliance", - "types": [], - "uid": "ccc-test-418-1772106726" - }, - "message": "Object storage delete protection compliance", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@CCC.Core", - "@CCC.Core.CN03", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@Policy", - "@object-storage" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "cloudfront-logs-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "cloudfront-logs-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "cloudfront-logs-flowing-porpoise" - } - ], - "severity": "Medium", - "severity_id": 3, - "status": "New", - "status_code": "FAIL", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ— I attempt policy check \"object-storage-delete-protection\" for control \"CCC.Core.CN03\" assessment requirement \"AR01\" for service \"{ServiceType}\" on resource \"{ResourceName}\" and provider \"{Provider}\" - Error: policy check failed: S3 Bucket MFA Delete Configuration: \n⊘ \"{result}\" is true (skipped)", - "status_id": 1, - "time": 1772106726, - "time_dt": "2026-02-26T11:52:06Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN03.AR01 - Multi-Factor Authentication for Destructive Operations" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772106727, - "created_time_dt": "2026-02-26T11:52:07Z", - "desc": "Compliance test scenario: MFA requirement for destructive operations cannot be tested automatically", - "title": "MFA requirement for destructive operations cannot be tested automatically", - "types": [], - "uid": "ccc-test-421-1772106727" - }, - "message": "MFA requirement for destructive operations cannot be tested automatically", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@CCC.Core", - "@CCC.Core.CN03", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@Behavioural", - "@object-storage" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "cloudfront-logs-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "cloudfront-logs-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "cloudfront-logs-flowing-porpoise" - } - ], - "severity": "Informational", - "severity_id": 1, - "status": "New", - "status_code": "PASS", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ no-op required", - "status_id": 1, - "time": 1772106727, - "time_dt": "2026-02-26T11:52:07Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN03.AR01 - Multi-Factor Authentication for Destructive Operations" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772106727, - "created_time_dt": "2026-02-26T11:52:07Z", - "desc": "Compliance test scenario: API modification requires credential and trust perimeter origin", - "title": "API modification requires credential and trust perimeter origin", - "types": [], - "uid": "ccc-test-437-1772106727" - }, - "message": "API modification requires credential and trust perimeter origin", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@CCC.Core", - "@CCC.Core.CN03", - "@tlp-clear", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@Policy", - "@object-storage" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "cloudfront-logs-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "cloudfront-logs-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "cloudfront-logs-flowing-porpoise" - } - ], - "severity": "Informational", - "severity_id": 1, - "status": "New", - "status_code": "PASS", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ no-op required", - "status_id": 1, - "time": 1772106727, - "time_dt": "2026-02-26T11:52:07Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN03.AR02 - API Authentication with Credentials" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772106727, - "created_time_dt": "2026-02-26T11:52:07Z", - "desc": "Compliance test scenario: UI viewing requires multi-factor authentication", - "title": "UI viewing requires multi-factor authentication", - "types": [], - "uid": "ccc-test-451-1772106727" - }, - "message": "UI viewing requires multi-factor authentication", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@CCC.Core", - "@CCC.Core.CN03", - "@tlp-amber", - "@tlp-red", - "@Policy", - "@object-storage" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "cloudfront-logs-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "cloudfront-logs-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "cloudfront-logs-flowing-porpoise" - } - ], - "severity": "Informational", - "severity_id": 1, - "status": "New", - "status_code": "PASS", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ no-op required", - "status_id": 1, - "time": 1772106727, - "time_dt": "2026-02-26T11:52:07Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN03.AR03 - MFA for UI Viewing" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772106727, - "created_time_dt": "2026-02-26T11:52:07Z", - "desc": "Compliance test scenario: API viewing requires credential and trust perimeter origin", - "title": "API viewing requires credential and trust perimeter origin", - "types": [], - "uid": "ccc-test-465-1772106727" - }, - "message": "API viewing requires credential and trust perimeter origin", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@CCC.Core", - "@CCC.Core.CN03", - "@tlp-amber", - "@tlp-red", - "@Policy", - "@object-storage" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "cloudfront-logs-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "cloudfront-logs-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "cloudfront-logs-flowing-porpoise" - } - ], - "severity": "Informational", - "severity_id": 1, - "status": "New", - "status_code": "PASS", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ no-op required", - "status_id": 1, - "time": 1772106727, - "time_dt": "2026-02-26T11:52:07Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN03.AR04 - API Authentication for Viewing" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772106727, - "created_time_dt": "2026-02-26T11:52:07Z", - "desc": "Compliance test scenario: Admin logging compliance", - "title": "Admin logging compliance", - "types": [], - "uid": "ccc-test-500-1772106727" - }, - "message": "Admin logging compliance", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@CCC.Core", - "@CCC.Core.CN04", - "@tlp-clear", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@Policy", - "@object-storage", - "@vpc" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "cloudfront-logs-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "cloudfront-logs-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "cloudfront-logs-flowing-porpoise" - } - ], - "severity": "Medium", - "severity_id": 3, - "status": "New", - "status_code": "FAIL", - "status_detail": "βœ— I attempt policy check \"admin-logging\" for control \"CCC.Core.CN04\" assessment requirement \"AR01\" for service \"{ServiceType}\" on resource \"{ResourceName}\" and provider \"{Provider}\" - Error: policy check failed: CloudTrail Management Events Configuration: unknown parameter(s) in policy query: [AWSCloudTrailName] (available: [Labels ResourceName ReportFile Provider AwsCloudTrailLogGroupName PermittedRegions Protocol ProviderServiceType Instance PortNumber CatalogTypes TagFilter UID Region PermittedAccountIds HostName ServiceType ReportTitle Props])\n⊘ \"{result}\" is true (skipped)", - "status_id": 1, - "time": 1772106727, - "time_dt": "2026-02-26T11:52:07Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN04.AR01 - Log Administrative Access Attempts" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772106727, - "created_time_dt": "2026-02-26T11:52:07Z", - "desc": "Compliance test scenario: Verify admin actions are logged with identity and timestamp", - "title": "Verify admin actions are logged with identity and timestamp", - "types": [], - "uid": "ccc-test-515-1772106727" - }, - "message": "Verify admin actions are logged with identity and timestamp", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@CCC.Core", - "@CCC.Core.CN04", - "@tlp-clear", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@Behavioural", - "@object-storage" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "cloudfront-logs-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "cloudfront-logs-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "cloudfront-logs-flowing-porpoise" - } - ], - "severity": "Medium", - "severity_id": 3, - "status": "New", - "status_code": "FAIL", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"{ServiceType}\"\nβœ“ I refer to \"{result}\" as \"theService\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"logging\"\nβœ“ I refer to \"{result}\" as \"loggingService\"\nβœ“ I call \"{theService}\" with \"UpdateResourcePolicy\"\nβœ— \"{result}\" is not an error - Error: expected {result} to not be an error, but got: failed to get bucket policy (bucket may not have a policy): operation error S3: GetBucketPolicy, https response error StatusCode: 301, RequestID: T2EA2B39PGATCSX1, HostID: BWcUN1Ona7f00fSDRmTGxDfE56K8R9aUBMHqBytOWFEpvncmIXajAZ8TpW8LfRpPY+hJSkmTfO3w5DjCVw6UiUlmLrYCvQiG, api error PermanentRedirect: The bucket you are attempting to access must be addressed using the specified endpoint. Please send all future requests to this endpoint.\n⊘ I attach \"{result}\" to the test output as \"Policy Update Result\" (skipped)\n⊘ we wait for a period of \"10000\" ms (skipped)\n⊘ I call \"{loggingService}\" with \"QueryAdminLogs\" using arguments \"{ResourceName}\" and \"{20}\" (skipped)\n⊘ \"{result}\" is not an error (skipped)\n⊘ I refer to \"{result}\" as \"adminLogs\" (skipped)\n⊘ I attach \"{adminLogs}\" to the test output as \"Admin Activity Logs\" (skipped)\n⊘ \"{adminLogs}\" is an array of objects with at least the following contents (skipped)", - "status_id": 1, - "time": 1772106727, - "time_dt": "2026-02-26T11:52:07Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN04.AR01 - Log Administrative Access Attempts" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772106727, - "created_time_dt": "2026-02-26T11:52:07Z", - "desc": "Compliance test scenario: Object storage data modification logging compliance", - "title": "Object storage data modification logging compliance", - "types": [], - "uid": "ccc-test-554-1772106727" - }, - "message": "Object storage data modification logging compliance", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@CCC.Core", - "@CCC.Core.CN04", - "@tlp-amber", - "@tlp-red", - "@Policy", - "@object-storage" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "cloudfront-logs-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "cloudfront-logs-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "cloudfront-logs-flowing-porpoise" - } - ], - "severity": "Medium", - "severity_id": 3, - "status": "New", - "status_code": "FAIL", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ— I attempt policy check \"data-write-logging\" for control \"CCC.Core.CN04\" assessment requirement \"AR02\" for service \"{ServiceType}\" on resource \"{ResourceName}\" and provider \"{Provider}\" - Error: policy check failed: CloudTrail Data Events Write Configuration: unknown parameter(s) in policy query: [AWSCloudTrailName] (available: [ReportTitle Props PortNumber Protocol ProviderServiceType CatalogTypes TagFilter ResourceName Provider AwsCloudTrailLogGroupName ServiceType UID PermittedAccountIds Region Instance PermittedRegions api HostName Labels ReportFile])\n⊘ \"{result}\" is true (skipped)", - "status_id": 1, - "time": 1772106727, - "time_dt": "2026-02-26T11:52:07Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN04.AR02 - Log Data Modification Attempts" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772106727, - "created_time_dt": "2026-02-26T11:52:07Z", - "desc": "Compliance test scenario: Verify data modifications are logged with identity and timestamp", - "title": "Verify data modifications are logged with identity and timestamp", - "types": [], - "uid": "ccc-test-574-1772106727" - }, - "message": "Verify data modifications are logged with identity and timestamp", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@CCC.Core", - "@CCC.Core.CN04", - "@tlp-amber", - "@tlp-red", - "@Behavioural", - "@object-storage" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "cloudfront-logs-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "cloudfront-logs-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "cloudfront-logs-flowing-porpoise" - } - ], - "severity": "Medium", - "severity_id": 3, - "status": "New", - "status_code": "FAIL", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"logging\"\nβœ“ I refer to \"{result}\" as \"loggingService\"\nβœ“ I call \"{storage}\" with \"CreateObject\" using arguments \"{ResourceName}\", \"test-logging-object.txt\", and \"test data for logging verification\"\nβœ“ \"{result}\" is not an error\nβœ“ I refer to \"{result}\" as \"createResult\"\nβœ“ I attach \"{createResult}\" to the test output as \"Object Create Result\"\nβœ“ I call \"{storage}\" with \"DeleteObject\" using arguments \"{ResourceName}\" and \"test-logging-object.txt\"\nβœ“ \"{result}\" is not an error\nβœ“ I refer to \"{result}\" as \"deleteResult\"\nβœ“ I attach \"{deleteResult}\" to the test output as \"Object Delete Result\"\nβœ“ we wait for a period of \"10000\" ms\nβœ“ I call \"{loggingService}\" with \"QueryDataWriteLogs\" using arguments \"{ResourceName}\" and \"{20}\"\nβœ“ \"{result}\" is not an error\nβœ“ I refer to \"{result}\" as \"dataLogs\"\nβœ“ I attach \"{dataLogs}\" to the test output as \"Data Write Logs\"\nβœ— \"{dataLogs}\" is an array of objects with at least the following contents - Error: expected row not found: map[result:Succeeded]", - "status_id": 1, - "time": 1772106727, - "time_dt": "2026-02-26T11:52:07Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN04.AR02 - Log Data Modification Attempts" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772106738, - "created_time_dt": "2026-02-26T11:52:18Z", - "desc": "Compliance test scenario: Data read logging compliance", - "title": "Data read logging compliance", - "types": [], - "uid": "ccc-test-614-1772106738" - }, - "message": "Data read logging compliance", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@CCC.Core", - "@CCC.Core.CN04", - "@tlp-red", - "@Policy", - "@object-storage", - "@vpc" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "cloudfront-logs-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "cloudfront-logs-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "cloudfront-logs-flowing-porpoise" - } - ], - "severity": "Medium", - "severity_id": 3, - "status": "New", - "status_code": "FAIL", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ— I attempt policy check \"data-read-logging\" for control \"CCC.Core.CN04\" assessment requirement \"AR03\" for service \"{ServiceType}\" on resource \"{ResourceName}\" and provider \"{Provider}\" - Error: policy check failed: CloudTrail Data Events Read Configuration: unknown parameter(s) in policy query: [AWSCloudTrailName] (available: [UID AwsCloudTrailLogGroupName PermittedAccountIds Provider Protocol TagFilter Labels ReportTitle Instance Props Region PortNumber HostName ServiceType ProviderServiceType PermittedRegions api CatalogTypes ResourceName ReportFile])\n⊘ \"{result}\" is true (skipped)", - "status_id": 1, - "time": 1772106738, - "time_dt": "2026-02-26T11:52:18Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN04.AR03 - Log Data Read Attempts" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772106738, - "created_time_dt": "2026-02-26T11:52:18Z", - "desc": "Compliance test scenario: Verify data read operations are logged with identity and timestamp", - "title": "Verify data read operations are logged with identity and timestamp", - "types": [], - "uid": "ccc-test-635-1772106738" - }, - "message": "Verify data read operations are logged with identity and timestamp", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@CCC.Core", - "@CCC.Core.CN04", - "@tlp-red", - "@Behavioural", - "@object-storage" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "cloudfront-logs-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "cloudfront-logs-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "cloudfront-logs-flowing-porpoise" - } - ], - "severity": "Medium", - "severity_id": 3, - "status": "New", - "status_code": "FAIL", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"logging\"\nβœ“ I refer to \"{result}\" as \"loggingService\"\nβœ“ I call \"{storage}\" with \"CreateObject\" using arguments \"{ResourceName}\", \"test-read-logging-object.txt\", and \"test data for read logging verification\"\nβœ“ \"{result}\" is not an error\nβœ“ I refer to \"{result}\" as \"createResult\"\nβœ“ I call \"{storage}\" with \"ReadObject\" using arguments \"{ResourceName}\" and \"test-read-logging-object.txt\"\nβœ— \"{result}\" is not an error - Error: expected {result} to not be an error, but got: failed to read object test-read-logging-object.txt from bucket cloudfront-logs-flowing-porpoise: operation error S3: GetObject, https response error StatusCode: 301, RequestID: G2KT4PY9BGXAWCZZ, HostID: xpbWZarFwEBsghY1f1jELNZZwrFrhQDSn7HshDqpBQMyhF3vKK6PoW7Ug56t0S1aIVR/lzkTLswdwCmuqWyS74zdqQkVFfO3e+3Ti8knVrQ=, api error PermanentRedirect: The bucket you are attempting to access must be addressed using the specified endpoint. Please send all future requests to this endpoint.\n⊘ I refer to \"{result}\" as \"readResult\" (skipped)\n⊘ I attach \"{readResult}\" to the test output as \"Object Read Result\" (skipped)\n⊘ I call \"{storage}\" with \"DeleteObject\" using arguments \"{ResourceName}\" and \"test-read-logging-object.txt\" (skipped)\n⊘ \"{result}\" is not an error (skipped)\n⊘ we wait for a period of \"10000\" ms (skipped)\n⊘ I call \"{loggingService}\" with \"QueryDataReadLogs\" using arguments \"{ResourceName}\" and \"{20}\" (skipped)\n⊘ \"{result}\" is not an error (skipped)\n⊘ I refer to \"{result}\" as \"readLogs\" (skipped)\n⊘ I attach \"{readLogs}\" to the test output as \"Data Read Logs\" (skipped)\n⊘ \"{readLogs}\" is an array of objects with at least the following contents (skipped)", - "status_id": 1, - "time": 1772106738, - "time_dt": "2026-02-26T11:52:18Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN04.AR03 - Log Data Read Attempts" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772106738, - "created_time_dt": "2026-02-26T11:52:18Z", - "desc": "Compliance test scenario: Service prevents data modification by user with no access", - "title": "Service prevents data modification by user with no access", - "types": [], - "uid": "ccc-test-700-1772106738" - }, - "message": "Service prevents data modification by user with no access", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@CCC.Core", - "@CCC.Core.CN05", - "@tlp-clear", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@Destructive", - "@Behavioural", - "@object-storage" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "cloudfront-logs-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "cloudfront-logs-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "cloudfront-logs-flowing-porpoise" - } - ], - "severity": "Informational", - "severity_id": 1, - "status": "New", - "status_code": "PASS", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ I call \"{iamService}\" with \"ProvisionUserWithAccess\" using arguments \"test-user-no-write-access\", \"{UID}\", and \"none\"\nβœ“ I refer to \"{result}\" as \"testUserNoAccess\"\nβœ“ I attach \"{result}\" to the test output as \"no-access-user-identity.json\"\nβœ“ I call \"{api}\" with \"GetServiceAPIWithIdentity\" using arguments \"object-storage\", \"{testUserNoAccess}\", and \"{false}\"\nβœ“ \"{result}\" is not an error\nβœ“ I refer to \"{result}\" as \"userStorage\"\nβœ“ I call \"{userStorage}\" with \"CreateObject\" using arguments \"{ResourceName}\", \"test-cn05-unauthorized-modify.txt\", and \"unauthorized data\"\nβœ“ \"{result}\" is an error\nβœ“ I attach \"{result}\" to the test output as \"no-access-create-error.txt\"", - "status_id": 1, - "time": 1772106738, - "time_dt": "2026-02-26T11:52:18Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN05.AR01 - Block Unauthorized Data Modification" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772106738, - "created_time_dt": "2026-02-26T11:52:18Z", - "desc": "Compliance test scenario: Service allows data modification by user with write access", - "title": "Service allows data modification by user with write access", - "types": [], - "uid": "ccc-test-716-1772106738" - }, - "message": "Service allows data modification by user with write access", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@CCC.Core", - "@CCC.Core.CN05", - "@tlp-clear", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@Destructive", - "@Behavioural", - "@object-storage" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "cloudfront-logs-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "cloudfront-logs-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "cloudfront-logs-flowing-porpoise" - } - ], - "severity": "Medium", - "severity_id": 3, - "status": "New", - "status_code": "FAIL", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ I call \"{iamService}\" with \"ProvisionUserWithAccess\" using arguments \"test-user-write-access\", \"{UID}\", and \"write\"\nβœ“ I refer to \"{result}\" as \"testUserWrite\"\nβœ“ I attach \"{result}\" to the test output as \"write-user-identity.json\"\nβœ“ I call \"{api}\" with \"GetServiceAPIWithIdentity\" using arguments \"object-storage\", \"{testUserWrite}\", and \"{true}\"\nβœ— \"{result}\" is not an error - Error: expected {result} to not be an error, but got: user provisioning validation failed: user permissions validation timed out after 12 attempts: credentials not ready for S3 access: operation error S3: ListBuckets, https response error StatusCode: 403, RequestID: 403BPM8MZ069CX7H, HostID: c6z4LZ+W2aaepHBK+bDOfwvDH1wzC4kKXD9JQnaUIZfaW/maE+Bb8sr3njmVXOFqGGNKcbVqEjk=, api error AccessDenied: User: arn:aws:iam::211203495394:user/test-user-write-access is not authorized to perform: s3:ListAllMyBuckets because no identity-based policy allows the s3:ListAllMyBuckets action\n⊘ I refer to \"{result}\" as \"userStorage\" (skipped)\n⊘ I call \"{userStorage}\" with \"CreateObject\" using arguments \"{ResourceName}\", \"test-cn05-authorized-modify.txt\", and \"authorized data\" (skipped)\n⊘ \"{result}\" is not an error (skipped)\n⊘ I attach \"{result}\" to the test output as \"write-create-object-result.json\" (skipped)\n⊘ I call \"{storage}\" with \"DeleteObject\" using arguments \"{ResourceName}\" and \"test-cn05-authorized-modify.txt\" (skipped)", - "status_id": 1, - "time": 1772106738, - "time_dt": "2026-02-26T11:52:18Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN05.AR01 - Block Unauthorized Data Modification" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772106809, - "created_time_dt": "2026-02-26T11:53:29Z", - "desc": "Compliance test scenario: Storage is not configured for public write access", - "title": "Storage is not configured for public write access", - "types": [], - "uid": "ccc-test-724-1772106809" - }, - "message": "Storage is not configured for public write access", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@CCC.Core", - "@CCC.Core.CN05", - "@tlp-clear", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@Policy", - "@object-storage" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "cloudfront-logs-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "cloudfront-logs-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "cloudfront-logs-flowing-porpoise" - } - ], - "severity": "Medium", - "severity_id": 3, - "status": "New", - "status_code": "FAIL", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ— I attempt policy check \"object-storage-block-public-write-access\" for control \"CCC.Core.CN05\" assessment requirement \"AR01\" for service \"{ServiceType}\" on resource \"{ResourceName}\" and provider \"{Provider}\" - Error: policy check failed: S3 Block Public Access Configuration: \n⊘ \"{result}\" is true (skipped)", - "status_id": 1, - "time": 1772106809, - "time_dt": "2026-02-26T11:53:29Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN05.AR01 - Block Unauthorized Data Modification" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772106810, - "created_time_dt": "2026-02-26T11:53:30Z", - "desc": "Compliance test scenario: Service prevents administrative action (creating a new bucket) by user with no access", - "title": "Service prevents administrative action (creating a new bucket) by user with no access", - "types": [], - "uid": "ccc-test-803-1772106810" - }, - "message": "Service prevents administrative action (creating a new bucket) by user with no access", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@CCC.Core", - "@CCC.Core.CN05", - "@tlp-clear", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@Destructive", - "@Behavioural", - "@object-storage" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "cloudfront-logs-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "cloudfront-logs-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "cloudfront-logs-flowing-porpoise" - } - ], - "severity": "Informational", - "severity_id": 1, - "status": "New", - "status_code": "PASS", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ I call \"{iamService}\" with \"ProvisionUserWithAccess\" using arguments \"test-user-no-admin-access\", \"{UID}\", and \"none\"\nβœ“ I refer to \"{result}\" as \"testUserNoAccess\"\nβœ“ I attach \"{result}\" to the test output as \"no-admin-user-identity.json\"\nβœ“ I call \"{api}\" with \"GetServiceAPIWithIdentity\" using arguments \"object-storage\", \"{testUserNoAccess}\", and \"{false}\"\nβœ“ \"{result}\" is not an error\nβœ“ I refer to \"{result}\" as \"userStorage\"\nβœ“ I call \"{userStorage}\" with \"CreateBucket\" using argument \"test-cn05-unauthorized-admin-container\"\nβœ“ \"{result}\" is an error\nβœ“ I attach \"{result}\" to the test output as \"no-admin-create-bucket-error.txt\"", - "status_id": 1, - "time": 1772106810, - "time_dt": "2026-02-26T11:53:30Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN05.AR02 - Block Unauthorized Administrative Access" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772106810, - "created_time_dt": "2026-02-26T11:53:30Z", - "desc": "Compliance test scenario: Service prevents administrative action (creating a new bucket) by user with read-only access", - "title": "Service prevents administrative action (creating a new bucket) by user with read-only access", - "types": [], - "uid": "ccc-test-818-1772106810" - }, - "message": "Service prevents administrative action (creating a new bucket) by user with read-only access", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@CCC.Core", - "@CCC.Core.CN05", - "@tlp-clear", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@Destructive", - "@Behavioural", - "@object-storage" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "cloudfront-logs-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "cloudfront-logs-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "cloudfront-logs-flowing-porpoise" - } - ], - "severity": "Informational", - "severity_id": 1, - "status": "New", - "status_code": "PASS", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ I call \"{iamService}\" with \"ProvisionUserWithAccess\" using arguments \"test-user-read-only-admin\", \"{UID}\", and \"read\"\nβœ“ I refer to \"{result}\" as \"testUserRead\"\nβœ“ I attach \"{result}\" to the test output as \"read-only-admin-user-identity.json\"\nβœ“ I call \"{api}\" with \"GetServiceAPIWithIdentity\" using arguments \"object-storage\", \"{testUserRead}\", and \"{false}\"\nβœ“ \"{result}\" is not an error\nβœ“ I refer to \"{result}\" as \"userStorage\"\nβœ“ I call \"{userStorage}\" with \"CreateBucket\" using argument \"test-cn05-read-only-create-container\"\nβœ“ \"{result}\" is an error\nβœ“ I attach \"{result}\" to the test output as \"read-only-create-bucket-error.txt\"", - "status_id": 1, - "time": 1772106810, - "time_dt": "2026-02-26T11:53:30Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN05.AR02 - Block Unauthorized Administrative Access" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772106826, - "created_time_dt": "2026-02-26T11:53:46Z", - "desc": "Compliance test scenario: Service allows administrative action (creating a new bucket) by user with admin access", - "title": "Service allows administrative action (creating a new bucket) by user with admin access", - "types": [], - "uid": "ccc-test-834-1772106826" - }, - "message": "Service allows administrative action (creating a new bucket) by user with admin access", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@CCC.Core", - "@CCC.Core.CN05", - "@tlp-clear", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@Behavioural", - "@object-storage" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "cloudfront-logs-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "cloudfront-logs-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "cloudfront-logs-flowing-porpoise" - } - ], - "severity": "Informational", - "severity_id": 1, - "status": "New", - "status_code": "PASS", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ I call \"{iamService}\" with \"ProvisionUserWithAccess\" using arguments \"test-user-admin-access\", \"{UID}\", and \"admin\"\nβœ“ I refer to \"{result}\" as \"testUserAdmin\"\nβœ“ I attach \"{result}\" to the test output as \"admin-user-identity.json\"\nβœ“ I call \"{api}\" with \"GetServiceAPIWithIdentity\" using arguments \"object-storage\", \"{testUserAdmin}\", and \"{true}\"\nβœ“ \"{result}\" is not an error\nβœ“ I refer to \"{result}\" as \"userStorage\"\nβœ“ I call \"{userStorage}\" with \"CreateBucket\" using argument \"test-cn05-authorized-admin-container\"\nβœ“ \"{result}\" is not an error\nβœ“ I attach \"{result}\" to the test output as \"admin-create-bucket-result.json\"\nβœ“ I call \"{storage}\" with \"DeleteBucket\" using argument \"test-cn05-authorized-admin-container\"", - "status_id": 1, - "time": 1772106826, - "time_dt": "2026-02-26T11:53:46Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN05.AR02 - Block Unauthorized Administrative Access" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772106842, - "created_time_dt": "2026-02-26T11:54:02Z", - "desc": "Compliance test scenario: Unauthorized administrative access is blocked", - "title": "Unauthorized administrative access is blocked", - "types": [], - "uid": "ccc-test-841-1772106842" - }, - "message": "Unauthorized administrative access is blocked", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@CCC.Core", - "@CCC.Core.CN05", - "@tlp-clear", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@Policy", - "@object-storage" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "cloudfront-logs-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "cloudfront-logs-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "cloudfront-logs-flowing-porpoise" - } - ], - "severity": "Informational", - "severity_id": 1, - "status": "New", - "status_code": "PASS", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ no-op required", - "status_id": 1, - "time": 1772106842, - "time_dt": "2026-02-26T11:54:02Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN05.AR02 - Block Unauthorized Administrative Access" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772106842, - "created_time_dt": "2026-02-26T11:54:02Z", - "desc": "Compliance test scenario: Cross-tenant access is blocked without explicit allowlist", - "title": "Cross-tenant access is blocked without explicit allowlist", - "types": [], - "uid": "ccc-test-859-1772106842" - }, - "message": "Cross-tenant access is blocked without explicit allowlist", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@CCC.Core", - "@CCC.Core.CN05", - "@tlp-clear", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@Policy", - "@object-storage" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "cloudfront-logs-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "cloudfront-logs-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "cloudfront-logs-flowing-porpoise" - } - ], - "severity": "Informational", - "severity_id": 1, - "status": "New", - "status_code": "PASS", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I attempt policy check \"object-storage-cross-tenant-block\" for control \"CCC.Core.CN05\" assessment requirement \"AR03\" for service \"{ServiceType}\" on resource \"{ResourceName}\" and provider \"{Provider}\"\nβœ“ \"{result}\" is true", - "status_id": 1, - "time": 1772106842, - "time_dt": "2026-02-26T11:54:02Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN05.AR03 - Block Cross-Tenant Access" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772106843, - "created_time_dt": "2026-02-26T11:54:03Z", - "desc": "Compliance test scenario: External unauthorized data requests are blocked", - "title": "External unauthorized data requests are blocked", - "types": [], - "uid": "ccc-test-873-1772106843" - }, - "message": "External unauthorized data requests are blocked", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@CCC.Core", - "@CCC.Core.CN05", - "@tlp-amber", - "@tlp-red", - "@Policy", - "@object-storage" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "cloudfront-logs-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "cloudfront-logs-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "cloudfront-logs-flowing-porpoise" - } - ], - "severity": "Informational", - "severity_id": 1, - "status": "New", - "status_code": "PASS", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ no-op required", - "status_id": 1, - "time": 1772106843, - "time_dt": "2026-02-26T11:54:03Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN05.AR04 - Block Unauthorized External Data Requests" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772106843, - "created_time_dt": "2026-02-26T11:54:03Z", - "desc": "Compliance test scenario: External requests do not reveal service existence", - "title": "External requests do not reveal service existence", - "types": [], - "uid": "ccc-test-886-1772106843" - }, - "message": "External requests do not reveal service existence", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@CCC.Core", - "@CCC.Core.CN05", - "@tlp-red", - "@Policy", - "@object-storage" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "cloudfront-logs-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "cloudfront-logs-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "cloudfront-logs-flowing-porpoise" - } - ], - "severity": "Informational", - "severity_id": 1, - "status": "New", - "status_code": "PASS", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ no-op required", - "status_id": 1, - "time": 1772106843, - "time_dt": "2026-02-26T11:54:03Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN05.AR05 - Hide Service Existence from External Requests" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772106843, - "created_time_dt": "2026-02-26T11:54:03Z", - "desc": "Compliance test scenario: Service prevents data read by user with no access", - "title": "Service prevents data read by user with no access", - "types": [], - "uid": "ccc-test-914-1772106843" - }, - "message": "Service prevents data read by user with no access", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@CCC.Core", - "@CCC.Core.CN05", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@Destructive", - "@Behavioural", - "@object-storage" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "cloudfront-logs-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "cloudfront-logs-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "cloudfront-logs-flowing-porpoise" - } - ], - "severity": "Informational", - "severity_id": 1, - "status": "New", - "status_code": "PASS", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ no-op required", - "status_id": 1, - "time": 1772106843, - "time_dt": "2026-02-26T11:54:03Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN05.AR06 - Block All Unauthorized Requests" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772106844, - "created_time_dt": "2026-02-26T11:54:04Z", - "desc": "Compliance test scenario: All unauthorized requests are blocked", - "title": "All unauthorized requests are blocked", - "types": [], - "uid": "ccc-test-921-1772106844" - }, - "message": "All unauthorized requests are blocked", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@CCC.Core", - "@CCC.Core.CN05", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@Policy", - "@object-storage" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "cloudfront-logs-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "cloudfront-logs-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "cloudfront-logs-flowing-porpoise" - } - ], - "severity": "Informational", - "severity_id": 1, - "status": "New", - "status_code": "PASS", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ no-op required", - "status_id": 1, - "time": 1772106844, - "time_dt": "2026-02-26T11:54:04Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN05.AR06 - Block All Unauthorized Requests" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772106844, - "created_time_dt": "2026-02-26T11:54:04Z", - "desc": "Compliance test scenario: Object storage region compliance", - "title": "Object storage region compliance", - "types": [], - "uid": "ccc-test-944-1772106844" - }, - "message": "Object storage region compliance", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@CCC.Core", - "@CCC.Core.CN06", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@Policy", - "@object-storage" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "cloudfront-logs-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "cloudfront-logs-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "cloudfront-logs-flowing-porpoise" - } - ], - "severity": "Medium", - "severity_id": 3, - "status": "New", - "status_code": "FAIL", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ— I attempt policy check \"object-storage-region\" for control \"CCC.Core.CN06\" assessment requirement \"AR01\" for service \"{ServiceType}\" on resource \"{ResourceName}\" and provider \"{Provider}\" - Error: policy check failed: S3 Bucket Region Compliance: \n⊘ \"{result}\" is true (skipped)", - "status_id": 1, - "time": 1772106844, - "time_dt": "2026-02-26T11:54:04Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN06.AR01 - Resource Location Compliance" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772106844, - "created_time_dt": "2026-02-26T11:54:04Z", - "desc": "Compliance test scenario: Child resources are in approved regions", - "title": "Child resources are in approved regions", - "types": [], - "uid": "ccc-test-965-1772106844" - }, - "message": "Child resources are in approved regions", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@CCC.Core", - "@CCC.Core.CN06", - "@tlp-clear", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@Policy", - "@object-storage" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "cloudfront-logs-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "cloudfront-logs-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "cloudfront-logs-flowing-porpoise" - } - ], - "severity": "Informational", - "severity_id": 1, - "status": "New", - "status_code": "PASS", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ no-op required", - "status_id": 1, - "time": 1772106844, - "time_dt": "2026-02-26T11:54:04Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN06.AR02 - Child Resource Location Compliance" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772106844, - "created_time_dt": "2026-02-26T11:54:04Z", - "desc": "Compliance test scenario: Enumeration activities publish events to monitored channels", - "title": "Enumeration activities publish events to monitored channels", - "types": [], - "uid": "ccc-test-981-1772106844" - }, - "message": "Enumeration activities publish events to monitored channels", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@CCC.Core", - "@CCC.Core.CN07", - "@tlp-amber", - "@tlp-red", - "@Policy", - "@object-storage" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "cloudfront-logs-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "cloudfront-logs-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "cloudfront-logs-flowing-porpoise" - } - ], - "severity": "Informational", - "severity_id": 1, - "status": "New", - "status_code": "PASS", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I attempt policy check \"enumeration-monitoring-policy\" for control \"CCC.Core.CN07\" assessment requirement \"AR01\" for service \"{ServiceType}\" on resource \"{ResourceName}\" and provider \"{Provider}\"\nβœ“ \"{result}\" is true", - "status_id": 1, - "time": 1772106844, - "time_dt": "2026-02-26T11:54:04Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN07.AR01 - Publish Enumeration Activity Events" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772106844, - "created_time_dt": "2026-02-26T11:54:04Z", - "desc": "Compliance test scenario: Enumeration activities are logged", - "title": "Enumeration activities are logged", - "types": [], - "uid": "ccc-test-997-1772106844" - }, - "message": "Enumeration activities are logged", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@CCC.Core", - "@CCC.Core.CN07", - "@tlp-clear", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@Policy", - "@object-storage" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "cloudfront-logs-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "cloudfront-logs-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "cloudfront-logs-flowing-porpoise" - } - ], - "severity": "Informational", - "severity_id": 1, - "status": "New", - "status_code": "PASS", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ no-op required", - "status_id": 1, - "time": 1772106844, - "time_dt": "2026-02-26T11:54:04Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN07.AR02 - Log Enumeration Activities" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772106844, - "created_time_dt": "2026-02-26T11:54:04Z", - "desc": "Compliance test scenario: Object storage replication compliance", - "title": "Object storage replication compliance", - "types": [], - "uid": "ccc-test-1014-1772106844" - }, - "message": "Object storage replication compliance", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@CCC.Core", - "@CCC.Core.CN08", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@Policy", - "@object-storage" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "cloudfront-logs-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "cloudfront-logs-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "cloudfront-logs-flowing-porpoise" - } - ], - "severity": "Medium", - "severity_id": 3, - "status": "New", - "status_code": "FAIL", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ— I attempt policy check \"object-storage-replication\" for control \"CCC.Core.CN08\" assessment requirement \"AR01\" for service \"{ServiceType}\" on resource \"{ResourceName}\" and provider \"{Provider}\" - Error: policy check failed: S3 Cross-Region Replication Configuration: query execution failed: exit status 254\nOutput: \nAn error occurred (ReplicationConfigurationNotFoundError) when calling the GetBucketReplication operation: The replication configuration was not found\n\n⊘ \"{result}\" is true (skipped)", - "status_id": 1, - "time": 1772106844, - "time_dt": "2026-02-26T11:54:04Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN08.AR01 - Data Replication and Redundancy" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772106845, - "created_time_dt": "2026-02-26T11:54:05Z", - "desc": "Compliance test scenario: Object storage replication status is visible", - "title": "Object storage replication status is visible", - "types": [], - "uid": "ccc-test-1031-1772106845" - }, - "message": "Object storage replication status is visible", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@CCC.Core", - "@CCC.Core.CN08", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@Policy", - "@object-storage" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "cloudfront-logs-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "cloudfront-logs-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "cloudfront-logs-flowing-porpoise" - } - ], - "severity": "Medium", - "severity_id": 3, - "status": "New", - "status_code": "FAIL", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ— I attempt policy check \"object-storage-replication-status\" for control \"CCC.Core.CN08\" assessment requirement \"AR02\" for service \"{ServiceType}\" on resource \"{ResourceName}\" and provider \"{Provider}\" - Error: policy check failed: S3 Replication Status Visibility: query execution failed: exit status 254\nOutput: \nAn error occurred (ReplicationConfigurationNotFoundError) when calling the GetBucketReplication operation: The replication configuration was not found\n\n⊘ \"{result}\" is true (skipped)", - "status_id": 1, - "time": 1772106845, - "time_dt": "2026-02-26T11:54:05Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN08.AR02 - Replication Status Visibility" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772106846, - "created_time_dt": "2026-02-26T11:54:06Z", - "desc": "Compliance test scenario: Object storage access logging compliance", - "title": "Object storage access logging compliance", - "types": [], - "uid": "ccc-test-1048-1772106846" - }, - "message": "Object storage access logging compliance", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@CCC.Core", - "@CCC.Core.CN09", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@Policy", - "@object-storage" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "cloudfront-logs-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "cloudfront-logs-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "cloudfront-logs-flowing-porpoise" - } - ], - "severity": "Medium", - "severity_id": 3, - "status": "New", - "status_code": "FAIL", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ— I attempt policy check \"object-storage-access-logging\" for control \"CCC.Core.CN09\" assessment requirement \"AR01\" for service \"{ServiceType}\" on resource \"{ResourceName}\" and provider \"{Provider}\" - Error: policy check failed: S3 Server Access Logging Configuration: \n⊘ \"{result}\" is true (skipped)", - "status_id": 1, - "time": 1772106846, - "time_dt": "2026-02-26T11:54:06Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN09.AR01 - Access Logging Separation" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772106847, - "created_time_dt": "2026-02-26T11:54:07Z", - "desc": "Compliance test scenario: Disabling logs requires disabling the resource", - "title": "Disabling logs requires disabling the resource", - "types": [], - "uid": "ccc-test-1064-1772106847" - }, - "message": "Disabling logs requires disabling the resource", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@CCC.Core", - "@CCC.Core.CN09", - "@tlp-clear", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@Policy", - "@object-storage" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "cloudfront-logs-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "cloudfront-logs-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "cloudfront-logs-flowing-porpoise" - } - ], - "severity": "Informational", - "severity_id": 1, - "status": "New", - "status_code": "PASS", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ no-op required", - "status_id": 1, - "time": 1772106847, - "time_dt": "2026-02-26T11:54:07Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN09.AR02 - Logs Cannot Be Disabled" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772106847, - "created_time_dt": "2026-02-26T11:54:07Z", - "desc": "Compliance test scenario: Redirecting logs requires halting the resource", - "title": "Redirecting logs requires halting the resource", - "types": [], - "uid": "ccc-test-1078-1772106847" - }, - "message": "Redirecting logs requires halting the resource", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@CCC.Core", - "@CCC.Core.CN09", - "@tlp-amber", - "@tlp-red", - "@Policy", - "@object-storage" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "cloudfront-logs-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "cloudfront-logs-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "cloudfront-logs-flowing-porpoise" - } - ], - "severity": "Informational", - "severity_id": 1, - "status": "New", - "status_code": "PASS", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ no-op required", - "status_id": 1, - "time": 1772106847, - "time_dt": "2026-02-26T11:54:07Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN09.AR03 - Log Redirection Requires Service Halt" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772106847, - "created_time_dt": "2026-02-26T11:54:07Z", - "desc": "Compliance test scenario: Object storage replication destination compliance", - "title": "Object storage replication destination compliance", - "types": [], - "uid": "ccc-test-1095-1772106847" - }, - "message": "Object storage replication destination compliance", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@CCC.Core", - "@CCC.Core.CN10", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@Policy", - "@object-storage" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "cloudfront-logs-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "cloudfront-logs-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "cloudfront-logs-flowing-porpoise" - } - ], - "severity": "Medium", - "severity_id": 3, - "status": "New", - "status_code": "FAIL", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ— I attempt policy check \"object-storage-replication-destination\" for control \"CCC.Core.CN10\" assessment requirement \"AR01\" for service \"{ServiceType}\" on resource \"{ResourceName}\" and provider \"{Provider}\" - Error: policy check failed: S3 Replication Destination Region Validation: query execution failed: exit status 254\nOutput: \nAn error occurred (ReplicationConfigurationNotFoundError) when calling the GetBucketReplication operation: The replication configuration was not found\n\n⊘ \"{result}\" is true (skipped)", - "status_id": 1, - "time": 1772106847, - "time_dt": "2026-02-26T11:54:07Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN10.AR01 - Replication Destination Trust" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772106849, - "created_time_dt": "2026-02-26T11:54:09Z", - "desc": "Compliance test scenario: Service prevents reading bucket with no access", - "title": "Service prevents reading bucket with no access", - "types": [], - "uid": "ccc-test-1146-1772106849" - }, - "message": "Service prevents reading bucket with no access", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@object-storage", - "@CCC.ObjStor", - "@tlp-amber", - "@tlp-red", - "@CCC.ObjStor.CN01.AR01", - "@Destructive" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "cloudfront-logs-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "cloudfront-logs-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "cloudfront-logs-flowing-porpoise" - } - ], - "severity": "Informational", - "severity_id": 1, - "status": "New", - "status_code": "PASS", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ I call \"{iamService}\" with \"ProvisionUserWithAccess\" using arguments \"test-user-no-access\", \"{UID}\", and \"none\"\nβœ“ I refer to \"{result}\" as \"testUserNoAccess\"\nβœ“ I attach \"{result}\" to the test output as \"no-access-user-identity.json\"\nβœ“ I call \"{api}\" with \"GetServiceAPIWithIdentity\" using arguments \"object-storage\", \"{testUserNoAccess}\", and \"{false}\"\nβœ“ \"{result}\" is not an error\nβœ“ I refer to \"{result}\" as \"userStorage\"\nβœ“ I call \"{userStorage}\" with \"ListObjects\" using argument \"{ResourceName}\"\nβœ“ \"{result}\" is an error\nβœ“ I attach \"{result}\" to the test output as \"no-access-list-error.txt\"", - "status_id": 1, - "time": 1772106849, - "time_dt": "2026-02-26T11:54:09Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.ObjStor.CN01.AR01" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772106849, - "created_time_dt": "2026-02-26T11:54:09Z", - "desc": "Compliance test scenario: Service allows reading bucket with read access", - "title": "Service allows reading bucket with read access", - "types": [], - "uid": "ccc-test-1162-1772106849" - }, - "message": "Service allows reading bucket with read access", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@object-storage", - "@CCC.ObjStor", - "@tlp-amber", - "@tlp-red", - "@CCC.ObjStor.CN01.AR01" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "cloudfront-logs-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "cloudfront-logs-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "cloudfront-logs-flowing-porpoise" - } - ], - "severity": "Medium", - "severity_id": 3, - "status": "New", - "status_code": "FAIL", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ I call \"{iamService}\" with \"ProvisionUserWithAccess\" using arguments \"test-user-read\", \"{UID}\", and \"read\"\nβœ“ I refer to \"{result}\" as \"testUserRead\"\nβœ“ I attach \"{result}\" to the test output as \"read-user-identity.json\"\nβœ“ I call \"{api}\" with \"GetServiceAPIWithIdentity\" using arguments \"object-storage\", \"{testUserRead}\", and \"{true}\"\nβœ— \"{result}\" is not an error - Error: expected {result} to not be an error, but got: user provisioning validation failed: user permissions validation timed out after 12 attempts: credentials not ready for S3 access: operation error S3: ListBuckets, https response error StatusCode: 403, RequestID: C742EVAET6GBHM3T, HostID: 6UadsXF/DyU3s0H1MMcxg/T9UZVpSphyKZMuYHOGPNHsM/pJ4zcDKcFAdJFc2zxIkdVbk+HB5eQz9ISAAm1eoaL0WlRgy4sG, api error AccessDenied: User: arn:aws:iam::211203495394:user/test-user-read is not authorized to perform: s3:ListAllMyBuckets because no identity-based policy allows the s3:ListAllMyBuckets action\n⊘ I attach \"{result}\" to the test output as \"read-storage-service.json\" (skipped)\n⊘ I refer to \"{result}\" as \"userStorage\" (skipped)\n⊘ I call \"{userStorage}\" with \"ListObjects\" using argument \"{ResourceName}\" (skipped)\n⊘ \"{result}\" is not an error (skipped)\n⊘ I attach \"{result}\" to the test output as \"read-list-objects-result.json\" (skipped)", - "status_id": 1, - "time": 1772106849, - "time_dt": "2026-02-26T11:54:09Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.ObjStor.CN01.AR01" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772106919, - "created_time_dt": "2026-02-26T11:55:19Z", - "desc": "Compliance test scenario: Test policy", - "title": "Test policy", - "types": [], - "uid": "ccc-test-1163-1772106919" - }, - "message": "Test policy", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@object-storage", - "@CCC.ObjStor", - "@tlp-amber", - "@tlp-red", - "@CCC.ObjStor.CN01.AR01", - "@Policy" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "cloudfront-logs-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "cloudfront-logs-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "cloudfront-logs-flowing-porpoise" - } - ], - "severity": "Informational", - "severity_id": 1, - "status": "New", - "status_code": "PASS", - "status_detail": "", - "status_id": 1, - "time": 1772106919, - "time_dt": "2026-02-26T11:55:19Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.ObjStor.CN01.AR01" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772106919, - "created_time_dt": "2026-02-26T11:55:19Z", - "desc": "Compliance test scenario: Service prevents reading object with no access", - "title": "Service prevents reading object with no access", - "types": [], - "uid": "ccc-test-1216-1772106919" - }, - "message": "Service prevents reading object with no access", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@object-storage", - "@CCC.ObjStor", - "@tlp-amber", - "@tlp-red", - "@CCC.ObjStor.CN01.AR02" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "cloudfront-logs-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "cloudfront-logs-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "cloudfront-logs-flowing-porpoise" - } - ], - "severity": "Informational", - "severity_id": 1, - "status": "New", - "status_code": "PASS", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ I call \"{storage}\" with \"CreateObject\" using arguments \"{ResourceName}\", \"test-object.txt\", and \"test content\"\nβœ“ \"{result}\" is not an error\nβœ“ I call \"{iamService}\" with \"ProvisionUserWithAccess\" using arguments \"test-user-no-access\", \"{UID}\", and \"none\"\nβœ“ I refer to \"{result}\" as \"testUserNoAccess\"\nβœ“ I attach \"{result}\" to the test output as \"no-access-user-identity.json\"\nβœ“ I call \"{api}\" with \"GetServiceAPIWithIdentity\" using arguments \"object-storage\", \"{testUserNoAccess}\", and \"{false}\"\nβœ“ \"{result}\" is not an error\nβœ“ I refer to \"{result}\" as \"userStorage\"\nβœ“ I call \"{userStorage}\" with \"ReadObject\" using arguments \"{ResourceName}\" and \"test-object.txt\"\nβœ“ \"{result}\" is an error\nβœ“ I attach \"{result}\" to the test output as \"no-access-read-object-error.txt\"", - "status_id": 1, - "time": 1772106919, - "time_dt": "2026-02-26T11:55:19Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.ObjStor.CN01.AR02" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772106920, - "created_time_dt": "2026-02-26T11:55:20Z", - "desc": "Compliance test scenario: Service allows reading object with read access", - "title": "Service allows reading object with read access", - "types": [], - "uid": "ccc-test-1235-1772106920" - }, - "message": "Service allows reading object with read access", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@object-storage", - "@CCC.ObjStor", - "@tlp-amber", - "@tlp-red", - "@CCC.ObjStor.CN01.AR02" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "cloudfront-logs-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "cloudfront-logs-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "cloudfront-logs-flowing-porpoise" - } - ], - "severity": "Medium", - "severity_id": 3, - "status": "New", - "status_code": "FAIL", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ I call \"{storage}\" with \"CreateObject\" using arguments \"{ResourceName}\", \"test-object.txt\", and \"test content\"\nβœ“ \"{result}\" is not an error\nβœ“ I call \"{iamService}\" with \"ProvisionUserWithAccess\" using arguments \"test-user-read\", \"{UID}\", and \"read\"\nβœ“ I refer to \"{result}\" as \"testUserRead\"\nβœ“ I attach \"{result}\" to the test output as \"read-user-identity.json\"\nβœ“ I call \"{api}\" with \"GetServiceAPIWithIdentity\" using arguments \"object-storage\", \"{testUserRead}\", and \"{true}\"\nβœ— \"{result}\" is not an error - Error: expected {result} to not be an error, but got: user provisioning validation failed: user permissions validation timed out after 12 attempts: credentials not ready for S3 access: operation error S3: ListBuckets, https response error StatusCode: 403, RequestID: KDK5ZSM98BKXX4XD, HostID: Vmj2/TP2porUwS+w+whllpF6nNib5KZftd0Wq63bWmsq5PDBFVo1Gp1YSs6vNAo1IV6cdIEGzPA=, api error AccessDenied: User: arn:aws:iam::211203495394:user/test-user-read is not authorized to perform: s3:ListAllMyBuckets because no identity-based policy allows the s3:ListAllMyBuckets action\n⊘ I attach \"{result}\" to the test output as \"read-storage-service.json\" (skipped)\n⊘ I refer to \"{result}\" as \"userStorage\" (skipped)\n⊘ I call \"{userStorage}\" with \"ReadObject\" using arguments \"{ResourceName}\" and \"test-object.txt\" (skipped)\n⊘ \"{result}\" is not an error (skipped)\n⊘ I attach \"{result}\" to the test output as \"read-read-object-result.json\" (skipped)\n⊘ I call \"{storage}\" with \"DeleteObject\" using arguments \"{ResourceName}\" and \"test-object.txt\" (skipped)", - "status_id": 1, - "time": 1772106920, - "time_dt": "2026-02-26T11:55:20Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.ObjStor.CN01.AR02" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772106975, - "created_time_dt": "2026-02-26T11:56:15Z", - "desc": "Compliance test scenario: Service prevents creating bucket with no access", - "title": "Service prevents creating bucket with no access", - "types": [], - "uid": "ccc-test-1286-1772106975" - }, - "message": "Service prevents creating bucket with no access", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@object-storage", - "@CCC.ObjStor", - "@tlp-clear", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@CCC.ObjStor.CN01.AR03" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "cloudfront-logs-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "cloudfront-logs-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "cloudfront-logs-flowing-porpoise" - } - ], - "severity": "Informational", - "severity_id": 1, - "status": "New", - "status_code": "PASS", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ I call \"{iamService}\" with \"ProvisionUserWithAccess\" using arguments \"test-user-no-access\", \"{UID}\", and \"none\"\nβœ“ I refer to \"{result}\" as \"testUserNoAccess\"\nβœ“ I attach \"{result}\" to the test output as \"no-access-user-identity.json\"\nβœ“ I call \"{api}\" with \"GetServiceAPIWithIdentity\" using arguments \"object-storage\", \"{testUserNoAccess}\", and \"{false}\"\nβœ“ \"{result}\" is not an error\nβœ“ I refer to \"{result}\" as \"userStorage\"\nβœ“ I call \"{userStorage}\" with \"CreateBucket\" using argument \"test-bucket-no-access\"\nβœ“ \"{result}\" is an error\nβœ“ I attach \"{result}\" to the test output as \"no-access-create-bucket-error.txt\"", - "status_id": 1, - "time": 1772106975, - "time_dt": "2026-02-26T11:56:15Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.ObjStor.CN01.AR03" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772106975, - "created_time_dt": "2026-02-26T11:56:15Z", - "desc": "Compliance test scenario: Service allows creating bucket with write access", - "title": "Service allows creating bucket with write access", - "types": [], - "uid": "ccc-test-1303-1772106975" - }, - "message": "Service allows creating bucket with write access", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@object-storage", - "@CCC.ObjStor", - "@tlp-clear", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@CCC.ObjStor.CN01.AR03" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "cloudfront-logs-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "cloudfront-logs-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "cloudfront-logs-flowing-porpoise" - } - ], - "severity": "Medium", - "severity_id": 3, - "status": "New", - "status_code": "FAIL", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ I call \"{iamService}\" with \"ProvisionUserWithAccess\" using arguments \"test-user-write\", \"{UID}\", and \"write\"\nβœ“ I refer to \"{result}\" as \"testUserWrite\"\nβœ“ I attach \"{result}\" to the test output as \"write-user-identity.json\"\nβœ“ I call \"{api}\" with \"GetServiceAPIWithIdentity\" using arguments \"object-storage\", \"{testUserWrite}\", and \"{true}\"\nβœ— \"{result}\" is not an error - Error: expected {result} to not be an error, but got: user provisioning validation failed: user permissions validation timed out after 12 attempts: credentials not ready for S3 access: operation error S3: ListBuckets, https response error StatusCode: 403, RequestID: DCXG2XY1WHMMFEQT, HostID: jsge+wBOPbVXrPI45wQ5IafiWkZwarQYrVPVzX7O/voDE0hl2FZQJBH/qvXusQfiZ4/snt89ozE=, api error AccessDenied: User: arn:aws:iam::211203495394:user/test-user-write is not authorized to perform: s3:ListAllMyBuckets because no identity-based policy allows the s3:ListAllMyBuckets action\n⊘ I attach \"{result}\" to the test output as \"write-storage-service.json\" (skipped)\n⊘ I refer to \"{result}\" as \"userStorage\" (skipped)\n⊘ I call \"{userStorage}\" with \"CreateBucket\" using argument \"test-bucket-write\" (skipped)\n⊘ \"{result}\" is not an error (skipped)\n⊘ I attach \"{result}\" to the test output as \"write-create-bucket-result.json\" (skipped)\n⊘ I call \"{storage}\" with \"DeleteBucket\" using argument \"{result.ID}\" (skipped)", - "status_id": 1, - "time": 1772106975, - "time_dt": "2026-02-26T11:56:15Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.ObjStor.CN01.AR03" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772107046, - "created_time_dt": "2026-02-26T11:57:26Z", - "desc": "Compliance test scenario: Service prevents writing object with read-only access", - "title": "Service prevents writing object with read-only access", - "types": [], - "uid": "ccc-test-1358-1772107046" - }, - "message": "Service prevents writing object with read-only access", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@object-storage", - "@CCC.ObjStor", - "@tlp-clear", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@CCC.ObjStor.CN01.AR04" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "cloudfront-logs-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "cloudfront-logs-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "cloudfront-logs-flowing-porpoise" - } - ], - "severity": "Medium", - "severity_id": 3, - "status": "New", - "status_code": "FAIL", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ \"{result}\" is not an error\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ \"{result}\" is not an error\nβœ“ I call \"{iamService}\" with \"ProvisionUserWithAccess\" using arguments \"test-user-read\", \"{UID}\", and \"read\"\nβœ“ I refer to \"{result}\" as \"testUserRead\"\nβœ“ I attach \"{result}\" to the test output as \"read-user-identity.json\"\nβœ“ I call \"{api}\" with \"GetServiceAPIWithIdentity\" using arguments \"object-storage\", \"{testUserRead}\", and \"{true}\"\nβœ— \"{result}\" is not an error - Error: expected {result} to not be an error, but got: user provisioning validation failed: user permissions validation timed out after 12 attempts: credentials not ready for S3 access: operation error S3: ListBuckets, https response error StatusCode: 403, RequestID: N1HXY4ZS9H6V4Q34, HostID: q0tAiYb2T2b6bKx9/9Yqjwdh8HsVta1hVXbYu2vVn3+1Iz+NasXDairIQUGDZ7XcjJVesia/29w=, api error AccessDenied: User: arn:aws:iam::211203495394:user/test-user-read is not authorized to perform: s3:ListAllMyBuckets because no identity-based policy allows the s3:ListAllMyBuckets action\n⊘ I refer to \"{result}\" as \"userStorage\" (skipped)\n⊘ I call \"{userStorage}\" with \"CreateObject\" using arguments \"{ResourceName}\", \"test-write-object.txt\", and \"test content\" (skipped)\n⊘ \"{result}\" is an error (skipped)\n⊘ I attach \"{result}\" to the test output as \"read-create-object-error.txt\" (skipped)", - "status_id": 1, - "time": 1772107046, - "time_dt": "2026-02-26T11:57:26Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.ObjStor.CN01.AR04" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772107101, - "created_time_dt": "2026-02-26T11:58:21Z", - "desc": "Compliance test scenario: Service allows writing object with write access", - "title": "Service allows writing object with write access", - "types": [], - "uid": "ccc-test-1377-1772107101" - }, - "message": "Service allows writing object with write access", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@object-storage", - "@CCC.ObjStor", - "@tlp-clear", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@CCC.ObjStor.CN01.AR04" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "cloudfront-logs-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "cloudfront-logs-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "cloudfront-logs-flowing-porpoise" - } - ], - "severity": "Medium", - "severity_id": 3, - "status": "New", - "status_code": "FAIL", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ \"{result}\" is not an error\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ \"{result}\" is not an error\nβœ“ I call \"{iamService}\" with \"ProvisionUserWithAccess\" using arguments \"test-user-write\", \"{UID}\", and \"write\"\nβœ“ I refer to \"{result}\" as \"testUserWrite\"\nβœ“ I attach \"{result}\" to the test output as \"write-user-identity.json\"\nβœ“ I call \"{api}\" with \"GetServiceAPIWithIdentity\" using arguments \"object-storage\", \"{testUserWrite}\", and \"{true}\"\nβœ— \"{result}\" is not an error - Error: expected {result} to not be an error, but got: user provisioning validation failed: user permissions validation timed out after 12 attempts: credentials not ready for S3 access: operation error S3: ListBuckets, https response error StatusCode: 403, RequestID: VCPQ5TJAG23B2ZPD, HostID: prJUWsxipvTaglmte3o8uJzZTSCnESkm0LJGFKeIKmUotrezVAzoyCqTJUTkqxof4ODRFKUKy7hepz2wU/lpdxn5utjcZLSKFEeVq/LTPls=, api error AccessDenied: User: arn:aws:iam::211203495394:user/test-user-write is not authorized to perform: s3:ListAllMyBuckets because no identity-based policy allows the s3:ListAllMyBuckets action\n⊘ I attach \"{result}\" to the test output as \"write-storage-service.json\" (skipped)\n⊘ I refer to \"{result}\" as \"userStorage\" (skipped)\n⊘ I call \"{userStorage}\" with \"CreateObject\" using arguments \"{ResourceName}\", \"test-write-object.txt\", and \"test content\" (skipped)\n⊘ \"{result}\" is not an error (skipped)\n⊘ I attach \"{result}\" to the test output as \"write-create-object-result.json\" (skipped)\n⊘ I call \"{storage}\" with \"DeleteObject\" using arguments \"{ResourceName}\" and \"test-write-object.txt\" (skipped)", - "status_id": 1, - "time": 1772107101, - "time_dt": "2026-02-26T11:58:21Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.ObjStor.CN01.AR04" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772107156, - "created_time_dt": "2026-02-26T11:59:16Z", - "desc": "Compliance test scenario: Service enforces uniform bucket-level access by rejecting object-level permissions", - "title": "Service enforces uniform bucket-level access by rejecting object-level permissions", - "types": [], - "uid": "ccc-test-1426-1772107156" - }, - "message": "Service enforces uniform bucket-level access by rejecting object-level permissions", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@object-storage", - "@CCC.ObjStor", - "@tlp-amber", - "@tlp-red", - "@CCC.ObjStor.CN02.AR01" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "cloudfront-logs-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "cloudfront-logs-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "cloudfront-logs-flowing-porpoise" - } - ], - "severity": "Medium", - "severity_id": 3, - "status": "New", - "status_code": "FAIL", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ I call \"{storage}\" with \"CreateObject\" using arguments \"{ResourceName}\", \"test-object.txt\", and \"test data\"\nβœ“ \"{result}\" is not an error\nβœ“ I call \"{iamService}\" with \"ProvisionUserWithAccess\" using arguments \"test-user-read\", \"{UID}\", and \"read\"\nβœ“ I refer to \"{result}\" as \"testUserRead\"\nβœ“ I attach \"{result}\" to the test output as \"read-user-identity.json\"\nβœ“ I call \"{api}\" with \"GetServiceAPIWithIdentity\" using arguments \"object-storage\", \"{testUserRead}\", and \"{true}\"\nβœ— \"{result}\" is not an error - Error: expected {result} to not be an error, but got: user provisioning validation failed: user permissions validation timed out after 12 attempts: credentials not ready for S3 access: operation error S3: ListBuckets, https response error StatusCode: 403, RequestID: B5D08GEYZE1CF7BE, HostID: BqkYqBYDDggh96etw0qlhoDuiqYe76ZkpnkQSWhQBdCERrdrCRStahN8k/NpCwwQF00zJapu68k=, api error AccessDenied: User: arn:aws:iam::211203495394:user/test-user-read is not authorized to perform: s3:ListAllMyBuckets because no identity-based policy allows the s3:ListAllMyBuckets action\n⊘ I refer to \"{result}\" as \"userStorage\" (skipped)\n⊘ I call \"{userStorage}\" with \"ReadObject\" using arguments \"{ResourceName}\" and \"test-object.txt\" (skipped)\n⊘ \"{result}\" is not an error (skipped)\n⊘ I call \"{storage}\" with \"SetObjectPermission\" using arguments \"{ResourceName}\", \"test-object.txt\", and \"none\" (skipped)\n⊘ \"{result}\" is an error (skipped)\n⊘ I attach \"{result}\" to the test output as \"set-object-permission-error.txt\" (skipped)\n⊘ I call \"{userStorage}\" with \"ReadObject\" using arguments \"{ResourceName}\" and \"test-object.txt\" (skipped)\n⊘ \"{result}\" is not an error (skipped)", - "status_id": 1, - "time": 1772107156, - "time_dt": "2026-02-26T11:59:16Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.ObjStor.CN02.AR01 - Uniform Bucket-Level Access (Consistent Allow)" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772107212, - "created_time_dt": "2026-02-26T12:00:12Z", - "desc": "Compliance test scenario: Service enforces uniform bucket-level access denial", - "title": "Service enforces uniform bucket-level access denial", - "types": [], - "uid": "ccc-test-1475-1772107212" - }, - "message": "Service enforces uniform bucket-level access denial", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@object-storage", - "@CCC.ObjStor", - "@tlp-amber", - "@tlp-red", - "@CCC.ObjStor.CN02.AR02" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "cloudfront-logs-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "cloudfront-logs-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "cloudfront-logs-flowing-porpoise" - } - ], - "severity": "Informational", - "severity_id": 1, - "status": "New", - "status_code": "PASS", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ I call \"{storage}\" with \"CreateObject\" using arguments \"{ResourceName}\", \"test-object.txt\", and \"test data\"\nβœ“ \"{result}\" is not an error\nβœ“ I call \"{iamService}\" with \"ProvisionUserWithAccess\" using arguments \"test-user-no-access\", \"{UID}\", and \"none\"\nβœ“ I refer to \"{result}\" as \"testUserNoAccess\"\nβœ“ I attach \"{result}\" to the test output as \"no-access-user-identity.json\"\nβœ“ I call \"{api}\" with \"GetServiceAPIWithIdentity\" using arguments \"object-storage\", \"{testUserNoAccess}\", and \"{false}\"\nβœ“ \"{result}\" is not an error\nβœ“ I refer to \"{result}\" as \"userStorage\"\nβœ“ I call \"{userStorage}\" with \"ReadObject\" using arguments \"{ResourceName}\" and \"test-object.txt\"\nβœ“ \"{result}\" is an error\nβœ“ I call \"{storage}\" with \"SetObjectPermission\" using arguments \"{ResourceName}\", \"test-object.txt\", and \"read\"\nβœ“ \"{result}\" is an error\nβœ“ I attach \"{result}\" to the test output as \"set-object-permission-error.txt\"\nβœ“ I call \"{userStorage}\" with \"ReadObject\" using arguments \"{ResourceName}\" and \"test-object.txt\"\nβœ“ \"{result}\" is an error", - "status_id": 1, - "time": 1772107212, - "time_dt": "2026-02-26T12:00:12Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.ObjStor.CN02.AR02 - Uniform Bucket-Level Access (Consistent Deny)" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772107212, - "created_time_dt": "2026-02-26T12:00:12Z", - "desc": "Compliance test scenario: Service supports bucket soft delete and recovery", - "title": "Service supports bucket soft delete and recovery", - "types": [], - "uid": "ccc-test-1524-1772107212" - }, - "message": "Service supports bucket soft delete and recovery", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@object-storage", - "@CCC.ObjStor", - "@tlp-amber", - "@tlp-red", - "@CCC.ObjStor.CN03.AR01" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "cloudfront-logs-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "cloudfront-logs-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "cloudfront-logs-flowing-porpoise" - } - ], - "severity": "Medium", - "severity_id": 3, - "status": "New", - "status_code": "FAIL", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{storage}\" with \"CreateBucket\" using argument \"ccc-test-soft-delete\"\nβœ“ \"{result}\" is not an error\nβœ“ I refer to \"{result}\" as \"testBucket\"\nβœ“ I attach \"{result}\" to the test output as \"created-bucket.json\"\nβœ“ I call \"{storage}\" with \"DeleteBucket\" using argument \"ccc-test-soft-delete\"\nβœ“ \"{result}\" is not an error\nβœ“ I call \"{storage}\" with \"ListDeletedBuckets\"\nβœ— \"{result}\" is not an error - Error: expected {result} to not be an error, but got: AWS S3 does not support bucket-level soft delete - bucket deletion is immediate and permanent\n⊘ I attach \"{result}\" to the test output as \"deleted-buckets.json\" (skipped)\n? \"{result}\" should have length greater than \"0\" (undefined)\n⊘ I call \"{storage}\" with \"RestoreBucket\" using argument \"ccc-test-soft-delete\" (skipped)\n⊘ \"{result}\" is not an error (skipped)\n⊘ I call \"{storage}\" with \"ListBuckets\" (skipped)\n⊘ \"{result}\" is not an error (skipped)\n⊘ I attach \"{result}\" to the test output as \"restored-buckets.json\" (skipped)\n⊘ I call \"{storage}\" with \"DeleteBucket\" using argument \"ccc-test-soft-delete\" (skipped)\n⊘ \"{result}\" is not an error (skipped)", - "status_id": 1, - "time": 1772107212, - "time_dt": "2026-02-26T12:00:12Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.ObjStor.CN03.AR01 - Bucket Soft Delete and Recovery" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772107213, - "created_time_dt": "2026-02-26T12:00:13Z", - "desc": "Compliance test scenario: Service prevents modification of locked retention policy", - "title": "Service prevents modification of locked retention policy", - "types": [], - "uid": "ccc-test-1561-1772107213" - }, - "message": "Service prevents modification of locked retention policy", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@object-storage", - "@CCC.ObjStor", - "@tlp-amber", - "@tlp-red", - "@CCC.ObjStor.CN03.AR02" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "cloudfront-logs-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "cloudfront-logs-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "cloudfront-logs-flowing-porpoise" - } - ], - "severity": "Medium", - "severity_id": 3, - "status": "New", - "status_code": "FAIL", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{storage}\" with \"GetBucketRetentionDurationDays\" using argument \"{ResourceName}\"\nβœ“ \"{result}\" is not an error\nβœ“ I refer to \"{result}\" as \"originalRetention\"\nβœ“ I attach \"{result}\" to the test output as \"original-retention-days.txt\"\nβœ— \"{result}\" should be greater than \"0\" - Error: expected {result} (0) to be greater than 0\n⊘ I call \"{storage}\" with \"SetBucketRetentionDurationDays\" using arguments \"{ResourceName}\" and \"1\" (skipped)\n⊘ \"{result}\" is an error (skipped)\n⊘ I attach \"{result}\" to the test output as \"set-retention-error.txt\" (skipped)\n⊘ I call \"{storage}\" with \"GetBucketRetentionDurationDays\" using argument \"{ResourceName}\" (skipped)\n⊘ \"{result}\" is not an error (skipped)\n? \"{result}\" should equal \"{originalRetention}\" (undefined)", - "status_id": 1, - "time": 1772107213, - "time_dt": "2026-02-26T12:00:13Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.ObjStor.CN03.AR02 - Immutable Bucket Retention Policy" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772107213, - "created_time_dt": "2026-02-26T12:00:13Z", - "desc": "Compliance test scenario: Service applies default retention policy to newly uploaded object", - "title": "Service applies default retention policy to newly uploaded object", - "types": [], - "uid": "ccc-test-1617-1772107213" - }, - "message": "Service applies default retention policy to newly uploaded object", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@object-storage", - "@CCC.ObjStor", - "@tlp-clear", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@CCC.ObjStor.CN04.AR01" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "cloudfront-logs-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "cloudfront-logs-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "cloudfront-logs-flowing-porpoise" - } - ], - "severity": "Medium", - "severity_id": 3, - "status": "New", - "status_code": "FAIL", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ I call \"{iamService}\" with \"ProvisionUserWithAccess\" using arguments \"test-user-write\", \"{UID}\", and \"write\"\nβœ“ I refer to \"{result}\" as \"testUserWrite\"\nβœ“ I attach \"{result}\" to the test output as \"write-user-identity.json\"\nβœ“ I call \"{api}\" with \"GetServiceAPIWithIdentity\" using arguments \"object-storage\", \"{testUserWrite}\", and \"{true}\"\nβœ— \"{result}\" is not an error - Error: expected {result} to not be an error, but got: user provisioning validation failed: user permissions validation timed out after 12 attempts: credentials not ready for S3 access: operation error S3: ListBuckets, https response error StatusCode: 403, RequestID: 7K0N5N0F8PCCXNMA, HostID: C6XQPzuNC2fruXPj9Ix5BNTNEHh1wPJQivQuSB35kL6NLugYWnSj30WsbulNTufl0LatAwKKBhM=, api error AccessDenied: User: arn:aws:iam::211203495394:user/test-user-write is not authorized to perform: s3:ListAllMyBuckets because no identity-based policy allows the s3:ListAllMyBuckets action\n⊘ I refer to \"{result}\" as \"userStorage\" (skipped)\n⊘ I call \"{userStorage}\" with \"CreateObject\" using arguments \"{ResourceName}\", \"test-retention-object.txt\", and \"protected data\" (skipped)\n⊘ I attach \"{result}\" to the test output as \"uploaded-object.json\" (skipped)\n⊘ I call \"{userStorage}\" with \"GetObjectRetentionDurationDays\" using arguments \"{ResourceName}\" and \"test-retention-object.txt\" (skipped)\n⊘ \"{result}\" should be greater than \"1\" (skipped)\n⊘ I call \"{storage}\" with \"DeleteObject\" using arguments \"{ResourceName}\" and \"test-retention-object.txt\" (skipped)", - "status_id": 1, - "time": 1772107213, - "time_dt": "2026-02-26T12:00:13Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.ObjStor.CN04.AR01" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772107268, - "created_time_dt": "2026-02-26T12:01:08Z", - "desc": "Compliance test scenario: Service enforces retention policy on newly created objects", - "title": "Service enforces retention policy on newly created objects", - "types": [], - "uid": "ccc-test-1629-1772107268" - }, - "message": "Service enforces retention policy on newly created objects", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@object-storage", - "@CCC.ObjStor", - "@tlp-clear", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@CCC.ObjStor.CN04.AR01" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "cloudfront-logs-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "cloudfront-logs-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "cloudfront-logs-flowing-porpoise" - } - ], - "severity": "Medium", - "severity_id": 3, - "status": "New", - "status_code": "FAIL", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ I call \"{storage}\" with \"CreateObject\" using arguments \"{ResourceName}\", \"immediate-delete-test.txt\", and \"test content\"\nβœ“ \"{result}\" is not an error\nβœ“ I call \"{storage}\" with \"DeleteObject\" using arguments \"{ResourceName}\" and \"immediate-delete-test.txt\"\nβœ— \"{result}\" is an error - Error: expected {result} to be an error, got \u003cnil\u003e\n⊘ I attach \"{result}\" to the test output as \"immediate-delete-error.txt\" (skipped)\n? \"{result}\" should contain \"retention\" (undefined)", - "status_id": 1, - "time": 1772107268, - "time_dt": "2026-02-26T12:01:08Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.ObjStor.CN04.AR01" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772107269, - "created_time_dt": "2026-02-26T12:01:09Z", - "desc": "Compliance test scenario: Service validates retention period meets minimum requirements", - "title": "Service validates retention period meets minimum requirements", - "types": [], - "uid": "ccc-test-1640-1772107269" - }, - "message": "Service validates retention period meets minimum requirements", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@object-storage", - "@CCC.ObjStor", - "@tlp-clear", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@CCC.ObjStor.CN04.AR01" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "cloudfront-logs-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "cloudfront-logs-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "cloudfront-logs-flowing-porpoise" - } - ], - "severity": "Medium", - "severity_id": 3, - "status": "New", - "status_code": "FAIL", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ I call \"{storage}\" with \"CreateObject\" using arguments \"{ResourceName}\", \"retention-period-test.txt\", and \"compliance data\"\nβœ“ I call \"{storage}\" with \"GetObjectRetentionDurationDays\" using arguments \"{ResourceName}\" and \"retention-period-test.txt\"\nβœ— \"{result}\" should be greater than \"1\" - Error: expected {result} (0) to be greater than 1\n⊘ I attach \"{result}\" to the test output as \"retention-period-days.json\" (skipped)\n⊘ I call \"{storage}\" with \"DeleteObject\" using arguments \"{ResourceName}\" and \"retention-period-test.txt\" (skipped)", - "status_id": 1, - "time": 1772107269, - "time_dt": "2026-02-26T12:01:09Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.ObjStor.CN04.AR01" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772107269, - "created_time_dt": "2026-02-26T12:01:09Z", - "desc": "Compliance test scenario: Service prevents object deletion by write user during retention period", - "title": "Service prevents object deletion by write user during retention period", - "types": [], - "uid": "ccc-test-1722-1772107269" - }, - "message": "Service prevents object deletion by write user during retention period", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@object-storage", - "@CCC.ObjStor", - "@tlp-clear", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@CCC.ObjStor.CN04.AR02" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "cloudfront-logs-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "cloudfront-logs-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "cloudfront-logs-flowing-porpoise" - } - ], - "severity": "Medium", - "severity_id": 3, - "status": "New", - "status_code": "FAIL", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ I call \"{iamService}\" with \"ProvisionUserWithAccess\" using arguments \"test-user-write\", \"{UID}\", and \"write\"\nβœ“ I refer to \"{result}\" as \"testUserWrite\"\nβœ“ I attach \"{result}\" to the test output as \"write-user-identity.json\"\nβœ“ I call \"{api}\" with \"GetServiceAPIWithIdentity\" using arguments \"object-storage\", \"{testUserWrite}\", and \"{true}\"\nβœ— \"{result}\" is not an error - Error: expected {result} to not be an error, but got: user provisioning validation failed: user permissions validation timed out after 12 attempts: credentials not ready for S3 access: operation error S3: ListBuckets, https response error StatusCode: 403, RequestID: BVXZJEAT9GQ5JP0B, HostID: XLenLNdfdH8mJP+TzLTwhlu0AiX9mJ0VmqtODsb+EH7eclGWn4EVp2w6pywCkfOlrKrAZ/K2ZAPXSEQEhNTPN8XAHqXXfP6i, api error AccessDenied: User: arn:aws:iam::211203495394:user/test-user-write is not authorized to perform: s3:ListAllMyBuckets because no identity-based policy allows the s3:ListAllMyBuckets action\n⊘ I refer to \"{result}\" as \"userStorage\" (skipped)\n⊘ I call \"{userStorage}\" with \"CreateObject\" using arguments \"{ResourceName}\", \"protected-object.txt\", and \"immutable data\" (skipped)\n⊘ \"{result}\" is not an error (skipped)\n⊘ I attach \"{result}\" to the test output as \"protected-object.json\" (skipped)\n⊘ I call \"{userStorage}\" with \"DeleteObject\" using arguments \"{ResourceName}\" and \"protected-object.txt\" (skipped)\n⊘ \"{result}\" is an error (skipped)\n⊘ I attach \"{result}\" to the test output as \"delete-protected-error.txt\" (skipped)\n? \"{result}\" should contain one of \"retention, locked, immutable, protected\" (undefined)", - "status_id": 1, - "time": 1772107269, - "time_dt": "2026-02-26T12:01:09Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.ObjStor.CN04.AR02" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772107324, - "created_time_dt": "2026-02-26T12:02:04Z", - "desc": "Compliance test scenario: Service prevents object deletion by admin user during retention period", - "title": "Service prevents object deletion by admin user during retention period", - "types": [], - "uid": "ccc-test-1734-1772107324" - }, - "message": "Service prevents object deletion by admin user during retention period", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@object-storage", - "@CCC.ObjStor", - "@tlp-clear", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@CCC.ObjStor.CN04.AR02" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "cloudfront-logs-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "cloudfront-logs-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "cloudfront-logs-flowing-porpoise" - } - ], - "severity": "Medium", - "severity_id": 3, - "status": "New", - "status_code": "FAIL", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ I call \"{storage}\" with \"CreateObject\" using arguments \"{ResourceName}\", \"admin-protected-object.txt\", and \"compliance data\"\nβœ“ \"{result}\" is not an error\nβœ“ I call \"{storage}\" with \"DeleteObject\" using arguments \"{ResourceName}\" and \"admin-protected-object.txt\"\nβœ— \"{result}\" is an error - Error: expected {result} to be an error, got \u003cnil\u003e\n⊘ I attach \"{result}\" to the test output as \"admin-delete-protected-error.txt\" (skipped)\n? \"{result}\" should contain \"retention\" (undefined)", - "status_id": 1, - "time": 1772107324, - "time_dt": "2026-02-26T12:02:04Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.ObjStor.CN04.AR02" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772107325, - "created_time_dt": "2026-02-26T12:02:05Z", - "desc": "Compliance test scenario: Service prevents object modification during retention period", - "title": "Service prevents object modification during retention period", - "types": [], - "uid": "ccc-test-1752-1772107325" - }, - "message": "Service prevents object modification during retention period", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@object-storage", - "@CCC.ObjStor", - "@tlp-clear", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@CCC.ObjStor.CN04.AR02" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "cloudfront-logs-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "cloudfront-logs-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "cloudfront-logs-flowing-porpoise" - } - ], - "severity": "Medium", - "severity_id": 3, - "status": "New", - "status_code": "FAIL", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ I call \"{iamService}\" with \"ProvisionUserWithAccess\" using arguments \"test-user-write\", \"{UID}\", and \"write\"\nβœ“ I refer to \"{result}\" as \"testUserWrite\"\nβœ“ I call \"{api}\" with \"GetServiceAPIWithIdentity\" using arguments \"object-storage\", \"{testUserWrite}\", and \"{true}\"\nβœ— \"{result}\" is not an error - Error: expected {result} to not be an error, but got: user provisioning validation failed: user permissions validation timed out after 12 attempts: credentials not ready for S3 access: operation error S3: ListBuckets, https response error StatusCode: 403, RequestID: K4FDM9FZV8EGRCXT, HostID: 6izoh9FMHbRoxH+QP79ds3tuPO1DLqUYKyVN5A5Br+0GhFdmy4iwyhuymKH3org77ywg/WLXdtA=, api error AccessDenied: User: arn:aws:iam::211203495394:user/test-user-write is not authorized to perform: s3:ListAllMyBuckets because no identity-based policy allows the s3:ListAllMyBuckets action\n⊘ I refer to \"{result}\" as \"userStorage\" (skipped)\n⊘ I call \"{userStorage}\" with \"CreateObject\" using arguments \"{ResourceName}\", \"modify-test-object.txt\", and \"original content\" (skipped)\n⊘ \"{result}\" is not an error (skipped)\n⊘ I attach \"{result}\" to the test output as \"original-object.json\" (skipped)\n⊘ I call \"{userStorage}\" with \"CreateObject\" using arguments \"{ResourceName}\", \"modify-test-object.txt\", and \"modified content\" (skipped)\n⊘ \"{result}\" is an error (skipped)\n⊘ I attach \"{result}\" to the test output as \"modify-protected-error.txt\" (skipped)\n? \"{result}\" should contain one of \"retention, locked, immutable, protected, exists\" (undefined)", - "status_id": 1, - "time": 1772107325, - "time_dt": "2026-02-26T12:02:05Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.ObjStor.CN04.AR02" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772107380, - "created_time_dt": "2026-02-26T12:03:00Z", - "desc": "Compliance test scenario: Service allows object read access during retention period", - "title": "Service allows object read access during retention period", - "types": [], - "uid": "ccc-test-1772-1772107380" - }, - "message": "Service allows object read access during retention period", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@object-storage", - "@CCC.ObjStor", - "@tlp-clear", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@CCC.ObjStor.CN04.AR02" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "cloudfront-logs-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "cloudfront-logs-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "cloudfront-logs-flowing-porpoise" - } - ], - "severity": "Medium", - "severity_id": 3, - "status": "New", - "status_code": "FAIL", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ I call \"{storage}\" with \"CreateObject\" using arguments \"{ResourceName}\", \"readable-protected-object.txt\", and \"readable data\"\nβœ“ \"{result}\" is not an error\nβœ“ I call \"{iamService}\" with \"ProvisionUserWithAccess\" using arguments \"test-user-read\", \"{UID}\", and \"read\"\nβœ“ I refer to \"{result}\" as \"testUserRead\"\nβœ“ I attach \"{result}\" to the test output as \"read-user-identity.json\"\nβœ“ I call \"{api}\" with \"GetServiceAPIWithIdentity\" using arguments \"object-storage\", \"{testUserRead}\", and \"{true}\"\nβœ— \"{result}\" is not an error - Error: expected {result} to not be an error, but got: user provisioning validation failed: user permissions validation timed out after 12 attempts: credentials not ready for S3 access: operation error S3: ListBuckets, https response error StatusCode: 403, RequestID: 557609KX1MCDKYC1, HostID: jVcAE9VL1UfdTtMKSyhG59iZJpjASeiRwA/vr+YLvfQxtuSA3t/LDz/jvweGNCfWGD8N4jzVoHs+lxYpKkHOw79xW+QC9ivFWaoaYtwBqhk=, api error AccessDenied: User: arn:aws:iam::211203495394:user/test-user-read is not authorized to perform: s3:ListAllMyBuckets because no identity-based policy allows the s3:ListAllMyBuckets action\n⊘ I refer to \"{result}\" as \"userStorage\" (skipped)\n⊘ I call \"{userStorage}\" with \"ReadObject\" using arguments \"{ResourceName}\" and \"readable-protected-object.txt\" (skipped)\n⊘ \"{result}\" is not an error (skipped)\n⊘ I refer to \"{result}\" as \"readResult\" (skipped)\n⊘ I attach \"{result}\" to the test output as \"read-protected-object.json\" (skipped)\n⊘ \"{readResult.Name}\" is \"readable-protected-object.txt\" (skipped)\n⊘ I call \"{storage}\" with \"DeleteObject\" using arguments \"{ResourceName}\" and \"readable-protected-object.txt\" (skipped)", - "status_id": 1, - "time": 1772107380, - "time_dt": "2026-02-26T12:03:00Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.ObjStor.CN04.AR02" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772107436, - "created_time_dt": "2026-02-26T12:03:56Z", - "desc": "Compliance test scenario: Objects are stored with unique version identifiers", - "title": "Objects are stored with unique version identifiers", - "types": [], - "uid": "ccc-test-1790-1772107436" - }, - "message": "Objects are stored with unique version identifiers", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@object-storage", - "@CCC.ObjStor", - "@CCC.ObjStor.CN05", - "@tlp-clear", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@Policy" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "cloudfront-logs-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "cloudfront-logs-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "cloudfront-logs-flowing-porpoise" - } - ], - "severity": "Medium", - "severity_id": 3, - "status": "New", - "status_code": "FAIL", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ— I attempt policy check \"object-storage-versioning\" for control \"CCC.ObjStor.CN05\" assessment requirement \"AR01\" for service \"{ServiceType}\" on resource \"{ResourceName}\" and provider \"{Provider}\" - Error: policy check failed: S3 Bucket Versioning Configuration: \n⊘ \"{result}\" is true (skipped)", - "status_id": 1, - "time": 1772107436, - "time_dt": "2026-02-26T12:03:56Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.ObjStor.CN05.AR01 - Versioning with Unique Identifiers" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772107437, - "created_time_dt": "2026-02-26T12:03:57Z", - "desc": "Compliance test scenario: Modified objects receive new version identifiers", - "title": "Modified objects receive new version identifiers", - "types": [], - "uid": "ccc-test-1806-1772107437" - }, - "message": "Modified objects receive new version identifiers", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@object-storage", - "@CCC.ObjStor", - "@CCC.ObjStor.CN05", - "@tlp-clear", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@Policy" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "cloudfront-logs-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "cloudfront-logs-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "cloudfront-logs-flowing-porpoise" - } - ], - "severity": "Informational", - "severity_id": 1, - "status": "New", - "status_code": "PASS", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ no-op required", - "status_id": 1, - "time": 1772107437, - "time_dt": "2026-02-26T12:03:57Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.ObjStor.CN05.AR02 - New Version ID on Modification" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772107437, - "created_time_dt": "2026-02-26T12:03:57Z", - "desc": "Compliance test scenario: Previous object versions can be recovered", - "title": "Previous object versions can be recovered", - "types": [], - "uid": "ccc-test-1822-1772107437" - }, - "message": "Previous object versions can be recovered", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@object-storage", - "@CCC.ObjStor", - "@CCC.ObjStor.CN05", - "@tlp-clear", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@Policy" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "cloudfront-logs-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "cloudfront-logs-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "cloudfront-logs-flowing-porpoise" - } - ], - "severity": "Informational", - "severity_id": 1, - "status": "New", - "status_code": "PASS", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ no-op required", - "status_id": 1, - "time": 1772107437, - "time_dt": "2026-02-26T12:03:57Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.ObjStor.CN05.AR03 - Recovery of Previous Versions" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772107437, - "created_time_dt": "2026-02-26T12:03:57Z", - "desc": "Compliance test scenario: Object versions are retained after deletion", - "title": "Object versions are retained after deletion", - "types": [], - "uid": "ccc-test-1838-1772107437" - }, - "message": "Object versions are retained after deletion", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@object-storage", - "@CCC.ObjStor", - "@CCC.ObjStor.CN05", - "@tlp-clear", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@Policy" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "cloudfront-logs-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "cloudfront-logs-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "cloudfront-logs-flowing-porpoise" - } - ], - "severity": "Informational", - "severity_id": 1, - "status": "New", - "status_code": "PASS", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ no-op required", - "status_id": 1, - "time": 1772107437, - "time_dt": "2026-02-26T12:03:57Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.ObjStor.CN05.AR04 - Retain Versions on Delete" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772107437, - "created_time_dt": "2026-02-26T12:03:57Z", - "desc": "Compliance test scenario: Access logs are stored in a separate data store", - "title": "Access logs are stored in a separate data store", - "types": [], - "uid": "ccc-test-1854-1772107437" - }, - "message": "Access logs are stored in a separate data store", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@object-storage", - "@CCC.ObjStor", - "@CCC.ObjStor.CN06", - "@tlp-amber", - "@tlp-red", - "@Policy" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "cloudfront-logs-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "cloudfront-logs-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "cloudfront-logs-flowing-porpoise" - } - ], - "severity": "Medium", - "severity_id": 3, - "status": "New", - "status_code": "FAIL", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ— I attempt policy check \"object-storage-access-logging\" for control \"CCC.ObjStor.CN06\" assessment requirement \"AR01\" for service \"{ServiceType}\" on resource \"{ResourceName}\" and provider \"{Provider}\" - Error: policy check file not found: /home/runner/work/ccc-cfi-compliance/ccc-cfi-compliance/testing/policy/CCC.ObjStor/CCC.ObjStor.CN06/AR01/object-storage-access-logging/aws.yaml\n⊘ \"{result}\" is true (skipped)", - "status_id": 1, - "time": 1772107437, - "time_dt": "2026-02-26T12:03:57Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.ObjStor.CN06.AR01 - Access Logs in Separate Data Store" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772108201, - "created_time_dt": "2026-02-26T12:16:41Z", - "desc": "Compliance test scenario: Service accepts TLS 1.3 encrypted traffic", - "title": "Service accepts TLS 1.3 encrypted traffic", - "types": [], - "uid": "ccc-test-92-1772108201" - }, - "message": "Service accepts TLS 1.3 encrypted traffic", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@CCC.Core", - "@object-storage", - "@vpc", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@CCC.Core.CN01", - "@tls", - "@Behavioural", - "@PerPort" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": "https service on logs-flowing-porpoise.s3.us-east-1.amazonaws.com:443", - "metadata": { - "findings": [], - "name": "logs-flowing-porpoise.s3.us-east-1.amazonaws.com", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "logs-flowing-porpoise.s3.us-east-1.amazonaws.com", - "region": "us-east-1", - "type": "object-storage", - "uid": "logs-flowing-porpoise" - } - ], - "severity": "Informational", - "severity_id": 1, - "status": "New", - "status_code": "PASS", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ an openssl s_client request using \"tls1_3\" to \"{portNumber}\" on \"{hostName}\" protocol \"{protocol}\"\nβœ“ I refer to \"{result}\" as \"connection\"\nβœ“ \"{connection}\" state is open\nβœ“ \"{connection.State}\" is \"open\"\nβœ“ I close connection \"{connection}\"\nβœ“ \"{connection}\" state is closed", - "status_id": 1, - "time": 1772108201, - "time_dt": "2026-02-26T12:16:41Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN01.AR01" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772108201, - "created_time_dt": "2026-02-26T12:16:41Z", - "desc": "Compliance test scenario: Service rejects TLS 1.2 traffic", - "title": "Service rejects TLS 1.2 traffic", - "types": [], - "uid": "ccc-test-98-1772108201" - }, - "message": "Service rejects TLS 1.2 traffic", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@CCC.Core", - "@object-storage", - "@vpc", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@CCC.Core.CN01", - "@tls", - "@Behavioural", - "@PerPort" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": "https service on logs-flowing-porpoise.s3.us-east-1.amazonaws.com:443", - "metadata": { - "findings": [], - "name": "logs-flowing-porpoise.s3.us-east-1.amazonaws.com", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "logs-flowing-porpoise.s3.us-east-1.amazonaws.com", - "region": "us-east-1", - "type": "object-storage", - "uid": "logs-flowing-porpoise" - } - ], - "severity": "Informational", - "severity_id": 1, - "status": "New", - "status_code": "PASS", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ an openssl s_client request using \"tls1_2\" to \"{portNumber}\" on \"{hostName}\" protocol \"{protocol}\"\nβœ“ I refer to \"{result}\" as \"connection\"\nβœ“ we wait for a period of \"40\" ms\nβœ“ \"{connection.State}\" is \"closed\"", - "status_id": 1, - "time": 1772108201, - "time_dt": "2026-02-26T12:16:41Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN01.AR01" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772108201, - "created_time_dt": "2026-02-26T12:16:41Z", - "desc": "Compliance test scenario: Service rejects TLS 1.1 traffic", - "title": "Service rejects TLS 1.1 traffic", - "types": [], - "uid": "ccc-test-104-1772108201" - }, - "message": "Service rejects TLS 1.1 traffic", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@CCC.Core", - "@object-storage", - "@vpc", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@CCC.Core.CN01", - "@tls", - "@Behavioural", - "@PerPort" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": "https service on logs-flowing-porpoise.s3.us-east-1.amazonaws.com:443", - "metadata": { - "findings": [], - "name": "logs-flowing-porpoise.s3.us-east-1.amazonaws.com", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "logs-flowing-porpoise.s3.us-east-1.amazonaws.com", - "region": "us-east-1", - "type": "object-storage", - "uid": "logs-flowing-porpoise" - } - ], - "severity": "Informational", - "severity_id": 1, - "status": "New", - "status_code": "PASS", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ an openssl s_client request using \"tls1_1\" to \"{portNumber}\" on \"{hostName}\" protocol \"{protocol}\"\nβœ“ I refer to \"{result}\" as \"connection\"\nβœ“ we wait for a period of \"40\" ms\nβœ“ \"{connection.State}\" is \"closed\"", - "status_id": 1, - "time": 1772108201, - "time_dt": "2026-02-26T12:16:41Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN01.AR01" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772108201, - "created_time_dt": "2026-02-26T12:16:41Z", - "desc": "Compliance test scenario: Service rejects TLS 1.0 traffic", - "title": "Service rejects TLS 1.0 traffic", - "types": [], - "uid": "ccc-test-110-1772108201" - }, - "message": "Service rejects TLS 1.0 traffic", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@CCC.Core", - "@object-storage", - "@vpc", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@CCC.Core.CN01", - "@tls", - "@Behavioural", - "@PerPort" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": "https service on logs-flowing-porpoise.s3.us-east-1.amazonaws.com:443", - "metadata": { - "findings": [], - "name": "logs-flowing-porpoise.s3.us-east-1.amazonaws.com", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "logs-flowing-porpoise.s3.us-east-1.amazonaws.com", - "region": "us-east-1", - "type": "object-storage", - "uid": "logs-flowing-porpoise" - } - ], - "severity": "Informational", - "severity_id": 1, - "status": "New", - "status_code": "PASS", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ an openssl s_client request using \"tls1\" to \"{portNumber}\" on \"{hostName}\" protocol \"{protocol}\"\nβœ“ I refer to \"{result}\" as \"connection\"\nβœ“ we wait for a period of \"40\" ms\nβœ“ \"{connection.State}\" is \"closed\"", - "status_id": 1, - "time": 1772108201, - "time_dt": "2026-02-26T12:16:41Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN01.AR01" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772108201, - "created_time_dt": "2026-02-26T12:16:41Z", - "desc": "Compliance test scenario: Verify SSL/TLS protocol support", - "title": "Verify SSL/TLS protocol support", - "types": [], - "uid": "ccc-test-115-1772108201" - }, - "message": "Verify SSL/TLS protocol support", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@CCC.Core", - "@object-storage", - "@vpc", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@CCC.Core.CN01", - "@tls", - "@Behavioural", - "@PerPort" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": "https service on logs-flowing-porpoise.s3.us-east-1.amazonaws.com:443", - "metadata": { - "findings": [], - "name": "logs-flowing-porpoise.s3.us-east-1.amazonaws.com", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "logs-flowing-porpoise.s3.us-east-1.amazonaws.com", - "region": "us-east-1", - "type": "object-storage", - "uid": "logs-flowing-porpoise" - } - ], - "severity": "Medium", - "severity_id": 3, - "status": "New", - "status_code": "FAIL", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ \"report\" contains details of SSL Support type \"protocols\" for \"{hostName}\" on port \"{portNumber}\"\nβœ— \"{report}\" is an array of objects which doesn't contain any of - Error: unwanted row found in array: map[finding:offered id:TLS1_2]\n⊘ \"{report}\" is an array of objects with at least the following contents (skipped)", - "status_id": 1, - "time": 1772108201, - "time_dt": "2026-02-26T12:16:41Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN01.AR01" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772108206, - "created_time_dt": "2026-02-26T12:16:46Z", - "desc": "Compliance test scenario: Verify no known SSL/TLS vulnerabilities", - "title": "Verify no known SSL/TLS vulnerabilities", - "types": [], - "uid": "ccc-test-119-1772108206" - }, - "message": "Verify no known SSL/TLS vulnerabilities", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@CCC.Core", - "@object-storage", - "@vpc", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@CCC.Core.CN01", - "@tls", - "@Behavioural", - "@PerPort" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": "https service on logs-flowing-porpoise.s3.us-east-1.amazonaws.com:443", - "metadata": { - "findings": [], - "name": "logs-flowing-porpoise.s3.us-east-1.amazonaws.com", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "logs-flowing-porpoise.s3.us-east-1.amazonaws.com", - "region": "us-east-1", - "type": "object-storage", - "uid": "logs-flowing-porpoise" - } - ], - "severity": "Informational", - "severity_id": 1, - "status": "New", - "status_code": "PASS", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ \"report\" contains details of SSL Support type \"vulnerable\" for \"{hostName}\" on port \"{portNumber}\"\nβœ“ \"{report}\" is an array of objects with at least the following contents", - "status_id": 1, - "time": 1772108206, - "time_dt": "2026-02-26T12:16:46Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN01.AR01" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772108234, - "created_time_dt": "2026-02-26T12:17:14Z", - "desc": "Compliance test scenario: Verify TLS 1.3 only certificate validity", - "title": "Verify TLS 1.3 only certificate validity", - "types": [], - "uid": "ccc-test-123-1772108234" - }, - "message": "Verify TLS 1.3 only certificate validity", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@CCC.Core", - "@object-storage", - "@vpc", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@CCC.Core.CN01", - "@tls", - "@Behavioural", - "@PerPort" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": "https service on logs-flowing-porpoise.s3.us-east-1.amazonaws.com:443", - "metadata": { - "findings": [], - "name": "logs-flowing-porpoise.s3.us-east-1.amazonaws.com", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "logs-flowing-porpoise.s3.us-east-1.amazonaws.com", - "region": "us-east-1", - "type": "object-storage", - "uid": "logs-flowing-porpoise" - } - ], - "severity": "Informational", - "severity_id": 1, - "status": "New", - "status_code": "PASS", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ \"report\" contains details of SSL Support type \"server-defaults\" for \"{hostName}\" on port \"{portNumber}\"\nβœ“ \"{report}\" is an array of objects with at least the following contents", - "status_id": 1, - "time": 1772108234, - "time_dt": "2026-02-26T12:17:14Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN01.AR01" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772107487, - "created_time_dt": "2026-02-26T12:04:47Z", - "desc": "Compliance test scenario: Storage account enforces minimum TLS version", - "title": "Storage account enforces minimum TLS version", - "types": [], - "uid": "ccc-test-127-1772107487" - }, - "message": "Storage account enforces minimum TLS version", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@CCC.Core", - "@object-storage", - "@vpc", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@CCC.Core.CN01", - "@tls", - "@Policy", - "@PerService", - "@object-storage" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "logs-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "logs-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "logs-flowing-porpoise" - } - ], - "severity": "Informational", - "severity_id": 1, - "status": "New", - "status_code": "PASS", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I attempt policy check \"object-storage-tls-policy\" for control \"CCC.Core.CN01\" assessment requirement \"AR01\" for service \"{ServiceType}\" on resource \"{ResourceName}\" and provider \"{Provider}\"\nβœ“ \"{result}\" is true", - "status_id": 1, - "time": 1772107487, - "time_dt": "2026-02-26T12:04:47Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN01.AR01" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772107487, - "created_time_dt": "2026-02-26T12:04:47Z", - "desc": "Compliance test scenario: Load balancer enforces minimum TLS version", - "title": "Load balancer enforces minimum TLS version", - "types": [], - "uid": "ccc-test-131-1772107487" - }, - "message": "Load balancer enforces minimum TLS version", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@CCC.Core", - "@object-storage", - "@vpc", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@CCC.Core.CN01", - "@tls", - "@Policy", - "@PerService", - "@CCC.LoadBalancer" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "logs-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "logs-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "logs-flowing-porpoise" - } - ], - "severity": "Medium", - "severity_id": 3, - "status": "New", - "status_code": "FAIL", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ— I attempt policy check \"load-balancer-tls-policy\" for control \"CCC.Core.CN01\" assessment requirement \"AR01\" for service \"{ServiceType}\" on resource \"{ResourceName}\" and provider \"{Provider}\" - Error: policy check failed: ALB TLS 1.3 Security Policy Check: query execution failed: exit status 254\nOutput: \nAn error occurred (ValidationError) when calling the DescribeListeners operation: 'logs-flowing-porpoise' is not a valid load balancer ARN\n\n⊘ \"{result}\" is true (skipped)", - "status_id": 1, - "time": 1772107487, - "time_dt": "2026-02-26T12:04:47Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN01.AR01" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772107488, - "created_time_dt": "2026-02-26T12:04:48Z", - "desc": "Compliance test scenario: Object storage encryption compliance", - "title": "Object storage encryption compliance", - "types": [], - "uid": "ccc-test-386-1772107488" - }, - "message": "Object storage encryption compliance", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@CCC.Core", - "@CCC.Core.CN02", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@Policy", - "@object-storage" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "logs-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "logs-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "logs-flowing-porpoise" - } - ], - "severity": "Medium", - "severity_id": 3, - "status": "New", - "status_code": "FAIL", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ— I attempt policy check \"object-storage-encryption\" for control \"CCC.Core.CN02\" assessment requirement \"AR01\" for service \"{ServiceType}\" on resource \"{ResourceName}\" and provider \"{Provider}\" - Error: policy check failed: S3 Bucket Server-Side Encryption Check: \n⊘ \"{result}\" is true (skipped)", - "status_id": 1, - "time": 1772107488, - "time_dt": "2026-02-26T12:04:48Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN02.AR01 - Data Encryption at Rest" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772107489, - "created_time_dt": "2026-02-26T12:04:49Z", - "desc": "Compliance test scenario: Verify objects are encrypted at rest", - "title": "Verify objects are encrypted at rest", - "types": [], - "uid": "ccc-test-397-1772107489" - }, - "message": "Verify objects are encrypted at rest", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@CCC.Core", - "@CCC.Core.CN02", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@Behavioural", - "@object-storage" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "logs-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "logs-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "logs-flowing-porpoise" - } - ], - "severity": "Informational", - "severity_id": 1, - "status": "New", - "status_code": "PASS", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{storage}\" with \"CreateObject\" using arguments \"{ResourceName}\", \"test-encryption-check.txt\", and \"encryption test data\"\nβœ“ \"{result}\" is not an error\nβœ“ I refer to \"{result}\" as \"uploadResult\"\nβœ“ \"{uploadResult.Encryption}\" is not null\nβœ“ \"{uploadResult.EncryptionAlgorithm}\" is \"AES256\"\nβœ“ I attach \"{uploadResult}\" to the test output as \"Upload Result with Encryption Details\"\nβœ“ I call \"{storage}\" with \"DeleteObject\" using arguments \"{ResourceName}\" and \"test-encryption-check.txt\"", - "status_id": 1, - "time": 1772107489, - "time_dt": "2026-02-26T12:04:49Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN02.AR01 - Data Encryption at Rest" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772107490, - "created_time_dt": "2026-02-26T12:04:50Z", - "desc": "Compliance test scenario: Object storage delete protection compliance", - "title": "Object storage delete protection compliance", - "types": [], - "uid": "ccc-test-418-1772107490" - }, - "message": "Object storage delete protection compliance", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@CCC.Core", - "@CCC.Core.CN03", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@Policy", - "@object-storage" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "logs-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "logs-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "logs-flowing-porpoise" - } - ], - "severity": "Medium", - "severity_id": 3, - "status": "New", - "status_code": "FAIL", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ— I attempt policy check \"object-storage-delete-protection\" for control \"CCC.Core.CN03\" assessment requirement \"AR01\" for service \"{ServiceType}\" on resource \"{ResourceName}\" and provider \"{Provider}\" - Error: policy check failed: S3 Bucket MFA Delete Configuration: \n⊘ \"{result}\" is true (skipped)", - "status_id": 1, - "time": 1772107490, - "time_dt": "2026-02-26T12:04:50Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN03.AR01 - Multi-Factor Authentication for Destructive Operations" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772107491, - "created_time_dt": "2026-02-26T12:04:51Z", - "desc": "Compliance test scenario: MFA requirement for destructive operations cannot be tested automatically", - "title": "MFA requirement for destructive operations cannot be tested automatically", - "types": [], - "uid": "ccc-test-421-1772107491" - }, - "message": "MFA requirement for destructive operations cannot be tested automatically", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@CCC.Core", - "@CCC.Core.CN03", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@Behavioural", - "@object-storage" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "logs-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "logs-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "logs-flowing-porpoise" - } - ], - "severity": "Informational", - "severity_id": 1, - "status": "New", - "status_code": "PASS", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ no-op required", - "status_id": 1, - "time": 1772107491, - "time_dt": "2026-02-26T12:04:51Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN03.AR01 - Multi-Factor Authentication for Destructive Operations" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772107491, - "created_time_dt": "2026-02-26T12:04:51Z", - "desc": "Compliance test scenario: API modification requires credential and trust perimeter origin", - "title": "API modification requires credential and trust perimeter origin", - "types": [], - "uid": "ccc-test-437-1772107491" - }, - "message": "API modification requires credential and trust perimeter origin", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@CCC.Core", - "@CCC.Core.CN03", - "@tlp-clear", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@Policy", - "@object-storage" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "logs-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "logs-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "logs-flowing-porpoise" - } - ], - "severity": "Informational", - "severity_id": 1, - "status": "New", - "status_code": "PASS", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ no-op required", - "status_id": 1, - "time": 1772107491, - "time_dt": "2026-02-26T12:04:51Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN03.AR02 - API Authentication with Credentials" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772107491, - "created_time_dt": "2026-02-26T12:04:51Z", - "desc": "Compliance test scenario: UI viewing requires multi-factor authentication", - "title": "UI viewing requires multi-factor authentication", - "types": [], - "uid": "ccc-test-451-1772107491" - }, - "message": "UI viewing requires multi-factor authentication", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@CCC.Core", - "@CCC.Core.CN03", - "@tlp-amber", - "@tlp-red", - "@Policy", - "@object-storage" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "logs-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "logs-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "logs-flowing-porpoise" - } - ], - "severity": "Informational", - "severity_id": 1, - "status": "New", - "status_code": "PASS", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ no-op required", - "status_id": 1, - "time": 1772107491, - "time_dt": "2026-02-26T12:04:51Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN03.AR03 - MFA for UI Viewing" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772107491, - "created_time_dt": "2026-02-26T12:04:51Z", - "desc": "Compliance test scenario: API viewing requires credential and trust perimeter origin", - "title": "API viewing requires credential and trust perimeter origin", - "types": [], - "uid": "ccc-test-465-1772107491" - }, - "message": "API viewing requires credential and trust perimeter origin", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@CCC.Core", - "@CCC.Core.CN03", - "@tlp-amber", - "@tlp-red", - "@Policy", - "@object-storage" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "logs-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "logs-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "logs-flowing-porpoise" - } - ], - "severity": "Informational", - "severity_id": 1, - "status": "New", - "status_code": "PASS", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ no-op required", - "status_id": 1, - "time": 1772107491, - "time_dt": "2026-02-26T12:04:51Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN03.AR04 - API Authentication for Viewing" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772107491, - "created_time_dt": "2026-02-26T12:04:51Z", - "desc": "Compliance test scenario: Admin logging compliance", - "title": "Admin logging compliance", - "types": [], - "uid": "ccc-test-500-1772107491" - }, - "message": "Admin logging compliance", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@CCC.Core", - "@CCC.Core.CN04", - "@tlp-clear", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@Policy", - "@object-storage", - "@vpc" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "logs-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "logs-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "logs-flowing-porpoise" - } - ], - "severity": "Medium", - "severity_id": 3, - "status": "New", - "status_code": "FAIL", - "status_detail": "βœ— I attempt policy check \"admin-logging\" for control \"CCC.Core.CN04\" assessment requirement \"AR01\" for service \"{ServiceType}\" on resource \"{ResourceName}\" and provider \"{Provider}\" - Error: policy check failed: CloudTrail Management Events Configuration: unknown parameter(s) in policy query: [AWSCloudTrailName] (available: [Protocol ServiceType ProviderServiceType ReportTitle Provider Region PortNumber CatalogTypes TagFilter UID PermittedAccountIds HostName ResourceName Instance Props AwsCloudTrailLogGroupName Labels ReportFile PermittedRegions])\n⊘ \"{result}\" is true (skipped)", - "status_id": 1, - "time": 1772107491, - "time_dt": "2026-02-26T12:04:51Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN04.AR01 - Log Administrative Access Attempts" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772107491, - "created_time_dt": "2026-02-26T12:04:51Z", - "desc": "Compliance test scenario: Verify admin actions are logged with identity and timestamp", - "title": "Verify admin actions are logged with identity and timestamp", - "types": [], - "uid": "ccc-test-515-1772107491" - }, - "message": "Verify admin actions are logged with identity and timestamp", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@CCC.Core", - "@CCC.Core.CN04", - "@tlp-clear", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@Behavioural", - "@object-storage" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "logs-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "logs-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "logs-flowing-porpoise" - } - ], - "severity": "Medium", - "severity_id": 3, - "status": "New", - "status_code": "FAIL", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"{ServiceType}\"\nβœ“ I refer to \"{result}\" as \"theService\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"logging\"\nβœ“ I refer to \"{result}\" as \"loggingService\"\nβœ“ I call \"{theService}\" with \"UpdateResourcePolicy\"\nβœ— \"{result}\" is not an error - Error: expected {result} to not be an error, but got: failed to get bucket policy (bucket may not have a policy): operation error S3: GetBucketPolicy, https response error StatusCode: 301, RequestID: NQP2143DV67W09B4, HostID: LOx4fHBEqJWtl19hgppA89oxehVcYOFcorK+VQ5ZYrmdFSKzHOS884Z+oLwzjfd14kzpDXiFSg+WGxK6zJWm8cTErTbR5qUYu8g+RNs8W2s=, api error PermanentRedirect: The bucket you are attempting to access must be addressed using the specified endpoint. Please send all future requests to this endpoint.\n⊘ I attach \"{result}\" to the test output as \"Policy Update Result\" (skipped)\n⊘ we wait for a period of \"10000\" ms (skipped)\n⊘ I call \"{loggingService}\" with \"QueryAdminLogs\" using arguments \"{ResourceName}\" and \"{20}\" (skipped)\n⊘ \"{result}\" is not an error (skipped)\n⊘ I refer to \"{result}\" as \"adminLogs\" (skipped)\n⊘ I attach \"{adminLogs}\" to the test output as \"Admin Activity Logs\" (skipped)\n⊘ \"{adminLogs}\" is an array of objects with at least the following contents (skipped)", - "status_id": 1, - "time": 1772107491, - "time_dt": "2026-02-26T12:04:51Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN04.AR01 - Log Administrative Access Attempts" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772107491, - "created_time_dt": "2026-02-26T12:04:51Z", - "desc": "Compliance test scenario: Object storage data modification logging compliance", - "title": "Object storage data modification logging compliance", - "types": [], - "uid": "ccc-test-554-1772107491" - }, - "message": "Object storage data modification logging compliance", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@CCC.Core", - "@CCC.Core.CN04", - "@tlp-amber", - "@tlp-red", - "@Policy", - "@object-storage" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "logs-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "logs-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "logs-flowing-porpoise" - } - ], - "severity": "Medium", - "severity_id": 3, - "status": "New", - "status_code": "FAIL", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ— I attempt policy check \"data-write-logging\" for control \"CCC.Core.CN04\" assessment requirement \"AR02\" for service \"{ServiceType}\" on resource \"{ResourceName}\" and provider \"{Provider}\" - Error: policy check failed: CloudTrail Data Events Write Configuration: unknown parameter(s) in policy query: [AWSCloudTrailName] (available: [Labels Provider PortNumber HostName Protocol ResourceName ReportTitle AwsCloudTrailLogGroupName api TagFilter UID ReportFile Region PermittedRegions PermittedAccountIds ServiceType ProviderServiceType CatalogTypes Instance Props])\n⊘ \"{result}\" is true (skipped)", - "status_id": 1, - "time": 1772107491, - "time_dt": "2026-02-26T12:04:51Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN04.AR02 - Log Data Modification Attempts" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772107491, - "created_time_dt": "2026-02-26T12:04:51Z", - "desc": "Compliance test scenario: Verify data modifications are logged with identity and timestamp", - "title": "Verify data modifications are logged with identity and timestamp", - "types": [], - "uid": "ccc-test-574-1772107491" - }, - "message": "Verify data modifications are logged with identity and timestamp", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@CCC.Core", - "@CCC.Core.CN04", - "@tlp-amber", - "@tlp-red", - "@Behavioural", - "@object-storage" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "logs-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "logs-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "logs-flowing-porpoise" - } - ], - "severity": "Medium", - "severity_id": 3, - "status": "New", - "status_code": "FAIL", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"logging\"\nβœ“ I refer to \"{result}\" as \"loggingService\"\nβœ“ I call \"{storage}\" with \"CreateObject\" using arguments \"{ResourceName}\", \"test-logging-object.txt\", and \"test data for logging verification\"\nβœ“ \"{result}\" is not an error\nβœ“ I refer to \"{result}\" as \"createResult\"\nβœ“ I attach \"{createResult}\" to the test output as \"Object Create Result\"\nβœ“ I call \"{storage}\" with \"DeleteObject\" using arguments \"{ResourceName}\" and \"test-logging-object.txt\"\nβœ“ \"{result}\" is not an error\nβœ“ I refer to \"{result}\" as \"deleteResult\"\nβœ“ I attach \"{deleteResult}\" to the test output as \"Object Delete Result\"\nβœ“ we wait for a period of \"10000\" ms\nβœ“ I call \"{loggingService}\" with \"QueryDataWriteLogs\" using arguments \"{ResourceName}\" and \"{20}\"\nβœ“ \"{result}\" is not an error\nβœ“ I refer to \"{result}\" as \"dataLogs\"\nβœ“ I attach \"{dataLogs}\" to the test output as \"Data Write Logs\"\nβœ— \"{dataLogs}\" is an array of objects with at least the following contents - Error: expected row not found: map[result:Succeeded]", - "status_id": 1, - "time": 1772107491, - "time_dt": "2026-02-26T12:04:51Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN04.AR02 - Log Data Modification Attempts" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772107502, - "created_time_dt": "2026-02-26T12:05:02Z", - "desc": "Compliance test scenario: Data read logging compliance", - "title": "Data read logging compliance", - "types": [], - "uid": "ccc-test-614-1772107502" - }, - "message": "Data read logging compliance", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@CCC.Core", - "@CCC.Core.CN04", - "@tlp-red", - "@Policy", - "@object-storage", - "@vpc" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "logs-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "logs-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "logs-flowing-porpoise" - } - ], - "severity": "Medium", - "severity_id": 3, - "status": "New", - "status_code": "FAIL", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ— I attempt policy check \"data-read-logging\" for control \"CCC.Core.CN04\" assessment requirement \"AR03\" for service \"{ServiceType}\" on resource \"{ResourceName}\" and provider \"{Provider}\" - Error: policy check failed: CloudTrail Data Events Read Configuration: unknown parameter(s) in policy query: [AWSCloudTrailName] (available: [api PortNumber Protocol CatalogTypes ReportFile TagFilter Labels UID Instance Provider Region AwsCloudTrailLogGroupName PermittedRegions HostName ServiceType ProviderServiceType ResourceName PermittedAccountIds ReportTitle Props])\n⊘ \"{result}\" is true (skipped)", - "status_id": 1, - "time": 1772107502, - "time_dt": "2026-02-26T12:05:02Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN04.AR03 - Log Data Read Attempts" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772107502, - "created_time_dt": "2026-02-26T12:05:02Z", - "desc": "Compliance test scenario: Verify data read operations are logged with identity and timestamp", - "title": "Verify data read operations are logged with identity and timestamp", - "types": [], - "uid": "ccc-test-635-1772107502" - }, - "message": "Verify data read operations are logged with identity and timestamp", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@CCC.Core", - "@CCC.Core.CN04", - "@tlp-red", - "@Behavioural", - "@object-storage" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "logs-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "logs-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "logs-flowing-porpoise" - } - ], - "severity": "Medium", - "severity_id": 3, - "status": "New", - "status_code": "FAIL", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"logging\"\nβœ“ I refer to \"{result}\" as \"loggingService\"\nβœ“ I call \"{storage}\" with \"CreateObject\" using arguments \"{ResourceName}\", \"test-read-logging-object.txt\", and \"test data for read logging verification\"\nβœ“ \"{result}\" is not an error\nβœ“ I refer to \"{result}\" as \"createResult\"\nβœ“ I call \"{storage}\" with \"ReadObject\" using arguments \"{ResourceName}\" and \"test-read-logging-object.txt\"\nβœ— \"{result}\" is not an error - Error: expected {result} to not be an error, but got: failed to read object test-read-logging-object.txt from bucket logs-flowing-porpoise: operation error S3: GetObject, https response error StatusCode: 301, RequestID: F5952TCYRTK7VDGE, HostID: tti9G0uCjCb/mXQK2Ae/NtOxSVnfePFoGw/zc5tDqQ62Xpvq2pdyI7mALJsLcxMNtrN77Zvw/j4=, api error PermanentRedirect: The bucket you are attempting to access must be addressed using the specified endpoint. Please send all future requests to this endpoint.\n⊘ I refer to \"{result}\" as \"readResult\" (skipped)\n⊘ I attach \"{readResult}\" to the test output as \"Object Read Result\" (skipped)\n⊘ I call \"{storage}\" with \"DeleteObject\" using arguments \"{ResourceName}\" and \"test-read-logging-object.txt\" (skipped)\n⊘ \"{result}\" is not an error (skipped)\n⊘ we wait for a period of \"10000\" ms (skipped)\n⊘ I call \"{loggingService}\" with \"QueryDataReadLogs\" using arguments \"{ResourceName}\" and \"{20}\" (skipped)\n⊘ \"{result}\" is not an error (skipped)\n⊘ I refer to \"{result}\" as \"readLogs\" (skipped)\n⊘ I attach \"{readLogs}\" to the test output as \"Data Read Logs\" (skipped)\n⊘ \"{readLogs}\" is an array of objects with at least the following contents (skipped)", - "status_id": 1, - "time": 1772107502, - "time_dt": "2026-02-26T12:05:02Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN04.AR03 - Log Data Read Attempts" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772107502, - "created_time_dt": "2026-02-26T12:05:02Z", - "desc": "Compliance test scenario: Service prevents data modification by user with no access", - "title": "Service prevents data modification by user with no access", - "types": [], - "uid": "ccc-test-700-1772107502" - }, - "message": "Service prevents data modification by user with no access", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@CCC.Core", - "@CCC.Core.CN05", - "@tlp-clear", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@Destructive", - "@Behavioural", - "@object-storage" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "logs-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "logs-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "logs-flowing-porpoise" - } - ], - "severity": "Informational", - "severity_id": 1, - "status": "New", - "status_code": "PASS", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ I call \"{iamService}\" with \"ProvisionUserWithAccess\" using arguments \"test-user-no-write-access\", \"{UID}\", and \"none\"\nβœ“ I refer to \"{result}\" as \"testUserNoAccess\"\nβœ“ I attach \"{result}\" to the test output as \"no-access-user-identity.json\"\nβœ“ I call \"{api}\" with \"GetServiceAPIWithIdentity\" using arguments \"object-storage\", \"{testUserNoAccess}\", and \"{false}\"\nβœ“ \"{result}\" is not an error\nβœ“ I refer to \"{result}\" as \"userStorage\"\nβœ“ I call \"{userStorage}\" with \"CreateObject\" using arguments \"{ResourceName}\", \"test-cn05-unauthorized-modify.txt\", and \"unauthorized data\"\nβœ“ \"{result}\" is an error\nβœ“ I attach \"{result}\" to the test output as \"no-access-create-error.txt\"", - "status_id": 1, - "time": 1772107502, - "time_dt": "2026-02-26T12:05:02Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN05.AR01 - Block Unauthorized Data Modification" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772107503, - "created_time_dt": "2026-02-26T12:05:03Z", - "desc": "Compliance test scenario: Service allows data modification by user with write access", - "title": "Service allows data modification by user with write access", - "types": [], - "uid": "ccc-test-716-1772107503" - }, - "message": "Service allows data modification by user with write access", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@CCC.Core", - "@CCC.Core.CN05", - "@tlp-clear", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@Destructive", - "@Behavioural", - "@object-storage" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "logs-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "logs-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "logs-flowing-porpoise" - } - ], - "severity": "Medium", - "severity_id": 3, - "status": "New", - "status_code": "FAIL", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ I call \"{iamService}\" with \"ProvisionUserWithAccess\" using arguments \"test-user-write-access\", \"{UID}\", and \"write\"\nβœ“ I refer to \"{result}\" as \"testUserWrite\"\nβœ“ I attach \"{result}\" to the test output as \"write-user-identity.json\"\nβœ“ I call \"{api}\" with \"GetServiceAPIWithIdentity\" using arguments \"object-storage\", \"{testUserWrite}\", and \"{true}\"\nβœ— \"{result}\" is not an error - Error: expected {result} to not be an error, but got: user provisioning validation failed: user permissions validation timed out after 12 attempts: credentials not ready for S3 access: operation error S3: ListBuckets, https response error StatusCode: 403, RequestID: SP6T38ZMRYGEVREP, HostID: UVrKeyJG5ABpXb25cd7lNg9l94RZDeyayxSxGZziRFWHosqY18uTEB2QWoZnSJtcqmieitiiSa/0nVwRkQyJD/lD0PdpKSDYzdzzGd00ZNo=, api error AccessDenied: User: arn:aws:iam::211203495394:user/test-user-write-access is not authorized to perform: s3:ListAllMyBuckets because no identity-based policy allows the s3:ListAllMyBuckets action\n⊘ I refer to \"{result}\" as \"userStorage\" (skipped)\n⊘ I call \"{userStorage}\" with \"CreateObject\" using arguments \"{ResourceName}\", \"test-cn05-authorized-modify.txt\", and \"authorized data\" (skipped)\n⊘ \"{result}\" is not an error (skipped)\n⊘ I attach \"{result}\" to the test output as \"write-create-object-result.json\" (skipped)\n⊘ I call \"{storage}\" with \"DeleteObject\" using arguments \"{ResourceName}\" and \"test-cn05-authorized-modify.txt\" (skipped)", - "status_id": 1, - "time": 1772107503, - "time_dt": "2026-02-26T12:05:03Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN05.AR01 - Block Unauthorized Data Modification" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772107573, - "created_time_dt": "2026-02-26T12:06:13Z", - "desc": "Compliance test scenario: Storage is not configured for public write access", - "title": "Storage is not configured for public write access", - "types": [], - "uid": "ccc-test-724-1772107573" - }, - "message": "Storage is not configured for public write access", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@CCC.Core", - "@CCC.Core.CN05", - "@tlp-clear", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@Policy", - "@object-storage" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "logs-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "logs-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "logs-flowing-porpoise" - } - ], - "severity": "Medium", - "severity_id": 3, - "status": "New", - "status_code": "FAIL", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ— I attempt policy check \"object-storage-block-public-write-access\" for control \"CCC.Core.CN05\" assessment requirement \"AR01\" for service \"{ServiceType}\" on resource \"{ResourceName}\" and provider \"{Provider}\" - Error: policy check failed: S3 Block Public Access Configuration: \n⊘ \"{result}\" is true (skipped)", - "status_id": 1, - "time": 1772107573, - "time_dt": "2026-02-26T12:06:13Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN05.AR01 - Block Unauthorized Data Modification" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772107574, - "created_time_dt": "2026-02-26T12:06:14Z", - "desc": "Compliance test scenario: Service prevents administrative action (creating a new bucket) by user with no access", - "title": "Service prevents administrative action (creating a new bucket) by user with no access", - "types": [], - "uid": "ccc-test-803-1772107574" - }, - "message": "Service prevents administrative action (creating a new bucket) by user with no access", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@CCC.Core", - "@CCC.Core.CN05", - "@tlp-clear", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@Destructive", - "@Behavioural", - "@object-storage" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "logs-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "logs-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "logs-flowing-porpoise" - } - ], - "severity": "Informational", - "severity_id": 1, - "status": "New", - "status_code": "PASS", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ I call \"{iamService}\" with \"ProvisionUserWithAccess\" using arguments \"test-user-no-admin-access\", \"{UID}\", and \"none\"\nβœ“ I refer to \"{result}\" as \"testUserNoAccess\"\nβœ“ I attach \"{result}\" to the test output as \"no-admin-user-identity.json\"\nβœ“ I call \"{api}\" with \"GetServiceAPIWithIdentity\" using arguments \"object-storage\", \"{testUserNoAccess}\", and \"{false}\"\nβœ“ \"{result}\" is not an error\nβœ“ I refer to \"{result}\" as \"userStorage\"\nβœ“ I call \"{userStorage}\" with \"CreateBucket\" using argument \"test-cn05-unauthorized-admin-container\"\nβœ“ \"{result}\" is an error\nβœ“ I attach \"{result}\" to the test output as \"no-admin-create-bucket-error.txt\"", - "status_id": 1, - "time": 1772107574, - "time_dt": "2026-02-26T12:06:14Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN05.AR02 - Block Unauthorized Administrative Access" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772107575, - "created_time_dt": "2026-02-26T12:06:15Z", - "desc": "Compliance test scenario: Service prevents administrative action (creating a new bucket) by user with read-only access", - "title": "Service prevents administrative action (creating a new bucket) by user with read-only access", - "types": [], - "uid": "ccc-test-818-1772107575" - }, - "message": "Service prevents administrative action (creating a new bucket) by user with read-only access", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@CCC.Core", - "@CCC.Core.CN05", - "@tlp-clear", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@Destructive", - "@Behavioural", - "@object-storage" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "logs-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "logs-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "logs-flowing-porpoise" - } - ], - "severity": "Informational", - "severity_id": 1, - "status": "New", - "status_code": "PASS", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ I call \"{iamService}\" with \"ProvisionUserWithAccess\" using arguments \"test-user-read-only-admin\", \"{UID}\", and \"read\"\nβœ“ I refer to \"{result}\" as \"testUserRead\"\nβœ“ I attach \"{result}\" to the test output as \"read-only-admin-user-identity.json\"\nβœ“ I call \"{api}\" with \"GetServiceAPIWithIdentity\" using arguments \"object-storage\", \"{testUserRead}\", and \"{false}\"\nβœ“ \"{result}\" is not an error\nβœ“ I refer to \"{result}\" as \"userStorage\"\nβœ“ I call \"{userStorage}\" with \"CreateBucket\" using argument \"test-cn05-read-only-create-container\"\nβœ“ \"{result}\" is an error\nβœ“ I attach \"{result}\" to the test output as \"read-only-create-bucket-error.txt\"", - "status_id": 1, - "time": 1772107575, - "time_dt": "2026-02-26T12:06:15Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN05.AR02 - Block Unauthorized Administrative Access" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772107590, - "created_time_dt": "2026-02-26T12:06:30Z", - "desc": "Compliance test scenario: Service allows administrative action (creating a new bucket) by user with admin access", - "title": "Service allows administrative action (creating a new bucket) by user with admin access", - "types": [], - "uid": "ccc-test-834-1772107590" - }, - "message": "Service allows administrative action (creating a new bucket) by user with admin access", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@CCC.Core", - "@CCC.Core.CN05", - "@tlp-clear", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@Behavioural", - "@object-storage" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "logs-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "logs-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "logs-flowing-porpoise" - } - ], - "severity": "Informational", - "severity_id": 1, - "status": "New", - "status_code": "PASS", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ I call \"{iamService}\" with \"ProvisionUserWithAccess\" using arguments \"test-user-admin-access\", \"{UID}\", and \"admin\"\nβœ“ I refer to \"{result}\" as \"testUserAdmin\"\nβœ“ I attach \"{result}\" to the test output as \"admin-user-identity.json\"\nβœ“ I call \"{api}\" with \"GetServiceAPIWithIdentity\" using arguments \"object-storage\", \"{testUserAdmin}\", and \"{true}\"\nβœ“ \"{result}\" is not an error\nβœ“ I refer to \"{result}\" as \"userStorage\"\nβœ“ I call \"{userStorage}\" with \"CreateBucket\" using argument \"test-cn05-authorized-admin-container\"\nβœ“ \"{result}\" is not an error\nβœ“ I attach \"{result}\" to the test output as \"admin-create-bucket-result.json\"\nβœ“ I call \"{storage}\" with \"DeleteBucket\" using argument \"test-cn05-authorized-admin-container\"", - "status_id": 1, - "time": 1772107590, - "time_dt": "2026-02-26T12:06:30Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN05.AR02 - Block Unauthorized Administrative Access" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772107606, - "created_time_dt": "2026-02-26T12:06:46Z", - "desc": "Compliance test scenario: Unauthorized administrative access is blocked", - "title": "Unauthorized administrative access is blocked", - "types": [], - "uid": "ccc-test-841-1772107606" - }, - "message": "Unauthorized administrative access is blocked", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@CCC.Core", - "@CCC.Core.CN05", - "@tlp-clear", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@Policy", - "@object-storage" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "logs-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "logs-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "logs-flowing-porpoise" - } - ], - "severity": "Informational", - "severity_id": 1, - "status": "New", - "status_code": "PASS", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ no-op required", - "status_id": 1, - "time": 1772107606, - "time_dt": "2026-02-26T12:06:46Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN05.AR02 - Block Unauthorized Administrative Access" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772107606, - "created_time_dt": "2026-02-26T12:06:46Z", - "desc": "Compliance test scenario: Cross-tenant access is blocked without explicit allowlist", - "title": "Cross-tenant access is blocked without explicit allowlist", - "types": [], - "uid": "ccc-test-859-1772107606" - }, - "message": "Cross-tenant access is blocked without explicit allowlist", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@CCC.Core", - "@CCC.Core.CN05", - "@tlp-clear", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@Policy", - "@object-storage" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "logs-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "logs-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "logs-flowing-porpoise" - } - ], - "severity": "Medium", - "severity_id": 3, - "status": "New", - "status_code": "FAIL", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ— I attempt policy check \"object-storage-cross-tenant-block\" for control \"CCC.Core.CN05\" assessment requirement \"AR03\" for service \"{ServiceType}\" on resource \"{ResourceName}\" and provider \"{Provider}\" - Error: policy check failed: AWS S3 Cross-Tenant Access Block: \n⊘ \"{result}\" is true (skipped)", - "status_id": 1, - "time": 1772107606, - "time_dt": "2026-02-26T12:06:46Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN05.AR03 - Block Cross-Tenant Access" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772107608, - "created_time_dt": "2026-02-26T12:06:48Z", - "desc": "Compliance test scenario: External unauthorized data requests are blocked", - "title": "External unauthorized data requests are blocked", - "types": [], - "uid": "ccc-test-873-1772107608" - }, - "message": "External unauthorized data requests are blocked", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@CCC.Core", - "@CCC.Core.CN05", - "@tlp-amber", - "@tlp-red", - "@Policy", - "@object-storage" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "logs-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "logs-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "logs-flowing-porpoise" - } - ], - "severity": "Informational", - "severity_id": 1, - "status": "New", - "status_code": "PASS", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ no-op required", - "status_id": 1, - "time": 1772107608, - "time_dt": "2026-02-26T12:06:48Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN05.AR04 - Block Unauthorized External Data Requests" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772107608, - "created_time_dt": "2026-02-26T12:06:48Z", - "desc": "Compliance test scenario: External requests do not reveal service existence", - "title": "External requests do not reveal service existence", - "types": [], - "uid": "ccc-test-886-1772107608" - }, - "message": "External requests do not reveal service existence", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@CCC.Core", - "@CCC.Core.CN05", - "@tlp-red", - "@Policy", - "@object-storage" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "logs-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "logs-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "logs-flowing-porpoise" - } - ], - "severity": "Informational", - "severity_id": 1, - "status": "New", - "status_code": "PASS", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ no-op required", - "status_id": 1, - "time": 1772107608, - "time_dt": "2026-02-26T12:06:48Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN05.AR05 - Hide Service Existence from External Requests" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772107608, - "created_time_dt": "2026-02-26T12:06:48Z", - "desc": "Compliance test scenario: Service prevents data read by user with no access", - "title": "Service prevents data read by user with no access", - "types": [], - "uid": "ccc-test-914-1772107608" - }, - "message": "Service prevents data read by user with no access", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@CCC.Core", - "@CCC.Core.CN05", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@Destructive", - "@Behavioural", - "@object-storage" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "logs-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "logs-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "logs-flowing-porpoise" - } - ], - "severity": "Informational", - "severity_id": 1, - "status": "New", - "status_code": "PASS", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ no-op required", - "status_id": 1, - "time": 1772107608, - "time_dt": "2026-02-26T12:06:48Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN05.AR06 - Block All Unauthorized Requests" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772107608, - "created_time_dt": "2026-02-26T12:06:48Z", - "desc": "Compliance test scenario: All unauthorized requests are blocked", - "title": "All unauthorized requests are blocked", - "types": [], - "uid": "ccc-test-921-1772107608" - }, - "message": "All unauthorized requests are blocked", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@CCC.Core", - "@CCC.Core.CN05", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@Policy", - "@object-storage" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "logs-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "logs-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "logs-flowing-porpoise" - } - ], - "severity": "Informational", - "severity_id": 1, - "status": "New", - "status_code": "PASS", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ no-op required", - "status_id": 1, - "time": 1772107608, - "time_dt": "2026-02-26T12:06:48Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN05.AR06 - Block All Unauthorized Requests" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772107608, - "created_time_dt": "2026-02-26T12:06:48Z", - "desc": "Compliance test scenario: Object storage region compliance", - "title": "Object storage region compliance", - "types": [], - "uid": "ccc-test-944-1772107608" - }, - "message": "Object storage region compliance", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@CCC.Core", - "@CCC.Core.CN06", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@Policy", - "@object-storage" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "logs-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "logs-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "logs-flowing-porpoise" - } - ], - "severity": "Medium", - "severity_id": 3, - "status": "New", - "status_code": "FAIL", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ— I attempt policy check \"object-storage-region\" for control \"CCC.Core.CN06\" assessment requirement \"AR01\" for service \"{ServiceType}\" on resource \"{ResourceName}\" and provider \"{Provider}\" - Error: policy check failed: S3 Bucket Region Compliance: \n⊘ \"{result}\" is true (skipped)", - "status_id": 1, - "time": 1772107608, - "time_dt": "2026-02-26T12:06:48Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN06.AR01 - Resource Location Compliance" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772107609, - "created_time_dt": "2026-02-26T12:06:49Z", - "desc": "Compliance test scenario: Child resources are in approved regions", - "title": "Child resources are in approved regions", - "types": [], - "uid": "ccc-test-965-1772107609" - }, - "message": "Child resources are in approved regions", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@CCC.Core", - "@CCC.Core.CN06", - "@tlp-clear", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@Policy", - "@object-storage" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "logs-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "logs-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "logs-flowing-porpoise" - } - ], - "severity": "Informational", - "severity_id": 1, - "status": "New", - "status_code": "PASS", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ no-op required", - "status_id": 1, - "time": 1772107609, - "time_dt": "2026-02-26T12:06:49Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN06.AR02 - Child Resource Location Compliance" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772107609, - "created_time_dt": "2026-02-26T12:06:49Z", - "desc": "Compliance test scenario: Enumeration activities publish events to monitored channels", - "title": "Enumeration activities publish events to monitored channels", - "types": [], - "uid": "ccc-test-981-1772107609" - }, - "message": "Enumeration activities publish events to monitored channels", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@CCC.Core", - "@CCC.Core.CN07", - "@tlp-amber", - "@tlp-red", - "@Policy", - "@object-storage" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "logs-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "logs-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "logs-flowing-porpoise" - } - ], - "severity": "Informational", - "severity_id": 1, - "status": "New", - "status_code": "PASS", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I attempt policy check \"enumeration-monitoring-policy\" for control \"CCC.Core.CN07\" assessment requirement \"AR01\" for service \"{ServiceType}\" on resource \"{ResourceName}\" and provider \"{Provider}\"\nβœ“ \"{result}\" is true", - "status_id": 1, - "time": 1772107609, - "time_dt": "2026-02-26T12:06:49Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN07.AR01 - Publish Enumeration Activity Events" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772107609, - "created_time_dt": "2026-02-26T12:06:49Z", - "desc": "Compliance test scenario: Enumeration activities are logged", - "title": "Enumeration activities are logged", - "types": [], - "uid": "ccc-test-997-1772107609" - }, - "message": "Enumeration activities are logged", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@CCC.Core", - "@CCC.Core.CN07", - "@tlp-clear", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@Policy", - "@object-storage" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "logs-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "logs-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "logs-flowing-porpoise" - } - ], - "severity": "Informational", - "severity_id": 1, - "status": "New", - "status_code": "PASS", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ no-op required", - "status_id": 1, - "time": 1772107609, - "time_dt": "2026-02-26T12:06:49Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN07.AR02 - Log Enumeration Activities" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772107609, - "created_time_dt": "2026-02-26T12:06:49Z", - "desc": "Compliance test scenario: Object storage replication compliance", - "title": "Object storage replication compliance", - "types": [], - "uid": "ccc-test-1014-1772107609" - }, - "message": "Object storage replication compliance", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@CCC.Core", - "@CCC.Core.CN08", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@Policy", - "@object-storage" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "logs-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "logs-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "logs-flowing-porpoise" - } - ], - "severity": "Medium", - "severity_id": 3, - "status": "New", - "status_code": "FAIL", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ— I attempt policy check \"object-storage-replication\" for control \"CCC.Core.CN08\" assessment requirement \"AR01\" for service \"{ServiceType}\" on resource \"{ResourceName}\" and provider \"{Provider}\" - Error: policy check failed: S3 Cross-Region Replication Configuration: query execution failed: exit status 254\nOutput: \nAn error occurred (ReplicationConfigurationNotFoundError) when calling the GetBucketReplication operation: The replication configuration was not found\n\n⊘ \"{result}\" is true (skipped)", - "status_id": 1, - "time": 1772107609, - "time_dt": "2026-02-26T12:06:49Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN08.AR01 - Data Replication and Redundancy" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772107610, - "created_time_dt": "2026-02-26T12:06:50Z", - "desc": "Compliance test scenario: Object storage replication status is visible", - "title": "Object storage replication status is visible", - "types": [], - "uid": "ccc-test-1031-1772107610" - }, - "message": "Object storage replication status is visible", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@CCC.Core", - "@CCC.Core.CN08", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@Policy", - "@object-storage" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "logs-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "logs-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "logs-flowing-porpoise" - } - ], - "severity": "Medium", - "severity_id": 3, - "status": "New", - "status_code": "FAIL", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ— I attempt policy check \"object-storage-replication-status\" for control \"CCC.Core.CN08\" assessment requirement \"AR02\" for service \"{ServiceType}\" on resource \"{ResourceName}\" and provider \"{Provider}\" - Error: policy check failed: S3 Replication Status Visibility: query execution failed: exit status 254\nOutput: \nAn error occurred (ReplicationConfigurationNotFoundError) when calling the GetBucketReplication operation: The replication configuration was not found\n\n⊘ \"{result}\" is true (skipped)", - "status_id": 1, - "time": 1772107610, - "time_dt": "2026-02-26T12:06:50Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN08.AR02 - Replication Status Visibility" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772107611, - "created_time_dt": "2026-02-26T12:06:51Z", - "desc": "Compliance test scenario: Object storage access logging compliance", - "title": "Object storage access logging compliance", - "types": [], - "uid": "ccc-test-1048-1772107611" - }, - "message": "Object storage access logging compliance", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@CCC.Core", - "@CCC.Core.CN09", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@Policy", - "@object-storage" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "logs-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "logs-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "logs-flowing-porpoise" - } - ], - "severity": "Medium", - "severity_id": 3, - "status": "New", - "status_code": "FAIL", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ— I attempt policy check \"object-storage-access-logging\" for control \"CCC.Core.CN09\" assessment requirement \"AR01\" for service \"{ServiceType}\" on resource \"{ResourceName}\" and provider \"{Provider}\" - Error: policy check failed: S3 Server Access Logging Configuration: \n⊘ \"{result}\" is true (skipped)", - "status_id": 1, - "time": 1772107611, - "time_dt": "2026-02-26T12:06:51Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN09.AR01 - Access Logging Separation" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772107612, - "created_time_dt": "2026-02-26T12:06:52Z", - "desc": "Compliance test scenario: Disabling logs requires disabling the resource", - "title": "Disabling logs requires disabling the resource", - "types": [], - "uid": "ccc-test-1064-1772107612" - }, - "message": "Disabling logs requires disabling the resource", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@CCC.Core", - "@CCC.Core.CN09", - "@tlp-clear", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@Policy", - "@object-storage" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "logs-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "logs-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "logs-flowing-porpoise" - } - ], - "severity": "Informational", - "severity_id": 1, - "status": "New", - "status_code": "PASS", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ no-op required", - "status_id": 1, - "time": 1772107612, - "time_dt": "2026-02-26T12:06:52Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN09.AR02 - Logs Cannot Be Disabled" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772107612, - "created_time_dt": "2026-02-26T12:06:52Z", - "desc": "Compliance test scenario: Redirecting logs requires halting the resource", - "title": "Redirecting logs requires halting the resource", - "types": [], - "uid": "ccc-test-1078-1772107612" - }, - "message": "Redirecting logs requires halting the resource", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@CCC.Core", - "@CCC.Core.CN09", - "@tlp-amber", - "@tlp-red", - "@Policy", - "@object-storage" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "logs-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "logs-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "logs-flowing-porpoise" - } - ], - "severity": "Informational", - "severity_id": 1, - "status": "New", - "status_code": "PASS", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ no-op required", - "status_id": 1, - "time": 1772107612, - "time_dt": "2026-02-26T12:06:52Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN09.AR03 - Log Redirection Requires Service Halt" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772107612, - "created_time_dt": "2026-02-26T12:06:52Z", - "desc": "Compliance test scenario: Object storage replication destination compliance", - "title": "Object storage replication destination compliance", - "types": [], - "uid": "ccc-test-1095-1772107612" - }, - "message": "Object storage replication destination compliance", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@CCC.Core", - "@CCC.Core.CN10", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@Policy", - "@object-storage" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "logs-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "logs-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "logs-flowing-porpoise" - } - ], - "severity": "Medium", - "severity_id": 3, - "status": "New", - "status_code": "FAIL", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ— I attempt policy check \"object-storage-replication-destination\" for control \"CCC.Core.CN10\" assessment requirement \"AR01\" for service \"{ServiceType}\" on resource \"{ResourceName}\" and provider \"{Provider}\" - Error: policy check failed: S3 Replication Destination Region Validation: query execution failed: exit status 254\nOutput: \nAn error occurred (ReplicationConfigurationNotFoundError) when calling the GetBucketReplication operation: The replication configuration was not found\n\n⊘ \"{result}\" is true (skipped)", - "status_id": 1, - "time": 1772107612, - "time_dt": "2026-02-26T12:06:52Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN10.AR01 - Replication Destination Trust" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772107613, - "created_time_dt": "2026-02-26T12:06:53Z", - "desc": "Compliance test scenario: Service prevents reading bucket with no access", - "title": "Service prevents reading bucket with no access", - "types": [], - "uid": "ccc-test-1146-1772107613" - }, - "message": "Service prevents reading bucket with no access", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@object-storage", - "@CCC.ObjStor", - "@tlp-amber", - "@tlp-red", - "@CCC.ObjStor.CN01.AR01", - "@Destructive" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "logs-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "logs-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "logs-flowing-porpoise" - } - ], - "severity": "Informational", - "severity_id": 1, - "status": "New", - "status_code": "PASS", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ I call \"{iamService}\" with \"ProvisionUserWithAccess\" using arguments \"test-user-no-access\", \"{UID}\", and \"none\"\nβœ“ I refer to \"{result}\" as \"testUserNoAccess\"\nβœ“ I attach \"{result}\" to the test output as \"no-access-user-identity.json\"\nβœ“ I call \"{api}\" with \"GetServiceAPIWithIdentity\" using arguments \"object-storage\", \"{testUserNoAccess}\", and \"{false}\"\nβœ“ \"{result}\" is not an error\nβœ“ I refer to \"{result}\" as \"userStorage\"\nβœ“ I call \"{userStorage}\" with \"ListObjects\" using argument \"{ResourceName}\"\nβœ“ \"{result}\" is an error\nβœ“ I attach \"{result}\" to the test output as \"no-access-list-error.txt\"", - "status_id": 1, - "time": 1772107613, - "time_dt": "2026-02-26T12:06:53Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.ObjStor.CN01.AR01" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772107613, - "created_time_dt": "2026-02-26T12:06:53Z", - "desc": "Compliance test scenario: Service allows reading bucket with read access", - "title": "Service allows reading bucket with read access", - "types": [], - "uid": "ccc-test-1162-1772107613" - }, - "message": "Service allows reading bucket with read access", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@object-storage", - "@CCC.ObjStor", - "@tlp-amber", - "@tlp-red", - "@CCC.ObjStor.CN01.AR01" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "logs-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "logs-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "logs-flowing-porpoise" - } - ], - "severity": "Medium", - "severity_id": 3, - "status": "New", - "status_code": "FAIL", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ I call \"{iamService}\" with \"ProvisionUserWithAccess\" using arguments \"test-user-read\", \"{UID}\", and \"read\"\nβœ“ I refer to \"{result}\" as \"testUserRead\"\nβœ“ I attach \"{result}\" to the test output as \"read-user-identity.json\"\nβœ“ I call \"{api}\" with \"GetServiceAPIWithIdentity\" using arguments \"object-storage\", \"{testUserRead}\", and \"{true}\"\nβœ— \"{result}\" is not an error - Error: expected {result} to not be an error, but got: user provisioning validation failed: user permissions validation timed out after 12 attempts: credentials not ready for S3 access: operation error S3: ListBuckets, https response error StatusCode: 403, RequestID: 38Y8XH29DCNHQ84Z, HostID: sLovvXSLNO6ubWLmxHFJb4VX1HviAoa2JS/hmVWd75+O1sHcallSk1FH/ywftWfJdEfqX2XWatGFCmYmxH2nMIpnSOXKLzqaPPcoKiLRWYw=, api error AccessDenied: User: arn:aws:iam::211203495394:user/test-user-read is not authorized to perform: s3:ListAllMyBuckets because no identity-based policy allows the s3:ListAllMyBuckets action\n⊘ I attach \"{result}\" to the test output as \"read-storage-service.json\" (skipped)\n⊘ I refer to \"{result}\" as \"userStorage\" (skipped)\n⊘ I call \"{userStorage}\" with \"ListObjects\" using argument \"{ResourceName}\" (skipped)\n⊘ \"{result}\" is not an error (skipped)\n⊘ I attach \"{result}\" to the test output as \"read-list-objects-result.json\" (skipped)", - "status_id": 1, - "time": 1772107613, - "time_dt": "2026-02-26T12:06:53Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.ObjStor.CN01.AR01" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772107683, - "created_time_dt": "2026-02-26T12:08:03Z", - "desc": "Compliance test scenario: Test policy", - "title": "Test policy", - "types": [], - "uid": "ccc-test-1163-1772107683" - }, - "message": "Test policy", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@object-storage", - "@CCC.ObjStor", - "@tlp-amber", - "@tlp-red", - "@CCC.ObjStor.CN01.AR01", - "@Policy" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "logs-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "logs-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "logs-flowing-porpoise" - } - ], - "severity": "Informational", - "severity_id": 1, - "status": "New", - "status_code": "PASS", - "status_detail": "", - "status_id": 1, - "time": 1772107683, - "time_dt": "2026-02-26T12:08:03Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.ObjStor.CN01.AR01" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772107683, - "created_time_dt": "2026-02-26T12:08:03Z", - "desc": "Compliance test scenario: Service prevents reading object with no access", - "title": "Service prevents reading object with no access", - "types": [], - "uid": "ccc-test-1216-1772107683" - }, - "message": "Service prevents reading object with no access", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@object-storage", - "@CCC.ObjStor", - "@tlp-amber", - "@tlp-red", - "@CCC.ObjStor.CN01.AR02" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "logs-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "logs-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "logs-flowing-porpoise" - } - ], - "severity": "Informational", - "severity_id": 1, - "status": "New", - "status_code": "PASS", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ I call \"{storage}\" with \"CreateObject\" using arguments \"{ResourceName}\", \"test-object.txt\", and \"test content\"\nβœ“ \"{result}\" is not an error\nβœ“ I call \"{iamService}\" with \"ProvisionUserWithAccess\" using arguments \"test-user-no-access\", \"{UID}\", and \"none\"\nβœ“ I refer to \"{result}\" as \"testUserNoAccess\"\nβœ“ I attach \"{result}\" to the test output as \"no-access-user-identity.json\"\nβœ“ I call \"{api}\" with \"GetServiceAPIWithIdentity\" using arguments \"object-storage\", \"{testUserNoAccess}\", and \"{false}\"\nβœ“ \"{result}\" is not an error\nβœ“ I refer to \"{result}\" as \"userStorage\"\nβœ“ I call \"{userStorage}\" with \"ReadObject\" using arguments \"{ResourceName}\" and \"test-object.txt\"\nβœ“ \"{result}\" is an error\nβœ“ I attach \"{result}\" to the test output as \"no-access-read-object-error.txt\"", - "status_id": 1, - "time": 1772107683, - "time_dt": "2026-02-26T12:08:03Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.ObjStor.CN01.AR02" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772107684, - "created_time_dt": "2026-02-26T12:08:04Z", - "desc": "Compliance test scenario: Service allows reading object with read access", - "title": "Service allows reading object with read access", - "types": [], - "uid": "ccc-test-1235-1772107684" - }, - "message": "Service allows reading object with read access", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@object-storage", - "@CCC.ObjStor", - "@tlp-amber", - "@tlp-red", - "@CCC.ObjStor.CN01.AR02" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "logs-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "logs-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "logs-flowing-porpoise" - } - ], - "severity": "Medium", - "severity_id": 3, - "status": "New", - "status_code": "FAIL", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ I call \"{storage}\" with \"CreateObject\" using arguments \"{ResourceName}\", \"test-object.txt\", and \"test content\"\nβœ“ \"{result}\" is not an error\nβœ“ I call \"{iamService}\" with \"ProvisionUserWithAccess\" using arguments \"test-user-read\", \"{UID}\", and \"read\"\nβœ“ I refer to \"{result}\" as \"testUserRead\"\nβœ“ I attach \"{result}\" to the test output as \"read-user-identity.json\"\nβœ“ I call \"{api}\" with \"GetServiceAPIWithIdentity\" using arguments \"object-storage\", \"{testUserRead}\", and \"{true}\"\nβœ— \"{result}\" is not an error - Error: expected {result} to not be an error, but got: user provisioning validation failed: user permissions validation timed out after 12 attempts: credentials not ready for S3 access: operation error S3: ListBuckets, https response error StatusCode: 403, RequestID: ZCN089CZXV01Y9MM, HostID: JFwLHtAdJh7VKaqpaNEaxALqSt20hLF7DAOLfFxmvxhf1kFAOJUpiemQnsvFE0F1CWiqSaJJ7GU=, api error AccessDenied: User: arn:aws:iam::211203495394:user/test-user-read is not authorized to perform: s3:ListAllMyBuckets because no identity-based policy allows the s3:ListAllMyBuckets action\n⊘ I attach \"{result}\" to the test output as \"read-storage-service.json\" (skipped)\n⊘ I refer to \"{result}\" as \"userStorage\" (skipped)\n⊘ I call \"{userStorage}\" with \"ReadObject\" using arguments \"{ResourceName}\" and \"test-object.txt\" (skipped)\n⊘ \"{result}\" is not an error (skipped)\n⊘ I attach \"{result}\" to the test output as \"read-read-object-result.json\" (skipped)\n⊘ I call \"{storage}\" with \"DeleteObject\" using arguments \"{ResourceName}\" and \"test-object.txt\" (skipped)", - "status_id": 1, - "time": 1772107684, - "time_dt": "2026-02-26T12:08:04Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.ObjStor.CN01.AR02" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772107739, - "created_time_dt": "2026-02-26T12:08:59Z", - "desc": "Compliance test scenario: Service prevents creating bucket with no access", - "title": "Service prevents creating bucket with no access", - "types": [], - "uid": "ccc-test-1286-1772107739" - }, - "message": "Service prevents creating bucket with no access", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@object-storage", - "@CCC.ObjStor", - "@tlp-clear", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@CCC.ObjStor.CN01.AR03" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "logs-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "logs-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "logs-flowing-porpoise" - } - ], - "severity": "Informational", - "severity_id": 1, - "status": "New", - "status_code": "PASS", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ I call \"{iamService}\" with \"ProvisionUserWithAccess\" using arguments \"test-user-no-access\", \"{UID}\", and \"none\"\nβœ“ I refer to \"{result}\" as \"testUserNoAccess\"\nβœ“ I attach \"{result}\" to the test output as \"no-access-user-identity.json\"\nβœ“ I call \"{api}\" with \"GetServiceAPIWithIdentity\" using arguments \"object-storage\", \"{testUserNoAccess}\", and \"{false}\"\nβœ“ \"{result}\" is not an error\nβœ“ I refer to \"{result}\" as \"userStorage\"\nβœ“ I call \"{userStorage}\" with \"CreateBucket\" using argument \"test-bucket-no-access\"\nβœ“ \"{result}\" is an error\nβœ“ I attach \"{result}\" to the test output as \"no-access-create-bucket-error.txt\"", - "status_id": 1, - "time": 1772107739, - "time_dt": "2026-02-26T12:08:59Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.ObjStor.CN01.AR03" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772107739, - "created_time_dt": "2026-02-26T12:08:59Z", - "desc": "Compliance test scenario: Service allows creating bucket with write access", - "title": "Service allows creating bucket with write access", - "types": [], - "uid": "ccc-test-1303-1772107739" - }, - "message": "Service allows creating bucket with write access", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@object-storage", - "@CCC.ObjStor", - "@tlp-clear", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@CCC.ObjStor.CN01.AR03" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "logs-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "logs-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "logs-flowing-porpoise" - } - ], - "severity": "Medium", - "severity_id": 3, - "status": "New", - "status_code": "FAIL", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ I call \"{iamService}\" with \"ProvisionUserWithAccess\" using arguments \"test-user-write\", \"{UID}\", and \"write\"\nβœ“ I refer to \"{result}\" as \"testUserWrite\"\nβœ“ I attach \"{result}\" to the test output as \"write-user-identity.json\"\nβœ“ I call \"{api}\" with \"GetServiceAPIWithIdentity\" using arguments \"object-storage\", \"{testUserWrite}\", and \"{true}\"\nβœ— \"{result}\" is not an error - Error: expected {result} to not be an error, but got: user provisioning validation failed: user permissions validation timed out after 12 attempts: credentials not ready for S3 access: operation error S3: ListBuckets, https response error StatusCode: 403, RequestID: 6628RNMVNRWPVKQ9, HostID: i2Vbfd5bmJ+bJ+Fc6eH4sWJOjQVxjm00/s/Y+O4CtESKOZhMS+/5RsvDi8iLaezOo/XIuJh/nnQ=, api error AccessDenied: User: arn:aws:iam::211203495394:user/test-user-write is not authorized to perform: s3:ListAllMyBuckets because no identity-based policy allows the s3:ListAllMyBuckets action\n⊘ I attach \"{result}\" to the test output as \"write-storage-service.json\" (skipped)\n⊘ I refer to \"{result}\" as \"userStorage\" (skipped)\n⊘ I call \"{userStorage}\" with \"CreateBucket\" using argument \"test-bucket-write\" (skipped)\n⊘ \"{result}\" is not an error (skipped)\n⊘ I attach \"{result}\" to the test output as \"write-create-bucket-result.json\" (skipped)\n⊘ I call \"{storage}\" with \"DeleteBucket\" using argument \"{result.ID}\" (skipped)", - "status_id": 1, - "time": 1772107739, - "time_dt": "2026-02-26T12:08:59Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.ObjStor.CN01.AR03" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772107810, - "created_time_dt": "2026-02-26T12:10:10Z", - "desc": "Compliance test scenario: Service prevents writing object with read-only access", - "title": "Service prevents writing object with read-only access", - "types": [], - "uid": "ccc-test-1358-1772107810" - }, - "message": "Service prevents writing object with read-only access", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@object-storage", - "@CCC.ObjStor", - "@tlp-clear", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@CCC.ObjStor.CN01.AR04" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "logs-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "logs-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "logs-flowing-porpoise" - } - ], - "severity": "Medium", - "severity_id": 3, - "status": "New", - "status_code": "FAIL", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ \"{result}\" is not an error\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ \"{result}\" is not an error\nβœ“ I call \"{iamService}\" with \"ProvisionUserWithAccess\" using arguments \"test-user-read\", \"{UID}\", and \"read\"\nβœ“ I refer to \"{result}\" as \"testUserRead\"\nβœ“ I attach \"{result}\" to the test output as \"read-user-identity.json\"\nβœ“ I call \"{api}\" with \"GetServiceAPIWithIdentity\" using arguments \"object-storage\", \"{testUserRead}\", and \"{true}\"\nβœ— \"{result}\" is not an error - Error: expected {result} to not be an error, but got: user provisioning validation failed: user permissions validation timed out after 12 attempts: credentials not ready for S3 access: operation error S3: ListBuckets, https response error StatusCode: 403, RequestID: FWKEPKBQGJX782JR, HostID: zRzWNq1vm9AvOnxuqgQKc2XKF29ZymxmEU6L7NqDshwfKXCNI4MKs/HPbUSyLg7gbFr1pmIGHVA=, api error AccessDenied: User: arn:aws:iam::211203495394:user/test-user-read is not authorized to perform: s3:ListAllMyBuckets because no identity-based policy allows the s3:ListAllMyBuckets action\n⊘ I refer to \"{result}\" as \"userStorage\" (skipped)\n⊘ I call \"{userStorage}\" with \"CreateObject\" using arguments \"{ResourceName}\", \"test-write-object.txt\", and \"test content\" (skipped)\n⊘ \"{result}\" is an error (skipped)\n⊘ I attach \"{result}\" to the test output as \"read-create-object-error.txt\" (skipped)", - "status_id": 1, - "time": 1772107810, - "time_dt": "2026-02-26T12:10:10Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.ObjStor.CN01.AR04" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772107865, - "created_time_dt": "2026-02-26T12:11:05Z", - "desc": "Compliance test scenario: Service allows writing object with write access", - "title": "Service allows writing object with write access", - "types": [], - "uid": "ccc-test-1377-1772107865" - }, - "message": "Service allows writing object with write access", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@object-storage", - "@CCC.ObjStor", - "@tlp-clear", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@CCC.ObjStor.CN01.AR04" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "logs-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "logs-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "logs-flowing-porpoise" - } - ], - "severity": "Medium", - "severity_id": 3, - "status": "New", - "status_code": "FAIL", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ \"{result}\" is not an error\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ \"{result}\" is not an error\nβœ“ I call \"{iamService}\" with \"ProvisionUserWithAccess\" using arguments \"test-user-write\", \"{UID}\", and \"write\"\nβœ“ I refer to \"{result}\" as \"testUserWrite\"\nβœ“ I attach \"{result}\" to the test output as \"write-user-identity.json\"\nβœ“ I call \"{api}\" with \"GetServiceAPIWithIdentity\" using arguments \"object-storage\", \"{testUserWrite}\", and \"{true}\"\nβœ— \"{result}\" is not an error - Error: expected {result} to not be an error, but got: user provisioning validation failed: user permissions validation timed out after 12 attempts: credentials not ready for S3 access: operation error S3: ListBuckets, https response error StatusCode: 403, RequestID: PD0D3DYMAQXKMQBR, HostID: bss3HB1/WAaLEpLoivvNFxBjWGWAQVI+iSfOUwbDFAPL0xjnCHpQdexZNpSUl1obtI0ucEWzlV7HjpDKjHQlHwkqKG5v8Qzz, api error AccessDenied: User: arn:aws:iam::211203495394:user/test-user-write is not authorized to perform: s3:ListAllMyBuckets because no identity-based policy allows the s3:ListAllMyBuckets action\n⊘ I attach \"{result}\" to the test output as \"write-storage-service.json\" (skipped)\n⊘ I refer to \"{result}\" as \"userStorage\" (skipped)\n⊘ I call \"{userStorage}\" with \"CreateObject\" using arguments \"{ResourceName}\", \"test-write-object.txt\", and \"test content\" (skipped)\n⊘ \"{result}\" is not an error (skipped)\n⊘ I attach \"{result}\" to the test output as \"write-create-object-result.json\" (skipped)\n⊘ I call \"{storage}\" with \"DeleteObject\" using arguments \"{ResourceName}\" and \"test-write-object.txt\" (skipped)", - "status_id": 1, - "time": 1772107865, - "time_dt": "2026-02-26T12:11:05Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.ObjStor.CN01.AR04" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772107920, - "created_time_dt": "2026-02-26T12:12:00Z", - "desc": "Compliance test scenario: Service enforces uniform bucket-level access by rejecting object-level permissions", - "title": "Service enforces uniform bucket-level access by rejecting object-level permissions", - "types": [], - "uid": "ccc-test-1426-1772107920" - }, - "message": "Service enforces uniform bucket-level access by rejecting object-level permissions", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@object-storage", - "@CCC.ObjStor", - "@tlp-amber", - "@tlp-red", - "@CCC.ObjStor.CN02.AR01" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "logs-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "logs-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "logs-flowing-porpoise" - } - ], - "severity": "Medium", - "severity_id": 3, - "status": "New", - "status_code": "FAIL", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ I call \"{storage}\" with \"CreateObject\" using arguments \"{ResourceName}\", \"test-object.txt\", and \"test data\"\nβœ“ \"{result}\" is not an error\nβœ“ I call \"{iamService}\" with \"ProvisionUserWithAccess\" using arguments \"test-user-read\", \"{UID}\", and \"read\"\nβœ“ I refer to \"{result}\" as \"testUserRead\"\nβœ“ I attach \"{result}\" to the test output as \"read-user-identity.json\"\nβœ“ I call \"{api}\" with \"GetServiceAPIWithIdentity\" using arguments \"object-storage\", \"{testUserRead}\", and \"{true}\"\nβœ— \"{result}\" is not an error - Error: expected {result} to not be an error, but got: user provisioning validation failed: user permissions validation timed out after 12 attempts: credentials not ready for S3 access: operation error S3: ListBuckets, https response error StatusCode: 403, RequestID: DG8K5ASCVK2KED37, HostID: Tg+M0/YctRRUaW6r3SHXNYD5svWK2LZ+fZ/tbGL+NNdKxXnRwV/NAIxIGs07YXWA0xeRXmdeyUw=, api error AccessDenied: User: arn:aws:iam::211203495394:user/test-user-read is not authorized to perform: s3:ListAllMyBuckets because no identity-based policy allows the s3:ListAllMyBuckets action\n⊘ I refer to \"{result}\" as \"userStorage\" (skipped)\n⊘ I call \"{userStorage}\" with \"ReadObject\" using arguments \"{ResourceName}\" and \"test-object.txt\" (skipped)\n⊘ \"{result}\" is not an error (skipped)\n⊘ I call \"{storage}\" with \"SetObjectPermission\" using arguments \"{ResourceName}\", \"test-object.txt\", and \"none\" (skipped)\n⊘ \"{result}\" is an error (skipped)\n⊘ I attach \"{result}\" to the test output as \"set-object-permission-error.txt\" (skipped)\n⊘ I call \"{userStorage}\" with \"ReadObject\" using arguments \"{ResourceName}\" and \"test-object.txt\" (skipped)\n⊘ \"{result}\" is not an error (skipped)", - "status_id": 1, - "time": 1772107920, - "time_dt": "2026-02-26T12:12:00Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.ObjStor.CN02.AR01 - Uniform Bucket-Level Access (Consistent Allow)" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772107976, - "created_time_dt": "2026-02-26T12:12:56Z", - "desc": "Compliance test scenario: Service enforces uniform bucket-level access denial", - "title": "Service enforces uniform bucket-level access denial", - "types": [], - "uid": "ccc-test-1475-1772107976" - }, - "message": "Service enforces uniform bucket-level access denial", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@object-storage", - "@CCC.ObjStor", - "@tlp-amber", - "@tlp-red", - "@CCC.ObjStor.CN02.AR02" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "logs-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "logs-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "logs-flowing-porpoise" - } - ], - "severity": "Informational", - "severity_id": 1, - "status": "New", - "status_code": "PASS", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ I call \"{storage}\" with \"CreateObject\" using arguments \"{ResourceName}\", \"test-object.txt\", and \"test data\"\nβœ“ \"{result}\" is not an error\nβœ“ I call \"{iamService}\" with \"ProvisionUserWithAccess\" using arguments \"test-user-no-access\", \"{UID}\", and \"none\"\nβœ“ I refer to \"{result}\" as \"testUserNoAccess\"\nβœ“ I attach \"{result}\" to the test output as \"no-access-user-identity.json\"\nβœ“ I call \"{api}\" with \"GetServiceAPIWithIdentity\" using arguments \"object-storage\", \"{testUserNoAccess}\", and \"{false}\"\nβœ“ \"{result}\" is not an error\nβœ“ I refer to \"{result}\" as \"userStorage\"\nβœ“ I call \"{userStorage}\" with \"ReadObject\" using arguments \"{ResourceName}\" and \"test-object.txt\"\nβœ“ \"{result}\" is an error\nβœ“ I call \"{storage}\" with \"SetObjectPermission\" using arguments \"{ResourceName}\", \"test-object.txt\", and \"read\"\nβœ“ \"{result}\" is an error\nβœ“ I attach \"{result}\" to the test output as \"set-object-permission-error.txt\"\nβœ“ I call \"{userStorage}\" with \"ReadObject\" using arguments \"{ResourceName}\" and \"test-object.txt\"\nβœ“ \"{result}\" is an error", - "status_id": 1, - "time": 1772107976, - "time_dt": "2026-02-26T12:12:56Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.ObjStor.CN02.AR02 - Uniform Bucket-Level Access (Consistent Deny)" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772107976, - "created_time_dt": "2026-02-26T12:12:56Z", - "desc": "Compliance test scenario: Service supports bucket soft delete and recovery", - "title": "Service supports bucket soft delete and recovery", - "types": [], - "uid": "ccc-test-1524-1772107976" - }, - "message": "Service supports bucket soft delete and recovery", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@object-storage", - "@CCC.ObjStor", - "@tlp-amber", - "@tlp-red", - "@CCC.ObjStor.CN03.AR01" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "logs-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "logs-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "logs-flowing-porpoise" - } - ], - "severity": "Medium", - "severity_id": 3, - "status": "New", - "status_code": "FAIL", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{storage}\" with \"CreateBucket\" using argument \"ccc-test-soft-delete\"\nβœ“ \"{result}\" is not an error\nβœ“ I refer to \"{result}\" as \"testBucket\"\nβœ“ I attach \"{result}\" to the test output as \"created-bucket.json\"\nβœ“ I call \"{storage}\" with \"DeleteBucket\" using argument \"ccc-test-soft-delete\"\nβœ“ \"{result}\" is not an error\nβœ“ I call \"{storage}\" with \"ListDeletedBuckets\"\nβœ— \"{result}\" is not an error - Error: expected {result} to not be an error, but got: AWS S3 does not support bucket-level soft delete - bucket deletion is immediate and permanent\n⊘ I attach \"{result}\" to the test output as \"deleted-buckets.json\" (skipped)\n? \"{result}\" should have length greater than \"0\" (undefined)\n⊘ I call \"{storage}\" with \"RestoreBucket\" using argument \"ccc-test-soft-delete\" (skipped)\n⊘ \"{result}\" is not an error (skipped)\n⊘ I call \"{storage}\" with \"ListBuckets\" (skipped)\n⊘ \"{result}\" is not an error (skipped)\n⊘ I attach \"{result}\" to the test output as \"restored-buckets.json\" (skipped)\n⊘ I call \"{storage}\" with \"DeleteBucket\" using argument \"ccc-test-soft-delete\" (skipped)\n⊘ \"{result}\" is not an error (skipped)", - "status_id": 1, - "time": 1772107976, - "time_dt": "2026-02-26T12:12:56Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.ObjStor.CN03.AR01 - Bucket Soft Delete and Recovery" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772107977, - "created_time_dt": "2026-02-26T12:12:57Z", - "desc": "Compliance test scenario: Service prevents modification of locked retention policy", - "title": "Service prevents modification of locked retention policy", - "types": [], - "uid": "ccc-test-1561-1772107977" - }, - "message": "Service prevents modification of locked retention policy", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@object-storage", - "@CCC.ObjStor", - "@tlp-amber", - "@tlp-red", - "@CCC.ObjStor.CN03.AR02" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "logs-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "logs-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "logs-flowing-porpoise" - } - ], - "severity": "Medium", - "severity_id": 3, - "status": "New", - "status_code": "FAIL", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{storage}\" with \"GetBucketRetentionDurationDays\" using argument \"{ResourceName}\"\nβœ“ \"{result}\" is not an error\nβœ“ I refer to \"{result}\" as \"originalRetention\"\nβœ“ I attach \"{result}\" to the test output as \"original-retention-days.txt\"\nβœ— \"{result}\" should be greater than \"0\" - Error: expected {result} (0) to be greater than 0\n⊘ I call \"{storage}\" with \"SetBucketRetentionDurationDays\" using arguments \"{ResourceName}\" and \"1\" (skipped)\n⊘ \"{result}\" is an error (skipped)\n⊘ I attach \"{result}\" to the test output as \"set-retention-error.txt\" (skipped)\n⊘ I call \"{storage}\" with \"GetBucketRetentionDurationDays\" using argument \"{ResourceName}\" (skipped)\n⊘ \"{result}\" is not an error (skipped)\n? \"{result}\" should equal \"{originalRetention}\" (undefined)", - "status_id": 1, - "time": 1772107977, - "time_dt": "2026-02-26T12:12:57Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.ObjStor.CN03.AR02 - Immutable Bucket Retention Policy" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772107977, - "created_time_dt": "2026-02-26T12:12:57Z", - "desc": "Compliance test scenario: Service applies default retention policy to newly uploaded object", - "title": "Service applies default retention policy to newly uploaded object", - "types": [], - "uid": "ccc-test-1617-1772107977" - }, - "message": "Service applies default retention policy to newly uploaded object", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@object-storage", - "@CCC.ObjStor", - "@tlp-clear", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@CCC.ObjStor.CN04.AR01" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "logs-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "logs-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "logs-flowing-porpoise" - } - ], - "severity": "Medium", - "severity_id": 3, - "status": "New", - "status_code": "FAIL", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ I call \"{iamService}\" with \"ProvisionUserWithAccess\" using arguments \"test-user-write\", \"{UID}\", and \"write\"\nβœ“ I refer to \"{result}\" as \"testUserWrite\"\nβœ“ I attach \"{result}\" to the test output as \"write-user-identity.json\"\nβœ“ I call \"{api}\" with \"GetServiceAPIWithIdentity\" using arguments \"object-storage\", \"{testUserWrite}\", and \"{true}\"\nβœ— \"{result}\" is not an error - Error: expected {result} to not be an error, but got: user provisioning validation failed: user permissions validation timed out after 12 attempts: credentials not ready for S3 access: operation error S3: ListBuckets, https response error StatusCode: 403, RequestID: 2KD79FTZR64QHHFF, HostID: er6nl9HPZVqsmD8Bwg84z5OnVoCvraCG3IZsZ/o/4kEkMSDJQHpevaT/z4bIkOO9rWzRNYLx4iyjJGdhDLbqYljQGlDJItJQ, api error AccessDenied: User: arn:aws:iam::211203495394:user/test-user-write is not authorized to perform: s3:ListAllMyBuckets because no identity-based policy allows the s3:ListAllMyBuckets action\n⊘ I refer to \"{result}\" as \"userStorage\" (skipped)\n⊘ I call \"{userStorage}\" with \"CreateObject\" using arguments \"{ResourceName}\", \"test-retention-object.txt\", and \"protected data\" (skipped)\n⊘ I attach \"{result}\" to the test output as \"uploaded-object.json\" (skipped)\n⊘ I call \"{userStorage}\" with \"GetObjectRetentionDurationDays\" using arguments \"{ResourceName}\" and \"test-retention-object.txt\" (skipped)\n⊘ \"{result}\" should be greater than \"1\" (skipped)\n⊘ I call \"{storage}\" with \"DeleteObject\" using arguments \"{ResourceName}\" and \"test-retention-object.txt\" (skipped)", - "status_id": 1, - "time": 1772107977, - "time_dt": "2026-02-26T12:12:57Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.ObjStor.CN04.AR01" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772108032, - "created_time_dt": "2026-02-26T12:13:52Z", - "desc": "Compliance test scenario: Service enforces retention policy on newly created objects", - "title": "Service enforces retention policy on newly created objects", - "types": [], - "uid": "ccc-test-1629-1772108032" - }, - "message": "Service enforces retention policy on newly created objects", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@object-storage", - "@CCC.ObjStor", - "@tlp-clear", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@CCC.ObjStor.CN04.AR01" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "logs-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "logs-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "logs-flowing-porpoise" - } - ], - "severity": "Medium", - "severity_id": 3, - "status": "New", - "status_code": "FAIL", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ I call \"{storage}\" with \"CreateObject\" using arguments \"{ResourceName}\", \"immediate-delete-test.txt\", and \"test content\"\nβœ“ \"{result}\" is not an error\nβœ“ I call \"{storage}\" with \"DeleteObject\" using arguments \"{ResourceName}\" and \"immediate-delete-test.txt\"\nβœ— \"{result}\" is an error - Error: expected {result} to be an error, got \u003cnil\u003e\n⊘ I attach \"{result}\" to the test output as \"immediate-delete-error.txt\" (skipped)\n? \"{result}\" should contain \"retention\" (undefined)", - "status_id": 1, - "time": 1772108032, - "time_dt": "2026-02-26T12:13:52Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.ObjStor.CN04.AR01" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772108033, - "created_time_dt": "2026-02-26T12:13:53Z", - "desc": "Compliance test scenario: Service validates retention period meets minimum requirements", - "title": "Service validates retention period meets minimum requirements", - "types": [], - "uid": "ccc-test-1640-1772108033" - }, - "message": "Service validates retention period meets minimum requirements", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@object-storage", - "@CCC.ObjStor", - "@tlp-clear", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@CCC.ObjStor.CN04.AR01" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "logs-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "logs-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "logs-flowing-porpoise" - } - ], - "severity": "Medium", - "severity_id": 3, - "status": "New", - "status_code": "FAIL", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ I call \"{storage}\" with \"CreateObject\" using arguments \"{ResourceName}\", \"retention-period-test.txt\", and \"compliance data\"\nβœ“ I call \"{storage}\" with \"GetObjectRetentionDurationDays\" using arguments \"{ResourceName}\" and \"retention-period-test.txt\"\nβœ— \"{result}\" should be greater than \"1\" - Error: expected {result} (0) to be greater than 1\n⊘ I attach \"{result}\" to the test output as \"retention-period-days.json\" (skipped)\n⊘ I call \"{storage}\" with \"DeleteObject\" using arguments \"{ResourceName}\" and \"retention-period-test.txt\" (skipped)", - "status_id": 1, - "time": 1772108033, - "time_dt": "2026-02-26T12:13:53Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.ObjStor.CN04.AR01" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772108033, - "created_time_dt": "2026-02-26T12:13:53Z", - "desc": "Compliance test scenario: Service prevents object deletion by write user during retention period", - "title": "Service prevents object deletion by write user during retention period", - "types": [], - "uid": "ccc-test-1722-1772108033" - }, - "message": "Service prevents object deletion by write user during retention period", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@object-storage", - "@CCC.ObjStor", - "@tlp-clear", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@CCC.ObjStor.CN04.AR02" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "logs-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "logs-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "logs-flowing-porpoise" - } - ], - "severity": "Medium", - "severity_id": 3, - "status": "New", - "status_code": "FAIL", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ I call \"{iamService}\" with \"ProvisionUserWithAccess\" using arguments \"test-user-write\", \"{UID}\", and \"write\"\nβœ“ I refer to \"{result}\" as \"testUserWrite\"\nβœ“ I attach \"{result}\" to the test output as \"write-user-identity.json\"\nβœ“ I call \"{api}\" with \"GetServiceAPIWithIdentity\" using arguments \"object-storage\", \"{testUserWrite}\", and \"{true}\"\nβœ— \"{result}\" is not an error - Error: expected {result} to not be an error, but got: user provisioning validation failed: user permissions validation timed out after 12 attempts: credentials not ready for S3 access: operation error S3: ListBuckets, https response error StatusCode: 403, RequestID: 2BJ8QEHW2DYR9YRJ, HostID: BVqua5vhu/dFwnv1/RqW8u5vbPhLGG1d/4vyGyk+BZ86/nL23aJ/6M7tLQKt+2lGZT8e63zq7U8=, api error AccessDenied: User: arn:aws:iam::211203495394:user/test-user-write is not authorized to perform: s3:ListAllMyBuckets because no identity-based policy allows the s3:ListAllMyBuckets action\n⊘ I refer to \"{result}\" as \"userStorage\" (skipped)\n⊘ I call \"{userStorage}\" with \"CreateObject\" using arguments \"{ResourceName}\", \"protected-object.txt\", and \"immutable data\" (skipped)\n⊘ \"{result}\" is not an error (skipped)\n⊘ I attach \"{result}\" to the test output as \"protected-object.json\" (skipped)\n⊘ I call \"{userStorage}\" with \"DeleteObject\" using arguments \"{ResourceName}\" and \"protected-object.txt\" (skipped)\n⊘ \"{result}\" is an error (skipped)\n⊘ I attach \"{result}\" to the test output as \"delete-protected-error.txt\" (skipped)\n? \"{result}\" should contain one of \"retention, locked, immutable, protected\" (undefined)", - "status_id": 1, - "time": 1772108033, - "time_dt": "2026-02-26T12:13:53Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.ObjStor.CN04.AR02" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772108088, - "created_time_dt": "2026-02-26T12:14:48Z", - "desc": "Compliance test scenario: Service prevents object deletion by admin user during retention period", - "title": "Service prevents object deletion by admin user during retention period", - "types": [], - "uid": "ccc-test-1734-1772108088" - }, - "message": "Service prevents object deletion by admin user during retention period", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@object-storage", - "@CCC.ObjStor", - "@tlp-clear", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@CCC.ObjStor.CN04.AR02" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "logs-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "logs-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "logs-flowing-porpoise" - } - ], - "severity": "Medium", - "severity_id": 3, - "status": "New", - "status_code": "FAIL", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ I call \"{storage}\" with \"CreateObject\" using arguments \"{ResourceName}\", \"admin-protected-object.txt\", and \"compliance data\"\nβœ“ \"{result}\" is not an error\nβœ“ I call \"{storage}\" with \"DeleteObject\" using arguments \"{ResourceName}\" and \"admin-protected-object.txt\"\nβœ— \"{result}\" is an error - Error: expected {result} to be an error, got \u003cnil\u003e\n⊘ I attach \"{result}\" to the test output as \"admin-delete-protected-error.txt\" (skipped)\n? \"{result}\" should contain \"retention\" (undefined)", - "status_id": 1, - "time": 1772108088, - "time_dt": "2026-02-26T12:14:48Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.ObjStor.CN04.AR02" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772108089, - "created_time_dt": "2026-02-26T12:14:49Z", - "desc": "Compliance test scenario: Service prevents object modification during retention period", - "title": "Service prevents object modification during retention period", - "types": [], - "uid": "ccc-test-1752-1772108089" - }, - "message": "Service prevents object modification during retention period", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@object-storage", - "@CCC.ObjStor", - "@tlp-clear", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@CCC.ObjStor.CN04.AR02" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "logs-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "logs-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "logs-flowing-porpoise" - } - ], - "severity": "Medium", - "severity_id": 3, - "status": "New", - "status_code": "FAIL", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ I call \"{iamService}\" with \"ProvisionUserWithAccess\" using arguments \"test-user-write\", \"{UID}\", and \"write\"\nβœ“ I refer to \"{result}\" as \"testUserWrite\"\nβœ“ I call \"{api}\" with \"GetServiceAPIWithIdentity\" using arguments \"object-storage\", \"{testUserWrite}\", and \"{true}\"\nβœ— \"{result}\" is not an error - Error: expected {result} to not be an error, but got: user provisioning validation failed: user permissions validation timed out after 12 attempts: credentials not ready for S3 access: operation error S3: ListBuckets, https response error StatusCode: 403, RequestID: QWHQQ4X76QCWXKEP, HostID: Q8ei3pWTFWazrK1ruunRhHOu6s2eVPtOOwVwp83c6A4XEDqdYKM2EizjHKPx3BMxpp+EJDdJb+s=, api error AccessDenied: User: arn:aws:iam::211203495394:user/test-user-write is not authorized to perform: s3:ListAllMyBuckets because no identity-based policy allows the s3:ListAllMyBuckets action\n⊘ I refer to \"{result}\" as \"userStorage\" (skipped)\n⊘ I call \"{userStorage}\" with \"CreateObject\" using arguments \"{ResourceName}\", \"modify-test-object.txt\", and \"original content\" (skipped)\n⊘ \"{result}\" is not an error (skipped)\n⊘ I attach \"{result}\" to the test output as \"original-object.json\" (skipped)\n⊘ I call \"{userStorage}\" with \"CreateObject\" using arguments \"{ResourceName}\", \"modify-test-object.txt\", and \"modified content\" (skipped)\n⊘ \"{result}\" is an error (skipped)\n⊘ I attach \"{result}\" to the test output as \"modify-protected-error.txt\" (skipped)\n? \"{result}\" should contain one of \"retention, locked, immutable, protected, exists\" (undefined)", - "status_id": 1, - "time": 1772108089, - "time_dt": "2026-02-26T12:14:49Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.ObjStor.CN04.AR02" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772108144, - "created_time_dt": "2026-02-26T12:15:44Z", - "desc": "Compliance test scenario: Service allows object read access during retention period", - "title": "Service allows object read access during retention period", - "types": [], - "uid": "ccc-test-1772-1772108144" - }, - "message": "Service allows object read access during retention period", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@object-storage", - "@CCC.ObjStor", - "@tlp-clear", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@CCC.ObjStor.CN04.AR02" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "logs-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "logs-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "logs-flowing-porpoise" - } - ], - "severity": "Medium", - "severity_id": 3, - "status": "New", - "status_code": "FAIL", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ I call \"{storage}\" with \"CreateObject\" using arguments \"{ResourceName}\", \"readable-protected-object.txt\", and \"readable data\"\nβœ“ \"{result}\" is not an error\nβœ“ I call \"{iamService}\" with \"ProvisionUserWithAccess\" using arguments \"test-user-read\", \"{UID}\", and \"read\"\nβœ“ I refer to \"{result}\" as \"testUserRead\"\nβœ“ I attach \"{result}\" to the test output as \"read-user-identity.json\"\nβœ“ I call \"{api}\" with \"GetServiceAPIWithIdentity\" using arguments \"object-storage\", \"{testUserRead}\", and \"{true}\"\nβœ— \"{result}\" is not an error - Error: expected {result} to not be an error, but got: user provisioning validation failed: user permissions validation timed out after 12 attempts: credentials not ready for S3 access: operation error S3: ListBuckets, https response error StatusCode: 403, RequestID: 56WY7QWBP08X2NT5, HostID: s11xG3k7xOrJiFwq/Cy4nTINoV3egqz7YVFdAj00sT70eaImGYlkKiO5g9zWtkWYs5nNIg2iVB86cTkOKVwIVBGcXJVdCQXW, api error AccessDenied: User: arn:aws:iam::211203495394:user/test-user-read is not authorized to perform: s3:ListAllMyBuckets because no identity-based policy allows the s3:ListAllMyBuckets action\n⊘ I refer to \"{result}\" as \"userStorage\" (skipped)\n⊘ I call \"{userStorage}\" with \"ReadObject\" using arguments \"{ResourceName}\" and \"readable-protected-object.txt\" (skipped)\n⊘ \"{result}\" is not an error (skipped)\n⊘ I refer to \"{result}\" as \"readResult\" (skipped)\n⊘ I attach \"{result}\" to the test output as \"read-protected-object.json\" (skipped)\n⊘ \"{readResult.Name}\" is \"readable-protected-object.txt\" (skipped)\n⊘ I call \"{storage}\" with \"DeleteObject\" using arguments \"{ResourceName}\" and \"readable-protected-object.txt\" (skipped)", - "status_id": 1, - "time": 1772108144, - "time_dt": "2026-02-26T12:15:44Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.ObjStor.CN04.AR02" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772108200, - "created_time_dt": "2026-02-26T12:16:40Z", - "desc": "Compliance test scenario: Objects are stored with unique version identifiers", - "title": "Objects are stored with unique version identifiers", - "types": [], - "uid": "ccc-test-1790-1772108200" - }, - "message": "Objects are stored with unique version identifiers", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@object-storage", - "@CCC.ObjStor", - "@CCC.ObjStor.CN05", - "@tlp-clear", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@Policy" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "logs-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "logs-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "logs-flowing-porpoise" - } - ], - "severity": "Medium", - "severity_id": 3, - "status": "New", - "status_code": "FAIL", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ— I attempt policy check \"object-storage-versioning\" for control \"CCC.ObjStor.CN05\" assessment requirement \"AR01\" for service \"{ServiceType}\" on resource \"{ResourceName}\" and provider \"{Provider}\" - Error: policy check failed: S3 Bucket Versioning Configuration: \n⊘ \"{result}\" is true (skipped)", - "status_id": 1, - "time": 1772108200, - "time_dt": "2026-02-26T12:16:40Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.ObjStor.CN05.AR01 - Versioning with Unique Identifiers" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772108201, - "created_time_dt": "2026-02-26T12:16:41Z", - "desc": "Compliance test scenario: Modified objects receive new version identifiers", - "title": "Modified objects receive new version identifiers", - "types": [], - "uid": "ccc-test-1806-1772108201" - }, - "message": "Modified objects receive new version identifiers", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@object-storage", - "@CCC.ObjStor", - "@CCC.ObjStor.CN05", - "@tlp-clear", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@Policy" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "logs-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "logs-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "logs-flowing-porpoise" - } - ], - "severity": "Informational", - "severity_id": 1, - "status": "New", - "status_code": "PASS", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ no-op required", - "status_id": 1, - "time": 1772108201, - "time_dt": "2026-02-26T12:16:41Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.ObjStor.CN05.AR02 - New Version ID on Modification" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772108201, - "created_time_dt": "2026-02-26T12:16:41Z", - "desc": "Compliance test scenario: Previous object versions can be recovered", - "title": "Previous object versions can be recovered", - "types": [], - "uid": "ccc-test-1822-1772108201" - }, - "message": "Previous object versions can be recovered", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@object-storage", - "@CCC.ObjStor", - "@CCC.ObjStor.CN05", - "@tlp-clear", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@Policy" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "logs-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "logs-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "logs-flowing-porpoise" - } - ], - "severity": "Informational", - "severity_id": 1, - "status": "New", - "status_code": "PASS", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ no-op required", - "status_id": 1, - "time": 1772108201, - "time_dt": "2026-02-26T12:16:41Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.ObjStor.CN05.AR03 - Recovery of Previous Versions" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772108201, - "created_time_dt": "2026-02-26T12:16:41Z", - "desc": "Compliance test scenario: Object versions are retained after deletion", - "title": "Object versions are retained after deletion", - "types": [], - "uid": "ccc-test-1838-1772108201" - }, - "message": "Object versions are retained after deletion", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@object-storage", - "@CCC.ObjStor", - "@CCC.ObjStor.CN05", - "@tlp-clear", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@Policy" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "logs-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "logs-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "logs-flowing-porpoise" - } - ], - "severity": "Informational", - "severity_id": 1, - "status": "New", - "status_code": "PASS", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ no-op required", - "status_id": 1, - "time": 1772108201, - "time_dt": "2026-02-26T12:16:41Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.ObjStor.CN05.AR04 - Retain Versions on Delete" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772108201, - "created_time_dt": "2026-02-26T12:16:41Z", - "desc": "Compliance test scenario: Access logs are stored in a separate data store", - "title": "Access logs are stored in a separate data store", - "types": [], - "uid": "ccc-test-1854-1772108201" - }, - "message": "Access logs are stored in a separate data store", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@object-storage", - "@CCC.ObjStor", - "@CCC.ObjStor.CN06", - "@tlp-amber", - "@tlp-red", - "@Policy" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "logs-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "logs-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "logs-flowing-porpoise" - } - ], - "severity": "Medium", - "severity_id": 3, - "status": "New", - "status_code": "FAIL", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ— I attempt policy check \"object-storage-access-logging\" for control \"CCC.ObjStor.CN06\" assessment requirement \"AR01\" for service \"{ServiceType}\" on resource \"{ResourceName}\" and provider \"{Provider}\" - Error: policy check file not found: /home/runner/work/ccc-cfi-compliance/ccc-cfi-compliance/testing/policy/CCC.ObjStor/CCC.ObjStor.CN06/AR01/object-storage-access-logging/aws.yaml\n⊘ \"{result}\" is true (skipped)", - "status_id": 1, - "time": 1772108201, - "time_dt": "2026-02-26T12:16:41Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.ObjStor.CN06.AR01 - Access Logs in Separate Data Store" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772108790, - "created_time_dt": "2026-02-26T12:26:30Z", - "desc": "Compliance test scenario: Service accepts TLS 1.3 encrypted traffic", - "title": "Service accepts TLS 1.3 encrypted traffic", - "types": [], - "uid": "ccc-test-92-1772108790" - }, - "message": "Service accepts TLS 1.3 encrypted traffic", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@CCC.Core", - "@object-storage", - "@vpc", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@CCC.Core.CN01", - "@tls", - "@Behavioural", - "@PerPort" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": "https service on s3-bucket-flowing-porpoise.s3.us-east-1.amazonaws.com:443", - "metadata": { - "findings": [], - "name": "s3-bucket-flowing-porpoise.s3.us-east-1.amazonaws.com", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "s3-bucket-flowing-porpoise.s3.us-east-1.amazonaws.com", - "region": "us-east-1", - "type": "object-storage", - "uid": "s3-bucket-flowing-porpoise" - } - ], - "severity": "Informational", - "severity_id": 1, - "status": "New", - "status_code": "PASS", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ an openssl s_client request using \"tls1_3\" to \"{portNumber}\" on \"{hostName}\" protocol \"{protocol}\"\nβœ“ I refer to \"{result}\" as \"connection\"\nβœ“ \"{connection}\" state is open\nβœ“ \"{connection.State}\" is \"open\"\nβœ“ I close connection \"{connection}\"\nβœ“ \"{connection}\" state is closed", - "status_id": 1, - "time": 1772108790, - "time_dt": "2026-02-26T12:26:30Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN01.AR01" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772108790, - "created_time_dt": "2026-02-26T12:26:30Z", - "desc": "Compliance test scenario: Service rejects TLS 1.2 traffic", - "title": "Service rejects TLS 1.2 traffic", - "types": [], - "uid": "ccc-test-98-1772108790" - }, - "message": "Service rejects TLS 1.2 traffic", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@CCC.Core", - "@object-storage", - "@vpc", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@CCC.Core.CN01", - "@tls", - "@Behavioural", - "@PerPort" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": "https service on s3-bucket-flowing-porpoise.s3.us-east-1.amazonaws.com:443", - "metadata": { - "findings": [], - "name": "s3-bucket-flowing-porpoise.s3.us-east-1.amazonaws.com", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "s3-bucket-flowing-porpoise.s3.us-east-1.amazonaws.com", - "region": "us-east-1", - "type": "object-storage", - "uid": "s3-bucket-flowing-porpoise" - } - ], - "severity": "Informational", - "severity_id": 1, - "status": "New", - "status_code": "PASS", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ an openssl s_client request using \"tls1_2\" to \"{portNumber}\" on \"{hostName}\" protocol \"{protocol}\"\nβœ“ I refer to \"{result}\" as \"connection\"\nβœ“ we wait for a period of \"40\" ms\nβœ“ \"{connection.State}\" is \"closed\"", - "status_id": 1, - "time": 1772108790, - "time_dt": "2026-02-26T12:26:30Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN01.AR01" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772108790, - "created_time_dt": "2026-02-26T12:26:30Z", - "desc": "Compliance test scenario: Service rejects TLS 1.1 traffic", - "title": "Service rejects TLS 1.1 traffic", - "types": [], - "uid": "ccc-test-104-1772108790" - }, - "message": "Service rejects TLS 1.1 traffic", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@CCC.Core", - "@object-storage", - "@vpc", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@CCC.Core.CN01", - "@tls", - "@Behavioural", - "@PerPort" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": "https service on s3-bucket-flowing-porpoise.s3.us-east-1.amazonaws.com:443", - "metadata": { - "findings": [], - "name": "s3-bucket-flowing-porpoise.s3.us-east-1.amazonaws.com", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "s3-bucket-flowing-porpoise.s3.us-east-1.amazonaws.com", - "region": "us-east-1", - "type": "object-storage", - "uid": "s3-bucket-flowing-porpoise" - } - ], - "severity": "Informational", - "severity_id": 1, - "status": "New", - "status_code": "PASS", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ an openssl s_client request using \"tls1_1\" to \"{portNumber}\" on \"{hostName}\" protocol \"{protocol}\"\nβœ“ I refer to \"{result}\" as \"connection\"\nβœ“ we wait for a period of \"40\" ms\nβœ“ \"{connection.State}\" is \"closed\"", - "status_id": 1, - "time": 1772108790, - "time_dt": "2026-02-26T12:26:30Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN01.AR01" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772108790, - "created_time_dt": "2026-02-26T12:26:30Z", - "desc": "Compliance test scenario: Service rejects TLS 1.0 traffic", - "title": "Service rejects TLS 1.0 traffic", - "types": [], - "uid": "ccc-test-110-1772108790" - }, - "message": "Service rejects TLS 1.0 traffic", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@CCC.Core", - "@object-storage", - "@vpc", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@CCC.Core.CN01", - "@tls", - "@Behavioural", - "@PerPort" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": "https service on s3-bucket-flowing-porpoise.s3.us-east-1.amazonaws.com:443", - "metadata": { - "findings": [], - "name": "s3-bucket-flowing-porpoise.s3.us-east-1.amazonaws.com", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "s3-bucket-flowing-porpoise.s3.us-east-1.amazonaws.com", - "region": "us-east-1", - "type": "object-storage", - "uid": "s3-bucket-flowing-porpoise" - } - ], - "severity": "Informational", - "severity_id": 1, - "status": "New", - "status_code": "PASS", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ an openssl s_client request using \"tls1\" to \"{portNumber}\" on \"{hostName}\" protocol \"{protocol}\"\nβœ“ I refer to \"{result}\" as \"connection\"\nβœ“ we wait for a period of \"40\" ms\nβœ“ \"{connection.State}\" is \"closed\"", - "status_id": 1, - "time": 1772108790, - "time_dt": "2026-02-26T12:26:30Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN01.AR01" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772108790, - "created_time_dt": "2026-02-26T12:26:30Z", - "desc": "Compliance test scenario: Verify SSL/TLS protocol support", - "title": "Verify SSL/TLS protocol support", - "types": [], - "uid": "ccc-test-115-1772108790" - }, - "message": "Verify SSL/TLS protocol support", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@CCC.Core", - "@object-storage", - "@vpc", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@CCC.Core.CN01", - "@tls", - "@Behavioural", - "@PerPort" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": "https service on s3-bucket-flowing-porpoise.s3.us-east-1.amazonaws.com:443", - "metadata": { - "findings": [], - "name": "s3-bucket-flowing-porpoise.s3.us-east-1.amazonaws.com", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "s3-bucket-flowing-porpoise.s3.us-east-1.amazonaws.com", - "region": "us-east-1", - "type": "object-storage", - "uid": "s3-bucket-flowing-porpoise" - } - ], - "severity": "Medium", - "severity_id": 3, - "status": "New", - "status_code": "FAIL", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ \"report\" contains details of SSL Support type \"protocols\" for \"{hostName}\" on port \"{portNumber}\"\nβœ— \"{report}\" is an array of objects which doesn't contain any of - Error: unwanted row found in array: map[finding:offered id:TLS1_2]\n⊘ \"{report}\" is an array of objects with at least the following contents (skipped)", - "status_id": 1, - "time": 1772108790, - "time_dt": "2026-02-26T12:26:30Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN01.AR01" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772108795, - "created_time_dt": "2026-02-26T12:26:35Z", - "desc": "Compliance test scenario: Verify no known SSL/TLS vulnerabilities", - "title": "Verify no known SSL/TLS vulnerabilities", - "types": [], - "uid": "ccc-test-119-1772108795" - }, - "message": "Verify no known SSL/TLS vulnerabilities", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@CCC.Core", - "@object-storage", - "@vpc", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@CCC.Core.CN01", - "@tls", - "@Behavioural", - "@PerPort" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": "https service on s3-bucket-flowing-porpoise.s3.us-east-1.amazonaws.com:443", - "metadata": { - "findings": [], - "name": "s3-bucket-flowing-porpoise.s3.us-east-1.amazonaws.com", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "s3-bucket-flowing-porpoise.s3.us-east-1.amazonaws.com", - "region": "us-east-1", - "type": "object-storage", - "uid": "s3-bucket-flowing-porpoise" - } - ], - "severity": "Informational", - "severity_id": 1, - "status": "New", - "status_code": "PASS", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ \"report\" contains details of SSL Support type \"vulnerable\" for \"{hostName}\" on port \"{portNumber}\"\nβœ“ \"{report}\" is an array of objects with at least the following contents", - "status_id": 1, - "time": 1772108795, - "time_dt": "2026-02-26T12:26:35Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN01.AR01" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772108823, - "created_time_dt": "2026-02-26T12:27:03Z", - "desc": "Compliance test scenario: Verify TLS 1.3 only certificate validity", - "title": "Verify TLS 1.3 only certificate validity", - "types": [], - "uid": "ccc-test-123-1772108823" - }, - "message": "Verify TLS 1.3 only certificate validity", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@CCC.Core", - "@object-storage", - "@vpc", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@CCC.Core.CN01", - "@tls", - "@Behavioural", - "@PerPort" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": "https service on s3-bucket-flowing-porpoise.s3.us-east-1.amazonaws.com:443", - "metadata": { - "findings": [], - "name": "s3-bucket-flowing-porpoise.s3.us-east-1.amazonaws.com", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "s3-bucket-flowing-porpoise.s3.us-east-1.amazonaws.com", - "region": "us-east-1", - "type": "object-storage", - "uid": "s3-bucket-flowing-porpoise" - } - ], - "severity": "Informational", - "severity_id": 1, - "status": "New", - "status_code": "PASS", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ \"report\" contains details of SSL Support type \"server-defaults\" for \"{hostName}\" on port \"{portNumber}\"\nβœ“ \"{report}\" is an array of objects with at least the following contents", - "status_id": 1, - "time": 1772108823, - "time_dt": "2026-02-26T12:27:03Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN01.AR01" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772108253, - "created_time_dt": "2026-02-26T12:17:33Z", - "desc": "Compliance test scenario: Storage account enforces minimum TLS version", - "title": "Storage account enforces minimum TLS version", - "types": [], - "uid": "ccc-test-127-1772108253" - }, - "message": "Storage account enforces minimum TLS version", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@CCC.Core", - "@object-storage", - "@vpc", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@CCC.Core.CN01", - "@tls", - "@Policy", - "@PerService", - "@object-storage" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "s3-bucket-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "s3-bucket-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "s3-bucket-flowing-porpoise" - } - ], - "severity": "Informational", - "severity_id": 1, - "status": "New", - "status_code": "PASS", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I attempt policy check \"object-storage-tls-policy\" for control \"CCC.Core.CN01\" assessment requirement \"AR01\" for service \"{ServiceType}\" on resource \"{ResourceName}\" and provider \"{Provider}\"\nβœ“ \"{result}\" is true", - "status_id": 1, - "time": 1772108253, - "time_dt": "2026-02-26T12:17:33Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN01.AR01" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772108253, - "created_time_dt": "2026-02-26T12:17:33Z", - "desc": "Compliance test scenario: Load balancer enforces minimum TLS version", - "title": "Load balancer enforces minimum TLS version", - "types": [], - "uid": "ccc-test-131-1772108253" - }, - "message": "Load balancer enforces minimum TLS version", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@CCC.Core", - "@object-storage", - "@vpc", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@CCC.Core.CN01", - "@tls", - "@Policy", - "@PerService", - "@CCC.LoadBalancer" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "s3-bucket-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "s3-bucket-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "s3-bucket-flowing-porpoise" - } - ], - "severity": "Medium", - "severity_id": 3, - "status": "New", - "status_code": "FAIL", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ— I attempt policy check \"load-balancer-tls-policy\" for control \"CCC.Core.CN01\" assessment requirement \"AR01\" for service \"{ServiceType}\" on resource \"{ResourceName}\" and provider \"{Provider}\" - Error: policy check failed: ALB TLS 1.3 Security Policy Check: query execution failed: exit status 254\nOutput: \nAn error occurred (ValidationError) when calling the DescribeListeners operation: 's3-bucket-flowing-porpoise' is not a valid load balancer ARN\n\n⊘ \"{result}\" is true (skipped)", - "status_id": 1, - "time": 1772108253, - "time_dt": "2026-02-26T12:17:33Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN01.AR01" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772108254, - "created_time_dt": "2026-02-26T12:17:34Z", - "desc": "Compliance test scenario: Object storage encryption compliance", - "title": "Object storage encryption compliance", - "types": [], - "uid": "ccc-test-386-1772108254" - }, - "message": "Object storage encryption compliance", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@CCC.Core", - "@CCC.Core.CN02", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@Policy", - "@object-storage" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "s3-bucket-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "s3-bucket-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "s3-bucket-flowing-porpoise" - } - ], - "severity": "Medium", - "severity_id": 3, - "status": "New", - "status_code": "FAIL", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ— I attempt policy check \"object-storage-encryption\" for control \"CCC.Core.CN02\" assessment requirement \"AR01\" for service \"{ServiceType}\" on resource \"{ResourceName}\" and provider \"{Provider}\" - Error: policy check failed: S3 Bucket Server-Side Encryption Check: \n⊘ \"{result}\" is true (skipped)", - "status_id": 1, - "time": 1772108254, - "time_dt": "2026-02-26T12:17:34Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN02.AR01 - Data Encryption at Rest" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772108255, - "created_time_dt": "2026-02-26T12:17:35Z", - "desc": "Compliance test scenario: Verify objects are encrypted at rest", - "title": "Verify objects are encrypted at rest", - "types": [], - "uid": "ccc-test-397-1772108255" - }, - "message": "Verify objects are encrypted at rest", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@CCC.Core", - "@CCC.Core.CN02", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@Behavioural", - "@object-storage" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "s3-bucket-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "s3-bucket-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "s3-bucket-flowing-porpoise" - } - ], - "severity": "Medium", - "severity_id": 3, - "status": "New", - "status_code": "FAIL", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{storage}\" with \"CreateObject\" using arguments \"{ResourceName}\", \"test-encryption-check.txt\", and \"encryption test data\"\nβœ— \"{result}\" is not an error - Error: expected {result} to not be an error, but got: failed to create object test-encryption-check.txt in bucket s3-bucket-flowing-porpoise: operation error S3: PutObject, https response error StatusCode: 403, RequestID: EK5W93X5SAWP8CB4, HostID: Py3LQXqA9mNkoJtLFgZRwYh5vTMQ9iPLJn+J+Y8ZTA5LFRJACSp0KN9tWBFB4pC+owAyEjyiOpw=, api error AccessDenied: User: arn:aws:sts::211203495394:assumed-role/TerraformRole/GitHubActions is not authorized to perform: s3:PutObject on resource: \"arn:aws:s3:::s3-bucket-flowing-porpoise/test-encryption-check.txt\" with an explicit deny in a resource-based policy\n⊘ I refer to \"{result}\" as \"uploadResult\" (skipped)\n⊘ \"{uploadResult.Encryption}\" is not null (skipped)\n⊘ \"{uploadResult.EncryptionAlgorithm}\" is \"AES256\" (skipped)\n⊘ I attach \"{uploadResult}\" to the test output as \"Upload Result with Encryption Details\" (skipped)\n⊘ I call \"{storage}\" with \"DeleteObject\" using arguments \"{ResourceName}\" and \"test-encryption-check.txt\" (skipped)", - "status_id": 1, - "time": 1772108255, - "time_dt": "2026-02-26T12:17:35Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN02.AR01 - Data Encryption at Rest" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772108255, - "created_time_dt": "2026-02-26T12:17:35Z", - "desc": "Compliance test scenario: Object storage delete protection compliance", - "title": "Object storage delete protection compliance", - "types": [], - "uid": "ccc-test-418-1772108255" - }, - "message": "Object storage delete protection compliance", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@CCC.Core", - "@CCC.Core.CN03", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@Policy", - "@object-storage" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "s3-bucket-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "s3-bucket-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "s3-bucket-flowing-porpoise" - } - ], - "severity": "Medium", - "severity_id": 3, - "status": "New", - "status_code": "FAIL", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ— I attempt policy check \"object-storage-delete-protection\" for control \"CCC.Core.CN03\" assessment requirement \"AR01\" for service \"{ServiceType}\" on resource \"{ResourceName}\" and provider \"{Provider}\" - Error: policy check failed: S3 Bucket MFA Delete Configuration: \n⊘ \"{result}\" is true (skipped)", - "status_id": 1, - "time": 1772108255, - "time_dt": "2026-02-26T12:17:35Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN03.AR01 - Multi-Factor Authentication for Destructive Operations" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772108256, - "created_time_dt": "2026-02-26T12:17:36Z", - "desc": "Compliance test scenario: MFA requirement for destructive operations cannot be tested automatically", - "title": "MFA requirement for destructive operations cannot be tested automatically", - "types": [], - "uid": "ccc-test-421-1772108256" - }, - "message": "MFA requirement for destructive operations cannot be tested automatically", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@CCC.Core", - "@CCC.Core.CN03", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@Behavioural", - "@object-storage" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "s3-bucket-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "s3-bucket-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "s3-bucket-flowing-porpoise" - } - ], - "severity": "Informational", - "severity_id": 1, - "status": "New", - "status_code": "PASS", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ no-op required", - "status_id": 1, - "time": 1772108256, - "time_dt": "2026-02-26T12:17:36Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN03.AR01 - Multi-Factor Authentication for Destructive Operations" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772108256, - "created_time_dt": "2026-02-26T12:17:36Z", - "desc": "Compliance test scenario: API modification requires credential and trust perimeter origin", - "title": "API modification requires credential and trust perimeter origin", - "types": [], - "uid": "ccc-test-437-1772108256" - }, - "message": "API modification requires credential and trust perimeter origin", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@CCC.Core", - "@CCC.Core.CN03", - "@tlp-clear", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@Policy", - "@object-storage" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "s3-bucket-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "s3-bucket-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "s3-bucket-flowing-porpoise" - } - ], - "severity": "Informational", - "severity_id": 1, - "status": "New", - "status_code": "PASS", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ no-op required", - "status_id": 1, - "time": 1772108256, - "time_dt": "2026-02-26T12:17:36Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN03.AR02 - API Authentication with Credentials" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772108256, - "created_time_dt": "2026-02-26T12:17:36Z", - "desc": "Compliance test scenario: UI viewing requires multi-factor authentication", - "title": "UI viewing requires multi-factor authentication", - "types": [], - "uid": "ccc-test-451-1772108256" - }, - "message": "UI viewing requires multi-factor authentication", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@CCC.Core", - "@CCC.Core.CN03", - "@tlp-amber", - "@tlp-red", - "@Policy", - "@object-storage" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "s3-bucket-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "s3-bucket-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "s3-bucket-flowing-porpoise" - } - ], - "severity": "Informational", - "severity_id": 1, - "status": "New", - "status_code": "PASS", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ no-op required", - "status_id": 1, - "time": 1772108256, - "time_dt": "2026-02-26T12:17:36Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN03.AR03 - MFA for UI Viewing" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772108256, - "created_time_dt": "2026-02-26T12:17:36Z", - "desc": "Compliance test scenario: API viewing requires credential and trust perimeter origin", - "title": "API viewing requires credential and trust perimeter origin", - "types": [], - "uid": "ccc-test-465-1772108256" - }, - "message": "API viewing requires credential and trust perimeter origin", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@CCC.Core", - "@CCC.Core.CN03", - "@tlp-amber", - "@tlp-red", - "@Policy", - "@object-storage" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "s3-bucket-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "s3-bucket-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "s3-bucket-flowing-porpoise" - } - ], - "severity": "Informational", - "severity_id": 1, - "status": "New", - "status_code": "PASS", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ no-op required", - "status_id": 1, - "time": 1772108256, - "time_dt": "2026-02-26T12:17:36Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN03.AR04 - API Authentication for Viewing" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772108256, - "created_time_dt": "2026-02-26T12:17:36Z", - "desc": "Compliance test scenario: Admin logging compliance", - "title": "Admin logging compliance", - "types": [], - "uid": "ccc-test-500-1772108256" - }, - "message": "Admin logging compliance", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@CCC.Core", - "@CCC.Core.CN04", - "@tlp-clear", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@Policy", - "@object-storage", - "@vpc" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "s3-bucket-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "s3-bucket-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "s3-bucket-flowing-porpoise" - } - ], - "severity": "Medium", - "severity_id": 3, - "status": "New", - "status_code": "FAIL", - "status_detail": "βœ— I attempt policy check \"admin-logging\" for control \"CCC.Core.CN04\" assessment requirement \"AR01\" for service \"{ServiceType}\" on resource \"{ResourceName}\" and provider \"{Provider}\" - Error: policy check failed: CloudTrail Management Events Configuration: unknown parameter(s) in policy query: [AWSCloudTrailName] (available: [HostName Protocol Labels ReportFile ReportTitle Props Region PortNumber AwsCloudTrailLogGroupName ResourceName Provider PermittedAccountIds ServiceType ProviderServiceType CatalogTypes TagFilter UID Instance PermittedRegions])\n⊘ \"{result}\" is true (skipped)", - "status_id": 1, - "time": 1772108256, - "time_dt": "2026-02-26T12:17:36Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN04.AR01 - Log Administrative Access Attempts" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772108256, - "created_time_dt": "2026-02-26T12:17:36Z", - "desc": "Compliance test scenario: Verify admin actions are logged with identity and timestamp", - "title": "Verify admin actions are logged with identity and timestamp", - "types": [], - "uid": "ccc-test-515-1772108256" - }, - "message": "Verify admin actions are logged with identity and timestamp", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@CCC.Core", - "@CCC.Core.CN04", - "@tlp-clear", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@Behavioural", - "@object-storage" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "s3-bucket-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "s3-bucket-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "s3-bucket-flowing-porpoise" - } - ], - "severity": "Medium", - "severity_id": 3, - "status": "New", - "status_code": "FAIL", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"{ServiceType}\"\nβœ“ I refer to \"{result}\" as \"theService\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"logging\"\nβœ“ I refer to \"{result}\" as \"loggingService\"\nβœ“ I call \"{theService}\" with \"UpdateResourcePolicy\"\nβœ— \"{result}\" is not an error - Error: expected {result} to not be an error, but got: failed to get bucket policy (bucket may not have a policy): operation error S3: GetBucketPolicy, https response error StatusCode: 301, RequestID: T1HT1EBR69NY4K0D, HostID: ahLxRQU+AT5VMyhXgTjZLJ0jZCcHi0PY30FVqTDB9dDFaX+AWt+fzOjzrOoHfV79uewaIap/pWw=, api error PermanentRedirect: The bucket you are attempting to access must be addressed using the specified endpoint. Please send all future requests to this endpoint.\n⊘ I attach \"{result}\" to the test output as \"Policy Update Result\" (skipped)\n⊘ we wait for a period of \"10000\" ms (skipped)\n⊘ I call \"{loggingService}\" with \"QueryAdminLogs\" using arguments \"{ResourceName}\" and \"{20}\" (skipped)\n⊘ \"{result}\" is not an error (skipped)\n⊘ I refer to \"{result}\" as \"adminLogs\" (skipped)\n⊘ I attach \"{adminLogs}\" to the test output as \"Admin Activity Logs\" (skipped)\n⊘ \"{adminLogs}\" is an array of objects with at least the following contents (skipped)", - "status_id": 1, - "time": 1772108256, - "time_dt": "2026-02-26T12:17:36Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN04.AR01 - Log Administrative Access Attempts" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772108257, - "created_time_dt": "2026-02-26T12:17:37Z", - "desc": "Compliance test scenario: Object storage data modification logging compliance", - "title": "Object storage data modification logging compliance", - "types": [], - "uid": "ccc-test-554-1772108257" - }, - "message": "Object storage data modification logging compliance", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@CCC.Core", - "@CCC.Core.CN04", - "@tlp-amber", - "@tlp-red", - "@Policy", - "@object-storage" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "s3-bucket-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "s3-bucket-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "s3-bucket-flowing-porpoise" - } - ], - "severity": "Medium", - "severity_id": 3, - "status": "New", - "status_code": "FAIL", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ— I attempt policy check \"data-write-logging\" for control \"CCC.Core.CN04\" assessment requirement \"AR02\" for service \"{ServiceType}\" on resource \"{ResourceName}\" and provider \"{Provider}\" - Error: policy check failed: CloudTrail Data Events Write Configuration: unknown parameter(s) in policy query: [AWSCloudTrailName] (available: [ReportTitle Instance PortNumber HostName CatalogTypes TagFilter Labels AwsCloudTrailLogGroupName Protocol Props Provider PermittedRegions api ServiceType UID ReportFile Region PermittedAccountIds ProviderServiceType ResourceName])\n⊘ \"{result}\" is true (skipped)", - "status_id": 1, - "time": 1772108257, - "time_dt": "2026-02-26T12:17:37Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN04.AR02 - Log Data Modification Attempts" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772108257, - "created_time_dt": "2026-02-26T12:17:37Z", - "desc": "Compliance test scenario: Verify data modifications are logged with identity and timestamp", - "title": "Verify data modifications are logged with identity and timestamp", - "types": [], - "uid": "ccc-test-574-1772108257" - }, - "message": "Verify data modifications are logged with identity and timestamp", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@CCC.Core", - "@CCC.Core.CN04", - "@tlp-amber", - "@tlp-red", - "@Behavioural", - "@object-storage" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "s3-bucket-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "s3-bucket-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "s3-bucket-flowing-porpoise" - } - ], - "severity": "Medium", - "severity_id": 3, - "status": "New", - "status_code": "FAIL", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"logging\"\nβœ“ I refer to \"{result}\" as \"loggingService\"\nβœ“ I call \"{storage}\" with \"CreateObject\" using arguments \"{ResourceName}\", \"test-logging-object.txt\", and \"test data for logging verification\"\nβœ— \"{result}\" is not an error - Error: expected {result} to not be an error, but got: failed to create object test-logging-object.txt in bucket s3-bucket-flowing-porpoise: operation error S3: PutObject, https response error StatusCode: 403, RequestID: T1HX46KJP7M2A511, HostID: YqeUgQVAiCWcNE95Y9DjYvEi1vu6mID7b1RNRcSi9DwQG0GWyRVWo+xtowI7KTnDewn5O2wqvrJmmizbn2FW7ZQuJbZh2FuW, api error AccessDenied: User: arn:aws:sts::211203495394:assumed-role/TerraformRole/GitHubActions is not authorized to perform: s3:PutObject on resource: \"arn:aws:s3:::s3-bucket-flowing-porpoise/test-logging-object.txt\" with an explicit deny in a resource-based policy\n⊘ I refer to \"{result}\" as \"createResult\" (skipped)\n⊘ I attach \"{createResult}\" to the test output as \"Object Create Result\" (skipped)\n⊘ I call \"{storage}\" with \"DeleteObject\" using arguments \"{ResourceName}\" and \"test-logging-object.txt\" (skipped)\n⊘ \"{result}\" is not an error (skipped)\n⊘ I refer to \"{result}\" as \"deleteResult\" (skipped)\n⊘ I attach \"{deleteResult}\" to the test output as \"Object Delete Result\" (skipped)\n⊘ we wait for a period of \"10000\" ms (skipped)\n⊘ I call \"{loggingService}\" with \"QueryDataWriteLogs\" using arguments \"{ResourceName}\" and \"{20}\" (skipped)\n⊘ \"{result}\" is not an error (skipped)\n⊘ I refer to \"{result}\" as \"dataLogs\" (skipped)\n⊘ I attach \"{dataLogs}\" to the test output as \"Data Write Logs\" (skipped)\n⊘ \"{dataLogs}\" is an array of objects with at least the following contents (skipped)", - "status_id": 1, - "time": 1772108257, - "time_dt": "2026-02-26T12:17:37Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN04.AR02 - Log Data Modification Attempts" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772108257, - "created_time_dt": "2026-02-26T12:17:37Z", - "desc": "Compliance test scenario: Data read logging compliance", - "title": "Data read logging compliance", - "types": [], - "uid": "ccc-test-614-1772108257" - }, - "message": "Data read logging compliance", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@CCC.Core", - "@CCC.Core.CN04", - "@tlp-red", - "@Policy", - "@object-storage", - "@vpc" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "s3-bucket-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "s3-bucket-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "s3-bucket-flowing-porpoise" - } - ], - "severity": "Medium", - "severity_id": 3, - "status": "New", - "status_code": "FAIL", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ— I attempt policy check \"data-read-logging\" for control \"CCC.Core.CN04\" assessment requirement \"AR03\" for service \"{ServiceType}\" on resource \"{ResourceName}\" and provider \"{Provider}\" - Error: policy check failed: CloudTrail Data Events Read Configuration: unknown parameter(s) in policy query: [AWSCloudTrailName] (available: [CatalogTypes TagFilter Region PortNumber Protocol ProviderServiceType ResourceName Props PermittedRegions PermittedAccountIds ServiceType UID ReportFile ReportTitle Instance AwsCloudTrailLogGroupName api HostName Labels Provider])\n⊘ \"{result}\" is true (skipped)", - "status_id": 1, - "time": 1772108257, - "time_dt": "2026-02-26T12:17:37Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN04.AR03 - Log Data Read Attempts" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772108257, - "created_time_dt": "2026-02-26T12:17:37Z", - "desc": "Compliance test scenario: Verify data read operations are logged with identity and timestamp", - "title": "Verify data read operations are logged with identity and timestamp", - "types": [], - "uid": "ccc-test-635-1772108257" - }, - "message": "Verify data read operations are logged with identity and timestamp", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@CCC.Core", - "@CCC.Core.CN04", - "@tlp-red", - "@Behavioural", - "@object-storage" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "s3-bucket-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "s3-bucket-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "s3-bucket-flowing-porpoise" - } - ], - "severity": "Medium", - "severity_id": 3, - "status": "New", - "status_code": "FAIL", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"logging\"\nβœ“ I refer to \"{result}\" as \"loggingService\"\nβœ“ I call \"{storage}\" with \"CreateObject\" using arguments \"{ResourceName}\", \"test-read-logging-object.txt\", and \"test data for read logging verification\"\nβœ— \"{result}\" is not an error - Error: expected {result} to not be an error, but got: failed to create object test-read-logging-object.txt in bucket s3-bucket-flowing-porpoise: operation error S3: PutObject, https response error StatusCode: 403, RequestID: T1HW4SGEPBGEANNZ, HostID: oQbyvrRcfCxnL43nbJ2gMw0o5CU7rQicbIvAvJ04GDQoPnFkeyQf3WshT8Kbv/XlP1nARit++494lBvLDJlldXVfzD1pgeVl, api error AccessDenied: User: arn:aws:sts::211203495394:assumed-role/TerraformRole/GitHubActions is not authorized to perform: s3:PutObject on resource: \"arn:aws:s3:::s3-bucket-flowing-porpoise/test-read-logging-object.txt\" with an explicit deny in a resource-based policy\n⊘ I refer to \"{result}\" as \"createResult\" (skipped)\n⊘ I call \"{storage}\" with \"ReadObject\" using arguments \"{ResourceName}\" and \"test-read-logging-object.txt\" (skipped)\n⊘ \"{result}\" is not an error (skipped)\n⊘ I refer to \"{result}\" as \"readResult\" (skipped)\n⊘ I attach \"{readResult}\" to the test output as \"Object Read Result\" (skipped)\n⊘ I call \"{storage}\" with \"DeleteObject\" using arguments \"{ResourceName}\" and \"test-read-logging-object.txt\" (skipped)\n⊘ \"{result}\" is not an error (skipped)\n⊘ we wait for a period of \"10000\" ms (skipped)\n⊘ I call \"{loggingService}\" with \"QueryDataReadLogs\" using arguments \"{ResourceName}\" and \"{20}\" (skipped)\n⊘ \"{result}\" is not an error (skipped)\n⊘ I refer to \"{result}\" as \"readLogs\" (skipped)\n⊘ I attach \"{readLogs}\" to the test output as \"Data Read Logs\" (skipped)\n⊘ \"{readLogs}\" is an array of objects with at least the following contents (skipped)", - "status_id": 1, - "time": 1772108257, - "time_dt": "2026-02-26T12:17:37Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN04.AR03 - Log Data Read Attempts" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772108257, - "created_time_dt": "2026-02-26T12:17:37Z", - "desc": "Compliance test scenario: Service prevents data modification by user with no access", - "title": "Service prevents data modification by user with no access", - "types": [], - "uid": "ccc-test-700-1772108257" - }, - "message": "Service prevents data modification by user with no access", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@CCC.Core", - "@CCC.Core.CN05", - "@tlp-clear", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@Destructive", - "@Behavioural", - "@object-storage" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "s3-bucket-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "s3-bucket-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "s3-bucket-flowing-porpoise" - } - ], - "severity": "Informational", - "severity_id": 1, - "status": "New", - "status_code": "PASS", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ I call \"{iamService}\" with \"ProvisionUserWithAccess\" using arguments \"test-user-no-write-access\", \"{UID}\", and \"none\"\nβœ“ I refer to \"{result}\" as \"testUserNoAccess\"\nβœ“ I attach \"{result}\" to the test output as \"no-access-user-identity.json\"\nβœ“ I call \"{api}\" with \"GetServiceAPIWithIdentity\" using arguments \"object-storage\", \"{testUserNoAccess}\", and \"{false}\"\nβœ“ \"{result}\" is not an error\nβœ“ I refer to \"{result}\" as \"userStorage\"\nβœ“ I call \"{userStorage}\" with \"CreateObject\" using arguments \"{ResourceName}\", \"test-cn05-unauthorized-modify.txt\", and \"unauthorized data\"\nβœ“ \"{result}\" is an error\nβœ“ I attach \"{result}\" to the test output as \"no-access-create-error.txt\"", - "status_id": 1, - "time": 1772108257, - "time_dt": "2026-02-26T12:17:37Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN05.AR01 - Block Unauthorized Data Modification" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772108258, - "created_time_dt": "2026-02-26T12:17:38Z", - "desc": "Compliance test scenario: Service allows data modification by user with write access", - "title": "Service allows data modification by user with write access", - "types": [], - "uid": "ccc-test-716-1772108258" - }, - "message": "Service allows data modification by user with write access", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@CCC.Core", - "@CCC.Core.CN05", - "@tlp-clear", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@Destructive", - "@Behavioural", - "@object-storage" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "s3-bucket-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "s3-bucket-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "s3-bucket-flowing-porpoise" - } - ], - "severity": "Medium", - "severity_id": 3, - "status": "New", - "status_code": "FAIL", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ I call \"{iamService}\" with \"ProvisionUserWithAccess\" using arguments \"test-user-write-access\", \"{UID}\", and \"write\"\nβœ“ I refer to \"{result}\" as \"testUserWrite\"\nβœ“ I attach \"{result}\" to the test output as \"write-user-identity.json\"\nβœ“ I call \"{api}\" with \"GetServiceAPIWithIdentity\" using arguments \"object-storage\", \"{testUserWrite}\", and \"{true}\"\nβœ— \"{result}\" is not an error - Error: expected {result} to not be an error, but got: user provisioning validation failed: user permissions validation timed out after 12 attempts: credentials not ready for S3 access: operation error S3: ListBuckets, https response error StatusCode: 403, RequestID: TB12YRP2HB8M9071, HostID: gOevlksShWlBr6RrIRtP6A3Z1r5tGfKHZ7h/llSMMMskjSMm/J9Veuhv/fkl/D7P2mBOaCQ/3W4=, api error AccessDenied: User: arn:aws:iam::211203495394:user/test-user-write-access is not authorized to perform: s3:ListAllMyBuckets because no identity-based policy allows the s3:ListAllMyBuckets action\n⊘ I refer to \"{result}\" as \"userStorage\" (skipped)\n⊘ I call \"{userStorage}\" with \"CreateObject\" using arguments \"{ResourceName}\", \"test-cn05-authorized-modify.txt\", and \"authorized data\" (skipped)\n⊘ \"{result}\" is not an error (skipped)\n⊘ I attach \"{result}\" to the test output as \"write-create-object-result.json\" (skipped)\n⊘ I call \"{storage}\" with \"DeleteObject\" using arguments \"{ResourceName}\" and \"test-cn05-authorized-modify.txt\" (skipped)", - "status_id": 1, - "time": 1772108258, - "time_dt": "2026-02-26T12:17:38Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN05.AR01 - Block Unauthorized Data Modification" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772108328, - "created_time_dt": "2026-02-26T12:18:48Z", - "desc": "Compliance test scenario: Storage is not configured for public write access", - "title": "Storage is not configured for public write access", - "types": [], - "uid": "ccc-test-724-1772108328" - }, - "message": "Storage is not configured for public write access", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@CCC.Core", - "@CCC.Core.CN05", - "@tlp-clear", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@Policy", - "@object-storage" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "s3-bucket-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "s3-bucket-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "s3-bucket-flowing-porpoise" - } - ], - "severity": "Medium", - "severity_id": 3, - "status": "New", - "status_code": "FAIL", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ— I attempt policy check \"object-storage-block-public-write-access\" for control \"CCC.Core.CN05\" assessment requirement \"AR01\" for service \"{ServiceType}\" on resource \"{ResourceName}\" and provider \"{Provider}\" - Error: policy check failed: S3 Block Public Access Configuration: \n⊘ \"{result}\" is true (skipped)", - "status_id": 1, - "time": 1772108328, - "time_dt": "2026-02-26T12:18:48Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN05.AR01 - Block Unauthorized Data Modification" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772108329, - "created_time_dt": "2026-02-26T12:18:49Z", - "desc": "Compliance test scenario: Service prevents administrative action (creating a new bucket) by user with no access", - "title": "Service prevents administrative action (creating a new bucket) by user with no access", - "types": [], - "uid": "ccc-test-803-1772108329" - }, - "message": "Service prevents administrative action (creating a new bucket) by user with no access", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@CCC.Core", - "@CCC.Core.CN05", - "@tlp-clear", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@Destructive", - "@Behavioural", - "@object-storage" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "s3-bucket-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "s3-bucket-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "s3-bucket-flowing-porpoise" - } - ], - "severity": "Informational", - "severity_id": 1, - "status": "New", - "status_code": "PASS", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ I call \"{iamService}\" with \"ProvisionUserWithAccess\" using arguments \"test-user-no-admin-access\", \"{UID}\", and \"none\"\nβœ“ I refer to \"{result}\" as \"testUserNoAccess\"\nβœ“ I attach \"{result}\" to the test output as \"no-admin-user-identity.json\"\nβœ“ I call \"{api}\" with \"GetServiceAPIWithIdentity\" using arguments \"object-storage\", \"{testUserNoAccess}\", and \"{false}\"\nβœ“ \"{result}\" is not an error\nβœ“ I refer to \"{result}\" as \"userStorage\"\nβœ“ I call \"{userStorage}\" with \"CreateBucket\" using argument \"test-cn05-unauthorized-admin-container\"\nβœ“ \"{result}\" is an error\nβœ“ I attach \"{result}\" to the test output as \"no-admin-create-bucket-error.txt\"", - "status_id": 1, - "time": 1772108329, - "time_dt": "2026-02-26T12:18:49Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN05.AR02 - Block Unauthorized Administrative Access" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772108330, - "created_time_dt": "2026-02-26T12:18:50Z", - "desc": "Compliance test scenario: Service prevents administrative action (creating a new bucket) by user with read-only access", - "title": "Service prevents administrative action (creating a new bucket) by user with read-only access", - "types": [], - "uid": "ccc-test-818-1772108330" - }, - "message": "Service prevents administrative action (creating a new bucket) by user with read-only access", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@CCC.Core", - "@CCC.Core.CN05", - "@tlp-clear", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@Destructive", - "@Behavioural", - "@object-storage" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "s3-bucket-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "s3-bucket-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "s3-bucket-flowing-porpoise" - } - ], - "severity": "Informational", - "severity_id": 1, - "status": "New", - "status_code": "PASS", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ I call \"{iamService}\" with \"ProvisionUserWithAccess\" using arguments \"test-user-read-only-admin\", \"{UID}\", and \"read\"\nβœ“ I refer to \"{result}\" as \"testUserRead\"\nβœ“ I attach \"{result}\" to the test output as \"read-only-admin-user-identity.json\"\nβœ“ I call \"{api}\" with \"GetServiceAPIWithIdentity\" using arguments \"object-storage\", \"{testUserRead}\", and \"{false}\"\nβœ“ \"{result}\" is not an error\nβœ“ I refer to \"{result}\" as \"userStorage\"\nβœ“ I call \"{userStorage}\" with \"CreateBucket\" using argument \"test-cn05-read-only-create-container\"\nβœ“ \"{result}\" is an error\nβœ“ I attach \"{result}\" to the test output as \"read-only-create-bucket-error.txt\"", - "status_id": 1, - "time": 1772108330, - "time_dt": "2026-02-26T12:18:50Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN05.AR02 - Block Unauthorized Administrative Access" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772108345, - "created_time_dt": "2026-02-26T12:19:05Z", - "desc": "Compliance test scenario: Service allows administrative action (creating a new bucket) by user with admin access", - "title": "Service allows administrative action (creating a new bucket) by user with admin access", - "types": [], - "uid": "ccc-test-834-1772108345" - }, - "message": "Service allows administrative action (creating a new bucket) by user with admin access", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@CCC.Core", - "@CCC.Core.CN05", - "@tlp-clear", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@Behavioural", - "@object-storage" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "s3-bucket-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "s3-bucket-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "s3-bucket-flowing-porpoise" - } - ], - "severity": "Informational", - "severity_id": 1, - "status": "New", - "status_code": "PASS", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ I call \"{iamService}\" with \"ProvisionUserWithAccess\" using arguments \"test-user-admin-access\", \"{UID}\", and \"admin\"\nβœ“ I refer to \"{result}\" as \"testUserAdmin\"\nβœ“ I attach \"{result}\" to the test output as \"admin-user-identity.json\"\nβœ“ I call \"{api}\" with \"GetServiceAPIWithIdentity\" using arguments \"object-storage\", \"{testUserAdmin}\", and \"{true}\"\nβœ“ \"{result}\" is not an error\nβœ“ I refer to \"{result}\" as \"userStorage\"\nβœ“ I call \"{userStorage}\" with \"CreateBucket\" using argument \"test-cn05-authorized-admin-container\"\nβœ“ \"{result}\" is not an error\nβœ“ I attach \"{result}\" to the test output as \"admin-create-bucket-result.json\"\nβœ“ I call \"{storage}\" with \"DeleteBucket\" using argument \"test-cn05-authorized-admin-container\"", - "status_id": 1, - "time": 1772108345, - "time_dt": "2026-02-26T12:19:05Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN05.AR02 - Block Unauthorized Administrative Access" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772108361, - "created_time_dt": "2026-02-26T12:19:21Z", - "desc": "Compliance test scenario: Unauthorized administrative access is blocked", - "title": "Unauthorized administrative access is blocked", - "types": [], - "uid": "ccc-test-841-1772108361" - }, - "message": "Unauthorized administrative access is blocked", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@CCC.Core", - "@CCC.Core.CN05", - "@tlp-clear", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@Policy", - "@object-storage" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "s3-bucket-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "s3-bucket-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "s3-bucket-flowing-porpoise" - } - ], - "severity": "Informational", - "severity_id": 1, - "status": "New", - "status_code": "PASS", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ no-op required", - "status_id": 1, - "time": 1772108361, - "time_dt": "2026-02-26T12:19:21Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN05.AR02 - Block Unauthorized Administrative Access" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772108361, - "created_time_dt": "2026-02-26T12:19:21Z", - "desc": "Compliance test scenario: Cross-tenant access is blocked without explicit allowlist", - "title": "Cross-tenant access is blocked without explicit allowlist", - "types": [], - "uid": "ccc-test-859-1772108361" - }, - "message": "Cross-tenant access is blocked without explicit allowlist", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@CCC.Core", - "@CCC.Core.CN05", - "@tlp-clear", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@Policy", - "@object-storage" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "s3-bucket-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "s3-bucket-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "s3-bucket-flowing-porpoise" - } - ], - "severity": "Informational", - "severity_id": 1, - "status": "New", - "status_code": "PASS", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I attempt policy check \"object-storage-cross-tenant-block\" for control \"CCC.Core.CN05\" assessment requirement \"AR03\" for service \"{ServiceType}\" on resource \"{ResourceName}\" and provider \"{Provider}\"\nβœ“ \"{result}\" is true", - "status_id": 1, - "time": 1772108361, - "time_dt": "2026-02-26T12:19:21Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN05.AR03 - Block Cross-Tenant Access" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772108363, - "created_time_dt": "2026-02-26T12:19:23Z", - "desc": "Compliance test scenario: External unauthorized data requests are blocked", - "title": "External unauthorized data requests are blocked", - "types": [], - "uid": "ccc-test-873-1772108363" - }, - "message": "External unauthorized data requests are blocked", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@CCC.Core", - "@CCC.Core.CN05", - "@tlp-amber", - "@tlp-red", - "@Policy", - "@object-storage" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "s3-bucket-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "s3-bucket-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "s3-bucket-flowing-porpoise" - } - ], - "severity": "Informational", - "severity_id": 1, - "status": "New", - "status_code": "PASS", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ no-op required", - "status_id": 1, - "time": 1772108363, - "time_dt": "2026-02-26T12:19:23Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN05.AR04 - Block Unauthorized External Data Requests" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772108363, - "created_time_dt": "2026-02-26T12:19:23Z", - "desc": "Compliance test scenario: External requests do not reveal service existence", - "title": "External requests do not reveal service existence", - "types": [], - "uid": "ccc-test-886-1772108363" - }, - "message": "External requests do not reveal service existence", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@CCC.Core", - "@CCC.Core.CN05", - "@tlp-red", - "@Policy", - "@object-storage" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "s3-bucket-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "s3-bucket-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "s3-bucket-flowing-porpoise" - } - ], - "severity": "Informational", - "severity_id": 1, - "status": "New", - "status_code": "PASS", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ no-op required", - "status_id": 1, - "time": 1772108363, - "time_dt": "2026-02-26T12:19:23Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN05.AR05 - Hide Service Existence from External Requests" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772108363, - "created_time_dt": "2026-02-26T12:19:23Z", - "desc": "Compliance test scenario: Service prevents data read by user with no access", - "title": "Service prevents data read by user with no access", - "types": [], - "uid": "ccc-test-914-1772108363" - }, - "message": "Service prevents data read by user with no access", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@CCC.Core", - "@CCC.Core.CN05", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@Destructive", - "@Behavioural", - "@object-storage" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "s3-bucket-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "s3-bucket-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "s3-bucket-flowing-porpoise" - } - ], - "severity": "Informational", - "severity_id": 1, - "status": "New", - "status_code": "PASS", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ no-op required", - "status_id": 1, - "time": 1772108363, - "time_dt": "2026-02-26T12:19:23Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN05.AR06 - Block All Unauthorized Requests" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772108363, - "created_time_dt": "2026-02-26T12:19:23Z", - "desc": "Compliance test scenario: All unauthorized requests are blocked", - "title": "All unauthorized requests are blocked", - "types": [], - "uid": "ccc-test-921-1772108363" - }, - "message": "All unauthorized requests are blocked", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@CCC.Core", - "@CCC.Core.CN05", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@Policy", - "@object-storage" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "s3-bucket-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "s3-bucket-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "s3-bucket-flowing-porpoise" - } - ], - "severity": "Informational", - "severity_id": 1, - "status": "New", - "status_code": "PASS", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ no-op required", - "status_id": 1, - "time": 1772108363, - "time_dt": "2026-02-26T12:19:23Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN05.AR06 - Block All Unauthorized Requests" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772108363, - "created_time_dt": "2026-02-26T12:19:23Z", - "desc": "Compliance test scenario: Object storage region compliance", - "title": "Object storage region compliance", - "types": [], - "uid": "ccc-test-944-1772108363" - }, - "message": "Object storage region compliance", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@CCC.Core", - "@CCC.Core.CN06", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@Policy", - "@object-storage" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "s3-bucket-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "s3-bucket-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "s3-bucket-flowing-porpoise" - } - ], - "severity": "Medium", - "severity_id": 3, - "status": "New", - "status_code": "FAIL", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ— I attempt policy check \"object-storage-region\" for control \"CCC.Core.CN06\" assessment requirement \"AR01\" for service \"{ServiceType}\" on resource \"{ResourceName}\" and provider \"{Provider}\" - Error: policy check failed: S3 Bucket Region Compliance: \n⊘ \"{result}\" is true (skipped)", - "status_id": 1, - "time": 1772108363, - "time_dt": "2026-02-26T12:19:23Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN06.AR01 - Resource Location Compliance" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772108364, - "created_time_dt": "2026-02-26T12:19:24Z", - "desc": "Compliance test scenario: Child resources are in approved regions", - "title": "Child resources are in approved regions", - "types": [], - "uid": "ccc-test-965-1772108364" - }, - "message": "Child resources are in approved regions", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@CCC.Core", - "@CCC.Core.CN06", - "@tlp-clear", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@Policy", - "@object-storage" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "s3-bucket-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "s3-bucket-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "s3-bucket-flowing-porpoise" - } - ], - "severity": "Informational", - "severity_id": 1, - "status": "New", - "status_code": "PASS", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ no-op required", - "status_id": 1, - "time": 1772108364, - "time_dt": "2026-02-26T12:19:24Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN06.AR02 - Child Resource Location Compliance" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772108364, - "created_time_dt": "2026-02-26T12:19:24Z", - "desc": "Compliance test scenario: Enumeration activities publish events to monitored channels", - "title": "Enumeration activities publish events to monitored channels", - "types": [], - "uid": "ccc-test-981-1772108364" - }, - "message": "Enumeration activities publish events to monitored channels", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@CCC.Core", - "@CCC.Core.CN07", - "@tlp-amber", - "@tlp-red", - "@Policy", - "@object-storage" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "s3-bucket-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "s3-bucket-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "s3-bucket-flowing-porpoise" - } - ], - "severity": "Informational", - "severity_id": 1, - "status": "New", - "status_code": "PASS", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I attempt policy check \"enumeration-monitoring-policy\" for control \"CCC.Core.CN07\" assessment requirement \"AR01\" for service \"{ServiceType}\" on resource \"{ResourceName}\" and provider \"{Provider}\"\nβœ“ \"{result}\" is true", - "status_id": 1, - "time": 1772108364, - "time_dt": "2026-02-26T12:19:24Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN07.AR01 - Publish Enumeration Activity Events" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772108364, - "created_time_dt": "2026-02-26T12:19:24Z", - "desc": "Compliance test scenario: Enumeration activities are logged", - "title": "Enumeration activities are logged", - "types": [], - "uid": "ccc-test-997-1772108364" - }, - "message": "Enumeration activities are logged", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@CCC.Core", - "@CCC.Core.CN07", - "@tlp-clear", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@Policy", - "@object-storage" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "s3-bucket-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "s3-bucket-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "s3-bucket-flowing-porpoise" - } - ], - "severity": "Informational", - "severity_id": 1, - "status": "New", - "status_code": "PASS", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ no-op required", - "status_id": 1, - "time": 1772108364, - "time_dt": "2026-02-26T12:19:24Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN07.AR02 - Log Enumeration Activities" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772108364, - "created_time_dt": "2026-02-26T12:19:24Z", - "desc": "Compliance test scenario: Object storage replication compliance", - "title": "Object storage replication compliance", - "types": [], - "uid": "ccc-test-1014-1772108364" - }, - "message": "Object storage replication compliance", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@CCC.Core", - "@CCC.Core.CN08", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@Policy", - "@object-storage" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "s3-bucket-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "s3-bucket-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "s3-bucket-flowing-porpoise" - } - ], - "severity": "Medium", - "severity_id": 3, - "status": "New", - "status_code": "FAIL", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ— I attempt policy check \"object-storage-replication\" for control \"CCC.Core.CN08\" assessment requirement \"AR01\" for service \"{ServiceType}\" on resource \"{ResourceName}\" and provider \"{Provider}\" - Error: policy check failed: S3 Cross-Region Replication Configuration: query execution failed: exit status 254\nOutput: \nAn error occurred (ReplicationConfigurationNotFoundError) when calling the GetBucketReplication operation: The replication configuration was not found\n\n⊘ \"{result}\" is true (skipped)", - "status_id": 1, - "time": 1772108364, - "time_dt": "2026-02-26T12:19:24Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN08.AR01 - Data Replication and Redundancy" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772108365, - "created_time_dt": "2026-02-26T12:19:25Z", - "desc": "Compliance test scenario: Object storage replication status is visible", - "title": "Object storage replication status is visible", - "types": [], - "uid": "ccc-test-1031-1772108365" - }, - "message": "Object storage replication status is visible", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@CCC.Core", - "@CCC.Core.CN08", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@Policy", - "@object-storage" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "s3-bucket-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "s3-bucket-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "s3-bucket-flowing-porpoise" - } - ], - "severity": "Medium", - "severity_id": 3, - "status": "New", - "status_code": "FAIL", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ— I attempt policy check \"object-storage-replication-status\" for control \"CCC.Core.CN08\" assessment requirement \"AR02\" for service \"{ServiceType}\" on resource \"{ResourceName}\" and provider \"{Provider}\" - Error: policy check failed: S3 Replication Status Visibility: query execution failed: exit status 254\nOutput: \nAn error occurred (ReplicationConfigurationNotFoundError) when calling the GetBucketReplication operation: The replication configuration was not found\n\n⊘ \"{result}\" is true (skipped)", - "status_id": 1, - "time": 1772108365, - "time_dt": "2026-02-26T12:19:25Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN08.AR02 - Replication Status Visibility" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772108366, - "created_time_dt": "2026-02-26T12:19:26Z", - "desc": "Compliance test scenario: Object storage access logging compliance", - "title": "Object storage access logging compliance", - "types": [], - "uid": "ccc-test-1048-1772108366" - }, - "message": "Object storage access logging compliance", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@CCC.Core", - "@CCC.Core.CN09", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@Policy", - "@object-storage" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "s3-bucket-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "s3-bucket-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "s3-bucket-flowing-porpoise" - } - ], - "severity": "Medium", - "severity_id": 3, - "status": "New", - "status_code": "FAIL", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ— I attempt policy check \"object-storage-access-logging\" for control \"CCC.Core.CN09\" assessment requirement \"AR01\" for service \"{ServiceType}\" on resource \"{ResourceName}\" and provider \"{Provider}\" - Error: policy check failed: S3 Server Access Logging Configuration: \n⊘ \"{result}\" is true (skipped)", - "status_id": 1, - "time": 1772108366, - "time_dt": "2026-02-26T12:19:26Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN09.AR01 - Access Logging Separation" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772108367, - "created_time_dt": "2026-02-26T12:19:27Z", - "desc": "Compliance test scenario: Disabling logs requires disabling the resource", - "title": "Disabling logs requires disabling the resource", - "types": [], - "uid": "ccc-test-1064-1772108367" - }, - "message": "Disabling logs requires disabling the resource", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@CCC.Core", - "@CCC.Core.CN09", - "@tlp-clear", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@Policy", - "@object-storage" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "s3-bucket-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "s3-bucket-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "s3-bucket-flowing-porpoise" - } - ], - "severity": "Informational", - "severity_id": 1, - "status": "New", - "status_code": "PASS", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ no-op required", - "status_id": 1, - "time": 1772108367, - "time_dt": "2026-02-26T12:19:27Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN09.AR02 - Logs Cannot Be Disabled" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772108367, - "created_time_dt": "2026-02-26T12:19:27Z", - "desc": "Compliance test scenario: Redirecting logs requires halting the resource", - "title": "Redirecting logs requires halting the resource", - "types": [], - "uid": "ccc-test-1078-1772108367" - }, - "message": "Redirecting logs requires halting the resource", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@CCC.Core", - "@CCC.Core.CN09", - "@tlp-amber", - "@tlp-red", - "@Policy", - "@object-storage" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "s3-bucket-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "s3-bucket-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "s3-bucket-flowing-porpoise" - } - ], - "severity": "Informational", - "severity_id": 1, - "status": "New", - "status_code": "PASS", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ no-op required", - "status_id": 1, - "time": 1772108367, - "time_dt": "2026-02-26T12:19:27Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN09.AR03 - Log Redirection Requires Service Halt" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772108367, - "created_time_dt": "2026-02-26T12:19:27Z", - "desc": "Compliance test scenario: Object storage replication destination compliance", - "title": "Object storage replication destination compliance", - "types": [], - "uid": "ccc-test-1095-1772108367" - }, - "message": "Object storage replication destination compliance", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@CCC.Core", - "@CCC.Core.CN10", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@Policy", - "@object-storage" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "s3-bucket-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "s3-bucket-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "s3-bucket-flowing-porpoise" - } - ], - "severity": "Medium", - "severity_id": 3, - "status": "New", - "status_code": "FAIL", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ— I attempt policy check \"object-storage-replication-destination\" for control \"CCC.Core.CN10\" assessment requirement \"AR01\" for service \"{ServiceType}\" on resource \"{ResourceName}\" and provider \"{Provider}\" - Error: policy check failed: S3 Replication Destination Region Validation: query execution failed: exit status 254\nOutput: \nAn error occurred (ReplicationConfigurationNotFoundError) when calling the GetBucketReplication operation: The replication configuration was not found\n\n⊘ \"{result}\" is true (skipped)", - "status_id": 1, - "time": 1772108367, - "time_dt": "2026-02-26T12:19:27Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN10.AR01 - Replication Destination Trust" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772108368, - "created_time_dt": "2026-02-26T12:19:28Z", - "desc": "Compliance test scenario: Service prevents reading bucket with no access", - "title": "Service prevents reading bucket with no access", - "types": [], - "uid": "ccc-test-1146-1772108368" - }, - "message": "Service prevents reading bucket with no access", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@object-storage", - "@CCC.ObjStor", - "@tlp-amber", - "@tlp-red", - "@CCC.ObjStor.CN01.AR01", - "@Destructive" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "s3-bucket-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "s3-bucket-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "s3-bucket-flowing-porpoise" - } - ], - "severity": "Informational", - "severity_id": 1, - "status": "New", - "status_code": "PASS", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ I call \"{iamService}\" with \"ProvisionUserWithAccess\" using arguments \"test-user-no-access\", \"{UID}\", and \"none\"\nβœ“ I refer to \"{result}\" as \"testUserNoAccess\"\nβœ“ I attach \"{result}\" to the test output as \"no-access-user-identity.json\"\nβœ“ I call \"{api}\" with \"GetServiceAPIWithIdentity\" using arguments \"object-storage\", \"{testUserNoAccess}\", and \"{false}\"\nβœ“ \"{result}\" is not an error\nβœ“ I refer to \"{result}\" as \"userStorage\"\nβœ“ I call \"{userStorage}\" with \"ListObjects\" using argument \"{ResourceName}\"\nβœ“ \"{result}\" is an error\nβœ“ I attach \"{result}\" to the test output as \"no-access-list-error.txt\"", - "status_id": 1, - "time": 1772108368, - "time_dt": "2026-02-26T12:19:28Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.ObjStor.CN01.AR01" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772108368, - "created_time_dt": "2026-02-26T12:19:28Z", - "desc": "Compliance test scenario: Service allows reading bucket with read access", - "title": "Service allows reading bucket with read access", - "types": [], - "uid": "ccc-test-1162-1772108368" - }, - "message": "Service allows reading bucket with read access", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@object-storage", - "@CCC.ObjStor", - "@tlp-amber", - "@tlp-red", - "@CCC.ObjStor.CN01.AR01" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "s3-bucket-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "s3-bucket-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "s3-bucket-flowing-porpoise" - } - ], - "severity": "Medium", - "severity_id": 3, - "status": "New", - "status_code": "FAIL", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ I call \"{iamService}\" with \"ProvisionUserWithAccess\" using arguments \"test-user-read\", \"{UID}\", and \"read\"\nβœ“ I refer to \"{result}\" as \"testUserRead\"\nβœ“ I attach \"{result}\" to the test output as \"read-user-identity.json\"\nβœ“ I call \"{api}\" with \"GetServiceAPIWithIdentity\" using arguments \"object-storage\", \"{testUserRead}\", and \"{true}\"\nβœ— \"{result}\" is not an error - Error: expected {result} to not be an error, but got: user provisioning validation failed: user permissions validation timed out after 12 attempts: credentials not ready for S3 access: operation error S3: ListBuckets, https response error StatusCode: 403, RequestID: 01KZGAAEAV2R1F8W, HostID: sMFBtqfMtjbZ5YipwnqKC6wH1SL6AZnHVYjyzPVY9pB8QIWEzvX4hPa1tppz5AtrEEeJq8YNsPk=, api error AccessDenied: User: arn:aws:iam::211203495394:user/test-user-read is not authorized to perform: s3:ListAllMyBuckets because no identity-based policy allows the s3:ListAllMyBuckets action\n⊘ I attach \"{result}\" to the test output as \"read-storage-service.json\" (skipped)\n⊘ I refer to \"{result}\" as \"userStorage\" (skipped)\n⊘ I call \"{userStorage}\" with \"ListObjects\" using argument \"{ResourceName}\" (skipped)\n⊘ \"{result}\" is not an error (skipped)\n⊘ I attach \"{result}\" to the test output as \"read-list-objects-result.json\" (skipped)", - "status_id": 1, - "time": 1772108368, - "time_dt": "2026-02-26T12:19:28Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.ObjStor.CN01.AR01" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772108439, - "created_time_dt": "2026-02-26T12:20:39Z", - "desc": "Compliance test scenario: Test policy", - "title": "Test policy", - "types": [], - "uid": "ccc-test-1163-1772108439" - }, - "message": "Test policy", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@object-storage", - "@CCC.ObjStor", - "@tlp-amber", - "@tlp-red", - "@CCC.ObjStor.CN01.AR01", - "@Policy" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "s3-bucket-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "s3-bucket-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "s3-bucket-flowing-porpoise" - } - ], - "severity": "Informational", - "severity_id": 1, - "status": "New", - "status_code": "PASS", - "status_detail": "", - "status_id": 1, - "time": 1772108439, - "time_dt": "2026-02-26T12:20:39Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.ObjStor.CN01.AR01" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772108439, - "created_time_dt": "2026-02-26T12:20:39Z", - "desc": "Compliance test scenario: Service prevents reading object with no access", - "title": "Service prevents reading object with no access", - "types": [], - "uid": "ccc-test-1216-1772108439" - }, - "message": "Service prevents reading object with no access", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@object-storage", - "@CCC.ObjStor", - "@tlp-amber", - "@tlp-red", - "@CCC.ObjStor.CN01.AR02" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "s3-bucket-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "s3-bucket-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "s3-bucket-flowing-porpoise" - } - ], - "severity": "Medium", - "severity_id": 3, - "status": "New", - "status_code": "FAIL", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ I call \"{storage}\" with \"CreateObject\" using arguments \"{ResourceName}\", \"test-object.txt\", and \"test content\"\nβœ— \"{result}\" is not an error - Error: expected {result} to not be an error, but got: failed to create object test-object.txt in bucket s3-bucket-flowing-porpoise: operation error S3: PutObject, https response error StatusCode: 403, RequestID: 01KJDC5HSRQV63A3, HostID: PxpunQofLMv6wUdQcVih6SMsIqJnorVsyuOTPppKfQcTkG78UsdZXeipavNfNqJNcQKbAtb0NnAaXsloilATIB1Kadtqb0Mp, api error AccessDenied: User: arn:aws:sts::211203495394:assumed-role/TerraformRole/GitHubActions is not authorized to perform: s3:PutObject on resource: \"arn:aws:s3:::s3-bucket-flowing-porpoise/test-object.txt\" with an explicit deny in a resource-based policy\n⊘ I call \"{iamService}\" with \"ProvisionUserWithAccess\" using arguments \"test-user-no-access\", \"{UID}\", and \"none\" (skipped)\n⊘ I refer to \"{result}\" as \"testUserNoAccess\" (skipped)\n⊘ I attach \"{result}\" to the test output as \"no-access-user-identity.json\" (skipped)\n⊘ I call \"{api}\" with \"GetServiceAPIWithIdentity\" using arguments \"object-storage\", \"{testUserNoAccess}\", and \"{false}\" (skipped)\n⊘ \"{result}\" is not an error (skipped)\n⊘ I refer to \"{result}\" as \"userStorage\" (skipped)\n⊘ I call \"{userStorage}\" with \"ReadObject\" using arguments \"{ResourceName}\" and \"test-object.txt\" (skipped)\n⊘ \"{result}\" is an error (skipped)\n⊘ I attach \"{result}\" to the test output as \"no-access-read-object-error.txt\" (skipped)", - "status_id": 1, - "time": 1772108439, - "time_dt": "2026-02-26T12:20:39Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.ObjStor.CN01.AR02" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772108439, - "created_time_dt": "2026-02-26T12:20:39Z", - "desc": "Compliance test scenario: Service allows reading object with read access", - "title": "Service allows reading object with read access", - "types": [], - "uid": "ccc-test-1235-1772108439" - }, - "message": "Service allows reading object with read access", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@object-storage", - "@CCC.ObjStor", - "@tlp-amber", - "@tlp-red", - "@CCC.ObjStor.CN01.AR02" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "s3-bucket-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "s3-bucket-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "s3-bucket-flowing-porpoise" - } - ], - "severity": "Medium", - "severity_id": 3, - "status": "New", - "status_code": "FAIL", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ I call \"{storage}\" with \"CreateObject\" using arguments \"{ResourceName}\", \"test-object.txt\", and \"test content\"\nβœ— \"{result}\" is not an error - Error: expected {result} to not be an error, but got: failed to create object test-object.txt in bucket s3-bucket-flowing-porpoise: operation error S3: PutObject, https response error StatusCode: 403, RequestID: Z2C4QB1Z0Y3V1A9S, HostID: pCiicE4wp1gF7BJ2LYsQp1supax2iKtxqzgRmD4XkNQhRHo5k4LBpvMD0TbVNZKBIdGwbDpsimlyae8Bx+f4kX0Xl0Ahroi7, api error AccessDenied: User: arn:aws:sts::211203495394:assumed-role/TerraformRole/GitHubActions is not authorized to perform: s3:PutObject on resource: \"arn:aws:s3:::s3-bucket-flowing-porpoise/test-object.txt\" with an explicit deny in a resource-based policy\n⊘ I call \"{iamService}\" with \"ProvisionUserWithAccess\" using arguments \"test-user-read\", \"{UID}\", and \"read\" (skipped)\n⊘ I refer to \"{result}\" as \"testUserRead\" (skipped)\n⊘ I attach \"{result}\" to the test output as \"read-user-identity.json\" (skipped)\n⊘ I call \"{api}\" with \"GetServiceAPIWithIdentity\" using arguments \"object-storage\", \"{testUserRead}\", and \"{true}\" (skipped)\n⊘ \"{result}\" is not an error (skipped)\n⊘ I attach \"{result}\" to the test output as \"read-storage-service.json\" (skipped)\n⊘ I refer to \"{result}\" as \"userStorage\" (skipped)\n⊘ I call \"{userStorage}\" with \"ReadObject\" using arguments \"{ResourceName}\" and \"test-object.txt\" (skipped)\n⊘ \"{result}\" is not an error (skipped)\n⊘ I attach \"{result}\" to the test output as \"read-read-object-result.json\" (skipped)\n⊘ I call \"{storage}\" with \"DeleteObject\" using arguments \"{ResourceName}\" and \"test-object.txt\" (skipped)", - "status_id": 1, - "time": 1772108439, - "time_dt": "2026-02-26T12:20:39Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.ObjStor.CN01.AR02" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772108440, - "created_time_dt": "2026-02-26T12:20:40Z", - "desc": "Compliance test scenario: Service prevents creating bucket with no access", - "title": "Service prevents creating bucket with no access", - "types": [], - "uid": "ccc-test-1286-1772108440" - }, - "message": "Service prevents creating bucket with no access", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@object-storage", - "@CCC.ObjStor", - "@tlp-clear", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@CCC.ObjStor.CN01.AR03" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "s3-bucket-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "s3-bucket-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "s3-bucket-flowing-porpoise" - } - ], - "severity": "Informational", - "severity_id": 1, - "status": "New", - "status_code": "PASS", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ I call \"{iamService}\" with \"ProvisionUserWithAccess\" using arguments \"test-user-no-access\", \"{UID}\", and \"none\"\nβœ“ I refer to \"{result}\" as \"testUserNoAccess\"\nβœ“ I attach \"{result}\" to the test output as \"no-access-user-identity.json\"\nβœ“ I call \"{api}\" with \"GetServiceAPIWithIdentity\" using arguments \"object-storage\", \"{testUserNoAccess}\", and \"{false}\"\nβœ“ \"{result}\" is not an error\nβœ“ I refer to \"{result}\" as \"userStorage\"\nβœ“ I call \"{userStorage}\" with \"CreateBucket\" using argument \"test-bucket-no-access\"\nβœ“ \"{result}\" is an error\nβœ“ I attach \"{result}\" to the test output as \"no-access-create-bucket-error.txt\"", - "status_id": 1, - "time": 1772108440, - "time_dt": "2026-02-26T12:20:40Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.ObjStor.CN01.AR03" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772108440, - "created_time_dt": "2026-02-26T12:20:40Z", - "desc": "Compliance test scenario: Service allows creating bucket with write access", - "title": "Service allows creating bucket with write access", - "types": [], - "uid": "ccc-test-1303-1772108440" - }, - "message": "Service allows creating bucket with write access", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@object-storage", - "@CCC.ObjStor", - "@tlp-clear", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@CCC.ObjStor.CN01.AR03" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "s3-bucket-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "s3-bucket-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "s3-bucket-flowing-porpoise" - } - ], - "severity": "Medium", - "severity_id": 3, - "status": "New", - "status_code": "FAIL", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ I call \"{iamService}\" with \"ProvisionUserWithAccess\" using arguments \"test-user-write\", \"{UID}\", and \"write\"\nβœ“ I refer to \"{result}\" as \"testUserWrite\"\nβœ“ I attach \"{result}\" to the test output as \"write-user-identity.json\"\nβœ“ I call \"{api}\" with \"GetServiceAPIWithIdentity\" using arguments \"object-storage\", \"{testUserWrite}\", and \"{true}\"\nβœ— \"{result}\" is not an error - Error: expected {result} to not be an error, but got: user provisioning validation failed: user permissions validation timed out after 12 attempts: credentials not ready for S3 access: operation error S3: ListBuckets, https response error StatusCode: 403, RequestID: 2YXWPJ5FQC180XBV, HostID: 4z7Zq6qtR6tKpbQXQH4UrisY7fF/NNXBCp1xIimQfGxAeFaJP/MBbbAAR1mXJsADCfCJW+bYZxI=, api error AccessDenied: User: arn:aws:iam::211203495394:user/test-user-write is not authorized to perform: s3:ListAllMyBuckets because no identity-based policy allows the s3:ListAllMyBuckets action\n⊘ I attach \"{result}\" to the test output as \"write-storage-service.json\" (skipped)\n⊘ I refer to \"{result}\" as \"userStorage\" (skipped)\n⊘ I call \"{userStorage}\" with \"CreateBucket\" using argument \"test-bucket-write\" (skipped)\n⊘ \"{result}\" is not an error (skipped)\n⊘ I attach \"{result}\" to the test output as \"write-create-bucket-result.json\" (skipped)\n⊘ I call \"{storage}\" with \"DeleteBucket\" using argument \"{result.ID}\" (skipped)", - "status_id": 1, - "time": 1772108440, - "time_dt": "2026-02-26T12:20:40Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.ObjStor.CN01.AR03" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772108510, - "created_time_dt": "2026-02-26T12:21:50Z", - "desc": "Compliance test scenario: Service prevents writing object with read-only access", - "title": "Service prevents writing object with read-only access", - "types": [], - "uid": "ccc-test-1358-1772108510" - }, - "message": "Service prevents writing object with read-only access", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@object-storage", - "@CCC.ObjStor", - "@tlp-clear", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@CCC.ObjStor.CN01.AR04" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "s3-bucket-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "s3-bucket-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "s3-bucket-flowing-porpoise" - } - ], - "severity": "Medium", - "severity_id": 3, - "status": "New", - "status_code": "FAIL", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ \"{result}\" is not an error\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ \"{result}\" is not an error\nβœ“ I call \"{iamService}\" with \"ProvisionUserWithAccess\" using arguments \"test-user-read\", \"{UID}\", and \"read\"\nβœ“ I refer to \"{result}\" as \"testUserRead\"\nβœ“ I attach \"{result}\" to the test output as \"read-user-identity.json\"\nβœ“ I call \"{api}\" with \"GetServiceAPIWithIdentity\" using arguments \"object-storage\", \"{testUserRead}\", and \"{true}\"\nβœ— \"{result}\" is not an error - Error: expected {result} to not be an error, but got: user provisioning validation failed: user permissions validation timed out after 12 attempts: credentials not ready for S3 access: operation error S3: ListBuckets, https response error StatusCode: 403, RequestID: PWMR5KSQHZ9BQW18, HostID: XO/cbI7fq0xiDAFYnvEK6CEn53xsVzFrDuuuptIoGzCvLSLN27f8VubHNqUrB2XYJFKe1/FYb+s=, api error AccessDenied: User: arn:aws:iam::211203495394:user/test-user-read is not authorized to perform: s3:ListAllMyBuckets because no identity-based policy allows the s3:ListAllMyBuckets action\n⊘ I refer to \"{result}\" as \"userStorage\" (skipped)\n⊘ I call \"{userStorage}\" with \"CreateObject\" using arguments \"{ResourceName}\", \"test-write-object.txt\", and \"test content\" (skipped)\n⊘ \"{result}\" is an error (skipped)\n⊘ I attach \"{result}\" to the test output as \"read-create-object-error.txt\" (skipped)", - "status_id": 1, - "time": 1772108510, - "time_dt": "2026-02-26T12:21:50Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.ObjStor.CN01.AR04" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772108565, - "created_time_dt": "2026-02-26T12:22:45Z", - "desc": "Compliance test scenario: Service allows writing object with write access", - "title": "Service allows writing object with write access", - "types": [], - "uid": "ccc-test-1377-1772108565" - }, - "message": "Service allows writing object with write access", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@object-storage", - "@CCC.ObjStor", - "@tlp-clear", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@CCC.ObjStor.CN01.AR04" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "s3-bucket-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "s3-bucket-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "s3-bucket-flowing-porpoise" - } - ], - "severity": "Medium", - "severity_id": 3, - "status": "New", - "status_code": "FAIL", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ \"{result}\" is not an error\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ \"{result}\" is not an error\nβœ“ I call \"{iamService}\" with \"ProvisionUserWithAccess\" using arguments \"test-user-write\", \"{UID}\", and \"write\"\nβœ“ I refer to \"{result}\" as \"testUserWrite\"\nβœ“ I attach \"{result}\" to the test output as \"write-user-identity.json\"\nβœ“ I call \"{api}\" with \"GetServiceAPIWithIdentity\" using arguments \"object-storage\", \"{testUserWrite}\", and \"{true}\"\nβœ— \"{result}\" is not an error - Error: expected {result} to not be an error, but got: user provisioning validation failed: user permissions validation timed out after 12 attempts: credentials not ready for S3 access: operation error S3: ListBuckets, https response error StatusCode: 403, RequestID: N623ZCJJX4A2T6PZ, HostID: bKNoHIkAulhO5vd8AZ24vWcq52gALKJ5oODZKVL7pA4FXEB3l0Hl91YnCHf7eMN3gq/brWyPd+k=, api error AccessDenied: User: arn:aws:iam::211203495394:user/test-user-write is not authorized to perform: s3:ListAllMyBuckets because no identity-based policy allows the s3:ListAllMyBuckets action\n⊘ I attach \"{result}\" to the test output as \"write-storage-service.json\" (skipped)\n⊘ I refer to \"{result}\" as \"userStorage\" (skipped)\n⊘ I call \"{userStorage}\" with \"CreateObject\" using arguments \"{ResourceName}\", \"test-write-object.txt\", and \"test content\" (skipped)\n⊘ \"{result}\" is not an error (skipped)\n⊘ I attach \"{result}\" to the test output as \"write-create-object-result.json\" (skipped)\n⊘ I call \"{storage}\" with \"DeleteObject\" using arguments \"{ResourceName}\" and \"test-write-object.txt\" (skipped)", - "status_id": 1, - "time": 1772108565, - "time_dt": "2026-02-26T12:22:45Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.ObjStor.CN01.AR04" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772108621, - "created_time_dt": "2026-02-26T12:23:41Z", - "desc": "Compliance test scenario: Service enforces uniform bucket-level access by rejecting object-level permissions", - "title": "Service enforces uniform bucket-level access by rejecting object-level permissions", - "types": [], - "uid": "ccc-test-1426-1772108621" - }, - "message": "Service enforces uniform bucket-level access by rejecting object-level permissions", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@object-storage", - "@CCC.ObjStor", - "@tlp-amber", - "@tlp-red", - "@CCC.ObjStor.CN02.AR01" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "s3-bucket-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "s3-bucket-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "s3-bucket-flowing-porpoise" - } - ], - "severity": "Medium", - "severity_id": 3, - "status": "New", - "status_code": "FAIL", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ I call \"{storage}\" with \"CreateObject\" using arguments \"{ResourceName}\", \"test-object.txt\", and \"test data\"\nβœ— \"{result}\" is not an error - Error: expected {result} to not be an error, but got: failed to create object test-object.txt in bucket s3-bucket-flowing-porpoise: operation error S3: PutObject, https response error StatusCode: 403, RequestID: N62E10KH4SKSPJBW, HostID: MlXj/xSkjVRTfoww6mq6uywNJu3D4zDeqZUsQ22PNFDyrrJ9FA6xRG8qh5/G6aWBwQqyPxPSjhjsKeuR+1w7oXqOfiZWpv9J, api error AccessDenied: User: arn:aws:sts::211203495394:assumed-role/TerraformRole/GitHubActions is not authorized to perform: s3:PutObject on resource: \"arn:aws:s3:::s3-bucket-flowing-porpoise/test-object.txt\" with an explicit deny in a resource-based policy\n⊘ I call \"{iamService}\" with \"ProvisionUserWithAccess\" using arguments \"test-user-read\", \"{UID}\", and \"read\" (skipped)\n⊘ I refer to \"{result}\" as \"testUserRead\" (skipped)\n⊘ I attach \"{result}\" to the test output as \"read-user-identity.json\" (skipped)\n⊘ I call \"{api}\" with \"GetServiceAPIWithIdentity\" using arguments \"object-storage\", \"{testUserRead}\", and \"{true}\" (skipped)\n⊘ \"{result}\" is not an error (skipped)\n⊘ I refer to \"{result}\" as \"userStorage\" (skipped)\n⊘ I call \"{userStorage}\" with \"ReadObject\" using arguments \"{ResourceName}\" and \"test-object.txt\" (skipped)\n⊘ \"{result}\" is not an error (skipped)\n⊘ I call \"{storage}\" with \"SetObjectPermission\" using arguments \"{ResourceName}\", \"test-object.txt\", and \"none\" (skipped)\n⊘ \"{result}\" is an error (skipped)\n⊘ I attach \"{result}\" to the test output as \"set-object-permission-error.txt\" (skipped)\n⊘ I call \"{userStorage}\" with \"ReadObject\" using arguments \"{ResourceName}\" and \"test-object.txt\" (skipped)\n⊘ \"{result}\" is not an error (skipped)", - "status_id": 1, - "time": 1772108621, - "time_dt": "2026-02-26T12:23:41Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.ObjStor.CN02.AR01 - Uniform Bucket-Level Access (Consistent Allow)" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772108621, - "created_time_dt": "2026-02-26T12:23:41Z", - "desc": "Compliance test scenario: Service enforces uniform bucket-level access denial", - "title": "Service enforces uniform bucket-level access denial", - "types": [], - "uid": "ccc-test-1475-1772108621" - }, - "message": "Service enforces uniform bucket-level access denial", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@object-storage", - "@CCC.ObjStor", - "@tlp-amber", - "@tlp-red", - "@CCC.ObjStor.CN02.AR02" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "s3-bucket-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "s3-bucket-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "s3-bucket-flowing-porpoise" - } - ], - "severity": "Medium", - "severity_id": 3, - "status": "New", - "status_code": "FAIL", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ I call \"{storage}\" with \"CreateObject\" using arguments \"{ResourceName}\", \"test-object.txt\", and \"test data\"\nβœ— \"{result}\" is not an error - Error: expected {result} to not be an error, but got: failed to create object test-object.txt in bucket s3-bucket-flowing-porpoise: operation error S3: PutObject, https response error StatusCode: 403, RequestID: N62ANVRAZSV7YP3A, HostID: lARub1cW/lmSapg4UA72KJxMB6s+verc29ympqAuZbrVJO1EfXGCaLdyCODllSAMu7V7ntXhvPk=, api error AccessDenied: User: arn:aws:sts::211203495394:assumed-role/TerraformRole/GitHubActions is not authorized to perform: s3:PutObject on resource: \"arn:aws:s3:::s3-bucket-flowing-porpoise/test-object.txt\" with an explicit deny in a resource-based policy\n⊘ I call \"{iamService}\" with \"ProvisionUserWithAccess\" using arguments \"test-user-no-access\", \"{UID}\", and \"none\" (skipped)\n⊘ I refer to \"{result}\" as \"testUserNoAccess\" (skipped)\n⊘ I attach \"{result}\" to the test output as \"no-access-user-identity.json\" (skipped)\n⊘ I call \"{api}\" with \"GetServiceAPIWithIdentity\" using arguments \"object-storage\", \"{testUserNoAccess}\", and \"{false}\" (skipped)\n⊘ \"{result}\" is not an error (skipped)\n⊘ I refer to \"{result}\" as \"userStorage\" (skipped)\n⊘ I call \"{userStorage}\" with \"ReadObject\" using arguments \"{ResourceName}\" and \"test-object.txt\" (skipped)\n⊘ \"{result}\" is an error (skipped)\n⊘ I call \"{storage}\" with \"SetObjectPermission\" using arguments \"{ResourceName}\", \"test-object.txt\", and \"read\" (skipped)\n⊘ \"{result}\" is an error (skipped)\n⊘ I attach \"{result}\" to the test output as \"set-object-permission-error.txt\" (skipped)\n⊘ I call \"{userStorage}\" with \"ReadObject\" using arguments \"{ResourceName}\" and \"test-object.txt\" (skipped)\n⊘ \"{result}\" is an error (skipped)", - "status_id": 1, - "time": 1772108621, - "time_dt": "2026-02-26T12:23:41Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.ObjStor.CN02.AR02 - Uniform Bucket-Level Access (Consistent Deny)" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772108621, - "created_time_dt": "2026-02-26T12:23:41Z", - "desc": "Compliance test scenario: Service supports bucket soft delete and recovery", - "title": "Service supports bucket soft delete and recovery", - "types": [], - "uid": "ccc-test-1524-1772108621" - }, - "message": "Service supports bucket soft delete and recovery", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@object-storage", - "@CCC.ObjStor", - "@tlp-amber", - "@tlp-red", - "@CCC.ObjStor.CN03.AR01" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "s3-bucket-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "s3-bucket-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "s3-bucket-flowing-porpoise" - } - ], - "severity": "Medium", - "severity_id": 3, - "status": "New", - "status_code": "FAIL", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{storage}\" with \"CreateBucket\" using argument \"ccc-test-soft-delete\"\nβœ“ \"{result}\" is not an error\nβœ“ I refer to \"{result}\" as \"testBucket\"\nβœ“ I attach \"{result}\" to the test output as \"created-bucket.json\"\nβœ“ I call \"{storage}\" with \"DeleteBucket\" using argument \"ccc-test-soft-delete\"\nβœ“ \"{result}\" is not an error\nβœ“ I call \"{storage}\" with \"ListDeletedBuckets\"\nβœ— \"{result}\" is not an error - Error: expected {result} to not be an error, but got: AWS S3 does not support bucket-level soft delete - bucket deletion is immediate and permanent\n⊘ I attach \"{result}\" to the test output as \"deleted-buckets.json\" (skipped)\n? \"{result}\" should have length greater than \"0\" (undefined)\n⊘ I call \"{storage}\" with \"RestoreBucket\" using argument \"ccc-test-soft-delete\" (skipped)\n⊘ \"{result}\" is not an error (skipped)\n⊘ I call \"{storage}\" with \"ListBuckets\" (skipped)\n⊘ \"{result}\" is not an error (skipped)\n⊘ I attach \"{result}\" to the test output as \"restored-buckets.json\" (skipped)\n⊘ I call \"{storage}\" with \"DeleteBucket\" using argument \"ccc-test-soft-delete\" (skipped)\n⊘ \"{result}\" is not an error (skipped)", - "status_id": 1, - "time": 1772108621, - "time_dt": "2026-02-26T12:23:41Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.ObjStor.CN03.AR01 - Bucket Soft Delete and Recovery" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772108622, - "created_time_dt": "2026-02-26T12:23:42Z", - "desc": "Compliance test scenario: Service prevents modification of locked retention policy", - "title": "Service prevents modification of locked retention policy", - "types": [], - "uid": "ccc-test-1561-1772108622" - }, - "message": "Service prevents modification of locked retention policy", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@object-storage", - "@CCC.ObjStor", - "@tlp-amber", - "@tlp-red", - "@CCC.ObjStor.CN03.AR02" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "s3-bucket-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "s3-bucket-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "s3-bucket-flowing-porpoise" - } - ], - "severity": "Medium", - "severity_id": 3, - "status": "New", - "status_code": "FAIL", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{storage}\" with \"GetBucketRetentionDurationDays\" using argument \"{ResourceName}\"\nβœ“ \"{result}\" is not an error\nβœ“ I refer to \"{result}\" as \"originalRetention\"\nβœ“ I attach \"{result}\" to the test output as \"original-retention-days.txt\"\nβœ— \"{result}\" should be greater than \"0\" - Error: expected {result} (0) to be greater than 0\n⊘ I call \"{storage}\" with \"SetBucketRetentionDurationDays\" using arguments \"{ResourceName}\" and \"1\" (skipped)\n⊘ \"{result}\" is an error (skipped)\n⊘ I attach \"{result}\" to the test output as \"set-retention-error.txt\" (skipped)\n⊘ I call \"{storage}\" with \"GetBucketRetentionDurationDays\" using argument \"{ResourceName}\" (skipped)\n⊘ \"{result}\" is not an error (skipped)\n? \"{result}\" should equal \"{originalRetention}\" (undefined)", - "status_id": 1, - "time": 1772108622, - "time_dt": "2026-02-26T12:23:42Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.ObjStor.CN03.AR02 - Immutable Bucket Retention Policy" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772108622, - "created_time_dt": "2026-02-26T12:23:42Z", - "desc": "Compliance test scenario: Service applies default retention policy to newly uploaded object", - "title": "Service applies default retention policy to newly uploaded object", - "types": [], - "uid": "ccc-test-1617-1772108622" - }, - "message": "Service applies default retention policy to newly uploaded object", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@object-storage", - "@CCC.ObjStor", - "@tlp-clear", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@CCC.ObjStor.CN04.AR01" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "s3-bucket-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "s3-bucket-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "s3-bucket-flowing-porpoise" - } - ], - "severity": "Medium", - "severity_id": 3, - "status": "New", - "status_code": "FAIL", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ I call \"{iamService}\" with \"ProvisionUserWithAccess\" using arguments \"test-user-write\", \"{UID}\", and \"write\"\nβœ“ I refer to \"{result}\" as \"testUserWrite\"\nβœ“ I attach \"{result}\" to the test output as \"write-user-identity.json\"\nβœ“ I call \"{api}\" with \"GetServiceAPIWithIdentity\" using arguments \"object-storage\", \"{testUserWrite}\", and \"{true}\"\nβœ— \"{result}\" is not an error - Error: expected {result} to not be an error, but got: user provisioning validation failed: user permissions validation timed out after 12 attempts: credentials not ready for S3 access: operation error S3: ListBuckets, https response error StatusCode: 403, RequestID: X0F025A36G2RXZN2, HostID: wX6lj1OyU+2Fld700maye043/1OlzgR/8NgJrepLwI0KPmPajaMygjrlCmnzP11RdJItHTLRj/0=, api error AccessDenied: User: arn:aws:iam::211203495394:user/test-user-write is not authorized to perform: s3:ListAllMyBuckets because no identity-based policy allows the s3:ListAllMyBuckets action\n⊘ I refer to \"{result}\" as \"userStorage\" (skipped)\n⊘ I call \"{userStorage}\" with \"CreateObject\" using arguments \"{ResourceName}\", \"test-retention-object.txt\", and \"protected data\" (skipped)\n⊘ I attach \"{result}\" to the test output as \"uploaded-object.json\" (skipped)\n⊘ I call \"{userStorage}\" with \"GetObjectRetentionDurationDays\" using arguments \"{ResourceName}\" and \"test-retention-object.txt\" (skipped)\n⊘ \"{result}\" should be greater than \"1\" (skipped)\n⊘ I call \"{storage}\" with \"DeleteObject\" using arguments \"{ResourceName}\" and \"test-retention-object.txt\" (skipped)", - "status_id": 1, - "time": 1772108622, - "time_dt": "2026-02-26T12:23:42Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.ObjStor.CN04.AR01" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772108677, - "created_time_dt": "2026-02-26T12:24:37Z", - "desc": "Compliance test scenario: Service enforces retention policy on newly created objects", - "title": "Service enforces retention policy on newly created objects", - "types": [], - "uid": "ccc-test-1629-1772108677" - }, - "message": "Service enforces retention policy on newly created objects", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@object-storage", - "@CCC.ObjStor", - "@tlp-clear", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@CCC.ObjStor.CN04.AR01" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "s3-bucket-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "s3-bucket-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "s3-bucket-flowing-porpoise" - } - ], - "severity": "Medium", - "severity_id": 3, - "status": "New", - "status_code": "FAIL", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ I call \"{storage}\" with \"CreateObject\" using arguments \"{ResourceName}\", \"immediate-delete-test.txt\", and \"test content\"\nβœ— \"{result}\" is not an error - Error: expected {result} to not be an error, but got: failed to create object immediate-delete-test.txt in bucket s3-bucket-flowing-porpoise: operation error S3: PutObject, https response error StatusCode: 403, RequestID: 35658VMN30XQK0FT, HostID: OsCFHAnLAcCzTUzpktoZ/O7XjdqHV7xohSkwt8eq/87703aOt2SRUS13+7RP7SjF4f88kdyxdrn5QTFibzkv7qB1LeTiVA1T, api error AccessDenied: User: arn:aws:sts::211203495394:assumed-role/TerraformRole/GitHubActions is not authorized to perform: s3:PutObject on resource: \"arn:aws:s3:::s3-bucket-flowing-porpoise/immediate-delete-test.txt\" with an explicit deny in a resource-based policy\n⊘ I call \"{storage}\" with \"DeleteObject\" using arguments \"{ResourceName}\" and \"immediate-delete-test.txt\" (skipped)\n⊘ \"{result}\" is an error (skipped)\n⊘ I attach \"{result}\" to the test output as \"immediate-delete-error.txt\" (skipped)\n? \"{result}\" should contain \"retention\" (undefined)", - "status_id": 1, - "time": 1772108677, - "time_dt": "2026-02-26T12:24:37Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.ObjStor.CN04.AR01" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772108678, - "created_time_dt": "2026-02-26T12:24:38Z", - "desc": "Compliance test scenario: Service validates retention period meets minimum requirements", - "title": "Service validates retention period meets minimum requirements", - "types": [], - "uid": "ccc-test-1640-1772108678" - }, - "message": "Service validates retention period meets minimum requirements", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@object-storage", - "@CCC.ObjStor", - "@tlp-clear", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@CCC.ObjStor.CN04.AR01" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "s3-bucket-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "s3-bucket-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "s3-bucket-flowing-porpoise" - } - ], - "severity": "Medium", - "severity_id": 3, - "status": "New", - "status_code": "FAIL", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ I call \"{storage}\" with \"CreateObject\" using arguments \"{ResourceName}\", \"retention-period-test.txt\", and \"compliance data\"\nβœ“ I call \"{storage}\" with \"GetObjectRetentionDurationDays\" using arguments \"{ResourceName}\" and \"retention-period-test.txt\"\nβœ— \"{result}\" should be greater than \"1\" - Error: expected {result} (0) to be greater than 1\n⊘ I attach \"{result}\" to the test output as \"retention-period-days.json\" (skipped)\n⊘ I call \"{storage}\" with \"DeleteObject\" using arguments \"{ResourceName}\" and \"retention-period-test.txt\" (skipped)", - "status_id": 1, - "time": 1772108678, - "time_dt": "2026-02-26T12:24:38Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.ObjStor.CN04.AR01" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772108678, - "created_time_dt": "2026-02-26T12:24:38Z", - "desc": "Compliance test scenario: Service prevents object deletion by write user during retention period", - "title": "Service prevents object deletion by write user during retention period", - "types": [], - "uid": "ccc-test-1722-1772108678" - }, - "message": "Service prevents object deletion by write user during retention period", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@object-storage", - "@CCC.ObjStor", - "@tlp-clear", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@CCC.ObjStor.CN04.AR02" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "s3-bucket-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "s3-bucket-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "s3-bucket-flowing-porpoise" - } - ], - "severity": "Medium", - "severity_id": 3, - "status": "New", - "status_code": "FAIL", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ I call \"{iamService}\" with \"ProvisionUserWithAccess\" using arguments \"test-user-write\", \"{UID}\", and \"write\"\nβœ“ I refer to \"{result}\" as \"testUserWrite\"\nβœ“ I attach \"{result}\" to the test output as \"write-user-identity.json\"\nβœ“ I call \"{api}\" with \"GetServiceAPIWithIdentity\" using arguments \"object-storage\", \"{testUserWrite}\", and \"{true}\"\nβœ— \"{result}\" is not an error - Error: expected {result} to not be an error, but got: user provisioning validation failed: user permissions validation timed out after 12 attempts: credentials not ready for S3 access: operation error S3: ListBuckets, https response error StatusCode: 403, RequestID: ZAF3AP2RSN4R2ZZC, HostID: xVFCusShtId0+1Kp0dOu4XPr38UORJWa5sKrheQa8m6rtgyDxBHmx54I8b/QC+ecZkbogsiEZqA1xnSHbI7bZJx/dVLv/NZ4, api error AccessDenied: User: arn:aws:iam::211203495394:user/test-user-write is not authorized to perform: s3:ListAllMyBuckets because no identity-based policy allows the s3:ListAllMyBuckets action\n⊘ I refer to \"{result}\" as \"userStorage\" (skipped)\n⊘ I call \"{userStorage}\" with \"CreateObject\" using arguments \"{ResourceName}\", \"protected-object.txt\", and \"immutable data\" (skipped)\n⊘ \"{result}\" is not an error (skipped)\n⊘ I attach \"{result}\" to the test output as \"protected-object.json\" (skipped)\n⊘ I call \"{userStorage}\" with \"DeleteObject\" using arguments \"{ResourceName}\" and \"protected-object.txt\" (skipped)\n⊘ \"{result}\" is an error (skipped)\n⊘ I attach \"{result}\" to the test output as \"delete-protected-error.txt\" (skipped)\n? \"{result}\" should contain one of \"retention, locked, immutable, protected\" (undefined)", - "status_id": 1, - "time": 1772108678, - "time_dt": "2026-02-26T12:24:38Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.ObjStor.CN04.AR02" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772108733, - "created_time_dt": "2026-02-26T12:25:33Z", - "desc": "Compliance test scenario: Service prevents object deletion by admin user during retention period", - "title": "Service prevents object deletion by admin user during retention period", - "types": [], - "uid": "ccc-test-1734-1772108733" - }, - "message": "Service prevents object deletion by admin user during retention period", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@object-storage", - "@CCC.ObjStor", - "@tlp-clear", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@CCC.ObjStor.CN04.AR02" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "s3-bucket-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "s3-bucket-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "s3-bucket-flowing-porpoise" - } - ], - "severity": "Medium", - "severity_id": 3, - "status": "New", - "status_code": "FAIL", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ I call \"{storage}\" with \"CreateObject\" using arguments \"{ResourceName}\", \"admin-protected-object.txt\", and \"compliance data\"\nβœ— \"{result}\" is not an error - Error: expected {result} to not be an error, but got: failed to create object admin-protected-object.txt in bucket s3-bucket-flowing-porpoise: operation error S3: PutObject, https response error StatusCode: 403, RequestID: CAF6SEVZH2B88MGG, HostID: ZjoRFap2mVg4nQ+1l3SduY2x/P1cpK5dx09ktw0Su7AWgA+nlQYodg4ctSgasKjyZhIFka6YT/OkDrniDSzW0w8nTzluG0oh, api error AccessDenied: User: arn:aws:sts::211203495394:assumed-role/TerraformRole/GitHubActions is not authorized to perform: s3:PutObject on resource: \"arn:aws:s3:::s3-bucket-flowing-porpoise/admin-protected-object.txt\" with an explicit deny in a resource-based policy\n⊘ I call \"{storage}\" with \"DeleteObject\" using arguments \"{ResourceName}\" and \"admin-protected-object.txt\" (skipped)\n⊘ \"{result}\" is an error (skipped)\n⊘ I attach \"{result}\" to the test output as \"admin-delete-protected-error.txt\" (skipped)\n? \"{result}\" should contain \"retention\" (undefined)", - "status_id": 1, - "time": 1772108733, - "time_dt": "2026-02-26T12:25:33Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.ObjStor.CN04.AR02" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772108734, - "created_time_dt": "2026-02-26T12:25:34Z", - "desc": "Compliance test scenario: Service prevents object modification during retention period", - "title": "Service prevents object modification during retention period", - "types": [], - "uid": "ccc-test-1752-1772108734" - }, - "message": "Service prevents object modification during retention period", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@object-storage", - "@CCC.ObjStor", - "@tlp-clear", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@CCC.ObjStor.CN04.AR02" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "s3-bucket-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "s3-bucket-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "s3-bucket-flowing-porpoise" - } - ], - "severity": "Medium", - "severity_id": 3, - "status": "New", - "status_code": "FAIL", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ I call \"{iamService}\" with \"ProvisionUserWithAccess\" using arguments \"test-user-write\", \"{UID}\", and \"write\"\nβœ“ I refer to \"{result}\" as \"testUserWrite\"\nβœ“ I call \"{api}\" with \"GetServiceAPIWithIdentity\" using arguments \"object-storage\", \"{testUserWrite}\", and \"{true}\"\nβœ— \"{result}\" is not an error - Error: expected {result} to not be an error, but got: user provisioning validation failed: user permissions validation timed out after 12 attempts: credentials not ready for S3 access: operation error S3: ListBuckets, https response error StatusCode: 403, RequestID: 6R3GHR2EW9B6PRZ1, HostID: J8ktep49UTDdPFHja+MaaEWe2f4HYOpojEvO5c8mYI+Ci5YP7Y7a/xd2VkBxNqiPxf3cK1/vKZs=, api error AccessDenied: User: arn:aws:iam::211203495394:user/test-user-write is not authorized to perform: s3:ListAllMyBuckets because no identity-based policy allows the s3:ListAllMyBuckets action\n⊘ I refer to \"{result}\" as \"userStorage\" (skipped)\n⊘ I call \"{userStorage}\" with \"CreateObject\" using arguments \"{ResourceName}\", \"modify-test-object.txt\", and \"original content\" (skipped)\n⊘ \"{result}\" is not an error (skipped)\n⊘ I attach \"{result}\" to the test output as \"original-object.json\" (skipped)\n⊘ I call \"{userStorage}\" with \"CreateObject\" using arguments \"{ResourceName}\", \"modify-test-object.txt\", and \"modified content\" (skipped)\n⊘ \"{result}\" is an error (skipped)\n⊘ I attach \"{result}\" to the test output as \"modify-protected-error.txt\" (skipped)\n? \"{result}\" should contain one of \"retention, locked, immutable, protected, exists\" (undefined)", - "status_id": 1, - "time": 1772108734, - "time_dt": "2026-02-26T12:25:34Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.ObjStor.CN04.AR02" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772108789, - "created_time_dt": "2026-02-26T12:26:29Z", - "desc": "Compliance test scenario: Service allows object read access during retention period", - "title": "Service allows object read access during retention period", - "types": [], - "uid": "ccc-test-1772-1772108789" - }, - "message": "Service allows object read access during retention period", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@object-storage", - "@CCC.ObjStor", - "@tlp-clear", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@CCC.ObjStor.CN04.AR02" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "s3-bucket-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "s3-bucket-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "s3-bucket-flowing-porpoise" - } - ], - "severity": "Medium", - "severity_id": 3, - "status": "New", - "status_code": "FAIL", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ I call \"{storage}\" with \"CreateObject\" using arguments \"{ResourceName}\", \"readable-protected-object.txt\", and \"readable data\"\nβœ— \"{result}\" is not an error - Error: expected {result} to not be an error, but got: failed to create object readable-protected-object.txt in bucket s3-bucket-flowing-porpoise: operation error S3: PutObject, https response error StatusCode: 403, RequestID: 6R3VMHXYTZC07EBA, HostID: 9r+/MohqO8NSCh3pzqBDCHDTpoy9o8Q8iDpmfD6eJIewrtNKC805TphVsUXWiuaQV0iRBI2ptJM=, api error AccessDenied: User: arn:aws:sts::211203495394:assumed-role/TerraformRole/GitHubActions is not authorized to perform: s3:PutObject on resource: \"arn:aws:s3:::s3-bucket-flowing-porpoise/readable-protected-object.txt\" with an explicit deny in a resource-based policy\n⊘ I call \"{iamService}\" with \"ProvisionUserWithAccess\" using arguments \"test-user-read\", \"{UID}\", and \"read\" (skipped)\n⊘ I refer to \"{result}\" as \"testUserRead\" (skipped)\n⊘ I attach \"{result}\" to the test output as \"read-user-identity.json\" (skipped)\n⊘ I call \"{api}\" with \"GetServiceAPIWithIdentity\" using arguments \"object-storage\", \"{testUserRead}\", and \"{true}\" (skipped)\n⊘ \"{result}\" is not an error (skipped)\n⊘ I refer to \"{result}\" as \"userStorage\" (skipped)\n⊘ I call \"{userStorage}\" with \"ReadObject\" using arguments \"{ResourceName}\" and \"readable-protected-object.txt\" (skipped)\n⊘ \"{result}\" is not an error (skipped)\n⊘ I refer to \"{result}\" as \"readResult\" (skipped)\n⊘ I attach \"{result}\" to the test output as \"read-protected-object.json\" (skipped)\n⊘ \"{readResult.Name}\" is \"readable-protected-object.txt\" (skipped)\n⊘ I call \"{storage}\" with \"DeleteObject\" using arguments \"{ResourceName}\" and \"readable-protected-object.txt\" (skipped)", - "status_id": 1, - "time": 1772108789, - "time_dt": "2026-02-26T12:26:29Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.ObjStor.CN04.AR02" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772108789, - "created_time_dt": "2026-02-26T12:26:29Z", - "desc": "Compliance test scenario: Objects are stored with unique version identifiers", - "title": "Objects are stored with unique version identifiers", - "types": [], - "uid": "ccc-test-1790-1772108789" - }, - "message": "Objects are stored with unique version identifiers", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@object-storage", - "@CCC.ObjStor", - "@CCC.ObjStor.CN05", - "@tlp-clear", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@Policy" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "s3-bucket-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "s3-bucket-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "s3-bucket-flowing-porpoise" - } - ], - "severity": "Medium", - "severity_id": 3, - "status": "New", - "status_code": "FAIL", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ— I attempt policy check \"object-storage-versioning\" for control \"CCC.ObjStor.CN05\" assessment requirement \"AR01\" for service \"{ServiceType}\" on resource \"{ResourceName}\" and provider \"{Provider}\" - Error: policy check failed: S3 Bucket Versioning Configuration: \n⊘ \"{result}\" is true (skipped)", - "status_id": 1, - "time": 1772108789, - "time_dt": "2026-02-26T12:26:29Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.ObjStor.CN05.AR01 - Versioning with Unique Identifiers" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772108790, - "created_time_dt": "2026-02-26T12:26:30Z", - "desc": "Compliance test scenario: Modified objects receive new version identifiers", - "title": "Modified objects receive new version identifiers", - "types": [], - "uid": "ccc-test-1806-1772108790" - }, - "message": "Modified objects receive new version identifiers", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@object-storage", - "@CCC.ObjStor", - "@CCC.ObjStor.CN05", - "@tlp-clear", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@Policy" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "s3-bucket-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "s3-bucket-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "s3-bucket-flowing-porpoise" - } - ], - "severity": "Informational", - "severity_id": 1, - "status": "New", - "status_code": "PASS", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ no-op required", - "status_id": 1, - "time": 1772108790, - "time_dt": "2026-02-26T12:26:30Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.ObjStor.CN05.AR02 - New Version ID on Modification" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772108790, - "created_time_dt": "2026-02-26T12:26:30Z", - "desc": "Compliance test scenario: Previous object versions can be recovered", - "title": "Previous object versions can be recovered", - "types": [], - "uid": "ccc-test-1822-1772108790" - }, - "message": "Previous object versions can be recovered", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@object-storage", - "@CCC.ObjStor", - "@CCC.ObjStor.CN05", - "@tlp-clear", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@Policy" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "s3-bucket-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "s3-bucket-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "s3-bucket-flowing-porpoise" - } - ], - "severity": "Informational", - "severity_id": 1, - "status": "New", - "status_code": "PASS", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ no-op required", - "status_id": 1, - "time": 1772108790, - "time_dt": "2026-02-26T12:26:30Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.ObjStor.CN05.AR03 - Recovery of Previous Versions" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772108790, - "created_time_dt": "2026-02-26T12:26:30Z", - "desc": "Compliance test scenario: Object versions are retained after deletion", - "title": "Object versions are retained after deletion", - "types": [], - "uid": "ccc-test-1838-1772108790" - }, - "message": "Object versions are retained after deletion", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@object-storage", - "@CCC.ObjStor", - "@CCC.ObjStor.CN05", - "@tlp-clear", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@Policy" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "s3-bucket-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "s3-bucket-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "s3-bucket-flowing-porpoise" - } - ], - "severity": "Informational", - "severity_id": 1, - "status": "New", - "status_code": "PASS", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ no-op required", - "status_id": 1, - "time": 1772108790, - "time_dt": "2026-02-26T12:26:30Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.ObjStor.CN05.AR04 - Retain Versions on Delete" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772108790, - "created_time_dt": "2026-02-26T12:26:30Z", - "desc": "Compliance test scenario: Access logs are stored in a separate data store", - "title": "Access logs are stored in a separate data store", - "types": [], - "uid": "ccc-test-1854-1772108790" - }, - "message": "Access logs are stored in a separate data store", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@object-storage", - "@CCC.ObjStor", - "@CCC.ObjStor.CN06", - "@tlp-amber", - "@tlp-red", - "@Policy" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "s3-bucket-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "s3-bucket-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "s3-bucket-flowing-porpoise" - } - ], - "severity": "Medium", - "severity_id": 3, - "status": "New", - "status_code": "FAIL", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ— I attempt policy check \"object-storage-access-logging\" for control \"CCC.ObjStor.CN06\" assessment requirement \"AR01\" for service \"{ServiceType}\" on resource \"{ResourceName}\" and provider \"{Provider}\" - Error: policy check file not found: /home/runner/work/ccc-cfi-compliance/ccc-cfi-compliance/testing/policy/CCC.ObjStor/CCC.ObjStor.CN06/AR01/object-storage-access-logging/aws.yaml\n⊘ \"{result}\" is true (skipped)", - "status_id": 1, - "time": 1772108790, - "time_dt": "2026-02-26T12:26:30Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.ObjStor.CN06.AR01 - Access Logs in Separate Data Store" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772109554, - "created_time_dt": "2026-02-26T12:39:14Z", - "desc": "Compliance test scenario: Service accepts TLS 1.3 encrypted traffic", - "title": "Service accepts TLS 1.3 encrypted traffic", - "types": [], - "uid": "ccc-test-92-1772109554" - }, - "message": "Service accepts TLS 1.3 encrypted traffic", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@CCC.Core", - "@object-storage", - "@vpc", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@CCC.Core.CN01", - "@tls", - "@Behavioural", - "@PerPort" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": "https service on simple-flowing-porpoise.s3.us-east-1.amazonaws.com:443", - "metadata": { - "findings": [], - "name": "simple-flowing-porpoise.s3.us-east-1.amazonaws.com", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "simple-flowing-porpoise.s3.us-east-1.amazonaws.com", - "region": "us-east-1", - "type": "object-storage", - "uid": "simple-flowing-porpoise" - } - ], - "severity": "Informational", - "severity_id": 1, - "status": "New", - "status_code": "PASS", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ an openssl s_client request using \"tls1_3\" to \"{portNumber}\" on \"{hostName}\" protocol \"{protocol}\"\nβœ“ I refer to \"{result}\" as \"connection\"\nβœ“ \"{connection}\" state is open\nβœ“ \"{connection.State}\" is \"open\"\nβœ“ I close connection \"{connection}\"\nβœ“ \"{connection}\" state is closed", - "status_id": 1, - "time": 1772109554, - "time_dt": "2026-02-26T12:39:14Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN01.AR01" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772109554, - "created_time_dt": "2026-02-26T12:39:14Z", - "desc": "Compliance test scenario: Service rejects TLS 1.2 traffic", - "title": "Service rejects TLS 1.2 traffic", - "types": [], - "uid": "ccc-test-98-1772109554" - }, - "message": "Service rejects TLS 1.2 traffic", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@CCC.Core", - "@object-storage", - "@vpc", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@CCC.Core.CN01", - "@tls", - "@Behavioural", - "@PerPort" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": "https service on simple-flowing-porpoise.s3.us-east-1.amazonaws.com:443", - "metadata": { - "findings": [], - "name": "simple-flowing-porpoise.s3.us-east-1.amazonaws.com", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "simple-flowing-porpoise.s3.us-east-1.amazonaws.com", - "region": "us-east-1", - "type": "object-storage", - "uid": "simple-flowing-porpoise" - } - ], - "severity": "Informational", - "severity_id": 1, - "status": "New", - "status_code": "PASS", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ an openssl s_client request using \"tls1_2\" to \"{portNumber}\" on \"{hostName}\" protocol \"{protocol}\"\nβœ“ I refer to \"{result}\" as \"connection\"\nβœ“ we wait for a period of \"40\" ms\nβœ“ \"{connection.State}\" is \"closed\"", - "status_id": 1, - "time": 1772109554, - "time_dt": "2026-02-26T12:39:14Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN01.AR01" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772109554, - "created_time_dt": "2026-02-26T12:39:14Z", - "desc": "Compliance test scenario: Service rejects TLS 1.1 traffic", - "title": "Service rejects TLS 1.1 traffic", - "types": [], - "uid": "ccc-test-104-1772109554" - }, - "message": "Service rejects TLS 1.1 traffic", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@CCC.Core", - "@object-storage", - "@vpc", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@CCC.Core.CN01", - "@tls", - "@Behavioural", - "@PerPort" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": "https service on simple-flowing-porpoise.s3.us-east-1.amazonaws.com:443", - "metadata": { - "findings": [], - "name": "simple-flowing-porpoise.s3.us-east-1.amazonaws.com", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "simple-flowing-porpoise.s3.us-east-1.amazonaws.com", - "region": "us-east-1", - "type": "object-storage", - "uid": "simple-flowing-porpoise" - } - ], - "severity": "Informational", - "severity_id": 1, - "status": "New", - "status_code": "PASS", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ an openssl s_client request using \"tls1_1\" to \"{portNumber}\" on \"{hostName}\" protocol \"{protocol}\"\nβœ“ I refer to \"{result}\" as \"connection\"\nβœ“ we wait for a period of \"40\" ms\nβœ“ \"{connection.State}\" is \"closed\"", - "status_id": 1, - "time": 1772109554, - "time_dt": "2026-02-26T12:39:14Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN01.AR01" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772109554, - "created_time_dt": "2026-02-26T12:39:14Z", - "desc": "Compliance test scenario: Service rejects TLS 1.0 traffic", - "title": "Service rejects TLS 1.0 traffic", - "types": [], - "uid": "ccc-test-110-1772109554" - }, - "message": "Service rejects TLS 1.0 traffic", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@CCC.Core", - "@object-storage", - "@vpc", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@CCC.Core.CN01", - "@tls", - "@Behavioural", - "@PerPort" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": "https service on simple-flowing-porpoise.s3.us-east-1.amazonaws.com:443", - "metadata": { - "findings": [], - "name": "simple-flowing-porpoise.s3.us-east-1.amazonaws.com", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "simple-flowing-porpoise.s3.us-east-1.amazonaws.com", - "region": "us-east-1", - "type": "object-storage", - "uid": "simple-flowing-porpoise" - } - ], - "severity": "Informational", - "severity_id": 1, - "status": "New", - "status_code": "PASS", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ an openssl s_client request using \"tls1\" to \"{portNumber}\" on \"{hostName}\" protocol \"{protocol}\"\nβœ“ I refer to \"{result}\" as \"connection\"\nβœ“ we wait for a period of \"40\" ms\nβœ“ \"{connection.State}\" is \"closed\"", - "status_id": 1, - "time": 1772109554, - "time_dt": "2026-02-26T12:39:14Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN01.AR01" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772109554, - "created_time_dt": "2026-02-26T12:39:14Z", - "desc": "Compliance test scenario: Verify SSL/TLS protocol support", - "title": "Verify SSL/TLS protocol support", - "types": [], - "uid": "ccc-test-115-1772109554" - }, - "message": "Verify SSL/TLS protocol support", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@CCC.Core", - "@object-storage", - "@vpc", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@CCC.Core.CN01", - "@tls", - "@Behavioural", - "@PerPort" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": "https service on simple-flowing-porpoise.s3.us-east-1.amazonaws.com:443", - "metadata": { - "findings": [], - "name": "simple-flowing-porpoise.s3.us-east-1.amazonaws.com", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "simple-flowing-porpoise.s3.us-east-1.amazonaws.com", - "region": "us-east-1", - "type": "object-storage", - "uid": "simple-flowing-porpoise" - } - ], - "severity": "Medium", - "severity_id": 3, - "status": "New", - "status_code": "FAIL", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ \"report\" contains details of SSL Support type \"protocols\" for \"{hostName}\" on port \"{portNumber}\"\nβœ— \"{report}\" is an array of objects which doesn't contain any of - Error: unwanted row found in array: map[finding:offered id:TLS1_2]\n⊘ \"{report}\" is an array of objects with at least the following contents (skipped)", - "status_id": 1, - "time": 1772109554, - "time_dt": "2026-02-26T12:39:14Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN01.AR01" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772109560, - "created_time_dt": "2026-02-26T12:39:20Z", - "desc": "Compliance test scenario: Verify no known SSL/TLS vulnerabilities", - "title": "Verify no known SSL/TLS vulnerabilities", - "types": [], - "uid": "ccc-test-119-1772109560" - }, - "message": "Verify no known SSL/TLS vulnerabilities", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@CCC.Core", - "@object-storage", - "@vpc", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@CCC.Core.CN01", - "@tls", - "@Behavioural", - "@PerPort" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": "https service on simple-flowing-porpoise.s3.us-east-1.amazonaws.com:443", - "metadata": { - "findings": [], - "name": "simple-flowing-porpoise.s3.us-east-1.amazonaws.com", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "simple-flowing-porpoise.s3.us-east-1.amazonaws.com", - "region": "us-east-1", - "type": "object-storage", - "uid": "simple-flowing-porpoise" - } - ], - "severity": "Informational", - "severity_id": 1, - "status": "New", - "status_code": "PASS", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ \"report\" contains details of SSL Support type \"vulnerable\" for \"{hostName}\" on port \"{portNumber}\"\nβœ“ \"{report}\" is an array of objects with at least the following contents", - "status_id": 1, - "time": 1772109560, - "time_dt": "2026-02-26T12:39:20Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN01.AR01" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772109587, - "created_time_dt": "2026-02-26T12:39:47Z", - "desc": "Compliance test scenario: Verify TLS 1.3 only certificate validity", - "title": "Verify TLS 1.3 only certificate validity", - "types": [], - "uid": "ccc-test-123-1772109587" - }, - "message": "Verify TLS 1.3 only certificate validity", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@CCC.Core", - "@object-storage", - "@vpc", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@CCC.Core.CN01", - "@tls", - "@Behavioural", - "@PerPort" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": "https service on simple-flowing-porpoise.s3.us-east-1.amazonaws.com:443", - "metadata": { - "findings": [], - "name": "simple-flowing-porpoise.s3.us-east-1.amazonaws.com", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "simple-flowing-porpoise.s3.us-east-1.amazonaws.com", - "region": "us-east-1", - "type": "object-storage", - "uid": "simple-flowing-porpoise" - } - ], - "severity": "Informational", - "severity_id": 1, - "status": "New", - "status_code": "PASS", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ \"report\" contains details of SSL Support type \"server-defaults\" for \"{hostName}\" on port \"{portNumber}\"\nβœ“ \"{report}\" is an array of objects with at least the following contents", - "status_id": 1, - "time": 1772109587, - "time_dt": "2026-02-26T12:39:47Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN01.AR01" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772108840, - "created_time_dt": "2026-02-26T12:27:20Z", - "desc": "Compliance test scenario: Storage account enforces minimum TLS version", - "title": "Storage account enforces minimum TLS version", - "types": [], - "uid": "ccc-test-127-1772108840" - }, - "message": "Storage account enforces minimum TLS version", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@CCC.Core", - "@object-storage", - "@vpc", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@CCC.Core.CN01", - "@tls", - "@Policy", - "@PerService", - "@object-storage" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "simple-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "simple-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "simple-flowing-porpoise" - } - ], - "severity": "Informational", - "severity_id": 1, - "status": "New", - "status_code": "PASS", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I attempt policy check \"object-storage-tls-policy\" for control \"CCC.Core.CN01\" assessment requirement \"AR01\" for service \"{ServiceType}\" on resource \"{ResourceName}\" and provider \"{Provider}\"\nβœ“ \"{result}\" is true", - "status_id": 1, - "time": 1772108840, - "time_dt": "2026-02-26T12:27:20Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN01.AR01" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772108840, - "created_time_dt": "2026-02-26T12:27:20Z", - "desc": "Compliance test scenario: Load balancer enforces minimum TLS version", - "title": "Load balancer enforces minimum TLS version", - "types": [], - "uid": "ccc-test-131-1772108840" - }, - "message": "Load balancer enforces minimum TLS version", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@CCC.Core", - "@object-storage", - "@vpc", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@CCC.Core.CN01", - "@tls", - "@Policy", - "@PerService", - "@CCC.LoadBalancer" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "simple-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "simple-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "simple-flowing-porpoise" - } - ], - "severity": "Medium", - "severity_id": 3, - "status": "New", - "status_code": "FAIL", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ— I attempt policy check \"load-balancer-tls-policy\" for control \"CCC.Core.CN01\" assessment requirement \"AR01\" for service \"{ServiceType}\" on resource \"{ResourceName}\" and provider \"{Provider}\" - Error: policy check failed: ALB TLS 1.3 Security Policy Check: query execution failed: exit status 254\nOutput: \nAn error occurred (ValidationError) when calling the DescribeListeners operation: 'simple-flowing-porpoise' is not a valid load balancer ARN\n\n⊘ \"{result}\" is true (skipped)", - "status_id": 1, - "time": 1772108840, - "time_dt": "2026-02-26T12:27:20Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN01.AR01" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772108841, - "created_time_dt": "2026-02-26T12:27:21Z", - "desc": "Compliance test scenario: Object storage encryption compliance", - "title": "Object storage encryption compliance", - "types": [], - "uid": "ccc-test-386-1772108841" - }, - "message": "Object storage encryption compliance", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@CCC.Core", - "@CCC.Core.CN02", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@Policy", - "@object-storage" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "simple-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "simple-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "simple-flowing-porpoise" - } - ], - "severity": "Medium", - "severity_id": 3, - "status": "New", - "status_code": "FAIL", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ— I attempt policy check \"object-storage-encryption\" for control \"CCC.Core.CN02\" assessment requirement \"AR01\" for service \"{ServiceType}\" on resource \"{ResourceName}\" and provider \"{Provider}\" - Error: policy check failed: S3 Bucket Server-Side Encryption Check: \n⊘ \"{result}\" is true (skipped)", - "status_id": 1, - "time": 1772108841, - "time_dt": "2026-02-26T12:27:21Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN02.AR01 - Data Encryption at Rest" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772108842, - "created_time_dt": "2026-02-26T12:27:22Z", - "desc": "Compliance test scenario: Verify objects are encrypted at rest", - "title": "Verify objects are encrypted at rest", - "types": [], - "uid": "ccc-test-397-1772108842" - }, - "message": "Verify objects are encrypted at rest", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@CCC.Core", - "@CCC.Core.CN02", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@Behavioural", - "@object-storage" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "simple-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "simple-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "simple-flowing-porpoise" - } - ], - "severity": "Informational", - "severity_id": 1, - "status": "New", - "status_code": "PASS", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{storage}\" with \"CreateObject\" using arguments \"{ResourceName}\", \"test-encryption-check.txt\", and \"encryption test data\"\nβœ“ \"{result}\" is not an error\nβœ“ I refer to \"{result}\" as \"uploadResult\"\nβœ“ \"{uploadResult.Encryption}\" is not null\nβœ“ \"{uploadResult.EncryptionAlgorithm}\" is \"AES256\"\nβœ“ I attach \"{uploadResult}\" to the test output as \"Upload Result with Encryption Details\"\nβœ“ I call \"{storage}\" with \"DeleteObject\" using arguments \"{ResourceName}\" and \"test-encryption-check.txt\"", - "status_id": 1, - "time": 1772108842, - "time_dt": "2026-02-26T12:27:22Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN02.AR01 - Data Encryption at Rest" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772108843, - "created_time_dt": "2026-02-26T12:27:23Z", - "desc": "Compliance test scenario: Object storage delete protection compliance", - "title": "Object storage delete protection compliance", - "types": [], - "uid": "ccc-test-418-1772108843" - }, - "message": "Object storage delete protection compliance", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@CCC.Core", - "@CCC.Core.CN03", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@Policy", - "@object-storage" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "simple-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "simple-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "simple-flowing-porpoise" - } - ], - "severity": "Medium", - "severity_id": 3, - "status": "New", - "status_code": "FAIL", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ— I attempt policy check \"object-storage-delete-protection\" for control \"CCC.Core.CN03\" assessment requirement \"AR01\" for service \"{ServiceType}\" on resource \"{ResourceName}\" and provider \"{Provider}\" - Error: policy check failed: S3 Bucket MFA Delete Configuration: \n⊘ \"{result}\" is true (skipped)", - "status_id": 1, - "time": 1772108843, - "time_dt": "2026-02-26T12:27:23Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN03.AR01 - Multi-Factor Authentication for Destructive Operations" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772108844, - "created_time_dt": "2026-02-26T12:27:24Z", - "desc": "Compliance test scenario: MFA requirement for destructive operations cannot be tested automatically", - "title": "MFA requirement for destructive operations cannot be tested automatically", - "types": [], - "uid": "ccc-test-421-1772108844" - }, - "message": "MFA requirement for destructive operations cannot be tested automatically", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@CCC.Core", - "@CCC.Core.CN03", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@Behavioural", - "@object-storage" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "simple-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "simple-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "simple-flowing-porpoise" - } - ], - "severity": "Informational", - "severity_id": 1, - "status": "New", - "status_code": "PASS", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ no-op required", - "status_id": 1, - "time": 1772108844, - "time_dt": "2026-02-26T12:27:24Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN03.AR01 - Multi-Factor Authentication for Destructive Operations" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772108844, - "created_time_dt": "2026-02-26T12:27:24Z", - "desc": "Compliance test scenario: API modification requires credential and trust perimeter origin", - "title": "API modification requires credential and trust perimeter origin", - "types": [], - "uid": "ccc-test-437-1772108844" - }, - "message": "API modification requires credential and trust perimeter origin", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@CCC.Core", - "@CCC.Core.CN03", - "@tlp-clear", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@Policy", - "@object-storage" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "simple-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "simple-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "simple-flowing-porpoise" - } - ], - "severity": "Informational", - "severity_id": 1, - "status": "New", - "status_code": "PASS", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ no-op required", - "status_id": 1, - "time": 1772108844, - "time_dt": "2026-02-26T12:27:24Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN03.AR02 - API Authentication with Credentials" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772108844, - "created_time_dt": "2026-02-26T12:27:24Z", - "desc": "Compliance test scenario: UI viewing requires multi-factor authentication", - "title": "UI viewing requires multi-factor authentication", - "types": [], - "uid": "ccc-test-451-1772108844" - }, - "message": "UI viewing requires multi-factor authentication", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@CCC.Core", - "@CCC.Core.CN03", - "@tlp-amber", - "@tlp-red", - "@Policy", - "@object-storage" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "simple-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "simple-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "simple-flowing-porpoise" - } - ], - "severity": "Informational", - "severity_id": 1, - "status": "New", - "status_code": "PASS", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ no-op required", - "status_id": 1, - "time": 1772108844, - "time_dt": "2026-02-26T12:27:24Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN03.AR03 - MFA for UI Viewing" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772108844, - "created_time_dt": "2026-02-26T12:27:24Z", - "desc": "Compliance test scenario: API viewing requires credential and trust perimeter origin", - "title": "API viewing requires credential and trust perimeter origin", - "types": [], - "uid": "ccc-test-465-1772108844" - }, - "message": "API viewing requires credential and trust perimeter origin", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@CCC.Core", - "@CCC.Core.CN03", - "@tlp-amber", - "@tlp-red", - "@Policy", - "@object-storage" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "simple-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "simple-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "simple-flowing-porpoise" - } - ], - "severity": "Informational", - "severity_id": 1, - "status": "New", - "status_code": "PASS", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ no-op required", - "status_id": 1, - "time": 1772108844, - "time_dt": "2026-02-26T12:27:24Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN03.AR04 - API Authentication for Viewing" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772108844, - "created_time_dt": "2026-02-26T12:27:24Z", - "desc": "Compliance test scenario: Admin logging compliance", - "title": "Admin logging compliance", - "types": [], - "uid": "ccc-test-500-1772108844" - }, - "message": "Admin logging compliance", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@CCC.Core", - "@CCC.Core.CN04", - "@tlp-clear", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@Policy", - "@object-storage", - "@vpc" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "simple-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "simple-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "simple-flowing-porpoise" - } - ], - "severity": "Medium", - "severity_id": 3, - "status": "New", - "status_code": "FAIL", - "status_detail": "βœ— I attempt policy check \"admin-logging\" for control \"CCC.Core.CN04\" assessment requirement \"AR01\" for service \"{ServiceType}\" on resource \"{ResourceName}\" and provider \"{Provider}\" - Error: policy check failed: CloudTrail Management Events Configuration: unknown parameter(s) in policy query: [AWSCloudTrailName] (available: [ServiceType Instance Region AwsCloudTrailLogGroupName HostName ProviderServiceType CatalogTypes Labels ResourceName PermittedAccountIds PermittedRegions TagFilter ReportTitle ReportFile Props PortNumber Protocol UID Provider])\n⊘ \"{result}\" is true (skipped)", - "status_id": 1, - "time": 1772108844, - "time_dt": "2026-02-26T12:27:24Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN04.AR01 - Log Administrative Access Attempts" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772108844, - "created_time_dt": "2026-02-26T12:27:24Z", - "desc": "Compliance test scenario: Verify admin actions are logged with identity and timestamp", - "title": "Verify admin actions are logged with identity and timestamp", - "types": [], - "uid": "ccc-test-515-1772108844" - }, - "message": "Verify admin actions are logged with identity and timestamp", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@CCC.Core", - "@CCC.Core.CN04", - "@tlp-clear", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@Behavioural", - "@object-storage" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "simple-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "simple-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "simple-flowing-porpoise" - } - ], - "severity": "Medium", - "severity_id": 3, - "status": "New", - "status_code": "FAIL", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"{ServiceType}\"\nβœ“ I refer to \"{result}\" as \"theService\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"logging\"\nβœ“ I refer to \"{result}\" as \"loggingService\"\nβœ“ I call \"{theService}\" with \"UpdateResourcePolicy\"\nβœ— \"{result}\" is not an error - Error: expected {result} to not be an error, but got: failed to get bucket policy (bucket may not have a policy): operation error S3: GetBucketPolicy, https response error StatusCode: 301, RequestID: E4ZDR6GSNH77MKV8, HostID: gU3oWaD1WxbNp5+F5S8HDIT+Em+EZD5E78WY4P2eby4o3BzOOa0i+LxxUjND6+7KBYF4T020Nto=, api error PermanentRedirect: The bucket you are attempting to access must be addressed using the specified endpoint. Please send all future requests to this endpoint.\n⊘ I attach \"{result}\" to the test output as \"Policy Update Result\" (skipped)\n⊘ we wait for a period of \"10000\" ms (skipped)\n⊘ I call \"{loggingService}\" with \"QueryAdminLogs\" using arguments \"{ResourceName}\" and \"{20}\" (skipped)\n⊘ \"{result}\" is not an error (skipped)\n⊘ I refer to \"{result}\" as \"adminLogs\" (skipped)\n⊘ I attach \"{adminLogs}\" to the test output as \"Admin Activity Logs\" (skipped)\n⊘ \"{adminLogs}\" is an array of objects with at least the following contents (skipped)", - "status_id": 1, - "time": 1772108844, - "time_dt": "2026-02-26T12:27:24Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN04.AR01 - Log Administrative Access Attempts" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772108844, - "created_time_dt": "2026-02-26T12:27:24Z", - "desc": "Compliance test scenario: Object storage data modification logging compliance", - "title": "Object storage data modification logging compliance", - "types": [], - "uid": "ccc-test-554-1772108844" - }, - "message": "Object storage data modification logging compliance", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@CCC.Core", - "@CCC.Core.CN04", - "@tlp-amber", - "@tlp-red", - "@Policy", - "@object-storage" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "simple-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "simple-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "simple-flowing-porpoise" - } - ], - "severity": "Medium", - "severity_id": 3, - "status": "New", - "status_code": "FAIL", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ— I attempt policy check \"data-write-logging\" for control \"CCC.Core.CN04\" assessment requirement \"AR02\" for service \"{ServiceType}\" on resource \"{ResourceName}\" and provider \"{Provider}\" - Error: policy check failed: CloudTrail Data Events Write Configuration: unknown parameter(s) in policy query: [AWSCloudTrailName] (available: [ProviderServiceType ReportTitle Region AwsCloudTrailLogGroupName HostName CatalogTypes UID PermittedRegions PortNumber Protocol TagFilter Labels ResourceName Provider api ServiceType ReportFile Instance Props PermittedAccountIds])\n⊘ \"{result}\" is true (skipped)", - "status_id": 1, - "time": 1772108844, - "time_dt": "2026-02-26T12:27:24Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN04.AR02 - Log Data Modification Attempts" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772108844, - "created_time_dt": "2026-02-26T12:27:24Z", - "desc": "Compliance test scenario: Verify data modifications are logged with identity and timestamp", - "title": "Verify data modifications are logged with identity and timestamp", - "types": [], - "uid": "ccc-test-574-1772108844" - }, - "message": "Verify data modifications are logged with identity and timestamp", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@CCC.Core", - "@CCC.Core.CN04", - "@tlp-amber", - "@tlp-red", - "@Behavioural", - "@object-storage" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "simple-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "simple-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "simple-flowing-porpoise" - } - ], - "severity": "Medium", - "severity_id": 3, - "status": "New", - "status_code": "FAIL", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"logging\"\nβœ“ I refer to \"{result}\" as \"loggingService\"\nβœ“ I call \"{storage}\" with \"CreateObject\" using arguments \"{ResourceName}\", \"test-logging-object.txt\", and \"test data for logging verification\"\nβœ“ \"{result}\" is not an error\nβœ“ I refer to \"{result}\" as \"createResult\"\nβœ“ I attach \"{createResult}\" to the test output as \"Object Create Result\"\nβœ“ I call \"{storage}\" with \"DeleteObject\" using arguments \"{ResourceName}\" and \"test-logging-object.txt\"\nβœ“ \"{result}\" is not an error\nβœ“ I refer to \"{result}\" as \"deleteResult\"\nβœ“ I attach \"{deleteResult}\" to the test output as \"Object Delete Result\"\nβœ“ we wait for a period of \"10000\" ms\nβœ“ I call \"{loggingService}\" with \"QueryDataWriteLogs\" using arguments \"{ResourceName}\" and \"{20}\"\nβœ“ \"{result}\" is not an error\nβœ“ I refer to \"{result}\" as \"dataLogs\"\nβœ“ I attach \"{dataLogs}\" to the test output as \"Data Write Logs\"\nβœ— \"{dataLogs}\" is an array of objects with at least the following contents - Error: expected row not found: map[result:Succeeded]", - "status_id": 1, - "time": 1772108844, - "time_dt": "2026-02-26T12:27:24Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN04.AR02 - Log Data Modification Attempts" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772108855, - "created_time_dt": "2026-02-26T12:27:35Z", - "desc": "Compliance test scenario: Data read logging compliance", - "title": "Data read logging compliance", - "types": [], - "uid": "ccc-test-614-1772108855" - }, - "message": "Data read logging compliance", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@CCC.Core", - "@CCC.Core.CN04", - "@tlp-red", - "@Policy", - "@object-storage", - "@vpc" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "simple-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "simple-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "simple-flowing-porpoise" - } - ], - "severity": "Medium", - "severity_id": 3, - "status": "New", - "status_code": "FAIL", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ— I attempt policy check \"data-read-logging\" for control \"CCC.Core.CN04\" assessment requirement \"AR03\" for service \"{ServiceType}\" on resource \"{ResourceName}\" and provider \"{Provider}\" - Error: policy check failed: CloudTrail Data Events Read Configuration: unknown parameter(s) in policy query: [AWSCloudTrailName] (available: [ProviderServiceType Props AwsCloudTrailLogGroupName PermittedAccountIds TagFilter ReportTitle Region HostName CatalogTypes Labels UID Instance PermittedRegions Protocol ServiceType ResourceName ReportFile Provider api PortNumber])\n⊘ \"{result}\" is true (skipped)", - "status_id": 1, - "time": 1772108855, - "time_dt": "2026-02-26T12:27:35Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN04.AR03 - Log Data Read Attempts" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772108855, - "created_time_dt": "2026-02-26T12:27:35Z", - "desc": "Compliance test scenario: Verify data read operations are logged with identity and timestamp", - "title": "Verify data read operations are logged with identity and timestamp", - "types": [], - "uid": "ccc-test-635-1772108855" - }, - "message": "Verify data read operations are logged with identity and timestamp", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@CCC.Core", - "@CCC.Core.CN04", - "@tlp-red", - "@Behavioural", - "@object-storage" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "simple-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "simple-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "simple-flowing-porpoise" - } - ], - "severity": "Medium", - "severity_id": 3, - "status": "New", - "status_code": "FAIL", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"logging\"\nβœ“ I refer to \"{result}\" as \"loggingService\"\nβœ“ I call \"{storage}\" with \"CreateObject\" using arguments \"{ResourceName}\", \"test-read-logging-object.txt\", and \"test data for read logging verification\"\nβœ“ \"{result}\" is not an error\nβœ“ I refer to \"{result}\" as \"createResult\"\nβœ“ I call \"{storage}\" with \"ReadObject\" using arguments \"{ResourceName}\" and \"test-read-logging-object.txt\"\nβœ— \"{result}\" is not an error - Error: expected {result} to not be an error, but got: failed to read object test-read-logging-object.txt from bucket simple-flowing-porpoise: operation error S3: GetObject, https response error StatusCode: 301, RequestID: EJZ2CY390BNVVQM5, HostID: OwmgMp9kyt0SW4HShdVPqj3g1vg2qmzdoUyVGgFkSUVIR5GKo5Lkrp/omlxbVKo7FF5ITRB11Fs=, api error PermanentRedirect: The bucket you are attempting to access must be addressed using the specified endpoint. Please send all future requests to this endpoint.\n⊘ I refer to \"{result}\" as \"readResult\" (skipped)\n⊘ I attach \"{readResult}\" to the test output as \"Object Read Result\" (skipped)\n⊘ I call \"{storage}\" with \"DeleteObject\" using arguments \"{ResourceName}\" and \"test-read-logging-object.txt\" (skipped)\n⊘ \"{result}\" is not an error (skipped)\n⊘ we wait for a period of \"10000\" ms (skipped)\n⊘ I call \"{loggingService}\" with \"QueryDataReadLogs\" using arguments \"{ResourceName}\" and \"{20}\" (skipped)\n⊘ \"{result}\" is not an error (skipped)\n⊘ I refer to \"{result}\" as \"readLogs\" (skipped)\n⊘ I attach \"{readLogs}\" to the test output as \"Data Read Logs\" (skipped)\n⊘ \"{readLogs}\" is an array of objects with at least the following contents (skipped)", - "status_id": 1, - "time": 1772108855, - "time_dt": "2026-02-26T12:27:35Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN04.AR03 - Log Data Read Attempts" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772108856, - "created_time_dt": "2026-02-26T12:27:36Z", - "desc": "Compliance test scenario: Service prevents data modification by user with no access", - "title": "Service prevents data modification by user with no access", - "types": [], - "uid": "ccc-test-700-1772108856" - }, - "message": "Service prevents data modification by user with no access", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@CCC.Core", - "@CCC.Core.CN05", - "@tlp-clear", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@Destructive", - "@Behavioural", - "@object-storage" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "simple-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "simple-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "simple-flowing-porpoise" - } - ], - "severity": "Informational", - "severity_id": 1, - "status": "New", - "status_code": "PASS", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ I call \"{iamService}\" with \"ProvisionUserWithAccess\" using arguments \"test-user-no-write-access\", \"{UID}\", and \"none\"\nβœ“ I refer to \"{result}\" as \"testUserNoAccess\"\nβœ“ I attach \"{result}\" to the test output as \"no-access-user-identity.json\"\nβœ“ I call \"{api}\" with \"GetServiceAPIWithIdentity\" using arguments \"object-storage\", \"{testUserNoAccess}\", and \"{false}\"\nβœ“ \"{result}\" is not an error\nβœ“ I refer to \"{result}\" as \"userStorage\"\nβœ“ I call \"{userStorage}\" with \"CreateObject\" using arguments \"{ResourceName}\", \"test-cn05-unauthorized-modify.txt\", and \"unauthorized data\"\nβœ“ \"{result}\" is an error\nβœ“ I attach \"{result}\" to the test output as \"no-access-create-error.txt\"", - "status_id": 1, - "time": 1772108856, - "time_dt": "2026-02-26T12:27:36Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN05.AR01 - Block Unauthorized Data Modification" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772108856, - "created_time_dt": "2026-02-26T12:27:36Z", - "desc": "Compliance test scenario: Service allows data modification by user with write access", - "title": "Service allows data modification by user with write access", - "types": [], - "uid": "ccc-test-716-1772108856" - }, - "message": "Service allows data modification by user with write access", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@CCC.Core", - "@CCC.Core.CN05", - "@tlp-clear", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@Destructive", - "@Behavioural", - "@object-storage" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "simple-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "simple-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "simple-flowing-porpoise" - } - ], - "severity": "Medium", - "severity_id": 3, - "status": "New", - "status_code": "FAIL", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ I call \"{iamService}\" with \"ProvisionUserWithAccess\" using arguments \"test-user-write-access\", \"{UID}\", and \"write\"\nβœ“ I refer to \"{result}\" as \"testUserWrite\"\nβœ“ I attach \"{result}\" to the test output as \"write-user-identity.json\"\nβœ“ I call \"{api}\" with \"GetServiceAPIWithIdentity\" using arguments \"object-storage\", \"{testUserWrite}\", and \"{true}\"\nβœ— \"{result}\" is not an error - Error: expected {result} to not be an error, but got: user provisioning validation failed: user permissions validation timed out after 12 attempts: credentials not ready for S3 access: operation error S3: ListBuckets, https response error StatusCode: 403, RequestID: H19CAV2TS9JWQKZX, HostID: G+Uhdb6H8qVBAUHztJuo49Y/f46un5iLpIEiFQmBNg0uoJtcv/sunUH/JjfpPMJn4GiMd1/Rdpc=, api error AccessDenied: User: arn:aws:iam::211203495394:user/test-user-write-access is not authorized to perform: s3:ListAllMyBuckets because no identity-based policy allows the s3:ListAllMyBuckets action\n⊘ I refer to \"{result}\" as \"userStorage\" (skipped)\n⊘ I call \"{userStorage}\" with \"CreateObject\" using arguments \"{ResourceName}\", \"test-cn05-authorized-modify.txt\", and \"authorized data\" (skipped)\n⊘ \"{result}\" is not an error (skipped)\n⊘ I attach \"{result}\" to the test output as \"write-create-object-result.json\" (skipped)\n⊘ I call \"{storage}\" with \"DeleteObject\" using arguments \"{ResourceName}\" and \"test-cn05-authorized-modify.txt\" (skipped)", - "status_id": 1, - "time": 1772108856, - "time_dt": "2026-02-26T12:27:36Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN05.AR01 - Block Unauthorized Data Modification" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772108926, - "created_time_dt": "2026-02-26T12:28:46Z", - "desc": "Compliance test scenario: Storage is not configured for public write access", - "title": "Storage is not configured for public write access", - "types": [], - "uid": "ccc-test-724-1772108926" - }, - "message": "Storage is not configured for public write access", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@CCC.Core", - "@CCC.Core.CN05", - "@tlp-clear", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@Policy", - "@object-storage" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "simple-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "simple-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "simple-flowing-porpoise" - } - ], - "severity": "Medium", - "severity_id": 3, - "status": "New", - "status_code": "FAIL", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ— I attempt policy check \"object-storage-block-public-write-access\" for control \"CCC.Core.CN05\" assessment requirement \"AR01\" for service \"{ServiceType}\" on resource \"{ResourceName}\" and provider \"{Provider}\" - Error: policy check failed: S3 Block Public Access Configuration: \n⊘ \"{result}\" is true (skipped)", - "status_id": 1, - "time": 1772108926, - "time_dt": "2026-02-26T12:28:46Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN05.AR01 - Block Unauthorized Data Modification" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772108927, - "created_time_dt": "2026-02-26T12:28:47Z", - "desc": "Compliance test scenario: Service prevents administrative action (creating a new bucket) by user with no access", - "title": "Service prevents administrative action (creating a new bucket) by user with no access", - "types": [], - "uid": "ccc-test-803-1772108927" - }, - "message": "Service prevents administrative action (creating a new bucket) by user with no access", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@CCC.Core", - "@CCC.Core.CN05", - "@tlp-clear", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@Destructive", - "@Behavioural", - "@object-storage" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "simple-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "simple-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "simple-flowing-porpoise" - } - ], - "severity": "Informational", - "severity_id": 1, - "status": "New", - "status_code": "PASS", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ I call \"{iamService}\" with \"ProvisionUserWithAccess\" using arguments \"test-user-no-admin-access\", \"{UID}\", and \"none\"\nβœ“ I refer to \"{result}\" as \"testUserNoAccess\"\nβœ“ I attach \"{result}\" to the test output as \"no-admin-user-identity.json\"\nβœ“ I call \"{api}\" with \"GetServiceAPIWithIdentity\" using arguments \"object-storage\", \"{testUserNoAccess}\", and \"{false}\"\nβœ“ \"{result}\" is not an error\nβœ“ I refer to \"{result}\" as \"userStorage\"\nβœ“ I call \"{userStorage}\" with \"CreateBucket\" using argument \"test-cn05-unauthorized-admin-container\"\nβœ“ \"{result}\" is an error\nβœ“ I attach \"{result}\" to the test output as \"no-admin-create-bucket-error.txt\"", - "status_id": 1, - "time": 1772108927, - "time_dt": "2026-02-26T12:28:47Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN05.AR02 - Block Unauthorized Administrative Access" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772108928, - "created_time_dt": "2026-02-26T12:28:48Z", - "desc": "Compliance test scenario: Service prevents administrative action (creating a new bucket) by user with read-only access", - "title": "Service prevents administrative action (creating a new bucket) by user with read-only access", - "types": [], - "uid": "ccc-test-818-1772108928" - }, - "message": "Service prevents administrative action (creating a new bucket) by user with read-only access", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@CCC.Core", - "@CCC.Core.CN05", - "@tlp-clear", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@Destructive", - "@Behavioural", - "@object-storage" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "simple-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "simple-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "simple-flowing-porpoise" - } - ], - "severity": "Informational", - "severity_id": 1, - "status": "New", - "status_code": "PASS", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ I call \"{iamService}\" with \"ProvisionUserWithAccess\" using arguments \"test-user-read-only-admin\", \"{UID}\", and \"read\"\nβœ“ I refer to \"{result}\" as \"testUserRead\"\nβœ“ I attach \"{result}\" to the test output as \"read-only-admin-user-identity.json\"\nβœ“ I call \"{api}\" with \"GetServiceAPIWithIdentity\" using arguments \"object-storage\", \"{testUserRead}\", and \"{false}\"\nβœ“ \"{result}\" is not an error\nβœ“ I refer to \"{result}\" as \"userStorage\"\nβœ“ I call \"{userStorage}\" with \"CreateBucket\" using argument \"test-cn05-read-only-create-container\"\nβœ“ \"{result}\" is an error\nβœ“ I attach \"{result}\" to the test output as \"read-only-create-bucket-error.txt\"", - "status_id": 1, - "time": 1772108928, - "time_dt": "2026-02-26T12:28:48Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN05.AR02 - Block Unauthorized Administrative Access" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772108943, - "created_time_dt": "2026-02-26T12:29:03Z", - "desc": "Compliance test scenario: Service allows administrative action (creating a new bucket) by user with admin access", - "title": "Service allows administrative action (creating a new bucket) by user with admin access", - "types": [], - "uid": "ccc-test-834-1772108943" - }, - "message": "Service allows administrative action (creating a new bucket) by user with admin access", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@CCC.Core", - "@CCC.Core.CN05", - "@tlp-clear", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@Behavioural", - "@object-storage" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "simple-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "simple-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "simple-flowing-porpoise" - } - ], - "severity": "Informational", - "severity_id": 1, - "status": "New", - "status_code": "PASS", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ I call \"{iamService}\" with \"ProvisionUserWithAccess\" using arguments \"test-user-admin-access\", \"{UID}\", and \"admin\"\nβœ“ I refer to \"{result}\" as \"testUserAdmin\"\nβœ“ I attach \"{result}\" to the test output as \"admin-user-identity.json\"\nβœ“ I call \"{api}\" with \"GetServiceAPIWithIdentity\" using arguments \"object-storage\", \"{testUserAdmin}\", and \"{true}\"\nβœ“ \"{result}\" is not an error\nβœ“ I refer to \"{result}\" as \"userStorage\"\nβœ“ I call \"{userStorage}\" with \"CreateBucket\" using argument \"test-cn05-authorized-admin-container\"\nβœ“ \"{result}\" is not an error\nβœ“ I attach \"{result}\" to the test output as \"admin-create-bucket-result.json\"\nβœ“ I call \"{storage}\" with \"DeleteBucket\" using argument \"test-cn05-authorized-admin-container\"", - "status_id": 1, - "time": 1772108943, - "time_dt": "2026-02-26T12:29:03Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN05.AR02 - Block Unauthorized Administrative Access" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772108959, - "created_time_dt": "2026-02-26T12:29:19Z", - "desc": "Compliance test scenario: Unauthorized administrative access is blocked", - "title": "Unauthorized administrative access is blocked", - "types": [], - "uid": "ccc-test-841-1772108959" - }, - "message": "Unauthorized administrative access is blocked", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@CCC.Core", - "@CCC.Core.CN05", - "@tlp-clear", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@Policy", - "@object-storage" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "simple-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "simple-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "simple-flowing-porpoise" - } - ], - "severity": "Informational", - "severity_id": 1, - "status": "New", - "status_code": "PASS", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ no-op required", - "status_id": 1, - "time": 1772108959, - "time_dt": "2026-02-26T12:29:19Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN05.AR02 - Block Unauthorized Administrative Access" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772108959, - "created_time_dt": "2026-02-26T12:29:19Z", - "desc": "Compliance test scenario: Cross-tenant access is blocked without explicit allowlist", - "title": "Cross-tenant access is blocked without explicit allowlist", - "types": [], - "uid": "ccc-test-859-1772108959" - }, - "message": "Cross-tenant access is blocked without explicit allowlist", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@CCC.Core", - "@CCC.Core.CN05", - "@tlp-clear", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@Policy", - "@object-storage" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "simple-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "simple-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "simple-flowing-porpoise" - } - ], - "severity": "Informational", - "severity_id": 1, - "status": "New", - "status_code": "PASS", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I attempt policy check \"object-storage-cross-tenant-block\" for control \"CCC.Core.CN05\" assessment requirement \"AR03\" for service \"{ServiceType}\" on resource \"{ResourceName}\" and provider \"{Provider}\"\nβœ“ \"{result}\" is true", - "status_id": 1, - "time": 1772108959, - "time_dt": "2026-02-26T12:29:19Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN05.AR03 - Block Cross-Tenant Access" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772108961, - "created_time_dt": "2026-02-26T12:29:21Z", - "desc": "Compliance test scenario: External unauthorized data requests are blocked", - "title": "External unauthorized data requests are blocked", - "types": [], - "uid": "ccc-test-873-1772108961" - }, - "message": "External unauthorized data requests are blocked", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@CCC.Core", - "@CCC.Core.CN05", - "@tlp-amber", - "@tlp-red", - "@Policy", - "@object-storage" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "simple-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "simple-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "simple-flowing-porpoise" - } - ], - "severity": "Informational", - "severity_id": 1, - "status": "New", - "status_code": "PASS", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ no-op required", - "status_id": 1, - "time": 1772108961, - "time_dt": "2026-02-26T12:29:21Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN05.AR04 - Block Unauthorized External Data Requests" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772108961, - "created_time_dt": "2026-02-26T12:29:21Z", - "desc": "Compliance test scenario: External requests do not reveal service existence", - "title": "External requests do not reveal service existence", - "types": [], - "uid": "ccc-test-886-1772108961" - }, - "message": "External requests do not reveal service existence", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@CCC.Core", - "@CCC.Core.CN05", - "@tlp-red", - "@Policy", - "@object-storage" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "simple-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "simple-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "simple-flowing-porpoise" - } - ], - "severity": "Informational", - "severity_id": 1, - "status": "New", - "status_code": "PASS", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ no-op required", - "status_id": 1, - "time": 1772108961, - "time_dt": "2026-02-26T12:29:21Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN05.AR05 - Hide Service Existence from External Requests" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772108961, - "created_time_dt": "2026-02-26T12:29:21Z", - "desc": "Compliance test scenario: Service prevents data read by user with no access", - "title": "Service prevents data read by user with no access", - "types": [], - "uid": "ccc-test-914-1772108961" - }, - "message": "Service prevents data read by user with no access", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@CCC.Core", - "@CCC.Core.CN05", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@Destructive", - "@Behavioural", - "@object-storage" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "simple-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "simple-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "simple-flowing-porpoise" - } - ], - "severity": "Informational", - "severity_id": 1, - "status": "New", - "status_code": "PASS", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ no-op required", - "status_id": 1, - "time": 1772108961, - "time_dt": "2026-02-26T12:29:21Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN05.AR06 - Block All Unauthorized Requests" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772108961, - "created_time_dt": "2026-02-26T12:29:21Z", - "desc": "Compliance test scenario: All unauthorized requests are blocked", - "title": "All unauthorized requests are blocked", - "types": [], - "uid": "ccc-test-921-1772108961" - }, - "message": "All unauthorized requests are blocked", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@CCC.Core", - "@CCC.Core.CN05", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@Policy", - "@object-storage" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "simple-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "simple-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "simple-flowing-porpoise" - } - ], - "severity": "Informational", - "severity_id": 1, - "status": "New", - "status_code": "PASS", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ no-op required", - "status_id": 1, - "time": 1772108961, - "time_dt": "2026-02-26T12:29:21Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN05.AR06 - Block All Unauthorized Requests" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772108961, - "created_time_dt": "2026-02-26T12:29:21Z", - "desc": "Compliance test scenario: Object storage region compliance", - "title": "Object storage region compliance", - "types": [], - "uid": "ccc-test-944-1772108961" - }, - "message": "Object storage region compliance", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@CCC.Core", - "@CCC.Core.CN06", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@Policy", - "@object-storage" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "simple-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "simple-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "simple-flowing-porpoise" - } - ], - "severity": "Medium", - "severity_id": 3, - "status": "New", - "status_code": "FAIL", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ— I attempt policy check \"object-storage-region\" for control \"CCC.Core.CN06\" assessment requirement \"AR01\" for service \"{ServiceType}\" on resource \"{ResourceName}\" and provider \"{Provider}\" - Error: policy check failed: S3 Bucket Region Compliance: \n⊘ \"{result}\" is true (skipped)", - "status_id": 1, - "time": 1772108961, - "time_dt": "2026-02-26T12:29:21Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN06.AR01 - Resource Location Compliance" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772108961, - "created_time_dt": "2026-02-26T12:29:21Z", - "desc": "Compliance test scenario: Child resources are in approved regions", - "title": "Child resources are in approved regions", - "types": [], - "uid": "ccc-test-965-1772108961" - }, - "message": "Child resources are in approved regions", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@CCC.Core", - "@CCC.Core.CN06", - "@tlp-clear", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@Policy", - "@object-storage" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "simple-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "simple-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "simple-flowing-porpoise" - } - ], - "severity": "Informational", - "severity_id": 1, - "status": "New", - "status_code": "PASS", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ no-op required", - "status_id": 1, - "time": 1772108961, - "time_dt": "2026-02-26T12:29:21Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN06.AR02 - Child Resource Location Compliance" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772108961, - "created_time_dt": "2026-02-26T12:29:21Z", - "desc": "Compliance test scenario: Enumeration activities publish events to monitored channels", - "title": "Enumeration activities publish events to monitored channels", - "types": [], - "uid": "ccc-test-981-1772108961" - }, - "message": "Enumeration activities publish events to monitored channels", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@CCC.Core", - "@CCC.Core.CN07", - "@tlp-amber", - "@tlp-red", - "@Policy", - "@object-storage" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "simple-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "simple-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "simple-flowing-porpoise" - } - ], - "severity": "Informational", - "severity_id": 1, - "status": "New", - "status_code": "PASS", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I attempt policy check \"enumeration-monitoring-policy\" for control \"CCC.Core.CN07\" assessment requirement \"AR01\" for service \"{ServiceType}\" on resource \"{ResourceName}\" and provider \"{Provider}\"\nβœ“ \"{result}\" is true", - "status_id": 1, - "time": 1772108961, - "time_dt": "2026-02-26T12:29:21Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN07.AR01 - Publish Enumeration Activity Events" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772108961, - "created_time_dt": "2026-02-26T12:29:21Z", - "desc": "Compliance test scenario: Enumeration activities are logged", - "title": "Enumeration activities are logged", - "types": [], - "uid": "ccc-test-997-1772108961" - }, - "message": "Enumeration activities are logged", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@CCC.Core", - "@CCC.Core.CN07", - "@tlp-clear", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@Policy", - "@object-storage" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "simple-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "simple-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "simple-flowing-porpoise" - } - ], - "severity": "Informational", - "severity_id": 1, - "status": "New", - "status_code": "PASS", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ no-op required", - "status_id": 1, - "time": 1772108961, - "time_dt": "2026-02-26T12:29:21Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN07.AR02 - Log Enumeration Activities" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772108961, - "created_time_dt": "2026-02-26T12:29:21Z", - "desc": "Compliance test scenario: Object storage replication compliance", - "title": "Object storage replication compliance", - "types": [], - "uid": "ccc-test-1014-1772108961" - }, - "message": "Object storage replication compliance", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@CCC.Core", - "@CCC.Core.CN08", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@Policy", - "@object-storage" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "simple-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "simple-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "simple-flowing-porpoise" - } - ], - "severity": "Medium", - "severity_id": 3, - "status": "New", - "status_code": "FAIL", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ— I attempt policy check \"object-storage-replication\" for control \"CCC.Core.CN08\" assessment requirement \"AR01\" for service \"{ServiceType}\" on resource \"{ResourceName}\" and provider \"{Provider}\" - Error: policy check failed: S3 Cross-Region Replication Configuration: query execution failed: exit status 254\nOutput: \nAn error occurred (ReplicationConfigurationNotFoundError) when calling the GetBucketReplication operation: The replication configuration was not found\n\n⊘ \"{result}\" is true (skipped)", - "status_id": 1, - "time": 1772108961, - "time_dt": "2026-02-26T12:29:21Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN08.AR01 - Data Replication and Redundancy" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772108963, - "created_time_dt": "2026-02-26T12:29:23Z", - "desc": "Compliance test scenario: Object storage replication status is visible", - "title": "Object storage replication status is visible", - "types": [], - "uid": "ccc-test-1031-1772108963" - }, - "message": "Object storage replication status is visible", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@CCC.Core", - "@CCC.Core.CN08", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@Policy", - "@object-storage" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "simple-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "simple-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "simple-flowing-porpoise" - } - ], - "severity": "Medium", - "severity_id": 3, - "status": "New", - "status_code": "FAIL", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ— I attempt policy check \"object-storage-replication-status\" for control \"CCC.Core.CN08\" assessment requirement \"AR02\" for service \"{ServiceType}\" on resource \"{ResourceName}\" and provider \"{Provider}\" - Error: policy check failed: S3 Replication Status Visibility: query execution failed: exit status 254\nOutput: \nAn error occurred (ReplicationConfigurationNotFoundError) when calling the GetBucketReplication operation: The replication configuration was not found\n\n⊘ \"{result}\" is true (skipped)", - "status_id": 1, - "time": 1772108963, - "time_dt": "2026-02-26T12:29:23Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN08.AR02 - Replication Status Visibility" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772108964, - "created_time_dt": "2026-02-26T12:29:24Z", - "desc": "Compliance test scenario: Object storage access logging compliance", - "title": "Object storage access logging compliance", - "types": [], - "uid": "ccc-test-1048-1772108964" - }, - "message": "Object storage access logging compliance", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@CCC.Core", - "@CCC.Core.CN09", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@Policy", - "@object-storage" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "simple-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "simple-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "simple-flowing-porpoise" - } - ], - "severity": "Medium", - "severity_id": 3, - "status": "New", - "status_code": "FAIL", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ— I attempt policy check \"object-storage-access-logging\" for control \"CCC.Core.CN09\" assessment requirement \"AR01\" for service \"{ServiceType}\" on resource \"{ResourceName}\" and provider \"{Provider}\" - Error: policy check failed: S3 Server Access Logging Configuration: \n⊘ \"{result}\" is true (skipped)", - "status_id": 1, - "time": 1772108964, - "time_dt": "2026-02-26T12:29:24Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN09.AR01 - Access Logging Separation" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772108965, - "created_time_dt": "2026-02-26T12:29:25Z", - "desc": "Compliance test scenario: Disabling logs requires disabling the resource", - "title": "Disabling logs requires disabling the resource", - "types": [], - "uid": "ccc-test-1064-1772108965" - }, - "message": "Disabling logs requires disabling the resource", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@CCC.Core", - "@CCC.Core.CN09", - "@tlp-clear", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@Policy", - "@object-storage" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "simple-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "simple-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "simple-flowing-porpoise" - } - ], - "severity": "Informational", - "severity_id": 1, - "status": "New", - "status_code": "PASS", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ no-op required", - "status_id": 1, - "time": 1772108965, - "time_dt": "2026-02-26T12:29:25Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN09.AR02 - Logs Cannot Be Disabled" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772108965, - "created_time_dt": "2026-02-26T12:29:25Z", - "desc": "Compliance test scenario: Redirecting logs requires halting the resource", - "title": "Redirecting logs requires halting the resource", - "types": [], - "uid": "ccc-test-1078-1772108965" - }, - "message": "Redirecting logs requires halting the resource", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@CCC.Core", - "@CCC.Core.CN09", - "@tlp-amber", - "@tlp-red", - "@Policy", - "@object-storage" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "simple-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "simple-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "simple-flowing-porpoise" - } - ], - "severity": "Informational", - "severity_id": 1, - "status": "New", - "status_code": "PASS", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ no-op required", - "status_id": 1, - "time": 1772108965, - "time_dt": "2026-02-26T12:29:25Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN09.AR03 - Log Redirection Requires Service Halt" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772108965, - "created_time_dt": "2026-02-26T12:29:25Z", - "desc": "Compliance test scenario: Object storage replication destination compliance", - "title": "Object storage replication destination compliance", - "types": [], - "uid": "ccc-test-1095-1772108965" - }, - "message": "Object storage replication destination compliance", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@CCC.Core", - "@CCC.Core.CN10", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@Policy", - "@object-storage" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "simple-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "simple-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "simple-flowing-porpoise" - } - ], - "severity": "Medium", - "severity_id": 3, - "status": "New", - "status_code": "FAIL", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ— I attempt policy check \"object-storage-replication-destination\" for control \"CCC.Core.CN10\" assessment requirement \"AR01\" for service \"{ServiceType}\" on resource \"{ResourceName}\" and provider \"{Provider}\" - Error: policy check failed: S3 Replication Destination Region Validation: query execution failed: exit status 254\nOutput: \nAn error occurred (ReplicationConfigurationNotFoundError) when calling the GetBucketReplication operation: The replication configuration was not found\n\n⊘ \"{result}\" is true (skipped)", - "status_id": 1, - "time": 1772108965, - "time_dt": "2026-02-26T12:29:25Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.Core.CN10.AR01 - Replication Destination Trust" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772108966, - "created_time_dt": "2026-02-26T12:29:26Z", - "desc": "Compliance test scenario: Service prevents reading bucket with no access", - "title": "Service prevents reading bucket with no access", - "types": [], - "uid": "ccc-test-1146-1772108966" - }, - "message": "Service prevents reading bucket with no access", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@object-storage", - "@CCC.ObjStor", - "@tlp-amber", - "@tlp-red", - "@CCC.ObjStor.CN01.AR01", - "@Destructive" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "simple-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "simple-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "simple-flowing-porpoise" - } - ], - "severity": "Informational", - "severity_id": 1, - "status": "New", - "status_code": "PASS", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ I call \"{iamService}\" with \"ProvisionUserWithAccess\" using arguments \"test-user-no-access\", \"{UID}\", and \"none\"\nβœ“ I refer to \"{result}\" as \"testUserNoAccess\"\nβœ“ I attach \"{result}\" to the test output as \"no-access-user-identity.json\"\nβœ“ I call \"{api}\" with \"GetServiceAPIWithIdentity\" using arguments \"object-storage\", \"{testUserNoAccess}\", and \"{false}\"\nβœ“ \"{result}\" is not an error\nβœ“ I refer to \"{result}\" as \"userStorage\"\nβœ“ I call \"{userStorage}\" with \"ListObjects\" using argument \"{ResourceName}\"\nβœ“ \"{result}\" is an error\nβœ“ I attach \"{result}\" to the test output as \"no-access-list-error.txt\"", - "status_id": 1, - "time": 1772108966, - "time_dt": "2026-02-26T12:29:26Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.ObjStor.CN01.AR01" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772108966, - "created_time_dt": "2026-02-26T12:29:26Z", - "desc": "Compliance test scenario: Service allows reading bucket with read access", - "title": "Service allows reading bucket with read access", - "types": [], - "uid": "ccc-test-1162-1772108966" - }, - "message": "Service allows reading bucket with read access", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@object-storage", - "@CCC.ObjStor", - "@tlp-amber", - "@tlp-red", - "@CCC.ObjStor.CN01.AR01" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "simple-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "simple-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "simple-flowing-porpoise" - } - ], - "severity": "Medium", - "severity_id": 3, - "status": "New", - "status_code": "FAIL", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ I call \"{iamService}\" with \"ProvisionUserWithAccess\" using arguments \"test-user-read\", \"{UID}\", and \"read\"\nβœ“ I refer to \"{result}\" as \"testUserRead\"\nβœ“ I attach \"{result}\" to the test output as \"read-user-identity.json\"\nβœ“ I call \"{api}\" with \"GetServiceAPIWithIdentity\" using arguments \"object-storage\", \"{testUserRead}\", and \"{true}\"\nβœ— \"{result}\" is not an error - Error: expected {result} to not be an error, but got: user provisioning validation failed: user permissions validation timed out after 12 attempts: credentials not ready for S3 access: operation error S3: ListBuckets, https response error StatusCode: 403, RequestID: HBKMJZZ7CV2WNTRZ, HostID: fDyXyNfcA/z/7cDJNKNXF8mlvrX2PXJ2bcJbi8koMID+sk6RvQzM8lqKOE0bY+/QiOIHmZ11qu0=, api error AccessDenied: User: arn:aws:iam::211203495394:user/test-user-read is not authorized to perform: s3:ListAllMyBuckets because no identity-based policy allows the s3:ListAllMyBuckets action\n⊘ I attach \"{result}\" to the test output as \"read-storage-service.json\" (skipped)\n⊘ I refer to \"{result}\" as \"userStorage\" (skipped)\n⊘ I call \"{userStorage}\" with \"ListObjects\" using argument \"{ResourceName}\" (skipped)\n⊘ \"{result}\" is not an error (skipped)\n⊘ I attach \"{result}\" to the test output as \"read-list-objects-result.json\" (skipped)", - "status_id": 1, - "time": 1772108966, - "time_dt": "2026-02-26T12:29:26Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.ObjStor.CN01.AR01" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772109036, - "created_time_dt": "2026-02-26T12:30:36Z", - "desc": "Compliance test scenario: Test policy", - "title": "Test policy", - "types": [], - "uid": "ccc-test-1163-1772109036" - }, - "message": "Test policy", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@object-storage", - "@CCC.ObjStor", - "@tlp-amber", - "@tlp-red", - "@CCC.ObjStor.CN01.AR01", - "@Policy" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "simple-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "simple-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "simple-flowing-porpoise" - } - ], - "severity": "Informational", - "severity_id": 1, - "status": "New", - "status_code": "PASS", - "status_detail": "", - "status_id": 1, - "time": 1772109036, - "time_dt": "2026-02-26T12:30:36Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.ObjStor.CN01.AR01" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772109036, - "created_time_dt": "2026-02-26T12:30:36Z", - "desc": "Compliance test scenario: Service prevents reading object with no access", - "title": "Service prevents reading object with no access", - "types": [], - "uid": "ccc-test-1216-1772109036" - }, - "message": "Service prevents reading object with no access", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@object-storage", - "@CCC.ObjStor", - "@tlp-amber", - "@tlp-red", - "@CCC.ObjStor.CN01.AR02" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "simple-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "simple-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "simple-flowing-porpoise" - } - ], - "severity": "Informational", - "severity_id": 1, - "status": "New", - "status_code": "PASS", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ I call \"{storage}\" with \"CreateObject\" using arguments \"{ResourceName}\", \"test-object.txt\", and \"test content\"\nβœ“ \"{result}\" is not an error\nβœ“ I call \"{iamService}\" with \"ProvisionUserWithAccess\" using arguments \"test-user-no-access\", \"{UID}\", and \"none\"\nβœ“ I refer to \"{result}\" as \"testUserNoAccess\"\nβœ“ I attach \"{result}\" to the test output as \"no-access-user-identity.json\"\nβœ“ I call \"{api}\" with \"GetServiceAPIWithIdentity\" using arguments \"object-storage\", \"{testUserNoAccess}\", and \"{false}\"\nβœ“ \"{result}\" is not an error\nβœ“ I refer to \"{result}\" as \"userStorage\"\nβœ“ I call \"{userStorage}\" with \"ReadObject\" using arguments \"{ResourceName}\" and \"test-object.txt\"\nβœ“ \"{result}\" is an error\nβœ“ I attach \"{result}\" to the test output as \"no-access-read-object-error.txt\"", - "status_id": 1, - "time": 1772109036, - "time_dt": "2026-02-26T12:30:36Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.ObjStor.CN01.AR02" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772109037, - "created_time_dt": "2026-02-26T12:30:37Z", - "desc": "Compliance test scenario: Service allows reading object with read access", - "title": "Service allows reading object with read access", - "types": [], - "uid": "ccc-test-1235-1772109037" - }, - "message": "Service allows reading object with read access", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@object-storage", - "@CCC.ObjStor", - "@tlp-amber", - "@tlp-red", - "@CCC.ObjStor.CN01.AR02" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "simple-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "simple-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "simple-flowing-porpoise" - } - ], - "severity": "Medium", - "severity_id": 3, - "status": "New", - "status_code": "FAIL", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ I call \"{storage}\" with \"CreateObject\" using arguments \"{ResourceName}\", \"test-object.txt\", and \"test content\"\nβœ“ \"{result}\" is not an error\nβœ“ I call \"{iamService}\" with \"ProvisionUserWithAccess\" using arguments \"test-user-read\", \"{UID}\", and \"read\"\nβœ“ I refer to \"{result}\" as \"testUserRead\"\nβœ“ I attach \"{result}\" to the test output as \"read-user-identity.json\"\nβœ“ I call \"{api}\" with \"GetServiceAPIWithIdentity\" using arguments \"object-storage\", \"{testUserRead}\", and \"{true}\"\nβœ— \"{result}\" is not an error - Error: expected {result} to not be an error, but got: user provisioning validation failed: user permissions validation timed out after 12 attempts: credentials not ready for S3 access: operation error S3: ListBuckets, https response error StatusCode: 403, RequestID: 2C6TRWE43XMPF0M3, HostID: YQX1AICmOVjRvL87UE4TjQAMF5EbVv67Re/+1vEX/No9Kae5hBdlrDZCsvRBsLpT/GQEKazqNQE=, api error AccessDenied: User: arn:aws:iam::211203495394:user/test-user-read is not authorized to perform: s3:ListAllMyBuckets because no identity-based policy allows the s3:ListAllMyBuckets action\n⊘ I attach \"{result}\" to the test output as \"read-storage-service.json\" (skipped)\n⊘ I refer to \"{result}\" as \"userStorage\" (skipped)\n⊘ I call \"{userStorage}\" with \"ReadObject\" using arguments \"{ResourceName}\" and \"test-object.txt\" (skipped)\n⊘ \"{result}\" is not an error (skipped)\n⊘ I attach \"{result}\" to the test output as \"read-read-object-result.json\" (skipped)\n⊘ I call \"{storage}\" with \"DeleteObject\" using arguments \"{ResourceName}\" and \"test-object.txt\" (skipped)", - "status_id": 1, - "time": 1772109037, - "time_dt": "2026-02-26T12:30:37Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.ObjStor.CN01.AR02" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772109092, - "created_time_dt": "2026-02-26T12:31:32Z", - "desc": "Compliance test scenario: Service prevents creating bucket with no access", - "title": "Service prevents creating bucket with no access", - "types": [], - "uid": "ccc-test-1286-1772109092" - }, - "message": "Service prevents creating bucket with no access", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@object-storage", - "@CCC.ObjStor", - "@tlp-clear", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@CCC.ObjStor.CN01.AR03" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "simple-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "simple-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "simple-flowing-porpoise" - } - ], - "severity": "Informational", - "severity_id": 1, - "status": "New", - "status_code": "PASS", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ I call \"{iamService}\" with \"ProvisionUserWithAccess\" using arguments \"test-user-no-access\", \"{UID}\", and \"none\"\nβœ“ I refer to \"{result}\" as \"testUserNoAccess\"\nβœ“ I attach \"{result}\" to the test output as \"no-access-user-identity.json\"\nβœ“ I call \"{api}\" with \"GetServiceAPIWithIdentity\" using arguments \"object-storage\", \"{testUserNoAccess}\", and \"{false}\"\nβœ“ \"{result}\" is not an error\nβœ“ I refer to \"{result}\" as \"userStorage\"\nβœ“ I call \"{userStorage}\" with \"CreateBucket\" using argument \"test-bucket-no-access\"\nβœ“ \"{result}\" is an error\nβœ“ I attach \"{result}\" to the test output as \"no-access-create-bucket-error.txt\"", - "status_id": 1, - "time": 1772109092, - "time_dt": "2026-02-26T12:31:32Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.ObjStor.CN01.AR03" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772109092, - "created_time_dt": "2026-02-26T12:31:32Z", - "desc": "Compliance test scenario: Service allows creating bucket with write access", - "title": "Service allows creating bucket with write access", - "types": [], - "uid": "ccc-test-1303-1772109092" - }, - "message": "Service allows creating bucket with write access", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@object-storage", - "@CCC.ObjStor", - "@tlp-clear", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@CCC.ObjStor.CN01.AR03" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "simple-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "simple-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "simple-flowing-porpoise" - } - ], - "severity": "Medium", - "severity_id": 3, - "status": "New", - "status_code": "FAIL", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ I call \"{iamService}\" with \"ProvisionUserWithAccess\" using arguments \"test-user-write\", \"{UID}\", and \"write\"\nβœ“ I refer to \"{result}\" as \"testUserWrite\"\nβœ“ I attach \"{result}\" to the test output as \"write-user-identity.json\"\nβœ“ I call \"{api}\" with \"GetServiceAPIWithIdentity\" using arguments \"object-storage\", \"{testUserWrite}\", and \"{true}\"\nβœ— \"{result}\" is not an error - Error: expected {result} to not be an error, but got: user provisioning validation failed: user permissions validation timed out after 12 attempts: credentials not ready for S3 access: operation error S3: ListBuckets, https response error StatusCode: 403, RequestID: 5HTKWB5M1NCMVWX0, HostID: dxfi0Dud0rW440uQomNVTLWNvSwV56N0CgdelVRVs00MCB+i4tHAYWZjxbs8+VsqSxxRjF7jk5g=, api error AccessDenied: User: arn:aws:iam::211203495394:user/test-user-write is not authorized to perform: s3:ListAllMyBuckets because no identity-based policy allows the s3:ListAllMyBuckets action\n⊘ I attach \"{result}\" to the test output as \"write-storage-service.json\" (skipped)\n⊘ I refer to \"{result}\" as \"userStorage\" (skipped)\n⊘ I call \"{userStorage}\" with \"CreateBucket\" using argument \"test-bucket-write\" (skipped)\n⊘ \"{result}\" is not an error (skipped)\n⊘ I attach \"{result}\" to the test output as \"write-create-bucket-result.json\" (skipped)\n⊘ I call \"{storage}\" with \"DeleteBucket\" using argument \"{result.ID}\" (skipped)", - "status_id": 1, - "time": 1772109092, - "time_dt": "2026-02-26T12:31:32Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.ObjStor.CN01.AR03" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772109163, - "created_time_dt": "2026-02-26T12:32:43Z", - "desc": "Compliance test scenario: Service prevents writing object with read-only access", - "title": "Service prevents writing object with read-only access", - "types": [], - "uid": "ccc-test-1358-1772109163" - }, - "message": "Service prevents writing object with read-only access", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@object-storage", - "@CCC.ObjStor", - "@tlp-clear", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@CCC.ObjStor.CN01.AR04" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "simple-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "simple-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "simple-flowing-porpoise" - } - ], - "severity": "Medium", - "severity_id": 3, - "status": "New", - "status_code": "FAIL", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ \"{result}\" is not an error\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ \"{result}\" is not an error\nβœ“ I call \"{iamService}\" with \"ProvisionUserWithAccess\" using arguments \"test-user-read\", \"{UID}\", and \"read\"\nβœ“ I refer to \"{result}\" as \"testUserRead\"\nβœ“ I attach \"{result}\" to the test output as \"read-user-identity.json\"\nβœ“ I call \"{api}\" with \"GetServiceAPIWithIdentity\" using arguments \"object-storage\", \"{testUserRead}\", and \"{true}\"\nβœ— \"{result}\" is not an error - Error: expected {result} to not be an error, but got: user provisioning validation failed: user permissions validation timed out after 12 attempts: credentials not ready for S3 access: operation error S3: ListBuckets, https response error StatusCode: 403, RequestID: N9H15A4WWQPMSP1S, HostID: g4QJ7t4kAXmveLTh78/+yi1deFSHpD5JoVCOUmjqcjdfU3iSMCsnVrIAzKBDgpCtiIG/gCg2lZ8Tr7Nwa8tYr8ZO9xYCq6JZ+lAkVbkASeE=, api error AccessDenied: User: arn:aws:iam::211203495394:user/test-user-read is not authorized to perform: s3:ListAllMyBuckets because no identity-based policy allows the s3:ListAllMyBuckets action\n⊘ I refer to \"{result}\" as \"userStorage\" (skipped)\n⊘ I call \"{userStorage}\" with \"CreateObject\" using arguments \"{ResourceName}\", \"test-write-object.txt\", and \"test content\" (skipped)\n⊘ \"{result}\" is an error (skipped)\n⊘ I attach \"{result}\" to the test output as \"read-create-object-error.txt\" (skipped)", - "status_id": 1, - "time": 1772109163, - "time_dt": "2026-02-26T12:32:43Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.ObjStor.CN01.AR04" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772109218, - "created_time_dt": "2026-02-26T12:33:38Z", - "desc": "Compliance test scenario: Service allows writing object with write access", - "title": "Service allows writing object with write access", - "types": [], - "uid": "ccc-test-1377-1772109218" - }, - "message": "Service allows writing object with write access", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@object-storage", - "@CCC.ObjStor", - "@tlp-clear", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@CCC.ObjStor.CN01.AR04" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "simple-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "simple-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "simple-flowing-porpoise" - } - ], - "severity": "Medium", - "severity_id": 3, - "status": "New", - "status_code": "FAIL", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ \"{result}\" is not an error\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ \"{result}\" is not an error\nβœ“ I call \"{iamService}\" with \"ProvisionUserWithAccess\" using arguments \"test-user-write\", \"{UID}\", and \"write\"\nβœ“ I refer to \"{result}\" as \"testUserWrite\"\nβœ“ I attach \"{result}\" to the test output as \"write-user-identity.json\"\nβœ“ I call \"{api}\" with \"GetServiceAPIWithIdentity\" using arguments \"object-storage\", \"{testUserWrite}\", and \"{true}\"\nβœ— \"{result}\" is not an error - Error: expected {result} to not be an error, but got: user provisioning validation failed: user permissions validation timed out after 12 attempts: credentials not ready for S3 access: operation error S3: ListBuckets, https response error StatusCode: 403, RequestID: B7596R1WG63V7E5Z, HostID: 8aZit3jmY/PGT7c1pSIfYedvNcrBEn9DIgQyokHcNsyUxmrsVngTeinPqL5WycuTAOMwjLhXzFg=, api error AccessDenied: User: arn:aws:iam::211203495394:user/test-user-write is not authorized to perform: s3:ListAllMyBuckets because no identity-based policy allows the s3:ListAllMyBuckets action\n⊘ I attach \"{result}\" to the test output as \"write-storage-service.json\" (skipped)\n⊘ I refer to \"{result}\" as \"userStorage\" (skipped)\n⊘ I call \"{userStorage}\" with \"CreateObject\" using arguments \"{ResourceName}\", \"test-write-object.txt\", and \"test content\" (skipped)\n⊘ \"{result}\" is not an error (skipped)\n⊘ I attach \"{result}\" to the test output as \"write-create-object-result.json\" (skipped)\n⊘ I call \"{storage}\" with \"DeleteObject\" using arguments \"{ResourceName}\" and \"test-write-object.txt\" (skipped)", - "status_id": 1, - "time": 1772109218, - "time_dt": "2026-02-26T12:33:38Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.ObjStor.CN01.AR04" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772109273, - "created_time_dt": "2026-02-26T12:34:33Z", - "desc": "Compliance test scenario: Service enforces uniform bucket-level access by rejecting object-level permissions", - "title": "Service enforces uniform bucket-level access by rejecting object-level permissions", - "types": [], - "uid": "ccc-test-1426-1772109273" - }, - "message": "Service enforces uniform bucket-level access by rejecting object-level permissions", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@object-storage", - "@CCC.ObjStor", - "@tlp-amber", - "@tlp-red", - "@CCC.ObjStor.CN02.AR01" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "simple-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "simple-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "simple-flowing-porpoise" - } - ], - "severity": "Medium", - "severity_id": 3, - "status": "New", - "status_code": "FAIL", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ I call \"{storage}\" with \"CreateObject\" using arguments \"{ResourceName}\", \"test-object.txt\", and \"test data\"\nβœ“ \"{result}\" is not an error\nβœ“ I call \"{iamService}\" with \"ProvisionUserWithAccess\" using arguments \"test-user-read\", \"{UID}\", and \"read\"\nβœ“ I refer to \"{result}\" as \"testUserRead\"\nβœ“ I attach \"{result}\" to the test output as \"read-user-identity.json\"\nβœ“ I call \"{api}\" with \"GetServiceAPIWithIdentity\" using arguments \"object-storage\", \"{testUserRead}\", and \"{true}\"\nβœ— \"{result}\" is not an error - Error: expected {result} to not be an error, but got: user provisioning validation failed: user permissions validation timed out after 12 attempts: credentials not ready for S3 access: operation error S3: ListBuckets, https response error StatusCode: 403, RequestID: 1CG7VKA3E0MZA77C, HostID: LQjxcEsghW9izEy4DyM2ay+eXPEzysb1hRVlNWP06AKeS3rv0BcMHkxJjvidYODkejywAWjKJRg=, api error AccessDenied: User: arn:aws:iam::211203495394:user/test-user-read is not authorized to perform: s3:ListAllMyBuckets because no identity-based policy allows the s3:ListAllMyBuckets action\n⊘ I refer to \"{result}\" as \"userStorage\" (skipped)\n⊘ I call \"{userStorage}\" with \"ReadObject\" using arguments \"{ResourceName}\" and \"test-object.txt\" (skipped)\n⊘ \"{result}\" is not an error (skipped)\n⊘ I call \"{storage}\" with \"SetObjectPermission\" using arguments \"{ResourceName}\", \"test-object.txt\", and \"none\" (skipped)\n⊘ \"{result}\" is an error (skipped)\n⊘ I attach \"{result}\" to the test output as \"set-object-permission-error.txt\" (skipped)\n⊘ I call \"{userStorage}\" with \"ReadObject\" using arguments \"{ResourceName}\" and \"test-object.txt\" (skipped)\n⊘ \"{result}\" is not an error (skipped)", - "status_id": 1, - "time": 1772109273, - "time_dt": "2026-02-26T12:34:33Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.ObjStor.CN02.AR01 - Uniform Bucket-Level Access (Consistent Allow)" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772109329, - "created_time_dt": "2026-02-26T12:35:29Z", - "desc": "Compliance test scenario: Service enforces uniform bucket-level access denial", - "title": "Service enforces uniform bucket-level access denial", - "types": [], - "uid": "ccc-test-1475-1772109329" - }, - "message": "Service enforces uniform bucket-level access denial", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@object-storage", - "@CCC.ObjStor", - "@tlp-amber", - "@tlp-red", - "@CCC.ObjStor.CN02.AR02" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "simple-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "simple-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "simple-flowing-porpoise" - } - ], - "severity": "Informational", - "severity_id": 1, - "status": "New", - "status_code": "PASS", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ I call \"{storage}\" with \"CreateObject\" using arguments \"{ResourceName}\", \"test-object.txt\", and \"test data\"\nβœ“ \"{result}\" is not an error\nβœ“ I call \"{iamService}\" with \"ProvisionUserWithAccess\" using arguments \"test-user-no-access\", \"{UID}\", and \"none\"\nβœ“ I refer to \"{result}\" as \"testUserNoAccess\"\nβœ“ I attach \"{result}\" to the test output as \"no-access-user-identity.json\"\nβœ“ I call \"{api}\" with \"GetServiceAPIWithIdentity\" using arguments \"object-storage\", \"{testUserNoAccess}\", and \"{false}\"\nβœ“ \"{result}\" is not an error\nβœ“ I refer to \"{result}\" as \"userStorage\"\nβœ“ I call \"{userStorage}\" with \"ReadObject\" using arguments \"{ResourceName}\" and \"test-object.txt\"\nβœ“ \"{result}\" is an error\nβœ“ I call \"{storage}\" with \"SetObjectPermission\" using arguments \"{ResourceName}\", \"test-object.txt\", and \"read\"\nβœ“ \"{result}\" is an error\nβœ“ I attach \"{result}\" to the test output as \"set-object-permission-error.txt\"\nβœ“ I call \"{userStorage}\" with \"ReadObject\" using arguments \"{ResourceName}\" and \"test-object.txt\"\nβœ“ \"{result}\" is an error", - "status_id": 1, - "time": 1772109329, - "time_dt": "2026-02-26T12:35:29Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.ObjStor.CN02.AR02 - Uniform Bucket-Level Access (Consistent Deny)" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772109329, - "created_time_dt": "2026-02-26T12:35:29Z", - "desc": "Compliance test scenario: Service supports bucket soft delete and recovery", - "title": "Service supports bucket soft delete and recovery", - "types": [], - "uid": "ccc-test-1524-1772109329" - }, - "message": "Service supports bucket soft delete and recovery", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@object-storage", - "@CCC.ObjStor", - "@tlp-amber", - "@tlp-red", - "@CCC.ObjStor.CN03.AR01" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "simple-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "simple-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "simple-flowing-porpoise" - } - ], - "severity": "Medium", - "severity_id": 3, - "status": "New", - "status_code": "FAIL", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{storage}\" with \"CreateBucket\" using argument \"ccc-test-soft-delete\"\nβœ“ \"{result}\" is not an error\nβœ“ I refer to \"{result}\" as \"testBucket\"\nβœ“ I attach \"{result}\" to the test output as \"created-bucket.json\"\nβœ“ I call \"{storage}\" with \"DeleteBucket\" using argument \"ccc-test-soft-delete\"\nβœ“ \"{result}\" is not an error\nβœ“ I call \"{storage}\" with \"ListDeletedBuckets\"\nβœ— \"{result}\" is not an error - Error: expected {result} to not be an error, but got: AWS S3 does not support bucket-level soft delete - bucket deletion is immediate and permanent\n⊘ I attach \"{result}\" to the test output as \"deleted-buckets.json\" (skipped)\n? \"{result}\" should have length greater than \"0\" (undefined)\n⊘ I call \"{storage}\" with \"RestoreBucket\" using argument \"ccc-test-soft-delete\" (skipped)\n⊘ \"{result}\" is not an error (skipped)\n⊘ I call \"{storage}\" with \"ListBuckets\" (skipped)\n⊘ \"{result}\" is not an error (skipped)\n⊘ I attach \"{result}\" to the test output as \"restored-buckets.json\" (skipped)\n⊘ I call \"{storage}\" with \"DeleteBucket\" using argument \"ccc-test-soft-delete\" (skipped)\n⊘ \"{result}\" is not an error (skipped)", - "status_id": 1, - "time": 1772109329, - "time_dt": "2026-02-26T12:35:29Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.ObjStor.CN03.AR01 - Bucket Soft Delete and Recovery" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772109330, - "created_time_dt": "2026-02-26T12:35:30Z", - "desc": "Compliance test scenario: Service prevents modification of locked retention policy", - "title": "Service prevents modification of locked retention policy", - "types": [], - "uid": "ccc-test-1561-1772109330" - }, - "message": "Service prevents modification of locked retention policy", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@object-storage", - "@CCC.ObjStor", - "@tlp-amber", - "@tlp-red", - "@CCC.ObjStor.CN03.AR02" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "simple-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "simple-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "simple-flowing-porpoise" - } - ], - "severity": "Medium", - "severity_id": 3, - "status": "New", - "status_code": "FAIL", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{storage}\" with \"GetBucketRetentionDurationDays\" using argument \"{ResourceName}\"\nβœ“ \"{result}\" is not an error\nβœ“ I refer to \"{result}\" as \"originalRetention\"\nβœ“ I attach \"{result}\" to the test output as \"original-retention-days.txt\"\nβœ— \"{result}\" should be greater than \"0\" - Error: expected {result} (0) to be greater than 0\n⊘ I call \"{storage}\" with \"SetBucketRetentionDurationDays\" using arguments \"{ResourceName}\" and \"1\" (skipped)\n⊘ \"{result}\" is an error (skipped)\n⊘ I attach \"{result}\" to the test output as \"set-retention-error.txt\" (skipped)\n⊘ I call \"{storage}\" with \"GetBucketRetentionDurationDays\" using argument \"{ResourceName}\" (skipped)\n⊘ \"{result}\" is not an error (skipped)\n? \"{result}\" should equal \"{originalRetention}\" (undefined)", - "status_id": 1, - "time": 1772109330, - "time_dt": "2026-02-26T12:35:30Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.ObjStor.CN03.AR02 - Immutable Bucket Retention Policy" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772109330, - "created_time_dt": "2026-02-26T12:35:30Z", - "desc": "Compliance test scenario: Service applies default retention policy to newly uploaded object", - "title": "Service applies default retention policy to newly uploaded object", - "types": [], - "uid": "ccc-test-1617-1772109330" - }, - "message": "Service applies default retention policy to newly uploaded object", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@object-storage", - "@CCC.ObjStor", - "@tlp-clear", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@CCC.ObjStor.CN04.AR01" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "simple-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "simple-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "simple-flowing-porpoise" - } - ], - "severity": "Medium", - "severity_id": 3, - "status": "New", - "status_code": "FAIL", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ I call \"{iamService}\" with \"ProvisionUserWithAccess\" using arguments \"test-user-write\", \"{UID}\", and \"write\"\nβœ“ I refer to \"{result}\" as \"testUserWrite\"\nβœ“ I attach \"{result}\" to the test output as \"write-user-identity.json\"\nβœ“ I call \"{api}\" with \"GetServiceAPIWithIdentity\" using arguments \"object-storage\", \"{testUserWrite}\", and \"{true}\"\nβœ— \"{result}\" is not an error - Error: expected {result} to not be an error, but got: user provisioning validation failed: user permissions validation timed out after 12 attempts: credentials not ready for S3 access: operation error S3: ListBuckets, https response error StatusCode: 403, RequestID: 9J71AG53NVA8653T, HostID: HGTz2EGa/EB1utlkjZZQVCsAVF2QmFJKmf7STjkT3RylVHw0OWigXE49E0oDbjC1zIEtlUe+fnI=, api error AccessDenied: User: arn:aws:iam::211203495394:user/test-user-write is not authorized to perform: s3:ListAllMyBuckets because no identity-based policy allows the s3:ListAllMyBuckets action\n⊘ I refer to \"{result}\" as \"userStorage\" (skipped)\n⊘ I call \"{userStorage}\" with \"CreateObject\" using arguments \"{ResourceName}\", \"test-retention-object.txt\", and \"protected data\" (skipped)\n⊘ I attach \"{result}\" to the test output as \"uploaded-object.json\" (skipped)\n⊘ I call \"{userStorage}\" with \"GetObjectRetentionDurationDays\" using arguments \"{ResourceName}\" and \"test-retention-object.txt\" (skipped)\n⊘ \"{result}\" should be greater than \"1\" (skipped)\n⊘ I call \"{storage}\" with \"DeleteObject\" using arguments \"{ResourceName}\" and \"test-retention-object.txt\" (skipped)", - "status_id": 1, - "time": 1772109330, - "time_dt": "2026-02-26T12:35:30Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.ObjStor.CN04.AR01" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772109385, - "created_time_dt": "2026-02-26T12:36:25Z", - "desc": "Compliance test scenario: Service enforces retention policy on newly created objects", - "title": "Service enforces retention policy on newly created objects", - "types": [], - "uid": "ccc-test-1629-1772109385" - }, - "message": "Service enforces retention policy on newly created objects", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@object-storage", - "@CCC.ObjStor", - "@tlp-clear", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@CCC.ObjStor.CN04.AR01" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "simple-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "simple-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "simple-flowing-porpoise" - } - ], - "severity": "Medium", - "severity_id": 3, - "status": "New", - "status_code": "FAIL", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ I call \"{storage}\" with \"CreateObject\" using arguments \"{ResourceName}\", \"immediate-delete-test.txt\", and \"test content\"\nβœ“ \"{result}\" is not an error\nβœ“ I call \"{storage}\" with \"DeleteObject\" using arguments \"{ResourceName}\" and \"immediate-delete-test.txt\"\nβœ— \"{result}\" is an error - Error: expected {result} to be an error, got \u003cnil\u003e\n⊘ I attach \"{result}\" to the test output as \"immediate-delete-error.txt\" (skipped)\n? \"{result}\" should contain \"retention\" (undefined)", - "status_id": 1, - "time": 1772109385, - "time_dt": "2026-02-26T12:36:25Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.ObjStor.CN04.AR01" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772109386, - "created_time_dt": "2026-02-26T12:36:26Z", - "desc": "Compliance test scenario: Service validates retention period meets minimum requirements", - "title": "Service validates retention period meets minimum requirements", - "types": [], - "uid": "ccc-test-1640-1772109386" - }, - "message": "Service validates retention period meets minimum requirements", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@object-storage", - "@CCC.ObjStor", - "@tlp-clear", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@CCC.ObjStor.CN04.AR01" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "simple-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "simple-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "simple-flowing-porpoise" - } - ], - "severity": "Medium", - "severity_id": 3, - "status": "New", - "status_code": "FAIL", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ I call \"{storage}\" with \"CreateObject\" using arguments \"{ResourceName}\", \"retention-period-test.txt\", and \"compliance data\"\nβœ“ I call \"{storage}\" with \"GetObjectRetentionDurationDays\" using arguments \"{ResourceName}\" and \"retention-period-test.txt\"\nβœ— \"{result}\" should be greater than \"1\" - Error: expected {result} (0) to be greater than 1\n⊘ I attach \"{result}\" to the test output as \"retention-period-days.json\" (skipped)\n⊘ I call \"{storage}\" with \"DeleteObject\" using arguments \"{ResourceName}\" and \"retention-period-test.txt\" (skipped)", - "status_id": 1, - "time": 1772109386, - "time_dt": "2026-02-26T12:36:26Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.ObjStor.CN04.AR01" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772109386, - "created_time_dt": "2026-02-26T12:36:26Z", - "desc": "Compliance test scenario: Service prevents object deletion by write user during retention period", - "title": "Service prevents object deletion by write user during retention period", - "types": [], - "uid": "ccc-test-1722-1772109386" - }, - "message": "Service prevents object deletion by write user during retention period", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@object-storage", - "@CCC.ObjStor", - "@tlp-clear", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@CCC.ObjStor.CN04.AR02" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "simple-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "simple-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "simple-flowing-porpoise" - } - ], - "severity": "Medium", - "severity_id": 3, - "status": "New", - "status_code": "FAIL", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ I call \"{iamService}\" with \"ProvisionUserWithAccess\" using arguments \"test-user-write\", \"{UID}\", and \"write\"\nβœ“ I refer to \"{result}\" as \"testUserWrite\"\nβœ“ I attach \"{result}\" to the test output as \"write-user-identity.json\"\nβœ“ I call \"{api}\" with \"GetServiceAPIWithIdentity\" using arguments \"object-storage\", \"{testUserWrite}\", and \"{true}\"\nβœ— \"{result}\" is not an error - Error: expected {result} to not be an error, but got: user provisioning validation failed: user permissions validation timed out after 12 attempts: credentials not ready for S3 access: operation error S3: ListBuckets, https response error StatusCode: 403, RequestID: 44CYDVSA5KZEZT4F, HostID: RokhzS6VZDT4vxZwOMOkSKHyrbR74OK7OwaWgIdNU8X66I5zX/AOw/yrP/lgUB+LVixWauMaXMc=, api error AccessDenied: User: arn:aws:iam::211203495394:user/test-user-write is not authorized to perform: s3:ListAllMyBuckets because no identity-based policy allows the s3:ListAllMyBuckets action\n⊘ I refer to \"{result}\" as \"userStorage\" (skipped)\n⊘ I call \"{userStorage}\" with \"CreateObject\" using arguments \"{ResourceName}\", \"protected-object.txt\", and \"immutable data\" (skipped)\n⊘ \"{result}\" is not an error (skipped)\n⊘ I attach \"{result}\" to the test output as \"protected-object.json\" (skipped)\n⊘ I call \"{userStorage}\" with \"DeleteObject\" using arguments \"{ResourceName}\" and \"protected-object.txt\" (skipped)\n⊘ \"{result}\" is an error (skipped)\n⊘ I attach \"{result}\" to the test output as \"delete-protected-error.txt\" (skipped)\n? \"{result}\" should contain one of \"retention, locked, immutable, protected\" (undefined)", - "status_id": 1, - "time": 1772109386, - "time_dt": "2026-02-26T12:36:26Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.ObjStor.CN04.AR02" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772109441, - "created_time_dt": "2026-02-26T12:37:21Z", - "desc": "Compliance test scenario: Service prevents object deletion by admin user during retention period", - "title": "Service prevents object deletion by admin user during retention period", - "types": [], - "uid": "ccc-test-1734-1772109441" - }, - "message": "Service prevents object deletion by admin user during retention period", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@object-storage", - "@CCC.ObjStor", - "@tlp-clear", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@CCC.ObjStor.CN04.AR02" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "simple-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "simple-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "simple-flowing-porpoise" - } - ], - "severity": "Medium", - "severity_id": 3, - "status": "New", - "status_code": "FAIL", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ I call \"{storage}\" with \"CreateObject\" using arguments \"{ResourceName}\", \"admin-protected-object.txt\", and \"compliance data\"\nβœ“ \"{result}\" is not an error\nβœ“ I call \"{storage}\" with \"DeleteObject\" using arguments \"{ResourceName}\" and \"admin-protected-object.txt\"\nβœ— \"{result}\" is an error - Error: expected {result} to be an error, got \u003cnil\u003e\n⊘ I attach \"{result}\" to the test output as \"admin-delete-protected-error.txt\" (skipped)\n? \"{result}\" should contain \"retention\" (undefined)", - "status_id": 1, - "time": 1772109441, - "time_dt": "2026-02-26T12:37:21Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.ObjStor.CN04.AR02" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772109442, - "created_time_dt": "2026-02-26T12:37:22Z", - "desc": "Compliance test scenario: Service prevents object modification during retention period", - "title": "Service prevents object modification during retention period", - "types": [], - "uid": "ccc-test-1752-1772109442" - }, - "message": "Service prevents object modification during retention period", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@object-storage", - "@CCC.ObjStor", - "@tlp-clear", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@CCC.ObjStor.CN04.AR02" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "simple-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "simple-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "simple-flowing-porpoise" - } - ], - "severity": "Medium", - "severity_id": 3, - "status": "New", - "status_code": "FAIL", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ I call \"{iamService}\" with \"ProvisionUserWithAccess\" using arguments \"test-user-write\", \"{UID}\", and \"write\"\nβœ“ I refer to \"{result}\" as \"testUserWrite\"\nβœ“ I call \"{api}\" with \"GetServiceAPIWithIdentity\" using arguments \"object-storage\", \"{testUserWrite}\", and \"{true}\"\nβœ— \"{result}\" is not an error - Error: expected {result} to not be an error, but got: user provisioning validation failed: user permissions validation timed out after 12 attempts: credentials not ready for S3 access: operation error S3: ListBuckets, https response error StatusCode: 403, RequestID: 9CJAMH1Q8NVWBMD3, HostID: tWcBHGS1O0UefeZ0TP7B34bM9r9nOgEewJz/7B7YUl++N9wDjf3q2Hpvuhu05E8V4+e2WgPifpE/ecbqlBctUcA2CQ0zEdvH, api error AccessDenied: User: arn:aws:iam::211203495394:user/test-user-write is not authorized to perform: s3:ListAllMyBuckets because no identity-based policy allows the s3:ListAllMyBuckets action\n⊘ I refer to \"{result}\" as \"userStorage\" (skipped)\n⊘ I call \"{userStorage}\" with \"CreateObject\" using arguments \"{ResourceName}\", \"modify-test-object.txt\", and \"original content\" (skipped)\n⊘ \"{result}\" is not an error (skipped)\n⊘ I attach \"{result}\" to the test output as \"original-object.json\" (skipped)\n⊘ I call \"{userStorage}\" with \"CreateObject\" using arguments \"{ResourceName}\", \"modify-test-object.txt\", and \"modified content\" (skipped)\n⊘ \"{result}\" is an error (skipped)\n⊘ I attach \"{result}\" to the test output as \"modify-protected-error.txt\" (skipped)\n? \"{result}\" should contain one of \"retention, locked, immutable, protected, exists\" (undefined)", - "status_id": 1, - "time": 1772109442, - "time_dt": "2026-02-26T12:37:22Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.ObjStor.CN04.AR02" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772109497, - "created_time_dt": "2026-02-26T12:38:17Z", - "desc": "Compliance test scenario: Service allows object read access during retention period", - "title": "Service allows object read access during retention period", - "types": [], - "uid": "ccc-test-1772-1772109497" - }, - "message": "Service allows object read access during retention period", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@object-storage", - "@CCC.ObjStor", - "@tlp-clear", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@CCC.ObjStor.CN04.AR02" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "simple-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "simple-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "simple-flowing-porpoise" - } - ], - "severity": "Medium", - "severity_id": 3, - "status": "New", - "status_code": "FAIL", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" using argument \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ“ I call \"{storage}\" with \"CreateObject\" using arguments \"{ResourceName}\", \"readable-protected-object.txt\", and \"readable data\"\nβœ“ \"{result}\" is not an error\nβœ“ I call \"{iamService}\" with \"ProvisionUserWithAccess\" using arguments \"test-user-read\", \"{UID}\", and \"read\"\nβœ“ I refer to \"{result}\" as \"testUserRead\"\nβœ“ I attach \"{result}\" to the test output as \"read-user-identity.json\"\nβœ“ I call \"{api}\" with \"GetServiceAPIWithIdentity\" using arguments \"object-storage\", \"{testUserRead}\", and \"{true}\"\nβœ— \"{result}\" is not an error - Error: expected {result} to not be an error, but got: user provisioning validation failed: user permissions validation timed out after 12 attempts: credentials not ready for S3 access: operation error S3: ListBuckets, https response error StatusCode: 403, RequestID: BE430XHE6XC874D6, HostID: v1HK61E2hR62jeTwc3MRdOPIH9z+Tn/qcdLmTwpmzyNt++uZxBSqVrwau6CB/RQOa53eiybXfV0=, api error AccessDenied: User: arn:aws:iam::211203495394:user/test-user-read is not authorized to perform: s3:ListAllMyBuckets because no identity-based policy allows the s3:ListAllMyBuckets action\n⊘ I refer to \"{result}\" as \"userStorage\" (skipped)\n⊘ I call \"{userStorage}\" with \"ReadObject\" using arguments \"{ResourceName}\" and \"readable-protected-object.txt\" (skipped)\n⊘ \"{result}\" is not an error (skipped)\n⊘ I refer to \"{result}\" as \"readResult\" (skipped)\n⊘ I attach \"{result}\" to the test output as \"read-protected-object.json\" (skipped)\n⊘ \"{readResult.Name}\" is \"readable-protected-object.txt\" (skipped)\n⊘ I call \"{storage}\" with \"DeleteObject\" using arguments \"{ResourceName}\" and \"readable-protected-object.txt\" (skipped)", - "status_id": 1, - "time": 1772109497, - "time_dt": "2026-02-26T12:38:17Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.ObjStor.CN04.AR02" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772109553, - "created_time_dt": "2026-02-26T12:39:13Z", - "desc": "Compliance test scenario: Objects are stored with unique version identifiers", - "title": "Objects are stored with unique version identifiers", - "types": [], - "uid": "ccc-test-1790-1772109553" - }, - "message": "Objects are stored with unique version identifiers", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@object-storage", - "@CCC.ObjStor", - "@CCC.ObjStor.CN05", - "@tlp-clear", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@Policy" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "simple-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "simple-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "simple-flowing-porpoise" - } - ], - "severity": "Medium", - "severity_id": 3, - "status": "New", - "status_code": "FAIL", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ— I attempt policy check \"object-storage-versioning\" for control \"CCC.ObjStor.CN05\" assessment requirement \"AR01\" for service \"{ServiceType}\" on resource \"{ResourceName}\" and provider \"{Provider}\" - Error: policy check failed: S3 Bucket Versioning Configuration: \n⊘ \"{result}\" is true (skipped)", - "status_id": 1, - "time": 1772109553, - "time_dt": "2026-02-26T12:39:13Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.ObjStor.CN05.AR01 - Versioning with Unique Identifiers" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772109554, - "created_time_dt": "2026-02-26T12:39:14Z", - "desc": "Compliance test scenario: Modified objects receive new version identifiers", - "title": "Modified objects receive new version identifiers", - "types": [], - "uid": "ccc-test-1806-1772109554" - }, - "message": "Modified objects receive new version identifiers", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@object-storage", - "@CCC.ObjStor", - "@CCC.ObjStor.CN05", - "@tlp-clear", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@Policy" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "simple-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "simple-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "simple-flowing-porpoise" - } - ], - "severity": "Informational", - "severity_id": 1, - "status": "New", - "status_code": "PASS", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ no-op required", - "status_id": 1, - "time": 1772109554, - "time_dt": "2026-02-26T12:39:14Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.ObjStor.CN05.AR02 - New Version ID on Modification" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772109554, - "created_time_dt": "2026-02-26T12:39:14Z", - "desc": "Compliance test scenario: Previous object versions can be recovered", - "title": "Previous object versions can be recovered", - "types": [], - "uid": "ccc-test-1822-1772109554" - }, - "message": "Previous object versions can be recovered", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@object-storage", - "@CCC.ObjStor", - "@CCC.ObjStor.CN05", - "@tlp-clear", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@Policy" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "simple-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "simple-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "simple-flowing-porpoise" - } - ], - "severity": "Informational", - "severity_id": 1, - "status": "New", - "status_code": "PASS", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ no-op required", - "status_id": 1, - "time": 1772109554, - "time_dt": "2026-02-26T12:39:14Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.ObjStor.CN05.AR03 - Recovery of Previous Versions" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772109554, - "created_time_dt": "2026-02-26T12:39:14Z", - "desc": "Compliance test scenario: Object versions are retained after deletion", - "title": "Object versions are retained after deletion", - "types": [], - "uid": "ccc-test-1838-1772109554" - }, - "message": "Object versions are retained after deletion", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@object-storage", - "@CCC.ObjStor", - "@CCC.ObjStor.CN05", - "@tlp-clear", - "@tlp-green", - "@tlp-amber", - "@tlp-red", - "@Policy" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "simple-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "simple-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "simple-flowing-porpoise" - } - ], - "severity": "Informational", - "severity_id": 1, - "status": "New", - "status_code": "PASS", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ“ no-op required", - "status_id": 1, - "time": 1772109554, - "time_dt": "2026-02-26T12:39:14Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.ObjStor.CN05.AR04 - Retain Versions on Delete" - ] - } - } - }, - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1772109554, - "created_time_dt": "2026-02-26T12:39:14Z", - "desc": "Compliance test scenario: Access logs are stored in a separate data store", - "title": "Access logs are stored in a separate data store", - "types": [], - "uid": "ccc-test-1854-1772109554" - }, - "message": "Access logs are stored in a separate data store", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Complete", - "uid": "CCC-Complete", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "@PerService", - "@object-storage", - "@CCC.ObjStor", - "@CCC.ObjStor.CN06", - "@tlp-amber", - "@tlp-red", - "@Policy" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "aws", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "simple-flowing-porpoise", - "region": "us-east-1", - "status": "ACTIVE", - "tags": [], - "type": "object-storage" - } - }, - "group": { - "name": "object-storage" - }, - "name": "simple-flowing-porpoise", - "region": "us-east-1", - "type": "object-storage", - "uid": "simple-flowing-porpoise" - } - ], - "severity": "Medium", - "severity_id": 3, - "status": "New", - "status_code": "FAIL", - "status_detail": "βœ“ a cloud api for \"{Instance}\" in \"api\"\nβœ— I attempt policy check \"object-storage-access-logging\" for control \"CCC.ObjStor.CN06\" assessment requirement \"AR01\" for service \"{ServiceType}\" on resource \"{ResourceName}\" and provider \"{Provider}\" - Error: policy check file not found: /home/runner/work/ccc-cfi-compliance/ccc-cfi-compliance/testing/policy/CCC.ObjStor/CCC.ObjStor.CN06/AR01/object-storage-access-logging/aws.yaml\n⊘ \"{result}\" is true (skipped)", - "status_id": 1, - "time": 1772109554, - "time_dt": "2026-02-26T12:39:14Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.ObjStor.CN06.AR01 - Access Logs in Separate Data Store" - ] - } - } - } -] \ No newline at end of file diff --git a/website/src/data/test-results/finos-labs-ccc-cfi-compliance/repository.json b/website/src/data/test-results/finos-labs-ccc-cfi-compliance/repository.json index 4dda7416..15fddc26 100644 --- a/website/src/data/test-results/finos-labs-ccc-cfi-compliance/repository.json +++ b/website/src/data/test-results/finos-labs-ccc-cfi-compliance/repository.json @@ -2,8 +2,8 @@ "name": "ccc-cfi-compliance", "url": "https://github.com/finos-labs/ccc-cfi-compliance", "description": "CCC CFI Compliance from FINOS Labs", - "downloaded_at": "2026-02-26T12:49:15.343Z", - "workflow_run_id": 22440814518, + "downloaded_at": "2026-03-03T14:22:58.295Z", + "workflow_run_id": 22625131394, "workflow_status": "completed", "workflow_conclusion": "success" } \ No newline at end of file diff --git a/website/src/types/cfi.ts b/website/src/types/cfi.ts index 31f5ea85..8d853df2 100644 --- a/website/src/types/cfi.ts +++ b/website/src/types/cfi.ts @@ -1,193 +1,188 @@ import { Contributor } from "./ccc"; export enum TestResultType { - PASS = "pass", - FAIL = "fail", - NA = "na", - ERROR = "error", + PASS = "pass", + FAIL = "fail", + NA = "na", + ERROR = "error", } export interface TestResultItem { - id: string, - test_requirements: string[]; - result: TestResultType; - name: string; - message: string; - test: string; - timestamp: number; - further_info_url?: string; - resources: string[]; - // OCSF-specific fields for CCC compliance mappings - status_code?: string; - status_detail?: string; - resource_name?: string; - resource_type?: string; - resource_uid?: string; - ccc_objects?: string[]; - finding_title?: string; - finding_uid?: string; + id: string; + test_requirements: string[]; + result: TestResultType; + name: string; + message: string; + test: string; + timestamp: number; + further_info_url?: string; + resources: string[]; + // OCSF-specific fields for CCC compliance mappings + status_code?: string; + status_detail?: string; + resource_name?: string; + resource_type?: string; + resource_uid?: string; + ccc_objects?: string[]; + finding_title?: string; + finding_uid?: string; } - export interface TestResultPageData { - slug: string; - result_name: string; - result_path: string; - releaseTitle: string; - configuration: Configuration; - results: TestResultItem[]; - parentSlug: string + slug: string; + result_name: string; + result_path: string; + releaseTitle: string; + configuration: Configuration; + results: TestResultItem[]; + parentSlug: string; } - export interface TestResultEntry { - id: string; - date: string; - slug: string; - status: TestResultType; + id: string; + date: string; + slug: string; + status: TestResultType; } /** * Populated from the json file inside the config directory of each test result. */ export interface CFIConfigJson { - id: string; - provider: string; - service: string; - name: string; - description: string; - path: string; - git?: string; + id: string; + provider: string; + service: string; + name: string; + description: string; + path: string; + git?: string; } -/** +/** * Populated from repository.json file in test-results. */ export interface CFIRepository { - name: string; - url: string; - description: string; - downloaded_at: string; - artifact_name?: string; - workflow_run_id?: number; - workflow_status?: string; - workflow_conclusion?: string; + name: string; + url: string; + description: string; + downloaded_at: string; + artifact_name?: string; + workflow_run_id?: number; + workflow_status?: string; + workflow_conclusion?: string; } /** * These are downloaded from github actions, and contain the test results for a single configuration. */ export interface Configuration { - cfi_details: CFIConfigJson; - repository: CFIRepository; - slug: string; - results: ConfigurationResult[]; + cfi_details: CFIConfigJson; + repository: CFIRepository; + slug: string; + results: ConfigurationResult[]; } - export interface DownloadLink { - name: string; - url: string; - type: string; + name: string; + url: string; + type: string; } export interface ConfigurationResult { - product: string; - vendor: string; - version: string; - test_results: TestResultItem[]; - download_links?: DownloadLink[]; + product: string; + vendor: string; + version: string; + test_results: TestResultItem[]; + download_links?: DownloadLink[]; } - export interface CFIResultSummary { - name: string; - description: string; - provider: string; - date: string; - repositoryUrl: string; - passingTests: number; - failingTests: number; - totalTests: number; - configurationSlug: string; + name: string; + description: string; + provider: string; + date: string; + repositoryUrl: string; + passingTests: number; + failingTests: number; + totalTests: number; + configurationSlug: string; } export interface HomePageData { - configurations: Configuration[]; + configurations: Configuration[]; } export interface ConfigurationPageData { - configuration: Configuration; - configurationResultSummaries: ConfigurationResultSummary[]; + configuration: Configuration; + configurationResultSummaries: ConfigurationResultSummary[]; } export interface ConfigurationResultSummary { - product: string; - vendor: string; - version: string; - slug: string; - totalTests: number; - passingTests: number; - failingTests: number; + product: string; + vendor: string; + version: string; + slug: string; + totalTests: number; + passingTests: number; + failingTests: number; } export interface ConfigurationResultPageData { - configuration: Configuration; - configurationResult: ConfigurationResult; + configuration: Configuration; + configurationResult: ConfigurationResult; } export interface RepositoryPageData { - repository: CFIRepository; - configurations: Configuration[]; - repositorySlug: string; + repository: CFIRepository; + configurations: Configuration[]; + repositorySlug: string; +} + +export interface RequirementLink { + id: string; + url: string; + title: string; } export interface ControlCatalogSummary { - catalogId: string; - catalogUrl: string; - resources: string[]; - totalTests: number; - passingTests: number; - failingTests: number; - testedRequirements: Array<{ - id: string; - url: string; - title: string; - }>; - missingRequirements: Array<{ - id: string; - url: string; - title: string; - }>; + catalogId: string; + catalogUrl: string; + resources: string[]; + totalTests: number; + passingTests: number; + failingTests: number; + unusedRequirements: Array; + testedRequirements: Array; + missingRequirements: Array; } export interface ResourceSummary { - resourceName: string; - resourceType: string; - catalogs: string[]; - totalTests: number; - passingTests: number; - failingTests: number; + resourceName: string; + resourceType: string; + catalogs: string[]; + totalTests: number; + passingTests: number; + failingTests: number; } export interface TestSummary { - resourceName: string; - resourceType: string; - totalTests: number; - passingTests: number; - failingTests: number; - catalogsTested: string[]; + resourceName: string; + resourceType: string; + totalTests: number; + passingTests: number; + failingTests: number; + catalogsTested: string[]; } export interface TestMappingDetail { - eventCode: string; - totalTests: number; - passingTests: number; - failingTests: number; + eventCode: string; + totalTests: number; + passingTests: number; + failingTests: number; } export interface TestMappingSummary { - controlCatalog: string; - testRequirementId: string; - mappedTests: TestMappingDetail[]; + controlCatalog: string; + testRequirementId: string; + mappedTests: TestMappingDetail[]; } From 728c94fb1f3371e2017b81a2f0becf5c85b3f483 Mon Sep 17 00:00:00 2001 From: Rob Moffat Date: Mon, 16 Mar 2026 10:18:30 +0000 Subject: [PATCH 05/14] Ignoring results --- .gitignore | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.gitignore b/.gitignore index 78825810..1eef178a 100644 --- a/.gitignore +++ b/.gitignore @@ -5,3 +5,7 @@ build/oscal-cli # Delivery Tooling delivery-toolkit/artifacts .env/ + +# CFI Test Results +website/src/data/test-results/**/* +website/static/downloads/cfi/**/* From d25d2e55c43903092f07d7909f853f80622fff32 Mon Sep 17 00:00:00 2001 From: Rob Moffat Date: Wed, 18 Mar 2026 14:49:17 +0000 Subject: [PATCH 06/14] Updated display of summary results --- .../cfi/ConfigurationResult/index.tsx | 22 +++---- .../repository.json | 4 +- website/src/plugin/cfi-pages/index.ts | 61 ++++++++++--------- 3 files changed, 42 insertions(+), 45 deletions(-) diff --git a/website/src/components/cfi/ConfigurationResult/index.tsx b/website/src/components/cfi/ConfigurationResult/index.tsx index 43613880..89d6ce14 100644 --- a/website/src/components/cfi/ConfigurationResult/index.tsx +++ b/website/src/components/cfi/ConfigurationResult/index.tsx @@ -383,8 +383,7 @@ export default function CFIConfigurationResult({ pageData }: { pageData: Configu File Name - Format - Action + Download @@ -394,18 +393,15 @@ export default function CFIConfigurationResult({ pageData }: { pageData: Configu
{links.map((link, linkIndex) => ( - + {link.type.toUpperCase()} - - ))} -
- - - diff --git a/website/src/data/test-results/finos-labs-ccc-cfi-compliance/repository.json b/website/src/data/test-results/finos-labs-ccc-cfi-compliance/repository.json index 15fddc26..3814f056 100644 --- a/website/src/data/test-results/finos-labs-ccc-cfi-compliance/repository.json +++ b/website/src/data/test-results/finos-labs-ccc-cfi-compliance/repository.json @@ -2,8 +2,8 @@ "name": "ccc-cfi-compliance", "url": "https://github.com/finos-labs/ccc-cfi-compliance", "description": "CCC CFI Compliance from FINOS Labs", - "downloaded_at": "2026-03-03T14:22:58.295Z", - "workflow_run_id": 22625131394, + "downloaded_at": "2026-03-18T14:39:05.630Z", + "workflow_run_id": 23246451323, "workflow_status": "completed", "workflow_conclusion": "success" } \ No newline at end of file diff --git a/website/src/plugin/cfi-pages/index.ts b/website/src/plugin/cfi-pages/index.ts index a07db4d5..6b3d8eda 100644 --- a/website/src/plugin/cfi-pages/index.ts +++ b/website/src/plugin/cfi-pages/index.ts @@ -105,39 +105,40 @@ async function createConfiguration(configDir: string, slug: string, repositoryDa fs.mkdirSync(staticDownloadsDir, { recursive: true }); } - // Create a page for each ConfigurationResult - for (const [key, configResultWithFiles] of partitionedResults.entries()) { - const { contributingFiles, ...configResult } = configResultWithFiles; - - // Handle download links - const downloadLinks: { name: string; url: string; type: string }[] = []; - - for (const file of contributingFiles) { - // Copy OCSF file - const ocsfSrc = path.join(resultsDir, file); - const ocsfDest = path.join(staticDownloadsDir, file); - fs.copyFileSync(ocsfSrc, ocsfDest); - - downloadLinks.push({ - name: file, - url: `/downloads/cfi/${repoDir}/${configId}/${file}`, - type: "ocsf", - }); + // Build download links: scan all .ocsf.json and .html files, pair where base names match + const downloadLinks: { name: string; url: string; type: string }[] = []; + if (fs.existsSync(resultsDir)) { + const allFiles = fs.readdirSync(resultsDir); + const ocsfFiles = allFiles.filter((f) => f.endsWith(".ocsf.json")); + const htmlFiles = allFiles.filter((f) => f.endsWith(".html")); + const pairedHtml = new Set(); + + for (const ocsfFile of ocsfFiles) { + const baseName = ocsfFile.replace(/\.ocsf\.json$/, ""); + const htmlFile = `${baseName}.html`; + const isPaired = htmlFiles.includes(htmlFile); + + fs.copyFileSync(path.join(resultsDir, ocsfFile), path.join(staticDownloadsDir, ocsfFile)); + downloadLinks.push({ name: ocsfFile, url: `/downloads/cfi/${repoDir}/${configId}/${ocsfFile}`, type: "ocsf" }); + + if (isPaired) { + pairedHtml.add(htmlFile); + fs.copyFileSync(path.join(resultsDir, htmlFile), path.join(staticDownloadsDir, htmlFile)); + downloadLinks.push({ name: htmlFile, url: `/downloads/cfi/${repoDir}/${configId}/${htmlFile}`, type: "html" }); + } + } - // Check for matching HTML file - const htmlFile = file.replace(".ocsf.json", ".html"); - const htmlSrc = path.join(resultsDir, htmlFile); - if (fs.existsSync(htmlSrc)) { - const htmlDest = path.join(staticDownloadsDir, htmlFile); - fs.copyFileSync(htmlSrc, htmlDest); - - downloadLinks.push({ - name: htmlFile, - url: `/downloads/cfi/${repoDir}/${configId}/${htmlFile}`, - type: "html", - }); + for (const htmlFile of htmlFiles) { + if (!pairedHtml.has(htmlFile)) { + fs.copyFileSync(path.join(resultsDir, htmlFile), path.join(staticDownloadsDir, htmlFile)); + downloadLinks.push({ name: htmlFile, url: `/downloads/cfi/${repoDir}/${configId}/${htmlFile}`, type: "html" }); } } + } + + // Create a page for each ConfigurationResult + for (const [key, configResultWithFiles] of partitionedResults.entries()) { + const { contributingFiles, ...configResult } = configResultWithFiles; configResult.download_links = downloadLinks; configurationResults.push(configResult); From a833ff27a0589aac3b62d663ba91c216078e2e80 Mon Sep 17 00:00:00 2001 From: Rob Moffat Date: Thu, 2 Apr 2026 09:57:19 +0100 Subject: [PATCH 07/14] Added Tony podcast, homepage links --- website/src/components/LearnMore/index.js | 5 ++++ website/src/components/Releases/index.js | 26 ++++++++++++++++--- .../repository.json | 4 +-- 3 files changed, 29 insertions(+), 6 deletions(-) diff --git a/website/src/components/LearnMore/index.js b/website/src/components/LearnMore/index.js index f802a494..7ea261eb 100644 --- a/website/src/components/LearnMore/index.js +++ b/website/src/components/LearnMore/index.js @@ -12,6 +12,11 @@ export default function LearnMore() {
Taming Multi-Cloud Security: Progress on Common Cloud Controls - Michael Lysaght & Sonali Mendis
+
+ +
Turn CCC into Real Checks: Multi-Cloud Security with Prowler + AI (OSFF NY Preview)
+
+
Damien Burks (Citi) and Gupta Rudra (Krumware) discuss CCC at OSFF New York in 2024.
diff --git a/website/src/components/Releases/index.js b/website/src/components/Releases/index.js index 4be7cc20..d31ab50f 100644 --- a/website/src/components/Releases/index.js +++ b/website/src/components/Releases/index.js @@ -4,9 +4,27 @@ import HomeSection from "../HomeSection"; export default function Benefits() { return ( - -

Common Cloud Controls is starting to release recommendations.

-

See The CCC Github Releases Page

- + +

Common Cloud Controls is starting to release recommendations and test infrastructure.

+

+ Our online browseable catalog +

+ +

+ Test results for Compliant Financial Infrastructure (CFI) +

+ +

+ The CCC Github Releases Page +

+ +

+ CFI Testing GitHub +

+ +

+ Join A CCC Meeting and meet the team +

+ ); } diff --git a/website/src/data/test-results/finos-labs-ccc-cfi-compliance/repository.json b/website/src/data/test-results/finos-labs-ccc-cfi-compliance/repository.json index 3814f056..5a0dda66 100644 --- a/website/src/data/test-results/finos-labs-ccc-cfi-compliance/repository.json +++ b/website/src/data/test-results/finos-labs-ccc-cfi-compliance/repository.json @@ -2,8 +2,8 @@ "name": "ccc-cfi-compliance", "url": "https://github.com/finos-labs/ccc-cfi-compliance", "description": "CCC CFI Compliance from FINOS Labs", - "downloaded_at": "2026-03-18T14:39:05.630Z", - "workflow_run_id": 23246451323, + "downloaded_at": "2026-03-18T17:29:36.044Z", + "workflow_run_id": 23253225471, "workflow_status": "completed", "workflow_conclusion": "success" } \ No newline at end of file From 9b9f57ba7819a35d0256b1fed092392416bc8a73 Mon Sep 17 00:00:00 2001 From: Rob Moffat Date: Thu, 2 Apr 2026 10:33:04 +0100 Subject: [PATCH 08/14] Working on changes to download system --- website/scripts/DownloadCFIArtifacts.ts | 222 +++++++++++++----- website/src/components/ccc/Home/index.tsx | 5 + website/src/components/cfi/Home/index.tsx | 56 ++++- .../config/gcp-cloud-storage.json | 12 - .../repository.json | 9 - website/src/plugin/ccc-pages/index.ts | 1 + website/src/plugin/cfi-pages/index.ts | 92 ++++++-- website/src/types/ccc.ts | 2 + website/src/types/cfi.ts | 27 ++- website/src/utils/formatGeneratedAt.ts | 13 + 10 files changed, 325 insertions(+), 114 deletions(-) delete mode 100644 website/src/data/test-results/finos-labs-ccc-cfi-compliance/gcp-cloud-storage/config/gcp-cloud-storage.json delete mode 100644 website/src/data/test-results/finos-labs-ccc-cfi-compliance/repository.json create mode 100644 website/src/utils/formatGeneratedAt.ts diff --git a/website/scripts/DownloadCFIArtifacts.ts b/website/scripts/DownloadCFIArtifacts.ts index 789ca15c..30dfd441 100644 --- a/website/scripts/DownloadCFIArtifacts.ts +++ b/website/scripts/DownloadCFIArtifacts.ts @@ -24,6 +24,8 @@ interface CFIRepositories { interface GitHubArtifact { id: number; name: string; + /** REST API URL for this artifact (stable). */ + url: string; archive_download_url: string; created_at: string; updated_at: string; @@ -36,12 +38,29 @@ interface GitHubWorkflowRun { conclusion: string; created_at: string; artifacts_url: string; + head_branch: string; +} + +/** Written alongside config/ and results/ for each extracted configuration tree. */ +export interface SourceDetailsFile { + branch: string; + /** From `cfi-repositories.json` for this download target. */ + repository_url: string; + /** From `cfi-repositories.json` for this download target. */ + repository_description: string; + artifact_url: string; + artifact_created_at: string; + downloaded_at: string; } interface GitHubWorkflowRuns { workflow_runs: GitHubWorkflowRun[]; } +interface GitHubBranch { + name: string; +} + async function getRepositoryOwnerAndName(url: string): Promise<{ owner: string; repo: string }> { const match = url.match(/github\.com\/([^\/]+)\/([^\/]+)/); if (!match) { @@ -50,13 +69,55 @@ async function getRepositoryOwnerAndName(url: string): Promise<{ owner: string; return { owner: match[1], repo: match[2] }; } -async function getLatestWorkflowRun(owner: string, repo: string): Promise { +/** Safe folder / zip suffix derived from a git branch name (e.g. feature/foo β†’ feature-foo). */ +function branchNameToDirSuffix(branchName: string): string { + const s = branchName + .replace(/\//g, '-') + .replace(/[^a-zA-Z0-9._-]+/g, '-') + .replace(/-+/g, '-') + .replace(/^-|-$/g, ''); + return s.length > 0 ? s : 'branch'; +} + +async function listAllBranchNames(owner: string, repo: string): Promise { const headers = GITHUB_TOKEN ? { Authorization: `token ${GITHUB_TOKEN}` } : {}; + const names: string[] = []; + let page = 1; + + try { + while (true) { + const response = await axios.get( + `${GITHUB_API}/repos/${owner}/${repo}/branches?per_page=100&page=${page}`, + { headers } + ); + if (response.data.length === 0) { + break; + } + names.push(...response.data.map((b) => b.name)); + if (response.data.length < 100) { + break; + } + page++; + } + return names; + } catch (error) { + console.warn(`⚠️ Could not list branches for ${owner}/${repo}: ${error}`); + return []; + } +} + +/** Latest *successful* workflow run for cfi-test.yml on the given branch (per_page=1, newest first among successes). */ +async function getLatestWorkflowRunForBranch( + owner: string, + repo: string, + branchName: string +): Promise { + const headers = GITHUB_TOKEN ? { Authorization: `token ${GITHUB_TOKEN}` } : {}; + const branchQuery = `&branch=${encodeURIComponent(branchName)}`; try { - // Get the latest workflow run for the CFI Build workflow const response = await axios.get( - `${GITHUB_API}/repos/${owner}/${repo}/actions/runs?workflow_id=cfi-test.yml&per_page=1`, + `${GITHUB_API}/repos/${owner}/${repo}/actions/runs?workflow_id=cfi-test.yml&status=success&per_page=1${branchQuery}`, { headers } ); @@ -65,7 +126,7 @@ async function getLatestWorkflowRun(owner: string, repo: string): Promise { +/** + * Artifact zips use config/{baseId}.json; the site expects config/{extractFolderName}.json + * where extractFolderName is baseId + "-" + branchDirSuffix (e.g. secure-azure-storage-main). + */ +function buildSourceDetails( + run: GitHubWorkflowRun, + artifact: GitHubArtifact, + downloadedAt: string, + repositoryInfo: CFIRepository +): SourceDetailsFile { + const artifactUrl = artifact.url?.trim() || artifact.archive_download_url; + return { + branch: run.head_branch ?? 'unknown', + repository_url: repositoryInfo.url, + repository_description: repositoryInfo.description, + artifact_url: artifactUrl, + artifact_created_at: artifact.created_at, + downloaded_at: downloadedAt, + }; +} + +function writeSourceDetails(extractDir: string, details: SourceDetailsFile): void { + const target = path.join(extractDir, 'source-details.json'); + fs.writeFileSync(target, JSON.stringify(details, null, 2), 'utf8'); + console.log(`πŸ“ Wrote ${path.basename(target)} for ${path.basename(extractDir)}`); +} + +function alignConfigJsonWithExtractDir(extractDir: string, baseConfigId: string): void { + const configDir = path.join(extractDir, 'config'); + if (!fs.existsSync(configDir)) { + return; + } + const canonicalPath = path.join(configDir, `${baseConfigId}.json`); + const folderName = path.basename(extractDir); + const expectedPath = path.join(configDir, `${folderName}.json`); + if (fs.existsSync(canonicalPath) && canonicalPath !== expectedPath) { + fs.renameSync(canonicalPath, expectedPath); + console.log(`πŸ“Ž Renamed config to ${path.basename(expectedPath)} for ${folderName}`); + } +} + +async function unzipArtifact( + zipPath: string, + artifactName: string, + repositoryInfo: CFIRepository, + branchDirSuffix: string, + run: GitHubWorkflowRun, + artifact: GitHubArtifact, + downloadedAt: string +): Promise { try { - console.log(`πŸ“¦ Unzipping ${artifactName}...`); + console.log(`πŸ“¦ Unzipping ${artifactName} (${branchDirSuffix})...`); - // Remove 'cfi-results-' prefix and create clean directory name const cleanName = artifactName.replace(/^cfi-results-/, ''); const repoDir = path.join(OUTPUT_DIR, 'test-results', repositoryInfo.destination); - const extractDir = path.join(repoDir, cleanName); + const extractDir = path.join(repoDir, `${cleanName}-${branchDirSuffix}`); - // Ensure the test-results directory and repo directory exist fs.mkdirSync(path.join(OUTPUT_DIR, 'test-results'), { recursive: true }); fs.mkdirSync(repoDir, { recursive: true }); - // Extract the zip file using system unzip command try { await execAsync(`unzip -o "${zipPath}" -d "${extractDir}"`); - console.log(`πŸ“¦ Extraction completed for ${cleanName}`); + console.log(`πŸ“¦ Extraction completed for ${cleanName}-${branchDirSuffix}`); } catch (error) { - console.error(`❌ Extraction failed for ${cleanName}:`, error); + console.error(`❌ Extraction failed for ${cleanName}-${branchDirSuffix}:`, error); throw error; } - // Verify that OCSF files were extracted correctly + alignConfigJsonWithExtractDir(extractDir, cleanName); + + writeSourceDetails(extractDir, buildSourceDetails(run, artifact, downloadedAt, repositoryInfo)); + const resultsDir = path.join(extractDir, 'results'); if (fs.existsSync(resultsDir)) { const ocsfFiles = fs.readdirSync(resultsDir).filter(f => f.endsWith('ocsf.json')); @@ -139,26 +249,22 @@ async function unzipArtifact(zipPath: string, artifactName: string, repositoryIn const ocsfPath = path.join(resultsDir, ocsfFile); try { const content = fs.readFileSync(ocsfPath, 'utf8'); - JSON.parse(content); // This will throw if invalid JSON + JSON.parse(content); console.log(`βœ… Verified ${ocsfFile} is valid JSON`); } catch (error) { console.error(`❌ Invalid JSON in ${ocsfFile}:`, error); - // Remove the corrupted file fs.unlinkSync(ocsfPath); console.log(`πŸ—‘οΈ Removed corrupted file: ${ocsfFile}`); } } } - console.log(`βœ… Extracted ${cleanName} to ${extractDir}`); + console.log(`βœ… Extracted ${cleanName}-${branchDirSuffix} to ${extractDir}`); - // Clean up the zip file after extraction fs.unlinkSync(zipPath); console.log(`πŸ—‘οΈ Cleaned up ${zipPath}`); - } catch (error) { console.error(`❌ Error unzipping ${artifactName}: ${error}`); - // Don't throw - continue with other artifacts } } @@ -220,55 +326,55 @@ async function downloadCFIArtifacts(): Promise { const { owner, repo: repoName } = await getRepositoryOwnerAndName(repo.url); console.log(`πŸ“ Repository: ${owner}/${repoName}`); - // Get the latest workflow run - const workflowRun = await getLatestWorkflowRun(owner, repoName); - if (!workflowRun) { - console.log(`⚠️ No workflow runs found for ${repo.name}`); + const branchNames = await listAllBranchNames(owner, repoName); + if (branchNames.length === 0) { + console.log(`⚠️ No branches found for ${repo.name}`); continue; } + console.log(`🌿 ${branchNames.length} branch(es) to check for cfi-test.yml runs`); - console.log(`πŸ“‹ Latest workflow run: ${workflowRun.name} (ID: ${workflowRun.id})`); - console.log(`πŸ“Š Status: ${workflowRun.status}, Conclusion: ${workflowRun.conclusion}`); - - // Get artifacts from this run - const artifacts = await getArtifacts(owner, repoName, workflowRun.id); - if (artifacts.length === 0) { - console.log(`⚠️ No artifacts found for ${repo.name}`); - continue; - } - - console.log(`πŸ“¦ Found ${artifacts.length} artifacts`); - - // Create output directory for this repository const repoOutputDir = path.join(OUTPUT_DIR, 'cfi-configurations', repo.name); fs.mkdirSync(repoOutputDir, { recursive: true }); - // Download each artifact - for (const artifact of artifacts) { - if (artifact.name.startsWith('cfi-results-')) { - const outputPath = path.join(repoOutputDir, `${artifact.name}.zip`); - await downloadArtifact(owner, repoName, artifact, outputPath); + async function processRunArtifacts( + run: GitHubWorkflowRun, + branchDirSuffix: string, + branchLabel: string + ): Promise { + const artifacts = await getArtifacts(owner, repoName, run.id); + const resultArtifacts = artifacts.filter((a) => a.name.startsWith('cfi-results-')); + + if (resultArtifacts.length === 0) { + console.log( + `⚠️ No cfi-results-* artifacts for ${repo.name} (branch ${branchLabel}, run ${run.id})` + ); + return; + } + + console.log( + `πŸ“¦ Found ${resultArtifacts.length} result artifacts (branch ${branchLabel}, run ${run.id})` + ); - // Unzip the artifact into test-results directory - await unzipArtifact(outputPath, artifact.name, repo); + for (const artifact of resultArtifacts) { + const outputPath = path.join(repoOutputDir, `${artifact.name}-${branchDirSuffix}.zip`); + await downloadArtifact(owner, repoName, artifact, outputPath); + const downloadedAt = new Date().toISOString(); + await unzipArtifact(outputPath, artifact.name, repo, branchDirSuffix, run, artifact, downloadedAt); } } - // Create repository.json file at the repo level - const repoDir = path.join(OUTPUT_DIR, 'test-results', repo.destination); - const repositoryJsonPath = path.join(repoDir, 'repository.json'); - const repositoryData = { - name: repo.name, - url: repo.url, - description: repo.description, - downloaded_at: new Date().toISOString(), - workflow_run_id: workflowRun.id, - workflow_status: workflowRun.status, - workflow_conclusion: workflowRun.conclusion - }; - - fs.writeFileSync(repositoryJsonPath, JSON.stringify(repositoryData, null, 2)); - console.log(`πŸ“ Created repository.json at ${repositoryJsonPath}`); + for (const branchName of branchNames) { + const branchDirSuffix = branchNameToDirSuffix(branchName); + const run = await getLatestWorkflowRunForBranch(owner, repoName, branchName); + if (!run) { + console.log(`⏭️ No cfi-test.yml run for branch ${branchName}, skipping`); + continue; + } + console.log( + `πŸ“‹ Branch ${branchName}: latest run ${run.id} (${run.status}/${run.conclusion ?? 'n/a'})` + ); + await processRunArtifacts(run, branchDirSuffix, branchName); + } } catch (error) { console.error(`❌ Error processing ${repo.name}: ${error}`); diff --git a/website/src/components/ccc/Home/index.tsx b/website/src/components/ccc/Home/index.tsx index bf918390..14295840 100644 --- a/website/src/components/ccc/Home/index.tsx +++ b/website/src/components/ccc/Home/index.tsx @@ -4,6 +4,7 @@ import { Card, CardContent, CardHeader, CardTitle } from "../../ui/card"; import { Table, TableBody, TableCell, TableHead, TableHeader, TableRow } from "../../ui/table"; import Link from "@docusaurus/Link"; import { HomePageData } from "@site/src/types/ccc"; +import { formatGeneratedAt } from "@site/src/utils/formatGeneratedAt"; export default function CCCHomeTemplate({ pageData }: { pageData: HomePageData }) { const { components } = pageData; @@ -76,6 +77,10 @@ export default function CCCHomeTemplate({ pageData }: { pageData: HomePageData } +

+ Page generated{" "} + +

); } diff --git a/website/src/components/cfi/Home/index.tsx b/website/src/components/cfi/Home/index.tsx index b8ee827c..871032de 100644 --- a/website/src/components/cfi/Home/index.tsx +++ b/website/src/components/cfi/Home/index.tsx @@ -4,6 +4,7 @@ import { Card, CardContent, CardHeader, CardTitle } from "../../ui/card"; import { Table, TableBody, TableCell, TableHead, TableHeader, TableRow } from "../../ui/table"; import Link from "@docusaurus/Link"; import { Configuration, HomePageData } from "@site/src/types/cfi"; +import { formatGeneratedAt } from "@site/src/utils/formatGeneratedAt"; export default function CFIHomeTemplate({ pageData }: { pageData: HomePageData }) { const { configurations } = pageData; @@ -38,13 +39,22 @@ export default function CFIHomeTemplate({ pageData }: { pageData: HomePageData } Provider Name Description - Repository - GitHub Link + Branch + CFI repository + Source (from results) + CI artifact + Fetched - {sortedConfigurations.map((config) => ( - + {sortedConfigurations.map((config) => { + const s = config.source_details; + const sourceRepoUrl = s?.repository_url ?? config.repository.url; + const sourceRepoDescription = s?.repository_description ?? config.repository.description; + const externalGitUrl = s?.repository_url ?? config.cfi_details.git; + + return ( + {config.cfi_details.id} @@ -59,23 +69,42 @@ export default function CFIHomeTemplate({ pageData }: { pageData: HomePageData } {config.cfi_details.description} + {s?.branch ?? "β€”"} - + {config.repository.name} - - {config.cfi_details.git && ( - - + +
+ {sourceRepoDescription} +
+ {externalGitUrl && ( + + - View GitHub + {sourceRepoUrl.replace(/^https?:\/\/github\.com\//, "").replace(/\/$/, "")} )} + + {s?.artifact_created_at ? ( + + ) : ( + "β€”" + )} + + + {s?.downloaded_at ? ( + + ) : ( + "β€”" + )} + - ))} + ); + })} @@ -83,6 +112,11 @@ export default function CFIHomeTemplate({ pageData }: { pageData: HomePageData } {sortedConfigurations.length === 0 &&
No CFI configurations found. Please check that configuration files exist in the test-results directory.
} + +

+ Page generated{" "} + +

); diff --git a/website/src/data/test-results/finos-labs-ccc-cfi-compliance/gcp-cloud-storage/config/gcp-cloud-storage.json b/website/src/data/test-results/finos-labs-ccc-cfi-compliance/gcp-cloud-storage/config/gcp-cloud-storage.json deleted file mode 100644 index 3810a01c..00000000 --- a/website/src/data/test-results/finos-labs-ccc-cfi-compliance/gcp-cloud-storage/config/gcp-cloud-storage.json +++ /dev/null @@ -1,12 +0,0 @@ -{ - "id": "gcp-cloud-storage", - "provider": "gcp", - "service": "storage", - "name": "CCC Google Cloud Storage Terraform Module", - "description": "This module creates secure Google Cloud Storage buckets with encryption, versioning, lifecycle management, and advanced security features.", - "path": "remote/gcp/cloudstorage", - "test-frameworks": [ - "cfi" - ], - "git": "https://github.com/terraform-google-modules/terraform-google-cloud-storage" -} \ No newline at end of file diff --git a/website/src/data/test-results/finos-labs-ccc-cfi-compliance/repository.json b/website/src/data/test-results/finos-labs-ccc-cfi-compliance/repository.json deleted file mode 100644 index 5a0dda66..00000000 --- a/website/src/data/test-results/finos-labs-ccc-cfi-compliance/repository.json +++ /dev/null @@ -1,9 +0,0 @@ -{ - "name": "ccc-cfi-compliance", - "url": "https://github.com/finos-labs/ccc-cfi-compliance", - "description": "CCC CFI Compliance from FINOS Labs", - "downloaded_at": "2026-03-18T17:29:36.044Z", - "workflow_run_id": 23253225471, - "workflow_status": "completed", - "workflow_conclusion": "success" -} \ No newline at end of file diff --git a/website/src/plugin/ccc-pages/index.ts b/website/src/plugin/ccc-pages/index.ts index 3e7d88d0..83df2d9f 100644 --- a/website/src/plugin/ccc-pages/index.ts +++ b/website/src/plugin/ccc-pages/index.ts @@ -321,6 +321,7 @@ export default function pluginCCCPages(_: LoadContext): Plugin { // Create home page const homePageData: HomePageData = { components: Object.values(components), + generatedAt: new Date().toISOString(), }; await pageCreator.createPage(homePageData, '/ccc', '@site/src/components/ccc/Home/index.tsx'); diff --git a/website/src/plugin/cfi-pages/index.ts b/website/src/plugin/cfi-pages/index.ts index 6b3d8eda..83e37e04 100644 --- a/website/src/plugin/cfi-pages/index.ts +++ b/website/src/plugin/cfi-pages/index.ts @@ -1,7 +1,21 @@ import fs from "fs"; import path from "path"; import type { LoadContext, Plugin } from "@docusaurus/types"; -import { HomePageData, Configuration, ConfigurationPageData, RepositoryPageData, CFIConfigJson, TestResultItem, TestResultType, CFIRepository, ConfigurationResult, ConfigurationResultPageData, ConfigurationResultSummary } from "../../types/cfi"; +import { + HomePageData, + Configuration, + ConfigurationPageData, + RepositoryPageData, + CFIConfigJson, + CFISourceDetails, + TestResultItem, + TestResultType, + CFIRepository, + CFIDataRepositoryEntry, + ConfigurationResult, + ConfigurationResultPageData, + ConfigurationResultSummary, +} from "../../types/cfi"; /** * Process all OCSF results and partition them by product, vendor, and version @@ -77,10 +91,30 @@ function partitionOCSFResultsByMetadata(resultsDir: string): Map, + source_details: CFISourceDetails | undefined +): Configuration { + return source_details ? { ...base, source_details } : { ...base }; +} + async function createConfiguration(configDir: string, slug: string, repositoryData: CFIRepository, repoDir: string, siteDir: string, createData: (name: string, data: string | object) => Promise, addRoute: (route: any) => void): Promise { console.log(`πŸ” Processing configuration directory: ${configDir}`); const configId = path.basename(configDir); + const sourceDetails = loadSourceDetails(configDir); // Read the configuration file const configPath = path.join(configDir, "config", `${configId}.json`); @@ -165,12 +199,15 @@ async function createConfiguration(configDir: string, slug: string, repositoryDa }); // Create temporary configuration for this result page - const configuration: Configuration = { - cfi_details: config, - repository: repositoryData, - slug, - results: configurationResults, - }; + const configuration = withSourceDetails( + { + cfi_details: config, + repository: repositoryData, + slug, + results: configurationResults, + }, + sourceDetails + ); // Create ConfigurationResult page data const resultPageData: ConfigurationResultPageData = { @@ -194,12 +231,15 @@ async function createConfiguration(configDir: string, slug: string, repositoryDa } // Create configuration with repository info and partitioned results - const configuration: Configuration = { - cfi_details: config, - repository: repositoryData, - slug, - results: configurationResults, - }; + const configuration = withSourceDetails( + { + cfi_details: config, + repository: repositoryData, + slug, + results: configurationResults, + }, + sourceDetails + ); // Create configuration page data const pageData: ConfigurationPageData = { @@ -231,26 +271,33 @@ export default function pluginCFIPages(context: LoadContext): Plugin { const { createData, addRoute } = actions; const testResultsDir = path.resolve(__dirname, "../../data/test-results"); + const cfiRepoListPath = path.resolve(__dirname, "../../data/cfi-repositories.json"); - // Find all repository directories and their configurations - const allDirs = fs.readdirSync(testResultsDir); - console.log(`All directories in test-results:`, allDirs); + if (!fs.existsSync(cfiRepoListPath)) { + console.error("cfi-repositories.json not found; cannot discover CFI repositories."); + return; + } + + const { repositories: repoList } = JSON.parse(fs.readFileSync(cfiRepoListPath, "utf8")) as { repositories: CFIDataRepositoryEntry[] }; const components: Configuration[] = []; - for (const repoDir of allDirs) { + for (const repoEntry of repoList) { + const repoDir = repoEntry.destination; const repoPath = path.join(testResultsDir, repoDir); - const repositoryJsonPath = path.join(repoPath, "repository.json"); - if (!fs.existsSync(repositoryJsonPath)) { - console.log(`No repository.json found in ${repoDir}, skipping`); + if (!fs.existsSync(repoPath)) { + console.log(`No test-results directory for ${repoDir}, skipping`); continue; } console.log(`Processing repository: ${repoDir}`); - // Read repository info - const repositoryData = JSON.parse(fs.readFileSync(repositoryJsonPath, "utf8")) as CFIRepository; + const repositoryData: CFIRepository = { + name: repoEntry.name, + url: repoEntry.url, + description: repoEntry.description, + }; // Find all configuration directories within this repository const configDirs = fs.readdirSync(repoPath).filter((dir) => { @@ -301,6 +348,7 @@ export default function pluginCFIPages(context: LoadContext): Plugin { // Create home page data const homePageData: HomePageData = { configurations: components, + generatedAt: new Date().toISOString(), }; const homePagePath = await createData("cfi-home.json", JSON.stringify(homePageData, null, 2)); diff --git a/website/src/types/ccc.ts b/website/src/types/ccc.ts index 4a7bfe91..1348cd0b 100644 --- a/website/src/types/ccc.ts +++ b/website/src/types/ccc.ts @@ -138,4 +138,6 @@ export interface ComponentPageData extends PageData { export interface HomePageData { components: Component[]; + /** ISO 8601 timestamp when this page data was produced (site build time). */ + generatedAt: string; } diff --git a/website/src/types/cfi.ts b/website/src/types/cfi.ts index 8d853df2..a29d66b7 100644 --- a/website/src/types/cfi.ts +++ b/website/src/types/cfi.ts @@ -59,19 +59,39 @@ export interface CFIConfigJson { } /** - * Populated from repository.json file in test-results. + * Repository identity from `cfi-repositories.json`; run/artifact timing lives in each + * configuration tree’s `source-details.json` (branch, repository URL/description from + * `cfi-repositories.json`, artifact metadata, download time). */ export interface CFIRepository { name: string; url: string; description: string; - downloaded_at: string; + downloaded_at?: string; artifact_name?: string; workflow_run_id?: number; workflow_status?: string; workflow_conclusion?: string; } +/** One row in `website/src/data/cfi-repositories.json`. */ +export interface CFIDataRepositoryEntry { + name: string; + url: string; + description: string; + destination: string; +} + +/** From each configuration tree’s `source-details.json` (written by the CFI download script). */ +export interface CFISourceDetails { + branch: string; + repository_url: string; + repository_description: string; + artifact_url: string; + artifact_created_at: string; + downloaded_at: string; +} + /** * These are downloaded from github actions, and contain the test results for a single configuration. */ @@ -80,6 +100,7 @@ export interface Configuration { repository: CFIRepository; slug: string; results: ConfigurationResult[]; + source_details?: CFISourceDetails; } export interface DownloadLink { @@ -110,6 +131,8 @@ export interface CFIResultSummary { export interface HomePageData { configurations: Configuration[]; + /** ISO 8601 timestamp when this page data was produced (site build time). */ + generatedAt: string; } export interface ConfigurationPageData { diff --git a/website/src/utils/formatGeneratedAt.ts b/website/src/utils/formatGeneratedAt.ts new file mode 100644 index 00000000..56f8213d --- /dev/null +++ b/website/src/utils/formatGeneratedAt.ts @@ -0,0 +1,13 @@ +/** Formats an ISO 8601 timestamp for display (UTC, deterministic for SSR/hydration). */ +export function formatGeneratedAt(iso: string): string { + const d = new Date(iso); + if (Number.isNaN(d.getTime())) { + return iso; + } + const y = d.getUTCFullYear(); + const mo = String(d.getUTCMonth() + 1).padStart(2, "0"); + const day = String(d.getUTCDate()).padStart(2, "0"); + const h = String(d.getUTCHours()).padStart(2, "0"); + const min = String(d.getUTCMinutes()).padStart(2, "0"); + return `${y}-${mo}-${day} ${h}:${min} UTC`; +} From 09b624dcaff1b9d57c13bb0345c208a9cb2517bf Mon Sep 17 00:00:00 2001 From: Rob Moffat Date: Thu, 2 Apr 2026 10:51:56 +0100 Subject: [PATCH 09/14] Tidying up data structures to allow for branches --- .../components/cfi/Configuration/index.tsx | 98 +- website/src/components/cfi/Home/index.tsx | 104 +- .../src/components/cfi/Repository/index.tsx | 263 - .../azure-postgresql-flexibleserver.json | 9 - ...stgresql-flexibleserver-baseline.ocsf.json | 10698 ----------- ...stgresql-flexibleserver-complete.ocsf.json | 11649 ------------ ...-postgresql-flexibleserver-delta.ocsf.json | 953 - .../config/azure-virtualnetwork.json | 9 - .../azure-virtualnetwork-baseline.ocsf.json | 11649 ------------ .../azure-virtualnetwork-combined.ocsf.json | 1 - .../azure-virtualnetwork-complete.ocsf.json | 11972 ------------- .../azure-virtualnetwork-delta.ocsf.json | 325 - .../test-results/for-osff/repository.json | 9 - .../config/secure-azure-storage.json | 9 - .../secure-azure-storage-baseline.ocsf.json | 11972 ------------- .../secure-azure-storage-combined.ocsf.json | 76 - .../secure-azure-storage-complete.ocsf.json | 14774 ---------------- .../secure-azure-storage-delta.ocsf.json | 2804 --- website/src/plugin/cfi-pages/index.ts | 77 +- website/src/types/cfi.ts | 29 +- 20 files changed, 139 insertions(+), 77341 deletions(-) delete mode 100644 website/src/components/cfi/Repository/index.tsx delete mode 100644 website/src/data/test-results/for-osff/azure-postgresql-flexibleserver/config/azure-postgresql-flexibleserver.json delete mode 100644 website/src/data/test-results/for-osff/azure-postgresql-flexibleserver/results/azure-postgresql-flexibleserver-baseline.ocsf.json delete mode 100644 website/src/data/test-results/for-osff/azure-postgresql-flexibleserver/results/azure-postgresql-flexibleserver-complete.ocsf.json delete mode 100644 website/src/data/test-results/for-osff/azure-postgresql-flexibleserver/results/azure-postgresql-flexibleserver-delta.ocsf.json delete mode 100644 website/src/data/test-results/for-osff/azure-virtualnetwork/config/azure-virtualnetwork.json delete mode 100644 website/src/data/test-results/for-osff/azure-virtualnetwork/results/azure-virtualnetwork-baseline.ocsf.json delete mode 100644 website/src/data/test-results/for-osff/azure-virtualnetwork/results/azure-virtualnetwork-combined.ocsf.json delete mode 100644 website/src/data/test-results/for-osff/azure-virtualnetwork/results/azure-virtualnetwork-complete.ocsf.json delete mode 100644 website/src/data/test-results/for-osff/azure-virtualnetwork/results/azure-virtualnetwork-delta.ocsf.json delete mode 100644 website/src/data/test-results/for-osff/repository.json delete mode 100644 website/src/data/test-results/for-osff/secure-azure-storage/config/secure-azure-storage.json delete mode 100644 website/src/data/test-results/for-osff/secure-azure-storage/results/secure-azure-storage-baseline.ocsf.json delete mode 100644 website/src/data/test-results/for-osff/secure-azure-storage/results/secure-azure-storage-combined.ocsf.json delete mode 100644 website/src/data/test-results/for-osff/secure-azure-storage/results/secure-azure-storage-complete.ocsf.json delete mode 100644 website/src/data/test-results/for-osff/secure-azure-storage/results/secure-azure-storage-delta.ocsf.json diff --git a/website/src/components/cfi/Configuration/index.tsx b/website/src/components/cfi/Configuration/index.tsx index 2ead783b..2fd7274d 100644 --- a/website/src/components/cfi/Configuration/index.tsx +++ b/website/src/components/cfi/Configuration/index.tsx @@ -4,13 +4,15 @@ import Link from "@docusaurus/Link"; import { Card, CardContent, CardHeader, CardTitle } from "../../ui/card"; import { Table, TableBody, TableCell, TableHead, TableHeader, TableRow } from "../../ui/table"; import { ConfigurationPageData } from "@site/src/types/cfi"; +import { formatGeneratedAt } from "@site/src/utils/formatGeneratedAt"; export default function CFIConfiguration({ pageData }: { pageData: ConfigurationPageData }): React.ReactElement { const { configuration, configurationResultSummaries } = pageData; - const { cfi_details, repository } = configuration; + const { cfi_details, source_details, results_destination, results_config_folder } = configuration; - // Generate Terraform file URL by combining repository URL with the path - const terraformUrl = repository.url && cfi_details.path ? `${repository.url}/tree/main/${cfi_details.path}` : null; + const complianceRepoUrl = source_details?.repository_url; + const terraformUrl = + complianceRepoUrl && cfi_details.path ? `${complianceRepoUrl}/tree/main/${cfi_details.path}` : null; return ( @@ -81,7 +83,7 @@ export default function CFIConfiguration({ pageData }: { pageData: Configuration - + View Terraform Files @@ -93,55 +95,67 @@ export default function CFIConfiguration({ pageData }: { pageData: Configuration - {/* Repository Information */} + {/* Artifact / layout (source-details + results paths) */} - Repository Information + CFI results source - Repository Name - {repository.name} - - - Description - {repository.description} - - - Repository URL + Test data folder - - - - - {repository.url} - + {results_destination} + + {" "} + / {results_config_folder} + - {repository.downloaded_at && ( - - Downloaded At - - {new Date(repository.downloaded_at).toLocaleDateString("en-US", { - year: "numeric", - month: "long", - day: "numeric", - hour: "2-digit", - minute: "2-digit", - })} - - - )} - {repository.workflow_run_id && ( + {source_details ? ( + <> + + Repository description + {source_details.repository_description} + + + Repository URL + + + + + + {source_details.repository_url} + + + + + Branch + {source_details.branch} + + + CI artifact created + + + + + + Fetched for site + + + + + + ) : ( - Workflow Status - -
- {repository.workflow_conclusion || repository.workflow_status} - Run #{repository.workflow_run_id} -
+ + No source-details.json for this configuration. )} diff --git a/website/src/components/cfi/Home/index.tsx b/website/src/components/cfi/Home/index.tsx index 871032de..90b6dfbb 100644 --- a/website/src/components/cfi/Home/index.tsx +++ b/website/src/components/cfi/Home/index.tsx @@ -40,7 +40,7 @@ export default function CFIHomeTemplate({ pageData }: { pageData: HomePageData } Name Description Branch - CFI repository + Results set Source (from results) CI artifact Fetched @@ -49,60 +49,60 @@ export default function CFIHomeTemplate({ pageData }: { pageData: HomePageData } {sortedConfigurations.map((config) => { const s = config.source_details; - const sourceRepoUrl = s?.repository_url ?? config.repository.url; - const sourceRepoDescription = s?.repository_description ?? config.repository.description; + const resultsDestination = config.results_destination || "β€”"; + const configPagePath = `/cfi/${config.results_destination}/${config.cfi_details.id}`; + const sourceRepoUrl = s?.repository_url ?? ""; + const sourceRepoDescription = s?.repository_description ?? ""; const externalGitUrl = s?.repository_url ?? config.cfi_details.git; return ( - - - - {config.cfi_details.id} - - - - {config.cfi_details.provider} - - {config.cfi_details.name} - -
- {config.cfi_details.description} -
- - {s?.branch ?? "β€”"} - - - {config.repository.name} - - - -
- {sourceRepoDescription} -
- {externalGitUrl && ( - - - - - {sourceRepoUrl.replace(/^https?:\/\/github\.com\//, "").replace(/\/$/, "")} - - )} - - - {s?.artifact_created_at ? ( - - ) : ( - "β€”" - )} - - - {s?.downloaded_at ? ( - - ) : ( - "β€”" - )} - - + + + + {config.cfi_details.id} + + + + {config.cfi_details.provider} + + {config.cfi_details.name} + +
+ {config.cfi_details.description} +
+ + {s?.branch ?? "β€”"} + + {resultsDestination} + + +
+ {sourceRepoDescription || "β€”"} +
+ {externalGitUrl && ( + + + + + {(sourceRepoUrl || externalGitUrl).replace(/^https?:\/\/github\.com\//, "").replace(/\/$/, "")} + + )} + + + {s?.artifact_created_at ? ( + + ) : ( + "β€”" + )} + + + {s?.downloaded_at ? ( + + ) : ( + "β€”" + )} + + ); })} diff --git a/website/src/components/cfi/Repository/index.tsx b/website/src/components/cfi/Repository/index.tsx deleted file mode 100644 index 0e948c27..00000000 --- a/website/src/components/cfi/Repository/index.tsx +++ /dev/null @@ -1,263 +0,0 @@ -import React from "react"; -import Layout from "@theme/Layout"; -import Link from "@docusaurus/Link"; -import { Card, CardContent, CardHeader, CardTitle } from "../../ui/card"; -import { Table, TableBody, TableCell, TableHead, TableHeader, TableRow } from "../../ui/table"; -import { RepositoryPageData } from "@site/src/types/cfi"; - -// Helper function to extract catalog ID from test requirement -function extractCatalogId(testRequirement: string): string { - // Extract catalog from format like "CCC.ObjStor.C01.TR01" -> "CCC.ObjStor" - const parts = testRequirement.split("."); - return parts.length >= 2 ? `${parts[0]}.${parts[1]}` : testRequirement; -} - -// Helper function to generate catalog component URL -function getCatalogComponentUrl(catalogId: string): string { - // Catalog IDs like "CCC.ObjStor" map to component URLs like "/ccc/CCC.ObjStor" - return `/ccc/${catalogId}`; -} - -export default function CFIRepository({ pageData }: { pageData: RepositoryPageData }): React.ReactElement { - const { repository, configurations, repositorySlug } = pageData; - - // Calculate aggregate statistics across all configurations - const totalConfigurations = configurations.length; - - // Sum across all configuration results for each configuration - const totalTests = configurations.reduce((sum, config) => { - const configTests = config.results?.reduce((configSum, result) => configSum + (result.test_results?.length || 0), 0) || 0; - return sum + configTests; - }, 0); - - const totalPassingTests = configurations.reduce((sum, config) => { - const configPassing = config.results?.reduce((configSum, result) => configSum + (result.test_results?.filter((r) => r.status_code === "PASS").length || 0), 0) || 0; - return sum + configPassing; - }, 0); - - const totalFailingTests = configurations.reduce((sum, config) => { - const configFailing = config.results?.reduce((configSum, result) => configSum + (result.test_results?.filter((r) => r.status_code === "FAIL").length || 0), 0) || 0; - return sum + configFailing; - }, 0); - - // Get unique resources across all configurations - const allResources = new Set(); - configurations.forEach((config) => { - config.results?.forEach((result) => { - result.test_results?.forEach((testResult) => { - if (testResult.resource_name) { - allResources.add(testResult.resource_name); - } - }); - }); - }); - - // Get unique catalogs across all configurations - const allCatalogs = new Set(); - configurations.forEach((config) => { - config.results?.forEach((result) => { - result.test_results?.forEach((testResult) => { - testResult.test_requirements?.forEach((req) => { - const catalogId = extractCatalogId(req); - if (catalogId) allCatalogs.add(catalogId); - }); - }); - }); - }); - - return ( - -
- {/* Breadcrumbs */} - - - {/* Repository Summary */} - - - Repository Information - - -
- - - Name - {repository.name} - - - Description - {repository.description} - - - Repository URL - - - - - - {repository.url} - - - - {repository.downloaded_at && ( - - Downloaded At - - {new Date(repository.downloaded_at).toLocaleDateString("en-US", { - year: "numeric", - month: "long", - day: "numeric", - hour: "2-digit", - minute: "2-digit", - })} - - - )} - {repository.workflow_run_id && ( - - Workflow Status - -
- {repository.workflow_conclusion || repository.workflow_status} - Run #{repository.workflow_run_id} -
- - - )} - -
- - - - {/* Repository Summary Statistics */} - - - Repository Summary -

Aggregate statistics across all configurations in this repository

- - - - - - Total Configurations - - {totalConfigurations} - - - - Total Resources - - {allResources.size} - - - - Total Tests - - {totalTests} - - - - Passing Tests - - {totalPassingTests} - - - - Failing Tests - - {totalFailingTests} - - - - Catalogs Tested - -
- {Array.from(allCatalogs) - .sort() - .map((catalog, index) => ( - - {catalog} - - ))} -
- - - -
- - - - {/* Configurations */} - - - Configurations -

All configurations available in this repository

- - - {configurations && configurations.length > 0 ? ( -
- - - - Configuration - Provider - Service - Description - Tests - Pass Rate - - - - {configurations.map((config, index) => { - // Sum across all configuration results for this configuration - const totalTests = config.results?.reduce((sum, result) => sum + (result.test_results?.length || 0), 0) || 0; - const passingTests = config.results?.reduce((sum, result) => sum + (result.test_results?.filter((r) => r.status_code === "PASS").length || 0), 0) || 0; - const passRate = totalTests > 0 ? Math.round((passingTests / totalTests) * 100) : 0; - - return ( - - - - {config.cfi_details.name} - - - - {config.cfi_details.provider} - - - {config.cfi_details.service} - - -
{config.cfi_details.description}
- - - {totalTests} - - -
- = 80 ? "bg-green-100 text-green-800" : passRate >= 60 ? "bg-yellow-100 text-yellow-800" : "bg-red-100 text-red-800"}`}>{passRate}% - - {passingTests}/{totalTests} - -
- - - ); - })} - -
-
- ) : ( -
No configurations found in this repository.
- )} - - - - - ); -} diff --git a/website/src/data/test-results/for-osff/azure-postgresql-flexibleserver/config/azure-postgresql-flexibleserver.json b/website/src/data/test-results/for-osff/azure-postgresql-flexibleserver/config/azure-postgresql-flexibleserver.json deleted file mode 100644 index 40c5f3c5..00000000 --- a/website/src/data/test-results/for-osff/azure-postgresql-flexibleserver/config/azure-postgresql-flexibleserver.json +++ /dev/null @@ -1,9 +0,0 @@ -{ - "id": "azure-postgresql-flexibleserver", - "provider": "azure", - "service": "database", - "name": "CCC Azure PostgreSQL Flexible Server Terraform Module", - "description": "This module creates a secure Azure Database for PostgreSQL Flexible Server with encryption, networking, and monitoring capabilities.", - "path": "remote/azure/postgres", - "git": "https://github.com/Azure/terraform-azurerm-avm-res-dbforpostgresql-flexibleserver" -} \ No newline at end of file diff --git a/website/src/data/test-results/for-osff/azure-postgresql-flexibleserver/results/azure-postgresql-flexibleserver-baseline.ocsf.json b/website/src/data/test-results/for-osff/azure-postgresql-flexibleserver/results/azure-postgresql-flexibleserver-baseline.ocsf.json deleted file mode 100644 index 4dc0a5b9..00000000 --- a/website/src/data/test-results/for-osff/azure-postgresql-flexibleserver/results/azure-postgresql-flexibleserver-baseline.ocsf.json +++ /dev/null @@ -1,10698 +0,0 @@ -[ - { - "message": "There are no AppInsight configured in subscription Azure subscription 1.", - "metadata": { - "event_code": "appinsights_ensure_is_configured", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "There are no AppInsight configured in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/azure-monitor/app/app-insights-overview", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Because Application Insights relies on a Log Analytics Workspace, an organization will incur additional expenses when using this service.", - "compliance": { - "ENS-RD2022": [ - "mp.s.4.r1.az.nt.2" - ], - "CIS-2.0": [ - "5.3.1" - ], - "ProwlerThreatScore-1.0": [ - "3.3.13" - ], - "CIS-2.1": [ - "5.3.1" - ], - "CIS-3.0": [ - "6.3.1" - ], - "CCC": [ - "CCC.Logging.CN01.AR01" - ], - "PCI-4.0": [ - "10.2.1.1.3", - "10.2.1.2.3", - "10.2.1.3.3", - "10.2.1.4.3", - "10.2.1.5.3", - "10.2.1.6.3", - "10.2.1.7.3", - "10.2.1.3", - "10.2.2.3", - "10.4.1.1.1", - "10.4.1.1", - "10.4.2.1", - "10.6.3.3", - "10.7.1.1", - "10.7.2.1", - "5.3.4.3", - "A1.2.1.3", - "A3.3.1.1", - "A3.5.1.1" - ], - "CIS-4.0": [ - "7.1.3.1" - ], - "NIS2": [ - "3.2.3.h", - "5.1.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760899347, - "created_time_dt": "2025-10-19T18:42:27.982879", - "desc": "Application Insights within Azure act as an Application Performance Monitoring solution providing valuable data into how well an application performs and additional information when performing incident response. The types of log data collected include application metrics, telemetry data, and application trace logging data providing organizations with detailed information about application activity and application transactions. Both data sets help organizations adopt a proactive and retroactive means to handle security and performance related metrics within their modern applications.", - "title": "Ensure Application Insights are Configured.", - "types": [], - "uid": "prowler-azure-appinsights_ensure_is_configured-3bb71587-4549-4396-8898-9e15f062e665-global-AppInsights" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "appinsights" - }, - "labels": [], - "name": "AppInsights", - "type": "Microsoft.Insights/components", - "uid": "AppInsights" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. Navigate to Application Insights 2. Under the Basics tab within the PROJECT DETAILS section, select the Subscription 3. Select the Resource group 4. Within the INSTANCE DETAILS, enter a Name 5. Select a Region 6. Next to Resource Mode, select Workspace-based 7. Within the WORKSPACE DETAILS, select the Subscription for the log analytics workspace 8. Select the appropriate Log Analytics Workspace 9. Click Next:Tags > 10. Enter the appropriate Tags as Name, Value pairs. 11. Click Next:Review+Create 12. Click Create.", - "references": [] - }, - "risk_details": "Configuring Application Insights provides additional data not found elsewhere within Azure as part of a much larger logging and monitoring program within an organization's Information Security practice. The types and contents of these logs will act as both a potential cost saving measure (application performance) and a means to potentially confirm the source of a potential incident (trace logging). Metrics and Telemetry data provide organizations with a proactive approach to cost savings by monitoring an application's performance, while the trace logging data provides necessary details in a reactive incident response scenario by helping organizations identify the potential source of an incident within their application.", - "time": 1760899347, - "time_dt": "2025-10-19T18:42:27.982879", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Defender Auto Provisioning Log Analytics Agents from subscription Azure subscription 1 is set to OFF.", - "metadata": { - "event_code": "defender_auto_provisioning_log_analytics_agent_vms_on", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Defender Auto Provisioning Log Analytics Agents from subscription Azure subscription 1 is set to OFF.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/azure/security-center/security-center-data-security", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.mon.3.r2.az.de.1", - "mp.s.4.r1.az.nt.5" - ], - "MITRE-ATTACK": [ - "T1190" - ], - "CIS-2.0": [ - "2.1.15" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1", - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "2.1.14" - ], - "CIS-3.0": [ - "3.1.1.1" - ], - "NIS2": [ - "2.1.2.h", - "3.1.2.d", - "3.2.3.c", - "3.2.3.e", - "3.2.3.g", - "3.6.2", - "6.9.2", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760899347, - "created_time_dt": "2025-10-19T18:42:27.982879", - "desc": "Ensure that Auto provisioning of 'Log Analytics agent for Azure VMs' is Set to 'On'. The Microsoft Monitoring Agent scans for various security-related configurations and events such as system updates, OS vulnerabilities, endpoint protection, and provides alerts.", - "title": "Ensure that Auto provisioning of 'Log Analytics agent for Azure VMs' is Set to 'On'", - "types": [], - "uid": "prowler-azure-defender_auto_provisioning_log_analytics_agent_vms_on-3bb71587-4549-4396-8898-9e15f062e665-global-default" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/autoProvisioningSettings/default", - "resource_name": "default", - "resource_type": "Microsoft.Security/autoProvisioningSettings", - "auto_provision": "Off" - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "default", - "type": "AzureDefenderPlan", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/autoProvisioningSettings/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "Ensure comprehensive visibility into possible security vulnerabilities, including missing updates, misconfigured operating system security settings, and active threats, allowing for timely mitigation and improved overall security posture", - "references": [ - "https://learn.microsoft.com/en-us/azure/defender-for-cloud/monitoring-components" - ] - }, - "risk_details": "Missing critical security information about your Azure VMs, such as security alerts, security recommendations, and change tracking.", - "time": 1760899347, - "time_dt": "2025-10-19T18:42:27.982879", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Container image scan is disabled in subscription Azure subscription 1.", - "metadata": { - "event_code": "defender_container_images_scan_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Container image scan is disabled in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/container-registry/container-registry-check-health", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "When using an Azure container registry, you might occasionally encounter problems. For example, you might not be able to pull a container image because of an issue with Docker in your local environment. Or, a network issue might prevent you from connecting to the registry.", - "compliance": { - "MITRE-ATTACK": [ - "T1190", - "T1525" - ], - "ISO27001-2022": [ - "A.5.19", - "A.5.21", - "A.5.25", - "A.5.28", - "A.5.29", - "A.8.7", - "A.8.9" - ], - "SOC2": [ - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CCC": [ - "CCC.CntrReg.CN01.AR01" - ], - "PCI-4.0": [ - "11.3.1.2.1", - "11.3.1.3.3", - "11.3.1.3" - ], - "NIS2": [ - "2.2.1", - "3.1.2.d", - "3.6.2", - "5.1.4.f", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760899347, - "created_time_dt": "2025-10-19T18:42:27.982879", - "desc": "Scan images being deployed to Azure (AKS) for vulnerabilities. Vulnerability scanning for images stored in Azure Container Registry is generally available in Azure Security Center. This capability is powered by Qualys, a leading provider of information security. When you push an image to Container Registry, Security Center automatically scans it, then checks for known vulnerabilities in packages or dependencies defined in the file. When the scan completes (after about 10 minutes), Security Center provides details and a security classification for each vulnerability detected, along with guidance on how to remediate issues and protect vulnerable attack surfaces.", - "title": "Ensure Image Vulnerability Scanning using Azure Defender image scanning or a third party provider", - "types": [], - "uid": "prowler-azure-defender_container_images_scan_enabled-3bb71587-4549-4396-8898-9e15f062e665-global-Containers" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/Containers", - "resource_name": "Containers", - "pricing_tier": "Free", - "free_trial_remaining_time": 2592000.0, - "extensions": {} - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "Containers", - "type": "Microsoft.Security", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/Containers" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "", - "references": [ - "https://learn.microsoft.com/en-us/azure/container-registry/scan-images-defender" - ] - }, - "risk_details": "Vulnerabilities in software packages can be exploited by hackers or malicious users to obtain unauthorized access to local cloud resources. Azure Defender and other third party products allow images to be scanned for known vulnerabilities.", - "time": 1760899347, - "time_dt": "2025-10-19T18:42:27.982879", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Defender plan Defender for App Services from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "metadata": { - "event_code": "defender_ensure_defender_for_app_services_is_on", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Defender plan Defender for App Services from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.s.4.r1.az.nt.3" - ], - "MITRE-ATTACK": [ - "T1190", - "T1059", - "T1204", - "T1552", - "T1486", - "T1499", - "T1496", - "T1087" - ], - "ISO27001-2022": [ - "A.5.19", - "A.5.21", - "A.5.25", - "A.5.28", - "A.5.29", - "A.8.7", - "A.8.9" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CIS-2.1": [ - "2.1.2" - ], - "CIS-3.0": [ - "3.1.6.1" - ], - "CIS-4.0": [ - "9.1.6.1" - ], - "NIS2": [ - "3.6.2", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760899347, - "created_time_dt": "2025-10-19T18:42:27.982879", - "desc": "Ensure That Microsoft Defender for App Services Is Set To 'On' ", - "title": "Ensure That Microsoft Defender for App Services Is Set To 'On' ", - "types": [], - "uid": "prowler-azure-defender_ensure_defender_for_app_services_is_on-3bb71587-4549-4396-8898-9e15f062e665-global-Defender plan App Services" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/AppServices", - "resource_name": "AppServices", - "pricing_tier": "Free", - "free_trial_remaining_time": 2592000.0, - "extensions": {} - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "Defender plan App Services", - "type": "AzureDefenderPlan", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/AppServices" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "By default, Microsoft Defender for Cloud is not enabled for your App Service instances. Enabling the Defender security service for App Service instances allows for advanced security defense using threat detection capabilities provided by Microsoft Security Response Center.", - "references": [] - }, - "risk_details": "Turning on Microsoft Defender for App Service enables threat detection for App Service, providing threat intelligence, anomaly detection, and behavior analytics in the Microsoft Defender for Cloud.", - "time": 1760899347, - "time_dt": "2025-10-19T18:42:27.982879", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Defender plan Defender for ARM from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "metadata": { - "event_code": "defender_ensure_defender_for_arm_is_on", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Defender plan Defender for ARM from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.s.4.r1.az.nt.3" - ], - "MITRE-ATTACK": [ - "T1190", - "T1562", - "T1486", - "T1499", - "T1087", - "T1580", - "T1538", - "T1526", - "T1069" - ], - "CIS-2.0": [ - "2.1.12" - ], - "ISO27001-2022": [ - "A.5.19", - "A.5.21", - "A.5.25", - "A.5.28", - "A.5.29", - "A.8.7", - "A.8.9" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CIS-2.1": [ - "2.1.11" - ], - "CIS-3.0": [ - "3.1.9.1" - ], - "CIS-4.0": [ - "9.1.9.1" - ], - "NIS2": [ - "3.6.2", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760899347, - "created_time_dt": "2025-10-19T18:42:27.982879", - "desc": "Ensure That Microsoft Defender for Azure Resource Manager Is Set To 'On' ", - "title": "Ensure That Microsoft Defender for Azure Resource Manager Is Set To 'On' ", - "types": [], - "uid": "prowler-azure-defender_ensure_defender_for_arm_is_on-3bb71587-4549-4396-8898-9e15f062e665-global-Defender plan ARM" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/Arm", - "resource_name": "Arm", - "pricing_tier": "Free", - "free_trial_remaining_time": 2592000.0, - "extensions": {} - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "Defender plan ARM", - "type": "AzureDefenderPlan", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/Arm" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "Enable Microsoft Defender for Azure Resource Manager", - "references": [] - }, - "risk_details": "Scanning resource requests lets you be alerted every time there is suspicious activity in order to prevent a security threat from being introduced.", - "time": 1760899347, - "time_dt": "2025-10-19T18:42:27.982879", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Defender plan Defender for Azure SQL DB Servers from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "metadata": { - "event_code": "defender_ensure_defender_for_azure_sql_databases_is_on", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Defender plan Defender for Azure SQL DB Servers from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.s.4.r1.az.nt.4" - ], - "MITRE-ATTACK": [ - "T1190", - "T1486", - "T1499" - ], - "CIS-2.0": [ - "2.1.4" - ], - "ISO27001-2022": [ - "A.5.19", - "A.5.21", - "A.5.25", - "A.5.28", - "A.5.29", - "A.8.7", - "A.8.9" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CIS-2.1": [ - "2.1.3" - ], - "CIS-3.0": [ - "3.1.7.3" - ], - "CIS-4.0": [ - "9.1.7.3" - ], - "NIS2": [ - "3.6.2", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760899347, - "created_time_dt": "2025-10-19T18:42:27.982879", - "desc": "Ensure That Microsoft Defender for Azure SQL Databases Is Set To 'On' ", - "title": "Ensure That Microsoft Defender for Azure SQL Databases Is Set To 'On' ", - "types": [], - "uid": "prowler-azure-defender_ensure_defender_for_azure_sql_databases_is_on-3bb71587-4549-4396-8898-9e15f062e665-global-SqlServers" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/SqlServers", - "resource_name": "SqlServers", - "pricing_tier": "Free", - "free_trial_remaining_time": 2592000.0, - "extensions": {} - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "SqlServers", - "type": "AzureDefenderPlan", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/SqlServers" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "By default, Microsoft Defender for Cloud is disabled for all your SQL database servers. Defender for Cloud monitors your SQL database servers for threats such as SQL injection, brute-force attacks, and privilege abuse. The security service provides action-oriented security alerts with details of the suspicious activity and guidance on how to mitigate the security threats.", - "references": [] - }, - "risk_details": "Turning on Microsoft Defender for Azure SQL Databases enables threat detection for Azure SQL database servers, providing threat intelligence, anomaly detection, and behavior analytics in the Microsoft Defender for Cloud.", - "time": 1760899347, - "time_dt": "2025-10-19T18:42:27.982879", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Defender plan Defender for Containers from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "metadata": { - "event_code": "defender_ensure_defender_for_containers_is_on", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Defender plan Defender for Containers from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.s.4.r1.az.nt.3" - ], - "MITRE-ATTACK": [ - "T1190", - "T1525", - "T1486", - "T1499" - ], - "CIS-2.0": [ - "2.1.8" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.19", - "A.5.21", - "A.5.22", - "A.5.25", - "A.5.28", - "A.5.29", - "A.8.7", - "A.8.9" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CIS-2.1": [ - "2.1.8" - ], - "CIS-3.0": [ - "3.1.4.1" - ], - "CIS-4.0": [ - "9.1.4.1" - ], - "NIS2": [ - "3.6.2", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760899347, - "created_time_dt": "2025-10-19T18:42:27.982879", - "desc": "Ensure That Microsoft Defender for Containers Is Set To 'On' ", - "title": "Ensure That Microsoft Defender for Containers Is Set To 'On' ", - "types": [], - "uid": "prowler-azure-defender_ensure_defender_for_containers_is_on-3bb71587-4549-4396-8898-9e15f062e665-global-Containers" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/Containers", - "resource_name": "Containers", - "pricing_tier": "Free", - "free_trial_remaining_time": 2592000.0, - "extensions": {} - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "Containers", - "type": "AzureDefenderPlan", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/Containers" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "By default, Microsoft Defender for Cloud is not enabled for your Azure cloud containers. Enabling the Defender security service for Azure containers allows for advanced security defense against threats, using threat detection capabilities provided by the Microsoft Security Response Center (MSRC).", - "references": [] - }, - "risk_details": "Ensure that Microsoft Defender for Cloud is enabled for all your Azure containers. Turning on the Defender for Cloud service enables threat detection for containers, providing threat intelligence, anomaly detection, and behavior analytics.", - "time": 1760899347, - "time_dt": "2025-10-19T18:42:27.982879", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Defender plan Defender for Cosmos DB from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "metadata": { - "event_code": "defender_ensure_defender_for_cosmosdb_is_on", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Defender plan Defender for Cosmos DB from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.s.4.r1.az.nt.4" - ], - "MITRE-ATTACK": [ - "T1190", - "T1486", - "T1499" - ], - "CIS-2.0": [ - "2.1.9" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.19", - "A.5.21", - "A.5.22", - "A.5.25", - "A.5.28", - "A.5.29", - "A.8.7", - "A.8.9" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CIS-2.1": [ - "2.1.6" - ], - "CIS-3.0": [ - "3.1.7.1" - ], - "CIS-4.0": [ - "9.1.7.1" - ], - "NIS2": [ - "3.6.2", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760899347, - "created_time_dt": "2025-10-19T18:42:27.982879", - "desc": "Ensure That Microsoft Defender for Cosmos DB Is Set To 'On' ", - "title": "Ensure That Microsoft Defender for Cosmos DB Is Set To 'On' ", - "types": [], - "uid": "prowler-azure-defender_ensure_defender_for_cosmosdb_is_on-3bb71587-4549-4396-8898-9e15f062e665-global-Defender plan Cosmos DB" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/CosmosDbs", - "resource_name": "CosmosDbs", - "pricing_tier": "Free", - "free_trial_remaining_time": 2592000.0, - "extensions": {} - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "Defender plan Cosmos DB", - "type": "AzureDefenderPlan", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/CosmosDbs" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "By default, Microsoft Defender for Cloud is not enabled for your App Service instances. Enabling the Defender security service for App Service instances allows for advanced security defense using threat detection capabilities provided by Microsoft Security Response Center.", - "references": [ - "Enable Microsoft Defender for Cosmos DB" - ] - }, - "risk_details": "In scanning Cosmos DB requests within a subscription, requests are compared to a heuristic list of potential security threats. These threats could be a result of a security breach within your services, thus scanning for them could prevent a potential security threat from being introduced.", - "time": 1760899347, - "time_dt": "2025-10-19T18:42:27.982879", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Defender plan Defender for Databases from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "metadata": { - "event_code": "defender_ensure_defender_for_databases_is_on", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Defender plan Defender for Databases from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.s.4.r1.az.nt.4" - ], - "MITRE-ATTACK": [ - "T1190", - "T1486", - "T1499" - ], - "CIS-2.0": [ - "2.1.3" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.19", - "A.5.21", - "A.5.22", - "A.5.25", - "A.5.28", - "A.5.29", - "A.8.7", - "A.8.9" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "NIS2": [ - "3.6.2", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760899347, - "created_time_dt": "2025-10-19T18:42:27.982879", - "desc": "Ensure That Microsoft Defender for Databases Is Set To 'On' ", - "title": "Ensure That Microsoft Defender for Databases Is Set To 'On' ", - "types": [], - "uid": "prowler-azure-defender_ensure_defender_for_databases_is_on-3bb71587-4549-4396-8898-9e15f062e665-global-SqlServers" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/SqlServers", - "resource_name": "SqlServers", - "pricing_tier": "Free", - "free_trial_remaining_time": 2592000.0, - "extensions": {} - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "SqlServers", - "type": "AzureDefenderPlan", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/SqlServers" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "Enable Microsoft Defender for Azure SQL Databases", - "references": [] - }, - "risk_details": "Enabling Microsoft Defender for Azure SQL Databases allows your organization more granular control of the infrastructure running your database software", - "time": 1760899347, - "time_dt": "2025-10-19T18:42:27.982879", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Defender plan Defender for DNS from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "metadata": { - "event_code": "defender_ensure_defender_for_dns_is_on", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Defender plan Defender for DNS from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.s.4.r1.az.nt.3" - ], - "MITRE-ATTACK": [ - "T1190", - "T1486", - "T1499" - ], - "CIS-2.0": [ - "2.1.11" - ], - "ProwlerThreatScore-1.0": [ - "3.3.21" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.19", - "A.5.21", - "A.5.22", - "A.5.25", - "A.5.28", - "A.5.29", - "A.8.7", - "A.8.9" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CIS-2.1": [ - "2.1.10" - ], - "CIS-3.0": [ - "3.1.16" - ], - "CIS-4.0": [ - "9.1.17" - ], - "NIS2": [ - "3.6.2", - "6.7.2.i", - "6.7.2.l", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760899347, - "created_time_dt": "2025-10-19T18:42:27.982879", - "desc": "Ensure That Microsoft Defender for DNS Is Set To 'On' ", - "title": "Ensure That Microsoft Defender for DNS Is Set To 'On' ", - "types": [], - "uid": "prowler-azure-defender_ensure_defender_for_dns_is_on-3bb71587-4549-4396-8898-9e15f062e665-global-Defender plan DNS" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/Dns", - "resource_name": "Dns", - "pricing_tier": "Free", - "free_trial_remaining_time": 2592000.0, - "extensions": {} - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "Defender plan DNS", - "type": "AzureDefenderPlan", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/Dns" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "By default, Microsoft Defender for Cloud is not enabled for your App Service instances. Enabling the Defender security service for App Service instances allows for advanced security defense using threat detection capabilities provided by Microsoft Security Response Center.", - "references": [] - }, - "risk_details": "DNS lookups within a subscription are scanned and compared to a dynamic list of websites that might be potential security threats. These threats could be a result of a security breach within your services, thus scanning for them could prevent a potential security threat from being introduced.", - "time": 1760899347, - "time_dt": "2025-10-19T18:42:27.982879", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Defender plan Defender for KeyVaults from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "metadata": { - "event_code": "defender_ensure_defender_for_keyvault_is_on", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Defender plan Defender for KeyVaults from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r1.az.eid.3" - ], - "MITRE-ATTACK": [ - "T1190", - "T1486", - "T1499", - "T1580" - ], - "CIS-2.0": [ - "2.1.10" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.19", - "A.5.21", - "A.5.22", - "A.5.25", - "A.5.28", - "A.5.29", - "A.8.7", - "A.8.9" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CIS-2.1": [ - "2.1.9" - ], - "CIS-3.0": [ - "3.1.8.1" - ], - "PCI-4.0": [ - "3.5.1.31", - "3.5.1.32", - "8.3.2.50", - "8.3.2.51" - ], - "CIS-4.0": [ - "9.1.8.1" - ], - "NIS2": [ - "3.6.2", - "6.9.2", - "9.2.c", - "9.2.c.iv" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760899347, - "created_time_dt": "2025-10-19T18:42:27.982879", - "desc": "Ensure That Microsoft Defender for KeyVault Is Set To 'On' ", - "title": "Ensure That Microsoft Defender for KeyVault Is Set To 'On' ", - "types": [], - "uid": "prowler-azure-defender_ensure_defender_for_keyvault_is_on-3bb71587-4549-4396-8898-9e15f062e665-global-Defender plan KeyVaults" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/KeyVaults", - "resource_name": "KeyVaults", - "pricing_tier": "Free", - "free_trial_remaining_time": 2592000.0, - "extensions": {} - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "Defender plan KeyVaults", - "type": "AzureDefenderPlan", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/KeyVaults" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "Ensure that Microsoft Defender for Cloud is enabled for Azure key vaults. Key Vault is the Azure cloud service that safeguards encryption keys and secrets like certificates, connection-based strings, and passwords.", - "references": [] - }, - "risk_details": "By default, Microsoft Defender for Cloud is disabled for Azure key vaults. Defender for Cloud detects unusual and potentially harmful attempts to access or exploit your Azure Key Vault data. This layer of protection allows you to address threats without being a security expert, and without the need to use and manage third-party security monitoring tools or services.", - "time": 1760899347, - "time_dt": "2025-10-19T18:42:27.982879", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Defender plan Defender for Open-Source Relational Databases from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "metadata": { - "event_code": "defender_ensure_defender_for_os_relational_databases_is_on", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Defender plan Defender for Open-Source Relational Databases from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.s.4.r1.az.nt.4" - ], - "MITRE-ATTACK": [ - "T1190", - "T1486", - "T1499" - ], - "CIS-2.0": [ - "2.1.6" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.19", - "A.5.21", - "A.5.22", - "A.5.25", - "A.5.28", - "A.5.29", - "A.8.7", - "A.8.9" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CIS-2.1": [ - "2.1.5" - ], - "CIS-3.0": [ - "3.1.7.2" - ], - "CIS-4.0": [ - "9.1.7.2" - ], - "NIS2": [ - "3.6.2", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760899347, - "created_time_dt": "2025-10-19T18:42:27.982879", - "desc": "Ensure That Microsoft Defender for Open-Source Relational Databases Is Set To 'On' ", - "title": "Ensure That Microsoft Defender for Open-Source Relational Databases Is Set To 'On' ", - "types": [], - "uid": "prowler-azure-defender_ensure_defender_for_os_relational_databases_is_on-3bb71587-4549-4396-8898-9e15f062e665-global-Defender plan Open-Source Relational Databases" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/OpenSourceRelationalDatabases", - "resource_name": "OpenSourceRelationalDatabases", - "pricing_tier": "Free", - "free_trial_remaining_time": 2592000.0, - "extensions": {} - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "Defender plan Open-Source Relational Databases", - "type": "AzureDefenderPlan", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/OpenSourceRelationalDatabases" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "Enabling Microsoft Defender for Open-source relational databases allows for greater defense-in-depth, with threat detection provided by the Microsoft Security Response Center (MSRC).", - "references": [] - }, - "risk_details": "Turning on Microsoft Defender for Open-source relational databases enables threat detection for Open-source relational databases, providing threat intelligence, anomaly detection, and behavior analytics in the Microsoft Defender for Cloud.", - "time": 1760899347, - "time_dt": "2025-10-19T18:42:27.982879", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Defender plan Defender for Servers from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "metadata": { - "event_code": "defender_ensure_defender_for_server_is_on", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Defender plan Defender for Servers from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.mon.3.r1.az.ev.1", - "mp.s.4.r1.az.nt.3" - ], - "MITRE-ATTACK": [ - "T1190", - "T1486", - "T1499" - ], - "CIS-2.0": [ - "2.1.1", - "2.1.2" - ], - "ProwlerThreatScore-1.0": [ - "1.1.4" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.19", - "A.5.21", - "A.5.22", - "A.5.25", - "A.5.28", - "A.5.29", - "A.8.7", - "A.8.9" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CIS-2.1": [ - "2.1.1" - ], - "CIS-3.0": [ - "2.2.8", - "3.1.3.1" - ], - "CIS-4.0": [ - "6.2.7", - "9.1.3.1" - ], - "NIS2": [ - "3.6.2", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760899347, - "created_time_dt": "2025-10-19T18:42:27.982879", - "desc": "Ensure That Microsoft Defender for Servers Is Set to 'On'", - "title": "Ensure That Microsoft Defender for Servers Is Set to 'On'", - "types": [], - "uid": "prowler-azure-defender_ensure_defender_for_server_is_on-3bb71587-4549-4396-8898-9e15f062e665-global-Defender plan Servers" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/VirtualMachines", - "resource_name": "VirtualMachines", - "pricing_tier": "Free", - "free_trial_remaining_time": 2592000.0, - "extensions": {} - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "Defender plan Servers", - "type": "AzureDefenderPlan", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/VirtualMachines" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "Enabling Microsoft Defender for Cloud standard pricing tier allows for better security assessment with threat detection provided by the Microsoft Security Response Center (MSRC), advanced security policies, adaptive application control, network threat detection, and regulatory compliance management.", - "references": [] - }, - "risk_details": "Turning on Microsoft Defender for Servers enables threat detection for Servers, providing threat intelligence, anomaly detection, and behavior analytics in the Microsoft Defender for Cloud.", - "time": 1760899347, - "time_dt": "2025-10-19T18:42:27.982879", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Defender plan Defender for SQL Server VMs from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "metadata": { - "event_code": "defender_ensure_defender_for_sql_servers_is_on", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Defender plan Defender for SQL Server VMs from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.s.4.r1.az.nt.4" - ], - "MITRE-ATTACK": [ - "T1190", - "T1486", - "T1499" - ], - "CIS-2.0": [ - "2.1.5" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.19", - "A.5.21", - "A.5.22", - "A.5.25", - "A.5.28", - "A.5.29", - "A.8.7", - "A.8.9" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CIS-2.1": [ - "2.1.4" - ], - "CIS-3.0": [ - "3.1.7.4" - ], - "CIS-4.0": [ - "9.1.7.4" - ], - "NIS2": [ - "3.6.2", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760899347, - "created_time_dt": "2025-10-19T18:42:27.982879", - "desc": "Ensure That Microsoft Defender for SQL Servers on Machines Is Set To 'On' ", - "title": "Ensure That Microsoft Defender for SQL Servers on Machines Is Set To 'On' ", - "types": [], - "uid": "prowler-azure-defender_ensure_defender_for_sql_servers_is_on-3bb71587-4549-4396-8898-9e15f062e665-global-Defender plan SQL Server VMs" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/SqlServerVirtualMachines", - "resource_name": "SqlServerVirtualMachines", - "pricing_tier": "Free", - "free_trial_remaining_time": 2592000.0, - "extensions": {} - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "Defender plan SQL Server VMs", - "type": "AzureDefenderPlan", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/SqlServerVirtualMachines" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "By default, Microsoft Defender for Cloud is disabled for the Microsoft SQL servers running on virtual machines. Defender for Cloud for SQL Server virtual machines continuously monitors your SQL database servers for threats such as SQL injection, brute-force attacks, and privilege abuse. The security service provides security alerts together with details of the suspicious activity and guidance on how to mitigate to the security threats.", - "references": [] - }, - "risk_details": "Turning on Microsoft Defender for SQL servers on machines enables threat detection for SQL servers on machines, providing threat intelligence, anomaly detection, and behavior analytics in the Microsoft Defender for Cloud.", - "time": 1760899347, - "time_dt": "2025-10-19T18:42:27.982879", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Defender plan Defender for Storage Accounts from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "metadata": { - "event_code": "defender_ensure_defender_for_storage_is_on", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Defender plan Defender for Storage Accounts from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.s.4.r1.az.nt.5" - ], - "MITRE-ATTACK": [ - "T1190", - "T1537", - "T1530", - "T1485", - "T1486", - "T1499" - ], - "CIS-2.0": [ - "2.1.7" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.19", - "A.5.21", - "A.5.22", - "A.5.25", - "A.5.28", - "A.5.29", - "A.8.7", - "A.8.9" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CIS-2.1": [ - "2.1.7" - ], - "CIS-3.0": [ - "3.1.5.1" - ], - "CIS-4.0": [ - "9.1.5.1" - ], - "NIS2": [ - "3.6.2", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760899347, - "created_time_dt": "2025-10-19T18:42:27.982879", - "desc": "Ensure That Microsoft Defender for Storage Is Set To 'On' ", - "title": "Ensure That Microsoft Defender for Storage Is Set To 'On' ", - "types": [], - "uid": "prowler-azure-defender_ensure_defender_for_storage_is_on-3bb71587-4549-4396-8898-9e15f062e665-global-Defender plan Storage Accounts" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/StorageAccounts", - "resource_name": "StorageAccounts", - "pricing_tier": "Free", - "free_trial_remaining_time": 2592000.0, - "extensions": {} - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "Defender plan Storage Accounts", - "type": "AzureDefenderPlan", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/StorageAccounts" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "By default, Microsoft Defender for Cloud is disabled for your storage accounts. Enabling the Defender security service for Azure storage accounts allows for advanced security defense using threat detection capabilities provided by the Microsoft Security Response Center (MSRC). MSRC investigates all reports of security vulnerabilities affecting Microsoft products and services, including Azure cloud services.", - "references": [] - }, - "risk_details": "Ensure that Microsoft Defender for Cloud is enabled for your Microsoft Azure storage accounts. Defender for storage accounts is an Azure-native layer of security intelligence that detects unusual and potentially harmful attempts to access or exploit your Azure cloud storage accounts.", - "time": 1760899347, - "time_dt": "2025-10-19T18:42:27.982879", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No IoT Security Solutions found in the subscription Azure subscription 1.", - "metadata": { - "event_code": "defender_ensure_iot_hub_defender_is_on", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "No IoT Security Solutions found in the subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://azure.microsoft.com/en-us/services/iot-defender/#overview", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Enabling Microsoft Defender for IoT will incur additional charges dependent on the level of usage.", - "compliance": { - "ENS-RD2022": [ - "mp.s.4.r1.az.nt.3" - ], - "MITRE-ATTACK": [ - "T1190", - "T1486", - "T1499" - ], - "CIS-2.0": [ - "2.2.1" - ], - "ISO27001-2022": [ - "A.5.19", - "A.5.21", - "A.5.25", - "A.5.28", - "A.5.29", - "A.8.7", - "A.8.9" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CIS-2.1": [ - "2.2.1" - ], - "CIS-3.0": [ - "3.2.1" - ], - "CIS-4.0": [ - "9.2.1" - ], - "NIS2": [ - "3.6.2", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760899347, - "created_time_dt": "2025-10-19T18:42:27.982879", - "desc": "Microsoft Defender for IoT acts as a central security hub for IoT devices within your organization.", - "title": "Ensure That Microsoft Defender for IoT Hub Is Set To 'On'", - "types": [], - "uid": "prowler-azure-defender_ensure_iot_hub_defender_is_on-3bb71587-4549-4396-8898-9e15f062e665-global-IoT Hub Defender" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "IoT Hub Defender", - "type": "DefenderIoT", - "uid": "IoT Hub Defender" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. Go to IoT Hub. 2. Select a IoT Hub to validate. 3. Select Overview in Defender for IoT. 4. Click on Secure your IoT solution, and complete the onboarding.", - "references": [ - "https://learn.microsoft.com/en-us/azure/defender-for-iot/device-builders/quickstart-onboard-iot-hub" - ] - }, - "risk_details": "IoT devices are very rarely patched and can be potential attack vectors for enterprise networks. Updating their network configuration to use a central security hub allows for detection of these breaches.", - "time": 1760899347, - "time_dt": "2025-10-19T18:42:27.982879", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Microsoft Defender for Cloud Apps is enabled for subscription Azure subscription 1.", - "metadata": { - "event_code": "defender_ensure_mcas_is_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Microsoft Defender for Cloud Apps is enabled for subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-in/azure/defender-for-cloud/defender-for-cloud-introduction#secure-cloud-applications", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Microsoft Defender for Cloud Apps works with Standard pricing tier Subscription. Choosing the Standard pricing tier of Microsoft Defender for Cloud incurs an additional cost per resource.", - "compliance": { - "ENS-RD2022": [ - "mp.s.4.r1.az.nt.3" - ], - "MITRE-ATTACK": [ - "T1190", - "T1486" - ], - "CIS-2.0": [ - "2.1.21" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.22" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CIS-2.1": [ - "2.1.20" - ], - "CIS-3.0": [ - "3.1.1.2" - ], - "PCI-4.0": [ - "11.5.1.1.2", - "11.5.1.2" - ], - "NIS2": [ - "3.6.2", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760899347, - "created_time_dt": "2025-10-19T18:42:27.982879", - "desc": "This integration setting enables Microsoft Defender for Cloud Apps (formerly 'Microsoft Cloud App Security' or 'MCAS' - see additional info) to communicate with Microsoft Defender for Cloud.", - "title": "Ensure that Microsoft Defender for Cloud Apps integration with Microsoft Defender for Cloud is Selected", - "types": [], - "uid": "prowler-azure-defender_ensure_mcas_is_enabled-3bb71587-4549-4396-8898-9e15f062e665-global-MCAS" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/settings/MCAS", - "resource_type": "Microsoft.Security/settings", - "kind": "DataExportSettings", - "enabled": true - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "MCAS", - "type": "DefenderSettings", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/settings/MCAS" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. From Azure Home select the Portal Menu. 2. Select Microsoft Defender for Cloud. 3. Select Environment Settings blade. 4. Select the subscription. 5. Check App Service Defender Plan to On. 6. Select Save.", - "references": [ - "https://docs.microsoft.com/en-us/rest/api/securitycenter/settings/list" - ] - }, - "risk_details": "Microsoft Defender for Cloud offers an additional layer of protection by using Azure Resource Manager events, which is considered to be the control plane for Azure. By analyzing the Azure Resource Manager records, Microsoft Defender for Cloud detects unusual or potentially harmful operations in the Azure subscription environment. Several of the preceding analytics are powered by Microsoft Defender for Cloud Apps. To benefit from these analytics, subscription must have a Cloud App Security license. Microsoft Defender for Cloud Apps works only with Standard Tier subscriptions.", - "time": 1760899347, - "time_dt": "2025-10-19T18:42:27.982879", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Microsoft Defender for Endpoint integration is enabled for subscription Azure subscription 1.", - "metadata": { - "event_code": "defender_ensure_wdatp_is_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Microsoft Defender for Endpoint integration is enabled for subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-in/azure/defender-for-cloud/integration-defender-for-endpoint?tabs=windows", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Microsoft Defender for Endpoint works with Standard pricing tier Subscription. Choosing the Standard pricing tier of Microsoft Defender for Cloud incurs an additional cost per resource.", - "compliance": { - "ENS-RD2022": [ - "op.mon.3.r3.az.de.2" - ], - "MITRE-ATTACK": [ - "T1190" - ], - "CIS-2.0": [ - "2.1.22" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CIS-2.1": [ - "2.1.21" - ], - "NIS2": [ - "3.6.2", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760899347, - "created_time_dt": "2025-10-19T18:42:27.982879", - "desc": "This integration setting enables Microsoft Defender for Endpoint (formerly 'Advanced Threat Protection' or 'ATP' or 'WDATP' - see additional info) to communicate with Microsoft Defender for Cloud.", - "title": "Ensure that Microsoft Defender for Endpoint integration with Microsoft Defender for Cloud is selected", - "types": [], - "uid": "prowler-azure-defender_ensure_wdatp_is_enabled-3bb71587-4549-4396-8898-9e15f062e665-global-WDATP" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/settings/WDATP", - "resource_type": "Microsoft.Security/settings", - "kind": "DataExportSettings", - "enabled": true - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "WDATP", - "type": "DefenderSettings", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/settings/WDATP" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "", - "references": [ - "https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/azure-server-integration?view=o365-worldwide" - ] - }, - "risk_details": "Microsoft Defender for Endpoint integration brings comprehensive Endpoint Detection and Response (EDR) capabilities within Microsoft Defender for Cloud. This integration helps to spot abnormalities, as well as detect and respond to advanced attacks on endpoints monitored by Microsoft Defender for Cloud. MDE works only with Standard Tier subscriptions.", - "time": 1760899347, - "time_dt": "2025-10-19T18:42:27.982879", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Role assignment 1b4a98ae-5221-4850-a761-4f9176407028 in subscription Azure subscription 1 does not grant User Access Administrator role.", - "metadata": { - "event_code": "iam_role_user_access_admin_restricted", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Role assignment 1b4a98ae-5221-4850-a761-4f9176407028 in subscription Azure subscription 1 does not grant User Access Administrator role.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/privileged#user-access-administrator", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.LB.CN04.AR01", - "CCC.LB.CN05.AR01", - "CCC.LB.CN09.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.MLDE.CN03.AR01", - "CCC.MLDE.CN03.AR02", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ], - "CIS-4.0": [ - "6.3.3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760899347, - "created_time_dt": "2025-10-19T18:42:27.982879", - "desc": "Checks for active assignments of the highly privileged 'User Access Administrator' role in Azure subscriptions.", - "title": "Ensure 'User Access Administrator' role is restricted", - "types": [], - "uid": "prowler-azure-iam_role_user_access_admin_restricted-3bb71587-4549-4396-8898-9e15f062e665-global-1b4a98ae-5221-4850-a761-4f9176407028" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Authorization/roleAssignments/1b4a98ae-5221-4850-a761-4f9176407028", - "name": "1b4a98ae-5221-4850-a761-4f9176407028", - "scope": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665", - "agent_id": "88c2c157-980b-416e-b77e-ec04f7f1b984", - "agent_type": "User", - "role_id": "8e3af657-a8ff-443c-a75c-2fe8c4bcb635" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "1b4a98ae-5221-4850-a761-4f9176407028", - "type": "AzureIAMRoleassignment", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Authorization/roleAssignments/1b4a98ae-5221-4850-a761-4f9176407028" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "Remove 'User Access Administrator' role assignments immediately after use to minimize security risks.", - "references": [ - "https://learn.microsoft.com/en-us/azure/role-based-access-control/elevate-access-global-admin?tabs=azure-portal%2Centra-audit-logs" - ] - }, - "risk_details": "Persistent assignment of this role can lead to privilege escalation and unauthorized access, increasing the risk of security breaches.", - "time": 1760899347, - "time_dt": "2025-10-19T18:42:27.982879", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Role assignment 083c1758-89d9-4b12-8005-48e7e359dc4f in subscription Azure subscription 1 does not grant User Access Administrator role.", - "metadata": { - "event_code": "iam_role_user_access_admin_restricted", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Role assignment 083c1758-89d9-4b12-8005-48e7e359dc4f in subscription Azure subscription 1 does not grant User Access Administrator role.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/privileged#user-access-administrator", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.LB.CN04.AR01", - "CCC.LB.CN05.AR01", - "CCC.LB.CN09.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.MLDE.CN03.AR01", - "CCC.MLDE.CN03.AR02", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ], - "CIS-4.0": [ - "6.3.3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760899347, - "created_time_dt": "2025-10-19T18:42:27.982879", - "desc": "Checks for active assignments of the highly privileged 'User Access Administrator' role in Azure subscriptions.", - "title": "Ensure 'User Access Administrator' role is restricted", - "types": [], - "uid": "prowler-azure-iam_role_user_access_admin_restricted-3bb71587-4549-4396-8898-9e15f062e665-global-083c1758-89d9-4b12-8005-48e7e359dc4f" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Authorization/roleAssignments/083c1758-89d9-4b12-8005-48e7e359dc4f", - "name": "083c1758-89d9-4b12-8005-48e7e359dc4f", - "scope": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665", - "agent_id": "88c2c157-980b-416e-b77e-ec04f7f1b984", - "agent_type": "User", - "role_id": "8e3af657-a8ff-443c-a75c-2fe8c4bcb635" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "083c1758-89d9-4b12-8005-48e7e359dc4f", - "type": "AzureIAMRoleassignment", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Authorization/roleAssignments/083c1758-89d9-4b12-8005-48e7e359dc4f" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "Remove 'User Access Administrator' role assignments immediately after use to minimize security risks.", - "references": [ - "https://learn.microsoft.com/en-us/azure/role-based-access-control/elevate-access-global-admin?tabs=azure-portal%2Centra-audit-logs" - ] - }, - "risk_details": "Persistent assignment of this role can lead to privilege escalation and unauthorized access, increasing the risk of security breaches.", - "time": 1760899347, - "time_dt": "2025-10-19T18:42:27.982879", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Role assignment 2c61de5e-5cbb-42b9-9f2a-9dd930efe3fb in subscription Azure subscription 1 does not grant User Access Administrator role.", - "metadata": { - "event_code": "iam_role_user_access_admin_restricted", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Role assignment 2c61de5e-5cbb-42b9-9f2a-9dd930efe3fb in subscription Azure subscription 1 does not grant User Access Administrator role.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/privileged#user-access-administrator", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.LB.CN04.AR01", - "CCC.LB.CN05.AR01", - "CCC.LB.CN09.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.MLDE.CN03.AR01", - "CCC.MLDE.CN03.AR02", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ], - "CIS-4.0": [ - "6.3.3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760899347, - "created_time_dt": "2025-10-19T18:42:27.982879", - "desc": "Checks for active assignments of the highly privileged 'User Access Administrator' role in Azure subscriptions.", - "title": "Ensure 'User Access Administrator' role is restricted", - "types": [], - "uid": "prowler-azure-iam_role_user_access_admin_restricted-3bb71587-4549-4396-8898-9e15f062e665-global-2c61de5e-5cbb-42b9-9f2a-9dd930efe3fb" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Authorization/roleAssignments/2c61de5e-5cbb-42b9-9f2a-9dd930efe3fb", - "name": "2c61de5e-5cbb-42b9-9f2a-9dd930efe3fb", - "scope": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665", - "agent_id": "88c2c157-980b-416e-b77e-ec04f7f1b984", - "agent_type": "User", - "role_id": "b24988ac-6180-42a0-ab88-20f7382dd24c" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "2c61de5e-5cbb-42b9-9f2a-9dd930efe3fb", - "type": "AzureIAMRoleassignment", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Authorization/roleAssignments/2c61de5e-5cbb-42b9-9f2a-9dd930efe3fb" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "Remove 'User Access Administrator' role assignments immediately after use to minimize security risks.", - "references": [ - "https://learn.microsoft.com/en-us/azure/role-based-access-control/elevate-access-global-admin?tabs=azure-portal%2Centra-audit-logs" - ] - }, - "risk_details": "Persistent assignment of this role can lead to privilege escalation and unauthorized access, increasing the risk of security breaches.", - "time": 1760899347, - "time_dt": "2025-10-19T18:42:27.982879", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Role assignment 154eadeb-e375-4263-b4bd-4a2a2237ecd2 in subscription Azure subscription 1 does not grant User Access Administrator role.", - "metadata": { - "event_code": "iam_role_user_access_admin_restricted", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Role assignment 154eadeb-e375-4263-b4bd-4a2a2237ecd2 in subscription Azure subscription 1 does not grant User Access Administrator role.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/privileged#user-access-administrator", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.LB.CN04.AR01", - "CCC.LB.CN05.AR01", - "CCC.LB.CN09.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.MLDE.CN03.AR01", - "CCC.MLDE.CN03.AR02", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ], - "CIS-4.0": [ - "6.3.3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760899347, - "created_time_dt": "2025-10-19T18:42:27.982879", - "desc": "Checks for active assignments of the highly privileged 'User Access Administrator' role in Azure subscriptions.", - "title": "Ensure 'User Access Administrator' role is restricted", - "types": [], - "uid": "prowler-azure-iam_role_user_access_admin_restricted-3bb71587-4549-4396-8898-9e15f062e665-global-154eadeb-e375-4263-b4bd-4a2a2237ecd2" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Authorization/roleAssignments/154eadeb-e375-4263-b4bd-4a2a2237ecd2", - "name": "154eadeb-e375-4263-b4bd-4a2a2237ecd2", - "scope": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665", - "agent_id": "80dfb9bd-1c99-4012-9de7-580a68334b45", - "agent_type": "ServicePrincipal", - "role_id": "8e3af657-a8ff-443c-a75c-2fe8c4bcb635" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "154eadeb-e375-4263-b4bd-4a2a2237ecd2", - "type": "AzureIAMRoleassignment", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Authorization/roleAssignments/154eadeb-e375-4263-b4bd-4a2a2237ecd2" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "Remove 'User Access Administrator' role assignments immediately after use to minimize security risks.", - "references": [ - "https://learn.microsoft.com/en-us/azure/role-based-access-control/elevate-access-global-admin?tabs=azure-portal%2Centra-audit-logs" - ] - }, - "risk_details": "Persistent assignment of this role can lead to privilege escalation and unauthorized access, increasing the risk of security breaches.", - "time": 1760899347, - "time_dt": "2025-10-19T18:42:27.982879", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There is not an alert for creating Policy Assignments in subscription Azure subscription 1.", - "metadata": { - "event_code": "monitor_alert_create_policy_assignment", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "There is not an alert for creating Policy Assignments in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://azure.microsoft.com/en-us/updates/classic-alerting-monitoring-retirement", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "By default, no monitoring alerts are created.", - "compliance": { - "ENS-RD2022": [ - "op.mon.2.r1.az.ma.1" - ], - "MITRE-ATTACK": [ - "T1496" - ], - "CIS-2.0": [ - "5.2.1" - ], - "ProwlerThreatScore-1.0": [ - "3.3.3" - ], - "ISO27001-2022": [ - "A.5.7", - "A.8.16" - ], - "SOC2": [ - "cc_2_1", - "cc_5_2", - "cc_7_3", - "cc_7_4", - "cc_8_1" - ], - "CIS-2.1": [ - "5.2.1" - ], - "CIS-3.0": [ - "6.2.1" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR02", - "CCC.KeyMgmt.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.LB.CN04.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN07.AR02" - ], - "CIS-4.0": [ - "7.1.2.1" - ], - "NIS2": [ - "2.2.3", - "3.2.1", - "3.2.2", - "3.2.3.b", - "3.2.3.f", - "3.2.4", - "3.4.1", - "3.5.4", - "4.3.2.c", - "6.4.1", - "7.2.b", - "11.3.1", - "11.5.2.d" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760899347, - "created_time_dt": "2025-10-19T18:42:27.982879", - "desc": "Create an activity log alert for the Create Policy Assignment event.", - "title": "Ensure that Activity Log Alert exists for Create Policy Assignment", - "types": [], - "uid": "prowler-azure-monitor_alert_create_policy_assignment-3bb71587-4549-4396-8898-9e15f062e665-global-Monitor" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "monitor" - }, - "labels": [], - "name": "Monitor", - "type": "Monitor", - "uid": "Monitor" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. Navigate to the Monitor blade. 2. Select Alerts. 3. Select Create. 4. Select Alert rule. 5. Under Filter by subscription, choose a subscription. 6. Under Filter by resource type, select Policy assignment (policyAssignments). 7. Under Filter by location, select All. 8. From the results, select the subscription. 9. Select Done. 10. Select the Condition tab. 11. Under Signal name, click Create policy assignment (Microsoft.Authorization/policyAssignments). 12. Select the Actions tab. 13. To use an existing action group, click elect action groups. To create a new action group, click Create action group. Fill out the appropriate details for the selection. 14. Select the Details tab. 15. Select a Resource group, provide an Alert rule name and an optional Alert rule description. 16. Click Review + create. 17. Click Create.", - "references": [ - "https://docs.microsoft.com/en-in/azure/azure-monitor/platform/alerts-activity-log" - ] - }, - "risk_details": "Monitoring for create policy assignment events gives insight into changes done in 'Azure policy - assignments' and can reduce the time it takes to detect unsolicited changes.", - "time": 1760899347, - "time_dt": "2025-10-19T18:42:27.982879", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There is not an alert for creating/updating Network Security Groups in subscription Azure subscription 1.", - "metadata": { - "event_code": "monitor_alert_create_update_nsg", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "There is not an alert for creating/updating Network Security Groups in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-in/azure/azure-monitor/platform/alerts-activity-log", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "By default, no monitoring alerts are created.", - "compliance": { - "ENS-RD2022": [ - "op.mon.2.r1.az.ma.1" - ], - "CIS-2.0": [ - "5.2.3" - ], - "ProwlerThreatScore-1.0": [ - "3.3.5" - ], - "ISO27001-2022": [ - "A.5.7", - "A.8.16" - ], - "SOC2": [ - "cc_2_1", - "cc_5_2", - "cc_7_3", - "cc_7_4", - "cc_8_1" - ], - "CIS-2.1": [ - "5.2.3" - ], - "CIS-3.0": [ - "6.2.3" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR02", - "CCC.KeyMgmt.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.LB.CN04.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN07.AR02" - ], - "PCI-4.0": [ - "10.2.1.1.8", - "10.4.2.2", - "10.4.3.1", - "10.6.3.8", - "10.7.1.3", - "10.7.2.3", - "11.5.2.2", - "11.6.1.2", - "12.10.5.2", - "A3.3.1.3", - "A3.5.1.3" - ], - "CIS-4.0": [ - "7.1.2.3" - ], - "NIS2": [ - "2.2.3", - "3.2.1", - "3.2.2", - "3.2.3.a", - "3.2.3.f", - "3.2.4", - "3.4.1", - "3.5.4", - "4.3.2.c", - "6.4.1", - "7.2.b", - "11.3.1", - "11.5.2.d" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760899347, - "created_time_dt": "2025-10-19T18:42:27.982879", - "desc": "Create an Activity Log Alert for the Create or Update Network Security Group event.", - "title": "Ensure that Activity Log Alert exists for Create or Update Network Security Group", - "types": [], - "uid": "prowler-azure-monitor_alert_create_update_nsg-3bb71587-4549-4396-8898-9e15f062e665-global-Monitor" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "monitor" - }, - "labels": [], - "name": "Monitor", - "type": "Monitor", - "uid": "Monitor" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. Navigate to the Monitor blade. 2. Select Alerts. 3. Select Create. 4. Select Alert rule. 5. Under Filter by subscription, choose a subscription. 6. Under Filter by resource type, select Network security groups. 7. Under Filter by location, select All. 8. From the results, select the subscription. 9. Select Done. 10. Select the Condition tab. 11. Under Signal name, click Create or Update Network Security Group (Microsoft.Network/networkSecurityGroups). 12. Select the Actions tab. 13. To use an existing action group, click Select action groups. To create a new action group, click Create action group. Fill out the appropriate details for the selection. 14. Select the Details tab. 15. Select a Resource group, provide an Alert rule name and an optional Alert rule description. 16. Click Review + create. 17. Click Create.", - "references": [ - "https://azure.microsoft.com/en-us/updates/classic-alerting-monitoring-retirement" - ] - }, - "risk_details": "Monitoring for Create or Update Network Security Group events gives insight into network access changes and may reduce the time it takes to detect suspicious activity.", - "time": 1760899347, - "time_dt": "2025-10-19T18:42:27.982879", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There is not an alert for creating/updating Public IP address rule in subscription Azure subscription 1.", - "metadata": { - "event_code": "monitor_alert_create_update_public_ip_address_rule", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "There is not an alert for creating/updating Public IP address rule in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-in/azure/azure-monitor/platform/alerts-activity-log", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "By default, no monitoring alerts are created.", - "compliance": { - "ENS-RD2022": [ - "op.mon.2.r1.az.ma.1" - ], - "MITRE-ATTACK": [ - "T1496" - ], - "CIS-2.0": [ - "5.2.9" - ], - "ProwlerThreatScore-1.0": [ - "3.3.11" - ], - "ISO27001-2022": [ - "A.5.7", - "A.8.1", - "A.8.16" - ], - "SOC2": [ - "cc_2_1", - "cc_5_2", - "cc_7_3", - "cc_7_4", - "cc_8_1" - ], - "CIS-2.1": [ - "5.2.9" - ], - "CIS-3.0": [ - "6.2.9" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR02", - "CCC.KeyMgmt.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.LB.CN04.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN07.AR02" - ], - "CIS-4.0": [ - "7.1.2.9" - ], - "NIS2": [ - "2.2.3", - "3.2.1", - "3.2.2", - "3.2.3.a", - "3.2.3.f", - "3.2.4", - "3.4.1", - "3.5.4", - "4.3.2.c", - "6.4.1", - "7.2.b", - "11.5.2.d" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760899347, - "created_time_dt": "2025-10-19T18:42:27.982879", - "desc": "Create an activity log alert for the Create or Update Public IP Addresses rule.", - "title": "Ensure that Activity Log Alert exists for Create or Update Public IP Address rule", - "types": [], - "uid": "prowler-azure-monitor_alert_create_update_public_ip_address_rule-3bb71587-4549-4396-8898-9e15f062e665-global-Monitor" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "monitor" - }, - "labels": [], - "name": "Monitor", - "type": "Monitor", - "uid": "Monitor" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. Navigate to the Monitor blade. 2. Select Alerts. 3. Select Create. 4. Select Alert rule. 5. Under Filter by subscription, choose a subscription. 6. Under Filter by resource type, select Public IP addresses. 7. Under Filter by location, select All. 8. From the results, select the subscription. 9. Select Done. 10. Select the Condition tab. 11. Under Signal name, click Create or Update Public Ip Address (Microsoft.Network/publicIPAddresses). 12. Select the Actions tab. 13. To use an existing action group, click Select action groups. To create a new action group, click Create action group. Fill out the appropriate details for the selection. 14. Select the Details tab. 15. Select a Resource group, provide an Alert rule name and an optional Alert rule description. 16. Click Review + create. 17. Click Create.", - "references": [ - "https://azure.microsoft.com/en-us/updates/classic-alerting-monitoring-retirement" - ] - }, - "risk_details": "Monitoring for Create or Update Public IP Address events gives insight into network access changes and may reduce the time it takes to detect suspicious activity.", - "time": 1760899347, - "time_dt": "2025-10-19T18:42:27.982879", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There is not an alert for creating/updating Security Solution in subscription Azure subscription 1.", - "metadata": { - "event_code": "monitor_alert_create_update_security_solution", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "There is not an alert for creating/updating Security Solution in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-in/azure/azure-monitor/platform/alerts-activity-log", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "By default, no monitoring alerts are created.", - "compliance": { - "ENS-RD2022": [ - "op.mon.2.r1.az.ma.1", - "op.mon.3.r6.az.ma.1" - ], - "MITRE-ATTACK": [ - "T1496" - ], - "CIS-2.0": [ - "5.2.5" - ], - "ProwlerThreatScore-1.0": [ - "3.3.7" - ], - "ISO27001-2022": [ - "A.5.7", - "A.5.16", - "A.5.22", - "A.8.16" - ], - "SOC2": [ - "cc_2_1", - "cc_5_2", - "cc_7_3", - "cc_7_4", - "cc_8_1" - ], - "CIS-2.1": [ - "5.2.5" - ], - "CIS-3.0": [ - "6.2.5" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR02", - "CCC.KeyMgmt.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.LB.CN04.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN07.AR02" - ], - "CIS-4.0": [ - "7.1.2.5" - ], - "NIS2": [ - "2.2.3", - "3.2.1", - "3.2.2", - "3.2.3.f", - "3.2.4", - "3.4.1", - "3.5.4", - "4.3.2.c", - "6.4.1", - "7.2.b", - "11.5.2.d" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760899347, - "created_time_dt": "2025-10-19T18:42:27.982879", - "desc": "Create an activity log alert for the Create or Update Security Solution event.", - "title": "Ensure that Activity Log Alert exists for Create or Update Security Solution", - "types": [], - "uid": "prowler-azure-monitor_alert_create_update_security_solution-3bb71587-4549-4396-8898-9e15f062e665-global-Monitor" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "monitor" - }, - "labels": [], - "name": "Monitor", - "type": "Monitor", - "uid": "Monitor" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. Navigate to the Monitor blade. 2. Select Alerts. 3. Select Create. 4. Select Alert rule. 5. Under Filter by subscription, choose a subscription. 6. Under Filter by resource type, select Security Solutions (securitySolutions). 7. Under Filter by location, select All. 8. From the results, select the subscription. 9. Select Done. 10. Select the Condition tab. 11. Under Signal name, click Create or Update Security Solutions (Microsoft.Security/securitySolutions). 12. Select the Actions tab. 13. To use an existing action group, click Select action groups. To create a new action group, click Create action group. Fill out the appropriate details for the selection. 14. Select the Details tab. 15. Select a Resource group, provide an Alert rule name and an optional Alert rule description. 16. Click Review + create. 17. Click Create.", - "references": [ - "https://azure.microsoft.com/en-us/updates/classic-alerting-monitoring-retirement" - ] - }, - "risk_details": "Monitoring for Create or Update Security Solution events gives insight into changes to the active security solutions and may reduce the time it takes to detect suspicious activity.", - "time": 1760899347, - "time_dt": "2025-10-19T18:42:27.982879", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There is not an alert for creating/updating SQL Server firewall rule in subscription Azure subscription 1.", - "metadata": { - "event_code": "monitor_alert_create_update_sqlserver_fr", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "There is not an alert for creating/updating SQL Server firewall rule in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-in/azure/azure-monitor/platform/alerts-activity-log", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "By default, no monitoring alerts are created.", - "compliance": { - "ENS-RD2022": [ - "op.mon.2.r1.az.ma.1" - ], - "MITRE-ATTACK": [ - "T1496" - ], - "CIS-2.0": [ - "5.2.7" - ], - "ProwlerThreatScore-1.0": [ - "3.3.9" - ], - "ISO27001-2022": [ - "A.5.7", - "A.8.16" - ], - "SOC2": [ - "cc_2_1", - "cc_5_2", - "cc_7_3", - "cc_7_4", - "cc_8_1" - ], - "CIS-2.1": [ - "5.2.7" - ], - "CIS-3.0": [ - "6.2.7" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR02", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN07.AR02" - ], - "PCI-4.0": [ - "10.2.1.1.9", - "10.2.1.1.10", - "10.2.1.1.22", - "10.2.1.2.8", - "10.2.1.2.19", - "10.2.1.3.8", - "10.2.1.3.19", - "10.2.1.4.8", - "10.2.1.4.19", - "10.2.1.5.8", - "10.2.1.5.19", - "10.2.1.6.8", - "10.2.1.6.19", - "10.2.1.7.8", - "10.2.1.7.19", - "10.2.1.8", - "10.2.1.19", - "10.2.2.8", - "10.2.2.19", - "10.3.1.8", - "10.3.1.19", - "10.4.1.1.2", - "10.4.1.2", - "10.4.2.3", - "10.6.3.9", - "10.6.3.10", - "10.6.3.24", - "10.7.1.4", - "10.7.2.4", - "5.3.4.9", - "5.3.4.22", - "A1.2.1.10", - "A1.2.1.23", - "A3.3.1.4", - "A3.5.1.4" - ], - "CIS-4.0": [ - "7.1.2.7" - ], - "NIS2": [ - "2.2.3", - "3.2.1", - "3.2.2", - "3.2.3.a", - "3.2.3.f", - "3.2.4", - "3.4.1", - "3.5.4", - "4.3.2.c", - "6.4.1", - "7.2.b", - "11.3.1", - "11.5.2.d" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760899347, - "created_time_dt": "2025-10-19T18:42:27.982879", - "desc": "Create an activity log alert for the Create or Update SQL Server Firewall Rule event.", - "title": "Ensure that Activity Log Alert exists for Create or Update SQL Server Firewall Rule", - "types": [], - "uid": "prowler-azure-monitor_alert_create_update_sqlserver_fr-3bb71587-4549-4396-8898-9e15f062e665-global-Monitor" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "monitor" - }, - "labels": [], - "name": "Monitor", - "type": "Monitor", - "uid": "Monitor" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. Navigate to the Monitor blade. 2. Select Alerts. 3. Select Create. 4. Select Alert rule. 5. Under Filter by subscription, choose a subscription. 6. Under Filter by resource type, select Server Firewall Rule (servers/firewallRules). 7. Under Filter by location, select All. 8. From the results, select the subscription. 9. Select Done. 10. Select the Condition tab. 11. Under Signal name, click Create/Update server firewall rule (Microsoft.Sql/servers/firewallRules). 12. Select the Actions tab. 13. To use an existing action group, click Select action groups. To create a new action group, click Create action group. Fill out the appropriate details for the selection. 14. Select the Details tab. 15. Select a Resource group, provide an Alert rule name and an optional Alert rule description. 16. Click Review + create. 17. Click Create.", - "references": [ - "https://azure.microsoft.com/en-us/updates/classic-alerting-monitoring-retirement" - ] - }, - "risk_details": "Monitoring for Create or Update SQL Server Firewall Rule events gives insight into network access changes and may reduce the time it takes to detect suspicious activity.", - "time": 1760899347, - "time_dt": "2025-10-19T18:42:27.982879", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There is not an alert for deleting Network Security Groups in subscription Azure subscription 1.", - "metadata": { - "event_code": "monitor_alert_delete_nsg", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "There is not an alert for deleting Network Security Groups in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-in/azure/azure-monitor/platform/alerts-activity-log", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "By default, no monitoring alerts are created.", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.2" - ], - "MITRE-ATTACK": [ - "T1485", - "T1496" - ], - "CIS-2.0": [ - "5.2.4" - ], - "ProwlerThreatScore-1.0": [ - "3.3.6" - ], - "ISO27001-2022": [ - "A.5.7", - "A.8.16" - ], - "SOC2": [ - "cc_2_1", - "cc_5_2", - "cc_7_3", - "cc_7_4", - "cc_8_1" - ], - "CIS-2.1": [ - "5.2.4" - ], - "CIS-3.0": [ - "6.2.4" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR02", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN07.AR02" - ], - "CIS-4.0": [ - "7.1.2.4" - ], - "NIS2": [ - "2.2.3", - "3.2.1", - "3.2.2", - "3.2.3.a", - "3.2.3.f", - "3.2.4", - "3.4.1", - "3.5.4", - "4.3.2.c", - "6.4.1", - "7.2.b", - "11.3.1", - "11.5.2.d" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760899347, - "created_time_dt": "2025-10-19T18:42:27.982879", - "desc": "Create an activity log alert for the Delete Network Security Group event.", - "title": "Ensure that Activity Log Alert exists for Delete Network Security Group", - "types": [], - "uid": "prowler-azure-monitor_alert_delete_nsg-3bb71587-4549-4396-8898-9e15f062e665-global-Monitor" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "monitor" - }, - "labels": [], - "name": "Monitor", - "type": "Monitor", - "uid": "Monitor" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. Navigate to the Monitor blade. 2. Select Alerts. 3. Select Create. 4. Select Alert rule. 5. Under Filter by subscription, choose a subscription. 6. Under Filter by resource type, select Network security groups. 7. Under Filter by location, select All. 8. From the results, select the subscription. 9. Select Done. 10. Select the Condition tab. 11. Under Signal name, click Delete Network Security Group (Microsoft.Network/networkSecurityGroups). 12. Select the Actions tab. 13. To use an existing action group, click Select action groups. To create a new action group, click Create action group. Fill out the appropriate details for the selection. 14. Select the Details tab. 15. Select a Resource group, provide an Alert rule name and an optional Alert rule description. 16. Click Review + create. 17. Click Create.", - "references": [ - "https://azure.microsoft.com/en-us/updates/classic-alerting-monitoring-retirement" - ] - }, - "risk_details": "Monitoring for 'Delete Network Security Group' events gives insight into network access changes and may reduce the time it takes to detect suspicious activity.", - "time": 1760899347, - "time_dt": "2025-10-19T18:42:27.982879", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There is not an alert for deleting policy assignment in subscription Azure subscription 1.", - "metadata": { - "event_code": "monitor_alert_delete_policy_assignment", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "There is not an alert for deleting policy assignment in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-in/rest/api/monitor/activitylogalerts/createorupdate", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "By default, no monitoring alerts are created.", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.2" - ], - "MITRE-ATTACK": [ - "T1485", - "T1496" - ], - "CIS-2.0": [ - "5.2.2" - ], - "ProwlerThreatScore-1.0": [ - "3.3.4" - ], - "ISO27001-2022": [ - "A.5.7", - "A.8.16" - ], - "SOC2": [ - "cc_2_1", - "cc_5_2", - "cc_7_3", - "cc_7_4", - "cc_8_1" - ], - "CIS-2.1": [ - "5.2.2" - ], - "CIS-3.0": [ - "6.2.2" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR02", - "CCC.Logging.CN07.AR01" - ], - "CIS-4.0": [ - "7.1.2.2" - ], - "NIS2": [ - "2.2.3", - "3.2.1", - "3.2.2", - "3.2.3.b", - "3.2.3.f", - "3.2.4", - "3.4.1", - "3.5.4", - "4.3.2.c", - "6.4.1", - "7.2.b", - "11.3.1", - "11.5.2.d" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760899347, - "created_time_dt": "2025-10-19T18:42:27.982879", - "desc": "Create an activity log alert for the Delete Policy Assignment event.", - "title": "Ensure that Activity Log Alert exists for Delete Policy Assignment", - "types": [], - "uid": "prowler-azure-monitor_alert_delete_policy_assignment-3bb71587-4549-4396-8898-9e15f062e665-global-Monitor" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "monitor" - }, - "labels": [], - "name": "Monitor", - "type": "Monitor", - "uid": "Monitor" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. Navigate to the Monitor blade. 2. Select Alerts. 3. Select Create. 4. Select Alert rule. 5. Under Filter by subscription, choose a subscription. 6. Under Filter by resource type, select Policy assignment (policyAssignments). 7. Under Filter by location, select All. 8. From the results, select the subscription. 9. Select Done. 10. Select the Condition tab. 11. Under Signal name, click Delete policy assignment (Microsoft.Authorization/policyAssignments). 12. Select the Actions tab. 13. To use an existing action group, click Select action groups. To create a new action group, click Create action group. Fill out the appropriate details for the selection. 14. Select the Details tab. 15. Select a Resource group, provide an Alert rule name and an optional Alert rule description. 16. Click Review + create. 17. Click Create.", - "references": [ - "https://docs.microsoft.com/en-in/azure/azure-monitor/platform/alerts-activity-log" - ] - }, - "risk_details": "Monitoring for delete policy assignment events gives insight into changes done in 'azure policy - assignments' and can reduce the time it takes to detect unsolicited changes.", - "time": 1760899347, - "time_dt": "2025-10-19T18:42:27.982879", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There is not an alert for deleting public IP address rule in subscription Azure subscription 1.", - "metadata": { - "event_code": "monitor_alert_delete_public_ip_address_rule", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "There is not an alert for deleting public IP address rule in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-in/azure/azure-monitor/platform/alerts-activity-log", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "By default, no monitoring alerts are created.", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.2" - ], - "MITRE-ATTACK": [ - "T1485", - "T1496" - ], - "CIS-2.0": [ - "5.2.10" - ], - "ProwlerThreatScore-1.0": [ - "3.3.12" - ], - "ISO27001-2022": [ - "A.5.7", - "A.8.1", - "A.8.16" - ], - "SOC2": [ - "cc_2_1", - "cc_5_2", - "cc_7_3", - "cc_7_4", - "cc_8_1" - ], - "CIS-2.1": [ - "5.2.10" - ], - "CIS-3.0": [ - "6.2.10" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR02", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN07.AR02" - ], - "CIS-4.0": [ - "7.1.2.10" - ], - "NIS2": [ - "2.2.3", - "3.2.1", - "3.2.2", - "3.2.3.a", - "3.2.3.f", - "3.2.4", - "3.4.1", - "3.5.4", - "4.3.2.c", - "6.4.1", - "7.2.b", - "11.5.2.d" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760899347, - "created_time_dt": "2025-10-19T18:42:27.982879", - "desc": "Create an activity log alert for the Delete Public IP Address rule.", - "title": "Ensure that Activity Log Alert exists for Delete Public IP Address rule", - "types": [], - "uid": "prowler-azure-monitor_alert_delete_public_ip_address_rule-3bb71587-4549-4396-8898-9e15f062e665-global-Monitor" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "monitor" - }, - "labels": [], - "name": "Monitor", - "type": "Monitor", - "uid": "Monitor" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. Navigate to the Monitor blade. 2. Select Alerts. 3. Select Create. 4. Select Alert rule. 5. Under Filter by subscription, choose a subscription. 6. Under Filter by resource type, select Public IP addresses. 7. Under Filter by location, select All. 8. From the results, select the subscription. 9. Select Done. 10. Select the Condition tab. 11. Under Signal name, click Delete Public Ip Address (Microsoft.Network/publicIPAddresses). 12. Select the Actions tab. 13. To use an existing action group, click Select action groups. To create a new action group, click Create action group. Fill out the appropriate details for the selection. 14. Select the Details tab. 15. Select a Resource group, provide an Alert rule name and an optional Alert rule description. 16. Click Review + create. 17. Click Create.", - "references": [ - "https://azure.microsoft.com/en-us/updates/classic-alerting-monitoring-retirement" - ] - }, - "risk_details": "Monitoring for Delete Public IP Address events gives insight into network access changes and may reduce the time it takes to detect suspicious activity.", - "time": 1760899347, - "time_dt": "2025-10-19T18:42:27.982879", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There is not an alert for deleting Security Solution in subscription Azure subscription 1.", - "metadata": { - "event_code": "monitor_alert_delete_security_solution", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "There is not an alert for deleting Security Solution in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-in/azure/azure-monitor/platform/alerts-activity-log", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "By default, no monitoring alerts are created.", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.2" - ], - "MITRE-ATTACK": [ - "T1485", - "T1496" - ], - "CIS-2.0": [ - "5.2.6" - ], - "ProwlerThreatScore-1.0": [ - "3.3.8" - ], - "ISO27001-2022": [ - "A.5.7", - "A.5.16", - "A.5.22", - "A.8.16" - ], - "SOC2": [ - "cc_2_1", - "cc_5_2", - "cc_7_3", - "cc_7_4", - "cc_8_1" - ], - "CIS-2.1": [ - "5.2.6" - ], - "CIS-3.0": [ - "6.2.6" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR02", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN07.AR02" - ], - "CIS-4.0": [ - "7.1.2.6" - ], - "NIS2": [ - "2.2.3", - "3.2.1", - "3.2.2", - "3.2.3.f", - "3.2.4", - "3.4.1", - "3.5.4", - "4.3.2.c", - "6.4.1", - "7.2.b", - "11.5.2.d" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760899347, - "created_time_dt": "2025-10-19T18:42:27.982879", - "desc": "Create an activity log alert for the Delete Security Solution event.", - "title": "Ensure that Activity Log Alert exists for Delete Security Solution", - "types": [], - "uid": "prowler-azure-monitor_alert_delete_security_solution-3bb71587-4549-4396-8898-9e15f062e665-global-Monitor" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "monitor" - }, - "labels": [], - "name": "Monitor", - "type": "Monitor", - "uid": "Monitor" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. Navigate to the Monitor blade. 2. Select Alerts. 3. Select Create. 4. Select Alert rule. 5. Under Filter by subscription, choose a subscription. 6. Under Filter by resource type, select Security Solutions (securitySolutions). 7. Under Filter by location, select All. 8. From the results, select the subscription. 9. Select Done. 10. Select the Condition tab. 11. Under Signal name, click Delete Security Solutions (Microsoft.Security/securitySolutions). 12. Select the Actions tab. 13. To use an existing action group, click Select action groups. To create a new action group, click Create action group. Fill out the appropriate details for the selection. 14. Select the Details tab. 15. Select a Resource group, provide an Alert rule name and an optional Alert rule description. 16. Click Review + create. 17. Click Create.curitySolutions). 7. Under Filter by location, select All. 8. From the results, select the subscription. 9. Select Done. 10. Select the Condition tab. 11. Under Signal name, click Create or Update Security Solutions (Microsoft.Security/securitySolutions). 12. Select the Actions tab. 13. To use an existing action group, click Select action groups. To create a new action group, click Create action group. Fill out the appropriate details for the selection. 14. Select the Details tab. 15. Select a Resource group, provide an Alert rule name and an optional Alert rule description. 16. Click Review + create. 17. Click Create.", - "references": [ - "https://azure.microsoft.com/en-us/updates/classic-alerting-monitoring-retirement" - ] - }, - "risk_details": "Monitoring for Delete Security Solution events gives insight into changes to the active security solutions and may reduce the time it takes to detect suspicious activity.", - "time": 1760899347, - "time_dt": "2025-10-19T18:42:27.982879", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There is not an alert for deleting SQL Server firewall rule in subscription Azure subscription 1.", - "metadata": { - "event_code": "monitor_alert_delete_sqlserver_fr", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "There is not an alert for deleting SQL Server firewall rule in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-in/azure/azure-monitor/platform/alerts-activity-log", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "By default, no monitoring alerts are created.", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.2" - ], - "MITRE-ATTACK": [ - "T1485", - "T1496" - ], - "CIS-2.0": [ - "5.2.8" - ], - "ProwlerThreatScore-1.0": [ - "3.3.10" - ], - "ISO27001-2022": [ - "A.5.7", - "A.8.16" - ], - "SOC2": [ - "cc_2_1", - "cc_5_2", - "cc_7_3", - "cc_7_4", - "cc_8_1" - ], - "CIS-2.1": [ - "5.2.8" - ], - "CIS-3.0": [ - "6.2.8" - ], - "CCC": [ - "CCC.Logging.CN07.AR01" - ], - "CIS-4.0": [ - "7.1.2.8" - ], - "NIS2": [ - "2.2.3", - "3.2.1", - "3.2.2", - "3.2.3.f", - "3.2.4", - "3.4.1", - "3.5.4", - "4.3.2.c", - "6.4.1", - "7.2.b", - "11.3.1", - "11.5.2.d" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760899347, - "created_time_dt": "2025-10-19T18:42:27.982879", - "desc": "Create an activity log alert for the 'Delete SQL Server Firewall Rule.'", - "title": "Ensure that Activity Log Alert exists for Delete SQL Server Firewall Rule", - "types": [], - "uid": "prowler-azure-monitor_alert_delete_sqlserver_fr-3bb71587-4549-4396-8898-9e15f062e665-global-Monitor" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "monitor" - }, - "labels": [], - "name": "Monitor", - "type": "Monitor", - "uid": "Monitor" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. Navigate to the Monitor blade. 2. Select Alerts. 3. Select Create. 4. Select Alert rule. 5. Under Filter by subscription, choose a subscription. 6. Under Filter by resource type, select Server Firewall Rule (servers/firewallRules). 7. Under Filter by location, select All. 8. From the results, select the subscription. 9. Select Done. 10. Select the Condition tab. 11. Under Signal name, click Delete server firewall rule (Microsoft.Sql/servers/firewallRules). 12. Select the Actions tab. 13. To use an existing action group, click Select action groups. To create a new action group, click Create action group. Fill out the appropriate details for the selection. 14. Select the Details tab. 15. Select a Resource group, provide an Alert rule name and an optional Alert rule description. 16. Click Review + create. 17. Click Create.", - "references": [ - "https://azure.microsoft.com/en-us/updates/classic-alerting-monitoring-retirement" - ] - }, - "risk_details": "Monitoring for Delete SQL Server Firewall Rule events gives insight into SQL network access changes and may reduce the time it takes to detect suspicious activity.", - "time": 1760899347, - "time_dt": "2025-10-19T18:42:27.982879", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There is no activity log alert for Service Health in subscription Azure subscription 1.", - "metadata": { - "event_code": "monitor_alert_service_health_exists", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "There is no activity log alert for Service Health in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/service-health/overview", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "By default, in your Azure subscription there will not be any activity log alerts configured for Service Health events.", - "compliance": { - "CCC": [ - "CCC.AuditLog.CN03.AR02", - "CCC.KeyMgmt.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN07.AR02" - ], - "CIS-4.0": [ - "7.1.2.11" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760899347, - "created_time_dt": "2025-10-19T18:42:27.982879", - "desc": "Ensure that an Azure activity log alert is configured to trigger when Service Health events occur within your Microsoft Azure cloud account. The alert should activate when new events match the specified conditions in the alert rule configuration.", - "title": "Ensure that an Activity Log Alert exists for Service Health", - "types": [], - "uid": "prowler-azure-monitor_alert_service_health_exists-3bb71587-4549-4396-8898-9e15f062e665-global-Monitor" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "monitor" - }, - "labels": [], - "name": "Monitor", - "type": "Monitor", - "uid": "Monitor" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "Create an activity log alert for Service Health events and configure an action group to notify appropriate personnel.", - "references": [ - "https://learn.microsoft.com/en-us/azure/service-health/alerts-activity-log-service-notifications-portal" - ] - }, - "risk_details": "Lack of monitoring for Service Health events may result in missing critical service issues, planned maintenance, security advisories, or other changes that could impact Azure services and regions in use.", - "time": 1760899347, - "time_dt": "2025-10-19T18:42:27.982879", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There are no diagnostic settings capturing appropiate categories in subscription Azure subscription 1.", - "metadata": { - "event_code": "monitor_diagnostic_setting_with_appropriate_categories", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "There are no diagnostic settings capturing appropiate categories in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/azure-monitor/essentials/diagnostic-settings", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "When the diagnostic setting is created using Azure Portal, by default no categories are selected.", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.az.md.1", - "op.mon.2.az.md.1" - ], - "CIS-2.0": [ - "5.1.2" - ], - "ProwlerThreatScore-1.0": [ - "3.3.2" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.22" - ], - "SOC2": [ - "cc_8_1" - ], - "CIS-2.1": [ - "5.1.2" - ], - "CIS-3.0": [ - "6.1.2" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR02", - "CCC.AuditLog.CN04.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.LB.CN01.AR02", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.ObjStor.CN06.AR01", - "CCC.Core.CN09.AR02", - "CCC.Core.CN09.AR03", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR02", - "CCC.Core.CN04.AR03", - "CCC.Core.CN07.AR02" - ], - "PCI-4.0": [ - "10.2.1.1.7", - "10.2.1.1.15", - "10.2.1.2.7", - "10.2.1.3.7", - "10.2.1.4.7", - "10.2.1.5.7", - "10.2.1.6.7", - "10.2.1.7.7", - "10.2.1.7", - "10.2.2.7", - "10.3.1.7", - "10.3.2.2", - "10.3.3.4", - "10.3.4.3", - "10.4.1.1.3", - "10.4.1.1.4", - "10.4.1.3", - "10.4.2.4", - "10.5.1.3", - "10.6.3.7", - "10.6.3.15", - "10.7.1.5", - "10.7.2.5", - "11.5.2.4", - "11.6.1.4", - "12.10.5.4", - "5.3.4.7", - "5.3.4.8", - "A1.2.1.7", - "A1.2.1.8", - "A3.3.1.6", - "A3.3.1.7", - "A3.5.1.6", - "A3.5.1.7" - ], - "CIS-4.0": [ - "7.1.1.2" - ], - "NIS2": [ - "2.2.3", - "3.2.1", - "3.2.2", - "3.2.3.c", - "3.2.3.f", - "3.4.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760899347, - "created_time_dt": "2025-10-19T18:42:27.982879", - "desc": "Prerequisite: A Diagnostic Setting must exist. If a Diagnostic Setting does not exist, the navigation and options within this recommendation will not be available. Please review the recommendation at the beginning of this subsection titled: 'Ensure that a 'Diagnostic Setting' exists.' The diagnostic setting should be configured to log the appropriate activities from the control/management plane.", - "title": "Ensure Diagnostic Setting captures appropriate categories", - "types": [], - "uid": "prowler-azure-monitor_diagnostic_setting_with_appropriate_categories-3bb71587-4549-4396-8898-9e15f062e665-global-Monitor" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "monitor" - }, - "labels": [], - "name": "Monitor", - "type": "Monitor", - "uid": "Monitor" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. Go to Azure Monitor 2. Click Activity log 3. Click on Export Activity Logs 4. Select the Subscription from the drop down menu 5. Click on Add diagnostic setting 6. Enter a name for your new Diagnostic Setting 7. Check the following categories: Administrative, Alert, Policy, and Security 8. Choose the destination details according to your organization's needs.", - "references": [ - "https://learn.microsoft.com/en-us/azure/storage/common/manage-storage-analytics-logs?toc=%2Fazure%2Fstorage%2Fblobs%2Ftoc.json&bc=%2Fazure%2Fstorage%2Fblobs%2Fbreadcrumb%2Ftoc.json&tabs=azure-portal" - ] - }, - "risk_details": "A diagnostic setting controls how the diagnostic log is exported. Capturing the diagnostic setting categories for appropriate control/management plane activities allows proper alerting.", - "time": 1760899347, - "time_dt": "2025-10-19T18:42:27.982879", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No diagnostic settings found in subscription Azure subscription 1.", - "metadata": { - "event_code": "monitor_diagnostic_settings_exists", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "No diagnostic settings found in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/cli/azure/monitor/diagnostic-settings?view=azure-cli-latest", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "By default, diagnostic setting is not set.", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.r5.az.ds.1", - "op.mon.2.r2.az.ma.1" - ], - "CIS-2.0": [ - "5.1.1" - ], - "ProwlerThreatScore-1.0": [ - "3.2.3" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.22" - ], - "SOC2": [ - "cc_8_1" - ], - "CIS-2.1": [ - "5.1.1" - ], - "CIS-3.0": [ - "6.1.1" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN03.AR02", - "CCC.AuditLog.CN04.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.AuditLog.CN06.AR01", - "CCC.AuditLog.CN08.AR01", - "CCC.AuditLog.CN09.AR01", - "CCC.KeyMgmt.CN01.AR01", - "CCC.LB.CN01.AR02", - "CCC.LB.CN06.AR01", - "CCC.LB.CN04.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.AuditLog.CN04.AR01", - "CCC.Logging.CN05.AR01", - "CCC.Logging.CN05.AR02", - "CCC.Logging.CN07.AR01", - "CCC.ObjStor.CN06.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN09.AR01", - "CCC.Core.CN09.AR02", - "CCC.Core.CN09.AR03", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR02", - "CCC.Core.CN04.AR03", - "CCC.Core.CN07.AR02" - ], - "CIS-4.0": [ - "7.1.1.1" - ], - "NIS2": [ - "2.2.3", - "3.2.1", - "3.2.2", - "3.2.3.b", - "3.2.3.c", - "3.2.3.f", - "3.2.3.h", - "3.4.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760899347, - "created_time_dt": "2025-10-19T18:42:27.982879", - "desc": "Enable Diagnostic settings for exporting activity logs. Diagnostic settings are available for each individual resource within a subscription. Settings should be configured for all appropriate resources for your environment.", - "title": "Ensure that a 'Diagnostic Setting' exists for Subscription Activity Logs ", - "types": [], - "uid": "prowler-azure-monitor_diagnostic_settings_exists-3bb71587-4549-4396-8898-9e15f062e665-global-Diagnostic Settings" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "monitor" - }, - "labels": [], - "name": "Diagnostic Settings", - "type": "Monitor", - "uid": "diagnostic_settings" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "To enable Diagnostic Settings on a Subscription: 1. Go to Monitor 2. Click on Activity Log 3. Click on Export Activity Logs 4. Click + Add diagnostic setting 5. Enter a Diagnostic setting name 6. Select Categories for the diagnostic settings 7. Select the appropriate Destination details (this may be Log Analytics, Storage Account, Event Hub, or Partner solution) 8. Click Save To enable Diagnostic Settings on a specific resource: 1. Go to Monitor 2. Click Diagnostic settings 3. Click on the resource that has a diagnostics status of disabled 4. Select Add Diagnostic Setting 5. Enter a Diagnostic setting name 6. Select the appropriate log, metric, and destination. (this may be Log Analytics, Storage Account, Event Hub, or Partner solution) 7. Click save Repeat these step for all resources as needed.", - "references": [ - "https://docs.microsoft.com/en-us/azure/monitoring-and-diagnostics/monitoring-overview-activity-logs#export-the-activity-log-with-a-log-profile" - ] - }, - "risk_details": "A diagnostic setting controls how a diagnostic log is exported. By default, logs are retained only for 90 days. Diagnostic settings should be defined so that logs can be exported and stored for a longer duration in order to analyze security activities within an Azure subscription.", - "time": 1760899347, - "time_dt": "2025-10-19T18:42:27.982879", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Bastion Host from subscription Azure subscription 1 does not exist", - "metadata": { - "event_code": "network_bastion_host_exists", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Bastion Host from subscription Azure subscription 1 does not exist", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/bastion/bastion-overview#sku", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "The Azure Bastion service incurs additional costs and requires a specific virtual network configuration. The Standard tier offers additional configuration options compared to the Basic tier and may incur additional costs for those added features.", - "compliance": { - "ENS-RD2022": [ - "mp.com.4.r4.az.nt.1" - ], - "CIS-2.0": [ - "7.1" - ], - "ProwlerThreatScore-1.0": [ - "2.1.5" - ], - "ISO27001-2022": [ - "A.8.14", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "CIS-2.1": [ - "7.1" - ], - "CIS-3.0": [ - "8.1" - ], - "CIS-4.0": [ - "9.4.1" - ], - "NIS2": [ - "2.3.1", - "6.7.2.b", - "6.7.2.l", - "11.1.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760899347, - "created_time_dt": "2025-10-19T18:42:27.982879", - "desc": "The Azure Bastion service allows secure remote access to Azure Virtual Machines over the Internet without exposing remote access protocol ports and services directly to the Internet. The Azure Bastion service provides this access using TLS over 443/TCP, and subscribes to hardened configurations within an organization's Azure Active Directory service.", - "title": "Ensure an Azure Bastion Host Exists", - "types": [], - "uid": "prowler-azure-network_bastion_host_exists-3bb71587-4549-4396-8898-9e15f062e665-global-Bastion Host" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "network" - }, - "labels": [], - "name": "Bastion Host", - "type": "Network", - "uid": "Bastion Host" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "From Azure Portal* 1. Click on Bastions 2. Select the Subscription 3. Select the Resource group 4. Type a Name for the new Bastion host 5. Select a Region 6. Choose Standard next to Tier 7. Use the slider to set the Instance count 8. Select the Virtual network or Create new 9. Select the Subnet named AzureBastionSubnet. Create a Subnet named AzureBastionSubnet using a /26 CIDR range if it doesn't already exist. 10. Selct the appropriate Public IP address option. 11. If Create new is selected for the Public IP address option, provide a Public IP address name. 12. If Use existing is selected for Public IP address option, select an IP address from Choose public IP address 13. Click Next: Tags > 14. Configure the appropriate Tags 15. Click Next: Advanced > 16. Select the appropriate Advanced options 17. Click Next: Review + create > 18. Click Create From Azure CLI az network bastion create --location --name --public-ip-address --resource-group --vnet-name --scale-units --sku Standard [--disable-copy- paste true|false] [--enable-ip-connect true|false] [--enable-tunneling true|false] From PowerShell Create the appropriate Virtual network settings and Public IP Address settings. $subnetName = 'AzureBastionSubnet' $subnet = New-AzVirtualNetworkSubnetConfig -Name $subnetName -AddressPrefix $virtualNet = New-AzVirtualNetwork -Name - ResourceGroupName -Location -AddressPrefix -Subnet $subnet $publicip = New-AzPublicIpAddress -ResourceGroupName - Name -Location -AllocationMethod Dynamic -Sku Standard", - "references": [ - "https://learn.microsoft.com/en-us/powershell/module/az.network/get-azbastion?view=azps-9.2.0" - ] - }, - "risk_details": "The Azure Bastion service allows organizations a more secure means of accessing Azure Virtual Machines over the Internet without assigning public IP addresses to those Virtual Machines. The Azure Bastion service provides Remote Desktop Protocol (RDP) and Secure Shell (SSH) access to Virtual Machines using TLS within a web browser, thus preventing organizations from opening up 3389/TCP and 22/TCP to the Internet on Azure Virtual Machines. Additional benefits of the Bastion service includes Multi-Factor Authentication, Conditional Access Policies, and any other hardening measures configured within Azure Active Directory using a central point of access.", - "time": 1760899347, - "time_dt": "2025-10-19T18:42:27.982879", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Network Watcher NetworkWatcher_southcentralus from subscription Azure subscription 1 has no flow logs", - "metadata": { - "event_code": "network_flow_log_captured_sent", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Network Watcher NetworkWatcher_southcentralus from subscription Azure subscription 1 has no flow logs", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/security/benchmark/azure/mcsb-logging-threat-detection#lt-4-enable-network-logging-for-security-investigation", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "The impact of configuring NSG Flow logs is primarily one of cost and configuration. If deployed, it will create storage accounts that hold minimal amounts of data on a 5-day lifecycle before feeding to Log Analytics Workspace. This will increase the amount of data stored and used by Azure Monitor.", - "compliance": { - "ENS-RD2022": [ - "op.mon.1.r1.az.nf.1", - "op.mon.3.az.nw.1", - "mp.s.4.r1.az.nt.1" - ], - "MITRE-ATTACK": [ - "T1048", - "T1499" - ], - "CIS-2.0": [ - "5.1.6" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "ISO27001-2022": [ - "A.8.14", - "A.8.15", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "5.1.5" - ], - "CIS-3.0": [ - "6.1.5" - ], - "CCC": [ - "CCC.LB.CN01.AR02", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR01", - "CCC.Core.CN09.AR03", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR02", - "CCC.Core.CN04.AR03" - ], - "CIS-4.0": [ - "7.1.1.5" - ], - "NIS2": [ - "2.1.2.h", - "2.3.1", - "3.2.3.a", - "3.2.3.d", - "3.2.3.g", - "6.7.2.b", - "6.7.2.l", - "11.1.1", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760899347, - "created_time_dt": "2025-10-19T18:42:27.982879", - "desc": "Ensure that network flow logs are captured and fed into a central log analytics workspace.", - "title": "Ensure that network flow logs are captured and fed into a central log analytics workspace.", - "types": [], - "uid": "prowler-azure-network_flow_log_captured_sent-3bb71587-4549-4396-8898-9e15f062e665-southcentralus-NetworkWatcher_southcentralus" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "southcentralus", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_southcentralus", - "name": "NetworkWatcher_southcentralus", - "location": "southcentralus", - "flow_logs": [] - } - }, - "group": { - "name": "network" - }, - "labels": [], - "name": "NetworkWatcher_southcentralus", - "type": "Network", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_southcentralus" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "southcentralus" - }, - "remediation": { - "desc": "1. Navigate to Network Watcher. 2. Select NSG flow logs. 3. Select + Create. 4. Select the desired Subscription. 5. Select + Select NSG. 6. Select a network security group. 7. Click Confirm selection. 8. Select or create a new Storage Account. 9. Input the retention in days to retain the log. 10. Click Next. 11. Under Configuration, select Version 2. 12. If rich analytics are required, select Enable Traffic Analytics, a processing interval, and a Log Analytics Workspace. 13. Select Next. 14. Optionally add Tags. 15. Select Review + create. 16. Select Create. Warning The remediation policy creates remediation deployment and names them by concatenating the subscription name and the resource group name. The MAXIMUM permitted length of a deployment name is 64 characters. Exceeding this will cause the remediation task to fail.", - "references": [ - "https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-nsg-flow-logging-portal" - ] - }, - "risk_details": "Network Flow Logs provide valuable insight into the flow of traffic around your network and feed into both Azure Monitor and Azure Sentinel (if in use), permitting the generation of visual flow diagrams to aid with analyzing for lateral movement, etc.", - "time": 1760899347, - "time_dt": "2025-10-19T18:42:27.982879", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Network Watcher NetworkWatcher_centralindia from subscription Azure subscription 1 has no flow logs", - "metadata": { - "event_code": "network_flow_log_captured_sent", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Network Watcher NetworkWatcher_centralindia from subscription Azure subscription 1 has no flow logs", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/security/benchmark/azure/mcsb-logging-threat-detection#lt-4-enable-network-logging-for-security-investigation", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "The impact of configuring NSG Flow logs is primarily one of cost and configuration. If deployed, it will create storage accounts that hold minimal amounts of data on a 5-day lifecycle before feeding to Log Analytics Workspace. This will increase the amount of data stored and used by Azure Monitor.", - "compliance": { - "ENS-RD2022": [ - "op.mon.1.r1.az.nf.1", - "op.mon.3.az.nw.1", - "mp.s.4.r1.az.nt.1" - ], - "MITRE-ATTACK": [ - "T1048", - "T1499" - ], - "CIS-2.0": [ - "5.1.6" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "ISO27001-2022": [ - "A.8.14", - "A.8.15", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "5.1.5" - ], - "CIS-3.0": [ - "6.1.5" - ], - "CCC": [ - "CCC.LB.CN01.AR02", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR01", - "CCC.Core.CN09.AR03", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR02", - "CCC.Core.CN04.AR03" - ], - "CIS-4.0": [ - "7.1.1.5" - ], - "NIS2": [ - "2.1.2.h", - "2.3.1", - "3.2.3.a", - "3.2.3.d", - "3.2.3.g", - "6.7.2.b", - "6.7.2.l", - "11.1.1", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760899347, - "created_time_dt": "2025-10-19T18:42:27.982879", - "desc": "Ensure that network flow logs are captured and fed into a central log analytics workspace.", - "title": "Ensure that network flow logs are captured and fed into a central log analytics workspace.", - "types": [], - "uid": "prowler-azure-network_flow_log_captured_sent-3bb71587-4549-4396-8898-9e15f062e665-centralindia-NetworkWatcher_centralindia" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "centralindia", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_centralindia", - "name": "NetworkWatcher_centralindia", - "location": "centralindia", - "flow_logs": [] - } - }, - "group": { - "name": "network" - }, - "labels": [], - "name": "NetworkWatcher_centralindia", - "type": "Network", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_centralindia" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "centralindia" - }, - "remediation": { - "desc": "1. Navigate to Network Watcher. 2. Select NSG flow logs. 3. Select + Create. 4. Select the desired Subscription. 5. Select + Select NSG. 6. Select a network security group. 7. Click Confirm selection. 8. Select or create a new Storage Account. 9. Input the retention in days to retain the log. 10. Click Next. 11. Under Configuration, select Version 2. 12. If rich analytics are required, select Enable Traffic Analytics, a processing interval, and a Log Analytics Workspace. 13. Select Next. 14. Optionally add Tags. 15. Select Review + create. 16. Select Create. Warning The remediation policy creates remediation deployment and names them by concatenating the subscription name and the resource group name. The MAXIMUM permitted length of a deployment name is 64 characters. Exceeding this will cause the remediation task to fail.", - "references": [ - "https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-nsg-flow-logging-portal" - ] - }, - "risk_details": "Network Flow Logs provide valuable insight into the flow of traffic around your network and feed into both Azure Monitor and Azure Sentinel (if in use), permitting the generation of visual flow diagrams to aid with analyzing for lateral movement, etc.", - "time": 1760899347, - "time_dt": "2025-10-19T18:42:27.982879", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Network Watcher NetworkWatcher_westus2 from subscription Azure subscription 1 has no flow logs", - "metadata": { - "event_code": "network_flow_log_captured_sent", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Network Watcher NetworkWatcher_westus2 from subscription Azure subscription 1 has no flow logs", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/security/benchmark/azure/mcsb-logging-threat-detection#lt-4-enable-network-logging-for-security-investigation", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "The impact of configuring NSG Flow logs is primarily one of cost and configuration. If deployed, it will create storage accounts that hold minimal amounts of data on a 5-day lifecycle before feeding to Log Analytics Workspace. This will increase the amount of data stored and used by Azure Monitor.", - "compliance": { - "ENS-RD2022": [ - "op.mon.1.r1.az.nf.1", - "op.mon.3.az.nw.1", - "mp.s.4.r1.az.nt.1" - ], - "MITRE-ATTACK": [ - "T1048", - "T1499" - ], - "CIS-2.0": [ - "5.1.6" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "ISO27001-2022": [ - "A.8.14", - "A.8.15", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "5.1.5" - ], - "CIS-3.0": [ - "6.1.5" - ], - "CCC": [ - "CCC.LB.CN01.AR02", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR01", - "CCC.Core.CN09.AR03", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR02", - "CCC.Core.CN04.AR03" - ], - "CIS-4.0": [ - "7.1.1.5" - ], - "NIS2": [ - "2.1.2.h", - "2.3.1", - "3.2.3.a", - "3.2.3.d", - "3.2.3.g", - "6.7.2.b", - "6.7.2.l", - "11.1.1", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760899347, - "created_time_dt": "2025-10-19T18:42:27.982879", - "desc": "Ensure that network flow logs are captured and fed into a central log analytics workspace.", - "title": "Ensure that network flow logs are captured and fed into a central log analytics workspace.", - "types": [], - "uid": "prowler-azure-network_flow_log_captured_sent-3bb71587-4549-4396-8898-9e15f062e665-westus2-NetworkWatcher_westus2" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "westus2", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_westus2", - "name": "NetworkWatcher_westus2", - "location": "westus2", - "flow_logs": [] - } - }, - "group": { - "name": "network" - }, - "labels": [], - "name": "NetworkWatcher_westus2", - "type": "Network", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_westus2" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "westus2" - }, - "remediation": { - "desc": "1. Navigate to Network Watcher. 2. Select NSG flow logs. 3. Select + Create. 4. Select the desired Subscription. 5. Select + Select NSG. 6. Select a network security group. 7. Click Confirm selection. 8. Select or create a new Storage Account. 9. Input the retention in days to retain the log. 10. Click Next. 11. Under Configuration, select Version 2. 12. If rich analytics are required, select Enable Traffic Analytics, a processing interval, and a Log Analytics Workspace. 13. Select Next. 14. Optionally add Tags. 15. Select Review + create. 16. Select Create. Warning The remediation policy creates remediation deployment and names them by concatenating the subscription name and the resource group name. The MAXIMUM permitted length of a deployment name is 64 characters. Exceeding this will cause the remediation task to fail.", - "references": [ - "https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-nsg-flow-logging-portal" - ] - }, - "risk_details": "Network Flow Logs provide valuable insight into the flow of traffic around your network and feed into both Azure Monitor and Azure Sentinel (if in use), permitting the generation of visual flow diagrams to aid with analyzing for lateral movement, etc.", - "time": 1760899347, - "time_dt": "2025-10-19T18:42:27.982879", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Network Watcher NetworkWatcher_southcentralus from subscription Azure subscription 1 has no flow logs", - "metadata": { - "event_code": "network_flow_log_more_than_90_days", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Network Watcher NetworkWatcher_southcentralus from subscription Azure subscription 1 has no flow logs", - "status_id": 1, - "unmapped": { - "related_url": " https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-nsg-flow-logging-overview", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "This will keep IP traffic logs for longer than 90 days. As a level 2, first determine your need to retain data, then apply your selection here. As this is data stored for longer, your monthly storage costs will increase depending on your data use.", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.r3.az.nt.1", - "op.mon.3.az.nw.1" - ], - "MITRE-ATTACK": [ - "T1499" - ], - "CIS-2.0": [ - "6.5" - ], - "ProwlerThreatScore-1.0": [ - "3.2.1" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1", - "cc_c_1_2" - ], - "CIS-2.1": [ - "6.5" - ], - "CIS-3.0": [ - "7.5" - ], - "CCC": [ - "CCC.Logging.CN02.AR01", - "CCC.Logging.CN02.AR02", - "CCC.VPC.CN04.AR01" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.29", - "10.2.1.3.29", - "10.2.1.4.29", - "10.2.1.5.29", - "10.2.1.6.29", - "10.2.1.7.29", - "10.2.1.29", - "10.2.2.29", - "10.3.1.29", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.34" - ], - "CIS-4.0": [ - "8.8", - "8.5" - ], - "NIS2": [ - "1.1.1.c", - "2.1.2.h", - "2.3.1", - "3.2.3.a", - "3.2.3.g", - "3.2.5", - "4.1.2.g", - "4.1.4", - "4.2.2.f", - "6.1.2.b", - "6.7.2.b", - "6.7.2.l", - "11.1.1", - "11.2.2.f", - "12.2.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760899347, - "created_time_dt": "2025-10-19T18:42:27.982879", - "desc": "Network Security Group Flow Logs should be enabled and the retention period set to greater than or equal to 90 days.", - "title": "Ensure that Network Security Group Flow Log retention period is 0, 90 days or greater", - "types": [], - "uid": "prowler-azure-network_flow_log_more_than_90_days-3bb71587-4549-4396-8898-9e15f062e665-southcentralus-NetworkWatcher_southcentralus" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "southcentralus", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_southcentralus", - "name": "NetworkWatcher_southcentralus", - "location": "southcentralus", - "flow_logs": [] - } - }, - "group": { - "name": "network" - }, - "labels": [], - "name": "NetworkWatcher_southcentralus", - "type": "Network", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_southcentralus" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "southcentralus" - }, - "remediation": { - "desc": "From Azure Portal 1. Go to Network Watcher 2. Select NSG flow logs blade in the Logs section 3. Select each Network Security Group from the list 4. Ensure Status is set to On 5. Ensure Retention (days) setting greater than 90 days 6. Select your storage account in the Storage account field 7. Select Save From Azure CLI Enable the NSG flow logs and set the Retention (days) to greater than or equal to 90 days. az network watcher flow-log configure --nsg --enabled true --resource-group --retention 91 --storage-account ", - "references": [ - "https://docs.microsoft.com/en-us/cli/azure/network/watcher/flow-log?view=azure-cli-latest" - ] - }, - "risk_details": "Flow logs enable capturing information about IP traffic flowing in and out of network security groups. Logs can be used to check for anomalies and give insight into suspected breaches.", - "time": 1760899347, - "time_dt": "2025-10-19T18:42:27.982879", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Network Watcher NetworkWatcher_centralindia from subscription Azure subscription 1 has no flow logs", - "metadata": { - "event_code": "network_flow_log_more_than_90_days", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Network Watcher NetworkWatcher_centralindia from subscription Azure subscription 1 has no flow logs", - "status_id": 1, - "unmapped": { - "related_url": " https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-nsg-flow-logging-overview", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "This will keep IP traffic logs for longer than 90 days. As a level 2, first determine your need to retain data, then apply your selection here. As this is data stored for longer, your monthly storage costs will increase depending on your data use.", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.r3.az.nt.1", - "op.mon.3.az.nw.1" - ], - "MITRE-ATTACK": [ - "T1499" - ], - "CIS-2.0": [ - "6.5" - ], - "ProwlerThreatScore-1.0": [ - "3.2.1" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1", - "cc_c_1_2" - ], - "CIS-2.1": [ - "6.5" - ], - "CIS-3.0": [ - "7.5" - ], - "CCC": [ - "CCC.Logging.CN02.AR01", - "CCC.Logging.CN02.AR02", - "CCC.VPC.CN04.AR01" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.29", - "10.2.1.3.29", - "10.2.1.4.29", - "10.2.1.5.29", - "10.2.1.6.29", - "10.2.1.7.29", - "10.2.1.29", - "10.2.2.29", - "10.3.1.29", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.34" - ], - "CIS-4.0": [ - "8.8", - "8.5" - ], - "NIS2": [ - "1.1.1.c", - "2.1.2.h", - "2.3.1", - "3.2.3.a", - "3.2.3.g", - "3.2.5", - "4.1.2.g", - "4.1.4", - "4.2.2.f", - "6.1.2.b", - "6.7.2.b", - "6.7.2.l", - "11.1.1", - "11.2.2.f", - "12.2.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760899347, - "created_time_dt": "2025-10-19T18:42:27.982879", - "desc": "Network Security Group Flow Logs should be enabled and the retention period set to greater than or equal to 90 days.", - "title": "Ensure that Network Security Group Flow Log retention period is 0, 90 days or greater", - "types": [], - "uid": "prowler-azure-network_flow_log_more_than_90_days-3bb71587-4549-4396-8898-9e15f062e665-centralindia-NetworkWatcher_centralindia" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "centralindia", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_centralindia", - "name": "NetworkWatcher_centralindia", - "location": "centralindia", - "flow_logs": [] - } - }, - "group": { - "name": "network" - }, - "labels": [], - "name": "NetworkWatcher_centralindia", - "type": "Network", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_centralindia" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "centralindia" - }, - "remediation": { - "desc": "From Azure Portal 1. Go to Network Watcher 2. Select NSG flow logs blade in the Logs section 3. Select each Network Security Group from the list 4. Ensure Status is set to On 5. Ensure Retention (days) setting greater than 90 days 6. Select your storage account in the Storage account field 7. Select Save From Azure CLI Enable the NSG flow logs and set the Retention (days) to greater than or equal to 90 days. az network watcher flow-log configure --nsg --enabled true --resource-group --retention 91 --storage-account ", - "references": [ - "https://docs.microsoft.com/en-us/cli/azure/network/watcher/flow-log?view=azure-cli-latest" - ] - }, - "risk_details": "Flow logs enable capturing information about IP traffic flowing in and out of network security groups. Logs can be used to check for anomalies and give insight into suspected breaches.", - "time": 1760899347, - "time_dt": "2025-10-19T18:42:27.982879", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Network Watcher NetworkWatcher_westus2 from subscription Azure subscription 1 has no flow logs", - "metadata": { - "event_code": "network_flow_log_more_than_90_days", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Network Watcher NetworkWatcher_westus2 from subscription Azure subscription 1 has no flow logs", - "status_id": 1, - "unmapped": { - "related_url": " https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-nsg-flow-logging-overview", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "This will keep IP traffic logs for longer than 90 days. As a level 2, first determine your need to retain data, then apply your selection here. As this is data stored for longer, your monthly storage costs will increase depending on your data use.", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.r3.az.nt.1", - "op.mon.3.az.nw.1" - ], - "MITRE-ATTACK": [ - "T1499" - ], - "CIS-2.0": [ - "6.5" - ], - "ProwlerThreatScore-1.0": [ - "3.2.1" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1", - "cc_c_1_2" - ], - "CIS-2.1": [ - "6.5" - ], - "CIS-3.0": [ - "7.5" - ], - "CCC": [ - "CCC.Logging.CN02.AR01", - "CCC.Logging.CN02.AR02", - "CCC.VPC.CN04.AR01" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.29", - "10.2.1.3.29", - "10.2.1.4.29", - "10.2.1.5.29", - "10.2.1.6.29", - "10.2.1.7.29", - "10.2.1.29", - "10.2.2.29", - "10.3.1.29", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.34" - ], - "CIS-4.0": [ - "8.8", - "8.5" - ], - "NIS2": [ - "1.1.1.c", - "2.1.2.h", - "2.3.1", - "3.2.3.a", - "3.2.3.g", - "3.2.5", - "4.1.2.g", - "4.1.4", - "4.2.2.f", - "6.1.2.b", - "6.7.2.b", - "6.7.2.l", - "11.1.1", - "11.2.2.f", - "12.2.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760899347, - "created_time_dt": "2025-10-19T18:42:27.982879", - "desc": "Network Security Group Flow Logs should be enabled and the retention period set to greater than or equal to 90 days.", - "title": "Ensure that Network Security Group Flow Log retention period is 0, 90 days or greater", - "types": [], - "uid": "prowler-azure-network_flow_log_more_than_90_days-3bb71587-4549-4396-8898-9e15f062e665-westus2-NetworkWatcher_westus2" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "westus2", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_westus2", - "name": "NetworkWatcher_westus2", - "location": "westus2", - "flow_logs": [] - } - }, - "group": { - "name": "network" - }, - "labels": [], - "name": "NetworkWatcher_westus2", - "type": "Network", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_westus2" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "westus2" - }, - "remediation": { - "desc": "From Azure Portal 1. Go to Network Watcher 2. Select NSG flow logs blade in the Logs section 3. Select each Network Security Group from the list 4. Ensure Status is set to On 5. Ensure Retention (days) setting greater than 90 days 6. Select your storage account in the Storage account field 7. Select Save From Azure CLI Enable the NSG flow logs and set the Retention (days) to greater than or equal to 90 days. az network watcher flow-log configure --nsg --enabled true --resource-group --retention 91 --storage-account ", - "references": [ - "https://docs.microsoft.com/en-us/cli/azure/network/watcher/flow-log?view=azure-cli-latest" - ] - }, - "risk_details": "Flow logs enable capturing information about IP traffic flowing in and out of network security groups. Logs can be used to check for anomalies and give insight into suspected breaches.", - "time": 1760899347, - "time_dt": "2025-10-19T18:42:27.982879", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Security Group nsg-lee8 from subscription Azure subscription 1 has HTTP internet access restricted.", - "metadata": { - "event_code": "network_http_internet_access_restricted", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Security Group nsg-lee8 from subscription Azure subscription 1 has HTTP internet access restricted.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/security/benchmark/azure/security-controls-v3-network-security#ns-1-establish-network-segmentation-boundaries", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.com.3.r2.az.tls.1", - "mp.com.4.r3.az.1", - "mp.com.4.r4.az.nt.1", - "mp.s.4.az.nt.1" - ], - "MITRE-ATTACK": [ - "T1199", - "T1048", - "T1499", - "T1498", - "T1046" - ], - "CIS-2.0": [ - "6.4" - ], - "ProwlerThreatScore-1.0": [ - "2.1.4" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "SOC2": [ - "cc_6_6" - ], - "CIS-2.1": [ - "6.4" - ], - "CIS-3.0": [ - "7.4" - ], - "CCC": [ - "CCC.Build.CN03.AR01", - "CCC.MLDE.CN07.AR01", - "CCC.MLDE.CN07.AR02", - "CCC.MLDE.CN08.AR01", - "CCC.MLDE.CN08.AR02", - "CCC.Core.CN06.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05" - ], - "PCI-4.0": [ - "1.2.5.5", - "1.2.8.25", - "1.3.1.28", - "1.3.2.28", - "1.4.1.6", - "1.4.2.26", - "1.4.4.6", - "1.5.1.25", - "2.2.5.5", - "2.2.7.3", - "4.2.1.1.7", - "4.2.1.3", - "8.3.2.6", - "A1.1.3.25" - ], - "CIS-4.0": [ - "8.4" - ], - "NIS2": [ - "1.1.1.c", - "1.2.1", - "2.3.1", - "6.7.2.b", - "6.7.2.l", - "11.1.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760899347, - "created_time_dt": "2025-10-19T18:42:27.982879", - "desc": "Network security groups should be periodically evaluated for port misconfigurations. Where certain ports and protocols may be exposed to the Internet, they should be evaluated for necessity and restricted wherever they are not explicitly required and narrowly configured.", - "title": "Ensure that HTTP(S) access from the Internet is evaluated and restricted", - "types": [], - "uid": "prowler-azure-network_http_internet_access_restricted-3bb71587-4549-4396-8898-9e15f062e665-westus2-nsg-lee8" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "westus2", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-lee8/providers/Microsoft.Network/networkSecurityGroups/nsg-lee8", - "name": "nsg-lee8", - "location": "westus2", - "security_rules": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-lee8/providers/Microsoft.Network/networkSecurityGroups/nsg-lee8/securityRules/nsgr-lee8", - "name": "nsgr-lee8", - "destination_port_range": "*", - "protocol": "*", - "source_address_prefix": "192.168.0.0/24", - "access": "Deny", - "direction": "Outbound" - } - ] - } - }, - "group": { - "name": "network" - }, - "labels": [], - "name": "nsg-lee8", - "type": "Network", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-lee8/providers/Microsoft.Network/networkSecurityGroups/nsg-lee8" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "westus2" - }, - "remediation": { - "desc": "Where HTTP(S) is not explicitly required and narrowly configured for resources attached to the Network Security Group, Internet-level access to your Azure resources should be restricted or eliminated. For internal access to relevant resources, configure an encrypted network tunnel such as: ExpressRoute Site-to-site VPN Point-to-site VPN", - "references": [] - }, - "risk_details": "The potential security problem with using HTTP(S) over the Internet is that attackers can use various brute force techniques to gain access to Azure resources. Once the attackers gain access, they can use the resource as a launch point for compromising other resources within the Azure tenant.", - "time": 1760899347, - "time_dt": "2025-10-19T18:42:27.982879", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Security Group nsg-lee8 from subscription Azure subscription 1 has RDP internet access restricted.", - "metadata": { - "event_code": "network_rdp_internet_access_restricted", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Security Group nsg-lee8 from subscription Azure subscription 1 has RDP internet access restricted.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/azure/security/azure-security-network-security-best-practices#disable-rdpssh-access-to-azure-virtual-machines", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.com.1.az.nw.1" - ], - "MITRE-ATTACK": [ - "T1199", - "T1048", - "T1499", - "T1498", - "T1046" - ], - "CIS-2.0": [ - "6.1" - ], - "ProwlerThreatScore-1.0": [ - "2.1.1" - ], - "ISO27001-2022": [ - "A.8.14", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "SOC2": [ - "cc_6_6" - ], - "CIS-2.1": [ - "6.1" - ], - "CIS-3.0": [ - "7.1" - ], - "CCC": [ - "CCC.Build.CN03.AR01", - "CCC.MLDE.CN07.AR01", - "CCC.MLDE.CN07.AR02", - "CCC.MLDE.CN08.AR01", - "CCC.MLDE.CN08.AR02", - "CCC.Core.CN06.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05" - ], - "CIS-4.0": [ - "8.1" - ], - "NIS2": [ - "2.3.1", - "6.7.2.b", - "6.7.2.l", - "11.1.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760899347, - "created_time_dt": "2025-10-19T18:42:27.982879", - "desc": "Network security groups should be periodically evaluated for port misconfigurations. Where certain ports and protocols may be exposed to the Internet, they should be evaluated for necessity and restricted wherever they are not explicitly required.", - "title": "Ensure that RDP access from the Internet is evaluated and restricted", - "types": [], - "uid": "prowler-azure-network_rdp_internet_access_restricted-3bb71587-4549-4396-8898-9e15f062e665-westus2-nsg-lee8" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "westus2", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-lee8/providers/Microsoft.Network/networkSecurityGroups/nsg-lee8", - "name": "nsg-lee8", - "location": "westus2", - "security_rules": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-lee8/providers/Microsoft.Network/networkSecurityGroups/nsg-lee8/securityRules/nsgr-lee8", - "name": "nsgr-lee8", - "destination_port_range": "*", - "protocol": "*", - "source_address_prefix": "192.168.0.0/24", - "access": "Deny", - "direction": "Outbound" - } - ] - } - }, - "group": { - "name": "network" - }, - "labels": [], - "name": "nsg-lee8", - "type": "Network", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-lee8/providers/Microsoft.Network/networkSecurityGroups/nsg-lee8" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "westus2" - }, - "remediation": { - "desc": "Where RDP is not explicitly required and narrowly configured for resources attached to the Network Security Group, Internet-level access to your Azure resources should be restricted or eliminated. For internal access to relevant resources, configure an encrypted network tunnel such as: ExpressRoute Site-to-site VPN Point-to-site VPN", - "references": [ - "https://docs.microsoft.com/en-us/security/benchmark/azure/security-controls-v3-network-security#ns-1-establish-network-segmentation-boundaries" - ] - }, - "risk_details": "The potential security problem with using RDP over the Internet is that attackers can use various brute force techniques to gain access to Azure Virtual Machines. Once the attackers gain access, they can use a virtual machine as a launch point for compromising other machines on an Azure Virtual Network or even attack networked devices outside of Azure.", - "time": 1760899347, - "time_dt": "2025-10-19T18:42:27.982879", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Security Group nsg-lee8 from subscription Azure subscription 1 has SSH internet access restricted.", - "metadata": { - "event_code": "network_ssh_internet_access_restricted", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Security Group nsg-lee8 from subscription Azure subscription 1 has SSH internet access restricted.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/azure/security/azure-security-network-security-best-practices#disable-rdpssh-access-to-azure-virtual-machines", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.com.1.az.nw.2" - ], - "MITRE-ATTACK": [ - "T1199", - "T1048", - "T1499", - "T1498", - "T1046" - ], - "CIS-2.0": [ - "6.2" - ], - "ProwlerThreatScore-1.0": [ - "2.1.2" - ], - "ISO27001-2022": [ - "A.8.14", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "SOC2": [ - "cc_6_6" - ], - "CIS-2.1": [ - "6.2" - ], - "CIS-3.0": [ - "7.2" - ], - "CCC": [ - "CCC.Build.CN03.AR01", - "CCC.MLDE.CN07.AR01", - "CCC.MLDE.CN07.AR02", - "CCC.MLDE.CN08.AR01", - "CCC.MLDE.CN08.AR02", - "CCC.Core.CN01.AR02", - "CCC.Core.CN06.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05" - ], - "PCI-4.0": [ - "1.2.5.17", - "1.2.8.17", - "1.2.8.18", - "1.2.8.21", - "1.2.8.41", - "1.3.1.19", - "1.3.1.21", - "1.3.1.24", - "1.3.1.45", - "1.3.2.19", - "1.3.2.21", - "1.3.2.24", - "1.3.2.45", - "1.4.1.5", - "1.4.2.18", - "1.4.2.19", - "1.4.2.22", - "1.4.2.43", - "1.4.4.5", - "1.5.1.17", - "1.5.1.18", - "1.5.1.21", - "1.5.1.40", - "2.2.5.17", - "A1.1.3.17", - "A1.1.3.18", - "A1.1.3.21", - "A1.1.3.40" - ], - "CIS-4.0": [ - "8.2" - ], - "NIS2": [ - "2.3.1", - "6.7.2.b", - "6.7.2.l", - "11.1.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760899347, - "created_time_dt": "2025-10-19T18:42:27.982879", - "desc": "Network security groups should be periodically evaluated for port misconfigurations. Where certain ports and protocols may be exposed to the Internet, they should be evaluated for necessity and restricted wherever they are not explicitly required.", - "title": "Ensure that SSH access from the Internet is evaluated and restricted", - "types": [], - "uid": "prowler-azure-network_ssh_internet_access_restricted-3bb71587-4549-4396-8898-9e15f062e665-westus2-nsg-lee8" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "westus2", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-lee8/providers/Microsoft.Network/networkSecurityGroups/nsg-lee8", - "name": "nsg-lee8", - "location": "westus2", - "security_rules": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-lee8/providers/Microsoft.Network/networkSecurityGroups/nsg-lee8/securityRules/nsgr-lee8", - "name": "nsgr-lee8", - "destination_port_range": "*", - "protocol": "*", - "source_address_prefix": "192.168.0.0/24", - "access": "Deny", - "direction": "Outbound" - } - ] - } - }, - "group": { - "name": "network" - }, - "labels": [], - "name": "nsg-lee8", - "type": "Network", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-lee8/providers/Microsoft.Network/networkSecurityGroups/nsg-lee8" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "westus2" - }, - "remediation": { - "desc": "Where SSH is not explicitly required and narrowly configured for resources attached to the Network Security Group, Internet-level access to your Azure resources should be restricted or eliminated. For internal access to relevant resources, configure an encrypted network tunnel such as: ExpressRoute Site-to-site VPN Point-to-site VPN", - "references": [ - "https://docs.microsoft.com/en-us/security/benchmark/azure/security-controls-v3-network-security#ns-1-establish-network-segmentation-boundaries" - ] - }, - "risk_details": "The potential security problem with using SSH over the Internet is that attackers can use various brute force techniques to gain access to Azure Virtual Machines. Once the attackers gain access, they can use a virtual machine as a launch point for compromising other machines on the Azure Virtual Network or even attack networked devices outside of Azure.", - "time": 1760899347, - "time_dt": "2025-10-19T18:42:27.982879", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Security Group nsg-lee8 from subscription Azure subscription 1 has UDP internet access restricted.", - "metadata": { - "event_code": "network_udp_internet_access_restricted", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Security Group nsg-lee8 from subscription Azure subscription 1 has UDP internet access restricted.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/azure/security/fundamentals/network-best-practices#secure-your-critical-azure-service-resources-to-only-your-virtual-networks", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.com.1.az.nw.3" - ], - "MITRE-ATTACK": [ - "T1199", - "T1048", - "T1499", - "T1498", - "T1046" - ], - "CIS-2.0": [ - "6.3" - ], - "ProwlerThreatScore-1.0": [ - "2.1.3" - ], - "ISO27001-2022": [ - "A.8.14", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "SOC2": [ - "cc_6_6" - ], - "CIS-2.1": [ - "6.3" - ], - "CIS-3.0": [ - "7.3" - ], - "CCC": [ - "CCC.Build.CN03.AR01", - "CCC.MLDE.CN07.AR01", - "CCC.MLDE.CN07.AR02", - "CCC.MLDE.CN08.AR01", - "CCC.MLDE.CN08.AR02", - "CCC.Core.CN06.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05" - ], - "CIS-4.0": [ - "8.3" - ], - "NIS2": [ - "2.3.1", - "6.7.2.b", - "6.7.2.l", - "11.1.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760899347, - "created_time_dt": "2025-10-19T18:42:27.982879", - "desc": "Network security groups should be periodically evaluated for port misconfigurations. Where certain ports and protocols may be exposed to the Internet, they should be evaluated for necessity and restricted wherever they are not explicitly required.", - "title": "Ensure that UDP access from the Internet is evaluated and restricted", - "types": [], - "uid": "prowler-azure-network_udp_internet_access_restricted-3bb71587-4549-4396-8898-9e15f062e665-westus2-nsg-lee8" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "westus2", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-lee8/providers/Microsoft.Network/networkSecurityGroups/nsg-lee8", - "name": "nsg-lee8", - "location": "westus2", - "security_rules": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-lee8/providers/Microsoft.Network/networkSecurityGroups/nsg-lee8/securityRules/nsgr-lee8", - "name": "nsgr-lee8", - "destination_port_range": "*", - "protocol": "*", - "source_address_prefix": "192.168.0.0/24", - "access": "Deny", - "direction": "Outbound" - } - ] - } - }, - "group": { - "name": "network" - }, - "labels": [], - "name": "nsg-lee8", - "type": "Network", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-lee8/providers/Microsoft.Network/networkSecurityGroups/nsg-lee8" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "westus2" - }, - "remediation": { - "desc": "Where UDP is not explicitly required and narrowly configured for resources attached tothe Network Security Group, Internet-level access to your Azure resources should be restricted or eliminated. For internal access to relevant resources, configure an encrypted network tunnel such as: ExpressRouteSite-to-site VPN Point-to-site VPN", - "references": [ - "https://docs.microsoft.com/en-us/azure/security/fundamentals/ddos-best-practices" - ] - }, - "risk_details": "The potential security problem with broadly exposing UDP services over the Internet is that attackers can use DDoS amplification techniques to reflect spoofed UDP traffic from Azure Virtual Machines. The most common types of these attacks use exposed DNS, NTP, SSDP, SNMP, CLDAP and other UDP-based services as amplification sources for disrupting services of other machines on the Azure Virtual Network or even attack networked devices outside of Azure.", - "time": 1760899347, - "time_dt": "2025-10-19T18:42:27.982879", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Network Watcher is not enabled for the following locations in subscription 'Azure subscription 1': germanynorth, qatarcentral, newzealandnorth, swedencentral, chilecentral, westeurope, polandcentral, spaincentral, westindia, israelcentral, norwayeast, koreacentral, uaenorth, australiasoutheast, mexicocentral, austriaeast, switzerlandwest, westcentralus, canadacentral, switzerlandnorth, jioindiawest, northeurope, eastus2, australiaeast, southindia, westus3, germanywestcentral, japaneast, ukwest, uaecentral, jioindiacentral, westus, indonesiacentral, canadaeast, brazilsoutheast, centralus, brazilsouth, southafricawest, southafricanorth, australiacentral2, norwaywest, japanwest, francesouth, koreasouth, southeastasia, uksouth, australiacentral, francecentral, eastus, northcentralus, malaysiawest, eastasia, italynorth.", - "metadata": { - "event_code": "network_watcher_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Network Watcher is not enabled for the following locations in subscription 'Azure subscription 1': germanynorth, qatarcentral, newzealandnorth, swedencentral, chilecentral, westeurope, polandcentral, spaincentral, westindia, israelcentral, norwayeast, koreacentral, uaenorth, australiasoutheast, mexicocentral, austriaeast, switzerlandwest, westcentralus, canadacentral, switzerlandnorth, jioindiawest, northeurope, eastus2, australiaeast, southindia, westus3, germanywestcentral, japaneast, ukwest, uaecentral, jioindiacentral, westus, indonesiacentral, canadaeast, brazilsoutheast, centralus, brazilsouth, southafricawest, southafricanorth, australiacentral2, norwaywest, japanwest, francesouth, koreasouth, southeastasia, uksouth, australiacentral, francecentral, eastus, northcentralus, malaysiawest, eastasia, italynorth.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-monitoring-overview", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "There are additional costs per transaction to run and store network data. For high-volume networks these charges will add up quickly.", - "compliance": { - "ENS-RD2022": [ - "op.mon.1.az.nw.1", - "op.mon.2.r2.az.ma.1", - "op.mon.3.az.nw.1", - "mp.com.1.az.nw.1", - "mp.com.1.az.nw.2", - "mp.com.1.az.nw.3", - "mp.com.3.az.nw.1" - ], - "MITRE-ATTACK": [ - "T1048", - "T1499", - "T1498", - "T1046", - "T1049" - ], - "CIS-2.0": [ - "6.6" - ], - "ProwlerThreatScore-1.0": [ - "3.3.14" - ], - "ISO27001-2022": [ - "A.8.14", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "CIS-2.1": [ - "6.6" - ], - "CIS-3.0": [ - "7.6" - ], - "CCC": [ - "CCC.LB.CN01.AR02", - "CCC.LB.CN06.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN06.AR01" - ], - "CIS-4.0": [ - "8.6" - ], - "NIS2": [ - "2.3.1", - "6.7.2.b", - "6.7.2.l", - "6.8.2.a", - "11.1.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760899347, - "created_time_dt": "2025-10-19T18:42:27.982879", - "desc": "Enable Network Watcher for Azure subscriptions.", - "title": "Ensure that Network Watcher is 'Enabled' for all locations in the Azure subscription", - "types": [], - "uid": "prowler-azure-network_watcher_enabled-3bb71587-4549-4396-8898-9e15f062e665-global-Network Watcher" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "network" - }, - "labels": [], - "name": "Network Watcher", - "type": "Network", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_*" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "Opting out of Network Watcher automatic enablement is a permanent change. Once you opt-out you cannot opt-in without contacting support.", - "references": [ - "https://learn.microsoft.com/en-us/security/benchmark/azure/security-controls-v2-logging-threat-detection#lt-3-enable-logging-for-azure-network-activities" - ] - }, - "risk_details": "Network diagnostic and visualization tools available with Network Watcher help users understand, diagnose, and gain insights to the network in Azure.", - "time": 1760899347, - "time_dt": "2025-10-19T18:42:27.982879", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Policy assigment '/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Authorization/policyAssignments/SecurityCenterBuiltIn' is configured with enforcement mode 'Default'.", - "metadata": { - "event_code": "policy_ensure_asc_enforcement_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Policy assigment '/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Authorization/policyAssignments/SecurityCenterBuiltIn' is configured with enforcement mode 'Default'.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/defender-for-cloud/security-policy-concept", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-2.0": [ - "2.1.14" - ], - "ProwlerThreatScore-1.0": [ - "3.3.17" - ], - "ISO27001-2022": [ - "A.5.1" - ], - "CIS-2.1": [ - "2.1.13" - ], - "CIS-3.0": [ - "3.1.11" - ], - "PCI-4.0": [ - "10.2.1.1.31", - "10.4.1.1.5", - "10.4.1.4", - "10.4.2.5", - "10.6.3.36", - "10.7.1.6", - "10.7.2.6", - "A3.3.1.9", - "A3.5.1.9" - ], - "CIS-4.0": [ - "9.1.11" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760899347, - "created_time_dt": "2025-10-19T18:42:27.982879", - "desc": "None of the settings offered by ASC Default policy should be set to effect Disabled.", - "title": "Ensure Any of the ASC Default Policy Settings are Not Set to 'Disabled'", - "types": [], - "uid": "prowler-azure-policy_ensure_asc_enforcement_enabled-3bb71587-4549-4396-8898-9e15f062e665-global-SecurityCenterBuiltIn" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Authorization/policyAssignments/SecurityCenterBuiltIn", - "name": "SecurityCenterBuiltIn", - "enforcement_mode": "Default" - } - }, - "group": { - "name": "policy" - }, - "labels": [], - "name": "SecurityCenterBuiltIn", - "type": "Microsoft.Authorization/policyAssignments", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Authorization/policyAssignments/SecurityCenterBuiltIn" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. From Azure Home select the Portal Menu 2. Select Policy 3. Select ASC Default for each subscription 4. Click on 'view Assignment' 5. Click on 'Edit assignment' 6. Ensure Policy Enforcement is Enabled 7. Click 'Review + Save'", - "references": [ - "https://learn.microsoft.com/en-us/azure/defender-for-cloud/implement-security-recommendations" - ] - }, - "risk_details": "A security policy defines the desired configuration of your workloads and helps ensure compliance with company or regulatory security requirements. ASC Default policy is associated with every subscription by default. ASC default policy assignment is a set of security recommendations based on best practices. Enabling recommendations in ASC default policy ensures that Azure security center provides the ability to monitor all of the supported recommendations and optionally allow automated action for a few of the supported recommendations.", - "time": 1760899347, - "time_dt": "2025-10-19T18:42:27.982879", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-e9rn from subscription Azure subscription 1 has allow public access from any Azure service disabled", - "metadata": { - "event_code": "postgresql_flexible_server_allow_access_services_disabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-e9rn from subscription Azure subscription 1 has allow public access from any Azure service disabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/azure/postgresql/concepts-firewall-rules", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.r4.az.sa.3" - ], - "CIS-2.0": [ - "4.3.7" - ], - "ProwlerThreatScore-1.0": [ - "2.2.2" - ], - "ISO27001-2022": [ - "A.8.3" - ], - "CIS-2.1": [ - "4.3.7" - ], - "CIS-3.0": [ - "5.2.5" - ], - "CCC": [ - "CCC.DataWar.CN03.AR01" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760899347, - "created_time_dt": "2025-10-19T18:42:27.982879", - "desc": "Disable access from Azure services to PostgreSQL Database Server.", - "title": "Ensure 'Allow access to Azure services' for PostgreSQL Database Server is disabled", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_allow_access_services_disabled-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-e9rn" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn", - "name": "psql-e9rn", - "resource_group": "rg-e9rn", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-e9rn", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Connection security. 4. Under Firewall rules, set Allow access to Azure services to No. 5. Click Save. From Azure CLI Use the below command to delete the AllowAllWindowsAzureIps rule for PostgreSQL Database. az postgres server firewall-rule delete --name AllowAllWindowsAzureIps -- resource-group --server-name ", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/quickstart-create-server-database-azure-cli#configure-a-server-based-firewall-rule" - ] - }, - "risk_details": "If access from Azure services is enabled, the server's firewall will accept connections from all Azure resources, including resources not in your subscription. This is usually not a desired configuration. Instead, set up firewall rules to allow access from specific network ranges or VNET rules to allow access from specific virtual networks.", - "time": 1760899347, - "time_dt": "2025-10-19T18:42:27.982879", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-rk6x from subscription Azure subscription 1 has allow public access from any Azure service disabled", - "metadata": { - "event_code": "postgresql_flexible_server_allow_access_services_disabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-rk6x from subscription Azure subscription 1 has allow public access from any Azure service disabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/azure/postgresql/concepts-firewall-rules", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.r4.az.sa.3" - ], - "CIS-2.0": [ - "4.3.7" - ], - "ProwlerThreatScore-1.0": [ - "2.2.2" - ], - "ISO27001-2022": [ - "A.8.3" - ], - "CIS-2.1": [ - "4.3.7" - ], - "CIS-3.0": [ - "5.2.5" - ], - "CCC": [ - "CCC.DataWar.CN03.AR01" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760899347, - "created_time_dt": "2025-10-19T18:42:27.982879", - "desc": "Disable access from Azure services to PostgreSQL Database Server.", - "title": "Ensure 'Allow access to Azure services' for PostgreSQL Database Server is disabled", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_allow_access_services_disabled-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-rk6x" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x", - "name": "psql-rk6x", - "resource_group": "rg-rk6x", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-rk6x", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Connection security. 4. Under Firewall rules, set Allow access to Azure services to No. 5. Click Save. From Azure CLI Use the below command to delete the AllowAllWindowsAzureIps rule for PostgreSQL Database. az postgres server firewall-rule delete --name AllowAllWindowsAzureIps -- resource-group --server-name ", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/quickstart-create-server-database-azure-cli#configure-a-server-based-firewall-rule" - ] - }, - "risk_details": "If access from Azure services is enabled, the server's firewall will accept connections from all Azure resources, including resources not in your subscription. This is usually not a desired configuration. Instead, set up firewall rules to allow access from specific network ranges or VNET rules to allow access from specific virtual networks.", - "time": 1760899347, - "time_dt": "2025-10-19T18:42:27.982879", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-rtac from subscription Azure subscription 1 has allow public access from any Azure service disabled", - "metadata": { - "event_code": "postgresql_flexible_server_allow_access_services_disabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-rtac from subscription Azure subscription 1 has allow public access from any Azure service disabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/azure/postgresql/concepts-firewall-rules", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.r4.az.sa.3" - ], - "CIS-2.0": [ - "4.3.7" - ], - "ProwlerThreatScore-1.0": [ - "2.2.2" - ], - "ISO27001-2022": [ - "A.8.3" - ], - "CIS-2.1": [ - "4.3.7" - ], - "CIS-3.0": [ - "5.2.5" - ], - "CCC": [ - "CCC.DataWar.CN03.AR01" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760899347, - "created_time_dt": "2025-10-19T18:42:27.982879", - "desc": "Disable access from Azure services to PostgreSQL Database Server.", - "title": "Ensure 'Allow access to Azure services' for PostgreSQL Database Server is disabled", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_allow_access_services_disabled-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-rtac" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac", - "name": "psql-rtac", - "resource_group": "rg-rtac", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-rtac", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Connection security. 4. Under Firewall rules, set Allow access to Azure services to No. 5. Click Save. From Azure CLI Use the below command to delete the AllowAllWindowsAzureIps rule for PostgreSQL Database. az postgres server firewall-rule delete --name AllowAllWindowsAzureIps -- resource-group --server-name ", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/quickstart-create-server-database-azure-cli#configure-a-server-based-firewall-rule" - ] - }, - "risk_details": "If access from Azure services is enabled, the server's firewall will accept connections from all Azure resources, including resources not in your subscription. This is usually not a desired configuration. Instead, set up firewall rules to allow access from specific network ranges or VNET rules to allow access from specific virtual networks.", - "time": 1760899347, - "time_dt": "2025-10-19T18:42:27.982879", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-tumw from subscription Azure subscription 1 has allow public access from any Azure service disabled", - "metadata": { - "event_code": "postgresql_flexible_server_allow_access_services_disabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-tumw from subscription Azure subscription 1 has allow public access from any Azure service disabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/azure/postgresql/concepts-firewall-rules", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.r4.az.sa.3" - ], - "CIS-2.0": [ - "4.3.7" - ], - "ProwlerThreatScore-1.0": [ - "2.2.2" - ], - "ISO27001-2022": [ - "A.8.3" - ], - "CIS-2.1": [ - "4.3.7" - ], - "CIS-3.0": [ - "5.2.5" - ], - "CCC": [ - "CCC.DataWar.CN03.AR01" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760899347, - "created_time_dt": "2025-10-19T18:42:27.982879", - "desc": "Disable access from Azure services to PostgreSQL Database Server.", - "title": "Ensure 'Allow access to Azure services' for PostgreSQL Database Server is disabled", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_allow_access_services_disabled-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-tumw" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw", - "name": "psql-tumw", - "resource_group": "rg-tumw", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-tumw", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Connection security. 4. Under Firewall rules, set Allow access to Azure services to No. 5. Click Save. From Azure CLI Use the below command to delete the AllowAllWindowsAzureIps rule for PostgreSQL Database. az postgres server firewall-rule delete --name AllowAllWindowsAzureIps -- resource-group --server-name ", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/quickstart-create-server-database-azure-cli#configure-a-server-based-firewall-rule" - ] - }, - "risk_details": "If access from Azure services is enabled, the server's firewall will accept connections from all Azure resources, including resources not in your subscription. This is usually not a desired configuration. Instead, set up firewall rules to allow access from specific network ranges or VNET rules to allow access from specific virtual networks.", - "time": 1760899347, - "time_dt": "2025-10-19T18:42:27.982879", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-e9rn from subscription Azure subscription 1 has connection_throttling disabled", - "metadata": { - "event_code": "postgresql_flexible_server_connection_throttling_on", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Flexible Postgresql server psql-e9rn from subscription Azure subscription 1 has connection_throttling disabled", - "status_id": 1, - "unmapped": { - "related_url": " https://docs.microsoft.com/en-us/rest/api/postgresql/configurations/listbyserver", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-2.0": [ - "4.3.5" - ], - "ProwlerThreatScore-1.0": [ - "3.1.2" - ], - "CIS-2.1": [ - "4.3.5" - ], - "CIS-3.0": [ - "5.2.3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760899347, - "created_time_dt": "2025-10-19T18:42:27.982879", - "desc": "Enable connection_throttling on PostgreSQL Servers.", - "title": "Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_connection_throttling_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-e9rn" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn", - "name": "psql-e9rn", - "resource_group": "rg-e9rn", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-e9rn", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for connection_throttling. 5. Click ON and save. From Azure CLI Use the below command to update connection_throttling configuration. az postgres server configuration set --resource-group -- server-name --name connection_throttling --value on From PowerShell Use the below command to update connection_throttling configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name connection_throttling -Value on", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/how-to-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling connection_throttling helps the PostgreSQL Database to Set the verbosity of logged messages. This in turn generates query and error logs with respect to concurrent connections that could lead to a successful Denial of Service (DoS) attack by exhausting connection resources. A system can also fail or be degraded by an overload of legitimate users. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760899347, - "time_dt": "2025-10-19T18:42:27.982879", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-rk6x from subscription Azure subscription 1 has connection_throttling disabled", - "metadata": { - "event_code": "postgresql_flexible_server_connection_throttling_on", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Flexible Postgresql server psql-rk6x from subscription Azure subscription 1 has connection_throttling disabled", - "status_id": 1, - "unmapped": { - "related_url": " https://docs.microsoft.com/en-us/rest/api/postgresql/configurations/listbyserver", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-2.0": [ - "4.3.5" - ], - "ProwlerThreatScore-1.0": [ - "3.1.2" - ], - "CIS-2.1": [ - "4.3.5" - ], - "CIS-3.0": [ - "5.2.3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760899347, - "created_time_dt": "2025-10-19T18:42:27.982879", - "desc": "Enable connection_throttling on PostgreSQL Servers.", - "title": "Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_connection_throttling_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-rk6x" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x", - "name": "psql-rk6x", - "resource_group": "rg-rk6x", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-rk6x", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for connection_throttling. 5. Click ON and save. From Azure CLI Use the below command to update connection_throttling configuration. az postgres server configuration set --resource-group -- server-name --name connection_throttling --value on From PowerShell Use the below command to update connection_throttling configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name connection_throttling -Value on", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/how-to-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling connection_throttling helps the PostgreSQL Database to Set the verbosity of logged messages. This in turn generates query and error logs with respect to concurrent connections that could lead to a successful Denial of Service (DoS) attack by exhausting connection resources. A system can also fail or be degraded by an overload of legitimate users. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760899347, - "time_dt": "2025-10-19T18:42:27.982879", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-rtac from subscription Azure subscription 1 has connection_throttling disabled", - "metadata": { - "event_code": "postgresql_flexible_server_connection_throttling_on", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Flexible Postgresql server psql-rtac from subscription Azure subscription 1 has connection_throttling disabled", - "status_id": 1, - "unmapped": { - "related_url": " https://docs.microsoft.com/en-us/rest/api/postgresql/configurations/listbyserver", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-2.0": [ - "4.3.5" - ], - "ProwlerThreatScore-1.0": [ - "3.1.2" - ], - "CIS-2.1": [ - "4.3.5" - ], - "CIS-3.0": [ - "5.2.3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760899347, - "created_time_dt": "2025-10-19T18:42:27.982879", - "desc": "Enable connection_throttling on PostgreSQL Servers.", - "title": "Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_connection_throttling_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-rtac" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac", - "name": "psql-rtac", - "resource_group": "rg-rtac", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-rtac", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for connection_throttling. 5. Click ON and save. From Azure CLI Use the below command to update connection_throttling configuration. az postgres server configuration set --resource-group -- server-name --name connection_throttling --value on From PowerShell Use the below command to update connection_throttling configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name connection_throttling -Value on", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/how-to-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling connection_throttling helps the PostgreSQL Database to Set the verbosity of logged messages. This in turn generates query and error logs with respect to concurrent connections that could lead to a successful Denial of Service (DoS) attack by exhausting connection resources. A system can also fail or be degraded by an overload of legitimate users. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760899347, - "time_dt": "2025-10-19T18:42:27.982879", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-tumw from subscription Azure subscription 1 has connection_throttling disabled", - "metadata": { - "event_code": "postgresql_flexible_server_connection_throttling_on", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Flexible Postgresql server psql-tumw from subscription Azure subscription 1 has connection_throttling disabled", - "status_id": 1, - "unmapped": { - "related_url": " https://docs.microsoft.com/en-us/rest/api/postgresql/configurations/listbyserver", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-2.0": [ - "4.3.5" - ], - "ProwlerThreatScore-1.0": [ - "3.1.2" - ], - "CIS-2.1": [ - "4.3.5" - ], - "CIS-3.0": [ - "5.2.3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760899347, - "created_time_dt": "2025-10-19T18:42:27.982879", - "desc": "Enable connection_throttling on PostgreSQL Servers.", - "title": "Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_connection_throttling_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-tumw" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw", - "name": "psql-tumw", - "resource_group": "rg-tumw", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-tumw", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for connection_throttling. 5. Click ON and save. From Azure CLI Use the below command to update connection_throttling configuration. az postgres server configuration set --resource-group -- server-name --name connection_throttling --value on From PowerShell Use the below command to update connection_throttling configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name connection_throttling -Value on", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/how-to-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling connection_throttling helps the PostgreSQL Database to Set the verbosity of logged messages. This in turn generates query and error logs with respect to concurrent connections that could lead to a successful Denial of Service (DoS) attack by exhausting connection resources. A system can also fail or be degraded by an overload of legitimate users. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760899347, - "time_dt": "2025-10-19T18:42:27.982879", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-e9rn from subscription Azure subscription 1 has enforce ssl enabled", - "metadata": { - "event_code": "postgresql_flexible_server_enforce_ssl_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-e9rn from subscription Azure subscription 1 has enforce ssl enabled", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/postgresql/single-server/concepts-ssl-connection-security", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": ".", - "compliance": { - "MITRE-ATTACK": [ - "T1040", - "T1530" - ], - "CIS-2.0": [ - "4.3.1" - ], - "ProwlerThreatScore-1.0": [ - "4.1.1", - "4.1.2" - ], - "SOC2": [ - "cc_6_2", - "cc_6_6" - ], - "CIS-2.1": [ - "4.3.1" - ], - "CIS-3.0": [ - "5.2.1", - "5.3.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760899347, - "created_time_dt": "2025-10-19T18:42:27.982879", - "desc": "Enable SSL connection on PostgreSQL Servers.", - "title": "Ensure 'Enforce SSL connection' is set to 'ENABLED' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_enforce_ssl_enabled-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-e9rn" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn", - "name": "psql-e9rn", - "resource_group": "rg-e9rn", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-e9rn", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com 2. Go to Azure Database for PostgreSQL server 3. For each database, click on Connection security 4. In SSL settings, click on ENABLED to enforce SSL connections 5. Click Save From Azure CLI Use the below command to enforce ssl connection for PostgreSQL Database. az postgres server update --resource-group --name --ssl-enforcement Enabled From PowerShell Update-AzPostgreSqlServer -ResourceGroupName -ServerName -SslEnforcement Enabled", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/concepts-ssl-connection-security" - ] - }, - "risk_details": "SSL connectivity helps to provide a new layer of security by connecting database server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between database server and client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and application.", - "time": 1760899347, - "time_dt": "2025-10-19T18:42:27.982879", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-rk6x from subscription Azure subscription 1 has enforce ssl enabled", - "metadata": { - "event_code": "postgresql_flexible_server_enforce_ssl_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-rk6x from subscription Azure subscription 1 has enforce ssl enabled", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/postgresql/single-server/concepts-ssl-connection-security", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": ".", - "compliance": { - "MITRE-ATTACK": [ - "T1040", - "T1530" - ], - "CIS-2.0": [ - "4.3.1" - ], - "ProwlerThreatScore-1.0": [ - "4.1.1", - "4.1.2" - ], - "SOC2": [ - "cc_6_2", - "cc_6_6" - ], - "CIS-2.1": [ - "4.3.1" - ], - "CIS-3.0": [ - "5.2.1", - "5.3.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760899347, - "created_time_dt": "2025-10-19T18:42:27.982879", - "desc": "Enable SSL connection on PostgreSQL Servers.", - "title": "Ensure 'Enforce SSL connection' is set to 'ENABLED' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_enforce_ssl_enabled-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-rk6x" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x", - "name": "psql-rk6x", - "resource_group": "rg-rk6x", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-rk6x", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com 2. Go to Azure Database for PostgreSQL server 3. For each database, click on Connection security 4. In SSL settings, click on ENABLED to enforce SSL connections 5. Click Save From Azure CLI Use the below command to enforce ssl connection for PostgreSQL Database. az postgres server update --resource-group --name --ssl-enforcement Enabled From PowerShell Update-AzPostgreSqlServer -ResourceGroupName -ServerName -SslEnforcement Enabled", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/concepts-ssl-connection-security" - ] - }, - "risk_details": "SSL connectivity helps to provide a new layer of security by connecting database server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between database server and client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and application.", - "time": 1760899347, - "time_dt": "2025-10-19T18:42:27.982879", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-rtac from subscription Azure subscription 1 has enforce ssl enabled", - "metadata": { - "event_code": "postgresql_flexible_server_enforce_ssl_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-rtac from subscription Azure subscription 1 has enforce ssl enabled", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/postgresql/single-server/concepts-ssl-connection-security", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": ".", - "compliance": { - "MITRE-ATTACK": [ - "T1040", - "T1530" - ], - "CIS-2.0": [ - "4.3.1" - ], - "ProwlerThreatScore-1.0": [ - "4.1.1", - "4.1.2" - ], - "SOC2": [ - "cc_6_2", - "cc_6_6" - ], - "CIS-2.1": [ - "4.3.1" - ], - "CIS-3.0": [ - "5.2.1", - "5.3.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760899347, - "created_time_dt": "2025-10-19T18:42:27.982879", - "desc": "Enable SSL connection on PostgreSQL Servers.", - "title": "Ensure 'Enforce SSL connection' is set to 'ENABLED' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_enforce_ssl_enabled-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-rtac" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac", - "name": "psql-rtac", - "resource_group": "rg-rtac", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-rtac", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com 2. Go to Azure Database for PostgreSQL server 3. For each database, click on Connection security 4. In SSL settings, click on ENABLED to enforce SSL connections 5. Click Save From Azure CLI Use the below command to enforce ssl connection for PostgreSQL Database. az postgres server update --resource-group --name --ssl-enforcement Enabled From PowerShell Update-AzPostgreSqlServer -ResourceGroupName -ServerName -SslEnforcement Enabled", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/concepts-ssl-connection-security" - ] - }, - "risk_details": "SSL connectivity helps to provide a new layer of security by connecting database server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between database server and client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and application.", - "time": 1760899347, - "time_dt": "2025-10-19T18:42:27.982879", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-tumw from subscription Azure subscription 1 has enforce ssl enabled", - "metadata": { - "event_code": "postgresql_flexible_server_enforce_ssl_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-tumw from subscription Azure subscription 1 has enforce ssl enabled", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/postgresql/single-server/concepts-ssl-connection-security", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": ".", - "compliance": { - "MITRE-ATTACK": [ - "T1040", - "T1530" - ], - "CIS-2.0": [ - "4.3.1" - ], - "ProwlerThreatScore-1.0": [ - "4.1.1", - "4.1.2" - ], - "SOC2": [ - "cc_6_2", - "cc_6_6" - ], - "CIS-2.1": [ - "4.3.1" - ], - "CIS-3.0": [ - "5.2.1", - "5.3.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760899347, - "created_time_dt": "2025-10-19T18:42:27.982879", - "desc": "Enable SSL connection on PostgreSQL Servers.", - "title": "Ensure 'Enforce SSL connection' is set to 'ENABLED' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_enforce_ssl_enabled-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-tumw" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw", - "name": "psql-tumw", - "resource_group": "rg-tumw", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-tumw", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com 2. Go to Azure Database for PostgreSQL server 3. For each database, click on Connection security 4. In SSL settings, click on ENABLED to enforce SSL connections 5. Click Save From Azure CLI Use the below command to enforce ssl connection for PostgreSQL Database. az postgres server update --resource-group --name --ssl-enforcement Enabled From PowerShell Update-AzPostgreSqlServer -ResourceGroupName -ServerName -SslEnforcement Enabled", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/concepts-ssl-connection-security" - ] - }, - "risk_details": "SSL connectivity helps to provide a new layer of security by connecting database server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between database server and client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and application.", - "time": 1760899347, - "time_dt": "2025-10-19T18:42:27.982879", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-e9rn from subscription Azure subscription 1 has log_checkpoints enabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_checkpoints_on", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-e9rn from subscription Azure subscription 1 has log_checkpoints enabled", - "status_id": 1, - "unmapped": { - "related_url": " https://docs.microsoft.com/en-us/rest/api/postgresql/singleserver/configurations/list-by-server", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.3" - ], - "CIS-2.0": [ - "4.3.2" - ], - "ProwlerThreatScore-1.0": [ - "3.1.1" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "4.3.2" - ], - "CIS-3.0": [ - "5.2.2" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.g", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760899347, - "created_time_dt": "2025-10-19T18:42:27.982879", - "desc": "Enable log_checkpoints on PostgreSQL Servers.", - "title": "Ensure Server Parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_checkpoints_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-e9rn" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn", - "name": "psql-e9rn", - "resource_group": "rg-e9rn", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-e9rn", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. From Azure Home select the Portal Menu. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for log_checkpoints. 5. Click ON and save. From Azure CLI Use the below command to update log_checkpoints configuration. az postgres server configuration set --resource-group -- server-name --name log_checkpoints --value on From PowerShell Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_checkpoints -Value on", - "references": [ - "https://docs.microsoft.com/en-us/azure/postgresql/howto-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling log_checkpoints helps the PostgreSQL Database to Log each checkpoint in turn generates query and error logs. However, access to transaction logs is not supported. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760899347, - "time_dt": "2025-10-19T18:42:27.982879", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-rk6x from subscription Azure subscription 1 has log_checkpoints enabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_checkpoints_on", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-rk6x from subscription Azure subscription 1 has log_checkpoints enabled", - "status_id": 1, - "unmapped": { - "related_url": " https://docs.microsoft.com/en-us/rest/api/postgresql/singleserver/configurations/list-by-server", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.3" - ], - "CIS-2.0": [ - "4.3.2" - ], - "ProwlerThreatScore-1.0": [ - "3.1.1" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "4.3.2" - ], - "CIS-3.0": [ - "5.2.2" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.g", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760899347, - "created_time_dt": "2025-10-19T18:42:27.982879", - "desc": "Enable log_checkpoints on PostgreSQL Servers.", - "title": "Ensure Server Parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_checkpoints_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-rk6x" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x", - "name": "psql-rk6x", - "resource_group": "rg-rk6x", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-rk6x", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. From Azure Home select the Portal Menu. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for log_checkpoints. 5. Click ON and save. From Azure CLI Use the below command to update log_checkpoints configuration. az postgres server configuration set --resource-group -- server-name --name log_checkpoints --value on From PowerShell Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_checkpoints -Value on", - "references": [ - "https://docs.microsoft.com/en-us/azure/postgresql/howto-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling log_checkpoints helps the PostgreSQL Database to Log each checkpoint in turn generates query and error logs. However, access to transaction logs is not supported. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760899347, - "time_dt": "2025-10-19T18:42:27.982879", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-rtac from subscription Azure subscription 1 has log_checkpoints enabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_checkpoints_on", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-rtac from subscription Azure subscription 1 has log_checkpoints enabled", - "status_id": 1, - "unmapped": { - "related_url": " https://docs.microsoft.com/en-us/rest/api/postgresql/singleserver/configurations/list-by-server", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.3" - ], - "CIS-2.0": [ - "4.3.2" - ], - "ProwlerThreatScore-1.0": [ - "3.1.1" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "4.3.2" - ], - "CIS-3.0": [ - "5.2.2" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.g", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760899347, - "created_time_dt": "2025-10-19T18:42:27.982879", - "desc": "Enable log_checkpoints on PostgreSQL Servers.", - "title": "Ensure Server Parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_checkpoints_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-rtac" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac", - "name": "psql-rtac", - "resource_group": "rg-rtac", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-rtac", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. From Azure Home select the Portal Menu. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for log_checkpoints. 5. Click ON and save. From Azure CLI Use the below command to update log_checkpoints configuration. az postgres server configuration set --resource-group -- server-name --name log_checkpoints --value on From PowerShell Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_checkpoints -Value on", - "references": [ - "https://docs.microsoft.com/en-us/azure/postgresql/howto-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling log_checkpoints helps the PostgreSQL Database to Log each checkpoint in turn generates query and error logs. However, access to transaction logs is not supported. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760899347, - "time_dt": "2025-10-19T18:42:27.982879", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-tumw from subscription Azure subscription 1 has log_checkpoints enabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_checkpoints_on", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-tumw from subscription Azure subscription 1 has log_checkpoints enabled", - "status_id": 1, - "unmapped": { - "related_url": " https://docs.microsoft.com/en-us/rest/api/postgresql/singleserver/configurations/list-by-server", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.3" - ], - "CIS-2.0": [ - "4.3.2" - ], - "ProwlerThreatScore-1.0": [ - "3.1.1" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "4.3.2" - ], - "CIS-3.0": [ - "5.2.2" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.g", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760899347, - "created_time_dt": "2025-10-19T18:42:27.982879", - "desc": "Enable log_checkpoints on PostgreSQL Servers.", - "title": "Ensure Server Parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_checkpoints_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-tumw" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw", - "name": "psql-tumw", - "resource_group": "rg-tumw", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-tumw", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. From Azure Home select the Portal Menu. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for log_checkpoints. 5. Click ON and save. From Azure CLI Use the below command to update log_checkpoints configuration. az postgres server configuration set --resource-group -- server-name --name log_checkpoints --value on From PowerShell Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_checkpoints -Value on", - "references": [ - "https://docs.microsoft.com/en-us/azure/postgresql/howto-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling log_checkpoints helps the PostgreSQL Database to Log each checkpoint in turn generates query and error logs. However, access to transaction logs is not supported. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760899347, - "time_dt": "2025-10-19T18:42:27.982879", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-e9rn from subscription Azure subscription 1 has log_connections enabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_connections_on", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-e9rn from subscription Azure subscription 1 has log_connections enabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/rest/api/postgresql/configurations/listbyserver", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.3" - ], - "CIS-2.0": [ - "4.3.3" - ], - "ProwlerThreatScore-1.0": [ - "3.1.3" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "4.3.3" - ], - "CIS-3.0": [ - "5.2.6" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.c", - "3.2.3.e", - "3.2.3.g", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760899347, - "created_time_dt": "2025-10-19T18:42:27.982879", - "desc": "Enable log_connections on PostgreSQL Servers.", - "title": "Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_connections_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-e9rn" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn", - "name": "psql-e9rn", - "resource_group": "rg-e9rn", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-e9rn", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for log_connections. 5. Click ON and save. From Azure CLI Use the below command to update log_connections configuration. az postgres server configuration set --resource-group -- server-name --name log_connections --value on From PowerShell Use the below command to update log_connections configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_connections -Value on", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/how-to-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling log_connections helps PostgreSQL Database to log attempted connection to the server, as well as successful completion of client authentication. Log data can be used to identify, troubleshoot, and repair configuration errors and suboptimal performance.", - "time": 1760899347, - "time_dt": "2025-10-19T18:42:27.982879", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-rk6x from subscription Azure subscription 1 has log_connections enabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_connections_on", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-rk6x from subscription Azure subscription 1 has log_connections enabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/rest/api/postgresql/configurations/listbyserver", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.3" - ], - "CIS-2.0": [ - "4.3.3" - ], - "ProwlerThreatScore-1.0": [ - "3.1.3" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "4.3.3" - ], - "CIS-3.0": [ - "5.2.6" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.c", - "3.2.3.e", - "3.2.3.g", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760899347, - "created_time_dt": "2025-10-19T18:42:27.982879", - "desc": "Enable log_connections on PostgreSQL Servers.", - "title": "Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_connections_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-rk6x" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x", - "name": "psql-rk6x", - "resource_group": "rg-rk6x", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-rk6x", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for log_connections. 5. Click ON and save. From Azure CLI Use the below command to update log_connections configuration. az postgres server configuration set --resource-group -- server-name --name log_connections --value on From PowerShell Use the below command to update log_connections configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_connections -Value on", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/how-to-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling log_connections helps PostgreSQL Database to log attempted connection to the server, as well as successful completion of client authentication. Log data can be used to identify, troubleshoot, and repair configuration errors and suboptimal performance.", - "time": 1760899347, - "time_dt": "2025-10-19T18:42:27.982879", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-rtac from subscription Azure subscription 1 has log_connections enabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_connections_on", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-rtac from subscription Azure subscription 1 has log_connections enabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/rest/api/postgresql/configurations/listbyserver", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.3" - ], - "CIS-2.0": [ - "4.3.3" - ], - "ProwlerThreatScore-1.0": [ - "3.1.3" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "4.3.3" - ], - "CIS-3.0": [ - "5.2.6" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.c", - "3.2.3.e", - "3.2.3.g", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760899347, - "created_time_dt": "2025-10-19T18:42:27.982879", - "desc": "Enable log_connections on PostgreSQL Servers.", - "title": "Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_connections_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-rtac" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac", - "name": "psql-rtac", - "resource_group": "rg-rtac", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-rtac", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for log_connections. 5. Click ON and save. From Azure CLI Use the below command to update log_connections configuration. az postgres server configuration set --resource-group -- server-name --name log_connections --value on From PowerShell Use the below command to update log_connections configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_connections -Value on", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/how-to-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling log_connections helps PostgreSQL Database to log attempted connection to the server, as well as successful completion of client authentication. Log data can be used to identify, troubleshoot, and repair configuration errors and suboptimal performance.", - "time": 1760899347, - "time_dt": "2025-10-19T18:42:27.982879", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-tumw from subscription Azure subscription 1 has log_connections enabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_connections_on", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-tumw from subscription Azure subscription 1 has log_connections enabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/rest/api/postgresql/configurations/listbyserver", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.3" - ], - "CIS-2.0": [ - "4.3.3" - ], - "ProwlerThreatScore-1.0": [ - "3.1.3" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "4.3.3" - ], - "CIS-3.0": [ - "5.2.6" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.c", - "3.2.3.e", - "3.2.3.g", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760899347, - "created_time_dt": "2025-10-19T18:42:27.982879", - "desc": "Enable log_connections on PostgreSQL Servers.", - "title": "Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_connections_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-tumw" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw", - "name": "psql-tumw", - "resource_group": "rg-tumw", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-tumw", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for log_connections. 5. Click ON and save. From Azure CLI Use the below command to update log_connections configuration. az postgres server configuration set --resource-group -- server-name --name log_connections --value on From PowerShell Use the below command to update log_connections configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_connections -Value on", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/how-to-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling log_connections helps PostgreSQL Database to log attempted connection to the server, as well as successful completion of client authentication. Log data can be used to identify, troubleshoot, and repair configuration errors and suboptimal performance.", - "time": 1760899347, - "time_dt": "2025-10-19T18:42:27.982879", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-e9rn from subscription Azure subscription 1 has log_disconnections enabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_disconnections_on", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-e9rn from subscription Azure subscription 1 has log_disconnections enabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/rest/api/postgresql/singleserver/configurations/list-by-server", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Enabling this setting will enable a log of all disconnections. If this is enabled for a high traffic server, the log may grow exponentially.", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.3" - ], - "CIS-2.0": [ - "4.3.4" - ], - "ProwlerThreatScore-1.0": [ - "3.1.4" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "4.3.4" - ], - "CIS-3.0": [ - "5.2.7" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.c", - "3.2.3.e", - "3.2.3.g", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760899347, - "created_time_dt": "2025-10-19T18:42:27.982879", - "desc": "Enable log_disconnections on PostgreSQL Servers.", - "title": "Ensure server parameter 'log_disconnections' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_disconnections_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-e9rn" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn", - "name": "psql-e9rn", - "resource_group": "rg-e9rn", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-e9rn", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. From Azure Home select the Portal Menu 2. Go to Azure Database for PostgreSQL servers 3. For each database, click on Server parameters 4. Search for log_disconnections. 5. Click ON and save. From Azure CLI Use the below command to update log_disconnections configuration. az postgres server configuration set --resource-group -- server-name --name log_disconnections --value on From PowerShell Use the below command to update log_disconnections configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName -- server-name --name log_disconnections --value on From PowerShell Use the below command to update log_disconnections configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName -- server-name --name log_disconnections --value on From PowerShell Use the below command to update log_disconnections configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName -- server-name --name log_disconnections --value on From PowerShell Use the below command to update log_disconnections configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName -- server-name --name log_retention_days --value <4-7> From Powershell Use the below command to update log_retention_days configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_retention_days -Value <4-7>", - "references": [ - "https://learn.microsoft.com/en-us/rest/api/postgresql/singleserver/configurations/list-by-server?view=rest-postgresql-singleserver-2017-12-01&tabs=HTTP" - ] - }, - "risk_details": "Configuring log_retention_days determines the duration in days that Azure Database for PostgreSQL retains log files. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760899347, - "time_dt": "2025-10-19T18:42:27.982879", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-rk6x from subscription Azure subscription 1 has log_retention disabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_retention_days_greater_3", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Flexible Postgresql server psql-rk6x from subscription Azure subscription 1 has log_retention disabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/azure/postgresql/howto-configure-server-parameters-using-portal", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Configuring this setting will result in logs being retained for the specified number of days. If this is configured on a high traffic server, the log may grow quickly to occupy a large amount of disk space. In this case you may want to set this to a lower number.", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.r3.az.nt.1", - "op.mon.3.az.nw.1" - ], - "CIS-2.0": [ - "4.3.6" - ], - "ProwlerThreatScore-1.0": [ - "3.2.2" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1", - "cc_c_1_2" - ], - "CIS-2.1": [ - "4.3.6" - ], - "CIS-3.0": [ - "5.2.4" - ], - "CCC": [ - "CCC.Logging.CN02.AR02" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.g", - "3.2.5", - "4.1.2.g", - "4.1.4", - "6.1.2.b", - "11.2.2.f", - "12.2.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760899347, - "created_time_dt": "2025-10-19T18:42:27.982879", - "desc": "Ensure log_retention_days on PostgreSQL Servers is set to an appropriate value.", - "title": "Ensure Server Parameter 'log_retention_days' is greater than 3 days for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_retention_days_greater_3-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-rk6x" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x", - "name": "psql-rk6x", - "resource_group": "rg-rk6x", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-rk6x", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. From Azure Home select the Portal Menu. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for log_retention_days. 5. Input a value between 4 and 7 (inclusive) and click Save. From Azure CLI Use the below command to update log_retention_days configuration. az postgres server configuration set --resource-group -- server-name --name log_retention_days --value <4-7> From Powershell Use the below command to update log_retention_days configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_retention_days -Value <4-7>", - "references": [ - "https://learn.microsoft.com/en-us/rest/api/postgresql/singleserver/configurations/list-by-server?view=rest-postgresql-singleserver-2017-12-01&tabs=HTTP" - ] - }, - "risk_details": "Configuring log_retention_days determines the duration in days that Azure Database for PostgreSQL retains log files. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760899347, - "time_dt": "2025-10-19T18:42:27.982879", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-rtac from subscription Azure subscription 1 has log_retention disabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_retention_days_greater_3", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Flexible Postgresql server psql-rtac from subscription Azure subscription 1 has log_retention disabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/azure/postgresql/howto-configure-server-parameters-using-portal", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Configuring this setting will result in logs being retained for the specified number of days. If this is configured on a high traffic server, the log may grow quickly to occupy a large amount of disk space. In this case you may want to set this to a lower number.", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.r3.az.nt.1", - "op.mon.3.az.nw.1" - ], - "CIS-2.0": [ - "4.3.6" - ], - "ProwlerThreatScore-1.0": [ - "3.2.2" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1", - "cc_c_1_2" - ], - "CIS-2.1": [ - "4.3.6" - ], - "CIS-3.0": [ - "5.2.4" - ], - "CCC": [ - "CCC.Logging.CN02.AR02" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.g", - "3.2.5", - "4.1.2.g", - "4.1.4", - "6.1.2.b", - "11.2.2.f", - "12.2.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760899347, - "created_time_dt": "2025-10-19T18:42:27.982879", - "desc": "Ensure log_retention_days on PostgreSQL Servers is set to an appropriate value.", - "title": "Ensure Server Parameter 'log_retention_days' is greater than 3 days for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_retention_days_greater_3-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-rtac" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac", - "name": "psql-rtac", - "resource_group": "rg-rtac", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-rtac", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. From Azure Home select the Portal Menu. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for log_retention_days. 5. Input a value between 4 and 7 (inclusive) and click Save. From Azure CLI Use the below command to update log_retention_days configuration. az postgres server configuration set --resource-group -- server-name --name log_retention_days --value <4-7> From Powershell Use the below command to update log_retention_days configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_retention_days -Value <4-7>", - "references": [ - "https://learn.microsoft.com/en-us/rest/api/postgresql/singleserver/configurations/list-by-server?view=rest-postgresql-singleserver-2017-12-01&tabs=HTTP" - ] - }, - "risk_details": "Configuring log_retention_days determines the duration in days that Azure Database for PostgreSQL retains log files. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760899347, - "time_dt": "2025-10-19T18:42:27.982879", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-tumw from subscription Azure subscription 1 has log_retention disabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_retention_days_greater_3", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Flexible Postgresql server psql-tumw from subscription Azure subscription 1 has log_retention disabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/azure/postgresql/howto-configure-server-parameters-using-portal", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Configuring this setting will result in logs being retained for the specified number of days. If this is configured on a high traffic server, the log may grow quickly to occupy a large amount of disk space. In this case you may want to set this to a lower number.", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.r3.az.nt.1", - "op.mon.3.az.nw.1" - ], - "CIS-2.0": [ - "4.3.6" - ], - "ProwlerThreatScore-1.0": [ - "3.2.2" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1", - "cc_c_1_2" - ], - "CIS-2.1": [ - "4.3.6" - ], - "CIS-3.0": [ - "5.2.4" - ], - "CCC": [ - "CCC.Logging.CN02.AR02" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.g", - "3.2.5", - "4.1.2.g", - "4.1.4", - "6.1.2.b", - "11.2.2.f", - "12.2.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760899347, - "created_time_dt": "2025-10-19T18:42:27.982879", - "desc": "Ensure log_retention_days on PostgreSQL Servers is set to an appropriate value.", - "title": "Ensure Server Parameter 'log_retention_days' is greater than 3 days for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_retention_days_greater_3-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-tumw" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw", - "name": "psql-tumw", - "resource_group": "rg-tumw", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-tumw", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. From Azure Home select the Portal Menu. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for log_retention_days. 5. Input a value between 4 and 7 (inclusive) and click Save. From Azure CLI Use the below command to update log_retention_days configuration. az postgres server configuration set --resource-group -- server-name --name log_retention_days --value <4-7> From Powershell Use the below command to update log_retention_days configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_retention_days -Value <4-7>", - "references": [ - "https://learn.microsoft.com/en-us/rest/api/postgresql/singleserver/configurations/list-by-server?view=rest-postgresql-singleserver-2017-12-01&tabs=HTTP" - ] - }, - "risk_details": "Configuring log_retention_days determines the duration in days that Azure Database for PostgreSQL retains log files. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760899347, - "time_dt": "2025-10-19T18:42:27.982879", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - } -] diff --git a/website/src/data/test-results/for-osff/azure-postgresql-flexibleserver/results/azure-postgresql-flexibleserver-complete.ocsf.json b/website/src/data/test-results/for-osff/azure-postgresql-flexibleserver/results/azure-postgresql-flexibleserver-complete.ocsf.json deleted file mode 100644 index 6c07e9fb..00000000 --- a/website/src/data/test-results/for-osff/azure-postgresql-flexibleserver/results/azure-postgresql-flexibleserver-complete.ocsf.json +++ /dev/null @@ -1,11649 +0,0 @@ -[ - { - "message": "There are no AppInsight configured in subscription Azure subscription 1.", - "metadata": { - "event_code": "appinsights_ensure_is_configured", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "There are no AppInsight configured in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/azure-monitor/app/app-insights-overview", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Because Application Insights relies on a Log Analytics Workspace, an organization will incur additional expenses when using this service.", - "compliance": { - "ENS-RD2022": [ - "mp.s.4.r1.az.nt.2" - ], - "CIS-2.0": [ - "5.3.1" - ], - "ProwlerThreatScore-1.0": [ - "3.3.13" - ], - "CIS-2.1": [ - "5.3.1" - ], - "CIS-3.0": [ - "6.3.1" - ], - "CCC": [ - "CCC.Logging.CN01.AR01" - ], - "PCI-4.0": [ - "10.2.1.1.3", - "10.2.1.2.3", - "10.2.1.3.3", - "10.2.1.4.3", - "10.2.1.5.3", - "10.2.1.6.3", - "10.2.1.7.3", - "10.2.1.3", - "10.2.2.3", - "10.4.1.1.1", - "10.4.1.1", - "10.4.2.1", - "10.6.3.3", - "10.7.1.1", - "10.7.2.1", - "5.3.4.3", - "A1.2.1.3", - "A3.3.1.1", - "A3.5.1.1" - ], - "CIS-4.0": [ - "7.1.3.1" - ], - "NIS2": [ - "3.2.3.h", - "5.1.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900038, - "created_time_dt": "2025-10-19T18:53:58.634122", - "desc": "Application Insights within Azure act as an Application Performance Monitoring solution providing valuable data into how well an application performs and additional information when performing incident response. The types of log data collected include application metrics, telemetry data, and application trace logging data providing organizations with detailed information about application activity and application transactions. Both data sets help organizations adopt a proactive and retroactive means to handle security and performance related metrics within their modern applications.", - "title": "Ensure Application Insights are Configured.", - "types": [], - "uid": "prowler-azure-appinsights_ensure_is_configured-3bb71587-4549-4396-8898-9e15f062e665-global-AppInsights" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "appinsights" - }, - "labels": [], - "name": "AppInsights", - "type": "Microsoft.Insights/components", - "uid": "AppInsights" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. Navigate to Application Insights 2. Under the Basics tab within the PROJECT DETAILS section, select the Subscription 3. Select the Resource group 4. Within the INSTANCE DETAILS, enter a Name 5. Select a Region 6. Next to Resource Mode, select Workspace-based 7. Within the WORKSPACE DETAILS, select the Subscription for the log analytics workspace 8. Select the appropriate Log Analytics Workspace 9. Click Next:Tags > 10. Enter the appropriate Tags as Name, Value pairs. 11. Click Next:Review+Create 12. Click Create.", - "references": [] - }, - "risk_details": "Configuring Application Insights provides additional data not found elsewhere within Azure as part of a much larger logging and monitoring program within an organization's Information Security practice. The types and contents of these logs will act as both a potential cost saving measure (application performance) and a means to potentially confirm the source of a potential incident (trace logging). Metrics and Telemetry data provide organizations with a proactive approach to cost savings by monitoring an application's performance, while the trace logging data provides necessary details in a reactive incident response scenario by helping organizations identify the potential source of an incident within their application.", - "time": 1760900038, - "time_dt": "2025-10-19T18:53:58.634122", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Defender Auto Provisioning Log Analytics Agents from subscription Azure subscription 1 is set to OFF.", - "metadata": { - "event_code": "defender_auto_provisioning_log_analytics_agent_vms_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Defender Auto Provisioning Log Analytics Agents from subscription Azure subscription 1 is set to OFF.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/azure/security-center/security-center-data-security", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.mon.3.r2.az.de.1", - "mp.s.4.r1.az.nt.5" - ], - "MITRE-ATTACK": [ - "T1190" - ], - "CIS-2.0": [ - "2.1.15" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1", - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "2.1.14" - ], - "CIS-3.0": [ - "3.1.1.1" - ], - "NIS2": [ - "2.1.2.h", - "3.1.2.d", - "3.2.3.c", - "3.2.3.e", - "3.2.3.g", - "3.6.2", - "6.9.2", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900038, - "created_time_dt": "2025-10-19T18:53:58.634122", - "desc": "Ensure that Auto provisioning of 'Log Analytics agent for Azure VMs' is Set to 'On'. The Microsoft Monitoring Agent scans for various security-related configurations and events such as system updates, OS vulnerabilities, endpoint protection, and provides alerts.", - "title": "Ensure that Auto provisioning of 'Log Analytics agent for Azure VMs' is Set to 'On'", - "types": [], - "uid": "prowler-azure-defender_auto_provisioning_log_analytics_agent_vms_on-3bb71587-4549-4396-8898-9e15f062e665-global-default" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/autoProvisioningSettings/default", - "resource_name": "default", - "resource_type": "Microsoft.Security/autoProvisioningSettings", - "auto_provision": "Off" - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "default", - "type": "AzureDefenderPlan", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/autoProvisioningSettings/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "Ensure comprehensive visibility into possible security vulnerabilities, including missing updates, misconfigured operating system security settings, and active threats, allowing for timely mitigation and improved overall security posture", - "references": [ - "https://learn.microsoft.com/en-us/azure/defender-for-cloud/monitoring-components" - ] - }, - "risk_details": "Missing critical security information about your Azure VMs, such as security alerts, security recommendations, and change tracking.", - "time": 1760900038, - "time_dt": "2025-10-19T18:53:58.634122", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Container image scan is disabled in subscription Azure subscription 1.", - "metadata": { - "event_code": "defender_container_images_scan_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Container image scan is disabled in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/container-registry/container-registry-check-health", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "When using an Azure container registry, you might occasionally encounter problems. For example, you might not be able to pull a container image because of an issue with Docker in your local environment. Or, a network issue might prevent you from connecting to the registry.", - "compliance": { - "MITRE-ATTACK": [ - "T1190", - "T1525" - ], - "ISO27001-2022": [ - "A.5.19", - "A.5.21", - "A.5.25", - "A.5.28", - "A.5.29", - "A.8.7", - "A.8.9" - ], - "SOC2": [ - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CCC": [ - "CCC.CntrReg.CN01.AR01" - ], - "PCI-4.0": [ - "11.3.1.2.1", - "11.3.1.3.3", - "11.3.1.3" - ], - "NIS2": [ - "2.2.1", - "3.1.2.d", - "3.6.2", - "5.1.4.f", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900038, - "created_time_dt": "2025-10-19T18:53:58.634122", - "desc": "Scan images being deployed to Azure (AKS) for vulnerabilities. Vulnerability scanning for images stored in Azure Container Registry is generally available in Azure Security Center. This capability is powered by Qualys, a leading provider of information security. When you push an image to Container Registry, Security Center automatically scans it, then checks for known vulnerabilities in packages or dependencies defined in the file. When the scan completes (after about 10 minutes), Security Center provides details and a security classification for each vulnerability detected, along with guidance on how to remediate issues and protect vulnerable attack surfaces.", - "title": "Ensure Image Vulnerability Scanning using Azure Defender image scanning or a third party provider", - "types": [], - "uid": "prowler-azure-defender_container_images_scan_enabled-3bb71587-4549-4396-8898-9e15f062e665-global-Containers" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/Containers", - "resource_name": "Containers", - "pricing_tier": "Free", - "free_trial_remaining_time": 2592000.0, - "extensions": {} - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "Containers", - "type": "Microsoft.Security", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/Containers" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "", - "references": [ - "https://learn.microsoft.com/en-us/azure/container-registry/scan-images-defender" - ] - }, - "risk_details": "Vulnerabilities in software packages can be exploited by hackers or malicious users to obtain unauthorized access to local cloud resources. Azure Defender and other third party products allow images to be scanned for known vulnerabilities.", - "time": 1760900038, - "time_dt": "2025-10-19T18:53:58.634122", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Defender plan Defender for App Services from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "metadata": { - "event_code": "defender_ensure_defender_for_app_services_is_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Defender plan Defender for App Services from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.s.4.r1.az.nt.3" - ], - "MITRE-ATTACK": [ - "T1190", - "T1059", - "T1204", - "T1552", - "T1486", - "T1499", - "T1496", - "T1087" - ], - "ISO27001-2022": [ - "A.5.19", - "A.5.21", - "A.5.25", - "A.5.28", - "A.5.29", - "A.8.7", - "A.8.9" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CIS-2.1": [ - "2.1.2" - ], - "CIS-3.0": [ - "3.1.6.1" - ], - "CIS-4.0": [ - "9.1.6.1" - ], - "NIS2": [ - "3.6.2", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900038, - "created_time_dt": "2025-10-19T18:53:58.634122", - "desc": "Ensure That Microsoft Defender for App Services Is Set To 'On' ", - "title": "Ensure That Microsoft Defender for App Services Is Set To 'On' ", - "types": [], - "uid": "prowler-azure-defender_ensure_defender_for_app_services_is_on-3bb71587-4549-4396-8898-9e15f062e665-global-Defender plan App Services" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/AppServices", - "resource_name": "AppServices", - "pricing_tier": "Free", - "free_trial_remaining_time": 2592000.0, - "extensions": {} - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "Defender plan App Services", - "type": "AzureDefenderPlan", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/AppServices" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "By default, Microsoft Defender for Cloud is not enabled for your App Service instances. Enabling the Defender security service for App Service instances allows for advanced security defense using threat detection capabilities provided by Microsoft Security Response Center.", - "references": [] - }, - "risk_details": "Turning on Microsoft Defender for App Service enables threat detection for App Service, providing threat intelligence, anomaly detection, and behavior analytics in the Microsoft Defender for Cloud.", - "time": 1760900038, - "time_dt": "2025-10-19T18:53:58.634122", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Defender plan Defender for ARM from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "metadata": { - "event_code": "defender_ensure_defender_for_arm_is_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Defender plan Defender for ARM from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.s.4.r1.az.nt.3" - ], - "MITRE-ATTACK": [ - "T1190", - "T1562", - "T1486", - "T1499", - "T1087", - "T1580", - "T1538", - "T1526", - "T1069" - ], - "CIS-2.0": [ - "2.1.12" - ], - "ISO27001-2022": [ - "A.5.19", - "A.5.21", - "A.5.25", - "A.5.28", - "A.5.29", - "A.8.7", - "A.8.9" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CIS-2.1": [ - "2.1.11" - ], - "CIS-3.0": [ - "3.1.9.1" - ], - "CIS-4.0": [ - "9.1.9.1" - ], - "NIS2": [ - "3.6.2", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900038, - "created_time_dt": "2025-10-19T18:53:58.634122", - "desc": "Ensure That Microsoft Defender for Azure Resource Manager Is Set To 'On' ", - "title": "Ensure That Microsoft Defender for Azure Resource Manager Is Set To 'On' ", - "types": [], - "uid": "prowler-azure-defender_ensure_defender_for_arm_is_on-3bb71587-4549-4396-8898-9e15f062e665-global-Defender plan ARM" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/Arm", - "resource_name": "Arm", - "pricing_tier": "Free", - "free_trial_remaining_time": 2592000.0, - "extensions": {} - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "Defender plan ARM", - "type": "AzureDefenderPlan", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/Arm" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "Enable Microsoft Defender for Azure Resource Manager", - "references": [] - }, - "risk_details": "Scanning resource requests lets you be alerted every time there is suspicious activity in order to prevent a security threat from being introduced.", - "time": 1760900038, - "time_dt": "2025-10-19T18:53:58.634122", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Defender plan Defender for Azure SQL DB Servers from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "metadata": { - "event_code": "defender_ensure_defender_for_azure_sql_databases_is_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Defender plan Defender for Azure SQL DB Servers from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.s.4.r1.az.nt.4" - ], - "MITRE-ATTACK": [ - "T1190", - "T1486", - "T1499" - ], - "CIS-2.0": [ - "2.1.4" - ], - "ISO27001-2022": [ - "A.5.19", - "A.5.21", - "A.5.25", - "A.5.28", - "A.5.29", - "A.8.7", - "A.8.9" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CIS-2.1": [ - "2.1.3" - ], - "CIS-3.0": [ - "3.1.7.3" - ], - "CIS-4.0": [ - "9.1.7.3" - ], - "NIS2": [ - "3.6.2", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900038, - "created_time_dt": "2025-10-19T18:53:58.634122", - "desc": "Ensure That Microsoft Defender for Azure SQL Databases Is Set To 'On' ", - "title": "Ensure That Microsoft Defender for Azure SQL Databases Is Set To 'On' ", - "types": [], - "uid": "prowler-azure-defender_ensure_defender_for_azure_sql_databases_is_on-3bb71587-4549-4396-8898-9e15f062e665-global-SqlServers" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/SqlServers", - "resource_name": "SqlServers", - "pricing_tier": "Free", - "free_trial_remaining_time": 2592000.0, - "extensions": {} - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "SqlServers", - "type": "AzureDefenderPlan", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/SqlServers" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "By default, Microsoft Defender for Cloud is disabled for all your SQL database servers. Defender for Cloud monitors your SQL database servers for threats such as SQL injection, brute-force attacks, and privilege abuse. The security service provides action-oriented security alerts with details of the suspicious activity and guidance on how to mitigate the security threats.", - "references": [] - }, - "risk_details": "Turning on Microsoft Defender for Azure SQL Databases enables threat detection for Azure SQL database servers, providing threat intelligence, anomaly detection, and behavior analytics in the Microsoft Defender for Cloud.", - "time": 1760900038, - "time_dt": "2025-10-19T18:53:58.634122", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Defender plan Defender for Containers from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "metadata": { - "event_code": "defender_ensure_defender_for_containers_is_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Defender plan Defender for Containers from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.s.4.r1.az.nt.3" - ], - "MITRE-ATTACK": [ - "T1190", - "T1525", - "T1486", - "T1499" - ], - "CIS-2.0": [ - "2.1.8" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.19", - "A.5.21", - "A.5.22", - "A.5.25", - "A.5.28", - "A.5.29", - "A.8.7", - "A.8.9" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CIS-2.1": [ - "2.1.8" - ], - "CIS-3.0": [ - "3.1.4.1" - ], - "CIS-4.0": [ - "9.1.4.1" - ], - "NIS2": [ - "3.6.2", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900038, - "created_time_dt": "2025-10-19T18:53:58.634122", - "desc": "Ensure That Microsoft Defender for Containers Is Set To 'On' ", - "title": "Ensure That Microsoft Defender for Containers Is Set To 'On' ", - "types": [], - "uid": "prowler-azure-defender_ensure_defender_for_containers_is_on-3bb71587-4549-4396-8898-9e15f062e665-global-Containers" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/Containers", - "resource_name": "Containers", - "pricing_tier": "Free", - "free_trial_remaining_time": 2592000.0, - "extensions": {} - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "Containers", - "type": "AzureDefenderPlan", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/Containers" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "By default, Microsoft Defender for Cloud is not enabled for your Azure cloud containers. Enabling the Defender security service for Azure containers allows for advanced security defense against threats, using threat detection capabilities provided by the Microsoft Security Response Center (MSRC).", - "references": [] - }, - "risk_details": "Ensure that Microsoft Defender for Cloud is enabled for all your Azure containers. Turning on the Defender for Cloud service enables threat detection for containers, providing threat intelligence, anomaly detection, and behavior analytics.", - "time": 1760900038, - "time_dt": "2025-10-19T18:53:58.634122", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Defender plan Defender for Cosmos DB from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "metadata": { - "event_code": "defender_ensure_defender_for_cosmosdb_is_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Defender plan Defender for Cosmos DB from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.s.4.r1.az.nt.4" - ], - "MITRE-ATTACK": [ - "T1190", - "T1486", - "T1499" - ], - "CIS-2.0": [ - "2.1.9" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.19", - "A.5.21", - "A.5.22", - "A.5.25", - "A.5.28", - "A.5.29", - "A.8.7", - "A.8.9" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CIS-2.1": [ - "2.1.6" - ], - "CIS-3.0": [ - "3.1.7.1" - ], - "CIS-4.0": [ - "9.1.7.1" - ], - "NIS2": [ - "3.6.2", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900038, - "created_time_dt": "2025-10-19T18:53:58.634122", - "desc": "Ensure That Microsoft Defender for Cosmos DB Is Set To 'On' ", - "title": "Ensure That Microsoft Defender for Cosmos DB Is Set To 'On' ", - "types": [], - "uid": "prowler-azure-defender_ensure_defender_for_cosmosdb_is_on-3bb71587-4549-4396-8898-9e15f062e665-global-Defender plan Cosmos DB" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/CosmosDbs", - "resource_name": "CosmosDbs", - "pricing_tier": "Free", - "free_trial_remaining_time": 2592000.0, - "extensions": {} - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "Defender plan Cosmos DB", - "type": "AzureDefenderPlan", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/CosmosDbs" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "By default, Microsoft Defender for Cloud is not enabled for your App Service instances. Enabling the Defender security service for App Service instances allows for advanced security defense using threat detection capabilities provided by Microsoft Security Response Center.", - "references": [ - "Enable Microsoft Defender for Cosmos DB" - ] - }, - "risk_details": "In scanning Cosmos DB requests within a subscription, requests are compared to a heuristic list of potential security threats. These threats could be a result of a security breach within your services, thus scanning for them could prevent a potential security threat from being introduced.", - "time": 1760900038, - "time_dt": "2025-10-19T18:53:58.634122", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Defender plan Defender for Databases from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "metadata": { - "event_code": "defender_ensure_defender_for_databases_is_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Defender plan Defender for Databases from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.s.4.r1.az.nt.4" - ], - "MITRE-ATTACK": [ - "T1190", - "T1486", - "T1499" - ], - "CIS-2.0": [ - "2.1.3" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.19", - "A.5.21", - "A.5.22", - "A.5.25", - "A.5.28", - "A.5.29", - "A.8.7", - "A.8.9" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "NIS2": [ - "3.6.2", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900038, - "created_time_dt": "2025-10-19T18:53:58.634122", - "desc": "Ensure That Microsoft Defender for Databases Is Set To 'On' ", - "title": "Ensure That Microsoft Defender for Databases Is Set To 'On' ", - "types": [], - "uid": "prowler-azure-defender_ensure_defender_for_databases_is_on-3bb71587-4549-4396-8898-9e15f062e665-global-SqlServers" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/SqlServers", - "resource_name": "SqlServers", - "pricing_tier": "Free", - "free_trial_remaining_time": 2592000.0, - "extensions": {} - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "SqlServers", - "type": "AzureDefenderPlan", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/SqlServers" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "Enable Microsoft Defender for Azure SQL Databases", - "references": [] - }, - "risk_details": "Enabling Microsoft Defender for Azure SQL Databases allows your organization more granular control of the infrastructure running your database software", - "time": 1760900038, - "time_dt": "2025-10-19T18:53:58.634122", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Defender plan Defender for DNS from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "metadata": { - "event_code": "defender_ensure_defender_for_dns_is_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Defender plan Defender for DNS from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.s.4.r1.az.nt.3" - ], - "MITRE-ATTACK": [ - "T1190", - "T1486", - "T1499" - ], - "CIS-2.0": [ - "2.1.11" - ], - "ProwlerThreatScore-1.0": [ - "3.3.21" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.19", - "A.5.21", - "A.5.22", - "A.5.25", - "A.5.28", - "A.5.29", - "A.8.7", - "A.8.9" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CIS-2.1": [ - "2.1.10" - ], - "CIS-3.0": [ - "3.1.16" - ], - "CIS-4.0": [ - "9.1.17" - ], - "NIS2": [ - "3.6.2", - "6.7.2.i", - "6.7.2.l", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900038, - "created_time_dt": "2025-10-19T18:53:58.634122", - "desc": "Ensure That Microsoft Defender for DNS Is Set To 'On' ", - "title": "Ensure That Microsoft Defender for DNS Is Set To 'On' ", - "types": [], - "uid": "prowler-azure-defender_ensure_defender_for_dns_is_on-3bb71587-4549-4396-8898-9e15f062e665-global-Defender plan DNS" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/Dns", - "resource_name": "Dns", - "pricing_tier": "Free", - "free_trial_remaining_time": 2592000.0, - "extensions": {} - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "Defender plan DNS", - "type": "AzureDefenderPlan", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/Dns" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "By default, Microsoft Defender for Cloud is not enabled for your App Service instances. Enabling the Defender security service for App Service instances allows for advanced security defense using threat detection capabilities provided by Microsoft Security Response Center.", - "references": [] - }, - "risk_details": "DNS lookups within a subscription are scanned and compared to a dynamic list of websites that might be potential security threats. These threats could be a result of a security breach within your services, thus scanning for them could prevent a potential security threat from being introduced.", - "time": 1760900038, - "time_dt": "2025-10-19T18:53:58.634122", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Defender plan Defender for KeyVaults from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "metadata": { - "event_code": "defender_ensure_defender_for_keyvault_is_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Defender plan Defender for KeyVaults from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r1.az.eid.3" - ], - "MITRE-ATTACK": [ - "T1190", - "T1486", - "T1499", - "T1580" - ], - "CIS-2.0": [ - "2.1.10" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.19", - "A.5.21", - "A.5.22", - "A.5.25", - "A.5.28", - "A.5.29", - "A.8.7", - "A.8.9" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CIS-2.1": [ - "2.1.9" - ], - "CIS-3.0": [ - "3.1.8.1" - ], - "PCI-4.0": [ - "3.5.1.31", - "3.5.1.32", - "8.3.2.50", - "8.3.2.51" - ], - "CIS-4.0": [ - "9.1.8.1" - ], - "NIS2": [ - "3.6.2", - "6.9.2", - "9.2.c", - "9.2.c.iv" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900038, - "created_time_dt": "2025-10-19T18:53:58.634122", - "desc": "Ensure That Microsoft Defender for KeyVault Is Set To 'On' ", - "title": "Ensure That Microsoft Defender for KeyVault Is Set To 'On' ", - "types": [], - "uid": "prowler-azure-defender_ensure_defender_for_keyvault_is_on-3bb71587-4549-4396-8898-9e15f062e665-global-Defender plan KeyVaults" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/KeyVaults", - "resource_name": "KeyVaults", - "pricing_tier": "Free", - "free_trial_remaining_time": 2592000.0, - "extensions": {} - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "Defender plan KeyVaults", - "type": "AzureDefenderPlan", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/KeyVaults" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "Ensure that Microsoft Defender for Cloud is enabled for Azure key vaults. Key Vault is the Azure cloud service that safeguards encryption keys and secrets like certificates, connection-based strings, and passwords.", - "references": [] - }, - "risk_details": "By default, Microsoft Defender for Cloud is disabled for Azure key vaults. Defender for Cloud detects unusual and potentially harmful attempts to access or exploit your Azure Key Vault data. This layer of protection allows you to address threats without being a security expert, and without the need to use and manage third-party security monitoring tools or services.", - "time": 1760900038, - "time_dt": "2025-10-19T18:53:58.634122", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Defender plan Defender for Open-Source Relational Databases from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "metadata": { - "event_code": "defender_ensure_defender_for_os_relational_databases_is_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Defender plan Defender for Open-Source Relational Databases from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.s.4.r1.az.nt.4" - ], - "MITRE-ATTACK": [ - "T1190", - "T1486", - "T1499" - ], - "CIS-2.0": [ - "2.1.6" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.19", - "A.5.21", - "A.5.22", - "A.5.25", - "A.5.28", - "A.5.29", - "A.8.7", - "A.8.9" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CIS-2.1": [ - "2.1.5" - ], - "CIS-3.0": [ - "3.1.7.2" - ], - "CIS-4.0": [ - "9.1.7.2" - ], - "NIS2": [ - "3.6.2", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900038, - "created_time_dt": "2025-10-19T18:53:58.634122", - "desc": "Ensure That Microsoft Defender for Open-Source Relational Databases Is Set To 'On' ", - "title": "Ensure That Microsoft Defender for Open-Source Relational Databases Is Set To 'On' ", - "types": [], - "uid": "prowler-azure-defender_ensure_defender_for_os_relational_databases_is_on-3bb71587-4549-4396-8898-9e15f062e665-global-Defender plan Open-Source Relational Databases" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/OpenSourceRelationalDatabases", - "resource_name": "OpenSourceRelationalDatabases", - "pricing_tier": "Free", - "free_trial_remaining_time": 2592000.0, - "extensions": {} - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "Defender plan Open-Source Relational Databases", - "type": "AzureDefenderPlan", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/OpenSourceRelationalDatabases" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "Enabling Microsoft Defender for Open-source relational databases allows for greater defense-in-depth, with threat detection provided by the Microsoft Security Response Center (MSRC).", - "references": [] - }, - "risk_details": "Turning on Microsoft Defender for Open-source relational databases enables threat detection for Open-source relational databases, providing threat intelligence, anomaly detection, and behavior analytics in the Microsoft Defender for Cloud.", - "time": 1760900038, - "time_dt": "2025-10-19T18:53:58.634122", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Defender plan Defender for Servers from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "metadata": { - "event_code": "defender_ensure_defender_for_server_is_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Defender plan Defender for Servers from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.mon.3.r1.az.ev.1", - "mp.s.4.r1.az.nt.3" - ], - "MITRE-ATTACK": [ - "T1190", - "T1486", - "T1499" - ], - "CIS-2.0": [ - "2.1.1", - "2.1.2" - ], - "ProwlerThreatScore-1.0": [ - "1.1.4" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.19", - "A.5.21", - "A.5.22", - "A.5.25", - "A.5.28", - "A.5.29", - "A.8.7", - "A.8.9" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CIS-2.1": [ - "2.1.1" - ], - "CIS-3.0": [ - "2.2.8", - "3.1.3.1" - ], - "CIS-4.0": [ - "6.2.7", - "9.1.3.1" - ], - "NIS2": [ - "3.6.2", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900038, - "created_time_dt": "2025-10-19T18:53:58.634122", - "desc": "Ensure That Microsoft Defender for Servers Is Set to 'On'", - "title": "Ensure That Microsoft Defender for Servers Is Set to 'On'", - "types": [], - "uid": "prowler-azure-defender_ensure_defender_for_server_is_on-3bb71587-4549-4396-8898-9e15f062e665-global-Defender plan Servers" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/VirtualMachines", - "resource_name": "VirtualMachines", - "pricing_tier": "Free", - "free_trial_remaining_time": 2592000.0, - "extensions": {} - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "Defender plan Servers", - "type": "AzureDefenderPlan", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/VirtualMachines" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "Enabling Microsoft Defender for Cloud standard pricing tier allows for better security assessment with threat detection provided by the Microsoft Security Response Center (MSRC), advanced security policies, adaptive application control, network threat detection, and regulatory compliance management.", - "references": [] - }, - "risk_details": "Turning on Microsoft Defender for Servers enables threat detection for Servers, providing threat intelligence, anomaly detection, and behavior analytics in the Microsoft Defender for Cloud.", - "time": 1760900038, - "time_dt": "2025-10-19T18:53:58.634122", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Defender plan Defender for SQL Server VMs from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "metadata": { - "event_code": "defender_ensure_defender_for_sql_servers_is_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Defender plan Defender for SQL Server VMs from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.s.4.r1.az.nt.4" - ], - "MITRE-ATTACK": [ - "T1190", - "T1486", - "T1499" - ], - "CIS-2.0": [ - "2.1.5" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.19", - "A.5.21", - "A.5.22", - "A.5.25", - "A.5.28", - "A.5.29", - "A.8.7", - "A.8.9" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CIS-2.1": [ - "2.1.4" - ], - "CIS-3.0": [ - "3.1.7.4" - ], - "CIS-4.0": [ - "9.1.7.4" - ], - "NIS2": [ - "3.6.2", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900038, - "created_time_dt": "2025-10-19T18:53:58.634122", - "desc": "Ensure That Microsoft Defender for SQL Servers on Machines Is Set To 'On' ", - "title": "Ensure That Microsoft Defender for SQL Servers on Machines Is Set To 'On' ", - "types": [], - "uid": "prowler-azure-defender_ensure_defender_for_sql_servers_is_on-3bb71587-4549-4396-8898-9e15f062e665-global-Defender plan SQL Server VMs" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/SqlServerVirtualMachines", - "resource_name": "SqlServerVirtualMachines", - "pricing_tier": "Free", - "free_trial_remaining_time": 2592000.0, - "extensions": {} - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "Defender plan SQL Server VMs", - "type": "AzureDefenderPlan", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/SqlServerVirtualMachines" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "By default, Microsoft Defender for Cloud is disabled for the Microsoft SQL servers running on virtual machines. Defender for Cloud for SQL Server virtual machines continuously monitors your SQL database servers for threats such as SQL injection, brute-force attacks, and privilege abuse. The security service provides security alerts together with details of the suspicious activity and guidance on how to mitigate to the security threats.", - "references": [] - }, - "risk_details": "Turning on Microsoft Defender for SQL servers on machines enables threat detection for SQL servers on machines, providing threat intelligence, anomaly detection, and behavior analytics in the Microsoft Defender for Cloud.", - "time": 1760900038, - "time_dt": "2025-10-19T18:53:58.634122", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Defender plan Defender for Storage Accounts from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "metadata": { - "event_code": "defender_ensure_defender_for_storage_is_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Defender plan Defender for Storage Accounts from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.s.4.r1.az.nt.5" - ], - "MITRE-ATTACK": [ - "T1190", - "T1537", - "T1530", - "T1485", - "T1486", - "T1499" - ], - "CIS-2.0": [ - "2.1.7" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.19", - "A.5.21", - "A.5.22", - "A.5.25", - "A.5.28", - "A.5.29", - "A.8.7", - "A.8.9" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CIS-2.1": [ - "2.1.7" - ], - "CIS-3.0": [ - "3.1.5.1" - ], - "CIS-4.0": [ - "9.1.5.1" - ], - "NIS2": [ - "3.6.2", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900038, - "created_time_dt": "2025-10-19T18:53:58.634122", - "desc": "Ensure That Microsoft Defender for Storage Is Set To 'On' ", - "title": "Ensure That Microsoft Defender for Storage Is Set To 'On' ", - "types": [], - "uid": "prowler-azure-defender_ensure_defender_for_storage_is_on-3bb71587-4549-4396-8898-9e15f062e665-global-Defender plan Storage Accounts" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/StorageAccounts", - "resource_name": "StorageAccounts", - "pricing_tier": "Free", - "free_trial_remaining_time": 2592000.0, - "extensions": {} - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "Defender plan Storage Accounts", - "type": "AzureDefenderPlan", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/StorageAccounts" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "By default, Microsoft Defender for Cloud is disabled for your storage accounts. Enabling the Defender security service for Azure storage accounts allows for advanced security defense using threat detection capabilities provided by the Microsoft Security Response Center (MSRC). MSRC investigates all reports of security vulnerabilities affecting Microsoft products and services, including Azure cloud services.", - "references": [] - }, - "risk_details": "Ensure that Microsoft Defender for Cloud is enabled for your Microsoft Azure storage accounts. Defender for storage accounts is an Azure-native layer of security intelligence that detects unusual and potentially harmful attempts to access or exploit your Azure cloud storage accounts.", - "time": 1760900038, - "time_dt": "2025-10-19T18:53:58.634122", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No IoT Security Solutions found in the subscription Azure subscription 1.", - "metadata": { - "event_code": "defender_ensure_iot_hub_defender_is_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "No IoT Security Solutions found in the subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://azure.microsoft.com/en-us/services/iot-defender/#overview", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Enabling Microsoft Defender for IoT will incur additional charges dependent on the level of usage.", - "compliance": { - "ENS-RD2022": [ - "mp.s.4.r1.az.nt.3" - ], - "MITRE-ATTACK": [ - "T1190", - "T1486", - "T1499" - ], - "CIS-2.0": [ - "2.2.1" - ], - "ISO27001-2022": [ - "A.5.19", - "A.5.21", - "A.5.25", - "A.5.28", - "A.5.29", - "A.8.7", - "A.8.9" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CIS-2.1": [ - "2.2.1" - ], - "CIS-3.0": [ - "3.2.1" - ], - "CIS-4.0": [ - "9.2.1" - ], - "NIS2": [ - "3.6.2", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900038, - "created_time_dt": "2025-10-19T18:53:58.634122", - "desc": "Microsoft Defender for IoT acts as a central security hub for IoT devices within your organization.", - "title": "Ensure That Microsoft Defender for IoT Hub Is Set To 'On'", - "types": [], - "uid": "prowler-azure-defender_ensure_iot_hub_defender_is_on-3bb71587-4549-4396-8898-9e15f062e665-global-IoT Hub Defender" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "IoT Hub Defender", - "type": "DefenderIoT", - "uid": "IoT Hub Defender" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. Go to IoT Hub. 2. Select a IoT Hub to validate. 3. Select Overview in Defender for IoT. 4. Click on Secure your IoT solution, and complete the onboarding.", - "references": [ - "https://learn.microsoft.com/en-us/azure/defender-for-iot/device-builders/quickstart-onboard-iot-hub" - ] - }, - "risk_details": "IoT devices are very rarely patched and can be potential attack vectors for enterprise networks. Updating their network configuration to use a central security hub allows for detection of these breaches.", - "time": 1760900038, - "time_dt": "2025-10-19T18:53:58.634122", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Microsoft Defender for Cloud Apps is enabled for subscription Azure subscription 1.", - "metadata": { - "event_code": "defender_ensure_mcas_is_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Microsoft Defender for Cloud Apps is enabled for subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-in/azure/defender-for-cloud/defender-for-cloud-introduction#secure-cloud-applications", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Microsoft Defender for Cloud Apps works with Standard pricing tier Subscription. Choosing the Standard pricing tier of Microsoft Defender for Cloud incurs an additional cost per resource.", - "compliance": { - "ENS-RD2022": [ - "mp.s.4.r1.az.nt.3" - ], - "MITRE-ATTACK": [ - "T1190", - "T1486" - ], - "CIS-2.0": [ - "2.1.21" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.22" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CIS-2.1": [ - "2.1.20" - ], - "CIS-3.0": [ - "3.1.1.2" - ], - "PCI-4.0": [ - "11.5.1.1.2", - "11.5.1.2" - ], - "NIS2": [ - "3.6.2", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900038, - "created_time_dt": "2025-10-19T18:53:58.634122", - "desc": "This integration setting enables Microsoft Defender for Cloud Apps (formerly 'Microsoft Cloud App Security' or 'MCAS' - see additional info) to communicate with Microsoft Defender for Cloud.", - "title": "Ensure that Microsoft Defender for Cloud Apps integration with Microsoft Defender for Cloud is Selected", - "types": [], - "uid": "prowler-azure-defender_ensure_mcas_is_enabled-3bb71587-4549-4396-8898-9e15f062e665-global-MCAS" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/settings/MCAS", - "resource_type": "Microsoft.Security/settings", - "kind": "DataExportSettings", - "enabled": true - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "MCAS", - "type": "DefenderSettings", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/settings/MCAS" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. From Azure Home select the Portal Menu. 2. Select Microsoft Defender for Cloud. 3. Select Environment Settings blade. 4. Select the subscription. 5. Check App Service Defender Plan to On. 6. Select Save.", - "references": [ - "https://docs.microsoft.com/en-us/rest/api/securitycenter/settings/list" - ] - }, - "risk_details": "Microsoft Defender for Cloud offers an additional layer of protection by using Azure Resource Manager events, which is considered to be the control plane for Azure. By analyzing the Azure Resource Manager records, Microsoft Defender for Cloud detects unusual or potentially harmful operations in the Azure subscription environment. Several of the preceding analytics are powered by Microsoft Defender for Cloud Apps. To benefit from these analytics, subscription must have a Cloud App Security license. Microsoft Defender for Cloud Apps works only with Standard Tier subscriptions.", - "time": 1760900038, - "time_dt": "2025-10-19T18:53:58.634122", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Microsoft Defender for Endpoint integration is enabled for subscription Azure subscription 1.", - "metadata": { - "event_code": "defender_ensure_wdatp_is_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Microsoft Defender for Endpoint integration is enabled for subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-in/azure/defender-for-cloud/integration-defender-for-endpoint?tabs=windows", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Microsoft Defender for Endpoint works with Standard pricing tier Subscription. Choosing the Standard pricing tier of Microsoft Defender for Cloud incurs an additional cost per resource.", - "compliance": { - "ENS-RD2022": [ - "op.mon.3.r3.az.de.2" - ], - "MITRE-ATTACK": [ - "T1190" - ], - "CIS-2.0": [ - "2.1.22" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CIS-2.1": [ - "2.1.21" - ], - "NIS2": [ - "3.6.2", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900038, - "created_time_dt": "2025-10-19T18:53:58.634122", - "desc": "This integration setting enables Microsoft Defender for Endpoint (formerly 'Advanced Threat Protection' or 'ATP' or 'WDATP' - see additional info) to communicate with Microsoft Defender for Cloud.", - "title": "Ensure that Microsoft Defender for Endpoint integration with Microsoft Defender for Cloud is selected", - "types": [], - "uid": "prowler-azure-defender_ensure_wdatp_is_enabled-3bb71587-4549-4396-8898-9e15f062e665-global-WDATP" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/settings/WDATP", - "resource_type": "Microsoft.Security/settings", - "kind": "DataExportSettings", - "enabled": true - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "WDATP", - "type": "DefenderSettings", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/settings/WDATP" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "", - "references": [ - "https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/azure-server-integration?view=o365-worldwide" - ] - }, - "risk_details": "Microsoft Defender for Endpoint integration brings comprehensive Endpoint Detection and Response (EDR) capabilities within Microsoft Defender for Cloud. This integration helps to spot abnormalities, as well as detect and respond to advanced attacks on endpoints monitored by Microsoft Defender for Cloud. MDE works only with Standard Tier subscriptions.", - "time": 1760900038, - "time_dt": "2025-10-19T18:53:58.634122", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Role assignment 1b4a98ae-5221-4850-a761-4f9176407028 in subscription Azure subscription 1 does not grant User Access Administrator role.", - "metadata": { - "event_code": "iam_role_user_access_admin_restricted", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Role assignment 1b4a98ae-5221-4850-a761-4f9176407028 in subscription Azure subscription 1 does not grant User Access Administrator role.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/privileged#user-access-administrator", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.LB.CN04.AR01", - "CCC.LB.CN05.AR01", - "CCC.LB.CN09.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.MLDE.CN03.AR01", - "CCC.MLDE.CN03.AR02", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ], - "CIS-4.0": [ - "6.3.3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900038, - "created_time_dt": "2025-10-19T18:53:58.634122", - "desc": "Checks for active assignments of the highly privileged 'User Access Administrator' role in Azure subscriptions.", - "title": "Ensure 'User Access Administrator' role is restricted", - "types": [], - "uid": "prowler-azure-iam_role_user_access_admin_restricted-3bb71587-4549-4396-8898-9e15f062e665-global-1b4a98ae-5221-4850-a761-4f9176407028" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Authorization/roleAssignments/1b4a98ae-5221-4850-a761-4f9176407028", - "name": "1b4a98ae-5221-4850-a761-4f9176407028", - "scope": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665", - "agent_id": "88c2c157-980b-416e-b77e-ec04f7f1b984", - "agent_type": "User", - "role_id": "8e3af657-a8ff-443c-a75c-2fe8c4bcb635" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "1b4a98ae-5221-4850-a761-4f9176407028", - "type": "AzureIAMRoleassignment", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Authorization/roleAssignments/1b4a98ae-5221-4850-a761-4f9176407028" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "Remove 'User Access Administrator' role assignments immediately after use to minimize security risks.", - "references": [ - "https://learn.microsoft.com/en-us/azure/role-based-access-control/elevate-access-global-admin?tabs=azure-portal%2Centra-audit-logs" - ] - }, - "risk_details": "Persistent assignment of this role can lead to privilege escalation and unauthorized access, increasing the risk of security breaches.", - "time": 1760900038, - "time_dt": "2025-10-19T18:53:58.634122", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Role assignment 083c1758-89d9-4b12-8005-48e7e359dc4f in subscription Azure subscription 1 does not grant User Access Administrator role.", - "metadata": { - "event_code": "iam_role_user_access_admin_restricted", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Role assignment 083c1758-89d9-4b12-8005-48e7e359dc4f in subscription Azure subscription 1 does not grant User Access Administrator role.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/privileged#user-access-administrator", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.LB.CN04.AR01", - "CCC.LB.CN05.AR01", - "CCC.LB.CN09.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.MLDE.CN03.AR01", - "CCC.MLDE.CN03.AR02", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ], - "CIS-4.0": [ - "6.3.3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900038, - "created_time_dt": "2025-10-19T18:53:58.634122", - "desc": "Checks for active assignments of the highly privileged 'User Access Administrator' role in Azure subscriptions.", - "title": "Ensure 'User Access Administrator' role is restricted", - "types": [], - "uid": "prowler-azure-iam_role_user_access_admin_restricted-3bb71587-4549-4396-8898-9e15f062e665-global-083c1758-89d9-4b12-8005-48e7e359dc4f" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Authorization/roleAssignments/083c1758-89d9-4b12-8005-48e7e359dc4f", - "name": "083c1758-89d9-4b12-8005-48e7e359dc4f", - "scope": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665", - "agent_id": "88c2c157-980b-416e-b77e-ec04f7f1b984", - "agent_type": "User", - "role_id": "8e3af657-a8ff-443c-a75c-2fe8c4bcb635" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "083c1758-89d9-4b12-8005-48e7e359dc4f", - "type": "AzureIAMRoleassignment", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Authorization/roleAssignments/083c1758-89d9-4b12-8005-48e7e359dc4f" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "Remove 'User Access Administrator' role assignments immediately after use to minimize security risks.", - "references": [ - "https://learn.microsoft.com/en-us/azure/role-based-access-control/elevate-access-global-admin?tabs=azure-portal%2Centra-audit-logs" - ] - }, - "risk_details": "Persistent assignment of this role can lead to privilege escalation and unauthorized access, increasing the risk of security breaches.", - "time": 1760900038, - "time_dt": "2025-10-19T18:53:58.634122", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Role assignment 2c61de5e-5cbb-42b9-9f2a-9dd930efe3fb in subscription Azure subscription 1 does not grant User Access Administrator role.", - "metadata": { - "event_code": "iam_role_user_access_admin_restricted", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Role assignment 2c61de5e-5cbb-42b9-9f2a-9dd930efe3fb in subscription Azure subscription 1 does not grant User Access Administrator role.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/privileged#user-access-administrator", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.LB.CN04.AR01", - "CCC.LB.CN05.AR01", - "CCC.LB.CN09.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.MLDE.CN03.AR01", - "CCC.MLDE.CN03.AR02", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ], - "CIS-4.0": [ - "6.3.3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900038, - "created_time_dt": "2025-10-19T18:53:58.634122", - "desc": "Checks for active assignments of the highly privileged 'User Access Administrator' role in Azure subscriptions.", - "title": "Ensure 'User Access Administrator' role is restricted", - "types": [], - "uid": "prowler-azure-iam_role_user_access_admin_restricted-3bb71587-4549-4396-8898-9e15f062e665-global-2c61de5e-5cbb-42b9-9f2a-9dd930efe3fb" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Authorization/roleAssignments/2c61de5e-5cbb-42b9-9f2a-9dd930efe3fb", - "name": "2c61de5e-5cbb-42b9-9f2a-9dd930efe3fb", - "scope": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665", - "agent_id": "88c2c157-980b-416e-b77e-ec04f7f1b984", - "agent_type": "User", - "role_id": "b24988ac-6180-42a0-ab88-20f7382dd24c" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "2c61de5e-5cbb-42b9-9f2a-9dd930efe3fb", - "type": "AzureIAMRoleassignment", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Authorization/roleAssignments/2c61de5e-5cbb-42b9-9f2a-9dd930efe3fb" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "Remove 'User Access Administrator' role assignments immediately after use to minimize security risks.", - "references": [ - "https://learn.microsoft.com/en-us/azure/role-based-access-control/elevate-access-global-admin?tabs=azure-portal%2Centra-audit-logs" - ] - }, - "risk_details": "Persistent assignment of this role can lead to privilege escalation and unauthorized access, increasing the risk of security breaches.", - "time": 1760900038, - "time_dt": "2025-10-19T18:53:58.634122", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Role assignment 154eadeb-e375-4263-b4bd-4a2a2237ecd2 in subscription Azure subscription 1 does not grant User Access Administrator role.", - "metadata": { - "event_code": "iam_role_user_access_admin_restricted", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Role assignment 154eadeb-e375-4263-b4bd-4a2a2237ecd2 in subscription Azure subscription 1 does not grant User Access Administrator role.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/privileged#user-access-administrator", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.LB.CN04.AR01", - "CCC.LB.CN05.AR01", - "CCC.LB.CN09.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.MLDE.CN03.AR01", - "CCC.MLDE.CN03.AR02", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ], - "CIS-4.0": [ - "6.3.3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900038, - "created_time_dt": "2025-10-19T18:53:58.634122", - "desc": "Checks for active assignments of the highly privileged 'User Access Administrator' role in Azure subscriptions.", - "title": "Ensure 'User Access Administrator' role is restricted", - "types": [], - "uid": "prowler-azure-iam_role_user_access_admin_restricted-3bb71587-4549-4396-8898-9e15f062e665-global-154eadeb-e375-4263-b4bd-4a2a2237ecd2" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Authorization/roleAssignments/154eadeb-e375-4263-b4bd-4a2a2237ecd2", - "name": "154eadeb-e375-4263-b4bd-4a2a2237ecd2", - "scope": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665", - "agent_id": "80dfb9bd-1c99-4012-9de7-580a68334b45", - "agent_type": "ServicePrincipal", - "role_id": "8e3af657-a8ff-443c-a75c-2fe8c4bcb635" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "154eadeb-e375-4263-b4bd-4a2a2237ecd2", - "type": "AzureIAMRoleassignment", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Authorization/roleAssignments/154eadeb-e375-4263-b4bd-4a2a2237ecd2" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "Remove 'User Access Administrator' role assignments immediately after use to minimize security risks.", - "references": [ - "https://learn.microsoft.com/en-us/azure/role-based-access-control/elevate-access-global-admin?tabs=azure-portal%2Centra-audit-logs" - ] - }, - "risk_details": "Persistent assignment of this role can lead to privilege escalation and unauthorized access, increasing the risk of security breaches.", - "time": 1760900038, - "time_dt": "2025-10-19T18:53:58.634122", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There is not an alert for creating Policy Assignments in subscription Azure subscription 1.", - "metadata": { - "event_code": "monitor_alert_create_policy_assignment", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "There is not an alert for creating Policy Assignments in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://azure.microsoft.com/en-us/updates/classic-alerting-monitoring-retirement", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "By default, no monitoring alerts are created.", - "compliance": { - "ENS-RD2022": [ - "op.mon.2.r1.az.ma.1" - ], - "MITRE-ATTACK": [ - "T1496" - ], - "CIS-2.0": [ - "5.2.1" - ], - "ProwlerThreatScore-1.0": [ - "3.3.3" - ], - "ISO27001-2022": [ - "A.5.7", - "A.8.16" - ], - "SOC2": [ - "cc_2_1", - "cc_5_2", - "cc_7_3", - "cc_7_4", - "cc_8_1" - ], - "CIS-2.1": [ - "5.2.1" - ], - "CIS-3.0": [ - "6.2.1" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR02", - "CCC.KeyMgmt.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.LB.CN04.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN07.AR02" - ], - "CIS-4.0": [ - "7.1.2.1" - ], - "NIS2": [ - "2.2.3", - "3.2.1", - "3.2.2", - "3.2.3.b", - "3.2.3.f", - "3.2.4", - "3.4.1", - "3.5.4", - "4.3.2.c", - "6.4.1", - "7.2.b", - "11.3.1", - "11.5.2.d" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900038, - "created_time_dt": "2025-10-19T18:53:58.634122", - "desc": "Create an activity log alert for the Create Policy Assignment event.", - "title": "Ensure that Activity Log Alert exists for Create Policy Assignment", - "types": [], - "uid": "prowler-azure-monitor_alert_create_policy_assignment-3bb71587-4549-4396-8898-9e15f062e665-global-Monitor" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "monitor" - }, - "labels": [], - "name": "Monitor", - "type": "Monitor", - "uid": "Monitor" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. Navigate to the Monitor blade. 2. Select Alerts. 3. Select Create. 4. Select Alert rule. 5. Under Filter by subscription, choose a subscription. 6. Under Filter by resource type, select Policy assignment (policyAssignments). 7. Under Filter by location, select All. 8. From the results, select the subscription. 9. Select Done. 10. Select the Condition tab. 11. Under Signal name, click Create policy assignment (Microsoft.Authorization/policyAssignments). 12. Select the Actions tab. 13. To use an existing action group, click elect action groups. To create a new action group, click Create action group. Fill out the appropriate details for the selection. 14. Select the Details tab. 15. Select a Resource group, provide an Alert rule name and an optional Alert rule description. 16. Click Review + create. 17. Click Create.", - "references": [ - "https://docs.microsoft.com/en-in/azure/azure-monitor/platform/alerts-activity-log" - ] - }, - "risk_details": "Monitoring for create policy assignment events gives insight into changes done in 'Azure policy - assignments' and can reduce the time it takes to detect unsolicited changes.", - "time": 1760900038, - "time_dt": "2025-10-19T18:53:58.634122", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There is not an alert for creating/updating Network Security Groups in subscription Azure subscription 1.", - "metadata": { - "event_code": "monitor_alert_create_update_nsg", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "There is not an alert for creating/updating Network Security Groups in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-in/azure/azure-monitor/platform/alerts-activity-log", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "By default, no monitoring alerts are created.", - "compliance": { - "ENS-RD2022": [ - "op.mon.2.r1.az.ma.1" - ], - "CIS-2.0": [ - "5.2.3" - ], - "ProwlerThreatScore-1.0": [ - "3.3.5" - ], - "ISO27001-2022": [ - "A.5.7", - "A.8.16" - ], - "SOC2": [ - "cc_2_1", - "cc_5_2", - "cc_7_3", - "cc_7_4", - "cc_8_1" - ], - "CIS-2.1": [ - "5.2.3" - ], - "CIS-3.0": [ - "6.2.3" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR02", - "CCC.KeyMgmt.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.LB.CN04.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN07.AR02" - ], - "PCI-4.0": [ - "10.2.1.1.8", - "10.4.2.2", - "10.4.3.1", - "10.6.3.8", - "10.7.1.3", - "10.7.2.3", - "11.5.2.2", - "11.6.1.2", - "12.10.5.2", - "A3.3.1.3", - "A3.5.1.3" - ], - "CIS-4.0": [ - "7.1.2.3" - ], - "NIS2": [ - "2.2.3", - "3.2.1", - "3.2.2", - "3.2.3.a", - "3.2.3.f", - "3.2.4", - "3.4.1", - "3.5.4", - "4.3.2.c", - "6.4.1", - "7.2.b", - "11.3.1", - "11.5.2.d" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900038, - "created_time_dt": "2025-10-19T18:53:58.634122", - "desc": "Create an Activity Log Alert for the Create or Update Network Security Group event.", - "title": "Ensure that Activity Log Alert exists for Create or Update Network Security Group", - "types": [], - "uid": "prowler-azure-monitor_alert_create_update_nsg-3bb71587-4549-4396-8898-9e15f062e665-global-Monitor" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "monitor" - }, - "labels": [], - "name": "Monitor", - "type": "Monitor", - "uid": "Monitor" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. Navigate to the Monitor blade. 2. Select Alerts. 3. Select Create. 4. Select Alert rule. 5. Under Filter by subscription, choose a subscription. 6. Under Filter by resource type, select Network security groups. 7. Under Filter by location, select All. 8. From the results, select the subscription. 9. Select Done. 10. Select the Condition tab. 11. Under Signal name, click Create or Update Network Security Group (Microsoft.Network/networkSecurityGroups). 12. Select the Actions tab. 13. To use an existing action group, click Select action groups. To create a new action group, click Create action group. Fill out the appropriate details for the selection. 14. Select the Details tab. 15. Select a Resource group, provide an Alert rule name and an optional Alert rule description. 16. Click Review + create. 17. Click Create.", - "references": [ - "https://azure.microsoft.com/en-us/updates/classic-alerting-monitoring-retirement" - ] - }, - "risk_details": "Monitoring for Create or Update Network Security Group events gives insight into network access changes and may reduce the time it takes to detect suspicious activity.", - "time": 1760900038, - "time_dt": "2025-10-19T18:53:58.634122", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There is not an alert for creating/updating Public IP address rule in subscription Azure subscription 1.", - "metadata": { - "event_code": "monitor_alert_create_update_public_ip_address_rule", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "There is not an alert for creating/updating Public IP address rule in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-in/azure/azure-monitor/platform/alerts-activity-log", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "By default, no monitoring alerts are created.", - "compliance": { - "ENS-RD2022": [ - "op.mon.2.r1.az.ma.1" - ], - "MITRE-ATTACK": [ - "T1496" - ], - "CIS-2.0": [ - "5.2.9" - ], - "ProwlerThreatScore-1.0": [ - "3.3.11" - ], - "ISO27001-2022": [ - "A.5.7", - "A.8.1", - "A.8.16" - ], - "SOC2": [ - "cc_2_1", - "cc_5_2", - "cc_7_3", - "cc_7_4", - "cc_8_1" - ], - "CIS-2.1": [ - "5.2.9" - ], - "CIS-3.0": [ - "6.2.9" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR02", - "CCC.KeyMgmt.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.LB.CN04.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN07.AR02" - ], - "CIS-4.0": [ - "7.1.2.9" - ], - "NIS2": [ - "2.2.3", - "3.2.1", - "3.2.2", - "3.2.3.a", - "3.2.3.f", - "3.2.4", - "3.4.1", - "3.5.4", - "4.3.2.c", - "6.4.1", - "7.2.b", - "11.5.2.d" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900038, - "created_time_dt": "2025-10-19T18:53:58.634122", - "desc": "Create an activity log alert for the Create or Update Public IP Addresses rule.", - "title": "Ensure that Activity Log Alert exists for Create or Update Public IP Address rule", - "types": [], - "uid": "prowler-azure-monitor_alert_create_update_public_ip_address_rule-3bb71587-4549-4396-8898-9e15f062e665-global-Monitor" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "monitor" - }, - "labels": [], - "name": "Monitor", - "type": "Monitor", - "uid": "Monitor" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. Navigate to the Monitor blade. 2. Select Alerts. 3. Select Create. 4. Select Alert rule. 5. Under Filter by subscription, choose a subscription. 6. Under Filter by resource type, select Public IP addresses. 7. Under Filter by location, select All. 8. From the results, select the subscription. 9. Select Done. 10. Select the Condition tab. 11. Under Signal name, click Create or Update Public Ip Address (Microsoft.Network/publicIPAddresses). 12. Select the Actions tab. 13. To use an existing action group, click Select action groups. To create a new action group, click Create action group. Fill out the appropriate details for the selection. 14. Select the Details tab. 15. Select a Resource group, provide an Alert rule name and an optional Alert rule description. 16. Click Review + create. 17. Click Create.", - "references": [ - "https://azure.microsoft.com/en-us/updates/classic-alerting-monitoring-retirement" - ] - }, - "risk_details": "Monitoring for Create or Update Public IP Address events gives insight into network access changes and may reduce the time it takes to detect suspicious activity.", - "time": 1760900038, - "time_dt": "2025-10-19T18:53:58.634122", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There is not an alert for creating/updating Security Solution in subscription Azure subscription 1.", - "metadata": { - "event_code": "monitor_alert_create_update_security_solution", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "There is not an alert for creating/updating Security Solution in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-in/azure/azure-monitor/platform/alerts-activity-log", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "By default, no monitoring alerts are created.", - "compliance": { - "ENS-RD2022": [ - "op.mon.2.r1.az.ma.1", - "op.mon.3.r6.az.ma.1" - ], - "MITRE-ATTACK": [ - "T1496" - ], - "CIS-2.0": [ - "5.2.5" - ], - "ProwlerThreatScore-1.0": [ - "3.3.7" - ], - "ISO27001-2022": [ - "A.5.7", - "A.5.16", - "A.5.22", - "A.8.16" - ], - "SOC2": [ - "cc_2_1", - "cc_5_2", - "cc_7_3", - "cc_7_4", - "cc_8_1" - ], - "CIS-2.1": [ - "5.2.5" - ], - "CIS-3.0": [ - "6.2.5" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR02", - "CCC.KeyMgmt.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.LB.CN04.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN07.AR02" - ], - "CIS-4.0": [ - "7.1.2.5" - ], - "NIS2": [ - "2.2.3", - "3.2.1", - "3.2.2", - "3.2.3.f", - "3.2.4", - "3.4.1", - "3.5.4", - "4.3.2.c", - "6.4.1", - "7.2.b", - "11.5.2.d" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900038, - "created_time_dt": "2025-10-19T18:53:58.634122", - "desc": "Create an activity log alert for the Create or Update Security Solution event.", - "title": "Ensure that Activity Log Alert exists for Create or Update Security Solution", - "types": [], - "uid": "prowler-azure-monitor_alert_create_update_security_solution-3bb71587-4549-4396-8898-9e15f062e665-global-Monitor" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "monitor" - }, - "labels": [], - "name": "Monitor", - "type": "Monitor", - "uid": "Monitor" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. Navigate to the Monitor blade. 2. Select Alerts. 3. Select Create. 4. Select Alert rule. 5. Under Filter by subscription, choose a subscription. 6. Under Filter by resource type, select Security Solutions (securitySolutions). 7. Under Filter by location, select All. 8. From the results, select the subscription. 9. Select Done. 10. Select the Condition tab. 11. Under Signal name, click Create or Update Security Solutions (Microsoft.Security/securitySolutions). 12. Select the Actions tab. 13. To use an existing action group, click Select action groups. To create a new action group, click Create action group. Fill out the appropriate details for the selection. 14. Select the Details tab. 15. Select a Resource group, provide an Alert rule name and an optional Alert rule description. 16. Click Review + create. 17. Click Create.", - "references": [ - "https://azure.microsoft.com/en-us/updates/classic-alerting-monitoring-retirement" - ] - }, - "risk_details": "Monitoring for Create or Update Security Solution events gives insight into changes to the active security solutions and may reduce the time it takes to detect suspicious activity.", - "time": 1760900038, - "time_dt": "2025-10-19T18:53:58.634122", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There is not an alert for creating/updating SQL Server firewall rule in subscription Azure subscription 1.", - "metadata": { - "event_code": "monitor_alert_create_update_sqlserver_fr", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "There is not an alert for creating/updating SQL Server firewall rule in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-in/azure/azure-monitor/platform/alerts-activity-log", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "By default, no monitoring alerts are created.", - "compliance": { - "ENS-RD2022": [ - "op.mon.2.r1.az.ma.1" - ], - "MITRE-ATTACK": [ - "T1496" - ], - "CIS-2.0": [ - "5.2.7" - ], - "ProwlerThreatScore-1.0": [ - "3.3.9" - ], - "ISO27001-2022": [ - "A.5.7", - "A.8.16" - ], - "SOC2": [ - "cc_2_1", - "cc_5_2", - "cc_7_3", - "cc_7_4", - "cc_8_1" - ], - "CIS-2.1": [ - "5.2.7" - ], - "CIS-3.0": [ - "6.2.7" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR02", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN07.AR02" - ], - "PCI-4.0": [ - "10.2.1.1.9", - "10.2.1.1.10", - "10.2.1.1.22", - "10.2.1.2.8", - "10.2.1.2.19", - "10.2.1.3.8", - "10.2.1.3.19", - "10.2.1.4.8", - "10.2.1.4.19", - "10.2.1.5.8", - "10.2.1.5.19", - "10.2.1.6.8", - "10.2.1.6.19", - "10.2.1.7.8", - "10.2.1.7.19", - "10.2.1.8", - "10.2.1.19", - "10.2.2.8", - "10.2.2.19", - "10.3.1.8", - "10.3.1.19", - "10.4.1.1.2", - "10.4.1.2", - "10.4.2.3", - "10.6.3.9", - "10.6.3.10", - "10.6.3.24", - "10.7.1.4", - "10.7.2.4", - "5.3.4.9", - "5.3.4.22", - "A1.2.1.10", - "A1.2.1.23", - "A3.3.1.4", - "A3.5.1.4" - ], - "CIS-4.0": [ - "7.1.2.7" - ], - "NIS2": [ - "2.2.3", - "3.2.1", - "3.2.2", - "3.2.3.a", - "3.2.3.f", - "3.2.4", - "3.4.1", - "3.5.4", - "4.3.2.c", - "6.4.1", - "7.2.b", - "11.3.1", - "11.5.2.d" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900038, - "created_time_dt": "2025-10-19T18:53:58.634122", - "desc": "Create an activity log alert for the Create or Update SQL Server Firewall Rule event.", - "title": "Ensure that Activity Log Alert exists for Create or Update SQL Server Firewall Rule", - "types": [], - "uid": "prowler-azure-monitor_alert_create_update_sqlserver_fr-3bb71587-4549-4396-8898-9e15f062e665-global-Monitor" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "monitor" - }, - "labels": [], - "name": "Monitor", - "type": "Monitor", - "uid": "Monitor" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. Navigate to the Monitor blade. 2. Select Alerts. 3. Select Create. 4. Select Alert rule. 5. Under Filter by subscription, choose a subscription. 6. Under Filter by resource type, select Server Firewall Rule (servers/firewallRules). 7. Under Filter by location, select All. 8. From the results, select the subscription. 9. Select Done. 10. Select the Condition tab. 11. Under Signal name, click Create/Update server firewall rule (Microsoft.Sql/servers/firewallRules). 12. Select the Actions tab. 13. To use an existing action group, click Select action groups. To create a new action group, click Create action group. Fill out the appropriate details for the selection. 14. Select the Details tab. 15. Select a Resource group, provide an Alert rule name and an optional Alert rule description. 16. Click Review + create. 17. Click Create.", - "references": [ - "https://azure.microsoft.com/en-us/updates/classic-alerting-monitoring-retirement" - ] - }, - "risk_details": "Monitoring for Create or Update SQL Server Firewall Rule events gives insight into network access changes and may reduce the time it takes to detect suspicious activity.", - "time": 1760900038, - "time_dt": "2025-10-19T18:53:58.634122", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There is not an alert for deleting Network Security Groups in subscription Azure subscription 1.", - "metadata": { - "event_code": "monitor_alert_delete_nsg", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "There is not an alert for deleting Network Security Groups in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-in/azure/azure-monitor/platform/alerts-activity-log", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "By default, no monitoring alerts are created.", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.2" - ], - "MITRE-ATTACK": [ - "T1485", - "T1496" - ], - "CIS-2.0": [ - "5.2.4" - ], - "ProwlerThreatScore-1.0": [ - "3.3.6" - ], - "ISO27001-2022": [ - "A.5.7", - "A.8.16" - ], - "SOC2": [ - "cc_2_1", - "cc_5_2", - "cc_7_3", - "cc_7_4", - "cc_8_1" - ], - "CIS-2.1": [ - "5.2.4" - ], - "CIS-3.0": [ - "6.2.4" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR02", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN07.AR02" - ], - "CIS-4.0": [ - "7.1.2.4" - ], - "NIS2": [ - "2.2.3", - "3.2.1", - "3.2.2", - "3.2.3.a", - "3.2.3.f", - "3.2.4", - "3.4.1", - "3.5.4", - "4.3.2.c", - "6.4.1", - "7.2.b", - "11.3.1", - "11.5.2.d" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900038, - "created_time_dt": "2025-10-19T18:53:58.634122", - "desc": "Create an activity log alert for the Delete Network Security Group event.", - "title": "Ensure that Activity Log Alert exists for Delete Network Security Group", - "types": [], - "uid": "prowler-azure-monitor_alert_delete_nsg-3bb71587-4549-4396-8898-9e15f062e665-global-Monitor" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "monitor" - }, - "labels": [], - "name": "Monitor", - "type": "Monitor", - "uid": "Monitor" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. Navigate to the Monitor blade. 2. Select Alerts. 3. Select Create. 4. Select Alert rule. 5. Under Filter by subscription, choose a subscription. 6. Under Filter by resource type, select Network security groups. 7. Under Filter by location, select All. 8. From the results, select the subscription. 9. Select Done. 10. Select the Condition tab. 11. Under Signal name, click Delete Network Security Group (Microsoft.Network/networkSecurityGroups). 12. Select the Actions tab. 13. To use an existing action group, click Select action groups. To create a new action group, click Create action group. Fill out the appropriate details for the selection. 14. Select the Details tab. 15. Select a Resource group, provide an Alert rule name and an optional Alert rule description. 16. Click Review + create. 17. Click Create.", - "references": [ - "https://azure.microsoft.com/en-us/updates/classic-alerting-monitoring-retirement" - ] - }, - "risk_details": "Monitoring for 'Delete Network Security Group' events gives insight into network access changes and may reduce the time it takes to detect suspicious activity.", - "time": 1760900038, - "time_dt": "2025-10-19T18:53:58.634122", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There is not an alert for deleting policy assignment in subscription Azure subscription 1.", - "metadata": { - "event_code": "monitor_alert_delete_policy_assignment", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "There is not an alert for deleting policy assignment in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-in/rest/api/monitor/activitylogalerts/createorupdate", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "By default, no monitoring alerts are created.", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.2" - ], - "MITRE-ATTACK": [ - "T1485", - "T1496" - ], - "CIS-2.0": [ - "5.2.2" - ], - "ProwlerThreatScore-1.0": [ - "3.3.4" - ], - "ISO27001-2022": [ - "A.5.7", - "A.8.16" - ], - "SOC2": [ - "cc_2_1", - "cc_5_2", - "cc_7_3", - "cc_7_4", - "cc_8_1" - ], - "CIS-2.1": [ - "5.2.2" - ], - "CIS-3.0": [ - "6.2.2" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR02", - "CCC.Logging.CN07.AR01" - ], - "CIS-4.0": [ - "7.1.2.2" - ], - "NIS2": [ - "2.2.3", - "3.2.1", - "3.2.2", - "3.2.3.b", - "3.2.3.f", - "3.2.4", - "3.4.1", - "3.5.4", - "4.3.2.c", - "6.4.1", - "7.2.b", - "11.3.1", - "11.5.2.d" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900038, - "created_time_dt": "2025-10-19T18:53:58.634122", - "desc": "Create an activity log alert for the Delete Policy Assignment event.", - "title": "Ensure that Activity Log Alert exists for Delete Policy Assignment", - "types": [], - "uid": "prowler-azure-monitor_alert_delete_policy_assignment-3bb71587-4549-4396-8898-9e15f062e665-global-Monitor" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "monitor" - }, - "labels": [], - "name": "Monitor", - "type": "Monitor", - "uid": "Monitor" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. Navigate to the Monitor blade. 2. Select Alerts. 3. Select Create. 4. Select Alert rule. 5. Under Filter by subscription, choose a subscription. 6. Under Filter by resource type, select Policy assignment (policyAssignments). 7. Under Filter by location, select All. 8. From the results, select the subscription. 9. Select Done. 10. Select the Condition tab. 11. Under Signal name, click Delete policy assignment (Microsoft.Authorization/policyAssignments). 12. Select the Actions tab. 13. To use an existing action group, click Select action groups. To create a new action group, click Create action group. Fill out the appropriate details for the selection. 14. Select the Details tab. 15. Select a Resource group, provide an Alert rule name and an optional Alert rule description. 16. Click Review + create. 17. Click Create.", - "references": [ - "https://docs.microsoft.com/en-in/azure/azure-monitor/platform/alerts-activity-log" - ] - }, - "risk_details": "Monitoring for delete policy assignment events gives insight into changes done in 'azure policy - assignments' and can reduce the time it takes to detect unsolicited changes.", - "time": 1760900038, - "time_dt": "2025-10-19T18:53:58.634122", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There is not an alert for deleting public IP address rule in subscription Azure subscription 1.", - "metadata": { - "event_code": "monitor_alert_delete_public_ip_address_rule", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "There is not an alert for deleting public IP address rule in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-in/azure/azure-monitor/platform/alerts-activity-log", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "By default, no monitoring alerts are created.", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.2" - ], - "MITRE-ATTACK": [ - "T1485", - "T1496" - ], - "CIS-2.0": [ - "5.2.10" - ], - "ProwlerThreatScore-1.0": [ - "3.3.12" - ], - "ISO27001-2022": [ - "A.5.7", - "A.8.1", - "A.8.16" - ], - "SOC2": [ - "cc_2_1", - "cc_5_2", - "cc_7_3", - "cc_7_4", - "cc_8_1" - ], - "CIS-2.1": [ - "5.2.10" - ], - "CIS-3.0": [ - "6.2.10" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR02", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN07.AR02" - ], - "CIS-4.0": [ - "7.1.2.10" - ], - "NIS2": [ - "2.2.3", - "3.2.1", - "3.2.2", - "3.2.3.a", - "3.2.3.f", - "3.2.4", - "3.4.1", - "3.5.4", - "4.3.2.c", - "6.4.1", - "7.2.b", - "11.5.2.d" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900038, - "created_time_dt": "2025-10-19T18:53:58.634122", - "desc": "Create an activity log alert for the Delete Public IP Address rule.", - "title": "Ensure that Activity Log Alert exists for Delete Public IP Address rule", - "types": [], - "uid": "prowler-azure-monitor_alert_delete_public_ip_address_rule-3bb71587-4549-4396-8898-9e15f062e665-global-Monitor" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "monitor" - }, - "labels": [], - "name": "Monitor", - "type": "Monitor", - "uid": "Monitor" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. Navigate to the Monitor blade. 2. Select Alerts. 3. Select Create. 4. Select Alert rule. 5. Under Filter by subscription, choose a subscription. 6. Under Filter by resource type, select Public IP addresses. 7. Under Filter by location, select All. 8. From the results, select the subscription. 9. Select Done. 10. Select the Condition tab. 11. Under Signal name, click Delete Public Ip Address (Microsoft.Network/publicIPAddresses). 12. Select the Actions tab. 13. To use an existing action group, click Select action groups. To create a new action group, click Create action group. Fill out the appropriate details for the selection. 14. Select the Details tab. 15. Select a Resource group, provide an Alert rule name and an optional Alert rule description. 16. Click Review + create. 17. Click Create.", - "references": [ - "https://azure.microsoft.com/en-us/updates/classic-alerting-monitoring-retirement" - ] - }, - "risk_details": "Monitoring for Delete Public IP Address events gives insight into network access changes and may reduce the time it takes to detect suspicious activity.", - "time": 1760900038, - "time_dt": "2025-10-19T18:53:58.634122", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There is not an alert for deleting Security Solution in subscription Azure subscription 1.", - "metadata": { - "event_code": "monitor_alert_delete_security_solution", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "There is not an alert for deleting Security Solution in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-in/azure/azure-monitor/platform/alerts-activity-log", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "By default, no monitoring alerts are created.", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.2" - ], - "MITRE-ATTACK": [ - "T1485", - "T1496" - ], - "CIS-2.0": [ - "5.2.6" - ], - "ProwlerThreatScore-1.0": [ - "3.3.8" - ], - "ISO27001-2022": [ - "A.5.7", - "A.5.16", - "A.5.22", - "A.8.16" - ], - "SOC2": [ - "cc_2_1", - "cc_5_2", - "cc_7_3", - "cc_7_4", - "cc_8_1" - ], - "CIS-2.1": [ - "5.2.6" - ], - "CIS-3.0": [ - "6.2.6" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR02", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN07.AR02" - ], - "CIS-4.0": [ - "7.1.2.6" - ], - "NIS2": [ - "2.2.3", - "3.2.1", - "3.2.2", - "3.2.3.f", - "3.2.4", - "3.4.1", - "3.5.4", - "4.3.2.c", - "6.4.1", - "7.2.b", - "11.5.2.d" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900038, - "created_time_dt": "2025-10-19T18:53:58.634122", - "desc": "Create an activity log alert for the Delete Security Solution event.", - "title": "Ensure that Activity Log Alert exists for Delete Security Solution", - "types": [], - "uid": "prowler-azure-monitor_alert_delete_security_solution-3bb71587-4549-4396-8898-9e15f062e665-global-Monitor" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "monitor" - }, - "labels": [], - "name": "Monitor", - "type": "Monitor", - "uid": "Monitor" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. Navigate to the Monitor blade. 2. Select Alerts. 3. Select Create. 4. Select Alert rule. 5. Under Filter by subscription, choose a subscription. 6. Under Filter by resource type, select Security Solutions (securitySolutions). 7. Under Filter by location, select All. 8. From the results, select the subscription. 9. Select Done. 10. Select the Condition tab. 11. Under Signal name, click Delete Security Solutions (Microsoft.Security/securitySolutions). 12. Select the Actions tab. 13. To use an existing action group, click Select action groups. To create a new action group, click Create action group. Fill out the appropriate details for the selection. 14. Select the Details tab. 15. Select a Resource group, provide an Alert rule name and an optional Alert rule description. 16. Click Review + create. 17. Click Create.curitySolutions). 7. Under Filter by location, select All. 8. From the results, select the subscription. 9. Select Done. 10. Select the Condition tab. 11. Under Signal name, click Create or Update Security Solutions (Microsoft.Security/securitySolutions). 12. Select the Actions tab. 13. To use an existing action group, click Select action groups. To create a new action group, click Create action group. Fill out the appropriate details for the selection. 14. Select the Details tab. 15. Select a Resource group, provide an Alert rule name and an optional Alert rule description. 16. Click Review + create. 17. Click Create.", - "references": [ - "https://azure.microsoft.com/en-us/updates/classic-alerting-monitoring-retirement" - ] - }, - "risk_details": "Monitoring for Delete Security Solution events gives insight into changes to the active security solutions and may reduce the time it takes to detect suspicious activity.", - "time": 1760900038, - "time_dt": "2025-10-19T18:53:58.634122", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There is not an alert for deleting SQL Server firewall rule in subscription Azure subscription 1.", - "metadata": { - "event_code": "monitor_alert_delete_sqlserver_fr", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "There is not an alert for deleting SQL Server firewall rule in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-in/azure/azure-monitor/platform/alerts-activity-log", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "By default, no monitoring alerts are created.", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.2" - ], - "MITRE-ATTACK": [ - "T1485", - "T1496" - ], - "CIS-2.0": [ - "5.2.8" - ], - "ProwlerThreatScore-1.0": [ - "3.3.10" - ], - "ISO27001-2022": [ - "A.5.7", - "A.8.16" - ], - "SOC2": [ - "cc_2_1", - "cc_5_2", - "cc_7_3", - "cc_7_4", - "cc_8_1" - ], - "CIS-2.1": [ - "5.2.8" - ], - "CIS-3.0": [ - "6.2.8" - ], - "CCC": [ - "CCC.Logging.CN07.AR01" - ], - "CIS-4.0": [ - "7.1.2.8" - ], - "NIS2": [ - "2.2.3", - "3.2.1", - "3.2.2", - "3.2.3.f", - "3.2.4", - "3.4.1", - "3.5.4", - "4.3.2.c", - "6.4.1", - "7.2.b", - "11.3.1", - "11.5.2.d" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900038, - "created_time_dt": "2025-10-19T18:53:58.634122", - "desc": "Create an activity log alert for the 'Delete SQL Server Firewall Rule.'", - "title": "Ensure that Activity Log Alert exists for Delete SQL Server Firewall Rule", - "types": [], - "uid": "prowler-azure-monitor_alert_delete_sqlserver_fr-3bb71587-4549-4396-8898-9e15f062e665-global-Monitor" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "monitor" - }, - "labels": [], - "name": "Monitor", - "type": "Monitor", - "uid": "Monitor" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. Navigate to the Monitor blade. 2. Select Alerts. 3. Select Create. 4. Select Alert rule. 5. Under Filter by subscription, choose a subscription. 6. Under Filter by resource type, select Server Firewall Rule (servers/firewallRules). 7. Under Filter by location, select All. 8. From the results, select the subscription. 9. Select Done. 10. Select the Condition tab. 11. Under Signal name, click Delete server firewall rule (Microsoft.Sql/servers/firewallRules). 12. Select the Actions tab. 13. To use an existing action group, click Select action groups. To create a new action group, click Create action group. Fill out the appropriate details for the selection. 14. Select the Details tab. 15. Select a Resource group, provide an Alert rule name and an optional Alert rule description. 16. Click Review + create. 17. Click Create.", - "references": [ - "https://azure.microsoft.com/en-us/updates/classic-alerting-monitoring-retirement" - ] - }, - "risk_details": "Monitoring for Delete SQL Server Firewall Rule events gives insight into SQL network access changes and may reduce the time it takes to detect suspicious activity.", - "time": 1760900038, - "time_dt": "2025-10-19T18:53:58.634122", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There is no activity log alert for Service Health in subscription Azure subscription 1.", - "metadata": { - "event_code": "monitor_alert_service_health_exists", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "There is no activity log alert for Service Health in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/service-health/overview", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "By default, in your Azure subscription there will not be any activity log alerts configured for Service Health events.", - "compliance": { - "CCC": [ - "CCC.AuditLog.CN03.AR02", - "CCC.KeyMgmt.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN07.AR02" - ], - "CIS-4.0": [ - "7.1.2.11" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900038, - "created_time_dt": "2025-10-19T18:53:58.634122", - "desc": "Ensure that an Azure activity log alert is configured to trigger when Service Health events occur within your Microsoft Azure cloud account. The alert should activate when new events match the specified conditions in the alert rule configuration.", - "title": "Ensure that an Activity Log Alert exists for Service Health", - "types": [], - "uid": "prowler-azure-monitor_alert_service_health_exists-3bb71587-4549-4396-8898-9e15f062e665-global-Monitor" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "monitor" - }, - "labels": [], - "name": "Monitor", - "type": "Monitor", - "uid": "Monitor" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "Create an activity log alert for Service Health events and configure an action group to notify appropriate personnel.", - "references": [ - "https://learn.microsoft.com/en-us/azure/service-health/alerts-activity-log-service-notifications-portal" - ] - }, - "risk_details": "Lack of monitoring for Service Health events may result in missing critical service issues, planned maintenance, security advisories, or other changes that could impact Azure services and regions in use.", - "time": 1760900038, - "time_dt": "2025-10-19T18:53:58.634122", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There are no diagnostic settings capturing appropiate categories in subscription Azure subscription 1.", - "metadata": { - "event_code": "monitor_diagnostic_setting_with_appropriate_categories", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "There are no diagnostic settings capturing appropiate categories in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/azure-monitor/essentials/diagnostic-settings", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "When the diagnostic setting is created using Azure Portal, by default no categories are selected.", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.az.md.1", - "op.mon.2.az.md.1" - ], - "CIS-2.0": [ - "5.1.2" - ], - "ProwlerThreatScore-1.0": [ - "3.3.2" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.22" - ], - "SOC2": [ - "cc_8_1" - ], - "CIS-2.1": [ - "5.1.2" - ], - "CIS-3.0": [ - "6.1.2" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR02", - "CCC.AuditLog.CN04.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.LB.CN01.AR02", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.ObjStor.CN06.AR01", - "CCC.Core.CN09.AR02", - "CCC.Core.CN09.AR03", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR02", - "CCC.Core.CN04.AR03", - "CCC.Core.CN07.AR02" - ], - "PCI-4.0": [ - "10.2.1.1.7", - "10.2.1.1.15", - "10.2.1.2.7", - "10.2.1.3.7", - "10.2.1.4.7", - "10.2.1.5.7", - "10.2.1.6.7", - "10.2.1.7.7", - "10.2.1.7", - "10.2.2.7", - "10.3.1.7", - "10.3.2.2", - "10.3.3.4", - "10.3.4.3", - "10.4.1.1.3", - "10.4.1.1.4", - "10.4.1.3", - "10.4.2.4", - "10.5.1.3", - "10.6.3.7", - "10.6.3.15", - "10.7.1.5", - "10.7.2.5", - "11.5.2.4", - "11.6.1.4", - "12.10.5.4", - "5.3.4.7", - "5.3.4.8", - "A1.2.1.7", - "A1.2.1.8", - "A3.3.1.6", - "A3.3.1.7", - "A3.5.1.6", - "A3.5.1.7" - ], - "CIS-4.0": [ - "7.1.1.2" - ], - "NIS2": [ - "2.2.3", - "3.2.1", - "3.2.2", - "3.2.3.c", - "3.2.3.f", - "3.4.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900038, - "created_time_dt": "2025-10-19T18:53:58.634122", - "desc": "Prerequisite: A Diagnostic Setting must exist. If a Diagnostic Setting does not exist, the navigation and options within this recommendation will not be available. Please review the recommendation at the beginning of this subsection titled: 'Ensure that a 'Diagnostic Setting' exists.' The diagnostic setting should be configured to log the appropriate activities from the control/management plane.", - "title": "Ensure Diagnostic Setting captures appropriate categories", - "types": [], - "uid": "prowler-azure-monitor_diagnostic_setting_with_appropriate_categories-3bb71587-4549-4396-8898-9e15f062e665-global-Monitor" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "monitor" - }, - "labels": [], - "name": "Monitor", - "type": "Monitor", - "uid": "Monitor" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. Go to Azure Monitor 2. Click Activity log 3. Click on Export Activity Logs 4. Select the Subscription from the drop down menu 5. Click on Add diagnostic setting 6. Enter a name for your new Diagnostic Setting 7. Check the following categories: Administrative, Alert, Policy, and Security 8. Choose the destination details according to your organization's needs.", - "references": [ - "https://learn.microsoft.com/en-us/azure/storage/common/manage-storage-analytics-logs?toc=%2Fazure%2Fstorage%2Fblobs%2Ftoc.json&bc=%2Fazure%2Fstorage%2Fblobs%2Fbreadcrumb%2Ftoc.json&tabs=azure-portal" - ] - }, - "risk_details": "A diagnostic setting controls how the diagnostic log is exported. Capturing the diagnostic setting categories for appropriate control/management plane activities allows proper alerting.", - "time": 1760900038, - "time_dt": "2025-10-19T18:53:58.634122", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No diagnostic settings found in subscription Azure subscription 1.", - "metadata": { - "event_code": "monitor_diagnostic_settings_exists", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "No diagnostic settings found in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/cli/azure/monitor/diagnostic-settings?view=azure-cli-latest", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "By default, diagnostic setting is not set.", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.r5.az.ds.1", - "op.mon.2.r2.az.ma.1" - ], - "CIS-2.0": [ - "5.1.1" - ], - "ProwlerThreatScore-1.0": [ - "3.2.3" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.22" - ], - "SOC2": [ - "cc_8_1" - ], - "CIS-2.1": [ - "5.1.1" - ], - "CIS-3.0": [ - "6.1.1" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN03.AR02", - "CCC.AuditLog.CN04.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.AuditLog.CN06.AR01", - "CCC.AuditLog.CN08.AR01", - "CCC.AuditLog.CN09.AR01", - "CCC.KeyMgmt.CN01.AR01", - "CCC.LB.CN01.AR02", - "CCC.LB.CN06.AR01", - "CCC.LB.CN04.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.AuditLog.CN04.AR01", - "CCC.Logging.CN05.AR01", - "CCC.Logging.CN05.AR02", - "CCC.Logging.CN07.AR01", - "CCC.ObjStor.CN06.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN09.AR01", - "CCC.Core.CN09.AR02", - "CCC.Core.CN09.AR03", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR02", - "CCC.Core.CN04.AR03", - "CCC.Core.CN07.AR02" - ], - "CIS-4.0": [ - "7.1.1.1" - ], - "NIS2": [ - "2.2.3", - "3.2.1", - "3.2.2", - "3.2.3.b", - "3.2.3.c", - "3.2.3.f", - "3.2.3.h", - "3.4.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900038, - "created_time_dt": "2025-10-19T18:53:58.634122", - "desc": "Enable Diagnostic settings for exporting activity logs. Diagnostic settings are available for each individual resource within a subscription. Settings should be configured for all appropriate resources for your environment.", - "title": "Ensure that a 'Diagnostic Setting' exists for Subscription Activity Logs ", - "types": [], - "uid": "prowler-azure-monitor_diagnostic_settings_exists-3bb71587-4549-4396-8898-9e15f062e665-global-Diagnostic Settings" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "monitor" - }, - "labels": [], - "name": "Diagnostic Settings", - "type": "Monitor", - "uid": "diagnostic_settings" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "To enable Diagnostic Settings on a Subscription: 1. Go to Monitor 2. Click on Activity Log 3. Click on Export Activity Logs 4. Click + Add diagnostic setting 5. Enter a Diagnostic setting name 6. Select Categories for the diagnostic settings 7. Select the appropriate Destination details (this may be Log Analytics, Storage Account, Event Hub, or Partner solution) 8. Click Save To enable Diagnostic Settings on a specific resource: 1. Go to Monitor 2. Click Diagnostic settings 3. Click on the resource that has a diagnostics status of disabled 4. Select Add Diagnostic Setting 5. Enter a Diagnostic setting name 6. Select the appropriate log, metric, and destination. (this may be Log Analytics, Storage Account, Event Hub, or Partner solution) 7. Click save Repeat these step for all resources as needed.", - "references": [ - "https://docs.microsoft.com/en-us/azure/monitoring-and-diagnostics/monitoring-overview-activity-logs#export-the-activity-log-with-a-log-profile" - ] - }, - "risk_details": "A diagnostic setting controls how a diagnostic log is exported. By default, logs are retained only for 90 days. Diagnostic settings should be defined so that logs can be exported and stored for a longer duration in order to analyze security activities within an Azure subscription.", - "time": 1760900038, - "time_dt": "2025-10-19T18:53:58.634122", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Bastion Host from subscription Azure subscription 1 does not exist", - "metadata": { - "event_code": "network_bastion_host_exists", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Bastion Host from subscription Azure subscription 1 does not exist", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/bastion/bastion-overview#sku", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "The Azure Bastion service incurs additional costs and requires a specific virtual network configuration. The Standard tier offers additional configuration options compared to the Basic tier and may incur additional costs for those added features.", - "compliance": { - "ENS-RD2022": [ - "mp.com.4.r4.az.nt.1" - ], - "CIS-2.0": [ - "7.1" - ], - "ProwlerThreatScore-1.0": [ - "2.1.5" - ], - "ISO27001-2022": [ - "A.8.14", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "CIS-2.1": [ - "7.1" - ], - "CIS-3.0": [ - "8.1" - ], - "CIS-4.0": [ - "9.4.1" - ], - "NIS2": [ - "2.3.1", - "6.7.2.b", - "6.7.2.l", - "11.1.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900038, - "created_time_dt": "2025-10-19T18:53:58.634122", - "desc": "The Azure Bastion service allows secure remote access to Azure Virtual Machines over the Internet without exposing remote access protocol ports and services directly to the Internet. The Azure Bastion service provides this access using TLS over 443/TCP, and subscribes to hardened configurations within an organization's Azure Active Directory service.", - "title": "Ensure an Azure Bastion Host Exists", - "types": [], - "uid": "prowler-azure-network_bastion_host_exists-3bb71587-4549-4396-8898-9e15f062e665-global-Bastion Host" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "network" - }, - "labels": [], - "name": "Bastion Host", - "type": "Network", - "uid": "Bastion Host" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "From Azure Portal* 1. Click on Bastions 2. Select the Subscription 3. Select the Resource group 4. Type a Name for the new Bastion host 5. Select a Region 6. Choose Standard next to Tier 7. Use the slider to set the Instance count 8. Select the Virtual network or Create new 9. Select the Subnet named AzureBastionSubnet. Create a Subnet named AzureBastionSubnet using a /26 CIDR range if it doesn't already exist. 10. Selct the appropriate Public IP address option. 11. If Create new is selected for the Public IP address option, provide a Public IP address name. 12. If Use existing is selected for Public IP address option, select an IP address from Choose public IP address 13. Click Next: Tags > 14. Configure the appropriate Tags 15. Click Next: Advanced > 16. Select the appropriate Advanced options 17. Click Next: Review + create > 18. Click Create From Azure CLI az network bastion create --location --name --public-ip-address --resource-group --vnet-name --scale-units --sku Standard [--disable-copy- paste true|false] [--enable-ip-connect true|false] [--enable-tunneling true|false] From PowerShell Create the appropriate Virtual network settings and Public IP Address settings. $subnetName = 'AzureBastionSubnet' $subnet = New-AzVirtualNetworkSubnetConfig -Name $subnetName -AddressPrefix $virtualNet = New-AzVirtualNetwork -Name - ResourceGroupName -Location -AddressPrefix -Subnet $subnet $publicip = New-AzPublicIpAddress -ResourceGroupName - Name -Location -AllocationMethod Dynamic -Sku Standard", - "references": [ - "https://learn.microsoft.com/en-us/powershell/module/az.network/get-azbastion?view=azps-9.2.0" - ] - }, - "risk_details": "The Azure Bastion service allows organizations a more secure means of accessing Azure Virtual Machines over the Internet without assigning public IP addresses to those Virtual Machines. The Azure Bastion service provides Remote Desktop Protocol (RDP) and Secure Shell (SSH) access to Virtual Machines using TLS within a web browser, thus preventing organizations from opening up 3389/TCP and 22/TCP to the Internet on Azure Virtual Machines. Additional benefits of the Bastion service includes Multi-Factor Authentication, Conditional Access Policies, and any other hardening measures configured within Azure Active Directory using a central point of access.", - "time": 1760900038, - "time_dt": "2025-10-19T18:53:58.634122", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Network Watcher NetworkWatcher_southcentralus from subscription Azure subscription 1 has no flow logs", - "metadata": { - "event_code": "network_flow_log_captured_sent", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Network Watcher NetworkWatcher_southcentralus from subscription Azure subscription 1 has no flow logs", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/security/benchmark/azure/mcsb-logging-threat-detection#lt-4-enable-network-logging-for-security-investigation", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "The impact of configuring NSG Flow logs is primarily one of cost and configuration. If deployed, it will create storage accounts that hold minimal amounts of data on a 5-day lifecycle before feeding to Log Analytics Workspace. This will increase the amount of data stored and used by Azure Monitor.", - "compliance": { - "ENS-RD2022": [ - "op.mon.1.r1.az.nf.1", - "op.mon.3.az.nw.1", - "mp.s.4.r1.az.nt.1" - ], - "MITRE-ATTACK": [ - "T1048", - "T1499" - ], - "CIS-2.0": [ - "5.1.6" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "ISO27001-2022": [ - "A.8.14", - "A.8.15", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "5.1.5" - ], - "CIS-3.0": [ - "6.1.5" - ], - "CCC": [ - "CCC.LB.CN01.AR02", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR01", - "CCC.Core.CN09.AR03", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR02", - "CCC.Core.CN04.AR03" - ], - "CIS-4.0": [ - "7.1.1.5" - ], - "NIS2": [ - "2.1.2.h", - "2.3.1", - "3.2.3.a", - "3.2.3.d", - "3.2.3.g", - "6.7.2.b", - "6.7.2.l", - "11.1.1", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900038, - "created_time_dt": "2025-10-19T18:53:58.634122", - "desc": "Ensure that network flow logs are captured and fed into a central log analytics workspace.", - "title": "Ensure that network flow logs are captured and fed into a central log analytics workspace.", - "types": [], - "uid": "prowler-azure-network_flow_log_captured_sent-3bb71587-4549-4396-8898-9e15f062e665-southcentralus-NetworkWatcher_southcentralus" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "southcentralus", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_southcentralus", - "name": "NetworkWatcher_southcentralus", - "location": "southcentralus", - "flow_logs": [] - } - }, - "group": { - "name": "network" - }, - "labels": [], - "name": "NetworkWatcher_southcentralus", - "type": "Network", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_southcentralus" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "southcentralus" - }, - "remediation": { - "desc": "1. Navigate to Network Watcher. 2. Select NSG flow logs. 3. Select + Create. 4. Select the desired Subscription. 5. Select + Select NSG. 6. Select a network security group. 7. Click Confirm selection. 8. Select or create a new Storage Account. 9. Input the retention in days to retain the log. 10. Click Next. 11. Under Configuration, select Version 2. 12. If rich analytics are required, select Enable Traffic Analytics, a processing interval, and a Log Analytics Workspace. 13. Select Next. 14. Optionally add Tags. 15. Select Review + create. 16. Select Create. Warning The remediation policy creates remediation deployment and names them by concatenating the subscription name and the resource group name. The MAXIMUM permitted length of a deployment name is 64 characters. Exceeding this will cause the remediation task to fail.", - "references": [ - "https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-nsg-flow-logging-portal" - ] - }, - "risk_details": "Network Flow Logs provide valuable insight into the flow of traffic around your network and feed into both Azure Monitor and Azure Sentinel (if in use), permitting the generation of visual flow diagrams to aid with analyzing for lateral movement, etc.", - "time": 1760900038, - "time_dt": "2025-10-19T18:53:58.634122", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Network Watcher NetworkWatcher_centralindia from subscription Azure subscription 1 has no flow logs", - "metadata": { - "event_code": "network_flow_log_captured_sent", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Network Watcher NetworkWatcher_centralindia from subscription Azure subscription 1 has no flow logs", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/security/benchmark/azure/mcsb-logging-threat-detection#lt-4-enable-network-logging-for-security-investigation", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "The impact of configuring NSG Flow logs is primarily one of cost and configuration. If deployed, it will create storage accounts that hold minimal amounts of data on a 5-day lifecycle before feeding to Log Analytics Workspace. This will increase the amount of data stored and used by Azure Monitor.", - "compliance": { - "ENS-RD2022": [ - "op.mon.1.r1.az.nf.1", - "op.mon.3.az.nw.1", - "mp.s.4.r1.az.nt.1" - ], - "MITRE-ATTACK": [ - "T1048", - "T1499" - ], - "CIS-2.0": [ - "5.1.6" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "ISO27001-2022": [ - "A.8.14", - "A.8.15", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "5.1.5" - ], - "CIS-3.0": [ - "6.1.5" - ], - "CCC": [ - "CCC.LB.CN01.AR02", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR01", - "CCC.Core.CN09.AR03", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR02", - "CCC.Core.CN04.AR03" - ], - "CIS-4.0": [ - "7.1.1.5" - ], - "NIS2": [ - "2.1.2.h", - "2.3.1", - "3.2.3.a", - "3.2.3.d", - "3.2.3.g", - "6.7.2.b", - "6.7.2.l", - "11.1.1", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900038, - "created_time_dt": "2025-10-19T18:53:58.634122", - "desc": "Ensure that network flow logs are captured and fed into a central log analytics workspace.", - "title": "Ensure that network flow logs are captured and fed into a central log analytics workspace.", - "types": [], - "uid": "prowler-azure-network_flow_log_captured_sent-3bb71587-4549-4396-8898-9e15f062e665-centralindia-NetworkWatcher_centralindia" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "centralindia", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_centralindia", - "name": "NetworkWatcher_centralindia", - "location": "centralindia", - "flow_logs": [] - } - }, - "group": { - "name": "network" - }, - "labels": [], - "name": "NetworkWatcher_centralindia", - "type": "Network", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_centralindia" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "centralindia" - }, - "remediation": { - "desc": "1. Navigate to Network Watcher. 2. Select NSG flow logs. 3. Select + Create. 4. Select the desired Subscription. 5. Select + Select NSG. 6. Select a network security group. 7. Click Confirm selection. 8. Select or create a new Storage Account. 9. Input the retention in days to retain the log. 10. Click Next. 11. Under Configuration, select Version 2. 12. If rich analytics are required, select Enable Traffic Analytics, a processing interval, and a Log Analytics Workspace. 13. Select Next. 14. Optionally add Tags. 15. Select Review + create. 16. Select Create. Warning The remediation policy creates remediation deployment and names them by concatenating the subscription name and the resource group name. The MAXIMUM permitted length of a deployment name is 64 characters. Exceeding this will cause the remediation task to fail.", - "references": [ - "https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-nsg-flow-logging-portal" - ] - }, - "risk_details": "Network Flow Logs provide valuable insight into the flow of traffic around your network and feed into both Azure Monitor and Azure Sentinel (if in use), permitting the generation of visual flow diagrams to aid with analyzing for lateral movement, etc.", - "time": 1760900038, - "time_dt": "2025-10-19T18:53:58.634122", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Network Watcher NetworkWatcher_westus2 from subscription Azure subscription 1 has no flow logs", - "metadata": { - "event_code": "network_flow_log_captured_sent", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Network Watcher NetworkWatcher_westus2 from subscription Azure subscription 1 has no flow logs", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/security/benchmark/azure/mcsb-logging-threat-detection#lt-4-enable-network-logging-for-security-investigation", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "The impact of configuring NSG Flow logs is primarily one of cost and configuration. If deployed, it will create storage accounts that hold minimal amounts of data on a 5-day lifecycle before feeding to Log Analytics Workspace. This will increase the amount of data stored and used by Azure Monitor.", - "compliance": { - "ENS-RD2022": [ - "op.mon.1.r1.az.nf.1", - "op.mon.3.az.nw.1", - "mp.s.4.r1.az.nt.1" - ], - "MITRE-ATTACK": [ - "T1048", - "T1499" - ], - "CIS-2.0": [ - "5.1.6" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "ISO27001-2022": [ - "A.8.14", - "A.8.15", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "5.1.5" - ], - "CIS-3.0": [ - "6.1.5" - ], - "CCC": [ - "CCC.LB.CN01.AR02", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR01", - "CCC.Core.CN09.AR03", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR02", - "CCC.Core.CN04.AR03" - ], - "CIS-4.0": [ - "7.1.1.5" - ], - "NIS2": [ - "2.1.2.h", - "2.3.1", - "3.2.3.a", - "3.2.3.d", - "3.2.3.g", - "6.7.2.b", - "6.7.2.l", - "11.1.1", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900038, - "created_time_dt": "2025-10-19T18:53:58.634122", - "desc": "Ensure that network flow logs are captured and fed into a central log analytics workspace.", - "title": "Ensure that network flow logs are captured and fed into a central log analytics workspace.", - "types": [], - "uid": "prowler-azure-network_flow_log_captured_sent-3bb71587-4549-4396-8898-9e15f062e665-westus2-NetworkWatcher_westus2" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "westus2", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_westus2", - "name": "NetworkWatcher_westus2", - "location": "westus2", - "flow_logs": [] - } - }, - "group": { - "name": "network" - }, - "labels": [], - "name": "NetworkWatcher_westus2", - "type": "Network", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_westus2" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "westus2" - }, - "remediation": { - "desc": "1. Navigate to Network Watcher. 2. Select NSG flow logs. 3. Select + Create. 4. Select the desired Subscription. 5. Select + Select NSG. 6. Select a network security group. 7. Click Confirm selection. 8. Select or create a new Storage Account. 9. Input the retention in days to retain the log. 10. Click Next. 11. Under Configuration, select Version 2. 12. If rich analytics are required, select Enable Traffic Analytics, a processing interval, and a Log Analytics Workspace. 13. Select Next. 14. Optionally add Tags. 15. Select Review + create. 16. Select Create. Warning The remediation policy creates remediation deployment and names them by concatenating the subscription name and the resource group name. The MAXIMUM permitted length of a deployment name is 64 characters. Exceeding this will cause the remediation task to fail.", - "references": [ - "https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-nsg-flow-logging-portal" - ] - }, - "risk_details": "Network Flow Logs provide valuable insight into the flow of traffic around your network and feed into both Azure Monitor and Azure Sentinel (if in use), permitting the generation of visual flow diagrams to aid with analyzing for lateral movement, etc.", - "time": 1760900038, - "time_dt": "2025-10-19T18:53:58.634122", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Network Watcher NetworkWatcher_southcentralus from subscription Azure subscription 1 has no flow logs", - "metadata": { - "event_code": "network_flow_log_more_than_90_days", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Network Watcher NetworkWatcher_southcentralus from subscription Azure subscription 1 has no flow logs", - "status_id": 1, - "unmapped": { - "related_url": " https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-nsg-flow-logging-overview", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "This will keep IP traffic logs for longer than 90 days. As a level 2, first determine your need to retain data, then apply your selection here. As this is data stored for longer, your monthly storage costs will increase depending on your data use.", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.r3.az.nt.1", - "op.mon.3.az.nw.1" - ], - "MITRE-ATTACK": [ - "T1499" - ], - "CIS-2.0": [ - "6.5" - ], - "ProwlerThreatScore-1.0": [ - "3.2.1" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1", - "cc_c_1_2" - ], - "CIS-2.1": [ - "6.5" - ], - "CIS-3.0": [ - "7.5" - ], - "CCC": [ - "CCC.Logging.CN02.AR01", - "CCC.Logging.CN02.AR02", - "CCC.VPC.CN04.AR01" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.29", - "10.2.1.3.29", - "10.2.1.4.29", - "10.2.1.5.29", - "10.2.1.6.29", - "10.2.1.7.29", - "10.2.1.29", - "10.2.2.29", - "10.3.1.29", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.34" - ], - "CIS-4.0": [ - "8.8", - "8.5" - ], - "NIS2": [ - "1.1.1.c", - "2.1.2.h", - "2.3.1", - "3.2.3.a", - "3.2.3.g", - "3.2.5", - "4.1.2.g", - "4.1.4", - "4.2.2.f", - "6.1.2.b", - "6.7.2.b", - "6.7.2.l", - "11.1.1", - "11.2.2.f", - "12.2.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900038, - "created_time_dt": "2025-10-19T18:53:58.634122", - "desc": "Network Security Group Flow Logs should be enabled and the retention period set to greater than or equal to 90 days.", - "title": "Ensure that Network Security Group Flow Log retention period is 0, 90 days or greater", - "types": [], - "uid": "prowler-azure-network_flow_log_more_than_90_days-3bb71587-4549-4396-8898-9e15f062e665-southcentralus-NetworkWatcher_southcentralus" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "southcentralus", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_southcentralus", - "name": "NetworkWatcher_southcentralus", - "location": "southcentralus", - "flow_logs": [] - } - }, - "group": { - "name": "network" - }, - "labels": [], - "name": "NetworkWatcher_southcentralus", - "type": "Network", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_southcentralus" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "southcentralus" - }, - "remediation": { - "desc": "From Azure Portal 1. Go to Network Watcher 2. Select NSG flow logs blade in the Logs section 3. Select each Network Security Group from the list 4. Ensure Status is set to On 5. Ensure Retention (days) setting greater than 90 days 6. Select your storage account in the Storage account field 7. Select Save From Azure CLI Enable the NSG flow logs and set the Retention (days) to greater than or equal to 90 days. az network watcher flow-log configure --nsg --enabled true --resource-group --retention 91 --storage-account ", - "references": [ - "https://docs.microsoft.com/en-us/cli/azure/network/watcher/flow-log?view=azure-cli-latest" - ] - }, - "risk_details": "Flow logs enable capturing information about IP traffic flowing in and out of network security groups. Logs can be used to check for anomalies and give insight into suspected breaches.", - "time": 1760900038, - "time_dt": "2025-10-19T18:53:58.634122", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Network Watcher NetworkWatcher_centralindia from subscription Azure subscription 1 has no flow logs", - "metadata": { - "event_code": "network_flow_log_more_than_90_days", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Network Watcher NetworkWatcher_centralindia from subscription Azure subscription 1 has no flow logs", - "status_id": 1, - "unmapped": { - "related_url": " https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-nsg-flow-logging-overview", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "This will keep IP traffic logs for longer than 90 days. As a level 2, first determine your need to retain data, then apply your selection here. As this is data stored for longer, your monthly storage costs will increase depending on your data use.", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.r3.az.nt.1", - "op.mon.3.az.nw.1" - ], - "MITRE-ATTACK": [ - "T1499" - ], - "CIS-2.0": [ - "6.5" - ], - "ProwlerThreatScore-1.0": [ - "3.2.1" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1", - "cc_c_1_2" - ], - "CIS-2.1": [ - "6.5" - ], - "CIS-3.0": [ - "7.5" - ], - "CCC": [ - "CCC.Logging.CN02.AR01", - "CCC.Logging.CN02.AR02", - "CCC.VPC.CN04.AR01" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.29", - "10.2.1.3.29", - "10.2.1.4.29", - "10.2.1.5.29", - "10.2.1.6.29", - "10.2.1.7.29", - "10.2.1.29", - "10.2.2.29", - "10.3.1.29", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.34" - ], - "CIS-4.0": [ - "8.8", - "8.5" - ], - "NIS2": [ - "1.1.1.c", - "2.1.2.h", - "2.3.1", - "3.2.3.a", - "3.2.3.g", - "3.2.5", - "4.1.2.g", - "4.1.4", - "4.2.2.f", - "6.1.2.b", - "6.7.2.b", - "6.7.2.l", - "11.1.1", - "11.2.2.f", - "12.2.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900038, - "created_time_dt": "2025-10-19T18:53:58.634122", - "desc": "Network Security Group Flow Logs should be enabled and the retention period set to greater than or equal to 90 days.", - "title": "Ensure that Network Security Group Flow Log retention period is 0, 90 days or greater", - "types": [], - "uid": "prowler-azure-network_flow_log_more_than_90_days-3bb71587-4549-4396-8898-9e15f062e665-centralindia-NetworkWatcher_centralindia" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "centralindia", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_centralindia", - "name": "NetworkWatcher_centralindia", - "location": "centralindia", - "flow_logs": [] - } - }, - "group": { - "name": "network" - }, - "labels": [], - "name": "NetworkWatcher_centralindia", - "type": "Network", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_centralindia" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "centralindia" - }, - "remediation": { - "desc": "From Azure Portal 1. Go to Network Watcher 2. Select NSG flow logs blade in the Logs section 3. Select each Network Security Group from the list 4. Ensure Status is set to On 5. Ensure Retention (days) setting greater than 90 days 6. Select your storage account in the Storage account field 7. Select Save From Azure CLI Enable the NSG flow logs and set the Retention (days) to greater than or equal to 90 days. az network watcher flow-log configure --nsg --enabled true --resource-group --retention 91 --storage-account ", - "references": [ - "https://docs.microsoft.com/en-us/cli/azure/network/watcher/flow-log?view=azure-cli-latest" - ] - }, - "risk_details": "Flow logs enable capturing information about IP traffic flowing in and out of network security groups. Logs can be used to check for anomalies and give insight into suspected breaches.", - "time": 1760900038, - "time_dt": "2025-10-19T18:53:58.634122", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Network Watcher NetworkWatcher_westus2 from subscription Azure subscription 1 has no flow logs", - "metadata": { - "event_code": "network_flow_log_more_than_90_days", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Network Watcher NetworkWatcher_westus2 from subscription Azure subscription 1 has no flow logs", - "status_id": 1, - "unmapped": { - "related_url": " https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-nsg-flow-logging-overview", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "This will keep IP traffic logs for longer than 90 days. As a level 2, first determine your need to retain data, then apply your selection here. As this is data stored for longer, your monthly storage costs will increase depending on your data use.", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.r3.az.nt.1", - "op.mon.3.az.nw.1" - ], - "MITRE-ATTACK": [ - "T1499" - ], - "CIS-2.0": [ - "6.5" - ], - "ProwlerThreatScore-1.0": [ - "3.2.1" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1", - "cc_c_1_2" - ], - "CIS-2.1": [ - "6.5" - ], - "CIS-3.0": [ - "7.5" - ], - "CCC": [ - "CCC.Logging.CN02.AR01", - "CCC.Logging.CN02.AR02", - "CCC.VPC.CN04.AR01" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.29", - "10.2.1.3.29", - "10.2.1.4.29", - "10.2.1.5.29", - "10.2.1.6.29", - "10.2.1.7.29", - "10.2.1.29", - "10.2.2.29", - "10.3.1.29", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.34" - ], - "CIS-4.0": [ - "8.8", - "8.5" - ], - "NIS2": [ - "1.1.1.c", - "2.1.2.h", - "2.3.1", - "3.2.3.a", - "3.2.3.g", - "3.2.5", - "4.1.2.g", - "4.1.4", - "4.2.2.f", - "6.1.2.b", - "6.7.2.b", - "6.7.2.l", - "11.1.1", - "11.2.2.f", - "12.2.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900038, - "created_time_dt": "2025-10-19T18:53:58.634122", - "desc": "Network Security Group Flow Logs should be enabled and the retention period set to greater than or equal to 90 days.", - "title": "Ensure that Network Security Group Flow Log retention period is 0, 90 days or greater", - "types": [], - "uid": "prowler-azure-network_flow_log_more_than_90_days-3bb71587-4549-4396-8898-9e15f062e665-westus2-NetworkWatcher_westus2" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "westus2", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_westus2", - "name": "NetworkWatcher_westus2", - "location": "westus2", - "flow_logs": [] - } - }, - "group": { - "name": "network" - }, - "labels": [], - "name": "NetworkWatcher_westus2", - "type": "Network", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_westus2" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "westus2" - }, - "remediation": { - "desc": "From Azure Portal 1. Go to Network Watcher 2. Select NSG flow logs blade in the Logs section 3. Select each Network Security Group from the list 4. Ensure Status is set to On 5. Ensure Retention (days) setting greater than 90 days 6. Select your storage account in the Storage account field 7. Select Save From Azure CLI Enable the NSG flow logs and set the Retention (days) to greater than or equal to 90 days. az network watcher flow-log configure --nsg --enabled true --resource-group --retention 91 --storage-account ", - "references": [ - "https://docs.microsoft.com/en-us/cli/azure/network/watcher/flow-log?view=azure-cli-latest" - ] - }, - "risk_details": "Flow logs enable capturing information about IP traffic flowing in and out of network security groups. Logs can be used to check for anomalies and give insight into suspected breaches.", - "time": 1760900038, - "time_dt": "2025-10-19T18:53:58.634122", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Security Group nsg-lee8 from subscription Azure subscription 1 has HTTP internet access restricted.", - "metadata": { - "event_code": "network_http_internet_access_restricted", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Security Group nsg-lee8 from subscription Azure subscription 1 has HTTP internet access restricted.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/security/benchmark/azure/security-controls-v3-network-security#ns-1-establish-network-segmentation-boundaries", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.com.3.r2.az.tls.1", - "mp.com.4.r3.az.1", - "mp.com.4.r4.az.nt.1", - "mp.s.4.az.nt.1" - ], - "MITRE-ATTACK": [ - "T1199", - "T1048", - "T1499", - "T1498", - "T1046" - ], - "CIS-2.0": [ - "6.4" - ], - "ProwlerThreatScore-1.0": [ - "2.1.4" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "SOC2": [ - "cc_6_6" - ], - "CIS-2.1": [ - "6.4" - ], - "CIS-3.0": [ - "7.4" - ], - "CCC": [ - "CCC.Build.CN03.AR01", - "CCC.MLDE.CN07.AR01", - "CCC.MLDE.CN07.AR02", - "CCC.MLDE.CN08.AR01", - "CCC.MLDE.CN08.AR02", - "CCC.Core.CN06.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05" - ], - "PCI-4.0": [ - "1.2.5.5", - "1.2.8.25", - "1.3.1.28", - "1.3.2.28", - "1.4.1.6", - "1.4.2.26", - "1.4.4.6", - "1.5.1.25", - "2.2.5.5", - "2.2.7.3", - "4.2.1.1.7", - "4.2.1.3", - "8.3.2.6", - "A1.1.3.25" - ], - "CIS-4.0": [ - "8.4" - ], - "NIS2": [ - "1.1.1.c", - "1.2.1", - "2.3.1", - "6.7.2.b", - "6.7.2.l", - "11.1.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900038, - "created_time_dt": "2025-10-19T18:53:58.634122", - "desc": "Network security groups should be periodically evaluated for port misconfigurations. Where certain ports and protocols may be exposed to the Internet, they should be evaluated for necessity and restricted wherever they are not explicitly required and narrowly configured.", - "title": "Ensure that HTTP(S) access from the Internet is evaluated and restricted", - "types": [], - "uid": "prowler-azure-network_http_internet_access_restricted-3bb71587-4549-4396-8898-9e15f062e665-westus2-nsg-lee8" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "westus2", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-lee8/providers/Microsoft.Network/networkSecurityGroups/nsg-lee8", - "name": "nsg-lee8", - "location": "westus2", - "security_rules": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-lee8/providers/Microsoft.Network/networkSecurityGroups/nsg-lee8/securityRules/nsgr-lee8", - "name": "nsgr-lee8", - "destination_port_range": "*", - "protocol": "*", - "source_address_prefix": "192.168.0.0/24", - "access": "Deny", - "direction": "Outbound" - } - ] - } - }, - "group": { - "name": "network" - }, - "labels": [], - "name": "nsg-lee8", - "type": "Network", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-lee8/providers/Microsoft.Network/networkSecurityGroups/nsg-lee8" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "westus2" - }, - "remediation": { - "desc": "Where HTTP(S) is not explicitly required and narrowly configured for resources attached to the Network Security Group, Internet-level access to your Azure resources should be restricted or eliminated. For internal access to relevant resources, configure an encrypted network tunnel such as: ExpressRoute Site-to-site VPN Point-to-site VPN", - "references": [] - }, - "risk_details": "The potential security problem with using HTTP(S) over the Internet is that attackers can use various brute force techniques to gain access to Azure resources. Once the attackers gain access, they can use the resource as a launch point for compromising other resources within the Azure tenant.", - "time": 1760900038, - "time_dt": "2025-10-19T18:53:58.634122", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Security Group nsg-lee8 from subscription Azure subscription 1 has RDP internet access restricted.", - "metadata": { - "event_code": "network_rdp_internet_access_restricted", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Security Group nsg-lee8 from subscription Azure subscription 1 has RDP internet access restricted.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/azure/security/azure-security-network-security-best-practices#disable-rdpssh-access-to-azure-virtual-machines", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.com.1.az.nw.1" - ], - "MITRE-ATTACK": [ - "T1199", - "T1048", - "T1499", - "T1498", - "T1046" - ], - "CIS-2.0": [ - "6.1" - ], - "ProwlerThreatScore-1.0": [ - "2.1.1" - ], - "ISO27001-2022": [ - "A.8.14", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "SOC2": [ - "cc_6_6" - ], - "CIS-2.1": [ - "6.1" - ], - "CIS-3.0": [ - "7.1" - ], - "CCC": [ - "CCC.Build.CN03.AR01", - "CCC.MLDE.CN07.AR01", - "CCC.MLDE.CN07.AR02", - "CCC.MLDE.CN08.AR01", - "CCC.MLDE.CN08.AR02", - "CCC.Core.CN06.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05" - ], - "CIS-4.0": [ - "8.1" - ], - "NIS2": [ - "2.3.1", - "6.7.2.b", - "6.7.2.l", - "11.1.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900038, - "created_time_dt": "2025-10-19T18:53:58.634122", - "desc": "Network security groups should be periodically evaluated for port misconfigurations. Where certain ports and protocols may be exposed to the Internet, they should be evaluated for necessity and restricted wherever they are not explicitly required.", - "title": "Ensure that RDP access from the Internet is evaluated and restricted", - "types": [], - "uid": "prowler-azure-network_rdp_internet_access_restricted-3bb71587-4549-4396-8898-9e15f062e665-westus2-nsg-lee8" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "westus2", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-lee8/providers/Microsoft.Network/networkSecurityGroups/nsg-lee8", - "name": "nsg-lee8", - "location": "westus2", - "security_rules": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-lee8/providers/Microsoft.Network/networkSecurityGroups/nsg-lee8/securityRules/nsgr-lee8", - "name": "nsgr-lee8", - "destination_port_range": "*", - "protocol": "*", - "source_address_prefix": "192.168.0.0/24", - "access": "Deny", - "direction": "Outbound" - } - ] - } - }, - "group": { - "name": "network" - }, - "labels": [], - "name": "nsg-lee8", - "type": "Network", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-lee8/providers/Microsoft.Network/networkSecurityGroups/nsg-lee8" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "westus2" - }, - "remediation": { - "desc": "Where RDP is not explicitly required and narrowly configured for resources attached to the Network Security Group, Internet-level access to your Azure resources should be restricted or eliminated. For internal access to relevant resources, configure an encrypted network tunnel such as: ExpressRoute Site-to-site VPN Point-to-site VPN", - "references": [ - "https://docs.microsoft.com/en-us/security/benchmark/azure/security-controls-v3-network-security#ns-1-establish-network-segmentation-boundaries" - ] - }, - "risk_details": "The potential security problem with using RDP over the Internet is that attackers can use various brute force techniques to gain access to Azure Virtual Machines. Once the attackers gain access, they can use a virtual machine as a launch point for compromising other machines on an Azure Virtual Network or even attack networked devices outside of Azure.", - "time": 1760900038, - "time_dt": "2025-10-19T18:53:58.634122", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Security Group nsg-lee8 from subscription Azure subscription 1 has SSH internet access restricted.", - "metadata": { - "event_code": "network_ssh_internet_access_restricted", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Security Group nsg-lee8 from subscription Azure subscription 1 has SSH internet access restricted.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/azure/security/azure-security-network-security-best-practices#disable-rdpssh-access-to-azure-virtual-machines", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.com.1.az.nw.2" - ], - "MITRE-ATTACK": [ - "T1199", - "T1048", - "T1499", - "T1498", - "T1046" - ], - "CIS-2.0": [ - "6.2" - ], - "ProwlerThreatScore-1.0": [ - "2.1.2" - ], - "ISO27001-2022": [ - "A.8.14", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "SOC2": [ - "cc_6_6" - ], - "CIS-2.1": [ - "6.2" - ], - "CIS-3.0": [ - "7.2" - ], - "CCC": [ - "CCC.Build.CN03.AR01", - "CCC.MLDE.CN07.AR01", - "CCC.MLDE.CN07.AR02", - "CCC.MLDE.CN08.AR01", - "CCC.MLDE.CN08.AR02", - "CCC.Core.CN01.AR02", - "CCC.Core.CN06.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05" - ], - "PCI-4.0": [ - "1.2.5.17", - "1.2.8.17", - "1.2.8.18", - "1.2.8.21", - "1.2.8.41", - "1.3.1.19", - "1.3.1.21", - "1.3.1.24", - "1.3.1.45", - "1.3.2.19", - "1.3.2.21", - "1.3.2.24", - "1.3.2.45", - "1.4.1.5", - "1.4.2.18", - "1.4.2.19", - "1.4.2.22", - "1.4.2.43", - "1.4.4.5", - "1.5.1.17", - "1.5.1.18", - "1.5.1.21", - "1.5.1.40", - "2.2.5.17", - "A1.1.3.17", - "A1.1.3.18", - "A1.1.3.21", - "A1.1.3.40" - ], - "CIS-4.0": [ - "8.2" - ], - "NIS2": [ - "2.3.1", - "6.7.2.b", - "6.7.2.l", - "11.1.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900038, - "created_time_dt": "2025-10-19T18:53:58.634122", - "desc": "Network security groups should be periodically evaluated for port misconfigurations. Where certain ports and protocols may be exposed to the Internet, they should be evaluated for necessity and restricted wherever they are not explicitly required.", - "title": "Ensure that SSH access from the Internet is evaluated and restricted", - "types": [], - "uid": "prowler-azure-network_ssh_internet_access_restricted-3bb71587-4549-4396-8898-9e15f062e665-westus2-nsg-lee8" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "westus2", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-lee8/providers/Microsoft.Network/networkSecurityGroups/nsg-lee8", - "name": "nsg-lee8", - "location": "westus2", - "security_rules": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-lee8/providers/Microsoft.Network/networkSecurityGroups/nsg-lee8/securityRules/nsgr-lee8", - "name": "nsgr-lee8", - "destination_port_range": "*", - "protocol": "*", - "source_address_prefix": "192.168.0.0/24", - "access": "Deny", - "direction": "Outbound" - } - ] - } - }, - "group": { - "name": "network" - }, - "labels": [], - "name": "nsg-lee8", - "type": "Network", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-lee8/providers/Microsoft.Network/networkSecurityGroups/nsg-lee8" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "westus2" - }, - "remediation": { - "desc": "Where SSH is not explicitly required and narrowly configured for resources attached to the Network Security Group, Internet-level access to your Azure resources should be restricted or eliminated. For internal access to relevant resources, configure an encrypted network tunnel such as: ExpressRoute Site-to-site VPN Point-to-site VPN", - "references": [ - "https://docs.microsoft.com/en-us/security/benchmark/azure/security-controls-v3-network-security#ns-1-establish-network-segmentation-boundaries" - ] - }, - "risk_details": "The potential security problem with using SSH over the Internet is that attackers can use various brute force techniques to gain access to Azure Virtual Machines. Once the attackers gain access, they can use a virtual machine as a launch point for compromising other machines on the Azure Virtual Network or even attack networked devices outside of Azure.", - "time": 1760900038, - "time_dt": "2025-10-19T18:53:58.634122", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Security Group nsg-lee8 from subscription Azure subscription 1 has UDP internet access restricted.", - "metadata": { - "event_code": "network_udp_internet_access_restricted", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Security Group nsg-lee8 from subscription Azure subscription 1 has UDP internet access restricted.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/azure/security/fundamentals/network-best-practices#secure-your-critical-azure-service-resources-to-only-your-virtual-networks", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.com.1.az.nw.3" - ], - "MITRE-ATTACK": [ - "T1199", - "T1048", - "T1499", - "T1498", - "T1046" - ], - "CIS-2.0": [ - "6.3" - ], - "ProwlerThreatScore-1.0": [ - "2.1.3" - ], - "ISO27001-2022": [ - "A.8.14", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "SOC2": [ - "cc_6_6" - ], - "CIS-2.1": [ - "6.3" - ], - "CIS-3.0": [ - "7.3" - ], - "CCC": [ - "CCC.Build.CN03.AR01", - "CCC.MLDE.CN07.AR01", - "CCC.MLDE.CN07.AR02", - "CCC.MLDE.CN08.AR01", - "CCC.MLDE.CN08.AR02", - "CCC.Core.CN06.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05" - ], - "CIS-4.0": [ - "8.3" - ], - "NIS2": [ - "2.3.1", - "6.7.2.b", - "6.7.2.l", - "11.1.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900038, - "created_time_dt": "2025-10-19T18:53:58.634122", - "desc": "Network security groups should be periodically evaluated for port misconfigurations. Where certain ports and protocols may be exposed to the Internet, they should be evaluated for necessity and restricted wherever they are not explicitly required.", - "title": "Ensure that UDP access from the Internet is evaluated and restricted", - "types": [], - "uid": "prowler-azure-network_udp_internet_access_restricted-3bb71587-4549-4396-8898-9e15f062e665-westus2-nsg-lee8" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "westus2", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-lee8/providers/Microsoft.Network/networkSecurityGroups/nsg-lee8", - "name": "nsg-lee8", - "location": "westus2", - "security_rules": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-lee8/providers/Microsoft.Network/networkSecurityGroups/nsg-lee8/securityRules/nsgr-lee8", - "name": "nsgr-lee8", - "destination_port_range": "*", - "protocol": "*", - "source_address_prefix": "192.168.0.0/24", - "access": "Deny", - "direction": "Outbound" - } - ] - } - }, - "group": { - "name": "network" - }, - "labels": [], - "name": "nsg-lee8", - "type": "Network", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-lee8/providers/Microsoft.Network/networkSecurityGroups/nsg-lee8" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "westus2" - }, - "remediation": { - "desc": "Where UDP is not explicitly required and narrowly configured for resources attached tothe Network Security Group, Internet-level access to your Azure resources should be restricted or eliminated. For internal access to relevant resources, configure an encrypted network tunnel such as: ExpressRouteSite-to-site VPN Point-to-site VPN", - "references": [ - "https://docs.microsoft.com/en-us/azure/security/fundamentals/ddos-best-practices" - ] - }, - "risk_details": "The potential security problem with broadly exposing UDP services over the Internet is that attackers can use DDoS amplification techniques to reflect spoofed UDP traffic from Azure Virtual Machines. The most common types of these attacks use exposed DNS, NTP, SSDP, SNMP, CLDAP and other UDP-based services as amplification sources for disrupting services of other machines on the Azure Virtual Network or even attack networked devices outside of Azure.", - "time": 1760900038, - "time_dt": "2025-10-19T18:53:58.634122", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Network Watcher is not enabled for the following locations in subscription 'Azure subscription 1': uaenorth, australiacentral, austriaeast, southindia, jioindiacentral, germanynorth, westus, italynorth, ukwest, eastus2, brazilsouth, westus3, spaincentral, uksouth, francesouth, canadaeast, northcentralus, australiasoutheast, eastus, indonesiacentral, francecentral, westeurope, switzerlandnorth, mexicocentral, chilecentral, brazilsoutheast, jioindiawest, swedencentral, northeurope, southafricanorth, westcentralus, westindia, southeastasia, uaecentral, germanywestcentral, japanwest, canadacentral, israelcentral, centralus, newzealandnorth, southafricawest, japaneast, australiaeast, norwayeast, australiacentral2, koreacentral, norwaywest, qatarcentral, eastasia, koreasouth, polandcentral, switzerlandwest, malaysiawest.", - "metadata": { - "event_code": "network_watcher_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Network Watcher is not enabled for the following locations in subscription 'Azure subscription 1': uaenorth, australiacentral, austriaeast, southindia, jioindiacentral, germanynorth, westus, italynorth, ukwest, eastus2, brazilsouth, westus3, spaincentral, uksouth, francesouth, canadaeast, northcentralus, australiasoutheast, eastus, indonesiacentral, francecentral, westeurope, switzerlandnorth, mexicocentral, chilecentral, brazilsoutheast, jioindiawest, swedencentral, northeurope, southafricanorth, westcentralus, westindia, southeastasia, uaecentral, germanywestcentral, japanwest, canadacentral, israelcentral, centralus, newzealandnorth, southafricawest, japaneast, australiaeast, norwayeast, australiacentral2, koreacentral, norwaywest, qatarcentral, eastasia, koreasouth, polandcentral, switzerlandwest, malaysiawest.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-monitoring-overview", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "There are additional costs per transaction to run and store network data. For high-volume networks these charges will add up quickly.", - "compliance": { - "ENS-RD2022": [ - "op.mon.1.az.nw.1", - "op.mon.2.r2.az.ma.1", - "op.mon.3.az.nw.1", - "mp.com.1.az.nw.1", - "mp.com.1.az.nw.2", - "mp.com.1.az.nw.3", - "mp.com.3.az.nw.1" - ], - "MITRE-ATTACK": [ - "T1048", - "T1499", - "T1498", - "T1046", - "T1049" - ], - "CIS-2.0": [ - "6.6" - ], - "ProwlerThreatScore-1.0": [ - "3.3.14" - ], - "ISO27001-2022": [ - "A.8.14", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "CIS-2.1": [ - "6.6" - ], - "CIS-3.0": [ - "7.6" - ], - "CCC": [ - "CCC.LB.CN01.AR02", - "CCC.LB.CN06.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN06.AR01" - ], - "CIS-4.0": [ - "8.6" - ], - "NIS2": [ - "2.3.1", - "6.7.2.b", - "6.7.2.l", - "6.8.2.a", - "11.1.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900038, - "created_time_dt": "2025-10-19T18:53:58.634122", - "desc": "Enable Network Watcher for Azure subscriptions.", - "title": "Ensure that Network Watcher is 'Enabled' for all locations in the Azure subscription", - "types": [], - "uid": "prowler-azure-network_watcher_enabled-3bb71587-4549-4396-8898-9e15f062e665-global-Network Watcher" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "network" - }, - "labels": [], - "name": "Network Watcher", - "type": "Network", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_*" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "Opting out of Network Watcher automatic enablement is a permanent change. Once you opt-out you cannot opt-in without contacting support.", - "references": [ - "https://learn.microsoft.com/en-us/security/benchmark/azure/security-controls-v2-logging-threat-detection#lt-3-enable-logging-for-azure-network-activities" - ] - }, - "risk_details": "Network diagnostic and visualization tools available with Network Watcher help users understand, diagnose, and gain insights to the network in Azure.", - "time": 1760900038, - "time_dt": "2025-10-19T18:53:58.634122", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Policy assigment '/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Authorization/policyAssignments/SecurityCenterBuiltIn' is configured with enforcement mode 'Default'.", - "metadata": { - "event_code": "policy_ensure_asc_enforcement_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Policy assigment '/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Authorization/policyAssignments/SecurityCenterBuiltIn' is configured with enforcement mode 'Default'.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/defender-for-cloud/security-policy-concept", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-2.0": [ - "2.1.14" - ], - "ProwlerThreatScore-1.0": [ - "3.3.17" - ], - "ISO27001-2022": [ - "A.5.1" - ], - "CIS-2.1": [ - "2.1.13" - ], - "CIS-3.0": [ - "3.1.11" - ], - "PCI-4.0": [ - "10.2.1.1.31", - "10.4.1.1.5", - "10.4.1.4", - "10.4.2.5", - "10.6.3.36", - "10.7.1.6", - "10.7.2.6", - "A3.3.1.9", - "A3.5.1.9" - ], - "CIS-4.0": [ - "9.1.11" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900038, - "created_time_dt": "2025-10-19T18:53:58.634122", - "desc": "None of the settings offered by ASC Default policy should be set to effect Disabled.", - "title": "Ensure Any of the ASC Default Policy Settings are Not Set to 'Disabled'", - "types": [], - "uid": "prowler-azure-policy_ensure_asc_enforcement_enabled-3bb71587-4549-4396-8898-9e15f062e665-global-SecurityCenterBuiltIn" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Authorization/policyAssignments/SecurityCenterBuiltIn", - "name": "SecurityCenterBuiltIn", - "enforcement_mode": "Default" - } - }, - "group": { - "name": "policy" - }, - "labels": [], - "name": "SecurityCenterBuiltIn", - "type": "Microsoft.Authorization/policyAssignments", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Authorization/policyAssignments/SecurityCenterBuiltIn" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. From Azure Home select the Portal Menu 2. Select Policy 3. Select ASC Default for each subscription 4. Click on 'view Assignment' 5. Click on 'Edit assignment' 6. Ensure Policy Enforcement is Enabled 7. Click 'Review + Save'", - "references": [ - "https://learn.microsoft.com/en-us/azure/defender-for-cloud/implement-security-recommendations" - ] - }, - "risk_details": "A security policy defines the desired configuration of your workloads and helps ensure compliance with company or regulatory security requirements. ASC Default policy is associated with every subscription by default. ASC default policy assignment is a set of security recommendations based on best practices. Enabling recommendations in ASC default policy ensures that Azure security center provides the ability to monitor all of the supported recommendations and optionally allow automated action for a few of the supported recommendations.", - "time": 1760900038, - "time_dt": "2025-10-19T18:53:58.634122", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-e9rn from subscription Azure subscription 1 has allow public access from any Azure service disabled", - "metadata": { - "event_code": "postgresql_flexible_server_allow_access_services_disabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-e9rn from subscription Azure subscription 1 has allow public access from any Azure service disabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/azure/postgresql/concepts-firewall-rules", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.r4.az.sa.3" - ], - "CIS-2.0": [ - "4.3.7" - ], - "ProwlerThreatScore-1.0": [ - "2.2.2" - ], - "ISO27001-2022": [ - "A.8.3" - ], - "CIS-2.1": [ - "4.3.7" - ], - "CIS-3.0": [ - "5.2.5" - ], - "CCC": [ - "CCC.DataWar.CN03.AR01" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900038, - "created_time_dt": "2025-10-19T18:53:58.634122", - "desc": "Disable access from Azure services to PostgreSQL Database Server.", - "title": "Ensure 'Allow access to Azure services' for PostgreSQL Database Server is disabled", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_allow_access_services_disabled-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-e9rn" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn", - "name": "psql-e9rn", - "resource_group": "rg-e9rn", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-e9rn", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Connection security. 4. Under Firewall rules, set Allow access to Azure services to No. 5. Click Save. From Azure CLI Use the below command to delete the AllowAllWindowsAzureIps rule for PostgreSQL Database. az postgres server firewall-rule delete --name AllowAllWindowsAzureIps -- resource-group --server-name ", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/quickstart-create-server-database-azure-cli#configure-a-server-based-firewall-rule" - ] - }, - "risk_details": "If access from Azure services is enabled, the server's firewall will accept connections from all Azure resources, including resources not in your subscription. This is usually not a desired configuration. Instead, set up firewall rules to allow access from specific network ranges or VNET rules to allow access from specific virtual networks.", - "time": 1760900038, - "time_dt": "2025-10-19T18:53:58.634122", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-ireu from subscription Azure subscription 1 has allow public access from any Azure service disabled", - "metadata": { - "event_code": "postgresql_flexible_server_allow_access_services_disabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-ireu from subscription Azure subscription 1 has allow public access from any Azure service disabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/azure/postgresql/concepts-firewall-rules", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.r4.az.sa.3" - ], - "CIS-2.0": [ - "4.3.7" - ], - "ProwlerThreatScore-1.0": [ - "2.2.2" - ], - "ISO27001-2022": [ - "A.8.3" - ], - "CIS-2.1": [ - "4.3.7" - ], - "CIS-3.0": [ - "5.2.5" - ], - "CCC": [ - "CCC.DataWar.CN03.AR01" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900038, - "created_time_dt": "2025-10-19T18:53:58.634122", - "desc": "Disable access from Azure services to PostgreSQL Database Server.", - "title": "Ensure 'Allow access to Azure services' for PostgreSQL Database Server is disabled", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_allow_access_services_disabled-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-ireu" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu", - "name": "psql-ireu", - "resource_group": "rg-ireu", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-ireu", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Connection security. 4. Under Firewall rules, set Allow access to Azure services to No. 5. Click Save. From Azure CLI Use the below command to delete the AllowAllWindowsAzureIps rule for PostgreSQL Database. az postgres server firewall-rule delete --name AllowAllWindowsAzureIps -- resource-group --server-name ", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/quickstart-create-server-database-azure-cli#configure-a-server-based-firewall-rule" - ] - }, - "risk_details": "If access from Azure services is enabled, the server's firewall will accept connections from all Azure resources, including resources not in your subscription. This is usually not a desired configuration. Instead, set up firewall rules to allow access from specific network ranges or VNET rules to allow access from specific virtual networks.", - "time": 1760900038, - "time_dt": "2025-10-19T18:53:58.634122", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-rk6x from subscription Azure subscription 1 has allow public access from any Azure service disabled", - "metadata": { - "event_code": "postgresql_flexible_server_allow_access_services_disabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-rk6x from subscription Azure subscription 1 has allow public access from any Azure service disabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/azure/postgresql/concepts-firewall-rules", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.r4.az.sa.3" - ], - "CIS-2.0": [ - "4.3.7" - ], - "ProwlerThreatScore-1.0": [ - "2.2.2" - ], - "ISO27001-2022": [ - "A.8.3" - ], - "CIS-2.1": [ - "4.3.7" - ], - "CIS-3.0": [ - "5.2.5" - ], - "CCC": [ - "CCC.DataWar.CN03.AR01" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900038, - "created_time_dt": "2025-10-19T18:53:58.634122", - "desc": "Disable access from Azure services to PostgreSQL Database Server.", - "title": "Ensure 'Allow access to Azure services' for PostgreSQL Database Server is disabled", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_allow_access_services_disabled-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-rk6x" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x", - "name": "psql-rk6x", - "resource_group": "rg-rk6x", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-rk6x", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Connection security. 4. Under Firewall rules, set Allow access to Azure services to No. 5. Click Save. From Azure CLI Use the below command to delete the AllowAllWindowsAzureIps rule for PostgreSQL Database. az postgres server firewall-rule delete --name AllowAllWindowsAzureIps -- resource-group --server-name ", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/quickstart-create-server-database-azure-cli#configure-a-server-based-firewall-rule" - ] - }, - "risk_details": "If access from Azure services is enabled, the server's firewall will accept connections from all Azure resources, including resources not in your subscription. This is usually not a desired configuration. Instead, set up firewall rules to allow access from specific network ranges or VNET rules to allow access from specific virtual networks.", - "time": 1760900038, - "time_dt": "2025-10-19T18:53:58.634122", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-rtac from subscription Azure subscription 1 has allow public access from any Azure service disabled", - "metadata": { - "event_code": "postgresql_flexible_server_allow_access_services_disabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-rtac from subscription Azure subscription 1 has allow public access from any Azure service disabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/azure/postgresql/concepts-firewall-rules", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.r4.az.sa.3" - ], - "CIS-2.0": [ - "4.3.7" - ], - "ProwlerThreatScore-1.0": [ - "2.2.2" - ], - "ISO27001-2022": [ - "A.8.3" - ], - "CIS-2.1": [ - "4.3.7" - ], - "CIS-3.0": [ - "5.2.5" - ], - "CCC": [ - "CCC.DataWar.CN03.AR01" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900038, - "created_time_dt": "2025-10-19T18:53:58.634122", - "desc": "Disable access from Azure services to PostgreSQL Database Server.", - "title": "Ensure 'Allow access to Azure services' for PostgreSQL Database Server is disabled", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_allow_access_services_disabled-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-rtac" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac", - "name": "psql-rtac", - "resource_group": "rg-rtac", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-rtac", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Connection security. 4. Under Firewall rules, set Allow access to Azure services to No. 5. Click Save. From Azure CLI Use the below command to delete the AllowAllWindowsAzureIps rule for PostgreSQL Database. az postgres server firewall-rule delete --name AllowAllWindowsAzureIps -- resource-group --server-name ", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/quickstart-create-server-database-azure-cli#configure-a-server-based-firewall-rule" - ] - }, - "risk_details": "If access from Azure services is enabled, the server's firewall will accept connections from all Azure resources, including resources not in your subscription. This is usually not a desired configuration. Instead, set up firewall rules to allow access from specific network ranges or VNET rules to allow access from specific virtual networks.", - "time": 1760900038, - "time_dt": "2025-10-19T18:53:58.634122", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-tumw from subscription Azure subscription 1 has allow public access from any Azure service disabled", - "metadata": { - "event_code": "postgresql_flexible_server_allow_access_services_disabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-tumw from subscription Azure subscription 1 has allow public access from any Azure service disabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/azure/postgresql/concepts-firewall-rules", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.r4.az.sa.3" - ], - "CIS-2.0": [ - "4.3.7" - ], - "ProwlerThreatScore-1.0": [ - "2.2.2" - ], - "ISO27001-2022": [ - "A.8.3" - ], - "CIS-2.1": [ - "4.3.7" - ], - "CIS-3.0": [ - "5.2.5" - ], - "CCC": [ - "CCC.DataWar.CN03.AR01" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900038, - "created_time_dt": "2025-10-19T18:53:58.634122", - "desc": "Disable access from Azure services to PostgreSQL Database Server.", - "title": "Ensure 'Allow access to Azure services' for PostgreSQL Database Server is disabled", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_allow_access_services_disabled-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-tumw" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw", - "name": "psql-tumw", - "resource_group": "rg-tumw", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-tumw", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Connection security. 4. Under Firewall rules, set Allow access to Azure services to No. 5. Click Save. From Azure CLI Use the below command to delete the AllowAllWindowsAzureIps rule for PostgreSQL Database. az postgres server firewall-rule delete --name AllowAllWindowsAzureIps -- resource-group --server-name ", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/quickstart-create-server-database-azure-cli#configure-a-server-based-firewall-rule" - ] - }, - "risk_details": "If access from Azure services is enabled, the server's firewall will accept connections from all Azure resources, including resources not in your subscription. This is usually not a desired configuration. Instead, set up firewall rules to allow access from specific network ranges or VNET rules to allow access from specific virtual networks.", - "time": 1760900038, - "time_dt": "2025-10-19T18:53:58.634122", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-e9rn from subscription Azure subscription 1 has connection_throttling disabled", - "metadata": { - "event_code": "postgresql_flexible_server_connection_throttling_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Flexible Postgresql server psql-e9rn from subscription Azure subscription 1 has connection_throttling disabled", - "status_id": 1, - "unmapped": { - "related_url": " https://docs.microsoft.com/en-us/rest/api/postgresql/configurations/listbyserver", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-2.0": [ - "4.3.5" - ], - "ProwlerThreatScore-1.0": [ - "3.1.2" - ], - "CIS-2.1": [ - "4.3.5" - ], - "CIS-3.0": [ - "5.2.3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900038, - "created_time_dt": "2025-10-19T18:53:58.634122", - "desc": "Enable connection_throttling on PostgreSQL Servers.", - "title": "Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_connection_throttling_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-e9rn" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn", - "name": "psql-e9rn", - "resource_group": "rg-e9rn", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-e9rn", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for connection_throttling. 5. Click ON and save. From Azure CLI Use the below command to update connection_throttling configuration. az postgres server configuration set --resource-group -- server-name --name connection_throttling --value on From PowerShell Use the below command to update connection_throttling configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name connection_throttling -Value on", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/how-to-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling connection_throttling helps the PostgreSQL Database to Set the verbosity of logged messages. This in turn generates query and error logs with respect to concurrent connections that could lead to a successful Denial of Service (DoS) attack by exhausting connection resources. A system can also fail or be degraded by an overload of legitimate users. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760900038, - "time_dt": "2025-10-19T18:53:58.634122", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-ireu from subscription Azure subscription 1 has connection_throttling disabled", - "metadata": { - "event_code": "postgresql_flexible_server_connection_throttling_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Flexible Postgresql server psql-ireu from subscription Azure subscription 1 has connection_throttling disabled", - "status_id": 1, - "unmapped": { - "related_url": " https://docs.microsoft.com/en-us/rest/api/postgresql/configurations/listbyserver", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-2.0": [ - "4.3.5" - ], - "ProwlerThreatScore-1.0": [ - "3.1.2" - ], - "CIS-2.1": [ - "4.3.5" - ], - "CIS-3.0": [ - "5.2.3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900038, - "created_time_dt": "2025-10-19T18:53:58.634122", - "desc": "Enable connection_throttling on PostgreSQL Servers.", - "title": "Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_connection_throttling_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-ireu" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu", - "name": "psql-ireu", - "resource_group": "rg-ireu", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-ireu", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for connection_throttling. 5. Click ON and save. From Azure CLI Use the below command to update connection_throttling configuration. az postgres server configuration set --resource-group -- server-name --name connection_throttling --value on From PowerShell Use the below command to update connection_throttling configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name connection_throttling -Value on", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/how-to-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling connection_throttling helps the PostgreSQL Database to Set the verbosity of logged messages. This in turn generates query and error logs with respect to concurrent connections that could lead to a successful Denial of Service (DoS) attack by exhausting connection resources. A system can also fail or be degraded by an overload of legitimate users. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760900038, - "time_dt": "2025-10-19T18:53:58.634122", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-rk6x from subscription Azure subscription 1 has connection_throttling disabled", - "metadata": { - "event_code": "postgresql_flexible_server_connection_throttling_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Flexible Postgresql server psql-rk6x from subscription Azure subscription 1 has connection_throttling disabled", - "status_id": 1, - "unmapped": { - "related_url": " https://docs.microsoft.com/en-us/rest/api/postgresql/configurations/listbyserver", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-2.0": [ - "4.3.5" - ], - "ProwlerThreatScore-1.0": [ - "3.1.2" - ], - "CIS-2.1": [ - "4.3.5" - ], - "CIS-3.0": [ - "5.2.3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900038, - "created_time_dt": "2025-10-19T18:53:58.634122", - "desc": "Enable connection_throttling on PostgreSQL Servers.", - "title": "Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_connection_throttling_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-rk6x" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x", - "name": "psql-rk6x", - "resource_group": "rg-rk6x", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-rk6x", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for connection_throttling. 5. Click ON and save. From Azure CLI Use the below command to update connection_throttling configuration. az postgres server configuration set --resource-group -- server-name --name connection_throttling --value on From PowerShell Use the below command to update connection_throttling configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name connection_throttling -Value on", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/how-to-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling connection_throttling helps the PostgreSQL Database to Set the verbosity of logged messages. This in turn generates query and error logs with respect to concurrent connections that could lead to a successful Denial of Service (DoS) attack by exhausting connection resources. A system can also fail or be degraded by an overload of legitimate users. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760900038, - "time_dt": "2025-10-19T18:53:58.634122", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-rtac from subscription Azure subscription 1 has connection_throttling disabled", - "metadata": { - "event_code": "postgresql_flexible_server_connection_throttling_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Flexible Postgresql server psql-rtac from subscription Azure subscription 1 has connection_throttling disabled", - "status_id": 1, - "unmapped": { - "related_url": " https://docs.microsoft.com/en-us/rest/api/postgresql/configurations/listbyserver", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-2.0": [ - "4.3.5" - ], - "ProwlerThreatScore-1.0": [ - "3.1.2" - ], - "CIS-2.1": [ - "4.3.5" - ], - "CIS-3.0": [ - "5.2.3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900038, - "created_time_dt": "2025-10-19T18:53:58.634122", - "desc": "Enable connection_throttling on PostgreSQL Servers.", - "title": "Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_connection_throttling_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-rtac" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac", - "name": "psql-rtac", - "resource_group": "rg-rtac", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-rtac", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for connection_throttling. 5. Click ON and save. From Azure CLI Use the below command to update connection_throttling configuration. az postgres server configuration set --resource-group -- server-name --name connection_throttling --value on From PowerShell Use the below command to update connection_throttling configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name connection_throttling -Value on", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/how-to-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling connection_throttling helps the PostgreSQL Database to Set the verbosity of logged messages. This in turn generates query and error logs with respect to concurrent connections that could lead to a successful Denial of Service (DoS) attack by exhausting connection resources. A system can also fail or be degraded by an overload of legitimate users. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760900038, - "time_dt": "2025-10-19T18:53:58.634122", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-tumw from subscription Azure subscription 1 has connection_throttling disabled", - "metadata": { - "event_code": "postgresql_flexible_server_connection_throttling_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Flexible Postgresql server psql-tumw from subscription Azure subscription 1 has connection_throttling disabled", - "status_id": 1, - "unmapped": { - "related_url": " https://docs.microsoft.com/en-us/rest/api/postgresql/configurations/listbyserver", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-2.0": [ - "4.3.5" - ], - "ProwlerThreatScore-1.0": [ - "3.1.2" - ], - "CIS-2.1": [ - "4.3.5" - ], - "CIS-3.0": [ - "5.2.3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900038, - "created_time_dt": "2025-10-19T18:53:58.634122", - "desc": "Enable connection_throttling on PostgreSQL Servers.", - "title": "Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_connection_throttling_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-tumw" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw", - "name": "psql-tumw", - "resource_group": "rg-tumw", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-tumw", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for connection_throttling. 5. Click ON and save. From Azure CLI Use the below command to update connection_throttling configuration. az postgres server configuration set --resource-group -- server-name --name connection_throttling --value on From PowerShell Use the below command to update connection_throttling configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name connection_throttling -Value on", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/how-to-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling connection_throttling helps the PostgreSQL Database to Set the verbosity of logged messages. This in turn generates query and error logs with respect to concurrent connections that could lead to a successful Denial of Service (DoS) attack by exhausting connection resources. A system can also fail or be degraded by an overload of legitimate users. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760900038, - "time_dt": "2025-10-19T18:53:58.634122", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-e9rn from subscription Azure subscription 1 has enforce ssl enabled", - "metadata": { - "event_code": "postgresql_flexible_server_enforce_ssl_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-e9rn from subscription Azure subscription 1 has enforce ssl enabled", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/postgresql/single-server/concepts-ssl-connection-security", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": ".", - "compliance": { - "MITRE-ATTACK": [ - "T1040", - "T1530" - ], - "CIS-2.0": [ - "4.3.1" - ], - "ProwlerThreatScore-1.0": [ - "4.1.1", - "4.1.2" - ], - "SOC2": [ - "cc_6_2", - "cc_6_6" - ], - "CIS-2.1": [ - "4.3.1" - ], - "CIS-3.0": [ - "5.2.1", - "5.3.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900038, - "created_time_dt": "2025-10-19T18:53:58.634122", - "desc": "Enable SSL connection on PostgreSQL Servers.", - "title": "Ensure 'Enforce SSL connection' is set to 'ENABLED' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_enforce_ssl_enabled-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-e9rn" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn", - "name": "psql-e9rn", - "resource_group": "rg-e9rn", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-e9rn", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com 2. Go to Azure Database for PostgreSQL server 3. For each database, click on Connection security 4. In SSL settings, click on ENABLED to enforce SSL connections 5. Click Save From Azure CLI Use the below command to enforce ssl connection for PostgreSQL Database. az postgres server update --resource-group --name --ssl-enforcement Enabled From PowerShell Update-AzPostgreSqlServer -ResourceGroupName -ServerName -SslEnforcement Enabled", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/concepts-ssl-connection-security" - ] - }, - "risk_details": "SSL connectivity helps to provide a new layer of security by connecting database server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between database server and client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and application.", - "time": 1760900038, - "time_dt": "2025-10-19T18:53:58.634122", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-ireu from subscription Azure subscription 1 has enforce ssl enabled", - "metadata": { - "event_code": "postgresql_flexible_server_enforce_ssl_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-ireu from subscription Azure subscription 1 has enforce ssl enabled", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/postgresql/single-server/concepts-ssl-connection-security", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": ".", - "compliance": { - "MITRE-ATTACK": [ - "T1040", - "T1530" - ], - "CIS-2.0": [ - "4.3.1" - ], - "ProwlerThreatScore-1.0": [ - "4.1.1", - "4.1.2" - ], - "SOC2": [ - "cc_6_2", - "cc_6_6" - ], - "CIS-2.1": [ - "4.3.1" - ], - "CIS-3.0": [ - "5.2.1", - "5.3.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900038, - "created_time_dt": "2025-10-19T18:53:58.634122", - "desc": "Enable SSL connection on PostgreSQL Servers.", - "title": "Ensure 'Enforce SSL connection' is set to 'ENABLED' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_enforce_ssl_enabled-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-ireu" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu", - "name": "psql-ireu", - "resource_group": "rg-ireu", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-ireu", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com 2. Go to Azure Database for PostgreSQL server 3. For each database, click on Connection security 4. In SSL settings, click on ENABLED to enforce SSL connections 5. Click Save From Azure CLI Use the below command to enforce ssl connection for PostgreSQL Database. az postgres server update --resource-group --name --ssl-enforcement Enabled From PowerShell Update-AzPostgreSqlServer -ResourceGroupName -ServerName -SslEnforcement Enabled", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/concepts-ssl-connection-security" - ] - }, - "risk_details": "SSL connectivity helps to provide a new layer of security by connecting database server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between database server and client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and application.", - "time": 1760900038, - "time_dt": "2025-10-19T18:53:58.634122", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-rk6x from subscription Azure subscription 1 has enforce ssl enabled", - "metadata": { - "event_code": "postgresql_flexible_server_enforce_ssl_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-rk6x from subscription Azure subscription 1 has enforce ssl enabled", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/postgresql/single-server/concepts-ssl-connection-security", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": ".", - "compliance": { - "MITRE-ATTACK": [ - "T1040", - "T1530" - ], - "CIS-2.0": [ - "4.3.1" - ], - "ProwlerThreatScore-1.0": [ - "4.1.1", - "4.1.2" - ], - "SOC2": [ - "cc_6_2", - "cc_6_6" - ], - "CIS-2.1": [ - "4.3.1" - ], - "CIS-3.0": [ - "5.2.1", - "5.3.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900038, - "created_time_dt": "2025-10-19T18:53:58.634122", - "desc": "Enable SSL connection on PostgreSQL Servers.", - "title": "Ensure 'Enforce SSL connection' is set to 'ENABLED' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_enforce_ssl_enabled-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-rk6x" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x", - "name": "psql-rk6x", - "resource_group": "rg-rk6x", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-rk6x", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com 2. Go to Azure Database for PostgreSQL server 3. For each database, click on Connection security 4. In SSL settings, click on ENABLED to enforce SSL connections 5. Click Save From Azure CLI Use the below command to enforce ssl connection for PostgreSQL Database. az postgres server update --resource-group --name --ssl-enforcement Enabled From PowerShell Update-AzPostgreSqlServer -ResourceGroupName -ServerName -SslEnforcement Enabled", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/concepts-ssl-connection-security" - ] - }, - "risk_details": "SSL connectivity helps to provide a new layer of security by connecting database server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between database server and client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and application.", - "time": 1760900038, - "time_dt": "2025-10-19T18:53:58.634122", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-rtac from subscription Azure subscription 1 has enforce ssl enabled", - "metadata": { - "event_code": "postgresql_flexible_server_enforce_ssl_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-rtac from subscription Azure subscription 1 has enforce ssl enabled", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/postgresql/single-server/concepts-ssl-connection-security", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": ".", - "compliance": { - "MITRE-ATTACK": [ - "T1040", - "T1530" - ], - "CIS-2.0": [ - "4.3.1" - ], - "ProwlerThreatScore-1.0": [ - "4.1.1", - "4.1.2" - ], - "SOC2": [ - "cc_6_2", - "cc_6_6" - ], - "CIS-2.1": [ - "4.3.1" - ], - "CIS-3.0": [ - "5.2.1", - "5.3.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900038, - "created_time_dt": "2025-10-19T18:53:58.634122", - "desc": "Enable SSL connection on PostgreSQL Servers.", - "title": "Ensure 'Enforce SSL connection' is set to 'ENABLED' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_enforce_ssl_enabled-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-rtac" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac", - "name": "psql-rtac", - "resource_group": "rg-rtac", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-rtac", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com 2. Go to Azure Database for PostgreSQL server 3. For each database, click on Connection security 4. In SSL settings, click on ENABLED to enforce SSL connections 5. Click Save From Azure CLI Use the below command to enforce ssl connection for PostgreSQL Database. az postgres server update --resource-group --name --ssl-enforcement Enabled From PowerShell Update-AzPostgreSqlServer -ResourceGroupName -ServerName -SslEnforcement Enabled", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/concepts-ssl-connection-security" - ] - }, - "risk_details": "SSL connectivity helps to provide a new layer of security by connecting database server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between database server and client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and application.", - "time": 1760900038, - "time_dt": "2025-10-19T18:53:58.634122", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-tumw from subscription Azure subscription 1 has enforce ssl enabled", - "metadata": { - "event_code": "postgresql_flexible_server_enforce_ssl_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-tumw from subscription Azure subscription 1 has enforce ssl enabled", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/postgresql/single-server/concepts-ssl-connection-security", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": ".", - "compliance": { - "MITRE-ATTACK": [ - "T1040", - "T1530" - ], - "CIS-2.0": [ - "4.3.1" - ], - "ProwlerThreatScore-1.0": [ - "4.1.1", - "4.1.2" - ], - "SOC2": [ - "cc_6_2", - "cc_6_6" - ], - "CIS-2.1": [ - "4.3.1" - ], - "CIS-3.0": [ - "5.2.1", - "5.3.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900038, - "created_time_dt": "2025-10-19T18:53:58.634122", - "desc": "Enable SSL connection on PostgreSQL Servers.", - "title": "Ensure 'Enforce SSL connection' is set to 'ENABLED' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_enforce_ssl_enabled-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-tumw" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw", - "name": "psql-tumw", - "resource_group": "rg-tumw", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-tumw", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com 2. Go to Azure Database for PostgreSQL server 3. For each database, click on Connection security 4. In SSL settings, click on ENABLED to enforce SSL connections 5. Click Save From Azure CLI Use the below command to enforce ssl connection for PostgreSQL Database. az postgres server update --resource-group --name --ssl-enforcement Enabled From PowerShell Update-AzPostgreSqlServer -ResourceGroupName -ServerName -SslEnforcement Enabled", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/concepts-ssl-connection-security" - ] - }, - "risk_details": "SSL connectivity helps to provide a new layer of security by connecting database server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between database server and client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and application.", - "time": 1760900038, - "time_dt": "2025-10-19T18:53:58.634122", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-e9rn from subscription Azure subscription 1 has log_checkpoints enabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_checkpoints_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-e9rn from subscription Azure subscription 1 has log_checkpoints enabled", - "status_id": 1, - "unmapped": { - "related_url": " https://docs.microsoft.com/en-us/rest/api/postgresql/singleserver/configurations/list-by-server", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.3" - ], - "CIS-2.0": [ - "4.3.2" - ], - "ProwlerThreatScore-1.0": [ - "3.1.1" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "4.3.2" - ], - "CIS-3.0": [ - "5.2.2" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.g", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900038, - "created_time_dt": "2025-10-19T18:53:58.634122", - "desc": "Enable log_checkpoints on PostgreSQL Servers.", - "title": "Ensure Server Parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_checkpoints_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-e9rn" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn", - "name": "psql-e9rn", - "resource_group": "rg-e9rn", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-e9rn", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. From Azure Home select the Portal Menu. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for log_checkpoints. 5. Click ON and save. From Azure CLI Use the below command to update log_checkpoints configuration. az postgres server configuration set --resource-group -- server-name --name log_checkpoints --value on From PowerShell Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_checkpoints -Value on", - "references": [ - "https://docs.microsoft.com/en-us/azure/postgresql/howto-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling log_checkpoints helps the PostgreSQL Database to Log each checkpoint in turn generates query and error logs. However, access to transaction logs is not supported. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760900038, - "time_dt": "2025-10-19T18:53:58.634122", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-ireu from subscription Azure subscription 1 has log_checkpoints enabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_checkpoints_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-ireu from subscription Azure subscription 1 has log_checkpoints enabled", - "status_id": 1, - "unmapped": { - "related_url": " https://docs.microsoft.com/en-us/rest/api/postgresql/singleserver/configurations/list-by-server", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.3" - ], - "CIS-2.0": [ - "4.3.2" - ], - "ProwlerThreatScore-1.0": [ - "3.1.1" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "4.3.2" - ], - "CIS-3.0": [ - "5.2.2" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.g", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900038, - "created_time_dt": "2025-10-19T18:53:58.634122", - "desc": "Enable log_checkpoints on PostgreSQL Servers.", - "title": "Ensure Server Parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_checkpoints_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-ireu" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu", - "name": "psql-ireu", - "resource_group": "rg-ireu", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-ireu", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. From Azure Home select the Portal Menu. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for log_checkpoints. 5. Click ON and save. From Azure CLI Use the below command to update log_checkpoints configuration. az postgres server configuration set --resource-group -- server-name --name log_checkpoints --value on From PowerShell Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_checkpoints -Value on", - "references": [ - "https://docs.microsoft.com/en-us/azure/postgresql/howto-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling log_checkpoints helps the PostgreSQL Database to Log each checkpoint in turn generates query and error logs. However, access to transaction logs is not supported. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760900038, - "time_dt": "2025-10-19T18:53:58.634122", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-rk6x from subscription Azure subscription 1 has log_checkpoints enabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_checkpoints_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-rk6x from subscription Azure subscription 1 has log_checkpoints enabled", - "status_id": 1, - "unmapped": { - "related_url": " https://docs.microsoft.com/en-us/rest/api/postgresql/singleserver/configurations/list-by-server", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.3" - ], - "CIS-2.0": [ - "4.3.2" - ], - "ProwlerThreatScore-1.0": [ - "3.1.1" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "4.3.2" - ], - "CIS-3.0": [ - "5.2.2" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.g", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900038, - "created_time_dt": "2025-10-19T18:53:58.634122", - "desc": "Enable log_checkpoints on PostgreSQL Servers.", - "title": "Ensure Server Parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_checkpoints_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-rk6x" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x", - "name": "psql-rk6x", - "resource_group": "rg-rk6x", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-rk6x", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. From Azure Home select the Portal Menu. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for log_checkpoints. 5. Click ON and save. From Azure CLI Use the below command to update log_checkpoints configuration. az postgres server configuration set --resource-group -- server-name --name log_checkpoints --value on From PowerShell Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_checkpoints -Value on", - "references": [ - "https://docs.microsoft.com/en-us/azure/postgresql/howto-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling log_checkpoints helps the PostgreSQL Database to Log each checkpoint in turn generates query and error logs. However, access to transaction logs is not supported. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760900038, - "time_dt": "2025-10-19T18:53:58.634122", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-rtac from subscription Azure subscription 1 has log_checkpoints enabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_checkpoints_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-rtac from subscription Azure subscription 1 has log_checkpoints enabled", - "status_id": 1, - "unmapped": { - "related_url": " https://docs.microsoft.com/en-us/rest/api/postgresql/singleserver/configurations/list-by-server", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.3" - ], - "CIS-2.0": [ - "4.3.2" - ], - "ProwlerThreatScore-1.0": [ - "3.1.1" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "4.3.2" - ], - "CIS-3.0": [ - "5.2.2" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.g", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900038, - "created_time_dt": "2025-10-19T18:53:58.634122", - "desc": "Enable log_checkpoints on PostgreSQL Servers.", - "title": "Ensure Server Parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_checkpoints_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-rtac" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac", - "name": "psql-rtac", - "resource_group": "rg-rtac", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-rtac", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. From Azure Home select the Portal Menu. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for log_checkpoints. 5. Click ON and save. From Azure CLI Use the below command to update log_checkpoints configuration. az postgres server configuration set --resource-group -- server-name --name log_checkpoints --value on From PowerShell Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_checkpoints -Value on", - "references": [ - "https://docs.microsoft.com/en-us/azure/postgresql/howto-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling log_checkpoints helps the PostgreSQL Database to Log each checkpoint in turn generates query and error logs. However, access to transaction logs is not supported. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760900038, - "time_dt": "2025-10-19T18:53:58.634122", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-tumw from subscription Azure subscription 1 has log_checkpoints enabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_checkpoints_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-tumw from subscription Azure subscription 1 has log_checkpoints enabled", - "status_id": 1, - "unmapped": { - "related_url": " https://docs.microsoft.com/en-us/rest/api/postgresql/singleserver/configurations/list-by-server", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.3" - ], - "CIS-2.0": [ - "4.3.2" - ], - "ProwlerThreatScore-1.0": [ - "3.1.1" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "4.3.2" - ], - "CIS-3.0": [ - "5.2.2" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.g", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900038, - "created_time_dt": "2025-10-19T18:53:58.634122", - "desc": "Enable log_checkpoints on PostgreSQL Servers.", - "title": "Ensure Server Parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_checkpoints_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-tumw" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw", - "name": "psql-tumw", - "resource_group": "rg-tumw", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-tumw", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. From Azure Home select the Portal Menu. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for log_checkpoints. 5. Click ON and save. From Azure CLI Use the below command to update log_checkpoints configuration. az postgres server configuration set --resource-group -- server-name --name log_checkpoints --value on From PowerShell Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_checkpoints -Value on", - "references": [ - "https://docs.microsoft.com/en-us/azure/postgresql/howto-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling log_checkpoints helps the PostgreSQL Database to Log each checkpoint in turn generates query and error logs. However, access to transaction logs is not supported. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760900038, - "time_dt": "2025-10-19T18:53:58.634122", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-e9rn from subscription Azure subscription 1 has log_connections enabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_connections_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-e9rn from subscription Azure subscription 1 has log_connections enabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/rest/api/postgresql/configurations/listbyserver", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.3" - ], - "CIS-2.0": [ - "4.3.3" - ], - "ProwlerThreatScore-1.0": [ - "3.1.3" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "4.3.3" - ], - "CIS-3.0": [ - "5.2.6" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.c", - "3.2.3.e", - "3.2.3.g", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900038, - "created_time_dt": "2025-10-19T18:53:58.634122", - "desc": "Enable log_connections on PostgreSQL Servers.", - "title": "Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_connections_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-e9rn" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn", - "name": "psql-e9rn", - "resource_group": "rg-e9rn", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-e9rn", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for log_connections. 5. Click ON and save. From Azure CLI Use the below command to update log_connections configuration. az postgres server configuration set --resource-group -- server-name --name log_connections --value on From PowerShell Use the below command to update log_connections configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_connections -Value on", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/how-to-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling log_connections helps PostgreSQL Database to log attempted connection to the server, as well as successful completion of client authentication. Log data can be used to identify, troubleshoot, and repair configuration errors and suboptimal performance.", - "time": 1760900038, - "time_dt": "2025-10-19T18:53:58.634122", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-ireu from subscription Azure subscription 1 has log_connections enabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_connections_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-ireu from subscription Azure subscription 1 has log_connections enabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/rest/api/postgresql/configurations/listbyserver", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.3" - ], - "CIS-2.0": [ - "4.3.3" - ], - "ProwlerThreatScore-1.0": [ - "3.1.3" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "4.3.3" - ], - "CIS-3.0": [ - "5.2.6" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.c", - "3.2.3.e", - "3.2.3.g", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900038, - "created_time_dt": "2025-10-19T18:53:58.634122", - "desc": "Enable log_connections on PostgreSQL Servers.", - "title": "Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_connections_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-ireu" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu", - "name": "psql-ireu", - "resource_group": "rg-ireu", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-ireu", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for log_connections. 5. Click ON and save. From Azure CLI Use the below command to update log_connections configuration. az postgres server configuration set --resource-group -- server-name --name log_connections --value on From PowerShell Use the below command to update log_connections configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_connections -Value on", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/how-to-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling log_connections helps PostgreSQL Database to log attempted connection to the server, as well as successful completion of client authentication. Log data can be used to identify, troubleshoot, and repair configuration errors and suboptimal performance.", - "time": 1760900038, - "time_dt": "2025-10-19T18:53:58.634122", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-rk6x from subscription Azure subscription 1 has log_connections enabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_connections_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-rk6x from subscription Azure subscription 1 has log_connections enabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/rest/api/postgresql/configurations/listbyserver", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.3" - ], - "CIS-2.0": [ - "4.3.3" - ], - "ProwlerThreatScore-1.0": [ - "3.1.3" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "4.3.3" - ], - "CIS-3.0": [ - "5.2.6" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.c", - "3.2.3.e", - "3.2.3.g", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900038, - "created_time_dt": "2025-10-19T18:53:58.634122", - "desc": "Enable log_connections on PostgreSQL Servers.", - "title": "Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_connections_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-rk6x" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x", - "name": "psql-rk6x", - "resource_group": "rg-rk6x", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-rk6x", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for log_connections. 5. Click ON and save. From Azure CLI Use the below command to update log_connections configuration. az postgres server configuration set --resource-group -- server-name --name log_connections --value on From PowerShell Use the below command to update log_connections configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_connections -Value on", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/how-to-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling log_connections helps PostgreSQL Database to log attempted connection to the server, as well as successful completion of client authentication. Log data can be used to identify, troubleshoot, and repair configuration errors and suboptimal performance.", - "time": 1760900038, - "time_dt": "2025-10-19T18:53:58.634122", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-rtac from subscription Azure subscription 1 has log_connections enabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_connections_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-rtac from subscription Azure subscription 1 has log_connections enabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/rest/api/postgresql/configurations/listbyserver", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.3" - ], - "CIS-2.0": [ - "4.3.3" - ], - "ProwlerThreatScore-1.0": [ - "3.1.3" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "4.3.3" - ], - "CIS-3.0": [ - "5.2.6" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.c", - "3.2.3.e", - "3.2.3.g", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900038, - "created_time_dt": "2025-10-19T18:53:58.634122", - "desc": "Enable log_connections on PostgreSQL Servers.", - "title": "Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_connections_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-rtac" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac", - "name": "psql-rtac", - "resource_group": "rg-rtac", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-rtac", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for log_connections. 5. Click ON and save. From Azure CLI Use the below command to update log_connections configuration. az postgres server configuration set --resource-group -- server-name --name log_connections --value on From PowerShell Use the below command to update log_connections configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_connections -Value on", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/how-to-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling log_connections helps PostgreSQL Database to log attempted connection to the server, as well as successful completion of client authentication. Log data can be used to identify, troubleshoot, and repair configuration errors and suboptimal performance.", - "time": 1760900038, - "time_dt": "2025-10-19T18:53:58.634122", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-tumw from subscription Azure subscription 1 has log_connections enabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_connections_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-tumw from subscription Azure subscription 1 has log_connections enabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/rest/api/postgresql/configurations/listbyserver", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.3" - ], - "CIS-2.0": [ - "4.3.3" - ], - "ProwlerThreatScore-1.0": [ - "3.1.3" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "4.3.3" - ], - "CIS-3.0": [ - "5.2.6" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.c", - "3.2.3.e", - "3.2.3.g", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900038, - "created_time_dt": "2025-10-19T18:53:58.634122", - "desc": "Enable log_connections on PostgreSQL Servers.", - "title": "Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_connections_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-tumw" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw", - "name": "psql-tumw", - "resource_group": "rg-tumw", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-tumw", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for log_connections. 5. Click ON and save. From Azure CLI Use the below command to update log_connections configuration. az postgres server configuration set --resource-group -- server-name --name log_connections --value on From PowerShell Use the below command to update log_connections configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_connections -Value on", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/how-to-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling log_connections helps PostgreSQL Database to log attempted connection to the server, as well as successful completion of client authentication. Log data can be used to identify, troubleshoot, and repair configuration errors and suboptimal performance.", - "time": 1760900038, - "time_dt": "2025-10-19T18:53:58.634122", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-e9rn from subscription Azure subscription 1 has log_disconnections enabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_disconnections_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-e9rn from subscription Azure subscription 1 has log_disconnections enabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/rest/api/postgresql/singleserver/configurations/list-by-server", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Enabling this setting will enable a log of all disconnections. If this is enabled for a high traffic server, the log may grow exponentially.", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.3" - ], - "CIS-2.0": [ - "4.3.4" - ], - "ProwlerThreatScore-1.0": [ - "3.1.4" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "4.3.4" - ], - "CIS-3.0": [ - "5.2.7" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.c", - "3.2.3.e", - "3.2.3.g", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900038, - "created_time_dt": "2025-10-19T18:53:58.634122", - "desc": "Enable log_disconnections on PostgreSQL Servers.", - "title": "Ensure server parameter 'log_disconnections' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_disconnections_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-e9rn" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn", - "name": "psql-e9rn", - "resource_group": "rg-e9rn", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-e9rn", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. From Azure Home select the Portal Menu 2. Go to Azure Database for PostgreSQL servers 3. For each database, click on Server parameters 4. Search for log_disconnections. 5. Click ON and save. From Azure CLI Use the below command to update log_disconnections configuration. az postgres server configuration set --resource-group -- server-name --name log_disconnections --value on From PowerShell Use the below command to update log_disconnections configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName -- server-name --name log_disconnections --value on From PowerShell Use the below command to update log_disconnections configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName -- server-name --name log_disconnections --value on From PowerShell Use the below command to update log_disconnections configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName -- server-name --name log_disconnections --value on From PowerShell Use the below command to update log_disconnections configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName -- server-name --name log_disconnections --value on From PowerShell Use the below command to update log_disconnections configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName -- server-name --name log_retention_days --value <4-7> From Powershell Use the below command to update log_retention_days configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_retention_days -Value <4-7>", - "references": [ - "https://learn.microsoft.com/en-us/rest/api/postgresql/singleserver/configurations/list-by-server?view=rest-postgresql-singleserver-2017-12-01&tabs=HTTP" - ] - }, - "risk_details": "Configuring log_retention_days determines the duration in days that Azure Database for PostgreSQL retains log files. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760900038, - "time_dt": "2025-10-19T18:53:58.634122", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-ireu from subscription Azure subscription 1 has log_retention disabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_retention_days_greater_3", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Flexible Postgresql server psql-ireu from subscription Azure subscription 1 has log_retention disabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/azure/postgresql/howto-configure-server-parameters-using-portal", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Configuring this setting will result in logs being retained for the specified number of days. If this is configured on a high traffic server, the log may grow quickly to occupy a large amount of disk space. In this case you may want to set this to a lower number.", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.r3.az.nt.1", - "op.mon.3.az.nw.1" - ], - "CIS-2.0": [ - "4.3.6" - ], - "ProwlerThreatScore-1.0": [ - "3.2.2" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1", - "cc_c_1_2" - ], - "CIS-2.1": [ - "4.3.6" - ], - "CIS-3.0": [ - "5.2.4" - ], - "CCC": [ - "CCC.Logging.CN02.AR02" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.g", - "3.2.5", - "4.1.2.g", - "4.1.4", - "6.1.2.b", - "11.2.2.f", - "12.2.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900038, - "created_time_dt": "2025-10-19T18:53:58.634122", - "desc": "Ensure log_retention_days on PostgreSQL Servers is set to an appropriate value.", - "title": "Ensure Server Parameter 'log_retention_days' is greater than 3 days for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_retention_days_greater_3-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-ireu" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu", - "name": "psql-ireu", - "resource_group": "rg-ireu", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-ireu", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. From Azure Home select the Portal Menu. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for log_retention_days. 5. Input a value between 4 and 7 (inclusive) and click Save. From Azure CLI Use the below command to update log_retention_days configuration. az postgres server configuration set --resource-group -- server-name --name log_retention_days --value <4-7> From Powershell Use the below command to update log_retention_days configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_retention_days -Value <4-7>", - "references": [ - "https://learn.microsoft.com/en-us/rest/api/postgresql/singleserver/configurations/list-by-server?view=rest-postgresql-singleserver-2017-12-01&tabs=HTTP" - ] - }, - "risk_details": "Configuring log_retention_days determines the duration in days that Azure Database for PostgreSQL retains log files. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760900038, - "time_dt": "2025-10-19T18:53:58.634122", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-rk6x from subscription Azure subscription 1 has log_retention disabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_retention_days_greater_3", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Flexible Postgresql server psql-rk6x from subscription Azure subscription 1 has log_retention disabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/azure/postgresql/howto-configure-server-parameters-using-portal", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Configuring this setting will result in logs being retained for the specified number of days. If this is configured on a high traffic server, the log may grow quickly to occupy a large amount of disk space. In this case you may want to set this to a lower number.", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.r3.az.nt.1", - "op.mon.3.az.nw.1" - ], - "CIS-2.0": [ - "4.3.6" - ], - "ProwlerThreatScore-1.0": [ - "3.2.2" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1", - "cc_c_1_2" - ], - "CIS-2.1": [ - "4.3.6" - ], - "CIS-3.0": [ - "5.2.4" - ], - "CCC": [ - "CCC.Logging.CN02.AR02" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.g", - "3.2.5", - "4.1.2.g", - "4.1.4", - "6.1.2.b", - "11.2.2.f", - "12.2.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900038, - "created_time_dt": "2025-10-19T18:53:58.634122", - "desc": "Ensure log_retention_days on PostgreSQL Servers is set to an appropriate value.", - "title": "Ensure Server Parameter 'log_retention_days' is greater than 3 days for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_retention_days_greater_3-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-rk6x" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x", - "name": "psql-rk6x", - "resource_group": "rg-rk6x", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-rk6x", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. From Azure Home select the Portal Menu. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for log_retention_days. 5. Input a value between 4 and 7 (inclusive) and click Save. From Azure CLI Use the below command to update log_retention_days configuration. az postgres server configuration set --resource-group -- server-name --name log_retention_days --value <4-7> From Powershell Use the below command to update log_retention_days configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_retention_days -Value <4-7>", - "references": [ - "https://learn.microsoft.com/en-us/rest/api/postgresql/singleserver/configurations/list-by-server?view=rest-postgresql-singleserver-2017-12-01&tabs=HTTP" - ] - }, - "risk_details": "Configuring log_retention_days determines the duration in days that Azure Database for PostgreSQL retains log files. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760900038, - "time_dt": "2025-10-19T18:53:58.634122", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-rtac from subscription Azure subscription 1 has log_retention disabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_retention_days_greater_3", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Flexible Postgresql server psql-rtac from subscription Azure subscription 1 has log_retention disabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/azure/postgresql/howto-configure-server-parameters-using-portal", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Configuring this setting will result in logs being retained for the specified number of days. If this is configured on a high traffic server, the log may grow quickly to occupy a large amount of disk space. In this case you may want to set this to a lower number.", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.r3.az.nt.1", - "op.mon.3.az.nw.1" - ], - "CIS-2.0": [ - "4.3.6" - ], - "ProwlerThreatScore-1.0": [ - "3.2.2" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1", - "cc_c_1_2" - ], - "CIS-2.1": [ - "4.3.6" - ], - "CIS-3.0": [ - "5.2.4" - ], - "CCC": [ - "CCC.Logging.CN02.AR02" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.g", - "3.2.5", - "4.1.2.g", - "4.1.4", - "6.1.2.b", - "11.2.2.f", - "12.2.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900038, - "created_time_dt": "2025-10-19T18:53:58.634122", - "desc": "Ensure log_retention_days on PostgreSQL Servers is set to an appropriate value.", - "title": "Ensure Server Parameter 'log_retention_days' is greater than 3 days for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_retention_days_greater_3-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-rtac" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac", - "name": "psql-rtac", - "resource_group": "rg-rtac", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-rtac", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. From Azure Home select the Portal Menu. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for log_retention_days. 5. Input a value between 4 and 7 (inclusive) and click Save. From Azure CLI Use the below command to update log_retention_days configuration. az postgres server configuration set --resource-group -- server-name --name log_retention_days --value <4-7> From Powershell Use the below command to update log_retention_days configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_retention_days -Value <4-7>", - "references": [ - "https://learn.microsoft.com/en-us/rest/api/postgresql/singleserver/configurations/list-by-server?view=rest-postgresql-singleserver-2017-12-01&tabs=HTTP" - ] - }, - "risk_details": "Configuring log_retention_days determines the duration in days that Azure Database for PostgreSQL retains log files. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760900038, - "time_dt": "2025-10-19T18:53:58.634122", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-tumw from subscription Azure subscription 1 has log_retention disabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_retention_days_greater_3", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Flexible Postgresql server psql-tumw from subscription Azure subscription 1 has log_retention disabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/azure/postgresql/howto-configure-server-parameters-using-portal", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Configuring this setting will result in logs being retained for the specified number of days. If this is configured on a high traffic server, the log may grow quickly to occupy a large amount of disk space. In this case you may want to set this to a lower number.", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.r3.az.nt.1", - "op.mon.3.az.nw.1" - ], - "CIS-2.0": [ - "4.3.6" - ], - "ProwlerThreatScore-1.0": [ - "3.2.2" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1", - "cc_c_1_2" - ], - "CIS-2.1": [ - "4.3.6" - ], - "CIS-3.0": [ - "5.2.4" - ], - "CCC": [ - "CCC.Logging.CN02.AR02" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.g", - "3.2.5", - "4.1.2.g", - "4.1.4", - "6.1.2.b", - "11.2.2.f", - "12.2.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900038, - "created_time_dt": "2025-10-19T18:53:58.634122", - "desc": "Ensure log_retention_days on PostgreSQL Servers is set to an appropriate value.", - "title": "Ensure Server Parameter 'log_retention_days' is greater than 3 days for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_retention_days_greater_3-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-tumw" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw", - "name": "psql-tumw", - "resource_group": "rg-tumw", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-tumw", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. From Azure Home select the Portal Menu. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for log_retention_days. 5. Input a value between 4 and 7 (inclusive) and click Save. From Azure CLI Use the below command to update log_retention_days configuration. az postgres server configuration set --resource-group -- server-name --name log_retention_days --value <4-7> From Powershell Use the below command to update log_retention_days configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_retention_days -Value <4-7>", - "references": [ - "https://learn.microsoft.com/en-us/rest/api/postgresql/singleserver/configurations/list-by-server?view=rest-postgresql-singleserver-2017-12-01&tabs=HTTP" - ] - }, - "risk_details": "Configuring log_retention_days determines the duration in days that Azure Database for PostgreSQL retains log files. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760900038, - "time_dt": "2025-10-19T18:53:58.634122", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - } -] diff --git a/website/src/data/test-results/for-osff/azure-postgresql-flexibleserver/results/azure-postgresql-flexibleserver-delta.ocsf.json b/website/src/data/test-results/for-osff/azure-postgresql-flexibleserver/results/azure-postgresql-flexibleserver-delta.ocsf.json deleted file mode 100644 index e5a12674..00000000 --- a/website/src/data/test-results/for-osff/azure-postgresql-flexibleserver/results/azure-postgresql-flexibleserver-delta.ocsf.json +++ /dev/null @@ -1,953 +0,0 @@ -[ - { - "message": "Flexible Postgresql server psql-ireu from subscription Azure subscription 1 has allow public access from any Azure service disabled", - "metadata": { - "event_code": "postgresql_flexible_server_allow_access_services_disabled", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-ireu from subscription Azure subscription 1 has allow public access from any Azure service disabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/azure/postgresql/concepts-firewall-rules", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.r4.az.sa.3" - ], - "CIS-2.0": [ - "4.3.7" - ], - "ProwlerThreatScore-1.0": [ - "2.2.2" - ], - "ISO27001-2022": [ - "A.8.3" - ], - "CIS-2.1": [ - "4.3.7" - ], - "CIS-3.0": [ - "5.2.5" - ], - "CCC": [ - "CCC.DataWar.CN03.AR01" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900038, - "created_time_dt": "2025-10-19T18:53:58.634122", - "desc": "Disable access from Azure services to PostgreSQL Database Server.", - "title": "Ensure 'Allow access to Azure services' for PostgreSQL Database Server is disabled", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_allow_access_services_disabled-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-ireu" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu", - "name": "psql-ireu", - "resource_group": "rg-ireu", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-ireu", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Connection security. 4. Under Firewall rules, set Allow access to Azure services to No. 5. Click Save. From Azure CLI Use the below command to delete the AllowAllWindowsAzureIps rule for PostgreSQL Database. az postgres server firewall-rule delete --name AllowAllWindowsAzureIps -- resource-group --server-name ", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/quickstart-create-server-database-azure-cli#configure-a-server-based-firewall-rule" - ] - }, - "risk_details": "If access from Azure services is enabled, the server's firewall will accept connections from all Azure resources, including resources not in your subscription. This is usually not a desired configuration. Instead, set up firewall rules to allow access from specific network ranges or VNET rules to allow access from specific virtual networks.", - "time": 1760900038, - "time_dt": "2025-10-19T18:53:58.634122", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-ireu from subscription Azure subscription 1 has connection_throttling disabled", - "metadata": { - "event_code": "postgresql_flexible_server_connection_throttling_on", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Flexible Postgresql server psql-ireu from subscription Azure subscription 1 has connection_throttling disabled", - "status_id": 1, - "unmapped": { - "related_url": " https://docs.microsoft.com/en-us/rest/api/postgresql/configurations/listbyserver", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-2.0": [ - "4.3.5" - ], - "ProwlerThreatScore-1.0": [ - "3.1.2" - ], - "CIS-2.1": [ - "4.3.5" - ], - "CIS-3.0": [ - "5.2.3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900038, - "created_time_dt": "2025-10-19T18:53:58.634122", - "desc": "Enable connection_throttling on PostgreSQL Servers.", - "title": "Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_connection_throttling_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-ireu" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu", - "name": "psql-ireu", - "resource_group": "rg-ireu", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-ireu", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for connection_throttling. 5. Click ON and save. From Azure CLI Use the below command to update connection_throttling configuration. az postgres server configuration set --resource-group -- server-name --name connection_throttling --value on From PowerShell Use the below command to update connection_throttling configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name connection_throttling -Value on", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/how-to-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling connection_throttling helps the PostgreSQL Database to Set the verbosity of logged messages. This in turn generates query and error logs with respect to concurrent connections that could lead to a successful Denial of Service (DoS) attack by exhausting connection resources. A system can also fail or be degraded by an overload of legitimate users. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760900038, - "time_dt": "2025-10-19T18:53:58.634122", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-ireu from subscription Azure subscription 1 has enforce ssl enabled", - "metadata": { - "event_code": "postgresql_flexible_server_enforce_ssl_enabled", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-ireu from subscription Azure subscription 1 has enforce ssl enabled", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/postgresql/single-server/concepts-ssl-connection-security", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": ".", - "compliance": { - "MITRE-ATTACK": [ - "T1040", - "T1530" - ], - "CIS-2.0": [ - "4.3.1" - ], - "ProwlerThreatScore-1.0": [ - "4.1.1", - "4.1.2" - ], - "SOC2": [ - "cc_6_2", - "cc_6_6" - ], - "CIS-2.1": [ - "4.3.1" - ], - "CIS-3.0": [ - "5.2.1", - "5.3.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900038, - "created_time_dt": "2025-10-19T18:53:58.634122", - "desc": "Enable SSL connection on PostgreSQL Servers.", - "title": "Ensure 'Enforce SSL connection' is set to 'ENABLED' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_enforce_ssl_enabled-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-ireu" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu", - "name": "psql-ireu", - "resource_group": "rg-ireu", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-ireu", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com 2. Go to Azure Database for PostgreSQL server 3. For each database, click on Connection security 4. In SSL settings, click on ENABLED to enforce SSL connections 5. Click Save From Azure CLI Use the below command to enforce ssl connection for PostgreSQL Database. az postgres server update --resource-group --name --ssl-enforcement Enabled From PowerShell Update-AzPostgreSqlServer -ResourceGroupName -ServerName -SslEnforcement Enabled", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/concepts-ssl-connection-security" - ] - }, - "risk_details": "SSL connectivity helps to provide a new layer of security by connecting database server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between database server and client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and application.", - "time": 1760900038, - "time_dt": "2025-10-19T18:53:58.634122", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-ireu from subscription Azure subscription 1 has log_checkpoints enabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_checkpoints_on", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-ireu from subscription Azure subscription 1 has log_checkpoints enabled", - "status_id": 1, - "unmapped": { - "related_url": " https://docs.microsoft.com/en-us/rest/api/postgresql/singleserver/configurations/list-by-server", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.3" - ], - "CIS-2.0": [ - "4.3.2" - ], - "ProwlerThreatScore-1.0": [ - "3.1.1" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "4.3.2" - ], - "CIS-3.0": [ - "5.2.2" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.g", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900038, - "created_time_dt": "2025-10-19T18:53:58.634122", - "desc": "Enable log_checkpoints on PostgreSQL Servers.", - "title": "Ensure Server Parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_checkpoints_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-ireu" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu", - "name": "psql-ireu", - "resource_group": "rg-ireu", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-ireu", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. From Azure Home select the Portal Menu. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for log_checkpoints. 5. Click ON and save. From Azure CLI Use the below command to update log_checkpoints configuration. az postgres server configuration set --resource-group -- server-name --name log_checkpoints --value on From PowerShell Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_checkpoints -Value on", - "references": [ - "https://docs.microsoft.com/en-us/azure/postgresql/howto-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling log_checkpoints helps the PostgreSQL Database to Log each checkpoint in turn generates query and error logs. However, access to transaction logs is not supported. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760900038, - "time_dt": "2025-10-19T18:53:58.634122", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-ireu from subscription Azure subscription 1 has log_connections enabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_connections_on", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-ireu from subscription Azure subscription 1 has log_connections enabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/rest/api/postgresql/configurations/listbyserver", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.3" - ], - "CIS-2.0": [ - "4.3.3" - ], - "ProwlerThreatScore-1.0": [ - "3.1.3" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "4.3.3" - ], - "CIS-3.0": [ - "5.2.6" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.c", - "3.2.3.e", - "3.2.3.g", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900038, - "created_time_dt": "2025-10-19T18:53:58.634122", - "desc": "Enable log_connections on PostgreSQL Servers.", - "title": "Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_connections_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-ireu" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu", - "name": "psql-ireu", - "resource_group": "rg-ireu", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-ireu", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for log_connections. 5. Click ON and save. From Azure CLI Use the below command to update log_connections configuration. az postgres server configuration set --resource-group -- server-name --name log_connections --value on From PowerShell Use the below command to update log_connections configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_connections -Value on", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/how-to-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling log_connections helps PostgreSQL Database to log attempted connection to the server, as well as successful completion of client authentication. Log data can be used to identify, troubleshoot, and repair configuration errors and suboptimal performance.", - "time": 1760900038, - "time_dt": "2025-10-19T18:53:58.634122", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-ireu from subscription Azure subscription 1 has log_disconnections enabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_disconnections_on", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-ireu from subscription Azure subscription 1 has log_disconnections enabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/rest/api/postgresql/singleserver/configurations/list-by-server", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Enabling this setting will enable a log of all disconnections. If this is enabled for a high traffic server, the log may grow exponentially.", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.3" - ], - "CIS-2.0": [ - "4.3.4" - ], - "ProwlerThreatScore-1.0": [ - "3.1.4" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "4.3.4" - ], - "CIS-3.0": [ - "5.2.7" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.c", - "3.2.3.e", - "3.2.3.g", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900038, - "created_time_dt": "2025-10-19T18:53:58.634122", - "desc": "Enable log_disconnections on PostgreSQL Servers.", - "title": "Ensure server parameter 'log_disconnections' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_disconnections_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-ireu" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu", - "name": "psql-ireu", - "resource_group": "rg-ireu", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-ireu", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. From Azure Home select the Portal Menu 2. Go to Azure Database for PostgreSQL servers 3. For each database, click on Server parameters 4. Search for log_disconnections. 5. Click ON and save. From Azure CLI Use the below command to update log_disconnections configuration. az postgres server configuration set --resource-group -- server-name --name log_disconnections --value on From PowerShell Use the below command to update log_disconnections configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName -- server-name --name log_retention_days --value <4-7> From Powershell Use the below command to update log_retention_days configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_retention_days -Value <4-7>", - "references": [ - "https://learn.microsoft.com/en-us/rest/api/postgresql/singleserver/configurations/list-by-server?view=rest-postgresql-singleserver-2017-12-01&tabs=HTTP" - ] - }, - "risk_details": "Configuring log_retention_days determines the duration in days that Azure Database for PostgreSQL retains log files. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760900038, - "time_dt": "2025-10-19T18:53:58.634122", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - } -] diff --git a/website/src/data/test-results/for-osff/azure-virtualnetwork/config/azure-virtualnetwork.json b/website/src/data/test-results/for-osff/azure-virtualnetwork/config/azure-virtualnetwork.json deleted file mode 100644 index 1b99c40c..00000000 --- a/website/src/data/test-results/for-osff/azure-virtualnetwork/config/azure-virtualnetwork.json +++ /dev/null @@ -1,9 +0,0 @@ -{ - "id": "azure-virtualnetwork", - "provider": "azure", - "service": "networking", - "name": "CCC Azure Virtual Network Terraform Module", - "description": "This module creates a secure Azure Virtual Network with subnets, network security groups, and advanced networking capabilities.", - "path": "remote/azure/virtualnetwork", - "git": "https://github.com/Azure/terraform-azurerm-avm-res-network-virtualnetwork" -} \ No newline at end of file diff --git a/website/src/data/test-results/for-osff/azure-virtualnetwork/results/azure-virtualnetwork-baseline.ocsf.json b/website/src/data/test-results/for-osff/azure-virtualnetwork/results/azure-virtualnetwork-baseline.ocsf.json deleted file mode 100644 index ee657e4c..00000000 --- a/website/src/data/test-results/for-osff/azure-virtualnetwork/results/azure-virtualnetwork-baseline.ocsf.json +++ /dev/null @@ -1,11649 +0,0 @@ -[ - { - "message": "There are no AppInsight configured in subscription Azure subscription 1.", - "metadata": { - "event_code": "appinsights_ensure_is_configured", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "There are no AppInsight configured in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/azure-monitor/app/app-insights-overview", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Because Application Insights relies on a Log Analytics Workspace, an organization will incur additional expenses when using this service.", - "compliance": { - "ENS-RD2022": [ - "mp.s.4.r1.az.nt.2" - ], - "CIS-2.0": [ - "5.3.1" - ], - "ProwlerThreatScore-1.0": [ - "3.3.13" - ], - "CIS-2.1": [ - "5.3.1" - ], - "CIS-3.0": [ - "6.3.1" - ], - "CCC": [ - "CCC.Logging.CN01.AR01" - ], - "PCI-4.0": [ - "10.2.1.1.3", - "10.2.1.2.3", - "10.2.1.3.3", - "10.2.1.4.3", - "10.2.1.5.3", - "10.2.1.6.3", - "10.2.1.7.3", - "10.2.1.3", - "10.2.2.3", - "10.4.1.1.1", - "10.4.1.1", - "10.4.2.1", - "10.6.3.3", - "10.7.1.1", - "10.7.2.1", - "5.3.4.3", - "A1.2.1.3", - "A3.3.1.1", - "A3.5.1.1" - ], - "CIS-4.0": [ - "7.1.3.1" - ], - "NIS2": [ - "3.2.3.h", - "5.1.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900353, - "created_time_dt": "2025-10-19T18:59:13.053300", - "desc": "Application Insights within Azure act as an Application Performance Monitoring solution providing valuable data into how well an application performs and additional information when performing incident response. The types of log data collected include application metrics, telemetry data, and application trace logging data providing organizations with detailed information about application activity and application transactions. Both data sets help organizations adopt a proactive and retroactive means to handle security and performance related metrics within their modern applications.", - "title": "Ensure Application Insights are Configured.", - "types": [], - "uid": "prowler-azure-appinsights_ensure_is_configured-3bb71587-4549-4396-8898-9e15f062e665-global-AppInsights" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "appinsights" - }, - "labels": [], - "name": "AppInsights", - "type": "Microsoft.Insights/components", - "uid": "AppInsights" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. Navigate to Application Insights 2. Under the Basics tab within the PROJECT DETAILS section, select the Subscription 3. Select the Resource group 4. Within the INSTANCE DETAILS, enter a Name 5. Select a Region 6. Next to Resource Mode, select Workspace-based 7. Within the WORKSPACE DETAILS, select the Subscription for the log analytics workspace 8. Select the appropriate Log Analytics Workspace 9. Click Next:Tags > 10. Enter the appropriate Tags as Name, Value pairs. 11. Click Next:Review+Create 12. Click Create.", - "references": [] - }, - "risk_details": "Configuring Application Insights provides additional data not found elsewhere within Azure as part of a much larger logging and monitoring program within an organization's Information Security practice. The types and contents of these logs will act as both a potential cost saving measure (application performance) and a means to potentially confirm the source of a potential incident (trace logging). Metrics and Telemetry data provide organizations with a proactive approach to cost savings by monitoring an application's performance, while the trace logging data provides necessary details in a reactive incident response scenario by helping organizations identify the potential source of an incident within their application.", - "time": 1760900353, - "time_dt": "2025-10-19T18:59:13.053300", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Defender Auto Provisioning Log Analytics Agents from subscription Azure subscription 1 is set to OFF.", - "metadata": { - "event_code": "defender_auto_provisioning_log_analytics_agent_vms_on", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Defender Auto Provisioning Log Analytics Agents from subscription Azure subscription 1 is set to OFF.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/azure/security-center/security-center-data-security", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.mon.3.r2.az.de.1", - "mp.s.4.r1.az.nt.5" - ], - "MITRE-ATTACK": [ - "T1190" - ], - "CIS-2.0": [ - "2.1.15" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1", - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "2.1.14" - ], - "CIS-3.0": [ - "3.1.1.1" - ], - "NIS2": [ - "2.1.2.h", - "3.1.2.d", - "3.2.3.c", - "3.2.3.e", - "3.2.3.g", - "3.6.2", - "6.9.2", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900353, - "created_time_dt": "2025-10-19T18:59:13.053300", - "desc": "Ensure that Auto provisioning of 'Log Analytics agent for Azure VMs' is Set to 'On'. The Microsoft Monitoring Agent scans for various security-related configurations and events such as system updates, OS vulnerabilities, endpoint protection, and provides alerts.", - "title": "Ensure that Auto provisioning of 'Log Analytics agent for Azure VMs' is Set to 'On'", - "types": [], - "uid": "prowler-azure-defender_auto_provisioning_log_analytics_agent_vms_on-3bb71587-4549-4396-8898-9e15f062e665-global-default" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/autoProvisioningSettings/default", - "resource_name": "default", - "resource_type": "Microsoft.Security/autoProvisioningSettings", - "auto_provision": "Off" - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "default", - "type": "AzureDefenderPlan", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/autoProvisioningSettings/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "Ensure comprehensive visibility into possible security vulnerabilities, including missing updates, misconfigured operating system security settings, and active threats, allowing for timely mitigation and improved overall security posture", - "references": [ - "https://learn.microsoft.com/en-us/azure/defender-for-cloud/monitoring-components" - ] - }, - "risk_details": "Missing critical security information about your Azure VMs, such as security alerts, security recommendations, and change tracking.", - "time": 1760900353, - "time_dt": "2025-10-19T18:59:13.053300", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Container image scan is disabled in subscription Azure subscription 1.", - "metadata": { - "event_code": "defender_container_images_scan_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Container image scan is disabled in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/container-registry/container-registry-check-health", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "When using an Azure container registry, you might occasionally encounter problems. For example, you might not be able to pull a container image because of an issue with Docker in your local environment. Or, a network issue might prevent you from connecting to the registry.", - "compliance": { - "MITRE-ATTACK": [ - "T1190", - "T1525" - ], - "ISO27001-2022": [ - "A.5.19", - "A.5.21", - "A.5.25", - "A.5.28", - "A.5.29", - "A.8.7", - "A.8.9" - ], - "SOC2": [ - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CCC": [ - "CCC.CntrReg.CN01.AR01" - ], - "PCI-4.0": [ - "11.3.1.2.1", - "11.3.1.3.3", - "11.3.1.3" - ], - "NIS2": [ - "2.2.1", - "3.1.2.d", - "3.6.2", - "5.1.4.f", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900353, - "created_time_dt": "2025-10-19T18:59:13.053300", - "desc": "Scan images being deployed to Azure (AKS) for vulnerabilities. Vulnerability scanning for images stored in Azure Container Registry is generally available in Azure Security Center. This capability is powered by Qualys, a leading provider of information security. When you push an image to Container Registry, Security Center automatically scans it, then checks for known vulnerabilities in packages or dependencies defined in the file. When the scan completes (after about 10 minutes), Security Center provides details and a security classification for each vulnerability detected, along with guidance on how to remediate issues and protect vulnerable attack surfaces.", - "title": "Ensure Image Vulnerability Scanning using Azure Defender image scanning or a third party provider", - "types": [], - "uid": "prowler-azure-defender_container_images_scan_enabled-3bb71587-4549-4396-8898-9e15f062e665-global-Containers" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/Containers", - "resource_name": "Containers", - "pricing_tier": "Free", - "free_trial_remaining_time": 2592000.0, - "extensions": {} - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "Containers", - "type": "Microsoft.Security", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/Containers" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "", - "references": [ - "https://learn.microsoft.com/en-us/azure/container-registry/scan-images-defender" - ] - }, - "risk_details": "Vulnerabilities in software packages can be exploited by hackers or malicious users to obtain unauthorized access to local cloud resources. Azure Defender and other third party products allow images to be scanned for known vulnerabilities.", - "time": 1760900353, - "time_dt": "2025-10-19T18:59:13.053300", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Defender plan Defender for App Services from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "metadata": { - "event_code": "defender_ensure_defender_for_app_services_is_on", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Defender plan Defender for App Services from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.s.4.r1.az.nt.3" - ], - "MITRE-ATTACK": [ - "T1190", - "T1059", - "T1204", - "T1552", - "T1486", - "T1499", - "T1496", - "T1087" - ], - "ISO27001-2022": [ - "A.5.19", - "A.5.21", - "A.5.25", - "A.5.28", - "A.5.29", - "A.8.7", - "A.8.9" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CIS-2.1": [ - "2.1.2" - ], - "CIS-3.0": [ - "3.1.6.1" - ], - "CIS-4.0": [ - "9.1.6.1" - ], - "NIS2": [ - "3.6.2", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900353, - "created_time_dt": "2025-10-19T18:59:13.053300", - "desc": "Ensure That Microsoft Defender for App Services Is Set To 'On' ", - "title": "Ensure That Microsoft Defender for App Services Is Set To 'On' ", - "types": [], - "uid": "prowler-azure-defender_ensure_defender_for_app_services_is_on-3bb71587-4549-4396-8898-9e15f062e665-global-Defender plan App Services" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/AppServices", - "resource_name": "AppServices", - "pricing_tier": "Free", - "free_trial_remaining_time": 2592000.0, - "extensions": {} - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "Defender plan App Services", - "type": "AzureDefenderPlan", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/AppServices" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "By default, Microsoft Defender for Cloud is not enabled for your App Service instances. Enabling the Defender security service for App Service instances allows for advanced security defense using threat detection capabilities provided by Microsoft Security Response Center.", - "references": [] - }, - "risk_details": "Turning on Microsoft Defender for App Service enables threat detection for App Service, providing threat intelligence, anomaly detection, and behavior analytics in the Microsoft Defender for Cloud.", - "time": 1760900353, - "time_dt": "2025-10-19T18:59:13.053300", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Defender plan Defender for ARM from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "metadata": { - "event_code": "defender_ensure_defender_for_arm_is_on", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Defender plan Defender for ARM from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.s.4.r1.az.nt.3" - ], - "MITRE-ATTACK": [ - "T1190", - "T1562", - "T1486", - "T1499", - "T1087", - "T1580", - "T1538", - "T1526", - "T1069" - ], - "CIS-2.0": [ - "2.1.12" - ], - "ISO27001-2022": [ - "A.5.19", - "A.5.21", - "A.5.25", - "A.5.28", - "A.5.29", - "A.8.7", - "A.8.9" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CIS-2.1": [ - "2.1.11" - ], - "CIS-3.0": [ - "3.1.9.1" - ], - "CIS-4.0": [ - "9.1.9.1" - ], - "NIS2": [ - "3.6.2", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900353, - "created_time_dt": "2025-10-19T18:59:13.053300", - "desc": "Ensure That Microsoft Defender for Azure Resource Manager Is Set To 'On' ", - "title": "Ensure That Microsoft Defender for Azure Resource Manager Is Set To 'On' ", - "types": [], - "uid": "prowler-azure-defender_ensure_defender_for_arm_is_on-3bb71587-4549-4396-8898-9e15f062e665-global-Defender plan ARM" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/Arm", - "resource_name": "Arm", - "pricing_tier": "Free", - "free_trial_remaining_time": 2592000.0, - "extensions": {} - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "Defender plan ARM", - "type": "AzureDefenderPlan", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/Arm" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "Enable Microsoft Defender for Azure Resource Manager", - "references": [] - }, - "risk_details": "Scanning resource requests lets you be alerted every time there is suspicious activity in order to prevent a security threat from being introduced.", - "time": 1760900353, - "time_dt": "2025-10-19T18:59:13.053300", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Defender plan Defender for Azure SQL DB Servers from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "metadata": { - "event_code": "defender_ensure_defender_for_azure_sql_databases_is_on", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Defender plan Defender for Azure SQL DB Servers from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.s.4.r1.az.nt.4" - ], - "MITRE-ATTACK": [ - "T1190", - "T1486", - "T1499" - ], - "CIS-2.0": [ - "2.1.4" - ], - "ISO27001-2022": [ - "A.5.19", - "A.5.21", - "A.5.25", - "A.5.28", - "A.5.29", - "A.8.7", - "A.8.9" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CIS-2.1": [ - "2.1.3" - ], - "CIS-3.0": [ - "3.1.7.3" - ], - "CIS-4.0": [ - "9.1.7.3" - ], - "NIS2": [ - "3.6.2", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900353, - "created_time_dt": "2025-10-19T18:59:13.053300", - "desc": "Ensure That Microsoft Defender for Azure SQL Databases Is Set To 'On' ", - "title": "Ensure That Microsoft Defender for Azure SQL Databases Is Set To 'On' ", - "types": [], - "uid": "prowler-azure-defender_ensure_defender_for_azure_sql_databases_is_on-3bb71587-4549-4396-8898-9e15f062e665-global-SqlServers" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/SqlServers", - "resource_name": "SqlServers", - "pricing_tier": "Free", - "free_trial_remaining_time": 2592000.0, - "extensions": {} - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "SqlServers", - "type": "AzureDefenderPlan", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/SqlServers" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "By default, Microsoft Defender for Cloud is disabled for all your SQL database servers. Defender for Cloud monitors your SQL database servers for threats such as SQL injection, brute-force attacks, and privilege abuse. The security service provides action-oriented security alerts with details of the suspicious activity and guidance on how to mitigate the security threats.", - "references": [] - }, - "risk_details": "Turning on Microsoft Defender for Azure SQL Databases enables threat detection for Azure SQL database servers, providing threat intelligence, anomaly detection, and behavior analytics in the Microsoft Defender for Cloud.", - "time": 1760900353, - "time_dt": "2025-10-19T18:59:13.053300", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Defender plan Defender for Containers from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "metadata": { - "event_code": "defender_ensure_defender_for_containers_is_on", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Defender plan Defender for Containers from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.s.4.r1.az.nt.3" - ], - "MITRE-ATTACK": [ - "T1190", - "T1525", - "T1486", - "T1499" - ], - "CIS-2.0": [ - "2.1.8" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.19", - "A.5.21", - "A.5.22", - "A.5.25", - "A.5.28", - "A.5.29", - "A.8.7", - "A.8.9" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CIS-2.1": [ - "2.1.8" - ], - "CIS-3.0": [ - "3.1.4.1" - ], - "CIS-4.0": [ - "9.1.4.1" - ], - "NIS2": [ - "3.6.2", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900353, - "created_time_dt": "2025-10-19T18:59:13.053300", - "desc": "Ensure That Microsoft Defender for Containers Is Set To 'On' ", - "title": "Ensure That Microsoft Defender for Containers Is Set To 'On' ", - "types": [], - "uid": "prowler-azure-defender_ensure_defender_for_containers_is_on-3bb71587-4549-4396-8898-9e15f062e665-global-Containers" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/Containers", - "resource_name": "Containers", - "pricing_tier": "Free", - "free_trial_remaining_time": 2592000.0, - "extensions": {} - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "Containers", - "type": "AzureDefenderPlan", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/Containers" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "By default, Microsoft Defender for Cloud is not enabled for your Azure cloud containers. Enabling the Defender security service for Azure containers allows for advanced security defense against threats, using threat detection capabilities provided by the Microsoft Security Response Center (MSRC).", - "references": [] - }, - "risk_details": "Ensure that Microsoft Defender for Cloud is enabled for all your Azure containers. Turning on the Defender for Cloud service enables threat detection for containers, providing threat intelligence, anomaly detection, and behavior analytics.", - "time": 1760900353, - "time_dt": "2025-10-19T18:59:13.053300", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Defender plan Defender for Cosmos DB from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "metadata": { - "event_code": "defender_ensure_defender_for_cosmosdb_is_on", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Defender plan Defender for Cosmos DB from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.s.4.r1.az.nt.4" - ], - "MITRE-ATTACK": [ - "T1190", - "T1486", - "T1499" - ], - "CIS-2.0": [ - "2.1.9" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.19", - "A.5.21", - "A.5.22", - "A.5.25", - "A.5.28", - "A.5.29", - "A.8.7", - "A.8.9" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CIS-2.1": [ - "2.1.6" - ], - "CIS-3.0": [ - "3.1.7.1" - ], - "CIS-4.0": [ - "9.1.7.1" - ], - "NIS2": [ - "3.6.2", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900353, - "created_time_dt": "2025-10-19T18:59:13.053300", - "desc": "Ensure That Microsoft Defender for Cosmos DB Is Set To 'On' ", - "title": "Ensure That Microsoft Defender for Cosmos DB Is Set To 'On' ", - "types": [], - "uid": "prowler-azure-defender_ensure_defender_for_cosmosdb_is_on-3bb71587-4549-4396-8898-9e15f062e665-global-Defender plan Cosmos DB" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/CosmosDbs", - "resource_name": "CosmosDbs", - "pricing_tier": "Free", - "free_trial_remaining_time": 2592000.0, - "extensions": {} - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "Defender plan Cosmos DB", - "type": "AzureDefenderPlan", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/CosmosDbs" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "By default, Microsoft Defender for Cloud is not enabled for your App Service instances. Enabling the Defender security service for App Service instances allows for advanced security defense using threat detection capabilities provided by Microsoft Security Response Center.", - "references": [ - "Enable Microsoft Defender for Cosmos DB" - ] - }, - "risk_details": "In scanning Cosmos DB requests within a subscription, requests are compared to a heuristic list of potential security threats. These threats could be a result of a security breach within your services, thus scanning for them could prevent a potential security threat from being introduced.", - "time": 1760900353, - "time_dt": "2025-10-19T18:59:13.053300", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Defender plan Defender for Databases from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "metadata": { - "event_code": "defender_ensure_defender_for_databases_is_on", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Defender plan Defender for Databases from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.s.4.r1.az.nt.4" - ], - "MITRE-ATTACK": [ - "T1190", - "T1486", - "T1499" - ], - "CIS-2.0": [ - "2.1.3" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.19", - "A.5.21", - "A.5.22", - "A.5.25", - "A.5.28", - "A.5.29", - "A.8.7", - "A.8.9" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "NIS2": [ - "3.6.2", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900353, - "created_time_dt": "2025-10-19T18:59:13.053300", - "desc": "Ensure That Microsoft Defender for Databases Is Set To 'On' ", - "title": "Ensure That Microsoft Defender for Databases Is Set To 'On' ", - "types": [], - "uid": "prowler-azure-defender_ensure_defender_for_databases_is_on-3bb71587-4549-4396-8898-9e15f062e665-global-SqlServers" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/SqlServers", - "resource_name": "SqlServers", - "pricing_tier": "Free", - "free_trial_remaining_time": 2592000.0, - "extensions": {} - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "SqlServers", - "type": "AzureDefenderPlan", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/SqlServers" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "Enable Microsoft Defender for Azure SQL Databases", - "references": [] - }, - "risk_details": "Enabling Microsoft Defender for Azure SQL Databases allows your organization more granular control of the infrastructure running your database software", - "time": 1760900353, - "time_dt": "2025-10-19T18:59:13.053300", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Defender plan Defender for DNS from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "metadata": { - "event_code": "defender_ensure_defender_for_dns_is_on", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Defender plan Defender for DNS from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.s.4.r1.az.nt.3" - ], - "MITRE-ATTACK": [ - "T1190", - "T1486", - "T1499" - ], - "CIS-2.0": [ - "2.1.11" - ], - "ProwlerThreatScore-1.0": [ - "3.3.21" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.19", - "A.5.21", - "A.5.22", - "A.5.25", - "A.5.28", - "A.5.29", - "A.8.7", - "A.8.9" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CIS-2.1": [ - "2.1.10" - ], - "CIS-3.0": [ - "3.1.16" - ], - "CIS-4.0": [ - "9.1.17" - ], - "NIS2": [ - "3.6.2", - "6.7.2.i", - "6.7.2.l", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900353, - "created_time_dt": "2025-10-19T18:59:13.053300", - "desc": "Ensure That Microsoft Defender for DNS Is Set To 'On' ", - "title": "Ensure That Microsoft Defender for DNS Is Set To 'On' ", - "types": [], - "uid": "prowler-azure-defender_ensure_defender_for_dns_is_on-3bb71587-4549-4396-8898-9e15f062e665-global-Defender plan DNS" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/Dns", - "resource_name": "Dns", - "pricing_tier": "Free", - "free_trial_remaining_time": 2592000.0, - "extensions": {} - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "Defender plan DNS", - "type": "AzureDefenderPlan", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/Dns" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "By default, Microsoft Defender for Cloud is not enabled for your App Service instances. Enabling the Defender security service for App Service instances allows for advanced security defense using threat detection capabilities provided by Microsoft Security Response Center.", - "references": [] - }, - "risk_details": "DNS lookups within a subscription are scanned and compared to a dynamic list of websites that might be potential security threats. These threats could be a result of a security breach within your services, thus scanning for them could prevent a potential security threat from being introduced.", - "time": 1760900353, - "time_dt": "2025-10-19T18:59:13.053300", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Defender plan Defender for KeyVaults from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "metadata": { - "event_code": "defender_ensure_defender_for_keyvault_is_on", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Defender plan Defender for KeyVaults from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r1.az.eid.3" - ], - "MITRE-ATTACK": [ - "T1190", - "T1486", - "T1499", - "T1580" - ], - "CIS-2.0": [ - "2.1.10" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.19", - "A.5.21", - "A.5.22", - "A.5.25", - "A.5.28", - "A.5.29", - "A.8.7", - "A.8.9" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CIS-2.1": [ - "2.1.9" - ], - "CIS-3.0": [ - "3.1.8.1" - ], - "PCI-4.0": [ - "3.5.1.31", - "3.5.1.32", - "8.3.2.50", - "8.3.2.51" - ], - "CIS-4.0": [ - "9.1.8.1" - ], - "NIS2": [ - "3.6.2", - "6.9.2", - "9.2.c", - "9.2.c.iv" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900353, - "created_time_dt": "2025-10-19T18:59:13.053300", - "desc": "Ensure That Microsoft Defender for KeyVault Is Set To 'On' ", - "title": "Ensure That Microsoft Defender for KeyVault Is Set To 'On' ", - "types": [], - "uid": "prowler-azure-defender_ensure_defender_for_keyvault_is_on-3bb71587-4549-4396-8898-9e15f062e665-global-Defender plan KeyVaults" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/KeyVaults", - "resource_name": "KeyVaults", - "pricing_tier": "Free", - "free_trial_remaining_time": 2592000.0, - "extensions": {} - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "Defender plan KeyVaults", - "type": "AzureDefenderPlan", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/KeyVaults" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "Ensure that Microsoft Defender for Cloud is enabled for Azure key vaults. Key Vault is the Azure cloud service that safeguards encryption keys and secrets like certificates, connection-based strings, and passwords.", - "references": [] - }, - "risk_details": "By default, Microsoft Defender for Cloud is disabled for Azure key vaults. Defender for Cloud detects unusual and potentially harmful attempts to access or exploit your Azure Key Vault data. This layer of protection allows you to address threats without being a security expert, and without the need to use and manage third-party security monitoring tools or services.", - "time": 1760900353, - "time_dt": "2025-10-19T18:59:13.053300", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Defender plan Defender for Open-Source Relational Databases from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "metadata": { - "event_code": "defender_ensure_defender_for_os_relational_databases_is_on", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Defender plan Defender for Open-Source Relational Databases from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.s.4.r1.az.nt.4" - ], - "MITRE-ATTACK": [ - "T1190", - "T1486", - "T1499" - ], - "CIS-2.0": [ - "2.1.6" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.19", - "A.5.21", - "A.5.22", - "A.5.25", - "A.5.28", - "A.5.29", - "A.8.7", - "A.8.9" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CIS-2.1": [ - "2.1.5" - ], - "CIS-3.0": [ - "3.1.7.2" - ], - "CIS-4.0": [ - "9.1.7.2" - ], - "NIS2": [ - "3.6.2", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900353, - "created_time_dt": "2025-10-19T18:59:13.053300", - "desc": "Ensure That Microsoft Defender for Open-Source Relational Databases Is Set To 'On' ", - "title": "Ensure That Microsoft Defender for Open-Source Relational Databases Is Set To 'On' ", - "types": [], - "uid": "prowler-azure-defender_ensure_defender_for_os_relational_databases_is_on-3bb71587-4549-4396-8898-9e15f062e665-global-Defender plan Open-Source Relational Databases" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/OpenSourceRelationalDatabases", - "resource_name": "OpenSourceRelationalDatabases", - "pricing_tier": "Free", - "free_trial_remaining_time": 2592000.0, - "extensions": {} - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "Defender plan Open-Source Relational Databases", - "type": "AzureDefenderPlan", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/OpenSourceRelationalDatabases" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "Enabling Microsoft Defender for Open-source relational databases allows for greater defense-in-depth, with threat detection provided by the Microsoft Security Response Center (MSRC).", - "references": [] - }, - "risk_details": "Turning on Microsoft Defender for Open-source relational databases enables threat detection for Open-source relational databases, providing threat intelligence, anomaly detection, and behavior analytics in the Microsoft Defender for Cloud.", - "time": 1760900353, - "time_dt": "2025-10-19T18:59:13.053300", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Defender plan Defender for Servers from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "metadata": { - "event_code": "defender_ensure_defender_for_server_is_on", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Defender plan Defender for Servers from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.mon.3.r1.az.ev.1", - "mp.s.4.r1.az.nt.3" - ], - "MITRE-ATTACK": [ - "T1190", - "T1486", - "T1499" - ], - "CIS-2.0": [ - "2.1.1", - "2.1.2" - ], - "ProwlerThreatScore-1.0": [ - "1.1.4" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.19", - "A.5.21", - "A.5.22", - "A.5.25", - "A.5.28", - "A.5.29", - "A.8.7", - "A.8.9" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CIS-2.1": [ - "2.1.1" - ], - "CIS-3.0": [ - "2.2.8", - "3.1.3.1" - ], - "CIS-4.0": [ - "6.2.7", - "9.1.3.1" - ], - "NIS2": [ - "3.6.2", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900353, - "created_time_dt": "2025-10-19T18:59:13.053300", - "desc": "Ensure That Microsoft Defender for Servers Is Set to 'On'", - "title": "Ensure That Microsoft Defender for Servers Is Set to 'On'", - "types": [], - "uid": "prowler-azure-defender_ensure_defender_for_server_is_on-3bb71587-4549-4396-8898-9e15f062e665-global-Defender plan Servers" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/VirtualMachines", - "resource_name": "VirtualMachines", - "pricing_tier": "Free", - "free_trial_remaining_time": 2592000.0, - "extensions": {} - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "Defender plan Servers", - "type": "AzureDefenderPlan", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/VirtualMachines" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "Enabling Microsoft Defender for Cloud standard pricing tier allows for better security assessment with threat detection provided by the Microsoft Security Response Center (MSRC), advanced security policies, adaptive application control, network threat detection, and regulatory compliance management.", - "references": [] - }, - "risk_details": "Turning on Microsoft Defender for Servers enables threat detection for Servers, providing threat intelligence, anomaly detection, and behavior analytics in the Microsoft Defender for Cloud.", - "time": 1760900353, - "time_dt": "2025-10-19T18:59:13.053300", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Defender plan Defender for SQL Server VMs from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "metadata": { - "event_code": "defender_ensure_defender_for_sql_servers_is_on", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Defender plan Defender for SQL Server VMs from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.s.4.r1.az.nt.4" - ], - "MITRE-ATTACK": [ - "T1190", - "T1486", - "T1499" - ], - "CIS-2.0": [ - "2.1.5" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.19", - "A.5.21", - "A.5.22", - "A.5.25", - "A.5.28", - "A.5.29", - "A.8.7", - "A.8.9" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CIS-2.1": [ - "2.1.4" - ], - "CIS-3.0": [ - "3.1.7.4" - ], - "CIS-4.0": [ - "9.1.7.4" - ], - "NIS2": [ - "3.6.2", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900353, - "created_time_dt": "2025-10-19T18:59:13.053300", - "desc": "Ensure That Microsoft Defender for SQL Servers on Machines Is Set To 'On' ", - "title": "Ensure That Microsoft Defender for SQL Servers on Machines Is Set To 'On' ", - "types": [], - "uid": "prowler-azure-defender_ensure_defender_for_sql_servers_is_on-3bb71587-4549-4396-8898-9e15f062e665-global-Defender plan SQL Server VMs" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/SqlServerVirtualMachines", - "resource_name": "SqlServerVirtualMachines", - "pricing_tier": "Free", - "free_trial_remaining_time": 2592000.0, - "extensions": {} - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "Defender plan SQL Server VMs", - "type": "AzureDefenderPlan", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/SqlServerVirtualMachines" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "By default, Microsoft Defender for Cloud is disabled for the Microsoft SQL servers running on virtual machines. Defender for Cloud for SQL Server virtual machines continuously monitors your SQL database servers for threats such as SQL injection, brute-force attacks, and privilege abuse. The security service provides security alerts together with details of the suspicious activity and guidance on how to mitigate to the security threats.", - "references": [] - }, - "risk_details": "Turning on Microsoft Defender for SQL servers on machines enables threat detection for SQL servers on machines, providing threat intelligence, anomaly detection, and behavior analytics in the Microsoft Defender for Cloud.", - "time": 1760900353, - "time_dt": "2025-10-19T18:59:13.053300", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Defender plan Defender for Storage Accounts from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "metadata": { - "event_code": "defender_ensure_defender_for_storage_is_on", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Defender plan Defender for Storage Accounts from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.s.4.r1.az.nt.5" - ], - "MITRE-ATTACK": [ - "T1190", - "T1537", - "T1530", - "T1485", - "T1486", - "T1499" - ], - "CIS-2.0": [ - "2.1.7" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.19", - "A.5.21", - "A.5.22", - "A.5.25", - "A.5.28", - "A.5.29", - "A.8.7", - "A.8.9" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CIS-2.1": [ - "2.1.7" - ], - "CIS-3.0": [ - "3.1.5.1" - ], - "CIS-4.0": [ - "9.1.5.1" - ], - "NIS2": [ - "3.6.2", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900353, - "created_time_dt": "2025-10-19T18:59:13.053300", - "desc": "Ensure That Microsoft Defender for Storage Is Set To 'On' ", - "title": "Ensure That Microsoft Defender for Storage Is Set To 'On' ", - "types": [], - "uid": "prowler-azure-defender_ensure_defender_for_storage_is_on-3bb71587-4549-4396-8898-9e15f062e665-global-Defender plan Storage Accounts" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/StorageAccounts", - "resource_name": "StorageAccounts", - "pricing_tier": "Free", - "free_trial_remaining_time": 2592000.0, - "extensions": {} - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "Defender plan Storage Accounts", - "type": "AzureDefenderPlan", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/StorageAccounts" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "By default, Microsoft Defender for Cloud is disabled for your storage accounts. Enabling the Defender security service for Azure storage accounts allows for advanced security defense using threat detection capabilities provided by the Microsoft Security Response Center (MSRC). MSRC investigates all reports of security vulnerabilities affecting Microsoft products and services, including Azure cloud services.", - "references": [] - }, - "risk_details": "Ensure that Microsoft Defender for Cloud is enabled for your Microsoft Azure storage accounts. Defender for storage accounts is an Azure-native layer of security intelligence that detects unusual and potentially harmful attempts to access or exploit your Azure cloud storage accounts.", - "time": 1760900353, - "time_dt": "2025-10-19T18:59:13.053300", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No IoT Security Solutions found in the subscription Azure subscription 1.", - "metadata": { - "event_code": "defender_ensure_iot_hub_defender_is_on", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "No IoT Security Solutions found in the subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://azure.microsoft.com/en-us/services/iot-defender/#overview", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Enabling Microsoft Defender for IoT will incur additional charges dependent on the level of usage.", - "compliance": { - "ENS-RD2022": [ - "mp.s.4.r1.az.nt.3" - ], - "MITRE-ATTACK": [ - "T1190", - "T1486", - "T1499" - ], - "CIS-2.0": [ - "2.2.1" - ], - "ISO27001-2022": [ - "A.5.19", - "A.5.21", - "A.5.25", - "A.5.28", - "A.5.29", - "A.8.7", - "A.8.9" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CIS-2.1": [ - "2.2.1" - ], - "CIS-3.0": [ - "3.2.1" - ], - "CIS-4.0": [ - "9.2.1" - ], - "NIS2": [ - "3.6.2", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900353, - "created_time_dt": "2025-10-19T18:59:13.053300", - "desc": "Microsoft Defender for IoT acts as a central security hub for IoT devices within your organization.", - "title": "Ensure That Microsoft Defender for IoT Hub Is Set To 'On'", - "types": [], - "uid": "prowler-azure-defender_ensure_iot_hub_defender_is_on-3bb71587-4549-4396-8898-9e15f062e665-global-IoT Hub Defender" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "IoT Hub Defender", - "type": "DefenderIoT", - "uid": "IoT Hub Defender" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. Go to IoT Hub. 2. Select a IoT Hub to validate. 3. Select Overview in Defender for IoT. 4. Click on Secure your IoT solution, and complete the onboarding.", - "references": [ - "https://learn.microsoft.com/en-us/azure/defender-for-iot/device-builders/quickstart-onboard-iot-hub" - ] - }, - "risk_details": "IoT devices are very rarely patched and can be potential attack vectors for enterprise networks. Updating their network configuration to use a central security hub allows for detection of these breaches.", - "time": 1760900353, - "time_dt": "2025-10-19T18:59:13.053300", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Microsoft Defender for Cloud Apps is enabled for subscription Azure subscription 1.", - "metadata": { - "event_code": "defender_ensure_mcas_is_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Microsoft Defender for Cloud Apps is enabled for subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-in/azure/defender-for-cloud/defender-for-cloud-introduction#secure-cloud-applications", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Microsoft Defender for Cloud Apps works with Standard pricing tier Subscription. Choosing the Standard pricing tier of Microsoft Defender for Cloud incurs an additional cost per resource.", - "compliance": { - "ENS-RD2022": [ - "mp.s.4.r1.az.nt.3" - ], - "MITRE-ATTACK": [ - "T1190", - "T1486" - ], - "CIS-2.0": [ - "2.1.21" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.22" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CIS-2.1": [ - "2.1.20" - ], - "CIS-3.0": [ - "3.1.1.2" - ], - "PCI-4.0": [ - "11.5.1.1.2", - "11.5.1.2" - ], - "NIS2": [ - "3.6.2", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900353, - "created_time_dt": "2025-10-19T18:59:13.053300", - "desc": "This integration setting enables Microsoft Defender for Cloud Apps (formerly 'Microsoft Cloud App Security' or 'MCAS' - see additional info) to communicate with Microsoft Defender for Cloud.", - "title": "Ensure that Microsoft Defender for Cloud Apps integration with Microsoft Defender for Cloud is Selected", - "types": [], - "uid": "prowler-azure-defender_ensure_mcas_is_enabled-3bb71587-4549-4396-8898-9e15f062e665-global-MCAS" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/settings/MCAS", - "resource_type": "Microsoft.Security/settings", - "kind": "DataExportSettings", - "enabled": true - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "MCAS", - "type": "DefenderSettings", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/settings/MCAS" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. From Azure Home select the Portal Menu. 2. Select Microsoft Defender for Cloud. 3. Select Environment Settings blade. 4. Select the subscription. 5. Check App Service Defender Plan to On. 6. Select Save.", - "references": [ - "https://docs.microsoft.com/en-us/rest/api/securitycenter/settings/list" - ] - }, - "risk_details": "Microsoft Defender for Cloud offers an additional layer of protection by using Azure Resource Manager events, which is considered to be the control plane for Azure. By analyzing the Azure Resource Manager records, Microsoft Defender for Cloud detects unusual or potentially harmful operations in the Azure subscription environment. Several of the preceding analytics are powered by Microsoft Defender for Cloud Apps. To benefit from these analytics, subscription must have a Cloud App Security license. Microsoft Defender for Cloud Apps works only with Standard Tier subscriptions.", - "time": 1760900353, - "time_dt": "2025-10-19T18:59:13.053300", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Microsoft Defender for Endpoint integration is enabled for subscription Azure subscription 1.", - "metadata": { - "event_code": "defender_ensure_wdatp_is_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Microsoft Defender for Endpoint integration is enabled for subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-in/azure/defender-for-cloud/integration-defender-for-endpoint?tabs=windows", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Microsoft Defender for Endpoint works with Standard pricing tier Subscription. Choosing the Standard pricing tier of Microsoft Defender for Cloud incurs an additional cost per resource.", - "compliance": { - "ENS-RD2022": [ - "op.mon.3.r3.az.de.2" - ], - "MITRE-ATTACK": [ - "T1190" - ], - "CIS-2.0": [ - "2.1.22" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CIS-2.1": [ - "2.1.21" - ], - "NIS2": [ - "3.6.2", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900353, - "created_time_dt": "2025-10-19T18:59:13.053300", - "desc": "This integration setting enables Microsoft Defender for Endpoint (formerly 'Advanced Threat Protection' or 'ATP' or 'WDATP' - see additional info) to communicate with Microsoft Defender for Cloud.", - "title": "Ensure that Microsoft Defender for Endpoint integration with Microsoft Defender for Cloud is selected", - "types": [], - "uid": "prowler-azure-defender_ensure_wdatp_is_enabled-3bb71587-4549-4396-8898-9e15f062e665-global-WDATP" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/settings/WDATP", - "resource_type": "Microsoft.Security/settings", - "kind": "DataExportSettings", - "enabled": true - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "WDATP", - "type": "DefenderSettings", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/settings/WDATP" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "", - "references": [ - "https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/azure-server-integration?view=o365-worldwide" - ] - }, - "risk_details": "Microsoft Defender for Endpoint integration brings comprehensive Endpoint Detection and Response (EDR) capabilities within Microsoft Defender for Cloud. This integration helps to spot abnormalities, as well as detect and respond to advanced attacks on endpoints monitored by Microsoft Defender for Cloud. MDE works only with Standard Tier subscriptions.", - "time": 1760900353, - "time_dt": "2025-10-19T18:59:13.053300", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Role assignment 1b4a98ae-5221-4850-a761-4f9176407028 in subscription Azure subscription 1 does not grant User Access Administrator role.", - "metadata": { - "event_code": "iam_role_user_access_admin_restricted", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Role assignment 1b4a98ae-5221-4850-a761-4f9176407028 in subscription Azure subscription 1 does not grant User Access Administrator role.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/privileged#user-access-administrator", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.LB.CN04.AR01", - "CCC.LB.CN05.AR01", - "CCC.LB.CN09.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.MLDE.CN03.AR01", - "CCC.MLDE.CN03.AR02", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ], - "CIS-4.0": [ - "6.3.3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900353, - "created_time_dt": "2025-10-19T18:59:13.053300", - "desc": "Checks for active assignments of the highly privileged 'User Access Administrator' role in Azure subscriptions.", - "title": "Ensure 'User Access Administrator' role is restricted", - "types": [], - "uid": "prowler-azure-iam_role_user_access_admin_restricted-3bb71587-4549-4396-8898-9e15f062e665-global-1b4a98ae-5221-4850-a761-4f9176407028" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Authorization/roleAssignments/1b4a98ae-5221-4850-a761-4f9176407028", - "name": "1b4a98ae-5221-4850-a761-4f9176407028", - "scope": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665", - "agent_id": "88c2c157-980b-416e-b77e-ec04f7f1b984", - "agent_type": "User", - "role_id": "8e3af657-a8ff-443c-a75c-2fe8c4bcb635" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "1b4a98ae-5221-4850-a761-4f9176407028", - "type": "AzureIAMRoleassignment", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Authorization/roleAssignments/1b4a98ae-5221-4850-a761-4f9176407028" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "Remove 'User Access Administrator' role assignments immediately after use to minimize security risks.", - "references": [ - "https://learn.microsoft.com/en-us/azure/role-based-access-control/elevate-access-global-admin?tabs=azure-portal%2Centra-audit-logs" - ] - }, - "risk_details": "Persistent assignment of this role can lead to privilege escalation and unauthorized access, increasing the risk of security breaches.", - "time": 1760900353, - "time_dt": "2025-10-19T18:59:13.053300", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Role assignment 083c1758-89d9-4b12-8005-48e7e359dc4f in subscription Azure subscription 1 does not grant User Access Administrator role.", - "metadata": { - "event_code": "iam_role_user_access_admin_restricted", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Role assignment 083c1758-89d9-4b12-8005-48e7e359dc4f in subscription Azure subscription 1 does not grant User Access Administrator role.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/privileged#user-access-administrator", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.LB.CN04.AR01", - "CCC.LB.CN05.AR01", - "CCC.LB.CN09.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.MLDE.CN03.AR01", - "CCC.MLDE.CN03.AR02", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ], - "CIS-4.0": [ - "6.3.3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900353, - "created_time_dt": "2025-10-19T18:59:13.053300", - "desc": "Checks for active assignments of the highly privileged 'User Access Administrator' role in Azure subscriptions.", - "title": "Ensure 'User Access Administrator' role is restricted", - "types": [], - "uid": "prowler-azure-iam_role_user_access_admin_restricted-3bb71587-4549-4396-8898-9e15f062e665-global-083c1758-89d9-4b12-8005-48e7e359dc4f" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Authorization/roleAssignments/083c1758-89d9-4b12-8005-48e7e359dc4f", - "name": "083c1758-89d9-4b12-8005-48e7e359dc4f", - "scope": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665", - "agent_id": "88c2c157-980b-416e-b77e-ec04f7f1b984", - "agent_type": "User", - "role_id": "8e3af657-a8ff-443c-a75c-2fe8c4bcb635" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "083c1758-89d9-4b12-8005-48e7e359dc4f", - "type": "AzureIAMRoleassignment", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Authorization/roleAssignments/083c1758-89d9-4b12-8005-48e7e359dc4f" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "Remove 'User Access Administrator' role assignments immediately after use to minimize security risks.", - "references": [ - "https://learn.microsoft.com/en-us/azure/role-based-access-control/elevate-access-global-admin?tabs=azure-portal%2Centra-audit-logs" - ] - }, - "risk_details": "Persistent assignment of this role can lead to privilege escalation and unauthorized access, increasing the risk of security breaches.", - "time": 1760900353, - "time_dt": "2025-10-19T18:59:13.053300", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Role assignment 2c61de5e-5cbb-42b9-9f2a-9dd930efe3fb in subscription Azure subscription 1 does not grant User Access Administrator role.", - "metadata": { - "event_code": "iam_role_user_access_admin_restricted", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Role assignment 2c61de5e-5cbb-42b9-9f2a-9dd930efe3fb in subscription Azure subscription 1 does not grant User Access Administrator role.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/privileged#user-access-administrator", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.LB.CN04.AR01", - "CCC.LB.CN05.AR01", - "CCC.LB.CN09.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.MLDE.CN03.AR01", - "CCC.MLDE.CN03.AR02", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ], - "CIS-4.0": [ - "6.3.3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900353, - "created_time_dt": "2025-10-19T18:59:13.053300", - "desc": "Checks for active assignments of the highly privileged 'User Access Administrator' role in Azure subscriptions.", - "title": "Ensure 'User Access Administrator' role is restricted", - "types": [], - "uid": "prowler-azure-iam_role_user_access_admin_restricted-3bb71587-4549-4396-8898-9e15f062e665-global-2c61de5e-5cbb-42b9-9f2a-9dd930efe3fb" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Authorization/roleAssignments/2c61de5e-5cbb-42b9-9f2a-9dd930efe3fb", - "name": "2c61de5e-5cbb-42b9-9f2a-9dd930efe3fb", - "scope": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665", - "agent_id": "88c2c157-980b-416e-b77e-ec04f7f1b984", - "agent_type": "User", - "role_id": "b24988ac-6180-42a0-ab88-20f7382dd24c" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "2c61de5e-5cbb-42b9-9f2a-9dd930efe3fb", - "type": "AzureIAMRoleassignment", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Authorization/roleAssignments/2c61de5e-5cbb-42b9-9f2a-9dd930efe3fb" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "Remove 'User Access Administrator' role assignments immediately after use to minimize security risks.", - "references": [ - "https://learn.microsoft.com/en-us/azure/role-based-access-control/elevate-access-global-admin?tabs=azure-portal%2Centra-audit-logs" - ] - }, - "risk_details": "Persistent assignment of this role can lead to privilege escalation and unauthorized access, increasing the risk of security breaches.", - "time": 1760900353, - "time_dt": "2025-10-19T18:59:13.053300", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Role assignment 154eadeb-e375-4263-b4bd-4a2a2237ecd2 in subscription Azure subscription 1 does not grant User Access Administrator role.", - "metadata": { - "event_code": "iam_role_user_access_admin_restricted", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Role assignment 154eadeb-e375-4263-b4bd-4a2a2237ecd2 in subscription Azure subscription 1 does not grant User Access Administrator role.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/privileged#user-access-administrator", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.LB.CN04.AR01", - "CCC.LB.CN05.AR01", - "CCC.LB.CN09.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.MLDE.CN03.AR01", - "CCC.MLDE.CN03.AR02", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ], - "CIS-4.0": [ - "6.3.3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900353, - "created_time_dt": "2025-10-19T18:59:13.053300", - "desc": "Checks for active assignments of the highly privileged 'User Access Administrator' role in Azure subscriptions.", - "title": "Ensure 'User Access Administrator' role is restricted", - "types": [], - "uid": "prowler-azure-iam_role_user_access_admin_restricted-3bb71587-4549-4396-8898-9e15f062e665-global-154eadeb-e375-4263-b4bd-4a2a2237ecd2" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Authorization/roleAssignments/154eadeb-e375-4263-b4bd-4a2a2237ecd2", - "name": "154eadeb-e375-4263-b4bd-4a2a2237ecd2", - "scope": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665", - "agent_id": "80dfb9bd-1c99-4012-9de7-580a68334b45", - "agent_type": "ServicePrincipal", - "role_id": "8e3af657-a8ff-443c-a75c-2fe8c4bcb635" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "154eadeb-e375-4263-b4bd-4a2a2237ecd2", - "type": "AzureIAMRoleassignment", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Authorization/roleAssignments/154eadeb-e375-4263-b4bd-4a2a2237ecd2" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "Remove 'User Access Administrator' role assignments immediately after use to minimize security risks.", - "references": [ - "https://learn.microsoft.com/en-us/azure/role-based-access-control/elevate-access-global-admin?tabs=azure-portal%2Centra-audit-logs" - ] - }, - "risk_details": "Persistent assignment of this role can lead to privilege escalation and unauthorized access, increasing the risk of security breaches.", - "time": 1760900353, - "time_dt": "2025-10-19T18:59:13.053300", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There is not an alert for creating Policy Assignments in subscription Azure subscription 1.", - "metadata": { - "event_code": "monitor_alert_create_policy_assignment", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "There is not an alert for creating Policy Assignments in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://azure.microsoft.com/en-us/updates/classic-alerting-monitoring-retirement", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "By default, no monitoring alerts are created.", - "compliance": { - "ENS-RD2022": [ - "op.mon.2.r1.az.ma.1" - ], - "MITRE-ATTACK": [ - "T1496" - ], - "CIS-2.0": [ - "5.2.1" - ], - "ProwlerThreatScore-1.0": [ - "3.3.3" - ], - "ISO27001-2022": [ - "A.5.7", - "A.8.16" - ], - "SOC2": [ - "cc_2_1", - "cc_5_2", - "cc_7_3", - "cc_7_4", - "cc_8_1" - ], - "CIS-2.1": [ - "5.2.1" - ], - "CIS-3.0": [ - "6.2.1" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR02", - "CCC.KeyMgmt.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.LB.CN04.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN07.AR02" - ], - "CIS-4.0": [ - "7.1.2.1" - ], - "NIS2": [ - "2.2.3", - "3.2.1", - "3.2.2", - "3.2.3.b", - "3.2.3.f", - "3.2.4", - "3.4.1", - "3.5.4", - "4.3.2.c", - "6.4.1", - "7.2.b", - "11.3.1", - "11.5.2.d" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900353, - "created_time_dt": "2025-10-19T18:59:13.053300", - "desc": "Create an activity log alert for the Create Policy Assignment event.", - "title": "Ensure that Activity Log Alert exists for Create Policy Assignment", - "types": [], - "uid": "prowler-azure-monitor_alert_create_policy_assignment-3bb71587-4549-4396-8898-9e15f062e665-global-Monitor" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "monitor" - }, - "labels": [], - "name": "Monitor", - "type": "Monitor", - "uid": "Monitor" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. Navigate to the Monitor blade. 2. Select Alerts. 3. Select Create. 4. Select Alert rule. 5. Under Filter by subscription, choose a subscription. 6. Under Filter by resource type, select Policy assignment (policyAssignments). 7. Under Filter by location, select All. 8. From the results, select the subscription. 9. Select Done. 10. Select the Condition tab. 11. Under Signal name, click Create policy assignment (Microsoft.Authorization/policyAssignments). 12. Select the Actions tab. 13. To use an existing action group, click elect action groups. To create a new action group, click Create action group. Fill out the appropriate details for the selection. 14. Select the Details tab. 15. Select a Resource group, provide an Alert rule name and an optional Alert rule description. 16. Click Review + create. 17. Click Create.", - "references": [ - "https://docs.microsoft.com/en-in/azure/azure-monitor/platform/alerts-activity-log" - ] - }, - "risk_details": "Monitoring for create policy assignment events gives insight into changes done in 'Azure policy - assignments' and can reduce the time it takes to detect unsolicited changes.", - "time": 1760900353, - "time_dt": "2025-10-19T18:59:13.053300", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There is not an alert for creating/updating Network Security Groups in subscription Azure subscription 1.", - "metadata": { - "event_code": "monitor_alert_create_update_nsg", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "There is not an alert for creating/updating Network Security Groups in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-in/azure/azure-monitor/platform/alerts-activity-log", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "By default, no monitoring alerts are created.", - "compliance": { - "ENS-RD2022": [ - "op.mon.2.r1.az.ma.1" - ], - "CIS-2.0": [ - "5.2.3" - ], - "ProwlerThreatScore-1.0": [ - "3.3.5" - ], - "ISO27001-2022": [ - "A.5.7", - "A.8.16" - ], - "SOC2": [ - "cc_2_1", - "cc_5_2", - "cc_7_3", - "cc_7_4", - "cc_8_1" - ], - "CIS-2.1": [ - "5.2.3" - ], - "CIS-3.0": [ - "6.2.3" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR02", - "CCC.KeyMgmt.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.LB.CN04.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN07.AR02" - ], - "PCI-4.0": [ - "10.2.1.1.8", - "10.4.2.2", - "10.4.3.1", - "10.6.3.8", - "10.7.1.3", - "10.7.2.3", - "11.5.2.2", - "11.6.1.2", - "12.10.5.2", - "A3.3.1.3", - "A3.5.1.3" - ], - "CIS-4.0": [ - "7.1.2.3" - ], - "NIS2": [ - "2.2.3", - "3.2.1", - "3.2.2", - "3.2.3.a", - "3.2.3.f", - "3.2.4", - "3.4.1", - "3.5.4", - "4.3.2.c", - "6.4.1", - "7.2.b", - "11.3.1", - "11.5.2.d" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900353, - "created_time_dt": "2025-10-19T18:59:13.053300", - "desc": "Create an Activity Log Alert for the Create or Update Network Security Group event.", - "title": "Ensure that Activity Log Alert exists for Create or Update Network Security Group", - "types": [], - "uid": "prowler-azure-monitor_alert_create_update_nsg-3bb71587-4549-4396-8898-9e15f062e665-global-Monitor" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "monitor" - }, - "labels": [], - "name": "Monitor", - "type": "Monitor", - "uid": "Monitor" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. Navigate to the Monitor blade. 2. Select Alerts. 3. Select Create. 4. Select Alert rule. 5. Under Filter by subscription, choose a subscription. 6. Under Filter by resource type, select Network security groups. 7. Under Filter by location, select All. 8. From the results, select the subscription. 9. Select Done. 10. Select the Condition tab. 11. Under Signal name, click Create or Update Network Security Group (Microsoft.Network/networkSecurityGroups). 12. Select the Actions tab. 13. To use an existing action group, click Select action groups. To create a new action group, click Create action group. Fill out the appropriate details for the selection. 14. Select the Details tab. 15. Select a Resource group, provide an Alert rule name and an optional Alert rule description. 16. Click Review + create. 17. Click Create.", - "references": [ - "https://azure.microsoft.com/en-us/updates/classic-alerting-monitoring-retirement" - ] - }, - "risk_details": "Monitoring for Create or Update Network Security Group events gives insight into network access changes and may reduce the time it takes to detect suspicious activity.", - "time": 1760900353, - "time_dt": "2025-10-19T18:59:13.053300", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There is not an alert for creating/updating Public IP address rule in subscription Azure subscription 1.", - "metadata": { - "event_code": "monitor_alert_create_update_public_ip_address_rule", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "There is not an alert for creating/updating Public IP address rule in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-in/azure/azure-monitor/platform/alerts-activity-log", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "By default, no monitoring alerts are created.", - "compliance": { - "ENS-RD2022": [ - "op.mon.2.r1.az.ma.1" - ], - "MITRE-ATTACK": [ - "T1496" - ], - "CIS-2.0": [ - "5.2.9" - ], - "ProwlerThreatScore-1.0": [ - "3.3.11" - ], - "ISO27001-2022": [ - "A.5.7", - "A.8.1", - "A.8.16" - ], - "SOC2": [ - "cc_2_1", - "cc_5_2", - "cc_7_3", - "cc_7_4", - "cc_8_1" - ], - "CIS-2.1": [ - "5.2.9" - ], - "CIS-3.0": [ - "6.2.9" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR02", - "CCC.KeyMgmt.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.LB.CN04.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN07.AR02" - ], - "CIS-4.0": [ - "7.1.2.9" - ], - "NIS2": [ - "2.2.3", - "3.2.1", - "3.2.2", - "3.2.3.a", - "3.2.3.f", - "3.2.4", - "3.4.1", - "3.5.4", - "4.3.2.c", - "6.4.1", - "7.2.b", - "11.5.2.d" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900353, - "created_time_dt": "2025-10-19T18:59:13.053300", - "desc": "Create an activity log alert for the Create or Update Public IP Addresses rule.", - "title": "Ensure that Activity Log Alert exists for Create or Update Public IP Address rule", - "types": [], - "uid": "prowler-azure-monitor_alert_create_update_public_ip_address_rule-3bb71587-4549-4396-8898-9e15f062e665-global-Monitor" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "monitor" - }, - "labels": [], - "name": "Monitor", - "type": "Monitor", - "uid": "Monitor" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. Navigate to the Monitor blade. 2. Select Alerts. 3. Select Create. 4. Select Alert rule. 5. Under Filter by subscription, choose a subscription. 6. Under Filter by resource type, select Public IP addresses. 7. Under Filter by location, select All. 8. From the results, select the subscription. 9. Select Done. 10. Select the Condition tab. 11. Under Signal name, click Create or Update Public Ip Address (Microsoft.Network/publicIPAddresses). 12. Select the Actions tab. 13. To use an existing action group, click Select action groups. To create a new action group, click Create action group. Fill out the appropriate details for the selection. 14. Select the Details tab. 15. Select a Resource group, provide an Alert rule name and an optional Alert rule description. 16. Click Review + create. 17. Click Create.", - "references": [ - "https://azure.microsoft.com/en-us/updates/classic-alerting-monitoring-retirement" - ] - }, - "risk_details": "Monitoring for Create or Update Public IP Address events gives insight into network access changes and may reduce the time it takes to detect suspicious activity.", - "time": 1760900353, - "time_dt": "2025-10-19T18:59:13.053300", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There is not an alert for creating/updating Security Solution in subscription Azure subscription 1.", - "metadata": { - "event_code": "monitor_alert_create_update_security_solution", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "There is not an alert for creating/updating Security Solution in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-in/azure/azure-monitor/platform/alerts-activity-log", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "By default, no monitoring alerts are created.", - "compliance": { - "ENS-RD2022": [ - "op.mon.2.r1.az.ma.1", - "op.mon.3.r6.az.ma.1" - ], - "MITRE-ATTACK": [ - "T1496" - ], - "CIS-2.0": [ - "5.2.5" - ], - "ProwlerThreatScore-1.0": [ - "3.3.7" - ], - "ISO27001-2022": [ - "A.5.7", - "A.5.16", - "A.5.22", - "A.8.16" - ], - "SOC2": [ - "cc_2_1", - "cc_5_2", - "cc_7_3", - "cc_7_4", - "cc_8_1" - ], - "CIS-2.1": [ - "5.2.5" - ], - "CIS-3.0": [ - "6.2.5" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR02", - "CCC.KeyMgmt.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.LB.CN04.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN07.AR02" - ], - "CIS-4.0": [ - "7.1.2.5" - ], - "NIS2": [ - "2.2.3", - "3.2.1", - "3.2.2", - "3.2.3.f", - "3.2.4", - "3.4.1", - "3.5.4", - "4.3.2.c", - "6.4.1", - "7.2.b", - "11.5.2.d" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900353, - "created_time_dt": "2025-10-19T18:59:13.053300", - "desc": "Create an activity log alert for the Create or Update Security Solution event.", - "title": "Ensure that Activity Log Alert exists for Create or Update Security Solution", - "types": [], - "uid": "prowler-azure-monitor_alert_create_update_security_solution-3bb71587-4549-4396-8898-9e15f062e665-global-Monitor" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "monitor" - }, - "labels": [], - "name": "Monitor", - "type": "Monitor", - "uid": "Monitor" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. Navigate to the Monitor blade. 2. Select Alerts. 3. Select Create. 4. Select Alert rule. 5. Under Filter by subscription, choose a subscription. 6. Under Filter by resource type, select Security Solutions (securitySolutions). 7. Under Filter by location, select All. 8. From the results, select the subscription. 9. Select Done. 10. Select the Condition tab. 11. Under Signal name, click Create or Update Security Solutions (Microsoft.Security/securitySolutions). 12. Select the Actions tab. 13. To use an existing action group, click Select action groups. To create a new action group, click Create action group. Fill out the appropriate details for the selection. 14. Select the Details tab. 15. Select a Resource group, provide an Alert rule name and an optional Alert rule description. 16. Click Review + create. 17. Click Create.", - "references": [ - "https://azure.microsoft.com/en-us/updates/classic-alerting-monitoring-retirement" - ] - }, - "risk_details": "Monitoring for Create or Update Security Solution events gives insight into changes to the active security solutions and may reduce the time it takes to detect suspicious activity.", - "time": 1760900353, - "time_dt": "2025-10-19T18:59:13.053300", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There is not an alert for creating/updating SQL Server firewall rule in subscription Azure subscription 1.", - "metadata": { - "event_code": "monitor_alert_create_update_sqlserver_fr", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "There is not an alert for creating/updating SQL Server firewall rule in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-in/azure/azure-monitor/platform/alerts-activity-log", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "By default, no monitoring alerts are created.", - "compliance": { - "ENS-RD2022": [ - "op.mon.2.r1.az.ma.1" - ], - "MITRE-ATTACK": [ - "T1496" - ], - "CIS-2.0": [ - "5.2.7" - ], - "ProwlerThreatScore-1.0": [ - "3.3.9" - ], - "ISO27001-2022": [ - "A.5.7", - "A.8.16" - ], - "SOC2": [ - "cc_2_1", - "cc_5_2", - "cc_7_3", - "cc_7_4", - "cc_8_1" - ], - "CIS-2.1": [ - "5.2.7" - ], - "CIS-3.0": [ - "6.2.7" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR02", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN07.AR02" - ], - "PCI-4.0": [ - "10.2.1.1.9", - "10.2.1.1.10", - "10.2.1.1.22", - "10.2.1.2.8", - "10.2.1.2.19", - "10.2.1.3.8", - "10.2.1.3.19", - "10.2.1.4.8", - "10.2.1.4.19", - "10.2.1.5.8", - "10.2.1.5.19", - "10.2.1.6.8", - "10.2.1.6.19", - "10.2.1.7.8", - "10.2.1.7.19", - "10.2.1.8", - "10.2.1.19", - "10.2.2.8", - "10.2.2.19", - "10.3.1.8", - "10.3.1.19", - "10.4.1.1.2", - "10.4.1.2", - "10.4.2.3", - "10.6.3.9", - "10.6.3.10", - "10.6.3.24", - "10.7.1.4", - "10.7.2.4", - "5.3.4.9", - "5.3.4.22", - "A1.2.1.10", - "A1.2.1.23", - "A3.3.1.4", - "A3.5.1.4" - ], - "CIS-4.0": [ - "7.1.2.7" - ], - "NIS2": [ - "2.2.3", - "3.2.1", - "3.2.2", - "3.2.3.a", - "3.2.3.f", - "3.2.4", - "3.4.1", - "3.5.4", - "4.3.2.c", - "6.4.1", - "7.2.b", - "11.3.1", - "11.5.2.d" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900353, - "created_time_dt": "2025-10-19T18:59:13.053300", - "desc": "Create an activity log alert for the Create or Update SQL Server Firewall Rule event.", - "title": "Ensure that Activity Log Alert exists for Create or Update SQL Server Firewall Rule", - "types": [], - "uid": "prowler-azure-monitor_alert_create_update_sqlserver_fr-3bb71587-4549-4396-8898-9e15f062e665-global-Monitor" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "monitor" - }, - "labels": [], - "name": "Monitor", - "type": "Monitor", - "uid": "Monitor" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. Navigate to the Monitor blade. 2. Select Alerts. 3. Select Create. 4. Select Alert rule. 5. Under Filter by subscription, choose a subscription. 6. Under Filter by resource type, select Server Firewall Rule (servers/firewallRules). 7. Under Filter by location, select All. 8. From the results, select the subscription. 9. Select Done. 10. Select the Condition tab. 11. Under Signal name, click Create/Update server firewall rule (Microsoft.Sql/servers/firewallRules). 12. Select the Actions tab. 13. To use an existing action group, click Select action groups. To create a new action group, click Create action group. Fill out the appropriate details for the selection. 14. Select the Details tab. 15. Select a Resource group, provide an Alert rule name and an optional Alert rule description. 16. Click Review + create. 17. Click Create.", - "references": [ - "https://azure.microsoft.com/en-us/updates/classic-alerting-monitoring-retirement" - ] - }, - "risk_details": "Monitoring for Create or Update SQL Server Firewall Rule events gives insight into network access changes and may reduce the time it takes to detect suspicious activity.", - "time": 1760900353, - "time_dt": "2025-10-19T18:59:13.053300", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There is not an alert for deleting Network Security Groups in subscription Azure subscription 1.", - "metadata": { - "event_code": "monitor_alert_delete_nsg", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "There is not an alert for deleting Network Security Groups in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-in/azure/azure-monitor/platform/alerts-activity-log", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "By default, no monitoring alerts are created.", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.2" - ], - "MITRE-ATTACK": [ - "T1485", - "T1496" - ], - "CIS-2.0": [ - "5.2.4" - ], - "ProwlerThreatScore-1.0": [ - "3.3.6" - ], - "ISO27001-2022": [ - "A.5.7", - "A.8.16" - ], - "SOC2": [ - "cc_2_1", - "cc_5_2", - "cc_7_3", - "cc_7_4", - "cc_8_1" - ], - "CIS-2.1": [ - "5.2.4" - ], - "CIS-3.0": [ - "6.2.4" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR02", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN07.AR02" - ], - "CIS-4.0": [ - "7.1.2.4" - ], - "NIS2": [ - "2.2.3", - "3.2.1", - "3.2.2", - "3.2.3.a", - "3.2.3.f", - "3.2.4", - "3.4.1", - "3.5.4", - "4.3.2.c", - "6.4.1", - "7.2.b", - "11.3.1", - "11.5.2.d" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900353, - "created_time_dt": "2025-10-19T18:59:13.053300", - "desc": "Create an activity log alert for the Delete Network Security Group event.", - "title": "Ensure that Activity Log Alert exists for Delete Network Security Group", - "types": [], - "uid": "prowler-azure-monitor_alert_delete_nsg-3bb71587-4549-4396-8898-9e15f062e665-global-Monitor" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "monitor" - }, - "labels": [], - "name": "Monitor", - "type": "Monitor", - "uid": "Monitor" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. Navigate to the Monitor blade. 2. Select Alerts. 3. Select Create. 4. Select Alert rule. 5. Under Filter by subscription, choose a subscription. 6. Under Filter by resource type, select Network security groups. 7. Under Filter by location, select All. 8. From the results, select the subscription. 9. Select Done. 10. Select the Condition tab. 11. Under Signal name, click Delete Network Security Group (Microsoft.Network/networkSecurityGroups). 12. Select the Actions tab. 13. To use an existing action group, click Select action groups. To create a new action group, click Create action group. Fill out the appropriate details for the selection. 14. Select the Details tab. 15. Select a Resource group, provide an Alert rule name and an optional Alert rule description. 16. Click Review + create. 17. Click Create.", - "references": [ - "https://azure.microsoft.com/en-us/updates/classic-alerting-monitoring-retirement" - ] - }, - "risk_details": "Monitoring for 'Delete Network Security Group' events gives insight into network access changes and may reduce the time it takes to detect suspicious activity.", - "time": 1760900353, - "time_dt": "2025-10-19T18:59:13.053300", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There is not an alert for deleting policy assignment in subscription Azure subscription 1.", - "metadata": { - "event_code": "monitor_alert_delete_policy_assignment", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "There is not an alert for deleting policy assignment in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-in/rest/api/monitor/activitylogalerts/createorupdate", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "By default, no monitoring alerts are created.", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.2" - ], - "MITRE-ATTACK": [ - "T1485", - "T1496" - ], - "CIS-2.0": [ - "5.2.2" - ], - "ProwlerThreatScore-1.0": [ - "3.3.4" - ], - "ISO27001-2022": [ - "A.5.7", - "A.8.16" - ], - "SOC2": [ - "cc_2_1", - "cc_5_2", - "cc_7_3", - "cc_7_4", - "cc_8_1" - ], - "CIS-2.1": [ - "5.2.2" - ], - "CIS-3.0": [ - "6.2.2" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR02", - "CCC.Logging.CN07.AR01" - ], - "CIS-4.0": [ - "7.1.2.2" - ], - "NIS2": [ - "2.2.3", - "3.2.1", - "3.2.2", - "3.2.3.b", - "3.2.3.f", - "3.2.4", - "3.4.1", - "3.5.4", - "4.3.2.c", - "6.4.1", - "7.2.b", - "11.3.1", - "11.5.2.d" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900353, - "created_time_dt": "2025-10-19T18:59:13.053300", - "desc": "Create an activity log alert for the Delete Policy Assignment event.", - "title": "Ensure that Activity Log Alert exists for Delete Policy Assignment", - "types": [], - "uid": "prowler-azure-monitor_alert_delete_policy_assignment-3bb71587-4549-4396-8898-9e15f062e665-global-Monitor" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "monitor" - }, - "labels": [], - "name": "Monitor", - "type": "Monitor", - "uid": "Monitor" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. Navigate to the Monitor blade. 2. Select Alerts. 3. Select Create. 4. Select Alert rule. 5. Under Filter by subscription, choose a subscription. 6. Under Filter by resource type, select Policy assignment (policyAssignments). 7. Under Filter by location, select All. 8. From the results, select the subscription. 9. Select Done. 10. Select the Condition tab. 11. Under Signal name, click Delete policy assignment (Microsoft.Authorization/policyAssignments). 12. Select the Actions tab. 13. To use an existing action group, click Select action groups. To create a new action group, click Create action group. Fill out the appropriate details for the selection. 14. Select the Details tab. 15. Select a Resource group, provide an Alert rule name and an optional Alert rule description. 16. Click Review + create. 17. Click Create.", - "references": [ - "https://docs.microsoft.com/en-in/azure/azure-monitor/platform/alerts-activity-log" - ] - }, - "risk_details": "Monitoring for delete policy assignment events gives insight into changes done in 'azure policy - assignments' and can reduce the time it takes to detect unsolicited changes.", - "time": 1760900353, - "time_dt": "2025-10-19T18:59:13.053300", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There is not an alert for deleting public IP address rule in subscription Azure subscription 1.", - "metadata": { - "event_code": "monitor_alert_delete_public_ip_address_rule", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "There is not an alert for deleting public IP address rule in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-in/azure/azure-monitor/platform/alerts-activity-log", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "By default, no monitoring alerts are created.", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.2" - ], - "MITRE-ATTACK": [ - "T1485", - "T1496" - ], - "CIS-2.0": [ - "5.2.10" - ], - "ProwlerThreatScore-1.0": [ - "3.3.12" - ], - "ISO27001-2022": [ - "A.5.7", - "A.8.1", - "A.8.16" - ], - "SOC2": [ - "cc_2_1", - "cc_5_2", - "cc_7_3", - "cc_7_4", - "cc_8_1" - ], - "CIS-2.1": [ - "5.2.10" - ], - "CIS-3.0": [ - "6.2.10" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR02", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN07.AR02" - ], - "CIS-4.0": [ - "7.1.2.10" - ], - "NIS2": [ - "2.2.3", - "3.2.1", - "3.2.2", - "3.2.3.a", - "3.2.3.f", - "3.2.4", - "3.4.1", - "3.5.4", - "4.3.2.c", - "6.4.1", - "7.2.b", - "11.5.2.d" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900353, - "created_time_dt": "2025-10-19T18:59:13.053300", - "desc": "Create an activity log alert for the Delete Public IP Address rule.", - "title": "Ensure that Activity Log Alert exists for Delete Public IP Address rule", - "types": [], - "uid": "prowler-azure-monitor_alert_delete_public_ip_address_rule-3bb71587-4549-4396-8898-9e15f062e665-global-Monitor" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "monitor" - }, - "labels": [], - "name": "Monitor", - "type": "Monitor", - "uid": "Monitor" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. Navigate to the Monitor blade. 2. Select Alerts. 3. Select Create. 4. Select Alert rule. 5. Under Filter by subscription, choose a subscription. 6. Under Filter by resource type, select Public IP addresses. 7. Under Filter by location, select All. 8. From the results, select the subscription. 9. Select Done. 10. Select the Condition tab. 11. Under Signal name, click Delete Public Ip Address (Microsoft.Network/publicIPAddresses). 12. Select the Actions tab. 13. To use an existing action group, click Select action groups. To create a new action group, click Create action group. Fill out the appropriate details for the selection. 14. Select the Details tab. 15. Select a Resource group, provide an Alert rule name and an optional Alert rule description. 16. Click Review + create. 17. Click Create.", - "references": [ - "https://azure.microsoft.com/en-us/updates/classic-alerting-monitoring-retirement" - ] - }, - "risk_details": "Monitoring for Delete Public IP Address events gives insight into network access changes and may reduce the time it takes to detect suspicious activity.", - "time": 1760900353, - "time_dt": "2025-10-19T18:59:13.053300", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There is not an alert for deleting Security Solution in subscription Azure subscription 1.", - "metadata": { - "event_code": "monitor_alert_delete_security_solution", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "There is not an alert for deleting Security Solution in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-in/azure/azure-monitor/platform/alerts-activity-log", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "By default, no monitoring alerts are created.", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.2" - ], - "MITRE-ATTACK": [ - "T1485", - "T1496" - ], - "CIS-2.0": [ - "5.2.6" - ], - "ProwlerThreatScore-1.0": [ - "3.3.8" - ], - "ISO27001-2022": [ - "A.5.7", - "A.5.16", - "A.5.22", - "A.8.16" - ], - "SOC2": [ - "cc_2_1", - "cc_5_2", - "cc_7_3", - "cc_7_4", - "cc_8_1" - ], - "CIS-2.1": [ - "5.2.6" - ], - "CIS-3.0": [ - "6.2.6" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR02", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN07.AR02" - ], - "CIS-4.0": [ - "7.1.2.6" - ], - "NIS2": [ - "2.2.3", - "3.2.1", - "3.2.2", - "3.2.3.f", - "3.2.4", - "3.4.1", - "3.5.4", - "4.3.2.c", - "6.4.1", - "7.2.b", - "11.5.2.d" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900353, - "created_time_dt": "2025-10-19T18:59:13.053300", - "desc": "Create an activity log alert for the Delete Security Solution event.", - "title": "Ensure that Activity Log Alert exists for Delete Security Solution", - "types": [], - "uid": "prowler-azure-monitor_alert_delete_security_solution-3bb71587-4549-4396-8898-9e15f062e665-global-Monitor" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "monitor" - }, - "labels": [], - "name": "Monitor", - "type": "Monitor", - "uid": "Monitor" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. Navigate to the Monitor blade. 2. Select Alerts. 3. Select Create. 4. Select Alert rule. 5. Under Filter by subscription, choose a subscription. 6. Under Filter by resource type, select Security Solutions (securitySolutions). 7. Under Filter by location, select All. 8. From the results, select the subscription. 9. Select Done. 10. Select the Condition tab. 11. Under Signal name, click Delete Security Solutions (Microsoft.Security/securitySolutions). 12. Select the Actions tab. 13. To use an existing action group, click Select action groups. To create a new action group, click Create action group. Fill out the appropriate details for the selection. 14. Select the Details tab. 15. Select a Resource group, provide an Alert rule name and an optional Alert rule description. 16. Click Review + create. 17. Click Create.curitySolutions). 7. Under Filter by location, select All. 8. From the results, select the subscription. 9. Select Done. 10. Select the Condition tab. 11. Under Signal name, click Create or Update Security Solutions (Microsoft.Security/securitySolutions). 12. Select the Actions tab. 13. To use an existing action group, click Select action groups. To create a new action group, click Create action group. Fill out the appropriate details for the selection. 14. Select the Details tab. 15. Select a Resource group, provide an Alert rule name and an optional Alert rule description. 16. Click Review + create. 17. Click Create.", - "references": [ - "https://azure.microsoft.com/en-us/updates/classic-alerting-monitoring-retirement" - ] - }, - "risk_details": "Monitoring for Delete Security Solution events gives insight into changes to the active security solutions and may reduce the time it takes to detect suspicious activity.", - "time": 1760900353, - "time_dt": "2025-10-19T18:59:13.053300", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There is not an alert for deleting SQL Server firewall rule in subscription Azure subscription 1.", - "metadata": { - "event_code": "monitor_alert_delete_sqlserver_fr", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "There is not an alert for deleting SQL Server firewall rule in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-in/azure/azure-monitor/platform/alerts-activity-log", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "By default, no monitoring alerts are created.", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.2" - ], - "MITRE-ATTACK": [ - "T1485", - "T1496" - ], - "CIS-2.0": [ - "5.2.8" - ], - "ProwlerThreatScore-1.0": [ - "3.3.10" - ], - "ISO27001-2022": [ - "A.5.7", - "A.8.16" - ], - "SOC2": [ - "cc_2_1", - "cc_5_2", - "cc_7_3", - "cc_7_4", - "cc_8_1" - ], - "CIS-2.1": [ - "5.2.8" - ], - "CIS-3.0": [ - "6.2.8" - ], - "CCC": [ - "CCC.Logging.CN07.AR01" - ], - "CIS-4.0": [ - "7.1.2.8" - ], - "NIS2": [ - "2.2.3", - "3.2.1", - "3.2.2", - "3.2.3.f", - "3.2.4", - "3.4.1", - "3.5.4", - "4.3.2.c", - "6.4.1", - "7.2.b", - "11.3.1", - "11.5.2.d" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900353, - "created_time_dt": "2025-10-19T18:59:13.053300", - "desc": "Create an activity log alert for the 'Delete SQL Server Firewall Rule.'", - "title": "Ensure that Activity Log Alert exists for Delete SQL Server Firewall Rule", - "types": [], - "uid": "prowler-azure-monitor_alert_delete_sqlserver_fr-3bb71587-4549-4396-8898-9e15f062e665-global-Monitor" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "monitor" - }, - "labels": [], - "name": "Monitor", - "type": "Monitor", - "uid": "Monitor" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. Navigate to the Monitor blade. 2. Select Alerts. 3. Select Create. 4. Select Alert rule. 5. Under Filter by subscription, choose a subscription. 6. Under Filter by resource type, select Server Firewall Rule (servers/firewallRules). 7. Under Filter by location, select All. 8. From the results, select the subscription. 9. Select Done. 10. Select the Condition tab. 11. Under Signal name, click Delete server firewall rule (Microsoft.Sql/servers/firewallRules). 12. Select the Actions tab. 13. To use an existing action group, click Select action groups. To create a new action group, click Create action group. Fill out the appropriate details for the selection. 14. Select the Details tab. 15. Select a Resource group, provide an Alert rule name and an optional Alert rule description. 16. Click Review + create. 17. Click Create.", - "references": [ - "https://azure.microsoft.com/en-us/updates/classic-alerting-monitoring-retirement" - ] - }, - "risk_details": "Monitoring for Delete SQL Server Firewall Rule events gives insight into SQL network access changes and may reduce the time it takes to detect suspicious activity.", - "time": 1760900353, - "time_dt": "2025-10-19T18:59:13.053300", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There is no activity log alert for Service Health in subscription Azure subscription 1.", - "metadata": { - "event_code": "monitor_alert_service_health_exists", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "There is no activity log alert for Service Health in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/service-health/overview", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "By default, in your Azure subscription there will not be any activity log alerts configured for Service Health events.", - "compliance": { - "CCC": [ - "CCC.AuditLog.CN03.AR02", - "CCC.KeyMgmt.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN07.AR02" - ], - "CIS-4.0": [ - "7.1.2.11" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900353, - "created_time_dt": "2025-10-19T18:59:13.053300", - "desc": "Ensure that an Azure activity log alert is configured to trigger when Service Health events occur within your Microsoft Azure cloud account. The alert should activate when new events match the specified conditions in the alert rule configuration.", - "title": "Ensure that an Activity Log Alert exists for Service Health", - "types": [], - "uid": "prowler-azure-monitor_alert_service_health_exists-3bb71587-4549-4396-8898-9e15f062e665-global-Monitor" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "monitor" - }, - "labels": [], - "name": "Monitor", - "type": "Monitor", - "uid": "Monitor" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "Create an activity log alert for Service Health events and configure an action group to notify appropriate personnel.", - "references": [ - "https://learn.microsoft.com/en-us/azure/service-health/alerts-activity-log-service-notifications-portal" - ] - }, - "risk_details": "Lack of monitoring for Service Health events may result in missing critical service issues, planned maintenance, security advisories, or other changes that could impact Azure services and regions in use.", - "time": 1760900353, - "time_dt": "2025-10-19T18:59:13.053300", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There are no diagnostic settings capturing appropiate categories in subscription Azure subscription 1.", - "metadata": { - "event_code": "monitor_diagnostic_setting_with_appropriate_categories", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "There are no diagnostic settings capturing appropiate categories in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/azure-monitor/essentials/diagnostic-settings", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "When the diagnostic setting is created using Azure Portal, by default no categories are selected.", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.az.md.1", - "op.mon.2.az.md.1" - ], - "CIS-2.0": [ - "5.1.2" - ], - "ProwlerThreatScore-1.0": [ - "3.3.2" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.22" - ], - "SOC2": [ - "cc_8_1" - ], - "CIS-2.1": [ - "5.1.2" - ], - "CIS-3.0": [ - "6.1.2" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR02", - "CCC.AuditLog.CN04.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.LB.CN01.AR02", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.ObjStor.CN06.AR01", - "CCC.Core.CN09.AR02", - "CCC.Core.CN09.AR03", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR02", - "CCC.Core.CN04.AR03", - "CCC.Core.CN07.AR02" - ], - "PCI-4.0": [ - "10.2.1.1.7", - "10.2.1.1.15", - "10.2.1.2.7", - "10.2.1.3.7", - "10.2.1.4.7", - "10.2.1.5.7", - "10.2.1.6.7", - "10.2.1.7.7", - "10.2.1.7", - "10.2.2.7", - "10.3.1.7", - "10.3.2.2", - "10.3.3.4", - "10.3.4.3", - "10.4.1.1.3", - "10.4.1.1.4", - "10.4.1.3", - "10.4.2.4", - "10.5.1.3", - "10.6.3.7", - "10.6.3.15", - "10.7.1.5", - "10.7.2.5", - "11.5.2.4", - "11.6.1.4", - "12.10.5.4", - "5.3.4.7", - "5.3.4.8", - "A1.2.1.7", - "A1.2.1.8", - "A3.3.1.6", - "A3.3.1.7", - "A3.5.1.6", - "A3.5.1.7" - ], - "CIS-4.0": [ - "7.1.1.2" - ], - "NIS2": [ - "2.2.3", - "3.2.1", - "3.2.2", - "3.2.3.c", - "3.2.3.f", - "3.4.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900353, - "created_time_dt": "2025-10-19T18:59:13.053300", - "desc": "Prerequisite: A Diagnostic Setting must exist. If a Diagnostic Setting does not exist, the navigation and options within this recommendation will not be available. Please review the recommendation at the beginning of this subsection titled: 'Ensure that a 'Diagnostic Setting' exists.' The diagnostic setting should be configured to log the appropriate activities from the control/management plane.", - "title": "Ensure Diagnostic Setting captures appropriate categories", - "types": [], - "uid": "prowler-azure-monitor_diagnostic_setting_with_appropriate_categories-3bb71587-4549-4396-8898-9e15f062e665-global-Monitor" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "monitor" - }, - "labels": [], - "name": "Monitor", - "type": "Monitor", - "uid": "Monitor" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. Go to Azure Monitor 2. Click Activity log 3. Click on Export Activity Logs 4. Select the Subscription from the drop down menu 5. Click on Add diagnostic setting 6. Enter a name for your new Diagnostic Setting 7. Check the following categories: Administrative, Alert, Policy, and Security 8. Choose the destination details according to your organization's needs.", - "references": [ - "https://learn.microsoft.com/en-us/azure/storage/common/manage-storage-analytics-logs?toc=%2Fazure%2Fstorage%2Fblobs%2Ftoc.json&bc=%2Fazure%2Fstorage%2Fblobs%2Fbreadcrumb%2Ftoc.json&tabs=azure-portal" - ] - }, - "risk_details": "A diagnostic setting controls how the diagnostic log is exported. Capturing the diagnostic setting categories for appropriate control/management plane activities allows proper alerting.", - "time": 1760900353, - "time_dt": "2025-10-19T18:59:13.053300", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No diagnostic settings found in subscription Azure subscription 1.", - "metadata": { - "event_code": "monitor_diagnostic_settings_exists", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "No diagnostic settings found in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/cli/azure/monitor/diagnostic-settings?view=azure-cli-latest", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "By default, diagnostic setting is not set.", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.r5.az.ds.1", - "op.mon.2.r2.az.ma.1" - ], - "CIS-2.0": [ - "5.1.1" - ], - "ProwlerThreatScore-1.0": [ - "3.2.3" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.22" - ], - "SOC2": [ - "cc_8_1" - ], - "CIS-2.1": [ - "5.1.1" - ], - "CIS-3.0": [ - "6.1.1" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN03.AR02", - "CCC.AuditLog.CN04.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.AuditLog.CN06.AR01", - "CCC.AuditLog.CN08.AR01", - "CCC.AuditLog.CN09.AR01", - "CCC.KeyMgmt.CN01.AR01", - "CCC.LB.CN01.AR02", - "CCC.LB.CN06.AR01", - "CCC.LB.CN04.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.AuditLog.CN04.AR01", - "CCC.Logging.CN05.AR01", - "CCC.Logging.CN05.AR02", - "CCC.Logging.CN07.AR01", - "CCC.ObjStor.CN06.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN09.AR01", - "CCC.Core.CN09.AR02", - "CCC.Core.CN09.AR03", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR02", - "CCC.Core.CN04.AR03", - "CCC.Core.CN07.AR02" - ], - "CIS-4.0": [ - "7.1.1.1" - ], - "NIS2": [ - "2.2.3", - "3.2.1", - "3.2.2", - "3.2.3.b", - "3.2.3.c", - "3.2.3.f", - "3.2.3.h", - "3.4.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900353, - "created_time_dt": "2025-10-19T18:59:13.053300", - "desc": "Enable Diagnostic settings for exporting activity logs. Diagnostic settings are available for each individual resource within a subscription. Settings should be configured for all appropriate resources for your environment.", - "title": "Ensure that a 'Diagnostic Setting' exists for Subscription Activity Logs ", - "types": [], - "uid": "prowler-azure-monitor_diagnostic_settings_exists-3bb71587-4549-4396-8898-9e15f062e665-global-Diagnostic Settings" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "monitor" - }, - "labels": [], - "name": "Diagnostic Settings", - "type": "Monitor", - "uid": "diagnostic_settings" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "To enable Diagnostic Settings on a Subscription: 1. Go to Monitor 2. Click on Activity Log 3. Click on Export Activity Logs 4. Click + Add diagnostic setting 5. Enter a Diagnostic setting name 6. Select Categories for the diagnostic settings 7. Select the appropriate Destination details (this may be Log Analytics, Storage Account, Event Hub, or Partner solution) 8. Click Save To enable Diagnostic Settings on a specific resource: 1. Go to Monitor 2. Click Diagnostic settings 3. Click on the resource that has a diagnostics status of disabled 4. Select Add Diagnostic Setting 5. Enter a Diagnostic setting name 6. Select the appropriate log, metric, and destination. (this may be Log Analytics, Storage Account, Event Hub, or Partner solution) 7. Click save Repeat these step for all resources as needed.", - "references": [ - "https://docs.microsoft.com/en-us/azure/monitoring-and-diagnostics/monitoring-overview-activity-logs#export-the-activity-log-with-a-log-profile" - ] - }, - "risk_details": "A diagnostic setting controls how a diagnostic log is exported. By default, logs are retained only for 90 days. Diagnostic settings should be defined so that logs can be exported and stored for a longer duration in order to analyze security activities within an Azure subscription.", - "time": 1760900353, - "time_dt": "2025-10-19T18:59:13.053300", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Bastion Host from subscription Azure subscription 1 does not exist", - "metadata": { - "event_code": "network_bastion_host_exists", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Bastion Host from subscription Azure subscription 1 does not exist", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/bastion/bastion-overview#sku", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "The Azure Bastion service incurs additional costs and requires a specific virtual network configuration. The Standard tier offers additional configuration options compared to the Basic tier and may incur additional costs for those added features.", - "compliance": { - "ENS-RD2022": [ - "mp.com.4.r4.az.nt.1" - ], - "CIS-2.0": [ - "7.1" - ], - "ProwlerThreatScore-1.0": [ - "2.1.5" - ], - "ISO27001-2022": [ - "A.8.14", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "CIS-2.1": [ - "7.1" - ], - "CIS-3.0": [ - "8.1" - ], - "CIS-4.0": [ - "9.4.1" - ], - "NIS2": [ - "2.3.1", - "6.7.2.b", - "6.7.2.l", - "11.1.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900353, - "created_time_dt": "2025-10-19T18:59:13.053300", - "desc": "The Azure Bastion service allows secure remote access to Azure Virtual Machines over the Internet without exposing remote access protocol ports and services directly to the Internet. The Azure Bastion service provides this access using TLS over 443/TCP, and subscribes to hardened configurations within an organization's Azure Active Directory service.", - "title": "Ensure an Azure Bastion Host Exists", - "types": [], - "uid": "prowler-azure-network_bastion_host_exists-3bb71587-4549-4396-8898-9e15f062e665-global-Bastion Host" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "network" - }, - "labels": [], - "name": "Bastion Host", - "type": "Network", - "uid": "Bastion Host" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "From Azure Portal* 1. Click on Bastions 2. Select the Subscription 3. Select the Resource group 4. Type a Name for the new Bastion host 5. Select a Region 6. Choose Standard next to Tier 7. Use the slider to set the Instance count 8. Select the Virtual network or Create new 9. Select the Subnet named AzureBastionSubnet. Create a Subnet named AzureBastionSubnet using a /26 CIDR range if it doesn't already exist. 10. Selct the appropriate Public IP address option. 11. If Create new is selected for the Public IP address option, provide a Public IP address name. 12. If Use existing is selected for Public IP address option, select an IP address from Choose public IP address 13. Click Next: Tags > 14. Configure the appropriate Tags 15. Click Next: Advanced > 16. Select the appropriate Advanced options 17. Click Next: Review + create > 18. Click Create From Azure CLI az network bastion create --location --name --public-ip-address --resource-group --vnet-name --scale-units --sku Standard [--disable-copy- paste true|false] [--enable-ip-connect true|false] [--enable-tunneling true|false] From PowerShell Create the appropriate Virtual network settings and Public IP Address settings. $subnetName = 'AzureBastionSubnet' $subnet = New-AzVirtualNetworkSubnetConfig -Name $subnetName -AddressPrefix $virtualNet = New-AzVirtualNetwork -Name - ResourceGroupName -Location -AddressPrefix -Subnet $subnet $publicip = New-AzPublicIpAddress -ResourceGroupName - Name -Location -AllocationMethod Dynamic -Sku Standard", - "references": [ - "https://learn.microsoft.com/en-us/powershell/module/az.network/get-azbastion?view=azps-9.2.0" - ] - }, - "risk_details": "The Azure Bastion service allows organizations a more secure means of accessing Azure Virtual Machines over the Internet without assigning public IP addresses to those Virtual Machines. The Azure Bastion service provides Remote Desktop Protocol (RDP) and Secure Shell (SSH) access to Virtual Machines using TLS within a web browser, thus preventing organizations from opening up 3389/TCP and 22/TCP to the Internet on Azure Virtual Machines. Additional benefits of the Bastion service includes Multi-Factor Authentication, Conditional Access Policies, and any other hardening measures configured within Azure Active Directory using a central point of access.", - "time": 1760900353, - "time_dt": "2025-10-19T18:59:13.053300", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Network Watcher NetworkWatcher_southcentralus from subscription Azure subscription 1 has no flow logs", - "metadata": { - "event_code": "network_flow_log_captured_sent", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Network Watcher NetworkWatcher_southcentralus from subscription Azure subscription 1 has no flow logs", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/security/benchmark/azure/mcsb-logging-threat-detection#lt-4-enable-network-logging-for-security-investigation", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "The impact of configuring NSG Flow logs is primarily one of cost and configuration. If deployed, it will create storage accounts that hold minimal amounts of data on a 5-day lifecycle before feeding to Log Analytics Workspace. This will increase the amount of data stored and used by Azure Monitor.", - "compliance": { - "ENS-RD2022": [ - "op.mon.1.r1.az.nf.1", - "op.mon.3.az.nw.1", - "mp.s.4.r1.az.nt.1" - ], - "MITRE-ATTACK": [ - "T1048", - "T1499" - ], - "CIS-2.0": [ - "5.1.6" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "ISO27001-2022": [ - "A.8.14", - "A.8.15", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "5.1.5" - ], - "CIS-3.0": [ - "6.1.5" - ], - "CCC": [ - "CCC.LB.CN01.AR02", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR01", - "CCC.Core.CN09.AR03", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR02", - "CCC.Core.CN04.AR03" - ], - "CIS-4.0": [ - "7.1.1.5" - ], - "NIS2": [ - "2.1.2.h", - "2.3.1", - "3.2.3.a", - "3.2.3.d", - "3.2.3.g", - "6.7.2.b", - "6.7.2.l", - "11.1.1", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900353, - "created_time_dt": "2025-10-19T18:59:13.053300", - "desc": "Ensure that network flow logs are captured and fed into a central log analytics workspace.", - "title": "Ensure that network flow logs are captured and fed into a central log analytics workspace.", - "types": [], - "uid": "prowler-azure-network_flow_log_captured_sent-3bb71587-4549-4396-8898-9e15f062e665-southcentralus-NetworkWatcher_southcentralus" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "southcentralus", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_southcentralus", - "name": "NetworkWatcher_southcentralus", - "location": "southcentralus", - "flow_logs": [] - } - }, - "group": { - "name": "network" - }, - "labels": [], - "name": "NetworkWatcher_southcentralus", - "type": "Network", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_southcentralus" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "southcentralus" - }, - "remediation": { - "desc": "1. Navigate to Network Watcher. 2. Select NSG flow logs. 3. Select + Create. 4. Select the desired Subscription. 5. Select + Select NSG. 6. Select a network security group. 7. Click Confirm selection. 8. Select or create a new Storage Account. 9. Input the retention in days to retain the log. 10. Click Next. 11. Under Configuration, select Version 2. 12. If rich analytics are required, select Enable Traffic Analytics, a processing interval, and a Log Analytics Workspace. 13. Select Next. 14. Optionally add Tags. 15. Select Review + create. 16. Select Create. Warning The remediation policy creates remediation deployment and names them by concatenating the subscription name and the resource group name. The MAXIMUM permitted length of a deployment name is 64 characters. Exceeding this will cause the remediation task to fail.", - "references": [ - "https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-nsg-flow-logging-portal" - ] - }, - "risk_details": "Network Flow Logs provide valuable insight into the flow of traffic around your network and feed into both Azure Monitor and Azure Sentinel (if in use), permitting the generation of visual flow diagrams to aid with analyzing for lateral movement, etc.", - "time": 1760900353, - "time_dt": "2025-10-19T18:59:13.053300", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Network Watcher NetworkWatcher_centralindia from subscription Azure subscription 1 has no flow logs", - "metadata": { - "event_code": "network_flow_log_captured_sent", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Network Watcher NetworkWatcher_centralindia from subscription Azure subscription 1 has no flow logs", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/security/benchmark/azure/mcsb-logging-threat-detection#lt-4-enable-network-logging-for-security-investigation", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "The impact of configuring NSG Flow logs is primarily one of cost and configuration. If deployed, it will create storage accounts that hold minimal amounts of data on a 5-day lifecycle before feeding to Log Analytics Workspace. This will increase the amount of data stored and used by Azure Monitor.", - "compliance": { - "ENS-RD2022": [ - "op.mon.1.r1.az.nf.1", - "op.mon.3.az.nw.1", - "mp.s.4.r1.az.nt.1" - ], - "MITRE-ATTACK": [ - "T1048", - "T1499" - ], - "CIS-2.0": [ - "5.1.6" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "ISO27001-2022": [ - "A.8.14", - "A.8.15", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "5.1.5" - ], - "CIS-3.0": [ - "6.1.5" - ], - "CCC": [ - "CCC.LB.CN01.AR02", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR01", - "CCC.Core.CN09.AR03", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR02", - "CCC.Core.CN04.AR03" - ], - "CIS-4.0": [ - "7.1.1.5" - ], - "NIS2": [ - "2.1.2.h", - "2.3.1", - "3.2.3.a", - "3.2.3.d", - "3.2.3.g", - "6.7.2.b", - "6.7.2.l", - "11.1.1", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900353, - "created_time_dt": "2025-10-19T18:59:13.053300", - "desc": "Ensure that network flow logs are captured and fed into a central log analytics workspace.", - "title": "Ensure that network flow logs are captured and fed into a central log analytics workspace.", - "types": [], - "uid": "prowler-azure-network_flow_log_captured_sent-3bb71587-4549-4396-8898-9e15f062e665-centralindia-NetworkWatcher_centralindia" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "centralindia", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_centralindia", - "name": "NetworkWatcher_centralindia", - "location": "centralindia", - "flow_logs": [] - } - }, - "group": { - "name": "network" - }, - "labels": [], - "name": "NetworkWatcher_centralindia", - "type": "Network", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_centralindia" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "centralindia" - }, - "remediation": { - "desc": "1. Navigate to Network Watcher. 2. Select NSG flow logs. 3. Select + Create. 4. Select the desired Subscription. 5. Select + Select NSG. 6. Select a network security group. 7. Click Confirm selection. 8. Select or create a new Storage Account. 9. Input the retention in days to retain the log. 10. Click Next. 11. Under Configuration, select Version 2. 12. If rich analytics are required, select Enable Traffic Analytics, a processing interval, and a Log Analytics Workspace. 13. Select Next. 14. Optionally add Tags. 15. Select Review + create. 16. Select Create. Warning The remediation policy creates remediation deployment and names them by concatenating the subscription name and the resource group name. The MAXIMUM permitted length of a deployment name is 64 characters. Exceeding this will cause the remediation task to fail.", - "references": [ - "https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-nsg-flow-logging-portal" - ] - }, - "risk_details": "Network Flow Logs provide valuable insight into the flow of traffic around your network and feed into both Azure Monitor and Azure Sentinel (if in use), permitting the generation of visual flow diagrams to aid with analyzing for lateral movement, etc.", - "time": 1760900353, - "time_dt": "2025-10-19T18:59:13.053300", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Network Watcher NetworkWatcher_westus2 from subscription Azure subscription 1 has no flow logs", - "metadata": { - "event_code": "network_flow_log_captured_sent", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Network Watcher NetworkWatcher_westus2 from subscription Azure subscription 1 has no flow logs", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/security/benchmark/azure/mcsb-logging-threat-detection#lt-4-enable-network-logging-for-security-investigation", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "The impact of configuring NSG Flow logs is primarily one of cost and configuration. If deployed, it will create storage accounts that hold minimal amounts of data on a 5-day lifecycle before feeding to Log Analytics Workspace. This will increase the amount of data stored and used by Azure Monitor.", - "compliance": { - "ENS-RD2022": [ - "op.mon.1.r1.az.nf.1", - "op.mon.3.az.nw.1", - "mp.s.4.r1.az.nt.1" - ], - "MITRE-ATTACK": [ - "T1048", - "T1499" - ], - "CIS-2.0": [ - "5.1.6" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "ISO27001-2022": [ - "A.8.14", - "A.8.15", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "5.1.5" - ], - "CIS-3.0": [ - "6.1.5" - ], - "CCC": [ - "CCC.LB.CN01.AR02", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR01", - "CCC.Core.CN09.AR03", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR02", - "CCC.Core.CN04.AR03" - ], - "CIS-4.0": [ - "7.1.1.5" - ], - "NIS2": [ - "2.1.2.h", - "2.3.1", - "3.2.3.a", - "3.2.3.d", - "3.2.3.g", - "6.7.2.b", - "6.7.2.l", - "11.1.1", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900353, - "created_time_dt": "2025-10-19T18:59:13.053300", - "desc": "Ensure that network flow logs are captured and fed into a central log analytics workspace.", - "title": "Ensure that network flow logs are captured and fed into a central log analytics workspace.", - "types": [], - "uid": "prowler-azure-network_flow_log_captured_sent-3bb71587-4549-4396-8898-9e15f062e665-westus2-NetworkWatcher_westus2" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "westus2", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_westus2", - "name": "NetworkWatcher_westus2", - "location": "westus2", - "flow_logs": [] - } - }, - "group": { - "name": "network" - }, - "labels": [], - "name": "NetworkWatcher_westus2", - "type": "Network", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_westus2" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "westus2" - }, - "remediation": { - "desc": "1. Navigate to Network Watcher. 2. Select NSG flow logs. 3. Select + Create. 4. Select the desired Subscription. 5. Select + Select NSG. 6. Select a network security group. 7. Click Confirm selection. 8. Select or create a new Storage Account. 9. Input the retention in days to retain the log. 10. Click Next. 11. Under Configuration, select Version 2. 12. If rich analytics are required, select Enable Traffic Analytics, a processing interval, and a Log Analytics Workspace. 13. Select Next. 14. Optionally add Tags. 15. Select Review + create. 16. Select Create. Warning The remediation policy creates remediation deployment and names them by concatenating the subscription name and the resource group name. The MAXIMUM permitted length of a deployment name is 64 characters. Exceeding this will cause the remediation task to fail.", - "references": [ - "https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-nsg-flow-logging-portal" - ] - }, - "risk_details": "Network Flow Logs provide valuable insight into the flow of traffic around your network and feed into both Azure Monitor and Azure Sentinel (if in use), permitting the generation of visual flow diagrams to aid with analyzing for lateral movement, etc.", - "time": 1760900353, - "time_dt": "2025-10-19T18:59:13.053300", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Network Watcher NetworkWatcher_southcentralus from subscription Azure subscription 1 has no flow logs", - "metadata": { - "event_code": "network_flow_log_more_than_90_days", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Network Watcher NetworkWatcher_southcentralus from subscription Azure subscription 1 has no flow logs", - "status_id": 1, - "unmapped": { - "related_url": " https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-nsg-flow-logging-overview", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "This will keep IP traffic logs for longer than 90 days. As a level 2, first determine your need to retain data, then apply your selection here. As this is data stored for longer, your monthly storage costs will increase depending on your data use.", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.r3.az.nt.1", - "op.mon.3.az.nw.1" - ], - "MITRE-ATTACK": [ - "T1499" - ], - "CIS-2.0": [ - "6.5" - ], - "ProwlerThreatScore-1.0": [ - "3.2.1" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1", - "cc_c_1_2" - ], - "CIS-2.1": [ - "6.5" - ], - "CIS-3.0": [ - "7.5" - ], - "CCC": [ - "CCC.Logging.CN02.AR01", - "CCC.Logging.CN02.AR02", - "CCC.VPC.CN04.AR01" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.29", - "10.2.1.3.29", - "10.2.1.4.29", - "10.2.1.5.29", - "10.2.1.6.29", - "10.2.1.7.29", - "10.2.1.29", - "10.2.2.29", - "10.3.1.29", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.34" - ], - "CIS-4.0": [ - "8.8", - "8.5" - ], - "NIS2": [ - "1.1.1.c", - "2.1.2.h", - "2.3.1", - "3.2.3.a", - "3.2.3.g", - "3.2.5", - "4.1.2.g", - "4.1.4", - "4.2.2.f", - "6.1.2.b", - "6.7.2.b", - "6.7.2.l", - "11.1.1", - "11.2.2.f", - "12.2.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900353, - "created_time_dt": "2025-10-19T18:59:13.053300", - "desc": "Network Security Group Flow Logs should be enabled and the retention period set to greater than or equal to 90 days.", - "title": "Ensure that Network Security Group Flow Log retention period is 0, 90 days or greater", - "types": [], - "uid": "prowler-azure-network_flow_log_more_than_90_days-3bb71587-4549-4396-8898-9e15f062e665-southcentralus-NetworkWatcher_southcentralus" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "southcentralus", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_southcentralus", - "name": "NetworkWatcher_southcentralus", - "location": "southcentralus", - "flow_logs": [] - } - }, - "group": { - "name": "network" - }, - "labels": [], - "name": "NetworkWatcher_southcentralus", - "type": "Network", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_southcentralus" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "southcentralus" - }, - "remediation": { - "desc": "From Azure Portal 1. Go to Network Watcher 2. Select NSG flow logs blade in the Logs section 3. Select each Network Security Group from the list 4. Ensure Status is set to On 5. Ensure Retention (days) setting greater than 90 days 6. Select your storage account in the Storage account field 7. Select Save From Azure CLI Enable the NSG flow logs and set the Retention (days) to greater than or equal to 90 days. az network watcher flow-log configure --nsg --enabled true --resource-group --retention 91 --storage-account ", - "references": [ - "https://docs.microsoft.com/en-us/cli/azure/network/watcher/flow-log?view=azure-cli-latest" - ] - }, - "risk_details": "Flow logs enable capturing information about IP traffic flowing in and out of network security groups. Logs can be used to check for anomalies and give insight into suspected breaches.", - "time": 1760900353, - "time_dt": "2025-10-19T18:59:13.053300", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Network Watcher NetworkWatcher_centralindia from subscription Azure subscription 1 has no flow logs", - "metadata": { - "event_code": "network_flow_log_more_than_90_days", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Network Watcher NetworkWatcher_centralindia from subscription Azure subscription 1 has no flow logs", - "status_id": 1, - "unmapped": { - "related_url": " https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-nsg-flow-logging-overview", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "This will keep IP traffic logs for longer than 90 days. As a level 2, first determine your need to retain data, then apply your selection here. As this is data stored for longer, your monthly storage costs will increase depending on your data use.", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.r3.az.nt.1", - "op.mon.3.az.nw.1" - ], - "MITRE-ATTACK": [ - "T1499" - ], - "CIS-2.0": [ - "6.5" - ], - "ProwlerThreatScore-1.0": [ - "3.2.1" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1", - "cc_c_1_2" - ], - "CIS-2.1": [ - "6.5" - ], - "CIS-3.0": [ - "7.5" - ], - "CCC": [ - "CCC.Logging.CN02.AR01", - "CCC.Logging.CN02.AR02", - "CCC.VPC.CN04.AR01" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.29", - "10.2.1.3.29", - "10.2.1.4.29", - "10.2.1.5.29", - "10.2.1.6.29", - "10.2.1.7.29", - "10.2.1.29", - "10.2.2.29", - "10.3.1.29", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.34" - ], - "CIS-4.0": [ - "8.8", - "8.5" - ], - "NIS2": [ - "1.1.1.c", - "2.1.2.h", - "2.3.1", - "3.2.3.a", - "3.2.3.g", - "3.2.5", - "4.1.2.g", - "4.1.4", - "4.2.2.f", - "6.1.2.b", - "6.7.2.b", - "6.7.2.l", - "11.1.1", - "11.2.2.f", - "12.2.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900353, - "created_time_dt": "2025-10-19T18:59:13.053300", - "desc": "Network Security Group Flow Logs should be enabled and the retention period set to greater than or equal to 90 days.", - "title": "Ensure that Network Security Group Flow Log retention period is 0, 90 days or greater", - "types": [], - "uid": "prowler-azure-network_flow_log_more_than_90_days-3bb71587-4549-4396-8898-9e15f062e665-centralindia-NetworkWatcher_centralindia" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "centralindia", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_centralindia", - "name": "NetworkWatcher_centralindia", - "location": "centralindia", - "flow_logs": [] - } - }, - "group": { - "name": "network" - }, - "labels": [], - "name": "NetworkWatcher_centralindia", - "type": "Network", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_centralindia" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "centralindia" - }, - "remediation": { - "desc": "From Azure Portal 1. Go to Network Watcher 2. Select NSG flow logs blade in the Logs section 3. Select each Network Security Group from the list 4. Ensure Status is set to On 5. Ensure Retention (days) setting greater than 90 days 6. Select your storage account in the Storage account field 7. Select Save From Azure CLI Enable the NSG flow logs and set the Retention (days) to greater than or equal to 90 days. az network watcher flow-log configure --nsg --enabled true --resource-group --retention 91 --storage-account ", - "references": [ - "https://docs.microsoft.com/en-us/cli/azure/network/watcher/flow-log?view=azure-cli-latest" - ] - }, - "risk_details": "Flow logs enable capturing information about IP traffic flowing in and out of network security groups. Logs can be used to check for anomalies and give insight into suspected breaches.", - "time": 1760900353, - "time_dt": "2025-10-19T18:59:13.053300", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Network Watcher NetworkWatcher_westus2 from subscription Azure subscription 1 has no flow logs", - "metadata": { - "event_code": "network_flow_log_more_than_90_days", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Network Watcher NetworkWatcher_westus2 from subscription Azure subscription 1 has no flow logs", - "status_id": 1, - "unmapped": { - "related_url": " https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-nsg-flow-logging-overview", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "This will keep IP traffic logs for longer than 90 days. As a level 2, first determine your need to retain data, then apply your selection here. As this is data stored for longer, your monthly storage costs will increase depending on your data use.", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.r3.az.nt.1", - "op.mon.3.az.nw.1" - ], - "MITRE-ATTACK": [ - "T1499" - ], - "CIS-2.0": [ - "6.5" - ], - "ProwlerThreatScore-1.0": [ - "3.2.1" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1", - "cc_c_1_2" - ], - "CIS-2.1": [ - "6.5" - ], - "CIS-3.0": [ - "7.5" - ], - "CCC": [ - "CCC.Logging.CN02.AR01", - "CCC.Logging.CN02.AR02", - "CCC.VPC.CN04.AR01" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.29", - "10.2.1.3.29", - "10.2.1.4.29", - "10.2.1.5.29", - "10.2.1.6.29", - "10.2.1.7.29", - "10.2.1.29", - "10.2.2.29", - "10.3.1.29", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.34" - ], - "CIS-4.0": [ - "8.8", - "8.5" - ], - "NIS2": [ - "1.1.1.c", - "2.1.2.h", - "2.3.1", - "3.2.3.a", - "3.2.3.g", - "3.2.5", - "4.1.2.g", - "4.1.4", - "4.2.2.f", - "6.1.2.b", - "6.7.2.b", - "6.7.2.l", - "11.1.1", - "11.2.2.f", - "12.2.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900353, - "created_time_dt": "2025-10-19T18:59:13.053300", - "desc": "Network Security Group Flow Logs should be enabled and the retention period set to greater than or equal to 90 days.", - "title": "Ensure that Network Security Group Flow Log retention period is 0, 90 days or greater", - "types": [], - "uid": "prowler-azure-network_flow_log_more_than_90_days-3bb71587-4549-4396-8898-9e15f062e665-westus2-NetworkWatcher_westus2" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "westus2", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_westus2", - "name": "NetworkWatcher_westus2", - "location": "westus2", - "flow_logs": [] - } - }, - "group": { - "name": "network" - }, - "labels": [], - "name": "NetworkWatcher_westus2", - "type": "Network", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_westus2" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "westus2" - }, - "remediation": { - "desc": "From Azure Portal 1. Go to Network Watcher 2. Select NSG flow logs blade in the Logs section 3. Select each Network Security Group from the list 4. Ensure Status is set to On 5. Ensure Retention (days) setting greater than 90 days 6. Select your storage account in the Storage account field 7. Select Save From Azure CLI Enable the NSG flow logs and set the Retention (days) to greater than or equal to 90 days. az network watcher flow-log configure --nsg --enabled true --resource-group --retention 91 --storage-account ", - "references": [ - "https://docs.microsoft.com/en-us/cli/azure/network/watcher/flow-log?view=azure-cli-latest" - ] - }, - "risk_details": "Flow logs enable capturing information about IP traffic flowing in and out of network security groups. Logs can be used to check for anomalies and give insight into suspected breaches.", - "time": 1760900353, - "time_dt": "2025-10-19T18:59:13.053300", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Security Group nsg-lee8 from subscription Azure subscription 1 has HTTP internet access restricted.", - "metadata": { - "event_code": "network_http_internet_access_restricted", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Security Group nsg-lee8 from subscription Azure subscription 1 has HTTP internet access restricted.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/security/benchmark/azure/security-controls-v3-network-security#ns-1-establish-network-segmentation-boundaries", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.com.3.r2.az.tls.1", - "mp.com.4.r3.az.1", - "mp.com.4.r4.az.nt.1", - "mp.s.4.az.nt.1" - ], - "MITRE-ATTACK": [ - "T1199", - "T1048", - "T1499", - "T1498", - "T1046" - ], - "CIS-2.0": [ - "6.4" - ], - "ProwlerThreatScore-1.0": [ - "2.1.4" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "SOC2": [ - "cc_6_6" - ], - "CIS-2.1": [ - "6.4" - ], - "CIS-3.0": [ - "7.4" - ], - "CCC": [ - "CCC.Build.CN03.AR01", - "CCC.MLDE.CN07.AR01", - "CCC.MLDE.CN07.AR02", - "CCC.MLDE.CN08.AR01", - "CCC.MLDE.CN08.AR02", - "CCC.Core.CN06.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05" - ], - "PCI-4.0": [ - "1.2.5.5", - "1.2.8.25", - "1.3.1.28", - "1.3.2.28", - "1.4.1.6", - "1.4.2.26", - "1.4.4.6", - "1.5.1.25", - "2.2.5.5", - "2.2.7.3", - "4.2.1.1.7", - "4.2.1.3", - "8.3.2.6", - "A1.1.3.25" - ], - "CIS-4.0": [ - "8.4" - ], - "NIS2": [ - "1.1.1.c", - "1.2.1", - "2.3.1", - "6.7.2.b", - "6.7.2.l", - "11.1.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900353, - "created_time_dt": "2025-10-19T18:59:13.053300", - "desc": "Network security groups should be periodically evaluated for port misconfigurations. Where certain ports and protocols may be exposed to the Internet, they should be evaluated for necessity and restricted wherever they are not explicitly required and narrowly configured.", - "title": "Ensure that HTTP(S) access from the Internet is evaluated and restricted", - "types": [], - "uid": "prowler-azure-network_http_internet_access_restricted-3bb71587-4549-4396-8898-9e15f062e665-westus2-nsg-lee8" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "westus2", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-lee8/providers/Microsoft.Network/networkSecurityGroups/nsg-lee8", - "name": "nsg-lee8", - "location": "westus2", - "security_rules": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-lee8/providers/Microsoft.Network/networkSecurityGroups/nsg-lee8/securityRules/nsgr-lee8", - "name": "nsgr-lee8", - "destination_port_range": "*", - "protocol": "*", - "source_address_prefix": "192.168.0.0/24", - "access": "Deny", - "direction": "Outbound" - } - ] - } - }, - "group": { - "name": "network" - }, - "labels": [], - "name": "nsg-lee8", - "type": "Network", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-lee8/providers/Microsoft.Network/networkSecurityGroups/nsg-lee8" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "westus2" - }, - "remediation": { - "desc": "Where HTTP(S) is not explicitly required and narrowly configured for resources attached to the Network Security Group, Internet-level access to your Azure resources should be restricted or eliminated. For internal access to relevant resources, configure an encrypted network tunnel such as: ExpressRoute Site-to-site VPN Point-to-site VPN", - "references": [] - }, - "risk_details": "The potential security problem with using HTTP(S) over the Internet is that attackers can use various brute force techniques to gain access to Azure resources. Once the attackers gain access, they can use the resource as a launch point for compromising other resources within the Azure tenant.", - "time": 1760900353, - "time_dt": "2025-10-19T18:59:13.053300", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Security Group nsg-lee8 from subscription Azure subscription 1 has RDP internet access restricted.", - "metadata": { - "event_code": "network_rdp_internet_access_restricted", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Security Group nsg-lee8 from subscription Azure subscription 1 has RDP internet access restricted.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/azure/security/azure-security-network-security-best-practices#disable-rdpssh-access-to-azure-virtual-machines", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.com.1.az.nw.1" - ], - "MITRE-ATTACK": [ - "T1199", - "T1048", - "T1499", - "T1498", - "T1046" - ], - "CIS-2.0": [ - "6.1" - ], - "ProwlerThreatScore-1.0": [ - "2.1.1" - ], - "ISO27001-2022": [ - "A.8.14", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "SOC2": [ - "cc_6_6" - ], - "CIS-2.1": [ - "6.1" - ], - "CIS-3.0": [ - "7.1" - ], - "CCC": [ - "CCC.Build.CN03.AR01", - "CCC.MLDE.CN07.AR01", - "CCC.MLDE.CN07.AR02", - "CCC.MLDE.CN08.AR01", - "CCC.MLDE.CN08.AR02", - "CCC.Core.CN06.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05" - ], - "CIS-4.0": [ - "8.1" - ], - "NIS2": [ - "2.3.1", - "6.7.2.b", - "6.7.2.l", - "11.1.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900353, - "created_time_dt": "2025-10-19T18:59:13.053300", - "desc": "Network security groups should be periodically evaluated for port misconfigurations. Where certain ports and protocols may be exposed to the Internet, they should be evaluated for necessity and restricted wherever they are not explicitly required.", - "title": "Ensure that RDP access from the Internet is evaluated and restricted", - "types": [], - "uid": "prowler-azure-network_rdp_internet_access_restricted-3bb71587-4549-4396-8898-9e15f062e665-westus2-nsg-lee8" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "westus2", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-lee8/providers/Microsoft.Network/networkSecurityGroups/nsg-lee8", - "name": "nsg-lee8", - "location": "westus2", - "security_rules": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-lee8/providers/Microsoft.Network/networkSecurityGroups/nsg-lee8/securityRules/nsgr-lee8", - "name": "nsgr-lee8", - "destination_port_range": "*", - "protocol": "*", - "source_address_prefix": "192.168.0.0/24", - "access": "Deny", - "direction": "Outbound" - } - ] - } - }, - "group": { - "name": "network" - }, - "labels": [], - "name": "nsg-lee8", - "type": "Network", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-lee8/providers/Microsoft.Network/networkSecurityGroups/nsg-lee8" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "westus2" - }, - "remediation": { - "desc": "Where RDP is not explicitly required and narrowly configured for resources attached to the Network Security Group, Internet-level access to your Azure resources should be restricted or eliminated. For internal access to relevant resources, configure an encrypted network tunnel such as: ExpressRoute Site-to-site VPN Point-to-site VPN", - "references": [ - "https://docs.microsoft.com/en-us/security/benchmark/azure/security-controls-v3-network-security#ns-1-establish-network-segmentation-boundaries" - ] - }, - "risk_details": "The potential security problem with using RDP over the Internet is that attackers can use various brute force techniques to gain access to Azure Virtual Machines. Once the attackers gain access, they can use a virtual machine as a launch point for compromising other machines on an Azure Virtual Network or even attack networked devices outside of Azure.", - "time": 1760900353, - "time_dt": "2025-10-19T18:59:13.053300", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Security Group nsg-lee8 from subscription Azure subscription 1 has SSH internet access restricted.", - "metadata": { - "event_code": "network_ssh_internet_access_restricted", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Security Group nsg-lee8 from subscription Azure subscription 1 has SSH internet access restricted.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/azure/security/azure-security-network-security-best-practices#disable-rdpssh-access-to-azure-virtual-machines", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.com.1.az.nw.2" - ], - "MITRE-ATTACK": [ - "T1199", - "T1048", - "T1499", - "T1498", - "T1046" - ], - "CIS-2.0": [ - "6.2" - ], - "ProwlerThreatScore-1.0": [ - "2.1.2" - ], - "ISO27001-2022": [ - "A.8.14", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "SOC2": [ - "cc_6_6" - ], - "CIS-2.1": [ - "6.2" - ], - "CIS-3.0": [ - "7.2" - ], - "CCC": [ - "CCC.Build.CN03.AR01", - "CCC.MLDE.CN07.AR01", - "CCC.MLDE.CN07.AR02", - "CCC.MLDE.CN08.AR01", - "CCC.MLDE.CN08.AR02", - "CCC.Core.CN01.AR02", - "CCC.Core.CN06.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05" - ], - "PCI-4.0": [ - "1.2.5.17", - "1.2.8.17", - "1.2.8.18", - "1.2.8.21", - "1.2.8.41", - "1.3.1.19", - "1.3.1.21", - "1.3.1.24", - "1.3.1.45", - "1.3.2.19", - "1.3.2.21", - "1.3.2.24", - "1.3.2.45", - "1.4.1.5", - "1.4.2.18", - "1.4.2.19", - "1.4.2.22", - "1.4.2.43", - "1.4.4.5", - "1.5.1.17", - "1.5.1.18", - "1.5.1.21", - "1.5.1.40", - "2.2.5.17", - "A1.1.3.17", - "A1.1.3.18", - "A1.1.3.21", - "A1.1.3.40" - ], - "CIS-4.0": [ - "8.2" - ], - "NIS2": [ - "2.3.1", - "6.7.2.b", - "6.7.2.l", - "11.1.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900353, - "created_time_dt": "2025-10-19T18:59:13.053300", - "desc": "Network security groups should be periodically evaluated for port misconfigurations. Where certain ports and protocols may be exposed to the Internet, they should be evaluated for necessity and restricted wherever they are not explicitly required.", - "title": "Ensure that SSH access from the Internet is evaluated and restricted", - "types": [], - "uid": "prowler-azure-network_ssh_internet_access_restricted-3bb71587-4549-4396-8898-9e15f062e665-westus2-nsg-lee8" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "westus2", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-lee8/providers/Microsoft.Network/networkSecurityGroups/nsg-lee8", - "name": "nsg-lee8", - "location": "westus2", - "security_rules": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-lee8/providers/Microsoft.Network/networkSecurityGroups/nsg-lee8/securityRules/nsgr-lee8", - "name": "nsgr-lee8", - "destination_port_range": "*", - "protocol": "*", - "source_address_prefix": "192.168.0.0/24", - "access": "Deny", - "direction": "Outbound" - } - ] - } - }, - "group": { - "name": "network" - }, - "labels": [], - "name": "nsg-lee8", - "type": "Network", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-lee8/providers/Microsoft.Network/networkSecurityGroups/nsg-lee8" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "westus2" - }, - "remediation": { - "desc": "Where SSH is not explicitly required and narrowly configured for resources attached to the Network Security Group, Internet-level access to your Azure resources should be restricted or eliminated. For internal access to relevant resources, configure an encrypted network tunnel such as: ExpressRoute Site-to-site VPN Point-to-site VPN", - "references": [ - "https://docs.microsoft.com/en-us/security/benchmark/azure/security-controls-v3-network-security#ns-1-establish-network-segmentation-boundaries" - ] - }, - "risk_details": "The potential security problem with using SSH over the Internet is that attackers can use various brute force techniques to gain access to Azure Virtual Machines. Once the attackers gain access, they can use a virtual machine as a launch point for compromising other machines on the Azure Virtual Network or even attack networked devices outside of Azure.", - "time": 1760900353, - "time_dt": "2025-10-19T18:59:13.053300", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Security Group nsg-lee8 from subscription Azure subscription 1 has UDP internet access restricted.", - "metadata": { - "event_code": "network_udp_internet_access_restricted", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Security Group nsg-lee8 from subscription Azure subscription 1 has UDP internet access restricted.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/azure/security/fundamentals/network-best-practices#secure-your-critical-azure-service-resources-to-only-your-virtual-networks", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.com.1.az.nw.3" - ], - "MITRE-ATTACK": [ - "T1199", - "T1048", - "T1499", - "T1498", - "T1046" - ], - "CIS-2.0": [ - "6.3" - ], - "ProwlerThreatScore-1.0": [ - "2.1.3" - ], - "ISO27001-2022": [ - "A.8.14", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "SOC2": [ - "cc_6_6" - ], - "CIS-2.1": [ - "6.3" - ], - "CIS-3.0": [ - "7.3" - ], - "CCC": [ - "CCC.Build.CN03.AR01", - "CCC.MLDE.CN07.AR01", - "CCC.MLDE.CN07.AR02", - "CCC.MLDE.CN08.AR01", - "CCC.MLDE.CN08.AR02", - "CCC.Core.CN06.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05" - ], - "CIS-4.0": [ - "8.3" - ], - "NIS2": [ - "2.3.1", - "6.7.2.b", - "6.7.2.l", - "11.1.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900353, - "created_time_dt": "2025-10-19T18:59:13.053300", - "desc": "Network security groups should be periodically evaluated for port misconfigurations. Where certain ports and protocols may be exposed to the Internet, they should be evaluated for necessity and restricted wherever they are not explicitly required.", - "title": "Ensure that UDP access from the Internet is evaluated and restricted", - "types": [], - "uid": "prowler-azure-network_udp_internet_access_restricted-3bb71587-4549-4396-8898-9e15f062e665-westus2-nsg-lee8" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "westus2", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-lee8/providers/Microsoft.Network/networkSecurityGroups/nsg-lee8", - "name": "nsg-lee8", - "location": "westus2", - "security_rules": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-lee8/providers/Microsoft.Network/networkSecurityGroups/nsg-lee8/securityRules/nsgr-lee8", - "name": "nsgr-lee8", - "destination_port_range": "*", - "protocol": "*", - "source_address_prefix": "192.168.0.0/24", - "access": "Deny", - "direction": "Outbound" - } - ] - } - }, - "group": { - "name": "network" - }, - "labels": [], - "name": "nsg-lee8", - "type": "Network", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-lee8/providers/Microsoft.Network/networkSecurityGroups/nsg-lee8" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "westus2" - }, - "remediation": { - "desc": "Where UDP is not explicitly required and narrowly configured for resources attached tothe Network Security Group, Internet-level access to your Azure resources should be restricted or eliminated. For internal access to relevant resources, configure an encrypted network tunnel such as: ExpressRouteSite-to-site VPN Point-to-site VPN", - "references": [ - "https://docs.microsoft.com/en-us/azure/security/fundamentals/ddos-best-practices" - ] - }, - "risk_details": "The potential security problem with broadly exposing UDP services over the Internet is that attackers can use DDoS amplification techniques to reflect spoofed UDP traffic from Azure Virtual Machines. The most common types of these attacks use exposed DNS, NTP, SSDP, SNMP, CLDAP and other UDP-based services as amplification sources for disrupting services of other machines on the Azure Virtual Network or even attack networked devices outside of Azure.", - "time": 1760900353, - "time_dt": "2025-10-19T18:59:13.053300", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Network Watcher is not enabled for the following locations in subscription 'Azure subscription 1': uaenorth, mexicocentral, westeurope, eastus, ukwest, polandcentral, westcentralus, jioindiacentral, koreacentral, malaysiawest, uaecentral, uksouth, canadaeast, northcentralus, japanwest, australiacentral2, brazilsouth, koreasouth, francesouth, switzerlandwest, indonesiacentral, centralus, southindia, australiaeast, francecentral, swedencentral, norwaywest, germanywestcentral, eastasia, australiasoutheast, westus3, southafricanorth, spaincentral, israelcentral, japaneast, eastus2, brazilsoutheast, germanynorth, qatarcentral, austriaeast, northeurope, australiacentral, chilecentral, newzealandnorth, norwayeast, westus, southafricawest, italynorth, southeastasia, switzerlandnorth, jioindiawest, canadacentral, westindia.", - "metadata": { - "event_code": "network_watcher_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Network Watcher is not enabled for the following locations in subscription 'Azure subscription 1': uaenorth, mexicocentral, westeurope, eastus, ukwest, polandcentral, westcentralus, jioindiacentral, koreacentral, malaysiawest, uaecentral, uksouth, canadaeast, northcentralus, japanwest, australiacentral2, brazilsouth, koreasouth, francesouth, switzerlandwest, indonesiacentral, centralus, southindia, australiaeast, francecentral, swedencentral, norwaywest, germanywestcentral, eastasia, australiasoutheast, westus3, southafricanorth, spaincentral, israelcentral, japaneast, eastus2, brazilsoutheast, germanynorth, qatarcentral, austriaeast, northeurope, australiacentral, chilecentral, newzealandnorth, norwayeast, westus, southafricawest, italynorth, southeastasia, switzerlandnorth, jioindiawest, canadacentral, westindia.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-monitoring-overview", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "There are additional costs per transaction to run and store network data. For high-volume networks these charges will add up quickly.", - "compliance": { - "ENS-RD2022": [ - "op.mon.1.az.nw.1", - "op.mon.2.r2.az.ma.1", - "op.mon.3.az.nw.1", - "mp.com.1.az.nw.1", - "mp.com.1.az.nw.2", - "mp.com.1.az.nw.3", - "mp.com.3.az.nw.1" - ], - "MITRE-ATTACK": [ - "T1048", - "T1499", - "T1498", - "T1046", - "T1049" - ], - "CIS-2.0": [ - "6.6" - ], - "ProwlerThreatScore-1.0": [ - "3.3.14" - ], - "ISO27001-2022": [ - "A.8.14", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "CIS-2.1": [ - "6.6" - ], - "CIS-3.0": [ - "7.6" - ], - "CCC": [ - "CCC.LB.CN01.AR02", - "CCC.LB.CN06.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN06.AR01" - ], - "CIS-4.0": [ - "8.6" - ], - "NIS2": [ - "2.3.1", - "6.7.2.b", - "6.7.2.l", - "6.8.2.a", - "11.1.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900353, - "created_time_dt": "2025-10-19T18:59:13.053300", - "desc": "Enable Network Watcher for Azure subscriptions.", - "title": "Ensure that Network Watcher is 'Enabled' for all locations in the Azure subscription", - "types": [], - "uid": "prowler-azure-network_watcher_enabled-3bb71587-4549-4396-8898-9e15f062e665-global-Network Watcher" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "network" - }, - "labels": [], - "name": "Network Watcher", - "type": "Network", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_*" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "Opting out of Network Watcher automatic enablement is a permanent change. Once you opt-out you cannot opt-in without contacting support.", - "references": [ - "https://learn.microsoft.com/en-us/security/benchmark/azure/security-controls-v2-logging-threat-detection#lt-3-enable-logging-for-azure-network-activities" - ] - }, - "risk_details": "Network diagnostic and visualization tools available with Network Watcher help users understand, diagnose, and gain insights to the network in Azure.", - "time": 1760900353, - "time_dt": "2025-10-19T18:59:13.053300", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Policy assigment '/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Authorization/policyAssignments/SecurityCenterBuiltIn' is configured with enforcement mode 'Default'.", - "metadata": { - "event_code": "policy_ensure_asc_enforcement_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Policy assigment '/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Authorization/policyAssignments/SecurityCenterBuiltIn' is configured with enforcement mode 'Default'.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/defender-for-cloud/security-policy-concept", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-2.0": [ - "2.1.14" - ], - "ProwlerThreatScore-1.0": [ - "3.3.17" - ], - "ISO27001-2022": [ - "A.5.1" - ], - "CIS-2.1": [ - "2.1.13" - ], - "CIS-3.0": [ - "3.1.11" - ], - "PCI-4.0": [ - "10.2.1.1.31", - "10.4.1.1.5", - "10.4.1.4", - "10.4.2.5", - "10.6.3.36", - "10.7.1.6", - "10.7.2.6", - "A3.3.1.9", - "A3.5.1.9" - ], - "CIS-4.0": [ - "9.1.11" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900353, - "created_time_dt": "2025-10-19T18:59:13.053300", - "desc": "None of the settings offered by ASC Default policy should be set to effect Disabled.", - "title": "Ensure Any of the ASC Default Policy Settings are Not Set to 'Disabled'", - "types": [], - "uid": "prowler-azure-policy_ensure_asc_enforcement_enabled-3bb71587-4549-4396-8898-9e15f062e665-global-SecurityCenterBuiltIn" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Authorization/policyAssignments/SecurityCenterBuiltIn", - "name": "SecurityCenterBuiltIn", - "enforcement_mode": "Default" - } - }, - "group": { - "name": "policy" - }, - "labels": [], - "name": "SecurityCenterBuiltIn", - "type": "Microsoft.Authorization/policyAssignments", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Authorization/policyAssignments/SecurityCenterBuiltIn" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. From Azure Home select the Portal Menu 2. Select Policy 3. Select ASC Default for each subscription 4. Click on 'view Assignment' 5. Click on 'Edit assignment' 6. Ensure Policy Enforcement is Enabled 7. Click 'Review + Save'", - "references": [ - "https://learn.microsoft.com/en-us/azure/defender-for-cloud/implement-security-recommendations" - ] - }, - "risk_details": "A security policy defines the desired configuration of your workloads and helps ensure compliance with company or regulatory security requirements. ASC Default policy is associated with every subscription by default. ASC default policy assignment is a set of security recommendations based on best practices. Enabling recommendations in ASC default policy ensures that Azure security center provides the ability to monitor all of the supported recommendations and optionally allow automated action for a few of the supported recommendations.", - "time": 1760900353, - "time_dt": "2025-10-19T18:59:13.053300", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-e9rn from subscription Azure subscription 1 has allow public access from any Azure service disabled", - "metadata": { - "event_code": "postgresql_flexible_server_allow_access_services_disabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-e9rn from subscription Azure subscription 1 has allow public access from any Azure service disabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/azure/postgresql/concepts-firewall-rules", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.r4.az.sa.3" - ], - "CIS-2.0": [ - "4.3.7" - ], - "ProwlerThreatScore-1.0": [ - "2.2.2" - ], - "ISO27001-2022": [ - "A.8.3" - ], - "CIS-2.1": [ - "4.3.7" - ], - "CIS-3.0": [ - "5.2.5" - ], - "CCC": [ - "CCC.DataWar.CN03.AR01" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900353, - "created_time_dt": "2025-10-19T18:59:13.053300", - "desc": "Disable access from Azure services to PostgreSQL Database Server.", - "title": "Ensure 'Allow access to Azure services' for PostgreSQL Database Server is disabled", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_allow_access_services_disabled-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-e9rn" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn", - "name": "psql-e9rn", - "resource_group": "rg-e9rn", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-e9rn", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Connection security. 4. Under Firewall rules, set Allow access to Azure services to No. 5. Click Save. From Azure CLI Use the below command to delete the AllowAllWindowsAzureIps rule for PostgreSQL Database. az postgres server firewall-rule delete --name AllowAllWindowsAzureIps -- resource-group --server-name ", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/quickstart-create-server-database-azure-cli#configure-a-server-based-firewall-rule" - ] - }, - "risk_details": "If access from Azure services is enabled, the server's firewall will accept connections from all Azure resources, including resources not in your subscription. This is usually not a desired configuration. Instead, set up firewall rules to allow access from specific network ranges or VNET rules to allow access from specific virtual networks.", - "time": 1760900353, - "time_dt": "2025-10-19T18:59:13.053300", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-ireu from subscription Azure subscription 1 has allow public access from any Azure service disabled", - "metadata": { - "event_code": "postgresql_flexible_server_allow_access_services_disabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-ireu from subscription Azure subscription 1 has allow public access from any Azure service disabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/azure/postgresql/concepts-firewall-rules", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.r4.az.sa.3" - ], - "CIS-2.0": [ - "4.3.7" - ], - "ProwlerThreatScore-1.0": [ - "2.2.2" - ], - "ISO27001-2022": [ - "A.8.3" - ], - "CIS-2.1": [ - "4.3.7" - ], - "CIS-3.0": [ - "5.2.5" - ], - "CCC": [ - "CCC.DataWar.CN03.AR01" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900353, - "created_time_dt": "2025-10-19T18:59:13.053300", - "desc": "Disable access from Azure services to PostgreSQL Database Server.", - "title": "Ensure 'Allow access to Azure services' for PostgreSQL Database Server is disabled", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_allow_access_services_disabled-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-ireu" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu", - "name": "psql-ireu", - "resource_group": "rg-ireu", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-ireu", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Connection security. 4. Under Firewall rules, set Allow access to Azure services to No. 5. Click Save. From Azure CLI Use the below command to delete the AllowAllWindowsAzureIps rule for PostgreSQL Database. az postgres server firewall-rule delete --name AllowAllWindowsAzureIps -- resource-group --server-name ", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/quickstart-create-server-database-azure-cli#configure-a-server-based-firewall-rule" - ] - }, - "risk_details": "If access from Azure services is enabled, the server's firewall will accept connections from all Azure resources, including resources not in your subscription. This is usually not a desired configuration. Instead, set up firewall rules to allow access from specific network ranges or VNET rules to allow access from specific virtual networks.", - "time": 1760900353, - "time_dt": "2025-10-19T18:59:13.053300", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-rk6x from subscription Azure subscription 1 has allow public access from any Azure service disabled", - "metadata": { - "event_code": "postgresql_flexible_server_allow_access_services_disabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-rk6x from subscription Azure subscription 1 has allow public access from any Azure service disabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/azure/postgresql/concepts-firewall-rules", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.r4.az.sa.3" - ], - "CIS-2.0": [ - "4.3.7" - ], - "ProwlerThreatScore-1.0": [ - "2.2.2" - ], - "ISO27001-2022": [ - "A.8.3" - ], - "CIS-2.1": [ - "4.3.7" - ], - "CIS-3.0": [ - "5.2.5" - ], - "CCC": [ - "CCC.DataWar.CN03.AR01" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900353, - "created_time_dt": "2025-10-19T18:59:13.053300", - "desc": "Disable access from Azure services to PostgreSQL Database Server.", - "title": "Ensure 'Allow access to Azure services' for PostgreSQL Database Server is disabled", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_allow_access_services_disabled-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-rk6x" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x", - "name": "psql-rk6x", - "resource_group": "rg-rk6x", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-rk6x", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Connection security. 4. Under Firewall rules, set Allow access to Azure services to No. 5. Click Save. From Azure CLI Use the below command to delete the AllowAllWindowsAzureIps rule for PostgreSQL Database. az postgres server firewall-rule delete --name AllowAllWindowsAzureIps -- resource-group --server-name ", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/quickstart-create-server-database-azure-cli#configure-a-server-based-firewall-rule" - ] - }, - "risk_details": "If access from Azure services is enabled, the server's firewall will accept connections from all Azure resources, including resources not in your subscription. This is usually not a desired configuration. Instead, set up firewall rules to allow access from specific network ranges or VNET rules to allow access from specific virtual networks.", - "time": 1760900353, - "time_dt": "2025-10-19T18:59:13.053300", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-rtac from subscription Azure subscription 1 has allow public access from any Azure service disabled", - "metadata": { - "event_code": "postgresql_flexible_server_allow_access_services_disabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-rtac from subscription Azure subscription 1 has allow public access from any Azure service disabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/azure/postgresql/concepts-firewall-rules", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.r4.az.sa.3" - ], - "CIS-2.0": [ - "4.3.7" - ], - "ProwlerThreatScore-1.0": [ - "2.2.2" - ], - "ISO27001-2022": [ - "A.8.3" - ], - "CIS-2.1": [ - "4.3.7" - ], - "CIS-3.0": [ - "5.2.5" - ], - "CCC": [ - "CCC.DataWar.CN03.AR01" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900353, - "created_time_dt": "2025-10-19T18:59:13.053300", - "desc": "Disable access from Azure services to PostgreSQL Database Server.", - "title": "Ensure 'Allow access to Azure services' for PostgreSQL Database Server is disabled", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_allow_access_services_disabled-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-rtac" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac", - "name": "psql-rtac", - "resource_group": "rg-rtac", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-rtac", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Connection security. 4. Under Firewall rules, set Allow access to Azure services to No. 5. Click Save. From Azure CLI Use the below command to delete the AllowAllWindowsAzureIps rule for PostgreSQL Database. az postgres server firewall-rule delete --name AllowAllWindowsAzureIps -- resource-group --server-name ", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/quickstart-create-server-database-azure-cli#configure-a-server-based-firewall-rule" - ] - }, - "risk_details": "If access from Azure services is enabled, the server's firewall will accept connections from all Azure resources, including resources not in your subscription. This is usually not a desired configuration. Instead, set up firewall rules to allow access from specific network ranges or VNET rules to allow access from specific virtual networks.", - "time": 1760900353, - "time_dt": "2025-10-19T18:59:13.053300", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-tumw from subscription Azure subscription 1 has allow public access from any Azure service disabled", - "metadata": { - "event_code": "postgresql_flexible_server_allow_access_services_disabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-tumw from subscription Azure subscription 1 has allow public access from any Azure service disabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/azure/postgresql/concepts-firewall-rules", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.r4.az.sa.3" - ], - "CIS-2.0": [ - "4.3.7" - ], - "ProwlerThreatScore-1.0": [ - "2.2.2" - ], - "ISO27001-2022": [ - "A.8.3" - ], - "CIS-2.1": [ - "4.3.7" - ], - "CIS-3.0": [ - "5.2.5" - ], - "CCC": [ - "CCC.DataWar.CN03.AR01" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900353, - "created_time_dt": "2025-10-19T18:59:13.053300", - "desc": "Disable access from Azure services to PostgreSQL Database Server.", - "title": "Ensure 'Allow access to Azure services' for PostgreSQL Database Server is disabled", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_allow_access_services_disabled-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-tumw" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw", - "name": "psql-tumw", - "resource_group": "rg-tumw", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-tumw", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Connection security. 4. Under Firewall rules, set Allow access to Azure services to No. 5. Click Save. From Azure CLI Use the below command to delete the AllowAllWindowsAzureIps rule for PostgreSQL Database. az postgres server firewall-rule delete --name AllowAllWindowsAzureIps -- resource-group --server-name ", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/quickstart-create-server-database-azure-cli#configure-a-server-based-firewall-rule" - ] - }, - "risk_details": "If access from Azure services is enabled, the server's firewall will accept connections from all Azure resources, including resources not in your subscription. This is usually not a desired configuration. Instead, set up firewall rules to allow access from specific network ranges or VNET rules to allow access from specific virtual networks.", - "time": 1760900353, - "time_dt": "2025-10-19T18:59:13.053300", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-e9rn from subscription Azure subscription 1 has connection_throttling disabled", - "metadata": { - "event_code": "postgresql_flexible_server_connection_throttling_on", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Flexible Postgresql server psql-e9rn from subscription Azure subscription 1 has connection_throttling disabled", - "status_id": 1, - "unmapped": { - "related_url": " https://docs.microsoft.com/en-us/rest/api/postgresql/configurations/listbyserver", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-2.0": [ - "4.3.5" - ], - "ProwlerThreatScore-1.0": [ - "3.1.2" - ], - "CIS-2.1": [ - "4.3.5" - ], - "CIS-3.0": [ - "5.2.3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900353, - "created_time_dt": "2025-10-19T18:59:13.053300", - "desc": "Enable connection_throttling on PostgreSQL Servers.", - "title": "Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_connection_throttling_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-e9rn" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn", - "name": "psql-e9rn", - "resource_group": "rg-e9rn", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-e9rn", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for connection_throttling. 5. Click ON and save. From Azure CLI Use the below command to update connection_throttling configuration. az postgres server configuration set --resource-group -- server-name --name connection_throttling --value on From PowerShell Use the below command to update connection_throttling configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name connection_throttling -Value on", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/how-to-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling connection_throttling helps the PostgreSQL Database to Set the verbosity of logged messages. This in turn generates query and error logs with respect to concurrent connections that could lead to a successful Denial of Service (DoS) attack by exhausting connection resources. A system can also fail or be degraded by an overload of legitimate users. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760900353, - "time_dt": "2025-10-19T18:59:13.053300", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-ireu from subscription Azure subscription 1 has connection_throttling disabled", - "metadata": { - "event_code": "postgresql_flexible_server_connection_throttling_on", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Flexible Postgresql server psql-ireu from subscription Azure subscription 1 has connection_throttling disabled", - "status_id": 1, - "unmapped": { - "related_url": " https://docs.microsoft.com/en-us/rest/api/postgresql/configurations/listbyserver", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-2.0": [ - "4.3.5" - ], - "ProwlerThreatScore-1.0": [ - "3.1.2" - ], - "CIS-2.1": [ - "4.3.5" - ], - "CIS-3.0": [ - "5.2.3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900353, - "created_time_dt": "2025-10-19T18:59:13.053300", - "desc": "Enable connection_throttling on PostgreSQL Servers.", - "title": "Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_connection_throttling_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-ireu" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu", - "name": "psql-ireu", - "resource_group": "rg-ireu", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-ireu", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for connection_throttling. 5. Click ON and save. From Azure CLI Use the below command to update connection_throttling configuration. az postgres server configuration set --resource-group -- server-name --name connection_throttling --value on From PowerShell Use the below command to update connection_throttling configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name connection_throttling -Value on", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/how-to-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling connection_throttling helps the PostgreSQL Database to Set the verbosity of logged messages. This in turn generates query and error logs with respect to concurrent connections that could lead to a successful Denial of Service (DoS) attack by exhausting connection resources. A system can also fail or be degraded by an overload of legitimate users. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760900353, - "time_dt": "2025-10-19T18:59:13.053300", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-rk6x from subscription Azure subscription 1 has connection_throttling disabled", - "metadata": { - "event_code": "postgresql_flexible_server_connection_throttling_on", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Flexible Postgresql server psql-rk6x from subscription Azure subscription 1 has connection_throttling disabled", - "status_id": 1, - "unmapped": { - "related_url": " https://docs.microsoft.com/en-us/rest/api/postgresql/configurations/listbyserver", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-2.0": [ - "4.3.5" - ], - "ProwlerThreatScore-1.0": [ - "3.1.2" - ], - "CIS-2.1": [ - "4.3.5" - ], - "CIS-3.0": [ - "5.2.3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900353, - "created_time_dt": "2025-10-19T18:59:13.053300", - "desc": "Enable connection_throttling on PostgreSQL Servers.", - "title": "Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_connection_throttling_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-rk6x" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x", - "name": "psql-rk6x", - "resource_group": "rg-rk6x", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-rk6x", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for connection_throttling. 5. Click ON and save. From Azure CLI Use the below command to update connection_throttling configuration. az postgres server configuration set --resource-group -- server-name --name connection_throttling --value on From PowerShell Use the below command to update connection_throttling configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name connection_throttling -Value on", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/how-to-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling connection_throttling helps the PostgreSQL Database to Set the verbosity of logged messages. This in turn generates query and error logs with respect to concurrent connections that could lead to a successful Denial of Service (DoS) attack by exhausting connection resources. A system can also fail or be degraded by an overload of legitimate users. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760900353, - "time_dt": "2025-10-19T18:59:13.053300", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-rtac from subscription Azure subscription 1 has connection_throttling disabled", - "metadata": { - "event_code": "postgresql_flexible_server_connection_throttling_on", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Flexible Postgresql server psql-rtac from subscription Azure subscription 1 has connection_throttling disabled", - "status_id": 1, - "unmapped": { - "related_url": " https://docs.microsoft.com/en-us/rest/api/postgresql/configurations/listbyserver", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-2.0": [ - "4.3.5" - ], - "ProwlerThreatScore-1.0": [ - "3.1.2" - ], - "CIS-2.1": [ - "4.3.5" - ], - "CIS-3.0": [ - "5.2.3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900353, - "created_time_dt": "2025-10-19T18:59:13.053300", - "desc": "Enable connection_throttling on PostgreSQL Servers.", - "title": "Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_connection_throttling_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-rtac" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac", - "name": "psql-rtac", - "resource_group": "rg-rtac", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-rtac", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for connection_throttling. 5. Click ON and save. From Azure CLI Use the below command to update connection_throttling configuration. az postgres server configuration set --resource-group -- server-name --name connection_throttling --value on From PowerShell Use the below command to update connection_throttling configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name connection_throttling -Value on", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/how-to-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling connection_throttling helps the PostgreSQL Database to Set the verbosity of logged messages. This in turn generates query and error logs with respect to concurrent connections that could lead to a successful Denial of Service (DoS) attack by exhausting connection resources. A system can also fail or be degraded by an overload of legitimate users. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760900353, - "time_dt": "2025-10-19T18:59:13.053300", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-tumw from subscription Azure subscription 1 has connection_throttling disabled", - "metadata": { - "event_code": "postgresql_flexible_server_connection_throttling_on", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Flexible Postgresql server psql-tumw from subscription Azure subscription 1 has connection_throttling disabled", - "status_id": 1, - "unmapped": { - "related_url": " https://docs.microsoft.com/en-us/rest/api/postgresql/configurations/listbyserver", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-2.0": [ - "4.3.5" - ], - "ProwlerThreatScore-1.0": [ - "3.1.2" - ], - "CIS-2.1": [ - "4.3.5" - ], - "CIS-3.0": [ - "5.2.3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900353, - "created_time_dt": "2025-10-19T18:59:13.053300", - "desc": "Enable connection_throttling on PostgreSQL Servers.", - "title": "Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_connection_throttling_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-tumw" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw", - "name": "psql-tumw", - "resource_group": "rg-tumw", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-tumw", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for connection_throttling. 5. Click ON and save. From Azure CLI Use the below command to update connection_throttling configuration. az postgres server configuration set --resource-group -- server-name --name connection_throttling --value on From PowerShell Use the below command to update connection_throttling configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name connection_throttling -Value on", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/how-to-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling connection_throttling helps the PostgreSQL Database to Set the verbosity of logged messages. This in turn generates query and error logs with respect to concurrent connections that could lead to a successful Denial of Service (DoS) attack by exhausting connection resources. A system can also fail or be degraded by an overload of legitimate users. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760900353, - "time_dt": "2025-10-19T18:59:13.053300", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-e9rn from subscription Azure subscription 1 has enforce ssl enabled", - "metadata": { - "event_code": "postgresql_flexible_server_enforce_ssl_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-e9rn from subscription Azure subscription 1 has enforce ssl enabled", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/postgresql/single-server/concepts-ssl-connection-security", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": ".", - "compliance": { - "MITRE-ATTACK": [ - "T1040", - "T1530" - ], - "CIS-2.0": [ - "4.3.1" - ], - "ProwlerThreatScore-1.0": [ - "4.1.1", - "4.1.2" - ], - "SOC2": [ - "cc_6_2", - "cc_6_6" - ], - "CIS-2.1": [ - "4.3.1" - ], - "CIS-3.0": [ - "5.2.1", - "5.3.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900353, - "created_time_dt": "2025-10-19T18:59:13.053300", - "desc": "Enable SSL connection on PostgreSQL Servers.", - "title": "Ensure 'Enforce SSL connection' is set to 'ENABLED' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_enforce_ssl_enabled-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-e9rn" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn", - "name": "psql-e9rn", - "resource_group": "rg-e9rn", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-e9rn", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com 2. Go to Azure Database for PostgreSQL server 3. For each database, click on Connection security 4. In SSL settings, click on ENABLED to enforce SSL connections 5. Click Save From Azure CLI Use the below command to enforce ssl connection for PostgreSQL Database. az postgres server update --resource-group --name --ssl-enforcement Enabled From PowerShell Update-AzPostgreSqlServer -ResourceGroupName -ServerName -SslEnforcement Enabled", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/concepts-ssl-connection-security" - ] - }, - "risk_details": "SSL connectivity helps to provide a new layer of security by connecting database server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between database server and client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and application.", - "time": 1760900353, - "time_dt": "2025-10-19T18:59:13.053300", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-ireu from subscription Azure subscription 1 has enforce ssl enabled", - "metadata": { - "event_code": "postgresql_flexible_server_enforce_ssl_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-ireu from subscription Azure subscription 1 has enforce ssl enabled", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/postgresql/single-server/concepts-ssl-connection-security", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": ".", - "compliance": { - "MITRE-ATTACK": [ - "T1040", - "T1530" - ], - "CIS-2.0": [ - "4.3.1" - ], - "ProwlerThreatScore-1.0": [ - "4.1.1", - "4.1.2" - ], - "SOC2": [ - "cc_6_2", - "cc_6_6" - ], - "CIS-2.1": [ - "4.3.1" - ], - "CIS-3.0": [ - "5.2.1", - "5.3.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900353, - "created_time_dt": "2025-10-19T18:59:13.053300", - "desc": "Enable SSL connection on PostgreSQL Servers.", - "title": "Ensure 'Enforce SSL connection' is set to 'ENABLED' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_enforce_ssl_enabled-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-ireu" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu", - "name": "psql-ireu", - "resource_group": "rg-ireu", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-ireu", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com 2. Go to Azure Database for PostgreSQL server 3. For each database, click on Connection security 4. In SSL settings, click on ENABLED to enforce SSL connections 5. Click Save From Azure CLI Use the below command to enforce ssl connection for PostgreSQL Database. az postgres server update --resource-group --name --ssl-enforcement Enabled From PowerShell Update-AzPostgreSqlServer -ResourceGroupName -ServerName -SslEnforcement Enabled", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/concepts-ssl-connection-security" - ] - }, - "risk_details": "SSL connectivity helps to provide a new layer of security by connecting database server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between database server and client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and application.", - "time": 1760900353, - "time_dt": "2025-10-19T18:59:13.053300", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-rk6x from subscription Azure subscription 1 has enforce ssl enabled", - "metadata": { - "event_code": "postgresql_flexible_server_enforce_ssl_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-rk6x from subscription Azure subscription 1 has enforce ssl enabled", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/postgresql/single-server/concepts-ssl-connection-security", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": ".", - "compliance": { - "MITRE-ATTACK": [ - "T1040", - "T1530" - ], - "CIS-2.0": [ - "4.3.1" - ], - "ProwlerThreatScore-1.0": [ - "4.1.1", - "4.1.2" - ], - "SOC2": [ - "cc_6_2", - "cc_6_6" - ], - "CIS-2.1": [ - "4.3.1" - ], - "CIS-3.0": [ - "5.2.1", - "5.3.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900353, - "created_time_dt": "2025-10-19T18:59:13.053300", - "desc": "Enable SSL connection on PostgreSQL Servers.", - "title": "Ensure 'Enforce SSL connection' is set to 'ENABLED' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_enforce_ssl_enabled-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-rk6x" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x", - "name": "psql-rk6x", - "resource_group": "rg-rk6x", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-rk6x", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com 2. Go to Azure Database for PostgreSQL server 3. For each database, click on Connection security 4. In SSL settings, click on ENABLED to enforce SSL connections 5. Click Save From Azure CLI Use the below command to enforce ssl connection for PostgreSQL Database. az postgres server update --resource-group --name --ssl-enforcement Enabled From PowerShell Update-AzPostgreSqlServer -ResourceGroupName -ServerName -SslEnforcement Enabled", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/concepts-ssl-connection-security" - ] - }, - "risk_details": "SSL connectivity helps to provide a new layer of security by connecting database server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between database server and client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and application.", - "time": 1760900353, - "time_dt": "2025-10-19T18:59:13.053300", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-rtac from subscription Azure subscription 1 has enforce ssl enabled", - "metadata": { - "event_code": "postgresql_flexible_server_enforce_ssl_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-rtac from subscription Azure subscription 1 has enforce ssl enabled", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/postgresql/single-server/concepts-ssl-connection-security", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": ".", - "compliance": { - "MITRE-ATTACK": [ - "T1040", - "T1530" - ], - "CIS-2.0": [ - "4.3.1" - ], - "ProwlerThreatScore-1.0": [ - "4.1.1", - "4.1.2" - ], - "SOC2": [ - "cc_6_2", - "cc_6_6" - ], - "CIS-2.1": [ - "4.3.1" - ], - "CIS-3.0": [ - "5.2.1", - "5.3.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900353, - "created_time_dt": "2025-10-19T18:59:13.053300", - "desc": "Enable SSL connection on PostgreSQL Servers.", - "title": "Ensure 'Enforce SSL connection' is set to 'ENABLED' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_enforce_ssl_enabled-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-rtac" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac", - "name": "psql-rtac", - "resource_group": "rg-rtac", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-rtac", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com 2. Go to Azure Database for PostgreSQL server 3. For each database, click on Connection security 4. In SSL settings, click on ENABLED to enforce SSL connections 5. Click Save From Azure CLI Use the below command to enforce ssl connection for PostgreSQL Database. az postgres server update --resource-group --name --ssl-enforcement Enabled From PowerShell Update-AzPostgreSqlServer -ResourceGroupName -ServerName -SslEnforcement Enabled", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/concepts-ssl-connection-security" - ] - }, - "risk_details": "SSL connectivity helps to provide a new layer of security by connecting database server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between database server and client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and application.", - "time": 1760900353, - "time_dt": "2025-10-19T18:59:13.053300", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-tumw from subscription Azure subscription 1 has enforce ssl enabled", - "metadata": { - "event_code": "postgresql_flexible_server_enforce_ssl_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-tumw from subscription Azure subscription 1 has enforce ssl enabled", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/postgresql/single-server/concepts-ssl-connection-security", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": ".", - "compliance": { - "MITRE-ATTACK": [ - "T1040", - "T1530" - ], - "CIS-2.0": [ - "4.3.1" - ], - "ProwlerThreatScore-1.0": [ - "4.1.1", - "4.1.2" - ], - "SOC2": [ - "cc_6_2", - "cc_6_6" - ], - "CIS-2.1": [ - "4.3.1" - ], - "CIS-3.0": [ - "5.2.1", - "5.3.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900353, - "created_time_dt": "2025-10-19T18:59:13.053300", - "desc": "Enable SSL connection on PostgreSQL Servers.", - "title": "Ensure 'Enforce SSL connection' is set to 'ENABLED' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_enforce_ssl_enabled-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-tumw" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw", - "name": "psql-tumw", - "resource_group": "rg-tumw", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-tumw", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com 2. Go to Azure Database for PostgreSQL server 3. For each database, click on Connection security 4. In SSL settings, click on ENABLED to enforce SSL connections 5. Click Save From Azure CLI Use the below command to enforce ssl connection for PostgreSQL Database. az postgres server update --resource-group --name --ssl-enforcement Enabled From PowerShell Update-AzPostgreSqlServer -ResourceGroupName -ServerName -SslEnforcement Enabled", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/concepts-ssl-connection-security" - ] - }, - "risk_details": "SSL connectivity helps to provide a new layer of security by connecting database server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between database server and client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and application.", - "time": 1760900353, - "time_dt": "2025-10-19T18:59:13.053300", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-e9rn from subscription Azure subscription 1 has log_checkpoints enabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_checkpoints_on", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-e9rn from subscription Azure subscription 1 has log_checkpoints enabled", - "status_id": 1, - "unmapped": { - "related_url": " https://docs.microsoft.com/en-us/rest/api/postgresql/singleserver/configurations/list-by-server", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.3" - ], - "CIS-2.0": [ - "4.3.2" - ], - "ProwlerThreatScore-1.0": [ - "3.1.1" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "4.3.2" - ], - "CIS-3.0": [ - "5.2.2" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.g", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900353, - "created_time_dt": "2025-10-19T18:59:13.053300", - "desc": "Enable log_checkpoints on PostgreSQL Servers.", - "title": "Ensure Server Parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_checkpoints_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-e9rn" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn", - "name": "psql-e9rn", - "resource_group": "rg-e9rn", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-e9rn", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. From Azure Home select the Portal Menu. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for log_checkpoints. 5. Click ON and save. From Azure CLI Use the below command to update log_checkpoints configuration. az postgres server configuration set --resource-group -- server-name --name log_checkpoints --value on From PowerShell Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_checkpoints -Value on", - "references": [ - "https://docs.microsoft.com/en-us/azure/postgresql/howto-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling log_checkpoints helps the PostgreSQL Database to Log each checkpoint in turn generates query and error logs. However, access to transaction logs is not supported. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760900353, - "time_dt": "2025-10-19T18:59:13.053300", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-ireu from subscription Azure subscription 1 has log_checkpoints enabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_checkpoints_on", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-ireu from subscription Azure subscription 1 has log_checkpoints enabled", - "status_id": 1, - "unmapped": { - "related_url": " https://docs.microsoft.com/en-us/rest/api/postgresql/singleserver/configurations/list-by-server", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.3" - ], - "CIS-2.0": [ - "4.3.2" - ], - "ProwlerThreatScore-1.0": [ - "3.1.1" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "4.3.2" - ], - "CIS-3.0": [ - "5.2.2" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.g", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900353, - "created_time_dt": "2025-10-19T18:59:13.053300", - "desc": "Enable log_checkpoints on PostgreSQL Servers.", - "title": "Ensure Server Parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_checkpoints_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-ireu" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu", - "name": "psql-ireu", - "resource_group": "rg-ireu", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-ireu", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. From Azure Home select the Portal Menu. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for log_checkpoints. 5. Click ON and save. From Azure CLI Use the below command to update log_checkpoints configuration. az postgres server configuration set --resource-group -- server-name --name log_checkpoints --value on From PowerShell Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_checkpoints -Value on", - "references": [ - "https://docs.microsoft.com/en-us/azure/postgresql/howto-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling log_checkpoints helps the PostgreSQL Database to Log each checkpoint in turn generates query and error logs. However, access to transaction logs is not supported. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760900353, - "time_dt": "2025-10-19T18:59:13.053300", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-rk6x from subscription Azure subscription 1 has log_checkpoints enabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_checkpoints_on", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-rk6x from subscription Azure subscription 1 has log_checkpoints enabled", - "status_id": 1, - "unmapped": { - "related_url": " https://docs.microsoft.com/en-us/rest/api/postgresql/singleserver/configurations/list-by-server", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.3" - ], - "CIS-2.0": [ - "4.3.2" - ], - "ProwlerThreatScore-1.0": [ - "3.1.1" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "4.3.2" - ], - "CIS-3.0": [ - "5.2.2" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.g", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900353, - "created_time_dt": "2025-10-19T18:59:13.053300", - "desc": "Enable log_checkpoints on PostgreSQL Servers.", - "title": "Ensure Server Parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_checkpoints_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-rk6x" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x", - "name": "psql-rk6x", - "resource_group": "rg-rk6x", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-rk6x", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. From Azure Home select the Portal Menu. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for log_checkpoints. 5. Click ON and save. From Azure CLI Use the below command to update log_checkpoints configuration. az postgres server configuration set --resource-group -- server-name --name log_checkpoints --value on From PowerShell Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_checkpoints -Value on", - "references": [ - "https://docs.microsoft.com/en-us/azure/postgresql/howto-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling log_checkpoints helps the PostgreSQL Database to Log each checkpoint in turn generates query and error logs. However, access to transaction logs is not supported. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760900353, - "time_dt": "2025-10-19T18:59:13.053300", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-rtac from subscription Azure subscription 1 has log_checkpoints enabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_checkpoints_on", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-rtac from subscription Azure subscription 1 has log_checkpoints enabled", - "status_id": 1, - "unmapped": { - "related_url": " https://docs.microsoft.com/en-us/rest/api/postgresql/singleserver/configurations/list-by-server", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.3" - ], - "CIS-2.0": [ - "4.3.2" - ], - "ProwlerThreatScore-1.0": [ - "3.1.1" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "4.3.2" - ], - "CIS-3.0": [ - "5.2.2" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.g", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900353, - "created_time_dt": "2025-10-19T18:59:13.053300", - "desc": "Enable log_checkpoints on PostgreSQL Servers.", - "title": "Ensure Server Parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_checkpoints_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-rtac" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac", - "name": "psql-rtac", - "resource_group": "rg-rtac", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-rtac", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. From Azure Home select the Portal Menu. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for log_checkpoints. 5. Click ON and save. From Azure CLI Use the below command to update log_checkpoints configuration. az postgres server configuration set --resource-group -- server-name --name log_checkpoints --value on From PowerShell Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_checkpoints -Value on", - "references": [ - "https://docs.microsoft.com/en-us/azure/postgresql/howto-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling log_checkpoints helps the PostgreSQL Database to Log each checkpoint in turn generates query and error logs. However, access to transaction logs is not supported. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760900353, - "time_dt": "2025-10-19T18:59:13.053300", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-tumw from subscription Azure subscription 1 has log_checkpoints enabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_checkpoints_on", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-tumw from subscription Azure subscription 1 has log_checkpoints enabled", - "status_id": 1, - "unmapped": { - "related_url": " https://docs.microsoft.com/en-us/rest/api/postgresql/singleserver/configurations/list-by-server", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.3" - ], - "CIS-2.0": [ - "4.3.2" - ], - "ProwlerThreatScore-1.0": [ - "3.1.1" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "4.3.2" - ], - "CIS-3.0": [ - "5.2.2" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.g", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900353, - "created_time_dt": "2025-10-19T18:59:13.053300", - "desc": "Enable log_checkpoints on PostgreSQL Servers.", - "title": "Ensure Server Parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_checkpoints_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-tumw" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw", - "name": "psql-tumw", - "resource_group": "rg-tumw", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-tumw", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. From Azure Home select the Portal Menu. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for log_checkpoints. 5. Click ON and save. From Azure CLI Use the below command to update log_checkpoints configuration. az postgres server configuration set --resource-group -- server-name --name log_checkpoints --value on From PowerShell Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_checkpoints -Value on", - "references": [ - "https://docs.microsoft.com/en-us/azure/postgresql/howto-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling log_checkpoints helps the PostgreSQL Database to Log each checkpoint in turn generates query and error logs. However, access to transaction logs is not supported. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760900353, - "time_dt": "2025-10-19T18:59:13.053300", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-e9rn from subscription Azure subscription 1 has log_connections enabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_connections_on", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-e9rn from subscription Azure subscription 1 has log_connections enabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/rest/api/postgresql/configurations/listbyserver", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.3" - ], - "CIS-2.0": [ - "4.3.3" - ], - "ProwlerThreatScore-1.0": [ - "3.1.3" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "4.3.3" - ], - "CIS-3.0": [ - "5.2.6" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.c", - "3.2.3.e", - "3.2.3.g", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900353, - "created_time_dt": "2025-10-19T18:59:13.053300", - "desc": "Enable log_connections on PostgreSQL Servers.", - "title": "Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_connections_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-e9rn" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn", - "name": "psql-e9rn", - "resource_group": "rg-e9rn", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-e9rn", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for log_connections. 5. Click ON and save. From Azure CLI Use the below command to update log_connections configuration. az postgres server configuration set --resource-group -- server-name --name log_connections --value on From PowerShell Use the below command to update log_connections configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_connections -Value on", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/how-to-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling log_connections helps PostgreSQL Database to log attempted connection to the server, as well as successful completion of client authentication. Log data can be used to identify, troubleshoot, and repair configuration errors and suboptimal performance.", - "time": 1760900353, - "time_dt": "2025-10-19T18:59:13.053300", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-ireu from subscription Azure subscription 1 has log_connections enabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_connections_on", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-ireu from subscription Azure subscription 1 has log_connections enabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/rest/api/postgresql/configurations/listbyserver", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.3" - ], - "CIS-2.0": [ - "4.3.3" - ], - "ProwlerThreatScore-1.0": [ - "3.1.3" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "4.3.3" - ], - "CIS-3.0": [ - "5.2.6" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.c", - "3.2.3.e", - "3.2.3.g", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900353, - "created_time_dt": "2025-10-19T18:59:13.053300", - "desc": "Enable log_connections on PostgreSQL Servers.", - "title": "Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_connections_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-ireu" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu", - "name": "psql-ireu", - "resource_group": "rg-ireu", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-ireu", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for log_connections. 5. Click ON and save. From Azure CLI Use the below command to update log_connections configuration. az postgres server configuration set --resource-group -- server-name --name log_connections --value on From PowerShell Use the below command to update log_connections configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_connections -Value on", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/how-to-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling log_connections helps PostgreSQL Database to log attempted connection to the server, as well as successful completion of client authentication. Log data can be used to identify, troubleshoot, and repair configuration errors and suboptimal performance.", - "time": 1760900353, - "time_dt": "2025-10-19T18:59:13.053300", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-rk6x from subscription Azure subscription 1 has log_connections enabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_connections_on", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-rk6x from subscription Azure subscription 1 has log_connections enabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/rest/api/postgresql/configurations/listbyserver", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.3" - ], - "CIS-2.0": [ - "4.3.3" - ], - "ProwlerThreatScore-1.0": [ - "3.1.3" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "4.3.3" - ], - "CIS-3.0": [ - "5.2.6" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.c", - "3.2.3.e", - "3.2.3.g", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900353, - "created_time_dt": "2025-10-19T18:59:13.053300", - "desc": "Enable log_connections on PostgreSQL Servers.", - "title": "Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_connections_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-rk6x" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x", - "name": "psql-rk6x", - "resource_group": "rg-rk6x", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-rk6x", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for log_connections. 5. Click ON and save. From Azure CLI Use the below command to update log_connections configuration. az postgres server configuration set --resource-group -- server-name --name log_connections --value on From PowerShell Use the below command to update log_connections configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_connections -Value on", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/how-to-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling log_connections helps PostgreSQL Database to log attempted connection to the server, as well as successful completion of client authentication. Log data can be used to identify, troubleshoot, and repair configuration errors and suboptimal performance.", - "time": 1760900353, - "time_dt": "2025-10-19T18:59:13.053300", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-rtac from subscription Azure subscription 1 has log_connections enabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_connections_on", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-rtac from subscription Azure subscription 1 has log_connections enabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/rest/api/postgresql/configurations/listbyserver", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.3" - ], - "CIS-2.0": [ - "4.3.3" - ], - "ProwlerThreatScore-1.0": [ - "3.1.3" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "4.3.3" - ], - "CIS-3.0": [ - "5.2.6" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.c", - "3.2.3.e", - "3.2.3.g", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900353, - "created_time_dt": "2025-10-19T18:59:13.053300", - "desc": "Enable log_connections on PostgreSQL Servers.", - "title": "Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_connections_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-rtac" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac", - "name": "psql-rtac", - "resource_group": "rg-rtac", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-rtac", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for log_connections. 5. Click ON and save. From Azure CLI Use the below command to update log_connections configuration. az postgres server configuration set --resource-group -- server-name --name log_connections --value on From PowerShell Use the below command to update log_connections configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_connections -Value on", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/how-to-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling log_connections helps PostgreSQL Database to log attempted connection to the server, as well as successful completion of client authentication. Log data can be used to identify, troubleshoot, and repair configuration errors and suboptimal performance.", - "time": 1760900353, - "time_dt": "2025-10-19T18:59:13.053300", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-tumw from subscription Azure subscription 1 has log_connections enabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_connections_on", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-tumw from subscription Azure subscription 1 has log_connections enabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/rest/api/postgresql/configurations/listbyserver", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.3" - ], - "CIS-2.0": [ - "4.3.3" - ], - "ProwlerThreatScore-1.0": [ - "3.1.3" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "4.3.3" - ], - "CIS-3.0": [ - "5.2.6" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.c", - "3.2.3.e", - "3.2.3.g", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900353, - "created_time_dt": "2025-10-19T18:59:13.053300", - "desc": "Enable log_connections on PostgreSQL Servers.", - "title": "Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_connections_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-tumw" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw", - "name": "psql-tumw", - "resource_group": "rg-tumw", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-tumw", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for log_connections. 5. Click ON and save. From Azure CLI Use the below command to update log_connections configuration. az postgres server configuration set --resource-group -- server-name --name log_connections --value on From PowerShell Use the below command to update log_connections configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_connections -Value on", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/how-to-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling log_connections helps PostgreSQL Database to log attempted connection to the server, as well as successful completion of client authentication. Log data can be used to identify, troubleshoot, and repair configuration errors and suboptimal performance.", - "time": 1760900353, - "time_dt": "2025-10-19T18:59:13.053300", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-e9rn from subscription Azure subscription 1 has log_disconnections enabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_disconnections_on", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-e9rn from subscription Azure subscription 1 has log_disconnections enabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/rest/api/postgresql/singleserver/configurations/list-by-server", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Enabling this setting will enable a log of all disconnections. If this is enabled for a high traffic server, the log may grow exponentially.", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.3" - ], - "CIS-2.0": [ - "4.3.4" - ], - "ProwlerThreatScore-1.0": [ - "3.1.4" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "4.3.4" - ], - "CIS-3.0": [ - "5.2.7" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.c", - "3.2.3.e", - "3.2.3.g", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900353, - "created_time_dt": "2025-10-19T18:59:13.053300", - "desc": "Enable log_disconnections on PostgreSQL Servers.", - "title": "Ensure server parameter 'log_disconnections' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_disconnections_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-e9rn" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn", - "name": "psql-e9rn", - "resource_group": "rg-e9rn", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-e9rn", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. From Azure Home select the Portal Menu 2. Go to Azure Database for PostgreSQL servers 3. For each database, click on Server parameters 4. Search for log_disconnections. 5. Click ON and save. From Azure CLI Use the below command to update log_disconnections configuration. az postgres server configuration set --resource-group -- server-name --name log_disconnections --value on From PowerShell Use the below command to update log_disconnections configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName -- server-name --name log_disconnections --value on From PowerShell Use the below command to update log_disconnections configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName -- server-name --name log_disconnections --value on From PowerShell Use the below command to update log_disconnections configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName -- server-name --name log_disconnections --value on From PowerShell Use the below command to update log_disconnections configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName -- server-name --name log_disconnections --value on From PowerShell Use the below command to update log_disconnections configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName -- server-name --name log_retention_days --value <4-7> From Powershell Use the below command to update log_retention_days configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_retention_days -Value <4-7>", - "references": [ - "https://learn.microsoft.com/en-us/rest/api/postgresql/singleserver/configurations/list-by-server?view=rest-postgresql-singleserver-2017-12-01&tabs=HTTP" - ] - }, - "risk_details": "Configuring log_retention_days determines the duration in days that Azure Database for PostgreSQL retains log files. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760900353, - "time_dt": "2025-10-19T18:59:13.053300", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-ireu from subscription Azure subscription 1 has log_retention disabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_retention_days_greater_3", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Flexible Postgresql server psql-ireu from subscription Azure subscription 1 has log_retention disabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/azure/postgresql/howto-configure-server-parameters-using-portal", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Configuring this setting will result in logs being retained for the specified number of days. If this is configured on a high traffic server, the log may grow quickly to occupy a large amount of disk space. In this case you may want to set this to a lower number.", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.r3.az.nt.1", - "op.mon.3.az.nw.1" - ], - "CIS-2.0": [ - "4.3.6" - ], - "ProwlerThreatScore-1.0": [ - "3.2.2" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1", - "cc_c_1_2" - ], - "CIS-2.1": [ - "4.3.6" - ], - "CIS-3.0": [ - "5.2.4" - ], - "CCC": [ - "CCC.Logging.CN02.AR02" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.g", - "3.2.5", - "4.1.2.g", - "4.1.4", - "6.1.2.b", - "11.2.2.f", - "12.2.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900353, - "created_time_dt": "2025-10-19T18:59:13.053300", - "desc": "Ensure log_retention_days on PostgreSQL Servers is set to an appropriate value.", - "title": "Ensure Server Parameter 'log_retention_days' is greater than 3 days for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_retention_days_greater_3-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-ireu" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu", - "name": "psql-ireu", - "resource_group": "rg-ireu", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-ireu", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. From Azure Home select the Portal Menu. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for log_retention_days. 5. Input a value between 4 and 7 (inclusive) and click Save. From Azure CLI Use the below command to update log_retention_days configuration. az postgres server configuration set --resource-group -- server-name --name log_retention_days --value <4-7> From Powershell Use the below command to update log_retention_days configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_retention_days -Value <4-7>", - "references": [ - "https://learn.microsoft.com/en-us/rest/api/postgresql/singleserver/configurations/list-by-server?view=rest-postgresql-singleserver-2017-12-01&tabs=HTTP" - ] - }, - "risk_details": "Configuring log_retention_days determines the duration in days that Azure Database for PostgreSQL retains log files. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760900353, - "time_dt": "2025-10-19T18:59:13.053300", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-rk6x from subscription Azure subscription 1 has log_retention disabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_retention_days_greater_3", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Flexible Postgresql server psql-rk6x from subscription Azure subscription 1 has log_retention disabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/azure/postgresql/howto-configure-server-parameters-using-portal", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Configuring this setting will result in logs being retained for the specified number of days. If this is configured on a high traffic server, the log may grow quickly to occupy a large amount of disk space. In this case you may want to set this to a lower number.", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.r3.az.nt.1", - "op.mon.3.az.nw.1" - ], - "CIS-2.0": [ - "4.3.6" - ], - "ProwlerThreatScore-1.0": [ - "3.2.2" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1", - "cc_c_1_2" - ], - "CIS-2.1": [ - "4.3.6" - ], - "CIS-3.0": [ - "5.2.4" - ], - "CCC": [ - "CCC.Logging.CN02.AR02" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.g", - "3.2.5", - "4.1.2.g", - "4.1.4", - "6.1.2.b", - "11.2.2.f", - "12.2.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900353, - "created_time_dt": "2025-10-19T18:59:13.053300", - "desc": "Ensure log_retention_days on PostgreSQL Servers is set to an appropriate value.", - "title": "Ensure Server Parameter 'log_retention_days' is greater than 3 days for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_retention_days_greater_3-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-rk6x" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x", - "name": "psql-rk6x", - "resource_group": "rg-rk6x", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-rk6x", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. From Azure Home select the Portal Menu. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for log_retention_days. 5. Input a value between 4 and 7 (inclusive) and click Save. From Azure CLI Use the below command to update log_retention_days configuration. az postgres server configuration set --resource-group -- server-name --name log_retention_days --value <4-7> From Powershell Use the below command to update log_retention_days configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_retention_days -Value <4-7>", - "references": [ - "https://learn.microsoft.com/en-us/rest/api/postgresql/singleserver/configurations/list-by-server?view=rest-postgresql-singleserver-2017-12-01&tabs=HTTP" - ] - }, - "risk_details": "Configuring log_retention_days determines the duration in days that Azure Database for PostgreSQL retains log files. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760900353, - "time_dt": "2025-10-19T18:59:13.053300", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-rtac from subscription Azure subscription 1 has log_retention disabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_retention_days_greater_3", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Flexible Postgresql server psql-rtac from subscription Azure subscription 1 has log_retention disabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/azure/postgresql/howto-configure-server-parameters-using-portal", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Configuring this setting will result in logs being retained for the specified number of days. If this is configured on a high traffic server, the log may grow quickly to occupy a large amount of disk space. In this case you may want to set this to a lower number.", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.r3.az.nt.1", - "op.mon.3.az.nw.1" - ], - "CIS-2.0": [ - "4.3.6" - ], - "ProwlerThreatScore-1.0": [ - "3.2.2" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1", - "cc_c_1_2" - ], - "CIS-2.1": [ - "4.3.6" - ], - "CIS-3.0": [ - "5.2.4" - ], - "CCC": [ - "CCC.Logging.CN02.AR02" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.g", - "3.2.5", - "4.1.2.g", - "4.1.4", - "6.1.2.b", - "11.2.2.f", - "12.2.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900353, - "created_time_dt": "2025-10-19T18:59:13.053300", - "desc": "Ensure log_retention_days on PostgreSQL Servers is set to an appropriate value.", - "title": "Ensure Server Parameter 'log_retention_days' is greater than 3 days for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_retention_days_greater_3-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-rtac" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac", - "name": "psql-rtac", - "resource_group": "rg-rtac", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-rtac", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. From Azure Home select the Portal Menu. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for log_retention_days. 5. Input a value between 4 and 7 (inclusive) and click Save. From Azure CLI Use the below command to update log_retention_days configuration. az postgres server configuration set --resource-group -- server-name --name log_retention_days --value <4-7> From Powershell Use the below command to update log_retention_days configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_retention_days -Value <4-7>", - "references": [ - "https://learn.microsoft.com/en-us/rest/api/postgresql/singleserver/configurations/list-by-server?view=rest-postgresql-singleserver-2017-12-01&tabs=HTTP" - ] - }, - "risk_details": "Configuring log_retention_days determines the duration in days that Azure Database for PostgreSQL retains log files. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760900353, - "time_dt": "2025-10-19T18:59:13.053300", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-tumw from subscription Azure subscription 1 has log_retention disabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_retention_days_greater_3", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Flexible Postgresql server psql-tumw from subscription Azure subscription 1 has log_retention disabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/azure/postgresql/howto-configure-server-parameters-using-portal", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Configuring this setting will result in logs being retained for the specified number of days. If this is configured on a high traffic server, the log may grow quickly to occupy a large amount of disk space. In this case you may want to set this to a lower number.", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.r3.az.nt.1", - "op.mon.3.az.nw.1" - ], - "CIS-2.0": [ - "4.3.6" - ], - "ProwlerThreatScore-1.0": [ - "3.2.2" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1", - "cc_c_1_2" - ], - "CIS-2.1": [ - "4.3.6" - ], - "CIS-3.0": [ - "5.2.4" - ], - "CCC": [ - "CCC.Logging.CN02.AR02" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.g", - "3.2.5", - "4.1.2.g", - "4.1.4", - "6.1.2.b", - "11.2.2.f", - "12.2.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900353, - "created_time_dt": "2025-10-19T18:59:13.053300", - "desc": "Ensure log_retention_days on PostgreSQL Servers is set to an appropriate value.", - "title": "Ensure Server Parameter 'log_retention_days' is greater than 3 days for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_retention_days_greater_3-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-tumw" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw", - "name": "psql-tumw", - "resource_group": "rg-tumw", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-tumw", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. From Azure Home select the Portal Menu. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for log_retention_days. 5. Input a value between 4 and 7 (inclusive) and click Save. From Azure CLI Use the below command to update log_retention_days configuration. az postgres server configuration set --resource-group -- server-name --name log_retention_days --value <4-7> From Powershell Use the below command to update log_retention_days configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_retention_days -Value <4-7>", - "references": [ - "https://learn.microsoft.com/en-us/rest/api/postgresql/singleserver/configurations/list-by-server?view=rest-postgresql-singleserver-2017-12-01&tabs=HTTP" - ] - }, - "risk_details": "Configuring log_retention_days determines the duration in days that Azure Database for PostgreSQL retains log files. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760900353, - "time_dt": "2025-10-19T18:59:13.053300", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - } -] diff --git a/website/src/data/test-results/for-osff/azure-virtualnetwork/results/azure-virtualnetwork-combined.ocsf.json b/website/src/data/test-results/for-osff/azure-virtualnetwork/results/azure-virtualnetwork-combined.ocsf.json deleted file mode 100644 index ec747fa4..00000000 --- a/website/src/data/test-results/for-osff/azure-virtualnetwork/results/azure-virtualnetwork-combined.ocsf.json +++ /dev/null @@ -1 +0,0 @@ -null \ No newline at end of file diff --git a/website/src/data/test-results/for-osff/azure-virtualnetwork/results/azure-virtualnetwork-complete.ocsf.json b/website/src/data/test-results/for-osff/azure-virtualnetwork/results/azure-virtualnetwork-complete.ocsf.json deleted file mode 100644 index e8a90e79..00000000 --- a/website/src/data/test-results/for-osff/azure-virtualnetwork/results/azure-virtualnetwork-complete.ocsf.json +++ /dev/null @@ -1,11972 +0,0 @@ -[ - { - "message": "There are no AppInsight configured in subscription Azure subscription 1.", - "metadata": { - "event_code": "appinsights_ensure_is_configured", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "There are no AppInsight configured in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/azure-monitor/app/app-insights-overview", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Because Application Insights relies on a Log Analytics Workspace, an organization will incur additional expenses when using this service.", - "compliance": { - "ENS-RD2022": [ - "mp.s.4.r1.az.nt.2" - ], - "CIS-2.0": [ - "5.3.1" - ], - "ProwlerThreatScore-1.0": [ - "3.3.13" - ], - "CIS-2.1": [ - "5.3.1" - ], - "CIS-3.0": [ - "6.3.1" - ], - "CCC": [ - "CCC.Logging.CN01.AR01" - ], - "PCI-4.0": [ - "10.2.1.1.3", - "10.2.1.2.3", - "10.2.1.3.3", - "10.2.1.4.3", - "10.2.1.5.3", - "10.2.1.6.3", - "10.2.1.7.3", - "10.2.1.3", - "10.2.2.3", - "10.4.1.1.1", - "10.4.1.1", - "10.4.2.1", - "10.6.3.3", - "10.7.1.1", - "10.7.2.1", - "5.3.4.3", - "A1.2.1.3", - "A3.3.1.1", - "A3.5.1.1" - ], - "CIS-4.0": [ - "7.1.3.1" - ], - "NIS2": [ - "3.2.3.h", - "5.1.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900493, - "created_time_dt": "2025-10-19T19:01:33.799774", - "desc": "Application Insights within Azure act as an Application Performance Monitoring solution providing valuable data into how well an application performs and additional information when performing incident response. The types of log data collected include application metrics, telemetry data, and application trace logging data providing organizations with detailed information about application activity and application transactions. Both data sets help organizations adopt a proactive and retroactive means to handle security and performance related metrics within their modern applications.", - "title": "Ensure Application Insights are Configured.", - "types": [], - "uid": "prowler-azure-appinsights_ensure_is_configured-3bb71587-4549-4396-8898-9e15f062e665-global-AppInsights" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "appinsights" - }, - "labels": [], - "name": "AppInsights", - "type": "Microsoft.Insights/components", - "uid": "AppInsights" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. Navigate to Application Insights 2. Under the Basics tab within the PROJECT DETAILS section, select the Subscription 3. Select the Resource group 4. Within the INSTANCE DETAILS, enter a Name 5. Select a Region 6. Next to Resource Mode, select Workspace-based 7. Within the WORKSPACE DETAILS, select the Subscription for the log analytics workspace 8. Select the appropriate Log Analytics Workspace 9. Click Next:Tags > 10. Enter the appropriate Tags as Name, Value pairs. 11. Click Next:Review+Create 12. Click Create.", - "references": [] - }, - "risk_details": "Configuring Application Insights provides additional data not found elsewhere within Azure as part of a much larger logging and monitoring program within an organization's Information Security practice. The types and contents of these logs will act as both a potential cost saving measure (application performance) and a means to potentially confirm the source of a potential incident (trace logging). Metrics and Telemetry data provide organizations with a proactive approach to cost savings by monitoring an application's performance, while the trace logging data provides necessary details in a reactive incident response scenario by helping organizations identify the potential source of an incident within their application.", - "time": 1760900493, - "time_dt": "2025-10-19T19:01:33.799774", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Defender Auto Provisioning Log Analytics Agents from subscription Azure subscription 1 is set to OFF.", - "metadata": { - "event_code": "defender_auto_provisioning_log_analytics_agent_vms_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Defender Auto Provisioning Log Analytics Agents from subscription Azure subscription 1 is set to OFF.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/azure/security-center/security-center-data-security", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.mon.3.r2.az.de.1", - "mp.s.4.r1.az.nt.5" - ], - "MITRE-ATTACK": [ - "T1190" - ], - "CIS-2.0": [ - "2.1.15" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1", - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "2.1.14" - ], - "CIS-3.0": [ - "3.1.1.1" - ], - "NIS2": [ - "2.1.2.h", - "3.1.2.d", - "3.2.3.c", - "3.2.3.e", - "3.2.3.g", - "3.6.2", - "6.9.2", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900493, - "created_time_dt": "2025-10-19T19:01:33.799774", - "desc": "Ensure that Auto provisioning of 'Log Analytics agent for Azure VMs' is Set to 'On'. The Microsoft Monitoring Agent scans for various security-related configurations and events such as system updates, OS vulnerabilities, endpoint protection, and provides alerts.", - "title": "Ensure that Auto provisioning of 'Log Analytics agent for Azure VMs' is Set to 'On'", - "types": [], - "uid": "prowler-azure-defender_auto_provisioning_log_analytics_agent_vms_on-3bb71587-4549-4396-8898-9e15f062e665-global-default" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/autoProvisioningSettings/default", - "resource_name": "default", - "resource_type": "Microsoft.Security/autoProvisioningSettings", - "auto_provision": "Off" - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "default", - "type": "AzureDefenderPlan", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/autoProvisioningSettings/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "Ensure comprehensive visibility into possible security vulnerabilities, including missing updates, misconfigured operating system security settings, and active threats, allowing for timely mitigation and improved overall security posture", - "references": [ - "https://learn.microsoft.com/en-us/azure/defender-for-cloud/monitoring-components" - ] - }, - "risk_details": "Missing critical security information about your Azure VMs, such as security alerts, security recommendations, and change tracking.", - "time": 1760900493, - "time_dt": "2025-10-19T19:01:33.799774", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Container image scan is disabled in subscription Azure subscription 1.", - "metadata": { - "event_code": "defender_container_images_scan_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Container image scan is disabled in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/container-registry/container-registry-check-health", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "When using an Azure container registry, you might occasionally encounter problems. For example, you might not be able to pull a container image because of an issue with Docker in your local environment. Or, a network issue might prevent you from connecting to the registry.", - "compliance": { - "MITRE-ATTACK": [ - "T1190", - "T1525" - ], - "ISO27001-2022": [ - "A.5.19", - "A.5.21", - "A.5.25", - "A.5.28", - "A.5.29", - "A.8.7", - "A.8.9" - ], - "SOC2": [ - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CCC": [ - "CCC.CntrReg.CN01.AR01" - ], - "PCI-4.0": [ - "11.3.1.2.1", - "11.3.1.3.3", - "11.3.1.3" - ], - "NIS2": [ - "2.2.1", - "3.1.2.d", - "3.6.2", - "5.1.4.f", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900493, - "created_time_dt": "2025-10-19T19:01:33.799774", - "desc": "Scan images being deployed to Azure (AKS) for vulnerabilities. Vulnerability scanning for images stored in Azure Container Registry is generally available in Azure Security Center. This capability is powered by Qualys, a leading provider of information security. When you push an image to Container Registry, Security Center automatically scans it, then checks for known vulnerabilities in packages or dependencies defined in the file. When the scan completes (after about 10 minutes), Security Center provides details and a security classification for each vulnerability detected, along with guidance on how to remediate issues and protect vulnerable attack surfaces.", - "title": "Ensure Image Vulnerability Scanning using Azure Defender image scanning or a third party provider", - "types": [], - "uid": "prowler-azure-defender_container_images_scan_enabled-3bb71587-4549-4396-8898-9e15f062e665-global-Containers" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/Containers", - "resource_name": "Containers", - "pricing_tier": "Free", - "free_trial_remaining_time": 2592000.0, - "extensions": {} - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "Containers", - "type": "Microsoft.Security", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/Containers" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "", - "references": [ - "https://learn.microsoft.com/en-us/azure/container-registry/scan-images-defender" - ] - }, - "risk_details": "Vulnerabilities in software packages can be exploited by hackers or malicious users to obtain unauthorized access to local cloud resources. Azure Defender and other third party products allow images to be scanned for known vulnerabilities.", - "time": 1760900493, - "time_dt": "2025-10-19T19:01:33.799774", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Defender plan Defender for App Services from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "metadata": { - "event_code": "defender_ensure_defender_for_app_services_is_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Defender plan Defender for App Services from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.s.4.r1.az.nt.3" - ], - "MITRE-ATTACK": [ - "T1190", - "T1059", - "T1204", - "T1552", - "T1486", - "T1499", - "T1496", - "T1087" - ], - "ISO27001-2022": [ - "A.5.19", - "A.5.21", - "A.5.25", - "A.5.28", - "A.5.29", - "A.8.7", - "A.8.9" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CIS-2.1": [ - "2.1.2" - ], - "CIS-3.0": [ - "3.1.6.1" - ], - "CIS-4.0": [ - "9.1.6.1" - ], - "NIS2": [ - "3.6.2", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900493, - "created_time_dt": "2025-10-19T19:01:33.799774", - "desc": "Ensure That Microsoft Defender for App Services Is Set To 'On' ", - "title": "Ensure That Microsoft Defender for App Services Is Set To 'On' ", - "types": [], - "uid": "prowler-azure-defender_ensure_defender_for_app_services_is_on-3bb71587-4549-4396-8898-9e15f062e665-global-Defender plan App Services" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/AppServices", - "resource_name": "AppServices", - "pricing_tier": "Free", - "free_trial_remaining_time": 2592000.0, - "extensions": {} - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "Defender plan App Services", - "type": "AzureDefenderPlan", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/AppServices" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "By default, Microsoft Defender for Cloud is not enabled for your App Service instances. Enabling the Defender security service for App Service instances allows for advanced security defense using threat detection capabilities provided by Microsoft Security Response Center.", - "references": [] - }, - "risk_details": "Turning on Microsoft Defender for App Service enables threat detection for App Service, providing threat intelligence, anomaly detection, and behavior analytics in the Microsoft Defender for Cloud.", - "time": 1760900493, - "time_dt": "2025-10-19T19:01:33.799774", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Defender plan Defender for ARM from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "metadata": { - "event_code": "defender_ensure_defender_for_arm_is_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Defender plan Defender for ARM from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.s.4.r1.az.nt.3" - ], - "MITRE-ATTACK": [ - "T1190", - "T1562", - "T1486", - "T1499", - "T1087", - "T1580", - "T1538", - "T1526", - "T1069" - ], - "CIS-2.0": [ - "2.1.12" - ], - "ISO27001-2022": [ - "A.5.19", - "A.5.21", - "A.5.25", - "A.5.28", - "A.5.29", - "A.8.7", - "A.8.9" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CIS-2.1": [ - "2.1.11" - ], - "CIS-3.0": [ - "3.1.9.1" - ], - "CIS-4.0": [ - "9.1.9.1" - ], - "NIS2": [ - "3.6.2", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900493, - "created_time_dt": "2025-10-19T19:01:33.799774", - "desc": "Ensure That Microsoft Defender for Azure Resource Manager Is Set To 'On' ", - "title": "Ensure That Microsoft Defender for Azure Resource Manager Is Set To 'On' ", - "types": [], - "uid": "prowler-azure-defender_ensure_defender_for_arm_is_on-3bb71587-4549-4396-8898-9e15f062e665-global-Defender plan ARM" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/Arm", - "resource_name": "Arm", - "pricing_tier": "Free", - "free_trial_remaining_time": 2592000.0, - "extensions": {} - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "Defender plan ARM", - "type": "AzureDefenderPlan", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/Arm" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "Enable Microsoft Defender for Azure Resource Manager", - "references": [] - }, - "risk_details": "Scanning resource requests lets you be alerted every time there is suspicious activity in order to prevent a security threat from being introduced.", - "time": 1760900493, - "time_dt": "2025-10-19T19:01:33.799774", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Defender plan Defender for Azure SQL DB Servers from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "metadata": { - "event_code": "defender_ensure_defender_for_azure_sql_databases_is_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Defender plan Defender for Azure SQL DB Servers from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.s.4.r1.az.nt.4" - ], - "MITRE-ATTACK": [ - "T1190", - "T1486", - "T1499" - ], - "CIS-2.0": [ - "2.1.4" - ], - "ISO27001-2022": [ - "A.5.19", - "A.5.21", - "A.5.25", - "A.5.28", - "A.5.29", - "A.8.7", - "A.8.9" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CIS-2.1": [ - "2.1.3" - ], - "CIS-3.0": [ - "3.1.7.3" - ], - "CIS-4.0": [ - "9.1.7.3" - ], - "NIS2": [ - "3.6.2", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900493, - "created_time_dt": "2025-10-19T19:01:33.799774", - "desc": "Ensure That Microsoft Defender for Azure SQL Databases Is Set To 'On' ", - "title": "Ensure That Microsoft Defender for Azure SQL Databases Is Set To 'On' ", - "types": [], - "uid": "prowler-azure-defender_ensure_defender_for_azure_sql_databases_is_on-3bb71587-4549-4396-8898-9e15f062e665-global-SqlServers" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/SqlServers", - "resource_name": "SqlServers", - "pricing_tier": "Free", - "free_trial_remaining_time": 2592000.0, - "extensions": {} - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "SqlServers", - "type": "AzureDefenderPlan", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/SqlServers" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "By default, Microsoft Defender for Cloud is disabled for all your SQL database servers. Defender for Cloud monitors your SQL database servers for threats such as SQL injection, brute-force attacks, and privilege abuse. The security service provides action-oriented security alerts with details of the suspicious activity and guidance on how to mitigate the security threats.", - "references": [] - }, - "risk_details": "Turning on Microsoft Defender for Azure SQL Databases enables threat detection for Azure SQL database servers, providing threat intelligence, anomaly detection, and behavior analytics in the Microsoft Defender for Cloud.", - "time": 1760900493, - "time_dt": "2025-10-19T19:01:33.799774", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Defender plan Defender for Containers from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "metadata": { - "event_code": "defender_ensure_defender_for_containers_is_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Defender plan Defender for Containers from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.s.4.r1.az.nt.3" - ], - "MITRE-ATTACK": [ - "T1190", - "T1525", - "T1486", - "T1499" - ], - "CIS-2.0": [ - "2.1.8" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.19", - "A.5.21", - "A.5.22", - "A.5.25", - "A.5.28", - "A.5.29", - "A.8.7", - "A.8.9" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CIS-2.1": [ - "2.1.8" - ], - "CIS-3.0": [ - "3.1.4.1" - ], - "CIS-4.0": [ - "9.1.4.1" - ], - "NIS2": [ - "3.6.2", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900493, - "created_time_dt": "2025-10-19T19:01:33.799774", - "desc": "Ensure That Microsoft Defender for Containers Is Set To 'On' ", - "title": "Ensure That Microsoft Defender for Containers Is Set To 'On' ", - "types": [], - "uid": "prowler-azure-defender_ensure_defender_for_containers_is_on-3bb71587-4549-4396-8898-9e15f062e665-global-Containers" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/Containers", - "resource_name": "Containers", - "pricing_tier": "Free", - "free_trial_remaining_time": 2592000.0, - "extensions": {} - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "Containers", - "type": "AzureDefenderPlan", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/Containers" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "By default, Microsoft Defender for Cloud is not enabled for your Azure cloud containers. Enabling the Defender security service for Azure containers allows for advanced security defense against threats, using threat detection capabilities provided by the Microsoft Security Response Center (MSRC).", - "references": [] - }, - "risk_details": "Ensure that Microsoft Defender for Cloud is enabled for all your Azure containers. Turning on the Defender for Cloud service enables threat detection for containers, providing threat intelligence, anomaly detection, and behavior analytics.", - "time": 1760900493, - "time_dt": "2025-10-19T19:01:33.799774", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Defender plan Defender for Cosmos DB from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "metadata": { - "event_code": "defender_ensure_defender_for_cosmosdb_is_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Defender plan Defender for Cosmos DB from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.s.4.r1.az.nt.4" - ], - "MITRE-ATTACK": [ - "T1190", - "T1486", - "T1499" - ], - "CIS-2.0": [ - "2.1.9" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.19", - "A.5.21", - "A.5.22", - "A.5.25", - "A.5.28", - "A.5.29", - "A.8.7", - "A.8.9" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CIS-2.1": [ - "2.1.6" - ], - "CIS-3.0": [ - "3.1.7.1" - ], - "CIS-4.0": [ - "9.1.7.1" - ], - "NIS2": [ - "3.6.2", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900493, - "created_time_dt": "2025-10-19T19:01:33.799774", - "desc": "Ensure That Microsoft Defender for Cosmos DB Is Set To 'On' ", - "title": "Ensure That Microsoft Defender for Cosmos DB Is Set To 'On' ", - "types": [], - "uid": "prowler-azure-defender_ensure_defender_for_cosmosdb_is_on-3bb71587-4549-4396-8898-9e15f062e665-global-Defender plan Cosmos DB" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/CosmosDbs", - "resource_name": "CosmosDbs", - "pricing_tier": "Free", - "free_trial_remaining_time": 2592000.0, - "extensions": {} - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "Defender plan Cosmos DB", - "type": "AzureDefenderPlan", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/CosmosDbs" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "By default, Microsoft Defender for Cloud is not enabled for your App Service instances. Enabling the Defender security service for App Service instances allows for advanced security defense using threat detection capabilities provided by Microsoft Security Response Center.", - "references": [ - "Enable Microsoft Defender for Cosmos DB" - ] - }, - "risk_details": "In scanning Cosmos DB requests within a subscription, requests are compared to a heuristic list of potential security threats. These threats could be a result of a security breach within your services, thus scanning for them could prevent a potential security threat from being introduced.", - "time": 1760900493, - "time_dt": "2025-10-19T19:01:33.799774", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Defender plan Defender for Databases from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "metadata": { - "event_code": "defender_ensure_defender_for_databases_is_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Defender plan Defender for Databases from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.s.4.r1.az.nt.4" - ], - "MITRE-ATTACK": [ - "T1190", - "T1486", - "T1499" - ], - "CIS-2.0": [ - "2.1.3" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.19", - "A.5.21", - "A.5.22", - "A.5.25", - "A.5.28", - "A.5.29", - "A.8.7", - "A.8.9" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "NIS2": [ - "3.6.2", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900493, - "created_time_dt": "2025-10-19T19:01:33.799774", - "desc": "Ensure That Microsoft Defender for Databases Is Set To 'On' ", - "title": "Ensure That Microsoft Defender for Databases Is Set To 'On' ", - "types": [], - "uid": "prowler-azure-defender_ensure_defender_for_databases_is_on-3bb71587-4549-4396-8898-9e15f062e665-global-SqlServers" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/SqlServers", - "resource_name": "SqlServers", - "pricing_tier": "Free", - "free_trial_remaining_time": 2592000.0, - "extensions": {} - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "SqlServers", - "type": "AzureDefenderPlan", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/SqlServers" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "Enable Microsoft Defender for Azure SQL Databases", - "references": [] - }, - "risk_details": "Enabling Microsoft Defender for Azure SQL Databases allows your organization more granular control of the infrastructure running your database software", - "time": 1760900493, - "time_dt": "2025-10-19T19:01:33.799774", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Defender plan Defender for DNS from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "metadata": { - "event_code": "defender_ensure_defender_for_dns_is_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Defender plan Defender for DNS from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.s.4.r1.az.nt.3" - ], - "MITRE-ATTACK": [ - "T1190", - "T1486", - "T1499" - ], - "CIS-2.0": [ - "2.1.11" - ], - "ProwlerThreatScore-1.0": [ - "3.3.21" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.19", - "A.5.21", - "A.5.22", - "A.5.25", - "A.5.28", - "A.5.29", - "A.8.7", - "A.8.9" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CIS-2.1": [ - "2.1.10" - ], - "CIS-3.0": [ - "3.1.16" - ], - "CIS-4.0": [ - "9.1.17" - ], - "NIS2": [ - "3.6.2", - "6.7.2.i", - "6.7.2.l", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900493, - "created_time_dt": "2025-10-19T19:01:33.799774", - "desc": "Ensure That Microsoft Defender for DNS Is Set To 'On' ", - "title": "Ensure That Microsoft Defender for DNS Is Set To 'On' ", - "types": [], - "uid": "prowler-azure-defender_ensure_defender_for_dns_is_on-3bb71587-4549-4396-8898-9e15f062e665-global-Defender plan DNS" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/Dns", - "resource_name": "Dns", - "pricing_tier": "Free", - "free_trial_remaining_time": 2592000.0, - "extensions": {} - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "Defender plan DNS", - "type": "AzureDefenderPlan", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/Dns" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "By default, Microsoft Defender for Cloud is not enabled for your App Service instances. Enabling the Defender security service for App Service instances allows for advanced security defense using threat detection capabilities provided by Microsoft Security Response Center.", - "references": [] - }, - "risk_details": "DNS lookups within a subscription are scanned and compared to a dynamic list of websites that might be potential security threats. These threats could be a result of a security breach within your services, thus scanning for them could prevent a potential security threat from being introduced.", - "time": 1760900493, - "time_dt": "2025-10-19T19:01:33.799774", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Defender plan Defender for KeyVaults from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "metadata": { - "event_code": "defender_ensure_defender_for_keyvault_is_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Defender plan Defender for KeyVaults from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r1.az.eid.3" - ], - "MITRE-ATTACK": [ - "T1190", - "T1486", - "T1499", - "T1580" - ], - "CIS-2.0": [ - "2.1.10" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.19", - "A.5.21", - "A.5.22", - "A.5.25", - "A.5.28", - "A.5.29", - "A.8.7", - "A.8.9" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CIS-2.1": [ - "2.1.9" - ], - "CIS-3.0": [ - "3.1.8.1" - ], - "PCI-4.0": [ - "3.5.1.31", - "3.5.1.32", - "8.3.2.50", - "8.3.2.51" - ], - "CIS-4.0": [ - "9.1.8.1" - ], - "NIS2": [ - "3.6.2", - "6.9.2", - "9.2.c", - "9.2.c.iv" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900493, - "created_time_dt": "2025-10-19T19:01:33.799774", - "desc": "Ensure That Microsoft Defender for KeyVault Is Set To 'On' ", - "title": "Ensure That Microsoft Defender for KeyVault Is Set To 'On' ", - "types": [], - "uid": "prowler-azure-defender_ensure_defender_for_keyvault_is_on-3bb71587-4549-4396-8898-9e15f062e665-global-Defender plan KeyVaults" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/KeyVaults", - "resource_name": "KeyVaults", - "pricing_tier": "Free", - "free_trial_remaining_time": 2592000.0, - "extensions": {} - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "Defender plan KeyVaults", - "type": "AzureDefenderPlan", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/KeyVaults" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "Ensure that Microsoft Defender for Cloud is enabled for Azure key vaults. Key Vault is the Azure cloud service that safeguards encryption keys and secrets like certificates, connection-based strings, and passwords.", - "references": [] - }, - "risk_details": "By default, Microsoft Defender for Cloud is disabled for Azure key vaults. Defender for Cloud detects unusual and potentially harmful attempts to access or exploit your Azure Key Vault data. This layer of protection allows you to address threats without being a security expert, and without the need to use and manage third-party security monitoring tools or services.", - "time": 1760900493, - "time_dt": "2025-10-19T19:01:33.799774", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Defender plan Defender for Open-Source Relational Databases from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "metadata": { - "event_code": "defender_ensure_defender_for_os_relational_databases_is_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Defender plan Defender for Open-Source Relational Databases from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.s.4.r1.az.nt.4" - ], - "MITRE-ATTACK": [ - "T1190", - "T1486", - "T1499" - ], - "CIS-2.0": [ - "2.1.6" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.19", - "A.5.21", - "A.5.22", - "A.5.25", - "A.5.28", - "A.5.29", - "A.8.7", - "A.8.9" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CIS-2.1": [ - "2.1.5" - ], - "CIS-3.0": [ - "3.1.7.2" - ], - "CIS-4.0": [ - "9.1.7.2" - ], - "NIS2": [ - "3.6.2", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900493, - "created_time_dt": "2025-10-19T19:01:33.799774", - "desc": "Ensure That Microsoft Defender for Open-Source Relational Databases Is Set To 'On' ", - "title": "Ensure That Microsoft Defender for Open-Source Relational Databases Is Set To 'On' ", - "types": [], - "uid": "prowler-azure-defender_ensure_defender_for_os_relational_databases_is_on-3bb71587-4549-4396-8898-9e15f062e665-global-Defender plan Open-Source Relational Databases" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/OpenSourceRelationalDatabases", - "resource_name": "OpenSourceRelationalDatabases", - "pricing_tier": "Free", - "free_trial_remaining_time": 2592000.0, - "extensions": {} - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "Defender plan Open-Source Relational Databases", - "type": "AzureDefenderPlan", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/OpenSourceRelationalDatabases" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "Enabling Microsoft Defender for Open-source relational databases allows for greater defense-in-depth, with threat detection provided by the Microsoft Security Response Center (MSRC).", - "references": [] - }, - "risk_details": "Turning on Microsoft Defender for Open-source relational databases enables threat detection for Open-source relational databases, providing threat intelligence, anomaly detection, and behavior analytics in the Microsoft Defender for Cloud.", - "time": 1760900493, - "time_dt": "2025-10-19T19:01:33.799774", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Defender plan Defender for Servers from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "metadata": { - "event_code": "defender_ensure_defender_for_server_is_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Defender plan Defender for Servers from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.mon.3.r1.az.ev.1", - "mp.s.4.r1.az.nt.3" - ], - "MITRE-ATTACK": [ - "T1190", - "T1486", - "T1499" - ], - "CIS-2.0": [ - "2.1.1", - "2.1.2" - ], - "ProwlerThreatScore-1.0": [ - "1.1.4" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.19", - "A.5.21", - "A.5.22", - "A.5.25", - "A.5.28", - "A.5.29", - "A.8.7", - "A.8.9" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CIS-2.1": [ - "2.1.1" - ], - "CIS-3.0": [ - "2.2.8", - "3.1.3.1" - ], - "CIS-4.0": [ - "6.2.7", - "9.1.3.1" - ], - "NIS2": [ - "3.6.2", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900493, - "created_time_dt": "2025-10-19T19:01:33.799774", - "desc": "Ensure That Microsoft Defender for Servers Is Set to 'On'", - "title": "Ensure That Microsoft Defender for Servers Is Set to 'On'", - "types": [], - "uid": "prowler-azure-defender_ensure_defender_for_server_is_on-3bb71587-4549-4396-8898-9e15f062e665-global-Defender plan Servers" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/VirtualMachines", - "resource_name": "VirtualMachines", - "pricing_tier": "Free", - "free_trial_remaining_time": 2592000.0, - "extensions": {} - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "Defender plan Servers", - "type": "AzureDefenderPlan", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/VirtualMachines" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "Enabling Microsoft Defender for Cloud standard pricing tier allows for better security assessment with threat detection provided by the Microsoft Security Response Center (MSRC), advanced security policies, adaptive application control, network threat detection, and regulatory compliance management.", - "references": [] - }, - "risk_details": "Turning on Microsoft Defender for Servers enables threat detection for Servers, providing threat intelligence, anomaly detection, and behavior analytics in the Microsoft Defender for Cloud.", - "time": 1760900493, - "time_dt": "2025-10-19T19:01:33.799774", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Defender plan Defender for SQL Server VMs from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "metadata": { - "event_code": "defender_ensure_defender_for_sql_servers_is_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Defender plan Defender for SQL Server VMs from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.s.4.r1.az.nt.4" - ], - "MITRE-ATTACK": [ - "T1190", - "T1486", - "T1499" - ], - "CIS-2.0": [ - "2.1.5" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.19", - "A.5.21", - "A.5.22", - "A.5.25", - "A.5.28", - "A.5.29", - "A.8.7", - "A.8.9" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CIS-2.1": [ - "2.1.4" - ], - "CIS-3.0": [ - "3.1.7.4" - ], - "CIS-4.0": [ - "9.1.7.4" - ], - "NIS2": [ - "3.6.2", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900493, - "created_time_dt": "2025-10-19T19:01:33.799774", - "desc": "Ensure That Microsoft Defender for SQL Servers on Machines Is Set To 'On' ", - "title": "Ensure That Microsoft Defender for SQL Servers on Machines Is Set To 'On' ", - "types": [], - "uid": "prowler-azure-defender_ensure_defender_for_sql_servers_is_on-3bb71587-4549-4396-8898-9e15f062e665-global-Defender plan SQL Server VMs" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/SqlServerVirtualMachines", - "resource_name": "SqlServerVirtualMachines", - "pricing_tier": "Free", - "free_trial_remaining_time": 2592000.0, - "extensions": {} - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "Defender plan SQL Server VMs", - "type": "AzureDefenderPlan", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/SqlServerVirtualMachines" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "By default, Microsoft Defender for Cloud is disabled for the Microsoft SQL servers running on virtual machines. Defender for Cloud for SQL Server virtual machines continuously monitors your SQL database servers for threats such as SQL injection, brute-force attacks, and privilege abuse. The security service provides security alerts together with details of the suspicious activity and guidance on how to mitigate to the security threats.", - "references": [] - }, - "risk_details": "Turning on Microsoft Defender for SQL servers on machines enables threat detection for SQL servers on machines, providing threat intelligence, anomaly detection, and behavior analytics in the Microsoft Defender for Cloud.", - "time": 1760900493, - "time_dt": "2025-10-19T19:01:33.799774", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Defender plan Defender for Storage Accounts from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "metadata": { - "event_code": "defender_ensure_defender_for_storage_is_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Defender plan Defender for Storage Accounts from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.s.4.r1.az.nt.5" - ], - "MITRE-ATTACK": [ - "T1190", - "T1537", - "T1530", - "T1485", - "T1486", - "T1499" - ], - "CIS-2.0": [ - "2.1.7" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.19", - "A.5.21", - "A.5.22", - "A.5.25", - "A.5.28", - "A.5.29", - "A.8.7", - "A.8.9" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CIS-2.1": [ - "2.1.7" - ], - "CIS-3.0": [ - "3.1.5.1" - ], - "CIS-4.0": [ - "9.1.5.1" - ], - "NIS2": [ - "3.6.2", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900493, - "created_time_dt": "2025-10-19T19:01:33.799774", - "desc": "Ensure That Microsoft Defender for Storage Is Set To 'On' ", - "title": "Ensure That Microsoft Defender for Storage Is Set To 'On' ", - "types": [], - "uid": "prowler-azure-defender_ensure_defender_for_storage_is_on-3bb71587-4549-4396-8898-9e15f062e665-global-Defender plan Storage Accounts" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/StorageAccounts", - "resource_name": "StorageAccounts", - "pricing_tier": "Free", - "free_trial_remaining_time": 2592000.0, - "extensions": {} - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "Defender plan Storage Accounts", - "type": "AzureDefenderPlan", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/StorageAccounts" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "By default, Microsoft Defender for Cloud is disabled for your storage accounts. Enabling the Defender security service for Azure storage accounts allows for advanced security defense using threat detection capabilities provided by the Microsoft Security Response Center (MSRC). MSRC investigates all reports of security vulnerabilities affecting Microsoft products and services, including Azure cloud services.", - "references": [] - }, - "risk_details": "Ensure that Microsoft Defender for Cloud is enabled for your Microsoft Azure storage accounts. Defender for storage accounts is an Azure-native layer of security intelligence that detects unusual and potentially harmful attempts to access or exploit your Azure cloud storage accounts.", - "time": 1760900493, - "time_dt": "2025-10-19T19:01:33.799774", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No IoT Security Solutions found in the subscription Azure subscription 1.", - "metadata": { - "event_code": "defender_ensure_iot_hub_defender_is_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "No IoT Security Solutions found in the subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://azure.microsoft.com/en-us/services/iot-defender/#overview", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Enabling Microsoft Defender for IoT will incur additional charges dependent on the level of usage.", - "compliance": { - "ENS-RD2022": [ - "mp.s.4.r1.az.nt.3" - ], - "MITRE-ATTACK": [ - "T1190", - "T1486", - "T1499" - ], - "CIS-2.0": [ - "2.2.1" - ], - "ISO27001-2022": [ - "A.5.19", - "A.5.21", - "A.5.25", - "A.5.28", - "A.5.29", - "A.8.7", - "A.8.9" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CIS-2.1": [ - "2.2.1" - ], - "CIS-3.0": [ - "3.2.1" - ], - "CIS-4.0": [ - "9.2.1" - ], - "NIS2": [ - "3.6.2", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900493, - "created_time_dt": "2025-10-19T19:01:33.799774", - "desc": "Microsoft Defender for IoT acts as a central security hub for IoT devices within your organization.", - "title": "Ensure That Microsoft Defender for IoT Hub Is Set To 'On'", - "types": [], - "uid": "prowler-azure-defender_ensure_iot_hub_defender_is_on-3bb71587-4549-4396-8898-9e15f062e665-global-IoT Hub Defender" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "IoT Hub Defender", - "type": "DefenderIoT", - "uid": "IoT Hub Defender" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. Go to IoT Hub. 2. Select a IoT Hub to validate. 3. Select Overview in Defender for IoT. 4. Click on Secure your IoT solution, and complete the onboarding.", - "references": [ - "https://learn.microsoft.com/en-us/azure/defender-for-iot/device-builders/quickstart-onboard-iot-hub" - ] - }, - "risk_details": "IoT devices are very rarely patched and can be potential attack vectors for enterprise networks. Updating their network configuration to use a central security hub allows for detection of these breaches.", - "time": 1760900493, - "time_dt": "2025-10-19T19:01:33.799774", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Microsoft Defender for Cloud Apps is enabled for subscription Azure subscription 1.", - "metadata": { - "event_code": "defender_ensure_mcas_is_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Microsoft Defender for Cloud Apps is enabled for subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-in/azure/defender-for-cloud/defender-for-cloud-introduction#secure-cloud-applications", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Microsoft Defender for Cloud Apps works with Standard pricing tier Subscription. Choosing the Standard pricing tier of Microsoft Defender for Cloud incurs an additional cost per resource.", - "compliance": { - "ENS-RD2022": [ - "mp.s.4.r1.az.nt.3" - ], - "MITRE-ATTACK": [ - "T1190", - "T1486" - ], - "CIS-2.0": [ - "2.1.21" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.22" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CIS-2.1": [ - "2.1.20" - ], - "CIS-3.0": [ - "3.1.1.2" - ], - "PCI-4.0": [ - "11.5.1.1.2", - "11.5.1.2" - ], - "NIS2": [ - "3.6.2", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900493, - "created_time_dt": "2025-10-19T19:01:33.799774", - "desc": "This integration setting enables Microsoft Defender for Cloud Apps (formerly 'Microsoft Cloud App Security' or 'MCAS' - see additional info) to communicate with Microsoft Defender for Cloud.", - "title": "Ensure that Microsoft Defender for Cloud Apps integration with Microsoft Defender for Cloud is Selected", - "types": [], - "uid": "prowler-azure-defender_ensure_mcas_is_enabled-3bb71587-4549-4396-8898-9e15f062e665-global-MCAS" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/settings/MCAS", - "resource_type": "Microsoft.Security/settings", - "kind": "DataExportSettings", - "enabled": true - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "MCAS", - "type": "DefenderSettings", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/settings/MCAS" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. From Azure Home select the Portal Menu. 2. Select Microsoft Defender for Cloud. 3. Select Environment Settings blade. 4. Select the subscription. 5. Check App Service Defender Plan to On. 6. Select Save.", - "references": [ - "https://docs.microsoft.com/en-us/rest/api/securitycenter/settings/list" - ] - }, - "risk_details": "Microsoft Defender for Cloud offers an additional layer of protection by using Azure Resource Manager events, which is considered to be the control plane for Azure. By analyzing the Azure Resource Manager records, Microsoft Defender for Cloud detects unusual or potentially harmful operations in the Azure subscription environment. Several of the preceding analytics are powered by Microsoft Defender for Cloud Apps. To benefit from these analytics, subscription must have a Cloud App Security license. Microsoft Defender for Cloud Apps works only with Standard Tier subscriptions.", - "time": 1760900493, - "time_dt": "2025-10-19T19:01:33.799774", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Microsoft Defender for Endpoint integration is enabled for subscription Azure subscription 1.", - "metadata": { - "event_code": "defender_ensure_wdatp_is_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Microsoft Defender for Endpoint integration is enabled for subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-in/azure/defender-for-cloud/integration-defender-for-endpoint?tabs=windows", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Microsoft Defender for Endpoint works with Standard pricing tier Subscription. Choosing the Standard pricing tier of Microsoft Defender for Cloud incurs an additional cost per resource.", - "compliance": { - "ENS-RD2022": [ - "op.mon.3.r3.az.de.2" - ], - "MITRE-ATTACK": [ - "T1190" - ], - "CIS-2.0": [ - "2.1.22" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CIS-2.1": [ - "2.1.21" - ], - "NIS2": [ - "3.6.2", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900493, - "created_time_dt": "2025-10-19T19:01:33.799774", - "desc": "This integration setting enables Microsoft Defender for Endpoint (formerly 'Advanced Threat Protection' or 'ATP' or 'WDATP' - see additional info) to communicate with Microsoft Defender for Cloud.", - "title": "Ensure that Microsoft Defender for Endpoint integration with Microsoft Defender for Cloud is selected", - "types": [], - "uid": "prowler-azure-defender_ensure_wdatp_is_enabled-3bb71587-4549-4396-8898-9e15f062e665-global-WDATP" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/settings/WDATP", - "resource_type": "Microsoft.Security/settings", - "kind": "DataExportSettings", - "enabled": true - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "WDATP", - "type": "DefenderSettings", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/settings/WDATP" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "", - "references": [ - "https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/azure-server-integration?view=o365-worldwide" - ] - }, - "risk_details": "Microsoft Defender for Endpoint integration brings comprehensive Endpoint Detection and Response (EDR) capabilities within Microsoft Defender for Cloud. This integration helps to spot abnormalities, as well as detect and respond to advanced attacks on endpoints monitored by Microsoft Defender for Cloud. MDE works only with Standard Tier subscriptions.", - "time": 1760900493, - "time_dt": "2025-10-19T19:01:33.799774", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Role assignment 1b4a98ae-5221-4850-a761-4f9176407028 in subscription Azure subscription 1 does not grant User Access Administrator role.", - "metadata": { - "event_code": "iam_role_user_access_admin_restricted", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Role assignment 1b4a98ae-5221-4850-a761-4f9176407028 in subscription Azure subscription 1 does not grant User Access Administrator role.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/privileged#user-access-administrator", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.LB.CN04.AR01", - "CCC.LB.CN05.AR01", - "CCC.LB.CN09.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.MLDE.CN03.AR01", - "CCC.MLDE.CN03.AR02", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ], - "CIS-4.0": [ - "6.3.3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900493, - "created_time_dt": "2025-10-19T19:01:33.799774", - "desc": "Checks for active assignments of the highly privileged 'User Access Administrator' role in Azure subscriptions.", - "title": "Ensure 'User Access Administrator' role is restricted", - "types": [], - "uid": "prowler-azure-iam_role_user_access_admin_restricted-3bb71587-4549-4396-8898-9e15f062e665-global-1b4a98ae-5221-4850-a761-4f9176407028" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Authorization/roleAssignments/1b4a98ae-5221-4850-a761-4f9176407028", - "name": "1b4a98ae-5221-4850-a761-4f9176407028", - "scope": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665", - "agent_id": "88c2c157-980b-416e-b77e-ec04f7f1b984", - "agent_type": "User", - "role_id": "8e3af657-a8ff-443c-a75c-2fe8c4bcb635" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "1b4a98ae-5221-4850-a761-4f9176407028", - "type": "AzureIAMRoleassignment", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Authorization/roleAssignments/1b4a98ae-5221-4850-a761-4f9176407028" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "Remove 'User Access Administrator' role assignments immediately after use to minimize security risks.", - "references": [ - "https://learn.microsoft.com/en-us/azure/role-based-access-control/elevate-access-global-admin?tabs=azure-portal%2Centra-audit-logs" - ] - }, - "risk_details": "Persistent assignment of this role can lead to privilege escalation and unauthorized access, increasing the risk of security breaches.", - "time": 1760900493, - "time_dt": "2025-10-19T19:01:33.799774", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Role assignment 083c1758-89d9-4b12-8005-48e7e359dc4f in subscription Azure subscription 1 does not grant User Access Administrator role.", - "metadata": { - "event_code": "iam_role_user_access_admin_restricted", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Role assignment 083c1758-89d9-4b12-8005-48e7e359dc4f in subscription Azure subscription 1 does not grant User Access Administrator role.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/privileged#user-access-administrator", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.LB.CN04.AR01", - "CCC.LB.CN05.AR01", - "CCC.LB.CN09.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.MLDE.CN03.AR01", - "CCC.MLDE.CN03.AR02", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ], - "CIS-4.0": [ - "6.3.3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900493, - "created_time_dt": "2025-10-19T19:01:33.799774", - "desc": "Checks for active assignments of the highly privileged 'User Access Administrator' role in Azure subscriptions.", - "title": "Ensure 'User Access Administrator' role is restricted", - "types": [], - "uid": "prowler-azure-iam_role_user_access_admin_restricted-3bb71587-4549-4396-8898-9e15f062e665-global-083c1758-89d9-4b12-8005-48e7e359dc4f" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Authorization/roleAssignments/083c1758-89d9-4b12-8005-48e7e359dc4f", - "name": "083c1758-89d9-4b12-8005-48e7e359dc4f", - "scope": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665", - "agent_id": "88c2c157-980b-416e-b77e-ec04f7f1b984", - "agent_type": "User", - "role_id": "8e3af657-a8ff-443c-a75c-2fe8c4bcb635" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "083c1758-89d9-4b12-8005-48e7e359dc4f", - "type": "AzureIAMRoleassignment", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Authorization/roleAssignments/083c1758-89d9-4b12-8005-48e7e359dc4f" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "Remove 'User Access Administrator' role assignments immediately after use to minimize security risks.", - "references": [ - "https://learn.microsoft.com/en-us/azure/role-based-access-control/elevate-access-global-admin?tabs=azure-portal%2Centra-audit-logs" - ] - }, - "risk_details": "Persistent assignment of this role can lead to privilege escalation and unauthorized access, increasing the risk of security breaches.", - "time": 1760900493, - "time_dt": "2025-10-19T19:01:33.799774", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Role assignment 2c61de5e-5cbb-42b9-9f2a-9dd930efe3fb in subscription Azure subscription 1 does not grant User Access Administrator role.", - "metadata": { - "event_code": "iam_role_user_access_admin_restricted", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Role assignment 2c61de5e-5cbb-42b9-9f2a-9dd930efe3fb in subscription Azure subscription 1 does not grant User Access Administrator role.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/privileged#user-access-administrator", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.LB.CN04.AR01", - "CCC.LB.CN05.AR01", - "CCC.LB.CN09.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.MLDE.CN03.AR01", - "CCC.MLDE.CN03.AR02", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ], - "CIS-4.0": [ - "6.3.3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900493, - "created_time_dt": "2025-10-19T19:01:33.799774", - "desc": "Checks for active assignments of the highly privileged 'User Access Administrator' role in Azure subscriptions.", - "title": "Ensure 'User Access Administrator' role is restricted", - "types": [], - "uid": "prowler-azure-iam_role_user_access_admin_restricted-3bb71587-4549-4396-8898-9e15f062e665-global-2c61de5e-5cbb-42b9-9f2a-9dd930efe3fb" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Authorization/roleAssignments/2c61de5e-5cbb-42b9-9f2a-9dd930efe3fb", - "name": "2c61de5e-5cbb-42b9-9f2a-9dd930efe3fb", - "scope": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665", - "agent_id": "88c2c157-980b-416e-b77e-ec04f7f1b984", - "agent_type": "User", - "role_id": "b24988ac-6180-42a0-ab88-20f7382dd24c" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "2c61de5e-5cbb-42b9-9f2a-9dd930efe3fb", - "type": "AzureIAMRoleassignment", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Authorization/roleAssignments/2c61de5e-5cbb-42b9-9f2a-9dd930efe3fb" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "Remove 'User Access Administrator' role assignments immediately after use to minimize security risks.", - "references": [ - "https://learn.microsoft.com/en-us/azure/role-based-access-control/elevate-access-global-admin?tabs=azure-portal%2Centra-audit-logs" - ] - }, - "risk_details": "Persistent assignment of this role can lead to privilege escalation and unauthorized access, increasing the risk of security breaches.", - "time": 1760900493, - "time_dt": "2025-10-19T19:01:33.799774", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Role assignment 154eadeb-e375-4263-b4bd-4a2a2237ecd2 in subscription Azure subscription 1 does not grant User Access Administrator role.", - "metadata": { - "event_code": "iam_role_user_access_admin_restricted", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Role assignment 154eadeb-e375-4263-b4bd-4a2a2237ecd2 in subscription Azure subscription 1 does not grant User Access Administrator role.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/privileged#user-access-administrator", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.LB.CN04.AR01", - "CCC.LB.CN05.AR01", - "CCC.LB.CN09.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.MLDE.CN03.AR01", - "CCC.MLDE.CN03.AR02", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ], - "CIS-4.0": [ - "6.3.3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900493, - "created_time_dt": "2025-10-19T19:01:33.799774", - "desc": "Checks for active assignments of the highly privileged 'User Access Administrator' role in Azure subscriptions.", - "title": "Ensure 'User Access Administrator' role is restricted", - "types": [], - "uid": "prowler-azure-iam_role_user_access_admin_restricted-3bb71587-4549-4396-8898-9e15f062e665-global-154eadeb-e375-4263-b4bd-4a2a2237ecd2" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Authorization/roleAssignments/154eadeb-e375-4263-b4bd-4a2a2237ecd2", - "name": "154eadeb-e375-4263-b4bd-4a2a2237ecd2", - "scope": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665", - "agent_id": "80dfb9bd-1c99-4012-9de7-580a68334b45", - "agent_type": "ServicePrincipal", - "role_id": "8e3af657-a8ff-443c-a75c-2fe8c4bcb635" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "154eadeb-e375-4263-b4bd-4a2a2237ecd2", - "type": "AzureIAMRoleassignment", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Authorization/roleAssignments/154eadeb-e375-4263-b4bd-4a2a2237ecd2" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "Remove 'User Access Administrator' role assignments immediately after use to minimize security risks.", - "references": [ - "https://learn.microsoft.com/en-us/azure/role-based-access-control/elevate-access-global-admin?tabs=azure-portal%2Centra-audit-logs" - ] - }, - "risk_details": "Persistent assignment of this role can lead to privilege escalation and unauthorized access, increasing the risk of security breaches.", - "time": 1760900493, - "time_dt": "2025-10-19T19:01:33.799774", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There is not an alert for creating Policy Assignments in subscription Azure subscription 1.", - "metadata": { - "event_code": "monitor_alert_create_policy_assignment", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "There is not an alert for creating Policy Assignments in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://azure.microsoft.com/en-us/updates/classic-alerting-monitoring-retirement", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "By default, no monitoring alerts are created.", - "compliance": { - "ENS-RD2022": [ - "op.mon.2.r1.az.ma.1" - ], - "MITRE-ATTACK": [ - "T1496" - ], - "CIS-2.0": [ - "5.2.1" - ], - "ProwlerThreatScore-1.0": [ - "3.3.3" - ], - "ISO27001-2022": [ - "A.5.7", - "A.8.16" - ], - "SOC2": [ - "cc_2_1", - "cc_5_2", - "cc_7_3", - "cc_7_4", - "cc_8_1" - ], - "CIS-2.1": [ - "5.2.1" - ], - "CIS-3.0": [ - "6.2.1" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR02", - "CCC.KeyMgmt.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.LB.CN04.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN07.AR02" - ], - "CIS-4.0": [ - "7.1.2.1" - ], - "NIS2": [ - "2.2.3", - "3.2.1", - "3.2.2", - "3.2.3.b", - "3.2.3.f", - "3.2.4", - "3.4.1", - "3.5.4", - "4.3.2.c", - "6.4.1", - "7.2.b", - "11.3.1", - "11.5.2.d" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900493, - "created_time_dt": "2025-10-19T19:01:33.799774", - "desc": "Create an activity log alert for the Create Policy Assignment event.", - "title": "Ensure that Activity Log Alert exists for Create Policy Assignment", - "types": [], - "uid": "prowler-azure-monitor_alert_create_policy_assignment-3bb71587-4549-4396-8898-9e15f062e665-global-Monitor" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "monitor" - }, - "labels": [], - "name": "Monitor", - "type": "Monitor", - "uid": "Monitor" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. Navigate to the Monitor blade. 2. Select Alerts. 3. Select Create. 4. Select Alert rule. 5. Under Filter by subscription, choose a subscription. 6. Under Filter by resource type, select Policy assignment (policyAssignments). 7. Under Filter by location, select All. 8. From the results, select the subscription. 9. Select Done. 10. Select the Condition tab. 11. Under Signal name, click Create policy assignment (Microsoft.Authorization/policyAssignments). 12. Select the Actions tab. 13. To use an existing action group, click elect action groups. To create a new action group, click Create action group. Fill out the appropriate details for the selection. 14. Select the Details tab. 15. Select a Resource group, provide an Alert rule name and an optional Alert rule description. 16. Click Review + create. 17. Click Create.", - "references": [ - "https://docs.microsoft.com/en-in/azure/azure-monitor/platform/alerts-activity-log" - ] - }, - "risk_details": "Monitoring for create policy assignment events gives insight into changes done in 'Azure policy - assignments' and can reduce the time it takes to detect unsolicited changes.", - "time": 1760900493, - "time_dt": "2025-10-19T19:01:33.799774", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There is not an alert for creating/updating Network Security Groups in subscription Azure subscription 1.", - "metadata": { - "event_code": "monitor_alert_create_update_nsg", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "There is not an alert for creating/updating Network Security Groups in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-in/azure/azure-monitor/platform/alerts-activity-log", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "By default, no monitoring alerts are created.", - "compliance": { - "ENS-RD2022": [ - "op.mon.2.r1.az.ma.1" - ], - "CIS-2.0": [ - "5.2.3" - ], - "ProwlerThreatScore-1.0": [ - "3.3.5" - ], - "ISO27001-2022": [ - "A.5.7", - "A.8.16" - ], - "SOC2": [ - "cc_2_1", - "cc_5_2", - "cc_7_3", - "cc_7_4", - "cc_8_1" - ], - "CIS-2.1": [ - "5.2.3" - ], - "CIS-3.0": [ - "6.2.3" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR02", - "CCC.KeyMgmt.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.LB.CN04.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN07.AR02" - ], - "PCI-4.0": [ - "10.2.1.1.8", - "10.4.2.2", - "10.4.3.1", - "10.6.3.8", - "10.7.1.3", - "10.7.2.3", - "11.5.2.2", - "11.6.1.2", - "12.10.5.2", - "A3.3.1.3", - "A3.5.1.3" - ], - "CIS-4.0": [ - "7.1.2.3" - ], - "NIS2": [ - "2.2.3", - "3.2.1", - "3.2.2", - "3.2.3.a", - "3.2.3.f", - "3.2.4", - "3.4.1", - "3.5.4", - "4.3.2.c", - "6.4.1", - "7.2.b", - "11.3.1", - "11.5.2.d" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900493, - "created_time_dt": "2025-10-19T19:01:33.799774", - "desc": "Create an Activity Log Alert for the Create or Update Network Security Group event.", - "title": "Ensure that Activity Log Alert exists for Create or Update Network Security Group", - "types": [], - "uid": "prowler-azure-monitor_alert_create_update_nsg-3bb71587-4549-4396-8898-9e15f062e665-global-Monitor" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "monitor" - }, - "labels": [], - "name": "Monitor", - "type": "Monitor", - "uid": "Monitor" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. Navigate to the Monitor blade. 2. Select Alerts. 3. Select Create. 4. Select Alert rule. 5. Under Filter by subscription, choose a subscription. 6. Under Filter by resource type, select Network security groups. 7. Under Filter by location, select All. 8. From the results, select the subscription. 9. Select Done. 10. Select the Condition tab. 11. Under Signal name, click Create or Update Network Security Group (Microsoft.Network/networkSecurityGroups). 12. Select the Actions tab. 13. To use an existing action group, click Select action groups. To create a new action group, click Create action group. Fill out the appropriate details for the selection. 14. Select the Details tab. 15. Select a Resource group, provide an Alert rule name and an optional Alert rule description. 16. Click Review + create. 17. Click Create.", - "references": [ - "https://azure.microsoft.com/en-us/updates/classic-alerting-monitoring-retirement" - ] - }, - "risk_details": "Monitoring for Create or Update Network Security Group events gives insight into network access changes and may reduce the time it takes to detect suspicious activity.", - "time": 1760900493, - "time_dt": "2025-10-19T19:01:33.799774", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There is not an alert for creating/updating Public IP address rule in subscription Azure subscription 1.", - "metadata": { - "event_code": "monitor_alert_create_update_public_ip_address_rule", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "There is not an alert for creating/updating Public IP address rule in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-in/azure/azure-monitor/platform/alerts-activity-log", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "By default, no monitoring alerts are created.", - "compliance": { - "ENS-RD2022": [ - "op.mon.2.r1.az.ma.1" - ], - "MITRE-ATTACK": [ - "T1496" - ], - "CIS-2.0": [ - "5.2.9" - ], - "ProwlerThreatScore-1.0": [ - "3.3.11" - ], - "ISO27001-2022": [ - "A.5.7", - "A.8.1", - "A.8.16" - ], - "SOC2": [ - "cc_2_1", - "cc_5_2", - "cc_7_3", - "cc_7_4", - "cc_8_1" - ], - "CIS-2.1": [ - "5.2.9" - ], - "CIS-3.0": [ - "6.2.9" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR02", - "CCC.KeyMgmt.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.LB.CN04.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN07.AR02" - ], - "CIS-4.0": [ - "7.1.2.9" - ], - "NIS2": [ - "2.2.3", - "3.2.1", - "3.2.2", - "3.2.3.a", - "3.2.3.f", - "3.2.4", - "3.4.1", - "3.5.4", - "4.3.2.c", - "6.4.1", - "7.2.b", - "11.5.2.d" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900493, - "created_time_dt": "2025-10-19T19:01:33.799774", - "desc": "Create an activity log alert for the Create or Update Public IP Addresses rule.", - "title": "Ensure that Activity Log Alert exists for Create or Update Public IP Address rule", - "types": [], - "uid": "prowler-azure-monitor_alert_create_update_public_ip_address_rule-3bb71587-4549-4396-8898-9e15f062e665-global-Monitor" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "monitor" - }, - "labels": [], - "name": "Monitor", - "type": "Monitor", - "uid": "Monitor" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. Navigate to the Monitor blade. 2. Select Alerts. 3. Select Create. 4. Select Alert rule. 5. Under Filter by subscription, choose a subscription. 6. Under Filter by resource type, select Public IP addresses. 7. Under Filter by location, select All. 8. From the results, select the subscription. 9. Select Done. 10. Select the Condition tab. 11. Under Signal name, click Create or Update Public Ip Address (Microsoft.Network/publicIPAddresses). 12. Select the Actions tab. 13. To use an existing action group, click Select action groups. To create a new action group, click Create action group. Fill out the appropriate details for the selection. 14. Select the Details tab. 15. Select a Resource group, provide an Alert rule name and an optional Alert rule description. 16. Click Review + create. 17. Click Create.", - "references": [ - "https://azure.microsoft.com/en-us/updates/classic-alerting-monitoring-retirement" - ] - }, - "risk_details": "Monitoring for Create or Update Public IP Address events gives insight into network access changes and may reduce the time it takes to detect suspicious activity.", - "time": 1760900493, - "time_dt": "2025-10-19T19:01:33.799774", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There is not an alert for creating/updating Security Solution in subscription Azure subscription 1.", - "metadata": { - "event_code": "monitor_alert_create_update_security_solution", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "There is not an alert for creating/updating Security Solution in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-in/azure/azure-monitor/platform/alerts-activity-log", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "By default, no monitoring alerts are created.", - "compliance": { - "ENS-RD2022": [ - "op.mon.2.r1.az.ma.1", - "op.mon.3.r6.az.ma.1" - ], - "MITRE-ATTACK": [ - "T1496" - ], - "CIS-2.0": [ - "5.2.5" - ], - "ProwlerThreatScore-1.0": [ - "3.3.7" - ], - "ISO27001-2022": [ - "A.5.7", - "A.5.16", - "A.5.22", - "A.8.16" - ], - "SOC2": [ - "cc_2_1", - "cc_5_2", - "cc_7_3", - "cc_7_4", - "cc_8_1" - ], - "CIS-2.1": [ - "5.2.5" - ], - "CIS-3.0": [ - "6.2.5" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR02", - "CCC.KeyMgmt.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.LB.CN04.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN07.AR02" - ], - "CIS-4.0": [ - "7.1.2.5" - ], - "NIS2": [ - "2.2.3", - "3.2.1", - "3.2.2", - "3.2.3.f", - "3.2.4", - "3.4.1", - "3.5.4", - "4.3.2.c", - "6.4.1", - "7.2.b", - "11.5.2.d" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900493, - "created_time_dt": "2025-10-19T19:01:33.799774", - "desc": "Create an activity log alert for the Create or Update Security Solution event.", - "title": "Ensure that Activity Log Alert exists for Create or Update Security Solution", - "types": [], - "uid": "prowler-azure-monitor_alert_create_update_security_solution-3bb71587-4549-4396-8898-9e15f062e665-global-Monitor" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "monitor" - }, - "labels": [], - "name": "Monitor", - "type": "Monitor", - "uid": "Monitor" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. Navigate to the Monitor blade. 2. Select Alerts. 3. Select Create. 4. Select Alert rule. 5. Under Filter by subscription, choose a subscription. 6. Under Filter by resource type, select Security Solutions (securitySolutions). 7. Under Filter by location, select All. 8. From the results, select the subscription. 9. Select Done. 10. Select the Condition tab. 11. Under Signal name, click Create or Update Security Solutions (Microsoft.Security/securitySolutions). 12. Select the Actions tab. 13. To use an existing action group, click Select action groups. To create a new action group, click Create action group. Fill out the appropriate details for the selection. 14. Select the Details tab. 15. Select a Resource group, provide an Alert rule name and an optional Alert rule description. 16. Click Review + create. 17. Click Create.", - "references": [ - "https://azure.microsoft.com/en-us/updates/classic-alerting-monitoring-retirement" - ] - }, - "risk_details": "Monitoring for Create or Update Security Solution events gives insight into changes to the active security solutions and may reduce the time it takes to detect suspicious activity.", - "time": 1760900493, - "time_dt": "2025-10-19T19:01:33.799774", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There is not an alert for creating/updating SQL Server firewall rule in subscription Azure subscription 1.", - "metadata": { - "event_code": "monitor_alert_create_update_sqlserver_fr", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "There is not an alert for creating/updating SQL Server firewall rule in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-in/azure/azure-monitor/platform/alerts-activity-log", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "By default, no monitoring alerts are created.", - "compliance": { - "ENS-RD2022": [ - "op.mon.2.r1.az.ma.1" - ], - "MITRE-ATTACK": [ - "T1496" - ], - "CIS-2.0": [ - "5.2.7" - ], - "ProwlerThreatScore-1.0": [ - "3.3.9" - ], - "ISO27001-2022": [ - "A.5.7", - "A.8.16" - ], - "SOC2": [ - "cc_2_1", - "cc_5_2", - "cc_7_3", - "cc_7_4", - "cc_8_1" - ], - "CIS-2.1": [ - "5.2.7" - ], - "CIS-3.0": [ - "6.2.7" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR02", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN07.AR02" - ], - "PCI-4.0": [ - "10.2.1.1.9", - "10.2.1.1.10", - "10.2.1.1.22", - "10.2.1.2.8", - "10.2.1.2.19", - "10.2.1.3.8", - "10.2.1.3.19", - "10.2.1.4.8", - "10.2.1.4.19", - "10.2.1.5.8", - "10.2.1.5.19", - "10.2.1.6.8", - "10.2.1.6.19", - "10.2.1.7.8", - "10.2.1.7.19", - "10.2.1.8", - "10.2.1.19", - "10.2.2.8", - "10.2.2.19", - "10.3.1.8", - "10.3.1.19", - "10.4.1.1.2", - "10.4.1.2", - "10.4.2.3", - "10.6.3.9", - "10.6.3.10", - "10.6.3.24", - "10.7.1.4", - "10.7.2.4", - "5.3.4.9", - "5.3.4.22", - "A1.2.1.10", - "A1.2.1.23", - "A3.3.1.4", - "A3.5.1.4" - ], - "CIS-4.0": [ - "7.1.2.7" - ], - "NIS2": [ - "2.2.3", - "3.2.1", - "3.2.2", - "3.2.3.a", - "3.2.3.f", - "3.2.4", - "3.4.1", - "3.5.4", - "4.3.2.c", - "6.4.1", - "7.2.b", - "11.3.1", - "11.5.2.d" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900493, - "created_time_dt": "2025-10-19T19:01:33.799774", - "desc": "Create an activity log alert for the Create or Update SQL Server Firewall Rule event.", - "title": "Ensure that Activity Log Alert exists for Create or Update SQL Server Firewall Rule", - "types": [], - "uid": "prowler-azure-monitor_alert_create_update_sqlserver_fr-3bb71587-4549-4396-8898-9e15f062e665-global-Monitor" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "monitor" - }, - "labels": [], - "name": "Monitor", - "type": "Monitor", - "uid": "Monitor" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. Navigate to the Monitor blade. 2. Select Alerts. 3. Select Create. 4. Select Alert rule. 5. Under Filter by subscription, choose a subscription. 6. Under Filter by resource type, select Server Firewall Rule (servers/firewallRules). 7. Under Filter by location, select All. 8. From the results, select the subscription. 9. Select Done. 10. Select the Condition tab. 11. Under Signal name, click Create/Update server firewall rule (Microsoft.Sql/servers/firewallRules). 12. Select the Actions tab. 13. To use an existing action group, click Select action groups. To create a new action group, click Create action group. Fill out the appropriate details for the selection. 14. Select the Details tab. 15. Select a Resource group, provide an Alert rule name and an optional Alert rule description. 16. Click Review + create. 17. Click Create.", - "references": [ - "https://azure.microsoft.com/en-us/updates/classic-alerting-monitoring-retirement" - ] - }, - "risk_details": "Monitoring for Create or Update SQL Server Firewall Rule events gives insight into network access changes and may reduce the time it takes to detect suspicious activity.", - "time": 1760900493, - "time_dt": "2025-10-19T19:01:33.799774", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There is not an alert for deleting Network Security Groups in subscription Azure subscription 1.", - "metadata": { - "event_code": "monitor_alert_delete_nsg", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "There is not an alert for deleting Network Security Groups in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-in/azure/azure-monitor/platform/alerts-activity-log", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "By default, no monitoring alerts are created.", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.2" - ], - "MITRE-ATTACK": [ - "T1485", - "T1496" - ], - "CIS-2.0": [ - "5.2.4" - ], - "ProwlerThreatScore-1.0": [ - "3.3.6" - ], - "ISO27001-2022": [ - "A.5.7", - "A.8.16" - ], - "SOC2": [ - "cc_2_1", - "cc_5_2", - "cc_7_3", - "cc_7_4", - "cc_8_1" - ], - "CIS-2.1": [ - "5.2.4" - ], - "CIS-3.0": [ - "6.2.4" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR02", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN07.AR02" - ], - "CIS-4.0": [ - "7.1.2.4" - ], - "NIS2": [ - "2.2.3", - "3.2.1", - "3.2.2", - "3.2.3.a", - "3.2.3.f", - "3.2.4", - "3.4.1", - "3.5.4", - "4.3.2.c", - "6.4.1", - "7.2.b", - "11.3.1", - "11.5.2.d" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900493, - "created_time_dt": "2025-10-19T19:01:33.799774", - "desc": "Create an activity log alert for the Delete Network Security Group event.", - "title": "Ensure that Activity Log Alert exists for Delete Network Security Group", - "types": [], - "uid": "prowler-azure-monitor_alert_delete_nsg-3bb71587-4549-4396-8898-9e15f062e665-global-Monitor" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "monitor" - }, - "labels": [], - "name": "Monitor", - "type": "Monitor", - "uid": "Monitor" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. Navigate to the Monitor blade. 2. Select Alerts. 3. Select Create. 4. Select Alert rule. 5. Under Filter by subscription, choose a subscription. 6. Under Filter by resource type, select Network security groups. 7. Under Filter by location, select All. 8. From the results, select the subscription. 9. Select Done. 10. Select the Condition tab. 11. Under Signal name, click Delete Network Security Group (Microsoft.Network/networkSecurityGroups). 12. Select the Actions tab. 13. To use an existing action group, click Select action groups. To create a new action group, click Create action group. Fill out the appropriate details for the selection. 14. Select the Details tab. 15. Select a Resource group, provide an Alert rule name and an optional Alert rule description. 16. Click Review + create. 17. Click Create.", - "references": [ - "https://azure.microsoft.com/en-us/updates/classic-alerting-monitoring-retirement" - ] - }, - "risk_details": "Monitoring for 'Delete Network Security Group' events gives insight into network access changes and may reduce the time it takes to detect suspicious activity.", - "time": 1760900493, - "time_dt": "2025-10-19T19:01:33.799774", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There is not an alert for deleting policy assignment in subscription Azure subscription 1.", - "metadata": { - "event_code": "monitor_alert_delete_policy_assignment", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "There is not an alert for deleting policy assignment in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-in/rest/api/monitor/activitylogalerts/createorupdate", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "By default, no monitoring alerts are created.", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.2" - ], - "MITRE-ATTACK": [ - "T1485", - "T1496" - ], - "CIS-2.0": [ - "5.2.2" - ], - "ProwlerThreatScore-1.0": [ - "3.3.4" - ], - "ISO27001-2022": [ - "A.5.7", - "A.8.16" - ], - "SOC2": [ - "cc_2_1", - "cc_5_2", - "cc_7_3", - "cc_7_4", - "cc_8_1" - ], - "CIS-2.1": [ - "5.2.2" - ], - "CIS-3.0": [ - "6.2.2" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR02", - "CCC.Logging.CN07.AR01" - ], - "CIS-4.0": [ - "7.1.2.2" - ], - "NIS2": [ - "2.2.3", - "3.2.1", - "3.2.2", - "3.2.3.b", - "3.2.3.f", - "3.2.4", - "3.4.1", - "3.5.4", - "4.3.2.c", - "6.4.1", - "7.2.b", - "11.3.1", - "11.5.2.d" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900493, - "created_time_dt": "2025-10-19T19:01:33.799774", - "desc": "Create an activity log alert for the Delete Policy Assignment event.", - "title": "Ensure that Activity Log Alert exists for Delete Policy Assignment", - "types": [], - "uid": "prowler-azure-monitor_alert_delete_policy_assignment-3bb71587-4549-4396-8898-9e15f062e665-global-Monitor" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "monitor" - }, - "labels": [], - "name": "Monitor", - "type": "Monitor", - "uid": "Monitor" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. Navigate to the Monitor blade. 2. Select Alerts. 3. Select Create. 4. Select Alert rule. 5. Under Filter by subscription, choose a subscription. 6. Under Filter by resource type, select Policy assignment (policyAssignments). 7. Under Filter by location, select All. 8. From the results, select the subscription. 9. Select Done. 10. Select the Condition tab. 11. Under Signal name, click Delete policy assignment (Microsoft.Authorization/policyAssignments). 12. Select the Actions tab. 13. To use an existing action group, click Select action groups. To create a new action group, click Create action group. Fill out the appropriate details for the selection. 14. Select the Details tab. 15. Select a Resource group, provide an Alert rule name and an optional Alert rule description. 16. Click Review + create. 17. Click Create.", - "references": [ - "https://docs.microsoft.com/en-in/azure/azure-monitor/platform/alerts-activity-log" - ] - }, - "risk_details": "Monitoring for delete policy assignment events gives insight into changes done in 'azure policy - assignments' and can reduce the time it takes to detect unsolicited changes.", - "time": 1760900493, - "time_dt": "2025-10-19T19:01:33.799774", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There is not an alert for deleting public IP address rule in subscription Azure subscription 1.", - "metadata": { - "event_code": "monitor_alert_delete_public_ip_address_rule", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "There is not an alert for deleting public IP address rule in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-in/azure/azure-monitor/platform/alerts-activity-log", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "By default, no monitoring alerts are created.", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.2" - ], - "MITRE-ATTACK": [ - "T1485", - "T1496" - ], - "CIS-2.0": [ - "5.2.10" - ], - "ProwlerThreatScore-1.0": [ - "3.3.12" - ], - "ISO27001-2022": [ - "A.5.7", - "A.8.1", - "A.8.16" - ], - "SOC2": [ - "cc_2_1", - "cc_5_2", - "cc_7_3", - "cc_7_4", - "cc_8_1" - ], - "CIS-2.1": [ - "5.2.10" - ], - "CIS-3.0": [ - "6.2.10" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR02", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN07.AR02" - ], - "CIS-4.0": [ - "7.1.2.10" - ], - "NIS2": [ - "2.2.3", - "3.2.1", - "3.2.2", - "3.2.3.a", - "3.2.3.f", - "3.2.4", - "3.4.1", - "3.5.4", - "4.3.2.c", - "6.4.1", - "7.2.b", - "11.5.2.d" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900493, - "created_time_dt": "2025-10-19T19:01:33.799774", - "desc": "Create an activity log alert for the Delete Public IP Address rule.", - "title": "Ensure that Activity Log Alert exists for Delete Public IP Address rule", - "types": [], - "uid": "prowler-azure-monitor_alert_delete_public_ip_address_rule-3bb71587-4549-4396-8898-9e15f062e665-global-Monitor" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "monitor" - }, - "labels": [], - "name": "Monitor", - "type": "Monitor", - "uid": "Monitor" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. Navigate to the Monitor blade. 2. Select Alerts. 3. Select Create. 4. Select Alert rule. 5. Under Filter by subscription, choose a subscription. 6. Under Filter by resource type, select Public IP addresses. 7. Under Filter by location, select All. 8. From the results, select the subscription. 9. Select Done. 10. Select the Condition tab. 11. Under Signal name, click Delete Public Ip Address (Microsoft.Network/publicIPAddresses). 12. Select the Actions tab. 13. To use an existing action group, click Select action groups. To create a new action group, click Create action group. Fill out the appropriate details for the selection. 14. Select the Details tab. 15. Select a Resource group, provide an Alert rule name and an optional Alert rule description. 16. Click Review + create. 17. Click Create.", - "references": [ - "https://azure.microsoft.com/en-us/updates/classic-alerting-monitoring-retirement" - ] - }, - "risk_details": "Monitoring for Delete Public IP Address events gives insight into network access changes and may reduce the time it takes to detect suspicious activity.", - "time": 1760900493, - "time_dt": "2025-10-19T19:01:33.799774", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There is not an alert for deleting Security Solution in subscription Azure subscription 1.", - "metadata": { - "event_code": "monitor_alert_delete_security_solution", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "There is not an alert for deleting Security Solution in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-in/azure/azure-monitor/platform/alerts-activity-log", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "By default, no monitoring alerts are created.", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.2" - ], - "MITRE-ATTACK": [ - "T1485", - "T1496" - ], - "CIS-2.0": [ - "5.2.6" - ], - "ProwlerThreatScore-1.0": [ - "3.3.8" - ], - "ISO27001-2022": [ - "A.5.7", - "A.5.16", - "A.5.22", - "A.8.16" - ], - "SOC2": [ - "cc_2_1", - "cc_5_2", - "cc_7_3", - "cc_7_4", - "cc_8_1" - ], - "CIS-2.1": [ - "5.2.6" - ], - "CIS-3.0": [ - "6.2.6" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR02", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN07.AR02" - ], - "CIS-4.0": [ - "7.1.2.6" - ], - "NIS2": [ - "2.2.3", - "3.2.1", - "3.2.2", - "3.2.3.f", - "3.2.4", - "3.4.1", - "3.5.4", - "4.3.2.c", - "6.4.1", - "7.2.b", - "11.5.2.d" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900493, - "created_time_dt": "2025-10-19T19:01:33.799774", - "desc": "Create an activity log alert for the Delete Security Solution event.", - "title": "Ensure that Activity Log Alert exists for Delete Security Solution", - "types": [], - "uid": "prowler-azure-monitor_alert_delete_security_solution-3bb71587-4549-4396-8898-9e15f062e665-global-Monitor" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "monitor" - }, - "labels": [], - "name": "Monitor", - "type": "Monitor", - "uid": "Monitor" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. Navigate to the Monitor blade. 2. Select Alerts. 3. Select Create. 4. Select Alert rule. 5. Under Filter by subscription, choose a subscription. 6. Under Filter by resource type, select Security Solutions (securitySolutions). 7. Under Filter by location, select All. 8. From the results, select the subscription. 9. Select Done. 10. Select the Condition tab. 11. Under Signal name, click Delete Security Solutions (Microsoft.Security/securitySolutions). 12. Select the Actions tab. 13. To use an existing action group, click Select action groups. To create a new action group, click Create action group. Fill out the appropriate details for the selection. 14. Select the Details tab. 15. Select a Resource group, provide an Alert rule name and an optional Alert rule description. 16. Click Review + create. 17. Click Create.curitySolutions). 7. Under Filter by location, select All. 8. From the results, select the subscription. 9. Select Done. 10. Select the Condition tab. 11. Under Signal name, click Create or Update Security Solutions (Microsoft.Security/securitySolutions). 12. Select the Actions tab. 13. To use an existing action group, click Select action groups. To create a new action group, click Create action group. Fill out the appropriate details for the selection. 14. Select the Details tab. 15. Select a Resource group, provide an Alert rule name and an optional Alert rule description. 16. Click Review + create. 17. Click Create.", - "references": [ - "https://azure.microsoft.com/en-us/updates/classic-alerting-monitoring-retirement" - ] - }, - "risk_details": "Monitoring for Delete Security Solution events gives insight into changes to the active security solutions and may reduce the time it takes to detect suspicious activity.", - "time": 1760900493, - "time_dt": "2025-10-19T19:01:33.799774", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There is not an alert for deleting SQL Server firewall rule in subscription Azure subscription 1.", - "metadata": { - "event_code": "monitor_alert_delete_sqlserver_fr", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "There is not an alert for deleting SQL Server firewall rule in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-in/azure/azure-monitor/platform/alerts-activity-log", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "By default, no monitoring alerts are created.", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.2" - ], - "MITRE-ATTACK": [ - "T1485", - "T1496" - ], - "CIS-2.0": [ - "5.2.8" - ], - "ProwlerThreatScore-1.0": [ - "3.3.10" - ], - "ISO27001-2022": [ - "A.5.7", - "A.8.16" - ], - "SOC2": [ - "cc_2_1", - "cc_5_2", - "cc_7_3", - "cc_7_4", - "cc_8_1" - ], - "CIS-2.1": [ - "5.2.8" - ], - "CIS-3.0": [ - "6.2.8" - ], - "CCC": [ - "CCC.Logging.CN07.AR01" - ], - "CIS-4.0": [ - "7.1.2.8" - ], - "NIS2": [ - "2.2.3", - "3.2.1", - "3.2.2", - "3.2.3.f", - "3.2.4", - "3.4.1", - "3.5.4", - "4.3.2.c", - "6.4.1", - "7.2.b", - "11.3.1", - "11.5.2.d" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900493, - "created_time_dt": "2025-10-19T19:01:33.799774", - "desc": "Create an activity log alert for the 'Delete SQL Server Firewall Rule.'", - "title": "Ensure that Activity Log Alert exists for Delete SQL Server Firewall Rule", - "types": [], - "uid": "prowler-azure-monitor_alert_delete_sqlserver_fr-3bb71587-4549-4396-8898-9e15f062e665-global-Monitor" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "monitor" - }, - "labels": [], - "name": "Monitor", - "type": "Monitor", - "uid": "Monitor" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. Navigate to the Monitor blade. 2. Select Alerts. 3. Select Create. 4. Select Alert rule. 5. Under Filter by subscription, choose a subscription. 6. Under Filter by resource type, select Server Firewall Rule (servers/firewallRules). 7. Under Filter by location, select All. 8. From the results, select the subscription. 9. Select Done. 10. Select the Condition tab. 11. Under Signal name, click Delete server firewall rule (Microsoft.Sql/servers/firewallRules). 12. Select the Actions tab. 13. To use an existing action group, click Select action groups. To create a new action group, click Create action group. Fill out the appropriate details for the selection. 14. Select the Details tab. 15. Select a Resource group, provide an Alert rule name and an optional Alert rule description. 16. Click Review + create. 17. Click Create.", - "references": [ - "https://azure.microsoft.com/en-us/updates/classic-alerting-monitoring-retirement" - ] - }, - "risk_details": "Monitoring for Delete SQL Server Firewall Rule events gives insight into SQL network access changes and may reduce the time it takes to detect suspicious activity.", - "time": 1760900493, - "time_dt": "2025-10-19T19:01:33.799774", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There is no activity log alert for Service Health in subscription Azure subscription 1.", - "metadata": { - "event_code": "monitor_alert_service_health_exists", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "There is no activity log alert for Service Health in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/service-health/overview", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "By default, in your Azure subscription there will not be any activity log alerts configured for Service Health events.", - "compliance": { - "CCC": [ - "CCC.AuditLog.CN03.AR02", - "CCC.KeyMgmt.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN07.AR02" - ], - "CIS-4.0": [ - "7.1.2.11" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900493, - "created_time_dt": "2025-10-19T19:01:33.799774", - "desc": "Ensure that an Azure activity log alert is configured to trigger when Service Health events occur within your Microsoft Azure cloud account. The alert should activate when new events match the specified conditions in the alert rule configuration.", - "title": "Ensure that an Activity Log Alert exists for Service Health", - "types": [], - "uid": "prowler-azure-monitor_alert_service_health_exists-3bb71587-4549-4396-8898-9e15f062e665-global-Monitor" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "monitor" - }, - "labels": [], - "name": "Monitor", - "type": "Monitor", - "uid": "Monitor" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "Create an activity log alert for Service Health events and configure an action group to notify appropriate personnel.", - "references": [ - "https://learn.microsoft.com/en-us/azure/service-health/alerts-activity-log-service-notifications-portal" - ] - }, - "risk_details": "Lack of monitoring for Service Health events may result in missing critical service issues, planned maintenance, security advisories, or other changes that could impact Azure services and regions in use.", - "time": 1760900493, - "time_dt": "2025-10-19T19:01:33.799774", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There are no diagnostic settings capturing appropiate categories in subscription Azure subscription 1.", - "metadata": { - "event_code": "monitor_diagnostic_setting_with_appropriate_categories", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "There are no diagnostic settings capturing appropiate categories in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/azure-monitor/essentials/diagnostic-settings", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "When the diagnostic setting is created using Azure Portal, by default no categories are selected.", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.az.md.1", - "op.mon.2.az.md.1" - ], - "CIS-2.0": [ - "5.1.2" - ], - "ProwlerThreatScore-1.0": [ - "3.3.2" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.22" - ], - "SOC2": [ - "cc_8_1" - ], - "CIS-2.1": [ - "5.1.2" - ], - "CIS-3.0": [ - "6.1.2" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR02", - "CCC.AuditLog.CN04.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.LB.CN01.AR02", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.ObjStor.CN06.AR01", - "CCC.Core.CN09.AR02", - "CCC.Core.CN09.AR03", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR02", - "CCC.Core.CN04.AR03", - "CCC.Core.CN07.AR02" - ], - "PCI-4.0": [ - "10.2.1.1.7", - "10.2.1.1.15", - "10.2.1.2.7", - "10.2.1.3.7", - "10.2.1.4.7", - "10.2.1.5.7", - "10.2.1.6.7", - "10.2.1.7.7", - "10.2.1.7", - "10.2.2.7", - "10.3.1.7", - "10.3.2.2", - "10.3.3.4", - "10.3.4.3", - "10.4.1.1.3", - "10.4.1.1.4", - "10.4.1.3", - "10.4.2.4", - "10.5.1.3", - "10.6.3.7", - "10.6.3.15", - "10.7.1.5", - "10.7.2.5", - "11.5.2.4", - "11.6.1.4", - "12.10.5.4", - "5.3.4.7", - "5.3.4.8", - "A1.2.1.7", - "A1.2.1.8", - "A3.3.1.6", - "A3.3.1.7", - "A3.5.1.6", - "A3.5.1.7" - ], - "CIS-4.0": [ - "7.1.1.2" - ], - "NIS2": [ - "2.2.3", - "3.2.1", - "3.2.2", - "3.2.3.c", - "3.2.3.f", - "3.4.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900493, - "created_time_dt": "2025-10-19T19:01:33.799774", - "desc": "Prerequisite: A Diagnostic Setting must exist. If a Diagnostic Setting does not exist, the navigation and options within this recommendation will not be available. Please review the recommendation at the beginning of this subsection titled: 'Ensure that a 'Diagnostic Setting' exists.' The diagnostic setting should be configured to log the appropriate activities from the control/management plane.", - "title": "Ensure Diagnostic Setting captures appropriate categories", - "types": [], - "uid": "prowler-azure-monitor_diagnostic_setting_with_appropriate_categories-3bb71587-4549-4396-8898-9e15f062e665-global-Monitor" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "monitor" - }, - "labels": [], - "name": "Monitor", - "type": "Monitor", - "uid": "Monitor" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. Go to Azure Monitor 2. Click Activity log 3. Click on Export Activity Logs 4. Select the Subscription from the drop down menu 5. Click on Add diagnostic setting 6. Enter a name for your new Diagnostic Setting 7. Check the following categories: Administrative, Alert, Policy, and Security 8. Choose the destination details according to your organization's needs.", - "references": [ - "https://learn.microsoft.com/en-us/azure/storage/common/manage-storage-analytics-logs?toc=%2Fazure%2Fstorage%2Fblobs%2Ftoc.json&bc=%2Fazure%2Fstorage%2Fblobs%2Fbreadcrumb%2Ftoc.json&tabs=azure-portal" - ] - }, - "risk_details": "A diagnostic setting controls how the diagnostic log is exported. Capturing the diagnostic setting categories for appropriate control/management plane activities allows proper alerting.", - "time": 1760900493, - "time_dt": "2025-10-19T19:01:33.799774", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No diagnostic settings found in subscription Azure subscription 1.", - "metadata": { - "event_code": "monitor_diagnostic_settings_exists", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "No diagnostic settings found in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/cli/azure/monitor/diagnostic-settings?view=azure-cli-latest", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "By default, diagnostic setting is not set.", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.r5.az.ds.1", - "op.mon.2.r2.az.ma.1" - ], - "CIS-2.0": [ - "5.1.1" - ], - "ProwlerThreatScore-1.0": [ - "3.2.3" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.22" - ], - "SOC2": [ - "cc_8_1" - ], - "CIS-2.1": [ - "5.1.1" - ], - "CIS-3.0": [ - "6.1.1" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN03.AR02", - "CCC.AuditLog.CN04.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.AuditLog.CN06.AR01", - "CCC.AuditLog.CN08.AR01", - "CCC.AuditLog.CN09.AR01", - "CCC.KeyMgmt.CN01.AR01", - "CCC.LB.CN01.AR02", - "CCC.LB.CN06.AR01", - "CCC.LB.CN04.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.AuditLog.CN04.AR01", - "CCC.Logging.CN05.AR01", - "CCC.Logging.CN05.AR02", - "CCC.Logging.CN07.AR01", - "CCC.ObjStor.CN06.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN09.AR01", - "CCC.Core.CN09.AR02", - "CCC.Core.CN09.AR03", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR02", - "CCC.Core.CN04.AR03", - "CCC.Core.CN07.AR02" - ], - "CIS-4.0": [ - "7.1.1.1" - ], - "NIS2": [ - "2.2.3", - "3.2.1", - "3.2.2", - "3.2.3.b", - "3.2.3.c", - "3.2.3.f", - "3.2.3.h", - "3.4.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900493, - "created_time_dt": "2025-10-19T19:01:33.799774", - "desc": "Enable Diagnostic settings for exporting activity logs. Diagnostic settings are available for each individual resource within a subscription. Settings should be configured for all appropriate resources for your environment.", - "title": "Ensure that a 'Diagnostic Setting' exists for Subscription Activity Logs ", - "types": [], - "uid": "prowler-azure-monitor_diagnostic_settings_exists-3bb71587-4549-4396-8898-9e15f062e665-global-Diagnostic Settings" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "monitor" - }, - "labels": [], - "name": "Diagnostic Settings", - "type": "Monitor", - "uid": "diagnostic_settings" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "To enable Diagnostic Settings on a Subscription: 1. Go to Monitor 2. Click on Activity Log 3. Click on Export Activity Logs 4. Click + Add diagnostic setting 5. Enter a Diagnostic setting name 6. Select Categories for the diagnostic settings 7. Select the appropriate Destination details (this may be Log Analytics, Storage Account, Event Hub, or Partner solution) 8. Click Save To enable Diagnostic Settings on a specific resource: 1. Go to Monitor 2. Click Diagnostic settings 3. Click on the resource that has a diagnostics status of disabled 4. Select Add Diagnostic Setting 5. Enter a Diagnostic setting name 6. Select the appropriate log, metric, and destination. (this may be Log Analytics, Storage Account, Event Hub, or Partner solution) 7. Click save Repeat these step for all resources as needed.", - "references": [ - "https://docs.microsoft.com/en-us/azure/monitoring-and-diagnostics/monitoring-overview-activity-logs#export-the-activity-log-with-a-log-profile" - ] - }, - "risk_details": "A diagnostic setting controls how a diagnostic log is exported. By default, logs are retained only for 90 days. Diagnostic settings should be defined so that logs can be exported and stored for a longer duration in order to analyze security activities within an Azure subscription.", - "time": 1760900493, - "time_dt": "2025-10-19T19:01:33.799774", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Bastion Host from subscription Azure subscription 1 does not exist", - "metadata": { - "event_code": "network_bastion_host_exists", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Bastion Host from subscription Azure subscription 1 does not exist", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/bastion/bastion-overview#sku", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "The Azure Bastion service incurs additional costs and requires a specific virtual network configuration. The Standard tier offers additional configuration options compared to the Basic tier and may incur additional costs for those added features.", - "compliance": { - "ENS-RD2022": [ - "mp.com.4.r4.az.nt.1" - ], - "CIS-2.0": [ - "7.1" - ], - "ProwlerThreatScore-1.0": [ - "2.1.5" - ], - "ISO27001-2022": [ - "A.8.14", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "CIS-2.1": [ - "7.1" - ], - "CIS-3.0": [ - "8.1" - ], - "CIS-4.0": [ - "9.4.1" - ], - "NIS2": [ - "2.3.1", - "6.7.2.b", - "6.7.2.l", - "11.1.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900493, - "created_time_dt": "2025-10-19T19:01:33.799774", - "desc": "The Azure Bastion service allows secure remote access to Azure Virtual Machines over the Internet without exposing remote access protocol ports and services directly to the Internet. The Azure Bastion service provides this access using TLS over 443/TCP, and subscribes to hardened configurations within an organization's Azure Active Directory service.", - "title": "Ensure an Azure Bastion Host Exists", - "types": [], - "uid": "prowler-azure-network_bastion_host_exists-3bb71587-4549-4396-8898-9e15f062e665-global-Bastion Host" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "network" - }, - "labels": [], - "name": "Bastion Host", - "type": "Network", - "uid": "Bastion Host" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "From Azure Portal* 1. Click on Bastions 2. Select the Subscription 3. Select the Resource group 4. Type a Name for the new Bastion host 5. Select a Region 6. Choose Standard next to Tier 7. Use the slider to set the Instance count 8. Select the Virtual network or Create new 9. Select the Subnet named AzureBastionSubnet. Create a Subnet named AzureBastionSubnet using a /26 CIDR range if it doesn't already exist. 10. Selct the appropriate Public IP address option. 11. If Create new is selected for the Public IP address option, provide a Public IP address name. 12. If Use existing is selected for Public IP address option, select an IP address from Choose public IP address 13. Click Next: Tags > 14. Configure the appropriate Tags 15. Click Next: Advanced > 16. Select the appropriate Advanced options 17. Click Next: Review + create > 18. Click Create From Azure CLI az network bastion create --location --name --public-ip-address --resource-group --vnet-name --scale-units --sku Standard [--disable-copy- paste true|false] [--enable-ip-connect true|false] [--enable-tunneling true|false] From PowerShell Create the appropriate Virtual network settings and Public IP Address settings. $subnetName = 'AzureBastionSubnet' $subnet = New-AzVirtualNetworkSubnetConfig -Name $subnetName -AddressPrefix $virtualNet = New-AzVirtualNetwork -Name - ResourceGroupName -Location -AddressPrefix -Subnet $subnet $publicip = New-AzPublicIpAddress -ResourceGroupName - Name -Location -AllocationMethod Dynamic -Sku Standard", - "references": [ - "https://learn.microsoft.com/en-us/powershell/module/az.network/get-azbastion?view=azps-9.2.0" - ] - }, - "risk_details": "The Azure Bastion service allows organizations a more secure means of accessing Azure Virtual Machines over the Internet without assigning public IP addresses to those Virtual Machines. The Azure Bastion service provides Remote Desktop Protocol (RDP) and Secure Shell (SSH) access to Virtual Machines using TLS within a web browser, thus preventing organizations from opening up 3389/TCP and 22/TCP to the Internet on Azure Virtual Machines. Additional benefits of the Bastion service includes Multi-Factor Authentication, Conditional Access Policies, and any other hardening measures configured within Azure Active Directory using a central point of access.", - "time": 1760900493, - "time_dt": "2025-10-19T19:01:33.799774", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Network Watcher NetworkWatcher_southcentralus from subscription Azure subscription 1 has no flow logs", - "metadata": { - "event_code": "network_flow_log_captured_sent", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Network Watcher NetworkWatcher_southcentralus from subscription Azure subscription 1 has no flow logs", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/security/benchmark/azure/mcsb-logging-threat-detection#lt-4-enable-network-logging-for-security-investigation", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "The impact of configuring NSG Flow logs is primarily one of cost and configuration. If deployed, it will create storage accounts that hold minimal amounts of data on a 5-day lifecycle before feeding to Log Analytics Workspace. This will increase the amount of data stored and used by Azure Monitor.", - "compliance": { - "ENS-RD2022": [ - "op.mon.1.r1.az.nf.1", - "op.mon.3.az.nw.1", - "mp.s.4.r1.az.nt.1" - ], - "MITRE-ATTACK": [ - "T1048", - "T1499" - ], - "CIS-2.0": [ - "5.1.6" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "ISO27001-2022": [ - "A.8.14", - "A.8.15", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "5.1.5" - ], - "CIS-3.0": [ - "6.1.5" - ], - "CCC": [ - "CCC.LB.CN01.AR02", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR01", - "CCC.Core.CN09.AR03", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR02", - "CCC.Core.CN04.AR03" - ], - "CIS-4.0": [ - "7.1.1.5" - ], - "NIS2": [ - "2.1.2.h", - "2.3.1", - "3.2.3.a", - "3.2.3.d", - "3.2.3.g", - "6.7.2.b", - "6.7.2.l", - "11.1.1", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900493, - "created_time_dt": "2025-10-19T19:01:33.799774", - "desc": "Ensure that network flow logs are captured and fed into a central log analytics workspace.", - "title": "Ensure that network flow logs are captured and fed into a central log analytics workspace.", - "types": [], - "uid": "prowler-azure-network_flow_log_captured_sent-3bb71587-4549-4396-8898-9e15f062e665-southcentralus-NetworkWatcher_southcentralus" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "southcentralus", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_southcentralus", - "name": "NetworkWatcher_southcentralus", - "location": "southcentralus", - "flow_logs": [] - } - }, - "group": { - "name": "network" - }, - "labels": [], - "name": "NetworkWatcher_southcentralus", - "type": "Network", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_southcentralus" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "southcentralus" - }, - "remediation": { - "desc": "1. Navigate to Network Watcher. 2. Select NSG flow logs. 3. Select + Create. 4. Select the desired Subscription. 5. Select + Select NSG. 6. Select a network security group. 7. Click Confirm selection. 8. Select or create a new Storage Account. 9. Input the retention in days to retain the log. 10. Click Next. 11. Under Configuration, select Version 2. 12. If rich analytics are required, select Enable Traffic Analytics, a processing interval, and a Log Analytics Workspace. 13. Select Next. 14. Optionally add Tags. 15. Select Review + create. 16. Select Create. Warning The remediation policy creates remediation deployment and names them by concatenating the subscription name and the resource group name. The MAXIMUM permitted length of a deployment name is 64 characters. Exceeding this will cause the remediation task to fail.", - "references": [ - "https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-nsg-flow-logging-portal" - ] - }, - "risk_details": "Network Flow Logs provide valuable insight into the flow of traffic around your network and feed into both Azure Monitor and Azure Sentinel (if in use), permitting the generation of visual flow diagrams to aid with analyzing for lateral movement, etc.", - "time": 1760900493, - "time_dt": "2025-10-19T19:01:33.799774", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Network Watcher NetworkWatcher_centralindia from subscription Azure subscription 1 has no flow logs", - "metadata": { - "event_code": "network_flow_log_captured_sent", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Network Watcher NetworkWatcher_centralindia from subscription Azure subscription 1 has no flow logs", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/security/benchmark/azure/mcsb-logging-threat-detection#lt-4-enable-network-logging-for-security-investigation", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "The impact of configuring NSG Flow logs is primarily one of cost and configuration. If deployed, it will create storage accounts that hold minimal amounts of data on a 5-day lifecycle before feeding to Log Analytics Workspace. This will increase the amount of data stored and used by Azure Monitor.", - "compliance": { - "ENS-RD2022": [ - "op.mon.1.r1.az.nf.1", - "op.mon.3.az.nw.1", - "mp.s.4.r1.az.nt.1" - ], - "MITRE-ATTACK": [ - "T1048", - "T1499" - ], - "CIS-2.0": [ - "5.1.6" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "ISO27001-2022": [ - "A.8.14", - "A.8.15", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "5.1.5" - ], - "CIS-3.0": [ - "6.1.5" - ], - "CCC": [ - "CCC.LB.CN01.AR02", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR01", - "CCC.Core.CN09.AR03", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR02", - "CCC.Core.CN04.AR03" - ], - "CIS-4.0": [ - "7.1.1.5" - ], - "NIS2": [ - "2.1.2.h", - "2.3.1", - "3.2.3.a", - "3.2.3.d", - "3.2.3.g", - "6.7.2.b", - "6.7.2.l", - "11.1.1", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900493, - "created_time_dt": "2025-10-19T19:01:33.799774", - "desc": "Ensure that network flow logs are captured and fed into a central log analytics workspace.", - "title": "Ensure that network flow logs are captured and fed into a central log analytics workspace.", - "types": [], - "uid": "prowler-azure-network_flow_log_captured_sent-3bb71587-4549-4396-8898-9e15f062e665-centralindia-NetworkWatcher_centralindia" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "centralindia", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_centralindia", - "name": "NetworkWatcher_centralindia", - "location": "centralindia", - "flow_logs": [] - } - }, - "group": { - "name": "network" - }, - "labels": [], - "name": "NetworkWatcher_centralindia", - "type": "Network", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_centralindia" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "centralindia" - }, - "remediation": { - "desc": "1. Navigate to Network Watcher. 2. Select NSG flow logs. 3. Select + Create. 4. Select the desired Subscription. 5. Select + Select NSG. 6. Select a network security group. 7. Click Confirm selection. 8. Select or create a new Storage Account. 9. Input the retention in days to retain the log. 10. Click Next. 11. Under Configuration, select Version 2. 12. If rich analytics are required, select Enable Traffic Analytics, a processing interval, and a Log Analytics Workspace. 13. Select Next. 14. Optionally add Tags. 15. Select Review + create. 16. Select Create. Warning The remediation policy creates remediation deployment and names them by concatenating the subscription name and the resource group name. The MAXIMUM permitted length of a deployment name is 64 characters. Exceeding this will cause the remediation task to fail.", - "references": [ - "https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-nsg-flow-logging-portal" - ] - }, - "risk_details": "Network Flow Logs provide valuable insight into the flow of traffic around your network and feed into both Azure Monitor and Azure Sentinel (if in use), permitting the generation of visual flow diagrams to aid with analyzing for lateral movement, etc.", - "time": 1760900493, - "time_dt": "2025-10-19T19:01:33.799774", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Network Watcher NetworkWatcher_westus2 from subscription Azure subscription 1 has no flow logs", - "metadata": { - "event_code": "network_flow_log_captured_sent", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Network Watcher NetworkWatcher_westus2 from subscription Azure subscription 1 has no flow logs", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/security/benchmark/azure/mcsb-logging-threat-detection#lt-4-enable-network-logging-for-security-investigation", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "The impact of configuring NSG Flow logs is primarily one of cost and configuration. If deployed, it will create storage accounts that hold minimal amounts of data on a 5-day lifecycle before feeding to Log Analytics Workspace. This will increase the amount of data stored and used by Azure Monitor.", - "compliance": { - "ENS-RD2022": [ - "op.mon.1.r1.az.nf.1", - "op.mon.3.az.nw.1", - "mp.s.4.r1.az.nt.1" - ], - "MITRE-ATTACK": [ - "T1048", - "T1499" - ], - "CIS-2.0": [ - "5.1.6" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "ISO27001-2022": [ - "A.8.14", - "A.8.15", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "5.1.5" - ], - "CIS-3.0": [ - "6.1.5" - ], - "CCC": [ - "CCC.LB.CN01.AR02", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR01", - "CCC.Core.CN09.AR03", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR02", - "CCC.Core.CN04.AR03" - ], - "CIS-4.0": [ - "7.1.1.5" - ], - "NIS2": [ - "2.1.2.h", - "2.3.1", - "3.2.3.a", - "3.2.3.d", - "3.2.3.g", - "6.7.2.b", - "6.7.2.l", - "11.1.1", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900493, - "created_time_dt": "2025-10-19T19:01:33.799774", - "desc": "Ensure that network flow logs are captured and fed into a central log analytics workspace.", - "title": "Ensure that network flow logs are captured and fed into a central log analytics workspace.", - "types": [], - "uid": "prowler-azure-network_flow_log_captured_sent-3bb71587-4549-4396-8898-9e15f062e665-westus2-NetworkWatcher_westus2" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "westus2", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_westus2", - "name": "NetworkWatcher_westus2", - "location": "westus2", - "flow_logs": [] - } - }, - "group": { - "name": "network" - }, - "labels": [], - "name": "NetworkWatcher_westus2", - "type": "Network", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_westus2" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "westus2" - }, - "remediation": { - "desc": "1. Navigate to Network Watcher. 2. Select NSG flow logs. 3. Select + Create. 4. Select the desired Subscription. 5. Select + Select NSG. 6. Select a network security group. 7. Click Confirm selection. 8. Select or create a new Storage Account. 9. Input the retention in days to retain the log. 10. Click Next. 11. Under Configuration, select Version 2. 12. If rich analytics are required, select Enable Traffic Analytics, a processing interval, and a Log Analytics Workspace. 13. Select Next. 14. Optionally add Tags. 15. Select Review + create. 16. Select Create. Warning The remediation policy creates remediation deployment and names them by concatenating the subscription name and the resource group name. The MAXIMUM permitted length of a deployment name is 64 characters. Exceeding this will cause the remediation task to fail.", - "references": [ - "https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-nsg-flow-logging-portal" - ] - }, - "risk_details": "Network Flow Logs provide valuable insight into the flow of traffic around your network and feed into both Azure Monitor and Azure Sentinel (if in use), permitting the generation of visual flow diagrams to aid with analyzing for lateral movement, etc.", - "time": 1760900493, - "time_dt": "2025-10-19T19:01:33.799774", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Network Watcher NetworkWatcher_swedencentral from subscription Azure subscription 1 has no flow logs", - "metadata": { - "event_code": "network_flow_log_captured_sent", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Network Watcher NetworkWatcher_swedencentral from subscription Azure subscription 1 has no flow logs", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/security/benchmark/azure/mcsb-logging-threat-detection#lt-4-enable-network-logging-for-security-investigation", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "The impact of configuring NSG Flow logs is primarily one of cost and configuration. If deployed, it will create storage accounts that hold minimal amounts of data on a 5-day lifecycle before feeding to Log Analytics Workspace. This will increase the amount of data stored and used by Azure Monitor.", - "compliance": { - "ENS-RD2022": [ - "op.mon.1.r1.az.nf.1", - "op.mon.3.az.nw.1", - "mp.s.4.r1.az.nt.1" - ], - "MITRE-ATTACK": [ - "T1048", - "T1499" - ], - "CIS-2.0": [ - "5.1.6" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "ISO27001-2022": [ - "A.8.14", - "A.8.15", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "5.1.5" - ], - "CIS-3.0": [ - "6.1.5" - ], - "CCC": [ - "CCC.LB.CN01.AR02", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR01", - "CCC.Core.CN09.AR03", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR02", - "CCC.Core.CN04.AR03" - ], - "CIS-4.0": [ - "7.1.1.5" - ], - "NIS2": [ - "2.1.2.h", - "2.3.1", - "3.2.3.a", - "3.2.3.d", - "3.2.3.g", - "6.7.2.b", - "6.7.2.l", - "11.1.1", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900493, - "created_time_dt": "2025-10-19T19:01:33.799774", - "desc": "Ensure that network flow logs are captured and fed into a central log analytics workspace.", - "title": "Ensure that network flow logs are captured and fed into a central log analytics workspace.", - "types": [], - "uid": "prowler-azure-network_flow_log_captured_sent-3bb71587-4549-4396-8898-9e15f062e665-swedencentral-NetworkWatcher_swedencentral" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "swedencentral", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_swedencentral", - "name": "NetworkWatcher_swedencentral", - "location": "swedencentral", - "flow_logs": [] - } - }, - "group": { - "name": "network" - }, - "labels": [], - "name": "NetworkWatcher_swedencentral", - "type": "Network", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_swedencentral" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "swedencentral" - }, - "remediation": { - "desc": "1. Navigate to Network Watcher. 2. Select NSG flow logs. 3. Select + Create. 4. Select the desired Subscription. 5. Select + Select NSG. 6. Select a network security group. 7. Click Confirm selection. 8. Select or create a new Storage Account. 9. Input the retention in days to retain the log. 10. Click Next. 11. Under Configuration, select Version 2. 12. If rich analytics are required, select Enable Traffic Analytics, a processing interval, and a Log Analytics Workspace. 13. Select Next. 14. Optionally add Tags. 15. Select Review + create. 16. Select Create. Warning The remediation policy creates remediation deployment and names them by concatenating the subscription name and the resource group name. The MAXIMUM permitted length of a deployment name is 64 characters. Exceeding this will cause the remediation task to fail.", - "references": [ - "https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-nsg-flow-logging-portal" - ] - }, - "risk_details": "Network Flow Logs provide valuable insight into the flow of traffic around your network and feed into both Azure Monitor and Azure Sentinel (if in use), permitting the generation of visual flow diagrams to aid with analyzing for lateral movement, etc.", - "time": 1760900493, - "time_dt": "2025-10-19T19:01:33.799774", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Network Watcher NetworkWatcher_southcentralus from subscription Azure subscription 1 has no flow logs", - "metadata": { - "event_code": "network_flow_log_more_than_90_days", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Network Watcher NetworkWatcher_southcentralus from subscription Azure subscription 1 has no flow logs", - "status_id": 1, - "unmapped": { - "related_url": " https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-nsg-flow-logging-overview", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "This will keep IP traffic logs for longer than 90 days. As a level 2, first determine your need to retain data, then apply your selection here. As this is data stored for longer, your monthly storage costs will increase depending on your data use.", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.r3.az.nt.1", - "op.mon.3.az.nw.1" - ], - "MITRE-ATTACK": [ - "T1499" - ], - "CIS-2.0": [ - "6.5" - ], - "ProwlerThreatScore-1.0": [ - "3.2.1" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1", - "cc_c_1_2" - ], - "CIS-2.1": [ - "6.5" - ], - "CIS-3.0": [ - "7.5" - ], - "CCC": [ - "CCC.Logging.CN02.AR01", - "CCC.Logging.CN02.AR02", - "CCC.VPC.CN04.AR01" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.29", - "10.2.1.3.29", - "10.2.1.4.29", - "10.2.1.5.29", - "10.2.1.6.29", - "10.2.1.7.29", - "10.2.1.29", - "10.2.2.29", - "10.3.1.29", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.34" - ], - "CIS-4.0": [ - "8.8", - "8.5" - ], - "NIS2": [ - "1.1.1.c", - "2.1.2.h", - "2.3.1", - "3.2.3.a", - "3.2.3.g", - "3.2.5", - "4.1.2.g", - "4.1.4", - "4.2.2.f", - "6.1.2.b", - "6.7.2.b", - "6.7.2.l", - "11.1.1", - "11.2.2.f", - "12.2.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900493, - "created_time_dt": "2025-10-19T19:01:33.799774", - "desc": "Network Security Group Flow Logs should be enabled and the retention period set to greater than or equal to 90 days.", - "title": "Ensure that Network Security Group Flow Log retention period is 0, 90 days or greater", - "types": [], - "uid": "prowler-azure-network_flow_log_more_than_90_days-3bb71587-4549-4396-8898-9e15f062e665-southcentralus-NetworkWatcher_southcentralus" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "southcentralus", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_southcentralus", - "name": "NetworkWatcher_southcentralus", - "location": "southcentralus", - "flow_logs": [] - } - }, - "group": { - "name": "network" - }, - "labels": [], - "name": "NetworkWatcher_southcentralus", - "type": "Network", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_southcentralus" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "southcentralus" - }, - "remediation": { - "desc": "From Azure Portal 1. Go to Network Watcher 2. Select NSG flow logs blade in the Logs section 3. Select each Network Security Group from the list 4. Ensure Status is set to On 5. Ensure Retention (days) setting greater than 90 days 6. Select your storage account in the Storage account field 7. Select Save From Azure CLI Enable the NSG flow logs and set the Retention (days) to greater than or equal to 90 days. az network watcher flow-log configure --nsg --enabled true --resource-group --retention 91 --storage-account ", - "references": [ - "https://docs.microsoft.com/en-us/cli/azure/network/watcher/flow-log?view=azure-cli-latest" - ] - }, - "risk_details": "Flow logs enable capturing information about IP traffic flowing in and out of network security groups. Logs can be used to check for anomalies and give insight into suspected breaches.", - "time": 1760900493, - "time_dt": "2025-10-19T19:01:33.799774", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Network Watcher NetworkWatcher_centralindia from subscription Azure subscription 1 has no flow logs", - "metadata": { - "event_code": "network_flow_log_more_than_90_days", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Network Watcher NetworkWatcher_centralindia from subscription Azure subscription 1 has no flow logs", - "status_id": 1, - "unmapped": { - "related_url": " https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-nsg-flow-logging-overview", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "This will keep IP traffic logs for longer than 90 days. As a level 2, first determine your need to retain data, then apply your selection here. As this is data stored for longer, your monthly storage costs will increase depending on your data use.", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.r3.az.nt.1", - "op.mon.3.az.nw.1" - ], - "MITRE-ATTACK": [ - "T1499" - ], - "CIS-2.0": [ - "6.5" - ], - "ProwlerThreatScore-1.0": [ - "3.2.1" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1", - "cc_c_1_2" - ], - "CIS-2.1": [ - "6.5" - ], - "CIS-3.0": [ - "7.5" - ], - "CCC": [ - "CCC.Logging.CN02.AR01", - "CCC.Logging.CN02.AR02", - "CCC.VPC.CN04.AR01" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.29", - "10.2.1.3.29", - "10.2.1.4.29", - "10.2.1.5.29", - "10.2.1.6.29", - "10.2.1.7.29", - "10.2.1.29", - "10.2.2.29", - "10.3.1.29", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.34" - ], - "CIS-4.0": [ - "8.8", - "8.5" - ], - "NIS2": [ - "1.1.1.c", - "2.1.2.h", - "2.3.1", - "3.2.3.a", - "3.2.3.g", - "3.2.5", - "4.1.2.g", - "4.1.4", - "4.2.2.f", - "6.1.2.b", - "6.7.2.b", - "6.7.2.l", - "11.1.1", - "11.2.2.f", - "12.2.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900493, - "created_time_dt": "2025-10-19T19:01:33.799774", - "desc": "Network Security Group Flow Logs should be enabled and the retention period set to greater than or equal to 90 days.", - "title": "Ensure that Network Security Group Flow Log retention period is 0, 90 days or greater", - "types": [], - "uid": "prowler-azure-network_flow_log_more_than_90_days-3bb71587-4549-4396-8898-9e15f062e665-centralindia-NetworkWatcher_centralindia" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "centralindia", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_centralindia", - "name": "NetworkWatcher_centralindia", - "location": "centralindia", - "flow_logs": [] - } - }, - "group": { - "name": "network" - }, - "labels": [], - "name": "NetworkWatcher_centralindia", - "type": "Network", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_centralindia" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "centralindia" - }, - "remediation": { - "desc": "From Azure Portal 1. Go to Network Watcher 2. Select NSG flow logs blade in the Logs section 3. Select each Network Security Group from the list 4. Ensure Status is set to On 5. Ensure Retention (days) setting greater than 90 days 6. Select your storage account in the Storage account field 7. Select Save From Azure CLI Enable the NSG flow logs and set the Retention (days) to greater than or equal to 90 days. az network watcher flow-log configure --nsg --enabled true --resource-group --retention 91 --storage-account ", - "references": [ - "https://docs.microsoft.com/en-us/cli/azure/network/watcher/flow-log?view=azure-cli-latest" - ] - }, - "risk_details": "Flow logs enable capturing information about IP traffic flowing in and out of network security groups. Logs can be used to check for anomalies and give insight into suspected breaches.", - "time": 1760900493, - "time_dt": "2025-10-19T19:01:33.799774", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Network Watcher NetworkWatcher_westus2 from subscription Azure subscription 1 has no flow logs", - "metadata": { - "event_code": "network_flow_log_more_than_90_days", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Network Watcher NetworkWatcher_westus2 from subscription Azure subscription 1 has no flow logs", - "status_id": 1, - "unmapped": { - "related_url": " https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-nsg-flow-logging-overview", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "This will keep IP traffic logs for longer than 90 days. As a level 2, first determine your need to retain data, then apply your selection here. As this is data stored for longer, your monthly storage costs will increase depending on your data use.", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.r3.az.nt.1", - "op.mon.3.az.nw.1" - ], - "MITRE-ATTACK": [ - "T1499" - ], - "CIS-2.0": [ - "6.5" - ], - "ProwlerThreatScore-1.0": [ - "3.2.1" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1", - "cc_c_1_2" - ], - "CIS-2.1": [ - "6.5" - ], - "CIS-3.0": [ - "7.5" - ], - "CCC": [ - "CCC.Logging.CN02.AR01", - "CCC.Logging.CN02.AR02", - "CCC.VPC.CN04.AR01" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.29", - "10.2.1.3.29", - "10.2.1.4.29", - "10.2.1.5.29", - "10.2.1.6.29", - "10.2.1.7.29", - "10.2.1.29", - "10.2.2.29", - "10.3.1.29", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.34" - ], - "CIS-4.0": [ - "8.8", - "8.5" - ], - "NIS2": [ - "1.1.1.c", - "2.1.2.h", - "2.3.1", - "3.2.3.a", - "3.2.3.g", - "3.2.5", - "4.1.2.g", - "4.1.4", - "4.2.2.f", - "6.1.2.b", - "6.7.2.b", - "6.7.2.l", - "11.1.1", - "11.2.2.f", - "12.2.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900493, - "created_time_dt": "2025-10-19T19:01:33.799774", - "desc": "Network Security Group Flow Logs should be enabled and the retention period set to greater than or equal to 90 days.", - "title": "Ensure that Network Security Group Flow Log retention period is 0, 90 days or greater", - "types": [], - "uid": "prowler-azure-network_flow_log_more_than_90_days-3bb71587-4549-4396-8898-9e15f062e665-westus2-NetworkWatcher_westus2" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "westus2", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_westus2", - "name": "NetworkWatcher_westus2", - "location": "westus2", - "flow_logs": [] - } - }, - "group": { - "name": "network" - }, - "labels": [], - "name": "NetworkWatcher_westus2", - "type": "Network", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_westus2" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "westus2" - }, - "remediation": { - "desc": "From Azure Portal 1. Go to Network Watcher 2. Select NSG flow logs blade in the Logs section 3. Select each Network Security Group from the list 4. Ensure Status is set to On 5. Ensure Retention (days) setting greater than 90 days 6. Select your storage account in the Storage account field 7. Select Save From Azure CLI Enable the NSG flow logs and set the Retention (days) to greater than or equal to 90 days. az network watcher flow-log configure --nsg --enabled true --resource-group --retention 91 --storage-account ", - "references": [ - "https://docs.microsoft.com/en-us/cli/azure/network/watcher/flow-log?view=azure-cli-latest" - ] - }, - "risk_details": "Flow logs enable capturing information about IP traffic flowing in and out of network security groups. Logs can be used to check for anomalies and give insight into suspected breaches.", - "time": 1760900493, - "time_dt": "2025-10-19T19:01:33.799774", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Network Watcher NetworkWatcher_swedencentral from subscription Azure subscription 1 has no flow logs", - "metadata": { - "event_code": "network_flow_log_more_than_90_days", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Network Watcher NetworkWatcher_swedencentral from subscription Azure subscription 1 has no flow logs", - "status_id": 1, - "unmapped": { - "related_url": " https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-nsg-flow-logging-overview", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "This will keep IP traffic logs for longer than 90 days. As a level 2, first determine your need to retain data, then apply your selection here. As this is data stored for longer, your monthly storage costs will increase depending on your data use.", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.r3.az.nt.1", - "op.mon.3.az.nw.1" - ], - "MITRE-ATTACK": [ - "T1499" - ], - "CIS-2.0": [ - "6.5" - ], - "ProwlerThreatScore-1.0": [ - "3.2.1" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1", - "cc_c_1_2" - ], - "CIS-2.1": [ - "6.5" - ], - "CIS-3.0": [ - "7.5" - ], - "CCC": [ - "CCC.Logging.CN02.AR01", - "CCC.Logging.CN02.AR02", - "CCC.VPC.CN04.AR01" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.29", - "10.2.1.3.29", - "10.2.1.4.29", - "10.2.1.5.29", - "10.2.1.6.29", - "10.2.1.7.29", - "10.2.1.29", - "10.2.2.29", - "10.3.1.29", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.34" - ], - "CIS-4.0": [ - "8.8", - "8.5" - ], - "NIS2": [ - "1.1.1.c", - "2.1.2.h", - "2.3.1", - "3.2.3.a", - "3.2.3.g", - "3.2.5", - "4.1.2.g", - "4.1.4", - "4.2.2.f", - "6.1.2.b", - "6.7.2.b", - "6.7.2.l", - "11.1.1", - "11.2.2.f", - "12.2.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900493, - "created_time_dt": "2025-10-19T19:01:33.799774", - "desc": "Network Security Group Flow Logs should be enabled and the retention period set to greater than or equal to 90 days.", - "title": "Ensure that Network Security Group Flow Log retention period is 0, 90 days or greater", - "types": [], - "uid": "prowler-azure-network_flow_log_more_than_90_days-3bb71587-4549-4396-8898-9e15f062e665-swedencentral-NetworkWatcher_swedencentral" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "swedencentral", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_swedencentral", - "name": "NetworkWatcher_swedencentral", - "location": "swedencentral", - "flow_logs": [] - } - }, - "group": { - "name": "network" - }, - "labels": [], - "name": "NetworkWatcher_swedencentral", - "type": "Network", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_swedencentral" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "swedencentral" - }, - "remediation": { - "desc": "From Azure Portal 1. Go to Network Watcher 2. Select NSG flow logs blade in the Logs section 3. Select each Network Security Group from the list 4. Ensure Status is set to On 5. Ensure Retention (days) setting greater than 90 days 6. Select your storage account in the Storage account field 7. Select Save From Azure CLI Enable the NSG flow logs and set the Retention (days) to greater than or equal to 90 days. az network watcher flow-log configure --nsg --enabled true --resource-group --retention 91 --storage-account ", - "references": [ - "https://docs.microsoft.com/en-us/cli/azure/network/watcher/flow-log?view=azure-cli-latest" - ] - }, - "risk_details": "Flow logs enable capturing information about IP traffic flowing in and out of network security groups. Logs can be used to check for anomalies and give insight into suspected breaches.", - "time": 1760900493, - "time_dt": "2025-10-19T19:01:33.799774", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Security Group nsg-lee8 from subscription Azure subscription 1 has HTTP internet access restricted.", - "metadata": { - "event_code": "network_http_internet_access_restricted", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Security Group nsg-lee8 from subscription Azure subscription 1 has HTTP internet access restricted.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/security/benchmark/azure/security-controls-v3-network-security#ns-1-establish-network-segmentation-boundaries", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.com.3.r2.az.tls.1", - "mp.com.4.r3.az.1", - "mp.com.4.r4.az.nt.1", - "mp.s.4.az.nt.1" - ], - "MITRE-ATTACK": [ - "T1199", - "T1048", - "T1499", - "T1498", - "T1046" - ], - "CIS-2.0": [ - "6.4" - ], - "ProwlerThreatScore-1.0": [ - "2.1.4" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "SOC2": [ - "cc_6_6" - ], - "CIS-2.1": [ - "6.4" - ], - "CIS-3.0": [ - "7.4" - ], - "CCC": [ - "CCC.Build.CN03.AR01", - "CCC.MLDE.CN07.AR01", - "CCC.MLDE.CN07.AR02", - "CCC.MLDE.CN08.AR01", - "CCC.MLDE.CN08.AR02", - "CCC.Core.CN06.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05" - ], - "PCI-4.0": [ - "1.2.5.5", - "1.2.8.25", - "1.3.1.28", - "1.3.2.28", - "1.4.1.6", - "1.4.2.26", - "1.4.4.6", - "1.5.1.25", - "2.2.5.5", - "2.2.7.3", - "4.2.1.1.7", - "4.2.1.3", - "8.3.2.6", - "A1.1.3.25" - ], - "CIS-4.0": [ - "8.4" - ], - "NIS2": [ - "1.1.1.c", - "1.2.1", - "2.3.1", - "6.7.2.b", - "6.7.2.l", - "11.1.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900493, - "created_time_dt": "2025-10-19T19:01:33.799774", - "desc": "Network security groups should be periodically evaluated for port misconfigurations. Where certain ports and protocols may be exposed to the Internet, they should be evaluated for necessity and restricted wherever they are not explicitly required and narrowly configured.", - "title": "Ensure that HTTP(S) access from the Internet is evaluated and restricted", - "types": [], - "uid": "prowler-azure-network_http_internet_access_restricted-3bb71587-4549-4396-8898-9e15f062e665-westus2-nsg-lee8" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "westus2", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-lee8/providers/Microsoft.Network/networkSecurityGroups/nsg-lee8", - "name": "nsg-lee8", - "location": "westus2", - "security_rules": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-lee8/providers/Microsoft.Network/networkSecurityGroups/nsg-lee8/securityRules/nsgr-lee8", - "name": "nsgr-lee8", - "destination_port_range": "*", - "protocol": "*", - "source_address_prefix": "192.168.0.0/24", - "access": "Deny", - "direction": "Outbound" - } - ] - } - }, - "group": { - "name": "network" - }, - "labels": [], - "name": "nsg-lee8", - "type": "Network", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-lee8/providers/Microsoft.Network/networkSecurityGroups/nsg-lee8" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "westus2" - }, - "remediation": { - "desc": "Where HTTP(S) is not explicitly required and narrowly configured for resources attached to the Network Security Group, Internet-level access to your Azure resources should be restricted or eliminated. For internal access to relevant resources, configure an encrypted network tunnel such as: ExpressRoute Site-to-site VPN Point-to-site VPN", - "references": [] - }, - "risk_details": "The potential security problem with using HTTP(S) over the Internet is that attackers can use various brute force techniques to gain access to Azure resources. Once the attackers gain access, they can use the resource as a launch point for compromising other resources within the Azure tenant.", - "time": 1760900493, - "time_dt": "2025-10-19T19:01:33.799774", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Security Group nsg-lee8 from subscription Azure subscription 1 has RDP internet access restricted.", - "metadata": { - "event_code": "network_rdp_internet_access_restricted", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Security Group nsg-lee8 from subscription Azure subscription 1 has RDP internet access restricted.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/azure/security/azure-security-network-security-best-practices#disable-rdpssh-access-to-azure-virtual-machines", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.com.1.az.nw.1" - ], - "MITRE-ATTACK": [ - "T1199", - "T1048", - "T1499", - "T1498", - "T1046" - ], - "CIS-2.0": [ - "6.1" - ], - "ProwlerThreatScore-1.0": [ - "2.1.1" - ], - "ISO27001-2022": [ - "A.8.14", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "SOC2": [ - "cc_6_6" - ], - "CIS-2.1": [ - "6.1" - ], - "CIS-3.0": [ - "7.1" - ], - "CCC": [ - "CCC.Build.CN03.AR01", - "CCC.MLDE.CN07.AR01", - "CCC.MLDE.CN07.AR02", - "CCC.MLDE.CN08.AR01", - "CCC.MLDE.CN08.AR02", - "CCC.Core.CN06.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05" - ], - "CIS-4.0": [ - "8.1" - ], - "NIS2": [ - "2.3.1", - "6.7.2.b", - "6.7.2.l", - "11.1.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900493, - "created_time_dt": "2025-10-19T19:01:33.799774", - "desc": "Network security groups should be periodically evaluated for port misconfigurations. Where certain ports and protocols may be exposed to the Internet, they should be evaluated for necessity and restricted wherever they are not explicitly required.", - "title": "Ensure that RDP access from the Internet is evaluated and restricted", - "types": [], - "uid": "prowler-azure-network_rdp_internet_access_restricted-3bb71587-4549-4396-8898-9e15f062e665-westus2-nsg-lee8" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "westus2", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-lee8/providers/Microsoft.Network/networkSecurityGroups/nsg-lee8", - "name": "nsg-lee8", - "location": "westus2", - "security_rules": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-lee8/providers/Microsoft.Network/networkSecurityGroups/nsg-lee8/securityRules/nsgr-lee8", - "name": "nsgr-lee8", - "destination_port_range": "*", - "protocol": "*", - "source_address_prefix": "192.168.0.0/24", - "access": "Deny", - "direction": "Outbound" - } - ] - } - }, - "group": { - "name": "network" - }, - "labels": [], - "name": "nsg-lee8", - "type": "Network", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-lee8/providers/Microsoft.Network/networkSecurityGroups/nsg-lee8" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "westus2" - }, - "remediation": { - "desc": "Where RDP is not explicitly required and narrowly configured for resources attached to the Network Security Group, Internet-level access to your Azure resources should be restricted or eliminated. For internal access to relevant resources, configure an encrypted network tunnel such as: ExpressRoute Site-to-site VPN Point-to-site VPN", - "references": [ - "https://docs.microsoft.com/en-us/security/benchmark/azure/security-controls-v3-network-security#ns-1-establish-network-segmentation-boundaries" - ] - }, - "risk_details": "The potential security problem with using RDP over the Internet is that attackers can use various brute force techniques to gain access to Azure Virtual Machines. Once the attackers gain access, they can use a virtual machine as a launch point for compromising other machines on an Azure Virtual Network or even attack networked devices outside of Azure.", - "time": 1760900493, - "time_dt": "2025-10-19T19:01:33.799774", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Security Group nsg-lee8 from subscription Azure subscription 1 has SSH internet access restricted.", - "metadata": { - "event_code": "network_ssh_internet_access_restricted", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Security Group nsg-lee8 from subscription Azure subscription 1 has SSH internet access restricted.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/azure/security/azure-security-network-security-best-practices#disable-rdpssh-access-to-azure-virtual-machines", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.com.1.az.nw.2" - ], - "MITRE-ATTACK": [ - "T1199", - "T1048", - "T1499", - "T1498", - "T1046" - ], - "CIS-2.0": [ - "6.2" - ], - "ProwlerThreatScore-1.0": [ - "2.1.2" - ], - "ISO27001-2022": [ - "A.8.14", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "SOC2": [ - "cc_6_6" - ], - "CIS-2.1": [ - "6.2" - ], - "CIS-3.0": [ - "7.2" - ], - "CCC": [ - "CCC.Build.CN03.AR01", - "CCC.MLDE.CN07.AR01", - "CCC.MLDE.CN07.AR02", - "CCC.MLDE.CN08.AR01", - "CCC.MLDE.CN08.AR02", - "CCC.Core.CN01.AR02", - "CCC.Core.CN06.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05" - ], - "PCI-4.0": [ - "1.2.5.17", - "1.2.8.17", - "1.2.8.18", - "1.2.8.21", - "1.2.8.41", - "1.3.1.19", - "1.3.1.21", - "1.3.1.24", - "1.3.1.45", - "1.3.2.19", - "1.3.2.21", - "1.3.2.24", - "1.3.2.45", - "1.4.1.5", - "1.4.2.18", - "1.4.2.19", - "1.4.2.22", - "1.4.2.43", - "1.4.4.5", - "1.5.1.17", - "1.5.1.18", - "1.5.1.21", - "1.5.1.40", - "2.2.5.17", - "A1.1.3.17", - "A1.1.3.18", - "A1.1.3.21", - "A1.1.3.40" - ], - "CIS-4.0": [ - "8.2" - ], - "NIS2": [ - "2.3.1", - "6.7.2.b", - "6.7.2.l", - "11.1.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900493, - "created_time_dt": "2025-10-19T19:01:33.799774", - "desc": "Network security groups should be periodically evaluated for port misconfigurations. Where certain ports and protocols may be exposed to the Internet, they should be evaluated for necessity and restricted wherever they are not explicitly required.", - "title": "Ensure that SSH access from the Internet is evaluated and restricted", - "types": [], - "uid": "prowler-azure-network_ssh_internet_access_restricted-3bb71587-4549-4396-8898-9e15f062e665-westus2-nsg-lee8" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "westus2", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-lee8/providers/Microsoft.Network/networkSecurityGroups/nsg-lee8", - "name": "nsg-lee8", - "location": "westus2", - "security_rules": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-lee8/providers/Microsoft.Network/networkSecurityGroups/nsg-lee8/securityRules/nsgr-lee8", - "name": "nsgr-lee8", - "destination_port_range": "*", - "protocol": "*", - "source_address_prefix": "192.168.0.0/24", - "access": "Deny", - "direction": "Outbound" - } - ] - } - }, - "group": { - "name": "network" - }, - "labels": [], - "name": "nsg-lee8", - "type": "Network", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-lee8/providers/Microsoft.Network/networkSecurityGroups/nsg-lee8" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "westus2" - }, - "remediation": { - "desc": "Where SSH is not explicitly required and narrowly configured for resources attached to the Network Security Group, Internet-level access to your Azure resources should be restricted or eliminated. For internal access to relevant resources, configure an encrypted network tunnel such as: ExpressRoute Site-to-site VPN Point-to-site VPN", - "references": [ - "https://docs.microsoft.com/en-us/security/benchmark/azure/security-controls-v3-network-security#ns-1-establish-network-segmentation-boundaries" - ] - }, - "risk_details": "The potential security problem with using SSH over the Internet is that attackers can use various brute force techniques to gain access to Azure Virtual Machines. Once the attackers gain access, they can use a virtual machine as a launch point for compromising other machines on the Azure Virtual Network or even attack networked devices outside of Azure.", - "time": 1760900493, - "time_dt": "2025-10-19T19:01:33.799774", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Security Group nsg-lee8 from subscription Azure subscription 1 has UDP internet access restricted.", - "metadata": { - "event_code": "network_udp_internet_access_restricted", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Security Group nsg-lee8 from subscription Azure subscription 1 has UDP internet access restricted.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/azure/security/fundamentals/network-best-practices#secure-your-critical-azure-service-resources-to-only-your-virtual-networks", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.com.1.az.nw.3" - ], - "MITRE-ATTACK": [ - "T1199", - "T1048", - "T1499", - "T1498", - "T1046" - ], - "CIS-2.0": [ - "6.3" - ], - "ProwlerThreatScore-1.0": [ - "2.1.3" - ], - "ISO27001-2022": [ - "A.8.14", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "SOC2": [ - "cc_6_6" - ], - "CIS-2.1": [ - "6.3" - ], - "CIS-3.0": [ - "7.3" - ], - "CCC": [ - "CCC.Build.CN03.AR01", - "CCC.MLDE.CN07.AR01", - "CCC.MLDE.CN07.AR02", - "CCC.MLDE.CN08.AR01", - "CCC.MLDE.CN08.AR02", - "CCC.Core.CN06.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05" - ], - "CIS-4.0": [ - "8.3" - ], - "NIS2": [ - "2.3.1", - "6.7.2.b", - "6.7.2.l", - "11.1.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900493, - "created_time_dt": "2025-10-19T19:01:33.799774", - "desc": "Network security groups should be periodically evaluated for port misconfigurations. Where certain ports and protocols may be exposed to the Internet, they should be evaluated for necessity and restricted wherever they are not explicitly required.", - "title": "Ensure that UDP access from the Internet is evaluated and restricted", - "types": [], - "uid": "prowler-azure-network_udp_internet_access_restricted-3bb71587-4549-4396-8898-9e15f062e665-westus2-nsg-lee8" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "westus2", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-lee8/providers/Microsoft.Network/networkSecurityGroups/nsg-lee8", - "name": "nsg-lee8", - "location": "westus2", - "security_rules": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-lee8/providers/Microsoft.Network/networkSecurityGroups/nsg-lee8/securityRules/nsgr-lee8", - "name": "nsgr-lee8", - "destination_port_range": "*", - "protocol": "*", - "source_address_prefix": "192.168.0.0/24", - "access": "Deny", - "direction": "Outbound" - } - ] - } - }, - "group": { - "name": "network" - }, - "labels": [], - "name": "nsg-lee8", - "type": "Network", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-lee8/providers/Microsoft.Network/networkSecurityGroups/nsg-lee8" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "westus2" - }, - "remediation": { - "desc": "Where UDP is not explicitly required and narrowly configured for resources attached tothe Network Security Group, Internet-level access to your Azure resources should be restricted or eliminated. For internal access to relevant resources, configure an encrypted network tunnel such as: ExpressRouteSite-to-site VPN Point-to-site VPN", - "references": [ - "https://docs.microsoft.com/en-us/azure/security/fundamentals/ddos-best-practices" - ] - }, - "risk_details": "The potential security problem with broadly exposing UDP services over the Internet is that attackers can use DDoS amplification techniques to reflect spoofed UDP traffic from Azure Virtual Machines. The most common types of these attacks use exposed DNS, NTP, SSDP, SNMP, CLDAP and other UDP-based services as amplification sources for disrupting services of other machines on the Azure Virtual Network or even attack networked devices outside of Azure.", - "time": 1760900493, - "time_dt": "2025-10-19T19:01:33.799774", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Network Watcher is not enabled for the following locations in subscription 'Azure subscription 1': japaneast, canadaeast, westindia, westcentralus, italynorth, eastus2, germanynorth, koreasouth, australiacentral, jioindiawest, southafricawest, brazilsoutheast, eastasia, austriaeast, ukwest, australiasoutheast, northcentralus, uaecentral, uaenorth, norwayeast, japanwest, canadacentral, malaysiawest, westus, australiacentral2, francesouth, brazilsouth, indonesiacentral, newzealandnorth, spaincentral, westus3, australiaeast, centralus, norwaywest, eastus, northeurope, uksouth, polandcentral, chilecentral, koreacentral, jioindiacentral, qatarcentral, francecentral, switzerlandnorth, switzerlandwest, westeurope, southindia, southafricanorth, israelcentral, germanywestcentral, mexicocentral, southeastasia.", - "metadata": { - "event_code": "network_watcher_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Network Watcher is not enabled for the following locations in subscription 'Azure subscription 1': japaneast, canadaeast, westindia, westcentralus, italynorth, eastus2, germanynorth, koreasouth, australiacentral, jioindiawest, southafricawest, brazilsoutheast, eastasia, austriaeast, ukwest, australiasoutheast, northcentralus, uaecentral, uaenorth, norwayeast, japanwest, canadacentral, malaysiawest, westus, australiacentral2, francesouth, brazilsouth, indonesiacentral, newzealandnorth, spaincentral, westus3, australiaeast, centralus, norwaywest, eastus, northeurope, uksouth, polandcentral, chilecentral, koreacentral, jioindiacentral, qatarcentral, francecentral, switzerlandnorth, switzerlandwest, westeurope, southindia, southafricanorth, israelcentral, germanywestcentral, mexicocentral, southeastasia.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-monitoring-overview", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "There are additional costs per transaction to run and store network data. For high-volume networks these charges will add up quickly.", - "compliance": { - "ENS-RD2022": [ - "op.mon.1.az.nw.1", - "op.mon.2.r2.az.ma.1", - "op.mon.3.az.nw.1", - "mp.com.1.az.nw.1", - "mp.com.1.az.nw.2", - "mp.com.1.az.nw.3", - "mp.com.3.az.nw.1" - ], - "MITRE-ATTACK": [ - "T1048", - "T1499", - "T1498", - "T1046", - "T1049" - ], - "CIS-2.0": [ - "6.6" - ], - "ProwlerThreatScore-1.0": [ - "3.3.14" - ], - "ISO27001-2022": [ - "A.8.14", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "CIS-2.1": [ - "6.6" - ], - "CIS-3.0": [ - "7.6" - ], - "CCC": [ - "CCC.LB.CN01.AR02", - "CCC.LB.CN06.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN06.AR01" - ], - "CIS-4.0": [ - "8.6" - ], - "NIS2": [ - "2.3.1", - "6.7.2.b", - "6.7.2.l", - "6.8.2.a", - "11.1.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900493, - "created_time_dt": "2025-10-19T19:01:33.799774", - "desc": "Enable Network Watcher for Azure subscriptions.", - "title": "Ensure that Network Watcher is 'Enabled' for all locations in the Azure subscription", - "types": [], - "uid": "prowler-azure-network_watcher_enabled-3bb71587-4549-4396-8898-9e15f062e665-global-Network Watcher" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "network" - }, - "labels": [], - "name": "Network Watcher", - "type": "Network", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_*" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "Opting out of Network Watcher automatic enablement is a permanent change. Once you opt-out you cannot opt-in without contacting support.", - "references": [ - "https://learn.microsoft.com/en-us/security/benchmark/azure/security-controls-v2-logging-threat-detection#lt-3-enable-logging-for-azure-network-activities" - ] - }, - "risk_details": "Network diagnostic and visualization tools available with Network Watcher help users understand, diagnose, and gain insights to the network in Azure.", - "time": 1760900493, - "time_dt": "2025-10-19T19:01:33.799774", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Policy assigment '/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Authorization/policyAssignments/SecurityCenterBuiltIn' is configured with enforcement mode 'Default'.", - "metadata": { - "event_code": "policy_ensure_asc_enforcement_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Policy assigment '/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Authorization/policyAssignments/SecurityCenterBuiltIn' is configured with enforcement mode 'Default'.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/defender-for-cloud/security-policy-concept", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-2.0": [ - "2.1.14" - ], - "ProwlerThreatScore-1.0": [ - "3.3.17" - ], - "ISO27001-2022": [ - "A.5.1" - ], - "CIS-2.1": [ - "2.1.13" - ], - "CIS-3.0": [ - "3.1.11" - ], - "PCI-4.0": [ - "10.2.1.1.31", - "10.4.1.1.5", - "10.4.1.4", - "10.4.2.5", - "10.6.3.36", - "10.7.1.6", - "10.7.2.6", - "A3.3.1.9", - "A3.5.1.9" - ], - "CIS-4.0": [ - "9.1.11" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900493, - "created_time_dt": "2025-10-19T19:01:33.799774", - "desc": "None of the settings offered by ASC Default policy should be set to effect Disabled.", - "title": "Ensure Any of the ASC Default Policy Settings are Not Set to 'Disabled'", - "types": [], - "uid": "prowler-azure-policy_ensure_asc_enforcement_enabled-3bb71587-4549-4396-8898-9e15f062e665-global-SecurityCenterBuiltIn" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Authorization/policyAssignments/SecurityCenterBuiltIn", - "name": "SecurityCenterBuiltIn", - "enforcement_mode": "Default" - } - }, - "group": { - "name": "policy" - }, - "labels": [], - "name": "SecurityCenterBuiltIn", - "type": "Microsoft.Authorization/policyAssignments", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Authorization/policyAssignments/SecurityCenterBuiltIn" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. From Azure Home select the Portal Menu 2. Select Policy 3. Select ASC Default for each subscription 4. Click on 'view Assignment' 5. Click on 'Edit assignment' 6. Ensure Policy Enforcement is Enabled 7. Click 'Review + Save'", - "references": [ - "https://learn.microsoft.com/en-us/azure/defender-for-cloud/implement-security-recommendations" - ] - }, - "risk_details": "A security policy defines the desired configuration of your workloads and helps ensure compliance with company or regulatory security requirements. ASC Default policy is associated with every subscription by default. ASC default policy assignment is a set of security recommendations based on best practices. Enabling recommendations in ASC default policy ensures that Azure security center provides the ability to monitor all of the supported recommendations and optionally allow automated action for a few of the supported recommendations.", - "time": 1760900493, - "time_dt": "2025-10-19T19:01:33.799774", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-e9rn from subscription Azure subscription 1 has allow public access from any Azure service disabled", - "metadata": { - "event_code": "postgresql_flexible_server_allow_access_services_disabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-e9rn from subscription Azure subscription 1 has allow public access from any Azure service disabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/azure/postgresql/concepts-firewall-rules", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.r4.az.sa.3" - ], - "CIS-2.0": [ - "4.3.7" - ], - "ProwlerThreatScore-1.0": [ - "2.2.2" - ], - "ISO27001-2022": [ - "A.8.3" - ], - "CIS-2.1": [ - "4.3.7" - ], - "CIS-3.0": [ - "5.2.5" - ], - "CCC": [ - "CCC.DataWar.CN03.AR01" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900493, - "created_time_dt": "2025-10-19T19:01:33.799774", - "desc": "Disable access from Azure services to PostgreSQL Database Server.", - "title": "Ensure 'Allow access to Azure services' for PostgreSQL Database Server is disabled", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_allow_access_services_disabled-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-e9rn" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn", - "name": "psql-e9rn", - "resource_group": "rg-e9rn", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-e9rn", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Connection security. 4. Under Firewall rules, set Allow access to Azure services to No. 5. Click Save. From Azure CLI Use the below command to delete the AllowAllWindowsAzureIps rule for PostgreSQL Database. az postgres server firewall-rule delete --name AllowAllWindowsAzureIps -- resource-group --server-name ", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/quickstart-create-server-database-azure-cli#configure-a-server-based-firewall-rule" - ] - }, - "risk_details": "If access from Azure services is enabled, the server's firewall will accept connections from all Azure resources, including resources not in your subscription. This is usually not a desired configuration. Instead, set up firewall rules to allow access from specific network ranges or VNET rules to allow access from specific virtual networks.", - "time": 1760900493, - "time_dt": "2025-10-19T19:01:33.799774", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-ireu from subscription Azure subscription 1 has allow public access from any Azure service disabled", - "metadata": { - "event_code": "postgresql_flexible_server_allow_access_services_disabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-ireu from subscription Azure subscription 1 has allow public access from any Azure service disabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/azure/postgresql/concepts-firewall-rules", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.r4.az.sa.3" - ], - "CIS-2.0": [ - "4.3.7" - ], - "ProwlerThreatScore-1.0": [ - "2.2.2" - ], - "ISO27001-2022": [ - "A.8.3" - ], - "CIS-2.1": [ - "4.3.7" - ], - "CIS-3.0": [ - "5.2.5" - ], - "CCC": [ - "CCC.DataWar.CN03.AR01" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900493, - "created_time_dt": "2025-10-19T19:01:33.799774", - "desc": "Disable access from Azure services to PostgreSQL Database Server.", - "title": "Ensure 'Allow access to Azure services' for PostgreSQL Database Server is disabled", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_allow_access_services_disabled-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-ireu" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu", - "name": "psql-ireu", - "resource_group": "rg-ireu", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-ireu", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Connection security. 4. Under Firewall rules, set Allow access to Azure services to No. 5. Click Save. From Azure CLI Use the below command to delete the AllowAllWindowsAzureIps rule for PostgreSQL Database. az postgres server firewall-rule delete --name AllowAllWindowsAzureIps -- resource-group --server-name ", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/quickstart-create-server-database-azure-cli#configure-a-server-based-firewall-rule" - ] - }, - "risk_details": "If access from Azure services is enabled, the server's firewall will accept connections from all Azure resources, including resources not in your subscription. This is usually not a desired configuration. Instead, set up firewall rules to allow access from specific network ranges or VNET rules to allow access from specific virtual networks.", - "time": 1760900493, - "time_dt": "2025-10-19T19:01:33.799774", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-rk6x from subscription Azure subscription 1 has allow public access from any Azure service disabled", - "metadata": { - "event_code": "postgresql_flexible_server_allow_access_services_disabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-rk6x from subscription Azure subscription 1 has allow public access from any Azure service disabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/azure/postgresql/concepts-firewall-rules", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.r4.az.sa.3" - ], - "CIS-2.0": [ - "4.3.7" - ], - "ProwlerThreatScore-1.0": [ - "2.2.2" - ], - "ISO27001-2022": [ - "A.8.3" - ], - "CIS-2.1": [ - "4.3.7" - ], - "CIS-3.0": [ - "5.2.5" - ], - "CCC": [ - "CCC.DataWar.CN03.AR01" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900493, - "created_time_dt": "2025-10-19T19:01:33.799774", - "desc": "Disable access from Azure services to PostgreSQL Database Server.", - "title": "Ensure 'Allow access to Azure services' for PostgreSQL Database Server is disabled", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_allow_access_services_disabled-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-rk6x" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x", - "name": "psql-rk6x", - "resource_group": "rg-rk6x", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-rk6x", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Connection security. 4. Under Firewall rules, set Allow access to Azure services to No. 5. Click Save. From Azure CLI Use the below command to delete the AllowAllWindowsAzureIps rule for PostgreSQL Database. az postgres server firewall-rule delete --name AllowAllWindowsAzureIps -- resource-group --server-name ", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/quickstart-create-server-database-azure-cli#configure-a-server-based-firewall-rule" - ] - }, - "risk_details": "If access from Azure services is enabled, the server's firewall will accept connections from all Azure resources, including resources not in your subscription. This is usually not a desired configuration. Instead, set up firewall rules to allow access from specific network ranges or VNET rules to allow access from specific virtual networks.", - "time": 1760900493, - "time_dt": "2025-10-19T19:01:33.799774", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-rtac from subscription Azure subscription 1 has allow public access from any Azure service disabled", - "metadata": { - "event_code": "postgresql_flexible_server_allow_access_services_disabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-rtac from subscription Azure subscription 1 has allow public access from any Azure service disabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/azure/postgresql/concepts-firewall-rules", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.r4.az.sa.3" - ], - "CIS-2.0": [ - "4.3.7" - ], - "ProwlerThreatScore-1.0": [ - "2.2.2" - ], - "ISO27001-2022": [ - "A.8.3" - ], - "CIS-2.1": [ - "4.3.7" - ], - "CIS-3.0": [ - "5.2.5" - ], - "CCC": [ - "CCC.DataWar.CN03.AR01" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900493, - "created_time_dt": "2025-10-19T19:01:33.799774", - "desc": "Disable access from Azure services to PostgreSQL Database Server.", - "title": "Ensure 'Allow access to Azure services' for PostgreSQL Database Server is disabled", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_allow_access_services_disabled-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-rtac" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac", - "name": "psql-rtac", - "resource_group": "rg-rtac", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-rtac", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Connection security. 4. Under Firewall rules, set Allow access to Azure services to No. 5. Click Save. From Azure CLI Use the below command to delete the AllowAllWindowsAzureIps rule for PostgreSQL Database. az postgres server firewall-rule delete --name AllowAllWindowsAzureIps -- resource-group --server-name ", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/quickstart-create-server-database-azure-cli#configure-a-server-based-firewall-rule" - ] - }, - "risk_details": "If access from Azure services is enabled, the server's firewall will accept connections from all Azure resources, including resources not in your subscription. This is usually not a desired configuration. Instead, set up firewall rules to allow access from specific network ranges or VNET rules to allow access from specific virtual networks.", - "time": 1760900493, - "time_dt": "2025-10-19T19:01:33.799774", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-tumw from subscription Azure subscription 1 has allow public access from any Azure service disabled", - "metadata": { - "event_code": "postgresql_flexible_server_allow_access_services_disabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-tumw from subscription Azure subscription 1 has allow public access from any Azure service disabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/azure/postgresql/concepts-firewall-rules", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.r4.az.sa.3" - ], - "CIS-2.0": [ - "4.3.7" - ], - "ProwlerThreatScore-1.0": [ - "2.2.2" - ], - "ISO27001-2022": [ - "A.8.3" - ], - "CIS-2.1": [ - "4.3.7" - ], - "CIS-3.0": [ - "5.2.5" - ], - "CCC": [ - "CCC.DataWar.CN03.AR01" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900493, - "created_time_dt": "2025-10-19T19:01:33.799774", - "desc": "Disable access from Azure services to PostgreSQL Database Server.", - "title": "Ensure 'Allow access to Azure services' for PostgreSQL Database Server is disabled", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_allow_access_services_disabled-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-tumw" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw", - "name": "psql-tumw", - "resource_group": "rg-tumw", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-tumw", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Connection security. 4. Under Firewall rules, set Allow access to Azure services to No. 5. Click Save. From Azure CLI Use the below command to delete the AllowAllWindowsAzureIps rule for PostgreSQL Database. az postgres server firewall-rule delete --name AllowAllWindowsAzureIps -- resource-group --server-name ", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/quickstart-create-server-database-azure-cli#configure-a-server-based-firewall-rule" - ] - }, - "risk_details": "If access from Azure services is enabled, the server's firewall will accept connections from all Azure resources, including resources not in your subscription. This is usually not a desired configuration. Instead, set up firewall rules to allow access from specific network ranges or VNET rules to allow access from specific virtual networks.", - "time": 1760900493, - "time_dt": "2025-10-19T19:01:33.799774", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-e9rn from subscription Azure subscription 1 has connection_throttling disabled", - "metadata": { - "event_code": "postgresql_flexible_server_connection_throttling_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Flexible Postgresql server psql-e9rn from subscription Azure subscription 1 has connection_throttling disabled", - "status_id": 1, - "unmapped": { - "related_url": " https://docs.microsoft.com/en-us/rest/api/postgresql/configurations/listbyserver", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-2.0": [ - "4.3.5" - ], - "ProwlerThreatScore-1.0": [ - "3.1.2" - ], - "CIS-2.1": [ - "4.3.5" - ], - "CIS-3.0": [ - "5.2.3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900493, - "created_time_dt": "2025-10-19T19:01:33.799774", - "desc": "Enable connection_throttling on PostgreSQL Servers.", - "title": "Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_connection_throttling_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-e9rn" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn", - "name": "psql-e9rn", - "resource_group": "rg-e9rn", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-e9rn", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for connection_throttling. 5. Click ON and save. From Azure CLI Use the below command to update connection_throttling configuration. az postgres server configuration set --resource-group -- server-name --name connection_throttling --value on From PowerShell Use the below command to update connection_throttling configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name connection_throttling -Value on", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/how-to-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling connection_throttling helps the PostgreSQL Database to Set the verbosity of logged messages. This in turn generates query and error logs with respect to concurrent connections that could lead to a successful Denial of Service (DoS) attack by exhausting connection resources. A system can also fail or be degraded by an overload of legitimate users. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760900493, - "time_dt": "2025-10-19T19:01:33.799774", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-ireu from subscription Azure subscription 1 has connection_throttling disabled", - "metadata": { - "event_code": "postgresql_flexible_server_connection_throttling_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Flexible Postgresql server psql-ireu from subscription Azure subscription 1 has connection_throttling disabled", - "status_id": 1, - "unmapped": { - "related_url": " https://docs.microsoft.com/en-us/rest/api/postgresql/configurations/listbyserver", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-2.0": [ - "4.3.5" - ], - "ProwlerThreatScore-1.0": [ - "3.1.2" - ], - "CIS-2.1": [ - "4.3.5" - ], - "CIS-3.0": [ - "5.2.3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900493, - "created_time_dt": "2025-10-19T19:01:33.799774", - "desc": "Enable connection_throttling on PostgreSQL Servers.", - "title": "Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_connection_throttling_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-ireu" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu", - "name": "psql-ireu", - "resource_group": "rg-ireu", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-ireu", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for connection_throttling. 5. Click ON and save. From Azure CLI Use the below command to update connection_throttling configuration. az postgres server configuration set --resource-group -- server-name --name connection_throttling --value on From PowerShell Use the below command to update connection_throttling configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name connection_throttling -Value on", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/how-to-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling connection_throttling helps the PostgreSQL Database to Set the verbosity of logged messages. This in turn generates query and error logs with respect to concurrent connections that could lead to a successful Denial of Service (DoS) attack by exhausting connection resources. A system can also fail or be degraded by an overload of legitimate users. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760900493, - "time_dt": "2025-10-19T19:01:33.799774", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-rk6x from subscription Azure subscription 1 has connection_throttling disabled", - "metadata": { - "event_code": "postgresql_flexible_server_connection_throttling_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Flexible Postgresql server psql-rk6x from subscription Azure subscription 1 has connection_throttling disabled", - "status_id": 1, - "unmapped": { - "related_url": " https://docs.microsoft.com/en-us/rest/api/postgresql/configurations/listbyserver", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-2.0": [ - "4.3.5" - ], - "ProwlerThreatScore-1.0": [ - "3.1.2" - ], - "CIS-2.1": [ - "4.3.5" - ], - "CIS-3.0": [ - "5.2.3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900493, - "created_time_dt": "2025-10-19T19:01:33.799774", - "desc": "Enable connection_throttling on PostgreSQL Servers.", - "title": "Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_connection_throttling_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-rk6x" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x", - "name": "psql-rk6x", - "resource_group": "rg-rk6x", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-rk6x", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for connection_throttling. 5. Click ON and save. From Azure CLI Use the below command to update connection_throttling configuration. az postgres server configuration set --resource-group -- server-name --name connection_throttling --value on From PowerShell Use the below command to update connection_throttling configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name connection_throttling -Value on", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/how-to-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling connection_throttling helps the PostgreSQL Database to Set the verbosity of logged messages. This in turn generates query and error logs with respect to concurrent connections that could lead to a successful Denial of Service (DoS) attack by exhausting connection resources. A system can also fail or be degraded by an overload of legitimate users. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760900493, - "time_dt": "2025-10-19T19:01:33.799774", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-rtac from subscription Azure subscription 1 has connection_throttling disabled", - "metadata": { - "event_code": "postgresql_flexible_server_connection_throttling_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Flexible Postgresql server psql-rtac from subscription Azure subscription 1 has connection_throttling disabled", - "status_id": 1, - "unmapped": { - "related_url": " https://docs.microsoft.com/en-us/rest/api/postgresql/configurations/listbyserver", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-2.0": [ - "4.3.5" - ], - "ProwlerThreatScore-1.0": [ - "3.1.2" - ], - "CIS-2.1": [ - "4.3.5" - ], - "CIS-3.0": [ - "5.2.3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900493, - "created_time_dt": "2025-10-19T19:01:33.799774", - "desc": "Enable connection_throttling on PostgreSQL Servers.", - "title": "Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_connection_throttling_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-rtac" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac", - "name": "psql-rtac", - "resource_group": "rg-rtac", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-rtac", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for connection_throttling. 5. Click ON and save. From Azure CLI Use the below command to update connection_throttling configuration. az postgres server configuration set --resource-group -- server-name --name connection_throttling --value on From PowerShell Use the below command to update connection_throttling configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name connection_throttling -Value on", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/how-to-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling connection_throttling helps the PostgreSQL Database to Set the verbosity of logged messages. This in turn generates query and error logs with respect to concurrent connections that could lead to a successful Denial of Service (DoS) attack by exhausting connection resources. A system can also fail or be degraded by an overload of legitimate users. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760900493, - "time_dt": "2025-10-19T19:01:33.799774", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-tumw from subscription Azure subscription 1 has connection_throttling disabled", - "metadata": { - "event_code": "postgresql_flexible_server_connection_throttling_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Flexible Postgresql server psql-tumw from subscription Azure subscription 1 has connection_throttling disabled", - "status_id": 1, - "unmapped": { - "related_url": " https://docs.microsoft.com/en-us/rest/api/postgresql/configurations/listbyserver", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-2.0": [ - "4.3.5" - ], - "ProwlerThreatScore-1.0": [ - "3.1.2" - ], - "CIS-2.1": [ - "4.3.5" - ], - "CIS-3.0": [ - "5.2.3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900493, - "created_time_dt": "2025-10-19T19:01:33.799774", - "desc": "Enable connection_throttling on PostgreSQL Servers.", - "title": "Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_connection_throttling_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-tumw" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw", - "name": "psql-tumw", - "resource_group": "rg-tumw", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-tumw", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for connection_throttling. 5. Click ON and save. From Azure CLI Use the below command to update connection_throttling configuration. az postgres server configuration set --resource-group -- server-name --name connection_throttling --value on From PowerShell Use the below command to update connection_throttling configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name connection_throttling -Value on", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/how-to-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling connection_throttling helps the PostgreSQL Database to Set the verbosity of logged messages. This in turn generates query and error logs with respect to concurrent connections that could lead to a successful Denial of Service (DoS) attack by exhausting connection resources. A system can also fail or be degraded by an overload of legitimate users. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760900493, - "time_dt": "2025-10-19T19:01:33.799774", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-e9rn from subscription Azure subscription 1 has enforce ssl enabled", - "metadata": { - "event_code": "postgresql_flexible_server_enforce_ssl_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-e9rn from subscription Azure subscription 1 has enforce ssl enabled", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/postgresql/single-server/concepts-ssl-connection-security", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": ".", - "compliance": { - "MITRE-ATTACK": [ - "T1040", - "T1530" - ], - "CIS-2.0": [ - "4.3.1" - ], - "ProwlerThreatScore-1.0": [ - "4.1.1", - "4.1.2" - ], - "SOC2": [ - "cc_6_2", - "cc_6_6" - ], - "CIS-2.1": [ - "4.3.1" - ], - "CIS-3.0": [ - "5.2.1", - "5.3.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900493, - "created_time_dt": "2025-10-19T19:01:33.799774", - "desc": "Enable SSL connection on PostgreSQL Servers.", - "title": "Ensure 'Enforce SSL connection' is set to 'ENABLED' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_enforce_ssl_enabled-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-e9rn" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn", - "name": "psql-e9rn", - "resource_group": "rg-e9rn", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-e9rn", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com 2. Go to Azure Database for PostgreSQL server 3. For each database, click on Connection security 4. In SSL settings, click on ENABLED to enforce SSL connections 5. Click Save From Azure CLI Use the below command to enforce ssl connection for PostgreSQL Database. az postgres server update --resource-group --name --ssl-enforcement Enabled From PowerShell Update-AzPostgreSqlServer -ResourceGroupName -ServerName -SslEnforcement Enabled", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/concepts-ssl-connection-security" - ] - }, - "risk_details": "SSL connectivity helps to provide a new layer of security by connecting database server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between database server and client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and application.", - "time": 1760900493, - "time_dt": "2025-10-19T19:01:33.799774", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-ireu from subscription Azure subscription 1 has enforce ssl enabled", - "metadata": { - "event_code": "postgresql_flexible_server_enforce_ssl_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-ireu from subscription Azure subscription 1 has enforce ssl enabled", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/postgresql/single-server/concepts-ssl-connection-security", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": ".", - "compliance": { - "MITRE-ATTACK": [ - "T1040", - "T1530" - ], - "CIS-2.0": [ - "4.3.1" - ], - "ProwlerThreatScore-1.0": [ - "4.1.1", - "4.1.2" - ], - "SOC2": [ - "cc_6_2", - "cc_6_6" - ], - "CIS-2.1": [ - "4.3.1" - ], - "CIS-3.0": [ - "5.2.1", - "5.3.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900493, - "created_time_dt": "2025-10-19T19:01:33.799774", - "desc": "Enable SSL connection on PostgreSQL Servers.", - "title": "Ensure 'Enforce SSL connection' is set to 'ENABLED' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_enforce_ssl_enabled-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-ireu" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu", - "name": "psql-ireu", - "resource_group": "rg-ireu", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-ireu", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com 2. Go to Azure Database for PostgreSQL server 3. For each database, click on Connection security 4. In SSL settings, click on ENABLED to enforce SSL connections 5. Click Save From Azure CLI Use the below command to enforce ssl connection for PostgreSQL Database. az postgres server update --resource-group --name --ssl-enforcement Enabled From PowerShell Update-AzPostgreSqlServer -ResourceGroupName -ServerName -SslEnforcement Enabled", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/concepts-ssl-connection-security" - ] - }, - "risk_details": "SSL connectivity helps to provide a new layer of security by connecting database server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between database server and client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and application.", - "time": 1760900493, - "time_dt": "2025-10-19T19:01:33.799774", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-rk6x from subscription Azure subscription 1 has enforce ssl enabled", - "metadata": { - "event_code": "postgresql_flexible_server_enforce_ssl_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-rk6x from subscription Azure subscription 1 has enforce ssl enabled", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/postgresql/single-server/concepts-ssl-connection-security", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": ".", - "compliance": { - "MITRE-ATTACK": [ - "T1040", - "T1530" - ], - "CIS-2.0": [ - "4.3.1" - ], - "ProwlerThreatScore-1.0": [ - "4.1.1", - "4.1.2" - ], - "SOC2": [ - "cc_6_2", - "cc_6_6" - ], - "CIS-2.1": [ - "4.3.1" - ], - "CIS-3.0": [ - "5.2.1", - "5.3.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900493, - "created_time_dt": "2025-10-19T19:01:33.799774", - "desc": "Enable SSL connection on PostgreSQL Servers.", - "title": "Ensure 'Enforce SSL connection' is set to 'ENABLED' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_enforce_ssl_enabled-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-rk6x" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x", - "name": "psql-rk6x", - "resource_group": "rg-rk6x", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-rk6x", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com 2. Go to Azure Database for PostgreSQL server 3. For each database, click on Connection security 4. In SSL settings, click on ENABLED to enforce SSL connections 5. Click Save From Azure CLI Use the below command to enforce ssl connection for PostgreSQL Database. az postgres server update --resource-group --name --ssl-enforcement Enabled From PowerShell Update-AzPostgreSqlServer -ResourceGroupName -ServerName -SslEnforcement Enabled", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/concepts-ssl-connection-security" - ] - }, - "risk_details": "SSL connectivity helps to provide a new layer of security by connecting database server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between database server and client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and application.", - "time": 1760900493, - "time_dt": "2025-10-19T19:01:33.799774", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-rtac from subscription Azure subscription 1 has enforce ssl enabled", - "metadata": { - "event_code": "postgresql_flexible_server_enforce_ssl_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-rtac from subscription Azure subscription 1 has enforce ssl enabled", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/postgresql/single-server/concepts-ssl-connection-security", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": ".", - "compliance": { - "MITRE-ATTACK": [ - "T1040", - "T1530" - ], - "CIS-2.0": [ - "4.3.1" - ], - "ProwlerThreatScore-1.0": [ - "4.1.1", - "4.1.2" - ], - "SOC2": [ - "cc_6_2", - "cc_6_6" - ], - "CIS-2.1": [ - "4.3.1" - ], - "CIS-3.0": [ - "5.2.1", - "5.3.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900493, - "created_time_dt": "2025-10-19T19:01:33.799774", - "desc": "Enable SSL connection on PostgreSQL Servers.", - "title": "Ensure 'Enforce SSL connection' is set to 'ENABLED' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_enforce_ssl_enabled-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-rtac" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac", - "name": "psql-rtac", - "resource_group": "rg-rtac", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-rtac", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com 2. Go to Azure Database for PostgreSQL server 3. For each database, click on Connection security 4. In SSL settings, click on ENABLED to enforce SSL connections 5. Click Save From Azure CLI Use the below command to enforce ssl connection for PostgreSQL Database. az postgres server update --resource-group --name --ssl-enforcement Enabled From PowerShell Update-AzPostgreSqlServer -ResourceGroupName -ServerName -SslEnforcement Enabled", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/concepts-ssl-connection-security" - ] - }, - "risk_details": "SSL connectivity helps to provide a new layer of security by connecting database server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between database server and client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and application.", - "time": 1760900493, - "time_dt": "2025-10-19T19:01:33.799774", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-tumw from subscription Azure subscription 1 has enforce ssl enabled", - "metadata": { - "event_code": "postgresql_flexible_server_enforce_ssl_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-tumw from subscription Azure subscription 1 has enforce ssl enabled", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/postgresql/single-server/concepts-ssl-connection-security", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": ".", - "compliance": { - "MITRE-ATTACK": [ - "T1040", - "T1530" - ], - "CIS-2.0": [ - "4.3.1" - ], - "ProwlerThreatScore-1.0": [ - "4.1.1", - "4.1.2" - ], - "SOC2": [ - "cc_6_2", - "cc_6_6" - ], - "CIS-2.1": [ - "4.3.1" - ], - "CIS-3.0": [ - "5.2.1", - "5.3.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900493, - "created_time_dt": "2025-10-19T19:01:33.799774", - "desc": "Enable SSL connection on PostgreSQL Servers.", - "title": "Ensure 'Enforce SSL connection' is set to 'ENABLED' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_enforce_ssl_enabled-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-tumw" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw", - "name": "psql-tumw", - "resource_group": "rg-tumw", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-tumw", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com 2. Go to Azure Database for PostgreSQL server 3. For each database, click on Connection security 4. In SSL settings, click on ENABLED to enforce SSL connections 5. Click Save From Azure CLI Use the below command to enforce ssl connection for PostgreSQL Database. az postgres server update --resource-group --name --ssl-enforcement Enabled From PowerShell Update-AzPostgreSqlServer -ResourceGroupName -ServerName -SslEnforcement Enabled", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/concepts-ssl-connection-security" - ] - }, - "risk_details": "SSL connectivity helps to provide a new layer of security by connecting database server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between database server and client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and application.", - "time": 1760900493, - "time_dt": "2025-10-19T19:01:33.799774", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-e9rn from subscription Azure subscription 1 has log_checkpoints enabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_checkpoints_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-e9rn from subscription Azure subscription 1 has log_checkpoints enabled", - "status_id": 1, - "unmapped": { - "related_url": " https://docs.microsoft.com/en-us/rest/api/postgresql/singleserver/configurations/list-by-server", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.3" - ], - "CIS-2.0": [ - "4.3.2" - ], - "ProwlerThreatScore-1.0": [ - "3.1.1" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "4.3.2" - ], - "CIS-3.0": [ - "5.2.2" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.g", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900493, - "created_time_dt": "2025-10-19T19:01:33.799774", - "desc": "Enable log_checkpoints on PostgreSQL Servers.", - "title": "Ensure Server Parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_checkpoints_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-e9rn" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn", - "name": "psql-e9rn", - "resource_group": "rg-e9rn", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-e9rn", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. From Azure Home select the Portal Menu. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for log_checkpoints. 5. Click ON and save. From Azure CLI Use the below command to update log_checkpoints configuration. az postgres server configuration set --resource-group -- server-name --name log_checkpoints --value on From PowerShell Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_checkpoints -Value on", - "references": [ - "https://docs.microsoft.com/en-us/azure/postgresql/howto-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling log_checkpoints helps the PostgreSQL Database to Log each checkpoint in turn generates query and error logs. However, access to transaction logs is not supported. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760900493, - "time_dt": "2025-10-19T19:01:33.799774", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-ireu from subscription Azure subscription 1 has log_checkpoints enabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_checkpoints_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-ireu from subscription Azure subscription 1 has log_checkpoints enabled", - "status_id": 1, - "unmapped": { - "related_url": " https://docs.microsoft.com/en-us/rest/api/postgresql/singleserver/configurations/list-by-server", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.3" - ], - "CIS-2.0": [ - "4.3.2" - ], - "ProwlerThreatScore-1.0": [ - "3.1.1" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "4.3.2" - ], - "CIS-3.0": [ - "5.2.2" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.g", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900493, - "created_time_dt": "2025-10-19T19:01:33.799774", - "desc": "Enable log_checkpoints on PostgreSQL Servers.", - "title": "Ensure Server Parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_checkpoints_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-ireu" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu", - "name": "psql-ireu", - "resource_group": "rg-ireu", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-ireu", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. From Azure Home select the Portal Menu. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for log_checkpoints. 5. Click ON and save. From Azure CLI Use the below command to update log_checkpoints configuration. az postgres server configuration set --resource-group -- server-name --name log_checkpoints --value on From PowerShell Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_checkpoints -Value on", - "references": [ - "https://docs.microsoft.com/en-us/azure/postgresql/howto-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling log_checkpoints helps the PostgreSQL Database to Log each checkpoint in turn generates query and error logs. However, access to transaction logs is not supported. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760900493, - "time_dt": "2025-10-19T19:01:33.799774", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-rk6x from subscription Azure subscription 1 has log_checkpoints enabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_checkpoints_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-rk6x from subscription Azure subscription 1 has log_checkpoints enabled", - "status_id": 1, - "unmapped": { - "related_url": " https://docs.microsoft.com/en-us/rest/api/postgresql/singleserver/configurations/list-by-server", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.3" - ], - "CIS-2.0": [ - "4.3.2" - ], - "ProwlerThreatScore-1.0": [ - "3.1.1" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "4.3.2" - ], - "CIS-3.0": [ - "5.2.2" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.g", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900493, - "created_time_dt": "2025-10-19T19:01:33.799774", - "desc": "Enable log_checkpoints on PostgreSQL Servers.", - "title": "Ensure Server Parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_checkpoints_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-rk6x" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x", - "name": "psql-rk6x", - "resource_group": "rg-rk6x", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-rk6x", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. From Azure Home select the Portal Menu. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for log_checkpoints. 5. Click ON and save. From Azure CLI Use the below command to update log_checkpoints configuration. az postgres server configuration set --resource-group -- server-name --name log_checkpoints --value on From PowerShell Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_checkpoints -Value on", - "references": [ - "https://docs.microsoft.com/en-us/azure/postgresql/howto-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling log_checkpoints helps the PostgreSQL Database to Log each checkpoint in turn generates query and error logs. However, access to transaction logs is not supported. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760900493, - "time_dt": "2025-10-19T19:01:33.799774", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-rtac from subscription Azure subscription 1 has log_checkpoints enabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_checkpoints_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-rtac from subscription Azure subscription 1 has log_checkpoints enabled", - "status_id": 1, - "unmapped": { - "related_url": " https://docs.microsoft.com/en-us/rest/api/postgresql/singleserver/configurations/list-by-server", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.3" - ], - "CIS-2.0": [ - "4.3.2" - ], - "ProwlerThreatScore-1.0": [ - "3.1.1" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "4.3.2" - ], - "CIS-3.0": [ - "5.2.2" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.g", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900493, - "created_time_dt": "2025-10-19T19:01:33.799774", - "desc": "Enable log_checkpoints on PostgreSQL Servers.", - "title": "Ensure Server Parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_checkpoints_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-rtac" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac", - "name": "psql-rtac", - "resource_group": "rg-rtac", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-rtac", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. From Azure Home select the Portal Menu. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for log_checkpoints. 5. Click ON and save. From Azure CLI Use the below command to update log_checkpoints configuration. az postgres server configuration set --resource-group -- server-name --name log_checkpoints --value on From PowerShell Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_checkpoints -Value on", - "references": [ - "https://docs.microsoft.com/en-us/azure/postgresql/howto-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling log_checkpoints helps the PostgreSQL Database to Log each checkpoint in turn generates query and error logs. However, access to transaction logs is not supported. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760900493, - "time_dt": "2025-10-19T19:01:33.799774", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-tumw from subscription Azure subscription 1 has log_checkpoints enabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_checkpoints_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-tumw from subscription Azure subscription 1 has log_checkpoints enabled", - "status_id": 1, - "unmapped": { - "related_url": " https://docs.microsoft.com/en-us/rest/api/postgresql/singleserver/configurations/list-by-server", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.3" - ], - "CIS-2.0": [ - "4.3.2" - ], - "ProwlerThreatScore-1.0": [ - "3.1.1" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "4.3.2" - ], - "CIS-3.0": [ - "5.2.2" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.g", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900493, - "created_time_dt": "2025-10-19T19:01:33.799774", - "desc": "Enable log_checkpoints on PostgreSQL Servers.", - "title": "Ensure Server Parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_checkpoints_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-tumw" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw", - "name": "psql-tumw", - "resource_group": "rg-tumw", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-tumw", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. From Azure Home select the Portal Menu. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for log_checkpoints. 5. Click ON and save. From Azure CLI Use the below command to update log_checkpoints configuration. az postgres server configuration set --resource-group -- server-name --name log_checkpoints --value on From PowerShell Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_checkpoints -Value on", - "references": [ - "https://docs.microsoft.com/en-us/azure/postgresql/howto-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling log_checkpoints helps the PostgreSQL Database to Log each checkpoint in turn generates query and error logs. However, access to transaction logs is not supported. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760900493, - "time_dt": "2025-10-19T19:01:33.799774", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-e9rn from subscription Azure subscription 1 has log_connections enabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_connections_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-e9rn from subscription Azure subscription 1 has log_connections enabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/rest/api/postgresql/configurations/listbyserver", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.3" - ], - "CIS-2.0": [ - "4.3.3" - ], - "ProwlerThreatScore-1.0": [ - "3.1.3" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "4.3.3" - ], - "CIS-3.0": [ - "5.2.6" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.c", - "3.2.3.e", - "3.2.3.g", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900493, - "created_time_dt": "2025-10-19T19:01:33.799774", - "desc": "Enable log_connections on PostgreSQL Servers.", - "title": "Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_connections_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-e9rn" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn", - "name": "psql-e9rn", - "resource_group": "rg-e9rn", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-e9rn", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for log_connections. 5. Click ON and save. From Azure CLI Use the below command to update log_connections configuration. az postgres server configuration set --resource-group -- server-name --name log_connections --value on From PowerShell Use the below command to update log_connections configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_connections -Value on", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/how-to-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling log_connections helps PostgreSQL Database to log attempted connection to the server, as well as successful completion of client authentication. Log data can be used to identify, troubleshoot, and repair configuration errors and suboptimal performance.", - "time": 1760900493, - "time_dt": "2025-10-19T19:01:33.799774", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-ireu from subscription Azure subscription 1 has log_connections enabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_connections_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-ireu from subscription Azure subscription 1 has log_connections enabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/rest/api/postgresql/configurations/listbyserver", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.3" - ], - "CIS-2.0": [ - "4.3.3" - ], - "ProwlerThreatScore-1.0": [ - "3.1.3" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "4.3.3" - ], - "CIS-3.0": [ - "5.2.6" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.c", - "3.2.3.e", - "3.2.3.g", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900493, - "created_time_dt": "2025-10-19T19:01:33.799774", - "desc": "Enable log_connections on PostgreSQL Servers.", - "title": "Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_connections_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-ireu" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu", - "name": "psql-ireu", - "resource_group": "rg-ireu", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-ireu", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for log_connections. 5. Click ON and save. From Azure CLI Use the below command to update log_connections configuration. az postgres server configuration set --resource-group -- server-name --name log_connections --value on From PowerShell Use the below command to update log_connections configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_connections -Value on", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/how-to-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling log_connections helps PostgreSQL Database to log attempted connection to the server, as well as successful completion of client authentication. Log data can be used to identify, troubleshoot, and repair configuration errors and suboptimal performance.", - "time": 1760900493, - "time_dt": "2025-10-19T19:01:33.799774", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-rk6x from subscription Azure subscription 1 has log_connections enabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_connections_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-rk6x from subscription Azure subscription 1 has log_connections enabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/rest/api/postgresql/configurations/listbyserver", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.3" - ], - "CIS-2.0": [ - "4.3.3" - ], - "ProwlerThreatScore-1.0": [ - "3.1.3" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "4.3.3" - ], - "CIS-3.0": [ - "5.2.6" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.c", - "3.2.3.e", - "3.2.3.g", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900493, - "created_time_dt": "2025-10-19T19:01:33.799774", - "desc": "Enable log_connections on PostgreSQL Servers.", - "title": "Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_connections_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-rk6x" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x", - "name": "psql-rk6x", - "resource_group": "rg-rk6x", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-rk6x", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for log_connections. 5. Click ON and save. From Azure CLI Use the below command to update log_connections configuration. az postgres server configuration set --resource-group -- server-name --name log_connections --value on From PowerShell Use the below command to update log_connections configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_connections -Value on", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/how-to-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling log_connections helps PostgreSQL Database to log attempted connection to the server, as well as successful completion of client authentication. Log data can be used to identify, troubleshoot, and repair configuration errors and suboptimal performance.", - "time": 1760900493, - "time_dt": "2025-10-19T19:01:33.799774", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-rtac from subscription Azure subscription 1 has log_connections enabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_connections_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-rtac from subscription Azure subscription 1 has log_connections enabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/rest/api/postgresql/configurations/listbyserver", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.3" - ], - "CIS-2.0": [ - "4.3.3" - ], - "ProwlerThreatScore-1.0": [ - "3.1.3" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "4.3.3" - ], - "CIS-3.0": [ - "5.2.6" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.c", - "3.2.3.e", - "3.2.3.g", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900493, - "created_time_dt": "2025-10-19T19:01:33.799774", - "desc": "Enable log_connections on PostgreSQL Servers.", - "title": "Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_connections_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-rtac" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac", - "name": "psql-rtac", - "resource_group": "rg-rtac", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-rtac", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for log_connections. 5. Click ON and save. From Azure CLI Use the below command to update log_connections configuration. az postgres server configuration set --resource-group -- server-name --name log_connections --value on From PowerShell Use the below command to update log_connections configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_connections -Value on", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/how-to-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling log_connections helps PostgreSQL Database to log attempted connection to the server, as well as successful completion of client authentication. Log data can be used to identify, troubleshoot, and repair configuration errors and suboptimal performance.", - "time": 1760900493, - "time_dt": "2025-10-19T19:01:33.799774", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-tumw from subscription Azure subscription 1 has log_connections enabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_connections_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-tumw from subscription Azure subscription 1 has log_connections enabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/rest/api/postgresql/configurations/listbyserver", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.3" - ], - "CIS-2.0": [ - "4.3.3" - ], - "ProwlerThreatScore-1.0": [ - "3.1.3" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "4.3.3" - ], - "CIS-3.0": [ - "5.2.6" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.c", - "3.2.3.e", - "3.2.3.g", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900493, - "created_time_dt": "2025-10-19T19:01:33.799774", - "desc": "Enable log_connections on PostgreSQL Servers.", - "title": "Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_connections_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-tumw" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw", - "name": "psql-tumw", - "resource_group": "rg-tumw", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-tumw", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for log_connections. 5. Click ON and save. From Azure CLI Use the below command to update log_connections configuration. az postgres server configuration set --resource-group -- server-name --name log_connections --value on From PowerShell Use the below command to update log_connections configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_connections -Value on", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/how-to-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling log_connections helps PostgreSQL Database to log attempted connection to the server, as well as successful completion of client authentication. Log data can be used to identify, troubleshoot, and repair configuration errors and suboptimal performance.", - "time": 1760900493, - "time_dt": "2025-10-19T19:01:33.799774", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-e9rn from subscription Azure subscription 1 has log_disconnections enabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_disconnections_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-e9rn from subscription Azure subscription 1 has log_disconnections enabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/rest/api/postgresql/singleserver/configurations/list-by-server", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Enabling this setting will enable a log of all disconnections. If this is enabled for a high traffic server, the log may grow exponentially.", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.3" - ], - "CIS-2.0": [ - "4.3.4" - ], - "ProwlerThreatScore-1.0": [ - "3.1.4" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "4.3.4" - ], - "CIS-3.0": [ - "5.2.7" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.c", - "3.2.3.e", - "3.2.3.g", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900493, - "created_time_dt": "2025-10-19T19:01:33.799774", - "desc": "Enable log_disconnections on PostgreSQL Servers.", - "title": "Ensure server parameter 'log_disconnections' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_disconnections_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-e9rn" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn", - "name": "psql-e9rn", - "resource_group": "rg-e9rn", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-e9rn", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. From Azure Home select the Portal Menu 2. Go to Azure Database for PostgreSQL servers 3. For each database, click on Server parameters 4. Search for log_disconnections. 5. Click ON and save. From Azure CLI Use the below command to update log_disconnections configuration. az postgres server configuration set --resource-group -- server-name --name log_disconnections --value on From PowerShell Use the below command to update log_disconnections configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName -- server-name --name log_disconnections --value on From PowerShell Use the below command to update log_disconnections configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName -- server-name --name log_disconnections --value on From PowerShell Use the below command to update log_disconnections configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName -- server-name --name log_disconnections --value on From PowerShell Use the below command to update log_disconnections configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName -- server-name --name log_disconnections --value on From PowerShell Use the below command to update log_disconnections configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName -- server-name --name log_retention_days --value <4-7> From Powershell Use the below command to update log_retention_days configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_retention_days -Value <4-7>", - "references": [ - "https://learn.microsoft.com/en-us/rest/api/postgresql/singleserver/configurations/list-by-server?view=rest-postgresql-singleserver-2017-12-01&tabs=HTTP" - ] - }, - "risk_details": "Configuring log_retention_days determines the duration in days that Azure Database for PostgreSQL retains log files. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760900493, - "time_dt": "2025-10-19T19:01:33.799774", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-ireu from subscription Azure subscription 1 has log_retention disabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_retention_days_greater_3", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Flexible Postgresql server psql-ireu from subscription Azure subscription 1 has log_retention disabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/azure/postgresql/howto-configure-server-parameters-using-portal", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Configuring this setting will result in logs being retained for the specified number of days. If this is configured on a high traffic server, the log may grow quickly to occupy a large amount of disk space. In this case you may want to set this to a lower number.", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.r3.az.nt.1", - "op.mon.3.az.nw.1" - ], - "CIS-2.0": [ - "4.3.6" - ], - "ProwlerThreatScore-1.0": [ - "3.2.2" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1", - "cc_c_1_2" - ], - "CIS-2.1": [ - "4.3.6" - ], - "CIS-3.0": [ - "5.2.4" - ], - "CCC": [ - "CCC.Logging.CN02.AR02" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.g", - "3.2.5", - "4.1.2.g", - "4.1.4", - "6.1.2.b", - "11.2.2.f", - "12.2.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900493, - "created_time_dt": "2025-10-19T19:01:33.799774", - "desc": "Ensure log_retention_days on PostgreSQL Servers is set to an appropriate value.", - "title": "Ensure Server Parameter 'log_retention_days' is greater than 3 days for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_retention_days_greater_3-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-ireu" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu", - "name": "psql-ireu", - "resource_group": "rg-ireu", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-ireu", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. From Azure Home select the Portal Menu. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for log_retention_days. 5. Input a value between 4 and 7 (inclusive) and click Save. From Azure CLI Use the below command to update log_retention_days configuration. az postgres server configuration set --resource-group -- server-name --name log_retention_days --value <4-7> From Powershell Use the below command to update log_retention_days configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_retention_days -Value <4-7>", - "references": [ - "https://learn.microsoft.com/en-us/rest/api/postgresql/singleserver/configurations/list-by-server?view=rest-postgresql-singleserver-2017-12-01&tabs=HTTP" - ] - }, - "risk_details": "Configuring log_retention_days determines the duration in days that Azure Database for PostgreSQL retains log files. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760900493, - "time_dt": "2025-10-19T19:01:33.799774", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-rk6x from subscription Azure subscription 1 has log_retention disabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_retention_days_greater_3", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Flexible Postgresql server psql-rk6x from subscription Azure subscription 1 has log_retention disabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/azure/postgresql/howto-configure-server-parameters-using-portal", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Configuring this setting will result in logs being retained for the specified number of days. If this is configured on a high traffic server, the log may grow quickly to occupy a large amount of disk space. In this case you may want to set this to a lower number.", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.r3.az.nt.1", - "op.mon.3.az.nw.1" - ], - "CIS-2.0": [ - "4.3.6" - ], - "ProwlerThreatScore-1.0": [ - "3.2.2" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1", - "cc_c_1_2" - ], - "CIS-2.1": [ - "4.3.6" - ], - "CIS-3.0": [ - "5.2.4" - ], - "CCC": [ - "CCC.Logging.CN02.AR02" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.g", - "3.2.5", - "4.1.2.g", - "4.1.4", - "6.1.2.b", - "11.2.2.f", - "12.2.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900493, - "created_time_dt": "2025-10-19T19:01:33.799774", - "desc": "Ensure log_retention_days on PostgreSQL Servers is set to an appropriate value.", - "title": "Ensure Server Parameter 'log_retention_days' is greater than 3 days for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_retention_days_greater_3-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-rk6x" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x", - "name": "psql-rk6x", - "resource_group": "rg-rk6x", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-rk6x", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. From Azure Home select the Portal Menu. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for log_retention_days. 5. Input a value between 4 and 7 (inclusive) and click Save. From Azure CLI Use the below command to update log_retention_days configuration. az postgres server configuration set --resource-group -- server-name --name log_retention_days --value <4-7> From Powershell Use the below command to update log_retention_days configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_retention_days -Value <4-7>", - "references": [ - "https://learn.microsoft.com/en-us/rest/api/postgresql/singleserver/configurations/list-by-server?view=rest-postgresql-singleserver-2017-12-01&tabs=HTTP" - ] - }, - "risk_details": "Configuring log_retention_days determines the duration in days that Azure Database for PostgreSQL retains log files. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760900493, - "time_dt": "2025-10-19T19:01:33.799774", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-rtac from subscription Azure subscription 1 has log_retention disabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_retention_days_greater_3", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Flexible Postgresql server psql-rtac from subscription Azure subscription 1 has log_retention disabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/azure/postgresql/howto-configure-server-parameters-using-portal", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Configuring this setting will result in logs being retained for the specified number of days. If this is configured on a high traffic server, the log may grow quickly to occupy a large amount of disk space. In this case you may want to set this to a lower number.", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.r3.az.nt.1", - "op.mon.3.az.nw.1" - ], - "CIS-2.0": [ - "4.3.6" - ], - "ProwlerThreatScore-1.0": [ - "3.2.2" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1", - "cc_c_1_2" - ], - "CIS-2.1": [ - "4.3.6" - ], - "CIS-3.0": [ - "5.2.4" - ], - "CCC": [ - "CCC.Logging.CN02.AR02" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.g", - "3.2.5", - "4.1.2.g", - "4.1.4", - "6.1.2.b", - "11.2.2.f", - "12.2.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900493, - "created_time_dt": "2025-10-19T19:01:33.799774", - "desc": "Ensure log_retention_days on PostgreSQL Servers is set to an appropriate value.", - "title": "Ensure Server Parameter 'log_retention_days' is greater than 3 days for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_retention_days_greater_3-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-rtac" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac", - "name": "psql-rtac", - "resource_group": "rg-rtac", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-rtac", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. From Azure Home select the Portal Menu. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for log_retention_days. 5. Input a value between 4 and 7 (inclusive) and click Save. From Azure CLI Use the below command to update log_retention_days configuration. az postgres server configuration set --resource-group -- server-name --name log_retention_days --value <4-7> From Powershell Use the below command to update log_retention_days configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_retention_days -Value <4-7>", - "references": [ - "https://learn.microsoft.com/en-us/rest/api/postgresql/singleserver/configurations/list-by-server?view=rest-postgresql-singleserver-2017-12-01&tabs=HTTP" - ] - }, - "risk_details": "Configuring log_retention_days determines the duration in days that Azure Database for PostgreSQL retains log files. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760900493, - "time_dt": "2025-10-19T19:01:33.799774", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-tumw from subscription Azure subscription 1 has log_retention disabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_retention_days_greater_3", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Flexible Postgresql server psql-tumw from subscription Azure subscription 1 has log_retention disabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/azure/postgresql/howto-configure-server-parameters-using-portal", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Configuring this setting will result in logs being retained for the specified number of days. If this is configured on a high traffic server, the log may grow quickly to occupy a large amount of disk space. In this case you may want to set this to a lower number.", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.r3.az.nt.1", - "op.mon.3.az.nw.1" - ], - "CIS-2.0": [ - "4.3.6" - ], - "ProwlerThreatScore-1.0": [ - "3.2.2" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1", - "cc_c_1_2" - ], - "CIS-2.1": [ - "4.3.6" - ], - "CIS-3.0": [ - "5.2.4" - ], - "CCC": [ - "CCC.Logging.CN02.AR02" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.g", - "3.2.5", - "4.1.2.g", - "4.1.4", - "6.1.2.b", - "11.2.2.f", - "12.2.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900493, - "created_time_dt": "2025-10-19T19:01:33.799774", - "desc": "Ensure log_retention_days on PostgreSQL Servers is set to an appropriate value.", - "title": "Ensure Server Parameter 'log_retention_days' is greater than 3 days for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_retention_days_greater_3-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-tumw" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw", - "name": "psql-tumw", - "resource_group": "rg-tumw", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-tumw", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. From Azure Home select the Portal Menu. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for log_retention_days. 5. Input a value between 4 and 7 (inclusive) and click Save. From Azure CLI Use the below command to update log_retention_days configuration. az postgres server configuration set --resource-group -- server-name --name log_retention_days --value <4-7> From Powershell Use the below command to update log_retention_days configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_retention_days -Value <4-7>", - "references": [ - "https://learn.microsoft.com/en-us/rest/api/postgresql/singleserver/configurations/list-by-server?view=rest-postgresql-singleserver-2017-12-01&tabs=HTTP" - ] - }, - "risk_details": "Configuring log_retention_days determines the duration in days that Azure Database for PostgreSQL retains log files. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760900493, - "time_dt": "2025-10-19T19:01:33.799774", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - } -] diff --git a/website/src/data/test-results/for-osff/azure-virtualnetwork/results/azure-virtualnetwork-delta.ocsf.json b/website/src/data/test-results/for-osff/azure-virtualnetwork/results/azure-virtualnetwork-delta.ocsf.json deleted file mode 100644 index a4d59ae8..00000000 --- a/website/src/data/test-results/for-osff/azure-virtualnetwork/results/azure-virtualnetwork-delta.ocsf.json +++ /dev/null @@ -1,325 +0,0 @@ -[ - { - "message": "Network Watcher NetworkWatcher_swedencentral from subscription Azure subscription 1 has no flow logs", - "metadata": { - "event_code": "network_flow_log_captured_sent", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Network Watcher NetworkWatcher_swedencentral from subscription Azure subscription 1 has no flow logs", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/security/benchmark/azure/mcsb-logging-threat-detection#lt-4-enable-network-logging-for-security-investigation", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "The impact of configuring NSG Flow logs is primarily one of cost and configuration. If deployed, it will create storage accounts that hold minimal amounts of data on a 5-day lifecycle before feeding to Log Analytics Workspace. This will increase the amount of data stored and used by Azure Monitor.", - "compliance": { - "ENS-RD2022": [ - "op.mon.1.r1.az.nf.1", - "op.mon.3.az.nw.1", - "mp.s.4.r1.az.nt.1" - ], - "MITRE-ATTACK": [ - "T1048", - "T1499" - ], - "CIS-2.0": [ - "5.1.6" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "ISO27001-2022": [ - "A.8.14", - "A.8.15", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "5.1.5" - ], - "CIS-3.0": [ - "6.1.5" - ], - "CCC": [ - "CCC.LB.CN01.AR02", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR01", - "CCC.Core.CN09.AR03", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR02", - "CCC.Core.CN04.AR03" - ], - "CIS-4.0": [ - "7.1.1.5" - ], - "NIS2": [ - "2.1.2.h", - "2.3.1", - "3.2.3.a", - "3.2.3.d", - "3.2.3.g", - "6.7.2.b", - "6.7.2.l", - "11.1.1", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900493, - "created_time_dt": "2025-10-19T19:01:33.799774", - "desc": "Ensure that network flow logs are captured and fed into a central log analytics workspace.", - "title": "Ensure that network flow logs are captured and fed into a central log analytics workspace.", - "types": [], - "uid": "prowler-azure-network_flow_log_captured_sent-3bb71587-4549-4396-8898-9e15f062e665-swedencentral-NetworkWatcher_swedencentral" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "swedencentral", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_swedencentral", - "name": "NetworkWatcher_swedencentral", - "location": "swedencentral", - "flow_logs": [] - } - }, - "group": { - "name": "network" - }, - "labels": [], - "name": "NetworkWatcher_swedencentral", - "type": "Network", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_swedencentral" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "swedencentral" - }, - "remediation": { - "desc": "1. Navigate to Network Watcher. 2. Select NSG flow logs. 3. Select + Create. 4. Select the desired Subscription. 5. Select + Select NSG. 6. Select a network security group. 7. Click Confirm selection. 8. Select or create a new Storage Account. 9. Input the retention in days to retain the log. 10. Click Next. 11. Under Configuration, select Version 2. 12. If rich analytics are required, select Enable Traffic Analytics, a processing interval, and a Log Analytics Workspace. 13. Select Next. 14. Optionally add Tags. 15. Select Review + create. 16. Select Create. Warning The remediation policy creates remediation deployment and names them by concatenating the subscription name and the resource group name. The MAXIMUM permitted length of a deployment name is 64 characters. Exceeding this will cause the remediation task to fail.", - "references": [ - "https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-nsg-flow-logging-portal" - ] - }, - "risk_details": "Network Flow Logs provide valuable insight into the flow of traffic around your network and feed into both Azure Monitor and Azure Sentinel (if in use), permitting the generation of visual flow diagrams to aid with analyzing for lateral movement, etc.", - "time": 1760900493, - "time_dt": "2025-10-19T19:01:33.799774", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Network Watcher NetworkWatcher_swedencentral from subscription Azure subscription 1 has no flow logs", - "metadata": { - "event_code": "network_flow_log_more_than_90_days", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Network Watcher NetworkWatcher_swedencentral from subscription Azure subscription 1 has no flow logs", - "status_id": 1, - "unmapped": { - "related_url": " https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-nsg-flow-logging-overview", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "This will keep IP traffic logs for longer than 90 days. As a level 2, first determine your need to retain data, then apply your selection here. As this is data stored for longer, your monthly storage costs will increase depending on your data use.", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.r3.az.nt.1", - "op.mon.3.az.nw.1" - ], - "MITRE-ATTACK": [ - "T1499" - ], - "CIS-2.0": [ - "6.5" - ], - "ProwlerThreatScore-1.0": [ - "3.2.1" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1", - "cc_c_1_2" - ], - "CIS-2.1": [ - "6.5" - ], - "CIS-3.0": [ - "7.5" - ], - "CCC": [ - "CCC.Logging.CN02.AR01", - "CCC.Logging.CN02.AR02", - "CCC.VPC.CN04.AR01" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.29", - "10.2.1.3.29", - "10.2.1.4.29", - "10.2.1.5.29", - "10.2.1.6.29", - "10.2.1.7.29", - "10.2.1.29", - "10.2.2.29", - "10.3.1.29", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.34" - ], - "CIS-4.0": [ - "8.8", - "8.5" - ], - "NIS2": [ - "1.1.1.c", - "2.1.2.h", - "2.3.1", - "3.2.3.a", - "3.2.3.g", - "3.2.5", - "4.1.2.g", - "4.1.4", - "4.2.2.f", - "6.1.2.b", - "6.7.2.b", - "6.7.2.l", - "11.1.1", - "11.2.2.f", - "12.2.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760900493, - "created_time_dt": "2025-10-19T19:01:33.799774", - "desc": "Network Security Group Flow Logs should be enabled and the retention period set to greater than or equal to 90 days.", - "title": "Ensure that Network Security Group Flow Log retention period is 0, 90 days or greater", - "types": [], - "uid": "prowler-azure-network_flow_log_more_than_90_days-3bb71587-4549-4396-8898-9e15f062e665-swedencentral-NetworkWatcher_swedencentral" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "swedencentral", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_swedencentral", - "name": "NetworkWatcher_swedencentral", - "location": "swedencentral", - "flow_logs": [] - } - }, - "group": { - "name": "network" - }, - "labels": [], - "name": "NetworkWatcher_swedencentral", - "type": "Network", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_swedencentral" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "swedencentral" - }, - "remediation": { - "desc": "From Azure Portal 1. Go to Network Watcher 2. Select NSG flow logs blade in the Logs section 3. Select each Network Security Group from the list 4. Ensure Status is set to On 5. Ensure Retention (days) setting greater than 90 days 6. Select your storage account in the Storage account field 7. Select Save From Azure CLI Enable the NSG flow logs and set the Retention (days) to greater than or equal to 90 days. az network watcher flow-log configure --nsg --enabled true --resource-group --retention 91 --storage-account ", - "references": [ - "https://docs.microsoft.com/en-us/cli/azure/network/watcher/flow-log?view=azure-cli-latest" - ] - }, - "risk_details": "Flow logs enable capturing information about IP traffic flowing in and out of network security groups. Logs can be used to check for anomalies and give insight into suspected breaches.", - "time": 1760900493, - "time_dt": "2025-10-19T19:01:33.799774", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - } -] diff --git a/website/src/data/test-results/for-osff/repository.json b/website/src/data/test-results/for-osff/repository.json deleted file mode 100644 index a776d80b..00000000 --- a/website/src/data/test-results/for-osff/repository.json +++ /dev/null @@ -1,9 +0,0 @@ -{ - "name": "osff", - "url": "https://github.com/finos-labs/ccc-cfi-compliance", - "description": "CCC CFI Compliance from FINOS Labs", - "downloaded_at": "2025-10-19T21:38:16.610Z", - "workflow_run_id": 18633357206, - "workflow_status": "completed", - "workflow_conclusion": "failure" -} diff --git a/website/src/data/test-results/for-osff/secure-azure-storage/config/secure-azure-storage.json b/website/src/data/test-results/for-osff/secure-azure-storage/config/secure-azure-storage.json deleted file mode 100644 index a045823e..00000000 --- a/website/src/data/test-results/for-osff/secure-azure-storage/config/secure-azure-storage.json +++ /dev/null @@ -1,9 +0,0 @@ -{ - "id": "secure-azure-storage", - "provider": "azure", - "service": "storage", - "name": "CCC Azure Storage Account Terraform Example", - "description": "This example creates a secure Azure storage account with encryption, versioning, and lifecycle management enabled.", - "path": "examples/complete/azure", - "git": "https://github.com/finos/cfi-s3-module" -} \ No newline at end of file diff --git a/website/src/data/test-results/for-osff/secure-azure-storage/results/secure-azure-storage-baseline.ocsf.json b/website/src/data/test-results/for-osff/secure-azure-storage/results/secure-azure-storage-baseline.ocsf.json deleted file mode 100644 index a59fb75d..00000000 --- a/website/src/data/test-results/for-osff/secure-azure-storage/results/secure-azure-storage-baseline.ocsf.json +++ /dev/null @@ -1,11972 +0,0 @@ -[ - { - "message": "There are no AppInsight configured in subscription Azure subscription 1.", - "metadata": { - "event_code": "appinsights_ensure_is_configured", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "There are no AppInsight configured in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/azure-monitor/app/app-insights-overview", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Because Application Insights relies on a Log Analytics Workspace, an organization will incur additional expenses when using this service.", - "compliance": { - "ENS-RD2022": [ - "mp.s.4.r1.az.nt.2" - ], - "CIS-2.0": [ - "5.3.1" - ], - "ProwlerThreatScore-1.0": [ - "3.3.13" - ], - "CIS-2.1": [ - "5.3.1" - ], - "CIS-3.0": [ - "6.3.1" - ], - "CCC": [ - "CCC.Logging.CN01.AR01" - ], - "PCI-4.0": [ - "10.2.1.1.3", - "10.2.1.2.3", - "10.2.1.3.3", - "10.2.1.4.3", - "10.2.1.5.3", - "10.2.1.6.3", - "10.2.1.7.3", - "10.2.1.3", - "10.2.2.3", - "10.4.1.1.1", - "10.4.1.1", - "10.4.2.1", - "10.6.3.3", - "10.7.1.1", - "10.7.2.1", - "5.3.4.3", - "A1.2.1.3", - "A3.3.1.1", - "A3.5.1.1" - ], - "CIS-4.0": [ - "7.1.3.1" - ], - "NIS2": [ - "3.2.3.h", - "5.1.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903743, - "created_time_dt": "2025-10-19T19:55:43.343029", - "desc": "Application Insights within Azure act as an Application Performance Monitoring solution providing valuable data into how well an application performs and additional information when performing incident response. The types of log data collected include application metrics, telemetry data, and application trace logging data providing organizations with detailed information about application activity and application transactions. Both data sets help organizations adopt a proactive and retroactive means to handle security and performance related metrics within their modern applications.", - "title": "Ensure Application Insights are Configured.", - "types": [], - "uid": "prowler-azure-appinsights_ensure_is_configured-3bb71587-4549-4396-8898-9e15f062e665-global-AppInsights" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "appinsights" - }, - "labels": [], - "name": "AppInsights", - "type": "Microsoft.Insights/components", - "uid": "AppInsights" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. Navigate to Application Insights 2. Under the Basics tab within the PROJECT DETAILS section, select the Subscription 3. Select the Resource group 4. Within the INSTANCE DETAILS, enter a Name 5. Select a Region 6. Next to Resource Mode, select Workspace-based 7. Within the WORKSPACE DETAILS, select the Subscription for the log analytics workspace 8. Select the appropriate Log Analytics Workspace 9. Click Next:Tags > 10. Enter the appropriate Tags as Name, Value pairs. 11. Click Next:Review+Create 12. Click Create.", - "references": [] - }, - "risk_details": "Configuring Application Insights provides additional data not found elsewhere within Azure as part of a much larger logging and monitoring program within an organization's Information Security practice. The types and contents of these logs will act as both a potential cost saving measure (application performance) and a means to potentially confirm the source of a potential incident (trace logging). Metrics and Telemetry data provide organizations with a proactive approach to cost savings by monitoring an application's performance, while the trace logging data provides necessary details in a reactive incident response scenario by helping organizations identify the potential source of an incident within their application.", - "time": 1760903743, - "time_dt": "2025-10-19T19:55:43.343029", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Defender Auto Provisioning Log Analytics Agents from subscription Azure subscription 1 is set to OFF.", - "metadata": { - "event_code": "defender_auto_provisioning_log_analytics_agent_vms_on", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Defender Auto Provisioning Log Analytics Agents from subscription Azure subscription 1 is set to OFF.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/azure/security-center/security-center-data-security", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.mon.3.r2.az.de.1", - "mp.s.4.r1.az.nt.5" - ], - "MITRE-ATTACK": [ - "T1190" - ], - "CIS-2.0": [ - "2.1.15" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1", - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "2.1.14" - ], - "CIS-3.0": [ - "3.1.1.1" - ], - "NIS2": [ - "2.1.2.h", - "3.1.2.d", - "3.2.3.c", - "3.2.3.e", - "3.2.3.g", - "3.6.2", - "6.9.2", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903743, - "created_time_dt": "2025-10-19T19:55:43.343029", - "desc": "Ensure that Auto provisioning of 'Log Analytics agent for Azure VMs' is Set to 'On'. The Microsoft Monitoring Agent scans for various security-related configurations and events such as system updates, OS vulnerabilities, endpoint protection, and provides alerts.", - "title": "Ensure that Auto provisioning of 'Log Analytics agent for Azure VMs' is Set to 'On'", - "types": [], - "uid": "prowler-azure-defender_auto_provisioning_log_analytics_agent_vms_on-3bb71587-4549-4396-8898-9e15f062e665-global-default" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/autoProvisioningSettings/default", - "resource_name": "default", - "resource_type": "Microsoft.Security/autoProvisioningSettings", - "auto_provision": "Off" - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "default", - "type": "AzureDefenderPlan", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/autoProvisioningSettings/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "Ensure comprehensive visibility into possible security vulnerabilities, including missing updates, misconfigured operating system security settings, and active threats, allowing for timely mitigation and improved overall security posture", - "references": [ - "https://learn.microsoft.com/en-us/azure/defender-for-cloud/monitoring-components" - ] - }, - "risk_details": "Missing critical security information about your Azure VMs, such as security alerts, security recommendations, and change tracking.", - "time": 1760903743, - "time_dt": "2025-10-19T19:55:43.343029", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Container image scan is disabled in subscription Azure subscription 1.", - "metadata": { - "event_code": "defender_container_images_scan_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Container image scan is disabled in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/container-registry/container-registry-check-health", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "When using an Azure container registry, you might occasionally encounter problems. For example, you might not be able to pull a container image because of an issue with Docker in your local environment. Or, a network issue might prevent you from connecting to the registry.", - "compliance": { - "MITRE-ATTACK": [ - "T1190", - "T1525" - ], - "ISO27001-2022": [ - "A.5.19", - "A.5.21", - "A.5.25", - "A.5.28", - "A.5.29", - "A.8.7", - "A.8.9" - ], - "SOC2": [ - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CCC": [ - "CCC.CntrReg.CN01.AR01" - ], - "PCI-4.0": [ - "11.3.1.2.1", - "11.3.1.3.3", - "11.3.1.3" - ], - "NIS2": [ - "2.2.1", - "3.1.2.d", - "3.6.2", - "5.1.4.f", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903743, - "created_time_dt": "2025-10-19T19:55:43.343029", - "desc": "Scan images being deployed to Azure (AKS) for vulnerabilities. Vulnerability scanning for images stored in Azure Container Registry is generally available in Azure Security Center. This capability is powered by Qualys, a leading provider of information security. When you push an image to Container Registry, Security Center automatically scans it, then checks for known vulnerabilities in packages or dependencies defined in the file. When the scan completes (after about 10 minutes), Security Center provides details and a security classification for each vulnerability detected, along with guidance on how to remediate issues and protect vulnerable attack surfaces.", - "title": "Ensure Image Vulnerability Scanning using Azure Defender image scanning or a third party provider", - "types": [], - "uid": "prowler-azure-defender_container_images_scan_enabled-3bb71587-4549-4396-8898-9e15f062e665-global-Containers" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/Containers", - "resource_name": "Containers", - "pricing_tier": "Free", - "free_trial_remaining_time": 2592000.0, - "extensions": {} - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "Containers", - "type": "Microsoft.Security", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/Containers" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "", - "references": [ - "https://learn.microsoft.com/en-us/azure/container-registry/scan-images-defender" - ] - }, - "risk_details": "Vulnerabilities in software packages can be exploited by hackers or malicious users to obtain unauthorized access to local cloud resources. Azure Defender and other third party products allow images to be scanned for known vulnerabilities.", - "time": 1760903743, - "time_dt": "2025-10-19T19:55:43.343029", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Defender plan Defender for App Services from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "metadata": { - "event_code": "defender_ensure_defender_for_app_services_is_on", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Defender plan Defender for App Services from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.s.4.r1.az.nt.3" - ], - "MITRE-ATTACK": [ - "T1190", - "T1059", - "T1204", - "T1552", - "T1486", - "T1499", - "T1496", - "T1087" - ], - "ISO27001-2022": [ - "A.5.19", - "A.5.21", - "A.5.25", - "A.5.28", - "A.5.29", - "A.8.7", - "A.8.9" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CIS-2.1": [ - "2.1.2" - ], - "CIS-3.0": [ - "3.1.6.1" - ], - "CIS-4.0": [ - "9.1.6.1" - ], - "NIS2": [ - "3.6.2", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903743, - "created_time_dt": "2025-10-19T19:55:43.343029", - "desc": "Ensure That Microsoft Defender for App Services Is Set To 'On' ", - "title": "Ensure That Microsoft Defender for App Services Is Set To 'On' ", - "types": [], - "uid": "prowler-azure-defender_ensure_defender_for_app_services_is_on-3bb71587-4549-4396-8898-9e15f062e665-global-Defender plan App Services" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/AppServices", - "resource_name": "AppServices", - "pricing_tier": "Free", - "free_trial_remaining_time": 2592000.0, - "extensions": {} - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "Defender plan App Services", - "type": "AzureDefenderPlan", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/AppServices" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "By default, Microsoft Defender for Cloud is not enabled for your App Service instances. Enabling the Defender security service for App Service instances allows for advanced security defense using threat detection capabilities provided by Microsoft Security Response Center.", - "references": [] - }, - "risk_details": "Turning on Microsoft Defender for App Service enables threat detection for App Service, providing threat intelligence, anomaly detection, and behavior analytics in the Microsoft Defender for Cloud.", - "time": 1760903743, - "time_dt": "2025-10-19T19:55:43.343029", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Defender plan Defender for ARM from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "metadata": { - "event_code": "defender_ensure_defender_for_arm_is_on", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Defender plan Defender for ARM from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.s.4.r1.az.nt.3" - ], - "MITRE-ATTACK": [ - "T1190", - "T1562", - "T1486", - "T1499", - "T1087", - "T1580", - "T1538", - "T1526", - "T1069" - ], - "CIS-2.0": [ - "2.1.12" - ], - "ISO27001-2022": [ - "A.5.19", - "A.5.21", - "A.5.25", - "A.5.28", - "A.5.29", - "A.8.7", - "A.8.9" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CIS-2.1": [ - "2.1.11" - ], - "CIS-3.0": [ - "3.1.9.1" - ], - "CIS-4.0": [ - "9.1.9.1" - ], - "NIS2": [ - "3.6.2", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903743, - "created_time_dt": "2025-10-19T19:55:43.343029", - "desc": "Ensure That Microsoft Defender for Azure Resource Manager Is Set To 'On' ", - "title": "Ensure That Microsoft Defender for Azure Resource Manager Is Set To 'On' ", - "types": [], - "uid": "prowler-azure-defender_ensure_defender_for_arm_is_on-3bb71587-4549-4396-8898-9e15f062e665-global-Defender plan ARM" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/Arm", - "resource_name": "Arm", - "pricing_tier": "Free", - "free_trial_remaining_time": 2592000.0, - "extensions": {} - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "Defender plan ARM", - "type": "AzureDefenderPlan", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/Arm" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "Enable Microsoft Defender for Azure Resource Manager", - "references": [] - }, - "risk_details": "Scanning resource requests lets you be alerted every time there is suspicious activity in order to prevent a security threat from being introduced.", - "time": 1760903743, - "time_dt": "2025-10-19T19:55:43.343029", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Defender plan Defender for Azure SQL DB Servers from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "metadata": { - "event_code": "defender_ensure_defender_for_azure_sql_databases_is_on", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Defender plan Defender for Azure SQL DB Servers from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.s.4.r1.az.nt.4" - ], - "MITRE-ATTACK": [ - "T1190", - "T1486", - "T1499" - ], - "CIS-2.0": [ - "2.1.4" - ], - "ISO27001-2022": [ - "A.5.19", - "A.5.21", - "A.5.25", - "A.5.28", - "A.5.29", - "A.8.7", - "A.8.9" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CIS-2.1": [ - "2.1.3" - ], - "CIS-3.0": [ - "3.1.7.3" - ], - "CIS-4.0": [ - "9.1.7.3" - ], - "NIS2": [ - "3.6.2", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903743, - "created_time_dt": "2025-10-19T19:55:43.343029", - "desc": "Ensure That Microsoft Defender for Azure SQL Databases Is Set To 'On' ", - "title": "Ensure That Microsoft Defender for Azure SQL Databases Is Set To 'On' ", - "types": [], - "uid": "prowler-azure-defender_ensure_defender_for_azure_sql_databases_is_on-3bb71587-4549-4396-8898-9e15f062e665-global-SqlServers" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/SqlServers", - "resource_name": "SqlServers", - "pricing_tier": "Free", - "free_trial_remaining_time": 2592000.0, - "extensions": {} - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "SqlServers", - "type": "AzureDefenderPlan", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/SqlServers" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "By default, Microsoft Defender for Cloud is disabled for all your SQL database servers. Defender for Cloud monitors your SQL database servers for threats such as SQL injection, brute-force attacks, and privilege abuse. The security service provides action-oriented security alerts with details of the suspicious activity and guidance on how to mitigate the security threats.", - "references": [] - }, - "risk_details": "Turning on Microsoft Defender for Azure SQL Databases enables threat detection for Azure SQL database servers, providing threat intelligence, anomaly detection, and behavior analytics in the Microsoft Defender for Cloud.", - "time": 1760903743, - "time_dt": "2025-10-19T19:55:43.343029", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Defender plan Defender for Containers from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "metadata": { - "event_code": "defender_ensure_defender_for_containers_is_on", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Defender plan Defender for Containers from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.s.4.r1.az.nt.3" - ], - "MITRE-ATTACK": [ - "T1190", - "T1525", - "T1486", - "T1499" - ], - "CIS-2.0": [ - "2.1.8" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.19", - "A.5.21", - "A.5.22", - "A.5.25", - "A.5.28", - "A.5.29", - "A.8.7", - "A.8.9" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CIS-2.1": [ - "2.1.8" - ], - "CIS-3.0": [ - "3.1.4.1" - ], - "CIS-4.0": [ - "9.1.4.1" - ], - "NIS2": [ - "3.6.2", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903743, - "created_time_dt": "2025-10-19T19:55:43.343029", - "desc": "Ensure That Microsoft Defender for Containers Is Set To 'On' ", - "title": "Ensure That Microsoft Defender for Containers Is Set To 'On' ", - "types": [], - "uid": "prowler-azure-defender_ensure_defender_for_containers_is_on-3bb71587-4549-4396-8898-9e15f062e665-global-Containers" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/Containers", - "resource_name": "Containers", - "pricing_tier": "Free", - "free_trial_remaining_time": 2592000.0, - "extensions": {} - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "Containers", - "type": "AzureDefenderPlan", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/Containers" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "By default, Microsoft Defender for Cloud is not enabled for your Azure cloud containers. Enabling the Defender security service for Azure containers allows for advanced security defense against threats, using threat detection capabilities provided by the Microsoft Security Response Center (MSRC).", - "references": [] - }, - "risk_details": "Ensure that Microsoft Defender for Cloud is enabled for all your Azure containers. Turning on the Defender for Cloud service enables threat detection for containers, providing threat intelligence, anomaly detection, and behavior analytics.", - "time": 1760903743, - "time_dt": "2025-10-19T19:55:43.343029", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Defender plan Defender for Cosmos DB from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "metadata": { - "event_code": "defender_ensure_defender_for_cosmosdb_is_on", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Defender plan Defender for Cosmos DB from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.s.4.r1.az.nt.4" - ], - "MITRE-ATTACK": [ - "T1190", - "T1486", - "T1499" - ], - "CIS-2.0": [ - "2.1.9" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.19", - "A.5.21", - "A.5.22", - "A.5.25", - "A.5.28", - "A.5.29", - "A.8.7", - "A.8.9" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CIS-2.1": [ - "2.1.6" - ], - "CIS-3.0": [ - "3.1.7.1" - ], - "CIS-4.0": [ - "9.1.7.1" - ], - "NIS2": [ - "3.6.2", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903743, - "created_time_dt": "2025-10-19T19:55:43.343029", - "desc": "Ensure That Microsoft Defender for Cosmos DB Is Set To 'On' ", - "title": "Ensure That Microsoft Defender for Cosmos DB Is Set To 'On' ", - "types": [], - "uid": "prowler-azure-defender_ensure_defender_for_cosmosdb_is_on-3bb71587-4549-4396-8898-9e15f062e665-global-Defender plan Cosmos DB" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/CosmosDbs", - "resource_name": "CosmosDbs", - "pricing_tier": "Free", - "free_trial_remaining_time": 2592000.0, - "extensions": {} - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "Defender plan Cosmos DB", - "type": "AzureDefenderPlan", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/CosmosDbs" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "By default, Microsoft Defender for Cloud is not enabled for your App Service instances. Enabling the Defender security service for App Service instances allows for advanced security defense using threat detection capabilities provided by Microsoft Security Response Center.", - "references": [ - "Enable Microsoft Defender for Cosmos DB" - ] - }, - "risk_details": "In scanning Cosmos DB requests within a subscription, requests are compared to a heuristic list of potential security threats. These threats could be a result of a security breach within your services, thus scanning for them could prevent a potential security threat from being introduced.", - "time": 1760903743, - "time_dt": "2025-10-19T19:55:43.343029", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Defender plan Defender for Databases from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "metadata": { - "event_code": "defender_ensure_defender_for_databases_is_on", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Defender plan Defender for Databases from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.s.4.r1.az.nt.4" - ], - "MITRE-ATTACK": [ - "T1190", - "T1486", - "T1499" - ], - "CIS-2.0": [ - "2.1.3" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.19", - "A.5.21", - "A.5.22", - "A.5.25", - "A.5.28", - "A.5.29", - "A.8.7", - "A.8.9" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "NIS2": [ - "3.6.2", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903743, - "created_time_dt": "2025-10-19T19:55:43.343029", - "desc": "Ensure That Microsoft Defender for Databases Is Set To 'On' ", - "title": "Ensure That Microsoft Defender for Databases Is Set To 'On' ", - "types": [], - "uid": "prowler-azure-defender_ensure_defender_for_databases_is_on-3bb71587-4549-4396-8898-9e15f062e665-global-SqlServers" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/SqlServers", - "resource_name": "SqlServers", - "pricing_tier": "Free", - "free_trial_remaining_time": 2592000.0, - "extensions": {} - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "SqlServers", - "type": "AzureDefenderPlan", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/SqlServers" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "Enable Microsoft Defender for Azure SQL Databases", - "references": [] - }, - "risk_details": "Enabling Microsoft Defender for Azure SQL Databases allows your organization more granular control of the infrastructure running your database software", - "time": 1760903743, - "time_dt": "2025-10-19T19:55:43.343029", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Defender plan Defender for DNS from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "metadata": { - "event_code": "defender_ensure_defender_for_dns_is_on", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Defender plan Defender for DNS from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.s.4.r1.az.nt.3" - ], - "MITRE-ATTACK": [ - "T1190", - "T1486", - "T1499" - ], - "CIS-2.0": [ - "2.1.11" - ], - "ProwlerThreatScore-1.0": [ - "3.3.21" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.19", - "A.5.21", - "A.5.22", - "A.5.25", - "A.5.28", - "A.5.29", - "A.8.7", - "A.8.9" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CIS-2.1": [ - "2.1.10" - ], - "CIS-3.0": [ - "3.1.16" - ], - "CIS-4.0": [ - "9.1.17" - ], - "NIS2": [ - "3.6.2", - "6.7.2.i", - "6.7.2.l", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903743, - "created_time_dt": "2025-10-19T19:55:43.343029", - "desc": "Ensure That Microsoft Defender for DNS Is Set To 'On' ", - "title": "Ensure That Microsoft Defender for DNS Is Set To 'On' ", - "types": [], - "uid": "prowler-azure-defender_ensure_defender_for_dns_is_on-3bb71587-4549-4396-8898-9e15f062e665-global-Defender plan DNS" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/Dns", - "resource_name": "Dns", - "pricing_tier": "Free", - "free_trial_remaining_time": 2592000.0, - "extensions": {} - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "Defender plan DNS", - "type": "AzureDefenderPlan", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/Dns" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "By default, Microsoft Defender for Cloud is not enabled for your App Service instances. Enabling the Defender security service for App Service instances allows for advanced security defense using threat detection capabilities provided by Microsoft Security Response Center.", - "references": [] - }, - "risk_details": "DNS lookups within a subscription are scanned and compared to a dynamic list of websites that might be potential security threats. These threats could be a result of a security breach within your services, thus scanning for them could prevent a potential security threat from being introduced.", - "time": 1760903743, - "time_dt": "2025-10-19T19:55:43.343029", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Defender plan Defender for KeyVaults from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "metadata": { - "event_code": "defender_ensure_defender_for_keyvault_is_on", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Defender plan Defender for KeyVaults from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r1.az.eid.3" - ], - "MITRE-ATTACK": [ - "T1190", - "T1486", - "T1499", - "T1580" - ], - "CIS-2.0": [ - "2.1.10" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.19", - "A.5.21", - "A.5.22", - "A.5.25", - "A.5.28", - "A.5.29", - "A.8.7", - "A.8.9" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CIS-2.1": [ - "2.1.9" - ], - "CIS-3.0": [ - "3.1.8.1" - ], - "PCI-4.0": [ - "3.5.1.31", - "3.5.1.32", - "8.3.2.50", - "8.3.2.51" - ], - "CIS-4.0": [ - "9.1.8.1" - ], - "NIS2": [ - "3.6.2", - "6.9.2", - "9.2.c", - "9.2.c.iv" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903743, - "created_time_dt": "2025-10-19T19:55:43.343029", - "desc": "Ensure That Microsoft Defender for KeyVault Is Set To 'On' ", - "title": "Ensure That Microsoft Defender for KeyVault Is Set To 'On' ", - "types": [], - "uid": "prowler-azure-defender_ensure_defender_for_keyvault_is_on-3bb71587-4549-4396-8898-9e15f062e665-global-Defender plan KeyVaults" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/KeyVaults", - "resource_name": "KeyVaults", - "pricing_tier": "Free", - "free_trial_remaining_time": 2592000.0, - "extensions": {} - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "Defender plan KeyVaults", - "type": "AzureDefenderPlan", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/KeyVaults" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "Ensure that Microsoft Defender for Cloud is enabled for Azure key vaults. Key Vault is the Azure cloud service that safeguards encryption keys and secrets like certificates, connection-based strings, and passwords.", - "references": [] - }, - "risk_details": "By default, Microsoft Defender for Cloud is disabled for Azure key vaults. Defender for Cloud detects unusual and potentially harmful attempts to access or exploit your Azure Key Vault data. This layer of protection allows you to address threats without being a security expert, and without the need to use and manage third-party security monitoring tools or services.", - "time": 1760903743, - "time_dt": "2025-10-19T19:55:43.343029", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Defender plan Defender for Open-Source Relational Databases from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "metadata": { - "event_code": "defender_ensure_defender_for_os_relational_databases_is_on", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Defender plan Defender for Open-Source Relational Databases from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.s.4.r1.az.nt.4" - ], - "MITRE-ATTACK": [ - "T1190", - "T1486", - "T1499" - ], - "CIS-2.0": [ - "2.1.6" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.19", - "A.5.21", - "A.5.22", - "A.5.25", - "A.5.28", - "A.5.29", - "A.8.7", - "A.8.9" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CIS-2.1": [ - "2.1.5" - ], - "CIS-3.0": [ - "3.1.7.2" - ], - "CIS-4.0": [ - "9.1.7.2" - ], - "NIS2": [ - "3.6.2", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903743, - "created_time_dt": "2025-10-19T19:55:43.343029", - "desc": "Ensure That Microsoft Defender for Open-Source Relational Databases Is Set To 'On' ", - "title": "Ensure That Microsoft Defender for Open-Source Relational Databases Is Set To 'On' ", - "types": [], - "uid": "prowler-azure-defender_ensure_defender_for_os_relational_databases_is_on-3bb71587-4549-4396-8898-9e15f062e665-global-Defender plan Open-Source Relational Databases" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/OpenSourceRelationalDatabases", - "resource_name": "OpenSourceRelationalDatabases", - "pricing_tier": "Free", - "free_trial_remaining_time": 2592000.0, - "extensions": {} - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "Defender plan Open-Source Relational Databases", - "type": "AzureDefenderPlan", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/OpenSourceRelationalDatabases" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "Enabling Microsoft Defender for Open-source relational databases allows for greater defense-in-depth, with threat detection provided by the Microsoft Security Response Center (MSRC).", - "references": [] - }, - "risk_details": "Turning on Microsoft Defender for Open-source relational databases enables threat detection for Open-source relational databases, providing threat intelligence, anomaly detection, and behavior analytics in the Microsoft Defender for Cloud.", - "time": 1760903743, - "time_dt": "2025-10-19T19:55:43.343029", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Defender plan Defender for Servers from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "metadata": { - "event_code": "defender_ensure_defender_for_server_is_on", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Defender plan Defender for Servers from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.mon.3.r1.az.ev.1", - "mp.s.4.r1.az.nt.3" - ], - "MITRE-ATTACK": [ - "T1190", - "T1486", - "T1499" - ], - "CIS-2.0": [ - "2.1.1", - "2.1.2" - ], - "ProwlerThreatScore-1.0": [ - "1.1.4" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.19", - "A.5.21", - "A.5.22", - "A.5.25", - "A.5.28", - "A.5.29", - "A.8.7", - "A.8.9" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CIS-2.1": [ - "2.1.1" - ], - "CIS-3.0": [ - "2.2.8", - "3.1.3.1" - ], - "CIS-4.0": [ - "6.2.7", - "9.1.3.1" - ], - "NIS2": [ - "3.6.2", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903743, - "created_time_dt": "2025-10-19T19:55:43.343029", - "desc": "Ensure That Microsoft Defender for Servers Is Set to 'On'", - "title": "Ensure That Microsoft Defender for Servers Is Set to 'On'", - "types": [], - "uid": "prowler-azure-defender_ensure_defender_for_server_is_on-3bb71587-4549-4396-8898-9e15f062e665-global-Defender plan Servers" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/VirtualMachines", - "resource_name": "VirtualMachines", - "pricing_tier": "Free", - "free_trial_remaining_time": 2592000.0, - "extensions": {} - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "Defender plan Servers", - "type": "AzureDefenderPlan", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/VirtualMachines" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "Enabling Microsoft Defender for Cloud standard pricing tier allows for better security assessment with threat detection provided by the Microsoft Security Response Center (MSRC), advanced security policies, adaptive application control, network threat detection, and regulatory compliance management.", - "references": [] - }, - "risk_details": "Turning on Microsoft Defender for Servers enables threat detection for Servers, providing threat intelligence, anomaly detection, and behavior analytics in the Microsoft Defender for Cloud.", - "time": 1760903743, - "time_dt": "2025-10-19T19:55:43.343029", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Defender plan Defender for SQL Server VMs from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "metadata": { - "event_code": "defender_ensure_defender_for_sql_servers_is_on", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Defender plan Defender for SQL Server VMs from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.s.4.r1.az.nt.4" - ], - "MITRE-ATTACK": [ - "T1190", - "T1486", - "T1499" - ], - "CIS-2.0": [ - "2.1.5" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.19", - "A.5.21", - "A.5.22", - "A.5.25", - "A.5.28", - "A.5.29", - "A.8.7", - "A.8.9" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CIS-2.1": [ - "2.1.4" - ], - "CIS-3.0": [ - "3.1.7.4" - ], - "CIS-4.0": [ - "9.1.7.4" - ], - "NIS2": [ - "3.6.2", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903743, - "created_time_dt": "2025-10-19T19:55:43.343029", - "desc": "Ensure That Microsoft Defender for SQL Servers on Machines Is Set To 'On' ", - "title": "Ensure That Microsoft Defender for SQL Servers on Machines Is Set To 'On' ", - "types": [], - "uid": "prowler-azure-defender_ensure_defender_for_sql_servers_is_on-3bb71587-4549-4396-8898-9e15f062e665-global-Defender plan SQL Server VMs" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/SqlServerVirtualMachines", - "resource_name": "SqlServerVirtualMachines", - "pricing_tier": "Free", - "free_trial_remaining_time": 2592000.0, - "extensions": {} - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "Defender plan SQL Server VMs", - "type": "AzureDefenderPlan", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/SqlServerVirtualMachines" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "By default, Microsoft Defender for Cloud is disabled for the Microsoft SQL servers running on virtual machines. Defender for Cloud for SQL Server virtual machines continuously monitors your SQL database servers for threats such as SQL injection, brute-force attacks, and privilege abuse. The security service provides security alerts together with details of the suspicious activity and guidance on how to mitigate to the security threats.", - "references": [] - }, - "risk_details": "Turning on Microsoft Defender for SQL servers on machines enables threat detection for SQL servers on machines, providing threat intelligence, anomaly detection, and behavior analytics in the Microsoft Defender for Cloud.", - "time": 1760903743, - "time_dt": "2025-10-19T19:55:43.343029", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Defender plan Defender for Storage Accounts from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "metadata": { - "event_code": "defender_ensure_defender_for_storage_is_on", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Defender plan Defender for Storage Accounts from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.s.4.r1.az.nt.5" - ], - "MITRE-ATTACK": [ - "T1190", - "T1537", - "T1530", - "T1485", - "T1486", - "T1499" - ], - "CIS-2.0": [ - "2.1.7" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.19", - "A.5.21", - "A.5.22", - "A.5.25", - "A.5.28", - "A.5.29", - "A.8.7", - "A.8.9" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CIS-2.1": [ - "2.1.7" - ], - "CIS-3.0": [ - "3.1.5.1" - ], - "CIS-4.0": [ - "9.1.5.1" - ], - "NIS2": [ - "3.6.2", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903743, - "created_time_dt": "2025-10-19T19:55:43.343029", - "desc": "Ensure That Microsoft Defender for Storage Is Set To 'On' ", - "title": "Ensure That Microsoft Defender for Storage Is Set To 'On' ", - "types": [], - "uid": "prowler-azure-defender_ensure_defender_for_storage_is_on-3bb71587-4549-4396-8898-9e15f062e665-global-Defender plan Storage Accounts" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/StorageAccounts", - "resource_name": "StorageAccounts", - "pricing_tier": "Free", - "free_trial_remaining_time": 2592000.0, - "extensions": {} - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "Defender plan Storage Accounts", - "type": "AzureDefenderPlan", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/StorageAccounts" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "By default, Microsoft Defender for Cloud is disabled for your storage accounts. Enabling the Defender security service for Azure storage accounts allows for advanced security defense using threat detection capabilities provided by the Microsoft Security Response Center (MSRC). MSRC investigates all reports of security vulnerabilities affecting Microsoft products and services, including Azure cloud services.", - "references": [] - }, - "risk_details": "Ensure that Microsoft Defender for Cloud is enabled for your Microsoft Azure storage accounts. Defender for storage accounts is an Azure-native layer of security intelligence that detects unusual and potentially harmful attempts to access or exploit your Azure cloud storage accounts.", - "time": 1760903743, - "time_dt": "2025-10-19T19:55:43.343029", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No IoT Security Solutions found in the subscription Azure subscription 1.", - "metadata": { - "event_code": "defender_ensure_iot_hub_defender_is_on", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "No IoT Security Solutions found in the subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://azure.microsoft.com/en-us/services/iot-defender/#overview", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Enabling Microsoft Defender for IoT will incur additional charges dependent on the level of usage.", - "compliance": { - "ENS-RD2022": [ - "mp.s.4.r1.az.nt.3" - ], - "MITRE-ATTACK": [ - "T1190", - "T1486", - "T1499" - ], - "CIS-2.0": [ - "2.2.1" - ], - "ISO27001-2022": [ - "A.5.19", - "A.5.21", - "A.5.25", - "A.5.28", - "A.5.29", - "A.8.7", - "A.8.9" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CIS-2.1": [ - "2.2.1" - ], - "CIS-3.0": [ - "3.2.1" - ], - "CIS-4.0": [ - "9.2.1" - ], - "NIS2": [ - "3.6.2", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903743, - "created_time_dt": "2025-10-19T19:55:43.343029", - "desc": "Microsoft Defender for IoT acts as a central security hub for IoT devices within your organization.", - "title": "Ensure That Microsoft Defender for IoT Hub Is Set To 'On'", - "types": [], - "uid": "prowler-azure-defender_ensure_iot_hub_defender_is_on-3bb71587-4549-4396-8898-9e15f062e665-global-IoT Hub Defender" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "IoT Hub Defender", - "type": "DefenderIoT", - "uid": "IoT Hub Defender" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. Go to IoT Hub. 2. Select a IoT Hub to validate. 3. Select Overview in Defender for IoT. 4. Click on Secure your IoT solution, and complete the onboarding.", - "references": [ - "https://learn.microsoft.com/en-us/azure/defender-for-iot/device-builders/quickstart-onboard-iot-hub" - ] - }, - "risk_details": "IoT devices are very rarely patched and can be potential attack vectors for enterprise networks. Updating their network configuration to use a central security hub allows for detection of these breaches.", - "time": 1760903743, - "time_dt": "2025-10-19T19:55:43.343029", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Microsoft Defender for Cloud Apps is enabled for subscription Azure subscription 1.", - "metadata": { - "event_code": "defender_ensure_mcas_is_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Microsoft Defender for Cloud Apps is enabled for subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-in/azure/defender-for-cloud/defender-for-cloud-introduction#secure-cloud-applications", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Microsoft Defender for Cloud Apps works with Standard pricing tier Subscription. Choosing the Standard pricing tier of Microsoft Defender for Cloud incurs an additional cost per resource.", - "compliance": { - "ENS-RD2022": [ - "mp.s.4.r1.az.nt.3" - ], - "MITRE-ATTACK": [ - "T1190", - "T1486" - ], - "CIS-2.0": [ - "2.1.21" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.22" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CIS-2.1": [ - "2.1.20" - ], - "CIS-3.0": [ - "3.1.1.2" - ], - "PCI-4.0": [ - "11.5.1.1.2", - "11.5.1.2" - ], - "NIS2": [ - "3.6.2", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903743, - "created_time_dt": "2025-10-19T19:55:43.343029", - "desc": "This integration setting enables Microsoft Defender for Cloud Apps (formerly 'Microsoft Cloud App Security' or 'MCAS' - see additional info) to communicate with Microsoft Defender for Cloud.", - "title": "Ensure that Microsoft Defender for Cloud Apps integration with Microsoft Defender for Cloud is Selected", - "types": [], - "uid": "prowler-azure-defender_ensure_mcas_is_enabled-3bb71587-4549-4396-8898-9e15f062e665-global-MCAS" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/settings/MCAS", - "resource_type": "Microsoft.Security/settings", - "kind": "DataExportSettings", - "enabled": true - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "MCAS", - "type": "DefenderSettings", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/settings/MCAS" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. From Azure Home select the Portal Menu. 2. Select Microsoft Defender for Cloud. 3. Select Environment Settings blade. 4. Select the subscription. 5. Check App Service Defender Plan to On. 6. Select Save.", - "references": [ - "https://docs.microsoft.com/en-us/rest/api/securitycenter/settings/list" - ] - }, - "risk_details": "Microsoft Defender for Cloud offers an additional layer of protection by using Azure Resource Manager events, which is considered to be the control plane for Azure. By analyzing the Azure Resource Manager records, Microsoft Defender for Cloud detects unusual or potentially harmful operations in the Azure subscription environment. Several of the preceding analytics are powered by Microsoft Defender for Cloud Apps. To benefit from these analytics, subscription must have a Cloud App Security license. Microsoft Defender for Cloud Apps works only with Standard Tier subscriptions.", - "time": 1760903743, - "time_dt": "2025-10-19T19:55:43.343029", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Microsoft Defender for Endpoint integration is enabled for subscription Azure subscription 1.", - "metadata": { - "event_code": "defender_ensure_wdatp_is_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Microsoft Defender for Endpoint integration is enabled for subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-in/azure/defender-for-cloud/integration-defender-for-endpoint?tabs=windows", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Microsoft Defender for Endpoint works with Standard pricing tier Subscription. Choosing the Standard pricing tier of Microsoft Defender for Cloud incurs an additional cost per resource.", - "compliance": { - "ENS-RD2022": [ - "op.mon.3.r3.az.de.2" - ], - "MITRE-ATTACK": [ - "T1190" - ], - "CIS-2.0": [ - "2.1.22" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CIS-2.1": [ - "2.1.21" - ], - "NIS2": [ - "3.6.2", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903743, - "created_time_dt": "2025-10-19T19:55:43.343029", - "desc": "This integration setting enables Microsoft Defender for Endpoint (formerly 'Advanced Threat Protection' or 'ATP' or 'WDATP' - see additional info) to communicate with Microsoft Defender for Cloud.", - "title": "Ensure that Microsoft Defender for Endpoint integration with Microsoft Defender for Cloud is selected", - "types": [], - "uid": "prowler-azure-defender_ensure_wdatp_is_enabled-3bb71587-4549-4396-8898-9e15f062e665-global-WDATP" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/settings/WDATP", - "resource_type": "Microsoft.Security/settings", - "kind": "DataExportSettings", - "enabled": true - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "WDATP", - "type": "DefenderSettings", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/settings/WDATP" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "", - "references": [ - "https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/azure-server-integration?view=o365-worldwide" - ] - }, - "risk_details": "Microsoft Defender for Endpoint integration brings comprehensive Endpoint Detection and Response (EDR) capabilities within Microsoft Defender for Cloud. This integration helps to spot abnormalities, as well as detect and respond to advanced attacks on endpoints monitored by Microsoft Defender for Cloud. MDE works only with Standard Tier subscriptions.", - "time": 1760903743, - "time_dt": "2025-10-19T19:55:43.343029", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Role assignment 1b4a98ae-5221-4850-a761-4f9176407028 in subscription Azure subscription 1 does not grant User Access Administrator role.", - "metadata": { - "event_code": "iam_role_user_access_admin_restricted", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Role assignment 1b4a98ae-5221-4850-a761-4f9176407028 in subscription Azure subscription 1 does not grant User Access Administrator role.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/privileged#user-access-administrator", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.LB.CN04.AR01", - "CCC.LB.CN05.AR01", - "CCC.LB.CN09.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.MLDE.CN03.AR01", - "CCC.MLDE.CN03.AR02", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ], - "CIS-4.0": [ - "6.3.3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903743, - "created_time_dt": "2025-10-19T19:55:43.343029", - "desc": "Checks for active assignments of the highly privileged 'User Access Administrator' role in Azure subscriptions.", - "title": "Ensure 'User Access Administrator' role is restricted", - "types": [], - "uid": "prowler-azure-iam_role_user_access_admin_restricted-3bb71587-4549-4396-8898-9e15f062e665-global-1b4a98ae-5221-4850-a761-4f9176407028" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Authorization/roleAssignments/1b4a98ae-5221-4850-a761-4f9176407028", - "name": "1b4a98ae-5221-4850-a761-4f9176407028", - "scope": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665", - "agent_id": "88c2c157-980b-416e-b77e-ec04f7f1b984", - "agent_type": "User", - "role_id": "8e3af657-a8ff-443c-a75c-2fe8c4bcb635" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "1b4a98ae-5221-4850-a761-4f9176407028", - "type": "AzureIAMRoleassignment", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Authorization/roleAssignments/1b4a98ae-5221-4850-a761-4f9176407028" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "Remove 'User Access Administrator' role assignments immediately after use to minimize security risks.", - "references": [ - "https://learn.microsoft.com/en-us/azure/role-based-access-control/elevate-access-global-admin?tabs=azure-portal%2Centra-audit-logs" - ] - }, - "risk_details": "Persistent assignment of this role can lead to privilege escalation and unauthorized access, increasing the risk of security breaches.", - "time": 1760903743, - "time_dt": "2025-10-19T19:55:43.343029", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Role assignment 083c1758-89d9-4b12-8005-48e7e359dc4f in subscription Azure subscription 1 does not grant User Access Administrator role.", - "metadata": { - "event_code": "iam_role_user_access_admin_restricted", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Role assignment 083c1758-89d9-4b12-8005-48e7e359dc4f in subscription Azure subscription 1 does not grant User Access Administrator role.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/privileged#user-access-administrator", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.LB.CN04.AR01", - "CCC.LB.CN05.AR01", - "CCC.LB.CN09.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.MLDE.CN03.AR01", - "CCC.MLDE.CN03.AR02", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ], - "CIS-4.0": [ - "6.3.3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903743, - "created_time_dt": "2025-10-19T19:55:43.343029", - "desc": "Checks for active assignments of the highly privileged 'User Access Administrator' role in Azure subscriptions.", - "title": "Ensure 'User Access Administrator' role is restricted", - "types": [], - "uid": "prowler-azure-iam_role_user_access_admin_restricted-3bb71587-4549-4396-8898-9e15f062e665-global-083c1758-89d9-4b12-8005-48e7e359dc4f" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Authorization/roleAssignments/083c1758-89d9-4b12-8005-48e7e359dc4f", - "name": "083c1758-89d9-4b12-8005-48e7e359dc4f", - "scope": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665", - "agent_id": "88c2c157-980b-416e-b77e-ec04f7f1b984", - "agent_type": "User", - "role_id": "8e3af657-a8ff-443c-a75c-2fe8c4bcb635" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "083c1758-89d9-4b12-8005-48e7e359dc4f", - "type": "AzureIAMRoleassignment", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Authorization/roleAssignments/083c1758-89d9-4b12-8005-48e7e359dc4f" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "Remove 'User Access Administrator' role assignments immediately after use to minimize security risks.", - "references": [ - "https://learn.microsoft.com/en-us/azure/role-based-access-control/elevate-access-global-admin?tabs=azure-portal%2Centra-audit-logs" - ] - }, - "risk_details": "Persistent assignment of this role can lead to privilege escalation and unauthorized access, increasing the risk of security breaches.", - "time": 1760903743, - "time_dt": "2025-10-19T19:55:43.343029", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Role assignment 2c61de5e-5cbb-42b9-9f2a-9dd930efe3fb in subscription Azure subscription 1 does not grant User Access Administrator role.", - "metadata": { - "event_code": "iam_role_user_access_admin_restricted", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Role assignment 2c61de5e-5cbb-42b9-9f2a-9dd930efe3fb in subscription Azure subscription 1 does not grant User Access Administrator role.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/privileged#user-access-administrator", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.LB.CN04.AR01", - "CCC.LB.CN05.AR01", - "CCC.LB.CN09.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.MLDE.CN03.AR01", - "CCC.MLDE.CN03.AR02", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ], - "CIS-4.0": [ - "6.3.3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903743, - "created_time_dt": "2025-10-19T19:55:43.343029", - "desc": "Checks for active assignments of the highly privileged 'User Access Administrator' role in Azure subscriptions.", - "title": "Ensure 'User Access Administrator' role is restricted", - "types": [], - "uid": "prowler-azure-iam_role_user_access_admin_restricted-3bb71587-4549-4396-8898-9e15f062e665-global-2c61de5e-5cbb-42b9-9f2a-9dd930efe3fb" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Authorization/roleAssignments/2c61de5e-5cbb-42b9-9f2a-9dd930efe3fb", - "name": "2c61de5e-5cbb-42b9-9f2a-9dd930efe3fb", - "scope": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665", - "agent_id": "88c2c157-980b-416e-b77e-ec04f7f1b984", - "agent_type": "User", - "role_id": "b24988ac-6180-42a0-ab88-20f7382dd24c" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "2c61de5e-5cbb-42b9-9f2a-9dd930efe3fb", - "type": "AzureIAMRoleassignment", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Authorization/roleAssignments/2c61de5e-5cbb-42b9-9f2a-9dd930efe3fb" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "Remove 'User Access Administrator' role assignments immediately after use to minimize security risks.", - "references": [ - "https://learn.microsoft.com/en-us/azure/role-based-access-control/elevate-access-global-admin?tabs=azure-portal%2Centra-audit-logs" - ] - }, - "risk_details": "Persistent assignment of this role can lead to privilege escalation and unauthorized access, increasing the risk of security breaches.", - "time": 1760903743, - "time_dt": "2025-10-19T19:55:43.343029", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Role assignment 154eadeb-e375-4263-b4bd-4a2a2237ecd2 in subscription Azure subscription 1 does not grant User Access Administrator role.", - "metadata": { - "event_code": "iam_role_user_access_admin_restricted", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Role assignment 154eadeb-e375-4263-b4bd-4a2a2237ecd2 in subscription Azure subscription 1 does not grant User Access Administrator role.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/privileged#user-access-administrator", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.LB.CN04.AR01", - "CCC.LB.CN05.AR01", - "CCC.LB.CN09.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.MLDE.CN03.AR01", - "CCC.MLDE.CN03.AR02", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ], - "CIS-4.0": [ - "6.3.3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903743, - "created_time_dt": "2025-10-19T19:55:43.343029", - "desc": "Checks for active assignments of the highly privileged 'User Access Administrator' role in Azure subscriptions.", - "title": "Ensure 'User Access Administrator' role is restricted", - "types": [], - "uid": "prowler-azure-iam_role_user_access_admin_restricted-3bb71587-4549-4396-8898-9e15f062e665-global-154eadeb-e375-4263-b4bd-4a2a2237ecd2" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Authorization/roleAssignments/154eadeb-e375-4263-b4bd-4a2a2237ecd2", - "name": "154eadeb-e375-4263-b4bd-4a2a2237ecd2", - "scope": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665", - "agent_id": "80dfb9bd-1c99-4012-9de7-580a68334b45", - "agent_type": "ServicePrincipal", - "role_id": "8e3af657-a8ff-443c-a75c-2fe8c4bcb635" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "154eadeb-e375-4263-b4bd-4a2a2237ecd2", - "type": "AzureIAMRoleassignment", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Authorization/roleAssignments/154eadeb-e375-4263-b4bd-4a2a2237ecd2" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "Remove 'User Access Administrator' role assignments immediately after use to minimize security risks.", - "references": [ - "https://learn.microsoft.com/en-us/azure/role-based-access-control/elevate-access-global-admin?tabs=azure-portal%2Centra-audit-logs" - ] - }, - "risk_details": "Persistent assignment of this role can lead to privilege escalation and unauthorized access, increasing the risk of security breaches.", - "time": 1760903743, - "time_dt": "2025-10-19T19:55:43.343029", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There is not an alert for creating Policy Assignments in subscription Azure subscription 1.", - "metadata": { - "event_code": "monitor_alert_create_policy_assignment", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "There is not an alert for creating Policy Assignments in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://azure.microsoft.com/en-us/updates/classic-alerting-monitoring-retirement", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "By default, no monitoring alerts are created.", - "compliance": { - "ENS-RD2022": [ - "op.mon.2.r1.az.ma.1" - ], - "MITRE-ATTACK": [ - "T1496" - ], - "CIS-2.0": [ - "5.2.1" - ], - "ProwlerThreatScore-1.0": [ - "3.3.3" - ], - "ISO27001-2022": [ - "A.5.7", - "A.8.16" - ], - "SOC2": [ - "cc_2_1", - "cc_5_2", - "cc_7_3", - "cc_7_4", - "cc_8_1" - ], - "CIS-2.1": [ - "5.2.1" - ], - "CIS-3.0": [ - "6.2.1" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR02", - "CCC.KeyMgmt.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.LB.CN04.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN07.AR02" - ], - "CIS-4.0": [ - "7.1.2.1" - ], - "NIS2": [ - "2.2.3", - "3.2.1", - "3.2.2", - "3.2.3.b", - "3.2.3.f", - "3.2.4", - "3.4.1", - "3.5.4", - "4.3.2.c", - "6.4.1", - "7.2.b", - "11.3.1", - "11.5.2.d" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903743, - "created_time_dt": "2025-10-19T19:55:43.343029", - "desc": "Create an activity log alert for the Create Policy Assignment event.", - "title": "Ensure that Activity Log Alert exists for Create Policy Assignment", - "types": [], - "uid": "prowler-azure-monitor_alert_create_policy_assignment-3bb71587-4549-4396-8898-9e15f062e665-global-Monitor" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "monitor" - }, - "labels": [], - "name": "Monitor", - "type": "Monitor", - "uid": "Monitor" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. Navigate to the Monitor blade. 2. Select Alerts. 3. Select Create. 4. Select Alert rule. 5. Under Filter by subscription, choose a subscription. 6. Under Filter by resource type, select Policy assignment (policyAssignments). 7. Under Filter by location, select All. 8. From the results, select the subscription. 9. Select Done. 10. Select the Condition tab. 11. Under Signal name, click Create policy assignment (Microsoft.Authorization/policyAssignments). 12. Select the Actions tab. 13. To use an existing action group, click elect action groups. To create a new action group, click Create action group. Fill out the appropriate details for the selection. 14. Select the Details tab. 15. Select a Resource group, provide an Alert rule name and an optional Alert rule description. 16. Click Review + create. 17. Click Create.", - "references": [ - "https://docs.microsoft.com/en-in/azure/azure-monitor/platform/alerts-activity-log" - ] - }, - "risk_details": "Monitoring for create policy assignment events gives insight into changes done in 'Azure policy - assignments' and can reduce the time it takes to detect unsolicited changes.", - "time": 1760903743, - "time_dt": "2025-10-19T19:55:43.343029", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There is not an alert for creating/updating Network Security Groups in subscription Azure subscription 1.", - "metadata": { - "event_code": "monitor_alert_create_update_nsg", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "There is not an alert for creating/updating Network Security Groups in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-in/azure/azure-monitor/platform/alerts-activity-log", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "By default, no monitoring alerts are created.", - "compliance": { - "ENS-RD2022": [ - "op.mon.2.r1.az.ma.1" - ], - "CIS-2.0": [ - "5.2.3" - ], - "ProwlerThreatScore-1.0": [ - "3.3.5" - ], - "ISO27001-2022": [ - "A.5.7", - "A.8.16" - ], - "SOC2": [ - "cc_2_1", - "cc_5_2", - "cc_7_3", - "cc_7_4", - "cc_8_1" - ], - "CIS-2.1": [ - "5.2.3" - ], - "CIS-3.0": [ - "6.2.3" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR02", - "CCC.KeyMgmt.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.LB.CN04.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN07.AR02" - ], - "PCI-4.0": [ - "10.2.1.1.8", - "10.4.2.2", - "10.4.3.1", - "10.6.3.8", - "10.7.1.3", - "10.7.2.3", - "11.5.2.2", - "11.6.1.2", - "12.10.5.2", - "A3.3.1.3", - "A3.5.1.3" - ], - "CIS-4.0": [ - "7.1.2.3" - ], - "NIS2": [ - "2.2.3", - "3.2.1", - "3.2.2", - "3.2.3.a", - "3.2.3.f", - "3.2.4", - "3.4.1", - "3.5.4", - "4.3.2.c", - "6.4.1", - "7.2.b", - "11.3.1", - "11.5.2.d" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903743, - "created_time_dt": "2025-10-19T19:55:43.343029", - "desc": "Create an Activity Log Alert for the Create or Update Network Security Group event.", - "title": "Ensure that Activity Log Alert exists for Create or Update Network Security Group", - "types": [], - "uid": "prowler-azure-monitor_alert_create_update_nsg-3bb71587-4549-4396-8898-9e15f062e665-global-Monitor" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "monitor" - }, - "labels": [], - "name": "Monitor", - "type": "Monitor", - "uid": "Monitor" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. Navigate to the Monitor blade. 2. Select Alerts. 3. Select Create. 4. Select Alert rule. 5. Under Filter by subscription, choose a subscription. 6. Under Filter by resource type, select Network security groups. 7. Under Filter by location, select All. 8. From the results, select the subscription. 9. Select Done. 10. Select the Condition tab. 11. Under Signal name, click Create or Update Network Security Group (Microsoft.Network/networkSecurityGroups). 12. Select the Actions tab. 13. To use an existing action group, click Select action groups. To create a new action group, click Create action group. Fill out the appropriate details for the selection. 14. Select the Details tab. 15. Select a Resource group, provide an Alert rule name and an optional Alert rule description. 16. Click Review + create. 17. Click Create.", - "references": [ - "https://azure.microsoft.com/en-us/updates/classic-alerting-monitoring-retirement" - ] - }, - "risk_details": "Monitoring for Create or Update Network Security Group events gives insight into network access changes and may reduce the time it takes to detect suspicious activity.", - "time": 1760903743, - "time_dt": "2025-10-19T19:55:43.343029", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There is not an alert for creating/updating Public IP address rule in subscription Azure subscription 1.", - "metadata": { - "event_code": "monitor_alert_create_update_public_ip_address_rule", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "There is not an alert for creating/updating Public IP address rule in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-in/azure/azure-monitor/platform/alerts-activity-log", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "By default, no monitoring alerts are created.", - "compliance": { - "ENS-RD2022": [ - "op.mon.2.r1.az.ma.1" - ], - "MITRE-ATTACK": [ - "T1496" - ], - "CIS-2.0": [ - "5.2.9" - ], - "ProwlerThreatScore-1.0": [ - "3.3.11" - ], - "ISO27001-2022": [ - "A.5.7", - "A.8.1", - "A.8.16" - ], - "SOC2": [ - "cc_2_1", - "cc_5_2", - "cc_7_3", - "cc_7_4", - "cc_8_1" - ], - "CIS-2.1": [ - "5.2.9" - ], - "CIS-3.0": [ - "6.2.9" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR02", - "CCC.KeyMgmt.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.LB.CN04.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN07.AR02" - ], - "CIS-4.0": [ - "7.1.2.9" - ], - "NIS2": [ - "2.2.3", - "3.2.1", - "3.2.2", - "3.2.3.a", - "3.2.3.f", - "3.2.4", - "3.4.1", - "3.5.4", - "4.3.2.c", - "6.4.1", - "7.2.b", - "11.5.2.d" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903743, - "created_time_dt": "2025-10-19T19:55:43.343029", - "desc": "Create an activity log alert for the Create or Update Public IP Addresses rule.", - "title": "Ensure that Activity Log Alert exists for Create or Update Public IP Address rule", - "types": [], - "uid": "prowler-azure-monitor_alert_create_update_public_ip_address_rule-3bb71587-4549-4396-8898-9e15f062e665-global-Monitor" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "monitor" - }, - "labels": [], - "name": "Monitor", - "type": "Monitor", - "uid": "Monitor" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. Navigate to the Monitor blade. 2. Select Alerts. 3. Select Create. 4. Select Alert rule. 5. Under Filter by subscription, choose a subscription. 6. Under Filter by resource type, select Public IP addresses. 7. Under Filter by location, select All. 8. From the results, select the subscription. 9. Select Done. 10. Select the Condition tab. 11. Under Signal name, click Create or Update Public Ip Address (Microsoft.Network/publicIPAddresses). 12. Select the Actions tab. 13. To use an existing action group, click Select action groups. To create a new action group, click Create action group. Fill out the appropriate details for the selection. 14. Select the Details tab. 15. Select a Resource group, provide an Alert rule name and an optional Alert rule description. 16. Click Review + create. 17. Click Create.", - "references": [ - "https://azure.microsoft.com/en-us/updates/classic-alerting-monitoring-retirement" - ] - }, - "risk_details": "Monitoring for Create or Update Public IP Address events gives insight into network access changes and may reduce the time it takes to detect suspicious activity.", - "time": 1760903743, - "time_dt": "2025-10-19T19:55:43.343029", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There is not an alert for creating/updating Security Solution in subscription Azure subscription 1.", - "metadata": { - "event_code": "monitor_alert_create_update_security_solution", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "There is not an alert for creating/updating Security Solution in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-in/azure/azure-monitor/platform/alerts-activity-log", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "By default, no monitoring alerts are created.", - "compliance": { - "ENS-RD2022": [ - "op.mon.2.r1.az.ma.1", - "op.mon.3.r6.az.ma.1" - ], - "MITRE-ATTACK": [ - "T1496" - ], - "CIS-2.0": [ - "5.2.5" - ], - "ProwlerThreatScore-1.0": [ - "3.3.7" - ], - "ISO27001-2022": [ - "A.5.7", - "A.5.16", - "A.5.22", - "A.8.16" - ], - "SOC2": [ - "cc_2_1", - "cc_5_2", - "cc_7_3", - "cc_7_4", - "cc_8_1" - ], - "CIS-2.1": [ - "5.2.5" - ], - "CIS-3.0": [ - "6.2.5" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR02", - "CCC.KeyMgmt.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.LB.CN04.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN07.AR02" - ], - "CIS-4.0": [ - "7.1.2.5" - ], - "NIS2": [ - "2.2.3", - "3.2.1", - "3.2.2", - "3.2.3.f", - "3.2.4", - "3.4.1", - "3.5.4", - "4.3.2.c", - "6.4.1", - "7.2.b", - "11.5.2.d" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903743, - "created_time_dt": "2025-10-19T19:55:43.343029", - "desc": "Create an activity log alert for the Create or Update Security Solution event.", - "title": "Ensure that Activity Log Alert exists for Create or Update Security Solution", - "types": [], - "uid": "prowler-azure-monitor_alert_create_update_security_solution-3bb71587-4549-4396-8898-9e15f062e665-global-Monitor" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "monitor" - }, - "labels": [], - "name": "Monitor", - "type": "Monitor", - "uid": "Monitor" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. Navigate to the Monitor blade. 2. Select Alerts. 3. Select Create. 4. Select Alert rule. 5. Under Filter by subscription, choose a subscription. 6. Under Filter by resource type, select Security Solutions (securitySolutions). 7. Under Filter by location, select All. 8. From the results, select the subscription. 9. Select Done. 10. Select the Condition tab. 11. Under Signal name, click Create or Update Security Solutions (Microsoft.Security/securitySolutions). 12. Select the Actions tab. 13. To use an existing action group, click Select action groups. To create a new action group, click Create action group. Fill out the appropriate details for the selection. 14. Select the Details tab. 15. Select a Resource group, provide an Alert rule name and an optional Alert rule description. 16. Click Review + create. 17. Click Create.", - "references": [ - "https://azure.microsoft.com/en-us/updates/classic-alerting-monitoring-retirement" - ] - }, - "risk_details": "Monitoring for Create or Update Security Solution events gives insight into changes to the active security solutions and may reduce the time it takes to detect suspicious activity.", - "time": 1760903743, - "time_dt": "2025-10-19T19:55:43.343029", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There is not an alert for creating/updating SQL Server firewall rule in subscription Azure subscription 1.", - "metadata": { - "event_code": "monitor_alert_create_update_sqlserver_fr", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "There is not an alert for creating/updating SQL Server firewall rule in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-in/azure/azure-monitor/platform/alerts-activity-log", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "By default, no monitoring alerts are created.", - "compliance": { - "ENS-RD2022": [ - "op.mon.2.r1.az.ma.1" - ], - "MITRE-ATTACK": [ - "T1496" - ], - "CIS-2.0": [ - "5.2.7" - ], - "ProwlerThreatScore-1.0": [ - "3.3.9" - ], - "ISO27001-2022": [ - "A.5.7", - "A.8.16" - ], - "SOC2": [ - "cc_2_1", - "cc_5_2", - "cc_7_3", - "cc_7_4", - "cc_8_1" - ], - "CIS-2.1": [ - "5.2.7" - ], - "CIS-3.0": [ - "6.2.7" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR02", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN07.AR02" - ], - "PCI-4.0": [ - "10.2.1.1.9", - "10.2.1.1.10", - "10.2.1.1.22", - "10.2.1.2.8", - "10.2.1.2.19", - "10.2.1.3.8", - "10.2.1.3.19", - "10.2.1.4.8", - "10.2.1.4.19", - "10.2.1.5.8", - "10.2.1.5.19", - "10.2.1.6.8", - "10.2.1.6.19", - "10.2.1.7.8", - "10.2.1.7.19", - "10.2.1.8", - "10.2.1.19", - "10.2.2.8", - "10.2.2.19", - "10.3.1.8", - "10.3.1.19", - "10.4.1.1.2", - "10.4.1.2", - "10.4.2.3", - "10.6.3.9", - "10.6.3.10", - "10.6.3.24", - "10.7.1.4", - "10.7.2.4", - "5.3.4.9", - "5.3.4.22", - "A1.2.1.10", - "A1.2.1.23", - "A3.3.1.4", - "A3.5.1.4" - ], - "CIS-4.0": [ - "7.1.2.7" - ], - "NIS2": [ - "2.2.3", - "3.2.1", - "3.2.2", - "3.2.3.a", - "3.2.3.f", - "3.2.4", - "3.4.1", - "3.5.4", - "4.3.2.c", - "6.4.1", - "7.2.b", - "11.3.1", - "11.5.2.d" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903743, - "created_time_dt": "2025-10-19T19:55:43.343029", - "desc": "Create an activity log alert for the Create or Update SQL Server Firewall Rule event.", - "title": "Ensure that Activity Log Alert exists for Create or Update SQL Server Firewall Rule", - "types": [], - "uid": "prowler-azure-monitor_alert_create_update_sqlserver_fr-3bb71587-4549-4396-8898-9e15f062e665-global-Monitor" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "monitor" - }, - "labels": [], - "name": "Monitor", - "type": "Monitor", - "uid": "Monitor" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. Navigate to the Monitor blade. 2. Select Alerts. 3. Select Create. 4. Select Alert rule. 5. Under Filter by subscription, choose a subscription. 6. Under Filter by resource type, select Server Firewall Rule (servers/firewallRules). 7. Under Filter by location, select All. 8. From the results, select the subscription. 9. Select Done. 10. Select the Condition tab. 11. Under Signal name, click Create/Update server firewall rule (Microsoft.Sql/servers/firewallRules). 12. Select the Actions tab. 13. To use an existing action group, click Select action groups. To create a new action group, click Create action group. Fill out the appropriate details for the selection. 14. Select the Details tab. 15. Select a Resource group, provide an Alert rule name and an optional Alert rule description. 16. Click Review + create. 17. Click Create.", - "references": [ - "https://azure.microsoft.com/en-us/updates/classic-alerting-monitoring-retirement" - ] - }, - "risk_details": "Monitoring for Create or Update SQL Server Firewall Rule events gives insight into network access changes and may reduce the time it takes to detect suspicious activity.", - "time": 1760903743, - "time_dt": "2025-10-19T19:55:43.343029", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There is not an alert for deleting Network Security Groups in subscription Azure subscription 1.", - "metadata": { - "event_code": "monitor_alert_delete_nsg", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "There is not an alert for deleting Network Security Groups in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-in/azure/azure-monitor/platform/alerts-activity-log", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "By default, no monitoring alerts are created.", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.2" - ], - "MITRE-ATTACK": [ - "T1485", - "T1496" - ], - "CIS-2.0": [ - "5.2.4" - ], - "ProwlerThreatScore-1.0": [ - "3.3.6" - ], - "ISO27001-2022": [ - "A.5.7", - "A.8.16" - ], - "SOC2": [ - "cc_2_1", - "cc_5_2", - "cc_7_3", - "cc_7_4", - "cc_8_1" - ], - "CIS-2.1": [ - "5.2.4" - ], - "CIS-3.0": [ - "6.2.4" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR02", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN07.AR02" - ], - "CIS-4.0": [ - "7.1.2.4" - ], - "NIS2": [ - "2.2.3", - "3.2.1", - "3.2.2", - "3.2.3.a", - "3.2.3.f", - "3.2.4", - "3.4.1", - "3.5.4", - "4.3.2.c", - "6.4.1", - "7.2.b", - "11.3.1", - "11.5.2.d" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903743, - "created_time_dt": "2025-10-19T19:55:43.343029", - "desc": "Create an activity log alert for the Delete Network Security Group event.", - "title": "Ensure that Activity Log Alert exists for Delete Network Security Group", - "types": [], - "uid": "prowler-azure-monitor_alert_delete_nsg-3bb71587-4549-4396-8898-9e15f062e665-global-Monitor" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "monitor" - }, - "labels": [], - "name": "Monitor", - "type": "Monitor", - "uid": "Monitor" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. Navigate to the Monitor blade. 2. Select Alerts. 3. Select Create. 4. Select Alert rule. 5. Under Filter by subscription, choose a subscription. 6. Under Filter by resource type, select Network security groups. 7. Under Filter by location, select All. 8. From the results, select the subscription. 9. Select Done. 10. Select the Condition tab. 11. Under Signal name, click Delete Network Security Group (Microsoft.Network/networkSecurityGroups). 12. Select the Actions tab. 13. To use an existing action group, click Select action groups. To create a new action group, click Create action group. Fill out the appropriate details for the selection. 14. Select the Details tab. 15. Select a Resource group, provide an Alert rule name and an optional Alert rule description. 16. Click Review + create. 17. Click Create.", - "references": [ - "https://azure.microsoft.com/en-us/updates/classic-alerting-monitoring-retirement" - ] - }, - "risk_details": "Monitoring for 'Delete Network Security Group' events gives insight into network access changes and may reduce the time it takes to detect suspicious activity.", - "time": 1760903743, - "time_dt": "2025-10-19T19:55:43.343029", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There is not an alert for deleting policy assignment in subscription Azure subscription 1.", - "metadata": { - "event_code": "monitor_alert_delete_policy_assignment", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "There is not an alert for deleting policy assignment in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-in/rest/api/monitor/activitylogalerts/createorupdate", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "By default, no monitoring alerts are created.", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.2" - ], - "MITRE-ATTACK": [ - "T1485", - "T1496" - ], - "CIS-2.0": [ - "5.2.2" - ], - "ProwlerThreatScore-1.0": [ - "3.3.4" - ], - "ISO27001-2022": [ - "A.5.7", - "A.8.16" - ], - "SOC2": [ - "cc_2_1", - "cc_5_2", - "cc_7_3", - "cc_7_4", - "cc_8_1" - ], - "CIS-2.1": [ - "5.2.2" - ], - "CIS-3.0": [ - "6.2.2" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR02", - "CCC.Logging.CN07.AR01" - ], - "CIS-4.0": [ - "7.1.2.2" - ], - "NIS2": [ - "2.2.3", - "3.2.1", - "3.2.2", - "3.2.3.b", - "3.2.3.f", - "3.2.4", - "3.4.1", - "3.5.4", - "4.3.2.c", - "6.4.1", - "7.2.b", - "11.3.1", - "11.5.2.d" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903743, - "created_time_dt": "2025-10-19T19:55:43.343029", - "desc": "Create an activity log alert for the Delete Policy Assignment event.", - "title": "Ensure that Activity Log Alert exists for Delete Policy Assignment", - "types": [], - "uid": "prowler-azure-monitor_alert_delete_policy_assignment-3bb71587-4549-4396-8898-9e15f062e665-global-Monitor" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "monitor" - }, - "labels": [], - "name": "Monitor", - "type": "Monitor", - "uid": "Monitor" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. Navigate to the Monitor blade. 2. Select Alerts. 3. Select Create. 4. Select Alert rule. 5. Under Filter by subscription, choose a subscription. 6. Under Filter by resource type, select Policy assignment (policyAssignments). 7. Under Filter by location, select All. 8. From the results, select the subscription. 9. Select Done. 10. Select the Condition tab. 11. Under Signal name, click Delete policy assignment (Microsoft.Authorization/policyAssignments). 12. Select the Actions tab. 13. To use an existing action group, click Select action groups. To create a new action group, click Create action group. Fill out the appropriate details for the selection. 14. Select the Details tab. 15. Select a Resource group, provide an Alert rule name and an optional Alert rule description. 16. Click Review + create. 17. Click Create.", - "references": [ - "https://docs.microsoft.com/en-in/azure/azure-monitor/platform/alerts-activity-log" - ] - }, - "risk_details": "Monitoring for delete policy assignment events gives insight into changes done in 'azure policy - assignments' and can reduce the time it takes to detect unsolicited changes.", - "time": 1760903743, - "time_dt": "2025-10-19T19:55:43.343029", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There is not an alert for deleting public IP address rule in subscription Azure subscription 1.", - "metadata": { - "event_code": "monitor_alert_delete_public_ip_address_rule", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "There is not an alert for deleting public IP address rule in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-in/azure/azure-monitor/platform/alerts-activity-log", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "By default, no monitoring alerts are created.", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.2" - ], - "MITRE-ATTACK": [ - "T1485", - "T1496" - ], - "CIS-2.0": [ - "5.2.10" - ], - "ProwlerThreatScore-1.0": [ - "3.3.12" - ], - "ISO27001-2022": [ - "A.5.7", - "A.8.1", - "A.8.16" - ], - "SOC2": [ - "cc_2_1", - "cc_5_2", - "cc_7_3", - "cc_7_4", - "cc_8_1" - ], - "CIS-2.1": [ - "5.2.10" - ], - "CIS-3.0": [ - "6.2.10" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR02", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN07.AR02" - ], - "CIS-4.0": [ - "7.1.2.10" - ], - "NIS2": [ - "2.2.3", - "3.2.1", - "3.2.2", - "3.2.3.a", - "3.2.3.f", - "3.2.4", - "3.4.1", - "3.5.4", - "4.3.2.c", - "6.4.1", - "7.2.b", - "11.5.2.d" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903743, - "created_time_dt": "2025-10-19T19:55:43.343029", - "desc": "Create an activity log alert for the Delete Public IP Address rule.", - "title": "Ensure that Activity Log Alert exists for Delete Public IP Address rule", - "types": [], - "uid": "prowler-azure-monitor_alert_delete_public_ip_address_rule-3bb71587-4549-4396-8898-9e15f062e665-global-Monitor" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "monitor" - }, - "labels": [], - "name": "Monitor", - "type": "Monitor", - "uid": "Monitor" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. Navigate to the Monitor blade. 2. Select Alerts. 3. Select Create. 4. Select Alert rule. 5. Under Filter by subscription, choose a subscription. 6. Under Filter by resource type, select Public IP addresses. 7. Under Filter by location, select All. 8. From the results, select the subscription. 9. Select Done. 10. Select the Condition tab. 11. Under Signal name, click Delete Public Ip Address (Microsoft.Network/publicIPAddresses). 12. Select the Actions tab. 13. To use an existing action group, click Select action groups. To create a new action group, click Create action group. Fill out the appropriate details for the selection. 14. Select the Details tab. 15. Select a Resource group, provide an Alert rule name and an optional Alert rule description. 16. Click Review + create. 17. Click Create.", - "references": [ - "https://azure.microsoft.com/en-us/updates/classic-alerting-monitoring-retirement" - ] - }, - "risk_details": "Monitoring for Delete Public IP Address events gives insight into network access changes and may reduce the time it takes to detect suspicious activity.", - "time": 1760903743, - "time_dt": "2025-10-19T19:55:43.343029", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There is not an alert for deleting Security Solution in subscription Azure subscription 1.", - "metadata": { - "event_code": "monitor_alert_delete_security_solution", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "There is not an alert for deleting Security Solution in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-in/azure/azure-monitor/platform/alerts-activity-log", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "By default, no monitoring alerts are created.", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.2" - ], - "MITRE-ATTACK": [ - "T1485", - "T1496" - ], - "CIS-2.0": [ - "5.2.6" - ], - "ProwlerThreatScore-1.0": [ - "3.3.8" - ], - "ISO27001-2022": [ - "A.5.7", - "A.5.16", - "A.5.22", - "A.8.16" - ], - "SOC2": [ - "cc_2_1", - "cc_5_2", - "cc_7_3", - "cc_7_4", - "cc_8_1" - ], - "CIS-2.1": [ - "5.2.6" - ], - "CIS-3.0": [ - "6.2.6" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR02", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN07.AR02" - ], - "CIS-4.0": [ - "7.1.2.6" - ], - "NIS2": [ - "2.2.3", - "3.2.1", - "3.2.2", - "3.2.3.f", - "3.2.4", - "3.4.1", - "3.5.4", - "4.3.2.c", - "6.4.1", - "7.2.b", - "11.5.2.d" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903743, - "created_time_dt": "2025-10-19T19:55:43.343029", - "desc": "Create an activity log alert for the Delete Security Solution event.", - "title": "Ensure that Activity Log Alert exists for Delete Security Solution", - "types": [], - "uid": "prowler-azure-monitor_alert_delete_security_solution-3bb71587-4549-4396-8898-9e15f062e665-global-Monitor" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "monitor" - }, - "labels": [], - "name": "Monitor", - "type": "Monitor", - "uid": "Monitor" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. Navigate to the Monitor blade. 2. Select Alerts. 3. Select Create. 4. Select Alert rule. 5. Under Filter by subscription, choose a subscription. 6. Under Filter by resource type, select Security Solutions (securitySolutions). 7. Under Filter by location, select All. 8. From the results, select the subscription. 9. Select Done. 10. Select the Condition tab. 11. Under Signal name, click Delete Security Solutions (Microsoft.Security/securitySolutions). 12. Select the Actions tab. 13. To use an existing action group, click Select action groups. To create a new action group, click Create action group. Fill out the appropriate details for the selection. 14. Select the Details tab. 15. Select a Resource group, provide an Alert rule name and an optional Alert rule description. 16. Click Review + create. 17. Click Create.curitySolutions). 7. Under Filter by location, select All. 8. From the results, select the subscription. 9. Select Done. 10. Select the Condition tab. 11. Under Signal name, click Create or Update Security Solutions (Microsoft.Security/securitySolutions). 12. Select the Actions tab. 13. To use an existing action group, click Select action groups. To create a new action group, click Create action group. Fill out the appropriate details for the selection. 14. Select the Details tab. 15. Select a Resource group, provide an Alert rule name and an optional Alert rule description. 16. Click Review + create. 17. Click Create.", - "references": [ - "https://azure.microsoft.com/en-us/updates/classic-alerting-monitoring-retirement" - ] - }, - "risk_details": "Monitoring for Delete Security Solution events gives insight into changes to the active security solutions and may reduce the time it takes to detect suspicious activity.", - "time": 1760903743, - "time_dt": "2025-10-19T19:55:43.343029", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There is not an alert for deleting SQL Server firewall rule in subscription Azure subscription 1.", - "metadata": { - "event_code": "monitor_alert_delete_sqlserver_fr", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "There is not an alert for deleting SQL Server firewall rule in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-in/azure/azure-monitor/platform/alerts-activity-log", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "By default, no monitoring alerts are created.", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.2" - ], - "MITRE-ATTACK": [ - "T1485", - "T1496" - ], - "CIS-2.0": [ - "5.2.8" - ], - "ProwlerThreatScore-1.0": [ - "3.3.10" - ], - "ISO27001-2022": [ - "A.5.7", - "A.8.16" - ], - "SOC2": [ - "cc_2_1", - "cc_5_2", - "cc_7_3", - "cc_7_4", - "cc_8_1" - ], - "CIS-2.1": [ - "5.2.8" - ], - "CIS-3.0": [ - "6.2.8" - ], - "CCC": [ - "CCC.Logging.CN07.AR01" - ], - "CIS-4.0": [ - "7.1.2.8" - ], - "NIS2": [ - "2.2.3", - "3.2.1", - "3.2.2", - "3.2.3.f", - "3.2.4", - "3.4.1", - "3.5.4", - "4.3.2.c", - "6.4.1", - "7.2.b", - "11.3.1", - "11.5.2.d" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903743, - "created_time_dt": "2025-10-19T19:55:43.343029", - "desc": "Create an activity log alert for the 'Delete SQL Server Firewall Rule.'", - "title": "Ensure that Activity Log Alert exists for Delete SQL Server Firewall Rule", - "types": [], - "uid": "prowler-azure-monitor_alert_delete_sqlserver_fr-3bb71587-4549-4396-8898-9e15f062e665-global-Monitor" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "monitor" - }, - "labels": [], - "name": "Monitor", - "type": "Monitor", - "uid": "Monitor" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. Navigate to the Monitor blade. 2. Select Alerts. 3. Select Create. 4. Select Alert rule. 5. Under Filter by subscription, choose a subscription. 6. Under Filter by resource type, select Server Firewall Rule (servers/firewallRules). 7. Under Filter by location, select All. 8. From the results, select the subscription. 9. Select Done. 10. Select the Condition tab. 11. Under Signal name, click Delete server firewall rule (Microsoft.Sql/servers/firewallRules). 12. Select the Actions tab. 13. To use an existing action group, click Select action groups. To create a new action group, click Create action group. Fill out the appropriate details for the selection. 14. Select the Details tab. 15. Select a Resource group, provide an Alert rule name and an optional Alert rule description. 16. Click Review + create. 17. Click Create.", - "references": [ - "https://azure.microsoft.com/en-us/updates/classic-alerting-monitoring-retirement" - ] - }, - "risk_details": "Monitoring for Delete SQL Server Firewall Rule events gives insight into SQL network access changes and may reduce the time it takes to detect suspicious activity.", - "time": 1760903743, - "time_dt": "2025-10-19T19:55:43.343029", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There is no activity log alert for Service Health in subscription Azure subscription 1.", - "metadata": { - "event_code": "monitor_alert_service_health_exists", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "There is no activity log alert for Service Health in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/service-health/overview", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "By default, in your Azure subscription there will not be any activity log alerts configured for Service Health events.", - "compliance": { - "CCC": [ - "CCC.AuditLog.CN03.AR02", - "CCC.KeyMgmt.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN07.AR02" - ], - "CIS-4.0": [ - "7.1.2.11" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903743, - "created_time_dt": "2025-10-19T19:55:43.343029", - "desc": "Ensure that an Azure activity log alert is configured to trigger when Service Health events occur within your Microsoft Azure cloud account. The alert should activate when new events match the specified conditions in the alert rule configuration.", - "title": "Ensure that an Activity Log Alert exists for Service Health", - "types": [], - "uid": "prowler-azure-monitor_alert_service_health_exists-3bb71587-4549-4396-8898-9e15f062e665-global-Monitor" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "monitor" - }, - "labels": [], - "name": "Monitor", - "type": "Monitor", - "uid": "Monitor" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "Create an activity log alert for Service Health events and configure an action group to notify appropriate personnel.", - "references": [ - "https://learn.microsoft.com/en-us/azure/service-health/alerts-activity-log-service-notifications-portal" - ] - }, - "risk_details": "Lack of monitoring for Service Health events may result in missing critical service issues, planned maintenance, security advisories, or other changes that could impact Azure services and regions in use.", - "time": 1760903743, - "time_dt": "2025-10-19T19:55:43.343029", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There are no diagnostic settings capturing appropiate categories in subscription Azure subscription 1.", - "metadata": { - "event_code": "monitor_diagnostic_setting_with_appropriate_categories", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "There are no diagnostic settings capturing appropiate categories in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/azure-monitor/essentials/diagnostic-settings", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "When the diagnostic setting is created using Azure Portal, by default no categories are selected.", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.az.md.1", - "op.mon.2.az.md.1" - ], - "CIS-2.0": [ - "5.1.2" - ], - "ProwlerThreatScore-1.0": [ - "3.3.2" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.22" - ], - "SOC2": [ - "cc_8_1" - ], - "CIS-2.1": [ - "5.1.2" - ], - "CIS-3.0": [ - "6.1.2" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR02", - "CCC.AuditLog.CN04.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.LB.CN01.AR02", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.ObjStor.CN06.AR01", - "CCC.Core.CN09.AR02", - "CCC.Core.CN09.AR03", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR02", - "CCC.Core.CN04.AR03", - "CCC.Core.CN07.AR02" - ], - "PCI-4.0": [ - "10.2.1.1.7", - "10.2.1.1.15", - "10.2.1.2.7", - "10.2.1.3.7", - "10.2.1.4.7", - "10.2.1.5.7", - "10.2.1.6.7", - "10.2.1.7.7", - "10.2.1.7", - "10.2.2.7", - "10.3.1.7", - "10.3.2.2", - "10.3.3.4", - "10.3.4.3", - "10.4.1.1.3", - "10.4.1.1.4", - "10.4.1.3", - "10.4.2.4", - "10.5.1.3", - "10.6.3.7", - "10.6.3.15", - "10.7.1.5", - "10.7.2.5", - "11.5.2.4", - "11.6.1.4", - "12.10.5.4", - "5.3.4.7", - "5.3.4.8", - "A1.2.1.7", - "A1.2.1.8", - "A3.3.1.6", - "A3.3.1.7", - "A3.5.1.6", - "A3.5.1.7" - ], - "CIS-4.0": [ - "7.1.1.2" - ], - "NIS2": [ - "2.2.3", - "3.2.1", - "3.2.2", - "3.2.3.c", - "3.2.3.f", - "3.4.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903743, - "created_time_dt": "2025-10-19T19:55:43.343029", - "desc": "Prerequisite: A Diagnostic Setting must exist. If a Diagnostic Setting does not exist, the navigation and options within this recommendation will not be available. Please review the recommendation at the beginning of this subsection titled: 'Ensure that a 'Diagnostic Setting' exists.' The diagnostic setting should be configured to log the appropriate activities from the control/management plane.", - "title": "Ensure Diagnostic Setting captures appropriate categories", - "types": [], - "uid": "prowler-azure-monitor_diagnostic_setting_with_appropriate_categories-3bb71587-4549-4396-8898-9e15f062e665-global-Monitor" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "monitor" - }, - "labels": [], - "name": "Monitor", - "type": "Monitor", - "uid": "Monitor" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. Go to Azure Monitor 2. Click Activity log 3. Click on Export Activity Logs 4. Select the Subscription from the drop down menu 5. Click on Add diagnostic setting 6. Enter a name for your new Diagnostic Setting 7. Check the following categories: Administrative, Alert, Policy, and Security 8. Choose the destination details according to your organization's needs.", - "references": [ - "https://learn.microsoft.com/en-us/azure/storage/common/manage-storage-analytics-logs?toc=%2Fazure%2Fstorage%2Fblobs%2Ftoc.json&bc=%2Fazure%2Fstorage%2Fblobs%2Fbreadcrumb%2Ftoc.json&tabs=azure-portal" - ] - }, - "risk_details": "A diagnostic setting controls how the diagnostic log is exported. Capturing the diagnostic setting categories for appropriate control/management plane activities allows proper alerting.", - "time": 1760903743, - "time_dt": "2025-10-19T19:55:43.343029", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No diagnostic settings found in subscription Azure subscription 1.", - "metadata": { - "event_code": "monitor_diagnostic_settings_exists", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "No diagnostic settings found in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/cli/azure/monitor/diagnostic-settings?view=azure-cli-latest", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "By default, diagnostic setting is not set.", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.r5.az.ds.1", - "op.mon.2.r2.az.ma.1" - ], - "CIS-2.0": [ - "5.1.1" - ], - "ProwlerThreatScore-1.0": [ - "3.2.3" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.22" - ], - "SOC2": [ - "cc_8_1" - ], - "CIS-2.1": [ - "5.1.1" - ], - "CIS-3.0": [ - "6.1.1" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN03.AR02", - "CCC.AuditLog.CN04.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.AuditLog.CN06.AR01", - "CCC.AuditLog.CN08.AR01", - "CCC.AuditLog.CN09.AR01", - "CCC.KeyMgmt.CN01.AR01", - "CCC.LB.CN01.AR02", - "CCC.LB.CN06.AR01", - "CCC.LB.CN04.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.AuditLog.CN04.AR01", - "CCC.Logging.CN05.AR01", - "CCC.Logging.CN05.AR02", - "CCC.Logging.CN07.AR01", - "CCC.ObjStor.CN06.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN09.AR01", - "CCC.Core.CN09.AR02", - "CCC.Core.CN09.AR03", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR02", - "CCC.Core.CN04.AR03", - "CCC.Core.CN07.AR02" - ], - "CIS-4.0": [ - "7.1.1.1" - ], - "NIS2": [ - "2.2.3", - "3.2.1", - "3.2.2", - "3.2.3.b", - "3.2.3.c", - "3.2.3.f", - "3.2.3.h", - "3.4.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903743, - "created_time_dt": "2025-10-19T19:55:43.343029", - "desc": "Enable Diagnostic settings for exporting activity logs. Diagnostic settings are available for each individual resource within a subscription. Settings should be configured for all appropriate resources for your environment.", - "title": "Ensure that a 'Diagnostic Setting' exists for Subscription Activity Logs ", - "types": [], - "uid": "prowler-azure-monitor_diagnostic_settings_exists-3bb71587-4549-4396-8898-9e15f062e665-global-Diagnostic Settings" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "monitor" - }, - "labels": [], - "name": "Diagnostic Settings", - "type": "Monitor", - "uid": "diagnostic_settings" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "To enable Diagnostic Settings on a Subscription: 1. Go to Monitor 2. Click on Activity Log 3. Click on Export Activity Logs 4. Click + Add diagnostic setting 5. Enter a Diagnostic setting name 6. Select Categories for the diagnostic settings 7. Select the appropriate Destination details (this may be Log Analytics, Storage Account, Event Hub, or Partner solution) 8. Click Save To enable Diagnostic Settings on a specific resource: 1. Go to Monitor 2. Click Diagnostic settings 3. Click on the resource that has a diagnostics status of disabled 4. Select Add Diagnostic Setting 5. Enter a Diagnostic setting name 6. Select the appropriate log, metric, and destination. (this may be Log Analytics, Storage Account, Event Hub, or Partner solution) 7. Click save Repeat these step for all resources as needed.", - "references": [ - "https://docs.microsoft.com/en-us/azure/monitoring-and-diagnostics/monitoring-overview-activity-logs#export-the-activity-log-with-a-log-profile" - ] - }, - "risk_details": "A diagnostic setting controls how a diagnostic log is exported. By default, logs are retained only for 90 days. Diagnostic settings should be defined so that logs can be exported and stored for a longer duration in order to analyze security activities within an Azure subscription.", - "time": 1760903743, - "time_dt": "2025-10-19T19:55:43.343029", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Bastion Host from subscription Azure subscription 1 does not exist", - "metadata": { - "event_code": "network_bastion_host_exists", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Bastion Host from subscription Azure subscription 1 does not exist", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/bastion/bastion-overview#sku", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "The Azure Bastion service incurs additional costs and requires a specific virtual network configuration. The Standard tier offers additional configuration options compared to the Basic tier and may incur additional costs for those added features.", - "compliance": { - "ENS-RD2022": [ - "mp.com.4.r4.az.nt.1" - ], - "CIS-2.0": [ - "7.1" - ], - "ProwlerThreatScore-1.0": [ - "2.1.5" - ], - "ISO27001-2022": [ - "A.8.14", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "CIS-2.1": [ - "7.1" - ], - "CIS-3.0": [ - "8.1" - ], - "CIS-4.0": [ - "9.4.1" - ], - "NIS2": [ - "2.3.1", - "6.7.2.b", - "6.7.2.l", - "11.1.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903743, - "created_time_dt": "2025-10-19T19:55:43.343029", - "desc": "The Azure Bastion service allows secure remote access to Azure Virtual Machines over the Internet without exposing remote access protocol ports and services directly to the Internet. The Azure Bastion service provides this access using TLS over 443/TCP, and subscribes to hardened configurations within an organization's Azure Active Directory service.", - "title": "Ensure an Azure Bastion Host Exists", - "types": [], - "uid": "prowler-azure-network_bastion_host_exists-3bb71587-4549-4396-8898-9e15f062e665-global-Bastion Host" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "network" - }, - "labels": [], - "name": "Bastion Host", - "type": "Network", - "uid": "Bastion Host" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "From Azure Portal* 1. Click on Bastions 2. Select the Subscription 3. Select the Resource group 4. Type a Name for the new Bastion host 5. Select a Region 6. Choose Standard next to Tier 7. Use the slider to set the Instance count 8. Select the Virtual network or Create new 9. Select the Subnet named AzureBastionSubnet. Create a Subnet named AzureBastionSubnet using a /26 CIDR range if it doesn't already exist. 10. Selct the appropriate Public IP address option. 11. If Create new is selected for the Public IP address option, provide a Public IP address name. 12. If Use existing is selected for Public IP address option, select an IP address from Choose public IP address 13. Click Next: Tags > 14. Configure the appropriate Tags 15. Click Next: Advanced > 16. Select the appropriate Advanced options 17. Click Next: Review + create > 18. Click Create From Azure CLI az network bastion create --location --name --public-ip-address --resource-group --vnet-name --scale-units --sku Standard [--disable-copy- paste true|false] [--enable-ip-connect true|false] [--enable-tunneling true|false] From PowerShell Create the appropriate Virtual network settings and Public IP Address settings. $subnetName = 'AzureBastionSubnet' $subnet = New-AzVirtualNetworkSubnetConfig -Name $subnetName -AddressPrefix $virtualNet = New-AzVirtualNetwork -Name - ResourceGroupName -Location -AddressPrefix -Subnet $subnet $publicip = New-AzPublicIpAddress -ResourceGroupName - Name -Location -AllocationMethod Dynamic -Sku Standard", - "references": [ - "https://learn.microsoft.com/en-us/powershell/module/az.network/get-azbastion?view=azps-9.2.0" - ] - }, - "risk_details": "The Azure Bastion service allows organizations a more secure means of accessing Azure Virtual Machines over the Internet without assigning public IP addresses to those Virtual Machines. The Azure Bastion service provides Remote Desktop Protocol (RDP) and Secure Shell (SSH) access to Virtual Machines using TLS within a web browser, thus preventing organizations from opening up 3389/TCP and 22/TCP to the Internet on Azure Virtual Machines. Additional benefits of the Bastion service includes Multi-Factor Authentication, Conditional Access Policies, and any other hardening measures configured within Azure Active Directory using a central point of access.", - "time": 1760903743, - "time_dt": "2025-10-19T19:55:43.343029", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Network Watcher NetworkWatcher_southcentralus from subscription Azure subscription 1 has no flow logs", - "metadata": { - "event_code": "network_flow_log_captured_sent", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Network Watcher NetworkWatcher_southcentralus from subscription Azure subscription 1 has no flow logs", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/security/benchmark/azure/mcsb-logging-threat-detection#lt-4-enable-network-logging-for-security-investigation", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "The impact of configuring NSG Flow logs is primarily one of cost and configuration. If deployed, it will create storage accounts that hold minimal amounts of data on a 5-day lifecycle before feeding to Log Analytics Workspace. This will increase the amount of data stored and used by Azure Monitor.", - "compliance": { - "ENS-RD2022": [ - "op.mon.1.r1.az.nf.1", - "op.mon.3.az.nw.1", - "mp.s.4.r1.az.nt.1" - ], - "MITRE-ATTACK": [ - "T1048", - "T1499" - ], - "CIS-2.0": [ - "5.1.6" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "ISO27001-2022": [ - "A.8.14", - "A.8.15", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "5.1.5" - ], - "CIS-3.0": [ - "6.1.5" - ], - "CCC": [ - "CCC.LB.CN01.AR02", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR01", - "CCC.Core.CN09.AR03", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR02", - "CCC.Core.CN04.AR03" - ], - "CIS-4.0": [ - "7.1.1.5" - ], - "NIS2": [ - "2.1.2.h", - "2.3.1", - "3.2.3.a", - "3.2.3.d", - "3.2.3.g", - "6.7.2.b", - "6.7.2.l", - "11.1.1", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903743, - "created_time_dt": "2025-10-19T19:55:43.343029", - "desc": "Ensure that network flow logs are captured and fed into a central log analytics workspace.", - "title": "Ensure that network flow logs are captured and fed into a central log analytics workspace.", - "types": [], - "uid": "prowler-azure-network_flow_log_captured_sent-3bb71587-4549-4396-8898-9e15f062e665-southcentralus-NetworkWatcher_southcentralus" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "southcentralus", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_southcentralus", - "name": "NetworkWatcher_southcentralus", - "location": "southcentralus", - "flow_logs": [] - } - }, - "group": { - "name": "network" - }, - "labels": [], - "name": "NetworkWatcher_southcentralus", - "type": "Network", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_southcentralus" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "southcentralus" - }, - "remediation": { - "desc": "1. Navigate to Network Watcher. 2. Select NSG flow logs. 3. Select + Create. 4. Select the desired Subscription. 5. Select + Select NSG. 6. Select a network security group. 7. Click Confirm selection. 8. Select or create a new Storage Account. 9. Input the retention in days to retain the log. 10. Click Next. 11. Under Configuration, select Version 2. 12. If rich analytics are required, select Enable Traffic Analytics, a processing interval, and a Log Analytics Workspace. 13. Select Next. 14. Optionally add Tags. 15. Select Review + create. 16. Select Create. Warning The remediation policy creates remediation deployment and names them by concatenating the subscription name and the resource group name. The MAXIMUM permitted length of a deployment name is 64 characters. Exceeding this will cause the remediation task to fail.", - "references": [ - "https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-nsg-flow-logging-portal" - ] - }, - "risk_details": "Network Flow Logs provide valuable insight into the flow of traffic around your network and feed into both Azure Monitor and Azure Sentinel (if in use), permitting the generation of visual flow diagrams to aid with analyzing for lateral movement, etc.", - "time": 1760903743, - "time_dt": "2025-10-19T19:55:43.343029", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Network Watcher NetworkWatcher_centralindia from subscription Azure subscription 1 has no flow logs", - "metadata": { - "event_code": "network_flow_log_captured_sent", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Network Watcher NetworkWatcher_centralindia from subscription Azure subscription 1 has no flow logs", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/security/benchmark/azure/mcsb-logging-threat-detection#lt-4-enable-network-logging-for-security-investigation", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "The impact of configuring NSG Flow logs is primarily one of cost and configuration. If deployed, it will create storage accounts that hold minimal amounts of data on a 5-day lifecycle before feeding to Log Analytics Workspace. This will increase the amount of data stored and used by Azure Monitor.", - "compliance": { - "ENS-RD2022": [ - "op.mon.1.r1.az.nf.1", - "op.mon.3.az.nw.1", - "mp.s.4.r1.az.nt.1" - ], - "MITRE-ATTACK": [ - "T1048", - "T1499" - ], - "CIS-2.0": [ - "5.1.6" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "ISO27001-2022": [ - "A.8.14", - "A.8.15", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "5.1.5" - ], - "CIS-3.0": [ - "6.1.5" - ], - "CCC": [ - "CCC.LB.CN01.AR02", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR01", - "CCC.Core.CN09.AR03", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR02", - "CCC.Core.CN04.AR03" - ], - "CIS-4.0": [ - "7.1.1.5" - ], - "NIS2": [ - "2.1.2.h", - "2.3.1", - "3.2.3.a", - "3.2.3.d", - "3.2.3.g", - "6.7.2.b", - "6.7.2.l", - "11.1.1", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903743, - "created_time_dt": "2025-10-19T19:55:43.343029", - "desc": "Ensure that network flow logs are captured and fed into a central log analytics workspace.", - "title": "Ensure that network flow logs are captured and fed into a central log analytics workspace.", - "types": [], - "uid": "prowler-azure-network_flow_log_captured_sent-3bb71587-4549-4396-8898-9e15f062e665-centralindia-NetworkWatcher_centralindia" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "centralindia", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_centralindia", - "name": "NetworkWatcher_centralindia", - "location": "centralindia", - "flow_logs": [] - } - }, - "group": { - "name": "network" - }, - "labels": [], - "name": "NetworkWatcher_centralindia", - "type": "Network", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_centralindia" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "centralindia" - }, - "remediation": { - "desc": "1. Navigate to Network Watcher. 2. Select NSG flow logs. 3. Select + Create. 4. Select the desired Subscription. 5. Select + Select NSG. 6. Select a network security group. 7. Click Confirm selection. 8. Select or create a new Storage Account. 9. Input the retention in days to retain the log. 10. Click Next. 11. Under Configuration, select Version 2. 12. If rich analytics are required, select Enable Traffic Analytics, a processing interval, and a Log Analytics Workspace. 13. Select Next. 14. Optionally add Tags. 15. Select Review + create. 16. Select Create. Warning The remediation policy creates remediation deployment and names them by concatenating the subscription name and the resource group name. The MAXIMUM permitted length of a deployment name is 64 characters. Exceeding this will cause the remediation task to fail.", - "references": [ - "https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-nsg-flow-logging-portal" - ] - }, - "risk_details": "Network Flow Logs provide valuable insight into the flow of traffic around your network and feed into both Azure Monitor and Azure Sentinel (if in use), permitting the generation of visual flow diagrams to aid with analyzing for lateral movement, etc.", - "time": 1760903743, - "time_dt": "2025-10-19T19:55:43.343029", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Network Watcher NetworkWatcher_westus2 from subscription Azure subscription 1 has no flow logs", - "metadata": { - "event_code": "network_flow_log_captured_sent", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Network Watcher NetworkWatcher_westus2 from subscription Azure subscription 1 has no flow logs", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/security/benchmark/azure/mcsb-logging-threat-detection#lt-4-enable-network-logging-for-security-investigation", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "The impact of configuring NSG Flow logs is primarily one of cost and configuration. If deployed, it will create storage accounts that hold minimal amounts of data on a 5-day lifecycle before feeding to Log Analytics Workspace. This will increase the amount of data stored and used by Azure Monitor.", - "compliance": { - "ENS-RD2022": [ - "op.mon.1.r1.az.nf.1", - "op.mon.3.az.nw.1", - "mp.s.4.r1.az.nt.1" - ], - "MITRE-ATTACK": [ - "T1048", - "T1499" - ], - "CIS-2.0": [ - "5.1.6" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "ISO27001-2022": [ - "A.8.14", - "A.8.15", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "5.1.5" - ], - "CIS-3.0": [ - "6.1.5" - ], - "CCC": [ - "CCC.LB.CN01.AR02", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR01", - "CCC.Core.CN09.AR03", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR02", - "CCC.Core.CN04.AR03" - ], - "CIS-4.0": [ - "7.1.1.5" - ], - "NIS2": [ - "2.1.2.h", - "2.3.1", - "3.2.3.a", - "3.2.3.d", - "3.2.3.g", - "6.7.2.b", - "6.7.2.l", - "11.1.1", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903743, - "created_time_dt": "2025-10-19T19:55:43.343029", - "desc": "Ensure that network flow logs are captured and fed into a central log analytics workspace.", - "title": "Ensure that network flow logs are captured and fed into a central log analytics workspace.", - "types": [], - "uid": "prowler-azure-network_flow_log_captured_sent-3bb71587-4549-4396-8898-9e15f062e665-westus2-NetworkWatcher_westus2" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "westus2", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_westus2", - "name": "NetworkWatcher_westus2", - "location": "westus2", - "flow_logs": [] - } - }, - "group": { - "name": "network" - }, - "labels": [], - "name": "NetworkWatcher_westus2", - "type": "Network", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_westus2" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "westus2" - }, - "remediation": { - "desc": "1. Navigate to Network Watcher. 2. Select NSG flow logs. 3. Select + Create. 4. Select the desired Subscription. 5. Select + Select NSG. 6. Select a network security group. 7. Click Confirm selection. 8. Select or create a new Storage Account. 9. Input the retention in days to retain the log. 10. Click Next. 11. Under Configuration, select Version 2. 12. If rich analytics are required, select Enable Traffic Analytics, a processing interval, and a Log Analytics Workspace. 13. Select Next. 14. Optionally add Tags. 15. Select Review + create. 16. Select Create. Warning The remediation policy creates remediation deployment and names them by concatenating the subscription name and the resource group name. The MAXIMUM permitted length of a deployment name is 64 characters. Exceeding this will cause the remediation task to fail.", - "references": [ - "https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-nsg-flow-logging-portal" - ] - }, - "risk_details": "Network Flow Logs provide valuable insight into the flow of traffic around your network and feed into both Azure Monitor and Azure Sentinel (if in use), permitting the generation of visual flow diagrams to aid with analyzing for lateral movement, etc.", - "time": 1760903743, - "time_dt": "2025-10-19T19:55:43.343029", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Network Watcher NetworkWatcher_swedencentral from subscription Azure subscription 1 has no flow logs", - "metadata": { - "event_code": "network_flow_log_captured_sent", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Network Watcher NetworkWatcher_swedencentral from subscription Azure subscription 1 has no flow logs", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/security/benchmark/azure/mcsb-logging-threat-detection#lt-4-enable-network-logging-for-security-investigation", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "The impact of configuring NSG Flow logs is primarily one of cost and configuration. If deployed, it will create storage accounts that hold minimal amounts of data on a 5-day lifecycle before feeding to Log Analytics Workspace. This will increase the amount of data stored and used by Azure Monitor.", - "compliance": { - "ENS-RD2022": [ - "op.mon.1.r1.az.nf.1", - "op.mon.3.az.nw.1", - "mp.s.4.r1.az.nt.1" - ], - "MITRE-ATTACK": [ - "T1048", - "T1499" - ], - "CIS-2.0": [ - "5.1.6" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "ISO27001-2022": [ - "A.8.14", - "A.8.15", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "5.1.5" - ], - "CIS-3.0": [ - "6.1.5" - ], - "CCC": [ - "CCC.LB.CN01.AR02", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR01", - "CCC.Core.CN09.AR03", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR02", - "CCC.Core.CN04.AR03" - ], - "CIS-4.0": [ - "7.1.1.5" - ], - "NIS2": [ - "2.1.2.h", - "2.3.1", - "3.2.3.a", - "3.2.3.d", - "3.2.3.g", - "6.7.2.b", - "6.7.2.l", - "11.1.1", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903743, - "created_time_dt": "2025-10-19T19:55:43.343029", - "desc": "Ensure that network flow logs are captured and fed into a central log analytics workspace.", - "title": "Ensure that network flow logs are captured and fed into a central log analytics workspace.", - "types": [], - "uid": "prowler-azure-network_flow_log_captured_sent-3bb71587-4549-4396-8898-9e15f062e665-swedencentral-NetworkWatcher_swedencentral" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "swedencentral", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_swedencentral", - "name": "NetworkWatcher_swedencentral", - "location": "swedencentral", - "flow_logs": [] - } - }, - "group": { - "name": "network" - }, - "labels": [], - "name": "NetworkWatcher_swedencentral", - "type": "Network", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_swedencentral" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "swedencentral" - }, - "remediation": { - "desc": "1. Navigate to Network Watcher. 2. Select NSG flow logs. 3. Select + Create. 4. Select the desired Subscription. 5. Select + Select NSG. 6. Select a network security group. 7. Click Confirm selection. 8. Select or create a new Storage Account. 9. Input the retention in days to retain the log. 10. Click Next. 11. Under Configuration, select Version 2. 12. If rich analytics are required, select Enable Traffic Analytics, a processing interval, and a Log Analytics Workspace. 13. Select Next. 14. Optionally add Tags. 15. Select Review + create. 16. Select Create. Warning The remediation policy creates remediation deployment and names them by concatenating the subscription name and the resource group name. The MAXIMUM permitted length of a deployment name is 64 characters. Exceeding this will cause the remediation task to fail.", - "references": [ - "https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-nsg-flow-logging-portal" - ] - }, - "risk_details": "Network Flow Logs provide valuable insight into the flow of traffic around your network and feed into both Azure Monitor and Azure Sentinel (if in use), permitting the generation of visual flow diagrams to aid with analyzing for lateral movement, etc.", - "time": 1760903743, - "time_dt": "2025-10-19T19:55:43.343029", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Network Watcher NetworkWatcher_southcentralus from subscription Azure subscription 1 has no flow logs", - "metadata": { - "event_code": "network_flow_log_more_than_90_days", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Network Watcher NetworkWatcher_southcentralus from subscription Azure subscription 1 has no flow logs", - "status_id": 1, - "unmapped": { - "related_url": " https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-nsg-flow-logging-overview", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "This will keep IP traffic logs for longer than 90 days. As a level 2, first determine your need to retain data, then apply your selection here. As this is data stored for longer, your monthly storage costs will increase depending on your data use.", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.r3.az.nt.1", - "op.mon.3.az.nw.1" - ], - "MITRE-ATTACK": [ - "T1499" - ], - "CIS-2.0": [ - "6.5" - ], - "ProwlerThreatScore-1.0": [ - "3.2.1" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1", - "cc_c_1_2" - ], - "CIS-2.1": [ - "6.5" - ], - "CIS-3.0": [ - "7.5" - ], - "CCC": [ - "CCC.Logging.CN02.AR01", - "CCC.Logging.CN02.AR02", - "CCC.VPC.CN04.AR01" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.29", - "10.2.1.3.29", - "10.2.1.4.29", - "10.2.1.5.29", - "10.2.1.6.29", - "10.2.1.7.29", - "10.2.1.29", - "10.2.2.29", - "10.3.1.29", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.34" - ], - "CIS-4.0": [ - "8.8", - "8.5" - ], - "NIS2": [ - "1.1.1.c", - "2.1.2.h", - "2.3.1", - "3.2.3.a", - "3.2.3.g", - "3.2.5", - "4.1.2.g", - "4.1.4", - "4.2.2.f", - "6.1.2.b", - "6.7.2.b", - "6.7.2.l", - "11.1.1", - "11.2.2.f", - "12.2.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903743, - "created_time_dt": "2025-10-19T19:55:43.343029", - "desc": "Network Security Group Flow Logs should be enabled and the retention period set to greater than or equal to 90 days.", - "title": "Ensure that Network Security Group Flow Log retention period is 0, 90 days or greater", - "types": [], - "uid": "prowler-azure-network_flow_log_more_than_90_days-3bb71587-4549-4396-8898-9e15f062e665-southcentralus-NetworkWatcher_southcentralus" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "southcentralus", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_southcentralus", - "name": "NetworkWatcher_southcentralus", - "location": "southcentralus", - "flow_logs": [] - } - }, - "group": { - "name": "network" - }, - "labels": [], - "name": "NetworkWatcher_southcentralus", - "type": "Network", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_southcentralus" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "southcentralus" - }, - "remediation": { - "desc": "From Azure Portal 1. Go to Network Watcher 2. Select NSG flow logs blade in the Logs section 3. Select each Network Security Group from the list 4. Ensure Status is set to On 5. Ensure Retention (days) setting greater than 90 days 6. Select your storage account in the Storage account field 7. Select Save From Azure CLI Enable the NSG flow logs and set the Retention (days) to greater than or equal to 90 days. az network watcher flow-log configure --nsg --enabled true --resource-group --retention 91 --storage-account ", - "references": [ - "https://docs.microsoft.com/en-us/cli/azure/network/watcher/flow-log?view=azure-cli-latest" - ] - }, - "risk_details": "Flow logs enable capturing information about IP traffic flowing in and out of network security groups. Logs can be used to check for anomalies and give insight into suspected breaches.", - "time": 1760903743, - "time_dt": "2025-10-19T19:55:43.343029", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Network Watcher NetworkWatcher_centralindia from subscription Azure subscription 1 has no flow logs", - "metadata": { - "event_code": "network_flow_log_more_than_90_days", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Network Watcher NetworkWatcher_centralindia from subscription Azure subscription 1 has no flow logs", - "status_id": 1, - "unmapped": { - "related_url": " https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-nsg-flow-logging-overview", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "This will keep IP traffic logs for longer than 90 days. As a level 2, first determine your need to retain data, then apply your selection here. As this is data stored for longer, your monthly storage costs will increase depending on your data use.", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.r3.az.nt.1", - "op.mon.3.az.nw.1" - ], - "MITRE-ATTACK": [ - "T1499" - ], - "CIS-2.0": [ - "6.5" - ], - "ProwlerThreatScore-1.0": [ - "3.2.1" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1", - "cc_c_1_2" - ], - "CIS-2.1": [ - "6.5" - ], - "CIS-3.0": [ - "7.5" - ], - "CCC": [ - "CCC.Logging.CN02.AR01", - "CCC.Logging.CN02.AR02", - "CCC.VPC.CN04.AR01" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.29", - "10.2.1.3.29", - "10.2.1.4.29", - "10.2.1.5.29", - "10.2.1.6.29", - "10.2.1.7.29", - "10.2.1.29", - "10.2.2.29", - "10.3.1.29", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.34" - ], - "CIS-4.0": [ - "8.8", - "8.5" - ], - "NIS2": [ - "1.1.1.c", - "2.1.2.h", - "2.3.1", - "3.2.3.a", - "3.2.3.g", - "3.2.5", - "4.1.2.g", - "4.1.4", - "4.2.2.f", - "6.1.2.b", - "6.7.2.b", - "6.7.2.l", - "11.1.1", - "11.2.2.f", - "12.2.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903743, - "created_time_dt": "2025-10-19T19:55:43.343029", - "desc": "Network Security Group Flow Logs should be enabled and the retention period set to greater than or equal to 90 days.", - "title": "Ensure that Network Security Group Flow Log retention period is 0, 90 days or greater", - "types": [], - "uid": "prowler-azure-network_flow_log_more_than_90_days-3bb71587-4549-4396-8898-9e15f062e665-centralindia-NetworkWatcher_centralindia" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "centralindia", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_centralindia", - "name": "NetworkWatcher_centralindia", - "location": "centralindia", - "flow_logs": [] - } - }, - "group": { - "name": "network" - }, - "labels": [], - "name": "NetworkWatcher_centralindia", - "type": "Network", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_centralindia" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "centralindia" - }, - "remediation": { - "desc": "From Azure Portal 1. Go to Network Watcher 2. Select NSG flow logs blade in the Logs section 3. Select each Network Security Group from the list 4. Ensure Status is set to On 5. Ensure Retention (days) setting greater than 90 days 6. Select your storage account in the Storage account field 7. Select Save From Azure CLI Enable the NSG flow logs and set the Retention (days) to greater than or equal to 90 days. az network watcher flow-log configure --nsg --enabled true --resource-group --retention 91 --storage-account ", - "references": [ - "https://docs.microsoft.com/en-us/cli/azure/network/watcher/flow-log?view=azure-cli-latest" - ] - }, - "risk_details": "Flow logs enable capturing information about IP traffic flowing in and out of network security groups. Logs can be used to check for anomalies and give insight into suspected breaches.", - "time": 1760903743, - "time_dt": "2025-10-19T19:55:43.343029", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Network Watcher NetworkWatcher_westus2 from subscription Azure subscription 1 has no flow logs", - "metadata": { - "event_code": "network_flow_log_more_than_90_days", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Network Watcher NetworkWatcher_westus2 from subscription Azure subscription 1 has no flow logs", - "status_id": 1, - "unmapped": { - "related_url": " https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-nsg-flow-logging-overview", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "This will keep IP traffic logs for longer than 90 days. As a level 2, first determine your need to retain data, then apply your selection here. As this is data stored for longer, your monthly storage costs will increase depending on your data use.", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.r3.az.nt.1", - "op.mon.3.az.nw.1" - ], - "MITRE-ATTACK": [ - "T1499" - ], - "CIS-2.0": [ - "6.5" - ], - "ProwlerThreatScore-1.0": [ - "3.2.1" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1", - "cc_c_1_2" - ], - "CIS-2.1": [ - "6.5" - ], - "CIS-3.0": [ - "7.5" - ], - "CCC": [ - "CCC.Logging.CN02.AR01", - "CCC.Logging.CN02.AR02", - "CCC.VPC.CN04.AR01" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.29", - "10.2.1.3.29", - "10.2.1.4.29", - "10.2.1.5.29", - "10.2.1.6.29", - "10.2.1.7.29", - "10.2.1.29", - "10.2.2.29", - "10.3.1.29", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.34" - ], - "CIS-4.0": [ - "8.8", - "8.5" - ], - "NIS2": [ - "1.1.1.c", - "2.1.2.h", - "2.3.1", - "3.2.3.a", - "3.2.3.g", - "3.2.5", - "4.1.2.g", - "4.1.4", - "4.2.2.f", - "6.1.2.b", - "6.7.2.b", - "6.7.2.l", - "11.1.1", - "11.2.2.f", - "12.2.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903743, - "created_time_dt": "2025-10-19T19:55:43.343029", - "desc": "Network Security Group Flow Logs should be enabled and the retention period set to greater than or equal to 90 days.", - "title": "Ensure that Network Security Group Flow Log retention period is 0, 90 days or greater", - "types": [], - "uid": "prowler-azure-network_flow_log_more_than_90_days-3bb71587-4549-4396-8898-9e15f062e665-westus2-NetworkWatcher_westus2" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "westus2", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_westus2", - "name": "NetworkWatcher_westus2", - "location": "westus2", - "flow_logs": [] - } - }, - "group": { - "name": "network" - }, - "labels": [], - "name": "NetworkWatcher_westus2", - "type": "Network", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_westus2" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "westus2" - }, - "remediation": { - "desc": "From Azure Portal 1. Go to Network Watcher 2. Select NSG flow logs blade in the Logs section 3. Select each Network Security Group from the list 4. Ensure Status is set to On 5. Ensure Retention (days) setting greater than 90 days 6. Select your storage account in the Storage account field 7. Select Save From Azure CLI Enable the NSG flow logs and set the Retention (days) to greater than or equal to 90 days. az network watcher flow-log configure --nsg --enabled true --resource-group --retention 91 --storage-account ", - "references": [ - "https://docs.microsoft.com/en-us/cli/azure/network/watcher/flow-log?view=azure-cli-latest" - ] - }, - "risk_details": "Flow logs enable capturing information about IP traffic flowing in and out of network security groups. Logs can be used to check for anomalies and give insight into suspected breaches.", - "time": 1760903743, - "time_dt": "2025-10-19T19:55:43.343029", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Network Watcher NetworkWatcher_swedencentral from subscription Azure subscription 1 has no flow logs", - "metadata": { - "event_code": "network_flow_log_more_than_90_days", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Network Watcher NetworkWatcher_swedencentral from subscription Azure subscription 1 has no flow logs", - "status_id": 1, - "unmapped": { - "related_url": " https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-nsg-flow-logging-overview", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "This will keep IP traffic logs for longer than 90 days. As a level 2, first determine your need to retain data, then apply your selection here. As this is data stored for longer, your monthly storage costs will increase depending on your data use.", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.r3.az.nt.1", - "op.mon.3.az.nw.1" - ], - "MITRE-ATTACK": [ - "T1499" - ], - "CIS-2.0": [ - "6.5" - ], - "ProwlerThreatScore-1.0": [ - "3.2.1" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1", - "cc_c_1_2" - ], - "CIS-2.1": [ - "6.5" - ], - "CIS-3.0": [ - "7.5" - ], - "CCC": [ - "CCC.Logging.CN02.AR01", - "CCC.Logging.CN02.AR02", - "CCC.VPC.CN04.AR01" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.29", - "10.2.1.3.29", - "10.2.1.4.29", - "10.2.1.5.29", - "10.2.1.6.29", - "10.2.1.7.29", - "10.2.1.29", - "10.2.2.29", - "10.3.1.29", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.34" - ], - "CIS-4.0": [ - "8.8", - "8.5" - ], - "NIS2": [ - "1.1.1.c", - "2.1.2.h", - "2.3.1", - "3.2.3.a", - "3.2.3.g", - "3.2.5", - "4.1.2.g", - "4.1.4", - "4.2.2.f", - "6.1.2.b", - "6.7.2.b", - "6.7.2.l", - "11.1.1", - "11.2.2.f", - "12.2.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903743, - "created_time_dt": "2025-10-19T19:55:43.343029", - "desc": "Network Security Group Flow Logs should be enabled and the retention period set to greater than or equal to 90 days.", - "title": "Ensure that Network Security Group Flow Log retention period is 0, 90 days or greater", - "types": [], - "uid": "prowler-azure-network_flow_log_more_than_90_days-3bb71587-4549-4396-8898-9e15f062e665-swedencentral-NetworkWatcher_swedencentral" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "swedencentral", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_swedencentral", - "name": "NetworkWatcher_swedencentral", - "location": "swedencentral", - "flow_logs": [] - } - }, - "group": { - "name": "network" - }, - "labels": [], - "name": "NetworkWatcher_swedencentral", - "type": "Network", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_swedencentral" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "swedencentral" - }, - "remediation": { - "desc": "From Azure Portal 1. Go to Network Watcher 2. Select NSG flow logs blade in the Logs section 3. Select each Network Security Group from the list 4. Ensure Status is set to On 5. Ensure Retention (days) setting greater than 90 days 6. Select your storage account in the Storage account field 7. Select Save From Azure CLI Enable the NSG flow logs and set the Retention (days) to greater than or equal to 90 days. az network watcher flow-log configure --nsg --enabled true --resource-group --retention 91 --storage-account ", - "references": [ - "https://docs.microsoft.com/en-us/cli/azure/network/watcher/flow-log?view=azure-cli-latest" - ] - }, - "risk_details": "Flow logs enable capturing information about IP traffic flowing in and out of network security groups. Logs can be used to check for anomalies and give insight into suspected breaches.", - "time": 1760903743, - "time_dt": "2025-10-19T19:55:43.343029", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Security Group nsg-lee8 from subscription Azure subscription 1 has HTTP internet access restricted.", - "metadata": { - "event_code": "network_http_internet_access_restricted", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Security Group nsg-lee8 from subscription Azure subscription 1 has HTTP internet access restricted.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/security/benchmark/azure/security-controls-v3-network-security#ns-1-establish-network-segmentation-boundaries", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.com.3.r2.az.tls.1", - "mp.com.4.r3.az.1", - "mp.com.4.r4.az.nt.1", - "mp.s.4.az.nt.1" - ], - "MITRE-ATTACK": [ - "T1199", - "T1048", - "T1499", - "T1498", - "T1046" - ], - "CIS-2.0": [ - "6.4" - ], - "ProwlerThreatScore-1.0": [ - "2.1.4" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "SOC2": [ - "cc_6_6" - ], - "CIS-2.1": [ - "6.4" - ], - "CIS-3.0": [ - "7.4" - ], - "CCC": [ - "CCC.Build.CN03.AR01", - "CCC.MLDE.CN07.AR01", - "CCC.MLDE.CN07.AR02", - "CCC.MLDE.CN08.AR01", - "CCC.MLDE.CN08.AR02", - "CCC.Core.CN06.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05" - ], - "PCI-4.0": [ - "1.2.5.5", - "1.2.8.25", - "1.3.1.28", - "1.3.2.28", - "1.4.1.6", - "1.4.2.26", - "1.4.4.6", - "1.5.1.25", - "2.2.5.5", - "2.2.7.3", - "4.2.1.1.7", - "4.2.1.3", - "8.3.2.6", - "A1.1.3.25" - ], - "CIS-4.0": [ - "8.4" - ], - "NIS2": [ - "1.1.1.c", - "1.2.1", - "2.3.1", - "6.7.2.b", - "6.7.2.l", - "11.1.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903743, - "created_time_dt": "2025-10-19T19:55:43.343029", - "desc": "Network security groups should be periodically evaluated for port misconfigurations. Where certain ports and protocols may be exposed to the Internet, they should be evaluated for necessity and restricted wherever they are not explicitly required and narrowly configured.", - "title": "Ensure that HTTP(S) access from the Internet is evaluated and restricted", - "types": [], - "uid": "prowler-azure-network_http_internet_access_restricted-3bb71587-4549-4396-8898-9e15f062e665-westus2-nsg-lee8" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "westus2", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-lee8/providers/Microsoft.Network/networkSecurityGroups/nsg-lee8", - "name": "nsg-lee8", - "location": "westus2", - "security_rules": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-lee8/providers/Microsoft.Network/networkSecurityGroups/nsg-lee8/securityRules/nsgr-lee8", - "name": "nsgr-lee8", - "destination_port_range": "*", - "protocol": "*", - "source_address_prefix": "192.168.0.0/24", - "access": "Deny", - "direction": "Outbound" - } - ] - } - }, - "group": { - "name": "network" - }, - "labels": [], - "name": "nsg-lee8", - "type": "Network", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-lee8/providers/Microsoft.Network/networkSecurityGroups/nsg-lee8" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "westus2" - }, - "remediation": { - "desc": "Where HTTP(S) is not explicitly required and narrowly configured for resources attached to the Network Security Group, Internet-level access to your Azure resources should be restricted or eliminated. For internal access to relevant resources, configure an encrypted network tunnel such as: ExpressRoute Site-to-site VPN Point-to-site VPN", - "references": [] - }, - "risk_details": "The potential security problem with using HTTP(S) over the Internet is that attackers can use various brute force techniques to gain access to Azure resources. Once the attackers gain access, they can use the resource as a launch point for compromising other resources within the Azure tenant.", - "time": 1760903743, - "time_dt": "2025-10-19T19:55:43.343029", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Security Group nsg-lee8 from subscription Azure subscription 1 has RDP internet access restricted.", - "metadata": { - "event_code": "network_rdp_internet_access_restricted", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Security Group nsg-lee8 from subscription Azure subscription 1 has RDP internet access restricted.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/azure/security/azure-security-network-security-best-practices#disable-rdpssh-access-to-azure-virtual-machines", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.com.1.az.nw.1" - ], - "MITRE-ATTACK": [ - "T1199", - "T1048", - "T1499", - "T1498", - "T1046" - ], - "CIS-2.0": [ - "6.1" - ], - "ProwlerThreatScore-1.0": [ - "2.1.1" - ], - "ISO27001-2022": [ - "A.8.14", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "SOC2": [ - "cc_6_6" - ], - "CIS-2.1": [ - "6.1" - ], - "CIS-3.0": [ - "7.1" - ], - "CCC": [ - "CCC.Build.CN03.AR01", - "CCC.MLDE.CN07.AR01", - "CCC.MLDE.CN07.AR02", - "CCC.MLDE.CN08.AR01", - "CCC.MLDE.CN08.AR02", - "CCC.Core.CN06.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05" - ], - "CIS-4.0": [ - "8.1" - ], - "NIS2": [ - "2.3.1", - "6.7.2.b", - "6.7.2.l", - "11.1.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903743, - "created_time_dt": "2025-10-19T19:55:43.343029", - "desc": "Network security groups should be periodically evaluated for port misconfigurations. Where certain ports and protocols may be exposed to the Internet, they should be evaluated for necessity and restricted wherever they are not explicitly required.", - "title": "Ensure that RDP access from the Internet is evaluated and restricted", - "types": [], - "uid": "prowler-azure-network_rdp_internet_access_restricted-3bb71587-4549-4396-8898-9e15f062e665-westus2-nsg-lee8" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "westus2", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-lee8/providers/Microsoft.Network/networkSecurityGroups/nsg-lee8", - "name": "nsg-lee8", - "location": "westus2", - "security_rules": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-lee8/providers/Microsoft.Network/networkSecurityGroups/nsg-lee8/securityRules/nsgr-lee8", - "name": "nsgr-lee8", - "destination_port_range": "*", - "protocol": "*", - "source_address_prefix": "192.168.0.0/24", - "access": "Deny", - "direction": "Outbound" - } - ] - } - }, - "group": { - "name": "network" - }, - "labels": [], - "name": "nsg-lee8", - "type": "Network", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-lee8/providers/Microsoft.Network/networkSecurityGroups/nsg-lee8" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "westus2" - }, - "remediation": { - "desc": "Where RDP is not explicitly required and narrowly configured for resources attached to the Network Security Group, Internet-level access to your Azure resources should be restricted or eliminated. For internal access to relevant resources, configure an encrypted network tunnel such as: ExpressRoute Site-to-site VPN Point-to-site VPN", - "references": [ - "https://docs.microsoft.com/en-us/security/benchmark/azure/security-controls-v3-network-security#ns-1-establish-network-segmentation-boundaries" - ] - }, - "risk_details": "The potential security problem with using RDP over the Internet is that attackers can use various brute force techniques to gain access to Azure Virtual Machines. Once the attackers gain access, they can use a virtual machine as a launch point for compromising other machines on an Azure Virtual Network or even attack networked devices outside of Azure.", - "time": 1760903743, - "time_dt": "2025-10-19T19:55:43.343029", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Security Group nsg-lee8 from subscription Azure subscription 1 has SSH internet access restricted.", - "metadata": { - "event_code": "network_ssh_internet_access_restricted", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Security Group nsg-lee8 from subscription Azure subscription 1 has SSH internet access restricted.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/azure/security/azure-security-network-security-best-practices#disable-rdpssh-access-to-azure-virtual-machines", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.com.1.az.nw.2" - ], - "MITRE-ATTACK": [ - "T1199", - "T1048", - "T1499", - "T1498", - "T1046" - ], - "CIS-2.0": [ - "6.2" - ], - "ProwlerThreatScore-1.0": [ - "2.1.2" - ], - "ISO27001-2022": [ - "A.8.14", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "SOC2": [ - "cc_6_6" - ], - "CIS-2.1": [ - "6.2" - ], - "CIS-3.0": [ - "7.2" - ], - "CCC": [ - "CCC.Build.CN03.AR01", - "CCC.MLDE.CN07.AR01", - "CCC.MLDE.CN07.AR02", - "CCC.MLDE.CN08.AR01", - "CCC.MLDE.CN08.AR02", - "CCC.Core.CN01.AR02", - "CCC.Core.CN06.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05" - ], - "PCI-4.0": [ - "1.2.5.17", - "1.2.8.17", - "1.2.8.18", - "1.2.8.21", - "1.2.8.41", - "1.3.1.19", - "1.3.1.21", - "1.3.1.24", - "1.3.1.45", - "1.3.2.19", - "1.3.2.21", - "1.3.2.24", - "1.3.2.45", - "1.4.1.5", - "1.4.2.18", - "1.4.2.19", - "1.4.2.22", - "1.4.2.43", - "1.4.4.5", - "1.5.1.17", - "1.5.1.18", - "1.5.1.21", - "1.5.1.40", - "2.2.5.17", - "A1.1.3.17", - "A1.1.3.18", - "A1.1.3.21", - "A1.1.3.40" - ], - "CIS-4.0": [ - "8.2" - ], - "NIS2": [ - "2.3.1", - "6.7.2.b", - "6.7.2.l", - "11.1.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903743, - "created_time_dt": "2025-10-19T19:55:43.343029", - "desc": "Network security groups should be periodically evaluated for port misconfigurations. Where certain ports and protocols may be exposed to the Internet, they should be evaluated for necessity and restricted wherever they are not explicitly required.", - "title": "Ensure that SSH access from the Internet is evaluated and restricted", - "types": [], - "uid": "prowler-azure-network_ssh_internet_access_restricted-3bb71587-4549-4396-8898-9e15f062e665-westus2-nsg-lee8" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "westus2", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-lee8/providers/Microsoft.Network/networkSecurityGroups/nsg-lee8", - "name": "nsg-lee8", - "location": "westus2", - "security_rules": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-lee8/providers/Microsoft.Network/networkSecurityGroups/nsg-lee8/securityRules/nsgr-lee8", - "name": "nsgr-lee8", - "destination_port_range": "*", - "protocol": "*", - "source_address_prefix": "192.168.0.0/24", - "access": "Deny", - "direction": "Outbound" - } - ] - } - }, - "group": { - "name": "network" - }, - "labels": [], - "name": "nsg-lee8", - "type": "Network", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-lee8/providers/Microsoft.Network/networkSecurityGroups/nsg-lee8" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "westus2" - }, - "remediation": { - "desc": "Where SSH is not explicitly required and narrowly configured for resources attached to the Network Security Group, Internet-level access to your Azure resources should be restricted or eliminated. For internal access to relevant resources, configure an encrypted network tunnel such as: ExpressRoute Site-to-site VPN Point-to-site VPN", - "references": [ - "https://docs.microsoft.com/en-us/security/benchmark/azure/security-controls-v3-network-security#ns-1-establish-network-segmentation-boundaries" - ] - }, - "risk_details": "The potential security problem with using SSH over the Internet is that attackers can use various brute force techniques to gain access to Azure Virtual Machines. Once the attackers gain access, they can use a virtual machine as a launch point for compromising other machines on the Azure Virtual Network or even attack networked devices outside of Azure.", - "time": 1760903743, - "time_dt": "2025-10-19T19:55:43.343029", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Security Group nsg-lee8 from subscription Azure subscription 1 has UDP internet access restricted.", - "metadata": { - "event_code": "network_udp_internet_access_restricted", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Security Group nsg-lee8 from subscription Azure subscription 1 has UDP internet access restricted.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/azure/security/fundamentals/network-best-practices#secure-your-critical-azure-service-resources-to-only-your-virtual-networks", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.com.1.az.nw.3" - ], - "MITRE-ATTACK": [ - "T1199", - "T1048", - "T1499", - "T1498", - "T1046" - ], - "CIS-2.0": [ - "6.3" - ], - "ProwlerThreatScore-1.0": [ - "2.1.3" - ], - "ISO27001-2022": [ - "A.8.14", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "SOC2": [ - "cc_6_6" - ], - "CIS-2.1": [ - "6.3" - ], - "CIS-3.0": [ - "7.3" - ], - "CCC": [ - "CCC.Build.CN03.AR01", - "CCC.MLDE.CN07.AR01", - "CCC.MLDE.CN07.AR02", - "CCC.MLDE.CN08.AR01", - "CCC.MLDE.CN08.AR02", - "CCC.Core.CN06.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05" - ], - "CIS-4.0": [ - "8.3" - ], - "NIS2": [ - "2.3.1", - "6.7.2.b", - "6.7.2.l", - "11.1.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903743, - "created_time_dt": "2025-10-19T19:55:43.343029", - "desc": "Network security groups should be periodically evaluated for port misconfigurations. Where certain ports and protocols may be exposed to the Internet, they should be evaluated for necessity and restricted wherever they are not explicitly required.", - "title": "Ensure that UDP access from the Internet is evaluated and restricted", - "types": [], - "uid": "prowler-azure-network_udp_internet_access_restricted-3bb71587-4549-4396-8898-9e15f062e665-westus2-nsg-lee8" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "westus2", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-lee8/providers/Microsoft.Network/networkSecurityGroups/nsg-lee8", - "name": "nsg-lee8", - "location": "westus2", - "security_rules": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-lee8/providers/Microsoft.Network/networkSecurityGroups/nsg-lee8/securityRules/nsgr-lee8", - "name": "nsgr-lee8", - "destination_port_range": "*", - "protocol": "*", - "source_address_prefix": "192.168.0.0/24", - "access": "Deny", - "direction": "Outbound" - } - ] - } - }, - "group": { - "name": "network" - }, - "labels": [], - "name": "nsg-lee8", - "type": "Network", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-lee8/providers/Microsoft.Network/networkSecurityGroups/nsg-lee8" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "westus2" - }, - "remediation": { - "desc": "Where UDP is not explicitly required and narrowly configured for resources attached tothe Network Security Group, Internet-level access to your Azure resources should be restricted or eliminated. For internal access to relevant resources, configure an encrypted network tunnel such as: ExpressRouteSite-to-site VPN Point-to-site VPN", - "references": [ - "https://docs.microsoft.com/en-us/azure/security/fundamentals/ddos-best-practices" - ] - }, - "risk_details": "The potential security problem with broadly exposing UDP services over the Internet is that attackers can use DDoS amplification techniques to reflect spoofed UDP traffic from Azure Virtual Machines. The most common types of these attacks use exposed DNS, NTP, SSDP, SNMP, CLDAP and other UDP-based services as amplification sources for disrupting services of other machines on the Azure Virtual Network or even attack networked devices outside of Azure.", - "time": 1760903743, - "time_dt": "2025-10-19T19:55:43.343029", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Network Watcher is not enabled for the following locations in subscription 'Azure subscription 1': italynorth, norwaywest, chilecentral, southeastasia, australiacentral, northeurope, australiaeast, brazilsoutheast, canadacentral, koreacentral, polandcentral, qatarcentral, ukwest, francecentral, koreasouth, westcentralus, northcentralus, spaincentral, eastus, germanynorth, francesouth, southindia, indonesiacentral, australiasoutheast, eastasia, malaysiawest, newzealandnorth, mexicocentral, germanywestcentral, southafricawest, jioindiawest, eastus2, southafricanorth, westindia, brazilsouth, uaecentral, westeurope, uksouth, jioindiacentral, switzerlandwest, uaenorth, australiacentral2, austriaeast, switzerlandnorth, canadaeast, norwayeast, japaneast, westus, westus3, israelcentral, centralus, japanwest.", - "metadata": { - "event_code": "network_watcher_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Network Watcher is not enabled for the following locations in subscription 'Azure subscription 1': italynorth, norwaywest, chilecentral, southeastasia, australiacentral, northeurope, australiaeast, brazilsoutheast, canadacentral, koreacentral, polandcentral, qatarcentral, ukwest, francecentral, koreasouth, westcentralus, northcentralus, spaincentral, eastus, germanynorth, francesouth, southindia, indonesiacentral, australiasoutheast, eastasia, malaysiawest, newzealandnorth, mexicocentral, germanywestcentral, southafricawest, jioindiawest, eastus2, southafricanorth, westindia, brazilsouth, uaecentral, westeurope, uksouth, jioindiacentral, switzerlandwest, uaenorth, australiacentral2, austriaeast, switzerlandnorth, canadaeast, norwayeast, japaneast, westus, westus3, israelcentral, centralus, japanwest.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-monitoring-overview", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "There are additional costs per transaction to run and store network data. For high-volume networks these charges will add up quickly.", - "compliance": { - "ENS-RD2022": [ - "op.mon.1.az.nw.1", - "op.mon.2.r2.az.ma.1", - "op.mon.3.az.nw.1", - "mp.com.1.az.nw.1", - "mp.com.1.az.nw.2", - "mp.com.1.az.nw.3", - "mp.com.3.az.nw.1" - ], - "MITRE-ATTACK": [ - "T1048", - "T1499", - "T1498", - "T1046", - "T1049" - ], - "CIS-2.0": [ - "6.6" - ], - "ProwlerThreatScore-1.0": [ - "3.3.14" - ], - "ISO27001-2022": [ - "A.8.14", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "CIS-2.1": [ - "6.6" - ], - "CIS-3.0": [ - "7.6" - ], - "CCC": [ - "CCC.LB.CN01.AR02", - "CCC.LB.CN06.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN06.AR01" - ], - "CIS-4.0": [ - "8.6" - ], - "NIS2": [ - "2.3.1", - "6.7.2.b", - "6.7.2.l", - "6.8.2.a", - "11.1.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903743, - "created_time_dt": "2025-10-19T19:55:43.343029", - "desc": "Enable Network Watcher for Azure subscriptions.", - "title": "Ensure that Network Watcher is 'Enabled' for all locations in the Azure subscription", - "types": [], - "uid": "prowler-azure-network_watcher_enabled-3bb71587-4549-4396-8898-9e15f062e665-global-Network Watcher" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "network" - }, - "labels": [], - "name": "Network Watcher", - "type": "Network", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_*" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "Opting out of Network Watcher automatic enablement is a permanent change. Once you opt-out you cannot opt-in without contacting support.", - "references": [ - "https://learn.microsoft.com/en-us/security/benchmark/azure/security-controls-v2-logging-threat-detection#lt-3-enable-logging-for-azure-network-activities" - ] - }, - "risk_details": "Network diagnostic and visualization tools available with Network Watcher help users understand, diagnose, and gain insights to the network in Azure.", - "time": 1760903743, - "time_dt": "2025-10-19T19:55:43.343029", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Policy assigment '/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Authorization/policyAssignments/SecurityCenterBuiltIn' is configured with enforcement mode 'Default'.", - "metadata": { - "event_code": "policy_ensure_asc_enforcement_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Policy assigment '/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Authorization/policyAssignments/SecurityCenterBuiltIn' is configured with enforcement mode 'Default'.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/defender-for-cloud/security-policy-concept", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-2.0": [ - "2.1.14" - ], - "ProwlerThreatScore-1.0": [ - "3.3.17" - ], - "ISO27001-2022": [ - "A.5.1" - ], - "CIS-2.1": [ - "2.1.13" - ], - "CIS-3.0": [ - "3.1.11" - ], - "PCI-4.0": [ - "10.2.1.1.31", - "10.4.1.1.5", - "10.4.1.4", - "10.4.2.5", - "10.6.3.36", - "10.7.1.6", - "10.7.2.6", - "A3.3.1.9", - "A3.5.1.9" - ], - "CIS-4.0": [ - "9.1.11" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903743, - "created_time_dt": "2025-10-19T19:55:43.343029", - "desc": "None of the settings offered by ASC Default policy should be set to effect Disabled.", - "title": "Ensure Any of the ASC Default Policy Settings are Not Set to 'Disabled'", - "types": [], - "uid": "prowler-azure-policy_ensure_asc_enforcement_enabled-3bb71587-4549-4396-8898-9e15f062e665-global-SecurityCenterBuiltIn" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Authorization/policyAssignments/SecurityCenterBuiltIn", - "name": "SecurityCenterBuiltIn", - "enforcement_mode": "Default" - } - }, - "group": { - "name": "policy" - }, - "labels": [], - "name": "SecurityCenterBuiltIn", - "type": "Microsoft.Authorization/policyAssignments", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Authorization/policyAssignments/SecurityCenterBuiltIn" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. From Azure Home select the Portal Menu 2. Select Policy 3. Select ASC Default for each subscription 4. Click on 'view Assignment' 5. Click on 'Edit assignment' 6. Ensure Policy Enforcement is Enabled 7. Click 'Review + Save'", - "references": [ - "https://learn.microsoft.com/en-us/azure/defender-for-cloud/implement-security-recommendations" - ] - }, - "risk_details": "A security policy defines the desired configuration of your workloads and helps ensure compliance with company or regulatory security requirements. ASC Default policy is associated with every subscription by default. ASC default policy assignment is a set of security recommendations based on best practices. Enabling recommendations in ASC default policy ensures that Azure security center provides the ability to monitor all of the supported recommendations and optionally allow automated action for a few of the supported recommendations.", - "time": 1760903743, - "time_dt": "2025-10-19T19:55:43.343029", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-e9rn from subscription Azure subscription 1 has allow public access from any Azure service disabled", - "metadata": { - "event_code": "postgresql_flexible_server_allow_access_services_disabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-e9rn from subscription Azure subscription 1 has allow public access from any Azure service disabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/azure/postgresql/concepts-firewall-rules", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.r4.az.sa.3" - ], - "CIS-2.0": [ - "4.3.7" - ], - "ProwlerThreatScore-1.0": [ - "2.2.2" - ], - "ISO27001-2022": [ - "A.8.3" - ], - "CIS-2.1": [ - "4.3.7" - ], - "CIS-3.0": [ - "5.2.5" - ], - "CCC": [ - "CCC.DataWar.CN03.AR01" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903743, - "created_time_dt": "2025-10-19T19:55:43.343029", - "desc": "Disable access from Azure services to PostgreSQL Database Server.", - "title": "Ensure 'Allow access to Azure services' for PostgreSQL Database Server is disabled", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_allow_access_services_disabled-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-e9rn" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn", - "name": "psql-e9rn", - "resource_group": "rg-e9rn", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-e9rn", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Connection security. 4. Under Firewall rules, set Allow access to Azure services to No. 5. Click Save. From Azure CLI Use the below command to delete the AllowAllWindowsAzureIps rule for PostgreSQL Database. az postgres server firewall-rule delete --name AllowAllWindowsAzureIps -- resource-group --server-name ", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/quickstart-create-server-database-azure-cli#configure-a-server-based-firewall-rule" - ] - }, - "risk_details": "If access from Azure services is enabled, the server's firewall will accept connections from all Azure resources, including resources not in your subscription. This is usually not a desired configuration. Instead, set up firewall rules to allow access from specific network ranges or VNET rules to allow access from specific virtual networks.", - "time": 1760903743, - "time_dt": "2025-10-19T19:55:43.343029", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-ireu from subscription Azure subscription 1 has allow public access from any Azure service disabled", - "metadata": { - "event_code": "postgresql_flexible_server_allow_access_services_disabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-ireu from subscription Azure subscription 1 has allow public access from any Azure service disabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/azure/postgresql/concepts-firewall-rules", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.r4.az.sa.3" - ], - "CIS-2.0": [ - "4.3.7" - ], - "ProwlerThreatScore-1.0": [ - "2.2.2" - ], - "ISO27001-2022": [ - "A.8.3" - ], - "CIS-2.1": [ - "4.3.7" - ], - "CIS-3.0": [ - "5.2.5" - ], - "CCC": [ - "CCC.DataWar.CN03.AR01" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903743, - "created_time_dt": "2025-10-19T19:55:43.343029", - "desc": "Disable access from Azure services to PostgreSQL Database Server.", - "title": "Ensure 'Allow access to Azure services' for PostgreSQL Database Server is disabled", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_allow_access_services_disabled-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-ireu" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu", - "name": "psql-ireu", - "resource_group": "rg-ireu", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-ireu", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Connection security. 4. Under Firewall rules, set Allow access to Azure services to No. 5. Click Save. From Azure CLI Use the below command to delete the AllowAllWindowsAzureIps rule for PostgreSQL Database. az postgres server firewall-rule delete --name AllowAllWindowsAzureIps -- resource-group --server-name ", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/quickstart-create-server-database-azure-cli#configure-a-server-based-firewall-rule" - ] - }, - "risk_details": "If access from Azure services is enabled, the server's firewall will accept connections from all Azure resources, including resources not in your subscription. This is usually not a desired configuration. Instead, set up firewall rules to allow access from specific network ranges or VNET rules to allow access from specific virtual networks.", - "time": 1760903743, - "time_dt": "2025-10-19T19:55:43.343029", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-rk6x from subscription Azure subscription 1 has allow public access from any Azure service disabled", - "metadata": { - "event_code": "postgresql_flexible_server_allow_access_services_disabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-rk6x from subscription Azure subscription 1 has allow public access from any Azure service disabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/azure/postgresql/concepts-firewall-rules", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.r4.az.sa.3" - ], - "CIS-2.0": [ - "4.3.7" - ], - "ProwlerThreatScore-1.0": [ - "2.2.2" - ], - "ISO27001-2022": [ - "A.8.3" - ], - "CIS-2.1": [ - "4.3.7" - ], - "CIS-3.0": [ - "5.2.5" - ], - "CCC": [ - "CCC.DataWar.CN03.AR01" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903743, - "created_time_dt": "2025-10-19T19:55:43.343029", - "desc": "Disable access from Azure services to PostgreSQL Database Server.", - "title": "Ensure 'Allow access to Azure services' for PostgreSQL Database Server is disabled", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_allow_access_services_disabled-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-rk6x" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x", - "name": "psql-rk6x", - "resource_group": "rg-rk6x", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-rk6x", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Connection security. 4. Under Firewall rules, set Allow access to Azure services to No. 5. Click Save. From Azure CLI Use the below command to delete the AllowAllWindowsAzureIps rule for PostgreSQL Database. az postgres server firewall-rule delete --name AllowAllWindowsAzureIps -- resource-group --server-name ", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/quickstart-create-server-database-azure-cli#configure-a-server-based-firewall-rule" - ] - }, - "risk_details": "If access from Azure services is enabled, the server's firewall will accept connections from all Azure resources, including resources not in your subscription. This is usually not a desired configuration. Instead, set up firewall rules to allow access from specific network ranges or VNET rules to allow access from specific virtual networks.", - "time": 1760903743, - "time_dt": "2025-10-19T19:55:43.343029", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-rtac from subscription Azure subscription 1 has allow public access from any Azure service disabled", - "metadata": { - "event_code": "postgresql_flexible_server_allow_access_services_disabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-rtac from subscription Azure subscription 1 has allow public access from any Azure service disabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/azure/postgresql/concepts-firewall-rules", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.r4.az.sa.3" - ], - "CIS-2.0": [ - "4.3.7" - ], - "ProwlerThreatScore-1.0": [ - "2.2.2" - ], - "ISO27001-2022": [ - "A.8.3" - ], - "CIS-2.1": [ - "4.3.7" - ], - "CIS-3.0": [ - "5.2.5" - ], - "CCC": [ - "CCC.DataWar.CN03.AR01" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903743, - "created_time_dt": "2025-10-19T19:55:43.343029", - "desc": "Disable access from Azure services to PostgreSQL Database Server.", - "title": "Ensure 'Allow access to Azure services' for PostgreSQL Database Server is disabled", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_allow_access_services_disabled-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-rtac" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac", - "name": "psql-rtac", - "resource_group": "rg-rtac", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-rtac", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Connection security. 4. Under Firewall rules, set Allow access to Azure services to No. 5. Click Save. From Azure CLI Use the below command to delete the AllowAllWindowsAzureIps rule for PostgreSQL Database. az postgres server firewall-rule delete --name AllowAllWindowsAzureIps -- resource-group --server-name ", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/quickstart-create-server-database-azure-cli#configure-a-server-based-firewall-rule" - ] - }, - "risk_details": "If access from Azure services is enabled, the server's firewall will accept connections from all Azure resources, including resources not in your subscription. This is usually not a desired configuration. Instead, set up firewall rules to allow access from specific network ranges or VNET rules to allow access from specific virtual networks.", - "time": 1760903743, - "time_dt": "2025-10-19T19:55:43.343029", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-tumw from subscription Azure subscription 1 has allow public access from any Azure service disabled", - "metadata": { - "event_code": "postgresql_flexible_server_allow_access_services_disabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-tumw from subscription Azure subscription 1 has allow public access from any Azure service disabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/azure/postgresql/concepts-firewall-rules", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.r4.az.sa.3" - ], - "CIS-2.0": [ - "4.3.7" - ], - "ProwlerThreatScore-1.0": [ - "2.2.2" - ], - "ISO27001-2022": [ - "A.8.3" - ], - "CIS-2.1": [ - "4.3.7" - ], - "CIS-3.0": [ - "5.2.5" - ], - "CCC": [ - "CCC.DataWar.CN03.AR01" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903743, - "created_time_dt": "2025-10-19T19:55:43.343029", - "desc": "Disable access from Azure services to PostgreSQL Database Server.", - "title": "Ensure 'Allow access to Azure services' for PostgreSQL Database Server is disabled", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_allow_access_services_disabled-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-tumw" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw", - "name": "psql-tumw", - "resource_group": "rg-tumw", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-tumw", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Connection security. 4. Under Firewall rules, set Allow access to Azure services to No. 5. Click Save. From Azure CLI Use the below command to delete the AllowAllWindowsAzureIps rule for PostgreSQL Database. az postgres server firewall-rule delete --name AllowAllWindowsAzureIps -- resource-group --server-name ", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/quickstart-create-server-database-azure-cli#configure-a-server-based-firewall-rule" - ] - }, - "risk_details": "If access from Azure services is enabled, the server's firewall will accept connections from all Azure resources, including resources not in your subscription. This is usually not a desired configuration. Instead, set up firewall rules to allow access from specific network ranges or VNET rules to allow access from specific virtual networks.", - "time": 1760903743, - "time_dt": "2025-10-19T19:55:43.343029", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-e9rn from subscription Azure subscription 1 has connection_throttling disabled", - "metadata": { - "event_code": "postgresql_flexible_server_connection_throttling_on", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Flexible Postgresql server psql-e9rn from subscription Azure subscription 1 has connection_throttling disabled", - "status_id": 1, - "unmapped": { - "related_url": " https://docs.microsoft.com/en-us/rest/api/postgresql/configurations/listbyserver", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-2.0": [ - "4.3.5" - ], - "ProwlerThreatScore-1.0": [ - "3.1.2" - ], - "CIS-2.1": [ - "4.3.5" - ], - "CIS-3.0": [ - "5.2.3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903743, - "created_time_dt": "2025-10-19T19:55:43.343029", - "desc": "Enable connection_throttling on PostgreSQL Servers.", - "title": "Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_connection_throttling_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-e9rn" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn", - "name": "psql-e9rn", - "resource_group": "rg-e9rn", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-e9rn", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for connection_throttling. 5. Click ON and save. From Azure CLI Use the below command to update connection_throttling configuration. az postgres server configuration set --resource-group -- server-name --name connection_throttling --value on From PowerShell Use the below command to update connection_throttling configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name connection_throttling -Value on", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/how-to-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling connection_throttling helps the PostgreSQL Database to Set the verbosity of logged messages. This in turn generates query and error logs with respect to concurrent connections that could lead to a successful Denial of Service (DoS) attack by exhausting connection resources. A system can also fail or be degraded by an overload of legitimate users. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760903743, - "time_dt": "2025-10-19T19:55:43.343029", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-ireu from subscription Azure subscription 1 has connection_throttling disabled", - "metadata": { - "event_code": "postgresql_flexible_server_connection_throttling_on", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Flexible Postgresql server psql-ireu from subscription Azure subscription 1 has connection_throttling disabled", - "status_id": 1, - "unmapped": { - "related_url": " https://docs.microsoft.com/en-us/rest/api/postgresql/configurations/listbyserver", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-2.0": [ - "4.3.5" - ], - "ProwlerThreatScore-1.0": [ - "3.1.2" - ], - "CIS-2.1": [ - "4.3.5" - ], - "CIS-3.0": [ - "5.2.3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903743, - "created_time_dt": "2025-10-19T19:55:43.343029", - "desc": "Enable connection_throttling on PostgreSQL Servers.", - "title": "Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_connection_throttling_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-ireu" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu", - "name": "psql-ireu", - "resource_group": "rg-ireu", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-ireu", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for connection_throttling. 5. Click ON and save. From Azure CLI Use the below command to update connection_throttling configuration. az postgres server configuration set --resource-group -- server-name --name connection_throttling --value on From PowerShell Use the below command to update connection_throttling configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name connection_throttling -Value on", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/how-to-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling connection_throttling helps the PostgreSQL Database to Set the verbosity of logged messages. This in turn generates query and error logs with respect to concurrent connections that could lead to a successful Denial of Service (DoS) attack by exhausting connection resources. A system can also fail or be degraded by an overload of legitimate users. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760903743, - "time_dt": "2025-10-19T19:55:43.343029", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-rk6x from subscription Azure subscription 1 has connection_throttling disabled", - "metadata": { - "event_code": "postgresql_flexible_server_connection_throttling_on", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Flexible Postgresql server psql-rk6x from subscription Azure subscription 1 has connection_throttling disabled", - "status_id": 1, - "unmapped": { - "related_url": " https://docs.microsoft.com/en-us/rest/api/postgresql/configurations/listbyserver", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-2.0": [ - "4.3.5" - ], - "ProwlerThreatScore-1.0": [ - "3.1.2" - ], - "CIS-2.1": [ - "4.3.5" - ], - "CIS-3.0": [ - "5.2.3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903743, - "created_time_dt": "2025-10-19T19:55:43.343029", - "desc": "Enable connection_throttling on PostgreSQL Servers.", - "title": "Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_connection_throttling_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-rk6x" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x", - "name": "psql-rk6x", - "resource_group": "rg-rk6x", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-rk6x", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for connection_throttling. 5. Click ON and save. From Azure CLI Use the below command to update connection_throttling configuration. az postgres server configuration set --resource-group -- server-name --name connection_throttling --value on From PowerShell Use the below command to update connection_throttling configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name connection_throttling -Value on", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/how-to-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling connection_throttling helps the PostgreSQL Database to Set the verbosity of logged messages. This in turn generates query and error logs with respect to concurrent connections that could lead to a successful Denial of Service (DoS) attack by exhausting connection resources. A system can also fail or be degraded by an overload of legitimate users. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760903743, - "time_dt": "2025-10-19T19:55:43.343029", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-rtac from subscription Azure subscription 1 has connection_throttling disabled", - "metadata": { - "event_code": "postgresql_flexible_server_connection_throttling_on", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Flexible Postgresql server psql-rtac from subscription Azure subscription 1 has connection_throttling disabled", - "status_id": 1, - "unmapped": { - "related_url": " https://docs.microsoft.com/en-us/rest/api/postgresql/configurations/listbyserver", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-2.0": [ - "4.3.5" - ], - "ProwlerThreatScore-1.0": [ - "3.1.2" - ], - "CIS-2.1": [ - "4.3.5" - ], - "CIS-3.0": [ - "5.2.3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903743, - "created_time_dt": "2025-10-19T19:55:43.343029", - "desc": "Enable connection_throttling on PostgreSQL Servers.", - "title": "Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_connection_throttling_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-rtac" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac", - "name": "psql-rtac", - "resource_group": "rg-rtac", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-rtac", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for connection_throttling. 5. Click ON and save. From Azure CLI Use the below command to update connection_throttling configuration. az postgres server configuration set --resource-group -- server-name --name connection_throttling --value on From PowerShell Use the below command to update connection_throttling configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name connection_throttling -Value on", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/how-to-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling connection_throttling helps the PostgreSQL Database to Set the verbosity of logged messages. This in turn generates query and error logs with respect to concurrent connections that could lead to a successful Denial of Service (DoS) attack by exhausting connection resources. A system can also fail or be degraded by an overload of legitimate users. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760903743, - "time_dt": "2025-10-19T19:55:43.343029", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-tumw from subscription Azure subscription 1 has connection_throttling disabled", - "metadata": { - "event_code": "postgresql_flexible_server_connection_throttling_on", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Flexible Postgresql server psql-tumw from subscription Azure subscription 1 has connection_throttling disabled", - "status_id": 1, - "unmapped": { - "related_url": " https://docs.microsoft.com/en-us/rest/api/postgresql/configurations/listbyserver", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-2.0": [ - "4.3.5" - ], - "ProwlerThreatScore-1.0": [ - "3.1.2" - ], - "CIS-2.1": [ - "4.3.5" - ], - "CIS-3.0": [ - "5.2.3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903743, - "created_time_dt": "2025-10-19T19:55:43.343029", - "desc": "Enable connection_throttling on PostgreSQL Servers.", - "title": "Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_connection_throttling_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-tumw" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw", - "name": "psql-tumw", - "resource_group": "rg-tumw", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-tumw", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for connection_throttling. 5. Click ON and save. From Azure CLI Use the below command to update connection_throttling configuration. az postgres server configuration set --resource-group -- server-name --name connection_throttling --value on From PowerShell Use the below command to update connection_throttling configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name connection_throttling -Value on", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/how-to-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling connection_throttling helps the PostgreSQL Database to Set the verbosity of logged messages. This in turn generates query and error logs with respect to concurrent connections that could lead to a successful Denial of Service (DoS) attack by exhausting connection resources. A system can also fail or be degraded by an overload of legitimate users. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760903743, - "time_dt": "2025-10-19T19:55:43.343029", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-e9rn from subscription Azure subscription 1 has enforce ssl enabled", - "metadata": { - "event_code": "postgresql_flexible_server_enforce_ssl_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-e9rn from subscription Azure subscription 1 has enforce ssl enabled", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/postgresql/single-server/concepts-ssl-connection-security", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": ".", - "compliance": { - "MITRE-ATTACK": [ - "T1040", - "T1530" - ], - "CIS-2.0": [ - "4.3.1" - ], - "ProwlerThreatScore-1.0": [ - "4.1.1", - "4.1.2" - ], - "SOC2": [ - "cc_6_2", - "cc_6_6" - ], - "CIS-2.1": [ - "4.3.1" - ], - "CIS-3.0": [ - "5.2.1", - "5.3.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903743, - "created_time_dt": "2025-10-19T19:55:43.343029", - "desc": "Enable SSL connection on PostgreSQL Servers.", - "title": "Ensure 'Enforce SSL connection' is set to 'ENABLED' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_enforce_ssl_enabled-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-e9rn" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn", - "name": "psql-e9rn", - "resource_group": "rg-e9rn", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-e9rn", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com 2. Go to Azure Database for PostgreSQL server 3. For each database, click on Connection security 4. In SSL settings, click on ENABLED to enforce SSL connections 5. Click Save From Azure CLI Use the below command to enforce ssl connection for PostgreSQL Database. az postgres server update --resource-group --name --ssl-enforcement Enabled From PowerShell Update-AzPostgreSqlServer -ResourceGroupName -ServerName -SslEnforcement Enabled", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/concepts-ssl-connection-security" - ] - }, - "risk_details": "SSL connectivity helps to provide a new layer of security by connecting database server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between database server and client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and application.", - "time": 1760903743, - "time_dt": "2025-10-19T19:55:43.343029", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-ireu from subscription Azure subscription 1 has enforce ssl enabled", - "metadata": { - "event_code": "postgresql_flexible_server_enforce_ssl_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-ireu from subscription Azure subscription 1 has enforce ssl enabled", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/postgresql/single-server/concepts-ssl-connection-security", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": ".", - "compliance": { - "MITRE-ATTACK": [ - "T1040", - "T1530" - ], - "CIS-2.0": [ - "4.3.1" - ], - "ProwlerThreatScore-1.0": [ - "4.1.1", - "4.1.2" - ], - "SOC2": [ - "cc_6_2", - "cc_6_6" - ], - "CIS-2.1": [ - "4.3.1" - ], - "CIS-3.0": [ - "5.2.1", - "5.3.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903743, - "created_time_dt": "2025-10-19T19:55:43.343029", - "desc": "Enable SSL connection on PostgreSQL Servers.", - "title": "Ensure 'Enforce SSL connection' is set to 'ENABLED' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_enforce_ssl_enabled-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-ireu" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu", - "name": "psql-ireu", - "resource_group": "rg-ireu", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-ireu", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com 2. Go to Azure Database for PostgreSQL server 3. For each database, click on Connection security 4. In SSL settings, click on ENABLED to enforce SSL connections 5. Click Save From Azure CLI Use the below command to enforce ssl connection for PostgreSQL Database. az postgres server update --resource-group --name --ssl-enforcement Enabled From PowerShell Update-AzPostgreSqlServer -ResourceGroupName -ServerName -SslEnforcement Enabled", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/concepts-ssl-connection-security" - ] - }, - "risk_details": "SSL connectivity helps to provide a new layer of security by connecting database server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between database server and client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and application.", - "time": 1760903743, - "time_dt": "2025-10-19T19:55:43.343029", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-rk6x from subscription Azure subscription 1 has enforce ssl enabled", - "metadata": { - "event_code": "postgresql_flexible_server_enforce_ssl_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-rk6x from subscription Azure subscription 1 has enforce ssl enabled", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/postgresql/single-server/concepts-ssl-connection-security", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": ".", - "compliance": { - "MITRE-ATTACK": [ - "T1040", - "T1530" - ], - "CIS-2.0": [ - "4.3.1" - ], - "ProwlerThreatScore-1.0": [ - "4.1.1", - "4.1.2" - ], - "SOC2": [ - "cc_6_2", - "cc_6_6" - ], - "CIS-2.1": [ - "4.3.1" - ], - "CIS-3.0": [ - "5.2.1", - "5.3.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903743, - "created_time_dt": "2025-10-19T19:55:43.343029", - "desc": "Enable SSL connection on PostgreSQL Servers.", - "title": "Ensure 'Enforce SSL connection' is set to 'ENABLED' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_enforce_ssl_enabled-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-rk6x" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x", - "name": "psql-rk6x", - "resource_group": "rg-rk6x", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-rk6x", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com 2. Go to Azure Database for PostgreSQL server 3. For each database, click on Connection security 4. In SSL settings, click on ENABLED to enforce SSL connections 5. Click Save From Azure CLI Use the below command to enforce ssl connection for PostgreSQL Database. az postgres server update --resource-group --name --ssl-enforcement Enabled From PowerShell Update-AzPostgreSqlServer -ResourceGroupName -ServerName -SslEnforcement Enabled", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/concepts-ssl-connection-security" - ] - }, - "risk_details": "SSL connectivity helps to provide a new layer of security by connecting database server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between database server and client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and application.", - "time": 1760903743, - "time_dt": "2025-10-19T19:55:43.343029", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-rtac from subscription Azure subscription 1 has enforce ssl enabled", - "metadata": { - "event_code": "postgresql_flexible_server_enforce_ssl_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-rtac from subscription Azure subscription 1 has enforce ssl enabled", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/postgresql/single-server/concepts-ssl-connection-security", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": ".", - "compliance": { - "MITRE-ATTACK": [ - "T1040", - "T1530" - ], - "CIS-2.0": [ - "4.3.1" - ], - "ProwlerThreatScore-1.0": [ - "4.1.1", - "4.1.2" - ], - "SOC2": [ - "cc_6_2", - "cc_6_6" - ], - "CIS-2.1": [ - "4.3.1" - ], - "CIS-3.0": [ - "5.2.1", - "5.3.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903743, - "created_time_dt": "2025-10-19T19:55:43.343029", - "desc": "Enable SSL connection on PostgreSQL Servers.", - "title": "Ensure 'Enforce SSL connection' is set to 'ENABLED' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_enforce_ssl_enabled-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-rtac" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac", - "name": "psql-rtac", - "resource_group": "rg-rtac", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-rtac", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com 2. Go to Azure Database for PostgreSQL server 3. For each database, click on Connection security 4. In SSL settings, click on ENABLED to enforce SSL connections 5. Click Save From Azure CLI Use the below command to enforce ssl connection for PostgreSQL Database. az postgres server update --resource-group --name --ssl-enforcement Enabled From PowerShell Update-AzPostgreSqlServer -ResourceGroupName -ServerName -SslEnforcement Enabled", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/concepts-ssl-connection-security" - ] - }, - "risk_details": "SSL connectivity helps to provide a new layer of security by connecting database server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between database server and client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and application.", - "time": 1760903743, - "time_dt": "2025-10-19T19:55:43.343029", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-tumw from subscription Azure subscription 1 has enforce ssl enabled", - "metadata": { - "event_code": "postgresql_flexible_server_enforce_ssl_enabled", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-tumw from subscription Azure subscription 1 has enforce ssl enabled", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/postgresql/single-server/concepts-ssl-connection-security", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": ".", - "compliance": { - "MITRE-ATTACK": [ - "T1040", - "T1530" - ], - "CIS-2.0": [ - "4.3.1" - ], - "ProwlerThreatScore-1.0": [ - "4.1.1", - "4.1.2" - ], - "SOC2": [ - "cc_6_2", - "cc_6_6" - ], - "CIS-2.1": [ - "4.3.1" - ], - "CIS-3.0": [ - "5.2.1", - "5.3.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903743, - "created_time_dt": "2025-10-19T19:55:43.343029", - "desc": "Enable SSL connection on PostgreSQL Servers.", - "title": "Ensure 'Enforce SSL connection' is set to 'ENABLED' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_enforce_ssl_enabled-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-tumw" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw", - "name": "psql-tumw", - "resource_group": "rg-tumw", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-tumw", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com 2. Go to Azure Database for PostgreSQL server 3. For each database, click on Connection security 4. In SSL settings, click on ENABLED to enforce SSL connections 5. Click Save From Azure CLI Use the below command to enforce ssl connection for PostgreSQL Database. az postgres server update --resource-group --name --ssl-enforcement Enabled From PowerShell Update-AzPostgreSqlServer -ResourceGroupName -ServerName -SslEnforcement Enabled", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/concepts-ssl-connection-security" - ] - }, - "risk_details": "SSL connectivity helps to provide a new layer of security by connecting database server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between database server and client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and application.", - "time": 1760903743, - "time_dt": "2025-10-19T19:55:43.343029", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-e9rn from subscription Azure subscription 1 has log_checkpoints enabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_checkpoints_on", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-e9rn from subscription Azure subscription 1 has log_checkpoints enabled", - "status_id": 1, - "unmapped": { - "related_url": " https://docs.microsoft.com/en-us/rest/api/postgresql/singleserver/configurations/list-by-server", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.3" - ], - "CIS-2.0": [ - "4.3.2" - ], - "ProwlerThreatScore-1.0": [ - "3.1.1" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "4.3.2" - ], - "CIS-3.0": [ - "5.2.2" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.g", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903743, - "created_time_dt": "2025-10-19T19:55:43.343029", - "desc": "Enable log_checkpoints on PostgreSQL Servers.", - "title": "Ensure Server Parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_checkpoints_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-e9rn" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn", - "name": "psql-e9rn", - "resource_group": "rg-e9rn", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-e9rn", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. From Azure Home select the Portal Menu. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for log_checkpoints. 5. Click ON and save. From Azure CLI Use the below command to update log_checkpoints configuration. az postgres server configuration set --resource-group -- server-name --name log_checkpoints --value on From PowerShell Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_checkpoints -Value on", - "references": [ - "https://docs.microsoft.com/en-us/azure/postgresql/howto-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling log_checkpoints helps the PostgreSQL Database to Log each checkpoint in turn generates query and error logs. However, access to transaction logs is not supported. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760903743, - "time_dt": "2025-10-19T19:55:43.343029", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-ireu from subscription Azure subscription 1 has log_checkpoints enabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_checkpoints_on", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-ireu from subscription Azure subscription 1 has log_checkpoints enabled", - "status_id": 1, - "unmapped": { - "related_url": " https://docs.microsoft.com/en-us/rest/api/postgresql/singleserver/configurations/list-by-server", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.3" - ], - "CIS-2.0": [ - "4.3.2" - ], - "ProwlerThreatScore-1.0": [ - "3.1.1" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "4.3.2" - ], - "CIS-3.0": [ - "5.2.2" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.g", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903743, - "created_time_dt": "2025-10-19T19:55:43.343029", - "desc": "Enable log_checkpoints on PostgreSQL Servers.", - "title": "Ensure Server Parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_checkpoints_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-ireu" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu", - "name": "psql-ireu", - "resource_group": "rg-ireu", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-ireu", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. From Azure Home select the Portal Menu. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for log_checkpoints. 5. Click ON and save. From Azure CLI Use the below command to update log_checkpoints configuration. az postgres server configuration set --resource-group -- server-name --name log_checkpoints --value on From PowerShell Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_checkpoints -Value on", - "references": [ - "https://docs.microsoft.com/en-us/azure/postgresql/howto-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling log_checkpoints helps the PostgreSQL Database to Log each checkpoint in turn generates query and error logs. However, access to transaction logs is not supported. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760903743, - "time_dt": "2025-10-19T19:55:43.343029", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-rk6x from subscription Azure subscription 1 has log_checkpoints enabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_checkpoints_on", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-rk6x from subscription Azure subscription 1 has log_checkpoints enabled", - "status_id": 1, - "unmapped": { - "related_url": " https://docs.microsoft.com/en-us/rest/api/postgresql/singleserver/configurations/list-by-server", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.3" - ], - "CIS-2.0": [ - "4.3.2" - ], - "ProwlerThreatScore-1.0": [ - "3.1.1" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "4.3.2" - ], - "CIS-3.0": [ - "5.2.2" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.g", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903743, - "created_time_dt": "2025-10-19T19:55:43.343029", - "desc": "Enable log_checkpoints on PostgreSQL Servers.", - "title": "Ensure Server Parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_checkpoints_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-rk6x" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x", - "name": "psql-rk6x", - "resource_group": "rg-rk6x", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-rk6x", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. From Azure Home select the Portal Menu. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for log_checkpoints. 5. Click ON and save. From Azure CLI Use the below command to update log_checkpoints configuration. az postgres server configuration set --resource-group -- server-name --name log_checkpoints --value on From PowerShell Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_checkpoints -Value on", - "references": [ - "https://docs.microsoft.com/en-us/azure/postgresql/howto-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling log_checkpoints helps the PostgreSQL Database to Log each checkpoint in turn generates query and error logs. However, access to transaction logs is not supported. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760903743, - "time_dt": "2025-10-19T19:55:43.343029", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-rtac from subscription Azure subscription 1 has log_checkpoints enabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_checkpoints_on", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-rtac from subscription Azure subscription 1 has log_checkpoints enabled", - "status_id": 1, - "unmapped": { - "related_url": " https://docs.microsoft.com/en-us/rest/api/postgresql/singleserver/configurations/list-by-server", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.3" - ], - "CIS-2.0": [ - "4.3.2" - ], - "ProwlerThreatScore-1.0": [ - "3.1.1" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "4.3.2" - ], - "CIS-3.0": [ - "5.2.2" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.g", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903743, - "created_time_dt": "2025-10-19T19:55:43.343029", - "desc": "Enable log_checkpoints on PostgreSQL Servers.", - "title": "Ensure Server Parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_checkpoints_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-rtac" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac", - "name": "psql-rtac", - "resource_group": "rg-rtac", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-rtac", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. From Azure Home select the Portal Menu. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for log_checkpoints. 5. Click ON and save. From Azure CLI Use the below command to update log_checkpoints configuration. az postgres server configuration set --resource-group -- server-name --name log_checkpoints --value on From PowerShell Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_checkpoints -Value on", - "references": [ - "https://docs.microsoft.com/en-us/azure/postgresql/howto-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling log_checkpoints helps the PostgreSQL Database to Log each checkpoint in turn generates query and error logs. However, access to transaction logs is not supported. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760903743, - "time_dt": "2025-10-19T19:55:43.343029", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-tumw from subscription Azure subscription 1 has log_checkpoints enabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_checkpoints_on", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-tumw from subscription Azure subscription 1 has log_checkpoints enabled", - "status_id": 1, - "unmapped": { - "related_url": " https://docs.microsoft.com/en-us/rest/api/postgresql/singleserver/configurations/list-by-server", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.3" - ], - "CIS-2.0": [ - "4.3.2" - ], - "ProwlerThreatScore-1.0": [ - "3.1.1" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "4.3.2" - ], - "CIS-3.0": [ - "5.2.2" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.g", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903743, - "created_time_dt": "2025-10-19T19:55:43.343029", - "desc": "Enable log_checkpoints on PostgreSQL Servers.", - "title": "Ensure Server Parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_checkpoints_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-tumw" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw", - "name": "psql-tumw", - "resource_group": "rg-tumw", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-tumw", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. From Azure Home select the Portal Menu. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for log_checkpoints. 5. Click ON and save. From Azure CLI Use the below command to update log_checkpoints configuration. az postgres server configuration set --resource-group -- server-name --name log_checkpoints --value on From PowerShell Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_checkpoints -Value on", - "references": [ - "https://docs.microsoft.com/en-us/azure/postgresql/howto-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling log_checkpoints helps the PostgreSQL Database to Log each checkpoint in turn generates query and error logs. However, access to transaction logs is not supported. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760903743, - "time_dt": "2025-10-19T19:55:43.343029", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-e9rn from subscription Azure subscription 1 has log_connections enabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_connections_on", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-e9rn from subscription Azure subscription 1 has log_connections enabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/rest/api/postgresql/configurations/listbyserver", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.3" - ], - "CIS-2.0": [ - "4.3.3" - ], - "ProwlerThreatScore-1.0": [ - "3.1.3" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "4.3.3" - ], - "CIS-3.0": [ - "5.2.6" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.c", - "3.2.3.e", - "3.2.3.g", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903743, - "created_time_dt": "2025-10-19T19:55:43.343029", - "desc": "Enable log_connections on PostgreSQL Servers.", - "title": "Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_connections_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-e9rn" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn", - "name": "psql-e9rn", - "resource_group": "rg-e9rn", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-e9rn", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for log_connections. 5. Click ON and save. From Azure CLI Use the below command to update log_connections configuration. az postgres server configuration set --resource-group -- server-name --name log_connections --value on From PowerShell Use the below command to update log_connections configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_connections -Value on", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/how-to-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling log_connections helps PostgreSQL Database to log attempted connection to the server, as well as successful completion of client authentication. Log data can be used to identify, troubleshoot, and repair configuration errors and suboptimal performance.", - "time": 1760903743, - "time_dt": "2025-10-19T19:55:43.343029", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-ireu from subscription Azure subscription 1 has log_connections enabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_connections_on", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-ireu from subscription Azure subscription 1 has log_connections enabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/rest/api/postgresql/configurations/listbyserver", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.3" - ], - "CIS-2.0": [ - "4.3.3" - ], - "ProwlerThreatScore-1.0": [ - "3.1.3" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "4.3.3" - ], - "CIS-3.0": [ - "5.2.6" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.c", - "3.2.3.e", - "3.2.3.g", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903743, - "created_time_dt": "2025-10-19T19:55:43.343029", - "desc": "Enable log_connections on PostgreSQL Servers.", - "title": "Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_connections_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-ireu" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu", - "name": "psql-ireu", - "resource_group": "rg-ireu", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-ireu", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for log_connections. 5. Click ON and save. From Azure CLI Use the below command to update log_connections configuration. az postgres server configuration set --resource-group -- server-name --name log_connections --value on From PowerShell Use the below command to update log_connections configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_connections -Value on", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/how-to-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling log_connections helps PostgreSQL Database to log attempted connection to the server, as well as successful completion of client authentication. Log data can be used to identify, troubleshoot, and repair configuration errors and suboptimal performance.", - "time": 1760903743, - "time_dt": "2025-10-19T19:55:43.343029", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-rk6x from subscription Azure subscription 1 has log_connections enabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_connections_on", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-rk6x from subscription Azure subscription 1 has log_connections enabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/rest/api/postgresql/configurations/listbyserver", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.3" - ], - "CIS-2.0": [ - "4.3.3" - ], - "ProwlerThreatScore-1.0": [ - "3.1.3" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "4.3.3" - ], - "CIS-3.0": [ - "5.2.6" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.c", - "3.2.3.e", - "3.2.3.g", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903743, - "created_time_dt": "2025-10-19T19:55:43.343029", - "desc": "Enable log_connections on PostgreSQL Servers.", - "title": "Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_connections_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-rk6x" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x", - "name": "psql-rk6x", - "resource_group": "rg-rk6x", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-rk6x", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for log_connections. 5. Click ON and save. From Azure CLI Use the below command to update log_connections configuration. az postgres server configuration set --resource-group -- server-name --name log_connections --value on From PowerShell Use the below command to update log_connections configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_connections -Value on", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/how-to-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling log_connections helps PostgreSQL Database to log attempted connection to the server, as well as successful completion of client authentication. Log data can be used to identify, troubleshoot, and repair configuration errors and suboptimal performance.", - "time": 1760903743, - "time_dt": "2025-10-19T19:55:43.343029", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-rtac from subscription Azure subscription 1 has log_connections enabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_connections_on", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-rtac from subscription Azure subscription 1 has log_connections enabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/rest/api/postgresql/configurations/listbyserver", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.3" - ], - "CIS-2.0": [ - "4.3.3" - ], - "ProwlerThreatScore-1.0": [ - "3.1.3" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "4.3.3" - ], - "CIS-3.0": [ - "5.2.6" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.c", - "3.2.3.e", - "3.2.3.g", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903743, - "created_time_dt": "2025-10-19T19:55:43.343029", - "desc": "Enable log_connections on PostgreSQL Servers.", - "title": "Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_connections_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-rtac" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac", - "name": "psql-rtac", - "resource_group": "rg-rtac", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-rtac", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for log_connections. 5. Click ON and save. From Azure CLI Use the below command to update log_connections configuration. az postgres server configuration set --resource-group -- server-name --name log_connections --value on From PowerShell Use the below command to update log_connections configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_connections -Value on", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/how-to-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling log_connections helps PostgreSQL Database to log attempted connection to the server, as well as successful completion of client authentication. Log data can be used to identify, troubleshoot, and repair configuration errors and suboptimal performance.", - "time": 1760903743, - "time_dt": "2025-10-19T19:55:43.343029", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-tumw from subscription Azure subscription 1 has log_connections enabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_connections_on", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-tumw from subscription Azure subscription 1 has log_connections enabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/rest/api/postgresql/configurations/listbyserver", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.3" - ], - "CIS-2.0": [ - "4.3.3" - ], - "ProwlerThreatScore-1.0": [ - "3.1.3" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "4.3.3" - ], - "CIS-3.0": [ - "5.2.6" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.c", - "3.2.3.e", - "3.2.3.g", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903743, - "created_time_dt": "2025-10-19T19:55:43.343029", - "desc": "Enable log_connections on PostgreSQL Servers.", - "title": "Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_connections_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-tumw" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw", - "name": "psql-tumw", - "resource_group": "rg-tumw", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-tumw", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for log_connections. 5. Click ON and save. From Azure CLI Use the below command to update log_connections configuration. az postgres server configuration set --resource-group -- server-name --name log_connections --value on From PowerShell Use the below command to update log_connections configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_connections -Value on", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/how-to-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling log_connections helps PostgreSQL Database to log attempted connection to the server, as well as successful completion of client authentication. Log data can be used to identify, troubleshoot, and repair configuration errors and suboptimal performance.", - "time": 1760903743, - "time_dt": "2025-10-19T19:55:43.343029", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-e9rn from subscription Azure subscription 1 has log_disconnections enabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_disconnections_on", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-e9rn from subscription Azure subscription 1 has log_disconnections enabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/rest/api/postgresql/singleserver/configurations/list-by-server", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Enabling this setting will enable a log of all disconnections. If this is enabled for a high traffic server, the log may grow exponentially.", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.3" - ], - "CIS-2.0": [ - "4.3.4" - ], - "ProwlerThreatScore-1.0": [ - "3.1.4" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "4.3.4" - ], - "CIS-3.0": [ - "5.2.7" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.c", - "3.2.3.e", - "3.2.3.g", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903743, - "created_time_dt": "2025-10-19T19:55:43.343029", - "desc": "Enable log_disconnections on PostgreSQL Servers.", - "title": "Ensure server parameter 'log_disconnections' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_disconnections_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-e9rn" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn", - "name": "psql-e9rn", - "resource_group": "rg-e9rn", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-e9rn", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. From Azure Home select the Portal Menu 2. Go to Azure Database for PostgreSQL servers 3. For each database, click on Server parameters 4. Search for log_disconnections. 5. Click ON and save. From Azure CLI Use the below command to update log_disconnections configuration. az postgres server configuration set --resource-group -- server-name --name log_disconnections --value on From PowerShell Use the below command to update log_disconnections configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName -- server-name --name log_disconnections --value on From PowerShell Use the below command to update log_disconnections configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName -- server-name --name log_disconnections --value on From PowerShell Use the below command to update log_disconnections configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName -- server-name --name log_disconnections --value on From PowerShell Use the below command to update log_disconnections configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName -- server-name --name log_disconnections --value on From PowerShell Use the below command to update log_disconnections configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName -- server-name --name log_retention_days --value <4-7> From Powershell Use the below command to update log_retention_days configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_retention_days -Value <4-7>", - "references": [ - "https://learn.microsoft.com/en-us/rest/api/postgresql/singleserver/configurations/list-by-server?view=rest-postgresql-singleserver-2017-12-01&tabs=HTTP" - ] - }, - "risk_details": "Configuring log_retention_days determines the duration in days that Azure Database for PostgreSQL retains log files. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760903743, - "time_dt": "2025-10-19T19:55:43.343029", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-ireu from subscription Azure subscription 1 has log_retention disabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_retention_days_greater_3", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Flexible Postgresql server psql-ireu from subscription Azure subscription 1 has log_retention disabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/azure/postgresql/howto-configure-server-parameters-using-portal", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Configuring this setting will result in logs being retained for the specified number of days. If this is configured on a high traffic server, the log may grow quickly to occupy a large amount of disk space. In this case you may want to set this to a lower number.", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.r3.az.nt.1", - "op.mon.3.az.nw.1" - ], - "CIS-2.0": [ - "4.3.6" - ], - "ProwlerThreatScore-1.0": [ - "3.2.2" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1", - "cc_c_1_2" - ], - "CIS-2.1": [ - "4.3.6" - ], - "CIS-3.0": [ - "5.2.4" - ], - "CCC": [ - "CCC.Logging.CN02.AR02" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.g", - "3.2.5", - "4.1.2.g", - "4.1.4", - "6.1.2.b", - "11.2.2.f", - "12.2.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903743, - "created_time_dt": "2025-10-19T19:55:43.343029", - "desc": "Ensure log_retention_days on PostgreSQL Servers is set to an appropriate value.", - "title": "Ensure Server Parameter 'log_retention_days' is greater than 3 days for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_retention_days_greater_3-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-ireu" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu", - "name": "psql-ireu", - "resource_group": "rg-ireu", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-ireu", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. From Azure Home select the Portal Menu. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for log_retention_days. 5. Input a value between 4 and 7 (inclusive) and click Save. From Azure CLI Use the below command to update log_retention_days configuration. az postgres server configuration set --resource-group -- server-name --name log_retention_days --value <4-7> From Powershell Use the below command to update log_retention_days configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_retention_days -Value <4-7>", - "references": [ - "https://learn.microsoft.com/en-us/rest/api/postgresql/singleserver/configurations/list-by-server?view=rest-postgresql-singleserver-2017-12-01&tabs=HTTP" - ] - }, - "risk_details": "Configuring log_retention_days determines the duration in days that Azure Database for PostgreSQL retains log files. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760903743, - "time_dt": "2025-10-19T19:55:43.343029", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-rk6x from subscription Azure subscription 1 has log_retention disabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_retention_days_greater_3", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Flexible Postgresql server psql-rk6x from subscription Azure subscription 1 has log_retention disabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/azure/postgresql/howto-configure-server-parameters-using-portal", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Configuring this setting will result in logs being retained for the specified number of days. If this is configured on a high traffic server, the log may grow quickly to occupy a large amount of disk space. In this case you may want to set this to a lower number.", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.r3.az.nt.1", - "op.mon.3.az.nw.1" - ], - "CIS-2.0": [ - "4.3.6" - ], - "ProwlerThreatScore-1.0": [ - "3.2.2" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1", - "cc_c_1_2" - ], - "CIS-2.1": [ - "4.3.6" - ], - "CIS-3.0": [ - "5.2.4" - ], - "CCC": [ - "CCC.Logging.CN02.AR02" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.g", - "3.2.5", - "4.1.2.g", - "4.1.4", - "6.1.2.b", - "11.2.2.f", - "12.2.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903743, - "created_time_dt": "2025-10-19T19:55:43.343029", - "desc": "Ensure log_retention_days on PostgreSQL Servers is set to an appropriate value.", - "title": "Ensure Server Parameter 'log_retention_days' is greater than 3 days for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_retention_days_greater_3-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-rk6x" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x", - "name": "psql-rk6x", - "resource_group": "rg-rk6x", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-rk6x", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. From Azure Home select the Portal Menu. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for log_retention_days. 5. Input a value between 4 and 7 (inclusive) and click Save. From Azure CLI Use the below command to update log_retention_days configuration. az postgres server configuration set --resource-group -- server-name --name log_retention_days --value <4-7> From Powershell Use the below command to update log_retention_days configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_retention_days -Value <4-7>", - "references": [ - "https://learn.microsoft.com/en-us/rest/api/postgresql/singleserver/configurations/list-by-server?view=rest-postgresql-singleserver-2017-12-01&tabs=HTTP" - ] - }, - "risk_details": "Configuring log_retention_days determines the duration in days that Azure Database for PostgreSQL retains log files. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760903743, - "time_dt": "2025-10-19T19:55:43.343029", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-rtac from subscription Azure subscription 1 has log_retention disabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_retention_days_greater_3", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Flexible Postgresql server psql-rtac from subscription Azure subscription 1 has log_retention disabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/azure/postgresql/howto-configure-server-parameters-using-portal", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Configuring this setting will result in logs being retained for the specified number of days. If this is configured on a high traffic server, the log may grow quickly to occupy a large amount of disk space. In this case you may want to set this to a lower number.", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.r3.az.nt.1", - "op.mon.3.az.nw.1" - ], - "CIS-2.0": [ - "4.3.6" - ], - "ProwlerThreatScore-1.0": [ - "3.2.2" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1", - "cc_c_1_2" - ], - "CIS-2.1": [ - "4.3.6" - ], - "CIS-3.0": [ - "5.2.4" - ], - "CCC": [ - "CCC.Logging.CN02.AR02" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.g", - "3.2.5", - "4.1.2.g", - "4.1.4", - "6.1.2.b", - "11.2.2.f", - "12.2.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903743, - "created_time_dt": "2025-10-19T19:55:43.343029", - "desc": "Ensure log_retention_days on PostgreSQL Servers is set to an appropriate value.", - "title": "Ensure Server Parameter 'log_retention_days' is greater than 3 days for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_retention_days_greater_3-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-rtac" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac", - "name": "psql-rtac", - "resource_group": "rg-rtac", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-rtac", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. From Azure Home select the Portal Menu. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for log_retention_days. 5. Input a value between 4 and 7 (inclusive) and click Save. From Azure CLI Use the below command to update log_retention_days configuration. az postgres server configuration set --resource-group -- server-name --name log_retention_days --value <4-7> From Powershell Use the below command to update log_retention_days configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_retention_days -Value <4-7>", - "references": [ - "https://learn.microsoft.com/en-us/rest/api/postgresql/singleserver/configurations/list-by-server?view=rest-postgresql-singleserver-2017-12-01&tabs=HTTP" - ] - }, - "risk_details": "Configuring log_retention_days determines the duration in days that Azure Database for PostgreSQL retains log files. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760903743, - "time_dt": "2025-10-19T19:55:43.343029", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-tumw from subscription Azure subscription 1 has log_retention disabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_retention_days_greater_3", - "product": { - "name": "Prowler (baseline)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Flexible Postgresql server psql-tumw from subscription Azure subscription 1 has log_retention disabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/azure/postgresql/howto-configure-server-parameters-using-portal", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Configuring this setting will result in logs being retained for the specified number of days. If this is configured on a high traffic server, the log may grow quickly to occupy a large amount of disk space. In this case you may want to set this to a lower number.", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.r3.az.nt.1", - "op.mon.3.az.nw.1" - ], - "CIS-2.0": [ - "4.3.6" - ], - "ProwlerThreatScore-1.0": [ - "3.2.2" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1", - "cc_c_1_2" - ], - "CIS-2.1": [ - "4.3.6" - ], - "CIS-3.0": [ - "5.2.4" - ], - "CCC": [ - "CCC.Logging.CN02.AR02" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.g", - "3.2.5", - "4.1.2.g", - "4.1.4", - "6.1.2.b", - "11.2.2.f", - "12.2.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903743, - "created_time_dt": "2025-10-19T19:55:43.343029", - "desc": "Ensure log_retention_days on PostgreSQL Servers is set to an appropriate value.", - "title": "Ensure Server Parameter 'log_retention_days' is greater than 3 days for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_retention_days_greater_3-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-tumw" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw", - "name": "psql-tumw", - "resource_group": "rg-tumw", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-tumw", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. From Azure Home select the Portal Menu. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for log_retention_days. 5. Input a value between 4 and 7 (inclusive) and click Save. From Azure CLI Use the below command to update log_retention_days configuration. az postgres server configuration set --resource-group -- server-name --name log_retention_days --value <4-7> From Powershell Use the below command to update log_retention_days configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_retention_days -Value <4-7>", - "references": [ - "https://learn.microsoft.com/en-us/rest/api/postgresql/singleserver/configurations/list-by-server?view=rest-postgresql-singleserver-2017-12-01&tabs=HTTP" - ] - }, - "risk_details": "Configuring log_retention_days determines the duration in days that Azure Database for PostgreSQL retains log files. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760903743, - "time_dt": "2025-10-19T19:55:43.343029", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - } -] diff --git a/website/src/data/test-results/for-osff/secure-azure-storage/results/secure-azure-storage-combined.ocsf.json b/website/src/data/test-results/for-osff/secure-azure-storage/results/secure-azure-storage-combined.ocsf.json deleted file mode 100644 index 3ccfbb86..00000000 --- a/website/src/data/test-results/for-osff/secure-azure-storage/results/secure-azure-storage-combined.ocsf.json +++ /dev/null @@ -1,76 +0,0 @@ -[ - { - "activity_id": 1, - "activity_name": "Test", - "category_name": "Findings", - "category_uid": 2, - "class_name": "Compliance Finding", - "class_uid": 2004, - "finding_info": { - "created_time": 1760904028, - "created_time_dt": "2025-10-19T20:00:28Z", - "desc": "Compliance test scenario: Cleanup", - "title": "Cleanup", - "types": [], - "uid": "ccc-test-487-1760904028" - }, - "message": "Cleanup", - "metadata": { - "event_code": "ccc_compliance_test", - "product": { - "name": "CCC-Destructive", - "uid": "CCC-Destructive", - "vendor_name": "FINOS", - "version": "0.1" - }, - "profiles": [ - "cloud", - "datetime" - ], - "version": "1.4.0" - }, - "resources": [ - { - "cloud_partition": "azure", - "data": { - "details": " service on :", - "metadata": { - "findings": [], - "name": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808", - "region": "eastus", - "status": "ACTIVE", - "tags": [], - "type": "Microsoft.Storage/storageAccounts" - } - }, - "group": { - "name": "Microsoft.Storage/storageAccounts" - }, - "labels": [ - "{\"Owner\": \"CFI\", \"Environment\": \"Production\"}" - ], - "name": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808", - "region": "eastus", - "type": "Microsoft.Storage/storageAccounts", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808" - } - ], - "severity": "Medium", - "severity_id": 3, - "status": "New", - "status_code": "SKIP", - "status_detail": "βœ“ a cloud api for \"{Provider}\" in \"api\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" with parameter \"object-storage\"\nβœ“ I refer to \"{result}\" as \"storage\"\nβœ“ I call \"{api}\" with \"GetServiceAPI\" with parameter \"iam\"\nβœ“ I refer to \"{result}\" as \"iamService\"\nβœ— I call \"{storage}\" with \"CreateBucket\" with parameter \"test-bucket-obj-write\" - Error: reflect: call of reflect.Value.MethodByName on zero Value\n⊘ I refer to \"{result}\" as \"bucket\" (skipped)\n⊘ I call \"{storage}\" with \"DeleteBucket\" with parameter \"{bucket.ID}\" (skipped)\n⊘ I call \"{iamService}\" with \"DestroyUser\" with parameter \"{testUserTrusted}\" (skipped)\n⊘ I call \"{iamService}\" with \"DestroyUser\" with parameter \"{testUserUntrusted}\" (skipped)", - "status_id": 1, - "time": 1760904028, - "time_dt": "2025-10-19T20:00:28Z", - "type_name": "Compliance Finding: Test", - "type_uid": 200401, - "unmapped": { - "compliance": { - "CCC": [ - "CCC.ObjStor.C01.TR04" - ] - } - } - } -] \ No newline at end of file diff --git a/website/src/data/test-results/for-osff/secure-azure-storage/results/secure-azure-storage-complete.ocsf.json b/website/src/data/test-results/for-osff/secure-azure-storage/results/secure-azure-storage-complete.ocsf.json deleted file mode 100644 index 025c897b..00000000 --- a/website/src/data/test-results/for-osff/secure-azure-storage/results/secure-azure-storage-complete.ocsf.json +++ /dev/null @@ -1,14774 +0,0 @@ -[ - { - "message": "There are no AppInsight configured in subscription Azure subscription 1.", - "metadata": { - "event_code": "appinsights_ensure_is_configured", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "There are no AppInsight configured in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/azure-monitor/app/app-insights-overview", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Because Application Insights relies on a Log Analytics Workspace, an organization will incur additional expenses when using this service.", - "compliance": { - "ENS-RD2022": [ - "mp.s.4.r1.az.nt.2" - ], - "CIS-2.0": [ - "5.3.1" - ], - "ProwlerThreatScore-1.0": [ - "3.3.13" - ], - "CIS-2.1": [ - "5.3.1" - ], - "CIS-3.0": [ - "6.3.1" - ], - "CCC": [ - "CCC.Logging.CN01.AR01" - ], - "PCI-4.0": [ - "10.2.1.1.3", - "10.2.1.2.3", - "10.2.1.3.3", - "10.2.1.4.3", - "10.2.1.5.3", - "10.2.1.6.3", - "10.2.1.7.3", - "10.2.1.3", - "10.2.2.3", - "10.4.1.1.1", - "10.4.1.1", - "10.4.2.1", - "10.6.3.3", - "10.7.1.1", - "10.7.2.1", - "5.3.4.3", - "A1.2.1.3", - "A3.3.1.1", - "A3.5.1.1" - ], - "CIS-4.0": [ - "7.1.3.1" - ], - "NIS2": [ - "3.2.3.h", - "5.1.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Application Insights within Azure act as an Application Performance Monitoring solution providing valuable data into how well an application performs and additional information when performing incident response. The types of log data collected include application metrics, telemetry data, and application trace logging data providing organizations with detailed information about application activity and application transactions. Both data sets help organizations adopt a proactive and retroactive means to handle security and performance related metrics within their modern applications.", - "title": "Ensure Application Insights are Configured.", - "types": [], - "uid": "prowler-azure-appinsights_ensure_is_configured-3bb71587-4549-4396-8898-9e15f062e665-global-AppInsights" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "appinsights" - }, - "labels": [], - "name": "AppInsights", - "type": "Microsoft.Insights/components", - "uid": "AppInsights" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. Navigate to Application Insights 2. Under the Basics tab within the PROJECT DETAILS section, select the Subscription 3. Select the Resource group 4. Within the INSTANCE DETAILS, enter a Name 5. Select a Region 6. Next to Resource Mode, select Workspace-based 7. Within the WORKSPACE DETAILS, select the Subscription for the log analytics workspace 8. Select the appropriate Log Analytics Workspace 9. Click Next:Tags > 10. Enter the appropriate Tags as Name, Value pairs. 11. Click Next:Review+Create 12. Click Create.", - "references": [] - }, - "risk_details": "Configuring Application Insights provides additional data not found elsewhere within Azure as part of a much larger logging and monitoring program within an organization's Information Security practice. The types and contents of these logs will act as both a potential cost saving measure (application performance) and a means to potentially confirm the source of a potential incident (trace logging). Metrics and Telemetry data provide organizations with a proactive approach to cost savings by monitoring an application's performance, while the trace logging data provides necessary details in a reactive incident response scenario by helping organizations identify the potential source of an incident within their application.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Defender Auto Provisioning Log Analytics Agents from subscription Azure subscription 1 is set to OFF.", - "metadata": { - "event_code": "defender_auto_provisioning_log_analytics_agent_vms_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Defender Auto Provisioning Log Analytics Agents from subscription Azure subscription 1 is set to OFF.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/azure/security-center/security-center-data-security", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.mon.3.r2.az.de.1", - "mp.s.4.r1.az.nt.5" - ], - "MITRE-ATTACK": [ - "T1190" - ], - "CIS-2.0": [ - "2.1.15" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1", - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "2.1.14" - ], - "CIS-3.0": [ - "3.1.1.1" - ], - "NIS2": [ - "2.1.2.h", - "3.1.2.d", - "3.2.3.c", - "3.2.3.e", - "3.2.3.g", - "3.6.2", - "6.9.2", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Ensure that Auto provisioning of 'Log Analytics agent for Azure VMs' is Set to 'On'. The Microsoft Monitoring Agent scans for various security-related configurations and events such as system updates, OS vulnerabilities, endpoint protection, and provides alerts.", - "title": "Ensure that Auto provisioning of 'Log Analytics agent for Azure VMs' is Set to 'On'", - "types": [], - "uid": "prowler-azure-defender_auto_provisioning_log_analytics_agent_vms_on-3bb71587-4549-4396-8898-9e15f062e665-global-default" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/autoProvisioningSettings/default", - "resource_name": "default", - "resource_type": "Microsoft.Security/autoProvisioningSettings", - "auto_provision": "Off" - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "default", - "type": "AzureDefenderPlan", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/autoProvisioningSettings/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "Ensure comprehensive visibility into possible security vulnerabilities, including missing updates, misconfigured operating system security settings, and active threats, allowing for timely mitigation and improved overall security posture", - "references": [ - "https://learn.microsoft.com/en-us/azure/defender-for-cloud/monitoring-components" - ] - }, - "risk_details": "Missing critical security information about your Azure VMs, such as security alerts, security recommendations, and change tracking.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Container image scan is disabled in subscription Azure subscription 1.", - "metadata": { - "event_code": "defender_container_images_scan_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Container image scan is disabled in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/container-registry/container-registry-check-health", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "When using an Azure container registry, you might occasionally encounter problems. For example, you might not be able to pull a container image because of an issue with Docker in your local environment. Or, a network issue might prevent you from connecting to the registry.", - "compliance": { - "MITRE-ATTACK": [ - "T1190", - "T1525" - ], - "ISO27001-2022": [ - "A.5.19", - "A.5.21", - "A.5.25", - "A.5.28", - "A.5.29", - "A.8.7", - "A.8.9" - ], - "SOC2": [ - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CCC": [ - "CCC.CntrReg.CN01.AR01" - ], - "PCI-4.0": [ - "11.3.1.2.1", - "11.3.1.3.3", - "11.3.1.3" - ], - "NIS2": [ - "2.2.1", - "3.1.2.d", - "3.6.2", - "5.1.4.f", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Scan images being deployed to Azure (AKS) for vulnerabilities. Vulnerability scanning for images stored in Azure Container Registry is generally available in Azure Security Center. This capability is powered by Qualys, a leading provider of information security. When you push an image to Container Registry, Security Center automatically scans it, then checks for known vulnerabilities in packages or dependencies defined in the file. When the scan completes (after about 10 minutes), Security Center provides details and a security classification for each vulnerability detected, along with guidance on how to remediate issues and protect vulnerable attack surfaces.", - "title": "Ensure Image Vulnerability Scanning using Azure Defender image scanning or a third party provider", - "types": [], - "uid": "prowler-azure-defender_container_images_scan_enabled-3bb71587-4549-4396-8898-9e15f062e665-global-Containers" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/Containers", - "resource_name": "Containers", - "pricing_tier": "Free", - "free_trial_remaining_time": 2592000.0, - "extensions": {} - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "Containers", - "type": "Microsoft.Security", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/Containers" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "", - "references": [ - "https://learn.microsoft.com/en-us/azure/container-registry/scan-images-defender" - ] - }, - "risk_details": "Vulnerabilities in software packages can be exploited by hackers or malicious users to obtain unauthorized access to local cloud resources. Azure Defender and other third party products allow images to be scanned for known vulnerabilities.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Defender plan Defender for App Services from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "metadata": { - "event_code": "defender_ensure_defender_for_app_services_is_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Defender plan Defender for App Services from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.s.4.r1.az.nt.3" - ], - "MITRE-ATTACK": [ - "T1190", - "T1059", - "T1204", - "T1552", - "T1486", - "T1499", - "T1496", - "T1087" - ], - "ISO27001-2022": [ - "A.5.19", - "A.5.21", - "A.5.25", - "A.5.28", - "A.5.29", - "A.8.7", - "A.8.9" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CIS-2.1": [ - "2.1.2" - ], - "CIS-3.0": [ - "3.1.6.1" - ], - "CIS-4.0": [ - "9.1.6.1" - ], - "NIS2": [ - "3.6.2", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Ensure That Microsoft Defender for App Services Is Set To 'On' ", - "title": "Ensure That Microsoft Defender for App Services Is Set To 'On' ", - "types": [], - "uid": "prowler-azure-defender_ensure_defender_for_app_services_is_on-3bb71587-4549-4396-8898-9e15f062e665-global-Defender plan App Services" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/AppServices", - "resource_name": "AppServices", - "pricing_tier": "Free", - "free_trial_remaining_time": 2592000.0, - "extensions": {} - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "Defender plan App Services", - "type": "AzureDefenderPlan", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/AppServices" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "By default, Microsoft Defender for Cloud is not enabled for your App Service instances. Enabling the Defender security service for App Service instances allows for advanced security defense using threat detection capabilities provided by Microsoft Security Response Center.", - "references": [] - }, - "risk_details": "Turning on Microsoft Defender for App Service enables threat detection for App Service, providing threat intelligence, anomaly detection, and behavior analytics in the Microsoft Defender for Cloud.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Defender plan Defender for ARM from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "metadata": { - "event_code": "defender_ensure_defender_for_arm_is_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Defender plan Defender for ARM from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.s.4.r1.az.nt.3" - ], - "MITRE-ATTACK": [ - "T1190", - "T1562", - "T1486", - "T1499", - "T1087", - "T1580", - "T1538", - "T1526", - "T1069" - ], - "CIS-2.0": [ - "2.1.12" - ], - "ISO27001-2022": [ - "A.5.19", - "A.5.21", - "A.5.25", - "A.5.28", - "A.5.29", - "A.8.7", - "A.8.9" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CIS-2.1": [ - "2.1.11" - ], - "CIS-3.0": [ - "3.1.9.1" - ], - "CIS-4.0": [ - "9.1.9.1" - ], - "NIS2": [ - "3.6.2", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Ensure That Microsoft Defender for Azure Resource Manager Is Set To 'On' ", - "title": "Ensure That Microsoft Defender for Azure Resource Manager Is Set To 'On' ", - "types": [], - "uid": "prowler-azure-defender_ensure_defender_for_arm_is_on-3bb71587-4549-4396-8898-9e15f062e665-global-Defender plan ARM" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/Arm", - "resource_name": "Arm", - "pricing_tier": "Free", - "free_trial_remaining_time": 2592000.0, - "extensions": {} - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "Defender plan ARM", - "type": "AzureDefenderPlan", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/Arm" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "Enable Microsoft Defender for Azure Resource Manager", - "references": [] - }, - "risk_details": "Scanning resource requests lets you be alerted every time there is suspicious activity in order to prevent a security threat from being introduced.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Defender plan Defender for Azure SQL DB Servers from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "metadata": { - "event_code": "defender_ensure_defender_for_azure_sql_databases_is_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Defender plan Defender for Azure SQL DB Servers from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.s.4.r1.az.nt.4" - ], - "MITRE-ATTACK": [ - "T1190", - "T1486", - "T1499" - ], - "CIS-2.0": [ - "2.1.4" - ], - "ISO27001-2022": [ - "A.5.19", - "A.5.21", - "A.5.25", - "A.5.28", - "A.5.29", - "A.8.7", - "A.8.9" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CIS-2.1": [ - "2.1.3" - ], - "CIS-3.0": [ - "3.1.7.3" - ], - "CIS-4.0": [ - "9.1.7.3" - ], - "NIS2": [ - "3.6.2", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Ensure That Microsoft Defender for Azure SQL Databases Is Set To 'On' ", - "title": "Ensure That Microsoft Defender for Azure SQL Databases Is Set To 'On' ", - "types": [], - "uid": "prowler-azure-defender_ensure_defender_for_azure_sql_databases_is_on-3bb71587-4549-4396-8898-9e15f062e665-global-SqlServers" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/SqlServers", - "resource_name": "SqlServers", - "pricing_tier": "Free", - "free_trial_remaining_time": 2592000.0, - "extensions": {} - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "SqlServers", - "type": "AzureDefenderPlan", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/SqlServers" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "By default, Microsoft Defender for Cloud is disabled for all your SQL database servers. Defender for Cloud monitors your SQL database servers for threats such as SQL injection, brute-force attacks, and privilege abuse. The security service provides action-oriented security alerts with details of the suspicious activity and guidance on how to mitigate the security threats.", - "references": [] - }, - "risk_details": "Turning on Microsoft Defender for Azure SQL Databases enables threat detection for Azure SQL database servers, providing threat intelligence, anomaly detection, and behavior analytics in the Microsoft Defender for Cloud.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Defender plan Defender for Containers from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "metadata": { - "event_code": "defender_ensure_defender_for_containers_is_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Defender plan Defender for Containers from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.s.4.r1.az.nt.3" - ], - "MITRE-ATTACK": [ - "T1190", - "T1525", - "T1486", - "T1499" - ], - "CIS-2.0": [ - "2.1.8" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.19", - "A.5.21", - "A.5.22", - "A.5.25", - "A.5.28", - "A.5.29", - "A.8.7", - "A.8.9" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CIS-2.1": [ - "2.1.8" - ], - "CIS-3.0": [ - "3.1.4.1" - ], - "CIS-4.0": [ - "9.1.4.1" - ], - "NIS2": [ - "3.6.2", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Ensure That Microsoft Defender for Containers Is Set To 'On' ", - "title": "Ensure That Microsoft Defender for Containers Is Set To 'On' ", - "types": [], - "uid": "prowler-azure-defender_ensure_defender_for_containers_is_on-3bb71587-4549-4396-8898-9e15f062e665-global-Containers" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/Containers", - "resource_name": "Containers", - "pricing_tier": "Free", - "free_trial_remaining_time": 2592000.0, - "extensions": {} - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "Containers", - "type": "AzureDefenderPlan", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/Containers" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "By default, Microsoft Defender for Cloud is not enabled for your Azure cloud containers. Enabling the Defender security service for Azure containers allows for advanced security defense against threats, using threat detection capabilities provided by the Microsoft Security Response Center (MSRC).", - "references": [] - }, - "risk_details": "Ensure that Microsoft Defender for Cloud is enabled for all your Azure containers. Turning on the Defender for Cloud service enables threat detection for containers, providing threat intelligence, anomaly detection, and behavior analytics.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Defender plan Defender for Cosmos DB from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "metadata": { - "event_code": "defender_ensure_defender_for_cosmosdb_is_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Defender plan Defender for Cosmos DB from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.s.4.r1.az.nt.4" - ], - "MITRE-ATTACK": [ - "T1190", - "T1486", - "T1499" - ], - "CIS-2.0": [ - "2.1.9" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.19", - "A.5.21", - "A.5.22", - "A.5.25", - "A.5.28", - "A.5.29", - "A.8.7", - "A.8.9" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CIS-2.1": [ - "2.1.6" - ], - "CIS-3.0": [ - "3.1.7.1" - ], - "CIS-4.0": [ - "9.1.7.1" - ], - "NIS2": [ - "3.6.2", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Ensure That Microsoft Defender for Cosmos DB Is Set To 'On' ", - "title": "Ensure That Microsoft Defender for Cosmos DB Is Set To 'On' ", - "types": [], - "uid": "prowler-azure-defender_ensure_defender_for_cosmosdb_is_on-3bb71587-4549-4396-8898-9e15f062e665-global-Defender plan Cosmos DB" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/CosmosDbs", - "resource_name": "CosmosDbs", - "pricing_tier": "Free", - "free_trial_remaining_time": 2592000.0, - "extensions": {} - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "Defender plan Cosmos DB", - "type": "AzureDefenderPlan", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/CosmosDbs" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "By default, Microsoft Defender for Cloud is not enabled for your App Service instances. Enabling the Defender security service for App Service instances allows for advanced security defense using threat detection capabilities provided by Microsoft Security Response Center.", - "references": [ - "Enable Microsoft Defender for Cosmos DB" - ] - }, - "risk_details": "In scanning Cosmos DB requests within a subscription, requests are compared to a heuristic list of potential security threats. These threats could be a result of a security breach within your services, thus scanning for them could prevent a potential security threat from being introduced.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Defender plan Defender for Databases from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "metadata": { - "event_code": "defender_ensure_defender_for_databases_is_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Defender plan Defender for Databases from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.s.4.r1.az.nt.4" - ], - "MITRE-ATTACK": [ - "T1190", - "T1486", - "T1499" - ], - "CIS-2.0": [ - "2.1.3" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.19", - "A.5.21", - "A.5.22", - "A.5.25", - "A.5.28", - "A.5.29", - "A.8.7", - "A.8.9" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "NIS2": [ - "3.6.2", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Ensure That Microsoft Defender for Databases Is Set To 'On' ", - "title": "Ensure That Microsoft Defender for Databases Is Set To 'On' ", - "types": [], - "uid": "prowler-azure-defender_ensure_defender_for_databases_is_on-3bb71587-4549-4396-8898-9e15f062e665-global-SqlServers" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/SqlServers", - "resource_name": "SqlServers", - "pricing_tier": "Free", - "free_trial_remaining_time": 2592000.0, - "extensions": {} - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "SqlServers", - "type": "AzureDefenderPlan", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/SqlServers" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "Enable Microsoft Defender for Azure SQL Databases", - "references": [] - }, - "risk_details": "Enabling Microsoft Defender for Azure SQL Databases allows your organization more granular control of the infrastructure running your database software", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Defender plan Defender for DNS from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "metadata": { - "event_code": "defender_ensure_defender_for_dns_is_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Defender plan Defender for DNS from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.s.4.r1.az.nt.3" - ], - "MITRE-ATTACK": [ - "T1190", - "T1486", - "T1499" - ], - "CIS-2.0": [ - "2.1.11" - ], - "ProwlerThreatScore-1.0": [ - "3.3.21" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.19", - "A.5.21", - "A.5.22", - "A.5.25", - "A.5.28", - "A.5.29", - "A.8.7", - "A.8.9" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CIS-2.1": [ - "2.1.10" - ], - "CIS-3.0": [ - "3.1.16" - ], - "CIS-4.0": [ - "9.1.17" - ], - "NIS2": [ - "3.6.2", - "6.7.2.i", - "6.7.2.l", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Ensure That Microsoft Defender for DNS Is Set To 'On' ", - "title": "Ensure That Microsoft Defender for DNS Is Set To 'On' ", - "types": [], - "uid": "prowler-azure-defender_ensure_defender_for_dns_is_on-3bb71587-4549-4396-8898-9e15f062e665-global-Defender plan DNS" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/Dns", - "resource_name": "Dns", - "pricing_tier": "Free", - "free_trial_remaining_time": 2592000.0, - "extensions": {} - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "Defender plan DNS", - "type": "AzureDefenderPlan", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/Dns" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "By default, Microsoft Defender for Cloud is not enabled for your App Service instances. Enabling the Defender security service for App Service instances allows for advanced security defense using threat detection capabilities provided by Microsoft Security Response Center.", - "references": [] - }, - "risk_details": "DNS lookups within a subscription are scanned and compared to a dynamic list of websites that might be potential security threats. These threats could be a result of a security breach within your services, thus scanning for them could prevent a potential security threat from being introduced.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Defender plan Defender for KeyVaults from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "metadata": { - "event_code": "defender_ensure_defender_for_keyvault_is_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Defender plan Defender for KeyVaults from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r1.az.eid.3" - ], - "MITRE-ATTACK": [ - "T1190", - "T1486", - "T1499", - "T1580" - ], - "CIS-2.0": [ - "2.1.10" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.19", - "A.5.21", - "A.5.22", - "A.5.25", - "A.5.28", - "A.5.29", - "A.8.7", - "A.8.9" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CIS-2.1": [ - "2.1.9" - ], - "CIS-3.0": [ - "3.1.8.1" - ], - "PCI-4.0": [ - "3.5.1.31", - "3.5.1.32", - "8.3.2.50", - "8.3.2.51" - ], - "CIS-4.0": [ - "9.1.8.1" - ], - "NIS2": [ - "3.6.2", - "6.9.2", - "9.2.c", - "9.2.c.iv" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Ensure That Microsoft Defender for KeyVault Is Set To 'On' ", - "title": "Ensure That Microsoft Defender for KeyVault Is Set To 'On' ", - "types": [], - "uid": "prowler-azure-defender_ensure_defender_for_keyvault_is_on-3bb71587-4549-4396-8898-9e15f062e665-global-Defender plan KeyVaults" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/KeyVaults", - "resource_name": "KeyVaults", - "pricing_tier": "Free", - "free_trial_remaining_time": 2592000.0, - "extensions": {} - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "Defender plan KeyVaults", - "type": "AzureDefenderPlan", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/KeyVaults" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "Ensure that Microsoft Defender for Cloud is enabled for Azure key vaults. Key Vault is the Azure cloud service that safeguards encryption keys and secrets like certificates, connection-based strings, and passwords.", - "references": [] - }, - "risk_details": "By default, Microsoft Defender for Cloud is disabled for Azure key vaults. Defender for Cloud detects unusual and potentially harmful attempts to access or exploit your Azure Key Vault data. This layer of protection allows you to address threats without being a security expert, and without the need to use and manage third-party security monitoring tools or services.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Defender plan Defender for Open-Source Relational Databases from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "metadata": { - "event_code": "defender_ensure_defender_for_os_relational_databases_is_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Defender plan Defender for Open-Source Relational Databases from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.s.4.r1.az.nt.4" - ], - "MITRE-ATTACK": [ - "T1190", - "T1486", - "T1499" - ], - "CIS-2.0": [ - "2.1.6" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.19", - "A.5.21", - "A.5.22", - "A.5.25", - "A.5.28", - "A.5.29", - "A.8.7", - "A.8.9" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CIS-2.1": [ - "2.1.5" - ], - "CIS-3.0": [ - "3.1.7.2" - ], - "CIS-4.0": [ - "9.1.7.2" - ], - "NIS2": [ - "3.6.2", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Ensure That Microsoft Defender for Open-Source Relational Databases Is Set To 'On' ", - "title": "Ensure That Microsoft Defender for Open-Source Relational Databases Is Set To 'On' ", - "types": [], - "uid": "prowler-azure-defender_ensure_defender_for_os_relational_databases_is_on-3bb71587-4549-4396-8898-9e15f062e665-global-Defender plan Open-Source Relational Databases" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/OpenSourceRelationalDatabases", - "resource_name": "OpenSourceRelationalDatabases", - "pricing_tier": "Free", - "free_trial_remaining_time": 2592000.0, - "extensions": {} - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "Defender plan Open-Source Relational Databases", - "type": "AzureDefenderPlan", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/OpenSourceRelationalDatabases" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "Enabling Microsoft Defender for Open-source relational databases allows for greater defense-in-depth, with threat detection provided by the Microsoft Security Response Center (MSRC).", - "references": [] - }, - "risk_details": "Turning on Microsoft Defender for Open-source relational databases enables threat detection for Open-source relational databases, providing threat intelligence, anomaly detection, and behavior analytics in the Microsoft Defender for Cloud.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Defender plan Defender for Servers from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "metadata": { - "event_code": "defender_ensure_defender_for_server_is_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Defender plan Defender for Servers from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.mon.3.r1.az.ev.1", - "mp.s.4.r1.az.nt.3" - ], - "MITRE-ATTACK": [ - "T1190", - "T1486", - "T1499" - ], - "CIS-2.0": [ - "2.1.1", - "2.1.2" - ], - "ProwlerThreatScore-1.0": [ - "1.1.4" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.19", - "A.5.21", - "A.5.22", - "A.5.25", - "A.5.28", - "A.5.29", - "A.8.7", - "A.8.9" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CIS-2.1": [ - "2.1.1" - ], - "CIS-3.0": [ - "2.2.8", - "3.1.3.1" - ], - "CIS-4.0": [ - "6.2.7", - "9.1.3.1" - ], - "NIS2": [ - "3.6.2", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Ensure That Microsoft Defender for Servers Is Set to 'On'", - "title": "Ensure That Microsoft Defender for Servers Is Set to 'On'", - "types": [], - "uid": "prowler-azure-defender_ensure_defender_for_server_is_on-3bb71587-4549-4396-8898-9e15f062e665-global-Defender plan Servers" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/VirtualMachines", - "resource_name": "VirtualMachines", - "pricing_tier": "Free", - "free_trial_remaining_time": 2592000.0, - "extensions": {} - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "Defender plan Servers", - "type": "AzureDefenderPlan", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/VirtualMachines" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "Enabling Microsoft Defender for Cloud standard pricing tier allows for better security assessment with threat detection provided by the Microsoft Security Response Center (MSRC), advanced security policies, adaptive application control, network threat detection, and regulatory compliance management.", - "references": [] - }, - "risk_details": "Turning on Microsoft Defender for Servers enables threat detection for Servers, providing threat intelligence, anomaly detection, and behavior analytics in the Microsoft Defender for Cloud.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Defender plan Defender for SQL Server VMs from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "metadata": { - "event_code": "defender_ensure_defender_for_sql_servers_is_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Defender plan Defender for SQL Server VMs from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.s.4.r1.az.nt.4" - ], - "MITRE-ATTACK": [ - "T1190", - "T1486", - "T1499" - ], - "CIS-2.0": [ - "2.1.5" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.19", - "A.5.21", - "A.5.22", - "A.5.25", - "A.5.28", - "A.5.29", - "A.8.7", - "A.8.9" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CIS-2.1": [ - "2.1.4" - ], - "CIS-3.0": [ - "3.1.7.4" - ], - "CIS-4.0": [ - "9.1.7.4" - ], - "NIS2": [ - "3.6.2", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Ensure That Microsoft Defender for SQL Servers on Machines Is Set To 'On' ", - "title": "Ensure That Microsoft Defender for SQL Servers on Machines Is Set To 'On' ", - "types": [], - "uid": "prowler-azure-defender_ensure_defender_for_sql_servers_is_on-3bb71587-4549-4396-8898-9e15f062e665-global-Defender plan SQL Server VMs" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/SqlServerVirtualMachines", - "resource_name": "SqlServerVirtualMachines", - "pricing_tier": "Free", - "free_trial_remaining_time": 2592000.0, - "extensions": {} - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "Defender plan SQL Server VMs", - "type": "AzureDefenderPlan", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/SqlServerVirtualMachines" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "By default, Microsoft Defender for Cloud is disabled for the Microsoft SQL servers running on virtual machines. Defender for Cloud for SQL Server virtual machines continuously monitors your SQL database servers for threats such as SQL injection, brute-force attacks, and privilege abuse. The security service provides security alerts together with details of the suspicious activity and guidance on how to mitigate to the security threats.", - "references": [] - }, - "risk_details": "Turning on Microsoft Defender for SQL servers on machines enables threat detection for SQL servers on machines, providing threat intelligence, anomaly detection, and behavior analytics in the Microsoft Defender for Cloud.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Defender plan Defender for Storage Accounts from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "metadata": { - "event_code": "defender_ensure_defender_for_storage_is_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Defender plan Defender for Storage Accounts from subscription Azure subscription 1 is set to OFF (pricing tier not standard).", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.s.4.r1.az.nt.5" - ], - "MITRE-ATTACK": [ - "T1190", - "T1537", - "T1530", - "T1485", - "T1486", - "T1499" - ], - "CIS-2.0": [ - "2.1.7" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.19", - "A.5.21", - "A.5.22", - "A.5.25", - "A.5.28", - "A.5.29", - "A.8.7", - "A.8.9" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CIS-2.1": [ - "2.1.7" - ], - "CIS-3.0": [ - "3.1.5.1" - ], - "CIS-4.0": [ - "9.1.5.1" - ], - "NIS2": [ - "3.6.2", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Ensure That Microsoft Defender for Storage Is Set To 'On' ", - "title": "Ensure That Microsoft Defender for Storage Is Set To 'On' ", - "types": [], - "uid": "prowler-azure-defender_ensure_defender_for_storage_is_on-3bb71587-4549-4396-8898-9e15f062e665-global-Defender plan Storage Accounts" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/StorageAccounts", - "resource_name": "StorageAccounts", - "pricing_tier": "Free", - "free_trial_remaining_time": 2592000.0, - "extensions": {} - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "Defender plan Storage Accounts", - "type": "AzureDefenderPlan", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/pricings/StorageAccounts" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "By default, Microsoft Defender for Cloud is disabled for your storage accounts. Enabling the Defender security service for Azure storage accounts allows for advanced security defense using threat detection capabilities provided by the Microsoft Security Response Center (MSRC). MSRC investigates all reports of security vulnerabilities affecting Microsoft products and services, including Azure cloud services.", - "references": [] - }, - "risk_details": "Ensure that Microsoft Defender for Cloud is enabled for your Microsoft Azure storage accounts. Defender for storage accounts is an Azure-native layer of security intelligence that detects unusual and potentially harmful attempts to access or exploit your Azure cloud storage accounts.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No IoT Security Solutions found in the subscription Azure subscription 1.", - "metadata": { - "event_code": "defender_ensure_iot_hub_defender_is_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "No IoT Security Solutions found in the subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://azure.microsoft.com/en-us/services/iot-defender/#overview", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Enabling Microsoft Defender for IoT will incur additional charges dependent on the level of usage.", - "compliance": { - "ENS-RD2022": [ - "mp.s.4.r1.az.nt.3" - ], - "MITRE-ATTACK": [ - "T1190", - "T1486", - "T1499" - ], - "CIS-2.0": [ - "2.2.1" - ], - "ISO27001-2022": [ - "A.5.19", - "A.5.21", - "A.5.25", - "A.5.28", - "A.5.29", - "A.8.7", - "A.8.9" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CIS-2.1": [ - "2.2.1" - ], - "CIS-3.0": [ - "3.2.1" - ], - "CIS-4.0": [ - "9.2.1" - ], - "NIS2": [ - "3.6.2", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Microsoft Defender for IoT acts as a central security hub for IoT devices within your organization.", - "title": "Ensure That Microsoft Defender for IoT Hub Is Set To 'On'", - "types": [], - "uid": "prowler-azure-defender_ensure_iot_hub_defender_is_on-3bb71587-4549-4396-8898-9e15f062e665-global-IoT Hub Defender" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "IoT Hub Defender", - "type": "DefenderIoT", - "uid": "IoT Hub Defender" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. Go to IoT Hub. 2. Select a IoT Hub to validate. 3. Select Overview in Defender for IoT. 4. Click on Secure your IoT solution, and complete the onboarding.", - "references": [ - "https://learn.microsoft.com/en-us/azure/defender-for-iot/device-builders/quickstart-onboard-iot-hub" - ] - }, - "risk_details": "IoT devices are very rarely patched and can be potential attack vectors for enterprise networks. Updating their network configuration to use a central security hub allows for detection of these breaches.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Microsoft Defender for Cloud Apps is enabled for subscription Azure subscription 1.", - "metadata": { - "event_code": "defender_ensure_mcas_is_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Microsoft Defender for Cloud Apps is enabled for subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-in/azure/defender-for-cloud/defender-for-cloud-introduction#secure-cloud-applications", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Microsoft Defender for Cloud Apps works with Standard pricing tier Subscription. Choosing the Standard pricing tier of Microsoft Defender for Cloud incurs an additional cost per resource.", - "compliance": { - "ENS-RD2022": [ - "mp.s.4.r1.az.nt.3" - ], - "MITRE-ATTACK": [ - "T1190", - "T1486" - ], - "CIS-2.0": [ - "2.1.21" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.22" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CIS-2.1": [ - "2.1.20" - ], - "CIS-3.0": [ - "3.1.1.2" - ], - "PCI-4.0": [ - "11.5.1.1.2", - "11.5.1.2" - ], - "NIS2": [ - "3.6.2", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "This integration setting enables Microsoft Defender for Cloud Apps (formerly 'Microsoft Cloud App Security' or 'MCAS' - see additional info) to communicate with Microsoft Defender for Cloud.", - "title": "Ensure that Microsoft Defender for Cloud Apps integration with Microsoft Defender for Cloud is Selected", - "types": [], - "uid": "prowler-azure-defender_ensure_mcas_is_enabled-3bb71587-4549-4396-8898-9e15f062e665-global-MCAS" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/settings/MCAS", - "resource_type": "Microsoft.Security/settings", - "kind": "DataExportSettings", - "enabled": true - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "MCAS", - "type": "DefenderSettings", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/settings/MCAS" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. From Azure Home select the Portal Menu. 2. Select Microsoft Defender for Cloud. 3. Select Environment Settings blade. 4. Select the subscription. 5. Check App Service Defender Plan to On. 6. Select Save.", - "references": [ - "https://docs.microsoft.com/en-us/rest/api/securitycenter/settings/list" - ] - }, - "risk_details": "Microsoft Defender for Cloud offers an additional layer of protection by using Azure Resource Manager events, which is considered to be the control plane for Azure. By analyzing the Azure Resource Manager records, Microsoft Defender for Cloud detects unusual or potentially harmful operations in the Azure subscription environment. Several of the preceding analytics are powered by Microsoft Defender for Cloud Apps. To benefit from these analytics, subscription must have a Cloud App Security license. Microsoft Defender for Cloud Apps works only with Standard Tier subscriptions.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Microsoft Defender for Endpoint integration is enabled for subscription Azure subscription 1.", - "metadata": { - "event_code": "defender_ensure_wdatp_is_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Microsoft Defender for Endpoint integration is enabled for subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-in/azure/defender-for-cloud/integration-defender-for-endpoint?tabs=windows", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Microsoft Defender for Endpoint works with Standard pricing tier Subscription. Choosing the Standard pricing tier of Microsoft Defender for Cloud incurs an additional cost per resource.", - "compliance": { - "ENS-RD2022": [ - "op.mon.3.r3.az.de.2" - ], - "MITRE-ATTACK": [ - "T1190" - ], - "CIS-2.0": [ - "2.1.22" - ], - "SOC2": [ - "cc_3_1", - "cc_3_2", - "cc_4_2", - "cc_6_8", - "cc_7_1" - ], - "CIS-2.1": [ - "2.1.21" - ], - "NIS2": [ - "3.6.2", - "6.9.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "This integration setting enables Microsoft Defender for Endpoint (formerly 'Advanced Threat Protection' or 'ATP' or 'WDATP' - see additional info) to communicate with Microsoft Defender for Cloud.", - "title": "Ensure that Microsoft Defender for Endpoint integration with Microsoft Defender for Cloud is selected", - "types": [], - "uid": "prowler-azure-defender_ensure_wdatp_is_enabled-3bb71587-4549-4396-8898-9e15f062e665-global-WDATP" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "resource_id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/settings/WDATP", - "resource_type": "Microsoft.Security/settings", - "kind": "DataExportSettings", - "enabled": true - } - }, - "group": { - "name": "defender" - }, - "labels": [], - "name": "WDATP", - "type": "DefenderSettings", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Security/settings/WDATP" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "", - "references": [ - "https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/azure-server-integration?view=o365-worldwide" - ] - }, - "risk_details": "Microsoft Defender for Endpoint integration brings comprehensive Endpoint Detection and Response (EDR) capabilities within Microsoft Defender for Cloud. This integration helps to spot abnormalities, as well as detect and respond to advanced attacks on endpoints monitored by Microsoft Defender for Cloud. MDE works only with Standard Tier subscriptions.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Role assignment 1b4a98ae-5221-4850-a761-4f9176407028 in subscription Azure subscription 1 does not grant User Access Administrator role.", - "metadata": { - "event_code": "iam_role_user_access_admin_restricted", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Role assignment 1b4a98ae-5221-4850-a761-4f9176407028 in subscription Azure subscription 1 does not grant User Access Administrator role.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/privileged#user-access-administrator", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.LB.CN04.AR01", - "CCC.LB.CN05.AR01", - "CCC.LB.CN09.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.MLDE.CN03.AR01", - "CCC.MLDE.CN03.AR02", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ], - "CIS-4.0": [ - "6.3.3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Checks for active assignments of the highly privileged 'User Access Administrator' role in Azure subscriptions.", - "title": "Ensure 'User Access Administrator' role is restricted", - "types": [], - "uid": "prowler-azure-iam_role_user_access_admin_restricted-3bb71587-4549-4396-8898-9e15f062e665-global-1b4a98ae-5221-4850-a761-4f9176407028" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Authorization/roleAssignments/1b4a98ae-5221-4850-a761-4f9176407028", - "name": "1b4a98ae-5221-4850-a761-4f9176407028", - "scope": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665", - "agent_id": "88c2c157-980b-416e-b77e-ec04f7f1b984", - "agent_type": "User", - "role_id": "8e3af657-a8ff-443c-a75c-2fe8c4bcb635" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "1b4a98ae-5221-4850-a761-4f9176407028", - "type": "AzureIAMRoleassignment", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Authorization/roleAssignments/1b4a98ae-5221-4850-a761-4f9176407028" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "Remove 'User Access Administrator' role assignments immediately after use to minimize security risks.", - "references": [ - "https://learn.microsoft.com/en-us/azure/role-based-access-control/elevate-access-global-admin?tabs=azure-portal%2Centra-audit-logs" - ] - }, - "risk_details": "Persistent assignment of this role can lead to privilege escalation and unauthorized access, increasing the risk of security breaches.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Role assignment 083c1758-89d9-4b12-8005-48e7e359dc4f in subscription Azure subscription 1 does not grant User Access Administrator role.", - "metadata": { - "event_code": "iam_role_user_access_admin_restricted", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Role assignment 083c1758-89d9-4b12-8005-48e7e359dc4f in subscription Azure subscription 1 does not grant User Access Administrator role.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/privileged#user-access-administrator", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.LB.CN04.AR01", - "CCC.LB.CN05.AR01", - "CCC.LB.CN09.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.MLDE.CN03.AR01", - "CCC.MLDE.CN03.AR02", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ], - "CIS-4.0": [ - "6.3.3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Checks for active assignments of the highly privileged 'User Access Administrator' role in Azure subscriptions.", - "title": "Ensure 'User Access Administrator' role is restricted", - "types": [], - "uid": "prowler-azure-iam_role_user_access_admin_restricted-3bb71587-4549-4396-8898-9e15f062e665-global-083c1758-89d9-4b12-8005-48e7e359dc4f" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Authorization/roleAssignments/083c1758-89d9-4b12-8005-48e7e359dc4f", - "name": "083c1758-89d9-4b12-8005-48e7e359dc4f", - "scope": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665", - "agent_id": "88c2c157-980b-416e-b77e-ec04f7f1b984", - "agent_type": "User", - "role_id": "8e3af657-a8ff-443c-a75c-2fe8c4bcb635" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "083c1758-89d9-4b12-8005-48e7e359dc4f", - "type": "AzureIAMRoleassignment", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Authorization/roleAssignments/083c1758-89d9-4b12-8005-48e7e359dc4f" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "Remove 'User Access Administrator' role assignments immediately after use to minimize security risks.", - "references": [ - "https://learn.microsoft.com/en-us/azure/role-based-access-control/elevate-access-global-admin?tabs=azure-portal%2Centra-audit-logs" - ] - }, - "risk_details": "Persistent assignment of this role can lead to privilege escalation and unauthorized access, increasing the risk of security breaches.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Role assignment 2c61de5e-5cbb-42b9-9f2a-9dd930efe3fb in subscription Azure subscription 1 does not grant User Access Administrator role.", - "metadata": { - "event_code": "iam_role_user_access_admin_restricted", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Role assignment 2c61de5e-5cbb-42b9-9f2a-9dd930efe3fb in subscription Azure subscription 1 does not grant User Access Administrator role.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/privileged#user-access-administrator", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.LB.CN04.AR01", - "CCC.LB.CN05.AR01", - "CCC.LB.CN09.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.MLDE.CN03.AR01", - "CCC.MLDE.CN03.AR02", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ], - "CIS-4.0": [ - "6.3.3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Checks for active assignments of the highly privileged 'User Access Administrator' role in Azure subscriptions.", - "title": "Ensure 'User Access Administrator' role is restricted", - "types": [], - "uid": "prowler-azure-iam_role_user_access_admin_restricted-3bb71587-4549-4396-8898-9e15f062e665-global-2c61de5e-5cbb-42b9-9f2a-9dd930efe3fb" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Authorization/roleAssignments/2c61de5e-5cbb-42b9-9f2a-9dd930efe3fb", - "name": "2c61de5e-5cbb-42b9-9f2a-9dd930efe3fb", - "scope": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665", - "agent_id": "88c2c157-980b-416e-b77e-ec04f7f1b984", - "agent_type": "User", - "role_id": "b24988ac-6180-42a0-ab88-20f7382dd24c" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "2c61de5e-5cbb-42b9-9f2a-9dd930efe3fb", - "type": "AzureIAMRoleassignment", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Authorization/roleAssignments/2c61de5e-5cbb-42b9-9f2a-9dd930efe3fb" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "Remove 'User Access Administrator' role assignments immediately after use to minimize security risks.", - "references": [ - "https://learn.microsoft.com/en-us/azure/role-based-access-control/elevate-access-global-admin?tabs=azure-portal%2Centra-audit-logs" - ] - }, - "risk_details": "Persistent assignment of this role can lead to privilege escalation and unauthorized access, increasing the risk of security breaches.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Role assignment 154eadeb-e375-4263-b4bd-4a2a2237ecd2 in subscription Azure subscription 1 does not grant User Access Administrator role.", - "metadata": { - "event_code": "iam_role_user_access_admin_restricted", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Role assignment 154eadeb-e375-4263-b4bd-4a2a2237ecd2 in subscription Azure subscription 1 does not grant User Access Administrator role.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/privileged#user-access-administrator", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CCC": [ - "CCC.GenAI.CN06.AR01", - "CCC.LB.CN04.AR01", - "CCC.LB.CN05.AR01", - "CCC.LB.CN09.AR01", - "CCC.MLDE.CN01.AR01", - "CCC.MLDE.CN03.AR01", - "CCC.MLDE.CN03.AR02", - "CCC.Vector.CN02.AR01", - "CCC.Core.CN05.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05", - "CCC.Core.CN05.AR06" - ], - "CIS-4.0": [ - "6.3.3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Checks for active assignments of the highly privileged 'User Access Administrator' role in Azure subscriptions.", - "title": "Ensure 'User Access Administrator' role is restricted", - "types": [], - "uid": "prowler-azure-iam_role_user_access_admin_restricted-3bb71587-4549-4396-8898-9e15f062e665-global-154eadeb-e375-4263-b4bd-4a2a2237ecd2" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Authorization/roleAssignments/154eadeb-e375-4263-b4bd-4a2a2237ecd2", - "name": "154eadeb-e375-4263-b4bd-4a2a2237ecd2", - "scope": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665", - "agent_id": "80dfb9bd-1c99-4012-9de7-580a68334b45", - "agent_type": "ServicePrincipal", - "role_id": "8e3af657-a8ff-443c-a75c-2fe8c4bcb635" - } - }, - "group": { - "name": "iam" - }, - "labels": [], - "name": "154eadeb-e375-4263-b4bd-4a2a2237ecd2", - "type": "AzureIAMRoleassignment", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Authorization/roleAssignments/154eadeb-e375-4263-b4bd-4a2a2237ecd2" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "Remove 'User Access Administrator' role assignments immediately after use to minimize security risks.", - "references": [ - "https://learn.microsoft.com/en-us/azure/role-based-access-control/elevate-access-global-admin?tabs=azure-portal%2Centra-audit-logs" - ] - }, - "risk_details": "Persistent assignment of this role can lead to privilege escalation and unauthorized access, increasing the risk of security breaches.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There is not an alert for creating Policy Assignments in subscription Azure subscription 1.", - "metadata": { - "event_code": "monitor_alert_create_policy_assignment", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "There is not an alert for creating Policy Assignments in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://azure.microsoft.com/en-us/updates/classic-alerting-monitoring-retirement", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "By default, no monitoring alerts are created.", - "compliance": { - "ENS-RD2022": [ - "op.mon.2.r1.az.ma.1" - ], - "MITRE-ATTACK": [ - "T1496" - ], - "CIS-2.0": [ - "5.2.1" - ], - "ProwlerThreatScore-1.0": [ - "3.3.3" - ], - "ISO27001-2022": [ - "A.5.7", - "A.8.16" - ], - "SOC2": [ - "cc_2_1", - "cc_5_2", - "cc_7_3", - "cc_7_4", - "cc_8_1" - ], - "CIS-2.1": [ - "5.2.1" - ], - "CIS-3.0": [ - "6.2.1" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR02", - "CCC.KeyMgmt.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.LB.CN04.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN07.AR02" - ], - "CIS-4.0": [ - "7.1.2.1" - ], - "NIS2": [ - "2.2.3", - "3.2.1", - "3.2.2", - "3.2.3.b", - "3.2.3.f", - "3.2.4", - "3.4.1", - "3.5.4", - "4.3.2.c", - "6.4.1", - "7.2.b", - "11.3.1", - "11.5.2.d" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Create an activity log alert for the Create Policy Assignment event.", - "title": "Ensure that Activity Log Alert exists for Create Policy Assignment", - "types": [], - "uid": "prowler-azure-monitor_alert_create_policy_assignment-3bb71587-4549-4396-8898-9e15f062e665-global-Monitor" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "monitor" - }, - "labels": [], - "name": "Monitor", - "type": "Monitor", - "uid": "Monitor" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. Navigate to the Monitor blade. 2. Select Alerts. 3. Select Create. 4. Select Alert rule. 5. Under Filter by subscription, choose a subscription. 6. Under Filter by resource type, select Policy assignment (policyAssignments). 7. Under Filter by location, select All. 8. From the results, select the subscription. 9. Select Done. 10. Select the Condition tab. 11. Under Signal name, click Create policy assignment (Microsoft.Authorization/policyAssignments). 12. Select the Actions tab. 13. To use an existing action group, click elect action groups. To create a new action group, click Create action group. Fill out the appropriate details for the selection. 14. Select the Details tab. 15. Select a Resource group, provide an Alert rule name and an optional Alert rule description. 16. Click Review + create. 17. Click Create.", - "references": [ - "https://docs.microsoft.com/en-in/azure/azure-monitor/platform/alerts-activity-log" - ] - }, - "risk_details": "Monitoring for create policy assignment events gives insight into changes done in 'Azure policy - assignments' and can reduce the time it takes to detect unsolicited changes.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There is not an alert for creating/updating Network Security Groups in subscription Azure subscription 1.", - "metadata": { - "event_code": "monitor_alert_create_update_nsg", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "There is not an alert for creating/updating Network Security Groups in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-in/azure/azure-monitor/platform/alerts-activity-log", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "By default, no monitoring alerts are created.", - "compliance": { - "ENS-RD2022": [ - "op.mon.2.r1.az.ma.1" - ], - "CIS-2.0": [ - "5.2.3" - ], - "ProwlerThreatScore-1.0": [ - "3.3.5" - ], - "ISO27001-2022": [ - "A.5.7", - "A.8.16" - ], - "SOC2": [ - "cc_2_1", - "cc_5_2", - "cc_7_3", - "cc_7_4", - "cc_8_1" - ], - "CIS-2.1": [ - "5.2.3" - ], - "CIS-3.0": [ - "6.2.3" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR02", - "CCC.KeyMgmt.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.LB.CN04.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN07.AR02" - ], - "PCI-4.0": [ - "10.2.1.1.8", - "10.4.2.2", - "10.4.3.1", - "10.6.3.8", - "10.7.1.3", - "10.7.2.3", - "11.5.2.2", - "11.6.1.2", - "12.10.5.2", - "A3.3.1.3", - "A3.5.1.3" - ], - "CIS-4.0": [ - "7.1.2.3" - ], - "NIS2": [ - "2.2.3", - "3.2.1", - "3.2.2", - "3.2.3.a", - "3.2.3.f", - "3.2.4", - "3.4.1", - "3.5.4", - "4.3.2.c", - "6.4.1", - "7.2.b", - "11.3.1", - "11.5.2.d" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Create an Activity Log Alert for the Create or Update Network Security Group event.", - "title": "Ensure that Activity Log Alert exists for Create or Update Network Security Group", - "types": [], - "uid": "prowler-azure-monitor_alert_create_update_nsg-3bb71587-4549-4396-8898-9e15f062e665-global-Monitor" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "monitor" - }, - "labels": [], - "name": "Monitor", - "type": "Monitor", - "uid": "Monitor" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. Navigate to the Monitor blade. 2. Select Alerts. 3. Select Create. 4. Select Alert rule. 5. Under Filter by subscription, choose a subscription. 6. Under Filter by resource type, select Network security groups. 7. Under Filter by location, select All. 8. From the results, select the subscription. 9. Select Done. 10. Select the Condition tab. 11. Under Signal name, click Create or Update Network Security Group (Microsoft.Network/networkSecurityGroups). 12. Select the Actions tab. 13. To use an existing action group, click Select action groups. To create a new action group, click Create action group. Fill out the appropriate details for the selection. 14. Select the Details tab. 15. Select a Resource group, provide an Alert rule name and an optional Alert rule description. 16. Click Review + create. 17. Click Create.", - "references": [ - "https://azure.microsoft.com/en-us/updates/classic-alerting-monitoring-retirement" - ] - }, - "risk_details": "Monitoring for Create or Update Network Security Group events gives insight into network access changes and may reduce the time it takes to detect suspicious activity.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There is not an alert for creating/updating Public IP address rule in subscription Azure subscription 1.", - "metadata": { - "event_code": "monitor_alert_create_update_public_ip_address_rule", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "There is not an alert for creating/updating Public IP address rule in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-in/azure/azure-monitor/platform/alerts-activity-log", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "By default, no monitoring alerts are created.", - "compliance": { - "ENS-RD2022": [ - "op.mon.2.r1.az.ma.1" - ], - "MITRE-ATTACK": [ - "T1496" - ], - "CIS-2.0": [ - "5.2.9" - ], - "ProwlerThreatScore-1.0": [ - "3.3.11" - ], - "ISO27001-2022": [ - "A.5.7", - "A.8.1", - "A.8.16" - ], - "SOC2": [ - "cc_2_1", - "cc_5_2", - "cc_7_3", - "cc_7_4", - "cc_8_1" - ], - "CIS-2.1": [ - "5.2.9" - ], - "CIS-3.0": [ - "6.2.9" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR02", - "CCC.KeyMgmt.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.LB.CN04.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN07.AR02" - ], - "CIS-4.0": [ - "7.1.2.9" - ], - "NIS2": [ - "2.2.3", - "3.2.1", - "3.2.2", - "3.2.3.a", - "3.2.3.f", - "3.2.4", - "3.4.1", - "3.5.4", - "4.3.2.c", - "6.4.1", - "7.2.b", - "11.5.2.d" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Create an activity log alert for the Create or Update Public IP Addresses rule.", - "title": "Ensure that Activity Log Alert exists for Create or Update Public IP Address rule", - "types": [], - "uid": "prowler-azure-monitor_alert_create_update_public_ip_address_rule-3bb71587-4549-4396-8898-9e15f062e665-global-Monitor" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "monitor" - }, - "labels": [], - "name": "Monitor", - "type": "Monitor", - "uid": "Monitor" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. Navigate to the Monitor blade. 2. Select Alerts. 3. Select Create. 4. Select Alert rule. 5. Under Filter by subscription, choose a subscription. 6. Under Filter by resource type, select Public IP addresses. 7. Under Filter by location, select All. 8. From the results, select the subscription. 9. Select Done. 10. Select the Condition tab. 11. Under Signal name, click Create or Update Public Ip Address (Microsoft.Network/publicIPAddresses). 12. Select the Actions tab. 13. To use an existing action group, click Select action groups. To create a new action group, click Create action group. Fill out the appropriate details for the selection. 14. Select the Details tab. 15. Select a Resource group, provide an Alert rule name and an optional Alert rule description. 16. Click Review + create. 17. Click Create.", - "references": [ - "https://azure.microsoft.com/en-us/updates/classic-alerting-monitoring-retirement" - ] - }, - "risk_details": "Monitoring for Create or Update Public IP Address events gives insight into network access changes and may reduce the time it takes to detect suspicious activity.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There is not an alert for creating/updating Security Solution in subscription Azure subscription 1.", - "metadata": { - "event_code": "monitor_alert_create_update_security_solution", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "There is not an alert for creating/updating Security Solution in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-in/azure/azure-monitor/platform/alerts-activity-log", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "By default, no monitoring alerts are created.", - "compliance": { - "ENS-RD2022": [ - "op.mon.2.r1.az.ma.1", - "op.mon.3.r6.az.ma.1" - ], - "MITRE-ATTACK": [ - "T1496" - ], - "CIS-2.0": [ - "5.2.5" - ], - "ProwlerThreatScore-1.0": [ - "3.3.7" - ], - "ISO27001-2022": [ - "A.5.7", - "A.5.16", - "A.5.22", - "A.8.16" - ], - "SOC2": [ - "cc_2_1", - "cc_5_2", - "cc_7_3", - "cc_7_4", - "cc_8_1" - ], - "CIS-2.1": [ - "5.2.5" - ], - "CIS-3.0": [ - "6.2.5" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR02", - "CCC.KeyMgmt.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.LB.CN04.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN07.AR02" - ], - "CIS-4.0": [ - "7.1.2.5" - ], - "NIS2": [ - "2.2.3", - "3.2.1", - "3.2.2", - "3.2.3.f", - "3.2.4", - "3.4.1", - "3.5.4", - "4.3.2.c", - "6.4.1", - "7.2.b", - "11.5.2.d" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Create an activity log alert for the Create or Update Security Solution event.", - "title": "Ensure that Activity Log Alert exists for Create or Update Security Solution", - "types": [], - "uid": "prowler-azure-monitor_alert_create_update_security_solution-3bb71587-4549-4396-8898-9e15f062e665-global-Monitor" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "monitor" - }, - "labels": [], - "name": "Monitor", - "type": "Monitor", - "uid": "Monitor" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. Navigate to the Monitor blade. 2. Select Alerts. 3. Select Create. 4. Select Alert rule. 5. Under Filter by subscription, choose a subscription. 6. Under Filter by resource type, select Security Solutions (securitySolutions). 7. Under Filter by location, select All. 8. From the results, select the subscription. 9. Select Done. 10. Select the Condition tab. 11. Under Signal name, click Create or Update Security Solutions (Microsoft.Security/securitySolutions). 12. Select the Actions tab. 13. To use an existing action group, click Select action groups. To create a new action group, click Create action group. Fill out the appropriate details for the selection. 14. Select the Details tab. 15. Select a Resource group, provide an Alert rule name and an optional Alert rule description. 16. Click Review + create. 17. Click Create.", - "references": [ - "https://azure.microsoft.com/en-us/updates/classic-alerting-monitoring-retirement" - ] - }, - "risk_details": "Monitoring for Create or Update Security Solution events gives insight into changes to the active security solutions and may reduce the time it takes to detect suspicious activity.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There is not an alert for creating/updating SQL Server firewall rule in subscription Azure subscription 1.", - "metadata": { - "event_code": "monitor_alert_create_update_sqlserver_fr", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "There is not an alert for creating/updating SQL Server firewall rule in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-in/azure/azure-monitor/platform/alerts-activity-log", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "By default, no monitoring alerts are created.", - "compliance": { - "ENS-RD2022": [ - "op.mon.2.r1.az.ma.1" - ], - "MITRE-ATTACK": [ - "T1496" - ], - "CIS-2.0": [ - "5.2.7" - ], - "ProwlerThreatScore-1.0": [ - "3.3.9" - ], - "ISO27001-2022": [ - "A.5.7", - "A.8.16" - ], - "SOC2": [ - "cc_2_1", - "cc_5_2", - "cc_7_3", - "cc_7_4", - "cc_8_1" - ], - "CIS-2.1": [ - "5.2.7" - ], - "CIS-3.0": [ - "6.2.7" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR02", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN07.AR02" - ], - "PCI-4.0": [ - "10.2.1.1.9", - "10.2.1.1.10", - "10.2.1.1.22", - "10.2.1.2.8", - "10.2.1.2.19", - "10.2.1.3.8", - "10.2.1.3.19", - "10.2.1.4.8", - "10.2.1.4.19", - "10.2.1.5.8", - "10.2.1.5.19", - "10.2.1.6.8", - "10.2.1.6.19", - "10.2.1.7.8", - "10.2.1.7.19", - "10.2.1.8", - "10.2.1.19", - "10.2.2.8", - "10.2.2.19", - "10.3.1.8", - "10.3.1.19", - "10.4.1.1.2", - "10.4.1.2", - "10.4.2.3", - "10.6.3.9", - "10.6.3.10", - "10.6.3.24", - "10.7.1.4", - "10.7.2.4", - "5.3.4.9", - "5.3.4.22", - "A1.2.1.10", - "A1.2.1.23", - "A3.3.1.4", - "A3.5.1.4" - ], - "CIS-4.0": [ - "7.1.2.7" - ], - "NIS2": [ - "2.2.3", - "3.2.1", - "3.2.2", - "3.2.3.a", - "3.2.3.f", - "3.2.4", - "3.4.1", - "3.5.4", - "4.3.2.c", - "6.4.1", - "7.2.b", - "11.3.1", - "11.5.2.d" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Create an activity log alert for the Create or Update SQL Server Firewall Rule event.", - "title": "Ensure that Activity Log Alert exists for Create or Update SQL Server Firewall Rule", - "types": [], - "uid": "prowler-azure-monitor_alert_create_update_sqlserver_fr-3bb71587-4549-4396-8898-9e15f062e665-global-Monitor" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "monitor" - }, - "labels": [], - "name": "Monitor", - "type": "Monitor", - "uid": "Monitor" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. Navigate to the Monitor blade. 2. Select Alerts. 3. Select Create. 4. Select Alert rule. 5. Under Filter by subscription, choose a subscription. 6. Under Filter by resource type, select Server Firewall Rule (servers/firewallRules). 7. Under Filter by location, select All. 8. From the results, select the subscription. 9. Select Done. 10. Select the Condition tab. 11. Under Signal name, click Create/Update server firewall rule (Microsoft.Sql/servers/firewallRules). 12. Select the Actions tab. 13. To use an existing action group, click Select action groups. To create a new action group, click Create action group. Fill out the appropriate details for the selection. 14. Select the Details tab. 15. Select a Resource group, provide an Alert rule name and an optional Alert rule description. 16. Click Review + create. 17. Click Create.", - "references": [ - "https://azure.microsoft.com/en-us/updates/classic-alerting-monitoring-retirement" - ] - }, - "risk_details": "Monitoring for Create or Update SQL Server Firewall Rule events gives insight into network access changes and may reduce the time it takes to detect suspicious activity.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There is not an alert for deleting Network Security Groups in subscription Azure subscription 1.", - "metadata": { - "event_code": "monitor_alert_delete_nsg", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "There is not an alert for deleting Network Security Groups in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-in/azure/azure-monitor/platform/alerts-activity-log", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "By default, no monitoring alerts are created.", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.2" - ], - "MITRE-ATTACK": [ - "T1485", - "T1496" - ], - "CIS-2.0": [ - "5.2.4" - ], - "ProwlerThreatScore-1.0": [ - "3.3.6" - ], - "ISO27001-2022": [ - "A.5.7", - "A.8.16" - ], - "SOC2": [ - "cc_2_1", - "cc_5_2", - "cc_7_3", - "cc_7_4", - "cc_8_1" - ], - "CIS-2.1": [ - "5.2.4" - ], - "CIS-3.0": [ - "6.2.4" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR02", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN07.AR02" - ], - "CIS-4.0": [ - "7.1.2.4" - ], - "NIS2": [ - "2.2.3", - "3.2.1", - "3.2.2", - "3.2.3.a", - "3.2.3.f", - "3.2.4", - "3.4.1", - "3.5.4", - "4.3.2.c", - "6.4.1", - "7.2.b", - "11.3.1", - "11.5.2.d" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Create an activity log alert for the Delete Network Security Group event.", - "title": "Ensure that Activity Log Alert exists for Delete Network Security Group", - "types": [], - "uid": "prowler-azure-monitor_alert_delete_nsg-3bb71587-4549-4396-8898-9e15f062e665-global-Monitor" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "monitor" - }, - "labels": [], - "name": "Monitor", - "type": "Monitor", - "uid": "Monitor" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. Navigate to the Monitor blade. 2. Select Alerts. 3. Select Create. 4. Select Alert rule. 5. Under Filter by subscription, choose a subscription. 6. Under Filter by resource type, select Network security groups. 7. Under Filter by location, select All. 8. From the results, select the subscription. 9. Select Done. 10. Select the Condition tab. 11. Under Signal name, click Delete Network Security Group (Microsoft.Network/networkSecurityGroups). 12. Select the Actions tab. 13. To use an existing action group, click Select action groups. To create a new action group, click Create action group. Fill out the appropriate details for the selection. 14. Select the Details tab. 15. Select a Resource group, provide an Alert rule name and an optional Alert rule description. 16. Click Review + create. 17. Click Create.", - "references": [ - "https://azure.microsoft.com/en-us/updates/classic-alerting-monitoring-retirement" - ] - }, - "risk_details": "Monitoring for 'Delete Network Security Group' events gives insight into network access changes and may reduce the time it takes to detect suspicious activity.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There is not an alert for deleting policy assignment in subscription Azure subscription 1.", - "metadata": { - "event_code": "monitor_alert_delete_policy_assignment", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "There is not an alert for deleting policy assignment in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-in/rest/api/monitor/activitylogalerts/createorupdate", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "By default, no monitoring alerts are created.", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.2" - ], - "MITRE-ATTACK": [ - "T1485", - "T1496" - ], - "CIS-2.0": [ - "5.2.2" - ], - "ProwlerThreatScore-1.0": [ - "3.3.4" - ], - "ISO27001-2022": [ - "A.5.7", - "A.8.16" - ], - "SOC2": [ - "cc_2_1", - "cc_5_2", - "cc_7_3", - "cc_7_4", - "cc_8_1" - ], - "CIS-2.1": [ - "5.2.2" - ], - "CIS-3.0": [ - "6.2.2" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR02", - "CCC.Logging.CN07.AR01" - ], - "CIS-4.0": [ - "7.1.2.2" - ], - "NIS2": [ - "2.2.3", - "3.2.1", - "3.2.2", - "3.2.3.b", - "3.2.3.f", - "3.2.4", - "3.4.1", - "3.5.4", - "4.3.2.c", - "6.4.1", - "7.2.b", - "11.3.1", - "11.5.2.d" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Create an activity log alert for the Delete Policy Assignment event.", - "title": "Ensure that Activity Log Alert exists for Delete Policy Assignment", - "types": [], - "uid": "prowler-azure-monitor_alert_delete_policy_assignment-3bb71587-4549-4396-8898-9e15f062e665-global-Monitor" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "monitor" - }, - "labels": [], - "name": "Monitor", - "type": "Monitor", - "uid": "Monitor" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. Navigate to the Monitor blade. 2. Select Alerts. 3. Select Create. 4. Select Alert rule. 5. Under Filter by subscription, choose a subscription. 6. Under Filter by resource type, select Policy assignment (policyAssignments). 7. Under Filter by location, select All. 8. From the results, select the subscription. 9. Select Done. 10. Select the Condition tab. 11. Under Signal name, click Delete policy assignment (Microsoft.Authorization/policyAssignments). 12. Select the Actions tab. 13. To use an existing action group, click Select action groups. To create a new action group, click Create action group. Fill out the appropriate details for the selection. 14. Select the Details tab. 15. Select a Resource group, provide an Alert rule name and an optional Alert rule description. 16. Click Review + create. 17. Click Create.", - "references": [ - "https://docs.microsoft.com/en-in/azure/azure-monitor/platform/alerts-activity-log" - ] - }, - "risk_details": "Monitoring for delete policy assignment events gives insight into changes done in 'azure policy - assignments' and can reduce the time it takes to detect unsolicited changes.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There is not an alert for deleting public IP address rule in subscription Azure subscription 1.", - "metadata": { - "event_code": "monitor_alert_delete_public_ip_address_rule", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "There is not an alert for deleting public IP address rule in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-in/azure/azure-monitor/platform/alerts-activity-log", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "By default, no monitoring alerts are created.", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.2" - ], - "MITRE-ATTACK": [ - "T1485", - "T1496" - ], - "CIS-2.0": [ - "5.2.10" - ], - "ProwlerThreatScore-1.0": [ - "3.3.12" - ], - "ISO27001-2022": [ - "A.5.7", - "A.8.1", - "A.8.16" - ], - "SOC2": [ - "cc_2_1", - "cc_5_2", - "cc_7_3", - "cc_7_4", - "cc_8_1" - ], - "CIS-2.1": [ - "5.2.10" - ], - "CIS-3.0": [ - "6.2.10" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR02", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN07.AR02" - ], - "CIS-4.0": [ - "7.1.2.10" - ], - "NIS2": [ - "2.2.3", - "3.2.1", - "3.2.2", - "3.2.3.a", - "3.2.3.f", - "3.2.4", - "3.4.1", - "3.5.4", - "4.3.2.c", - "6.4.1", - "7.2.b", - "11.5.2.d" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Create an activity log alert for the Delete Public IP Address rule.", - "title": "Ensure that Activity Log Alert exists for Delete Public IP Address rule", - "types": [], - "uid": "prowler-azure-monitor_alert_delete_public_ip_address_rule-3bb71587-4549-4396-8898-9e15f062e665-global-Monitor" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "monitor" - }, - "labels": [], - "name": "Monitor", - "type": "Monitor", - "uid": "Monitor" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. Navigate to the Monitor blade. 2. Select Alerts. 3. Select Create. 4. Select Alert rule. 5. Under Filter by subscription, choose a subscription. 6. Under Filter by resource type, select Public IP addresses. 7. Under Filter by location, select All. 8. From the results, select the subscription. 9. Select Done. 10. Select the Condition tab. 11. Under Signal name, click Delete Public Ip Address (Microsoft.Network/publicIPAddresses). 12. Select the Actions tab. 13. To use an existing action group, click Select action groups. To create a new action group, click Create action group. Fill out the appropriate details for the selection. 14. Select the Details tab. 15. Select a Resource group, provide an Alert rule name and an optional Alert rule description. 16. Click Review + create. 17. Click Create.", - "references": [ - "https://azure.microsoft.com/en-us/updates/classic-alerting-monitoring-retirement" - ] - }, - "risk_details": "Monitoring for Delete Public IP Address events gives insight into network access changes and may reduce the time it takes to detect suspicious activity.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There is not an alert for deleting Security Solution in subscription Azure subscription 1.", - "metadata": { - "event_code": "monitor_alert_delete_security_solution", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "There is not an alert for deleting Security Solution in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-in/azure/azure-monitor/platform/alerts-activity-log", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "By default, no monitoring alerts are created.", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.2" - ], - "MITRE-ATTACK": [ - "T1485", - "T1496" - ], - "CIS-2.0": [ - "5.2.6" - ], - "ProwlerThreatScore-1.0": [ - "3.3.8" - ], - "ISO27001-2022": [ - "A.5.7", - "A.5.16", - "A.5.22", - "A.8.16" - ], - "SOC2": [ - "cc_2_1", - "cc_5_2", - "cc_7_3", - "cc_7_4", - "cc_8_1" - ], - "CIS-2.1": [ - "5.2.6" - ], - "CIS-3.0": [ - "6.2.6" - ], - "CCC": [ - "CCC.AuditLog.CN03.AR02", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN07.AR02" - ], - "CIS-4.0": [ - "7.1.2.6" - ], - "NIS2": [ - "2.2.3", - "3.2.1", - "3.2.2", - "3.2.3.f", - "3.2.4", - "3.4.1", - "3.5.4", - "4.3.2.c", - "6.4.1", - "7.2.b", - "11.5.2.d" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Create an activity log alert for the Delete Security Solution event.", - "title": "Ensure that Activity Log Alert exists for Delete Security Solution", - "types": [], - "uid": "prowler-azure-monitor_alert_delete_security_solution-3bb71587-4549-4396-8898-9e15f062e665-global-Monitor" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "monitor" - }, - "labels": [], - "name": "Monitor", - "type": "Monitor", - "uid": "Monitor" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. Navigate to the Monitor blade. 2. Select Alerts. 3. Select Create. 4. Select Alert rule. 5. Under Filter by subscription, choose a subscription. 6. Under Filter by resource type, select Security Solutions (securitySolutions). 7. Under Filter by location, select All. 8. From the results, select the subscription. 9. Select Done. 10. Select the Condition tab. 11. Under Signal name, click Delete Security Solutions (Microsoft.Security/securitySolutions). 12. Select the Actions tab. 13. To use an existing action group, click Select action groups. To create a new action group, click Create action group. Fill out the appropriate details for the selection. 14. Select the Details tab. 15. Select a Resource group, provide an Alert rule name and an optional Alert rule description. 16. Click Review + create. 17. Click Create.curitySolutions). 7. Under Filter by location, select All. 8. From the results, select the subscription. 9. Select Done. 10. Select the Condition tab. 11. Under Signal name, click Create or Update Security Solutions (Microsoft.Security/securitySolutions). 12. Select the Actions tab. 13. To use an existing action group, click Select action groups. To create a new action group, click Create action group. Fill out the appropriate details for the selection. 14. Select the Details tab. 15. Select a Resource group, provide an Alert rule name and an optional Alert rule description. 16. Click Review + create. 17. Click Create.", - "references": [ - "https://azure.microsoft.com/en-us/updates/classic-alerting-monitoring-retirement" - ] - }, - "risk_details": "Monitoring for Delete Security Solution events gives insight into changes to the active security solutions and may reduce the time it takes to detect suspicious activity.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There is not an alert for deleting SQL Server firewall rule in subscription Azure subscription 1.", - "metadata": { - "event_code": "monitor_alert_delete_sqlserver_fr", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "There is not an alert for deleting SQL Server firewall rule in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-in/azure/azure-monitor/platform/alerts-activity-log", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "By default, no monitoring alerts are created.", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.2" - ], - "MITRE-ATTACK": [ - "T1485", - "T1496" - ], - "CIS-2.0": [ - "5.2.8" - ], - "ProwlerThreatScore-1.0": [ - "3.3.10" - ], - "ISO27001-2022": [ - "A.5.7", - "A.8.16" - ], - "SOC2": [ - "cc_2_1", - "cc_5_2", - "cc_7_3", - "cc_7_4", - "cc_8_1" - ], - "CIS-2.1": [ - "5.2.8" - ], - "CIS-3.0": [ - "6.2.8" - ], - "CCC": [ - "CCC.Logging.CN07.AR01" - ], - "CIS-4.0": [ - "7.1.2.8" - ], - "NIS2": [ - "2.2.3", - "3.2.1", - "3.2.2", - "3.2.3.f", - "3.2.4", - "3.4.1", - "3.5.4", - "4.3.2.c", - "6.4.1", - "7.2.b", - "11.3.1", - "11.5.2.d" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Create an activity log alert for the 'Delete SQL Server Firewall Rule.'", - "title": "Ensure that Activity Log Alert exists for Delete SQL Server Firewall Rule", - "types": [], - "uid": "prowler-azure-monitor_alert_delete_sqlserver_fr-3bb71587-4549-4396-8898-9e15f062e665-global-Monitor" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "monitor" - }, - "labels": [], - "name": "Monitor", - "type": "Monitor", - "uid": "Monitor" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. Navigate to the Monitor blade. 2. Select Alerts. 3. Select Create. 4. Select Alert rule. 5. Under Filter by subscription, choose a subscription. 6. Under Filter by resource type, select Server Firewall Rule (servers/firewallRules). 7. Under Filter by location, select All. 8. From the results, select the subscription. 9. Select Done. 10. Select the Condition tab. 11. Under Signal name, click Delete server firewall rule (Microsoft.Sql/servers/firewallRules). 12. Select the Actions tab. 13. To use an existing action group, click Select action groups. To create a new action group, click Create action group. Fill out the appropriate details for the selection. 14. Select the Details tab. 15. Select a Resource group, provide an Alert rule name and an optional Alert rule description. 16. Click Review + create. 17. Click Create.", - "references": [ - "https://azure.microsoft.com/en-us/updates/classic-alerting-monitoring-retirement" - ] - }, - "risk_details": "Monitoring for Delete SQL Server Firewall Rule events gives insight into SQL network access changes and may reduce the time it takes to detect suspicious activity.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There is no activity log alert for Service Health in subscription Azure subscription 1.", - "metadata": { - "event_code": "monitor_alert_service_health_exists", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "There is no activity log alert for Service Health in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/service-health/overview", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "By default, in your Azure subscription there will not be any activity log alerts configured for Service Health events.", - "compliance": { - "CCC": [ - "CCC.AuditLog.CN03.AR02", - "CCC.KeyMgmt.CN01.AR01", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN07.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN04.AR01", - "CCC.Core.CN07.AR02" - ], - "CIS-4.0": [ - "7.1.2.11" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Ensure that an Azure activity log alert is configured to trigger when Service Health events occur within your Microsoft Azure cloud account. The alert should activate when new events match the specified conditions in the alert rule configuration.", - "title": "Ensure that an Activity Log Alert exists for Service Health", - "types": [], - "uid": "prowler-azure-monitor_alert_service_health_exists-3bb71587-4549-4396-8898-9e15f062e665-global-Monitor" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "monitor" - }, - "labels": [], - "name": "Monitor", - "type": "Monitor", - "uid": "Monitor" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "Create an activity log alert for Service Health events and configure an action group to notify appropriate personnel.", - "references": [ - "https://learn.microsoft.com/en-us/azure/service-health/alerts-activity-log-service-notifications-portal" - ] - }, - "risk_details": "Lack of monitoring for Service Health events may result in missing critical service issues, planned maintenance, security advisories, or other changes that could impact Azure services and regions in use.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "There are no diagnostic settings capturing appropiate categories in subscription Azure subscription 1.", - "metadata": { - "event_code": "monitor_diagnostic_setting_with_appropriate_categories", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "There are no diagnostic settings capturing appropiate categories in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/azure-monitor/essentials/diagnostic-settings", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "When the diagnostic setting is created using Azure Portal, by default no categories are selected.", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.az.md.1", - "op.mon.2.az.md.1" - ], - "CIS-2.0": [ - "5.1.2" - ], - "ProwlerThreatScore-1.0": [ - "3.3.2" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.22" - ], - "SOC2": [ - "cc_8_1" - ], - "CIS-2.1": [ - "5.1.2" - ], - "CIS-3.0": [ - "6.1.2" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR02", - "CCC.AuditLog.CN04.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.LB.CN01.AR02", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.ObjStor.CN06.AR01", - "CCC.Core.CN09.AR02", - "CCC.Core.CN09.AR03", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR02", - "CCC.Core.CN04.AR03", - "CCC.Core.CN07.AR02" - ], - "PCI-4.0": [ - "10.2.1.1.7", - "10.2.1.1.15", - "10.2.1.2.7", - "10.2.1.3.7", - "10.2.1.4.7", - "10.2.1.5.7", - "10.2.1.6.7", - "10.2.1.7.7", - "10.2.1.7", - "10.2.2.7", - "10.3.1.7", - "10.3.2.2", - "10.3.3.4", - "10.3.4.3", - "10.4.1.1.3", - "10.4.1.1.4", - "10.4.1.3", - "10.4.2.4", - "10.5.1.3", - "10.6.3.7", - "10.6.3.15", - "10.7.1.5", - "10.7.2.5", - "11.5.2.4", - "11.6.1.4", - "12.10.5.4", - "5.3.4.7", - "5.3.4.8", - "A1.2.1.7", - "A1.2.1.8", - "A3.3.1.6", - "A3.3.1.7", - "A3.5.1.6", - "A3.5.1.7" - ], - "CIS-4.0": [ - "7.1.1.2" - ], - "NIS2": [ - "2.2.3", - "3.2.1", - "3.2.2", - "3.2.3.c", - "3.2.3.f", - "3.4.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Prerequisite: A Diagnostic Setting must exist. If a Diagnostic Setting does not exist, the navigation and options within this recommendation will not be available. Please review the recommendation at the beginning of this subsection titled: 'Ensure that a 'Diagnostic Setting' exists.' The diagnostic setting should be configured to log the appropriate activities from the control/management plane.", - "title": "Ensure Diagnostic Setting captures appropriate categories", - "types": [], - "uid": "prowler-azure-monitor_diagnostic_setting_with_appropriate_categories-3bb71587-4549-4396-8898-9e15f062e665-global-Monitor" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "monitor" - }, - "labels": [], - "name": "Monitor", - "type": "Monitor", - "uid": "Monitor" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. Go to Azure Monitor 2. Click Activity log 3. Click on Export Activity Logs 4. Select the Subscription from the drop down menu 5. Click on Add diagnostic setting 6. Enter a name for your new Diagnostic Setting 7. Check the following categories: Administrative, Alert, Policy, and Security 8. Choose the destination details according to your organization's needs.", - "references": [ - "https://learn.microsoft.com/en-us/azure/storage/common/manage-storage-analytics-logs?toc=%2Fazure%2Fstorage%2Fblobs%2Ftoc.json&bc=%2Fazure%2Fstorage%2Fblobs%2Fbreadcrumb%2Ftoc.json&tabs=azure-portal" - ] - }, - "risk_details": "A diagnostic setting controls how the diagnostic log is exported. Capturing the diagnostic setting categories for appropriate control/management plane activities allows proper alerting.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "No diagnostic settings found in subscription Azure subscription 1.", - "metadata": { - "event_code": "monitor_diagnostic_settings_exists", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "No diagnostic settings found in subscription Azure subscription 1.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/cli/azure/monitor/diagnostic-settings?view=azure-cli-latest", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "By default, diagnostic setting is not set.", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.r5.az.ds.1", - "op.mon.2.r2.az.ma.1" - ], - "CIS-2.0": [ - "5.1.1" - ], - "ProwlerThreatScore-1.0": [ - "3.2.3" - ], - "ISO27001-2022": [ - "A.5.16", - "A.5.22" - ], - "SOC2": [ - "cc_8_1" - ], - "CIS-2.1": [ - "5.1.1" - ], - "CIS-3.0": [ - "6.1.1" - ], - "CCC": [ - "CCC.AuditLog.CN02.AR01", - "CCC.AuditLog.CN03.AR01", - "CCC.AuditLog.CN03.AR02", - "CCC.AuditLog.CN04.AR01", - "CCC.AuditLog.CN05.AR01", - "CCC.AuditLog.CN06.AR01", - "CCC.AuditLog.CN08.AR01", - "CCC.AuditLog.CN09.AR01", - "CCC.KeyMgmt.CN01.AR01", - "CCC.LB.CN01.AR02", - "CCC.LB.CN06.AR01", - "CCC.LB.CN04.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.AuditLog.CN04.AR01", - "CCC.Logging.CN05.AR01", - "CCC.Logging.CN05.AR02", - "CCC.Logging.CN07.AR01", - "CCC.ObjStor.CN06.AR01", - "CCC.Monitor.CN01.AR01", - "CCC.Core.CN09.AR01", - "CCC.Core.CN09.AR02", - "CCC.Core.CN09.AR03", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR02", - "CCC.Core.CN04.AR03", - "CCC.Core.CN07.AR02" - ], - "CIS-4.0": [ - "7.1.1.1" - ], - "NIS2": [ - "2.2.3", - "3.2.1", - "3.2.2", - "3.2.3.b", - "3.2.3.c", - "3.2.3.f", - "3.2.3.h", - "3.4.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Enable Diagnostic settings for exporting activity logs. Diagnostic settings are available for each individual resource within a subscription. Settings should be configured for all appropriate resources for your environment.", - "title": "Ensure that a 'Diagnostic Setting' exists for Subscription Activity Logs ", - "types": [], - "uid": "prowler-azure-monitor_diagnostic_settings_exists-3bb71587-4549-4396-8898-9e15f062e665-global-Diagnostic Settings" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "monitor" - }, - "labels": [], - "name": "Diagnostic Settings", - "type": "Monitor", - "uid": "diagnostic_settings" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "To enable Diagnostic Settings on a Subscription: 1. Go to Monitor 2. Click on Activity Log 3. Click on Export Activity Logs 4. Click + Add diagnostic setting 5. Enter a Diagnostic setting name 6. Select Categories for the diagnostic settings 7. Select the appropriate Destination details (this may be Log Analytics, Storage Account, Event Hub, or Partner solution) 8. Click Save To enable Diagnostic Settings on a specific resource: 1. Go to Monitor 2. Click Diagnostic settings 3. Click on the resource that has a diagnostics status of disabled 4. Select Add Diagnostic Setting 5. Enter a Diagnostic setting name 6. Select the appropriate log, metric, and destination. (this may be Log Analytics, Storage Account, Event Hub, or Partner solution) 7. Click save Repeat these step for all resources as needed.", - "references": [ - "https://docs.microsoft.com/en-us/azure/monitoring-and-diagnostics/monitoring-overview-activity-logs#export-the-activity-log-with-a-log-profile" - ] - }, - "risk_details": "A diagnostic setting controls how a diagnostic log is exported. By default, logs are retained only for 90 days. Diagnostic settings should be defined so that logs can be exported and stored for a longer duration in order to analyze security activities within an Azure subscription.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Bastion Host from subscription Azure subscription 1 does not exist", - "metadata": { - "event_code": "network_bastion_host_exists", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Bastion Host from subscription Azure subscription 1 does not exist", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/bastion/bastion-overview#sku", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "The Azure Bastion service incurs additional costs and requires a specific virtual network configuration. The Standard tier offers additional configuration options compared to the Basic tier and may incur additional costs for those added features.", - "compliance": { - "ENS-RD2022": [ - "mp.com.4.r4.az.nt.1" - ], - "CIS-2.0": [ - "7.1" - ], - "ProwlerThreatScore-1.0": [ - "2.1.5" - ], - "ISO27001-2022": [ - "A.8.14", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "CIS-2.1": [ - "7.1" - ], - "CIS-3.0": [ - "8.1" - ], - "CIS-4.0": [ - "9.4.1" - ], - "NIS2": [ - "2.3.1", - "6.7.2.b", - "6.7.2.l", - "11.1.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "The Azure Bastion service allows secure remote access to Azure Virtual Machines over the Internet without exposing remote access protocol ports and services directly to the Internet. The Azure Bastion service provides this access using TLS over 443/TCP, and subscribes to hardened configurations within an organization's Azure Active Directory service.", - "title": "Ensure an Azure Bastion Host Exists", - "types": [], - "uid": "prowler-azure-network_bastion_host_exists-3bb71587-4549-4396-8898-9e15f062e665-global-Bastion Host" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "network" - }, - "labels": [], - "name": "Bastion Host", - "type": "Network", - "uid": "Bastion Host" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "From Azure Portal* 1. Click on Bastions 2. Select the Subscription 3. Select the Resource group 4. Type a Name for the new Bastion host 5. Select a Region 6. Choose Standard next to Tier 7. Use the slider to set the Instance count 8. Select the Virtual network or Create new 9. Select the Subnet named AzureBastionSubnet. Create a Subnet named AzureBastionSubnet using a /26 CIDR range if it doesn't already exist. 10. Selct the appropriate Public IP address option. 11. If Create new is selected for the Public IP address option, provide a Public IP address name. 12. If Use existing is selected for Public IP address option, select an IP address from Choose public IP address 13. Click Next: Tags > 14. Configure the appropriate Tags 15. Click Next: Advanced > 16. Select the appropriate Advanced options 17. Click Next: Review + create > 18. Click Create From Azure CLI az network bastion create --location --name --public-ip-address --resource-group --vnet-name --scale-units --sku Standard [--disable-copy- paste true|false] [--enable-ip-connect true|false] [--enable-tunneling true|false] From PowerShell Create the appropriate Virtual network settings and Public IP Address settings. $subnetName = 'AzureBastionSubnet' $subnet = New-AzVirtualNetworkSubnetConfig -Name $subnetName -AddressPrefix $virtualNet = New-AzVirtualNetwork -Name - ResourceGroupName -Location -AddressPrefix -Subnet $subnet $publicip = New-AzPublicIpAddress -ResourceGroupName - Name -Location -AllocationMethod Dynamic -Sku Standard", - "references": [ - "https://learn.microsoft.com/en-us/powershell/module/az.network/get-azbastion?view=azps-9.2.0" - ] - }, - "risk_details": "The Azure Bastion service allows organizations a more secure means of accessing Azure Virtual Machines over the Internet without assigning public IP addresses to those Virtual Machines. The Azure Bastion service provides Remote Desktop Protocol (RDP) and Secure Shell (SSH) access to Virtual Machines using TLS within a web browser, thus preventing organizations from opening up 3389/TCP and 22/TCP to the Internet on Azure Virtual Machines. Additional benefits of the Bastion service includes Multi-Factor Authentication, Conditional Access Policies, and any other hardening measures configured within Azure Active Directory using a central point of access.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Network Watcher NetworkWatcher_southcentralus from subscription Azure subscription 1 has no flow logs", - "metadata": { - "event_code": "network_flow_log_captured_sent", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Network Watcher NetworkWatcher_southcentralus from subscription Azure subscription 1 has no flow logs", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/security/benchmark/azure/mcsb-logging-threat-detection#lt-4-enable-network-logging-for-security-investigation", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "The impact of configuring NSG Flow logs is primarily one of cost and configuration. If deployed, it will create storage accounts that hold minimal amounts of data on a 5-day lifecycle before feeding to Log Analytics Workspace. This will increase the amount of data stored and used by Azure Monitor.", - "compliance": { - "ENS-RD2022": [ - "op.mon.1.r1.az.nf.1", - "op.mon.3.az.nw.1", - "mp.s.4.r1.az.nt.1" - ], - "MITRE-ATTACK": [ - "T1048", - "T1499" - ], - "CIS-2.0": [ - "5.1.6" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "ISO27001-2022": [ - "A.8.14", - "A.8.15", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "5.1.5" - ], - "CIS-3.0": [ - "6.1.5" - ], - "CCC": [ - "CCC.LB.CN01.AR02", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR01", - "CCC.Core.CN09.AR03", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR02", - "CCC.Core.CN04.AR03" - ], - "CIS-4.0": [ - "7.1.1.5" - ], - "NIS2": [ - "2.1.2.h", - "2.3.1", - "3.2.3.a", - "3.2.3.d", - "3.2.3.g", - "6.7.2.b", - "6.7.2.l", - "11.1.1", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Ensure that network flow logs are captured and fed into a central log analytics workspace.", - "title": "Ensure that network flow logs are captured and fed into a central log analytics workspace.", - "types": [], - "uid": "prowler-azure-network_flow_log_captured_sent-3bb71587-4549-4396-8898-9e15f062e665-southcentralus-NetworkWatcher_southcentralus" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "southcentralus", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_southcentralus", - "name": "NetworkWatcher_southcentralus", - "location": "southcentralus", - "flow_logs": [] - } - }, - "group": { - "name": "network" - }, - "labels": [], - "name": "NetworkWatcher_southcentralus", - "type": "Network", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_southcentralus" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "southcentralus" - }, - "remediation": { - "desc": "1. Navigate to Network Watcher. 2. Select NSG flow logs. 3. Select + Create. 4. Select the desired Subscription. 5. Select + Select NSG. 6. Select a network security group. 7. Click Confirm selection. 8. Select or create a new Storage Account. 9. Input the retention in days to retain the log. 10. Click Next. 11. Under Configuration, select Version 2. 12. If rich analytics are required, select Enable Traffic Analytics, a processing interval, and a Log Analytics Workspace. 13. Select Next. 14. Optionally add Tags. 15. Select Review + create. 16. Select Create. Warning The remediation policy creates remediation deployment and names them by concatenating the subscription name and the resource group name. The MAXIMUM permitted length of a deployment name is 64 characters. Exceeding this will cause the remediation task to fail.", - "references": [ - "https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-nsg-flow-logging-portal" - ] - }, - "risk_details": "Network Flow Logs provide valuable insight into the flow of traffic around your network and feed into both Azure Monitor and Azure Sentinel (if in use), permitting the generation of visual flow diagrams to aid with analyzing for lateral movement, etc.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Network Watcher NetworkWatcher_centralindia from subscription Azure subscription 1 has no flow logs", - "metadata": { - "event_code": "network_flow_log_captured_sent", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Network Watcher NetworkWatcher_centralindia from subscription Azure subscription 1 has no flow logs", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/security/benchmark/azure/mcsb-logging-threat-detection#lt-4-enable-network-logging-for-security-investigation", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "The impact of configuring NSG Flow logs is primarily one of cost and configuration. If deployed, it will create storage accounts that hold minimal amounts of data on a 5-day lifecycle before feeding to Log Analytics Workspace. This will increase the amount of data stored and used by Azure Monitor.", - "compliance": { - "ENS-RD2022": [ - "op.mon.1.r1.az.nf.1", - "op.mon.3.az.nw.1", - "mp.s.4.r1.az.nt.1" - ], - "MITRE-ATTACK": [ - "T1048", - "T1499" - ], - "CIS-2.0": [ - "5.1.6" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "ISO27001-2022": [ - "A.8.14", - "A.8.15", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "5.1.5" - ], - "CIS-3.0": [ - "6.1.5" - ], - "CCC": [ - "CCC.LB.CN01.AR02", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR01", - "CCC.Core.CN09.AR03", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR02", - "CCC.Core.CN04.AR03" - ], - "CIS-4.0": [ - "7.1.1.5" - ], - "NIS2": [ - "2.1.2.h", - "2.3.1", - "3.2.3.a", - "3.2.3.d", - "3.2.3.g", - "6.7.2.b", - "6.7.2.l", - "11.1.1", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Ensure that network flow logs are captured and fed into a central log analytics workspace.", - "title": "Ensure that network flow logs are captured and fed into a central log analytics workspace.", - "types": [], - "uid": "prowler-azure-network_flow_log_captured_sent-3bb71587-4549-4396-8898-9e15f062e665-centralindia-NetworkWatcher_centralindia" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "centralindia", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_centralindia", - "name": "NetworkWatcher_centralindia", - "location": "centralindia", - "flow_logs": [] - } - }, - "group": { - "name": "network" - }, - "labels": [], - "name": "NetworkWatcher_centralindia", - "type": "Network", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_centralindia" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "centralindia" - }, - "remediation": { - "desc": "1. Navigate to Network Watcher. 2. Select NSG flow logs. 3. Select + Create. 4. Select the desired Subscription. 5. Select + Select NSG. 6. Select a network security group. 7. Click Confirm selection. 8. Select or create a new Storage Account. 9. Input the retention in days to retain the log. 10. Click Next. 11. Under Configuration, select Version 2. 12. If rich analytics are required, select Enable Traffic Analytics, a processing interval, and a Log Analytics Workspace. 13. Select Next. 14. Optionally add Tags. 15. Select Review + create. 16. Select Create. Warning The remediation policy creates remediation deployment and names them by concatenating the subscription name and the resource group name. The MAXIMUM permitted length of a deployment name is 64 characters. Exceeding this will cause the remediation task to fail.", - "references": [ - "https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-nsg-flow-logging-portal" - ] - }, - "risk_details": "Network Flow Logs provide valuable insight into the flow of traffic around your network and feed into both Azure Monitor and Azure Sentinel (if in use), permitting the generation of visual flow diagrams to aid with analyzing for lateral movement, etc.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Network Watcher NetworkWatcher_westus2 from subscription Azure subscription 1 has no flow logs", - "metadata": { - "event_code": "network_flow_log_captured_sent", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Network Watcher NetworkWatcher_westus2 from subscription Azure subscription 1 has no flow logs", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/security/benchmark/azure/mcsb-logging-threat-detection#lt-4-enable-network-logging-for-security-investigation", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "The impact of configuring NSG Flow logs is primarily one of cost and configuration. If deployed, it will create storage accounts that hold minimal amounts of data on a 5-day lifecycle before feeding to Log Analytics Workspace. This will increase the amount of data stored and used by Azure Monitor.", - "compliance": { - "ENS-RD2022": [ - "op.mon.1.r1.az.nf.1", - "op.mon.3.az.nw.1", - "mp.s.4.r1.az.nt.1" - ], - "MITRE-ATTACK": [ - "T1048", - "T1499" - ], - "CIS-2.0": [ - "5.1.6" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "ISO27001-2022": [ - "A.8.14", - "A.8.15", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "5.1.5" - ], - "CIS-3.0": [ - "6.1.5" - ], - "CCC": [ - "CCC.LB.CN01.AR02", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR01", - "CCC.Core.CN09.AR03", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR02", - "CCC.Core.CN04.AR03" - ], - "CIS-4.0": [ - "7.1.1.5" - ], - "NIS2": [ - "2.1.2.h", - "2.3.1", - "3.2.3.a", - "3.2.3.d", - "3.2.3.g", - "6.7.2.b", - "6.7.2.l", - "11.1.1", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Ensure that network flow logs are captured and fed into a central log analytics workspace.", - "title": "Ensure that network flow logs are captured and fed into a central log analytics workspace.", - "types": [], - "uid": "prowler-azure-network_flow_log_captured_sent-3bb71587-4549-4396-8898-9e15f062e665-westus2-NetworkWatcher_westus2" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "westus2", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_westus2", - "name": "NetworkWatcher_westus2", - "location": "westus2", - "flow_logs": [] - } - }, - "group": { - "name": "network" - }, - "labels": [], - "name": "NetworkWatcher_westus2", - "type": "Network", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_westus2" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "westus2" - }, - "remediation": { - "desc": "1. Navigate to Network Watcher. 2. Select NSG flow logs. 3. Select + Create. 4. Select the desired Subscription. 5. Select + Select NSG. 6. Select a network security group. 7. Click Confirm selection. 8. Select or create a new Storage Account. 9. Input the retention in days to retain the log. 10. Click Next. 11. Under Configuration, select Version 2. 12. If rich analytics are required, select Enable Traffic Analytics, a processing interval, and a Log Analytics Workspace. 13. Select Next. 14. Optionally add Tags. 15. Select Review + create. 16. Select Create. Warning The remediation policy creates remediation deployment and names them by concatenating the subscription name and the resource group name. The MAXIMUM permitted length of a deployment name is 64 characters. Exceeding this will cause the remediation task to fail.", - "references": [ - "https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-nsg-flow-logging-portal" - ] - }, - "risk_details": "Network Flow Logs provide valuable insight into the flow of traffic around your network and feed into both Azure Monitor and Azure Sentinel (if in use), permitting the generation of visual flow diagrams to aid with analyzing for lateral movement, etc.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Network Watcher NetworkWatcher_swedencentral from subscription Azure subscription 1 has no flow logs", - "metadata": { - "event_code": "network_flow_log_captured_sent", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Network Watcher NetworkWatcher_swedencentral from subscription Azure subscription 1 has no flow logs", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/security/benchmark/azure/mcsb-logging-threat-detection#lt-4-enable-network-logging-for-security-investigation", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "The impact of configuring NSG Flow logs is primarily one of cost and configuration. If deployed, it will create storage accounts that hold minimal amounts of data on a 5-day lifecycle before feeding to Log Analytics Workspace. This will increase the amount of data stored and used by Azure Monitor.", - "compliance": { - "ENS-RD2022": [ - "op.mon.1.r1.az.nf.1", - "op.mon.3.az.nw.1", - "mp.s.4.r1.az.nt.1" - ], - "MITRE-ATTACK": [ - "T1048", - "T1499" - ], - "CIS-2.0": [ - "5.1.6" - ], - "ProwlerThreatScore-1.0": [ - "3.1.8" - ], - "ISO27001-2022": [ - "A.8.14", - "A.8.15", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "5.1.5" - ], - "CIS-3.0": [ - "6.1.5" - ], - "CCC": [ - "CCC.LB.CN01.AR02", - "CCC.LB.CN06.AR01", - "CCC.Logging.CN01.AR01", - "CCC.Logging.CN01.AR02", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN09.AR01", - "CCC.Core.CN09.AR03", - "CCC.Core.CN04.AR01", - "CCC.Core.CN04.AR02", - "CCC.Core.CN04.AR03" - ], - "CIS-4.0": [ - "7.1.1.5" - ], - "NIS2": [ - "2.1.2.h", - "2.3.1", - "3.2.3.a", - "3.2.3.d", - "3.2.3.g", - "6.7.2.b", - "6.7.2.l", - "11.1.1", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Ensure that network flow logs are captured and fed into a central log analytics workspace.", - "title": "Ensure that network flow logs are captured and fed into a central log analytics workspace.", - "types": [], - "uid": "prowler-azure-network_flow_log_captured_sent-3bb71587-4549-4396-8898-9e15f062e665-swedencentral-NetworkWatcher_swedencentral" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "swedencentral", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_swedencentral", - "name": "NetworkWatcher_swedencentral", - "location": "swedencentral", - "flow_logs": [] - } - }, - "group": { - "name": "network" - }, - "labels": [], - "name": "NetworkWatcher_swedencentral", - "type": "Network", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_swedencentral" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "swedencentral" - }, - "remediation": { - "desc": "1. Navigate to Network Watcher. 2. Select NSG flow logs. 3. Select + Create. 4. Select the desired Subscription. 5. Select + Select NSG. 6. Select a network security group. 7. Click Confirm selection. 8. Select or create a new Storage Account. 9. Input the retention in days to retain the log. 10. Click Next. 11. Under Configuration, select Version 2. 12. If rich analytics are required, select Enable Traffic Analytics, a processing interval, and a Log Analytics Workspace. 13. Select Next. 14. Optionally add Tags. 15. Select Review + create. 16. Select Create. Warning The remediation policy creates remediation deployment and names them by concatenating the subscription name and the resource group name. The MAXIMUM permitted length of a deployment name is 64 characters. Exceeding this will cause the remediation task to fail.", - "references": [ - "https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-nsg-flow-logging-portal" - ] - }, - "risk_details": "Network Flow Logs provide valuable insight into the flow of traffic around your network and feed into both Azure Monitor and Azure Sentinel (if in use), permitting the generation of visual flow diagrams to aid with analyzing for lateral movement, etc.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Network Watcher NetworkWatcher_southcentralus from subscription Azure subscription 1 has no flow logs", - "metadata": { - "event_code": "network_flow_log_more_than_90_days", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Network Watcher NetworkWatcher_southcentralus from subscription Azure subscription 1 has no flow logs", - "status_id": 1, - "unmapped": { - "related_url": " https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-nsg-flow-logging-overview", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "This will keep IP traffic logs for longer than 90 days. As a level 2, first determine your need to retain data, then apply your selection here. As this is data stored for longer, your monthly storage costs will increase depending on your data use.", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.r3.az.nt.1", - "op.mon.3.az.nw.1" - ], - "MITRE-ATTACK": [ - "T1499" - ], - "CIS-2.0": [ - "6.5" - ], - "ProwlerThreatScore-1.0": [ - "3.2.1" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1", - "cc_c_1_2" - ], - "CIS-2.1": [ - "6.5" - ], - "CIS-3.0": [ - "7.5" - ], - "CCC": [ - "CCC.Logging.CN02.AR01", - "CCC.Logging.CN02.AR02", - "CCC.VPC.CN04.AR01" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.29", - "10.2.1.3.29", - "10.2.1.4.29", - "10.2.1.5.29", - "10.2.1.6.29", - "10.2.1.7.29", - "10.2.1.29", - "10.2.2.29", - "10.3.1.29", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.34" - ], - "CIS-4.0": [ - "8.8", - "8.5" - ], - "NIS2": [ - "1.1.1.c", - "2.1.2.h", - "2.3.1", - "3.2.3.a", - "3.2.3.g", - "3.2.5", - "4.1.2.g", - "4.1.4", - "4.2.2.f", - "6.1.2.b", - "6.7.2.b", - "6.7.2.l", - "11.1.1", - "11.2.2.f", - "12.2.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Network Security Group Flow Logs should be enabled and the retention period set to greater than or equal to 90 days.", - "title": "Ensure that Network Security Group Flow Log retention period is 0, 90 days or greater", - "types": [], - "uid": "prowler-azure-network_flow_log_more_than_90_days-3bb71587-4549-4396-8898-9e15f062e665-southcentralus-NetworkWatcher_southcentralus" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "southcentralus", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_southcentralus", - "name": "NetworkWatcher_southcentralus", - "location": "southcentralus", - "flow_logs": [] - } - }, - "group": { - "name": "network" - }, - "labels": [], - "name": "NetworkWatcher_southcentralus", - "type": "Network", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_southcentralus" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "southcentralus" - }, - "remediation": { - "desc": "From Azure Portal 1. Go to Network Watcher 2. Select NSG flow logs blade in the Logs section 3. Select each Network Security Group from the list 4. Ensure Status is set to On 5. Ensure Retention (days) setting greater than 90 days 6. Select your storage account in the Storage account field 7. Select Save From Azure CLI Enable the NSG flow logs and set the Retention (days) to greater than or equal to 90 days. az network watcher flow-log configure --nsg --enabled true --resource-group --retention 91 --storage-account ", - "references": [ - "https://docs.microsoft.com/en-us/cli/azure/network/watcher/flow-log?view=azure-cli-latest" - ] - }, - "risk_details": "Flow logs enable capturing information about IP traffic flowing in and out of network security groups. Logs can be used to check for anomalies and give insight into suspected breaches.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Network Watcher NetworkWatcher_centralindia from subscription Azure subscription 1 has no flow logs", - "metadata": { - "event_code": "network_flow_log_more_than_90_days", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Network Watcher NetworkWatcher_centralindia from subscription Azure subscription 1 has no flow logs", - "status_id": 1, - "unmapped": { - "related_url": " https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-nsg-flow-logging-overview", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "This will keep IP traffic logs for longer than 90 days. As a level 2, first determine your need to retain data, then apply your selection here. As this is data stored for longer, your monthly storage costs will increase depending on your data use.", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.r3.az.nt.1", - "op.mon.3.az.nw.1" - ], - "MITRE-ATTACK": [ - "T1499" - ], - "CIS-2.0": [ - "6.5" - ], - "ProwlerThreatScore-1.0": [ - "3.2.1" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1", - "cc_c_1_2" - ], - "CIS-2.1": [ - "6.5" - ], - "CIS-3.0": [ - "7.5" - ], - "CCC": [ - "CCC.Logging.CN02.AR01", - "CCC.Logging.CN02.AR02", - "CCC.VPC.CN04.AR01" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.29", - "10.2.1.3.29", - "10.2.1.4.29", - "10.2.1.5.29", - "10.2.1.6.29", - "10.2.1.7.29", - "10.2.1.29", - "10.2.2.29", - "10.3.1.29", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.34" - ], - "CIS-4.0": [ - "8.8", - "8.5" - ], - "NIS2": [ - "1.1.1.c", - "2.1.2.h", - "2.3.1", - "3.2.3.a", - "3.2.3.g", - "3.2.5", - "4.1.2.g", - "4.1.4", - "4.2.2.f", - "6.1.2.b", - "6.7.2.b", - "6.7.2.l", - "11.1.1", - "11.2.2.f", - "12.2.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Network Security Group Flow Logs should be enabled and the retention period set to greater than or equal to 90 days.", - "title": "Ensure that Network Security Group Flow Log retention period is 0, 90 days or greater", - "types": [], - "uid": "prowler-azure-network_flow_log_more_than_90_days-3bb71587-4549-4396-8898-9e15f062e665-centralindia-NetworkWatcher_centralindia" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "centralindia", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_centralindia", - "name": "NetworkWatcher_centralindia", - "location": "centralindia", - "flow_logs": [] - } - }, - "group": { - "name": "network" - }, - "labels": [], - "name": "NetworkWatcher_centralindia", - "type": "Network", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_centralindia" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "centralindia" - }, - "remediation": { - "desc": "From Azure Portal 1. Go to Network Watcher 2. Select NSG flow logs blade in the Logs section 3. Select each Network Security Group from the list 4. Ensure Status is set to On 5. Ensure Retention (days) setting greater than 90 days 6. Select your storage account in the Storage account field 7. Select Save From Azure CLI Enable the NSG flow logs and set the Retention (days) to greater than or equal to 90 days. az network watcher flow-log configure --nsg --enabled true --resource-group --retention 91 --storage-account ", - "references": [ - "https://docs.microsoft.com/en-us/cli/azure/network/watcher/flow-log?view=azure-cli-latest" - ] - }, - "risk_details": "Flow logs enable capturing information about IP traffic flowing in and out of network security groups. Logs can be used to check for anomalies and give insight into suspected breaches.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Network Watcher NetworkWatcher_westus2 from subscription Azure subscription 1 has no flow logs", - "metadata": { - "event_code": "network_flow_log_more_than_90_days", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Network Watcher NetworkWatcher_westus2 from subscription Azure subscription 1 has no flow logs", - "status_id": 1, - "unmapped": { - "related_url": " https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-nsg-flow-logging-overview", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "This will keep IP traffic logs for longer than 90 days. As a level 2, first determine your need to retain data, then apply your selection here. As this is data stored for longer, your monthly storage costs will increase depending on your data use.", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.r3.az.nt.1", - "op.mon.3.az.nw.1" - ], - "MITRE-ATTACK": [ - "T1499" - ], - "CIS-2.0": [ - "6.5" - ], - "ProwlerThreatScore-1.0": [ - "3.2.1" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1", - "cc_c_1_2" - ], - "CIS-2.1": [ - "6.5" - ], - "CIS-3.0": [ - "7.5" - ], - "CCC": [ - "CCC.Logging.CN02.AR01", - "CCC.Logging.CN02.AR02", - "CCC.VPC.CN04.AR01" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.29", - "10.2.1.3.29", - "10.2.1.4.29", - "10.2.1.5.29", - "10.2.1.6.29", - "10.2.1.7.29", - "10.2.1.29", - "10.2.2.29", - "10.3.1.29", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.34" - ], - "CIS-4.0": [ - "8.8", - "8.5" - ], - "NIS2": [ - "1.1.1.c", - "2.1.2.h", - "2.3.1", - "3.2.3.a", - "3.2.3.g", - "3.2.5", - "4.1.2.g", - "4.1.4", - "4.2.2.f", - "6.1.2.b", - "6.7.2.b", - "6.7.2.l", - "11.1.1", - "11.2.2.f", - "12.2.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Network Security Group Flow Logs should be enabled and the retention period set to greater than or equal to 90 days.", - "title": "Ensure that Network Security Group Flow Log retention period is 0, 90 days or greater", - "types": [], - "uid": "prowler-azure-network_flow_log_more_than_90_days-3bb71587-4549-4396-8898-9e15f062e665-westus2-NetworkWatcher_westus2" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "westus2", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_westus2", - "name": "NetworkWatcher_westus2", - "location": "westus2", - "flow_logs": [] - } - }, - "group": { - "name": "network" - }, - "labels": [], - "name": "NetworkWatcher_westus2", - "type": "Network", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_westus2" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "westus2" - }, - "remediation": { - "desc": "From Azure Portal 1. Go to Network Watcher 2. Select NSG flow logs blade in the Logs section 3. Select each Network Security Group from the list 4. Ensure Status is set to On 5. Ensure Retention (days) setting greater than 90 days 6. Select your storage account in the Storage account field 7. Select Save From Azure CLI Enable the NSG flow logs and set the Retention (days) to greater than or equal to 90 days. az network watcher flow-log configure --nsg --enabled true --resource-group --retention 91 --storage-account ", - "references": [ - "https://docs.microsoft.com/en-us/cli/azure/network/watcher/flow-log?view=azure-cli-latest" - ] - }, - "risk_details": "Flow logs enable capturing information about IP traffic flowing in and out of network security groups. Logs can be used to check for anomalies and give insight into suspected breaches.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Network Watcher NetworkWatcher_swedencentral from subscription Azure subscription 1 has no flow logs", - "metadata": { - "event_code": "network_flow_log_more_than_90_days", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Network Watcher NetworkWatcher_swedencentral from subscription Azure subscription 1 has no flow logs", - "status_id": 1, - "unmapped": { - "related_url": " https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-nsg-flow-logging-overview", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "This will keep IP traffic logs for longer than 90 days. As a level 2, first determine your need to retain data, then apply your selection here. As this is data stored for longer, your monthly storage costs will increase depending on your data use.", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.r3.az.nt.1", - "op.mon.3.az.nw.1" - ], - "MITRE-ATTACK": [ - "T1499" - ], - "CIS-2.0": [ - "6.5" - ], - "ProwlerThreatScore-1.0": [ - "3.2.1" - ], - "ISO27001-2022": [ - "A.8.15", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1", - "cc_c_1_2" - ], - "CIS-2.1": [ - "6.5" - ], - "CIS-3.0": [ - "7.5" - ], - "CCC": [ - "CCC.Logging.CN02.AR01", - "CCC.Logging.CN02.AR02", - "CCC.VPC.CN04.AR01" - ], - "PCI-4.0": [ - "10.2.1.1.34", - "10.2.1.2.29", - "10.2.1.3.29", - "10.2.1.4.29", - "10.2.1.5.29", - "10.2.1.6.29", - "10.2.1.7.29", - "10.2.1.29", - "10.2.2.29", - "10.3.1.29", - "10.6.3.39", - "5.3.4.34", - "A1.2.1.34" - ], - "CIS-4.0": [ - "8.8", - "8.5" - ], - "NIS2": [ - "1.1.1.c", - "2.1.2.h", - "2.3.1", - "3.2.3.a", - "3.2.3.g", - "3.2.5", - "4.1.2.g", - "4.1.4", - "4.2.2.f", - "6.1.2.b", - "6.7.2.b", - "6.7.2.l", - "11.1.1", - "11.2.2.f", - "12.2.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Network Security Group Flow Logs should be enabled and the retention period set to greater than or equal to 90 days.", - "title": "Ensure that Network Security Group Flow Log retention period is 0, 90 days or greater", - "types": [], - "uid": "prowler-azure-network_flow_log_more_than_90_days-3bb71587-4549-4396-8898-9e15f062e665-swedencentral-NetworkWatcher_swedencentral" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "swedencentral", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_swedencentral", - "name": "NetworkWatcher_swedencentral", - "location": "swedencentral", - "flow_logs": [] - } - }, - "group": { - "name": "network" - }, - "labels": [], - "name": "NetworkWatcher_swedencentral", - "type": "Network", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_swedencentral" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "swedencentral" - }, - "remediation": { - "desc": "From Azure Portal 1. Go to Network Watcher 2. Select NSG flow logs blade in the Logs section 3. Select each Network Security Group from the list 4. Ensure Status is set to On 5. Ensure Retention (days) setting greater than 90 days 6. Select your storage account in the Storage account field 7. Select Save From Azure CLI Enable the NSG flow logs and set the Retention (days) to greater than or equal to 90 days. az network watcher flow-log configure --nsg --enabled true --resource-group --retention 91 --storage-account ", - "references": [ - "https://docs.microsoft.com/en-us/cli/azure/network/watcher/flow-log?view=azure-cli-latest" - ] - }, - "risk_details": "Flow logs enable capturing information about IP traffic flowing in and out of network security groups. Logs can be used to check for anomalies and give insight into suspected breaches.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Security Group nsg-lee8 from subscription Azure subscription 1 has HTTP internet access restricted.", - "metadata": { - "event_code": "network_http_internet_access_restricted", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Security Group nsg-lee8 from subscription Azure subscription 1 has HTTP internet access restricted.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/security/benchmark/azure/security-controls-v3-network-security#ns-1-establish-network-segmentation-boundaries", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.com.3.r2.az.tls.1", - "mp.com.4.r3.az.1", - "mp.com.4.r4.az.nt.1", - "mp.s.4.az.nt.1" - ], - "MITRE-ATTACK": [ - "T1199", - "T1048", - "T1499", - "T1498", - "T1046" - ], - "CIS-2.0": [ - "6.4" - ], - "ProwlerThreatScore-1.0": [ - "2.1.4" - ], - "ISO27001-2022": [ - "A.8.20", - "A.8.21", - "A.8.22" - ], - "SOC2": [ - "cc_6_6" - ], - "CIS-2.1": [ - "6.4" - ], - "CIS-3.0": [ - "7.4" - ], - "CCC": [ - "CCC.Build.CN03.AR01", - "CCC.MLDE.CN07.AR01", - "CCC.MLDE.CN07.AR02", - "CCC.MLDE.CN08.AR01", - "CCC.MLDE.CN08.AR02", - "CCC.Core.CN06.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05" - ], - "PCI-4.0": [ - "1.2.5.5", - "1.2.8.25", - "1.3.1.28", - "1.3.2.28", - "1.4.1.6", - "1.4.2.26", - "1.4.4.6", - "1.5.1.25", - "2.2.5.5", - "2.2.7.3", - "4.2.1.1.7", - "4.2.1.3", - "8.3.2.6", - "A1.1.3.25" - ], - "CIS-4.0": [ - "8.4" - ], - "NIS2": [ - "1.1.1.c", - "1.2.1", - "2.3.1", - "6.7.2.b", - "6.7.2.l", - "11.1.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Network security groups should be periodically evaluated for port misconfigurations. Where certain ports and protocols may be exposed to the Internet, they should be evaluated for necessity and restricted wherever they are not explicitly required and narrowly configured.", - "title": "Ensure that HTTP(S) access from the Internet is evaluated and restricted", - "types": [], - "uid": "prowler-azure-network_http_internet_access_restricted-3bb71587-4549-4396-8898-9e15f062e665-westus2-nsg-lee8" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "westus2", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-lee8/providers/Microsoft.Network/networkSecurityGroups/nsg-lee8", - "name": "nsg-lee8", - "location": "westus2", - "security_rules": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-lee8/providers/Microsoft.Network/networkSecurityGroups/nsg-lee8/securityRules/nsgr-lee8", - "name": "nsgr-lee8", - "destination_port_range": "*", - "protocol": "*", - "source_address_prefix": "192.168.0.0/24", - "access": "Deny", - "direction": "Outbound" - } - ] - } - }, - "group": { - "name": "network" - }, - "labels": [], - "name": "nsg-lee8", - "type": "Network", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-lee8/providers/Microsoft.Network/networkSecurityGroups/nsg-lee8" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "westus2" - }, - "remediation": { - "desc": "Where HTTP(S) is not explicitly required and narrowly configured for resources attached to the Network Security Group, Internet-level access to your Azure resources should be restricted or eliminated. For internal access to relevant resources, configure an encrypted network tunnel such as: ExpressRoute Site-to-site VPN Point-to-site VPN", - "references": [] - }, - "risk_details": "The potential security problem with using HTTP(S) over the Internet is that attackers can use various brute force techniques to gain access to Azure resources. Once the attackers gain access, they can use the resource as a launch point for compromising other resources within the Azure tenant.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Security Group nsg-lee8 from subscription Azure subscription 1 has RDP internet access restricted.", - "metadata": { - "event_code": "network_rdp_internet_access_restricted", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Security Group nsg-lee8 from subscription Azure subscription 1 has RDP internet access restricted.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/azure/security/azure-security-network-security-best-practices#disable-rdpssh-access-to-azure-virtual-machines", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.com.1.az.nw.1" - ], - "MITRE-ATTACK": [ - "T1199", - "T1048", - "T1499", - "T1498", - "T1046" - ], - "CIS-2.0": [ - "6.1" - ], - "ProwlerThreatScore-1.0": [ - "2.1.1" - ], - "ISO27001-2022": [ - "A.8.14", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "SOC2": [ - "cc_6_6" - ], - "CIS-2.1": [ - "6.1" - ], - "CIS-3.0": [ - "7.1" - ], - "CCC": [ - "CCC.Build.CN03.AR01", - "CCC.MLDE.CN07.AR01", - "CCC.MLDE.CN07.AR02", - "CCC.MLDE.CN08.AR01", - "CCC.MLDE.CN08.AR02", - "CCC.Core.CN06.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05" - ], - "CIS-4.0": [ - "8.1" - ], - "NIS2": [ - "2.3.1", - "6.7.2.b", - "6.7.2.l", - "11.1.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Network security groups should be periodically evaluated for port misconfigurations. Where certain ports and protocols may be exposed to the Internet, they should be evaluated for necessity and restricted wherever they are not explicitly required.", - "title": "Ensure that RDP access from the Internet is evaluated and restricted", - "types": [], - "uid": "prowler-azure-network_rdp_internet_access_restricted-3bb71587-4549-4396-8898-9e15f062e665-westus2-nsg-lee8" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "westus2", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-lee8/providers/Microsoft.Network/networkSecurityGroups/nsg-lee8", - "name": "nsg-lee8", - "location": "westus2", - "security_rules": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-lee8/providers/Microsoft.Network/networkSecurityGroups/nsg-lee8/securityRules/nsgr-lee8", - "name": "nsgr-lee8", - "destination_port_range": "*", - "protocol": "*", - "source_address_prefix": "192.168.0.0/24", - "access": "Deny", - "direction": "Outbound" - } - ] - } - }, - "group": { - "name": "network" - }, - "labels": [], - "name": "nsg-lee8", - "type": "Network", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-lee8/providers/Microsoft.Network/networkSecurityGroups/nsg-lee8" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "westus2" - }, - "remediation": { - "desc": "Where RDP is not explicitly required and narrowly configured for resources attached to the Network Security Group, Internet-level access to your Azure resources should be restricted or eliminated. For internal access to relevant resources, configure an encrypted network tunnel such as: ExpressRoute Site-to-site VPN Point-to-site VPN", - "references": [ - "https://docs.microsoft.com/en-us/security/benchmark/azure/security-controls-v3-network-security#ns-1-establish-network-segmentation-boundaries" - ] - }, - "risk_details": "The potential security problem with using RDP over the Internet is that attackers can use various brute force techniques to gain access to Azure Virtual Machines. Once the attackers gain access, they can use a virtual machine as a launch point for compromising other machines on an Azure Virtual Network or even attack networked devices outside of Azure.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Security Group nsg-lee8 from subscription Azure subscription 1 has SSH internet access restricted.", - "metadata": { - "event_code": "network_ssh_internet_access_restricted", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Security Group nsg-lee8 from subscription Azure subscription 1 has SSH internet access restricted.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/azure/security/azure-security-network-security-best-practices#disable-rdpssh-access-to-azure-virtual-machines", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.com.1.az.nw.2" - ], - "MITRE-ATTACK": [ - "T1199", - "T1048", - "T1499", - "T1498", - "T1046" - ], - "CIS-2.0": [ - "6.2" - ], - "ProwlerThreatScore-1.0": [ - "2.1.2" - ], - "ISO27001-2022": [ - "A.8.14", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "SOC2": [ - "cc_6_6" - ], - "CIS-2.1": [ - "6.2" - ], - "CIS-3.0": [ - "7.2" - ], - "CCC": [ - "CCC.Build.CN03.AR01", - "CCC.MLDE.CN07.AR01", - "CCC.MLDE.CN07.AR02", - "CCC.MLDE.CN08.AR01", - "CCC.MLDE.CN08.AR02", - "CCC.Core.CN01.AR02", - "CCC.Core.CN06.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05" - ], - "PCI-4.0": [ - "1.2.5.17", - "1.2.8.17", - "1.2.8.18", - "1.2.8.21", - "1.2.8.41", - "1.3.1.19", - "1.3.1.21", - "1.3.1.24", - "1.3.1.45", - "1.3.2.19", - "1.3.2.21", - "1.3.2.24", - "1.3.2.45", - "1.4.1.5", - "1.4.2.18", - "1.4.2.19", - "1.4.2.22", - "1.4.2.43", - "1.4.4.5", - "1.5.1.17", - "1.5.1.18", - "1.5.1.21", - "1.5.1.40", - "2.2.5.17", - "A1.1.3.17", - "A1.1.3.18", - "A1.1.3.21", - "A1.1.3.40" - ], - "CIS-4.0": [ - "8.2" - ], - "NIS2": [ - "2.3.1", - "6.7.2.b", - "6.7.2.l", - "11.1.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Network security groups should be periodically evaluated for port misconfigurations. Where certain ports and protocols may be exposed to the Internet, they should be evaluated for necessity and restricted wherever they are not explicitly required.", - "title": "Ensure that SSH access from the Internet is evaluated and restricted", - "types": [], - "uid": "prowler-azure-network_ssh_internet_access_restricted-3bb71587-4549-4396-8898-9e15f062e665-westus2-nsg-lee8" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "westus2", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-lee8/providers/Microsoft.Network/networkSecurityGroups/nsg-lee8", - "name": "nsg-lee8", - "location": "westus2", - "security_rules": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-lee8/providers/Microsoft.Network/networkSecurityGroups/nsg-lee8/securityRules/nsgr-lee8", - "name": "nsgr-lee8", - "destination_port_range": "*", - "protocol": "*", - "source_address_prefix": "192.168.0.0/24", - "access": "Deny", - "direction": "Outbound" - } - ] - } - }, - "group": { - "name": "network" - }, - "labels": [], - "name": "nsg-lee8", - "type": "Network", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-lee8/providers/Microsoft.Network/networkSecurityGroups/nsg-lee8" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "westus2" - }, - "remediation": { - "desc": "Where SSH is not explicitly required and narrowly configured for resources attached to the Network Security Group, Internet-level access to your Azure resources should be restricted or eliminated. For internal access to relevant resources, configure an encrypted network tunnel such as: ExpressRoute Site-to-site VPN Point-to-site VPN", - "references": [ - "https://docs.microsoft.com/en-us/security/benchmark/azure/security-controls-v3-network-security#ns-1-establish-network-segmentation-boundaries" - ] - }, - "risk_details": "The potential security problem with using SSH over the Internet is that attackers can use various brute force techniques to gain access to Azure Virtual Machines. Once the attackers gain access, they can use a virtual machine as a launch point for compromising other machines on the Azure Virtual Network or even attack networked devices outside of Azure.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Security Group nsg-lee8 from subscription Azure subscription 1 has UDP internet access restricted.", - "metadata": { - "event_code": "network_udp_internet_access_restricted", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Security Group nsg-lee8 from subscription Azure subscription 1 has UDP internet access restricted.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/azure/security/fundamentals/network-best-practices#secure-your-critical-azure-service-resources-to-only-your-virtual-networks", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.com.1.az.nw.3" - ], - "MITRE-ATTACK": [ - "T1199", - "T1048", - "T1499", - "T1498", - "T1046" - ], - "CIS-2.0": [ - "6.3" - ], - "ProwlerThreatScore-1.0": [ - "2.1.3" - ], - "ISO27001-2022": [ - "A.8.14", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "SOC2": [ - "cc_6_6" - ], - "CIS-2.1": [ - "6.3" - ], - "CIS-3.0": [ - "7.3" - ], - "CCC": [ - "CCC.Build.CN03.AR01", - "CCC.MLDE.CN07.AR01", - "CCC.MLDE.CN07.AR02", - "CCC.MLDE.CN08.AR01", - "CCC.MLDE.CN08.AR02", - "CCC.Core.CN06.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05" - ], - "CIS-4.0": [ - "8.3" - ], - "NIS2": [ - "2.3.1", - "6.7.2.b", - "6.7.2.l", - "11.1.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Network security groups should be periodically evaluated for port misconfigurations. Where certain ports and protocols may be exposed to the Internet, they should be evaluated for necessity and restricted wherever they are not explicitly required.", - "title": "Ensure that UDP access from the Internet is evaluated and restricted", - "types": [], - "uid": "prowler-azure-network_udp_internet_access_restricted-3bb71587-4549-4396-8898-9e15f062e665-westus2-nsg-lee8" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "westus2", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-lee8/providers/Microsoft.Network/networkSecurityGroups/nsg-lee8", - "name": "nsg-lee8", - "location": "westus2", - "security_rules": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-lee8/providers/Microsoft.Network/networkSecurityGroups/nsg-lee8/securityRules/nsgr-lee8", - "name": "nsgr-lee8", - "destination_port_range": "*", - "protocol": "*", - "source_address_prefix": "192.168.0.0/24", - "access": "Deny", - "direction": "Outbound" - } - ] - } - }, - "group": { - "name": "network" - }, - "labels": [], - "name": "nsg-lee8", - "type": "Network", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-lee8/providers/Microsoft.Network/networkSecurityGroups/nsg-lee8" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "westus2" - }, - "remediation": { - "desc": "Where UDP is not explicitly required and narrowly configured for resources attached tothe Network Security Group, Internet-level access to your Azure resources should be restricted or eliminated. For internal access to relevant resources, configure an encrypted network tunnel such as: ExpressRouteSite-to-site VPN Point-to-site VPN", - "references": [ - "https://docs.microsoft.com/en-us/azure/security/fundamentals/ddos-best-practices" - ] - }, - "risk_details": "The potential security problem with broadly exposing UDP services over the Internet is that attackers can use DDoS amplification techniques to reflect spoofed UDP traffic from Azure Virtual Machines. The most common types of these attacks use exposed DNS, NTP, SSDP, SNMP, CLDAP and other UDP-based services as amplification sources for disrupting services of other machines on the Azure Virtual Network or even attack networked devices outside of Azure.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Network Watcher is not enabled for the following locations in subscription 'Azure subscription 1': ukwest, malaysiawest, uksouth, koreasouth, norwayeast, uaenorth, australiacentral, switzerlandwest, newzealandnorth, eastus, centralus, northeurope, westindia, eastus2, japanwest, japaneast, australiasoutheast, southafricanorth, mexicocentral, westus, brazilsouth, israelcentral, germanynorth, eastasia, switzerlandnorth, australiaeast, southafricawest, westus3, brazilsoutheast, francesouth, austriaeast, southindia, uaecentral, chilecentral, westeurope, southeastasia, spaincentral, italynorth, germanywestcentral, canadacentral, jioindiawest, polandcentral, australiacentral2, westcentralus, norwaywest, canadaeast, indonesiacentral, northcentralus, qatarcentral, koreacentral, francecentral, jioindiacentral.", - "metadata": { - "event_code": "network_watcher_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Network Watcher is not enabled for the following locations in subscription 'Azure subscription 1': ukwest, malaysiawest, uksouth, koreasouth, norwayeast, uaenorth, australiacentral, switzerlandwest, newzealandnorth, eastus, centralus, northeurope, westindia, eastus2, japanwest, japaneast, australiasoutheast, southafricanorth, mexicocentral, westus, brazilsouth, israelcentral, germanynorth, eastasia, switzerlandnorth, australiaeast, southafricawest, westus3, brazilsoutheast, francesouth, austriaeast, southindia, uaecentral, chilecentral, westeurope, southeastasia, spaincentral, italynorth, germanywestcentral, canadacentral, jioindiawest, polandcentral, australiacentral2, westcentralus, norwaywest, canadaeast, indonesiacentral, northcentralus, qatarcentral, koreacentral, francecentral, jioindiacentral.", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-monitoring-overview", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "There are additional costs per transaction to run and store network data. For high-volume networks these charges will add up quickly.", - "compliance": { - "ENS-RD2022": [ - "op.mon.1.az.nw.1", - "op.mon.2.r2.az.ma.1", - "op.mon.3.az.nw.1", - "mp.com.1.az.nw.1", - "mp.com.1.az.nw.2", - "mp.com.1.az.nw.3", - "mp.com.3.az.nw.1" - ], - "MITRE-ATTACK": [ - "T1048", - "T1499", - "T1498", - "T1046", - "T1049" - ], - "CIS-2.0": [ - "6.6" - ], - "ProwlerThreatScore-1.0": [ - "3.3.14" - ], - "ISO27001-2022": [ - "A.8.14", - "A.8.20", - "A.8.21", - "A.8.22" - ], - "CIS-2.1": [ - "6.6" - ], - "CIS-3.0": [ - "7.6" - ], - "CCC": [ - "CCC.LB.CN01.AR02", - "CCC.LB.CN06.AR01", - "CCC.VPC.CN04.AR01", - "CCC.Core.CN06.AR01" - ], - "CIS-4.0": [ - "8.6" - ], - "NIS2": [ - "2.3.1", - "6.7.2.b", - "6.7.2.l", - "6.8.2.a", - "11.1.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Enable Network Watcher for Azure subscriptions.", - "title": "Ensure that Network Watcher is 'Enabled' for all locations in the Azure subscription", - "types": [], - "uid": "prowler-azure-network_watcher_enabled-3bb71587-4549-4396-8898-9e15f062e665-global-Network Watcher" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": {} - }, - "group": { - "name": "network" - }, - "labels": [], - "name": "Network Watcher", - "type": "Network", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_*" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "Opting out of Network Watcher automatic enablement is a permanent change. Once you opt-out you cannot opt-in without contacting support.", - "references": [ - "https://learn.microsoft.com/en-us/security/benchmark/azure/security-controls-v2-logging-threat-detection#lt-3-enable-logging-for-azure-network-activities" - ] - }, - "risk_details": "Network diagnostic and visualization tools available with Network Watcher help users understand, diagnose, and gain insights to the network in Azure.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Policy assigment '/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Authorization/policyAssignments/SecurityCenterBuiltIn' is configured with enforcement mode 'Default'.", - "metadata": { - "event_code": "policy_ensure_asc_enforcement_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Policy assigment '/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Authorization/policyAssignments/SecurityCenterBuiltIn' is configured with enforcement mode 'Default'.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/defender-for-cloud/security-policy-concept", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-2.0": [ - "2.1.14" - ], - "ProwlerThreatScore-1.0": [ - "3.3.17" - ], - "ISO27001-2022": [ - "A.5.1" - ], - "CIS-2.1": [ - "2.1.13" - ], - "CIS-3.0": [ - "3.1.11" - ], - "PCI-4.0": [ - "10.2.1.1.31", - "10.4.1.1.5", - "10.4.1.4", - "10.4.2.5", - "10.6.3.36", - "10.7.1.6", - "10.7.2.6", - "A3.3.1.9", - "A3.5.1.9" - ], - "CIS-4.0": [ - "9.1.11" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "None of the settings offered by ASC Default policy should be set to effect Disabled.", - "title": "Ensure Any of the ASC Default Policy Settings are Not Set to 'Disabled'", - "types": [], - "uid": "prowler-azure-policy_ensure_asc_enforcement_enabled-3bb71587-4549-4396-8898-9e15f062e665-global-SecurityCenterBuiltIn" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Authorization/policyAssignments/SecurityCenterBuiltIn", - "name": "SecurityCenterBuiltIn", - "enforcement_mode": "Default" - } - }, - "group": { - "name": "policy" - }, - "labels": [], - "name": "SecurityCenterBuiltIn", - "type": "Microsoft.Authorization/policyAssignments", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/providers/Microsoft.Authorization/policyAssignments/SecurityCenterBuiltIn" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "1. From Azure Home select the Portal Menu 2. Select Policy 3. Select ASC Default for each subscription 4. Click on 'view Assignment' 5. Click on 'Edit assignment' 6. Ensure Policy Enforcement is Enabled 7. Click 'Review + Save'", - "references": [ - "https://learn.microsoft.com/en-us/azure/defender-for-cloud/implement-security-recommendations" - ] - }, - "risk_details": "A security policy defines the desired configuration of your workloads and helps ensure compliance with company or regulatory security requirements. ASC Default policy is associated with every subscription by default. ASC default policy assignment is a set of security recommendations based on best practices. Enabling recommendations in ASC default policy ensures that Azure security center provides the ability to monitor all of the supported recommendations and optionally allow automated action for a few of the supported recommendations.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-e9rn from subscription Azure subscription 1 has allow public access from any Azure service disabled", - "metadata": { - "event_code": "postgresql_flexible_server_allow_access_services_disabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-e9rn from subscription Azure subscription 1 has allow public access from any Azure service disabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/azure/postgresql/concepts-firewall-rules", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.r4.az.sa.3" - ], - "CIS-2.0": [ - "4.3.7" - ], - "ProwlerThreatScore-1.0": [ - "2.2.2" - ], - "ISO27001-2022": [ - "A.8.3" - ], - "CIS-2.1": [ - "4.3.7" - ], - "CIS-3.0": [ - "5.2.5" - ], - "CCC": [ - "CCC.DataWar.CN03.AR01" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Disable access from Azure services to PostgreSQL Database Server.", - "title": "Ensure 'Allow access to Azure services' for PostgreSQL Database Server is disabled", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_allow_access_services_disabled-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-e9rn" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn", - "name": "psql-e9rn", - "resource_group": "rg-e9rn", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-e9rn", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Connection security. 4. Under Firewall rules, set Allow access to Azure services to No. 5. Click Save. From Azure CLI Use the below command to delete the AllowAllWindowsAzureIps rule for PostgreSQL Database. az postgres server firewall-rule delete --name AllowAllWindowsAzureIps -- resource-group --server-name ", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/quickstart-create-server-database-azure-cli#configure-a-server-based-firewall-rule" - ] - }, - "risk_details": "If access from Azure services is enabled, the server's firewall will accept connections from all Azure resources, including resources not in your subscription. This is usually not a desired configuration. Instead, set up firewall rules to allow access from specific network ranges or VNET rules to allow access from specific virtual networks.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-ireu from subscription Azure subscription 1 has allow public access from any Azure service disabled", - "metadata": { - "event_code": "postgresql_flexible_server_allow_access_services_disabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-ireu from subscription Azure subscription 1 has allow public access from any Azure service disabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/azure/postgresql/concepts-firewall-rules", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.r4.az.sa.3" - ], - "CIS-2.0": [ - "4.3.7" - ], - "ProwlerThreatScore-1.0": [ - "2.2.2" - ], - "ISO27001-2022": [ - "A.8.3" - ], - "CIS-2.1": [ - "4.3.7" - ], - "CIS-3.0": [ - "5.2.5" - ], - "CCC": [ - "CCC.DataWar.CN03.AR01" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Disable access from Azure services to PostgreSQL Database Server.", - "title": "Ensure 'Allow access to Azure services' for PostgreSQL Database Server is disabled", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_allow_access_services_disabled-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-ireu" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu", - "name": "psql-ireu", - "resource_group": "rg-ireu", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-ireu", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Connection security. 4. Under Firewall rules, set Allow access to Azure services to No. 5. Click Save. From Azure CLI Use the below command to delete the AllowAllWindowsAzureIps rule for PostgreSQL Database. az postgres server firewall-rule delete --name AllowAllWindowsAzureIps -- resource-group --server-name ", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/quickstart-create-server-database-azure-cli#configure-a-server-based-firewall-rule" - ] - }, - "risk_details": "If access from Azure services is enabled, the server's firewall will accept connections from all Azure resources, including resources not in your subscription. This is usually not a desired configuration. Instead, set up firewall rules to allow access from specific network ranges or VNET rules to allow access from specific virtual networks.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-rk6x from subscription Azure subscription 1 has allow public access from any Azure service disabled", - "metadata": { - "event_code": "postgresql_flexible_server_allow_access_services_disabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-rk6x from subscription Azure subscription 1 has allow public access from any Azure service disabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/azure/postgresql/concepts-firewall-rules", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.r4.az.sa.3" - ], - "CIS-2.0": [ - "4.3.7" - ], - "ProwlerThreatScore-1.0": [ - "2.2.2" - ], - "ISO27001-2022": [ - "A.8.3" - ], - "CIS-2.1": [ - "4.3.7" - ], - "CIS-3.0": [ - "5.2.5" - ], - "CCC": [ - "CCC.DataWar.CN03.AR01" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Disable access from Azure services to PostgreSQL Database Server.", - "title": "Ensure 'Allow access to Azure services' for PostgreSQL Database Server is disabled", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_allow_access_services_disabled-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-rk6x" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x", - "name": "psql-rk6x", - "resource_group": "rg-rk6x", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-rk6x", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Connection security. 4. Under Firewall rules, set Allow access to Azure services to No. 5. Click Save. From Azure CLI Use the below command to delete the AllowAllWindowsAzureIps rule for PostgreSQL Database. az postgres server firewall-rule delete --name AllowAllWindowsAzureIps -- resource-group --server-name ", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/quickstart-create-server-database-azure-cli#configure-a-server-based-firewall-rule" - ] - }, - "risk_details": "If access from Azure services is enabled, the server's firewall will accept connections from all Azure resources, including resources not in your subscription. This is usually not a desired configuration. Instead, set up firewall rules to allow access from specific network ranges or VNET rules to allow access from specific virtual networks.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-rtac from subscription Azure subscription 1 has allow public access from any Azure service disabled", - "metadata": { - "event_code": "postgresql_flexible_server_allow_access_services_disabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-rtac from subscription Azure subscription 1 has allow public access from any Azure service disabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/azure/postgresql/concepts-firewall-rules", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.r4.az.sa.3" - ], - "CIS-2.0": [ - "4.3.7" - ], - "ProwlerThreatScore-1.0": [ - "2.2.2" - ], - "ISO27001-2022": [ - "A.8.3" - ], - "CIS-2.1": [ - "4.3.7" - ], - "CIS-3.0": [ - "5.2.5" - ], - "CCC": [ - "CCC.DataWar.CN03.AR01" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Disable access from Azure services to PostgreSQL Database Server.", - "title": "Ensure 'Allow access to Azure services' for PostgreSQL Database Server is disabled", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_allow_access_services_disabled-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-rtac" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac", - "name": "psql-rtac", - "resource_group": "rg-rtac", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-rtac", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Connection security. 4. Under Firewall rules, set Allow access to Azure services to No. 5. Click Save. From Azure CLI Use the below command to delete the AllowAllWindowsAzureIps rule for PostgreSQL Database. az postgres server firewall-rule delete --name AllowAllWindowsAzureIps -- resource-group --server-name ", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/quickstart-create-server-database-azure-cli#configure-a-server-based-firewall-rule" - ] - }, - "risk_details": "If access from Azure services is enabled, the server's firewall will accept connections from all Azure resources, including resources not in your subscription. This is usually not a desired configuration. Instead, set up firewall rules to allow access from specific network ranges or VNET rules to allow access from specific virtual networks.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-tumw from subscription Azure subscription 1 has allow public access from any Azure service disabled", - "metadata": { - "event_code": "postgresql_flexible_server_allow_access_services_disabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-tumw from subscription Azure subscription 1 has allow public access from any Azure service disabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/azure/postgresql/concepts-firewall-rules", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.r4.az.sa.3" - ], - "CIS-2.0": [ - "4.3.7" - ], - "ProwlerThreatScore-1.0": [ - "2.2.2" - ], - "ISO27001-2022": [ - "A.8.3" - ], - "CIS-2.1": [ - "4.3.7" - ], - "CIS-3.0": [ - "5.2.5" - ], - "CCC": [ - "CCC.DataWar.CN03.AR01" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Disable access from Azure services to PostgreSQL Database Server.", - "title": "Ensure 'Allow access to Azure services' for PostgreSQL Database Server is disabled", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_allow_access_services_disabled-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-tumw" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw", - "name": "psql-tumw", - "resource_group": "rg-tumw", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-tumw", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Connection security. 4. Under Firewall rules, set Allow access to Azure services to No. 5. Click Save. From Azure CLI Use the below command to delete the AllowAllWindowsAzureIps rule for PostgreSQL Database. az postgres server firewall-rule delete --name AllowAllWindowsAzureIps -- resource-group --server-name ", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/quickstart-create-server-database-azure-cli#configure-a-server-based-firewall-rule" - ] - }, - "risk_details": "If access from Azure services is enabled, the server's firewall will accept connections from all Azure resources, including resources not in your subscription. This is usually not a desired configuration. Instead, set up firewall rules to allow access from specific network ranges or VNET rules to allow access from specific virtual networks.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-e9rn from subscription Azure subscription 1 has connection_throttling disabled", - "metadata": { - "event_code": "postgresql_flexible_server_connection_throttling_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Flexible Postgresql server psql-e9rn from subscription Azure subscription 1 has connection_throttling disabled", - "status_id": 1, - "unmapped": { - "related_url": " https://docs.microsoft.com/en-us/rest/api/postgresql/configurations/listbyserver", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-2.0": [ - "4.3.5" - ], - "ProwlerThreatScore-1.0": [ - "3.1.2" - ], - "CIS-2.1": [ - "4.3.5" - ], - "CIS-3.0": [ - "5.2.3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Enable connection_throttling on PostgreSQL Servers.", - "title": "Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_connection_throttling_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-e9rn" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn", - "name": "psql-e9rn", - "resource_group": "rg-e9rn", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-e9rn", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for connection_throttling. 5. Click ON and save. From Azure CLI Use the below command to update connection_throttling configuration. az postgres server configuration set --resource-group -- server-name --name connection_throttling --value on From PowerShell Use the below command to update connection_throttling configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name connection_throttling -Value on", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/how-to-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling connection_throttling helps the PostgreSQL Database to Set the verbosity of logged messages. This in turn generates query and error logs with respect to concurrent connections that could lead to a successful Denial of Service (DoS) attack by exhausting connection resources. A system can also fail or be degraded by an overload of legitimate users. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-ireu from subscription Azure subscription 1 has connection_throttling disabled", - "metadata": { - "event_code": "postgresql_flexible_server_connection_throttling_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Flexible Postgresql server psql-ireu from subscription Azure subscription 1 has connection_throttling disabled", - "status_id": 1, - "unmapped": { - "related_url": " https://docs.microsoft.com/en-us/rest/api/postgresql/configurations/listbyserver", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-2.0": [ - "4.3.5" - ], - "ProwlerThreatScore-1.0": [ - "3.1.2" - ], - "CIS-2.1": [ - "4.3.5" - ], - "CIS-3.0": [ - "5.2.3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Enable connection_throttling on PostgreSQL Servers.", - "title": "Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_connection_throttling_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-ireu" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu", - "name": "psql-ireu", - "resource_group": "rg-ireu", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-ireu", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for connection_throttling. 5. Click ON and save. From Azure CLI Use the below command to update connection_throttling configuration. az postgres server configuration set --resource-group -- server-name --name connection_throttling --value on From PowerShell Use the below command to update connection_throttling configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name connection_throttling -Value on", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/how-to-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling connection_throttling helps the PostgreSQL Database to Set the verbosity of logged messages. This in turn generates query and error logs with respect to concurrent connections that could lead to a successful Denial of Service (DoS) attack by exhausting connection resources. A system can also fail or be degraded by an overload of legitimate users. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-rk6x from subscription Azure subscription 1 has connection_throttling disabled", - "metadata": { - "event_code": "postgresql_flexible_server_connection_throttling_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Flexible Postgresql server psql-rk6x from subscription Azure subscription 1 has connection_throttling disabled", - "status_id": 1, - "unmapped": { - "related_url": " https://docs.microsoft.com/en-us/rest/api/postgresql/configurations/listbyserver", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-2.0": [ - "4.3.5" - ], - "ProwlerThreatScore-1.0": [ - "3.1.2" - ], - "CIS-2.1": [ - "4.3.5" - ], - "CIS-3.0": [ - "5.2.3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Enable connection_throttling on PostgreSQL Servers.", - "title": "Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_connection_throttling_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-rk6x" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x", - "name": "psql-rk6x", - "resource_group": "rg-rk6x", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-rk6x", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for connection_throttling. 5. Click ON and save. From Azure CLI Use the below command to update connection_throttling configuration. az postgres server configuration set --resource-group -- server-name --name connection_throttling --value on From PowerShell Use the below command to update connection_throttling configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name connection_throttling -Value on", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/how-to-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling connection_throttling helps the PostgreSQL Database to Set the verbosity of logged messages. This in turn generates query and error logs with respect to concurrent connections that could lead to a successful Denial of Service (DoS) attack by exhausting connection resources. A system can also fail or be degraded by an overload of legitimate users. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-rtac from subscription Azure subscription 1 has connection_throttling disabled", - "metadata": { - "event_code": "postgresql_flexible_server_connection_throttling_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Flexible Postgresql server psql-rtac from subscription Azure subscription 1 has connection_throttling disabled", - "status_id": 1, - "unmapped": { - "related_url": " https://docs.microsoft.com/en-us/rest/api/postgresql/configurations/listbyserver", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-2.0": [ - "4.3.5" - ], - "ProwlerThreatScore-1.0": [ - "3.1.2" - ], - "CIS-2.1": [ - "4.3.5" - ], - "CIS-3.0": [ - "5.2.3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Enable connection_throttling on PostgreSQL Servers.", - "title": "Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_connection_throttling_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-rtac" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac", - "name": "psql-rtac", - "resource_group": "rg-rtac", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-rtac", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for connection_throttling. 5. Click ON and save. From Azure CLI Use the below command to update connection_throttling configuration. az postgres server configuration set --resource-group -- server-name --name connection_throttling --value on From PowerShell Use the below command to update connection_throttling configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name connection_throttling -Value on", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/how-to-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling connection_throttling helps the PostgreSQL Database to Set the verbosity of logged messages. This in turn generates query and error logs with respect to concurrent connections that could lead to a successful Denial of Service (DoS) attack by exhausting connection resources. A system can also fail or be degraded by an overload of legitimate users. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-tumw from subscription Azure subscription 1 has connection_throttling disabled", - "metadata": { - "event_code": "postgresql_flexible_server_connection_throttling_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Flexible Postgresql server psql-tumw from subscription Azure subscription 1 has connection_throttling disabled", - "status_id": 1, - "unmapped": { - "related_url": " https://docs.microsoft.com/en-us/rest/api/postgresql/configurations/listbyserver", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CIS-2.0": [ - "4.3.5" - ], - "ProwlerThreatScore-1.0": [ - "3.1.2" - ], - "CIS-2.1": [ - "4.3.5" - ], - "CIS-3.0": [ - "5.2.3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Enable connection_throttling on PostgreSQL Servers.", - "title": "Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_connection_throttling_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-tumw" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw", - "name": "psql-tumw", - "resource_group": "rg-tumw", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-tumw", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for connection_throttling. 5. Click ON and save. From Azure CLI Use the below command to update connection_throttling configuration. az postgres server configuration set --resource-group -- server-name --name connection_throttling --value on From PowerShell Use the below command to update connection_throttling configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name connection_throttling -Value on", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/how-to-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling connection_throttling helps the PostgreSQL Database to Set the verbosity of logged messages. This in turn generates query and error logs with respect to concurrent connections that could lead to a successful Denial of Service (DoS) attack by exhausting connection resources. A system can also fail or be degraded by an overload of legitimate users. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-e9rn from subscription Azure subscription 1 has enforce ssl enabled", - "metadata": { - "event_code": "postgresql_flexible_server_enforce_ssl_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-e9rn from subscription Azure subscription 1 has enforce ssl enabled", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/postgresql/single-server/concepts-ssl-connection-security", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": ".", - "compliance": { - "MITRE-ATTACK": [ - "T1040", - "T1530" - ], - "CIS-2.0": [ - "4.3.1" - ], - "ProwlerThreatScore-1.0": [ - "4.1.1", - "4.1.2" - ], - "SOC2": [ - "cc_6_2", - "cc_6_6" - ], - "CIS-2.1": [ - "4.3.1" - ], - "CIS-3.0": [ - "5.2.1", - "5.3.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Enable SSL connection on PostgreSQL Servers.", - "title": "Ensure 'Enforce SSL connection' is set to 'ENABLED' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_enforce_ssl_enabled-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-e9rn" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn", - "name": "psql-e9rn", - "resource_group": "rg-e9rn", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-e9rn", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com 2. Go to Azure Database for PostgreSQL server 3. For each database, click on Connection security 4. In SSL settings, click on ENABLED to enforce SSL connections 5. Click Save From Azure CLI Use the below command to enforce ssl connection for PostgreSQL Database. az postgres server update --resource-group --name --ssl-enforcement Enabled From PowerShell Update-AzPostgreSqlServer -ResourceGroupName -ServerName -SslEnforcement Enabled", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/concepts-ssl-connection-security" - ] - }, - "risk_details": "SSL connectivity helps to provide a new layer of security by connecting database server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between database server and client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and application.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-ireu from subscription Azure subscription 1 has enforce ssl enabled", - "metadata": { - "event_code": "postgresql_flexible_server_enforce_ssl_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-ireu from subscription Azure subscription 1 has enforce ssl enabled", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/postgresql/single-server/concepts-ssl-connection-security", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": ".", - "compliance": { - "MITRE-ATTACK": [ - "T1040", - "T1530" - ], - "CIS-2.0": [ - "4.3.1" - ], - "ProwlerThreatScore-1.0": [ - "4.1.1", - "4.1.2" - ], - "SOC2": [ - "cc_6_2", - "cc_6_6" - ], - "CIS-2.1": [ - "4.3.1" - ], - "CIS-3.0": [ - "5.2.1", - "5.3.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Enable SSL connection on PostgreSQL Servers.", - "title": "Ensure 'Enforce SSL connection' is set to 'ENABLED' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_enforce_ssl_enabled-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-ireu" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu", - "name": "psql-ireu", - "resource_group": "rg-ireu", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-ireu", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com 2. Go to Azure Database for PostgreSQL server 3. For each database, click on Connection security 4. In SSL settings, click on ENABLED to enforce SSL connections 5. Click Save From Azure CLI Use the below command to enforce ssl connection for PostgreSQL Database. az postgres server update --resource-group --name --ssl-enforcement Enabled From PowerShell Update-AzPostgreSqlServer -ResourceGroupName -ServerName -SslEnforcement Enabled", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/concepts-ssl-connection-security" - ] - }, - "risk_details": "SSL connectivity helps to provide a new layer of security by connecting database server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between database server and client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and application.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-rk6x from subscription Azure subscription 1 has enforce ssl enabled", - "metadata": { - "event_code": "postgresql_flexible_server_enforce_ssl_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-rk6x from subscription Azure subscription 1 has enforce ssl enabled", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/postgresql/single-server/concepts-ssl-connection-security", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": ".", - "compliance": { - "MITRE-ATTACK": [ - "T1040", - "T1530" - ], - "CIS-2.0": [ - "4.3.1" - ], - "ProwlerThreatScore-1.0": [ - "4.1.1", - "4.1.2" - ], - "SOC2": [ - "cc_6_2", - "cc_6_6" - ], - "CIS-2.1": [ - "4.3.1" - ], - "CIS-3.0": [ - "5.2.1", - "5.3.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Enable SSL connection on PostgreSQL Servers.", - "title": "Ensure 'Enforce SSL connection' is set to 'ENABLED' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_enforce_ssl_enabled-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-rk6x" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x", - "name": "psql-rk6x", - "resource_group": "rg-rk6x", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-rk6x", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com 2. Go to Azure Database for PostgreSQL server 3. For each database, click on Connection security 4. In SSL settings, click on ENABLED to enforce SSL connections 5. Click Save From Azure CLI Use the below command to enforce ssl connection for PostgreSQL Database. az postgres server update --resource-group --name --ssl-enforcement Enabled From PowerShell Update-AzPostgreSqlServer -ResourceGroupName -ServerName -SslEnforcement Enabled", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/concepts-ssl-connection-security" - ] - }, - "risk_details": "SSL connectivity helps to provide a new layer of security by connecting database server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between database server and client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and application.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-rtac from subscription Azure subscription 1 has enforce ssl enabled", - "metadata": { - "event_code": "postgresql_flexible_server_enforce_ssl_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-rtac from subscription Azure subscription 1 has enforce ssl enabled", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/postgresql/single-server/concepts-ssl-connection-security", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": ".", - "compliance": { - "MITRE-ATTACK": [ - "T1040", - "T1530" - ], - "CIS-2.0": [ - "4.3.1" - ], - "ProwlerThreatScore-1.0": [ - "4.1.1", - "4.1.2" - ], - "SOC2": [ - "cc_6_2", - "cc_6_6" - ], - "CIS-2.1": [ - "4.3.1" - ], - "CIS-3.0": [ - "5.2.1", - "5.3.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Enable SSL connection on PostgreSQL Servers.", - "title": "Ensure 'Enforce SSL connection' is set to 'ENABLED' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_enforce_ssl_enabled-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-rtac" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac", - "name": "psql-rtac", - "resource_group": "rg-rtac", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-rtac", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com 2. Go to Azure Database for PostgreSQL server 3. For each database, click on Connection security 4. In SSL settings, click on ENABLED to enforce SSL connections 5. Click Save From Azure CLI Use the below command to enforce ssl connection for PostgreSQL Database. az postgres server update --resource-group --name --ssl-enforcement Enabled From PowerShell Update-AzPostgreSqlServer -ResourceGroupName -ServerName -SslEnforcement Enabled", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/concepts-ssl-connection-security" - ] - }, - "risk_details": "SSL connectivity helps to provide a new layer of security by connecting database server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between database server and client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and application.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-tumw from subscription Azure subscription 1 has enforce ssl enabled", - "metadata": { - "event_code": "postgresql_flexible_server_enforce_ssl_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-tumw from subscription Azure subscription 1 has enforce ssl enabled", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/postgresql/single-server/concepts-ssl-connection-security", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": ".", - "compliance": { - "MITRE-ATTACK": [ - "T1040", - "T1530" - ], - "CIS-2.0": [ - "4.3.1" - ], - "ProwlerThreatScore-1.0": [ - "4.1.1", - "4.1.2" - ], - "SOC2": [ - "cc_6_2", - "cc_6_6" - ], - "CIS-2.1": [ - "4.3.1" - ], - "CIS-3.0": [ - "5.2.1", - "5.3.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Enable SSL connection on PostgreSQL Servers.", - "title": "Ensure 'Enforce SSL connection' is set to 'ENABLED' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_enforce_ssl_enabled-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-tumw" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw", - "name": "psql-tumw", - "resource_group": "rg-tumw", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-tumw", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com 2. Go to Azure Database for PostgreSQL server 3. For each database, click on Connection security 4. In SSL settings, click on ENABLED to enforce SSL connections 5. Click Save From Azure CLI Use the below command to enforce ssl connection for PostgreSQL Database. az postgres server update --resource-group --name --ssl-enforcement Enabled From PowerShell Update-AzPostgreSqlServer -ResourceGroupName -ServerName -SslEnforcement Enabled", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/concepts-ssl-connection-security" - ] - }, - "risk_details": "SSL connectivity helps to provide a new layer of security by connecting database server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between database server and client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and application.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-e9rn from subscription Azure subscription 1 has log_checkpoints enabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_checkpoints_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-e9rn from subscription Azure subscription 1 has log_checkpoints enabled", - "status_id": 1, - "unmapped": { - "related_url": " https://docs.microsoft.com/en-us/rest/api/postgresql/singleserver/configurations/list-by-server", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.3" - ], - "CIS-2.0": [ - "4.3.2" - ], - "ProwlerThreatScore-1.0": [ - "3.1.1" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "4.3.2" - ], - "CIS-3.0": [ - "5.2.2" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.g", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Enable log_checkpoints on PostgreSQL Servers.", - "title": "Ensure Server Parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_checkpoints_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-e9rn" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn", - "name": "psql-e9rn", - "resource_group": "rg-e9rn", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-e9rn", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. From Azure Home select the Portal Menu. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for log_checkpoints. 5. Click ON and save. From Azure CLI Use the below command to update log_checkpoints configuration. az postgres server configuration set --resource-group -- server-name --name log_checkpoints --value on From PowerShell Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_checkpoints -Value on", - "references": [ - "https://docs.microsoft.com/en-us/azure/postgresql/howto-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling log_checkpoints helps the PostgreSQL Database to Log each checkpoint in turn generates query and error logs. However, access to transaction logs is not supported. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-ireu from subscription Azure subscription 1 has log_checkpoints enabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_checkpoints_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-ireu from subscription Azure subscription 1 has log_checkpoints enabled", - "status_id": 1, - "unmapped": { - "related_url": " https://docs.microsoft.com/en-us/rest/api/postgresql/singleserver/configurations/list-by-server", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.3" - ], - "CIS-2.0": [ - "4.3.2" - ], - "ProwlerThreatScore-1.0": [ - "3.1.1" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "4.3.2" - ], - "CIS-3.0": [ - "5.2.2" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.g", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Enable log_checkpoints on PostgreSQL Servers.", - "title": "Ensure Server Parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_checkpoints_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-ireu" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu", - "name": "psql-ireu", - "resource_group": "rg-ireu", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-ireu", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. From Azure Home select the Portal Menu. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for log_checkpoints. 5. Click ON and save. From Azure CLI Use the below command to update log_checkpoints configuration. az postgres server configuration set --resource-group -- server-name --name log_checkpoints --value on From PowerShell Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_checkpoints -Value on", - "references": [ - "https://docs.microsoft.com/en-us/azure/postgresql/howto-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling log_checkpoints helps the PostgreSQL Database to Log each checkpoint in turn generates query and error logs. However, access to transaction logs is not supported. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-rk6x from subscription Azure subscription 1 has log_checkpoints enabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_checkpoints_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-rk6x from subscription Azure subscription 1 has log_checkpoints enabled", - "status_id": 1, - "unmapped": { - "related_url": " https://docs.microsoft.com/en-us/rest/api/postgresql/singleserver/configurations/list-by-server", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.3" - ], - "CIS-2.0": [ - "4.3.2" - ], - "ProwlerThreatScore-1.0": [ - "3.1.1" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "4.3.2" - ], - "CIS-3.0": [ - "5.2.2" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.g", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Enable log_checkpoints on PostgreSQL Servers.", - "title": "Ensure Server Parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_checkpoints_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-rk6x" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x", - "name": "psql-rk6x", - "resource_group": "rg-rk6x", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-rk6x", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. From Azure Home select the Portal Menu. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for log_checkpoints. 5. Click ON and save. From Azure CLI Use the below command to update log_checkpoints configuration. az postgres server configuration set --resource-group -- server-name --name log_checkpoints --value on From PowerShell Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_checkpoints -Value on", - "references": [ - "https://docs.microsoft.com/en-us/azure/postgresql/howto-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling log_checkpoints helps the PostgreSQL Database to Log each checkpoint in turn generates query and error logs. However, access to transaction logs is not supported. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-rtac from subscription Azure subscription 1 has log_checkpoints enabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_checkpoints_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-rtac from subscription Azure subscription 1 has log_checkpoints enabled", - "status_id": 1, - "unmapped": { - "related_url": " https://docs.microsoft.com/en-us/rest/api/postgresql/singleserver/configurations/list-by-server", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.3" - ], - "CIS-2.0": [ - "4.3.2" - ], - "ProwlerThreatScore-1.0": [ - "3.1.1" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "4.3.2" - ], - "CIS-3.0": [ - "5.2.2" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.g", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Enable log_checkpoints on PostgreSQL Servers.", - "title": "Ensure Server Parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_checkpoints_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-rtac" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac", - "name": "psql-rtac", - "resource_group": "rg-rtac", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-rtac", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. From Azure Home select the Portal Menu. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for log_checkpoints. 5. Click ON and save. From Azure CLI Use the below command to update log_checkpoints configuration. az postgres server configuration set --resource-group -- server-name --name log_checkpoints --value on From PowerShell Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_checkpoints -Value on", - "references": [ - "https://docs.microsoft.com/en-us/azure/postgresql/howto-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling log_checkpoints helps the PostgreSQL Database to Log each checkpoint in turn generates query and error logs. However, access to transaction logs is not supported. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-tumw from subscription Azure subscription 1 has log_checkpoints enabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_checkpoints_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-tumw from subscription Azure subscription 1 has log_checkpoints enabled", - "status_id": 1, - "unmapped": { - "related_url": " https://docs.microsoft.com/en-us/rest/api/postgresql/singleserver/configurations/list-by-server", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.3" - ], - "CIS-2.0": [ - "4.3.2" - ], - "ProwlerThreatScore-1.0": [ - "3.1.1" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "4.3.2" - ], - "CIS-3.0": [ - "5.2.2" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.g", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Enable log_checkpoints on PostgreSQL Servers.", - "title": "Ensure Server Parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_checkpoints_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-tumw" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw", - "name": "psql-tumw", - "resource_group": "rg-tumw", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-tumw", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. From Azure Home select the Portal Menu. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for log_checkpoints. 5. Click ON and save. From Azure CLI Use the below command to update log_checkpoints configuration. az postgres server configuration set --resource-group -- server-name --name log_checkpoints --value on From PowerShell Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_checkpoints -Value on", - "references": [ - "https://docs.microsoft.com/en-us/azure/postgresql/howto-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling log_checkpoints helps the PostgreSQL Database to Log each checkpoint in turn generates query and error logs. However, access to transaction logs is not supported. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-e9rn from subscription Azure subscription 1 has log_connections enabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_connections_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-e9rn from subscription Azure subscription 1 has log_connections enabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/rest/api/postgresql/configurations/listbyserver", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.3" - ], - "CIS-2.0": [ - "4.3.3" - ], - "ProwlerThreatScore-1.0": [ - "3.1.3" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "4.3.3" - ], - "CIS-3.0": [ - "5.2.6" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.c", - "3.2.3.e", - "3.2.3.g", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Enable log_connections on PostgreSQL Servers.", - "title": "Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_connections_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-e9rn" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn", - "name": "psql-e9rn", - "resource_group": "rg-e9rn", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-e9rn", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for log_connections. 5. Click ON and save. From Azure CLI Use the below command to update log_connections configuration. az postgres server configuration set --resource-group -- server-name --name log_connections --value on From PowerShell Use the below command to update log_connections configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_connections -Value on", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/how-to-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling log_connections helps PostgreSQL Database to log attempted connection to the server, as well as successful completion of client authentication. Log data can be used to identify, troubleshoot, and repair configuration errors and suboptimal performance.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-ireu from subscription Azure subscription 1 has log_connections enabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_connections_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-ireu from subscription Azure subscription 1 has log_connections enabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/rest/api/postgresql/configurations/listbyserver", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.3" - ], - "CIS-2.0": [ - "4.3.3" - ], - "ProwlerThreatScore-1.0": [ - "3.1.3" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "4.3.3" - ], - "CIS-3.0": [ - "5.2.6" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.c", - "3.2.3.e", - "3.2.3.g", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Enable log_connections on PostgreSQL Servers.", - "title": "Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_connections_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-ireu" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu", - "name": "psql-ireu", - "resource_group": "rg-ireu", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-ireu", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for log_connections. 5. Click ON and save. From Azure CLI Use the below command to update log_connections configuration. az postgres server configuration set --resource-group -- server-name --name log_connections --value on From PowerShell Use the below command to update log_connections configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_connections -Value on", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/how-to-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling log_connections helps PostgreSQL Database to log attempted connection to the server, as well as successful completion of client authentication. Log data can be used to identify, troubleshoot, and repair configuration errors and suboptimal performance.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-rk6x from subscription Azure subscription 1 has log_connections enabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_connections_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-rk6x from subscription Azure subscription 1 has log_connections enabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/rest/api/postgresql/configurations/listbyserver", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.3" - ], - "CIS-2.0": [ - "4.3.3" - ], - "ProwlerThreatScore-1.0": [ - "3.1.3" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "4.3.3" - ], - "CIS-3.0": [ - "5.2.6" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.c", - "3.2.3.e", - "3.2.3.g", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Enable log_connections on PostgreSQL Servers.", - "title": "Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_connections_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-rk6x" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x", - "name": "psql-rk6x", - "resource_group": "rg-rk6x", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-rk6x", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for log_connections. 5. Click ON and save. From Azure CLI Use the below command to update log_connections configuration. az postgres server configuration set --resource-group -- server-name --name log_connections --value on From PowerShell Use the below command to update log_connections configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_connections -Value on", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/how-to-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling log_connections helps PostgreSQL Database to log attempted connection to the server, as well as successful completion of client authentication. Log data can be used to identify, troubleshoot, and repair configuration errors and suboptimal performance.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-rtac from subscription Azure subscription 1 has log_connections enabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_connections_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-rtac from subscription Azure subscription 1 has log_connections enabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/rest/api/postgresql/configurations/listbyserver", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.3" - ], - "CIS-2.0": [ - "4.3.3" - ], - "ProwlerThreatScore-1.0": [ - "3.1.3" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "4.3.3" - ], - "CIS-3.0": [ - "5.2.6" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.c", - "3.2.3.e", - "3.2.3.g", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Enable log_connections on PostgreSQL Servers.", - "title": "Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_connections_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-rtac" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac", - "name": "psql-rtac", - "resource_group": "rg-rtac", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-rtac", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for log_connections. 5. Click ON and save. From Azure CLI Use the below command to update log_connections configuration. az postgres server configuration set --resource-group -- server-name --name log_connections --value on From PowerShell Use the below command to update log_connections configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_connections -Value on", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/how-to-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling log_connections helps PostgreSQL Database to log attempted connection to the server, as well as successful completion of client authentication. Log data can be used to identify, troubleshoot, and repair configuration errors and suboptimal performance.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-tumw from subscription Azure subscription 1 has log_connections enabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_connections_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-tumw from subscription Azure subscription 1 has log_connections enabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/rest/api/postgresql/configurations/listbyserver", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.3" - ], - "CIS-2.0": [ - "4.3.3" - ], - "ProwlerThreatScore-1.0": [ - "3.1.3" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "4.3.3" - ], - "CIS-3.0": [ - "5.2.6" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.c", - "3.2.3.e", - "3.2.3.g", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Enable log_connections on PostgreSQL Servers.", - "title": "Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_connections_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-tumw" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw", - "name": "psql-tumw", - "resource_group": "rg-tumw", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-tumw", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. Login to Azure Portal using https://portal.azure.com. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for log_connections. 5. Click ON and save. From Azure CLI Use the below command to update log_connections configuration. az postgres server configuration set --resource-group -- server-name --name log_connections --value on From PowerShell Use the below command to update log_connections configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_connections -Value on", - "references": [ - "https://learn.microsoft.com/en-us/azure/postgresql/single-server/how-to-configure-server-parameters-using-portal" - ] - }, - "risk_details": "Enabling log_connections helps PostgreSQL Database to log attempted connection to the server, as well as successful completion of client authentication. Log data can be used to identify, troubleshoot, and repair configuration errors and suboptimal performance.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-e9rn from subscription Azure subscription 1 has log_disconnections enabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_disconnections_on", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Flexible Postgresql server psql-e9rn from subscription Azure subscription 1 has log_disconnections enabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/rest/api/postgresql/singleserver/configurations/list-by-server", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Enabling this setting will enable a log of all disconnections. If this is enabled for a high traffic server, the log may grow exponentially.", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r5.az.eid.3" - ], - "CIS-2.0": [ - "4.3.4" - ], - "ProwlerThreatScore-1.0": [ - "3.1.4" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1" - ], - "CIS-2.1": [ - "4.3.4" - ], - "CIS-3.0": [ - "5.2.7" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.c", - "3.2.3.e", - "3.2.3.g", - "11.2.2.f" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Enable log_disconnections on PostgreSQL Servers.", - "title": "Ensure server parameter 'log_disconnections' is set to 'ON' for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_disconnections_on-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-e9rn" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn", - "name": "psql-e9rn", - "resource_group": "rg-e9rn", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-e9rn", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-e9rn/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-e9rn" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. From Azure Home select the Portal Menu 2. Go to Azure Database for PostgreSQL servers 3. For each database, click on Server parameters 4. Search for log_disconnections. 5. Click ON and save. From Azure CLI Use the below command to update log_disconnections configuration. az postgres server configuration set --resource-group -- server-name --name log_disconnections --value on From PowerShell Use the below command to update log_disconnections configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName -- server-name --name log_disconnections --value on From PowerShell Use the below command to update log_disconnections configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName -- server-name --name log_disconnections --value on From PowerShell Use the below command to update log_disconnections configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName -- server-name --name log_disconnections --value on From PowerShell Use the below command to update log_disconnections configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName -- server-name --name log_disconnections --value on From PowerShell Use the below command to update log_disconnections configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName -- server-name --name log_retention_days --value <4-7> From Powershell Use the below command to update log_retention_days configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_retention_days -Value <4-7>", - "references": [ - "https://learn.microsoft.com/en-us/rest/api/postgresql/singleserver/configurations/list-by-server?view=rest-postgresql-singleserver-2017-12-01&tabs=HTTP" - ] - }, - "risk_details": "Configuring log_retention_days determines the duration in days that Azure Database for PostgreSQL retains log files. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-ireu from subscription Azure subscription 1 has log_retention disabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_retention_days_greater_3", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Flexible Postgresql server psql-ireu from subscription Azure subscription 1 has log_retention disabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/azure/postgresql/howto-configure-server-parameters-using-portal", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Configuring this setting will result in logs being retained for the specified number of days. If this is configured on a high traffic server, the log may grow quickly to occupy a large amount of disk space. In this case you may want to set this to a lower number.", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.r3.az.nt.1", - "op.mon.3.az.nw.1" - ], - "CIS-2.0": [ - "4.3.6" - ], - "ProwlerThreatScore-1.0": [ - "3.2.2" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1", - "cc_c_1_2" - ], - "CIS-2.1": [ - "4.3.6" - ], - "CIS-3.0": [ - "5.2.4" - ], - "CCC": [ - "CCC.Logging.CN02.AR02" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.g", - "3.2.5", - "4.1.2.g", - "4.1.4", - "6.1.2.b", - "11.2.2.f", - "12.2.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Ensure log_retention_days on PostgreSQL Servers is set to an appropriate value.", - "title": "Ensure Server Parameter 'log_retention_days' is greater than 3 days for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_retention_days_greater_3-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-ireu" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu", - "name": "psql-ireu", - "resource_group": "rg-ireu", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-ireu", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-ireu/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-ireu" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. From Azure Home select the Portal Menu. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for log_retention_days. 5. Input a value between 4 and 7 (inclusive) and click Save. From Azure CLI Use the below command to update log_retention_days configuration. az postgres server configuration set --resource-group -- server-name --name log_retention_days --value <4-7> From Powershell Use the below command to update log_retention_days configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_retention_days -Value <4-7>", - "references": [ - "https://learn.microsoft.com/en-us/rest/api/postgresql/singleserver/configurations/list-by-server?view=rest-postgresql-singleserver-2017-12-01&tabs=HTTP" - ] - }, - "risk_details": "Configuring log_retention_days determines the duration in days that Azure Database for PostgreSQL retains log files. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-rk6x from subscription Azure subscription 1 has log_retention disabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_retention_days_greater_3", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Flexible Postgresql server psql-rk6x from subscription Azure subscription 1 has log_retention disabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/azure/postgresql/howto-configure-server-parameters-using-portal", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Configuring this setting will result in logs being retained for the specified number of days. If this is configured on a high traffic server, the log may grow quickly to occupy a large amount of disk space. In this case you may want to set this to a lower number.", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.r3.az.nt.1", - "op.mon.3.az.nw.1" - ], - "CIS-2.0": [ - "4.3.6" - ], - "ProwlerThreatScore-1.0": [ - "3.2.2" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1", - "cc_c_1_2" - ], - "CIS-2.1": [ - "4.3.6" - ], - "CIS-3.0": [ - "5.2.4" - ], - "CCC": [ - "CCC.Logging.CN02.AR02" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.g", - "3.2.5", - "4.1.2.g", - "4.1.4", - "6.1.2.b", - "11.2.2.f", - "12.2.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Ensure log_retention_days on PostgreSQL Servers is set to an appropriate value.", - "title": "Ensure Server Parameter 'log_retention_days' is greater than 3 days for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_retention_days_greater_3-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-rk6x" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x", - "name": "psql-rk6x", - "resource_group": "rg-rk6x", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-rk6x", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rk6x/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rk6x" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. From Azure Home select the Portal Menu. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for log_retention_days. 5. Input a value between 4 and 7 (inclusive) and click Save. From Azure CLI Use the below command to update log_retention_days configuration. az postgres server configuration set --resource-group -- server-name --name log_retention_days --value <4-7> From Powershell Use the below command to update log_retention_days configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_retention_days -Value <4-7>", - "references": [ - "https://learn.microsoft.com/en-us/rest/api/postgresql/singleserver/configurations/list-by-server?view=rest-postgresql-singleserver-2017-12-01&tabs=HTTP" - ] - }, - "risk_details": "Configuring log_retention_days determines the duration in days that Azure Database for PostgreSQL retains log files. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-rtac from subscription Azure subscription 1 has log_retention disabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_retention_days_greater_3", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Flexible Postgresql server psql-rtac from subscription Azure subscription 1 has log_retention disabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/azure/postgresql/howto-configure-server-parameters-using-portal", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Configuring this setting will result in logs being retained for the specified number of days. If this is configured on a high traffic server, the log may grow quickly to occupy a large amount of disk space. In this case you may want to set this to a lower number.", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.r3.az.nt.1", - "op.mon.3.az.nw.1" - ], - "CIS-2.0": [ - "4.3.6" - ], - "ProwlerThreatScore-1.0": [ - "3.2.2" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1", - "cc_c_1_2" - ], - "CIS-2.1": [ - "4.3.6" - ], - "CIS-3.0": [ - "5.2.4" - ], - "CCC": [ - "CCC.Logging.CN02.AR02" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.g", - "3.2.5", - "4.1.2.g", - "4.1.4", - "6.1.2.b", - "11.2.2.f", - "12.2.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Ensure log_retention_days on PostgreSQL Servers is set to an appropriate value.", - "title": "Ensure Server Parameter 'log_retention_days' is greater than 3 days for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_retention_days_greater_3-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-rtac" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac", - "name": "psql-rtac", - "resource_group": "rg-rtac", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-rtac", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-rtac/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-rtac" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. From Azure Home select the Portal Menu. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for log_retention_days. 5. Input a value between 4 and 7 (inclusive) and click Save. From Azure CLI Use the below command to update log_retention_days configuration. az postgres server configuration set --resource-group -- server-name --name log_retention_days --value <4-7> From Powershell Use the below command to update log_retention_days configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_retention_days -Value <4-7>", - "references": [ - "https://learn.microsoft.com/en-us/rest/api/postgresql/singleserver/configurations/list-by-server?view=rest-postgresql-singleserver-2017-12-01&tabs=HTTP" - ] - }, - "risk_details": "Configuring log_retention_days determines the duration in days that Azure Database for PostgreSQL retains log files. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Flexible Postgresql server psql-tumw from subscription Azure subscription 1 has log_retention disabled", - "metadata": { - "event_code": "postgresql_flexible_server_log_retention_days_greater_3", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Flexible Postgresql server psql-tumw from subscription Azure subscription 1 has log_retention disabled", - "status_id": 1, - "unmapped": { - "related_url": "https://docs.microsoft.com/en-us/azure/postgresql/howto-configure-server-parameters-using-portal", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Configuring this setting will result in logs being retained for the specified number of days. If this is configured on a high traffic server, the log may grow quickly to occupy a large amount of disk space. In this case you may want to set this to a lower number.", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.r3.az.nt.1", - "op.mon.3.az.nw.1" - ], - "CIS-2.0": [ - "4.3.6" - ], - "ProwlerThreatScore-1.0": [ - "3.2.2" - ], - "ISO27001-2022": [ - "A.8.15" - ], - "SOC2": [ - "cc_7_2", - "cc_7_3", - "cc_a_1_1", - "cc_c_1_2" - ], - "CIS-2.1": [ - "4.3.6" - ], - "CIS-3.0": [ - "5.2.4" - ], - "CCC": [ - "CCC.Logging.CN02.AR02" - ], - "NIS2": [ - "2.1.2.h", - "3.2.3.g", - "3.2.5", - "4.1.2.g", - "4.1.4", - "6.1.2.b", - "11.2.2.f", - "12.2.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Ensure log_retention_days on PostgreSQL Servers is set to an appropriate value.", - "title": "Ensure Server Parameter 'log_retention_days' is greater than 3 days for PostgreSQL Database Server", - "types": [], - "uid": "prowler-azure-postgresql_flexible_server_log_retention_days_greater_3-3bb71587-4549-4396-8898-9e15f062e665-Australia East-psql-tumw" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "Australia East", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw", - "name": "psql-tumw", - "resource_group": "rg-tumw", - "require_secure_transport": "ON", - "log_checkpoints": "ON", - "log_connections": "ON", - "log_disconnections": "ON", - "connection_throttling": "OFF", - "log_retention_days": null, - "firewall": [ - { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw/firewallRules/rule1", - "name": "rule1", - "start_ip": "0.0.0.0", - "end_ip": "255.255.255.255" - } - ], - "location": "Australia East" - } - }, - "group": { - "name": "postgresql" - }, - "labels": [], - "name": "psql-tumw", - "type": "PostgreSQL", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-tumw/providers/Microsoft.DBforPostgreSQL/flexibleServers/psql-tumw" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "Australia East" - }, - "remediation": { - "desc": "From Azure Portal 1. From Azure Home select the Portal Menu. 2. Go to Azure Database for PostgreSQL servers. 3. For each database, click on Server parameters. 4. Search for log_retention_days. 5. Input a value between 4 and 7 (inclusive) and click Save. From Azure CLI Use the below command to update log_retention_days configuration. az postgres server configuration set --resource-group -- server-name --name log_retention_days --value <4-7> From Powershell Use the below command to update log_retention_days configuration. Update-AzPostgreSqlConfiguration -ResourceGroupName - ServerName -Name log_retention_days -Value <4-7>", - "references": [ - "https://learn.microsoft.com/en-us/rest/api/postgresql/singleserver/configurations/list-by-server?view=rest-postgresql-singleserver-2017-12-01&tabs=HTTP" - ] - }, - "risk_details": "Configuring log_retention_days determines the duration in days that Azure Database for PostgreSQL retains log files. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Storage account stcfistoragecad63808 from subscription Azure subscription 1 has shared key access enabled.", - "metadata": { - "event_code": "storage_account_key_access_disabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Storage account stcfistoragecad63808 from subscription Azure subscription 1 has shared key access enabled.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/storage/common/shared-key-authorization-prevent", - "categories": [ - "e3" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CCC": [ - "CCC.ObjStor.CN02.AR02", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05" - ], - "CIS-4.0": [ - "10.3.1.3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Ensures that access to Azure Storage Accounts using account keys is disabled, enforcing the use of Microsoft Entra ID (formerly Azure AD) for authentication.", - "title": "Ensure allow storage account key access is disabled", - "types": [], - "uid": "prowler-azure-storage_account_key_access_disabled-3bb71587-4549-4396-8898-9e15f062e665-eastus-stcfistoragecad63808" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "eastus", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808", - "name": "stcfistoragecad63808", - "location": "eastus", - "resouce_group_name": "rg-cfi-storage", - "enable_https_traffic_only": true, - "infrastructure_encryption": null, - "allow_blob_public_access": false, - "network_rule_set": { - "bypass": "AzureServices", - "default_action": "Allow" - }, - "encryption_type": "Microsoft.Storage", - "minimum_tls_version": "TLS1_2", - "private_endpoint_connections": [], - "key_expiration_period_in_days": null, - "replication_settings": "Standard_GRS", - "allow_cross_tenant_replication": true, - "allow_shared_key_access": true, - "blob_properties": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808/blobServices/default", - "name": "default", - "type": "Microsoft.Storage/storageAccounts/blobServices", - "container_delete_retention_policy": { - "enabled": true, - "days": 7 - }, - "default_service_version": null, - "versioning_enabled": true - }, - "default_to_entra_authorization": false, - "file_service_properties": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808/fileServices/default", - "name": "default", - "type": "Microsoft.Storage/storageAccounts/fileServices", - "share_delete_retention_policy": { - "enabled": true, - "days": 7 - }, - "smb_protocol_settings": { - "channel_encryption": [], - "supported_versions": [] - } - } - } - }, - "group": { - "name": "storage" - }, - "labels": [], - "name": "stcfistoragecad63808", - "type": "AzureStorageAccount", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "eastus" - }, - "remediation": { - "desc": "Disable Shared Key authorization on storage accounts to enforce the use of Microsoft Entra ID for secure, auditable access.", - "references": [ - "https://learn.microsoft.com/en-us/azure/storage/common/shared-key-authorization-prevent" - ] - }, - "risk_details": "Using Shared Key authorization poses a security risk due to the high privileges associated with storage account keys and the difficulty in auditing such access. Disabling Shared Key access helps enforce identity-based authentication via Microsoft Entra ID, enhancing security and traceability.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Storage account stcfistoragecad63808 from subscription Azure subscription 1 has allow blob public access disabled.", - "metadata": { - "event_code": "storage_blob_public_access_level_is_disabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Storage account stcfistoragecad63808 from subscription Azure subscription 1 has allow blob public access disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.mon.3.r5.az.1" - ], - "MITRE-ATTACK": [ - "T1530" - ], - "CIS-2.0": [ - "3.7" - ], - "ProwlerThreatScore-1.0": [ - "2.2.6" - ], - "ISO27001-2022": [ - "A.8.1" - ], - "SOC2": [ - "cc_6_1" - ], - "CIS-2.1": [ - "3.7" - ], - "CIS-3.0": [ - "4.6" - ], - "CCC": [ - "CCC.AuditLog.CN04.AR01", - "CCC.AuditLog.CN10.AR01", - "CCC.AuditLog.CN10.AR02", - "CCC.Logging.CN05.AR01", - "CCC.Logging.CN05.AR02", - "CCC.ObjStor.CN02.AR01", - "CCC.ObjStor.CN02.AR02", - "CCC.MLDE.CN07.AR01", - "CCC.Core.CN05.AR03" - ], - "PCI-4.0": [ - "1.2.8.30", - "1.2.8.31", - "1.2.8.32", - "1.2.8.33", - "1.2.8.34", - "1.2.8.35", - "1.3.1.34", - "1.3.1.35", - "1.3.1.36", - "1.3.1.37", - "1.3.1.38", - "1.3.1.39", - "1.3.2.34", - "1.3.2.35", - "1.3.2.36", - "1.3.2.37", - "1.3.2.38", - "1.3.2.39", - "1.4.2.32", - "1.4.2.33", - "1.4.2.34", - "1.4.2.35", - "1.4.2.36", - "1.4.2.37", - "1.5.1.30", - "1.5.1.31", - "1.5.1.32", - "1.5.1.33", - "1.5.1.34", - "1.5.1.35", - "10.3.2.18", - "10.3.2.19", - "10.3.2.20", - "10.3.2.21", - "10.3.2.23", - "10.3.2.24", - "10.3.3.23", - "10.3.4.8", - "10.6.3.33", - "3.5.1.3.23", - "3.5.1.3.24", - "3.5.1.3.25", - "3.5.1.3.26", - "3.5.1.3.28", - "3.5.1.3.29", - "7.2.1.25", - "7.2.2.25", - "7.2.5.19", - "7.2.6.4", - "7.3.1.19", - "7.3.2.19", - "7.3.3.19", - "8.2.7.19", - "8.2.8.21", - "8.3.4.19", - "A1.1.2.14", - "A1.1.2.15", - "A1.1.2.16", - "A1.1.2.17", - "A1.1.2.19", - "A1.1.2.20", - "A1.1.3.30", - "A1.1.3.31", - "A1.1.3.32", - "A1.1.3.33", - "A1.1.3.34", - "A1.1.3.35", - "A1.2.1.31", - "A3.4.1.16", - "A3.4.1.17", - "A3.4.1.18", - "A3.4.1.19", - "A3.4.1.21", - "A3.4.1.22" - ], - "CIS-4.0": [ - "10.3.9", - "10.3.2.2" - ], - "NIS2": [ - "12.2.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Ensure that the 'Public access level' configuration setting is set to 'Private (no anonymous access)' for all blob containers in your storage account in order to block anonymous access to these Microsoft Azure resources.", - "title": "Ensure that the 'Public access level' is set to 'Private (no anonymous access)' for all blob containers in your storage account", - "types": [], - "uid": "prowler-azure-storage_blob_public_access_level_is_disabled-3bb71587-4549-4396-8898-9e15f062e665-eastus-stcfistoragecad63808" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "eastus", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808", - "name": "stcfistoragecad63808", - "location": "eastus", - "resouce_group_name": "rg-cfi-storage", - "enable_https_traffic_only": true, - "infrastructure_encryption": null, - "allow_blob_public_access": false, - "network_rule_set": { - "bypass": "AzureServices", - "default_action": "Allow" - }, - "encryption_type": "Microsoft.Storage", - "minimum_tls_version": "TLS1_2", - "private_endpoint_connections": [], - "key_expiration_period_in_days": null, - "replication_settings": "Standard_GRS", - "allow_cross_tenant_replication": true, - "allow_shared_key_access": true, - "blob_properties": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808/blobServices/default", - "name": "default", - "type": "Microsoft.Storage/storageAccounts/blobServices", - "container_delete_retention_policy": { - "enabled": true, - "days": 7 - }, - "default_service_version": null, - "versioning_enabled": true - }, - "default_to_entra_authorization": false, - "file_service_properties": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808/fileServices/default", - "name": "default", - "type": "Microsoft.Storage/storageAccounts/fileServices", - "share_delete_retention_policy": { - "enabled": true, - "days": 7 - }, - "smb_protocol_settings": { - "channel_encryption": [], - "supported_versions": [] - } - } - } - }, - "group": { - "name": "storage" - }, - "labels": [], - "name": "stcfistoragecad63808", - "type": "AzureStorageAccount", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "eastus" - }, - "remediation": { - "desc": "Set 'Public access level' configuration setting to 'Private (no anonymous access)'", - "references": [] - }, - "risk_details": "A user that accesses blob containers anonymously can use constructors that do not require credentials such as shared access signatures.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Storage account stcfistoragecad63808 from subscription Azure subscription 1 has blob versioning enabled.", - "metadata": { - "event_code": "storage_blob_versioning_is_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Storage account stcfistoragecad63808 from subscription Azure subscription 1 has blob versioning enabled.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/storage/blobs/versioning-enable", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CCC": [ - "CCC.ObjStor.CN03.AR01", - "CCC.ObjStor.CN04.AR01", - "CCC.ObjStor.CN05.AR01", - "CCC.ObjStor.CN05.AR02", - "CCC.ObjStor.CN05.AR03", - "CCC.ObjStor.CN05.AR04" - ], - "CIS-4.0": [ - "10.2.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Ensure that blob versioning is enabled on Azure Blob Storage accounts to automatically retain previous versions of objects.", - "title": "Ensure Blob Versioning is Enabled on Azure Blob Storage Accounts", - "types": [], - "uid": "prowler-azure-storage_blob_versioning_is_enabled-3bb71587-4549-4396-8898-9e15f062e665-eastus-stcfistoragecad63808" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "eastus", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808", - "name": "stcfistoragecad63808", - "location": "eastus", - "resouce_group_name": "rg-cfi-storage", - "enable_https_traffic_only": true, - "infrastructure_encryption": null, - "allow_blob_public_access": false, - "network_rule_set": { - "bypass": "AzureServices", - "default_action": "Allow" - }, - "encryption_type": "Microsoft.Storage", - "minimum_tls_version": "TLS1_2", - "private_endpoint_connections": [], - "key_expiration_period_in_days": null, - "replication_settings": "Standard_GRS", - "allow_cross_tenant_replication": true, - "allow_shared_key_access": true, - "blob_properties": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808/blobServices/default", - "name": "default", - "type": "Microsoft.Storage/storageAccounts/blobServices", - "container_delete_retention_policy": { - "enabled": true, - "days": 7 - }, - "default_service_version": null, - "versioning_enabled": true - }, - "default_to_entra_authorization": false, - "file_service_properties": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808/fileServices/default", - "name": "default", - "type": "Microsoft.Storage/storageAccounts/fileServices", - "share_delete_retention_policy": { - "enabled": true, - "days": 7 - }, - "smb_protocol_settings": { - "channel_encryption": [], - "supported_versions": [] - } - } - } - }, - "group": { - "name": "storage" - }, - "labels": [], - "name": "stcfistoragecad63808", - "type": "AzureStorageAccount", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "eastus" - }, - "remediation": { - "desc": "Enable blob versioning for all Azure Storage accounts that store critical or sensitive data.", - "references": [ - "https://learn.microsoft.com/en-us/azure/storage/blobs/versioning-enable" - ] - }, - "risk_details": "Without blob versioning, accidental or malicious changes to blobs cannot be easily recovered, leading to potential data loss.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Storage account stcfistoragecad63808 from subscription Azure subscription 1 has cross-tenant replication enabled.", - "metadata": { - "event_code": "storage_cross_tenant_replication_disabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Storage account stcfistoragecad63808 from subscription Azure subscription 1 has cross-tenant replication enabled.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/storage/blobs/object-replication-prevent-cross-tenant-policies?tabs=portal", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CCC": [ - "CCC.Core.CN10.AR01", - "CCC.Core.CN05.AR03" - ], - "CIS-4.0": [ - "10.3.8" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Ensure that cross-tenant replication is not enabled on Azure Storage Accounts to prevent unintended replication of data across tenant boundaries.", - "title": "Ensure cross-tenant replication is disabled", - "types": [], - "uid": "prowler-azure-storage_cross_tenant_replication_disabled-3bb71587-4549-4396-8898-9e15f062e665-eastus-stcfistoragecad63808" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "eastus", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808", - "name": "stcfistoragecad63808", - "location": "eastus", - "resouce_group_name": "rg-cfi-storage", - "enable_https_traffic_only": true, - "infrastructure_encryption": null, - "allow_blob_public_access": false, - "network_rule_set": { - "bypass": "AzureServices", - "default_action": "Allow" - }, - "encryption_type": "Microsoft.Storage", - "minimum_tls_version": "TLS1_2", - "private_endpoint_connections": [], - "key_expiration_period_in_days": null, - "replication_settings": "Standard_GRS", - "allow_cross_tenant_replication": true, - "allow_shared_key_access": true, - "blob_properties": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808/blobServices/default", - "name": "default", - "type": "Microsoft.Storage/storageAccounts/blobServices", - "container_delete_retention_policy": { - "enabled": true, - "days": 7 - }, - "default_service_version": null, - "versioning_enabled": true - }, - "default_to_entra_authorization": false, - "file_service_properties": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808/fileServices/default", - "name": "default", - "type": "Microsoft.Storage/storageAccounts/fileServices", - "share_delete_retention_policy": { - "enabled": true, - "days": 7 - }, - "smb_protocol_settings": { - "channel_encryption": [], - "supported_versions": [] - } - } - } - }, - "group": { - "name": "storage" - }, - "labels": [], - "name": "stcfistoragecad63808", - "type": "AzureStorageAccount", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "eastus" - }, - "remediation": { - "desc": "Disable Cross Tenant Replication on storage accounts to ensure that data remains within tenant boundaries unless explicitly shared, reducing the risk of data leakage and unauthorized access.", - "references": [ - "https://learn.microsoft.com/en-us/azure/storage/blobs/object-replication-prevent-cross-tenant-policies?tabs=portal" - ] - }, - "risk_details": "If cross-tenant replication is enabled, sensitive data could be inadvertently replicated across tenants, increasing the risk of data leakage, unauthorized access, or non-compliance with data governance and privacy policies.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Storage account stcfistoragecad63808 from subscription Azure subscription 1 has network access rule set to Allow.", - "metadata": { - "event_code": "storage_default_network_access_rule_is_denied", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Storage account stcfistoragecad63808 from subscription Azure subscription 1 has network access rule set to Allow.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "All allowed networks will need to be whitelisted on each specific network, creating administrative overhead. This may result in loss of network connectivity, so do not turn on for critical resources during business hours.", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.r4.az.sa.2" - ], - "CIS-2.0": [ - "3.8" - ], - "ProwlerThreatScore-1.0": [ - "2.2.7" - ], - "CIS-2.1": [ - "3.8" - ], - "CIS-3.0": [ - "4.7" - ], - "CCC": [ - "CCC.AuditLog.CN10.AR02", - "CCC.ObjStor.CN02.AR01", - "CCC.MLDE.CN07.AR01", - "CCC.MLDE.CN07.AR02", - "CCC.MLDE.CN08.AR01", - "CCC.MLDE.CN08.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04" - ], - "CIS-4.0": [ - "2.2.1.2", - "10.3.2.3" - ], - "NIS2": [ - "1.2.1", - "2.3.1", - "6.7.2.b", - "11.1.1", - "11.2.1", - "12.2.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Restricting default network access helps to provide a new layer of security, since storage accounts accept connections from clients on any network. To limit access toselected networks, the default action must be changed.", - "title": "Ensure Default Network Access Rule for Storage Accounts is Set to Deny", - "types": [], - "uid": "prowler-azure-storage_default_network_access_rule_is_denied-3bb71587-4549-4396-8898-9e15f062e665-eastus-stcfistoragecad63808" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "eastus", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808", - "name": "stcfistoragecad63808", - "location": "eastus", - "resouce_group_name": "rg-cfi-storage", - "enable_https_traffic_only": true, - "infrastructure_encryption": null, - "allow_blob_public_access": false, - "network_rule_set": { - "bypass": "AzureServices", - "default_action": "Allow" - }, - "encryption_type": "Microsoft.Storage", - "minimum_tls_version": "TLS1_2", - "private_endpoint_connections": [], - "key_expiration_period_in_days": null, - "replication_settings": "Standard_GRS", - "allow_cross_tenant_replication": true, - "allow_shared_key_access": true, - "blob_properties": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808/blobServices/default", - "name": "default", - "type": "Microsoft.Storage/storageAccounts/blobServices", - "container_delete_retention_policy": { - "enabled": true, - "days": 7 - }, - "default_service_version": null, - "versioning_enabled": true - }, - "default_to_entra_authorization": false, - "file_service_properties": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808/fileServices/default", - "name": "default", - "type": "Microsoft.Storage/storageAccounts/fileServices", - "share_delete_retention_policy": { - "enabled": true, - "days": 7 - }, - "smb_protocol_settings": { - "channel_encryption": [], - "supported_versions": [] - } - } - } - }, - "group": { - "name": "storage" - }, - "labels": [], - "name": "stcfistoragecad63808", - "type": "AzureStorageAccount", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "eastus" - }, - "remediation": { - "desc": "1. Go to Storage Accounts 2. For each storage account, Click on the Networking blade 3. Click the Firewalls and virtual networks heading. 4. Ensure that you have elected to allow access from Selected networks 5. Add rules to allow traffic from specific network. 6. Click Save to apply your changes.", - "references": [] - }, - "risk_details": "Storage accounts should be configured to deny access to traffic from all networks (including internet traffic). Access can be granted to traffic from specific Azure Virtualnetworks, allowing a secure network boundary for specific applications to be built.Access can also be granted to public internet IP address ranges to enable connectionsfrom specific internet or on-premises clients. When network rules are configured, onlyapplications from allowed networks can access a storage account. When calling from anallowed network, applications continue to require proper authorization (a valid accesskey or SAS token) to access the storage account.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Default to Microsoft Entra authorization is not enabled for storage account stcfistoragecad63808.", - "metadata": { - "event_code": "storage_default_to_entra_authorization_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Default to Microsoft Entra authorization is not enabled for storage account stcfistoragecad63808.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/storage/blobs/authorize-access-azure-active-directory", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CCC": [ - "CCC.ObjStor.CN02.AR02", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05" - ], - "CIS-4.0": [ - "10.3.3.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Ensure that the Azure Storage Account setting 'Default to Microsoft Entra authorization in the Azure portal' is enabled to enforce the use of Microsoft Entra ID for accessing blobs, files, queues, and tables.", - "title": "Ensure Microsoft Entra authorization is enabled by default for Azure Storage Accounts", - "types": [], - "uid": "prowler-azure-storage_default_to_entra_authorization_enabled-3bb71587-4549-4396-8898-9e15f062e665-eastus-stcfistoragecad63808" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "eastus", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808", - "name": "stcfistoragecad63808", - "location": "eastus", - "resouce_group_name": "rg-cfi-storage", - "enable_https_traffic_only": true, - "infrastructure_encryption": null, - "allow_blob_public_access": false, - "network_rule_set": { - "bypass": "AzureServices", - "default_action": "Allow" - }, - "encryption_type": "Microsoft.Storage", - "minimum_tls_version": "TLS1_2", - "private_endpoint_connections": [], - "key_expiration_period_in_days": null, - "replication_settings": "Standard_GRS", - "allow_cross_tenant_replication": true, - "allow_shared_key_access": true, - "blob_properties": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808/blobServices/default", - "name": "default", - "type": "Microsoft.Storage/storageAccounts/blobServices", - "container_delete_retention_policy": { - "enabled": true, - "days": 7 - }, - "default_service_version": null, - "versioning_enabled": true - }, - "default_to_entra_authorization": false, - "file_service_properties": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808/fileServices/default", - "name": "default", - "type": "Microsoft.Storage/storageAccounts/fileServices", - "share_delete_retention_policy": { - "enabled": true, - "days": 7 - }, - "smb_protocol_settings": { - "channel_encryption": [], - "supported_versions": [] - } - } - } - }, - "group": { - "name": "storage" - }, - "labels": [], - "name": "stcfistoragecad63808", - "type": "AzureStorageAccount", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "eastus" - }, - "remediation": { - "desc": "Enable Microsoft Entra authorization by default in the Azure portal to enhance security and avoid reliance on Shared Key authentication.", - "references": [ - "https://learn.microsoft.com/en-us/azure/storage/blobs/authorize-access-azure-active-directory" - ] - }, - "risk_details": "If this setting is not enabled, the Azure portal may authorize access using less secure methods such as Shared Key, increasing the risk of unauthorized data access.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Storage account stcfistoragecad63808 from subscription Azure subscription 1 allows trusted Microsoft services to access this storage account.", - "metadata": { - "event_code": "storage_ensure_azure_services_are_trusted_to_access_is_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Storage account stcfistoragecad63808 from subscription Azure subscription 1 allows trusted Microsoft services to access this storage account.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.info.6.r2.az.sa.1" - ], - "MITRE-ATTACK": [ - "T1530" - ], - "CIS-2.0": [ - "3.9" - ], - "ProwlerThreatScore-1.0": [ - "2.2.8" - ], - "ISO27001-2022": [ - "A.8.3" - ], - "CIS-2.1": [ - "3.9" - ], - "CIS-3.0": [ - "4.8" - ], - "CCC": [ - "CCC.MLDE.CN08.AR02", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05" - ], - "PCI-4.0": [ - "10.6.3.35", - "11.5.2.5", - "11.6.1.5", - "12.10.5.5", - "7.2.1.27", - "7.2.2.27", - "7.2.5.21", - "7.2.6.5", - "7.3.1.21", - "7.3.2.21", - "7.3.3.21", - "8.2.7.21", - "8.2.8.23", - "8.3.4.21", - "A3.3.1.8", - "A3.5.1.8" - ], - "CIS-4.0": [ - "10.3.5" - ], - "NIS2": [ - "12.2.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Ensure that 'Allow trusted Microsoft services to access this storage account' is enabled within your Azure Storage account configuration settings to grant access to trusted cloud services.", - "title": "Ensure that 'Allow trusted Microsoft services to access this storage account' is enabled for storage accounts", - "types": [], - "uid": "prowler-azure-storage_ensure_azure_services_are_trusted_to_access_is_enabled-3bb71587-4549-4396-8898-9e15f062e665-eastus-stcfistoragecad63808" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "eastus", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808", - "name": "stcfistoragecad63808", - "location": "eastus", - "resouce_group_name": "rg-cfi-storage", - "enable_https_traffic_only": true, - "infrastructure_encryption": null, - "allow_blob_public_access": false, - "network_rule_set": { - "bypass": "AzureServices", - "default_action": "Allow" - }, - "encryption_type": "Microsoft.Storage", - "minimum_tls_version": "TLS1_2", - "private_endpoint_connections": [], - "key_expiration_period_in_days": null, - "replication_settings": "Standard_GRS", - "allow_cross_tenant_replication": true, - "allow_shared_key_access": true, - "blob_properties": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808/blobServices/default", - "name": "default", - "type": "Microsoft.Storage/storageAccounts/blobServices", - "container_delete_retention_policy": { - "enabled": true, - "days": 7 - }, - "default_service_version": null, - "versioning_enabled": true - }, - "default_to_entra_authorization": false, - "file_service_properties": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808/fileServices/default", - "name": "default", - "type": "Microsoft.Storage/storageAccounts/fileServices", - "share_delete_retention_policy": { - "enabled": true, - "days": 7 - }, - "smb_protocol_settings": { - "channel_encryption": [], - "supported_versions": [] - } - } - } - }, - "group": { - "name": "storage" - }, - "labels": [], - "name": "stcfistoragecad63808", - "type": "AzureStorageAccount", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "eastus" - }, - "remediation": { - "desc": "To allow these Azure services to work as intended and be able to access your storage account resources, you have to add an exception so that the trusted Microsoft Azure services can bypass your network rules", - "references": [] - }, - "risk_details": "Not allowing to access storage account by Azure services the following services: Azure Backup, Azure Event Grid, Azure Site Recovery, Azure DevTest Labs, Azure Event Hubs, Azure Networking, Azure Monitor and Azure SQL Data Warehouse (when registered in the subscription), are not granted access to your storage account", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Storage account stcfistoragecad63808 from subscription Azure subscription 1 does not encrypt with CMKs.", - "metadata": { - "event_code": "storage_ensure_encryption_with_customer_managed_keys", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Storage account stcfistoragecad63808 from subscription Azure subscription 1 does not encrypt with CMKs.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.exp.10.az.kv.2" - ], - "MITRE-ATTACK": [ - "T1530" - ], - "CIS-2.0": [ - "3.12" - ], - "ProwlerThreatScore-1.0": [ - "4.2.1" - ], - "ISO27001-2022": [ - "A.8.5", - "A.8.11", - "A.8.24" - ], - "SOC2": [ - "cc_6_7", - "cc_7_5" - ], - "CIS-2.1": [ - "3.12" - ], - "CIS-3.0": [ - "4.11" - ], - "CCC": [ - "CCC.ObjStor.CN01.AR01", - "CCC.ObjStor.CN01.AR02", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.Core.CN13.AR02", - "CCC.Core.CN02.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04", - "CCC.Core.CN11.AR05" - ], - "PCI-4.0": [ - "3.5.1.34", - "8.3.2.53" - ], - "CIS-4.0": [ - "2.1.1.2.1" - ], - "NIS2": [ - "9.2.a", - "9.2.c.iv", - "12.2.2.a", - "12.2.2.b" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Ensure that your Microsoft Azure Storage accounts are using Customer Managed Keys (CMKs) instead of Microsoft Managed Keys", - "title": "Ensure that your Microsoft Azure Storage accounts are using Customer Managed Keys (CMKs) instead of Microsoft Managed Keys", - "types": [], - "uid": "prowler-azure-storage_ensure_encryption_with_customer_managed_keys-3bb71587-4549-4396-8898-9e15f062e665-eastus-stcfistoragecad63808" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "eastus", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808", - "name": "stcfistoragecad63808", - "location": "eastus", - "resouce_group_name": "rg-cfi-storage", - "enable_https_traffic_only": true, - "infrastructure_encryption": null, - "allow_blob_public_access": false, - "network_rule_set": { - "bypass": "AzureServices", - "default_action": "Allow" - }, - "encryption_type": "Microsoft.Storage", - "minimum_tls_version": "TLS1_2", - "private_endpoint_connections": [], - "key_expiration_period_in_days": null, - "replication_settings": "Standard_GRS", - "allow_cross_tenant_replication": true, - "allow_shared_key_access": true, - "blob_properties": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808/blobServices/default", - "name": "default", - "type": "Microsoft.Storage/storageAccounts/blobServices", - "container_delete_retention_policy": { - "enabled": true, - "days": 7 - }, - "default_service_version": null, - "versioning_enabled": true - }, - "default_to_entra_authorization": false, - "file_service_properties": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808/fileServices/default", - "name": "default", - "type": "Microsoft.Storage/storageAccounts/fileServices", - "share_delete_retention_policy": { - "enabled": true, - "days": 7 - }, - "smb_protocol_settings": { - "channel_encryption": [], - "supported_versions": [] - } - } - } - }, - "group": { - "name": "storage" - }, - "labels": [], - "name": "stcfistoragecad63808", - "type": "AzureStorageAccount", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "eastus" - }, - "remediation": { - "desc": "Enable sensitive data encryption at rest using Customer Managed Keys rather than Microsoft Managed keys.", - "references": [] - }, - "risk_details": "If you want to control and manage storage account contents encryption key yourself you must specify a customer-managed key", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "File share soft delete is enabled for storage account stcfistoragecad63808 with a retention period of 7 days.", - "metadata": { - "event_code": "storage_ensure_file_shares_soft_delete_is_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "File share soft delete is enabled for storage account stcfistoragecad63808 with a retention period of 7 days.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/storage/files/storage-files-prevent-file-share-deletion?tabs=azure-portal", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CCC": [ - "CCC.ObjStor.CN04.AR01", - "CCC.ObjStor.CN04.AR02" - ], - "CIS-4.0": [ - "10.1.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Ensure that soft delete is enabled for Azure File Shares to protect against accidental or malicious deletion of important data. This feature allows deleted file shares to be retained for a specified period, during which they can be recovered before permanent deletion occurs.", - "title": "Ensure soft delete for Azure File Shares is enabled", - "types": [], - "uid": "prowler-azure-storage_ensure_file_shares_soft_delete_is_enabled-3bb71587-4549-4396-8898-9e15f062e665-eastus-stcfistoragecad63808" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "eastus", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808/fileServices/default", - "name": "default", - "type": "Microsoft.Storage/storageAccounts/fileServices", - "share_delete_retention_policy": { - "enabled": true, - "days": 7 - }, - "smb_protocol_settings": { - "channel_encryption": [], - "supported_versions": [] - } - } - }, - "group": { - "name": "storage" - }, - "labels": [], - "name": "stcfistoragecad63808", - "type": "AzureStorageAccount", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808/fileServices/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "eastus" - }, - "remediation": { - "desc": "Enable soft delete for file shares on your Azure Storage Account to allow recovery of deleted shares within a configured retention period.", - "references": [ - "https://learn.microsoft.com/en-us/azure/storage/files/storage-files-prevent-file-share-deletion?tabs=azure-portal" - ] - }, - "risk_details": "Without soft delete enabled, accidental or malicious deletions of file shares result in permanent data loss, making recovery impossible unless a separate backup mechanism is in place.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Storage account stcfistoragecad63808 from subscription Azure subscription 1 has TLS version set to 1.2.", - "metadata": { - "event_code": "storage_ensure_minimum_tls_version_12", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Storage account stcfistoragecad63808 from subscription Azure subscription 1 has TLS version set to 1.2.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.com.3.r2.az.tls.3" - ], - "MITRE-ATTACK": [ - "T1040" - ], - "CIS-2.0": [ - "3.15" - ], - "ProwlerThreatScore-1.0": [ - "4.1.3" - ], - "SOC2": [ - "cc_6_6" - ], - "CIS-2.1": [ - "3.15" - ], - "CIS-3.0": [ - "4.15" - ], - "CCC": [ - "CCC.Core.CN01.AR01", - "CCC.Core.CN01.AR02", - "CCC.Core.CN01.AR03", - "CCC.Core.CN01.AR07", - "CCC.Core.CN11.AR01" - ], - "CIS-4.0": [ - "10.3.7" - ], - "NIS2": [ - "6.7.2.i", - "6.7.2.l", - "12.2.2.a", - "12.2.2.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Ensure the 'Minimum TLS version' for storage accounts is set to 'Version 1.2'", - "title": "Ensure the 'Minimum TLS version' for storage accounts is set to 'Version 1.2'", - "types": [], - "uid": "prowler-azure-storage_ensure_minimum_tls_version_12-3bb71587-4549-4396-8898-9e15f062e665-eastus-stcfistoragecad63808" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "eastus", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808", - "name": "stcfistoragecad63808", - "location": "eastus", - "resouce_group_name": "rg-cfi-storage", - "enable_https_traffic_only": true, - "infrastructure_encryption": null, - "allow_blob_public_access": false, - "network_rule_set": { - "bypass": "AzureServices", - "default_action": "Allow" - }, - "encryption_type": "Microsoft.Storage", - "minimum_tls_version": "TLS1_2", - "private_endpoint_connections": [], - "key_expiration_period_in_days": null, - "replication_settings": "Standard_GRS", - "allow_cross_tenant_replication": true, - "allow_shared_key_access": true, - "blob_properties": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808/blobServices/default", - "name": "default", - "type": "Microsoft.Storage/storageAccounts/blobServices", - "container_delete_retention_policy": { - "enabled": true, - "days": 7 - }, - "default_service_version": null, - "versioning_enabled": true - }, - "default_to_entra_authorization": false, - "file_service_properties": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808/fileServices/default", - "name": "default", - "type": "Microsoft.Storage/storageAccounts/fileServices", - "share_delete_retention_policy": { - "enabled": true, - "days": 7 - }, - "smb_protocol_settings": { - "channel_encryption": [], - "supported_versions": [] - } - } - } - }, - "group": { - "name": "storage" - }, - "labels": [], - "name": "stcfistoragecad63808", - "type": "AzureStorageAccount", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "eastus" - }, - "remediation": { - "desc": "Ensure that all your Microsoft Azure Storage accounts are using the latest available version of the TLS protocol.", - "references": [ - "https://www.trendmicro.com/cloudoneconformity/knowledge-base/azure/StorageAccounts/minimum-tls-version.html" - ] - }, - "risk_details": "TLS versions 1.0 and 1.1 are known to be susceptible to certain Common Vulnerabilities and Exposures (CVE) weaknesses and attacks such as POODLE and BEAST", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Storage account stcfistoragecad63808 from subscription Azure subscription 1 does not have private endpoint connections.", - "metadata": { - "event_code": "storage_ensure_private_endpoints_in_storage_accounts", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Storage account stcfistoragecad63808 from subscription Azure subscription 1 does not have private endpoint connections.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/storage/common/storage-private-endpoints", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.com.4.r2..az.sa.1" - ], - "MITRE-ATTACK": [ - "T1530" - ], - "CIS-2.0": [ - "3.10" - ], - "ProwlerThreatScore-1.0": [ - "2.2.9" - ], - "ISO27001-2022": [ - "A.8.14" - ], - "SOC2": [ - "cc_3_3" - ], - "CIS-2.1": [ - "3.10" - ], - "CIS-3.0": [ - "4.9" - ], - "CCC": [ - "CCC.AuditLog.CN10.AR01", - "CCC.AuditLog.CN10.AR02", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN02.AR01", - "CCC.ObjStor.CN02.AR02", - "CCC.MLDE.CN07.AR01", - "CCC.MLDE.CN07.AR02", - "CCC.MLDE.CN08.AR01", - "CCC.MLDE.CN08.AR02", - "CCC.Core.CN06.AR01", - "CCC.Core.CN10.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR05" - ], - "CIS-4.0": [ - "2.2.2.1", - "10.3.2.1" - ], - "NIS2": [ - "1.1.1.a", - "1.1.1.c", - "6.7.2.i", - "6.7.2.l", - "11.2.2.d", - "12.2.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Use private endpoints for your Azure Storage accounts to allow clients and services to securely access data located over a network via an encrypted Private Link. To do this, the private endpoint uses an IP address from the VNet for each service. Network traffic between disparate services securely traverses encrypted over the VNet. This VNet can also link addressing space, extending your network and accessing resources on it. Similarly, it can be a tunnel through public networks to connect remote infrastructures together. This creates further security through segmenting network traffic and preventing outside sources from accessing it.", - "title": "Ensure Private Endpoints are used to access Storage Accounts", - "types": [], - "uid": "prowler-azure-storage_ensure_private_endpoints_in_storage_accounts-3bb71587-4549-4396-8898-9e15f062e665-eastus-stcfistoragecad63808" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "eastus", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808", - "name": "stcfistoragecad63808", - "location": "eastus", - "resouce_group_name": "rg-cfi-storage", - "enable_https_traffic_only": true, - "infrastructure_encryption": null, - "allow_blob_public_access": false, - "network_rule_set": { - "bypass": "AzureServices", - "default_action": "Allow" - }, - "encryption_type": "Microsoft.Storage", - "minimum_tls_version": "TLS1_2", - "private_endpoint_connections": [], - "key_expiration_period_in_days": null, - "replication_settings": "Standard_GRS", - "allow_cross_tenant_replication": true, - "allow_shared_key_access": true, - "blob_properties": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808/blobServices/default", - "name": "default", - "type": "Microsoft.Storage/storageAccounts/blobServices", - "container_delete_retention_policy": { - "enabled": true, - "days": 7 - }, - "default_service_version": null, - "versioning_enabled": true - }, - "default_to_entra_authorization": false, - "file_service_properties": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808/fileServices/default", - "name": "default", - "type": "Microsoft.Storage/storageAccounts/fileServices", - "share_delete_retention_policy": { - "enabled": true, - "days": 7 - }, - "smb_protocol_settings": { - "channel_encryption": [], - "supported_versions": [] - } - } - } - }, - "group": { - "name": "storage" - }, - "labels": [], - "name": "stcfistoragecad63808", - "type": "AzureStorageAccount", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "eastus" - }, - "remediation": { - "desc": "Use Private Endpoints to access Storage Accounts", - "references": [ - "https://docs.microsoft.com/en-us/azure/storage/common/storage-private-endpoints" - ] - }, - "risk_details": "Storage accounts that are not configured to use Private Endpoints are accessible over the public internet. This can lead to data exfiltration and other security issues.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Storage account stcfistoragecad63808 from subscription Azure subscription 1 has soft delete enabled.", - "metadata": { - "event_code": "storage_ensure_soft_delete_is_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Storage account stcfistoragecad63808 from subscription Azure subscription 1 has soft delete enabled.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/storage/blobs/soft-delete-blob-enable?tabs=azure-portal", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Additional storage costs may be incurred as snapshots are retained.", - "compliance": { - "MITRE-ATTACK": [ - "T1485" - ], - "CIS-2.0": [ - "3.11" - ], - "ISO27001-2022": [ - "A.8.10" - ], - "SOC2": [ - "cc_7_4", - "cc_c_1_1", - "cc_c_1_2" - ], - "CIS-2.1": [ - "3.11" - ], - "CIS-3.0": [ - "4.10" - ], - "CCC": [ - "CCC.AuditLog.CN06.AR01", - "CCC.AuditLog.CN08.AR01", - "CCC.ObjStor.CN03.AR01", - "CCC.ObjStor.CN04.AR01", - "CCC.ObjStor.CN04.AR02" - ], - "PCI-4.0": [ - "10.3.2.22", - "3.5.1.3.27", - "8.4.1.5", - "8.4.2.5", - "8.4.3.5", - "A1.1.2.18", - "A3.4.1.20" - ], - "CIS-4.0": [ - "10.2.1", - "10.3.6" - ], - "NIS2": [ - "4.2.2.f", - "12.2.2.a", - "12.2.2.b" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "The Azure Storage blobs contain data like ePHI or Financial, which can be secret or personal. Data that is erroneously modified or deleted by an application or other storage account user will cause data loss or unavailability.", - "title": "Ensure Soft Delete is Enabled for Azure Containers and Blob Storage", - "types": [], - "uid": "prowler-azure-storage_ensure_soft_delete_is_enabled-3bb71587-4549-4396-8898-9e15f062e665-eastus-stcfistoragecad63808" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "eastus", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808", - "name": "stcfistoragecad63808", - "location": "eastus", - "resouce_group_name": "rg-cfi-storage", - "enable_https_traffic_only": true, - "infrastructure_encryption": null, - "allow_blob_public_access": false, - "network_rule_set": { - "bypass": "AzureServices", - "default_action": "Allow" - }, - "encryption_type": "Microsoft.Storage", - "minimum_tls_version": "TLS1_2", - "private_endpoint_connections": [], - "key_expiration_period_in_days": null, - "replication_settings": "Standard_GRS", - "allow_cross_tenant_replication": true, - "allow_shared_key_access": true, - "blob_properties": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808/blobServices/default", - "name": "default", - "type": "Microsoft.Storage/storageAccounts/blobServices", - "container_delete_retention_policy": { - "enabled": true, - "days": 7 - }, - "default_service_version": null, - "versioning_enabled": true - }, - "default_to_entra_authorization": false, - "file_service_properties": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808/fileServices/default", - "name": "default", - "type": "Microsoft.Storage/storageAccounts/fileServices", - "share_delete_retention_policy": { - "enabled": true, - "days": 7 - }, - "smb_protocol_settings": { - "channel_encryption": [], - "supported_versions": [] - } - } - } - }, - "group": { - "name": "storage" - }, - "labels": [], - "name": "stcfistoragecad63808", - "type": "AzureStorageAccount", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "eastus" - }, - "remediation": { - "desc": "From the Azure home page, open the hamburger menu in the top left or click on the arrow pointing right with 'More services' underneath. 2. Select Storage. 3. Select Storage Accounts. 4. For each Storage Account, navigate to Data protection in the left scroll column. 5. Check soft delete for both blobs and containers. Set the retention period to a sufficient length for your organization", - "references": [ - "https://docs.microsoft.com/en-us/azure/storage/blobs/storage-blob-soft-delete" - ] - }, - "risk_details": "Containers and Blob Storage data can be incorrectly deleted. An attacker/malicious user may do this deliberately in order to cause disruption. Deleting an Azure Storage blob causes immediate data loss. Enabling this configuration for Azure storage ensures that even if blobs/data were deleted from the storage account, Blobs/data objects are recoverable for a particular time which is set in the Retention policies ranging from 7 days to 365 days.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Storage account stcfistoragecad63808 from subscription Azure subscription 1 has Geo-redundant storage Standard_GRS enabled.", - "metadata": { - "event_code": "storage_geo_redundant_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Storage account stcfistoragecad63808 from subscription Azure subscription 1 has Geo-redundant storage Standard_GRS enabled.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/storage/common/storage-redundancy", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CCC": [ - "CCC.Logging.CN05.AR02", - "CCC.Core.CN08.AR01", - "CCC.Core.CN08.AR02" - ], - "CIS-4.0": [ - "10.3.12" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Geo-redundant storage (GRS) must be enabled on critical Azure Storage Accounts to ensure data durability and availability in the event of a regional outage. GRS replicates data within the primary region and asynchronously to a secondary region, offering enhanced resilience and supporting disaster recovery strategies.", - "title": "Ensure geo-redundant storage (GRS) is enabled on critical Azure Storage Accounts", - "types": [], - "uid": "prowler-azure-storage_geo_redundant_enabled-3bb71587-4549-4396-8898-9e15f062e665-eastus-stcfistoragecad63808" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "eastus", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808", - "name": "stcfistoragecad63808", - "location": "eastus", - "resouce_group_name": "rg-cfi-storage", - "enable_https_traffic_only": true, - "infrastructure_encryption": null, - "allow_blob_public_access": false, - "network_rule_set": { - "bypass": "AzureServices", - "default_action": "Allow" - }, - "encryption_type": "Microsoft.Storage", - "minimum_tls_version": "TLS1_2", - "private_endpoint_connections": [], - "key_expiration_period_in_days": null, - "replication_settings": "Standard_GRS", - "allow_cross_tenant_replication": true, - "allow_shared_key_access": true, - "blob_properties": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808/blobServices/default", - "name": "default", - "type": "Microsoft.Storage/storageAccounts/blobServices", - "container_delete_retention_policy": { - "enabled": true, - "days": 7 - }, - "default_service_version": null, - "versioning_enabled": true - }, - "default_to_entra_authorization": false, - "file_service_properties": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808/fileServices/default", - "name": "default", - "type": "Microsoft.Storage/storageAccounts/fileServices", - "share_delete_retention_policy": { - "enabled": true, - "days": 7 - }, - "smb_protocol_settings": { - "channel_encryption": [], - "supported_versions": [] - } - } - } - }, - "group": { - "name": "storage" - }, - "labels": [], - "name": "stcfistoragecad63808", - "type": "AzureStorageAccount", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "eastus" - }, - "remediation": { - "desc": "Enable geo-redundant storage (GRS) for critical Azure Storage Accounts to ensure data durability and availability across regional failures.", - "references": [ - "https://learn.microsoft.com/en-us/azure/storage/common/storage-redundancy" - ] - }, - "risk_details": "Without GRS, critical data may be lost or become unavailable during a regional outage, compromising data durability and disaster recovery efforts.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Storage account stcfistoragecad63808 from subscription Azure subscription 1 has infrastructure encryption disabled.", - "metadata": { - "event_code": "storage_infrastructure_encryption_is_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "Storage account stcfistoragecad63808 from subscription Azure subscription 1 has infrastructure encryption disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.exp.10.az.kv.2" - ], - "MITRE-ATTACK": [ - "T1530" - ], - "CIS-2.0": [ - "3.2" - ], - "ISO27001-2022": [ - "A.8.5", - "A.8.11", - "A.8.24" - ], - "SOC2": [ - "cc_6_7", - "cc_7_5" - ], - "CIS-2.1": [ - "3.2" - ], - "CIS-3.0": [ - "4.3" - ], - "CCC": [ - "CCC.Core.CN02.AR01" - ], - "PCI-4.0": [ - "3.5.1.22", - "8.3.2.37" - ], - "CIS-4.0": [ - "10.3.1.1" - ], - "NIS2": [ - "9.2.a", - "12.2.2.a", - "12.2.2.b" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Ensure that 'Enable Infrastructure Encryption' for Each Storage Account in Azure Storage is Set to 'enabled' ", - "title": "Ensure that 'Enable Infrastructure Encryption' for Each Storage Account in Azure Storage is Set to 'enabled' ", - "types": [], - "uid": "prowler-azure-storage_infrastructure_encryption_is_enabled-3bb71587-4549-4396-8898-9e15f062e665-eastus-stcfistoragecad63808" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "eastus", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808", - "name": "stcfistoragecad63808", - "location": "eastus", - "resouce_group_name": "rg-cfi-storage", - "enable_https_traffic_only": true, - "infrastructure_encryption": null, - "allow_blob_public_access": false, - "network_rule_set": { - "bypass": "AzureServices", - "default_action": "Allow" - }, - "encryption_type": "Microsoft.Storage", - "minimum_tls_version": "TLS1_2", - "private_endpoint_connections": [], - "key_expiration_period_in_days": null, - "replication_settings": "Standard_GRS", - "allow_cross_tenant_replication": true, - "allow_shared_key_access": true, - "blob_properties": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808/blobServices/default", - "name": "default", - "type": "Microsoft.Storage/storageAccounts/blobServices", - "container_delete_retention_policy": { - "enabled": true, - "days": 7 - }, - "default_service_version": null, - "versioning_enabled": true - }, - "default_to_entra_authorization": false, - "file_service_properties": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808/fileServices/default", - "name": "default", - "type": "Microsoft.Storage/storageAccounts/fileServices", - "share_delete_retention_policy": { - "enabled": true, - "days": 7 - }, - "smb_protocol_settings": { - "channel_encryption": [], - "supported_versions": [] - } - } - } - }, - "group": { - "name": "storage" - }, - "labels": [], - "name": "stcfistoragecad63808", - "type": "AzureRole", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "eastus" - }, - "remediation": { - "desc": "Enabling double encryption at the hardware level on top of the default software encryption for Storage Accounts accessing Azure storage solutions.", - "references": [] - }, - "risk_details": "Double encryption of Azure Storage data protects against a scenario where one of the encryption algorithms or keys may be compromised", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Storage account stcfistoragecad63808 from subscription Azure subscription 1 has no key expiration period set.", - "metadata": { - "event_code": "storage_key_rotation_90_days", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Storage account stcfistoragecad63808 from subscription Azure subscription 1 has no key expiration period set.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/storage/common/storage-account-keys-manage?tabs=azure-portal", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r1.az.eid.2" - ], - "CIS-2.0": [ - "3.4" - ], - "CIS-2.1": [ - "3.4" - ], - "CIS-3.0": [ - "4.4" - ], - "CCC": [ - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR05" - ], - "CIS-4.0": [ - "10.3.1.2" - ], - "NIS2": [ - "9.2.c.iii", - "9.2.c.iv", - "11.6.2.c", - "12.2.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Ensure that Storage Account Access Keys are Periodically Regenerated", - "title": "Ensure that Storage Account Access Keys are Periodically Regenerated", - "types": [], - "uid": "prowler-azure-storage_key_rotation_90_days-3bb71587-4549-4396-8898-9e15f062e665-eastus-stcfistoragecad63808" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "eastus", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808", - "name": "stcfistoragecad63808", - "location": "eastus", - "resouce_group_name": "rg-cfi-storage", - "enable_https_traffic_only": true, - "infrastructure_encryption": null, - "allow_blob_public_access": false, - "network_rule_set": { - "bypass": "AzureServices", - "default_action": "Allow" - }, - "encryption_type": "Microsoft.Storage", - "minimum_tls_version": "TLS1_2", - "private_endpoint_connections": [], - "key_expiration_period_in_days": null, - "replication_settings": "Standard_GRS", - "allow_cross_tenant_replication": true, - "allow_shared_key_access": true, - "blob_properties": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808/blobServices/default", - "name": "default", - "type": "Microsoft.Storage/storageAccounts/blobServices", - "container_delete_retention_policy": { - "enabled": true, - "days": 7 - }, - "default_service_version": null, - "versioning_enabled": true - }, - "default_to_entra_authorization": false, - "file_service_properties": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808/fileServices/default", - "name": "default", - "type": "Microsoft.Storage/storageAccounts/fileServices", - "share_delete_retention_policy": { - "enabled": true, - "days": 7 - }, - "smb_protocol_settings": { - "channel_encryption": [], - "supported_versions": [] - } - } - } - }, - "group": { - "name": "storage" - }, - "labels": [], - "name": "stcfistoragecad63808", - "type": "AzureStorageAccount", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "eastus" - }, - "remediation": { - "desc": "Ensure that Azure Storage account access keys are regenerated every 90 days in order to decrease the likelihood of accidental exposures and protect your storage account resources against unauthorized access.", - "references": [ - "https://learn.microsoft.com/en-us/azure/storage/common/storage-account-create?tabs=azure-portal#regenerate-storage-access-keys" - ] - }, - "risk_details": "If the access keys are not regenerated periodically, the likelihood of accidental exposures increases, which can lead to unauthorized access to your storage account resources.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Storage account stcfistoragecad63808 from subscription Azure subscription 1 has secure transfer required enabled.", - "metadata": { - "event_code": "storage_secure_transfer_required_is_enabled", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Storage account stcfistoragecad63808 from subscription Azure subscription 1 has secure transfer required enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.com.3.az.sa.1" - ], - "MITRE-ATTACK": [ - "T1040" - ], - "CIS-2.0": [ - "3.1" - ], - "ISO27001-2022": [ - "A.8.12", - "A.8.14", - "A.8.24" - ], - "SOC2": [ - "cc_6_2", - "cc_6_7" - ], - "CIS-2.1": [ - "3.1" - ], - "CIS-3.0": [ - "4.1" - ], - "CCC": [ - "CCC.Core.CN01.AR01", - "CCC.Core.CN01.AR02", - "CCC.Core.CN01.AR03", - "CCC.Core.CN01.AR07", - "CCC.Core.CN11.AR01", - "CCC.Core.CN05.AR04" - ], - "PCI-4.0": [ - "1.2.5.15", - "2.2.5.15", - "2.2.7.19", - "3.5.1.30", - "4.2.1.1.27", - "4.2.1.19", - "8.3.2.48", - "8.3.2.49" - ], - "CIS-4.0": [ - "10.3.4" - ], - "NIS2": [ - "6.7.2.i", - "6.7.2.l", - "9.2.a", - "12.2.2.a", - "12.2.2.b", - "12.2.2.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Ensure that all data transferred between clients and your Azure Storage account is encrypted using the HTTPS protocol.", - "title": "Ensure that all data transferred between clients and your Azure Storage account is encrypted using the HTTPS protocol.", - "types": [], - "uid": "prowler-azure-storage_secure_transfer_required_is_enabled-3bb71587-4549-4396-8898-9e15f062e665-eastus-stcfistoragecad63808" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "eastus", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808", - "name": "stcfistoragecad63808", - "location": "eastus", - "resouce_group_name": "rg-cfi-storage", - "enable_https_traffic_only": true, - "infrastructure_encryption": null, - "allow_blob_public_access": false, - "network_rule_set": { - "bypass": "AzureServices", - "default_action": "Allow" - }, - "encryption_type": "Microsoft.Storage", - "minimum_tls_version": "TLS1_2", - "private_endpoint_connections": [], - "key_expiration_period_in_days": null, - "replication_settings": "Standard_GRS", - "allow_cross_tenant_replication": true, - "allow_shared_key_access": true, - "blob_properties": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808/blobServices/default", - "name": "default", - "type": "Microsoft.Storage/storageAccounts/blobServices", - "container_delete_retention_policy": { - "enabled": true, - "days": 7 - }, - "default_service_version": null, - "versioning_enabled": true - }, - "default_to_entra_authorization": false, - "file_service_properties": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808/fileServices/default", - "name": "default", - "type": "Microsoft.Storage/storageAccounts/fileServices", - "share_delete_retention_policy": { - "enabled": true, - "days": 7 - }, - "smb_protocol_settings": { - "channel_encryption": [], - "supported_versions": [] - } - } - } - }, - "group": { - "name": "storage" - }, - "labels": [], - "name": "stcfistoragecad63808", - "type": "AzureStorageAccount", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "eastus" - }, - "remediation": { - "desc": "Enable data encryption in transit.", - "references": [] - }, - "risk_details": "Requests to the storage account sent outside of a secure connection can be eavesdropped", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Storage account stcfistoragecad63808 from subscription Azure subscription 1 does not have SMB channel encryption enabled for file shares.", - "metadata": { - "event_code": "storage_smb_channel_encryption_with_secure_algorithm", - "product": { - "name": "Prowler (complete)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Storage account stcfistoragecad63808 from subscription Azure subscription 1 does not have SMB channel encryption enabled for file shares.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/well-architected/service-guides/azure-files#recommendations-for-smb-file-shares", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "This check passes if SMB channel encryption is set to a secure algorithm.", - "compliance": { - "CCC": [ - "CCC.Core.CN01.AR07", - "CCC.Core.CN11.AR01" - ], - "CIS-4.0": [ - "10.1.3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Implement SMB channel encryption with a secure algorithm for SMB file shares to ensure data confidentiality and integrity in transit.", - "title": "Ensure SMB channel encryption uses a secure algorithm for SMB file shares", - "types": [], - "uid": "prowler-azure-storage_smb_channel_encryption_with_secure_algorithm-3bb71587-4549-4396-8898-9e15f062e665-global-stcfistoragecad63808" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808/fileServices/default", - "name": "default", - "type": "Microsoft.Storage/storageAccounts/fileServices", - "share_delete_retention_policy": { - "enabled": true, - "days": 7 - }, - "smb_protocol_settings": { - "channel_encryption": [], - "supported_versions": [] - } - } - }, - "group": { - "name": "storage" - }, - "labels": [], - "name": "stcfistoragecad63808", - "type": "AzureStorageAccount", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808/fileServices/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "Use the portal, CLI or PowerShell to set the SMB channel encryption to a secure algorithm.", - "references": [ - "https://learn.microsoft.com/en-us/azure/storage/files/files-smb-protocol?tabs=azure-portal#smb-security-settings" - ] - }, - "risk_details": "Not using the recommended SMB channel encryption may expose data transmitted over SMB channels to unauthorized interception and tampering.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - } -] diff --git a/website/src/data/test-results/for-osff/secure-azure-storage/results/secure-azure-storage-delta.ocsf.json b/website/src/data/test-results/for-osff/secure-azure-storage/results/secure-azure-storage-delta.ocsf.json deleted file mode 100644 index ac0982a7..00000000 --- a/website/src/data/test-results/for-osff/secure-azure-storage/results/secure-azure-storage-delta.ocsf.json +++ /dev/null @@ -1,2804 +0,0 @@ -[ - { - "message": "Storage account stcfistoragecad63808 from subscription Azure subscription 1 has shared key access enabled.", - "metadata": { - "event_code": "storage_account_key_access_disabled", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Storage account stcfistoragecad63808 from subscription Azure subscription 1 has shared key access enabled.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/storage/common/shared-key-authorization-prevent", - "categories": [ - "e3" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CCC": [ - "CCC.ObjStor.CN02.AR02", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05" - ], - "CIS-4.0": [ - "10.3.1.3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Ensures that access to Azure Storage Accounts using account keys is disabled, enforcing the use of Microsoft Entra ID (formerly Azure AD) for authentication.", - "title": "Ensure allow storage account key access is disabled", - "types": [], - "uid": "prowler-azure-storage_account_key_access_disabled-3bb71587-4549-4396-8898-9e15f062e665-eastus-stcfistoragecad63808" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "eastus", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808", - "name": "stcfistoragecad63808", - "location": "eastus", - "resouce_group_name": "rg-cfi-storage", - "enable_https_traffic_only": true, - "infrastructure_encryption": null, - "allow_blob_public_access": false, - "network_rule_set": { - "bypass": "AzureServices", - "default_action": "Allow" - }, - "encryption_type": "Microsoft.Storage", - "minimum_tls_version": "TLS1_2", - "private_endpoint_connections": [], - "key_expiration_period_in_days": null, - "replication_settings": "Standard_GRS", - "allow_cross_tenant_replication": true, - "allow_shared_key_access": true, - "blob_properties": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808/blobServices/default", - "name": "default", - "type": "Microsoft.Storage/storageAccounts/blobServices", - "container_delete_retention_policy": { - "enabled": true, - "days": 7 - }, - "default_service_version": null, - "versioning_enabled": true - }, - "default_to_entra_authorization": false, - "file_service_properties": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808/fileServices/default", - "name": "default", - "type": "Microsoft.Storage/storageAccounts/fileServices", - "share_delete_retention_policy": { - "enabled": true, - "days": 7 - }, - "smb_protocol_settings": { - "channel_encryption": [], - "supported_versions": [] - } - } - } - }, - "group": { - "name": "storage" - }, - "labels": [], - "name": "stcfistoragecad63808", - "type": "AzureStorageAccount", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "eastus" - }, - "remediation": { - "desc": "Disable Shared Key authorization on storage accounts to enforce the use of Microsoft Entra ID for secure, auditable access.", - "references": [ - "https://learn.microsoft.com/en-us/azure/storage/common/shared-key-authorization-prevent" - ] - }, - "risk_details": "Using Shared Key authorization poses a security risk due to the high privileges associated with storage account keys and the difficulty in auditing such access. Disabling Shared Key access helps enforce identity-based authentication via Microsoft Entra ID, enhancing security and traceability.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Storage account stcfistoragecad63808 from subscription Azure subscription 1 has allow blob public access disabled.", - "metadata": { - "event_code": "storage_blob_public_access_level_is_disabled", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Storage account stcfistoragecad63808 from subscription Azure subscription 1 has allow blob public access disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.mon.3.r5.az.1" - ], - "MITRE-ATTACK": [ - "T1530" - ], - "CIS-2.0": [ - "3.7" - ], - "ProwlerThreatScore-1.0": [ - "2.2.6" - ], - "ISO27001-2022": [ - "A.8.1" - ], - "SOC2": [ - "cc_6_1" - ], - "CIS-2.1": [ - "3.7" - ], - "CIS-3.0": [ - "4.6" - ], - "CCC": [ - "CCC.AuditLog.CN04.AR01", - "CCC.AuditLog.CN10.AR01", - "CCC.AuditLog.CN10.AR02", - "CCC.Logging.CN05.AR01", - "CCC.Logging.CN05.AR02", - "CCC.ObjStor.CN02.AR01", - "CCC.ObjStor.CN02.AR02", - "CCC.MLDE.CN07.AR01", - "CCC.Core.CN05.AR03" - ], - "PCI-4.0": [ - "1.2.8.30", - "1.2.8.31", - "1.2.8.32", - "1.2.8.33", - "1.2.8.34", - "1.2.8.35", - "1.3.1.34", - "1.3.1.35", - "1.3.1.36", - "1.3.1.37", - "1.3.1.38", - "1.3.1.39", - "1.3.2.34", - "1.3.2.35", - "1.3.2.36", - "1.3.2.37", - "1.3.2.38", - "1.3.2.39", - "1.4.2.32", - "1.4.2.33", - "1.4.2.34", - "1.4.2.35", - "1.4.2.36", - "1.4.2.37", - "1.5.1.30", - "1.5.1.31", - "1.5.1.32", - "1.5.1.33", - "1.5.1.34", - "1.5.1.35", - "10.3.2.18", - "10.3.2.19", - "10.3.2.20", - "10.3.2.21", - "10.3.2.23", - "10.3.2.24", - "10.3.3.23", - "10.3.4.8", - "10.6.3.33", - "3.5.1.3.23", - "3.5.1.3.24", - "3.5.1.3.25", - "3.5.1.3.26", - "3.5.1.3.28", - "3.5.1.3.29", - "7.2.1.25", - "7.2.2.25", - "7.2.5.19", - "7.2.6.4", - "7.3.1.19", - "7.3.2.19", - "7.3.3.19", - "8.2.7.19", - "8.2.8.21", - "8.3.4.19", - "A1.1.2.14", - "A1.1.2.15", - "A1.1.2.16", - "A1.1.2.17", - "A1.1.2.19", - "A1.1.2.20", - "A1.1.3.30", - "A1.1.3.31", - "A1.1.3.32", - "A1.1.3.33", - "A1.1.3.34", - "A1.1.3.35", - "A1.2.1.31", - "A3.4.1.16", - "A3.4.1.17", - "A3.4.1.18", - "A3.4.1.19", - "A3.4.1.21", - "A3.4.1.22" - ], - "CIS-4.0": [ - "10.3.9", - "10.3.2.2" - ], - "NIS2": [ - "12.2.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Ensure that the 'Public access level' configuration setting is set to 'Private (no anonymous access)' for all blob containers in your storage account in order to block anonymous access to these Microsoft Azure resources.", - "title": "Ensure that the 'Public access level' is set to 'Private (no anonymous access)' for all blob containers in your storage account", - "types": [], - "uid": "prowler-azure-storage_blob_public_access_level_is_disabled-3bb71587-4549-4396-8898-9e15f062e665-eastus-stcfistoragecad63808" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "eastus", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808", - "name": "stcfistoragecad63808", - "location": "eastus", - "resouce_group_name": "rg-cfi-storage", - "enable_https_traffic_only": true, - "infrastructure_encryption": null, - "allow_blob_public_access": false, - "network_rule_set": { - "bypass": "AzureServices", - "default_action": "Allow" - }, - "encryption_type": "Microsoft.Storage", - "minimum_tls_version": "TLS1_2", - "private_endpoint_connections": [], - "key_expiration_period_in_days": null, - "replication_settings": "Standard_GRS", - "allow_cross_tenant_replication": true, - "allow_shared_key_access": true, - "blob_properties": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808/blobServices/default", - "name": "default", - "type": "Microsoft.Storage/storageAccounts/blobServices", - "container_delete_retention_policy": { - "enabled": true, - "days": 7 - }, - "default_service_version": null, - "versioning_enabled": true - }, - "default_to_entra_authorization": false, - "file_service_properties": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808/fileServices/default", - "name": "default", - "type": "Microsoft.Storage/storageAccounts/fileServices", - "share_delete_retention_policy": { - "enabled": true, - "days": 7 - }, - "smb_protocol_settings": { - "channel_encryption": [], - "supported_versions": [] - } - } - } - }, - "group": { - "name": "storage" - }, - "labels": [], - "name": "stcfistoragecad63808", - "type": "AzureStorageAccount", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "eastus" - }, - "remediation": { - "desc": "Set 'Public access level' configuration setting to 'Private (no anonymous access)'", - "references": [] - }, - "risk_details": "A user that accesses blob containers anonymously can use constructors that do not require credentials such as shared access signatures.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Storage account stcfistoragecad63808 from subscription Azure subscription 1 has blob versioning enabled.", - "metadata": { - "event_code": "storage_blob_versioning_is_enabled", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Storage account stcfistoragecad63808 from subscription Azure subscription 1 has blob versioning enabled.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/storage/blobs/versioning-enable", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CCC": [ - "CCC.ObjStor.CN03.AR01", - "CCC.ObjStor.CN04.AR01", - "CCC.ObjStor.CN05.AR01", - "CCC.ObjStor.CN05.AR02", - "CCC.ObjStor.CN05.AR03", - "CCC.ObjStor.CN05.AR04" - ], - "CIS-4.0": [ - "10.2.2" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Ensure that blob versioning is enabled on Azure Blob Storage accounts to automatically retain previous versions of objects.", - "title": "Ensure Blob Versioning is Enabled on Azure Blob Storage Accounts", - "types": [], - "uid": "prowler-azure-storage_blob_versioning_is_enabled-3bb71587-4549-4396-8898-9e15f062e665-eastus-stcfistoragecad63808" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "eastus", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808", - "name": "stcfistoragecad63808", - "location": "eastus", - "resouce_group_name": "rg-cfi-storage", - "enable_https_traffic_only": true, - "infrastructure_encryption": null, - "allow_blob_public_access": false, - "network_rule_set": { - "bypass": "AzureServices", - "default_action": "Allow" - }, - "encryption_type": "Microsoft.Storage", - "minimum_tls_version": "TLS1_2", - "private_endpoint_connections": [], - "key_expiration_period_in_days": null, - "replication_settings": "Standard_GRS", - "allow_cross_tenant_replication": true, - "allow_shared_key_access": true, - "blob_properties": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808/blobServices/default", - "name": "default", - "type": "Microsoft.Storage/storageAccounts/blobServices", - "container_delete_retention_policy": { - "enabled": true, - "days": 7 - }, - "default_service_version": null, - "versioning_enabled": true - }, - "default_to_entra_authorization": false, - "file_service_properties": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808/fileServices/default", - "name": "default", - "type": "Microsoft.Storage/storageAccounts/fileServices", - "share_delete_retention_policy": { - "enabled": true, - "days": 7 - }, - "smb_protocol_settings": { - "channel_encryption": [], - "supported_versions": [] - } - } - } - }, - "group": { - "name": "storage" - }, - "labels": [], - "name": "stcfistoragecad63808", - "type": "AzureStorageAccount", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "eastus" - }, - "remediation": { - "desc": "Enable blob versioning for all Azure Storage accounts that store critical or sensitive data.", - "references": [ - "https://learn.microsoft.com/en-us/azure/storage/blobs/versioning-enable" - ] - }, - "risk_details": "Without blob versioning, accidental or malicious changes to blobs cannot be easily recovered, leading to potential data loss.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Storage account stcfistoragecad63808 from subscription Azure subscription 1 has cross-tenant replication enabled.", - "metadata": { - "event_code": "storage_cross_tenant_replication_disabled", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Storage account stcfistoragecad63808 from subscription Azure subscription 1 has cross-tenant replication enabled.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/storage/blobs/object-replication-prevent-cross-tenant-policies?tabs=portal", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CCC": [ - "CCC.Core.CN10.AR01", - "CCC.Core.CN05.AR03" - ], - "CIS-4.0": [ - "10.3.8" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Ensure that cross-tenant replication is not enabled on Azure Storage Accounts to prevent unintended replication of data across tenant boundaries.", - "title": "Ensure cross-tenant replication is disabled", - "types": [], - "uid": "prowler-azure-storage_cross_tenant_replication_disabled-3bb71587-4549-4396-8898-9e15f062e665-eastus-stcfistoragecad63808" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "eastus", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808", - "name": "stcfistoragecad63808", - "location": "eastus", - "resouce_group_name": "rg-cfi-storage", - "enable_https_traffic_only": true, - "infrastructure_encryption": null, - "allow_blob_public_access": false, - "network_rule_set": { - "bypass": "AzureServices", - "default_action": "Allow" - }, - "encryption_type": "Microsoft.Storage", - "minimum_tls_version": "TLS1_2", - "private_endpoint_connections": [], - "key_expiration_period_in_days": null, - "replication_settings": "Standard_GRS", - "allow_cross_tenant_replication": true, - "allow_shared_key_access": true, - "blob_properties": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808/blobServices/default", - "name": "default", - "type": "Microsoft.Storage/storageAccounts/blobServices", - "container_delete_retention_policy": { - "enabled": true, - "days": 7 - }, - "default_service_version": null, - "versioning_enabled": true - }, - "default_to_entra_authorization": false, - "file_service_properties": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808/fileServices/default", - "name": "default", - "type": "Microsoft.Storage/storageAccounts/fileServices", - "share_delete_retention_policy": { - "enabled": true, - "days": 7 - }, - "smb_protocol_settings": { - "channel_encryption": [], - "supported_versions": [] - } - } - } - }, - "group": { - "name": "storage" - }, - "labels": [], - "name": "stcfistoragecad63808", - "type": "AzureStorageAccount", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "eastus" - }, - "remediation": { - "desc": "Disable Cross Tenant Replication on storage accounts to ensure that data remains within tenant boundaries unless explicitly shared, reducing the risk of data leakage and unauthorized access.", - "references": [ - "https://learn.microsoft.com/en-us/azure/storage/blobs/object-replication-prevent-cross-tenant-policies?tabs=portal" - ] - }, - "risk_details": "If cross-tenant replication is enabled, sensitive data could be inadvertently replicated across tenants, increasing the risk of data leakage, unauthorized access, or non-compliance with data governance and privacy policies.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Storage account stcfistoragecad63808 from subscription Azure subscription 1 has network access rule set to Allow.", - "metadata": { - "event_code": "storage_default_network_access_rule_is_denied", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Storage account stcfistoragecad63808 from subscription Azure subscription 1 has network access rule set to Allow.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "All allowed networks will need to be whitelisted on each specific network, creating administrative overhead. This may result in loss of network connectivity, so do not turn on for critical resources during business hours.", - "compliance": { - "ENS-RD2022": [ - "op.exp.8.r4.az.sa.2" - ], - "CIS-2.0": [ - "3.8" - ], - "ProwlerThreatScore-1.0": [ - "2.2.7" - ], - "CIS-2.1": [ - "3.8" - ], - "CIS-3.0": [ - "4.7" - ], - "CCC": [ - "CCC.AuditLog.CN10.AR02", - "CCC.ObjStor.CN02.AR01", - "CCC.MLDE.CN07.AR01", - "CCC.MLDE.CN07.AR02", - "CCC.MLDE.CN08.AR01", - "CCC.MLDE.CN08.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR04" - ], - "CIS-4.0": [ - "2.2.1.2", - "10.3.2.3" - ], - "NIS2": [ - "1.2.1", - "2.3.1", - "6.7.2.b", - "11.1.1", - "11.2.1", - "12.2.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Restricting default network access helps to provide a new layer of security, since storage accounts accept connections from clients on any network. To limit access toselected networks, the default action must be changed.", - "title": "Ensure Default Network Access Rule for Storage Accounts is Set to Deny", - "types": [], - "uid": "prowler-azure-storage_default_network_access_rule_is_denied-3bb71587-4549-4396-8898-9e15f062e665-eastus-stcfistoragecad63808" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "eastus", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808", - "name": "stcfistoragecad63808", - "location": "eastus", - "resouce_group_name": "rg-cfi-storage", - "enable_https_traffic_only": true, - "infrastructure_encryption": null, - "allow_blob_public_access": false, - "network_rule_set": { - "bypass": "AzureServices", - "default_action": "Allow" - }, - "encryption_type": "Microsoft.Storage", - "minimum_tls_version": "TLS1_2", - "private_endpoint_connections": [], - "key_expiration_period_in_days": null, - "replication_settings": "Standard_GRS", - "allow_cross_tenant_replication": true, - "allow_shared_key_access": true, - "blob_properties": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808/blobServices/default", - "name": "default", - "type": "Microsoft.Storage/storageAccounts/blobServices", - "container_delete_retention_policy": { - "enabled": true, - "days": 7 - }, - "default_service_version": null, - "versioning_enabled": true - }, - "default_to_entra_authorization": false, - "file_service_properties": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808/fileServices/default", - "name": "default", - "type": "Microsoft.Storage/storageAccounts/fileServices", - "share_delete_retention_policy": { - "enabled": true, - "days": 7 - }, - "smb_protocol_settings": { - "channel_encryption": [], - "supported_versions": [] - } - } - } - }, - "group": { - "name": "storage" - }, - "labels": [], - "name": "stcfistoragecad63808", - "type": "AzureStorageAccount", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "eastus" - }, - "remediation": { - "desc": "1. Go to Storage Accounts 2. For each storage account, Click on the Networking blade 3. Click the Firewalls and virtual networks heading. 4. Ensure that you have elected to allow access from Selected networks 5. Add rules to allow traffic from specific network. 6. Click Save to apply your changes.", - "references": [] - }, - "risk_details": "Storage accounts should be configured to deny access to traffic from all networks (including internet traffic). Access can be granted to traffic from specific Azure Virtualnetworks, allowing a secure network boundary for specific applications to be built.Access can also be granted to public internet IP address ranges to enable connectionsfrom specific internet or on-premises clients. When network rules are configured, onlyapplications from allowed networks can access a storage account. When calling from anallowed network, applications continue to require proper authorization (a valid accesskey or SAS token) to access the storage account.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Default to Microsoft Entra authorization is not enabled for storage account stcfistoragecad63808.", - "metadata": { - "event_code": "storage_default_to_entra_authorization_enabled", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Default to Microsoft Entra authorization is not enabled for storage account stcfistoragecad63808.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/storage/blobs/authorize-access-azure-active-directory", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CCC": [ - "CCC.ObjStor.CN02.AR02", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05" - ], - "CIS-4.0": [ - "10.3.3.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Ensure that the Azure Storage Account setting 'Default to Microsoft Entra authorization in the Azure portal' is enabled to enforce the use of Microsoft Entra ID for accessing blobs, files, queues, and tables.", - "title": "Ensure Microsoft Entra authorization is enabled by default for Azure Storage Accounts", - "types": [], - "uid": "prowler-azure-storage_default_to_entra_authorization_enabled-3bb71587-4549-4396-8898-9e15f062e665-eastus-stcfistoragecad63808" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "eastus", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808", - "name": "stcfistoragecad63808", - "location": "eastus", - "resouce_group_name": "rg-cfi-storage", - "enable_https_traffic_only": true, - "infrastructure_encryption": null, - "allow_blob_public_access": false, - "network_rule_set": { - "bypass": "AzureServices", - "default_action": "Allow" - }, - "encryption_type": "Microsoft.Storage", - "minimum_tls_version": "TLS1_2", - "private_endpoint_connections": [], - "key_expiration_period_in_days": null, - "replication_settings": "Standard_GRS", - "allow_cross_tenant_replication": true, - "allow_shared_key_access": true, - "blob_properties": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808/blobServices/default", - "name": "default", - "type": "Microsoft.Storage/storageAccounts/blobServices", - "container_delete_retention_policy": { - "enabled": true, - "days": 7 - }, - "default_service_version": null, - "versioning_enabled": true - }, - "default_to_entra_authorization": false, - "file_service_properties": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808/fileServices/default", - "name": "default", - "type": "Microsoft.Storage/storageAccounts/fileServices", - "share_delete_retention_policy": { - "enabled": true, - "days": 7 - }, - "smb_protocol_settings": { - "channel_encryption": [], - "supported_versions": [] - } - } - } - }, - "group": { - "name": "storage" - }, - "labels": [], - "name": "stcfistoragecad63808", - "type": "AzureStorageAccount", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "eastus" - }, - "remediation": { - "desc": "Enable Microsoft Entra authorization by default in the Azure portal to enhance security and avoid reliance on Shared Key authentication.", - "references": [ - "https://learn.microsoft.com/en-us/azure/storage/blobs/authorize-access-azure-active-directory" - ] - }, - "risk_details": "If this setting is not enabled, the Azure portal may authorize access using less secure methods such as Shared Key, increasing the risk of unauthorized data access.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Storage account stcfistoragecad63808 from subscription Azure subscription 1 allows trusted Microsoft services to access this storage account.", - "metadata": { - "event_code": "storage_ensure_azure_services_are_trusted_to_access_is_enabled", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Storage account stcfistoragecad63808 from subscription Azure subscription 1 allows trusted Microsoft services to access this storage account.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.info.6.r2.az.sa.1" - ], - "MITRE-ATTACK": [ - "T1530" - ], - "CIS-2.0": [ - "3.9" - ], - "ProwlerThreatScore-1.0": [ - "2.2.8" - ], - "ISO27001-2022": [ - "A.8.3" - ], - "CIS-2.1": [ - "3.9" - ], - "CIS-3.0": [ - "4.8" - ], - "CCC": [ - "CCC.MLDE.CN08.AR02", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR04", - "CCC.Core.CN05.AR05" - ], - "PCI-4.0": [ - "10.6.3.35", - "11.5.2.5", - "11.6.1.5", - "12.10.5.5", - "7.2.1.27", - "7.2.2.27", - "7.2.5.21", - "7.2.6.5", - "7.3.1.21", - "7.3.2.21", - "7.3.3.21", - "8.2.7.21", - "8.2.8.23", - "8.3.4.21", - "A3.3.1.8", - "A3.5.1.8" - ], - "CIS-4.0": [ - "10.3.5" - ], - "NIS2": [ - "12.2.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Ensure that 'Allow trusted Microsoft services to access this storage account' is enabled within your Azure Storage account configuration settings to grant access to trusted cloud services.", - "title": "Ensure that 'Allow trusted Microsoft services to access this storage account' is enabled for storage accounts", - "types": [], - "uid": "prowler-azure-storage_ensure_azure_services_are_trusted_to_access_is_enabled-3bb71587-4549-4396-8898-9e15f062e665-eastus-stcfistoragecad63808" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "eastus", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808", - "name": "stcfistoragecad63808", - "location": "eastus", - "resouce_group_name": "rg-cfi-storage", - "enable_https_traffic_only": true, - "infrastructure_encryption": null, - "allow_blob_public_access": false, - "network_rule_set": { - "bypass": "AzureServices", - "default_action": "Allow" - }, - "encryption_type": "Microsoft.Storage", - "minimum_tls_version": "TLS1_2", - "private_endpoint_connections": [], - "key_expiration_period_in_days": null, - "replication_settings": "Standard_GRS", - "allow_cross_tenant_replication": true, - "allow_shared_key_access": true, - "blob_properties": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808/blobServices/default", - "name": "default", - "type": "Microsoft.Storage/storageAccounts/blobServices", - "container_delete_retention_policy": { - "enabled": true, - "days": 7 - }, - "default_service_version": null, - "versioning_enabled": true - }, - "default_to_entra_authorization": false, - "file_service_properties": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808/fileServices/default", - "name": "default", - "type": "Microsoft.Storage/storageAccounts/fileServices", - "share_delete_retention_policy": { - "enabled": true, - "days": 7 - }, - "smb_protocol_settings": { - "channel_encryption": [], - "supported_versions": [] - } - } - } - }, - "group": { - "name": "storage" - }, - "labels": [], - "name": "stcfistoragecad63808", - "type": "AzureStorageAccount", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "eastus" - }, - "remediation": { - "desc": "To allow these Azure services to work as intended and be able to access your storage account resources, you have to add an exception so that the trusted Microsoft Azure services can bypass your network rules", - "references": [] - }, - "risk_details": "Not allowing to access storage account by Azure services the following services: Azure Backup, Azure Event Grid, Azure Site Recovery, Azure DevTest Labs, Azure Event Hubs, Azure Networking, Azure Monitor and Azure SQL Data Warehouse (when registered in the subscription), are not granted access to your storage account", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Storage account stcfistoragecad63808 from subscription Azure subscription 1 does not encrypt with CMKs.", - "metadata": { - "event_code": "storage_ensure_encryption_with_customer_managed_keys", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "FAIL", - "status_detail": "Storage account stcfistoragecad63808 from subscription Azure subscription 1 does not encrypt with CMKs.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.exp.10.az.kv.2" - ], - "MITRE-ATTACK": [ - "T1530" - ], - "CIS-2.0": [ - "3.12" - ], - "ProwlerThreatScore-1.0": [ - "4.2.1" - ], - "ISO27001-2022": [ - "A.8.5", - "A.8.11", - "A.8.24" - ], - "SOC2": [ - "cc_6_7", - "cc_7_5" - ], - "CIS-2.1": [ - "3.12" - ], - "CIS-3.0": [ - "4.11" - ], - "CCC": [ - "CCC.ObjStor.CN01.AR01", - "CCC.ObjStor.CN01.AR02", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN01.AR04", - "CCC.Core.CN13.AR02", - "CCC.Core.CN02.AR01", - "CCC.Core.CN11.AR01", - "CCC.Core.CN11.AR03", - "CCC.Core.CN11.AR04", - "CCC.Core.CN11.AR05" - ], - "PCI-4.0": [ - "3.5.1.34", - "8.3.2.53" - ], - "CIS-4.0": [ - "2.1.1.2.1" - ], - "NIS2": [ - "9.2.a", - "9.2.c.iv", - "12.2.2.a", - "12.2.2.b" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Ensure that your Microsoft Azure Storage accounts are using Customer Managed Keys (CMKs) instead of Microsoft Managed Keys", - "title": "Ensure that your Microsoft Azure Storage accounts are using Customer Managed Keys (CMKs) instead of Microsoft Managed Keys", - "types": [], - "uid": "prowler-azure-storage_ensure_encryption_with_customer_managed_keys-3bb71587-4549-4396-8898-9e15f062e665-eastus-stcfistoragecad63808" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "eastus", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808", - "name": "stcfistoragecad63808", - "location": "eastus", - "resouce_group_name": "rg-cfi-storage", - "enable_https_traffic_only": true, - "infrastructure_encryption": null, - "allow_blob_public_access": false, - "network_rule_set": { - "bypass": "AzureServices", - "default_action": "Allow" - }, - "encryption_type": "Microsoft.Storage", - "minimum_tls_version": "TLS1_2", - "private_endpoint_connections": [], - "key_expiration_period_in_days": null, - "replication_settings": "Standard_GRS", - "allow_cross_tenant_replication": true, - "allow_shared_key_access": true, - "blob_properties": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808/blobServices/default", - "name": "default", - "type": "Microsoft.Storage/storageAccounts/blobServices", - "container_delete_retention_policy": { - "enabled": true, - "days": 7 - }, - "default_service_version": null, - "versioning_enabled": true - }, - "default_to_entra_authorization": false, - "file_service_properties": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808/fileServices/default", - "name": "default", - "type": "Microsoft.Storage/storageAccounts/fileServices", - "share_delete_retention_policy": { - "enabled": true, - "days": 7 - }, - "smb_protocol_settings": { - "channel_encryption": [], - "supported_versions": [] - } - } - } - }, - "group": { - "name": "storage" - }, - "labels": [], - "name": "stcfistoragecad63808", - "type": "AzureStorageAccount", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "eastus" - }, - "remediation": { - "desc": "Enable sensitive data encryption at rest using Customer Managed Keys rather than Microsoft Managed keys.", - "references": [] - }, - "risk_details": "If you want to control and manage storage account contents encryption key yourself you must specify a customer-managed key", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "File share soft delete is enabled for storage account stcfistoragecad63808 with a retention period of 7 days.", - "metadata": { - "event_code": "storage_ensure_file_shares_soft_delete_is_enabled", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "File share soft delete is enabled for storage account stcfistoragecad63808 with a retention period of 7 days.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/storage/files/storage-files-prevent-file-share-deletion?tabs=azure-portal", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CCC": [ - "CCC.ObjStor.CN04.AR01", - "CCC.ObjStor.CN04.AR02" - ], - "CIS-4.0": [ - "10.1.1" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Ensure that soft delete is enabled for Azure File Shares to protect against accidental or malicious deletion of important data. This feature allows deleted file shares to be retained for a specified period, during which they can be recovered before permanent deletion occurs.", - "title": "Ensure soft delete for Azure File Shares is enabled", - "types": [], - "uid": "prowler-azure-storage_ensure_file_shares_soft_delete_is_enabled-3bb71587-4549-4396-8898-9e15f062e665-eastus-stcfistoragecad63808" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "eastus", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808/fileServices/default", - "name": "default", - "type": "Microsoft.Storage/storageAccounts/fileServices", - "share_delete_retention_policy": { - "enabled": true, - "days": 7 - }, - "smb_protocol_settings": { - "channel_encryption": [], - "supported_versions": [] - } - } - }, - "group": { - "name": "storage" - }, - "labels": [], - "name": "stcfistoragecad63808", - "type": "AzureStorageAccount", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808/fileServices/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "eastus" - }, - "remediation": { - "desc": "Enable soft delete for file shares on your Azure Storage Account to allow recovery of deleted shares within a configured retention period.", - "references": [ - "https://learn.microsoft.com/en-us/azure/storage/files/storage-files-prevent-file-share-deletion?tabs=azure-portal" - ] - }, - "risk_details": "Without soft delete enabled, accidental or malicious deletions of file shares result in permanent data loss, making recovery impossible unless a separate backup mechanism is in place.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Storage account stcfistoragecad63808 from subscription Azure subscription 1 has TLS version set to 1.2.", - "metadata": { - "event_code": "storage_ensure_minimum_tls_version_12", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Storage account stcfistoragecad63808 from subscription Azure subscription 1 has TLS version set to 1.2.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.com.3.r2.az.tls.3" - ], - "MITRE-ATTACK": [ - "T1040" - ], - "CIS-2.0": [ - "3.15" - ], - "ProwlerThreatScore-1.0": [ - "4.1.3" - ], - "SOC2": [ - "cc_6_6" - ], - "CIS-2.1": [ - "3.15" - ], - "CIS-3.0": [ - "4.15" - ], - "CCC": [ - "CCC.Core.CN01.AR01", - "CCC.Core.CN01.AR02", - "CCC.Core.CN01.AR03", - "CCC.Core.CN01.AR07", - "CCC.Core.CN11.AR01" - ], - "CIS-4.0": [ - "10.3.7" - ], - "NIS2": [ - "6.7.2.i", - "6.7.2.l", - "12.2.2.a", - "12.2.2.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Ensure the 'Minimum TLS version' for storage accounts is set to 'Version 1.2'", - "title": "Ensure the 'Minimum TLS version' for storage accounts is set to 'Version 1.2'", - "types": [], - "uid": "prowler-azure-storage_ensure_minimum_tls_version_12-3bb71587-4549-4396-8898-9e15f062e665-eastus-stcfistoragecad63808" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "eastus", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808", - "name": "stcfistoragecad63808", - "location": "eastus", - "resouce_group_name": "rg-cfi-storage", - "enable_https_traffic_only": true, - "infrastructure_encryption": null, - "allow_blob_public_access": false, - "network_rule_set": { - "bypass": "AzureServices", - "default_action": "Allow" - }, - "encryption_type": "Microsoft.Storage", - "minimum_tls_version": "TLS1_2", - "private_endpoint_connections": [], - "key_expiration_period_in_days": null, - "replication_settings": "Standard_GRS", - "allow_cross_tenant_replication": true, - "allow_shared_key_access": true, - "blob_properties": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808/blobServices/default", - "name": "default", - "type": "Microsoft.Storage/storageAccounts/blobServices", - "container_delete_retention_policy": { - "enabled": true, - "days": 7 - }, - "default_service_version": null, - "versioning_enabled": true - }, - "default_to_entra_authorization": false, - "file_service_properties": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808/fileServices/default", - "name": "default", - "type": "Microsoft.Storage/storageAccounts/fileServices", - "share_delete_retention_policy": { - "enabled": true, - "days": 7 - }, - "smb_protocol_settings": { - "channel_encryption": [], - "supported_versions": [] - } - } - } - }, - "group": { - "name": "storage" - }, - "labels": [], - "name": "stcfistoragecad63808", - "type": "AzureStorageAccount", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "eastus" - }, - "remediation": { - "desc": "Ensure that all your Microsoft Azure Storage accounts are using the latest available version of the TLS protocol.", - "references": [ - "https://www.trendmicro.com/cloudoneconformity/knowledge-base/azure/StorageAccounts/minimum-tls-version.html" - ] - }, - "risk_details": "TLS versions 1.0 and 1.1 are known to be susceptible to certain Common Vulnerabilities and Exposures (CVE) weaknesses and attacks such as POODLE and BEAST", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Storage account stcfistoragecad63808 from subscription Azure subscription 1 does not have private endpoint connections.", - "metadata": { - "event_code": "storage_ensure_private_endpoints_in_storage_accounts", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Storage account stcfistoragecad63808 from subscription Azure subscription 1 does not have private endpoint connections.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/storage/common/storage-private-endpoints", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.com.4.r2..az.sa.1" - ], - "MITRE-ATTACK": [ - "T1530" - ], - "CIS-2.0": [ - "3.10" - ], - "ProwlerThreatScore-1.0": [ - "2.2.9" - ], - "ISO27001-2022": [ - "A.8.14" - ], - "SOC2": [ - "cc_3_3" - ], - "CIS-2.1": [ - "3.10" - ], - "CIS-3.0": [ - "4.9" - ], - "CCC": [ - "CCC.AuditLog.CN10.AR01", - "CCC.AuditLog.CN10.AR02", - "CCC.ObjStor.CN01.AR03", - "CCC.ObjStor.CN02.AR01", - "CCC.ObjStor.CN02.AR02", - "CCC.MLDE.CN07.AR01", - "CCC.MLDE.CN07.AR02", - "CCC.MLDE.CN08.AR01", - "CCC.MLDE.CN08.AR02", - "CCC.Core.CN06.AR01", - "CCC.Core.CN10.AR01", - "CCC.Core.CN05.AR02", - "CCC.Core.CN05.AR03", - "CCC.Core.CN05.AR05" - ], - "CIS-4.0": [ - "2.2.2.1", - "10.3.2.1" - ], - "NIS2": [ - "1.1.1.a", - "1.1.1.c", - "6.7.2.i", - "6.7.2.l", - "11.2.2.d", - "12.2.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Use private endpoints for your Azure Storage accounts to allow clients and services to securely access data located over a network via an encrypted Private Link. To do this, the private endpoint uses an IP address from the VNet for each service. Network traffic between disparate services securely traverses encrypted over the VNet. This VNet can also link addressing space, extending your network and accessing resources on it. Similarly, it can be a tunnel through public networks to connect remote infrastructures together. This creates further security through segmenting network traffic and preventing outside sources from accessing it.", - "title": "Ensure Private Endpoints are used to access Storage Accounts", - "types": [], - "uid": "prowler-azure-storage_ensure_private_endpoints_in_storage_accounts-3bb71587-4549-4396-8898-9e15f062e665-eastus-stcfistoragecad63808" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "eastus", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808", - "name": "stcfistoragecad63808", - "location": "eastus", - "resouce_group_name": "rg-cfi-storage", - "enable_https_traffic_only": true, - "infrastructure_encryption": null, - "allow_blob_public_access": false, - "network_rule_set": { - "bypass": "AzureServices", - "default_action": "Allow" - }, - "encryption_type": "Microsoft.Storage", - "minimum_tls_version": "TLS1_2", - "private_endpoint_connections": [], - "key_expiration_period_in_days": null, - "replication_settings": "Standard_GRS", - "allow_cross_tenant_replication": true, - "allow_shared_key_access": true, - "blob_properties": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808/blobServices/default", - "name": "default", - "type": "Microsoft.Storage/storageAccounts/blobServices", - "container_delete_retention_policy": { - "enabled": true, - "days": 7 - }, - "default_service_version": null, - "versioning_enabled": true - }, - "default_to_entra_authorization": false, - "file_service_properties": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808/fileServices/default", - "name": "default", - "type": "Microsoft.Storage/storageAccounts/fileServices", - "share_delete_retention_policy": { - "enabled": true, - "days": 7 - }, - "smb_protocol_settings": { - "channel_encryption": [], - "supported_versions": [] - } - } - } - }, - "group": { - "name": "storage" - }, - "labels": [], - "name": "stcfistoragecad63808", - "type": "AzureStorageAccount", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "eastus" - }, - "remediation": { - "desc": "Use Private Endpoints to access Storage Accounts", - "references": [ - "https://docs.microsoft.com/en-us/azure/storage/common/storage-private-endpoints" - ] - }, - "risk_details": "Storage accounts that are not configured to use Private Endpoints are accessible over the public internet. This can lead to data exfiltration and other security issues.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Storage account stcfistoragecad63808 from subscription Azure subscription 1 has soft delete enabled.", - "metadata": { - "event_code": "storage_ensure_soft_delete_is_enabled", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Storage account stcfistoragecad63808 from subscription Azure subscription 1 has soft delete enabled.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/storage/blobs/soft-delete-blob-enable?tabs=azure-portal", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "Additional storage costs may be incurred as snapshots are retained.", - "compliance": { - "MITRE-ATTACK": [ - "T1485" - ], - "CIS-2.0": [ - "3.11" - ], - "ISO27001-2022": [ - "A.8.10" - ], - "SOC2": [ - "cc_7_4", - "cc_c_1_1", - "cc_c_1_2" - ], - "CIS-2.1": [ - "3.11" - ], - "CIS-3.0": [ - "4.10" - ], - "CCC": [ - "CCC.AuditLog.CN06.AR01", - "CCC.AuditLog.CN08.AR01", - "CCC.ObjStor.CN03.AR01", - "CCC.ObjStor.CN04.AR01", - "CCC.ObjStor.CN04.AR02" - ], - "PCI-4.0": [ - "10.3.2.22", - "3.5.1.3.27", - "8.4.1.5", - "8.4.2.5", - "8.4.3.5", - "A1.1.2.18", - "A3.4.1.20" - ], - "CIS-4.0": [ - "10.2.1", - "10.3.6" - ], - "NIS2": [ - "4.2.2.f", - "12.2.2.a", - "12.2.2.b" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "The Azure Storage blobs contain data like ePHI or Financial, which can be secret or personal. Data that is erroneously modified or deleted by an application or other storage account user will cause data loss or unavailability.", - "title": "Ensure Soft Delete is Enabled for Azure Containers and Blob Storage", - "types": [], - "uid": "prowler-azure-storage_ensure_soft_delete_is_enabled-3bb71587-4549-4396-8898-9e15f062e665-eastus-stcfistoragecad63808" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "eastus", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808", - "name": "stcfistoragecad63808", - "location": "eastus", - "resouce_group_name": "rg-cfi-storage", - "enable_https_traffic_only": true, - "infrastructure_encryption": null, - "allow_blob_public_access": false, - "network_rule_set": { - "bypass": "AzureServices", - "default_action": "Allow" - }, - "encryption_type": "Microsoft.Storage", - "minimum_tls_version": "TLS1_2", - "private_endpoint_connections": [], - "key_expiration_period_in_days": null, - "replication_settings": "Standard_GRS", - "allow_cross_tenant_replication": true, - "allow_shared_key_access": true, - "blob_properties": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808/blobServices/default", - "name": "default", - "type": "Microsoft.Storage/storageAccounts/blobServices", - "container_delete_retention_policy": { - "enabled": true, - "days": 7 - }, - "default_service_version": null, - "versioning_enabled": true - }, - "default_to_entra_authorization": false, - "file_service_properties": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808/fileServices/default", - "name": "default", - "type": "Microsoft.Storage/storageAccounts/fileServices", - "share_delete_retention_policy": { - "enabled": true, - "days": 7 - }, - "smb_protocol_settings": { - "channel_encryption": [], - "supported_versions": [] - } - } - } - }, - "group": { - "name": "storage" - }, - "labels": [], - "name": "stcfistoragecad63808", - "type": "AzureStorageAccount", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "eastus" - }, - "remediation": { - "desc": "From the Azure home page, open the hamburger menu in the top left or click on the arrow pointing right with 'More services' underneath. 2. Select Storage. 3. Select Storage Accounts. 4. For each Storage Account, navigate to Data protection in the left scroll column. 5. Check soft delete for both blobs and containers. Set the retention period to a sufficient length for your organization", - "references": [ - "https://docs.microsoft.com/en-us/azure/storage/blobs/storage-blob-soft-delete" - ] - }, - "risk_details": "Containers and Blob Storage data can be incorrectly deleted. An attacker/malicious user may do this deliberately in order to cause disruption. Deleting an Azure Storage blob causes immediate data loss. Enabling this configuration for Azure storage ensures that even if blobs/data were deleted from the storage account, Blobs/data objects are recoverable for a particular time which is set in the Retention policies ranging from 7 days to 365 days.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Storage account stcfistoragecad63808 from subscription Azure subscription 1 has Geo-redundant storage Standard_GRS enabled.", - "metadata": { - "event_code": "storage_geo_redundant_enabled", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 4, - "severity": "High", - "status": "New", - "status_code": "PASS", - "status_detail": "Storage account stcfistoragecad63808 from subscription Azure subscription 1 has Geo-redundant storage Standard_GRS enabled.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/storage/common/storage-redundancy", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "CCC": [ - "CCC.Logging.CN05.AR02", - "CCC.Core.CN08.AR01", - "CCC.Core.CN08.AR02" - ], - "CIS-4.0": [ - "10.3.12" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Geo-redundant storage (GRS) must be enabled on critical Azure Storage Accounts to ensure data durability and availability in the event of a regional outage. GRS replicates data within the primary region and asynchronously to a secondary region, offering enhanced resilience and supporting disaster recovery strategies.", - "title": "Ensure geo-redundant storage (GRS) is enabled on critical Azure Storage Accounts", - "types": [], - "uid": "prowler-azure-storage_geo_redundant_enabled-3bb71587-4549-4396-8898-9e15f062e665-eastus-stcfistoragecad63808" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "eastus", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808", - "name": "stcfistoragecad63808", - "location": "eastus", - "resouce_group_name": "rg-cfi-storage", - "enable_https_traffic_only": true, - "infrastructure_encryption": null, - "allow_blob_public_access": false, - "network_rule_set": { - "bypass": "AzureServices", - "default_action": "Allow" - }, - "encryption_type": "Microsoft.Storage", - "minimum_tls_version": "TLS1_2", - "private_endpoint_connections": [], - "key_expiration_period_in_days": null, - "replication_settings": "Standard_GRS", - "allow_cross_tenant_replication": true, - "allow_shared_key_access": true, - "blob_properties": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808/blobServices/default", - "name": "default", - "type": "Microsoft.Storage/storageAccounts/blobServices", - "container_delete_retention_policy": { - "enabled": true, - "days": 7 - }, - "default_service_version": null, - "versioning_enabled": true - }, - "default_to_entra_authorization": false, - "file_service_properties": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808/fileServices/default", - "name": "default", - "type": "Microsoft.Storage/storageAccounts/fileServices", - "share_delete_retention_policy": { - "enabled": true, - "days": 7 - }, - "smb_protocol_settings": { - "channel_encryption": [], - "supported_versions": [] - } - } - } - }, - "group": { - "name": "storage" - }, - "labels": [], - "name": "stcfistoragecad63808", - "type": "AzureStorageAccount", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "eastus" - }, - "remediation": { - "desc": "Enable geo-redundant storage (GRS) for critical Azure Storage Accounts to ensure data durability and availability across regional failures.", - "references": [ - "https://learn.microsoft.com/en-us/azure/storage/common/storage-redundancy" - ] - }, - "risk_details": "Without GRS, critical data may be lost or become unavailable during a regional outage, compromising data durability and disaster recovery efforts.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Storage account stcfistoragecad63808 from subscription Azure subscription 1 has infrastructure encryption disabled.", - "metadata": { - "event_code": "storage_infrastructure_encryption_is_enabled", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 2, - "severity": "Low", - "status": "New", - "status_code": "FAIL", - "status_detail": "Storage account stcfistoragecad63808 from subscription Azure subscription 1 has infrastructure encryption disabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.exp.10.az.kv.2" - ], - "MITRE-ATTACK": [ - "T1530" - ], - "CIS-2.0": [ - "3.2" - ], - "ISO27001-2022": [ - "A.8.5", - "A.8.11", - "A.8.24" - ], - "SOC2": [ - "cc_6_7", - "cc_7_5" - ], - "CIS-2.1": [ - "3.2" - ], - "CIS-3.0": [ - "4.3" - ], - "CCC": [ - "CCC.Core.CN02.AR01" - ], - "PCI-4.0": [ - "3.5.1.22", - "8.3.2.37" - ], - "CIS-4.0": [ - "10.3.1.1" - ], - "NIS2": [ - "9.2.a", - "12.2.2.a", - "12.2.2.b" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Ensure that 'Enable Infrastructure Encryption' for Each Storage Account in Azure Storage is Set to 'enabled' ", - "title": "Ensure that 'Enable Infrastructure Encryption' for Each Storage Account in Azure Storage is Set to 'enabled' ", - "types": [], - "uid": "prowler-azure-storage_infrastructure_encryption_is_enabled-3bb71587-4549-4396-8898-9e15f062e665-eastus-stcfistoragecad63808" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "eastus", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808", - "name": "stcfistoragecad63808", - "location": "eastus", - "resouce_group_name": "rg-cfi-storage", - "enable_https_traffic_only": true, - "infrastructure_encryption": null, - "allow_blob_public_access": false, - "network_rule_set": { - "bypass": "AzureServices", - "default_action": "Allow" - }, - "encryption_type": "Microsoft.Storage", - "minimum_tls_version": "TLS1_2", - "private_endpoint_connections": [], - "key_expiration_period_in_days": null, - "replication_settings": "Standard_GRS", - "allow_cross_tenant_replication": true, - "allow_shared_key_access": true, - "blob_properties": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808/blobServices/default", - "name": "default", - "type": "Microsoft.Storage/storageAccounts/blobServices", - "container_delete_retention_policy": { - "enabled": true, - "days": 7 - }, - "default_service_version": null, - "versioning_enabled": true - }, - "default_to_entra_authorization": false, - "file_service_properties": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808/fileServices/default", - "name": "default", - "type": "Microsoft.Storage/storageAccounts/fileServices", - "share_delete_retention_policy": { - "enabled": true, - "days": 7 - }, - "smb_protocol_settings": { - "channel_encryption": [], - "supported_versions": [] - } - } - } - }, - "group": { - "name": "storage" - }, - "labels": [], - "name": "stcfistoragecad63808", - "type": "AzureRole", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "eastus" - }, - "remediation": { - "desc": "Enabling double encryption at the hardware level on top of the default software encryption for Storage Accounts accessing Azure storage solutions.", - "references": [] - }, - "risk_details": "Double encryption of Azure Storage data protects against a scenario where one of the encryption algorithms or keys may be compromised", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Storage account stcfistoragecad63808 from subscription Azure subscription 1 has no key expiration period set.", - "metadata": { - "event_code": "storage_key_rotation_90_days", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Storage account stcfistoragecad63808 from subscription Azure subscription 1 has no key expiration period set.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/storage/common/storage-account-keys-manage?tabs=azure-portal", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "op.acc.6.r1.az.eid.2" - ], - "CIS-2.0": [ - "3.4" - ], - "CIS-2.1": [ - "3.4" - ], - "CIS-3.0": [ - "4.4" - ], - "CCC": [ - "CCC.Core.CN11.AR02", - "CCC.Core.CN11.AR05" - ], - "CIS-4.0": [ - "10.3.1.2" - ], - "NIS2": [ - "9.2.c.iii", - "9.2.c.iv", - "11.6.2.c", - "12.2.2.a" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Ensure that Storage Account Access Keys are Periodically Regenerated", - "title": "Ensure that Storage Account Access Keys are Periodically Regenerated", - "types": [], - "uid": "prowler-azure-storage_key_rotation_90_days-3bb71587-4549-4396-8898-9e15f062e665-eastus-stcfistoragecad63808" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "eastus", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808", - "name": "stcfistoragecad63808", - "location": "eastus", - "resouce_group_name": "rg-cfi-storage", - "enable_https_traffic_only": true, - "infrastructure_encryption": null, - "allow_blob_public_access": false, - "network_rule_set": { - "bypass": "AzureServices", - "default_action": "Allow" - }, - "encryption_type": "Microsoft.Storage", - "minimum_tls_version": "TLS1_2", - "private_endpoint_connections": [], - "key_expiration_period_in_days": null, - "replication_settings": "Standard_GRS", - "allow_cross_tenant_replication": true, - "allow_shared_key_access": true, - "blob_properties": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808/blobServices/default", - "name": "default", - "type": "Microsoft.Storage/storageAccounts/blobServices", - "container_delete_retention_policy": { - "enabled": true, - "days": 7 - }, - "default_service_version": null, - "versioning_enabled": true - }, - "default_to_entra_authorization": false, - "file_service_properties": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808/fileServices/default", - "name": "default", - "type": "Microsoft.Storage/storageAccounts/fileServices", - "share_delete_retention_policy": { - "enabled": true, - "days": 7 - }, - "smb_protocol_settings": { - "channel_encryption": [], - "supported_versions": [] - } - } - } - }, - "group": { - "name": "storage" - }, - "labels": [], - "name": "stcfistoragecad63808", - "type": "AzureStorageAccount", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "eastus" - }, - "remediation": { - "desc": "Ensure that Azure Storage account access keys are regenerated every 90 days in order to decrease the likelihood of accidental exposures and protect your storage account resources against unauthorized access.", - "references": [ - "https://learn.microsoft.com/en-us/azure/storage/common/storage-account-create?tabs=azure-portal#regenerate-storage-access-keys" - ] - }, - "risk_details": "If the access keys are not regenerated periodically, the likelihood of accidental exposures increases, which can lead to unauthorized access to your storage account resources.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Storage account stcfistoragecad63808 from subscription Azure subscription 1 has secure transfer required enabled.", - "metadata": { - "event_code": "storage_secure_transfer_required_is_enabled", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "PASS", - "status_detail": "Storage account stcfistoragecad63808 from subscription Azure subscription 1 has secure transfer required enabled.", - "status_id": 1, - "unmapped": { - "related_url": "", - "categories": [ - "encryption" - ], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "", - "compliance": { - "ENS-RD2022": [ - "mp.com.3.az.sa.1" - ], - "MITRE-ATTACK": [ - "T1040" - ], - "CIS-2.0": [ - "3.1" - ], - "ISO27001-2022": [ - "A.8.12", - "A.8.14", - "A.8.24" - ], - "SOC2": [ - "cc_6_2", - "cc_6_7" - ], - "CIS-2.1": [ - "3.1" - ], - "CIS-3.0": [ - "4.1" - ], - "CCC": [ - "CCC.Core.CN01.AR01", - "CCC.Core.CN01.AR02", - "CCC.Core.CN01.AR03", - "CCC.Core.CN01.AR07", - "CCC.Core.CN11.AR01", - "CCC.Core.CN05.AR04" - ], - "PCI-4.0": [ - "1.2.5.15", - "2.2.5.15", - "2.2.7.19", - "3.5.1.30", - "4.2.1.1.27", - "4.2.1.19", - "8.3.2.48", - "8.3.2.49" - ], - "CIS-4.0": [ - "10.3.4" - ], - "NIS2": [ - "6.7.2.i", - "6.7.2.l", - "9.2.a", - "12.2.2.a", - "12.2.2.b", - "12.2.2.c" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Ensure that all data transferred between clients and your Azure Storage account is encrypted using the HTTPS protocol.", - "title": "Ensure that all data transferred between clients and your Azure Storage account is encrypted using the HTTPS protocol.", - "types": [], - "uid": "prowler-azure-storage_secure_transfer_required_is_enabled-3bb71587-4549-4396-8898-9e15f062e665-eastus-stcfistoragecad63808" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "eastus", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808", - "name": "stcfistoragecad63808", - "location": "eastus", - "resouce_group_name": "rg-cfi-storage", - "enable_https_traffic_only": true, - "infrastructure_encryption": null, - "allow_blob_public_access": false, - "network_rule_set": { - "bypass": "AzureServices", - "default_action": "Allow" - }, - "encryption_type": "Microsoft.Storage", - "minimum_tls_version": "TLS1_2", - "private_endpoint_connections": [], - "key_expiration_period_in_days": null, - "replication_settings": "Standard_GRS", - "allow_cross_tenant_replication": true, - "allow_shared_key_access": true, - "blob_properties": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808/blobServices/default", - "name": "default", - "type": "Microsoft.Storage/storageAccounts/blobServices", - "container_delete_retention_policy": { - "enabled": true, - "days": 7 - }, - "default_service_version": null, - "versioning_enabled": true - }, - "default_to_entra_authorization": false, - "file_service_properties": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808/fileServices/default", - "name": "default", - "type": "Microsoft.Storage/storageAccounts/fileServices", - "share_delete_retention_policy": { - "enabled": true, - "days": 7 - }, - "smb_protocol_settings": { - "channel_encryption": [], - "supported_versions": [] - } - } - } - }, - "group": { - "name": "storage" - }, - "labels": [], - "name": "stcfistoragecad63808", - "type": "AzureStorageAccount", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "eastus" - }, - "remediation": { - "desc": "Enable data encryption in transit.", - "references": [] - }, - "risk_details": "Requests to the storage account sent outside of a secure connection can be eavesdropped", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - }, - { - "message": "Storage account stcfistoragecad63808 from subscription Azure subscription 1 does not have SMB channel encryption enabled for file shares.", - "metadata": { - "event_code": "storage_smb_channel_encryption_with_secure_algorithm", - "product": { - "name": "Prowler (delta)", - "uid": "prowler", - "vendor_name": "Prowler", - "version": "5.13.0" - }, - "profiles": [ - "cloud", - "datetime" - ], - "tenant_uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730", - "version": "1.5.0" - }, - "severity_id": 3, - "severity": "Medium", - "status": "New", - "status_code": "FAIL", - "status_detail": "Storage account stcfistoragecad63808 from subscription Azure subscription 1 does not have SMB channel encryption enabled for file shares.", - "status_id": 1, - "unmapped": { - "related_url": "https://learn.microsoft.com/en-us/azure/well-architected/service-guides/azure-files#recommendations-for-smb-file-shares", - "categories": [], - "depends_on": [], - "related_to": [], - "additional_urls": [], - "notes": "This check passes if SMB channel encryption is set to a secure algorithm.", - "compliance": { - "CCC": [ - "CCC.Core.CN01.AR07", - "CCC.Core.CN11.AR01" - ], - "CIS-4.0": [ - "10.1.3" - ] - } - }, - "activity_name": "Create", - "activity_id": 1, - "finding_info": { - "created_time": 1760903910, - "created_time_dt": "2025-10-19T19:58:30.348169", - "desc": "Implement SMB channel encryption with a secure algorithm for SMB file shares to ensure data confidentiality and integrity in transit.", - "title": "Ensure SMB channel encryption uses a secure algorithm for SMB file shares", - "types": [], - "uid": "prowler-azure-storage_smb_channel_encryption_with_secure_algorithm-3bb71587-4549-4396-8898-9e15f062e665-global-stcfistoragecad63808" - }, - "resources": [ - { - "cloud_partition": "AzureCloud", - "region": "global", - "data": { - "details": "", - "metadata": { - "id": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808/fileServices/default", - "name": "default", - "type": "Microsoft.Storage/storageAccounts/fileServices", - "share_delete_retention_policy": { - "enabled": true, - "days": 7 - }, - "smb_protocol_settings": { - "channel_encryption": [], - "supported_versions": [] - } - } - }, - "group": { - "name": "storage" - }, - "labels": [], - "name": "stcfistoragecad63808", - "type": "AzureStorageAccount", - "uid": "/subscriptions/3bb71587-4549-4396-8898-9e15f062e665/resourceGroups/rg-cfi-storage/providers/Microsoft.Storage/storageAccounts/stcfistoragecad63808/fileServices/default" - } - ], - "category_name": "Findings", - "class_name": "Detection Finding", - "cloud": { - "account": { - "name": "Azure subscription 1", - "type": "Azure AD Account", - "type_id": 6, - "uid": "3bb71587-4549-4396-8898-9e15f062e665", - "labels": [] - }, - "org": { - "name": "Unknown tenant domain (missing AAD permissions)", - "uid": "6a7cc8e9-8f46-4e6c-ac87-8d5841c99730" - }, - "provider": "azure", - "region": "global" - }, - "remediation": { - "desc": "Use the portal, CLI or PowerShell to set the SMB channel encryption to a secure algorithm.", - "references": [ - "https://learn.microsoft.com/en-us/azure/storage/files/files-smb-protocol?tabs=azure-portal#smb-security-settings" - ] - }, - "risk_details": "Not using the recommended SMB channel encryption may expose data transmitted over SMB channels to unauthorized interception and tampering.", - "time": 1760903910, - "time_dt": "2025-10-19T19:58:30.348169", - "type_uid": 200401, - "type_name": "Detection Finding: Create", - "category_uid": 2, - "class_uid": 2004 - } -] diff --git a/website/src/plugin/cfi-pages/index.ts b/website/src/plugin/cfi-pages/index.ts index 83e37e04..9d819fb3 100644 --- a/website/src/plugin/cfi-pages/index.ts +++ b/website/src/plugin/cfi-pages/index.ts @@ -5,12 +5,10 @@ import { HomePageData, Configuration, ConfigurationPageData, - RepositoryPageData, CFIConfigJson, CFISourceDetails, TestResultItem, TestResultType, - CFIRepository, CFIDataRepositoryEntry, ConfigurationResult, ConfigurationResultPageData, @@ -110,17 +108,26 @@ function withSourceDetails( return source_details ? { ...base, source_details } : { ...base }; } -async function createConfiguration(configDir: string, slug: string, repositoryData: CFIRepository, repoDir: string, siteDir: string, createData: (name: string, data: string | object) => Promise, addRoute: (route: any) => void): Promise { +async function createConfiguration( + configDir: string, + repoEntry: CFIDataRepositoryEntry, + siteDir: string, + createData: (name: string, data: string | object) => Promise, + addRoute: (route: any) => void +): Promise { console.log(`πŸ” Processing configuration directory: ${configDir}`); - const configId = path.basename(configDir); + const configFolderName = path.basename(configDir); + const repoDir = repoEntry.destination; const sourceDetails = loadSourceDetails(configDir); // Read the configuration file - const configPath = path.join(configDir, "config", `${configId}.json`); + const configPath = path.join(configDir, "config", `${configFolderName}.json`); console.log(`πŸ“ Config path: ${configPath}`); const config = JSON.parse(fs.readFileSync(configPath, "utf8")) as CFIConfigJson; + const configurationPath = `/cfi/${repoDir}/${config.id}`; + // Process OCSF results and partition by product, vendor, version const resultsDir = path.join(configDir, "results"); const partitionedResults = partitionOCSFResultsByMetadata(resultsDir); @@ -134,7 +141,7 @@ async function createConfiguration(configDir: string, slug: string, repositoryDa const configurationResultSummaries: ConfigurationResultSummary[] = []; // Directory for downloads in static folder - const staticDownloadsDir = path.join(siteDir, "static", "downloads", "cfi", repoDir, configId); + const staticDownloadsDir = path.join(siteDir, "static", "downloads", "cfi", repoDir, configFolderName); if (!fs.existsSync(staticDownloadsDir)) { fs.mkdirSync(staticDownloadsDir, { recursive: true }); } @@ -153,19 +160,19 @@ async function createConfiguration(configDir: string, slug: string, repositoryDa const isPaired = htmlFiles.includes(htmlFile); fs.copyFileSync(path.join(resultsDir, ocsfFile), path.join(staticDownloadsDir, ocsfFile)); - downloadLinks.push({ name: ocsfFile, url: `/downloads/cfi/${repoDir}/${configId}/${ocsfFile}`, type: "ocsf" }); + downloadLinks.push({ name: ocsfFile, url: `/downloads/cfi/${repoDir}/${configFolderName}/${ocsfFile}`, type: "ocsf" }); if (isPaired) { pairedHtml.add(htmlFile); fs.copyFileSync(path.join(resultsDir, htmlFile), path.join(staticDownloadsDir, htmlFile)); - downloadLinks.push({ name: htmlFile, url: `/downloads/cfi/${repoDir}/${configId}/${htmlFile}`, type: "html" }); + downloadLinks.push({ name: htmlFile, url: `/downloads/cfi/${repoDir}/${configFolderName}/${htmlFile}`, type: "html" }); } } for (const htmlFile of htmlFiles) { if (!pairedHtml.has(htmlFile)) { fs.copyFileSync(path.join(resultsDir, htmlFile), path.join(staticDownloadsDir, htmlFile)); - downloadLinks.push({ name: htmlFile, url: `/downloads/cfi/${repoDir}/${configId}/${htmlFile}`, type: "html" }); + downloadLinks.push({ name: htmlFile, url: `/downloads/cfi/${repoDir}/${configFolderName}/${htmlFile}`, type: "html" }); } } } @@ -180,7 +187,7 @@ async function createConfiguration(configDir: string, slug: string, repositoryDa // Generate a slug-friendly key const resultKey = `${configResult.vendor}-${configResult.product}-${configResult.version}`.toLowerCase().replace(/[^a-z0-9]+/g, "-"); - const resultSlug = `${slug}/${resultKey}`; + const resultSlug = `${configurationPath}/${resultKey}`; // Calculate summary statistics const totalTests = configResult.test_results.length; @@ -202,8 +209,8 @@ async function createConfiguration(configDir: string, slug: string, repositoryDa const configuration = withSourceDetails( { cfi_details: config, - repository: repositoryData, - slug, + results_destination: repoDir, + results_config_folder: configFolderName, results: configurationResults, }, sourceDetails @@ -215,7 +222,7 @@ async function createConfiguration(configDir: string, slug: string, repositoryDa configurationResult: configResult, }; - const resultJsonPath = await createData(`cfi-config-result-${repositoryData.name}-${config.id}-${resultKey}.json`, JSON.stringify(resultPageData, null, 2)); + const resultJsonPath = await createData(`cfi-config-result-${repoEntry.name}-${config.id}-${resultKey}.json`, JSON.stringify(resultPageData, null, 2)); // Add route for this ConfigurationResult page addRoute({ @@ -234,8 +241,8 @@ async function createConfiguration(configDir: string, slug: string, repositoryDa const configuration = withSourceDetails( { cfi_details: config, - repository: repositoryData, - slug, + results_destination: repoDir, + results_config_folder: configFolderName, results: configurationResults, }, sourceDetails @@ -247,11 +254,11 @@ async function createConfiguration(configDir: string, slug: string, repositoryDa configurationResultSummaries, }; - const jsonPath = await createData(`cfi-config-${repositoryData.name}-${config.id}.json`, JSON.stringify(pageData, null, 2)); + const jsonPath = await createData(`cfi-config-${repoEntry.name}-${config.id}.json`, JSON.stringify(pageData, null, 2)); // Add route for this configuration page addRoute({ - path: slug, + path: configurationPath, component: "@site/src/components/cfi/Configuration/index.tsx", modules: { pageData: jsonPath, @@ -259,7 +266,7 @@ async function createConfiguration(configDir: string, slug: string, repositoryDa exact: true, }); - console.log(`βœ… Created configuration page for ${configuration.cfi_details.id} at ${slug}`); + console.log(`βœ… Created configuration page for ${configuration.cfi_details.id} at ${configurationPath}`); return configuration; } @@ -293,12 +300,6 @@ export default function pluginCFIPages(context: LoadContext): Plugin { console.log(`Processing repository: ${repoDir}`); - const repositoryData: CFIRepository = { - name: repoEntry.name, - url: repoEntry.url, - description: repoEntry.description, - }; - // Find all configuration directories within this repository const configDirs = fs.readdirSync(repoPath).filter((dir) => { const configPath = path.join(repoPath, dir, "config"); @@ -307,42 +308,16 @@ export default function pluginCFIPages(context: LoadContext): Plugin { console.log(`Found ${configDirs.length} configurations in ${repoDir}:`, configDirs); - const repositoryConfigurations: Configuration[] = []; - for (const configDir of configDirs) { - const slug = "/cfi/" + repoDir + "/" + configDir; const fullConfigDir = path.join(repoPath, configDir); try { - const configuration = await createConfiguration(fullConfigDir, slug, repositoryData, repoDir, context.siteDir, createData, addRoute); + const configuration = await createConfiguration(fullConfigDir, repoEntry, context.siteDir, createData, addRoute); components.push(configuration); - repositoryConfigurations.push(configuration); } catch (error) { console.error(`Error processing configuration ${configDir} in ${repoDir}:`, error); } } - - // Create repository page - if (repositoryConfigurations.length > 0) { - const repositoryPageData: RepositoryPageData = { - repository: repositoryData, - configurations: repositoryConfigurations, - repositorySlug: repoDir, - }; - - const repositoryPagePath = await createData(`cfi-repository-${repoDir}.json`, JSON.stringify(repositoryPageData, null, 2)); - - addRoute({ - path: `/cfi/${repoDir}`, - component: "@site/src/components/cfi/Repository/index.tsx", - modules: { - pageData: repositoryPagePath, - }, - exact: true, - }); - - console.log(`βœ… Created repository page for ${repoDir} at /cfi/${repoDir}`); - } } // Create home page data diff --git a/website/src/types/cfi.ts b/website/src/types/cfi.ts index a29d66b7..ea09966c 100644 --- a/website/src/types/cfi.ts +++ b/website/src/types/cfi.ts @@ -58,22 +58,6 @@ export interface CFIConfigJson { git?: string; } -/** - * Repository identity from `cfi-repositories.json`; run/artifact timing lives in each - * configuration tree’s `source-details.json` (branch, repository URL/description from - * `cfi-repositories.json`, artifact metadata, download time). - */ -export interface CFIRepository { - name: string; - url: string; - description: string; - downloaded_at?: string; - artifact_name?: string; - workflow_run_id?: number; - workflow_status?: string; - workflow_conclusion?: string; -} - /** One row in `website/src/data/cfi-repositories.json`. */ export interface CFIDataRepositoryEntry { name: string; @@ -94,11 +78,14 @@ export interface CFISourceDetails { /** * These are downloaded from github actions, and contain the test results for a single configuration. + * Site route: `/cfi/{results_destination}/{cfi_details.id}` (last segment is the canonical config id). */ export interface Configuration { cfi_details: CFIConfigJson; - repository: CFIRepository; - slug: string; + /** `test-results//...` folder name (see `cfi-repositories.json` `destination`). */ + results_destination: string; + /** On-disk directory under `results_destination` (may differ from `cfi_details.id`, e.g. `*-main`). */ + results_config_folder: string; results: ConfigurationResult[]; source_details?: CFISourceDetails; } @@ -155,12 +142,6 @@ export interface ConfigurationResultPageData { configurationResult: ConfigurationResult; } -export interface RepositoryPageData { - repository: CFIRepository; - configurations: Configuration[]; - repositorySlug: string; -} - export interface RequirementLink { id: string; url: string; From a65948ad2f950877893081112c339e652a948fb5 Mon Sep 17 00:00:00 2001 From: Rob Moffat Date: Thu, 2 Apr 2026 14:23:36 +0100 Subject: [PATCH 10/14] Simplifying datastructures --- website/scripts/DownloadCFIArtifacts.ts | 24 ++++++------------ website/src/components/LearnMore/index.js | 4 +++ .../components/cfi/Configuration/index.tsx | 25 ++++++++++--------- website/src/components/cfi/Home/index.tsx | 10 ++++---- website/src/plugin/cfi-pages/index.ts | 15 ++++++----- website/src/types/cfi.ts | 24 ++++++++++++------ 6 files changed, 53 insertions(+), 49 deletions(-) diff --git a/website/scripts/DownloadCFIArtifacts.ts b/website/scripts/DownloadCFIArtifacts.ts index 30dfd441..9b31293f 100644 --- a/website/scripts/DownloadCFIArtifacts.ts +++ b/website/scripts/DownloadCFIArtifacts.ts @@ -3,6 +3,7 @@ import path from 'path'; import axios from 'axios'; import { exec } from 'child_process'; import { promisify } from 'util'; +import type { CFISourceDetails } from '../src/types/cfi'; const execAsync = promisify(exec); @@ -41,18 +42,6 @@ interface GitHubWorkflowRun { head_branch: string; } -/** Written alongside config/ and results/ for each extracted configuration tree. */ -export interface SourceDetailsFile { - branch: string; - /** From `cfi-repositories.json` for this download target. */ - repository_url: string; - /** From `cfi-repositories.json` for this download target. */ - repository_description: string; - artifact_url: string; - artifact_created_at: string; - downloaded_at: string; -} - interface GitHubWorkflowRuns { workflow_runs: GitHubWorkflowRun[]; } @@ -178,10 +167,12 @@ function buildSourceDetails( run: GitHubWorkflowRun, artifact: GitHubArtifact, downloadedAt: string, - repositoryInfo: CFIRepository -): SourceDetailsFile { + repositoryInfo: CFIRepository, + resultId: string +): CFISourceDetails { const artifactUrl = artifact.url?.trim() || artifact.archive_download_url; return { + result_id: resultId, branch: run.head_branch ?? 'unknown', repository_url: repositoryInfo.url, repository_description: repositoryInfo.description, @@ -191,7 +182,7 @@ function buildSourceDetails( }; } -function writeSourceDetails(extractDir: string, details: SourceDetailsFile): void { +function writeSourceDetails(extractDir: string, details: CFISourceDetails): void { const target = path.join(extractDir, 'source-details.json'); fs.writeFileSync(target, JSON.stringify(details, null, 2), 'utf8'); console.log(`πŸ“ Wrote ${path.basename(target)} for ${path.basename(extractDir)}`); @@ -240,7 +231,8 @@ async function unzipArtifact( alignConfigJsonWithExtractDir(extractDir, cleanName); - writeSourceDetails(extractDir, buildSourceDetails(run, artifact, downloadedAt, repositoryInfo)); + const resultId = path.basename(extractDir); + writeSourceDetails(extractDir, buildSourceDetails(run, artifact, downloadedAt, repositoryInfo, resultId)); const resultsDir = path.join(extractDir, 'results'); if (fs.existsSync(resultsDir)) { diff --git a/website/src/components/LearnMore/index.js b/website/src/components/LearnMore/index.js index 7ea261eb..3cab95d7 100644 --- a/website/src/components/LearnMore/index.js +++ b/website/src/components/LearnMore/index.js @@ -12,6 +12,10 @@ export default function LearnMore() {
Taming Multi-Cloud Security: Progress on Common Cloud Controls - Michael Lysaght & Sonali Mendis
+
+ +
Before You Build, Check What You Have: Practical Approaches To Assess Compliance - Santosh Maurya
+
Turn CCC into Real Checks: Multi-Cloud Security with Prowler + AI (OSFF NY Preview)
diff --git a/website/src/components/cfi/Configuration/index.tsx b/website/src/components/cfi/Configuration/index.tsx index 2fd7274d..9c543e30 100644 --- a/website/src/components/cfi/Configuration/index.tsx +++ b/website/src/components/cfi/Configuration/index.tsx @@ -8,7 +8,7 @@ import { formatGeneratedAt } from "@site/src/utils/formatGeneratedAt"; export default function CFIConfiguration({ pageData }: { pageData: ConfigurationPageData }): React.ReactElement { const { configuration, configurationResultSummaries } = pageData; - const { cfi_details, source_details, results_destination, results_config_folder } = configuration; + const { cfi_details, source_details, results_relative_path } = configuration; const complianceRepoUrl = source_details?.repository_url; const terraformUrl = @@ -48,6 +48,10 @@ export default function CFIConfiguration({ pageData }: { pageData: Configuration Name {cfi_details.name} + + Branch + {source_details.branch} + Description {cfi_details.description} @@ -106,11 +110,7 @@ export default function CFIConfiguration({ pageData }: { pageData: Configuration Test data folder - {results_destination} - - {" "} - / {results_config_folder} - + test-results/{results_relative_path} {source_details ? ( @@ -122,12 +122,7 @@ export default function CFIConfiguration({ pageData }: { pageData: Configuration Repository URL - + @@ -135,6 +130,12 @@ export default function CFIConfiguration({ pageData }: { pageData: Configuration + + Result ID + + {source_details.result_id} + + Branch {source_details.branch} diff --git a/website/src/components/cfi/Home/index.tsx b/website/src/components/cfi/Home/index.tsx index 90b6dfbb..257689b7 100644 --- a/website/src/components/cfi/Home/index.tsx +++ b/website/src/components/cfi/Home/index.tsx @@ -3,7 +3,7 @@ import Layout from "@theme/Layout"; import { Card, CardContent, CardHeader, CardTitle } from "../../ui/card"; import { Table, TableBody, TableCell, TableHead, TableHeader, TableRow } from "../../ui/table"; import Link from "@docusaurus/Link"; -import { Configuration, HomePageData } from "@site/src/types/cfi"; +import { HomePageData } from "@site/src/types/cfi"; import { formatGeneratedAt } from "@site/src/utils/formatGeneratedAt"; export default function CFIHomeTemplate({ pageData }: { pageData: HomePageData }) { @@ -49,14 +49,14 @@ export default function CFIHomeTemplate({ pageData }: { pageData: HomePageData } {sortedConfigurations.map((config) => { const s = config.source_details; - const resultsDestination = config.results_destination || "β€”"; - const configPagePath = `/cfi/${config.results_destination}/${config.cfi_details.id}`; + const resultsRel = config.results_relative_path || "β€”"; + const configPagePath = `/cfi/${config.results_relative_path}`; const sourceRepoUrl = s?.repository_url ?? ""; const sourceRepoDescription = s?.repository_description ?? ""; const externalGitUrl = s?.repository_url ?? config.cfi_details.git; return ( - + {config.cfi_details.id} @@ -73,7 +73,7 @@ export default function CFIHomeTemplate({ pageData }: { pageData: HomePageData } {s?.branch ?? "β€”"} - {resultsDestination} + {resultsRel}
diff --git a/website/src/plugin/cfi-pages/index.ts b/website/src/plugin/cfi-pages/index.ts index 9d819fb3..45ffec0a 100644 --- a/website/src/plugin/cfi-pages/index.ts +++ b/website/src/plugin/cfi-pages/index.ts @@ -126,7 +126,8 @@ async function createConfiguration( console.log(`πŸ“ Config path: ${configPath}`); const config = JSON.parse(fs.readFileSync(configPath, "utf8")) as CFIConfigJson; - const configurationPath = `/cfi/${repoDir}/${config.id}`; + const resultsRelativePath = path.posix.join(repoDir, configFolderName); + const configurationPath = `/cfi/${resultsRelativePath}`; // Process OCSF results and partition by product, vendor, version const resultsDir = path.join(configDir, "results"); @@ -209,8 +210,7 @@ async function createConfiguration( const configuration = withSourceDetails( { cfi_details: config, - results_destination: repoDir, - results_config_folder: configFolderName, + results_relative_path: resultsRelativePath, results: configurationResults, }, sourceDetails @@ -222,7 +222,7 @@ async function createConfiguration( configurationResult: configResult, }; - const resultJsonPath = await createData(`cfi-config-result-${repoEntry.name}-${config.id}-${resultKey}.json`, JSON.stringify(resultPageData, null, 2)); + const resultJsonPath = await createData(`cfi-config-result-${repoEntry.name}-${configFolderName}-${resultKey}.json`, JSON.stringify(resultPageData, null, 2)); // Add route for this ConfigurationResult page addRoute({ @@ -241,8 +241,7 @@ async function createConfiguration( const configuration = withSourceDetails( { cfi_details: config, - results_destination: repoDir, - results_config_folder: configFolderName, + results_relative_path: resultsRelativePath, results: configurationResults, }, sourceDetails @@ -254,7 +253,7 @@ async function createConfiguration( configurationResultSummaries, }; - const jsonPath = await createData(`cfi-config-${repoEntry.name}-${config.id}.json`, JSON.stringify(pageData, null, 2)); + const jsonPath = await createData(`cfi-config-${repoEntry.name}-${configFolderName}.json`, JSON.stringify(pageData, null, 2)); // Add route for this configuration page addRoute({ @@ -266,7 +265,7 @@ async function createConfiguration( exact: true, }); - console.log(`βœ… Created configuration page for ${configuration.cfi_details.id} at ${configurationPath}`); + console.log(`βœ… Created configuration page for ${configFolderName} (${configuration.cfi_details.id}) at ${configurationPath}`); return configuration; } diff --git a/website/src/types/cfi.ts b/website/src/types/cfi.ts index ea09966c..71ae5da9 100644 --- a/website/src/types/cfi.ts +++ b/website/src/types/cfi.ts @@ -46,7 +46,8 @@ export interface TestResultEntry { } /** - * Populated from the json file inside the config directory of each test result. + * Populated from the json file inside the config directory of each test result, created when + * CFI runs and delivered in the artifact. */ export interface CFIConfigJson { id: string; @@ -58,7 +59,10 @@ export interface CFIConfigJson { git?: string; } -/** One row in `website/src/data/cfi-repositories.json`. */ +/** + * One row in `website/src/data/cfi-repositories.json`. + * This is the list of repositories we attempt to download CFI results from. + */ export interface CFIDataRepositoryEntry { name: string; url: string; @@ -66,8 +70,14 @@ export interface CFIDataRepositoryEntry { destination: string; } -/** From each configuration tree’s `source-details.json` (written by the CFI download script). */ +/** + * Shape of each configuration tree’s `source-details.json`, written by `scripts/DownloadCFIArtifacts.ts`. + * Repository URL/description duplicate the matching `cfi-repositories.json` row at fetch time. + * This is created by the downloader. + */ export interface CFISourceDetails { + /** Config folder name (last segment of `results_relative_path`); written by the artifact downloader. */ + result_id: string; branch: string; repository_url: string; repository_description: string; @@ -78,14 +88,12 @@ export interface CFISourceDetails { /** * These are downloaded from github actions, and contain the test results for a single configuration. - * Site route: `/cfi/{results_destination}/{cfi_details.id}` (last segment is the canonical config id). + * Site route: `/cfi/` β€” same path shape as under `website/src/data/test-results/`. */ export interface Configuration { cfi_details: CFIConfigJson; - /** `test-results//...` folder name (see `cfi-repositories.json` `destination`). */ - results_destination: string; - /** On-disk directory under `results_destination` (may differ from `cfi_details.id`, e.g. `*-main`). */ - results_config_folder: string; + /** Relative path: `cfi-repositories` `destination` + config folder (e.g. `finos-labs-ccc-cfi-compliance/azure-storage-account-main`). */ + results_relative_path: string; results: ConfigurationResult[]; source_details?: CFISourceDetails; } From 2daba555d6604413450898747b07a5151194a68f Mon Sep 17 00:00:00 2001 From: Rob Moffat Date: Thu, 2 Apr 2026 14:33:03 +0100 Subject: [PATCH 11/14] Fixed unused / missing core requirements bug --- .../cfi/ConfigurationResult/index.tsx | 50 +++++++++++++++---- 1 file changed, 41 insertions(+), 9 deletions(-) diff --git a/website/src/components/cfi/ConfigurationResult/index.tsx b/website/src/components/cfi/ConfigurationResult/index.tsx index 89d6ce14..4335ed61 100644 --- a/website/src/components/cfi/ConfigurationResult/index.tsx +++ b/website/src/components/cfi/ConfigurationResult/index.tsx @@ -33,6 +33,39 @@ function intersect(setA: Set, setB: Set): Set { return new Set([...setA].filter((x) => setB.has(x))); } +/** Catalog IDs from test results excluding CCC.Core (shared imports, not a service catalog). */ +function serviceCatalogsFromTests(testedRequirementsByCatalog: Map>): string[] { + return [...testedRequirementsByCatalog.keys()].filter((id) => id !== "CCC.Core"); +} + +/** + * Whether an assessment requirement from `release` counts toward the "necessary" set. + * When service catalogs are known from tests, only those releases contribute (e.g. only CCC.ObjStor + * for object-storage runs), so Core ARs from other catalogs (Logging, VM, …) are excluded. + */ +function shouldAddToNecessaryRequirementIds( + release: { metadata: { id: string } }, + catalogId: string, + serviceCatalogIds: string[], + useServiceCatalogScope: boolean, + testedRequirementsByCatalog: Map> +): boolean { + if (release.metadata.id === "CCC.Core") { + return false; + } + if (useServiceCatalogScope && !serviceCatalogIds.includes(release.metadata.id)) { + return false; + } + if (testedRequirementsByCatalog.has(catalogId)) { + return true; + } + // Core controls inlined under a scoped service release belong to that catalog bundle. + if (catalogId === "CCC.Core" && serviceCatalogIds.includes(release.metadata.id)) { + return true; + } + return false; +} + function convertToLink(reqId: string, releases: any[]): RequirementLink { let title = reqId; let catalogId = extractCatalogId(reqId); @@ -71,6 +104,9 @@ function generateCatalogSummary(testResults: TestResultItem[], releases: any[]): // Now collect up all the requirements by catalog const allRequirementsByCatalog = new Map>(); const allNecessaryRequirementIds = new Set(); + const serviceCatalogIds = serviceCatalogsFromTests(testedRequirementsByCatalog); + const useServiceCatalogScope = serviceCatalogIds.length > 0; + releases.forEach((release) => { release.controls.forEach((control) => { control.test_requirements?.forEach((req) => { @@ -83,20 +119,16 @@ function generateCatalogSummary(testResults: TestResultItem[], releases: any[]): // this means we only include non-imported requirements allRequirementsByCatalog.get(catalogId)!.add(req.id); } - - // this keeps track of which requirements are imported. - if (release.metadata.id != "CCC.Core") { - allNecessaryRequirementIds.add(req.id); - } + } + if ( + shouldAddToNecessaryRequirementIds(release, catalogId, serviceCatalogIds, useServiceCatalogScope, testedRequirementsByCatalog) + ) { + allNecessaryRequirementIds.add(req.id); } }); }); }); - console.log("Tested requirements by catalog", testedRequirementsByCatalog); - console.log("All requirements by catalog", allRequirementsByCatalog); - console.log("All necessary requirement ids", allNecessaryRequirementIds); - // Now for each unique catalog ID, count this test result once and collect all resources const catalogsInThisResult = Array.from(allRequirementsByCatalog.keys()); const summaries = catalogsInThisResult.map((catalogId) => { From 456965aadbf9fb1e4e3402247beac1787ab8dd9a Mon Sep 17 00:00:00 2001 From: Rob Moffat Date: Thu, 2 Apr 2026 14:48:06 +0100 Subject: [PATCH 12/14] fixed breadcrumb issue --- website/src/components/Breadcrumb/index.tsx | 41 +++++++++++++++++++-- 1 file changed, 37 insertions(+), 4 deletions(-) diff --git a/website/src/components/Breadcrumb/index.tsx b/website/src/components/Breadcrumb/index.tsx index 5858b919..df078eda 100644 --- a/website/src/components/Breadcrumb/index.tsx +++ b/website/src/components/Breadcrumb/index.tsx @@ -1,5 +1,32 @@ import { useLocation } from "@docusaurus/router"; import Link from "@docusaurus/Link"; +import routes from "@generated/routes"; + +type DocusaurusRouteConfig = { path?: string; routes?: DocusaurusRouteConfig[] }; + +function collectRegisteredPaths(routeList: DocusaurusRouteConfig[]): string[] { + const out: string[] = []; + for (const entry of routeList) { + if (typeof entry.path === "string") { + out.push(entry.path); + } + if (Array.isArray(entry.routes)) { + out.push(...collectRegisteredPaths(entry.routes)); + } + } + return out; +} + +/** Paths Docusaurus registered at build time (docs, plugins, etc.). */ +const KNOWN_ROUTE_PATHS = new Set(collectRegisteredPaths(routes as DocusaurusRouteConfig[])); + +function isRegisteredRoute(pathname: string): boolean { + const normalized = pathname.endsWith("/") && pathname.length > 1 ? pathname.slice(0, -1) : pathname; + if (KNOWN_ROUTE_PATHS.has(normalized)) { + return true; + } + return KNOWN_ROUTE_PATHS.has(`${normalized}/`); +} const Breadcrumb = () => { const location = useLocation(); @@ -13,12 +40,18 @@ const Breadcrumb = () => { {pathParts.map((part, index) => { const to = "/" + pathParts.slice(0, index + 1).join("/"); const isLastPart = index === pathParts.length - 1; + const showLink = !isLastPart && isRegisteredRoute(to); + return ( {" > "} - - {format(part)} - + {showLink ? ( + + {format(part)} + + ) : ( + {format(part)} + )} ); })} @@ -34,4 +67,4 @@ const format = (part: string): string => { } return part; -} +}; From 6ab7c0294e6fdb3475731bd6c96866d7c9d48409 Mon Sep 17 00:00:00 2001 From: Rob Moffat Date: Wed, 8 Apr 2026 10:07:29 +0100 Subject: [PATCH 13/14] Fixing anchor link warning, fixed catalog generation where some files are missing --- website/scripts/GenerateReleaseCatalogs.ts | 53 +++++++++++--------- website/src/components/ccc/Control/index.tsx | 52 +++++++++++-------- 2 files changed, 60 insertions(+), 45 deletions(-) diff --git a/website/scripts/GenerateReleaseCatalogs.ts b/website/scripts/GenerateReleaseCatalogs.ts index 4a15a735..7b0b7749 100644 --- a/website/scripts/GenerateReleaseCatalogs.ts +++ b/website/scripts/GenerateReleaseCatalogs.ts @@ -9,6 +9,14 @@ const CATALOGS_DIR = path.join(__dirname, '../../catalogs'); const OUTPUT_DIR = path.join(__dirname, '../src/data/ccc-releases'); const DELIVERY_TOOLKIT_DIR = path.join(__dirname, '../../delivery-toolkit'); +/** Must all exist for generate-release-artifacts; partial dirs are skipped (matches delivery-toolkit loadCatalog). */ +const REQUIRED_CATALOG_FILES = [ + 'metadata.yaml', + 'controls.yaml', + 'capabilities.yaml', + 'threats.yaml', +] as const; + interface CatalogDirectory { category: string; service: string; @@ -137,30 +145,29 @@ async function discoverCatalogDirectories(): Promise { const releaseDetailsPath = path.join(servicePath, 'release-details.yaml'); const hasReleaseDetails = fs.existsSync(releaseDetailsPath); - // Check if this directory has the required catalog files (controls.yaml, capabilities.yaml, etc.) - const hasControls = fs.existsSync(path.join(servicePath, 'controls.yaml')); - const hasCapabilities = fs.existsSync(path.join(servicePath, 'capabilities.yaml')); - const hasThreats = fs.existsSync(path.join(servicePath, 'threats.yaml')); - - // Only include directories that look like valid catalogs - const isValidCatalog = hasControls || hasCapabilities || hasThreats; - - if (isValidCatalog) { - catalogs.push({ - category, - service, - fullPath: servicePath, - hasReleaseDetails, - needsDevReleaseDetails: true // Always create DEV version - }); - - if (hasReleaseDetails) { - console.log(` βœ… Found with release details: ${category}/${service} (will also create DEV version)`); - } else { - console.log(` πŸ”§ Will create DEV version: ${category}/${service}`); - } + const missingRequired = REQUIRED_CATALOG_FILES.filter( + (f) => !fs.existsSync(path.join(servicePath, f)) + ); + + if (missingRequired.length > 0) { + console.log( + ` ⏭️ Skipping incomplete catalog: ${category}/${service} (missing: ${missingRequired.join(', ')})` + ); + continue; + } + + catalogs.push({ + category, + service, + fullPath: servicePath, + hasReleaseDetails, + needsDevReleaseDetails: true // Always create DEV version + }); + + if (hasReleaseDetails) { + console.log(` βœ… Found with release details: ${category}/${service} (will also create DEV version)`); } else { - console.log(` ⏭️ Skipping non-catalog: ${category}/${service}`); + console.log(` πŸ”§ Will create DEV version: ${category}/${service}`); } } } diff --git a/website/src/components/ccc/Control/index.tsx b/website/src/components/ccc/Control/index.tsx index dcd1b1c0..87df7a53 100644 --- a/website/src/components/ccc/Control/index.tsx +++ b/website/src/components/ccc/Control/index.tsx @@ -1,6 +1,7 @@ import React from "react"; import Layout from "@theme/Layout"; import Link from "@docusaurus/Link"; +import useBrokenLinks from "@docusaurus/useBrokenLinks"; import { Card, CardContent, CardHeader, CardTitle } from "../../ui/card"; import { Badge } from "../../ui/badge"; import { ControlPageData } from "@site/src/types/ccc"; @@ -11,6 +12,7 @@ import { Table, TableBody, TableCell, TableHead, TableHeader, TableRow } from ". export default function CCCControlTemplate({ pageData }: { pageData: ControlPageData }) { const { control, releaseTitle, releaseSlug, related_threats, related_capabilities } = pageData; + const brokenLinks = useBrokenLinks(); return ( @@ -65,28 +67,34 @@ export default function CCCControlTemplate({ pageData }: { pageData: ControlPage - {control.test_requirements.map((tr) => ( - - - - {tr.id} - - {tr.text} - - {tr.applicability?.length > 0 ? ( -
- {tr.applicability.map((level) => ( - - {level} - - ))} -
- ) : ( - - - )} - - - ))} + {control.test_requirements.map((tr) => { + const anchorId = tr.id.split(".").pop()?.toLowerCase(); + if (anchorId) { + brokenLinks.collectAnchor(anchorId); + } + return ( + + + + {tr.id} + + {tr.text} + + {tr.applicability?.length > 0 ? ( +
+ {tr.applicability.map((level) => ( + + {level} + + ))} +
+ ) : ( + - + )} + + + ); + })} From fb1967bbda96180cbcd3604b30a810b45e3ec31e Mon Sep 17 00:00:00 2001 From: Rob Moffat Date: Thu, 9 Apr 2026 11:51:42 +0100 Subject: [PATCH 14/14] Reducing memory footprint --- .../src/components/ccc/Component/index.tsx | 7 ++-- website/src/components/ccc/Home/index.tsx | 8 ---- website/src/plugin/ccc-pages/index.ts | 40 ++++++++++++++----- website/src/plugin/cfi-pages/index.ts | 6 +-- website/src/types/ccc.ts | 28 +++++++++++-- website/src/utils/cccDataLookup.ts | 4 -- 6 files changed, 62 insertions(+), 31 deletions(-) diff --git a/website/src/components/ccc/Component/index.tsx b/website/src/components/ccc/Component/index.tsx index a6ec10d5..82372183 100644 --- a/website/src/components/ccc/Component/index.tsx +++ b/website/src/components/ccc/Component/index.tsx @@ -8,7 +8,6 @@ import { ComponentPageData } from "@site/src/types/ccc"; export default function CCCComponentTemplate({ pageData }: { pageData: ComponentPageData }) { const { component } = pageData; - const latestRelease = component.releases[0]; // Releases are sorted by version, so first is latest return ( @@ -40,9 +39,9 @@ export default function CCCComponentTemplate({ pageData }: { pageData: Component
{release.metadata.release_details?.[0]?.contributors?.length > 0 ? release.metadata.release_details[0].contributors.map((contributor, index) => ) : N/A}
 - {release.controls.length} - {release.threats.length} - {release.capabilities.length} + {release.controlsCount} + {release.threatsCount} + {release.capabilitiesCount} ))} diff --git a/website/src/components/ccc/Home/index.tsx b/website/src/components/ccc/Home/index.tsx index 14295840..195e3755 100644 --- a/website/src/components/ccc/Home/index.tsx +++ b/website/src/components/ccc/Home/index.tsx @@ -9,14 +9,6 @@ import { formatGeneratedAt } from "@site/src/utils/formatGeneratedAt"; export default function CCCHomeTemplate({ pageData }: { pageData: HomePageData }) { const { components } = pageData; - // Flatten all releases into a single array with component title - const allReleases = components.flatMap((component) => - component.releases.map((release) => ({ - ...release, - componentTitle: component.title, - slug: `/ccc/${release.metadata.id}/${release.metadata.version}`, - })) - ); // Transform components into a summary list const componentSummaries = components.map((component) => { const allDetails = component.releases.flatMap((r) => r.metadata.release_details || []); diff --git a/website/src/plugin/ccc-pages/index.ts b/website/src/plugin/ccc-pages/index.ts index 83df2d9f..467d4b56 100644 --- a/website/src/plugin/ccc-pages/index.ts +++ b/website/src/plugin/ccc-pages/index.ts @@ -198,8 +198,20 @@ function createComponentPageData(component: Component): ComponentPageData { const componentSlug = `/ccc/${component.id}`; return { - component, - related_releases: component.releases, + component: { + id: component.id, + title: component.title, + releases: component.releases.map((r) => ({ + metadata: { + id: r.metadata.id, + version: r.metadata.version, + release_details: r.metadata.release_details, + }, + controlsCount: r.controls.length, + threatsCount: r.threats.length, + capabilitiesCount: r.capabilities.length, + })), + }, releaseTitle: component.releases[0]?.metadata.title || component.title, releaseSlug: component.releases[0] ? `/ccc/${component.id}/${component.releases[0].metadata.version}` : componentSlug, slug: componentSlug, @@ -291,7 +303,7 @@ export default function pluginCCCPages(_: LoadContext): Plugin { // Create control pages for (const release of cccReleases) { for (const control of release.controls) { - const controlPageData = createControlPageData(control, release, cccReleases); + const controlPageData = createControlPageData(control, release); await pageCreator.createPage(controlPageData, controlPageData.slug, '@site/src/components/ccc/Control/index.tsx'); } } @@ -299,7 +311,7 @@ export default function pluginCCCPages(_: LoadContext): Plugin { // Create capability pages for (const release of cccReleases) { for (const capability of release.capabilities) { - const capabilityPageData = createCapabilityPageData(capability, release, cccReleases); + const capabilityPageData = createCapabilityPageData(capability, release); await pageCreator.createPage(capabilityPageData, capabilityPageData.slug, '@site/src/components/ccc/Capability/index.tsx'); } } @@ -307,7 +319,7 @@ export default function pluginCCCPages(_: LoadContext): Plugin { // Create threat pages for (const release of cccReleases) { for (const threat of release.threats) { - const threatPageData = createThreatPageData(threat, release, cccReleases); + const threatPageData = createThreatPageData(threat, release); await pageCreator.createPage(threatPageData, threatPageData.slug, '@site/src/components/ccc/Threat/index.tsx'); } } @@ -318,19 +330,29 @@ export default function pluginCCCPages(_: LoadContext): Plugin { await pageCreator.createPage(componentPageData, componentPageData.slug, '@site/src/components/ccc/Component/index.tsx'); } - // Create home page + // Create home page (slim payload: metadata only per release, not full catalogs) const homePageData: HomePageData = { - components: Object.values(components), + components: Object.values(components).map((c) => ({ + id: c.id, + title: c.title, + releases: c.releases.map((r) => ({ + metadata: { + id: r.metadata.id, + version: r.metadata.version, + release_details: r.metadata.release_details, + }, + })), + })), generatedAt: new Date().toISOString(), }; await pageCreator.createPage(homePageData, '/ccc', '@site/src/components/ccc/Home/index.tsx'); console.log('Step 2 complete: All page data created with relationships'); + // Only what client code needs (see useCCCData). Omit raw YAML and component trees β€” they + // duplicate cccReleases and blow Netlify build heap during globalData serialization. setGlobalData({ 'ccc-releases': cccReleases, - 'ccc-components': Object.values(components), - 'ccc-release-yaml': content }); }, }; diff --git a/website/src/plugin/cfi-pages/index.ts b/website/src/plugin/cfi-pages/index.ts index 45ffec0a..300765a5 100644 --- a/website/src/plugin/cfi-pages/index.ts +++ b/website/src/plugin/cfi-pages/index.ts @@ -222,7 +222,7 @@ async function createConfiguration( configurationResult: configResult, }; - const resultJsonPath = await createData(`cfi-config-result-${repoEntry.name}-${configFolderName}-${resultKey}.json`, JSON.stringify(resultPageData, null, 2)); + const resultJsonPath = await createData(`cfi-config-result-${repoEntry.name}-${configFolderName}-${resultKey}.json`, JSON.stringify(resultPageData)); // Add route for this ConfigurationResult page addRoute({ @@ -253,7 +253,7 @@ async function createConfiguration( configurationResultSummaries, }; - const jsonPath = await createData(`cfi-config-${repoEntry.name}-${configFolderName}.json`, JSON.stringify(pageData, null, 2)); + const jsonPath = await createData(`cfi-config-${repoEntry.name}-${configFolderName}.json`, JSON.stringify(pageData)); // Add route for this configuration page addRoute({ @@ -325,7 +325,7 @@ export default function pluginCFIPages(context: LoadContext): Plugin { generatedAt: new Date().toISOString(), }; - const homePagePath = await createData("cfi-home.json", JSON.stringify(homePageData, null, 2)); + const homePagePath = await createData("cfi-home.json", JSON.stringify(homePageData)); addRoute({ path: "/cfi", diff --git a/website/src/types/ccc.ts b/website/src/types/ccc.ts index 1348cd0b..a9c52e03 100644 --- a/website/src/types/ccc.ts +++ b/website/src/types/ccc.ts @@ -131,13 +131,35 @@ export interface ReleasePageData extends PageData { release_details: ReleaseDetails; } +/** Per-release row on the component overview table (counts only β€” avoids duplicating full catalogs). */ +export interface ComponentTableRelease { + metadata: Pick; + controlsCount: number; + threatsCount: number; + capabilitiesCount: number; +} + export interface ComponentPageData extends PageData { - component: Component; - related_releases: Release[]; + component: { + id: string; + title: string; + releases: ComponentTableRelease[]; + }; +} + +/** Minimal release metadata for the CCC home listing. */ +export interface HomeReleaseStub { + metadata: Pick; +} + +export interface HomeComponentStub { + id: string; + title: string; + releases: HomeReleaseStub[]; } export interface HomePageData { - components: Component[]; + components: HomeComponentStub[]; /** ISO 8601 timestamp when this page data was produced (site build time). */ generatedAt: string; } diff --git a/website/src/utils/cccDataLookup.ts b/website/src/utils/cccDataLookup.ts index 828ebf23..780bf082 100644 --- a/website/src/utils/cccDataLookup.ts +++ b/website/src/utils/cccDataLookup.ts @@ -7,14 +7,10 @@ import { Release, Control, AssessmentRequirement } from '@site/src/types/ccc'; export function useCCCData() { const cccData = usePluginData('ccc-pages') as { 'ccc-releases': Release[]; - 'ccc-components': any[]; - 'ccc-release-yaml': any[]; } | undefined; return { releases: cccData?.['ccc-releases'] || [], - components: cccData?.['ccc-components'] || [], - releaseYaml: cccData?.['ccc-release-yaml'] || [] }; }